From ca6a4a09c643575ee97d622e82fd7424b1bc6196 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Mar 2024 09:33:44 -0400 Subject: [PATCH 1/3] build(deps): bump actions/setup-python from 5.0.0 to 5.1.0 (#278) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.0.0 to 5.1.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/0a5c61591373683505ea898e09a3ea4f39ef2b9c...82c7e631bb3cdc910f68e0081d67478d79c6982d) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/python-build.yml | 2 +- .github/workflows/python-release.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/python-build.yml b/.github/workflows/python-build.yml index 68ca483c..d8a6e771 100644 --- a/.github/workflows/python-build.yml +++ b/.github/workflows/python-build.yml @@ -40,7 +40,7 @@ jobs: steps: - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: ${{ matrix.python-version }} diff --git a/.github/workflows/python-release.yml b/.github/workflows/python-release.yml index f283c888..b5e443f8 100644 --- a/.github/workflows/python-release.yml +++ b/.github/workflows/python-release.yml @@ -15,7 +15,7 @@ jobs: steps: - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: "3.x" From 0473f8384ece1e6a6aecc751e81a1770a0df05f8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 28 Mar 2024 07:59:28 +0100 Subject: [PATCH 2/3] build(deps): bump the protobuf group in /java with 2 updates (#280) --- java/build.gradle.kts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/java/build.gradle.kts b/java/build.gradle.kts index 4f974ae0..cd473ce3 100644 --- a/java/build.gradle.kts +++ b/java/build.gradle.kts @@ -22,7 +22,7 @@ repositories { } dependencies { - implementation("com.google.protobuf:protobuf-java:4.26.0") + implementation("com.google.protobuf:protobuf-java:4.26.1") implementation("com.google.api.grpc:proto-google-common-protos:2.37.1") } @@ -39,7 +39,7 @@ java { protobuf { protoc { - artifact = "com.google.protobuf:protoc:4.26.0" + artifact = "com.google.protobuf:protoc:4.26.1" } } From 0d09353d57c5458e757f84e27a7bf8ac677b28d5 Mon Sep 17 00:00:00 2001 From: Fredrik Skogman Date: Mon, 1 Apr 2024 22:39:36 +0200 Subject: [PATCH 3/3] Updated media type to a format compatible with OCI registries (#279) Signed-off-by: Fredrik Skogman --- gen/jsonschema/schemas/Bundle.schema.json | 6 +++--- gen/jsonschema/schemas/Input.schema.json | 8 ++++---- .../TimestampVerificationData.schema.json | 4 ++-- .../schemas/TrustedRoot.schema.json | 2 +- .../schemas/VerificationMaterial.schema.json | 4 ++-- gen/pb-go/bundle/v1/sigstore_bundle.pb.go | 9 ++++++--- .../trustroot/v1/sigstore_trustroot.pb.go | 6 +++++- .../dev/sigstore/bundle/v1/__init__.py | 8 +++++--- .../dev/sigstore/trustroot/v1/__init__.py | 7 ++++++- .../src/generated/dev.sigstore.bundle.v1.rs | 9 ++++++--- .../generated/dev.sigstore.trustroot.v1.rs | 6 +++++- .../src/generated/file_descriptor_set.bin | Bin 113941 -> 114261 bytes .../src/__generated__/sigstore_bundle.ts | 9 ++++++--- .../src/__generated__/sigstore_trustroot.ts | 8 +++++++- protos/sigstore_bundle.proto | 11 +++++++---- protos/sigstore_trustroot.proto | 6 +++++- 16 files changed, 70 insertions(+), 33 deletions(-) diff --git a/gen/jsonschema/schemas/Bundle.schema.json b/gen/jsonschema/schemas/Bundle.schema.json index e35435f0..467e8a35 100644 --- a/gen/jsonschema/schemas/Bundle.schema.json +++ b/gen/jsonschema/schemas/Bundle.schema.json @@ -6,7 +6,7 @@ "properties": { "mediaType": { "type": "string", - "description": "MUST be application/vnd.dev.sigstore.bundle+json;version=0.1 or application/vnd.dev.sigstore.bundle+json;version=0.2 or application/vnd.dev.sigstore.bundle+json;version=0.3 when encoded as JSON." + "description": "MUST be application/vnd.dev.sigstore.bundle.v0.3+json when when encoded as JSON. Clients must to be able to accept media type using the previously defined formats: * application/vnd.dev.sigstore.bundle+json;version=0.1 * application/vnd.dev.sigstore.bundle+json;version=0.2 * application/vnd.dev.sigstore.bundle+json;version=0.3" }, "verificationMaterial": { "$ref": "#/definitions/dev.sigstore.bundle.v1.VerificationMaterial", @@ -52,8 +52,8 @@ }, "additionalProperties": false, "type": "object", - "title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.3\n The semantic version is thus '0.3'.", - "description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.3 The semantic version is thus '0.3'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future." + "title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle.v0.3+json\n The semantic version is thus '0.3'.", + "description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle.v0.3+json The semantic version is thus '0.3'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future." }, "dev.sigstore.bundle.v1.VerificationMaterial": { "properties": { diff --git a/gen/jsonschema/schemas/Input.schema.json b/gen/jsonschema/schemas/Input.schema.json index 01aa6008..4d995c1f 100644 --- a/gen/jsonschema/schemas/Input.schema.json +++ b/gen/jsonschema/schemas/Input.schema.json @@ -39,7 +39,7 @@ "properties": { "mediaType": { "type": "string", - "description": "MUST be application/vnd.dev.sigstore.bundle+json;version=0.1 or application/vnd.dev.sigstore.bundle+json;version=0.2 or application/vnd.dev.sigstore.bundle+json;version=0.3 when encoded as JSON." + "description": "MUST be application/vnd.dev.sigstore.bundle.v0.3+json when when encoded as JSON. Clients must to be able to accept media type using the previously defined formats: * application/vnd.dev.sigstore.bundle+json;version=0.1 * application/vnd.dev.sigstore.bundle+json;version=0.2 * application/vnd.dev.sigstore.bundle+json;version=0.3" }, "verificationMaterial": { "$ref": "#/definitions/dev.sigstore.bundle.v1.VerificationMaterial", @@ -85,8 +85,8 @@ }, "additionalProperties": false, "type": "object", - "title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.3\n The semantic version is thus '0.3'.", - "description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.3 The semantic version is thus '0.3'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future." + "title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle.v0.3+json\n The semantic version is thus '0.3'.", + "description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle.v0.3+json The semantic version is thus '0.3'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future." }, "dev.sigstore.bundle.v1.VerificationMaterial": { "properties": { @@ -597,7 +597,7 @@ "properties": { "mediaType": { "type": "string", - "description": "MUST be application/vnd.dev.sigstore.trustedroot+json;version=0.1" + "description": "MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json when encoded as JSON. Clients MUST be able to process and parse content with the media type defined in the old format: application/vnd.dev.sigstore.trustedroot+json;version=0.1" }, "tlogs": { "items": { diff --git a/gen/jsonschema/schemas/TimestampVerificationData.schema.json b/gen/jsonschema/schemas/TimestampVerificationData.schema.json index d47fe95e..0a95207a 100644 --- a/gen/jsonschema/schemas/TimestampVerificationData.schema.json +++ b/gen/jsonschema/schemas/TimestampVerificationData.schema.json @@ -15,8 +15,8 @@ }, "additionalProperties": false, "type": "object", - "title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.3\n The semantic version is thus '0.3'.", - "description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.3 The semantic version is thus '0.3'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future." + "title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle.v0.3+json\n The semantic version is thus '0.3'.", + "description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle.v0.3+json The semantic version is thus '0.3'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future." }, "dev.sigstore.common.v1.RFC3161SignedTimestamp": { "properties": { diff --git a/gen/jsonschema/schemas/TrustedRoot.schema.json b/gen/jsonschema/schemas/TrustedRoot.schema.json index fd26f81b..8ee8a154 100644 --- a/gen/jsonschema/schemas/TrustedRoot.schema.json +++ b/gen/jsonschema/schemas/TrustedRoot.schema.json @@ -6,7 +6,7 @@ "properties": { "mediaType": { "type": "string", - "description": "MUST be application/vnd.dev.sigstore.trustedroot+json;version=0.1" + "description": "MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json when encoded as JSON. Clients MUST be able to process and parse content with the media type defined in the old format: application/vnd.dev.sigstore.trustedroot+json;version=0.1" }, "tlogs": { "items": { diff --git a/gen/jsonschema/schemas/VerificationMaterial.schema.json b/gen/jsonschema/schemas/VerificationMaterial.schema.json index e076fd2c..4530cb2b 100644 --- a/gen/jsonschema/schemas/VerificationMaterial.schema.json +++ b/gen/jsonschema/schemas/VerificationMaterial.schema.json @@ -65,8 +65,8 @@ }, "additionalProperties": false, "type": "object", - "title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.3\n The semantic version is thus '0.3'.", - "description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.3 The semantic version is thus '0.3'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future." + "title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle.v0.3+json\n The semantic version is thus '0.3'.", + "description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle.v0.3+json The semantic version is thus '0.3'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future." }, "dev.sigstore.common.v1.LogId": { "properties": { diff --git a/gen/pb-go/bundle/v1/sigstore_bundle.pb.go b/gen/pb-go/bundle/v1/sigstore_bundle.pb.go index 6803954b..6ba51cfe 100644 --- a/gen/pb-go/bundle/v1/sigstore_bundle.pb.go +++ b/gen/pb-go/bundle/v1/sigstore_bundle.pb.go @@ -261,10 +261,13 @@ type Bundle struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // MUST be application/vnd.dev.sigstore.bundle+json;version=0.1 - // or application/vnd.dev.sigstore.bundle+json;version=0.2 - // or application/vnd.dev.sigstore.bundle+json;version=0.3 + // MUST be application/vnd.dev.sigstore.bundle.v0.3+json when // when encoded as JSON. + // Clients must to be able to accept media type using the previously + // defined formats: + // * application/vnd.dev.sigstore.bundle+json;version=0.1 + // * application/vnd.dev.sigstore.bundle+json;version=0.2 + // * application/vnd.dev.sigstore.bundle+json;version=0.3 MediaType string `protobuf:"bytes,1,opt,name=media_type,json=mediaType,proto3" json:"media_type,omitempty"` // When a signer is identified by a X.509 certificate, a verifier MUST // verify that the signature was computed at the time the certificate diff --git a/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go b/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go index 21ec693f..31b193dd 100644 --- a/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go +++ b/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go @@ -243,7 +243,11 @@ type TrustedRoot struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // MUST be application/vnd.dev.sigstore.trustedroot+json;version=0.1 + // MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json + // when encoded as JSON. + // Clients MUST be able to process and parse content with the media + // type defined in the old format: + // application/vnd.dev.sigstore.trustedroot+json;version=0.1 MediaType string `protobuf:"bytes,1,opt,name=media_type,json=mediaType,proto3" json:"media_type,omitempty"` // A set of trusted Rekor servers. Tlogs []*TransparencyLogInstance `protobuf:"bytes,2,rep,name=tlogs,proto3" json:"tlogs,omitempty"` diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/bundle/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/bundle/v1/__init__.py index 6854ce0f..4acd86c8 100644 --- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/bundle/v1/__init__.py +++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/bundle/v1/__init__.py @@ -80,9 +80,11 @@ class VerificationMaterial(betterproto.Message): class Bundle(betterproto.Message): media_type: str = betterproto.string_field(1) """ - MUST be application/vnd.dev.sigstore.bundle+json;version=0.1 or - application/vnd.dev.sigstore.bundle+json;version=0.2 or - application/vnd.dev.sigstore.bundle+json;version=0.3 when encoded as JSON. + MUST be application/vnd.dev.sigstore.bundle.v0.3+json when when encoded as + JSON. Clients must to be able to accept media type using the previously + defined formats: * application/vnd.dev.sigstore.bundle+json;version=0.1 * + application/vnd.dev.sigstore.bundle+json;version=0.2 * + application/vnd.dev.sigstore.bundle+json;version=0.3 """ verification_material: "VerificationMaterial" = betterproto.message_field(2) diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py index 66c851ce..656980d3 100644 --- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py +++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py @@ -104,7 +104,12 @@ class TrustedRoot(betterproto.Message): """ media_type: str = betterproto.string_field(1) - """MUST be application/vnd.dev.sigstore.trustedroot+json;version=0.1""" + """ + MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json when encoded as + JSON. Clients MUST be able to process and parse content with the media type + defined in the old format: + application/vnd.dev.sigstore.trustedroot+json;version=0.1 + """ tlogs: List["TransparencyLogInstance"] = betterproto.message_field(2) """A set of trusted Rekor servers.""" diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.bundle.v1.rs b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.bundle.v1.rs index 9a49169c..b542a92d 100644 --- a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.bundle.v1.rs +++ b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.bundle.v1.rs @@ -151,10 +151,13 @@ pub mod verification_material { #[allow(clippy::derive_partial_eq_without_eq)] #[derive(Clone, PartialEq, ::prost::Message)] pub struct Bundle { - /// MUST be application/vnd.dev.sigstore.bundle+json;version=0.1 - /// or application/vnd.dev.sigstore.bundle+json;version=0.2 - /// or application/vnd.dev.sigstore.bundle+json;version=0.3 + /// MUST be application/vnd.dev.sigstore.bundle.v0.3+json when /// when encoded as JSON. + /// Clients must to be able to accept media type using the previously + /// defined formats: + /// * application/vnd.dev.sigstore.bundle+json;version=0.1 + /// * application/vnd.dev.sigstore.bundle+json;version=0.2 + /// * application/vnd.dev.sigstore.bundle+json;version=0.3 #[prost(string, tag = "1")] pub media_type: ::prost::alloc::string::String, /// When a signer is identified by a X.509 certificate, a verifier MUST diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs index 3fa8fa80..5fc8d291 100644 --- a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs +++ b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs @@ -109,7 +109,11 @@ pub struct CertificateAuthority { #[allow(clippy::derive_partial_eq_without_eq)] #[derive(Clone, PartialEq, ::prost::Message)] pub struct TrustedRoot { - /// MUST be application/vnd.dev.sigstore.trustedroot+json;version=0.1 + /// MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json + /// when encoded as JSON. + /// Clients MUST be able to process and parse content with the media + /// type defined in the old format: + /// application/vnd.dev.sigstore.trustedroot+json;version=0.1 #[prost(string, tag = "1")] pub media_type: ::prost::alloc::string::String, /// A set of trusted Rekor servers. diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin b/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin index 13c9ef2f1259bcd0aa75c81abd9c17ca973b68b0..e767640e63f6eb0b32f27fd394f31d32df150608 100644 GIT binary patch delta 1173 zcmaiz%TE(g6o-3ehC02GS|-sz1LOvk@X$hA9tC`0Txk>%k)4n9F+j^OQ#vzkiis5B zq6&#DlnKT^K#e9QK4#&{l?yhyaBEz!F;Np2Zj1?@JDsVra?{Lr@BN)~&&=2Rzx*G6 z`ztTuYl^F!u)n9^tq^z>Bm1O=pl{t?q>$pQa1M51#|qEGb9iBI&w~IYQtXe!dvm&` z+MgA8+DO*{2qC<{fyAp~kbL5ZAaI;d;)`N?_&sNBY(nR9%2YFo{5MQXbFxaDUn;9< zEhA@WQm5yqCMP0j84YUp&q)D3EAG$qqyN|D)PGM$$523?Rd*(5c}d6}AeR-L8B zoJ{itxtP^VT`3cqk!P|h7M;-w3rV9vA0@QM`nCiELeza4hT6hNoRIybf!(=*T{`Fy z4pcnQ;t`M3+D4uU&UhdR6|f)QfFs;;qZ0-{TM}D|i_VF*n1?*u9USsdWH@}CgoucZ zL3}9s*h=CW39|Y~{uK~!L!cHAeOPVi8)T6X!g{ z-m7roqKDXf6()*qZ?4vR6(&uxQTujyzG~mQ2@+hYLa4*d@mRGAhxJ z7AJQG?PLXJg}~M^g2M)VOZJCb@RPuj{q8Qj@rQQ7(=LbF{Q#z2beRbkb!`2wYZs@d zF8?bUHcrdBPLpbe=92|orfE$zP)l0M8gq_sj)bIUq32sxb+$Bxspn_zjS}WvyY+e# zx_WYZ^vdngD~EbTT)TM15-sQ-QN)ldAo|5COgYywSzb9MGKxl z!mQ`f5#DS%>L%E~)$Ba!5$4VDGvt&LM<`iSTQHs|)zdttOZD!k0$=LxbJIKv#NuSc lNedERwzjumthZcG3z#m~dkdH@caFJf0n=qW`T%x1{s8Mf4uBOxDfRrke$86WSVMt!>r*ByE~n)QXo1)`~xP@dpFOVAZ%?w}LU< zTq5nQATq^z6{Pl{AS~E}c=F)62fYbiiXwW@g9!S~W+%|wzBAwRzO&!E@mG8NN2|Vu zZ+Y_LkoP?g?^xv75Z`8oqoGC5N*QA?3TDv6jgf%Ut_*G-c`H<51@;0Hnlf6%q#*Al6pLBlu%@A2XFCQnt3`wL7z=yQK{O zl<|I6;W~?K_HoT*(a@ZCwFbX9%y}1