From 5986ca26fec02ff1fbebee0dba33b91c04288b88 Mon Sep 17 00:00:00 2001
From: Timotheus Pokorra <timotheus.pokorra@solidcharity.com>
Date: Tue, 18 Jul 2023 10:58:57 +0200
Subject: [PATCH 01/32] README: add instructions to install jdk 17 and gradle
7.6.2 on Ubuntu 22.02
---
README.md | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/README.md b/README.md
index 1106e9da..4ce7c081 100644
--- a/README.md
+++ b/README.md
@@ -56,6 +56,20 @@ To be able to build and run the Java Spring Boot application, you need the follo
(JDK 17.x will be automatically installed by Gradle toolchain support)
- Gradle in some not too outdated version (7.4 will be installed via wrapper)
+For Ubuntu 22.02:
+
+ sudo apt install -y openjdk-17-jdk
+ # see https://gradle.org/releases/ for direct link to current release 7.2.6
+ export VERSION=7.2.6
+ wget https://services.gradle.org/distributions/gradle-7.2.6-bin.zip?-.... -O gradle-${VERSION}-bin.zip
+ sudo unzip -d /opt/gradle gradle-${VERSION}-bin.zip
+ cd /opt/gradle && sudo ln -s gradle-${VERSION} latest && cd -
+ sudo nano /etc/profile.d/gradle.sh
+ export GRADLE_HOME=/opt/gradle/latest
+ export PATH=${GRADLE_HOME}/bin:${PATH}
+ sudo chmod +x /etc/profile.d/gradle.sh
+ source /etc/profile.d/gradle.sh
+
You also might need an IDE (e.g. *IntelliJ IDEA* or *Eclipse* or *VS Code* with *[STS](https://spring.io/tools)* and a GUI Frontend for *PostgreSQL* like *Postbird*.
If you have at least Docker, the Java JDK and Gradle installed in appropriate versions and in your `PATH`, then you can start like this:
From 796d1a0991e2e6301bd07beedce14226a5d3830f Mon Sep 17 00:00:00 2001
From: Timotheus Pokorra <timotheus.pokorra@solidcharity.com>
Date: Wed, 19 Jul 2023 09:43:06 +0200
Subject: [PATCH 02/32] README: use gradlew instead of gradle wrapper
add instructions for starting the postgresql docker container if the
container has been built already
---
README.md | 20 +++++---------------
1 file changed, 5 insertions(+), 15 deletions(-)
diff --git a/README.md b/README.md
index 4ce7c081..7d9b9a91 100644
--- a/README.md
+++ b/README.md
@@ -56,32 +56,22 @@ To be able to build and run the Java Spring Boot application, you need the follo
(JDK 17.x will be automatically installed by Gradle toolchain support)
- Gradle in some not too outdated version (7.4 will be installed via wrapper)
-For Ubuntu 22.02:
-
- sudo apt install -y openjdk-17-jdk
- # see https://gradle.org/releases/ for direct link to current release 7.2.6
- export VERSION=7.2.6
- wget https://services.gradle.org/distributions/gradle-7.2.6-bin.zip?-.... -O gradle-${VERSION}-bin.zip
- sudo unzip -d /opt/gradle gradle-${VERSION}-bin.zip
- cd /opt/gradle && sudo ln -s gradle-${VERSION} latest && cd -
- sudo nano /etc/profile.d/gradle.sh
- export GRADLE_HOME=/opt/gradle/latest
- export PATH=${GRADLE_HOME}/bin:${PATH}
- sudo chmod +x /etc/profile.d/gradle.sh
- source /etc/profile.d/gradle.sh
-
You also might need an IDE (e.g. *IntelliJ IDEA* or *Eclipse* or *VS Code* with *[STS](https://spring.io/tools)* and a GUI Frontend for *PostgreSQL* like *Postbird*.
If you have at least Docker, the Java JDK and Gradle installed in appropriate versions and in your `PATH`, then you can start like this:
cd your-hsadmin-ng-directory
- gradle wrapper # downloads the configured Gradle version into the project
+ ./gradlew # downloads the configured Gradle version into the project
source .aliases # creates some comforable bash aliases, e.g. 'gw'='./gradlew'
gw test # compiles and runs unit- and integration-tests
+ # if the container has not been built yet, run this:
pg-sql-run # downloads + runs PostgreSQL in a Docker container on localhost:5432
+ # if the container has been built already, run this:
+ docker start hsadmin-ng-postgres
+
gw bootRun # compiles and runs the application on localhost:8080
# the following command should reply with "pong":
From 51c658cdc74196d60d1899a6fb8c4c23fd407c4c Mon Sep 17 00:00:00 2001
From: Timotheus Pokorra <timotheus.pokorra@solidcharity.com>
Date: Wed, 19 Jul 2023 14:19:54 +0200
Subject: [PATCH 03/32] no need to install gradle anymore
---
README.md | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 7d9b9a91..9a0a4b6f 100644
--- a/README.md
+++ b/README.md
@@ -52,9 +52,8 @@ To be able to build and run the Java Spring Boot application, you need the follo
- Docker 20.x (on MacOS you also need *Docker Desktop* or similar)
- PostgreSQL Server 13.7-bullseye
(see instructions below to install and run in Docker)
-- Java JDK at least recent enough to run Gradle
+- Java JDK at least recent enough to run Gradle Wrapper (gradlew)
(JDK 17.x will be automatically installed by Gradle toolchain support)
-- Gradle in some not too outdated version (7.4 will be installed via wrapper)
You also might need an IDE (e.g. *IntelliJ IDEA* or *Eclipse* or *VS Code* with *[STS](https://spring.io/tools)* and a GUI Frontend for *PostgreSQL* like *Postbird*.
From 0edc2cca91c5b4d31f29c739ad938e2781c7651d Mon Sep 17 00:00:00 2001
From: Timotheus Pokorra <timotheus.pokorra@solidcharity.com>
Date: Mon, 4 Sep 2023 20:23:57 +0200
Subject: [PATCH 04/32] add dependancy for swagger-ui / springdoc-openapi
according to
https://www.baeldung.com/spring-rest-openapi-documentation and
https://central.sonatype.com/artifact/org.springdoc/springdoc-openapi-starter-webmvc-ui/2.2.0
---
build.gradle | 1 +
1 file changed, 1 insertion(+)
diff --git a/build.gradle b/build.gradle
index 29ad0e23..1be9d95f 100644
--- a/build.gradle
+++ b/build.gradle
@@ -67,6 +67,7 @@ dependencies {
implementation 'org.apache.commons:commons-text:1.10.0'
implementation 'org.modelmapper:modelmapper:3.1.0'
implementation 'org.iban4j:iban4j:3.2.3-RELEASE'
+ implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.2.0'
compileOnly 'org.projectlombok:lombok'
testCompileOnly 'org.projectlombok:lombok'
From 1c19afefa6150a053ad2909bb7c77a5b7ee4b7a2 Mon Sep 17 00:00:00 2001
From: Timotheus Pokorra <timotheus.pokorra@solidcharity.com>
Date: Mon, 4 Sep 2023 20:37:40 +0200
Subject: [PATCH 05/32] avoid error in openapi for ambigous mapping for
findRelationshipRelatedToPersonUuid
---
.../hs/office/relationship/HsOfficeRelationshipRepository.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipRepository.java b/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipRepository.java
index 8b9e10fe..a55f2272 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipRepository.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipRepository.java
@@ -20,7 +20,7 @@ public interface HsOfficeRelationshipRepository extends Repository<HsOfficeRelat
SELECT p.* FROM hs_office_relationship_rv AS p
WHERE p.relAnchorUuid = :personUuid OR p.relHolderUuid = :personUuid
""", nativeQuery = true)
- List<HsOfficeRelationshipEntity> findRelationshipRelatedToPersonUuid(@NotNull UUID personUuid);
+ List<HsOfficeRelationshipEntity> findRelationshipRelatedToPersonUuid2(@NotNull UUID personUuid);
@Query(value = """
SELECT p.* FROM hs_office_relationship_rv AS p
From bdac90595833265eb42f0e55b2bb00399ce50c25 Mon Sep 17 00:00:00 2001
From: Timotheus Pokorra <timotheus.pokorra@solidcharity.com>
Date: Tue, 2 Jan 2024 09:50:02 +0100
Subject: [PATCH 06/32] adjust README
---
README.md | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index 9a0a4b6f..0151c326 100644
--- a/README.md
+++ b/README.md
@@ -52,8 +52,9 @@ To be able to build and run the Java Spring Boot application, you need the follo
- Docker 20.x (on MacOS you also need *Docker Desktop* or similar)
- PostgreSQL Server 13.7-bullseye
(see instructions below to install and run in Docker)
-- Java JDK at least recent enough to run Gradle Wrapper (gradlew)
+- Java JDK at least recent enough to run Gradle
(JDK 17.x will be automatically installed by Gradle toolchain support)
+- Gradle in some not too outdated version (7.4 will be installed via wrapper)
You also might need an IDE (e.g. *IntelliJ IDEA* or *Eclipse* or *VS Code* with *[STS](https://spring.io/tools)* and a GUI Frontend for *PostgreSQL* like *Postbird*.
@@ -61,7 +62,7 @@ If you have at least Docker, the Java JDK and Gradle installed in appropriate ve
cd your-hsadmin-ng-directory
- ./gradlew # downloads the configured Gradle version into the project
+ gradle wrapper # downloads the configured Gradle version into the project
source .aliases # creates some comforable bash aliases, e.g. 'gw'='./gradlew'
gw test # compiles and runs unit- and integration-tests
@@ -69,7 +70,7 @@ If you have at least Docker, the Java JDK and Gradle installed in appropriate ve
# if the container has not been built yet, run this:
pg-sql-run # downloads + runs PostgreSQL in a Docker container on localhost:5432
# if the container has been built already, run this:
- docker start hsadmin-ng-postgres
+ pg-sql-start
gw bootRun # compiles and runs the application on localhost:8080
From 70d73d8caaacc0e77a0c9d90bf9783dc98236ab1 Mon Sep 17 00:00:00 2001
From: Timotheus Pokorra <timotheus.pokorra@solidcharity.com>
Date: Tue, 2 Jan 2024 10:30:52 +0100
Subject: [PATCH 07/32] added gradlew again
---
README.md | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 0151c326..13a10ad0 100644
--- a/README.md
+++ b/README.md
@@ -54,7 +54,6 @@ To be able to build and run the Java Spring Boot application, you need the follo
(see instructions below to install and run in Docker)
- Java JDK at least recent enough to run Gradle
(JDK 17.x will be automatically installed by Gradle toolchain support)
-- Gradle in some not too outdated version (7.4 will be installed via wrapper)
You also might need an IDE (e.g. *IntelliJ IDEA* or *Eclipse* or *VS Code* with *[STS](https://spring.io/tools)* and a GUI Frontend for *PostgreSQL* like *Postbird*.
@@ -62,7 +61,7 @@ If you have at least Docker, the Java JDK and Gradle installed in appropriate ve
cd your-hsadmin-ng-directory
- gradle wrapper # downloads the configured Gradle version into the project
+ ./gradlew # downloads the configured Gradle version into the project
source .aliases # creates some comforable bash aliases, e.g. 'gw'='./gradlew'
gw test # compiles and runs unit- and integration-tests
From 95457980d851a20ce518c1816dde97c23463cd06 Mon Sep 17 00:00:00 2001
From: Timotheus Pokorra <timotheus.pokorra@solidcharity.com>
Date: Tue, 2 Jan 2024 10:35:47 +0100
Subject: [PATCH 08/32] use alias gw
---
README.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 13a10ad0..c184591f 100644
--- a/README.md
+++ b/README.md
@@ -61,8 +61,8 @@ If you have at least Docker, the Java JDK and Gradle installed in appropriate ve
cd your-hsadmin-ng-directory
- ./gradlew # downloads the configured Gradle version into the project
- source .aliases # creates some comforable bash aliases, e.g. 'gw'='./gradlew'
+ source .aliases # creates some comfortable bash aliases, e.g. 'gw'='./gradlew'
+ gw # downloads the configured Gradle version into the project
gw test # compiles and runs unit- and integration-tests
From f1e977c9059f3ea5e878188b4339eda0f96df371 Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Tue, 2 Jan 2024 11:21:22 +0100
Subject: [PATCH 09/32] add documentation for re-running tests from command
line
---
README.md | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index c184591f..dc3290b8 100644
--- a/README.md
+++ b/README.md
@@ -421,6 +421,21 @@ Underneath of rbac and hs, the structure is business oriented, NOT technical / l
Some of these rules are checked with *ArchUnit* unit tests.
+### Run Tests from Command Line
+
+Run all tests which have not yet been passed with the current source code:
+
+```shell
+gw test
+```
+
+Force running all tests:
+
+```shell
+gw cleanTest test
+```
+
+
### Spotless Code Formatting
Code formatting for Java is checked via *spotless*.
@@ -579,7 +594,7 @@ Summary for Debian-based Linux systems:
sudo apt-get -y install podman
```
-2Then start it like this:
+Then start it like this:
```shell
systemctl --user enable --now podman.socket
@@ -610,7 +625,7 @@ we need to register a shutdown-hook in the test source code.
2. Now You Can Run the Tests
```shell
-gw clean test # gw is from the .aliases file
+gw test # gw is from the .aliases file
```
#### Use IntelliJ IDEA Run the Tests Against the Podman Daemon
From 53ffe9e73874ee9f522472b4847819634f1f91e0 Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Tue, 2 Jan 2024 13:03:15 +0100
Subject: [PATCH 10/32] fix SwaggerUI issue with duplicate method name
---
.../relationship/HsOfficeRelationshipController.java | 2 +-
.../relationship/HsOfficeRelationshipRepository.java | 8 ++++----
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipController.java
index 3d6332e3..98c6bccf 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipController.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipController.java
@@ -51,7 +51,7 @@ public class HsOfficeRelationshipController implements HsOfficeRelationshipsApi
final HsOfficeRelationshipTypeResource relationshipType) {
context.define(currentUser, assumedRoles);
- final var entities = relationshipRepo.findRelationshipRelatedToPersonUuid(personUuid,
+ final var entities = relationshipRepo.findRelationshipRelatedToPersonUuidAndRelationshipType(personUuid,
mapper.map(relationshipType, HsOfficeRelationshipType.class));
final var resources = mapper.mapList(entities, HsOfficeRelationshipResource.class,
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipRepository.java b/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipRepository.java
index a55f2272..d34caa8c 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipRepository.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipRepository.java
@@ -12,22 +12,22 @@ public interface HsOfficeRelationshipRepository extends Repository<HsOfficeRelat
Optional<HsOfficeRelationshipEntity> findByUuid(UUID id);
- default List<HsOfficeRelationshipEntity> findRelationshipRelatedToPersonUuid(@NotNull UUID personUuid, HsOfficeRelationshipType relationshipType) {
- return findRelationshipRelatedToPersonUuid(personUuid, relationshipType.toString());
+ default List<HsOfficeRelationshipEntity> findRelationshipRelatedToPersonUuidAndRelationshipType(@NotNull UUID personUuid, HsOfficeRelationshipType relationshipType) {
+ return findRelationshipRelatedToPersonUuidAndRelationshipTypeString(personUuid, relationshipType.toString());
}
@Query(value = """
SELECT p.* FROM hs_office_relationship_rv AS p
WHERE p.relAnchorUuid = :personUuid OR p.relHolderUuid = :personUuid
""", nativeQuery = true)
- List<HsOfficeRelationshipEntity> findRelationshipRelatedToPersonUuid2(@NotNull UUID personUuid);
+ List<HsOfficeRelationshipEntity> findRelationshipRelatedToPersonUuid(@NotNull UUID personUuid);
@Query(value = """
SELECT p.* FROM hs_office_relationship_rv AS p
WHERE (:relationshipType IS NULL OR p.relType = cast(:relationshipType AS HsOfficeRelationshipType))
AND ( p.relAnchorUuid = :personUuid OR p.relHolderUuid = :personUuid)
""", nativeQuery = true)
- List<HsOfficeRelationshipEntity> findRelationshipRelatedToPersonUuid(@NotNull UUID personUuid, String relationshipType);
+ List<HsOfficeRelationshipEntity> findRelationshipRelatedToPersonUuidAndRelationshipTypeString(@NotNull UUID personUuid, String relationshipType);
HsOfficeRelationshipEntity save(final HsOfficeRelationshipEntity entity);
From 287c1ad9dc619855c05ebd40e2fff5a617b2f535 Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Tue, 2 Jan 2024 13:08:55 +0100
Subject: [PATCH 11/32] minor improvement in setup instructions
---
README.md | 2 +-
src/test/resources/application.yml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index dc3290b8..a3a1c6e5 100644
--- a/README.md
+++ b/README.md
@@ -62,7 +62,7 @@ If you have at least Docker, the Java JDK and Gradle installed in appropriate ve
cd your-hsadmin-ng-directory
source .aliases # creates some comfortable bash aliases, e.g. 'gw'='./gradlew'
- gw # downloads the configured Gradle version into the project
+ gw # initially downloads the configured Gradle version into the project
gw test # compiles and runs unit- and integration-tests
diff --git a/src/test/resources/application.yml b/src/test/resources/application.yml
index 9915854e..a4f570f9 100644
--- a/src/test/resources/application.yml
+++ b/src/test/resources/application.yml
@@ -4,7 +4,7 @@ spring:
platform: postgres
datasource:
- url: jdbc:tc:postgresql:13.7-bullseye:///spring_boot_testcontainers
+ url: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers
url-local: jdbc:postgresql://localhost:5432/postgres
username: postgres
password: password
From 51aebc65b2c2d7e8866e04ff60cb63cc64b55c03 Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Tue, 2 Jan 2024 13:28:56 +0100
Subject: [PATCH 12/32] version upgrade to PostgreSQL Server 15.5-bookworm
---
.aliases | 2 +-
README.md | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/.aliases b/.aliases
index ae9ceaf0..9477474d 100644
--- a/.aliases
+++ b/.aliases
@@ -44,7 +44,7 @@ alias podman-stop='systemctl --user disable --now podman.socket && systemctl --u
alias podman-use='export DOCKER_HOST="unix:///run/user/$UID/podman/podman.sock"; export TESTCONTAINERS_RYUK_DISABLED=true'
alias gw=gradleWrapper
-alias pg-sql-run='docker run --name hsadmin-ng-postgres -e POSTGRES_PASSWORD=password -p 5432:5432 -d postgres:13.7-bullseye'
+alias pg-sql-run='docker run --name hsadmin-ng-postgres -e POSTGRES_PASSWORD=password -p 5432:5432 -d postgres:15.5-bookworm'
alias pg-sql-stop='docker stop hsadmin-ng-postgres'
alias pg-sql-start='docker container start hsadmin-ng-postgres'
alias pg-sql-remove='docker rm hsadmin-ng-postgres'
diff --git a/README.md b/README.md
index a3a1c6e5..c5518e6c 100644
--- a/README.md
+++ b/README.md
@@ -50,7 +50,7 @@ Everything is tested on _Ubuntu Linux 22.04_ and _MacOS Monterey (12.4)_.
To be able to build and run the Java Spring Boot application, you need the following tools:
- Docker 20.x (on MacOS you also need *Docker Desktop* or similar)
-- PostgreSQL Server 13.7-bullseye
+- PostgreSQL Server 15.5-bookworm
(see instructions below to install and run in Docker)
- Java JDK at least recent enough to run Gradle
(JDK 17.x will be automatically installed by Gradle toolchain support)
@@ -133,14 +133,14 @@ But the easiest way to run PostgreSQL is via Docker.
Initially, pull an image compatible to current PostgreSQL version of Hostsharing:
- docker pull postgres:13.7-bullseye
+ docker pull postgres:15.5-bookworm
<big>**⚠**</big>
If we switch the version, please also amend the documentation as well as the aliases file. Thanks!
Create and run a container with the given PostgreSQL version:
- docker run --name hsadmin-ng-postgres -e POSTGRES_PASSWORD=password -p 5432:5432 -d postgres:13.7-bullseye
+ docker run --name hsadmin-ng-postgres -e POSTGRES_PASSWORD=password -p 5432:5432 -d postgres:15.5-bookworm
# or via alias:
pg-sql-run
From 994a0e13c09183b0ce9d7aa10b4f39e761a3af2a Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael.hoennig@hostsharing.net>
Date: Tue, 2 Jan 2024 15:27:15 +0100
Subject: [PATCH 13/32] improve setup instructions and fix Swagger UI (#2)
Co-authored-by: Timotheus Pokorra <timotheus.pokorra@solidcharity.com>
Co-authored-by: Michael Hoennig <michael@hoennig.de>
Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/2
Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net>
---
README.md | 28 +++++++++++++++----
build.gradle | 1 +
.../HsOfficeRelationshipController.java | 2 +-
.../HsOfficeRelationshipRepository.java | 6 ++--
src/test/resources/application.yml | 2 +-
5 files changed, 29 insertions(+), 10 deletions(-)
diff --git a/README.md b/README.md
index 1106e9da..a3a1c6e5 100644
--- a/README.md
+++ b/README.md
@@ -54,7 +54,6 @@ To be able to build and run the Java Spring Boot application, you need the follo
(see instructions below to install and run in Docker)
- Java JDK at least recent enough to run Gradle
(JDK 17.x will be automatically installed by Gradle toolchain support)
-- Gradle in some not too outdated version (7.4 will be installed via wrapper)
You also might need an IDE (e.g. *IntelliJ IDEA* or *Eclipse* or *VS Code* with *[STS](https://spring.io/tools)* and a GUI Frontend for *PostgreSQL* like *Postbird*.
@@ -62,12 +61,16 @@ If you have at least Docker, the Java JDK and Gradle installed in appropriate ve
cd your-hsadmin-ng-directory
- gradle wrapper # downloads the configured Gradle version into the project
- source .aliases # creates some comforable bash aliases, e.g. 'gw'='./gradlew'
+ source .aliases # creates some comfortable bash aliases, e.g. 'gw'='./gradlew'
+ gw # initially downloads the configured Gradle version into the project
gw test # compiles and runs unit- and integration-tests
+ # if the container has not been built yet, run this:
pg-sql-run # downloads + runs PostgreSQL in a Docker container on localhost:5432
+ # if the container has been built already, run this:
+ pg-sql-start
+
gw bootRun # compiles and runs the application on localhost:8080
# the following command should reply with "pong":
@@ -418,6 +421,21 @@ Underneath of rbac and hs, the structure is business oriented, NOT technical / l
Some of these rules are checked with *ArchUnit* unit tests.
+### Run Tests from Command Line
+
+Run all tests which have not yet been passed with the current source code:
+
+```shell
+gw test
+```
+
+Force running all tests:
+
+```shell
+gw cleanTest test
+```
+
+
### Spotless Code Formatting
Code formatting for Java is checked via *spotless*.
@@ -576,7 +594,7 @@ Summary for Debian-based Linux systems:
sudo apt-get -y install podman
```
-2Then start it like this:
+Then start it like this:
```shell
systemctl --user enable --now podman.socket
@@ -607,7 +625,7 @@ we need to register a shutdown-hook in the test source code.
2. Now You Can Run the Tests
```shell
-gw clean test # gw is from the .aliases file
+gw test # gw is from the .aliases file
```
#### Use IntelliJ IDEA Run the Tests Against the Podman Daemon
diff --git a/build.gradle b/build.gradle
index 29ad0e23..1be9d95f 100644
--- a/build.gradle
+++ b/build.gradle
@@ -67,6 +67,7 @@ dependencies {
implementation 'org.apache.commons:commons-text:1.10.0'
implementation 'org.modelmapper:modelmapper:3.1.0'
implementation 'org.iban4j:iban4j:3.2.3-RELEASE'
+ implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.2.0'
compileOnly 'org.projectlombok:lombok'
testCompileOnly 'org.projectlombok:lombok'
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipController.java
index 3d6332e3..98c6bccf 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipController.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipController.java
@@ -51,7 +51,7 @@ public class HsOfficeRelationshipController implements HsOfficeRelationshipsApi
final HsOfficeRelationshipTypeResource relationshipType) {
context.define(currentUser, assumedRoles);
- final var entities = relationshipRepo.findRelationshipRelatedToPersonUuid(personUuid,
+ final var entities = relationshipRepo.findRelationshipRelatedToPersonUuidAndRelationshipType(personUuid,
mapper.map(relationshipType, HsOfficeRelationshipType.class));
final var resources = mapper.mapList(entities, HsOfficeRelationshipResource.class,
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipRepository.java b/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipRepository.java
index 8b9e10fe..d34caa8c 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipRepository.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipRepository.java
@@ -12,8 +12,8 @@ public interface HsOfficeRelationshipRepository extends Repository<HsOfficeRelat
Optional<HsOfficeRelationshipEntity> findByUuid(UUID id);
- default List<HsOfficeRelationshipEntity> findRelationshipRelatedToPersonUuid(@NotNull UUID personUuid, HsOfficeRelationshipType relationshipType) {
- return findRelationshipRelatedToPersonUuid(personUuid, relationshipType.toString());
+ default List<HsOfficeRelationshipEntity> findRelationshipRelatedToPersonUuidAndRelationshipType(@NotNull UUID personUuid, HsOfficeRelationshipType relationshipType) {
+ return findRelationshipRelatedToPersonUuidAndRelationshipTypeString(personUuid, relationshipType.toString());
}
@Query(value = """
@@ -27,7 +27,7 @@ public interface HsOfficeRelationshipRepository extends Repository<HsOfficeRelat
WHERE (:relationshipType IS NULL OR p.relType = cast(:relationshipType AS HsOfficeRelationshipType))
AND ( p.relAnchorUuid = :personUuid OR p.relHolderUuid = :personUuid)
""", nativeQuery = true)
- List<HsOfficeRelationshipEntity> findRelationshipRelatedToPersonUuid(@NotNull UUID personUuid, String relationshipType);
+ List<HsOfficeRelationshipEntity> findRelationshipRelatedToPersonUuidAndRelationshipTypeString(@NotNull UUID personUuid, String relationshipType);
HsOfficeRelationshipEntity save(final HsOfficeRelationshipEntity entity);
diff --git a/src/test/resources/application.yml b/src/test/resources/application.yml
index 9915854e..a4f570f9 100644
--- a/src/test/resources/application.yml
+++ b/src/test/resources/application.yml
@@ -4,7 +4,7 @@ spring:
platform: postgres
datasource:
- url: jdbc:tc:postgresql:13.7-bullseye:///spring_boot_testcontainers
+ url: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers
url-local: jdbc:postgresql://localhost:5432/postgres
username: postgres
password: password
From 845857c14d224443454ae4751aa91b0dc833d5a8 Mon Sep 17 00:00:00 2001
From: Timotheus Pokorra <timotheus.pokorra@hostsharing.net>
Date: Thu, 4 Jan 2024 09:13:27 +0100
Subject: [PATCH 14/32] Requirements aktualisiert
---
README.md | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/README.md b/README.md
index a3a1c6e5..ca3b16fc 100644
--- a/README.md
+++ b/README.md
@@ -49,15 +49,13 @@ Everything is tested on _Ubuntu Linux 22.04_ and _MacOS Monterey (12.4)_.
To be able to build and run the Java Spring Boot application, you need the following tools:
-- Docker 20.x (on MacOS you also need *Docker Desktop* or similar)
-- PostgreSQL Server 13.7-bullseye
- (see instructions below to install and run in Docker)
+- Docker 20.x (on MacOS you also need *Docker Desktop* or similar) or Podman
- Java JDK at least recent enough to run Gradle
(JDK 17.x will be automatically installed by Gradle toolchain support)
-You also might need an IDE (e.g. *IntelliJ IDEA* or *Eclipse* or *VS Code* with *[STS](https://spring.io/tools)* and a GUI Frontend for *PostgreSQL* like *Postbird*.
+We recommend to use an IDE (e.g. *IntelliJ IDEA* or *Eclipse* or *VS Code* with *[STS](https://spring.io/tools)* and optionally a GUI Frontend for *PostgreSQL* like *Postbird*.
-If you have at least Docker, the Java JDK and Gradle installed in appropriate versions and in your `PATH`, then you can start like this:
+If you have at least Docker, the Java JDK installed in appropriate versions and in your `PATH`, then you can start like this:
cd your-hsadmin-ng-directory
From 063fcf90a30e2ec28b73c425e2e52e596583db9e Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Wed, 3 Jan 2024 09:24:14 +0100
Subject: [PATCH 15/32] SpringBoot, Gradle, Java etc. version upgrades and add
OWASP API key via gradle.properties
---
build.gradle | 57 ++++++++++--------
etc/allowed-licenses.json | 1 +
etc/owasp-dependency-check-suppression.xml | 35 +++++++++++
gradle/wrapper/gradle-wrapper.jar | Bin 59821 -> 43462 bytes
gradle/wrapper/gradle-wrapper.properties | 4 +-
gradlew | 41 +++++++++----
gradlew.bat | 15 +++--
.../HsOfficeSepaMandateEntity.java | 1 +
8 files changed, 109 insertions(+), 45 deletions(-)
diff --git a/build.gradle b/build.gradle
index 1be9d95f..a4ffb298 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,15 +1,15 @@
plugins {
id 'java'
- id 'org.springframework.boot' version '3.0.0'
- id 'io.spring.dependency-management' version '1.1.0'
- id 'io.openapiprocessor.openapi-processor' version '2022.2'
- id 'com.github.jk1.dependency-license-report' version '2.1'
- id "org.owasp.dependencycheck" version "7.3.0"
- id "com.diffplug.spotless" version "6.11.0"
+ id 'org.springframework.boot' version '3.1.7'
+ id 'io.spring.dependency-management' version '1.1.4'
+ id 'io.openapiprocessor.openapi-processor' version '2023.2'
+ id 'com.github.jk1.dependency-license-report' version '2.5'
+ id "org.owasp.dependencycheck" version "9.0.7"
+ id "com.diffplug.spotless" version "6.23.3"
id 'jacoco'
- id 'info.solidsoft.pitest' version '1.9.0'
+ id 'info.solidsoft.pitest' version '1.15.0'
id 'se.patrikerdes.use-latest-versions' version '0.2.18'
- id 'com.github.ben-manes.versions' version '0.43.0'
+ id 'com.github.ben-manes.versions' version '0.50.0'
}
group = 'net.hostsharing'
@@ -17,7 +17,7 @@ version = '0.0.1-SNAPSHOT'
wrapper {
distributionType = Wrapper.DistributionType.BIN
- gradleVersion = '7.5'
+ gradleVersion = '8.5'
}
configurations {
@@ -42,7 +42,7 @@ repositories {
java {
toolchain {
- languageVersion = JavaLanguageVersion.of(17)
+ languageVersion = JavaLanguageVersion.of(21)
}
}
@@ -58,23 +58,24 @@ dependencies {
implementation 'org.springframework.boot:spring-boot-starter-jdbc'
implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.springframework.boot:spring-boot-starter-validation'
- implementation 'com.github.gavlyukovskiy:datasource-proxy-spring-boot-starter:1.8.1'
- implementation 'org.springdoc:springdoc-openapi:2.0.0-M7'
- implementation 'org.liquibase:liquibase-core'
- implementation 'com.vladmihalcea:hibernate-types-60:2.20.0'
- implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.13.4'
- implementation 'org.openapitools:jackson-databind-nullable:0.2.4'
- implementation 'org.apache.commons:commons-text:1.10.0'
- implementation 'org.modelmapper:modelmapper:3.1.0'
- implementation 'org.iban4j:iban4j:3.2.3-RELEASE'
- implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.2.0'
+ implementation 'com.github.gavlyukovskiy:datasource-proxy-spring-boot-starter:1.9.1'
+ implementation 'org.springdoc:springdoc-openapi:2.3.0'
+ implementation 'org.liquibase:liquibase-core:4.25.1'
+ implementation 'com.vladmihalcea:hibernate-types-60:2.21.1'
+ implementation 'io.hypersistence:hypersistence-utils-hibernate-64:3.7.0'
+ implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.16.1'
+ implementation 'org.openapitools:jackson-databind-nullable:0.2.6'
+ implementation 'org.apache.commons:commons-text:1.11.0'
+ implementation 'org.modelmapper:modelmapper:3.2.0'
+ implementation 'org.iban4j:iban4j:3.2.7-RELEASE'
+ implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.3.0'
compileOnly 'org.projectlombok:lombok'
testCompileOnly 'org.projectlombok:lombok'
developmentOnly 'org.springframework.boot:spring-boot-devtools'
- runtimeOnly 'org.postgresql:postgresql'
+ runtimeOnly 'org.postgresql:postgresql:42.7.1'
annotationProcessor 'org.projectlombok:lombok'
testAnnotationProcessor 'org.projectlombok:lombok'
@@ -82,11 +83,12 @@ dependencies {
testImplementation 'org.springframework.boot:spring-boot-starter-test'
testImplementation 'org.testcontainers:testcontainers'
testImplementation 'org.testcontainers:junit-jupiter'
+ testImplementation 'org.junit.jupiter:junit-jupiter'
testImplementation 'org.testcontainers:postgresql'
- testImplementation 'com.tngtech.archunit:archunit-junit5:1.0.0'
+ testImplementation 'com.tngtech.archunit:archunit-junit5:1.2.1'
testImplementation 'io.rest-assured:spring-mock-mvc'
testImplementation 'org.hamcrest:hamcrest-core:2.2'
- testImplementation 'org.pitest:pitest-junit5-plugin:1.1.0'
+ testImplementation 'org.pitest:pitest-junit5-plugin:1.2.1'
}
dependencyManagement {
@@ -182,15 +184,20 @@ spotless {
}
}
}
+project.tasks.spotlessJava.dependsOn(tasks.generateLicenseReport, tasks.processResources, tasks.processTestResources)
project.tasks.check.dependsOn(spotlessCheck)
// OWASP Dependency Security Test
dependencyCheck {
- cveValidForHours=4
+ nvd {
+ apiKey = project.property('OWASP_API_KEY') // set it in ~/.gradle/gradle.properties
+ delay = 16000
+ }
+ // cveValidForHours = 4
format = 'ALL'
suppressionFile = 'etc/owasp-dependency-check-suppression.xml'
failOnError = true
- failBuildOnCVSS = 7
+ failBuildOnCVSS = 5
}
project.tasks.check.dependsOn(dependencyCheckAnalyze)
project.tasks.dependencyCheckAnalyze.doFirst { // Why not doLast? See README.md!
diff --git a/etc/allowed-licenses.json b/etc/allowed-licenses.json
index 31bbfab3..f50ce4b9 100644
--- a/etc/allowed-licenses.json
+++ b/etc/allowed-licenses.json
@@ -8,6 +8,7 @@
{ "moduleLicense": "BSD License" },
{ "moduleLicense": "BSD-2-Clause" },
+ { "moduleLicense": "BSD-3-Clause" },
{ "moduleLicense": "The BSD License" },
{ "moduleLicense": "CDDL 1.1" },
diff --git a/etc/owasp-dependency-check-suppression.xml b/etc/owasp-dependency-check-suppression.xml
index 4c258544..f04711a8 100644
--- a/etc/owasp-dependency-check-suppression.xml
+++ b/etc/owasp-dependency-check-suppression.xml
@@ -14,4 +14,39 @@
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
<cve>CVE-2022-42003</cve>
</suppress>
+ <suppress>
+ <notes><![CDATA[
+ We don't parse external XML.
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.eclipse\.angus/angus\-activation@.*$</packageUrl>
+ <cpe>cpe:/a:eclipse:eclipse_ide</cpe>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[
+ We don't parse external XML.
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/jakarta\.activation/jakarta\.activation\-api@.*$</packageUrl>
+ <cpe>cpe:/a:eclipse:eclipse_ide</cpe>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[
+ Cyclic references are not possible if file comes in JSON text format.
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
+ <cpe>cpe:/a:fasterxml:jackson-databind</cpe>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[
+ As far as I see Criteria.parse(...) cannot be reached with external data.
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/com\.jayway\.jsonpath/json\-path@.*$</packageUrl>
+ <vulnerabilityName>CVE-2023-51074</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[
+ Internal tooling, not exposed to the Internet.
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.pitest/pitest\-command\-line@.*$</packageUrl>
+ <cpe>cpe:/a:line:line</cpe>
+ </suppress>
</suppressions>
diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar
index 41d9927a4d4fb3f96a785543079b8df6723c946b..d64cd4917707c1f8861d8cb53dd15194d4248596 100644
GIT binary patch
literal 43462
zcma&NWl&^owk(X(xVyW%ySuwf;qI=D6|RlDJ2cR^yEKh!<L)kv!^b;wzjN=MbLPE6
z#Qs54Mb(a4xpF<3xwf(#I0QP#moHyHKtM=7umAmr3<3k9AfYb8AfqVBBrhW-p{ORI
zp$-WG`qx|5b@g0VIWYsKzV}*LSf1fX%5<DxH2bTXmT7RMuqAb62#S(Z1H@42g>@I-
zp9QeisK*rlxC>+~7Dk4IxIRsKBHqdR9b3+fyL=ynHmIDe&|>O*VlvO+%z5;9Z$|DJ
zb4dO}-R=MKr^6EKJiOrJdLnCJn>np<Vr_Xn3)te~Xt>?~vU-1sSFgPu;pthGwf}bG
z(1db%xwr#x)r+`4AGu$j7~u2MpVs3VpLp|mx&;>`0p0vH6kF+D2CY0fVdQOZ@h;A`
z{infNyvmFUiu*X<?lkm_Rwc7`N28EaGe!}kzj7nfhW^@lTVlH-#Uo^46(tYuSUgOx
zQr0fsq(~O?24S?tV(okgsek@TWWcu+UvB}S%m>G}RNMNwXrbec_*a3N=2zJ|Wh5z*
z5rAX$JJR{#zP>KY**>xHTuw?|-Rg|o24V)74HcfVT;WtQHXlE+_4iPE8QE#DUm%x0
zEKr75ur~W%w#-My3Tj`hH6EuEW+8K-^5P62$7Sc5OK+22qj&Pd1;)1#4tKihi=~8C
zHiQSst0cpri6%OeaR`PY>HH_;CPaRNty%WTm4{wDK8V6gCZlG@U3$~JQZ;<Vs5#qH
zEVy+t;!5@Xu1$jID=`9nIoF+Jc9_az6+@ZeQX+!p62E#%NU_ikW&7u6D)sZpOG{u|
z={bCQI06wwYzSWO$q~5IHw{K<h(x`GAQV}I+HC2mJ9);BffzPtNZV^JzK+Q*#E)sp
z_;y^CR19xFFVGX1#sx$S&@R1md`SKw94gSZefoLMIz1SgFUJeHlDdu>HPvDJcT1V{
z?>H@13MJcCNe#5z+MecYNi@VT5|&UiN1D4ATT+%M+h4c$t;C#UAs3O_q=GxK0}8%8
z8J(_M9bayxN}69ex4dzM_P3oh@ZGREjVvn%%r7=xjkqxJP4kj}5tlf;QosR=%4L5y
zWhgejO=vao5oX%mOHbhJ8V+SG&K5dABn6!WiKl{|oPkq(9z8l&Mm%(=qGcFzI=eLu
zWc_oCLyf;hVlB@dnwY98?75B20=n$>u3b|NB28H0u-6Rpl((%KWEBOfElVWJx+5yg
z#SGqwza7f}$z;n~g%4HDU{;V{gXIhft*q2=4zSezGK~nBgu9-Q*rZ#2f=Q}i2|qOp
z!!y4p)4o=LVUNhlkp#JL{tfkhXNbB=Ox>M=n6soptJw-IDI|_$is2w}(XY>a=H52d
z3zE$tjPUhW<B7^QI+mzDc0r|3FgQFs!Jsdf2mD!`%+)SGMT!&dDeNq8Wnr~TJ=;SJ
zCjA5AMnKC>WS+5h=KVH&uqQS=$v3nRs&p$%11b%5qtF}S2#Pc`IiyBIF4%A!;AVoI
zXU8-Rpv!DQNcF~(qQnyyMy=-AN~U>#&X1j5BLDP{?K!%h!;hfJI>$mdLSvktEr*89
zdJHvby^$xEX0^l9g$xW-d?J;L0#(`UT~zpL&*cEh$L|HPAu=P8`OQZV!-}l`noSp_
zQ-1$q$R-gDL)?6YaM!=8H=QGW$NT2SeZlb8PKJdc=F-cT@j7Xags+Pr*jPtlHFnf-
zh?q<6;)27IdPc^Wdy-mX%2s84C1xZq9Xms+==F4);O`VUASmu3(RlgE#0+#giLh-&
zc<QGvU&1r_Xz58P7NkF*I*90qex!^xxfEgH#K;#C|KMCf;CA5Qt-NV8mGe5b-lG!j
zRL`7OWA4AJCL!FWu3g%<l7t>xm3_e}n4<JRr%rS6Swi_EMqL;`T8Bl3(r42Q<|~(Y
zc;e@g+fVh%OUP%og+-&}AUrto$4spr+PoQd2Zp+clpMO`)?XEs_x|w9_1so-38=4Y
zn`D1h2@&{Ai|aMqEbZDK1O5PGO%pa3=lgn}`i!wzdMR^A4OKHJ)Gs9YZ1vnbkiv-D
z$-P%T9AC{vA3^Up7DULFj^rOQ`7gHyAFny;2s;Lb$MDVB@Qs!<`=}5GFJ_Xz>{%|X
zJp{G_j+%`j_q5}k{eW&TlP}J2wtZ2^<^E(O)4OQX8FDp6RJq!F{(6eHWSD3=f~(h}
zJXCf7=r<16X{pHkm%yzYI_=VDP&9bmI1*)Y<!NUzHwGU;+XI38Q(`+NB8>XZeB}F?
z(%QsB5fo*FUZxK$<e}vt0yO7dH1jD~7>oX~X^69;x~j7ms8xlzpt-T15e9}$4T-pC
z6PFg@;B-j|Ywajpe4~bk#S6(fO^|mm1hKOPfA%8-_iGCfICE|=P_~e;Wz6my&)h_~
zkv&_xSAw7AZ%ThYF(4jADW4vg=oEdJGVOs>FqamoL3Np8>?!W#!R-0%2Bg4h?kz5I
zKV-rKN2n(vUL%D<4oj@|`eJ>0i#TmYBtYmfla;c!ATW%;xGQ0*TW@PTlGG><@dxUI
zg>+3SiGdZ%?5N=8uoLA|$<tQF__q{Hb+omJ>4isK$aJ%i{hECP$bK{J#0W2gQ3YEa
zZQ50Stn6hqdfxJ*9#NuSLwKFCU<kW<Z$>Gk@c=(igyVL;;2^wi4o30YXSIb2g_ud$
zgpCr@H0qWtk2hK8Q|&wx)}4+hTYlf;$a4#oUM=V@Cw#!$(nOFFpZ;0lc!qd=c$S}Z
zGGI-0jg~S~cgVT=4Vo)b)|4phjStD49*EqC)IPwyeKBLcN;Wu@Aeph;emROAwJ-0<
z_#>wVm$)ygH|qyxZaet&(Vf%pVdnvKWJn9`%DAxj3ot;v>S$I}jJ$FLBF*~iZ!ZXE
zkvui&p}fI0Y=IDX)mm0@tAd|fEHl~J&K}ZX(Mm3cm1UAuwJ42+AO5@HwYfDH7ipIc
zmI;1J;J@+aCNG1M`Btf>YT>~c&3<N>j~Qi@Py5JT6;zjx$cvOQW@3oQ>|}GH?TW-E
z1R;q^QFjm5W~7f}c3Ww|awg1BAJ^slEV~Pk`Kd`PS$7;SqJZNj->it4DW2l15}xP6
zoCl$kyEF%yJni0(L!Z&14m!1ur<bj#167-*(B|jp)F*o{Q;Hn)6)_<P63qS{7s)%O
z``Aek8i5TJj-mjjYtt1A_~`C%@M}|?ur(!4Oz?<A^)?FLyfSWzL9}|;jFV^_SWWx7
zZqoBj%8Zht{DR?*BSX3Fo`9QF2<={td!w9oLBkZ!>Xh6Btj_5JYt1{#+H8w?5QI%%
zo-$KYWNMJVH?Hh@1n7OSu~QhSswL8x0=$<8QG_zepi_<zlB#8m+hcE7gc<MZ-I}wy
z>`y_79=nK=_ZP_`Em2UI*tyQoB+r{1QYZCpb?2OrgUw#oRH$?^Tj!Req>XiE#~B|~
z+%HB;=ic+R@px4Ld8mwpY;W^A%8%l8$@B@1m5n`TlKI6bz2mp*^^^1mK$COW$HOfp
zUGTz-cN9?BGEp}5A!mDFjaiWa2_J2Iq8qj<W!S?C&KT9grEb&=%wm;aC1~>0mXzk;
z66JBKRP{p%wN7XobR0YjhAuW9T1Gw3FDvR5dWJ8ElNYF94e<ioutKi#n7!$mwZ7cG
z1bc^4#{Lo^rv1yy&HM`wbm`jfSY+G{qjDC1m?i9np*9^ecJ6!CKPZ;Z?_@`Nrs+nA
zB6#eGiAgK!RqyysJp%o~7rj*4vtuR7j|$OCbL9xyI9^gP(08>F3ebu+QwKjtvVu4L
zI9ip#mQ@4uqVdkl-TUQMb^XBJVLW(-$s;Nq;@5gr4`UfLgF$adIhd?rHOa%D);whv
z=;krPp~@I+-Z|r#s3yCH+c1US?dnm+C*)r{m+86sTJusLdNu^sqLrfWed^ndHXH`m
zd3#cOe3>w-ga(Dus_^ppG9AC>Iq{y%%CK+Cro_sqLCs{VLuK=dev>OL1dis4(PQ5R
zcz<j+gH(MtWYW4^8ed>)>DjEkfV+M<e_sEdzrS<1AHM%agf4oS_E5Eo5a@5bZSJRE
z-3LG-!nD1<2E1K6xQ;KRI>O;~>VUlYF00SgfUo~@(&9$Iy2|G0T9BSP?&T22>K46D
zL*~j#yJ?)^*%J3!16f)@Y2Z^kS*BzwfAQ7K96rFRIh>#$*$_Io;z>ux@}G98!fWR@
zGTFxv4r~v)Gsd|pF91*-eaZ3Qw1MH$K^7JhWIdX%o$2kCbvGDXy)a?@8T&1dY4`;L
z4Kn+f%SSFWE_rpEpL9bnlmYq`D!6F%di<&Hh=+!VI~j)2mfil03T#jJ_s?}VV0_hp
z7T9bWxc>Jm2Z0WMU?`Z$xE74Gu~%s{mW!d4uvK<j&<1yHv!7+02LGZ>Cx@WD+gPUQ
zV0vQS(Ig++z=EHN)BR44*EDSWIyT~R4$FcF*VEY*8@l=218Q05D2$|fXKFhRgBIEE
zdDFB}1dKkoO^7}{5crKX!p?dZWNz$m>1icsXG2N+((x0OIST9Zo^DW_tytvlwXGpn
zs8?pJXjEG;T@qrZi%#h<Ub!eG-{OloH-RpCzw35}x@i|jcqI|*S)Mk#vJASbW?htA
zkoiPl104oY;UP=8R1euujt$?djSOx?y-rqs2lMK%Qb9yZr^vF%!MGNK6X7qcO{3$l
z`SpE|3;1<tJDRMxF=rVtiibsxjcy7ac&I!rJ(vX~wSh6hna0U?6s6xBR8R}cWK=Mr
z0w`kyzSZL7v262fj&Zs-DwNn*X?a01@1FD@>93?FP$!&P4JA(&H61tqQi=opRzNpm
zkrG}$^t9&XduK*Qa1?<l%^7R<o*-c=iC4sk-`i4!S6!9X4fSx+qbvvgrLLuj@E8FE
zq?-x^MET$9MfCquFDi&A%1BD6sWU1_{+DLFRrob7FUP<*gCNI1JNawshbr?t+t&Wg
zFNRT>355wd8G2CI6QEh@Ua>AsD;7oRUNLPb76m4HG3K?)wF~IyS3`fXuNM>${?wmB
zpVz;?6_(Fiadfd{vUCBM*_kt$+F3J+IojI;9L(gc9n3{sEZyzR9o!_mOwFC#tQ{Q~
zP3-`#uK#tP3Q7~Q;4H|wjZHO8h7e4IuBxl&vz2w~D8)w=Wtg31zpZhz%+kzSzL*dV
zwp@{WU4i;hJ7c2f1O;7Mz6<tj2!R+wyuceauj<?kVu{wyl=%JHPkLzkWmg+Z?RG$#
zRU+Lf6+%iJNryt(CfbHrg5cMQPHCKXNZUXf@5VtUpcIZ(1nKR6v)V%+OF~*L&Q2bo
zXdQmkq&Da<4ZR}a$I6XIt`dd!z6Ld%&o(8?bghVIHa*@Mm4a2#r;SUX#A+KRSH^xk
zTs2!r=Ribpu&~Zx#mw!4jE91^t<FzpP{8m$mj$1xwQ{_Z*|&XtH^s|T`GZmEqGKAk
zj@Xz#kk3*eWc-B>qRKeASoIv0_bV=i@NMG*l<#+;INk-^`5w@}Dj~;k=|}qM1vq_P
z|GpBGe_IKq|LNy9SJhKOQ$c=5L{Dv|Q_lZl=-ky*BFBJLW9&y_C|!vyM~rQx=!vun
z?rZJQB5t}Dctmui5i31C_;_}C<yrm%u8E>En}_W%>oSXtt>@kE1=JW*4*v4tPp;O6
zmAk{)m!)}34pTWg8{i>($%NQ(Tl;QC@J@FfBoc%Gr&m560^kgSfodAFrIjF}aIw)X
zoXZ`@IsMkc8_=w%-7`D6Y4e*CG8k%Ud=GXhsTR50jUnm+R*0A(O3UKFg0`K;qp1bl
z7``HN=?39ic_kR|^R^~w-*pa?Vj#7|e9F1iRx{GN2?wK!xR1GW!qa=~pjJb-#u1K8
zeR?Y2i-pt}yJq;SCiVHODIvQJX|ZJaT8nO+(?HXbLefulKKgM^B(UIO1r+S=7;kLJ
zcH}1J=Px2jsh3Tec&v8Jcbng8;V-`#*UHt?hB(pmOipKwf3Lz8rG$heEB30Sg*2rx
zV<|KN86$soN(I!BwO`1n^^uF2*x&vJ$2d$>+`(romzHP|)K_KkO6Hc>_dwMW-M(#S
zK(~SiXT1@fvc#U+?|?PniDRm01)f^#55;nhM|wi?oG>yBsa?~?^xTU|fX-R(sTA+5
zaq}-8Tx7zrOy#3*JLIIVsBmHYLdD}!0NP!+ITW+Thn0)8SS!$@)HXwB3tY!fMxc#1
zMp3H?q3eD?u&Njx4;KQ5G>32+GRp1Ee5qMO0lZjaRRu&{W<&~DoJNGkcYF<5(Ab+J
zgO>VhBl{okDPn78<%&e2mR{jwVCz5Og;*Z;;3%VvoGo_;HaGLWYF7q#jDX=Z#Ml`H
z858YVV$%J|e<1n`%6Vsvq7GmnAV0wW4$5qQ3uR@1i>tW{xrl|ExywIc?fNgYlA?C5
zh$ezAFb5{rQu6i7BSS5*J-|9DQ{6^BVQ{b*lq`xS@RyrsJN?-t=MTMPY;WYeKBCNg
z^2|pN!Q^WPJuuO4!|P@jzt&tY1Y8d%FNK5xK(!@<w&%9D$8VsECTj#p>`jO2aEA*4
zkO6b|UVBipci?){-Ke=+1;mGlND8)6+P;8sq}UXw2hn;fc7nM>g}GSMWu&v&fqh<p
z##88~l{cY%DBl|WjH>iViYT=fZ(|3Ox^$aWPp4a8h24tD<|8-!aK0lHgL$N7Efw}J
zVIB!7=T$U`ao1?upi5V4Et*-lTG0XvExbf!ya{cua==$WJyVG(CmA6Of*8E@DSE%L
z`V^$qz&RU$7G5mg;8;=#`@rRG`-uS<w08Td3B}9G%N}FK9HR~!f^Cj{`y^tJfREum
z*~gqwb#dcwc-QI{m8GKpLpC4_K%Vfi)$F_F!#pL|shy<Q%NAC^CU`RL!|-5srD#ZO
zn{I~O)p%c{5m;d<;UUXgV+yNvL<rtSIQngc|6F6>18$0WPN@!v2d{H2sOqP|!(cQ@
zUHo!d>>yFArLPf1q`uBvY32miqShLT1B@gDL4XoVTK&@owOoD)OIHXrYK-a1d$B{v
zF^}8D3Y^g%^cnvScOSJR5QNH+BI%d|;J;wWM3~l>${fb8DNPg)wrf|GBP8p%LNGN#
z3EaIiItgwtGgT&iYCFy9-LG}bMI|4LdmmJ<aSE*uYY8*ef191mD07amYtQ+>t@V@%
zb6B)1kc=T)(|L@0;wr<>=?r04N;E&ef+7C^`wPWtyQe(*pD1pI_&XHy|0gIGHMekd
zF_*M<adlI3H~C+q^IzcHq+zQxXN(?TC=A;~jCHxB64cks3Odw>4yi6J&Z4LQj65)S
zXwdM{SwUo%3<O37{DHPAG$A+a&Uh?}DLaiJmVVmFZ1SIa$#%_k^;QaeeZ7P1{c?b9
zC=eLHcdO3e<gc?V;V!z6HlJL{r#Zyj=E&V_!6PB!qLm)(8_YSrHh0%Boz_*kUx6mK
zb|)@dlgu8i#ZFeI!mo!f$fZhLo%K}Hqt2m#>SbPwFsHgqF@V|6afT|R6?&S;lw=8%
z3}@9<sV<+=?Zw{9R&#fEo?wO?NZ(DJrAWh4NL*AP6WG<pY>B=#JI3@B*#4s!O))~z
zc>2_4Q_#&+5V`GFd?88^;c1i7;Vv_I*qt!_Yx*n=;rj!82rrR2rQ8u5(Ejlo{15P%
zs~!{%XJ>FmJ})H^I9<JZ=qNB8Uvp_IODk79lcQ%6N8nJ<layarnSw*wERT@1y+@T9
zbCRk63Z9EFi*?65Y?t(rNyKH`R2OmS8*97sR}##9$$k=`zv4t1*Bd!||1<$^?K3bV
zch~R<>bn^Re&38H{xA!0l3^89k(oU;bZWXM@kn$#aoS&Y4l^-WEn<v2GMB&`=$+t{
zsqH-Hrg^zC-u%NR+$BDUf%Zr&u$O+4nJ{Bn;W>-fH39Jb9lA%s*WsKJQl?n9B7_~P
z-XM&WL7Z!PcoF6_D>V@$CvUIEy=+Z&0kt{szMk=f1|M+r*a43^$$B^MidrT0J;RI`
z(?f!O<8UZkm$_Ny$<xT<$ZIyDj(fr1FYD^^at+o!IT*&wJZ2YcAjrNtR7B|~_E5=s
zOz!Ci^%eTS=@CxD@zJ?@F7iX3EI*kkt`>Hth1J#^4ni+im8M9mr&k|3cIgwvjAgjH
z8`N&h25xV#v*d$qBX5jkI|xOhQn!>IYZK7l5#^P4M&twe9&Ey@@GxYMxBZq2e7?`q
z$~Szs0!g{2fGcp9PZEt|rdQ6bhAgpcLHPz?f-vB?$dc*!9OL?Q8mn7->bFD2Si60*
z<SxIYe5*?<(^};SmYZJUE5uTQgi>!O%y)fCdMSV|lkF9w%x~J*A&srMyYY3{=&$}H
zGQ4VG_?$2X(0|vT0{=;W$~icCI{b6W{B!Q8xdGhF|D{25G_5_+%s(46lhvNLkik~R
z><gHECVNA9lSE@px%4b)MU9AlX-3O&uNmc}yl!RiOZVkYH*st9io|}a-%W^-z%%sS
zBRKzv>nr(&C#5wwOzJZQo9m|U<;&Wk!_#q|V>fsmj1g<6%hB{jGoNUPjgJslld><h
z0D4sDtR`m}US*Y@1-q?v_8uo!>xmODzGjY<PkPw{-%~Z34UsBBxRhv{JbTqaVf$5q
z{S2pJqjiGYd2`{L@&>c?7JSuA?A_QzjDw5AsRgi@Y|Z0{F{!1=!NES-#*f^s4l0Hu
zz468))2IY5dmD9pa*(yT5{EyP^G>@ZWumealS-*WeRcZ}B%gxq{MiJ|RyX-^C1V=0
z@iKdrGi1jTe8Ya^x7yyH$kBNvM4R~`fbPq$BzHum-3Zo8C6=KW@||>zsA8-Y9uV5V
z#oq-f5L5}V<&wF4@X@<3^C%ptp6+Ce)~hGl`kwj)bsAjmo_GU^r940Z-|`<)oGnh7
zFF0Tde3>ui?8Yj{sF-Z@)yQd~CGZ*w-6p2U<8}JO-sRsVI5dBji`01W8A&3$?<gda
z?BZWzCe?!+Mzz3|voidco80@c=7!Ur=?8_d@M{njoqdXf;HO=-j8&nJI$X=2*nR5b
zdkQR1yvkj-(Jw_Mm=h7q^yxfjEp7^;bcyq6D@_K&VWKp^Sop&nM1y{dpIssXCy2i4
z=LyazjEE+1j0KJwbLD2TWETW$BXbT?w}d!pg$Bwi+bH5Fd+>}lxBaC&vn0E$c5tW*
zX>5(zzZ=qn&!J~KdsPl;P@bmA-Pr8T*)eh_+Dv5=Ma|XSle6t(k8qcgNyar{*ReQ8
zTXwi=8vr>!3Ywr+BhggHDw8ke==NTQVMCK`$69fhzEFB*4+H9LIvdt-#IbhZvpS}}
zO3lz;P?zr0*0$%-Rq_y^k(?I{Mk}h@w}cZpMUp|ucs55bcloL2)($u%mXQw({Wzc~
z;6nu5MkjP)0C(@%6Q_I_vsWrfhl7Zpoxw#WoE~r&GOSCz;_ro6i(^hM>I$8y>`!wW
z*U^@?B!MMmb89I}2(hcE4zN2G^kwyWCZp5JG>$Ez7zP~D=J^LMjSM)27_0B_X^C(M
z`fFT+%DcKlu?^)FCK>QzSnV%IsXVcUFhFdBP!6~se&xxrIxsvySAWu++IrH;FbcY$
z2DWTvSBRfLwdhr0nMx+URA$j3i7_*6BWv#DXfym?ZRDcX9C?cY9sD3q)uBDR3uWg=
z(lUIzB)G$Hr!){>E{s4Dew+tb9kvToZp-1&c?y2wn@Z~(VBhqz`cB;{E4(P3N2*nJ
z_>~g@;UF2iG{Kt(<1PyePTKahF8<)pozZ*xH~U-kfoAayCwJViIrnqwqO}7{0pHw$
zs2Kx?s#<e4dK%3b&+)k6Y|;S4DL85-WyrKVIj_j{{6I$&%2Do^b$2hE@5=a;FpA#?
zj?ue-OJN&$@J%?YKM$eGC(JtcZy!B$NWApB@di<X3W1e<da}udYMoeI3o7_<JF=Zh
zYpeXWvB)_@QIIYWL@3|7rB4|sFVTbw@}gXInS&gjZDpG1DvPM{2=+Ykc&(i5ifc$_
zh}LZ8qwN(P?@iKtl~(pPzWr%^DDJwnMm5!z?#c5FjG;&ZIUT6z@~tYZ+k;3g@lXUv
zc!5>vQr7XZ264>5RNKSL8|Ty^=PsIx^}QqOOcfpGUU4tRkUc|kc7-!Ae6!+<d3LhN
z&XzYh?Io|}4gfQtnbqxLyJD!7AFApf16JvF_cy6Y`x$Llw|Gfz;B@D2LO~qGw&vqe
zsH^CM_BX(-!fK<Eo8IYbMVZ6+S7(ZE0!FE(^I(-o-1+IZ<U0&RNxqDrwiyUBYR)d<
z#!m|@8#oaZv2FVRDr{+-;DajT%LpK4DvrtxtKBx!-{g~??&MQ(9~5@mIpt?Y@cvL%
zN}LG<11t5Cf)G^&gR<1lgJ{-R<J>B{o~7nFpm3|G5^=0#Bnm6`V}oSQlrX(u%OWnC
zoLPy&Q;1J<Q=Rw7zP0W`<I7X@-?=Nf;Xee%N*w}vJKiE|cD<4a=^PO7MQlM02j-+$
zKCm^lM#p{(Wj}5i#kBavYT-0#nTBp`m_35(`HY&Y@4YUMZTiPw%I|bpPk6PK|CYyI
z`Xes=050k(L_<N^Jv(Mpm{{2H2c!?vIl%96&k^E-?K&Vk`$KkeX~Jw~Fsfk(d16L!
z-bf)Sz$PAGgB&vJhQ}eDyRs{2lK?Gq>ui&7ST0~#+}I^&?vcE*t47~Xq#YwvA^6^}
z`WkC)$AkNub|t@S!$8CBlwbV~?yp&@9h{D|3<UyWg7|l{^glZ5Dp<R^T02<&bDDly
zL;vF_RkK%`Q$`P93~`T9H0DLwoQ7TLazhh0=(S3=G6^=$?i+3C_*1LCvRZO39g|43
z<9HQ9$%`iR2>z-vJXgzRC5^nYm+PyPcgRzAnEi6Q^gslXYRv4nycsy-SJu?lMps-?
zV`U*#WnFsdPLL)Q$AmD|0`UaC4ND07+&UmOu!eHruzV|OUox<+Jl|Mr@6~C`T@P%s
zW7sgXLF2SSe9Fl^O(I*{9wsFSYb2l%-;&Pi^d<d5gZY$ouXkSxh!i;YM~orayzvd9
z$>pv!{)C3d0AlNY6!4fgmSgj_wQ*7Am<LG|<(H6ae*!sIhw}*%cn8L{G&Qz)Il&k~
zdUB%q=yN3Oz|C{wnn*7=Y}H`Tp)^(dl#`ZFq_B51Ks``*Lp3oxGdwsr3V(Qn1t<fg
ziSMz83x=Ap$h4F(3LJRw8rYw8Xe?}PuG+VUk_bdjjrHLOpBsF^D$Ey0j+dIBQyzkk
z^3ERO0R}UDBy9?czbAa9qFbE3)`4Z5^?OXpH_#GiC*r#QhzMY=jT%oM-$ku0=Z=SS
zPUHZ>7&$z;Jg&wgR-Ih;lUvWS|KTSg!&s_E9_bXBkZvGiC6bFKDWZxsD$*NZ#_8bl
zG1P-#@?OQzE<T`h^Ta9L)yZGSKEF-RZ;~y;F=H0>D7@jlMJTH@V!6k;W>auvft)}g
zhoV{7$q=*<qV(a={b8n4s4yhm_oFzSM6cYhPn}4ss!6ccUzX#rKA~T>;=l{O>Q4a@
ziMjf_u*o^PsO)#BjC%0^h>Xp@;5$p{JSYDt)zbb}s{Kbt!T*I@Pk@X0zds6wsefuU
zW$XY%yyRGC94=6mf?x+bbA5CDQ2AgW1T-jVAJbm7K(gp+;v6E0WI#kuACgV$r}6L?
zd|Tj?^%^*N&b>Dd{Wr$FS2qI#Ucs1yd4N+RBUQiSZGujH`#I)mG&VKoDh=KKFl4=G
z&MagXl6*<)$6P}*Tiebpz5L=oMaPrN+caUXRJ`D?=K9!e0f{@D&cZLKN?iNP@X0aF
zE(^pl+;*T5qt?1jRC=5PMgV!XNITRLS_=9{CJExaQj;<KOp}Ss$xf3w95Awwovm~a
z$iUieZ+;LRH(+2InXK7*7kZ|*f#fpjzjcGEbKAy*9*Q%Ik>lt!&pdzpK?8p>%Mb+D
z?yO*uSung=-`QQ@yX@Hyd4@CI^r{2oiu`%^bNkz+Nkk!IunjwNC|WcqvX~k=><-I3
zDQdbdb|!v+I<k8C-8h1&l^p%~4R~&So2|v->z01$w@aMl!R)koD77Xp;eZwzSl-AT
zr@Vu{=xvgfq9akRrrM)}=!=xcs+U1JO}{t(avgz`6RqiiX<|hGG1pmop8k6Q+G_mv
zJv|RfDheUp2L3=^C=4aCBMBn0aRCU(DQwX-W(RkRwmLeuJYF<0urcaf(=7)JPg<3P
zQs!~G)9CT18o!J4{zX{_e}4eS)U-E)0FAt}wEI(c0%HkxgggW;(1E=>J17_hsH^sP
z%lT0LGgbUXHx-K*CI-MCrP66UP0PvGqM$MkeLyqHdbgP|_Cm!7te~b8p+e6sQ_3k|
zVcwTh6d83ltdnR>D^)BYQpDKlLk3g0Hdcgz2}%qUs9~~Rie)A-BV1mS&naYai#xcZ
z(d{8=-LVpTp}2*y)|gR~;qc7fp26}lPcLZ#=JpYcn3AT9(UIdOyg+d(P5T7D&*P}#
zQCYplZO5|7+r19%9e`v^vfSS1sbX1c%=w1;oyruXB%Kl$ACgKQ6=qNWLsc=28xJjg
zwvsI5-%SGU|3p>&zXVl^vVtQT3o-#$UT9LI@Npz~6=4!>mc431VRNN8od&Ul^+G<O
z&+UaGr()Me%6V)8@*Bx3oT4=TBj_vjymMyd8nWP{_ePd?ZpLR5y@P!PwPSnq@b%?+
z-3jAw7s2p_He|nVH%u;ROIVANf3n6TyT+w(2_c_sy)MF$<SLbp^<>_kHC`G=6WVWM
z%9eWNyy(FTO|A+@x}Ou3CH)oi;t#7rAxdIXfNFwOj_@Y&TGz6P_sqiB`Q6<Z9`{@I
zG)gW^Bs^4xVzBtFwh6KfO16ddPYr(3GPqiVlbqYNdp{z1`WEdF){s~pqbp&T6o|uZ
zd@{Wd+K`h(<$gjo>Lxy|Q{`|fgmRG(k+!#b*M+Z9zFce)f-7;?Km5O=LHV9f9_87;
zF7%R2B+$?@sH&&-$@tzaPYkw0;=i|;vWdI|Wl3q_Zu>l;XdIw2FjV=;Mq5t1Q0|f<
zs08j54Bp`3RzqE=2enlkZxmX6OF+@|2<)A^RNQpBd6o@OXl+i)<H_i&N`daO9#gRD
zbNRiucg54Gy(2fGrWtv`LB0NuWCH3@RHOJamGJ+B#lKG`{v$j0pO8><bNM_W{ENJH
zS2a-j%gz<EZJA$~1=AFf&`NH0`}A|!jr|e^sYu1)OS{vLFWmU*j55~$42^zF3vE?V
zDx)gAg1%Glt~U?HFUqs}9{v)ryb$pHbibYndMV|B@l;eyS(h=KEpcIvczVDE78@Xj
zSAm;1J^1Dwm>zO%D4iGiQNuXd+zIR{_lb96{lc~bxsBveIw6umhShTX+3@ZJ=YHh@
zWY3(d0azg;7oHn>H<>?4@*RQbi>SmM=JrHvIG(~BrvI)#W(<iZ@?A1TuACNgdXURW
z+)gvyNh;kbU(liR<_1NHe=TW&=0kt+K?wKELV`s)-;TebXWQlc!-`aY6o(nMsy+|=
z(E4T?*-uU}N^Du>EAeO6fS+}mxxcc+X~W6&YVl86W9WFSS}Vz-f9vS?XUDBk)3TcF
z8V?$4Q)`uKFq>xT=)Y9mMFVTUk*NIA!0$?RP6Ig0TBmUFrq*Q-Agq~DzxjStQyJ({
zBeZ;o5qUUKg=4Hypm|}>>L=XKsZ!<FKQ_ntYAcXmoND))pw_T3pH%fHY!pNqk5cuV
zOHA2*8nP`0K~OlwGy0SH3EWaDB-i#4%#|`_{yB={(lcN;3!10+Pxox-HkRohVDL0|
z8{E!B)=^(A?$N_ctiS3J)!iY`)ts!F9ODnu96)<93qPUBnzlYuy=Jt+bF8r45!B4r
zWzRGHHPnO9ti}*NAt&~?DFW+%!bE>F$yNTDO)jt4H0gdQ5$f|d&bnVCMMXhNh)~mN
z@_UV6D7MVlsWz+zM+inZZp&P4fj=tm6fX)<V@r2uJW+0vvpHTeeFv#Sgo7s}BAm4K
zjGGF<Q!n^&4xvzX0>SG5H>OsQf_I8c<Dg8clrV~^w3Z*%r!X6dX4x@j9;{JD(8l7}
z(Qgx)wY{>~uGCig$GzuwViK54bcgL;VN|FnyQl>Ed7(@>=8$a_UKIz|V6CeVSd2(P
z0Uu>A8A+muM%HLFJQ9UZ5c)<?oM~-8FHMf~w|t%VP|2Tazr<2Sjx#;msM?}B)jn`T
z*pYak+6)TB+ee7iYW3p=zQkY>BSAv_zH#1f02x?h9C}@pN@6{>UiAp>({Fn(T9Q8B
z^`zB;kJ5b`>%dLm+Ol}ty!3;8f1XDSVX0AUe5P#@I+FQ-`$(a;zNgz)4x5hz$Hfbg
z!Q(z26wHLXko(1`;(BAOg_wShpX0ixfWq3ponndY+u%1gyX)_h=v1zR#V}#q{au6;
z!3K=7fQwnRfg6FXtNQmP>`<;!N137paFS%y?;lb1@BEdbvQHYC{976l`cLqn;b8lp
zIDY>~m{gDj(wfnK!lpW6pli)HyLEiUrNc%eXTil|F2s(AY+LW5hkKb>TQ3|Q4S9rr
zpDs4uK_co6XPsn_z$LeS{K4jFF`2>U`tbgKdyDne`xmR<@6AA+_hPNKCOR-Zqv;xk
zu5!HsBUb^!4uJ7v0RuH-7?l?}b=w5lzzXJ~gZcxRKOovSk@|#V<jQ-(2_xKpDYt{m
zs6<ysaM*D{ARcUnlk4D!8f*k1G{Ip@*-dFQ!bhc3zg>+MuX%Y+=;14i*<yct;~?4+
z8a$HdaeCZdGnM?f>%{)_gSW9(#4%)AV#3__kac1|qUy!uyP{>?U#5wYNq}y$S9pCc
zF<Mndv5MKme1!JVgsoWscJ<knfP)Xe)2}9N1^EiWQ;6~WJPU`LW&2l%<A5V5ht~*^
zy?4tqc_+c^CwHLPg-(Ehm=L2yf~2Mxlz*2rKsp2n_Y-esI>c~4mgSC*G~j0u#qqp9
z${>3HV~@->GqEhr_Xwoxq?Hjn#=s2;i~g^&Hn|aDKpA<n^4$fC$Kuspwq}<LNwu8C
zbf6;H40RGwOB}XjobHn85?fmF9ub`bI+IQM@Py%7F9WcE4R&_4B5<%dGT-3U#$8JL
z+9W_t43rJ$Gf^G?+|wOo&KIwqf2&OR?zMoHUZhcc%t4i);VELMxvn-h%aEuLgl_t^
zn}SzihDXMuweFhp8a#vz8k>>Oc%HlW(KA1?BXqpxB;Ydx)w;2z^MpjJ(Qi(X!$5RC
z*P{~%JGDQqojV>2JbEeCE*OEu!$XJ>bWA9Oa_Hd;y)F%MhBRi*LPcdqR8X`NQ&1L#
z5#9L*@qxrx8n}LfeB^J{%-?SU{FCwiWyHp682F+|pa+CQa3ZLzBqN1{)h4d6+vBbV
zC#NEbQLC;}me3eeYnOG*nXOJZEU$xLZ1<1Y=7r0(-U0P6<g54#mo~h%m97FKEIHpA
zi1;stE`DWrPG;ZcvR%GkPkplBUD5E>-AqwMAM`a(Ed#7vJkn6plb4eI4?2y3y<C7^
zMN|!317AP-8b+h`frBg^oc&CV#@gdFKbOG_+V@md3_}H++3*0>OTGmmDQ!z9`wzbf
z_OY#0@5=bnep;MV<TyaesE-ymV~)h1zKx)bzGTLWVIp8Jc0Xjtfz?g}02XS&L-sgn
zz+J7FV@}%gTsBPancF*aFOCi$QUrJa8Ibmw3#H6HwLunm!~S7uJfJF*x^4TdZ((BQ
z!OA8ez?xzj5&N>0X_;;<l|1-%NB+RStv%4V3*k9dM&8$D*6KHj&I{f#=G0sJycjJ9
zsbnF%tPoJ^)WY9aH4DzA@Up>SJJWEf^E6Bd^tVJ9znWx&Ks8t*<NkWUjNZuHXm?wX
z&k+-16-gZ2l39lpjw5PGa}Nvw$IGx#fYlU<*{);MA3*W3V0a83>B>AM@?;D4oWUGc
z!H*`6d7Cxo6VuyS4Eye&L1ZRhrRmN6Lr`{NL(wDbif|y&z)JN>Fl5#Wi&mMIr5i;x
zBx}3YfF>><oG8>8EC(fYnmpu~)CYHuHCyr5*`ECap%t@y=jD>!_%3iiE|LN$mK9>-
zHdtpy8fGZtkZF?%TW~29JIAfi2jZT8>OA7=h;8T{{k<t+bcx0feOM-&l9hI?Xmy(z
z-fq}pe2pf8j{{(B0xe64n-!77hMklQf7$y)E8W+2Z@Tt{aWpu0WCZ>?c2`nCEx9$r
zS+*&vt~2o^^J+}RDG@+9&M^K*z4p{5#IEVbz`1%`m5c2};aGt=V?~vI<yv(rk2~bL
zj=};pL9GggLHjow%gVWrUmkyePLZ<Qj(q4u0~rKInZFBgS5;8-hpCcg={gcFHnWum
zMonS>M}ZdPECD<VzUqoNT#)>I)47|CWBCfDWUbxBCnmYivQ*0Nu_xb*C>~C9(VjHM
zxe<*D<#dQ8TlpMX2c@M<9$w!RP$hpG4cs%AI){jp*Sj|*`m)5(Bw*A0$*i-(C<so-
zb=dYmBN5sxWooS6f<r|QIT;nm(*5IP;!0gq<>A5#%>a)$+jI2C9r6|(>J8InryENI
z$NohnxDUB;wAYDwrb*!N3noBTKP<UImuz_p@!@WwtKs6Oq=w->pPN}~09SEL18tkG
zxgz(RYU_;DPT{l?Q$+eaZaxnsWCA^ds^0PVRkIM%bOd|G2IEBBiz{&^JtNsODs;5z
zICt_Zj8wo^KT$7Bg4H+y!Df#3mbl%%?|EXe!&(Vmac1DJ*y~3+kRKAD=Ovde4^^%~
zw<9av18HLyrf*_>Slp;^i`Uy~`mvBjZ|?Ad63<fPCD(QY8B|u!l)brK@3#~ULtEdK
zqfCRe>yQa#YK`4+c6;pW4?XIY9G1(Xh9WO8{F-Aju+nS9Vmv=$Ac0ienZ+p9*O%NG
zMZKy5?%Z6TAJTE?o5vEr0r>f>hb#2w2U3DL64*au_@P!J!TL`oH2r*{>ffu6|A7tv
zL4juf$DZ1MW5ZPsG!5)`k8d8c$J$o;%EIL0va9&GzWvkS%ZsGb#S(?{!UFOZ9<$a|
zY|a+5kmD5N&{vRqkgY>aHsBT&`rg|&kezoD)gP0fsNYHsO#TRc_<dLhZf-oCe<uor
zVn+D3J+?dI`OPTIwX%7HL4coV@n&0F`$sgzfV#jy^Nxhx;htyfm`2*%2*E<EEua3X
z>$n6Lf1Z{?+DLziXlHrq4sf(!>O{?Tj;Eh@%)+nRE_2VxbN&&%%caU#JDU%vL3}Cb
zsb4AazPI<wjJ5Xm?P>{>8H&d=jUaZDS$-0^AxE@utGs;-Ez_F(qC9T=UZX=>ok2k2
ziTn{K?y~a5reD2A)P${NoI^>JXn>`IeArow(41c-Wm~)wiryEP(OS{YXWi7;%dG9v
zI?mwu1MxD{yp_rrk!j^cKM)dc4@p4Ezyo%lRN|XyD}}>v=Xoib0gOcdXrQ^*61HNj
z=NP|pd>@yfvr-=m{8$3A8TQGMTE7g=z!%yt`8`Bk-0MMwW~h^++;qyUP!J~ykh1GO
z(FZ59xuFR$(WE;F@UUyE@Sp>`aVNjyj=Ty>_Vo}xf`e7`F;j-IgL5`1<e8<5GZ9t_
zSKJ;j#8L2sA)KLlG+guS4jf40SgEe!dKKK0Hbs4NAYj<w(>~-#70$9_=uBMq!2&1l
zomRgpD58@)YYfvLtPW}{C5B35R;ZVvB<<#)x%srmc_S=A7F@DW8>QOEGwD6suhwCg
z>Pa+YyULhmw%BA*4yjDp|2{!T98~<6Yf<Ht&p|`G9M?uugEk_wVc(bM<s*XMD&4B1
z!i3%8q|snVIZ`!_i1*YyreC8Lohwejbmzog)&}vE7Rz1dcR%OnN}_3vj`{K=-3O~_
zu1c5_k};f^gB06dul({<`Lcpka0Ph<!;#yPQz#pwe?I#d5?HpUA@y)AJdD~*W6*^J
z9IAb}`aqXze3Z5+o@S&yu8d^LhgI0a?q{$=xrJP?yBJszi{*k);E$b`3mcYPuTL=d
zCCNFg0QG16+KKF$c43P(5eJVL61PLUzK~wHo_6%n7f<5cmB2yHn6OgGuGvm#^QB$O
zIXl<)?hk{+{p_;>d(wo1mQ!KWwq0eg+6)o1>W~f~kL<-S+P@$wx*zeI|1t7z#Sxr5
zt6w+;YblPQNplq4Z#T$GLX#j6yldXAqj>4gAnnWtBICUnA&-dtnlh=t0Ho_vEKwV`
z)DlJi#!@nkYV#$!)@>udAU*hF?V`2$Hf=V&6PP_|r#Iv*J$9)pF@X3`k;5})9^o4y
z&)~?EjX5yX1<xGQ%1@{UCW^23>2O(BsFy-l6}nYeuKkiq`u9145&3Ssg^y{5G3Pse
z9w(YVa0)N-fLaBq1`P!_#>SS(8fh_5!f{UrgZ~uEdeMJIz7DzI5!NHHqQtm~#CPij
z?=N|J>nPR6_sL7!f4hD_|KH`vf8(Wpnj-(gPWH+ZvID}%?~68SwhPTC3u1_cB`otq
z)U?6qo!ZLi5b>*KnYHWW=3F!p%h1;h{L&(Q&{qY6)_qxNfbP6E3yYpW!EO+IW3?@J
z);4>g4gnl^8klu7uA>eGF6rIGSynacogr)KUwE_R4E5Xzi*Qir@b-jy55-JPC8c~(
zo!W8y9OGZ&`xmc8;=4-U9=h{vCqfCNzYirONmGbRQlR`WWlgnY+1wCXbMz&NT~9*|
z6@FrzP!LX&{no2!Ln_3|I==_4`@}V?4a;YZKTdw;vT<+K+z=uWbW(&bXEaWJ^W8Td
z-3&1bY^Z*oM<=M}LVt>_<PFYrPfhFhSu%npt;+8<VSwjlcQC8wPbX!R<;Rgr<C++E
zby{kGH;!C6486yrVIwy8>j+p=2Iu7<ee5Yzkv)1V_(^OyjiyljyAy{*({<c49<wJ_
zD`WoEKZ35Gv<M<<pCYpQZ?|m!#mlmG_*_DC0N62ESbuImD+AoD)Lj4`<}R)PJ25MB
zQ(JSFe<_~3nt|(_B)R}zmNZN0*RPG}Ru~x4q$U+I`RU|gs%W~s18LSc)J(SC3~+Y<
zk0lr!;49KA_>pZmbXrhQ_k)ysE9yXKygFNw$5hwDn(M>H+e1&9BM5!|81vd%r%vEm
zqxY3?F@fb6O#5UunwgAHR9jp_W2zZ}NGp2%mTW@(hz7$^<W>+a`A?mb8|_G*GNMJ)
zjqegXQio=i@AINre&%ofexAr95aop5C+0MZ0m-l=MeO8m3epm7U%vZB8+I+C*iNFM
z#T3l`gknX;D$-`2XT^Cg*vrv=RH+P;_dfF++cP?B_msQI4j+lt&rX2)3GaJx%W*Nn
zkML%D{z5tpHH=dk<tahvnnE?`>sQ*gzc|}gzW;lwAbxoR07VNgS*-c3d&8J|;@3t^
zVUz*J*&r7DFRuFVDCJDK8V9NN5hvpgGjwx+5n)qa;YCKe8TKtdnh{I7NU9BCN!0dq
zczrBk8pE{{@vJa9ywR@mq*J=v+PG;?fwqlJVhijG!3VmIKs>9T6r7MJpC)m!Tc#>g
zMtVsU>wbwFJEfwZ{vB|ZlttNe83)$iz`~#8UJ^r)lJ@HA&G#}W&ZH*;k{=TavpjWE
z7hdyLZPf*X%Gm}i`Y{OGeeu^~nB8=`{r#TUrM-`;1cBvEd#d!kPqIgYySYhN-*1;L
z^byj%Yi}Gx)Wnkosi337BKs}+5H5dth1JA{Ir-JKN$7zC)*}hqeoD(WfaUDPT>0`-
z(6sa0AoIqASwF`>hP}^|)a_j2s^P<w)m}Rj^15uY<n!4_%<!d#{vZ=Z_P}@eeW-Ox
z;JQLPzZSHN-l$$DLG%r}N3ZZZvwUxH+BWNXE{dS!hk|G5x)?-llV>Qn*qVC{Q}htR
z5-)duBFXT_V56-+UohKXlq~^6uf!6sA#ttk1o~*QEy_Y-S$gAvq47J9Vtk$5oA$Ct
zYhYJ@8{hsC^98${!#Ho?4y5MCa7iGnfz}b9jE~h%EA<g+BN#3fNo`|_hPZ+|%)bb7
zIn_D<^wYb`{#zL<_<s|myPLHg(|`4wmJ7hi$=pTU+V#^hHu-$b(Luw-PR!Bav-v(-
z@?W|xOvONHUKm|~3~s1|_Dl38>Av~Qxu)_rAV;^cygV~5r_~?l=B`zObj7S=H=~$W
z<UmLzInv1Ql%M`_G9-u94*9n+0oO@^hhKgl*ZXu|6{=bN1o_txgnax72@;~Z7?^Oq
z7?^&}>PtI_m%g$`kL_fVUk9J<CtwAz7a!$Q&-Jh3I_W5n|1(dhB)p#U+Wl>@>EiBH
zOO&jtn~&`hIFMS5S`g8w94R4H40mdNUH4W@@XQk1sr17b{@y|JB*G9z1|CrQjd+GX
z6+KyURG3;!*BQrentw{B2R&@2&`2}n(z-2&X7#r!{yg@<!&3xwQWd$^>Soy}cRD~j
zj<Og|6*w}HqZTw8{Il!Ft=<O5!dlKfOz|j$Z^w5&_=~)z5Z-}bt_7jqebZL&Vjmk}
z(RA*=wrL0UL*<vcZEZprIhH<3JJLr)CAtGH+&D8sC~U9fHYR9L!BM()S6a1mtsI!E
z--M=*g<DRnwm1hG$L!!=946pI4AzFaqTKQdn(cd9nxm|_%Tp(UbUJVdmn&m&OV5sT
zjBA&CZ;!B-hP7XTLul+iNP4Dg{KGjcnsK_H51vQ)!>9@UBW+N|4HW4AWapy4wfUI-
zZ`gSL6DUlgj*f1hSOGXG0IVH8HxK?o2|3HZ;KW{K+yPAlxtb)NV_2AwJm|E)FRs&&
z=c^e7bvUsztY|+f^k7NXs$o1EUq>cR7C0$UKi6IooHWlK_#?IWDkvywnzg&ThWo^?
z2O_N{5X39#?eV9l)xI(>@!vSB{DLt*oY!K1R8}_?<kMv(YfJ|7amweKbCcwmp-oP{
zR^MH3r^g&R=wr#qxEEp(KK<zYcr_;1=X$Imnu<Z`RiZwY8*iRY{cWxHh1c@XJZ&pv
zV{U_Z%$qRKL70X;eBqb*t1O=8k$SB(oK)NPT~SfHMOv=9#+69sQt>%+0^C{d9a%N4
zoxHVT1&Lm<qomrTXsCPGIz?rb+qQLuzE?D*s2JcateF>|uDX%$QrBun5e-F`HJ^T$
zmzv)p@4ZHd_w9!%Hf9UYNvGCw2TTTbrj9pl+T9<ayV5<}<wvT;Sn~c<QFT@1O08w<
zkEzBm=w)jYybjnZrhSE(k<3uFR)#=txys^{+XA;N)s*?BH^)|A82SR=)(_iGhC7T3
z6;In+x<8Dm5KW<GS7?86#S~&}Tl{Cy3IDd}BL8#I#Xpxf?HmDS<l^QQ0CzjL|Nnnw
z7e`AMb5~dSPx>%-_-}L(tES>Or-}Z4F*{##n3~L~TuxjirGuIY#H7{%$E${?p{Q01
zi6T`n;rbK1yIB9jmQNycD~yZq&mbIsFWHo|ZAChSFPQa<(%d8mGw<NE-PqxpYmaZY
z>*V3fh|yFoxOOiWJd(qvVb!Z$b88cg->N=qO*4<Ju1L$F55Eg|&pd*ih%*g;pO{D%
z0by!&Tpi~?D_*9Y{Y99`;u%i~<7J9|%7CE#RGy9%il*j9uH#6qR8ZZ3+-)Oz_wKW(
z^pYp_3KlClW0cl`;)I55^HEmIrxSK3i7Y3l?;+5qj8LrRLEa*uvXRuegx26kvwYL_
zb#;U>k~6;R==|9ihg&riu#P~s4Oap9O7f%crSr^rljeIfXDEg>wi)&v*a%7zpz<9w
z*r!3q9J|390x`Zk;g$&OeN&ctp)VKRpDSV@kU2Q>jtok($Y-*x8_$2piTxun81@vt
z!Vj?COa0fg2RPXMSIo26T=~0d`{oGP*eV+$!0I<(4azk&Vj3SiG=Q!6mX0p$z7I};
z9BJUFgT-K9MQQ-0@Z=^7R<{bn2Fm48endsSs`V7_@%8?Bxkqv>BDoVcj?K#dV#uUP
zL1ND~?D-|VGKe3Rw_7-Idpht>H6XRLh*U7epS6byiGvJpr%d}XwfusjH9g;Z98H`x
zyde%%5mhGOiL4wljCaWCk-&uE4_OOccb9c!ZaWt4B(wYl!?vyzl%7n~QepN&eFUrw
zFIOl9c({``6~QD+43*_tzP{f2x41h(?b43^y6=iwyB)2os5hBE!@YUS5?N_tXd=h(
z)WE286Fbd>R4M^P{!G)f;h<3<yF&*^O7$OuoRrI)h{eq;PvnVS@*1~LuT)USkQaNv
zOM$`oAtUE4j7%H>Q>Fipuy+d2q-)!RyTgt;wr$(?9ox3;q+{E*ZQHhOn;lM`cjnu9
zXa48ks-v(~b*;MAI<>YZH(^NV8vjb34be<!O&B^}ixjt}bVWn%lGLAylA+d{-I3Ov
zYGthSdKw$ke{f2yKKz!}A?+JRYrVrnNgphJxf8a2-SUbcd-<f$tEQ|wN=!zhIVy6o
z{e*aA58OB1vmh4GpWd_ASE)%_0rN^UY7rBTo&!Y1@Ctrd$H;scFhnl=M`1%EsufNC
z-OLaEwV5;h{|wOY5$Wp2@8oFu?G`jM&~vo;?-m}Z`0Z8WNBRVdp)MQ|2K`3!%98{%
zdNe?VYC=$}mLx4b>E<_cwKlJoR;k6lJNSP6v}uiyRD?|0w+X@o1ONrH8a$fCxXpf?
z?$DL0)7|X}Oc%h^zrMKWc-NS9I0Utu@>*j}b@tJ=ixQSJ={4@854wzW@E>VSL+Y{i
z#0b=WpbCZS>kUCO_iQz)LoE>P5LIG-hv9E+oG}DtlIDF>$tJ1aw9^LuhLEHt?BCj&
z(O4I8v1s#HUi5A>nIS-JK{v!7dJx<eVzUtPaTI7fl_Lc9Q7H|gBw|{WKmed^JnGV(
zu>)^Yg%XjNmlkWAq2*cv#tHgz`Y(bETc6CuO1VkN^L-L3j_x<4NqYb5rzrLC-7uOv
z!5e`GZt%B782C5-fGnn*GhDF$%(qP<74Z}3xx+{$4cYKy2ik<NlkqF%3WflOIsu<r
zJ1Ia^)U`#vAWMh>xI7B2N+2r07DN;|-T->nU&!=Cm#rZt%O_5c&1Z%nlWq3TKAW0w
zQqemZw_ue--2uKQsx+niCUou?HjD`xhEjjQd3%rrBi82crq*~#uA4+>vR<_S{~5ce
z-2<NdSzF&R56UcB$b`5iPf1tk$#inbE+bN7x7fQ!g0(-tUeP$5mD|<oEEQs$_4x-D
zh0c}WhYdr7ofXz6ohh@zpmk*n(FlBp!zEgxx$uEo2H<WsrEGtxER628jLj$t%l9)Q
zpgsl-$*Z~WylJ9&D{WG%{31lN8lbCEKy<E~v-RJ-A&Im)1f}cclb5D<{1Q#Vu%0dO
zWKBG_7m(=clSMuCN`u^GxdNe&YF`-TUb|;%bmJ`YPw4~vsx(y)NXfrJ;zl=TdJvdM
zgjB=Fy{n+66I+(Z4-Ri^DAN$}Va@@|i(LY(Ta%N-!9$yT@Di8@Q|ICHs-$>EIl?~s
z1=<moH2Vo(ywx9NJa$4J-?u#55cOFdV)B}0g(o*O*fidd5c?ici{Ux!YWxH)lJBu&
zebpoNCFHe!@Sp-PDw*l@?whO<W~J*cdfDfxv>GVL{NxP1N3%=AOaC}j_Fv=ur&THz
zyO!d9kHq|c73kpq`$+t+8Bw7MgeR5~`d7ChYyGCBWSteTB>8WAU(NPYt2Dk`@#+}=
zI4SvLlyk#pBgV<A2?oY=e+fBwTE4;jq%tyXWMQiSYYYO}#)dHPJlDLuJulo6SGjK1
z`gH3!=BMJnht1ob+aBAuUFTlcx2QPoAUzlvdTgFMd@}Q&V?T*GzNthb2P4Otx?F}b
zQU!B?T171=l1DVswq8U{dUopH<i_9aHNW4O!%Ue4mI5N4Rk3KVw;&F(OhCj^%kuG+
z8MtBDbnF(k2oZuHMNq<)Iaf2h9OF2sY%r9g4<_CbzLUIxWdSMTHg+tXTNiq(CW|G{
zGd*nwn$nSQ3yn2F)sHm_LxN&3a)|o1Bxxow1q4-amB&cP3_zydal7X0#bqu|rbi}z
za?8dV(p~@OkF-Z^V2VNz4r_~<b6L?KbFZxteo)3x8MUXZIB5k|m&5ONIJ2mEmpJ8+
zS^3scTkT>igEe`?NG*vl7V6m+<}%FwPV=~PvvA)=#ths==DRTDEYh4V5}Cf$z@#;<
zyWfLY_5sP$gc3LLl2x+Ii)#b2nhNXJ{R~vk`s5U7Nyu^3yFg&D%Txwj6QezMX`V(x
z=C`{76*mNb!qHHs)#GgGZ_7|vkt9izl_&PBrsu@}L`X{95-2jf99K)0=*N)VxBX2q
z((vkpP2RneSIiIUEnGb?VqbMb=Zia+rF~+iqslydE34cSLJ&BJW^3knX@M;t*b=EA
zNvGzv41Ld_T+WT#XjDB840vovUU^FtN_)G}7v)1lPetgpEK9YS^OWFkPoE{ovj^=@
zO9N$S=G$1ecndT_=5ehth2Lmd1II-PuT~C9`XVePw$y8J#dpZ?Tss<6wtVglm(Ok7
z3?^oi@pPio6l&!z8JY(pJvG=*pI?GIOu}e<i-gr8K;Jwm`jb9}cg?7%k?$ozkvP<q
z^_0<VPv%dHn>^EB6QYk$#FJQ%^AIK$I4epJ+9t?KjqA+bkj&PQ*|vLttme+`9G=L%
ziadyMw_7-M)hS(3E$QGNCu|o23|%O+VN7;Qggp?PB3K-iSeBa2b}V4_wY`G1Jsfz4
z9|SdB^;|I8E8gWqHKx!vj_@SMY^hLEIb<lAtPrMWpQ?Gx@0V+>SMCuE?WKq=c2mJK
z8LoG-pnY!uhqFv&L?yEuxo{dpMTsmCn)95xanqBrNPTgXP((H$9N${Ow~Is-FBg%h
z53;|Y5$MUN)9W2HBe2TD`ct^LHI<(xWrw}$qSoei?}s)&w$;&!14w6B6>Yr6Y8b)S
z0r71`WmAvJJ`1h&poLftLU<!Z5k{sKI&`B$86NJr<vepFmH?(W7PH*&i|mr?Ft$yK
zlQ2hYqAhr7MyE%yewrikAeSqlmaqf6`n)*-iF$8(XN#mJ2C<)bI6Vjy(bW4=>S6Ir
zC$bG9!Im_4Zjse)<TV^7Y-skQbZaPLqlJGP?6u?Ar53a`=TEMdV9Pz$A~Oa(Rc*59
zlP6c&tH(X*j_BPct#psJ_4ej*FB0-ZmxrgT1go#{dSJYBN5b(ilJd0C{DrQAlZa_y
z_`$lr_=xcxo6aRz`CVouz-G0iMAr=_WWB~^j&$tY`E*!!JHXJsUn?rao*@+eB&qDA
zW99F#`#iK!JA{ggeYTsjHg%UzJKlG}4g|0~H1^LtyCeCE^d_K<#AGK3JmN+YTaC5S
z91&>#K=oJM9mHW1{%l8sz$1o?ltdKlLTxWWPB>Vk22czVt|1%^wn<WkC7-mZ1~!CF
z*?s-mfPHuh>N@*!l)}?EgtvhC>vlHm^t+ogpgHI1_$1ox9e;>0!+b(tBrmXR<YSIe
z+ujWarO6U*;i)~AxpZt4t`{u9*(+s;XcKm*(c~N9u#mFIlYU2WORAXM_UYQcUg$Ee
zx5S=-_TAMk8a1Q-)f_5{=PkrVgJA;Ro116-3NLM9UpBJ!h?qkH2BSize2e<I)M16H
z`{Y|kfSkRI?YvZ4;f|#JKgvo95q7X$@!Rjljd&2-g(yOk)xl#i>B`PY1vp-R**8N7
zGP|QqI$m(Rdu#=(?!(N<WmSu~%G3p+kgCkb(yT{~ITG_cvZ}c9BIo-Bx{A8PA+JSS
zM`u{@ucuz=u?fnE^32?!>}G9QhQ%o!aXE=aN{&wtGP8|_qh+7a_j_sU5|J^)vxq;#
zjvzLn%_QPHZZIWu1&mRAj;Sa_97p_lLq_{~j!M9N^1yp3U_SxRqK&JnR%6VI#^E12
z>CdOVI^_9aPK2eZ4h&^{pQs}xsijXgFYRIxJ~N7&BB9jUR1fm!(xl)mvy|3e6-B3j
zJn#ajL;bFTYJ2+Q)tDjx=3IklO@Q+FFM}6UJr6km7hj7th9n_&JR7fnqC!hTZoM~T
zBeaVFp%)0cbPhejX<8pf5HyRUj2>aXnXBqDJe73~J%P(2C?-RT{c<cL>3NjE`)om!
zl$uewSgWkE66$Kb34+QZZvRn`fob~Cl9=cRk@Es}KQm=?E~CE%spXaMO6YmrMl%9Q
zl<Oi>A3Q$3|L1QJ4?->UjT&<QWaf5;5SDgEG|O+++eQ`L7IecmPP{~vvxpw+mh_w?
z)_nm*UV;|XpG)3akT+?)#!p)ksH$g>CBd!~ru<az8{#I2>{Ih^in&JXO=|<6J!&qp
zRe*OZ*cj5bHYlz!!~iEKcuE|;U4vN1rk$xq6>bUWD*u(V@8sG^7>kVuo(QL@Ki;yL
zWC!FT(q{E8#on>%1iAS0HMZDJg{Z{^!De(vSIq&;1$+b)oRMwA3nc3mdTSG#3uYO_
z>+x;7p4I;uHz?ZB>dA-BKl+t-3IB!jBRgdvAbW!aJ(Q{aT>+iz?91`C-xbe)IBoND
z9_Xth{6?(y3rddwY$GD65IT#f3<(0o#`di{sh2gm{dw*#-Vnc3r=4==&PU^hCv$qd
zjw;<UDv>>i&?L*Wq#TxG$mFIUf>eK+170KG;~+o&1;Tom9}}mKo23KwdEM6UonXgc
z!6N(@k8q@HPw{O8O!lAyi{rZv|DpgfU{py+j(X_cwpKqcalcqKIr0kM^%Br3SdeD>
zHSKV94Yxw;pjzDHo!Q?8^0bb%L|wC;4U^9I#pd5O&eexX<SpYMUi;NrGyaua!-+-%
z(b6a1gZ;D+I4*J4ZzM0c^5vOx!1kF+S*rg^EpYq4Q$8Zv`)iCLe*9oY_%}BDzxap$
zLASmGRxF(y%$&cS<d#PK1_s~QhLoPQp2`0OZ5YXZBV6=I+(qKW;)rW-X|QN4Rtu+O
zUSe{k6uD&;e7|DG*7jRd*&ewJO@NTU@h#Yzt1=3xB&wH^G8Ykks+&HQ<6Vd9>+Im{
z?jKnCcsE|H?{uGMqVie_C~w7GX)kYGWAg%-?8|N_1#W-|4F)3YTDC+QSq1s!DnO<W
zN9@pSmktp>ML3@d`mG%o2YbYd#jww|jD$gotpa)kntakp#K;+yo-_ZF9qrNZw<%#C
zuPE@#3RocLgPyiBZ+R_-FJ_$xP!RzWm|aN)S+{$LY9vvN+IW~Kf3TsEIvP+B9Mtm!
zpfNNxObWQpLoaO&cJh5>%sl<u+Ou}Gr38*?+PIrbJtKK2C4@@i^3b)w#L5cfzsc$p
zGS#mh6Pugtp<?+N{dA+4Q%bSY%c7pXA|R9VW%COsIn2Bo=M^XtO8d8nsr~aAmv2eX
zu1Bz3botI2)|TFV6HCJkzYB4<>ZnHl_Q~(-Tfh!DMz(dTWld@LG1VRF`9`DYKhyNv
z2pU|UZ$#_yUx_B_|MxUq^glT}O5Xt(Vm4Mr02><%C)@v;vPb@pT$*yzJ4aPc_FZ3z
z3}PLoMBIM>q_9U2rl^sGhk1VUJ89=*?7|v`{!Z{6bqFMq<nxEmclgCD+90@&@li(W
z@s`8&MDulaH_%E?T~GV|zVm+MR`OB^kjC~xrEgb}MlNn^7GQ&p?tO;j2-%IuU~fD(
z0>(mYiA?%KbsI~JwuqVA9$H5vDE+VocjX+G^%bieqx->s;XWlKcuv(s%y%D5Xbc9+
zc(_2nYS1&^yL*ey664&4`IoOeDIig}y-E~_GS?m;D!xv5-xwz+G`5l6V+}CpeJDi^
z%4ed$qowm88=iYG+(`ld5Uh&>Dgs4uPHSJ^TngXP_V6fPyl~>2bhi20QB%lSd#yYn
zO05?KT1z@?^-bqO8Cg`;ft>ilejsw<PFMVi?0Z@%ZV7rUN23RZ3KB-HQ4YJB9u)4=
za)vbs@fTDRfs8YOO9lTq9t(nMd5S}gTT;muT}2|Lp9^&=2z~`<$j8jb{Rm0Lj+(J;
zBs1-Ce%8FDmkdHi5cJ6Wi^?0Snek8_6eCPHqaWM%UBUa}9l;;Shpu<^ueJT0tU&6s
zM}#unAgS&xl(DwgfMw$=1QcnDcIW6g!~<;08&1lIeTOvuGw?sf1Lf^Kz4~1^b^i*7
zQv6%-{2%J%9~}I@Dko75!V~i_(Z_~qE@Eg*k5ZaIz;BO8D2h5gAVv@$PDearM7jpi
z&t7+EZUrTlNkkN39;K<FA&>@2%RR7;`$Vs;FmO(Yr3Fp`pHGr@P2hC%QcA|X&N2Dn
zYf`MqXdHi%cGR@%y7Rg7?d3?an){s$zA{!H;Ie5exE#c~@NhQUFG8V=SQh%UxUeiV
zd7#UcYqD=lk-}sEwlpu&H^T_V0{#G?<Ioj?HL)KBNR`OQ7)HFN^?vHg<3bOCMy{-_
zoJlS{0I_uDhHNKG64k_@&-j<$nist8llO}aD}1PO>lZMxL7ih_&{(g)MWBnCZxtXg
znr#}>U^6!jA%e}@Gj49LWG@*&<lmaA<6<$*MXpyYdp&6c<H(Q`F-~?W^X9RVJSh6?
zS8Z8DnkwU?#%B!h%)j^e-VAuVDAU!JK1md@BbHM`aL3Du8QeW#u5Ow!LJ{cJE;g7g
zfS6lhpcAG^4%Z7tD(JDejR@8=mF27gB&U9t&uA8@v6X<1)e#$W_^iPrw&Q6FYe!O;
z;mr4?<{+g_EB>t0V>Cxc3?oO7LSG%~)Y5}f7vqUUnQ;STjdDU}P9IF9d9<$;=QaXc
zL1^X7>fa^jHBu_}9}J~#-oz3Oq^JmGR#?GO7b9a(=R@fw@}Q{{@`Wy1vIQ#Bw?>@X
z-_RGG@wt|%u`XUc%W{J<m*s=4j2#hKvp}Xrwm)9{h;W6E2ZrwT0V)(gGD?GnU0RwM
z#HcK41SrivBddca)fHXF?z{gCQT_P@wx-H|POi8hsVAB%nToV4iMN+KZh1=!UMaa>
z>iSeiz8C3H7@St3mOr_mU+&bL#Uif;+Xw-aZdNYUpdf>Rvu0i0t6k*}vwU`XNO2he
z%miH|1tQ8~ZK!zmL&wa3E;l?!!XzgV#%PMVU!0xrDsNNZUWKlbi<KaWZPRa*yQzPD
z?-!`siNqS2^Ar7FQc!m$_+UxWcy|gEk+B~FLt>OjzH-1Uoxm8E#r`#2Sz;-o&qcqB
zC-O_R{QGuynW14@)7&@yw1U}uP(1cov)t<bZtw#(M)(XiJYfL8BvaF25ezUn8smY%
zIL-I&o$OIFs>wxeLus0s|7ayrtT8c#`&2~Fiu2=R;1_4bCaD=*E@cYI>7YSnt)nQc
zohw5CsK%m?8Ack)qNx`W0_v$5S}nO|(V|RZKBD+btO?JXe|~^Qqur%@eO~<8-L^9d
z=GA3-V14ng9L29~XJ>a5k~xT2152zLhM*@zlp2P5Eu}bywkcqR;ISbas&#T#;HZSf
z2m69qTV(V@EkY(<qXx5YNic%z2;It?O+T%icQRw=w~P}(cE?O$<=1P^LjThO*$J$+
z*<@biHe!q%g+LQ{F#~S5QTZUfOZ3GP3D<=D3j0f!9E7HkjxKc_g)z1!o;_rP|9bAk
z`BjEQCx<KIvi^GM1jRkNM0nRs6P0hPcy|5t18}ZQi<ZQS>1Dk3`}j)JMo%ZVJ*5eB
zYOjIisi+igK0#yW*gBGj?@I{~mUOvRFQR^pJbEbzFxTubnrw(Muk%}jI+vXmJ;{Q6
zrSobKD>T%}jV4Ub?L1+MGOD~0Ir%-`iTnWZN^~YPrcP5y3VMAzQ+&en^VzKEb$K!Q
z<7Dbg&DNXuow*eD5yMr+#08nF!;%4vGrJI++5HdCFcGLfMW!KS*Oi@=7hFwDG!h2<
zPunUEAF+HncQkbfFj&pbzp|MU*~60Z(|Ik%Tn{BXMN!hZOosNIseT?R;A`W?=d?5X
zK(FB=9mZusYahp|K-wyb={rOpdn=@;4YI2W0E<s2&%i8x7RnmR_dIeK2wKPtVA?`W
z&(y5N6Uhf;St!k{QtA^2hklC0F0jNQ1^WG!Djrw#gypMTn;8cIm2IT14W4+8Zfd?P
z(RlNsG)S|I($<XQ_wo(zU~QxgZ&c8}J!LwJ+gC5c>cbMKyo~-#^?h`BA9~o285%oY
zfifCh5Lk$SY@|2A@a!T2V+{^!psQkx4?x0HSV`(w9{l75QxMk!)U52Lbhn{8ol?S)
zCKo*7<MT2Z&#yn*rVnwZQkr>R(z!uk<6*qO=wh!Pul{(qq6g6xW;X68GI_CXp`XwO
zxuSgPRAtM8K7}5E#-GM!*ydOOG_{A{)hkCII<|2=ma*71ci_-}VPARm3crFQjLYV!
z9zbz82$|l01mv`$WahE2$<xD1<`ujC!7ijORpLN)M&U@lEiyOfPgz+#&<j+G)Ve@{
z49uhDM!il+f+1Ohddi`=p(=u!h7sLm7yGqK4%#ZKd%YvUI(=BCzpn|IbHf!`E?jjq
zNkN-}Pa3AG2My;G@zYOnXl4g(LduE~%FKPJPA6{M4Z@(IC6iu#g0fgCkY2yVR!o7w
zSAe0_FH9n8VszXsaA+KDe(<8VA=dXe;@Mvzyql~A=eKPoX4qg$E{b4p|B|j96u7YW
zNCPo=y&#Ttz?U7fK~W6j?Kuo=wXeV4?w*;OO9xZst|SP^Q4kbKqBIl8hkGC7OOt_I
zzHTK9Aly><gDl|FkR~>=fAGWkd^X2kY(J7<hlY%A5J0#uldARym;T+|d;|>iz}WGS
z@%MyBEO=A?HB9=^?nX`@nh;7;la<vP=GJ_DWqB#{#!`KAdu6%FTU8VbENgD#KJ^CI
z);B^q)Y@yF(YlyL5A}rZXOX1<`Dd>Ajs+fbo!|K^mE!tOB>$2a_O0y-*uaIn8k^6Y
zSbuv;5~##*4Y~+y7Z5O*3w<R;J{o5i>4qgI5V^17u*ZeupVGH^nM&$qmAk|anf*>r
zWc5CV;-JY-Z@Uq1Irpb^O`L_7AGiqd*YpGUShb==os$uN3yYvb`wm6d=?T*it&pDk
zo`vhw)RZX|91^^Wa_ti2zBFyWy4cJu#g)_S6~jT}CC{DJ_kKpT`$oAL%b^!2M;JgT
zM3ZNbUB?}kP(*YYvXDIH8^7LUxz5oE%kMhF!rnPqv!GiY0o}NR$OD=ITDo9r<LYGN
z?2+*it!7d=84FF3EQ!5V&5166oc{Z1O8<?lF+=(kiua&7_M#TrD_|it=_mE6Cz1eX
zwfacTRHwa2jO`w@vfr7ByY*=K7se2@f$`RJFOlykOa!$prgR<-&f{zzV_tCE6E=v(
zZk!PdC3n<fkSRL#m(DteyDn?OK=a6ita@qk4DQ*rtk@>%4E>E0Y^R(rS^~XjWyVI6
zMOR5rPXhTp*G*M&X#NTL`Hu*R+u*QNoiOKg4CtNPrjgH>c?H<b@rgzW2`xq%+zxdV
zGQjVif3BBaXojc?{FLuym0L2fO1Nh(c42RW12b^>i4MUG#I917fx**+<zC5r06AVA
zs!KCNuuLq&Z|e$b{bN7-`NGtKU0>pJfOo!z<a0Lrf~l|OU$j3PPNH#8yRT5C5cWK;
z4Ck57(G?59g@;(s9m49`EtaF2lDH|dGl0xCg>FM&*da&G_x)L(`k&TPI*t3e^{crd
zX<4I$5nBQ8Ax_lmNRa~E*zS-R0sxkz`|>7q_?*e%7bxqNm3_eRG#1ae3gtV9!fQpY
z+!^a38o4ZGy9!J5sylDxZTx$JmG!wg7;>&5H1)>f4dXj;B+@6tMlL=)cLl={jLMxY
zbbf1ax3S4>bwB9-$;SN2?+GULu;UA-35;VY*^9Blx)Jwyb$=U!D>HhB&=jSsd^6yw
zL)?a|>GxU!W}ocTC(?-%z3!IUhw^uzc`Vz_g>-tv)(XA#JK^)ZnC|l1`@CdX1@|!|
z_9gQ)7uOf?cR@KDp97*>6X|;t@Y`k_N@)aH7gY27)COv^P3ya9I{4z~vUjLR9~z1Z
z5=G{mVtKH*&$*t0@}-i_v|3B$AHHYale7>E+jP`ClqG%L{u;*ff_h@)al?RuL7tOO
z->;I}>%WI{;vbLP3VIQ^iA$4wl6@0sDj|~112Y4OFjMs`13!$JGkp%b&E8QzJw_L5
zOnw9joc0^;O%OpF$Qp)W1HI!$4BaXX84`%@#^dk^hFp^pQ@rx4g(8Xjy#!X%<A@Ix
z5U>+X5Jd@fs3amGT`}mhq#L97R>OwT5-m|h#yT_-v@(k$q7P*9X~T*3)LTdzP!*B}
z+SldbVWrrwQo9wX*%FyK+sRXTa@O?WM^FGWOE?S`R(0P{<6p#f?0NJvnBia?k^fX2
zNQs7K-?EijgHJY}&zsr;qJ<*PCZUd*x|dD=IQPUK_nn)@X4KWtqoJNHkT?ZWL_hF?
zS8lp2(q>;RXR|F;1O}EE#}gCrY~#n^O`_I&?&z5~7N;zL0)3Tup`%)oHMK-^r$NT%
zbFg|o?b9w(q@)6w5V%si<$!U<#}s#x@0<ZXLbXYKvlKR0q_0uaLFS0K_yZx{oRI6O
zi*Yz=QW(i&SHEhi(35LX5YAi{vy`;KnIJ$O_Y#C4gG~=hcxXw*NH*okugRb;j#&_y
z)}Rg9+nz^&!aY|=fJZ?L&1;1?%7EYHgT5ryT&e6MH~EPzrS<7r*22}w^{P@eQei1e
zd>aX-hP>zwS#9*75VXA4K*%gUc>+yzupTDBOKH8WR4V0pM(HrfbQ&eJ79>HdCvE=F
z|J>s;;iDLB^3(9}?biKbxf1$lI!*Z%*0&8UUq}wMyPs_hclyQQi4;NUY+x2qy|0J;
zhn8;5)4ED1oHwg+VZF|80<4MrL97tGGXc5Sw$wAI#|2*cvQ=jB5+{AjMiDHmhUC*a
zlmiZ`LAuAn_}hftXh;`Kq0zblDk8?O-`tnilIh|;3lZp@F_osJUV9`*R29M?7H{Fy
z`nfVEIDIWXmU&YW;NjU8)EJpXhxe5t+scf|VXM!^bBlwNh)~7|3?fWwo_~ZFk(22%
zTMesYw+LNx3J-_|DM~`v<!_@4wF#cHZ_E9}9+lbenMh?8-P99`3uA4wl$95cN^e{4
z^f$@0?%=HSAz>93yXe=jPD{q;li<xOVXMn1yKMTqv6XhqrnsCUXSTSsjJ{x^XFo@J
z{WA$2#dyTq?%~VAg|L)nty{-VrW88Lu82|x7td?b;LG2_DA_BpkSSx!@P8<G?h<XX
zNw7xGt`p+BMOcS|$jn%|wK)WAaS99%p8&_kFrLJVp7_Jg4yOpvWS`>;5PD?Dyk+b?
zo21|XpT@)$BM$%F=P9J19Vi&1#{jM3!^Y&fr&_`toi`XB1!n>sbL%U9I5<7!@?t)~
z;&H%z>bAaQ4f$wIzkjH70;<8tp<T&Yl>UoxzKrPhn#IQfS%9l5=Iu))^XC<58D!-O
z{B+o5R^Z21H0T9JQ5gNJnqh#qH^na|z92=hONIM~@_i<m8HDcej!764)8GxDF)RMg
z!DFoaWC9)+nME7X6Bjpkb{QXd4;jG|u8$8kw{X8T%Z{fASla5Kj43Dc#xwsm?e^ow
zcpj5R3LQeCN@Z#}!7^cGYJ3aEd-Gp-Jj@_K{U*}A((dH-)nN*GjCV>uOi|F>jBh<M
zWxy1uqU)B}MVkHZ;j2o<4&9z0o{ro;0~$*^2bQ$8Q;vmWoz6BD$xqze?6Q)tzTZs7
zG{RspTbUAmB!P|sU1Q@1do~tC7@>-?aA20}Qx~EpDGElELNn~|7WRXRFnw+Wdo`|#
zBpU=Cz3z%cUJ0mx_1($X<40XEIYz(`noWeO+x#yb_pwj6)R(__%@_Cf>txOQ74wSJ
z0#F3(zWWaR-jMEY$7C*3HJrohc79>MCUu26mfYN)f4M~4gD`}EX4e}A!U}QV8!S47
z6y-U-%+h`1n`*pQuKE%Av0@)+wBZr9mH}@vH@i{v(m-6QK7Ncf17x_D=)32`FOjjo
zg|^VPf5c6-!FxN{25dvVh#f<C2j|FW^wcEVOx|0?I*o1i)tbC%E;daCUUqnT*va?<
z#^@&RTCo<xj8b($3`PD<adop6xc~jgfA19=fzjFXxO)$!??RO(s_s88E>og=NNpXz
zfB$o+0jbRkHH{!TKhE709f+jI^$3#v1Nmf80w`@7-5$1Iv_`)W^px8P-({xwb;D0y
z7LKDAHgX<84?l!I*Dvi2#D@oAE^J|g$3!)x1Ua;_;<@#l1fD}lqU2_tS^6Ht$1Wl}
zBESo7o^)9-Tjuz$8YQSGhfs{BQV6zW7dA?0b(Dbt=UnQs&4zHfe_sj{RJ4uS-vQpC
zX;Bbsuju4%!o8?&m4UZU@~Z<l{fpuI7gBNBuLonV&UnEv8Mm+}6y;;iZ7)_U-2H6P
zik(*@ZnhVtEFTNE*=&MLnOTGYcGC{O?!<?O$^7><Ix|i$iDSBHQSY+=yJ@Z(hm=j8
zLng0c8d`c!aP=6?o|-71!|y*rlW^s|L>ZjeFF6ex2ss5_60_JS_|iNc+R0GIjH1@Z
z=rLT9%B|WWgOrR7IiIwr2=T;Ne?30M!@{%Qf8o`!>=s<2CBpCK_TWc(DX51>e^xh8
z&@$^b6CgOd7KXQV&Y4%}_#uN*mbanXq(2=Nj`L7H7*k(6F8s6{FOw@(DzU`4-*77{
zF+dxpv}%mFpYK?>N_2*#Y?oB*qEKB}VoQ@bzm>ptmVS_EC(#}Lxxx730trt0G)#$b
zE=wVvtqOct1%*9}U{q<)2?{+0TzZzP0jgf9*)arV)*e!f`|jgT{7_9iS@e)recI#z
zbzolURQ+TOzE!ymqvBY7+5NnAbWxvMLsLTwEbFqW=CPyCsmJ}P1^V30|D5E|p3BC5
z)3|qgw@ra7aXb-wsa|l^in~1_<?%wr8cBwUUhaLFkF#>fm{7bS9jhVRkYVO#U{qMp
z)Wce+|DJ}4<2gp8r0_xfZpMo#{Hl2MfjLcZdRB9(B(A(f;+4s*FxV{1F|4d`*sRNd
zp4#@sEY|?^FIJ;tmH{@keZ$P(sLh5IdOk@k^0uB^<vY$Teo5@@0*v8p)6|Qc!#V-V
z19rz;O<~HzAD{>BWr@pk6mHy$qf&~rI>P*a;h0C{%oA*i!VjWn&D~O#MxN&f@1Po#
zKN+<Mx&_V;mQ6by$gOOv@*=130y8ws;u!(S9My%BQ_xyRTms3Q+kzSy&vNnQacNo>
zrGrkSjcr?^R#nGl<#Q722^wbYcgW@{+6CBS<1@%dPA8HC!~a`jTz<`g_l5N1M<n^b
zu`mSxZ+unU+QCuJ((?b36-TN-d1@FTfBA^ddw8UCuT`zjb=Fz?S6Qufs*9jSR|1nK
zFf2vJS;<?+uRmFfTer5Vv1$_#5QG8wt@)CbC^|w;&`=|x<yh14$tmJUYy0g0%PA`M
zOgeNCX{{Nxe0ra@9=~<n^L&fj)_rb#gMU)NmxDTM+6}H9CM!Fi?NW<y$)i_5yC^Lw
z2UV(8qc395hk@%W59BzlhhVt(<xJvm!~c3l+ocXQq>@9wn9GOAZ>nqNgq!yOCb<ux
z3a7GGof9{?JXCwFGGvl~3dP~BNs%SovKoTvXW8FuXj`m7Bnn?jUZ$?pzzIRqprlp7
z2WeoTGz*SooG8Jko3Cp>Z@1z`U_N`Z>}+1HIZxk*5RDc&rd5{3qjRh8QmT$VyS;jK
z;AF+r6XnnCp=wQYoG|rT2@8&IvKq*IB_WvS%nt%e{MCFm`&W*#LX<V7)65J}gDBN(
zk<mMjk3Ksz1;V7!3@X8he*FSaSG=@7E0@=@yHKsO4iF;tj3{tU-4xewSJc&$#1UMZ
zuOWXXn?>c|HrD?nVBo=(8*=Aq?u$sDA_sC_RPDUiQ+wnIJET8vx$&fxkW~kP9qXKt
zozR)@xGC!P)CTkjeWvXW5&@2?)qt)jiYWWBU?AUtzAN}{JE1I)dfz~7$;}~BmQF`k
zpn11qmObXwRB8&rnEG*#4Xax3XBkKlw(;tb?Np^i+H8m(Wyz9k{~ogba@laiEk;2!
zV*QV^6g6(QG%vX5Um#^sT&_e`B1pBW5yVth<mfskR&uj=IULHb38<tse=w*}Q<7Qz
z3<|`SLDlf5BpLb9#iQyjF6U}7JJ`^RZ>~xUs#0}nv?~C#l?W+9Lsb_5)!71rirGvY
zTIJ$OPOY516Y|_014sNv+Z8cc5t_V=i>lWV=vN<QPmtSpXv;kT!7hs-HH@i&RiI&9
z!dO2CvGs>u#!58y9Zl&G<qC8KlC>sMEW#pPYPYGHQ|;vFvd*9eM==$_=vc7xnyz0~
zY}r??$<`wAO?JQk@?RGvkWVJlq2dk9vB(yV^vm{=NVI8dhsX<)O(#nr9YD?I?(VmQ
z^r7VfUBn<~p3()8yOBjm$#KWx!5hRW)5Jl7wY@ky9lNM^jaT##8QGVsYeaVy<knK7
z-|ItZG@v_5HqwNL*X;&)fE*o2En9}_QSQ~Sxpo=`)<(LLcGS!($DADohdab0N6KTw
zF9i4%@WsNPJ2f@Kf&OK)$mJTfFx16uGFyQhd(9)Ota05_m2b4&e^Iw3r!jC#Hp$0t
zt!S{)s#CdvfKjo>wmpv>X|Xj7gWE1Ezai&wVLt3p)k4w~yrskT-!PR!kiyQlaxl((
zXhF%Q9x}1TMt3~u@|#wWm-Vq?ZerK={8@~&@9r5JW}r#45#rWii};t`{5#&3$W)|@
zbAf<Wd~LF&Fa+z%sLq|a7`8BxH;x+F8(HU&VXoK6B>2yDNe0q}NEUvq_Quq3cTjcw
z@H_;$hu&xllCI9CFDLuScEMg|x{S7GdV8<&Mq=ezDnRZAyX-8gv97YTm0bg=d)(>N
z+B2F<g3)ia(W`M0HCo-hfSmEqFQ$W5j$wJ;?r7W^?`K&S(*5L=PU?;K=%mT~AoyLc
zmB9dB0BfY<$42H7qp*b&gqwjPG@?GHqEWMaXbG2l^~e?yEl$rb2e+7tNeQjQi!%mG
z!n&myqi%P$bT;(Jy7TA*2tP}NXfszN-aSbAw)CRWi!Y&moQuMP!ZIYY+|-Hi;nfsw
zSAibHD0K*Rx488O94=w;IYZ)nc%KdXcP-D4kAzBYZwl}PDc(ZIiFm=)7;@JjuDF@@
zh({Ks)K#T@$U#?|cc5wW7j|#<s#)XeeNmP*9S3P%QoJ+84!)t-Q3y&LB4VHT${%s|
zTG3XIg~2`B_RVw|0J-Nqqo+Pe*FeW61Sh*R7{v~e$s_}74Z{>cqvI9>jGtnK%eO%y
zoBPkJTk%y`8TLf4)IXPBn`U|9>O~WL2C~C$z~9|0m*YH<-vg2CD^SX#&)B4ngOSG$
zV^wmy_iQk>dfN@Pv(ckfy&#ak@MLC7&Q6Ro#!ezM*VEh`+b3Jt%m(^T&p&WJ2Oqvj
zs-4nq0TW6cv~(YI$n0UkfwN}kg3_fp?(ijSV#tR9L0}l2qjc7W?i*q01=St0eZ=4h
zyGQbEw`9OEH>NMuIe)hVwYHsGERWOD;JxEiO7cQv%pFCeR+IyhwQ|y@&^24k+|8fD
zLiOWFNJ2&vu2&`Jv96_z-Cd5RLgmeY3*4rDOQo?Jm`;I_(+ejsPM03!ly!*Cu}Cco
zrQSrEDHNyzT(D5s1rZq!8#?f6@v6dB7a-aWs(Qk>N?UGAo{gyt<fmzm5NzZ|fs&#}
zncD~rYY0$e-KIJ+=Op({4j(9PIkXkc_SkA;(m*CznUsh<u&YaQ2?WX;ffj?q#rkaD
zhgb+R9A8jgPt^w}K)OK@H5E_#!Z=VQBe3%qPvYY%REdJYYg39A`{$NP_M^}lrMFR7
z+z-hJlg#zeS)0^WAq|DzTPsJlg*U_m2#Hg-0Wmz@?iH!<yiUNaD#c-kYUp!%4RSKq
z{aEO|^oK+y2EtPt%bwO#VBE9DxJ9N@ufrh+8SIe+8$#E{7>lh$%_IhyL7h?DLXDGx
zgxGE<S);`7Ye2u;8Dq575#~501>BQoCAWo-$LRvM=F5MTle`M})t3vVv;2j0HZY&G
z22^iGhV@uaJh(X<Ji#4pfqzo+6CV|xa;=Mz*tzH^bNhkjCY|vEWb}4_nF}mp3zj6F
z<RK*`vdncONn`be@hcYCs`Fx)%bT8wV$T8!b%e<R8G~jKI85M<1J$4NY<nL0CutfG
z<0HvW$c5I*1#_hw)1(15*aH)~KVw0;{Zp_ZQI?8k=6OO?W$jqY0waZgj%rb>yyY%}
zd4iH_UfdV#T=3n}(Lj^|n;O4|$;xhu*8T3hR1mc_A}fK}jfZ7LX~*n5+`8N2q#rI$
z@<<NwLoApZ<e3!J$+qrZqXhfixi{}uCew+VjVR``fj1Lf`2I-jD>_2VANlYF$vIH$
zl<)+*tIWW78IIINA7Rr7i{<Y3K#4WL2gwP{V}$lxr|)k#^h4W{mX@Le*u!g#hfAGO
zCeSa;u(-xw0ZspUEBo+8Ru(%}-m6Ro%1{7aEL$_dA#RWFH+pZ@3`vn|LIY-BbZ`xA
z;0Hf*V6m6EEIJ?MTj|I!l!v*XnqWfITy`ve|BDjjbn-XMEaj|oNyd!_<K^Ti36kh1
z(%3QLBv(><;#^yzxoLNkXL)eSs=%<Gis)1JtKs|A*=kDqutu=D>|P>$YQIh+ea_3k
z_s7r4%j7%&*NHSl?R4k%1>Z=M9o#zxY!n8sL5>BO-ZP;T3Gut>iLS@U%IBrX6BA3k
z)&@q}V8a{X<5B}K5s(c(LQ=%v1ocr`t$EqqY0EqVjr65usa=0bkf|O#ky{<C<t3zu
z`hM@H`e*c^To>j3)WBR<Rk0XEu3I97LQj|W=oPZA>(((L^wmyHRzoWuL2~WTC=`yZ
zn%VX`L=|Ok0v7?s<AoD@n8D7kz^e<8kpe+<X#n2|WDSoR5^oCGt<jgs)X#u5@PWV+
z<b`lm>>IHg?yA<ed=nI4vx^O}jp~R0s4CS5p`R9jtX~z7xF-Z5gJMA(5vqNQrH2}B
zLEIs&NxKWPrwn0(*pI+NhLe0_cU!>rBcync5rG#^+u)>a%qjES%dRZoIyA8gQ;StH
z1Ao7{<&}6U=5}4v<)1T7t!J_CL%U}CKNs<r5fMyAUKFZK{y9U{q!s_ZSKXqW%qBRr
z?bu0a7Zic(_|KEJWkFJk=&bobT<sZBi;dXUmO?)}m$)B<s0Nr7^=$mY+Dr7ke?^*x
z4Vt?Ovyz0Mk+fmZjXJTAv@hijH2y5Cf|5J3ryKO57~3?_EAxOUYF##HdjopeNH4%@
zuGqW!`j7vRX*U7T5B1|m8}h%c4gNobJO8sb_&>-0xWoTTeqj{5{?Be$L0_tk>M9o8
zo371}S#30rKZFM{`H_(L`EM9DGp+Mifk&IP|C2Zu_)Ghr4Qtpmkm1osCf@%Z$%t+7
zYH$Cr)Ro@3-QDeQJ8m+x6%;?YYT;k6Z0E-?kr>x33`H%*ueBD7Zx~3&HtWn0?2Wt}
zTG}*|v?{$ajzt}xPzV%lL1t-URi8*Zn)YljXNGDb>;!905Td|mpa@mHjIH%VIiGx-
zd@MqhpYFu<g)7l4&_bNaog=DANE?ZcfM)*NEMkm~{>4_?y5N4xiHn3vX&|e6r~Xt>
zZG`aGq|yTNjv;9E+Txuoa@A(9V7g?1_T5FzRI;!=NP1Kqou1z5?%X~Wwb{trRfd>i
z8&y^H)8YnKyA_Fyx>}RNmQIczT?w2J4SNvI{5J&}Wto|8FR(W;Qw#b1G<1%#tmYzQ
zQ2mZA-PAdi%RQOhkHy9Ea#TPSw?WxwL@H@cbkZwIq0B!@ns}niALidmn&W?!Vd4Gj
zO7FiuV4*6Mr^2xlFSvM;Cp_#r8UaqIzHJQg_z^rEJw&OMm_8NGAY2)rKvki|o1bH~
z$2IbfVeY2L(^*rMRU1lM5Y_sgrDS`Z??nR2lX;zyR=c%UyGb*%TC-Dil?Si<D{nTD
zMw8K;)%(lo#`W8jOV@qoJ#X}Mwbyz4a;PcPaSBZqr;F)uJhh<vQG%Y4Mw<phKlLRw
zIw!C3k>hkjrQy~TMv6;BMs7P8il`H7DmpVm@rJ;b)hW)BL)GjS154b*xq-NXq2cwE
z^;VP7ua2pxvCmxrnqUYQMH%a%nHmwmI33nJM(>4LznvY*k&C0{<x1=XMzKZ~Bs`;;
zzjN;>8f*%?zggpDgkuz&JBx{9mfb@wegEl2v!=}Sq2Gaty0<)UrOT0{MZtZ~j5y&w
zXlYa_jY)I_+VA-^#mEox#+G>UgvM!Ac8zI<%JRXM_73Q!#i3O|)lOP*qBeJG#BST0
zqohi)<I-A(NiPhXic7WGcd${Bs6q40O%lhVI#-EDK6jPHL9qSG))QSk?b4HNO46Kt
zq~AhM!n=+cMgd8rvaDcAUqe9_Py+)1zbv_Wy{}+a|F1es@~Qc9kW@MgedI!i{HhtJ
z!kAvsCV6n8=$My(7M_90IyH+8**uSL-iyt^&8vOeIRo?HTA5+#Xr^9U=2eV`Xlmc$
zFjy%l4c$~))iDJkH$oB2LfNc)TX?BjEeaRo@~X+PeGiiD85sGHqRqi@$1TzmJ+rd3
zVg^Gn@P5KfN#t5@T7Lvq5F&=Y)v)n4Cjfha{J2+Jic#JjOH^ggzd<;^a<68vsD0fr
zC*U$7*i1uw{BlNp8mMWqc46bk3VHJ?|MSSFbx~ox6ZBjsfPa3I5EWvc##{^VJo^EN
z<}Cr>O!|$|2SeJQo(w6w7%*92S})XfnhrH_Z8qe!G5>CglP=nI7JAOW?(Z29;pXJ9
zR9`KzQ=WEhy*)WH>$;7Cdz|>*i>=##0bB)oU0OR>>N<21e4rMCHDemNi2LD>Nc$;&
zQRFthpWniC1J6@Zh~iJCoLOxN`oCKD5Q4r%ynwgUKPlIEd#?QViIqovY|czyK8>6B
zSP%{2-<;%;1`#0mG^B(8KbtXF;Nf>K#Di72UWE4gQ%(_26Koiad)q$xRL~?pN71ZZ
zujaaCx~jXjygw;<Ay^b{e7rQ>rI!WB=xrOJO6HJ!!w}7eiivtCg5K|F6$EXa)=xUC
za^JXSX98W`7g-tm@uo|BKj39Dl;sg5ta;4qjo^pCh~{-HdLl6qI9Ix6f$+qiZ$}s=
zNguKrU;u+T@ko(Vr1>)Q%h$?UKXCY<ELeH%x_-+;N!NPjI@5|c>>3se%&;h2osl2D
zE4A9bd7_|^njDd)6cI*FupHpE3){4NQ*$k*cOWZ_?CZ>Z4_fl@n(mMnYK62Q1d@+I
zr&<rzyB}9!OG>O))G4hMih<XQCmlZu^@8%Z@1T|FyI_m%FM=cL3%T#%II(MZ`FKla
zpXXu4TSaVkB7;tYPyY<uMC(fA=<j-47<k>gBqRIAJkLdk(p(D~X{-oBUA+If@B}j&
zsHbeJ3RzTq96lB7d($h$xTeZ^gP0c{t!Y0c)aQE;$FY2!mACg!GDEMKXFOPI^)nHZ
z`aSPJpvV0|bbrzhWWkuPURlDeN%<qMpCcxwvwqRMaqc9@{O;iK_N2snE#x<P5c1;#
zmjI^QLBwgKbA!596SF19-xAg`j~Dtp%yL%PsIy-Iy#n3_juW-DvzXBY7{iAZ@^xZK
z@xr2R*rSktAvjWK{FY-U0t8|bspU3(%@64Udl&2uFK6|JrwGTmi+3cF9F%O9@lnIC
zs=6lONtdy$oHQyWIz$zmM@0(12^Y0f!FDBU-xO1sA%B@8>VT8tndV8?d)eN*i4I@u
zVKl^6{?}A?P)Fsy?3oi#clf}L18t;TjNI2>eI&(ezDK7RyqFxcv%>?oxUlonv(px)
z$vnPzRH`y5A(x!yOIfL0bmgeMQB$H5wenx~!ujQK*nUBW;@Em&6Xv2%s(~H5WcU2R
z;%Nw<$tI)a`Ve!>x+qegJnQsN2N7HaKzrFqM>`6R*gvh%O*-%THt<rb___hz1Q*?5
z6WlWA+_DZ_V%@(Z;W6IiWcwb%0tQS@7FVT8L%H@;-K!LOiZIstqiCW*I~5y<2j59v
z*;R0rbBXIxu3n@3a3wxbyp;2oPnr)69p#+<DwNc<oL?vCKSPPJA(K9!1O*f4{YL62
zn|Sj8G%K~6J)K=!JP_YX8V=PjLK~TW_=@Nh@Cw-!NlZLY;2_j0TFoobFt-2R;qd|Z
z5LA6AxE3z?^1m|nTtbf_LVu#lgMMaoQSi!)(ir+k@yiKNqZa8D=pY1qBEL59w8xB>
zrB$Nk;lE;z{s{r^PPm5qz(&lM{sO*g+W{sK+m3M_z=4=&CC>T`{X}1Vg2PEfSj2x_
zmT*(x;ov%3F?qoEeeM>dUn$a*?SIGyO8m<CDx(PoF9Z7P(-Vz@5G~R_9zlbonzZYL
z!@f`rWC1aNE3{SDF~{lPR$(P=;{QgE*BcIk`ok>806J1W1o+4HRhc2`9$s6hM#qAm
zChQ87b~GEw{ADfs+5}FJ8+|bIlIv(jT$Ap#hSHoXdd9#w<#cA<1Rkq^*EEkknUd4&
zoIWIY)sAswy6fSERVm&!SO~#iN$OgOX*{9@_BWFyJTvC%S++ilSfCrO(?u=Dc?CXZ
zzCG&0yVR{Z`|ZF0eEApWE<q~aV-3QaRPuwFB`iCbViORA{tX~ST{rFw+In$j?7gLL
zT8ETr1QUOZxkIpI@5JqQk|b^xG*nZ910-;>o#s9osV>F{uK{QA@BES#&;#KsScf>y
zvs?vIbI>VrT<*!;XmQS=bhq%46-aambZ(8KU-wOO2=en~D}MCToB_u;Yz{)1ySrPZ
z@=$}EvjTdzTWU7c0ZI6L8=yP+YRD_eMMos}b5vY^S*~VZysrkq<`cK3>>v%uy7jgq
z0ilW9KjVDHLv0b<1K_`1IkbTOINs0=m-22c%M~l=^S}%hbli-3?BnNq?b`hx^HX2J
zIe6ECljRL0uBWb`%{EA=%!<byF4eC4KX4aZdAqSwE!&>i^4sMcj+U_TaTZRb+~GOk
z^ZW!nky0n*Wb*r+Q|9H@ml@Z5gU&W`(z4-j!OzC1wOke`TRAYGZVl$PmQ16{3196(
zO*?`--I}Qf(2HIwb2&1FB^!faPA2=sLg(@6P4mN)>Dc3i(B0;@O-y2;lM4akD>@^v
z=u>*|!s&9zem70g7zfw9FXl1bpJW(C#5w#uy5!V?Q(U35A~$dR%LDVnq@}kQm13{}
zd53q3N(s$Eu{R}k2esbftfjfOITCL;jWa$}(mmm}d(&7JZ6d3%IABCapFFYjdEjdK
z&4Edqf$G^MNAtL=uCDRs&Fu@FXRgX{*0<(@c3|PNHa>L%zvxWS={L8%qw`STm+=Rd
zA}FLspESSIpE_^41~#5yI2bJ=9`oc;GIL!JuW&7YetZ?0H}$$%8rW@*J37L<XFjIr
zWJ?$CMV^YggN$kCs0w8InCxL-qk`fNzT7&VA*&~~T=_(uA$CzC9vrKbN28^=3?MLv
zFoK23^axE9-(UuJp6l-WH~flb#LWz<-GZXz4PS*&{c?IaOs6}Rx>-~Rsx!)8($nI4
zZhcZ2^=Y+p4YPl%j!nFJA|*M^gc(0o$i3nlphe+~-_m}jVkRN{spFs(o0ajW@f3K{
zDV!#BwL322CET$}Y}^0ixYj2w>&Xh12|R8&yEw|wLDvF!lZ#dOTHM9pK6<Y!obdB7
zJ?!B#A1=BS7Ka=6k6_mfjXh1lGwLZR4PT*9n^^MB#jyfEy~L|)^EN8(11T8rrN7f?
z?@)HsizJFWKFr(u1x(=}jA~A*@;u9iCG}YS49mN9degGJEr@RQbFX&wZoBr{H3Nr7
z?H=$Zj>@Nm-@9Lnng4ZHBgBSrr7KI8YCC9DX5Kg|`HsiwJHg2(7#nS;A{b3tVO?Z%
za{m5b3rFV6EpX;=;n#wltDv1LE*|g5pQ+OY&*6qCJZc5oDS6Z6JD#6F)bWxZSF@q%
z+1WV;m!lRB!n^PC>RgQCI#D1br_o^#iPk>;K2hB~0^<~)?p}LG%kigm@moD#q3PE+
zA^Qca)(xnqw6x>XFhV6ku9r$E>bWNrVH9fum0?4s?Rn2LG{Vm_+QJHse6xa%nzQ?k
zKug4PW~#Gtb;#5+9!QBgyB@q=s<UxAOfSGI17`#WQPoP8A+0%MXyAyK3J=T4^Kbj7
zlt}Oe#L`UOUU8o&zkUW`eBtn39$xzlz~(3x_>k9=$S{4T>wjFICStOM?__fr+Kei1
z3j~xPqW;W@YkiUM;HngG!;>@AITg}vAE`M2Pj9Irl4w1fo4w<|Bu!%rh%a(Ai^Zhi
zs92>v5;@Y(Zi#RI*ua*h`d_7;byQSa*v9E{2x$<hp}Q26jsc}%C<*BjhE^Jt66tP1
zKtKU0Q9$V-l~zCy7`juGR=*kVy&nUYi+t;Q*P6xR{P8}s&pC7U+3()_`4tk8P7SO*
zts+C&EBA;W!X3G&`&E+LxzU~6Q<emFH@kgR*8?20u2XLWT3aI!YMwas1=TsetFPnK
zg5`qHR`D=R<(><-_=5Z<7{%)}4XExANcz@rK69T0x3%H<@frW>RA8^swA+^a(FxK|
zFl3LD*ImHN=X<Tm`8DfC>DUkrR<xW<(jZxC)!wKS)92Mp`by<@CGgeKED~ZJ3Jy$+
zjW_5$gXkQl+$Z+QJ~I#o6Pp!?bb78VSX!(@(92a;u-;wW%qe9fMiUm=#PwkrAbXT5
zVo>hp6RY5$rQ{bRgSO*(vEHYV)3Mo6Jy3puiLmU&g82p{qr0F?ohmbz)f2r{X2|T2
z$4fdQ=>0BeKbiVM!e-lIIs8wVTuC_m7}<Ui;+XED-5oBiR>y4A_%ikI;Wm5$9j(^Y
z(cD%U%k)X>_>9~t8;pGzL6L-fm<ULs+oY32iJK8t`MZXpBuoD$6OMAKyL46!gYNWE
zud<`{zju@c#T_7EyRG#xA7t1QT}ZgtiYwog7J*c#?<fNv<K7Htr4Bz79uv2x*w)<k
z=a;7q%vaAz-hD(kAxqWM%g9t=$}0NKb?)GaBa8K156rk8wWyI)MB=&^_{THh+}COk
zUzRKn7T0APWWnx<r&J-F&{b%n+JRIgYHuv;^|;Hor$0q~|8BI{QjuMG8JYxvYF}Gn
zy*In4ANN}0dpJx*JPO@eiJFX7bD|1WV+M;rfsj3PIBa@gpsi3FnkV~X3nx%2?_ypI
zh}S3zV-DKR|K!F9Z3-RZumjj)P_`}W2J~q|bB0)a9xHmA&%h{<vyYF9&zIJ>QO@K;
zo&vQzMlgY95;1BSkngY)e{`n0!NfVgf}2mB3t}D9@*N;FQ{HZ3Pb%BK6;5#-O|WI(
zb6h@qTLU~AbVW#_6?c!?Dj65Now7*pU{h!1+eCV^KCuPAGs28~3k@ueL5+u|Z-7}t
z9|lskE`4B7W8wMs@<RoRq4K_1jQ|2oJg$O-rP`~;Bzz?@Jlrn0Z@<=ZmJTM3jjq_~
zRZ}mS?n&K}m}#OA-nYs)kQ@R^-(uFAD{$CgCv6|t>xJa{#bsCGDFoRSNSnmNYB&U7
zVGKWe%+kFB6kb)e;<v}cel^QYVzboCh<hrVzAa>TyHfqtU6~fRg)f|>=5(N36)0+C
z`hv65J<$B}WUc!wFAb^QtY31yNleq4dzmG`1wHTj=c*=hay9iD071Hc?oYoUk|M*_
zU1GihAMBsM@5rUJ(qS?9ZYJ6@{bNqJ`2Mr+5#hKf?doa?F|+^IR!8lq9)wS3tF_9n
zW_?hm)G(M+MYb?V9YoX^_mu5h-LP^TL^!Q9Z7|@sO(rg_4+@=PdI)WL(B7`!K^ND-
z-uIuVDCVEdH_C@c71YGYT^_Scf_dhB8Z2Xy6vGtBSlYud9vggOqv^L~F{BraSE_t}
zIkP+Hp2&nH^-MNEs}^`oMLy11`PQW$T|K(`Bu*(f@)mv1-qY(_YG&J2M2<7k;;RK~
zL{Fqj9yCz8(S{}@c)S!65aF<=&eLI{hAMErCx&>i7OeDN>okvegO87OaG{Jmi<|}D
zaT@b|0X{d@OIJ7zvT>r+eTzgLq~|Dpu)Z&db-P4z*`M$UL51lf>FLlq6rfG)%doyp
z)3kk_YIM!03eQ8Vu_2fg{+osaEJPtJ-<V*830?$46vO`8Mw##QM*`Rr?w|#MyZ6A&
z_}pwQU2m8=Sp54^L})3wA`G=0rsaz56>s36R+5_AEG12`NG)IQ#TF9c@$99%0iye+
zUzZ57=m2)$D(5Nx!n)=5Au&O0BBgwxIBaeI(mro$#&UGCr<;C{UjJVAbVi%|+WP(a
zL$U@TYCxJ=1{Z~}rnW;7UVb7+ZnzgmrogDxhjLGo>c~MiJAWs&&;AGg@%U?Y^0JhL
ze(x6Z74JG6FlOFK(T}SXQfhr}RIFl@QXKnIcXYF)5|V~e-}suHILKT-k|<*~Ij|VF
zC;t@=uj=hot~*!C68G8hTA%8SzOfETOXQ|3FSaIEjvBJp(A)7SWUi5!Eu#yWgY+;n
zlm<$+UDou*V+246_o#V4kMdto8hF%%Lki#zPh}KYXmMf?hrN0;>Mv%`@{0Qn`Ujp)
z=lZe+13>^Q!9zT);H<(#bIeRWz%#*}sgUX9P|9($kexOyKIOc`dLux}c$7It4u|Rl
z6SSkY*V~g_B-hMPo_ak>>z@AVQ(_N)VY2kB3IZ0G(iDUYw+2d7W^~(Jq}KY=JnWS(
z#rzEa&0uNhJ>QE8iiyz;n2H|SV#Og+wEZv=f2%1ELX!SX-(d3tEj$5$1}70Mp<&eI
zCkfbByL7af=qQE@5vDVxx1}FSGt_a1DoE3SDI+G)mBAna)KBG4p8Epxl9QZ4BfdAN
zFnF|Y(umr;gRgG6NLQ$?ZWgllE<HJXYDr?-K8^D!ZlPa8ZG&+c+DJy(x5;Feg3L)*
zvdpRL&@{hyOZBRzTt*TCk9hewUpi`*Kt|w8q}nwi%?T`D?1ox^RZSRut44vMd{LO!
z5<xD{qy<T%oDMUy9H#9$W-Wu8GwxNdV(5T7B?RP@ZWH6Jt?*TpR4hY26nALXC@f!D
z_AE{^bi`q0U%atoVV5-5alLF?pA>eeq~z^ZS7L?<(~O&$5|y)Al^iMKy}&W+eMm1W
z7EMU)u^ke(A1#XCV>CZ71}P}0x)4wtHO8#JRG3MA-6g=`ZM!FcICCZ{IEw8Dm2&LQ
z1|r)BUG^0GzI6f946RrBlfB1Vs)~8toZf~7)+G;pv&XiUO(%5bm)pl=p>nV^o*;&T
z;}@oZSibzto$arQgfkp|<o4}2aWyA-u@g@X@*3Qq>z4Z($P>dTXE{4O=vY0!)kDO*
zGF8a4wq#VaFpLfK!iELy@?-SeRrdz%F*}hjKcA*y@mj~VD3!it9lhRhX}5YOaR9$}
z3m<U!dsnGfk?KY|+&M@U4to6WN5Fr~Z2Y~S6z;ugWov!c#T4Pid7?1x8wY`#cM-K&
zXZ31E^^+4l<8TS_eV}PTTl9cUjRQB-789L;;mi28ms9Ok_n}yunSfm?pRC6bk9iMK
z{Me@L*Hx9gKeGtG68!~RS?gRYfl2zINnyRg@p)U*X(<_ksV`=o%2XWE5-Y+=UYL-Y
ztqFc{r$bTOOr%6GK_kGlR5`+;tTS|8zSb;+levJ}UbU#B1Mej>S%$2Be7{l(+MVx3
z(4?h;P!jnRmX9J9sYN#7i=iyj_5q7n#X(!cdqI2lnr8T$IfOW<_v`eB!d9xY1<?8m
zc=9ctC~_znEmY{3do4Y&tSr#K8MEwV*K>P=2q&WtOXY=D9QYteP)De?S4}FK6#6Ma
z=E*V+#<o63M9PbR(KQau)lC&KzK0v*^~#=c>s8>L;8aVroK^6iKo=MH{4yEZ_>N-N
z`(|;aOATba1^asjxlILk<4}f~`39dBFlxj>Dw(hMYKPO3EEt1@S`1lxFNM+J@uB7T
zZ8WKjz7HF1-5&2=l=fqF-*@>n5J}jIxdDwpT?oKM3s8Nr`x8JnN-kCE?~aM1H!hAE
z%%w(3kHfGwMnMmNj(SU(w42OrC-euI>Dsjk&jz3ts}WHqmMpzQ3vZrsXrZ|}+MHA7
z068obeXZTsO*6RS@o3x80E4ok``rV^Y3hr&C1;|ZZ0|*EKO`$lECUYG2gVFtUTw)R
z4Um<0ZzlON`zTdvVdL#KFoMFQX*a5wM0Czp%wTtfK4Sjs)P**RW&?lP$(<}q%r68Z
zS53Y!d@<WHAUBA*8bUiRbm%Z;gZhfNqOZBHucO1A@&fFR43kejZro_v)VLcPwS7}~
zK5k!0!+rSL*HKlXVA@0UZ>&~ne9O)A^tNrXHhXBkj~$8j%pT1%%mypa9A<G!EKb<E
z`}8*o7Vl;U@K#TU5!9`Os$JU!y8FCud{w+#5g>W5E&s9)rjF4@O3ytH{0z6riz|@<
zB~UPh*wRFg2^7EbQrHf0y?E~dHlkOxof_a?M{LqQ^C!i2dawHTPYUE=X@2(<D?FV&
zcM@&VpBXA?L{0tb_j)NYM}%xYbEn~9R`f?;g|efm#wA%S{AP`lHyTMh8%rB%5P`TA
z^U37=Hfa1dqP}{-l>3<=OOxs8qn_(y>pU>u^}3y&df{JarR0@VJn0f+U%UiF=$Wyq
zQvnVHESil@d|8&R<%}uidGh7@u^(%?$#|&J$pvFC-n8&A>utA=n3#)yMkz+qnG3wd
zP7xCnF|$9Dif@N~L)Vde3hW8W!UY0BgT2v(wzp;tlLmyk2%N|0jfG$%<;A&IVrOI<
z!L)o>j>;dFaqA3pL}b-Je(bB@VJ4%!JeX@3x!i{yIeIso^=n?<yGgTTZ!PNB?9gX<
zIb-Mwo=t8!k;=1f5ke{{mjD;8+drvc=j_XPyvGfArKBJEaX2!s2-K1+v_zbm8v7BT
za`|K1N2}$TyJ@nhBOHb0du-5xRz>fDX`3bU=eG7sTc%g%ye8$v8P@yKE^XD=NYxTb
zbf!Mk=h|otpqjFaA-vs5YOF-*GwWPc7VbaOW&stlANnCN8iftFMMrUdYNJ_Bnn5Vt
zxfz@Ah|+4&P;reZxp;MmEI7C|FOv8NKUm8njF7Wb6Gi7DeODLl&G~}G4be&*Hi0Qw
z5}77vL0P+7-B%UL@3<Hx#GB2%vG%0rC1(94hq216=?s(ssfs{vDgp`%$+N_!WRy9C
za}K<}u;;Pqc=!2V0k{Hgo5p0-m1!D$f?OU9<FJ2<5oh^cbOGSGfdj2^%OxwDfU-z~
z(XR@2k_uf5r(>n1&JPxW^d@vVwp?u#gVcJqY9#@-3X{ok#UfW3<1fb%FT`|)V~ggq
z(3AUoUS-;7)^hCjdT0Kf{i}h)mBg4qhtHHBti=~h^n^OTH5U*XMgDLIR@sre`AaB$
zg)IGBET_4??m@cx&c~bA80O7B8CHR7(LX7%HThkeC*@vi{-pL%e)yXp!B2InafbDF
zjPXf1mko3h59{lT6EEbxKO1Z5GF71)WwowO6kY|6tjSVSWdQ}NsK2x{>i|MKZK8%Q
zfu&_0D;CO-Jg0#YmyfctyJ!mRJp)e#@O0mYdp|8x;G1%OZQ3Q847YWTyy|%^cpA;m
zze0(5p{tMu^lDkpe?HynyO?a1$_LJl2L&mpeKu%8YvgRNr=%2z${%WThHG=vrWY@4
zsA`OP#O&)TetZ>s%h!=+CE15lOOls&nvC~$Qz0Ph7tHiP;O$i|eDwpT{cp>+)0-|;
zY$|bB+Gbel>5aRN3>c0x<ruzyyQ%Zy5vf6}`4)t?d-C#9!GHs<@Hns>)4U=|X+z+{
zn*_p*EQ<B%95agq4hNqm^)z*%GD}I4q^^7sH5Hy)x3mf2i}!E6)Yg(THpWRZ7O-FM
zN0W_>oquRL+=+p;=lm`d71&1NqBz&_ph)MXu(Nv6&XE7(RsS)^MGj5Q?Fwude-(sq
zjJ>aOq!7!EN>@(fK7EE#;i_BGvli`5U;r!YA{JRodLBc6-`n8K+Fjgwb%sX;j=qHQ
z7&Tr!)!{HXoO<2BQrV9Sw?JRa<KG5emNB(T<y(NWmqssKxUatWWx*DdyYw_kOIJd)
z;k&Pys2Tnf4Po((JL<eVe)|O!Lv`GXH>LXV8HrsNevvnf>Y-6|{T!pYLl7jp$-nEE
z#X!4G4L#K0qG_4Z;Cj6=;b|Be$hi4JvMH!-voxqx^@8cXp`B??eFBz2lLD8RRaRGh
zn7kUfy!YV~p(R|p7iC1Rdgt$_24i0cd-S8HpG|`@my70g^y`gu%#Tf_L2<gJMO);m
zEk>1-k?sRRZHK&at(*ED0P8iw{7?R$9~OF$Ko;Iu5)ur5<->x!m<Z%nn+oUd>93Eb
zFYpIx60s=Wxxw=`$aS-O&dCO_9?b1yKiPCQmSQb>T)963`*U+Ydj5kI(B(B?HNP8r
z*bfSBpSu)w(Z3j7HQoRjUG(+d=IaE~tv}y14zHHs|0UcN52fT8V_<@2ep_ee{QgZG
zmgp8iv4V{k;~8@I%M3<#B;2R>Ef(Gg_cQM7%}0s*^)SK6!Ym+~P^58*wnwV1BW@eG
z4sZLqsUvBbFsr#8u7S1r4teQ;t)Y@jnn_m5jS$CsW1um!p&PqAcc8!zyiXHVta9QC
zY~wCwC<otwTnmD(e1ezd?<0DwVxo}=Fub>F0U%xiQPD_INKtTb;A|Zf29(mu9NI;E
zc-e>*1%(LSXB`g}kd`#}O;veb<(sk~RWL|f3ljxCnEZDdNSTDV6#Td({6l&y4IjKF
z^}lIUq*ZUqgTPumD)RrCN{M^jhY>E~1pn|KOZ5((%F)G|*ZQ|r4zIbrEiV%42hJV8
z3xS)=!X1+=olbdGJ=yZil?oXLct8FM{(6ikLL3E%=q#O6(H$p~gQu6T8N!plf!96|
z&Q3=`L~>U0zZh;z(pGR2^S^{#PrPxTRHD1RQOON&f)Siaf`GLj#UOk&(|@0?zm;Sx
ztsGt8=29-MZs5CSf1l1jNFtNt5rFNZxJPvkNu~2}7*9468TWm>nN9TP&^!;J{-h)_
z7WsHH9|F%I`Pb!>KAS3jQWKfGivTVkMJLO-HUGM_a4UQ_%RgL6WZvrW+Z4ujZn;y@
zz9$=oO!7qVTaQAA^BhX&ZxS*|5dj803M=k&2%QrXda`-Q#IoZL6E(g+tN!6CA!CP*
zCpWtCujIea)ENl0liwVfj)Nc<9mV%+e@=d`haoZ*<oI1yD0)ode<2{}h3=ee3^GUp
zK^Zv;a(K^#^f3JYFh@>`B7+PNjEbXBkv=B+Pi^~L#EO$D$ZqTiD8f<5$eyb54-(=3
zh)6i8i|jp(@OnRrY5B8t|LFXFQVQ895n*P16cEKTrT*~yLH6Z4e*bZ5otpRDri&+A
zfNbK1D5@O=sm`fN=WzWyse!za5n%^+6dHPGX#8DyIK>?9qyX}2XvBWVqbP%%D)7$=
z=#$WulZlZR<{m#gU7lwqK4WS1Ne$#_P{b17qe$~UOXCl>5b|6WVh;5vVnR<%d+Lnp
z$uEmML38}U4vaW8>shm6CzB(Wei3s#NAWE3)a2)z@i{4jTn;;aQS)O@l{rUM`J@K&
l00vQ5JBs~;vo!vr%%-k{2_Fq1Mn4QF81S)AQ99zk{{c4yR+0b!
literal 59821
zcma&NV|1p`(k7gaZQHhOJ9%QKV?D8LCmq{1JGRYE(y=?XJw0>InKkE~^UnAEs2gk5
zUVGPCwX3dOb!}xiFmPB95NK!+5D<~S0s;d1zn&l<Fn`|)5^5q0GK!K+U?9r>rfAn7
zC?Nb-LFlib|DTEqB8oDS5&$(u1<5;wsY!V`2F7^=IR@I9so5q~=3i_(hqqG<V=~hU
z({wWQ-(XL}Oj8evb!ghKC`u2CX+y9mFwu)KZ=7zNzWtXO|4#D1mj?d#+uq6I|60}m
zsRQ><9SbL8Q(LqDrz+aNtGYWGJ2;p*{a-^;C>BfGzkz_@fPsK8{pTT~_VzB$E`P@>
z7+V1WF2+tSW=`ZRj3&0m&d#x_lfXq`bb-Y-SC-O{dkN2EVM7@!n|{s+2=xSEMtW7(
zz~A!cBpDMpQu{FP=y;sO4Le}Z)I$wuFwpugEY3vEGfVAHGqZ-<{vaMv-5_^uO%a{n
zE_Zw46^M|0*dZ`;t%^3C19hr=8FvVdDp1>SY>KvG!UfD`O_@weQH~;~W=fXK_!Yc>
z`EY^PDJ&C&7LC;CgQJeXH<j%PcECIpofMf_5tipA?C6e~^`h$nuUTuJ3$-w1BrZ>2
zjfM}2(1i5Syj)Jj4EaRyiIl#@&lC5xD{8hS4Wko7>J)6AYPC-(ROpVE-;|Z&u(o=X
z2j!*>XJ|>Lo+8T?PQm;SH_St1wxQPz)b)Z^C(KDEN$|-6{A>P7r4J1R-=R7|FX*@!
zmA{Ja?XE;AvisJy6;cr9Q5ovphdXR{gE_7EF`ji;n|RokAJ30Zo5;|v!xtJr+}qbW
zY!NI6_Wk#6pWFX<a1%+c97{9@x%qwJ4W*s(>~t$rAUWi?bAOv-oL6N#1>C~S|7_e4
zF}b9(&a*gHk+4@J26&xpiWYf2HN>P;4p|TD4f586umA2t@cO1=Fx+qd@1Ae<jlPNq
z0tAHo@2+9^|L+C=^Z|`^0GcND7lHF?J$(cVZDde`s0;`i(@%|hjaceA2!?NV&1;O~
zB-KE-6Z4`u>#Le>{-?m!PnbuF->g3u)7(n^llJfVI%Q<OclAxJHf=vV>2rMvetfV5
z6g|sGf}pV)3_`$QiKQnqQ<&ghO<aqlFq0W;NW!O?>Wz4_{`rA1+7*M0X{y(+?$|{n
zs;FEW>YzUWg{sO*+D2l6&qd+$JJP_1Tm;To<@ZE%5iug8vCN3yH{!6u5Hm=#3HJ6J
zmS(4nG@PI^7l6AW+cWAo9sFmE`VRcM`sP7X$^vQY(NBqBYU8B|n-PrZ<zesGWA{|o
z#soEn&UD5#o&KGZ&X$(Ofs1>dNv8?K?kUTT3|IE`-A8V*eEM2=u*kDhhKsmVPWGns
z8QvBk=BPjvu!QLtlF0qW(k+4i+?H&L*qf262G#fks9}D5-L{yiaD10~a;-j!p!>5K
zl<NDhMdtP-gLD9%mT0?pxjyP(9OO2mOdIAq&LzDrM3`1^z;qgXuKNOEJh?j;70|9E
zw@bQe6);#P(-ZBK(koC@)Ak+J#fh^a^N21Em|+IfTFxuip{@KgD#P$k3!b5WA%$zr
zxN;1GBdpcig9XI>@Lh+(9D{ePo_S4F&QXv|q_yT`GIPEWNHDD8KEcF*2DdZD;=J6u
z|8ICSoT~5Wd!>g%2ovFh`!lTZhAwpIbtchDc{$N%<~e$E<7GWsD42U<!G{ItVza49
za?!2OH6iP;@X6q)w@pVp6eS>dJh1fD($89f2on`W`9XZJmr*7lRjAA8K0!(t8-u<R
zj6dBc&Pvq?Y$m{HPz!h1d=zVFb%IpaRn;L3cjO=pcWq9Ky%yNQ)c+Lr!1nYT5$M(6
zvPY}Ie>>2H*xn5cy1EG{J;w;Q-H8Yyx+WW(qoZZM7p(KQx^2-yI6Sw?k<=lVOVwYn
zY*eDm%~=|`c{tUupZ^oNwIr!o9T;H3Fr|>NE#By8SvHb&#;cyBmY1LwdXqZwi;qn8
zK+&z{{95(SOPXAl%Ed<D$AsDRAIjmZYWv2HvLnk#ZroeWUR&o_)Qyz7-vi1Y0t*Mr
zMX=Xqm!@m<4O)8;m%Q*DD=oi`I)AmS+LAVV-OP3sC+8~ON}Ms3XSr9eca<<$3tT6*
zlqZyzd$KUWL+LK-y_v(@s;}XjJteut766#I=vxqjJw&yAS~I6JbY$rHZ*pW?&ZY44
zkvu^5W}zrk33KWebu)8gaszh}>J3jC5yV^|^}nOT@M0)|$iOcq8G{#*OH7=DlfOb;
z#tRO#tcrc*yQB5!{l5AF3(U4>e}nEvkoE_XCX=a3&A6Atwnr&`r&f2d%lDr8f?hBB
zr1dKNypE$CFbT9I?n){q<1zHmY>C=5>9_phi79pLJG)f=#dKdQ7We8emMjwR*qIMF
zE_P-T*$hX#FUa%bjv<SKm#9;H=W;}*i0T%d-zGyq*(k;mX5e<@6L(AZmfL5B!0n@r
zo12zunVCl_G&xY9n84#!?8-XWSIEu}=~kCZ8Re7dVks1_zkqqA7|PuX3;7WeA?~Kw
zo{qCsnkRmLQL(gVQTTG~>4Vm=;oxxv`B*`weqUn}K=^TXjJG=UxdFMSj-QV6fu~;-
z|IsUq`#|73M%Yn;VHJUbt<0UHRzbaF{X@76=8*-IRx~bYgSf*H(t?KH=?D@wk*E{|
z2@U%jKlmf~C^YxD=|&H?(g~R9-jzEb^y|N5d`p#2-@?BUcHys({pUz4Zto7XwKq2X
zSB~|KQGgv_Mh@M!<oHSJ#uNm%0@)oTv?HqL5%fFkH)>*{nl~2~VV_te&E7K39|WYH
zCxfd|v_4!h$Ps2@atm+gj14Ru)DhivY&(e_`eA)!O1>nkGq|F-#-6oo5|XKEfF4hR
z%{U%ar7Z8~B!foCd_VRHr;Z1c0Et~y8>ZyVVo9>LLi(qb^bxVkbq-Jq9IF7!FT`(-
zTMrf6I*|SIznJLRtlP)_7tQ>J`Um>@pP=TSfaPB(<bRteZf0)mYU}c^e`P0o3nw#Y
zXL&1U7c-!l(?1eSiTXAGPaXXe$e9&thNdb_jjkiSjtfemP6umcqf3m7D@%bcUNu9}
zj<C+y*|sYD6(;!nE3M}^X%WkimrT^P)ORuClkC%L9w%qsQBvRu)z1Z%n;>bto$G1C
zx#z0$=zNpP-~R);kM4O)9Mqn@5Myv5MmmXOJln312kq#_94)bpSd%fcEo7cD#&|<`
zrcal$(1Xv(nDEquG#<u^5igzHVYm-nZ0Lp-W0%bZlfO5y;<@WQVybdBEiE*UhT0;v
zpnx7<WjD}>`{&9Ci~W)-zd_HbH-@2F6+|a4v}P!w!Q*h$#Zu+EcZeY>u&?hn#DCfC
zVuye5@Ygr+T)0O2R1*Hvlt>%rez)P2wS}N-i{~IQItGZkp&aeY^;>^m7JT|O^{`78
z$KaK0quwcajja;LU%N|{`2o&QH@u%jtH+j!haGj;*ZCR*`UgOXWE>qpXqHc?g&vA&
zt-?_g8k%ZS|D;()0Lf!>7KzTSo-8hUh%OA~i76HKRLudaNiwo*E9HxmzN4y>YpZNO
zUE%Q|H_R_UmX=*f=2g<sYUcQkg2(#gLD`6X+K`ixH)DfkSrWq%{%NAcfSLiVJ75Q5
zW3>=xyP)l-DP}kB@PX|(Ye$NOGN{h+fI6HVw`~Cd0cKqO;s6aiYLy7sl~%gs`~XaL
z^KrZ9QeRA{O*#iNmB7_P!=*^pZiJ5O@iE&X2UmUCPz!)`2G3)5;H?d~3#P|)O(OQ_
zua+ZzwWGkWflk4j^Lb=x56M75_p9M*Q50#(+!aT01y80x#rs9##!;b-BH?2Fu&vx}
za%4<Uq7M7HMYmu?cUMtCelvff?6wn(i%VJgd!6YJ3r7c&;v3MKExM<*5?@uvc9dn@
z3}7ku-f~{xWAON+#T2m0i^R=#KWCQ?auXVcxys`5@pG)SfQ9@mY=rrx(;@ks<+WA#
z3^z9No>!~GAEDsB54X9wCF~juV@aU}fp_(a<`Ig0Pip8IjpRe#BR?-niYcz@jI+QY
zBU9!8dAfq@%p;FX)X=E7?B=qJJNXlJ&7FBsz;4&|*z{^kEE!XbA)(G_O6I9GVzMAF
z8)+Un(6od`W7O!!M=0Z)A<P+<>JuNyN8q>jNaOdC-zAZ31$Iq%{c_SYZe+(~_R`a@
zOFiE*&*o5XG;~UjsuW*ja-0}}rJdd@^VnQD!z2O~+k-OSF%?hqcFPa4e{mV1UOY#J
zTf!PM=KMNAzbf(+|AL%<LG&eP7)3&VMn-8qWi=26TlGgKlfo+cV@3ks03D`{tzBx8
zjUzjOLyARqi-TH8CU^C7(L)=9vXz0UOq_)ysgRwb^4r=R1(*ifNg-Zgtxcxd__26b
z^~2Ul&pySR&sh=z{+jS4)_O_&nC;X?*)NMzOPH?Gxrp{C9|ERIE+&0J>K~$ahX0Ol
zbAxKu3;v#P{Qia{_WzHl`!@!8c#62XSegM{tW1nu?Ee{sQq(t{0TSq67YfG;KrZ$n
z*$S-+R2G?aa*6kRiTvVxqgUhJ{ASSgtepG3hb<3hlM|r>Hr~v_DQ>|Nc%&)r0A9go
z&F3Ao!PWKVq~aWOzLQIy&R*xo>}{UTr}?`)KS&2$3NR@a+>+hqK*6r6Uu-H};ZG^|
zfq_Vl%YE1*uGwtJ>H*Y(Q9E6kOfLJRlrDNv`N;jnag&f<4#UErM0ECf$8DASxMFF&
zK=mZgu)xBz6lXJ~WZR7OYw;4&?v3Kk-QTs;v1r%XhgzSWVf|`Sre2XGdJb}l1!a~z
zP92YjnfI7OnF@4~g*LF>G9IZ5c+tifpcm6#m)+BmnZ1kz+pM8iUhwag`_gqr(bnpy
zl-noA2L@2+?*7`ZO{P7&UL~ahldjl`r3=HIdo~Hq#d+&Q;)LHZ4&5zuDNug@9-uk;
z<2&m#0Um`s=B}_}9s&70Tv_~Va@WJ$n~s`7tVxi^s&_nPI0`QX=JnItlOu*Tn;T@>
zXsVNAHd&K?*u~a@u8MWX17VaWuE0=6B93P2IQ{S$-WmT+Yp!9eA>@n~=s>?uDQ4*X
zC(SxlKap@0R^z1p9C(VKM>nX8-|84nvIQJ-;9ei0qs{}X>?f%&E#%-)Bpv_p;s4R+
z;PMpG5*rvN&l;i{^~&wKnEhT!S!LQ>udPzta#Hc9)S8EUHK=%x+z@iq!O{)*XM}aI
zBJE)vokFFXTeG<2Pq}5Na+kKnu?Ch|YoxdPb&Z{07nq!yzj0=xjzZj@3XvwLF0}Pa
zn;x^HW504NNfLY~w!}5>`z=e{nzGB>t4ntE>R}r7*hJF3OoEx}&6LvZz4``m{AZxC
zz6V+^73YbuY>6i9ulu)<CRJ%B;~!hQf?ieH{Ix(784}A=RTZjU#WkD-_RQF+IixvO
zU1(pq%&>2`ozP(XBY5n$!kiAE_Vf4}Ih)tlOjgF3HW|DF+q-jI_0p%6Voc^e;g28*
z;Sr4X{n(X7eEnACWRGNsHqQ_OfWhAHwnSQ87@PvPcpa!xr9`9+{QRn;bh^jgO8q@v
zLekO@-cdc&eOKsvXs-eMCH8Y{*~3Iy!+CANy+(WXYS&6X<ikJ>B$&1+tB?!qcL@@)
zS7XQ|5=o1fr8yM7r1AyAD~c@Mo`^i~hjx{N17%pDX?j@2bdBEbxY}YZxz!h#)q^1x
zpc_RnoC3`V?L|G2R1QbR6pI{Am<S85UzvRyz99a6%f~w?P0^r&fRs~$fROyZxBNd)
z#;`Vwhwf5};Hb`4(>?yW?4Gy`G-xBYfebXvZ=(nTD7u?OEw>;vQICdPJBmi~;xhVV
zisVvnE!bxI5|@IIlDRolo_^tc1{m)XTbIX^<{TQfsUA1Wv(Kj<D(%KlnWL<$ET0?S
zr(EyL_M_apJm<@whF{apOsMm;pDHv<^Zp*kLMOfa#~-bheid_H9%B+j9><QaDQSKR
zy*CRc?15o2#*c|<a{Q+CV)xkwyc3M@CtzdWTP@M&%VE>JED^nj`r!JjEA%MaEGqPB
z9YVt~ol3%e`PaqjZt&-)Fl^NeGmZ)nbL;92cOeLM2H*r-zA@d->H5T_8_;Jut0Q_G
zBM2((-VHy2&eNkztIpHk&1H3M3@&wvvU9+$RO%fSEa_d5-qZ!<`-5?L9lQ1@AEpo*
z3}Zz~R6&^i9KfRM8WGc6fTFD%PGdruE}`X$tP_*A)_7(uI5{k|LYc-WY*%GJ6JMmw
z<P2S*+o-*TM6%m8FL+a@b@!ki5J};x?2<WD6uCe(zj&N;-6*;>NBT%^E#IhekpA(i
zcB$!EB}#>{^=G%rQ~2;gbObT9PQ{~aVx_W6?(j@)S$&Ja1s}aLT%A*mP}NiG5G93-
z_DaRGP77PzLv0s32{UFm##C2LsU!w{vHdKTM1X)}W%OyZ&{3d^2Zu-zw?fT=+zi*q
z^fu6CXQ!i?=ljsqSUzw>g#PMk>(^#ejrYp(<Cb!L8J=y9_r0%|iCR1YSJ;#(Ip@Zd
z+A?N*iM)V0aH+`364T<g<<b84+*T(Y`o`AGkO-6t2g~%@#=5h*y*G7pRSj4p!GOtJ
zZB1EcXLk(}-}xz=+s~)_r;AfqH#bPJi*#+GfxSZv`OmFK*RyC==JukSU1P_%(43nC
zhkXZCB&pbu4;g_3=ET?>C)7+@Z1=Mw$Rw!l8c9}+$Uz;9NUO(kCd#A1DX4Lbis0k;
z?~pO(;@I6Ajp}PL;&`3+;OVkr3A^dQ(j?`by@A!qQam@_5(w6fG>PvhO`#P(y~2ue
zW1BH_GqUY&>PggMhhi@8kAY;XWmj>y1M@c`0v+l~l0&~Kd8ZSg5#46wTLPo*Aom-5
z>qRXyWl}Yda=e@hJ%`x=?I42(B0lRiR~w>n6p8SHN~B6Y>W(MOxLpv>aB)E<1oEcw
z%X;#DJpeDaD;CJ<KPTwB$&EiMkS>RLX%u!t23F|cv0ZaE183LXxMq*<w;>uWn)cD_
zp!@i5zsmcxb!5uhp^@>U;K>$B|8U@3$65CmhuLlZ2(lF#hHq-<<+7ZN9m3-hFAPgA
zKi;jMBa*59ficc#TRbH_l`2r>z(Bm_XEY}rAwyp~c8L>{A<0@Q)j*uXns^q5z~>KI
z)43=nMhcU1ZaF;CaBo>hl6;@(2#9yXZ7_BwS4u>gN%SBS<;j{{+p}tbD8y_DFu1#0
zx)h&?`_`=ti_6L>VDH3>PPAc@?wg=Omdoip5j-2{$T;E9m)o2noyFW$5dXb{9CZ?c
z);zf3U526r3Fl+{82!z)aHkZV6GM@%OKJB5mS~JcDjieFaVn}}M5rtPnHQVw0Stn-
zEHs_gqfT8(0<w(MSVCn~i7PQ6z=D|z(j#OgsDT8X&#pC>b-5ZCk1%1{QQaY3%b>wU
z7lyE?lYGuPmB6jnMI6s$1uxN{Tf_n7H~nKu+h7=%60WK-C&kEIq_d4`wU(*~rJsW<
zo^D$-(b0~uNVgC+$J3MUK)(>6*k?92mLgpod{Pd?{os+yHr&t+9ZgM*9;dCQBzE!V
zk6e6)9U6Bq$^_`E1xd}d;5O8^6?@bK>QB&7l{vAy^P6FOEO^l7wK4K=lLA45gQ3$X
z=$N{GR1{cxO)j;ZxK<v3Xn2a=xH!!r-^A(sI0Pbh;ciM8DnCQU3XO1C-<x?!7kQt^
z=&H!6hUel2va{SYk8s^g!)_Peko2hU$KToE`UfGgO*5+Iv44^iEk6V9b4T(pyJxR0
zI9~C64T{KIq>I*1kZIT9p>%Fho<z%s@)nN~I{-yx$5uvWL+oe>FbRK;M(m&bL?SaN
zzkZS9xMf={o@gpG%wE857u@9dq>UKvbaM1SNtMA9EFOp7$BjJQVkIm$wU?-yOOs{i
z1^(E(WwZZG{_#aIzfpGc@g5-AtK^?Q&vY#CtVpfLbW?g0{BEX4Vlk(`AO1{-D@31J
zce}#=$?Gq+FZG-SD^z)-;wQg9`qEO}Dvo+S9*PUB*JcU)@S;UVIpN7rOqXmEIerWo
zP_lk!@RQvyds&zF$Rt>N#_<!~zk*)RdqaW2z2W81&{<3<k2#n)pCN_}OT3v67}-9w
zkZ{J2q-HK2{JvWnU^R|@YWl<BHduR~C9nytkcUR`Bl|cu`j02O)(xmFml&(0Th^~S
ztYH}MLxq_wVpr(&8(~qU(wKnXNq&+-qZG<}a{E{>=!?5{XI`Dbo0<@>fIVgcU*9Y+
z)}K(Y&fdgve3ruT{WCNs$XtParmvV;rjr&R(V&_#?ob1LzO0RW3?8_kSw)bjom#0;
zeNllfz(HlOJw012B}rgCUF5o|Xp#HLC~of%lg+!pr(g^n;wCX@Yk~SQOss!j9f(KL
zDiI1h#k{po=Irl)8N*KU*6*n)A8&i9Wf#7;HUR^5*6+Bzh;I*1cICa|`&`e{pgrdc
zs}ita0AXb$c6{tu&hxmT0faMG0GFc)unG8tssRJd%&?^62!_h_kn^HU_kBgp$bSew
zqu)M3jTn;)tipv9Wt4Ll#1bmO2n?^)t^ZPxjveoOuK89$oy4(8Ujw{nd*Rs*<+xFi
z{k*9v%sl?wS{aBSMMWdazhs0#gX9Has=pi?DhG&_0|cIyRG7c`OBiVG6W#JjYf7-n
zIQU*Jc+SYnI8oG^Q8So9SP_-w;Y00$p5+LZ{l+81>v7|qa#Cn->312n=YQd$PaVz8
zL*s?ZU*t-RxoR~4I7e^c!8TA4g>w@R5F4JnEWJpy>|m5la2b#F4d*uoz!m=i1;`L`
zB(f>1fAd~;*wf%GEbE8`EA>IO9o6TdgbIC%+en!}(C5PGYqS0{pa?PD)5?ds=j9{w
za9^@WBXMZ|D&(yfc~)tnrDd#*;u;0?8=lh4%b-lFPR3ItwVJp};HMdEw#SXg>f-zU
zEiaj5H=jzRSy(sWVd%hnLZE{SUj~$xk&TfheSch#23)YTcjrB+IVe0jJqsdz__n{-
zC~7L`DG}-Dgrinzf7Jr)e&^tdQ}8v7F+~eF*<`~Vph=MIB|YxNEtLo1jXt#9#UG5`
zQ$OSk`u!US+Z!=>dGL>%<XI`rhd2$EYHDb09`&$SYTH}_tiA2RDCp?oprka+5YL7*
zL`9W1K4A>i#uV<5*F?pivBH@@1idFrzVAzttp5~>Y?D0LV;8Yv`wAa{hewVjlhhBM
z_mJhU9yWz9Jexg@G~dq6EW5^nDXe(sU^5{}qbd0*yW2Xq6G37f8{{X&Z>G~dUGDFu
zgmsDDZZ5ZmtiBw58CERFPrEG>*)*`_B75!MDsOoK`T1aJ4GZ1avI?Z3OX|Hg?P(xy
zSPgO$alKZuXd=pHP6UZy0G>#BFm(np+dek<m?d!VmDY@>v0l6gd=36FijlT8^kI5;
zw?Z*FPsibF2d9T$_L@uX9iw*>y_w9HSh8c=Rm}f>%W+8<MJ46x9Hk+F_*D=AEWIm_
zga6(U$bV3#dyM?rimC$Rn~gbVcOSX&%si4eh35~uuXGeE6ntX=HzIhWCb3OrP<89w
z`7s;}@Vjw?{Mt<XB3zj3P3wtxl*>OS=Hj_wsH-^actull3c@!z@R4NQ4qpytnwMaY
z)>!;FUeY?h2N9tD(oth<wOB=iO&-ft?hpLwQ4t&z`#Z2ftKBnO56tA?vU>c7Q=(dF
zZAX&Y1ac1~0n(z}!9{J2kPPnru1?qteJPvA2m!@3Zh%+f1VQt~@leK^$&ZudOpS!+
zw<R6b6I319v;|7*LZEf34pjY{s*a>#L0usf!?Df1tB?9=zP<DvKPg4>Z@q2sG!A#9
zKZL`2cs%|Jf}wG=_rJkwh|5Idb;&}z)JQuMVCZSH9kkG%zvQO01wBN)c4Q`*xnto3
zi7TscilQ>t_SLij{@Fepen*a(`upw#RJAx|JYYXvP1v8f)dTHv9pc3ZUwx!0tOH?c
z^Hn=gfjUyo<rvgfMTgC~))o4=`NL~uM=c%M>!;+3vZhxNE?LJgP`qYJ`J)umMXT@b
z{nU(a^xFfofcxfHN-!Jn*{Dp5NZ&i9#9r{)s^lUFCzs5LQL9~HgxvmU#W|iNs0<3O
z%Y2FEgvts4t({%lfX1uJ$w{JwfpV|HsO{ZDl2|Q$-Q?UJd`@SLBsMKGjFFrJ(s?t^
z2Llf`deAe@YaGJf)k2e&ryg*m8R|pcjct@rOXa=64#V9!sp=6tC#~QvYh&M~zmJ;%
zr*A}V)Ka^3JE!1pcF5G}b&jdrt;bM^+J;G^#R08x@{|ZWy|547&L|k6)HLG|sN<~o
z?y`%kbfRN_vc}pwS!Zr}*q6DG7;be0qmxn)eOcD%s3Wk`=@GM>U3ojhAW&WRppi0e
zudTj{ufwO~H7izZJmLJD3uPHtjAJvo6H=)&SJ_2%qRRECN#HEU_RGa(Pefk*HIvOH
zW7{=Tt(Q(LZ6&WX_Z9vpen}jqge|wCCaLYpiw@f_%9+-!l{kYi&gT@Cj#D*&rz1%e
z@*b1W13bN8^j7IpAi$>`_0c!aVzLe*01DY-AcvwE;kW}=Z{3RJLR|O~^iOS(dNEnL
zJJ?Dv^ab++s2v!4Oa_WFDLc4fMspglkh;+vzg)4;LS{%CR*>VwyP4>1Tly+!fA-k?
z6$bg!*>wKtg!qGO6GQ=cAmM_RC&hKg$~(m2LdP{{*M+*OVf07P$OHp*4SSj9H;)1p
z^b1_4p4@C;8G7cBCB6XC{i@vTB3#55iRBZiml^jc4sYnepCKUD+~k}TiuA;HWC6V3
zV{L5uUAU9CdoU+qsFszEwp;@d^!6XnX~KI|!o|=r?qhs`(-Y{GfO4^d6?8BC0xonf
zKtZc1C@dNu$~+p#m%JW*J7alfz^$x`U~)1{c7svkIgQ3~RK2LZ5;2TAx=H<4AjC8{
z;)}8OfkZy7pSzVsdX|wzLe=SLg$W1+`Isf=o&}npxWdVR(i8Rr{uzE516a@28VhVr
zVgZ3L&X(Q}J0R2{V(}bbNwCDD5K)<5h9CLM*~!xmGTl{Mq$@;~+|U*O#nc^oHnFOy
z9Kz%AS*=iT<H=cFs3OkVD~J^<aSI9YsgI^bkp&0~03al}Uh`XoH+?D~8iH6EdxLt0
z@O&p!;|?SqMA)6@^w{*lZk(bvRd3I_KnPq|w*D3Ml`LZ<bc=bpZVYaAW_;C|BYmrc
zNcZu8niC^s7ka9NOl-wv>BY_bSZAAY6wXCI?EaE>8^}WF@|}O@I#i69ljjWQPBJVk
zQ_rt#J5<J`Pvs16W)2!V%%E_LrFw%-LlRE&HAgR|bDU<AgO-)@U7d9C0h7BItH2Ac
zCpFgE2uD=9s{Yd_IR{cLNG>6_wGXiyItvAShJpLEMtW_)V5JZAuK#BAp6bV3K;IkS
zK0AL(3ia99!vUPL#j>?<>mA~Q!mC@F-9I$9Z!96ZCSJO8FDz1SP3gF<ps3z~Aw}NE
zJ3NF1^tg-^@=+c{U<MxsTxK{ikK{;88Z!mJ-K3x~nqD1OFP?@!(lmJ4vFO5hdn}44
zQto7jp@1X%OBb3KvP<8eKAhwX@t$9G39fH3TDqbvASUguele9#DQk!;*q!4ewyT{%
zGVygC-%Z)VUx8uy5F)8J|H*br?K|4HrOuMd@#@MPr*vBWhz!06{L&^dH7S;@G`!9O
z4}akKBSE<`g);Ll90K&`YQeWY2KJrDPEoL^Z30|n8!<49OI~(a-(zqB{#3d*4fgJ!
z#T>~m`1c#y!efq8QN}eHd+BHwt<ic0)wo|D?hAv_2^(JqI>m%M5586jlU8&e!CmOC
z^N_{YV$1`II$~cTxt*dV{-yp61nUuX5z?N8GNBuZZR}Uy_Y3_~@Y3db#~-&<a)x4O
zWQfo{1Lt_keYn2e!rgS^;2ZGDB6Z67!~J`m$um&Cu;6cfY2vT2{J-l=|GB&68ru&W
zB#bU`MYm{;AwKyiF(<s9D)9qaLiJ6Cs5F9%&E!)zS};F8iha!uE4-5@d*$s0yndiB
z_^3cBeW;SriDG|FRySi>0TX64<c5CiKtC#|hCA=kW;@RidQe%NcTYc)&A8*ELaGLJ
zdIY?pL9gDRh0?gdg%p)xKU<>4OuG^D3w_`?Yci{gTaPWST8`LdE)HK5OYv>a=6B%R
zw|}>ngvSTE1rh`#1Rey0?LXTq;bCIy>TKm^CTV4BCSqdpx1pzC3^ca*S3fUBbKMzF
z6X%OSdtt50)yJw*V_HE`hnBA)1yVN3Ruq3l@lY;%Bu+Q&hYLf_Z@fCUVQY-h4M3)-
zE_G|moU)Ne0TMjhg?tscN7#ME6!Rb+y#Kd&-`!9gZ06o3I-VX1d4b1O=bpRG-tDK0
zSEa9y4<Zo!{yG=_C<~qZeeIu9)*gyd=!U->6s7QI%LmhbU3P`RO?w#FDM(}k<U|-G
zeo7-?WwF$?!13}Lo&0i>8T`&>OCU3xD=s5N7}w$GntXF;?jdVfg5w9OR8VPxp5{uw
zD+_;Gb}@7Vo_d3UV7PS65%_pBUeEwX_Hwfe2e6Qmyq$%0i8Ewn%F<qU`O^gGvEaG;
z0Id<L1>7i%=CNE<qFdh7B)U|6ic1I|K)5CAug~!H+%smikd8pnkKV?^46(lWJjDpR
zj4`Oz+if@<R9IUndM*CRW=IieHCkgUwWx5;!G6G^w;qq{-12eTVvBB>V)Qg`r|&+$
zP6^Vl(MmgvFq`Zb715wYD>a#si;o+b4j^VuhuN>+sNOq6Qc~Y;Y=T&!Q4>(&^>Z6*
zwliz!_16ED<eX;OuQ_p$(s;<gHl)&F+8HVlxJgnZ)*TA5=vb@|1J4{KkwV?R#Ybsg
zghk8RB+Bvj87~AnJz-E@T-4yZaC@9lrDy#lUv`{2@GRC6zHFPb>LTT;v$@W(s7s0s
zi*%p>q#t)`S4j=Ox_IcjcllyT38C4hr&mlr6qX-c;qVa~<l^v=6SjCUU2Tn^8nB$m
zbeHcvRe2ifa{=0*#Q7Goh9SB*m!RD(<Wb5}(XVT0Sx>k$MG;UqdnzKX0wo0Xe-_)b
zrHu1&21O$y5828UIHI@N;}J@-9cpxob}zqO#!U%Q*ybZ?BH#~^fOT_|8&xAs_rX24
z^nqn{UWqR?MlY~klh)#Rz-*%&e~9agOg*fIN`P&v!@gcO25Mec23}PhzImkdwVT|@
zFR9dYYmf&HiUF4xO9@t#u=uTBS@k*97Z!&hu@|xQnQDkLd!*N`!0JN7{EUoH%OD85
z@aQ2(w-N)1_M{;FV)C#(a4p!ofIA3XG(XZ2E#%j_(=`IWlJAHWkYM2&(+yY|^2TB0
z>wfC-+I}`)LFOJ%KeBb1?eNxGKeq?AI_eBE!M~$wYR~bB)J3=WvVlT8ZlF2EzIFZt
zkaeyj#vmBTGkIL9mM3cEz@Yf>j=82+KgvJ-u_{bBOxE5zoRNQW3+Ahx+eMGem|8xo
zL3ORKxY_R{k=f~M5oi-Z>5fgqjEtzC&xJEDQ@`<)*Gh3UsftBJno-y5Je^!D?Im{j
za*I>RQ=IvU@5WKsIr?kC$DT+2bgR>8rOf3mtXeMVB~sm%X7W5`s=Tp>FR544tuQ<O
z@lSDGHy69o+CudhLRe`kT@O7=L)=Ll>>9qLt|aUSv^io&z93luW$_OYE^sf8DB?gx
z4&k;dHMWph>Z{iuhhFJr+PCZ#SiZ9e5xM$A#0yPtVC>yk&_b9I676n|oAH?VeTe*1
z@tDK}QM-%J^3Ns6=_vh*I8hE?+=6n9nUU`}EX|;Mkr?6@NXy8&B0i6h?7%D=%M*Er
zivG61Wk7e=v;<%t*G+HK<aG5B6ZLe}k3gU9IK5`l%}q68<B7x6eG9WaeQX$K;zQty
z%xRjxGEz^j@-QA-t-1K|b)CB-=)l(g2#o96h%q&4>Bqz{;0Biv7F+WxGirONRxJij
zon5~(a`UR%uUzfEma99QGbIxD(d}~oa|e<OaZ^->xU5Y27#4k@N|=hE%Y?Y3H%rcT
zHmNO#ZJ7nPHRG#y-(-FSza<j!L0m;#+}%O2JoiBP!3!<k!8dtn0$i9|lo;Q_Zl;Nr
z63&oZGvgQR*&`_3J+93?WSrBoFJiAGVy}phU-Y+M)IWnnbO=U9xg-6r2XFG;dEc={
z>Z2S{`itkdYY^ZUvyw<7yMBkNG+>$Rfm{iN!gz7eASN9-B3g%LIEyRev|3)kSl;JL
zX7MaUL_@~4ot3$woD0UA49)wUeu7#lj77M4ar8+myvO$B5LZS$!-ZXw3w;l#0anYz
zDc_RQ0Ome}_i+o~H=CkzEa&r~M$1GC!-~WBiHiDq9Sdg{m|G?o7g`R%f(Zvby5q4;
z=cvn`M>RFO%i_S@h3^#3w<Ezywre;5{P}qZiN+!P4}Go=j8&6)M{KC~2U3<7?V(cO
zTOuy+0*OVYwk4~j!uqHU`Jpe{peIM3&T$_v@4OFoG5(oKDKH2LFtLqY+;|@BcS8T3
z27jD~(0l%66^H#Ly8JhcNvZ!u(p7ghbCR~VGn2Qsw{dm&Cu0(@uDC9YEC5ID78Cd@
zSq>ImmWI4}2x4skPNL9Am{c!WxR_spQX3+;fo!y(&~Palyj<G%T&%aElJ_h`ju`2{
z*!=O}e2V96Q|Qa@6O=g^0zxH5#)HyCuOEC56%|%AJ^4nj+E9Ehhz3Rm0(Qjon6x*U
zh2b_PL_6%$%*4!*>t~Xo0uy6d%sX&I`e>zv6CRSm)rc^w!;Y6iVBb3x@Y=`hl9jft
zXm5vilB4IhImY5b->x{!MIdCermpyLbsalx8;hIUia%*+WEo4<2yZ6`OyG1Wp%1s$
zh<|KrHMv~XJ9dC8&EXJ`t3ETz>a|zLMx|MyJE54RU(@?K&p2d#x?eJC*WKO9^d17#
zdTTKx-Os3k%^=58Sz|J28aCJ}X2-?YV<K`*IWbEP&_R0k7_EfT;<TP(wC%7CWyZ=x
z`O$jKk1{(dS&<iy$ZEhST`m%#8dP}%^FTh73eP_?%-iQxM7gH}Za{FwwlCrzE38)~
zE?LBD*Qz{_Sn1Bj*Niako~3>3T7ee?*FoDLOC214J4|^*EX`?cy%+7Kb3(@0@!Q?p
zk>>6dWjF~y(eyRPqjXqDOT`4^Qv-%G#Zb2G?&LS-EmO|ixxt79JZlMgd^~j)7XYQ;
z62rGGXA=gLfgy{M-%1gR87hbhxq-fL)GSfEAm{yLQP!~m-{4i_jG*JsvU<U%1FUKu
z@a@_kww0NXCseAgH5GWnH=rZ;_(%(@=^$xfRPc)}_{BTIY2u9Vi!_5N<WVVo5TFKi
zKMQpSA|NxW4KvdzmiD+DzEQY`xhYWalpW9U(qtE&L6HvNb{f~D?O7T<o%sK|4=X!$
zWK{iS#4})mfYAPDDEAK^*8B%~{D1Pl|KY$nT2LP7qZpr1In8BDg-(T$q<Ip2k)-l0
zS_8-=FyubO!l>dqAkoc<h?l_OEkX*#J(sdX$tZ#{EGkD>#q6Yd&>=;4udAh#?xa2L
z7mFvCjz(hN7eV&cyFb%(U*30H@bQ8-b7mkm!=w<iY7G#xss($iP9Aaixm7!!w6f&w
z;Io<zX+c=eH=;rY<S<McH>h2|;+_4v<ohSp)nrC!yF?j#REMh^4En3oryR%YRBm*-
z6r;Lz5ue6(A80R!@zA^G<GEgL%rQXiRjxHKTs^X)bh`BW`PArBKre^+FgA`xJJmw2
zff!f)AGc@SP9AyqTUVn{?``>o=tyHPQ0hL=NR`jbs<e_UrF*1=s?4=JWVD>SiBWtG
ztMPPBgHj(JTK#0VcP36Z`?P|AN~ybm=jNbU=^3dK=|rLE+40>w+MWQW%4gJ`>K!^-
zx4kM*XZLd(E4WsolMCRsdvTGC=37FofIyCZCj{v3{wqy4OXX-dZl@g`Dv>p2`l|H^
zS_@(8)7gA62{Qfft>vx71stIL<XDAb)A_}P?bWz4)*od!&J^3YA+krzz(VB@zi)<B
zJi>MuyV4uKb7BbCstG@|e*KWl{P1$=1xg(7E8MRRCWQ1g)>|QPAZot~|FYz_J0T+r
zTWTB3Aat<kyqC^aeEI&4k&eczcHCH`-x@|;w`QU(tRS~lp$mG*C^cleK^Tdv$3WB|
z&$xy{MnVG`WtQot8`4EV){(;etdeGD;m^MC+j``?mya-S=jd)h{(>KyUsTXR7{Uu)
z$1J5SSqoJWt(@@L5a)#Q6bj$KvuC->J-q1!nYS6K5<Q92hum6%<vzLo>&e7vNdtj-
zj9;qwbODLgIcObqNRGs1l{8>&7W?BbDd!87=@YD75B2ep?IY|gE~t)$`?XJ45MG@2
zz|H}f?qtEb_p^Xs$4{?nA=Qko3Lc~WrAS`M%9N60FKqL7XI+v_5H-UDiCbRm`fEmv
z$pMVH*#@wQqml~MZe+)e4Ts3Gl^!Z0W3y$;|9hI?9(iw29b7en0>Kt2pjFXk@!@-g
zTb4}Kw!@u|V!wzk0|qM*zj$*-*}e*ZXs#Y<6E_!BR}3^YtjI_byo{F+w<pjZ_3M3c
z+%!`W!iaiI=cKVlR&}S+_)mS9{q8z!Ptk7YGohy<EP9^2B)qQC=9l9qyAP4j+_l)d
zbbma@J9s=xG-Xngm=Zi&1g>9H9?f%mnBh(uE~!Um7)tgp2Ye;XYdVD95qt1I-fc@X
zXHM)BfJ?^g(s3K|{N8B^hamrWAW|zis$`6|iA>M-`0f+vq(FLWgC&KnBDsM)_ez1#
zPCTfN8{s^K`_bum2i5SWOn)B7JB0tzH5blC?|x;N{|@ch(8Uy-O{B2)OsfB$q0@FR
z27m3YkcVi$KL;;4I*S;Z#6VfZcZFn!D2Npv5pio)sz-`_H*#}ROd7*y4i(y(YlH<4
zh4MmqBe^QV_$)VvzWgMXFy`M(vzyR2u!xx&%&{^*AcVLrGa8J9ycbynjKR~G6zC0e
zlEU>z<M2LODA`#6m2{fop_H@|DWss8<&c1i$5$vlv?d32lqL=qsVOtbD9@<!`5_+}
zJ>t7yQtMhz>XMnz>ewXS#{Bulz$6HETn?qD5v3td>`qGD;Y8&RmkvN=24=^6Q@DYY
zxMt}uh2cSToMkkIWo1_Lp^FOn$+47JXJ*#q=JaeiIBUHEw#IiXz8cStEsw{UYCA<o
zqXI(K^K&;A`$BzmHvq-vIYf&>5v_%cF@#m^Y!=+qttuH4u}r6gMvO4EAvjBURtLf&
z6k!C|OU@hv_!*qear3KJ?VzVXDKqvKRtugefa7^^MSWl0fXXZR$Xb!b6`eY4A1#pk
zAVoZvb_4dZ{f~M8fk3o?{xno^znH1t;;E6K#9?erW~7cs%EV|h^K>@&3Im}c7nm%Y
zbLozF<B>rwM&tSNp|46)OhP%MJ(5PydzR>8)X%i3!^L%3HCoCF#Y0#9vPI5l&MK*_
z6G8Y>$`~c)VvQle_4L_AewDGh@!bKkJeEs_NTz(yilnM!t}7jz>fmJb89jQo6~)%%
z@GNIJ@AShd&K%UdQ5vR#yT<-goR+D@Tg;PuvcZ*2AzSWN&wW$Xc+~vW)pww~O|6hL
zBxX?hOyA~S;3rAEfI&jmMT4f!-eVm%n^KF_QT=>!A<5tgXgi~VNBXq<e4r?8Y|He0
z(bTw_%*2%_#8PToJ)D9Ixl%ODs5#SXati-qQ>sFI(iI$Tu3x0L{<_-%|HMG4Cn?Xs
zq~fvBhu;SDOCD7K5(l&i7Py-;Czx5byV*3y%#-Of9rtz?M_owXc2}$OIY~)EZ&2?r
zLQ(onz~I7U!w?B%LtfDz)*X=CscqH!UE=mO?d&oYvtj|(u)^yomS;Cd>Men|#2yuD
zg&tf(*iSHyo;^A03p&_j*QXay9d}qZ0CgU@rnFNDIT5xLhC5_tlugv()+w%`7;ICf
z><DwGOofUx1I{RZ<CKE20W1fHUdHypQI!7@Hs;vLK<Pq?iPo>;<#L4m@{1}Og76*e
zHWFm~;n@B1GqO8s%=qu)+^MR|jp(ULUOi~v;wE8SB6^mK@adSb=o+A_>Itjn13AF&
zDZe+wUF9G!JFv|dp<RljT@ILMo21W}&=E>j1#d+}BO~s*QTe3381TxA%Q>P*J#z%(
z5*8N^QWxgF73^cTKkkvgvIzf*cLEyyKw)Wf{#$n{uS#(rAA~>TS#!asqQ2m_izXe3
z7$Oh=rR;sdmVx3G)s}eImsb<@r2~5?vcw*Q4LU~FFh!y4r*>~S7slAE6)W3Up2OHr
z2R)+O<0kKo<3+5vB}v!lB*`%}gFldc+79iahqEx#&Im@NCQU$@PyCZbcTt?K{;o@4
z312O<TdGn$jnzsex3Lk!EvUM<M@SaH_Pma!4A4p&ctz(dcDS>9GB)?X&wAB}*-NEU
zn@6`)G`<r^r-}^J^-ZfUsVgt=hS!z4DW(glJS1&_(St6Vw#JiqgOGB909cX%huuh5
zWSfiaCb3E98es|ZK;l(7&@4%iR3joC>FhT8O^=Cz3y+XtbwO{5+{4-&?z!esFts-C
zypwgI^4#tZ74KC+_IW|E@kMI=1pSJkvg$9G3Va(!reMnJ$kcMiZ=30dTJ%(Ws>eUf
z;|l--TFDqL!PZbLc_O(XP0QornpP;!)hdT#Ts7tZ9fcQeH&rhP_1L|Z_ha#<p_H;=
z82-WCj=TQ?`Cj+1|5W~kdh36M^glyBnSYV-{{i(R{+1^PnBl{|rcVB#qjbR<Jbdpz
ztEGhp7n%3oocK+BQNH+MOXveaBzvxAPE2lido+9J>JOroe^qcsLi`+AoBWHPM7}gD
z+mHuPXd14M?nkp|n<IlV6BlCS8ZDt>u9G8hPk;3=JXE-a204Fg!BK|<V`8V8ikmCl
zPdgYbioI+JJs978Kx?)RVBAY&evQvmA^`0dAvi$QabRd=So&$Q*whX7h4Am-mRvbQ
zSN-n=(6GN8!2ixtptFmyt?j?=S>$MX`k-qPeD$2OOqvF;C(l8wm13?>i(pz7kRyYm
zM$IEzf`$}B%ezr!$(UO#uWExn<ge+(d#%tt2sT8?HfW2^kGu)nblcBs)JO@O5j_GV
zK0eIdk~XIkQSV+3x;?KxF1MeayzOT{j{3tvs{4ih6yRVY(GVJp1y74*LP<%&v7#bQ
zLK~|Mpy05wc5zP_wuWAl<{D1%G41Y_@Z<0Ay5Y!l$xCt>%nTCTIZzq&8@i8sP#6r8
z*QMUzZV(LEWZb)wbmf|Li;UpiP;PlTQ(X4zreD`|`RG!7_wc6J^MFD!A=#K*ze>Jg
z?9v?p(M=fg_VB0+c?!M$L>5FIfD(KD5ku*djwCp+5GVIs9^=}kM2RFsxx0_5DE%BF
zykxwjWvs=rbi4xKIt!z$&v(`msFrl4n>a%NO_4`iSyb!<!qHFE+4>UiAE&mDa+apc
zPe)#!ToRW~rqi2e1bdO1RLN5*uUM@{S`KLJhhY-@TvC&5D(c?a(2$mW-&N%h5IfEM
zdFI6`6KJiJQIHvFiG-34^BtO3%*$(-Ht_JU*(KddiUYoM{coadlG&LVvke&*p>Cac
z^BPy2Zteiq1@ulw0e)e*ot7@A$RJui0$l^{lsCt%R;$){>zuRv9#w@;m=#d%%TJmm
zC#%eFOoy$V)|3*d<<t{877l1Tq?S30hb75<7E%PdofC==&9D*^nO9{>OC1iP+4R7D
z8FE$E8l2Y?(o-i6wG=BKBh0-I?i3WF%hqdD7VCd;vpk|LFP!Et8$@voH>l>U8BY`Q
zC*G;&y6|!p=7`G$*+hxCv!@^#+QD3m>^azyZoLS^;o_|pl<Hx^<Rv<&4t$tiB%fHp
zlz}tOLM=`o&jcDXjC3459K!%ySvf1#S(EbnKq}+3Mp`%)BU@CEwe@kl4+!Z@M%kI9
zUpClTa01P<aM-H<G8e-Cz-v3g<Y`=kj9}OfPQ!8*s`pb8<_1s0wis0faW>Qaj-wx^
zRV&$HcY~p)2|Zqp0S<BK_Jhw*dmvlT)F~`S1kGN1@d;M#kjT?M<0IuAbu;Zm!}f$Q
z(LKZV(C*s6_QW~E{)Mixf6qFt*AYSXCaMGO=ssB6Xwd8>YU?W3zV87s6JP-@D~$t0
zvd;-YL~JWc*8mtHz_s(cXus#XYJc5zdC=&!4MeZ;N3TQ>^I|Pd=HPjVP*j^45rs(n
zzB{U4-44=oQ4rNN6@>qYVMH4|GmMIz#z@3UW-1_y#eNa+Q%(41oJ5i(DzvMO^%|?L
z^r_+MZtw0DZ0=BT-@?hUtA)Ijk~Kh-N8?~X5%KnRH7cb!?Yrd8gtiEo!v{sGrQk{X
zvV>h{8-DqTyuAxIE(hb}jMVtga$;FIrrKm>ye5t%M;p!jcH1(Bbux>4D#MVhgZGd>
z=c=nVb%^9T?iDgM&9G(mV5xShc-lBLi*6RShenDqB%`-2;I*;IHg6>#ovKQ$M}dDb
z<$USN%LMqa5_5DR7g7@(oAoQ%!~<1KSQr$rmS{UFQJs5&qBhgTEM_Y7|0Wv?fbP`z
z)`8~=v;B)+>Jh`V*|$dTxKe`HTBkho^-!!K#@i{9FLn-XqX&fQcGsEAXp)BV7(`Lk
zC{4&+Pe-0&<)C0kAa(MTnb|L;ZB5i|b#L1o;J)+?SV8T*U9$Vxhy}dm3%<KfWC+|c
zslyRt`f49RPdW2Mh%rT}g6?FgU3RAx!ApQ`n{-|lq87E_gQu&^P*mWc47ADxp!=%j
z*i2hBH56I@Y05l}dDe$N<i27=6OD#{_Al`=A?%k+np=oh*0xJo*Eg<)Z*)iBh5cV1
z^=tXOK8mje)UJ!OVCo)hCmGU=<Vg0IN)8V(*qee7zMk0DFeDH!h_$VQV5^-vWTrWy
ze55=y71KB;bjwQ&c^Qb`kgF^A%8-TcN;l+@NZm`h68ILI#&S+J#d}eF?|TVmDJ~IT
zPo*HpGwZ7CvBS&l@ueg_CLEtn2R|L3&jte>!A}SK9l_6(#5(e*>8|;4gNKk7o_%m_
zEaS=Z(ewk}hBJ>v`jtR=$pm_Wq3d&DU+6`BACU4%qdhH1o^m8hT2&j<4Z8!v=rMCk
z-I*?48{2H*&+r<{2?wp$kh@L@=rj8c`EaS~J>W?)trc?zP&4bsNagS4yafuDo<whn
z!napsZN9)$T^Wc5$Eqpm^H>Xpi5`!{BVqJ1$ZC3`pf$`LIZ(`0&Ik+!_Xa=NJW`R2
zd#Ntgwz`JVwC4A61$FZ&kP)-{T|rGO59`h#1enAa`cWxRR8bKVvvN6jBzAYePrc&5
z+*zr3en|LYB2>qJp479rEALk5d*X-dfKn6|kuNm;2-U2+P3_rma!nWjZQ-y*q3JS?
zBE}zE-!1ZBR~G%v!$l#dZ*$UV4$7q}xct}=on+Ba8{b>Y9h*f-GW0D0o#vJ0%ALg(
ztG2+AjWlG#d;myA(i&dh8Gp?y9HD@`CTaDAy?c&0unZ%*LbLIg4;m{Kc?)ws3^>M+
zt5>R)%KIJV*MRUg{0$#nW=Lj{#8?dD$yhjBOrAeR#4$H_Dc(eyA4dNjZEz1Xk+Bqt
zB&pPl+?R{w8GPv%VI`x`IFOj320F1=cV4aq0(*()Tx!VVxCjua;)t}gTr=b?zY+U!
zkb<NXY25_^B|YKE-jN8#Ev*MT?`;uIjY@k_9p>}xjXZ?hMJN{Hjw?w&?gz8Ow`htX
z@}WG*_4<%ff8(!S6bf3)p+8h2!Rory>@aob$gY#fYJ=L<LfS1}81ckM{mIz4;d)*K
zgO~iEg935`Lx``HrQPNp{+rF~U@!j#epT=6jQakq8sq$Jp#C>iW0`+~l7GI%EX_=8
z{(;0&lJ%9)M9{;wty=XvHbIx|-$g4HFij`J$-z~`mW)*IK^MWVN+*>uTNqaDmi!M8
zurj6DGd)g1g(f`A-K^v)3KSOEoZXImXT06apJum-dO_%oR)z6Bam-QC&CNWh7kLOE
zcxLdVjYLNO2V?IXWa-ys30Jbxw(Xm?U1{4kDs9`gZQHh8X{*w9=H&Zz&-6RL?uq#R
zxN+k~JaL|gdsdvY_u6}}MHC?a@ElFeipA1Lud#M~)pp2SnG#K{a@tSpvXM;A8gz9>
zRVDV5T1%%!LsNRDOw~LIuiAiKcj<%7WpgjP7G6mMU1#pFo6a-1>0I5ZdhxnkMX&#L
z=Vm}?SDlb_LArobqpnU!WLQE*yVGWgs^4RRy4rrJwoUUWoA~ZJUx$mK>J6}7{CyC4
zv=8W)kKl7TmAnM%m;anEDPv5tzT{A{ON9#FPYF6c=QIc*OrPp96tiY&^Qs+#A1H>Y
z<{X<uhk|KX_1ld{eNj94fkvWd48eaj#|{LLm|dIAT_C4$n@|2*kwuv>tWt2eDwuqM
zQ_BI#U<alu9l7TZiA;$M9#3YommEzRd<uk{)*5`q$Zdde<?5lhite1CzxRdFByKD<
zkDZi@PUqj~$luV|C}ikwZ~v1sFA*S6fT{N`?3r=cBk)zJgibkph}#@4$;=j@+**kd
zY*mj>IP;2-olOL4LsZ`vTPv-eILtuB7oWosoSefWdM}BcP>iH^HmimR`G`|+9waCO
z&M375o@;_My(q<sorll!Qai~Rb*n@5g}P>YvPNz;N8FBZaoaw3$b#x`yTBJLc8iIP
z--la{bzK>YPP|@Mke!{<!OpOegoCs_u!zZ!cIu_~F@(8sMH~%B<~_T06aCCZbR4EA
z!M(Y4Zo|MOi*xRvGK4d{bh$ttLC`4w&nae=$-uB~)E__4za>Km{vT<?f8h8(pj)L5
z>8Z4|#An*f=EmL34?!GJfHaDS#41j~8c5KGKmj!GTh&QIH+DjEI*BdbSS2~6VTt}t
zhAwNQNT6%<ErUivS)46<Ej2s0R5dp>c{G`If3?|~Fp7iwee(LaUS)X9@I29cIb61}
z$@YBq4hSplr&liE@ye!y&7+7n$fb+8nS~co#^n@oCjCwuKD61x$5|0ShDxhQES5MP
z(gH|FO-s6#$++AxnkQR!3YMgKcF)!<wl2>&aq<jSFncG+nBG`q;T=I69ZcOS)9G3=
z+ssmq8gtehie_QCX1#aHr9aFwOXruk2ISDqx2hMj{dMGN8Qme{vrYa4aN6#w@YyD%
zSrdIY6Iv~l#cuySc0P46>r^a3^{gAVT`(tY9@tqgY7<V^?jK1k!u7sPjH8VLM0I>@
z>>ul3LYy`R(<L1-W_i!(M-gNFI%Fzd5ZNeM0QU|Vw##CLe1grqZUFGb&oi5Qw#lr!
zwhVu8!e67#Yn3TxM1H>{OY7*^Mf}UgJl(N7yyo$ag;RIpYHa_^HKx?DD`%Vf1D0s^
zjk#OCM5oSzuEz(7X`5u~C-Y~n4B}_3*`5B&8tEdN<vU`O?HnZ`^xnI?dXuUdZ*ha9
z=N$DE-e>D@&h;H{R`o%IF<q*6&wb15OM-Xz)JzW2>pIJ4<FE@oru1B(b?^Xem&&p6
zU(>~Kw!kUjehGT8W!CD7?d8sg_$KKp%@*dW)#fI1#R<}kvzBVpaog_2&W%c_jJfP`
z6)wE+$3+Hdn^4G}(ymPyasc1<*a7s2yL%=3LgtZLXGuA^jdM^{`KDb%%}lr|ONDsl
zy~~jEuK|XJ2y<`R{^F)Gx7DJVMvpT>gF<4O%$cbsJqK1;v@GKXm*9l3*~8^_xj*Gs
z=Z#2VQ6`H@^~#5Pv##@CddHfm;lbxiQnqy7AYEH(35pTg^;u&J2xs-F#jGLuDw2%z
z`a>=0sVMM+oKx4%OnC9zWdbpq*#5^yM;og*EQKpv`^n~-mO_vj=EgFxYnga(7jO?G
z`^C87B4-jfB_RgN2FP|IrjOi;W9AM1qS}9W@&1a9Us>PKFQ9~YE!I~wTbl!m3$Th?
z)~GjFxmhyyGxN}t*G#1^KGVXm#o(K0xJyverPe}mS=QgJ$#D}emQDw+dHyPu^&Uv>
z4O=3gK*HLFZPBY|!VGq60Of6QrAdj`nj1h!$?&a;Hgaj{oo{l0P3TzpJK_q_eW8Ng
zP6QF}1{V;xlolCs?pGegPoCSxx@bshb#3ng4Fkp4!7B0=&+1%187izf@}tvsjZ6{m
z4;K>sR5rm97HJrJ`w}Y`-MZN$Wv2N%X4KW(N$v2@R1<BRA)!r>RkRJH2q1Ozs0H`@
zd5)X-{!{<+4Nyd=hQ8Wm3CCd}ujm*a?L79ztfT7@&(?B|!pU5&%9Rl!`i;suAg0+A
zxb&UYpo-z}u6CLIndtH~C|yz&!OV_I*L;H#C7ie_5uB1fNRyH*<^d=ww=gxvE%P$p
zRHKI{^{nQlB9nLhp9yj-so1is<sM)Ff~<B2nljPt5wfbh>{4^`{Xd>Jl&;dX;J)#-
z=fmE5GiV?-&3kcjM1+XG7&tSq;q9Oi4NUuRrIpoy<kdrxg}_Zz$u-Q*@~V}gJ;a4(
zR6p{_gP*)!xMBzD!y7m;;u<;$FhRI78zanyM1GTMhW+}AWEN+PpQ_a9`F|L*&jaQf
z#L2k$EkZ?zOi*r2eJRjnMY4u-0>p*Fn&nVNFdUuGQ_g)g>VzXGdneB7`;!aTUE$t*
z<s?a#Zh$FoCbn0ho%Yatc??afxp%=gSllsbWkhQr1oj&ohSi&YcB(8!!y9Gh!bBD+
zj~YZV7Rcxs!I2kX{uU+E7TYL%u^z`tA)(X~0<Q0;>5iH+8XPxrYl)vFo~+vmcU-2)
zq!6R(T0SsoDnB>Mmvr^k*{34_BAK+I=DAGu){p)(ndZqOFT%%^_y;X(w3q-L``N<6
zw9=M<x`k0W`jv?5_=q(R8RvJSX5Th0TFF^4@PPkN1Ul2h0e9vC`OBB7yVC<*a<N8w
zx;$laI7*vjU?U2L%b1e0x#&dTTsf0zqV`LX8-S0cM)7EbxdyerVo%ET0z=!go5p*>
zoQ8Lyp>L_j$T20UUUCzYn2-xdN}{e@$8-3vLDN?GbfJ>7*qky{n!wC#1NcYQr~d51
zy;H!am=EI#*S&TCuP{FA3CO)b0AAiN*tLnDbvKwxtMw-l;G2T@EGH)YU?-B`+Y=!$
zypvDn@5V1Tr~y~U0s$ee2+CL3xm_BmxD3w}d_Pd@S%ft#v~_j;6sC6cy%E|dJy@wj
z`+(YSh2CrXMxI;yVy*=O@DE2~i5$>nuzZ$wYHs$y`TAtB-ck4fQ!B8a;M=CxY^Nf{
z+UQhn0jopOzvbl(<ZG!-Nd4zhafPF-GxE%4BjJ2$qWuZT)LR(;q?W_^JJbA$Y9Kdz
zD2RoC2d!Xo1W6K$DCoET+ln#(?i0~teeLqx0qzr%W8}Ur9wc^=)r(fAci@xIyK{91
z&-|I!$G2yi%9^QRXqSbFUW~aJz@g%I*YIu_05^{g`w98AxO1$haJfkvq*1Dvh25v-
zQeD(%gFJn~Swf+KV*Rt#VP1IBPp`(U4fVXX(rlKM*h`@q)FtG6YdpWSeP)nYpkt+R
zPOVRb!<IV2-|GegZ4E@=gn__=1EESxpplUUJ^;MP1UeW=j*E6VV4}lFd^S?3Q3(&U
zebKq>u<z292KepIjgcVtZemPQz8ZZ834DHjB`g|gc>ZZ1R-(IFaprC$9hYK~b=57@
zAJ8*pH%|Tjotzu5(oxZyCQ{5MAw+6L4)NI!9H&XM$Eui-DIoDa@GpNI=I4}m>Hr^r
zZjT?xDOea}7cq+TP#wK1p3}sbMK{BV%(h`?R#zNGIP+7u@dV5#zyMau+w}VC1uQ@p
zrFUjrJAx6+9%pMhv(IOT52}Dq{B9njh_R`>&j&5Sbub&r*hf4es)_^FTYdDX$8NRk
zMi=%I`)hN@N9>X&Gu2RmjKVsUbU>TRUM`gwd?CrL*0zxu-g#uNNnnicYw=kZ{7Vz3
zU<fHm;o0mRKR{PMX1E6HU6)t?`kO8;cHu&;>LaFQ)H=7%Lm5|Z#k?<{ux{o4T{v-e
zTLj?F(_qp{FXUzOfJxEy<Z<aFXN@Z3F*QBjJEvstOZu79>KO15Nr!LQYHF&^jMMBs
z`P-}WCyUYIv>K`~)oP$Z85zZr4gw>%aug1V1A)1H(r!8l&5J?ia1x_}Wh)FXTxZUE
zs=kI}Ix2cK%Bi_Hc4?mF^m`sr6m8M(<Y0%b9XkT-xYZy_w34c>n?E+k7Tm^Gn}Kf=
zfnqoyVU^*yLypz?s+-XV5(*oOBwn-uhwco5b(@B(hD|vtT8y7#W{>RomA_KchB&Cd
zcFNAD9mmqR<341sq+j+2Ra}N5-3wx5IZqg6Wmi6CNO#pLvYPGNER}Q8+PjvIJ42|n
zc5r@T*p)R^U=d{cT2AszQcC6SkWiE|hdK)m{7ul^mU+ED1R8G#)#X}A9JSP_ubF5p
z8Xxcl;jlGjPwow^p+-f_-a~S;$lztguPE6SceeUCfmRo=Q<Q;u`R#C4=YiU6EL)ew
zjXX(dlPZ?urbNwGHDMmSVLLK!Z<Z%)SU58rwY5?;jpy_$qu1(K82T86&w;BndA%>g
zKHTY*O<b195v=kon4DaVX8%}AzlRL10TI|_TQt$Lsu{Co2t=`{)`~SjJ`w*0mQ3{M
z*t-rZDn62zrEL9-{dQqx$g~S2N!DNkntv_%c67h<f_=5Dn-~$A+*)$)gCqtViB6>_
z;pXl@z&7hniVYVbGgp+Nj#XP^Aln2T!D*{(Td8h{8Dc?C)KFfjPybiC`Va?Rf)X>y
z;5?B{bAhPtbmOMUsAy2Y0RNDQ3K`v`gq)#ns_C&ec-)6cq)d^{5938T`Sr@|7nLl;
zcyewuiSUh7Z}q8iIJ@$)L3)m)(D|MbJm_h&tj^;iNk%7K-YR}+J|S?KR|29K?z-$c
z<+C4uA43yfSWBv*%z=-0lI{ev`C6JxJ};A5<V)g}9IV*to6<(z@5YPAFdskfFJzFE
z(FBBQFm1uE0S9_u_OfbOA7Ge~(TB(s(~m=co_fl<ObiTZY*>N;lmoR(g{4cjCEn33
z-ef#x^uc%cM-f^_+*dzE?U;5EtEe;&8EOK^K}xITa?GH`tz2F9N$O5;)`Uof4~l+t
z#n_M(KkcVP*yMY<jrO{9cUqKwn!JYowatskr~7fC^NO(+v%j*mvm?-x>lk_~5h89o
zlf#^qjYG8Wovx+f%x7M7_>@r7xaXa2uXb?_*=QOEe_>ErS(v5-i)mrT3&^`Oqr4c9
zDjP_6T&NQMD`{l#K&sHTm@;}ed_sQ88X3y`ON<=$<8Qq{dOPA&WAc2>EQ+U8%>yWR
zK%(whl8tB;{C)yRw|@Gn4%RhT=b<sGkP^LEL$u;<o}GQQZ}f411Hh=NfTJ<|TLw{L
z`eE7zlS6f(<iuI*peX6yyd6Z#(ae$j{A_qlp*`Z#&%`1380eLzbh@bRp2PFy<WB9P
zZ=6mK_VPKJ_uV-1g`t7X=MfRg>bpgMZ6erACc>l5^p)9tR`(2W-D*?Ph6;2=Fr|G-
zdF^R&aCqyxqWy#P7#G8>+aUG`pP*ow93N=A?pA=aW0^^+?~#zRWcf_zlKL8q8-80n
zqGUm=S8+%4_LA7qrV4Eq{FHm9#9X15%ld`@U<U1KTv~d;iI0!*l5Ev-jS!d#HK6qa
zh%VQCsUvB%8H7Zbby33KfGu|c9vyym)e#JkPhFO|73QQm5WAwcw6qxN&C?a4al&Z<
zLeF*L{<q-CU<fv~4e`e&NQ)1DS|>KyR7uc1X*>Ebr0+2yCye6b?i=r{MPoqnTnYnq
z^?HWgl+G&@OcVx4$(y;{m^TkB5Tnhx2O%yPI=r*4H2f_6Gfyasq&PN^W{#)_Gu7e=
zVHBQ8R5W6j;N6P3<Hi@K^oVVgzo$Q%#o{%TG~WLBuah~Y+(_RN)dRYqpIrddU*?EH
zd1)_0*&(Hco7!9Mff6xttAvw@#IT#uW#Ko9mjz0vMEpv#o`L1rKj!xAgc;?%#Ks7^
z)x_M)Y=gJ({f1lQ5RxfGo|pCSp!Kt)YiDRdXL*Zi;^_?=Y`_#%bYuFOX@9SZ=oZ!V
znV|RI#uzRO$?9#%B`39!GmtlDNL(VLES{7#$jkz(!AIm2*Octtn_H1wnwPp}{*{~v
zDJ@=BB=l=D;!_4GkX*k_F_);SUv`EEPi|@Upw?LTQ<iU7=8~db1KA?v{Q9#C^A|_@
z%2(KBj-(wM=n0ek3NLayV$mKR!6kM12iTiZ?yHiR4~T}FK$m}a7@asLEanCFi6#}p
zcnWBlq?eZ_*j)gX)2&Y*{rcv1-c>O(jsRU;hkmLG(Xs_8=F&xh@`*|l{~0OjUVlgm
z7opltSHg7Mb%mYamGs*v1-#iW^QMT**f+Nq*AzIvFT~Ur3KTD26OhIw1WQsL(6nGg
znHUo-4e15cXBIiyqN};5ydNYJ6zznECVVR44%(P0oW!yQ!YH)FPY?<z$#5Yh%&$P7
z3{uRxI~UVZzRw|4VV@9Rd_psv3_n0#6Hj7xYg_g3-QeIA^*z)-GeSzeiCbV6(w(=3
z7H2P~b)jpH+4_%vf3z<Xw$F}joyB#<xurkOwd=3V@=BpMO<WxjuCWUPnnsT@^v<Sg
z^K4_c=5@||GNC{;KGDbpfj^f8EUbl8P>^k{IrtrLo7Zo`?sg%%oMP9E^+H@JLXicr
zi?eoI?LODRPcMLl90MH32rf8btf69)ZE~&4d%(&D{C45egC6bF-XQ;6QKkbmqW>_H
z{86XDZvjiN2wr&ZPfi;^SM6W+IP0);50m>qBhzx+docpBkkiY@2bSvtPVj~E`CfEu
zhQG5G>~J@dni5M5Jmv7GD&@%UR`k3ru-W$$onI259jM&nZ)*d3QFF?Mu?{`+nVzkx
z=R*_VH=;yeU?9TzQ3dP)q;P)4sAo&k;{*Eky1+Z!10J<(cJC3zY9>bP=znA=<-0RR
zMnt#<9^X7BQ0wKVBV{}oaV=?JA=>R0$az^XE%4WZcA^Em>`m_obQyKbmf-GA;!S-z
zK5+y5{xbkdA?2NgZ0MQYF-cfOwV0?3Tzh8tcBE{u%Uy?Ky4^tn^>X}p>4&S(L7amF
zpWEio8VBNeZ=l<vpCiUe=(TeZe=gyfVX>!%RY>oVGOtZh7<>v3?`NcHlYDPUBRzgg
z0OXEivCkw<>F(>1x@Zk=IbSOn+frQ^+jI*&qdtf4bbydk-jgVmLAd?5ImK+Sigh?X
zgaGUlbf^b-MH2@QbqCawa$H1Vb+uhu{zUG9268pa<b1EOvLs|%K=*t+Qg(qd`8+$=
zL>{5>O&Vq8__Xk5LXDaR1z$g;s~;+Ae82wq#l;wo08tX(9uUX6NJWq1vZLh3QbP$#
z<b(u#Xxy*tA@r~&R5TMDkJ_dE`Vy&jhlPA`q7v*^^Q*K2>L`udY|Qp*4ER`_;$%)2
zmcJLj|FD`(;ts0bD{}<AV$b&Elu#<#0!>Ghq6UAVpEm#>j`S$wHi0-D_|)bEZ}#6)
zIiqH7Co;TB`<6KrZi1SF9=lO+>-_3=Hm%Rr7|Zu-EzWLSF{9d(H1v*|UZDWiiqX3}
zmx~oQ6%9~$=KjPV_ejzz7aPSvTo+3@-a(OCCoF_u#2<M?eKUKc*Iv#3k|9@38fRb=
zzT#AIrwACNjBj?MHRp~wx?LTI2_Enx?G+C@LqpQe4pm&&g2W9fZFh{_>dHY&I?`nk
zQ@t8#epxAv@t=RUM09u?qnPr6=Y5Pj;^4=7GJ`2)Oq~H)2V)M1sC^S;w?hOB|0zXT
zQdf8$)jslO>Q}(4RQ$DPUF#QUJm-k9ysZFEGi9xN*_KqCs9Ng(&<;XONBDe1Joku?
z*W!lx(i&gvfXZ4U(AE@)c0FI2UqrFLOO$&Yic|`L;Vyy-kcm49hJ^Mj^H9uY8Fdm2
z?=U1U_5GE_JT;Tx$2#I3rAAs(q@oebIK=19a$N?HNQ4jw0ljt<p8cWl(+Ep8r5%#y
z&P_Dj7}Y)PZX75fBhOH-W&k0=)LtNZsCz+^I|5oU!cq})rNm-(qaq9RY~p0k!4W8D
z6=!s4#Nis|C3DC@A@mPSfTZiIzLr+cMu>yGJ#D}z3^^Y=hf^B<veREiK7P7i%EcH1
zymzkN7CCh?j)z-EQCSr0M#KkJa7T>b--297h6LQxi0-`TB|QY2QPg92TAq$cEQdWE
ze)ltSTVMYe0K4wte6;<pVK9H|1>^tE+^>|a>Hit_3QDlFo!3Jd`GQYTwlR#{<^MzG
zK!vW&))~RTKq4u29bc<g?=mx<P~Fg2i4vtdB%3E{x(ChYi$Cs~t$-QLBDt_|Y(M?w
zLVJ3}$L9lNmW%ldrp2Juf1N=|E~+57o!O<Zje4pXSh+9SUpx3@><<Dh2$!CktBG3h
zTPC3bN9p6qLj9XR;U)vkjRiM5$}}$@^Qlprq2<Q8-AJs*7yTX{CULOAh_j=zi|aPZ
z-=87yA^q}P&DGE)V+gF)S%j*mICoE4ENw*<+A9n+U6g*~{E?zsPY@1pFlE&fO)hjV
zv*fg5b`>+VOcg7fdorq-kwHaaCQe6tLB{|gW1_W_Ktg<!ky(gEs}>OD0^$^|`V4C#
z*D_S9Dt_DIxpjk3my5cBFdiYaq||#0&0&%_LE<pbc&JNKJA8N)ZmB&)dvTO&wRG}%
zZc-V&70l%6=NkB!AW_I_twf|ltvJKfn=5aeHUob2$JBiL1PK^TFCk((b9#UH(%5sb
z5$379jWo0X_f^j$6c@Uy&u`70wZ9Ik6bsu3AS~%y#;Y=~iusK)`f*n2&K?kRAcK~C
zy%s}P5MFuO5Ryjdh-4n9h?VgYc$l`wZV4J_*D4B0!(pfgo>N}BOxkb3v*d$4L|S|z
z!cZZmfe~_Y`46v=zul=aixZTQCOzb(jx>8&a%S%!(;x{M2!*$od2<XC!|KEdHJKtO
z6XWu5Bupb4N7U{x$(C^QY@PeX#6`_7P@wM;q2$X8Rh}rC#Q!A5KTz5?MZ?mC&{Qu_
zy~kwUj2`a%4KI;9YNN7qp(sR@+a$Aj*WFBJThH+M2Ubs!^ire0)y=QI@yh-`V^vPy
z(M-U>!Pwfs>RZ-a%GOZdO88rS)ZW~{$<f^QKl|O2<kuwzz6Ulk3Zts#mR)<OpXDkr
z5VlbSPy{HbDEzyv*NZl>656GgW)$Q=@!x;&Nn~!K)lr4gF*%qVO=hlodHA@2)keS2
zC}7O=_64#g&=zY?(zhzFO3)f5=+`dpuyM!Q)zS&otpYB@hhn$l<D{A~kD$AxyUbo9
z`&OeW{0UX#<JhfqlY%%84`Ug<DXXuqBdN>m*iK2DRt+#1n|L%zjM}nB*$uAY^2JIw
zV_P)*HCVq%F))^)iaZD#R9n^{sAxBZ?Yvi1SVc*`;8|F2X%bz<qfAfzm$xeQzXhtZ
zp}pc8DyVZn-ZSwmQ+Kg_l_9*Xc=NxtCmAZgbnze=s08tr{0r=bl#swXa&_%?Ys}RO
zWu@k3G_IS#!#x3^ov@;>^+s=yS&AXjysDny)YaU5RMotF-t<Z{vpDrm_3>t~FndTK
ziRve_5b!``^ZRLG_ks}y_ye0PKyKQSsQCJuK5()b2ThnKPFU?An4;dK>)T^4J+XjD
zEUsW~H?Q&l%K4<1f5^?|?lyCQe(O3?!~OU{_Wxs#|Ff8?a_WP<gvw(GAfDI<8xpUr
zLmq;xqZvaJhfHKI6mAYfrQv!I&H6DdhBc8O#$=E@cq#*F2@QBtka$YIEGAV5hxWYM
zUi=;nU@{zIwfCd5z4UO{<~h!GIi7xdD#7=L*<t5}+Q(4QK>QUKvP7?>1()Cy6oLeA
zjEF^d#$6Wb${opCc^%%DjOjll%N2=GeS6D-w=Ap$Ux2+0v#<H=jIpgB!rqPD|J47?
zn+>s#<lVcRKxA`$S4RJO!wf$Y>Z&s6K*)_h{KFfgKjzO17@p1nKcC4NIgt+3t}&}F
z<n9uJ4)m_mqmR&F2Cz-W{GGkI77IXVYBjms61Xt3m~vQ6oK<=VrS|LmJng0|>@cV;
zZ1r#~?R@Zd<K4>SwbFNV(fFl2lWI(Zf#nxa<6f!nBZD>*K)nI&Fun@ngq@Ge!N$O<
zySt*mY&0moUXN<HP{#zGEwa1>Pe~Fg=%gIu)tJ;asscQ!-A<eTI<dTL*&OJn;d)og
zOfVYQ^T<80$VH|Ci}4!mF^ZwibP`JOL>ujR@VJBRoNZNk;z4hs4T>Ud!y=1NwGs-k
zlTNeBOe}=)Epw=<seE0tWD|~M^OgRSxL{?e$a?Imi{ps{VzlQGjoS44G6isYusIY3
zL1Kcmv4%;M5E#^1x^?jP6>}+dfX;kZ32h<LD|O!R^NsY@N&zL`I+4uSA&F*wwkeub
zz`VV!t1`7%OKEs1-#`QSRhwLKY(3aQTh_Rxo9v7KvVACM-JSu!pNsQk6UJGWtV)&5
zE3n{45Xd1ptvfc3T0_AJTU4p5OtwrT!i2l}kzSC@{}%#tezpQsbpVJCS-MUEx*<)Q
zM9&R9QlV>$t&7q%Xq<mg6SyCRO*-TVXSDYcn57$)FNeW8bHSRp=9&ogwYeT^7Z*wN
zra7=?j~9~ME+;fcLTn!w68$DLFoXf1j|4y0(!<gjn6s-5$!Na_=ByyTZc&ztf#f~S
z+tW)Yo|YJ>dt-&tlYEWc>>c3(hVylsG{Ybh_M8>Cz0ZT_6B|3!_(RwEJus9{;u-mq
zW|!`{BCtnao4;kCT8cr@yeV~#rf76=%QQs(J<I$<s5hI;m>{>Mj?>aISwp3{^BjBO
zLV>XSRK+o=oVDBnbv?Y@iK)MiFSl{5HLN@k%SQZ}yhPiu_2jrnI?Kk?HtCv>wN$OM
zSe#}2@He9bDZ27hX_fZey=64#SN<mK5fg_^>U#1~=icK`D>a;V-&Km>V6ZdVNj7d2
z-NmAoOQm_<mE%z&C4BHa6mW3Qtm&09Iva!J_T<6ug{>aIZ2lXpJhlUeJ95eZt~4_S
zIfrDs)S$4UjyxKSa<AXfwu2D7`B~=PXO8#5V|e79<Ro&QVMj@ir4Y28>Ti#9KGs2P
zfSD>(y~r+bU4*#|r`q+be_dopJzKK5JNJ#rR978ikHyJKD>SD@^Bk$~D0*U38Y<js
zAlKox#ai2xN;_S$dGtioHZ|CxohEG>*IpYcH>aaMdZq|YzQ-Ixd(_KZK!+VL@MWGl
zG!k=<%Y-KeqK%``uhx}0#X^@wS+mX@6Ul@90#nmYaKh}?uw>U;GS4fn3|X%AcV@iY
z8v+ePk)HxSQ7ZYDtlYj#zJ?5uJ8CeCg3efmc#|a%2=u>+vrGGRg$S@^mk~0f;mIu!
zWMA13H1<@hSOVE*o0S5D8y=}RiL#jQpUq42D}vW$z*)VB*FB%C?wl%(3>ANaY)bO@
zW$VFutemwy5Q*&*9HJ603;mJJkB$qp6yxNOY0o_4*y?2`qbN{m&*l{)YMG_QHXXa2
z+hTmlA;=mY<r0DdrHBr6FajG(_@u~2Bb!oN=wnB`-|p|GdR+Pa=17d5@>wg{Bfusl
zyF&}ib2J;#q5t<D9GA-9kU{>N^e)D62fWW*Lv;Rnb3GO-JVtYG0CgR4jGujFo$Waw
zSNLhc{>P~>{KVZE1Vl1!z)|HFuN@J7{`xIp_)6>*5Z27BHg6QIgqLqDJTmKDM+ON*
zK0Fh<?6Wn=+zNxF2Ydogh#PrE9OoM%4f{Fz7@Xi}Sl~jxk73M%@!A;aN>=EG`q13l
z+m--9UH0{ZGQ%j=OLO8G2WM*tgfY}bV~>3Grc<Mh=YRn6m?0!O#Mr<G{Mu>rpehjj
z6Xe<$gNJyD8td3EhkHjpKk}7?k55Tu7?#;5`Qcm~ki;BeOlNr+#PK{kjV>qfE?1No
zMA07}b>}Dv!uaS8Hym0TgzxBxh$*RX+Fab6Gm02!mr6u}f$_G4C|^GSXJMniy^b`G
z74OC=83m0G7L_dS99qv3a0BU({t$zHQsB-RI_jn1^uK9ka_%aQuE2+~J2o!7`735Z
zb?+sTe}Gd??VEkz|KAPMfj(1b{om89p5GIJ^#Aics_6DD%WnNGWAW`I<7jT|Af|8g
zZA0^)`p8i#oBvX2|I&`HC8Pn&0>jRuMF4i0s=}2NYLmgkZb=0w9tvpnGiU-gTUQhJ
zR6o4W6ZWONuBZAiN77#7;TR1^RKE(>>OL>YU`Yy_;5oj<*}ac99DI(qGCtn6`949f
ziMpY4k>$aVfffm{dNH=-=rMg|u?&GIToq-u;@1-W&B2(UOhC-O2N5_px&cF-C^tWp
zXvChm9@GXEcxd;+Q6}u;TKy}$JF$B`Ty?|Y3tP$N@Rtoy(*05Wj-Ks32|2y2ZM>bM
zi8v8E1os!yorR!FSeP)QxtjIKh=F1ElfR8U7StE#Ika;h{q?b?Q+>%78z^>gTU5+>
zxQ$a^rECmETF@Jl8fg>MApu>btHGJ*Q99(tMqsZcG+dZ6Yikx7@V09jWCiQH&nnAv
zY)4iR$Ro223F+c3Q%KPyP9^iyzZsP%R%-i^MKxmXQHnW6#6n7%VD{gG$E;7*g86G<
zu$h=RN_L2(YHO3@`B<^L(q@^W_0#U%mLC9Q^XEo3LTp*~(I%?P_klu-c~WJxY1zTI
z^PqntLIEmdtK~E-v8yc&%U+jVxW5VuA{VMA4Ru1sk#*Srj0Pk#tZuXxkS=5H9?8eb
z)t38?JNdP@#xb*yn=<*_pK9^lx%;&yH6XkD6-JXgdddZty8@Mfr9UpGE!I<37ZHUe
z_Rd+LKsNH^O)+NW8Ni-V%`@J_QGKA9ZCAMSnsN>Ych9V<v=vEm5O<ZY18d8#H=j>W
zCE7R_1FVy}r@MlkbxZ*TRIGXu`ema##OkqCM9{wkWQJg^%3H${!vUT&vv2250jAWN
zw=h)C!b2s`QbWhBMSIYmWqZ_~ReRW;)U#@C&ThctSd_V!<k#Q*B7=hC&8!hF9&{8(
zC(TD{GzH5Pc;37)s;h0|#Kic};?cczJS(3W6o}ozYvbdpqL-^A&fgvfBo8?Bs9cC;
zz36l&3)kKwRH?3of<OI)?^Vk5%Ao)@A5ETgd+o$6JzvqYD3tqaL(fr2ZdJzDBZZ8j
z;^wQEA7pbn3%KJIG&}-PNi4VZH>=HA=kdGO-Hl57an|M1XC?~3f0{7pyjWY}0mChU
z2Fj2(B*r(UpCKm-#(2(ZJD#Y|Or*Vc5VyLpJ8gO1;fCm@EM~{DqpJS5FaZ5%|ALw)
zyumBl!i@T57I4ITCFmdbxhaOYud}i!0YkdiNRaQ%5$T5>*HRBhyB~<%-5nj*b8=i=
z(8g(LA50%0Zi_eQe}Xypk|bt5e6X{aI^<GZ=J@aPjt1PA8ATNFra+#4A9(xV{c@Ql
zqGzfNQ1Rnxl`4|f8^pdpva4+4i8;Q^?O{G0-G2_HJ1KZX)_C>jU2*c?!p*$bGk=?t
z+17R){lx~Z{!B34Zip~|A;8l@%*Gc}kT|kC0*Ny$&fI3@%<z}_W0Qnnu+*k=(k`_D
zQ308dLlVPRdInJMo{{F$%keI_Sc737mU*B$PT7dSGKxiXLU2jbw0=I$;qDpf9i+=c
zR|gkAK1vwv{VsJzpMfy=#2%w6{wY=m0MiXz1AFoq`$CY062)g|QtiV~2ICEyfC8)G
z@%@VTe~k_)Rs4N}FU74_yt0|BYY=Rw+VTF6^RS$!48Ha|Z{+*VE&d<9n*TW$Eo5tB
zVs7eWum4{OV^o6mcdsVGh-u#a+P;Kj4yY$EsyX~_Arur5q?oc4st_2`b}S(CP^>M!
zqk_zvN}7bM`x@jqFOtaxI?*^Im5ix@=`QEv;__i;Tek-&7kGm6yP17QANVL<k6$F<
z7o@AyE_WIjqwFX*X+vpWJopR-#?NScSD6B2cI%Wrxr<Prqh!mU%a6<8%S@XOESKvr
z_42Y29nuxiEG?8zUB`Wd0fH{&-lNoa&=1oLAQu%5NYeQff1~KQs*x+{Pw0|dFa~uR
z;cK(2IjTRZ9X4va;5+A_o@}n}mf@aoG$M>>*d0B=4>i^;HKb$k8?DYFMr38IX4azK
zBbwjF%$>PqXhJh=*7{zH5=<qGU(U^SZLnyyFA0}3nW;E6KCLzmEyrKVj|5LGYAhTb
zRc|9HxQHH{wVy+`8wv~l?yowWcs~)93lE5h(EPoKZn5ogJh}X(jLt1t!jKEGf)PoL
z7j#tl+U*rNbG*CMv!<b4qx{r-wp7)%l3`l`Zlssmmnzu4`wC>+gi$!nc%SqFZlwRm
zmpctOjZh3bwt!Oc>qVJhWQf>`HTwMH2ibK^eE*j!&Z`-bs8=A`Yvnb^?p;5+U=Fb8
z@h>j_3hhazd$y^Z-bt%3%E3vica%nYnLxW+4+?w{%|M_=w^04U{a6^22>M_?{@mXP
zS|Qjcn4&F%WN7Z?u&I3fU(UQVw4msFehxR*80dSb=a&UG4zDQp&?r2UGPy@G?0FbY
zVUQ?uU9-c;f9z06$O5FO1TOn|P{pLcDGP?rfdt`&uw|(Pm@$n+A?<Zx^T!ArO3Utl
zj6uaxl8)xWFxG%lmI;6x$BHb{Jp34gjIBo^Aq?PF^-r~k4TPx=PjA8_a06nj0u>)8
zP$nG(VG&aRU*(_5z#{+yVnntu`6tEq>%9~n^*ao}`F6ph_@6_8|AfAXtFfWee_14`
zKKURYV}4}=UJmxv7{RSz5QlwZtzbYQs0;t3?kx*7S%nf-aY&lJ@h?-BAn%~0&&@j)
zQd_6TUOLXErJ`A3vE?DJIbL<WnI0@Wx@~b4Ca_a{2wb^mKfRqF^K{)_q3eRzf_=r`
zghu`na+MN5-J;sJhVo}G;qPC6Ik3aLg4oSs+$!3E*{aG#lch)vabVmk&?B5)LOS+v
zbH#_hI*!2K*%dGLrVoU_c}L0dOjVT)xrUiJc5`J7jJbZ7C-aF^#fRTT=JtsXkqx@W
znaMfYWn$#T?mt%ZgP#0!19RDjuG~X+dmz>E;s~s%eVt(%fMzUq^UfZV9c?Yu<LVwi
zsG$_wM+(qUp$||8Q@wsb&`F%F?cw5JpWS3&{<FEw#>hO&6pwKt>j(=2CkgTNEq7&c
zfeGN+%5DS@b9HO>zsoRXv@}(EiA|t5LPi<?z<rC?#tXDJFxcJ^fVXqQWN`bvJ(_I2
z{wrRn3n>}*R3?(-=iASADny<{D0WiQG>*-BSROk4vI6%$R>q64J&v-T+(D<_(b!LD
z9GL;DV;;N3!pZYg23mcg81tx>7)=e%f|i{6Mx0GczVpc}{}Mg(W_^=Wh0Rp+xXgX`
z@hw|5=Je&nz^Xa>>vclstYt;8c2PY)87Ap;z&S&`yRN>yQVV#K{4&diVR7Rm;S{6m
z6<+;jwbm`==`JuC6--u6W7A@o4&ZpJV%5+H)}toy0afF*!)AaG5=pz_i9}@OG%?$O
z2cec6#@=%xE3K8;^ps<2{t4SnqH+#607gAHP-G4^+PBiC1s>MXf&bQ|Pa;WBIiErV
z?3VFpR9JFl9(W$7p3#xe(Bd?Z93Uu~jHJFo7U3K_x4Ej-=N#=a@f;kPV$>;hiN9i9
z<6elJl?bLI$o=|d6jlihA4~bG;Fm2eEnlGxZL`#H%Cdes>uJfMJ4>@<gViRI9hBKJ
zySnBvaX=zHju@nL3o?cNSSkD`V7y-y6)JYXc{Y<I<2deZLr>1SGGeQ81DwxGxy7L5
zm05Ik*WpSgZvHh@Wpv|2i|Y#FG?Y$hbRM5ZF0Z7FB3cY0+ei#km9mDSPI}^!<<`vr
zuv$SPg2vU<T9{A7S`Ps^_0{1#3T0a-5vp>{wa)6&QMY)h1hbbxvR2cc_6WcWR`SH&
z&KuUQcgu}!iW2Wqvp~|&&LSec9>t(UR_|f$;f-fC&tSO-^-eE0B~Frttnf+XN(#T)
z^PsuFV#(pE#6ztaI8(;ywN%CtZh?w&;_)w_s@{JiA-SMjf&<i4JOk;-$Bl@i@)?O6
z<3LVj%iRzkJu@JmbqyW_iqgr~)0gd$!ws9G@)@%}5E7>pQk+Bw<}f@Q8-xCQMwfaf
zMgHsAPU=>>Kw~uDFS(IVRN{$ak(SV(hrO!UqhJ?l{lNnA1>U24!=>|q_p404Xd>M#
z7?lh^C&-IfeIr`Dri9If+bc%oU0?|Rh8)%BND5;_9@9tuM)h5Kcw6}$<SVhZW+pOJ
zI3|<vJZu!wYdp-Ax1=PJK}hyjWMvH{n|(mMevoS3fztA_jK{me@j}9cCp)`-T1n<p
z#o+ptfSQteCDQV9x2^G}zq^T3;s{n;qg!23dv)Hiqe8=nM^H-#XV}HI^WP6n+%b*R
z8c#j6UlY3QN97f+!R&XX;RW6Ke{a1flMpfs*zPz>Ca7H_n)nOf0pd`boCXItb`o11
zb`)@}l6I_h>n+;`g+b^RkYs7;voBz&Gv6FLmyvY|2pS)z#P;t8k;lS>49a$XeVDc4
z(tx2Pe3N%Gd(!wM`E7WRBZy)~vh_vRGt&esDa0NCua)rH#_39*H0!gIXpd>~{rGx+
zJKA<kIFwLb`X}LJfsbI5S+CB<ua1@3YN!meo|y(+(KommZ?Fq4o;T&j?W<L`h3<(4
z-3a;?OO22=!-zC@_NhB@XL$Fph8X9p(md2z`k&^maLNO9zaMCT9U$Ol@=efg8-348
z=Jd5fK%>eXAZ-z5n=mMVqlM5Km;b;B&KSJlScD8n?2t}kS4Wf9@MjIZSJ2R?&=zQn
zs_`=+5J$47&mP4s{Y{TU=~O_LzSrXvEP6W?^pz<#Y*6Fxg@$yUGp31d(h+4x>xpb<
zH+R639oDST6F*0iH<9NHC^Ep*8D4-%p2^n-kD6YEI<6GYta6-I;V^ZH3n5}syTD=P
z3b6z=jBsdP=FlXcUe@I|%=tY4J_2j!EVNEzph_42iO3yfir|Dh>nFl&Lu9!;`!zJB
zCis<xeFAR`x=vBN9%c_e<n{A%L`KR09dF2{y(b0XafkbI2pZ)p@VCD2qof@~NRVX7
z>9?_(%DI?$CA(00pkzw^Up`O;>AnPc(uE$C^a9868t$m?5Q)CR%!crI$YZpiYK6m=
z!jv}82He`QKF;10{9@roL2Q7CF)OeY{~dBp>J~X#c-Z~{YLAxNmn~kWQW|2u!Yq00
zl5LKbzl3<utFm+qWDkZ2boaU#)2bVe6m5$+0uXZi`>9sVCTpm9eDW_T>Z{x@s6<A~
zrV9TIbtk+uD4&y7#vC#t&3b#d^^h@;r~6?|)7k)UE;|0x{WfXP#$=-<^uy}>#RH|P
zA~_lYas7B@SqI`N=>x50Vj@S)Qxo<YcKXOh&;l_xA*C6@z2{LehtT`<{C30p0=l0q
za4oZw%R!k+8_Mb<BiwipZFsTtKm%Rdms{|+ALA4I*%N(xhx_ciuT(<dU>uKC(f6Aj
zz}7e5<B>e*5n?j@GO;mCYEo^Jp_*BmLt3!N)(T>f#L$XHQWzZEVlJo(>qH@7;c%fy
zS-jm^Adju9Sm8rOKTxfTU^!&bg2R!7C_-t+#mKb_K?0R72%26ASF;JWA_prJ8_SVW
zOSC7C&CpSrgfXRp8r)QK34g<~!1|poTS7F;)NseFsbwO$YfzEeG3oo!qe#iSxQ2S#
z1=Fxc9J;2)pCab-9o-m8%BLjf(*mk#JJX3k9}S7Oq)dV0jG)SOMbw7V^Z<5Q0Cy$<
z^U0QUVd4(96W03OA1j|x%{sd&BRqIERDb6W{u1p1{J(a;fd6lnWzjeS`d?L3-0#o7
z{Qv&L7!Tm`9|}u=|IbwS_jgH(_V@o`S*R(-XC$O)DVwF~B&5c~m!zl14ydT6sK+Ly
zn+}2hQ4RTC^8YvrQ~vk$f9u=pTN{5H_yTOcza9SVE&nt_{`ZC8zkmFji=UyD`G4~f
zUfSTR=Kju>6u+y&|Bylb*W&^P|8fvEbQH3+w*DrKq|9xMzq2OiZyM=;(?>~4+O|jn
zC_Et05oc>e%}w4ye2Fm%RI<egNb_dQgjI<1gCqLtE7p1`FhT`B{oDC;%yWbIJ28w~
zxUq7{jraP;TO1x&Z4O6Un|wY#pWt$$tNg%RoX)VqwTAp7cfB5nuIjiPxNf*$!LCaW
zTIz<OCJrSqYjN9km@3%Srugt4)|!p39g<?@yPBOI<3ZTx<hf*g9U#F51L!hih@A^f
zk}4~JrF9U>R??VvofwZS-}BL@X=_4jdHp}FlMhW_IW?Zh`4$z*Wr!IzQHa3<R{N1T
zcM2&UGN-sfpp{9O=Y?J-n)UI}LWM!lA&r%Q{9McU`?cgg9-7gpr#6f~{`!_Wy_0?0
z6&T?<j^lq}mJ|CQaEbsDSeTJ3x-=bh+S}MCe+*lf9C2eN@^Y!U)Y79$?ZYpHnw&6H
z<e`OBLm{2|%wC1`S8X?PW6~;KoADPJ^mkZ=Ufa(Y<p;aNkl>^?1|);~VaWmsIcmc6
zJs{<G8JXmrc40i4$xEd3f@dMT?Qxf4H_soK5IoHpSeRgH(BQ0XvW1PEO-fIuw}T~u
z3X;>k0YW}OpkfdoTtr4?9F6IX6$!>hhA+^y_y@vvA<M16ifVaFI6w7J#p_+@2r26$
zIa@^CfHv9cu~w&aLp?kB@7Z;61SZg-i3cA=Lw#~o)Ci%+CH1l%vC9>_Gr7u8T+i-<
zDX(~W5W{8mfbbM-en&U%{mINU#Q8GA`byo)iLF7rMVU#wXXY`a3ji3m{4;x53216i
z`zA8ap?>_}`tQj7-%$K78uR}R$|@C2)qgop$}o=g(jOv0ishl!E(R73N=i0~%S)6+
z1xFP7|H0yt3Z_Re*_#C2m3_X{=zi1C&3CM7e?9-Y5lCtAlA%RFG9PDD=Quw1dfYnZ
zdUL)#+m`hKx@PT`r;mIx_RQ6Txbti+&;xQorP;$H=R2r)gPMO9>l+!p*Mt04VH$$M
zSLwJ81IFjQ5N!S#;MyBD^IS`2n04kuYbZ2~4%3%tp0<S(z=x!57>jn^**BZQ05ELp
zY%yntZ=52s6U5Y93Aao)v~M3y?6h7mZcVGp63pK*d&!TRjW99rUU<Nfep12hFk;U(
zZ-su`$~HM{TLoKRBQM@1!32jA)js)Mbdc6OM2`_>;@s#3kYB76Bs$|LRwkH>L!0Xe
zE=dz1o}phhnOVYZFsajQsRA^}IYZnk9Wehvo>gHPA=TPI?2A`plIm8=F1%QiHx*Zn
zi)*Y@)$aXW0v1J|#+R2=$ysooHZ&NoA|Wa}htd`=Eud!(HD7JlT8ug|yeBZmpry(W
z)pS>^1$N#nuo3PnK*>Thmaxz4pLcY?PP2r3AlhJ7jw(TI8V#c}>Ym;$iPaw+83L+*
z!_QWpYs{UWYcl0u<VIAw-Q9@IC5*&F{`rOrf|O33!4-T-T2Mt3{O*IQ+7U021x@#>
z(&(bT0Q*S_uUX9$jC;Vk%oUXw=A-1I+!c18ij1CiUlP@pfP9}CHAVm{!P6AEJ(7Dn
z?}u#}g`Q?`*|*_0Rrnu8{l4PP?yCI28qC~&zlwgLH2AkfQt1?B#3AOQjW&10%@@)Q
zDG?`6$8?Nz(-sChL8mRs#3z^uOA>~G=ZIG*mgUibWmgd{a|Tn4nkRK9O^37E(()Q%
zPR0#M4e2Q-)>}RSt1^UOCGuv?dn|IT3#oW_$S(YR+jxAzxCD_L25p_dt|^>g+6Kgj
zJhC8n)@wY;Y7JI6?wjU$MQU|_Gw*FIC)x~^Eq1k41BjLmr}U>6#<Cu4^QFt$B*zZp
z>_wxP0-2Ka?uK14u5M-lAFSX$K1K{WH!M1&q}((MWWUp#Uhl#n_yT5dFs4X`>vmM&
z*1!p0lACUVqp&sZG1GWATvZEENs^0_7Ymwem~PlFN3hTHVBv(sDuP;+8iH07a)s(#
z%a7+p1QM)YkS7>kbo${k2N1&*%jFP*7UABJ2d||c!eSXWM*<4(_uD7;1XFDod@cT$
zP>IC%^fbC${^QrUXy$f)yBwY^g@}}kngZKa1US!lAa+D=G4wklukaY8<M?n&2v~9b
zK&N(KHH*!kFC3qNGO?h4Ck_;1*@{PznGS+nM&a)QZ3AL?h_v3pS0EQ)4DO>AEW%GL
zh40pnuv*6D>9<h2r*{Fb$fv}TPFD`oPJ0^&@^PPozLBdvv9Y^`J%-QlYweUj<o$Pf
zc4sv|?i^j?RnWnH^!(0e#Esw^(F5BhHwD!!^W$tjtx%WVZB9M@{D)PYSJkxJukS7u
z$?yB~f4DpU?RXNfH+8c9_NDw**f#$CUu<Ji+>`_e14@wWD^o#JvxYVG-~P)+<)0fW
zP()DuJN?O*3+Ab!CP-tGr8S4;JN-Ye^9D%(%8d{vb_pK#S1z)nZzE^ezD&%L6nYbZ
z*62>?u)xQe(Akd=e?vZbyb5)MMNS?RheZDHU?HK<9;PBHdC~r{MvF<snw2k1N~Z(C
zf-T!4%ZUhb>__%T)-9ifM#cR#2~BjVJ<eWiU`2pVHEBRLUvccqQ>YbA>xbPyl9yNX
zX)iFVvv-lfm`d?tbfh^j<ZBW}wv?iRkod}|2-I;jY<os$Sn_?1BSu4_`cL!eh}6EZ
ze9<CP#;ook0S+GMQj<U!kR2VJmKWS)u4Foxz})Jds5z4>*A|nw)RszyD<#e>llO8X
zou=q3$1|M@Ob;F|o4H0554`&y9T&QTa3{yn=w0BLN~l;XhoslF-$4KGNUdRe?-lcV
zS4_Wm<zJE1KLVhC+m(MrGEwr<lHbijUJJ{^i#6rsGepc#qTH-S1S0Yf6eO<O#b@=T
zo1@N(uj|~;An)>ftU*XpP}*wFM^oKT!D%_$HMT#V*j;9weoOq0mjbl1271$F)`Q(C
z76*PAw3_TE{v<tj;yw(6?4%Mt;ig6YG&d?ff}4i0Aqg@dTgm*bO3qE8A2+8EriU?T
zx3engdKr|4);((#Z_g)Q^fi2+DJ!~aHM~fYXmLDU?Gn58-0qBpuYh8$s~k!yk(UQ@
zl{Je!_)&gS>ntIkd=|(zw)j^!@j	^tV@s0U~V+mu)vv`xgL$Z9NQL<AAAp(nQf3
zIL~j%yct5e(W=?BA$e&1x7A{=x4fMt6|N>nuRdZ;95D|1)!0Aybwv}XCE#xz1k?ZC
zxAU)v@!$Sm*?)t2mWrkevNFbILU9&znoek=d7jn*k+~ptQ)6z`h6e4B&g?Q;IK+aH
z)X(BH`n2DOS1#{AJD-a?uL)@Vl+`B=6X3gF(BCm>Q(9+?IMX%?CqgpsvK+b_de%Q>
zj-GtHKf!t@p2;Gu*~#}kF@Q2HMevg~?0{^cPxCRh!gdg7MXsS}BLtG_a0IY0G1DVm
z2F&O-$Dzzc#M~iN`!j38gAn`6*~h~AP=s_gy2-#LMFoNZ0<3q<Hb+oMoW<3pD@#gq
z%TbG&CNUCbSqlvuOSBs4ftyJshDAkrNA+bK>+=q)a|4}ur7F#><%j1lnr=F42Mbti
zi-LYs85K{%NP8wE1*r4Mm+ZuZ8qjovmB;f##!E*M{*A(4^~vg!bblYi1M@7tq^L8-
zH7tf_70iWXqcSQgENGdEjvLiSLicUi3l0H*sx=K!!HLxDg^K|s1G}6Tam|KBV<GGd
z-B<)1Hl}njRDF~1iiva<y6M0H6AczLB}sHkmxdw70mwCKPNvSYRT<@@kp@6s$NZ0l
zGpw>>%YeU)Q>zxQe;d<Xs>dnDTWJZ~^g-kNeycQ?u242mZs`i8cP)9qW`<Rk1{u<7
zlE92umd^LYS>cwqk)Jf?Re0=SD=2z;Gafh(^X-=WJ$i7Z9$Pao56bTwb+?p>L3bi9
zP|qi@;H^1iT+qnNHBp~X>dd=Us6v#FPDTQLb9KTk%z{&OWmkx3uY(c6JYyK3w|z#Q
zMY%FPv%ZNg#w^NaW6lZBU+}Znwc|KF(+X0RO~Q6*O{T-P*fi@5cPGLnzWMSyoOPe3
z(J;R#q}3?z5Ve%crTP<tP2#oMZ{AcZNDb9&7!sKQWuxEXuWfKL0ta@r+wA|uP_P5y
zNs-sk4#UW+aLvH0KR2GM=<e4T#zNrl-{mUMN5ZQdE1Y@SDd#;vOT`|v0QLC4D0|1~
zTKr{OFgw_>ZQFLTW81cNY-finw!LH9wr$(C)p_@v?(y#b-R^Pv!}_#7t+A?pHEUMY
zoQZIwSETTKeS!W{H$lyB1^!jn4gTD{_mgG?#l1Hx2h^HrpCXo95f3utP-b&%w80F}
zXFs@Jp$lbIL64@gc?k*gJ;OForPaapOH7zNMB60FdNP<*9<@hEXJk<uicDCAgmi8+
zbp&?&TCHcAHG~>9Rt=XhHR-5_$Ck-R?+1py&J3Y9^sBBZuj?GwSzua;C@9)@JZpaI
zE?x6{H8<Uy{RLC#p{nN725ZJg=)Ya`d?rT5Nj*5kLCv_EM1CjD{E)r87y?=f(Ejiv
z1Le$?-~lAK`FFnznR|rj?~1YT3ro3+$yO4Q7<hbPX_BrFs6rV)b`defKSTETu~Ph?
z+4Oup0?7r7-ED>@j9P06%K_m%9#nnp0Li;QAt{jf-7X%Pd2jHoI4As-9!UR=h6Rjc
z!3{UPWiSeLG&>1V5RlM@;5HhQW_&-wL2?%k@dvRS<+@B6Yaj*NG>qE5L*w~1ATP$D
zmWu6(OE=*<U1yCnW~tc~Lrgn{odcX>EHqy{($~U4zjxAwpPn42_%bdH9dMphiUU|)
z*+V@lHaf%*GcXP079>vy5na3h^>X=n;xc;VFx)`A<Hj4&=z$^B&moU)go8{sh>JEk
z<L&R_@Yg7;<?J0+QgJ-G+JccV-~7I1X!$%uXT~OML@XpxsV)f6UA2f%HrJDT&rsBc
zc}@^OSM+<B6`x2<E(W{c6+rM2iI<9B`r{_5#b)DBlA*Ebiq4Q_@s754WHK{)x-A6<
z!G`xb!nKY_pGUx76at%69G;Q{hFp?BH_}6=PcV(73^>YZFlS#Nc-GIHc}j06;cOU@
zAD7Egkw<2a8TOcfO9jCp4U4oI*`|jpbqMWo(={gG3BjuM3QTGDG`%y|xithFck}0J
zG}N#LyhCr$IYP`#;}tdm-7^9=72+CBfBsOZ0lI=LC_a%U@(t3J_I1t(UdiJ^@NubM
zvvA0mGvTC%{fj53M^|Ywv$KbW;n8B-x{9}Z!K6v-tw&Xe_D2{7tX?eVk$sA*0826(
z<Bwi3XXtDhLbAo`M8njMi%Fvta>uGz!K7$O#;K;1w<38Tjegl)PmRso`fc&>fAT5s
z7hzQe-_`lx`}2=c)jz6;yn(~F6#M@z_7@Z(@GWbIAo6A2&;aFf&>CVHpqoPh5#~=G
zav`rZ3mSL2qwNL+Pg>aQv;%V&41e|YU$!fQ9Ksle!XZ<KrjDDcVUTs>ERpjAowHtX
zi#0lnw{(zmk&}t`iFEMmx-y7FWaE*vA{Hh&>ieZg{5u0-3@a8BY)Z47E`j-H$dadu
zIP|PXw1gjO@%aSz*O{GqZs_{ke|&S6hV{-dPkl*V|3U4LpqhG0eVdqfeNX28hrafI
zE13WOsRE|o?24#`gQJs@v*EwL{@3>Ffa;knvI4@VEG2I>t-L(KRS0ShZ9N!bwXa}e
zI0}@2#PwFA&Y9o}>6(ZaSaz>kw{U=@;d{|dYJ~lyjh~@bBL>n}#@Kj<Z6_x;v!~DJ
z=PhbCfhq|L@vOLzvLG}Ok|D;uA;c30fb$Z1q8K!aF$x@K52-yRfnbMlh&YP!XY`9C
zEod&xhQ!9Ohyx&Ff;v`OH<IMOf>vXUOhrZ`DbnAtf5bz3LD@0RpmAyC-4<FZgSIC8
zse-W?*+bR99MQiZv!dRRCw|U7uAcNEB1118R^>cgu<7rZo&C3~A_jA*0)v|Ctcdu}
zt@c7nQ6hSDC@76c4hI<J-W-mORHHE{H6=Vqq4>&*v|5A0Mj4eQ4kVb0$5j^*$@psB
zdouR@B?l6E%a-9%i(*YWUAhxTQ(b@z&Z#jmIb9`8bZ3Um3UW!@w4%t0#nxsc;*YrG
z@x$D9Yj3EiA(-@|IIzi@!E$N)j?gedGJpW!7wr*7zKZwIFa>j|cy<(1`VV_GzWN=1
zc%OO)o*RRobvTZE<9n1s$#V+~5u8ZwmDaysD^&^cxynksn!_ypmx)Mg^8$jXu5lMo
zK3K_8GJh#+7HA1rO2AM8cK(#sXd2e?%3h2D9GD7!hxOE<!ya@xqGhImHX<IRW{gk-
z3F@;*YH%qF8Qia!v>KJZK&T`ZS0e*c9c36Y-6yz2D0>Kvqy(EuiQtUQH^~M*HY!$e
z20PGLb2Xq{3Ceg^sn+99K6w)TkprP)YyNU(+^PGU8}4&Vdw*u;(`Bw!Um76gL_aMT
z>*82nmA8Tp;~hwi0d<vk$$Oz=UR0xTyi9Ytg41q=hf8usfV;AXR0*^g_6j$GQ5nyU
z{eas+u+Aa}%HRC}d3kL%-*yd~Rq%Ob&JCmoA6rN`{5aF>3S{vCwD};P(%AVaBr=yJ
zqB?DktZ#)_VFh_X69lAHQw(ZNE~ZRo2fZOIP;N6fD)J*3u^YGdgwO(HnI4pb$H#9)
zizJ<>qI*a6{+z=j+SibowDLKYI*Je2Y>~=*fL@i*f&8**s~4l&B&}$~nwhtbOTr=G
zFx>{y6)dpJPqv={_@*<A5bkC<4AJ?9DcoT7q8E5VqUj#|zc&p9n8JCv-wgxV_tMBe
z+>!q0=jgw3^j`qi@!wiWiT_$1`SPUgaG<R(Cg4*8^`o})4I>&9z9u9=m5C8`GpMaM
z<LtOhy~ue+e5dP-5hk7Khu;onn$(?gn2iH5N;{t%pZqj6b+viBTWZ1wGPPgxjZy%y
zh;WW)smwDc2$cX)s&<k-OEDN$ZuiIx|2=}p)+av_&ss+2zR*w+cBU@ZVzs<b;GGQy
zn8y|4_|yT!*0??0FbO$~lp*mH!BDR~$Y}BHrPFE1CbUDjj%j~;V?|2*8M9z8zUsKQ
ze%X(_auX~W6I^x}Ifw+vlsYpwkeJ2<;zV5*mESpk`poG*wA`nQ0zPYIsXvpn=+Id$
z7m}ljX(MbINSez__E*s`J$MiWj#EsIEk`Gc>yMRSv2llS4F}L?233!)f?mvcYIZ~U
z7mPng^=p)@Z*Fp9owSYA`Fe4OjLiJ`rd<jbe(A7#CD6hQmNwB+KMILG4E#!;N+@Lr
zhpGMDoF&2zgUgO_Xmnz^+i<-Z3a7^Iwj3A6ShQz~*2FNy;9maIIE7<!g?SvWi}m;}
zl3xWd(}>M`-U(&z1B1`S`ufK_#T@_BvenxD<nCbMGyqrcmdUm0LP*z_3F=<E@C3F%
z?AHT|gwC{bc5Fd#y;!~li<xvI_ymoQfMK#SYzNCDkpOpgUU)^HKK5{|_1}{y9$8?&
z{OSmwqG^1=BXd<<&0VALL?Z0va0nqwMwZ$PIE(-ebSAtxxUi^oSCXahLo*U(fKE0X
z5cQAhX(#I+j)d|OM-sE*oxW0p9*pHH^7FfD`QzTDIjYNOv*V%pzw3uZ<1^HP^x)i|
zM#Ki>QU`deH$X5eMVO=;I4EJjh6?kkG2oc6AYF6|(t)L0$ukG}Zn=c+R`Oq;nC)W^
z{ek!A?!nCsfd_5>d&ozG%OJmhmnCOtARwOq&p!FzWl7M))YjqK8|;6sOAc$w2%k|E
z`^~kpT!j+Y1lvE0B)mc$Ez_4Rq~df#vC-FmW;n#7E)>@kMA6K30!MdiC19qYFnxQ*
z?BKegU_6T37%s`~Gi2^ewVbciy<HUXmVMl1>-m5%1P3$88r^`xN-+VdhhyUj4Kzg2
zlKZ|FLUHiJCZL8&<=e=F2A!j@3D@_VN%z?J;uw9MquL`V*f^kYTrpoWZ6iFq00uO+
zD~Zwrs!e4cqGedAtYxZ76Bq3Ur>-h(m1~@{x@^*YExmS*vw9!Suxjlaxyk9P#xaZK
z)|opA2v#h=O*T4<lFCRz4{2p8Y)TsmA7ye#wwYimPT^^_x(t?`i<T+at(hpAWR#kg
zN`H4$#;@km54))ep;)MM%U=k}n$f_3BxyJ)uTk>2z>Mub2O3Okd3GL86KZM2zlfbS
z{Vps`OO&3efvt->OOSpMx~i7J@GsRtoOfQ%vo&jZ6^?7VhBMbPUo-V^Znt%-4k{I#
z8&X)=KY{3lXlQg4^FH^{jw0%t#2%skLNMJ}hvvyd>?_AO#MtdvH;M^Y?OUWU6BdMX
zJ(h;PM9mlo@i)lWX&#E<Lo3?7^#)6SPS|4xBei1ee}7iK2FhlpdGTnqy-Zm|u9Gs&
z;yoAd;f#P()?*}rcda&5!(!cVs^nj|H^s}aOp9Q3B+()5NJ;js3B7skXA#;b(11P=
zYdy5{s`w?M;Wm#!_X4Q*5&zY<0UxMCg@*p6Wq%A7bL4Ok`ups{7mhoH`_r;W>@d4h
zj4Z0Czj{+i<n%#dq_ptl!Q*?nhqvSff8{=Uw_q3X8xZD40b>pPeW$Qtz_A52H<qC0
zswDyrkp$|0ql;i=kC45?=F)XGIEqcdTLIRlCQDpJoZ}!{qM;O;R6xgpk25jvbAos3
zp!WRMmtFtZ<@=}QtE*TFcZkYxo*PzSY=8(+q1^&i_}9DxL%U3yRz3V|IY}HpVT^d8
z3*x)q<BxWsJqi24!<iv81XJ{Dx)H!h#66>A<4$F9Qe4CiNQSNE2Q-d1OPObk<Os@|
z$d>4?7-&`={{yod5Iy3kB=PK3%0oYSr<fDG1Es{8o&SBJnI{H?h@52Ct}<l`9iNyn
zdI0?+0&Rg<zM7^juOkSO{1)-I$|@*xxI$7NhL&iUj%bulL8IM5Q0KPaYH+0?a6G6+
zd7(M#uM{6e$o%0$ib}#ri{FyWHZgu(v3oHbf<?pxz-H+=XyR(Qscq{uAeXN}25d)M
zvTjswQJf9kX4*qIcXXbH4ZhHqOD)H%&4EuAx*{Q+`boXe1hRL{B(M84ar1Cf5K6HK
z!rARVXTZ$t!E>`Gca120>CHbC<G%jEiPlq<Y07*T(yQ-5j_7~#st6f4ntW?!n%Fp6
zIDK0WDt%w@*_eHU-v2f6{C^hI3Y7j!LX+3^twz2{aV$8DC`83v0L_iDFtAugI&D5W
zKkz9B_jKDOdE6%S&%jrAIDN{qzSko@=FQ&Z<<9^S%Uz+P$@TBmbWd3`{y$&Wh}~pt
z(A5f*`r|a5>#SqE*ivL2R(YmI1A|nAT?JmK*2qj_3p#?0h)$#ixdmP?UejCg9%AS2
z8I(=_QP(a(s)re5bu-kcNQc-&2{QZ%KE*`NBx|v%K2?bK@Ihz_e<5Y(o(gQ-h+s&+
zjpV>uj~?rfJ!UW5Mop~ro^|FP3Z`@B6A=@f{Wn78cm`)3&VJ!QE+P9&$;3SDNH>hI
z_88;?|LHr%1kTX0t*xzG-6BU=LRpJFZucRBQ<^zy?O5iH$t>o}C}Fc+kM1EZu$hm%
zTTFKrJkXmCylFgrA;QAA(fX5Sia<H_aj?8ty=`4cRUhDYIb1X<o{ssu$utZH#crer
zOB?*m4zggY1V`F%^yk~_@t?01$MaBv-g%L4$L+igBI&{_V{-Gy_g_+T*$m!2>5TNo
z?=Ujz7$Q?P%kM$<sDB(a)CbA=IK3P=k%qJ{c*|YeYvlJ?ZR762lHIRJfTaJ9$3_HM
z)R;OY8M&K0fTmuwG!0MSrh7l8)TO4BSRve_x^s#6b@t@oGg{J?NNY^kU@_YlF;(79
z?qcF-_c<S?%8+p#?9Lip{vp2j^1Wih32#W08?Ly$0)5%*3ZWpokkki1RE!J8shI!K
zy6l$<YR6^?_l*UfFlqXq*VH5SaJ55^nwBrATvG>RK<Fbs{y`UeohwdGf76*{h(JKR
z|4G0~+1R?;{0sU0t1v1#8915z3j<E5pM0~NC|@0H6ZvyLq++Q=?1hixoc#Q`RV_uz
z>qRQisOexvV&L+bolR%`u`k;~!o(HqgzV9I6w9|g*5SVZN6+kT9H$-3@%h%k7BBnB
zPn+wmPY<Mj-tQiofHZG{B0Sbf^M1HWHH(Q-vLzr3@0k$O+v_5=A4jxG2r~KqfCNN{
zEYsuxYdt4~=~n}j(THNjDTI5z%q4A)77yBi5;GYtQyF1j?xnw(tVe)j-1I=;84f=}
zt@{VNy9@W`d3|8$@$34LSL^h~OTQ)r7LoE0|5X>NG)V2Jv`&$LoI*6d0EO^&Nh`E*
z&1V^!!Szd`8<TA$v8Iik)!L=ZE9k?*nI9KUHaKOsXv|v+C!f`$M0g~Hpy7fokrP@*
zy}_vl3MD6E^otQ6#Zhx~hMYofs1l?H0Zj`(<NA@Ug1e|_(O6q+S;to1kgr3$Fl)j=
zw~_dSC86Xv$Hu73bKp_%l{q_ZET!*?U8iM{0$3xn`|AVHrM@iLjY>_uf%OK?fuj~!
z%p9QLJ?V*T^)72<6p1ONqpmD?Wm((40>W?rhjCDOz?#Ei^sXRt|GM3ULLnoa8cABQ
zA)gCqJ%Q5J%D&nJqypG-O<q(E>X1`JLT+d`R^|0KtfGQU+jw79la&$GHTjKF>*8BI
z0}l6TC@XB6`<SCBf)%+uOU9)*N43Xrr!N`=N+^VMIheEEPvX%p2&hTg2@HY*(ZPJ)
zzK*o*&rNi7ldN<`$Cz|A-8Cl1pep+;><EING%dI*^=$3*%kJ#bIB`+5LlfK2QBu;&
zE?w3Z8|_2y7Nnr)227xG%~hxU3!sv6RC*k=bGJpy5koRHGo_KrSFx4?is|4h(-obn
zUUd{Jw07r9Af;TD=Nwej)^f|zN=)OLQZ<$6+?Q<D%ZDWDl5e2OnxuNlmT9YNH<TZG
z2wk<3q;Y3(oQE3$k%3wA>>7<&{6WX2kX4k+0SaI`$I8{{mMHB}tVo*(&H2SmZLmW*
z+P8N>(r}tR?f!O)?)df>HIu>$U~e~tflVmwk*+B1;TuqJ+q_^`jwGwCbCgSevBqj$
z<`Fj*izeO)_~fq%wZ0Jfvi6<3v{Afz;l5C^C7!i^(W>%5!R=Ic7nm(0gJ~9NOvHyA
zqWH2-6w^YmOy(DY{VrN6ErvZREuUMko@lVbdLDq*{A+_%F>!@6Z)X9kR1VI1+Ler+
zLUPtth=u~23=CqZoAbQ`uGE_91kR(8Ie$mq1p`q|ilkJ`Y-o<AJQHFrS5O{%p71x8
z3UiXGa%-+I(YC1j)#B-e*`fnglc$n<a@T}9NfG`s<wTnDc%(%1zyyM~ao8f2r=`tz
zFMO)B-N3svRstS#s5#n1k>b_=Nl(RF=o7k{47*I)F%_XMBz9uwRH8q1o$TkV@8Pwl
zzi`^7i;K6Ak7o58a_D-V0AWp;H8pSj<Tgt>bEs$4BxoJkkC6UF@QNL)0$NU;Wv0*5
z0Ld;6tm7eR%u=`hnUb)gjHbE2cP?qpo3f4w%5qM0J*W_Kl6&z4YKX?<AJ3F|9c)xl
zxg;Ji1s`IFT>iD@=McR!gTyhpGGYj!ljQm@2GL^J70`q~4CzPv@sz`s80FgiuxjAZ
zLq61rHv1O>>w1qOEbVBwGu4%LGS!!muKHJ#JjfT>g`aSn>83Af<9gM3XBdY)Yql|{
zUds}u*;5wuus)D>HmexkC?;R&*Z`yB4;k;4T*(823M&52{pOd1yXvPJ3PPK{Zs>6w
zztXy*HSH0scZHn7qIsZ8y-zftJ*uIW;%&-Ka0ExdpijI&xInDg-Bv-Q#Islcbz+R!
zq|xz?3}G5W@*7jSd`Hv9q^5N*yN=4?Lh=LXS^5KJC=j|AJ5Y(f_fC-c4YQNtvA<Ty
zSC#`YW&Ir@h<*_Fz=LJ$n(wb6^vG7*iYc%QsBFa^p*fL+L;pF@5LL8n^{NHC&%)|+
z-!u?9{xt}8WaeL6Z6`lCa&~NkL*6EF&cmfmam|bN(4RJFH`DXy>vn|(uP9@5Co{dL
z?7|=jqTzD8>(6Wr&(XYUEzT~-VVErf@|KeFpKjh=v51iDYN_`Kg&XLOIG;ZI8*U$@
zKig{dy?1H}UbW%3jp@7EVSD>6c%#abQ^<bsYt<l@_DV5e&<IhP`{YX#<O*~<NnHw#
zNMWuVT}aC2O+R;5g{3K12*ivcW$uK;2;t-)m#MRWt@%{h4vg2)P$DBb|C$?@Lx+hD
zUg*wTm*Bg`L?D$vJ#U7RO~D%UZ~u+GRGap(5BVy!o0i?`81G~fl(-~-{bcX&sUv*h
z|L+|mNq=W<!8f+M|1OvRQO77_;pq5{=KfVIzh~h8TcynWW=rP2^-{lFu{Rb`F{whL
zrG-~OYGGpuiy<e2G04;O8G6*v7st~s(QLVMZz65)=bi<Tg8I>YfcO(`)*HuvNc|j(
zyUbYozBR15$nNU$0ZAE%ivo4viW?@EprUZr6oX=4Sc!-WvrpJdF`3SwopKPyX~F>L
zJ>N>v=_plttTSUq6bYu({&rkq)d94m5n~Sk_MO*gY*tlkPFd2m=Pi>MK)ObVV@Sgs
zmXMNMvvcAuz+<$GLR2!j4w&;{)HEkxl{$B^*)lUKIn&p5_huD6+%WDoH4`p}9mkw$
zXCPw6Y7tc%rn$o_vy>%UNBC`0@+Ih-#T05AT)ooKt?94^ROI5;6m2pIM@@tdT=&WP
z{u09xEVdD}{(3v}8AYUyT82;LV%P%TaJa%f)c36?=90z><yy#^s2E@zx-P5=eR`yP
z(?WcaS4?K=+qc)oxK}A6WuF*IT8*0_W@9eJ{0WFrO<w!yl)=Oh%?N@@gV7u!_487n
zCrSkH@|hH3@JjMwlEUi_f=TAl6ku?Q(Fci@S-t)NHv3^=yHW_HG@9k6<<x~*QAo)H
zkft{?KE6oIf5PIG_>Dzk5mF2}Gs0jYCmufihid8(VFcZWs8#59;JCn{!tHu5kSBbm
zL`F{COgE01gg-qcP2Lt~M9}mALg@i?TZp&i9ZM^G<3`WSDh}+Ceb3Q!QecJ|N;Xrs
z{wH{D8wQ2+mEfBX#M8)-32+~q4MRVr1UaSPtw}`iwx@x=1Xv-?UT{t}w}W(J&WKAC
zrZ%hssvf*T!rs}}#atryn?LB=>0U%PLwA9IQZt$$UYrSw`7++}WR7tfE~*Qg)vRrM
zT;(1>Zzka?wIIz8vfrG86oc^rjM@P7^i8D~b(S23AoKYj9HBC(6kq9g`1gN@|9^xO
z{~h<P1`a0w2U4t1S+kk@FJ%(@-DZ*mHtkW;d`g)OsnuVU9d?wcBB(h8U?Nnu*h8Rm
z{gsPwL2^6LZaY6nph6_SEt`T;WH#cc1n5xdH#1Y~jv~xVzcZloTkO5Rg9B-}WSW7>
zbxGMHqGZ@eJ17bgES?HQnwp|G#7I>@p~o2zxWkgZUYSU<W;~pPqd-3oR>eB*KT{1Q
z*J3xZdWt`eBsA}7(bAHNcMPZf_BZC(WUR5B8wUQa=UV^e21>|yp+uop;$+#JwXD!>
zunhJVCIKgaol0AM_AwJNl}_k&q|uD?aTE@{Q*&hxZ=k_>jcwp}KwG6mb5J*pV@K+-
zj*`r0<L@}qc5j$I`Of>WuEU_8O=m&1<TP!aET0*K<03j_>!|rj9FG7ad<2px63;Gl
z9lJrXx$~mPnuiqIH&n$jSt*ReG}1_?r4x&iV#3e_z+B4QbhHwdjiGu^J3vcazPi`|
zaty}NFSWe=TDry*a*4XB)F;KDI$5i9!!(5p@5ra4*iW;FlGFV0P;OZXF!HCQ!oLm1
zsK+rY-FnJ?+yTBd0}{*Y6su|hul)wJ>RNQ{eau*;wWM{vWM`d0dTC-}Vwx6@cd#P?
zx$Qyk^2*+_ZnMC}q0)+hE-q)PKoox#;pc%DNJ&D5+if6X4j~p$A7-s&AjDkSEV)aM
z(<3UOw*&f)+^5F0Mpzw<GMhiim_dk_Mc53c<`l?9<~#)A5g5$dc(}2YvU2vb|8THS
zC&fU|EiTWDP!<K<F46!d9r51X`QNHYs?%&lvQj?H6?Wk*!VYi~B~2#5)S*q{mf+_?
z+fw{BTWVI7k?ukSqdDBxZ#nPWD$m46D8amF6e?Ya6_;6J4zV&>3zB1ZHl*B?C~Cx)
zuNg*>5RM9F5{EpU@a2E7hAE`m<89wbQ2Lz&?Egu-^sglNXG5Q;{9n(%&*kEb0vApd
zRHrY@22=pkFN81%x)~acZeu`yv<XXHzNN$(;vWEiAid8I;?SMCufbxy$fHJBSvE>K
zovAVJNykgxqkEr^hZksHkpxm>2I8FTu2%+XLs@?ym0n;;A~X>i32{g6NOB@o4lk8{
zB}7Z2MNAJi>9u=y%s4QUXaNdt@SlAZr54!S6^ETWoik6gw=k-itu_}Yl_M9!l+Rbv
z(S&WD`{_|SE@@(|Wp7bq1Zq}mc4JAG?mr2WN~6}~u`7M_F@J9`sr0frzxfuqSF~mA
z$m$(TWAuCIE99yLSwi%R)8geQhs;6VBlRhJb(4C<POh@J&+9+P^DnAMHDUjraFuDx
z39<woL0?64eS(i{t#bBA2!o&n8d}WHzsVxmq-T)c0-c!FV#aQ~Y;v0^{aTe7W2b$P
zD`4M+u928moUmwd-YXd4=3kBV$x<2{HvBdCGb{9Os%D45QlDVs)Rg%X*km^HjrJf~
zqs4XQ_Ypibn~BC#MA!vpquJ|W%}lB%(N97n7<vq{z0yJZJ(z+oypJw8G?yrYX00>x
zu)QIF%_W9+21xI45U>JknBRaZ9nYkgAcK6~E|Zxo!B&z9zQhjsi^fgwZI%K@rYbMq
znWBXg1uCZ+ljGJrsW7@<KOp%WjA7#n;*3d@n9an!NJ#w%J)Z2y-v9=)2ME51>x3h2
z;kn!J!bwCeOrBx;oPkZ}FeP%wExyf4=XMp)N8*lct~SyfK~4^-75EZFpHYO5AnuRM
z!>u?>Vj3+j=uiHc<=cD~JWRphDSwxFaINB42-{@ZJTWe85>-RcQ&U%<?@>?wK)vjz
z5u5fJYkck##j(bP7W0*RdW#BmAIK`D3=(U~?b`cJ<spcJHA%=SOfXR>&U2jHj}?w6
z_4BM)#EoJ6)2?pcR4AqBd)qAUn@RtNQq})FIQoBK4ie+GB(Vih2D|Ds>RJo2zE~C-
z7mI)7p)5(-O6JRh6a@VZ5~piVC+Xv=O-)=0eTMSJsRE^c1@bPQWlr}E31VqO-%739
zdcmE{`1m;5LH8w|7euK>>>U#Iod8l1yivC>;YWsg=z#07E%cU9x1yw#3l6AcIm%79
zGi^zH6rM#CZMow(S(8dcOq#5$kbHnQV6s?MRsU3et!!YK5H?OV9vf2qy-UHCn>}2d
zTwI(A_fzmmCtE@10yAGgU7R&|Fl$unZJ_^0BgCEDE6(B*SzfkapE9#0N6adc>}dtH
zJ#nt^F~@JMJg4=Pv}OdUHyPt-<<9Z&c0@H@^4U?KwZM&6<Lh96R)DLgc=1PcdRzTm
z&dEsCsCEABxa0O9wZYE;Anw4tlc!%4{JJw5Pm+&ry-#!6hz6dw6oIEC@p=beOTnID
z*Xz;*pk86>q0XjXc$>K3c&3iX<R|2Z9CVQ|5I4Zr?q=$v&Y09KmAfXDsLAx)N2?g0
zp$pi3CtKH}!wmjMGhDhyCbkY=S~l>LD9_%(?)?2kmZ=Ykb;)M`Tw=%_d=e@9eheGG
zk0<`4so}r={C{zr|6+_1mA_=a56(XyJq||g6Es1E6%fPg#l{r+vk9;)r6VB7D84nu
zE0Z1EIxH{Y@}hT<pXo_}L&^Ajuk!6(v=FS~1>+|#$0xn+CdMy6Uhh80eK~nfMEIpM
z`|G1v!USmx81nY8XkhEOSWto}pc#{Ut#`Pqb}9j$FpzkQ7`0<-@5D_!mrLah98Mpr
zz(R7<AsgLA6S-$?H{Wkn=SJ0rqPm$pwZMV_hPsQlnMqOSNucd>;ZcaR-$aKqUaO!j
z=7QT;Bu0cvYBi+LDfE_WZ`e@YaE_8CCxoRc?Y_!Xjnz~Gl|aYjN2&NtT5v4#q3od2
zkCQZHe#bn(5P#J**Fj4Py%SaaAKJsmV6}F_6Z7V&n6QAu8UQ#9{gkq+tB=VF_Q6~^
zf(hXvhJ#tC(eYm6g|I>;55Lq-;yY*COpTp4?J}hGQ42MIVI9CgEC{3hYw#CZfFKVG
zgD(steIg8veyqX%pY<Z{N;PLekmzdTZLUEK3{JhC6u=Nnf#Z$o@Oz)$#=6V-bHd56
zWv(auN#&8q+XKa+0ZxbG9xWgTE}pi%h<XYecBl$zLl(}uP<3K{_Qpn-L3WB>Moulq
zMUmbj8I`t>mC`!kZ@A>@PYXy*@NprM@e}W2Q+s?XIRM-U1FHVLM~c60(yz1<46-*j
zW*FjTnBh$EzI|B|MRU11^McTPIGVJrzozlv$1nah_|t4~u}Ht^S1@V8r@IXAkN;lH
z_s|WHlN90k4X}*#neR5bX%}?;G`X!1#U~@X6bbhgDYKJK17~oFF0&-UB#()c$&V<0
z7o~Pfye$P@$)Lj%T;axz+G1L_YQ<p}?h`H}#IhL$gy_J<iyJF82bHjyDxcVh9TS@(
zBWVigjslAwc%fiD;A;EJGUw=#J)r;hX3$K)zBb`I_T9c?|NjRX{-62%Oy#L>*#(qO
zQ<t?M6KK>ND$QTz(~8EF1c3<%;>dAiD$>8j@7WS$G_+ktE|Z?Cx<}HJb=!aChR&4z
ziD&FwsiZ)wxS4k6KTLn>d~!DJ^78yb>?Trmx;GLHrbCBy|Bip<@sWdAfP0I~;(Ybr
zoc<W?CLQkY)8E@5ou3W67g{hvtZNNfjZu#@UoFdy6wKOpSiLK#owR!#B>-@j?wA!$
zIP0m3;LZy+>dl#&Ymws@7|{i1+OFLYf@+8+)w}n?mHUBCqg2=-Hb_sBb?=q))N7Ej
zDIL9%@xQFOA!(EQmchHiDN%Omrr;WvlPIN5gW;u#ByV)x2aiOd2smy&;vA2+V!u|D
zc~K(O<ofM-E)oa1J%d$=X<W^qRA9pqn~$msY7;WLboGZnpwn`?Y}j=W8}s4L{us_d
zSr5HaZhAbOV=GHmdD3<nSg$$MORKfHyAS*NCHRrjSh|f@uf!XPfT}LQ(y&(xz4f1V
zA|mr5)b8c`DHvnScHNn(e@sC;6{w5R0AkPP4O31(<fcjOX__$cgr@*DtHxE#>VI8}
z0t|e0OQ7h23e01O;%SJ}Q#yeDh`|jZR7j-mL(T4E;{w^}2hzmf_6PF|<?vLi@C4^}
z`W1Etm0FE|U{w^aC>`gWVj{I?^2T3MBK>{?nMXed4kgNox2DP!jvP9v`;pa6AV)OD
zDt*Vd-x7s{-;E?E5}3p-V<b4+7PN*qLc2~Fjod;Su|u~oP8969U$XBfOCBlni2C!a
z+`}V$5Hos6gS1_cjaBO%)H=%N=-Bd0BwjgKP;)TeK9;qX2Q5K|-n<Z`c|W_`TY9F`
z9~_Y{I5;+QP^Q)>;Y#dB-@c5vTWfS7<=>E+tN$ME`Z7K$px@!%{5{uV`cH80|IzU!
zDs9=$%75P^QKCRQ`mW7$q9U?mU@vrFMvx)NNDrI(uk>xwO;^($EUvqVev#{W&GdtR
z0ew;Iwa}(-5D28zABlC{WnN{heSY5Eq5Fc=TN^9X#R}0z53!xP85#@;2E=&oNYHyo
z46~#Sf!1M1X!rh}ioe`>G2SkPH{5nCoP`GT@}rH;-LP1Q7U_ypw4+lwsqiBql80aA
zJE<(88yw$`xzNiSnU(hsyJqHGac<}{Av)x9lQ=&py9djsh0uc}6QkmKN3{P!TEy;P
zzLDVQj4>+0r<9B0o<J7dgr+CJ%o)@?fQhO`8b(PEBFo8mR&&Z8w_qx|*tIwP-ex6?
z3HED8c=Oogk-DOcp&Z8MtgV(>wxBt5Uz`!M_VSS|{(?`_e+qD9b=vZHoo6>?u;!IP
zM7sqoyP>kWY|=v06gkhaGRUrO8n@zE?Yh8$om@8%=1}*!2wdIWsbrCg@;6HfF?TEN
z+B_xtSvT6H3in#8e~jvD7eE|LTQhO_>3b823&O_l$R$CFvP@3~)L7;_A}JpgN@ax{
z2d9Ra)~Yh%75wsmHK8e87yAn-ZMiLo6#=<&PgdFsJw1bby-j&3%&4=9dQFltFR(VB
z@=6XmyN<QcXaXf!(W5rmqt?wg*j|HmkiS=^F@5+t-MT!5P0ebLZH*R|{@|bR!EQnw
zcH=vyEWekI`2UlbQn9i8{}?`XsEjFoF9-6v#!2)t{DMHZ2@0W*fCx;62d#;jouz`R
z5Y(t{BT=$<ViJ-e8>N4yr^^o$ON8d{PQ=!OX17^CrdM~7D-;ZrC!||<+FEOxI_WI3
zCA<35<qfV6)x_E#voH;)VbhGP8>va%4v>gcEX-@h8esj=a4s<wvJ3e2MtqV4>zW7x
z{0g$hwoWRQG$yK{@3mqd-jYiVofJE!Wok1*nV7Gm&Ssq#hFuvj1sRyHg(6PFA5U*Q
z8Rx>-blOs=lb`qa{zFy&n4xY;sd$fE+<3EI##W$P9M{B3c3Si9gw^jlPU-JqD~Cye
z;wr=XkV7BSv#6}DrsXWFJ3eUNrc%7{=^sP>rp)BWKA9<}^R9g!0q7yWlh;g<zBc-?
zaGM%MCadUqnSv$C^W}sc59-0BreO!U{Mm|03CDAgRc_dM>r_TEOD|#BmGq<@IV;ue
zg+D2}cjpp+dPf&Q(<RuHtO~&Za=?X_6<nz7w(HF9k0ZpKdtPF=yvHVvN@D1{T&=Ow
zIXOy02tRXE<`|>36sFU&K8}hA85U61faW&{lB`9HUl-WWCG|<1XANN3JVAkRYvr5U
z4q6;!G*MTdSUt*Mi=z_y3B1A9j-@aK{lNvxK%<ABSV(UXDR}tgQCAbq(aE-w5#QvQ
z^4cIwYTF>p23>M&=KTCgR!Ee8c?DAO2_R?Bkaqr6^BSP!8dHXxj%N1l+V$_%vzHjq
zvu7p@%Nl6;>y*S}M!B=pz=aqUV#`;h%M0rUHfcog>kv3UZAEB*g7Er@t6CF8kHDmK
zTjO@rejA^ULqn!`LwrEwOVmHx^;g|5PHm#B6~YD=gjJ!043F+&#_;D*mz%Q60=L9O
zve|$gU&~As5^uz@2-BfQ!bW)Khn}G+Wyjw-19qI#oB(RSNydn0t~;tAmK!P-d{b-@
z@E5|cdgOS#!>%#Rj6ynkMvaW@37E>@hJP^82zk8VXx|3mR^JCcWdA|t{0nPmYFOxN
z55#^-rlqobcr==<)bi?E?SPymF*a5oDDeSdO0gx?#KMoOd&G(2O@*W)HgX6y_aa6i
zMCl^~`{@UR`nMQE`>n_{_aY5nA}vqU8mt8H`oa=g0SyiLd~BxAj2~l$zRSDHxvDs;
zI4>+M$W`HbJ|g&P+$!U7-PHX4RAcR0szJ*(e-417=bO2q{492SWrqDK+L3#ChUHtz
z*@MP)e^%@>_&#Yk^1|tv@j4%3T)<fhL{STWCKVgP7+L7gGirDH*j4IcU3f+n$%@j+
zeIwPIz$nGcF%^9^L2-@+?uuB<mmhNS>diEXATx4K*hcO`sY$jk#jN5WD<=C3nvuVs
zRh||qDHnc~;Kf59zr0;c7VkVSUPD%NnnJC_l3F^#f_rDu8l}l8qcAz0FFa)EAt32I
zUy_JLIhU_J<Uo3Dow}b4<sm|~AepFFx<JRQ;@C=8w-3XbRxy&{Ri1>^l~FRH&6-iv
zSpG2PRqzDdMWft>Zc(c)#tb%wgmWN%>IOPmZi-noqS!^F<U+etqoP_oqv6A;<$i>t
zb81pRcQi`X#UhWK70hy4tGW1mz|+vI8c*h@fFGJtW3r>qV>1Z0r|L>7I3un^gcep$
zAAWfZHRvB|E*<aeKQiWTU&n{UPJAOz<P@4JLqbvAGWRlxF3rJT%Zs#uS%ba=YGlv6
zm;ga0Ewku2<S19&D8R64@(L`VAVh(8wD|a2r+h;*m)6-DlG$`>kktY$qQP_$YG60C
z@X~tTQjB3%@`uz!qxtxF+LE!+=nrS^07hn`EgAp!h|r03h7B!$#<HdIGQExFhMG!)
zfkjs5v&9PaH42FGQy5*O@=Mvk-UY_Gjdhg{vXsB7u`m7#3R)`#yb_psv&Go{I{71(
zPz_@Kp_dr6+OaLI-Jh6nqN`=rKkn2-j4l=~YV<9a%WWWoOL5m!gNO<%&fi56IJq$3
z#9Y||T~aHe+CWEN85g|<-R(`rSx|8q&z5fGd75dhW<xu{a>OZW#ACD+M;-5J!W+{h
z|6I;5cNnE(Y863%1(oH}_FTW})8zYb$7czPg~Szk1+_NTm6SJ0MS_|oSz%e(S~P-&
zSFp;!k?uFayytV$8HPwuyELSXOs^27XvK-DOx-Dl!P|28DK6iX>p#Yb%3`A&CG0X2
zS43FjN%IB}q(!hC$fG}yl1y9W&W&I@KTg6@K^kpH8=yFuP+vI^+59|3%Zqnb5lT<C
z_&&||JwB2A8I(SxBd85_4FP4jGKo^H&e|eh{d@VmkE?$Kgi<iX4wyn09aB8Tf;0fM
zC8){<Qgh<n659r*EfjMjE^|aLlTWs>DAykf9S#X`3N(X^SpdMyWQGO<uE=seV_X&n
zqnW_Lk7sq{{&Q9?zp^a+hc!9kPH%|mucKx2@`VUe$H6R>QRjhiwlj!0W-yD<3aEj^
z&X%<ayxe}$9y@mShqPE>=?`6lCy~?`&WSWt?U~EKFcCG_RJ(Qp7j=$I%H8t)Z@6Vj
zA#>1f@EYiS8MRH<GjGM;DtcQ_6CnGGZEFIC{oVB-i}}7|r?+TCBn^~xMYR1g0)Sx$
zEjbHH8xH6*4MzpCVY~oV)XnYWx^M#3>ZphpMA_5`znM=pzUpBPO)pXGYpQ6gkine{
z6u_o!P@Q+NKJ}k!_X7u|qfpAyIJb$_#3@wJ<1SE2Edkfk9C!0t%}8Yio09^F`YGzp
zaJHGk*-ffsn85@)%4@`;Fv^8q(-Wk7r=Q8pT&hD`5(f?M{gfzGbbwh8(}G#|#fDuk
z7v1W)5H9wkorE0ZZjL0Q1=NRGY<o7#$@8F`!^QQ~Gv>>zwgfm81DdoaVwNH;or{{e
zSyybt)m<=<Vv7lN92gNv->zXoA^RALYG-2touH|L*BLvmm9cdMmn+KGopyR@4*=&0
z&4g|FLoreZOhR<Y)DXC&;d=#e1HGk8LY;(aRJpcT4vE?_ZuN@`wVDIg%|R*=%xWzK
zr4jboKeb0rtwd<hA~78z6+Pa!>mh=)R0bg~T2(8V_q7~42-zvb)+y959OAv!V$u(O
z3)%Es0M@CRFmG{5sovIq4%8Ahjk#*5w{+)+MWQoJI_r$HxL5km1#6(e@{lK3Udc~n
z0@g`g$s?VrnQJ$!oPnb?IHh-1qA`Rz$)Ai<6w$-MJW-gKNvOhL+XMbE7&mFt`x1KY
z>k4(!KbbpZ`>`K@1J<(#vVbjx@Z@(6Q}MF#Mnbr-f55)vXj=^j+#)=s+ThMaV~E`B
z8V=|W_fZWDwiso8tNMTNse)RNBGi=gVwgg%bOg8>mbRN%7^Um-7<qV!+EeJ_zzmJ+
zTgur}U#*6$Xcp8z*Erk}1Kx!T1TSj!Nswevz_ql(^DNp0ZbjpmY1w3W5F<##TmeY9
z1I$!r%9zh+l}r0Y03NDni(BSIIE9`<14)`F(O%vG+8J>oj4=6`$|(K7!+t^90a{$1
z8Z>}<#!bm%ZEFQ{X(yBZMc>lCz0f1I2w9SquGh<9<=AO&g6BZte6hn>Qmvv;Rt)*c
zJfTr2=~EnGD8P$v3R|&1RCl&7)b+`=QGapiPbLg_pxm`+HZu<m?!7U-4WAkRIvA?n
zkvkJk^_16ra(2ol=>rtFZ;wZ=`Vk*do~$wBxoW&=j0OTbQ=Q%S8XJ%~qoa3Ea|au5
zo}_(P<!sMD{S;N+2xm_Iy|A<THmJ(q(zBs9{`8hwZw!;sY52Mv{PZHNHdMGpe-l}X
zgFAc7L((Zh-efNS8&OBK-q*?=k1^yLp9oq?XKGDo7f{c}l4LuYSg!=s#O8zm>;=!y
z-AjFrERh%<NThjqhiN^V&cU^&0-;PJ-F8o{_0WafIFBVHmq4f^7G$>8l<Q<3EuAjQ
z2q!ir*~U)WahySJt}|r+?=qIwHXpDm6o0y4zu1;usI_fWkfUF+HsiI?ahJJ9;Zy11
z^6IY&Kw{T6$^HwGhw+Cf&Eq|(xs<PVL%KQ(Q(mvhGN-!4ZWNu3_#zaJTKdHI-8`QW
zO9D^dPb8JaC}@_xNk?GJ!lvd3ZMmgA6_e+p#@uxY5VKmuz<aik42){V43PazPE_}c
z*!@hylFvpJ9qtcUEd#F;R*Z*5^rX1nTU*fWk^}Q55;Q5lk8=t6r#5<g@CoRaOWly*
zek@2htiS<GRTz8ghOM`CwfXzHPsayr?@$gd?xR|uU$EmVB>a!z6Fn@lR?^E~H12D?
z8#ht=1F;7@o4$Q8GDj;sSC%Jfn01xgL&%F2wG1|5ikb^qHv&9hT8w83+yv&BQXOQy
zMVJ<h%wEQI?90-3Iwb5Q2a%HTg`X<|!{)4eIVme?9=s)>SBL(Ky~p)gU3#%|blG?I
zR9rP^zUbs7rOA0X52Ao=GRt@C&zlyjNLv-}9?*x{y(`509qhCV*B47f2hLrGl^<@S
zuRGR!KwHei?!CM10pBKpDIoBNyRuO*>3FU?HjipIE#B~y3FSfOsMfj~F9PNr*H?0o
zHyYB^G(YyNh{SxcE(Y-`x5jFMKb~HO*m+R%rq|ic4fzJ#USpTm;X7K+E%xsT_3VHK
ze?*uc4-FsILUH;kL>_okY(w`VU*8+l>o>JmiU#?2^`>arnsl#)*R&nf_%>A+qwl%o
z{l(u)M?DK1^mf260_oteV3#E_>6Y4!_hhVDM8AI6MM2V*^_M^sQ0dmHu11fy^kOqX
zqzps-c5efIKWG`=<xP|}i?;|Ha4Ho!yWz@5!M=V~bc)aJpXa3@dSFq!67b<KyrYoy
z^rImueW0uZ>Es(9&S@K@)ZjA{lj3ea7_MBPk(|hBFRjHVMN!sNUkrB;(cTP)T97M$
z0Dtc&UXSec<+q?y>5=)}S~{Z@ua;1xt@=T5I7{`Z=z_X*no8s>mY;>BvEXK%b<X{{
z%STg47gt$X*9kutJS&BGvKTvIweD(VYC<ntwQMUA5>`a6(DTS6t&b!vf_z#HM{Uoy
z_5fiB(zpkF{})ruka$iX*~pq1ZxD?q68dIoIZSVls9kFGsTwvr4{T_LidcWtt$u{k
zJlW7moRaH6+A5hW&;;2<oIH0nh^_?~eM}}~M7RGy;nU|Q_W|eq@L03*W<UGBkT&I?
zZq{4O%6R@g4^9BKqeDs()g%6Z`RPF)ydD2q8w2L|?G6ragu-Hm=md;sV(YRKmTS5{
z_zi+ns1c)&a1_t)h6&9F$1NT+<uEnM6G8{C<Lg(8m7?V_PW;n-jq|<XvRcYiZ=8$4
z=u~^;ePSN}YzFqC(YI$x)`<b55vQhNpTU{E3=Lm@BZ{S%qMhHcZ_)Zu0LFnjvj~2F
zq^PLetO|gRSn-Sj4cEB&J5tdh4j{U(o~Fs~6f!EiUkMIpVkbfns$%>O#$oKyEN8kx
z`LmG)Wfq4ykh+q{I3|RfVpkR&QH_x;t41UwxzRFXt^E2B$domKT@|nNW`EHwyj>&<
zJatrLQ=_3X%vd%nHh^z@vIk(<5%IRAa&Hjzw`TSyVMLV^L$N5Kk_i3ey6byDt)F^U
zuM+Ub4*8+XZpnnPUSBgu^ijLtQD>}K;eDpe1bNOh=fvIfk`&B61+S8ND<(KC%>y&?
z>opCnY*r5M+!UrWKxv0_QvTlJc>X#AaI^xoaRXL}t5Ej_Z$y*|w*$6D+A?Lw-CO-$
zitm^{2Ct82-<0IW)0KMNvJHgBrdsIR0v~=H?n6^}l{D``Me90`^o|q!olsF?UX3YS
zq^6Vu>Ijm>>PaZI8G@<^NGw{Cx&%|PwYrfwR!gX_%AR=L3BFsf8LxI|K^J}deh0Zd
zV?$3r--FEX`#INxsOG6_=!v)DI>0q|BxT)z-G6kzA01M?rba+G_mwNMQD1mbVbNTW
zmBi*{s_v_Ft9m2Avg!^78(QFu&n6mbRJ2bAv!b;%yo{g*9l2)>tsZJOOp}<O4sc<y
zR1sNBy|5I7n74G=1z0Dr2ehy3iPvLBZ;f-bZ-*+w=#CC69w!XBK{CuqVUpHW<6EX=
z3mlpSo;1W`I<PzL`wVUn4zAc@>U~8VUH`}$8p_}t*XIOehezolNa-a2x0BS})Y9}&
z*TPgua{Ewn-=wVrmJUeU39EKx+%w%=ixQWKDLpwaNJs65#6o7Ln7~~X+p_o2BR1g~
zVCfxLzxA{HlWAI6^H;`juI=&r1jQrUv_q0Z1Ja-tjdktrrP>GOC*#p?*xfQU5MqjM
zsBe!9lh(u8)w$e@Z|>aUHI5o;MGw*|Myiz3-f0;pHg~Q#%*Kx8MxH%AluVXjG2C$)
zWL-K63@Q`#y9_k_+}eR(x4~dp7oV-ek0H>Igy8p#i4GN{>#v=pFYUQT(g&b$OeTy-
zX_#FDgNF8XyfGY6R!>inYn8IR2RDa&O!(6<nXs{W!bkP|s_YI*Yx%4stI`=ZO45IK
z6rBs`g7sP40ic}GZ58s?Mc$&i`kq_tfci>NIHrC0H+Qpam1bNa=(`SRKjixBTtm&e
z`j9porEci!zdlg1RI0Jw#b(_Tb@RQK1Zxr_%7SUeH6=TrXt<MN?vn1gM{@sUcicXM
zx<wh*157!ACmet?8y}@k4YruRB)zu6|2SUr_SY$8aVT%f+nX!cL>3J@js`4iDD0=I
zoHhK~I7^W8^Rcp~Yaf>2wVe|Hh1bXa_A{oZ9eG$he;_xYvTb<C^^O*ri<NP#2zDKa
z{3y0iUAX-bh($%SEY-zDrc(H;-{|C^MBH%7Q<XKr(!C2H!h20PxJ$fAhF>TD#moBy
zY57-f2Ef1TP^lBi&p5_s7WGG9|0T}dlfxOxXvScJO1Cnq`c`~{Dp;{;l<-KkCDE+p
zmexJkd}zCgE{eF=)K``-qC~IT6GcRog_)!X?fK^F8UDz$(zFUrwuR$qro5>qqn>+Z
z%<5>;_*3pZ8QM|yv9CAtrAx;($>4l^_$_-L*&?(77!-=zvnCVW&kUcZMb6;2!83si
z518Y%R*A3JZ8Is|kUCMu`!vxDgaWjs7^0j(iTaS4HhQ)ldR=r)_7vYFUr%THE}cPF
z{0H45FJ5MQW^+W>P+eEX2kLp3zzFe*-pFVAdDZRybv?H|>`9f$AKVjFWJ=wegO7hO
zOIYCtd?Vj{EYLT*^gl35|HbMX|NAEUf2ra9dy1=O;figB>La=~eA^#>O6n4?EMugV
zbbt{Dbfef5l^(;<sI)scNJ%SQ9$K!vNRbzd+>}5kZ@!XaWwF8z0vUr6r|+QN*|WpF
z^*osUHzOnE$lHuWYO$G7>}Y)bY0^9UY4eDV`E{s+{}Z$O$2*<BOA6I3;<NrDVQ4s2
zIfVaYE&*L*m?5ZhlxYhda<g)Dd@~IlHC2|{jUcED1F?BO`PmH-UCFaDuWs*{L3{4*
z0z{KHmp_`9=zt}nQ!mV3-R@@#gD(0Ld*Hy)z$E?rUU)M}k{%L}p6X2^LnoF1dZ%i1
z)t-#O9jyIJVRL)Qt`-#5M0+NqV-PVlb7SI2K}l-+U-~l;5$<^0l-avJs8ds>lMEYl
zTA`ki(<0(Yrm~}15V-E^e2W6`*`%ydED-3G@$UFm6$Zt<!`ZkjDH&6TK}z@CYl>Lx
z+av`BhsHcAWqdxPWfu2*%{}|Sptax4_=<R<A6CRzV?ngW$u81OiFs*v>NpDMeWy$*
zZM6__s`enB$~0aT1BU^2k`J9F%+n+lL_|8JklWOCVYt*0%o*j4w1CsB_H<ocYa*hh
zn#PgcBypg?L@HE$`~EnjsDM{n!mQfdMxE;&9{rhbM+&9e^5XWKDy!6dqg&12zZG2b
ziC&cJeRz+=Pp)$ET}Fe8=vhXY5)`OgsyDb`eY)<;Xt~2G%WP5wn@Cp=`Co=J^^rB&
zzkA0aUOVP48<>^tVpYT_LLyKuyk=CV6~1M<7~^FylL*+AIFf3h>J=x$ygY-BG}4LJ
z8XxYPY!v7dO3PVwEoY=`)6krokmR^|Mg5ztX_^#QR}ibr^X-|_S<y(g3|);DrRA{3
zL>t#rtv3gukh0(#A=<azq_3u@Y=}xxHXh$fIjxt)*kuy_ugcB@9IEgC<CcWUmLZZo
z!elMG#9*=)StB&|ePj@oELkFkEQN-UEJ-QyLnTXv5=oW_Nre!~8tH!|-^n%Pf1YQa
zDV*2)%vtU|_s;#iKaP2)5e{0XqCGE?_zdPHsNq|SP&V6s9J^g*H{i!HsvV*<j6U=0
z+b^Z+R{Tjb`8)acWPa%_?R8Pdig!fW>};NPlNz57ZDFJ9hf#NP50zS)+Fo=StX)i@
zWS?W}i6LjB>kAB~lupAPyIjFb)izFgR<Fj~*SzM`gd%NkEj`nduLBa;`-%r87Z{X|
zPS})G+qW4lsMQ>q*iS*(Jt509jNr3r72{Gj`5DGoj;J&k5G@Rm!dJ($ox>SbxR)fc
zz|Phug;~A7!p@?|mMva@rWuf2fSDK_ZxN3vVmlYz>rrf?LpiNs)^z!y{As@`55JC~
zS*GD3#N-ptY!2<613UelAJ;M4EEI$dm)`8#n$|o{ce^dlyoUY3bsy2hgnj-;ovubb
z<GNxaXJA}xG^JOs7p2*l>g2h1rZA6Ot}K_cpYBpIuF&CyK~5R0Wv;kG|3<D^5vSh;
zd{=n?{rC6Tj?k+N=(=bMJWE%vIry`Od)F9~;x!r1yy#0Niq$3O@<Lb|@C6QPlLed-
zRAlB4?FGq?Y?Cj4B<&aaR!?!f^jeXYY?@ZIT@e%hb#2YUKDU8zEQx;eu%38jBK=r@
ziio8p*T)~PvZc%)K3rt@;-?gae6AX}k50+Zxkuw&SX?Q2?}FPbhF4iaL&6LGC5$!O
zR9(UoKIQN7ib;pRy->A^8K3nk{rw$Be8u@aos#qvKQKJyVU$cX6biw&Ep#+q7upFX
z%qo&`WZ){<%zh@BTl{MO@<Tz!Hn!%QQt&eu0h5A-3e5F4jZG7&G;_#Bct_~Yk+5h*
zUuOC~sVC#|nrwYI)dhO=b<!AXCLS}6N*iCiAY6^3X8YC#4+)$Ai4ezAiPzuJ&)LRs
zpJi{r6J~e{4>v9#;t+cb7so0Uz49Fmo1e4>y!vUyIHadguZS0T7-x#_drMXz*16*c
zymR0u^`ZQpXN}2ofegbpSedL%F9aypdQ<OKIaT6Q@4=q)<9N8gb)8&U&4Y*GzDoX-
zskRGMd6l{Gi5Y?K4ZrzoXo&V!bz^wqqP~`gc4O-YIsJyIjBhPm&mRsr(o?P4{z9`u
zZ1@HXnvWra<zyQ=j@dUBNiV@{bE~31%QrYh=%|&JGW(f{?R&Td7xu>crzjzPlBW0j
zMlPzC&ePZ@Cq!?d%9oQNEg0`rHALm8l#lUdXMVEqDvb(AID~H(?H9<MnCQU|J_zl=
zr(g9tFj8}W-<|DF+|NHq3^`pb${4ZQ-@lU|ADq)mE<Hl4fb58$3Hr&Jb~1iOdW;k)
zQZ;QXdDJ2Al36y~HC_ESH*0B0`6A}meb2+4eEAL?3`MqnIFx)0=a0QO+@<=%@_clY
zFB%f@gHMZQeT_1<y%ac}CN(>z!e9G98fG@IzhajKr)3{L_Clu1(Bwg`RM!-(MOuZi
zbeDsj9I<vi0*E>3(~EITsE=3Z)a|l_rn8W92U0DB70gF7YYfO0j!)h?QobY1lSR>0
z_TVw@$eP~3k8r9;%g%RlZzCJ2%f}DvY`rsZ$;ak&^~-`i%B%+O!pnADeVyV!dHj|}
zzOj#q4eRx9Q8c2Z7vy9L&fGLj+3_?fp}+8o`Xpwyi(81H|7P8#65%FIS*lOi={o&v
z4NV$xu7az4Nb50dRGZv<<eBLcR!-xW^AVQ%MqW1pXsNkcX){yG2ERv4%s1`&6eY($
zeL!Gjo7VuULdEifcK;{OHXkgV(wEB}C*C$Ahb&P@l&K!Iz8>tdZCx4Ek<_o3!mAT}
zL5l*<xCpQPnrY2uVEOT`<t;%p2w8oj%%s?T=c{^<-JISQG;@fZ{>|K3Qr-)W8paaG
z&R6{ped_4e2cy}ejD0!dt{*PaC*^L@eB%(1Fmc%Y#4)~!jF#lCGfj#E??4LG-T;!M
z>Uha}f;W>ib_ZL-I7-v9KZQls^G!-JmL^w;=<uI3uNccM-P_yZS(fvmB9aouXx`xJ
zVS+3vt}jXI84t<35;FW!P$MxEEpeyMgJQSHHHY&>^}?!RXK;m4$#MwI2AH-l7M2-0
zVMK8k^+4+>2S0k^N_40EDa#`7c;2!&3-o6MHsnBfRnq@>E@)=hDulVq-g5SQWDWbt
zj6H5?QS2gRZ^Zvbs~cW|8jagJV|;^zqC0e=D1oUsQPJ3MCb+eRGw(XgIY9y8v_tXq
z9$(xWntWpx_Uronmvho{JfyYdV{L1N$^s^|-Nj`Ll`lUsiWTjm&8fadUGMXreJGw$
zQ<eTSvsY@Ng$H|yh>**m+Tj|(XG}DyUKY~2?&9&n6SJ@9VKa9Hcayv{ar^pNr0WHy
zP$bQv&8O!vd;GoT!pLwod-42qB^`m!b7nP@YTX}^+1hzA$}LSLh}Ln|?`%8xGMazw
z8WT!LoYJ-Aq3=2p6ZSP~uMgSSWv3f`&-I06tU}WhZsA^6nr&r17hjQIZE>^pk=yZ%
z06}dfR$85MjWJPq)T?OO(RxoaF+E#4{Z7)i9}Xsb;Nf+dzi<vUQgqG#lJT5XFv8lf
zMO{Ipu9kmtewMtH-Fh^{wB;%0!dT`gL&SZ2dCbSA4=hjUVtF&Tsy%)PvMVa@3ATDQ
zoxAVLsS$o$x+P+2kZ%F`MXyrNU}mUro?B5uP5wp-&&P<oj~OkR_D}g2d+x@DaIw1w
zM}&(9Ntp=xBvw#bryW&;we!_IA?@V#ZE=3ix=-y^Q_jdhn6IZyu**T(@<%)$zQ-Di
zdR(`t5`EL5e(!zD-O0dyHF)ju_&2h=Z~dr`jz>g61HO;@JX1Lf9)R5j9)Oi6vPL{H
z&UQ9ln=$Q8jnh6-t;`hKM6pHftdd?$=1Aq16jty4-TF~`Gx=C&R242uxP{Y@Q~%O3
z*(16@x+vJsbW@^3tzY=-5MHi#(kB};CU%Ep`mVY1j$MAPpYJBB3x$ue`%t}wZ-@CG
z(lBv36{2HMjxT)2$n%(UtHo{iW9>4HX4>)%k8QNnzIQYXrm-^M%#Qk%<RlGayCy=r
zjlTscbZT7ND>9odbUrZDz1YPdY`2Z4w~p!5tb^m(mUfk}kZ9+EsmenQ)5iwiaulcy
zCJ#2o4Dz?@%)aAKfVXYMF;3t@aqNh2tBBlBkCdj`F31b=h93y(46zQ-YK@+zX5qM9
z&=KkN&3@Ptp*>UD$^q-WpG|9O)HBXz{D>p!`a36aPKkgz7uxEo0J>-o+4HHVD9!Hn
z${LD0d{tuGsW*wvZoHc8mJroAs(3!FK@~<}Pz1+vY|Gw}Lwfxp{4DhgiQ_SSlV)E|
zZWZxYZLu2EB1=g_y@(ieCQC_1?WNA0J0*}eMZfxCCs>oL;?kHdfMcKB+A)Qull$v(
z2x6(38utR^-(?DG>d1GyU()8>ih3ud0@r&I$`ZSS<*1n6(76=OmP>r_JuNCdS|-8U
zxGKXL1)Lc2kWY@`_kVBt^%7t9FyLVYX(g%a6>j=yURS1!V<9ieT$$5R+yT!I>}jI5
z?fem|T=Jq;BfZmsvqz_Ud*m5;&xE66*o*S22vf<!Pj2B011t5fZR;wg;81WhquWo3
z=5Brjf2Yo~bF0PI@;AHGFZz_p81P2I$)tAKS;H{?^`+|R&295BUWatUPnXEW2K$xV
zD>-L+Mo<Xrp>smUPPA}~wy`kntf8rIeP-m;;{<y(3d3{~6j_#fI{Op7S`((Aeo`&B
z+m7e%6+GjTltYd>`xe}9E~G7J!PYoVH_$q~NzQa<kX@*i%ImU77d;fj^d{~xwvbY8
z>b?F8vWUja5BJ!T5%5IpyqI#Dkps0B;<L?NIy>gQ*z?c#N>spFw|wRE$gY?y4wQbJ
zku2sVLh({KQz6e0yo+X<!EPRO88Q0>!rV#8n8<;bHWd{ZLL_(*9Oi)&*`LBdGWz>h
zx+p`Wi00u#V$f=CcMmEmgFjw+KnbK3`mbaKfoCsB{;Q^oJgj*LWnd_(dk9Kcssbj`
z?*g8l`%{*LuY!Ls*|Tm`1Gv-tRparW8q4<k8&-s`)FWAv`m(y>AK(5pfJFY5>@qO(
zcY>pt*na>LlB^&O@YBDnWLE$x7>pMdSmb-?qMh79eB+Wa{)$%}^kX@Z3g>fytppz!
zl%>pMD<vyvH;~&Te0g^PMLX&*`ey>(Yw+5=!UgYHLD69JiJ;YhiGeEyZM$Au{ff;i
zCBbNQfO{d!b7z^F732XX&qhEsJA1UZtJjJEIPyDq+F`LeAUU_4`%2aTX#3NG3%W8u
zC!7OvlB?QJ4s2#Ok^_8SKcu&pBd}L?vLRT8Kow#<jx-2?n>xARt`5&Cg=ygYuz>>c
z4)+Vv$;<$l=is&E{k&4Lf-Lzq#BHuWc;wDfm4Fbd5Sr!40s{UpKT$kzmUi{V0t1yp
zPOf%H8ynE$x@dQ_!+ISaI}#%72UcYm7~|D*(Fp8xiFAj$CmQ4oH3C+Q8W=Y_9Sp|B
z+k<%5=y{eW=YvTivV(*KvC?qxo)xqcEU9(Te=?ITts~;xA0Jph-vpd4@Zw#?r2!`?
zB3#XtIY^wxr<ZJQ1Xf2Fm=&ve)9diuv0i9b*Y%dnt@rP1{Xv)R1mm{4OE0PrZ{Hst
zu)kU2syf=)xDaouaYIN%1v3c=3+O=ZRUh2|wGo;)ZTzwPGzK(O5*&-TR?&`_6Q${3
z9M+vkLyRYqaHPQS2LP7>pjJv&(7Xjvm>$TIg2ZC&+^j(gT0R|&4cb)=92-2Hti1`&
z=+M;*O%_j3>9zW|3h{0Tfh5i)Fa;clGNJpPRcUmgErzC{B+zACiPHbff3SmsCZ&X;
zp=tgI=zW-t(5sXFL8;ITHw0?5FL3+*z5F-KcLN130l=jAU6%F=D<vyvbS=<h-2^uq
zVd+<xzt8c~eycwHQv4mXGBn-IO8u-LyS0^9GLEdjzlGwVDNG3X@iS}Mwu0ZxwGmVZ
zntFgBlo7Z_=&$y#lZXI{hkED}@G`+0;UU|9C>ClRPrzO|zY+HD`zlZ-)JT}X?2g!o
zxg4Ld-mx6&*-N0-MQ(z+zJo8c`B39gf{-h2vqH<=^T&o1Dgd>4BnVht+JwLcrjJl1
zsP!8`>3-rSls07q2i1hScM&x0lQyBbk(U=#3hI7Bkh*kj6H*&^p+J?OMiT_3*vw5R
zEl&p|QQHZq6f~TlAeDGy(^BC0vUK?V&#ezC0*#R-h}_8Cw8-*${mVfHssathC8%VA
zUE^Qd!;Rvym%|f@?-!sEj|73Vg8!$$zj_QBZAOraF5HCFKl=(Ac|_p%-P;6z<2WSf
zz(9jF2x7ZR{w+p)ETCW06PVt0YnZ>gW9^sr&~`%a_7j-Ful~*4=o|&TM@k@Px2z>^
t{*Ed16F~3V5p+(suF-++X8+nHtT~NSfJ>UC3v)>lEpV}<+rIR_{{yMcG_L>v
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
index 8049c684..1af9e093 100644
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,7 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.5-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.5-bin.zip
+networkTimeout=10000
+validateDistributionUrl=true
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
diff --git a/gradlew b/gradlew
index 1b6c7873..1aa94a42 100755
--- a/gradlew
+++ b/gradlew
@@ -55,7 +55,7 @@
# Darwin, MinGW, and NonStop.
#
# (3) This script is generated from the Groovy template
-# https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+# https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
# within the Gradle project.
#
# You can find Gradle at https://github.com/gradle/gradle/.
@@ -80,13 +80,11 @@ do
esac
done
-APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
-
-APP_NAME="Gradle"
+# This is normally unused
+# shellcheck disable=SC2034
APP_BASE_NAME=${0##*/}
-
-# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
+APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD=maximum
@@ -133,22 +131,29 @@ location of your Java installation."
fi
else
JAVACMD=java
- which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+ if ! command -v java >/dev/null 2>&1
+ then
+ die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
+ fi
fi
# Increase the maximum file descriptors if we can.
if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
case $MAX_FD in #(
max*)
+ # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
+ # shellcheck disable=SC2039,SC3045
MAX_FD=$( ulimit -H -n ) ||
warn "Could not query maximum file descriptor limit"
esac
case $MAX_FD in #(
'' | soft) :;; #(
*)
+ # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
+ # shellcheck disable=SC2039,SC3045
ulimit -n "$MAX_FD" ||
warn "Could not set maximum file descriptor limit to $MAX_FD"
esac
@@ -193,11 +198,15 @@ if "$cygwin" || "$msys" ; then
done
fi
-# Collect all arguments for the java command;
-# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
-# shell script including quotes and variable substitutions, so put them in
-# double quotes to make sure that they get re-expanded; and
-# * put everything else in single quotes, so that it's not re-expanded.
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Collect all arguments for the java command:
+# * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+# and any embedded shellness will be escaped.
+# * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
+# treated as '${Hostname}' itself on the command line.
set -- \
"-Dorg.gradle.appname=$APP_BASE_NAME" \
@@ -205,6 +214,12 @@ set -- \
org.gradle.wrapper.GradleWrapperMain \
"$@"
+# Stop when "xargs" is not available.
+if ! command -v xargs >/dev/null 2>&1
+then
+ die "xargs is not available"
+fi
+
# Use "xargs" to parse quoted args.
#
# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
diff --git a/gradlew.bat b/gradlew.bat
index 107acd32..93e3f59f 100644
--- a/gradlew.bat
+++ b/gradlew.bat
@@ -14,7 +14,7 @@
@rem limitations under the License.
@rem
-@if "%DEBUG%" == "" @echo off
+@if "%DEBUG%"=="" @echo off
@rem ##########################################################################
@rem
@rem Gradle startup script for Windows
@@ -25,7 +25,8 @@
if "%OS%"=="Windows_NT" setlocal
set DIRNAME=%~dp0
-if "%DIRNAME%" == "" set DIRNAME=.
+if "%DIRNAME%"=="" set DIRNAME=.
+@rem This is normally unused
set APP_BASE_NAME=%~n0
set APP_HOME=%DIRNAME%
@@ -40,7 +41,7 @@ if defined JAVA_HOME goto findJavaFromJavaHome
set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1
-if "%ERRORLEVEL%" == "0" goto execute
+if %ERRORLEVEL% equ 0 goto execute
echo.
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
@@ -75,13 +76,15 @@ set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
:end
@rem End local scope for the variables with windows NT shell
-if "%ERRORLEVEL%"=="0" goto mainEnd
+if %ERRORLEVEL% equ 0 goto mainEnd
:fail
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
rem the _cmd.exe /c_ return code!
-if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
-exit /b 1
+set EXIT_CODE=%ERRORLEVEL%
+if %EXIT_CODE% equ 0 set EXIT_CODE=1
+if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
+exit /b %EXIT_CODE%
:mainEnd
if "%OS%"=="Windows_NT" endlocal
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateEntity.java
index db31adcb..84264bd6 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateEntity.java
@@ -54,6 +54,7 @@ public class HsOfficeSepaMandateEntity implements Stringifyable {
@Column(name = "validity", columnDefinition = "daterange")
@Type(PostgreSQLRangeType.class)
+ @Builder.Default
private Range<LocalDate> validity = Range.infinite(LocalDate.class);
public void setValidFrom(final LocalDate validFrom) {
From ec53934f3077b1398b5efd11d7a0ff6239a4b35c Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Wed, 3 Jan 2024 18:13:22 +0100
Subject: [PATCH 16/32] fix problem with Postgres function array return value
in Hibernate 6
---
build.gradle | 6 +-
.../config/PostgresCustomDialect.java | 2 +-
.../hsadminng/context/Context.java | 9 ++-
.../HsOfficeCoopAssetsTransactionEntity.java | 2 +-
.../HsOfficeCoopSharesTransactionEntity.java | 2 +-
.../debitor/HsOfficeDebitorRepository.java | 6 +-
.../membership/HsOfficeMembershipEntity.java | 2 +-
.../partner/HsOfficePartnerRepository.java | 4 +-
.../office/person/HsOfficePersonEntity.java | 2 +-
.../HsOfficeRelationshipEntity.java | 2 +-
.../hsadminng/mapper/PostgresArray.java | 57 +++++++++++++++++++
11 files changed, 78 insertions(+), 16 deletions(-)
create mode 100644 src/main/java/net/hostsharing/hsadminng/mapper/PostgresArray.java
diff --git a/build.gradle b/build.gradle
index a4ffb298..7f024d77 100644
--- a/build.gradle
+++ b/build.gradle
@@ -60,9 +60,10 @@ dependencies {
implementation 'org.springframework.boot:spring-boot-starter-validation'
implementation 'com.github.gavlyukovskiy:datasource-proxy-spring-boot-starter:1.9.1'
implementation 'org.springdoc:springdoc-openapi:2.3.0'
+ implementation 'org.postgresql:postgresql:42.7.1'
implementation 'org.liquibase:liquibase-core:4.25.1'
implementation 'com.vladmihalcea:hibernate-types-60:2.21.1'
- implementation 'io.hypersistence:hypersistence-utils-hibernate-64:3.7.0'
+ implementation 'io.hypersistence:hypersistence-utils-hibernate-62:3.7.0'
implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.16.1'
implementation 'org.openapitools:jackson-databind-nullable:0.2.6'
implementation 'org.apache.commons:commons-text:1.11.0'
@@ -75,7 +76,6 @@ dependencies {
developmentOnly 'org.springframework.boot:spring-boot-devtools'
- runtimeOnly 'org.postgresql:postgresql:42.7.1'
annotationProcessor 'org.projectlombok:lombok'
testAnnotationProcessor 'org.projectlombok:lombok'
@@ -214,7 +214,7 @@ project.tasks.check.dependsOn(checkLicense)
// JaCoCo Test Code Coverage
jacoco {
- toolVersion = "0.8.8"
+ toolVersion = "0.8.10"
}
test {
finalizedBy jacocoTestReport // generate report after tests
diff --git a/src/main/java/net/hostsharing/hsadminng/config/PostgresCustomDialect.java b/src/main/java/net/hostsharing/hsadminng/config/PostgresCustomDialect.java
index 9cd2ec70..3c66716d 100644
--- a/src/main/java/net/hostsharing/hsadminng/config/PostgresCustomDialect.java
+++ b/src/main/java/net/hostsharing/hsadminng/config/PostgresCustomDialect.java
@@ -8,7 +8,7 @@ import static org.hibernate.dialect.DatabaseVersion.make;
public class PostgresCustomDialect extends PostgreSQLDialect {
public PostgresCustomDialect() {
- super(make(13, 7));
+ super(make(15, 5));
}
}
diff --git a/src/main/java/net/hostsharing/hsadminng/context/Context.java b/src/main/java/net/hostsharing/hsadminng/context/Context.java
index f7f6f827..2730147d 100644
--- a/src/main/java/net/hostsharing/hsadminng/context/Context.java
+++ b/src/main/java/net/hostsharing/hsadminng/context/Context.java
@@ -15,9 +15,11 @@ import java.util.Collections;
import java.util.Optional;
import java.util.Set;
import java.util.UUID;
+import java.util.function.Function;
import java.util.stream.Collectors;
import static java.util.function.Predicate.not;
+import static net.hostsharing.hsadminng.mapper.PostgresArray.fromPostgresArray;
import static org.springframework.transaction.annotation.Propagation.MANDATORY;
@Service
@@ -81,11 +83,14 @@ public class Context {
}
public String[] getAssumedRoles() {
- return (String[]) em.createNativeQuery("select assumedRoles() as roles", String[].class).getSingleResult();
+ final byte[] result = (byte[]) em.createNativeQuery("select assumedRoles() as roles", String[].class).getSingleResult();
+ return fromPostgresArray(result, String.class, Function.identity());
}
public UUID[] currentSubjectsUuids() {
- return (UUID[]) em.createNativeQuery("select currentSubjectsUuids() as uuids", UUID[].class).getSingleResult();
+ final byte[] result = (byte[]) em.createNativeQuery("select currentSubjectsUuids() as uuids", UUID[].class)
+ .getSingleResult();
+ return fromPostgresArray(result, UUID.class, UUID::fromString);
}
public static String getCallerMethodNameFromStackFrame(final int skipFrames) {
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java
index 9955f6f1..16cc48a1 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java
@@ -47,7 +47,7 @@ public class HsOfficeCoopAssetsTransactionEntity implements Stringifyable {
@Column(name = "transactiontype")
@Enumerated(EnumType.STRING)
- @Type(PostgreSQLEnumType.class)
+ //@Type(PostgreSQLEnumType.class)
private HsOfficeCoopAssetsTransactionType transactionType;
@Column(name = "valuedate")
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java
index 1b5d1cc5..ed814e05 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java
@@ -43,7 +43,7 @@ public class HsOfficeCoopSharesTransactionEntity implements Stringifyable {
@Column(name = "transactiontype")
@Enumerated(EnumType.STRING)
- @Type(PostgreSQLEnumType.class)
+ //@Type(PostgreSQLEnumType.class)
private HsOfficeCoopSharesTransactionType transactionType;
@Column(name = "valuedate")
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepository.java b/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepository.java
index 27cb6f92..617ec09d 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepository.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepository.java
@@ -19,9 +19,9 @@ public interface HsOfficeDebitorRepository extends Repository<HsOfficeDebitorEnt
@Query("""
SELECT debitor FROM HsOfficeDebitorEntity debitor
- JOIN HsOfficePartnerEntity partner ON partner.uuid = debitor.partner
- JOIN HsOfficePersonEntity person ON person.uuid = partner.person
- JOIN HsOfficeContactEntity contact ON contact.uuid = debitor.billingContact
+ JOIN HsOfficePartnerEntity partner ON partner.uuid = debitor.partner.uuid
+ JOIN HsOfficePersonEntity person ON person.uuid = partner.person.uuid
+ JOIN HsOfficeContactEntity contact ON contact.uuid = debitor.billingContact.uuid
WHERE :name is null
OR partner.details.birthName like concat(:name, '%')
OR person.tradeName like concat(:name, '%')
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java
index 7a3e1a20..8537a431 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java
@@ -61,7 +61,7 @@ public class HsOfficeMembershipEntity implements Stringifyable {
@Column(name = "reasonfortermination")
@Enumerated(EnumType.STRING)
- @Type(PostgreSQLEnumType.class)
+ //@Type(PostgreSQLEnumType.class)
private HsOfficeReasonForTermination reasonForTermination;
public void setValidFrom(final LocalDate validFrom) {
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepository.java b/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepository.java
index 222dcaed..4641675a 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepository.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepository.java
@@ -13,8 +13,8 @@ public interface HsOfficePartnerRepository extends Repository<HsOfficePartnerEnt
@Query("""
SELECT partner FROM HsOfficePartnerEntity partner
- JOIN HsOfficeContactEntity contact ON contact.uuid = partner.contact
- JOIN HsOfficePersonEntity person ON person.uuid = partner.person
+ JOIN HsOfficeContactEntity contact ON contact.uuid = partner.contact.uuid
+ JOIN HsOfficePersonEntity person ON person.uuid = partner.person.uuid
WHERE :name is null
OR partner.details.birthName like concat(:name, '%')
OR contact.label like concat(:name, '%')
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java
index cdc695f0..eb1b0fb5 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java
@@ -37,7 +37,7 @@ public class HsOfficePersonEntity implements Stringifyable {
@Column(name = "persontype")
@Enumerated(EnumType.STRING)
- @Type(PostgreSQLEnumType.class)
+ //@Type(PostgreSQLEnumType.class)
private HsOfficePersonType personType;
@Column(name = "tradename")
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipEntity.java
index 9e7fb5d9..6b72c0f8 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipEntity.java
@@ -47,7 +47,7 @@ public class HsOfficeRelationshipEntity {
@Column(name = "reltype")
@Enumerated(EnumType.STRING)
- @Type(PostgreSQLEnumType.class)
+ //@Type(PostgreSQLEnumType.class)
private HsOfficeRelationshipType relType;
@Override
diff --git a/src/main/java/net/hostsharing/hsadminng/mapper/PostgresArray.java b/src/main/java/net/hostsharing/hsadminng/mapper/PostgresArray.java
new file mode 100644
index 00000000..a0723e8b
--- /dev/null
+++ b/src/main/java/net/hostsharing/hsadminng/mapper/PostgresArray.java
@@ -0,0 +1,57 @@
+package net.hostsharing.hsadminng.mapper;
+
+import com.vladmihalcea.hibernate.type.range.Range;
+import lombok.experimental.UtilityClass;
+import org.postgresql.util.PGtokenizer;
+
+import java.lang.reflect.Array;
+import java.nio.charset.StandardCharsets;
+import java.time.LocalDate;
+import java.util.function.Function;
+
+@UtilityClass
+public class PostgresArray {
+
+ /**
+ * Converts a byte[], as returned for a Postgres-array by native queries, to a Java array.
+ *
+ * <p>This example code worked with Hibernate 5 (Spring Boot 3.0.x):
+ * <pre><code>
+ * return (UUID[]) em.createNativeQuery("select currentSubjectsUuids() as uuids", UUID[].class).getSingleResult();
+ * </code></pre>
+ * </p>
+ *
+ * <p>With Hibernate 6 (Spring Boot 3.1.x), this utility method can be used like such:
+ * <pre><code>
+ * final byte[] result = (byte[]) em.createNativeQuery("select * from currentSubjectsUuids() as uuids", UUID[].class)
+ * .getSingleResult();
+ * return fromPostgresArray(result, UUID.class, UUID::fromString);
+ * </code></pre>
+ * </p>
+ *
+ * @param pgArray the byte[] returned by a native query containing as rendered for a Postgres array
+ * @param elementClass the class of a single element of the Java array to be returned
+ * @param itemParser converts a string element to the specified elementClass
+ * @return a Java array containing the data from pgArray
+ * @param <T> type of a single element of the Java array
+ */
+ public static <T> T[] fromPostgresArray(final byte[] pgArray, final Class<T> elementClass, final Function<String, T> itemParser) {
+ final var pgArrayLiteral = new String(pgArray, StandardCharsets.UTF_8);
+ if (pgArrayLiteral.length() == 2) {
+ return newGenericArray(elementClass, 0);
+ }
+ final PGtokenizer tokenizer = new PGtokenizer(pgArrayLiteral.substring(1, pgArrayLiteral.length()-1), ',');
+ tokenizer.remove("\"", "\"");
+ final T[] array = newGenericArray(elementClass, tokenizer.getSize()); // Create a new array of the specified type and length
+ for ( int n = 0; n < tokenizer.getSize(); ++n ) {
+ array[n] = itemParser.apply(tokenizer.getToken(n).trim().replace("\\\"", "\""));
+ }
+ return array;
+ }
+
+ @SuppressWarnings("unchecked")
+ private static <T> T[] newGenericArray(final Class<T> elementClass, final int length) {
+ return (T[]) Array.newInstance(elementClass, length);
+ }
+
+}
From 378e1ec5849aa319d5dd1d4fc6f7f9efe2dc67d9 Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Thu, 4 Jan 2024 08:43:22 +0100
Subject: [PATCH 17/32] fix Postgres typing error by casting 2nd operator of
like operator to text
---
.../hs/office/contact/HsOfficeContactRepository.java | 2 +-
.../hs/office/debitor/HsOfficeDebitorRepository.java | 10 +++++-----
.../hs/office/partner/HsOfficePartnerRepository.java | 10 +++++-----
.../hs/office/person/HsOfficePersonRepository.java | 6 +++---
.../sepamandate/HsOfficeSepaMandateRepository.java | 2 +-
.../hsadminng/rbac/rbacuser/RbacUserRepository.java | 2 +-
.../hsadminng/test/cust/TestCustomerRepository.java | 2 +-
.../hsadminng/test/pac/TestPackageRepository.java | 2 +-
8 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRepository.java b/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRepository.java
index a39acbfa..309c3a57 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRepository.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRepository.java
@@ -14,7 +14,7 @@ public interface HsOfficeContactRepository extends Repository<HsOfficeContactEnt
@Query("""
SELECT c FROM HsOfficeContactEntity c
WHERE :label is null
- OR c.label like concat(:label, '%')
+ OR c.label like concat(cast(:label as text), '%')
""")
List<HsOfficeContactEntity> findContactByOptionalLabelLike(String label);
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepository.java b/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepository.java
index 617ec09d..f0013ef9 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepository.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepository.java
@@ -23,11 +23,11 @@ public interface HsOfficeDebitorRepository extends Repository<HsOfficeDebitorEnt
JOIN HsOfficePersonEntity person ON person.uuid = partner.person.uuid
JOIN HsOfficeContactEntity contact ON contact.uuid = debitor.billingContact.uuid
WHERE :name is null
- OR partner.details.birthName like concat(:name, '%')
- OR person.tradeName like concat(:name, '%')
- OR person.familyName like concat(:name, '%')
- OR person.givenName like concat(:name, '%')
- OR contact.label like concat(:name, '%')
+ OR partner.details.birthName like concat(cast(:name as text), '%')
+ OR person.tradeName like concat(cast(:name as text), '%')
+ OR person.familyName like concat(cast(:name as text), '%')
+ OR person.givenName like concat(cast(:name as text), '%')
+ OR contact.label like concat(cast(:name as text), '%')
""")
List<HsOfficeDebitorEntity> findDebitorByOptionalNameLike(String name);
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepository.java b/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepository.java
index 4641675a..6c7a158c 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepository.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepository.java
@@ -16,11 +16,11 @@ public interface HsOfficePartnerRepository extends Repository<HsOfficePartnerEnt
JOIN HsOfficeContactEntity contact ON contact.uuid = partner.contact.uuid
JOIN HsOfficePersonEntity person ON person.uuid = partner.person.uuid
WHERE :name is null
- OR partner.details.birthName like concat(:name, '%')
- OR contact.label like concat(:name, '%')
- OR person.tradeName like concat(:name, '%')
- OR person.givenName like concat(:name, '%')
- OR person.familyName like concat(:name, '%')
+ OR partner.details.birthName like concat(cast(:name as text), '%')
+ OR contact.label like concat(cast(:name as text), '%')
+ OR person.tradeName like concat(cast(:name as text), '%')
+ OR person.givenName like concat(cast(:name as text), '%')
+ OR person.familyName like concat(cast(:name as text), '%')
""")
List<HsOfficePartnerEntity> findPartnerByOptionalNameLike(String name);
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepository.java b/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepository.java
index 538ffaf1..f7481339 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepository.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepository.java
@@ -14,9 +14,9 @@ public interface HsOfficePersonRepository extends Repository<HsOfficePersonEntit
@Query("""
SELECT p FROM HsOfficePersonEntity p
WHERE :name is null
- OR p.tradeName like concat(:name, '%')
- OR p.givenName like concat(:name, '%')
- OR p.familyName like concat(:name, '%')
+ OR p.tradeName like concat(cast(:name as text), '%')
+ OR p.givenName like concat(cast(:name as text), '%')
+ OR p.familyName like concat(cast(:name as text), '%')
""")
List<HsOfficePersonEntity> findPersonByOptionalNameLike(String name);
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepository.java b/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepository.java
index d243a716..aab53bae 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepository.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepository.java
@@ -14,7 +14,7 @@ public interface HsOfficeSepaMandateRepository extends Repository<HsOfficeSepaMa
@Query("""
SELECT mandate FROM HsOfficeSepaMandateEntity mandate
WHERE :iban is null
- OR mandate.bankAccount.iban like concat(:iban, '%')
+ OR mandate.bankAccount.iban like concat(cast(:iban as text), '%')
ORDER BY mandate.bankAccount.iban
""")
List<HsOfficeSepaMandateEntity> findSepaMandateByOptionalIban(String iban);
diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepository.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepository.java
index bfe11a19..0c1a168b 100644
--- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepository.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepository.java
@@ -11,7 +11,7 @@ public interface RbacUserRepository extends Repository<RbacUserEntity, UUID> {
@Query("""
select u from RbacUserEntity u
- where :userName is null or u.name like concat(:userName, '%')
+ where :userName is null or u.name like concat(cast(:userName as text), '%')
order by u.name
""")
List<RbacUserEntity> findByOptionalNameLike(String userName);
diff --git a/src/main/java/net/hostsharing/hsadminng/test/cust/TestCustomerRepository.java b/src/main/java/net/hostsharing/hsadminng/test/cust/TestCustomerRepository.java
index a882b304..2dc298ea 100644
--- a/src/main/java/net/hostsharing/hsadminng/test/cust/TestCustomerRepository.java
+++ b/src/main/java/net/hostsharing/hsadminng/test/cust/TestCustomerRepository.java
@@ -12,7 +12,7 @@ public interface TestCustomerRepository extends Repository<TestCustomerEntity, U
Optional<TestCustomerEntity> findByUuid(UUID id);
- @Query("SELECT c FROM TestCustomerEntity c WHERE :prefix is null or c.prefix like concat(:prefix, '%')")
+ @Query("SELECT c FROM TestCustomerEntity c WHERE :prefix is null or c.prefix like concat(cast(:prefix as text), '%')")
List<TestCustomerEntity> findCustomerByOptionalPrefixLike(String prefix);
TestCustomerEntity save(final TestCustomerEntity entity);
diff --git a/src/main/java/net/hostsharing/hsadminng/test/pac/TestPackageRepository.java b/src/main/java/net/hostsharing/hsadminng/test/pac/TestPackageRepository.java
index 610d8fdc..f8538465 100644
--- a/src/main/java/net/hostsharing/hsadminng/test/pac/TestPackageRepository.java
+++ b/src/main/java/net/hostsharing/hsadminng/test/pac/TestPackageRepository.java
@@ -8,7 +8,7 @@ import java.util.UUID;
public interface TestPackageRepository extends Repository<TestPackageEntity, UUID> {
- @Query("SELECT p FROM TestPackageEntity p WHERE :name is null or p.name like concat(:name, '%')")
+ @Query("SELECT p FROM TestPackageEntity p WHERE :name is null or p.name like concat(cast(:name as text), '%')")
List<TestPackageEntity> findAllByOptionalNameLike(final String name);
TestPackageEntity findByUuid(UUID packageUuid);
From 73f147c5572459fc649f868f71d91d4831aee8cd Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Thu, 4 Jan 2024 08:43:52 +0100
Subject: [PATCH 18/32] fix most unit tests and improve usage of assumeThat
---
...HsOfficeBankAccountControllerRestTest.java | 2 +-
...fficeContactRepositoryIntegrationTest.java | 5 -----
...OfficeDebitorControllerAcceptanceTest.java | 5 ++---
...ceMembershipRepositoryIntegrationTest.java | 3 +--
...OfficePartnerControllerAcceptanceTest.java | 5 ++---
...fficePartnerRepositoryIntegrationTest.java | 7 +------
...OfficePersonRepositoryIntegrationTest.java | 5 -----
...eRelationshipControllerAcceptanceTest.java | 1 -
...eSepaMandateRepositoryIntegrationTest.java | 3 +--
.../RbacGrantControllerAcceptanceTest.java | 5 ++---
.../RbacGrantRepositoryIntegrationTest.java | 20 ++++++++-----------
.../RbacUserRepositoryIntegrationTest.java | 8 --------
.../TestPackageControllerAcceptanceTest.java | 11 ++++++----
.../java/net/hostsharing/test/JpaAttempt.java | 3 +--
14 files changed, 26 insertions(+), 57 deletions(-)
diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerRestTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerRestTest.java
index a54ca5c6..d870ca1a 100644
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerRestTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerRestTest.java
@@ -83,7 +83,7 @@ class HsOfficeBankAccountControllerRestTest {
enum InvalidBicTestCase {
TOO_SHORT("BEVODEB", "Bic length must be 8 or 11"),
TOO_LONG("BEVODEBBX", "Bic length must be 8 or 11"),
- INVALID_CHARACTER("BEV-ODEB", "Bank code must contain only letters.");
+ INVALID_CHARACTER("BEV-ODEB", "Bank code must contain only alphanumeric.");
private final String givenBic;
private final String expectedErrorMessage;
diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRepositoryIntegrationTest.java
index a58aa824..0308c31d 100644
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRepositoryIntegrationTest.java
@@ -28,7 +28,6 @@ import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.grantD
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.roleNamesOf;
import static net.hostsharing.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assumptions.assumeThat;
@DataJpaTest
@Import( { Context.class, JpaAttempt.class })
@@ -237,10 +236,6 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
final var initialRoleNames = roleNamesOf(rawRoleRepo.findAll());
final var initialGrantNames = grantDisplaysOf(rawGrantRepo.findAll());
final var givenContact = givenSomeTemporaryContact("selfregistered-user-drew@hostsharing.org");
- assumeThat(rawRoleRepo.findAll().size()).as("unexpected number of roles created")
- .isEqualTo(initialRoleNames.size() + 3);
- assumeThat(rawGrantRepo.findAll().size()).as("unexpected number of grants created")
- .isEqualTo(initialGrantNames.size() + 7);
// when
final var result = jpaAttempt.transacted(() -> {
diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java
index 22001cb2..76d6758f 100644
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java
@@ -26,7 +26,6 @@ import java.util.UUID;
import static net.hostsharing.test.IsValidUuidMatcher.isUuidValid;
import static net.hostsharing.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assumptions.assumeThat;
import static org.hamcrest.Matchers.*;
@SpringBootTest(
@@ -481,7 +480,7 @@ class HsOfficeDebitorControllerAcceptanceTest {
void contactAdminUser_canNotDeleteRelatedDebitor() {
context.define("superuser-alex@hostsharing.net");
final var givenDebitor = givenSomeTemporaryDebitor();
- assumeThat(givenDebitor.getBillingContact().getLabel()).isEqualTo("forth contact");
+ assertThat(givenDebitor.getBillingContact().getLabel()).isEqualTo("forth contact");
RestAssured // @formatter:off
.given()
@@ -501,7 +500,7 @@ class HsOfficeDebitorControllerAcceptanceTest {
void normalUser_canNotDeleteUnrelatedDebitor() {
context.define("superuser-alex@hostsharing.net");
final var givenDebitor = givenSomeTemporaryDebitor();
- assumeThat(givenDebitor.getBillingContact().getLabel()).isEqualTo("forth contact");
+ assertThat(givenDebitor.getBillingContact().getLabel()).isEqualTo("forth contact");
RestAssured // @formatter:off
.given()
diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java
index 42f61495..c85a9b13 100644
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java
@@ -32,7 +32,6 @@ import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.grantD
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.roleNamesOf;
import static net.hostsharing.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assumptions.assumeThat;
@DataJpaTest
@Import( { Context.class, JpaAttempt.class })
@@ -327,7 +326,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTest {
// when
final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net", "hs_office_debitor#10003ThirdOHG-thirdcontact.admin");
- assumeThat(membershipRepo.findByUuid(givenMembership.getUuid())).isPresent();
+ assertThat(membershipRepo.findByUuid(givenMembership.getUuid())).isPresent();
membershipRepo.deleteByUuid(givenMembership.getUuid());
});
diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java
index 899b151d..053b03e1 100644
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java
@@ -24,7 +24,6 @@ import java.util.UUID;
import static net.hostsharing.test.IsValidUuidMatcher.isUuidValid;
import static net.hostsharing.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assumptions.assumeThat;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.startsWith;
@@ -408,7 +407,7 @@ class HsOfficePartnerControllerAcceptanceTest {
void contactAdminUser_canNotDeleteRelatedPartner() {
context.define("superuser-alex@hostsharing.net");
final var givenPartner = givenSomeTemporaryPartnerBessler();
- assumeThat(givenPartner.getContact().getLabel()).isEqualTo("forth contact");
+ assertThat(givenPartner.getContact().getLabel()).isEqualTo("forth contact");
RestAssured // @formatter:off
.given()
@@ -428,7 +427,7 @@ class HsOfficePartnerControllerAcceptanceTest {
void normalUser_canNotDeleteUnrelatedPartner() {
context.define("superuser-alex@hostsharing.net");
final var givenPartner = givenSomeTemporaryPartnerBessler();
- assumeThat(givenPartner.getContact().getLabel()).isEqualTo("forth contact");
+ assertThat(givenPartner.getContact().getLabel()).isEqualTo("forth contact");
RestAssured // @formatter:off
.given()
diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java
index 6b035f5b..e03d8cbe 100644
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java
@@ -29,7 +29,6 @@ import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.grantD
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.roleNamesOf;
import static net.hostsharing.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assumptions.assumeThat;
@DataJpaTest
@Import( { Context.class, JpaAttempt.class })
@@ -330,7 +329,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
// when
final var result = jpaAttempt.transacted(() -> {
context("person-ErbenBesslerMelBessler@example.com");
- assumeThat(partnerRepo.findByUuid(givenPartner.getUuid())).isPresent();
+ assertThat(partnerRepo.findByUuid(givenPartner.getUuid())).isPresent();
partnerRepo.deleteByUuid(givenPartner.getUuid());
});
@@ -352,10 +351,6 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
final var initialRoleNames = Array.from(roleNamesOf(rawRoleRepo.findAll()));
final var initialGrantNames = Array.from(grantDisplaysOf(rawGrantRepo.findAll()));
final var givenPartner = givenSomeTemporaryPartnerBessler("twelfth");
- assumeThat(rawRoleRepo.findAll().size()).as("unexpected number of roles created")
- .isEqualTo(initialRoleNames.length + 3);
- assumeThat(rawGrantRepo.findAll().size()).as("unexpected number of grants created")
- .isEqualTo(initialGrantNames.length + 10);
// when
final var result = jpaAttempt.transacted(() -> {
diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java
index 6c75434e..2405b237 100644
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java
@@ -27,7 +27,6 @@ import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.grantD
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.roleNamesOf;
import static net.hostsharing.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assumptions.assumeThat;
@DataJpaTest
@Import( { Context.class, JpaAttempt.class })
@@ -244,10 +243,6 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
final var initialRoleNames = roleNamesOf(rawRoleRepo.findAll());
final var initialGrantNames = grantDisplaysOf(rawGrantRepo.findAll());
final var givenPerson = givenSomeTemporaryPerson("selfregistered-user-drew@hostsharing.org");
- assumeThat(rawRoleRepo.findAll().size()).as("unexpected number of roles created")
- .isEqualTo(initialRoleNames.size() + 3);
- assumeThat(rawGrantRepo.findAll().size()).as("unexpected number of grants created")
- .isEqualTo(initialGrantNames.size() + 7);
// when
final var result = jpaAttempt.transacted(() -> {
diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipControllerAcceptanceTest.java
index 6288bb4c..f090295b 100644
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipControllerAcceptanceTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipControllerAcceptanceTest.java
@@ -25,7 +25,6 @@ import java.util.UUID;
import static net.hostsharing.test.IsValidUuidMatcher.isUuidValid;
import static net.hostsharing.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assumptions.assumeThat;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.startsWith;
diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java
index cbc8bfbc..8e5f5c79 100644
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java
@@ -31,7 +31,6 @@ import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.grantD
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.roleNamesOf;
import static net.hostsharing.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assumptions.assumeThat;
@DataJpaTest
@Import({ Context.class, JpaAttempt.class })
@@ -346,7 +345,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTest {
// when
final var result = jpaAttempt.transacted(() -> {
context("bankaccount-admin@ThirdOHG.example.com");
- assumeThat(sepaMandateRepo.findByUuid(givenSepaMandate.getUuid())).isPresent();
+ assertThat(sepaMandateRepo.findByUuid(givenSepaMandate.getUuid())).isPresent();
sepaMandateRepo.deleteByUuid(givenSepaMandate.getUuid());
});
diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java
index 0402dbfe..6f0abc93 100644
--- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java
@@ -26,7 +26,6 @@ import java.util.List;
import java.util.UUID;
import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assumptions.assumeThat;
import static org.hamcrest.CoreMatchers.containsString;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.Matchers.*;
@@ -343,7 +342,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
}
private void assumeCreated(final ValidatableResponse response) {
- assumeThat(response.extract().response().statusCode()).isEqualTo(201);
+ assertThat(response.extract().response().statusCode()).isEqualTo(201);
}
class Subject {
@@ -479,7 +478,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
}
private void assumeGrantExists(final Subject grantingSubject, final String expectedGrant) {
- assumeThat(findAllGrantsOf(grantingSubject))
+ assertThat(findAllGrantsOf(grantingSubject))
.extracting(RbacGrantEntity::toDisplay)
.contains(expectedGrant);
}
diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java
index 3ff9eda0..8c439a31 100644
--- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java
@@ -25,7 +25,6 @@ import java.util.UUID;
import static net.hostsharing.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assumptions.assumeThat;
@DataJpaTest
@Import( { Context.class, JpaAttempt.class })
@@ -186,9 +185,8 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
// when
context("customer-admin@xxx.example.com", "test_customer#xxx.admin");
- final var revokeAttempt = attempt(em, () -> {
- rbacGrantRepository.deleteByRbacGrantId(grant.getRbacGrantId());
- });
+ final var revokeAttempt = attempt(em, () ->
+ rbacGrantRepository.deleteByRbacGrantId(grant.getRbacGrantId()));
// then
context("customer-admin@xxx.example.com", "test_customer#xxx.admin");
@@ -208,9 +206,8 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
// when
context("pac-admin-xxx00@xxx.example.com", "test_package#xxx00.admin");
- final var revokeAttempt = attempt(em, () -> {
- rbacGrantRepository.deleteByRbacGrantId(grant.getRbacGrantId());
- });
+ final var revokeAttempt = attempt(em, () ->
+ rbacGrantRepository.deleteByRbacGrantId(grant.getRbacGrantId()));
// then
assertThat(revokeAttempt.caughtExceptionsRootCause()).isNull();
@@ -230,9 +227,8 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
// when
context("pac-admin-xxx00@xxx.example.com", "test_package#xxx00.admin");
- final var revokeAttempt = attempt(em, () -> {
- rbacGrantRepository.deleteByRbacGrantId(grant.getRbacGrantId());
- });
+ final var revokeAttempt = attempt(em, () ->
+ rbacGrantRepository.deleteByRbacGrantId(grant.getRbacGrantId()));
// then
revokeAttempt.assertExceptionWithRootCauseMessage(
@@ -255,8 +251,8 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
rbacGrantRepository.save(grant)
);
- assumeThat(grantAttempt.caughtException()).isNull();
- assumeThat(rawRbacGrantRepository.findAll())
+ assertThat(grantAttempt.caughtException()).isNull();
+ assertThat(rawRbacGrantRepository.findAll())
.extracting(RawRbacGrantEntity::toDisplay)
.contains("{ grant role %s to user %s by role %s and assume }".formatted(
with.grantedRole, with.granteeUserName, with.assumedRole
diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java
index bd2257ef..ea0a3109 100644
--- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java
@@ -61,11 +61,6 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
assertThat(result.returnedValue()).isNotNull()
.extracting(RbacUserEntity::getUuid).isEqualTo(givenUuid);
assertThat(rbacUserRepository.findByName(result.returnedValue().getName())).isNotNull();
- // jpaAttempt.transacted(() -> {
- // context(givenUser.getName());
- // assertThat(em.find(RbacUserEntity.class, givenUser.getUuid()))
- // .isNotNull().extracting(RbacUserEntity::getName).isEqualTo(givenUser.getName());
- // }).assertSuccessful();
}
}
@@ -87,9 +82,6 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
// then the user is deleted
result.assertSuccessful();
assertThat(rbacUserRepository.findByName(givenUser.getName())).isNull();
- // jpaAttempt.transacted(() -> {
- // assertThat(rbacUserRepository.findByName(givenUser.getName())).isNull();
- // }).assertSuccessful();
}
}
diff --git a/src/test/java/net/hostsharing/hsadminng/test/pac/TestPackageControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/test/pac/TestPackageControllerAcceptanceTest.java
index e8cfc5bb..fd51ebf8 100644
--- a/src/test/java/net/hostsharing/hsadminng/test/pac/TestPackageControllerAcceptanceTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/test/pac/TestPackageControllerAcceptanceTest.java
@@ -16,7 +16,7 @@ import org.springframework.transaction.annotation.Transactional;
import java.util.UUID;
import static java.lang.String.format;
-import static org.assertj.core.api.Assumptions.assumeThat;
+import static org.assertj.core.api.Assertions.assertThat;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
@@ -85,7 +85,8 @@ class TestPackageControllerAcceptanceTest {
@Test
void withDescriptionUpdatesDescription() {
- assumeThat(getDescriptionOfPackage("xxx00"))
+ assertThat(getDescriptionOfPackage("xxx00"))
+ .as("precondition failed")
.isEqualTo("Here you can add your own description of package xxx00.");
final var randomDescription = RandomStringUtils.randomAlphanumeric(80);
@@ -117,7 +118,8 @@ class TestPackageControllerAcceptanceTest {
@Test
void withNullDescriptionUpdatesDescriptionToNull() {
- assumeThat(getDescriptionOfPackage("xxx01"))
+ assertThat(getDescriptionOfPackage("xxx01"))
+ .as("precondition failed")
.isEqualTo("Here you can add your own description of package xxx01.");
// @formatter:off
@@ -146,7 +148,8 @@ class TestPackageControllerAcceptanceTest {
@Test
void withoutDescriptionDoesNothing() {
- assumeThat(getDescriptionOfPackage("xxx02"))
+ assertThat(getDescriptionOfPackage("xxx02"))
+ .as("precondition failed")
.isEqualTo("Here you can add your own description of package xxx02.");
// @formatter:off
diff --git a/src/test/java/net/hostsharing/test/JpaAttempt.java b/src/test/java/net/hostsharing/test/JpaAttempt.java
index a7244e37..589049bb 100644
--- a/src/test/java/net/hostsharing/test/JpaAttempt.java
+++ b/src/test/java/net/hostsharing/test/JpaAttempt.java
@@ -12,7 +12,6 @@ import java.util.Optional;
import java.util.function.Supplier;
import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assumptions.assumeThat;
/**
* Wraps the 'when' part of a DataJpaTest to improve readability of tests.
@@ -138,7 +137,7 @@ public class JpaAttempt {
}
public JpaResult<T> assumeSuccessful() {
- assumeThat(exception).as(firstRootCauseMessageLineOf(exception)).isNull();
+ assertThat(exception).as(firstRootCauseMessageLineOf(exception)).isNull();
return this;
}
From 4c44f42b793eaecb34de8c29e43c9a70512c5c04 Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Thu, 4 Jan 2024 09:10:20 +0100
Subject: [PATCH 19/32] fix vulnerability CVE-2022-1471 by forcing snakeyaml
2.2
---
build.gradle | 13 +++++++++++--
etc/owasp-dependency-check-suppression.xml | 9 +++++++++
settings.gradle | 17 +++++++++++++++++
3 files changed, 37 insertions(+), 2 deletions(-)
diff --git a/build.gradle b/build.gradle
index 7f024d77..47dae2ac 100644
--- a/build.gradle
+++ b/build.gradle
@@ -50,8 +50,6 @@ ext {
set('testcontainersVersion', "1.17.3")
}
-// wrapper
-
dependencies {
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
implementation 'org.springframework.boot:spring-boot-starter-data-rest'
@@ -71,6 +69,17 @@ dependencies {
implementation 'org.iban4j:iban4j:3.2.7-RELEASE'
implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.3.0'
+ // fixes vulnerability CVE-2022-1471
+ // The dependency usually comes from Spring Boot, just in the wrong version.
+ // TODO: Remove this explicit dependency once we are on SpringBoot 3.2.x
+ // as well as the related exclude in settings.gradle
+ // and the dependency suppression in owasp-dependency-check-suppression.xml.
+ implementation('org.yaml:snakeyaml') {
+ version {
+ strictly('2.2')
+ }
+ }
+
compileOnly 'org.projectlombok:lombok'
testCompileOnly 'org.projectlombok:lombok'
diff --git a/etc/owasp-dependency-check-suppression.xml b/etc/owasp-dependency-check-suppression.xml
index f04711a8..cdb329d5 100644
--- a/etc/owasp-dependency-check-suppression.xml
+++ b/etc/owasp-dependency-check-suppression.xml
@@ -49,4 +49,13 @@
<packageUrl regex="true">^pkg:maven/org\.pitest/pitest\-command\-line@.*$</packageUrl>
<cpe>cpe:/a:line:line</cpe>
</suppress>
+ <suppress>
+ <notes><![CDATA[
+ We've explicitly bumped to 2.2, but the dependency checker does not seem to notice that.
+ TODO: Remove this suppression once we are on SpringBoot 3.2,
+ as well as the explicit version bump and the transient dependency exclude.
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
+ <cve>CVE-2022-1471</cve>
+ </suppress>
</suppressions>
diff --git a/settings.gradle b/settings.gradle
index 8c454c71..d437063a 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -7,4 +7,21 @@ pluginManagement {
}
}
+dependencyResolutionManagement {
+ components {
+ all {
+ allVariants {
+ withDependencies {
+ removeAll {
+ // TODO: Remove this transient dependency exclude once we are on SpringBoot 3.2.x
+ // as well as the related explicit dependency in build.gradle
+ // and the dependency suppression in owasp-dependency-check-suppression.xml.
+ it.module in [ 'snakeyaml' ]
+ }
+ }
+ }
+ }
+ }
+}
+
rootProject.name = 'hsadmin-ng'
From d2f9f0ae8f1701b12fe527b0962fc585c5ddeab4 Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Thu, 4 Jan 2024 09:49:40 +0100
Subject: [PATCH 20/32] fix invalid assertion
---
.../rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java
index 8c439a31..3b09e861 100644
--- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java
@@ -254,7 +254,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
assertThat(grantAttempt.caughtException()).isNull();
assertThat(rawRbacGrantRepository.findAll())
.extracting(RawRbacGrantEntity::toDisplay)
- .contains("{ grant role %s to user %s by role %s and assume }".formatted(
+ .contains("{ grant role %s to user %s by %s and assume }".formatted(
with.grantedRole, with.granteeUserName, with.assumedRole
));
From f8de575b77d96ec1c3f7d604166f805c09d87278 Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Thu, 4 Jan 2024 09:49:45 +0100
Subject: [PATCH 21/32] cleanup
---
.../office/coopassets/HsOfficeCoopAssetsTransactionEntity.java | 1 -
.../office/coopshares/HsOfficeCoopSharesTransactionEntity.java | 1 -
.../hs/office/membership/HsOfficeMembershipEntity.java | 1 -
.../hsadminng/hs/office/person/HsOfficePersonEntity.java | 1 -
.../hs/office/relationship/HsOfficeRelationshipEntity.java | 1 -
.../java/net/hostsharing/hsadminng/mapper/PostgresArray.java | 2 --
6 files changed, 7 deletions(-)
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java
index 16cc48a1..9f8bc335 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java
@@ -47,7 +47,6 @@ public class HsOfficeCoopAssetsTransactionEntity implements Stringifyable {
@Column(name = "transactiontype")
@Enumerated(EnumType.STRING)
- //@Type(PostgreSQLEnumType.class)
private HsOfficeCoopAssetsTransactionType transactionType;
@Column(name = "valuedate")
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java
index ed814e05..db664ada 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java
@@ -43,7 +43,6 @@ public class HsOfficeCoopSharesTransactionEntity implements Stringifyable {
@Column(name = "transactiontype")
@Enumerated(EnumType.STRING)
- //@Type(PostgreSQLEnumType.class)
private HsOfficeCoopSharesTransactionType transactionType;
@Column(name = "valuedate")
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java
index 8537a431..fe88d066 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java
@@ -61,7 +61,6 @@ public class HsOfficeMembershipEntity implements Stringifyable {
@Column(name = "reasonfortermination")
@Enumerated(EnumType.STRING)
- //@Type(PostgreSQLEnumType.class)
private HsOfficeReasonForTermination reasonForTermination;
public void setValidFrom(final LocalDate validFrom) {
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java
index eb1b0fb5..665f3e5c 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java
@@ -37,7 +37,6 @@ public class HsOfficePersonEntity implements Stringifyable {
@Column(name = "persontype")
@Enumerated(EnumType.STRING)
- //@Type(PostgreSQLEnumType.class)
private HsOfficePersonType personType;
@Column(name = "tradename")
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipEntity.java
index 6b72c0f8..3b32fb72 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipEntity.java
@@ -47,7 +47,6 @@ public class HsOfficeRelationshipEntity {
@Column(name = "reltype")
@Enumerated(EnumType.STRING)
- //@Type(PostgreSQLEnumType.class)
private HsOfficeRelationshipType relType;
@Override
diff --git a/src/main/java/net/hostsharing/hsadminng/mapper/PostgresArray.java b/src/main/java/net/hostsharing/hsadminng/mapper/PostgresArray.java
index a0723e8b..b5031402 100644
--- a/src/main/java/net/hostsharing/hsadminng/mapper/PostgresArray.java
+++ b/src/main/java/net/hostsharing/hsadminng/mapper/PostgresArray.java
@@ -1,12 +1,10 @@
package net.hostsharing.hsadminng.mapper;
-import com.vladmihalcea.hibernate.type.range.Range;
import lombok.experimental.UtilityClass;
import org.postgresql.util.PGtokenizer;
import java.lang.reflect.Array;
import java.nio.charset.StandardCharsets;
-import java.time.LocalDate;
import java.util.function.Function;
@UtilityClass
From ea130581a354cf4e6b6a90036b6a01af43c8d98d Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Thu, 4 Jan 2024 12:38:40 +0100
Subject: [PATCH 22/32] unit test and improve PostgresArray
---
.../hsadminng/mapper/PostgresArray.java | 5 +-
.../mapper/PostgresArrayIntegrationTest.java | 88 +++++++++++++++++++
2 files changed, 92 insertions(+), 1 deletion(-)
create mode 100644 src/test/java/net/hostsharing/hsadminng/mapper/PostgresArrayIntegrationTest.java
diff --git a/src/main/java/net/hostsharing/hsadminng/mapper/PostgresArray.java b/src/main/java/net/hostsharing/hsadminng/mapper/PostgresArray.java
index b5031402..e1e1d056 100644
--- a/src/main/java/net/hostsharing/hsadminng/mapper/PostgresArray.java
+++ b/src/main/java/net/hostsharing/hsadminng/mapper/PostgresArray.java
@@ -42,7 +42,10 @@ public class PostgresArray {
tokenizer.remove("\"", "\"");
final T[] array = newGenericArray(elementClass, tokenizer.getSize()); // Create a new array of the specified type and length
for ( int n = 0; n < tokenizer.getSize(); ++n ) {
- array[n] = itemParser.apply(tokenizer.getToken(n).trim().replace("\\\"", "\""));
+ final String token = tokenizer.getToken(n);
+ if ( !"NULL".equals(token) ) {
+ array[n] = itemParser.apply(token.trim().replace("\\\"", "\""));
+ }
}
return array;
}
diff --git a/src/test/java/net/hostsharing/hsadminng/mapper/PostgresArrayIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/mapper/PostgresArrayIntegrationTest.java
new file mode 100644
index 00000000..c76141b1
--- /dev/null
+++ b/src/test/java/net/hostsharing/hsadminng/mapper/PostgresArrayIntegrationTest.java
@@ -0,0 +1,88 @@
+package net.hostsharing.hsadminng.mapper;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
+
+import jakarta.persistence.EntityManager;
+
+import java.util.UUID;
+import java.util.function.Function;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+@DataJpaTest
+class PostgresArrayIntegrationTest {
+
+ @Autowired
+ EntityManager em;
+
+ @Test
+ void shouldCreateEmptyArray() {
+ em.createNativeQuery("""
+ create or replace function returnEmptyArray()
+ returns text[]
+ stable leakproof
+ language plpgsql as $$
+ declare
+ emptyArray text[] = '{}';
+ begin
+ return emptyArray;
+ end; $$;
+ """).executeUpdate();
+ final byte[] pgArray = (byte[]) em.createNativeQuery("SELECT returnEmptyArray()", String[].class).getSingleResult();
+
+ final String[] result = PostgresArray.fromPostgresArray(pgArray, String.class, Function.identity());
+
+ assertThat(result).isEmpty();
+ }
+
+ @Test
+ void shouldCreateStringArray() {
+ em.createNativeQuery("""
+ create or replace function returnStringArray()
+ returns varchar(63)[]
+ stable leakproof
+ language plpgsql as $$
+ declare
+ text1 text = 'one';
+ text2 text = 'two, three';
+ text3 text = 'four; five';
+ text4 text = 'say "Hello" to me';
+ begin
+ return array[text1, text2, text3, null, text4];
+ end; $$;
+ """).executeUpdate();
+ final byte[] pgArray = (byte[]) em.createNativeQuery("SELECT returnStringArray()", String[].class).getSingleResult();
+
+ final String[] result = PostgresArray.fromPostgresArray(pgArray, String.class, Function.identity());
+
+ assertThat(result).containsExactly("one", "two, three", "four; five", null, "say \"Hello\" to me");
+ }
+
+ @Test
+ void shouldCreateUUidArray() {
+ em.createNativeQuery("""
+ create or replace function returnUuidArray()
+ returns uuid[]
+ stable leakproof
+ language plpgsql as $$
+ declare
+ uuid1 UUID = 'f47ac10b-58cc-4372-a567-0e02b2c3d479';
+ uuid2 UUID = '6ba7b810-9dad-11d1-80b4-00c04fd430c8';
+ uuid3 UUID = '01234567-89ab-cdef-0123-456789abcdef';
+ begin
+ return ARRAY[uuid1, uuid2, null, uuid3];
+ end; $$;
+ """).executeUpdate();
+ final byte[] pgArray = (byte[]) em.createNativeQuery("SELECT returnUuidArray()", UUID[].class).getSingleResult();
+
+ final UUID[] result = PostgresArray.fromPostgresArray(pgArray, UUID.class, UUID::fromString);
+
+ assertThat(result).containsExactly(
+ UUID.fromString("f47ac10b-58cc-4372-a567-0e02b2c3d479"),
+ UUID.fromString("6ba7b810-9dad-11d1-80b4-00c04fd430c8"),
+ null,
+ UUID.fromString("01234567-89ab-cdef-0123-456789abcdef"));
+ }
+}
From 7f98bbde64b1f63f141c7fd02aa697ec4dfd2c55 Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Thu, 4 Jan 2024 12:39:39 +0100
Subject: [PATCH 23/32] fix pitest, spotless and cleanup
---
build.gradle | 12 +++++++++---
.../HsOfficeCoopAssetsTransactionEntity.java | 2 --
.../HsOfficeCoopAssetsTransactionRepository.java | 1 -
.../HsOfficeCoopSharesTransactionEntity.java | 2 --
.../office/membership/HsOfficeMembershipEntity.java | 1 -
.../hs/office/person/HsOfficePersonEntity.java | 2 --
.../relationship/HsOfficeRelationshipEntity.java | 2 --
.../hsadminng/test/cust/TestCustomerController.java | 1 -
.../office/bankaccount/TestHsOfficeBankAccount.java | 1 -
.../hs/office/contact/TestHsOfficeContact.java | 1 -
.../hs/office/debitor/TestHsOfficeDebitor.java | 1 -
.../hs/office/membership/TestHsMembership.java | 1 -
.../hs/office/partner/TestHsOfficePartner.java | 1 -
.../hs/office/person/TestHsOfficePerson.java | 1 -
.../HsOfficeSepaMandateEntityUnitTest.java | 1 -
.../hsadminng/test/cust/TestCustomer.java | 1 -
16 files changed, 9 insertions(+), 22 deletions(-)
diff --git a/build.gradle b/build.gradle
index 47dae2ac..968b80d1 100644
--- a/build.gradle
+++ b/build.gradle
@@ -182,7 +182,7 @@ openApiGenerate.dependsOn processSpring
// Spotless Code Formatting
spotless {
java {
- // removeUnusedImports() TODO: reactivate once it can deal with multi-line-strings
+ removeUnusedImports()
indentWithSpaces(4)
endWithNewline()
toggleOffOn()
@@ -193,8 +193,14 @@ spotless {
}
}
}
-project.tasks.spotlessJava.dependsOn(tasks.generateLicenseReport, tasks.processResources, tasks.processTestResources)
project.tasks.check.dependsOn(spotlessCheck)
+// HACK: no idea why spotless uses the output of these tasks, but we get warnings without those
+project.tasks.spotlessJava.dependsOn(
+ tasks.generateLicenseReport,
+ tasks.pitest,
+ tasks.jacocoTestReport,
+ tasks.processResources,
+ tasks.processTestResources)
// OWASP Dependency Security Test
dependencyCheck {
@@ -302,7 +308,7 @@ pitest {
targetTests = ['net.hostsharing.hsadminng.**.*UnitTest', 'net.hostsharing.hsadminng.**.*RestTest']
excludedTestClasses = ['**AcceptanceTest*', '**IntegrationTest*']
- pitestVersion = '1.9.9'
+ pitestVersion = '1.15.3'
junit5PluginVersion = '1.1.0'
threads = 4
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java
index 9f8bc335..e699fb5c 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java
@@ -1,13 +1,11 @@
package net.hostsharing.hsadminng.hs.office.coopassets;
-import com.vladmihalcea.hibernate.type.basic.PostgreSQLEnumType;
import lombok.*;
import net.hostsharing.hsadminng.errors.DisplayName;
import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipEntity;
import net.hostsharing.hsadminng.stringify.Stringify;
import net.hostsharing.hsadminng.stringify.Stringifyable;
import org.hibernate.annotations.GenericGenerator;
-import org.hibernate.annotations.Type;
import jakarta.persistence.*;
import java.math.BigDecimal;
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepository.java b/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepository.java
index 1a14abde..256933b9 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepository.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepository.java
@@ -1,6 +1,5 @@
package net.hostsharing.hsadminng.hs.office.coopassets;
-import net.hostsharing.hsadminng.hs.office.coopshares.HsOfficeCoopSharesTransactionEntity;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.Repository;
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java
index db664ada..b5d4979b 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java
@@ -1,12 +1,10 @@
package net.hostsharing.hsadminng.hs.office.coopshares;
-import com.vladmihalcea.hibernate.type.basic.PostgreSQLEnumType;
import lombok.*;
import net.hostsharing.hsadminng.errors.DisplayName;
import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipEntity;
import net.hostsharing.hsadminng.stringify.Stringify;
import net.hostsharing.hsadminng.stringify.Stringifyable;
-import org.hibernate.annotations.Type;
import jakarta.persistence.*;
import java.time.LocalDate;
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java
index fe88d066..671ae7f7 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java
@@ -1,6 +1,5 @@
package net.hostsharing.hsadminng.hs.office.membership;
-import com.vladmihalcea.hibernate.type.basic.PostgreSQLEnumType;
import com.vladmihalcea.hibernate.type.range.PostgreSQLRangeType;
import com.vladmihalcea.hibernate.type.range.Range;
import lombok.*;
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java
index 665f3e5c..a76d4130 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java
@@ -1,13 +1,11 @@
package net.hostsharing.hsadminng.hs.office.person;
-import com.vladmihalcea.hibernate.type.basic.PostgreSQLEnumType;
import lombok.*;
import lombok.experimental.FieldNameConstants;
import net.hostsharing.hsadminng.errors.DisplayName;
import net.hostsharing.hsadminng.stringify.Stringify;
import net.hostsharing.hsadminng.stringify.Stringifyable;
import org.apache.commons.lang3.StringUtils;
-import org.hibernate.annotations.Type;
import jakarta.persistence.*;
import java.util.UUID;
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipEntity.java
index 3b32fb72..383c6853 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipEntity.java
@@ -1,12 +1,10 @@
package net.hostsharing.hsadminng.hs.office.relationship;
-import com.vladmihalcea.hibernate.type.basic.PostgreSQLEnumType;
import lombok.*;
import lombok.experimental.FieldNameConstants;
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactEntity;
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonEntity;
import net.hostsharing.hsadminng.stringify.Stringify;
-import org.hibernate.annotations.Type;
import jakarta.persistence.*;
import java.util.UUID;
diff --git a/src/main/java/net/hostsharing/hsadminng/test/cust/TestCustomerController.java b/src/main/java/net/hostsharing/hsadminng/test/cust/TestCustomerController.java
index 530a7006..1bd000ba 100644
--- a/src/main/java/net/hostsharing/hsadminng/test/cust/TestCustomerController.java
+++ b/src/main/java/net/hostsharing/hsadminng/test/cust/TestCustomerController.java
@@ -11,7 +11,6 @@ import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.mvc.method.annotation.MvcUriComponentsBuilder;
import java.util.List;
-import java.util.UUID;
@RestController
public class TestCustomerController implements TestCustomersApi {
diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/TestHsOfficeBankAccount.java b/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/TestHsOfficeBankAccount.java
index 7bb7de7e..7b7505f4 100644
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/TestHsOfficeBankAccount.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/TestHsOfficeBankAccount.java
@@ -1,6 +1,5 @@
package net.hostsharing.hsadminng.hs.office.bankaccount;
-import java.util.UUID;
public class TestHsOfficeBankAccount {
diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/contact/TestHsOfficeContact.java b/src/test/java/net/hostsharing/hsadminng/hs/office/contact/TestHsOfficeContact.java
index 58284258..b42ef8e5 100644
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/contact/TestHsOfficeContact.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/contact/TestHsOfficeContact.java
@@ -1,6 +1,5 @@
package net.hostsharing.hsadminng.hs.office.contact;
-import java.util.UUID;
public class TestHsOfficeContact {
diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/TestHsOfficeDebitor.java b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/TestHsOfficeDebitor.java
index 9d2c6b7f..d9d482ba 100644
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/TestHsOfficeDebitor.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/TestHsOfficeDebitor.java
@@ -2,7 +2,6 @@ package net.hostsharing.hsadminng.hs.office.debitor;
import lombok.experimental.UtilityClass;
-import java.util.UUID;
import static net.hostsharing.hsadminng.hs.office.contact.TestHsOfficeContact.TEST_CONTACT;
import static net.hostsharing.hsadminng.hs.office.partner.TestHsOfficePartner.TEST_PARTNER;
diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/TestHsMembership.java b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/TestHsMembership.java
index 1b40a4ce..d9245fc8 100644
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/TestHsMembership.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/TestHsMembership.java
@@ -3,7 +3,6 @@ package net.hostsharing.hsadminng.hs.office.membership;
import com.vladmihalcea.hibernate.type.range.Range;
import java.time.LocalDate;
-import java.util.UUID;
import static net.hostsharing.hsadminng.hs.office.partner.TestHsOfficePartner.TEST_PARTNER;
diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/TestHsOfficePartner.java b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/TestHsOfficePartner.java
index 21756b6d..19235167 100644
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/TestHsOfficePartner.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/TestHsOfficePartner.java
@@ -3,7 +3,6 @@ package net.hostsharing.hsadminng.hs.office.partner;
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactEntity;
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonEntity;
-import java.util.UUID;
import static net.hostsharing.hsadminng.hs.office.person.HsOfficePersonType.LEGAL;
diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/person/TestHsOfficePerson.java b/src/test/java/net/hostsharing/hsadminng/hs/office/person/TestHsOfficePerson.java
index f4d10fda..d394ee56 100644
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/person/TestHsOfficePerson.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/person/TestHsOfficePerson.java
@@ -1,6 +1,5 @@
package net.hostsharing.hsadminng.hs.office.person;
-import java.util.UUID;
public class TestHsOfficePerson {
diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateEntityUnitTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateEntityUnitTest.java
index 7ba77e0e..5d8fa5b5 100644
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateEntityUnitTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateEntityUnitTest.java
@@ -1,6 +1,5 @@
package net.hostsharing.hsadminng.hs.office.sepamandate;
-import com.vladmihalcea.hibernate.type.range.Range;
import net.hostsharing.hsadminng.hs.office.bankaccount.HsOfficeBankAccountEntity;
import org.junit.jupiter.api.Test;
diff --git a/src/test/java/net/hostsharing/hsadminng/test/cust/TestCustomer.java b/src/test/java/net/hostsharing/hsadminng/test/cust/TestCustomer.java
index 7d5b0b43..bb00975f 100644
--- a/src/test/java/net/hostsharing/hsadminng/test/cust/TestCustomer.java
+++ b/src/test/java/net/hostsharing/hsadminng/test/cust/TestCustomer.java
@@ -1,6 +1,5 @@
package net.hostsharing.hsadminng.test.cust;
-import static java.util.UUID.randomUUID;
public class TestCustomer {
From e9dde69c40f02c670e2cdce3ed0b2210caf072b5 Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Thu, 4 Jan 2024 13:24:04 +0100
Subject: [PATCH 24/32] improve Markdown/PlantUML/Mermaid documentation
---
README.md | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/README.md b/README.md
index c5518e6c..f9442292 100644
--- a/README.md
+++ b/README.md
@@ -233,12 +233,19 @@ sudo apt install graphviz
##### Ubuntu Linux command line
-```sh
-sudo apt-get install pandoc texlive-latex-base texlive-fonts-recommended texlive-extra-utils texlive-latex-extra pandoc-plantuml-filter
+1. Install Pandoc with some extra libraries:
+```shell
+sudo apt-get install pandoc texlive-latex-base texlive-fonts-recommended texlive-extra-utils texlive-latex-extra pandoc-plantuml-filter
```
-```sh
-pandoc --filter pandoc-plantuml rbac.md -o rbac.pdf
+2. Install mermaid-filter, e.g. this way:
+```shell
+npm install -g mermaid-filter
+```
+
+3. Run Pandoc to generate a PDF from a Markdown file with PlantUML and Mermaid diagrams:
+```shell
+pandoc --filter mermaid-filter --filter pandoc-plantuml rbac.md -o rbac.pdf
```
##### for other IDEs / operating systems
@@ -247,7 +254,7 @@ If you have figured out how it works, please add instructions above this section
#### Render Markdown Embedded Mermaid Diagrams
-The source of RBAC role diagrams are much easier to read with Mermaid than with PlantUML or GraphViz, that's the main reason Mermaid ist used too.
+The source of RBAC role diagrams are much easier to read with Mermaid than with PlantUML or GraphViz, that's also the main reason Mermaid is used.
Can you see the following diagram right in your IDE?
I mean a real graphic diagram, not just some markup code.
@@ -271,8 +278,11 @@ If not, you need to install some tooling.
##### for IntelliJ IDEA (or derived products)
-You just need the bundled Markdown plugin enabled and install and activate the Mermaid plugin in its [settings](jetbrains://idea/settings?name=Languages+%26+Frameworks--Markdown).
+1. Activate the bundled Jebrains Markdown PlantUML Extension via
+ [File | Settings | Languages & Frameworks | Markdown](jetbrains://idea/settings?name=Languages+%26+Frameworks--Markdown)
+2. Install the Jetbrains Mermaid plugin: https://plugins.jetbrains.com/plugin/20146-mermaid, it also works embedded in Markdown files.
+Now the above diagram should be rendered.
##### for other IDEs / command-line / operating systems
From d97827c01ec98a98cadffa8bea75a1a9c48fd70b Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Thu, 4 Jan 2024 14:06:11 +0100
Subject: [PATCH 25/32] add IDEA Plugin Suggestions and re-generated index
---
README.md | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index f9442292..54667c20 100644
--- a/README.md
+++ b/README.md
@@ -20,6 +20,7 @@ For architecture consider the files in the `doc` and `adr` folder.
- [Directory and Package Structure](#directory-and-package-structure)
- [General Directory Structure](#general-directory-structure)
- [Source Code Package Structure](#source-code-package-structure)
+ - [Run Tests from Command Line](#run-tests-from-command-line)
- [Spotless Code Formatting](#spotless-code-formatting)
- [JaCoCo Test Code Coverage Check](#jacoco-test-code-coverage-check)
- [PiTest Mutation Testing](#pitest-mutation-testing)
@@ -39,6 +40,7 @@ For architecture consider the files in the `doc` and `adr` folder.
- [How to Use a Persistent Database for Integration Tests?](#how-to-use-a-persistent-database-for-integration-tests?)
- [How to Amend Liquibase SQL Changesets?](#how-to-amend-liquibase-sql-changesets?)
- [How to Re-Generate Spring-Controller-Interfaces from OpenAPI specs?](#how-to-re-generate-spring-controller-interfaces-from-openapi-specs?)
+ - [How to Generate Database Table Diagrams?](#how-to-generate-database-table-diagrams?)
- [Further Documentation](#further-documentation)
<!-- generated TOC end. -->
@@ -199,7 +201,7 @@ To generate the TOC (Table of Contents), a little bash script from a
Given this is in PATH as `md-toc`, use:
```shell
-md-toc <README.md 2 4 | sed -e 's/^ //g'
+md-toc <README.md 2 4 | cut -c5-'
```
To render the Markdown files, especially to watch embedded PlantUML diagrams, you can use one of the following methods:
@@ -292,13 +294,23 @@ If you have figured out how it works, please add instructions above this section
#### IntelliJ IDEA
+##### Build Settings
+
Go to [Gradle Settings}(jetbrains://idea/settings?name=Build%2C+Execution%2C+Deployment--Build+Tools--Gradle) and select "Build and run using" and "Run tests using" both to "gradle".
Otherwise, settings from `build.gradle`, like compiler arguments, are not applied when compiling through *IntelliJ IDEA*.
+##### Annotation Processor
+
Go to [Annotations Processors](jetbrains://idea/settings?name=Build%2C+Execution%2C+Deployment--Compiler--Annotation+Processors) and activate annotation processing.
Otherwise, *IntelliJ IDEA* can't see *Lombok* generated classes
and will show false errors (missing identifiers).
+
+##### Suggested Plugins
+
+- [Jetbrains Mermaid Integration](https://plugins.jetbrains.com/plugin/20146-mermaid)
+- [Vojtěch Krása PlantUML Integration](https://plugins.jetbrains.com/plugin/7017-plantuml-integration)
+
### Other Tools
**jq**: a JSON formatter.
From b15464bed5f88423d9fee7473e23c114862582b6 Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Thu, 4 Jan 2024 14:45:40 +0100
Subject: [PATCH 26/32] upgrade to SpringBoot 3.2.1
---
build.gradle | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/build.gradle b/build.gradle
index 968b80d1..7759a67e 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,6 +1,6 @@
plugins {
id 'java'
- id 'org.springframework.boot' version '3.1.7'
+ id 'org.springframework.boot' version '3.2.1'
id 'io.spring.dependency-management' version '1.1.4'
id 'io.openapiprocessor.openapi-processor' version '2023.2'
id 'com.github.jk1.dependency-license-report' version '2.5'
From 07dbc45c80d1049571b6202511bb689d943a8f73 Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Thu, 4 Jan 2024 15:51:34 +0100
Subject: [PATCH 27/32] Revert "upgrade to SpringBoot 3.2.1" because
HibernateTypes are incompatible to inclided Hibernate version
This reverts commit b15464bed5f88423d9fee7473e23c114862582b6.
---
build.gradle | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/build.gradle b/build.gradle
index 7759a67e..968b80d1 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,6 +1,6 @@
plugins {
id 'java'
- id 'org.springframework.boot' version '3.2.1'
+ id 'org.springframework.boot' version '3.1.7'
id 'io.spring.dependency-management' version '1.1.4'
id 'io.openapiprocessor.openapi-processor' version '2023.2'
id 'com.github.jk1.dependency-license-report' version '2.5'
From 63b02ff9cbdad73bab8d8b669ed228bacfca6605 Mon Sep 17 00:00:00 2001
From: Timotheus Pokorra <timotheus.pokorra@hostsharing.net>
Date: Thu, 4 Jan 2024 22:46:40 +0100
Subject: [PATCH 28/32] Small fix in README
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index ca3b16fc..105bec4e 100644
--- a/README.md
+++ b/README.md
@@ -55,7 +55,7 @@ To be able to build and run the Java Spring Boot application, you need the follo
We recommend to use an IDE (e.g. *IntelliJ IDEA* or *Eclipse* or *VS Code* with *[STS](https://spring.io/tools)* and optionally a GUI Frontend for *PostgreSQL* like *Postbird*.
-If you have at least Docker, the Java JDK installed in appropriate versions and in your `PATH`, then you can start like this:
+If you have at least Docker and the Java JDK installed in appropriate versions and in your `PATH`, then you can start like this:
cd your-hsadmin-ng-directory
From 47338cead8253a58b88608bbb01c06834a436f5e Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Fri, 5 Jan 2024 08:19:49 +0100
Subject: [PATCH 29/32] =?UTF-8?q?Liquibase-Changesets=20f=C3=BCr=20Legacy-?=
=?UTF-8?q?ID=20Mapping?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../206-hs-office-contact-migration.sql | 96 ++++++++++++++++++
.../226-hs-office-partner-migration.sql | 95 ++++++++++++++++++
.../256-hs-office-sepamandate-migration.sql | 97 +++++++++++++++++++
.../316-hs-office-coopshares-migration.sql | 96 ++++++++++++++++++
.../326-hs-office-coopassets-migration.sql | 96 ++++++++++++++++++
.../db/changelog/db.changelog-master.yaml | 12 ++-
6 files changed, 491 insertions(+), 1 deletion(-)
create mode 100644 src/main/resources/db/changelog/206-hs-office-contact-migration.sql
create mode 100644 src/main/resources/db/changelog/226-hs-office-partner-migration.sql
create mode 100644 src/main/resources/db/changelog/256-hs-office-sepamandate-migration.sql
create mode 100644 src/main/resources/db/changelog/316-hs-office-coopshares-migration.sql
create mode 100644 src/main/resources/db/changelog/326-hs-office-coopassets-migration.sql
diff --git a/src/main/resources/db/changelog/206-hs-office-contact-migration.sql b/src/main/resources/db/changelog/206-hs-office-contact-migration.sql
new file mode 100644
index 00000000..67309307
--- /dev/null
+++ b/src/main/resources/db/changelog/206-hs-office-contact-migration.sql
@@ -0,0 +1,96 @@
+--liquibase formatted sql
+
+-- TODO: These changesets are just for the external remote views to simulate the legacy tables.
+-- Once we don't need the external remote views anymore, create revert changesets.
+
+-- ============================================================================
+--changeset hs-office-contact-MIGRATION-mapping:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+CREATE TABLE hs_office_contact_legacy_id
+(
+ uuid uuid NOT NULL REFERENCES hs_office_contact(uuid),
+ contact_id integer NOT NULL
+);
+--//
+
+
+-- ============================================================================
+--changeset hs-office-contact-MIGRATION-sequence:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+CREATE SEQUENCE IF NOT EXISTS hs_office_contact_legacy_id_seq
+ AS integer
+ START 1000000000
+ OWNED BY hs_office_contact_legacy_id.contact_id;
+--//
+
+
+-- ============================================================================
+--changeset hs-office-contact-MIGRATION-default:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+ALTER TABLE hs_office_contact_legacy_id
+ ALTER COLUMN contact_id
+ SET DEFAULT nextVal('hs_office_contact_legacy_id_seq');
+
+--/
+
+-- ============================================================================
+--changeset hs-office-contact-MIGRATION-insert:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+CALL defineContext('schema-migration');
+INSERT INTO hs_office_contact_legacy_id(uuid, contact_id)
+SELECT uuid, nextVal('hs_office_contact_legacy_id_seq') FROM hs_office_contact;
+--/
+
+
+-- ============================================================================
+--changeset hs-office-contact-MIGRATION-insert-trigger:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+create or replace function insertContactLegacyIdMapping()
+ returns trigger
+ language plpgsql
+ strict as $$
+begin
+ if TG_OP <> 'INSERT' then
+ raise exception 'invalid usage of trigger';
+ end if;
+
+ INSERT INTO hs_office_contact_legacy_id VALUES
+ (NEW.uuid, nextVal('hs_office_contact_legacy_id_seq'));
+
+ return NEW;
+end; $$;
+
+create trigger createContactLegacyIdMapping
+ after insert on hs_office_contact
+ for each row
+execute procedure insertContactLegacyIdMapping();
+--/
+
+
+-- ============================================================================
+--changeset hs-office-contact-MIGRATION-delete-trigger:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+create or replace function deleteContactLegacyIdMapping()
+ returns trigger
+ language plpgsql
+ strict as $$
+begin
+ if TG_OP <> 'DELETE' then
+ raise exception 'invalid usage of trigger';
+ end if;
+
+ DELETE FROM hs_office_contact_legacy_id
+ WHERE uuid = OLD.uuid;
+
+ return OLD;
+end; $$;
+
+create trigger removeContactLegacyIdMapping
+ before delete on hs_office_contact
+ for each row
+execute procedure deleteContactLegacyIdMapping();
+--/
diff --git a/src/main/resources/db/changelog/226-hs-office-partner-migration.sql b/src/main/resources/db/changelog/226-hs-office-partner-migration.sql
new file mode 100644
index 00000000..abc18a88
--- /dev/null
+++ b/src/main/resources/db/changelog/226-hs-office-partner-migration.sql
@@ -0,0 +1,95 @@
+--liquibase formatted sql
+
+-- TODO: These changesets are just for the external remote views to simulate the legacy tables.
+-- Once we don't need the external remote views anymore, create revert changesets.
+
+-- ============================================================================
+--changeset hs-office-partner-MIGRATION-mapping:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+CREATE TABLE hs_office_partner_legacy_id
+(
+ uuid uuid NOT NULL REFERENCES hs_office_partner(uuid),
+ bp_id integer NOT NULL
+);
+--//
+
+
+-- ============================================================================
+--changeset hs-office-partner-MIGRATION-sequence:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+CREATE SEQUENCE IF NOT EXISTS hs_office_partner_legacy_id_seq
+ AS integer
+ START 1000000000
+ OWNED BY hs_office_partner_legacy_id.bp_id;
+--//
+
+
+-- ============================================================================
+--changeset hs-office-partner-MIGRATION-default:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+ALTER TABLE hs_office_partner_legacy_id
+ ALTER COLUMN bp_id
+ SET DEFAULT nextVal('hs_office_partner_legacy_id_seq');
+--/
+
+-- ============================================================================
+--changeset hs-office-partner-MIGRATION-insert:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+CALL defineContext('schema-migration');
+INSERT INTO hs_office_partner_legacy_id(uuid, bp_id)
+SELECT uuid, nextVal('hs_office_partner_legacy_id_seq') FROM hs_office_partner;
+--/
+
+
+-- ============================================================================
+--changeset hs-office-partner-MIGRATION-insert-trigger:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+create or replace function insertPartnerLegacyIdMapping()
+ returns trigger
+ language plpgsql
+ strict as $$
+begin
+ if TG_OP <> 'INSERT' then
+ raise exception 'invalid usage of trigger';
+ end if;
+
+ INSERT INTO hs_office_partner_legacy_id VALUES
+ (NEW.uuid, nextVal('hs_office_partner_legacy_id_seq'));
+
+ return NEW;
+end; $$;
+
+create trigger createPartnerLegacyIdMapping
+ after insert on hs_office_partner
+ for each row
+ execute procedure insertPartnerLegacyIdMapping();
+--/
+
+
+-- ============================================================================
+--changeset hs-office-partner-MIGRATION-delete-trigger:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+create or replace function deletePartnerLegacyIdMapping()
+ returns trigger
+ language plpgsql
+ strict as $$
+begin
+ if TG_OP <> 'DELETE' then
+ raise exception 'invalid usage of trigger';
+ end if;
+
+ DELETE FROM hs_office_partner_legacy_id
+ WHERE uuid = OLD.uuid;
+
+ return OLD;
+end; $$;
+
+create trigger removePartnerLegacyIdMapping
+ before delete on hs_office_partner
+ for each row
+ execute procedure deletePartnerLegacyIdMapping();
+--/
diff --git a/src/main/resources/db/changelog/256-hs-office-sepamandate-migration.sql b/src/main/resources/db/changelog/256-hs-office-sepamandate-migration.sql
new file mode 100644
index 00000000..5baaf783
--- /dev/null
+++ b/src/main/resources/db/changelog/256-hs-office-sepamandate-migration.sql
@@ -0,0 +1,97 @@
+--liquibase formatted sql
+
+-- TODO: These changesets are just for the external remote views to simulate the legacy tables.
+-- Once we don't need the external remote views anymore, create revert changesets.
+
+-- ============================================================================
+--changeset hs-office-sepamandate-MIGRATION-mapping:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+CREATE TABLE hs_office_sepamandate_legacy_id
+(
+ uuid uuid NOT NULL REFERENCES hs_office_sepamandate(uuid),
+ sepa_mandat_id integer NOT NULL
+);
+--//
+
+
+-- ============================================================================
+--changeset hs-office-sepamandate-MIGRATION-sequence:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+CREATE SEQUENCE IF NOT EXISTS hs_office_sepamandate_legacy_id_seq
+ AS integer
+ START 1000000000
+ OWNED BY hs_office_sepamandate_legacy_id.sepa_mandat_id;
+--//
+
+
+-- ============================================================================
+--changeset hs-office-sepamandate-MIGRATION-default:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+ALTER TABLE hs_office_sepamandate_legacy_id
+ ALTER COLUMN sepa_mandat_id
+ SET DEFAULT nextVal('hs_office_sepamandate_legacy_id_seq');
+
+--/
+
+
+-- ============================================================================
+--changeset hs-office-sepamandate-MIGRATION-insert:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+CALL defineContext('schema-migration');
+INSERT INTO hs_office_sepamandate_legacy_id(uuid, sepa_mandat_id)
+SELECT uuid, nextVal('hs_office_sepamandate_legacy_id_seq') FROM hs_office_sepamandate;
+--/
+
+
+-- ============================================================================
+--changeset hs-office-sepamandate-MIGRATION-insert-trigger:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+create or replace function insertSepaMandateLegacyIdMapping()
+ returns trigger
+ language plpgsql
+ strict as $$
+begin
+ if TG_OP <> 'INSERT' then
+ raise exception 'invalid usage of trigger';
+ end if;
+
+ INSERT INTO hs_office_sepamandate_legacy_id VALUES
+ (NEW.uuid, nextVal('hs_office_sepamandate_legacy_id_seq'));
+
+ return NEW;
+end; $$;
+
+create trigger createSepaMandateLegacyIdMapping
+ after insert on hs_office_sepamandate
+ for each row
+execute procedure insertSepaMandateLegacyIdMapping();
+--/
+
+
+-- ============================================================================
+--changeset hs-office-sepamandate-MIGRATION-delete-trigger:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+create or replace function deleteSepaMandateLegacyIdMapping()
+ returns trigger
+ language plpgsql
+ strict as $$
+begin
+ if TG_OP <> 'DELETE' then
+ raise exception 'invalid usage of trigger';
+ end if;
+
+ DELETE FROM hs_office_sepamandate_legacy_id
+ WHERE uuid = OLD.uuid;
+
+ return OLD;
+end; $$;
+
+create trigger removeSepaMandateLegacyIdMapping
+ before delete on hs_office_sepamandate
+ for each row
+execute procedure deleteSepaMandateLegacyIdMapping();
+--/
diff --git a/src/main/resources/db/changelog/316-hs-office-coopshares-migration.sql b/src/main/resources/db/changelog/316-hs-office-coopshares-migration.sql
new file mode 100644
index 00000000..105c1ebe
--- /dev/null
+++ b/src/main/resources/db/changelog/316-hs-office-coopshares-migration.sql
@@ -0,0 +1,96 @@
+--liquibase formatted sql
+
+-- TODO: These changesets are just for the external remote views to simulate the legacy tables.
+-- Once we don't need the external remote views anymore, create revert changesets.
+
+-- ============================================================================
+--changeset hs-office-coopshares-MIGRATION-mapping:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+CREATE TABLE hs_office_coopsharestransaction_legacy_id
+(
+ uuid uuid NOT NULL REFERENCES hs_office_coopsharestransaction(uuid),
+ member_share_id integer NOT NULL
+);
+--//
+
+
+-- ============================================================================
+--changeset hs-office-coopshares-MIGRATION-sequence:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+CREATE SEQUENCE IF NOT EXISTS hs_office_coopsharestransaction_legacy_id_seq
+ AS integer
+ START 1000000000
+ OWNED BY hs_office_coopsharestransaction_legacy_id.member_share_id;
+--//
+
+
+-- ============================================================================
+--changeset hs-office-coopshares-MIGRATION-default:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+ALTER TABLE hs_office_coopsharestransaction_legacy_id
+ ALTER COLUMN member_share_id
+ SET DEFAULT nextVal('hs_office_coopsharestransaction_legacy_id_seq');
+
+--/
+
+-- ============================================================================
+--changeset hs-office-coopshares-MIGRATION-insert:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+CALL defineContext('schema-migration');
+INSERT INTO hs_office_coopsharestransaction_legacy_id(uuid, member_share_id)
+SELECT uuid, nextVal('hs_office_coopsharestransaction_legacy_id_seq') FROM hs_office_coopsharestransaction;
+--/
+
+
+-- ============================================================================
+--changeset hs-office-coopShares-MIGRATION-insert-trigger:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+create or replace function insertCoopSharesLegacyIdMapping()
+ returns trigger
+ language plpgsql
+ strict as $$
+begin
+ if TG_OP <> 'INSERT' then
+ raise exception 'invalid usage of trigger';
+ end if;
+
+ INSERT INTO hs_office_coopsharestransaction_legacy_id VALUES
+ (NEW.uuid, nextVal('hs_office_coopsharestransaction_legacy_id_seq'));
+
+ return NEW;
+end; $$;
+
+create trigger createCoopSharesLegacyIdMapping
+ after insert on hs_office_coopsharestransaction
+ for each row
+execute procedure insertCoopSharesLegacyIdMapping();
+--/
+
+
+-- ============================================================================
+--changeset hs-office-coopShares-MIGRATION-delete-trigger:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+create or replace function deleteCoopSharesLegacyIdMapping()
+ returns trigger
+ language plpgsql
+ strict as $$
+begin
+ if TG_OP <> 'DELETE' then
+ raise exception 'invalid usage of trigger';
+ end if;
+
+ DELETE FROM hs_office_coopsharestransaction_legacy_id
+ WHERE uuid = OLD.uuid;
+
+ return OLD;
+end; $$;
+
+create trigger removeCoopSharesLegacyIdMapping
+ before delete on hs_office_coopsharestransaction
+ for each row
+execute procedure deleteCoopSharesLegacyIdMapping();
+--/
diff --git a/src/main/resources/db/changelog/326-hs-office-coopassets-migration.sql b/src/main/resources/db/changelog/326-hs-office-coopassets-migration.sql
new file mode 100644
index 00000000..ee432d73
--- /dev/null
+++ b/src/main/resources/db/changelog/326-hs-office-coopassets-migration.sql
@@ -0,0 +1,96 @@
+--liquibase formatted sql
+
+-- TODO: These changesets are just for the external remote views to simulate the legacy tables.
+-- Once we don't need the external remote views anymore, create revert changesets.
+
+-- ============================================================================
+--changeset hs-office-coopassets-MIGRATION-mapping:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+CREATE TABLE hs_office_coopassetstransaction_legacy_id
+(
+ uuid uuid NOT NULL REFERENCES hs_office_coopassetstransaction(uuid),
+ member_asstr_id integer NOT NULL
+);
+--//
+
+
+-- ============================================================================
+--changeset hs-office-coopassets-MIGRATION-sequence:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+CREATE SEQUENCE IF NOT EXISTS hs_office_coopassetstransaction_legacy_id_seq
+ AS integer
+ START 1000000000
+ OWNED BY hs_office_coopassetstransaction_legacy_id.member_asstr_id;
+--//
+
+
+-- ============================================================================
+--changeset hs-office-coopassets-MIGRATION-default:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+ALTER TABLE hs_office_coopassetstransaction_legacy_id
+ ALTER COLUMN member_asstr_id
+ SET DEFAULT nextVal('hs_office_coopassetstransaction_legacy_id_seq');
+
+--/
+
+-- ============================================================================
+--changeset hs-office-coopassets-MIGRATION-insert:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+CALL defineContext('schema-migration');
+INSERT INTO hs_office_coopassetstransaction_legacy_id(uuid, member_asstr_id)
+SELECT uuid, nextVal('hs_office_coopassetstransaction_legacy_id_seq') FROM hs_office_coopassetstransaction;
+--/
+
+
+-- ============================================================================
+--changeset hs-office-coopAssets-MIGRATION-insert-trigger:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+create or replace function insertCoopAssetsLegacyIdMapping()
+ returns trigger
+ language plpgsql
+ strict as $$
+begin
+ if TG_OP <> 'INSERT' then
+ raise exception 'invalid usage of trigger';
+ end if;
+
+ INSERT INTO hs_office_coopassetstransaction_legacy_id VALUES
+ (NEW.uuid, nextVal('hs_office_coopassetstransaction_legacy_id_seq'));
+
+ return NEW;
+end; $$;
+
+create trigger createCoopAssetsLegacyIdMapping
+ after insert on hs_office_coopassetstransaction
+ for each row
+execute procedure insertCoopAssetsLegacyIdMapping();
+--/
+
+
+-- ============================================================================
+--changeset hs-office-coopAssets-MIGRATION-delete-trigger:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+create or replace function deleteCoopAssetsLegacyIdMapping()
+ returns trigger
+ language plpgsql
+ strict as $$
+begin
+ if TG_OP <> 'DELETE' then
+ raise exception 'invalid usage of trigger';
+ end if;
+
+ DELETE FROM hs_office_coopassetstransaction_legacy_id
+ WHERE uuid = OLD.uuid;
+
+ return OLD;
+end; $$;
+
+create trigger removeCoopAssetsLegacyIdMapping
+ before delete on hs_office_coopassetstransaction
+ for each row
+execute procedure deleteCoopAssetsLegacyIdMapping();
+--/
diff --git a/src/main/resources/db/changelog/db.changelog-master.yaml b/src/main/resources/db/changelog/db.changelog-master.yaml
index 3a1bb533..68719b66 100644
--- a/src/main/resources/db/changelog/db.changelog-master.yaml
+++ b/src/main/resources/db/changelog/db.changelog-master.yaml
@@ -53,6 +53,8 @@ databaseChangeLog:
file: db/changelog/200-hs-office-contact.sql
- include:
file: db/changelog/203-hs-office-contact-rbac.sql
+ - include:
+ file: db/changelog/206-hs-office-contact-migration.sql
- include:
file: db/changelog/208-hs-office-contact-test-data.sql
- include:
@@ -67,6 +69,8 @@ databaseChangeLog:
file: db/changelog/223-hs-office-partner-rbac.sql
- include:
file: db/changelog/224-hs-office-partner-details-rbac.sql
+ - include:
+ file: db/changelog/226-hs-office-partner-migration.sql
- include:
file: db/changelog/228-hs-office-partner-test-data.sql
- include:
@@ -80,7 +84,7 @@ databaseChangeLog:
- include:
file: db/changelog/243-hs-office-bankaccount-rbac.sql
- include:
- file: db/changelog/248-hs-office-bankaccount-test-data.sql
+ file: db/changelog/248-hs-office-bankaccount-test-data.sql
- include:
file: db/changelog/270-hs-office-debitor.sql
- include:
@@ -91,6 +95,8 @@ databaseChangeLog:
file: db/changelog/250-hs-office-sepamandate.sql
- include:
file: db/changelog/253-hs-office-sepamandate-rbac.sql
+ - include:
+ file: db/changelog/256-hs-office-sepamandate-migration.sql
- include:
file: db/changelog/258-hs-office-sepamandate-test-data.sql
- include:
@@ -103,11 +109,15 @@ databaseChangeLog:
file: db/changelog/310-hs-office-coopshares.sql
- include:
file: db/changelog/313-hs-office-coopshares-rbac.sql
+ - include:
+ file: db/changelog/316-hs-office-coopshares-migration.sql
- include:
file: db/changelog/318-hs-office-coopshares-test-data.sql
- include:
file: db/changelog/320-hs-office-coopassets.sql
- include:
file: db/changelog/323-hs-office-coopassets-rbac.sql
+ - include:
+ file: db/changelog/326-hs-office-coopassets-migration.sql
- include:
file: db/changelog/328-hs-office-coopassets-test-data.sql
From 85abe5c3cb3096cdea01e09bff9650a3ecd44a62 Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Fri, 5 Jan 2024 10:52:15 +0100
Subject: [PATCH 30/32] amendmends according to code review
---
.../206-hs-office-contact-migration.sql | 10 +++++-----
.../226-hs-office-partner-migration.sql | 2 +-
.../256-hs-office-sepamandate-migration.sql | 10 +++++-----
.../316-hs-office-coopshares-migration.sql | 10 +++++-----
.../326-hs-office-coopassets-migration.sql | 20 +++++++++----------
5 files changed, 26 insertions(+), 26 deletions(-)
diff --git a/src/main/resources/db/changelog/206-hs-office-contact-migration.sql b/src/main/resources/db/changelog/206-hs-office-contact-migration.sql
index 67309307..79cdd3bf 100644
--- a/src/main/resources/db/changelog/206-hs-office-contact-migration.sql
+++ b/src/main/resources/db/changelog/206-hs-office-contact-migration.sql
@@ -42,7 +42,7 @@ ALTER TABLE hs_office_contact_legacy_id
CALL defineContext('schema-migration');
INSERT INTO hs_office_contact_legacy_id(uuid, contact_id)
-SELECT uuid, nextVal('hs_office_contact_legacy_id_seq') FROM hs_office_contact;
+ SELECT uuid, nextVal('hs_office_contact_legacy_id_seq') FROM hs_office_contact;
--/
@@ -66,8 +66,8 @@ end; $$;
create trigger createContactLegacyIdMapping
after insert on hs_office_contact
- for each row
-execute procedure insertContactLegacyIdMapping();
+ for each row
+ execute procedure insertContactLegacyIdMapping();
--/
@@ -91,6 +91,6 @@ end; $$;
create trigger removeContactLegacyIdMapping
before delete on hs_office_contact
- for each row
-execute procedure deleteContactLegacyIdMapping();
+ for each row
+ execute procedure deleteContactLegacyIdMapping();
--/
diff --git a/src/main/resources/db/changelog/226-hs-office-partner-migration.sql b/src/main/resources/db/changelog/226-hs-office-partner-migration.sql
index abc18a88..f48e99d5 100644
--- a/src/main/resources/db/changelog/226-hs-office-partner-migration.sql
+++ b/src/main/resources/db/changelog/226-hs-office-partner-migration.sql
@@ -41,7 +41,7 @@ ALTER TABLE hs_office_partner_legacy_id
CALL defineContext('schema-migration');
INSERT INTO hs_office_partner_legacy_id(uuid, bp_id)
-SELECT uuid, nextVal('hs_office_partner_legacy_id_seq') FROM hs_office_partner;
+ SELECT uuid, nextVal('hs_office_partner_legacy_id_seq') FROM hs_office_partner;
--/
diff --git a/src/main/resources/db/changelog/256-hs-office-sepamandate-migration.sql b/src/main/resources/db/changelog/256-hs-office-sepamandate-migration.sql
index 5baaf783..fe43706c 100644
--- a/src/main/resources/db/changelog/256-hs-office-sepamandate-migration.sql
+++ b/src/main/resources/db/changelog/256-hs-office-sepamandate-migration.sql
@@ -43,7 +43,7 @@ ALTER TABLE hs_office_sepamandate_legacy_id
CALL defineContext('schema-migration');
INSERT INTO hs_office_sepamandate_legacy_id(uuid, sepa_mandat_id)
-SELECT uuid, nextVal('hs_office_sepamandate_legacy_id_seq') FROM hs_office_sepamandate;
+ SELECT uuid, nextVal('hs_office_sepamandate_legacy_id_seq') FROM hs_office_sepamandate;
--/
@@ -67,8 +67,8 @@ end; $$;
create trigger createSepaMandateLegacyIdMapping
after insert on hs_office_sepamandate
- for each row
-execute procedure insertSepaMandateLegacyIdMapping();
+ for each row
+ execute procedure insertSepaMandateLegacyIdMapping();
--/
@@ -92,6 +92,6 @@ end; $$;
create trigger removeSepaMandateLegacyIdMapping
before delete on hs_office_sepamandate
- for each row
-execute procedure deleteSepaMandateLegacyIdMapping();
+ for each row
+ execute procedure deleteSepaMandateLegacyIdMapping();
--/
diff --git a/src/main/resources/db/changelog/316-hs-office-coopshares-migration.sql b/src/main/resources/db/changelog/316-hs-office-coopshares-migration.sql
index 105c1ebe..dd64356e 100644
--- a/src/main/resources/db/changelog/316-hs-office-coopshares-migration.sql
+++ b/src/main/resources/db/changelog/316-hs-office-coopshares-migration.sql
@@ -42,7 +42,7 @@ ALTER TABLE hs_office_coopsharestransaction_legacy_id
CALL defineContext('schema-migration');
INSERT INTO hs_office_coopsharestransaction_legacy_id(uuid, member_share_id)
-SELECT uuid, nextVal('hs_office_coopsharestransaction_legacy_id_seq') FROM hs_office_coopsharestransaction;
+ SELECT uuid, nextVal('hs_office_coopsharestransaction_legacy_id_seq') FROM hs_office_coopsharestransaction;
--/
@@ -66,8 +66,8 @@ end; $$;
create trigger createCoopSharesLegacyIdMapping
after insert on hs_office_coopsharestransaction
- for each row
-execute procedure insertCoopSharesLegacyIdMapping();
+ for each row
+ execute procedure insertCoopSharesLegacyIdMapping();
--/
@@ -91,6 +91,6 @@ end; $$;
create trigger removeCoopSharesLegacyIdMapping
before delete on hs_office_coopsharestransaction
- for each row
-execute procedure deleteCoopSharesLegacyIdMapping();
+ for each row
+ execute procedure deleteCoopSharesLegacyIdMapping();
--/
diff --git a/src/main/resources/db/changelog/326-hs-office-coopassets-migration.sql b/src/main/resources/db/changelog/326-hs-office-coopassets-migration.sql
index ee432d73..8c346566 100644
--- a/src/main/resources/db/changelog/326-hs-office-coopassets-migration.sql
+++ b/src/main/resources/db/changelog/326-hs-office-coopassets-migration.sql
@@ -10,7 +10,7 @@
CREATE TABLE hs_office_coopassetstransaction_legacy_id
(
uuid uuid NOT NULL REFERENCES hs_office_coopassetstransaction(uuid),
- member_asstr_id integer NOT NULL
+ member_asset_id integer NOT NULL
);
--//
@@ -22,7 +22,7 @@ CREATE TABLE hs_office_coopassetstransaction_legacy_id
CREATE SEQUENCE IF NOT EXISTS hs_office_coopassetstransaction_legacy_id_seq
AS integer
START 1000000000
- OWNED BY hs_office_coopassetstransaction_legacy_id.member_asstr_id;
+ OWNED BY hs_office_coopassetstransaction_legacy_id.member_asset_id;
--//
@@ -31,18 +31,18 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_coopassetstransaction_legacy_id_seq
-- ----------------------------------------------------------------------------
ALTER TABLE hs_office_coopassetstransaction_legacy_id
- ALTER COLUMN member_asstr_id
+ ALTER COLUMN member_asset_id
SET DEFAULT nextVal('hs_office_coopassetstransaction_legacy_id_seq');
-
--/
+
-- ============================================================================
--changeset hs-office-coopassets-MIGRATION-insert:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
CALL defineContext('schema-migration');
-INSERT INTO hs_office_coopassetstransaction_legacy_id(uuid, member_asstr_id)
-SELECT uuid, nextVal('hs_office_coopassetstransaction_legacy_id_seq') FROM hs_office_coopassetstransaction;
+INSERT INTO hs_office_coopassetstransaction_legacy_id(uuid, member_asset_id)
+ SELECT uuid, nextVal('hs_office_coopassetstransaction_legacy_id_seq') FROM hs_office_coopassetstransaction;
--/
@@ -66,8 +66,8 @@ end; $$;
create trigger createCoopAssetsLegacyIdMapping
after insert on hs_office_coopassetstransaction
- for each row
-execute procedure insertCoopAssetsLegacyIdMapping();
+ for each row
+ execute procedure insertCoopAssetsLegacyIdMapping();
--/
@@ -91,6 +91,6 @@ end; $$;
create trigger removeCoopAssetsLegacyIdMapping
before delete on hs_office_coopassetstransaction
- for each row
-execute procedure deleteCoopAssetsLegacyIdMapping();
+ for each row
+ execute procedure deleteCoopAssetsLegacyIdMapping();
--/
From 1f49970e66e2b83a176673327195015c56c8895f Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Fri, 5 Jan 2024 11:07:34 +0100
Subject: [PATCH 31/32] amendmends according to code review
---
build.gradle | 1 -
etc/owasp-dependency-check-suppression.xml | 6 +++++-
settings.gradle | 11 +++++++++--
3 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/build.gradle b/build.gradle
index 968b80d1..b43f22e1 100644
--- a/build.gradle
+++ b/build.gradle
@@ -208,7 +208,6 @@ dependencyCheck {
apiKey = project.property('OWASP_API_KEY') // set it in ~/.gradle/gradle.properties
delay = 16000
}
- // cveValidForHours = 4
format = 'ALL'
suppressionFile = 'etc/owasp-dependency-check-suppression.xml'
failOnError = true
diff --git a/etc/owasp-dependency-check-suppression.xml b/etc/owasp-dependency-check-suppression.xml
index cdb329d5..39d77b47 100644
--- a/etc/owasp-dependency-check-suppression.xml
+++ b/etc/owasp-dependency-check-suppression.xml
@@ -51,7 +51,11 @@
</suppress>
<suppress>
<notes><![CDATA[
- We've explicitly bumped to 2.2, but the dependency checker does not seem to notice that.
+ Spring Boot 3.1.x has a transient dependency to snakeyaml 1.3
+ which contains this vulnerability.
+
+ We've explicitly bumped to 2.2, but the vulnerability checker does not seem to notice that.
+
TODO: Remove this suppression once we are on SpringBoot 3.2,
as well as the explicit version bump and the transient dependency exclude.
]]></notes>
diff --git a/settings.gradle b/settings.gradle
index d437063a..2423c63e 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -13,8 +13,15 @@ dependencyResolutionManagement {
allVariants {
withDependencies {
removeAll {
- // TODO: Remove this transient dependency exclude once we are on SpringBoot 3.2.x
- // as well as the related explicit dependency in build.gradle
+ // Spring Boot 3.1.x has a transient dependency to snakeyaml 1.3
+ // which contains a severe vulnerability.
+ // Here we remove this transient dependency and in build.gradle
+ // we add an explicit dependency to snakeyaml 2.2,
+ // which does not have this vulnerability anymore.
+ //
+ // TODO: Check Once we are on SpringBoot 3.2.x, check if this exclude
+ // is still neccessary. If not:
+ // Remove it // as well as the related explicit dependency in build.gradle
// and the dependency suppression in owasp-dependency-check-suppression.xml.
it.module in [ 'snakeyaml' ]
}
From 0f71c6a88dfc91c44cdaf46ade7750f86c61473f Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael.hoennig@hostsharing.net>
Date: Fri, 5 Jan 2024 15:16:12 +0100
Subject: [PATCH 32/32] re-activate auto-download of JDK with Gradle Toolchain
support (#7)
Co-authored-by: Michael Hoennig <michael@hoennig.de>
Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/7
Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net>
---
build.gradle | 2 ++
gradle.properties | 5 +++++
settings.gradle | 4 ++++
3 files changed, 11 insertions(+)
diff --git a/build.gradle b/build.gradle
index b43f22e1..43ca4d22 100644
--- a/build.gradle
+++ b/build.gradle
@@ -43,6 +43,8 @@ repositories {
java {
toolchain {
languageVersion = JavaLanguageVersion.of(21)
+ vendor = JvmVendorSpec.ADOPTIUM
+ implementation = JvmImplementation.VENDOR_SPECIFIC
}
}
diff --git a/gradle.properties b/gradle.properties
index a033d0d3..433cede1 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,3 +1,8 @@
+# Gradle Java Toolchain-support
+org.gradle.java.installations.auto-detect=true
+org.gradle.java.installations.auto-download=true
+# org.gradle.jvm.toolchain.install.adoptopenjdk.baseUri
+# org.gradle.java.installations.paths -- uncomment and set if needed
# Spring BOM overrides
# currently none necessary
diff --git a/settings.gradle b/settings.gradle
index 2423c63e..09d09d6f 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -7,6 +7,10 @@ pluginManagement {
}
}
+plugins {
+ id 'org.gradle.toolchains.foojay-resolver-convention' version '0.7.0'
+}
+
dependencyResolutionManagement {
components {
all {