From f6118ec876e611995cad000a43e16d2ccbea94c0 Mon Sep 17 00:00:00 2001 From: Jens L Date: Wed, 25 Oct 2023 20:15:28 +0200 Subject: [PATCH 01/38] web/admin: add preview banner to RBAC pages (#7295) Signed-off-by: Jens Langhammer --- web/src/admin/roles/RoleListPage.ts | 25 +++- web/src/admin/roles/RoleViewPage.ts | 117 ++++++++++-------- web/src/admin/users/UserViewPage.ts | 48 ++++--- .../elements/rbac/ObjectPermissionModal.ts | 7 +- .../elements/rbac/ObjectPermissionsPage.ts | 80 ++++++------ 5 files changed, 169 insertions(+), 108 deletions(-) diff --git a/web/src/admin/roles/RoleListPage.ts b/web/src/admin/roles/RoleListPage.ts index 2bf8bf64e..328acb186 100644 --- a/web/src/admin/roles/RoleListPage.ts +++ b/web/src/admin/roles/RoleListPage.ts @@ -10,8 +10,11 @@ import { TablePage } from "@goauthentik/elements/table/TablePage"; import "@patternfly/elements/pf-tooltip/pf-tooltip.js"; import { msg } from "@lit/localize"; -import { TemplateResult, html } from "lit"; +import { CSSResult, TemplateResult, html } from "lit"; import { customElement, property } from "lit/decorators.js"; +import { ifDefined } from "lit/directives/if-defined.js"; + +import PFBanner from "@patternfly/patternfly/components/Banner/banner.css"; import { RbacApi, Role } from "@goauthentik/api"; @@ -34,6 +37,10 @@ export class RoleListPage extends TablePage { @property() order = "name"; + static get styles(): CSSResult[] { + return [...super.styles, PFBanner]; + } + async apiEndpoint(page: number): Promise> { return new RbacApi(DEFAULT_CONFIG).rbacRolesList({ ordering: this.order, @@ -69,6 +76,22 @@ export class RoleListPage extends TablePage { `; } + render(): TemplateResult { + return html` + +
+ ${msg("RBAC is in preview.")} + ${msg("Send us feedback!")} +
+
+
${this.renderTable()}
+
`; + } + row(item: Role): TemplateResult[] { return [ html`${item.name}`, diff --git a/web/src/admin/roles/RoleViewPage.ts b/web/src/admin/roles/RoleViewPage.ts index b9a77fac4..8cc2e5d08 100644 --- a/web/src/admin/roles/RoleViewPage.ts +++ b/web/src/admin/roles/RoleViewPage.ts @@ -15,6 +15,7 @@ import { msg, str } from "@lit/localize"; import { CSSResult, TemplateResult, css, html } from "lit"; import { customElement, property, state } from "lit/decorators.js"; +import PFBanner from "@patternfly/patternfly/components/Banner/banner.css"; import PFButton from "@patternfly/patternfly/components/Button/button.css"; import PFCard from "@patternfly/patternfly/components/Card/card.css"; import PFContent from "@patternfly/patternfly/components/Content/content.css"; @@ -52,6 +53,7 @@ export class RoleViewPage extends AKElement { PFContent, PFCard, PFDescriptionList, + PFBanner, css` .pf-c-description-list__description ak-action-button { margin-right: 6px; @@ -85,60 +87,69 @@ export class RoleViewPage extends AKElement { if (!this._role) { return html``; } - return html` -
-
-
-
${msg("Role Info")}
-
-
-
-
- ${msg("Name")} -
-
-
- ${this._role.name} -
-
-
-
+ return html`
+ ${msg("RBAC is in preview.")} + ${msg("Send us feedback!")} +
+ +
+
+
+
${msg("Role Info")}
+
+
+
+
+ ${msg("Name")} +
+
+
+ ${this._role.name} +
+
+
+
+
+
+
+
+ ${msg("Assigned global permissions")} +
+
+ +
+
+
+
+ ${msg("Assigned object permissions")} +
+
+ +
-
-
${msg("Assigned global permissions")}
-
- -
-
-
-
${msg("Assigned object permissions")}
-
- -
-
-
-
- -
`; + + + `; } } diff --git a/web/src/admin/users/UserViewPage.ts b/web/src/admin/users/UserViewPage.ts index d91ea4386..d752f645a 100644 --- a/web/src/admin/users/UserViewPage.ts +++ b/web/src/admin/users/UserViewPage.ts @@ -33,6 +33,7 @@ import { msg, str } from "@lit/localize"; import { css, html, nothing } from "lit"; import { customElement, property, state } from "lit/decorators.js"; +import PFBanner from "@patternfly/patternfly/components/Banner/banner.css"; import PFButton from "@patternfly/patternfly/components/Button/button.css"; import PFCard from "@patternfly/patternfly/components/Card/card.css"; import PFContent from "@patternfly/patternfly/components/Content/content.css"; @@ -86,6 +87,7 @@ export class UserViewPage extends AKElement { PFCard, PFDescriptionList, PFSizing, + PFBanner, css` .ak-button-collection { display: flex; @@ -465,28 +467,38 @@ export class UserViewPage extends AKElement { model=${RbacPermissionsAssignedByUsersListModelEnum.CoreUser} objectPk=${this.user.pk} > -
-
-
-
${msg("Assigned global permissions")}
-
- - -
-
-
-
${msg("Assigned object permissions")}
-
- - -
-
+
+ ${msg("RBAC is in preview.")} + ${msg("Send us feedback!")}
-
+
+
+
+
+ ${msg("Assigned global permissions")} +
+
+ + +
+
+
+
+ ${msg("Assigned object permissions")} +
+
+ + +
+
+
+
+ `; } } diff --git a/web/src/elements/rbac/ObjectPermissionModal.ts b/web/src/elements/rbac/ObjectPermissionModal.ts index 596b2b2c5..e50be6b82 100644 --- a/web/src/elements/rbac/ObjectPermissionModal.ts +++ b/web/src/elements/rbac/ObjectPermissionModal.ts @@ -7,6 +7,7 @@ import { msg } from "@lit/localize"; import { CSSResult, TemplateResult, html } from "lit"; import { customElement, property } from "lit/decorators.js"; +import PFBanner from "@patternfly/patternfly/components/Banner/banner.css"; import PFButton from "@patternfly/patternfly/components/Button/button.css"; import PFBase from "@patternfly/patternfly/patternfly-base.css"; @@ -51,13 +52,17 @@ export class ObjectPermissionModal extends AKElement { objectPk?: string | number; static get styles(): CSSResult[] { - return [PFBase, PFButton]; + return [PFBase, PFButton, PFBanner]; } render(): TemplateResult { return html` ${msg("Update Permissions")} +
+ ${msg("RBAC is in preview.")} + ${msg("Send us feedback!")} +
-
-
-
-
User Object Permissions
-
- - + return html`${this.showBanner + ? html`
+ ${msg("RBAC is in preview.")} + ${msg("Send us feedback!")} +
` + : html``} + +
+
+
+
User Object Permissions
+
+ + +
-
-
-
-
-
-
Role Object Permissions
-
- - +
+
+
+
+
Role Object Permissions
+
+ + +
- -
- `; + + `; } } From 484cbc8c732420d4775a67be9b353d97a0b6966c Mon Sep 17 00:00:00 2001 From: "transifex-integration[bot]" <43880903+transifex-integration[bot]@users.noreply.github.com> Date: Wed, 25 Oct 2023 21:21:40 +0200 Subject: [PATCH 02/38] translate: Updates for file web/xliff/en.xlf in zh-Hans (#7300) Translate web/xliff/en.xlf in zh-Hans 100% translated source file: 'web/xliff/en.xlf' on 'zh-Hans'. Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com> --- web/xliff/zh-Hans.xlf | 52 ++++++++++++++++++++++++------------------- 1 file changed, 29 insertions(+), 23 deletions(-) diff --git a/web/xliff/zh-Hans.xlf b/web/xliff/zh-Hans.xlf index 48317264f..5899f2fcb 100644 --- a/web/xliff/zh-Hans.xlf +++ b/web/xliff/zh-Hans.xlf @@ -1,4 +1,4 @@ - + @@ -613,9 +613,9 @@ - The URL "" was not found. - 未找到 URL " - "。 + The URL "" was not found. + 未找到 URL " + "。 @@ -1057,8 +1057,8 @@ - To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. - 要允许任何重定向 URI,请将此值设置为 ".*"。请注意这可能带来的安全影响。 + To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. + 要允许任何重定向 URI,请将此值设置为 ".*"。请注意这可能带来的安全影响。 @@ -1799,8 +1799,8 @@ - Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". - 输入完整 URL、相对路径,或者使用 'fa://fa-test' 来使用 Font Awesome 图标 "fa-test"。 + Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". + 输入完整 URL、相对路径,或者使用 'fa://fa-test' 来使用 Font Awesome 图标 "fa-test"。 @@ -3013,8 +3013,8 @@ doesn't pass when either or both of the selected options are equal or above the - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' - 包含组成员的字段。请注意,如果使用 "memberUid" 字段,则假定该值包含相对可分辨名称。例如,'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...' + Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' + 包含组成员的字段。请注意,如果使用 "memberUid" 字段,则假定该值包含相对可分辨名称。例如,'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...' @@ -3806,8 +3806,8 @@ doesn't pass when either or both of the selected options are equal or above the - When using an external logging solution for archiving, this can be set to "minutes=5". - 使用外部日志记录解决方案进行存档时,可以将其设置为 "minutes=5"。 + When using an external logging solution for archiving, this can be set to "minutes=5". + 使用外部日志记录解决方案进行存档时,可以将其设置为 "minutes=5"。 @@ -3816,8 +3816,8 @@ doesn't pass when either or both of the selected options are equal or above the - Format: "weeks=3;days=2;hours=3,seconds=2". - 格式:"weeks=3;days=2;hours=3,seconds=2"。 + Format: "weeks=3;days=2;hours=3,seconds=2". + 格式:"weeks=3;days=2;hours=3,seconds=2"。 @@ -4013,10 +4013,10 @@ doesn't pass when either or both of the selected options are equal or above the - Are you sure you want to update ""? + Are you sure you want to update ""? 您确定要更新 - " - " 吗? + " + " 吗? @@ -5102,7 +5102,7 @@ doesn't pass when either or both of the selected options are equal or above the - A "roaming" authenticator, like a YubiKey + A "roaming" authenticator, like a YubiKey 像 YubiKey 这样的“漫游”身份验证器 @@ -5437,10 +5437,10 @@ doesn't pass when either or both of the selected options are equal or above the - ("", of type ) + ("", of type ) - (" - ",类型为 + (" + ",类型为 @@ -5489,7 +5489,7 @@ doesn't pass when either or both of the selected options are equal or above the - If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. 如果设置时长大于 0,用户可以选择“保持登录”选项,这将使用户的会话延长此处设置的时间。 @@ -7912,22 +7912,28 @@ Bindings to groups/users are checked against the user of the event. External + 外部 Service account + 服务账户 Service account (internal) + 服务账户(内部) Check the release notes + 查看发行日志 User Statistics + 用户统计 <No name set> + <未设置名称> - + \ No newline at end of file From 7f2d03dcd0482ec299e1226faaca30029dee1c58 Mon Sep 17 00:00:00 2001 From: "transifex-integration[bot]" <43880903+transifex-integration[bot]@users.noreply.github.com> Date: Wed, 25 Oct 2023 21:21:57 +0200 Subject: [PATCH 03/38] translate: Updates for file web/xliff/en.xlf in zh_CN (#7299) Translate web/xliff/en.xlf in zh_CN 100% translated source file: 'web/xliff/en.xlf' on 'zh_CN'. Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com> --- web/xliff/zh_CN.xlf | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/web/xliff/zh_CN.xlf b/web/xliff/zh_CN.xlf index 0d331a345..b92624ef2 100644 --- a/web/xliff/zh_CN.xlf +++ b/web/xliff/zh_CN.xlf @@ -658,11 +658,6 @@ Manage users 管理用户 - - - Check release notes - 查看发行日志 - Outpost status @@ -694,11 +689,6 @@ Objects created 已创建对象 - - - User statistics - 用户统计 - Users created per day in the last month @@ -7919,6 +7909,30 @@ Bindings to groups/users are checked against the user of the event. Create Recovery Link 创建恢复链接 + + + External + 外部 + + + Service account + 服务账户 + + + Service account (internal) + 服务账户(内部) + + + Check the release notes + 查看发行日志 + + + User Statistics + 用户统计 + + + <No name set> + <未设置名称> From a52e4a3262542853b5490497abf1c51389766f8c Mon Sep 17 00:00:00 2001 From: Ken Sternberg <133134217+kensternberg-authentik@users.noreply.github.com> Date: Wed, 25 Oct 2023 14:39:50 -0700 Subject: [PATCH 04/38] web: extract form processing (#7298) * web: break circular dependency between AKElement & Interface. This commit changes the way the root node of the web application shell is discovered by child components, such that the base class shared by both no longer results in a circular dependency between the two models. I've run this in isolation and have seen no failures of discovery; the identity token exists as soon as the Interface is constructed and is found by every item on the page. * web: fix broken typescript references This built... and then it didn't? Anyway, the current fix is to provide type information the AkInterface for the data that consumers require. * web: extract the form processing from the form submission process Our forms have a lot of customized value handling, and the function `serializeForm` takes our input structures and creates a JSON object ready for submission across the wire for the various models provided by the API. That function was embedded in the `ak-form` object, but it has no actual dependencies on the state of that object; aside from identifying the input elements, which is done at the very start of processing, this large block of code stands alone. Separating out the "processing the form" from "identifying the form" allows us to customize our form handling and preserve form information on the client for transactional purposes such as our wizard. w --- web/src/elements/forms/Form.ts | 181 +++++++++++++++++---------------- 1 file changed, 93 insertions(+), 88 deletions(-) diff --git a/web/src/elements/forms/Form.ts b/web/src/elements/forms/Form.ts index 5728634f1..0c4590fac 100644 --- a/web/src/elements/forms/Form.ts +++ b/web/src/elements/forms/Form.ts @@ -31,6 +31,93 @@ export interface KeyUnknown { [key: string]: unknown; } +/** + * Recursively assign `value` into `json` while interpreting the dot-path of `element.name` + */ +function assignValue(element: HTMLInputElement, value: unknown, json: KeyUnknown): void { + let parent = json; + if (!element.name?.includes(".")) { + parent[element.name] = value; + return; + } + const nameElements = element.name.split("."); + for (let index = 0; index < nameElements.length - 1; index++) { + const nameEl = nameElements[index]; + // Ensure all nested structures exist + if (!(nameEl in parent)) parent[nameEl] = {}; + parent = parent[nameEl] as { [key: string]: unknown }; + } + parent[nameElements[nameElements.length - 1]] = value; +} + +/** + * Convert the elements of the form to JSON.[4] + * + */ +export function serializeForm( + elements: NodeListOf, +): T | undefined { + const json: { [key: string]: unknown } = {}; + elements.forEach((element) => { + element.requestUpdate(); + const inputElement = element.querySelector("[name]"); + if (element.hidden || !inputElement) { + return; + } + // Skip elements that are writeOnly where the user hasn't clicked on the value + if (element.writeOnly && !element.writeOnlyActivated) { + return; + } + if ( + inputElement.tagName.toLowerCase() === "select" && + "multiple" in inputElement.attributes + ) { + const selectElement = inputElement as unknown as HTMLSelectElement; + assignValue( + inputElement, + Array.from(selectElement.selectedOptions).map((v) => v.value), + json, + ); + } else if (inputElement.tagName.toLowerCase() === "input" && inputElement.type === "date") { + assignValue(inputElement, inputElement.valueAsDate, json); + } else if ( + inputElement.tagName.toLowerCase() === "input" && + inputElement.type === "datetime-local" + ) { + assignValue(inputElement, new Date(inputElement.valueAsNumber), json); + } else if ( + inputElement.tagName.toLowerCase() === "input" && + "type" in inputElement.dataset && + inputElement.dataset["type"] === "datetime-local" + ) { + // Workaround for Firefox <93, since 92 and older don't support + // datetime-local fields + assignValue(inputElement, new Date(inputElement.value), json); + } else if ( + inputElement.tagName.toLowerCase() === "input" && + inputElement.type === "checkbox" + ) { + assignValue(inputElement, inputElement.checked, json); + } else if ("selectedFlow" in inputElement) { + assignValue(inputElement, inputElement.value, json); + } else if (inputElement.tagName.toLowerCase() === "ak-search-select") { + const select = inputElement as unknown as SearchSelect; + try { + const value = select.toForm(); + assignValue(inputElement, value, json); + } catch (exc) { + if (exc instanceof PreventFormSubmit) { + throw new PreventFormSubmit(exc.message, element); + } + throw exc; + } + } else { + assignValue(inputElement, inputElement.value, json); + } + }); + return json as unknown as T; +} + /** * Form * @@ -177,95 +264,13 @@ export abstract class Form extends AKElement { * */ serializeForm(): T | undefined { - const elements = - this.shadowRoot?.querySelectorAll( - "ak-form-element-horizontal", - ) || []; - const json: { [key: string]: unknown } = {}; - elements.forEach((element) => { - element.requestUpdate(); - const inputElement = element.querySelector("[name]"); - if (element.hidden || !inputElement) { - return; - } - // Skip elements that are writeOnly where the user hasn't clicked on the value - if (element.writeOnly && !element.writeOnlyActivated) { - return; - } - if ( - inputElement.tagName.toLowerCase() === "select" && - "multiple" in inputElement.attributes - ) { - const selectElement = inputElement as unknown as HTMLSelectElement; - this.assignValue( - inputElement, - Array.from(selectElement.selectedOptions).map((v) => v.value), - json, - ); - } else if ( - inputElement.tagName.toLowerCase() === "input" && - inputElement.type === "date" - ) { - this.assignValue(inputElement, inputElement.valueAsDate, json); - } else if ( - inputElement.tagName.toLowerCase() === "input" && - inputElement.type === "datetime-local" - ) { - this.assignValue(inputElement, new Date(inputElement.valueAsNumber), json); - } else if ( - inputElement.tagName.toLowerCase() === "input" && - "type" in inputElement.dataset && - inputElement.dataset["type"] === "datetime-local" - ) { - // Workaround for Firefox <93, since 92 and older don't support - // datetime-local fields - this.assignValue(inputElement, new Date(inputElement.value), json); - } else if ( - inputElement.tagName.toLowerCase() === "input" && - inputElement.type === "checkbox" - ) { - this.assignValue(inputElement, inputElement.checked, json); - } else if ("selectedFlow" in inputElement) { - this.assignValue(inputElement, inputElement.value, json); - } else if (inputElement.tagName.toLowerCase() === "ak-search-select") { - const select = inputElement as unknown as SearchSelect; - try { - const value = select.toForm(); - this.assignValue(inputElement, value, json); - } catch (exc) { - if (exc instanceof PreventFormSubmit) { - throw new PreventFormSubmit(exc.message, element); - } - throw exc; - } - } else { - this.assignValue(inputElement, inputElement.value, json); - } - }); - return json as unknown as T; - } - - /** - * Recursively assign `value` into `json` while interpreting the dot-path of `element.name` - */ - private assignValue( - element: HTMLInputElement, - value: unknown, - json: { [key: string]: unknown }, - ): void { - let parent = json; - if (!element.name?.includes(".")) { - parent[element.name] = value; - return; + const elements = this.shadowRoot?.querySelectorAll( + "ak-form-element-horizontal", + ); + if (!elements) { + return {} as T; } - const nameElements = element.name.split("."); - for (let index = 0; index < nameElements.length - 1; index++) { - const nameEl = nameElements[index]; - // Ensure all nested structures exist - if (!(nameEl in parent)) parent[nameEl] = {}; - parent = parent[nameEl] as { [key: string]: unknown }; - } - parent[nameElements[nameElements.length - 1]] = value; + return serializeForm(elements) as T; } /** From 848fe3e428da53afdc537f8c4da5cf059ce6aa60 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Oct 2023 11:51:20 +0200 Subject: [PATCH 05/38] web: bump ts-lit-plugin from 1.2.1 to 2.0.0 in /web (#7308) Bumps [ts-lit-plugin](https://github.com/runem/lit-analyzer) from 1.2.1 to 2.0.0. - [Release notes](https://github.com/runem/lit-analyzer/releases) - [Changelog](https://github.com/runem/lit-analyzer/blob/master/CHANGELOG.md) - [Commits](https://github.com/runem/lit-analyzer/commits) --- updated-dependencies: - dependency-name: ts-lit-plugin dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- web/package-lock.json | 147 ++++++++++++++++++++++++++++++++++++++++-- web/package.json | 2 +- 2 files changed, 143 insertions(+), 6 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index 02f324432..7079fc737 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -94,7 +94,7 @@ "rollup-plugin-postcss-lit": "^2.1.0", "storybook": "^7.5.1", "storybook-addon-mock": "^4.3.0", - "ts-lit-plugin": "^1.2.1", + "ts-lit-plugin": "^2.0.0", "tslib": "^2.6.2", "turnstile-types": "^1.1.3", "typescript": "^5.2.2", @@ -10758,6 +10758,12 @@ "integrity": "sha512-zuVdFrMJiuCDQUMCzQaD6KL28MjnqqN8XnAqiEq9PNm/hCPTSGfrXCOfwj1ow4LFb/tNymJPwsNbVePc1xFqrQ==", "dev": true }, + "node_modules/@vscode/web-custom-data": { + "version": "0.4.8", + "resolved": "https://registry.npmjs.org/@vscode/web-custom-data/-/web-custom-data-0.4.8.tgz", + "integrity": "sha512-rRiEeEX49wipCeGZo65mQJUEuCY3IXd6bet90eY6cMMQ9jBe2g3Njw/2ctbaxuACPnEKXTdW0dB7umxDln3Rzg==", + "dev": true + }, "node_modules/@webcomponents/webcomponentsjs": { "version": "2.8.0", "resolved": "https://registry.npmjs.org/@webcomponents/webcomponentsjs/-/webcomponentsjs-2.8.0.tgz", @@ -22263,12 +22269,143 @@ } }, "node_modules/ts-lit-plugin": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/ts-lit-plugin/-/ts-lit-plugin-1.2.1.tgz", - "integrity": "sha512-k/Me+aT1N9ckC/KuJCAlAJgCHFezOxuOGOzBE0q42xnKbJnUMNl08WqWF6C7OKecCPHIMRk5Wj5o6MDsmt9+qA==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ts-lit-plugin/-/ts-lit-plugin-2.0.0.tgz", + "integrity": "sha512-NPQ235pyUSqBTve/SkPIiIqmfGiR08ov7D2WeEtu/3WpsZyKHhxK7BSMoFQi+LzgCx/2Gr6nd+0Iv5DvlrJXow==", "dev": true, "dependencies": { - "lit-analyzer": "1.2.1" + "lit-analyzer": "^2.0.0", + "web-component-analyzer": "^2.0.0" + } + }, + "node_modules/ts-lit-plugin/node_modules/ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "dev": true, + "dependencies": { + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/ts-lit-plugin/node_modules/cliui": { + "version": "8.0.1", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz", + "integrity": "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==", + "dev": true, + "dependencies": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.1", + "wrap-ansi": "^7.0.0" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/ts-lit-plugin/node_modules/lit-analyzer": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/lit-analyzer/-/lit-analyzer-2.0.1.tgz", + "integrity": "sha512-4bHJLCbxywMHd9bnVkLDkCSHXs/KrlwUks75EhYtJNdzH07O5BSVdZdadbw4T2AvuYxb0xRO4ZjqgQJCkp8Kjg==", + "dev": true, + "dependencies": { + "@vscode/web-custom-data": "^0.4.2", + "chalk": "^2.4.2", + "didyoumean2": "4.1.0", + "fast-glob": "^3.2.11", + "parse5": "5.1.0", + "ts-simple-type": "~2.0.0-next.0", + "vscode-css-languageservice": "4.3.0", + "vscode-html-languageservice": "3.1.0", + "web-component-analyzer": "^2.0.0" + }, + "bin": { + "lit-analyzer": "cli.js" + } + }, + "node_modules/ts-lit-plugin/node_modules/parse5": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/parse5/-/parse5-5.1.0.tgz", + "integrity": "sha512-fxNG2sQjHvlVAYmzBZS9YlDp6PTSSDwa98vkD4QgVDDCAo84z5X1t5XyJQ62ImdLXx5NdIIfihey6xpum9/gRQ==", + "dev": true + }, + "node_modules/ts-lit-plugin/node_modules/ts-simple-type": { + "version": "2.0.0-next.0", + "resolved": "https://registry.npmjs.org/ts-simple-type/-/ts-simple-type-2.0.0-next.0.tgz", + "integrity": "sha512-A+hLX83gS+yH6DtzNAhzZbPfU+D9D8lHlTSd7GeoMRBjOt3GRylDqLTYbdmjA4biWvq2xSfpqfIDj2l0OA/BVg==", + "dev": true + }, + "node_modules/ts-lit-plugin/node_modules/web-component-analyzer": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/web-component-analyzer/-/web-component-analyzer-2.0.0.tgz", + "integrity": "sha512-UEvwfpD+XQw99sLKiH5B1T4QwpwNyWJxp59cnlRwFfhUW6JsQpw5jMeMwi7580sNou8YL3kYoS7BWLm+yJ/jVQ==", + "dev": true, + "dependencies": { + "fast-glob": "^3.2.2", + "ts-simple-type": "2.0.0-next.0", + "typescript": "~5.2.0", + "yargs": "^17.7.2" + }, + "bin": { + "wca": "cli.js", + "web-component-analyzer": "cli.js" + } + }, + "node_modules/ts-lit-plugin/node_modules/wrap-ansi": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "dev": true, + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/ts-lit-plugin/node_modules/y18n": { + "version": "5.0.8", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", + "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", + "dev": true, + "engines": { + "node": ">=10" + } + }, + "node_modules/ts-lit-plugin/node_modules/yargs": { + "version": "17.7.2", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz", + "integrity": "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==", + "dev": true, + "dependencies": { + "cliui": "^8.0.1", + "escalade": "^3.1.1", + "get-caller-file": "^2.0.5", + "require-directory": "^2.1.1", + "string-width": "^4.2.3", + "y18n": "^5.0.5", + "yargs-parser": "^21.1.1" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/ts-lit-plugin/node_modules/yargs-parser": { + "version": "21.1.1", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "integrity": "sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==", + "dev": true, + "engines": { + "node": ">=12" } }, "node_modules/ts-simple-type": { diff --git a/web/package.json b/web/package.json index 1cda15837..508897b1b 100644 --- a/web/package.json +++ b/web/package.json @@ -115,7 +115,7 @@ "rollup-plugin-postcss-lit": "^2.1.0", "storybook": "^7.5.1", "storybook-addon-mock": "^4.3.0", - "ts-lit-plugin": "^1.2.1", + "ts-lit-plugin": "^2.0.0", "tslib": "^2.6.2", "turnstile-types": "^1.1.3", "typescript": "^5.2.2", From e640eab22902d33f3435d681890c2e27c8a5bfb0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Oct 2023 11:51:51 +0200 Subject: [PATCH 06/38] core: bump duo-client from 5.1.0 to 5.2.0 (#7306) Bumps [duo-client](https://github.com/duosecurity/duo_client_python) from 5.1.0 to 5.2.0. - [Release notes](https://github.com/duosecurity/duo_client_python/releases) - [Commits](https://github.com/duosecurity/duo_client_python/compare/5.1.0...5.2.0) --- updated-dependencies: - dependency-name: duo-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- poetry.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/poetry.lock b/poetry.lock index 201b243ae..9ef4a0f9f 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1359,13 +1359,13 @@ files = [ [[package]] name = "duo-client" -version = "5.1.0" +version = "5.2.0" description = "Reference client for Duo Security APIs" optional = false python-versions = "*" files = [ - {file = "duo_client-5.1.0-py2.py3-none-any.whl", hash = "sha256:5dd6e7a526ea79952c078e5a5be93a1d70d36e685fad9478188156587e85b571"}, - {file = "duo_client-5.1.0.tar.gz", hash = "sha256:0dd8b7223a105beca4fdbfa71d400e813d9f33250c3da5fd63e437fb571b55f2"}, + {file = "duo_client-5.2.0-py3-none-any.whl", hash = "sha256:da3237e34300665c40ba5215f1e6656fec1a0136295917541aa973e7fcbf027e"}, + {file = "duo_client-5.2.0.tar.gz", hash = "sha256:f82361740792b06303f9721e7ba593916080461769396b4f73c0502c0bfcee44"}, ] [package.dependencies] From 7569314a24d3430f7fc4dfeb401f9258327dacb4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Oct 2023 11:52:14 +0200 Subject: [PATCH 07/38] web: bump mermaid from 10.5.1 to 10.6.0 in /web (#7304) Bumps [mermaid](https://github.com/mermaid-js/mermaid) from 10.5.1 to 10.6.0. - [Release notes](https://github.com/mermaid-js/mermaid/releases) - [Changelog](https://github.com/mermaid-js/mermaid/blob/develop/CHANGELOG.md) - [Commits](https://github.com/mermaid-js/mermaid/compare/v10.5.1...v10.6.0) --- updated-dependencies: - dependency-name: mermaid dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- web/package-lock.json | 8 ++++---- web/package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index 7079fc737..95dd567da 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -36,7 +36,7 @@ "country-flag-icons": "^1.5.7", "fuse.js": "^6.6.2", "lit": "^2.8.0", - "mermaid": "^10.5.1", + "mermaid": "^10.6.0", "rapidoc": "^9.3.4", "style-mod": "^4.1.0", "webcomponent-qr-code": "^1.2.0", @@ -17360,9 +17360,9 @@ } }, "node_modules/mermaid": { - "version": "10.5.1", - "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-10.5.1.tgz", - "integrity": "sha512-+4mkGW5PptHDSae4YZ/Jw1pEOf0irrB/aCL6BwZcJPhr5+84UJBrQnHTvyPqCUz67tXkrDvSzWv4B+J2hLO78g==", + "version": "10.6.0", + "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-10.6.0.tgz", + "integrity": "sha512-Hcti+Q2NiWnb2ZCijSX89Bn2i7TCUwosBdIn/d+u63Sz7y40XU6EKMctT4UX4qZuZGfKGZpfOeim2/KTrdR7aQ==", "dependencies": { "@braintree/sanitize-url": "^6.0.1", "@types/d3-scale": "^4.0.3", diff --git a/web/package.json b/web/package.json index 508897b1b..dc8aebab4 100644 --- a/web/package.json +++ b/web/package.json @@ -57,7 +57,7 @@ "country-flag-icons": "^1.5.7", "fuse.js": "^6.6.2", "lit": "^2.8.0", - "mermaid": "^10.5.1", + "mermaid": "^10.6.0", "rapidoc": "^9.3.4", "style-mod": "^4.1.0", "webcomponent-qr-code": "^1.2.0", From 32493c6102620ff7c8fd1b3791dd039a06b5a7b9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Oct 2023 11:52:45 +0200 Subject: [PATCH 08/38] web: bump the sentry group in /web with 2 updates (#7303) Bumps the sentry group in /web with 2 updates: [@sentry/browser](https://github.com/getsentry/sentry-javascript) and [@sentry/tracing](https://github.com/getsentry/sentry-javascript). Updates `@sentry/browser` from 7.75.0 to 7.75.1 - [Release notes](https://github.com/getsentry/sentry-javascript/releases) - [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md) - [Commits](https://github.com/getsentry/sentry-javascript/compare/7.75.0...7.75.1) Updates `@sentry/tracing` from 7.75.0 to 7.75.1 - [Release notes](https://github.com/getsentry/sentry-javascript/releases) - [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md) - [Commits](https://github.com/getsentry/sentry-javascript/compare/7.75.0...7.75.1) --- updated-dependencies: - dependency-name: "@sentry/browser" dependency-type: direct:production update-type: version-update:semver-patch dependency-group: sentry - dependency-name: "@sentry/tracing" dependency-type: direct:production update-type: version-update:semver-patch dependency-group: sentry ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- web/package-lock.json | 78 +++++++++++++++++++++---------------------- web/package.json | 4 +-- 2 files changed, 41 insertions(+), 41 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index 95dd567da..d1216d9e5 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -24,8 +24,8 @@ "@open-wc/lit-helpers": "^0.6.0", "@patternfly/elements": "^2.4.0", "@patternfly/patternfly": "^4.224.2", - "@sentry/browser": "^7.75.0", - "@sentry/tracing": "^7.75.0", + "@sentry/browser": "^7.75.1", + "@sentry/tracing": "^7.75.1", "@webcomponents/webcomponentsjs": "^2.8.0", "base64-js": "^1.5.1", "chart.js": "^4.4.0", @@ -4714,84 +4714,84 @@ ] }, "node_modules/@sentry-internal/tracing": { - "version": "7.75.0", - "resolved": "https://registry.npmjs.org/@sentry-internal/tracing/-/tracing-7.75.0.tgz", - "integrity": "sha512-/j4opF/jB9j8qnSiQK75/lFLtkfqXS5/MoOKc2KWK/pOaf15W+6uJzGQ8jRBHLYd9dDg6AyqsF48Wqy561/mNg==", + "version": "7.75.1", + "resolved": "https://registry.npmjs.org/@sentry-internal/tracing/-/tracing-7.75.1.tgz", + "integrity": "sha512-nynV+7iVcF8k3CqhvI2K7iA8h4ovJhgYHKnXR8RDDevQOqNG2AEX9+hjCj9fZM4MhKHYFqf1od2oO9lTr38kwg==", "dependencies": { - "@sentry/core": "7.75.0", - "@sentry/types": "7.75.0", - "@sentry/utils": "7.75.0" + "@sentry/core": "7.75.1", + "@sentry/types": "7.75.1", + "@sentry/utils": "7.75.1" }, "engines": { "node": ">=8" } }, "node_modules/@sentry/browser": { - "version": "7.75.0", - "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-7.75.0.tgz", - "integrity": "sha512-DXH/69vzp2j8xjydX+lrUYasrk7a1mpbXFGA9GtnII7shMCy55+QkVxpa6cLojYUaG2K/8yFDMcrP9N395LnWg==", + "version": "7.75.1", + "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-7.75.1.tgz", + "integrity": "sha512-0+jPfPA5P9HVYYRQraDokGCY2NiMknSfz11dggClK4VmjvG+hOXiEyf73SFVwLFnv/hwrkWySjoIrVCX65xXQA==", "dependencies": { - "@sentry-internal/tracing": "7.75.0", - "@sentry/core": "7.75.0", - "@sentry/replay": "7.75.0", - "@sentry/types": "7.75.0", - "@sentry/utils": "7.75.0" + "@sentry-internal/tracing": "7.75.1", + "@sentry/core": "7.75.1", + "@sentry/replay": "7.75.1", + "@sentry/types": "7.75.1", + "@sentry/utils": "7.75.1" }, "engines": { "node": ">=8" } }, "node_modules/@sentry/core": { - "version": "7.75.0", - "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.75.0.tgz", - "integrity": "sha512-vXg3cdJgwzP24oTS9zFCgLW4MgTkMZqXx+ESRq7gTD9qJTpcmAmYT+Ckmvebg8K6DBThV6+0v61r50na2+XdrA==", + "version": "7.75.1", + "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.75.1.tgz", + "integrity": "sha512-Kw4KyKBxbxbh8OKO0S11Tm0gWP+6AaXXYrsq3hp8H338l/wOmIzyckmCbUrc/XJeoRqaFLJbdcCrcUEDZUvsVQ==", "dependencies": { - "@sentry/types": "7.75.0", - "@sentry/utils": "7.75.0" + "@sentry/types": "7.75.1", + "@sentry/utils": "7.75.1" }, "engines": { "node": ">=8" } }, "node_modules/@sentry/replay": { - "version": "7.75.0", - "resolved": "https://registry.npmjs.org/@sentry/replay/-/replay-7.75.0.tgz", - "integrity": "sha512-TAAlj7JCMF6hFFL71RmPzVX89ltyPYFWR+t4SuWaBmU6HmTliI2eJvK+M36oE+N7s3CkyRVTaXXRe0YMwRMuZQ==", + "version": "7.75.1", + "resolved": "https://registry.npmjs.org/@sentry/replay/-/replay-7.75.1.tgz", + "integrity": "sha512-MKQTDWNYs9QXCJ+irGX5gu8Kxdk/Ds5puhILy8+DnCoXgXuPFRMGob1Sxt8qXmbQmcGeogsx221MNTselsRS6g==", "dependencies": { - "@sentry-internal/tracing": "7.75.0", - "@sentry/core": "7.75.0", - "@sentry/types": "7.75.0", - "@sentry/utils": "7.75.0" + "@sentry-internal/tracing": "7.75.1", + "@sentry/core": "7.75.1", + "@sentry/types": "7.75.1", + "@sentry/utils": "7.75.1" }, "engines": { "node": ">=12" } }, "node_modules/@sentry/tracing": { - "version": "7.75.0", - "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-7.75.0.tgz", - "integrity": "sha512-EHvkQZdZApESVCwbZoUepjF79LQm2IYC/axj7k2bY5ImTAabS323I5YPwifPAWbtqvjqxakgbKUNjaTMGeSGNg==", + "version": "7.75.1", + "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-7.75.1.tgz", + "integrity": "sha512-hy8MQB9TAYdvuO6O6Lotmi/xMkhseM5E3ecY6yjgkbQwzjJV+dBBW4xsCXowMQQQ1qN+E/n95p/gUPvbfe2mgQ==", "dependencies": { - "@sentry-internal/tracing": "7.75.0" + "@sentry-internal/tracing": "7.75.1" }, "engines": { "node": ">=8" } }, "node_modules/@sentry/types": { - "version": "7.75.0", - "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.75.0.tgz", - "integrity": "sha512-xG8OLADxG7HpGhMxrF4v4tKq/v/gqmLsTZ858R51pz0xCWM8SK6ZSWOKudkAGBIpRjI6RUHMnkBtRAN2aKDOkQ==", + "version": "7.75.1", + "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.75.1.tgz", + "integrity": "sha512-km+ygqgMDaFfTrbQwdhrptFqx0Oq15jZABqIoIpbaOCkCAMm+tyCqrFS8dTfaq5wpCktqWOy2qU/DOpppO99Cg==", "engines": { "node": ">=8" } }, "node_modules/@sentry/utils": { - "version": "7.75.0", - "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.75.0.tgz", - "integrity": "sha512-UHWKeevhUNRp+mAWDbMVFOMgseoq8t/xFgdUywO/2PC14qZKRBH+0k1BKoNkp5sOzDT06ETj2w6wYoYhy6i+dA==", + "version": "7.75.1", + "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.75.1.tgz", + "integrity": "sha512-QzW2eRjY20epD//9/tQ0FTNwdAL6XZi+LyJNUQIeK3NMnc5NgHrgpxId87gmFq8cNx47utH1Blub8RuMbKqiwQ==", "dependencies": { - "@sentry/types": "7.75.0" + "@sentry/types": "7.75.1" }, "engines": { "node": ">=8" diff --git a/web/package.json b/web/package.json index dc8aebab4..4c689f5d4 100644 --- a/web/package.json +++ b/web/package.json @@ -45,8 +45,8 @@ "@open-wc/lit-helpers": "^0.6.0", "@patternfly/elements": "^2.4.0", "@patternfly/patternfly": "^4.224.2", - "@sentry/browser": "^7.75.0", - "@sentry/tracing": "^7.75.0", + "@sentry/browser": "^7.75.1", + "@sentry/tracing": "^7.75.1", "@webcomponents/webcomponentsjs": "^2.8.0", "base64-js": "^1.5.1", "chart.js": "^4.4.0", From 309c390154517d652288674fe23e9fe814ae4869 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Oct 2023 12:03:14 +0200 Subject: [PATCH 09/38] web: bump lit-analyzer from 1.2.1 to 2.0.1 in /web (#7305) Bumps [lit-analyzer](https://github.com/runem/lit-analyzer) from 1.2.1 to 2.0.1. - [Release notes](https://github.com/runem/lit-analyzer/releases) - [Changelog](https://github.com/runem/lit-analyzer/blob/master/CHANGELOG.md) - [Commits](https://github.com/runem/lit-analyzer/commits) --- updated-dependencies: - dependency-name: lit-analyzer dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- web/package-lock.json | 1989 ++--------------------------------------- web/package.json | 2 +- 2 files changed, 52 insertions(+), 1939 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index d1216d9e5..a6f781f48 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -81,7 +81,7 @@ "eslint-plugin-lit": "^1.10.1", "eslint-plugin-sonarjs": "^0.21.0", "eslint-plugin-storybook": "^0.6.15", - "lit-analyzer": "^1.2.1", + "lit-analyzer": "^2.0.1", "npm-run-all": "^4.1.5", "prettier": "^3.0.3", "pseudolocale": "^2.0.0", @@ -3583,25 +3583,6 @@ "react": ">=16" } }, - "node_modules/@mrmlnc/readdir-enhanced": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/@mrmlnc/readdir-enhanced/-/readdir-enhanced-2.2.1.tgz", - "integrity": "sha512-bPHp6Ji8b41szTOcaP63VlnbbO5Ny6dwAATtY6JTjh5N2OLrb5Qk/Th5cRkRQhkWCt+EJsYrNB0MiL+Gpn6e3g==", - "dev": true, - "dependencies": { - "call-me-maybe": "^1.0.1", - "glob-to-regexp": "^0.3.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/@mrmlnc/readdir-enhanced/node_modules/glob-to-regexp": { - "version": "0.3.0", - "resolved": "https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.3.0.tgz", - "integrity": "sha512-Iozmtbqv0noj0uDDqoL0zNq0VBEfK2YFoMAZoxJe4cwphvLR+JskfF30QhXHOR4m3KrE6NLRYw+U9MRXvifyig==", - "dev": true - }, "node_modules/@ndelangen/get-tarball": { "version": "3.0.9", "resolved": "https://registry.npmjs.org/@ndelangen/get-tarball/-/get-tarball-3.0.9.tgz", @@ -11023,33 +11004,6 @@ "node": ">=10" } }, - "node_modules/arr-diff": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/arr-diff/-/arr-diff-4.0.0.tgz", - "integrity": "sha512-YVIQ82gZPGBebQV/a8dar4AitzCQs0jjXwMPZllpXMaGjXPYVUawSxQrRsjhjupyVxEvbHgUmIhKVlND+j02kA==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/arr-flatten": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/arr-flatten/-/arr-flatten-1.1.0.tgz", - "integrity": "sha512-L3hKV5R/p5o81R7O02IGnwpDmkp6E982XhtbuwSe3O4qOtMMMtodicASA1Cny2U+aCXcNpml+m4dPsvsJ3jatg==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/arr-union": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/arr-union/-/arr-union-3.1.0.tgz", - "integrity": "sha512-sKpyeERZ02v1FeCZT8lrfJq5u6goHCtpTAzPwJYe7c8SPFOboNjNg1vz2L4VTn9T4PQxEx13TbXLmYUcS6Ug7Q==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/array-buffer-byte-length": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/array-buffer-byte-length/-/array-buffer-byte-length-1.0.0.tgz", @@ -11078,15 +11032,6 @@ "node": ">=8" } }, - "node_modules/array-unique": { - "version": "0.3.2", - "resolved": "https://registry.npmjs.org/array-unique/-/array-unique-0.3.2.tgz", - "integrity": "sha512-SleRWjh9JUud2wH1hPs9rZBZ33H6T9HOiL0uwGnGx9FpE6wKGyfWugmbkEOIs6qWrZhg0LWeLziLrEwQJhs5mQ==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/arraybuffer.prototype.slice": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/arraybuffer.prototype.slice/-/arraybuffer.prototype.slice-1.0.2.tgz", @@ -11121,15 +11066,6 @@ "util": "^0.12.5" } }, - "node_modules/assign-symbols": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/assign-symbols/-/assign-symbols-1.0.0.tgz", - "integrity": "sha512-Q+JC7Whu8HhmTdBph/Tq59IoRtoy6KAm5zzPv00WdujX82lbAL8K7WVjne7vdCsAmbF4AYaDOPyO3k0kl8qIrw==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/ast-types": { "version": "0.16.1", "resolved": "https://registry.npmjs.org/ast-types/-/ast-types-0.16.1.tgz", @@ -11159,18 +11095,6 @@ "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" }, - "node_modules/atob": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/atob/-/atob-2.1.2.tgz", - "integrity": "sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg==", - "dev": true, - "bin": { - "atob": "bin/atob.js" - }, - "engines": { - "node": ">= 4.5.0" - } - }, "node_modules/available-typed-arrays": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/available-typed-arrays/-/available-typed-arrays-1.0.5.tgz", @@ -11299,36 +11223,6 @@ "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==" }, - "node_modules/base": { - "version": "0.11.2", - "resolved": "https://registry.npmjs.org/base/-/base-0.11.2.tgz", - "integrity": "sha512-5T6P4xPgpp0YDFvSWwEZ4NoE3aM4QBQXDzmVbraCkFj8zHM+mba8SyqB5DbZWyR7mYHo6Y7BdQo3MoA4m0TeQg==", - "dev": true, - "dependencies": { - "cache-base": "^1.0.1", - "class-utils": "^0.3.5", - "component-emitter": "^1.2.1", - "define-property": "^1.0.0", - "isobject": "^3.0.1", - "mixin-deep": "^1.2.0", - "pascalcase": "^0.1.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/base/node_modules/define-property": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/define-property/-/define-property-1.0.0.tgz", - "integrity": "sha512-cZTYKFWspt9jZsMscWo8sc/5lbPC9Q0N5nBLgb+Yd915iL3udB1uFgS3B8YCx66UVHq018DAVFoee7x+gxggeA==", - "dev": true, - "dependencies": { - "is-descriptor": "^1.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/base64-arraybuffer": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/base64-arraybuffer/-/base64-arraybuffer-1.0.2.tgz", @@ -11639,26 +11533,6 @@ "node": ">= 0.8" } }, - "node_modules/cache-base": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/cache-base/-/cache-base-1.0.1.tgz", - "integrity": "sha512-AKcdTnFSWATd5/GCPRxr2ChwIJ85CeyrEyjRHlKxQ56d4XJMGym0uAiKn0xbLOGOl3+yRpOTi484dVCEc5AUzQ==", - "dev": true, - "dependencies": { - "collection-visit": "^1.0.0", - "component-emitter": "^1.2.1", - "get-value": "^2.0.6", - "has-value": "^1.0.0", - "isobject": "^3.0.1", - "set-value": "^2.0.0", - "to-object-path": "^0.3.0", - "union-value": "^1.0.0", - "unset-value": "^1.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/call-bind": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz", @@ -11671,12 +11545,6 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/call-me-maybe": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/call-me-maybe/-/call-me-maybe-1.0.2.tgz", - "integrity": "sha512-HpX65o1Hnr9HH25ojC1YGs7HCQLq0GCOibSaWER0eNpgJ/Z1MZv2mTc7+xh6WOPxbRVcmgbv4hGU+uSQ/2xFZQ==", - "dev": true - }, "node_modules/callsites": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", @@ -11821,110 +11689,6 @@ "node": ">=8" } }, - "node_modules/class-utils": { - "version": "0.3.6", - "resolved": "https://registry.npmjs.org/class-utils/-/class-utils-0.3.6.tgz", - "integrity": "sha512-qOhPa/Fj7s6TY8H8esGu5QNpMMQxz79h+urzrNYN6mn+9BnxlDGf5QZ+XeCDsxSjPqsSR56XOZOJmpeurnLMeg==", - "dev": true, - "dependencies": { - "arr-union": "^3.1.0", - "define-property": "^0.2.5", - "isobject": "^3.0.0", - "static-extend": "^0.1.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/class-utils/node_modules/define-property": { - "version": "0.2.5", - "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz", - "integrity": "sha512-Rr7ADjQZenceVOAKop6ALkkRAmH1A4Gx9hV/7ZujPUN2rkATqFO0JZLZInbAjpZYoJ1gUx8MRMQVkYemcbMSTA==", - "dev": true, - "dependencies": { - "is-descriptor": "^0.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/class-utils/node_modules/is-accessor-descriptor": { - "version": "0.1.6", - "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz", - "integrity": "sha512-e1BM1qnDbMRG3ll2U9dSK0UMHuWOs3pY3AtcFsmvwPtKL3MML/Q86i+GilLfvqEs4GW+ExB91tQ3Ig9noDIZ+A==", - "dev": true, - "dependencies": { - "kind-of": "^3.0.2" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/class-utils/node_modules/is-accessor-descriptor/node_modules/kind-of": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", - "integrity": "sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==", - "dev": true, - "dependencies": { - "is-buffer": "^1.1.5" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/class-utils/node_modules/is-buffer": { - "version": "1.1.6", - "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", - "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true - }, - "node_modules/class-utils/node_modules/is-data-descriptor": { - "version": "0.1.4", - "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz", - "integrity": "sha512-+w9D5ulSoBNlmw9OHn3U2v51SyoCd0he+bB3xMl62oijhrspxowjU+AIcDY0N3iEJbUEkB15IlMASQsxYigvXg==", - "dev": true, - "dependencies": { - "kind-of": "^3.0.2" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/class-utils/node_modules/is-data-descriptor/node_modules/kind-of": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", - "integrity": "sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==", - "dev": true, - "dependencies": { - "is-buffer": "^1.1.5" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/class-utils/node_modules/is-descriptor": { - "version": "0.1.6", - "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.6.tgz", - "integrity": "sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg==", - "dev": true, - "dependencies": { - "is-accessor-descriptor": "^0.1.6", - "is-data-descriptor": "^0.1.4", - "kind-of": "^5.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/class-utils/node_modules/kind-of": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz", - "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/clean-stack": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz", @@ -11974,14 +11738,17 @@ } }, "node_modules/cliui": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/cliui/-/cliui-6.0.0.tgz", - "integrity": "sha512-t6wbgtoCXvAzst7QgXxJYqPt0usEfbgQdftEPbLL/cvv6HPE5VgvqCuAIDR0NgU52ds6rFwqrgakNLrHEjCbrQ==", + "version": "8.0.1", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz", + "integrity": "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==", "dev": true, "dependencies": { "string-width": "^4.2.0", - "strip-ansi": "^6.0.0", - "wrap-ansi": "^6.2.0" + "strip-ansi": "^6.0.1", + "wrap-ansi": "^7.0.0" + }, + "engines": { + "node": ">=12" } }, "node_modules/clone": { @@ -12033,19 +11800,6 @@ "@codemirror/view": "^6.0.0" } }, - "node_modules/collection-visit": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/collection-visit/-/collection-visit-1.0.0.tgz", - "integrity": "sha512-lNkKvzEeMBBjUGHZ+q6z9pSJla0KWAQPvtzhEV9+iGyQYG+pBpl7xKDhxoNSOZH2hhv0v5k0y2yAM4o4SjoSkw==", - "dev": true, - "dependencies": { - "map-visit": "^1.0.0", - "object-visit": "^1.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/color-convert": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", @@ -12095,12 +11849,6 @@ "integrity": "sha512-W9pAhw0ja1Edb5GVdIF1mjZw/ASI0AlShXM83UUGe2DVr5TdAPEA1OA8m/g8zWp9x6On7gqufY+FatDbC3MDQg==", "dev": true }, - "node_modules/component-emitter": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/component-emitter/-/component-emitter-1.3.0.tgz", - "integrity": "sha512-Rd3se6QB+sO1TwqZjscQrurpEPIfO0/yYnSin6Q/rD3mOutHvUrCAhJub3r90uNb+SESBuE0QYoB90YdfatsRg==", - "dev": true - }, "node_modules/compressible": { "version": "2.0.18", "resolved": "https://registry.npmjs.org/compressible/-/compressible-2.0.18.tgz", @@ -12263,15 +12011,6 @@ "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==", "dev": true }, - "node_modules/copy-descriptor": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/copy-descriptor/-/copy-descriptor-0.1.1.tgz", - "integrity": "sha512-XgZ0pFcakEUlbwQEVNg3+QAis1FyTL3Qel9FYy8pSkQqoG3PNoT0bOCQtOXcOkur21r2Eq2kI+IE+gsmAEVlYw==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/core-js": { "version": "3.33.1", "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.33.1.tgz", @@ -12908,15 +12647,6 @@ } } }, - "node_modules/decamelize": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz", - "integrity": "sha512-z2S+W9X73hAUUki+N+9Za2lBlun89zigOyGrsax+KUQ6wKW4ZoWpEYBkGhQjwAjjDCkWxhY0VKEhk8wzY7F5cA==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/decode-named-character-reference": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/decode-named-character-reference/-/decode-named-character-reference-1.0.2.tgz", @@ -12929,15 +12659,6 @@ "url": "https://github.com/sponsors/wooorm" } }, - "node_modules/decode-uri-component": { - "version": "0.2.2", - "resolved": "https://registry.npmjs.org/decode-uri-component/-/decode-uri-component-0.2.2.tgz", - "integrity": "sha512-FqUYQ+8o158GyGTrMFJms9qh3CqTKvAqgqsTnkLI8sKu0028orqBhxNMFkFen0zGyg6epACD32pjVk58ngIErQ==", - "dev": true, - "engines": { - "node": ">=0.10" - } - }, "node_modules/decompress-response": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", @@ -13029,19 +12750,6 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/define-property": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/define-property/-/define-property-2.0.2.tgz", - "integrity": "sha512-jwK2UV4cnPpbcG7+VRARKTZPUWowwXA8bzH5NP6ud0oeAxyYPuGZUAC7hMugpCdz4BeSZl2Dl9k66CHJ/46ZYQ==", - "dev": true, - "dependencies": { - "is-descriptor": "^1.0.2", - "isobject": "^3.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/defu": { "version": "6.1.2", "resolved": "https://registry.npmjs.org/defu/-/defu-6.1.2.tgz", @@ -14107,128 +13815,6 @@ "url": "https://github.com/sindresorhus/execa?sponsor=1" } }, - "node_modules/expand-brackets": { - "version": "2.1.4", - "resolved": "https://registry.npmjs.org/expand-brackets/-/expand-brackets-2.1.4.tgz", - "integrity": "sha512-w/ozOKR9Obk3qoWeY/WDi6MFta9AoMR+zud60mdnbniMcBxRuFJyDt2LdX/14A1UABeqk+Uk+LDfUpvoGKppZA==", - "dev": true, - "dependencies": { - "debug": "^2.3.3", - "define-property": "^0.2.5", - "extend-shallow": "^2.0.1", - "posix-character-classes": "^0.1.0", - "regex-not": "^1.0.0", - "snapdragon": "^0.8.1", - "to-regex": "^3.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/expand-brackets/node_modules/debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "dev": true, - "dependencies": { - "ms": "2.0.0" - } - }, - "node_modules/expand-brackets/node_modules/define-property": { - "version": "0.2.5", - "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz", - "integrity": "sha512-Rr7ADjQZenceVOAKop6ALkkRAmH1A4Gx9hV/7ZujPUN2rkATqFO0JZLZInbAjpZYoJ1gUx8MRMQVkYemcbMSTA==", - "dev": true, - "dependencies": { - "is-descriptor": "^0.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/expand-brackets/node_modules/is-accessor-descriptor": { - "version": "0.1.6", - "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz", - "integrity": "sha512-e1BM1qnDbMRG3ll2U9dSK0UMHuWOs3pY3AtcFsmvwPtKL3MML/Q86i+GilLfvqEs4GW+ExB91tQ3Ig9noDIZ+A==", - "dev": true, - "dependencies": { - "kind-of": "^3.0.2" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/expand-brackets/node_modules/is-accessor-descriptor/node_modules/kind-of": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", - "integrity": "sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==", - "dev": true, - "dependencies": { - "is-buffer": "^1.1.5" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/expand-brackets/node_modules/is-buffer": { - "version": "1.1.6", - "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", - "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true - }, - "node_modules/expand-brackets/node_modules/is-data-descriptor": { - "version": "0.1.4", - "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz", - "integrity": "sha512-+w9D5ulSoBNlmw9OHn3U2v51SyoCd0he+bB3xMl62oijhrspxowjU+AIcDY0N3iEJbUEkB15IlMASQsxYigvXg==", - "dev": true, - "dependencies": { - "kind-of": "^3.0.2" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/expand-brackets/node_modules/is-data-descriptor/node_modules/kind-of": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", - "integrity": "sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==", - "dev": true, - "dependencies": { - "is-buffer": "^1.1.5" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/expand-brackets/node_modules/is-descriptor": { - "version": "0.1.6", - "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.6.tgz", - "integrity": "sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg==", - "dev": true, - "dependencies": { - "is-accessor-descriptor": "^0.1.6", - "is-data-descriptor": "^0.1.4", - "kind-of": "^5.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/expand-brackets/node_modules/kind-of": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz", - "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/expand-brackets/node_modules/ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", - "dev": true - }, "node_modules/expand-template": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/expand-template/-/expand-template-2.0.3.tgz", @@ -14348,37 +13934,6 @@ "node": ">=0.10.0" } }, - "node_modules/extglob": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/extglob/-/extglob-2.0.4.tgz", - "integrity": "sha512-Nmb6QXkELsuBr24CJSkilo6UHHgbekK5UiZgfE6UHD3Eb27YC6oD+bhcT+tJ6cl8dmsgdQxnWlcry8ksBIBLpw==", - "dev": true, - "dependencies": { - "array-unique": "^0.3.2", - "define-property": "^1.0.0", - "expand-brackets": "^2.1.4", - "extend-shallow": "^2.0.1", - "fragment-cache": "^0.2.1", - "regex-not": "^1.0.0", - "snapdragon": "^0.8.1", - "to-regex": "^3.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/extglob/node_modules/define-property": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/define-property/-/define-property-1.0.0.tgz", - "integrity": "sha512-cZTYKFWspt9jZsMscWo8sc/5lbPC9Q0N5nBLgb+Yd915iL3udB1uFgS3B8YCx66UVHq018DAVFoee7x+gxggeA==", - "dev": true, - "dependencies": { - "is-descriptor": "^1.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/extract-zip": { "version": "1.7.0", "resolved": "https://registry.npmjs.org/extract-zip/-/extract-zip-1.7.0.tgz", @@ -14758,15 +14313,6 @@ "is-callable": "^1.1.3" } }, - "node_modules/for-in": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/for-in/-/for-in-1.0.2.tgz", - "integrity": "sha512-7EwmXrOjyL+ChxMhmG5lnW9MPt1aIeZEwKhQzoBUdTV0N3zuwWDZYVJatDvZ2OyzPUvdIAZDsCetk3coyMfcnQ==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/foreground-child": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.1.1.tgz", @@ -14835,18 +14381,6 @@ "node": ">= 0.6" } }, - "node_modules/fragment-cache": { - "version": "0.2.1", - "resolved": "https://registry.npmjs.org/fragment-cache/-/fragment-cache-0.2.1.tgz", - "integrity": "sha512-GMBAbW9antB8iZRHLoGw0b3HANt57diZYFO/HL1JGIC1MjKrdmhxvrJbupnVvpys0zsz7yBApXdQyfepKly2kA==", - "dev": true, - "dependencies": { - "map-cache": "^0.2.2" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/fresh": { "version": "0.5.2", "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", @@ -15065,15 +14599,6 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/get-value": { - "version": "2.0.6", - "resolved": "https://registry.npmjs.org/get-value/-/get-value-2.0.6.tgz", - "integrity": "sha512-Ln0UQDlxH1BapMu3GPtf7CuYNwRZf2gwCuPqbyG6pB8WfmFpzqcy4xtAaAMUhnNqjMKTiCPZG2oMT3YSx8U2NA==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/giget": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/giget/-/giget-1.1.3.tgz", @@ -15394,75 +14919,6 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/has-value": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/has-value/-/has-value-1.0.0.tgz", - "integrity": "sha512-IBXk4GTsLYdQ7Rvt+GRBrFSVEkmuOUy4re0Xjd9kJSUQpnTrWR4/y9RpfexN9vkAPMFuQoeWKwqzPozRTlasGw==", - "dev": true, - "dependencies": { - "get-value": "^2.0.6", - "has-values": "^1.0.0", - "isobject": "^3.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/has-values": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/has-values/-/has-values-1.0.0.tgz", - "integrity": "sha512-ODYZC64uqzmtfGMEAX/FvZiRyWLpAC3vYnNunURUnkGVTS+mI0smVsWaPydRBsE3g+ok7h960jChO8mFcWlHaQ==", - "dev": true, - "dependencies": { - "is-number": "^3.0.0", - "kind-of": "^4.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/has-values/node_modules/is-buffer": { - "version": "1.1.6", - "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", - "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true - }, - "node_modules/has-values/node_modules/is-number": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/is-number/-/is-number-3.0.0.tgz", - "integrity": "sha512-4cboCqIpliH+mAvFNegjZQ4kgKc3ZUhQVr3HvWbSh5q3WH2v82ct+T2Y1hdU5Gdtorx/cLifQjqCbL7bpznLTg==", - "dev": true, - "dependencies": { - "kind-of": "^3.0.2" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/has-values/node_modules/is-number/node_modules/kind-of": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", - "integrity": "sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==", - "dev": true, - "dependencies": { - "is-buffer": "^1.1.5" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/has-values/node_modules/kind-of": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-4.0.0.tgz", - "integrity": "sha512-24XsCxmEbRwEDbz/qz3stgin8TTzZ1ESR56OMCN0ujYg+vRutNSiOj9bHH9u85DKgXguraugV5sFuvbD4FW/hw==", - "dev": true, - "dependencies": { - "is-buffer": "^1.1.5" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/heap": { "version": "0.2.7", "resolved": "https://registry.npmjs.org/heap/-/heap-0.2.7.tgz", @@ -15672,18 +15128,6 @@ "node": ">=8" } }, - "node_modules/is-accessor-descriptor": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-1.0.0.tgz", - "integrity": "sha512-m5hnHTkcVsPfqx3AKlyttIPb7J+XykHvJP2B9bZDjlhLIoEq4XoK64Vg7boZlVWYK6LUY94dYPEE7Lh0ZkZKcQ==", - "dev": true, - "dependencies": { - "kind-of": "^6.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/is-arguments": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/is-arguments/-/is-arguments-1.1.1.tgz", @@ -15822,18 +15266,6 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/is-data-descriptor": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-1.0.0.tgz", - "integrity": "sha512-jbRXy1FmtAoCjQkVmIVYwuuqDFUbaOeDjmed1tOGPrsMhtJA4rD9tkgA0F1qJ3gRFRXcHYVkdeaP50Q5rE/jLQ==", - "dev": true, - "dependencies": { - "kind-of": "^6.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/is-date-object": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.5.tgz", @@ -15855,20 +15287,6 @@ "integrity": "sha512-YDoFpuZWu1VRXlsnlYMzKyVRITXj7Ej/V9gXQ2/pAe7X1J7M/RNOqaIYi6qUn+B7nGyB9pDXrv02dsB58d2ZAQ==", "dev": true }, - "node_modules/is-descriptor": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-1.0.2.tgz", - "integrity": "sha512-2eis5WqQGV7peooDyLmNEPUrps9+SXX5c9pL3xEB+4e9HnGuDa7mB7kHxHw4CbqS9k1T2hOH3miL8n8WtiYVtg==", - "dev": true, - "dependencies": { - "is-accessor-descriptor": "^1.0.0", - "is-data-descriptor": "^1.0.0", - "kind-of": "^6.0.2" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/is-docker": { "version": "2.2.1", "resolved": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz", @@ -16159,15 +15577,6 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/is-windows": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz", - "integrity": "sha512-eXK1UInq2bPmjyX6e3VHIzMLobc4J94i4AWn+Hpq3OU5KkrRC96OAcR3PRJ/pGu6m8TRnBHP9dkXQVsT/COVIA==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/is-wsl": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz", @@ -16769,218 +16178,31 @@ } }, "node_modules/lit-analyzer": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/lit-analyzer/-/lit-analyzer-1.2.1.tgz", - "integrity": "sha512-OEARBhDidyaQENavLbzpTKbEmu5rnAI+SdYsH4ia1BlGlLiqQXoym7uH1MaRPtwtUPbkhUfT4OBDZ+74VHc3Cg==", + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/lit-analyzer/-/lit-analyzer-2.0.1.tgz", + "integrity": "sha512-4bHJLCbxywMHd9bnVkLDkCSHXs/KrlwUks75EhYtJNdzH07O5BSVdZdadbw4T2AvuYxb0xRO4ZjqgQJCkp8Kjg==", "dev": true, "dependencies": { + "@vscode/web-custom-data": "^0.4.2", "chalk": "^2.4.2", "didyoumean2": "4.1.0", - "fast-glob": "^2.2.6", + "fast-glob": "^3.2.11", "parse5": "5.1.0", - "ts-simple-type": "~1.0.5", + "ts-simple-type": "~2.0.0-next.0", "vscode-css-languageservice": "4.3.0", "vscode-html-languageservice": "3.1.0", - "web-component-analyzer": "~1.1.1" + "web-component-analyzer": "^2.0.0" }, "bin": { "lit-analyzer": "cli.js" } }, - "node_modules/lit-analyzer/node_modules/@nodelib/fs.stat": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-1.1.3.tgz", - "integrity": "sha512-shAmDyaQC4H92APFoIaVDHCx5bStIocgvbwQyxPRrbUY20V1EYTbSDchWbuwlMG3V17cprZhA6+78JfB+3DTPw==", - "dev": true, - "engines": { - "node": ">= 6" - } - }, - "node_modules/lit-analyzer/node_modules/braces": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/braces/-/braces-2.3.2.tgz", - "integrity": "sha512-aNdbnj9P8PjdXU4ybaWLK2IF3jc/EoDYbC7AazW6to3TRsfXxscC9UXOB5iDiEQrkyIbWp2SLQda4+QAa7nc3w==", - "dev": true, - "dependencies": { - "arr-flatten": "^1.1.0", - "array-unique": "^0.3.2", - "extend-shallow": "^2.0.1", - "fill-range": "^4.0.0", - "isobject": "^3.0.1", - "repeat-element": "^1.1.2", - "snapdragon": "^0.8.1", - "snapdragon-node": "^2.0.1", - "split-string": "^3.0.2", - "to-regex": "^3.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lit-analyzer/node_modules/fast-glob": { - "version": "2.2.7", - "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-2.2.7.tgz", - "integrity": "sha512-g1KuQwHOZAmOZMuBtHdxDtju+T2RT8jgCC9aANsbpdiDDTSnjgfuVsIBNKbUeJI3oKMRExcfNDtJl4OhbffMsw==", - "dev": true, - "dependencies": { - "@mrmlnc/readdir-enhanced": "^2.2.1", - "@nodelib/fs.stat": "^1.1.2", - "glob-parent": "^3.1.0", - "is-glob": "^4.0.0", - "merge2": "^1.2.3", - "micromatch": "^3.1.10" - }, - "engines": { - "node": ">=4.0.0" - } - }, - "node_modules/lit-analyzer/node_modules/fill-range": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-4.0.0.tgz", - "integrity": "sha512-VcpLTWqWDiTerugjj8e3+esbg+skS3M9e54UuR3iCeIDMXCLTsAH8hTSzDQU/X6/6t3eYkOKoZSef2PlU6U1XQ==", - "dev": true, - "dependencies": { - "extend-shallow": "^2.0.1", - "is-number": "^3.0.0", - "repeat-string": "^1.6.1", - "to-regex-range": "^2.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lit-analyzer/node_modules/glob-parent": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-3.1.0.tgz", - "integrity": "sha512-E8Ak/2+dZY6fnzlR7+ueWvhsH1SjHr4jjss4YS/h4py44jY9MhK/VFdaZJAWDz6BbL21KeteKxFSFpq8OS5gVA==", - "dev": true, - "dependencies": { - "is-glob": "^3.1.0", - "path-dirname": "^1.0.0" - } - }, - "node_modules/lit-analyzer/node_modules/glob-parent/node_modules/is-glob": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-3.1.0.tgz", - "integrity": "sha512-UFpDDrPgM6qpnFNI+rh/p3bUaq9hKLZN8bMUWzxmcnZVS3omf4IPK+BrewlnWjO1WmUsMYuSjKh4UJuV4+Lqmw==", - "dev": true, - "dependencies": { - "is-extglob": "^2.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lit-analyzer/node_modules/is-buffer": { - "version": "1.1.6", - "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", - "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true - }, - "node_modules/lit-analyzer/node_modules/is-extendable": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-1.0.1.tgz", - "integrity": "sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA==", - "dev": true, - "dependencies": { - "is-plain-object": "^2.0.4" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lit-analyzer/node_modules/is-number": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/is-number/-/is-number-3.0.0.tgz", - "integrity": "sha512-4cboCqIpliH+mAvFNegjZQ4kgKc3ZUhQVr3HvWbSh5q3WH2v82ct+T2Y1hdU5Gdtorx/cLifQjqCbL7bpznLTg==", - "dev": true, - "dependencies": { - "kind-of": "^3.0.2" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lit-analyzer/node_modules/is-number/node_modules/kind-of": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", - "integrity": "sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==", - "dev": true, - "dependencies": { - "is-buffer": "^1.1.5" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lit-analyzer/node_modules/is-plain-object": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", - "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", - "dev": true, - "dependencies": { - "isobject": "^3.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lit-analyzer/node_modules/micromatch": { - "version": "3.1.10", - "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-3.1.10.tgz", - "integrity": "sha512-MWikgl9n9M3w+bpsY3He8L+w9eF9338xRl8IAO5viDizwSzziFEyUzo2xrrloB64ADbTf8uA8vRqqttDTOmccg==", - "dev": true, - "dependencies": { - "arr-diff": "^4.0.0", - "array-unique": "^0.3.2", - "braces": "^2.3.1", - "define-property": "^2.0.2", - "extend-shallow": "^3.0.2", - "extglob": "^2.0.4", - "fragment-cache": "^0.2.1", - "kind-of": "^6.0.2", - "nanomatch": "^1.2.9", - "object.pick": "^1.3.0", - "regex-not": "^1.0.0", - "snapdragon": "^0.8.1", - "to-regex": "^3.0.2" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/lit-analyzer/node_modules/micromatch/node_modules/extend-shallow": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-3.0.2.tgz", - "integrity": "sha512-BwY5b5Ql4+qZoefgMj2NUmx+tehVTH/Kf4k1ZEtOHNFcm2wSxMRo992l6X3TIgni2eZVTZ85xMOjF31fwZAj6Q==", - "dev": true, - "dependencies": { - "assign-symbols": "^1.0.0", - "is-extendable": "^1.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/lit-analyzer/node_modules/parse5": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/parse5/-/parse5-5.1.0.tgz", "integrity": "sha512-fxNG2sQjHvlVAYmzBZS9YlDp6PTSSDwa98vkD4QgVDDCAo84z5X1t5XyJQ62ImdLXx5NdIIfihey6xpum9/gRQ==", "dev": true }, - "node_modules/lit-analyzer/node_modules/to-regex-range": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-2.1.1.tgz", - "integrity": "sha512-ZZWNfCjUokXXDGXFpZehJIkZqq91BcULFq/Pi7M5i4JnxXdhMKAK682z8bCW3o8Hj1wuuzoKcW3DfVzaP6VuNg==", - "dev": true, - "dependencies": { - "is-number": "^3.0.0", - "repeat-string": "^1.6.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/lit-element": { "version": "3.3.3", "resolved": "https://registry.npmjs.org/lit-element/-/lit-element-3.3.3.tgz", @@ -17195,33 +16417,12 @@ "tmpl": "1.0.5" } }, - "node_modules/map-cache": { - "version": "0.2.2", - "resolved": "https://registry.npmjs.org/map-cache/-/map-cache-0.2.2.tgz", - "integrity": "sha512-8y/eV9QQZCiyn1SprXSrCmqJN0yNRATe+PO8ztwqrvrbdRLA3eYJF0yaR0YayLWkMbsQSKWS9N2gPcGEc4UsZg==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/map-or-similar": { "version": "1.5.0", "resolved": "https://registry.npmjs.org/map-or-similar/-/map-or-similar-1.5.0.tgz", "integrity": "sha512-0aF7ZmVon1igznGI4VS30yugpduQW3y3GkcgGJOp7d8x8QrizhigUxjI/m2UojsXXto+jLAH3KSz+xOJTiORjg==", "dev": true }, - "node_modules/map-visit": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/map-visit/-/map-visit-1.0.0.tgz", - "integrity": "sha512-4y7uGv8bd2WdM9vpQsiQNo41Ln1NvhvDRuVt0k2JZQ+ezN2uaQes7lZeZ+QQUHOLQAtDaBJ+7wCbi+ab/KFs+w==", - "dev": true, - "dependencies": { - "object-visit": "^1.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/markdown-to-jsx": { "version": "7.3.2", "resolved": "https://registry.npmjs.org/markdown-to-jsx/-/markdown-to-jsx-7.3.2.tgz", @@ -17953,43 +17154,6 @@ "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", "dev": true }, - "node_modules/mixin-deep": { - "version": "1.3.2", - "resolved": "https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.2.tgz", - "integrity": "sha512-WRoDn//mXBiJ1H40rqa3vH0toePwSsGb45iInWlTySa+Uu4k3tYUSxa2v1KqAiLtvlrSzaExqS1gtk96A9zvEA==", - "dev": true, - "dependencies": { - "for-in": "^1.0.2", - "is-extendable": "^1.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/mixin-deep/node_modules/is-extendable": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-1.0.1.tgz", - "integrity": "sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA==", - "dev": true, - "dependencies": { - "is-plain-object": "^2.0.4" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/mixin-deep/node_modules/is-plain-object": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", - "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", - "dev": true, - "dependencies": { - "isobject": "^3.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/mkdirp": { "version": "0.5.6", "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz", @@ -18143,65 +17307,6 @@ "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" } }, - "node_modules/nanomatch": { - "version": "1.2.13", - "resolved": "https://registry.npmjs.org/nanomatch/-/nanomatch-1.2.13.tgz", - "integrity": "sha512-fpoe2T0RbHwBTBUOftAfBPaDEi06ufaUai0mE6Yn1kacc3SnTErfb/h+X94VXzI64rKFHYImXSvdwGGCmwOqCA==", - "dev": true, - "dependencies": { - "arr-diff": "^4.0.0", - "array-unique": "^0.3.2", - "define-property": "^2.0.2", - "extend-shallow": "^3.0.2", - "fragment-cache": "^0.2.1", - "is-windows": "^1.0.2", - "kind-of": "^6.0.2", - "object.pick": "^1.3.0", - "regex-not": "^1.0.0", - "snapdragon": "^0.8.1", - "to-regex": "^3.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/nanomatch/node_modules/extend-shallow": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-3.0.2.tgz", - "integrity": "sha512-BwY5b5Ql4+qZoefgMj2NUmx+tehVTH/Kf4k1ZEtOHNFcm2wSxMRo992l6X3TIgni2eZVTZ85xMOjF31fwZAj6Q==", - "dev": true, - "dependencies": { - "assign-symbols": "^1.0.0", - "is-extendable": "^1.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/nanomatch/node_modules/is-extendable": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-1.0.1.tgz", - "integrity": "sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA==", - "dev": true, - "dependencies": { - "is-plain-object": "^2.0.4" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/nanomatch/node_modules/is-plain-object": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", - "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", - "dev": true, - "dependencies": { - "isobject": "^3.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/napi-build-utils": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/napi-build-utils/-/napi-build-utils-1.0.2.tgz", @@ -18495,97 +17600,6 @@ "node": ">=0.10.0" } }, - "node_modules/object-copy": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/object-copy/-/object-copy-0.1.0.tgz", - "integrity": "sha512-79LYn6VAb63zgtmAteVOWo9Vdj71ZVBy3Pbse+VqxDpEP83XuujMrGqHIwAXJ5I/aM0zU7dIyIAhifVTPrNItQ==", - "dev": true, - "dependencies": { - "copy-descriptor": "^0.1.0", - "define-property": "^0.2.5", - "kind-of": "^3.0.3" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/object-copy/node_modules/define-property": { - "version": "0.2.5", - "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz", - "integrity": "sha512-Rr7ADjQZenceVOAKop6ALkkRAmH1A4Gx9hV/7ZujPUN2rkATqFO0JZLZInbAjpZYoJ1gUx8MRMQVkYemcbMSTA==", - "dev": true, - "dependencies": { - "is-descriptor": "^0.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/object-copy/node_modules/is-accessor-descriptor": { - "version": "0.1.6", - "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz", - "integrity": "sha512-e1BM1qnDbMRG3ll2U9dSK0UMHuWOs3pY3AtcFsmvwPtKL3MML/Q86i+GilLfvqEs4GW+ExB91tQ3Ig9noDIZ+A==", - "dev": true, - "dependencies": { - "kind-of": "^3.0.2" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/object-copy/node_modules/is-buffer": { - "version": "1.1.6", - "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", - "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true - }, - "node_modules/object-copy/node_modules/is-data-descriptor": { - "version": "0.1.4", - "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz", - "integrity": "sha512-+w9D5ulSoBNlmw9OHn3U2v51SyoCd0he+bB3xMl62oijhrspxowjU+AIcDY0N3iEJbUEkB15IlMASQsxYigvXg==", - "dev": true, - "dependencies": { - "kind-of": "^3.0.2" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/object-copy/node_modules/is-descriptor": { - "version": "0.1.6", - "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.6.tgz", - "integrity": "sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg==", - "dev": true, - "dependencies": { - "is-accessor-descriptor": "^0.1.6", - "is-data-descriptor": "^0.1.4", - "kind-of": "^5.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/object-copy/node_modules/is-descriptor/node_modules/kind-of": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz", - "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/object-copy/node_modules/kind-of": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", - "integrity": "sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==", - "dev": true, - "dependencies": { - "is-buffer": "^1.1.5" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/object-inspect": { "version": "1.12.3", "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.3.tgz", @@ -18619,18 +17633,6 @@ "node": ">= 0.4" } }, - "node_modules/object-visit": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/object-visit/-/object-visit-1.0.1.tgz", - "integrity": "sha512-GBaMwwAVK9qbQN3Scdo0OyvgPW7l3lnaVMj84uTOZlswkX0KpF6fyDBJhtTthf7pymztoN36/KEr1DyhF96zEA==", - "dev": true, - "dependencies": { - "isobject": "^3.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/object.assign": { "version": "4.1.4", "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.4.tgz", @@ -18649,18 +17651,6 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/object.pick": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/object.pick/-/object.pick-1.3.0.tgz", - "integrity": "sha512-tqa/UMy/CCoYmj+H5qc07qvSL9dqcs/WZENZ1JbtWBlATP+iVOe778gE6MSijnyCnORzDuX6hU+LA4SZ09YjFQ==", - "dev": true, - "dependencies": { - "isobject": "^3.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/on-finished": { "version": "2.4.1", "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", @@ -18929,21 +17919,6 @@ "node": ">= 0.8" } }, - "node_modules/pascalcase": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/pascalcase/-/pascalcase-0.1.1.tgz", - "integrity": "sha512-XHXfu/yOQRy9vYOtUDVMN60OEJjW013GoObG1o+xwQTpB9eYJX/BjXMsdW13ZDPruFhYYn0AG22w0xgQMwl3Nw==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/path-dirname": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/path-dirname/-/path-dirname-1.0.2.tgz", - "integrity": "sha512-ALzNPpyNq9AqXMBjeymIjFDAkAFH06mHJH/cSBHAgU0s4vfpBn6b2nf8tiRLvagKD8RbTpq2FKTBg7cl9l3c7Q==", - "dev": true - }, "node_modules/path-exists": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", @@ -19112,15 +18087,6 @@ "node": ">=10" } }, - "node_modules/posix-character-classes": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/posix-character-classes/-/posix-character-classes-0.1.1.tgz", - "integrity": "sha512-xTgYBc3fuo7Yt7JbiuFxSYGToMoz8fLoE6TC9Wx1P/u+LfeThMOAqmuyECnlBaaJb+u1m9hHiXUEtwW4OzfUJg==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/postcss": { "version": "8.4.31", "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz", @@ -19932,56 +18898,6 @@ "@babel/runtime": "^7.8.4" } }, - "node_modules/regex-not": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/regex-not/-/regex-not-1.0.2.tgz", - "integrity": "sha512-J6SDjUgDxQj5NusnOtdFxDwN/+HWykR8GELwctJ7mdqhcyy1xEc4SRFHUXvxTp661YaVKAjfRLZ9cCqS6tn32A==", - "dev": true, - "dependencies": { - "extend-shallow": "^3.0.2", - "safe-regex": "^1.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/regex-not/node_modules/extend-shallow": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-3.0.2.tgz", - "integrity": "sha512-BwY5b5Ql4+qZoefgMj2NUmx+tehVTH/Kf4k1ZEtOHNFcm2wSxMRo992l6X3TIgni2eZVTZ85xMOjF31fwZAj6Q==", - "dev": true, - "dependencies": { - "assign-symbols": "^1.0.0", - "is-extendable": "^1.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/regex-not/node_modules/is-extendable": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-1.0.1.tgz", - "integrity": "sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA==", - "dev": true, - "dependencies": { - "is-plain-object": "^2.0.4" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/regex-not/node_modules/is-plain-object": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", - "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", - "dev": true, - "dependencies": { - "isobject": "^3.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/regexp.prototype.flags": { "version": "1.5.0", "resolved": "https://registry.npmjs.org/regexp.prototype.flags/-/regexp.prototype.flags-1.5.0.tgz", @@ -20079,15 +18995,6 @@ "url": "https://opencollective.com/unified" } }, - "node_modules/repeat-element": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/repeat-element/-/repeat-element-1.1.4.tgz", - "integrity": "sha512-LFiNfRcSu7KK3evMyYOuCzv3L10TW7yC1G2/+StMjK8Y6Vqd2MG7r/Qjw4ghtuCOjFvlnms/iMmLqpvW/ES/WQ==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/repeat-string": { "version": "1.6.1", "resolved": "https://registry.npmjs.org/repeat-string/-/repeat-string-1.6.1.tgz", @@ -20105,12 +19012,6 @@ "node": ">=0.10.0" } }, - "node_modules/require-main-filename": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz", - "integrity": "sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg==", - "dev": true - }, "node_modules/requireindex": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/requireindex/-/requireindex-1.2.0.tgz", @@ -20146,13 +19047,6 @@ "node": ">=8" } }, - "node_modules/resolve-url": { - "version": "0.2.1", - "resolved": "https://registry.npmjs.org/resolve-url/-/resolve-url-0.2.1.tgz", - "integrity": "sha512-ZuF55hVUQaaczgOIwqWzkEcEidmlD/xl44x1UZnhOXcYuFN2S6+rcxpG+C1N3So0wvNI3DmJICUFfu2SxhBmvg==", - "deprecated": "https://github.com/lydell/resolve-url#deprecated", - "dev": true - }, "node_modules/restore-cursor": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-3.1.0.tgz", @@ -20166,15 +19060,6 @@ "node": ">=8" } }, - "node_modules/ret": { - "version": "0.1.15", - "resolved": "https://registry.npmjs.org/ret/-/ret-0.1.15.tgz", - "integrity": "sha512-TTlYpa+OL+vMMNG24xSlQGEJ3B/RzEfUlLct7b5G/ytav+wPrplCpVMFuwzXbkecJrb6IYo1iFb0S9v37754mg==", - "dev": true, - "engines": { - "node": ">=0.12" - } - }, "node_modules/reusify": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", @@ -20450,15 +19335,6 @@ "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", "devOptional": true }, - "node_modules/safe-regex": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/safe-regex/-/safe-regex-1.1.0.tgz", - "integrity": "sha512-aJXcif4xnaNUzvUuC5gcb46oTS7zvg4jpMTnuqtrEPlR3vFr4pxtdTwaF1Qs3Enjn9HK+ZlwQui+a7z0SywIzg==", - "dev": true, - "dependencies": { - "ret": "~0.1.10" - } - }, "node_modules/safe-regex-test": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/safe-regex-test/-/safe-regex-test-1.0.0.tgz", @@ -20578,39 +19454,6 @@ "node": ">= 0.8.0" } }, - "node_modules/set-blocking": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz", - "integrity": "sha512-KiKBS8AnWGEyLzofFfmvKwpdPzqiy16LvQfK3yv/fVH7Bj13/wl3JSR1J+rfgRE9q7xUJK4qvgS8raSOeLUehw==", - "dev": true - }, - "node_modules/set-value": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/set-value/-/set-value-2.0.1.tgz", - "integrity": "sha512-JxHc1weCN68wRY0fhCoXpyK55m/XPHafOmK4UWD7m2CI14GMcFypt4w/0+NV5f/ZMby2F6S2wwA7fgynh9gWSw==", - "dev": true, - "dependencies": { - "extend-shallow": "^2.0.1", - "is-extendable": "^0.1.1", - "is-plain-object": "^2.0.3", - "split-string": "^3.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/set-value/node_modules/is-plain-object": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", - "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", - "dev": true, - "dependencies": { - "isobject": "^3.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/setprototypeof": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", @@ -20823,194 +19666,6 @@ "integrity": "sha512-MqR3fVulhjWuRNSMydnTlweu38UhQ0HXM4buStD/S3mc/BzX3CuM9OmhyQpmtYCvoYdl5ris6TI0ZqH355Ymqg==", "dev": true }, - "node_modules/snapdragon": { - "version": "0.8.2", - "resolved": "https://registry.npmjs.org/snapdragon/-/snapdragon-0.8.2.tgz", - "integrity": "sha512-FtyOnWN/wCHTVXOMwvSv26d+ko5vWlIDD6zoUJ7LW8vh+ZBC8QdljveRP+crNrtBwioEUWy/4dMtbBjA4ioNlg==", - "dev": true, - "dependencies": { - "base": "^0.11.1", - "debug": "^2.2.0", - "define-property": "^0.2.5", - "extend-shallow": "^2.0.1", - "map-cache": "^0.2.2", - "source-map": "^0.5.6", - "source-map-resolve": "^0.5.0", - "use": "^3.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/snapdragon-node": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/snapdragon-node/-/snapdragon-node-2.1.1.tgz", - "integrity": "sha512-O27l4xaMYt/RSQ5TR3vpWCAB5Kb/czIcqUFOM/C4fYcLnbZUc1PkjTAMjof2pBWaSTwOUd6qUHcFGVGj7aIwnw==", - "dev": true, - "dependencies": { - "define-property": "^1.0.0", - "isobject": "^3.0.0", - "snapdragon-util": "^3.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/snapdragon-node/node_modules/define-property": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/define-property/-/define-property-1.0.0.tgz", - "integrity": "sha512-cZTYKFWspt9jZsMscWo8sc/5lbPC9Q0N5nBLgb+Yd915iL3udB1uFgS3B8YCx66UVHq018DAVFoee7x+gxggeA==", - "dev": true, - "dependencies": { - "is-descriptor": "^1.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/snapdragon-util": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/snapdragon-util/-/snapdragon-util-3.0.1.tgz", - "integrity": "sha512-mbKkMdQKsjX4BAL4bRYTj21edOf8cN7XHdYUJEe+Zn99hVEYcMvKPct1IqNe7+AZPirn8BCDOQBHQZknqmKlZQ==", - "dev": true, - "dependencies": { - "kind-of": "^3.2.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/snapdragon-util/node_modules/is-buffer": { - "version": "1.1.6", - "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", - "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true - }, - "node_modules/snapdragon-util/node_modules/kind-of": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", - "integrity": "sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==", - "dev": true, - "dependencies": { - "is-buffer": "^1.1.5" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/snapdragon/node_modules/debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "dev": true, - "dependencies": { - "ms": "2.0.0" - } - }, - "node_modules/snapdragon/node_modules/define-property": { - "version": "0.2.5", - "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz", - "integrity": "sha512-Rr7ADjQZenceVOAKop6ALkkRAmH1A4Gx9hV/7ZujPUN2rkATqFO0JZLZInbAjpZYoJ1gUx8MRMQVkYemcbMSTA==", - "dev": true, - "dependencies": { - "is-descriptor": "^0.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/snapdragon/node_modules/is-accessor-descriptor": { - "version": "0.1.6", - "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz", - "integrity": "sha512-e1BM1qnDbMRG3ll2U9dSK0UMHuWOs3pY3AtcFsmvwPtKL3MML/Q86i+GilLfvqEs4GW+ExB91tQ3Ig9noDIZ+A==", - "dev": true, - "dependencies": { - "kind-of": "^3.0.2" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/snapdragon/node_modules/is-accessor-descriptor/node_modules/kind-of": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", - "integrity": "sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==", - "dev": true, - "dependencies": { - "is-buffer": "^1.1.5" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/snapdragon/node_modules/is-buffer": { - "version": "1.1.6", - "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", - "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true - }, - "node_modules/snapdragon/node_modules/is-data-descriptor": { - "version": "0.1.4", - "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz", - "integrity": "sha512-+w9D5ulSoBNlmw9OHn3U2v51SyoCd0he+bB3xMl62oijhrspxowjU+AIcDY0N3iEJbUEkB15IlMASQsxYigvXg==", - "dev": true, - "dependencies": { - "kind-of": "^3.0.2" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/snapdragon/node_modules/is-data-descriptor/node_modules/kind-of": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", - "integrity": "sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==", - "dev": true, - "dependencies": { - "is-buffer": "^1.1.5" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/snapdragon/node_modules/is-descriptor": { - "version": "0.1.6", - "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.6.tgz", - "integrity": "sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg==", - "dev": true, - "dependencies": { - "is-accessor-descriptor": "^0.1.6", - "is-data-descriptor": "^0.1.4", - "kind-of": "^5.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/snapdragon/node_modules/kind-of": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz", - "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/snapdragon/node_modules/ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", - "dev": true - }, - "node_modules/snapdragon/node_modules/source-map": { - "version": "0.5.7", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz", - "integrity": "sha512-LbrmJOMUSdEVxIKvdcJzQC+nQhe8FUZQTXQy6+I75skNgn3OoQ0DZA8YnFa7gp8tqtL3KPf1kmo0R5DoApeSGQ==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/source-map": { "version": "0.6.1", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", @@ -21030,20 +19685,6 @@ "node": ">=0.10.0" } }, - "node_modules/source-map-resolve": { - "version": "0.5.3", - "resolved": "https://registry.npmjs.org/source-map-resolve/-/source-map-resolve-0.5.3.tgz", - "integrity": "sha512-Htz+RnsXWk5+P2slx5Jh3Q66vhQj1Cllm0zvnaY98+NFx+Dv2CF/f5O/t8x+KaNdrdIAsruNzoh/KpialbqAnw==", - "deprecated": "See https://github.com/lydell/source-map-resolve#deprecated", - "dev": true, - "dependencies": { - "atob": "^2.1.2", - "decode-uri-component": "^0.2.0", - "resolve-url": "^0.2.1", - "source-map-url": "^0.4.0", - "urix": "^0.1.0" - } - }, "node_modules/source-map-support": { "version": "0.5.21", "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.21.tgz", @@ -21054,13 +19695,6 @@ "source-map": "^0.6.0" } }, - "node_modules/source-map-url": { - "version": "0.4.1", - "resolved": "https://registry.npmjs.org/source-map-url/-/source-map-url-0.4.1.tgz", - "integrity": "sha512-cPiFOTLUKvJFIg4SKVScy4ilPPW6rFgMgfuZJPNoDuMs3nC1HbMUycBoJw77xFIp6z1UJQJOfx6C9GMH80DiTw==", - "deprecated": "See https://github.com/lydell/source-map-url#deprecated", - "dev": true - }, "node_modules/sourcemap-codec": { "version": "1.4.8", "resolved": "https://registry.npmjs.org/sourcemap-codec/-/sourcemap-codec-1.4.8.tgz", @@ -21110,55 +19744,6 @@ "integrity": "sha512-XkD+zwiqXHikFZm4AX/7JSCXA98U5Db4AFd5XUg/+9UNtnH75+Z9KxtpYiJZx36mUDVOwH83pl7yvCer6ewM3w==", "dev": true }, - "node_modules/split-string": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/split-string/-/split-string-3.1.0.tgz", - "integrity": "sha512-NzNVhJDYpwceVVii8/Hu6DKfD2G+NrQHlS/V/qgv763EYudVwEcMQNxd2lh+0VrUByXN/oJkl5grOhYWvQUYiw==", - "dev": true, - "dependencies": { - "extend-shallow": "^3.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/split-string/node_modules/extend-shallow": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-3.0.2.tgz", - "integrity": "sha512-BwY5b5Ql4+qZoefgMj2NUmx+tehVTH/Kf4k1ZEtOHNFcm2wSxMRo992l6X3TIgni2eZVTZ85xMOjF31fwZAj6Q==", - "dev": true, - "dependencies": { - "assign-symbols": "^1.0.0", - "is-extendable": "^1.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/split-string/node_modules/is-extendable": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-1.0.1.tgz", - "integrity": "sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA==", - "dev": true, - "dependencies": { - "is-plain-object": "^2.0.4" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/split-string/node_modules/is-plain-object": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", - "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", - "dev": true, - "dependencies": { - "isobject": "^3.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/sprintf-js": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", @@ -21170,108 +19755,6 @@ "resolved": "https://registry.npmjs.org/stampit/-/stampit-4.3.2.tgz", "integrity": "sha512-pE2org1+ZWQBnIxRPrBM2gVupkuDD0TTNIo1H6GdT/vO82NXli2z8lRE8cu/nBIHrcOCXFBAHpb9ZldrB2/qOA==" }, - "node_modules/static-extend": { - "version": "0.1.2", - "resolved": "https://registry.npmjs.org/static-extend/-/static-extend-0.1.2.tgz", - "integrity": "sha512-72E9+uLc27Mt718pMHt9VMNiAL4LMsmDbBva8mxWUCkT07fSzEGMYUCk0XWY6lp0j6RBAG4cJ3mWuZv2OE3s0g==", - "dev": true, - "dependencies": { - "define-property": "^0.2.5", - "object-copy": "^0.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/static-extend/node_modules/define-property": { - "version": "0.2.5", - "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz", - "integrity": "sha512-Rr7ADjQZenceVOAKop6ALkkRAmH1A4Gx9hV/7ZujPUN2rkATqFO0JZLZInbAjpZYoJ1gUx8MRMQVkYemcbMSTA==", - "dev": true, - "dependencies": { - "is-descriptor": "^0.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/static-extend/node_modules/is-accessor-descriptor": { - "version": "0.1.6", - "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz", - "integrity": "sha512-e1BM1qnDbMRG3ll2U9dSK0UMHuWOs3pY3AtcFsmvwPtKL3MML/Q86i+GilLfvqEs4GW+ExB91tQ3Ig9noDIZ+A==", - "dev": true, - "dependencies": { - "kind-of": "^3.0.2" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/static-extend/node_modules/is-accessor-descriptor/node_modules/kind-of": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", - "integrity": "sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==", - "dev": true, - "dependencies": { - "is-buffer": "^1.1.5" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/static-extend/node_modules/is-buffer": { - "version": "1.1.6", - "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", - "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true - }, - "node_modules/static-extend/node_modules/is-data-descriptor": { - "version": "0.1.4", - "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz", - "integrity": "sha512-+w9D5ulSoBNlmw9OHn3U2v51SyoCd0he+bB3xMl62oijhrspxowjU+AIcDY0N3iEJbUEkB15IlMASQsxYigvXg==", - "dev": true, - "dependencies": { - "kind-of": "^3.0.2" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/static-extend/node_modules/is-data-descriptor/node_modules/kind-of": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", - "integrity": "sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==", - "dev": true, - "dependencies": { - "is-buffer": "^1.1.5" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/static-extend/node_modules/is-descriptor": { - "version": "0.1.6", - "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.6.tgz", - "integrity": "sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg==", - "dev": true, - "dependencies": { - "is-accessor-descriptor": "^0.1.6", - "is-data-descriptor": "^0.1.4", - "kind-of": "^5.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/static-extend/node_modules/kind-of": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz", - "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/statuses": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", @@ -22071,51 +20554,6 @@ "node": ">=4" } }, - "node_modules/to-object-path": { - "version": "0.3.0", - "resolved": "https://registry.npmjs.org/to-object-path/-/to-object-path-0.3.0.tgz", - "integrity": "sha512-9mWHdnGRuh3onocaHzukyvCZhzvr6tiflAy/JRFXcJX0TjgfWA9pk9t8CMbzmBE4Jfw58pXbkngtBtqYxzNEyg==", - "dev": true, - "dependencies": { - "kind-of": "^3.0.2" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/to-object-path/node_modules/is-buffer": { - "version": "1.1.6", - "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", - "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "dev": true - }, - "node_modules/to-object-path/node_modules/kind-of": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", - "integrity": "sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==", - "dev": true, - "dependencies": { - "is-buffer": "^1.1.5" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/to-regex": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/to-regex/-/to-regex-3.0.2.tgz", - "integrity": "sha512-FWtleNAtZ/Ki2qtqej2CXTOayOH9bHDQF+Q48VpWyDXjbYxA4Yz8iDB31zXOBUlOHHKidDbqGVrTUvQMPmBGBw==", - "dev": true, - "dependencies": { - "define-property": "^2.0.2", - "extend-shallow": "^3.0.2", - "regex-not": "^1.0.2", - "safe-regex": "^1.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/to-regex-range": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", @@ -22128,43 +20566,6 @@ "node": ">=8.0" } }, - "node_modules/to-regex/node_modules/extend-shallow": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-3.0.2.tgz", - "integrity": "sha512-BwY5b5Ql4+qZoefgMj2NUmx+tehVTH/Kf4k1ZEtOHNFcm2wSxMRo992l6X3TIgni2eZVTZ85xMOjF31fwZAj6Q==", - "dev": true, - "dependencies": { - "assign-symbols": "^1.0.0", - "is-extendable": "^1.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/to-regex/node_modules/is-extendable": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-1.0.1.tgz", - "integrity": "sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA==", - "dev": true, - "dependencies": { - "is-plain-object": "^2.0.4" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/to-regex/node_modules/is-plain-object": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", - "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", - "dev": true, - "dependencies": { - "isobject": "^3.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/tocbot": { "version": "4.21.1", "resolved": "https://registry.npmjs.org/tocbot/-/tocbot-4.21.1.tgz", @@ -22278,142 +20679,12 @@ "web-component-analyzer": "^2.0.0" } }, - "node_modules/ts-lit-plugin/node_modules/ansi-styles": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", - "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", - "dev": true, - "dependencies": { - "color-convert": "^2.0.1" - }, - "engines": { - "node": ">=8" - }, - "funding": { - "url": "https://github.com/chalk/ansi-styles?sponsor=1" - } - }, - "node_modules/ts-lit-plugin/node_modules/cliui": { - "version": "8.0.1", - "resolved": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz", - "integrity": "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==", - "dev": true, - "dependencies": { - "string-width": "^4.2.0", - "strip-ansi": "^6.0.1", - "wrap-ansi": "^7.0.0" - }, - "engines": { - "node": ">=12" - } - }, - "node_modules/ts-lit-plugin/node_modules/lit-analyzer": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/lit-analyzer/-/lit-analyzer-2.0.1.tgz", - "integrity": "sha512-4bHJLCbxywMHd9bnVkLDkCSHXs/KrlwUks75EhYtJNdzH07O5BSVdZdadbw4T2AvuYxb0xRO4ZjqgQJCkp8Kjg==", - "dev": true, - "dependencies": { - "@vscode/web-custom-data": "^0.4.2", - "chalk": "^2.4.2", - "didyoumean2": "4.1.0", - "fast-glob": "^3.2.11", - "parse5": "5.1.0", - "ts-simple-type": "~2.0.0-next.0", - "vscode-css-languageservice": "4.3.0", - "vscode-html-languageservice": "3.1.0", - "web-component-analyzer": "^2.0.0" - }, - "bin": { - "lit-analyzer": "cli.js" - } - }, - "node_modules/ts-lit-plugin/node_modules/parse5": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/parse5/-/parse5-5.1.0.tgz", - "integrity": "sha512-fxNG2sQjHvlVAYmzBZS9YlDp6PTSSDwa98vkD4QgVDDCAo84z5X1t5XyJQ62ImdLXx5NdIIfihey6xpum9/gRQ==", - "dev": true - }, - "node_modules/ts-lit-plugin/node_modules/ts-simple-type": { + "node_modules/ts-simple-type": { "version": "2.0.0-next.0", "resolved": "https://registry.npmjs.org/ts-simple-type/-/ts-simple-type-2.0.0-next.0.tgz", "integrity": "sha512-A+hLX83gS+yH6DtzNAhzZbPfU+D9D8lHlTSd7GeoMRBjOt3GRylDqLTYbdmjA4biWvq2xSfpqfIDj2l0OA/BVg==", "dev": true }, - "node_modules/ts-lit-plugin/node_modules/web-component-analyzer": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/web-component-analyzer/-/web-component-analyzer-2.0.0.tgz", - "integrity": "sha512-UEvwfpD+XQw99sLKiH5B1T4QwpwNyWJxp59cnlRwFfhUW6JsQpw5jMeMwi7580sNou8YL3kYoS7BWLm+yJ/jVQ==", - "dev": true, - "dependencies": { - "fast-glob": "^3.2.2", - "ts-simple-type": "2.0.0-next.0", - "typescript": "~5.2.0", - "yargs": "^17.7.2" - }, - "bin": { - "wca": "cli.js", - "web-component-analyzer": "cli.js" - } - }, - "node_modules/ts-lit-plugin/node_modules/wrap-ansi": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", - "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", - "dev": true, - "dependencies": { - "ansi-styles": "^4.0.0", - "string-width": "^4.1.0", - "strip-ansi": "^6.0.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/chalk/wrap-ansi?sponsor=1" - } - }, - "node_modules/ts-lit-plugin/node_modules/y18n": { - "version": "5.0.8", - "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", - "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", - "dev": true, - "engines": { - "node": ">=10" - } - }, - "node_modules/ts-lit-plugin/node_modules/yargs": { - "version": "17.7.2", - "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz", - "integrity": "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==", - "dev": true, - "dependencies": { - "cliui": "^8.0.1", - "escalade": "^3.1.1", - "get-caller-file": "^2.0.5", - "require-directory": "^2.1.1", - "string-width": "^4.2.3", - "y18n": "^5.0.5", - "yargs-parser": "^21.1.1" - }, - "engines": { - "node": ">=12" - } - }, - "node_modules/ts-lit-plugin/node_modules/yargs-parser": { - "version": "21.1.1", - "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", - "integrity": "sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==", - "dev": true, - "engines": { - "node": ">=12" - } - }, - "node_modules/ts-simple-type": { - "version": "1.0.7", - "resolved": "https://registry.npmjs.org/ts-simple-type/-/ts-simple-type-1.0.7.tgz", - "integrity": "sha512-zKmsCQs4dZaeSKjEA7pLFDv7FHHqAFLPd0Mr//OIJvu8M+4p4bgSFJwZSEBEg3ec9W7RzRz1vi8giiX0+mheBQ==", - "dev": true - }, "node_modules/ts-toolbelt": { "version": "9.6.0", "resolved": "https://registry.npmjs.org/ts-toolbelt/-/ts-toolbelt-9.6.0.tgz", @@ -22680,21 +20951,6 @@ "node": ">=4" } }, - "node_modules/union-value": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/union-value/-/union-value-1.0.1.tgz", - "integrity": "sha512-tJfXmxMeWYnczCVs7XAEvIV7ieppALdyepWMkHkwciRpZraG/xwT+s2JN8+pr1+8jCRf80FFzvr+MpQeeoF4Xg==", - "dev": true, - "dependencies": { - "arr-union": "^3.1.0", - "get-value": "^2.0.6", - "is-extendable": "^0.1.1", - "set-value": "^2.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/unique-string": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/unique-string/-/unique-string-2.0.0.tgz", @@ -22793,60 +21049,6 @@ "resolved": "https://registry.npmjs.org/unraw/-/unraw-3.0.0.tgz", "integrity": "sha512-08/DA66UF65OlpUDIQtbJyrqTR0jTAlJ+jsnkQ4jxR7+K5g5YG1APZKQSMCE1vqqmD+2pv6+IdEjmopFatacvg==" }, - "node_modules/unset-value": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/unset-value/-/unset-value-1.0.0.tgz", - "integrity": "sha512-PcA2tsuGSF9cnySLHTLSh2qrQiJ70mn+r+Glzxv2TWZblxsxCC52BDlZoPCsz7STd9pN7EZetkWZBAvk4cgZdQ==", - "dev": true, - "dependencies": { - "has-value": "^0.3.1", - "isobject": "^3.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/unset-value/node_modules/has-value": { - "version": "0.3.1", - "resolved": "https://registry.npmjs.org/has-value/-/has-value-0.3.1.tgz", - "integrity": "sha512-gpG936j8/MzaeID5Yif+577c17TxaDmhuyVgSwtnL/q8UUTySg8Mecb+8Cf1otgLoD7DDH75axp86ER7LFsf3Q==", - "dev": true, - "dependencies": { - "get-value": "^2.0.3", - "has-values": "^0.1.4", - "isobject": "^2.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/unset-value/node_modules/has-value/node_modules/isobject": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/isobject/-/isobject-2.1.0.tgz", - "integrity": "sha512-+OUdGJlgjOBZDfxnDjYYG6zp487z0JGNQq3cYQYg5f5hKR+syHMsaztzGeml/4kGG55CSpKSpWTY+jYGgsHLgA==", - "dev": true, - "dependencies": { - "isarray": "1.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/unset-value/node_modules/has-values": { - "version": "0.1.4", - "resolved": "https://registry.npmjs.org/has-values/-/has-values-0.1.4.tgz", - "integrity": "sha512-J8S0cEdWuQbqD9//tlZxiMuMNmxB8PlEwvYwuxsTmR1G5RXUePEX/SJn7aD0GMLieuZYSwNH0cQuJGwnYunXRQ==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/unset-value/node_modules/isarray": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==", - "dev": true - }, "node_modules/untildify": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/untildify/-/untildify-4.0.0.tgz", @@ -22895,13 +21097,6 @@ "punycode": "^2.1.0" } }, - "node_modules/urix": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/urix/-/urix-0.1.0.tgz", - "integrity": "sha512-Am1ousAhSLBeB9cG/7k7r2R0zj50uDRlZHPGbazid5s9rlF1F/QKYObEKSIunSjIOkJZqwRRLpvewjEkM7pSqg==", - "deprecated": "Please see https://github.com/lydell/urix#deprecated", - "dev": true - }, "node_modules/url": { "version": "0.11.2", "resolved": "https://registry.npmjs.org/url/-/url-0.11.2.tgz", @@ -22916,15 +21111,6 @@ "resolved": "https://registry.npmjs.org/punycode/-/punycode-1.4.1.tgz", "integrity": "sha512-jmYNElW7yvO7TV33CjSmvSiE2yco3bV2czu/OzDKdMNVZQWfxCblURLhf+47syQRBntjfLdd/H0egrzIG+oaFQ==" }, - "node_modules/use": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/use/-/use-3.1.1.tgz", - "integrity": "sha512-cwESVXlO3url9YWlFW/TA9cshCEhtu7IKJ/p5soJ/gGpj7vbvFrAY/eIioQ6Dw23KjZhYgiIo8HOs1nQ2vr/oQ==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/use-callback-ref": { "version": "1.3.0", "resolved": "https://registry.npmjs.org/use-callback-ref/-/use-callback-ref-1.3.0.tgz", @@ -23238,34 +21424,21 @@ } }, "node_modules/web-component-analyzer": { - "version": "1.1.7", - "resolved": "https://registry.npmjs.org/web-component-analyzer/-/web-component-analyzer-1.1.7.tgz", - "integrity": "sha512-SqCqN4nU9fU+j0CKXJQ8E4cslLsaezhagY6xoi+hoNPPd55GzR6MY1r5jkoJUVu+g4Wy4uB+JglTt7au4vQ1uA==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/web-component-analyzer/-/web-component-analyzer-2.0.0.tgz", + "integrity": "sha512-UEvwfpD+XQw99sLKiH5B1T4QwpwNyWJxp59cnlRwFfhUW6JsQpw5jMeMwi7580sNou8YL3kYoS7BWLm+yJ/jVQ==", "dev": true, "dependencies": { "fast-glob": "^3.2.2", - "ts-simple-type": "~1.0.5", - "typescript": "^3.8.3", - "yargs": "^15.3.1" + "ts-simple-type": "2.0.0-next.0", + "typescript": "~5.2.0", + "yargs": "^17.7.2" }, "bin": { "wca": "cli.js", "web-component-analyzer": "cli.js" } }, - "node_modules/web-component-analyzer/node_modules/typescript": { - "version": "3.9.10", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-3.9.10.tgz", - "integrity": "sha512-w6fIxVE/H1PkLKcCPsFqKE7Kv7QUwhU8qQY2MueZXWx5cPZdwFupLgKK3vntcK98BtNHZtAF4LA/yl2a7k8R6Q==", - "dev": true, - "bin": { - "tsc": "bin/tsc", - "tsserver": "bin/tsserver" - }, - "engines": { - "node": ">=4.2.0" - } - }, "node_modules/web-streams-polyfill": { "version": "4.0.0-beta.3", "resolved": "https://registry.npmjs.org/web-streams-polyfill/-/web-streams-polyfill-4.0.0-beta.3.tgz", @@ -23359,12 +21532,6 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/which-module": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/which-module/-/which-module-2.0.1.tgz", - "integrity": "sha512-iBdZ57RDvnOR9AGBhML2vFZf7h8vmBjhoaZqODJBFWHVtKkDmKuHai3cx5PgVMrX5YDNp27AofYbAwctSS+vhQ==", - "dev": true - }, "node_modules/which-typed-array": { "version": "1.1.11", "resolved": "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.11.tgz", @@ -23391,9 +21558,9 @@ "dev": true }, "node_modules/wrap-ansi": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", - "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==", + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", "dev": true, "dependencies": { "ansi-styles": "^4.0.0", @@ -23401,7 +21568,10 @@ "strip-ansi": "^6.0.0" }, "engines": { - "node": ">=8" + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" } }, "node_modules/wrap-ansi-cjs": { @@ -23510,10 +21680,13 @@ } }, "node_modules/y18n": { - "version": "4.0.3", - "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.3.tgz", - "integrity": "sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ==", - "dev": true + "version": "5.0.8", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", + "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", + "dev": true, + "engines": { + "node": ">=10" + } }, "node_modules/yallist": { "version": "3.1.1", @@ -23530,90 +21703,30 @@ } }, "node_modules/yargs": { - "version": "15.4.1", - "resolved": "https://registry.npmjs.org/yargs/-/yargs-15.4.1.tgz", - "integrity": "sha512-aePbxDmcYW++PaqBsJ+HYUFwCdv4LVvdnhBy78E57PIor8/OVvhMrADFFEDh8DHDFRv/O9i3lPhsENjO7QX0+A==", + "version": "17.7.2", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz", + "integrity": "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==", "dev": true, "dependencies": { - "cliui": "^6.0.0", - "decamelize": "^1.2.0", - "find-up": "^4.1.0", - "get-caller-file": "^2.0.1", + "cliui": "^8.0.1", + "escalade": "^3.1.1", + "get-caller-file": "^2.0.5", "require-directory": "^2.1.1", - "require-main-filename": "^2.0.0", - "set-blocking": "^2.0.0", - "string-width": "^4.2.0", - "which-module": "^2.0.0", - "y18n": "^4.0.0", - "yargs-parser": "^18.1.2" + "string-width": "^4.2.3", + "y18n": "^5.0.5", + "yargs-parser": "^21.1.1" }, "engines": { - "node": ">=8" + "node": ">=12" } }, "node_modules/yargs-parser": { - "version": "18.1.3", - "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-18.1.3.tgz", - "integrity": "sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==", + "version": "21.1.1", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "integrity": "sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==", "dev": true, - "dependencies": { - "camelcase": "^5.0.0", - "decamelize": "^1.2.0" - }, "engines": { - "node": ">=6" - } - }, - "node_modules/yargs/node_modules/find-up": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", - "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", - "dev": true, - "dependencies": { - "locate-path": "^5.0.0", - "path-exists": "^4.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/yargs/node_modules/locate-path": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", - "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", - "dev": true, - "dependencies": { - "p-locate": "^4.1.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/yargs/node_modules/p-limit": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", - "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", - "dev": true, - "dependencies": { - "p-try": "^2.0.0" - }, - "engines": { - "node": ">=6" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/yargs/node_modules/p-locate": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", - "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", - "dev": true, - "dependencies": { - "p-limit": "^2.2.0" - }, - "engines": { - "node": ">=8" + "node": ">=12" } }, "node_modules/yauzl": { diff --git a/web/package.json b/web/package.json index 4c689f5d4..0711fd536 100644 --- a/web/package.json +++ b/web/package.json @@ -102,7 +102,7 @@ "eslint-plugin-lit": "^1.10.1", "eslint-plugin-sonarjs": "^0.21.0", "eslint-plugin-storybook": "^0.6.15", - "lit-analyzer": "^1.2.1", + "lit-analyzer": "^2.0.1", "npm-run-all": "^4.1.5", "prettier": "^3.0.3", "pseudolocale": "^2.0.0", From 3f5d5e040809cb32aacd4dacc4d320b8d3b110f3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Oct 2023 12:29:25 +0200 Subject: [PATCH 10/38] web: bump fuse.js from 6.6.2 to 7.0.0 in /web (#7307) Bumps [fuse.js](https://github.com/krisk/Fuse) from 6.6.2 to 7.0.0. - [Release notes](https://github.com/krisk/Fuse/releases) - [Changelog](https://github.com/krisk/Fuse/blob/main/CHANGELOG.md) - [Commits](https://github.com/krisk/Fuse/compare/v6.6.2...v7.0.0) --- updated-dependencies: - dependency-name: fuse.js dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- web/package-lock.json | 8 ++++---- web/package.json | 2 +- web/src/user/LibraryPage/ApplicationSearch.ts | 3 ++- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index a6f781f48..a0975344a 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -34,7 +34,7 @@ "construct-style-sheets-polyfill": "^3.1.0", "core-js": "^3.33.1", "country-flag-icons": "^1.5.7", - "fuse.js": "^6.6.2", + "fuse.js": "^7.0.0", "lit": "^2.8.0", "mermaid": "^10.6.0", "rapidoc": "^9.3.4", @@ -14493,9 +14493,9 @@ } }, "node_modules/fuse.js": { - "version": "6.6.2", - "resolved": "https://registry.npmjs.org/fuse.js/-/fuse.js-6.6.2.tgz", - "integrity": "sha512-cJaJkxCCxC8qIIcPBF9yGxY0W/tVZS3uEISDxhYIdtk8OL93pe+6Zj7LjCqVV4dzbqcriOZ+kQ/NE4RXZHsIGA==", + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/fuse.js/-/fuse.js-7.0.0.tgz", + "integrity": "sha512-14F4hBIxqKvD4Zz/XjDc3y94mNZN6pRv3U13Udo0lNLCWRBUsrMv2xwcF/y/Z5sV6+FQW+/ow68cHpm4sunt8Q==", "engines": { "node": ">=10" } diff --git a/web/package.json b/web/package.json index 0711fd536..f74aeca54 100644 --- a/web/package.json +++ b/web/package.json @@ -55,7 +55,7 @@ "construct-style-sheets-polyfill": "^3.1.0", "core-js": "^3.33.1", "country-flag-icons": "^1.5.7", - "fuse.js": "^6.6.2", + "fuse.js": "^7.0.0", "lit": "^2.8.0", "mermaid": "^10.6.0", "rapidoc": "^9.3.4", diff --git a/web/src/user/LibraryPage/ApplicationSearch.ts b/web/src/user/LibraryPage/ApplicationSearch.ts index 8f732eaf7..07fca5d47 100644 --- a/web/src/user/LibraryPage/ApplicationSearch.ts +++ b/web/src/user/LibraryPage/ApplicationSearch.ts @@ -1,6 +1,7 @@ import { AKElement } from "@goauthentik/elements/Base"; import { getURLParam, updateURLParams } from "@goauthentik/elements/router/RouteMatch"; import Fuse from "fuse.js"; +import { FuseResult } from "fuse.js"; import { msg } from "@lit/localize"; import { css, html } from "lit"; @@ -66,7 +67,7 @@ export class LibraryPageApplicationList extends AKElement { }); } - onSelected(apps: Fuse.FuseResult[]) { + onSelected(apps: FuseResult[]) { this.dispatchEvent( customEvent(SEARCH_UPDATED, { apps: apps.map((app) => app.item), From 84fdd3c750f0e4b9deded73bdec9ba61888af894 Mon Sep 17 00:00:00 2001 From: Tana M Berry Date: Thu, 26 Oct 2023 05:31:32 -0500 Subject: [PATCH 11/38] website/docs: RBAC docs (#7191) * draft rbac docs * tweaks * add a permissions topic * tweaks * more changes * draft permissions topic * more content on roles * links * typo * more conceptual info * Optimised images with calibre/image-actions * more content on roles * add more x-ref links * fix links * more content * links * typos * polishing * Update website/docs/user-group-role/access-control/permissions.md Co-authored-by: Jens L. Signed-off-by: Tana M Berry * separwate conceptual vs procedural in permissions * finished groups procedurals * new page * added link * Update website/docs/user-group-role/access-control/permissions.md Co-authored-by: Jens L. Signed-off-by: Tana M Berry * polish * edits from PR review * restructured view section to remove repetition * rest of edits from PR review * polished flows and stages * polish * typo --------- Signed-off-by: Tana M Berry Co-authored-by: Tana Berry Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com> Co-authored-by: Jens L. --- website/docs/expressions/_functions.md | 2 +- website/docs/expressions/_user.md | 2 +- website/docs/flow/context/index.md | 6 +- website/docs/policies/expression.mdx | 4 +- .../access-control/flow-page.png | Bin 0 -> 118320 bytes .../user-group-role/access-control/index.mdx | 16 +++ .../access-control/manage_permissions.md | 118 ++++++++++++++++++ .../access-control/permissions.md | 44 +++++++ .../access-control/user-page.png | Bin 0 -> 121630 bytes .../groups/index.mdx} | 3 +- .../user-group-role/groups/manage_groups.md | 45 +++++++ website/docs/user-group-role/roles/index.mdx | 20 +++ .../user-group-role/roles/manage_roles.md | 48 +++++++ .../user/create_invite.png | Bin .../user/index.mdx | 0 .../user/invitations.md | 0 .../user/user_basic_operations.md | 37 +++--- .../user/user_ref.md | 0 website/integrations/services/minio/index.md | 2 +- website/sidebars.js | 43 +++++-- 20 files changed, 355 insertions(+), 35 deletions(-) create mode 100644 website/docs/user-group-role/access-control/flow-page.png create mode 100644 website/docs/user-group-role/access-control/index.mdx create mode 100644 website/docs/user-group-role/access-control/manage_permissions.md create mode 100644 website/docs/user-group-role/access-control/permissions.md create mode 100644 website/docs/user-group-role/access-control/user-page.png rename website/docs/{user-group/group.md => user-group-role/groups/index.mdx} (86%) create mode 100644 website/docs/user-group-role/groups/manage_groups.md create mode 100644 website/docs/user-group-role/roles/index.mdx create mode 100644 website/docs/user-group-role/roles/manage_roles.md rename website/docs/{user-group => user-group-role}/user/create_invite.png (100%) rename website/docs/{user-group => user-group-role}/user/index.mdx (100%) rename website/docs/{user-group => user-group-role}/user/invitations.md (100%) rename website/docs/{user-group => user-group-role}/user/user_basic_operations.md (83%) rename website/docs/{user-group => user-group-role}/user/user_ref.md (100%) diff --git a/website/docs/expressions/_functions.md b/website/docs/expressions/_functions.md index ceddc916c..da3b524e3 100644 --- a/website/docs/expressions/_functions.md +++ b/website/docs/expressions/_functions.md @@ -66,7 +66,7 @@ return ak_is_group_member(request.user, name="test_group") Fetch a user matching `**filters`. -Returns "None" if no user was found, otherwise returns the [User](/docs/user-group/user) object. +Returns "None" if no user was found, otherwise returns the [User](/docs/user-group-role/user) object. Example: diff --git a/website/docs/expressions/_user.md b/website/docs/expressions/_user.md index 250e15400..f38484bae 100644 --- a/website/docs/expressions/_user.md +++ b/website/docs/expressions/_user.md @@ -1,4 +1,4 @@ -- `user`: The current user. This may be `None` if there is no contextual user. See [User](../user-group/user/user_ref.md#object-properties). +- `user`: The current user. This may be `None` if there is no contextual user. See [User](../user-group-role/user/user_ref.md#object-properties). Example: diff --git a/website/docs/flow/context/index.md b/website/docs/flow/context/index.md index e98e4d30d..13f6c5c5b 100644 --- a/website/docs/flow/context/index.md +++ b/website/docs/flow/context/index.md @@ -22,7 +22,7 @@ Keys prefixed with `goauthentik.io` are used internally by authentik and are sub ### Common keys -#### `pending_user` ([User object](../../user-group/user/user_ref.md#object-properties)) +#### `pending_user` ([User object](../../user-group-role/user/user_ref.md#object-properties)) `pending_user` is used by multiple stages. In the context of most flow executions, it represents the data of the user that is executing the flow. This value is not set automatically, it is set via the [Identification stage](../stages/identification/). @@ -110,9 +110,9 @@ Optionally overwrite the deny message shown, has a higher priority than the mess #### User write stage -##### `groups` (List of [Group objects](../../user-group/group.md)) +##### `groups` (List of [Group objects](../../user-group-role/groups/index.mdx)) -See [Group](../../user-group/group.md). If set in the flow context, the `pending_user` will be added to all the groups in this list. +See [Group](../../user-group-role/groups/index.mdx). If set in the flow context, the `pending_user` will be added to all the groups in this list. If set, this must be a list of group objects and not group names. diff --git a/website/docs/policies/expression.mdx b/website/docs/policies/expression.mdx index cf59dccfd..2200cc96f 100644 --- a/website/docs/policies/expression.mdx +++ b/website/docs/policies/expression.mdx @@ -41,7 +41,7 @@ import Objects from "../expressions/_objects.md"; - `request`: A PolicyRequest object, which has the following properties: - - `request.user`: The current user, against which the policy is applied. See [User](../user-group/user/user_ref.md#object-properties) + - `request.user`: The current user, against which the policy is applied. See [User](../user-group-role/user/user_ref.md#object-properties) :::caution When a policy is executed in the context of a flow, this will be set to the user initiaing request, and will only be changed by a `user_login` stage. For that reason, using this value in authentication flow policies may not return the expected user. Use `context['pending_user']` instead; User Identification and other stages update this value during flow execution. @@ -77,7 +77,7 @@ This includes the following: - `context['prompt_data']`: Data which has been saved from a prompt stage or an external source. (Optional) - `context['application']`: The application the user is in the process of authorizing. (Optional) - `context['source']`: The source the user is authenticating/enrolling with. (Optional) -- `context['pending_user']`: The currently pending user, see [User](../user-group/user/user_ref.md#object-properties) +- `context['pending_user']`: The currently pending user, see [User](../user-group-role/user/user_ref.md#object-properties) - `context['is_restored']`: Contains the flow token when the flow plan was restored from a link, for example the user clicked a link to a flow which was sent by an email stage. (Optional) - `context['auth_method']`: Authentication method (this value is set by password stages) (Optional) diff --git a/website/docs/user-group-role/access-control/flow-page.png b/website/docs/user-group-role/access-control/flow-page.png new file mode 100644 index 0000000000000000000000000000000000000000..fcf4e8318b15d45d19e1ba88bcf212cb0a732a19 GIT binary patch literal 118320 zcmeFZXH=7EyEg2M4>|*uVWcQ^6zK#+1e7W&p!5)mgr-ypO?n5#2bDfjLMKQGK?q0* zy^KmgY6L=WN{iG;4G;p~b?eNt_TJyO_WFLlKi*`iD-!N=q>-;N#o{Hp$Z1ErdsjhfqiG?asZnRu6977+Z@3>HE3pw*FdmJJZ(F zoWC)_ZyK~dnjl8NjsA!VXOaBl(jPdN&NG|z8kHNZAxOc5g>GzOj+FNL;zN^yDT>qg&M0qvnk!UgI9>Jr`pItYr zKYm997YTMk1SkE888xVd3Zkv)I&`PL;_+x@JuQw+j(#<=)<9LEG5z@VKYo4!sRk>~ zuMTDG&yCo|yCS9W6MGa4CYZ53ymt1-SHExKC1%vA{BUHzJ=ewl0$pBNSl6EyZzuRo zhYTzK{QYbHSW4_uBLi_XnJ;wr%UsU0Go8jFiYsqFB(O*|UJ3a6`bC1Nb%?B4ou~an zwkmM(m%CD=^s|FEI_x@=L_6kFtgY_Lk>pw!tM0;QRd#de|N4IH{}|5kq8#+Fdl-G( z?#ug#j;W>~FRB-%H!EUh)T5o()Q5hO=kd*r2`^He>5ohQ&zjt4MhRzm8&=qLB!p6r z@HJCfamqU*QFMi^Pq!0|i%sgRkN>r^I?jTqQDJNibY%HWrCEeAwmarJ5?LaM{u~wp ze<_}Uj`^RR`Hhp@yw~H-(d_L$C%rP&q?j3EPC2_o-A1`(s>}?jidF^j4cKj-w`KfE7 z&a1eT)-6N2{DRl_{=y+ik=j^VUu_+-ZTxVqrcq^YF43+F4eK~$&`*+OcHW)jzpQ%j z<*b*o?eV%C4w`>&=8X>f6if7}3s>_WH-C6>mc|#ZwjUP+wl=YW+N^j%&gH)6?w1#w zp+|Fx`t{iVeoZi(W$4~~U3Ea)1;;Hj8d%gG!rI1sS0c3hY3*0M7P?F8s-;h(nh-b* zvoBi%`ubSCtn`xm<+;w<&hWPDYqhhU7}`xq9MLi7AXut-*M@rWs|_QdU460PfF{k3 zTZYo+j}QS_*H}2Rb`hHqIKfkCtJDU3NK1t**XB*h%o4CiPg=J6D(`o=zPL$f41H@ zY|4Wf^MDOrxp-VnXrm>}3{w}@UTN~( zYm2#%xH4X&uZF+F)|c%+6KU7_lC??2G@1jpaTqQc)-H;JV#R-qn;FH<6ZrMD@{vlE zL#0EHn2S3&U|NgZplvZ}MU)Hg|y&S}A8gn&KR(*jK zx>KoUZXjO&Ih-Y-tmUvij}!)6qo|#a=JQ8<($L3nWK3#`?`c~$S*q06HNVUsF*;QYnhHmBYvv;}{wC_wG zF{abT1NY`r8me=AffW^MiHjRuwfp#|-S*NTZ_pvNaZ_)}qh+gK``Jb%Hs{1~?Xc

H zA%|`kTN_W30w`H2$e&Y{gLZO6aO@#qPl_U*AL?b*g&iG2o6?aWsLf2H78PcTB^~u+ zEmr>>jx0F>VS`O$GTQM0FxL){05Oe6hx7rl_4dSJt036k*SvUUrfv;>XC6e1$}R{Tf*@Ah z!|G$K&c{lZn&)9tV{OB}L~th5c~OKwV9~$oKGpbMh96Vl7L1W!RyJ7VBks)BtN$b) z)xAztrLV{^$&v&h*A>Bu7K#>uG$(?4cZAl>{S#f2i8eNjmik&8l7^8*j^p5YCydo# zO6#rX(wGR^l6Co5*AQ@F9gyp4;#h7!KXuOyWKuieS+W>s<^E1Bcz;xG-`j^D#5lI1 zW`gk~7N+tMf*I?x?Ze)@1J$ogt`?aXMBC_PZx%0r99p_p7nNYW=X*x=;M;pD zlrP>BNMqIoj<(~~t`QsX0w5{M^J?G zm~Ar-nTl6f!p$vYxa&3VFBNyYsy{7d#mwf`o^={m{POQ}$Q?eMNpsYO5!;uwmZQUN zM(hO{q0KQ15Se`}Gg7QWZ}996YJ5Tb7HUk%v(_NA_deINwQX_R|xoqBXg?T`vxkADA)Zb4T&PS?r$ zLA&n>b2S**oI{LP)M=qRO*UC&>Sk+-SBzY@?KvK)(Y6w@#%_J-*x zEas~$TL!HXWGCYr1rt$Bg!!%%`8h7Vw5tURj!Vt-HSH#f^v?*wGG@D5eYC)EQB+qc zWj%OEX5Ta>$%M2WwdhgfHkn?`gIumWPvOt&E^w97pm&W;aasq%H)UVKEBmY2Y1PKm zrzlMHb@c1oFH9yh*~qz7ncH-fVDU9GdQ9KUhFjhRYV9G27!0N7sc1#lCRE;A;*A2{ zE_F^zqirP{w(gB>y&LmvVSZ59&dD*69kwj_6WCt^%|ZA0VjLTbT)@jyJ2qp4mab5$ z{F2P?^bUF&&jaH1u(`f_hnuQLl{1{v(lfeKu0$iZ9MraB-dj|+;_@KygoKjXLIVPHFu(FNtu{d5u zX2HC`8o!-UM^26Bok1&%5Nveb9U@z~8Ky?7;FFR~erc7>;J<%8XP6T2X9uH6VY|Ay z)WtQ*od<(*#weHK{e5j1wGK`#Wj@T^=Z&SD*_x2m1ENd>2bFj@QinU_?U=NBpOmYr zN2v7A4)};=Bqj{9q4U8^gpNG+KC#`dvO~<}y)J7uh5YK=`!OGrG>=DLk!6=sR}c(P z6@SetSlSZ0;2EM(%CNlM3!^!DK4I5nywa>;BcHkc`H9_dsbyWw_RhHbu#rKuRFADU z;n`W0+LUwpN*)Fr5sSHm+g z5waBhOfq{b(XZ-rUnUj?lV3X4KLS{_sd^gcWEw57PsBMDj9WMOx-Q6MI7W@-o?n!7 zRh0H|6rVmGD}e)8RAQU9o`#-EXUi!?HCFtR2ufb`)m<+w(P6nqTxLwNi~Z!S2{~XX1Bd(c zJtKo>ScUzsd5D%;NsL38q1tN3^npW#BPn}=-kq)?QJgb`Pd76dfBW$E!b@2*0f{Vt zi_?Y=$OwI1w}#c~TQ_E2zu?nqi{s5uNYH~zAnF;4YqbIp?v&Ex^)XtiH?<0|$Jj?} zu}C@PZQSv2B;()_;Z|(?HgnCp!@DFiI*X}=hk83Fc?fSlObN8`88j}UoI`LpSbhMp zqz>$PZ8L!Meh`Ef1nE&kM>L@K289i4E8!-L?J6;Pc|kQa`1ScMkmD}PPX~K>PI$E2 zONMm_rWh$L_-m@)d($u7&WLrgvAu(>9ZJUX#L{a$=R2+FFGeSAv8hzCshI!@CIE#Ye2r~gOi;V-NrUh4RhQ5Ye?7iXKRAuN!2>F4p z#qa2*!%k7o3Egc5HB5C|dw#Iklp=|XC|O+Z*U6C6 zRm1;O(WwmY{AhkNYNG?8ubf=ZNaecXoZckDnxwy)>St8ge+wZCuNC2_vkI6`jv_{! zkEMV_*~9bd%>WC^$tJL|YBSQg@1r9DskZv%1%D}$E3)Fj(0-zju2$AkS-&z1K!TkU z)0sEC#5nLaRYg_XHi2EK8dbqrU~MahJ>kurV~1vrS;iufSXWhSp)$w_o*2Z?)=TN| z2iZX>vJv)~wu;lolbOL{_13EvIFPcl>O+&>Zdhc9v=rd^=Rax$yY18CiVJdv-cY31 z9LGGV&2+b=o#`NI)0@1DXwIoqQgt_@yr%zU+9umP%+AQ-1$g7x7>N(TTV*5`dzUkb#1B?QL|CHP_H^ZvSXZ%y@Z zRyD!;Xn(ka8cJ(;|BEE3Nr{|$PBcko@c?ECIL}C}hwUIk2cx3w!#F=#Jjz6X;JSH@ z8-B6A^`p5HJvKKs9J$Iw&_Zk_bM#bbGz6{^hToL(&%Z5!kN0ah#`G;zFdIlCk%UF* zyekM~jCt+jhnU~Zhjwh6O5W?jdAx?m3F}rO7^L*_SaSRmGz6TBmeKL~!%MWAL)+0a zmdHrCVxAPA?f~q~9<)Hw0k=YYOF>UDMxpKdTF}X z*e-Ho6qNoWl~Zabd6Qg5E9`GtjXQ9XbMGemQqhu@>BVo2n=J%6Egq{a$#oXqaq(8e z^O+$&HiPKTjFRObL*;}sqogm(hU-&f`)>okV_gMSkygH=_Gt+5AuaB^tEy{$^h+7U={X=8l+JAyL~we-s-SJKvDN{)BgACSNbB z+Lo;Un)^J&4QXuPyuEqdW2SZDXfoNjv_#IvGKp;f&6tUnI&g)EoG0N(2RU~mrDFSZ z(!h&H2`|IbKmH+(+g{!TM31h|5ra0&5DbmUH>uYnBp?HBz%oJUb9`q^t|3RxZK9SO zWU65NFy?BKN%%_}8yG$6_lJ0`c zIyP(rwg*k=5}X24dkueYw^o2nH7FXim~#O#7lQseahd?Q1hQ0a*tci=m+3pJT^8xIxL{C#(feQM8)ugf;*>4GWi- ztHO~lH#GJ_^SbkL&@DL}5k-e=KX+-`ciIB{R5Tv7Y+$hfssw#YAq@}bR>H@z&?dxL z{q$?1K0%nU!+^4R2+~dnd}LQI7tt@m^HQHSVxpBgyFQr>zZJns^dMT7K(VWs-Ckm7 z!K1xc4beh@7V`uCFF?$rA>})x0yL1{X;~&he+(n5KP@~RFej(t!jTE7GYGZVpM*5- zcBZ4nms!4n^jkl?m2GB|cKposoF&g~h2783PWq_9oKb|-owC~Q#(+)3lt>@js&r(& zt8mlz*cmNYygf2j>RNR(!heN+#T4|SRuk-2x-KBOBf6c0Xt;nW|B zuLj=v^4h!ZJn@YsEr*qfkSuO01afG=?Kp%Q{st4FMD#rOBH)?cC|(5Co$Snpz90?se!JrZ5)u!;l`WRqi3n<{f}u!Q~7+adl+ZgWTV$Yx41j z)4EdFBz@r#+(uhC6AM>hCNru>6lXt4(TEB$3dFuRb)o;Qv$X42)kI$Ee6p{e^c%B1 zPxt0Mhoy>n(!HUNDbfswvBU9ozDIUyFpI#&f;x@Ez@?%>!xV9TMzQ(#{TRlZo35+0 z)2j~r0MYU0`mHgrbY{Dgl_Zr6`sjCtl1UbN1EyJ`3tDhK%wTleLMiQPsRXmbu< zUk-$7Lu1Wpr>c^x8eyH>?v3jjr6GmvN^Im4Q@^0#CM!d%M^Idp?Cc`q<(VTvjM?F zJ?Qh(lYtCL*Q6={dFzL->Z|P8d45tm$zIJmo_^gUHyn8e#2ay)WVDYmu;n4=y(+j{ zls*2u6OOeaN{u1vo*BBon14yARprvE1?|Ay`v9a_~>*R|H0C_1o;#rkycouy1f;4=gyH=T3gKIT3)#_7?KIK>R1X~x+Q5c-@DBK*nWM}b}3>lXQV z&H{pni}AR7%uJ%m!AEn0;%&auJK@M7X{>U5?4R2@g}P~@A6E;Tj&FVpEVGaON&xVk z3>S=7+W2_uR|)5(aflOK@IoyFGQ0GL%{v*!(}=Asts=HP%~4)WNZQuDz^SCRTh zN_J2wi3FhxmF0FB^X3T81fe};%T93MRf3T4iRxNXKPB1(HN^n49&Zz8uo&(vcgODXMnN)VvWqo*c zxL$fGAskr`njp8*4yLv4MJ%D7MqHyGMkS*|0~S3scN$;!6fFcI4&#faIZ-H z4<^C^6X7wa8}dt!K;V)6a#V6R3~L((z@6*Z&TO4X968xk$2rsYsGqr^z^1CIYCAh* zXLN3*lBCBtpib0P{%8ICPv%>uqz=h24>+|b0=`>ujn}kG7Dd^twQY|h&ktn3J1>n7 zW{4D_rQ|^~CRD!|O4xteZzL6U6qs5}cDv;tK5F z+v7!jvb;*5R40myg#J<+XjQ$pWqq`5ohFF;a7IyL_@!cbw^LyjI@6==LI;GzM;2B_ zD*-DH(2x+c)8R-hQ33px=~8ykT8D)ywnp3B5pZO@W(FBIyc|$J6{15ZFx+I|GQOyN zw~gC7KqDa~(d)rcNZE+P#I0sx9|%`nLt>|~p* z{Hj$_s&rl+Gs+{go!8G|sXUHfRfTqCpFixtqr!W!zg{z(S^9T79({sqYf>t4WA+7q zXewRi+;H>QUTfvKyj!5gp++bPSbuL-Oh3bf?3fL%684opm4uH$VAwjv|M{j8OO_QB zl~QH#s3K|GHaiZN%D4ujg1#fLGRHOookusK=BvIfj`@@tpX{u+W=2ikH|WZE2iOQt z4Yu?{p~`P;>L-cZOawp|z}T0rPJXDX9OnG#RkWK?2KxnE-@!fY6ju z=cYqCPYQPWR~54O68s4y<-J=cF7DuBXg>ahgOJ6tDAsS|PbN z9Q_sbN(v1NQ#9M4$SWA~nCAg3PR#~+aqh|SGq`=?7N}e?-C2q?SXKj@I~l3{%QYTx&mBx3)Xd8R2L*D&dqV)pB{ zt?kQYEzRG8`F+Unw63=8m_={x8h!+u>3(-6VCg$R=fL24p~#3jYuVV>M1lngHO>;C zk?GtXlw-z3xB@Vn1@$9xD*lH%+%JmZrsJ<^O#(wTSwGLE%yk*K!n>X(>+CG3 zvnpF}od?zA+(#3Xj%LDy&$(r$29VmO{k1m^SXh|5#Gup-OOxNGvXRqGN{jB_GyqxJ z`CFa$9XOs}JxfpQ&GvG=d_|`GF&0!^&8RvPL66>DO+Q=Gfxw#Zo~fIhInTH_-5NIY z_36okXJ-^dOj$o49bk?SsR?eNmWt?$p9-a~zQ^5NS7&r4i?axnbZ5v*)d5;M@q2WZ zvz!+3=2vcd7oe#ooiV+y^fc_5jF!F0f{eDgIML|C?ILI zvkGkP1+jod{aPlADaG%H7@i9Jj3i8FxWly9(iN2V7|9>J!Z^=&wJB&%TMV&MzMVY{ zlVP7{RMcewioxLz4s!ba;HB+gC^^a2{xUk0fIQbLxOsrQGH5qB-1sZWUZB@h4Ihcg zP{7a~LQNEX?oR5>p50%Fa$4BXD;&D3$>VXS?A6l>Efi=YaR}JWXI;9Y8zW-m+DTBd zxl@43JGWia$jX$cVb!2T#DiNyfV3p?rXZ=m7u2Lhnh-d7&h}`Akx1D$;$oMG7a2^B z%Qk6dfHJz!dOY4S0JJ=O*bl{Gt+qjQ_gx9f0ha!oJw>a12XsoHmRdu0yCWt<&dWRi zI~&`lQmOU&uoqGca6LTqk}^8rTij5!KnzG+xn^|`mgU9gkDH$UwM`DictKMv&e^HC zik!4ovEDC6C)FQrWMHn<5!a6hr8(6Bwwu~=c(IZ1OH=vF=u7&r8ZDPsy|G@)OE);I z%K6_?OoTP@LZ~6=lTg;YFLncTB#|b1iaR5=iJ%8hyAfBFF!n$cM?X7>M=#!e`|`nAr497BZV-0itFlW=Q_vbfY z>-1c=wui?P6}hfEBV3AyM#U8Ja!h79`-`maaI4`rH4L29Zs3PyUgya9v!L)Ix2oUd z54|VpifgN6`Kr2j5-N56Bb2 zK8a?SHn>4V^h4&x`@*i|A|)cI|9#n+-IBEw%U5gVi8dO@dzUqM#HM$QO)ZW6)L@`G zQK$oL>o-;}0+~hNzD|Jp+SMl#joz6Fh$LGLh&aCjb&h}9SsIngW4XQamnuhMzFL}R`lJxH&pc286FV(F*&)`0seBdHe zJ;}>N2#xu3fWqR$MCcX65z6gA2-#&u9k)*^*V~=Aw#;*KEa;{h{v8Q^GGzc_6BLYN z@~`?Vk>}b~4?R9aIl;d{A|B79b5aF@vb20@z`~oRDqQOnu5=_x#*~27=4Zz`ujF6+ zYq-QLQNp73?Umg7NpH|n)>D7}Zjhc@f2Fho5EqF690~%VfvD0^)|K3cIw2Q^|Ij#! znz2mk&;2;ONR5-9^3OBiOP6uf`*KJOxVDV(HV1;6FJ_U;=SbcbWg}sPBBxDs-c;BT zi5NaYgkE+(YZMf-vvb~%E?X5ncFvKsfF0x>?HDcC;BXdm@B6Jdv)T%VIU z^eYo#vcZq@Ffv&%EHqDmSWcAQ7ieJso--Bn#9OW?PlJwh0_ZmisnSPD3AfKGU)$^T zYfe1)s;R0Kdbo)Z2E~`v7n*beT;Q;XW8m3Or&Qo5y$qy08Q~9+tvTCMA@1s)^WR=I zb!wy>J-kyf!#L~dE}(&KaoDPjV!{T51y_**%i~8(7d<^BJapD{ZG*qPdjaF_zO*w4 zVsVUAeo&N?Y-ptA?j;K~JcEfK33}*IP$Y|>PS>wRI7+noxP5x$BCC3P5@}F8tHe&` z`W8TKublqqSP7WtW5=@Wrkg`Lh@94$NWF$H&$%t2Ui=fuw_82-9rIzeLIfA@`ET%! zcK)(nLRP$Km?5EYtG9u=ZAB>?j|<6%aksOzFYs+oXCVq}N^&^pOO4^k;G*F9(U7Ly z!rg&Sl4&3NE`+8%q27jaM^sHgSZ zc#NwlQaBD4*VnW}I*P9;x1X=d9dUGICmS|@F7*+s>z2Z|TlWXkCUbL!N^^DdG&2kh zmb*7y4Ak&T;wFP3CS{MjqUL`VBS18|6KX z^mtnz($Z#sS6NjfSlgA%aHPg!J{&M}As&-oy=SjQz@)gVY+Elg5lTgIgWhY~ala48 zc_Ia-JhoSAdZ>i--iE0JCBpCjrF*hoocs9^ub|g=eU2sm*S?ONY^3HQy$%GmaEul`Qmvd!iXb< zjcgcoJXTVKV7pYNW^LeXdNIExuUZs$8dN39)Fd|%oNQI*!1Iurz6=U;0xa&#D46op^T|SAy~V{4i*ezZ~j$)Pqj_4YLMcyfc(5KD`EN z!ITMAN4K?vK7NfDJ(I>GwNlqv;gr17aVP5V9opHo194At&KKICkaA z(XZpO&O_g&ol^l6UPJ(d_q-zk3J~<0l7;!zJ$m0$Bb0&KJqlIXe`G)Cx^N*9wsV2r z8IQ4Q(W<{?M(10lE{JLmE^vLLbflZk=z!%-}+I>;nY2L7f*Z)njwuZ$nE zb@EZePgA3is=$l^U48nACsLS=ETo?{R;_wzGs<@Bq$;=uuv&CTOPl83o>kXEN%J1A zvTKjym0g`(7siy<_7s<1NDiv19HHfNb$WZadBm;x)Su>-uU=LBFycqyAn$K7F^=&l zg zo(Tnci2FHq?36=|ZnHSePf=fKTc;u{Y?c1f=|-_DeQ=m#xN-72`Z~6;ou9IlO(Ptv z`i*@*oeVSTg7uXAo5riZY3Kvn(0zAT&GiXL4IZV;C|$;>8rwk4?^*DKA#hj7VWHPe zwN+|vu!-w9+y?wk{4j@<(>N`noEj&J+YVwQlz5IEyP%9O2CE~cBm3DO!btl~q%)Fx z5Q_J)Rl_d|IzXJj_k%t8sgxZN+_sgKTzz36Y$$L7yX%r!w|O{HO=YnK$;6!(I~+@FA8MH5_!uA1uufTQ6Y;0l&2$2;b$^h9vF*;fg(T}~b`ho4V=Klr1T z)$tnPbJSWH8civ2EgcPszK5%Uhh$jz^x&e#gAO_hofW14uDLxm8|xMAd`X|64;){{6lpZXI}L4!B`G|41-XB0nQbvR}HgXGv> z1rlMi>Vs9g4$Sn|yB;p!TE70cmanIP&`@iwpuj}~9>X)`(L6}cYKXJ&sk+WrvO-GEWr-HI!pMD6>KjC+% zN0_-UnukdZ54=Z>hc8DT9Ry-lLGOmscv#oG%tGQE{bP`l$BM_9HT&egfd$p+9Zw`l z1Qn)??iI%|@aGd~(bR6KQV{x~47CXOaW&UJ0rs<6a(M{)LJ!sOs)Ac*#EbTxar`h% zH`?3)X~^hm;QXL^(@+@5e(WhnjAT<`z;PG*pDOP`g4-EwDt23~-|k>HjbBL(NAhU% zASmqQ&M1_6la|zAa|u8$2jR%PPVFpD3A`j6M6H-`WN~y7L?o^PceW+}r6*Rjm-qKM zpMH*DlA4#ipqrtRH(U<^fSHY&35BAiL)(l18h`szwsDQmc(q-(&p8Dw=r#k?H3R@4 zN1OvumC$&spUnCi#oJQ?%9z9KpkhrI;2*sz&Li<)2gja>;I<3%hc4#*vj5?q)6Edn zwG*bTZ#3G}eFa96=(BvJ^7GKzWJ98ODIeS;s}PfB?K558GvYh{YUDX507!4#NZCyt zt%_?awVp^gk2y~sWF3ASAK1vqpe%Osn27=R-GN{+-06*QB+#uMctCj_lovNE{(~ir z{=t%Kgabutvne5FYkf)Ib5*gLmwtC#g9pKr5tO8#^s^!%(?r_?4%x{U`wVQ->7`m) zte7Fe8{;Z64nTzyX0;akeI)^(?Qsu38Fs%-^;Lz--grlXYD?d%nGrxfLA4EdJy}~{ z3ldKde-SSs{xbG1l*%#o6vldAlwiKIM!YsuKL$-h7@KM{@$tQMo%|l;MnFe3bDkZ< zFr?MTM;c$SrC#p0K^_;3MrytU6~h%K!t-f;;Qa(&E0Tg%PnLn9GmRgeSg5nQt12=3 zU(UYK*J<1VK!jxQwAZNdhr}8*OyAONWtUql)YSVZ^Q7~X--`Ioh2?hX*790m!UgGt z`nV%L>A3HAKQH*_b54V$M(SyC!$IV=H-0Sy4lFUq&Lnnun$RU$PT%76{Ox#M`dEKMl!iGyT~MI5IS!? z(BMLPiSH|Y<$hD`=YptdR>ooHmyTiUuvH}CUAA%%3)9dLtFLQ7i&h<% zYvLz;S&Nr3Vyzf$B#ZG9XMPMEW7JVGD$7_!u}9(!6y|&;eo2M4`TOCI8Obh|ITO5rEF= zCRqd>^Y5&wq3E}!BYE^e7924BXo97bof%aH`sJU43`F=3bP>HxujZeJqBj)|n*kNt zts-tkv+1ZbIRJ_F2Is$n*$G-+8sjl{$9_m=$3)MuujR9efMG9mW1~q@AF!8$Hdi>ZJ!?1zMDCj%I4AYf zOoWB7PzCRQebk7}hBjzu6@=8BA4YLyng%I~cOy#Wn{G`);AV>NsRNP~R5MUw(W>`}k2iWvIbyoX<; z0a+J;8X<=!Gt(@7j(fwO;)1tx~h?}PgI z3x8bmDPN51$e#x^ZI;A_!pV%7hPCH&lQffB$>VmH2>>76!%lfwUkzN@4d11$SL$)! zz(p>s*1|gjWfMImrxO=~cXHiQH|7?l{c3u~6OiF<6qq59VMjLf_ z$zU!-CO}B_SEpPh*3d8LxhT z5TO1WB42I431GGTR#i-pk=J?=^0iQPnrX4N6(d-3+)zhce01Ic)6>Gatrs%VOTqDC zNblZ~G^xe9HI}46l?>h8%zc5sXT|^zR)h#SlLU+|Y2Z!r+1xt_q~{~k*VsXd()nKV zbZb7Hpg1LMATm5=@Ge(9IstS;ApK0;@^|M0^_HR*3J6+;%IB|rpGW;#?!P`WmxRzO zT9R+s)4d9mWOmSiQ@zi!g<_61)Z(Axp5E1f2AUdv3?~AyRptpD+UP2i?B55e{~$wB zLWo3?m*N!H?)t7xEOPz)cjy2*1lxOf&_l)UfH76LL7pND3XF!>Eq!$o#squ5zGG-* z7!4l;sX+BXSq~`w64PWHg*Yv};hsS26=ZeuZwSmpc#1GuZVOL`4}2eu{kj%DmVYl% zOtJx*{Tp*GTQxQWG;73?Y)*q8W3gb_Dx*;ygck0{0D1`vV872g zNMC10se>7cMKcO0|G)(8-xIe62FtZ~ii&@47ydqE$%`~#f!e5~z~v!4;=g?B$K36+ zHa0S(M5~+vx*l*n&{W9a8{>%g!(fgMkle20)q>E_&c-2~Dhxtj$+D6yH<&LI*Fh-! z23oYdszAG3U*?ntDyXK%@sJn`uobVT$D#W3OWJ5tkY7vO;)k=UI)Jdub{VTGT3Dtp z7Gi`TaZnGX(s{V_eN!aEZL;3yriwgqwUrSU*5f5LTmSc<%Rl3AK&mDQ$&^WfQY{Cb zOIM|uwhTRo%pBRVKfxrq^%PgD-iH>mKi~_Pdo}k$_26Nd&+P*jXbKZ>gC-u_)?o~v zt6)-U4wo0VRCx#l2w6yzpl|O^(pRK(lTf+-rcOuTQdSAUgj)tY`itZur!Ep`E8Un+ zLhSR9I)pKq-I+HkXQY+EV25%S5GQZ4$IpZDHfo*8e2e&6%YBJ-K$DjR1p{^dLg4dU zm-`kJu&=O8cco_@lJgW_um?u4Vq%??Sw;Rgm$vd`>%8l2(6onyXsKDHP~BXDw&8H> zW+>>LL&&?Jl$);CAnzdorfJ04hO|;zmP;D~(UF%d#^k^N*LbDQkfX!l!5+{dN$0}` zFchKAG~#@8LDdGy9(j)n8imVVQnqu%+7yp6_8+6z{|qVKR)ZO{MQE{zN%tG=y}UPU z>1R2ZV4BowlT^I1s`--$vvNR`O`c}F?g6 zlkR%K*~BEd1&cN|#z2$Ad^nN{odN6PB_~?cc%PKtrgtN#9iKyRg z#-zze18xQHM-Q8{C>--xAY#f#6_uu6FNAt8W??{?UpE9<6rJteS`%%`V!17VgJxOZ z0%oNOvj=WaG6yQVq3OkXog~@luA~$y*ZKrBMXTHe1H`!g7l`f>thSB2ft@+btu>Kg z75kC5|BD$(*|x~0Ke ziDc7OfA+NIPbI;3ic|I8dh?g-BvsnX6+${f{Z~caQSX7ifj!FZ3vdvsnUF@f_+g_6 zi4X`PPEfVSJ0?yei|Q)!x%qPK_a{;8XpF-La)4ezTO4gx!_DefpcxtM$8)!f= zjiCD(5!7HqjCvpP@|KO$#p12HSZ9lUdg^;Q4WZ~;7E1E)o8mBgbR5@tx=0hB^vwN| zP0;J+%ucK|CDP9w)dNe+4&eyn8*VrV27b~9f6l_(Fi9|Bd z@gUjMN;FtnwH~u$5`e&uv{*c0{zY^9kjS4s0yY_Uwvfn;0 z-w5d+nV`3~le>jbs5jdaaUgmcv6(_cPGs9CLxUts8?K&>>EyUpcEQYzpUn>_{kay% z8zO+aKB?SwXAzgZ%pHO0|NRphW^R~b4rCN%hE|JIFkw2j?B|sClE@Iv((^djU5AO{ zl2aB@a4Q2v;Hd}}!}U|duTI4InPx}J<{QSaZQsQb3~2<*?B!fWK5aIb zyVVtll60MZwCvMpRo<;NBH?Z8$x@rZqAmjx_s!qK@c$W`t`0}y`>}%ETudbspp!W2 zywuh|&EDlauSycocrNBf1Hz}$S{I#~`xe#SY&g)cx}{@}oajA%R>@%CDttk-X+iqE z`A}%?zl@R3qhHOX10qNM3P$heNOxGetW*4mGbOu?LuDHIWGj#AewGuwJRZ(wI67$Kyb;yYzX!Jlo}v?=j$gNOr`yzk7h?DmC^l9jyjdmIu}&af>FW00k6qOk z$8r$AqKNYq8fE|xK#=r5WBO_q1{pxpx!@^%2}!6hSrpMBfH}j(uW+crS{n>9W72c= z0?@X;q@~^?fzt((8eVsb&l|&>$u<4ITN82->tpOGsvv8gFj9lDX|jv+-;)Ri^S}|F z#zV?+KH7yoFc^+q`{6o|9iCtCL+X&+s!FR-Msju&7^WdSW(;VUaw`XVlRSZUiylZ| z^_1yI6}S+jCq{+?%+EOibc zghoTdN|_TjNw}(4MY-oqB<>VMvX)jbqX;XiSYa1nW}S!v`&t`#k@pr}L^`?5)VUA0 z#dWGR94MmSf?+zKre!AL`W*$ZOEIEX@{%~ZQdAW|7vVQVkjmliY{buYCT6fuK3Zk) zCe#;%hoacV5mEL+XRSf zt0)@(z{I~Fv+^iV4R+^CVXaHdW#dD7$>KTgi(1OkHb!j4Hv6CY`}Lh}6khLnkYwMl zQT#?-fCcsCV3R~0odVi67S(7Qi-P|96Nxj_X`mi@LmvT}vQkkMZOxKpbodx3uCwZb zmEwuhS-@J0m?}h$TX}W}$|~oTlTxuVYqveNsvj>Fq?lOJz?iR;jx18)7V@R2Wo558 z8rJk;eNRG?GcTV#jBlAu`w@K1c>&r94yLXd&j6L6|94=})+sVmh(hjt)RB%dUi@m@ zqqNp41h%v4gv3vJhEu+1?Qix>`f9yyjc?{ zRrlBfYJ|7L)ZAk!vOSOFfl!&NXJ*51D!>snD!N+dVib9m*^%fop!G1h_2Z-DPFJF* zX^avilFznp0r@4{9(poDHbxb~ZxMCHrS)%$NV-!1$*@wv113!VhY_K~aS@=kQ|Gw1 zI8f+_PPxSvmF_bk{l*w+CK@G8#I#q%0eTh%M9L6&r%6*M8)^!T*wo+j8ycAWRO*fT zbl-8dEjDdDKK#L=h_$$B>B=^}-w8RZVxrJHlaz`V!({<+7JEu;uE}B@n4var3gsu3 zDiO;M<2Fn)9c0LX)aYgQ!mkqSq{r(t;-a$cwZAszqbOz;LP|hft{dXE!9mv2_5icX zMZ2TXtV2;GAcX&3UjCC}L~sRhKXVWhHh$M~`c*7S8jkGXiiO&D$_Ptz)S__Szu4__ zOJ+rQMe)J>1qi1$?;J?WJE_4Iq!Du-E^@Yj0UiLdtvr5XA=Q@4vnlVTiNd69-x$GJ zW;jj32SxJqumn#msZ{BLV7s#f_YZZ{Gpg5sI~kO()CTWusF3a;fAR*2J_Owr*v!2>F$cp%%&;{O;cNp~WbASf zcyh{4V7x!)_vrQyBmp%935<;niIvKLQ>t`9&+=$uz6R%u>LUY0VUn8u?K!vGSJC~} z7Bojx?!Szh-E`u2L9xQYY%9%p=u|fkRTh|VGq&`oaVd@mxh0!m_t~+cSwPiWcBuzy zh6k2P&pRxZ-wB{VIO(qV*?G8vu5I6^*SCw~nvDZ{W+#O7vojmP0}z-z+zJF95JhaD z+N3mm0%!u5)&HtJ36*rl|8fSctLsaaJhp80x&G%7uh3InyELbQ!v00o*;>Akt-kCE z^B6vkaq*_-AQXvcqf5g;a^=9joUE|detqWx$;D!L=IUAHEdva^CyGcI@k<)Yy)GAa zcrdqAT((A-u1YXv8`mPqlz`Dnu#*x6U9H#BdP3b$K>I}1j+d$q>w?u>CaKU}Ho*J@ zM`wU^J#z2r6!E)>{qqDBkoyIqgbE7K8{zj4D53~#ejJ;LBs07K!Q56~AfRgedqhUb zd!2(uZ?0CY@ml&?gA9q_ZCC1PmS=B_u=+U~zW4@zPN0|g(rB<(7`tWx1kMY-xmD~1 zSgrAw;Sbl(n;RQMQ$#wSC&!7eQQG;#GV7YOrJAm7AEFN_{hmfnYO7Ff2?nr}EJ%|d zUkL=Q%13z@%oDU`DibMY(X-uRS;^UmA@bYUVCdE&QbP%2O)=q**37yC( zmXQuMO^(a7Xrvv;Wd962C7o`eJglVgRGjxGN%ub34rg8qQN(t>{r5b7;@A6T1IcLX z6iALl3W*H53M!KKSBd`*d+#09)Y^WF>J}*~s9*yWEcB{W=^`M8E+uqOAd~vH;h7%gX9K;6Z1m;6PsS&e@(!&K1c0xYT?iwZBU^cUVU_@}uOjEHp|_ z6{O*|<3G$}aeZmSSEB$-BIi4P#T^Ftp=r1Y-`mx5mw~B;M`GF7#IMW;l zT4L`Ts`+Uvf?FV_MdoP7JL)kJb-=J)w!3Y$cuv8OfTNrNs>4`Hx6B0bgXC!vn!KgH zDRd(+a!N_d<%)@0UN8%|$q5&8Aun9dP}jwN8UXzcT9}&&tL9%uXM`tgO$5@fkc~^c7Cv-dm)45 zVml&UAeWg_Mx+{8YgqqPl>668|2l-fz5Utu@2j?I0{P|Jh z$(ggoLqpBArAyBc?zUfd0%gbiITr_I#s=r+4qm2rL|%4~;909*)Y99`$D8!`kM{c` zl=`$klT7+e^7PyhHfxGMZy`oFo$4|0kMY+-;jjA&6!$W2&=%AE3YmT{-gh2-{O1qO z|0?(V{@_0?-xtR5|GNH%ze-%c*YkV3e_y`u*N*;uyT8}}j~)HB-G40qwWI%O{r@-- z|Eo{X|JRB8#{vAO1N%?Q|I-HkXP5s^pXvYgJ7lpt)EF9i85A`#Op9%v5BV?s0G>c$ zKvYZ*!hR+Idsz&5?M;R5K5gb@47>JM3iErU?R$`R5e*Td$wuEyzI}M07fbV+k^C`G z*>I9(Sa|0{L*!F+35xa-P_04hQ;hQT4gvur6ScW z&-ll$EcIVosL9Hp`OB$aG^8oL_Ny|hVtAAR-ez#EofI9ig-^fu2HZ`5AJW(SPZ4Ow zK?ha#HoJuL;b)jA7HUo}0_$&%m=S$Yces+!_71`)=PT)WE3vqXjqy zRox5wJGG)KjueX9pH&XN8rxTx4cJ#TNEg6|;Y29I2?Bn{RF9QHx_%PBZ4njs^zU1s9R(xYW_ztT^o2y$Ok=#5b({1!01v{rcfUVv0+?_7 z4>{VPNtM1kR>!{GxVN!qmr0>1m&tJisnp!c71sa@v41|1E}$=<6Adb)WNp)x5kgyC zpmM@@V&oVB9JSV!d!OGTy*>u;;&|jbUz0DQeUC64J;yR;TXprm(=vf8=xgBD<`(yz z75MkfDcgIOZ14h>}_DUBqP=vE%mQQ>vEo z9vDtx+VNs#1xf|qp4NHIeFA4= zT4craF+Y=B46GXuwnTFm2h^$nbmcRE=bOM4H(8U|UCmQ@OxgsBER3V7JIJnkgW33W z1PVLh#|h8i9w;7^PUeA{fu0Ak15*G-FS?qyA3@zR{f1;tLPpLdx%KvOJ^|so4S!BG}<0)N)jNi7xS?|#VNDSY> zjq%V>bDA^f?N2W+sM_1x-@`m@xPSimJZXH_?}x$wsHEb*%w>)5;ylWg{YQOGqesPm zJ}(&IX~zAv{)?Z3#;G=Lmv?D;+HjyCR*ua3UJ}B&`nk-o04n zl!)0&p}S^;-1Q*1yN60rQqsEyC+cIOP5U6H-Pe}r=-o7vzVe(L-udy_DL+KWa!fj1 z48K0hE^s_6cJr$No~`FSsX%TzY+!bYG1LChB+WzeBm_?WCMBxhu3^yL9hF+EMNcoR zioK?Pf&diXjqi@^4W0_+=ojKFS`V2CPg>rj#jy7=ba)vVGdQ;D%@}_#`D(*0@-`sWkHplSt&ZWQ{(>XOLDNG!JVgHDhB1}8?oP?{wAzu7zIF~& zNHO+!&89zPjD#UoB{_*v*y{L55HWa<i$gSw^m*{CmwPF?RLY{ydMXSC!qHgCf}br9PG0Pu;!yU5Q7eTE?Pm{Qxohu;K|I!7ONG-iND5yMCWoujix~_w4!< zywaL&ETD3hJe_F00fDePjdLl9DXx#F%3qQerU3ecobv1=Y=2IK1|$5ViucS2%4cU_ zMWZi3x8;Uu)zdCk!m3x8Qko$5kR%$7 z;6^9-?Kx~{dV5PEenO4M2!U@hDu6}L(1CZ|p}Q-$$La!T#I5Ty+FmbqtkQ=K1ltRj zU$tF^O_@UTvvp(_R)Ft?dT8bKxB<1W6o*Tw&Dd#2NmCOGyJc`iBOjr^yno67kbfp^ zsWdrnKC6mObdJnYS(LeI=MsS09%IwBY~K{-ieqwMcr29!dtx+jRaAR!6F8Hhf=zkD zlI+&!hj}j!;q_I{fqK2<5I~ggE?rmIzDueQRYx?5F47!JSN%0#Q78_YJ3Y56zXF(! zX|g+=8{l9<9d9SqHMNl$lkF}RQCwsFrvf9}9a#x`q{5IxnA(#Qggrphdfih|!2v;L1SA2=Q~wOk(TzB&}VY9?|ZdZ+^7)LNcLT2L6BLcVgI z@&S6n&C#?_!Y%|4$$n*kMiAI5u4o(J1AOsum?nlfS-)D=XD>z2`2_oFos`+5MLsF* z7DNDL(Z-0~M7H295|_g6EmZi}pdIxS>;@iTLfna~Z@#+ueZJcJ?4^TQLE_f$tvR)o zH4Wy5oQehp3hvyHBJCYLt4Nqxd|gH-J$hKn5byo64dFGvc0^T|y&9X_@9}*%;YmpQ zqM&=ub5D+B19M{(b^gd4kD#vj_l@kGpHKZB-hz@W(L-UYX(#>FTsbn~@r>~>QKY!zDyMC;R%5uVQg=U<*LFXu5Ad~2PO zY+)lMYAj|%nJoWFR9WA6RUA&c#&-U#L$Dyi(P7=z~ zd7hx!ZE|&-kQiW#2=z;3U0OaAhO4MVjigBV0gA{68ScxsuK~7O_;^UXIKFzvF7%T@ zs{v=lBj=?1XznGRH@u?h=l|@wln?7YNtU9+6}6+Ue6{!3TO@^^*KB^t*)(0sW*4qA z)ouIv26v4V@_I^P{$84bzw%%(Qij+31-tB(C2u<11fBHj=W6RC_>C2z@Na3VIqTE{t!W{BYT6C>M4hf`$7wJiaoIVdmMJU}PY z68fA|RxGIkWE7>{JlfUWJQs)W@ydq+r^e6{K?q+(y_H6$INX|m%Rg< zsh_T#AC@G6sqUtkO9|dL6Et{dZkUdmh8$Dhh#}OxNqLenAbqQXKlx);4p~cMrBN~f zF17dh&ZT!ce~iqlnQ9F8S%pI5qT8^z;6x$z^XQYp=uJC!i#P>3>FL?9B=K58!HBg! z8^O)odQ@^Cu$X;J#X5f;+$eKgC*?58LlUoq?4vUV0@A7r9g3V7z^{tJl6I_Za>QIT ze~!>=2JIKn5WY5A9s=f%BCAXZC&6$Ns6bX?jPEv#W&n9h*{E7=!yl#MgH4jK8ooz9 zVZzt<5t#9@k#?hA((yRupk#31Fgsw6MYU&~j+Ifbsk}wCUxyZCIDQ4ylGlv69RWxd z6ALLwpTVh;^>C8ws;fm8 zxm~oWN$qL)SMF3s<-I!lc1FR&v2D-ubpvkCp7C2CvaOLHN5-9~7_p#}M!BjWCf)AU zVLS+4dao1%zf64mUL}5!`Z6j}ODp%JD0)~TpzXHlhd}g;t~90775=!X1A|>0v4xcx zd`;x6ikd9npIPZs35Y^#nb$CyesYN^fz`hR)%(V*{}qG4S|?k;6AS>|hf%}DqO zQFOlkY>G*Kc|X^59eKgh_z!GSNP$enhQ8|{#-no0l%52l>84jQ#&^!IaOLHY)2C*W zQ*(DrCQA+P6dDrtMjLt~PoTQS)50u{PxV|ZY7G=L98^J#5JKlRJ7C?9`^!C)iX&#z zcLNHz!je81V+zvj-yo_r+k18%wLLQ35b+fr8JtzvRXTj)5;_8uiTINifpameTZ!ZS zRo_`--MPSAO0_*8xHZvyG(IP<-fo9>+A+BpDlE zYwOIVq)t-Z;|chLa)=Gi>5CNeMybo579vki_OH4m4yU~3W50yZvEAT5_3iN6&p?x9EsBIn!BHRB*KiIJ&g4ns;^w znqo4b?m_wqmtVUyMoWZi~d(tPZ*W}LcG*hQy+)VFlK7aMD$i%=!40Djz^ z1IN`*qX;!MDFgU}(#(!Jf&La(hg{k{*JkmuBCxE7dD)v!qR*a#jo+m14*-))?{bk% zecaW~!eQ?$m({O+Y3`u-?)(6~_xTM&v$9#^6^pKd;*IFt2AB4MXV_cT^?ssBHt)3Z ze=NaD?D~_O(}%DYZMiQF!H(u1bLeaCDqr?l}k6pYj*9uBa=+cou8CHAF!_ zQASd6081ymw;j8ds1Ai_SyWh?rm8K+I{8Vw2h-_C;wTI|TnDqP5+5D+*?}O5Jhy*P z$X(&>Nl+i53%Lb{;T1=-TV?vk!oO7yw#vr^&mbm)n0a@!R%V8VuxslN8j70MSG=yH zyZqPBnnfDi?e1(hEh>Vu3!4_dhT_q~p|xU$o2O>v@@IE`3s|UsCp{gfB@ig6cDY?qGUowwMqOpKV z!~uIyylSOO!5&|5!o}O$d-WVLD{y1MT4EHK1`qiKr|2LWaN{T*>zT@c(8TMZ_%km< zsCvK}gMAzL@(3p`0_HCx%}e_>utSfSQbEM=$D}rFfbz9~c_q!Ow5d3BXYK92q8M1fFDTrv57NYG4_e0g zLw2-77{sS+oyD>tCu$Nm_9m|%Jr0PKH{YmdxEs0{LhkneX_h4GI?TH9>=vBX3&8!0B-Dhb48$CiMz!j2I4r;VMDDJ27+y{|Z?bh@;dCj?W2j2b^IXd3)n;yb z@|XBO~$Z)f*dEm+j55#n!wd=TbGLmGrCl{w~(Z@dH3rHuR7 zZ0iM7YAt0+P!Kn=so?rj!9zjY3vFV6U+WO#k9Z6#3PAFArr(i3Kx-HI1PvsVwtznzzZ z&Y9g!B@{;r9WORq!^K4x=4C)X$dwPcVn@!Kd|2nbj)gX;AO zWuN|xbE%4tXk&uQ>y>q-lh>2GUbB9}516{Yo~kQ^O;bmzug;{@zfIl-I z!%?ccd7&c9wl`|;FWCt^LQ!?^14N`%JRX;1>#S^hXbyY}$d zs)8R<-LVq#Rn$B)E?dm@Q(0q^)9d(B_b1mBxR4)5{m0L_jn+utI?=&OkkZR`7pe?4 zQ557y(=71rd`u`LJCF0%XPCABHJ_bFlR@OFb#?2C>p-EgsyoQxdz}_KO*T9r@`q5B zKA}dALLb}38_!~Fk)N^}XH>P1s=M$Ce0+F-!K<>Bmfo8U>jHZa{YQTwxq6Tdd0?J? zR0rgQf;4>ZBOMkPy z{#KqQgmxcoxU?SLKrdrvqZtLxe4 zIObkmA~;SV!vHM(wmAja=)7t0$#*FSf34v4e%O5NlwZR-|5N-=sc zlv_cMN60DoQ&I~8)w>t%q9*5x`3S7@kVv| zQZAr}S3V+hbiXJ?Nd#|-AG%p2oH;u0A1_=yd>q_3KV!a%7gpnaUgbxW;-?$3J~@f) z=m~ooOwk36r>yE2MPxwdq?E%j9$5c@RumDYTZ^=2E4M)z;?A&+XiL2tj4YT;b_JC7 zJ8>0&;`V6nc4(HD7ZLESdchfnumTlDwVE;BjS=ua{Hg1^|!RmpVeXnATxjtLP>iN9B7Z5zH z+VN$)+~yD_eivZ6iWgdS?FNBuuU&qniHuY+okP2fkYqxmsGft@vQ<5uwD7!d9BX<= z)y|~`;5_(-j&{?cS<@@VwF8CaSHA*3dWA4>&o^`V#e9{1J_j2Jb3EZ^cUU#{D z8^Dl>4k%nZM*@mq&u~EM^Glvc=a)k)0#)-D?)Ee@)89;3o^nqhnMquoI1I6@aF15T ze>QB;xs~1$XRci>()a;Q$GzdtdUk))mY9&^I{ymX3PgQ)7h>xe<^2kr0QZiGMO_&IqAI5bixLM z(~kG+E#yv7wumOj^HSE1FuL9fR#j1P_+DY3JHR3-?L4>Crj7|8D3Y4OWs<7FXM&Nr z^ovqG>C)51I}RH;UBeKBPU1O=pQS2gva{RHP9u&koAsj$tl&6d8O#xtmQA-1#5ixz zI3pXXs*8Ac=!%ePlJRvzB#ur{caFza#oooDLMzpNR0`z~q5IC!&Ue^GSfj;I@qnXW zfIiHnCS)g2Y`#9>q-}~oGL&eJjT~)}r;o`NJ{NDE1DU&k&cQ@CSRw}Q+K(aI%m?)c z^L(O>+-Ld&nc%oIwa6Mi>L0Jy)sA;t1@tN#Mr@T+Q?%%C@ZyM;&H#%yCs z1sS;#DUhjZ`^g`=F`8>BcZ#_oQ=TY1&fIgyyFzp(jgJDJEbHR&{oo8(8W<^Tp%kT{ zckj zSihL;t9#%xuA=&+bliQ3*mEMi=iz#S75;Y4NiufeJ&OeK`6-zL$>NIUcY0C0hAMi(4{;^UBH^PanU85rEJ+&jytWq* zHqzz|v&iAy+g4RyqZG~uDOaRqiR%d}Xc~uMC_l6;pG0X3OG7^7S7zjT-?i8r0RyCP zIkoN6L~fA(?DHC&w+-kkw>V^P!TNGsv zH}Z0$&QZIb8kS_cK+0UZho7lK$$rJ8dsc7(v)(`|0w2F4413WEO+xLj%%a0tbidZH zj-l+nnm5LL0$Fmd6X%+e@Cfu0y5CE;d?GvSr2Ay~z`*K!N84q`7DcQC zdS)X>q*`7y+0x=kS>eq5;V*%u3dI?d*yb6HPAy_6XkSY#~zxSiU|tZn;OO)mo@t)-X1qsihZP2G_+q?_H%}tqF;#YOH9XkltW_4fpM4N z56gB8`8%qT!a6SB>!sL6TS_0ERxrrLYV_Xzn&b;Bi>>NlZ+Hn~D32?)vi1vtn@@R# zyDoMn*=rS~2?|51U2r`2@p6opJ7tF1cH8K4MRSNHtdY0bHsdiJXZ?7+0Q)K>NIPu&YpJ*DD}EAfUuRD4^W*m&IVDI zm&FpV_6XM8C`Mvw3vK0-RA_NjRdnv`Tm}A6BDqM~d{}=J;e|ou*!+xrGK*S40S0yv zvzn+)7Q`2Q31q*%p)cc_+2szo9%Q46A-ZNNJ&BQE+M3_FXWJQOVG;2yJ4m*11k-7V z@fEDpw~8>@Q=qgnx8*|T%53#d5tcLO%|Pc7q1Gp8| zhC$Tl)p%6pi}x#dP7ihbT|f^nq5Q?!G-y9Y*!|I>(yVngHv$@H`9XQa}gwlxnUGGxDz6QI{VyH0ENW)U^^td%XWmd|zP1jxf}!-03&fVBZW`m)|6 z+a=AYBkcx!upge8rXUDT)u-8QCJqzJqo5P4d3vcriFzsmDAH36T%{fG5AB@-?Wy+C zszgu$I6-0zowR$pgIv&aUR?E7e2A5^v-8c^6+%%PV*=D-AeXM2^#^0v`M|J@3Uu?l zfy;rzHEH0)+b2r6J7$VFND7(ts$N8KI^#K)#Jt1k6JzMvP#+7C?q%Vb5ZE8WO^)|h z#Gz0>;oP{aI2 zS+)*i4Zm-AD8Pgs^<6h)=ZWux;B)IonTG|!2PQ>HS`N5uL&ttbcpDcQCV1)j*3bY& zA#5_M<(+r*w`WqGcrM8n?^teKw!C>cz2$4w_T6z4?r*+ZIgl=QuObgp&TqWB)aiSi zpq{k)rfK~mvHGT}uK8;u){}@Z7jv}-Adb_vk6k%^jdWGWmkAB}I^ko4*nlfc=Z>-} z5%k?BI|4_;jfK%O4LsUn?UADPLRZE^aR^5VM(1AXSQCY@e-nH z8VfaM=fM)X99rc)LclxD=8wU}`YEF>r>&jQT``e6qKEknm`DusXQG-lKsGY(qp!4P zd?W5%oU{B3rEfb$!(~n_A+qsTbK?op4W1xKCoF%r$ZcjX!# z&}%8YizjH}F;u>#hl*dd2Req*nb_9OXyA|aA@^2mGicWL=qO|h0K{g!6hP1E8s&pl z;pJyljU!zC-Qog0Sq6*Y$tCAx)Ze zx{sz;c$*aaqKQQYvm~Kxp5Gz9Ck+@UCa{#_LPj*``e&e0W~a;hgZCLv7YP8G7(v&!31|1RJS|?9X3!1&v5LXX~>vN<6ND8HMbpm5zPdHb_KHB zI&}lKenY1F6rsYSm?EFq;ec|q_fEMo_%4tUF0Z`82nUrujFti3JEoH>?h(-m@Gv6G zNegu=U4%^@#@Uaayt1E!(JnggI#mFf%!;c26$TmZ7CKIF6EqP<_t&KU42c=xFgoeS z-#Ba^XkC|GfV@jQjBq69mM=#Ds#dh9>Gc@yKr_SKV#T9Rh|N4p!ou^(GAxbEg&D^B zs-h4>?RQ%G0JS`XN_KN|6M5B*H3$+hD>?5kBhQ^|UO2GscVWK>q+%uBJ`W8ifo|`J0NN4Xw(m&;#l;Zd@bED89hW?NhRD7e7 zS3CJ#qi%{6uSKI41Ka!qOm-Zcbd#(}d27)ZXysPRSK~6juYD<6Pd(IhhC5VQnB@Fc zA6B%SvFSEY1_!CkAT29fTxYZuDMfrh3|y`(Rd+1oMMxb(?7n+UcqoHrLD`nJTm!Yf ztwI#{$M3JQ-Z#P4_Okmj*VqVM&22*_eWtu!1C|CW2mc7QoD)MQc8H|f8YmbgWK2rj zgd{*GQRQBh*WZauJ>5DC*BA*W2%$G~T7)}qu!|>J*K8~12(LJ(_sgjzj>AXe4?j;q z@kXQ6s24E$AUxxReb>3pz9k=%;b>dYqZFJ&ac++rz^e2;s?>UHX$qIhAMwHgc%-=X zoG6+}iImM`zIKWLs)Qu_gSgN?H3r`WX^xuaw!&v+1F*OYpyd!+&^10pvnzbkC?~#1 z1T7bJR*n@a={aG>+Qt#L+JU?G`{Ax&D-pIxr<>a0gnOlRs*P`X|4bc>lIIq2yN(*Ezm*& zSyQL>l;!bwIuGlN2eJs+COLV$g6AhZ@>(o{Pm7YVO|_yV95@d)C8=@Heluh z8#aU(g<1lCjHb)@)Jfk^yhK3+&B9s4d}d1{>17T>53T$Ui_hcMF7JZ0mrB@UD3r*T zKu^WQ1;my^Ua|c;?ES_yQ1%Ugx$50FvV9(2az9UebR6FuEq zn$XZ;4?BO1Fl#Zf;^!jFyh=8Yqo-yrTMQQEuv7^IJ!;$J)h!S)gT~zpFLKE=K6P5m zO2jhha`)R}(QcHq!QJ);TvR8BB8g8knoAfpt;1e#fz1O~(xkSFOh0Hfd4%~;f70u> zYx>Ohh^n`Q4-Y-G#D$;hfXWGSbv_lHSDc2QWK_sFMr++4c3Dll2Alp{&SjnckbT zI8YbY)Tw@VvS7fN#{h=+7WpStAm{uZmFh zvZ5>QqCZC?C|#7Xhq^x*2SEOOq;zV|2dB7n(T~$R~I((a5!lZZ-G*NVS5YBBUN*+Z%u#6LH9(n z2M+ax4*^Qxs9=T3Q6=Ob1+Nx`UiI@BP~k$_hB>>5y|Wn~%i^wU{(w+0(4 zw1Wx|<;)E_d9p>zjPQoS+zNv?>sln$xz`L6^+6j?=8W7Gem<;B_|U_w`m8Tj<6Nto z_?eA!MCSmgqmy4a+?(-CTw_Rt&F=whCC*(szP@j3c-b(Zo6dlw>61P^Eyj)}_iudRw#3s_p~x)upF(pPeFzvY$^ zj(Y$`%SAa*q*Ucc=9ksPvP@OzU>fU%fXgfNBYTOZ`tGq#$G-bfyShYPJ0HXiGlMp2 zU+HIX>DUHwZG*D#wbw^XZd8<+qk=u#*6mRj=X3x7>>EQY7z;~MIz8p$MADSM4sO6_ zZOrnPkQ_sx$@hO=H4?mfW-3me39d0l3*$R&O9Y@#YE$mV@Nv&r%tcA3hEkSNdDr6J zKik%@T`3oZ_8eYJwha6D+U)>=44pQ>$50(gweuGS+{I^3+YiwhG>ptA03OF__` z{MtkCwiA<++>*K2xpzPZdbTs!)PVEqz1vdV5B49Bh*t^O{^3j<-=35`cM%P9|2b#T zbRMfEJ@3)NCIx+|KQHm9r2+NFSA9G7;68dS8IRFZoF!VEZ`~|Pg=DPzGSXF!nTy4k zav7&}iRp(UK^;g>{2)G1`i#srWk`{%rOFGlDjSbSiE6=$3wwM)E1(ZE1SrRIq}8q1 z3@8PlY};kz4rAg?b~ilzN1k{Hj}GVg%0JQ#T1yJ&rC4B)&rKrc$Gqzld~Y~b2(Im~ zE&kXVlc$wiJJN@oyYD+p>5D?h-g7AXz8PjAkd@G(%+aA^5yxZ1T-CxOte?`iZmw!H zh39Ef56@|9uIdxMWqMRqH#|?K?8Qqo9*_VN9`?na*YlVnP1tK5g72zt7jJQ=3daJoO zdu_E_Gpf8Hjsc~DF}c@00caS!8}vfGX)^T^qjGoZQm&dt0G40eT?BjWB$~`^htGfWw(_y{Q!*VXXPf2P9WfHHqrsFUqBkF_t?gd8G&ePg!dytJ> z`No^eavB=%o2v{=$mgq?u`^{+alCjChh|soYpjcfy;HNl@O>}XuzTFgN zw%O}#1DU-DFvQBgq?@WQ&ez#5GNzg<}{%uVaIYxLIgM57Yb0JjNTOfcS$E zK5Ava#_?x)xCqA)8io7nnLKQ=-@Om8&syBmiszD{p~Zbfg~C2`B7sOFBu%b`DIghmTHL*KR!Fl|TikhNGc& zE1^9Y4TA#5)OO}wNM_jq8{!}hPB5Ql0R>U50M;|h4p)$$9S21P%aTQhr(TY{4L3iF z3M~tNa4WIMlkNR}B}%$|i^`$0^69JPUVjc@-GgQyl%?vmAfx0;M^e~)x=IjsfPmUt z%6rB5z*Cty&7_Rn#TA$WES_9Sz}hc>Qrf@mg8{J0;I9T)98))PQDZ9}PUX&jqT zEL1Lh=w;m)o6~-XAmrN;kP{MS@oM9I{~>q?_euGUn^CtK`{Z<{6oQI$+CTGqepG?B z!C>tZ+m8=F7Rft{e80W&U>CDnOy#E>J?Dfp-F9tOdDM_BeHbod1oufzRFVxIzBVYD zs<7?7tI3^uv!1&gKl7L_bq-Vs8(sELL5c59SB_Sz&%JKQUwN?}u~V0%6Hv3~y&`T~ z`bLauDv=oKQMi-q-YaLa@iv46Ps$D|yx8?x!zu9F>{!S61~_s^$y)kx-wyOh)q;|5ou&EJ83hXB^;Tk6H*#RrGPmpG z?4X9jK6Qik^v8IJ5esY?`4R`5%Wf}>R5wM6H=KzXDhg!B*Cu7~mA2h2R<;E8G&BiL z#jc-Bf>My*cOd4!kzNp+D;&B5%8Kft@j5afrY}jgAf@G3x(%})0i{k6|CwADXXj7A zR6#sj)aI9FY=O9i$&LhF~e-gEC>z7Nb7 zt{5pEnh{4{ae+-{h~)#*lJ~SoLPxhBu1n?WB%4cI2B8VGQ+|ql8$Z6|b{~TFaOsht z)Rrp+NURPQ9%5w<5YX=K!8uYGcrU6}BVtXKrSp%PyYWS4+xMt64mC~jfS~muPo)c#Zjf2qPUOg7A{4?k!U{UgSev{LrG2{}+{O)o>F)n$Gt1agxSaFID^ZvgCY`w2>W ziE>SzcV^OF>a6T;`%M=ISeUwj@C^fRWW2a?PA@=xF5^u>P+dL`x>bE6+Q1mg%*nKz zZv=GwsGdYnaD87fDH(h;GQ4no(v$4cY*$dXviMh};l{C10no$Z3~++G1mivy3Iu-i zfIRrR>F4FW=H~a%;-EDD$!Uh2!Wl7}niCBHi$_`K#yLc;0)}bPBL1^`HS6;&RRW6+ zFYM@>gD}1_2_qySvvR$RKC$d2;S|jBjC|dM+Z70V1ffgFJ<-^vSDc*noO8{_$+Ax$ zaS3tkbL8zWnY_H_rB>-iH)0D}V~Q5Zg4}{LZMu1j-(Jr*wjKF4a-`iJ)~d-tM`##$ zpk7UOxh*fq*`h*+t2&?O<_-z}li0{{+jx?5LsmDLw_b=dT^u10`9uQYa&7z&Ge8bw zTx0LFclUgW%iAB!ybi?=Kz3BzuUWP<4yX;=y;1U?Qc`|Q8k17(q)5W9>9l2L`Sv$d zQi3&4c&EgYArjgwMvj7z6MnX{XWw95<@ZR>BO$|_CdvkbI388NJ*(!!hAYSZ^ zi>rHH=PA=gM8OfK8d*L0#r$YjD#0-z&IE9j;#|FW2j4Dt9|`i(cCiqrc*9O~)ZBn! zY?X>4Y8Ga;oVwGuLSdVD?~h|gH#9;`2kNw<@O4xAqo-rp2r2t6$q_=EG&Z>PR_A5! z-E=f}RC=E?>Mtm~GVJZ3r+t066NKn)>qR_*5G;XBU-9_atM|@tR^Oi+aJGP1wQsS& zc68a=Kz`wq>WdegGvyu68Sen1!OhQrWudigjd=TD{~aLN~WIKxiG&+bXW6yf08~8g!b8jT123~)7qhB6!{T^z{Zm`Qz~;eJ{r9Sx z?vYxboUc*(a@tdQ+WSv8<>Q^+c_m;>i~S-SvQ#gjL`lr+dX+Mrjl1OixYqVLf7-nHrQOi~FII0OwdR?2@ zBuFvE-7+<^UDHHC%Lj!}HJwH_L%PD|2H#%Y&2SnCznRu6cO5n(WX_O`(q`4hjgObx znUtSJ4bA_#@<0n1uq0;l;xvL5k22}WpU$^>-S*71_UyT@H8v*L=jBJtYFK8r%sO(R1=Ao;jT+ZPpFEYLuNHZ&Vqo3-A^w%D0_N-LSH3><^}Oy%x1K^-_LW zm^<$X8YvW5B#4Iv-u)SU|GO&tTJ4=O-iv1*mcX)klY01iYz*T&ZyQrKZ-$e^4&=}= zXGgB*ePTtnhObT8v!^?IKOiBooo1TJKk>+YzxCQQWq;2XflE(rMH$Qb;sWk)Dkvfge?{LB_3cn8X1>mm{sn*0p^ae4$)fMy{2;6)iX3U^fbQG zw#1G+TOw7s7vR0p`@Nz295=v_^G1Ii9|$Nx>4}jJ^gTd}XEi^MX5wyKls$h&@~)jg zCM~y~mt=N^_oVyHjip@ml&Ba-Dd{68VqGNPKR4m{QIRfgTb<+=USmg1w*Q7MH4$GN zD*bx15=5Vt#PW+4>!4)n>@j_Oq;At(N15#aJu`ETH%zO{uE=214@J$U{5N|cTU z^rS&r;?}-WXM+{O48Gj_XvW%X|Lwb9skh7rMT|La4P%^To%K~I{e#rO*fqE953Rje zy>vNkPJc-d!>LY3?sMhxU*nMY^YgXeHK%;~wb!#3zEzZm_DMb%7wY?4JK7rqcgEGP+t415E zL=%WCvC(d-NU2-hpO){Vlcs$gJc9mxE#U88>;H%L{y#0J$-@7e?fzc>&*Aj%oA|Ze ze=PsCqyO0Mul4_9NB`6E-v>Y&#{d5MPbcC(E&qK0e?LJP{7mprYWJQvn;#e|*SZh< z%cOwl{`p(A+P)r*&nYw;><1Z7ek%6=!b&i`K)2;i?@Z^Af!eiX*R ztNhCfhxQZj5?G4(f9~jCi@~n^Z7=_|d|nFtNhkgHQ~Ybm-+dvj8L0hqiun82|N7ql zT@B4L?*E5#Gk32mRpImzZe_*$pjCQ!w90Nm*CE<~`fK?7x_IC}+LAq*!ABF#9`p*W zNAJ}=(AYHG12JcLLH6!QMj4o;ehruZ`WbBrQRN44n>fehi26BPe~sCHeTOzgB`{(xmyPZf3BSwdAe|(6q4FoDKX<%+5NBfIJd12|-@tG?KGlYabHNZCGZGUVuAgIl|yWprl&?9Vvmp%?nRo)#HdNsIe zz2E_O4os2~RnIRnu$=vqczfbQ#922GOoFB#{OS=}WvAT7>g1A4kx+d$5t?8RE771f z@#5Q4uoE|;xz15{!7$wTb7vWxdgTq}(v3H){qjbR@$0ui1YGK8!0GdCYbYpSsZU$n z(|smaU?pDMoO}le&rGC89Hun2}WHez+)lH;!Es=YTD zS@$su-+|hqwpWu`rG7692VVhajj;JGoivHm6^Y-s`FS)hJ_8z6{#*d0uOZ)KRwuD2 z>#BPfmRdqlgFY+5?N6z0AO1XkYv8y-H!xS$qGxlLy9hJ?{y*6J&akMi?_CoN#t4|G z^cF)?5Rl%BK~OqMldg1zCSA&ah>fnak&Z~O!ce8DG+}^|E?q%-8R=yxcOBIHlKk$6 z`|aNQJpc3fAsObJIcJ}}*Iw&g?|K(5KuO8vl(D`9gN$#rX0#9(88H5(9if+Z(?V<@ z*77*ld(PXoYx)(lnCpxNByKp<9SE_-#^N(%Gtv(4Q!d@2-O}#^>}`-)aiBX&>IUtr z-8}(N0%CIO=)$qM6XWCKC43TxgE>u`LTC*QyzZuCkSW*-BSqvwFhY8 zNgqfN$2JP3l_W5`Dzbm^oT%H53j7{%gZc4de8;|FzMWpHu!!}{moi(`^?4Mqsl(Iu zhYAlqzVss!Gne-sNU6<~5BUM~PGOSiAMi+i9t$8)0_Lxc6&fh~j6x)guWCR858JiP z#$f79-vc1~oIZBczE1$Ntdey!c7LPKz)_wpS1_OG1F7IoV}dW|_cx$pu>!8^cZOqU zp!yn=YkKeTwkf+JeN;^=T}HfBV)@fQkG781^(bp-3SU%2ae8{fOi~*w;FOyipN;k`y*e-Edd_Y03<#fMp9QtOjf z8!eGGJmD$spRbk;d++Z)c!?iGy9k<%xn5yS7lJCT0gfT<_qFcaXS&M>9~yB%-)GU? zls?D>@<%g5X=!v!Oia*GAqztnk}}W!Pl!6pe#V<~m|jz8FWC8eZe-WS(g^+9(ul+Yf1 zZCtTu<+dv!n*A0fTb7#;B&l4^%_qiBL!tVV59#~Bqe8$3%rw1+&lZp3Ub=8^5YoJ- z)}ZuMpSs1|^E0o7s-`fn$QV?Vsz<*BD$grA;FO6)t#`Dq_C3Cq@U?{$@^BE;Cjlq@ zN^e^-dsd~273Xs;2U>(Pm|24q4Ep(jq)~mH?d$hJmIZm!L6lsnU8+l0c1zw|jhAo7 z-$}jH*6l_!3>QKc$5OLxVGUJeH)qS2G;d0S4NclxptAA^awU$q=g!h3Gd}m?o{e1O zjdSdt$_L4*cxe}R6}8;7Gn4J{$&IbPwRN}o?&)*<)+4>QW|_ypIsGmE{C0V|!@kc# zyF*ANNipuWg;;cG!#)~Hev9fPp0*#ib^m=C#1r0t5(>-g1)G;Qy0aR3{aNlp6Tz=N z0ucVZg(>!`>BLRg!jG2j97lm9%!vms7N?atuf?dNDyU#P<*0C;R8k%C0Z`>8R65_% z>8p;2HRtdqyoBx_L3RCQ7*XfXR~;Z;GgnWNq%FHtvvcn=*&@q`NN+Jiel9=GMo+|X zbYbmYT*Y*fcj`9GzV|$fX};C4!fs1NDmCl?6`mBVGX>%Tl{xjfimL@(a5TX!dqW3_ z+cmu$bJxl==QSJle+6S46cgRs#8{LFUJ#`n6m!KD-f}P-nB^@mIod2E{*)-G6`I1{ z0;G`0H?UMr*u=B6Uondvj}j~BvS1LsbFM6;+p1#>wD0y=}y6 zNQOx_E61KdrH;Km+v$^^uRD~U$YbJgoPtT5f$4;&c{9C;GzFL-rjin)7d=g}-HZoW zSE3-}NGeCo?Rc#(ls_Tlq{f&mA0^9orIy&?o4PR^G;Po9& z^7EHKI^L#IKm#(4b;mQ&P`Ya7*MB6>U}Jfrx!$ekKtxDLzB}t^o&O?aTEX{7i?i7f-PYRjJ3In@zI2&t3SL?}=TrsDnuQ3}r5t;GGF8&azG zM|2vaNX=4tSB9pg{>bS8-;cE>o7$%$I4ebZ_F|26ky4~{KK^e^#?mmP5$|h^Ykm@{ z+EcVJu(jdvGqHYBg=j`hhA>Hq#~JHAwrAEDbK87drm_Huchj+Dkfw`K$@Dg=dH1x; zVc&z&Z8wLZp!nzx`pxA$l)(#FGcABcWwUbs?b(n{NIyeRD9|i-lNR}+Z zVpg=fER8#JaPhK6uA0UWq{jrus<%&^%0yD+Ncplxb#X+Dl1T^Z8NFpuj#yLT*g zw!grDxm6uOgt)K#m=^E*{z^bf{*n_);0?);00}nBgT9hE1NVU) z>Gd~x_G*JmiB%g%>mSw`73XDlkDVxIvlr|A3Z=oMgZbj-4TX|4oq{&2wokgqr&yya zomW8ey*_nv;D^*~&CG{>-M>fCUr2!FH1b0TBg=Y#&V2grp>;3?s8|Z&zw-Q$4e80i z0rjX)ZLOab&kf}iKWEEFAl6@1Gl>sDwz<%JU-DFBU;8iTCevQEwFw`iXy}u&_nRTw zDR#25_FsL=#UVeN#LGPqd3xXWw}u`^pHH0m)vxYnD*Ys6(UlLCFh5vVh52se>JPPy zQ3sHcbH?`ng3`I(Gls3zY)t|aamE4oh} z6=IZ&sB7gmF}2k%6R8@Ri=6D>o5m;e>M3v!LCIfYie)<2ac-yQE5SGS@5x)Ru^#7* z_>e={6IFB7ROxAPWb~i;ce}33m1$TQyWnO)!YSumIswZjANjm}8)h!a)*0L!-JYd?I%D!1X;qkhYKB6Dt)Jyp^m)fJ}-DykM)e>l;e>N;OSNsAE z07YC&K9wo#POdAu+) zI0Nh#d%H$oaTLujT2ZbFxXu!z+*DV(K`tWTtlYyW^Ae?2Ds455?wdK$wyd9KBv`An zjeI`YL798Do>NbTyZ*?8YAion+dfjzaw_&+pjqoeDF|=df5{zw_nhOOR;1VUX=t;b$vz^?t6I~v)iKlA{U`%VJ7ZaEelDQIe-Dy= ze9_cCegD&bzJ=2LF1|Dvp6)JZHmJlRU}?X&=Dj+VJXA&?8;z9|+A$n+ROaO}OD5U@ zGJGpO0i=p9_+?Am^_%Fu2jVXz@3bP$I-z$G@8#T$crHqGC~ZLj|u zgS|mBG>Cd|J#EiWZ)Mk_r}#S@3NTwAbXI%rPb={x6EY)g?@vzB31UfNh0QJxt~7pb zNtd}ZiFEYp{MUN5V(RM0jQo%Ea6!}BPK!(vXarl@yk2ilYv zPN5fE~;3+vd zQchF#7#_dACzaojew06vM60-G@31npOJ`6xr`>g!cvw_Bl<%9UMR()JwDyi^f@WQ) zHr0AlXqRmtpUeJAc<*<5%%M&5x}U-xMVV^Y5)a^vnA>XwTuC=4%cYi+z9giVlMxCh zTXOE_%!9<%@mn}o?TA|l7I%p|87kz|v|W;K5%^fs%vHI>8dR%Ly*X`UD2Sj6aza5; zkb(P(g@~=aOI1f}UsQ>VYheUC>Gr9o&!CqL__2CJc^9Htr$wX0aH?FfIA8Xb)=|yv zq47vBZlgGkn}8r0$0vZRKUf1&alqv}p zX>*~{tycsh5FIp@_hAaM#tjg+^Zf64J9O2qW|mIZT+n+TGoU@ylv;NB(xO*Egs)7@*poQhm21NccIbz93F+vgth zemrIxBUH*J-QAFqCTvja>{eACd-;OF&YHDSpw1N?n;zizgCZftPn^u9SL*!bly+X$ zIR>LRWC8|zZTtDl-)#I~azCtK$bMR!tC1~G|4%)99u3qZxadu|lIeEsb3T}@b#$+< z4noQe**n|N8F@aw=XHXWk_XY#>b4;GrPmuXFj8V+d+RGb65a)Xm5HRfahX3~;$FOB zPkv#bjl4|jN$VfcL<)?JYJmA9X)>s0ULUQHqPL{&{1{coMEASS01pKK)Up~}Ai=AU zS^Z}i9tvrh+6|V(^YauO^jo+Ax8S|4eXspVwANhVb*l zvI&k@aq7mdGoJEJxS!#seEQ*9*ClTI>rgAlJ1D(=(!`WACvly>sglzQjZEHnsMrJ3}x<88?BTTCF$C+HzV&U-}#d2kHM`J zF||Ew%ZsP(%00sDIYjfic5_MGFdk5{I0e67^K6|lLMuUo?Gl?~l{K+gX-_*yN%++y zqs;y_o?GX*1ESkgdPnUoA3XQS?8wSiojaQ~DL=&V29N*QKuZD?45^P}kCr;4Ut1i< zaZ2Q>*b8?Xj}or?Ij=H86yrh6Wy}lVc$$0elD$s-a8O^%#`);cyo^w7-(GGraA_WV zqc6fs_&sa=s^DW6P~Nx+(VfNE`vQ*E%c=e!A*#I}@L&OO!!Cls z_AkQks^pydGfGcM?=c0Fca;^hQ`~#)8-rS4% z{x(BAr)Ht3?>-mxoO&`_)<9Plq6TeA{KX)mC#C^A$s4KU?Ou|SfllYoRzyf7mkNz* z-Y%*~1_z-sohNnRT)T|YyxA!G3;Bc$v@UmZA-Bx@=N6EFykCq_>a&a13j@hXJzHydvUjiCe+86>@%Db zmk5gKQWE+a-L=g-faykGRC#MH~lW;@Fu#DVqS7E>Q!UPW*M~hT0h^fr zBWv5D8OBt9y;vH0BHoxPDCr6SEdj2U59_TFsd;2N=YfBtXxIU9v3O#Nj_vWy)WK}y zdvUB)fH|F>hOHbW=Bv%$-D)nq!xP;h2?A&Gz!jp&T*<2}zP30L|7ububWpn2 zDq-XF5#cx7@TApZju!aEAx4E8)&f-t0Li+EUs` zU>lJB!)4$Ww_c|A66l*;ahnK&J~dKeqd6|vsxR(3^Zv&9Ysnyh3hll*1D{dXwOIpA z>LnWv7wz5lCvD8IGb=`$i$lz?#k~_%jDVY|fJ z*J{-V6709Vz1J!Xt!u+&I+8E>fGCy=#=Fhbzom5&!=JC9;SDm~)}EZXgGu(5m=_^4 zBYGOS>4~pWQ>GBw6q3BQe#IIWQ>Y?(>_GRKwj=1HT_Y`L1rq1=qLi3&$-?h9@m22; z#^o@11%x}nd3$AZCHGc|WPZPFtqU;EOdsor>$BJg(yaZL2p zaaC@Ml^`hRsg%vvO`p_w(4NFz;#>L)N@jmKoQr2!4Aql0gROsblKKykKF*J>3YYS; z+~-<>$lmN2XPwrS0$}(_fs_IMJYlS6(y8Rhvi|4mt~mWyt~N$cT2+1;*~Zypcnp|S zxjb{VQmc)|T^e(QDr-$F~5<#8Ih(WO7KCZ&8=-yKuSJ2Thpd9+k!_tVKvD`=*BfhZ+hmBRZT z>eF#m0Dx`(R0?hXSkK50uU!de3`Z9@M=oK@6+$?PBc}|z_=7E4bgDKNLZu@Gb@3ZT zdOZ=v$&`G4Y;WH;Dr2q>RY(omK@{-MU*2v*RT%x~y7y3(G9kb*IC}h^XVLG<8u23+ z2^-r}GeyN?X4n%uKN{5>{ayuu49vGob6C=j8a=2!wAr%Q-CZ1rD!o zLxSw)yN;+4qc2bGk@*L`<0zlPEnduWDK&6ro|!m|0ul`laOY^YHZHES=7uF z93yt??fv2FTFT1Gc_BHhji^C63#mnCK$GLeYKoU8q2|!DE$r~^E^%h1GuC;&UsEjB zi%BVih;c^1f&YZY&Jtx3qexTImuLh&>JzjgaXo-ph)55#1ei_MGAw z8#_BPwkH=9-&radR61KMU^A0_#dlODkFv?JQM7XFokGgl16MRV0a*rbR^@u6EJl0Z zX>)1hO`^vrZTuB`O*J)VduV7j5Mjf5dTnt?ByI`lbDU49TNSTCSBFsh0A3P#l2PKu zgMrbG%&6Y$Rrr{ll$}q<0$j!x3SynOJb)6rwWaal_u@1pEI78>G7;OuMBX3*Cr_`Un{vm_g zK<+6D5{ZGybx=i7k^nsTzn&#-BT^cNlJg$s95Qr8CrJyOq2M)AqJkFC$0(Sn+Pxuz zY6$+Pg&HEW^A*W44p3{&A(kXL4X61PicB0^M6WawIClLiQg)?TXtaN9zsOYJq zMwyd()`XEKetKn9P7&(TPE%VMXh-naXvUi^0#;*R6RT zvM%c*3Tx>sSu_-l1EX|C{8)ODQqjmJsEHVv7j5`?CN-Exi5I=|n&f0!KrW47FLO82 zGbLtB?DHYcif1p&n zwVvdfrz!O=2ySa+_}Z-(McTXjg?hTG_XCa$g`Q;;e+dd(0im?-W+vyl@#@su8 zP0!r6#|~(z2#@9jxYUxoJlf}Ngf(*g?3YWWh{LP1E)AQkNrgMB%i=_rkYE_)J#jY0 z2v)@i^AvW)2(lj1&;7p!q|RYq2yv1!$zvo#ij+cH^gR=3`p+arb4nXatyr(o@ck@C zLsFVoKI+9K)osXSVz!oiu$}zCN}rQ1OFR7TN)SQY2fxCU8GTKQEZg)$f9rfWR-4ku zOF){5B*8Mgb7p;GZSBk`Z`0F9sK38%?0xNI^1=balO2C~tiS#lOhhP_RM>m>4x{`; z%05NU4$+M+t5ilK_>EHgmUS<&X1`KXhOUL{;UAuIxjIcc*L-*<$aLD1I3!lD`|+^Q z)|8{Py<*?!B=N@Gu5WlNz)eZslXFE@zS-{0Tlq)3&l;P}?sm6sR?MvPm=qO%@$L3o z{d|@_%WYhgyv$!eq+3(S?GmblYh|72ne8BBmVB?(6R$6ycE@I&no4#A>@8lz(s=m*3yRz?)2ck#tG|ZaL^)yL z9KqA{stXQJm~o@++TX)YIkpJkrTcGZQDL@%uU+4Dc@ftcUA)DXbe1R!*C*q+V#?V*Wi>iWVU9ifJ?BN`N+3E#q-TS)K!-XE%{JQ4zJl=65 zWdpQpb7Lf-4w%H)f&p1>Vp0P!BXN3X-b6+vL!~P7Hrd9P7vYrq!%dSQJ-g$%v?(CH zF-)-1?Rcd#a$3OGpmO9`t}eB&D&JNRZn$Z_gZ_Sd`~m7pm=i-lsBL5{O*0Yh=27CA0HpjWoeN*)+JTsnO0|jZtck| zvr-VdUvq1`$j&1~W95kwem93(wq55NlCsqm?s!aaAtTa-j=@^2XuB2SK^J-{sL9Z& zF9+H{vm;x#S9ZVuhD&Gmgy6F|Je~j)j|garluj9{NYs>^LV6FaNp&ZWUE9kaGRYid zc58gX(UG>^IaVh!;+3?e_ZaKUt+%33e^xhBzslXn>wIg)nQ^Yd+L#MQJ8D-BJZS>3 zq7Ll}#%S6sx1DEugo(VX%@WHJIU{2ea1#|h^YMOl2UnQ$X>Sug1?-K|{cJ&~>-UaH zdy%hm4Aa@n?09w5XMVAy^d~Ey#eV$g7_&gfb!tMaoS5X&#krXAKFa+_UbDy3S8?XzUEfT1t zKsF^ToHd&T4Xl8cMGrN_g367iR#9#*u;^ma|8+mpNL(IwOaF{nY2DtUpKywn60D#e46i<|9+VWxPzO>TKN9Ke?9;It7q(tLytM2+4)4|8C3}nRCyGV{P>R- zWuBriwg}}Su|l>w&frS2o4{JOrIYr#-4{MQCEfs*ow81$@nXu4$UFOM$Y`^oN0vsaA^~O8BDDsJpCY6O z5)gsofiio8uI}zg$&C+YEkFo05zwL+ceNH*$lX9Fe2g#U58wXZuQUv78Lk&t2|_jY zlf7=?mM}2kVhF1nLynu`-f{3^ zk;(SgefrZ0sX;GtS1l?lh55o-GEnasOG0|kY=5ag841+RlD!0^eOj^8M3Z#g)SV8H zY2vL(v&r2cj3vXB&+0+2xU=)a>%T8yvYvNN%Z=2!3KokYCHyC-dGZYZC_#Ga=sNfT z2y71G<}DT&qZl$;{N^K{*lKAd`WUn#5X~W~S)%K2k(toW89ZtUDASYd63NCShfe%Gy zkCR|fMY?ARvAkNCpf+;7R^R*>n>^6b9`DU-F*ui0AYDh3Zt?`cW4QD=u!&ya?~|H++{g zfiSX%eWB4{ba>&7qEvN~QkuTT<||%Je8zP@o$?$)yO7`z10VEevm0kHC{O1a+uOeplV~#HWFsc zI^7dD+Z1=$=QGW)I<2IrSYY>y#sWIC^C}mA4uc+nDK*Oa?*)%Wni{qKJ`b-IWt#$x zA&sd|lE%jRa<6FBS0AR+n*_ zQkQd?vL56X*1lS)taO>C@>PY7q%DkDjpw+%_W;52`t-yO)?Cv0!i&D8?Y@nh?as`UD+EKBW|j*U=Uh#Q#rmQb98$() zt;KjCCW>vt)a)W!St$oMn9EK#bPyl$bz)*NM;v54Ks+ z(*_BP`Nj#KxSL!D2D)VX8eo zQe^ZFi(Zwx{SM8)*Ljqz`$H@=>uG*-DO0+U)F>9pp?~fI%C%y*kYS0v#$apCX_&HJcSUdhbG4E6Shs^9 z85c`Qs%bUV3!#5*Z?svRG0-E56?SJwXE3d4R!S1%k69wX1hD}_Mh#le$3RU*{iPrO zb>m-s&%fLOvYsRVxaAgE@_#=nat8ShbgJe2j~l^l0Z!)46w9dpxQy9aX5j9_$@X_c zyUXkbps7t}veI9U$8}{3KPv`nmhayQ=|;M*r60V7>Xj+;?hMsKAFk|HJ?VdbrInjl zWx5;6x8FzO=MqvUMG^HB@n>$P2p?%}vRUR0MKDr0(3E~IZ3+-H964fi@y0RK@-|9JRUIGGL{c-NMjQr?5WVvcm1@7pH*MuJ9DeY-jq!nq%gJW6~ct`R){wonh- zB=YOmi_BoR;>~s!J7IKElu0LK7ojRfRlSr5DVUvqU8ZU5cXAliS2r)7>_Mcv{_%G~ zaN=kFKzwQBNXbKn|CQZKiXQ3xEwjHqHW_yeTQ0u>|9_W<52=Ylj@DM>$8pFR$Z@wA zanWb^|2paGwc6lIhsQat!_x)+=k)*ohc2I$r)I6|^JA8et7c2XwA?YoD=xynawkx-RW}ih&3`3zfZE#h(z$yN^H6rsu`veT*6?ra{qk_=CkTEW<3zK9qa^|n^9jVcA+q)fQdSI z3+&0^5f$yPuUI0WaROuPW#dHzuBTv)z0brbl(Man_sj?*#uMn1y_x-W$mY4XIi_9< z6sosF4Q9^L zftnFTj>IU45V+C9EMcOl&Ih8oL&%0#xrZQNt@EvPe5RMht#OefplI%Z1dfSe?WT`0 zBO+m)kVlJ!KreI3ce!Y8`W+Wfcw8VZeSc23F2{4>Tx|@WSraQTQY$#fJC+JGdW%<8%Xp=m(fcthi#7++4S0nM27U9&#;UF zsuzC^eE@L~YaIZsCuEo>Lwkw~&oW66qplw0zlnbb4 zF1itEnt!;x_0QKiNSn1cPFKnZoA!)6LT^Y8>gL2$)jNBx1n znXtV+61}cXIFTV$kK4WtML&G}V)c(1W*(3wIzIsAiv77XTI~s9*s1HWPNdih6|2%Y zC*5IbJanQns%!^T+r{zpi~I#)h`J2hr;8D{$+S(|5nQckVpHsB@h!trc-=3ZF zlAE@V&90#zmY{kut06xa)YzrCL!L)ycW2x=Bh+`R_!9k*MmFkC-uQc5n zsIY~`^OgA1Ru^$q!xlB7kvBrhiv?1&ail1DEAQZIx*H6qIn>%}+M#bCS9u^VbP7!l zu8UcHKW2nS;r4nQ1U+re1FO^IGe^!*|KnFuVNoUUEkZ%23PO8YbB^|m3$23OfSzad z79n&OwyA=I^V~f6SjgR+;G+v3GK6rlGC5qtZA07`=0REQLzRTHJl-J{4c4WQ1Ovxf zdx_q}BthE&?8fZ;k10O?HY$DAYrR3169pB9R-IY7#)kU>Rrc%Y!UnWiiLPCW3m>v zu+v{7olM>nWITb`0H`ITHl7mX*^8Ch2SZnV=?4lI#1ldeSv^3d8s0EuLCnWZ3nOB2 zcm0D|I2-uvsxnXl_3Cp@Zb6QZ1K8o3B|jMCYtwB%rAPpGvL+4Fh)W)PW|g)&JpO?F2ZM#*|UzJEvD z6t&h(FdFdwDpRln85CBEDR@h47ambC>eD(+y0xCqWCfEw<2Du`reUikc_m@?0v<7) z!$d=vc(c=HQMw0}qGm(CU17MkT9lN;z}h;gemRMChwm|n`}()jo1WJ^QzSX zgq}%QMtX$#>K<+p7gLad+ghHG5Z9<$?=y%W-2eze8Lyxt(@H07cY`00n70CtEC4)s zNl7c_Y+moLFX;i1YRJO)Nr`32b-Cgp$GVy?D+#fpr0XmtTlL!PzAwS?#7Oke3s|bG zzy$O(`!VXi|KRh(n7WzK!%!8dOpdd)5K6;n%=t}WIw9B4iK8A?^k$7IEU&4bjnehX$7dy+QH=`0e-CsWT)AfZ4ldePP-*V7&%hYi)k0l4{^Ut=QWv9fm) z&4sF->E}@%R25qR7KWp%01-IO7mXJu;V``Fcp6>TveI9}t6XQh%pqt;;_m9RN0gdm z7vBf};IsE3E&2`magq8SS{*>g>$RAPu~>HXqyz~iF3yK`?M=7VH)rv(+z*XB3n!39 z-gjkcmkBRKMqD)!?CLY~!7_7q{~i>Pl<$e2l>8!VF!o|@+;id}*8C;;j`$+rO79qr zDULc(O;r;{WX0=&f(nP0fW`|~{Th|?M_hwofUQ#c{2-5^{KyPVD}|n*AG?Zh0^T++ zeU{};xc&Bc4U@oVH^~Sz0w0=pV_xvr*I}qn6=1@=0hnQM{+XfsfCb5TY2(4FvhdBk zecHqEx$EC58`=dv*Tx^$FS5<1S&eb-BniC=LDM!^=wdGDMF89E=IffWExkAyKi^`PX|;nCM5yG* zO<82zz>bT4AnT#1f%Q04<>9yju39?gXTz5_FF{#h^4hjr^XBgz;#4HDMpf=YHE79A zuo2g6Afp?NZ``8>%v*Bpz1*Q|YBx}vp5A{O@?4Z*?c*PMg3qe^RPT^k_9l8x#nvo! zTc=RTVWYWp58+v)4_J)xDmVhRVRE|!ora0#EGUHcoW=j?mj~SsVxjPP1%MY}$v!@w zR^w@iro9=10r)RoEM#*`LHc!+d_s>)J>A?33inuf2AF@{)O_H$*}yb{21tVM)&f#s zPpc31iK>Ltgn6JAi6BXVm7V!Q5lQKxaz}MP_GI+N05Xwh@yZf~*v`cXD{dwi*y38~ z9jiMxh=_=N3zR-}Zz?kcSiZn+y~;H)*i9(;!+~B#885l2vLhKP1ZGW@QT%TuHd&OE*xPXBSk$LeM6JAzP84Stk7TZ{2PV9ubHj$ z6Qqwr%7j}sp#{{izwWL?8#vXR6A50PB$+g=h-+3Oy+3xaH>O&*fmrNH6Z~8pydiy7_#jqIn*gGuZ7^c;ek! z*f6XJ>aR?Qrs<+Y6KbJ#M8-rl^qQ}llJ>+8<<0qPBtf#^ZRK>*(7f;R=KT}E*fAsYF}8hF*xj`JL=Lz zc#2wfp&?A(Nt9>l0A!!d^V0)r=WuzlDWo^RTRy95E8pD-=1jR_ul44+iit3;-P)$C z1=y*SYWLR*r=`_*9fGdid|ExmwY(<|)bL+SJVFG5*S-()7Ob8luCcK2`xn6=*XT1+ zH*T4N@J0;}EsfRrIDku)!+*ncg%H$hs?RE3%O~qGt%wjQ!+9@BI&D-`EBiLFvE`OZ zyl)LsHk~r^;&V))VoCJkd(B06toNkD_=1c4xHmN+Q^#a;v3$&!mUhD;rO)nSf4{%} zDA5YGQbs9D&-%htI`W=4Ny_03p&Mj>+jX}nbKnN|G;u9Cs2v*jb8YvvXzDL4}R&>JLSrwCG zsA~zT`Nmu%rL`dr`@7RJ)4rk0zSf&X;}=Z$?C7roJ1fT1ie~;ZpTrH4(*4?Sa4kDT zCql}SCxAbtM4-1?CAR9;c5UoU@aM?O2zbH?T>2&t(ZIc4+QcjMh0qG1m~v&l-z)Av z_e$Oa5}P6ygOtUZ^tuXacjne2!q=@df(3%Lkt)nj1AXIma`G4s$@x4iiYas832Rl4 z^{y4xe^3A~8A+t^wEDx=9OPsw!&isK_RE~(_rrq6^Nf2D=XWJMG)#RocA^-k+h@Wl zNGgiD2k;;^;x5q-8!3ZHmV8O!6su^rhr(YzSztRYE`{=#w}g zYk$ZflYsDV&FTxnOFQ;>{Y4L`pHS9XjoXGc*G+^;L?9@6KYo{7WLRTW3S8IV{%0N= zZ*{?%ospZXtN|`*B}x9B zYK1}p`YZtGbNi>qH`WnWMH;3uM4y726zLzxH<|{k|x`~ohY+GZB z6%5JjM=t!KC$XFadXi<~9;34Pyi(hrBN=5Z<;}35|3U35<+<4+!7|*JZ{Tt)z%xA2 zqwg)vZ^B+3fW$!42;*c#I0@C{78(LA13enF*J|IvR;lA!R<(5}slv{26o2!@7#G4} zTrvx#70Bp6%nOGxh#WpODKEqqcX<%6a^%52rSUyWkyuBb*uCAZrh&ANdY8


MiaE->EZ)+?H0*qcNS2)8T*{&dgvr4MaG~FCCyCm7uP_x+XPZnFF;F?wY(En7e}c*CpzXjb@%YC5ZFf` z{CuhSk&}K~^=~`%H?X5KR_p|#_JM#dw?Z@$KNb?r$FOia;%zkgC zpXMsJ5!49A-IzkFL!Qmx4#T+0ZO@g5H~C(I9hXEDvg)5}jLO=BS7z@wCNA~;;rTeZ z=uk~FT!d-9QIfL?SSQ+%KbBXS>saOpb*7C$!~Mom8aSe_{Ib_-!=x^K;^fP2a8SNm zK8|mekDkVq?7HjmN+b%ZTyO(KJo#fClkNB7s&4BzXsj6M&=AT{sa#S;(u7 zB~ltKy_~VN69j0n?Yvjp)*S}IPUlUZUC7AJt`88lY2EY7sZH%RW6tadcm)f{_9AelQ&V}Zq{-+&L5JjO zTNyJ)?b!Nwh;2T@gykzfjrkrv2?kP>CuY7`zx^gwhNFblU*LaAiqe)ddL`2_HY2^RV5HA2EFnsT&+gU8t=?Q zTyF1qlnV1MSNep(Odo8(^Px^g5+;rbss+9ubPEe#lp`8{o6GuOAi=*)vr4sH-$w9X zTriDAs?MaUbUJ@NXY80z$^FoM9SLO$D0=u2J)t-XRZ~`Bpf$uW z@e)o2@b%${qYde-W_G>SYkhOF+zViUk(!hf_&n-~B${(gcm*y(HsZ6+4s5K{Iy#k= zLyH1obOOQ@sZF{QF0=}*6FuB!x|7YQ%!=HPp%#ZZq>cTC0CRnrzG)P4WyrH*YveYd zCV~uiL+OM#J;77~8Df{|adLP?nnl9#BI}RT69vG`5kfD@lawwH-MUpp(q$w(fdO(J zh}W4X2xA?DXz&x&{>v(DnJ$!qe1LgJg4pcqKS&wTl=YFK-8T{{XJBtpABDZq9IP(d zE00DS5P`JDcb3q&kz}r75%xkPjkSUVhE{ii4nhtXG1nKPfHc7B2Tg;znnMppgMfsy zP6)V@1nY>6ODAt;b(6aRe=UIz1=3gCQXZX~ejxcY>wVr>or|SXZW-I1Z6^G|?@hOk_1~3WrcmSAS?6DtETwoRg)gmO~@}m zyv@Ty9RDrKOCbVRAdU*d*;ZwKbCm7cSL}U8`kQeMSPH@^O@($919&HT>}#ph$6vqg z!a_3zi4q>d3|UgZm83Xzc;VM)O~0**_eS7@%IwXmGyZ<~m%DQBzW-(wl755^C}WCY z&?cbdw3_HyS^zhIb~*9!@ViGCOuygv*Z+q^<5%bLKe>Ug9@y7EBhdLFjPSQS1kekR z1$ub=&*|WI|GzPGLLW&{0gERqB3QG1N|8wW@IVLB! z&mN)w9a?%kLnulTr;bp_A!`#kkY!hDjnu3_HtmGOVo7%dggU&j2pMeH1%)WJ)q1fd=~6JaA=cz2M`^C!X2LCQ&%CI^6g@0I)zHH=Ww{0=t#)DJ2zf`l+a^|c?7abVsICN@tr zOpsIkW2~|uwY%rf2qc5{tM*{w)4g0^T|OCr0+SWqgB4z(1H;{Ezy0Z$D=4R`3iSHk z#PYb)F_OO)1<;1{q2z_TVc>mJII~IR7}QJ0BcudDM;`bRKjL*QrN16<|-Al>|r! zcFtcwK}n$POVLFeoA_sE8D)A_^)XAP5Lj6af_x5a~@oKx#mG z4Jv|kJV=o)U8IRq$NOr+_gR5bH4X`@9+1{{p+3gow=DgGt8K? zv-etSuk}37r##>1i;ik<9Yz2S+(^`?M>l8Ro5QopLB7Se1e$kF&c8Gi?5j&8n{F`y zKW|@9aKB1+^vohfTI^-d?M(ODLS>I33aG(}@Kns&Zy7>$wghS*pu9`pI=R+Rgc5}3 z9$jbzVOH+!J7eLQYM-XBE&n;9-dSD{b$=C(HuD|{C>wccEd5>%)P{ztD%TtJ4tzoL0h)ime^Wnjv=-ud`U0qE2nt(8(_Mc5KI9cpw{J)GVsKZ>6siJh|T`fic z2H*6067X0478nB(vXO~ZP_!j_rY?0xT8@LloByOO*n1MNX@HA>yjIUPo$3h`z6G^L z0OndwgLz>rVck_QorUuuUHiHis4^kdc;ts^;7^VJ1V04&J9nm*!oI4W1hIr zRm&!;PDec(cZStXg{JiDfi5u_Fd#Z$LY0B3JsSi~im9z+<0NKgf&vfZXluC!sN{n!6>o}~kKH@o-C8r(|dJd{P(RngV5GFy1NC~P7Y#0bM7Xs&Z{hTjy*1L zfGCXyT)W1{X{Xtvh;o}zLy6KfWC3d0Q@(;Dhi@oOR15FFE>{ZD7^JeHSZ2I)@E-^N zq@MfTufg_T(*+J7VRCF|(P;Qf<1LPoNnm|y;hVP7>##Lb-uxUeNdj#l3VO|E9mr3+ z0w+K^;f7yXjs}7n^BvPP9Z`x;01u6aR?a)jl=!0)^bQ>Q_Z}b6mVa? z#FL5g-K}S@O92C{2H#mS`O+A;%*p}?RsOp63GgPH%_>6jmsLlL&re_C&(fGB$~=}g z?Es6SbYl9tQRwAA-dj{@9J58KSc_XH(;rpeE3px{kwk&aT(Vf85kUV%F@p}o7kEf~ z(4Z+q@359qi3R0t|G)#eVzIS)yZ($Io+?1m`Ax}zfL~FCRj_?dzS9T@1<0=csyoKM zAdfGSFJ#4fje8_X`AC+(RaBzcE4hOW*K=Sl5HH+GQumiAM#Gi(k8b)xfBqSsdDBh@ zD$Zr;{_8#f$0bMh8|XLS7pS;)m`wphUD3zBgWTN=*8?c~v5Owg(ssZQYvxB{z8v+H-0ZZ%+ zd9h7d6zYeTfCZ6B1(H{|3V`jKE7n{xF1`DEN7zlZebXQn0W8kXO|2Th83#(FRR#T+ z^*)w^gAIqg0ksr^Vk6{WU(=aJ%)3f?&fKPRT{-s?FFRG<6`|Nxip0;p`Toae#?RvX zbCnlcdCshcP;7!-CHQF%g}8DtJfvqpKjq@Wi;q3!dhIOUL2g{0Mc+qcmg$a|c{cQ~ z-7HYzTV$T|(DU~6)Kk#Y3S9Oz{#f_sL{FH%EI3=R#0|j9(Z5CpuGXW>5s{Wkkrx=e z0hmx-5UFj#m??+xOo;epx@$6fDUpwc{Uj z0j{M_d~W{%lr@FV>a%$?9PBPPlBA>ygE1hWGU-VS@(THu0ZL4eHRw1v?~~F4*1LH4 zYdEZ`7G9rHTv&(}J>XG+D}sb`9O4H+oKPOTCy;vega1QvIU<+0dC2Ea zR#>YGKSVEYWQQT3qFY`jT1%M#mD0A;wpVGyFCTJf)!e?Tb5>QENpRyPBeaY*HIz&9 zE%uiT5G}eAn?C^yVDh*IYgksv3t$RRi??o%VC5;#`}%3Yx1Q5yKzHcT3HYe!Xa2r#<_(Fz{2-yfpOx&E>xexd26&mofnq=d13} zEI5$A!XFp^q#F)R{S}^lIU<d*~8y`I?$T~ZlEH_Y(>8VpFhxe_JW z_YK-WoWM=%AE!YaD;x;=#}6n_AC+6!6q@jKkVYZtqhpmIvwfBlTKG*bV~ z6VcEx{h$1dG;8T(on$J~!@XutEewqJHmk7o7F>wLJ)3N%O~lk7=3{RVvv(1x6xR;^N=8 z|8Vo^H+b`QwA22a8R5mO08wjUR$)6^b$nF;WmYS!IB{(v2TY4@cY|hQrIM1PdH?#G z4fbd7z@fpFu-N8IWW%$eI#K*2>frOH%mi%LG5$p$b^Kg;Z6cMrXHk{*d5j8va4ZZ$ zm_^N-WKDn;6KKUA3Df1Drv(^mDBbXLtL&pH=7vob*1j@M;|d>>$e-$$f z2Y{-ofGN^5;A4-Q@2Ld)`bwP2$*zMgr5zyxl<-C^A)(wEfTb6KAdB*TJDTm9X>zG) z{dFL?jE$~2KYG6;)lj{nESZ}Q06?5)v~$A4xsQi)tv70vIa8OqWrS9)XKoF#`jgwW z5*0!zX)9A{9Gt|1q*2=*#j(Uma!c4Djfi05E(s6ATv`O&Z>6`JcR0JVveJ4tjH_ey z*i5YfEOk@GkL_5Y4M_=_lrvN1AbP(=iKVV7*=FtzgWkfhX5UO!HIBT$xd5UXA-+H= z^^OOqOvm{Srue)TQfrygA6qXl6}F3K zOt!gE@-50-j*PGS9;^?_bU2M?1O)+vb$gx_*$Y48)y-zvv! zK={EpNOpf5p8<90Dprq3^O1G5Ko&cy=dJzYgtWn+tWUwB@&YZ)DsqgQSI9 zAK)ZA_~`RyhL5wzmPwBx%~Jk{J*FN5ss!Q<$I-TC5|Qmu>O+Mu(MdoKc1BYl4)0cP8IFgdt_-zVO*UJs;Br|pch_gjd^kt4`A=khO&qi*{4g)kKE4+t%b zB?^sF4Pi3-L1d2XEtF|<-B!AF>bd;WqnT;aGL$(cjVgh1-{P&*=sAUhau&N+Y4H0&yiy@M;gNMm<**IEne;LUqAZH{E2PqZ}ZUp zJOKmQPK!&<0?pnNKP*tb243H-iFVY@vGwzVSG=z|YD!x1VK=b9?uOWPw;0yjIM#TY z)u8GL=}tRgSSmzQ*dZv2m zkw%kF-EJ)CiK|+yA`W<^< zso5Dc;&Pty6IL#U9h8(kN9pf}Z|KyxEw8?#bO~W!(BYO25(nI^N;ZZ!<#Ei~smf|x z+No>3IO{R|!86rGsR0e!ke31r$z{}it;|%j?LYl_I=d&TCFe(WnFOj+A zF0CW7I*(P#Q~C(RC&Yl6|V2sx{Jy|=z?0dy&PH}Ha#H1Otk0Nd5AnC(JUNK_SO&M!L)&kBF%Z#^7(R2mM{cgEs$MFD zU4c5XsJdh)Rz}z{!BGb>`V58ll%1{4IV+1Y*-h^BeiL#WqA}46KX1Topz9l4d|#OW z13T{U6&wE9C)@%N6u1%bWq-h9p#)!hH)Mv8QsB}=3{GW;$le)m2ty`*Tvb#U>4QQ; z4rJG9?NmU)m(OBreI;E1(&`nE2)V%fn*!z}GrP)A2fNIzupoeAEhd+haD$Wb@Qyi1 z1)NdyAnTT&8f|pNJZ1Q#$qVgPP(0Rlm$9()!7C%`KIT%o3N;XJNkJ@V78H@I7+&Tf z33pGKBq{BglQPAEaz-SL=za{E=UliP-_ND6T}>`fK=F)TpWErtz(0R8ZysQ+BJXpS z8Xfm2J{SYe5xJn(4BNM)DKq-zhW#RA;@L+({Qyyl$>!>)eypp+EgQy2V@8*Rt?g0g zx9vncs#4GDd9#Pn25LTU%-Za#-;K!g2AkSmGx5b$zCH3NO2nyJGOPA7xe>KvZZ~$R zg`a)T$)6u9iI z6423LTIoQH&mEA|b+d>Re~583TY)j(jWi#amN9(7Ay_eX;^|s#uQ!@QQGztWadop& z3s+zu4yH38S}=?Br6--X-TMT8k(Df=a5?Fj5_~pC-$x{d%RcVLK{~0IqjQD>BiVhk z%k9>o?j3wiudhE$>y5p#DDmS)YG#0KfH`C8&bMAqf<1frgxrOT?BHFtn5o-)bLZ6S z69yhG7h1$bhTyIh#m75ZNno_lwx2%D&csQn@|Wg@X_ zyHx)!E)`!WI{vbtx%oR~t%7tAIZItmpw2Du%D#O)p*-M{3DVEgKLaZE*eMg>pip!( zj_3ty9kuu>w0OZxsfnzpnZ>X`uJla?fNDq~pR#D@ybNc1B>!g<@@2Xx)+^yrJZbDb zeb3;FT{Hi%&Zy6~^@v8~Tc{e=tOwK#(koq7r`=wBa|ZIWkG1e;{hMue_mxF)VtOM2 zk2Y%(mRPlgm(ztqA87gyT{&@YzX**c{f&Ra3~aV28;v%Ru& zHC`c6fZej4;XGSGxUw~8O9bI6;iZ$-nWC$GCZm#Al*lFr`&8w`2c}R39L|^BQ*A;PzZ^e$T}i|x`O3%$W9DS-eZ?oi1C zC8ls5*VVlkbmsk*Vx@q(rV5D|37P#Do?dJH>dhJS!&Zeu0pD;>BqmZq*Z$rmQx|9v zfT38zGwlaz<&OQe0O270`k(_5nDvQ{ja~!?rgNP9ReK1PlQ*9c5eKW2<3JW=a>>s; z5?!E~I(lI8-m2U&XAM%aC{h2=xb{JNIRF$4TI{W}Ozw$}-lSywvz-pSI&Z&lDRfUb zb*=%0=UV!-^l~{=h-7}bQNpF>wJx;WotdGIFl{L99(+Qy?yMWg~O~ogtOOrS-8@idhPnMCW zUvI>!@4#5@*9IGhlyLBXkVy-a#IyKmZ=@vO__c z?#w#uP=&)`t;fi#=D3YO0n=oPSdtj8-tRZT?@Q0fIa?`0v?$Mu^_q)x@uB_MGBu_l zYwO~MjKq{?STj=nS8f;V`rBY*POncJ{&|;}&a{8dn9PsV`EU%mvGpA$(HH^ei%QcBq3g zZ^hBKN3=Nj+M<8HI=m?;a%<>26pyHD!CJlk+Iqm=SOY}W`dopvAbwA5P823suAmOk zRLs(NNg0p4SM|ICR6{L@#0@KMeCV%!ZKZ0>tQ{HmxVdizRdG!y+eIbd_^0SqZ<)6F z|0!q5J$;W;Km5Weo|{1=Sv7Xpegsk7Oi+$t>24PGkL-Ih|{_-?OXO&`!B5FLYHp zQbg59#80+yXYs~39OZSt^K)eTdTf_?-GIrH@~tHLBSX$PU9c-z(h?y39V^II@2UKQ z{!ULQ!RZDYabn1AWp78A&r_6LaoZd{bzPlBTf<*MBw|W#W05zYo>HmsYaK_B@zd>T zugT=~zmUwWGT#xztPomu;G>S-GLy+7`JD+8J((lN_&dLeG9L=YK$bsKu&mVv-d$A;~u=^yE@PZqX+&hb5eEtD@1z=DFCHT=2K z94+?oVgKwS@9vzpk2Th8i*vIflD~5$deMz{&qW3+yFKr?%=`*FlqU)Fy+ns2=Ob>H zxX>aN?5}z+is86wgE5si{9E;`&uRC_D*<@w+cyTk*$k69w}*!u^zaJ%qA3v{4Tk#P zPCZnSdt%Fb+~lAUH{Q3mh~tgEu*V8-oZ(Y?P9=PE#Bq{?jhz}N{bG+-Xl1+r+G#@Z z6i8w&XGw?W(IPl_s~#{`rD?IN)Fy_Tcd1cQ12%Rq3E*HqXc6W})6rvB!^Zj>n5MWs z&O^b4=ZZ)Xm$tw4tUk!{X=v2)z&QidVb+}5kVP3iUp5A!1q7z#A6{X3F67JN6>cK=?Om4*f* z;oR+ThT$h~My83(S(i=n8Lq3IlF_q7fK0<9goAEa?c|K%Iq`Z+{E^{Re@htAlKDv# zzQX0^>RcXACNnZ-*2)mW(I?K%{~=k>FTT6|N61=j9%?y3bkro?^4U>Vuwoda@Hc{L zueS422ZN1Q_yGH~mn>B9omD%vZHaz3d;W7Zd$Zji=HwSA{s=baR;LcNM>-^79~^oP zX2!A7X^7}!*XFMpyj6fQPv!AzpYHx_ychVrQ(k_KMZ0GO4hG5ENlGOkCSj!5z?%_% z6GJl$5zZzS^E1_(?$Q@jb@y6cT6?bFH8hCPTGf&}h4Si?AO`=7bq>?<*j%e$STU_zH z>erI;4cvi&vMAql)l~*P5$2L^v#kZn45zmIP7D&IN_X_=4JkrGY!jXnC!R#lho?-s z=J*DS;SZLa{3j1N)b6*YG#_%X?^3z5hHa{?sYTTq?Ua3+TS;`{qD;3mOsw&#+-n4A!O5`C-_06dAJZ!}e?d-Lz&m;qJZC zb5qq__y0La7^Y$u6dXGHknB|ExKEN6bRCbG6&=^>7xx;yi1t#j&EQ0h!)oAB1{(FR z0j;Uu_Y@~u#0L#B>7v(kEN*qDxdQjXe%t;Q_(r6`HKvKE{JUa-_2?w$F5H1x|MT{Y zpM(4gs8qUpE(fzq9ho0ODSlgu=!;qUBH+xSq~_o5jpUtZ+*ew|bRKdzVcX-Xsc#WG#7YmvB?jCde7-c zscHXSGN%vjwaW3qa3jxg9OmK%jBX=W_*}+r7J07ucYb&3XD8|ifygY>wB(b8!!^#Oq=2U#|o z*Y#Q7KCFGc?LX8{(Z7DnA%v$mpRzw=XM^?HBl*V&X0aie=GH&n&$;_tFfeOVOe|1E z+4-K-vBEc!e~6ELWseT9y2%u|zon@`F|N6Nba>DibXM+jCTdtuY2Ymk8$|!9Zq}3^ zc4(gxv;Ow|b}|5(C<=DpucFGDfdwIEXabl>2$&OPvb=s{DO8|APd|gz(7Wdh)Jb0X z_;64DH0hhips*aOth4a%y(7!A`Y{<8iu|rnUL#a2;nQvvY*EFUD?V-!D}7HjxLV3T zV|n>eDh?4izp5Wxa`jmP>3l+HjUNa*>?%wHNK9JqkLFyXsLr=9H8U2fx?ZRSWsI_+ zvK=4TpRj>OlPdU5*Y4#L2C8ww?8t#=y~0meZ>sH?^$7e0o|w-ZA|`cKj$XTFJ&sH= zsgcBS(JVu|z|loSsRJt96|;V-);pkcb1PYh^p0b-ddc0~tg_Z}ak^!C*w4~YHgVp-Bhq(IG7g5NC39kPp~X6BUJ1Q9G%q#a(1J)F@-nNwPi8xI{~?UG6{jxj>%1dtpdMJSX&bx zK#8CRRbBL8n?+eP=5EODbyeG_)G12BRXRP^c5)`Yt?EXGK{9V_S!L~FJZLPo^CQEb zYp*iK)ppHaU0XZ|#c&a~wGzgIwG45&a6UdLXgn@zEpXa9CXhga@16Hw-bXGg9a5vN z!uvs?>Sqf5@SV-Jq<;4?)=2fH4EmmR-d(E&EIS*_iHVYE3(^mt~psxo0e*2{w~ z!CL8U;3dC%0bWxb`dUd9yzA&wsHM`Fomfg^9?!;HXF{y>ssqod3l9_NHzRuf#y~p8 zphXR{_kCOJveO~ctV7wi0E*|8Q`BFl8k_O+O4J=EAS}zkcRD3cVz z*tq|`sChlY?Y!F$yh12j;ETRaM9?xrfNEX-iu;AAM3?K#epgbjjcQ)K69i@>+q*#% z+W?zk=ID9t0O|@gUpsBl6r2R!LT@vM?PXQ<(KeTCb)?cw=dxhTMVXXfG^DV5pE#EQ-4;pPU#*TyR>F3SpU}IY< zs48$+`zjNFW|x!P9|XW^&ZG4w`k+C1w{^FLVO%JQF`p`!l&Pvty2Ds_;ZI%pyR>EL~)CH#jrTy@~n{}PkFgS(N}H&n!_EZGy7GAyd7qx zOn5J!gs_OrC~63Ngt5jxKkP6tG#T-%?%NY1ElaB3Zkkh{e5%Ilpn>I48>X-=?qwpc zLQcDOhz<7s>&XgqJNG(;Jd_0#7gK(rI*FN>Q?Ajp{b}M>AXlYuN|%}#!e zg>T)KCiME|wW_Ia6OveOk2iVOSZO7y+MhT6O~~qQ{~QT4Y61R*TEXxC3DyBRVy)Bc zbMR^fs$w4(*k8M{<-fWMon~;~MXpkF?+fn}Pj*Tdo>37#Xur83f566HU@DPSQ~rQX zq_qcgxLJJKZK+j^yDF ze%=JqsCOi<(omdqj?zCojDMYMt!K4Uon{A~aWoe52IA#(0I2%~im_elAX zaj=nLPy;dP{v|T10A2VU3IA1`11!`KbVCof>0Q{gT3oY=vK$o_CXwq&s2zSA`Zab zzo67(Q}KZYiW{}%c9I!8;{LOx(c_JdwRWjB1c$9$5(b-E)d=6WB&p*woE5GBmcdi# zJ*0UW^-l!wU$6!K53%+CmmvKAFa8X5W&6V+zyP|;dMW0eXUs>FTB82PFR~GVWqpdr zp}F*AC}esGbU8K<=c0H5n0p}R8woX7W6;lydZ2%S<|07rr$JnIIRwxl9_vhV7|nC+ zwmI?@Yd_^~S2VEW`%V6n1N@LLp-fzrO53lMo+m(-K;SxnQ-s~1rSXRf?psrA6?c2Vn2(OId2V#FBBr+LB@#R(Em-axBD6QughRU`xSFAnaS0NRxbAT&CeV$Mn-KRh=3~V53bGD#-9mt@ z(sf+_O&}Xps|HZsC@S^sB1GE(*5sZ!yXL_6q~9FC>P~<*~ia989o=}f5xe(^?C!iNI!G} zs*a9&9Od!QUZ$i4?G_g{MgPqOSR4leX!I@?nB^>zJea*2|9o{qO#}^o7@sl^Xnly= zG(Tj1C;H%bgZ-dM0ny{{^sF_z4JB|fk-lXb2DRty3>cUhhxB{QQx(+#Kn-<`>0LU2 zvI*z{txUz~stuy=7uusy4Ed}|Gr+2(LWkxD`~P;~Fuow4Wf(KPKM3KgfB>mRX_ZWYf_M{Ao$Qsw}qWG&~g zc>aIRt;DbmuN3s!IP`l1l64~ea11bAC*e`R55^X97zd=b2?!iaAcC%#Lt;R$UupWH z>k{F-@zqm>fnfN{_M#x?E2Qb~l~F&JvND@w;ljj!oaQw|-1+^{jt$1dee+k42WB`9 z{qDd(88NrBVyA>%BLgtr24b~gEk9RtLsSFMBR2&It&6QQ7@`t1@uk2Ds96D?9*hC? z^(sJ8Ms6afi7a;Cfw=0j$ zE0XJDGJ4j7F)xqujvaqDaz*p7L;YBm7_gJnhdKL-i;1mKfx~YR)1lyI2vzz085YQr zzPOJ2aUqLU$wLg7Q96Y+^Z~JJ#*jME213Xok~Jv+vazRZL3qtpEpQBRdD4Ri8TRsg0;nQ<3Cn)8z4VoRlL;d0asVJV1FPsXgH(H z>D~_@XSM^DXJu(hL{-8Ml~c}C(L46Or)AeJ!M z*@a{h2j&AaTr^P)=B)qRx~j7C+a^GMB?Rlg2a3CoBk~xq+~c5*gp`r;pakGUgkMU| z_tBMmWt$278%)a6Jx7hk0l`V$ym76A3%h}H>*V3tfb6&k=##R429L&NF+Yj?Wg5^2 z+W(FD5rA78C-eDbR_(||XbINjhx1Obi5SKafIwvn1MSm5nNz|OCqI{L?Zim43C`=k zhV}RSvnWK((pI_5R%PxxK{8V24fQzDQ?F((;b6d{lm{LeHx|PqFEO zkbs6bDgi4G#sDL;N?@;wm3VB|9 z<2OTLK@;36-~_%*zzq&UhR)T}FMbmf|N5EV`^B{uhu`eTL^c&mX;x&ms73QFXiY;+ z3e`5$%AtwvgQ#Gj^6C61UNrPtG!X$*^P_gOU$Xw^75o?d@84Jc9e(`%Kmy<`h1h}r z_n-goumJAW{|}Y}V*zN;HN^ol|{@MDm}e5c#+0|t)&S?e^2Is zPuu%t!--+DrEAb1uc2rSdQljYq|y@E`EMkr4TfH0G8dO!)cm8V&gjrzU(=X80{s!k z@>dGP6sm3{t9g$}u%Ht9@()yH>P45tVCb?d8oZMkF zZzPb_kLwwjB>>H$+cFDpDMlXXcx#ICK&&uI{ zVK5RnsPyjerK`uec5>7`1BjnIdfkCHo#8tsE>XWXLxXXguUVrV<}=|z#a}Pi;Gf^> z*4U#$4$P3Vi%OMZ^HwPgfr3wL7kmJy2O5)<(^jo(6ru+4PSb(?2arV$$&pGgLp^}1 zfU#DEC!HF<6ES_O^M&ntr`vvH%MW(|O@n130I>OAc?T zs~>G3aL6I22?h0dWI&><2&bpxl{N^mm>i!wZsOU@i@^Djd%(v;@50&ZBQVY*w1@){ z!_QfyX6~U!vsGWaZpt13^6SYnFOQi^#4!_s1%D z*rl?m!bZB`VKbI`u*;#rl!3myUBK7<>0tx!PmO}fvg&C|*q05Ct{Ffg6%+UqTzTcD z)&%MB(H1zI9ABi_xXlbd$SJrgG*&( z(7V^n$UB!nD{0%i;1ig9$RTro#ZG+-Fxgt&<1Ho;|DL7C-XB+?|55_1r0T4as|@^| zLQ01giS_fmTu}|Lj{(8Q+q=7p3YR-?%Vk{rv<|W-gjV5n*Az(l(GTc?A1X($$s_`V zxd^h^{SN6=f7{0K`uzEF6j&;y%lij)09tbuySWeO74F$f1x7uaE4&IBoY6vRIX}%x z#6TH&E3OTS$Nd7c59kj$SPRsA9k_Lq8`T9RzH+vD;m#s1MNr-`4#ZY*kac`1p&EP3 z2D<<$Ss>qCL~Ppu`zg}!xOzjl<+Ggmyt=g@2qG#&6@~U*IZ@a?-&wlGY;-35*M@P1!P3thIawp;dH9qWugZ- z3Y$<&0)mD`b*4M)8PQKJg%)*_v6t6wRxnE7A+t`5_cC`a;QUBFl-UVGtYSb;SiIT* za*|5mC)L37XyjENOM zi_qNcKItd9RO#Vs1sACT(%hKE&C3O=ocRsK4k(_Viab5%@M6t&0rrh zLwDtp6bAQVK;OK^InjP_jt6!7Aj3@&?VNeJ*xMT4YY|&>+Y^*po(O@oEPFZwSid)F zj001qoY4R`3ICR3Le1&%QlqMT&sK_iCdG7CniD$( z89-v5nog)u4~W#}O@#~J&O|@dR2A^3cquA6kjy3%`?x*WIKX8*?)=(Qoe7TH)&@oj zr)@xfABeO||E1^jxd{YL`;)JL0?rrp7ZgjUb^Lkp0S9S!k=e(3K^)&Fv&~=h5K66UBUYUJrQDn}4~tJe zm?-SeW2&zRm~?r2H@qNvU~CI$9K4*^p@0HU92X8qs8R3`9yp<_BlUCigG|c@W{>-< zu$DG&(LS)iNTG{rUE(8VKy^ag$!LEJh(||?BQN=JT_JH?%F16|LZ4qwGM{&w41FLX znc^pT=R|v;Twq}#2S+sUeDY?}ogBHCHR_RhE!3mo$VN7q2MrF^PmjIZVFnX+J+GVx z=H4}X-%8USEz@C}4(Bae3YZ7_Nd3th&sud0TBp=L9j9e~J@!uTat*=jL}7Hzcc}eL z*$P6m%sIjt-%b&=2mGyH1r4u10mC~Qz zrpx3`sFKm69&xmzVL#U*qCK$YNXPmRZqJst-J*R+Vby8ia~!}hHnwf(UtsFklx zFN{3Xeq(4#-*yoVsmQ#tiQe=uuvDS9gro9ofO&tqaDT3k{1KD z%)P5(P*G3?d{~OMb}IPtB4`mli%vovUQa+qEV`1+H#u5|Sb+8}jhj7|=l z=~k>doB>Qatxks9i+IQ_!P$1H>|;^moeF_C;B{PU5gGGf5Dj^eqaDz1NwJ$g+9Pv1 z+-!|_%ZL%Pc#VpqsA*{~o-U7NMAgckFcUN{Jo7JXu&#PsDmY1iw`X8IFP`}wpIihm z3}lSXd=wafA8z|vZ4%BB{KW5R=~B&hNmZYN)&@x9-alfQDi27Jm3Y8(HH+;isq(eq zo@l7xj zay!uT+7Rb_I5tHfC8GlpP@%l zcUxHSsjMprx_olOfbDUNdn`jin>3HijqJXNj@gBq`9(=zZXYp>i0*XTs405#=HZdy z{DbH}EQ=Zkb?CbNy1s$6oJVB7{kmwQ)8hcNr?CB#QrqC@vs_kDW)XpQSabCddtD?G zsj%tAwR_wX{dw4IpMJQ3Fl2N4b>Tduz^=yFTgj@BBfxATR*$bu4(<%{9=7(udwjSs zY*b*D!(kgeP}9BC2Flot^QUvbak~txXA8NlsyMidmo8PCD3{`;i3^&g9Jq)6xTwAt zRv#j18>{CLpwX_$B!8ClS&;52`(+P03&k*f?9*-ev=?&g(U+dP-m^OaZZ8H2hps3w zz#-#WA7}6~Er^yr*ep!cVi&quzrg(H6dldkV}%m92xQBsFXkqv!=P`3LNi-qznJhq zqm$q3iu?W7^|W3bFVs1!BAJWr1<^bu2mZkKSV; z4758W$ez|$IG2`bcvkGt`e84(=e?#WEwONKmPP8`v#UIVwtyPRkGh|lsm&@}Y*@Cy zbPXru#YqziRQr@W7@8*qmLz~cF4cV#m1mDAKv<1^bzv&8Z#BjwznK8BG*26UYt zC`V_5GDU%PYNY#W&{^0Ys@WLm5!u@`%N$RU0RioiP>mZ6q8$UR@#{B2%l{X%!Ax|PZv`er!Tud7x$V|Q(& zWOgW}GVTMCpwjm|8HNG>0B#R~KWUX2vs_Y_5jnf)C1QkdNLaq+iGE+y_`)qCv5%|s zI{+c;W?(kt*Tt9{5vRt~>;yfR+HRAc6s)FjLwiY#vrR|Txl&XCP{TIsj>OvlruKPE zQw|wbJt>Bn82Vv~F?wXmuG$!YBAi+}DJTG7!PDW`AhAaq@dPNlnIR$%IV{S~Au}c- zrj&Xf;W~t~5-qe@wdMxRha-dn-I&p^!%8&qvCzQ!edNB>uw8y;-mJZ&#Amni!7c97 z^HOfjXSHs!9d_JlJq(g(%T8UZoO2C#z}Wh{&G#weQOVgn!*t+Qb&F@|@DqQCqfeneRuS-`X41xqf6(@LJ{^^{VRoxi$Xqgq9$Su1x@W6{~#gu1@B8|e*5Meh@ZOxfQlfKBCqQm+=x z-7*add>^_vsEqYSQOvl!fL>Vy+AY%PW{-ZAl_+$7{Qg0!g_~78P*3@TUQ*bN4&C_4 z+$%dA?za?fbHxT5^WGKC=zU|D@!Tm=%41yDUP6qfRYf^E@Z*>=E7KPnl$Mmf>f7e+ zP0O{G25jr$#T|q9x1tgh15VF^mL+28N-l{{(%r%CA?UXxtjGv8X4QYh$5grF>&xi> z4%Y96%V^eOys7(S<-1Lj%XuEWWBhV2 z2R?>hKRTSP9#Z6~%PJBrcZ09_*#)i|5Jzcyx4$l0oQJ$s@`mzcJV2br(JUBPD$<{T zX8xNCuxIS)RM-eNAjrFkgfFLFUsD8LVmjWMYYmRKmXZc0eiCbOjP2%QgXVJC4?#=h z^$FNjwCWOgc?^#Z7nMa@@!b!*p)eCADQ6xlSFkk3L#`+yZH*BDvqBeSv4H%**1)8+ z3wfq_WVjGGb?ovKH1tMP^(bARN1R(ZwNLCkf9`v~^_@<`mN}rpO23sRPE+PDk&;Y@ zy={h`Y%vtB0@Y>&nA^L4@s-#k>K_(Vfk3Yq=&ztkg8~s)9gJ_euXA0U4BakqkmUrD zHk9T2lWRtoypkF6@`N<~06q%}T`MQtzJ5@&Nl1b!&m+&d=Z%?t!jGQuQ()zZ*3G0$ z%o|7BfW}{(Yet|G6!G~&cmMZn+EUr5cBpmjfHDP8ixK(ZTo-MaYU3|uvB|jOfcJnC zFu^K)+$3uboXaR6r+RwE{X zR?Ox7S+3xmHWhJSvBLwdfneLNMR{XrhG5`~k^BY|X}8O@dK#noqpkPe()GM`pX6(I*pO?9cF4s)TQPlljUqb2d z&a>2ybpTiOh0$j7CLMPmp!4QABNW5D7)|ct(2h*Kv=g27Tmvv~jZi^>Uf=k`sxuF1 zsr*=@{Os&x5cg=jB8i*saGzl8`p?>K`BC-}GnVqztE79UXMqKjOPINpg(3hr)E>rX z9PWTw+&akRC)9Oq0F)bXz`JFoQ@byJ=*-TJ+vdeTn%U-aePdhJCUxCbdeGy*Q(eUq zeYUKzBPZw_LGvJJ>HDG1y?0cT>(@32ii%xCilCyX^dcxlx&>@VkzOOcgCM;H6;VLIBTaf!2%$-D5>yO` zh=`QXBTafI^dz$%Px+m5-dSt@m~Y;9X3YmK7whB@^R)Zk``T9tT0!8_6_HHVfyTL8 ziacY$cbHwvTO4p3s&2S`Bfq-cXtQeeW-sgK%i^u>YD`1Zo%sx75AnMkPESXM`qYV- zoB9$wF-~2RWhMpHchpt29-q$Ou5*NLU}x*k_`88eV0_ z3g~LEq~2F{iy;MV58cnKQhf4~N}uwu3uRC_GI`6P7nH6qq$YVhFr21{sq}ff-5!7o z>mKm-JI`ja)=-dR_t>^`;2R^tAp9Zc=0HFq5=ofZQsu}MRe^$+i;$j`ttS--_v-+e6ajTd9Bo0Hukmzcbj)-IP_0DdN%Bj z1ulTe$E{(vj58m@o)yihbq0`ToY2*>s9M@mSI^QCNcAzkhiB@Zj7Ko^@Z3gOB+W_4EM;KcvB4npKJRJ zWRC(fKS9!lY&d;Z?0C!>$F!y)aqWg_8)m*Cm(Q*|%IkS9wF^}m>qnlBE zw3$bS6SR14WcR=B9vQ_U3*;&3OL5;;^k=i?4+ zYQN=`Vw&QFJtN0Dcbl!Vs-V%&HIG1jPRwy)&6?lRi7?X?!P%DeD*?`JHLORz$U;ur z@dEr9(z4G?Rps=H<9s|OybR0TamF)jh4LNQjG?POPtqJUJly#9>R+26-Th-rzoJKu zwG<7xVm>z5$m!N_uj6>#FU*^zP)n7c8GlL0@!rU;MoC(psl#sp0(@0dj(?w_?ET`< zjdjgudC9fR61RQ&$Fuif6kn^wSciW;>DP1eHlab$k8T9}{ilsir%gOZK=y6eX?T-M z`0VKT_!nO3bbBd_q-tw%KEKoX$idZTU?$VtSOr2t7*v^5V*-%SRk6<_@>fx9=X&*8ma4%-OhfReX&bZxQgBS z$GB{ZLI$-b#oh5G8d@@UwN@?7m32Dj33k+{URbu!w!^ZqEKg2doUItPohy$7!9M`= zt^#Hy>LZR-6Pcd_RC;o3qA-uRLnJftj{@CR@?JWMu2!7?;-=H*$$Q|nhWnRsX0^~2 zkZIa~_GZbeMzgfoWC(p>a&p1Vf7m-i2$7J=2_iz{9ad$RI~D8ixG0e)kPfY{Uj2-?&=AsGx81OWPq|U{L3miEc^u-++ zAJMz%%p$72LV@+VdlufMc30Vz%G0j2O_f~Gy|B+Mp(>{hu?X$)K^4sP^QU$?C3tif zN`GAn38^c(HW#2c89taJ9TW_6GhVqu&o3ekB?q(_K8Mt2jDNqNlHA6fH>8j#J`^Q3 z0H7aJ%Fa-3+Qodn(_)Eo!Eu?sZA!VWk~!nv@=oI+J6}oO%OYm;rN+pQE`eEYsiS1Q z&&OcXf%^tgdxa`ehl`i$izRP7yXtRTi4PlqfZgnV#!DTN^EAqUIZfL!u!Szg6eS#W zt`lVQ^OjXV5~kj2t+CSXFK4dUF+aJEH|y9!ctTUz#iA36{&eG9MXY;Lb*>A3u<_bX z`{+E3oI2}x@mY&)gCXCArbE*&3C(?%6D)N4=$toc>E7>fp+^01QvAlmgULCTTdSHiHE%2U$#m_Q(p~armIYKd}C@;c5}YZ z859(rCj2=Z90`Ske&g{`$eX1w5PF;ijhHjT?KZ9Ne@fXB{L13MjIaNJA((Ee6p+oj zHISLpORJJA@%yAwWAZb)3YNqJUveEcmHt}2NMa&N_diM(i z6P~1HwPqW8;Bg5;C|}EER>p&>SHY7NN@yv*mD#AdHjyYpJ+<6k%JG?(>lB7DeCt4L z=q|S<(&3c26CU5C?sF1L)IIhC3^4@|QDki|&k1s80)B8tR0q0fIs|8whcgnM?vE?<`=Q`^97~;NaXw?E(Ed8-Ab7C3a zcZnzH6E@~bzlg6}!yB03U3M-mviDuWGEO>5`$Dh(l<{Gaqi(euLlR%+gV3}4E46mC zd!J3tIF;*Z%4kwm#Mm(8gWu2f3x;64aUu01-ZE;9taLhgEkx;==L>rX&&#NK`phdM zEla@lT%6n9?A=*m5!T9Kb}zf?({&2C!h%}QvFtBs9sYRLH}wqL9kZuN6(XAA7v7!3 zFPxgYn3ubdH(4dzX+#NVH7De~x6@^>LLyNBktryRcwIBQ-=#WqHT=+x$gB#p%Jc=# z5>n4qFb3|v{RpEvB&k!DJXFC#TE5ybW7+to@66FmU?}kR%xzp83tfFWeA%9Ze8R`n zsKHyvAi3faBgsB)t;zqa!!_yl7qYgFMzn=bj)U>dd!S!j4n*6bJt8A>vs%eVq zmCi~`?~p{CeVQ8lLWhx=S7JDcY0RbnMC$R(s@wggPT^LYMa_U5B#JY^7M(50qe#eH zcx5JHA1zONly}ouqHi%kKgrysuP^izZAc2s1j+MGD&g_1!~iCrqfa$A5lc%E=KER- zg7pp&@AO0xS>9I+y-CM!H{ z+hJKwy*}5ji0hmU@6Ua3;qwU?1l30!_kOr=??+<9k@tQNOo)mb|Dv=URx`Vqvj;<~ zAP+`$lKAJx3(?A@Cdwwd1xy(b1{-!K24o|ecap!6^)0+;=te=NQ;(;{qA1%=zl_dj3!_5UJ-3mO`__I(S# z=Qq$iLparlA>JRS8i?Y*oc{j9#{B=q%M|p=te`Gdw3fqv)+IXBP??XV@p1M|>{ga7 z<})#SC{Gfvnaip{$zyGr-_X~O60T1@-!2&v_+{_V$(=j!#RuYO7cM9Tv&y7}hmX># z*IiOOq^73gq83C;C*DB%S@p|S6b!cB<_Qj(^3uYpK5Q>?^pGhbE2LIa6!&L zA7Zlj>x<_aBB*@J_`ejyxw{{%~!!iet+QzgiPh9C~vIJ?xRJaXlrC#(cx0j7< z84%8*R*!L9XegbMxE47#vkGB9HG*5h3jlD=#z}iPE`nk8_>pt&4+{4_GpZN*^~3nnfSz+A&O;wZ zz$(+a2k{LVfzNddY1KvmOS`3#EYnRg^8`LdBodcuvk8bw(h(XJgKf5nD#-?A66;Ah zF|Qq{X^fA4Rt)GC%gg50K+mIgu!a>8qh}h~ENJ!`P0MGd)C^1TN z8h}suP7R1e6IT`Tv^DLUR(x7Qr43JJ#ld1n+DPa1w`MFbQn2E>9p64x{owIlmPyus z9rQ~$=-+mfxFj3J-+x12*P^2j|n-CKosH|y45?xavS38uCL7WW|^g4S*R;P(Dis0TC{Q@JkB&1JVFwYzqdT)*-jmkHPV_Ev*ot z=Wu+xks4KT7IOBYD*%6HZLrD2ok4Ee+>PnGiyf3sjUtcJsoECkFkA(q(!KBNGN~M|Q zHrT~?@_yT~(Cq^ev0^O+f(B*d|Gt3m$xPC16=q--q#PUZ(K$on4luq|fexM+&$3ng zRf<1O%FVWIUM~(TZJLmI5^{fkij@VFHF9CNA&bT4JYrbC(KR{d7_t5uNi!Zxnd9+>mm*n^R+o+hl5i8VI2Pt4kS zpvC5>+H<$Qk_i!Qqs4C5l=YLgrc3)lCQ;Zty@Kao;o2KBdxOyExLLQrA2~FPNpS5)tdpG9xgMT<3fG`00c4s)xB%Va8%)oY0;zY^i2q)0Kbh|OnHa@YMUCnbdH zHGUxM$n`$w`5%{(wi(UCvq)X%1tf$_M^NpYZc z#&6;P34mlQp$R6soP$^pA7BaYn{X@(9~lM9*)Nqs#OaFu959@wOASSSFbn>4b7H!; zJ%A56Az$B`xD`C_nnR-%n;jU=<+PZW?!l0UW(pQJIj?K)ODwIfJ@o#~jR=PcCi|R& zK4Q>P{}8Aqr%Q{EQ1gkaDB_~?;?(wr$lo;NuovrxM9pSXNrNyl5?!Sl;stFLG5^(6?e;?RLd%Uc|wu$%qXyg`7)jyk>CV zHPa~Pz14Ac)Tl}6np2$3jfrrCD#}v%4bn}2Jc<`~fp9q9q;0>i>P^UvaL%2U4D^4rcGaeYg_ULwCQ&EUH!wG)dBcI|) z(-O2r=&gzRAPtkU>e@Wi@$Bq3o!0uTryEpWbu`11gBRtVIxy3<5ZRbwT+4_0nYOdz zOQ(Z$B2j+uw`RYUYh-__j_>q&pZ4H2`a?pVeZA)077CTUEHgaZ`kcx?X2AGqFyQpmAZKC z3~+K?(rH2Q^)l6q=>>qKybe^4Mt!7vFACd4J!~(EM9pA>=*2gu}$?o-+F;n@NH_zf2DFAQYgK|7OjDG{^Y>F4-Oc!$iaD@z5rhQ#(8Vo zP>Ec{JU)yh$fPXq)5%S7u!FFi^_k{vw!c|_btG0eo3*V#VDMOz1zI5DkkQuA$!b3^ zfM^7IP^?hFGj19(cx`L&Ue?NylYaSj>%G&9=!64Ys2S>vPqINW#le~%8_LAAT~9}5 z{&q)^E>3>MqxCrZBCn{y#F^BUFFv(jV;eJ9awS&Y6L*d)sjOpc(3-G&(U0Io8NOvm z4=r6;*xPF@LG-=v{fmrQa{2tXa?gQw>PbQW2Zmd|CmbLIRO;8Zy3H*1_x*L-28>3L zZF~q{^&3$2M}>!wX@DF0t8Ka#U}37?3YP!k zhC-RVMun!2_tFI9ABG3KYq8_E_yD~^KdZ$jjhK|&iSwy3rBf#;Z;30hx5?{N*}~G% z73tlWnvz8czn$$k>QW0>gvV%EGOA7G!*iHQ@L7jKtbGf;&>*bPxGKP{az@9RRhl=joXHi$!j1fi+%vUm{)D2&={8wFt1_}??X8_vqvUlpcx5j^4 z5oVM1cEyG9==6SpVD-gIgOE(}>(b*V6swPOhNkK>=YkHbY%gs;HO`U%a~5#Bsisk=#`<^?5+`dJ$rSm|69~GVkL&=;vJt~u zHW3@QW(Tcpwu3WnrKd_^QFMP>dvByGc!UF8RY)kpuQbRT@`6x3#dq-r#TZAqc3!~> z;=|_di~g$D{wUh+Dj>Iw-q}KU!g%Bp9^=wY^=dFh%x!2(4J+n4Ge$1uajlDj8v8KE z<$Nm!MV&>$*(LII)C9L#K^m7s#SE)2QmW*bJC>+tD4i{+S&9F1QCqX67RK9%gwhsL zeW`@T<1OT}NjWm|6wk`!q~HE>cC9Yh#Eq!)KjmPaMBynWLML+1@$EwW@?N9VYE$2cmZo~o zUu)bS3*9>f2DOaS46LDdO1m{v`j7N({djcn``(OPdO{wmR&E`5kT1xatJ0TfmiIyj z{MxKRl`F-!HBzPVsD@?ofz8kmTf6e(j;zlgSq_!*_%rQxMfryB`n4|ou{fPm`=4#+ z|GS`sV{DUZe{un6{<|@Y{{;srU6X5Equ+Mn_P_tA^m3(gfk==Zvm3r`;xqrtpMZEk zI|BmZdF6gr-v&H@2AxLjx4$sZiwL#}Nb(=z+$cni`M+OQ_`iKx_U&<|9e^sZv8&Lm zZLc$rK2Q&eAliew`W7;4fV$>15;=LTH<%?E;Fq%yZ}o^Gk|OEMsaI&K=raB-E#Kij zSWq>Ba57OjPW1J%6o~&Wiz2y{3k@6`u6`wus$dQd8_6e^sY~jA$t6{hHQ@ulFrPw)k3b8`qU)KxCI1%DqXpEaohIpvSR6hXZ)CSjDhd1vInob~4h! ztxC^We?zQq8mHhVAsSY5WNQ;hWj0BM9L6YH&|Gl58J14kZi@sB^6TRZ8!jX_pCE!nD=87|KCTp9 z?#uoLrUfAEUw0FSoH%pf#n{jYK77ourVmMrqHdGz#+OP#Qo1jsK?W@DFT4`>-&%vq z$g`u}eQqGh@ZS3!6ZdDJG9jHwLjf~FGwfxF6aoXDm5`~@vpQ!jXjE0AbGFYDjbwi& zZKs~b?rj)r_slo+9DLjemG{j&mX24&A(P-Bkscnn6DH=d@~T5Vk42F@WdGy{x356$ z92sehlsa7X18%%V(ARcMRlfxq`^~XGs=)8Ro%{4Vu$Fg|-r{7^SK3mysm{@c0fAJd zRV{GY3pI347J?-3Ff3wmI1Vs^#$TM~6euG;yF`tFssYa~|I~ zxD4gwB-(F2(^3%YXE(qOx<#G;fUxgR0^d;C6{x<0IS?%Q*79c3ngt2MCENC5gq>>1 z?k?RHu^qV_4NJhGXy39;)zf{IM7BzMbzSS)Ilh}?%xI?M;Bze?@BS?)X%by?s2tBx z7qX<;z}~nq%2qn9Gv-u7()RBK&PV^eZiYSq+NZb^I?n7!8&u_gUgTT73*tw-(eR{8 zsW4)Qh!mg4_(B!F-4d>eQgQAcFGRw6YC%fVi~+n_j$kK63#F?PK`a@w89{+` zgC}Y8A^44-nfc3*) zmXPDU-)aL6elt!U?T`3nv>$6g)a)vP?b8?4ev*b@6;{=TB++?NI;DsG>DcZ%B;_j_ zkewB`)!K&fjn#__{5y6Mjr9dUqPS zoqF#SE_5mBz+YhGK1Za#&4M-Wx6(bP_`MV`(!9+xa+2TMR;g-L#Y9PFKZ`g5Z@%=PR z9A?gB`b8~g2$v^G1!3-}Z&AA%z|zI8GxX$LcXVKG{BhM1zygZ~al?3?4>$5QPW$9q zY`0x7)sd-X&<&k5o|zm;e2nSS;`o7eYPCW(r@E<1Op;wifkWAMAhr;;&c+&kAFDJd zwbde^ghL3%ehPWD$=v&p@G@p-yKcldY)M`8eYMV_{|g8w`b%E)A2LtrwPRN6EgQSO z=%(sZE7OY}zq&a1^NL_ZVKj2a)fNTeRukwedvS$ zE0WxXYzPlt(g$3y3%gp1oqjAkpn#a57_IyPcj}%$2}782!Ui}*w%9%7MGSe^OoIVq z$V_J6(Js}EX2$WxP@dWFU2*>Wp8oYm8fKH!p{S=KVkXS?!OUst%AHnVO3*kL;UF>D zqD@=+(y@euDZ%HCX1bEjys=~No2d-*wHwp2y=t- zl;5v$3H=jAR{owLCZ9;^Rso8e7`J8O-}@HTv9lh~fygZcqD63VoN~$BKna(Zo7)mE zLnz$wrADp|LGcbB$?|${1TT8$x^)SDxCdT%oEMjZI>a`qM0v_NudTeF(H^xPOFgcY zfS%vDVvd%$?}wXx?SYPeTWE=HUSTVhufciHOI>!6Ph8bognm-5cshl;gdIs{@i@b+ zT2;TZdT2ApGvZsAO{&j(bH=Uky=`R0FrJ|Upzi(;?O<02qiUmI8} zYB@xR_=!$FCOse>9lfKSQPjV2 z*R5>62^h$QpWS9#fYy{vT|uSz_w&EhCVq{>i38$~+3WC}PutU$MA>bPm<@@^GxP0~ zCwfl_9;Z9b<4@Jh<;xd6<%-(sDp{+0Y$;#0^Ut2P0x51_p;E8R=E-dSGHU>F;B7NN z^CGXi;AvA|8ivzcKMzE9vNB;TK5o?$Cyq zO|kNdA>*RklOM4<%#|Jpe^us@R{=-<0-7ApwL6aUS>>qUZmNq_;)CsiTd2H zLrZ70O{VO-z`gGil$;3mpDlud++njC$^6`drZ?M^ z->SGSdbipr`js|nsB8I9EUjAW<{IOcm_4G@MZ(x9PW{g-RMEq)1 zZJU#7L0d@wPAum+^ZO!8jZh)av79a3HL#h99+RgmC#ZGRCp}@Gt?k%|+hm^mvfZ{B zut+^zO}U)hw|fA8UNGPaPkB%dA;2Xr_R4xE+VWYpTZ?qE)VfYi$#MenpTFDh@+x?+ zE8L^P389m$eT=QB!8%w7Y`f2R&zlsMVQU+F?TBuQ71S z;rc{Bk^oYvpJiHxX{Z^G_NX0qY7EH(3}o+*ef8~!5k>Lnf}3=z_7QX{udxqaLIR!# zs}#R7lhI01eWR8cIL&)7Oj%>kY$`S;iAox8-8X)n;iTUytL=HLYSmNg$M?s2Ee&sf z{ZQKgC-p*DVw7l?mG*U;DRfYk6B`VH{3<*2m-`bsm-WH~u!R+6{@5!`!M@a?bmyOzd${w6Q zbI8Pn)XrH-Q=n7G=2t#T#iv%V=GS}sYIA^;O)|$SrYDZ6Yinu z+6TZxFJ_A6kJ(2xa10n>jGzw}z!N_Z)YM14LuA5>Qdf;qUNuotdTk%w1-N~%P@*GE~zqyL!rjyAmYNYDYSH#9Cm}+1fcV zB&3?urrF@3{?|a_{R9~1zqE$D63||c&=y8IY?V4rcNHGL-A$N4PMT1~kB2f*MbM!d zuQqUeDf*#Y4u{=9h_z>n8E;Fc&<}hpkS-by;}ss(IiUzGRU<@s6G;L3l3E(R;xDwA zE0DBi_pc#s2KkUK&;R?$QeId`6s8yF_to>t?P$jU_2Ypy7x?SfI`A3ouYKosMb7_0O<=N@D?yzRpn|xZV?RkuidSz}B`3VkGj}uBh;mOvOd8VXFOO1r@ zwWcA98^W>aAr1@F&^h*iNu;HVN6lUv9iFBRpMQ)xcExAN@BRw;612keNW&Vt;Yepa z@3r|c*i}4WX!D(jS^XIul%E@gN+L%5F_+%Ux`o_Z?%R>D_9^S02!VNq8E8hGstk*f zU2KluS0i_183a?}{VFT`OOCtRKg;3zt3AdBQ#KC2gL|qm#);_z-w7Xy?Y7-B>N|4f zSameTQp;efg18;r03RPU+w}_L;s)R}sJhN1G8I%pbex;7tcUl0kMpVG-pk{@1`7{z z;~;c+q~Tcf+Mw~22dEZz56P=pFY|x0UXVLrjara(_5JzzgSC2%WVP%- z)^;X&mUb#yuK0+p||rN z?$Ck*rcd7B225!du02>YGw3_vWH{{H9%{k)DJrkl>;4Rf{pM-U^G*YA-?k)>Lnt%l z#M#(@9=H}M1!#!L5zkFz5oYeb$h-8ClP>!8!+lz3VMK9&9gdshU6|o5l0f?MKGWZVN#;QgTKX(rMMXh>D- z63Ne!JlO35v*^184sNjhdunZ+y-jx^qsZW`O^DhU*rFv-X>9=d^D}NqGDHf3#~XeY z1QohyUvw^Fio+3CBl$&gpr|e5 zd+ktZ)|%XTyM-#cl7-|^psB5X3-i}xn(Gd&l@!|974UOtGjPabUl`@k;gpGD3&-ji z@uZzh{a}w*Gr+=J%fJ1PGOTc~3I}rexM@odY2~qz(=c5_6eW!lO1hQ+9Saf!gWT92 z_x1FnF;R2tlZo+S*TbIDJ5(wUfrno2^dGM zKD10dy|I|o!G3t~Ij)A(4mquaMq(p)2R>eq)(O+kIk-P5vG`E*DrZ24Et$R+!8}{0 zDkJSG;F8g=Gi~>7KB1!=-E)0er!d_#L)+I7h<<#q#FW4iLmx<9moK;(yFSd3uZ-(K z=MIXpKnd$K)poqJP0y0H@Vt|5l5gSI^*VAN`9rub`C@IZACdWe#WaqWiYuKMZp_?~ zM*xv~Pr<=sP8DC)yi!J+1bWxp>MUmc77`kkLd$Di3ioeQpDB}EK{?}@q;~XZZqZ)P zX^~jCl4@Ux!A-L?eA9o664K@ppu8!dNCORGWljC4nz782$y#}XV#~1bzu1@$+nz(M z>pW9Ra6h89*E#KD$z#%`m#nOrDoH(W*zUB#c!0p~dPL)_(zh(#l`=iIK=+lD$4;iT zzdVR_&X!vX2{+u&3+&Et0MM0KVD&#xhVsC~N?@i~^r)!Mo=g2>pJctT00#Dg;P3MUeCIQi&5 zmc*;a<>`GB*_OmE;W&NYU?#a(*>EpVLJD?UTRv!}e*yl#1-PimVJ7DEPx zMPn1k7T3l0`!f48^APGI)M_KE#Kq+m<0&iJLVN5t?%3%Yk8IT~?EA~=8mXJ_>bEFV z^6sh#E`Rj6TUq|@7~-}zii_wnsPfp5L+wad9_Q9oiNIzM%J^iEmre>GU>q9*{x$%S2?0=C^B>ljuJ?1)3!-Xf#-?1UW z_|si&0+<7aR5j-iS_>oi}Tx7l2ovGL@~JR9avditTB^FEPgOK!jRW(gXR zrwzg~=~A89hu&vk4l}>ca-5u)xFJW~T3Sw2wDXw6I3^Z%dE}zF-gcm%z)mvG1w>}7aza9p0X?fVw7Vt)1@2=_;&x^neNo3`JEe_cc6qO^9LXgabB>bFgGllbHSL4 zeXiFJwZBg9*{FJ@wU8*6*L$ zmc%eEz|R+AHT5;_{57k~z?;30EG?Jv@J|x*`w8&+4!Crd@0}Qb4Lj3h`Wg4Pg$VJ) zl{xDfRM(;O#(qFLTpZxu^*vjzw_i!Qt#agIw~32fkROpj`JE9{^x6$L>Vtp z1P%Q)I|Krh3bL6Z{+tt0$-@m1sz8L?p7fCy34;Iir4|m;VFks1ybF!yf4tTIKmGFB zJvG0-xB&kzJ4knLy&CV*|2o9aOe#ZkGW%%`sWHO$zgYkXFW{G)hK5#5!*|>77jZjc zRQ}&6&G=tHbNC+;mHc0P@^PL2qB;3=(q(a^(HzFyjj--T!uWXnP*5Q27o^uShwgPE zbtlk1|5PR&1DBLp5Mf;ZDmnbDtoOD=e|swhjbL({|A0>PV+|B4Jl=TJD-(pb&NC5tRYME$<`HQ*13r2^1U>&{mMoBua?agli zJwG}CCs0*YWmD!imHz53b3)ca?m#~jDa@S)Uk_2jhf>1H!T86Jc z(we6me`=X^Yr66KdW0iPK#;&bvy{cV7ft`;tan!m0P^w0F~q;o$_tAEGS>+ zsxW99N2w>oY@-hRMBI4a8DH7)r)KLW2qx;Gku3)=6=;Q`oKEx2GG#>>fm4l&q z?-r!}wd%YE9M^1SXS=tz_xEi1;Xu-B1KLtuiIt<9j@R73Y_84;*Qm&x>dZGvn1=3! zpA3$(zl|URTIgk;AA?pe&%vIElkHauY{G5;MK=;avr#G$sISO`+Qu{jL^N{wU>te6 z#sOH`4i4utUptheKMd6PwB09g^z^$|kKvN+-t-b2sR-jp|42)B~AN`93~cGz34@O1%UL|jddK|RS4mXO>T-mRr@V9JyhuC zYUD*24!a;G#BGYqt6tEyo^6p?Qm!K_u4U=AP9=E^G-f4z=>aZgB!Zp|ZZH&igUd_X zJ1yrVdZVzT=ehKNivLa`)h-;OQ>BM-6thb;VDfpVKk=#1jku-&-0F$L1}>!?2LWPMq$?COl+BdyNh zAG+>TaF*=6r}k+UX^Xx45d!BH1(HwPN8N@1qbcx8dOGH};9YRA;VrO28!cjuVxF8T zo*D&9=j#ZR1r~txukdc2a~ z#?dDnsZ(a~4Zf$A;|DIU^10cGN766ryHjhonrhqW+$ITVsGNO{&q1qiP^>Hhrf~EX zQ4CDElY}rDb#mdCc(EKp)$fdIg!_T;V8o^fyX@j0zeB8zgCeBu@IO$}w55m)UIt`p0DkDr!zJZz_>w>35pe6P! zYt?A8;{JKJecsuQkbh;~IfIpVmdPuOBeRBxrAf3vfJWkF(F=P)al%sj$%#Y4(XfC| z51-lu&rDl3Qyu7)BEc{;2_&5Mlg&VScS}sTvv_=P!{Co(}?NG&$z?=qX@XPc~(8hxtb+ zpxjY~-g;b@74ReuNJ=q>F}@AH6vGE$F9cGLzgG9fkN~|Jfite}cd%SAs$E+f?g@T( zcexH>Ks@gS7KgUxDTHYkdyTj`%$q&)3}Jmd>!5b|07rCj`xjc8e%Q zS12)kzf5;1LF;YP2G5D%7iVv=<#Uu9GA+6T;GLd4nG^_4-zg061Qe?uPG|*V-<)-B+jWJ z#KB)*2p6tS7kW7D+q~EVVtafn5C~0%=6hRPB+-~d4IyVoKh)#Vi`CpsCLMJmiqhdA#i%{2n9x z$#01NyervM9z+gI{7=QOl1%SYhrArm?8WrEGzs2b)!5hDp|i=?cI{MV;g|5U#v`A{ zTO7)zkY#5kS7Tp1Q;Xl0v}5QP8PVh||LSu6(V8$;XDCc4VC3*yRjjl%MuPzGF@RjjcVB*GSb(THr=Gs;qxjJ7@7WL=@k--reaYkQ3o)mB z_Gx4)XY1jV75MmcEgGs}pWa%L)af>}K0@=Qgk3F^=8kgPORbp@n=|aC6~fZt^jF2C zcjY0>_&$pUy*`!hLwcI{&z)#cAl;I!cXX`&T{Jf>IG5#E5%WHe7Z;GMJ zr1(s+y}^o4OKOd|*|e1QB9aO@2Pb|2Hw%s3HxXSZl04i9X*ulLc8^5=d9wpsnJKH? zPQ2NK>+-Fz%w~a|szuCNS@FEH#rFIv4!YtX;IPR_v3;W(hV3f)p<0~HlYmecaRnR9 z4-&>V0j$0iE9AhcmH-4V?_O9BiHlu5`!O|OE+5^Zu1u>}U=P#QclzayMz7`eFnn*? zrU_C+VG?U~;f#9=vPw!%nO~}(Ugu~ToG!fjTwrIQy);7+znoJ@o2UDxTRJEKawH|d zxIAXl8W zO?P*r$4YtOs7Ve^-}y5R#y2LAK=2D51k#gC!4YkHhMjyFtWm-4E8SMGv;x%l>cPt) zKS1ad6>}-@ckK}ljhq-kB$I5VN2NQU2P9TYGgmFj`23t z>hSlc5s_fSacKC;LHLHB@pZr3{i{&j#O}$q*nGyjhMiPW$TOC?$k`XEbuWZjH3nxs zn5--O;R^7Tta_&{;gn@|aA^3}hboq-D6e+KW@}{qY-(_QsR$TCi`=IDH4R^-(Oi4- zc(JHdzdQFB&VX}H|+I^9psm&gJijh&|#`*&3bb0?^rzCMy-u(q`X$HDzqu9DtIV%})(%LZmUj!;%) zvzGo{lkPfpJR(4!E7M+p-IY%}BxGLoe7D(*r9z(PCin)oxssu7VYu1UX>;T)Rwpre z2{Co5EC3P2Hg`n-Xxxvr<#>#Fqa&|nfs*QW&-&wFiYD$BKx~-Irxh^u`nlQ=h1KH` zd}y#R2RmUE5yj0G2a!j(FJMkR;K~6UKSlLX;m%;fPM#}&)xc2Gn}96H0T`fuDh`#u z#3}S|kBIF_KC=A`6d#9_i`^W7S(e#QW>ObqT}=XMvLaPU^2t-oK4JD^TalL<}*G}V)4NZiY^KuIt4Qp8jO@ z;N0K9Wqq_k7nQ_6l`%dB5-u@A>Z5~lp9m3$wDpqgt0RBy0*!9q+b^*v{PA>R`JR4K z!_?KB24|Q!Wod+qS1CCma}bcaO@|qu7u91b?GlgrFY6!kucBg}!6Y6y7_ZCc`l}_9 zf{Jw+1ReQpnPq})NFk?6At|{tmqlZbC7eiq01%b=&ntRzJrwG8MMLzSs$J(4IMc#I z>Z@O`E0Ht6{5}P<<&KPKB8vS(>Xd}4r;D~0YJmM9_CDpfwEOZTAzfvgZJHci#ohN0 zFVMx1P-SFzY(4jNF9P%-;FrX7#S%Yh2oL{Mn`Dq=y=03sj$8TVb0UWy3Kf?_5drv) z+emnuX=|%%PBfu9HxDac)KJsERMe z6t!c%Yv%m8A%NPqek4a)F~9<7-h!(~1v5waRkrsaG=|>i4Cc*N?JccP8DtV z3zgAxDSBpy{B>N*Rbkn##TLn)L%}d8UE-;h4@ak>xI;L{CBUN~X7eebcmuY0j^YqE z{Cyp?+z{!N-dQQk-!UK9@epR%;&-UdQH+#NAEebMusF^;nXEDweb??4Y{m+sl6Tnv zF{&eu^BjoZ#+LV_UBzUo)4*ij2SPCu@FCu1P_y!+hL*~7#SJ(oS?^h=I zDpx;Q0UaL^P`ljZyMSMQ+3L}}?Q+&-k<^&r`|KJvO2pOI>d}?-rxZ&|`P#fzR?DO> zB85x;TgP3SQ&;Ier=ywzdnQv3A_R185YJxd+wEt3?e85iZPwL{0DUHl%u5bBXh(Kd zw!eSG?MSQs!xa&P{Q5$0yn8nR9?Uxb_uV5vZUDTwso+;V%GzS1JgHV8p|J%wrJ-kFlktdB`J=pz{N?SA>Hc7t5;dh}D zVhtkYH!|e0yB~$Y8+*Y@tJ>&%T-N)-I*K}l?l`7eBKfsw0I134h(fr$mOK;hu+^PH z)^j2HttQ2QK)v@f)M85zpT(?-k!t0}%Z139jU%~Un2q;;0x&_ZD({bF(q^09orDrp z_H4sprq7g(0&0~GeJ(ESgsk^Fek_cad5Ba5n*!p*YqS}U2E){k_m3KpWGOigox~?F zu~{ssbf2uV(L;PmWD6DKVl0FCY2&31V;@@b~ zRSlIPB`s|MAYW(DP^3f?(M!z|2geus-FqF@ajP@EI^H!elb2N~BdUvT0A6pIgP7Qc zbq=~Yn{R?xti|dz1>vtvcL@TC%rn54Pd22U-bmMz-<`eR0lCrs6ePX-#;Enlv%xam)nVwBK>0?xTU0x zc$a`bw}`vr(j6d`H@*2q;1db@#`{8>vm~tSNtWkbMzC;Eos=PA3a1wkb-i!bu4izN zF_x7|Gv99s&wL(+rB(yi4B`*lZ=~vb`X2DMfYtr|>`HWPx8+tzypG%KpDWX9MAA8H z9@>DHCUwOr5{`Lv>KW)ITLOCIDZ}#aqlLGVq{N7psJ6rdCE9}}rfBu>=RNaCOr08O zJNWniT6Xq%J(5jzhy7seR6aOk#27n)Tw;AWt`&htOE!97cWC3ia@stm-vc`SktxNK zv&d}``q|Ez3Ru@tZ+eH0kzE6Hwu|Hzu;Ec7tpgPBxNYN7&U5|ci&^sjJj3i?XiEW| z5<2L78&p!?s{o`j!Z`-MXG3&AxGzXUIYkL(EB-9ebqVOC4nFNhU~L{sp|ImX>GU7 z(a!r^hsx`LvaM@HMA4c%=iEyFoPW8CTeg^8=STws)zJd%3np9&Yd5l`s{sqJxmK)T zs4Nc_r6~s{?XFzUlMZYPI{43%k;A683A)e?G4Pe_zUIkawg9%M(%sb_PNNPVU6Z<< zmzS4I49j%09e_wAw(531)qQP#aHN1TS+ID{kdCaf>#}VUg9^LxKUaZ*Bwo4ACQvEc zX4cwE(17OtgN!S4n_pQGaJ+oG!8ni5N5~84DKu;NZgaDke3fU`mGf2SiNTV=e>g<3 zZtT3JkmtYA1kHD8O&*kvKTY1i5>;xr0^80cfmhBf0f_BQ5o2IXA|qJ9c&gME4wCzy z2g$yVwsd1cSRUL@!^>Ehnu-*Vamo!X0Uq#~%8e1DEVXNR z8^64gJ=w>lTt7ulps%9nv-X3AjAn~E-M<;xPD+|{ramCIYGRADvbUb+4P`}XX{I-_ zx?a>*iU~B+3*_|tKid1!xTdZx-dOI%4j^qUvp}s=6#)@J#)Q^Z#3=&6_hDhpiBZP1ev4NkjkhbfPfGULYQNiArRg=VG!E;^L>0D-sNXMoSvLL ztiATyYuf*HsAbb9ou8VYy+3g9ID6y2wSW1NXzHn57Lj1}%Yz#eD5bD-pILujAr-%_ z^rL_MnXHKBRg{koC#UqM%#bfB_T3^I=c>{SJLiW#x%Tl5^6->;_8Cb+>{fH}Kk2!K zDbu{}9$ZLIs*i(BXbQh;$9xF-a`J~F>v9$*sf{?2wQv#^VmMog| zS}3mVb_Bi74RB|y)HqFHb`FL`eZmNBM+yP%t^oGP(TqmT@bH}7=xfvNT%Cx0T&(c@=J%cHs-sXf$2j{rg)hOq}c| z4SDs6y!b=0ry5rF4lLfNOKQuP%}u5rNDd*$$n5Owoq3Q!+62mn*Rczd(z`0VN}jml z5ZEP_V$ZjE)_HbT!B-xKORGD^o{CN1{ccNaHLr;ev%7HWm;`NP7V;))@S20UVeNA> zV^}7i0L*eC?;VH7ZrzEKBuK}G*|~s(NH2W)k3q?*WF_l+|Gw`FqtNNM29!MD>|}`W zdvuoRlHk5uKOCl=U34u;0)z|?*Vor)(`Yoa7%w6bi?}~;*Iup;xzhL(z`|rOv9S$D z-^n2{SJNc3TL8w$qD^54>X;m&Ky4cA)KjvYCKN3%3Y{5^V0J=9?Vd0jn+tcrUd#OE zg5-^n5V%EVMQRu#4^s={AkKCpM&&{gm|Ag8IHr)%=mghSeIdRvI*&jC4GR(z5^AP! z;47TrnMH5Po)tks@Hq1HW3@Prb8iAMf2T>6^%k?}-JN_uS2|`CFtS@^3%YhlAZSD~ zv<(a+F)``|75AG4)%4s?2ZNp+VjO#IX`3$Zyv6lX%3>(8?t3>uwO4EH-v;!_!Ek)m z#t<=+c11rO&o_8ux||D8&m+NcUNcpD&=V$+DM15hg@7`RgJ)H6QxNE?Dd>SzPtARn zArN3G-;@Of*?l@y`JmHjRz8S!>AnwDe$mpZ#wEQxG+g?%h`EBfG}0AN5i>1A+nVk5 zPYw@~By4VYBO4zTr4z%jEkSOUj85+qdHK&gEipN0DHsDMeQRjfV19YNFIC|O7raES zo@M0Ozhpt_uN)ob(-+7yJe5mMQ2S-75O^@6u!OPg+YYMZZq3A7mAymy5N1)QXHGJ` zD82XcB?*X2gJC)Z(L8eiq}%04@C6i-eyB9Ei-U&LF$*eI*eZ_?v9ApFGxQrc)n5$9 zvQ?67{yhGRc&B=iF*nM$EhLirc^aV1X?E)Q51pou$FeW|bL$yP(DV~+XoVz%^1>%) zG>BkM_fVNxdCuB5YdopoTWjXIW2$N*!fb7r^(P%fI!4t{2fev}a)`!!k!wwpBnT9x zRSb*9#|lDw)ZJhMCaWqRpebB-iScrC%Puid&SHG3p*&A3C@n3WdjTko8FOO_bQera z<2^fX|5Alo^VnIBj+Ku9e0Dc-v{sprOGnXo zFDdr#L%V-OBB+@i4X$vQ8P$?i@m{%BbL-X1IiRqe_O{ovgeZ`ZfJQ5qfc1Z8u24VC z!M{#c-Fli4mp*p=-SHxp_IckJCWhHvm(D?af)P|^Tjl-Rt)K_jVq%WlCpqr+Oav%^ z+q~U|mXSK)jBWd!@5;tk7zdC4)XziqfeKtS80j0o2?w$U6yEJ%x-wk!yQ`2eZVoxc zQJOshSNun9Tkdn~+`Y}85BVXESq-NOeG&vGts2QY%m)(xAz@gcP~?LfG)IC4Kew)& z<3V+wS_}@{@wa((MwXG?t_8Vi%AO^g5w<>tEXtEc@B=>|=Aq#ZJd4y#E7EE-9Yz$l zeU_12DbKdH*M&x6VmW2;iOmWfUMbA~?0{2n50| z>F3-iPjB}F)r(eC*J*z4DL1mr%EQ zj*C5^Cf4XyX)nazW`k4Z;@Nf4O`@Nv%>yF_-SOJxCYo1D0U?pq*b!54e`+J_PIowj z?uT}Ok-!2}2^;i5T39<=)IL>3g6mlQkWY|tybUgx*G^^YT1FyHxls@8zw9A_!4R?_ z2p%3_5_sg4uzNwhH8i0dTTc);6;7#aDG%&C9yNLP#eM)}8y%~r|929#O3=QJPFBh7 z9{YmSu=zl^uTsTDSxTep3xit%T&;nj7JY<-RN~z9D71IVtfU{2ZZkm2qxoIANHGkqZI$ z2N8{KH1&8IyRFBWfoa{<=u_QBzhC=P@dMDfM@fJw?V#F4lP}QqtZn#R57;E9Q2>FP z040Bhk1I_LRPE zUE_KSln^JaPhE>VV=zX$3&fhelE^%^;W@=@P1E`RQ*II6;(z+QSW*9m(*fn>l!^1ZxzZ@;Fu^O1L<*3m0@pCH9kFC`x*@0 zCa`hl{??Fl=#&EIo9ck8VjHZJeMo{97biz~wbEN`utO;CC$Wnq^`Jr)pxR(SZP-5y zu!p`ioye_a1ZB1oFlzhZp4Gp_?pIXSuBww!e7SC;>gjy#DxWC6YPZoLu~s2LW8psT zZs)_51oe5!UQlb&eA_#Fdwa(L%Va70)^}%>eH34zyS#e3LAxp>ivOiF;(d`~8zz6R zA^LL~G?_RNMwzSioA<{~iyfXPaE%z#p4wH;QGBJr{vkJHI!{gW8XA6=qa2SSK4LDI zJx(zRIn33%y7&dE`A3d=bwHHB(K(cNS_^+n>~)bO`01Uf4JWjnUP_()GG-{GdMJb$ zJfq4+%wWZ==6=iNwA!p-p{NP@ztSbM!sWpHnbbXqyG0V5+~PkmODHabo4xPp3_|4} zmqTaodpa-H1j3fGqu%#~60hsZV34P5bUQd>6ZE~$mVs%<0&Hc3PsM+GEC*lQ(!sO9 zSA9ncd{mZFtSZq&K_*fU7eSvkFAw1BEhFzgG#v(5)T7`m#U8k{L4$G+{nN8lU(gx; zu=lFe1w@V=5G*ijSs%N#xo;r1KyxABr!7(Jxot9weLXbI>p%?2ec(c{z-6`W1)G)q z@}>L5FU?Ps7rVEe7^54lA2?Kx8(kWl6uWGG?>rVadx8<)hnagV(*#B_>yB+93$m1V zHDtAPHIgR_Ss8T$8F6uO`yk%G4?v@e$n(M2kIY#H8k#YkY&P3+i!SBq5~J<0teyXU z7RfV(osrWu#m+wIh5%~4ef3BdSIqqSjuQf^HRD$~)0-Igd2G5*7XW-U0T4TT&ze?p z+rSM}i@S*n>bW8IeW1686OcrrWIvBbzx>;8f{e(3gM?Mf;Ku@Gw+0snajCJ3sv(fr z%Tj!S{EG1MY6AVu5)__7R`U>|c2ka5L4HSBut#2AUPkSue866WzyL2vihcI$Pw_X5 zfONJL+XaB$N{5Jvp8+>g=m8;0#Mc~qAT|m_&=L(5PD{`rapMMks~F%VGzrojuE*#g z3kNE)CZ7URAD!<$aeJ7rmR1BM|4N(Ur@iTrsGAOzly)L&9UlX|CE(^B?Du?Gl2hOU zsY?A&F7hyLrp9L1h+4dHvVo6lJb#Wk2N>g=uys{T0GX&Fd-pla?7;Bl3i*xOo%en#!wpRy$a z8(fTuYy)>piW6kf7eQ(YtAq%#5`=YnIv`8IDflJuwvE!0i-AY{g*n~&t>RQ%Hsi7;zOG%Jt=>}P#vT2n=Qs)GXNC}00cOn=j zyDE#LnU}E_4#!Gb3piSi($@hy=*D5KLI%6_JE=@V(W@#AgGmto&<*PN9uYaIo-KkRS;7d)js>-v*!4I?I(i+QC{F0 zGY9;34G!=1CAE>CQxV8HmLjWN9-lTi-3Ae;vT?LwmzFBElLu=4gEzlz#arqu%ZJnj z8TNf{6fQ_BUeP%Rl8o*)X(KVvQ4&|`hvpnVDkSUQn;S#wt(oyR^G%Ty_#PpnFF#kS zvxC|^3>SH=z^1K>40EC-Bqpji{O%8!8#z;vI*(kYB9A9-&DO4VLr}KcD?=VE%R-by zNNSvHe0!9j4Wf6f12QJpJxgAPM_jcI0shMibayydINzgbB-edsXg5)XX*aBfK+E~g zO$*Sz!+IMRO^U>AetaMMFf8WrwUS|B07+i_^M%Wp=6Z|!w$&!!CL6d@ohSq zp_2pw;jbX48(+ECGP0KFI;ChFcrF-9c9bI$EFoUC-pG zvpo{DJ0NL5C9`OxOWI`9*}o1;yYAQ=Mq&-Al*`HGy=?~g!ra9 z9m_~wy^mrO0m)-gm1ZM}b;MLX2r$A4y=q#i-s=g^p@`>kQS3ZqspXe=EQsc1@n1(` zZ4P?3JsaX7yjkze%rL=)3K;u98YDQ=rh|-+fum*^XC_q*>91;U7Z;MG&gpK8#aw2G9ynYm(8V zvQVnRqh!Pdl0M1!x_sXD;QCqp`sIxb=SuAcHFOdg3Rd4Zc;@?HxZz%lE9L-JzGKP{ z8k&&+dGVB`udeLFpiiZXJ;nAOPj28-7p$N;DKn%_4D`MDbb=I_yZi39XEizzn`4-M+@?t`}8ZgoQ?~l}KWkxBUtXhC* zq{EohkJ{hm`b*w|UQbn0HtmqaX{+Y?)djlyZ!gyW#EwZ`5OU(FJ2ZE;H~*!1@Jt)2 zd-S&Ui^0>Oa!?%Z5S&Q+VJUicHB8P-6i_NRSA&|gbTCK~94C>qc5v0$Nd0xz-4BB2 znTW`TRDnOXhT{OL-i$GS*1h@VONX%+aL;{kpM^3ME~ytXeTpg4;1oYP*jk`P3IxB; zVdP>jBWp+;G>ifSqjK&-R{v$7M!L?{RRdcJ2 z@y(%-{dmIO-ag;C+LqZKQ&AT3648v{AYcIwTW$R4(DWSOb@E3Q5I=Z7Sw&4betTX^ zn8bP(QV7xSMGKpK9ZLE*j@{1$2Wp+}*UA8Jo*!mc!5?B}BZ}nG8NUa@uqtNu-ZPEh zx=n{mA3ER=OmAsv`IA`+{@ohq0^34YS@Im>)vCFn-UP==JY)^U3ca;`BOi4FkU0x7 zcChhZU7_{_al8$l2l8nL-4N|}NlgVk%~)QdU=sgL2c1Iq5^OWyyDXyN)lekX*|oa} zJi$UqTumv{!W#h_s`w_6Z$pPh7C z`)xofGXD*m^j~#^tog*K{13qM+z#22uJs8wkSkaa`t43!`yvTrdOUGE-K+m zwEMs6$ZNk_MG{cjSDsLaWwN4ozfYT9`|iK!*6-B*wR-pa)c&>a-Z!PS@74~+v{Hs0 z`XS1+a^+as1FMYuC;odyUr*5d0PG6~?#89%TeQcP*ZX}>VheU<+28lHcCp^~Bwoms zC3xSHczND2=Klt|!qjW&`#u`3eYeE$y;?y_tgx0@*FK5abCp;STjERKtz`xAa8^!~ zwQRliNzBMA47GL|YoEjeUy+q-H^7#6_` zFw6MUo`q?cCM$_@DTm@YenGSC^w7MmA_KDA0|tp(CAb;rzUjak33gpX?4V?1TF+_D z*YZ8FoGMCS(0^J^dPnJ7Z_+1dM*1nIlI{<7?+fTp^6ebgCg~l{-Ik)0V&rsTjl)3tx5>Gn0K2!<75fHSIVQZv zMbTW{C&bIGK>OuxVfW8^7u=y3T%r0j1*!ev_eH@@r^HpwND>C{9-IdnM}?0c_p>e^ z_1kYz`-B+Ts!(9HYN8Ul6Bn#K$wu?OqGJR8H(QQZv;@|#I-L}6LHuzv$c3aqV`7q8aX1Z`q7$Mi*Np9c{-t8NS z91BiJAp5*Bysu=0TwnYC?y#^p<0Bt0)w|tAM=F?s1#4#4ze$($^sxjvDem&ruC*P1 zQ&2T_xXkzL$;VP`Ze?{y+?sYtFB&9_nx+l*>(&8P_y%2TsWOlzSD{_-y4vklAb(AV z*)p>~wldx7iuk%irW#!#p^_`FiFX_gP$+3b^Y6Yng+c-4;}gq$EgnY$Q5Dyc)XAMG zQt2=2cUB^&%2B@wm0M|J@w;GhkB>A$PW-oU+3GdUH{9Qqm^Ield71P44a;!_*Bjxl~wD|E9XWK_ta0fIJ@my$~^ zegaTmnNX+XcLWv|ePm_JDrEJ$2NM|l**8aiycDA{GVai=T7G*Z+V*JZ_SjiG;K3fk z&2i<8uCNRd<+z!Nne9vK5zcjT=98}`tjGu{wy$32B%}&lg4k5jw^-a^ zOOA9WV;a|hyw~en2Axvk;{z=j!PTV!Og$AtKWmBD+o~#=Er0ub*NexIY6BBL*wo@X z7KGT@v`dFE9e%HxMjJtwx~7>J*cOCw4d51DWm5+9cSlnA!(j<)Xn86X_#o0r#ZP*n z8FOmWLg@pl#(d}q%Rm-G9aD=*ZguYcjCv(K3{1t%gK&x3dN#-giM#jwZ6Gymh*T|z zE)$U^`0CM^p#=xW*%{eu;c?ZQZOdgw3=5cbThPkp5@20*7mbADzYhh1SU`cVw~uPy z>8D3&Wv-*Y!f;d!ywgL6;u`ICd3IEJ*)x17yf827gO$+?jIss40JCa*_ zD)su5Fg!C^Ci%ywMG+nNO5-%{q`dWlFv!5w2?)B^Qs>0ARZ=C`(m}Pbzrky~J(bwG zgV>=`p4W6wD>2ZPvCTk6%_!6<`j(Ax{8kB?aefK+V+v|@hd60AS3l1qug95Q?&sVr zB#rhnWeZ+Y8p}jUs^AWWzARVuWmh15x6jVYk?S)Xdr3VyWPJK6yP~`l>IKGFz2w)| zd!;lv%T+$f*#QL4V`UAV|Xn(M?s5RGA4Eo0<5SWfGmq(tEa^P$k7LwU-xh?_6@AOgBZ!GLt3-()v^I zBl&LC*qBo<7cRsd<-NK2Jp*Q}9ma?K=@k4d^lA%tU)DEpz<&+wGvt z=R&3#ml}fq@&h7_3O1;iTp!d1p^&d|MXGcxkwmWhom(g{`e2?ZA!BT*{S|QTmF`pJ zcX;8_%Avgq%N7%RCJ_4CuzR*!2d~Rb*fYhHW!hKFUUY~Fahb1`jR_gLVI~~EX(Fae z9|qF=Y_zu`LG1z=c2v`fO5BGzpeI2ye48m_Lv8*Q*kEv1^b|%-;p(6_M>x?J!5n@; zPdgUVwo%YFtr8}3hO4)-&i5NhBR>82n5tN$1jUW8gm<$<%@ea+Q?1uesJ zQ97sFIdg^G(qe~h8IhpM1_8$7=$> z-o%hp*QD^}^)Ovf&V|s!Wn|m>3OsP?Lsz#osYmPZFyxbc0yrV_1LycQXwDA6APo@ChE~3#gZg14m z8lOIXl5Q_BoD>Beqi!nP!Ph`n%ZSFW#Gg?h#W54y$Oev3{-FO8-1N7%v7sYyKgJP&&9<#-WSoOEqB6s~h}mx; z%$?pnXMsAi?0I=cHv`|f-y0B9y8q?ndUtr4-cuO2&$WF@iJT-p5y?B=89#lT12iYa zEbv}G$Es3D{*PtYT%EV&sE2KD$$%(qFbOnA?^YEPJxd%GGrxhhy_ zqx@}!4W$=Uf+c|TF`7nb?a8RTj6w?E^zl0^Qc$GbGm5c zyhU7rI2W@K2`hxL zT?*6^9eFo4sTY!yr-wf{P$UZ2PV?&Yv7*D^hylI(!0WI?%mc;M3b~H2utOreAV;1R zptk8&m4Ang@J3+0pnYEPgB4O)E~LROmYi%6di?=f-pGESW}YBnzHQygPo6DE5~Z~* zjYzZmhTYpblgRVj1N|(VUi0uC4JZ4G>cBiv9ZKJ3j`77}=X>mOWA3&8JKSZS6RS%( zv@o9N4a#$5>lX#})Xz}7cEIsky54rC$a=jq?USe)$?#( zKQDMnm43JCukD?sT5^Comrd@vd(M1WPaeKEUU|ukI`)H|G2S?!LXsl)Ziz!%-a5kq zt|Kt3;)?p}@hpuoazfQiEmr7$U5**e`;`~L8(+mT&oJRc-r1}cz9b>jBKh~!3F@6= z$13ja=`4FoZF(yVPoDT%BlLtv&dQJ*VP5)E&QYD#t-u`SDG~y`kad(B@J}vYFr$AAi^0H^|S9wc1d@}16g36#OnrhhHAcFL3;hp|&v$({d*{T-g4H~2AXU(M~Mm@a!0 zt0$u61cN~Rj&OYMw>qg3D+4rT>)FU7oiUDYPSD5Bc_1Hloj6FeKS0a7*Z$zPUHXRSQEyPDo|#P_Eet@gNO?GYg94f7$Q0CuTe3$?2nP2`7DaXl; literal 0 HcmV?d00001 diff --git a/website/docs/user-group-role/access-control/index.mdx b/website/docs/user-group-role/access-control/index.mdx new file mode 100644 index 000000000..720a49424 --- /dev/null +++ b/website/docs/user-group-role/access-control/index.mdx @@ -0,0 +1,16 @@ +--- +title: About access control +--- + +import DocCardList from "@theme/DocCardList"; +import { useCurrentSidebarCategory } from "@docusaurus/theme-common"; + +To comply with important regulations such as PCI-DSS, HIPAA, SOC 2, and GDPR, it's necessary to have the ability to control which users have access to specific areas of the system, what [permissions](./permissions.md) they have globally and on certain objects, and a way to monitor [events](../../events) related to user activity. + +In authentik, we provide role-based access control (RBAC), an industry standard for managing access control. By carefully designing roles with appropriate permissions, and then assigning those roles to groups, RBAC provides a fine-tuned approach to controlling user access. + +RBAC is a way of ensuring the well-known [principal of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege) whereby "every module (such as a process, a user, or a program, depending on the subject) must be able to access only the information and resources that are necessary for its legitimate purpose." + +To learn more about access control with authentik, refer to these topics: + + diff --git a/website/docs/user-group-role/access-control/manage_permissions.md b/website/docs/user-group-role/access-control/manage_permissions.md new file mode 100644 index 000000000..c4a924c38 --- /dev/null +++ b/website/docs/user-group-role/access-control/manage_permissions.md @@ -0,0 +1,118 @@ +--- +title: "Manage permissions" +description: "Learn how to use global and object permissions in authentik." +--- + +Refer to the following topics for instructions to view and manage permissions. + +## View permissions + +You can view all permissions that are assigned to a user, group, role, flow, or stage. + +### View user, group, and role permissions + +To view _object_ permissions for a specific user, role, or group: + +1. Go to the Admin interface and navigate to **Directory**. +2. Select either **Users**, **Groups**, or **Roles** +3. Select a specific user/group/role by clicking on the name (this opens the details page). +4. Click the **Assigned Permissions** tab at the top of the page (to the right of the **Permissions** tab). +5. Scroll down to see both the global and object-level permissions. + +:::info +Note that groups do not have global permissions. +::: + +### View flow permissions + +1. Go to the Admin interface and navigate to **Flows and Stages -> Flows**. +2. Click the name of the flow (this opens the details page). +3. Click the **Permissions** tab at the top of the page. +4. View the assigned permissions using the **User Object Permissions** and the **Role Object Permissions** tabs. + +### View stage permissions + +1. Go to the Admin interface and navigate to **Flows and Stages -> Stagess**. +2. On the row for the specific stage whose permissions you want to view, click the lock icon. +3. On the **Update Permissions** tab, you can view the assigned permissions using the **User Object Permissions** and the **Role Object Permissions** tabs. + +## Manage permissions + +You can assign or remove permissions to a user, role, group, flow, or stage. + +### Assign, modify, or remove permissions for a user + +To assign or remove _object_ permissions for a specific user: + +1. Go to the Admin interface and navigate to **Directory -> Users**. +2. Select a specific user by clicking on the user's name. +3. Click the **Permissions** tab at the top of the page. +4. To assign or remove permissions that another _user_ has on this specific user: + 1. Click the **User Object Permissions** tab, click **Assign to new user**. + 2. In the **User** drop-down, select the user object. + 3. Use the toggles to set which permissions on that selected user object you want to grant to (or remove from) the specific user. + 4. Click **Assign** to save your settings and close the modal. +5. To assign or remove permissions that another _role_ has on this specific user: + Click the **Role Object Permissions** tab, click **Assign to new role**. 2. In the **User** drop-down, select the user object. 3. Use the toggles to set which permissions you want to grant to (or remove from) the selected role. 4. Click **Assign** to save your settings and close the modal. + +To assign or remove _global_ permissions for a user: + +1. Go to the Admin interface and navigate to **Directory -> Users**. +2. Select a specific user the clicking on the user's name. +3. Click the **Assigned Permissions** tab at the top of the page (to the right of the **Permissions** tab). +4. In the **Assigned Global Permissions** area, click **Assign Permission**. +5. In the **Assign permissions to user** modal, click the plus sign (**+**) and then click the checkbox beside each permission that you want to assign to the user. To remove permissions, deselect the checkbox. +6. Click **Add**, and then click **Assign** to save your changes and close the modal. + +### Assign or remove permissions on a specific group + +:::info +Note that groups themselves do not have permissions. Rather, users and roles have permissions assigned that allow them to create, modify, delete, etc., a group. +Also there are no global permissions for groups. +::: + +To assign or remove _object_ permissions on a specific group by users and roles: + +1. Go to the Admin interface and navigate to **Directory -> Groups**. +2. Select a specific group by clicking the the group's name. +3. Click the **Permissions** tab at the top of the page. + To assign or remove permissions that another _user_ has on this specific group: + 1. Click the **User Object Permissions** tab, click **Assign to new user**. + 2. In the **User** drop-down, select the user object. + 3. Use the toggles to set which permissions on that selected group you want to grant to (or remove from) the specific user. + 4. Click **Assign** to save your settings and close the modal. +4. To assign or remove permissions that another _role_ has on this specific group: + Click the **Role Object Permissions** tab, click **Assign to new role**. 2. In the **Role** drop-down, select the role. 3. Use the toggles to set which permissions you want to grant to (or remove from ) the selected role. 4. Click **Assign** to save your settings and close the modal. + +### Assign or remove permissions for a specific role + +To assign or remove _object_ permissions for a specific role: + +1. Go to the Admin interface and navigate to **Directory -> Roles**. +2. Select a specific role the clicking on the role's name. +3. Click the **Permissions** tab at the top of the page. + To assign or remove permissions that another _user_ has on this specific role: 1. Click the **User Object Permissions** tab, click **Assign to new user**. 2. In the **User** drop-down, select the user object. 3. Use the toggles to set which permissions on that role you want to grant to (or remove from) the selected user. 4. Click **Assign** to save your settings and close the modal. +4. To assign or remove permissions that another _role_ has on this specific group: + Click the **Role Object Permissions** tab, click **Assign to new role**. 2. In the **Role** drop-down, select the role. 3. Use the toggles to set which permissions you want to grant to (or remove from) the selected role. 4. Click **Assign** to save your settings and close the modal. + +To assign or remove _global_ permissions for a role: + +1. Go to the Admin interface and navigate to **Directory -> Roles**. +2. Select a specific role by clicking on the role's name. +3. The **Overview** tab at the top of the page displays all assigned global permissions for the role. +4. In the **Assigned Global Permissions** area, click **Assign Permission**. +5. In the **Assign permissions to role** modal, click the plus sign (**+**) and then click the checkbox beside each permission that you want to assign to the role. To remove permissions, deselect the checkbox. +6. Click **Assign** to save your changes and close the modal. + +### Assign or remove flow permissions + +1. Go to the Admin interface and navigate to **Flows and Stages -> Flows**. +2. Click the name of the flow (this opens the details page). +3. Click the **Permissions** tab at the top of the page. +4. Add or remove permissions using the **User Object Permissions** and the **Role Object Permissions** tabs. + +### Assign or remove stage permissions + +1. Go to the Admin interface and navigate to **Flows and Stages -> Stagess**. +2. On the row for the specific stage that you want to manage permissions, click the lock icon. +3. On the **Update Permissions** tab, you can add or remove the assigned permissions using the **User Object Permissions** and the **Role Object Permissions** tabs. diff --git a/website/docs/user-group-role/access-control/permissions.md b/website/docs/user-group-role/access-control/permissions.md new file mode 100644 index 000000000..57c0f7ae8 --- /dev/null +++ b/website/docs/user-group-role/access-control/permissions.md @@ -0,0 +1,44 @@ +--- +title: "About permissions" +description: "Learn about global and object permissions in authentik." +--- + +Permissions are the central components in all access control systems, the lowest-level components, the controlling pieces of access data. Permissions are assigned to (or removed from!) to define exactly WHO can do WHAT to WHICH part of the overall software system. + +:::info +Note that global and object permissions only apply to objects within authentik, and not to who can access certain applications (which are access-controlled using [policies](../../policies/index.md). +::: + +## Fundamentals of authentik permissions + +There are two main types of permissions in authentik: + +- [**Global permissions**](#global-permissions) +- [**Object permissions**](#object-permissions) + +### Global permissions + +Global permissions define who can do what on a global level across the entire system. Some examples in authentik are the ability to add new [flows](../../flow/index.md) or to create a URL for users to recover their login credentials. + +You can assign _global permissions_ to individual [users](../user/index.mdx) or to [roles](../roles/index.mdx). The most common and best practice is to assign permissions to roles. + +### Object permissions + +Object permissions have two categories: + +- **_User_ object permissions**: defines WHO (which user) can change the **_object_** +- **_Role_ object permissions**: defines which ROLE can change the **_object_** + +Object permissions are assigned, as the name indicates, to an object (users, [groups](../groups/index.mdx), roles, flows, and stages), and the assigned permissions state exactly what a user or role can do TO the object (i.e. what permissions does the user or role have on that object). + +When working with object permissions, it is important to understand that when you are viewing the page for an object the permissions table shows which users or roles have permissions ON that object. Those permissions describe what those users or roles can do TO the object detailed on the page. + +For example, the UI below shows a user page for the user named Peter. + +![](./user-page.png) + +You can see in the **User Object Permissions** table that another user, roberto, has permissions on Peter (that is, on the user object Peter). + +Looking at another example, with a flow object called `default-recovery-flow` you can see that the Admin user (akadmin) has all object permissions on the flow, but roberto only has a few permissions on that flow. + +![](./flow-page.png) diff --git a/website/docs/user-group-role/access-control/user-page.png b/website/docs/user-group-role/access-control/user-page.png new file mode 100644 index 0000000000000000000000000000000000000000..904062b974bd1ea575ebd66a95eaeb201ec96b6d GIT binary patch literal 121630 zcmeFZcU+TcyDsW{elRl>8I`WWSU@QOCGj>?fe#T5HbU-`@NDbIu=2f1?u;-}iZ+=PuWM-PfHEnA#(H8g`m< z=g!e9KK@~A{mXMyBH+sZv8;dp^1m1TU(Vs*Z|&dS z{eQF5@?F8w-wfpcereHhMq(V>2S_G_1;Kh$?Y*_4K4 ze0wj|Mk`LW+uHaTg`(0 z_qLWuf>)(IKe?Ux$GguiQ1b2_ z@q&Wlw($BP;y{tXwB$cd-$x?3fg5KcsnIJ#nA^THe5O2wDFe>j*ayKEs?z@JB|dQa z%}GtEpgziTM4p-y9eZchfhoB#C>%ziX zqBz&8|8{>o-B^u>dO32S!qJq(bavzK*05)>cR<3YS7Bj%-A(701x#ua ztR)}^!=(CwPoytRA(tn!qGS9bZRX5`kd)76?tj4nT2z`qWWX$TyF*-R>5Nv#kt6_~uLJi3vYnCZ#Tw~m_~?F%8H~h&m~LU)q#;TUVyjji-6s7p7osor}h>2#Y-;bxR+R4 zl4V*1!f3NH+wy9_@!|f{-fYFm{JgaG!;|wrUdYZwGDlpK5?xA27IPHv4v)F5{u*M4 zd&$J7`|=eni{G(In^Ad{FwzD44(_>35M&_pEW&_X9L_U1PLaTK1VfasC6TU8cvtoF* z`mG$nSGL7f+*`{-&~OeJNob+=Bk46^W};e(_*Oq*jk9G`07Posjv#Q-ERq%6SVqy9A`FJ1bZvMOjUwEK1eaA82r;uNcpGa zofQSsM$bt5)~elcAE;bdbA_;A4h1uv11E0ZVdJq4Q_<4Ad~rc~-*aT`Xx;(RmIyxm zK)$>u@i_3AOp7aM!*Yz?{shZCVzLZq6}dyaM61A)q2mV79t z2j3T?1@l>as!%R1d(!Q8-S@cae(*b8#xST5)6EYzR1}+)-TjmZ9iqE;vm#Gqsfe!tPrlXG|{ z!{QkeFTksjFY> z>BK7OYMmfrtIJD+sER{|ld@K9T_9A$t|wDoU1>5>oylT?DrwRZYeIQW+*p^nZjq>K zw6;#g`6+Ddr79DXGJ7S(+pWq8mBi;NzsjzvEc#%xduwl8ASIi+Gp$L1+qdyMy zT^h*?WGAZf%gbyNwI-KLPrS{bZVD5Jvto^bRJ4pl-aDw~XkDChUofYCg2yr?(kRAo zi>%%3wu`gf?=qTWQ`S?C<8PDjFCO|ZB^z~3O4nH)tyf|)`PU!kL&h7kX%Oqauj#ME zZ4LsQ%h}!^M|k2?T$bH^6_mEIV1;XG}0XXq~1I{2WvOdJY{olj+HjDs#{Q2 zd8j3XKy)F<#JkjhX#UO!7DgBY7dv#I6g=mUmsyCbc!eL(gByQES0&xbL~{53MTLFu zzpJ;wp#v=8O~==nWGbGYD<=GXEME&!VS8y2PP3)B60iA;;L!0_t8~A(#2h}o>%85_ z*uq<`^Pe&Tr`6MCWtMizSap@;(cu3lI}@QH6OBexSP)s68Leo1K-_9H_85z;&}S*p z8M$v#EM%AwZJ@=rI&514*&iy*Mly$4R>kf3&ZT-f=v^70i^!b!>|aN2lA| zL8&H-qQ`6>MqW)ElxVSF#iULjY%hgzOm|DIbxO8$r%HthptxjQ;2DAN=;7{5J3Ws$ zE&Pn}{znZUIr1fS@psqjMg+o*;zUMp1X;3O4@uH6Q7BZok=YPtSnZlW(RI2q*Nwp8 zvIn77IsBVLHDTNob8&qi2v=BRp%Ot=Rc4z(+HF+Rd^Z%Su$O2N05z6W{ubvrP-NE% zYp1jCS)XnV6A-f)nW%J{E^uckG=_yKPvgd{q}S|9A}~yG&dcU4;ceBvh~gYL9}jBG zeZ+nRw*(Sm8;RU<#nDbo?P^UzAbfOS&Ej-9j6`NU%2T&6I*_tAU^P4_d7Z9gv69?x zP*Tc$83yCaK;kGFnuKwjs88e)B^4WA0SOkqaZE|AP3?|OY$Ur5cV?IFAy2##o*v{Ze(*D9x0j>K6J(uzimLGI(?bR6X#(Rbpc zL7c9SvP)pI0+Xx^7>Vuvj@+78wO~O>A<&!sSt)T}Hr`=NpL_@`YQ(H=E zdp@rrtxn+OY|9E+%kDD9XLRan7Bsv3IRMuC8pB$aU1`=FS_+_Pin1*Z!l+A5QcD!# z>H!c#PM4f8(k+^YJoQUZs8D|2L3za~$fJuaWNmk9ev_wfXSVXMo=vh{gu`k84!JS~ zZ#L7!O$SVc+~(yVqbtVSC3gU@PTSr##M!k;Wa-|kc3p^O%bH0rZ;eDB)XDlCxbo5> z`iD)WClIE6_sm;v!C{6~&KCVq606^m7O40rzcpZ+{9%D`GJldzO>Y7Sa7_SkEWy>n zifcF8p98o}G%YlODsyRMCrY?j4wPASCcJe?77x0yy!M^*;fN7`Pi6@!FZ)g1LPwG*2CrNUkC_CFJzHONpo>y2;yybY5V%=>f zB9eP*BTdiPO$Q_`vC-!b9vERfQ-&f>0Q}_j=>&23ORYdG^TgDp7^g!@_AzLU+Qlyb z$XeWWkOUAD8bQK98HwJzt78rUpdczdz`z~kA;;1q?hGMG$Gk|f2MCP=k4|*N( zQr5q5^V}agYai)8xS6liic@ ziQNw}XnexSb1gC{MQ-dsWUc<~5kM;TD>R6BLF*VwJbiQrm9ygUMW z9!kCJj^WMe0inq`tr1k49eY2Ph9$n&#H~;DrYdrfQzTs8ujVaOx0<)xaV*^ttuth4Y(8_q7)Ld_Ay8nSq7cJtpdK!P_ z3MF_r_>9ltLXw;H7aqd~ad7*e{vO}z8!oo7l_cLq4#$sh*VJK`;GZ$4@O-kRi* zVx)k~dKC3~sRS z8)ddI*T^78Cs?ujBRu2TMoo~#ni&o-A#y=Iucov4$`Y!|^$Eez^x zT)!+y3GzIs{!)FdoqKb9GQ{e~I!i~f@L^u;;YN+EVgDTZU4xP)uonVP>`W5Pgw(dc z6qoZ+M=f=~_*}t>zrfCs4@vG7;ba2Oue7&b-U94>PYOA_HsKxcS142nVp1!vbxASH z(=MlzU14=7;rNUC@hu%HEQLTwk@6_MUTn%g%IIU_Bw8*$ZBSMc)tqKTj+n``8yWSS zj+jieO8eOnf8<_hanoGmPQ9bqzTk-aWp0&^)#<*Nn&wPx{sL71xS&~j{2wFOpxj$4 zBNbz|=8E>9j7zOYGB+nSZH(>eGhdZ*x105DS(3CLE`NSf**x<8^V&wy-~)6j1umLp8ChLgoXsCX_s+K&ol=^$Atb{FLWSW zi3aiXm?)sl#NcPoKj8>T$sgB#~8 z_1>C)ThOa1y3XqNXG!N`f1#F_qnN|!;9b(!^;S;x!$b2nzV3ur`v6J_=bfTY*MZfx z>bS36Jj2DnA+7&BuEMN&8t{RRd4edeqt2!rQQ8$jy?giKal1USVNPtl*^v^YOF3ux z|F`^|<)iG+8)?a+CkK;QJuFI~}v$ z%*1GwNBk(AvOVJBJ`AP>Q?C5UfD{d9>gJl;?|+it_P)f6DXrsHx1KyYbS+sZos6j0 zTRQrIZ)K(&&Y~n)zy`I<-l*?Rgyv-woAYaNxve@av>45lbAx({UtgNfUAF>c@|iKc zl#ms`nyF>GlALubx&f-6vNMm3JDG9|BizsMLmO4S&jiUXKGtue?KYqPg(;Qi016*rOMQC&b$dR>y4hSO>rn*Zc(H$J`g?~+edjH z!PQ;=u7xb=f4J8|77P%zLs`e=i+A+Dx9A8R2f3Ooq-+;ggRfMvPPvXAJZd)Q%Y(UX z_v=~36?TfbTk)eTa_`Bx^KY$9;ETu}Bx4V(VJI}c@|hhM6_(p6f1vW6okZ*5d{)%# z5sUoyV@pdAmT=6s>4o+g+EZhrwRW>RkkGCwHpcicf}IJFAzB0ez%MU5 zR8GDQeANIddX~eIu_^xGI`3^>@c~H1=%rlMtQOfgeF?PURcPcGD;1W;@}te}tMWj2H4Vazf9MX%4X_}O5-s@Y*OC#b=8woS zNMzhsmv>Xn6c`FeA8yK>xbUvof-*?5>0Q4QPh;h~X}~fx0v5RO<8>SYovPA%JgW{vN;PXhVMK=Jjd+DLPwFbUZ#xk&FT5 zelRFTg2l!?Z&K>{&U87sBI6p-t1{lglL0)>#WxR|XXKO9-U41YFPm*B>8hN+bP*^q zYL5?=66d5N+0rY#k6G*}sQowdL2}#er!AcR=r!>_{kYzC;RmCK zJfx|2Z+PXYr~iD@UzmH{86G3P12`N_6PPlRu5U5Sh6=mINYpe@(*h1$I4>jQTIV15TO4l)o(RS6iV9qxKR&G=erqi^ zpL;a_wy^61a;-Rm9udsMrejE9$u5GO>J?Z0+8atJO=RoTuxVe=&aY#Mbl4*HT@JEHdX+cAUeA z$rfw8py`DN92|)ie+i%5mb0%g9(^>b*FkDF4{7}}e#@M^!%%3VW_xKjwmT3WDVUuc zX2azllDdDxNFIGmg{9`nqomIq1T*$!vCk}9*p!=^wJ0t+J>ww+73-8ngZR02g3og& z##i)8#u?r}cTN$Gf2vh^^5MEc$3q4>|2xaW+fEwO%LkqwA2xd9cIB+=y4G4E$sc!y zJyq5RN3+^xWZb;F0Ig`cz=vuUjODDv)`^)4tQt<`o4wYVP#w^0dYPr|&-wONcGYok>ulk!&{UqalddQ(<)#YO`0ZB-RL5 z30^nWVl~GFBjB*Y&oU-U!1T}f_jA|Uq-@7&DPe!Sp$GZ&W<&iEnKp8J(N=jg68hv* z>2ts?&yrg2O%LwlLRy)ldg^#5J_H3LbSb-*SR4qC6RcD=RuY(tAIJ)T`9V4KV1;@; z+zXTjM6Xxc&rC!b4rQw5R**iF1jsu2+RBK0LQ*GhT;R+N+vBSu*76V?I z#o976i=J0mHht-W;^WimD(zA&?`#NIZ@;UU!J}4lH$ppR1Fa(>h-&uB%|pgzxkhVy z<(QZn-A;XIlv_G$5#-&Okc}L;ONEW@t{XL&TGUWep7Jn~Afq?ez>jK1qv7`fPl3I$ zYEaeuN%B}`JXrtKfX=ax@s-q@Xii%9FN%1zN;yqE+nYSU-|D%v(vQZ4n8!KOttX7t z^s1)cE1admRuX_8y=VL}THsE<`9g`BDR}Jb*}VoMpzHEX9-T7569I!Mm#1h2`;ol& zLAmvgnaEz60)YLQ``oPY-H)Gar8N<#wsxKP>-ywadI?0_!B;h->;k7mv|CMOlv&hm z4j<_sci(%Ow?ve9$*;V9)S8Dv#@TxjlO}L?%$j7c231 zY5S&a^XJ9-&~1Z~bben0Rwyrz9-ScZ?2)S(%FZ5EI8!-Z;1!D{fv@`6*5^;bjRW@L zuwBA;Ex(K}Xc_o=XejwrOAm{~6Qqy4GP9j*S_1Z~6uOdeeg+(`hq(^<>v(;ES!N?5OE zRO2JrOR_^1C8#n%lUhcOtCG@do^r;O;%lrl zYBlN+3_)?p@+Akt-NHl_nG$+Sf6qD%__53eN)X|GpZq3vd;nivg~-V@ojij@a8yPF z?{3#2kVipqyb#7BcmdFCJ-LXi{jE0DA18dcQ&Z86Sq7RatNTgctnd}l3ub=u9N#c zw=QL%>BqBf?~4OTVEC-NgD*2_6)+|#R|HJ>{f0X4W71^Eqn*($VXePJ<$yA7j+M|a zDw;1`-?Pc3P=3yD@>o zoB=GvX$eXKI(y#vPHyRKl^%=CW@QuFc)|Gks7ijTj50m^rbF9w3y9R(%j>N!ZiJDM z!!U>&h>?DIS;)BQ4sv!o-?gVZ!c^E{#&Fxn5|n*o{?z(75`0iSQF z!I%5zpXRd}k=klYpQx~iN1zS>w=!oWE^07?YcFAvXPx2fGzb~*t;c>65RNQ{!?T5M zdjLw|uK!e@LVPH<3={%Lhg{$wMwP787rgGQd4`#IVY8_!1Z|M9?NIB#ED1UOvo`nIV zE(im^T9vi35V*QO&yLUT z9K07>G=YV+{t430KTO>#4ulNlAxBi$Y#J?keVFb15*le4q7IG+vqOR5f}c248D6~pFv5?2ZHGWeGA24T`!)G7`53KV4TaRZ&EB6vJ>o!v z&Me0R={Q#=(Cdi9lFdvhXE*>&%Be%fX;UBzdpT0K7gLCgJKW~qU0dVf&)@&;tgZiB zR`tJv{FCoN-d?PGvhfj(L$ZAhZpwB_HdH3fb9w#hXvaS=c@SfhU1#_vKLRfmx5Wgi z6gr-ru(cFZBM?>Uk-89c;gf;CguyLQ-)?!+)4aJoQ~6Rvt%fPk%xQIJ$BEPJ`=17!!#^d6ryYB95QUmJg(b0etXd{UW+APOu!?(pSBxorf(gW`$4mEWJt;5(F4R`?F(3Q3M$CqaQ0*~Xk} z0*DEx<;o~K^Ct7q)>#gw+j0NsgRAl7RHA@W#d!|p@>&E5t@>#y6eO);E?8UvFn0yR zLDHs}&^RR@=J%6>W&oqy2paB96>%B)$uHK(FcKW>4%gnRYNutA79Vz%$d3b zk$i`#wa%Y2?v{-X2Owd`K&=d#9}Q2oDqyw%A)E^PP#~WI?a#uHtFB|QeqzOoEnro_ zT6t<2~tFydTA^SGBs(UJmhYAZg4L*#Wmg_xkW{FF8a&>Y( z!)zo<>=knwHnm~4NWXza+4yx8uA{4zYl%36I$iafqy!0-^x3haR2N>f2<7;?Nq7eG zVFai{CW2J$`EMRa>dZ*D$v z08psJ_`a!o2Y2aC&-+uE-SA;ppt8j35IMwF;WjVedTxEGML=(At125Q66#~3H;a{? z0?<;umi~_EYT>plB}dwRiH6t7JxP`Ill)IPq}hDyDeGBCGEW4I*=AfH2gf~0Bfv?D zWO}aA#4;F;TTynDn5qZJfgI#BZEWW2K=}5A98c;GLit0d6bpM@_Uw7yGiyv$8{-`)(J{FSPsvmMXX~froM2;TI6FmOh@KKGCsV3nF{;b@P?TEjPU7E3+C^? zI2CxD`^^fo8{Cjk~Zu< zIKzEahvS@dV7A$T@CMAyejjeE%DoH@g#yNR!~%aoCL)6DlM%^%-OL7OGw_j1 zgcEjVlJnu9faRF&I#FbmMW~RcdcWisYXniMlJRKxp#ivbWDTfL5wTS%S_QO*U0hM+ zAe!lG7Ap1tu)VXEA;}+OxMBcW|KP{EnuQH(3Y==+F1>u=sx+%VZe!)H#jwlMFQ~G~ zBL-Zxz_n-GSdVc(K@~suhn}8I^Wl3Z)9E?(v*lZW3)7}sw5Gxq2(B4q8DtE{X7p;q z3O7{r`%@N_m`pu(W@*fBI;MZD+raEyt#O$)MW@L$jvExp8(i zpd>D+CR#lL<$P|6F3R^8WnqZ&g>7CU@gPO2(Mx%|BWNh?CINKX**{%h9xS`5k}L`t z_1hhzC>1QCT-K+WOF>Y$>-^>8U5j=`67%V0!NYkdqHh99#ZV0h%`{*^mXy|AOzgdRF(f@s(kVdwvI7wWLytZeZMJjULdQ^gz}^Ge<~QKa!yE+eS{! zOl+KfTN*>tKrmG8mEuV+EqHn-up3;8PpSwH1yMYCK#_R|)x&Dyvx1$Sg7I+pESIS) zd=xp%3g+-eW!vt}2nI;hZuKhv2lB-V=8HJXclG+83JrxVW;@J@>5T?8=gl$2Rhi&<+Ptdq6K=0GN;l(F4>n_bVL6 zk}9r9dzOBqLjI+nO|3!he7qSY?6?c`c3=EffHnd;lM5OT@xmi;z|A`ECZhGRKtxk& z*_HJC>*o(mw1}RTh%1I&kAb3Wjj3*hqDll!B512Yo69dHB(SdyK*z-kB8|akUI0M%kibP6a$LKAI|7ffiAGO#ZIz)a-6csEYxtgt0BRa1NdSv@`N#PmU#rUDh_JDmr%ZD{Z&aRqWDL9ctHGX2JEUv17O-K$H-z zI{Yl8TEs7p?yXPLrcGl>CdoWyGb5%cJm?uZx1pw`=Z*A$#za9(>uZg#m!kERzE_6d z1-d}JfwK21T)C7)>3nZ*>KBBL{9dL%fU6`rj{vE1FiSC9)w zz)@jyopt$*o9)eq_?hczV(WQ%PzvCmmHXlR=&wnZ_j@(DL_(2uM>``=ff8-&sUrk=n7oFU>jeE*en9m?X$^s7WF)o|s60%7fYBXO*=&n{))sviZ2R-p zYaY)agOoB7hhM|s%6S}WCb*XlM}BO zFSxDyf>R`}x|NCRTH~;uC5CD0Aix4|gLipSI;qcBN2}b;o7r}NPz3SKIljxjBPg8} z45B%)e0XsJA3#x**UX63c&w!vz%etP5UbgCy{`y^%Ft!L^e-D+`;DZoHQ@H;v2CWvheKo+>_V8DQXlmd^tFw9JBiM(d$x?l&o zBHu#Ne|TFJQa2Pd+Jiwb#Io}pyY&&wtBO9=gRbDtEGZoX!6KkmBHQtzn%UZi1q|Up zxWVsW!IyDO&cAk_V6IX6N!+l)q04|e42lss;%A;x;_1RdP$Ep{r?(}2_nwbCO<{Gv zQ4QY>YQBjIt1r9=q!PML)Ft}-N#agsgYPYr2g-m0*UgrhU9QgB|L&?N2lAvx$ZMN)SXT>n)^h%H9S2kuk5{E{Ua7(}pX9@87STSorh_VZH4RxOH)cB zlzl{xih!iTt5w4J3qS>@Pw{<208+J>wjX+*<5eq;832pN)USe6{}g0{$uWC|QNTF9)-&jXOTW;C6*RpEj(~WO4?{%# zKNr}{;q~RMZgVaOFj7#=5V%Q0VM%=wkB|sc^3;hX-(!X8)+k4gX%O}p0P_j@<#r$6 z)tEiyTkvD%MS;$KrA}Glie?H3M@~Bxla0X@mrj-eYH)B%Q6+ci6xiATK_nV?<(}E^ z`qi#BolVvQb@5zxYRA=p4pK{EFEhXXpAwNjU*>+9>`{4;c@O zD+$S|v`X{hhISaH)Y${o)k>)6-=hN!!XgY~t(qoXW&D9B8N`@ZsZt)6*MQ8;UZNt5 zs~~&V0EH9Q0EWe~s}R zbuu90nyY*j8bD~qC3`_QrYXAj>2Nk^?ml66WhCB(!m2&9d}HfV;=Qw+SQQLdYKLQt zIBxe041c#f>X0GO;m_5_0%0Ge85@m@fCe`Y)tF`20x8ub=)~$wSP1|TEe(i?s?8!1 zR2cmviU_WUbSu7c+3ITHptGSYP!KS1`tLoR-IFH&SLZx~Pk_=to9Q`w`L9_0KYjV% zA3htq`Zt>cMtlDA#{Mr~eg}hRDB|3|fB7$yIJ@+}fBEl^@Ne&)o#_8^mEY0Lw@3Q- ztNh!$|9+K!d-re4`u8vYf3|1_um6h^r;Kj>-+cUA@AiN5$Y)#sEiat=?+;VP82{65 z{5*HGJHbGZ-c(@~e~xrqz9Nm^?{aJaxx5jmKO2Cq|MHbxxsy#fW265x_$#Rll!Wcx z+lx9lP$(e1ia2DvU-A`K-Z&geKT4!rrR*{DnuROSpvB8{1A$EApVuD<5n9rZ7t$?T z!cMN7NHVjf`|S*s+VpX=82!im@ry`(n9mZrA}Q?gj6UFXD1=CjQLX1at>5@|B&zpk zlbQPe(;)QxM=I=6agBiQn$HAZ8_pi|of(Pn84~{3t#ZBPiXqddDLbDi*#m3O^=6hv zP^t+9j0tDKDf2ZK0LFI^n=SF*F1!nd$3Ec$PQJ#ZA2!indaFG<-;*`DNstq?9jP=P zHTlLmo_lct;LQ$*?j;Jplc4{bt%0{)6`kFPP|MEB2sEcWjtd*hr-$>QRKCdpvNpZ9 z#K8P{EJgbgaF7?!ei(T$P*Kkm$th>jyR*LSR8#49^>*YpJve3X>Qsu8d`LJsRNw5h zUJr=6Dxpbqmpj=fG)^3iO}z41t-8HLU?Tp03oQY9QhQ7I<0V~%5in$yJ0A`AHTL!E zSef>8GNQn3WSoF${nf~8Qp~dBb+@m|I^WtP6;nDgr?<&208mibcG%(LpVzroHpTG! zs=1$m==Mg$yGI;e*<;Sl&2hx{v3*HRP5@Y=f+@jN>i)v|yDvCiDc#a=kEDL8mserP)ANO;#PuT5^YK$huxeqTr zr;tdVZMKv3e*`@^`5`E&PTVTZXZRe2>N7FfQu5rXO7ySzW7j*FSuUMZ!kM^vj(%f} zIg&$_M0Nv3U*g2gRfY)U@X0Z{XJsPb*V^jk2nvUn7*H~qu{rQ)r9pruSQrBV zjC(*CJd!TO>xH#41!Oc&Y4^^Q0M+A5P#x>|j#Jv;zz{Bgso#=zj%m5$X*r>}eK2u_ zn+hB@daqacT?+t|h{+Ynl5PkyQW4P1YLcV`6xlm&tYHs%bzH_buNFWW#zS45fK5w#D% zT@F~M>u1DYMR=#jA`Ze0@}=`k?Y!_+312a>jui(()!SE+18|2COd%{ZQ*I&V3|@PW z@MNo0sGHPDqG0FG=Yzwob$YEOi}gMCzBYn!3ie)5L_n#Cx6^zJj4$#WZ@&zQX#`X+ zFK{Y?3Se6n?PSG9Q_M7i;pl96)HAz(0!ehhvt030T7(rLuH+ zJ2^aH7A*8q57?>Mg@GA6M+*HMa;Ddh7 z3C=_HM~y{fS=YVig(S2gK4Xz&zfw()-eJQpD{cC%F0XBiW2~fiJ?XjCy#{>Jla@dc zUJ2ZMa}lh*5->@p0yI!S2%TK~&8k-SwEn@*`5*7kX=#+c*}cu79xq_r&=#X4m#Ug| zB!f=^W|5U}5)+?X(gP$qMlot%hxi~TtNQZjAHZahwutp7%Gk#W;t!qocEKp!UBEzm)eG3xL$~Y$_mB0m zFQdu_b%a%S;f&MPLf`Eo{j$vEz+n(2lPf62+3aXX7Z|yAVHSgjlFDcNdF#gQFUvh{ zwJMo$xmef~tR1R^eFTw+r9 zKJA1uhQ(79^4O223m82lKU)`-!rU4*&5P=Jf9ul8ABDt~R@sB!H+R-I<85i$uE=h@ zEi#>Fx#=(hxb8>k34@0i`Nr3`t0x#dmhIg9bb%s4l|bHGzx=d8ODnWKKr5H<@z5o9 z_lJlZ%>S4o;}Yh4=HF;cPLI`e3=?Ke?QFzMl1_4-qQQ_G?OW$#ld}0(y+YZ>F+ji> zu59MF^)*NV@zsf(&)ksRBe&cY({=v}{1B&|o`wKTfwV&wkjEO@>uiRk(jG4 zEWV#I<^*Px3rW>vuQ-S)8@t9`RKJkhfg!yd8A7PP%i2dHj8>QQTHJblV{C8RwQCp~ zi?zC-S~*))aX{}`Z}D2NwOq{V3Cz}fU(104@%1P8Cv=HPm*<0SuM55Q+k9& z$B1H2n?HGE!gAn8w)OXPh#lLvx1P!N{RT_nR!d1(N}+JmM3?(Ni9AY5>9*DEFjwo_ zsSca}0v5h=++eday8rZ6+!0yoP7JdOHR3Dkr%>I#F**eMUoLq1YohOaj|x)X2hlx> zjLUwx{)_?v~ue*QXn(~aDB&sAYjEEY3P zPh4A$*!3Q_+QF?z)f~cgyktMs(IXTu0xh^580=fqvDgM~r!ePFklA(JUr&(>sGs!) zBtWp_SeSL5mA^@n#PMr+`i))(zmi(>))(@SUce98N}j`m5&S@#zFaCWqJBZuRERV< zv7H>NX^@)}rTvnpran`tS)tkqj|T$Vo(c4I<<{##DV-0MHhHp=BaC!}o4){M?u`dT zqYxSZ)) z5M7scbefRds!786-9Nbl@ii6T3>ZZ1hu@8OUdId!cgMSARDZ^K07UjMz(d<$ynFf1 z`7D_zfDvwag0IU60;2)1E)J&j^jxxnZFboVN18m;W%JZ6U=(;Q*o1+c=r} z{NEqO#}?v43;M#}JZ9HVsClAceP0Rw@cPWyIuF8q$gev=BG2JZXV8x?yBM}5roglj zAzer+n(?>3sAGDP7D>(E*VsubSbz1ZjC*bO*X)ykwYmoxitPd=uBi$)E)L(ZTb)ps zg(A0Oet8u61q78aS1Jg_);}5#St&#;bIad}j!g}gnVUz*FP7?? zQwEV)k9ML04sQxg-9f~bfELGq>JDFKd_T}wWKBE^kC8n&++=rwM?Yhv%<5k53*%N? z5Yp*BE)!pv#aZ0E9gqYjeuPr!bcDX-ByJvqY0ZJbpb4}$esieNUsHd>=z!J!G2$?RV>(|ddA~B`l8xihDTHmCxDM5(~ zT)MRI>Mm#|&@u}Y=TEb1cZN3Q>~>UGb`}_@pP%;H5%U-iv`z&>9Q|7g&-@#ax}Bdg zLoV{!smS3<*x>1t<@K zl2|nO!qA2lqR(KM*?Vkby<31HeApqo_342KzKwszKjvavd(M0!sahStD>Q^d^y4Ko|3|h^M|5lKY=ii$&pSKV_s@X)YDd z3WFygo(p1s0$b{)=GrEUh%ex_TV5)@B9XF}K~JuV1#ByqkQzK@D7VXy295V^E?|#& zp!?-K+XRQ-VZOE3*iEHZ^SBJ{Ojcs(6-h?FZZr_*u~9C27bTBK*FM3tsVaK^gI>shKCL^2uP?ZIxv59V+c>BduuZPkj?r)l`yj#44 ztmttd`2K~Yej(olMYXBC11PzMT?kd>8WNh4(;}xDYCYR2d5i-MMHX9Gt?CE69yxNZ zmLdw3@0}MIW4U`5It1}W5+}uXe;!mTNFOG$6B(ZhsER^zIORJ{&gV#Wh2Ga4Kw9Sf zVaN7?Q9?cUK@M{S)aDM2K5%-Q8T7k+Cz~fR*%r}sh*fEw5^X}Su-C?y!D{<1*U(&M z7O!8f6a7>XV?!z277Cx=Jh-0ER5lB;1SGli12WD57IP0C^AGZ_$3LwIqQ{#4v&%!D z|N0P=Q(QP8^T|MNOT;kI{GyNms@Toq+0Fjl$jI}lei^hm6>g&Z6T5*7E^&@o)FP`r zX;!el>?~@;Mv_;7C~CnV<1uT2o|48V0ctK))bQi$oT63rH9P1~QAHBbzHlC+&%?Uw zfm5#LMx4|X)Ool~&-a*r0F#FTE&qxAlgJxCaCVEDKz2 zsWD8~xX+S}$k^r*Fc{#A|0-K3gx2m4w$Dz@Q-_ZuE&CvaQ879@^@*MB*dB;T2@WLK?rP7{Pwv>|j0eGipu<3YJ8A3ft6A;} zyCKcCV0<-BQoYNHr7qs>n%mX(pPK6iv4lgR>G>`Pm+etWuMO?NRqZnLL-M-&mDWg3 zhV-zANV%cSjkQKgR-(X4p%J{l;6Uf#u_|Hxyu`>ONQnj0n>)5u1uZrm18W7dx$vF} zUTE&8(9PvIYLS_7fvj6WNt$M}iWxTjAU#`O8*6g!mFt%NqAAqwn?no}aE=XkQ1gCX zT7E{N?Ke-qb3?rFui)4ebvLa~VzQ!862ucJ#-uRlnLnS}46=}It7ycH27j+9F zN~323$6byVHt=QhE(CcW4%_s59Y17lq_(bO6u`n8Dd;m+=O>bez@ z;)Nqs4O`(CZOSgT^oZM1>4rBSM&#FUR~H|pUt=vYu8?(kZumAxc-;zL$r8GA&u8_J z7_Yw4c%hgN9eyQ&g+T9}pArAqkKXDw^_c9INWICQhi)yk#}CU>7HtM(g>9zd((l?R z+0g`t#N<*($?Urt8*@rI++U=f0x(Q~Eoj`BqyDS4*|0*kll2IEz|?g1hZFCX>p?&6 zT9a9cYUvVMTD#N5XmbEWMYe}kqX*meLSph>k+d(rPWtkmq;*n)&r>bVW+NU-Cb^Y- z{MDS$m7~on=C8S|SKwdsxpbkR_s@IKHRKDK;>@=>p>(%wHQOH|Tvm$OxjUp6XamE{@i3UmLozLXyK@ zFQH?Qyl}Ns7$vflq-z7~laX}ZT5|Kd7n|HIpF8!Q8k^rYQLvzVaQUjmL8--v*Fkna z5XPVI7E0SB>71;Hke=!A(Icv7i~UL$q>tvgbsqjH?Y-<-Zj8O@^mcUXICenv}U3&g;-MIBcX(u$hz=QOjV7D#x{@^~?gt@52*yG~1kz42g z2Yc`R&{W!Wf$BJeI)V-ZihziUf}ntufOG)?DWM0XtJH)hT}nU&QK`~R=q-dUEp$*( zdMC7mqVyI(IthXM#F_cNx$phn|KRe21rpB5bDpyI+H0-d_W7&&ath!mRah_M)Vg!p z=kGS?jnc<9x??fhE1qMe9r676 zD6YY=n2Z`E@T|!8ca6QG=0Qr?rH9mr|+$p`f|%frRz{P#O7f;;wG1}mK>^*1BQ zdQRS5!%O~#h+&$VA42TMolm+}C|Hojx%!^!0T~u(V%xReOx?F`>0@_v3k_>5d{`}+ zlvzS*=vGIbL)qDMCdJszNo#X{JpVQ<(cPS_V|cSBOukD-e0(I3TzA-j zFE*Iuc8;y*qrmbqcLL>0Y}Xn_4&RY`$PappEoq-Xs%g zl&3?IS0lx2?}+^QV_`s6nNS=6_4Ibd*^kf7B|2-0GA<;=qV>5emBStyi#rmRH1r>9 z*B%{GEEy1LdW(kwo90p%@kxh2A_MRjf1RdxSE2_wCIxI8j$0;|Hw~lZyDq!w#ERk7 zlx0zZG4YMxgV|s1Z_YEBF{C?L=`Nq16K(Uv;@d(fk_J5w>yOQ`ViWJUxMo{?d#tT4 zh9wavqn6PNN*XaARR!M~E$7E1i=rN#941wZf#@@zj6aBqs1a|Fwm9$N8e%4(br0Vy@Pauny z7I~1X=Xa+Lrqqk^Q2npag6s8fa#-;j_YDWiKC;Qh^oCYJ;v1Z;eRL7Rqx- z!H2?X(%bHv$VIvu4$H$4WbKDj=%3xbf4Md^|an0o4%wB%qOh~|DYJ~_Eq(B#c? zFwI>H`6G4EKexEAb$BxTqNEi!j?{3p?U9L0y+#LN4PhtM#yLt|K#K;#7plDo_gUeC zkV23eA73o+6skLlFLr26!_+u+srjrXOSs|sWgSL6Q)J=WbdYhwon!%cf0Mu8G`)Ty z2qA^DIFSQF_T61iIVWOJ4heqo>YvhMx9ADl01hCYA9fDl0DYKunIkv_;o@R5V9 zQ?J76YvYkNJlRi&O1)D#g;xo!S3z069jS465y~|`P%wXwKs&s_<)j*S^DU@(6RjoI z>KBdp9UC4r;~@4^UCjayU%%tM-MxOEmAA`p9h8KZ!W`mFoT_iEgz{A>5K0zDrmyvn zAmI&_+<8v6jr_|=$&4N1m7^OPio=M)U3v-)Wz!Et103?>3l!0yy6sE6wRTLd7Hf7t z&SL;7{&m7uEKP|mPY)eBbLcQ3(%5;|2PG!nvzORRag5#1D!DABqHU|4pT_B&$)=ei zEVF3}QI6V4iQTPpn9Rh=cgc!7%BT_y3Eqa|#m42&;NvG-ROukwg4?o5L!7anG}k&@ zxP_&Z^XPC#~l&8-7VJoHK0jy~267ryzU0gT0acbPM7#_2qsb0hAUvsdJK> zt4G%TQLz*KROmTZ)uI3|KNsc8RA{r9QjVIMJTEXrh^o~%JeZdo&KhT?`Ka05i&o`x zlIyyIZF@IdLe^Hr=)}e6eH*IKB%}X^5fWUoPTh-%!=e z7Sz+W*~MPjoQF!n?+iD5_@cDD&T~m6oR!5%F}U!?TAfK*!y(6RKb&W6OCddh4l2E1 zt*(=CKkCD%r!I6pheftt8gcA%z}s~T*@Cy%N%q{(xf{sG^8vpVlW%W^>!vLJW?{iK zIvM$1@cmR#wPH(=uad=wMbm>90hHOwRetEksl-1u0#B^2DF~{JWs(x62K=GfEGCTw zjzQ9LJ{C!%ACb8j`vOU4o}BS-il%orgy|~o+(?7_j)m3{&O@IfdRxRDtB=Q*%LkLB zJe9YHmHTySEtfqf@a~&Z%ia^^ufo%cr&lEM>U$GB$sz9B=!$d@)8{=lm0HyJ&266l zRMV$rSsa}A;BC*{={&kZeHKyPyr)~j?4uiD>hk(ZzRoA5&Bh0U(g=2}`|cV;K^HKl z)b%Ee+0n#vj!v`Et#Msq>9$5se3kWu+opbPcW}?(X0?w}``{L42@voUzb^%L6LGn? zq7i+R3n?ewkm$Xz{{6$@sBL;G_~IHhrB5Q5FZNmt^oYx{8*|z6Eo2`Vlpkg%9C}2YLBLd5O0)MX*Lp=()N$1(;Fo z!Gg2oD&ZV_7jLQ;_o7>iH8qx3ZFr28aeERtAh`yJ{XkjRT&mYdOoSX_rZ+OTmy^{y zip~Ynj)>zrsAsl_o~VyzNa5s8_?|a_RjP4RtRB z;m$8_ zFwESpT^ZAl2fh;xu=AF`!#Y1b*1q*vyKM2sc>%FVe7ei>LVA?dh;GZhb2C-e0n}xS z*8u}As*(cK#!JiI*JBdH%my&fGey;NXgf|dcJ%PCR%WXq^mD1e%}`>~6x{#NhhYI; zS!DGxSHr-&R^_oMiKu|Fmu**n=_(T=DZ)c zKJ1O-Fp^`7IHOcx9j&Wj_lug~9e@2(^oTAYZ0?DbLxC9O{wrwn11szsb(u%S)p8$~ z=&T%UEz-Y~ng1GkvEMKD+EVm!OFIX%7@;o>?t~ZqQqM0X;0Dr34#uy-sI1i1R~@K$^xj$i3=*$FncE^01r zP*Z@yD@kRUPcJ?jnan)=rC}&i9isnAzU!=}-}bBT-6N7Kt2d;s#_ry_YhS0T4nyzW zB2=Fy0k01OCb-UtyDp5%5Tn?^c!H$iNlM2EVxQ2&X9`7$%Qi|m4h=n_wvyEs8`OJ}OVSSz>qM~i^5rH74 zlZQJd9?%YefUpk6$7pc7wB*hg%5>iq(HPs*bIc-%ERA0&O409oU6?`3-0Q))u^6q| zV$ssTLO7iRqKZKoP;yC|l1Y`7S4w&SgK~>1zlvDsbzsrcf=mg<}5{SiI@U+JgrU69ET~*=HE(TaPr%{kf|t_jM)+~^5vZW5bR4YM%Be%Jr%|2J5pCjF znk{R|B0n-PZtgL4)+(c{W6$wE2r)6z;h{HehYf$%=?biFfTo}(K_7(SgMg!**O3}pkC&j3Q@Nb2vvSqHuWH}2r&OIvWe-Z;vRmaAvh0w1!j9+3 zn7T^;bCL3iG)!@LX+xHlq6OcqkY`X#%-rl?r* zLpxjN>UdwHO@9xT^CD?2>j+uw8OT!0Z#lbcmNC_Ey^PTYm5(d9&GA!3d6+?Fs?+VDX` zMC*xmM7 zOH`->RhGGV=S-BOv{K7`0?{9Idc4*~6YUO5W1>LD*YERM< zNjYKEV@Du>@kEPC7Y2oN|ZP$!zN%I6=-wSJ6GTZv;8^C?fro5=Vcwt*z1UuTPaaget zrPIrwzu*jJj?zo@n#%}v2bmJMWZ`K60VH4f&Oc|M*dfN@lo4Y@44EHJS0OwN5nD1M zJp1M!v(YPg|x;&WW7%KLe?S@$pn8vjODAsbe)}sA-Mj(H_jZ zV6lyAa+a)YmFY(Ffg6^bq)hB)VC~@uu(x~amuYCQEjWKk6Z6|!Z+(|N-F=IdVL`K6iawhH_q{kmDK50xYQW%|mW=%hCB^XO?v zvEfSzT11e7=&Ybd-^fFQ8>{5^^T@K{;0He^zK_`G0zyeQtm5aquWm3kcCSU3yB!H{ zewATb*;ELYweQzv{eoPyu;#>t&{9q}P;aiu<%kgBr05ugf}?n?|4ryjt}g*ou3B^Q zV1e73duh8*#o&vW+%HD`u4azf_T|nGXGOBwy@vTxMt3qrloV7EyLlg#vNS^)P`iHU zAD3Evlm~_kY_&T=bv2uns!KQ3(8X%RVqI0jei=YnfAPq2{VxQ%dP4J}YLLecWMdw@uL&$T{0Y<7OaO-Yaj3tJ}jCsns0WOYR-F%;3@T zP@@K2Vl+=`SiD*FhAy+3Qh-~4;d6Rjk|*h(e3B$#pStNiM_;aSInX$h`V4u>WG3(z zcC*3w9O^U7iZ@K?&@S`&4P^Onn17t}OZzRPA>-ps(}WXq_4hWpymtrfr~<%wz>}1> zWC9byXzxf1VPTK7DVwQBrZJy|+U&9yY;c>HHvHXO#c8iCnnvSGtK-?~Z`0Q|-}T>F zx*^V+m)PZ7q1Yi_}l(`s&kDzH2I?K9MkU%1){MojQ&Y|`5>z;;)yMj z;Wti<=tEb10l@fDe9ZLSWi|uYME`ps%Z$llpoAWAF_U$*9 z_!>G*H*4|9sy?QB;pkHxStt5(=|g^IVevE3)5#a$U;X(DPXAUPl>J!Il#(76T6YTb zSnn*H)2PL&sYQ#64N(Y9Yr>fD-u{lpnPA#a+ZZFo%^(4xgoi*!!)Yv}n&b<>}(6@n^n4F;w)* zoFmURFQVWJoDt{4=@hOxfpErTMy z3Vuplv9oN2W1Atxn4`eFOzZ-*(>6QF(JK&r?cjR$*zG6U1N+MoB+CxTt~WZc$sCZR z8z<_+h%Pg&edy9&9Nv6+G_%~A6GOj>18YbKJL;;Y{>g!Llg$1$iji6#u)~^QqmTXP z;E-N|&N+}~Ds9jyT0O)yw++0-GuzVe$E?375!Du`}d+D+1b~%bY(KaD^7uPzryC>ub zv_4x{k_W{v_JXe%6WDX+$r&sb!Kae_2pZb^>!94gw;TKrIC<=VV( zs`WPi%H6>ife8^7)OHYpsRg2wZGR-Jh4{lJcFk%{bcg#&|q?!PlKGX(e6TZCCZSA^Q&YH4{l(e!-4)b zwpMdi6(eURm>i>F@1tYh;OA{uR8Aab;W>2`4+^qSo9gZ%KmxRS9+qswMu* z(fOnmzoMDbO-Vu23>g8l1dfH>K9&~Y#J#{4&$No0hgqI5uxJc!hOj@1NE|C;RCjpu zqe^gT#gMABu9w8@&00Z+`5DLUh+^T|db`THEV|m;4 z3=k>GF0*K_TDCCtkf%|V$@()DS*j0^vk0i0N3N|@W#NZiAlh&;_O-D3I1tB4SFuDl zbAGV66Q>-;7PEJw7&*jz!%3kLOl+~w)}TCzPH!6eku_aZx~5klU)YXQWKxDBZ!4XN z=j~7Z;xGu|x702p;o9YTJm=X@WO9)4IG2$>z{)qbR1<9hNH`FeK5=!WwpJqq z4u>RKgCmDyz!$+q8Mxa>GGVzYAfsK&4nn}|s6)Rqpg)|fy>X{JdIf%0d0itK)P}&8wxlQMTLavZ4F<|hV zkzeucpD@eofYfwJ2bCv`y|F#r5q4(eHuuhnkkWZr1qcve}LMKM|^LV%wMSl6gR)9bFmRi!_Dg+vD;p#vZ)LsyE_Jq z#v7#$U)wS4_$?2OiRnHcwHH>E*{a=Dr;(J>snpkU)rMIbegpRmFXF3Ihyyf3@P?X= z;bB-D8~zYd(oY|V<|u%x1fuzi?-Y)H=Za&;N7Ea)1PXVFVyopd0d^Q1U3=i4}|5n-}r@{fh?UuM126&cq|*ZI22MlJA zXlGCCNW(~A>S#W(M0UI>h2}|qNBE)f623yH=W6y2@My4kx;yU0gC5-SlFKl@9EgsP z>e;THj*tSWBa@_m_QN<rL zz>UMh-6zgd^E`#HaU?xaAFWy1KTKc}7;Ow`p#<#iYsG_NUkvSoUHs%Yq z!n&e@sD!hZr7u#U9mb;v8;8yfG(Dt7AUf-&i5h$o?`4HnMmH{k>ogbgF zG!%@cHv$~Vb2KKCjguCK0f*a|X923j!JDG|z@xw!=(W+Ln|Y{fdAuHl*H*1r@k!sI z*12vwk-(XDI$S)%&bh%|#@v5@wr0T@m+8APqnadqDqR4Ab(|GIT+>BVn<#n3yl ztr*OYcs7SLXl!wBsuP0JBPHvdWM1)gvzMp_Qqfi)EYOR;-Cq5woV>)xy#^9VhdpP8 zUlT^-%`c9nm9fWaBR#&qkD=o;b-zY6pIiP~B#L#3#6`+O=LBpoZ*rO4fIdGD!7lo1 z88-lK5OlyMT$5y{y~%T-VluBm8b^{(ne|9DLu(LwnFG<0?a=Q#kT=)|&O@y;?dk11 zAT%9*Kjz5yLVEjJ5AsRCz`fFNE12k$G`epGlx~J0Yt~KQQh6vnoAh;K1B(H%vbBLu z=2UB9#6!!D>dnWax1N+CmD}}ulj#w-q<)QC5O`WM^v#eedlmq%S}d|x$6}XJusMl` z*0gLF1TCz62MyN!5IdZ_Xx zUWS3jV^msakVk-m{ppyL8TAu*# zD^RduFXP5+;YOdto{c2smv=URXNllDll_k0_^jkvq(lj@U|4^~#;+3e2Vi{INVzFB z+6}Snxx}bzCmN_*FwPpOFzxKvhkx`Q`@_pe9-GLyS+Alt6pFe`rRn)AtK(Yu-0Sg|Rkv2PB2$4_KK)kB`( zK^AcsAA2Dk%my_i{Nyhe_|1) zc77?TRiW?G6rEdbpnR7gkJ2w~#Ky>50Y?O^`3PlL{GQ?XYsYx`a9OwqT}9Oc-$XHI zc(r_&|H1UG)J8*Uunt7_;LfgWoGfqGrQ|PU26m?K5zm9BNUOnB@F2miYNK7o`R(Rs z`@S~{JAS20+irp8d>{qgaeKadv?Gq?J@%3~1fWFr2~8~_?7m|T!%*6Oecdu5q8m-z zxQJ)g|61qJec%mkb;2&uEncyp4-s6q*@P-U&h=b+q3UfII^U zb+1D0`!^9!l(yS2eW9VEk1diQkE3zt>eEathy0l|8^ZuDAm}S-gCs4m*Rly=zh>v% z65E3%lI4{Xq))t;^t4^*waS!XVb{^`YwO4Hh&<M!Qai?_9GpWz z8oxVv#~F$IbAX%a=~U7$HXtSn&%n z@t~xmmlLnPlqm`#0k`4RV4mkBl}l>^CVkqXXQ@(aKIrm1xP8}``Cm3~tBYJomhmcj zCl8H5bctbM+w^cyVCfVwS<_PO>8`SUQ-9KG#$&lTJIM*37VjzB<$relaB>1f%-?{y zG@=(j$;5zo0z_7Q0JO?ap{2F#RoD+4J+VZCUU?pPqy+Y<+6DAiw>Yj^;t6{ntYw;W& zuFo7P&6wZL2KTv!vn0_OPjfTjU2uIG(d~LMtu@>}$DwF#19Wtjyep~2+zqPs1({rM zS|B^y`28Po*!JW4O0uOf{3?H%W6xdo18wCVsKqRtyK55r3$G)GQdOBCQh51`=3apb zCmY>Vrv&WmMzLu%|)f-Asp+g1*wuP=WiLZII%dW-GG+I^Y5lNDG!Y=0}>$g@LJ_&%}87E z`e>z}_0+dG!fcg&`cA8IZJ1O7ANN(rAG~^ox@2C4FUDM9x}65&6NYe8EMQ}~D=6kA z2tRA?lz6M7q|dp+QZ!Y=HhvacY5Q05P*RkM;c#8wxicGVmj-u6 zb{;U^30ZOboW)y$ye((F)MwdZ$#o6O(E)NB*oM^t9MV%`JUqwN5tVYZr~hUWamrk#W-Jo;pj5x zyfXH!q~&sG_?GAnX8>EG4_-rNECI#p!l$X6mt8>d`wf?t`0=CKY*x)U&3ESKOt!&o6eoUY{ zL-XXpGVSe6N9x&~N;l`B#D#?JSf2cW|5VzTFOrkML^VtHhc4K^8&al(B(5)z?4CBA zeOQZ?M&FCCwuIaAJQVai6jtSxw+OI&(iN1$?RoyIN}!aF1YZ4F_~O(3cD$bNc#15k&od>ZHv;zz|P~CPn_q02u6q`_7rxO?SIV{J2c5vSn&eQ2( zPR>)~wTKPT5X={D$U<(L&R%Kk$Be#sG3qw|dRS%t`!&0#kp}kK1H&k#4@}%XFL1jb zmL82+y)3j~!>aPC&ju`?&<1by;A^b(y=`cW0 zxxSs^mwBKMO?1Ud~Lp?_1n!&1~ ziy*l!iSy1@JbaXqSDr7=FB<)R0d;uYHx8Ma$AAC@mmz$*r&_ZOYRD>MP^4e^_&PCu z^@(<;@%OVF@VgV1`1BE(zXpINP!wM2Q0`=06YnG=_c zFvoRu`E)NCSx%yY<`4!&#!L~%`F^iCDsaZg^RIIGCYOcXBVRF$Qp-W_dQ-)_{kZks zPrfdl&px+$Ap6iL5M7HSL^i8z)eXIt-9aAY-vnhIF~L5NCR#7iR%wB(*7=_hT;BV@ zrnF#f!2y}wF};B{n)wdr7=X0X8A$-vD%^)Ei^)9yLjhZvi(!&I7Q)$1h{FRZ$d zeSP@`wo>I@-x-CJQu-#SSHt}q$REA{RUKiezPt4#-d#huene0=y7$Z*y3+uma1+$q z2|Wv~K5 z=$Ng4=JbL!aZI|$2sN^;V?@9~1gsO_7dc9teU=7ZO z(w+0-{-bdKgt&u^0~EY@%*K{?`%YorMLjG6kYU*r>K~91(*T3$UOASh=$ExQdmh9? z`SMVXXC8a~k_uq4od!5#;$5BM1rgO;t2BS%dmO~7vpC6FwOd{{uikHvv&(;@thRii zk{_zQ`1Pi}ln>+3j6zbbqJ>M_O%@iipO;l8s}xicG}Y4MLz{K~}o(`Ecn>oK6hlus-+5kW%=G zRN8YU(MNd?Nfkzp({rtHkO)e7Z1F0rs6XNQC=vi^Qx;A5G-eh;_ zOjt>G>B1}?v$89*P9kdsWXoIH$Zrv$^K74!VP3dyL#>7l(hlSO$e z<*8Yx{18o3oq$N+t+-|s;tCWY8%bLEsVB-SX7>TIpbb(=C8O>syMMR<3bc-ZPX}R! zgI#iM*sNCbkUJMDSJegUnfZNzF;o}@>6npTz@7h*yj@L?0Ic=U_(TAwrz3e^&CwdW zpzEjT9|7=5*@07MHxie_oF+z23ct(kW;*r*^hDqrz#o2Zk1J8WTgc;Prpsqw>+04q z8E{0+rJz77-SUEKANPZ!Xq^#pnpLqMKtHJI28X_%XkDhG)5Ls11eEGWIs2q#!YWAj z`o?uG!@+6DY9_AA_US~)hXtjxjxNinKM^02a=x4>|c-o*~^FqnFGu0$PK; z1l`|$qqP%#+65U7io$PwzQRNVE*4t9pT3H>kBh%>y|5`iqDs7&@69w!=>#`vsC zxlhIxL3vBs9kc>(fyCp*7T5RL)aP}7I4Pc}S7iz>jJS|#**BvS#nP5{@&R*=5z}JG z%VC&@(k^;cD()5Cwf^PTf`Czd8?wrA%;{?KvV)OOv!m)C=-inHu3}f~}EU)Hu)*pXzDPNYlK$AO+ z;2cf%icBh8o`T1p{+$Fo?<7?_iF^UQ|wcUQ|lKuc230CDF^S*7!CdZfdM@s-UlX~BOefQb33 z`Ge!f2$TQxcmZZ2_2-mC+$@8`{jnnht%+hBX;Ojm3|E8xPyl+vV?c5Ex1Z0kW1kYJS&q z?ALY%nt)M}_O{QoxBR@qU+=t<_(}1#lI4r3w++;nfW~(&+)l7=&$Y{0_=#E7vnbc5 zG`fp;@CmL4-JyA1)2{mWSE~(B4}U5Xq%RW6_}b_Ear0Ap(`#N4dIV5)(muv1+DC|; zAJCFx2!|`0vtGV!L>93A+nxK^vEC*L&;aejqrT`zASd}0D#*Y<-tiR+%M$Y-n54fY zfsRO-Nzyi*Xr_qt2zI%*8^`Dov=8vt@ceTVw7A?>E|!{FBkpyQ~T$Fw7>s;`M)0g^I#s>+W2qB#!nIW|IYyeS9}D<@&C9l+8p|8 z;?h>d|Lc~)k7#fDXTZDkR8;=zszSSod)ANkjxU(^Ivqb&Ze$U{>p*+7{~r9G>Q{zi z$NnCo**_k;{_TNAdpr1g@Z;@&Uh(Jm|C&5MSJTh`|NY0`_x_)g=f4fof0=84zx-dz z?XO?|UoQIpPw@YHRe^_r&ZoKRJ_F6~0;SgKMD|jT_Bnt5^`HIhUr!DUIWijr%fDJ2 zk%!N0(u!fG0fTw4Pe+u1Bf**C0P3yZLjGg&(B2NN(a;afx>;B|L;iYf|G9|4cV~sM zX24(j6HrpSl>nKn9rCY7_OHe9^H%5)HwV*pfL08fzAg0gGyUfj0Q2%B!3y$@#CDKDf-O8&S$PkTT2BI~@H8;UE(^w$0PnI#y=n4~Q;taQD3R@>?*VBY^ejnJSO#~b%%r~+Vo4d_w z11oL1&w{+cq^)cXpF4oR`d}8c`C!-$M}Gpq%}ZcD_Qw8yw&RO&a07{>lcjx2|KJ?ZAi;d7B;GXGFyn=O_sFPSARyscgO6lQkL0UWKG>b<6 z^y6}CJ2ZCx({X3NY4&WW3LzNh0jj{e=w%^bi;dO901Bwrue6@$G&|>Sz!`3>B3Lc% z)zX_KXQ|l02?lp*3kqTQCGbkx6dqHII$m;ACTO*Ba3(OYWV-pJv!LlEclS$nWEYwi z;1lwk^ra2Lx{f2vh9cEt(Oj*ke3^dNCM;KZlJ?#Ee&tMD$ydFx%By+WfP3h6$+R@oVpcfMldpO5! z@fGmg5JOauoU$F7G1VBP1{`{KWfgPd3u)9j$xQy}Q02NAR)6?%FGQf zM`m;ordc62mq^0@EHL0+6erIg%BzO~@|ZR}_dsH(0Y=`#LO74N9%FI@+9LNk7uW9? z?^UiL*L)$%pgkjQuFA@f(js@rNEMh)Ouej+5w-oS9=h>%6Jq7fXI%xjdPeIf61W6i-x&0>K7 z&3%8^7U=fsmu{$2oqZ3%hD6%1tO0;m=5*i5>viyuc?)ysK z@#rvOM0l^Kp(hB#mOURvp|<6aPrg3O34bf^NZjFo3}ce}e``s%GYSzKKH8U0?m;(4 z0`-Tx%+!+eWX{Q;ZDOPBz$AKfnV!0H5P3<4Fx!H6{`hg>S^RBef+y=gV+L$7LggK| z7W!V%BY>>&&0&N4V*eMa1u!Hu*3^-m3bPTILTv%XQBZ*IY@DHj8~U*D6kL-_IqcNY z4sa8^P9}nUD8rHWCHr5ILZC4#5bo;^Xhrv_+W2qVPto5CVP4)X6muBq1@+F17j0RX z*o2ekE;~?MVQjjFvfkIa0GWbU;US@vgM$OYsbOW7nDRyg4yX*yiJL>Oxr8w^YjqMd zPCHy43YQ+>TBh)qmb{Zy?{+7f#%>$<>kH!EP0Dh&kn8 zY#3ls_4M&xB~W~%M)5*p-bTtDKHFPMu<(~KUTbD|ra#)Dxu*mGG;lY=5-*nOJ%_sU zXCikLsQ}QCdmfw-F&subAn1xJyF5Ri8w=Zl-=jN_Ozk#1t5D+)L9#o z6d!kI5`1*b(MsD57#^jw1@@$KXYo6+1QKYfvv27toRJYqHl_djODwgdlmGLVfNVn8 z@qa!gIHx9TwJCj({`g+9DqRJwd;I~i$A71+(~%w^yQVv}lT@d!NpSlU>uWUo$?(3; z>}^wEW4?DZd33njG${w%cNQLso_4U##2O_%CV{OsM;NTB&uPK({4q3~?EOH<{b$kN zKVqnU-(S)ES>DP+w)XC3&6aA%vsm7{X?;^ zoq^dq3B_RmmMCW9GA&_N5{}E6k+KNiK=j`Ca{(6%y+A|V_}G}GAHbupX*x`uaoG(R z`ac54{U^Zt|17L&qPhE)+&IV@0=gY)rAV`0u3Wk=((k$SEU)VF6oA3s;^GXN&0JD0 z;ty{Fh$P4%=QMgUvvu>Oqmahe0Bsz8MRZ=|IE8P*mU5SLi3+GL4u1ku9 z;s7(%@~TPds#l+<`yl}0jLK|&s~mGxU#}=e@*8U{DsTeFb$zZl4JoJn$%8rZw;j1h zBEXy+?elFX00bC8!C7_l82pM_6g(1U3S6*0Sw_kjc-0Y9Ok+(_0Y|@nkq+W}=mIzC zh>Z#07j2`0Ugd)hwzMkx2Jk2|gK}t(*OQm>?c;~3AME-v&`4>(;PvR>MWkLk$HS4> zSe&&T=c787+YkSs zHDdQ5_9HQFsszo<`M2_gLV*Mjb!2X1>Ls{5QDD0~DcB$?Dr#;N6AwB9CrLxXp1_9E zxHqR>Dyd(KNeB!59F( zCmFK|4Q01QB|5`4iEJucox^5KH3UA9p6@a~=TTcCU*ZthmUI6d`!3cm3^i_Du zq&PONI-n;>BF1~N2HEasyL&6fEM6YE`>xZ%h?r0U;Uy%>I1jcJh|Pf}FCN63ZeYt{ z19X#tIC}ny;C8J*aof&z(W`Ci*O*KI=UquKS}0qsEC%w*_(VJE&pw6o-d&FK;6&0A zRf7kJW!qg69&SCr4_b4(eSbgPV(X+bZ>9Hf4ub7Ug5>0a_unsTSx{-@GtnGM!`c1l zPn&%H!ebc-m>|5}DN=GCsUaUR(+T?`j@4h)C!vtJL6sHC?TZ`jA54dB4?qdM$F_n? zEZNbR8n@rQYRFxC8?YL#q8dwaaxVS&FLus5b%meA&W`5*m;F#jL3Ww{c;ad$iy7j6 zK%vNRk^>1x(VXo1$RYky%P8BFT-4b9S3!TB&Dxz` zLRxdNxd7zgHrVCjM%icJIBK%g!DmU&*MZ29?Svj`BR;C-awR9MGqN|E%DaT_)Cyq( zDPPZ!QaOkqwfoL zOslzi{O!{&jDduDxrr8+2(0CG2uJ z_TyT+dFnr^J;#F|eZiLWtq~fb^#yN`tCgPw8~==N0|$T8RzhCW&ffXo3IVMi(B?cC zr{+3+rGRCd?*~K|p=L+fL+I9%l+Xv_UWYFqSPXnu=lxH$l=#u6euiFREmR9{gxOxE**}+O6 zPJIj#z1YH*KGmOV%oS7Qkz}N)d^#awT>1C1)(11V80NQG2w;J-znGI+l*=XT2}Xa% z_->4eF~Zp7r2gbVxf!39+!OS*x_ys(9ix;7QN#^4JX?K0TyQ5E7u~I6jbW}o6aoV0 z74LlWmI|YqRWZrb04P;>=rv@%dr+k?s;@J?BrE`y4AcUCbdc<4@llF4BKA}7`dS2X ztP7%)xufrL4UV`ZXvhjj?DYiRE{h8n&VHcl!nwC6O=nX%` z6i9cgsN0kkvPLyI71Gk0HLddA0fsW-iqX(?v5`=^o(S=Es_HC|*nHA)U-?=k2kJ8$ zKM{!2lQ(C02ke(Vgqgt-Vj$RRQtL>9yD9E0wqc(XOE&WVBC7OkbNP7&3!ywt4^xjK zrp@WTTUt})6|lad$DS6Oz3L2F%ejQZZ!KPe+0?92ExUnT#HK-gggV3R6ItQi^A>uI zVR09>r@oSHhx`Zp_jeJa|DG-NpVPQ`5y}Sb>`D?3LYy#;1Z!Zx2CM7@eSk72X)S+h zCZ~0G{6O2PNZn9LW`+Ub%(=`cBZKXXBd-?ZvOGjlAip!2HJD6mldf7p8upeXP4 zZJ5Lab0Sz`p+giA5CQ4E7$S&NMHX0^(pI`l?^sc(f)wc}(wnd>y+kQ1ZCARKT@1Y= zb)|pzL(~&<&O7tXeDl3C?>qmUGbaeU&pze%yX$pbcbYQjPj)Le-$dXaZjo*{yVwEq z=*J54UT-HOE$EgsekXoR?oCP0wC_2097DwNI7J(xtOPdW)luTBS^fg@)>&8LL7EBX z1l>jQ3)f6pKfrGFtRC661r$E;eaRA@^Quwy9dg#3bm{yVhlD%k(@q0Rky>!|M#Z+= zYM0J~0%S=li%{cVETw7G50t3(5>0zbysfP+#9Qfwv*bvFxnXchTL~ITJ6X^J(}=ci z)$&bWwW+W7XEGapp`8|+ckE89a%rGQoaC_|oB8?7uTq>0kZ?Px!y%dtl^4+s;EG+EZQm}2 zPYvefti)NjoXrk5M2$xSpvm#W*}EZ6j>k+F@LcYjg#K=rC!Lb&kzBhU@<5b1?VU?4 zud!vnyu~c`j3}F7#EnTnPMp&{0}?-D7bh|{{)~T?eU{ss-=T7@WRPlsV!L(aO-Bdu z>~E1F#WC)tA(Yy)`)z;ju2ck)7GCILXj2a_(*`rIc^VcU&bs%=z(WYX;+ebd8;L(8 zkVfO+u7^Ge^NBJ2NP0`u4FLnbbfxnzt3)NV(#+cya8&lIS0#lZdhAmj%T$g z_qS9Ec5|0fLK7>UVrrXT$1PfnLS8P8UF!OcU@;SU)lvLvs)^70)Oc+>J7&|F zx&|Ne`K_OUSR?r6x|H*{=(WbcqS+E5z;QJbkKXHlz$_A^E`{Yebp^d4Tj))qsHG?T z800j!3(@=US^Ud!c~-=@qub)O&I-cE({6Oyrl%RG2mY1@IH$&J{~lJ?jn>!zdYdH!neS8O*jr= zewl%DKi2TBM~6S-?XAF5XGF3(9-aZ=h-BCCCZs$oyY2`*}oo;$L4j*XN#Le|oAb%mPuN4FVY2akSnQ0HR)xWA%s9rw*rHQ)Dr~ z*ed4wi^DILf!<%78Bpd>mB}zTL!v4VhBb8kK7aYL+_T;kD-GebvJUktJ#?sJzPApS zvZa|hO58)YZzQ;>TQ+AI0J?1!u=oks{6~ACR%C3C`gp1@uj@D@BtJ8C8P!XsVcL#| z01)H-B<5oC`}C`;po@;&buK7Y{;Jx-Z?fS~obcjKgL0XVyJ!02Jfe@yRZ~AW(ehSQ z&--hUof)K2X#xCkx9S&HH24Wx37L-v$5iG(5E*xd$=fK8N2D@wd1A;><{nZ#=95Vm z9_xa@THOuc6GTZpP}_Fyu2@8Ip)-|M8Jm_zfBoG)yOMnn>5o4 zg$cVA+$qc4x3*AX`meXtGWEJfvV8Ts3S_Ec@qBX>pLq;SP0;$dwM^=L`O7L3jKF+x zL4)_m@^A(dXu_RA0I-8o?48>8xxk;cFpF_ZAwq~Zy(iRNqQM+pOl&c%K`%ftDvTW3 zDlONSf=W-QNJVbt44nfXD)%RLC=2l1HDs-M%^!B5P3w6a_tFip+Q=P5%Y&5D_m~q$ zWZdU8ffYqAk?Y-wlE(o_fVMOypepV_9`*Hp|5ju1efz5;Wyt0>KU_E()uLtD|LB4} z6638!qVQ3cR;A8R++()~nxZDTJ!M?dXY}Uzz04Hb>hFC+on_1P#eyL9DZNz zt##ubnzB+Q{^dNrth~=nRJ?{tOZwZ$KHdedz^$}vj~$HDNJO;C5u?Zrhn`#mq*G*I z{^7}ydj5$QzchL1oY63e0I~+UE2m>cx)GBPRbhZycGW`Aou+an2Mk~0pJ%VP85e9GV7mzuu_JL?b zY-9jtBJ|(#gkb_Q5Y9Be0yV|#vl&SsyW+h&F2o^eo~A8FG~X*iz8Heiw>D2jierjx z^acI}Pk57~_T~u3E+g~B!KKYL_pYscm#6ck3?@EO&O^dwr!SsR6EU>!uj1O!NH4dF z4hwm4f?+#1a5acAKr=}?O209W2gh$%dU4>&*}5bv?VRicufPj!nBh@1Ud0%GQ-c)x z8jIXx+^r9P1X&W$K{mE=T$>X-X8ca#ofy!|sbA}DpD`KQhOQ;^wYxiSe}B$%(SY_j zG!j*&*6LrXhG;OhSPYj4xlF#(H;?TY2M(f&J?L!(oIfcN*{WhNV_fA?*m#apDZKf7 zTf$3Ai>gZl^We@}ZpI@jy!L_8&g1GD%(}71Sa=Vmtric!gi|%Eu4-9Wf9yCuKs!h2 zXo+QVk!wBQEy2i1(R=;C8G%k#;yM0PvB7!bUa_WB;L@ncKxDQKO4?bwc0bp@oHQ|8 zj?T*(U>5bbR6JYRf*KV!oO+gbWgbb-_&98TIx4I*CN!U&S7^n=wy=JGt&0g$tllHC z)({h*Jdhyaf1#yCouplv2rAV~q&O{Srmn!3CidyT%5$2|qQyfYOl3k0Gr#rQ3{j|^ zy2gw%fWXoI(WVA)eB}Rla-&CCaC4=TgmysA?8|oij78`|CFULF*6d=$TI^g3TuZ$c z+LMs}(*>+@I214+o_Qkr^hro$36%Hah7fMTq(s`$NT#!HR~?86d&C4W1zmgXqYxhC z3S~7Z#zgO6kutDlj4=uq3bMQjqs?nDN5i${t@=kOA*r+&!;W{#sSJy8XG9oK>{-!pc^RE2X z$GYc#euU;<;Y?OOl8d)jtWiK2ZauvfCQbA7=%?D=SST;s0L`$xR#?D%5PUW@GnWA6 z;)#2rKf-k5OL+s*T27TNgMz~Fc&3MJKIb3sf zEzi_NiG4q(dHz8jkZeS+A_BB))OPcsMyXOK%K zgdC!On4#IgvZJfFNzcfb=MC1^h*oSUQfhp4@z3hR?)Z9_FnBr0_Sg#hB7DvWH^vfI32+i5)<_l+1kYN+*zS7X{ ze|L*Z>8WYDPKIWirDoAY-U^fph;-3{rtHCtLZ^gTrBJT5uZcImx`K^AwUa-P!NlWv`Z;dR1V;9UB}erL zXiHGYN~nn6iy}(iTZ3NQZt&Rb`*J?f8GWT_ z$y*<;=VqO6vrAhW8X|(K8!d~3{l7SQ`ArMYGKyIlg|zeV{bIF*8?U|lASk+PR_*N% zqHcrt&u_#N)dKkD2m+j(;h|h%QccX8k@C)~ajvh|*ktalA2@L_fb-!FMb|QYPBJx8 zX@++!_3CY6V(qWURV$n@XY{ijpN%W>nIMn-iM=VaNu3CbFaRNiK&NR3AnxYRu4nJO z9ZjokIiDrH1GViJLzcA8?TbCRhNgO`>||ja`?OC$mi+s-fpsdOSyD+5=J?x5mtIt( z{EPbB_QiJJkZXcvvt$$S`~K6Yx>Z>46t%Z^JbBH@JNCTwtnkyZzR*@N)hk&m?zT&p z1_J0#=AF-!g2`$O%5g2up~EnsRV%nS5(X@sNs)BPb7>ncc}h6O#Tgas>ltd=o*i-3 zae6`cgM~fkoCl22i7HEK4F_R?e?LZ^8{*6+D3)QCb1?blw=9d}V&`o)r9)3UYs27$ zJ^(qQ22;+|T@G2Fe7{&R5$eeNSV=itGF6uy7xfN*?T4J)?XtIOmK~P@QwgCDtZA2L zwO0K7w9Q^ZA{{689amIekNrSpRqKj7)2$_=k(VQK5DgD|iCDEw2_yQfUBH15j_0+s zOIq%($qS!-^B_p9{bR?wn(dqMu!!0r;A8yji~!M*$xDkb`p+=BWMnLuL6!D!tT94F ze;*kquM*1oFC>Pmx0hRP6^XT8C{70PyxxoS&H*fG)N5TY%3P0IxADgxFV8*VVh1Cs zHN~=d86z%sk``~vz+(E<-s-GB;nr@Wj%$lG8fga1k#SFTyP#w9dM}R2eYY? zZ{F)>cUg%5?Nuh_J1rGGXa(Z0Oc;6fH_GoIsY8_{L^8MXdqaTFkiE~krTnc6T#viP zHOIi&9H@5|A@hsP3Nm)qptoCJa#FB*Dj{M z7F`&B)J#vxUA1If>eUm?uIjCiJDDS#8O6_?Cg<8>b@AQujAFl&fG`yK+l-HP$Di6n zI(z5My59dT@*aAKM;8p!mf671&aQS10dhbhu)-=<%G;rMut_K57m{j#U|M-MmcaA| zw!4ukQx09kRiEhpw4xg7KXBZiIzHsLId}d|RIqr6gIYiq)Fb!jpz?m!;P9k3+*#zw zdl5PXQ^D+YQ6Q1>bC_BqV;b|d$c%GJD9*7M_xOvcZc@$x`M6+T>+w?Afh%!JvF;s^ z&{zpv%&v)Bak{KYXaDUOd?Tz$MAr3jIYSkfpGaiuX2WHe`#k0?~$!qaA zOh<&PgclRtOyaHPRH%1fI3YtEy5H&^pCHw8q`$a!wq7H?^aoH9I_t~cd@J3lMc7l! zOgpEdwWgo==ew#@V57+7XX;*FttfTg#$iZ!V>Sm@vdw;@?SXPz_nZCAwq?f{1pN-r zl1mjveSWL&y-GEi5I>%#>6*?LLV#2F5;y!CPWUrZAgl`beIWDaA3ne5E28us`yVjO z1VNQ4KIPn>MED!9_$zkxf}=%qByaeIJOGnLLYjJwSTx4Rd9S~|Nr(67moNPr>eEXY ziiKAYt&IKPFYGNekAlm2=>zi>e~|}3&WEU84ICW&A{+R9{PHSe~A3TD1 zxnLKiKERUd@}MVDUMt;2viU0675w#`yBA-Bnmu>(ztPlRZ_HQx*vdp-XvM8yEJ&EW_6m(X0;K6Kdl;J0ZaIL${E!N_<8Stv;YLBwfXwbh|~MT zXi^+Enl1UbRHZG~{RJ+4{u}a1#!Tc0Uq5|^ndbJLxYJFF8ecvSAEwzSrWygi{d|03 zKrhpEomQRRf#jI;%lF#+_oFFtCY;gxaxB#dqv4}8fBgI4su6UsTakl(eG8mDat2?2 z(WFTKf5s;!gF)c=3?RTRmDu$~u*$f#e)rwpo%?bv!rH0JnhBEO2;q`R+)jT9un>7K zz!P)F7&)mf0f2#P|3TJUul{+tH(LSq6f2|Nk^=zErn*B439QmCJk&y%5u0S!U)*%z z$A5ecUj_K^Gl2dQq<;sE@OT&=c?zld6oEan7;BDd0;)oy5d;UvmGIx~qkU;!?1Xd_ zrLPD5^{D@S!hB^Q(iW+V0n=tm9>_PXm1h#MQui7FI0t?ck|zZd=@!7i|9kzMR;9K1 z(H&rJ>8V99PfXk=8JYb{?(2l-{Ez3Jd8_>*Lt1K)qzGEi)hfje0DczGzih%J`$iYz z@nYKvFnnDLsI7fdy{x45MFK}gjHrDVSnmk%d)zGIc9%>Q_SWy0^NqN}EQM5IIx=%( z!%^cPPd?gIw|%6|0({MEGl1U!VN$TR^a zVT(&sevA5W9%?&FF}0BbN?tGrwA&{bFokCTvX|*G4|<|p$V@()gJZ*=2EAtT=1i7h zAVCKSGt-kt(f;Qd#g;oyLg5ql9Y5Z_X_w?Tbq;15g!>5VP$$O&#+0Z_Cwl}~4BVgZ+n<%d!wKlfQC{r&HVtP;P9dw?^n{Gb& ziCZA0WwA8cR9^a+H1_914x(HR>pzc6AEDLR^O4;_i)pGhM#gi=q6kp4(Z<6fNg_L-8!xy}G7@h5izrJ@!zcQ097L01 zh(Ds=f11J62U{ufpnD0%YDNW^388GQQo!;Sb@-Or51^K%mS}CTJ;k%60zk8C(s#jx zxY~#f~&~#J&L#{=4~+K1KdO zLH+89Adweiyc{p04t2euml)LEc>e+r5Pq6qQ%G!?4Ltnb+YH7oSK3bY0eRvnRH3eI z_05wjpTaEGURiO_pW?4Bfsw(U&fopRY&N)k`uL{>;9Syf=(?@9K-1@?Qb9>ciHqGT zKn*ft3eVM&p?p6eXF}Ip6sDCdFDK>k@w(UUtey3uM;`&?qPA9~hKrJ7VZJLD*t~ox z?I2v0z)uDnp8$Iv0SW>ymGDq)JBxxK2E{k zZ+@hnsd;JsXev&9uyo6Ou_{$Lr;2cCQSPAE#Dxq(s1Bz&ul@9^uYss) z`f&@YkxL{7%(_W{h(LE=aG8abk(UUq@uFm3ns817qdiPIKpYwhn?Mm#9g)MC|P zGMuO;3*7IHo}TgB->ysKE8GXMD%ST=IgAAjH^1GC$dN6n^W?p##0W4iQ?VUj&0^?S zCC@X-dASI~gyK;E?H>H)8>@^&q~F-j|5q{WABuUsr5FljSAHH^LOb|&Qke6ai{oav~fAgDt z$&-&oL5iRlgxtQp*F{VC%R95LAG(74rT7`VY44?dZSUh&|MPJgn!Q^W@MB->7c9X4 z!M728K|M~CcdEC*v~7dBkc==I%E8V)MIh8t*x~#4Xlcmxe_LSqyC4+K7f}Fn_~<2k zKHaK)GXDn*A&mgszvN*Wm%pz?{N1;-Hqg*lKf#ag%7+M(3yD01JwATuxP$~9O+XxB zt71jaq*)d~`w#6f8&4 z)^ASirc26+;aux`wDgx96>PeA_6t6Q)!TL+Hrd`Quvszh*Epuk2dYocq?IlJLFr*> zh~OZw7CI%gs|W1fzd8wy@=}J$E|QvP$*-SA{Bqksy*a_Tt5QP_LJloxYjnM{kB9i6 z(4f@8xX7F8;HZ52dnA+o+jp>K8bjkKt;Hw0a`Ht`he9PpjGaR7xnhj2R*+$e_gM#T zNRmdOLaI)CkX64zLloMIqoBp5rkNxgyEzD5M=eM9o%IQB2(HvPN+DfL+awr}P5if4 zJLdcWg&Sp}*8@JY^MYa0Y>E4juX_C{@kYV1tnw@yootykWmZ%or(L&xl>@ zXpEXK&_K?z%LI}vA#y}gs4AiFetz@qErj$9k_rnz-%rg6mVLMz7}l_jJK6K$^*ugi zy|I1xy(I8_UIk+uz#((U%R^2r{8NOH9igjy{-H~of`%pMJRxbc@sn+4$+ApVl69l_ zHmf)omOAj07m~c^r*5T)gLZhw9CTmw7YiY2Ew1zp9-*1sM650Hy8S{}o9~eotqo$r z)b?ddw&<7J4MrWu{1&8U-q`nUZJr!YIYab9`SrYl>@}_Q@t=ltjeZdH#K?<7Z0JTx zrtd0J3l@NcMapaC<_0TvymHP~yLo|Mgbdr4+yoT%4(sL{d zw}gAs@Q7bPka;*6iz?=+tjBDLY~pw-?Twa1y@R3qbOwPL?aGF}2G6Kw8YU@Dv*P=A zdwKkK@kfEUB!mw+7kHr?61TGgQB0WgK`k!Pd>rl#bIXYMQ`!KM##67^8tg9Vs?B3BT4*lIOqc2$O!z%|Zq9~H*SlofrB2M)jrnB;lsmwir`2~LOMqBLE zr)V7PZY=)z^V#Fq`;q)gmG6w7^m`{vAk(927`gHA9I@ZPEVj*X__ z@7@D_K~xw7q0^0h78{y?!xLwcFRZ09k`HoMk?evy&T_RI-36C1mxEfIt)!VVA25bA z*r#hI#%(To=wJ#)@=7T-)6Q?}nTCr9kJN&rXKtpH0FSW4cVsyT*UXPD=J7SAITrSJ z|MO!web;nI4Rd>Y8J|F}fo+#Azrb!Rxn%2VdyZ4zTSRf{UJK zX>A}HF@qls)O=DKcRTL+pd|BZ+L8mJntdd-*~QVwv{G$&qjOkB*r30g1s|O4dGjKwAwC z$nJa^NgIHIRqe1joT)hMa0^f)E2sJcjzNvO+g;$-jbui7J+`tiBctg0>$`C=QXy*o zR$;Ynb7)8H+w#P3EQMs$KD_Vd8W&_sg7mMF{5Ga6U`D_c0d8BI5tym8FksSVlee|H zA=~O*?@$v=Q^HH;3;^vZ&d7JQJ1vZ`T%WARx667$&?F&AY98>kQ_BGWxZ~T_H)?in ze{pe&phVY0@tjEPmH+ zngqAvcZ`|sy=<}`=lh_8vOyyD<8Af4X#3+GYoypV-7i)}BZUpq^=7?@1)m9-CWyR! z!f*D2=tq2l?^<8e&^CD}ZJ{NAs=z0^6xHeo$9ahbl#w*NuCgTk~N>;OjMn(*_#&_%BudZZ27;%# zS$S%Qz%&-durGBsxTN~xmhn35@XMj>a{Vj52r$ZRq0b8t@M%Y8KE$vWq26Y1Q4G;JB{0Wi{%ZDWa)u7Y;KMLOG}e;@ zt4Ly1A8SB@LRT6lILEaFe>kiXR_2=^$%MeM^YJ0Ozt6}*Dk4!N4AXx`VJ@l7 zMujP?!E}xZ*wxn4w%1H#9k;?%y#`VWD#=h>Dz9rv`jz-5fr_6|#dz$w_S;UhHpetm zV|ahOJ#Uucw!xI?N`@8E`KLZcSqmY)Jw>SbFt_f+U-U9m|*-h7_sjv^9U+qtl90{(7xxWSC>`&DbB!#vytFejALGAig zwb`yzMSiH;ayeG7qKZJ!)5JN~P)b{7CKuOHaK#lCsVb>Pcg7aAAiQ?*aE!4r-bU96 z>QL;|{$X!x*cVNpWWCM6zjsM;ad(&>n5WSGkp+>(Mq=}wepsjxP~woS{{2IdWlIF8 z7`SY>5_*3nN}t#l3puol$EL?TR6U}lT_&}s%(1&r**G00x2C@YWkl{u_XUSZu`N(1 z&6g4nGS}e`kX@V@!<^?^fcl?fl>|)X(LPMF2GScmxNvk~2H3wmu~0Nwf&i>XP9B;7 zmuk69!9OC)c#5hfQh=k(jd=63Bj&9M0?&9qgg(m+ag4@>-(&N4?UU!^7nXWY3~`4% z8fc_;AiCx&p3}aXAv;EoTXq|TLPQwEWqz8Q#_lc36!-J+WCf~MI#yzm7F!HxB#*-r zuGJCJ2AgKNRK4I^FmBMeGnKrK?)~I%!-z{75ID* zFn|5q>$O`gwJx8^Ygand%9BZ8dwc&p%tcW`=w8kXyKfE%UKoawGi1X0HWzA#=H;OSswWHxZa2)346wOuDHHv+1sZ2G;;t=k z$A%327EB(dbMh>$29}sJ!Pt|;q@dE=K)q2FGveCAj17gpsV8I$&S4kn#*s)k&Yb8$ z+5#q`>O+g}?67XIR))(n%&A2PsZ0uh6wb-qe&P*0ucE7x`4(510oK{p%Qn)AuJ9V% zTf~#Th;v1^!ltxcRpf6p2?-4{^AQ5o47V7%VB9f{c=5dF5X4wF_GX|dPhO%R8Zj%2 zkSJ;Ko|nb0l~t+vHF9yah{?Qb4pcK6H}(>8OgX`sXe0DTj@ZF$_QCqT37f|S##PD8 zzGP%NjkU#lDD$e^D<>Z8TB0bx-k$C;kCxcV)~$wLH*5+hhhmvJm6I|y&bh*OUlF1^F(iT)2ts5XgtpP5ORPvt0W|Nyv}C@q?Uf7# zd#b*%oWtH_u4sNv@!dA?PATGm?n-~ig0(7~zM)H}9mn=zcCZ{bEL7o~av~9fcy%c9hgwpY8Y`Bc zC1&42>kX-ZUxWSDx#BzsNQf!l5j#Ij0#><`8rG88vys#UA+bTbw8-oLNTJ2l>J>rm zP##E_ZvMRRsYu3kQ)nN)vp^TNeC!x~@bJ}8Y;-Y;L)ppdQS()%uHja*F=WE|vYjoq z;{3#< zwQX1EZuC*F<%K~`oI5|$N^4_SV%Ow5_^+d9UJl*UGj`RLR?KBjV^{F28uvaU-|Mjj zE=Qsqisb{oq#@`-9XG{=(%LLCFB47Pzr{XE2J)f(=)~pf5sreB-nDM4WqX0oJMYgG zn*OO?xTUNaRV@;zAaiCC14biIZ9Xapmoi4Ly0dD!D<)TmIx`>RUJ1p*NCzF;OTUan zb?4~C1h6lbE%wiN0`y=&jtE4~zO0dCiC00raZTQB*jy7ZTr2M%FqYT9;$C2^f6G;A zoGGClq-HyAY<3G|GLDBW0s$?ZkVolDu<@N6maN{Kubgsj5HbaGCXH^DXTO)A9$Yu< zc7-AoMl~HwuL>Q7V1{R{j$`MQu~15`SVR!X9wu0ly;^NT+J?(d2pBzsj%cRK0Q3cW ztF?@Nk=U$gocT2GUTe5q$iR=jw&91aaIv0OeCd?Zl!`*&tY#K<Ckf4(kH}rQSbD zQAl=&Ob~>_&C8GXQW^Av{!n1~FSt3gTN=V6dYQz&`(HtPyZT2ccLcj~?1!|>P z655ay8_)m2zmRL;iJ=b)*E+MXlrN;2;~HJgxDw2vAkXGA<_UvR2IMFR!g^(q$dc)r z4oyh6O`#kyaYGQ8Xd`hi$a`Y$4?s_N{`&ca!et_wk@JlgDVDwqnijqD=7(fIDmIkm zCqYGHJhaTFT5ze0C9_+4zr}IO1Pl8Od45z*uDg(5gUd%Ji#dSkSGZu4uj)+*i z=}9NtYNJ_qwqOyhPh!<;6I4R^IpWT7^Lj~JLyEqTV`N;&j#;Y| zVA)-0N??9gTuf;$RqiR(`ILZ^k(SYA+=jf+r<_&iF?_Fy?WYM#H>rVqc8NXP=OwsT zIu+5D*+#-)w|kGENF?SmRE0aR4Z((huPl2;d%G50m6^|#c_0|iFFoUt*>^=mDI&B! zjb=G1XR9bRRK11t;q$8e<$<7Msk6c+|>)#+j+mkv%k!;=-3oZiZ>FPd4EYq8>9@<7ply zS!Zyj@y0}gv!;%DBGikb=7-o~%%J^psFN^FgvKI{O>EOcNWIxRfw8DdnilNeZ**DB z3(k#9m`Hh)W6Ik0f`4rbVG|Mj^(8OHRlI;KknuOoSYfVGBy*En);0QGcp=!B?AeNz z(+(2S%h_*p5+Y&eHr9J~ACC{KJGTu=B=N}{Fjg57!De+>Jxl{p`&>^Zl9gY6J?RD9 zg?Y*U@J0;=9!o^^NaHv8(ULlP6eeP}iW0UGfDjWV{jX3tdIg#b1FcLCY*xYBr-yYX z?!$is;fiYVNJFwE#%|^<#G{>RPsZhx%XK_y@l~&H;4EXf+kmqJ5CR$BDhO`*YJaf7 zfp1!cyx|cpt|57>nqX`E#u+H-#}#6R?Sey+H25jKAwHy0-)eFD{;n181yI$t+nBhl z^0!l#|LQ=yD_Sj7QWFue7^>fDBRh7>?EMkW=VhX1!6r-WBhiKqs*VcKw0GkO!Z9^? zq_u~#N=3+{+z)jj5zAn&Jfw*(r%_ryvI|Z@-I$aEu%u3$(|roedD!s+ ze9zcMg?Gvcl8)_lYM!Gn-#Tn1rv(Oob`DadDV=q;ssF0|aO-6}@!7E$sbG<_x*+W2s_fU`@1*9LC&jc`ETk&>an*Lu0X^uuFcfO;NPpSeerBC&L%?BocB3 z!BAgA*=91O7E~<|JPzGwY-_Z1v3w&) z3;q&fxPJ*Tl1?`MiWfNP-eZ8_dU{6VvdUqg5I8$QWum)k4wMdz7R!*r;C>w;t018( z;`h%o5Q;XiNU6*3T&OGM!&#HMI5FGHVMpphzyZH3ScRm!iR}WCW_2-FMw+^PTpMuI zLIRx8k^zSnwui2wCz>mb=~BRi$AAxJn6gKTp0W@Mm#4m#^joB~!3t==Zb9^tDD(Dl zf&Ds{^oY9W5Rid834*(5i(z~>vrwaX!&?EO2ObPzVBwVnExedsqO1y&=b{4~?2*ci7JKKoB(Uendh>t+uW*G%) zL~zS4*sWC;LAE}cp|EW|KZh86&26Kpn<+irUlt6~3q%@9as&+t@-=ta?kh+?y3CwDcp|r*Zi6)%7V@FCV~rff+MpzMp{Kk>X4+N7QN6y+6NBF zt!T%D8ltLdWZB3CJ!1!LeM7;xo(zz}vy1G=hPtobJioJr)D)@xAndm8Aaer5#tS?* z?S5d|E&p<*474_VJb15M2^e+j;scvSqDR(z1i{5XQ-9)M>+mlzSOapIsKb^wtV7`h zyovX!C3eQQTKX)}Pv0*9H_x2u`p@tSO*+E)uD*xc&g9QKcPpS6|KOmNMMF3YvnV#{=eG~~cu%ivdEQ;B82Y9RSs9-6=!bV0GH zGHY`e)^FZs|1vz3-WismPs(+5eN_wH$UPqW9O71f4sp?>V(?d^MJ)n3QpX-2(M(|C zTL?Dj9@cNr=2tey2b>V{Lx?y>N=MQk}wjw2wI{@4Qh@t6Q zH-F(Q1gw$7iic+mV{oAfrT2^g7n6C8S8A#9ew#m`OVEU{1eaUAgytXLG4pX0T}s*j zWvXXM_JRvDCotXvV1XWn;SeRF0&a>q8x#RBXz7)yW}%=$ecV30)%;O^6W;;QRm^=( zH4avZ_auJmI}eSCihZxHq$+bE2;<6$(ByrK+ec!GgGEmEFn?+&n+X!Enf!?FWzMuT zEf{dDmD{E?d54y%F9NJVdwHjA%LoF-nXexH>((+2u13%YNF{?!zdj`uXXfz>hB-)t z0g1)odHO^Eb-h?8?09N+6rWyt!`pEXjFy`&W0UuhL>gF2NMa~gr?VxpBPWp7Z`|MC zAF&rpk2Lx_{4TN&KTW+LOIjLhc?t&8ePiat@FowD5f2jv1ClCxdi~qt#HPG?O|&>U z%R3jVJB4u+mZT!ebYlY<{h0@~W zwm&~-8OG1e<^(jhq=NXRmObhB*`dvy_BpKR27Xw$?AOn(|I3(qE~Zajq>DJ}W=J7Pb7$Nx0ZY5wm55UiHnK|5~#n15RJ ztV!G7+q;0LZc=Rf(hIryub59i(73aHpYR0>07Z$vwXpZfM&H6SME=$*{wu5eYb_y- z&%K()|9pI}`~Uy()_FYw?%tV)2icZFf4D9G4K9I}-?T=SNy^EhO`z)I8w+TrHbI0E zSp^lCCQ7w8i{C6b8!klrHUfw=TtLiO%7GWJ)taIsF{Y(%gk_GP35 zkJlZX05Qw8|9m%q3_rswa-n`)72cn6;hwZCU;m>coR>@eH>NT+TjTlU7Z9cBa)7Tz z0I+b~VPDEhOc-e-yMLi))HxVi!|jgNXITK*$3Sq9ctJBVS9LIQF76v z`oZ5juJk|#K>1#WL1QLDR}G=8^PFM?=FtMtxESTwUF6`~@m^d2p!0TQ7J66J~&pG8J3XFWP&92 z#q&)U*OU{Et)I34wc&C(^f=Al%*L^Utzavx@xSN?*AQ!E?vU z1oaF0Ee3TE6rjEz7zXg}mn(&sB+oN_6|S~U0MJEkIr%};_&D|PcYUC0*fal2s!(L* zXoOnFa|2EU)ZZE>mO~!-9l9Fo5CF70c%bAPb9w=^8M~PPtLm}<+();tqnKnw=h5lo zhu3ihrS0afFi0bEXZtaC(&R_ULDyd6v;l>sx14@9G%jxtaGU?9hyFKhUiP$0^0N#6 z$1O94TgIqwN%fydbU!PPlE0nJo(bUXGBb5Cv-(GFwJCxenGJ%|00t#b-O)coEQ_WZ zb<@L2@B~Vq8r9Y%Wep_!iiX#RTdfda$wMj&^d_avS~@2Sk>cCb&_j9_6jic*=In05 zRs?&>GDKYMA1~#FW6`oEj!2fc_X3a<`d)>!b|q*xs!{zx7wfEi&!i$h%VpzRuYa5} z=o{`xL}V@1V*Uum#nLm2X1Z)590sLgNu2(mL&r6d&~EV_)qTk--LC+a}ae-ofoJyHgXdUuu7CeK{r#7 z?9g9qEoN#ctL#?ESoYmJSGJI@>24N+b)UZ@^H z*Aau*VV?}Ss3u#^VaJW70Vq?;Ql0q}(y`@QG!-fsWt(c(|8jc(AIeMK1^9izCw-`5 zA*0L2M`BC^g#~5|w1NwZ)I1tv-!_w>vYJNlguPSY(h6Bb1A|xuy*EPk&|;10M?>st=n+4s!>Vx$>h zQDaIYxz>FISc_8`KPny&6}~z%H&T2(r4eJws_GA-R6`Lf91W!UPkob^%&yH^6(mGV z;r#2Y?4i34h%WP}nb14vb;ewP91Nhm5@uU%xRD0z{2YKR8{V`5&E!!=p1WfYnOVT z(w79#F?EcY_kdB9?^QN(YT_abYaakE2|pPFeA4m)U(m4dyGm26Pq~y=5Zrn94!W?x zvWV`=Y2MmU0j_7;bRn;UZ!jk?FIGo~bQ#SfjLX~e*Ws(7uZ5UL02}7I3_)9@xKhKN zu4`D#vJ~MW$!vQ@n-1duzotgW4ZqV5Sb4Ql&)Gr(v)3SSc3fMyl-gx`q3EI#S+or(Ji>+4Pa#N#-2AHC<0l!0qjwcgA#G z%w2tV`l0=*Mh(I}1r46I#59z!fj(2p?cVw1Qr`WM-OT+h81m4$&&GD zg^pi0>n4z$P9UhGj%@_>A`3QJBW#>zl2V(nB1UV|ux47IZ+ZWes#suhc*qu=>zb$} ze%L!deBlc63~mCV2PV;HBAHnERC@eb0bMB8RSgcf5fu4rJo?6@Qi(gl>o6NYKu#Iz zkWUe5r0Q*GpWFE5`hZt9=yV#xJTn9d7V-oOkh!KxYIjx(WL$Hz<)Ei|+;l+F7QMEx znEu1nZNZOW;jbf=T*&WN1ABof6yyGjQ7>_rw$5rN@4qF~D7s8g^eLD!D^ zaw!|Is45A~APz4sxA`9Aj-3_!8jkBlvSVQVPO-d1Cmcca9WJS0p_*no|7VCw~MxHnAwl42b5hSH$r}_ zUSBwmoY*^E*d%8;GU++wW#weho(Sr>^NK#@-PE1^?3v!_g-{_#l*FF$wI3s~aTb9l zg&e~Eih$P08Kk?0fcOdxkjBz+jCs&5Ys`)hOyPKn5Wf(I)-WLr;#;FYBb#G~Sz7bF zWGe)WnjqzTxqwsIdMsT%_UdAVW6k>bO8IcG!=k62zsX-o`wZ*^0812-d+j0b_4|$H z9Y0-HVB4qPf&7>vvCFpS`6>Wqio|BhL05G1aL=M<@}Z>s+8}`~FT7U*M9bo0D9Csx zCn(iOtVs22G_1l}wxKLQ*CD6O-q6rcI(=qxeVEP`fnUroy8;povhBc$$0RnIiXhlx zOv#skAGb1ITZh~%MLniWF>rqu=|eJxJDy5VJj|t|vul2^09uE*&i{po8$y zcNPI}cI3kzYB}!4f1IQ8$uvh2};q7G95}&3k)#hxt|4Eet+M zkX+{=xV6Nngm|CchnKe`-5F_882otUVWM|S#i+l06>m8;YObkS>rg^bFSXUsbli`A zb9-ys#IveaYOHQ$b(dpz$j1N1;x>>t{;+ld>$L|ggW@xiX-WP1Za-2<5(P?{)ym3^ zw*xFxy()_DL(P@R-p!4;>f;5}EtwvcPnT$Id>iwt3DT}~BXrjXcKdredfh-=+2w7N z9ENVp>fHPA(4Hh8XT1Vh3a!oK1qHae@B7Q0F%bGik3!`wV;k=S8@~zCzK8;!F}^ee z0+B`NhX8U3s#9kmDxW)QnhIemH^MdqH29Q;Ay=p>YrLc~Hg}Q@iAv)vQj|r!mUvG4 zo%BC7v0Jk3Kfn2sP&3YwL|!UgXz=%+!k^Wm zU%Vo(y*bpFmkq5jNpk}VX+@BVpZCA9HIb;|waq05q#Lf9U3f0&(~YLkuDw*VJ?F@c zNEkl_m{MX%?=R*_8A)De5mt~BGzPB)zow;Uj;w+(KV!@l54bT%k*peK9uK>U+ko&v z69l{wIHGjUuu#onh~sGxJD!X($A2P2a%6iM#^dx!T#J%CGe+PEWs*xq%4xXWhiP}1 zH71)2<=EmnCh)?Y8V1#TxC-MvtaNd3Ut3S1Os6AKGjn@O#@k`jnNf$UaTlsnTL~+=s8H za)1#%fH?0d#cZGRh;m_abnh=19>~R)`$PW7Mj-r}>r8v#Y_A=NR`&Q-{wnQnnFqAHXVY(`DIcy zf`nUOh~eJe=&d!WSODt4Qy^rdnODK`Pg5$D%t5a$GEO%1re)-aX$C>QJQ_cv&`_A^ znh@OOh2WI;c6o4;^iNW|p{xFz3O>~0H2<}XIhD))ZVP+^^cdj&@5AflLdp16_tE5- zdFslrpy5*gj{n-cY)|MC@#xOx(4|ysYm@5cn=fPiy4y2V*fcPw7SlP=^hb}KIr7LQ zfcQj|jq65{D81w3f zyBYBygv8p?dj7$you$aWKD`2i2;Zr|UglZ@LDC|JmPghi>-J7hvaG+K+q8WP^Ni6C z&OdZDhMDZMahF?mbFOhQq^!N1sGu^}NjZ{DwqH6ce1|u#q*^Sa>{|R3Fylb8EBf7vqa`7iK4=eJgMGhbDR#F{z15B;~Y8%|Gu)JY0(V zrf|v$KzI*IE(|q6FXJ7ZQyUQBS}BI?+MDsU>+$`|AVyHL*eCt?SHqoh;Hz?k3|Rgy znJ4j^&C#&iU=1|Bx9JjMzbCxAQx+Q%^eJR)eS3HGyQrTI%?;wImwoQ*SIG6=U=Vm4 zo!cir>`eG^o8HjPQct${?4|@Ea(}pHjit4D+>x30N&fU&zk8&g3yw0ZaPuZm*Fso^ z-bPn%n=IqTN!4E4p^eVTZkt8pL#c%4E))^}lB)IhTFL0%pBUNYm`Him1Iqi8|74YHB5-8ClG9m0R1?$oRD&iT{Va_l#;Xecwd|QJA49Ql$#0 zC>^CYQ3O=FN+%#7N(+cU0--u0Edq{8k={XRh7w9BDg*=sq)15wB#016i1ZHod71gu zv)4Ln?GNX}K7ZDlS(za~-lyEp{ap8TUAMaNc5h)AEYf-WJhRut2ChbW-h7#1Y&$H- zg*;sTzSAl!bTJB9X+%UM*qKZ?B#Hg9Sgn1U$uX^NVpPA$N>}5PKN3zTOQ4NMhRlk0 z8x+OZUl3yvxZJU_z5nrbRTc9>NR^B2D`MEs^cyXX5f;Apcka>$IV;@8y#KLXW4kU7OhKk)+jy$F z#$&|hQN!_@X;uv2G;=>;nis#wYpTAVnb@Qm%qPiQi?cM$Z2+`^lqacdZ+8&0uf!4xP81bbnP|+WhN@ zEX#La2)f*aSn0EM+Y?U)kLp~5la52->biEETD!A0-2cR!Dnn46EtCXwC3>z&=m(+>1Vb%?*W-BF%lZQkPH5NS-DFQ=jJc z&-Q!2&h7DwWT?^Aj2YBocaF0E3Y;rI@;5nYYI#pb3*}!a3b*lk9}ABYnsN&0;^nU4 z{VFlPST=YZJv-i1X(q4Wuw}p8GHXu3$Z$2K>OPZ1ox`n-cvPx(+g#dSs-2vd%pRuQ zcUZaSF?!~M$n0LQOP-Kqgi$VIzTX7z4FyZ?Bq=s$-uHi2hFdN?8BvOJ12Z6^r?T+= z)qGXOu1|E|h73=|M3A`K%BS0QBcd!X)@*p@Z5jG=Evq+Jxj7@RORdpc?MN?wQH(Ts z>aQ62d(+15ESa0-gekvm6T{F#V6$R&UGDK*iO9j`hpQwCk8I;0Qvx0###-6lGMIVN zIY>Y!NG~JNvqLO9eP7dkcs?jd!tk(r;IRyckbTAJRj1KU4!u^B>4>Q=xY(747%BZ< zir8*OE);KiOQU~%!m22hePMLHR(EkMx3-R{8jrZN8{G2hi(3A5`EZ`gIJfmOPZoB* z_qD#E&ABs+`-;>rIbZ);8Pl5Ckf4MDn#)mMi&p`Im#0jHT=T$=rU%?p2GeI#oa4!S zrrRB1I~|XLu^0O^sy5TdBUJ@GGCsJG*L4*^$bAfj-0{Oobc*i0-c!{HSyjq!tNgdi z2iyjP(gyBW+Z0V;kpZ8W_^anN=kJ?TcrX+Xv=lXct7cZBu4heX8mFoYA<1n z>ZSa^7NDwQ`=hRvJbg6YP4sh0L$shFYdctqfFoLg9q*`o^ITF%-Ch3)UI@I%X|3lgVo_UAKR&#IWjv7*K!EzAk^QKoFYql=EUE`g34M*wuJc7JL%z1k^3}6h zJDphyncLZq+1w*0+FuxhKW^R6Pgk>O0?~la(kcGrH4%9>_osv)qH2_QlaJoO`=%t@ zqoiZBB=o7){UE1RNBXb~77TaOyNG6-Z_7!s{sv1sPdE*^(6n02_~K&d+TSIgMKew-5SedY_v;s)Ek@_9S{-sHoPL| zwjqUb?$+g%J@y#?tDL<2qdSPfOBU)Ve zj)M5rg8HpkH+<1jHu2c4Ki3<1nu@7}@y&&4UKDoRG$kiFoM2!;$lBR%j|*z`#ZSec zb4MzJ2?2X{EUmBhcW(ivHN%zpkHp%IP_<3G@Pr$g4F7w8VPJXy6-=?WANdBfcv@R+ z9uR8RTCeX@L@AZH1DRn@AdsWAVFz`+-9Zl@hl}Sd6!^fPo}ZZv+)-}sUMwCwo^{2& zX?G!VLty`33z?JtdaDHc*LrXO5G?raqV3(f{%|6He#-tV=AG5b4^AH1{uYiJUZ^T+(T(U6eemV=K<2=Jqr;$x+o0o`sAr-ql3l8^HHiJ)`T0Lzd!7`c zh7;f>)oYcUQ<%9aO2cG%Pjm1LDanxsy=rxV#cPH83w1&;_6b)W3%-Q8p(b>;2uYmGPc zAw#{_HCm9HaT7xiF_a==CezuD&-EDls|h(C6XX4h+vR+wL1%tz;f^vBj0}N5U6iFV zXc;Rposp?3t<&d@(_4=tue!fBcJXh3$02q=; z!JflD@;h@tXQou1%qmjz{_C^;}N#Ohqs(`E89 ziRulW7_Tg04?lMlqjqE{x9Ig(-SrmLdvrAg9_x`MdKa^kkfGJ}q-TG!uXJguh7A@o z3=u-sR%(kSBkheG#3C=Ul1*O)p7R_N4!WPVHQ1!dr@JA!hgf#@R@`4JkhJGt4!4oQ zWuOv%#~5b@cMm)&E17yR+s9*?_703HOTw5jOI5lFk4|k;jD06+*Qgn_N@DL*o(s3B zwU;SjNYp94pAiYVi7W>qD?B~b(Ql3p*~99Mpn86I<`8Q!pt0V+ec0Wn_tFR3MS=a@ zmi={4fbi91iABzTn(P43pt^C|+7Q;$dR~6@)M0mk&2(!m#+WFyK44!-V~QBs5=&RY zFaZc@=ybN8;Pjb8Cp1%6#ROxe%XkSF|2V;3?8ak(ZqX0VrD*CtJCCXZ|7qJ4s&5c| zSsVUcE*^gP><9(ipkRFzs;1N*z@x;X%(=pLV2Q7P-byC2Aa07qm;HH+TdwkJI~F6} zFx#aL`!P~b$;GFXY_MVy9xdY9X~V{tjuwS%?s@$$G?^dU-M8*B7aQF%KkVM`Yeit5 zoW5QWR38YkPHbM*-rgTw{?6AA!4(d>`%e&GrcLrL+Ogl+CEuE_6qA9CDwT4FIczWV zCT%hdU6=;|$-8s&F42Acl|Yf1G$k9vstpNIdp=vUtdDg9G9NJ=K^`cOPGFVD#sXuc zcDaJh`K#x=MA>i7$2}mliDeJ#)-v~TQ2(g9dEbz z<~dDqi%5^{--`0*}A*(wx9C5&%v}=!Tl}OAn+T# zAJ+%F4iq!>l%&mfDN#vpn0tzr_774X3koQ zry`_BZ03D2n&z!(HJ%L4YUA$!=fF)@drXe=Z`i(dvR%uX*w^a%V9x%%OV`^kkIVh% z%2-QkL?fy8T9la7(e59zlSvsUV&#q2o*yJ%#P8=UHnmDt2*X}YF%JlpwUZv3Ps!8r zCZ%HXU)^vcfj)~990rrJ!IzMiYRfmR7?AOeo@PWjSn2fsG^L*2{e|{;xQ!>r0PW%M ze3{N^{S-wMtHI-P93nx$8jREpig5E|{$oBPwO+&} z#Q7`t7E`IH=%DFc>g|c)s|gSPwO`j<4rU;tZE5}xQ1*J;F@N+JZ}5+sr|&1)aLM0w zW#LM_v<_^?CId3x0wp~K>PEbb0Y+ZcE2>-2QgGW`4x8qmoZG0+1@t2Y$D~(I*QA?G zZ170Ybfrb6Vt{a%f_{eoX0LfIL?I9 z){wA(qJ9rcyPbq=GnSF0$WvY+!QO|YKDgC0al+P#HF2K_p_73H?9q}(`S!Ga`{Bo2 ztSgQ34VtIh-4Yyw^)+T>EH87#W#8Hf>u+W$=88&3I|{dK56;9j?BkI(g_GjQ6J&c1(2H+t#daCxrKhZ6{mPyK~rq zxsJ}s8lTQbJ(UZvFyfOwJ+W-;&kRB7%QIHToM16R zC$dsnUiS~W1RvX+cBtE_N!m=O*PeUkT8QISo97f^SrL&W)p#q2A7#JKd zb%D_(?t=b9W{Fw*!20sz-g4MppI{aZT%$h$S2b(3unM{wUbX6l*;u*ptI!eXxwo?! zNAm)H7Z&+{Y#5VpF|>2dl4p<7)p+qM|1*L|g$V9Mf3uSL!?sDI!@yu|?IXv2e9La@ z47w6Pl;&G(_SOwGGn=9;X2Xw7UNMR1FI#|>^!XJ1@8kJXnIR`lJv2IOiNxkUCt2T) z9oOqv=lkn4ZvY$A9FBRsN0G0dtGM4}ORkN7XBpwqWiS50l`P7UlUzwA;jZg`tQheZ zM->qpo0cyKJ;G=dCmkJfIvG4y;GU)aV|!bvDNpyC6qOG1V$O^vYw}7uTj~8OxUpyM z4A3rqxUI|HD;;^NTLOz=zbbhVr0T&T@eh1!*SU!w+}3L{KgYjaaR@^i7tBzyDunAz z#Qrg$)(WSYvKRX}P%XCrqn0fzUt5?b+O_qEXu|ney+2!WBt8GA<)g6Ss^A&(c9t?l< z?ru(G>&Ry#mZS~R5_C<>Gwj8wn6i;@n-#xWjgvAL%!hA{hP}EVnYP-VG?4AE(%|pY zU8UdWD$nUS_VDKFZsDU3h}I;%@H4wN_NwnP4XJVEB+fl~z0o|aIk~;lvgXC} zDA!bgR3#rgzqwq6FR86zLMhH-W)rd15S9)0(^Bkt-cUCqBp1Dx(GZ`Sj#y(cPqX zhcOj{qx9wt?YPjVBibKbhs2weW!0%`E^%@LVVd=*KG?xYHwjyD&l|~LDkx~hu)c9} z#kZ(>cy&*Tet#)>bZE_7_Z`WD78WKS;T#b!`pnWL69UcUSMDZ~*ZuL{>@BNBEiKs! zh8HrEX&j+Ds4^Ga=tc7gO=rQFZ#J@7n!|~__mn>r;%5RyEfeAA9Va_ zkYOYSxAWe-nFAbzhoHpu(4jo-e^0B9O}$vO-d`I%8Ry978)YXqxt|k-7l@jCZ z79)lcne7>g$yeY(!&eVV=4StK;z#}JY%bYtUcP~tpZ2~l+lW1Hi&<#$Twa64We(Yg zh8Q3^Zh7Ai+v-UUHu<+t{OZ3x@s0CmvX62E3Lnr|w!mKeS56W2D+bC+-(Q{hi?O>-w$r6hvt(1fBa|n7wS&ZpSyAXOQ93L zwF`d(wP~D>lUE1RYi_L%5kj(mr>l`UtD`L)`t8zo)g_N1P{h3%*bKOt4f1_amv$T- z8UEV0LLp0yn^*qzo3=i7)7(w(u;A4!T?CJS-xMwZa^@5kx*A}ga#wic9V4GV@Wimp zqyZ-;c(3@=?7yxVX(hte(h*?#;1bwB&9OQA%Z-~Tv&Zr$<_Y^d&MMVJwF9Y*`N7Wk zD>8%2iEI;yAGdcW24jhznLb^uF#f|`PR(gN)?eya5m^(GJA_|mKiHlJ8x(8^2k+8x znS77}J$Yc`$q&~_Ox>722i|wc4_pqxIy=Z-&t$h}x5-)iykDObRBpw47Yuzi_uO{k zADw^p2%B>wj^=;BUL+j+>M~z#Y3_6&0=^G?K_5;}`cGIIUIOMcp5P{`8Bz}Du988( zo&s{VPPDgjsC(eJ1_m$(6V7}Ktj80k9RHAEv}YbH$Qh92=0j;fPsj4sXopr38u{!xaAgMeec`(!Vyj+HDwUTz9)+Oz-QTtB4) z%ZFh|@95A0`nJdI__jkRND49|h2VdIkG)Wz7Yat#P zBJ^Z2&Wbh;FI)tiI)k@YpgUeFs6rfk$$_dPxcTvqfrf*PvygGiWIC+9>(8gD#jm6XY7HhWL?X! zfTl)xRP z0ngE`xgsHi;yecGnlB+65jcy8gkcVJrXIjb(5L4O0&&nVGTeqRKjv1HVG)=)9j{(4 z-v|6oMwZqAyVpfuz~|~kmZV{kD1qnWz-$Ky3+8Qp0C00`CBuDlX{LtWeK8f>3D1X= zZ?J&g0fEkrJf;6N<)HX0bJjpx`VVLJp{*#O4InIYMiDPc z4j<H(889u)Q}fb~%R=Bo+Ryfhv2f6n$f4%2z3N`@g)M^6;xX#=3w5{!d@g@R&{ zB>#yOu#UQcjWWPq8+mGgLs#QwEmOgaW=hCfRTiB8cp5-Su^`RQq<6>2T>|z9aABya zQEHYXDwyN#e+|FP-@^|=O{V+N>RiZd>2<$40dy~_f~FX9v8;lYrS#yZOikR3s;KK4 zPuL<)T*uyw!(M^B!`3Kp;T}$32Np;0SCGV|r-M!7*Sq#-+3dH`M`Z11fe_kLV+}7G z>T@-`)K*)%a39$Ai~|JbK@gylRROM;vJhkjf&khG#lsIFhr0j$6mpuPW3_FBQfOMe2!(6cWhRkLPi|eW&OUpkZ4{^$|C*J z2X_eDAc|<@2?bFwl#5xLhHi4wKctTm2f_&;zz`OzG=W{=7`wheKSf%)Y|vO;ItU1b z82)=ka!~^ojrZ_WyoZA_sw@g>SwCnE3~vlzR`c?#$lZ0X6N5P%<*z z5{_lAhGkO+5RbqM!S8>UnjTM8IkrYpKdX5mAf@)=toGo^pbb`glh8=#4 z0cw>40LEW(kAMG|D^8nugdhXwfnHqxo7BP@X~1XPZE%hCY~jk)WDa{d6|(O0Mms6G zzus0rr3Ww6KSC)PDA*ir&67$$n}3w!)>w>;cw=^$3(xg~_m0EI8x(=JQiALi=x=Bf zpI~)}@|^$tu%FL^A5)4XeqC>w9OdrGP*)BD%$(rKmHfe&a!0MH8XzNWzaIud7avb& zlo4eeGDaN(2XngM!;d0RM7rbh`t_jhbH`?@3!d;1VEA7NNyXHGZAw)uo4OPcNE(VY z)`3QUkH0f;?KpWX zV3SiG3-8>if^0g=mp#EWxMYG)wJGWm{UU1ogPYs6xc9Ly+$Xmu)+@#0RdO*q?RZ=x zX&o$|8-sR5u)7HC5Q5{5Qex9~Lf61S>vbJs`s5K)>*hj6W zjGc#|8K7pn8Ad=6f9Q;|u1>K~7fC4}uvC(Q~ap}h#@o#P1n zB5dm<+ohccaj{sBA$+JYDn7eZYbEEH;+5_Gd!S@Eu1p% zu#ZBFxg@&)tQPsTfXcTuEdxFNXT&oO(>xJWR5X`5cl2oI(L)3dQ|D4H*=)$|6E+(& zc_CvKu=iJWhu?xGC0&diW((!QPay$Vlzl( z4~HW|KVx?BYH%0B3TkRPJUKiSYe4+su+8!4R5dJ*THCSznlw&fr&7_mVCN4I1lN+WF{G!HfZ~8R0i;=GtYM zb=t>UIcMhkfbzv=xNKv82a_UGID#j()DyqTZ@Q83e zXCrNR@Xk^4`$e#XW(-bds{~pga>;0i9VZ0n%;5rf;jXt?98m~W*4St_|?F=Zh z^7~Xu?kT;}1anZJsT#b$J=q6!C2#L+b^vXi#sHs#pQjT&*xsNlMJ)-}4kI~TYw*JF zd*CATs3%OJ4TIuvOa`9N9@^C~=UiS>9B{U*O14M6E`V-Z6i`nQkiTogVySwPMJ*dK zWTqdt!3Ok8llK98x;r{v#L2eCrJEai!gK%rgdeX~xZ%G)5O~mbeH3u}U7%J+h|QT~ zWu;-VA8^>})i#l#d$+3;iTMW?;Og1G=1{ohQ8-~P1}%o?xCR+r63N1-xtt$<@(O76 zxnlQGV+6jztnnRh$2O?ryAcujvxmKaC^g3&th}v@o;)|IVW9ZrhO35wIcagyrh>-9 zaCLY(vjo=Xg=0$fWyT?hv0s~^MEJlfs+h3{43zr8I6&_gK;}?+-Ra$RP7kz_+tqL4 zfybkpddOGl7c^5{6L-+_{nr_KZSX-y`Fp^P${butkoO?d9z^Gvq$whOw;?~5g94EWb|*Lf%`@W#dB^jpD=mtXmMI*$#GK9#Mc=5&%W(>t|c zL^9qRy;sB0ZIzyqsuhAl0J9DynQLti32vE{E`FftR-A~nlVHrMtQUnmOK&7gE9u{( zOpMP>ZT(2|?(GG&Fv^>fa(4}rJuPC)6bs~(MS(yO1kjV-gN*i^$K(7*JIgymD(3;$ z?W9kXPto!rktC{BGwEn8f<&?_<&Zb>+|MI1_^j~t8?$u&Sz&7iI<~lHrT~GJ%f(D* z03L*d{MZQg`9ljO7wxZdFK zi0E0vNlSr|GQc07&ZoM+;V@-}u2kJC^3@h&i=E&K!QaQ#4XZweF*YBwSoeK;g8He{ zx(djaanewen@TVMxW&CC|LRf1%>3YQ;_084UXfOpJD`Tl{vqR_7{k=um_?iQU_g5$waI;0|kE^^8};718t&< zLQ*TRjxAh?@bNhr$IRu@$Bu06h?&Ho9N3wn)h`iyf<_&q6lKEmTd(4uq(M$XR1Gtq zD~;o@abtv$CmwO?&A4vF8>f%C&~1DAf`1#k{>x0AbCHHlVPb{SLGf0W4Y1GWIm9cv zBlkW^8uJ#3$9998p7F~bejbHsdUh)7;FIT$Zn%e-O98;DF9W2 zZES5BepVt(D`sT`rw2RIqCm4K zZmoCp)2oZ>XP-K!UgM^fytv`hp}oRnsr+6b>%4KmJR9eoy5EZBhmQ)HqR~$?*xCkT zy@qc2T&N$9DXZ23l0c<}=mo!1!aNFSol`(Rk<}NvRwdo7Err{SW)?9|q9Vj^54v1v z=`4cbr_B@GwgMe|D7XD5AYP-YLxgV0Cytg!FJLcBq?pOH9ms%~Hv1IKWS;c8?xQIX z>;>fHQ?8)Ch^Tk9y;U)vux<1TeP2A0h+vVXZTm*&`aP~Vj<#}^DDf1Wo02OA#^K9UXQrq|zNIyXvB0Lj|z1F-wnD`2^Q z=l@jqIKMP)+CBudl4 zsclC-1gApu_s#XXjnsY3hUal@A&s-ubTQ1O{fWLsk1;C!u&-vZv(bWO60jJ0xq7C* zCt*re%tkX8CN!M_`670V_pGqS>eTA?3n<91(Oy87P0-9v57f`&dsJjp zfqge&%}zd*HlP2(*gf!)&vPjd;h1&g+w}J`#a3RS4;gO-%YVPd@_G#z7bwd-4W43l z;O%P@Vngxr{(Hd~7W@(qQh0Xu=s@f;!)wx$=f$qdB-+7|DMasF zUyizEJ@!@@qZ#8*GH}=$h-ThpuRHJIu#Ad*P6n;%?LTBZpZR1;x)>eN4f(aaZAc~nQW+zSV_<{sbaczp^ z6o#Adb8d>&HuS-<>)6SEgr@pvB#h3guaz?HhrjrzcSn zkPGYq8rKQ7M3$nKgHJ}x><6Ebw*p9!Y$Yj%p-Al&P9+

-Wy>*SCtWU)==wzbhQj z@z~#2R|@7=GKYYO;Fdt=GpoI~UMW~hddA?wUr!R$bYXq@I5>Pt6l4hefR6X!j+<2r zg+ZIa0d&q$AbraTV9y`b(WCGb4r%~^Oz_xuv`#|&?4-6f{8z4iqF-RNh}2P$(7Za2 zX3CFrrptvDCwX)T(s>w~1LgUCa?6fO_YS~;Da9=nE2I#+tLJ0UvOcA?AaB9aswh_C z6DBL?zTF-9t}({d@%?f0w#FZ4eV*DYeIEeId;PC0NfP$w&f7mtSj!*1rH>Jm;F!OK zu?*++k`t7W>t${832JOvQAJZd(v#1z!3D+N47z#Ys7m}arO25popLoW(Di3OI?WK> zC#W3D?fuhm{a7BdXa!UE;MP}}qRX`#QsiQmgWWxf;2I$Uwynx+=9(QBG1}?vMM9l| z-Eq1+lBpXDlE@WHS7RmPWPPIq=B-DT*O6!8o@Kj3(WPkYX0H;S;DSzmu!rJ+EPTY3VMsKa;I?g6a9;Qe!aKB;ZN70m315C)w*o>?y*x|;o;SQb zLmp46#C9|})MZh%i;zqD337ETR6654TB- z^%osK+p%}MA-ElL{T0bHee;=TlTaS#Iw(r(%?voQcM}@GqyG#}@X3U38mS)-0x}gV zOg5@9+pM_5ZotcNiLH*|os=aniEr=xK}Gm0r(7XD`tyw%f22WC{s%?7@`T zOHF2DI5g@J;)P-i9G9`9`x5Hc)7dVjtef7lAou*{Gy7ot@aEz*ZMa`soG?CT^=RNt zu?4@UBJk-C9gu7E29=Z>Sd`QDMk=r0K(~TcpS%v)&&69gOoy~@ado))^cM#VsA8vG z<^#WG`+}xG%8?@HC&*;5(@yBj762;9u}d1CUtGt0#mhNC?J4qLF*&liMX?AZ&a&S0 zrYDVbw93m#@W$-xDmzO6qSrD5X>DN~lE3v~&fOG3xgX~vKVEV!*fF4Aq>~YDx5IA_ zlCTd0m;wx{E8Mbn6-!jhn7BPI1G?0j16o1g!^m3dPd}k-7``Tp^!Xm1dA)zzb4*Ed zEqQM(rn#k7X3I+)FaGjkk=RWC-Xud6ZGlb z^TZ>AuP47!Ax~C-9=`?DUkcosz2I6g?xMX*7fZ>@D^t5r3Prx6EZ;az_0sewcHb%BAq8m-Q~7%92q)Uo;^H z`z{=bl_X@YC{Ca4MG%e*#rB!ih~}H#C*}ai%BUJ!LPQba88SziyTI6-t^pW;q&eUc z6`xI-Y|Qn2M8X7PS|2+db2XQwJ}OLheyO6|-#yRW>h+kd7%xu%skTNgso^HYvfaPP z5zJIDd<4*0oq_;KjLO&U8wnCGP$3jK?zS7OqXMphfI0tDODWYQ(fa|Ke_%({#mDti z<>Q$Rr1+nEeaOOrDff2KZ0;p=wNJ8?ElENJ)A;?^GZ@oLgJyH+e2Hj%?xMRKM_OC*X9p5(;VpljI_^R=;i5cx|Gr z{pa0VEi_4)%(m;*ewtDxq$6D_Y-rpXF(Viq%Mt1`_zdKG1_IMOVe_EYys{cBygR2a zDckDopOZhjd^2Mb=pWujlEG0>4I>*BnL%}|ne{A2FsST2!EY#++VQ(;L^kM(om&GN zAGU=8jO)3hLkj@%iihiJG2DL>AZEu<{l;?yt$E{%rd~{@;$X*{#(TFH*8zK-N}Sxo zCSD^dDja|@-98W`^B6#Z{Pds=FuhTwXM^3a$ zWG5-#z-QD~^VE=x9TXyVDX#Q#^1l^hWI1)t_v6FVF_Y#Ruegv7SPo^zHZ3EHEZ+1a z{+&(evNplMDE-=kONuX@Vl3%wDyex5G~{gPtwpW=Y{xIHpqMm2$61P^QQJJ-VXM>QukHdGsRU=o<=W!N4y|dG<-^Y{)@GX*Ldh zE+Zc~Ddo`I=)wq>0;l5fvbu{rq}{eo>>OP_r93l*Cwxi-tV~ml%Uq28E-fYkp8C19>HzHc$NoZhA5qmlhs+)%F2l^{ctp6#*AN0w>Nf#Fom*L|Ssk zTb|7&0nk8V`D%i*E`GwUopg8b)P!Y`zmnJKu37bO;fHOo;L4?kHg(@Z`B0MFktb9# zWeKqtd_FX&uz;nzJq++oy@>b(U;%(_WyL>4040z@Q3&wlOG|)C@zOk!-AQG0tFEQ8 zFWc^)#|FC03Om(@0I)~jlL&~*XnQuo6D+aJpx?MX_(i82?A*ynY{_WzRn3*pIt7DV zQ3NAmDZs&+W-uh((dr(FTP{R-YoZi<A2(0 zIuN;NVi`reTHVQge%IRjLC)MFfHZ2Kmg!!5fE5IncKEe?p7ZMP>h7zue4C9Rz4Z2O9yx_KXL>4oaX1pN2(f+$-B%jWURS5#I6&J<&ZRt7#Mgge?IiDi90TCJ)IjQ ze=ZEde%TtG9VCq>+B>tnkV*K?*G!nU&PpJuhz}?`f2*)sU}bjup3mE~wS0DekhIqb zFm&MeQ_e=RNvo@5o&)Kg$S+X*R9rZfAR#2sm!@2?ISLX_>FkhLmorJ7q)Ps7*NBVG zC*z&}RJnJ~UMfKi)b`TET?Se@-pcDPZpW>57KTn*ew7AcFWx#9v?SIrNHB03@5Zm6 zNPu)-Vlu&;kBhXx3%Gw3(%?yBbsZ-p4@&y4(#4hn|D1j z6j`(T@T=lx0xmLe(sPs;?+6Z-(@uG5SubPatiCv&cb+RYo>l|V7|(WHE6nGy%~z3x zj6W*{lSX|!c%F5y@|&W$PEFR0oNQ5(nM-PtIrJheoNxPvz=LE~&574bkADqW-_Q7R z!H6=5_wx}w&)RSmfBoBSJBnmb#^{LDg!C4GkR97##vCBX0jQsyu`R=$H!6*jB)`Xn#W2ifAR)!>Jl3(&SUqwFR<_Cr$~9n>%=_-fd5lH(u&zozuWg zCKK!7075|yaRI~2_Q$0k#Qo9msxQlPj(n>0TYdA7=g%D)xsnM0M zKE8P*(QbwN*(GisqwY3iRBgD8f|N^BKwGp&HQ~eNZ3Ag2&UN4lZ(} zHa7v=+nW8H;$diH9M56#araVVrPZxwQp#E5HH%l`tS{Sjw3}37vU|+S`d>qRI zL?mQ>eUIgNLRhtVE8F%!(%b}ruYO_v^^W;!gqNWuf+Q<*$^sVIv2^8n^khZXEDrcY z63dgpg&vPC^_dV+2Hl{rIce2J1I4bE;<=-H?Qs$2!(}O6xoe!tpWv3!X{@9Vfwgcw zpr1{5=%y{uEWqAVga60;#cHm9Z(3_>u>BhLsp7Y*qeUAb9=Nkf0O8_|uOCI*H0*Q) z<~1_DHRhU?8Q3kcPcVCkiBDe5y;aJ4rpWUn&Z@l|RoGYY$XwM#E;^iWcRXqc+yJp9 zo_C*+;@*%q(csec?>p0wC?5=P3&X{DJOnWH!ygI^wd=_sw!}_xBfl4^E0eFM-%bp- zS?o8yNDnus|$?!%40Ub>Pk(lF6y;)nk&e@;ei*N_U%`I}pyy6Gu!td;M!mNML=G98J8ol4NHA`8)bUyb~HR zb{jYL!z;XirGJjg$w^TASv){RrgJs{z>&!2!`adAW1mwephx8B)t7tw1RRA--83F{~3tx-BQ(ITP)WCGlBfF_~2&pykvv`oL4k>7f+qxtrp z7HRu>P-Vi5bXc#-q#5Gk_*I+22AEV#M^sKxKY&4JNWqRYMYJkOV1QGEXa7$wrBmy2{<3!-kuDi@cO>L5(C;y!jq_ z@R-gc?i;5wNeanv(GH78B8g65o@mMLsL}&IO{<&lQwF@k8OBql>YMH;E zC7UVs!37gMG`_}S0LAZKtcMgH`E0${j8j>x##&-yYP~K}18eO^;FnI$;(=b}_3i+;msfgvs23Z8Tn~R# zt>O20bwRXa$qw7cYhy^J{RfO|Vm6M9>A3k_TT{M5&HOb^76q0c`LcHNnN+ZM2ow}D#h9U;7r3``V z`JrrK@cwisl?|&)XNhu!a-|)yfNp{}y#$JiC7PeO|NcyeAlk=SAkjIyd(;s0*}VKu z5^%AecHDKq+zjuB=o1HDrg7nXFCZpr-sOK7e?u&wvo*kX;Vy9A4$A|c&Qr{EcTW8e zE9n1>4RtmN(6=QaLOVpQ`}<#tj^N@62K+c+Xmk9f`TWPXpf??SPg}d^c-CLD^v>%4 z>~H_|(}(`Q<8dX5!lwVh1pq|<|C{+_?Vo_JXQlAYH^wnDeZfS)qWZ!^|1JVRQCBN> zsOyzg3wD1BBBuU;6e`m{Ldt-h6JntcxUqQu( zLyjlH{Q7mrz;RF5SO@&<5P7*nP-AT+ka$smPj5HGF@lQI>jnQ2Bw*SOAjN4rUzGkl z5+9=aISOEJ~+Kv#80b<^?un5x0ofC=@> z6A-@-ha3a!Q$ud(1JJvd<#u3q{KGarOE7TNb@J-5LDH@2RW_l-=^%?`QW+6_O@x0mHqLj_p^azft)ocMgGZD92Yze z9Of+6Eblj7D6BBp&rP0%2w^i<2OXmXlK_FQKlyM73IN=CcBkusTkU`UIl1HDK}3%g z>nbN@fW9eW>d-BnpT@f$YzpFI3aF2zTm%0|k@DfFT(X$(<~6Ki>rn@mmGfSP2QbZW z#pO)qLw`}(peH%tw1tNgo`G^6GqKj&+q2Gjt0IKzaX9GT2gfj$y09=V-K41xpo&|~ zyu9J0n6FUPI?kW%^8vjOMvysp!OIB-#0+pW;xFxO-1|`Xf~g8LamXIn=P1YtuuCPpg2#dQR>@?$N2un~g@f&^Uc^Q>Lib;SLuWUn4zlhOT0?J;1c+2XF+ z?+5C%8#nJ9B8_fO3-1SXZ`F8?U2tIe4@%<^mY2{F@SAP}=f;T?trHzC>Nl0g{ca&Z z*UnncUyzOOJ;-sB_{$n(>Ji<|D+RJH(B4ZM44u;v?t<84?NI#)AF%=e7o5KCHKF08;p?s^L{eRDxuoF>xZ_pxe9Pa%wiCn~ zU+yliR@~>`G*5Nm==$Uzd@TCo+|I92}2ge=Y48Q-u6 zUEO2e_nJH$zcNBvlcec*aO6S*6$*%1wE{Ym54)wCIsa>NRsNb>;Kbc62?nlf*cbRU(8I%3g71?>#C`itN2Zr@i;~d%jiIr|a{%@9#hNeILK$ zcibOGR}NRs^&YR+^Z9r_hPb5tL~C%^H{b?J=+pmmL3s`uLu6k_Qdzo269ZF^+x^*E zo?k>yzbN1An-v0;%f;GUc*7YH>jU~Osdc*7!M?@&A7_bBCqly3iD{oUCn8R?Go4eA0>7*MNQj$+(qs?rE@y-m`1BOJTY zoM9~%-Fd|@w5`Ssdq53eeZ+Ot)MDB5jI*K$21wEajxoWmH%==|el-LO9raf#1# z5PrXp4Pk+@1*|R(k06v?SGK?+$XanT_~*9Ahl1_?3bT?QQw)gEov*xSSbO;Pn@ZU+ z`^7q8N4M0sQkXQLRSWI*!}aJhvNh{R%WI_#_}(?UqAf#b&#|F^CtI`CjCMCycC#JR zKizI~ESnqca}J_iJb7o)aOCM7dxfA;6*5)3o79T_=k8=y4O3AFGS?1fa&ZHr_{o`Y zI@#(Ul>B-Dz9CNR&mWr#FfV&NxypaFdg1X2wi9Pb&R(&iVWu~vs zHMPG~IAe41!v<~RGA#U0NSCyVM z;5NUxDxUvs6K%?wv6%Emb1p+%YXBR!_brXo3=l3kC|jyX=JBW@jvc|lVy&4ZB) zgsk4Eajplm`&W4$%-a6^w%^O&Lo4bU2=_Cs@Gz<4)T=~1^9fppZ`}zk14sIR9)LeW z9lno39ApdqE~ck51~Nd9`!Sj58>6H*}pG3k*M_|v(WCyU73$5y=69i z#9hawv?NTWxpO&LHXnB8g?R03?M8Mt+ic4m!j_f{IX*eqTDJHl-RpF8Fh}+w>~cG@ zqkS*kLcECPW)}kWJ$z?11DNZ0N|&0wMw`KTJG+*rIAzf8!uS3IGrHgV@jt&EAY~`W zmE_lu<_5~H2=0ip4yiHTqZ{bdqE^X_O5jwhH@|ilc+Z|RnDl0~G>fgkM!JPXC_-xn zrg9G_D({|Jk)(_b`9dcxYnH)e~ zaj$FNuE;8t+U-9~AXs!eEv2`&UVQN;6Opd30S`jn%4Oy@IiX?r>nN0+A%bK9yNBY!* zo^84)F^_8SLx*JNYr%5k?)BmdTw^HM&+V2h<&(u^2j)%9uCMG^RTUYq48frGp>M-} zgz#I-8#d&3Hrll|nA?24*SBGCp6$ZN(j&daA4_Y0emg=3=p8y%UYc94m(4i5N-i)5 z)8%>Sn6Len!fpqIvOJXV03wZs<{b!f7v^G1$zRGUaUYn3cx5Zv{re? zJAN9j;vOM5-TO81cQrg)C3{QK6MMpTzO@@}N4YsfPcQ68<@}W{F~03uD5&mqaH1Gu zIf%vcLDX=Si4ZxRa87@H`gr53NAs-^nv zn2b#@vc%1WBSN=%&c~29p0Bey(^s4g{|i`I~%v^ zX}=`n>G&j*CtyCcs`&mvC+2Mlmv*k1enZ~scs(Jms9~*XVyc#qkno;d0CR1^xAh z-!sN9ylY9gRf{ByNHGs)LT+emjE<$a8nT^2MRVt--?St!v%4U;Y|%{2Vd_hy%fyGR zd6F<(`D+0#vzvZ@MS}W4b;n8NiFUDrr32)5P)+({2&H+U?r*-owV3WV*SgJ%Za-Sn z?fCtgL*213-*Gs8gQ)VJJZdgf%{PFts2l72|-Tx)xgPfN}$8MW}f z%+3Rbd_a;O9u(GRw4$TQW<0tHw4b^em%&xlhLajSDp5j>tFZm5xR5xQKZ+2s$x|v=_j&73?pXCcir6$ zRHz4G=-F<};=X3E0<@Him-dl@2U$R3ghzb|1F0lLI*-d-kXIc{QDnv zO9W*j+(!fsZ$zyEw_5(=&wl`J*ZvOy-2P7o*%U}@2>Kzgs4M>Z>xCmW0$L!P%tLQF zuoufA{a>HUWGbS6^3I8L8U!_ok;C_okB;rU4P=%GMe;3?VxXbD5VC`&62h!%AnHWT z`5mpk8-FpZOxchOyx=(*2X*v4^NzG-B7?Q4z~6f3eL*DHWgi&xpAo~qxr54od3d@6 zSO#4kkS|pt`|)1RI|)|@8#gduu)VbM5whZ6ua0(R8kzGlu%?5ik*~a}#o0#)!11Za zM|i$iK~ZP{Fg$xNzdrB_*WHo*scUC@(>1G}BoQat0Bp0G+RBp5Z%AOp<>dz8e)!pm znA9^W{^bR`=TD#(Sv}B0V8&ogGNfX;AJrxs{Xy6CEJwxrVb`T5Io%f$jklzc9K9}T zbsgpPjdIAE&Vmf)DNm6RlE(LFB)d|vT_hA#9P&4|k2Q!O)ys3WhO))5Da^O-w{;tM z@`z7|EWy*O3yR3FJ{W>@!B8w>S2x#i%pZyX-Z03S-*K06w^)XRuraEAPz#OnL_t9W zRgniP$ia_+7o$NWi2hYkP&P4SZi~GmL_rBzqgtLBTG4w!{GVndZbgD?kYB@;y- zQ7a zP!l2dt+lPfynA2&`gxe*+TNP08)F`hyLPon^~GPfXaMS2C+X9@PM9p$RjUX>nFnig zgHz!C!UUG=h$c)#={zKX8~%8-rWfN20Lzc4QKNSVA_7Ik+W?|fp1DH!WJtw#WW)Do zsV~a<=H+9Yg3X2M1Lflb~LzO;pMJ#f6q{*(n z@}Q4v`%0rEX1k=3=icMao)!o)RGW{qx8_;4=erM(*5!8SiG7#4J|rhD9p@AnJ|jDC z;@Kc70kOg4{v2Xa_fFV{qw;&Cb4q8p)lIsa9?Oun(rTt8V zmL+gkknN6BvgSApW!r^7Q∾8SVU~&lkv#Si3TRH1lcC;$Q9Bj z$2Vyv(!Y|LLt)43Q(1&DQuO{7dQ3(Oi1B!0>fsT`RXiYF9jJ7oa%~=1sVvwP(y#CXq&dVVfg; z7%X<`Laf=#zCT|F5ka2#mt&J>SCzNWAQj1#F{UJO0o-Sil}DSY2k!Hi-dUltCphXB zL7rj)O#6C|R+pvmFl(?<-fS8OlvvR~?h-E}pJ6oQ!=Z>|~QI05uE`brEQI zVOr>hLCp2nXYd5@3&A0QC-j+wdmmJIpr2JbuMcGUL%$=$MSJO^fW&3B=@s^FAS(9R z_RJen4aO^MzYNGlL4P+@Gb+5_T)8h%~PN1)|%l!)6|n&o1!yD?B#u~r?j)&tyjW$>1RLm0i_Nt z)5Q`HxHfoYJrWHP@o}oLM{73M7b)&TfMSYKbnF^|%7)HyOjWsziah78hBc()i6X7* z=x_95%pC6KlK|KrJx1`tAvFlA7NplYOx6l9T?@{uvjb588{8n%uY^n`*N+PbHYCFb znRt3%Ww@G#X7T!AdEoVGym`*;4zn$**9THOD>2)fzw{Ze(qY9<8Is<5`dwz-bz9cCz;CB}^*<#OH#Vb1qB$?wfujZx*puw4ha3jA2L)q&yahLzp{b%xb z@O+APririV($24pLTq9kfVfI31HRiEUlrYNr(8%&&9c3AR!b$xcfv8#&FvDyr;G&= zbLwkc>Xv>PcXS9L0iteo8~__jtcIFkG!0_=L_s1J0r*B2;=BkA+?@|D|l8VU9o}!7Qaiw8*qi2et1Fa-3G^$TeI1EkviOpHZ zl-iv&v06XpSoES-TUT;&cZe`AaqG!ehZ)^ThIYyp%+gf*RO4X1K|V=E-$rkG_MLRS zwv6rFjS7k^_5qZ>^QyLR>etcY6`wliXH&EHQ#gZ5zxOL<39Dh6GRoAZrSt^(h?rOl zXY1BgS4Ic4oA_oi>(xPBXkK(Mlh_EoSX0n|KF-xskJOL+-n#3+!scW(3q~hV`WAlH zE%vaR8_PpjCujm?bM0W$bDIIU3jw?yyMwn4`)y#c)5vfH<3dp90NuHok)Y}6)x5y( zd0*4>b`2h-txDmiq*z#_De~Za>vRYq3W8FnlV%OaDsuv`KiawWOPje6WontxD)|lH zP|b-I)wC1LYL&u&Y=?+O`h>*qw}>pXo|e{Zw^*{|{52Ri5_4Nd%G58OhDthP3=AteRHqTx{yCAOXfuYe|;VrvD`4+si8W z$wI5sl?ojXfDU?umWL~E5j;(Ebc7xom_@Se%y~b`d%=}qJJ9$G}TvFA05@obE=Z9Q7+%V|%#cI~&lnes7! zbloE+XR<8bo)uq67B>wZ2}FZ-XOg9z0=qrQu1`*qAeeu_TJJSLWM7^-JoZhxfL}#T z_e&8h<0u?z^nc`S4$?Pju5TvVs?M*mYHpbx`NyU|0Gqx~5&&_%Dl`@M6U<;XXIi|2 zpgV8Vw{Y6)v~iUC%toPLvpjzB_{2&JttVwHy}Y5Qs=Dv8AOm#vjP2(r@SR+d@n&Tp z%E~s-N<^t$KYT-W`Gej%xRmNm-64ANN`W=z)MXR1ND}j)_pE%e4cZ4PUjbb$F&XS= zQC2n*va;z|CAG9PRVzfNod+S|UdG-o^)(e0S3S}LtO!vNX@hz|!z}dUGfSkl;SvwzAn8>dDG7 zY*Rra?-1n7w4NmAR)H&;pPM7ozS}(qYeggT=IYbzivepFlE9kE>|9AO^NrMAYy9B{ zj-_*xZfO1nIqembV=SFYH^n9~=pUEGE(LkJugdZ)DHNW6m;<=Y)kNu#p=#qg>hj@Y zteVt|{l6Af_`X+``GCdL$6KD*?%V>B8rV5OxmnE@IK3C6ZdkT}xrfXXaD0IgIY+`t z?KkZ!gh6~?Gr&~_WXknM&vUIp2A@6MB>1WBWycV;#v1Ca-CGKN zP39T?$P0MZ3vjMZ&IPwK8RUy5=``4<|2$ddX_cK^E1b)hNX`eW!hviuzrhwI?+0Zxn_~YeZgC)(`$ND+p4@};Va>hd|HBB2fzkZGt2TNyL)US z>3jw1j%_x4fw`Qvo`{eaSD-;ht^OHYY1x+S%-vbaM^evNMz}OGPV6cxs3cnL%-?bo zI!kOOx-CsY*Nc!9Tv-0x-lD-1PV(jB^Y)y)xEJqKInsl)Ju_cXExm*3U-k6QW3O5v z4Ao16HhA@eTkaEK${JtGghu5;oaCG2 z1^Z)4H@0=jv6cg6r5Y=B!UIzUm{M|V5RM^yAy<9pwlj8gkA~RHj|R)*2F~f?3$AU@r>Gw4va32G*iaq|jPCT+^@#50T2s9G;KA zt515X=8GQ-(VKzd%0|=iBZ*M=3g1lL+&Q$Nsp4j}V{ugK-dBA#3MSNAiX(WYjq}mP z+N#c}MD*~kefneB-|wynfFQh8nh!f`u0eUW_!`4?D&ONM>C~QS^+N-1@*_Cz%RV!i zX#GIwWinF?>Jo+9~kU85Yk2Go_ zhs1zC&_tTMGF_v&tkPz6B0Pu?g*T7!b?8`BfVMZ_m($P4&uK4Dcd}<^NqT*c}JOj z%d9s6vQrjyyVG$+uY5{C<0PvF#NI8}GU18>nCwdZbFgXMTRZ2;Zs;-lmKHAX@D(f( zhP4hA?hSyh`qRvgKAM4svH(v}C5k?H;E(%03IPjX=|db)D36M@<96F`g$kHmlUX6N z-&Fl9JX{U-N#_s+6u91hdZ$O+T2n3j_N+er;?<~NGP$`k?tL#;guP0h>pQ<;y7=IP zEASdznU#)In?Gw%8!D+3N`u-XG9r6nE*KX5v9HVGZ_J%8dab#EHv@6$eE2gNx5HRv zm{qf-%1cjYVY)R64|n?Sj;>Zb+*x0xpOsZ5G~^U=SDk7Itt+R%SoYax7|=CyaC3y% zXK(XqNT-VTjy;l*6H80hL8tXKCXlAn#g?o~Eywv$)s_sTylXU)Iqfk?|qK3 z-w)As(43zgX?QCwF<&Nv#vH{|VZIw{P*LdB##~62e-vm6jhI;v z%*++Minc#}7RJjfAc0Oj%U8ZO!UYo1qQtUFL%rsDXqdS3!i)6L7`=*8QtYj_d@&m8 zZYRvytNau<8KJCeFw0K|n}g?LA>{CP2F#=As?H}=^MySrH15xH>z9gX1{E1TU6i=h z@L9tyzxi-9GCg{jyR8JInF_SS!ip9_?y*Z-(lM&b?@Z?<$;T8*6cyU)v~%}nR+sXl zj_gclTW^%;rX4H?o30_TM{5`Q)sYF!uimn;0hw^*!z)kB16_*ev;6!4ZO&rH*?K~e zy4cV=MVBhmqYZ~FnbU#T44OFrcev4(2u zfpYJ~;d!TF`syaG5uX!xwA{gUYd3=_;5)=G+xbc=8aWHQg5#n0>FAZksNE8coxC0^ zb4?LmJ+5Yv54JZcAIq2D4_K7I>}&;4uMaT>-KemFX@BBq3S*-d;#`Ve14D#GlqG)K z!d`-6nSRDt+H&yoQ=E+i@Cvv?{G;!NvU~mD=A@YKo>@M*k*C9>4WPd)l*DQ#&l;q5 z>K86`(8`!sm0*P9_;vIJPpp&=^tWY+YSIravZqgtO;d?-bFsSg4cV?35au1rj)$N`FNI}0Tc8sdx{2ObhRInrcaV})+)}|8qX_%iq zwKZ!-#x~p8nB5)m@YN(H>_L+L%Es4bVNe9u!RV@c?#v1K#Ng^JICk7` zygxrX|Ai9eyZ9FY4%DE9bZJ>(jk>7eD*xI&+c$8KERP&2IQfIF<4(A@zyKJU5T}@9 zN4XxW=FF1@x>U!im6o}R%A;8{?;$G@! zG(N_t7P#RjshojFkpr9^C8JXyIc`P@2Gx&xPS%b+_S-J2F(?e+y5d=t z+wOc)6{~1NiSwiqynV>!Kv*vHhOAg>{< z>m2Wl)dg=JZtoJtwC}f6@;R)f0{9=Rr`F4)6QU@SeD!G^CjzOyC)wSc$J-R!wI$ha zH1fT%qlsP6BgzovW*N)}n1RAYf&x!JV=v8p*&XkpS3K++b6eYIheKV(qOGPHP>p#o zr?>_?jGuHT(o?OAV|GfZyR6GD_S!}+&gki!>w2SS_CqbAn7 zRXB(J&rtbz*Ik%NrQC@o9?EuJG+jbyC=Cbm9QUsi@qvhgdz|K5KRAX4!xdN;!6{69J zi!Mv1k}3C9?wiv-d@eoeMaFPYS3Q4}%g1~Wtgfs`OcOrdC;AEr_jlG^W>)CaHW)wH z)ybYN#Co>7=``glzqHQi@SOwiwAh$edK@cV@HD!~s7(2@5+S#9^se88b@;`T7Ev>k^G4Ls!Zp-UC9_Xw zt{hld7@fr~^5Ww@veeuRg_!hW0 z2HBnE4ngVNKHm|$$%Q!;(i`-X6IY3{4OtA|*2OF-r&rRZ&*ROuKC>kmF;P&8`*Iji zx=p-?cp2vIBU`oghW!qf&ENdHVk!t*jL)4=Be%~*Q7ZU(sB=>8V{q*0zO*`MZMAOt zkuTbQKMG*347^L2Hxvj6mRmQ*VZNw1x7Xb*!2^X~61P1GBHX|mm{ zvS-O5>v}(}zuFoszkS~NYZ`$;QRn^aK7Hn|$>rPLUu)?{{9}~jUiH3=tJb;49!<9* zR@QjHg>z)Tdm<#{7u7dS@ z)j9uZ2DblpO-8VF3g)0>pkBqk8}+ zZ7=G0FS%mhK2V$d43hl$ivRuRpU2_Mn$h2i?K=i(_9hjjFRi z^?nZ-E`iroybK-n(0zvi^s4deGq-B2Q3xaI=b1p1It+Nkp=RpM9fk2Cq?eZI-hpXK zC}K0;&;y0!xM#R@0JDTvcofgB& zSgJ03;94Yn5shzHvxUfw6M64*XN(p z05f@6yz$VXOeEK;BTZLgeD(=3#eHOVMDR_Efikpisu2KF>!K%h)H)!tB67MbJ8{hs zUK%ns%=vFl4OVzB4vPX+V4*q=Za$hDArMAtO3pjX>#UvwLJq+xV+o~z$0m3O>ung`9Suy(b_yAdT zcrP$8U{

0yD;j&7u-FqL0u^_1J78gZ(lfOy7sh5wp%2ATKmGs>4X%u>7_Z5FLHC z<CIPzV%}k&?q8Rs6c2wr;70 zWBzDan0ZG1c}m6`E&8t0xxwHtuni+qdOmbpk}7Tq_=>AP>un=j$jpRF5w z3l>sh#dDvJ`0?E<(nDAl7GGbTwuBzwn%`tf+xj!hq=jot|2(z`qF!Q;4DCql1&Ecj z$i_Q?#6S=s!2S6Qp6?Ek{z=AGvoORRnx2FGDfUHh!Y+7an37Bg@FHVyip~MVZ^|Ij zHiI*lq(Fs|Iwds3f1mPV86qMj3@(M>g#|MND@RD|0$c-(DQ2|$k=O!lW=9nMyS^}> zSx0DTYQcR0$l#P-@_|yDQ`wdwfzrx{2kpBXY=*0h!7$viN3Myzj2Cuui0k7SW}NByQVgl|GBzM8mSVZ5bi7G_X1?v#dljp*e{0ej>hQ&4{Bttc>#?T zQHtP(5#FED>14)-NOJUI40QzzaIz43@mm_|ycz)LsA@EUtE1O-Zp9f{SFWAj;Ud-u z=GE8ZqHTNAoTD)V@2!RhjOERc8?Y;*6c5W)T3wv#I`~mvVRO!Pi!^ zKo5K{js*nX$>KkR%$no9lAP-*#D!Ly5dZBd@C|R+6xk5|tdIY$Ts+9EJ&r3X7Fq4n zdD6%AdPVB9V_gk3v399Yym`7vNqcgKk7;Hawx8xvP66{!!`v6PK!K?q&h(O3#KW<; z0k&@%dW!2M@zExXi>|Y!>M0i@)s>yOFQc1^m|ndB4Eg1azH zPv8Ufzj!~_QGY%8U9)UPi;SYXw!^1@d1ZD$>h3y8QII#Gl^~Go38Y@)WSY z=^G_qRQbavXCBTJ7alCuOkfn?jM`jt6{l&~oONFNk36z612aC0m_kPPJdfcN28~i4fRzT)%SmvIUR+iLSTu70Z@|EI^VsAw_Ag4{ z4$R4N^1K)K%?b^#hor!UHh)_#FU`TB@qW7xs8I7x;mHq4Q}=sZhh2{31dh-D14^Bg ztt$zalfy#!4CP3UASEh=H#Rl(6x)t!s^H{nc>!E+=3lYxv)@}u@;j!XD)Hm+x-K5l z{2&^_dg=IXnjiL&efF>bb}ZGaN5BTbjNihV9h3~2Ixbt#m3>7pCJR`Oxs!7*QUCK~ z13eedy4+1>_x6hEhqjD&`0v+I%JxYS3qr|x3yof|(0q{BUQ~L5N2%b0A4^Sp#aftv z>=Tz4s!e1SJ6lYKMZk7r>1i-Vs$+pIUZ)y8DHOc|w|lFk96!;$Y*@K%_nE_?$=x`6 zOTyk#D?%EWpNZ zLYva#xJ4L$rHNs31k< zo5W>^+@;R+x)4pXeOod?fxFHTb_Y@o#Ws&_@Z$1azG9pwihe_?E}hy}QK?t4Sl5?j8yq_PD@<#;Ooy4 znL3`{p}6@(`<3(2!AWLh)kmY|4POTP3^Eg60Nt_S4jp-R3QBq!Y)4p{k47nraB{Pt z)o@B35^wAVlFc(}&O>$Zl?4N4VvCDMF@bi$;=r+3H-ass-uvvW4pqDNnR;akIgr%7 zH#2d|`|D95$%roSdxAK`FISjj|0Y152FgkbjF3Nj9+FjJ-+ybm7YLx-GFR$8y~bv! zkbeNnf2)s0&3takW*qxZ*^|mibNjF|Bp-~Z35q?r)uJHU4wLDcKq=4)Scc33{uYyy zb2It7DhyV_5oh;`9Ju>PIuV|TtbKA3nkx3Q-l9^_ljAi--Yzq)_GD_BXUK?MfqzAN zDG#!IvfnbxBqbcR1bvaS(q()GZyaa?~SdQKpOooqj@`OF0qExIO9WG@7#Whn+ntOv?wbxhrwyK%F zVV5mF6$aDe%04MU&}>j`cIrfME-Nn~yH$tnI;=$H8j_baRLP9{WcD^enL?}DhFP^w znJ?;{6C3*;lqftD4FJgrFNSiVcVw@QSbN4- z*Pg1qSnW95A3;%}nf8n(Fevv3EPyWf7s#bfAMD4vaQhqN^_|#v{mLbk11(E*%}5pO zY@9&SaHa7y+3M=+sI7Q|LYQX*p;no+maaBo!jf{!r^XtQuGoav$uQ>GLjOTiy$ZBc z0U``=Ub6|dwS?YyXql1|AU`>ia4qX=VIbL?Q6?0o9P2^p*|uL&;2^*%5LG2vDOu$V z^AAuA8oDf@?Tph#jNU>SRi;B!8H<4>f6z-3d*_xpc5-H=*U^rQ9AD%=YQBDP*tu;A z%4PGn>=L_jL-w(ng^%@BTKy)^MJ^&7Bt)7SI}nEKz?pqcT>CBXi_|Sc_NTa8&Z&_6 z+ujI^8Hv<;Y4u_n)nF~v&YSC|mnPl8l?-7c+;2;&2&mcmru~C?C8{Z~IN? zeV|uEO>>|Gd%#EE!#Hk1gI+$f*M&*R+)*4>)EltEQc~RaxfgL&50mkJ_B3n z-Oa9~!#W~Y+It)DG@s&0c-#0}?Hyf_?a$k#uS%)NEE0()|G4DD{C+%hmu*{AndVaY z9wIL^w44I<t}m@C)>)qMzh2P3K;W<`W*!d?MX--D#)blm&x z5CfC8YJQBJYNBc8_S@hj1!UeqR{P$gb!~pQC(Shj9?+<7QO>C5Yv%+tgb6V@<5_0p zJ{4n@Q^CqFBF6n7d{vp}(K?*}-lH2jl~?Mmenyt$ntd?ew8vN^z;fhvbcHx!R#zK`9m>0*0q*WX4(+96MMV@b@X=07x*v4_K6uAvAN}|htYLosFT|zedjXU+3ito~Bm~u{0CB&C?9Mor11*=K-kvZHP}-l*`oB>L^Klj#u_Nh>dC*!-%?(zF z646Qj2}XW*0%%h%54^#r#+u@)(fSZ){>Gn0N^&z!Y9lTd$xPHuHJ|M-?Si327C;37 zzIH&sXE6qdpf&(lcCnU!q5nc3LsOw;F~8%O_CEL3bP@~%*YIsx?@pH+>u+{KLfo5m#OelfTFbT;ZYZW;Xwgkcfu5~DU+#BQ*xe-& z+aK2`1AJ@DsxL&Z)avhKv8GTzN^?TM7Uz%Vz)kIf%%Ew*4G?q-#BMsmGC3#Lb|_v( z#eq}eKIvP(E?B;eE7VzZRtukqS-zD4k?Q0%d-44!LgJIrEowa**vOIz#F&w>VZiU&*$AnFHX2xmU2OJON$~%KBJ2C9lh+B@R}?V>gG+zEk9VtGznT6S%@R$O2P(YXVT#0pr+ zU9dCpZ1K93_(E$*gnjRJ_}BF*_L30ATQYZW<7Q;P5v&lwp6K0$HV$E>KIHjDNEszVp0HoYJ0t=+3p& z;zg@x4NZ!Fu2FQ`6X1c7rlaXuE}9FSy+f%YW%qUJsxp8O+tYY*!GPINYG^hB0yo8? zc=I~MADX}@oPWyna3yXo4wO${51}ndJ}i4Z(Axdy5>;MAkV^q+WEzC1`3SUUz9AE4 zJp}U(I*H;HQNx1z92VGJ$1YkI-tGa~9YX?iGI_v#m;wuG2TCu$=z*`&*DOsvTQ>au z?O1?J`#~2htQB)1eFvjQ8lv<)>kSJU6p-`#tr(JVyvzVDM$RKkf`BFaWgGTmthqBJ ziOVd=+V#iDQidj_LLVWhOxi=7Wdg~QRNdmd;Sx|ck7bb0AD;{tcZTE|WbM4}96|D- zjV-)A>fdguDo`3M>tgN&pSb^Zm zwx&#^#6F}4DX``OZ0~%2yLjx#V9pM5YyBhFoW4I&wkgdy@&R#Cj=Z_cvvK)isuVJN`QwJ2Cq>@n zaaQo%*g;l{*@ZiM*HfvxigxlzFH--Q%PmDLU=rabVE}@My_MN;FA5@0r&+QeR@{gu}Rq*h@eN8uUEIQ=RlluSbk)r>wVRZmgS9h+t;@Y;(Z+Mr68G604Kr&<}OF8%wo6 zLkPw7!~1;x!yWoj>CgJMogEfVa>k1< zh;c|QKsnH1wI4-H!Te2fd#S}@dtT+Y2#+s%;Kc6NT zZpvuB)P!`kcmlfP|2)C~!jN2i&({fnWn?KFt#$G7Ow->}7cV>_K_w~?J@A>FMKU}B z<`e5BNESe?Wx{$*k41;%?$)AVALX@TWCXKq9?8p$VBRwe^UmWL7UABX0>lE?B3t*7Qv5xxLm>=FaPrE*{-Bn*dKI6E{S30I zt&>|+n1n%gBNxx;q51jY>ioVLBznBz7;B0OS&AyK$X;-EgDsxlI8<8an61fOWSuwz zMu9(NfgPfe@eEG(!)3fPi)wK}au0{z)=cuMGlSWJ>+bd{!+t}Exv|YNX^3>gHX(6_ z2)4lgQ=Ig^1fx7{36rL-7#Z&cGeq)+J*++xN9Q6K5s1AO62M(~G!9w75^sfHY?7tm zd;WL31tZ%%D-PwlWYyesm>wY_mh;dX4$YI~3i^Fi3Ei2ipvdpNFX9$-LbL6xfm|xlK8yG=Ua3&^GSe+>sjz+ zj4?6>4UQ1CN6kBV4m1xp1*TrHFC?iY;B)(rx0CwWkd-6q{Vz2AqQUq)cnleQM8GS3 zehHqmq@F2RY3_KAd*F!E;$a4sGqSnaK*6;(XOGnQEgu0ZFmNHW3{fP=hfaz*P*%1u zr#^oNvoa$gKT}k;Td=!oGJBhfJC~X}SM|dOo#zMTFA=f5WMQw`xBs!g$!jSj&kRrO z-%ok!vh)eBQzu9Ws4nj(xcue7D`}piwu)aQepJ0zBFR4$H88tvS>E!l?_JlszOH*F ztMlTcHlBT5UGKW;Zjvu9Y(_}-@#dYHjv;M5b^X<^KOgc)TV1X(9mmS9M^Ah{!ppVp z#MsBl;sTy5+D`+kvD^VXG*JxVP7ibkvil!tG4gXM6dr$)dJ&IDdMk7ZR5V@oIsoCO zmL;$eBF-E+>$%Q0^z{WurlHo#e2UOsj^+_L&00UUY}`57#U4S^#%KX3N0;FB-bidj zocdsQUg`DU?B=8x~17Cx@;AZd}`WrQ(rLb1kyg*o%*~-5(YN4+*4lvshoh zJ$&ImU$9-8yQW$V2Olm=-E9i4Hf#I!tE8jJ-wtSpHd@k3PO=xZByEX62Gv6T;|&*bwvI9bfdFgDBYLK9~{Z0nPFAuq|}5A#Q0+gt@j- zerqn*Z;#%KKJ%}q&oz#2mzntXNb4cYtf>y_+lbb#jk3yky(zVjAk6*xnmvERExhPF zi-G^~3kgG(0e1rO1eK1=`>ChN6Xw!=!F{+fJY4FsEDr|LsN{72+8>D`WI&7HUU!o_ zh{)pVb~1v^A*H>`(l?z!(yieC?l?*)`Q1T{blh<(YOu{+mKYA<-*pS8w}T$5tJ+Ua zZ++V*MvF8L0UAG#A~1!5=y?2R`!@_&Scx*{*7dh1)W<=f^6l#0>Y$U*EY0l#$M{H; z-=%(#LN-GXZ4m4)FN3)>Z`&r-!M0V_wrV{q%{^o8UT$=cHebxQNsn~%AO*9|TG{;U ztN8k_(zkx!WY=GzYNb=XTe}Ez&!&l$rv(or_Rn@DDn_Y2${@(lTQIL7Yc;G?o7n(#RJY(}?jtR#L|Se~CY<|P1xo@H#`$d>d5+OEiL`ZrN+Es? z;Lx&jn#FEO;QB=Ge_muZr?TjHa7w8KLz$h>J=T716T(^dc8|v=# zb$bi@;CVP?oTRh9I7|Nqyqq$F=tI-4+4)8pid=dJ-0C+@W-P9$sfJq4hk@^|baKzp zjzyU9s<@FZJc6{d3J$%5=5vzy)&r4<6vN_X$HHb+MtZNA^6BgTb^mriZt3Ph2Yx@X zH(booN(**Fp>G`OZsG?m`Dr*EbFxsl50{2bE#@VLCWi&0rq7k}SRsM2oB>^;aRuA_ zRoVp)41~5`pPEkSIQx$a{v7gCyy(B*;jq9YUHHc@a{u=ie=fSniu>Qgvv(|Dx%}_d zv$wqe_oDcF`TqalqDbWtRx-~Men8+6S^aP8BH6x=(toa%w-bL*MZtTqzyEI=FKojq zCI?Y}zs*-F+Iv6Qx4%A!g3^ATFy!x|s&!^aLhk3KJpsiMP?e8k|Fw%xD9uM2m8_Z~ zFQ8)7hmPJeHO7eamN?sK6+5J|6#V@}@eZ`JB2}(|^UU{3Xw8rZv|g1kiv|Lqi`0XE zJ>xV_zn#F|q7oO$r-Y1{TA&eZ0YjT?nVB>gyn|%%6c86K0?dE(XY(7K;-tvmul;QrtW;`O!RSzE&hK-kUcV;CQzpN}}pj?w4uH+sHGKP*w5X1gSS9MOBx?YOI`btP_= z8Fp#)${fD6zYHaX&>^Urw9dqy~O|Y(_Rfh`g;(M{B*m+6hI8KFE3cfhx~XI zpkco7``vw%PBjK?w!C%uc3#jUxK62_bLoFk(b zILid%;-|vx2)pMYaQYID@D!ZzXB0UP!?@2I(y!tVGeP(Hw4*VS@AhJd`0sa}E2IrH ztO=N7Bn!84ionde1t{DpM^9bnKtUrwtuIzQd96-=;n(kzwsyN+*oMB^^lR7{!Y-s2 zvd}1+uVQHV{^`k$0Ib>+(!D!yWT!PlsonC7lC9Z?J@PG}uGZ&RuXm^7#xtP?>x;XJ z+IdC%^EvNEt1U8&14Z^GQmDFiK{+OjOugXMlYi8$&^@&eLM#~zbfMGDc=O`a^a@=0 zA>#lJs(B`TDMM9{Cu}?b__#wY_AXcFTlqy zx&hH&VC0oZ5g~9@0AQeoXz=Mlq+h_c+N(?R}P`MkJ zt1T0^whDC0-M0~c)fQ;YkAxuXP0q4;eT&BEOUBloqEe}bU4JHU#lOQNfdq9GK{GoROV;bizX+e zivVR(yD#8ks+qPv?J6?VF`ljFuV%bMhsC{3?Oy&CD#$6uJpmTlD$BO>7harNPI=iq z=*?pFo7N${%7B#xj<(jl?Hud*Dw-fCIBprS512EL%+ui|G^OUhIj&Zg^?cK^P@JZ6NI{8}vY>{Zg~0&p*;gSD-`DvWBT0f*RxEoIAm zNFihrB%++Im2W{QPb(>D`{PTNK2Td{69#rx^2faxtj=z(!$6iMjm>LcTmQ{KR=r%d zvQoI;#=!)MM`r{`YN?`1Nblg_nKLwG`jDHY=Mf?C{na=;erR&B76}~)W_9k5i$2gI&`a4xu1hw%_kxz6+MQ`aSo!V!!7#JVtH zhTkLp#!_OGvrSSRT@(-wS&>oaIHCbMZbl8#Y1^+IRb~QyijG}bbS8K?O>>cUj-77A zRvW=hB7~GC!Tf3PVS)`NSiP4iI&dNv3K0ZJ(y>XFHpp!TWTN$6nz#-$ z&_nLaT?~^%yMSp%2>p3DiRL3A;~;_rs@QE+wyV#vP7_U9#3-DcRM2Qk_vw>BYaB92&py_v8**=%Wwgb ztM_5+Jbi~QW7WV6nnau%FwnAW)FelIG1iK(EpqBu7gDN2gFOa)F&AkSs0ePsR(o4U z3;dk|=@XCtzQE|Ps$2o5gdTkVICX1L61{OR@l^7AxX}{h0z{MMyfzUw?8JF6*gMNO z&2?4N2K8-g0q9e(Way;S~P(;xB#NA1~OYh)spn#V)rPkH)AtfmD%4n z?Lm~PcF{vK*b>#hdT>>#Au1aL6bl6}-!oqN2XE!~#fHx(J96I>ZqnDgr_Rp`!`a z&_ag*`F7OtmG^w#dwth+&d=k&81g*3tiARs_qtaND4exmlmHI)3i=QuKxiQJLb`tD z^6Usopntrpm;&gutWO-R0(!>AjtnZi&$|wAFKX_70#JMsh~vZDyXcgAp(5YN7>BY= zk`uT+UasAU!>e@CUq&o??C77T#cfz#ti@U}RYv{NY* z>*58hlDI&-$k#`?TIcn>JcvSUp6At)*qc?hy|J+XSW;N9*P%jlC zS@im@A$YJ$QbLI>w^yMCxQ82e^!P7MCc9P)#fE2VPYjUo#y4LA#o3_*i(n_GYFzrs zva4*;%^z}>HQ}fO1c4Gjm6m|&oDz^+sVp1;#RsyHHC!&qN)jMHFh&DjXfyzpjDh0) zoMq;fQK6evAcK+tYy}O?J?Oyav22O#T~Ta%^uw=)><_bQ;kv@~QRwg8jq;>%yFjju z`~9oqFs3gM*1#lh5I+m}74g%+fH5`z?tTggImTs~B*R6rZ*SQq+i1qqrNwOy2157ewgt8$uQse-G9qW|JOEbG~xe~ z2eI+Hje|+c6QF8s<JUz`04B5 ze$p=gZ^!t5>}>XxfMo5Xd;fB)!I^CD&2y_x7=G?6)2HcSTj{;3JXT#alI3QHH~hk$ zEzGEsgC3JuV(==mT3AI(wze{IVu)P`G1~qOddje+FbLYGzE(CyCaqmq`LZWyn{>%S zIP(rOoEgcC{rQbVN$RkrY9`yMFHvIcd5bBj^YaDxL0lgQhzHa!KHTu9uHD-bEwU~= zFvxlk>~$qOs_p3Asl5Z5t~Y;@aFHCZ2c@ec!%9x?^U<&5Nwqy;Xh^-wot~X#8^Z$1 zIDr=Y;biTZ586;8>=9S9UX`EJ`*tezYJN|t3O|0jd+zrBnyOwkh;SLi71?XC@vnYq zf~zR5kw>R|x*Xu=aW)K<^B`36y};{oT9#bzEp-NkRya1G#3-@t9WI~Ppq_KLdD9{X zGSlVR?vyBsJFbTTJ-hMu)Cr2KDMF;J3Qa~=lndYxKdIZ}Ff-x9(Hh>J^-F3$CicpE=V(H2z?)OI~6E}X(%N>65^@$sle#i1rrP0nOSaFmlCmrx$(NOZF>HT@geYDT6xRH zY47S;df(u=@KzBRa$sEQlT{nW^(CXhsDeo5uE@ZKH<}%qd!6-Y?9JyxbDiM1i@w`8 zF2_wVWxuNgiR>Y|!cT$?jtu{`x<;|Kb0m!-vH+E?aEE;Ar%RVtSvdztU=IUK()ZZE zJ+bmr>1-rr-9Srd;}kYQ;H1Oz%VWY~(78&VVeL$}PSP?wuDUsvUUY|i`r>RUaBr1- zr$2diI)r5gEp#2?hKddsf!INIz!U^u@&-6!*`TA`pT&T1Ss?4j;Rmu8GnusBW1_yZ zi`j#4o3G*P^VE;4YIdh9#88t!icw|)03Y-9(GV_R(~-2!bx3W8LC3W6n1l_F3HD?! z^Go>#Ee@Y_B+$ah3e!PFmOSzDbUb%Ke0Fz}pcU`JR3j1Bz%oRth;Qg_Q-_ zy}C_jjeinljKSguaoV&4O`eRfo6)YtGe6zOBWiKhapldWZ;;Ztexlm`p6}AGy}Ge! zqB6yhS6N#5hXo^&liOS%fj6!TvtuIQizK%;uvH61#)Z{ZOPvLFRc%l7cJwi5U9n#$ z1_^UyO+`uO?9Kf-;^^i1x66pKC$)WX1aYKdJpk4JASjSJ7;{icYI)Q+U`_)oNQlaq zRD?zBXG#;a?gv#T0E6_B#J@d8c_E)^iXP2j3YcUs>@3Kn93c6rjk>61SQ5 zFgK>#P*BV@Fn*B{#V?Mtm7*vD+ z!fn-+-KoKRgW@xLx!1NcbE^~NS3Ryb2q>ggad*(7$qX4Sj~69~b8;BlCuN!_> z@C+TP2yVDhP9F56Ij1eU#+Y;1O6;sJMK%z&FP!!zsrp%_+Xab)a(n z;SPa{=$e^4iAw&s)yeFtAq^(jmI1+0C@;}K(l6r)qXh6d$ZLZTqa=s}a;I`5p#fcQ zU>u>k#@MQ-u=&n~2GGr<4Mbwj1JHVw3;>E3^nmD)#yAMZjhcf}!Eu(wbF0?t0K}Ai z*Q;UbmJU`{b8Y##U`xe>UqRu#SH=+2v|6SfYgVmakG%vn$NDKL7qUVz+OBECP16fi zm&g4iB;B=_KJXr-`7tuY+FB-SGoCUJ*;~3VXENi)W0}t_wN!!)(ttdBPxd~JqS6`d z;()iV0WI<^Mv#2ML>77lUcD@(cSFSBm`&+1F3;m-;2s_X1Q_NWpj8ob2Jp?59cdQ7 zSO|!t3S?LV9ZUrP0Siq~b(8!!D7sb+o0`3t-{LdjCzn5@UfDmgW>_c%L7>7BH|fep z>=WtAN2Q((8JH_xR5ZuF4@pohTCB!Om1ouI6{rsQr(X{$tXYN|BW70?Xy^5%gMwG; zO-RlD^+*Pg81h%Y{Lcuy+nf1^n)#^J%r<27H>d1l3J#uxfkytk9Y3_=1v8;!|$VA{hXA%WdSgswxHm654nXSu*`^ zE)-3&X-b#TK8vbM8434K4Z{Ql=PihLbIH)a|bIa1TK7hGPg=oi7u-31r%1Ru8*;?E0tj*I_5K8s@j2i+4iV_H{WIk z_!HnK4sgSib-!YMY{&%A8RFUXt>_tP0$|wF0(F#7AhLJ0uhxYMhseG6piT;N-}_MN zH#z&__fa5Z?i{;65xjW%!%Q}Kal+#3>ibM~_oFq;O69I#^%sLomFnszW`)Jt^dgq# z<|ZT{uRn-<2_V+808nN;2Er_EZ*`m0_`e0x(zF>Rpt?BsY7#fV%kitjSFmoM6utbS zBQsT&K|E?-Oef~~W(XC!=wp-`VIU5$t#hHf!*jfaU5b6x&dyFX)%2M>Y)c!qw13WI za%P)2$0{H=O$~+y;N74zzYT%`W^eeb_;uZOipTH*=nLoxs57WqKb_nuHAu8lG1^Q# z#>wvUTePfY?d8?W@q8lBlyCbsy(fSHIIuZtS6BDAi{6O59 z&l=oAwnNI@$_}CP=}Tc;Z*)GVBGas(SbGs7xr-$BF$u)8k{1B%+*^REA1UIH6#8A3 zpM=00)3fW*tpNOUe@zvI{Jl=;6)b;msu@H1n0+H%IluP;byea=6LO2Y_2A&P2k@kKl^M3-VRq|rq%Eg>6Cy1>tY#hq85au8^4c-3dZwou`L1< zKrXX#<_1^PtT}Bfp7iNm{;O&b$(z2%R!#ni6ewLuB*FV3W19!ev z69J{56;Ek?hSIB9gqaSf9&25lRgbl)Zm7rFRSyqkFVFdGs(iY*H`5Cut6FgOkgetm zax{frOGbY3+4Rp$1$l|wb~gdL@PNsM+tgHFv;lo%gp?J$9zlEQYaBr<^^H=5rT6et zt3THSLe8$D+Mo%Z^_ ztQ-(i7F@W{uU=YtVY^<*QC?-YD?Zx521{+O9MT-~5SHvre-jkVp7i1QXOsYg2V$bx zAc-ZiaRHljo4_fH+7aN}ua~=MsxyFWK;sY$D7%aId#FaqKdltB_u*1L%q=kpVjF+| zbps;%wo^x6d=^+g5j6R_WqvCTvG!rp_oJubk){F~!1O^6h(K2>Jy*t186fU=r7T)W z=$KV}?b-ys{VJQj;kPdw_Fj%q(@qXr)2bghv!?MWO?qq}ek$>BZ?~zOSl~I)In5N?O zWp3_?K#*EhuL1O>Tjk0ZL>4H3coa29ub4|5(8`=HU+p1DQ~(U@SGCWAqtf&(rSfW8 z%Ac$Es!v3Fj^5L&0`C3f`QAf1Har@7t3zU3RWkZ`2G`Ba27tCC@!aG*&?vE>`se}I z$dJ>7Vdu`K$M6zUj$b|jQ-onHm>n)>^+Ij$bITx)RpF)Bo#f&tU7!*%)lwn{&~lBS zQaOpF<(~27r@fA#wik7q?DGC$uA}?|sSuYB@jV)zI$*OGra0@# zx9ICRp92R61U}5yCg1Y#h#uzh0<0SSIJDR_Zf$OsSdOxLMr%$8+;s18uH&Gb7bclt zUhan5UA$WIpq&rHq`4WTF1=ar8bRh*j8!r!`#I}6@8pD~%iZJdrbpI~FuXnIYL(oR zgjxbX97cV*psK;K8*FsvG13Q6D?HMkxLb^h;K?Un8X3E&`(O9YJ5+CU;b1~j~kEOBb89A_ZO z{VB=NNm;})rd_bX8Wkj8Wh*|GlONJO+KMdh5i~FgH|vz}{J4K?M2B=D-?rjelLI`` zlyAF8e6q|`3ujfnI9(}dxsiOeOtC@kQK%x0bZWaDU8O#rfmk1Ubxlk0T4($1#uQvb z+PHh1-NNkn0Px(SJ>MT0Fic$?)X5YGzMe|0S`?-bg275-+7q4;e3IIxW*Q66{wlS) z%+&_(OzcDqd{_P!2nLuDd_nsVpp7)>T3q{pTCX@hv;10kWw)!3_}yo1L3xX;w`)MV zWIZs^P-mw|ExkfywggS4jSt8M6;8@TLm%nXy4+1Qm6oiF1=o?iRdQc+Z4jX;*p%*H zJD*P}9;k8>&snQS1nyg-3)3D3uC}a?%OBlAjg_-YS+m~e!heFn%2m1=@x%gpIZ+X1 zUp1w-s)bbQ=zxJ-o={m?J`S!$Xz)Fj!ZFceC3cZ9dvk)O0&W(!;OEluaTd>gpERz2 z;HPfyO29o|fVy2#O=T5NnIbr6IG&#fP?|Yih3vAZ_{*zr-WvdQDS*P5r>~D6U0(!X z^xaS&&@R+b@2<#zx!4tP@6OL%L!ijg3=Htfys{=OSAvQ@eFWLktAT>w3jWbmT zE{lCvVHG2KV2_+4_pmSGIRXa}afH@W+uzfX*~tqNO74R>JMJN) zYy5)>=o66+_N=Wkb4(xGcD7Ji<^_U5B-2EDz66jM>!pgc)wev=1O|f-v72FeEEpQ) zyFKDp41TGOw=1UMeNfP9f0PIgX{Mb5*k%rCv)+_gNENEU^4bUAnf*>^D#tCBt^`Ix zXUW~OwB?J;VmD7;u2 z!B0L4l8Zhpge1~i$hr{dVjRB0GVE6jaB9sLNI0cZ#Jan$|0?UyOHNd}!BE^Xs4=iv zSRltA(z$dwuu$y_U=%QE*4L_+PGuH|UGPd1GEnFN#G}Qy*6Gi*%pO;^%ex#IDFFGA z4^>`c3!GIQ&^iIYfYNJ|K0evV=rNn}0zl_9{?foboGqM6NYAQ|>83L$N%+9ZPk(JI zmi}|74B7Q^&+WnpCPDfGC_LVBn<=F@Tsn^2A8ZokueHw5X>NiplJTqAUCyJR7noyu zrAYI3ao;QN76EfRajEZv)POtawLJ6M>iH0|wV(XLH_aPxe4$9vtN`3V5dQ7D)|(dQ z)VeF_wHJB9d4XKfeFTaXtSeZOATaMpi^OXBJFHHUN03{EI8bz3`q-^qChtR^DjZG7(^_HXn(yJO&lx$PxUNLk%FJn2 zDIW%BUbE_aT^ONNa(rD(Y4pQfy}V=slzWBgdxE;=z=htIhw!B=I0!$y=(vU?W{Ku- zTm9~~uJOCHGQ>;EkYCO4iId2xcZui`DQj=pext7*VZ_A(f&{#*0QJiA7^yMlJw1Pv z-o03ar4}sDySoa`hxrUlVF-I3mys4&zRTb+MqT`!>6CC8saNp+Ou9pTOw^T8Gj!TQ z3}HMm%JQhT$uejGu`i?7k^YdtS{6wy(K^+kJ`zYeE*HMvu(2?zM<_j`+$eGY9=r~c zphp8ahS^%K4^ykZ_YV9a>1(Ww=L)?Lq*i^SEq?HydVj$H$ zdvmfj`|;}>*#;~?bP7q60{4kz=SETdh6!GoBRSUr(!nwA?np7Hq+WIW&!|lfNq;GEY{e@e!A`6Sw?I&3zq_(sze*uIVx&5qux|K{EXz-wnc9V) zob3_g?G|Zkn7WwBHlJLi=tiZez?tsA27c&M@SBIE(LjwKEKV%D-X*+e81>7mNg@35 zHyb<4_hv8`hzMd(Xpmq>gB&`VTX2@R3|K(B8K9=be=s|SNf~)@Ki!Y043kwg&vOK) z;9z*V)E+#PQ~>zYrxWtwe?7FDji9#oHvQ=7Sv^gA)%;Q~NqkaQH>bA8e}V#v~by36SE$hQ=;U!B|E zyc*|Tg$p9}7dY_fKQw1VgaoK2>O(er|=^bnE8(=2$f9P6P~y^K^90z1g)Zwm5LIww(c}vY+Xt}Y8S9S+g z(r>UR0VuofJkQ7UP3KsGFTzQt71GEd$$)Xz>mfReyP&OP2G=@YV5vR2n&e+1NJ6kQ zcT1D?^OSa8L(hL9y4YJr?!#6Th;RlCdXD-ekfXIi>v@TQd7zX&L~k(+7E2gHeY_I_ zU+oH)&bsY;ZPv`L;ViQe0hQ5wZCz0qVdgMQzye&;1&8wa4u!7yK?7u-w_@rakO6FLsfvX|#Ij@%qQ0M^-i_txwP@BGc1DDelNI+gS z0S;{c?F)LD(%0J+VcWtaR|;KrPzylr;u(zf8RYw(3|QDxC8i0E5Qo; zRzHS8ZPmI{Lqwa@oO=3@z@u`-)RoSodn2nT6=mxND|FM^kLdK0^2sGhRt-JCfBYYV zcRLj>K!t~&v`z;)y#kn76(Eid6~0Np&~Q^VB>CQgz*{@BUwt4vHP0&#WL-$@R)hh* zZ#Nn!9;5hoXs)YIRd4$unxhPAPH|uA=;`u9SK`}AoEy&=&nGot5iF}DLj^g_z$Gu2 z;Fg825~t>p5dwFi=MZquTFO(F6ubMGk5ydsKL^*Rm2^8YD)N?accjZ7X`Zkt0t7Y( z*t0?{ez@KB?%9g2z{LfQ-NAvfUcsL5p!vMDmyPvP1z_4x+a3u$A~4%)0N{y=Uf(uL znJ{a}+SZVgx?=Bb6lQ?NN#N{o$+$jABu}L%{xRSL12F<(ff^X1k@&c9fTLF=sFwxHr)Z3PQ8B<`~ zvBV9KfSJl%DZbQ#?0n2i)Lv5@1%-hk8UVD4v>c=65#QqVfdnmI;zW|iE;aJ|%dT1f zzI>TgoVpe_jzTn_5#~Q)JK#l&Itxf{lE(n5^oTmfHd1`HvBV1>y1gRfde=~+rD#rT zegoE688$oYODmag&qsIMe>^rhMmlfFaj^29D>e(oD@u5bwdS^%3P2)1(o-2oPGL;| zJBnV-I9|&+d28#zhsfW~7^h`qY~6o4d@JnqzDKa#^D?KRo^3sdIo*Bhso{l3CFjlw zqUG;f{1&$JY-Wz|Z(ERoZyIhyO%N4SF3X2Lr^y|--uO7LEHFFBpqSY;Ur>|%I7ki} zK3x#U>P+#e*IKUeH)?71m{(u1t>GKl$pdSi8~*Bh^6=<7w(+lks?T^gQu|<1o=nWy z_>hoIyQ1{Zi{@z0ygh*W{hkaa-+I<;5jj>WW?t=7*7re4`)z~v=qx<#4qyWgtzZ3}y8Dfz;%$g>HR$V#(2$}PMIU-~*di@! z7FDL$Xf80aUh^~h`RpD(@0q?2kBb#etQ*Pd2Vk=tKTBKX4s)d` zl>$_==K<|fhq_s77si)9``K3^EkTD^+Vj*ast@P&pC(K@m(ea6F&9@NggKoRu}(9c z$N?{c!^+&_X0i}uBnp$rSGRe|422tuEwy37} zYFCiSm#gWZF1CzqReAh0rLV**x3nW*Z9f0tZ`7;p&)O#krH#X8*sJm+twHf@XB+(~ zU`d}gq=(1(?lJEct>QNRx{HT~(6ST| zsZuAjBx|;){;@V)N2(kkv0Sa6L9{2Zqj377_}YigX(I=>FJ4`4HV$@Szfob$n`|m> zVM4Z3CAEBkuDU1WcKv&)%x0py0CoIonrFykz#cS^e0;uMnB$)9U4P|fbH?EH8&aB^rLXLl!$sVBey5c1at!KmFkzbqOPu)lYc zr8q%Utn-&A$ufRl%(2~t1~hrGiurlF!)McED!n^L#uh6whs@hD%E|`TYuHOOL$XQC zZ6Tt6?R@d*ghj+3_c!s}c+r~Z#?|}a-=lM?qlF04Bp*gkPcMr^8u0Y?PU!CLe)&6f zkVp$2YS@wBG#vE&*|Tn~l~JEw@}7(%Nk#bnQkSYKZ4?l>9;Wu%+|I=oP_JT`P>=Jn*mdvBw_t9)VKa9@Mz$;hX|Q$<)=-7_+|sd*pYnfT3gS1n5U zX-Xw*c1+)|IdonjY4d5f>HCEfa*dB_$qUT(<&P>4#xh(b)cZZorm3vpZeLB98CkRL znAg9M@Rt(1DAz1oozytCF1f|FJC?#0T}kP*I&PLUoP0Lx)A2+Xhho3})0>rBZ=J5n z&p9k)|MF^X)uR{u)_aU&=>d5}BWyy4NuE!;{rQN&l`}ZmGj446jAh>gA1p{%ZZhMQoO6FY0jId9MO zO!*;&B&Js8#f-eXjJqLwBS7Jtv2k)&ISX|Tceih4HrZ$W(>2w2^h?@#c^8xL-qkGq zsKvlL^aNC@9m8aEF)Lc;ubSoI(vNNvM>NQ}`!8z%2d1SF9K7?KYQQz5K@+SR%Feud zD^aE9o;TB^u)lxSsV;Qn!6{=mo+?yJ?fq1O?PldF{`_d|d1kA!Ic@%;k;!>}YDwuO z|1^s+LEC#*h-W*IB>(}>%X8!Rx2`w|rru(z0pWFUp&hd33EdD{G!K#wK@Yxn)?K+u9kv zD{qe$j3J{6ilhFiQ2QfPH@~(vrF_%Zmu#gTRlP48cG=~12>giKfq^O?P%5=g-d7sD ziu>=6oJ>AUt20$eN$C&pl+DK2#~n(Wl~0uhp261NY5(&y3jF!CpRV(lH~=G{eR%u! z&RsI&7tk~W#)tWK-_7b{91PxAbpD3Dy|w+%TTUBS01P}oFRxKaMP=uY_kjP}$xAeh z{PfoeI|x%Zf46E3AW+-}bf#)G`l}1fy)-?G?R!!V?)+_6M7@!ZPZ=76`O}q$=a+$7|I53#SRXWZVy<)_vwjqR}SUy3kW0vct#>12#$}A z-r>Qzq7wsVa<3#54WT4t5sk4)$!SjCW`hO~`->QO8xwOp6b1MRz*6ps#NYZZR(Gh? zAqhT-EzTv(&*VZu4Y2EHuyGy7rxsFjLqw-Gy%wwiLafpX<`elxl-LkRj>eC3_J6M< zO*=8BU!w{u?g>oM!LM^3pyYOf34eP+zN2@5sax7`@>2`fJKf<@`HwU##P;L}CNEcc zF@?aS53g_9@oifBz;1K{A@bOzBS}cKI_3n{4W*%(KHQdh@~>ZcboV(owRLAI8*#;v zYf%05N6wZrA5WEDBx5R0V`47qJNN2>5=9_@-~NT~$+fF+udgU7oM`n-M^KzQCwBom zw8tNl-sq#F?aG`Mu>(iz;~TR{)N zczIyO*Vs5;J*cw%&6S&Hl8@(*&f~M!T_tWtADmzE{BRp8zq)-`j>bGCM@zCTL_IEu zLfTnU>|H1I% zkfW^WDU1iN5}3ppat4y3@WpC5WlPKH0!W2zoqG***nOgDzA~i=9#dJHQJ@2VP@;m4 zdI>gqqD|C^R!lvc-z!Mma>y#tIcHcnXH9szZ0ym*8^06WQJ*_wa=PHu<-h(9RH)W3 literal 0 HcmV?d00001 diff --git a/website/docs/user-group/group.md b/website/docs/user-group-role/groups/index.mdx similarity index 86% rename from website/docs/user-group/group.md rename to website/docs/user-group-role/groups/index.mdx index a251ce18c..ea934547b 100644 --- a/website/docs/user-group/group.md +++ b/website/docs/user-group-role/groups/index.mdx @@ -1,5 +1,6 @@ --- -title: Group +title: About groups +description: Learn about groups in authentik --- ## Hierarchy diff --git a/website/docs/user-group-role/groups/manage_groups.md b/website/docs/user-group-role/groups/manage_groups.md new file mode 100644 index 000000000..96c468360 --- /dev/null +++ b/website/docs/user-group-role/groups/manage_groups.md @@ -0,0 +1,45 @@ +--- +title: Manage groups +description: "Learn how to work with groups in authentik." +--- + +A group is a collection of users. Refer to the following sections to learn how to create and manage groups, assign users and roles to groups, and how [permissions](../access-control/manage_permissions.md) work on a group level. + +## Create a group + +To create a new group, follow these steps: + +1. In the Admin interface, navigate to **Directory > Groups**. +2. Click **Create** at the top of the Groups page. +3. In the Create modal, define the following: + - name of the group + - whether or not users in that group will all be superusers (means anyone in that group has all permissions on everything) + - the parent group + - any custom attributes +4. Click **Create**. + +## Modify a group + +To edit the group's name, parent group, whether or not the group is for superusers, associated roles, and any custom attributes, click the Edit icon beside the role's name. Make the changes, and then click **Update**. + +To [add or remove users](../user/user_basic_operations.md#add-a-user-to-a-group) from the group, or to manage permissions assigned to the group, click on the name of the group to go to the group's detail page. + +For more information about permissions, refer to ["Assign or remove permissions for a specific group"](../access-control/manage_permissions.md#assign-or-remove-permissions-for-a-specific-group). + +## Delete a group + +To delete a group, follow these steps: + +1. In the Admin interface, navigate to **Directory > Groups**. +2. Select the checkbox beside the name of the group that you want to delete. +3. Click **Delete**. + +## Assign, modify, or remove permissions for a group + +You can grant a group specific global or object-level permissions. Any user who is a member of a group inherits all of the group's permissions. + +For more information, review ["Permissions"](../access-control/permissions.md). + +## Assign a role to a group + +You can assign a role to a group, and then all users in the group inherit the permissions assigned to that role. For instructions and more information, see ["Assign a role to a group"](../roles/manage_roles.md#assign-a-role-to-a-group). diff --git a/website/docs/user-group-role/roles/index.mdx b/website/docs/user-group-role/roles/index.mdx new file mode 100644 index 000000000..19d179780 --- /dev/null +++ b/website/docs/user-group-role/roles/index.mdx @@ -0,0 +1,20 @@ +--- +title: About roles +--- + +import DocCardList from "@theme/DocCardList"; +import { useCurrentSidebarCategory } from "@docusaurus/theme-common"; + +Roles are a way to simplify the assignment of permissions. Roles are also the backbone of role-based access control (RBAC), an industry standard for managing [access control](../access-control). In authentik, RBAC is how you manage access to system components and specific objects such as flows, stages, users, etc. + +Think of roles as a collection of permissions. A role, along with its "bucket" of assigned permissions, can then be assigned to a group, which means that every user who is a part of that group will inherit all of the permissions in that role's "bucket". + +For example, let's take a look at the following scenario: + +> You need to add 5 new users, all new hires, to authentik, your identity management system. These users will be the first team members on the brand new Security team, so they will need some high-level permissions, with object permissions to create and remove other users, revoke permissions, and send recovery emails. They will also need [global permissions](../access-control/permissions#fundamentals-of-authentik-permissions) to control access to flows and stages. + +The easiest workflow for setting up these new users involves [creating a role](./manage_roles.md#create-a-role) specifically for their type of work, and then [assigning that role to a group](./manage_roles.md#assign-a-role-to-a-group) to which all of the users belong. + +To learn more about working with roles in authentik, refer to the following topics: + + diff --git a/website/docs/user-group-role/roles/manage_roles.md b/website/docs/user-group-role/roles/manage_roles.md new file mode 100644 index 000000000..452fbb648 --- /dev/null +++ b/website/docs/user-group-role/roles/manage_roles.md @@ -0,0 +1,48 @@ +--- +title: "Manage roles" +description: "Learn how to work with roles and permissions in authentik." +--- + +Roles are a collection of permissions, which can then be assigned, en masse, to a group. Using roles is a way to quickly grant permissions; by adding a user to the group with the appropriate assigned roles, any user in that group then inherits all of those permissions that are assigned to the role. + +:::info +In authentik, we assign roles to groups, not to individual users. +::: + +## Create a role + +To create a new role, follow these steps: + +1. In the Admin interface, navigate to **Directory > Roles**. +2. Click **Create**, enter the name of the role, and then click **Create** in the modal. +3. Next, [assign permissions to the role](../access-control/permissions.md#assign-or-remove-permissions-for-a-specific-role). + +## Modify a role + +To modify a role, follow these steps: + +- To edit the name of the role, click the Edit icon beside the role's name. + +- To modify the permissions that are assigned to the role click on the role's name to go to the role's detail page. There you can add, modify, or remove permissions. For more information, refer to ["Assign or remove permissions for a specific role"](../access-control/permissions.md#assign-or-remove-permissions-for-a-specific-role). + +## Delete a role + +To delete a role, follow these steps: + +1. In the Admin interface, navigate to **Directory > Roles**. +2. Select the checkbox beside the name of the role that you want to delete. +3. Click **Delete**. + +## Assign a role to a group + +In authentik, roles are assigned to [groups](../groups/index.mdx), not to individual users. + +1. To assign the role to a group, navigate to **Directory -> Groups**. +2. Click the name of the group to which you want to add a role. +3. On the group's detail page, on the Overview tab, click **Edit** in the **Group Info** area. +4. On the **Update Group** modal, in the **Roles** field, scroll through the list of existent roles, and click to select the one you want to add to the group. (You can select multiple roles at once by holding the Control and Command keys while selecting the roles.) +5. Click **Update** to add the role(s) and close the modal. + +:::info +To remove a role from a group, hold the Command key and click the name of the role that you want to remove from the group. This desepcts the role. Then click **Update**. +::: diff --git a/website/docs/user-group/user/create_invite.png b/website/docs/user-group-role/user/create_invite.png similarity index 100% rename from website/docs/user-group/user/create_invite.png rename to website/docs/user-group-role/user/create_invite.png diff --git a/website/docs/user-group/user/index.mdx b/website/docs/user-group-role/user/index.mdx similarity index 100% rename from website/docs/user-group/user/index.mdx rename to website/docs/user-group-role/user/index.mdx diff --git a/website/docs/user-group/user/invitations.md b/website/docs/user-group-role/user/invitations.md similarity index 100% rename from website/docs/user-group/user/invitations.md rename to website/docs/user-group-role/user/invitations.md diff --git a/website/docs/user-group/user/user_basic_operations.md b/website/docs/user-group-role/user/user_basic_operations.md similarity index 83% rename from website/docs/user-group/user/user_basic_operations.md rename to website/docs/user-group-role/user/user_basic_operations.md index 73a834252..3955b5304 100644 --- a/website/docs/user-group/user/user_basic_operations.md +++ b/website/docs/user-group-role/user/user_basic_operations.md @@ -9,11 +9,8 @@ The following topics are for the basic management of users: how to create, modif > If you want to automate user creation, you can do that either by [invitations](./invitations.md), [`user_write` stage](../../flow/stages/user_write), or [using the API](/developer-docs/api/browser). 1. In the Admin interface of your authentik instance, select **Directory > Users** in the left side menu. - 2. Select the folder where you want to create a user. - 3. Click **Create** (for a default user). - 4. Fill in the required fields: - **Username**: This value must be unique across your user folders. @@ -22,8 +19,8 @@ The following topics are for the basic management of users: how to create, modif 5. Fill the **_optional_** fields if needed: - **Name**: The display name of the user. -- **Email**: The email address of the user. That will be used if there is a [notification rule](../../events/notifications) triggered or for [email stages](../../flow/stages/email). -- **Is active**: Define is the newly created user account is active. Selected by default. +- **Email**: The email address of the user. Email addresses are used in [email stages](../../flow/stages/email) and to receive [notifications](../../events/notifications), if configured. +- **Is active**: Define if the newly created user account is active. Selected by default. - **Attributes**: Custom attributes definition for the user, in YAML or JSON format. These attributes can be used to enforce additional prompts on authentication stages or define conditions to enforce specific policies if the current implementation does not fit your use case. The value is an empty dictionary by default. 6. Click **Create** @@ -43,7 +40,7 @@ To view details about a specific user: 2. To see further details, click any of the other tabs: - **Session** shows the active sessions established by the user. If there is any need, you can clean up the connected devices for a user by selecting the device(s) and then clicking **Delete**. This forces the user to authenticate again on the deleted devices. -- **Groups** allows you to manage the group membership of the user. You can find more details on [groups](../group). +- **Groups** allows you to manage the group membership of the user. You can find more details on [groups](../groups/index.mdx). - **User events** displays all the events generated by the user during a session, such as login, logout, application authorisation, password reset, user info update, etc. - **Explicit consent** lists all the permissions the user has given explicitly to an application. Entries will only appear if the user is validating an [explicit consent flow in an OAuth2 provider](../../providers/oauth2/). If you want to delete the explicit consent (because the application is requiring new permissions, or the user has explicitly asked to reset his consent on third-party apps), select the applications and click **Delete**. The user will be asked to again give explicit consent to share information with the application. - **OAuth Refresh Tokens** lists all the OAuth tokens currently distributed. You can remove the tokens by selecting the applications and then clicking **Delete**. @@ -53,32 +50,38 @@ To view details about a specific user: After the creation of the user, you can edit any parameter defined during the creation. -To modify a user object, go to **Directory > Users**, and click the edit icon beside the name. +To modify a user object, go to **Directory > Users**, and click the edit icon beside the name. You can also go into [user details](#view-user-details), and click **Edit**. -You can also go into [user details](#view-user-details), and click **Edit**. +### Assign, modify, or remove permissions for a user -## User recovery +You can grant a user specific global or object-level permissions. Alternatively, you can add a user to a group that has the appropriate permissions, and the user inherits all of the group's permissions. + +For more information, review ["Permissions"](../access-control/permissions.md). + +## Add a user to a group + +1. To add a user to a group, navigate to **Directory > Users** to display all users. +2. Click the name of the user to display the full user details page. +3. Click the **Groups** tab, and then click either **Add to existing group** or **Add to new group**. + +## User credentials recovery If a user has lost their credentials, there are several options. ### Email them a recovery link 1. In the Admin interface, navigate to **Directory > Users** to display all users. - -2. Either click the name of the user to display the full User details page, or click the chevron (the › symbol) beside their name to expand the toptions. - +2. Either click the name of the user to display the full User details page, or click the chevron (the › symbol) beside their name to expand the options. 3. To generate a recovery link, which you can then copy and paste into an email, click **View recovery link**. - A pop-up will appear on your browser with the link for you to copy and to send to the user. +A pop-up will appear on your browser with the link for you to copy and to send to the user. ### Automate email to a user You can use our automated email to send a link with the URL for the user to reset their password. This option will only work if you have properly [configured a SMTP server during the installation](../../installation/docker-compose#email-configuration-optional-but-recommended) and set an email address for the user. 1. In the Admin interface, navigate to **Directory > Users** to display all users. - 2. Either click the name of the user to display the full User details page, or click the chevron beside their name to expand the toptions. - 3. To send the automated email to the user, click **Email recovery link**. If the user does not receive the email, check if the mail server parameters [are properly configured](../../troubleshooting/emails). @@ -88,9 +91,7 @@ If the user does not receive the email, check if the mail server parameters [are As an Admin, you can simply reset the password for the user. 1. In the Admin interface, navigate to **Directory > Users** to display all users. - 2. Either click the name of the user to display the full User details page, or click the chevron beside their name to expand the toptions. - 3. To reset the user's password, click **Reset password**, and then define the new value. ## Deactivate or Delete user @@ -98,7 +99,6 @@ As an Admin, you can simply reset the password for the user. #### To deactivate a user: 1. Go into the user list or detail, and click **Deactivate**. - 2. Review the changes and click **Update**. The active sessions are revoked and the authentication of the user blocked. You can reactivate the account by following the same procedure. @@ -111,7 +111,6 @@ You may instead deactivate the account to preserve identity data. ::: 1. Go into the user list and select one (or multiple users) to delete and click **Delete** on the top-right of the page. - 2. Review the changes and click **Delete**. The user list refreshes and no longer displays the removed users. diff --git a/website/docs/user-group/user/user_ref.md b/website/docs/user-group-role/user/user_ref.md similarity index 100% rename from website/docs/user-group/user/user_ref.md rename to website/docs/user-group-role/user/user_ref.md diff --git a/website/integrations/services/minio/index.md b/website/integrations/services/minio/index.md index 11c664186..f2ea99217 100644 --- a/website/integrations/services/minio/index.md +++ b/website/integrations/services/minio/index.md @@ -43,7 +43,7 @@ elif ak_is_group_member(request.user, name="Minio users"): return None ``` -Note that you can assign multiple policies to a user by returning a list, and returning `None` will map no policies to the user, resulting in no access to the MinIO instance. For more information on writing expressions, see [Expressions](../../../docs/property-mappings/expression) and [User](../../../docs/user-group/user#object-attributes) docs. +Note that you can assign multiple policies to a user by returning a list, and returning `None` will map no policies to the user, resulting in no access to the MinIO instance. For more information on writing expressions, see [Expressions](../../../docs/property-mappings/expression) and [User](../../../docs/user-group-role/user/user_ref#object-properties) docs. ### Creating application and provider diff --git a/website/sidebars.js b/website/sidebars.js index 902194492..ac76683fd 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -13,7 +13,7 @@ const docsSidebar = { { type: "category", label: "Installation", - collapsed: false, + collapsed: true, link: { type: "doc", id: "installation/index", @@ -259,22 +259,51 @@ const docsSidebar = { }, { type: "category", - label: "Users & Groups", + label: "Users, Groups, & Roles", items: [ { type: "category", label: "Users", link: { type: "doc", - id: "user-group/user/index", + id: "user-group-role/user/index", }, items: [ - "user-group/user/user_basic_operations", - "user-group/user/user_ref", - "user-group/user/invitations", + "user-group-role/user/user_basic_operations", + "user-group-role/user/user_ref", + "user-group-role/user/invitations", + ], + }, + { + type: "category", + label: "Groups", + link: { + type: "doc", + id: "user-group-role/groups/index", + }, + items: ["user-group-role/groups/manage_groups"], + }, + { + type: "category", + label: "Roles", + link: { + type: "doc", + id: "user-group-role/roles/index", + }, + items: ["user-group-role/roles/manage_roles"], + }, + { + type: "category", + label: "Access control", + link: { + type: "doc", + id: "user-group-role/access-control/index", + }, + items: [ + "user-group-role/access-control/permissions", + "user-group-role/access-control/manage_permissions", ], }, - "user-group/group", ], }, { From 94ad8394372723c2bc7a1f615c0b610398db6ba7 Mon Sep 17 00:00:00 2001 From: "transifex-integration[bot]" <43880903+transifex-integration[bot]@users.noreply.github.com> Date: Thu, 26 Oct 2023 10:48:19 +0000 Subject: [PATCH 12/38] translate: Updates for file web/xliff/en.xlf in fr (#7297) * Translate web/xliff/en.xlf in fr 100% translated source file: 'web/xliff/en.xlf' on 'fr'. * Removing web/xliff/en.xlf in fr 99% of minimum 100% translated source file: 'web/xliff/en.xlf' on 'fr'. * Translate web/xliff/en.xlf in fr 100% translated source file: 'web/xliff/en.xlf' on 'fr'. --------- Signed-off-by: Jens L. Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com> Co-authored-by: Jens L --- web/xliff/fr.xlf | 115 +++++++++++++++++++++++++++++++++-------------- 1 file changed, 81 insertions(+), 34 deletions(-) diff --git a/web/xliff/fr.xlf b/web/xliff/fr.xlf index d56dbd71a..cac520e96 100644 --- a/web/xliff/fr.xlf +++ b/web/xliff/fr.xlf @@ -1,4 +1,4 @@ - + @@ -613,9 +613,9 @@ Il y a jour(s) - The URL "" was not found. - L'URL " - " n'a pas été trouvée. + The URL "" was not found. + L'URL " + " n'a pas été trouvée. @@ -1057,8 +1057,8 @@ Il y a jour(s) - To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. - Pour permettre n'importe quelle URI de redirection, définissez cette valeur sur ".*". Soyez conscient des possibles implications de sécurité que cela peut avoir. + To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. + Pour permettre n'importe quelle URI de redirection, définissez cette valeur sur ".*". Soyez conscient des possibles implications de sécurité que cela peut avoir. @@ -1630,7 +1630,7 @@ Il y a jour(s) Token to authenticate with. Currently only bearer authentication is supported. - Jeton d'authentification à utiliser. Actuellement, seule l'authentification "bearer authentication" est prise en charge. + Jeton d'authentification à utiliser. Actuellement, seule l'authentification "bearer authentication" est prise en charge. @@ -1798,8 +1798,8 @@ Il y a jour(s) - Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". - Entrez une URL complète, un chemin relatif ou utilisez 'fa://fa-test' pour utiliser l'icône Font Awesome "fa-test". + Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". + Entrez une URL complète, un chemin relatif ou utilisez 'fa://fa-test' pour utiliser l'icône Font Awesome "fa-test". @@ -2922,7 +2922,7 @@ doesn't pass when either or both of the selected options are equal or above the To use SSL instead, use 'ldaps://' and disable this option. - Pour utiliser SSL à la base, utilisez "ldaps://" et désactviez cette option. + Pour utiliser SSL à la base, utilisez "ldaps://" et désactviez cette option. @@ -3011,8 +3011,8 @@ doesn't pass when either or both of the selected options are equal or above the - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' - Champ qui contient les membres d'un groupe. Si vous utilisez le champ "memberUid", la valeur est censée contenir un nom distinctif relatif, par exemple 'memberUid=un-utilisateur' au lieu de 'memberUid=cn=un-utilisateur,ou=groups,...' + Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' + Champ qui contient les membres d'un groupe. Si vous utilisez le champ "memberUid", la valeur est censée contenir un nom distinctif relatif, par exemple 'memberUid=un-utilisateur' au lieu de 'memberUid=cn=un-utilisateur,ou=groups,...' @@ -3307,7 +3307,7 @@ doesn't pass when either or both of the selected options are equal or above the Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. - Moment où les utilisateurs temporaires doivent être supprimés. Cela ne s'applique que si votre IDP utilise le format NameID "transient" et que l'utilisateur ne se déconnecte pas manuellement. + Moment où les utilisateurs temporaires doivent être supprimés. Cela ne s'applique que si votre IDP utilise le format NameID "transient" et que l'utilisateur ne se déconnecte pas manuellement. @@ -3475,7 +3475,7 @@ doesn't pass when either or both of the selected options are equal or above the Optionally set the 'FriendlyName' value of the Assertion attribute. - Indiquer la valeur "FriendlyName" de l'attribut d'assertion (optionnel) + Indiquer la valeur "FriendlyName" de l'attribut d'assertion (optionnel) @@ -3804,8 +3804,8 @@ doesn't pass when either or both of the selected options are equal or above the - When using an external logging solution for archiving, this can be set to "minutes=5". - En cas d'utilisation d'une solution de journalisation externe pour l'archivage, cette valeur peut être fixée à "minutes=5". + When using an external logging solution for archiving, this can be set to "minutes=5". + En cas d'utilisation d'une solution de journalisation externe pour l'archivage, cette valeur peut être fixée à "minutes=5". @@ -3814,8 +3814,8 @@ doesn't pass when either or both of the selected options are equal or above the - Format: "weeks=3;days=2;hours=3,seconds=2". - Format : "weeks=3;days=2;hours=3,seconds=2". + Format: "weeks=3;days=2;hours=3,seconds=2". + Format : "weeks=3;days=2;hours=3,seconds=2". @@ -3850,7 +3850,7 @@ doesn't pass when either or both of the selected options are equal or above the Create Tenant - Créer un locataire + Créer un tenant @@ -4011,10 +4011,10 @@ doesn't pass when either or both of the selected options are equal or above the - Are you sure you want to update ""? + Are you sure you want to update ""? Êtes-vous sûr de vouloir mettre à jour - " - " ? + " + " ? @@ -5100,8 +5100,8 @@ doesn't pass when either or both of the selected options are equal or above the - A "roaming" authenticator, like a YubiKey - Un authentificateur "itinérant", comme une YubiKey + A "roaming" authenticator, like a YubiKey + Un authentificateur "itinérant", comme une YubiKey @@ -5426,7 +5426,7 @@ doesn't pass when either or both of the selected options are equal or above the Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. - Afficher des champs de saisie arbitraires à l'utilisateur, par exemple pendant l'inscription. Les données sont enregistrées dans le contexte du flux sous la variable "prompt_data". + Afficher des champs de saisie arbitraires à l'utilisateur, par exemple pendant l'inscription. Les données sont enregistrées dans le contexte du flux sous la variable "prompt_data". @@ -5435,10 +5435,10 @@ doesn't pass when either or both of the selected options are equal or above the - ("", of type ) + ("", of type ) - (" - ", de type + (" + ", de type ) @@ -5487,8 +5487,8 @@ doesn't pass when either or both of the selected options are equal or above the - If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. - Si défini à une durée supérieure à 0, l'utilisateur aura la possibilité de choisir de "rester connecté", ce qui prolongera sa session jusqu'à la durée spécifiée ici. + If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + Si défini à une durée supérieure à 0, l'utilisateur aura la possibilité de choisir de "rester connecté", ce qui prolongera sa session jusqu'à la durée spécifiée ici. @@ -6272,7 +6272,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. - Peut être au format "unix://" pour une connexion à un service docker local, "ssh://" pour une connexion via SSH, ou "https://:2376" pour une connexion à un système distant. + Peut être au format "unix://" pour une connexion à un service docker local, "ssh://" pour une connexion via SSH, ou "https://:2376" pour une connexion à un système distant. @@ -7579,7 +7579,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). - Utilisez ce fournisseur avec l'option "auth_request" de Nginx ou "forwardAuth" de Traefik. Chaque application/domaine a besoin de son propre fournisseur. De plus, sur chaque domaine, "/outpost.goauthentik.io" doit être routé vers le poste avancé (lorsque vous utilisez un poste avancé géré, cela est fait pour vous). + Utilisez ce fournisseur avec l'option "auth_request" de Nginx ou "forwardAuth" de Traefik. Chaque application/domaine a besoin de son propre fournisseur. De plus, sur chaque domaine, "/outpost.goauthentik.io" doit être routé vers le poste avancé (lorsque vous utilisez un poste avancé géré, cela est fait pour vous). Default relay state @@ -7597,60 +7597,79 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). Étape de configuration d'un authentificateur WebAuthn (Yubikey, FaceID/Windows Hello). -<<<<<<< HEAD Internal application name used in URLs. + Nom de l'application interne utilisé dans les URLs. Submit + Soumettre UI Settings + Paramètres d'UI Transparent Reverse Proxy + Reverse Proxy Transparent For transparent reverse proxies with required authentication + Pour les reverses proxy transparents avec authentification requise For nginx's auth_request or traefik's forwardAuth + Pour nginx auth_request ou traefik forwardAuth For nginx's auth_request or traefik's forwardAuth per root domain + Pour nginx auth_request ou traefik forwardAuth par domaine racine Configure SAML provider manually + Configurer le fournisseur SAML manuellement Configure RADIUS provider manually + Configurer le fournisseur RADIUS manuellement Configure SCIM provider manually + Configurer le fournisseur SCIM manuellement Saving Application... + Enregistrement de l'application... Authentik was unable to save this application: + authentik n'a pas pu sauvegarder cette application : Your application has been saved + L'application a été sauvegardée In the Application: + Dans l'application : In the Provider: + Dans le fournisseur : Method's display Name. + Nom d'affichage de la méthode. Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). + Utiliser ce fournisseur avec nginx auth_request ou traefik + forwardAuth. Chaque application/domaine a besoin de son fournisseur. + De plus, sur chaque domaine, /outpost.goauthentik.io doit être + routé vers l'avant-post (lors de l'utilisation d'un avant-poste managé, cela est fait automatiquement). Custom attributes @@ -7802,88 +7821,116 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti Pseudolocale (for testing) + Pseudolocale (pour tests) Create With Wizard + Créer avec l'assistant One hint, 'New Application Wizard', is currently hidden + Un indice, l'assistant nouvelle application est actuellement caché External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + Applications externes qui utilisent authentik comme fournisseur d'identité, en utilisant des protocoles comme OAuth2 et SAML. Toutes les applications sont affichées ici, même celles auxquelles vous n'avez pas accès. Deny message + Message de refus Message shown when this stage is run. + Message affiché lorsque cette étape est exécutée. Open Wizard + Lancer l'assistant Demo Wizard + Assistant de démo Run the demo wizard + Lancer l'assistant de démo OAuth2/OIDC (Open Authorization/OpenID Connect) + OAuth2/OIDC (Open Authorization/OpenID Connect) LDAP (Lightweight Directory Access Protocol) + LDAP (Lightweight Directory Access Protocol) Forward Auth (Single Application) + Transférer l'authentification (application unique) Forward Auth (Domain Level) + Transférer l'authentification (niveau domaine) SAML (Security Assertion Markup Language) + SAML (Security Assertion Markup Language) RADIUS (Remote Authentication Dial-In User Service) + RADIUS (Remote Authentication Dial-In User Service) SCIM (System for Cross-domain Identity Management) + SCIM (System for Cross-domain Identity Management) The token has been copied to your clipboard + Le jeton a été copié dans le presse-paper The token was displayed because authentik does not have permission to write to the clipboard + Le jeton a été affiché car authentik n'a pas la permission d'écrire dans le presse-papier A copy of this recovery link has been placed in your clipboard + Une copie de ce lien de récupération a été placée dans le presse-papier The current tenant must have a recovery flow configured to use a recovery link + Le tenant actuel doit avoir un flux de récupération configuré pour utiliser un lien de récupération Create recovery link + Créer un lien de récupération Create Recovery Link + Créer un lien de récupération External + Externe Service account + Compte de service Service account (internal) + Compte de service (interne) Check the release notes + Voir les notes de version User Statistics + Statistiques Utilisateur <No name set> + <No name set> - + \ No newline at end of file From 28053059ff602c3f1af5e13cc657abf320a4f6f8 Mon Sep 17 00:00:00 2001 From: Jens L Date: Thu, 26 Oct 2023 14:33:29 +0200 Subject: [PATCH 13/38] stages/user_write: allow setting user type when creating new user (#7293) Signed-off-by: Jens Langhammer --- authentik/stages/user_write/api.py | 1 + .../0008_userwritestage_user_type.py | 25 +++++++++++ authentik/stages/user_write/models.py | 6 ++- authentik/stages/user_write/stage.py | 17 ++++++- blueprints/schema.json | 10 +++++ schema.yml | 20 +++++++++ .../stages/user_write/UserWriteStageForm.ts | 45 ++++++++++++++++++- web/src/admin/users/UserForm.ts | 3 +- web/xliff/fr.xlf | 9 ++++ website/docs/flow/context/index.md | 8 ++++ 10 files changed, 139 insertions(+), 5 deletions(-) create mode 100644 authentik/stages/user_write/migrations/0008_userwritestage_user_type.py diff --git a/authentik/stages/user_write/api.py b/authentik/stages/user_write/api.py index 4cf0f17d2..1abca9e9f 100644 --- a/authentik/stages/user_write/api.py +++ b/authentik/stages/user_write/api.py @@ -15,6 +15,7 @@ class UserWriteStageSerializer(StageSerializer): "user_creation_mode", "create_users_as_inactive", "create_users_group", + "user_type", "user_path_template", ] diff --git a/authentik/stages/user_write/migrations/0008_userwritestage_user_type.py b/authentik/stages/user_write/migrations/0008_userwritestage_user_type.py new file mode 100644 index 000000000..e0761b551 --- /dev/null +++ b/authentik/stages/user_write/migrations/0008_userwritestage_user_type.py @@ -0,0 +1,25 @@ +# Generated by Django 4.2.6 on 2023-10-25 15:19 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + dependencies = [ + ("authentik_stages_user_write", "0007_remove_userwritestage_can_create_users_and_more"), + ] + + operations = [ + migrations.AddField( + model_name="userwritestage", + name="user_type", + field=models.TextField( + choices=[ + ("internal", "Internal"), + ("external", "External"), + ("service_account", "Service Account"), + ("internal_service_account", "Internal Service Account"), + ], + default="external", + ), + ), + ] diff --git a/authentik/stages/user_write/models.py b/authentik/stages/user_write/models.py index ca50951a3..eb1dfd2c7 100644 --- a/authentik/stages/user_write/models.py +++ b/authentik/stages/user_write/models.py @@ -5,7 +5,7 @@ from django.utils.translation import gettext_lazy as _ from django.views import View from rest_framework.serializers import BaseSerializer -from authentik.core.models import Group +from authentik.core.models import Group, UserTypes from authentik.flows.models import Stage @@ -39,6 +39,10 @@ class UserWriteStage(Stage): help_text=_("Optionally add newly created users to this group."), ) + user_type = models.TextField( + choices=UserTypes.choices, + default=UserTypes.EXTERNAL, + ) user_path_template = models.TextField( default="", blank=True, diff --git a/authentik/stages/user_write/stage.py b/authentik/stages/user_write/stage.py index 5a4c80974..5117f0358 100644 --- a/authentik/stages/user_write/stage.py +++ b/authentik/stages/user_write/stage.py @@ -9,7 +9,7 @@ from django.utils.translation import gettext as _ from rest_framework.exceptions import ValidationError from authentik.core.middleware import SESSION_KEY_IMPERSONATE_USER -from authentik.core.models import USER_ATTRIBUTE_SOURCES, User, UserSourceConnection +from authentik.core.models import USER_ATTRIBUTE_SOURCES, User, UserSourceConnection, UserTypes from authentik.core.sources.stage import PLAN_CONTEXT_SOURCES_CONNECTION from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER from authentik.flows.stage import StageView @@ -22,6 +22,7 @@ from authentik.stages.user_write.models import UserCreationMode from authentik.stages.user_write.signals import user_write PLAN_CONTEXT_GROUPS = "groups" +PLAN_CONTEXT_USER_TYPE = "user_type" PLAN_CONTEXT_USER_PATH = "user_path" @@ -55,6 +56,19 @@ class UserWriteStageView(StageView): ) if path == "": path = User.default_path() + + try: + user_type = UserTypes( + self.executor.plan.context.get( + PLAN_CONTEXT_USER_TYPE, + self.executor.current_stage.user_type, + ) + ) + except ValueError: + user_type = self.executor.current_stage.user_type + if user_type == UserTypes.INTERNAL_SERVICE_ACCOUNT: + user_type = UserTypes.SERVICE_ACCOUNT + if not self.request.user.is_anonymous: self.executor.plan.context.setdefault(PLAN_CONTEXT_PENDING_USER, self.request.user) if ( @@ -66,6 +80,7 @@ class UserWriteStageView(StageView): self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = User( is_active=not self.executor.current_stage.create_users_as_inactive, path=path, + type=user_type, ) self.executor.plan.context[PLAN_CONTEXT_AUTHENTICATION_BACKEND] = BACKEND_INBUILT self.logger.debug( diff --git a/blueprints/schema.json b/blueprints/schema.json index deb177e4d..6fe11e20a 100644 --- a/blueprints/schema.json +++ b/blueprints/schema.json @@ -8368,6 +8368,16 @@ "title": "Create users group", "description": "Optionally add newly created users to this group." }, + "user_type": { + "type": "string", + "enum": [ + "internal", + "external", + "service_account", + "internal_service_account" + ], + "title": "User type" + }, "user_path_template": { "type": "string", "title": "User path template" diff --git a/schema.yml b/schema.yml index 5a6a347ab..f956fcabb 100644 --- a/schema.yml +++ b/schema.yml @@ -27494,6 +27494,20 @@ paths: name: user_path_template schema: type: string + - in: query + name: user_type + schema: + type: string + enum: + - external + - internal + - internal_service_account + - service_account + description: |- + * `internal` - Internal + * `external` - External + * `service_account` - Service Account + * `internal_service_account` - Internal Service Account tags: - stages security: @@ -38052,6 +38066,8 @@ components: format: uuid nullable: true description: Optionally add newly created users to this group. + user_type: + $ref: '#/components/schemas/UserTypeEnum' user_path_template: type: string PatchedWebAuthnDeviceRequest: @@ -42422,6 +42438,8 @@ components: format: uuid nullable: true description: Optionally add newly created users to this group. + user_type: + $ref: '#/components/schemas/UserTypeEnum' user_path_template: type: string required: @@ -42452,6 +42470,8 @@ components: format: uuid nullable: true description: Optionally add newly created users to this group. + user_type: + $ref: '#/components/schemas/UserTypeEnum' user_path_template: type: string required: diff --git a/web/src/admin/stages/user_write/UserWriteStageForm.ts b/web/src/admin/stages/user_write/UserWriteStageForm.ts index 0cfefc57c..3ef5185cd 100644 --- a/web/src/admin/stages/user_write/UserWriteStageForm.ts +++ b/web/src/admin/stages/user_write/UserWriteStageForm.ts @@ -12,7 +12,14 @@ import { TemplateResult, html } from "lit"; import { customElement } from "lit/decorators.js"; import { ifDefined } from "lit/directives/if-defined.js"; -import { CoreApi, CoreGroupsListRequest, Group, StagesApi, UserWriteStage } from "@goauthentik/api"; +import { + CoreApi, + CoreGroupsListRequest, + Group, + StagesApi, + UserTypeEnum, + UserWriteStage, +} from "@goauthentik/api"; @customElement("ak-stage-user-write-form") export class UserWriteStageForm extends ModelForm { @@ -111,6 +118,42 @@ export class UserWriteStageForm extends ModelForm { ${msg("Mark newly created users as inactive.")}

+ + + +

+ ${msg("User type used for newly created users.")} +

+
{ diff --git a/web/xliff/fr.xlf b/web/xliff/fr.xlf index cac520e96..222053997 100644 --- a/web/xliff/fr.xlf +++ b/web/xliff/fr.xlf @@ -7930,6 +7930,15 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti <No name set> <No name set> + + + Check the release notes + + + User Statistics + + + User type used for newly created users. diff --git a/website/docs/flow/context/index.md b/website/docs/flow/context/index.md index 13f6c5c5b..c092f3471 100644 --- a/website/docs/flow/context/index.md +++ b/website/docs/flow/context/index.md @@ -120,6 +120,14 @@ If set, this must be a list of group objects and not group names. Path the `pending_user` will be written to. If not set in the flow, falls back to the value set in the user_write stage, and otherwise to the `users` path. +##### `user_type` (string) + +:::info +Requires authentik 2023.10 +::: + +Type the `pending_user` will be created as. Must be one of `internal`, `external` or `service_account`. + #### Password stage ##### `user_backend` (string) From 709fd716d8a5c8bcb26c21a58e7323622a68cf0d Mon Sep 17 00:00:00 2001 From: "authentik-automation[bot]" <135050075+authentik-automation[bot]@users.noreply.github.com> Date: Thu, 26 Oct 2023 12:49:59 +0000 Subject: [PATCH 14/38] web: bump API Client version (#7310) Signed-off-by: GitHub Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com> --- web/package-lock.json | 8 ++++---- web/package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index a0975344a..f57ee4d88 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -17,7 +17,7 @@ "@codemirror/theme-one-dark": "^6.1.2", "@formatjs/intl-listformat": "^7.5.0", "@fortawesome/fontawesome-free": "^6.4.2", - "@goauthentik/api": "^2023.8.3-1697813667", + "@goauthentik/api": "^2023.8.3-1698323628", "@lit-labs/context": "^0.4.1", "@lit-labs/task": "^3.1.0", "@lit/localize": "^0.11.4", @@ -2883,9 +2883,9 @@ } }, "node_modules/@goauthentik/api": { - "version": "2023.8.3-1697813667", - "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2023.8.3-1697813667.tgz", - "integrity": "sha512-ZzAThGkJVp/MKVll5cnnVx3Eq0k3K57QmYNPIGdOaVX/bLqMHB/d/y+FsBS0LnJrFFixtHej2UjWo6a3xlT5qA==" + "version": "2023.8.3-1698323628", + "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2023.8.3-1698323628.tgz", + "integrity": "sha512-qSpmrbLTCQWevjawXO26WYZcQ6Y4Cp/fIQn3KSl8fohK85MwCYLk9pqt6MZl1sC93A3dlak6sYHp9xEG3JN8wQ==" }, "node_modules/@hcaptcha/types": { "version": "1.0.3", diff --git a/web/package.json b/web/package.json index f74aeca54..cad748060 100644 --- a/web/package.json +++ b/web/package.json @@ -38,7 +38,7 @@ "@codemirror/theme-one-dark": "^6.1.2", "@formatjs/intl-listformat": "^7.5.0", "@fortawesome/fontawesome-free": "^6.4.2", - "@goauthentik/api": "^2023.8.3-1697813667", + "@goauthentik/api": "^2023.8.3-1698323628", "@lit-labs/context": "^0.4.1", "@lit-labs/task": "^3.1.0", "@lit/localize": "^0.11.4", From d9b3e307e3fba37f8c5ad90249e52a2c8c11891e Mon Sep 17 00:00:00 2001 From: Jens L Date: Thu, 26 Oct 2023 15:10:17 +0200 Subject: [PATCH 15/38] website/docs: add 2023.10 release notes (#7309) Signed-off-by: Jens Langhammer --- website/docs/releases/2023/v2023.10.md | 2891 ++++++++++++++++++++++++ website/sidebars.js | 3 +- 2 files changed, 2893 insertions(+), 1 deletion(-) create mode 100644 website/docs/releases/2023/v2023.10.md diff --git a/website/docs/releases/2023/v2023.10.md b/website/docs/releases/2023/v2023.10.md new file mode 100644 index 000000000..1ae4203e8 --- /dev/null +++ b/website/docs/releases/2023/v2023.10.md @@ -0,0 +1,2891 @@ +--- +title: Release 2023.10 +slug: "/releases/2023.10" +--- + + + +## New features + +- RBAC (preview) + + With this release we're introducing the ability to finely configure permissions within authentik. These permissions can be used to delegate different tasks, such as user management, application creation and more to users without granting them full superuser permissions. With this system, a least-privilege system can also be implemented much more easily. See more info [here](../../user-group-role/access-control/index.mdx) + +- LDAP Provider improvements + + The LDAP Provider now has an expanded schema, increasing the compatibility with clients that use the LDAP schema to parse data and .net applications on Windows. + +- Improved Proxy provider logout + + The proxy provider will now terminate all sessions when a user logs out of authentik or their session expires. + +- LDAP Source structure mirroring + + The LDAP Source has a new default property mapping called `authentik default LDAP Mapping: DN to User Path` which will map the LDAP users' DN to the user path in authentik, keeping the same structure as the directory the source syncs from. + +- OAuth Source OIDC auto-refresh + + OAuth sources that have a _OIDC Well-known URL_ or _OIDC JWKS URL_ set will periodically be updated to use the correct configuration based on the configured URLs. + +## Upgrading + +This release does not introduce any new requirements. + +### docker-compose + +To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands: + +``` +wget -O docker-compose.yml https://goauthentik.io/version/2023.10/docker-compose.yml +docker-compose up -d +``` + +The `-O` flag retains the downloaded file's name, overwriting any existing local file with the same name. + +### Kubernetes + +Upgrade the Helm Chart to the new version, using the following commands: + +```shell +helm repo update +helm upgrade authentik authentik/authentik -f values.yaml --version ^2023.10 +``` + +## Minor changes/fixes + +- blueprints: fix mismatched user-login stage order (#7030) +- ci: test with postgres 16 +- core/api: add uuid field to core api user http response (#7110) +- core: Initial RBAC (#6806) +- core: Use branding_title in the end session page (#7282) +- core: prevent self-impersonation (#6885) +- core: remove celery's duplicate max_tasks_per_child (#6840) +- events: fix error when storing events with date/time/datetime/etc (#7028) +- flows: remove need for post() wrapper by using dispatch (#6765) +- flows: stage_invalid() makes flow restart depending on invalid_response_action setting (#6780) +- outposts: use channel groups instead of saving channel names (#7183) +- policies/reputation: require either check to be enabled (#6764) +- policies: fix cached policy metric (#7068) +- providers/ldap: add windows adsi support (#7098) +- providers/proxy: improve SLO by backchannel logging out sessions (#7099) +- providers/radius: TOTP MFA support (#7217) +- providers/saml: add default RelayState value for IDP-initiated requests (#7100) +- providers/saml: set WantAuthnRequestsSigned in metadata (#6851) +- providers/scim: check that a provider exists before starting scim task (#6841) +- providers/scim: remove preview banner (#7166) +- root: add option to disable beat when running worker (#6849) +- root: connect to backend via socket (#6720) +- root: disable APPEND_SLASH (#6928) +- root: extended flow and policy metrics (#7067) +- root: handle SIGHUP and SIGUSR2, healthcheck gunicorn (#6630) +- root: make Celery worker concurrency configurable (#6837) +- root: replace boj/redistore with vendored version of rbcervilla/redisstore (#6988) +- sources/ldap: add default property mapping to mirror directory structure (#6990) +- sources/ldap: add lock to sync (#6930) +- sources/ldap: add warning when a property mapping returns None or bytes (#6913) +- sources/ldap: fix FreeIPA nsaccountlock sync (#6745) +- sources/ldap: fix attribute path resolution (#7090) +- sources/ldap: fix inverted interpretation of FreeIPA nsaccountlock (#6877) +- sources/ldap: fix task timeout for ldap_sync_all and ldap_sync_single (#6809) +- sources/oauth: fix oidc well-known parsing (#7248) +- sources/oauth: include default JWKS URLs for OAuth sources (#6992) +- sources/oauth: periodically update OAuth sources' OIDC configuration (#7245) +- stages/authenticator_sms: fix error when phone number from context already exists (#7264) +- stages/authenticator: vendor otp (#6741) +- stages/deny: add custom message (#7144) +- stages/email: Fix query parameters getting lost in Email links (#5376) +- stages/email: rework email templates (#7029) +- stages/invitation: fix mis-matched serializer class for invitation (#7018) +- stages/password: fix failed_attempts_before_cancel allowing one too many (#6763) +- web/admin: add additional Flow info (#7155) +- web/admin: fix application icon size (#6738) +- web/admin: fix flow-search not being able to unset (#6838) +- web/admin: fix not being able to unset certificates (#6767) +- web/admin: fix prompt form and codemirror mode (#7231) +- web/admin: fix webauthn label order, add raw value (#6905) +- web/admin: improve user email button labels (#7233) +- web/admin: invitation stage: default "continue without invitation" to false +- web/admin: use `
` for order field on bound elements (#7031)
+-   web/admin: user details few tooltip buttons (#6899)
+-   web/flows: fix plex login not opening new tab on mobile safari (#7050)
+-   web/user: fix incorrect link to admin interface (#6993)
+-   web/user: fix unenrollment flow not being shown (#6972)
+-   web: change 'Attributes' to 'Custom attributes' on Invitation Field (#7145)
+-   web: the return of pseudolocalization (#7190)
+
+## API Changes
+
+#### What's New
+
+---
+
+##### `PUT` /core/transactional/applications/
+
+##### `GET` /rbac/permissions/
+
+##### `GET` /rbac/permissions/{id}/
+
+##### `GET` /rbac/permissions/assigned_by_roles/
+
+##### `POST` /rbac/permissions/assigned_by_roles/{uuid}/assign/
+
+##### `PATCH` /rbac/permissions/assigned_by_roles/{uuid}/unassign/
+
+##### `GET` /rbac/permissions/assigned_by_users/
+
+##### `POST` /rbac/permissions/assigned_by_users/{id}/assign/
+
+##### `PATCH` /rbac/permissions/assigned_by_users/{id}/unassign/
+
+##### `GET` /rbac/permissions/roles/
+
+##### `GET` /rbac/permissions/users/
+
+##### `GET` /rbac/roles/
+
+##### `POST` /rbac/roles/
+
+##### `GET` /rbac/roles/{uuid}/
+
+##### `PUT` /rbac/roles/{uuid}/
+
+##### `DELETE` /rbac/roles/{uuid}/
+
+##### `PATCH` /rbac/roles/{uuid}/
+
+##### `GET` /rbac/roles/{uuid}/used_by/
+
+#### What's Changed
+
+---
+
+##### `GET` /authenticators/admin/totp/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this TOTP Device.
+
+##### `PUT` /authenticators/admin/totp/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this TOTP Device.
+
+##### `DELETE` /authenticators/admin/totp/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this TOTP Device.
+
+##### `PATCH` /authenticators/admin/totp/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this TOTP Device.
+
+##### `GET` /authenticators/totp/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this TOTP Device.
+
+##### `PUT` /authenticators/totp/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this TOTP Device.
+
+##### `DELETE` /authenticators/totp/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this TOTP Device.
+
+##### `PATCH` /authenticators/totp/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this TOTP Device.
+
+##### `POST` /core/groups/{group_uuid}/add_user/
+
+###### Parameters:
+
+Changed: `group_uuid` in `path`
+
+> A UUID string identifying this Group.
+
+##### `POST` /core/groups/{group_uuid}/remove_user/
+
+###### Parameters:
+
+Changed: `group_uuid` in `path`
+
+> A UUID string identifying this Group.
+
+##### `GET` /enterprise/license/{license_uuid}/
+
+###### Parameters:
+
+Changed: `license_uuid` in `path`
+
+> A UUID string identifying this License.
+
+##### `PUT` /enterprise/license/{license_uuid}/
+
+###### Parameters:
+
+Changed: `license_uuid` in `path`
+
+> A UUID string identifying this License.
+
+##### `DELETE` /enterprise/license/{license_uuid}/
+
+###### Parameters:
+
+Changed: `license_uuid` in `path`
+
+> A UUID string identifying this License.
+
+##### `PATCH` /enterprise/license/{license_uuid}/
+
+###### Parameters:
+
+Changed: `license_uuid` in `path`
+
+> A UUID string identifying this License.
+
+##### `GET` /outposts/instances/{uuid}/health/
+
+###### Parameters:
+
+Changed: `uuid` in `path`
+
+> A UUID string identifying this Outpost.
+
+##### `GET` /outposts/radius/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `mfa_support` (boolean)
+        > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
+
+##### `GET` /policies/event_matcher/{policy_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `app` (string)
+
+        > -   `authentik.admin` - authentik Admin
+        > -   `authentik.api` - authentik API
+        > -   `authentik.crypto` - authentik Crypto
+        > -   `authentik.events` - authentik Events
+        > -   `authentik.flows` - authentik Flows
+        > -   `authentik.outposts` - authentik Outpost
+        > -   `authentik.policies.dummy` - authentik Policies.Dummy
+        > -   `authentik.policies.event_matcher` - authentik Policies.Event Matcher
+        > -   `authentik.policies.expiry` - authentik Policies.Expiry
+        > -   `authentik.policies.expression` - authentik Policies.Expression
+        > -   `authentik.policies.password` - authentik Policies.Password
+        > -   `authentik.policies.reputation` - authentik Policies.Reputation
+        > -   `authentik.policies` - authentik Policies
+        > -   `authentik.providers.ldap` - authentik Providers.LDAP
+        > -   `authentik.providers.oauth2` - authentik Providers.OAuth2
+        > -   `authentik.providers.proxy` - authentik Providers.Proxy
+        > -   `authentik.providers.radius` - authentik Providers.Radius
+        > -   `authentik.providers.saml` - authentik Providers.SAML
+        > -   `authentik.providers.scim` - authentik Providers.SCIM
+        > -   `authentik.rbac` - authentik RBAC
+        > -   `authentik.recovery` - authentik Recovery
+        > -   `authentik.sources.ldap` - authentik Sources.LDAP
+        > -   `authentik.sources.oauth` - authentik Sources.OAuth
+        > -   `authentik.sources.plex` - authentik Sources.Plex
+        > -   `authentik.sources.saml` - authentik Sources.SAML
+        > -   `authentik.stages.authenticator` - authentik Stages.Authenticator
+        > -   `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
+        > -   `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
+        > -   `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
+        > -   `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
+        > -   `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
+        > -   `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
+        > -   `authentik.stages.captcha` - authentik Stages.Captcha
+        > -   `authentik.stages.consent` - authentik Stages.Consent
+        > -   `authentik.stages.deny` - authentik Stages.Deny
+        > -   `authentik.stages.dummy` - authentik Stages.Dummy
+        > -   `authentik.stages.email` - authentik Stages.Email
+        > -   `authentik.stages.identification` - authentik Stages.Identification
+        > -   `authentik.stages.invitation` - authentik Stages.User Invitation
+        > -   `authentik.stages.password` - authentik Stages.Password
+        > -   `authentik.stages.prompt` - authentik Stages.Prompt
+        > -   `authentik.stages.user_delete` - authentik Stages.User Delete
+        > -   `authentik.stages.user_login` - authentik Stages.User Login
+        > -   `authentik.stages.user_logout` - authentik Stages.User Logout
+        > -   `authentik.stages.user_write` - authentik Stages.User Write
+        > -   `authentik.tenants` - authentik Tenants
+        > -   `authentik.blueprints` - authentik Blueprints
+        > -   `authentik.core` - authentik Core
+        > -   `authentik.enterprise` - authentik Enterprise
+
+        Added enum values:
+
+        -   `authentik.rbac`
+        -   `authentik.stages.authenticator`
+
+    -   Changed property `model` (string)
+
+        > -   `authentik_crypto.certificatekeypair` - Certificate-Key Pair
+        > -   `authentik_events.event` - Event
+        > -   `authentik_events.notificationtransport` - Notification Transport
+        > -   `authentik_events.notification` - Notification
+        > -   `authentik_events.notificationrule` - Notification Rule
+        > -   `authentik_events.notificationwebhookmapping` - Webhook Mapping
+        > -   `authentik_flows.flow` - Flow
+        > -   `authentik_flows.flowstagebinding` - Flow Stage Binding
+        > -   `authentik_outposts.dockerserviceconnection` - Docker Service-Connection
+        > -   `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection
+        > -   `authentik_outposts.outpost` - Outpost
+        > -   `authentik_policies_dummy.dummypolicy` - Dummy Policy
+        > -   `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy
+        > -   `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy
+        > -   `authentik_policies_expression.expressionpolicy` - Expression Policy
+        > -   `authentik_policies_password.passwordpolicy` - Password Policy
+        > -   `authentik_policies_reputation.reputationpolicy` - Reputation Policy
+        > -   `authentik_policies_reputation.reputation` - Reputation Score
+        > -   `authentik_policies.policybinding` - Policy Binding
+        > -   `authentik_providers_ldap.ldapprovider` - LDAP Provider
+        > -   `authentik_providers_oauth2.scopemapping` - Scope Mapping
+        > -   `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider
+        > -   `authentik_providers_oauth2.authorizationcode` - Authorization Code
+        > -   `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token
+        > -   `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token
+        > -   `authentik_providers_proxy.proxyprovider` - Proxy Provider
+        > -   `authentik_providers_radius.radiusprovider` - Radius Provider
+        > -   `authentik_providers_saml.samlprovider` - SAML Provider
+        > -   `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping
+        > -   `authentik_providers_scim.scimprovider` - SCIM Provider
+        > -   `authentik_providers_scim.scimmapping` - SCIM Mapping
+        > -   `authentik_rbac.role` - Role
+        > -   `authentik_sources_ldap.ldapsource` - LDAP Source
+        > -   `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping
+        > -   `authentik_sources_oauth.oauthsource` - OAuth Source
+        > -   `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection
+        > -   `authentik_sources_plex.plexsource` - Plex Source
+        > -   `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
+        > -   `authentik_sources_saml.samlsource` - SAML Source
+        > -   `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
+        > -   `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_duo.duodevice` - Duo Device
+        > -   `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_sms.smsdevice` - SMS Device
+        > -   `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
+        > -   `authentik_stages_authenticator_static.staticdevice` - Static Device
+        > -   `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
+        > -   `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage
+        > -   `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device
+        > -   `authentik_stages_captcha.captchastage` - Captcha Stage
+        > -   `authentik_stages_consent.consentstage` - Consent Stage
+        > -   `authentik_stages_consent.userconsent` - User Consent
+        > -   `authentik_stages_deny.denystage` - Deny Stage
+        > -   `authentik_stages_dummy.dummystage` - Dummy Stage
+        > -   `authentik_stages_email.emailstage` - Email Stage
+        > -   `authentik_stages_identification.identificationstage` - Identification Stage
+        > -   `authentik_stages_invitation.invitationstage` - Invitation Stage
+        > -   `authentik_stages_invitation.invitation` - Invitation
+        > -   `authentik_stages_password.passwordstage` - Password Stage
+        > -   `authentik_stages_prompt.prompt` - Prompt
+        > -   `authentik_stages_prompt.promptstage` - Prompt Stage
+        > -   `authentik_stages_user_delete.userdeletestage` - User Delete Stage
+        > -   `authentik_stages_user_login.userloginstage` - User Login Stage
+        > -   `authentik_stages_user_logout.userlogoutstage` - User Logout Stage
+        > -   `authentik_stages_user_write.userwritestage` - User Write Stage
+        > -   `authentik_tenants.tenant` - Tenant
+        > -   `authentik_blueprints.blueprintinstance` - Blueprint Instance
+        > -   `authentik_core.group` - Group
+        > -   `authentik_core.user` - User
+        > -   `authentik_core.application` - Application
+        > -   `authentik_core.token` - Token
+        > -   `authentik_enterprise.license` - License
+
+        Added enum values:
+
+        -   `authentik_rbac.role`
+        -   `authentik_stages_authenticator_static.staticdevice`
+        -   `authentik_stages_authenticator_totp.totpdevice`
+        -   `authentik_enterprise.license`
+
+##### `PUT` /policies/event_matcher/{policy_uuid}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Changed property `app` (string)
+
+    > -   `authentik.admin` - authentik Admin
+    > -   `authentik.api` - authentik API
+    > -   `authentik.crypto` - authentik Crypto
+    > -   `authentik.events` - authentik Events
+    > -   `authentik.flows` - authentik Flows
+    > -   `authentik.outposts` - authentik Outpost
+    > -   `authentik.policies.dummy` - authentik Policies.Dummy
+    > -   `authentik.policies.event_matcher` - authentik Policies.Event Matcher
+    > -   `authentik.policies.expiry` - authentik Policies.Expiry
+    > -   `authentik.policies.expression` - authentik Policies.Expression
+    > -   `authentik.policies.password` - authentik Policies.Password
+    > -   `authentik.policies.reputation` - authentik Policies.Reputation
+    > -   `authentik.policies` - authentik Policies
+    > -   `authentik.providers.ldap` - authentik Providers.LDAP
+    > -   `authentik.providers.oauth2` - authentik Providers.OAuth2
+    > -   `authentik.providers.proxy` - authentik Providers.Proxy
+    > -   `authentik.providers.radius` - authentik Providers.Radius
+    > -   `authentik.providers.saml` - authentik Providers.SAML
+    > -   `authentik.providers.scim` - authentik Providers.SCIM
+    > -   `authentik.rbac` - authentik RBAC
+    > -   `authentik.recovery` - authentik Recovery
+    > -   `authentik.sources.ldap` - authentik Sources.LDAP
+    > -   `authentik.sources.oauth` - authentik Sources.OAuth
+    > -   `authentik.sources.plex` - authentik Sources.Plex
+    > -   `authentik.sources.saml` - authentik Sources.SAML
+    > -   `authentik.stages.authenticator` - authentik Stages.Authenticator
+    > -   `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
+    > -   `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
+    > -   `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
+    > -   `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
+    > -   `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
+    > -   `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
+    > -   `authentik.stages.captcha` - authentik Stages.Captcha
+    > -   `authentik.stages.consent` - authentik Stages.Consent
+    > -   `authentik.stages.deny` - authentik Stages.Deny
+    > -   `authentik.stages.dummy` - authentik Stages.Dummy
+    > -   `authentik.stages.email` - authentik Stages.Email
+    > -   `authentik.stages.identification` - authentik Stages.Identification
+    > -   `authentik.stages.invitation` - authentik Stages.User Invitation
+    > -   `authentik.stages.password` - authentik Stages.Password
+    > -   `authentik.stages.prompt` - authentik Stages.Prompt
+    > -   `authentik.stages.user_delete` - authentik Stages.User Delete
+    > -   `authentik.stages.user_login` - authentik Stages.User Login
+    > -   `authentik.stages.user_logout` - authentik Stages.User Logout
+    > -   `authentik.stages.user_write` - authentik Stages.User Write
+    > -   `authentik.tenants` - authentik Tenants
+    > -   `authentik.blueprints` - authentik Blueprints
+    > -   `authentik.core` - authentik Core
+    > -   `authentik.enterprise` - authentik Enterprise
+
+    Added enum values:
+
+    -   `authentik.rbac`
+    -   `authentik.stages.authenticator`
+
+-   Changed property `model` (string)
+
+    > -   `authentik_crypto.certificatekeypair` - Certificate-Key Pair
+    > -   `authentik_events.event` - Event
+    > -   `authentik_events.notificationtransport` - Notification Transport
+    > -   `authentik_events.notification` - Notification
+    > -   `authentik_events.notificationrule` - Notification Rule
+    > -   `authentik_events.notificationwebhookmapping` - Webhook Mapping
+    > -   `authentik_flows.flow` - Flow
+    > -   `authentik_flows.flowstagebinding` - Flow Stage Binding
+    > -   `authentik_outposts.dockerserviceconnection` - Docker Service-Connection
+    > -   `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection
+    > -   `authentik_outposts.outpost` - Outpost
+    > -   `authentik_policies_dummy.dummypolicy` - Dummy Policy
+    > -   `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy
+    > -   `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy
+    > -   `authentik_policies_expression.expressionpolicy` - Expression Policy
+    > -   `authentik_policies_password.passwordpolicy` - Password Policy
+    > -   `authentik_policies_reputation.reputationpolicy` - Reputation Policy
+    > -   `authentik_policies_reputation.reputation` - Reputation Score
+    > -   `authentik_policies.policybinding` - Policy Binding
+    > -   `authentik_providers_ldap.ldapprovider` - LDAP Provider
+    > -   `authentik_providers_oauth2.scopemapping` - Scope Mapping
+    > -   `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider
+    > -   `authentik_providers_oauth2.authorizationcode` - Authorization Code
+    > -   `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token
+    > -   `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token
+    > -   `authentik_providers_proxy.proxyprovider` - Proxy Provider
+    > -   `authentik_providers_radius.radiusprovider` - Radius Provider
+    > -   `authentik_providers_saml.samlprovider` - SAML Provider
+    > -   `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping
+    > -   `authentik_providers_scim.scimprovider` - SCIM Provider
+    > -   `authentik_providers_scim.scimmapping` - SCIM Mapping
+    > -   `authentik_rbac.role` - Role
+    > -   `authentik_sources_ldap.ldapsource` - LDAP Source
+    > -   `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping
+    > -   `authentik_sources_oauth.oauthsource` - OAuth Source
+    > -   `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection
+    > -   `authentik_sources_plex.plexsource` - Plex Source
+    > -   `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
+    > -   `authentik_sources_saml.samlsource` - SAML Source
+    > -   `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
+    > -   `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
+    > -   `authentik_stages_authenticator_duo.duodevice` - Duo Device
+    > -   `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
+    > -   `authentik_stages_authenticator_sms.smsdevice` - SMS Device
+    > -   `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
+    > -   `authentik_stages_authenticator_static.staticdevice` - Static Device
+    > -   `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
+    > -   `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
+    > -   `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage
+    > -   `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage
+    > -   `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device
+    > -   `authentik_stages_captcha.captchastage` - Captcha Stage
+    > -   `authentik_stages_consent.consentstage` - Consent Stage
+    > -   `authentik_stages_consent.userconsent` - User Consent
+    > -   `authentik_stages_deny.denystage` - Deny Stage
+    > -   `authentik_stages_dummy.dummystage` - Dummy Stage
+    > -   `authentik_stages_email.emailstage` - Email Stage
+    > -   `authentik_stages_identification.identificationstage` - Identification Stage
+    > -   `authentik_stages_invitation.invitationstage` - Invitation Stage
+    > -   `authentik_stages_invitation.invitation` - Invitation
+    > -   `authentik_stages_password.passwordstage` - Password Stage
+    > -   `authentik_stages_prompt.prompt` - Prompt
+    > -   `authentik_stages_prompt.promptstage` - Prompt Stage
+    > -   `authentik_stages_user_delete.userdeletestage` - User Delete Stage
+    > -   `authentik_stages_user_login.userloginstage` - User Login Stage
+    > -   `authentik_stages_user_logout.userlogoutstage` - User Logout Stage
+    > -   `authentik_stages_user_write.userwritestage` - User Write Stage
+    > -   `authentik_tenants.tenant` - Tenant
+    > -   `authentik_blueprints.blueprintinstance` - Blueprint Instance
+    > -   `authentik_core.group` - Group
+    > -   `authentik_core.user` - User
+    > -   `authentik_core.application` - Application
+    > -   `authentik_core.token` - Token
+    > -   `authentik_enterprise.license` - License
+
+    Added enum values:
+
+    -   `authentik_rbac.role`
+    -   `authentik_stages_authenticator_static.staticdevice`
+    -   `authentik_stages_authenticator_totp.totpdevice`
+    -   `authentik_enterprise.license`
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `app` (string)
+
+        > -   `authentik.admin` - authentik Admin
+        > -   `authentik.api` - authentik API
+        > -   `authentik.crypto` - authentik Crypto
+        > -   `authentik.events` - authentik Events
+        > -   `authentik.flows` - authentik Flows
+        > -   `authentik.outposts` - authentik Outpost
+        > -   `authentik.policies.dummy` - authentik Policies.Dummy
+        > -   `authentik.policies.event_matcher` - authentik Policies.Event Matcher
+        > -   `authentik.policies.expiry` - authentik Policies.Expiry
+        > -   `authentik.policies.expression` - authentik Policies.Expression
+        > -   `authentik.policies.password` - authentik Policies.Password
+        > -   `authentik.policies.reputation` - authentik Policies.Reputation
+        > -   `authentik.policies` - authentik Policies
+        > -   `authentik.providers.ldap` - authentik Providers.LDAP
+        > -   `authentik.providers.oauth2` - authentik Providers.OAuth2
+        > -   `authentik.providers.proxy` - authentik Providers.Proxy
+        > -   `authentik.providers.radius` - authentik Providers.Radius
+        > -   `authentik.providers.saml` - authentik Providers.SAML
+        > -   `authentik.providers.scim` - authentik Providers.SCIM
+        > -   `authentik.rbac` - authentik RBAC
+        > -   `authentik.recovery` - authentik Recovery
+        > -   `authentik.sources.ldap` - authentik Sources.LDAP
+        > -   `authentik.sources.oauth` - authentik Sources.OAuth
+        > -   `authentik.sources.plex` - authentik Sources.Plex
+        > -   `authentik.sources.saml` - authentik Sources.SAML
+        > -   `authentik.stages.authenticator` - authentik Stages.Authenticator
+        > -   `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
+        > -   `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
+        > -   `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
+        > -   `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
+        > -   `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
+        > -   `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
+        > -   `authentik.stages.captcha` - authentik Stages.Captcha
+        > -   `authentik.stages.consent` - authentik Stages.Consent
+        > -   `authentik.stages.deny` - authentik Stages.Deny
+        > -   `authentik.stages.dummy` - authentik Stages.Dummy
+        > -   `authentik.stages.email` - authentik Stages.Email
+        > -   `authentik.stages.identification` - authentik Stages.Identification
+        > -   `authentik.stages.invitation` - authentik Stages.User Invitation
+        > -   `authentik.stages.password` - authentik Stages.Password
+        > -   `authentik.stages.prompt` - authentik Stages.Prompt
+        > -   `authentik.stages.user_delete` - authentik Stages.User Delete
+        > -   `authentik.stages.user_login` - authentik Stages.User Login
+        > -   `authentik.stages.user_logout` - authentik Stages.User Logout
+        > -   `authentik.stages.user_write` - authentik Stages.User Write
+        > -   `authentik.tenants` - authentik Tenants
+        > -   `authentik.blueprints` - authentik Blueprints
+        > -   `authentik.core` - authentik Core
+        > -   `authentik.enterprise` - authentik Enterprise
+
+        Added enum values:
+
+        -   `authentik.rbac`
+        -   `authentik.stages.authenticator`
+
+    -   Changed property `model` (string)
+
+        > -   `authentik_crypto.certificatekeypair` - Certificate-Key Pair
+        > -   `authentik_events.event` - Event
+        > -   `authentik_events.notificationtransport` - Notification Transport
+        > -   `authentik_events.notification` - Notification
+        > -   `authentik_events.notificationrule` - Notification Rule
+        > -   `authentik_events.notificationwebhookmapping` - Webhook Mapping
+        > -   `authentik_flows.flow` - Flow
+        > -   `authentik_flows.flowstagebinding` - Flow Stage Binding
+        > -   `authentik_outposts.dockerserviceconnection` - Docker Service-Connection
+        > -   `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection
+        > -   `authentik_outposts.outpost` - Outpost
+        > -   `authentik_policies_dummy.dummypolicy` - Dummy Policy
+        > -   `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy
+        > -   `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy
+        > -   `authentik_policies_expression.expressionpolicy` - Expression Policy
+        > -   `authentik_policies_password.passwordpolicy` - Password Policy
+        > -   `authentik_policies_reputation.reputationpolicy` - Reputation Policy
+        > -   `authentik_policies_reputation.reputation` - Reputation Score
+        > -   `authentik_policies.policybinding` - Policy Binding
+        > -   `authentik_providers_ldap.ldapprovider` - LDAP Provider
+        > -   `authentik_providers_oauth2.scopemapping` - Scope Mapping
+        > -   `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider
+        > -   `authentik_providers_oauth2.authorizationcode` - Authorization Code
+        > -   `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token
+        > -   `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token
+        > -   `authentik_providers_proxy.proxyprovider` - Proxy Provider
+        > -   `authentik_providers_radius.radiusprovider` - Radius Provider
+        > -   `authentik_providers_saml.samlprovider` - SAML Provider
+        > -   `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping
+        > -   `authentik_providers_scim.scimprovider` - SCIM Provider
+        > -   `authentik_providers_scim.scimmapping` - SCIM Mapping
+        > -   `authentik_rbac.role` - Role
+        > -   `authentik_sources_ldap.ldapsource` - LDAP Source
+        > -   `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping
+        > -   `authentik_sources_oauth.oauthsource` - OAuth Source
+        > -   `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection
+        > -   `authentik_sources_plex.plexsource` - Plex Source
+        > -   `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
+        > -   `authentik_sources_saml.samlsource` - SAML Source
+        > -   `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
+        > -   `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_duo.duodevice` - Duo Device
+        > -   `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_sms.smsdevice` - SMS Device
+        > -   `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
+        > -   `authentik_stages_authenticator_static.staticdevice` - Static Device
+        > -   `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
+        > -   `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage
+        > -   `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device
+        > -   `authentik_stages_captcha.captchastage` - Captcha Stage
+        > -   `authentik_stages_consent.consentstage` - Consent Stage
+        > -   `authentik_stages_consent.userconsent` - User Consent
+        > -   `authentik_stages_deny.denystage` - Deny Stage
+        > -   `authentik_stages_dummy.dummystage` - Dummy Stage
+        > -   `authentik_stages_email.emailstage` - Email Stage
+        > -   `authentik_stages_identification.identificationstage` - Identification Stage
+        > -   `authentik_stages_invitation.invitationstage` - Invitation Stage
+        > -   `authentik_stages_invitation.invitation` - Invitation
+        > -   `authentik_stages_password.passwordstage` - Password Stage
+        > -   `authentik_stages_prompt.prompt` - Prompt
+        > -   `authentik_stages_prompt.promptstage` - Prompt Stage
+        > -   `authentik_stages_user_delete.userdeletestage` - User Delete Stage
+        > -   `authentik_stages_user_login.userloginstage` - User Login Stage
+        > -   `authentik_stages_user_logout.userlogoutstage` - User Logout Stage
+        > -   `authentik_stages_user_write.userwritestage` - User Write Stage
+        > -   `authentik_tenants.tenant` - Tenant
+        > -   `authentik_blueprints.blueprintinstance` - Blueprint Instance
+        > -   `authentik_core.group` - Group
+        > -   `authentik_core.user` - User
+        > -   `authentik_core.application` - Application
+        > -   `authentik_core.token` - Token
+        > -   `authentik_enterprise.license` - License
+
+        Added enum values:
+
+        -   `authentik_rbac.role`
+        -   `authentik_stages_authenticator_static.staticdevice`
+        -   `authentik_stages_authenticator_totp.totpdevice`
+        -   `authentik_enterprise.license`
+
+##### `PATCH` /policies/event_matcher/{policy_uuid}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Changed property `app` (string)
+
+    > -   `authentik.admin` - authentik Admin
+    > -   `authentik.api` - authentik API
+    > -   `authentik.crypto` - authentik Crypto
+    > -   `authentik.events` - authentik Events
+    > -   `authentik.flows` - authentik Flows
+    > -   `authentik.outposts` - authentik Outpost
+    > -   `authentik.policies.dummy` - authentik Policies.Dummy
+    > -   `authentik.policies.event_matcher` - authentik Policies.Event Matcher
+    > -   `authentik.policies.expiry` - authentik Policies.Expiry
+    > -   `authentik.policies.expression` - authentik Policies.Expression
+    > -   `authentik.policies.password` - authentik Policies.Password
+    > -   `authentik.policies.reputation` - authentik Policies.Reputation
+    > -   `authentik.policies` - authentik Policies
+    > -   `authentik.providers.ldap` - authentik Providers.LDAP
+    > -   `authentik.providers.oauth2` - authentik Providers.OAuth2
+    > -   `authentik.providers.proxy` - authentik Providers.Proxy
+    > -   `authentik.providers.radius` - authentik Providers.Radius
+    > -   `authentik.providers.saml` - authentik Providers.SAML
+    > -   `authentik.providers.scim` - authentik Providers.SCIM
+    > -   `authentik.rbac` - authentik RBAC
+    > -   `authentik.recovery` - authentik Recovery
+    > -   `authentik.sources.ldap` - authentik Sources.LDAP
+    > -   `authentik.sources.oauth` - authentik Sources.OAuth
+    > -   `authentik.sources.plex` - authentik Sources.Plex
+    > -   `authentik.sources.saml` - authentik Sources.SAML
+    > -   `authentik.stages.authenticator` - authentik Stages.Authenticator
+    > -   `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
+    > -   `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
+    > -   `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
+    > -   `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
+    > -   `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
+    > -   `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
+    > -   `authentik.stages.captcha` - authentik Stages.Captcha
+    > -   `authentik.stages.consent` - authentik Stages.Consent
+    > -   `authentik.stages.deny` - authentik Stages.Deny
+    > -   `authentik.stages.dummy` - authentik Stages.Dummy
+    > -   `authentik.stages.email` - authentik Stages.Email
+    > -   `authentik.stages.identification` - authentik Stages.Identification
+    > -   `authentik.stages.invitation` - authentik Stages.User Invitation
+    > -   `authentik.stages.password` - authentik Stages.Password
+    > -   `authentik.stages.prompt` - authentik Stages.Prompt
+    > -   `authentik.stages.user_delete` - authentik Stages.User Delete
+    > -   `authentik.stages.user_login` - authentik Stages.User Login
+    > -   `authentik.stages.user_logout` - authentik Stages.User Logout
+    > -   `authentik.stages.user_write` - authentik Stages.User Write
+    > -   `authentik.tenants` - authentik Tenants
+    > -   `authentik.blueprints` - authentik Blueprints
+    > -   `authentik.core` - authentik Core
+    > -   `authentik.enterprise` - authentik Enterprise
+
+    Added enum values:
+
+    -   `authentik.rbac`
+    -   `authentik.stages.authenticator`
+
+-   Changed property `model` (string)
+
+    > -   `authentik_crypto.certificatekeypair` - Certificate-Key Pair
+    > -   `authentik_events.event` - Event
+    > -   `authentik_events.notificationtransport` - Notification Transport
+    > -   `authentik_events.notification` - Notification
+    > -   `authentik_events.notificationrule` - Notification Rule
+    > -   `authentik_events.notificationwebhookmapping` - Webhook Mapping
+    > -   `authentik_flows.flow` - Flow
+    > -   `authentik_flows.flowstagebinding` - Flow Stage Binding
+    > -   `authentik_outposts.dockerserviceconnection` - Docker Service-Connection
+    > -   `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection
+    > -   `authentik_outposts.outpost` - Outpost
+    > -   `authentik_policies_dummy.dummypolicy` - Dummy Policy
+    > -   `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy
+    > -   `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy
+    > -   `authentik_policies_expression.expressionpolicy` - Expression Policy
+    > -   `authentik_policies_password.passwordpolicy` - Password Policy
+    > -   `authentik_policies_reputation.reputationpolicy` - Reputation Policy
+    > -   `authentik_policies_reputation.reputation` - Reputation Score
+    > -   `authentik_policies.policybinding` - Policy Binding
+    > -   `authentik_providers_ldap.ldapprovider` - LDAP Provider
+    > -   `authentik_providers_oauth2.scopemapping` - Scope Mapping
+    > -   `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider
+    > -   `authentik_providers_oauth2.authorizationcode` - Authorization Code
+    > -   `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token
+    > -   `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token
+    > -   `authentik_providers_proxy.proxyprovider` - Proxy Provider
+    > -   `authentik_providers_radius.radiusprovider` - Radius Provider
+    > -   `authentik_providers_saml.samlprovider` - SAML Provider
+    > -   `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping
+    > -   `authentik_providers_scim.scimprovider` - SCIM Provider
+    > -   `authentik_providers_scim.scimmapping` - SCIM Mapping
+    > -   `authentik_rbac.role` - Role
+    > -   `authentik_sources_ldap.ldapsource` - LDAP Source
+    > -   `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping
+    > -   `authentik_sources_oauth.oauthsource` - OAuth Source
+    > -   `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection
+    > -   `authentik_sources_plex.plexsource` - Plex Source
+    > -   `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
+    > -   `authentik_sources_saml.samlsource` - SAML Source
+    > -   `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
+    > -   `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
+    > -   `authentik_stages_authenticator_duo.duodevice` - Duo Device
+    > -   `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
+    > -   `authentik_stages_authenticator_sms.smsdevice` - SMS Device
+    > -   `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
+    > -   `authentik_stages_authenticator_static.staticdevice` - Static Device
+    > -   `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
+    > -   `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
+    > -   `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage
+    > -   `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage
+    > -   `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device
+    > -   `authentik_stages_captcha.captchastage` - Captcha Stage
+    > -   `authentik_stages_consent.consentstage` - Consent Stage
+    > -   `authentik_stages_consent.userconsent` - User Consent
+    > -   `authentik_stages_deny.denystage` - Deny Stage
+    > -   `authentik_stages_dummy.dummystage` - Dummy Stage
+    > -   `authentik_stages_email.emailstage` - Email Stage
+    > -   `authentik_stages_identification.identificationstage` - Identification Stage
+    > -   `authentik_stages_invitation.invitationstage` - Invitation Stage
+    > -   `authentik_stages_invitation.invitation` - Invitation
+    > -   `authentik_stages_password.passwordstage` - Password Stage
+    > -   `authentik_stages_prompt.prompt` - Prompt
+    > -   `authentik_stages_prompt.promptstage` - Prompt Stage
+    > -   `authentik_stages_user_delete.userdeletestage` - User Delete Stage
+    > -   `authentik_stages_user_login.userloginstage` - User Login Stage
+    > -   `authentik_stages_user_logout.userlogoutstage` - User Logout Stage
+    > -   `authentik_stages_user_write.userwritestage` - User Write Stage
+    > -   `authentik_tenants.tenant` - Tenant
+    > -   `authentik_blueprints.blueprintinstance` - Blueprint Instance
+    > -   `authentik_core.group` - Group
+    > -   `authentik_core.user` - User
+    > -   `authentik_core.application` - Application
+    > -   `authentik_core.token` - Token
+    > -   `authentik_enterprise.license` - License
+
+    Added enum values:
+
+    -   `authentik_rbac.role`
+    -   `authentik_stages_authenticator_static.staticdevice`
+    -   `authentik_stages_authenticator_totp.totpdevice`
+    -   `authentik_enterprise.license`
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `app` (string)
+
+        > -   `authentik.admin` - authentik Admin
+        > -   `authentik.api` - authentik API
+        > -   `authentik.crypto` - authentik Crypto
+        > -   `authentik.events` - authentik Events
+        > -   `authentik.flows` - authentik Flows
+        > -   `authentik.outposts` - authentik Outpost
+        > -   `authentik.policies.dummy` - authentik Policies.Dummy
+        > -   `authentik.policies.event_matcher` - authentik Policies.Event Matcher
+        > -   `authentik.policies.expiry` - authentik Policies.Expiry
+        > -   `authentik.policies.expression` - authentik Policies.Expression
+        > -   `authentik.policies.password` - authentik Policies.Password
+        > -   `authentik.policies.reputation` - authentik Policies.Reputation
+        > -   `authentik.policies` - authentik Policies
+        > -   `authentik.providers.ldap` - authentik Providers.LDAP
+        > -   `authentik.providers.oauth2` - authentik Providers.OAuth2
+        > -   `authentik.providers.proxy` - authentik Providers.Proxy
+        > -   `authentik.providers.radius` - authentik Providers.Radius
+        > -   `authentik.providers.saml` - authentik Providers.SAML
+        > -   `authentik.providers.scim` - authentik Providers.SCIM
+        > -   `authentik.rbac` - authentik RBAC
+        > -   `authentik.recovery` - authentik Recovery
+        > -   `authentik.sources.ldap` - authentik Sources.LDAP
+        > -   `authentik.sources.oauth` - authentik Sources.OAuth
+        > -   `authentik.sources.plex` - authentik Sources.Plex
+        > -   `authentik.sources.saml` - authentik Sources.SAML
+        > -   `authentik.stages.authenticator` - authentik Stages.Authenticator
+        > -   `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
+        > -   `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
+        > -   `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
+        > -   `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
+        > -   `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
+        > -   `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
+        > -   `authentik.stages.captcha` - authentik Stages.Captcha
+        > -   `authentik.stages.consent` - authentik Stages.Consent
+        > -   `authentik.stages.deny` - authentik Stages.Deny
+        > -   `authentik.stages.dummy` - authentik Stages.Dummy
+        > -   `authentik.stages.email` - authentik Stages.Email
+        > -   `authentik.stages.identification` - authentik Stages.Identification
+        > -   `authentik.stages.invitation` - authentik Stages.User Invitation
+        > -   `authentik.stages.password` - authentik Stages.Password
+        > -   `authentik.stages.prompt` - authentik Stages.Prompt
+        > -   `authentik.stages.user_delete` - authentik Stages.User Delete
+        > -   `authentik.stages.user_login` - authentik Stages.User Login
+        > -   `authentik.stages.user_logout` - authentik Stages.User Logout
+        > -   `authentik.stages.user_write` - authentik Stages.User Write
+        > -   `authentik.tenants` - authentik Tenants
+        > -   `authentik.blueprints` - authentik Blueprints
+        > -   `authentik.core` - authentik Core
+        > -   `authentik.enterprise` - authentik Enterprise
+
+        Added enum values:
+
+        -   `authentik.rbac`
+        -   `authentik.stages.authenticator`
+
+    -   Changed property `model` (string)
+
+        > -   `authentik_crypto.certificatekeypair` - Certificate-Key Pair
+        > -   `authentik_events.event` - Event
+        > -   `authentik_events.notificationtransport` - Notification Transport
+        > -   `authentik_events.notification` - Notification
+        > -   `authentik_events.notificationrule` - Notification Rule
+        > -   `authentik_events.notificationwebhookmapping` - Webhook Mapping
+        > -   `authentik_flows.flow` - Flow
+        > -   `authentik_flows.flowstagebinding` - Flow Stage Binding
+        > -   `authentik_outposts.dockerserviceconnection` - Docker Service-Connection
+        > -   `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection
+        > -   `authentik_outposts.outpost` - Outpost
+        > -   `authentik_policies_dummy.dummypolicy` - Dummy Policy
+        > -   `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy
+        > -   `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy
+        > -   `authentik_policies_expression.expressionpolicy` - Expression Policy
+        > -   `authentik_policies_password.passwordpolicy` - Password Policy
+        > -   `authentik_policies_reputation.reputationpolicy` - Reputation Policy
+        > -   `authentik_policies_reputation.reputation` - Reputation Score
+        > -   `authentik_policies.policybinding` - Policy Binding
+        > -   `authentik_providers_ldap.ldapprovider` - LDAP Provider
+        > -   `authentik_providers_oauth2.scopemapping` - Scope Mapping
+        > -   `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider
+        > -   `authentik_providers_oauth2.authorizationcode` - Authorization Code
+        > -   `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token
+        > -   `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token
+        > -   `authentik_providers_proxy.proxyprovider` - Proxy Provider
+        > -   `authentik_providers_radius.radiusprovider` - Radius Provider
+        > -   `authentik_providers_saml.samlprovider` - SAML Provider
+        > -   `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping
+        > -   `authentik_providers_scim.scimprovider` - SCIM Provider
+        > -   `authentik_providers_scim.scimmapping` - SCIM Mapping
+        > -   `authentik_rbac.role` - Role
+        > -   `authentik_sources_ldap.ldapsource` - LDAP Source
+        > -   `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping
+        > -   `authentik_sources_oauth.oauthsource` - OAuth Source
+        > -   `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection
+        > -   `authentik_sources_plex.plexsource` - Plex Source
+        > -   `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
+        > -   `authentik_sources_saml.samlsource` - SAML Source
+        > -   `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
+        > -   `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_duo.duodevice` - Duo Device
+        > -   `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_sms.smsdevice` - SMS Device
+        > -   `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
+        > -   `authentik_stages_authenticator_static.staticdevice` - Static Device
+        > -   `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
+        > -   `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage
+        > -   `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device
+        > -   `authentik_stages_captcha.captchastage` - Captcha Stage
+        > -   `authentik_stages_consent.consentstage` - Consent Stage
+        > -   `authentik_stages_consent.userconsent` - User Consent
+        > -   `authentik_stages_deny.denystage` - Deny Stage
+        > -   `authentik_stages_dummy.dummystage` - Dummy Stage
+        > -   `authentik_stages_email.emailstage` - Email Stage
+        > -   `authentik_stages_identification.identificationstage` - Identification Stage
+        > -   `authentik_stages_invitation.invitationstage` - Invitation Stage
+        > -   `authentik_stages_invitation.invitation` - Invitation
+        > -   `authentik_stages_password.passwordstage` - Password Stage
+        > -   `authentik_stages_prompt.prompt` - Prompt
+        > -   `authentik_stages_prompt.promptstage` - Prompt Stage
+        > -   `authentik_stages_user_delete.userdeletestage` - User Delete Stage
+        > -   `authentik_stages_user_login.userloginstage` - User Login Stage
+        > -   `authentik_stages_user_logout.userlogoutstage` - User Logout Stage
+        > -   `authentik_stages_user_write.userwritestage` - User Write Stage
+        > -   `authentik_tenants.tenant` - Tenant
+        > -   `authentik_blueprints.blueprintinstance` - Blueprint Instance
+        > -   `authentik_core.group` - Group
+        > -   `authentik_core.user` - User
+        > -   `authentik_core.application` - Application
+        > -   `authentik_core.token` - Token
+        > -   `authentik_enterprise.license` - License
+
+        Added enum values:
+
+        -   `authentik_rbac.role`
+        -   `authentik_stages_authenticator_static.staticdevice`
+        -   `authentik_stages_authenticator_totp.totpdevice`
+        -   `authentik_enterprise.license`
+
+##### `GET` /providers/radius/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `mfa_support` (boolean)
+        > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
+
+##### `PUT` /providers/radius/{id}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `mfa_support` (boolean)
+    > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `mfa_support` (boolean)
+        > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
+
+##### `PATCH` /providers/radius/{id}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `mfa_support` (boolean)
+    > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `mfa_support` (boolean)
+        > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
+
+##### `GET` /sources/oauth/source_types/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    Changed items (object): > Serializer for SourceType
+
+    New required properties:
+
+    -   `oidc_jwks_url`
+    -   `oidc_well_known_url`
+
+    *   Added property `oidc_well_known_url` (string)
+
+    *   Added property `oidc_jwks_url` (string)
+
+##### `DELETE` /authenticators/admin/static/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this Static Device.
+
+##### `GET` /authenticators/admin/static/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this Static Device.
+
+##### `PUT` /authenticators/admin/static/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this Static Device.
+
+##### `PATCH` /authenticators/admin/static/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this Static Device.
+
+##### `DELETE` /authenticators/static/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this Static Device.
+
+##### `GET` /authenticators/static/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this Static Device.
+
+##### `PUT` /authenticators/static/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this Static Device.
+
+##### `PATCH` /authenticators/static/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this Static Device.
+
+##### `GET` /authenticators/static/{id}/used_by/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this Static Device.
+
+##### `GET` /authenticators/totp/{id}/used_by/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this TOTP Device.
+
+##### `DELETE` /core/groups/{group_uuid}/
+
+###### Parameters:
+
+Changed: `group_uuid` in `path`
+
+> A UUID string identifying this Group.
+
+##### `GET` /core/groups/{group_uuid}/
+
+###### Parameters:
+
+Changed: `group_uuid` in `path`
+
+> A UUID string identifying this Group.
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    New required properties:
+
+    -   `roles_obj`
+
+    *   Added property `roles` (array)
+
+        Items (string):
+
+    *   Added property `roles_obj` (array)
+
+        Items (object): > Role serializer
+
+        -   Property `pk` (string)
+
+        -   Property `name` (string)
+
+##### `PUT` /core/groups/{group_uuid}/
+
+###### Parameters:
+
+Changed: `group_uuid` in `path`
+
+> A UUID string identifying this Group.
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `roles` (array)
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    New required properties:
+
+    -   `roles_obj`
+
+    *   Added property `roles` (array)
+
+    *   Added property `roles_obj` (array)
+
+##### `PATCH` /core/groups/{group_uuid}/
+
+###### Parameters:
+
+Changed: `group_uuid` in `path`
+
+> A UUID string identifying this Group.
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `roles` (array)
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    New required properties:
+
+    -   `roles_obj`
+
+    *   Added property `roles` (array)
+
+    *   Added property `roles_obj` (array)
+
+##### `GET` /core/groups/{group_uuid}/used_by/
+
+###### Parameters:
+
+Changed: `group_uuid` in `path`
+
+> A UUID string identifying this Group.
+
+##### `GET` /core/tokens/{identifier}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `user_obj` (object)
+
+        > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `PUT` /core/tokens/{identifier}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `user_obj` (object)
+
+        > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `PATCH` /core/tokens/{identifier}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `user_obj` (object)
+
+        > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `GET` /core/users/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    New required properties:
+
+    -   `uuid`
+
+    *   Added property `uuid` (string)
+
+##### `PUT` /core/users/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    New required properties:
+
+    -   `uuid`
+
+    *   Added property `uuid` (string)
+
+##### `PATCH` /core/users/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    New required properties:
+
+    -   `uuid`
+
+    *   Added property `uuid` (string)
+
+##### `GET` /enterprise/license/{license_uuid}/used_by/
+
+###### Parameters:
+
+Changed: `license_uuid` in `path`
+
+> A UUID string identifying this License.
+
+##### `GET` /events/rules/{pbm_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `group_obj` (object)
+
+        > Group Serializer
+
+        New required properties:
+
+        -   `roles_obj`
+
+        *   Added property `roles` (array)
+
+        *   Added property `roles_obj` (array)
+
+##### `PUT` /events/rules/{pbm_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `group_obj` (object)
+
+        > Group Serializer
+
+        New required properties:
+
+        -   `roles_obj`
+
+        *   Added property `roles` (array)
+
+        *   Added property `roles_obj` (array)
+
+##### `PATCH` /events/rules/{pbm_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `group_obj` (object)
+
+        > Group Serializer
+
+        New required properties:
+
+        -   `roles_obj`
+
+        *   Added property `roles` (array)
+
+        *   Added property `roles_obj` (array)
+
+##### `DELETE` /outposts/instances/{uuid}/
+
+###### Parameters:
+
+Changed: `uuid` in `path`
+
+> A UUID string identifying this Outpost.
+
+##### `GET` /outposts/instances/{uuid}/
+
+###### Parameters:
+
+Changed: `uuid` in `path`
+
+> A UUID string identifying this Outpost.
+
+##### `PUT` /outposts/instances/{uuid}/
+
+###### Parameters:
+
+Changed: `uuid` in `path`
+
+> A UUID string identifying this Outpost.
+
+##### `PATCH` /outposts/instances/{uuid}/
+
+###### Parameters:
+
+Changed: `uuid` in `path`
+
+> A UUID string identifying this Outpost.
+
+##### `GET` /outposts/instances/{uuid}/used_by/
+
+###### Parameters:
+
+Changed: `uuid` in `path`
+
+> A UUID string identifying this Outpost.
+
+##### `GET` /outposts/radius/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > RadiusProvider Serializer
+
+        -   Added property `mfa_support` (boolean)
+            > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
+
+##### `GET` /policies/bindings/{policy_binding_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `failure_result` (boolean)
+
+        > Result if the Policy execution fails.
+
+    -   Changed property `timeout` (integer)
+
+        > Timeout after which Policy execution is terminated.
+
+    -   Changed property `group_obj` (object)
+
+        > Group Serializer
+
+        New required properties:
+
+        -   `roles_obj`
+
+        *   Added property `roles` (array)
+
+        *   Added property `roles_obj` (array)
+
+    -   Changed property `user_obj` (object)
+
+        > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `PUT` /policies/bindings/{policy_binding_uuid}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `failure_result` (boolean)
+
+    > Result if the Policy execution fails.
+
+-   Changed property `timeout` (integer)
+    > Timeout after which Policy execution is terminated.
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `failure_result` (boolean)
+
+        > Result if the Policy execution fails.
+
+    -   Changed property `timeout` (integer)
+
+        > Timeout after which Policy execution is terminated.
+
+    -   Changed property `group_obj` (object)
+
+        > Group Serializer
+
+        New required properties:
+
+        -   `roles_obj`
+
+        *   Added property `roles` (array)
+
+        *   Added property `roles_obj` (array)
+
+    -   Changed property `user_obj` (object)
+
+        > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `PATCH` /policies/bindings/{policy_binding_uuid}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `failure_result` (boolean)
+
+    > Result if the Policy execution fails.
+
+-   Changed property `timeout` (integer)
+    > Timeout after which Policy execution is terminated.
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `failure_result` (boolean)
+
+        > Result if the Policy execution fails.
+
+    -   Changed property `timeout` (integer)
+
+        > Timeout after which Policy execution is terminated.
+
+    -   Changed property `group_obj` (object)
+
+        > Group Serializer
+
+        New required properties:
+
+        -   `roles_obj`
+
+        *   Added property `roles` (array)
+
+        *   Added property `roles_obj` (array)
+
+    -   Changed property `user_obj` (object)
+
+        > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `POST` /policies/event_matcher/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Changed property `app` (string)
+
+    > -   `authentik.admin` - authentik Admin
+    > -   `authentik.api` - authentik API
+    > -   `authentik.crypto` - authentik Crypto
+    > -   `authentik.events` - authentik Events
+    > -   `authentik.flows` - authentik Flows
+    > -   `authentik.outposts` - authentik Outpost
+    > -   `authentik.policies.dummy` - authentik Policies.Dummy
+    > -   `authentik.policies.event_matcher` - authentik Policies.Event Matcher
+    > -   `authentik.policies.expiry` - authentik Policies.Expiry
+    > -   `authentik.policies.expression` - authentik Policies.Expression
+    > -   `authentik.policies.password` - authentik Policies.Password
+    > -   `authentik.policies.reputation` - authentik Policies.Reputation
+    > -   `authentik.policies` - authentik Policies
+    > -   `authentik.providers.ldap` - authentik Providers.LDAP
+    > -   `authentik.providers.oauth2` - authentik Providers.OAuth2
+    > -   `authentik.providers.proxy` - authentik Providers.Proxy
+    > -   `authentik.providers.radius` - authentik Providers.Radius
+    > -   `authentik.providers.saml` - authentik Providers.SAML
+    > -   `authentik.providers.scim` - authentik Providers.SCIM
+    > -   `authentik.rbac` - authentik RBAC
+    > -   `authentik.recovery` - authentik Recovery
+    > -   `authentik.sources.ldap` - authentik Sources.LDAP
+    > -   `authentik.sources.oauth` - authentik Sources.OAuth
+    > -   `authentik.sources.plex` - authentik Sources.Plex
+    > -   `authentik.sources.saml` - authentik Sources.SAML
+    > -   `authentik.stages.authenticator` - authentik Stages.Authenticator
+    > -   `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
+    > -   `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
+    > -   `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
+    > -   `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
+    > -   `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
+    > -   `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
+    > -   `authentik.stages.captcha` - authentik Stages.Captcha
+    > -   `authentik.stages.consent` - authentik Stages.Consent
+    > -   `authentik.stages.deny` - authentik Stages.Deny
+    > -   `authentik.stages.dummy` - authentik Stages.Dummy
+    > -   `authentik.stages.email` - authentik Stages.Email
+    > -   `authentik.stages.identification` - authentik Stages.Identification
+    > -   `authentik.stages.invitation` - authentik Stages.User Invitation
+    > -   `authentik.stages.password` - authentik Stages.Password
+    > -   `authentik.stages.prompt` - authentik Stages.Prompt
+    > -   `authentik.stages.user_delete` - authentik Stages.User Delete
+    > -   `authentik.stages.user_login` - authentik Stages.User Login
+    > -   `authentik.stages.user_logout` - authentik Stages.User Logout
+    > -   `authentik.stages.user_write` - authentik Stages.User Write
+    > -   `authentik.tenants` - authentik Tenants
+    > -   `authentik.blueprints` - authentik Blueprints
+    > -   `authentik.core` - authentik Core
+    > -   `authentik.enterprise` - authentik Enterprise
+
+    Added enum values:
+
+    -   `authentik.rbac`
+    -   `authentik.stages.authenticator`
+
+-   Changed property `model` (string)
+
+    > -   `authentik_crypto.certificatekeypair` - Certificate-Key Pair
+    > -   `authentik_events.event` - Event
+    > -   `authentik_events.notificationtransport` - Notification Transport
+    > -   `authentik_events.notification` - Notification
+    > -   `authentik_events.notificationrule` - Notification Rule
+    > -   `authentik_events.notificationwebhookmapping` - Webhook Mapping
+    > -   `authentik_flows.flow` - Flow
+    > -   `authentik_flows.flowstagebinding` - Flow Stage Binding
+    > -   `authentik_outposts.dockerserviceconnection` - Docker Service-Connection
+    > -   `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection
+    > -   `authentik_outposts.outpost` - Outpost
+    > -   `authentik_policies_dummy.dummypolicy` - Dummy Policy
+    > -   `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy
+    > -   `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy
+    > -   `authentik_policies_expression.expressionpolicy` - Expression Policy
+    > -   `authentik_policies_password.passwordpolicy` - Password Policy
+    > -   `authentik_policies_reputation.reputationpolicy` - Reputation Policy
+    > -   `authentik_policies_reputation.reputation` - Reputation Score
+    > -   `authentik_policies.policybinding` - Policy Binding
+    > -   `authentik_providers_ldap.ldapprovider` - LDAP Provider
+    > -   `authentik_providers_oauth2.scopemapping` - Scope Mapping
+    > -   `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider
+    > -   `authentik_providers_oauth2.authorizationcode` - Authorization Code
+    > -   `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token
+    > -   `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token
+    > -   `authentik_providers_proxy.proxyprovider` - Proxy Provider
+    > -   `authentik_providers_radius.radiusprovider` - Radius Provider
+    > -   `authentik_providers_saml.samlprovider` - SAML Provider
+    > -   `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping
+    > -   `authentik_providers_scim.scimprovider` - SCIM Provider
+    > -   `authentik_providers_scim.scimmapping` - SCIM Mapping
+    > -   `authentik_rbac.role` - Role
+    > -   `authentik_sources_ldap.ldapsource` - LDAP Source
+    > -   `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping
+    > -   `authentik_sources_oauth.oauthsource` - OAuth Source
+    > -   `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection
+    > -   `authentik_sources_plex.plexsource` - Plex Source
+    > -   `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
+    > -   `authentik_sources_saml.samlsource` - SAML Source
+    > -   `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
+    > -   `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
+    > -   `authentik_stages_authenticator_duo.duodevice` - Duo Device
+    > -   `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
+    > -   `authentik_stages_authenticator_sms.smsdevice` - SMS Device
+    > -   `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
+    > -   `authentik_stages_authenticator_static.staticdevice` - Static Device
+    > -   `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
+    > -   `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
+    > -   `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage
+    > -   `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage
+    > -   `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device
+    > -   `authentik_stages_captcha.captchastage` - Captcha Stage
+    > -   `authentik_stages_consent.consentstage` - Consent Stage
+    > -   `authentik_stages_consent.userconsent` - User Consent
+    > -   `authentik_stages_deny.denystage` - Deny Stage
+    > -   `authentik_stages_dummy.dummystage` - Dummy Stage
+    > -   `authentik_stages_email.emailstage` - Email Stage
+    > -   `authentik_stages_identification.identificationstage` - Identification Stage
+    > -   `authentik_stages_invitation.invitationstage` - Invitation Stage
+    > -   `authentik_stages_invitation.invitation` - Invitation
+    > -   `authentik_stages_password.passwordstage` - Password Stage
+    > -   `authentik_stages_prompt.prompt` - Prompt
+    > -   `authentik_stages_prompt.promptstage` - Prompt Stage
+    > -   `authentik_stages_user_delete.userdeletestage` - User Delete Stage
+    > -   `authentik_stages_user_login.userloginstage` - User Login Stage
+    > -   `authentik_stages_user_logout.userlogoutstage` - User Logout Stage
+    > -   `authentik_stages_user_write.userwritestage` - User Write Stage
+    > -   `authentik_tenants.tenant` - Tenant
+    > -   `authentik_blueprints.blueprintinstance` - Blueprint Instance
+    > -   `authentik_core.group` - Group
+    > -   `authentik_core.user` - User
+    > -   `authentik_core.application` - Application
+    > -   `authentik_core.token` - Token
+    > -   `authentik_enterprise.license` - License
+
+    Added enum values:
+
+    -   `authentik_rbac.role`
+    -   `authentik_stages_authenticator_static.staticdevice`
+    -   `authentik_stages_authenticator_totp.totpdevice`
+    -   `authentik_enterprise.license`
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `app` (string)
+
+        > -   `authentik.admin` - authentik Admin
+        > -   `authentik.api` - authentik API
+        > -   `authentik.crypto` - authentik Crypto
+        > -   `authentik.events` - authentik Events
+        > -   `authentik.flows` - authentik Flows
+        > -   `authentik.outposts` - authentik Outpost
+        > -   `authentik.policies.dummy` - authentik Policies.Dummy
+        > -   `authentik.policies.event_matcher` - authentik Policies.Event Matcher
+        > -   `authentik.policies.expiry` - authentik Policies.Expiry
+        > -   `authentik.policies.expression` - authentik Policies.Expression
+        > -   `authentik.policies.password` - authentik Policies.Password
+        > -   `authentik.policies.reputation` - authentik Policies.Reputation
+        > -   `authentik.policies` - authentik Policies
+        > -   `authentik.providers.ldap` - authentik Providers.LDAP
+        > -   `authentik.providers.oauth2` - authentik Providers.OAuth2
+        > -   `authentik.providers.proxy` - authentik Providers.Proxy
+        > -   `authentik.providers.radius` - authentik Providers.Radius
+        > -   `authentik.providers.saml` - authentik Providers.SAML
+        > -   `authentik.providers.scim` - authentik Providers.SCIM
+        > -   `authentik.rbac` - authentik RBAC
+        > -   `authentik.recovery` - authentik Recovery
+        > -   `authentik.sources.ldap` - authentik Sources.LDAP
+        > -   `authentik.sources.oauth` - authentik Sources.OAuth
+        > -   `authentik.sources.plex` - authentik Sources.Plex
+        > -   `authentik.sources.saml` - authentik Sources.SAML
+        > -   `authentik.stages.authenticator` - authentik Stages.Authenticator
+        > -   `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
+        > -   `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
+        > -   `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
+        > -   `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
+        > -   `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
+        > -   `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
+        > -   `authentik.stages.captcha` - authentik Stages.Captcha
+        > -   `authentik.stages.consent` - authentik Stages.Consent
+        > -   `authentik.stages.deny` - authentik Stages.Deny
+        > -   `authentik.stages.dummy` - authentik Stages.Dummy
+        > -   `authentik.stages.email` - authentik Stages.Email
+        > -   `authentik.stages.identification` - authentik Stages.Identification
+        > -   `authentik.stages.invitation` - authentik Stages.User Invitation
+        > -   `authentik.stages.password` - authentik Stages.Password
+        > -   `authentik.stages.prompt` - authentik Stages.Prompt
+        > -   `authentik.stages.user_delete` - authentik Stages.User Delete
+        > -   `authentik.stages.user_login` - authentik Stages.User Login
+        > -   `authentik.stages.user_logout` - authentik Stages.User Logout
+        > -   `authentik.stages.user_write` - authentik Stages.User Write
+        > -   `authentik.tenants` - authentik Tenants
+        > -   `authentik.blueprints` - authentik Blueprints
+        > -   `authentik.core` - authentik Core
+        > -   `authentik.enterprise` - authentik Enterprise
+
+        Added enum values:
+
+        -   `authentik.rbac`
+        -   `authentik.stages.authenticator`
+
+    -   Changed property `model` (string)
+
+        > -   `authentik_crypto.certificatekeypair` - Certificate-Key Pair
+        > -   `authentik_events.event` - Event
+        > -   `authentik_events.notificationtransport` - Notification Transport
+        > -   `authentik_events.notification` - Notification
+        > -   `authentik_events.notificationrule` - Notification Rule
+        > -   `authentik_events.notificationwebhookmapping` - Webhook Mapping
+        > -   `authentik_flows.flow` - Flow
+        > -   `authentik_flows.flowstagebinding` - Flow Stage Binding
+        > -   `authentik_outposts.dockerserviceconnection` - Docker Service-Connection
+        > -   `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection
+        > -   `authentik_outposts.outpost` - Outpost
+        > -   `authentik_policies_dummy.dummypolicy` - Dummy Policy
+        > -   `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy
+        > -   `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy
+        > -   `authentik_policies_expression.expressionpolicy` - Expression Policy
+        > -   `authentik_policies_password.passwordpolicy` - Password Policy
+        > -   `authentik_policies_reputation.reputationpolicy` - Reputation Policy
+        > -   `authentik_policies_reputation.reputation` - Reputation Score
+        > -   `authentik_policies.policybinding` - Policy Binding
+        > -   `authentik_providers_ldap.ldapprovider` - LDAP Provider
+        > -   `authentik_providers_oauth2.scopemapping` - Scope Mapping
+        > -   `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider
+        > -   `authentik_providers_oauth2.authorizationcode` - Authorization Code
+        > -   `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token
+        > -   `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token
+        > -   `authentik_providers_proxy.proxyprovider` - Proxy Provider
+        > -   `authentik_providers_radius.radiusprovider` - Radius Provider
+        > -   `authentik_providers_saml.samlprovider` - SAML Provider
+        > -   `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping
+        > -   `authentik_providers_scim.scimprovider` - SCIM Provider
+        > -   `authentik_providers_scim.scimmapping` - SCIM Mapping
+        > -   `authentik_rbac.role` - Role
+        > -   `authentik_sources_ldap.ldapsource` - LDAP Source
+        > -   `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping
+        > -   `authentik_sources_oauth.oauthsource` - OAuth Source
+        > -   `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection
+        > -   `authentik_sources_plex.plexsource` - Plex Source
+        > -   `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
+        > -   `authentik_sources_saml.samlsource` - SAML Source
+        > -   `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
+        > -   `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_duo.duodevice` - Duo Device
+        > -   `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_sms.smsdevice` - SMS Device
+        > -   `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
+        > -   `authentik_stages_authenticator_static.staticdevice` - Static Device
+        > -   `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
+        > -   `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage
+        > -   `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device
+        > -   `authentik_stages_captcha.captchastage` - Captcha Stage
+        > -   `authentik_stages_consent.consentstage` - Consent Stage
+        > -   `authentik_stages_consent.userconsent` - User Consent
+        > -   `authentik_stages_deny.denystage` - Deny Stage
+        > -   `authentik_stages_dummy.dummystage` - Dummy Stage
+        > -   `authentik_stages_email.emailstage` - Email Stage
+        > -   `authentik_stages_identification.identificationstage` - Identification Stage
+        > -   `authentik_stages_invitation.invitationstage` - Invitation Stage
+        > -   `authentik_stages_invitation.invitation` - Invitation
+        > -   `authentik_stages_password.passwordstage` - Password Stage
+        > -   `authentik_stages_prompt.prompt` - Prompt
+        > -   `authentik_stages_prompt.promptstage` - Prompt Stage
+        > -   `authentik_stages_user_delete.userdeletestage` - User Delete Stage
+        > -   `authentik_stages_user_login.userloginstage` - User Login Stage
+        > -   `authentik_stages_user_logout.userlogoutstage` - User Logout Stage
+        > -   `authentik_stages_user_write.userwritestage` - User Write Stage
+        > -   `authentik_tenants.tenant` - Tenant
+        > -   `authentik_blueprints.blueprintinstance` - Blueprint Instance
+        > -   `authentik_core.group` - Group
+        > -   `authentik_core.user` - User
+        > -   `authentik_core.application` - Application
+        > -   `authentik_core.token` - Token
+        > -   `authentik_enterprise.license` - License
+
+        Added enum values:
+
+        -   `authentik_rbac.role`
+        -   `authentik_stages_authenticator_static.staticdevice`
+        -   `authentik_stages_authenticator_totp.totpdevice`
+        -   `authentik_enterprise.license`
+
+##### `GET` /policies/event_matcher/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > Event Matcher Policy Serializer
+
+        -   Changed property `app` (string)
+
+            > -   `authentik.admin` - authentik Admin
+            > -   `authentik.api` - authentik API
+            > -   `authentik.crypto` - authentik Crypto
+            > -   `authentik.events` - authentik Events
+            > -   `authentik.flows` - authentik Flows
+            > -   `authentik.outposts` - authentik Outpost
+            > -   `authentik.policies.dummy` - authentik Policies.Dummy
+            > -   `authentik.policies.event_matcher` - authentik Policies.Event Matcher
+            > -   `authentik.policies.expiry` - authentik Policies.Expiry
+            > -   `authentik.policies.expression` - authentik Policies.Expression
+            > -   `authentik.policies.password` - authentik Policies.Password
+            > -   `authentik.policies.reputation` - authentik Policies.Reputation
+            > -   `authentik.policies` - authentik Policies
+            > -   `authentik.providers.ldap` - authentik Providers.LDAP
+            > -   `authentik.providers.oauth2` - authentik Providers.OAuth2
+            > -   `authentik.providers.proxy` - authentik Providers.Proxy
+            > -   `authentik.providers.radius` - authentik Providers.Radius
+            > -   `authentik.providers.saml` - authentik Providers.SAML
+            > -   `authentik.providers.scim` - authentik Providers.SCIM
+            > -   `authentik.rbac` - authentik RBAC
+            > -   `authentik.recovery` - authentik Recovery
+            > -   `authentik.sources.ldap` - authentik Sources.LDAP
+            > -   `authentik.sources.oauth` - authentik Sources.OAuth
+            > -   `authentik.sources.plex` - authentik Sources.Plex
+            > -   `authentik.sources.saml` - authentik Sources.SAML
+            > -   `authentik.stages.authenticator` - authentik Stages.Authenticator
+            > -   `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
+            > -   `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
+            > -   `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
+            > -   `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
+            > -   `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
+            > -   `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
+            > -   `authentik.stages.captcha` - authentik Stages.Captcha
+            > -   `authentik.stages.consent` - authentik Stages.Consent
+            > -   `authentik.stages.deny` - authentik Stages.Deny
+            > -   `authentik.stages.dummy` - authentik Stages.Dummy
+            > -   `authentik.stages.email` - authentik Stages.Email
+            > -   `authentik.stages.identification` - authentik Stages.Identification
+            > -   `authentik.stages.invitation` - authentik Stages.User Invitation
+            > -   `authentik.stages.password` - authentik Stages.Password
+            > -   `authentik.stages.prompt` - authentik Stages.Prompt
+            > -   `authentik.stages.user_delete` - authentik Stages.User Delete
+            > -   `authentik.stages.user_login` - authentik Stages.User Login
+            > -   `authentik.stages.user_logout` - authentik Stages.User Logout
+            > -   `authentik.stages.user_write` - authentik Stages.User Write
+            > -   `authentik.tenants` - authentik Tenants
+            > -   `authentik.blueprints` - authentik Blueprints
+            > -   `authentik.core` - authentik Core
+            > -   `authentik.enterprise` - authentik Enterprise
+
+            Added enum values:
+
+            -   `authentik.rbac`
+            -   `authentik.stages.authenticator`
+
+        -   Changed property `model` (string)
+
+            > -   `authentik_crypto.certificatekeypair` - Certificate-Key Pair
+            > -   `authentik_events.event` - Event
+            > -   `authentik_events.notificationtransport` - Notification Transport
+            > -   `authentik_events.notification` - Notification
+            > -   `authentik_events.notificationrule` - Notification Rule
+            > -   `authentik_events.notificationwebhookmapping` - Webhook Mapping
+            > -   `authentik_flows.flow` - Flow
+            > -   `authentik_flows.flowstagebinding` - Flow Stage Binding
+            > -   `authentik_outposts.dockerserviceconnection` - Docker Service-Connection
+            > -   `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection
+            > -   `authentik_outposts.outpost` - Outpost
+            > -   `authentik_policies_dummy.dummypolicy` - Dummy Policy
+            > -   `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy
+            > -   `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy
+            > -   `authentik_policies_expression.expressionpolicy` - Expression Policy
+            > -   `authentik_policies_password.passwordpolicy` - Password Policy
+            > -   `authentik_policies_reputation.reputationpolicy` - Reputation Policy
+            > -   `authentik_policies_reputation.reputation` - Reputation Score
+            > -   `authentik_policies.policybinding` - Policy Binding
+            > -   `authentik_providers_ldap.ldapprovider` - LDAP Provider
+            > -   `authentik_providers_oauth2.scopemapping` - Scope Mapping
+            > -   `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider
+            > -   `authentik_providers_oauth2.authorizationcode` - Authorization Code
+            > -   `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token
+            > -   `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token
+            > -   `authentik_providers_proxy.proxyprovider` - Proxy Provider
+            > -   `authentik_providers_radius.radiusprovider` - Radius Provider
+            > -   `authentik_providers_saml.samlprovider` - SAML Provider
+            > -   `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping
+            > -   `authentik_providers_scim.scimprovider` - SCIM Provider
+            > -   `authentik_providers_scim.scimmapping` - SCIM Mapping
+            > -   `authentik_rbac.role` - Role
+            > -   `authentik_sources_ldap.ldapsource` - LDAP Source
+            > -   `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping
+            > -   `authentik_sources_oauth.oauthsource` - OAuth Source
+            > -   `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection
+            > -   `authentik_sources_plex.plexsource` - Plex Source
+            > -   `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
+            > -   `authentik_sources_saml.samlsource` - SAML Source
+            > -   `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
+            > -   `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
+            > -   `authentik_stages_authenticator_duo.duodevice` - Duo Device
+            > -   `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
+            > -   `authentik_stages_authenticator_sms.smsdevice` - SMS Device
+            > -   `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
+            > -   `authentik_stages_authenticator_static.staticdevice` - Static Device
+            > -   `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
+            > -   `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
+            > -   `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage
+            > -   `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage
+            > -   `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device
+            > -   `authentik_stages_captcha.captchastage` - Captcha Stage
+            > -   `authentik_stages_consent.consentstage` - Consent Stage
+            > -   `authentik_stages_consent.userconsent` - User Consent
+            > -   `authentik_stages_deny.denystage` - Deny Stage
+            > -   `authentik_stages_dummy.dummystage` - Dummy Stage
+            > -   `authentik_stages_email.emailstage` - Email Stage
+            > -   `authentik_stages_identification.identificationstage` - Identification Stage
+            > -   `authentik_stages_invitation.invitationstage` - Invitation Stage
+            > -   `authentik_stages_invitation.invitation` - Invitation
+            > -   `authentik_stages_password.passwordstage` - Password Stage
+            > -   `authentik_stages_prompt.prompt` - Prompt
+            > -   `authentik_stages_prompt.promptstage` - Prompt Stage
+            > -   `authentik_stages_user_delete.userdeletestage` - User Delete Stage
+            > -   `authentik_stages_user_login.userloginstage` - User Login Stage
+            > -   `authentik_stages_user_logout.userlogoutstage` - User Logout Stage
+            > -   `authentik_stages_user_write.userwritestage` - User Write Stage
+            > -   `authentik_tenants.tenant` - Tenant
+            > -   `authentik_blueprints.blueprintinstance` - Blueprint Instance
+            > -   `authentik_core.group` - Group
+            > -   `authentik_core.user` - User
+            > -   `authentik_core.application` - Application
+            > -   `authentik_core.token` - Token
+            > -   `authentik_enterprise.license` - License
+
+            Added enum values:
+
+            -   `authentik_rbac.role`
+            -   `authentik_stages_authenticator_static.staticdevice`
+            -   `authentik_stages_authenticator_totp.totpdevice`
+            -   `authentik_enterprise.license`
+
+##### `POST` /providers/radius/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `mfa_support` (boolean)
+    > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+-   Changed content type : `application/json`
+
+    -   Added property `mfa_support` (boolean)
+        > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
+
+##### `GET` /providers/radius/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > RadiusProvider Serializer
+
+        -   Added property `mfa_support` (boolean)
+            > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
+
+##### `GET` /providers/saml/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `default_relay_state` (string)
+        > Default relay_state value for IDP-initiated logins
+
+##### `PUT` /providers/saml/{id}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `default_relay_state` (string)
+    > Default relay_state value for IDP-initiated logins
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `default_relay_state` (string)
+        > Default relay_state value for IDP-initiated logins
+
+##### `PATCH` /providers/saml/{id}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `default_relay_state` (string)
+    > Default relay_state value for IDP-initiated logins
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `default_relay_state` (string)
+        > Default relay_state value for IDP-initiated logins
+
+##### `GET` /sources/oauth/{slug}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `type` (object)
+
+        > Serializer for SourceType
+
+        New required properties:
+
+        -   `oidc_jwks_url`
+        -   `oidc_well_known_url`
+
+        *   Added property `oidc_well_known_url` (string)
+
+        *   Added property `oidc_jwks_url` (string)
+
+##### `PUT` /sources/oauth/{slug}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `type` (object)
+
+        > Serializer for SourceType
+
+        New required properties:
+
+        -   `oidc_jwks_url`
+        -   `oidc_well_known_url`
+
+        *   Added property `oidc_well_known_url` (string)
+
+        *   Added property `oidc_jwks_url` (string)
+
+##### `PATCH` /sources/oauth/{slug}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `type` (object)
+
+        > Serializer for SourceType
+
+        New required properties:
+
+        -   `oidc_jwks_url`
+        -   `oidc_well_known_url`
+
+        *   Added property `oidc_well_known_url` (string)
+
+        *   Added property `oidc_jwks_url` (string)
+
+##### `POST` /core/groups/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `roles` (array)
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+-   Changed content type : `application/json`
+
+    New required properties:
+
+    -   `roles_obj`
+
+    *   Added property `roles` (array)
+
+    *   Added property `roles_obj` (array)
+
+##### `GET` /core/groups/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > Group Serializer
+
+        New required properties:
+
+        -   `roles_obj`
+
+        *   Added property `roles` (array)
+
+        *   Added property `roles_obj` (array)
+
+##### `POST` /core/tokens/
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `user_obj` (object)
+
+        > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `GET` /core/tokens/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > Token Serializer
+
+        -   Changed property `user_obj` (object)
+
+            > User Serializer
+
+            New required properties:
+
+            -   `uuid`
+
+            *   Added property `uuid` (string)
+
+##### `GET` /core/user_consent/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `user` (object)
+
+        > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `POST` /core/users/
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+-   Changed content type : `application/json`
+
+    New required properties:
+
+    -   `uuid`
+
+    *   Added property `uuid` (string)
+
+##### `GET` /core/users/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `GET` /core/users/me/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `user` (object)
+
+        > User Serializer for information a user can retrieve about themselves
+
+        New required properties:
+
+        -   `system_permissions`
+
+        *   Added property `system_permissions` (array)
+
+            > Get all system permissions assigned to the user
+
+            Items (string):
+
+##### `POST` /events/rules/
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `group_obj` (object)
+
+        > Group Serializer
+
+        New required properties:
+
+        -   `roles_obj`
+
+        *   Added property `roles` (array)
+
+        *   Added property `roles_obj` (array)
+
+##### `GET` /events/rules/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > NotificationRule Serializer
+
+        -   Changed property `group_obj` (object)
+
+            > Group Serializer
+
+            New required properties:
+
+            -   `roles_obj`
+
+            *   Added property `roles` (array)
+
+            *   Added property `roles_obj` (array)
+
+##### `GET` /oauth2/access_tokens/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `user` (object)
+
+        > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `GET` /oauth2/authorization_codes/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `user` (object)
+
+        > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `GET` /oauth2/refresh_tokens/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `user` (object)
+
+        > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `POST` /policies/bindings/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `failure_result` (boolean)
+
+    > Result if the Policy execution fails.
+
+-   Changed property `timeout` (integer)
+    > Timeout after which Policy execution is terminated.
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+-   Changed content type : `application/json`
+
+    -   Added property `failure_result` (boolean)
+
+        > Result if the Policy execution fails.
+
+    -   Changed property `timeout` (integer)
+
+        > Timeout after which Policy execution is terminated.
+
+    -   Changed property `group_obj` (object)
+
+        > Group Serializer
+
+        New required properties:
+
+        -   `roles_obj`
+
+        *   Added property `roles` (array)
+
+        *   Added property `roles_obj` (array)
+
+    -   Changed property `user_obj` (object)
+
+        > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `GET` /policies/bindings/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > PolicyBinding Serializer
+
+        -   Added property `failure_result` (boolean)
+
+            > Result if the Policy execution fails.
+
+        -   Changed property `timeout` (integer)
+
+            > Timeout after which Policy execution is terminated.
+
+        -   Changed property `group_obj` (object)
+
+            > Group Serializer
+
+            New required properties:
+
+            -   `roles_obj`
+
+            *   Added property `roles` (array)
+
+            *   Added property `roles_obj` (array)
+
+        -   Changed property `user_obj` (object)
+
+            > User Serializer
+
+            New required properties:
+
+            -   `uuid`
+
+            *   Added property `uuid` (string)
+
+##### `POST` /providers/saml/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `default_relay_state` (string)
+    > Default relay_state value for IDP-initiated logins
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+-   Changed content type : `application/json`
+
+    -   Added property `default_relay_state` (string)
+        > Default relay_state value for IDP-initiated logins
+
+##### `GET` /providers/saml/
+
+###### Parameters:
+
+Added: `default_relay_state` in `query`
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > SAMLProvider Serializer
+
+        -   Added property `default_relay_state` (string)
+            > Default relay_state value for IDP-initiated logins
+
+##### `POST` /sources/oauth/
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `type` (object)
+
+        > Serializer for SourceType
+
+        New required properties:
+
+        -   `oidc_jwks_url`
+        -   `oidc_well_known_url`
+
+        *   Added property `oidc_well_known_url` (string)
+
+        *   Added property `oidc_jwks_url` (string)
+
+##### `GET` /sources/oauth/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > OAuth Source Serializer
+
+        -   Changed property `type` (object)
+
+            > Serializer for SourceType
+
+            New required properties:
+
+            -   `oidc_jwks_url`
+            -   `oidc_well_known_url`
+
+            *   Added property `oidc_well_known_url` (string)
+
+            *   Added property `oidc_jwks_url` (string)
+
+##### `GET` /stages/authenticator/sms/{stage_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `verify_only` (boolean)
+        > When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
+
+##### `PUT` /stages/authenticator/sms/{stage_uuid}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Changed property `verify_only` (boolean)
+    > When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `verify_only` (boolean)
+        > When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
+
+##### `PATCH` /stages/authenticator/sms/{stage_uuid}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Changed property `verify_only` (boolean)
+    > When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `verify_only` (boolean)
+        > When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
+
+##### `GET` /stages/deny/{stage_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `deny_message` (string)
+
+##### `PUT` /stages/deny/{stage_uuid}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `deny_message` (string)
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `deny_message` (string)
+
+##### `PATCH` /stages/deny/{stage_uuid}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `deny_message` (string)
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `deny_message` (string)
+
+##### `GET` /core/user_consent/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > UserConsent Serializer
+
+        -   Changed property `user` (object)
+
+            > User Serializer
+
+            New required properties:
+
+            -   `uuid`
+
+            *   Added property `uuid` (string)
+
+##### `GET` /oauth2/access_tokens/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > Serializer for BaseGrantModel and RefreshToken
+
+        -   Changed property `user` (object)
+
+            > User Serializer
+
+            New required properties:
+
+            -   `uuid`
+
+            *   Added property `uuid` (string)
+
+##### `GET` /oauth2/authorization_codes/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
+
+        -   Changed property `user` (object)
+
+            > User Serializer
+
+            New required properties:
+
+            -   `uuid`
+
+            *   Added property `uuid` (string)
+
+##### `GET` /oauth2/refresh_tokens/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > Serializer for BaseGrantModel and RefreshToken
+
+        -   Changed property `user` (object)
+
+            > User Serializer
+
+            New required properties:
+
+            -   `uuid`
+
+            *   Added property `uuid` (string)
+
+##### `POST` /stages/authenticator/sms/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Changed property `verify_only` (boolean)
+    > When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `verify_only` (boolean)
+        > When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
+
+##### `GET` /stages/authenticator/sms/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > AuthenticatorSMSStage Serializer
+
+        -   Changed property `verify_only` (boolean)
+            > When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
+
+##### `POST` /stages/deny/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `deny_message` (string)
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+-   Changed content type : `application/json`
+
+    -   Added property `deny_message` (string)
+
+##### `GET` /stages/deny/
+
+###### Parameters:
+
+Added: `deny_message` in `query`
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > DenyStage Serializer
+
+        -   Added property `deny_message` (string)
diff --git a/website/sidebars.js b/website/sidebars.js
index ac76683fd..e03cd39d9 100644
--- a/website/sidebars.js
+++ b/website/sidebars.js
@@ -316,13 +316,14 @@ const docsSidebar = {
                 description: "Release notes for recent authentik versions",
             },
             items: [
+                "releases/2023/v2023.10",
                 "releases/2023/v2023.8",
                 "releases/2023/v2023.6",
-                "releases/2023/v2023.5",
                 {
                     type: "category",
                     label: "Previous versions",
                     items: [
+                        "releases/2023/v2023.5",
                         "releases/2023/v2023.4",
                         "releases/2023/v2023.3",
                         "releases/2023/v2023.2",

From 8c6aaf4a2d0cde0b49fdacff296398381b6802f4 Mon Sep 17 00:00:00 2001
From: Jens Langhammer 
Date: Thu, 26 Oct 2023 15:18:47 +0200
Subject: [PATCH 16/38] ci: fix test build

Signed-off-by: Jens Langhammer 
---
 .github/workflows/release-tag.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml
index 21e5a0c44..2365145b4 100644
--- a/.github/workflows/release-tag.yml
+++ b/.github/workflows/release-tag.yml
@@ -16,6 +16,7 @@ jobs:
           echo "PG_PASS=$(openssl rand -base64 32)" >> .env
           echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 32)" >> .env
           docker buildx install
+          mkdir -p ./gen-ts-api
           docker build -t testing:latest .
           echo "AUTHENTIK_IMAGE=testing" >> .env
           echo "AUTHENTIK_TAG=latest" >> .env

From 263d9128c48e50fe5e8cc09f255f2e2a3f17082e Mon Sep 17 00:00:00 2001
From: Jens Langhammer 
Date: Thu, 26 Oct 2023 16:06:00 +0200
Subject: [PATCH 17/38] stages/email: fix path for email icon

Signed-off-by: Jens Langhammer 
---
 authentik/stages/email/utils.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/authentik/stages/email/utils.py b/authentik/stages/email/utils.py
index 5422ec43a..5b2637662 100644
--- a/authentik/stages/email/utils.py
+++ b/authentik/stages/email/utils.py
@@ -1,6 +1,7 @@
 """email utils"""
 from email.mime.image import MIMEImage
 from functools import lru_cache
+from pathlib import Path
 
 from django.core.mail import EmailMultiAlternatives
 from django.template.loader import render_to_string
@@ -10,7 +11,10 @@ from django.utils import translation
 @lru_cache()
 def logo_data():
     """Get logo as MIME Image for emails"""
-    with open("web/icons/icon_left_brand.png", "rb") as _logo_file:
+    path = Path("web/icons/icon_left_brand.png")
+    if not path.exists():
+        path = Path("web/dist/assets/icons/icon_left_brand.png")
+    with open(path, "rb") as _logo_file:
         logo = MIMEImage(_logo_file.read())
     logo.add_header("Content-ID", "logo.png")
     return logo

From 12bb1554f645173c5e462b419b826f25ab363386 Mon Sep 17 00:00:00 2001
From: Jens Langhammer 
Date: Thu, 26 Oct 2023 16:51:52 +0200
Subject: [PATCH 18/38] ci: fix release pipeline

Signed-off-by: Jens Langhammer 
---
 .github/workflows/release-publish.yml | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release-publish.yml b/.github/workflows/release-publish.yml
index 297d266d5..e1a024786 100644
--- a/.github/workflows/release-publish.yml
+++ b/.github/workflows/release-publish.yml
@@ -27,8 +27,10 @@ jobs:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: make empty ts client
-        run: mkdir -p ./gen-ts-client
+      - name: make empty clients
+        run: |
+          mkdir -p ./gen-ts-api
+          mkdir -p ./gen-go-api
       - name: Build Docker Image
         uses: docker/build-push-action@v5
         with:
@@ -69,6 +71,10 @@ jobs:
       - name: prepare variables
         uses: ./.github/actions/docker-push-variables
         id: ev
+      - name: make empty clients
+        run: |
+          mkdir -p ./gen-ts-api
+          mkdir -p ./gen-go-api
       - name: Docker Login Registry
         uses: docker/login-action@v3
         with:
@@ -93,6 +99,7 @@ jobs:
             ghcr.io/goauthentik/${{ matrix.type }}:latest
           file: ${{ matrix.type }}.Dockerfile
           platforms: linux/amd64,linux/arm64
+          context: .
           build-args: |
             VERSION=${{ steps.ev.outputs.version }}
             VERSION_FAMILY=${{ steps.ev.outputs.versionFamily }}

From ed46fd629efd4307040c494faaec544a5cb7b3ee Mon Sep 17 00:00:00 2001
From: Jens Langhammer 
Date: Thu, 26 Oct 2023 16:51:57 +0200
Subject: [PATCH 19/38] release: 2023.10.0

---
 .bumpversion.cfg                | 2 +-
 authentik/__init__.py           | 2 +-
 docker-compose.yml              | 4 ++--
 internal/constants/constants.go | 2 +-
 pyproject.toml                  | 2 +-
 schema.yml                      | 2 +-
 web/src/common/constants.ts     | 2 +-
 7 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.bumpversion.cfg b/.bumpversion.cfg
index bb2356e3b..70e46a451 100644
--- a/.bumpversion.cfg
+++ b/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2023.8.3
+current_version = 2023.10.0
 tag = True
 commit = True
 parse = (?P\d+)\.(?P\d+)\.(?P\d+)
diff --git a/authentik/__init__.py b/authentik/__init__.py
index a08d2bfe9..8f2d4d9b7 100644
--- a/authentik/__init__.py
+++ b/authentik/__init__.py
@@ -2,7 +2,7 @@
 from os import environ
 from typing import Optional
 
-__version__ = "2023.8.3"
+__version__ = "2023.10.0"
 ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"
 
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 8cbf644d5..35efe0394 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -32,7 +32,7 @@ services:
     volumes:
       - redis:/data
   server:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.8.3}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.10.0}
     restart: unless-stopped
     command: server
     environment:
@@ -53,7 +53,7 @@ services:
       - postgresql
       - redis
   worker:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.8.3}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.10.0}
     restart: unless-stopped
     command: worker
     environment:
diff --git a/internal/constants/constants.go b/internal/constants/constants.go
index a32e8622f..6f69500f7 100644
--- a/internal/constants/constants.go
+++ b/internal/constants/constants.go
@@ -29,4 +29,4 @@ func UserAgent() string {
 	return fmt.Sprintf("authentik@%s", FullVersion())
 }
 
-const VERSION = "2023.8.3"
+const VERSION = "2023.10.0"
diff --git a/pyproject.toml b/pyproject.toml
index 1b8258785..ea4eaef7d 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -113,7 +113,7 @@ filterwarnings = [
 
 [tool.poetry]
 name = "authentik"
-version = "2023.8.3"
+version = "2023.10.0"
 description = ""
 authors = ["authentik Team "]
 
diff --git a/schema.yml b/schema.yml
index f956fcabb..d92f523ad 100644
--- a/schema.yml
+++ b/schema.yml
@@ -1,7 +1,7 @@
 openapi: 3.0.3
 info:
   title: authentik
-  version: 2023.8.3
+  version: 2023.10.0
   description: Making authentication simple.
   contact:
     email: hello@goauthentik.io
diff --git a/web/src/common/constants.ts b/web/src/common/constants.ts
index 1e58a838a..7051979b7 100644
--- a/web/src/common/constants.ts
+++ b/web/src/common/constants.ts
@@ -3,7 +3,7 @@ export const SUCCESS_CLASS = "pf-m-success";
 export const ERROR_CLASS = "pf-m-danger";
 export const PROGRESS_CLASS = "pf-m-in-progress";
 export const CURRENT_CLASS = "pf-m-current";
-export const VERSION = "2023.8.3";
+export const VERSION = "2023.10.0";
 export const TITLE_DEFAULT = "authentik";
 export const ROUTE_SEPARATOR = ";";
 

From e086da68cded3c585235ab0f8e9c1297fd1c1e6d Mon Sep 17 00:00:00 2001
From: "authentik-automation[bot]"
 <135050075+authentik-automation[bot]@users.noreply.github.com>
Date: Thu, 26 Oct 2023 16:23:15 +0000
Subject: [PATCH 20/38] web: bump API Client version (#7311)

Signed-off-by: GitHub 
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
---
 web/package-lock.json | 8 ++++----
 web/package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/web/package-lock.json b/web/package-lock.json
index f57ee4d88..514ee1a7c 100644
--- a/web/package-lock.json
+++ b/web/package-lock.json
@@ -17,7 +17,7 @@
                 "@codemirror/theme-one-dark": "^6.1.2",
                 "@formatjs/intl-listformat": "^7.5.0",
                 "@fortawesome/fontawesome-free": "^6.4.2",
-                "@goauthentik/api": "^2023.8.3-1698323628",
+                "@goauthentik/api": "^2023.10.0-1698336292",
                 "@lit-labs/context": "^0.4.1",
                 "@lit-labs/task": "^3.1.0",
                 "@lit/localize": "^0.11.4",
@@ -2883,9 +2883,9 @@
             }
         },
         "node_modules/@goauthentik/api": {
-            "version": "2023.8.3-1698323628",
-            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2023.8.3-1698323628.tgz",
-            "integrity": "sha512-qSpmrbLTCQWevjawXO26WYZcQ6Y4Cp/fIQn3KSl8fohK85MwCYLk9pqt6MZl1sC93A3dlak6sYHp9xEG3JN8wQ=="
+            "version": "2023.10.0-1698336292",
+            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2023.10.0-1698336292.tgz",
+            "integrity": "sha512-CZd9d6b0pFR/rbD91+enULWN3JhivHVgjDIHE927MEv2wpqtl5koby7VaMNNM9WL8LQdgzCdJt4nstjnhm21tw=="
         },
         "node_modules/@hcaptcha/types": {
             "version": "1.0.3",
diff --git a/web/package.json b/web/package.json
index cad748060..1b56381c5 100644
--- a/web/package.json
+++ b/web/package.json
@@ -38,7 +38,7 @@
         "@codemirror/theme-one-dark": "^6.1.2",
         "@formatjs/intl-listformat": "^7.5.0",
         "@fortawesome/fontawesome-free": "^6.4.2",
-        "@goauthentik/api": "^2023.8.3-1698323628",
+        "@goauthentik/api": "^2023.10.0-1698336292",
         "@lit-labs/context": "^0.4.1",
         "@lit-labs/task": "^3.1.0",
         "@lit/localize": "^0.11.4",

From 134799c7347f96cd96b343b46e6578ddbe9fcdf9 Mon Sep 17 00:00:00 2001
From: Jens L 
Date: Thu, 26 Oct 2023 19:57:11 +0200
Subject: [PATCH 21/38] root: fix pylint errors (#7312)

---
 authentik/core/api/applications.py     | 1 +
 authentik/core/api/groups.py           | 1 +
 authentik/core/sources/flow_manager.py | 1 +
 3 files changed, 3 insertions(+)

diff --git a/authentik/core/api/applications.py b/authentik/core/api/applications.py
index 478181c28..cb4c01e76 100644
--- a/authentik/core/api/applications.py
+++ b/authentik/core/api/applications.py
@@ -98,6 +98,7 @@ class ApplicationSerializer(ModelSerializer):
 class ApplicationViewSet(UsedByMixin, ModelViewSet):
     """Application Viewset"""
 
+    # pylint: disable=no-member
     queryset = Application.objects.all().prefetch_related("provider")
     serializer_class = ApplicationSerializer
     search_fields = [
diff --git a/authentik/core/api/groups.py b/authentik/core/api/groups.py
index 4c6a8b509..21ba19974 100644
--- a/authentik/core/api/groups.py
+++ b/authentik/core/api/groups.py
@@ -139,6 +139,7 @@ class UserAccountSerializer(PassiveSerializer):
 class GroupViewSet(UsedByMixin, ModelViewSet):
     """Group Viewset"""
 
+    # pylint: disable=no-member
     queryset = Group.objects.all().select_related("parent").prefetch_related("users")
     serializer_class = GroupSerializer
     search_fields = ["name", "is_superuser"]
diff --git a/authentik/core/sources/flow_manager.py b/authentik/core/sources/flow_manager.py
index a452f04d9..0fb038d90 100644
--- a/authentik/core/sources/flow_manager.py
+++ b/authentik/core/sources/flow_manager.py
@@ -97,6 +97,7 @@ class SourceFlowManager:
         if self.request.user.is_authenticated:
             new_connection.user = self.request.user
             new_connection = self.update_connection(new_connection, **kwargs)
+            # pylint: disable=no-member
             new_connection.save()
             return Action.LINK, new_connection
 

From 940492a5e1a70dd1991ab61ec0a99c59d64ac86a Mon Sep 17 00:00:00 2001
From: Jens L 
Date: Thu, 26 Oct 2023 20:05:33 +0200
Subject: [PATCH 22/38] lifecycle: fix otp merge migration (#7315)

Signed-off-by: Jens Langhammer 
---
 lifecycle/system_migrations/otp_merge.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lifecycle/system_migrations/otp_merge.py b/lifecycle/system_migrations/otp_merge.py
index 013818606..6e6a1970c 100644
--- a/lifecycle/system_migrations/otp_merge.py
+++ b/lifecycle/system_migrations/otp_merge.py
@@ -2,6 +2,7 @@
 from lifecycle.migrate import BaseMigration
 
 SQL_STATEMENT = """
+BEGIN TRANSACTION;
 DELETE FROM django_migrations WHERE app = 'otp_static';
 DELETE FROM django_migrations WHERE app = 'otp_totp';
 -- Rename tables (static)
@@ -12,6 +13,7 @@ ALTER SEQUENCE otp_static_staticdevice_id_seq RENAME TO authentik_stages_authent
 -- Rename tables (totp)
 ALTER TABLE otp_totp_totpdevice RENAME TO authentik_stages_authenticator_totp_totpdevice;
 ALTER SEQUENCE otp_totp_totpdevice_id_seq RENAME TO authentik_stages_authenticator_totp_totpdevice_id_seq;
+COMMIT;
 """
 
 

From 64c38909ffd969787f2d634b0e971b90a451d5db Mon Sep 17 00:00:00 2001
From: Jens Langhammer 
Date: Thu, 26 Oct 2023 20:06:05 +0200
Subject: [PATCH 23/38] release: 2023.10.1

---
 .bumpversion.cfg                | 2 +-
 authentik/__init__.py           | 2 +-
 docker-compose.yml              | 4 ++--
 internal/constants/constants.go | 2 +-
 pyproject.toml                  | 2 +-
 schema.yml                      | 2 +-
 web/src/common/constants.ts     | 2 +-
 7 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.bumpversion.cfg b/.bumpversion.cfg
index 70e46a451..582895915 100644
--- a/.bumpversion.cfg
+++ b/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2023.10.0
+current_version = 2023.10.1
 tag = True
 commit = True
 parse = (?P\d+)\.(?P\d+)\.(?P\d+)
diff --git a/authentik/__init__.py b/authentik/__init__.py
index 8f2d4d9b7..2a9fc00e3 100644
--- a/authentik/__init__.py
+++ b/authentik/__init__.py
@@ -2,7 +2,7 @@
 from os import environ
 from typing import Optional
 
-__version__ = "2023.10.0"
+__version__ = "2023.10.1"
 ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"
 
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 35efe0394..a262103c9 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -32,7 +32,7 @@ services:
     volumes:
       - redis:/data
   server:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.10.0}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.10.1}
     restart: unless-stopped
     command: server
     environment:
@@ -53,7 +53,7 @@ services:
       - postgresql
       - redis
   worker:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.10.0}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.10.1}
     restart: unless-stopped
     command: worker
     environment:
diff --git a/internal/constants/constants.go b/internal/constants/constants.go
index 6f69500f7..d49e2fc33 100644
--- a/internal/constants/constants.go
+++ b/internal/constants/constants.go
@@ -29,4 +29,4 @@ func UserAgent() string {
 	return fmt.Sprintf("authentik@%s", FullVersion())
 }
 
-const VERSION = "2023.10.0"
+const VERSION = "2023.10.1"
diff --git a/pyproject.toml b/pyproject.toml
index ea4eaef7d..0de02d7c3 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -113,7 +113,7 @@ filterwarnings = [
 
 [tool.poetry]
 name = "authentik"
-version = "2023.10.0"
+version = "2023.10.1"
 description = ""
 authors = ["authentik Team "]
 
diff --git a/schema.yml b/schema.yml
index d92f523ad..903a01bf2 100644
--- a/schema.yml
+++ b/schema.yml
@@ -1,7 +1,7 @@
 openapi: 3.0.3
 info:
   title: authentik
-  version: 2023.10.0
+  version: 2023.10.1
   description: Making authentication simple.
   contact:
     email: hello@goauthentik.io
diff --git a/web/src/common/constants.ts b/web/src/common/constants.ts
index 7051979b7..13671883b 100644
--- a/web/src/common/constants.ts
+++ b/web/src/common/constants.ts
@@ -3,7 +3,7 @@ export const SUCCESS_CLASS = "pf-m-success";
 export const ERROR_CLASS = "pf-m-danger";
 export const PROGRESS_CLASS = "pf-m-in-progress";
 export const CURRENT_CLASS = "pf-m-current";
-export const VERSION = "2023.10.0";
+export const VERSION = "2023.10.1";
 export const TITLE_DEFAULT = "authentik";
 export const ROUTE_SEPARATOR = ";";
 

From eb53c28352db95f49cd59b3097639ada29a428b6 Mon Sep 17 00:00:00 2001
From: Jens L 
Date: Thu, 26 Oct 2023 20:16:07 +0200
Subject: [PATCH 24/38] website/docs: update release notes for 2023.10.1
 (#7316)

website/docs: update for 2023.10.1

Signed-off-by: Jens Langhammer 
---
 website/docs/releases/2023/v2023.10.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/website/docs/releases/2023/v2023.10.md b/website/docs/releases/2023/v2023.10.md
index 1ae4203e8..e9fba9bc2 100644
--- a/website/docs/releases/2023/v2023.10.md
+++ b/website/docs/releases/2023/v2023.10.md
@@ -113,6 +113,10 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2023.10
 -   web: change 'Attributes' to 'Custom attributes' on Invitation Field (#7145)
 -   web: the return of pseudolocalization (#7190)
 
+## Fixed in 2023.10.1
+
+-   lifecycle: fix otp merge migration (#7315)
+
 ## API Changes
 
 #### What's New

From 2ce5c74f3323c98523bc84dc273befa4cadca8d8 Mon Sep 17 00:00:00 2001
From: "authentik-automation[bot]"
 <135050075+authentik-automation[bot]@users.noreply.github.com>
Date: Thu, 26 Oct 2023 21:50:17 +0200
Subject: [PATCH 25/38] web: bump API Client version (#7321)

Signed-off-by: GitHub 
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
---
 web/package-lock.json | 8 ++++----
 web/package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/web/package-lock.json b/web/package-lock.json
index 514ee1a7c..1b8168963 100644
--- a/web/package-lock.json
+++ b/web/package-lock.json
@@ -17,7 +17,7 @@
                 "@codemirror/theme-one-dark": "^6.1.2",
                 "@formatjs/intl-listformat": "^7.5.0",
                 "@fortawesome/fontawesome-free": "^6.4.2",
-                "@goauthentik/api": "^2023.10.0-1698336292",
+                "@goauthentik/api": "^2023.10.1-1698348102",
                 "@lit-labs/context": "^0.4.1",
                 "@lit-labs/task": "^3.1.0",
                 "@lit/localize": "^0.11.4",
@@ -2883,9 +2883,9 @@
             }
         },
         "node_modules/@goauthentik/api": {
-            "version": "2023.10.0-1698336292",
-            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2023.10.0-1698336292.tgz",
-            "integrity": "sha512-CZd9d6b0pFR/rbD91+enULWN3JhivHVgjDIHE927MEv2wpqtl5koby7VaMNNM9WL8LQdgzCdJt4nstjnhm21tw=="
+            "version": "2023.10.1-1698348102",
+            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2023.10.1-1698348102.tgz",
+            "integrity": "sha512-Melx4hoHOLbgAOHREGzx83uN5BKvgql4qIUloxh/abvNeGLlfKL49caiU8++ANUaERr1vb8X2tHFwiwxtqXKeQ=="
         },
         "node_modules/@hcaptcha/types": {
             "version": "1.0.3",
diff --git a/web/package.json b/web/package.json
index 1b56381c5..c4b4c04b7 100644
--- a/web/package.json
+++ b/web/package.json
@@ -38,7 +38,7 @@
         "@codemirror/theme-one-dark": "^6.1.2",
         "@formatjs/intl-listformat": "^7.5.0",
         "@fortawesome/fontawesome-free": "^6.4.2",
-        "@goauthentik/api": "^2023.10.0-1698336292",
+        "@goauthentik/api": "^2023.10.1-1698348102",
         "@lit-labs/context": "^0.4.1",
         "@lit-labs/task": "^3.1.0",
         "@lit/localize": "^0.11.4",

From 2b4b1d2f76dd6a6f8ac8f2d0bdcd138098346ef3 Mon Sep 17 00:00:00 2001
From: Jens L 
Date: Fri, 27 Oct 2023 00:39:06 +0200
Subject: [PATCH 26/38] stages/email: fix sending emails from task (#7325)

closes #7322

Signed-off-by: Jens Langhammer 
---
 authentik/stages/email/tasks.py | 5 +++++
 authentik/stages/email/utils.py | 3 +--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/authentik/stages/email/tasks.py b/authentik/stages/email/tasks.py
index 02011d7f7..6f0b6e104 100644
--- a/authentik/stages/email/tasks.py
+++ b/authentik/stages/email/tasks.py
@@ -13,6 +13,7 @@ from authentik.events.models import Event, EventAction
 from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus
 from authentik.root.celery import CELERY_APP
 from authentik.stages.email.models import EmailStage
+from authentik.stages.email.utils import logo_data
 
 LOGGER = get_logger()
 
@@ -81,6 +82,10 @@ def send_mail(self: MonitoredTask, message: dict[Any, Any], email_stage_pk: Opti
         # Because we use the Message-ID as UID for the task, manually assign it
         message_object.extra_headers["Message-ID"] = message_id
 
+        # Add the logo (we can't add it in the previous message since MIMEImage
+        # can't be converted to json)
+        message_object.attach(logo_data())
+
         LOGGER.debug("Sending mail", to=message_object.to)
         backend.send_messages([message_object])
         Event.new(
diff --git a/authentik/stages/email/utils.py b/authentik/stages/email/utils.py
index 5b2637662..a6edd4609 100644
--- a/authentik/stages/email/utils.py
+++ b/authentik/stages/email/utils.py
@@ -9,7 +9,7 @@ from django.utils import translation
 
 
 @lru_cache()
-def logo_data():
+def logo_data() -> MIMEImage:
     """Get logo as MIME Image for emails"""
     path = Path("web/icons/icon_left_brand.png")
     if not path.exists():
@@ -29,5 +29,4 @@ class TemplateEmailMessage(EmailMultiAlternatives):
         super().__init__(**kwargs)
         self.content_subtype = "html"
         self.mixed_subtype = "related"
-        self.attach(logo_data())
         self.attach_alternative(html_content, "text/html")

From 7d91842e8a26fad3706783f70d037edbc2e8a32e Mon Sep 17 00:00:00 2001
From: Jens L 
Date: Fri, 27 Oct 2023 00:41:13 +0200
Subject: [PATCH 27/38] providers/proxy: attempt to fix duplicate cookie
 (#7324)

Signed-off-by: Jens Langhammer 
---
 internal/outpost/proxyv2/application/session.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/outpost/proxyv2/application/session.go b/internal/outpost/proxyv2/application/session.go
index f89f0315a..ec46d02ff 100644
--- a/internal/outpost/proxyv2/application/session.go
+++ b/internal/outpost/proxyv2/application/session.go
@@ -50,7 +50,7 @@ func (a *Application) getStore(p api.ProxyOutpostConfig, externalHost *url.URL)
 			Domain:   *p.CookieDomain,
 			SameSite: http.SameSiteLaxMode,
 			MaxAge:   maxAge,
-			Path:     externalHost.Path,
+			Path:     "/",
 		})
 
 		a.log.Trace("using redis session backend")

From 6b25f6f592fce2d0b7fa8b461b31117adff1465d Mon Sep 17 00:00:00 2001
From: Tana M Berry 
Date: Thu, 26 Oct 2023 21:19:14 -0500
Subject: [PATCH 28/38] website/blogs: Blog dockers (#7328)

* Dockers blog draft

* redo

* renamed dir

* renamed directory

* added email address

* formatting

* title tweak

* Kens edits

* link

---------

Co-authored-by: Tana Berry 
---
 .../item.md                                   | 130 ++++++++++++++++++
 1 file changed, 130 insertions(+)
 create mode 100644 website/blog/2023-10-26-you-might-be-doing-containers-wrong/item.md

diff --git a/website/blog/2023-10-26-you-might-be-doing-containers-wrong/item.md b/website/blog/2023-10-26-you-might-be-doing-containers-wrong/item.md
new file mode 100644
index 000000000..77680e685
--- /dev/null
+++ b/website/blog/2023-10-26-you-might-be-doing-containers-wrong/item.md
@@ -0,0 +1,130 @@
+---
+title: 3 ways you (might be) doing containers wrong
+description: “Using containers is not a best practice in itself. Here are some mistakes beginners make with containers, and how we set them up correctly at authentik.”
+authors:
+    - name: Jens Langhammer
+      title: CTO at Authentik Security Inc
+      url: https://github.com/BeryJu
+      image_url: https://github.com/BeryJu.png
+tags:
+    - application
+    - runtime
+    - SSO
+    - Docker
+    - containers
+    - :latest
+    - identity provider
+    - security
+    - authentication
+hide_table_of_contents: false
+---
+
+_authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. Authentik Security is a [public benefit company](https://github.com/OpenCoreVentures/ocv-public-benefit-company/blob/main/ocv-public-benefit-company-charter.md) building on top of the open source project._
+
+---
+
+There are two ways to judge an application:
+
+1. Does it do what it’s supposed to do?
+2. Is it easy to run?
+
+This post is about the second.
+
+Using containers is not a best practice in itself. As an infrastructure engineer by background, I’m pretty opinionated about how to set up containers properly. Doing things the “right” way makes things easier not just for you, but for your users as well.
+
+Below are some common mistakes that I see beginners make with containers:
+
+1. Using one container per application
+2. Installing things at runtime
+3. Writing logs to files instead of stdout
+
+## Mistake #1: One container per application
+
+There tend to be two mindsets when approaching setting up containers:
+
+-   The inexperienced usually think 1 container = 1 application
+-   The other option is 1 container = 1 service
+
+Your application usually consists of multiple services, and to my mind these should always be separated into their own containers (in keeping with the [Single Responsibility Principle](https://en.wikipedia.org/wiki/Single-responsibility_principle)).
+
+For example, authentik consists of four components (services):
+
+-   Server
+-   Worker
+-   Database
+-   Cache
+
+With our deployment, that means you get four different containers because they each run one of those four services.
+
+### Why you should use one container per _service_
+
+At the point where you need to scale, or need High Availability, having different processes in separate containers enables horizontal scaling. Because of how authentik deploys, if we need to handle more traffic we can scale up to 50 servers, rather than having to scale up _everything_. This wouldn’t work if all those components were all bundled together.
+
+Additionally, if you’re using a container orchestrator (whether that’s Kubernetes or something simpler like [Docker Compose](https://goauthentik.io/docs/installation/docker-compose)), if it’s all bundled together, the orchestrator can’t distinguish between components because they’re all in the black box of your container.
+
+Say you want to start up processes in a specific order. This isn’t possible if they’re in a single container (unless you rebuild the entire image). If those processes are separate, you can just tell Docker Compose to start them up in the order you want, or you can run specific components on specific servers.
+
+Of course, your application architecture and deployment model need to support this setup, which is why it’s critical to think about these things when you’re starting out. If you’re reading this and thinking, I have a small-scale, hobby project, this doesn’t apply to me—let me put it this way: you will never regret setting things up the “right” way. It’s not going to come back to bite you if your situation changes later. It also gives users who install the application a lot more freedom and flexibility in how _they_ want to run it.
+
+## Mistake #2: Installing things at runtime
+
+Your container image should be complete in itself: it should contain all code and dependencies—everything it needs to run. This is the point of a container—it’s self contained.
+
+I’ve seen people set up their container to download an application from the vendor and install it into the container on startup. While this does work, what happens if you don’t have internet access? What if the vendor shut down and that URL now points to a malicious bit of code?
+
+If you have 100 instances downloading files at startup (or end up scaling to that point), this can lead to rate limiting, failed downloads, or your internet connection getting saturated—it’s just inefficient and causes problems that can be avoided.
+
+### Also, don’t use :latest
+
+This leads me to a different but related bad practice: using the `:latest` tag. It’s a common pitfall for folks who use containers but don’t necessarily build them themselves.
+
+It’s easy to get started with the `:latest` tag and it’s understandable to want the latest version without having to go into files and manually edit everything. But what can happen is that you update and suddenly it’s pointing to a new version and breaking things.
+
+I’ve seen this happen where you’re just running something on a local server and your disk is full, so you empty out your Docker images. The next time you pull, it’s with a new version which now no longer works and you’re stuck trying to figure out what version you were on before.
+
+### Instead: Pin your dependencies
+
+You should be pinning your dependencies to a specific version, and updating to newer versions intentionally rather than by default.
+
+The most reliable way to do this is with a process called GitOps:
+
+-   In the context of Kubernetes, all the YAML files you deploy with Kubernetes are stored in the central Git repository.
+-   You have software in your Kubernetes cluster that automatically pulls the files from your Git repo and installs them into the cluster.
+-   Then you can use a tool like [Dependabot](https://github.com/dependabot) or [Renovate](https://github.com/renovatebot/renovate) to automatically create PRs with a new version (if there is one) so you can test and approve it, and it’s all captured in your Git history.
+
+GitOps might be a bit excessive if you’re only running a small hobby project on a single server, but in any case you should still pin a version.
+
+For a long time, authentik purposefully didn’t have a `:latest` tag, because people would use it inadvertently (sometimes not realizing they had an auto-updater running). Suddenly something wouldn’t work and there wasn’t really a way to downgrade.
+
+We have since added it due to popular request. This is how authentik’s version tags work:
+
+-   Our version number is 3 digits reflecting the date of the release, so the latest currently is [2023.10.1](https://goauthentik.io/docs/releases/2023.10).
+    -   You can either use 2023.10.1 as the tag, pinning to that specific version
+    -   You can pin to 2023.10, which you means that you always get the latest patch version, or
+    -   You can use 2023, which means you always get the latest version within that year.
+
+The principle is roughly the same with any project using [SemVer](https://semver.org/): you could just lock to v1, which means you get the latest v1 with all minor patches and fixes, without breaking updates. Then you switch to v2 when you’re ready.
+
+With this approach you are putting some trust in the developer not to publish any breaking changes with the wrong version number (but you’re technically always putting trust in some developer when using someone else’s software!).
+
+## Mistake #3: Writing logs to files instead of stdout
+
+This is another issue on the infrastructure side that mainly happens when you put legacy applications into containers. It used to be standard that applications put their log output into a file, and you’d probably have a system daemon set up to rotate those files and archive the old ones. This was great when everything ran on the same server without containers.
+
+A lot of software still logs to files by default, but this makes collecting and aggregating your services logs much harder. Docker (and containers in general) expect that you log to standard output so your orchestration platform can route the logs to your monitoring tool of choice.
+
+Docker puts the logs into a JSON file that it can read itself and see the timestamps and which container the log refers to. You can set up log forwarding with both Docker and Kubernetes. If you have a central logging server, the plugin gets the standard output of a container and sends it to that server.
+
+Not logging to `stdout` just makes it harder for everyone, including making it harder to debug: Instead of just running `docker logs` + the name of the container, you need to `exec` into the container, go to find the files, then look at the files to start debugging.
+
+### This bad practice is arguably the easiest one to work around
+
+As an engineer you can easily redirect the logs back from a file into the standard output, but there’s no real reason not to do it the “correct” way.
+
+There aren’t many use cases where there’s an advantage to writing your logs directly to a file instead of stdout—in fact the main one is for when you’re making the first mistake (having your whole application in one container)! If you’re running multiple services in one container, then you’ll have logs from multiple different processes in one place, which _could_ be easier to work with in a file vs stdout.
+
+Even if you specifically want your logs to exist in a file, by default if you run `docker logs` it just reads a JSON file that it adds the logs to, so you’re not losing anything by logging to stdout. You can configure Docker to just put the logs into a plain text file wherever you want to.
+
+It’s a little simplistic, but I’d encourage you to check out [The Twelve-Factor App](https://12factor.net/) which outlines good practices for making software that’s easy to run.
+
+Are you doing containers differently and is it working for you? Let us know in the comments, or send us an email at hello@goauthentik.io!

From a72b36d94d4f1cc90689aca18f4e24a4dc155cef Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 27 Oct 2023 11:12:52 +0200
Subject: [PATCH 29/38] core: bump pydantic-scim from 0.0.7 to 0.0.8 (#7336)

Bumps [pydantic-scim](https://chalk.ai) from 0.0.7 to 0.0.8.

---
updated-dependencies:
- dependency-name: pydantic-scim
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 poetry.lock    | 8 ++++----
 pyproject.toml | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/poetry.lock b/poetry.lock
index 9ef4a0f9f..7172c6a9a 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -2780,13 +2780,13 @@ typing-extensions = ">=4.6.0,<4.7.0 || >4.7.0"
 
 [[package]]
 name = "pydantic-scim"
-version = "0.0.7"
+version = "0.0.8"
 description = "Pydantic types for SCIM"
 optional = false
 python-versions = ">=3.8.0"
 files = [
-    {file = "pydantic-scim-0.0.7.tar.gz", hash = "sha256:bc043da51c346051dfd372f12d1837c0846b815236340156d663a8514cba5761"},
-    {file = "pydantic_scim-0.0.7-py3-none-any.whl", hash = "sha256:058eb195f75ef32d04eaf6369c125d5fb7052891694686f8e55e04d184ab1360"},
+    {file = "pydantic-scim-0.0.8.tar.gz", hash = "sha256:b6c62031126e8c54f0fc7df837678e63934a5b068533fc52e5dfb6cfc24d59e9"},
+    {file = "pydantic_scim-0.0.8-py3-none-any.whl", hash = "sha256:407b3bf55240947155c77a6dd839881d63368c61d64076d6b167ef124ceac79a"},
 ]
 
 [package.dependencies]
@@ -4332,4 +4332,4 @@ files = [
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.11"
-content-hash = "e6b1df989cb5c50609540c1229d05d8458ef1cc343fb5868402db8b7679ad73c"
+content-hash = "2fc746976187f4674f04575cffd6a367744723bf78c356b6951c2370bc47ceae"
diff --git a/pyproject.toml b/pyproject.toml
index 0de02d7c3..14c2dd09d 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -152,7 +152,7 @@ paramiko = "*"
 psycopg = { extras = ["c"], version = "*" }
 pycryptodome = "*"
 pydantic = "<3.0.0"
-pydantic-scim = "^0.0.7"
+pydantic-scim = "^0.0.8"
 pyjwt = "*"
 python = "^3.11"
 pyyaml = "*"

From 7a3d92ffdbd84dcc6906f4bc74be56e2680aec44 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 27 Oct 2023 11:13:01 +0200
Subject: [PATCH 30/38] core: bump ruff from 0.1.2 to 0.1.3 (#7335)

Bumps [ruff](https://github.com/astral-sh/ruff) from 0.1.2 to 0.1.3.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.1.2...v0.1.3)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 poetry.lock | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/poetry.lock b/poetry.lock
index 7172c6a9a..473a95429 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -3374,28 +3374,28 @@ pyasn1 = ">=0.1.3"
 
 [[package]]
 name = "ruff"
-version = "0.1.2"
+version = "0.1.3"
 description = "An extremely fast Python linter, written in Rust."
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "ruff-0.1.2-py3-none-macosx_10_7_x86_64.whl", hash = "sha256:0d3ee66b825b713611f89aa35d16de984f76f26c50982a25d52cd0910dff3923"},
-    {file = "ruff-0.1.2-py3-none-macosx_10_9_x86_64.macosx_11_0_arm64.macosx_10_9_universal2.whl", hash = "sha256:f85f850a320ff532b8f93e8d1da6a36ef03698c446357c8c43b46ef90bb321eb"},
-    {file = "ruff-0.1.2-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:809c6d4e45683696d19ca79e4c6bd3b2e9204fe9546923f2eb3b126ec314b0dc"},
-    {file = "ruff-0.1.2-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:46005e4abb268e93cad065244e17e2ea16b6fcb55a5c473f34fbc1fd01ae34cb"},
-    {file = "ruff-0.1.2-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:10cdb302f519664d5e2cf954562ac86c9d20ca05855e5b5c2f9d542228f45da4"},
-    {file = "ruff-0.1.2-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:f89ebcbe57a1eab7d7b4ceb57ddf0af9ed13eae24e443a7c1dc078000bd8cc6b"},
-    {file = "ruff-0.1.2-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:7344eaca057d4c32373c9c3a7afb7274f56040c225b6193dd495fcf69453b436"},
-    {file = "ruff-0.1.2-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:dffa25f6e03c4950b6ac6f216bc0f98a4be9719cb0c5260c8e88d1bac36f1683"},
-    {file = "ruff-0.1.2-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:42ddaea52cb7ba7c785e8593a7532866c193bc774fe570f0e4b1ccedd95b83c5"},
-    {file = "ruff-0.1.2-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:a8533efda625bbec0bf27da2886bd641dae0c209104f6c39abc4be5b7b22de2a"},
-    {file = "ruff-0.1.2-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:b0b1b82221ba7c50e03b7a86b983157b5d3f4d8d4f16728132bdf02c6d651f77"},
-    {file = "ruff-0.1.2-py3-none-musllinux_1_2_i686.whl", hash = "sha256:6c1362eb9288f8cc95535294cb03bd4665c8cef86ec32745476a4e5c6817034c"},
-    {file = "ruff-0.1.2-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:ffa7ef5ded0563329a35bd5a1cfdae40f05a75c0cc2dd30f00b1320b1fb461fc"},
-    {file = "ruff-0.1.2-py3-none-win32.whl", hash = "sha256:6e8073f85e47072256e2e1909f1ae515cf61ff5a4d24730a63b8b4ac24b6704a"},
-    {file = "ruff-0.1.2-py3-none-win_amd64.whl", hash = "sha256:b836ddff662a45385948ee0878b0a04c3a260949905ad861a37b931d6ee1c210"},
-    {file = "ruff-0.1.2-py3-none-win_arm64.whl", hash = "sha256:b0c42d00db5639dbd5f7f9923c63648682dd197bf5de1151b595160c96172691"},
-    {file = "ruff-0.1.2.tar.gz", hash = "sha256:afd4785ae060ce6edcd52436d0c197628a918d6d09e3107a892a1bad6a4c6608"},
+    {file = "ruff-0.1.3-py3-none-macosx_10_7_x86_64.whl", hash = "sha256:b46d43d51f7061652eeadb426a9e3caa1e0002470229ab2fc19de8a7b0766901"},
+    {file = "ruff-0.1.3-py3-none-macosx_10_9_x86_64.macosx_11_0_arm64.macosx_10_9_universal2.whl", hash = "sha256:b8afeb9abd26b4029c72adc9921b8363374f4e7edb78385ffaa80278313a15f9"},
+    {file = "ruff-0.1.3-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ca3cf365bf32e9ba7e6db3f48a4d3e2c446cd19ebee04f05338bc3910114528b"},
+    {file = "ruff-0.1.3-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:4874c165f96c14a00590dcc727a04dca0cfd110334c24b039458c06cf78a672e"},
+    {file = "ruff-0.1.3-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:eec2dd31eed114e48ea42dbffc443e9b7221976554a504767ceaee3dd38edeb8"},
+    {file = "ruff-0.1.3-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:dc3ec4edb3b73f21b4aa51337e16674c752f1d76a4a543af56d7d04e97769613"},
+    {file = "ruff-0.1.3-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:2e3de9ed2e39160800281848ff4670e1698037ca039bda7b9274f849258d26ce"},
+    {file = "ruff-0.1.3-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:1c595193881922cc0556a90f3af99b1c5681f0c552e7a2a189956141d8666fe8"},
+    {file = "ruff-0.1.3-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0f75e670d529aa2288cd00fc0e9b9287603d95e1536d7a7e0cafe00f75e0dd9d"},
+    {file = "ruff-0.1.3-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:76dd49f6cd945d82d9d4a9a6622c54a994689d8d7b22fa1322983389b4892e20"},
+    {file = "ruff-0.1.3-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:918b454bc4f8874a616f0d725590277c42949431ceb303950e87fef7a7d94cb3"},
+    {file = "ruff-0.1.3-py3-none-musllinux_1_2_i686.whl", hash = "sha256:d8859605e729cd5e53aa38275568dbbdb4fe882d2ea2714c5453b678dca83784"},
+    {file = "ruff-0.1.3-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:0b6c55f5ef8d9dd05b230bb6ab80bc4381ecb60ae56db0330f660ea240cb0d4a"},
+    {file = "ruff-0.1.3-py3-none-win32.whl", hash = "sha256:3e7afcbdcfbe3399c34e0f6370c30f6e529193c731b885316c5a09c9e4317eef"},
+    {file = "ruff-0.1.3-py3-none-win_amd64.whl", hash = "sha256:7a18df6638cec4a5bd75350639b2bb2a2366e01222825562c7346674bdceb7ea"},
+    {file = "ruff-0.1.3-py3-none-win_arm64.whl", hash = "sha256:12fd53696c83a194a2db7f9a46337ce06445fb9aa7d25ea6f293cf75b21aca9f"},
+    {file = "ruff-0.1.3.tar.gz", hash = "sha256:3ba6145369a151401d5db79f0a47d50e470384d0d89d0d6f7fab0b589ad07c34"},
 ]
 
 [[package]]

From 1c32c9e06d91af05e0e9d60bf237bdb7e22a0578 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 27 Oct 2023 11:13:14 +0200
Subject: [PATCH 31/38] core: bump goauthentik.io/api/v3 from 3.2023083.10 to
 3.2023101.1 (#7334)

Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2023083.10 to 3.2023101.1.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2023083.10...v3.2023101.1)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 11bcc47d9..fdc8ea902 100644
--- a/go.mod
+++ b/go.mod
@@ -27,7 +27,7 @@ require (
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.7.0
 	github.com/stretchr/testify v1.8.4
-	goauthentik.io/api/v3 v3.2023083.10
+	goauthentik.io/api/v3 v3.2023101.1
 	golang.org/x/exp v0.0.0-20230210204819-062eb4c674ab
 	golang.org/x/oauth2 v0.13.0
 	golang.org/x/sync v0.4.0
diff --git a/go.sum b/go.sum
index 3b404b83a..4fe2645e5 100644
--- a/go.sum
+++ b/go.sum
@@ -355,8 +355,8 @@ go.opentelemetry.io/otel/trace v1.14.0 h1:wp2Mmvj41tDsyAJXiWDWpfNsOiIyd38fy85pyK
 go.opentelemetry.io/otel/trace v1.14.0/go.mod h1:8avnQLK+CG77yNLUae4ea2JDQ6iT+gozhnZjy/rw9G8=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
-goauthentik.io/api/v3 v3.2023083.10 h1:mMCOfsqjouSSxedSkCK4k0Cwtt68CWzQgR7Um6ooOQs=
-goauthentik.io/api/v3 v3.2023083.10/go.mod h1:zz+mEZg8rY/7eEjkMGWJ2DnGqk+zqxuybGCGrR2O4Kw=
+goauthentik.io/api/v3 v3.2023101.1 h1:KIQ4wmxjE+geAVB0wBfmxW9Uzo/tA0dbd2hSUJ7YJ3M=
+goauthentik.io/api/v3 v3.2023101.1/go.mod h1:zz+mEZg8rY/7eEjkMGWJ2DnGqk+zqxuybGCGrR2O4Kw=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=

From 970848100565d97aeecfe79ac00d6df3c76a4e78 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 27 Oct 2023 11:13:27 +0200
Subject: [PATCH 32/38] core: bump github.com/google/uuid from 1.3.1 to 1.4.0
 (#7333)

Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.1 to 1.4.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.3.1...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index fdc8ea902..f472bf97a 100644
--- a/go.mod
+++ b/go.mod
@@ -12,7 +12,7 @@ require (
 	github.com/go-openapi/runtime v0.26.0
 	github.com/go-openapi/strfmt v0.21.7
 	github.com/golang-jwt/jwt v3.2.2+incompatible
-	github.com/google/uuid v1.3.1
+	github.com/google/uuid v1.4.0
 	github.com/gorilla/handlers v1.5.1
 	github.com/gorilla/mux v1.8.0
 	github.com/gorilla/securecookie v1.1.1
diff --git a/go.sum b/go.sum
index 4fe2645e5..78e06b582 100644
--- a/go.sum
+++ b/go.sum
@@ -211,8 +211,9 @@ github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hf
 github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
 github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4=
+github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=

From ae4d5a30f21559d69f8172542732a34110e431ce Mon Sep 17 00:00:00 2001
From: Jens L 
Date: Fri, 27 Oct 2023 11:39:39 +0200
Subject: [PATCH 33/38] web/admin: fix role form reacting to enter (#7330)

Signed-off-by: Jens Langhammer 
---
 web/src/admin/roles/RoleForm.ts |   18 +-
 web/xliff/de.xlf                |   18 +-
 web/xliff/en.xlf                |   18 +-
 web/xliff/es.xlf                |   18 +-
 web/xliff/fr.xlf                | 2989 +++++++++++++++----------------
 web/xliff/pl.xlf                |   18 +-
 web/xliff/pseudo-LOCALE.xlf     |   20 +-
 web/xliff/tr.xlf                |   18 +-
 web/xliff/zh-Hans.xlf           |   66 +-
 web/xliff/zh-Hant.xlf           |   18 +-
 web/xliff/zh_TW.xlf             |   18 +-
 11 files changed, 1631 insertions(+), 1588 deletions(-)

diff --git a/web/src/admin/roles/RoleForm.ts b/web/src/admin/roles/RoleForm.ts
index 48b886b82..7d4778469 100644
--- a/web/src/admin/roles/RoleForm.ts
+++ b/web/src/admin/roles/RoleForm.ts
@@ -42,15 +42,13 @@ export class RoleForm extends ModelForm {
     }
 
     renderForm(): TemplateResult {
-        return html`
- - - -
`; + return html` + + `; } } diff --git a/web/xliff/de.xlf b/web/xliff/de.xlf index 60f3b1aaf..1e95e6975 100644 --- a/web/xliff/de.xlf +++ b/web/xliff/de.xlf @@ -5798,12 +5798,6 @@ Bindings to groups/users are checked against the user of the event. For transparent reverse proxies with required authentication - - For nginx's auth_request or traefik's forwardAuth - - - For nginx's auth_request or traefik's forwardAuth per root domain - Configure SAML provider manually @@ -6031,6 +6025,18 @@ Bindings to groups/users are checked against the user of the event. <No name set> + + + For nginx's auth_request or traefik's forwardAuth + + + For nginx's auth_request or traefik's forwardAuth per root domain + + + RBAC is in preview. + + + User type used for newly created users. diff --git a/web/xliff/en.xlf b/web/xliff/en.xlf index c62336b17..586eba0c0 100644 --- a/web/xliff/en.xlf +++ b/web/xliff/en.xlf @@ -6079,12 +6079,6 @@ Bindings to groups/users are checked against the user of the event. For transparent reverse proxies with required authentication - - For nginx's auth_request or traefik's forwardAuth - - - For nginx's auth_request or traefik's forwardAuth per root domain - Configure SAML provider manually @@ -6312,6 +6306,18 @@ Bindings to groups/users are checked against the user of the event. <No name set> + + + For nginx's auth_request or traefik's forwardAuth + + + For nginx's auth_request or traefik's forwardAuth per root domain + + + RBAC is in preview. + + + User type used for newly created users. diff --git a/web/xliff/es.xlf b/web/xliff/es.xlf index d83f50117..b6d3cd312 100644 --- a/web/xliff/es.xlf +++ b/web/xliff/es.xlf @@ -5713,12 +5713,6 @@ Bindings to groups/users are checked against the user of the event. For transparent reverse proxies with required authentication - - For nginx's auth_request or traefik's forwardAuth - - - For nginx's auth_request or traefik's forwardAuth per root domain - Configure SAML provider manually @@ -5946,6 +5940,18 @@ Bindings to groups/users are checked against the user of the event. <No name set> + + + For nginx's auth_request or traefik's forwardAuth + + + For nginx's auth_request or traefik's forwardAuth per root domain + + + RBAC is in preview. + + + User type used for newly created users. diff --git a/web/xliff/fr.xlf b/web/xliff/fr.xlf index 222053997..fc8e3966d 100644 --- a/web/xliff/fr.xlf +++ b/web/xliff/fr.xlf @@ -1,1611 +1,1611 @@ - + English Anglais - + French Français - + Turkish Turque - + Spanish Espagnol - + Polish Polonais - + Taiwanese Mandarin Mandarin taïwanais - + Chinese (simplified) Chinois (simplifié) - + Chinese (traditional) Chinois (traditionnel) - + German Allemand - + Loading... Chargement en cours... - + Application Application - + Logins Connexions - + Show less Montrer moins - + Show more Montrer plus - + UID UID - + Name Nom - + App App - + Model Name Nom du modèle - + Message Message - + Subject Sujet - + From De - + To À - + Context Contexte - + User Utilisateur - + Affected model: Modèle affecté : - + Authorized application: Application autorisée : - + Using flow Utilisation du flux - + Email info: Information courriel : - + Secret: Secret : - + Open issue on GitHub... Ouvrir un ticket sur GitHub... - + Exception Exception - + Expression Expression - + Binding Liaison - + Request Requête - + Object Objet - + Result Résultat - + Passing Réussite - + Messages Messages - + Using source Utilisation de la source - + Attempted to log in as - Tentative de connexion en tant que + Tentative de connexion en tant que - + No additional data available. Aucune donnée additionnelle disponible. - + Click to change value Cliquer pour changer la valeur - + Select an object. Sélectionnez un objet. - + Loading options... Chargement des options... - + Connection error, reconnecting... Erreur de connexion, nouvelle tentative... - + Login Connexion - + Failed login Échec de la connexion - + Logout Déconnexion - + User was written to L'utilisateur a été écrit vers - + Suspicious request Requête suspecte - + Password set Mot de passe défini - + Secret was viewed Le secret a été vu - + Secret was rotated Rotation du secret effectuée - + Invitation used Invitation utilisée - + Application authorized Application autorisé - + Source linked Source liée - + Impersonation started Début de l'appropriation utilisateur - + Impersonation ended Fin de l'appropriation utilisateur - + Flow execution Exécution du flux - + Policy execution Exécution de politique - + Policy exception Exception de politique - + Property Mapping exception Erreur de mappage de propriété - + System task execution Exécution de tâche système - + System task exception Erreur de tâche système - + General system exception Exception générale du systèm - + Configuration error Erreur de configuration - + Model created Modèle créé - + Model updated Modèle mis à jour - + Model deleted Modèle supprimé - + Email sent Courriel envoyé - + Update available Mise à jour disponibl - + Unknown severity Sévérité inconnue - + Alert Alerte - + Notice Note - + Warning Avertissement - + no tabs defined aucun onglet défini - + - of - - + - sur - + Go to previous page Aller à la page précédente - + Go to next page Aller à la page suivante - + Search... Rechercher... - + Loading Chargement en cours - + No objects found. Aucun objet trouvé. - + Failed to fetch objects. Impossible de récupérer les objets. - + Refresh Rafraîchir - + Select all rows Sélectionner toutes les lignes - + Action Action - + Creation Date Date de création - + Client IP Adresse IP client - + Tenant Tenant - + Recent events Événements récents - + On behalf of - Au nom de + Au nom de - + - - - + No Events found. Aucun événement trouvé. - + No matching events could be found. Aucun événement correspondant n'a été trouvé. - + Embedded outpost is not configured correctly. L'avant poste intégré n'est pas configuré correctement - + Check outposts. Vérifier les avant-postes. - + HTTPS is not detected correctly HTTP n'est pas détecté correctement - + Server and client are further than 5 seconds apart. Le serveur et le client sont distants de plus de 5 secondes - + OK OK - + Everything is ok. Tout va bien. - + System status Statut du système - + Based on - Basé sur + Basé sur - + is available! est disponible ! - + Up-to-date! À jour ! - + Version Version - + Workers Workers - + No workers connected. Background tasks will not run. Aucun worker connecté. Les tâches de fond ne tourneront pas. - + hour(s) ago Il y a heure(s) - + day(s) ago Il y a jour(s) - + Authorizations Autorisations - + Failed Logins Connexions échouées - + Successful Logins Connexions réussies - + : - : + : - + Cancel Annuler - + LDAP Source Source LDAP - + SCIM Provider Fournisseur SCIM - + Healthy Sain - + Healthy outposts Avant-postes sains - + Admin Administrateur - + Not found Pas trouvé - + - The URL "" was not found. - L'URL " - " n'a pas été trouvée. - + The URL "" was not found. + L'URL " + " n'a pas été trouvée. + Return home Retourner à l’accueil - + General system status État général du système - + Welcome, . - Bienvenue, + Bienvenue, . - + Quick actions Actions rapides - + Create a new application Créer une nouvelle application - + Check the logs Vérifiez les journaux - + Explore integrations Explorer les intégrations - + Manage users Gérer les utilisateurs - + Outpost status Statut de l'avant-poste - + Sync status Synchroniser les statuts - + Logins and authorizations over the last week (per 8 hours) Connexions et autorisations au cours de la dernière semaine (par 8 heures) - + Apps with most usage Apps les plus utilisées - + days ago il y a jours - + Objects created Objets créés - + Users created per day in the last month Utilisateurs créés par jour durant le mois dernier - + Logins per day in the last month Connections par jour le mois dernier - + Failed Logins per day in the last month Connexions échouées par jour au cours du dernier mois - + Clear search Vider la recherche - + System Tasks Tâches du système - + Long-running operations which authentik executes in the background. Opérations de longue durée qu'authentik exécute en arrière-plan. - + Identifier Identifiant - + Description Description - + Last run Dernière exécution - + Status Statut - + Actions Actions - + Successful Réussite - + Error Erreur - + Unknown Inconnu - + Duration Durée - + seconds secondes - + Authentication Authentification - + Authorization Authorisation - + Enrollment Inscription - + Invalidation Invalidation - + Recovery Récupération - + Stage Configuration Configuration de l'étape - + Unenrollment Désinscription - + Unknown designation Désignation inconnue - + Stacked Empilé - + Content left Contenu gauche - + Content right Contenu droit - + Sidebar left Sidebar gauche - + Sidebar right Sidebar droite - + Unknown layout Disposition inconnue - + Successfully updated provider. Fournisseur mis à jour avec succès - + Successfully created provider. Fournisseur créé avec succès - + Bind flow Lier un flux - + Flow used for users to authenticate. Flux utilisé pour que les utilisateurs s'authentifient - + Search group Rechercher un groupe - + Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. Les utilisateurs de ce groupe peuvent effectuer des recherches. Si aucun groupe n'est sélectionné, aucune recherche LDAP n'est autorisée. - + Bind mode Lier un mode - + Cached binding Liaison en cache - + Flow is executed and session is cached in memory. Flow is executed when session expires Le flux est exécuté et la session est mise en cache en mémoire. Le flux est exécuté lorsque la session expire - + Direct binding Liaison directe - + Always execute the configured bind flow to authenticate the user Toujours exécuter la liaison de flux configurée pour authentifier l'utilisateur - + Configure how the outpost authenticates requests. Configure comment les avant-postes authentifient les requêtes. - + Search mode Mode de Recherche - + Cached querying Requête en cache - + The outpost holds all users and groups in-memory and will refresh every 5 Minutes L'avant-poste conserve tous les utilisateurs et groupes en mémoire et se rafraîchira toutes les 5 minutes. - + Direct querying Requête directe - + Always returns the latest data, but slower than cached querying Fournit toujours les données les plus récentes, mais plus lent que les recherches en cache. - + Configure how the outpost queries the core authentik server's users. Configure comment les avant-postes requêtent les utilisateurs du serveur cœur d’authentik. - + Protocol settings Paramètres du protocole - + Base DN DN racine - + LDAP DN under which bind requests and search requests can be made. DN LDAP avec lequel les connexions et recherches sont effectuées. - + Certificate Certificat - + UID start number Numéro de départ d'UID - + The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber Ce nombre est ajouté au nombre généré à partir de user.Pk pour s'assurer que ceux-ci ne sont pas trop bas pour les utilisateurs POSIX. La valeur par défaut est 2000 pour éviter des collisions avec les uidNumber des utilisateurs locaux. - + GID start number Numéro de départ du GID - + The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber Ce nombre est ajouté au nombre généré à partir de group.Pk pour s'assurer que ceux-ci ne sont pas trop bas pour les groupes POSIX. La valeur par défaut est 4000 pour éviter des collisions avec les groupes locaux ou les groupes primaires. - + (Format: hours=-1;minutes=-2;seconds=-3). (Format : hours=-1;minutes=-2;seconds=-3). - + (Format: hours=1;minutes=2;seconds=3). (Format : hours=1;minutes=2;seconds=3). - + The following keywords are supported: Les mots clés suivants sont supportés : - + Authentication flow Flux d'authentification - + Flow used when a user access this provider and is not authenticated. Flux utilisé lorsqu'un utilisateur accède à ce fournisseur et n'est pas authentifié. - + Authorization flow Flux d'autorisation - + Flow used when authorizing this provider. Flux utilisé lors de l'autorisation de ce fournisseur. - + Client type Type du client - + Confidential Confidentiel - + Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets Les clients confidentiels sont capables de préserver la confidentialité de leurs données d'identification, telles que les secrets du client. - + Public Public - + Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. Les clients publics sont incapables de maintenir la confidentialité et devraient utiliser des méthodes comme le PKCE. - + Client ID ID client - + Client Secret Secret du client - + Redirect URIs/Origins (RegEx) URI/Origines de redirection (RegEx) - + Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. URLs de redirection autorisées après un flux d'autorisation réussi. Indiquez également toute origine ici pour les flux implicites. - + If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. Si aucune URI de redirection explicite n'est spécifiée, la première URI de redirection utilisée avec succès sera enregistrée. - + - To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. - Pour permettre n'importe quelle URI de redirection, définissez cette valeur sur ".*". Soyez conscient des possibles implications de sécurité que cela peut avoir. - + To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. + Pour permettre n'importe quelle URI de redirection, définissez cette valeur sur ".*". Soyez conscient des possibles implications de sécurité que cela peut avoir. + Signing Key Clé de signature - + Key used to sign the tokens. Clé utilisée pour signer les jetons. - + Advanced protocol settings Paramètres avancés du protocole - + Access code validity Validité du code d'accès - + Configure how long access codes are valid for. Configure la durée de validité des codes d'accès. - + Access Token validity Validité du jeton d'accès - + Configure how long access tokens are valid for. Configure la durée de validité des jetons d'accès. - + Refresh Token validity Validité du jeton de rafraîchissement - + Configure how long refresh tokens are valid for. Configurer la durée de validité des jetons de rafraîchissement. - + Scopes Portées - + Select which scopes can be used by the client. The client still has to specify the scope to access the data. Sélectionnez les portées utilisables par le client. Le client doit toujours spécifier la portée pour accéder aux données. - + Hold control/command to select multiple items. Garder ctrl/command enfoncé pour sélectionner de multiples éléments - + Subject mode Mode subject - + Based on the User's hashed ID Basé sur l'identifiant haché de l'utilisateur - + Based on the User's ID Basé sur l'identifiant de l'utilisateur - + Based on the User's UUID Basé sur l'UUID de l'utilisateur - + Based on the User's username Basé sur le nom d'utilisateur - + Based on the User's Email Basé sur l'adresse courriel de l'utilisateur - + This is recommended over the UPN mode. Ceci est recommandé par rapport au mode UPN. - + Based on the User's UPN Basé sur l'UPN de l'utilisateur. - + Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. Cela exige que l'utilisateur possède un attribut 'UPN' défini, sinon en dernier recours il utilise l'ID haché de l'utilisateur. Utilisez ce mode seulement si vous avez un domaine courriel différent de l'UPN. - + Configure what data should be used as unique User Identifier. For most cases, the default should be fine. Configure quelle donnée utiliser pour l'identifiant unique utilisateur. La valeur par défaut devrait être correcte dans la plupart des cas. - + Include claims in id_token Include les demandes utilisateurs dans id_token - + Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. Inclure depuis la portée les demandes utilisateurs dans id_token, pour les applications qui n'accèdent pas au point de terminaison userinfo. - + Issuer mode Mode de l'émetteur - + Each provider has a different issuer, based on the application slug Chaque fournisseur a un émetteur différent, basé sur le slug de l'application. - + Same identifier is used for all providers Le même identifiant est utilisé pour tous les fournisseurs - + Configure how the issuer field of the ID Token should be filled. Configure comment le champ émetteur du jeton ID sera rempli. - + Machine-to-Machine authentication settings Paramètres d'authentification machine à machine - + Trusted OIDC Sources Sources OIDC de confiance - + JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. Les JWT signés par des certificats configurés par les sources sélectionnées peuvent être utilisés pour s'authentifier auprès de ce fournisseur. - + HTTP-Basic Username Key Clé de l'utilisateur HTTP-Basic - + User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. Attribut d'utilisateur/groupe utilisé pour le champ utilisateur de l'en-tête HTTP-Basic. S'il n'est pas défini, le courriel de l'utilisateur est utilisée. - + HTTP-Basic Password Key Clé du mot de passe HTTP-Basic - + User/Group Attribute used for the password part of the HTTP-Basic Header. Attribut d'utilisateur/groupe utilisé pour la champ mot de passe de l'en-tête HTTP-Basic. - + Proxy Proxy - + Forward auth (single application) Transférer l'authentification (application unique) - + Forward auth (domain level) Transférer l'authentification (niveau domaine) - + This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. Ce fournisseur se comporte comme un reverse-proxy transparent, sauf que les demandes doivent être authentifiées. Si votre application en amont utilise HTTPS, assurez-vous de vous connecter à l'avant-poste en utilisant également HTTPS. - + External host Hôte externe - + The external URL you'll access the application at. Include any non-standard port. L'URL externe par laquelle vous accéderez à l'application. Incluez un port non-standard si besoin. - + Internal host Hôte interne - + Upstream host that the requests are forwarded to. Hôte amont où transférer les requêtes. - + Internal host SSL Validation Validation SSL de l'hôte interne - + Validate SSL Certificates of upstream servers. Valider les certificats SSL des serveurs amonts. - + Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. Utilisez ce fournisseur avec auth_request de nginx ou forwardAuth de traefik. Un seul fournisseur est nécessaire par domaine racine. Vous ne pouvez pas faire d'autorisation par application, mais vous n'avez pas besoin de créer un fournisseur pour chaque application. - + An example setup can look like this: Un exemple de configuration peut ressembler à ceci : - + authentik running on auth.example.com authentik en cours d'exécution sur auth.example.com - + app1 running on app1.example.com app1 en cours d'exécution sur app1.example.com - + In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. Dans ce cas, vous devez définir l'URL d'authentification sur auth.example.com et le domaine des cookies sur example.com. - + Authentication URL URL d'authentification - + The external URL you'll authenticate at. The authentik core server should be reachable under this URL. L'URL externe à laquelle vous allez vous authentifier. Le serveur authentik core devrait être accessible à cette URL. - + Cookie domain Domaine des cookies - + Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. Définissez ceci sur le domaine pour lequel vous souhaitez que l'authentification soit valide. Il doit être un domaine parent de l'URL ci-dessus. Si vous exécutez des applications sous app1.domain.tld, app2.domain.tld, définissez ceci sur 'domain.tld'. - + Unknown proxy mode Mode proxy inconnu - + Token validity Validité du jeton - + Configure how long tokens are valid for. Configure la durée de validité des jetons d'accès. - + Additional scopes Portées additionnelles - + Additional scope mappings, which are passed to the proxy. Mappages de portée additionnelle, qui sont passés au proxy. - + Unauthenticated URLs URLs non-authentifiés - + Unauthenticated Paths Chemins non-authentifiés - + Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. Expressions régulières pour lesquelles l'authentification n'est pas requise. Chaque ligne est interprétée comme une nouvelle expression. - + When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. Lors de l'utilisation du mode proxy ou de l'authentification directe (application unique), le chemin d'accès à l'URL demandée est vérifié par rapport aux expressions régulières. Lors de l'utilisation de l'authentification directe (mode domaine), l'URL complète et le schéma est demandée et l'hôte est comparée aux expressions régulières. - + Authentication settings Paramètres d'authentification - + Intercept header authentication Intercepter l'en-tête d'authentification - + When enabled, authentik will intercept the Authorization header to authenticate the request. Lorsque cette option est activée, authentik intercepte l'en-tête Authorization pour authentifier la demande. - + Send HTTP-Basic Authentication Envoyer l'authentification HTTP-Basic - + Send a custom HTTP-Basic Authentication header based on values from authentik. Envoyer un en-tête d'authentification HTTP-Basic personnalisé basé sur les valeurs de authentik. - + ACS URL ACS URL - + Issuer Émetteur - + Also known as EntityID. Également appelé EntityID. - + Service Provider Binding Liaison du fournisseur de services - + Redirect Redirection - + Post Appliquer - + Determines how authentik sends the response back to the Service Provider. Détermine comment authentik renvoie la réponse au fournisseur de services. - + Audience Audience - + Signing Certificate Certificat de signature - + Certificate used to sign outgoing Responses going to the Service Provider. Certificat utilisé pour signer les réponses sortantes vers le Service Provider. - + Verification Certificate Certificat de validation - + When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. Si activée, les signatures des assertions entrantes seront validées par rapport à ce certificat. Pour autoriser les requêtes non signées, laissez la valeur par défaut. - + Property mappings Mappages de propriété - + NameID Property Mapping Mappage de la propriété NameID - + Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. Configure la façon dont NameID sera créé. Si vide, la politique NameIDPolicy de la requête entrante sera appliquée. - + Assertion valid not before Assertion non valide avant - + Configure the maximum allowed time drift for an assertion. Configurer la durée maximale autorisée pour une assertion. - + Assertion valid not on or after Assertion non valide le ou après - + Assertion not valid on or after current time + this value. Assertion non valide à partir de l'heure actuelle + cette valeur. - + Session valid not on or after Session non valide à partir de - + Session not valid on or after current time + this value. Session non valide à partir de l'heure actuelle + cette valeur. - + Digest algorithm Algorithme d'empreinte - + Signature algorithm Algorithme de signature - + Successfully imported provider. Fournisseur importé avec succès - + Metadata Métadonnées - + Apply changes Appliquer les changements - + Close Fermer - + Finish Terminer - + Back Retour - + No form found Aucun formulaire trouvé - + Form didn't return a promise for submitting Le formulaire n'a pas retourné de promesse de soumission - + Select type Sélectionnez le type - + Try the new application wizard Essayez le nouvel l'assistant d'application - + The new application wizard greatly simplifies the steps required to create applications and providers. Le nouvel assistant d'application simplifie grandement les étapes nécessaires à la création d'applications et de fournisseurs. - + Try it now Essayer maintenant - + Create Créer - + New provider Nouveau fournisseur - + Create a new provider. Créer un nouveau fournisseur. - + Create Créer - + Shared secret Secret partagé - + Client Networks Réseaux du client - + List of CIDRs (comma-seperated) that clients can connect from. A more specific @@ -1616,104 +1616,104 @@ Il y a jour(s) URL URL - + SCIM base url, usually ends in /v2. URL de base SCIM, se termine généralement par /v2. - + Token Jeton - + Token to authenticate with. Currently only bearer authentication is supported. - Jeton d'authentification à utiliser. Actuellement, seule l'authentification "bearer authentication" est prise en charge. - + Jeton d'authentification à utiliser. Actuellement, seule l'authentification "bearer authentication" est prise en charge. + User filtering Filtrage utilisateurs - + Exclude service accounts Exclure les comptes de service - + Group Group - + Only sync users within the selected group. Synchroniser uniquement les utilisateurs appartenant au groupe sélectionné. - + Attribute mapping Mappage des attributs - + User Property Mappings Mappage des propriétés utilisateur - + Property mappings used to user mapping. Mappages de propriété utilisés pour la correspondance des utilisateurs. - + Group Property Mappings Mappage des propriétés de groupe - + Property mappings used to group creation. Mappages de propriétés utilisés lors de la création des groupe - + Not used by any other object. Pas utilisé par un autre objet. - + object will be DELETED l'objet sera SUPPRIMÉ - + connection will be deleted la connexion sera supprimée - + reference will be reset to default value la référence sera réinitialisée à sa valeur par défaut - + reference will be set to an empty value la référence sera réinitialisée à une valeur vide - + () - ( + ( ) - + ID ID - + Successfully deleted @@ -1721,16 +1721,16 @@ Il y a jour(s) Failed to delete : - Échec de la suppression - : + Échec de la suppression + : - + Delete - Supprimer + Supprimer - + Are you sure you want to delete ? @@ -1739,898 +1739,898 @@ Il y a jour(s) Delete Supprimer - + Providers Fournisseurs - + Provide support for protocols like SAML and OAuth to assigned applications. Assure la prise en charge de protocoles tels que SAML et OAuth aux applications attribuées. - + Type Type - + Provider(s) Fournisseur(s) - + Assigned to application Assigné à l'application - + Assigned to application (backchannel) Assigné à l'application (backchannel). - + Warning: Provider not assigned to any application. Avertissement : le fournisseur n'est assigné à aucune application. - + Update Mettre à jour - + Update - Mettre à jour + Mettre à jour - + Select providers to add to application Sélectionnez les fournisseurs à ajouter à l'application. - + Add Ajouter - + - Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". - Entrez une URL complète, un chemin relatif ou utilisez 'fa://fa-test' pour utiliser l'icône Font Awesome "fa-test". - + Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". + Entrez une URL complète, un chemin relatif ou utilisez 'fa://fa-test' pour utiliser l'icône Font Awesome "fa-test". + Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. Modèle de chemin pour les utilisateurs créés. Utilisez des espaces réservés comme `%(slug)s` pour insérer le slug de la source. - + Successfully updated application. Application mise à jour avec succès - + Successfully created application. Application créée avec succès - + Application's display Name. Nom d'affichage de l'application - + Slug Slug - + Optionally enter a group name. Applications with identical groups are shown grouped together. Optionnellement, entrez un nom de groupe. Les applications avec les mêmes groupes seront affichées ensemble. - + Provider Fournisseur - + Select a provider that this application should use. Sélectionnez un fournisseur que cette application doit utiliser. - + Select backchannel providers which augment the functionality of the main provider. Sélectionner des fournisseurs backchannel qui augmentent la fonctionnalité du fournisseur principal. - + Policy engine mode Mode d'application des politiques - + Any policy must match to grant access N'importe quelle politique doit correspondre pour accorder l'accès - + All policies must match to grant access Toutes les politiques doivent correspondre pour accorder l'accès - + UI settings Paramètres d'UI - + Launch URL URL de lancement - + If left empty, authentik will try to extract the launch URL based on the selected provider. Si laissé vide, authentik essaiera d'extraire l'URL de lancement en se basant sur le fournisseur sélectionné. - + Open in new tab Ouvrir dans un nouvel onglet - + If checked, the launch URL will open in a new browser tab or window from the user's application library. Si cette case est cochée, l'URL de lancement s'ouvrira dans un nouvel onglet ou une nouvelle fenêtre du navigateur à partir de la bibliothèque d'applications de l'utilisateur. - + Icon Icône - + Currently set to: Actuellement fixé à : - + Clear icon Supprimer l'icône - + Publisher Éditeur - + Create Application Créer une application - + Overview Vue d'ensemble - + Changelog Journal des modification - + Warning: Provider is not used by any Outpost. Attention : ce fournisseur n’est utilisé par aucun avant-poste. - + Assigned to application Assigné à l'application - + Update LDAP Provider Mettre à jour le fournisseur LDAP - + Edit Éditer - + How to connect Comment se connecter - + Connect to the LDAP Server on port 389: Se connecter au serveur LDAP sur le port 389 : - + Check the IP of the Kubernetes service, or Vérifier l'IP du service Kubernetes, ou - + The Host IP of the docker host L'IP de l'hôte de docker - + Bind DN Bind DN - + Bind Password Mot de passe - + Search base Base de recherche - + Preview Prévisualisation - + Warning: Provider is not used by an Application. Avertissement : Le fournisseur n'est pas utilisé par une application. - + Redirect URIs URIs de redirection - + Update OAuth2 Provider Mettre à jour le fournisseur OAuth2 - + OpenID Configuration URL URL de configuration OpenID - + OpenID Configuration Issuer Émetteur de la configuration OpenID - + Authorize URL URL d'authorisation - + Token URL URL du jeton - + Userinfo URL URL Userinfo - + Logout URL URL de déconnexion - + JWKS URL URL JWKS - + Example JWT payload (for currently authenticated user) Exemple de charge utile JWT (pour l'utilisateur actuellement authentifié) - + Forward auth (domain-level) Transférer l'authentification (niveau domaine) - + Nginx (Ingress) Nginx (Ingress) - + Nginx (Proxy Manager) Nginx (Proxy Manager) - + Nginx (standalone) Nginx (standalone) - + Traefik (Ingress) Traefik (Ingress) - + Traefik (Compose) Traefik (Compose) - + Traefik (Standalone) Traefik (Standalone) - + Caddy (Standalone) Caddy (Standalone) - + Internal Host Hôte interne - + External Host Hôte externe - + Basic-Auth Basic-Auth - + Yes Oui - + Mode Mode - + Update Proxy Provider Mettre à jour le fournisseur de Proxy - + Protocol Settings Paramètres du protocole - + Allowed Redirect URIs URIs de redirection autorisés - + Setup Configuration - + No additional setup is required. Aucune configuration supplémentaire n'est nécessaire. - + Update Radius Provider Mettre à jour le fournisseur Radius - + Download Télécharger - + Copy download URL Copier l'URL de téléchargement - + Download signing certificate Télécharger le certificat de signature - + Related objects Objets apparentés - + Update SAML Provider Mettre à jour le fournisseur SAML - + SAML Configuration Configuration SAML - + EntityID/Issuer EntitéID/Émetteur - + SSO URL (Post) URL SSO (Post) - + SSO URL (Redirect) URL SSO (Redirect) - + SSO URL (IdP-initiated Login) URL SSO (IdP-initiated Login) - + SLO URL (Post) URL SLO (Post) - + SLO URL (Redirect) URL SLO (Redirect) - + SAML Metadata Métadonnée SAML - + Example SAML attributes Exemple d'attributs SAML - + NameID attribute Attribut NameID - + Warning: Provider is not assigned to an application as backchannel provider. Avertissement : Le fournisseur n'est pas assigné à une application en tant que fournisseur backchannel. - + Update SCIM Provider Mettre à jour le fournisseur SCIM - + Sync not run yet. La synchronisation n'a pas encore été lancée. - + Run sync again Relancer la synchro - + Modern applications, APIs and Single-page applications. Applications modernes, API et applications à page unique. - + LDAP LDAP - + Provide an LDAP interface for applications and users to authenticate against. Fournir une interface LDAP permettant aux applications et aux utilisateurs de s'authentifier. - + New application Nouvelle application - + Applications Applications - + Provider Type Type de fournisseur - + Application(s) Application(s) - + Application Icon Icône d'application - + Update Application Mettre à jour l'application - + Successfully sent test-request. Requête-test envoyée avec succès - + Log messages Messages de Journal - + No log messages. Aucun message de journal. - + Active Actif - + Last login Dernière connexion - + Select users to add Sélectionnez les utilisateurs à ajouter - + Successfully updated group. Groupe mis à jour avec succès - + Successfully created group. Groupe créé avec succès - + Is superuser Est superutilisateur - + Users added to this group will be superusers. Les utilisateurs ajoutés à ce groupe seront des super-utilisateurs. - + Parent Parent - + Attributes Attributs - + Set custom attributes using YAML or JSON. Définissez des attributs personnalisés via YAML ou JSON. - + Successfully updated binding. Liaison mise à jour avec succès - + Successfully created binding. Liaison créée avec succès - + Policy Politique - + Group mappings can only be checked if a user is already logged in when trying to access this source. Les mappages de groupes ne peuvent être vérifiés que si un utilisateur est déjà connecté lorsqu'il essaie d'accéder à cette source. - + User mappings can only be checked if a user is already logged in when trying to access this source. Les mappages d'utilisateurs ne peuvent être vérifiés que si un utilisateur est déjà connecté lorsqu'il essaie d'accéder à cette source. - + Enabled Activé - + Negate result Inverser le résultat - + Negates the outcome of the binding. Messages are unaffected. Inverse le résultat de la liaison. Les messages ne sont pas affectés. - + Order Tri - + Timeout Timeout - + Successfully updated policy. Politique mise à jour avec succès - + Successfully created policy. Politique créée avec succès - + A policy used for testing. Always returns the same result as specified below after waiting a random duration. Une politique utilisée pour les tests. Retourne toujours la même valeur telle qu'indiquée ci-dessous après une attente aléatoire. - + Execution logging Journalisation de l'exécution - + When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. Si activée, toutes les exécutions de cette politique seront enregistrées. Par défaut, seules les erreurs d'exécution sont consignées. - + Policy-specific settings Paramètres spécifiques à la politique - + Pass policy? Réussir la politique ? - + Wait (min) Attente (min) - + The policy takes a random time to execute. This controls the minimum time it will take. La politique prend un certain temps à s'exécuter. Ceci contrôle la durée minimale. - + Wait (max) Attente (max) - + Matches an event against a set of criteria. If any of the configured values match, the policy passes. Fait correspondre un évènement à un certain nombre de critères. Si une des valeur configurée correspond, la politique réussit. - + Match created events with this action type. When left empty, all action types will be matched. Inclure les événements créés avec ce type d'action. S'il est laissé vide, tous les types d'action seront inclus. - + Matches Event's Client IP (strict matching, for network matching use an Expression Policy. Inclure l'adresse IP du client de l'évènement (correspondante stricte, pour un correspondance sur le réseau utiliser une politique d'expression) - + Match events created by selected application. When left empty, all applications are matched. Inclure les évènements créés par cette application. S'il est laissé vide, toutes les applications seront incluses. - + Checks if the request's user's password has been changed in the last x days, and denys based on settings. Vérifie si le mot de passe de l'usager a été changé dans les X derniers jours et refuse l'accès en fonction du paramétrage. - + Maximum age (in days) Âge maximum (en jours) - + Only fail the policy, don't invalidate user's password Seulement faire échouer la politique, ne pas invalider le mot de passe de l'utilisateur. - + Executes the python snippet to determine whether to allow or deny a request. Exécute le fragment de code python pour décider d'autoriser ou non la demande. - + Expression using Python. Expression en python - + See documentation for a list of all variables. Consultez la documentation pour la liste de toutes les variables. - + Static rules Règles Statiques - + Minimum length Longueur minimale - + Minimum amount of Uppercase Characters Nombre minimum de caractères majuscules - + Minimum amount of Lowercase Characters Nombre minimum de caractères minuscules - + Minimum amount of Digits Nombre minimum de chiffres - + Minimum amount of Symbols Characters Nombre minimum de symboles - + Error message Message d'erreur - + Symbol charset Set de symboles - + Characters which are considered as symbols. Caractères considérés comme des symboles. - + HaveIBeenPwned settings Paramètres de HaveIBeenPwned - + Allowed count Total autorisé - + Allow up to N occurrences in the HIBP database. Autoriser jusqu'à N occurrences dans la base de données HIBP - + zxcvbn settings Paramètres de zxcvbn - + Score threshold Seuil du score - + If the password's score is less than or equal this value, the policy will fail. Si le score du mot de passe est inférieur ou égal à cette valeur, la politique échoue. - + 0: Too guessable: risky password. (guesses < 10^3) 0: Trop prévisible: mot de passe risqué. (essais < 10^3) - + 1: Very guessable: protection from throttled online attacks. (guesses < 10^6) 1: Très prévisible: protection contre les attaques en ligne limitées. (essais < 10^6) - + 2: Somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8) 2: Quelque peu prévisible: protection contre les attaques en ligne non limitées. (essais < 10^8) - + 3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10) 3: Sûrement imprévisible: protection modérée contre les attaques de hash-lent hors ligne. (essais < 10^10) - + 4: Very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10) 4: Très imprévisible: forte protection control les attaques de hash-lent hors ligne. (essais >= 10^10) - + Checks the value from the policy request against several rules, mostly used to ensure password strength. Vérifie la valeur de la requête via plusieurs règles, principalement utilisé pour s'assurer de la robustesse des mots de passe. - + Password field Champ mot de passe - + Field key to check, field keys defined in Prompt stages are available. Clé de champ à vérifier ; les clés de champ définies dans les étapes de d'invite sont disponibles. - + Check static rules Vérifier les règles statiques - + Check haveibeenpwned.com Vérifier haveibeenpwned.com - + For more info see: Pour plus d'informations, voir : - + Check zxcvbn Vérifier zxcvbn - + Password strength estimator created by Dropbox, see: Estimateur de force de mot de passe créé par Dropbox, voir : - + Allows/denys requests based on the users and/or the IPs reputation. Autorise/bloque les requêtes selon la réputation de l'utilisateur et/ou de l'adresse IP - + Invalid login attempts will decrease the score for the client's IP, and the @@ -2645,782 +2645,782 @@ doesn't pass when either or both of the selected options are equal or above the Check IP Vérifier l'adresse IP - + Check Username Vérifier le nom d'utilisateur - + Threshold Seuil - + New policy Nouvelle politique - + Create a new policy. Créer une nouvelle politique. - + Create Binding Créer une liaison - + Superuser Super-utilisateur - + Members Membres - + Select groups to add user to Sélectionnez les groupes à ajouter à l'utilisateur - + Warning: Adding the user to the selected group(s) will give them superuser permissions. Attention : L'ajout de l'utilisateur au(x) groupe(s) sélectionné(s) lui confère des droits de superutilisateur. - + Successfully updated user. Utilisateur mis à jour avec succès - + Successfully created user. Utilisateur créé avec succès - + Username Nom d'utilisateur - + User's primary identifier. 150 characters or fewer. Identifiant principal de l'utilisateur. 150 caractères ou moins. - + User's display name. Nom d'affichage de l'utilisateur - + Email Courriel - + Is active Est actif - + Designates whether this user should be treated as active. Unselect this instead of deleting accounts. Indique si cet utilisateur doit être traité comme actif. Désélectionnez cette option au lieu de supprimer les comptes. - + Path Chemin - + Policy / User / Group Politique / Utilisateur / Groupe - + Policy Politique - + Group Groupe - + User Utilisateur - + Edit Policy Éditer la politique - + Update Group Mettre à jour le groupe - + Edit Group Éditer le groupe - + Update User Mettre à jour l'utilisateur - + Edit User Éditer l'utilisateur - + Policy binding(s) Liaison(s) de politique - + Update Binding Mettre à jour la liaison - + Edit Binding Éditer la liaison - + No Policies bound. Aucune politique liée. - + No policies are currently bound to this object. Aucune politique n'est actuellement lié à cet objet. - + Bind existing policy Lier une politique existante - + Warning: Application is not used by any Outpost. Attention : cette application n’est utilisée par aucun avant-poste. - + Related Lié - + Backchannel Providers Fournisseurs backchannel - + Check access Vérifier l'accès - + Check Vérifier - + Check Application access Vérifier l'accès de l'application - + Test Test - + Launch Lancer - + Logins over the last week (per 8 hours) Connexions au cours de la semaine écoulée (par tranche de 8 heures) - + Policy / Group / User Bindings Politique / Groupe / Liaisons utilisateur - + These policies control which users can access this application. Ces politiques contrôlent les autorisations d'accès des utilisateurs à cette application. - + Successfully updated source. Source mise à jour avec succès - + Successfully created source. Source créée avec succès - + Sync users Synchroniser les utilisateurs - + User password writeback Réécriture du mot de passe utilisateur - + Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. Le mot de passe de connexion est synchronisé depuis LDAP vers authentik automatiquement. Activez cette option seulement pour enregistrer les changements de mots de passe dans authentik jusqu'au LDAP. - + Sync groups Synchroniser les groupes - + Connection settings Paramètres de connexion - + Server URI URI du serveur - + Specify multiple server URIs by separating them with a comma. Spécifiez plusieurs URIs de serveurs en les séparant par une virgule. - + Enable StartTLS Activer StartTLS - + To use SSL instead, use 'ldaps://' and disable this option. - Pour utiliser SSL à la base, utilisez "ldaps://" et désactviez cette option. - + Pour utiliser SSL à la base, utilisez "ldaps://" et désactviez cette option. + TLS Verification Certificate Certificat de vérification TLS - + When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. Lors de la connexion avec un serveur LDAP avec TLS, les certificats ne sont pas vérifiés par défaut. Spécifiez une paire de clés pour vérifier le certificat distant. - + Bind CN Bind DN - + LDAP Attribute mapping Mappage des attributs LDAP - + Property mappings used to user creation. Mappages de propriété utilisés lors de la création d'utilisateurs - + Additional settings Paramètres additionnels - + Parent group for all the groups imported from LDAP. Groupe parent pour tous les groupes LDAP - + User path Chemin utilisateur - + Addition User DN Préfixe DN utilisateurs - + Additional user DN, prepended to the Base DN. DN à préfixer au DN de base pour les utilisateurs - + Addition Group DN Préfixe DN groupes - + Additional group DN, prepended to the Base DN. DN à préfixer au DN de base pour les groupes - + User object filter Filtre des objets utilisateur - + Consider Objects matching this filter to be Users. Les objets appliqués à ce filtre seront des utilisateurs. - + Group object filter Filtre d'objets de groupe - + Consider Objects matching this filter to be Groups. Les objets appliqués à ce filtre seront des groupes. - + Group membership field Champ d'appartenance au groupe - + - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' - Champ qui contient les membres d'un groupe. Si vous utilisez le champ "memberUid", la valeur est censée contenir un nom distinctif relatif, par exemple 'memberUid=un-utilisateur' au lieu de 'memberUid=cn=un-utilisateur,ou=groups,...' - + Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' + Champ qui contient les membres d'un groupe. Si vous utilisez le champ "memberUid", la valeur est censée contenir un nom distinctif relatif, par exemple 'memberUid=un-utilisateur' au lieu de 'memberUid=cn=un-utilisateur,ou=groups,...' + Object uniqueness field Champ d'unicité de l'objet - + Field which contains a unique Identifier. Champ qui contient un identifiant unique. - + Link users on unique identifier Lier les utilisateurs sur base d'un identifiant unique - + Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses Lier à un utilisateur avec la même adresse courriel. Peut avoir des implications de sécurité lorsqu'une source ne valide pas les adresses courriel. - + Use the user's email address, but deny enrollment when the email address already exists Utiliser l'adresse courriel de l'utilisateur, mais refuser l'inscription si l'adresse courriel existe déjà. - + Link to a user with identical username. Can have security implications when a username is used with another source Lien vers un utilisateur ayant un nom d'utilisateur identique. Cela peut avoir des implications en termes de sécurité lorsqu'un nom d'utilisateur est utilisé avec une autre source. - + Use the user's username, but deny enrollment when the username already exists Utiliser le nom d'utilisateur de l'utilisateur, mais refuser l'inscription si le nom d'utilisateur existe déjà. - + Unknown user matching mode Mode de correspondance d'utilisateur inconnu - + URL settings Paramètres d'URL - + Authorization URL URL d'autorisation - + URL the user is redirect to to consent the authorization. URL vers laquelle l'utilisateur est redirigé pour consentir l'autorisation. - + Access token URL URL du jeton d'accès - + URL used by authentik to retrieve tokens. URL utilisée par authentik pour récupérer les jetons. - + Profile URL URL de profil - + URL used by authentik to get user information. URL utilisée par authentik pour obtenir des informations sur l'utilisateur. - + Request token URL URL du jeton de requête - + URL used to request the initial token. This URL is only required for OAuth 1. URL utilisée pour demander le jeton initial. Cette URL est uniquement requise pour OAuth 1. - + OIDC Well-known URL OIDC Well-known URL - + OIDC well-known configuration URL. Can be used to automatically configure the URLs above. URL de configuration well-known de OIDC. Peut être utilisé pour configurer automatiquement les URL ci-dessus. - + OIDC JWKS URL OIDC JWKS URL - + JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. URL de la clé Web JSON. Les clés de l'URL seront utilisées pour valider les JWTs de cette source. - + OIDC JWKS OIDC JWKS - + Raw JWKS data. Données JWKS brutes. - + User matching mode Mode de correspondance utilisateur - + Delete currently set icon. Supprimer l'icône actuellement définie - + Consumer key Clé consumer - + Consumer secret Secret consumer - + Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. Champs supplémentaires à transmettre au fournisseur OAuth, séparés par des espaces. Pour remplacer les champs existants, préfixez-les par *. - + Flow settings Paramètres du flux - + Flow to use when authenticating existing users. Flux à utiliser pour authentifier les utilisateurs existants. - + Enrollment flow Flux d'inscription - + Flow to use when enrolling new users. Flux à utiliser pour inscrire les nouveaux utilisateurs. - + Load servers Charger les serveurs - + Re-authenticate with plex Se ré-authentifier avec Plex - + Allow friends to authenticate via Plex, even if you don't share any servers Autoriser les amis à s'authentifier via Plex, même si vous ne partagez aucun serveur - + Allowed servers Serveurs autorisés - + Select which server a user has to be a member of to be allowed to authenticate. Sélectionnez de quel serveur un utilisateur doit être un membre pour être autorisé à s'authentifier. - + SSO URL URL SSO - + URL that the initial Login request is sent to. URL de destination de la requête initiale de login. - + SLO URL URL SLO - + Optional URL if the IDP supports Single-Logout. URL optionnelle si le fournisseur d'identité supporte Single-Logout. - + Also known as Entity ID. Defaults the Metadata URL. Aussi appelé Entity ID. URL de métadonnée par défaut. - + Binding Type Type de liaison - + Redirect binding Redirection - + Post-auto binding Liaison Post-automatique - + Post binding but the request is automatically sent and the user doesn't have to confirm. Liaison Post mais la demande est automatiquement envoyée et l'utilisateur n'a pas à confirmer. - + Post binding Post - + Signing keypair Paire de clés de signature - + Keypair which is used to sign outgoing requests. Leave empty to disable signing. Paire de clés utilisée pour signer le requêtes sortantes. Laisser vide pour désactiver la signature. - + Allow IDP-initiated logins Autoriser les connexions initiées par IDP - + Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. Autoriser les flux d'authentification initiés par l'IdP. Cela peut présenter un risque de sécurité, aucune validation de l'ID de la requête n'est effectuée. - + NameID Policy Politique NameID - + Persistent Persistant - + Email address Adresse courriel - + Windows Fenêtres - + X509 Subject Sujet X509 - + Transient Transitoire - + Delete temporary users after Supprimer les utilisateurs temporaires après - + Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. - Moment où les utilisateurs temporaires doivent être supprimés. Cela ne s'applique que si votre IDP utilise le format NameID "transient" et que l'utilisateur ne se déconnecte pas manuellement. - + Moment où les utilisateurs temporaires doivent être supprimés. Cela ne s'applique que si votre IDP utilise le format NameID "transient" et que l'utilisateur ne se déconnecte pas manuellement. + Pre-authentication flow Flux de pré-authentification - + Flow used before authentication. Flux à utiliser avant authentification. - + New source Nouvelle source - + Create a new source. Créer une nouvelle source. - + Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. Sources d'identités, qui peuvent soit être synchronisées dans la base de données d'authentik, soit être utilisées par les utilisateurs pour s'authentifier et s'inscrire. - + Source(s) Source(s) - + Disabled Désactivé - + Built-in Intégré - + Update LDAP Source Mettre à jour la source LDAP - + Not synced yet. Pas encore synchronisé. - + Task finished with warnings Tâche terminée avec avertissements - + Task finished with errors Tâche terminée avec erreurs - + Last sync: - Dernière synchro : + Dernière synchro : - + OAuth Source Source OAuth - + Generic OpenID Connect Connection OpenID Générique - + Unknown provider type Type de fournisseur inconnu - + Details Détails - + Callback URL URL de rappel - + Access Key Clé d'accès - + Update OAuth Source Mettre à jour la source OAuth - + Diagram Diagramme - + Policy Bindings Liaisons des politiques - + These bindings control which users can access this source. @@ -3431,478 +3431,478 @@ doesn't pass when either or both of the selected options are equal or above the Update Plex Source Mettre à jour la source Plex - + Update SAML Source Mettre à jour la source SAML - + Successfully updated mapping. Mappage mis à jour avec succès. - + Successfully created mapping. Mappage créé avec succès - + Object field Champ d'objet - + Field of the user object this value is written to. Champ de l'objet utilisateur dans lequel cette valeur est écrite. - + SAML Attribute Name Nom d'attribut SAML - + Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. Nom de l'attribut utilisé pour les assertions SAML. Peut être un OID URN, une référence à un schéma ou tout autre valeur. Si ce mappage de propriété est utilisé pour la propriété NameID, cette valeur est ignorée. - + Friendly Name Nom amical - + Optionally set the 'FriendlyName' value of the Assertion attribute. - Indiquer la valeur "FriendlyName" de l'attribut d'assertion (optionnel) - + Indiquer la valeur "FriendlyName" de l'attribut d'assertion (optionnel) + Scope name Nom de la portée - + Scope which the client can specify to access these properties. Portée que le client peut spécifier pour accéder à ces propriétés. - + Description shown to the user when consenting. If left empty, the user won't be informed. Description montrée à l'utilisateur lors de l'approbation. Aucune information présentée à l'utilisateur si laissé vide. - + Example context data Exemple contextuel de données - + Active Directory User Utilisateur Active Directory - + Active Directory Group Groupe Active Directory - + New property mapping Nouveau mappage de propriété - + Create a new property mapping. Créer un nouveau mappage de propriétés. - + Property Mappings Mappages de propriété - + Control how authentik exposes and interprets information. Contrôle comment authentik expose et interprète les informations - + Property Mapping(s) Mappage(s) de propriété - + Test Property Mapping Tester le mappage de propriété - + Hide managed mappings Cacher les mappages gérés - + Successfully updated token. Jeton mis à jour avec succès - + Successfully created token. Jeton créé avec succès - + Unique identifier the token is referenced by. Identifiant unique par lequel le jeton est référencé. - + Intent Intention - + API Token Jeton API - + Used to access the API programmatically Utilisé pour accéder à l'API de manière programmatique - + App password. Mot de passe de l'application. - + Used to login using a flow executor Utilisé pour se connecter à l'aide d'un exécuteur de flux - + Expiring Expiration - + If this is selected, the token will expire. Upon expiration, the token will be rotated. Si cette option est sélectionnée, le jeton expirera. À son expiration, le jeton fera l'objet d'une rotation. - + Expires on Expire le - + API Access Accès à l'API - + App password Mot de passe de l'App - + Verification Vérification - + Unknown intent Intention inconnue - + Tokens Jetons - + Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. Les jetons sont utilisés dans authentik pour les étapes de validation des courriels, les clés de récupération et l'accès aux API. - + Expires? Expire ? - + Expiry date Date d'expiration - + Token(s) Jeton(s) - + Create Token Créer un jeton - + Token is managed by authentik. Jeton géré par authentik - + Update Token Mettre à jour le jeton - + Successfully updated tenant. Tenant mis à jour avec succès - + Successfully created tenant. Tenant créé avec succès - + Domain Domaine - + Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. La correspondante est effectuée sur le suffixe du domaine ; si vous entrez domain.tld, foo.domain.tld sera également inclus. - + Default Par défaut - + Use this tenant for each domain that doesn't have a dedicated tenant. Utilisez ce locataire pour chaque domaine qui ne dispose pas d'un locataire dédié. - + Branding settings Paramètres de marque - + Title Titre - + Branding shown in page title and several other places. Image de marque utilisée dans le titre de la page et dans d'autres endroits - + Logo Logo - + Icon shown in sidebar/header and flow executor. Icône affichée dans la barre latérale, l'en-tête et dans l'exécuteur de flux. - + Favicon Favicon - + Icon shown in the browser tab. Icône affichée dans l'onglet du navigateur. - + Default flows Flux par défaut - + Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. Flux utilisé pour authentifier les utilisateurs. S'il est laissé vide, le premier flux applicable trié par le slug est utilisé. - + Invalidation flow Flux d'invalidation - + Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. Flux utilisé pour la déconnexion. S'il est laissé vide, le premier flux applicable trié par le slug est utilisé. - + Recovery flow Flux de récupération - + Recovery flow. If left empty, the first applicable flow sorted by the slug is used. Flux de récupération. Si laissé vide, le premier flux applicable trié par slug sera utilisé. - + Unenrollment flow Flux de désinscription - + If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. Si défini, les utilisateurs peuvent se désinscrire à l'aide de ce flux. Si aucun flux n'est défini, l'option n'est pas affichée. - + User settings flow Flux de paramètres utilisateur - + If set, users are able to configure details of their profile. Si défini, les utilisateurs sont capables de modifier les informations de leur profil. - + Device code flow Flux de code de l'appareil - + If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. S'il est activé, le profil OAuth Device Code peut être utilisé et le flux sélectionné sera utilisé pour saisir le code. - + Other global settings Autres paramètres globaux - + Web Certificate Certificat Web - + Event retention Rétention d'évènement - + Duration after which events will be deleted from the database. Expiration des évènements à l'issue de laquelle ils seront supprimés de la base de donnée. - + - When using an external logging solution for archiving, this can be set to "minutes=5". - En cas d'utilisation d'une solution de journalisation externe pour l'archivage, cette valeur peut être fixée à "minutes=5". - + When using an external logging solution for archiving, this can be set to "minutes=5". + En cas d'utilisation d'une solution de journalisation externe pour l'archivage, cette valeur peut être fixée à "minutes=5". + This setting only affects new Events, as the expiration is saved per-event. Ce paramètre n'affecte que les nouveaux événements, l'expiration étant enregistrée pour chaque événement. - + - Format: "weeks=3;days=2;hours=3,seconds=2". - Format : "weeks=3;days=2;hours=3,seconds=2". - + Format: "weeks=3;days=2;hours=3,seconds=2". + Format : "weeks=3;days=2;hours=3,seconds=2". + Set custom attributes using YAML or JSON. Any attributes set here will be inherited by users, if the request is handled by this tenant. Définir des attributs personnalisés en utilisant YAML ou JSON. Tous les attributs définis ici seront hérités par les utilisateurs, si la demande est traitée par ce tenant. - + Tenants Tenants - + Configure visual settings and defaults for different domains. Configure le paramètres visuels et par défaut des différents domaines. - + Default? Par défaut ? - + Tenant(s) Tenant(s) - + Update Tenant Mettre à jour le tenant - + Create Tenant Créer un tenant - + Policies Politiques - + Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. Permettre aux usagers l'utilisation d'applications sur la base de leurs propriétés, appliquer les critères de robustesse des mots de passe et sélectionner les flux applicables. - + Assigned to object(s). - Assigné à + Assigné à objet(s). - + Warning: Policy is not assigned. Avertissement : la politique n'est pas assignée. - + Test Policy Tester la politique - + Policy / Policies Politique/s - + Successfully cleared policy cache Cache de politique vidé avec succès - + Failed to delete policy cache Impossible de vider le cache de politique - + Clear cache Vider le cache - + Clear Policy cache Vider le cache de politique - + Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage. @@ -3911,93 +3911,93 @@ doesn't pass when either or both of the selected options are equal or above the Reputation scores Scores de Réputation - + Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. Réputations pour chaque IP et identifiant utilisateur. Les scores sont décrémentés à chaque connexion échouée et incrémentés pour chaque connexion réussie. - + IP IP - + Score Note - + Updated Mis à Jour - + Reputation Réputation - + Groups Groupes - + Group users together and give them permissions based on the membership. Regroupez les utilisateurs et donnez-leur des autorisations en fonction de leur appartenance. - + Superuser privileges? Privilèges de super-utilisateur ? - + Group(s) Groupe(s) - + Create Group Créer un groupe - + Create group Créer un groupe - + Enabling this toggle will create a group named after the user, with the user as member. Activer cette option va créer un groupe du même nom que l'utilisateur dont il sera membre. - + Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. Utilisez le nom d'utilisateur et le mot de passe ci-dessous pour vous authentifier. Le mot de passe peut être récupéré plus tard sur la page Jetons. - + Password Mot de passe - + Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. Valide pendant 360 jours, après quoi le mot de passe sera alterné automatiquement. Vous pouvez copier le mot de passe depuis la liste des jetons. - + The following objects use - The following objects use + The following objects use - + connecting object will be deleted L'objet connecté sera supprimé - + Successfully updated @@ -4005,625 +4005,625 @@ doesn't pass when either or both of the selected options are equal or above the Failed to update : - Échec de la mise à jour - : + Échec de la mise à jour + : - + - Are you sure you want to update ""? - Êtes-vous sûr de vouloir mettre à jour - " - " ? - + Are you sure you want to update ""? + Êtes-vous sûr de vouloir mettre à jour + " + " ? + Successfully updated password. Le mot de passe a été mis à jour avec succès. - + Successfully sent email. Courriel envoyé avec succès - + Email stage Étape courriel - + Successfully added user(s). L'ajout d'utilisateur(s) a été effectué avec succès. - + Users to add Utilisateurs à ajouter - + User(s) Utilisateur(s) - + Remove Users(s) Retirer le/les utilisateur(s) - + Are you sure you want to remove the selected users from the group ? - Êtes-vous sûr de vouloir supprimer les utilisateurs sélectionnés du groupe + Êtes-vous sûr de vouloir supprimer les utilisateurs sélectionnés du groupe ? - + Remove Retirer - + Impersonate Se faire passer pour - + User status Statut utilisateur - + Change status Changer le statut - + Deactivate Désactiver - + Update password Mettre à Jour le mot de passe - + Set password Définir le mot de passe - + Successfully generated recovery link Lien de récupération généré avec succès - + No recovery flow is configured. Aucun flux de récupération n'est configuré. - + Copy recovery link Copier le lien de récupération - + Send link Envoyer un lien - + Send recovery link to user Envoyer le lien de récupération à l'utilisateur - + Email recovery link Lien de récupération courriel - + Recovery link cannot be emailed, user has no email address saved. Le lien de récupération ne peut pas être envoyé par courriel, l'utilisateur n'a aucune adresse courriel enregistrée. - + To let a user directly reset a their password, configure a recovery flow on the currently active tenant. Pour laisser les utilisateurs réinitialiser leur mot de passe, configurez un flux de récupération sur le locataire actuel. - + Add User Ajouter un utilisateur - + Warning: This group is configured with superuser access. Added users will have superuser access. Avertissement : Ce groupe est configuré avec un accès superutilisateur. Les utilisateurs ajoutés auront un accès superutilisateur. - + Add existing user Ajouter un utilisateur existant - + Create user Créer un utilisateur - + Create User Créer un utilisateur - + Create Service account Créer un compte de service - + Hide service-accounts Cacher les comptes de service - + Group Info Informations de Groupe - + Notes Notes - + Edit the notes attribute of this group to add notes here. Modifiez l'attribut notes de ce groupe pour ajouter des notes ici. - + Users Utilisateurs - + Root Racine - + Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. - Avertissement : Vous êtes sur le point de supprimer l'utilisateur sous lequel vous êtes connecté ( + Avertissement : Vous êtes sur le point de supprimer l'utilisateur sous lequel vous êtes connecté ( ). Poursuivez à vos propres risques. - + Hide deactivated user Cacher l'utilisateur désactivé - + User folders Dossiers utilisateurs - + Successfully added user to group(s). L'utilisateur a été ajouté avec succès au(x) groupe(s). - + Groups to add Groupes à ajouter - + Remove from Group(s) Retirer du/des Groupe(s) - + Are you sure you want to remove user from the following groups? - Êtes-vous sûr de vouloir retirer l'utilisateur + Êtes-vous sûr de vouloir retirer l'utilisateur des groupes suivants ? - + Add Group Ajouter un groupe - + Add to existing group Ajouter à un groupe existant - + Add new group Ajouter un nouveau groupe - + Application authorizations Autorisations de l'application - + Revoked? Révoqué ? - + Expires Expire - + ID Token ID du jeton - + Refresh Tokens(s) Rafraîchir le(s) jeton(s) - + Last IP Dernière IP - + Session(s) Session(s) - + Expiry Expiration - + (Current session) (Session actuelle) - + Permissions Permissions - + Consent(s) Approbation(s) - + Successfully updated device. Appareil mis à jour avec succès - + Static tokens Jetons statiques - + TOTP Device Appareil TOTP - + Enroll S'inscrire - + Device(s) Appareil(s) - + Update Device Mettre à Jour l'Appareil - + Confirmed Confirmé - + User Info Info utilisateur - + Actions over the last week (per 8 hours) Actions au cours de la semaine écoulée (par tranche de 8 heures) - + Edit the notes attribute of this user to add notes here. Éditer l'attribut notes de cet utilisateur pour ajouter des notes ici. - + Sessions Sessions - + User events Événements de l'utilisateur - + Explicit Consent Approbation explicite - + OAuth Refresh Tokens Jetons de rafraîchissement OAuth - + MFA Authenticators Authentificateurs MFA - + Successfully updated invitation. Invitation mise à jour avec succès - + Successfully created invitation. Invitation créée avec succès - + Flow Flux - + When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. Si sélectionné, l'invitation ne sera utilisable que dans ce flux. Par défaut l'invitation est acceptée sur tous les flux avec des étapes d'invitation. - + Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. Données optionnelles chargées dans la variable contextuelle 'prompt_data' du flux. YAML ou JSON. - + Single use Usage unique - + When enabled, the invitation will be deleted after usage. Si activée, l'invitation sera supprimée après utilisation. - + Select an enrollment flow Sélectionnez un flux d'inscription - + Link to use the invitation. Lien pour utiliser l'invitation. - + Invitations Invitations - + Create Invitation Links to enroll Users, and optionally force specific attributes of their account. Créer des liens d'invitation pour inscrire des utilisateurs et éventuellement imposer certains attributs de leurs compte. - + Created by Créé par - + Invitation(s) Invitation(s) - + Invitation not limited to any flow, and can be used with any enrollment flow. L'invitation n'est limitée à aucun flux, et peut être utilisée avec n'importe quel flux d'inscription. - + Update Invitation Mettre à Jour l'invitation - + Create Invitation Créer une invitation - + Warning: No invitation stage is bound to any flow. Invitations will not work as expected. Attention : aucune étape d’invitation n’a été ajoutée à aucun flux. Les invitations ne fonctionneront pas comme attendu. - + Auto-detect (based on your browser) Détection automatique (basée sur votre navigateur) - + Required. Obligatoire. - + Continue Continuer - + Successfully updated prompt. Invite mise à jour avec succès. - + Successfully created prompt. Invite créée avec succès. - + Text: Simple Text input Texte : simple champ texte - + Text Area: Multiline text input Zone de Texte : Entrée de Texte multiligne - + Text (read-only): Simple Text input, but cannot be edited. Texte (lecture seule) : Texte Simple, mais ne peut être édité. - + Text Area (read-only): Multiline text input, but cannot be edited. Zone de Texte (lecture seule) : Entrée de Texte multiligne, mais ne peut pas être édité. - + Username: Same as Text input, but checks for and prevents duplicate usernames. Nom d'utilisateur : Identique à la saisie de texte, mais vérifie et empêche les noms d'utilisateur en double. - + Email: Text field with Email type. Courriel : champ texte de type adresse courriel - + Password: Masked input, multiple inputs of this type on the same prompt need to be identical. Mot de Passe : Entrée masquée, plusieurs entrées de ce type sur une même page odivent être identiques. - + Number Nombre - + Checkbox Case à cocher - + Radio Button Group (fixed choice) Group de boutons radio (choix fixe) - + Dropdown (fixed choice) Menu déroulant (choix fixe) - + Date Date - + Date Time Date et heure - + File Fichier - + Separator: Static Separator Line Séparateur : Ligne de séparation statique - + Hidden: Hidden field, can be used to insert data into form. Caché : champ caché, peut être utilisé pour insérer des données dans le formulaire. - + Static: Static value, displayed as-is. Statique : valeur statique, affichée comme telle. - + authentik: Locale: Displays a list of locales authentik supports. authentik: Locales: Affiche la liste des locales supportées par authentik. - + Preview errors Prévisualisation des erreurs - + Data preview Prévisualisation des données - + Unique name of this field, used for selecting fields in prompt stages. Nom unique de ce champ, utilisé pour sélectionner les champs dans les étapes de demande - + Field Key Clé du champ - + Name of the form field, also used to store the value. Nom du champ de formulaire utilisé pour enregistrer la valeur - + When used in conjunction with a User Write stage, use attributes.foo to write attributes. Lorsqu’utilisé avec une étape Écriture Utilisateur, utilise attributes.foo pour écrire les attributs. - + Label Libellé - + Label shown next to/above the prompt. Libellé affiché à côté/au-dessus du champ. - + Required Obligatoire - + Interpret placeholder as expression Interpréter le placeholder comme une expression - + When checked, the placeholder will be evaluated in the same way a property mapping is. @@ -4634,7 +4634,7 @@ doesn't pass when either or both of the selected options are equal or above the Placeholder Par défaut - + Optionally provide a short hint that describes the expected input value. @@ -4647,7 +4647,7 @@ doesn't pass when either or both of the selected options are equal or above the Interpret initial value as expression Interpréter la valeur initiale comme une expression - + When checked, the initial value will be evaluated in the same way a property mapping is. @@ -4658,7 +4658,7 @@ doesn't pass when either or both of the selected options are equal or above the Initial value Valeur initiale - + Optionally pre-fill the input with an initial value. @@ -4671,152 +4671,152 @@ doesn't pass when either or both of the selected options are equal or above the Help text Texte d'aide - + Any HTML can be used. N'importe quel HTML peut être utilisé. - + Prompts Invites - + Single Prompts that can be used for Prompt Stages. Invites simples qui peuvent être utilisés pour les étapes d'invite. - + Field Champ - + Stages Étapes - + Prompt(s) Invite(s) - + Update Prompt Mettre à jour l'invite - + Create Prompt Créer une invite - + Target Cible - + Stage Étape - + Evaluate when flow is planned Évaluer quand le flux est planifié - + Evaluate policies during the Flow planning process. Évaluer les politiques pendant le processus de planification du flux - + Evaluate when stage is run Évaluer quand l'étape est exécutée - + Evaluate policies before the Stage is present to the user. Évaluer les politiques avant la présentation de l'étape à l'utilisateur - + Invalid response behavior Comportement de réponse invalide - + Returns the error message and a similar challenge to the executor Retourne le message d'erreur et un défi similaire à l'exécuteur - + Restarts the flow from the beginning Redémarre le flux depuis le début - + Restarts the flow from the beginning, while keeping the flow context Redémarre le flux depuis le début, en gardant le contexte du flux - + Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. Configurer comment l'exécuteur de flux doit gérer une réponse invalide à un défi donné par cette étape d'assignation - + Successfully updated stage. Étape mise à jour avec succès - + Successfully created stage. Étape créée avec succès - + Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. Étape de configuration d'un authentificateur Duo. Cette étape devrait être utilisée en flux de configuration. - + Authenticator type name Nom du type d'authentificateur - + Display name of this authenticator, used by users when they enroll an authenticator. Affiche le nom de cet authentificateur, utilisé par les utilisateurs quand ils inscrivent un authentificateur. - + API Hostname Nom d'hôte de l'API - + Duo Auth API API d'Authentification Duo - + Integration key Clé d'intégration - + Secret key Clé secrète - + Duo Admin API (optional) API Administrateur Duo (optionnel) - + When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. @@ -4827,630 +4827,630 @@ doesn't pass when either or both of the selected options are equal or above the Stage-specific settings Paramètres propres à l'étape - + Configuration flow Flux de configuration - + Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. Flux utilisé par un utilisateur authentifié pour configurer cette étape. S'il est vide, l'utilisateur ne sera pas en mesure de le configurer. - + Twilio Account SID SID de Compte Twilio - + Get this value from https://console.twilio.com Obtenez cette valeur depuis https://console.twilio.com - + Twilio Auth Token Jeton d'Authentification Twilio - + Authentication Type Type d'authentification - + Basic Auth Authentification Basique - + Bearer Token Bearer Token - + External API URL URL d'API externe - + This is the full endpoint to send POST requests to. Ceci est le point de terminaison complet vers lequel il faut envoyer des requêtes POST - + API Auth Username Nom d'utilisateur de l'API d'Authentification - + This is the username to be used with basic auth or the token when used with bearer token Ceci est le nom d'utilisateur à utiliser pour de l'authentification basique ou le token à utiliser en avec Bearer token - + API Auth password Mot de passe de l'API d'Authentification - + This is the password to be used with basic auth Ceci est le mot de passe à utiliser pour l'authentification basique - + Mapping Mappage - + Modify the payload sent to the custom provider. Modifier le contenu envoyé aux fournisseurs personnalisés. - + Stage used to configure an SMS-based TOTP authenticator. Étape utilisée pour configurer un authentificateur TOTP par SMS. - + Twilio Twilio - + Generic Générique - + From number Numéro Expéditeur - + Number the SMS will be sent from. Numéro depuis lequel le SMS sera envoyé. - + Hash phone number Hacher le numéro de téléphone - + If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. Si activé, seul un hash du numéro de téléphone sera sauvegarder. Cela peut être fait pour des raisons de protection des données personnelles. Les appareils créés depuis une étape ayant cette option activée ne peuvent pas être utilisés avec l'étape de validation d'authentificateur. - + Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. Étape de configuration d'un authentificateur statique (jetons statiques). Cette étape devrait être utilisée en flux de configuration. - + Token count Compteur jeton - + Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). Étape utilisée pour configurer un authentificateur TOTP (comme Authy ou Google Authenticator).L - + Digits Chiffres - + 6 digits, widely compatible 6 chiffres, largement compatible - + 8 digits, not compatible with apps like Google Authenticator 8 chiffres, incompatible avec certaines applications telles que Google Authenticator - + Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. Étape utilisée pour valider tout type d'authentificateur. Cette étape devrait être utilisée en flux d'authentification ou d'autorisation. - + Device classes Classes d'équipement - + Static Tokens Jetons statiques - + TOTP Authenticators Authentificateur TOTP - + WebAuthn Authenticators Authentificateurs WebAuthn - + Duo Authenticators Authentificateurs Duo - + SMS-based Authenticators Authenticatificateurs basé sur SMS - + Device classes which can be used to authenticate. Classe d'équipement qui peut être utilisé pour s'authentifier - + Last validation threshold Seuil de dernière validation - + If any of the devices user of the types selected above have been used within this duration, this stage will be skipped. Si l’utilisateur a utilisé n’importe lequel des appareils du type sélectionné ci-dessus pendant cette période, cette étape sera ignorée. - + Not configured action Action non configurée - + Force the user to configure an authenticator Obliger l'utilisateur à configurer un authentificateur - + Deny the user access Refuser l'accès à l'utilisateur - + WebAuthn User verification Vérification Utilisateur WebAuthn - + User verification must occur. La vérification utilisateur doit avoir lieu. - + User verification is preferred if available, but not required. La vérification utilisateur est préférée si disponible, mais non obligatoire. - + User verification should not occur. La vérification utilisateur ne doit pas avoir lieu. - + Configuration stages Étapes de Configuration - + Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. Étapes utilisées pour configurer Authentifcateur (Authenticator) lorsque l’utilisateur n’a pas d’appareil compatible. Une fois cette étape passée, l’utilisateur ne sera pas sollicité de nouveau. - + When multiple stages are selected, the user can choose which one they want to enroll. Lorsque plusieurs étapes sont sélectionnées, les utilisateurs peuvent choisir celle qu’ils souhaient utiliser pour s’enrôler. - + User verification Vérification Utilisateur - + Resident key requirement Exigence de clé résidente - + Authenticator Attachment Lien à l'authentificateur - + No preference is sent Aucune préférence n'est envoyée - + A non-removable authenticator, like TouchID or Windows Hello Un authentificateur inamovible, comme TouchID ou Windows Hello - + - A "roaming" authenticator, like a YubiKey - Un authentificateur "itinérant", comme une YubiKey - + A "roaming" authenticator, like a YubiKey + Un authentificateur "itinérant", comme une YubiKey + This stage checks the user's current session against the Google reCaptcha (or compatible) service. Cette étape vérifie la session actuelle de l'utilisateur sur le service reCaptcha de Google (ou service compatible). - + Public Key Clé publique - + Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. Clé publique, obtenue depuis https://www.google.com/recaptcha/intro/v3.html. - + Private Key Clé privée - + Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. Clé privée, acquise auprès de https://www.google.com/recaptcha/intro/v3.html. - + Advanced settings Paramètres avancés - + JS URL URL du JS - + URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. URL où télécharger le JavaScript, recaptcha par défaut. Peut être remplacé par une alternative compatible. - + API URL URL d'API - + URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. URL utilisée pour valider la réponse captcha, recaptcha par défault. Peut être remplacé par une alternative compatible. - + Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. Demander le consentement de l'utilisateur. Celui-ci peut être permanent ou expirer dans un délai défini. - + Always require consent Toujours exiger l'approbation - + Consent given last indefinitely L'approbation dure indéfiniment - + Consent expires. L'approbation expire. - + Consent expires in L'approbation expire dans - + Offset after which consent expires. Décalage après lequel le consentement expire. - + Dummy stage used for testing. Shows a simple continue button and always passes. Étape factice utilisée pour les tests. Montre un simple bouton continuer et réussit toujours. - + Throw error? Renvoyer une erreur ? - + SMTP Host Hôte SMTP - + SMTP Port Port SMTP - + SMTP Username Utilisateur SMTP - + SMTP Password Mot de passe SMTP - + Use TLS Utiliser TLS - + Use SSL Utiliser SSL - + From address Adresse d'origine - + Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. Vérifier le courriel de l'utilisateur en lui envoyant un lien à usage unique. Peut également être utilisé lors de la récupération afin de vérifier l'authenticité de l'utilisateur. - + Activate pending user on success Activer l'utilisateur en attente en cas de réussite - + When a user returns from the email successfully, their account will be activated. Lorsqu'un utilisateur revient du courriel avec succès, son compte sera activé. - + Use global settings Utiliser les paramètres globaux - + When enabled, global Email connection settings will be used and connection settings below will be ignored. Si activé, les paramètres globaux de connexion courriel seront utilisés et les paramètres de connexion ci-dessous seront ignorés. - + Token expiry Expiration du jeton - + Time in minutes the token sent is valid. Temps en minutes durant lequel le jeton envoyé est valide. - + Template Modèle - + Let the user identify themselves with their username or Email address. Laisser l'utilisateur s'identifier lui-même avec son nom d'utilisateur ou son adresse courriel. - + User fields Champs de l'utilisateur - + UPN UPN - + Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. Champs avec lesquels un utilisateur peut s'identifier. Si aucun champ n'est sélectionné, l'utilisateur ne pourra utiliser que des sources. - + Password stage Étape de mot de passe - + When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. Si activée, un champ de mot de passe est affiché sur la même page au lieu d'une page séparée. Cela permet d'éviter les attaques par énumération de noms d'utilisateur. - + Case insensitive matching Correspondance insensible à la casse - + When enabled, user fields are matched regardless of their casing. Si activé, les champs de l'utilisateur sont mis en correspondance en ignorant leur casse. - + Show matched user Afficher l'utilisateur correspondant - + When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. Lorsqu'un nom d'utilisateur/adresse courriel valide a été saisi, et si cette option est active, le nom d'utilisateur et l'avatar de l'utilisateur seront affichés. Sinon, le texte que l'utilisateur a saisi sera affiché. - + Source settings Paramètres de la source - + Sources Sources - + Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. Sélectionnez les sources à afficher aux utilisateurs pour s'authentifier. Cela affecte uniquement les sources web, pas LDAP. - + Show sources' labels Afficher les étiquettes des sources - + By default, only icons are shown for sources. Enable this to show their full names. Par défaut, seuls les icônes sont affichés pour les sources, activez cette option pour afficher leur nom complet. - + Passwordless flow Flux sans mot de passe - + Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. Flux sans mot de passe facultatif, qui sera accessible en bas de page. Lorsque configuré, les utilisateurs peuvent utiliser ce flux pour s'authentifier avec un authentificateur WebAuthn, sans entrer de détails. - + Optional enrollment flow, which is linked at the bottom of the page. Flux d'inscription facultatif, qui sera accessible en bas de page. - + Optional recovery flow, which is linked at the bottom of the page. Flux de récupération facultatif, qui sera accessible en bas de page. - + This stage can be included in enrollment flows to accept invitations. Cette étape peut être incluse dans les flux d'inscription pour accepter les invitations. - + Continue flow without invitation Continuer le flux sans invitation - + If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. Si activé, cette étape passera à l'étape suivante si aucune invitation n'est donnée. Par défaut, cette étape annule le flux en l'absence d'invitation. - + Validate the user's password against the selected backend(s). Valider le mot de passe de l'utilisateur sur le(s) backend(s) sélectionné(s). - + Backends Backends - + User database + standard password Base de données utilisateurs + mots de passe standards - + User database + app passwords Base de données utilisateurs + mots de passes applicatifs - + User database + LDAP password Base de données utilisateurs + mot de passe LDAP - + Selection of backends to test the password against. Sélection de backends pour tester le mot de passe. - + Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. Flux utilisé par un utilisateur authentifié pour configurer son mot de passe. S'il est vide, l'utilisateur ne sera pas en mesure de changer son mot de passe. - + Failed attempts before cancel Échecs avant annulation - + How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. Nombre de tentatives dont dispose un utilisateur avant que le flux ne soit annulé. Pour verrouiller l'utilisateur, utilisez une politique de réputation et une étape user_write. - + Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. - Afficher des champs de saisie arbitraires à l'utilisateur, par exemple pendant l'inscription. Les données sont enregistrées dans le contexte du flux sous la variable "prompt_data". - + Afficher des champs de saisie arbitraires à l'utilisateur, par exemple pendant l'inscription. Les données sont enregistrées dans le contexte du flux sous la variable "prompt_data". + Fields Champs - + - ("", of type ) + ("", of type ) - (" - ", de type + (" + ", de type ) - + Validation Policies Politiques de validation - + Selected policies are executed when the stage is submitted to validate the data. Les politiques sélectionnées sont exécutées lorsque l'étape est soumise pour valider les données. - + Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions. @@ -5459,52 +5459,52 @@ doesn't pass when either or both of the selected options are equal or above the Log the currently pending user in. Ouvre la session de l'utilisateur courant. - + Session duration Durée de la session - + Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. Détermine la durée de la session. La valeur par défaut de 0 seconde signifie que la session dure jusqu'à la fermeture du navigateur. - + Different browsers handle session cookies differently, and might not remove them even when the browser is closed. Différents navigateurs gèrent les cookies de session différemment et peuvent ne pas les supprimer même lorsque le navigateur est fermé. - + See here. Voir ici. - + Stay signed in offset Rester connecté en décalage - + - If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. - Si défini à une durée supérieure à 0, l'utilisateur aura la possibilité de choisir de "rester connecté", ce qui prolongera sa session jusqu'à la durée spécifiée ici. - + If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + Si défini à une durée supérieure à 0, l'utilisateur aura la possibilité de choisir de "rester connecté", ce qui prolongera sa session jusqu'à la durée spécifiée ici. + Terminate other sessions Terminer les autres sessions - + When enabled, all previous sessions of the user will be terminated. Lorsqu'activé, toutes les sessions précédentes de l'utilisateur seront terminées. - + Remove the user from the current session. Supprimer l'utilisateur de la session actuelle. - + Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user @@ -5515,308 +5515,308 @@ doesn't pass when either or both of the selected options are equal or above the Never create users Ne jamais créer d'utilisateurs - + When no user is present in the flow context, the stage will fail. Si aucun utilisateur n'est présent dans le contexte du flux, l'étape va échouer. - + Create users when required Créer des utilisateurs si nécessaire - + When no user is present in the the flow context, a new user is created. Si aucun utilisateur n'est présent dans le contexte du flux, un nouvel utilisateur est créé. - + Always create new users Toujours créer de nouveaux utilisateurs - + Create a new user even if a user is in the flow context. Créer un nouvel utilisateur même si un utilisateur est déjà présent dans le contexte du flux. - + Create users as inactive Créer des utilisateurs inactifs - + Mark newly created users as inactive. Marquer les utilisateurs nouvellements créés comme inactifs. - + User path template Modèle de chemin des utilisateurs - + Path new users will be created under. If left blank, the default path will be used. Chemin sous lequel les nouveaux utilisateurs seront créés. Si laissé vide, le chemin par défaut sera utilisé. - + Newly created users are added to this group, if a group is selected. Les utilisateurs nouvellement créés sont ajoutés à ce groupe, si un groupe est sélectionné. - + New stage Nouvelle étape - + Create a new stage. Créer une nouvelle étape. - + Successfully imported device. Appareil importé avec succès. - + The user in authentik this device will be assigned to. L'utilistateur authentik auquel cet appareil sera assigné. - + Duo User ID ID Utilisateur Duo - + The user ID in Duo, can be found in the URL after clicking on a user. L'ID utilisateur Duo, peut être trouvé dans l'URL en cliquant sur un utilisateur, - + Automatic import Importation automatique - + Successfully imported devices. - Import réussi de + Import réussi de appareils. - + Start automatic import Démarrer l'importation automatique - + Or manually import Ou importer manuellement - + Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. Les étapes sont des étapes simples d'un flux au travers duquel un utilisateur est guidé. Une étape peut être uniquement exécutée à l'intérieur d'un flux. - + Flows Flux - + Stage(s) Étape(s) - + Import Importer - + Import Duo device Importer un appareil Duo - + Successfully updated flow. Flux mis à jour avec succès - + Successfully created flow. Flux créé avec succès - + Shown as the Title in Flow pages. Afficher comme Titre dans les pages de Flux. - + Visible in the URL. Visible dans l'URL - + Designation Désignation - + Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. Détermine l'usage de ce flux. Par exemple, un flux d'authentification est la destination d'un visiteur d'authentik non authentifié. - + No requirement Aucun prérequis - + Require authentication Requiert une authentification - + Require no authentication. Requiert l'absence d'authentification - + Require superuser. Requiert un super-utilisateur - + Required authentication level for this flow. Niveau d'authentification requis pour ce flux. - + Behavior settings Paramètres de comportement - + Compatibility mode Mode de compatibilité - + Increases compatibility with password managers and mobile devices. Augmente la compatibilité avec les gestionnaires de mots de passe et les appareils mobiles - + Denied action Action refusée - + Will follow the ?next parameter if set, otherwise show a message Suivra le paramètre ?next si défini, sinon affichera un message - + Will either follow the ?next parameter or redirect to the default interface Suivra le paramètre ?next ou redirigera vers l'interface par défaut - + Will notify the user the flow isn't applicable Notifiera l'utilisateur que le flux ne s'applique pas - + Decides the response when a policy denies access to this flow for a user. Décider de la réponse quand une politique refuse l'accès à ce flux pour un utilisateur. - + Appearance settings Paramètres d'apparence - + Layout Organisation - + Background Arrière-plan - + Background shown during execution. Arrière-plan utilisé durant l'exécution. - + Clear background Fond vide - + Delete currently set background image. Supprimer l'arrière plan actuellement défini - + Successfully imported flow. Flux importé avec succès - + .yaml files, which can be found on goauthentik.io and can be exported by authentik. Fichiers .yaml, qui peuvent être trouvés sur goauthentik.io et exportés par authentik. - + Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. Les flux décrivent une succession d'étapes pour authentifier, inscrire ou récupérer un utilisateur. Les étapes sont choisies en fonction des politiques qui leur sont appliquées. - + Flow(s) Flux - + Update Flow Mettre à jour le flux - + Create Flow Créer un flux - + Import Flow Importer un flux - + Successfully cleared flow cache Cache de flux vidé avec succès - + Failed to delete flow cache Impossible de vider le cache de flux - + Clear Flow cache Vider le cache de flux - + Are you sure you want to clear the flow cache? @@ -5827,258 +5827,258 @@ doesn't pass when either or both of the selected options are equal or above the Stage binding(s) Liaison(s) de l'étape - + Stage type Type d'étape - + Edit Stage Éditer l'étape - + Update Stage binding Mettre à jour la liaison de l'étape - + These bindings control if this stage will be applied to the flow. Ces liaisons contrôlent si cette étape sera appliquée au flux. - + No Stages bound Aucune étape liée - + No stages are currently bound to this flow. Aucune étape n'est actuellement liée à ce flux. - + Create Stage binding Créer une liaison d'étap - + Bind stage Lier une étape - + Bind existing stage Lier une étape existante - + Flow Overview Aperçu du flux - + Related actions Actions apparentées - + Execute flow Exécuter le flux - + Normal Normal - + with current user avec l'utilisateur actuel - + with inspector avec inspecteur - + Export flow Exporter le flux - + Export Exporter - + Stage Bindings Liaisons de l'étape - + These bindings control which users can access this flow. Ces liaisons contrôlent les utilisateurs qui peuvent accéder à ce flux. - + Event Log Journal d'évènements - + Event - Évènement + Évènement - + Event info Information d'évèvement - + Created Créé - + Successfully updated transport. Transport mis à jour avec succès - + Successfully created transport. Transport créé avec succès - + Local (notifications will be created within authentik) Local (les notifications seront créées dans authentik) - + Webhook (generic) Webhook (générique) - + Webhook (Slack/Discord) Webhook (Slack/Discord) - + Webhook URL URL Webhoo - + Webhook Mapping Mappage de Webhook - + Send once Envoyer une seule fois - + Only send notification once, for example when sending a webhook into a chat channel. Envoyer une seule fois la notification, par exemple lors de l'envoi d'un webhook dans un canal de discussion. - + Notification Transports Transports de notification - + Define how notifications are sent to users, like Email or Webhook. Définit les méthodes d'envoi des notifications aux utilisateurs, telles que courriel ou webhook. - + Notification transport(s) Transport(s) de notification - + Update Notification Transport Mettre à jour le transport de notification - + Create Notification Transport Créer une notification de transport - + Successfully updated rule. Règle mise à jour avec succès - + Successfully created rule. Règle créée avec succès - + Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. Sélectionner le groupe d'utilisateurs à qui les alertes seront envoyées. Si aucun groupe n'est sélectionné, cette règle est désactivée. - + Transports Transports - + Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. Sélectionnez les transports à utiliser pour notifier l'utilisateur. À défaut, la notification sera simplement affichée dans l'interface utilisateur authentik. - + Severity Sévérité - + Notification Rules Règles de notification - + Send notifications whenever a specific Event is created and matched by policies. Envoyez des notifications chaque fois qu'un événement spécifique est créé et correspond à des politiques. - + Sent to group Envoyé au groupe - + Notification rule(s) Règle(s) de notification - + None (rule disabled) Aucun (règle désactivée) - + Update Notification Rule Mettre à jour la règle de notification - + Create Notification Rule Créer une règles de notification - + These bindings control upon which events this rule triggers. @@ -6089,964 +6089,964 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti Outpost Deployment Info Info de déploiement de l'avant-poste - + View deployment documentation Voir la documentation de déploiement - + Click to copy token Cliquer pour copier le jeton - + If your authentik Instance is using a self-signed certificate, set this value. Activer cette option si votre instance authentik utilise un certificat auto-signé. - + If your authentik_host setting does not match the URL you want to login with, add this setting. Ajouter cette option si le paramètre authentik_host ne correspond pas à l'URL sur laquelle vous voulez ouvrir une session. - + Successfully updated outpost. Avant-poste mis à jour avec succès - + Successfully created outpost. Avant-poste créé avec succès - + Radius Rayon - + Integration Intégration - + Selecting an integration enables the management of the outpost by authentik. La sélection d'une intégration permet la gestion de l'avant-poste par authentik. - + You can only select providers that match the type of the outpost. Vous pouvez uniquement sélectionner des fournisseurs qui correspondent au type d'avant-poste. - + Configuration Configuration - + See more here: Voir plus ici: - + Documentation Documentation - + Last seen Vu pour la dernière fois - + , should be - , devrait être + , devrait être - + Hostname Nom d'hôte - + Not available Indisponible - + Last seen: - Vu pour la dernière fois : + Vu pour la dernière fois : - + Unknown type Type inconnu - + Outposts Avant-postes - + Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. Les avant-postes sont des déploiements de composants authentik pour supporter différents environnements et protocoles, comme des reverse proxies. - + Health and Version État et version - + Warning: authentik Domain is not configured, authentication will not work. Avertissement : le domaine d'authentik n'est pas configuré, l'authentification ne fonctionnera pas. - + Logging in via . - Connexion avec + Connexion avec . - + No integration active Aucune intégration active - + Update Outpost Mettre à jour l'avant-poste - + View Deployment Info Afficher les informations de déploiement - + Detailed health (one instance per column, data is cached so may be out of date) État détaillé (une instance par colonne, les données sont mises en cache et peuvent donc être périmées) - + Outpost(s) Avant-poste(s) - + Create Outpost Créer un avant-poste - + Successfully updated integration. Intégration mise à jour avec succès - + Successfully created integration. Intégration créé avec succès - + Local Local - + If enabled, use the local connection. Required Docker socket/Kubernetes Integration. Si activé, utiliser la connexion locale. Intégration Docker socket/Kubernetes requise. - + Docker URL URL Docker - + Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. - Peut être au format "unix://" pour une connexion à un service docker local, "ssh://" pour une connexion via SSH, ou "https://:2376" pour une connexion à un système distant. - + Peut être au format "unix://" pour une connexion à un service docker local, "ssh://" pour une connexion via SSH, ou "https://:2376" pour une connexion à un système distant. + CA which the endpoint's Certificate is verified against. Can be left empty for no validation. AC auprès de laquelle le certificat du terminal est vérifié. Peut être laissé vide en l'absence de validation. - + TLS Authentication Certificate/SSH Keypair Certificat TLS d'authentification/Pair de clé SSH - + Certificate/Key used for authentication. Can be left empty for no authentication. Certificat et clé utilisés pour l'authentification. Peut être laissé vide si pas d'authentification. - + When connecting via SSH, this keypair is used for authentication. Lors de la connexion SSH, cette paire de clé sera utilisée pour s'authentifier. - + Kubeconfig Kubeconfig - + Verify Kubernetes API SSL Certificate Vérifier le certificat SSL de l'API Kubernetes - + New outpost integration Nouvelle intégration d’avant-poste - + Create a new outpost integration. Créer une nouvelle intégration d’avant-poste. - + State État - + Unhealthy Malade - + Outpost integration(s) Intégration(s) d'avant-postes - + Successfully generated certificate-key pair. Paire clé/certificat générée avec succès. - + Common Name Nom Commun - + Subject-alt name Nom alternatif subject - + Optional, comma-separated SubjectAlt Names. Liste optionnelle de noms alternatifs (SubjetAlt Names), séparés par des virgules. - + Validity days Jours de validité - + Successfully updated certificate-key pair. Paire clé/certificat mise à jour avec succès. - + Successfully created certificate-key pair. Paire clé/certificat créée avec succès. - + PEM-encoded Certificate data. Données du certificat au format PEM - + Optional Private Key. If this is set, you can use this keypair for encryption. Clé privée optionnelle. Si définie, vous pouvez utiliser pour le chiffrement. - + Certificate-Key Pairs Paires de clé/certificat - + Import certificates of external providers or create certificates to sign requests with. Importer les certificats des fournisseurs externes ou créer des certificats pour signer les demandes. - + Private key available? Clé privée disponible ? - + Certificate-Key Pair(s) Paire(s) de clé/certificat - + Managed by authentik Géré par authentik - + Managed by authentik (Discovered) Géré par authentik (Découvert) - + Yes () - Oui ( + Oui ( ) - + No Non - + Update Certificate-Key Pair Mettre à jour la paire clé/certificat - + Certificate Fingerprint (SHA1) Empreinte du certificat (SHA1) - + Certificate Fingerprint (SHA256) Empreinte du certificat (SHA256) - + Certificate Subject Sujet du certificat - + Download Certificate Télécharger le certificat - + Download Private key Télécharger la clé privée - + Create Certificate-Key Pair Créer une paire clé/certificat - + Generate Générer - + Generate Certificate-Key Pair Générer une paire clé/certificat - + Successfully updated instance. Instance mise à jour avec succès. - + Successfully created instance. Instance créée avec succès. - + Disabled blueprints are never applied. Les plans désactivés ne sont jamais appliqués. - + Local path Chemin local - + OCI Registry Registre OCI - + Internal Interne - + OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. URL OCI, au format oci://registry.domain.tld/path/to/manifest. - + See more about OCI support here: Voir plus à propos du support OCI ici : - + Blueprint Plan - + Configure the blueprint context, used for templating. Configurer le contexte du plan, utilisé pour modéliser. - + Orphaned Orphelin - + Blueprints Plans - + Automate and template configuration within authentik. Automatiser et modéliser la configuration au sein d'authentik. - + Last applied Dernière application - + Blueprint(s) Plan(s) - + Update Blueprint Mettre à jour le plan - + Create Blueprint Instance Créer une instance du plan - + API Requests Requêtes d'API - + Open API Browser Ouvrir le navigateur API - + Notifications Notifications - + unread non-lu - + Successfully cleared notifications Notifications effacées avec succès - + Clear all Tout vider - + A newer version of the frontend is available. Une nouvelle version de l'interface est disponible. - + You're currently impersonating . Click to stop. - Vous vous faites actuellement passer pour + Vous vous faites actuellement passer pour . Cliquer pour arrêter. - + User interface Interface utilisateur - + Dashboards Tableaux de bord - + Events Évènements - + Logs Logs - + Customisation Personalisation - + Directory Répertoire - + System Système - + Certificates Certificats - + Outpost Integrations Intégration d’avant-postes - + API request failed Requête d'API échouée - + User's avatar Avatar de l'utilisateu - + Something went wrong! Please try again later. Une erreur s'est produite ! Veuillez réessayer plus tard. - + Request ID ID de requête - + You may close this page now. Vous pouvez maintenant fermer cette page. - + You're about to be redirect to the following URL. Vous allez être redirigé vers l'URL suivante. - + Follow redirect Suivre la redirection - + Request has been denied. La requête a été refusée. - + Not you? Pas vous ? - + Need an account? Besoin d'un compte ? - + Sign up. S'enregistrer. - + Forgot username or password? Mot de passe ou nom d'utilisateur oublié ? - + Select one of the sources below to login. Sélectionnez l'une des sources ci-dessous pour se connecter. - + Or Ou - + Use a security key Utiliser une clé de sécurité - + Login to continue to . - Connectez-vous pour continuer sur + Connectez-vous pour continuer sur . - + Please enter your password Veuillez saisir votre mot de passe - + Forgot password? Mot de passe oublié ? - + Application requires following permissions: Cette application requiert les permissions suivantes : - + Application already has access to the following permissions: L’application a déjà accès aux permissions suivantes : - + Application requires following new permissions: Cette application requiert de nouvelles permissions : - + Check your Inbox for a verification email. Vérifiez votre boite de réception pour un courriel de vérification. - + Send Email again. Renvoyer le courriel. - + Successfully copied TOTP Config. Configuration TOTP copiée avec succès - + Copy Copier - + Code Code - + Please enter your TOTP Code Veuillez saisir votre code TOTP - + Duo activation QR code Code QR d'activation Duo - + Alternatively, if your current device has Duo installed, click on this link: Sinon, si Duo est installé sur cet appareil, cliquez sur ce lien : - + Duo activation Activation Duo - + Check status Vérifier le statut - + Make sure to keep these tokens in a safe place. Veuillez à conserver ces jetons dans un endroit sûr. - + Phone number Numéro de téléphone - + Please enter your Phone number. Veuillez entrer votre numéro de téléphone - + Please enter the code you received via SMS Veuillez entrer le code que vous avez reçu par SMS - + A code has been sent to you via SMS. Un code vous a été envoyé par SMS. - + Open your two-factor authenticator app to view your authentication code. Ouvrez votre application d'authentification à deux facteurs pour afficher votre code d'authentification. - + Static token Jeton statique - + Authentication code Code d'authentification - + Please enter your code Veuillez saisir votre code - + Return to device picker Retourner à la sélection d'appareil - + Sending Duo push notification Envoi de notifications push Duo - + Assertions is empty L'assertion est vide - + Error when creating credential: - Erreur lors de la création des identifiants : + Erreur lors de la création des identifiants : - + Error when validating assertion on server: - Erreur lors de la validation de l'assertion sur le serveur : + Erreur lors de la validation de l'assertion sur le serveur : - + Retry authentication Réessayer l'authentification - + Duo push-notifications Notification push Duo - + Receive a push notification on your device. Recevoir une notification push sur votre appareil. - + Authenticator Authentificateur - + Use a security key to prove your identity. Utilisez une clé de sécurité pour prouver votre identité. - + Traditional authenticator Authentificateur traditionnel - + Use a code-based authenticator. Utiliser un authentifieur à code. - + Recovery keys Clés de récupération - + In case you can't access any other method. Au cas où aucune autre méthode ne soit disponible. - + SMS SMS - + Tokens sent via SMS. Jeton envoyé par SMS - + Select an authentication method. Sélectionnez une méthode d'authentification - + Stay signed in? Rester connecté ? - + Select Yes to reduce the number of times you're asked to sign in. Sélectionnez Oui pour réduire le nombre de fois où l'on vous demande de vous connecter. - + Authenticating with Plex... Authentification avec Plex... - + Waiting for authentication... En attente de l'authentification... - + If no Plex popup opens, click the button below. Si aucune fenêtre contextuelle Plex ne s'ouvre, cliquez sur le bouton ci-dessous. - + Open login Ouvrir la connexion - + Authenticating with Apple... Authentification avec Apple... - + Retry Recommencer - + Enter the code shown on your device. Saisissez le code indiqué sur votre appareil. - + Please enter your Code Veuillez entrer votre code - + You've successfully authenticated your device. Vous avez authentifié votre appareil avec succès. - + Flow inspector Inspecteur de flux - + Next stage Étape suivante - + Stage name Nom de l'étape - + Stage kind Type d'étap - + Stage object Objet étap - + This flow is completed. Ce flux est terminé. - + Plan history Historique du plan - + Current plan context Contexte du plan courant - + Session ID ID de session - + Powered by authentik Propulsé par authentik - + Background image Image d'arrière-plan - + Error creating credential: - Erreur lors de la création des identifiants : + Erreur lors de la création des identifiants : - + Server validation of credential failed: - Erreur lors de la validation des identifiants par le serveur : + Erreur lors de la validation des identifiants par le serveur : - + Register device Enregistrer un appareil - + Refer to documentation @@ -7055,7 +7055,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti No Applications available. Aucune Application disponible. - + Either no applications are defined, or you don’t have access to any. @@ -7064,186 +7064,186 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti My Applications Mes Applications - + My applications Mes applications - + Change your password Changer votre mot de passe - + Change password Changer le mot de passe - + - + Save Enregistrer - + Delete account Supprimer le compte - + Successfully updated details Détails mis à jour avec succès - + Open settings Ouvrir les paramètres - + No settings flow configured. Aucun flux de paramètres n'est configuré. - + Update details Détails de la mise à jour - + Successfully disconnected source Source déconnectée avec succès - + Failed to disconnected source: - Erreur de la déconnexion source : + Erreur de la déconnexion source : - + Disconnect Déconnecter - + Connect Connecter - + Error: unsupported source settings: - Erreur : configuration de la source non-supportée : + Erreur : configuration de la source non-supportée : - + Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. Connectez votre compte aux service listés ci-dessous, cela vous permettra de les utiliser pour vous connecter au lieu des identifiants traditionnels. - + No services available. Aucun service disponible - + Create App password Créer un mot de passe App - + User details Détails de l'utilisateur - + Consent Approbation - + MFA Devices Appareils de MFA - + Connected services Services connectés - + Tokens and App passwords Jetons et mots de passe d'application - + Unread notifications Notifications non lues - + Admin interface Interface d'administration - + Stop impersonation Arrêter l'appropriation utilisateu - + Avatar image Image d'avatar - + Failed Échoué - + Unsynced / N/A Non synchronisé / N/A - + Outdated outposts Avant-postes périmés - + Unhealthy outposts Avant-postes malades - + Next Suivant - + Inactive Inactif - + Regular user Utilisateur normal - + Activate Activer - + Use Server URI for SNI verification @@ -7579,7 +7579,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). - Utilisez ce fournisseur avec l'option "auth_request" de Nginx ou "forwardAuth" de Traefik. Chaque application/domaine a besoin de son propre fournisseur. De plus, sur chaque domaine, "/outpost.goauthentik.io" doit être routé vers le poste avancé (lorsque vous utilisez un poste avancé géré, cela est fait pour vous). + Utilisez ce fournisseur avec l'option "auth_request" de Nginx ou "forwardAuth" de Traefik. Chaque application/domaine a besoin de son propre fournisseur. De plus, sur chaque domaine, "/outpost.goauthentik.io" doit être routé vers le poste avancé (lorsque vous utilisez un poste avancé géré, cela est fait pour vous). Default relay state @@ -7617,14 +7617,6 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti For transparent reverse proxies with required authentication Pour les reverses proxy transparents avec authentification requise - - For nginx's auth_request or traefik's forwardAuth - Pour nginx auth_request ou traefik forwardAuth - - - For nginx's auth_request or traefik's forwardAuth per root domain - Pour nginx auth_request ou traefik forwardAuth par domaine racine - Configure SAML provider manually Configurer le fournisseur SAML manuellement @@ -7931,15 +7923,18 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti <No name set> <No name set> - - Check the release notes - - - User Statistics - User type used for newly created users. + + + For nginx's auth_request or traefik's forwardAuth + + + For nginx's auth_request or traefik's forwardAuth per root domain + + + RBAC is in preview. - \ No newline at end of file + diff --git a/web/xliff/pl.xlf b/web/xliff/pl.xlf index 1cf15b38d..4adcffad0 100644 --- a/web/xliff/pl.xlf +++ b/web/xliff/pl.xlf @@ -5921,12 +5921,6 @@ Bindings to groups/users are checked against the user of the event. For transparent reverse proxies with required authentication - - For nginx's auth_request or traefik's forwardAuth - - - For nginx's auth_request or traefik's forwardAuth per root domain - Configure SAML provider manually @@ -6154,6 +6148,18 @@ Bindings to groups/users are checked against the user of the event. <No name set> + + + For nginx's auth_request or traefik's forwardAuth + + + For nginx's auth_request or traefik's forwardAuth per root domain + + + RBAC is in preview. + + + User type used for newly created users. diff --git a/web/xliff/pseudo-LOCALE.xlf b/web/xliff/pseudo-LOCALE.xlf index fa150bd11..ea95aff17 100644 --- a/web/xliff/pseudo-LOCALE.xlf +++ b/web/xliff/pseudo-LOCALE.xlf @@ -7557,14 +7557,6 @@ Bindings to groups/users are checked against the user of the event. For transparent reverse proxies with required authentication Ƒōŕ ţŕàńśƥàŕēńţ ŕēvēŕśē ƥŕōxĩēś ŵĩţĥ ŕēǫũĩŕēď àũţĥēńţĩćàţĩōń - - For nginx's auth_request or traefik's forwardAuth - Ƒōŕ ńĝĩńx'ś àũţĥ_ŕēǫũēśţ ōŕ ţŕàēƒĩx'ś ƒōŕŵàŕďÀũţĥ - - - For nginx's auth_request or traefik's forwardAuth per root domain - Ƒōŕ ńĝĩńx'ś àũţĥ_ŕēǫũēśţ ōŕ ţŕàēƒĩx'ś ƒōŕŵàŕďÀũţĥ ƥēŕ ŕōōţ ďōmàĩń - Configure SAML provider manually Ćōńƒĩĝũŕē ŚÀMĹ ƥŕōvĩďēŕ màńũàĺĺŷ @@ -7844,4 +7836,16 @@ Bindings to groups/users are checked against the user of the event. <No name set> + + For nginx's auth_request or traefik's forwardAuth + + + For nginx's auth_request or traefik's forwardAuth per root domain + + + RBAC is in preview. + + + User type used for newly created users. + diff --git a/web/xliff/tr.xlf b/web/xliff/tr.xlf index 775f403d2..ce5e8e6f1 100644 --- a/web/xliff/tr.xlf +++ b/web/xliff/tr.xlf @@ -5706,12 +5706,6 @@ Bindings to groups/users are checked against the user of the event. For transparent reverse proxies with required authentication - - For nginx's auth_request or traefik's forwardAuth - - - For nginx's auth_request or traefik's forwardAuth per root domain - Configure SAML provider manually @@ -5939,6 +5933,18 @@ Bindings to groups/users are checked against the user of the event. <No name set> + + + For nginx's auth_request or traefik's forwardAuth + + + For nginx's auth_request or traefik's forwardAuth per root domain + + + RBAC is in preview. + + + User type used for newly created users. diff --git a/web/xliff/zh-Hans.xlf b/web/xliff/zh-Hans.xlf index 5899f2fcb..1359fd684 100644 --- a/web/xliff/zh-Hans.xlf +++ b/web/xliff/zh-Hans.xlf @@ -1,4 +1,4 @@ - + @@ -613,9 +613,9 @@ - The URL "" was not found. - 未找到 URL " - "。 + The URL "" was not found. + 未找到 URL " + "。 @@ -1057,8 +1057,8 @@ - To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. - 要允许任何重定向 URI,请将此值设置为 ".*"。请注意这可能带来的安全影响。 + To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. + 要允许任何重定向 URI,请将此值设置为 ".*"。请注意这可能带来的安全影响。 @@ -1799,8 +1799,8 @@ - Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". - 输入完整 URL、相对路径,或者使用 'fa://fa-test' 来使用 Font Awesome 图标 "fa-test"。 + Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". + 输入完整 URL、相对路径,或者使用 'fa://fa-test' 来使用 Font Awesome 图标 "fa-test"。 @@ -3013,8 +3013,8 @@ doesn't pass when either or both of the selected options are equal or above the - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' - 包含组成员的字段。请注意,如果使用 "memberUid" 字段,则假定该值包含相对可分辨名称。例如,'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...' + Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' + 包含组成员的字段。请注意,如果使用 "memberUid" 字段,则假定该值包含相对可分辨名称。例如,'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...' @@ -3806,8 +3806,8 @@ doesn't pass when either or both of the selected options are equal or above the - When using an external logging solution for archiving, this can be set to "minutes=5". - 使用外部日志记录解决方案进行存档时,可以将其设置为 "minutes=5"。 + When using an external logging solution for archiving, this can be set to "minutes=5". + 使用外部日志记录解决方案进行存档时,可以将其设置为 "minutes=5"。 @@ -3816,8 +3816,8 @@ doesn't pass when either or both of the selected options are equal or above the - Format: "weeks=3;days=2;hours=3,seconds=2". - 格式:"weeks=3;days=2;hours=3,seconds=2"。 + Format: "weeks=3;days=2;hours=3,seconds=2". + 格式:"weeks=3;days=2;hours=3,seconds=2"。 @@ -4013,10 +4013,10 @@ doesn't pass when either or both of the selected options are equal or above the - Are you sure you want to update ""? + Are you sure you want to update ""? 您确定要更新 - " - " 吗? + " + " 吗? @@ -5102,7 +5102,7 @@ doesn't pass when either or both of the selected options are equal or above the - A "roaming" authenticator, like a YubiKey + A "roaming" authenticator, like a YubiKey 像 YubiKey 这样的“漫游”身份验证器 @@ -5437,10 +5437,10 @@ doesn't pass when either or both of the selected options are equal or above the - ("", of type ) + ("", of type ) - (" - ",类型为 + (" + ",类型为 @@ -5489,7 +5489,7 @@ doesn't pass when either or both of the selected options are equal or above the - If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. 如果设置时长大于 0,用户可以选择“保持登录”选项,这将使用户的会话延长此处设置的时间。 @@ -7620,14 +7620,6 @@ Bindings to groups/users are checked against the user of the event. For transparent reverse proxies with required authentication 适用于需要验证身份的透明反向代理 - - For nginx's auth_request or traefik's forwardAuth - 适用于 nginx 的 auth_request 或 traefik 的 forwardAuth - - - For nginx's auth_request or traefik's forwardAuth per root domain - 适用于按根域名配置的 nginx 的 auth_request 或 traefik 的 forwardAuth - Configure SAML provider manually 手动配置 SAML 提供程序 @@ -7933,7 +7925,19 @@ Bindings to groups/users are checked against the user of the event. <No name set> <未设置名称> + + + For nginx's auth_request or traefik's forwardAuth + + + For nginx's auth_request or traefik's forwardAuth per root domain + + + RBAC is in preview. + + + User type used for newly created users. - \ No newline at end of file + diff --git a/web/xliff/zh-Hant.xlf b/web/xliff/zh-Hant.xlf index 03c3d535a..635ce3b63 100644 --- a/web/xliff/zh-Hant.xlf +++ b/web/xliff/zh-Hant.xlf @@ -5754,12 +5754,6 @@ Bindings to groups/users are checked against the user of the event. For transparent reverse proxies with required authentication - - For nginx's auth_request or traefik's forwardAuth - - - For nginx's auth_request or traefik's forwardAuth per root domain - Configure SAML provider manually @@ -5987,6 +5981,18 @@ Bindings to groups/users are checked against the user of the event. <No name set> + + + For nginx's auth_request or traefik's forwardAuth + + + For nginx's auth_request or traefik's forwardAuth per root domain + + + RBAC is in preview. + + + User type used for newly created users. diff --git a/web/xliff/zh_TW.xlf b/web/xliff/zh_TW.xlf index ed8957fe9..50b7d138f 100644 --- a/web/xliff/zh_TW.xlf +++ b/web/xliff/zh_TW.xlf @@ -5753,12 +5753,6 @@ Bindings to groups/users are checked against the user of the event. For transparent reverse proxies with required authentication - - For nginx's auth_request or traefik's forwardAuth - - - For nginx's auth_request or traefik's forwardAuth per root domain - Configure SAML provider manually @@ -5986,6 +5980,18 @@ Bindings to groups/users are checked against the user of the event. <No name set> + + + For nginx's auth_request or traefik's forwardAuth + + + For nginx's auth_request or traefik's forwardAuth per root domain + + + RBAC is in preview. + + + User type used for newly created users. From f22daca09132f72b0493a6d3aaee6cdb499ee176 Mon Sep 17 00:00:00 2001 From: Jens L Date: Fri, 27 Oct 2023 12:51:49 +0200 Subject: [PATCH 34/38] website/docs: add warning about upgrading to 2023.10 (#7340) Signed-off-by: Jens Langhammer --- website/docs/releases/2023/v2023.10.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/website/docs/releases/2023/v2023.10.md b/website/docs/releases/2023/v2023.10.md index e9fba9bc2..0a181f9a0 100644 --- a/website/docs/releases/2023/v2023.10.md +++ b/website/docs/releases/2023/v2023.10.md @@ -3,7 +3,9 @@ title: Release 2023.10 slug: "/releases/2023.10" --- - +## Breaking changes + +- It is only possible to upgrade to 2023.10 from 2023.8. This is due to a bug in the migrations which will be fixed in a future release (#7326). ## New features From 83b84e8d26b3680b2c4e2f2aea34075ecbdf7500 Mon Sep 17 00:00:00 2001 From: Jens L Date: Fri, 27 Oct 2023 13:38:44 +0200 Subject: [PATCH 35/38] rbac: handle lookup error (#7341) Signed-off-by: Jens Langhammer --- authentik/rbac/api/rbac.py | 14 ++++++++++---- authentik/rbac/api/rbac_roles.py | 14 ++++++++++---- authentik/rbac/api/rbac_users.py | 14 ++++++++++---- 3 files changed, 30 insertions(+), 12 deletions(-) diff --git a/authentik/rbac/api/rbac.py b/authentik/rbac/api/rbac.py index 3f468f483..2ce5b8d33 100644 --- a/authentik/rbac/api/rbac.py +++ b/authentik/rbac/api/rbac.py @@ -32,13 +32,19 @@ class PermissionSerializer(ModelSerializer): def get_app_label_verbose(self, instance: Permission) -> str: """Human-readable app label""" - return apps.get_app_config(instance.content_type.app_label).verbose_name + try: + return apps.get_app_config(instance.content_type.app_label).verbose_name + except LookupError: + return f"{instance.content_type.app_label}.{instance.content_type.model}" def get_model_verbose(self, instance: Permission) -> str: """Human-readable model name""" - return apps.get_model( - instance.content_type.app_label, instance.content_type.model - )._meta.verbose_name + try: + return apps.get_model( + instance.content_type.app_label, instance.content_type.model + )._meta.verbose_name + except LookupError: + return f"{instance.content_type.app_label}.{instance.content_type.model}" class Meta: model = Permission diff --git a/authentik/rbac/api/rbac_roles.py b/authentik/rbac/api/rbac_roles.py index 162a3225b..1c48169a2 100644 --- a/authentik/rbac/api/rbac_roles.py +++ b/authentik/rbac/api/rbac_roles.py @@ -28,9 +28,12 @@ class ExtraRoleObjectPermissionSerializer(RoleObjectPermissionSerializer): def get_model_verbose(self, instance: GroupObjectPermission) -> str: """Get model label from permission's model""" - return apps.get_model( - instance.content_type.app_label, instance.content_type.model - )._meta.verbose_name + try: + return apps.get_model( + instance.content_type.app_label, instance.content_type.model + )._meta.verbose_name + except LookupError: + return f"{instance.content_type.app_label}.{instance.content_type.model}" def get_object_description(self, instance: GroupObjectPermission) -> Optional[str]: """Get model description from attached model. This operation takes at least @@ -38,7 +41,10 @@ class ExtraRoleObjectPermissionSerializer(RoleObjectPermissionSerializer): view_ permission on the object""" app_label = instance.content_type.app_label model = instance.content_type.model - model_class = apps.get_model(app_label, model) + try: + model_class = apps.get_model(app_label, model) + except LookupError: + return None objects = get_objects_for_group(instance.group, f"{app_label}.view_{model}", model_class) obj = objects.first() if not obj: diff --git a/authentik/rbac/api/rbac_users.py b/authentik/rbac/api/rbac_users.py index 04f3fcabd..636b327f3 100644 --- a/authentik/rbac/api/rbac_users.py +++ b/authentik/rbac/api/rbac_users.py @@ -28,9 +28,12 @@ class ExtraUserObjectPermissionSerializer(UserObjectPermissionSerializer): def get_model_verbose(self, instance: UserObjectPermission) -> str: """Get model label from permission's model""" - return apps.get_model( - instance.content_type.app_label, instance.content_type.model - )._meta.verbose_name + try: + return apps.get_model( + instance.content_type.app_label, instance.content_type.model + )._meta.verbose_name + except LookupError: + return f"{instance.content_type.app_label}.{instance.content_type.model}" def get_object_description(self, instance: UserObjectPermission) -> Optional[str]: """Get model description from attached model. This operation takes at least @@ -38,7 +41,10 @@ class ExtraUserObjectPermissionSerializer(UserObjectPermissionSerializer): view_ permission on the object""" app_label = instance.content_type.app_label model = instance.content_type.model - model_class = apps.get_model(app_label, model) + try: + model_class = apps.get_model(app_label, model) + except LookupError: + return None objects = get_objects_for_user(instance.user, f"{app_label}.view_{model}", model_class) obj = objects.first() if not obj: From 41d372a340fc0ac2cbda77022f63e3f29ff81f62 Mon Sep 17 00:00:00 2001 From: Jens L Date: Fri, 27 Oct 2023 16:28:18 +0200 Subject: [PATCH 36/38] web/admin: fix @change handler for ak-radio elements (#7348) Signed-off-by: Jens Langhammer --- .../oauth/ak-application-wizard-authentication-by-oauth.ts | 4 ++-- web/src/admin/events/TransportForm.ts | 4 ++-- web/src/admin/providers/oauth2/OAuth2ProviderForm.ts | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/web/src/admin/applications/wizard/methods/oauth/ak-application-wizard-authentication-by-oauth.ts b/web/src/admin/applications/wizard/methods/oauth/ak-application-wizard-authentication-by-oauth.ts index 44c71b0a3..62893a6af 100644 --- a/web/src/admin/applications/wizard/methods/oauth/ak-application-wizard-authentication-by-oauth.ts +++ b/web/src/admin/applications/wizard/methods/oauth/ak-application-wizard-authentication-by-oauth.ts @@ -114,8 +114,8 @@ export class ApplicationWizardAuthenticationByOauth extends BaseProviderPanel { label=${msg("Client type")} .value=${provider?.clientType} required - @change=${(ev: CustomEvent) => { - this.showClientSecret = ev.detail !== ClientTypeEnum.Public; + @change=${(ev: CustomEvent<{ value: ClientTypeEnum }>) => { + this.showClientSecret = ev.detail.value !== ClientTypeEnum.Public; }} .options=${clientTypeOptions} > diff --git a/web/src/admin/events/TransportForm.ts b/web/src/admin/events/TransportForm.ts index 46fce43cb..1554d7007 100644 --- a/web/src/admin/events/TransportForm.ts +++ b/web/src/admin/events/TransportForm.ts @@ -78,8 +78,8 @@ export class TransportForm extends ModelForm { ) => { - this.onModeChange(ev.detail); + @change=${(ev: CustomEvent<{ value: NotificationTransportModeEnum }>) => { + this.onModeChange(ev.detail.value); }} .options=${[ { diff --git a/web/src/admin/providers/oauth2/OAuth2ProviderForm.ts b/web/src/admin/providers/oauth2/OAuth2ProviderForm.ts index 95bb9fdae..c98ae860f 100644 --- a/web/src/admin/providers/oauth2/OAuth2ProviderForm.ts +++ b/web/src/admin/providers/oauth2/OAuth2ProviderForm.ts @@ -210,8 +210,8 @@ export class OAuth2ProviderFormPage extends ModelForm { label=${msg("Client type")} .value=${provider?.clientType} required - @change=${(ev: CustomEvent) => { - this.showClientSecret = ev.detail !== ClientTypeEnum.Public; + @change=${(ev: CustomEvent<{ value: ClientTypeEnum }>) => { + this.showClientSecret = ev.detail.value !== ClientTypeEnum.Public; }} .options=${clientTypeOptions} > From 15d7175750841d5500017f11ba9c7fd6fe820588 Mon Sep 17 00:00:00 2001 From: Jens L Date: Fri, 27 Oct 2023 16:28:56 +0200 Subject: [PATCH 37/38] blueprints: fix entries with state: absent not being deleted if their serializer has errors (#7345) Signed-off-by: Jens Langhammer --- authentik/blueprints/v1/common.py | 7 ++++++- authentik/blueprints/v1/importer.py | 18 ++++++++++++------ authentik/blueprints/v1/tasks.py | 2 +- 3 files changed, 19 insertions(+), 8 deletions(-) diff --git a/authentik/blueprints/v1/common.py b/authentik/blueprints/v1/common.py index 6d41ac988..997fecc6f 100644 --- a/authentik/blueprints/v1/common.py +++ b/authentik/blueprints/v1/common.py @@ -584,12 +584,17 @@ class EntryInvalidError(SentryIgnoredException): entry_model: Optional[str] entry_id: Optional[str] validation_error: Optional[ValidationError] + serializer: Optional[Serializer] = None - def __init__(self, *args: object, validation_error: Optional[ValidationError] = None) -> None: + def __init__( + self, *args: object, validation_error: Optional[ValidationError] = None, **kwargs + ) -> None: super().__init__(*args) self.entry_model = None self.entry_id = None self.validation_error = validation_error + for key, value in kwargs.items(): + setattr(self, key, value) @staticmethod def from_entry( diff --git a/authentik/blueprints/v1/importer.py b/authentik/blueprints/v1/importer.py index f2191548e..eb4942958 100644 --- a/authentik/blueprints/v1/importer.py +++ b/authentik/blueprints/v1/importer.py @@ -255,7 +255,10 @@ class Importer: try: full_data = self.__update_pks_for_attrs(entry.get_attrs(self._import)) except ValueError as exc: - raise EntryInvalidError.from_entry(exc, entry) from exc + raise EntryInvalidError.from_entry( + exc, + entry, + ) from exc always_merger.merge(full_data, updated_identifiers) serializer_kwargs["data"] = full_data @@ -272,6 +275,7 @@ class Importer: f"Serializer errors {serializer.errors}", validation_error=exc, entry=entry, + serializer=serializer, ) from exc return serializer @@ -300,16 +304,18 @@ class Importer: ) return False # Validate each single entry + serializer = None try: serializer = self._validate_single(entry) except EntryInvalidError as exc: # For deleting objects we don't need the serializer to be valid if entry.get_state(self._import) == BlueprintEntryDesiredState.ABSENT: - continue - self.logger.warning(f"entry invalid: {exc}", entry=entry, error=exc) - if raise_errors: - raise exc - return False + serializer = exc.serializer + else: + self.logger.warning(f"entry invalid: {exc}", entry=entry, error=exc) + if raise_errors: + raise exc + return False if not serializer: continue diff --git a/authentik/blueprints/v1/tasks.py b/authentik/blueprints/v1/tasks.py index 194a01748..8ff86c996 100644 --- a/authentik/blueprints/v1/tasks.py +++ b/authentik/blueprints/v1/tasks.py @@ -82,7 +82,7 @@ class BlueprintEventHandler(FileSystemEventHandler): path = Path(event.src_path) root = Path(CONFIG.get("blueprints_dir")).absolute() rel_path = str(path.relative_to(root)) - for instance in BlueprintInstance.objects.filter(path=rel_path): + for instance in BlueprintInstance.objects.filter(path=rel_path, enabled=True): LOGGER.debug("modified blueprint file, starting apply", instance=instance) apply_blueprint.delay(instance.pk.hex) From ad9f500ad15dd036ecfa787c261c3f42e56eac4d Mon Sep 17 00:00:00 2001 From: Jens L Date: Fri, 27 Oct 2023 16:29:10 +0200 Subject: [PATCH 38/38] crypto: fix race conditions when creating self-signed certificates on startup (#7344) Signed-off-by: Jens Langhammer --- authentik/crypto/apps.py | 45 +++++++++++++++++++++++----------------- 1 file changed, 26 insertions(+), 19 deletions(-) diff --git a/authentik/crypto/apps.py b/authentik/crypto/apps.py index 559ca3db5..bed1ab811 100644 --- a/authentik/crypto/apps.py +++ b/authentik/crypto/apps.py @@ -1,13 +1,10 @@ """authentik crypto app config""" from datetime import datetime -from typing import TYPE_CHECKING, Optional +from typing import Optional from authentik.blueprints.apps import ManagedAppConfig from authentik.lib.generators import generate_id -if TYPE_CHECKING: - from authentik.crypto.models import CertificateKeyPair - MANAGED_KEY = "goauthentik.io/crypto/jwt-managed" @@ -23,33 +20,37 @@ class AuthentikCryptoConfig(ManagedAppConfig): """Load crypto tasks""" self.import_module("authentik.crypto.tasks") - def _create_update_cert(self, cert: Optional["CertificateKeyPair"] = None): + def _create_update_cert(self): from authentik.crypto.builder import CertificateBuilder from authentik.crypto.models import CertificateKeyPair - builder = CertificateBuilder("authentik Internal JWT Certificate") + common_name = "authentik Internal JWT Certificate" + builder = CertificateBuilder(common_name) builder.build( subject_alt_names=["goauthentik.io"], validity_days=360, ) - if not cert: - cert = CertificateKeyPair() - builder.cert = cert - builder.cert.managed = MANAGED_KEY - builder.save() + CertificateKeyPair.objects.update_or_create( + managed=MANAGED_KEY, + defaults={ + "name": common_name, + "certificate_data": builder.certificate, + "key_data": builder.private_key, + }, + ) def reconcile_managed_jwt_cert(self): """Ensure managed JWT certificate""" from authentik.crypto.models import CertificateKeyPair - certs = CertificateKeyPair.objects.filter(managed=MANAGED_KEY) - if not certs.exists(): - self._create_update_cert() - return - cert: CertificateKeyPair = certs.first() + cert: Optional[CertificateKeyPair] = CertificateKeyPair.objects.filter( + managed=MANAGED_KEY + ).first() now = datetime.now() - if now < cert.certificate.not_valid_before or now > cert.certificate.not_valid_after: - self._create_update_cert(cert) + if not cert or ( + now < cert.certificate.not_valid_before or now > cert.certificate.not_valid_after + ): + self._create_update_cert() def reconcile_self_signed(self): """Create self-signed keypair""" @@ -61,4 +62,10 @@ class AuthentikCryptoConfig(ManagedAppConfig): return builder = CertificateBuilder(name) builder.build(subject_alt_names=[f"{generate_id()}.self-signed.goauthentik.io"]) - builder.save() + CertificateKeyPair.objects.get_or_create( + name=name, + defaults={ + "certificate_data": builder.certificate, + "key_data": builder.private_key, + }, + )