From 174a0cc3eeb1d06b70d7919e9e05e32bbe47f050 Mon Sep 17 00:00:00 2001 From: sivchari Date: Thu, 23 May 2024 15:38:20 +0000 Subject: [PATCH] sibling of ef96dec5b22736835ab0be79ae1808933de17467 --- .github/workflows/ci-build.yaml | 20 +- .github/workflows/image-reuse.yaml | 2 +- .github/workflows/image.yaml | 6 +- .github/workflows/init-release.yaml | 2 +- .github/workflows/pr-title-check.yml | 2 +- .github/workflows/release.yaml | 14 +- .github/workflows/scorecard.yaml | 2 +- .gitignore | 1 - .goreleaser.yaml | 2 +- .readthedocs.yaml => .readthedocs.yml | 0 Dockerfile | 6 +- USERS.md | 9 +- VERSION | 2 +- .../controllers/applicationset_controller.go | 111 +- .../applicationset_controller_test.go | 213 - assets/swagger.json | 57 - cmd/argocd/commands/admin/admin.go | 1 + .../commands/admin/redis_initial_password.go | 98 + cmd/argocd/commands/app.go | 2 - cmd/argocd/commands/root.go | 6 +- cmpserver/apiclient/clientset.go | 7 +- cmpserver/plugin/plugin_test.go | 2 +- cmpserver/server.go | 4 +- common/common.go | 2 - controller/appcontroller.go | 10 +- controller/cache/cache.go | 21 +- controller/cache/cache_test.go | 211 + controller/metrics/metrics.go | 2 +- controller/metrics/metrics_test.go | 4 +- docs/assets/argocd_architecture.png | Bin 152028 -> 121649 bytes docs/faq.md | 42 + docs/getting_started.md | 11 +- .../Controlling-Resource-Modification.md | 32 +- .../applicationset/Generators-Cluster.md | 2 +- .../applicationset/Generators-List.md | 2 +- .../applicationset/Generators-Plugin.md | 2 - docs/operator-manual/deep_links.md | 5 - docs/operator-manual/health.md | 25 - docs/operator-manual/high_availability.md | 23 +- docs/operator-manual/ingress.md | 6 +- docs/operator-manual/metrics.md | 2 +- .../notifications/grafana-dashboard.json | 4 +- .../notifications/monitoring.md | 4 +- docs/operator-manual/rbac.md | 34 - docs/operator-manual/secret-management.md | 1 - .../server-commands/argocd-repo-server.md | 2 +- .../server-commands/argocd-server.md | 2 +- .../tested-kubernetes-versions.md | 7 +- docs/operator-manual/upgrading/2.10-2.11.md | 55 +- docs/operator-manual/upgrading/2.11-2.12.md | 30 - docs/operator-manual/upgrading/2.8-2.9.md | 53 + docs/operator-manual/upgrading/2.9-2.10.md | 53 + docs/operator-manual/upgrading/overview.md | 3 +- docs/proposals/images/current-summary-tab.png | Bin 115933 -> 0 bytes docs/proposals/images/helm-parameter-list.png | Bin 107160 -> 0 bytes .../images/history-and-rollback-button.png | Bin 20446 -> 0 bytes .../images/history-rollback-contents.png | Bin 128640 -> 0 bytes docs/proposals/images/new-sources-tab.png | Bin 63179 -> 0 bytes .../multiple-sources-for-applications-ui.md | 226 - docs/requirements.txt | 2 +- docs/snyk/index.md | 79 +- docs/snyk/master/argocd-iac-install.html | 80 +- .../master/argocd-iac-namespace-install.html | 24 +- docs/snyk/master/argocd-test.html | 2778 ++++++- .../master/ghcr.io_dexidp_dex_v2.38.0.html | 290 +- docs/snyk/master/haproxy_2.6.14-alpine.html | 263 +- .../quay.io_argoproj_argocd_latest.html | 742 +- .../redis_7.0.14-alpine.html | 232 +- docs/snyk/master/redis_7.0.15-alpine.html | 659 -- docs/snyk/v2.10.9/argocd-iac-install.html | 2621 ------ .../v2.10.9/argocd-iac-namespace-install.html | 2575 ------ docs/snyk/v2.10.9/argocd-test.html | 7066 ----------------- docs/snyk/v2.10.9/redis_7.0.15-alpine.html | 659 -- docs/snyk/v2.11.0-rc3/argocd-test.html | 6476 --------------- .../ghcr.io_dexidp_dex_v2.38.0.html | 2827 ------- .../quay.io_argoproj_argocd_v2.11.0-rc3.html | 4230 ---------- .../argocd-iac-install.html | 242 +- .../argocd-iac-namespace-install.html | 196 +- docs/snyk/v2.7.17/argocd-test.html | 2957 +++++++ .../ghcr.io_dexidp_dex_v2.37.0.html | 397 +- .../haproxy_2.6.14-alpine.html | 263 +- .../quay.io_argoproj_argocd_v2.7.17.html} | 3061 +++++-- docs/snyk/v2.7.17/redis_7.0.14-alpine.html | 993 +++ .../argocd-iac-install.html | 76 +- .../argocd-iac-namespace-install.html | 4 +- docs/snyk/v2.8.13/argocd-test.html | 3027 +++++++ .../ghcr.io_dexidp_dex_v2.37.0.html | 397 +- .../haproxy_2.6.14-alpine.html | 263 +- .../quay.io_argoproj_argocd_v2.8.13.html} | 1229 ++- .../redis_7.0.11-alpine.html} | 1097 ++- docs/snyk/v2.8.18/redis_7.0.15-alpine.html | 659 -- docs/snyk/v2.9.14/argocd-test.html | 6049 -------------- docs/snyk/v2.9.14/redis_7.0.15-alpine.html | 659 -- .../argocd-iac-install.html | 4 +- .../argocd-iac-namespace-install.html | 4 +- .../snyk/{v2.8.18 => v2.9.9}/argocd-test.html | 3134 +------- .../ghcr.io_dexidp_dex_v2.37.0.html | 397 +- .../haproxy_2.6.14-alpine.html | 263 +- .../quay.io_argoproj_argocd_v2.9.9.html} | 1244 +-- docs/snyk/v2.9.9/redis_7.0.11-alpine.html | 2032 +++++ docs/user-guide/commands/argocd_admin.md | 1 + .../argocd_admin_redis-initial-password.md | 67 + docs/user-guide/diff-strategies.md | 2 +- docs/user-guide/diffing.md | 2 +- docs/user-guide/helm.md | 38 - docs/user-guide/kustomize.md | 2 +- docs/user-guide/status-badge.md | 44 +- docs/user-guide/sync-kubectl.md | 2 +- go.mod | 19 +- go.sum | 32 +- hack/gen-crd-spec/main.go | 6 +- .../helm-v3.14.4-darwin-amd64.tar.gz.sha256 | 1 + .../helm-v3.14.4-darwin-arm64.tar.gz.sha256 | 1 + .../helm-v3.14.4-linux-amd64.tar.gz.sha256 | 1 + .../helm-v3.14.4-linux-arm64.tar.gz.sha256 | 1 + .../helm-v3.14.4-linux-ppc64le.tar.gz.sha256 | 1 + .../helm-v3.14.4-linux-s390x.tar.gz.sha256 | 1 + hack/installers/install-codegen-go-tools.sh | 2 +- hack/snyk-report.sh | 6 +- hack/tool-versions.sh | 2 +- ...ocd-application-controller-deployment.yaml | 5 + ...cd-application-controller-statefulset.yaml | 5 + manifests/base/kustomization.yaml | 2 +- .../base/redis/argocd-redis-deployment.yaml | 26 +- .../redis/argocd-redis-network-policy.yaml | 7 - manifests/base/redis/argocd-redis-role.yaml | 23 + .../base/redis/argocd-redis-rolebinding.yaml | 15 + manifests/base/redis/kustomization.yaml | 2 + .../argocd-repo-server-deployment.yaml | 11 +- .../base/server/argocd-server-deployment.yaml | 5 + manifests/core-install.yaml | 464 +- manifests/core-install/kustomization.yaml | 2 +- manifests/crds/application-crd.yaml | 267 +- manifests/crds/applicationset-crd.yaml | 40 - manifests/crds/appproject-crd.yaml | 60 +- manifests/ha/base/kustomization.yaml | 2 +- .../argocd-redis-ha-proxy-network-policy.yaml | 17 +- .../ha/base/redis-ha/chart/requirements.lock | 6 +- .../ha/base/redis-ha/chart/requirements.yaml | 2 +- .../ha/base/redis-ha/chart/upstream.yaml | 118 +- manifests/ha/base/redis-ha/chart/values.yaml | 7 +- manifests/ha/base/redis-ha/kustomization.yaml | 22 +- .../overlays/deployment-initContainers.yaml | 16 + .../base/redis-ha/overlays/haproxy-role.yaml | 20 + manifests/ha/install.yaml | 540 +- manifests/ha/namespace-install.yaml | 173 +- manifests/install.yaml | 475 +- manifests/namespace-install.yaml | 108 +- pkg/apiclient/apiclient.go | 4 +- .../applicationset/applicationset.pb.go | 342 +- .../applicationset/applicationset.pb.gw.go | 119 - pkg/apis/api-rules/violation_exceptions.list | 2 - .../v1alpha1/applicationset_types.go | 17 - pkg/apis/application/v1alpha1/generated.pb.go | 1866 ++--- pkg/apis/application/v1alpha1/generated.proto | 10 - .../application/v1alpha1/openapi_generated.go | 46 +- pkg/apis/application/v1alpha1/types.go | 13 +- pkg/apis/application/v1alpha1/types_test.go | 63 - .../v1alpha1/zz_generated.deepcopy.go | 30 - reposerver/apiclient/clientset.go | 7 +- reposerver/apiclient/repository.pb.go | 328 +- reposerver/repository/repository.go | 6 +- reposerver/repository/repository.proto | 1 + reposerver/repository/repository_test.go | 10 +- reposerver/server.go | 4 +- .../astra.netapp.io/AppVault/health.lua | 13 - .../astra.netapp.io/AppVault/health_test.yaml | 13 - .../AppVault/testdata/degraded.yaml | 23 - .../AppVault/testdata/healthy.yaml | 21 - .../testdata/progressing_nostatus.yaml | 18 - .../astra.netapp.io/Application/health.lua | 17 - .../Application/health_test.yaml | 13 - .../Application/testdata/degraded.yaml | 26 - .../Application/testdata/healthy.yaml | 24 - .../Application/testdata/progressing.yaml | 16 - .../astra.netapp.io/Backup/health.lua | 16 - .../astra.netapp.io/Backup/health_test.yaml | 17 - .../Backup/testdata/degraded.yaml | 79 - .../Backup/testdata/healthy.yaml | 116 - .../Backup/testdata/progressing_nostatus.yaml | 26 - .../Backup/testdata/progressing_status.yaml | 76 - .../astra.netapp.io/ExecHook/health.lua | 13 - .../astra.netapp.io/ExecHook/health_test.yaml | 13 - .../ExecHook/testdata/healthy.yaml | 23 - .../testdata/progressing_nostatus.yaml | 22 - .../ExecHook/testdata/suspended.yaml | 23 - .../astra.netapp.io/ExecHooksRun/health.lua | 16 - .../ExecHooksRun/health_test.yaml | 17 - .../ExecHooksRun/testdata/degraded.yaml | 71 - .../ExecHooksRun/testdata/healthy.yaml | 71 - .../testdata/progressing_nostatus.yaml | 26 - .../testdata/progressing_status.yaml | 69 - .../astra.netapp.io/ResourceBackup/health.lua | 16 - .../ResourceBackup/health_test.yaml | 17 - .../ResourceBackup/testdata/degraded.yaml | 52 - .../ResourceBackup/testdata/healthy.yaml | 49 - .../testdata/progressing_nostatus.yaml | 24 - .../testdata/progressing_status.yaml | 48 - .../ResticVolumeBackup/health.lua | 16 - .../ResticVolumeBackup/health_test.yaml | 17 - .../ResticVolumeBackup/testdata/degraded.yaml | 99 - .../ResticVolumeBackup/testdata/healthy.yaml | 94 - .../testdata/progressing_nostatus.yaml | 49 - .../testdata/progressing_status.yaml | 92 - .../astra.netapp.io/Schedule/health.lua | 7 - .../astra.netapp.io/Schedule/health_test.yaml | 9 - .../Schedule/testdata/healthy_nostatus.yaml | 28 - .../Schedule/testdata/healthy_status.yaml | 30 - .../astra.netapp.io/Snapshot/health.lua | 16 - .../astra.netapp.io/Snapshot/health_test.yaml | 17 - .../Snapshot/testdata/degraded.yaml | 80 - .../Snapshot/testdata/healthy.yaml | 81 - .../testdata/progressing_nostatus.yaml | 24 - .../Snapshot/testdata/progressing_status.yaml | 73 - .../openfaas.com/Function/health.lua | 31 - .../openfaas.com/Function/health_test.yaml | 17 - .../Function/testdata/degraded_no_secret.yaml | 48 - .../Function/testdata/healthy.yaml | 36 - .../Function/testdata/progressing.yaml | 30 - .../testdata/suspended_zero_replicas.yaml | 35 - server/application/application.go | 7 +- server/applicationset/applicationset.go | 46 - server/applicationset/applicationset.proto | 12 +- server/applicationset/applicationset_test.go | 88 - server/badge/badge.go | 46 +- server/badge/badge_test.go | 80 - server/project/project.go | 2 - server/project/project_test.go | 2 +- server/server.go | 4 +- test/container/Dockerfile | 10 +- test/e2e/declarative_test.go | 1 - test/e2e/multiarch-container/Dockerfile | 2 +- test/e2e/project_management_test.go | 10 - test/remote/Dockerfile | 2 +- ui-test/Dockerfile | 2 +- .../application-resource-list.tsx | 65 +- .../application-parameters.tsx | 396 +- .../application-status-panel.tsx | 24 +- .../application-summary.tsx | 165 +- .../applications-summary.tsx | 2 +- .../resource-details/resource-details.tsx | 53 +- .../editable-panel/editable-panel.scss | 20 - .../editable-panel/editable-panel.tsx | 205 +- ui/src/app/shared/models.ts | 2 - util/app/path/path.go | 8 +- util/app/path/path_test.go | 10 +- util/config/env.go | 37 +- util/config/env_test.go | 57 - util/git/client.go | 2 +- util/git/creds.go | 7 +- util/git/creds_test.go | 32 - util/grpc/trace.go | 4 +- util/helm/client.go | 2 - util/helm/mocks/Client.go | 69 +- util/tls/tls.go | 2 +- 255 files changed, 21660 insertions(+), 49063 deletions(-) rename .readthedocs.yaml => .readthedocs.yml (100%) create mode 100644 cmd/argocd/commands/admin/redis_initial_password.go delete mode 100644 docs/operator-manual/upgrading/2.11-2.12.md delete mode 100644 docs/proposals/images/current-summary-tab.png delete mode 100644 docs/proposals/images/helm-parameter-list.png delete mode 100644 docs/proposals/images/history-and-rollback-button.png delete mode 100644 docs/proposals/images/history-rollback-contents.png delete mode 100644 docs/proposals/images/new-sources-tab.png delete mode 100644 docs/proposals/multiple-sources-for-applications-ui.md rename docs/snyk/{v2.11.0-rc3 => master}/redis_7.0.14-alpine.html (73%) delete mode 100644 docs/snyk/master/redis_7.0.15-alpine.html delete mode 100644 docs/snyk/v2.10.9/argocd-iac-install.html delete mode 100644 docs/snyk/v2.10.9/argocd-iac-namespace-install.html delete mode 100644 docs/snyk/v2.10.9/argocd-test.html delete mode 100644 docs/snyk/v2.10.9/redis_7.0.15-alpine.html delete mode 100644 docs/snyk/v2.11.0-rc3/argocd-test.html delete mode 100644 docs/snyk/v2.11.0-rc3/ghcr.io_dexidp_dex_v2.38.0.html delete mode 100644 docs/snyk/v2.11.0-rc3/quay.io_argoproj_argocd_v2.11.0-rc3.html rename docs/snyk/{v2.11.0-rc3 => v2.7.17}/argocd-iac-install.html (96%) rename docs/snyk/{v2.11.0-rc3 => v2.7.17}/argocd-iac-namespace-install.html (95%) create mode 100644 docs/snyk/v2.7.17/argocd-test.html rename docs/snyk/{v2.9.14 => v2.7.17}/ghcr.io_dexidp_dex_v2.37.0.html (89%) rename docs/snyk/{v2.11.0-rc3 => v2.7.17}/haproxy_2.6.14-alpine.html (78%) rename docs/snyk/{v2.10.9/quay.io_argoproj_argocd_v2.10.9.html => v2.7.17/quay.io_argoproj_argocd_v2.7.17.html} (64%) create mode 100644 docs/snyk/v2.7.17/redis_7.0.14-alpine.html rename docs/snyk/{v2.8.18 => v2.8.13}/argocd-iac-install.html (98%) rename docs/snyk/{v2.8.18 => v2.8.13}/argocd-iac-namespace-install.html (99%) create mode 100644 docs/snyk/v2.8.13/argocd-test.html rename docs/snyk/{v2.10.9 => v2.8.13}/ghcr.io_dexidp_dex_v2.37.0.html (89%) rename docs/snyk/{v2.9.14 => v2.8.13}/haproxy_2.6.14-alpine.html (78%) rename docs/snyk/{v2.9.14/quay.io_argoproj_argocd_v2.9.14.html => v2.8.13/quay.io_argoproj_argocd_v2.8.13.html} (83%) rename docs/snyk/{v2.8.18/haproxy_2.6.14-alpine.html => v2.8.13/redis_7.0.11-alpine.html} (59%) delete mode 100644 docs/snyk/v2.8.18/redis_7.0.15-alpine.html delete mode 100644 docs/snyk/v2.9.14/argocd-test.html delete mode 100644 docs/snyk/v2.9.14/redis_7.0.15-alpine.html rename docs/snyk/{v2.9.14 => v2.9.9}/argocd-iac-install.html (99%) rename docs/snyk/{v2.9.14 => v2.9.9}/argocd-iac-namespace-install.html (99%) rename docs/snyk/{v2.8.18 => v2.9.9}/argocd-test.html (51%) rename docs/snyk/{v2.8.18 => v2.9.9}/ghcr.io_dexidp_dex_v2.37.0.html (89%) rename docs/snyk/{v2.10.9 => v2.9.9}/haproxy_2.6.14-alpine.html (78%) rename docs/snyk/{v2.8.18/quay.io_argoproj_argocd_v2.8.18.html => v2.9.9/quay.io_argoproj_argocd_v2.9.9.html} (89%) create mode 100644 docs/snyk/v2.9.9/redis_7.0.11-alpine.html create mode 100644 docs/user-guide/commands/argocd_admin_redis-initial-password.md create mode 100644 hack/installers/checksums/helm-v3.14.4-darwin-amd64.tar.gz.sha256 create mode 100644 hack/installers/checksums/helm-v3.14.4-darwin-arm64.tar.gz.sha256 create mode 100644 hack/installers/checksums/helm-v3.14.4-linux-amd64.tar.gz.sha256 create mode 100644 hack/installers/checksums/helm-v3.14.4-linux-arm64.tar.gz.sha256 create mode 100644 hack/installers/checksums/helm-v3.14.4-linux-ppc64le.tar.gz.sha256 create mode 100644 hack/installers/checksums/helm-v3.14.4-linux-s390x.tar.gz.sha256 create mode 100644 manifests/base/redis/argocd-redis-role.yaml create mode 100644 manifests/base/redis/argocd-redis-rolebinding.yaml create mode 100644 manifests/ha/base/redis-ha/overlays/deployment-initContainers.yaml create mode 100644 manifests/ha/base/redis-ha/overlays/haproxy-role.yaml delete mode 100644 resource_customizations/astra.netapp.io/AppVault/health.lua delete mode 100644 resource_customizations/astra.netapp.io/AppVault/health_test.yaml delete mode 100644 resource_customizations/astra.netapp.io/AppVault/testdata/degraded.yaml delete mode 100644 resource_customizations/astra.netapp.io/AppVault/testdata/healthy.yaml delete mode 100644 resource_customizations/astra.netapp.io/AppVault/testdata/progressing_nostatus.yaml delete mode 100644 resource_customizations/astra.netapp.io/Application/health.lua delete mode 100644 resource_customizations/astra.netapp.io/Application/health_test.yaml delete mode 100644 resource_customizations/astra.netapp.io/Application/testdata/degraded.yaml delete mode 100644 resource_customizations/astra.netapp.io/Application/testdata/healthy.yaml delete mode 100644 resource_customizations/astra.netapp.io/Application/testdata/progressing.yaml delete mode 100644 resource_customizations/astra.netapp.io/Backup/health.lua delete mode 100644 resource_customizations/astra.netapp.io/Backup/health_test.yaml delete mode 100644 resource_customizations/astra.netapp.io/Backup/testdata/degraded.yaml delete mode 100644 resource_customizations/astra.netapp.io/Backup/testdata/healthy.yaml delete mode 100644 resource_customizations/astra.netapp.io/Backup/testdata/progressing_nostatus.yaml delete mode 100644 resource_customizations/astra.netapp.io/Backup/testdata/progressing_status.yaml delete mode 100644 resource_customizations/astra.netapp.io/ExecHook/health.lua delete mode 100644 resource_customizations/astra.netapp.io/ExecHook/health_test.yaml delete mode 100644 resource_customizations/astra.netapp.io/ExecHook/testdata/healthy.yaml delete mode 100644 resource_customizations/astra.netapp.io/ExecHook/testdata/progressing_nostatus.yaml delete mode 100644 resource_customizations/astra.netapp.io/ExecHook/testdata/suspended.yaml delete mode 100644 resource_customizations/astra.netapp.io/ExecHooksRun/health.lua delete mode 100644 resource_customizations/astra.netapp.io/ExecHooksRun/health_test.yaml delete mode 100644 resource_customizations/astra.netapp.io/ExecHooksRun/testdata/degraded.yaml delete mode 100644 resource_customizations/astra.netapp.io/ExecHooksRun/testdata/healthy.yaml delete mode 100644 resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_nostatus.yaml delete mode 100644 resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_status.yaml delete mode 100644 resource_customizations/astra.netapp.io/ResourceBackup/health.lua delete mode 100644 resource_customizations/astra.netapp.io/ResourceBackup/health_test.yaml delete mode 100644 resource_customizations/astra.netapp.io/ResourceBackup/testdata/degraded.yaml delete mode 100644 resource_customizations/astra.netapp.io/ResourceBackup/testdata/healthy.yaml delete mode 100644 resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_nostatus.yaml delete mode 100644 resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_status.yaml delete mode 100644 resource_customizations/astra.netapp.io/ResticVolumeBackup/health.lua delete mode 100644 resource_customizations/astra.netapp.io/ResticVolumeBackup/health_test.yaml delete mode 100644 resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/degraded.yaml delete mode 100644 resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/healthy.yaml delete mode 100644 resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_nostatus.yaml delete mode 100644 resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_status.yaml delete mode 100644 resource_customizations/astra.netapp.io/Schedule/health.lua delete mode 100644 resource_customizations/astra.netapp.io/Schedule/health_test.yaml delete mode 100644 resource_customizations/astra.netapp.io/Schedule/testdata/healthy_nostatus.yaml delete mode 100644 resource_customizations/astra.netapp.io/Schedule/testdata/healthy_status.yaml delete mode 100644 resource_customizations/astra.netapp.io/Snapshot/health.lua delete mode 100644 resource_customizations/astra.netapp.io/Snapshot/health_test.yaml delete mode 100644 resource_customizations/astra.netapp.io/Snapshot/testdata/degraded.yaml delete mode 100644 resource_customizations/astra.netapp.io/Snapshot/testdata/healthy.yaml delete mode 100644 resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_nostatus.yaml delete mode 100644 resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_status.yaml delete mode 100644 resource_customizations/openfaas.com/Function/health.lua delete mode 100644 resource_customizations/openfaas.com/Function/health_test.yaml delete mode 100644 resource_customizations/openfaas.com/Function/testdata/degraded_no_secret.yaml delete mode 100644 resource_customizations/openfaas.com/Function/testdata/healthy.yaml delete mode 100644 resource_customizations/openfaas.com/Function/testdata/progressing.yaml delete mode 100644 resource_customizations/openfaas.com/Function/testdata/suspended_zero_replicas.yaml diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index 8fc850e0dd14a..84534d518f26b 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -13,7 +13,7 @@ on: env: # Golang version to use across CI steps - GOLANG_VERSION: '1.22' + GOLANG_VERSION: '1.21' concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -43,8 +43,6 @@ jobs: frontend: - 'ui/**' - Dockerfile - docs: - - 'docs/**' check-go: name: Ensure Go modules synchronicity if: ${{ needs.changes.outputs.backend == 'true' }} @@ -171,12 +169,12 @@ jobs: - name: Run all unit tests run: make test-local - name: Generate code coverage artifacts - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: code-coverage path: coverage.out - name: Generate test results artifacts - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: test-results path: test-results/ @@ -240,14 +238,14 @@ jobs: - name: Run all unit tests run: make test-race-local - name: Generate test results artifacts - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: race-results path: test-results/ codegen: name: Check changes to generated code - if: ${{ needs.changes.outputs.backend == 'true' || needs.changes.outputs.docs == 'true'}} + if: ${{ needs.changes.outputs.backend == 'true' }} runs-on: ubuntu-22.04 needs: - changes @@ -359,11 +357,11 @@ jobs: run: | mkdir -p test-results - name: Get code coverage artifact - uses: actions/download-artifact@8caf195ad4b1dee92908e23f56eeb0696f1dd42d # v4.1.5 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: code-coverage - name: Get test result artifact - uses: actions/download-artifact@8caf195ad4b1dee92908e23f56eeb0696f1dd42d # v4.1.5 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: test-results path: test-results @@ -474,7 +472,7 @@ jobs: run: | docker pull ghcr.io/dexidp/dex:v2.38.0 docker pull argoproj/argo-cd-ci-builder:v1.0.0 - docker pull redis:7.0.15-alpine + docker pull redis:7.0.14-alpine - name: Create target directory for binaries in the build-process run: | mkdir -p dist @@ -502,7 +500,7 @@ jobs: set -x make test-e2e-local - name: Upload e2e-server logs - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: e2e-server-k8s${{ matrix.k3s-version }}.log path: /tmp/e2e-server.log diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml index 2ba056b0cadfa..5b5a12b346fa1 100644 --- a/.github/workflows/image-reuse.yaml +++ b/.github/workflows/image-reuse.yaml @@ -134,7 +134,7 @@ jobs: echo "GIT_TREE_STATE=$(if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)" >> $GITHUB_ENV - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be + uses: jlumbroso/free-disk-space@4d9e71b726748f254fe64fa44d273194bd18ec91 with: large-packages: false docker-images: false diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 3102e8361aa06..a7174e10de9db 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -52,7 +52,7 @@ jobs: uses: ./.github/workflows/image-reuse.yaml with: # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) - go-version: 1.22 + go-version: 1.21 platforms: ${{ needs.set-vars.outputs.platforms }} push: false @@ -68,7 +68,7 @@ jobs: quay_image_name: quay.io/argoproj/argocd:latest ghcr_image_name: ghcr.io/argoproj/argo-cd/argocd:${{ needs.set-vars.outputs.image-tag }} # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) - go-version: 1.22 + go-version: 1.21 platforms: ${{ needs.set-vars.outputs.platforms }} push: true secrets: @@ -86,7 +86,7 @@ jobs: packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues) if: ${{ github.repository == 'argoproj/argo-cd' && github.event_name == 'push' }} # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.10.0 with: image: ghcr.io/argoproj/argo-cd/argocd digest: ${{ needs.build-and-publish.outputs.image-digest }} diff --git a/.github/workflows/init-release.yaml b/.github/workflows/init-release.yaml index 9c5ef7b2ab695..0a0430f27f96b 100644 --- a/.github/workflows/init-release.yaml +++ b/.github/workflows/init-release.yaml @@ -64,7 +64,7 @@ jobs: git stash pop - name: Create pull request - uses: peter-evans/create-pull-request@9153d834b60caba6d51c9b9510b087acf9f33f83 # v6.0.4 + uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 with: commit-message: "Bump version to ${{ inputs.TARGET_VERSION }}" title: "Bump version to ${{ inputs.TARGET_VERSION }} on ${{ inputs.TARGET_BRANCH }} branch" diff --git a/.github/workflows/pr-title-check.yml b/.github/workflows/pr-title-check.yml index 61c38548cf6ba..020535d7b8afa 100644 --- a/.github/workflows/pr-title-check.yml +++ b/.github/workflows/pr-title-check.yml @@ -23,7 +23,7 @@ jobs: name: Validate PR Title runs-on: ubuntu-latest steps: - - uses: thehanimo/pr-title-checker@1d8cd483a2b73118406a187f54dca8a9415f1375 # v1.4.2 + - uses: thehanimo/pr-title-checker@0cf5902181e78341bb97bb06646396e5bd354b3f # v1.4.0 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} configuration_path: ".github/pr-title-checker-config.json" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a3ecf2e5478c0..d332c075d0bd0 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -10,7 +10,7 @@ on: permissions: {} env: - GOLANG_VERSION: '1.22' # Note: go-version must also be set in job argocd-image.with.go-version + GOLANG_VERSION: '1.21' # Note: go-version must also be set in job argocd-image.with.go-version jobs: argocd-image: @@ -23,7 +23,7 @@ jobs: with: quay_image_name: quay.io/argoproj/argocd:${{ github.ref_name }} # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) - go-version: 1.22 + go-version: 1.21 platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le push: true secrets: @@ -38,7 +38,7 @@ jobs: packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues) # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator if: github.repository == 'argoproj/argo-cd' - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.10.0 with: image: quay.io/argoproj/argocd digest: ${{ needs.argocd-image.outputs.image-digest }} @@ -88,7 +88,7 @@ jobs: echo "GIT_TREE_STATE=$(if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)" >> $GITHUB_ENV - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be + uses: jlumbroso/free-disk-space@4d9e71b726748f254fe64fa44d273194bd18ec91 with: large-packages: false docker-images: false @@ -128,7 +128,7 @@ jobs: contents: write # Needed for release uploads if: github.repository == 'argoproj/argo-cd' # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 with: base64-subjects: "${{ needs.goreleaser.outputs.hashes }}" provenance-name: "argocd-cli.intoto.jsonl" @@ -212,7 +212,7 @@ jobs: contents: write # Needed for release uploads if: github.repository == 'argoproj/argo-cd' # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 with: base64-subjects: "${{ needs.generate-sbom.outputs.hashes }}" provenance-name: "argocd-sbom.intoto.jsonl" @@ -295,7 +295,7 @@ jobs: if: ${{ env.UPDATE_VERSION == 'true' }} - name: Create PR to update VERSION on master branch - uses: peter-evans/create-pull-request@9153d834b60caba6d51c9b9510b087acf9f33f83 # v6.0.4 + uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 with: commit-message: Bump version in master title: "chore: Bump version in master" diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 4394d7739df22..ec3151949541d 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -54,7 +54,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: SARIF file path: results.sarif diff --git a/.gitignore b/.gitignore index cc5a439491dbb..ab17deb0db139 100644 --- a/.gitignore +++ b/.gitignore @@ -19,7 +19,6 @@ node_modules/ ./test/cmp/*.sock .envrc.remote .*.swp -rerunreport.txt # ignore built binaries cmd/argocd/argocd diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 26341aa1d80c1..c156d37b19081 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -114,7 +114,7 @@ changelog: exclude: - '^test:' - '^.*?Bump(\([[:word:]]+\))?.+$' - - '^.*?[Bot](\([[:word:]]+\))?.+$' + - '^.*?\[Bot\](\([[:word:]]+\))?.+$' # yaml-language-server: $schema=https://goreleaser.com/static/schema.json diff --git a/.readthedocs.yaml b/.readthedocs.yml similarity index 100% rename from .readthedocs.yaml rename to .readthedocs.yml diff --git a/Dockerfile b/Dockerfile index 6ba69702b43e2..5f6a35d99616f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,10 @@ -ARG BASE_IMAGE=docker.io/library/ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 +ARG BASE_IMAGE=docker.io/library/ubuntu:22.04@sha256:0bced47fffa3361afa981854fcabcd4577cd43cebbb808cea2b1f33a3dd7f508 #################################################################################################### # Builder image # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image # Also used as the image in CI jobs so needs all dependencies #################################################################################################### -FROM docker.io/library/golang:1.22.1@sha256:0b55ab82ac2a54a6f8f85ec8b943b9e470c39e32c109b766bbc1b801f3fa8d3b AS builder +FROM docker.io/library/golang:1.21.9@sha256:7d0dcbe5807b1ad7272a598fbf9d7af15b5e2bed4fd6c4c2b5b3684df0b317dd AS builder RUN echo 'deb http://archive.debian.org/debian buster-backports main' >> /etc/apt/sources.list @@ -101,7 +101,7 @@ RUN HOST_ARCH=$TARGETARCH NODE_ENV='production' NODE_ONLINE_ENV='online' NODE_OP #################################################################################################### # Argo CD Build stage which performs the actual build of Argo CD binaries #################################################################################################### -FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.22.1@sha256:0b55ab82ac2a54a6f8f85ec8b943b9e470c39e32c109b766bbc1b801f3fa8d3b AS argocd-build +FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.21.9@sha256:7d0dcbe5807b1ad7272a598fbf9d7af15b5e2bed4fd6c4c2b5b3684df0b317dd AS argocd-build WORKDIR /go/src/github.com/argoproj/argo-cd diff --git a/USERS.md b/USERS.md index 202d91243368e..9d409af2e8114 100644 --- a/USERS.md +++ b/USERS.md @@ -18,7 +18,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Albert Heijn](https://ah.nl/) 1. [Alibaba Group](https://www.alibabagroup.com/) 1. [Allianz Direct](https://www.allianzdirect.de/) -1. [AlphaSense](https://www.alpha-sense.com/) 1. [Amadeus IT Group](https://amadeus.com/) 1. [Ambassador Labs](https://www.getambassador.io/) 1. [Ancestry](https://www.ancestry.com/) @@ -36,7 +35,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [BCDevExchange DevOps Platform](https://bcdevexchange.org/DevOpsPlatform) 1. [Beat](https://thebeat.co/en/) 1. [Beez Innovation Labs](https://www.beezlabs.com/) -1. [Bedag Informatik AG](https://www.bedag.ch/) 1. [Beleza Na Web](https://www.belezanaweb.com.br/) 1. [BigPanda](https://bigpanda.io) 1. [BioBox Analytics](https://biobox.io) @@ -60,7 +58,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Cisco ET&I](https://eti.cisco.com/) 1. [Cloud Posse](https://www.cloudposse.com/) 1. [Cloud Scale](https://cloudscaleinc.com/) -1. [CloudGeometry](https://www.cloudgeometry.io/) 1. [Cloudmate](https://cloudmt.co.kr/) 1. [Cloudogu](https://cloudogu.com/) 1. [Cobalt](https://www.cobalt.io/) @@ -135,7 +132,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [IABAI](https://www.iab.ai) 1. [IBM](https://www.ibm.com/) 1. [Ibotta](https://home.ibotta.com) -1. [IFS](https://www.ifs.com) 1. [IITS-Consulting](https://iits-consulting.de) 1. [IllumiDesk](https://www.illumidesk.com) 1. [imaware](https://imaware.health) @@ -183,7 +179,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Meilleurs Agents](https://www.meilleursagents.com/) 1. [Mercedes-Benz Tech Innovation](https://www.mercedes-benz-techinnovation.com/) 1. [Mercedes-Benz.io](https://www.mercedes-benz.io/) -1. [Metacore Games](https://metacoregames.com/) 1. [Metanet](http://www.metanet.co.kr/en/) 1. [MindSpore](https://mindspore.cn) 1. [Mirantis](https://mirantis.com/) @@ -204,7 +199,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Objective](https://www.objective.com.br/) 1. [OCCMundial](https://occ.com.mx) 1. [Octadesk](https://octadesk.com) -1. [Octopus Deploy](https://octopus.com) 1. [Olfeo](https://www.olfeo.com/) 1. [omegaUp](https://omegaUp.com) 1. [Omni](https://omni.se/) @@ -231,7 +225,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Percona](https://percona.com/) 1. [PGS](https://www.pgs.com) 1. [Pigment](https://www.gopigment.com/) -1. [Pipedrive](https://www.pipedrive.com/) 1. [Pipefy](https://www.pipefy.com/) 1. [Pismo](https://pismo.io/) 1. [PITS Globale Datenrettungsdienste](https://www.pitsdatenrettung.de/) @@ -251,6 +244,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Quipper](https://www.quipper.com/) 1. [RapidAPI](https://www.rapidapi.com/) 1. [rebuy](https://www.rebuy.de/) +1. [Recreation.gov](https://www.recreation.gov/) 1. [Red Hat](https://www.redhat.com/) 1. [Redpill Linpro](https://www.redpill-linpro.com/) 1. [Reenigne Cloud](https://reenigne.ca) @@ -261,7 +255,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Riskified](https://www.riskified.com/) 1. [Robotinfra](https://www.robotinfra.com) 1. [Rocket.Chat](https://rocket.chat) -1. [Rogo](https://rogodata.com) 1. [Rubin Observatory](https://www.lsst.org) 1. [Saildrone](https://www.saildrone.com/) 1. [Salad Technologies](https://salad.com/) diff --git a/VERSION b/VERSION index 46b81d815a23b..9e5bb77a3ba1a 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.11.0 +2.11.2 diff --git a/applicationset/controllers/applicationset_controller.go b/applicationset/controllers/applicationset_controller.go index 10e2ea35573af..dd65d51055162 100644 --- a/applicationset/controllers/applicationset_controller.go +++ b/applicationset/controllers/applicationset_controller.go @@ -111,19 +111,15 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque // Do not attempt to further reconcile the ApplicationSet if it is being deleted. if applicationSetInfo.ObjectMeta.DeletionTimestamp != nil { - appsetName := applicationSetInfo.ObjectMeta.Name - logCtx.Debugf("DeletionTimestamp is set on %s", appsetName) deleteAllowed := utils.DefaultPolicy(applicationSetInfo.Spec.SyncPolicy, r.Policy, r.EnablePolicyOverride).AllowDelete() if !deleteAllowed { - logCtx.Debugf("ApplicationSet policy does not allow to delete") if err := r.removeOwnerReferencesOnDeleteAppSet(ctx, applicationSetInfo); err != nil { return ctrl.Result{}, err } - logCtx.Debugf("ownerReferences referring %s is deleted from generated applications", appsetName) - } - controllerutil.RemoveFinalizer(&applicationSetInfo, argov1alpha1.ResourcesFinalizerName) - if err := r.Update(ctx, &applicationSetInfo); err != nil { - return ctrl.Result{}, err + controllerutil.RemoveFinalizer(&applicationSetInfo, argov1alpha1.ResourcesFinalizerName) + if err := r.Update(ctx, &applicationSetInfo); err != nil { + return ctrl.Result{}, err + } } return ctrl.Result{}, nil } @@ -172,16 +168,6 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque return ctrl.Result{RequeueAfter: ReconcileRequeueOnValidationError}, nil } - currentApplications, err := r.getCurrentApplications(ctx, applicationSetInfo) - if err != nil { - return ctrl.Result{}, fmt.Errorf("failed to get current applications for application set: %w", err) - } - - err = r.updateResourcesStatus(ctx, logCtx, &applicationSetInfo, currentApplications) - if err != nil { - return ctrl.Result{}, fmt.Errorf("failed to get update resources status for application set: %w", err) - } - // appMap is a name->app collection of Applications in this ApplicationSet. appMap := map[string]argov1alpha1.Application{} // appSyncMap tracks which apps will be synced during this reconciliation. @@ -198,11 +184,16 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque } } else if applicationSetInfo.Spec.Strategy != nil { // appset uses progressive sync - for _, app := range currentApplications { + applications, err := r.getCurrentApplications(ctx, applicationSetInfo) + if err != nil { + return ctrl.Result{}, fmt.Errorf("failed to get current applications for application set: %w", err) + } + + for _, app := range applications { appMap[app.Name] = app } - appSyncMap, err = r.performProgressiveSyncs(ctx, logCtx, applicationSetInfo, currentApplications, desiredApplications, appMap) + appSyncMap, err = r.performProgressiveSyncs(ctx, logCtx, applicationSetInfo, applications, desiredApplications, appMap) if err != nil { return ctrl.Result{}, fmt.Errorf("failed to perform progressive sync reconciliation for application set: %w", err) } @@ -1374,86 +1365,6 @@ func findApplicationStatusIndex(appStatuses []argov1alpha1.ApplicationSetApplica return -1 } -func (r *ApplicationSetReconciler) updateResourcesStatus(ctx context.Context, logCtx *log.Entry, appset *argov1alpha1.ApplicationSet, apps []argov1alpha1.Application) error { - statusMap := getResourceStatusMap(appset) - statusMap = buildResourceStatus(statusMap, apps) - - statuses := []argov1alpha1.ResourceStatus{} - for _, status := range statusMap { - statuses = append(statuses, status) - } - appset.Status.Resources = statuses - - namespacedName := types.NamespacedName{Namespace: appset.Namespace, Name: appset.Name} - err := r.Client.Status().Update(ctx, appset) - if err != nil { - - logCtx.Errorf("unable to set application set status: %v", err) - return fmt.Errorf("unable to set application set status: %v", err) - } - - if err := r.Get(ctx, namespacedName, appset); err != nil { - if client.IgnoreNotFound(err) != nil { - return nil - } - return fmt.Errorf("error fetching updated application set: %v", err) - } - - return nil -} - -func buildResourceStatus(statusMap map[string]argov1alpha1.ResourceStatus, apps []argov1alpha1.Application) map[string]argov1alpha1.ResourceStatus { - appMap := map[string]argov1alpha1.Application{} - for _, app := range apps { - appCopy := app - appMap[app.Name] = app - - gvk := app.GroupVersionKind() - // Create status if it does not exist - status, ok := statusMap[app.Name] - if !ok { - status = argov1alpha1.ResourceStatus{ - Group: gvk.Group, - Version: gvk.Version, - Kind: gvk.Kind, - Name: app.Name, - Namespace: app.Namespace, - Status: app.Status.Sync.Status, - Health: &appCopy.Status.Health, - } - } - - status.Group = gvk.Group - status.Version = gvk.Version - status.Kind = gvk.Kind - status.Name = app.Name - status.Namespace = app.Namespace - status.Status = app.Status.Sync.Status - status.Health = &appCopy.Status.Health - - statusMap[app.Name] = status - } - cleanupDeletedApplicationStatuses(statusMap, appMap) - - return statusMap -} - -func getResourceStatusMap(appset *argov1alpha1.ApplicationSet) map[string]argov1alpha1.ResourceStatus { - statusMap := map[string]argov1alpha1.ResourceStatus{} - for _, status := range appset.Status.Resources { - statusMap[status.Name] = status - } - return statusMap -} - -func cleanupDeletedApplicationStatuses(statusMap map[string]argov1alpha1.ResourceStatus, apps map[string]argov1alpha1.Application) { - for name := range statusMap { - if _, ok := apps[name]; !ok { - delete(statusMap, name) - } - } -} - // setApplicationSetApplicationStatus updates the ApplicatonSet's status field // with any new/changed Application statuses. func (r *ApplicationSetReconciler) setAppSetApplicationStatus(ctx context.Context, logCtx *log.Entry, applicationSet *argov1alpha1.ApplicationSet, applicationStatuses []argov1alpha1.ApplicationSetApplicationStatus) error { diff --git a/applicationset/controllers/applicationset_controller_test.go b/applicationset/controllers/applicationset_controller_test.go index 790682d98eead..ac1a17447ccea 100644 --- a/applicationset/controllers/applicationset_controller_test.go +++ b/applicationset/controllers/applicationset_controller_test.go @@ -6132,219 +6132,6 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) { } } -func TestUpdateResourceStatus(t *testing.T) { - - scheme := runtime.NewScheme() - err := v1alpha1.AddToScheme(scheme) - assert.Nil(t, err) - - err = v1alpha1.AddToScheme(scheme) - assert.Nil(t, err) - - for _, cc := range []struct { - name string - appSet v1alpha1.ApplicationSet - apps []v1alpha1.Application - expectedResources []v1alpha1.ResourceStatus - }{ - { - name: "handles an empty application list", - appSet: v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "argocd", - }, - Status: v1alpha1.ApplicationSetStatus{ - Resources: []v1alpha1.ResourceStatus{}, - }, - }, - apps: []v1alpha1.Application{}, - expectedResources: nil, - }, - { - name: "adds status if no existing statuses", - appSet: v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "argocd", - }, - Status: v1alpha1.ApplicationSetStatus{ - ApplicationStatus: []v1alpha1.ApplicationSetApplicationStatus{}, - }, - }, - apps: []v1alpha1.Application{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "app1", - }, - Status: v1alpha1.ApplicationStatus{ - Sync: v1alpha1.SyncStatus{ - Status: v1alpha1.SyncStatusCodeSynced, - }, - Health: v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - }, - expectedResources: []v1alpha1.ResourceStatus{ - { - Name: "app1", - Status: v1alpha1.SyncStatusCodeSynced, - Health: &v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - }, - { - name: "handles an applicationset with existing and up-to-date status", - appSet: v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "argocd", - }, - Status: v1alpha1.ApplicationSetStatus{ - Resources: []v1alpha1.ResourceStatus{ - { - Name: "app1", - Status: v1alpha1.SyncStatusCodeSynced, - Health: &v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - }, - }, - apps: []v1alpha1.Application{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "app1", - }, - Status: v1alpha1.ApplicationStatus{ - Sync: v1alpha1.SyncStatus{ - Status: v1alpha1.SyncStatusCodeSynced, - }, - Health: v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - }, - expectedResources: []v1alpha1.ResourceStatus{ - { - Name: "app1", - Status: v1alpha1.SyncStatusCodeSynced, - Health: &v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - }, - { - name: "updates an applicationset with existing and out of date status", - appSet: v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "argocd", - }, - Status: v1alpha1.ApplicationSetStatus{ - Resources: []v1alpha1.ResourceStatus{ - { - Name: "app1", - Status: v1alpha1.SyncStatusCodeOutOfSync, - Health: &v1alpha1.HealthStatus{ - Status: health.HealthStatusProgressing, - Message: "Progressing", - }, - }, - }, - }, - }, - apps: []v1alpha1.Application{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "app1", - }, - Status: v1alpha1.ApplicationStatus{ - Sync: v1alpha1.SyncStatus{ - Status: v1alpha1.SyncStatusCodeSynced, - }, - Health: v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - }, - expectedResources: []v1alpha1.ResourceStatus{ - { - Name: "app1", - Status: v1alpha1.SyncStatusCodeSynced, - Health: &v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - }, - { - name: "deletes an applicationset status if the application no longer exists", - appSet: v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "argocd", - }, - Status: v1alpha1.ApplicationSetStatus{ - Resources: []v1alpha1.ResourceStatus{ - { - Name: "app1", - Status: v1alpha1.SyncStatusCodeSynced, - Health: &v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - }, - }, - apps: []v1alpha1.Application{}, - expectedResources: nil, - }, - } { - - t.Run(cc.name, func(t *testing.T) { - - kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) - argoDBMock := dbmocks.ArgoDB{} - argoObjs := []runtime.Object{} - - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&cc.appSet).Build() - - r := ApplicationSetReconciler{ - Client: client, - Scheme: scheme, - Recorder: record.NewFakeRecorder(1), - Cache: &fakeCache{}, - Generators: map[string]generators.Generator{}, - ArgoDB: &argoDBMock, - ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), - KubeClientset: kubeclientset, - } - - err := r.updateResourcesStatus(context.TODO(), log.NewEntry(log.StandardLogger()), &cc.appSet, cc.apps) - - assert.Equal(t, err, nil, "expected no errors, but errors occured") - assert.Equal(t, cc.expectedResources, cc.appSet.Status.Resources, "expected resources did not match actual") - }) - } -} - func TestOwnsHandler(t *testing.T) { // progressive syncs do not affect create, delete, or generic ownsHandler := getOwnsHandlerPredicates(true) diff --git a/assets/swagger.json b/assets/swagger.json index edb8da0350657..8a412bc58492f 100644 --- a/assets/swagger.json +++ b/assets/swagger.json @@ -2030,43 +2030,6 @@ } } }, - "/api/v1/applicationsets/{name}/resource-tree": { - "get": { - "tags": [ - "ApplicationSetService" - ], - "summary": "ResourceTree returns resource tree", - "operationId": "ApplicationSetService_ResourceTree", - "parameters": [ - { - "type": "string", - "name": "name", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "The application set namespace. Default empty is argocd control plane namespace.", - "name": "appsetNamespace", - "in": "query" - } - ], - "responses": { - "200": { - "description": "A successful response.", - "schema": { - "$ref": "#/definitions/v1alpha1ApplicationSetTree" - } - }, - "default": { - "description": "An unexpected error response.", - "schema": { - "$ref": "#/definitions/runtimeError" - } - } - } - } - }, "/api/v1/certificates": { "get": { "tags": [ @@ -6238,13 +6201,6 @@ "items": { "$ref": "#/definitions/v1alpha1ApplicationSetCondition" } - }, - "resources": { - "description": "Resources is a list of Applications resources managed by this application set.", - "type": "array", - "items": { - "$ref": "#/definitions/v1alpha1ResourceStatus" - } } } }, @@ -6316,19 +6272,6 @@ } } }, - "v1alpha1ApplicationSetTree": { - "type": "object", - "title": "ApplicationSetTree holds nodes which belongs to the application\nUsed to build a tree of an ApplicationSet and its children", - "properties": { - "nodes": { - "type": "array", - "title": "Nodes contains list of nodes which are directly managed by the applicationset", - "items": { - "$ref": "#/definitions/v1alpha1ResourceNode" - } - } - } - }, "v1alpha1ApplicationSource": { "type": "object", "title": "ApplicationSource contains all required information about the source of an application", diff --git a/cmd/argocd/commands/admin/admin.go b/cmd/argocd/commands/admin/admin.go index 01a07e3021fc9..9c56b066d552c 100644 --- a/cmd/argocd/commands/admin/admin.go +++ b/cmd/argocd/commands/admin/admin.go @@ -66,6 +66,7 @@ $ argocd admin initial-password reset command.AddCommand(NewDashboardCommand(clientOpts)) command.AddCommand(NewNotificationsCommand()) command.AddCommand(NewInitialPasswordCommand()) + command.AddCommand(NewRedisInitialPasswordCommand()) command.Flags().StringVar(&cmdutil.LogFormat, "logformat", "text", "Set the logging format. One of: text|json") command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", "info", "Set the logging level. One of: debug|info|warn|error") diff --git a/cmd/argocd/commands/admin/redis_initial_password.go b/cmd/argocd/commands/admin/redis_initial_password.go new file mode 100644 index 0000000000000..8fa1e70ad890e --- /dev/null +++ b/cmd/argocd/commands/admin/redis_initial_password.go @@ -0,0 +1,98 @@ +package admin + +import ( + "context" + "crypto/rand" + "fmt" + "math/big" + + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/util/cli" + apierr "k8s.io/apimachinery/pkg/api/errors" + + "github.com/argoproj/argo-cd/v2/util/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/tools/clientcmd" + + "github.com/spf13/cobra" + corev1 "k8s.io/api/core/v1" +) + +const defaulRedisInitialPasswordSecretName = "argocd-redis" +const defaultResisInitialPasswordKey = "auth" + +func generateRandomPassword() (string, error) { + const initialPasswordLength = 16 + const letters = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-" + randBytes := make([]byte, initialPasswordLength) + for i := 0; i < initialPasswordLength; i++ { + num, err := rand.Int(rand.Reader, big.NewInt(int64(len(letters)))) + if err != nil { + return "", err + } + randBytes[i] = letters[num.Int64()] + } + initialPassword := string(randBytes) + return initialPassword, nil +} + +// NewRedisInitialPasswordCommand defines a new command to ensure Argo CD Redis password secret exists. +func NewRedisInitialPasswordCommand() *cobra.Command { + var ( + clientConfig clientcmd.ClientConfig + ) + var command = cobra.Command{ + Use: "redis-initial-password", + Short: "Ensure the Redis password exists, creating a new one if necessary.", + Run: func(c *cobra.Command, args []string) { + namespace, _, err := clientConfig.Namespace() + errors.CheckError(err) + + redisInitialPasswordSecretName := defaulRedisInitialPasswordSecretName + redisInitialPasswordKey := defaultResisInitialPasswordKey + fmt.Printf("Checking for initial Redis password in secret %s/%s at key %s. \n", namespace, redisInitialPasswordSecretName, redisInitialPasswordKey) + + config, err := clientConfig.ClientConfig() + errors.CheckError(err) + errors.CheckError(v1alpha1.SetK8SConfigDefaults(config)) + + kubeClientset := kubernetes.NewForConfigOrDie(config) + + randomPassword, err := generateRandomPassword() + errors.CheckError(err) + + data := map[string][]byte{ + redisInitialPasswordKey: []byte(randomPassword), + } + secret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: redisInitialPasswordSecretName, + Namespace: namespace, + }, + Data: data, + Type: corev1.SecretTypeOpaque, + } + _, err = kubeClientset.CoreV1().Secrets(namespace).Create(context.Background(), secret, metav1.CreateOptions{}) + if err != nil && !apierr.IsAlreadyExists(err) { + errors.CheckError(err) + } + + fmt.Println("Argo CD Redis secret state confirmed: secret name argocd-redis.") + secret, err = kubeClientset.CoreV1().Secrets(namespace).Get(context.Background(), redisInitialPasswordSecretName, v1.GetOptions{}) + errors.CheckError(err) + + if _, ok := secret.Data[redisInitialPasswordKey]; ok { + fmt.Println("Password secret is configured properly.") + } else { + err := fmt.Errorf("key %s doesn't exist in secret %s. \n", redisInitialPasswordKey, redisInitialPasswordSecretName) + errors.CheckError(err) + } + }, + } + + clientConfig = cli.AddKubectlFlagsToCmd(&command) + + return &command +} diff --git a/cmd/argocd/commands/app.go b/cmd/argocd/commands/app.go index 1d7ed56668423..9fe2ccc9c8ba5 100644 --- a/cmd/argocd/commands/app.go +++ b/cmd/argocd/commands/app.go @@ -51,7 +51,6 @@ import ( "github.com/argoproj/argo-cd/v2/util/git" "github.com/argoproj/argo-cd/v2/util/grpc" argoio "github.com/argoproj/argo-cd/v2/util/io" - logutils "github.com/argoproj/argo-cd/v2/util/log" "github.com/argoproj/argo-cd/v2/util/manifeststream" "github.com/argoproj/argo-cd/v2/util/templates" "github.com/argoproj/argo-cd/v2/util/text/label" @@ -1313,7 +1312,6 @@ func findandPrintDiff(ctx context.Context, app *argoappv1.Application, proj *arg WithDiffSettings(app.Spec.IgnoreDifferences, overrides, ignoreAggregatedRoles, ignoreNormalizerOpts). WithTracking(argoSettings.AppLabelKey, argoSettings.TrackingMethod). WithNoCache(). - WithLogger(logutils.NewLogrusLogger(logutils.NewWithCurrentConfig())). Build() errors.CheckError(err) diffRes, err := argodiff.StateDiff(item.live, item.target, diffConfig) diff --git a/cmd/argocd/commands/root.go b/cmd/argocd/commands/root.go index 1ad9f4e798ddc..5c3b984e5bff5 100644 --- a/cmd/argocd/commands/root.go +++ b/cmd/argocd/commands/root.go @@ -75,11 +75,11 @@ func NewCommand() *cobra.Command { command.PersistentFlags().StringVar(&clientOpts.GRPCWebRootPath, "grpc-web-root-path", config.GetFlag("grpc-web-root-path", ""), "Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root.") command.PersistentFlags().StringVar(&cmdutil.LogFormat, "logformat", config.GetFlag("logformat", "text"), "Set the logging format. One of: text|json") command.PersistentFlags().StringVar(&cmdutil.LogLevel, "loglevel", config.GetFlag("loglevel", "info"), "Set the logging level. One of: debug|info|warn|error") - command.PersistentFlags().StringSliceVarP(&clientOpts.Headers, "header", "H", config.GetStringSliceFlag("header", []string{}), "Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers)") + command.PersistentFlags().StringSliceVarP(&clientOpts.Headers, "header", "H", []string{}, "Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers)") command.PersistentFlags().BoolVar(&clientOpts.PortForward, "port-forward", config.GetBoolFlag("port-forward"), "Connect to a random argocd-server port using port forwarding") command.PersistentFlags().StringVar(&clientOpts.PortForwardNamespace, "port-forward-namespace", config.GetFlag("port-forward-namespace", ""), "Namespace name which should be used for port forwarding") - command.PersistentFlags().IntVar(&clientOpts.HttpRetryMax, "http-retry-max", config.GetIntFlag("http-retry-max", 0), "Maximum number of retries to establish http connection to Argo CD server") - command.PersistentFlags().BoolVar(&clientOpts.Core, "core", config.GetBoolFlag("core"), "If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server") + command.PersistentFlags().IntVar(&clientOpts.HttpRetryMax, "http-retry-max", 0, "Maximum number of retries to establish http connection to Argo CD server") + command.PersistentFlags().BoolVar(&clientOpts.Core, "core", false, "If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server") command.PersistentFlags().StringVar(&clientOpts.ServerName, "server-name", env.StringFromEnv(common.EnvServerName, common.DefaultServerName), fmt.Sprintf("Name of the Argo CD API server; set this or the %s environment variable when the server's name label differs from the default, for example when installing via the Helm chart", common.EnvServerName)) command.PersistentFlags().StringVar(&clientOpts.AppControllerName, "controller-name", env.StringFromEnv(common.EnvAppControllerName, common.DefaultApplicationControllerName), fmt.Sprintf("Name of the Argo CD Application controller; set this or the %s environment variable when the controller's name label differs from the default, for example when installing via the Helm chart", common.EnvAppControllerName)) command.PersistentFlags().StringVar(&clientOpts.RedisHaProxyName, "redis-haproxy-name", env.StringFromEnv(common.EnvRedisHaProxyName, common.DefaultRedisHaProxyName), fmt.Sprintf("Name of the Redis HA Proxy; set this or the %s environment variable when the HA Proxy's name label differs from the default, for example when installing via the Helm chart", common.EnvRedisHaProxyName)) diff --git a/cmpserver/apiclient/clientset.go b/cmpserver/apiclient/clientset.go index e624474f2d34b..025625ff8092e 100644 --- a/cmpserver/apiclient/clientset.go +++ b/cmpserver/apiclient/clientset.go @@ -2,9 +2,6 @@ package apiclient import ( "context" - "github.com/argoproj/argo-cd/v2/common" - "github.com/argoproj/argo-cd/v2/util/env" - "math" "time" grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware" @@ -17,9 +14,9 @@ import ( "github.com/argoproj/argo-cd/v2/util/io" ) -var ( +const ( // MaxGRPCMessageSize contains max grpc message size - MaxGRPCMessageSize = env.ParseNumFromEnv(common.EnvGRPCMaxSizeMB, 100, 0, math.MaxInt32) * 1024 * 1024 + MaxGRPCMessageSize = 100 * 1024 * 1024 ) // Clientset represents config management plugin server api clients diff --git a/cmpserver/plugin/plugin_test.go b/cmpserver/plugin/plugin_test.go index 20480f247d0e4..b253dc414cbdc 100644 --- a/cmpserver/plugin/plugin_test.go +++ b/cmpserver/plugin/plugin_test.go @@ -369,7 +369,7 @@ func TestRunCommandEmptyCommand(t *testing.T) { assert.ErrorContains(t, err, "Command is empty") } -// TestRunCommandContextTimeoutWithCleanup makes sure that the process is given enough time to cleanup before sending SIGKILL. +// TestRunCommandContextTimeoutWithGracefulTermination makes sure that the process is given enough time to cleanup before sending SIGKILL. func TestRunCommandContextTimeoutWithCleanup(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 900*time.Millisecond) defer cancel() diff --git a/cmpserver/server.go b/cmpserver/server.go index 1d07e531394d3..13abb1c02aed0 100644 --- a/cmpserver/server.go +++ b/cmpserver/server.go @@ -46,13 +46,13 @@ func NewServer(initConstants plugin.CMPServerInitConstants) (*ArgoCDCMPServer, e serverLog := log.NewEntry(log.StandardLogger()) streamInterceptors := []grpc.StreamServerInterceptor{ - otelgrpc.StreamServerInterceptor(), + otelgrpc.StreamServerInterceptor(), //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258 grpc_logrus.StreamServerInterceptor(serverLog), grpc_prometheus.StreamServerInterceptor, grpc_util.PanicLoggerStreamServerInterceptor(serverLog), } unaryInterceptors := []grpc.UnaryServerInterceptor{ - otelgrpc.UnaryServerInterceptor(), + otelgrpc.UnaryServerInterceptor(), //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258 grpc_logrus.UnaryServerInterceptor(serverLog), grpc_prometheus.UnaryServerInterceptor, grpc_util.PanicLoggerUnaryServerInterceptor(serverLog), diff --git a/common/common.go b/common/common.go index b825ccddef91f..f4b176946bcbd 100644 --- a/common/common.go +++ b/common/common.go @@ -273,8 +273,6 @@ const ( // EnvServerSideDiff defines the env var used to enable ServerSide Diff feature. // If defined, value must be "true" or "false". EnvServerSideDiff = "ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF" - // EnvGRPCMaxSizeMB is the environment variable to look for a max GRPC message size - EnvGRPCMaxSizeMB = "ARGOCD_GRPC_MAX_SIZE_MB" ) // Config Management Plugin related constants diff --git a/controller/appcontroller.go b/controller/appcontroller.go index 13a05c003e660..b2c884f8be614 100644 --- a/controller/appcontroller.go +++ b/controller/appcontroller.go @@ -1923,7 +1923,15 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus * } else { ctrl.writeBackToInformer(updatedApp) } - message := fmt.Sprintf("Initiated automated sync to '%s'", desiredCommitSHA) + + var target string + if updatedApp.Spec.HasMultipleSources() { + target = strings.Join(desiredCommitSHAsMS, ", ") + } else { + target = desiredCommitSHA + } + message := fmt.Sprintf("Initiated automated sync to '%s'", target) + ctrl.auditLogger.LogAppEvent(app, argo.EventInfo{Reason: argo.EventReasonOperationStarted, Type: v1.EventTypeNormal}, message, "") logCtx.Info(message) return nil, setOpTime diff --git a/controller/cache/cache.go b/controller/cache/cache.go index 20879ae4f920a..ddfe2b17fdc31 100644 --- a/controller/cache/cache.go +++ b/controller/cache/cache.go @@ -290,7 +290,8 @@ func isRootAppNode(r *clustercache.Resource) bool { } func getApp(r *clustercache.Resource, ns map[kube.ResourceKey]*clustercache.Resource) string { - return getAppRecursive(r, ns, map[kube.ResourceKey]bool{}) + name, _ := getAppRecursive(r, ns, map[kube.ResourceKey]bool{}) + return name } func ownerRefGV(ownerRef metav1.OwnerReference) schema.GroupVersion { @@ -301,27 +302,31 @@ func ownerRefGV(ownerRef metav1.OwnerReference) schema.GroupVersion { return gv } -func getAppRecursive(r *clustercache.Resource, ns map[kube.ResourceKey]*clustercache.Resource, visited map[kube.ResourceKey]bool) string { +func getAppRecursive(r *clustercache.Resource, ns map[kube.ResourceKey]*clustercache.Resource, visited map[kube.ResourceKey]bool) (string, bool) { if !visited[r.ResourceKey()] { visited[r.ResourceKey()] = true } else { log.Warnf("Circular dependency detected: %v.", visited) - return resInfo(r).AppName + return resInfo(r).AppName, false } if resInfo(r).AppName != "" { - return resInfo(r).AppName + return resInfo(r).AppName, true } for _, ownerRef := range r.OwnerRefs { gv := ownerRefGV(ownerRef) if parent, ok := ns[kube.NewResourceKey(gv.Group, ownerRef.Kind, r.Ref.Namespace, ownerRef.Name)]; ok { - app := getAppRecursive(parent, ns, visited) - if app != "" { - return app + visited_branch := make(map[kube.ResourceKey]bool, len(visited)) + for k, v := range visited { + visited_branch[k] = v + } + app, ok := getAppRecursive(parent, ns, visited_branch) + if app != "" || !ok { + return app, ok } } } - return "" + return "", true } var ( diff --git a/controller/cache/cache_test.go b/controller/cache/cache_test.go index 53a03ca81995e..584f311f2ee30 100644 --- a/controller/cache/cache_test.go +++ b/controller/cache/cache_test.go @@ -18,6 +18,7 @@ import ( "github.com/argoproj/gitops-engine/pkg/cache" "github.com/argoproj/gitops-engine/pkg/cache/mocks" "github.com/argoproj/gitops-engine/pkg/health" + "github.com/argoproj/gitops-engine/pkg/utils/kube" "github.com/stretchr/testify/mock" "k8s.io/client-go/kubernetes/fake" @@ -319,6 +320,216 @@ func Test_asResourceNode_owner_refs(t *testing.T) { assert.Equal(t, expected, resNode) } +func Test_getAppRecursive(t *testing.T) { + for _, tt := range []struct { + name string + r *cache.Resource + ns map[kube.ResourceKey]*cache.Resource + wantName string + wantOK assert.BoolAssertionFunc + }{ + { + name: "ok: cm1->app1", + r: &cache.Resource{ + Ref: v1.ObjectReference{ + Name: "cm1", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "app1"}, + }, + }, + ns: map[kube.ResourceKey]*cache.Resource{ + kube.NewResourceKey("", "", "", "app1"): { + Info: &ResourceInfo{ + AppName: "app1", + }, + }, + }, + wantName: "app1", + wantOK: assert.True, + }, + { + name: "ok: cm1->cm2->app1", + r: &cache.Resource{ + Ref: v1.ObjectReference{ + Name: "cm1", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm2"}, + }, + }, + ns: map[kube.ResourceKey]*cache.Resource{ + kube.NewResourceKey("", "", "", "cm2"): { + Ref: v1.ObjectReference{ + Name: "cm2", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "app1"}, + }, + }, + kube.NewResourceKey("", "", "", "app1"): { + Info: &ResourceInfo{ + AppName: "app1", + }, + }, + }, + wantName: "app1", + wantOK: assert.True, + }, + { + name: "cm1->cm2->app1 & cm1->cm3->app1", + r: &cache.Resource{ + Ref: v1.ObjectReference{ + Name: "cm1", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm2"}, + {Name: "cm3"}, + }, + }, + ns: map[kube.ResourceKey]*cache.Resource{ + kube.NewResourceKey("", "", "", "cm2"): { + Ref: v1.ObjectReference{ + Name: "cm2", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "app1"}, + }, + }, + kube.NewResourceKey("", "", "", "cm3"): { + Ref: v1.ObjectReference{ + Name: "cm3", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "app1"}, + }, + }, + kube.NewResourceKey("", "", "", "app1"): { + Info: &ResourceInfo{ + AppName: "app1", + }, + }, + }, + wantName: "app1", + wantOK: assert.True, + }, + { + // Nothing cycle. + // Issue #11699, fixed #12667. + name: "ok: cm1->cm2 & cm1->cm3->cm2 & cm1->cm3->app1", + r: &cache.Resource{ + Ref: v1.ObjectReference{ + Name: "cm1", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm2"}, + {Name: "cm3"}, + }, + }, + ns: map[kube.ResourceKey]*cache.Resource{ + kube.NewResourceKey("", "", "", "cm2"): { + Ref: v1.ObjectReference{ + Name: "cm2", + }, + }, + kube.NewResourceKey("", "", "", "cm3"): { + Ref: v1.ObjectReference{ + Name: "cm3", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm2"}, + {Name: "app1"}, + }, + }, + kube.NewResourceKey("", "", "", "app1"): { + Info: &ResourceInfo{ + AppName: "app1", + }, + }, + }, + wantName: "app1", + wantOK: assert.True, + }, + { + name: "cycle: cm1<->cm2", + r: &cache.Resource{ + Ref: v1.ObjectReference{ + Name: "cm1", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm2"}, + }, + }, + ns: map[kube.ResourceKey]*cache.Resource{ + kube.NewResourceKey("", "", "", "cm1"): { + Ref: v1.ObjectReference{ + Name: "cm1", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm2"}, + }, + }, + kube.NewResourceKey("", "", "", "cm2"): { + Ref: v1.ObjectReference{ + Name: "cm2", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm1"}, + }, + }, + }, + wantName: "", + wantOK: assert.False, + }, + { + name: "cycle: cm1->cm2->cm3->cm1", + r: &cache.Resource{ + Ref: v1.ObjectReference{ + Name: "cm1", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm2"}, + }, + }, + ns: map[kube.ResourceKey]*cache.Resource{ + kube.NewResourceKey("", "", "", "cm1"): { + Ref: v1.ObjectReference{ + Name: "cm1", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm2"}, + }, + }, + kube.NewResourceKey("", "", "", "cm2"): { + Ref: v1.ObjectReference{ + Name: "cm2", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm3"}, + }, + }, + kube.NewResourceKey("", "", "", "cm3"): { + Ref: v1.ObjectReference{ + Name: "cm3", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm1"}, + }, + }, + }, + wantName: "", + wantOK: assert.False, + }, + } { + t.Run(tt.name, func(t *testing.T) { + visited := map[kube.ResourceKey]bool{} + got, ok := getAppRecursive(tt.r, tt.ns, visited) + assert.Equal(t, tt.wantName, got) + tt.wantOK(t, ok) + }) + } +} + func TestSkipResourceUpdate(t *testing.T) { var ( hash1_x string = "x" diff --git a/controller/metrics/metrics.go b/controller/metrics/metrics.go index b195c3bff8870..94405b51eac75 100644 --- a/controller/metrics/metrics.go +++ b/controller/metrics/metrics.go @@ -113,7 +113,7 @@ var ( reconcileHistogram = prometheus.NewHistogramVec( prometheus.HistogramOpts{ Name: "argocd_app_reconcile", - Help: "Application reconciliation performance in seconds.", + Help: "Application reconciliation performance.", // Buckets chosen after observing a ~2100ms mean reconcile time Buckets: []float64{0.25, .5, 1, 2, 4, 8, 16}, }, diff --git a/controller/metrics/metrics_test.go b/controller/metrics/metrics_test.go index 81e724e9274f3..23628c38347a5 100644 --- a/controller/metrics/metrics_test.go +++ b/controller/metrics/metrics_test.go @@ -374,7 +374,7 @@ func assertMetricsPrinted(t *testing.T, expectedLines, body string) { } } -// assertMetricsNotPrinted +// assertMetricNotPrinted func assertMetricsNotPrinted(t *testing.T, expectedLines, body string) { for _, line := range strings.Split(expectedLines, "\n") { if line == "" { @@ -391,7 +391,7 @@ func TestReconcileMetrics(t *testing.T) { assert.NoError(t, err) appReconcileMetrics := ` -# HELP argocd_app_reconcile Application reconciliation performance in seconds. +# HELP argocd_app_reconcile Application reconciliation performance. # TYPE argocd_app_reconcile histogram argocd_app_reconcile_bucket{dest_server="https://localhost:6443",namespace="argocd",le="0.25"} 0 argocd_app_reconcile_bucket{dest_server="https://localhost:6443",namespace="argocd",le="0.5"} 0 diff --git a/docs/assets/argocd_architecture.png b/docs/assets/argocd_architecture.png index 84fe437a9ace9e03aaa960e4936ffb09fa4dad34..3de4dd9f93d4e630f775890066c475338bed4de9 100644 GIT binary patch literal 121649 zcmZs@1yoeg+b=93A>AD_bf+NQFf;;!G)ha!3`n~lg-S8d$ z@4fGR@ArMI#bT|qX6EeK=h=Jz>LE%;O9k&4^|L2Wp5UoM6m_3GLEQv?d$BNpE1zZZ zbe=q6e4?r-r|)IHn~UkL|C6GRj}Emkf?QTsj!;PlWxGRk8=|6v;s8cPB}Xq&Kj?TC z;;twTIVd_{r0E->ZPNB>H7{h<=0t}n}e+~Qa8TyFKrFu9+i&eW~)B35;l2eL2~FZ+#<&+;T7>7V5>pa(XG$>L0rQVc7$zkjLA@VnzTaqrf$83Rf(zcp(k z$M(tv*SDm;vaO$=4E&`qG`7=b_SWn5*hy*i?2Dse%MZA&po$pPiomC14!FHMJ{gtC z#=0n0NhncCpr5FG#T7-w6kcUiuPl9kX{Df*E#k~+;eVD|qM1Eox^r;A2h?i0`}Twq zbbWvYnDumR=_^Iu5(vmoMCN*n$*92|K2>F;C+_jjI?}lnx^BHSR(L$`SlhvGi1mDS zC|_pTwC6x6niT%(vq9$Y#ZGM(FOza?;@Z!c!5|bgX76L9trh;NOyGSxw`q%xavU{_ z$Ic8{(I3ST9_WZ9P#WxHocjC+9{Y<%jDI}-O~Gr-z71r%c2aFg@>z6pPglN5{%lyA z<(N51AaiRuPXaIJi@X^~Z@*UondLED+B7J6YK-F377EqG+EI;J|83w1RTSPAdZ zEg}rif6$J!kuI1Hfyrk>wo4F0`lxrO6z`A8y5S9KyL0Rx6asn^k(+8nV`sZxCc zv-d;^s)Hd81A1hN=Td+|lZEeY3feyFHlZ1UsTa4Vw97`u*pj)QF@v2fE4ixoE zVpa|I;jHIEU53@h(@yT7e`H(+DdBiDYD?|jHZxU5NfMqeVqS*@pwh%~9+M`@hq_a`x+FQ~xEsxKA}+>*w$J9s$c z`R071qx#>zxKiCxwUFLlS@n9N;pSCXUR1z-)Zz4f%1o&{73*-l-Fcyjq75nFbM|lA zOf2@-4fqGPK)$3^8nAsBDN+Q9Lzh8+)#o9!boSAAWIE>gmLI-xIv`{0RhOtxg zvCYa8?jFfC5%0O=t@3WVlBGhoGzoaPgXtCl4$N-|p%xYv3I#Z1oYsi_XfiJ3>GmY_ zV&80graId}g_#CwUaX8qqPY>kq86~$i%k;T$M{9D`C@Ou&YI`u;y{!JHBts{4@N3( z@cf0fd!N`w(MdENp`kj%VGHM>7C$d!t%DcTj+X;UWcrq-i+vdJ4 z+b;(9vgYl2xc`>P0C)B4&lD=3L;pQ`Ql1}>#G;-?DVex#+VUP$VBv?Uf_M=a;q=R{ zK6LalVI*&PG*_Y=DLIvo<-Fw#Y@HWPWO{*QC=_6RkAM0OQ=eYSCMX`^(}^>yCbN31 zvghqRD}tR}<7Em3!hvl;XMf4}WjSq;UMY;0ybX!kBMAUiSnwgSN55ZkRVuVvig19=_9Mx3J{3JAiEAq{6B=MW< zRyE>kGe6J;A#%YDe|z0r)MGc2Bj8_U_U-&>QM5S?u@j9_z~M?Tax~u}5su3sZ7Slj zXy5mRWi!n-mt7=@A|}T~dMv`@P>3BmLP_{f%J-a7K0f?*Bv(Rt;G~bnwOv@-FGtih z?}%Y;IF-u~6(I)W(J7GaUeyudgZTbt|DAl&y|Ejc@13nhJ3Yby8dRW-Om?;X07K4W+x{4=6;J)}!p!{N?$jX(KxyjUfB6ifWD#qBS3 zNObQN_Y*2GXIxdW{df@y999B0z(_ghdRRKeyXx{h$n(2g zjj%-{WYfwa>~Hl5BEb`T>4y}upMzHswf@2^+BWFTzsc6%zLb9m#Uv1!cklaUSoAk- zW6@wHq>5EDOSnv?VIvlHvY}beQDIoSq<+E-#TVPGc%n@gd0TI^S|J;bONGk{u}$ne z6pcKJ>YgljMw<3}Q%Y;hPjM0HK=)Gz%e1&q^W>iJIDLKl6BR?jFk1OJIEzf+!DjVs zX1yhRu@fe$;liqxp(Fk2wHCHdh7PWom0>c>BuTpZ^?**fr6SI7A!LI3t)zo|8|o^u zfGvp#H#3}UZo?Bl6zW{2k*U!@hpiSx%raD{1K#|-x6mAygT59`^k;wib2_~CH_0pT z7@>uF;N7f6AQh^l^StmRIm39c!pK#-d>Kyby)Q$AZ#PPIuhb*{8FDdQ4wE(p+|L0a#YDMYXd-9)fJ!(#59X-&H5 z?Pw@0n@eA{{*{6Wd9eHY5dYTWzg3%A$oW(hK%t z(t!N@VmXjzJEB-u0O4Ep`m22EByA=(^9$Rdht0rETS*3rKQB?6;W+4E!{E^!x^X5%}jc1AW5KFO3=?bF$m-H!5RYufHqS)q=dhy+u zb@`Wk&u>e2>}4t~qX`#O(r^&}CW@4Bff;C?0i)@CpD&`Ei`V~z*)uE0PLouf zJXMthoLBM&ms3>y`lOMpSnE5-&e#T5ZTs;=GJ`cc;Ro$k^muNor>FpG=6^(?G;&0T zP;@U-4K?A3>^X|x*zevYdK7KaN;3t1v5_?1aC<(--X5GI<97+cz-M3?G_1uFNbr80 zo+%u|5<>z1Ff5bSi!Xgou#*A*diTd}wDf1+XTjpvoaG4bkk{kZWY)Wt8NZMI&* z+q}@kA~G)MBsC0bO!yM$#SE+Z91F`PL6eN(>dJBlf#^Snm8wOn485*BPGuZj1u3zZcOX7_k33 z^-8Im9%Z6Hu8Ak~Q?l)F(`maunGSwTQYaNpbdJfL+huayYT8TYj|xSr&a}3lZ{H}i zdhdK_X^|I+1BX3>T#V4A6iBq9p3Rtx@X)esz7pysFv#CW9)?t5gw!AxjgY54!1FjH z1#Tx5)(~He)q;WoWz?hW6@(_4tanwbxv|cH=vTi0Y$iR=EI}TPa6mkh7 zqe}}k#EINlwnhpw*EfZd7Wm>7kc)7%f<)&b^O%txh!JY?k3)0FyvL?(sUa}kLEsf} z^pu=$`09JAM29a>NzYdJKiQ3?s-a4LI$${kjdM#U$dkZ0G3yFVe#)X3hAvN(JarJhQbuED8PSI^CzJkMf% zJ65Qm3m}+ep+(Lo$dxIkVH;8tFrzG|fi~r|HUQM$P4tA5!|t_`W^>mxf~kl*0b)6a ztT`Ajj^LmyEyMcA2Fythi9ekQ5f&3_iM;P4`tw=s2KRpV!E=5wjdK;!a|!+SVb54r zj?^`^@ioc4+a=}IcDgr8);0eRs>%)fF?CWdFrD%9S#DksBSLPB;d}|o4$b5La7suJ zbiN3i+#1?r5uACECQ)6_hW~=`T}N6UTlgfE$qPFT$&>4_l7 zmfVvhYDnD?6BKb^hTk_j%}w0ucuXyQnu$Ioz-9=PPyq;lzDQ|ja2A-*99Urld`J&d zrS7L#I^66428AB2{R~=S2Tzr#lANro3P+%zE1D(K9(A)o@Ckn^2g ze%D!8x6;#ZQ+#<*ByPlD3@u@2Q5!r&wH{M*@~P8wG($1*UH? zEF09AI?NN#wl%%w*P1(|9|V!fFTJ8pTYY z=88$@NsmaN4_o+`gxT@Gs6aI{buTBW2~>_(@|J4|x!4)9)lkG?5glv7OK7xdw|*62 zYh{_~TD4X8`JH(AK1ESWqvNbd@5Q9H%=1_7pj3d}rhyc~DYu_er6hLJ$^sR63w0-EH5KQ?FYLE6(afO;Ow{);^kP(Lpw}MEZr-H49!h|acXPxHisGxBPr(`JviA!}h zgIV6NVStPbZ!m1rCgo$`QD+4FPGlqltqtecj^^Qx9^bo$x)LByD|E}oIH zTVi z({vx1kq2-3IUL(KQCax-d4F5DoM?xhWkp4f0_b^vsf+FE1euobZ#Gr5-X=BU1Nz;_ zpKpS1cbScv-Zd^%eiRq9}cPkv?f<`TVxTemRVJJ`1*z}Vj_v#SM z6V)85Zx~O|gTI(|RnCyn6pz$urb~|$vd$iT!dwH}9APEa5~ha!skM;tKHtp*g+OFJ zHQ|V{gy0`__}?_Ok|*_x5mxR%Yk?wPY$!FC1CZ#)dM1Ilz5Fk&!PAKs1-RH4cMMWK z`t!}MuD3yw^(a9NU>k*{?;HNWRI+B_s@j}9aVQ_)%V*nAxGC_nBuNx?H7D`6(@Jyz zpWXUflAs)o!kHqXjLX$h2X1+aMoHMTBD=b}cIO)honCMg<9R<)@%7{N!HuY%?a6Y@ z2g@A(H}ZcE00k%(pLPh4ZXBhx2@icQ_A^D&1OkgT%C&L@QLt*BY7f339TlHb8R5yq z*H++$jx>fnBNP1nnFDn-48T^0^5(x@p_|4&dC3X(IydMF@IMK2%qPg*0iKIKUE>5V z)E`(su^ThF7)Gsr>y<-!%{m)A=HQF{2lbLKe%?#T2{g|Wo9pb7GX&nYuk-=+Z!?5+ zsCzps-b&HS`ZG7c#J~7ewRvmERHdG5$4ic%P52*hjF zRJGJN{1U`lU#fbLBork)lEmM;Q;oCRFQ!YLXFQxCz!YRHe+hAIbNj1Y@#=G01zHet ztv{J<1BS4R*W`t-19eUV)k-0s!xW4cc9@_%9@!zh+nuYYIi|^|w&+??98`&?bwIG) z6S^t4^?i3m3KJSzvs@~j&VhT*F?qbfvcQumAV4w?kty)@Tq@Q^g)6j;yD)jm0bHbf z{{18EzzA(UaYvam1B3)kYYBenNLlc?latG03&?YS5&Jjc*Ktd|o?EB>)-Vu}ZwO(m zP4-(6fP_j`d7B85-#ke8!M4JpgK!>Ew>*C%ml9(;VGutIYl>4OMc6@?MDA~lH1J_^ zZDhn^n>duipQ`t>`MO4B9u{MNrpqLhn%R6Of;qG(Yh*;;qm29?Bg-J zahApn%NFuCgMiCaZ2A#3Gy*v^G6aXeifC%PAr4{pRK0uydwu9~7py8^9 z<1#&b0q-VSEY<(9W{Q#13gHe7T}rfKW_H55r0b{2dhb5vL^!m$(*sq%s*GV?)*4}5|!2h<$9c|mQY@HsMP7>$Mq zA=6pE$~ZB)SXEAT>F|xH?q~1(Cw>tq{X)4T@RHCD#fQvMfE&5;TQ61d5i{KHgYb0q z(0||n%xpERJ^nLR3n2>qpz$`*_IY*llAy&9$OwX@z2i9vI5E**;D^URmv7{N~R$yD(AbK+=D9Zo+4(z(9EFP`^PPHQ3=BJm_b- z>I(6{yk<>&R;sRgH$TmyS*ib0Iz;Q8Lc?+mc=L49;l@MEeW&8GFaG`qbhqXFq4Fy& zW$BMk{+%!poX>ocNsVN83dRFL7a-SszvC!)jO>@FC2+)wknCy3g9-cuP~Z?N-$OMO zY5y`ZVK!9Et0Obc73)CTiK^Bdgsw;?!q>4_{3U5yqQ^x4NMzZ0dKgZBQ_e$0&`z;I zw%iDzK8&n5lxzoU9)!d$(DDDFoTfZV%w+^TCjTFJzkH!NeYv)%Gu$Tm^+ z%tU@V5gq^0qZZY_49T-+Jb07*(M>jWI26E5d5^eB`_#ipsapx_Hw6aqCn~Vz(r$Sk+S4OI*x-WSAMa=dg+1IXa1dy_FMnq3KX&iw~f+upe9|AJks> z?l8JsFm}0n%Ir-2W!y5Cm@PoSF5va`R8zF9J+Rd2jgbwxV8UR+l|lTwO6M%aMJD63 zaTNwCuxys#O=wCJ5l_t~VHQi=*Rp2+n-3&+YcWeprb;8Oi|s5-eVQrD2DScgV1%^2 zi8(p09iaSXCn9z^8UOQ~*nDxbnfp#vdZ_@XHnpS|UoXqGSg=X1sgru;CU7YD`l}Zn zWK6gI*@Ri9au{i3i8`DgD(vb;4|gpM#^dDPsp^!jCyD*<<*(M6vG!P{R3s=t}+a z%9}c$yYMH(d-fLNMN!BhxY>NO6Uepm=q-9K`=3nMrp@3v9rS*UMKxJG)f$qomBgw= zOZe6I78wOdNhRHgY>S4>t@<^uDJi^)bYn*(Jv5DxIa7JCrT|5o?tlE zLa-ma_>?-#zKRsG+}BWMOCuD2Y(`@VC6PY=j|0XHV3nN?fH8`pmas8-(1>g8tk~-4 zfsHi`P*1-UMok<=(oU$G_@XjUQywgR+=rUYKYkmHzH+Z&46}FJhH-jQqfFRcDzHY%&%@v2{{y$iF&F=i? z>kv|sY5G_ETg2Ps0&J)wDB8O8WpNBb2yf`!pYl<<%1f%HlEu&D>bb7~h2;ICztqxQ z6UvENBlko;o|RUr+-56BwYINN^BFYpXOP0XCS^AQ{DiP_xgp>4hnF+1i`?4zQaH(6 z2)Ctx6V0nSO`QI$^#>*6oNdyi`<3qsb6;#eYh;M%Y2}FTX}}_C0P`lElsChobMI6s zg>7pKP$F(LxB;SVZH>}pDZnbV)?xPmQ3WPf^|d`D9tJHo943@mL~`Q;7!VFna7Axm zW>v0CWKj-n(Yg03pJQ_F!qtY)`N`1pG;mV}nqqaAtOKz4gnIqD3j(9Ou~IeZ&WI{B zYnow*^lB5e4MT-|j5w_O<7r15D}*I!GWqTU{Rl%Mm_1$fxjLEePN z(ea&-^Q791-b2eO6lRmiLa^G1PrFy2#pWbGBl1>%AC4QI5*KU~C43Z;I`N|6{eNbH z9hF{Iw!alqb_PU>;t7&X!^F2SRyJ~}JS^mC#%;y${@DNQ4VCw}*vhuU-$T1vlu+xv z@VMhshuG4V8uLk%vT{oBf1-+23#olkd&$z~}6d*bUXuYy`l)B|5 z`YTHWJUXxGXM9y>|8Kz#FV1A~mzw{XgUI+tNv%`^30t?`oAg{TudJ2k{?TD$ys-&beN zW$;rU9jdMesQ)SL=2$^GyMdy3!#n!*`j+3k2Jfe3IH*Z!`!~ATj>)-39~CVPTgn@- z;+r}j*=5Y^z}m@a{mNdOpsRuJ1`;uQIpzVisDd^8$Wl)A03-V>&TDBQw5ryhMmS}c!Q zifhIhSjtk)Vc z`vN_wj7-(i**Wu{JA(U@S>ujV6~BuCNX{2e=tiyC^nrX4d%$TSfqjLo^wxi|(U1P% z0>Gbu4MhgHQwa;wJ-1SFK1yVkb}=Y&Z!2`vl(e+(;*NU3A2CQq(9Jsi=Jd@QMRjL% zCF57HX=)G+@S|QI#d85*nVgf&Tq*gWN9w?H!}#_RxdCog_aU=F$Nhh20ruu)xlY2S zM1&7$-fFFnItU?W*FS3v$a`i5W=$P?4{Dbx!sU6XY}00M7~?{IQ+dGwbBFc3B#^hv88dqm0h$e_TT3wFC^(iw&E**j*%NW%^PFCJ)UImQD*z!;=11 z(z)UuNiKids2=QwvutiR+Mh8`CVeN`-kT_m0Uexd3=4UXR2o#j`$u=ER{|kg?G~Hm zXMIj-AGkOFyl{)^=`iD=|Me-nw(H)w^Y&Q%uP*Qw7QHf!-~gAa1rev;{M*Z2U7*_r z9>5!~2+}xWy(c)AR2@oY8&&szeVHritt%(}FCq;qpiD7d-_ZszEjb&xagk<)K%}yxn0w5D9z(58zhO;&MuhmjHRRP@%x!1g$ z#%)xG0Nj0CF>bTA22d|4We7r{3=|4DOr74jFi_$);NsI9+Y#9#?EtbP&^swOQ7FGS zTV=%L+I|!+>^wh3s2^$dr_E#7isuuSY5+4h`~y{)G>^1=_lul5x%epiW=p;~s14`vYcjpEiE|3149Phuz;q)^b7!$G!Q+r%8CAK5Y@~#1A4^ljYi? z+GyWH9i1KdO}hfj*t;n)R^&Yp-iTdJblV6ECUERNBWJY^ zf7>zVw?YxQ2U@ zd>e39c`NA(A2Mrry}ul|0$;@wdnl@Y&pt)gw3#4-Cnn=}n!(kE^OXQPW%%DVU|A#- zovy>{?s>YVc<+~tZ}>sP*kOrsxB>wYPhfp$#4f6ujJYNJfO}mHc%93Nb#OkpHXi8w zXG6a2+1h+>h9U}4mqpofjoc8qP>f87SRdu-H}`E_g(A@MqeBgN%h@RviO`}y`iCq< zfKY3!U^-W_K=bq`0Bk{9y;1D-{a$;GvqPDL0TKN5-+wo|=0`Cz{j^{1?C_@3#hGI% ziapy~m`(Hqk2i!Z%7?Vl>kd*r#$e38eV_u5>OB=fzpZ9BZ*Tb?vV$tbNwTnp1KJ-e z427SNvFmhKsm#^c;C=7I-1vckfeWZntY{dxSYul!)+j~8WzmgjfmkvpPeeti(@38# z{|-75MycY_U_5EM5283(^AI7VooHs+yc`rix+;@#Jo(xFjGX%uQj(kD95Qdv@6BxX zIydc6oc&FFVnNOa2c!?*Au?;8J!3yGOAPsk{tV49|XIe}h z`X8d$A3M}oEG489*aAonQafqJUrp9=JG|!Y_C?dlteQ!H^hOEA9}jDn#|O1>8B_rz z%U<&3YIwNj_r-5ww|L_YDWSfQEVSt5qL}=u02-O-8N> z3h*7E?ua639SG_YR}f-E-r%c5m%c`bOdX*JKSVXs`0oL*42S)^sej%c4*v*Zi@rn+ z-i$)mraufmV^$kc?lWL>iF-OT(;nHkP$TMyMK4M8M(E?zue2PJs9!3vag^D_8vWj0 z{z**tEr79oPhAla9W)Dge~YDqhSvY8#OkcC)JS+vN?15-K!qcj{EacFB4`x~9Mn_14wgEUyYRm<`&fL^0fEp+vK-up5+{Cy z;n4JBl_V}lZ4pbUti7RnXtCSI=X@KBc3$u>d^W}T8_y}pO~CbY)qT#Gg}hN{_HK9uES{} zqnIQZo3!7{U0s&Vmrmb3+MTuH7o!g6ZCYi z#UiS`c)KaJQT9}feV{C~DbWN7^!Su9K*R&;-Bx#TODMq3**}Pmac7)JDRIDYQyd`@>;P)ppJXF#yMcfvR zGkZoxAw6vV#(@rJs(Ku+svsGbk^mPzrIR#m+W$>e7Vu*t1M7ddyhg9vCYpE^pZs{r z0TUT6sKz1GIvuVO=oMjB$U_-#W=MvJ`oO@;iYK9hkuoJfb;G3mnWBPsjs0)$E|$Z& zVTse!p$cCpsU1ZyB&kBbh=Vo1p5b8QX=8qB?EZ~V<(41m3w7cMUN>YD$2V^}>D5N? z*BaeF4M*`}GW+_A06apwEy`T~v-jS3h8R!g4%5>NVzqS>{RB`)W^W!7j6Y(#J8l#+ zRS^Hqy1qS6Xl07e8psYiR{yM>r7Hd)950N0nw8z`qW%D4vRs4trd?x>A&fzaQk+6^9vJwc6MZ9RzdDY#SMR-%3*vPQyZ?$uiOmlKtbv6}=PA`XWkSw;v0 zOJuFnKx+x6%8$(BJ^|1SI%t42DB~2?Vuz=;4?ZRLj;Kpgxpq(5J@1qj`Z&MpTCeW6 zcVrbuaxAK8!m6LzHr?*?WX=Z*UKX$aKGIuN8~fWA#T16Kk?tztUkHR~K3By3CtiAp z4}1~dU*Z+%(Xt;EfG<+~z&Q8CAx6@h+WmXRp*yWA;-+;u`MR-kFx%A{&mfs5C7%}K z?r*o;_MgDWoENZpMeLrz#9dMjec3k8{Q`8Uc5*pD7zaMQdl-07o*j1DTk{n1&UVa zS#DYD){b!QOw-KCIv%~vQ)e5^EkV4k7gxp>gOneWe8Ycp`Ei&7wDH`;G!@gXTD zy(Zidoes|@>a9|V!sm^wpFel@6+K@6hh!E2l&r=x0^t51BcF)xdG8LE0VbCu7_ zf+9rcH+f`IjbCwPuW?d(=WOztg8eZG>a(?kIgA><_)WBQS`Qo!s2j15ShTS3ee>gD z)5^!6RVcD{<1j1wsI+lPO7W#MQUh7LS_-ustv6Vk6vYq zu%nJ4S5){cc&p_;3t9D zK66PwOI17OkKgs-@+ppe-?;48n+W`kH5a(@1%Ac&Ts4Os&I}>6c>62b=8MnuZYD=n zNYfoWJMV?gWvP5-(nN_lo$B^xIgxv9r~0%vph!jj11c}!pJ&jB1rZi1io#H>Y3kew z#Qi zXzrCtQGc$4=lalGeceGfNX+Xpl2#%>p1xJCRvY{BUn&=*y7CpX#{j9?SjV01s|PY* zoen(8B?G)2TBbx;)F=y)-qxUvArWEZV()0NiYPHf36uSp>bSjQ;wd15B>nzs^;9+b zdy0FkdY}o&QN#%-5wrZGuy>yr^tsE?&14q;Go4-nk9iEQqbU!iZaOSkFrQf`SkLy3 z8+a230liOi%1`p*u_Rbb0R=~*wz1#T>$>(dj;S#imdDjU4?*t@Zl)Nw#;gBZcZYL^ z1l)hO5WMZCLo@ok8^!E=n^6<4eFH>@fUmLmsKM^57vQs_65#}M8P;My9?-^nXVfrX z>mK2g z=g9ZGR&sdNh>HzoQSI{BNvpExG6$Sf#?H>pB*55n_|w)X>^L*T(yaC?o^E}y6((ra zhpSgI_(%BznKXKeqZ1N4UtOa;O|cNpUnYuq9ZSI^;^h zk(x)Y(HgGJ0Bch3i>0y|&67%c?r7kB@yBx=NNRghiA9hqjBElQtDB|cX^AOjhY$D@ z!musCA#T4|^40D1^Dd9LSx>jnkYUr#OUV$h3jhE878yY7Ha1&aN|zXR==oHvJpXii z0`Vhr@<&4nA_DU3QnR)bx^f8TKO@t(LJVdb)vI;UFGpG&Tf0#8(B%?y9JJqsJ9TZC zO8aXko&s8nIzVembPDB@cuYjZU>mWqlmhZi&I_z0tQv`KfBUetc>&j(89?KykD@@0 zX)E|KRSu*$m4F}w+uhAYI$#kFezp2l0^pT!W)kduKv{ZB{QsM+<#U{=f&)))5QyuS z0IEcixW~Jrlau5y9Et$|V3h)>NV%@p1K_4#L7xG13;!O9Nh6=&7v1z|=oo>)2an+h zX3ear%RoR*5!wf&Mzm{o;|BX~=-SO=P8`7pcM-wFqY)9Foj3q8=`I^)?OtwF{FXtN zH#gZ2B-22%Koc(Q3!OI41DB0o9WLr4N5z)kLv#z}pMr>&T48pQVv}NAW-4e0FO}gGV}_N05oj=0w_~$d!qD@ z+s(WDXxWU%bz+Ovh^E8{Wqg0Pp;x@4~$Xscq1|GFEl2&?g_fN4@ zLdxVoyaW&`1WSkouYe+>)_oKauKp&-;I2LZ&N$wcX_HeXvwE7wF|wa&`m0b7gS20ZMxLY*&|F|6!UF_*g-(#3 zA}o}z>!PxrJEj5b>F3JFgetPVIa)xlkg}{c^?!I57%dANsZe?Y^hN-Hs1hQjM3Eb8ctxFl zTSB-$QlQ=saMeQKU?p6mMr$5IFYpwh2|^m3T30nN(FNRp>v&ZUq}Ge|fWDJ&QC{_8 zL9q%cp!3U+TEe|IJ@?hoCZ7#>>Vv<`=H-if3@B~`;RfzUMX<{RnWGu`yv)DrawtRb z49HNw5k5H`Wkn@+Rv*bcFmdf*c}%r~{wj_iQQJiG0&i#e@F z@!8Dv#HF(PYZ*h5O^9ecTLRXr#cxO}a$`)36iBicAQ!_d-x&fdf@$pP8$D|b#9G7< zexf9!ndk^q*)5N8-~NX&G$u%(N1Ev`n}0R&HnFK$i?HqWwx@003o*w zRdGdHc^9Q$pg9DOQ@>b=0ASRk^iF{{8T?P-QB6!0E5F3YAPqSXaU=y;eTpVd#CifC zj#;p0#zvT&+Y$HhU(6aAW2X6BhP(>z0Ga0Pb?9q_x6S}b-n49RU6!6Kum0K^)XhW} zY_Cw|+%I;*T<5&ZM}xBwBCts#>VmF1!XuAIGzz5q-xHn#S@w;7h1DNnn(q0K3qTUk zBwZx8+rV{eMu?r*T7@Je`dW*%_hBHwn=`&@BW8C|)Ay!v00K8;s=VVsHIJ5^G}yDg z=#=T0^8K~=flO@q>xb4T8$)*rYX)DDst=A2HM@(`$i=i0ZLT!I zDGo|_O$xWsM4}eL3JBw(S@S@6$D)B8;Bev_;Z?;_xOe+eAI-)g6OvwVsaS=;=2S{4wCG5zIs?@5Fi<8k7SQVcm&E5=7sGv7Gs=dmAXz`lno za>c94w(<->mMp3A)n_$8ceVl4#qclY-#!c@lo;#UwHhR50$({-?{ePaj05qT26*`j zO$ntKPA74NZ9L>57fxG&uhK*~#@(uwdeSs^V=4)JKe+~asF_l!J`?SJ4=_;m;L z=wz}tk~udoDVYC2(GbKmsvym5c76xB4qLH04a>_L#zm*i;m3~$V}|5dw0n(9daP7D zX@R|-QWNU$D}Md;ElQ``3-bKLLD>;NCw6#0jqv{D8tA+QdZcJr_H@cbky}`}^kT+k zx58{i->6t00I!>3C!$kM>tOCAy{7o?QwWE=6T|PPiturs;#AgRta0jody+M zD@TaZiv`&<@|%GsP;ihix@t;w7oiEWh+>^LpLx3%iZ+~kVzkguJ&$;TvfcG6A)!gT zHig2 zC#b6}KzPq6ezks?DGa)nrS2<$78lD{mZsguFt)rn2KAYb0`qmCKwlcECM|c zS(iVZOn=KXlJhr4JZToANLZ2z?|k}AT&-aXlq2qb7jrO&uSb}dlW&^$&1VIxC< zYUWrnKPC15kywX;|Imgbmx0I+l@v^0aA%CQj{XKBnM88`A@RiYk)+B43c<;kRXGn? zFeIXT{4ZO{&PB(1@Af1-so-05&aYT1vpxbECr;P!nMCSc8TZ$n|CZEw&D&__T|%7G z$7T(wrz${k(p7Zte~J$&6}sMU+$_8Nl|ZG#bGkpd zDPKB{LvWuIL+~Ine1lXaud3>c+TJStFWN^7q=>ZSh?o+28Z zuCHf@%xSl?T+^Bca*;@I7^DaB;t0%VG-Iojc7Jf@*gjzT0}XTevlte0{`o)6u0TK! z)zyWT1}L-bHEYtv~l|Ae^QY-4X`uESLr^D?;v$0eD7Qp+DZZ6jSoi7 zoAx!id?1;vhEF<$+3jtGX=ki(m7ZSG{C0@K@$jF6S(BRsJyex`?`hnl(CKoC9lknh zthOYW9ei>J;ClCl1Anpx+2zyJ>~_?DDYpL68Drn-J? zvmP3~&H^io#kc8s;kjCLTlYTdw$7`f!e{H9I$W|<|1;3>q+fwNE&D#*i9TbImOlz{ z>3V?=hpFHP$u|l3@`%?m*+uCS%t{4^#s8TILLI#gN+p73f&I+$!qUl2l6} zAJW2Xbh)SqPX0My0+q1B@wjh2bD&cpI+RDJm+^iJ-XyUbN&4g4o?q}SG^f5wphzVh zXjN2AGZa$oJKbh66AxVFXZ^4_V%GY8yC_H6b7|`mV7Y5)5-3+{)s?B5Q;U2?y-XV# zS)m0oyB+H~NXa+5TOj%;d##&gUrY1txadwC`o7e0butam$68XvN(T`fJR; zL|@4k7x@DLdU=~s0P1{mzDDvt!Y&R2_tUMHdU&b-ir;+2B%sgup-gK2%sJ~9kU!1{ zfz)=K&#TuYc0{1+lExJII03$>#efL|`9q`gl>B3K+SoO>8oVNm8eVX4qoAyr1IEOs zKmUi-_6^bcl(S-e4ba_y4yK_l%F9eJSArP>M{}Q&m3gV3QH4pp@yFN$%r;khME6MMISc4LOQ)Y=Y(8U))W|5L2&9!;Jn`e|V9Dl3ph%RdXL}-N@*`3Bhn*x8U;Y zaT~)|o6wYenZTu#ZwG)8jY};I0f^*VweJ8~FcNp)Vg$Ne!=iF@>+-O;X7!%K?r*PH zCnSLmYQ2p-#QS_{eb1Ic@+q?P*H!=3^{Bd*ZxF zIqC)o)n}!5-kqELrRhzRmnG~28gL(Vgi^ras(aIeG4<1o`+sKvGKK8oE9`v$td#k} zt?02gEF7PX^D)8_sfD?Y*6Y65;wJcE_jM-F?WkXCZuaP%BRFLgV~_j+v%gI39{{Y7 zK&n_52>uoZ=>g`KH2|?Nk^zb0yFUG&Cg<$TS%6IqUjkQ!{P{h>e=O%a{e2(XucCYw zMu<$K)~tXwYJN)jXz#kC@0bi3tw4jPe!%UKiUQ($Xya-Xrqv<+wE0mvkg_goA^s>1 z^a#9Fng>o}=l8}PK8@TaP24&_DEZM;1c+63WeKT0Ct%LEQpnSkCSc_oo`G&3o74k- z?;xUs3_(xi*oN1>d?i6%VjpPKQ_dm8IEZCF>1a{Uex_TktNXpYxYZrQ*I{XnuQ@f} zB;&r(L$HYL)&J5=Od40>y~##?faSb+lEj}6rj-`DPf6Bpw#)OW<;A>@t%JKk-a%gG zT>*a}7V!)+ypJl)RR8kbZwNe}v#SGGlU{%Q z+n>?l?`;RuGy(EzvMI}@Q`l&eP&8c6h&v6A%eB8O8G7yewg$mYZ zVi8#N9KpYZA_DHNsp>|`7=6!oZBKrbp#>fa0d;9Bgk}({)Ibl-;m~6ZWs@-l>U3Wl(zS)A#;?g441M9DopMdH*zI3A^3$61(Px~F#v2bpQ$l( z#1a|z>$8U0GKkqpK@s$fQ@6_vhI;7okIQbXpv;*xm_7Q5h0cQK0UV`AWpI1a zt{p!NzuE+H#+i!B%%;e{$#?ZCfbvD}&Ia-FFO^DtcD8&G2f_l^1Vr+e>P0F8s8&6{C1^>}1eB{-44O^Ul4e4f zGu9A_V2KjBNAd~c)r4U^0D3}rA~@>NnRZYI=xY`rE+}Bp0CAN_dZZNl0^oCRGdPP7 z+1^@Cc4It|S7*+w%(J!(c>y%S>lrt@IExSv&ZA-CQ=$&}*)yaNIH8UOk@!a(%3mK5 z>;Q@v2$6W$yd1DF^d~Jx2>)Y7q=Z#4c9+5$2&tGCwLeKNCHgUQITNQhtDMv{;cI5_ z>q&-^KgYqE7?i{gfY#T}{rXF{DS?P-v*&?%{Z~s3i1_U91z-ozRLs}J>&@4E1^fep zA)Ct#CKdclDc=tT$Q;M+Ob?qlBj1@Ew7&p$s|OB9PjZ0{bE3#KtPFXjZx?E#!J+GG zVKL^R%0rX_HkUyR$PQC6H2UWXvFCIz7#W&f*aGj!T13RaT7*&(L?=x=(&t%xfsYCC zKSJ+;H2!2nN5fBJHi&pw;`vq{l}zq*XR(D;-vtXeWqIAzgb z_-o=;rQ%pxG(oJ@kC(h=ZBvStQHV0_{G~(~mSqCHl!m(~K>5PkPsA1T5rRag-A;Gc zXROB3P$Z;YwVNT5n|d2)D$k4*&a%VjTBATugNOtOQrv>Y@c=vf$zJGjuyiE9kYS{x z%uHGESH?TVqW_1h?~bQB`u{gBu6^yTd#^2$9g%xoTQ*6FNcIQ~6xn-RvNzd6nVDJX zTA5|bCbCxp{m$+4`~JS)@9+Qnxc7a}`;6D?xsIq|7O*^E3`aIR?*U(r&Nt&8zQCbb zFRsykQsPGPm2{lcdo$ikFI{MZ>5m0|5B4+xe2(zORoOLdo9wOvl~qv>n)q*xp2hnC z8}b>@3tEQ;Y2>$s7~@g^?S&5Co%Y#VZf(c?0v3h=pC#FzS!`pjTSE#$wflp>rcpQE zVAOq=;aGzX1c+!*P8Qm^HTrG)1fNdG2E<9Z+}0~It>h(N`oL-ipyJHs*FAbkWVH8k zp3Qz)=#FGF!aJVj>zuYtd~O+XhuHHx4lc+SKr{;hDF5abyHnbYQ z@l7rxUT?{wq^jaat9k`MQX4T~O0wtu**XJT#Dh#csVxjiBeT(@eRN zh3LgDzW8-OqB0pjx(B+Pe(XmqIus`jp%WrmiKiy~z`&>0Y*B5aiRnh1G0QdZ$}5ln z%e;Lh@gZTSmP$@rIL%>~lgjrrfof*tpvuKm>f3#|;oz%KVUw~{C-@=|lt>u3g#USK z)fHVpYK}Nm`4h2Ms`?95U{HY2?`J)WK5N+$54B#i2qX*@ zkqrI<@T=pQ+BaQDj}CEO_*TqLk*ire|VggpR@f{nmGEj^(QjQUuVaPbe#5hiChZ}Z6t}} z*U439>Rn>~E_BXL)}k)VXz%)dNGc7*lsa=>l~KpJ?&av{fRG8IGn=;PJYd!&1$|E* zT4x4C=%5IQ=)?nQ(lpa~(o7S05PV)R}|ce4GoVNec%CZtV3( zZVBu#qMw`PRq2>u9N!yE;!k3OXaEB{FeK19@c+>mEzle+#M#+L(fQillnB4()bR_& zcu9@|GJPxg!Rie=-GM0!H?C$<%LUI;o(ADrN;X31?`P+vYEWus-rsKcSaNQ?MOHp!XW~I&!--n9|CsYTv^A_L&5{!R3 z(I*q=0ggAVNWQb>R>tF}BrX5s<{Wb}-$^tnHKx%LA6@`j#lmP3Dnxz9F`E>tLprKs zJQqJ0e0gu|24esYuh7M{b;>KLwqu~qQ}48a9U1}7bn1z4NxEi3RZ8tGy$sDh#=jHm z^2A*+84WfoKQ*f#f7AlSm1WjrFE)}G;grifcne*5jr%E`Ge1&`d}(cG6=jv(O8Dv|ba z8C>6XxmI*q!;bPE^n^KaA4OLcq<}*u9!YW#Lf)z~Q{Vqq ze0df3j=^eEKqN-!YH(tqLr_zKVBWIO-%g1lf$2~c?6%~)#G}*rc#^ei#(BeM zV43c5{jqE)_N4V;>0-an4RR z+U49#y?FIw>NHH9+$VuIqR=Yq&ggqrmy`jAwM=gbhaNqT^Bx@_I16^UA7E^&* zl2(Gk)CaQj`~9T}b!a){)3?c+;wj%raInWsZoQrd7;Qv5 z17`TNubZvLX2@cQ?&$G_!^+`My7oI|67#^B-Hdu1c4T>_fUG?4H=j2DmvUolS(30u zF7M?(P3#OhIyU+nUZ$4TDCIn6>LNi(aY2oEiwRMf$7recXW)}z}q{MXe& ze;1_HD5?!hKJ-#;^8MAg(zlEOoo-Zg)_Ijc0 zrJl zK_Yhi&P6HTKPU0v)cy3p`_0S9m0J6ePDbVY)Y$9MlFXp2O9AOQ@>wAvXY0l)G0tDa zxjKRaRg6UoQ(qN(l!rYzFKzb$HTHc;Quiu@;0Pjp$82DqXtaCu)d1A5Q3UiUqMYa}x&$wprj;p48DY49}<`iH5&37WCb!Xqa8I^jf&Y z$)8zc_1Rc6B)1CiQQviRyapn~HP_7=JswVdc==bGgJSfdA!j*g7uLeGs{Yrr#t=Y! zw_@)}y!fFa=XX#r^A`Tw{KHe~UnPF`QliC|*Bik+6hZ7ZHb-w3u86xCe$Y+q@3W5k z-ZFOjaK4nxV|U7P@sXXrZB7i|+bxQs$jgH@a+Yk81yAPxqXWlOTC@uDsK-i?1b@y} zbkcfnmI*K0S!vJ&`lN1&bV?F^yp2s*|#I!O~%5hu+@9y?1o_&!nkWnID*2BKmFGiQ_Hk>UcSH~UUUw2+reEMF(iu|UJ0J_4Uo4~ za{s>&oLkm4Q(vmosw=ceDC8Bu;;nJl`8Gk|mTTYm2S7is6$5r^wDtKjPwEGTx#1@h zmG|&0trp0kxq0#$AD;wzHBn2yUxnWrfWaU^$fyXlXor#b--_^-i{D#CUJQT9{(OvL z(FQhki_M@DP{qcBKm|>}Gp~eQ^1Dj%N(Mw2t*NfC4s-~CKeYtquh$dZ$nkUdG)DTB z|9vsLRT}MW4?Tl!5ENxn4R|y>om)ED$B-ocpa*xnH9?%UTk9}J^fmrl6tk$~*Qj55 zX%c)3ij=6GPe8`o3xu)*cZB6=zgGoq&6|4c$cxnBgFc|7gh;)+&vudny43p9JniNJ zO^#T_3+y}2Mr)jkud@6IFh06)FF9-Ss8e`(F)Mmu_=~~%;=4LEj|unTaA1f<%SC!W zKbQ6GfqP^qJli2;R$bsc-(n_+wk$Q|bC{^iYB@id0mLvfK1>Y}R;ZmKqY_7ifqCPk z9&QMI?b^bGQi(4T`jN|u{nE1Y_Q zSm`T5GDpa&>5=)^d${Ld?Zu3D&cjau3MA`0^6X{hJ(2*rDfV}`B8Vr36P~(F^*>9|WK`wzavJ$8bCC~iXR&t<+pkRv00SJlA-)cFa zKnX*f2Cx}s11BkE2BQq;&t87Qgnm-1-$&o8J=b-E$R>I~K38rAV0g6vgfqbZ`q5%1 zf0NGjuZu~h7UCSp{4-}kFa)+T{0J)`DX2%CceBXQAv9wPy1|p`k~Cr05%T&N|3zw96GA z@Vri#Y*7aGU@MHjvg*v!?fC3-vi`#UfZ`U)87Ok&^NiHrYXhp`GOly{U21VDuLWiq zzQ+Lv7GiDtjvxJ6jLL2Cv6EN?YCHjo?1n8r0~Sz{|0u(B#$jt+Racoyz5 zFIIryHa>dLJ8X88d6Xt%#V7p61DnD0FIZH#f*#W(3`PP(*8jxfH4i?;w)%^yv;s{) zXXpo10FkX?U$UqZ^83$r^T~F9LU{)nM(~*=AS6kTq5p8W3##Q+U^EHM4HUnq?jR>; zSd07XtUrnMXX|-Ihx5N3l0<+OgnrUvWFom4Ac!dVi~eBJTUkCo%zl*Zpkm6~HMWBTr0P8DvFBNjKAHfEFChN}4@2uB-ug~(1M!|4 z&_IM5ZF4qW^NHRtEW2&>eYUcKSC_G=EFF;huP&)a$A9ck?mv8Ken~oxjVIJt$nuta zgWCgWQ2H}C0U{_-c?llM`I~2&Lav@~-Tc}9k}5+*HV9`KL0~>3ny{BOxK!{@bbDYsU}o4?{kpid<+K9=CAitFdx6k=F<6A2jds%?8UGM> z3T7-7g6ANzy9+s~(vE02B1Q)>j_t-NUD(SItF(%*fjv(Lv+$-~!{j~ps7_+`1fmkF zjI=xQmYJb+hKn1Ben+z5fg_ytZvvZKyrixnpL72B99D zUt>(es;Dnu~Awk2HLHxvr9lSkKF%9dW~X03FdFDJ<}FYey07 z6fC2*eXU>KUGa1fz}AE3J)|TGZ=R==D6CVpr&2TS3dzyte9!?gF=WrUOz6T7pw2Um zGq9tK26M{=fxN1!@d^VI_OBJ9`+?yaq;&)~sb;lDvTSlz)w7MyCswy0;sVweUszm{ zQkyyNojwgesRyq{&6Knu%EBX+ zfQWy{fJNcNA?fuh5fKT>5JalVEA~R93l2`vafuGI*Q=_eXy~}GhOd*8u`HI2p-C1I1FD#lw#xlG9=*QI9Ku!$hPX>4O?2nCvd*s6U zx$&N-7x&2DJmXu>{$#Fh465nBu*rJQl*hl?;_gCystYs=G+Sv4Uwlsh6}nq^8c%rH zTbZg$oHD{VX_4hKvfDKV_ul|yBrT|1q3(W7 z`x*h}bLR`^nS-V$kCMJQ40Y&0>+6L4XAh);si7Q~ddO)QE(f~39HMLF4|L;#J~Ud4 z{dJq;2JcOk;fQRWtpF7=Y0I@i#ZRHs#Ikz=qo0fT-xKF#IxGlLXTYV0KwRytH8&mknm;{wq_r`6{*-!q&VWfSDhu`N3XLk-T$HeEyPU*dNT1gqWbLvi-8Hc zo62{@%4wes3KZ-IWr%H2m^DNnuln7JxTjI#v*Qb9R@WVMLol=8u*nwRup8gr7o$wjOMH;ruHmNPLi{|Z3TM|8Qju>5ic^L+i0;gRLlRF1=3VkSWk@}xWD#Ezamcmt;@jOQ335=z#ym2zeu&OP7y2;R3h!chPRCW zR05p-vFkt0aR31uV|Z>{_BEYY&g-^qd#!Vm5cop}^M>RxlF;F{gDxxde_ZB_0VR0M zyrkxp@6o57RtfJO=c&U_mn<}g5zAkMP5#NbBUgGc zb!waouUD=W0l_@Xkq11uKBR>npgb0h&YQJJSR>t@Z6MI%S(lm>CKv;En&FvgCU0$d zAw;nj=WzW$pJxG|pKpG;*@%Rd(!GWL-iR<-9ggR*phK%auqbtAD>ZEnEzrmw;M;l) znd7_aDDaO&_oBv&eQis}4OHQqfV}zE;u02}A%UT}q{yB}2*0dd=uuecSHYej5t5_r zYZAC)c&$$I-wz_C@Op`(gAz~hMSCmXjb7QhcTZ}1oQ?NF$u$BY`#|s_z7g^DtcD z<&-SPt;#688G)%kIbrCo42wpSzyMvK-|r)bS3KuIv^VyGwdMaS;QGJwUfK;HKvZZ| z_8k=0pA$cXKKdB7&gQXR5=VF3RB`>O)&#fj>RLs{;-)nK@u|c?huqp7&DQn0Em&n3 zkh;z|xrx$$e-fk=u;7Q*sdaotBd{F=HLe0Vkl~x#;)lC{XtdU7lI5_$hF1vW*J+qH z9aAXo78}<26v@9|EsDHa%;Sm@kqy+|+K@Jae=;Ac`Hz<;idg4EaNHZ>~|$6v+&892g) z@q;gXx#EzDfe7Z5KMUHe1W=aXRbN?~ZlIIuq%~v?zs7q8aO8h^xPuw8g&@$^Fc(Ew z{QGF-BdiUyR%9@DoY(!QAQ9W>>AX>B_v)XvAcZ3IX#|U2U&<9k)^r_tL%6pFBui%$ zpD=sHX}l!6U*HEdE<+ixwvQ}cts-9+Fdf@vskCF8%2P5R$PO(kxQ; zDriDne5c+&$vCyAV1gD&Ah>o{GD`41{7t+B1T#uu&90eJ3Z!l z0HEYq(-K=7wWm8gpw*iwHP#1P7%za z=|;XG>mOA#J^*gizvNAY7zp?l_oNWRJgs%#dJ3??NKUz@orSL0<`xjWIyxCc5~{p) zRZo@~q}&u-Mr+2*?yC@6#|~V^bEjQwneHxl;%!V|kegvT>FZN4w6G*RfR%LX?m9b? z2m}cyf}T_p#D7JTz5p@s9)B-46xXt3?J- zJ0lA4qKPgOg1PFWUX*R@xK8mkqk0$GMq$wZrBWJnSDi2K5Ge zUiY_e-wG5SkAsA70kEZ%^_uCPP^?^1>09oO-~pEsxYuSt-Lq7Cur;W5IhYd%SJ+ve zk^u21&}Fb7UerG$is&z@xNh@frPSl-{ev)-UOX|w=AhpkI-xRvA^L{gd}C>E$ljEY zdKpdYPMT^{IRi@cjQ>PIZpp5brXDg@Rqvu{@H=qt|d-CZDo3vFv=XLjK zV_WLJ7rqP{s~!&v+~?#I6wF4$<@w@%uhQV()NAdMApEHY)Y|c$V&+m$mGGe-DqZdNG`fE^3E4Fps2w40Y4rr@OmY&YpO21@9OW{T}(B zfUQlmmF|M87P3BJe(w?IgCutI0- zsxEjA#m+0u@_2ZhjsVPDy8CqFBtyUl@%xFQA{ zF-wBoMekU##|BP(s>P)_Q^EI^AWhQfkluW65@vqrypk7WWLtlX{!ZwIyntoH*R+Ot zE_`#jg#mK^6MrGbi$@a%iqQlsKfpZ{uK<0WwwY~TXg82*MdOz(=cz`)azzC2wH~(v zl^s-Iqh->wrIE0Ot9dJPN_KcvYB51z6kd3-}6pX8`7_IT&u6g-M~`HMic5Yv` zUio!>w`CbdgR{aJCdeKBoouGRR^B6f_PK3HYRp1|G2Sp)kPl(JBqkj18wW*bCfcx6 z^9ehJE0_MzHWsF%(2UZ0KG-&wcKz?S!x+iAv_{F(+2=!YrK09_t$$Hv$MZ&9&081^ z;f4}6w*&QO-S1_0nabh_pDMz|&{`Xy#~%e& zBKfLw;88LD+d=QJ(M$KU^m~7vtn4VyB`LUbyCFnbb3k)g^q%8WHAuMsARSz;;TMs+ zR|mrXZ1qk+9;m7)NBIMT@w2GxD%K*Xn^#Ck6CQ_dQnjykd%s9}{0yioj%1A1pJ;f7 z5qE(D@$o|?Li8?hZne|1xP^rL$b7~iVg+jCk4DQL^xG@h)6leb7GEUKcqmYge ziGm=h2@?)A?(Rd=#ln99K;J}5Wup$^f}VHRFgxqDya4h0+SbZ)KHd^N=Kk@@~I?--s%UP~%NF>9&H@F?_>^syYeC<-J8k3fBEB7%cFA zHlPQ95Tz1KbI*5MLjy5^u7a7)(NGv683N_8llyT=-1kau5w`hWSXRm$O3i<9;LypeN)ZfW3KD5ELse_d+eqstmgL}?^ zM9|cOm62I~Ia(6nsM3*pm{I!Z02Q9panpt3`5RJ1#Elfw#}D7nUt)`{I{Ddn2)i1X z`rs?p`*`=8rQ#)U>4?!E+98_23L$s*`L>1d2m-pdWJJ8{C%4IBI|(2t3L3c;SimXA z3d46gG(Cv<%`@cwoF@6nt`FliPbU=_eFfABx7aK!e7^G~Z5M)41RZBcdG-PnaVEm* zuc>Uda6ECw7W;qCcVDVW_do4~5xx$WBdTy`_1pi*^5yUtRN2CDauTcv#nN~++NOB> zYEdx%e#8>=HqM!bFCRt_7_yygP3XbV=#P4^&AYCRs!K~td-M||fu3ymFMuzb z-03Q>YP&<{WFrw!tRO6`#o_}Zb6Os6Pn(d~=6h^>y7ZE>mf3uZH6Uj=CFk*|=E276 zxJ`DwTo#h_4!+?FuN+U<)yUKbJ-{NC00cs`WA5AVsQ5!CIl-*R5QBxSa}aLy?mKdI#KOs-1X)12DLfwJuWz~L(P*6B z%`AFH!`8Nlf|R86+R5aDAeysrigQ-FpWmIhr`Kt3{LJn9c!8(amhvX9(^%MDf<*JK zO}|m_%)pEWD#otE$nN3H=Y3D_B~9V%!9cJZ)T@Jmm;(dRFcbMm;RYRn5JBEoi`1+TWA&W~k1=k!ROac$PgCH@QEC?lQv=10Iv3VCb1Eh6z#wsa-cEOmRaXWMzV z7kQ#>;u5{#U z1#*i7w&Z|?dYuR5;ky21ak32N-*X&Dc?Bzw?WO!M_$NrMcnCB$qrjr~gj$23x(<$s z;=bGTxHO@)y^E~%O>!@Z%fgdZ3%Q&3e66DKJl|-_RxkZ)yMYVy*YPZzclOi*nA4!C zIs*Y^#oZ*;5~A9ak@SmipMNh*DO<9{W}ky!&? z$|P7ri-DnX`TfG<`G_n$HEt~=0b5|2 znT^{yXeXu>B#&APn3#!e0J(&-B`eZ-aLkjK3^wyXGXuMCQL_ACXL%i2{B{)XiT*(r zm;#z&DWU#Ke7kwtIiN4?>!5NG8KnkH+1*uAS>zmtL^X=$!NY}O z3w=;9T?RaCt1u0NmR{TZ{z20M9SSaSFt>cw@i=|iyEEVyaIqRBIk~5T@EX9DYJj6| zyyjUuAz8^f4KKIZJ=AoNIQ`N6;pJBRiUFsXXLAMglTio(RJwLikd8)zhE`T;9YlZ` zOdo)5d{d25g`gu|cHZmt!PkJBJZ~ARrh@A9N&Pmtt{>C|@rnmUS#)Rma^bGn@PQ`2 z?gjGW$B&VjFTnw*b%QiR@p-+uM=zfTQ0rVyh+U@}5~rDi@=JGW49B42U0{UB`($8D zw%<~4VniXZRB~E5Lw1YDBdSE(A`;~{Gh}qmH+WX_xPv~?tgv-+Gb!bng$dB5-TQsA zU5+mq&0|K5SN*ThUL3Oag#J7G+{o0ZOw zj8tV{-KC#UDvRQ3xdKv^xNIUrny#&*`&7IHcg!FSqCk@B@g0@>Ks}ES=LRFtrnH2h z!r%SHIDjfq-y>^Os&H!pCb2dI(1Gf+#}6l>VWtdFeET# zFeDi0jpoW2g1}F%ZNF?gXhjMHh6e*7%VCPJKYw;Vm@Eh?tb^|}6=DrK9yN>4zJhJs zY*gpD(w@j>egt0|aQcDz?1U`VG}|Mk8mhB}4)>rrO}yhdxJY~1=Ceu4QUuV?*4kD} zz-d;Z;=hu4y+a0ydJwzB2LuboCZzGroaoH0i7M0XJ8_8T{gyA!O_H?Peouhv)F@rn zt@5ZMo%EL8-TBH9BBi{n*6&3bL@q`1fAl%YM;RE^0u>0^?h_5#ELQN?JVGBEL#P3q z)SD>xc4QbyPzr@sefe0mnSKoT&+%-`mwTdh`A@fj13a&G9~ThYX;$Ju;44qmu>XV9 zk#{2i`RPwM0UcBt9JzTGgeO&_2;~e4E;)^B7TzDu4*ECU&ajt!Hu9PblovLDW%~$O!8;%_Ev-BHgKwm8H*`vxEo)dHYtUfFs& zm$U3bRQ(N=97H5uyQfUxrlwEXo)fKRizN6(ad6RKKcYxmqXon<^|!bUp1aD$H*GDdBI-Z z@k01#{@Ke8g3a*hv$?&~y}m8QG#sMGA|cHSXM^0#Y{$}af1s6>S}x%=I||_ z-PY3r5QP@%j}CN&MmqS*NW3ZMZ|B~-^Aq8ZVOiphMs7@sX#|C*!Z;cCPe=?UUMkFix`Q6#c*$!a09^am zFD#@D`0YdiF7C(UGVL5Z(OiFB|3^jsUwgVShM=m3jD}NiJ<~I`3E9JY^fs66@D9*BTE2Bjw; zyg8+M4`PF^Uu1eMMTCk{kvCcCS0g~NcoQt~S(QgqkLRH9he+rnkPVRZW(mB}u?jKu z@@yuh{d8XtSYB6+f+7TMj)I4CgsFCi z`AB;q;HYa&0i+^i1^! zg$;RbwWcR*@76xUw6l$$|5K(k9dJ5vJX(i~*_xiIwAtA|LD$#KZo_W?)ZQS?2sON@ zsq!|HznIWWUFal;MqY5C@yin)sV?~W@b|IKO9A(x@+WYbc6O_tLny8M1Bjy70=z3ei#}?Kd(0w8AB*a@8&^86hQyDqEo;y z$@*LSOiU2}yt&l}<>#@oiX}Z9;SN*bQgLzx7J^41vd&PNk2P^Ygc6OlE;BOND~@xZ z$^5?yKL{MYvaG`zt~;kc49)6mRQx7QL~`6j-;jLVJE3OOJe}Bk5M%lc9lPpDJisz>x(sndiatbSg?I9<0L4-q% zcKf2WaSe)biYKX7?VuMY<>SCtb8v7>Qxi!TW_Ukw$wn^k#jZEb-muyjy=IWTJAZq0 zIp5cU66wF70f|*kX?uR^di*+iK?62%|FR!4i$|h5cd6JcAP2s7x86A(7?4V>m9Ry* zVg=gc3M=feRG#Yk+1Ex^WIys z1kB&XuuHc}nGKrT$57Mmx!pBE?Br@}h@yX}5 zduo|y@ymueIbV^QSCmBVY2Nj?w=*ijQw8mU5odZ`Gph zSx5{0G&#_&2V)d1hM=AJzG9|LOOe>ewsy+5}&tnd5UDN!ZaQtOg_P zy)&v$%9(lR2^UUIvhA?bbqZ!+r-PO(#*7Tv@6k zY1}f4<%_&PvqkBNz*#Iay&HA(QRcTN6Zawqz-31mE>e4yb_V=@LlLpK5Jr4VE|96u zlo&%SP+&G3-=!~0@WuYP&mh-D-JPe!N?8WM=@DPO58!Q+Y)?+x_(JlK$d-?fAWfbB zuS&a00osYz*yy)UL;dP7$=kw}GF#*C1-)xbC0FUf0{k0pMwrkiHz#i=%W+UbCfcKD zs^o8A76diUDCaW9l|cikWXz_sU=E1T^CAf_eMFKl5H@LUr11iMFAVdV6EP-*5)39d<&_}xdR z?fX>SEdY8iBK7OM9Ao-xj|%zn7f@9jS9&nA6MY|vtoP?!uIcVRci@YsH~@>IG99@h z12lxRwtbrxHp3_%%|vrM?!(;0=y1|#_{QYcq$hlB&vm(iPB=n2&|})6Sjd`7V*tAI zsV2mSK=A9T!(Mh*O{K#)A}D~DM*MO>kBj|2n^#ov$5@qa{smr8TS|vazQ?1u9Q_(U9=)=msn|bl>oLBIu z77Z)BA7>w+6*Y9@k8_=IL`mX%V7*HkucX{NAnBU4_7lEnnMZvY7|)M?3Q6GUqRf`#bRAMSyt!IPTW}IkzvRV0I>jbT zHU{c_IMFS9=gu^0HAxHoEp%89)LP1emHcvH#hix8BUzG34V)7%+v+s<|0Y)uX<8~3 zmiEnCGaIPOFt?C~wY329rKrOH)-gkX<8UI+Aw|o^a6e``Fo@7%yDNyyny{C`??;d? zkN!k(ZM)t^e+;%Km6VgCUX-W<_89BQd1Id}G)PziV)d7YlEFr3&l!JH>?YfYb~ZXe zPx07z)qA345w{R173)Pxml~Pt9+Qempnu~FK)p>iwHzt1RfYSTfHi$LP}2~q0i=WM6N*TRU_4AQ*v^u!f)_ehaa|Ev2=5i5kibPtbSfWXHxWN z@%#g7LO?xZq7mkSRx)xm(hn1*V*1a^>vwcPfwSg6^;d4uiBD6E$W@ zVkPwZJP!2>TQ3|M7q3Y4mz3DRzn(cXT0~>QUPg{A0;QIW?;X8=4cx%8R^N8+K7m5C zhAAm2nb3e_DN5&&5JON4hyUSAG0zW|<`o79UDIeW&zF*Ukt;ZBh_BqJ<5)DmFIzeRXWP`sx_L{VsbvKVTftk}{aqerl98Eb0Mk_%s3tkIuP>?PU*yJiM5)Xr@ zmb2x~&47+Fsgg0xf=ImY4iP%$6yMH^fTh=gWVJdCvcH6--;z!>ihJ5(_{>63@?xNZ z`6j!F+ys#lIy46N*l?m6`AuFpQF%R5D;xXPAN%^H*P9`^bxsFx(Za#JFF-OP6JG)> zMfh$A8-NY16^19r!u{Ex5X`VRH_X14&^i{bt(S#okzUV>C<1iT1f%Zy80KV2N~@Ty zq|+A|B(Wrqy3p3vP9o*9aP#^=EUwWFlEL0=5)c2cWj8)V{cSr@UDw|DGGG1&BS_lI zmzXx>mSv8w|Az+Cd-$uVFMC8^@~$CL0s&Lclj;abLQn*?=BsxoR4a%CZKR<;0kWl3 z2u$l`&?tj1luksDC4!h=AO|inF-#3IpaM4L*hyNP0XGn2ICj4PK)bLg(nd_fG<=c)P#cugu3zOebiW@u&Ubt4Xie}@_s^L7BP-`%BK!;j^H#}z z|4s-&%X(Gi;44`ll9RIc{L#Z%udl{`2)(3dW8?pf-9+WwceS!u$!iWAG)O99vy$)R zVU^6@$&2?mu06`lwhgL(Z{PD@T7Wjv0?w(c3l#$HPLrdGk8VHI(FfqjY~(( zQ{X)>mo?dM{;h}MJaTKP4ircKFO67)pP4#q+1+log6#^_Tab~Zc zDo{lH0xV_ssz>Q~Fz5n|!U*-Ke*r*0*RV3L_L^{dx&w}=t6fi$&UWS)aUX)N(i|AM zB=K(6@6UGM7Ii`;iOJSI>T!w<5X*NZuDMF4&W_4mXJ6Nmoh$fr zUN~4c9V8W&fR*kh`U;1UF0G7D;|ez102fZ0(Nb9&j>VR%|dM z^&lXk>Foog!yAhfr_fF{sQed?v-2M%GA&u{(HKcgnR6K0fve_`5NwVYo?a9bq=I~5( zrlKtPYwd4^ohKdPW$ExDD1jt!Bi6V<{E?L1fbBLRg$^x9F>)$bK1}4BXxX$CRkAqc z3H#-HI#(Qdc_iHb9{vfOmeu(gIjF+N(V(frOpj}u^RF!9Y?N1f38fUw4es6j;>IOd_i7g%L{i#PWkWa$tA|lqLHXIV)8>`yxj1v8~8c|Lw`lmNv+b<56HzCDoNj87Hg2Dot zz__o^L)imFNgkHrU{uow>7>5iRo-{`sJmOPEBtV8`g25ehOf@3N6flrsHBRt+C_kPyk!W|maTS8?B}`+9rZ}4g5eJ#icN&FZ)G8c>J62%JYZ$G< z97bmL98ZC;8WJWAgPVLpr8`I1fWh|%SHJ_pm}p z+iYt)e2SgxXM|%Gp8XbHJpagIX-ugQ^puk@Yi|H(?OQEg=u>buer8}eAM4*D!N-W1 zaC>?kv;8b(k+!gtg=C_JH3zoqovv|%nWz8?(sjSLO!%^`&lmHQ{*8lNQl6+~qeo#v zq!;^vu+v9fY|O*YnQ~>=h%ce-*EC#Ne>zAX{1~Ew{J06eXz;dsy(TDA;=y=xMDWj0 zuo7;($rIDl(J>jN<9YHGwv?! z0{WlU$3QH&(D?KDYc*#0D%zcyoeoL{`Jn-Rqsz+9okj(IhDX)^O4pxL(fuT6BkP;z z;fZ290ef1R`68ZOBrJl~;uG&4juvR*ku1SZntSpqVnEDeSlE62*^aX#DY@t#gKtnO zhc{fD7z3XBOtoDXlGQ!??aT5pI0Aw}=W(cy81iEx!n(IVxB#3gtKmKan;BO4U&mr$ z&q(12ZgWN5^_y{N=+zc$dl|14ngR z-y90k$xL`1_L%D;-oDEW<7jvn=saaLqtJkYqXD{x}3MqVi~w59cQtnLeAP z2SB<|R+e3|11{lk61s9F8IPTw{{>-;g_Xy)z&Le_uYGK6Oox!3%}n1rF(9X?yO}_|I4~U0 zLBdY}>fPrQN0E0cof(WSI^+fSR1$y-3o43vY>BgErM}^V zBUS8To?dysK-37zL=(2X$;nA!PSiLkGcV%_u7mt85HMPyp>VXi+j1CN+T<}r60pW) z$Tl$7=WnF$OhF@oguPA3eU+--oxH>ga5W^D;>rDv-!wZOP*wc`VVqQmHEbogpw*HT zV4^^g@M>dY!||0miT*~v>6_aIF~Lr0cl7tj&?VyH;za?W?RrPAGBWzx^~UsVyL8d* z_^01VoNITd2W&r{rP`s?rXvvF1vn3)BZu|9U9R0Af!;=6d;|$uAlO_d(gh?M@E7f3 zw>TwOC8Gm!@Gw|btbZDQmV9pxS{48$?n>r!ARp0(*n`W5Lm62|Nn@!*L8yjNK(r?xic>7)Mq79T1gcW} z z5l+Xm5Si+1J(2>&Z>+@)I~wlnvZyOfxVO=w(grBf6hKW1ww?l&NpU1B&4KDn zis4>8mnQTlW;h1E#=8+;+kDLwSnR=K%c{9$B{>?yAzNmO6NK3$w-mm4b8}V6ZT9`U zzLz^@sW=TdU`5LdL_l4fWA6TuNlj+3J{+Zjd<1ILegIcgNQip>@oTqYeL_rgjTw2Lj_8=~F>cz! z!@~w#jGb72yO#S$C{%?A{BHc)KAJS1z&5x$I#RVp;{8v`5Ihz=F`o20in~gHXfeQF zHZb;f+TrKxdODB5`H)y2{K?RhS*4vBOw1W;wrfyoLYqfyz}-v%qkj07&o4TRiVX?Q z`_MJRH7y3Pd)$OL(jW1}UQ=GR4nrgf7m9v1H;qk)PSSy0<$9%7a2$C@@}6;+a8T5( z6^PJ`{=-BdDpE`>h8A9kN2Of^%(p@1IGe4q2g-g~Vz*PL_BOIp1H4d&$p`8t{Z>L?79gD+@rTX`6U%_(GPpt?$YXFEfp2TWJbQt} zvg4P3YwF(*16B%%mX4Fj&Pz2CK^lA1{$OML{nDx?eoL5CgtD-YSnI@`dg@Ol0Wg3F z$<+&9g~%Ff@!%8vcZEO&DR9!mbY|OX+c5|%#P3h_iqFnypgJ2MXoJk^K)%TSCLE0mc*@csJgw1y}ryT)_xjbSx zo4L6;YsoFZ|FyeN@H{M4mn@kOZ|>g((h(8sl}?}JD#~kwjC(XgdSh4rtPaE^kWr0< ziY1WahnlHbkEX?RS|?3Y|DQVt$Bh73A(jl3uXo#D#n@()g5|I4SxmyP+07?yKjbZS(5=&VEXzr1}X;6V*UL8!+I zDwUMWD5K~TO(myuP6|jcjbc^QUsC$iAKes{95IWmpM0A2f&qmpN0c}&w!%*JNdE1m7EU8Ay?RO%LM<*KGF!n=An)5qwQCGT*imANT;+9Jo_?y zs^LVs7)0!I?El`?DtI^oMdfH%DBDP1yCXVyrgnBgYwQCU14UFy72=c)3ix-HbkV7s z(3QPdyWV0(NJ!>WbV+$JXT(uO7UZ~hZF#?2VO>_34?=#R~@V$(KoiMumsRb*XVj}7RlEjav8_aY_U3BrU;3;1i*Sj9} zrTqH|VuoQ(2BlGgL55An4Kd>PATKQ7y9GX%THj!x_|UCiT?)oc0ki@eP~=qDO{(6$ z{0HfJNI%dPtKP|JNv}uH;pmslQE2TY<5>%$KD}n#Fj40M)d}eA_JFe|7o%1jE!(dH zU%n@TB|{;55BFU|3dRQrQt=VibVJw=f_9%Yh$wio^e7K=4Ma*`S9C0kV++7sa3%OP zao)t<<4i1R?}L+|!f{?`>YIl+_~bZpEyfyjpU>;^lC}t_8X_r$5bGdQ2uY#bLxMPx zh)j7{ap=CCtSlMG=*Xq|>>N#cjM1=3GvQAWUzHv=&|!KFW=a6gx9ER|-*T*ktyB`9 zlUdPSI^0MGoRXR5oR;L_p1>kB7hsK+ZtYdzAC{6Kd3GkVJ^A12$-toPd}EO9yl@=O zyb)g<@KM^(G1(OmQWM@IR_k)y132erxB9&3IguNZ&%BHPZh3fpp5s(9pkcnACqMnU-RVogw%BCL|u0`eNK}*?;SsJa8b1)h3DD=bd#&f{VFD znwW3h$Tt2v@8Pe~VXEMUXnpV`R9!p<6$jg`UP7LLdkznHin7EjUZYXbftGeHveI)2 znzLK(ujx#q@OL&|%)LW?M2z}~exC(NK+4Q8*6=7wanPZHk@CL{On|}z%g$BwdIw%4 z{f1jY`Pdv4KqM1^u0y}fW(pI$%XNBnkQQyb*LJ>ibmShk|AJU{X3{9M5b<2+3K>+5 zkF0NcAfwD}c8)S@YP@G{Z29T*`59gXWG~BKB3`OYW@&{~)!y4s;zx8=y8m{HA>A+! zuK{co85cW-6zT|+^i`kLb2qDI9p4gZ7>b%uV&fms1b(S?>}AWIo%4r#pd*$Utq2~5 z&J4kGxX(&QMAhjhJHv#9;{y*?NK}vP16ayqg|7$Bmh08y%Au@b{Wi&&8 z55EE4oT*?%&iIuNdplk;tvrYT^*CX@jKDq@i_*VaqQ_gtp!`V05aApch=&jN0m1hO z;N9q<@ty8jP}ZZbh%VMUYNP>&y$1eO1Z$iY$&xlcnSkjr@_;8bK70-nM(pqwu~oV2 zHtBiKFlWK4YcWR=*yAQ4q1s^18Cd`KKb^@xFmdttjr^;WWy6g_DAy_h=&S}?)I}u@ z$?44)Q1FoI9MRKiV^TgygY*j^A%uYfFOmLy2@{2wmYGKYpG?}^s8y#8;5?H6lHj(* zS&zoA81{=z#vn2KH=d=TK}38%HogDP=xDC*^%-K+2Iw~^!d2#er_p1)zvYIxh`(N4 zLp*k1sq9jG*Yltyb$_m%-rB^I^_i6~fNV4h@*Mw3*yMF!3vioRtKGI~Mg1d3FQM0vEeqVh?z zru9_fF_5Z+dO0Bd{R#(2;`@0%;LX`eqon`7ReP6S!6?IH1=DlqSNBabWME%HTU`si zGLfl6N5TGmh>YUeSA}N|RmDfFY+UE}^3SzMWo08ey0sKkk__LBl`_0-lnSZ-bt|Xn z8KU4RTalCmvHDFG_0aG*R3h=jTC!5zKL$Q$+QC_O7s*i^58k@rn4!6=%e?DkFX*w* z+l`_PolO`zB?F%((y2Ede3dMVT;7kQ)V^mrsl>V}z9|yUl*m2Mi|Ny+Rj97vG{EX# zL3#ert)gQJOEIF|E5vVq3ZI50_D2n;5|)v3P_s=!j6`Pbkm8U-of8OghNQ6LrBWuy zd93O8UPuG{hqFaw(jQxf2e1rXaytqqFQW=W9)doUZMjEkC`+=x*&>Kig#+GGEn_Nn z3`W8mVwv0vibCLX4OSoFB7*jcL%Z@rZ?oBRouM`z-hIBiJ3Q4rdu<+UB^W>Dd4&q3 z$eC+F4o|#*Az@IN&#F2{x8SlIQ|4jqY5qxg==$jO@$zKuxCsssb-hFKOq(>+- zf$0DOSOj_^`7|Ndg2~8I1a|BLfRP}P+a6vqrv(u*5sy+ZtXB(IP@7@k1PZ*df;yg< z9HQr_dk!rJqK-UbOf42aew1oQ=lW0|>&uIBsZWgcjIkYHQex6?&w$K*_UI=G!_-*5 zI7uX=K#~FJtzG`yr}~(_k&*8L01~FdjPp2fA0YgJ0)YHc8Rlyd{>La6K;0e>n&L`8 zh5$zM$|D@7fsqvqphnEO%5SZpIA+mv9Cr_>$e}oK5Yf`Rq9?_u`ZLC)`EBMutBPb& z89Oz+%=!1S_DY6{xUM55hiwu*0EmyO5TTmt0|fEinnsD=o~KNopT7;wc-Tt&aZpYl0&>tjA1I-8^3w9jVZ9o2q|_`zOfYtboGBukCBiK z>4^;*RxU`7$v&1-1F!lM9Sd(mtST?;c!mQlZWGjk1!5RUxryoM=X_K1F0s>OmAW^Q zeYQ}XY;;c)&4ZB}`3L4URQ0rH0w1 zg_igz0Q$zr%q-+E^(}Vt55wQ-gl5JsaFH4dC=%p_ZOKJ&(m1?9@=aQ9$26aKrg%%p z!3>gav^hz)0S^*9%_+rzeMCe>Kd72Y*jYE+zCSMiY%VtH?dV5^q3wsnvadjur4qDo zVfloB0OetzTP5I8iuEmZeN*Tgf= zA&kP}_xTTB~z!9W3oI+@n%em%o+_uh#KBJa2(r zDdqFmF!Emy<12^hDIS_*Ne%fLnA0LIFLZx*y^la9yLUc-T3P`(2RI0u)O!s9>GcnV z+LELwH~N2I72^1+oDiZ!lG@#YOxEk(cw+oy-1u?0RuJ%*%L7H7k-3?V`6AS(B0fW% z+vd=S_fKGzC%Vq=i_h(N&)XRw=fB2OVO4YQ+8>XC$})Vq!HdNpHFnB0+X5XL+cLor zC!&dvW&^2=89#;*cWS!Zj12(|%~LS+H)(20@0;dWz2aT{(D%j_wQBGRd3qHx7v{d6 z{@9*LhmrO^M%dVhczJl>XR}VYamF?W zoVJ!r2dPPR?Z1#AlNc93O=AIEltzJ*D|^K{&_a-ycw`v?csxj&DcW=Bc2-4hm&o6% z5|*C0d0EbLYHCNMzw(K!+EUfAx8Qc&Ji5(h2mFjqc}+irAtjD$qS# zgR|NR_A(i$<5zy%HHD%Xr>t~_>xDQ_AIHuwq3mBeRL?U%Cg&S|{<)_PB}4sYB!}%h zB$`TOV}^7Quv8HceBt9-;N^@I6d@gM`RRo(m?$=yC5>+Sitp5=@nP0Coa~IQ81Qog zf$%w+iXE4q+U61PIWarxz68C>MJb5<*-Pl&Bz0;1c?0OD@R+qcXkI78Bw_f2b2NU9 zbutze@}&pTWn^H$F6_1wUslGWsH#dF?;>o~@rxJo!mDI+{#8xv|Iek*sY~tFiQxjx zph>gEf9@@N+uZ61pSvgfaE2qCc&tt@4W(8(LEfK5yawtE@{m7Ybat!XwGH&TWEFMB zje7&bMmS)c9<1UVKh2w%^NFsc2Hni|Pw+WmKfsRIEmWU(AkwFY;ErR>7Md2GeQva* zs?DK;oWI?rbCUG4sn>e!0MtU*6aoWrWCx>W05HNu6UB$QfGFe^-?$(fKoYd0^= zPhNOt_NP6`sDl187H~8&%3Ch4=lI>m%r^{p@M!Q?wi)2 z23G)*K8iRr>F%6hUX06MP~kEX8Fz8>6k zE^ll>yff_Tf_gm0NKS5$SYemtT{(qy-GIa@32dy-Gq@Bb6oFvEWgkc&;DE!)q~b^a z42UOcS7U{9HFD(q7Rc^W5m%4-Nw3VfF*HXb7dKOIYk5*LZDIyc8uU=ZpY=fco~`sf zH7SX7Y~{`p+**DlHWM>5`GNq&32q>0qUvUV>@9G;8I)8>HDky$xty%95A7T$>pk2u zg)v~$@VbX+oA=_tDSsb<*$RvT0#!3_^1gjj0_{K`9+cu~1`&Dhz008K28PuT%*mwFQMCtv-p6!A|bpxN!O z7Aoy@VbCWNp)U#kCrcZ7L0#Abqw2Y=bKQmm5u}c41i})=)3X+7E7jC5K{6PPjb#+v zDz}D)##IaN1$#8Q6Mtp3%f)TO`X@USvZ}UDuxgisQvYm7LLHB=EUm2i0Vps=bL0Nf zL8t;)Dy%A_`ZI{quW>Lx#rljW>OfCIE^4`39r1kh8zAc_Sd*0J#AJL5x`Oc^Ka#e7 z?v$tYlriyGMuh;)EIgFLQQg1Y#P?J?A}%iV=EjHY`I`@*)WN+Rm*&{K>{;rd(S|yk5u85CRPe^X0-M1Y+EM);S~uEj8iy4cPIh)LF%GLNbMof zKYk-@JH~nmmLS5Q6;H6~Kp1-k8=X{SJpO&qJA_3WLEMymU|sq}-5yi-~NJGW76?U4sS@DqA?hsD}LqYsJ>V_qQs}&dz@q05e<- z9A7zCvZ9X$9DvsUuR{xHVT`+e$DyX8qJrI8kNZ99g-@~dLhv5Ybz>SnWh;pw#}K;v zkDS(u=rVH#Wz{aSmzlFbaU3ocS-#}LS$b3iKrX)q2SX~F=%+tf`Lun&1jO>{!2{Ly zM1+23Z6s8la+GlJo9dSW3_g*q1EcmQ3qav<`b%yhL9WLC{tlswJ>3V&+$Q?DgLlDj zyH6hRF7ck5EBu2H9JGV3;4!;t%Xc3)fx46a7{h3PzP=i^ZjHMBZr3LN%Qp;B9LApp zl`xPJNf?u`m)kan*!t~M3nAfeK)Sct;*ZT9v$*?cgp5YTwxi;ZdAtmJ`rLYAncvJU z)l4__{K>;@Lpbm`2!}Aq2W)`UfG@>CA$t6;}ez^ z>39PLjCgwtOneSyWp~0JQ|QDnuDTBd+hT6_IwG&8NCOGRS%*M z#s3XZ^$ZpDMS3APxU^T#D4E|)1#~q4@CFK&XJLEDS#83#f|DW01RGbEUDxUHp2I0| zAts8FYK}>*907lXO?vem5c4FLG6Oxw`5Hd`F%dNoYE>TK^t^$^Mt>>3zoeek#?q?A zTY03>K?1R5cs;s6?6JucM~8%+Q z0_?uK6@qA|b^Nw@93KO?j38+rv=~?nPX^|G&bkiOp*GdJ18w%Z%)EUAAN{wcS?tCp zCK*ki=?~a%)WM)C6VIUvkxqP!;NNT@o&M01LIQFYAX~jPe&A7<&`(LGv-EHh8%Frj z1xNmsrl#i48ZJUYDP~dyOIi!b6hbxWA?F5uxmc+6;5JXZr-D@l?QmP0lZxqtvYoBc5XBtR_B8d?ZY+CHUAZ-l<`VZ}DFGk^a)D3{^ji8-DmS0E|<3)>hY`I78UFXZ`oeSaB zMx{hi2{oB*1a5jT;9%*PSx$;AJ(tIi0?ddh*YGMT5-2IdtKby+!7Aj(tt~(i{Gjfk zv4Lz#TSPj8OCL!73Xu4B?FD5d#B#JrE8F$J!g2e^(M?NG1-}8bB&?}F_FY{PeX=N- z62f7+uBT)oYw@L|l6{qa!{SZv^w#(e#$~H$8epAqj|Rn20NnhvGJp3jXJ@e}x)$W+ zq?A7$JK4(!RpE1g`LXiv5P8Ojw8Ra96u1bULsfDVMmDyC*Gm|VCJt3b!WOmYhU-cM zi;lKQIkahclq4waAWW0^UYC%71jPnHM7~?3Tz3al5|_aLTk`mU3Q`@F&Q!Yg?4G;N z5UHC~R)G2CCqfTod_NW*E?QagpF$w98=Aw{Nnm1uxxg9Z14U3?OO?!n>8K!)jA45e zGsT1Azw-0F;AgNX)1SW|ookCtX9!1zDB3LGn|XD%xTE!YE=?_~0)M`X1dzCwNFfsU zUK=>2Q#Yb5n5=`}d7$3zfZgTdejUv|@WY2#PJo{mPO3AgGR)4zGT2 zUSuf3zW?Oez4r!$2*XfsnTyKxL}~;m8BcG zOOVDjGuauz)EO~eQAVR5xed!XhD>5jEVLL5_p9W|rcyM@gYY3B)T7?jhDKL0C2n>vHK@O26To-r0Jx za_wyM!rSZ|Mh1Q*RS|j(w2X9i#lyRKr;Wn)(DYY!dy4{5NdsJR1l)za5Wnvdc*`1} zL_DFDG=lIYSzDDG3{e2b*Y$dWRg_GESu^Zna-G)t8V5z1mqS6Qx7L5r*sXTv-$ID3 z4BQ~6wo_|&|ELpyffMpaRrn`4Ti3q({oO5UhPxpC0r3GaM|m|~CAls+2S#OQ_Pj{P zqTTu~68R#4cFDtX(PQ=T+JGQDUK+*5>G1ZO=Mi20!``sBNTa%>IH@K!8cA~w)wyqVxL_qBB;_YeZqg)C&rEiNNjyxLU^G}lG7(sFS zO~A2@l?OLQ2pg7)P&9ka|MW}T+%E>D?xirdfAM0XA$N(t39a}~jsyZ-SJ7JW-7$9u zAN!>DB8;lVg1j%uzX`vP5ajHsoj?9WQMncE$fB9cC5O+=(ObKINCt+ejcR-G-aJ^5 zM=yy!?K4Q17)o$pOCn3n046NGy}gH#wPXMlo!fL0_*XN5r7TU4bQJUE?XbVyH(znO zw~yc+2R_mUP~a}YO8+%2?MKgZkv-Z!v>P0{#aj0`!5z3T!j8p&0We3Zq0c5O!DVwY zPUtUd2@aMZ@4-Ae)fKRgDr`6=rRfSP=p-?ECs}!DP#%1<-3hR|#qU0*kJTdrlcxJFR8j0&l*OB_w*OeD&kx2>O3AhcdP6s(or^yH{sB- zL|HC_rQ3;HdN>s37g!1=xa=eX=rzQ)aPuz-lp*Jgx3`wN$H6@T!~jJ&-nPq1fzh$tUD8+h#J%j`c4VM}2J~mo8Dtco$^s z$dKlvB0@-wjnVheCHLl7mJMu_Q}4k-$5P-@xuuBdGqygz74;58s<6g|0Ci#Sp=DoW zwii5~AN6{^yJpvNHuoKZh1g$!rDc&KNT3H~W)}xd8A}k42Q`%fPu$qGH z4V}xwt*#9qGd@%rlDt?J4f8~EUhzgfUos1@dUBKkd=GU`A8rkRS~U+zO7af)EHQy5 zK@$v{zH$`^JQzVC3zb>32WfTb?uvDGHcxlW1pTH+q@ zC3%Qq`?BzF1nxxtJs)EV9Icl}B74~DN&7wI4gruP_CRz{Wk~ho@X&L}6okrt(mr^C zR&ohOLFSt?KLbVD;Ngn}B(LN2dLwQkg~&w?lu%nTv%SW1lj#P}axA2fa-59!9wVnUbH;jOl1msd!+}1PpeWZJgBDUAP@H;_&k%(-( zVl=bbfsBQPD*1cER>a}iQLb=Cx-cCo>~($bhtQ&lFQ1>Getk(UTT{fi@sW@Rvt>0d zQ{9@cl7{SNGc&#mGy$?TBP5l7*bE&S)BxunljkEr*&mfgu2T+0I`k#`6o-7p>Z+Pr zKp+6f_;!fP<`Rg^UQ4Y`>aP_;Zf@LvG@NP&?u_UQDyYq7Od7d)m0|CHExxn)+vby2 zM!UGk{NDI$0s$AvsZ#PPPE;zq!}>7XV#2kVj06HE+Ez}VZ2cK*VR|!zeQuleU#tqs zedp0uxCkh}#;Cllk3vKm6}Upv8y9`gztFl#Fl^M|5S@!W&Y&m!+rsgdn6BV@q^mqY zT+Xh~*Eek#5X|Yk{TvY>boIuSp(r~5p-Vi8Qfk%`*JO`w{}N1Bk%Rubs{Zk+Hm4Wz2$!t<#Zua1 zU0&Eb{g*?(m}w_4w8r_8W`yW;9{=xueOtEAWD=BmfF@SCmqi|>&VLtBFa+MuW=5zn`jSjp<&I!24e`6F$0| z#S*Sjj8>_y%<7Pl?|uAxFMRcjI_&lJ{!FxptTDY!XyH zZZ$&7^@Hmw+zU>2VfH%5r&Zf}&>=JR)w4(Mt5mw9VHqN1>-w?fd% z#+v%npDjgKoFm@2*0DWxJ@cD0^qz@~u6J%l4;ri4f^m_9is)mBVJi-uE^AF{Gj1Td zHMHLUeYEPyx-eTl02etOBV$sFiq2Yz9gB4{^$nY_l|hYvsN6S5oUM<){D^B$$*_?T z&$#g=sYt4sR8%6RwjzaqSs_y25u=a3=FCsQp6XkZ>G;%G=-NoX! zKlRC2E-Tr@3+=l}E`5TP0+LHfuP!d{K8wp4f@FEo`WCLY+yn7wKax%CJoZ_d5*fC7 zM@H{51tE8(C^ievGcj{|d3hMp`xs?;-slqy0A>nAFVy?S>pb+4J3KiWjPT zHLEx_fH2)LpuaBzJ`cS`$u`K3flKE9*>LL)ez*;_YC78rZ^KJ_UkNeyG?G{L;?rdle*<-lxR6LjGzVGF$pYC3zkf~Z*;uI>zq%EgQup0aB^7g_UV z4BpN5dH0wRJhtkgj1#n1HFuv)Bh7axrblxnqeY;y-zY~Lc$ik2ZlGlMmQ_C6o%MST zd-BwTEN`FoR`^U)DG#Ns&P_E+L5p#J|F0tjMudj*Im{#xqMJx9q4EG(PQ$ea?NPb@TCT(E}hzelMlk8><0HoLT`&oomF z(L@^z1@_rX1h9Lw(bAJRbx%~2lR9n}JUqIOvF2e3nwL%?OhiX#FHm{BowMv0^ZmJP zdPk0Ww9{b8j$CKp81#C9S;BxM$53iF$&DC}ZgKi|90^J3IQBusr972u(#iH@9QCo6 z047*}Uug?_JON4PQ?8z_PiI;o{$0+3J{}9VyDM8bQMueq8>SQ5H%-A3J6JSzdX_nN z23l|by0HcHy8qhz_Ux~@Vf|jb<@2Mx`Itf^S?Av&aXTrl_g>=Pt8Azl)JzhYxX8Q4 zu((6a(O@4T%71Ym{CxCVBbY)VU*J%u#dsXOw>IxxIWIsm!zEmSFyTurLlON3J<+I0 zrIzghg;h|O2KtA9dMR^5v7W5c%c>1d?s)g6qo0Fk0>6?zuzFtAscg-C^OCU8_Y8^l z<~1ZPVoj+lOLDg+V&Qcx;SO%N+L}N5v*=2rb?vU0^oxZ5yDO<)QAKr@4>Bv-gm?rWGb!Q0d3$Z9+^H;aczofacy z`8`)WM}mYR*RP8?O{nw^vj)bj)BNnDA*IgtTuEie{fM0kpIubS9gE_<`QUbVbW<8S zzDIF5O09olxU0h16BBFpTLbw|A(Dcq(_CqzRX+cttwVGQo=cO10^46}V6fTOY%jWYX zU>IRqVB{%h`-R%dW4QUERw3hKOf>g+<4iu)7uqehhy0QwGyJSgy8)1R)-|RDKRXV z>lh)i3ocfBDJ}BGdc+LZk+$9$$W9vfU#2e|Yv2AgA=29_$zzi3wX1%S6#Plc>!!b- z176~9JX)Yw#MmXT&9LJQ?YC%~g&fU)B5=N+9EY$l_xgfQHL=T3UbZ$bn_PDY82Eeg zU4?cP1J5qp@eWr&V%yxPGDC&O^89)72d`u9R3nHDI6Th%xqm2*@GKvpjdJ$axza+; z-MbIH5X&nd5HuzzFusMn1i4q1s8jk5?Be4CBY)zRw&G~%%v=#AHlLlqQ4|OKs_6&xG|guG%44E{Ar!$wd`2ni9W+oI zl6{jcF|3>nJbM=~lImsMh`XZd>G?V+H-|3x)QGvy#oHC7(tG-=&3hBjwPE@m<@vs! zo<1G=t@|+3>b+{b;cw+sxvfgx!keaAtqDhG#gd#SOt;OH8#78Ig!OCnkLbbpC4MR0O zM>z&b$+OKvlYbjK9>EE~Gz)jcMTK;0B~+pkkf4Q!S}${L5QFb(zfy!2J%hP$s9Vzfz-i-N!?busHteOJ?58Y zZ>PwZ*X3|ndCm29ttpBJet=xy-FmybA2*l>U8I1NIU1f;JQeI|diOSkb~e)T$zpHH zdGqUrg8b9>CSmL0OaqMkyu98o z?h9-P3tC1Nmcri~gP&P~(Q$Ql-)|1LwrC&DCmHwD?k5~!(JzT3Ir$sY()iGTV-gYB zzpk=>)j)Z(a4uKHdGl+}Xlsx+XKhfJLQ$^IFXB;wmtRAJ0`X67jotUc^d>_Px>{i6 zo{m(F?PZ<6GxYOXVy5tIkjQ(_Z!O1&wM8$&o0{FP{6%|f z?>`>m{M$0GF=WUg{%gs)aDWf%Tr^(&ErhnBl4!LNBkx4*6r^1ee%Yd<)(k1$}U3NYl%te&-kUXFMV5)xlXw|gx(cNa+Z{A6( zK1F%v0%c`mB4~e-Xqmmk{LHD&%j~t&gczo^W^C?*s;762G8XP53Ve+0ai;SUs$%TF z`W~5Rt)%p4%yIcU6&gw}EHCMKE`JM!5t{xGzCSD>AUnHR2;dp6a3W%HH%(%@SKK<4 zz(3$;+;}M6P4RE#v@+l+!sphYy`c5{&yN_X*lDrp2yo_*8d^58m-3oq~!MgZQTm_?lZ?5h6~<4n*{eZRjAy0Q@ww7uNhd_43PPWb~9 z*MS&OrzGa!MkE%?GZqYReX8x_FmD^MPpdAftG+!^#XM?ZN+Y1DUUdCpxS7J#Ow#|9 z!suw5IkoR(<%m?^{cg$JXeqnvYQbq9bRI4`UOZBd{K>MbM_SiPu?$r*i*dtCH)Qgk zlu1Q`7S?kKh(5W7)s9ENAhg%1`IZ^jLPcNIgQ2n7JrnXZ2pG5)*dWOqCnctTE~T3` z?_el>YijY#T0`-{3@*N>qu#glsp3%=9H`h$i0IKQb1L6Zc*>nIY;ETWEY~J@#)go8 zNn7@}+VNU#+;QR0PHn5)p2xRm+ue;^T8@&n1Ev~`E-8e4Df4Tibv8u}?_JspqPfIN zo+fNFqpw5czoi_eTJ%X0qlCcH=v+d+u6dzH!Z5@*QQSNHRJ% zUq&%8niP`jS(H9XH&W8Dwzfu8CR}0^8Of2W{b$NnTYTG))Z9hVrg0% z?@++()-AOUsoc*nZD+t)*)h=2bNV>Sx0%g4o`50F_%oYLZz~Pq-_JC?5E|uwcaDJ{ z4%pN*GUjFv@y{&}V8G+#8~O4bI8E~GCW|#S%NB!ElasY~-E4=XYn-QD_2^3-3zhf2 zXw;j|E9Sr^^PF|#|P?3Ou97(zVPpU*3Ai)@a{PMFvZ-P8E+x_+8z4=m0 zU{Dd)vl~&+5IbE|PT|Cd^Gsr#12xRkFJO(6yoR|T3($V1MWV*=xmNxqBL1SY7$HIpNPgsE7r4nYB0UKrUS@5#s|uRRt; zGt1>Ed+I$LcB+<|D2(=W_6M#x%tb8aUu?&t$HRmh^*bPDja zOz)3TEj~%!*fHSZ$d_&Z8wbOuqDFn;s=zBH>Cbs(cnL84UWCq9Udc2ve5HrN;dXWRUZyae`%XpsDGaNARtF-J}LBWp?g`o z(ktq!q#-ffjjfnkUa#e~GBU9tPSQXBr(D}r9sW{&;pn)INikoV0EOVoQ$Ow$E3tt@ z9-7FED6hOe$UJ)#XPQMU^Tu8zmUF%AfjiKMQ~)`MN(It?;^B8lNXx22bjn+Rd$a@o z>l5CqH~_tX|vH0EQ8Xl#+fUJuPu&m!W{jj2nzMC!CJjdFt%f_SQtG}J`EhK+nIgH%Q zN@r{Jt`^Q@W4zjE?^z(aS6|yk!MUZ&UMst%si(=^$z3fpPs=Kicm0sA+nH5~QGnTi z;7tzWb8Z98CvTZJm~?nvtrTc(32sR)>w&n3;e^umCB4M3TGhfB(Y!*~TU8PxnA}5x ztJu>`zV$a?`;~bdz9HkYRj?a;<# zSX$C&J#licgb*tu6iK4GsX`6f*dw<`{gIpGWUAx^dbPKkV{yZoMb?TNvNvOI&oM7! zSNnCHnP*nCr)d6!UgC-@b)Cp7(DwL#Ghk! z&i3R-I1G*L*C-!@9EX2;nFl@P_0ENh z%fB#Z|1L69`%-G0zuu+KVyWW`%&@|racNKYYa0DzdNT9KJ-+9O@Oq`aK4?`&<}`Kf z@48S5b(v=5@%;H{QqqNgT0mx)e_YuBU(0@6(0fJXNFZlNgKS1kZ)gnY`M)NOLY-VuT zysKp1nGr)@Pvp@+SS>(4G?G7RJl(6cuj5TroT8XLoy9)WY4#nAZHduyMZ9Ia8 z6&{cbY8=CeDret>bc!%0!!i;ibvl(xLER=3qK163AJ_=A(ZN9L8#M|#@}l?hs*mSx z6jJivgUW=MT#NSG*iq9LNj)*Y_mhLjp+_Aa3Ed@qMLJ8YEX_t}Vhze?aGjoMV*-nT z5Hh8Bo=E?SbpZ}@pRNkE4pG)Gg>1W<>SyG z&+WV%P_{vNmRAg&F3VBy9AB1o`olL(FdRcFjF`*;^pS{aNC?4anisV7#n>6-O3hz~ z_swvPBeR~)8{ZZ@!3plJm(+g8EXD9_{gJq8ln8L zbMY`2jJrw4r%C>2gvzUEhog)fBLtczE`eB400rL-(KO+P&e7Shd;Dj}QHlhN7dX@f zns8w*tIsW>z!<9P9Mq}f$N45y5J#Sp}Y(DSr zQZr=VyHyLz-g{AUCejXe~IvJbwg0AsQ6ZQ z_g!A|=?#h93aEHUu&+v)HKtt`ne7$s4J`7r5xSo`{W z`f(uf=nXa{XvJ_5bdL;Ll==prMT;gMNwKclu1|h03ZyAY5HU7J8 z_I@O!blnsSj%wqFLmZP$*{27;T1xIo50{mY?W-amz90H7Ym91%6DQx!Xz^nzdP#_X zHkRv}Ysz~x^2Def{v{?ZCC5UPsjh06mTBa=vPk@P)&9n}bmcu|!NUa?2gWP6pGMOi zqdIkct)4m=ME*1r3``nPQ_z~VLt6-a5>$^$b*I0t1kXw#hj#d>uVfTOsAe>}+B%&S zQ@6$7+Z&|wtP7!OdjVi=gaZatbpeIX0kAR)+$sa=qZSletPrHb!$aUTDhX5v!#`fJ z@Hx(r0!~DDcsNF9yzJLDq&B1tF4`8)(>bhVtf3$ASxLf~FkXJs&Q`5cqc4AXZHr;! zbispk=WGvESuN#4>f>~`e_0xKve8qDCz8z1D~Ab}#3B)?2WcoInq0|?iQP;G@TRTh zUYz`D&mfUE^H^lH9&07biJMm%FCa|kjTnx7iv)Mc7OTm(BEqyayjjy_t9@ai$OYvR_oe=u4 zr_k>OO1^x(bg0i~$~nWeXYRp&vS@z74bwf=q9}JDj)$x4``X?Wuij1^7z}?mM~z@) zVw1U-D7|(avtVJe9IqPX4ZRZHOgSC@$is-1@JVSx<%Fk{9eHE=Qpa92TYi2<>n&US znDbL3m;t$_#>G=IoHf$d73dqg`4zQ=aHz~k;$DhFfkz`!fTKjTPQ*}d%|*4-&HN*= z@#@*#sd6h^gy6RK6?Ksm?iH9IJ5s3obonK2iiWIk8tX0Zkq38wXqqW}MMVx3wf&*dAIad2{fICn%ygCN<=K~) zn+tMLXEEBt1^pQ>5>@tuU$=MNt8D&JjQZxPO)!|&$0>fJ@4WB#rU(g)&dv7Q9bRkw zLGaG8j2OkAxuYNfPd914xAGw$lx&3$%4*KjtL!&wR;*>V_cv9~Fkefee||adBbOVc zP;yw^FWZVj8lq7ru|I}@KSOC_W0Nd^Q)v(b%wQe?k>}2j%`YHR$WffDA*#F7M$KXx8ZQ3tfGHqIxKEubGBc9mw>UGH2I{)Z|Rp2)^o!x>gC2{!rSE!Y9tD`b) zG|5N~&Q^li>)!uRZ+A59j}vfwGKhPj+Z)*^nuYoUgCQf-$OdDURpx-B@eSa(g!sAr zd60tNJ{TF3gpP@+=Q*OA_~l@V839}UTa{RkSQ;BT<&0{-Uuxl$O{s?ohR6PX!@_UI zcskaZ2U4N@mU_~T;nPMggX$X7mTP3i*dnxr)4K4nboAox+w^+({ko+6V59i<`b14Y zH!~|yTV=~wT|PsVeaLs6wFow92(93+mXDELWeB@!nt5&e1ApIcfo>D#5Tl?ewnDIX< zeSQBj<=FDc2|Aaai5*!M~a)t6&B1x}Pkhm!B4 z5`Fq<`A4R{l0zaK6TTrqSX2cAQHHd1(rQU9-Vv%(>m;D6w|b~q6H8SQ+`iKmn>@iv z)s{-e)|)&*fS(i3uwdTH0OqZ_uk)Lv)PgkDjICz*j=e&M<7lZ)#DHSkG|Je1GS){; zpNFy~g~hEI#Q!``5dEt!$a! zOFkpWyjdgw0PWEUpy>ubRriCSQVi7Avzo0CFRQWI2sI2&lLjH$5uc3xeVts-!(WA` zv#SPnx@)HdIz_7w71BZ)#ajw$Ckgu-i-ZhhQ3qW=jR~>dg-62kJp)$nnZcve;Sfc zAM;prJbeDG`jf1n%c@o`$0_|pv$TW{lu=%5*?VeSZBK@cOnwi;d`=|Fiv2gcD}u>0 zyiBTV!=E$#=Q?wtwcD2AZ}!Bt|6ig**#fDs$oB!I>%o!V%Eh@yfFx??UPzV_6NfN9N#Vzrck4$f&)t?rhO#84P?1wf zXe;L959B z1{p>hgGkPkC@aqk9Tk6&!QFLHJK5=RxeT!9m3_(!ILG$-i$_}`S7tEsV@5DhMTtGP zcHT+F>^n_fXY|e1Iev|o^jMv%aG&c>&_`>8Z^vtO7k%%C^CmtjfE62`Jq+T1CDixs zit0Bu>(sF>9O68<$;2q9^8A!qb>ym$o8 zaQUc=2vjaGciJ29x%w*=V!pU5v3>m;yP~DtwhZ>1Yeb3y!ZE)G|GG;vBB~9+^jOB% z5=*7^lSJ*c*7yH-;2VMrg-zdui?WiyXgmnj5~oXi1os5X8g!m+izdA{$v)TRn{b$= zyxS_1T!Rf=%mLaQc$uLNKL@w80I{g9E)aD#S#qUB&7YS5VqcGeO34bM$@}+8PkUHH z1v8iOi1Sz$A=dkB&<*VReU-*ZlYek+LpT5;NiK2LP(zO+V>(uOhS7mfZCYtek8#Of*cLp_hDe z$TzD&SZ7s4&MNs&K)BXlc02$lT9R0%_h#8JErR1dFg|Ny#uu?{rYe7d5fSS& z5^sI<%5fPiok1)=vZ)-9MJ!6NW)O-)9S-QdAUFMf@46QZcy(t36m*TECV8s(LA9_R zz@>Q|ARb`WiMJrJo3&6?RV8wkw(fpizz;Jowz~JOFbAk!S@fDUC2zIWT zc}fl;!4_rV7*nzjWdpq%3FM1+ixF^gNsplk-CnGcxRMTYpdvvXP&3<-xiir=|GHd1 z^hB?#WS7VoBYs6QmSYh}G8`}Jy7)-_04OV;0KL_FFY=cp2G9p(0E~u@9ZX15hHYNt zkO`K$SEP<_0rS+zzCHy%F5=4&pd^F>+0FT0J+TyW5|Us=#(iFP4i3PY{J5w`d9oyj znDli3m(pMDwE1a?{_TwtwT^De7GN59nwIH*t`bCCz%%?KT*Lf1)w|k(0x@68HF2H- zS;yJj>>s{f@vaw}9|=Hr2ofP+k~^HOT+dtURs zVN@_P<6e))fZW|5<_l9?GVZqIVj5RK^CvP!42ThJDLTmjpKJqQL|u4M0VADv0LOXz z+I1bl0yqH(|J{6UQiW}CFG)}}$ykkK0uY)Zi@y+!SQJdMp4xfN;tG%v~ln0Ai zK~;#^S?CjRqw5nz+=6csx2}CY^c5si#4;^sTe!ShfyhJ%<71>8svV55NQ>e7^K1~s z!PGGf)7%TX;cbO}b;OMmeY$Qn*ycIsXD}_{d|NJ(gB_~2t>_%i8bYOC8+HBOfzo3I ztNfxsgE7SW*svxr8Lc14G`oJ_&o;VMh)YWXY8#S?D%6zCxs>@PKX zBChH)@GiuuWnwDm{)2Ai2Ccp``4scO?Z0JcI&~dRqct%- zWnTWDA6v;zUH4_c2fCfrCe0K#qMbtNniW>zuTDPZBxtOHFg!!PAAx$> zo9ofqgIU@Gd0o<;HiztGg6X4Q45D|oA{fy)BBDe7NLuZN(l{=hGE}CEU=)bSOKl0lRzF%K5D_&Sa9;aU}8a+&vgF|o5u ziSilr`8|Z~v-FfD;?ZCUh0lHUN{w6A@@*W-YE_zNxG zZoax`W{iCVZUM)=N|TNOJR|JCV3b zVzk|3zh{i5Kh*xy<|yl?V9J-^v50cD$+PYshP7CucKEKapdUNSjYwzt`ZLwO#8_tD zXa?-DpR6@TBTU1kAqiwgsW8VajQbLx2sEm>J;cfczUQiuLCsR zjsQedZyK8BGsl+O{E8!+{AsU3`x%NHhyz{V3;Q0I#t%~t zl*3^DhrS|B)us)e_!umrg(CYlfQZN9 z^Bl6OjIjXR&srQd-nPk4?_OEmF$@0vYyK6$AmOTU(bbW%Ew|k+Gt^gpM;9#6_XgN` zTVGEB^#!HzFdnYOOu#}J8AuN}YN_=@01{i!8@T^cnHxu7!yaot2pZ$FRub8Ro`Cs; z0zC?#iyZI#8L5OD-3(B(b~@Wsd;m!F?tnBI2vD!X=;loq^&$a$-g^LaJ4ZShFXlBM zJyr<}$TI_<%;z#oze&}s6kC4Hj)@~FbOAw!GIN975n+nzQT~gcWfm{=v+Nf;3i$s} z%|<~!s4KW8I%O<_8_7WcU;6VHg;Ts~;819n2u=_UdCW3L_ivj>FZ_R=QObefRIIA` zxQufUJS_L`1)u|PhH;|>u+>~IfVyU~*t3}i;GA6LrFIAdLTd6gjdQpBlA0e3GUM2R z^q7(SU)(QjVgn3D!2-8mBPgDk@o{mL)`KLYLWGgdC##YGgdY`9vP6vEx3;y-0n{Fd z?b9Th0ItL=z}rYDjLAmTVJZREFk~LPyBpZrtdx=+UIk$oXAKEOwP0EIme9)Ybgq7u z22$C1@=4z>^nBD@vO_zcXfhVvU_uogV>^x#{fZtyl;h|;gDDme2!Sb=Ir33B0b}diMH04hvsM~>d}8IEP5sd9Kb39B zmj7iMQr|JyLkJ)hCXIS=i+Pr_v9F|00F&`7vsT}6gmLBJCQ?8cg2QGwjZu^kP|SF% zlFB1H&?||GBgwPNz0nhe_?x%X4G%WDI~Y4nYdim<$cQOvhXhHB<*;mmGGn`i2~7b{x5TIk4^foCi*f( zerJwbARc&1WQ^mXk2Gy*KKB=7bSQJRvirP3@9B-Ei4rjNYp#r**p;~JGg@;IjJ>J^mFICzjrQ4UQz?(9}DoP_DPa^;7$dX3=RFvYH_In9{1{1j3QX`lnI0ZV`{A04q58443Yw`20sIVasReQ$f zogo=jM<09p;tQ=xFib5>@2}k$J)mYEd2J>((x>}|+ty26rc5+@m2@PpHmy$Y3v-ZWe(^o7?bN_Q0$Nsne=Mx3$ zIe-o%0qp}|w1Gmnga4V=iQ25sWYrshXT7BAd9shdYB1uyhvyKteFU2G)Bpw{P7KBy zvFs)+gw|qGO(N{Y1Q59bz!~2NjbHo#xMR;VypDcS!C!nNd?3^ia9lRFKQAiCh_e&$ zezp4eqnc#g@y0I@B&^YLvyLeO7(I+*A~xTaYp(!uZL$cPR9xcE09Y*7FCIl&2^UcZ z{jA@lVvhjei%gvpJrWxL36IEI)2N1;h#hR)GPAs? z>38k-yf%;_n#V;J)9-6qPq4(=NTZ9wgyyMsI0;AP8B{N{RQVmwh;g=#R*A(nmf*(;*c48TP5S8J&W8+FuW!`&Xi z0R7bvpJI({K1hn(ggaGgQWIxTs@yW6{$8J?PEZYoT5V7ids3I*^V0QuYWjjRvZgX$Su0oj$^gno+MI zN=sFirnm7M%s?!uG%OoGSn8GWG{#MqrQSpe%SVo_4)O6_u(Vl>55E7)QXT`+`$Zt+}vCB?1hDpG!=NIg#U zVAyn`cT`vo9~HV@%E+5~-Ips@ev)$kRbGsp{KqArM1AM0iCxSBOvj85(vYCLi7kL> zw8R}CLT;>CXYPWs^ljk_!DUc^RTCEv?`2-HDeKfLjW@)>)dZfCCT#*@Vy1TwFA|x7 z?{_7|-HwclGQgzW-P9Koh)|eGg=sU;l?2wb`!ciN76WF1acbJRi4bL zd18UT)!A{pY|HU>2=^XF5SU`^V?O#D-r*k;MIe#RA9_(Dg!tVhTR$`goL(~s*k4K_reV!#cov@M2XU2HVF<6JC((id^F*^bYrpJi=U2v;p&mjc2sr0(3p)H72 z+tjOvU!3kZ0-5_;9hH!q*n#Gf5%*3@j;BoF*7zq0scMSh{hI>44v!O?-d{0XA@TuD zSqY4Y-M_Gf+%_*ycSf2|s{MOo>7@&~ra3=^_7*qI@uDdbJ+n(3u?S_EG`O4|cTi{; zy;S>s{OFL02$c!}$$#%$JO1b!Jt?$ly=G9eutWnjK_}}r7tQ!mxZ=={ExS_8gc?-xC=lQFm1dq?TOsEPdKK{(^c-BV$zU;ky zwu&wyx}Upz!WbBCvzZk?{m1*(IShAXq;Ri;H2C@P*e?XWIG3|wk7reP)UX(KUEL53 z_*XCTdw8Y`91hBrx$|2t1xhgx@pL&5_3_Ms=trXFr8Ms6WeT;_8Eh_e?1Wv}M7M0; z?o$YqeqW1sgGbJ!&+Fz;F6_jbJ%?!UeF?iM;(ZmLjC*sKy4wfgK~U?9RcrCcF8Eih zRwNPApInPvB%XEw$6?KheA6RuWI?VO8H*2D z`Tk&1<}J76@gGMaBa(spK#r|g%zRN!2mnXv{MjEK`#N&yEp4@oQs`V9^;%@8orpiQ(1h{!N`8IIVAFwBXjFThF*dOq>~XBN z+42?&zCJt1o1pO12yW&&i0`h~lD>K4Hb`?I6J_XkRpPh5Z|d7^$< z7pz3DtXP9Yp!Gf07&4Yp_DmCS1H7V;ygW?mg(h%W{S(s^`JbUV{!4+k3c3Fy#R*a^ zlFpbPztySzy3_#^+JN*?7JykeI8@{KuHKO2Eo?*}G|yI5RnbUi_XsEcA$#uXXh<-3 z5vpQ-?pqxj$N24q5+qrCJmT(MrO3Sx+$YFjoNSI24m=mo5lFboM&AbAK0;ZmD%c(q zZYt|p!(olRuav~Dq6NMIUYaf@GU<<(lEm_wKd(A&XELVwlT|uW#?mf(cY%?DqZ7i} zyy6cJcj1Jvet#`Sp*at2P?~DxLnHAWu8nf5(LTS__AD&Gl3X@*iO=v5{pf?=vy*5x zzmm%r!(5(?#<>Xl@m~_ddVUy=Y9ettPhOQ6h`wZ0oo$qU7@sgMATz-ot`xjBDp5(w zST5;BZCx8yegxLY^ZKrhYQVAoXNkP=Qa=G-RvsZ~!J>~fI`p$1@k-#=Yi=Bq*9ors zgi4*?_K@0If8+ks>4Mv;(p?nY(c&vM#z6@m$jP=)e~&7!CnxEp_U5e7IBao2F0p~q zlAo110{)v4^O0~u#8KHgUJl3aciPkMa=x*9e0@p+s@`>=FirgUip_9mD|3-rl;Vkm z$=6&eCru+*Nx54ul?n=I`0JMb#5}QoxyG_z${{vE+mqK*hQ>Mx>m>t(dS}y$EcmO7 z&!V(ITmM<1o4CDFBG3Q4R0J3$kL9>-*x?E*U=b1k$cL&~!27QolZDgOj21hzT~g)f z!$*H(eY}U=5;}~xLd3=g9>{#j1dlA~+!yu8cO_prYBXz%qnT^|APsMSZont6Co!Jj zg#Vh&2Va4TXhIgb?wIwO-qB?<0o8D4ESH@w$o7FlMDF$P%KVQg&3NrXF@EHeTf$GS z;@_{_#1r(*{LjZZUblI8yniDijtgv%K8Plx#APj#Rpt{$)) z%ZGznr^F^YNLKu-@xEG379dC1YCLMde5r~mif2Xu@f1sz1_+OybzW>i6EUJW*{fDS zcG3Snryy~$eLX-3UcdmGv(z4>#yv>N#fn$AkUDpivX>Te77b8TSX9zgSC42W_luQB zRgr@MBMg?Fz(q$^;>srg@BZ3Dm5D4BFdUxz>Lj{h&K?5?Lx7-K(S|5f0&!>!2}*9) zfAhvZWkRS6h8s_e%u7>DzpqLzXTzFbojqp9{^0guq%ZtJKXv9ikgje+WEPe=G(N3D zpnKxD+Y*#n5?bDxQnWaXdW=DaoShk;)j?2)y`@4ofyPj~+RH zU*H{r77_(=V+xTh!uV)C=Bc}p1UkeVSR{ult*yDNQn#$j+~_@I!_cAMkx4M@lI)Q7 zpPQu9xmr`J5Om&@t9jAe?}N*^IL=sCH< z(jIT!LJ;=w&3rDWv`|c*-lyQcg@+;ww#FWjzPvU9)WfjX7F*qy3osyHc?!dUBSHA) zXC0`#KsmJ8Ka`c=;9^aEZHs%Fmjy@=#pQBSQ$0s^sgD0J^(b5cQYzdB*Nh(hlU0|Ya)ej$XBPhL zC@}BX7hh{Z@OC5-kvHHJseoI9&mgDZKZgue))ohi8H5LcXO531oJ2Ek<^YRax=&HO zuYRyOn4T69%7A^Ei#Tu0i?vGr`_MDJ-cVIw0;d-hq^2kx=!jst%w|j;zl%gK3n+*F zmFdWqn2t?b|9lS2FtE@djSdBbn-f_?2ls|_=NOx5z_F0%VJ$DJLuMTYA5qLNPk1Oy z8IAHW76k&EpPK54V&$3HJxw+dK^(*c80% zGZw7*sdb$DFW$DCIUm|F!s9$7m~7EQ%wdI}Rh}XhQEP1_g^a+5vKs<^<^NhVJ3rAp z5FEJiB7vHn_(H>We^Fc=?muuJYJefY0Dno&tbtB#Jf<1u5inFvQPbi|Y})z^OH9Y( zV950%X(-&Qs!2xwsl4^&7~D77cGUXNy?~YRa?(XW4&AMoNmjj-MC3$FB z(UY1bQKa4~%N9Z|?;+KDk683ZWXb1L&Wg0QKOj zH*e&#H%@5=?pf}$2?HCptOLNy8z~@1Kt4CK4&iU=S?J8^>t7q@XJXM2=t(af-0?#) z;Hw%}oLPke*cx8{vttI&zC@l$<;auGl-~kP%a$QqO{mRR$y^NUeQFiTQqXFfdDJ$p z-<=JIwFq;v*HRS?oD}$oa;t5$lp4=FddI8ASzZ07vAd)94VUbY(2e6T!rBBFo~}t zhF#vS&ek}Pz7S)=lBDQHO7l1kF^e=K%`(4=VrqYE3{>){~JbG_)F-&qe3Y3xSwiFlqUu59=u1e|e(_O5k?Vm5Cb zWq?^BW15l`;>USi#7*K=&4B$HaZ~h$jRn>STSXInvt95XAU_ImhVs`RE1|*&>i8EJ zpFGl$IM$m%HP|F2GERy&PpUgt#3$2AY!_dj7i@_F}}WegPR#Qh@YdG==s^EN*HvbLqkBHxHHP!Fn*1( z%gdQ2o#(b~i`w)Shekv&b3<0V5o2%h2|1_fSh;nUKsTEy zqNBzw9~zF#AqU7vMC|G@O%Vg@I8YDVe8M4OjS;7MHN+e8H@S#%;B)NMuI`!{rl&Nnohy2g>go1-$`_ zt00ybk+UD0pU_@2zcJp{7;{3xgf#lQI6-UokB@+_lk-V!MCckBlhzy%k4v0%_5}=M zjXihsLNdUfzi(D^lb3WYEiExvSUo&E2n1n4k+>o#c%)q3=D^j7{^ATHV%W}#0Ko*& zlr|IL90mi)83knGD!1?SX(NiF_a00AmP~x2#m5W%VAc!t2n*g6{^W2-`UrpDEC{T};+&8|9 zbxs7)bU$FCF&|WJ$&YKB%A4W?iWfs)1~@|UWBNali?JYo2YD0pMN&h1E?q`HDWi53 zCt_yZZ4~g#*iF--R^24vmn3l|N2eLX1+9jdef4}z>#=D;Mef1Dr*!-PlGhPYA%rE* zCoe(aG!Qpq*Um_)G>{k;Vrk#UfGvV=+X4_D>x!L=)qcHGU1y*9Xs$MhLJ4VETCNpawA=a~7($TR>Lp&6qs1w!xy}wlMieISr+MIJ9Dm(vsmbYAM`Vco0GWm3y+> zR=qViKc$!GC=`J9i`*)F+p?rBE1`=lBb_r*i}nW4>F4>jB=Wp>lmEGXDiKY-Tk z=lLdbaSk(_#-#wtG{&{~r}P1&gy=e%6dIoj8MCI0xG-Q6zLeIh@QkZ#QHdFIjfEnu z@LeKC4v_z{7vZkJ0v)XjoaKdPrnXKjcZH^`eWW!>>y*8+zh5c1QR6o5JpiH; zalMd>Jo5=tBtgS5z|s2C@GRDY~YpC(W209 zSNfl*+$5m4sc1$uR;o@?=nR5tZc%)h^`=9u*_c#N8})<}@7}f^ExjvTY*#m`MLl<; z;vnX;C+4A|^f9UDBa%NPO6h6Y9ZT-E?|s@p>Dtq&%f%>Sw^mIFqv@L{Q5es3#x^WP zh#%)ZVKRc-jmW0D<{ zg2`^I*z|RAO25{T`>q9@eoR9}qAnjrl*>l0{-#uB)d`A*bGPM4iw_wxb z)k54%SRP=D9#{KaQuzXMUYMA93)Gn1K+lURJz6H6Taw4Jd*3z zcICns2Isyi(Sq<|La=geVf{AY%VEX$PK+uHv)ewgeg#7Zl@^^CjV{Rk4Nq;hq@TE5 zL=qVD`beF}`Az1MQkN3E!A~oX4Io7WA|QbgTd7Oqj{}GwX{kIBjcOFJX%4c^fhaYW zlNty2l=F?@TgdppWgDZwj(j-202Y5r{T6_aq{#p(*X?b6e(P@z@fk!O~mE`W)&UP);e- z?jbATS=lBOa0)nXX;zquhE?pwDY(Ea^`;O5-7}(#?H=6M;o@GV z|IhMBBPVqnUUa(Rt__^z>XvY@bV$U!D@qMmv~u@*-B+*y%;m^-X6bAp*Scny3u@}> z$@5J7?;tNDD#3+KDH|xoYj<_i8^WxkIRFz-#ZFNJtP=bLsqgs2F(+RCnqzZEEj4FR#0m3(n^(% zjgP0y?x$~w5|S_PmWY*dly=2blM9HK&jQrH%{j-h?2v>H$5O@-AXL~QZTmdi(}688 zX|K||nSAM?2!LqB*qkk5UcZ#+|Lkv|oa}8v!&Wu#K|B+IfA4WKF9jyxLrTY+X5#46 z5&P_%$;a=bEHru^cNm60J-~w{)C2w zE`^3+GXHnVA|oJrY>8oS`Fks!sKF}4imnwxC4Vg?>U=f~P~53^bUN=E_TZpFfK$>3 zwEy=B306hCuOxJ%fd?#Og)!f;{*jmkQu5eHFSm}1r})^#o!qR!N9XM1=6`C=s~GId+-ow07&V|GZ*9X<;#^ch2$)I-l}ky*8^k1FdX^X3~rSQ^ebdJuh;6{NZEiIUfSB-$9(8ePaIq#Z( zAZ>Lc0lX-V>Y2rLH|_PnHg>!t`25YB~t!*rspu=)TIYSQUYY!di}q{n#1X>cyuqem4Mx zDgq>Qgr;!d=gX*Qi%QlE0TLmq5yZY4C4ay*TKshtf`LAHY`t0`KpaxMh|&^xUQDHZ z+7bvXZ)y-6?8$)5dk^R~0oW`tuS{0?muX%in8*hm#Cauw{YSzH8OKkueo&_!38ph= zfe<;4F$FF>^#VGYinQ_ZP(R*)(Au-3#$%HFJ~d_K_=}0u&Aw(00iU6iw{f3mfdmMX z5XZwI-g9?SDtRy{$6SZH&7%@nVKc7(`vL&T!a)FqCA^!uU1nwzPn!_`FnU`NWCDO* zbxdWhLtlL89$SD>GB-;so5M0tQH|y)lPbn9HbcaGD1c50{fpohF5SpgYE+Eyw#vJ% zkCec@f{V6k=DEvQM2q0)d$c!kDb;obOr633RRR&a{=yDw2r9VZ=KPZ2|GM?SBX`pj zz9PwdlK@DB4-E1ua*M(^K~SABz)<6QCyiV@6{{FPENEfamrP-_7--zZrCnKj`~jjg zhqYTe&|pbW9nobj@z{tGP;&kSKs(O+1osf0hu#^Q-fztnmX37(&qG+f`TtuSbNGDQ zeEqs633W47P4ZR9Zqa+Uql33dfu}U0o(eRsp5P)~bRoqy$79+tl?SY17#v87uNZm<}KN8U& z(1Y@vTiC4UKKP%f)ng(HR(#l}`6di&NqYve#2c##n}@$vs8`1esAr#3JCb(;$RDP2 zKM}g@%;F~-e@m4?Msp(bAx zg-AtTeKE}RnE3u9Iy!+F4yMIhW&3Oa5%Ez&*m8}Ff4jX_MdsW~P5N44WNN?4b^qPx zTQAD1qXn)x>y?(rQA(`wR->BFuNZ6BMi@=r=Qt!o?UstIYZfcBs9dc5!3fg;XRhP( zJLQ11&5(FnsFY&6GH1Qa`cFa;Lic1nv@Sr{E z)ab?~8G*kllF*1zs01pHdml^0;%~yOC&I6eT#~cb9%sBQv&5{-oliGkC`Te_rO~-o zYS)o$&$mV)HVO2PcZD9VemQdQ=cSJBx)2zQ!M4};XiQFLcf3X`C6@>WcU**>u8f6~ z%5Sh&xSn+p_RniDNHYcET_Z z>bM|o3tCvS#~t`h;cP~d{Z0Lw>3 zim~RCt{?CjfK5+`pUnw#5rVB&y;l% zY8NQdZ2>|rokiLORZlZhDZ)o$)s71YNNZ}L)HsdAYEOa(mb&_*4Xkcb~g4 z9eoi}jl-vGWs+*5fFXmrHIM&k>R1z|MGI9OGqGy==geeiLm3CtaQ(s!*myt zaYHFxnFEPJcG@&w@DK(Wdxl!-Xr#=Ap)LuU5lF4=Cr-6&@6l9FKlG<#n8BPhql#Fo3`y(i^DtDEoUbmyFW@L?2o5!hCHp`HMrPE zETFnd_C{E;Ew+k{L`V5$blzj?zsfVk$nd&S%$+RJU;D<@g~EymNhYaF&B)+{zXDb` z(5E2?c82f{C~l)J_h+mIlQ;kZ=!wC1pdqui9>LXfF!wj_8?qo^RcAQ0Y79zZYdOlw zt|p3F43kMGwh#Hc9*@rvT!YO1jePv@F>CS3@E4I5c7K z*M{TYQ#0|BFkh$iHFls1iorP;U?;Z9{!WhZm8O-KvZQ7=1Ev@Lr?t(+g?@V%pG0mi zz=E!KL`;$O=%Ni%oCkW2+^>X-e`K$YxGz>PDwqL-@P}$khNG5!oJh|dU%#|seAf~T z2frk_3l@d}5VPNKFpED9B@__w{HYto0ikKK$6mkf1+ai9-y1y1>)ZsIA&qLMa6# zB-Zm9!E+`KTjN5u=B#;?L5cX)H>P;@9C?24rQo6DItu0m378`#;@9lIg3MXG5zd24 zv&BpFANMeByY^~r+9{l71Hch;k>AP|%==;&0O)U05>9Ambj`|$eA$hG!TBGIfO?gz z!2a^CRPd)l;vxx^1lU_&Cx-s1p9T+)h7T9#o>cFhP&{ts9{yQ~?g`l8v3sG^q}Q~T zcgCxav<1tftlup&7BLO#A9h{NRJVslJhjEFd~VO{4->n5o|)qlIbSRj^x;7S5I`(z z9^&z7p)j*sVh;}+Z^36#_|Xv~{*+ZnKpG+{PFGJ9M1E^8Gu#EBQ zPukqzH-6W8D7Z9{0E1GYEv=aIB9d^Zk@QNwO%3nJ6b(8jb`P{aCgjfk0yzCOM5qu! zNNL+SD*~p^Lf_SS8>HQ1O(y{$Sjx_35^x!=RkIUQL`=Ps&eudYLYwqwC2k$A2FnGKkAZ2G4VOZ z1*)$=4D(4vdUx6|D}4M7Psa=zoltrHIG>)>$#Z{wxXC2vGr;C}v>-S2b$w^*@kBFO zbSSg58D}_E(OiSEA%E2qs{ACe*TX>OK6#*hz4C5)_4`|WX++fM^r;*(vk|OBTd0ll zWAn*86P2Kg9NdKx988Qu2bnEh#Dn0XLwhNNCt~s$*BZE}n%X?zCET+0f>$|{ubb(P z1ttom>fpgMb&6lY^cL{St~j2Gn{LBLq;27wW#K)C6hGnTZ5z^kZmVDV+N=6_x7PNA zm;(IQG=9fuVm7~|i{G^mw{Mo+zfu_rup*E?(kDC?^u9?dDB%1`b^UZ4Vs<(?3D4L9e~+6kJ!s?l+TZuxlt1$MN=f}n zoIM7#^GiFDAg(y*hyp)=nuQ=cp<2Qlb)*a4;m7bn!faDh;Wz2$XL%^jW|`?CFulu z{&~87yg6R6a$jv>V+6JM9r`Yk;z!)$(sb2n&a4h!`?e!^AW*4pyq!pmc$%r{ou>V! zr_qWJg#99O^;*LkQWZnx8o=xe zg{{rwCJ-F0!h)KugUl1bpS~xB5z)^S+Fp#{vHc%(8{nbkA$Ooa9G9!nua`xM%)D=f zNPI7fLb0cxuh?3CJrmh?6C=Oz{k!f4l(C`mqV^eox!LSIx-F}u%JkOS`~SYRnl`eV z%6Iih*6D|J(vpR!kqWe(G|nqLmaVvF%8W8SKRtE0?u?4yn>6sXk5J;Q_a?r_>=p1m zsHwZo3ITRG9gX*`^P#wFh!W>@^aGMMlNb{t zXK|4%(3C7|0?sZrbV)j>n1_j4k-=-A^#& zen%cj^Pc4Xn)al!HzVDsYBT+lM$rJt+Q=}k)l5dv&T@^(+9lF~UWqEg`jPeYV#V9F zCnN6tW-id-uv^ZE>r99}HpV^U$V0qr#7VzbE%DQr+hRXuP{-}s=B}BA#>%&y#VmN8 zw~WNPoUPyTQ3d^uFB_GHMj$_<-q@6NrMrFOx`=DkcRuz4v?o=rAE_|Y}@rYNO zEY0u%@Bpr0#jH|9$qN_i<;MzSM{qCz%-inTT=CO=B?tvqPEGA6J6(GX%RP~4`jdI; zxsL2~+@Aoby9Z8wG>!3&XzkpA`%RG>H!MUR<2gUNILhqZLr5?)^1H`o%6<;cb`$AP zy{>5DmL!)X%Da_Fp$c62b0*;;(X$q86mU_S$7Ig$wHC?rvEB7MjozMwomLUhk&B>t z|3G&KS8b;2!d+d1Z9u^?r66o&1yW0mVNI2VBw{(rKVTaY|;TKk$>_|0mJcehc`3j6Hv+%w5!1O2nweCJ!tvJ&=m$ zN%z=55~69i@8KCPjrQAO^S$c&G7PXre ztB51!eb41RY{xz!#3g<&tzD^q30$o_l)`02vCxhH_w%%KUQ)s1*?%;A=!}WR1Bfu3 zU&PZ85p>9);xW0CYgqlrvpXV9-St36Yy2|LNx9I?-ua0AN0PA*e{EjC>~Wi!%ugTu z=M?oz4FdY(-`u-dU>9<<`W$$_V2$3PslvIy*Z4( z-EL{5jK8(g(v<5Q->&uS)ZX%fWM&vN1+9 zAwbG$c_> zy3cttaG;wdnrwhD+Rsh2il#q1A$b(o;c8R{@vqpQYOnmeJL_0u`B2#C1k0o}=Sv;)>oa&gU4+^=^`qNS z^}C+7aJv6wa_X^fbcLTG*M~ojBjxTE11C}xnBs40A8v|tn(jLoMk&woMqKbI*zdR0 z4>GP9rzwUt7^m9zYFZ@<*fJA!bW?fV#MCloW8Tp0AB}B+xwtyxwK3GN6r3#NM#>gq zEbgHj<0~1zXY~u8Pq?ypriH*a%Y zI_*0#!VrJ9pA-J*eTUfaX^Jd9DascS)neMA0)@MzjjO)pdAP31OklE%FlsYbfzN>e zS+I2!?u&1m)q>Y-F0+cmo3)VWd0A+qO19`qD9J8e?Y2ELACqnPz;4tadSGTG(^ zCm`tkB#QN9nu?STy%dZu?)^tCKi1&t6-jd|u^L~VuMhntfD5!)Na-eGE`j{$S3=oE z0IL16?`gLR%3ng;KgfdD-Fn&4{}UNhDxEN+ zjlAHhTbR1j`pK(BvAqw~c5#7Koll_!rjKM_jQBdh@ki3Z|9+g|_pN_~k&VKj{q9Z! zXczUx5tCi=W=~j4ZY540!6+r?ktsO>mQR7WPOcTE0WNDZ{6XTIm_l_JgV z9-2Pf*<(fg2zk&T`6x_$;F<$^4hWiUvMJ^h3+=`zY4LZYp(YI2#&)o{_p{|b_{SMr zq63|>w;EdGNFtKLO zoV@-YLW<~p;8~{*o9-Z?+Z%^rdV`BkDUVMxWCH6X>~}|`i(m(2Mw~6@HqF(>nF6kC&DM{%D>244a0j0Y(9U>^*-E6w~ z7Wh2pyzjZb%b#x6T64@f#~kAxW8SxjwLk{%x2S=!_PD(ZGKtr<3O7FbG8itPJ(G>y zTx=pDJ;vJ}(j-jsSxAue;jYtqgUa#6DO`SZcz~i_4}E>+aKne`Fx|Tw6Q7f{_U&nb z#(>!ZElKRM#E$Do5C86tLaVrHOb-j(0N`3~%Dy3(R9Of*s4(yGPG_BnWx8$;S0<(@ zg$cS<>DuM+WBG_BtZMf%$kR@LfVrUkF(G#5=pp<~vpb|HV(ndY575>GZwd2s1zb5> zKx>e!5$jcPpAU2u;t61P!Cgv3Xm&s0WPbzQLRc3qX+i&19Xs={qB>ZIUt?QzaEM#3 zi(W{s#+fmdyL6OBtdd_BP@^Uynl*kNU&~hJtC_*$`&5Iv9oxyiONoobebtptS4S(> zM|xrNo{SS--aErRpB&j*WGhQqUd{LJ1_WcpJGz1SDNKC z)i^swC#M~Wlr55_HsT&>%=E&boc%JU8K%v!fglWyn*9D{rKlgAwxdWSmu+K%qiQE( zfFf&mtgtovVcF4}_a684=F1cyaIS_$Pf{hvJ_>KW2)zB4@wpg&diWa=*WTB1r{a-FYtX9G zs8vV|vvVm9o5hZ)P5dWmN0q<Bm z?H1rC`W9%NXDXY`IT!yj<#~c8YTxAU#t@65WD86}mSL1y z{x02In%*^-A?0|vn3R2>6MmpQB%MZ)M-dP@>rwZ4aK}!aFBN~Gj)1R5vv_vp3sD64zAEwy({re)ddi#^52u79jCbWz zD5 z^JEec>SMA3b5cFTlpV+(7CyqC@BQs9q(&^zTl2p17{i{7jOz^^A6rXqVCc7$?zxr3 zC#JLBT+Q}!4a(tno4%)ZeiUA4@gCu?WbxncKH+&>+1aVbRn~B1Us+z!%o52A%GExU zN>YZC%t1lID9r}~t^H}=CZR-Jznm=Hc(tTRo`DZ$P8Wu(H^xga*@C=c7Dc_10^_zn z%_oDU)3|Oi`jZz?RN=SGWny}1-=ei#{k!?;5Lme5t{ZYX?-3M{@$Wn&_<}I0kf$br z_vy6RfgE-&_P~>k5oXICzdU3 zgu_i95A=Y%E4D;DSJ%_{4X5RlhgJ^rSsUG#L;(}clWB%{FzJRU?N6m%=xkFR$rdlDe^w5piJg%?qPXY$$VUC!Znvzw7Vg!{GP3^@Uqq zTZ5}sE1OC}8ofN^5BXWv7#d>CT*f#&UoQ}o|nfcDO7m7x^V-_v2xx2-e` z%K-yB3vYVj$drd9S~1=quNaIez+@{oYh`4N+k~o@1t=6VXMI)75A8PX+xN;{TQsOl z6uUmWm#zM|q_#in@e;or4~L8-7_Z$yyz-EAyh#u4uFaAl$IG2{lNKVrCS&W&GuZJ< zcEa_zvnynKrrg5rqv-y=T5=6O-8qq;4)J4VJY%)FjvD@-1HmYvCGS@3Tg)7$pGsjf z(F_%c?*;IkhYWa?#4I#BhvZM`oWp-3Y_>LgOs1xB+7{&1UbTN+MKy(Cq}z1LkUSoR z7(Ioxz(jW9Q;@t*A=G8J0e10BX>MnebnePfQv~?k>ld?@$ttd=$3c)#rPm^%3Jzfl zS@c?CTp7m`8KTZ}O2Tgpa|*}0i?+5_ZpzspA9Oy5Yg+7dX8B+l`Cn?z+twG>e|HdBKbwr2`iyxq!m7~lq?i(aSr>a4*^_!@btsp;mCpk)m>cbK5= zZ|D;0=!!l6%eyh4P<#I+))=KpLb67heT_(`xi>Mv^ZTEzO$=iB`U77@QA-m;M(*%Rku zIo=eXbHNL8F!Mc&1Zy8229Lndq;#G^i5ShgTo~zGHvYcztdp2Ss@tj_tAe6T`rYguLS~~KJ;FsQjqT`3(nTq zh71ogX9?R)*s(C@$ks(3E2=!aMLh50RnxAIM%N4 zwbJ&;&v{^AhFzc-S5VXb24BTSq(f?9s(2iBwZM9|3aVxfRJ5N%Y^hp!(a#IjzNjt> z>0G-UUBme11?K!8%!*7eM7bYIer=b(P%NxAB=R-$ln*?)-)ZW6Ru=MQg{zPDeDyZT zMG+v8>}aY#QLZDC)p%vLk@05({m<6e)I$?SoCq(GC|h48uEve0P4tpE)+Jcs6Ku0jM8XvL9D)L%$jA>d zX~w6G#>--0s%`<#`X{AG4VSNdaixR4@%jp4gLp4TI$PTl<|qso(hVP0!NB5c=gnI( za`&ROayxj=aTlfd$5~wr9hb+Wg4o1jQJAuT1YZ%w?J& zLawX?znbY0z{!cY_3(g@JzL-N#WZNV>;qhX7DCnsI)WSXTQVO&M!J89Z)LMhC(j_Y zPVPG?ChUo1pR)NuFR5alP`;D%&H}t6w8LtJX zB?={iWg@&IIE?zPj`DwAIiFkA1cP)2Yo<%xOq#nt^>53$?fpiKA96l(YjX3o6S#eI z`r@t@$42(wkS6k*yw*X(Ta9R`$q{DPcxbx z%od+wFP<@2X8|HmAsi+=I$>7*`x#WsJ?;k10*3zaKZLDag2UP^sfkFTq<Y~vi}89JY|pow`=eYWc>R7z};3y%;Z@h_$tVfnv2aVx(H?qO0^z=!* zM#ysD3(f8iX)!0aDOkf!o+fM*{EHU&V5H9cYDk5==dP(I{Lk!{_};8kg3Z=!7oV>+ z)Khl7zg{DDZn#k@Z}e^m>*v-AxNcTp8J%QSw&^0DgMtu75^+ZDbac(6WV9(cUEfrB zce_KqqH0REXGIX+&T)szXhE^IFJISDmsY_~q3?#vL{x9h<2m{_W5lRuh^@l%I@}?- zih5%n%+{4HDzBEOzrX=UiM4fxz*2u4^Lob)L)QVnD-bBvitF68i{`qDTLnIvYUXRg z$2U=k-l8ZNI_Om|M959eFiBNNn9e6yopZy^<+s;PdxK`mS|S-y`Utn-E?~;<1usyK z2jv)VxU#@^h#K$QcaeaNKz_r&>$K7hiiFgyQ6+<#-@6aLOA028fafnoC0fWe2%fJK zrqK9GnLLoM{Vu-sf!=4H0^j+^gz@VZHO)wz5d)JQ$M#SQ$9VQ!?j85-2^FzYO*6D_ zgdAqzl)D;SQh|Dz8WBXMRJ^IPiZm*hwOH!#sNZ?M`qWv&ue;v3`s0zEjS|#B-WJ|! z6V45Lq~t9i9OS8H`wdX=S`{KF)T0-Mc@id8+}*yQ5r`wWOU+GPogpe51s!b&mJ$T_ z^g_+DhEglU=Xfii!{6xj^1>`UoahyoxnTz9B^F)j=^a;qDp%SIoG(A&8G3|xzw&03DJ3aTc8Eebp z?;Ued7C3+aWX|-$Td0zdG4*Y%$D%(Q7Oz&Fui55=?%jks)T=(KslYbT0_xam6vn#1 z8X)mq>S4feUbw_KL}XaoKo5CHaOpnqp!vddB=kJZX9#}Y}xdR|!Gso}1rSEPWH{eWt_rdfKf;FNNp~{fSr)G(T)+(l6?Ls?k=$DvXkL zk*EnjeLTNJpRPK*j6Ysc1`GsN>ah8+CWT$@x`?9~fWjWwq(H&1jhfBGZRBbOEII#& z#u)&=Y4j9j)J9(J(vS`X30~qsH)saYuS_>1uE!}ONF7ToWY4cHt)}+eb-2gQHDz!YPN2Px4eQ9RKD-Hn@AotCg5=x z4dAHeXH^fDrtIscqDK2tWo3jj^r%kGrS9N#1LS&5jOMwQU<<-YT7)tsp%wPUwidqT znve8~4Rx}`mvk$ljyw20J@4|>cAdR0dAAqouq8`d!buHyud_t?Okfo$oM1^7L13=7 zPbk2CR3%34*`tyBrSphobKQu@JgW0uH?X-x5h5thVMCJ|HGOn@8tH6UEIIoN3UsV6 z2>H=a&aSkB@9$0&<|0k07fMzX|br?X>MAGt)XsJ30}!wHEjIBc#8c=xxJwhLO#p zYM7cwd)I12VV?gBLcwNkEN0GOP1a$r!>G?ByhC(KqU>W*Wzw!6 zmmh>=Hk<9SyghDiGyVhNFiik`p+to4B&70sU1^*)ZCWHTl8Wh z^q^{7BBVI;zl_kwBY)ZBsqf~N_dMZoGMPzIZnjfr-)s|fM5vdvd3&dh$O9K-qo6(S zj7`>>v>r^Bd4UZEFCMTu7Pr~Fyo{Vmu??kt-gEs_dGRoeQ1yO^`0S10bOh$nvLMDp zhi<4Sz)c-Y2(63Xb2GD3#y(?w|7&}7C?T_rfME+k^t6QL+fchD_@#6MjVoWMotCb7 zomsY2VB1=W#1t5zz4Zou@$uLou!ij!-H@%tF`-QT>{rAr2u?mtZ zEqtX7r)M|_ROV4rujr(bAq9?enGwQzGL$(3KYee}@8f4XG~OrmJhtD)MmQ1N*h{tl z72*1sl*>&jaeuevAOH6&zd}s$bgi!_ev3O_%EJeE;ySX9Qu20V78xH7923|rI+N<= z1icPOglF#aS!l-vgWBqlLJ^`))&xF15&8t$8cJp9Zmn189*W?Q)9MdF_WPO#|0o`a z-%VGrErqzRtpXYP8QeI8U~S5~9x-4Eo72;@vuy-Mm;S|++_2l0u1fFyBaURD0X5{7 zckQ&YO+wsH#37R%#kXYa(}G=RmrhRTS7$WJvp4RKAs&TVHkzzOmZ^V2>CqIR16#R; zD(#Uos;~>V<=T~yyuka{t=}f3g`u6Umtv(UD~)mfc+h#xc_e&l8O$A@@0Ymav2~3k1Vhkz1-Ypgk9f!^ISa$vGE)%_uF1JE#k2a2-YQ?wByg9 zkrFRX(qfwCJ5=mzf3z%co%wln(YF>fex5_UZhWOeWbf_|dS z&}JEp^D#O+AA;eEu;_)f;eUg9M_XoB=PdyBOc=NXZNu=sRbf1qdV}|#U;BeorW8XV zy6PMGssb;VIPfHMXJL9Jn6%b8K-($by0>Q>vD9x3jV?ZhL86UwKVprwfr$m(_j^uq z{l#;Ua=HgGjRNJd(IXV;B=pxm@~w0i>8fS*&nJ3VkkPr~gdFI%{tJ7abAJ`}Q@YS}*w09(I|~l?gE29CACk`?oV@We z)1L;Wb!k$Djl-thXVtB*UtS&(w96)1#h6rQQ0g$`X?;}JpRG`aUJfMYFcskNrlPBy3~TN*^^RF_by#43*j z1GdHhPxhYn7lX_vh7VW4{LUzYuF3>{*VkK~hXd)JJRFFOsQl5a1P%kNQiUQ@Vt8{e z5c)861{XHm#2o6yrfPT;PJbvzxu)XKHb2Tt^bTx`IG~=PXNpmsE9SIpoqQ_vysp)8 z9{ED-+^IFS7DtPg7cGAhJ{B$9Fm4pB=B;vtG~-ZCs)C!cdYx+A^<_`U7O~qhsnc>K z(iqy#sIwNAovzzphNE9AkE3T$;HCz4qJYcR=M(RZ@JaYkEWg$(Cl?tcMJFzAs}^Dk zk%DwNxUTdkxGA*X zD`QyAyU^+v)2zr@vF3O=QvR)ctA{U3&Z<1m25ikzl(hE_7I>~0ZvTlHX2k+P2)wZg z5``~S7~XgxibuH?j)&)`Vup(FA+cpMk&FJ!gAXGvDu6lK`lTj^}@>grQ+x4gsqP51vF>1)rci2>U+=Wf3UPhgQj~I9{VR|5a5Ugg@pz zzzdlMey~!E_`R%^a6NJ&VUjec7MG6ju3JAurm|Ed_jOv|N*6s`!Y>nh0YT z0xMkEM#hhH*UVy#;z`p9>es$wY8`sgm%TS0x_ui$)HTk%|fq2AjH1OAk_o=Fe90>9tFVlp;Csxp__lG znzr2x7%+oWe}he9;UyUv#IdErBpDG`=mr}K=W$(-4EF9;$g|9+#`C=?9y&8BC z0dx6a<#7q}(>f&SgE6xC(17)(NbwtaTMNV;oe=!(rd0H_JOx}ze0Mb7S7r0y(~^jb zMr|p}SeLiKQ%`xc?bnc<1GcHu`@xkL{tiCb5K$=zmvVIA^njm3-e2R*n19|pD}9z# zA(&ye&S2;!e#eYrVte_A!3uZga$P#anlt_7h=vAqa^mN&z29#jl;ed&L=C% zj{R!wgFGA~Hz~>6mK`f5($e$wMs5s2m;NekJDa-t)L8@}i`!=4QU`k~6v7vAD+frh z;(Ri!D42Gp+RVUhrO!5+%2cfhu^aHvq0;ctI z!V(Xfos^(6fou$`pF}MBH63wp@FmMMsi>*p1U>dUfE(Nh$@(F;huIj(`Y{BXExLvF z^52ZT&XHSA*DK8SX_72C87CDQUap&^G9|Oi&x1eb z>X^<)DBv|s(=^BxNC`&3eq3;GVd2WR{aNC9@*Nvb=)fV>Al!|!*f3Nm2z`y*vz56m z%cX|x+Lp0oK|~K%)65)Jarq91fwx&4PkN};Aoo!miVP$?Ca~whFCZy>dqv@Y{mIweDw zPdbCJ$;tgkY3ubXbnESS4s-d58GS3Icc7B}H+y_{^^R;J>9;7#WMe&#R---r@4iEb z9os{+D-2T4>$m&Jp?CXR(%4j>Qy$yL%XMZNDaK_MD$PHw@@bWNk9=eaJ$Yp_I63Nz zbxrU4LvRlA#JD0#RW-c0x6ctjQV>2)N5zrhm`p)_1NZt^5#&JBH|-LXS3C z8r-L~JTG?Ac_KoNAizSvgk|MZwQp5k+j|51#WtlPITGPr0cPDAEP!Z~z)JL%8Muz_JSBXYXZ+{~cDZ8z zPQrDlDmZBp`*ze z)t#nY(r*PKhZwkJDuqX`nrUD69KAtDq_M4G7a-MbTP29)!-VIow}j=93-}uGnIL<0 zd`xYs0#UZ7-t1|>lPs{f7sSOW6yj_lLM=p~dqe_GXJwD!p&`kmoK%Wx4P%DHj6Cj3 zsbV+|(#44L@)Syum3cDPBM8l?hy7e6w0*4Lqr!drz^j_v)5$ zDwRmS*{nE6NtV5#;J&`l@v&sX;mzJXB93A=fw4EWI=ewqW|Of6n^Kq zDptHEZhg`#Yh%_N|2@}e4alm??G9F|$>Bk3XqVwO=8TcE5I%b+I@i2h0PYBdEO`W~ zW1|9x-Mr2G=`Y_ujikm;=L$MjULrWjd)&l1$ZSHs=I4J-7bkeR;5|*y_8(BfE9f0U zm8Qr;e57mYPzYrZt7L=#c2g3smX$e&)jniw$u~BoLjPJix#v3P(cN@-q~5EiaVTW< z;2re$>q?XL4~4%^;K`bJ~0_OuwxVC17Hc|;`cPwzjW)Q za?&JXmVryLV;VN~EpX?sCN>M0%7gWlt(GVFa{3^`-d8**pe>|}1IW3#V`$p~WYx(Q zT31UbZ1wW6^^z>Q-Bu_k^Pc4MXV4HSU2=d?h(ctP^BxOMl?jxp#(w5^<*imJcF2!; z-gD(5nLeu4BIFoiZZS9e=;JSmwi_;P&T`{Q1rj-=C66Drc)kPLQIN4>@~zIip& zZypBDij3lsBP?C=OoG35#?s_89bM;lC4A=hwRhuy1?D9R}r$+-gRqLZKPf=>FwgnujWa=b2x+Dqh;c`y%_;vy1D zx^m`6HSpXn={g*+!-Qm`Uqt})1OQ<1Zq>vNP+N;n%nbT;2dnzE4+dhBZV?*}TqzABp1L5?nhw!jcazw1_{6^G-gVg{%z=gmoTt<7 z$*VuRwO`oCjo?zr{6u=i9)JnChoQ_Sp7o&XM`X^KAQSuKv|0eID9c5;OKG=5-%1dY zQ(p~GVR?<@Q2Lex^?k-~-15KQS@wcfM^tizP*8&?VJgS%5|WbEJ+#w)nIg2Tu++<+ z{kd?TXaFcjB*rPoXlv$#$^Y96a2?_~U4bc=_p$Zxl-9~^Zx+GP|IC4*bkO(Tw*1dW z28RPiZ1gY$t{Oq+9NR+3{jUN+*^*z!#gnJuBO4Io2iKiSj(Re9USs2Ecqt#AoVtQZ zQf`tUYXr0wx8 z59wGf=kpsEg87z8#g=6C43;}Y5UQrEJ}H-Xj;uL$WlxkyF|m>n{ErFV6%MS5aAng& z<U3l zkDn~D(@!8hkx00-S7%C2Qt-BXbL7|QZzHM-b0EKSj`qqsZWIQ-u=Z02Kn`E!exQGL zv_uYv`0@*$`KI`Dtn-x$%iZ~~wfc`4 zfQ1EkEO`-39Ht?j6d7~v>#I>}7JprYkNl%^rYr-iEiz{y5&M3+flrqma<< zUE)q@T}!B%7D9a5&q*($PG3Pr_{t&hEqZ(45jzXERWF<^G`}ktwstTQ@cwfzlSE!M zD;dO1e=c%3By=q2UA`FNI0B=LAo0|<_%p#{grpH?08AA1D{GDZM^EXZU4hbP;;1q0 zhX+AJWu)0+9vSU^4sAe8u21aRyGv$qM}`sP&`4x zPtnt<1W-rt>Kx^(2!Yqlnu?VctX%bZ;9FWQXKU*z&Gioj#FrEz__LL93GfRVzNq37 zW(avPxgX6L2yUM+0EM2XoMs;$;Is}H6S;i}(4qkHBh+1fqHQoZUn-s-nG8HKOTqy0 z;s7aVJYaH?J3*U+zYzrlTFsx5%`a*|zV`BBU}oy-ghO&#?hs#LTxxQaJ;)m>wD|Xl zRXBNP5lITp=evKh6gc*4t`TdK#k{=*e*gactI^fkey*;fPPx!1`nDy~m8!+`-uv6z zRzyH!L0s9r4r{fTmNq~Nwo#Ezowk?0hnj-}1!(u~TrblASkH=$m@!m7|2q->84|nR z1XdH%1P~Q3AbW8?jNb@9+6;~}=O0L-yeVL;pb|~ zzoP{!5cq-Ya=~#tRV=U&!VNw%A@!`bTztceOZxXBCd!W0ta=2TW2FE{qoYj1?@th~ zqHpkVLI3#zF5kz!iu#n=3WcmOpv4-X)y4LoP80K`?*JaP{{mQ7fM8M4^8|XU zbi8JliwCrWG%Tzc*+%8V*^F9rap~+9TlmR+$}a^={9yC8f{m1S_~n$8@UXsuwvr&0 z;|0=b9Og3j!FYi`t(?gMqq-!Yqf7R{uPB}naBW^LBg+wh=ZhPC01-(`ORt(KSM)c3 z5y8o`4$46TEdWgD1UooG*6;HD+X2-diJsG+AU(klh?hkLQe5bNMuK(h{bKA-^aKRT z`}GKZP?R2EL@f{_Kye;)B_klvxu^h%zD}su0PMAxaUA~d=<7fVJXt&)%=kecUyp@z z?DJC!p=s3e?wi!2vZ*tf*Sjw2f8Pm14&M(4c3$mKFhD04F$}J+;t0G^?wG1q+~x6)J-KOT0chI{K$RDZfk6J{F0j1?+jYnARAI^Gwr+*VbH-9q7Pc zz!HRn_5AybHWbZG;ZoeFvyV@1PYC|&O-e*=a{mG)^C-2)dryo1Om^O7R_kVqWm?A! zJkx0oV1vdd8?1jvkBk1V4H%B_EL12Q3FuV$1G!qafRS80jbvu8yYN2=j4M`N*5)GB zYfZ%v_1>rYgOkG%|Hl#Pk6~5dxc&2$@qdRdkp5^QBn;p3!9Ase_ONF@!x=npH2-c` z)Bf;4jyml(A_uzApSSfD#c~Dmppok$lVYA7>{%ATNhz&~`us!G|MkP?SV%%5K%%|H z)P!;;UJwNha9XCFgW3Ob@Bb5xbf8p$F|&w_pF!AvuHz|;>H@rnmu{6y=|6k?H+}(X zP0XWk*1bB<&;P$MO%;}jGa3H3dB&&D%yY-qZFHgKbzFQ2WNEbvoPft(J>jD&vNjdXmsWCFeZs$X+Yi=`w>xW zZ4INtWxOiumF*8*e=7{29dMYFo3_W(W8!%tqOL9N_aC`+vu^t$44&s>mjvcUf5EQS z4Db~n92{!BB-$Sz1Z(tJ!Wt$wrN5c&-wngGwEH^R<8QSQIio$f53y{TW8en1*>shu z+?zM$iKpcii2`ohSb!)zpU~Ma$=VO7LWfMq$6QFq4;S~IRp85!aD!(P?$QK42~zT5VH)~+?H8NGLGAoSs))sA`8 zmunUO*;fe2F9Y}R``%TyY9BOiY;KzEPL}Dm`FQCWAGJS<^v026Mo6h2Je2P)1Cj*T zM9P3ySN$8zIr5T_{e?lDy||&FVaH{iE_1{BXP`;od^hhq=2fVcq0^G@r#EeUC*idVo?fT=1}=(4Gs>=+_0tL5`4<36r2 zA!-a^5rBE*2`=0m%Z+>Yy-@~WEpLBBjRO}G&_I>CL`6i}V37bnX=w%M*l2l=*1w;l z6S|rlW2vA21gLr7qoAM^+yjXNhr>J=dWy!@LUAa$#&X2}c(Ye2eaGijy;B@?n4Fjh z2O{966KEj9Fo%LLzHYUTsS3Gn`Q!f~hdFY@-}?qfj(2~VzZth1)r^dd^=;+)$NJu0pd=`-Fd!fx zY)_UYhBqHBwhGcIWd!eiZ^i)FNS#8oDB^@kSu;5;QTN@O!?R2MCv?B$uCAITv}fPs ze;glr5#e|9(|(3CnoRf=@SfKo9303P-;xhkiApYO&o$5;4+T_XJ`t+j78TK`awIQKi>82S}Mk5p zOHmO#pf-%(UJ5n*@JEYK(EZz$J)ng~$YX~KC>#a=ypkXtLuZ61c}yrsoQ)WF$gdND zz+~Vvtr^*wy102sfzk>)KHEy3_rvYWKU^LU*6OX;Ph&G`CGFASdh&d`41uaB2q$hI zC6%LP3bC4!5JIK)p9m|3X7u#*JkQ2u$G_=utBhTF;h42!TxN}zua)*bQ@s**Pf&D zS&85hFVBj*K-ED)>coM;F4Jwu3c#L-TfGU81oGwhKX|Rw($BSitjF3|=PxZ#JX7lU zUHk^Rk!rjOY-jAX5de>Jap45$1ET@%ABmp43Bzr&d|rIEe7aXe_aUq4QPJs|j<_xD zdRaP-NYFq3{F4F&u0){J8E|JsN{H8Mz}(zi8X1|it0t3>kRob(x-(6Qps1bUR@}=F$$q}xgj$FT+vSWwD_zV1%{HqV3 zb6ix7MY*gAYpo6bQi2d*RPrQZwA5oFkRKY4xc+`mk>Q3_so!=L6UzAsneWM}h9IgV zrMSx4=_^u<;wqwyk3i9;hYv2F6EHUwk={N0>F~HnDS_Cmxf^0on>@XF7}Nde_`|=sP@*8rcVeYTGK+6n*Q7jCWSbW}YN3WlKr!@> zf#-&JPvrmJCDdZ&$sCc$%GGO3>fOgXe3%bf-5dC+f)Fd$pQr|<_2$TjEB~LLp@rWj zy+uo>lJnC0`(S$(qQKnlUj*bczr~9u>mfCJTnYR;De17HRgrO#QS@#wp@7Rp94rEq z<@Usy!>=yRDmnn&mhyX$nqL945tZLe&?^)6F+;FP{q10Q!ms+ld?^))`Nq-S)ZEEtue~n_6D#)Z7KL z(eCDNq|;$7y3q&>UvtTOHMv0mP>>2Iz?&%0%+rLA9@S6Ag@gzz~5Md3=}F+>MwF(BL<0kwv;&$wBja$ zmjG2ru!)k4kt68ule%Rn1}PJ~h*$4U7Bb$#NvQugjBV2)KwS$$Y8-f@yd^KUE_%J5 zNR_C@&T;fKJz+c8YYxvTUu~usyF|YGSi?nh4&=>&Ub&det6?skWbh*pUr7HkKz)}l zIi?xEr&yTgCSW7%d2F)6QF=;Yp&1^9@ivuUi{`j>g=x{uc+owHGf4=l*%AfMUrbtT z__#5VhS(MOZ1M{<00e(BIq{Rpz2UZmRFWV=UPb}z3nFRO-vQ9u>yptYglSS8!EkU+ zC7&M1Kbh@$GYN$wE-*+1@){a+!(CD3p=96b#+9iuIjOvax6tsJv8p#{x>{GWgth=( zKAcO6F`iLPqwDgS$oSBpY2aRLE{wS>2Ly=UQG#! zCtJA`Yc7e(?ax=OE@EZp)phAod+{XyT%gXGb=Ba!CKVnjk&pE;HyBJxRm`3YTuEC2 zl)G@=%QtA~q7_ROTSrO>Xw4LRzW^{JtdQ<6F_$wX`Y@UV0q}yw?k{_v*M`;7G0(s4 zs{(A_Wi$nM_qu*8ahcV8K$o(O73Jzw^x;Z!-KxYMwAiwVMq;S**NNxFa-nQubn9_evAY6y~SMr}L1s zE%qrvQY}S+r^fYx$uD4_$&m+VD$=R(Bt`#j9G_Z=A?Cx!;~U_*{A=Kt4_wq=rFd2B zP&inC%XbR|=Ha~h6&K&;5|Hx?#1@)9;E;)c7;qnVc?QK+Ms5{z#6k4yv^3(%#`hEC z0>kcO!k5UEOF+OD5|$9n`BpUr^+fqMpyCTj&eUX*}U7&3dSjExSrpC3{Y_)P*g^!*YKcp3-H)saZI5&lJf~B;oPnxn2nv~UwEObE=xAt`foPBQ zwBM`Mqki5ciUCi#x_Ui?+L6~6PbEhTbOdC3ZEdAs-Q6w4(-Nmbc07S^G6m@vOa+RZhf42Hh~;}*^;Dr#&f zsmEc%y#BT*{zX&HQ)wv&Ug&(H-f=130S}*z5<xsMM99seX72Ftq`3` zc9dMrYEvrEj7~yY*h|K&AqOxV?8JthTlA-VABbMRc)&}r;4%bsAvWybpAz)bN|L7O5TN)4g@l_!*(K@GPB`Kt!C7~}H2^L!iOG zb+f`gTdkkr0ePH@75=oGr+;oHLDXr-1x~%yvr8m`&BsMe5)bL&2=R}XO}`UawO-xLL^wUy1az~h-WbK{ba4t^9n*Cwa3_0P^U_guT zJwg4f;{y~~x-?Xf=KK8~?>$yl-c5c<08h%S&>J}`J3}W4LYh5alK`oOf#?2!tMUvZ z6V8@W1~>L)@i8GP4n=}E8wD;Z&i}DDLvCY#y4EuF%G26Ee%t*I1lWZMR7FJ?90odM zFSX@z-_X=0(hE~Fe+@wZlWh`9y`Ag zlIGHT4bs7-hU2(f%52EEO_EEvsx1Ohr{2dM!6uRUKARHkS*L#yqFnK}w%(sYW1f$; z1VxG@i9iW$IbBg8CC4kd19Sl*I9JxyN*fMNWUAL_7I&OzNs-TAMc9I7liFwAEwU3T zFv_m58&PB41C+bL%cb2}XJPRCM37$f4Jmn zUI~eNMQ7#9A_CM`#H4PtmHb3rzvX)-mh!oQu&s!Q-#6qWJt|8NK?L-)>EM=ld=Q>D z9T`@hP#^B0IN7ojaY$XfZV5XsXecQ(Mv9%ttDvk36@}odL|RgkX2oRiI!|fW>kUaW z24O15Hy!u*m_zwZ$9eF%v@1pVq3-K7Wjrz|qyE7z0M`ir2K(4iadF+SS7sa?mEvrcn@h6Et|BwVu zPHOgVxTtN1OX}Ih-d?w9_%&H;`VLv>d{UzTd3rdV>)lA&-kKPYtn_JZ@&C(a31L8_0J9FL zAjt2j!~npHG{XY`$g~z=0z9AE)7jJJ-xn^E17H2%ysCYk3BcR4)ep?0@A?Fw|EUBl zlK|-V>4gbw8-N#Hjxd1q0SGf#YnkIeW2*(mR*5gt){p}rfkuM(84#}nU3xOwr*$2G zQni(J33y(7;0=Gebj%3=?1y90hx*@ukqH7(aOjqQj)?%35;P98o^Ypy&|6E`+LZsN z7VvkpP~;^56Zz^|=1@OxnArbWK&Xzbd-P4`9%Tv&a4ajNPFE zjQJiOGP278d`hkL4q&RB+SP=Am?+Q!2aNIWQ(Nyd8jtlq(0E`5SD(g!90?dFuPQq= zN;fN)VBhCIQ;$pwa{;(^x=Sqrz&@42<%9pLGVnsx3SVH_{VBhLe))fpe@ZcltP7Ei zM->3WpZKnjrGcLcD3LxXZ=WNm^o%7!yn5KMF@ZL!r$sb~a~$~+w9aKciaVn>8089D zjUr&f?i6C=zhp{j)-rQT&}K&0owg-4BsLaRnAWm>A&~@K&`je zS!nt+E9@|$$UsSer#Kf44J`zV64wm=bP(m>*1h!;F7DrUq#v)oauCLeRxUw>Sa;qiGcpdQNs<-~gj>$@o}K zp3c4|M=Zj>J8w@)R&E1(FCW3hcSr|AQunH3kRFLpOjSHmvG-=m= zydqMVQQFR=J*t1bU3L23UI0ZN=Pfx4Rh-lBhr+s9I;j-KKvVI5>jE$@SoutTHaoKq z#Yz(^={8S(Ln8kTOPk(AhUcXxMpNSAbX_a>yfK|nebknV1j?v`$l`fl|(-#LHYUyQNG z;I1pyyyjYSu1(2==`gfn z=tKA!>dG+j2Z^fW1CIjy6ICoLEZi2d96acjDS!Qet(CXZE200U3>i3Zd{Z>2J4h7_ zWs!x1T8e~$K$13`uOf?Hl|ZUV7oo}+TN!j^Wy1l{ipiaN)OAbFX$#PK6Rv#DU;{yk z7J0-ntiW*y?g>SCgt`3>VxYN?OXuzyzP`jkBJPZhaMia0~LS?%} z1)xWjnOaGhoGd!TJcqbW8n!xJ2`**zx89U76{QWhE9{clnqP?!xR)$Hf1jY6VY2!R zxa!O5uSiBEgZjOYJd9yGG5rii1Lup*4&7TDcPAxYqj zXlq4WBPv_?dBUt89?ItQ5*c#maAM2_UZmq85QT5nj+)x77h71F$8H|IoxS;agxa@d zB(P>a)9CACye@4538QQ<>Ui?OPu-|oI}NK;P{@~X{=>1Z*RO~gaya`1WW&$@#g`!j ztar!U*&iiclYzosLJVgySmPZPuJmK(cZ61p!XcjRWRZsViN8ey8}BZB;eMXfZ=LyR z9*;MILvj_@5ws^n#TT`z&#L;{=Ov9#S)n?#?U1FjefU61-ulT{Cz-UT4r9S@ zuFjNjsc?h18_Gnqg9ZV-a>r>{K<4=i6Ktn*%3~(xNh>LCIkTTQyWq=sU>L!;Ia5+c zwZQ!Tv@Q*$e)V81RHO2U*pZ+m><^ucUmr%d+I}Oq!2K7(Ng<+{n&jTJ|HK>+ttZ!{ z34^vLq^*NKb}M##6RVHv)}ng|nrgUWke;HQ%7*cV*Q&YoNcphU_t=@dH5j{Rqa;}b zjXyZbe5uM%eN@%Y^qS5RP=!8tmBYOJWmTa1yLO0Ab(Cm`w$2S7-8>WSb1!NfL`ybwCtsnp3rnB{VH{{gvj!=$97M3i9?Wv$AnI6&LG=Vi zwpKzwX1&#BxvIc0!%kjyDLq}TXonP7E~~wMkA!N$L#qy{K^IibfYn@3gDSA}C0~#{ z3$fjH2FciqO>g!7E)aXYn$7sgST8K3@EUdTOP##uU=wjYxVPL=w^tjFn1Cp@12>$L zAB;EGCCN9)0DzzmFTNiCW&!tZ|5}Q5sAf%|NBG^7N^t@(Np9X6GX&p zEVdp)`i&bpbzwyB({J7f)865eq+iik4#PV=);KS=6~`2$GOJvq`rk+hw!>%vW8`)a@5^m4i9a zC^x<;Pglcfo$UhcD>z9BuzKtzTDv}L$W`a7PIlfa#|HY}z37(!MADC_XC4doNG)(P zb~H;9Z}t#-DiVWZYr*PQRHsovY>5anl*Em(NjUmcR{xz0S3RZo*c3wMFZY8+c8e{L zrd9fsCR6QeV=?rY-#Nh;VX+Iqn_|p-sASzLT9>5@o2n{-^f15-O9t`0jMi>ea8Rn8 z+uT#=BDYJUROuon{fI5%L49)RiWa)lmiU~u9DXp}kb|#>s(Uf)45iPwk$6k%>QE(q z1?z03fstOxNWX5gcRHBp}CT^GKqI*X5$uIwM=U^M|Q2fp{XSyZIX z+Yf-R#6lgJ{{kOii6#6E0r4xcY?yps2346Ex3XDyyZ*aC{#R&xze{QmBbC{(0*Rbr zI2#x4M9eiJx#OY%TK8e;Sosg~$J6=Ep9ge}U=11)zLdhc1*4E2ltvqE7Gz3jwQWWl z^q>_JT*Lcn_>b_(_WU>w z;kc7##%75J95!(WBfbKrn2UWdUiK@>=+@Iy4MhCk4Me#HVQT&$;607V)qw8iaGaKG zf zP=($lRBd7Wr&KOu2dOv)HS>iXN`eB*L2!bM(9eF1vlSHYX0^aFVmHcpzrU3%9P~wW z;-6owQ@&FS$Ovf+XB{KN4T-a+J?63Lby>$TovfRE{+NuRzpNI^R~;vs{1bD=ysqWE z|18(0km7T+(=W?7Fe18u$4A>C)G%P8z5-fkq1TUHyzHlURF(oqby=Rns*GKB6n!q}CwANSsjlb`7Q~N+!4sNi z@Xae|##C&A)S-*+_9B&^AhcZ7whN9-@@GA7k)p2Nb7h_%b>b+0!>svgLqEvY)R(V- zNr9TzxP4dyu47xpEEHwREJrbKu5X3qy8c1-JDHm+J;&2Wh6cxhwRg{Sv?2wAUx*Yn z?VFY+-)T0U_`o*+W8)ol75#e!K1fgis(F@*nJWp63PPAZY?VBuv$(3@)#Yd2HX@Xc zylpP>w30$@51Qm5Z&zYR+L-?31Vxd${anYu9t^rM3o2dCDH288r8!ssx7h@_T##6~ zm$Q^?z|?6L#Yr83O@7DF|4d%Q+*|?68Br=)CCi8&Aq0S?=;jNC2>wN_CC-%XFoZg* zpTa@gUZ`VFU!=`G6tE2&=+UxlVW2Qt*Muulluylnv9oCFXvWeB>lm>UQGZY5Ru0SS zc4J7N(e1VDk8M8&6fOM>lKQ9i_kgC(Hh+F0<2JBwl#9h6Wne*!8nVtc{iZe4SGZb- z<0K~(`Z$-t9Yy%b6EQ&31~hRvl|xNVd(k-VeE`+$#)2&o&@zQnv>4Po7%MHKz8!34 z(5@H%TX0jgfuQC^JBA`_!oWAOL%Sd(yTKtAJA(NYfT9KTe6X&nMKXni_PCCq_d2Rg!lL=l z`Tm9GLBtUZZ^qWbELb*4aZ;Mk-u;p3B4+%6Aeh{g$P?=ifDiJP>Y|&FNpF;m!ni8^ zl)4Q|7ZW$TCJOYePCr`@p}b<=VOSC-OXzW;C#v2e9AXb_eB$9ow04423?Z0l1`Q=< zb=y&gZ7&$V^L`t4QLo}y!S6LUymKuojPM0w;aKrlfh!*`>WY$n;%GU1jKJ#Ig5*-deizD6k))0kDmFKcH~mjx<-I;;}~e09#Y z$M+vVr+{wT(kD$LJ4r6h?0e`YODZE5|Gahyhw*9^tVPV@<`kV*V0L1E;4INyU?ql0ta56HgTSVomr%Kg_Q{F2k(yLq_%U zoQH2@2;PAg1uppx3qR0V8Nn8(OPIY8`5^d7oS8JD6 zm~~glZph3nNmUe6Gc0in==kCnjD<=%P2Dh7gjjXeVN0e`Ti5BjPK!F;iVAs)Axj#5 z!DfQ&#%F_1)wikvK&Ec)3c-IghYT>Q%~=t2Id42CFf~|<(=v@q_;>BOFxFm#Knl$S z(Q}&8N=i~`_NydG!?h1*oe7zlh>z2~)ZVv(L#CiWOh+05lFf&=q0H;GPUNu2_@O_m zbd8r&8I-B9sGl$Wuu_u?&5jL9`&yvuN_%vVQE_hxjVD|3Mz!`cr$wgDUdz%`8|r1; ztqZy$?m&^YqH-_nTO}|h)VN_3muX7GUwTipB#?|1u|+x!EPLL!RyG&sV3oTBfE z04(rBTt=NME@`tzJ*;dYhe;Y&`Z>} z?VO(%jHGft1-;4RG0XK@S00)7@ckV`)P44f{z0RzxRg&{r_cBUCSYjh-ra*Yg46WOgQl>M)Gf6{1<6 z5tZe?AFEgUE;aDQEu0Tgg$*&ekpmP-C1AI;s0eddK82Gu8f%h-1Q)k_apzC)jp$oc zbOE`KwFuAH`z)=<^=GtwSLK^!Da?dyw3Py73p5@+fWO_Tgo*#le<;@gRkkhH{A@8e zRA#g^CfBl`W|f%IwuI|+cH(|k=?8+EP=2#CrSu=BMwmVA!lkGBLU<+bSNN9dL@iJm zMzk4U>d>#E!bR`#$35My8lQT6z1J`OB<4pe%~je387m(h&LZ1q6N1ToV*_zCWd?-b z%?Xdoifr_-FH?&qGb_)$Wz0UJ+56^`TNs-RD){A|Eg*6cMPu4)CGVi(>nN}(CxPO_7g6i9kvCe5i5(tqnZbr#cAjSQWCFLun}A^hVj z6-af`nyU%0ZurT9)qWZ9>ANiHjriv-YlxLg?LI+4xcbmyR*|!BI>x$n(EUf6g+{+^ zn>C0bFiTZMX>ZJ?hekMxe7+3!PH1+*w>8ZL#;1ApsEuT)o+4<-M5ZFv5x%GBkCbaX zNSD-6;eQNw{*>hSZE=-(afMmOfSR)z;JqZS)O7TY6`Rf*)e6YMR>-&5oC$|$+(~um z(ECGx;Cr4tyYE^%xBR*$&zJgSF6o|tNm)VgK%s~ZDFzca(U=8yDA93c6oUsX#=t)h zWGCKgou>Rl{*WZK+v(_aEQmw9st0Bm(i@`T-ISQUj{O7D zt-vy=#v+M^Cx49DPL!)E3SK$R$b>-t@dC=k6QMTO6Kd9UWU#eTPsW0DqsD0Q6fM@4 zZpAo4Qg;xl0#B#cn^8^6%(WK_h!+7*cX_$i&(15}8K@^&G<{%luW!~BDk7v9bD-us z;s)bMmR7V$s!M|*TE|Gj{r07b^ZWD#S-ga@051`im-|V|tto>3(J7E&c(@a*ipq75 zItAd`e?Eqr%o|3PgBp=YH0Eps&_C|x*;Ny*jmpu@|F5?PKK4dqm*M^++H=A?6C|0vDK ztB0eQd*`p{5~VXV-We<0!eBV5{>WzuVh37ntfCvwjp4QD7A)Yfm|CJ-yq=)kSsf3X z1S=I}GF0Aku#|(dso=0I9`{oLiy1i4TU4QEz0GBqD1X&pVn?S#JENT+FkrH+0wD*}@u8Z9troBkq5 zge5>EzDB7NZmlI%a293*kiX~GS`zmk^AxZcqi3W)Ws_j)7^7P97+0IMVc|4vnon|x z1p#q8S^ItoU@zb6oo4*cTsErZt`nM%kwhp(ZB&V~0;7NocDypIo-TSV!7kCJ7h<)` z+XUM?$!YyoSjpIuGMn_d>6^V7u&#E*FzuOdgJ5g*-M$tEkpBFTjRg+MncK>z4l5aZC=gdikDZovJUgcbXbGrT z*=Qm6jEk;82{NRyPvE&`yE0;$C}$__>-Lfo?S@%e)a>7;$)7JakBV4!$YO=YCvAF> zgL`mNfjn9S44ucwKa|mpmap!lH!JrEttMP`ljbwo%xDTuQ8%4ssTx1)F|n(>LeR|_ z_9yCOWp{$m51eP>@n2m=RY9une^S~hyB?`cfuZt=<6F9S0)K3Ymtvt>B3M-Yn&C*c z-fb0%@qE=HAJcq==IxLB;8us96d@V4vIm+9xbF=W$lz>q)oY8yD^*U%?V!WK7HoG{ zk%J-b5QMEt+$HmWdWlC2rSf|cCd#B7RGn zfJ}Uh#Mzx4NPFoZ5hMJAjc@WBT>{?IN;-?7s3)t%)z@+pO$l-lW8iAw^V&64twhi? zeCVAj5bI~!2ddT`EQR8fY7W#%nZA=(kykeH>)i5vfz?$ul4!!2HaBz)|ImrBlfup7 z5QYwLb-ybI4k=RJF?1_HxxQPI16x&LNxqdSJn9=o zimr8v54hNGWFqL3brSo40)TPMMQw3o(sJ<~fxOl>bwX$cmhXLXrTUa2jgn-jzKX6kT-`oe&A4~e3y-AgZ1_kk`Awjew`{v-jTyNU z_o1ItoW|U0HqvxV?7OyGG25m4t4mk77EbcU`LOJlCv_I3kz(f`{rEr#GmLa|IKb-9 zOJb&q|9+Cp9sff{!bXyzgq+uWZtv);B)zr+2A=T~k_AL2#qb~E{kOibPMl~1{1^#4 zVZ|&G`0Cfx_Q(HUi6=XTdOX5T<~GbWmCH|knVQBG{k}=cS)uqN0+ID$K1$*gB^G-inA@`|1EM|Z3yD38Xm?K`?KLpm6uy!^S4fjXlJr>{BZ)ktETy92hvtgL}(1nJv&zzr5TGZ>w&{cnG|%~9(ZX~-lBw`%x&wCEFo77n*bmD{?u3N-*Nz$Dv}-q zTRz)ffX%CY$X8HLtQuM3N&#rHA_>_(pLHhSaEaZ3nDa3chylzV-jJ8kIi8!37`8&H zZk4U-h^|1cAg-cts_JXKT zl!}I)t5V)@@vKk6nh(0QY{Ht#17vh0Nu-HLSMUP%F)9N&dvq*A$OYM* zOv7FiEXm}5KF)tPSAK)$$ZH^qD`@V|&M0-imQUR}g@vL5M$Laa$0l0Z!p8rb0(P-I zt0RwUxaCZHn4IE&{*wfqdIKJ$ZJ^ykhyI=+5(6d7nQlyyL(&~ZJdF|po_!6kPhY2^ zkEH4JyN|xigbVHmp6~x>a2}9RrWNl0rxpOh{W`mohS+6(aN9eX+yLBvOrOV-n69xPQ8uY+%P>+xw$2a6ewyyz*M)p(^UeWipHr34t}<9*8YdDGHyw`UEHY zcQii$Z?%G(3|P_qo1+_C(0{x?fqpid8J4-jm+7FrvGlhDob+=07I$sej2P(X5F`4z zez%MClN558X>fADWnfStWG0YS7}AhZ|IV(aw?QK*bYNSaVJ~;UH=}!ZB-hVCaYDhN z8uScE)$T6_-#0W6dd2-6SLqPob6ghuTYDHm`ci>$^q@WZCqNvd`mH)`c55O#H*c*t z;P)X_+aG1`o@$|Zlx>wlZt^Qyv*Tv)LSzR}Rm_YZ``{4trc#sc`ggV)W4rGItKjps zS{pDJ%vs|P7^RhrvWZufWR&q~{}w;oiwiG=yaGOZ~UC_==LW#?hC<-D#RJW=e ztN=|+ryFf9cZP>|d|zLlJ?}RooDQZ)9Wn0!)n=i7i*pZGCs5u#oY&kpI0)X)u9+`a z+y6!`v50__w?CdmwRZ^!JM%xzS9?BP3|?GK3KaqCMEk1^w#|HXEYJeg2+-R%yPsrs zZB#X_$xeK!(XN988mMBK`T`m>5@PjiCxhfF$rwfP|&{|a>41{OK-!Z$kt>W|hx zzNDl-0%eTCu>!-a2;R@XZ(uU=Sk0r$*fuW!Y2YBBawHibtJ|kE2b%l9BO{9gimv|O z4lB(;v>IRFSAeeNV7WBLs5&pghHF6hk8YNI5B!mN@;5eRwtvTtKW^7Ql82kNvyx{u zQujamEtbFP#N|fF+utxKoP=aF=|GX(hkm<=K?76F9b^O%9INrZ;uzrcSr%nvV^B6 zx8T!x?=tGU5;|Z1hjQ$F*B~QT&Fe@_B8=T}DZ-FH#cP>R**5u?;!Oed26;O|YK#X)+)otS* z(uRUfXv)#}83^1 zoVBlFe+4K7NvNr%u|g*@*x;UYzWYD(4#W|G|EP?;JT1Cf4mTuo?CJe}U!$MV^cVAU zaqv*7?8B09b88dI;ptZCehr1T8cS!{!h}g02CbR8=jyoHhk|$}M+{O1|81mE!W~jw zAAsc@WJ0C840O0+J2dnG9#~!yX5kMAZySb?1sjrU2?c$% zKWSR@3f*r&84C^N(}$?y%4*&FehN+WP3&WH@uk9&u2)W4bo^c}E+G;1Rr#%u@4e%N z(D1|4!&QG~IZ~-)b{?^#La9<7j;?oZZ=UgpX>uky43k5K3kA3uYx*(?dc^EL3VLv( z83Ft~t7DdBNr$k|%*oQi05lQv(PO`X;#UbAodgGQDJdi`Bntew{07Hs zMR>u6F>T;KmPPG*O*HJef8U;f2Z?>;E5p8D0&^+)rY=8eC;Rov(?0Ma9`E#SJ>Y|_ zXf!q*W$or(pO&*?%UcRo&@*U9N$8pVXUzvD&NfvSe=2?&XVm`!mE$1EhLTk39GGm= zI3aEJaO}s;p1YIPuVEoTN?kY=3**3g`4)0cpRGYIcs&2Tkb&I2z|A74ZY-a!&hx?q za3G*~@cEwjsVlKoZPu?8`evow`$jewwP7=xPY5BuFD#B7w6v1$c}rq+aRk&T_fx$A z9k^;2+-7&bdJ(go(4QAq=VYa4aXC;1oMiCqbI9CggzfJI?yJCk`0i>wJ$I})wf}hK zFEidEG@WcJ^C#K{L52o)66vUlr4axh+Fr>JJHp#AD?{93lE$T6yUql{+vf64RfheL zTNFvbrd$oK>P^d`8I`;){2Bu~CMJ3P-pY`w)G3~?K|+RdeJ_XeNnhZ)i_1xi@n#D> zd`TM}9r1ZK02~NHO~K9rIH9ariYUJRh``o4yPEv*AM*41`v`3cSvt+YE|1V|Z7=ob zF{(o{G)MHc>A9_@@>dKC2|tiIE~6PG0M!G30&l{J1v-7e-of=&#kbrz?vg2}e}PUF z+IcjgpMcQS&4@FGceXA1&t=;wWj_i&9VacpNOM?0__U1k7_Dy4&=LKAivg^Zud zvP5d4sMC~)HGQT8?j2cJfNwR&coDN->iGRl#dsKIn%(`?x@YCGLw}XFR3=4u<_{~4 zQH7a`lxeXVsJRFD=vH*NKhr{~P#^pkg$+?cHr|?g^Z)_8_#J5zk&Y*eMNBzCNhy!O z>{UJ59D#mre?g${_AxPrs33@W;-v*elL>W9tgS|l|61vTxrnO5)2 z>a_bh+fcow)b>OlxnCx07j1ij&zjc##Q;EbIazxtdUiX!wyy`1bj zL4CKBVQ3=EXCc<-m>chQN9X*!iyswQS0+I0<#|q9gb%}i1Qg`KjFZ9Ppu*}Ng{k^Z1W|fq~rDF5#|suv)0aK zjAupRWV=A-P+tJBnOsPsbqk#WOe~EP5 zqHU<|SsUtz4RF$60%Bk($^NxPHDH%vs6^F&vmlw1doZ%{MWZ6scisM|&-r1?RVOM2 zFpc&C@|g`r^D=ab2H(g@F%?=^8Dv?1e?<;7tmruo*n+0Hp-7jh(bfn5zB>>pR3viu z{Pg=j_VQZCh+EWZLKpjt^Bc^{>jtZ# z*W#>qhdGM24Hi5Gf*B&J7JNpc+2)TUo6K@)?y~hajj%fi)ZigtIf!32c&nw%PkfUM z!|EkC%JjMeEq+{=sfoPh&E9d_q~^lLwO@cCUH4jvezvS^#@-HQLn?H(SNG=R+ALQT zx%X0__t(LF3m(7IE7vSX!zmUWulHuJtdyGl0-MZG2*Jhbg$)DoXM6i)ojCt5>Uoer z0!Y0Vz>DmJfKwpRX*+#pis$Rvn&LB zT$;=ccSlls0Tt`akUw_@0D4T(6qp6f)}m1`J}05oTC!A9aPu zT}lT7B=dJ4Gz*6Kex=tw^QdgPc~eROdg)l3k{c^^ors@bW2yDTvnmKuga52I9l!eB zi+}4akEAPx-t8xFR>aT@2hKG(i8wf+dv45Z?e?p@zL&#PUVewjH6Fj_Xk1TM@Bqa% zc_zEHv)-O0gJ8qMN?WC2JO1O{*b^laPuwnMFjh zPvS4d*ci`hOXdz89Pm2Vz$56Rj6(wcS40sA+Qu^buA)0QL_dFf36UNVfS&P=-f8}K z6krq%42x@&Z(9|4fM+Iz|JPBjV3pzX3yCm=#Pq$?s>~CbqJHLNEmsv_y5m_u&9c} z)-m8r8n#hJGN4yyfM;{tbk!^9jb0prRK(uGAOtWBGzG@dTad{z3thG3{hsTV9itc@ ztciG9ex>5<{JYM#Ys zg4X?j%P_a+Pgq?{3#zjIfI21SgM+OzYAbGO=hHJP>9~L3><_@vm+abgj_O$rczxD7 zm;fwDqea6IcagkCk=V#*Vu>+yt?vWe> zm;67hsqiV8@X=_2ScJ*d-gvNMJ@^3d0`k@)pm;Ft2d%^hI75}z6jK!4Y0hsy79NB+poNL^lv;!9BG$IK;!UkVlL3SdNa)*Rik6e*hk45rcTYS z9IM;_JAI)j-p7lUuSGgljN={&+C;BYq+h^_czC7UkW5x1w|MQjRXUPZuf#6A|v((WDGc4{r6yjZB%+`&4lu-W8dzsqeVw=KUJIw~o7D{O&0dKJko zS0NF%??ku)0K+yaiR^3$&cz2wM2IaJ;s>G)a76a>=9u%n@rV%NK0?a~`TSs%7UDP@ zuQ-wjB9D4n@{786GvKe5{G5Y%f?X;|#CVMTOaz({s*3968Z~J{T|Flzl5}^edEC&U zv#5#1B}fE-|5RO&3Rc&Q|K$n?U)lD$?*f@%tY@JZNv0;7$vgs5hXFd0yP=)tYM^8a z05sIWZ$c0+aHuqoW&857wvA^hE|e?Y%$4V3<`Mh0gJ75Ae3*XvUHdn@%Y!L=i4Kkg zHv1QE?;Y;{j=rB_0>J?n+uNHlF~O$GsM_-mq0bw}+!HytHDGvV5w*|AjT~P@=Idcx z6$r$ziD6R~k59km_U5mM6-~p}|Jw0=bK&=^=0V`qpxqlAlTyCxc(Flk=zX%aV|E0w zH#{JSCk99`GTsc!w-)@1!wM6YjNpOB&h5SsTe& z59X#qZ*O8ZB!lprEv_z{2UMh6Qh|Ig z;TwZq*r~5}Fufr}`HTj%vuZPZfs5verVb#TVVkQJfEYF!0bm^YVLuobW?Hk*X?x%u zv(X!XNu=`~z;0(n@IRa>k&yH|UZ?{YJ<-qe7i|`jV3P*Y->D9(-!<5YRpC3F6#*`@ zPjaIuUQkqC9@%EDjCAN85ZuC$TF!zjUf#YJ%-&)JZI9J*+003gwVDkldSnZ(9=dJ< zf#PC5H53^v(o$1qC<&e?Mitpr<*l1`r_95$vS^DCKp!~ZrhanHi_Qi*tl7wxpVdZPn=YDdY*ezos`=2Z z1?~n9QdoqsG5`AfvuR6fZk<~^fZZSGddEw&CJ0sSgJIHmK_>`JTG{2 zS}K1e{I!KlPX+#KDRLMnTOl3?NUGc%&4&;l0X54O0F3Mxa+lGlKLy+Z(Dv!|o0X*v zla21Ca2Ry+fh5quVguE}`0O%Ai_8$cp5OCtH~y@Delho1B z73VM8#-dQ;sh6OAP*!JUEbhrkN+r+WyJaqTKizbg3&Um#R3Ou*NX!co4*RTebbx-=$1bE&YYL)U(90wFckrY+$?C&PMS)Jm>uXuN*^!i>8Cir!W2lK3Nx@C6w zIlF_Ha0fPOs#e&|pV+6WFWU!ux_-Y2IG8}91(4SM4+kPIqQ9f_Ne&)ls2_3=E4CV7 zfc@Oa2rcp50fIeTUdA}Cw4eSar6Th6-bH(l;SJ&9wTYYndMy6$Qv+kb1F%dkRo*bK z=E@u=dnf9Z8iKStm)DIJ`1H_HGlVk!f2irm`}>RSB!reyEXm;xx_t|y6Ov78{}2eJ^s*MA(%#-7$`>dbr~J9IHZ z=$cs9R#fN&F9Jxd49BTCZD(<$ke(;2d~W~tU$i!Aj-UiiU8x9y@+ zITXga4|XTSONHCFJN))$<@=3~>_L}B18_nMHO%3?PUVR0Su~$vQn|mYl`u+C;a`{v z-S>9h-dUcsku=3t2Y_0qnm^sJ*S}Q$TWIJOS6-)Cj1bXqVJmiB3YJ{h(&pZE68l%5 z;Tk%SiXDAW&nlO2iSuiMD|dEe9UofdJR(h?P)~;?lS!T*dfcp~wbz!PbP8hTuOIp4 zDk!vWBSH&|rBHE2gPYur%+FUDevE4PL27Fur)w613R!09JKum@8cpOw``sGYxHlZ( zNW@|cyCsS&@~rPuIx}=sSA#(PE0rc7Y_4<5lZa1UOEFLQ}BmAc6U1CNfqn zEV3@~Cyj!rZ+VPI{-+k8;RZ0TESWb^nl#n9U+fGBNWiniSxwquTNVQB-p=3sIvA(# zXom{+^sA$W?R1ElY-F=aqUDV_dJp+4D?Yo)ct@*AnO!{gb=5(#^*80_;dl()E}<3~ zVVRZ+6FxdRoK2laZf$VxN+X=vrdi>Suz*{Nt^I&4afqEc^vyC=U8)Jc{U&N#!9*u0 z5*!mCF!jj!1wY@)^nIm<%YEjB9Aq?mqJhlO$UQI`*l-W(;Y=LQ(mYcTAI*eCwzrfV zcD$p4Y?Lw!A+;DHP%qpGCBOinMIB;WOUou@SSNP#>6zAm$tncWX@xPGB6s75V!nwc zI#cwNsM9u886rVK3|hh1A#1EZgFJbdL_Ya1(d{o8C=OH~w6Z*2bBZrkF@NDW(5og6 z*ZMwx^gck!1lpd_2DW)6U?_>L*#>itNYhlW5jCO^!;z;OF>5xABnRh2HZ%7}0acqi65ZA+4>@HlOWe@3Or z-Fe#R4l&8i6`{hhXwNXdqX-TOk=V3+xZG7+*|uB$wh0)6bOE_}@a@Txh=P>PhpaJob(;HT2?hl)P620vib@%rU+!9`dSzq&t$NZ7`-#bzFZXHXbg!OE#s( z&Hcs&^OVBCdy%Ngq`Y;Et5NC$RW@@g>R;;2@E#e%S4DMajS6ESD9H=mjlL{7_c>i( zonFV3aIxs`@k8)DJKQ(JmlYEY_gu@$bu{VPMvpYvjb5$k3?Eo9a2+hNd8uymP?0cM zGqU&IApVJtkK3ivaio89AWxBj{l-%9Zfps_44PQ|@yT_!2v%UKOnH$#H1kZ#?j7vW z?hg~3Gz=o{lsANCA5TYW#0=UP)QP=3UeG@ix|-zFGuy0chUlQ|_sd1%vEbjX`mpi; zV0VI)7lZA^CPG>M%wP=`cjG`ojy4-g*2KoVj;t1TZ);mzdB$CWsuX^xlql1&Pk) zgYU;?) z#W{!)ESI4{$zl#g-mgJHxfT_sx6R_iz_xdKhnFH}!~9r6wqBwrj=TR!;zO+&V|H#E(&qmr@o2&+ZR(f4`JbDhIS<^wZ(Gi$AV$M63m z464LTyC)<=bv|?>-^oaD(}_S4`cfSq8i$GS>XmsY#B+0zTjDrcCXxid>Jf!tb$5Y) z-vfJh0byRt04neNj2^vl+3)_uY&ftI|gM>sE(Cv1$U~l7TqBa7soowl}|OHAWPM zRD~1*cf1fb{F@$ca08$@=e)F+umdnXo_MY)rwUXj?j2pDPANj7@NUr*a*yal^OK*8 z1Q1YIXR%y>Se_lfk$8=beKN64cUb?oElxl=v_mG5k2{Fff7$EATI_Rl@E*J!pB12( zY7@Qv;$x#jWenOD?cZ*KnV1 z{)$3u1czp|#hb4CXDKq2#(P|ozhXt~qJzqj^umDSE4v|jC&VwfP||79W`eZ*fRBq* zOTQK|pzRiSzEE*WIEs)1)}TNhFP6!ohPeET&{h-A$y#f5fDsAmM$ad` z1JY1f(7Z#&p%EV-=@e`$ADwYLU-#CIRp>W42-EyE>+OgVKQ)cf@g&aIOOnMR+c%C& zGcV^?d;_<6=UA#?cRm+zQVXW5PGmwiTU@|`vcKyc&gs=3xXI9vKN0sHYvVI34*24eDr|0~HAd^> zu?_15g2g*ROf<$alT>6cYanl@GR}7sNb-iQEhh7V$+IzD2f>x9$J~rRI(s$5Ya}E7 z2vsURoYl!~P#W;Ar>I-qI;Mu2K_7Q3FdR+g7P=ubAFhqfS^s3!BkhHoq+f3aTA+GT zs_?IWemcU}{9W~h@??2?puDUmi-mSW1Yz*qiC-Lio28Gf(AJJ1> z+-Is)@KJww!B2`8jdH4~ooPRaQnUH%cm8UqNWu_L&nurT)rq77hQ8HF&pKkCA$;%; z>drZ4)JU?2m#luQBQ9HmoA>jsk{I69`g{bgjn#-*GR_8F49;UH2ZExZITh`)?&!1w z7swTQjnxCez$CaCLIIaz64+!GsXrMNs?K1qE|cEyunHim^^7AAMFmA$#^;In+#=54 zVOzUxX}B~Ct*Ez;Rm_>YOyr0MB&h!aqkVKUV*}_;ofmsQP650rT}5JV5nxPr2fRYz zYDLIG2t|`~d2@(E55sLCmT10f1jc<>S5oD05U^SoT#o&;z_a#G>QSxAX~F-HDiLo3Mj0YpP{ME3GZ}| z4_=Wx%Xd8+1B2jI<@DGO-q^N-(XYgksw_Nv#LFvRcCu`}Zx#?2KRY3Xjen7mn5a#o zy19a(6H`4^B5k+A@jdra(vj+)Fc^jHY3lQ%@c$_i1M$7(u+%dK!m~c9%Hn;1E0J*z zHwgJB>#$Ru9Cg0a_C1XuT(YR6p;``}B}7q}cdRY>V}yNk{klfUJbYsxp7zKu5>-g5 zSYp3paTAijL!!bnODpR^*xOA0WopJ8Q0ipNBJO+yg!l$Q446&Ez|K1Ck%=PrhK@8L z=Q$#T8wjA_H<-RKhU@21zcr?!|A5CNo}0{XNPwL~8wo-Jp>Vq&FSB`%2%EFfdW4ro zfX9G21FAv6!N@u&5B=P67zN271`xw!kxw4>NRM&~hqxW3TKw@vd8bSl9uDjs-%7{j zQM1ZY3)4QPp0{HfumA1v>s&dTrp+ItmmA^)_WUP%*^^zIz3*f8t3Sm*$p_m86}d+c zON(z-$bjI&EUuKHpThgIi5%sdHJA^DvKWy?O7f3ZxL_2&688p2m@Vlu-mYv9tvNRK zqfUlW%f+ehH{gxCWW{HFd3MD6uEsqMZp&oKK6>ttx?mM*^y*I_*M7CeBtJmKk5*g8 zHdBi*(Rzh3mb!wCGS8sa-@224RyVXaQD^@BHKsBe(n~oq*H1+o8cj7+(HP*}rvQL*(I zZf^1}E0}5G;_hzDdXKW0x*nmMH-{n7p2EuN^{4^9X|EJdO+u}lL^Js8o1XTIHnz%8 zO$hm6{EwB+1PU3wYqV9WOr&B#42|aW>A6O78Hx0wwDSP}SptZf!GWSfLoxeL3E`tn z0W~8-Gek&<3H}}O+r+AyTVNJQxIZjHIE0@)%tty_-TBCce|52)Vn2;1_gBG(;Eif+ zBg0z6u~VEJ0jDmu$n_xRgpmD>=$zk+uZ%2zk%~~vdDH{(jP+qDPJTz;51fnz%op?Y zYpBR7xyE$D^S?OrR4TnTdK6xV<&C0G%5g8R6BF-iy~@$bAKz4IEeURXR`0sV+e0JciCs3=b%XW2)De7H!`HWavEo2LR5WnTxvxJRc2i3NbS? zr>3yXvZS5^{%#&1YcPFb&AJLT^aH}49|4C~sxPA&AN%oeNSA9kqgngD$s3e$+yeV9 z`e-7G9IcMZ+&Ir?2c18Q82xAYk_ugcufD&3N6$m@aCvgYFgFOm}CUZ{)md5+m%d5X)lZDUN1wE zRgjWxG$#DXqryM9Nt<|#b?wdk!w&SB~&;P-4z_DnJe*{yj;A*5iJ~QEh#gpyLD-@0VcKY zgWOub06Y z-FrzS9ngmzx7F*!K&J98(_#EJgveuSrWDYV(0ScDz3@IXRh83*4*VxNP}*DbX{BWT z#1qlsJEaWVNWCqFNwz2a7|Sw>I2y(k^d`_fNH9V);0yOr*_Bc1P3z2>Ms6G=xtsY)U1tu zHm?fME2P{Z&T)u@sXMFzo=7-#@4k8M#}Ws` zea#7!&$HSgZ;M!iJC$;d$01$;ES(g|anR`$k*_h7`?U9>6=A*5bo2yv$-J*PGiEy@ zuhOvr@CNsVE?%%ZI`*iaGxmpmeev34Y0*pO-4j_7Ztw{6q*2)XM{Eo1W59BQ^KCDS z#u-hZjz7dr^bne&hXEc6v9vihMwQ{fFBgeE_Gv|!p8QB_Fhh}Qlg?Y-5y1(r#lX&H zt?Xvx1CJDHu@y)GMh3069^m)s5%-g1ji1i67_u&?;F>)vD1S_8l>fQDkK&Y*M;#UH~;RHVyS!bwgdRo%|PMl;N0>_m2iq zvqjP#Wbs7q_VB2!O+_AtRdPT+!?Sw)hQP1^MHVj-RKQv*Yc`{B>ubp~dlP@ePPzl?5}OW-j=;Lx5i4e}3;Vn?;6pnaw)k z`j$9pFOm<9en4ts4sb3YW+#PsBi6DQ%Eoqn)mc>Q^=tv>ee~SZxzwIf0OY4)j8hnx; z=@J*7uiZocABrVOUO9F709)RJQ}er!$+lWSNV@JuN(~v<_FyR3Xd2$}&UgHlV(| z^3w|QWPg|g%|~eTjynI)F%-}ga$OE*v49mo{#Oc1Z@SRw^As4O^KX3&+1>$@`7#U( z%$^n#2&jaV$h>p8@vk!Eovb})WTP{<)sl61l2mxRm1ue6Um|%>&)Ua6^ z*LNSb-i;Qici{M%{F8>d&tLg5yf5y1=E4(gnwY04u^dWZyO?c6?% zF?GV-uO?@XME`RT8+v2RX4gO7J^MuD41r6cbw<9#zC-8p51sLz$pWClPZ1g+?+B@3W~j-j|E5! z$rc)XjUKuZ2}qQ2$QjeoD|~my(!(vzpmw2Y1&}+TC}pDCMBp*we-t47^y9?`Qj+=N)vtya`_Uo+_3v1U z8Nal_20&A5fF#OgR?nNMq>IA-k>ADk{sA%A$z=U(0ag@^Mg&A_lS_e;eVNXLZsbe8 zi~6+s%^AtRv;jOyAf#1e|{u>oEmni|yfyg;uyUnn_p^6SsL=K6^gA&_W--xA~MJWS|GGZPuELNUkhfK&5w&X%Q zebBB#%F4cz)ld6?tyE!m+U1_n-m8~mw8CYTevnRIMYQ+_JZ(O`5c373j-+W9saJ%$ z@5HO-Omn!txZbL05jO%EK9eQ!Iu;g{VS(Vd z)JO|y!PXH_^o|EBqq(v5zO=}h6?%klyohk__zj@1s?V}~U0+|lHhpmzPya#=`W<}t+J#-Icw;?>MF;!q_vL_k zLs7~1tVVzIv&EC&JqazPMuSs(I%|$zjy_l}RwEha*jTT=t*iFgi9MW%sZJAFeqWD`6s7LViUDs7 zZLEA-AS#P^C!gidARetJikkG6W$m*|mvdk6EZ%8lW^MO32h_l{CGgX^IR4J0gy%u? zL?T<eZi4d6cS{3tiA0rgvPumyk5j zN|h-BFlQOQW{$ObbUK9__t+WR)-#6%EnMjJ*f)M8{y||BAv`Uzt(0hyTSV4h8W+FA zzd=oZ%+Ud(=}7qOac6eCbS^|7JcWp*c=hi}S4nwM z_e*CM;g{tjm}`jk2@F5|x!E!PY1Pxx=maz`Pk-QK)EKA4>eswhwd!V4Kc#DE5!k9r z;iuHVly|Fb!7?X!72%=}avBW&?ibP33Hh^`O-8Mj+W_xy{~DKPXg}y85UxSC7`~5o zE@YsV0>a03Mi(Aped3ZV7E7o34ao=eI^Wb@Qt;$qh<`F=aK-}{U31Ov!w6VY!fOEN zO7JTc#2um|-=8{=irjG1Lw{4%T>u%8^;}I0V=9k}07Y${DUV?7YmKp71; z-2@HSW44acjjPp-f+lAbrMe`aRTPV8*SD!ob2f(OXN-#1T1zlq$8l`D?`c;aZFE1| zWP^}DZMo2TpTsI75(T45uYS=|CrvNe_U_V73HF$YsF95~OOi^Z-3FRzxUVw8ze$}k zJORDdR-3VdnF@?JFMNZe#Z=AiiUD1rnp4_+AP4_?zSf#XXlxE9jO69GX^VfXdN#yd z;WiWHeQzvHu80@!pshOEjKo9k-8Kn7D!llRC{SP(Khx3nEP{)moC|nN-{L&l<`aRd znRaEdIrSbl(qP$OciT>_C0=yq#}a+OiTI&K7V56`K4RqK9#|LE%2qmEpwFyJZpwH2 ztKx1IANiTEmonKE4%x`H;er@veS3h8kIh=qNHkDc_;K6r)r?+Y@J1ujmrW7qPwO-k zg!X}L5>JG)>!_u11El*w;uR2G)hU^*SJ}WI_z517;re7`GmK5TT%W;FD}>4z9mv!u+F1EtG4*@2P6y_b+Uc z1J_9prLjnOIN$4Xt?&4B!=q2lE_(sy!%1Oz6TL2sa@C$1X@~_fV{@-G23yXbrgLM? zr!~W$dw!aqfxQr3(3^QQsyYp{bNTTRFg@7J*yJaO0m*3_BV8I!{OywH4EMZKONCJkM&ksod6&at*0JwKi4kW+h2O5m3bTYOzf;QFib=8(8`$2e(7s zRe^`FlYiL@FIgwBe8o~sNz>xHg{H6&Fo!lf7Wg$sg?#YydtX>;NIY005O$9&aP!%b^ZqOeWUXj5?-^_K1ey`uOUZ5LB-*9rIg zpA$>*-wFU-6R5boA_r1T86rLcqdYBxy7tR0Oigi9=FlmeM;edusBch$#X8$$#`~5X za{1WB&TV<#bYMyFM5*GeT3FMrfsZou_21sAn$W1A8knj7upn8aVX=QK={$D1n0<$Z z2m?c`A}1-X5$Cfvi^%v+Y6PMXkBrLr3!ap^M>B0gAk*2g z=IF4W%CvKkVQ067f(5PQTfv`i8ybD z?%oex1MTREvh;-r{ZqlBLN8z%iB4NH5UQY){!B;}D$;MFBJcy4Z(hYjSyirHq;%$5 zz5lE0RQ62ni~7M*q%=)~#{i=qIzq+_U^{=)K6_{-834_=oK>T}_J*MBI9w-*6tzGz zh5N5Cuy}(OqI6XXi}9}#CIZH&jub#KR#2;s?mXqDo{6Ihxpx5Ro-ndN5L^At+92Y> z6tpfy=nd*S`R$R^-sBK=>R{hYe7kinz}6F z#q1JTFA`<@7d@N^=BGT^dN7H>B7@pd`Lf;9c&`CX`v2JKG->^beDA zV`J3&On8esg5}VQn%`Twv~V}dy2yHQ!`E?dENt0L;AZbxKwlM%ekI~)lHp*+9e#+E z7w-fNmT!+i1OG4M=Wc%eL8UKXJK~|k`T(?vu62F@B zhm{OLtu~N%4`@47-eXAckWG6w1;Z2)n__Aoq_W0C`b&O<+AVdmy!22UlX%jBS1fqi zBwrqAG%1mN+vWCqK1`zcr^TO)Z2T{O7+ul=O7leMP2)0xN%R8K01dMu++Y$u%vcU!k8yoaxscVjC6Gvn+d;{0V z8)&>P>wW7J2n`(F-TUsin{n)U33Q`UF72omL!DP2JSJzo1hxt%&eIZ5f#s|}bWGez z8+4Z$QWI`0-tl}5Mexo({>xAfBgT*}lU{MJw;7^T&Im}nx<70Qmij|tUGAIBi<_@P zedDTFqO!Z6BxTgTt@2JFs-d-_5I2o0j9d+E?Kc6qV9c|g#p0T~l3gdsf;=@2Qi@k) zYUuxARKTgcUKJM3SAb}L_2T_P5rgeyT{}hRif`sxW~FY~U?!;KhebVziwoPuc&^$! z;^bP>4wLCE)e&+kfmFTSYCNsq+KjhhY!{@3E)oMy1J4{^Y0t<Wj!4hr3su(RIlp4ENOd+Z5Oq~ZMi>vBf+|{<2K=)#6c42Ae z1`qdH8XUr*ivH*RdVKmsBZ9TVA`FYyn7eLVsJ8Zr8$aI8GDtDQa`s)vVNM$2H#KBq z2Vqq8cxH05MJS2ibjT09NzIjsx=uj)MupBJ+N(K>&$*mkk5Jsu7xhEL_TDm@a$cEP3oyQ#SpXVWD|&ZW z)77juLcdMvh&k(T`J0N#vm^cX@iah7-kc;P2Pt&40?%$p)n(Dc;~B z{b;*!IPWMg1d@lRxotWWuLHSR{n(@ri#eI1IM9h<&U>^zp*Fo|PJ=)RSeZZSzhP?G^taRglWTphb6 zQT)D}JhysWch3(L%$kQ@;C3dqaUi?vqa^ZDzAuGj2u7zE=dbdAWW4dV=v1T$5ywlo zv}^e;*RZ}WwL#Or>@(<4%AzTD;%+FRUIi{Z*W9GfN_8AkXB5qK02vn9Hv{kx>y~kK z%W>i6PiI|Ox^DRC*gF7DB|J}U$XuxIP`*#7c{79P29PJYJX-DSBqREPNnz&U;`^{i zygCtFe!RUpKp&$fssCnC{LS#{7YKOJ5slo|QW|L8PZsYeg_dHWd)HFxy1cur6OR$y z9*vYQO@nWlWgw(OG1tf5i3WX)iZy)B`L8I4lm4@EHZfmdw-zhoQ+wXpG*EBkB2P=a zFX10)CGNbDgnzOZx&Zn5FL6m=U^sPs&R01fStnd|}Kn<4Il! z+=E8SX^38bXLqQt34aE`>xV0@ieq#1xqzTCCh{Yuee7PWi&3qKUuBtlj==M}r-Slu zemNd86{|8?GJ&uQpj005JhFDMKUSegBxI%L2ScFYIUz5xi3G)vnbn5|_hW-KnR2TU z;pPB~?-ILJru|~2{Rvk;=vwAOFetLN?%cn}LCUjJ)%FK>9KyTHTxiKsMF@3-J{{37 zrKfT1`ilkaBIgZeD|Nye>J=b`u*Eef3n(2 zs-niVkl7ZWjicLv-Uzhz%YBv`!@6Kd z%k`rhzAuNI_YCU!OX`=ij#RXu>W3io!1vCmRIh~h(7Mv6!zCK5xkwu00&6vZ%aI1^ z!m5C+Zx&Y`!-egM?TjC{EYEE7VXm6a_u*12c5rMUNtH=J(c$Ry^mKPJA3?KB7pi68 z@oHT3NeC<<@!PVd8HOgeV12_tOojjQEMklB3yzH4w9dQb3B;(X>f?g*Me+kB!D@- zVy&E#5&iG+9Oeb~$oXmP$HSF5$A-sqUrll7o+1UfF2)Y`<2J5SG71p+#(LT#sASgz zFUcs$xMWvoO01N?zBC|(9Tmo#niaQj!E&%?Ti&FnJ*jBBWiC|8WJVT9{Ok_wK2pJr z0H6neq!q=qP57#Mh*DCD?RGFIXJs6k9*rXCPo`Va+pgW&*<1jRB7vqg!&X4%H(oG$ z8&_rQH^7rnu;twSt(|t>C8hnS2e)t=S^0ZO`PbgU z8wGl+gXw^yHZSADpJWL&o3uhc!yqLavIYh@t+qn+^rk}qnGwOBai29B@jROz=u)f$ zkS@Hqm}yg|`{^dPaobyPHHe=3riGs85CFc8JLbpW*)@O|RrBDUg{^Q+JekyQpZ}eV z&fozc+&R3Z2j0IYDR($rj1S5tyH^or?qWqaV*|1c^!gYUo5H}x?P>`?kN7MQ8fqINiQ(vY_WyLrgS$@M9FtTKO$N#1_N5oamXIRgFcVQ;B@g?x z8R_-yO3f)giJdteZnXf=igEJYH*%i`TnVz{mUDCf1PBGNW?sVVEHf>c{T6=|PU3?K z-X^aDT0tL>FE|Albtanwu_DSkagglXxc|Wl{=4nUaI$)u-?aUKP4In;jyyQa>j*TG z#)IPT?@u}B1%T&z=~8`Y2aRdy#wkx}O1yzEqiU)}ef;hTh80A(nZl(eFp&a3FH zJl98H=uK6fV%OC(1CK_W;QiY&+Xo-$VB>T@%dWfgb)~!Ww*ZYU;-Fl&Zm87E{9<=f z8yNFFkYXu0#)cm;ARkS{Ej^Oh*@*YrfE2hW*aynOApnZX6DmYa4gMCW&FKq}jwUY? z`JG35egj-%6OrS#yYiFomdUfgpx03J+KQI5aLS=q41*dLaWcxj0abaSM#nC_d0c^`R)>CkRfPjgXAgeo1R54LcNcqs7$Vm&z%q=xc^<})g$d`?8Ssj-#9^kKj9xkG zGl9WJac})HU7pV*d`f!%LE*{P>ekuNA>t1@03qR~PaJ|nphp14W5B%=e%~G6!>kqu zEcFF~A=A#p=A(;tF^+McA?M&m#4uK#W7-_rINGU^TYwBlz{$xuNb7O5*x2B*7pING zJvaTS=8lbfh4x`O7@`p8VlrR$p3ff%iJ?C#JRF+@W}U}zwF7mq@g?Cg)8%%X*_hn! zar3drDJv#K`LKcLWNU8K)gv3ga zTh(>6C5N*DUVrRZ-`Ar87A-+gIFW~i_OoK|bOa!18KP)70n%a!r2?u&PpbKj?IFxt z?0bN_7d{HJqt@VPEbhi+yT)_vw{Oc0TLD)yU^$i{mz?1h?-v6H;La!jh!;+#RqLq# zL5t_*SIStRaXrliK|{bGS73ib8#SVY^P2oEcq}wB5>LRnJfbJP|3t_lJB(`3`uXwY z5{QK^E;`oa#+XL+Mymb%`cAc2g$m#;<~gjityAy`%Wr2qanp>C;`3n$Wu03v5?vg| z0GBTX>FRRM=(}Ngpe_C24y16v4M1y>*ey0p9;9(KQM8HR0E^54AC&YzM9b%;Qb?SV z##w3Vt(syZa-cKZkYP%1xpq}vj0^|whk06Atq^pw69DgqG6*ks6+a6g9@$RK`I7aGeopM7gZe3 z*W@yUcf|IT_9?Npim*rUA!Xt3k&!%r<5kbcA!&bzoR0%PxhU4^De@oh$PKQIaw9X| z^j=b;o~ZQ1lM~1G7>K>B@AVo&mE76o+-ec*JshPg;~9+z&GIiv)~V)yA8}`}0?PyI zzqXKj=qE7D%r_m_MEOMUFE9~oO~r@_H%>FakyBNX1ruXpQdYN(jKrZb6B}Bj$Snf0 zhG49}MPE`-hR(5Re-u(CUzkA6u242MuEj>GzNK`=v3j}F^@(w;KADJj!*zB~ypBhd z;!@pCop99vE2LbOo3T_i{B7!s?chK-&Q_2LekTtzk(E6?qs}Sq++vJIv5NS&OtTbc z^7#iQ5<+?X2JzE`@DpKWa26JbVQ~9;L=w_gi?EroH?^J$vUC#>5iwX4T<_UP7*N{I zP$P^p9v=bm+_s63v|KH&VsZQKcZ`7OMCjw?gk<*0nDXz|4!EfX8{2)=2b}%_gZ^!n z12}LgdxiF?T)4MlHH>j^QE(Z@s^bbCZ%fn)g4i?rJ%{lj)gxc39b?Oxrp3(U`tf$6yTXU=3j(DUJ9$~S_WdUL2M z*~)upwy@d_a&oAAoWSK+wBn2(AH~}lR+ersu(`Y`k&(8QKlZ)8RgiVgVrZA%l=`pB zaYFEN1RRgbeK4#-$|Kt$XD`=hEms7mFPUQf2S0&wf-0~lGAII?O}n1eWQYBPKymNq zb>+Okfhwt53pcZ=4|8ewiNq1D6H82t>OMD?u~aY}rpnBzyx}9M2oOqr!2%c@UXXLl z8ar)Lz_4Ucd6%oB7b=0DmLF+Oj?nqBdFhY*Lycy*R7{B8yWE@kXcW@>t^JBjR5uKLZH~=3ik%l4on*x>gc>Kif@X3Y z!-M7iW1P{tOi@m#on_7+)=t=kBI;!MPu`}~)DbQ)K)S)ok2HrJAGNfFhX=tj49P1a zVO9Aw2>Sk-`I_OSUz*roVugyqQDge6BQ73aJrMARZGx`TktF^k%4GWqP-+tX!driG zZoF^M=fimi$@^eGxBFy=>4%k-A3nw+sC z6-O@ro}0l>cenrh8{oxn*s>WFar;gG{kseWN+(~g)i#m;e1zv0OX1pHoI1B+W=f`E Q!2myUQc9BLV55Nl19DOD4FCWD literal 152028 zcma%@bx;-F7wwU5kQ70XZjdhN?vU6& z;1GNOZ6+uy2mw(Wjr3>$13pHulhAO4fI#hg{rzUhw!|0$;-yehL{QmH_aqa>OL=G| zB($xKCopE~>`bm!sZeZPy5q->4JFMLrLPw_uC6Gk#DVA}Wc}+V@r^(Kl9{DPhX;~D zpFa8;aPd4$WGuU9bCs#6sLabq{O@tlncTGROZ>k_?msPm&A|UX2$2yi-eUas@c2Yl zBKm(ny(cCI=l^~(obdnOC+GTB)0C%)VwE&eB8L$Ra8_&goUNCn8|r~v{IB% zE32p^rlj1>tLc%Glbe{DKA-oYQOal0F)}WSY-(d;V=pf+mzI`VG;*`DUh}`)qb(0y zNe7+9KsUlal?Op_x}L2q>iItPz!4E}IfxW0nUkEU4P%En8f=#@+CF&q#I^V`=+@fw zr8?#onwX@0&GkU4ey@>}hO2UYbN`r4g4l&PuJ`^+23cEUeCKaSctay2Tt;1O1%(_0 z3lc%XtNn3lY3caUz3uI7YHI370akksTw|!s$NS&eR=c~q=K(a-)YJV42yBf`TZZFB zF;iVKW6w-XOqN~+9_YD!9?=(CpK{`Lm3LbI`~qGD`*e!jaKg6VWfLHKlt0y2hICx@W0s#Sm$Mwv~-hR2= zon;lv(9kfiv`&L1$6z#xUOJf}NXW|CT2@w8(((F0kxrw{#oETEDkKE1FO;TAyT#%0 z&OWTJzMj;?!{edJdUY_G$kx_2T9S{CFDomn=532=wJyqtLSttqUsu|u?~C_hmCl^# z$j_fYZM&Xs&$s(@b#)Vj>!LpJXsW9#@I-31IFL6gBxGgjiiq^5vY0XGw2Js$2dAgw zTPIuLV3ZZV9t6)IaRY`yUkT~HhzMj#%HoMko?q_@p#MhiIt+xem?c+h{P29~*_~5P zlqwARGQXfolbEWpte9*x%fb>FiJVFB;T$FHv(RE`d);!7*WL)m=fdbd zK3+{0%V!6}=Ad`(++95UyFDdExz0#VhU0y?9A#{Nt3ueY)HmEk*i=goNamF3)!#XgK`+ zX=P=ex556`;Nzp0udi=f-)#)B@b{E5vEo#7`YCBYE!w^;3^#hXoTL#by;RYBU0 z!0KsmgaqoUH#wa8ZRHP;Gt08)9+S~luO%rzXc!o@hAEmtr|tDXBCL zTU`$i?rrafYdkg!WfvEAs&39e41tW|Y@b%=oUwaQI>bbs(m$Ci!0m z@oh6W?RQR=>#=BW;QOIAyH%#fRvImbqKWuDZ%?N4#ryhM5u1tlyg0|-1fw?#>wu%| z)yoTkq5$*h1E-z-U%h!bMV=u*pU$CzktH} z++pZHNd5^%T8|jQRQECD`i3vIqT!@JHHIynU0iHPfb!*+>C0O`&VZC=+HwvnKBsH- z+UBw?3MDmV>=K$SjHh%WA!2nsacK=jXA1G!kF9s*S1|Q`NN8q1rAKYOgNE4hP{rn0 zCO;b)7}Q$KmyISf_922>&&|zUQ>0lL4Ats#I-<7bE+z)sZ)Is|X=Np&i-G)s`+6@~ z&&Amp#vo>P4aul~->d!s$w*=kH9{EU!z+Jb388%O7#i z4UCL_?dtW4t()nbG>Ep+5&cyL_$I2APy}iBhl=5fG^&vsb;YJkNvRQ5AbU`|tw+!Q<1@#WANRr|E2wY&Rmr zo6Q)3m1$1rHGX{P!J#22-nVbxzT8jxMiKEd1O=2SEB2ASY*JWgx4SU~uJD8MmyL)?nf@;YDHGu-(j}E5ujUS)?{qcP` zq{R5M-iC|gcURa;9daa4xRQ;aEHV!+>!ViL?M!$>HHt@D8uqc8$;6mREQ7nn`TCesKueu{yZF(Q4B9-dvzu zT6ICS7!J)@pR&|^qve{x>D{zj#-b+_iK$anU8$ltPgkVS_#icmwhglxh%JIu^4_Tz zo>{%s>Cg`f4hvDV&E<43>ci>}+szL=E}yE{Z8tz)Io;VY1eYAVdxHj=nwl0CG&wm+ zex(*UBHRa%1Y;RoS3$VC@F*zcO#fOdDrC4jght9I>jn5hZwU)D z566r?jOREMm3m!1%XKDX`^AD>f#6MvHJ(B+4dBTHRcO8(mz@9k?pHVteIA0cU#UY2 zfe}@+2mI9U7_@{uWVwjM~lTKn-YUXpGgny+=bslU>t^ z)vn@nXE$Eoul(J|NR#+O3`dfz&u{NH?k+Y~N?Hmh*HV4KLjO~GK}889n^R-;X+zy* znNe!kPoepF#YB~PSL_S-C!(OK(t`P-m&P=cQQF?C#0A)uH%Sj-tv_@xYk7dyddG!K z@960G`EP^ytlb8^W<&RQdTJ^P;b*t&gK2?aXodm;b}RKCHtQ=*)}tv_o1Gm_A+g}= zPEN*!N>oHN{(CSTFaz)BCnF=Xlr)lX+ZY=gTV2gq$i>B_NLtuvJ`0P%ZNJlBqL>c} z1w|>7a(<8>Erg8EZk0oV;dC&yU0R$43QVG(-y3#`#Z68g9@mqlx2y2QGM#c+pYMk$ zvz@?K=j2qNgC**>Bmha>5gjf6dm^(oFk+^M%&MurK469_J0eAjq4(zc`YTrBY_~_0 zH8HWIroT%Np%hci+heW;{|dI$9($<9-_xOnsXx_BRg!`$9t-R!z9fYP0zqQ(aD7-T zmq`*6QIQDhGy?h@p>0<_q()RGcZbhtQ_cDJ2Lh88u?AE)oOe@~u}q|%u740azmhz& zNzp0x;hhyNZm6W^m)x;e=zIH*35d@Y+J#2?HHD;B)mGiU$OL&!TND)+V(aC}(LTL| zGn=m1@_Uj;rZ;H(D-Mt>FLrqNF4iMZg6r890gio1slYXeFR< z@n*Do-Cy3Gu9A|H#>d5lg@;>PS*f!zo7A(@gOf}}wG|&kYPlAKggZDm*h|tq0`BC| z@82B0&yV2DXMJ{O=HW@t`#DoAPqYw424Ujy_smJP~klVuxoUr7)JbXX8I5Io) zH*X5qyD%GWVw~Pvd%b_&7Dt)Yj+i>iIaXtgA~%Na%C2RBJw4B#E1xlb4s*_43?i zz1pPH>f|?2C_tS1PY*OTLZJ`*K3=yc%m4oV2~lGeWMgJwVPR&bp{1pzr*EvQdpNG{ z^78V^@;EA;EtZ!?P_0l09W}c2OR+zl($9Iwk3RoSf0$)^-%eD@_9Q@sL|1LpP#-za z#W?Z6P2QXTicI_G!O!e+9rNrR8Cm7LjaHsAt*S%KG_{bnb@NjENTwr94>U$CA;q7D zCI_aLp8AQpJ?wf$92>bfYTB|Tw6syT#)Bo(P1jny-{vcK-j0hf%@V%^uR6qN5)q#} z^WhoD=5{gEej)N&g@uJdY7`8anfpI0N=iz)xHQR77{Ml=%}veEcf1!&SwN@=z&?uV zkS(3xgF_?IX|WNW+Z+86O85N)3j@>B0-@ihfMEJtJKHK8^>@1Km{_%OG}nxH8%d{ilelW3-Y_moRnk zymlCKB-aY1b#)HoX>4t-f07tf>>V6D4hxfU=+w_gXsf}!lQxe5V^mjHS7YN1+tB-a z3qwO@huxow`C?$elJp}ZXR@dT=}nrdV1f^SjKJqn|IY_b~p@SG2h2g|Cu z_sYc4`a%-Rs;2kC#>47F6C-TOzm(%a+;T_kor|wRLVpEbPX~=;^nOB??dXHUN`pBl z+V}O7e51cXS1atJxpSb}{T0oR3J>31y0|+FZ&BOO;I*G>R#ij*bgk4~nHZ?bt-_;U zf|OdU|85*CHD5Z6UrDBmV5ul7+LIF-+^5}mqJ5x#!TlV@+EMX2zu_@$RJlskM1{qZ zG_#b?ROb}MHbqLjJT<*^LqRQGkYTX066KNZ8j9|wZ3!RMiOHua2lOH5Sxd$w+EZN1#o)O5DeSl$phHZ}&j%w0u?rv%0vWWv(& za!YgbTo%_%xjRKle0+R%Hj&J1poD!R4J{2bGqcT0|I|&MKpGxy_W5F2BRCy-h_d~{ zWyTurm*b^{Wg09{nWn#ZWkcFh5A>2t^7f%)nwpaGW1|el8yP>!g|;eb~U*R4$bx8H_piHV7+ zWsimk6)cVt|1667i^2q@dum=_uDH_aI5RtIyIR!fCwPM?%_b;ILvc%cfgqh!z0vrx zCF~U`ZSIaer=+T@@#K|=ANs_-G=ImW$08kIX~uu+YMjel*wCINuAHc1xg)*7AOClA z>hb&IQOKyIFFpOuhlt~wx}C?zNB67!fx$tGPX4bu$#u4yoj~7E5F|Y|GiW#07!HK3 zWFOH7;ep1Jl6(IQM!I`Y6mS@Iy&mr_LI{U~$N;VIC^0rMQTbQXytcL$5fP#J{BvZa z%zMX8L1Ah>xn&J)W^pl{)kbDBi?`aRSO!x{y4+(rBPQnV@6i#iILo>v2_b{Y@F>g3 zh$VwXiy%=MO<60?JHBJzU$l1lh|0&mOb!e8W~Lb~hpc~r3ne}mc+d`QTn50iezwXw%w7G~&>s6x~1XKr-QY#>~P{^J(k#$O$|8(v{ z@2n#ZnzLENQA%%SCu3wpYmd3q#U$TL%p=p$Vb;4RgRb=}prYO#Nu(8zCQO99PpDfg zD4QVh7M)oHY7k71W7+)t#KeM_ilm=R`hrpTUmhI=1$)5fgK^r^SvNOCWoNlr2rbbL zt*564P#de{q@b|S#K7ikZ#yYHJvl2i^ul#V8S6Q>ri7D? zwEiKqyNY3PQ|(e9d_fea#HA>Knx@Qy>%ER|VP%vH3nPm+2WH3dB$3H5?eljUzNEr~ z?XL$$y6g00257r9WlV)4I*F>9glWad6A45z$$#V%#j&V($FHrBZSAupN|kYNa9Ueh zM8(Ckxt$RqIbBZPWpio|^CvXQZhR-nXpUfjMRr^W z2?l$!z{fI^;C% zPOsF$cL>3#A0GNK&#c1PQe6#U^QQc-SsgKKG(~w(Dly-Vi2U#;YuUzc)@9ck)>su-L_E4cOpeMH#b4S zH%5dGkik;Y(!#>R)Ob!t0k=x;shJ3a^D)ID-u0lx=rJ_UR_XAx3eDD!r^OQDy!JK$ z-ZY>C{drkcG3l>kq%w#xJeK-Bj==z)WXe&b^Yd445Rw-&HuDD-p00~Q{0h{H`O_tvilRC}2$IJYTdTo5f)Of1}R5@iPj+;ZpGAA>+9kIE@x6<3PRGKho1G=Gl zT_&FA!(U9$rb|gYXgezM1XL8CR&qST8KUS_;mk&^66Yydn#dBfMpZ0!(%2kX7YesI!mtgXEOZJhsZ z3(CtyRTZbR2@F=CUqgNbToEE65}%`&yt?D|{X3N881Km}UK0}&P~OP)2EuU-><52; zdjlm9wvxVbeg>)>{%5yO0WWJUjuGw$aCSr0Ec;+wH7|kj+(Ibvo+*$70tfvOiLqV( z>(`Woga$yb!tx&3tyj8a= z<>j>HNIsQM|Ng?sR^4+YBqS(QJ7q}v+b$JSh#eRt<>2Io$c`EQ8jLgwGj^yzF|hu9 zZ~#C4c=s!s?)j+G6VJE1f@VDUd!y0m{pIS=_nDcxcrzi@3Y{+RzZ*{>{);wibq2?` zw4suXf60urj#cT4W#4ZW8vWzBCi8h;qFSDB$WXmm_p3j(zHTO6H|0^ET3#boxva{4 z&j1Q~>l+1OQ7i0Z5v*Xw?iLggfu;^sDOCo9sfn5!GFP86Y#C?{TTDiD8I?tc~xrtTxB=_)ZR_95Gfs@fUtaqSY}EI`r4-413$LlVCp zs(Dt&JUTLKyvN2t$00Kz)*9a-`$T^;mpGr`z^%nZ+kW0x?~Y^?7HvvBGfD%Wj9R`$ z!Yg}|Wp1!Bzwt@3h@oVte&0ee8FlD}B-99A9Jve(n=30TsP8^?udd>o$-bD(0H*=7Hr^!f-!;&9qe)|X@yp_rmbZ;4 zRjW6#2<=O68^6nJ-owBE$*tMw^J{O3R%TDh@LQ4farf}AA(zv+?THWex#qYeB#TyS zUQ~C@(C%mr-Qhr(lTxs`h*Em?5!(#v7PVGUaCh!|aBHf(g&Ena9oP)qoBSOAFMG;M zLF{G{ftZE&G^!~WCTxUYfZj&4he;Ui#023je5vyiyxRC;cejA{Grnzm52Y|J$7jG( z04L_Z=*N6{`s2%}(+VvR{f>!*o&9zl;8vh4>|dgyq9A&JvS8G0hxb*Wdrse$b*Xy< z2;W$v)v2_x(HRI|+Uj;@>lIeS-?YOD^eppB>aw37WlDDXLotCF^nk19^@hXfHdi=A z|DzB5+}*NSw&K4mUe9h^J-tl;GrvrSGj?*CO%PCplo`O=8Sjs!0wtNy?(^iqR~mk) z)o3vf)YK4>uh-@7aJgEwi=$&7#0aHSo!>NSA>d5#sE*Fg*3)?~{R`mwuWWuiB(GmC z+6L39ZleWu40PWU@JKKzWH`YP3gCW$k(vJUMj#8m>(B&4>Y`rcC~Q3SwxXh<5@$X8M1Tt8s?1sA@2sP0=9ZoF+FzC&0OfjX+;m098EG-7 z6_^+&Bo41@>r~Lu7pUue_`rjYPb)2*RHCuG+!%eIOyR*-h~ngIj)H-Aq3(VUv)s}$ zC?-}lfp$C4LVh%IBwWe?dXIx~i|MgZ#dn zB$w>w?#{IFDrnlAU0ngNb&V$EwFA#D=HlYAYXL;Ya=qD5Bt9JN(#i@@;7af^eUwo6 ztQXhU1p>FEed)cDP`nMcn?9hHVnuy1+m#*?wL1m!<>MO-33EfknK~2c839;*Xc#HV zh>!RVkwC!@3&JzK?#+~gF`2ubrH%TKu9UDDS!r|h^_$ry>#`AA6e0?1Tu@_32>1J z52k6A*M)&@7{M`V>18-w&e=HFY*7w{_RI^l9jK>nxc(nk3SKtEcgdwN` zK)R#3QmY!~4N$lMbN+ydNh&I7u~@YZR8C=A(J^D9l=sKG1Hc}R+~`TzG*i;iPF5{f z3dGw#uUXvmYv>Elaa|5Wkd>t+BrY%H;p&e-(KQ-06B`{K<^nhm z%oeBwoHgK@v_nb@%)~I0k{WGxdV5K!)z(-Tvkk+>e>7KLEi5dQ4611`$>eaq+y%F_ zUQtK(39vYObmQe3YMP=d4lc|pWg1{_?n(uPl$QsI-aw|=@$%|uSz6LcBSCq4)6$OS zd`seOb3RtoqSkJJ$Dy zHZzOEOB?V7(;|2WU%Bv(*}3XI(&;mPQeHAmVBYPvF^`@z`@KLZ`=N}KM{%)#A@+`; zr0LevGI&ZSiF1MEx&{HR9keBta#cwV--U^vxFI^#FqU|3dWOU`|VkN?ARabkSD@>!fMfo9&1R9sD^YnZEw&(@); ztPENK_U4!e^k~8}n?~335$v#tv9aD>Ll(y`mbA3O-cTPhE%0e*XjPgcB6~$O)nVGQ?zbKI>-;(zDo=6{hTnJejJR8U;u!QyqEkXG*#ZNr;$DTL z)W^}8Lg}u@%hCRRkt4n=9dOSj0Cc_{vCAaQ*K6M5aQdj55 z`W6LiZ_3DrZ{rIQ9*2{@?-ShZa0>#t1^4jmwdOzRxkUazT)ODW&a>v|`U}rWdM#bo z&#(+F>Nzq=i2&!hrym|Z&o0X(l#P_dYao6t>Zt6w88Qd*?aaR)j|6-lfMRd`1T}5h z#m>&{VgPp&=<17KL(=k_y_=L|WD>4MD@#jGCri^KBT^$vyGm4vZKwp=wJv>$f&CAp zNF;?yrBahW6A}|!+gdf}v@NNFHqkZE{m_FW8xzaxku0wZ5|rJ?u|J_;@5OZF)SyE! zfBJNOaXmHf{ZSrU1MfinXtVp0L}ky9)!jH3@lqmLZ3+JfS`$zE%FUO1NkHqLeyf+L z_He3|iE%DBs~TQh`C6KG6T4uNs_OK_VE6bn>>p@!42)K!S8#R?kHh70eE=LtM+XPH zZXgpqfPD#^Es_s5v1f)5U+e1XB#>vX4`+v_rxiz58eG2h{0}Fe@{ZWM8w20!?rO6x*kJ{Y)JcJ^TIIg>}q&Woxq#E8N!(G2m z#xJYLJ90~cw3wb>P*PFGE-OpZI%?7ROCc((LvN&0*p|YiLwR1F!%OZ~;&FL& zowBMj`$`u!4z^B27?AD(gRFu-;sD$Xum6%wxUOUSD{^6eO9>=*650(_M;^u zQW zD<4#8?b6PqJr{<>xfzS1{QS!D;>8?cwg(Rn>i|e#VL93Sa?m^qxQ9rdKW0DWC#X>6 z&)8C$udr~HS{^>Z&yby+UjVgfZFu4vwGwv?^Vs^kD5j1{1~Y?<;-aF7EM6^cf46j{ zQso)^HrCB!Wn<%A;88H}j$S+~8yFBzRo^>cg3Qt>h+y7#Nb6IoKn z)1txsrB|o0_Z=~baheD z=Vl=AB~Xx)k};+ENvWkCMko<}l8~36B+p2Y1gaM()BHVICglxyInw@K-56^5qZ(&B zMbT1APHqBVCNg)AGE##11==8mW@BRh?3|pBIyyR?ahVS2+e(Jif%4R~SZk8zp^H^8pYH z*gkQ(m^4nl655Nv*N_B)bbLH=zWBOX%d{MXR+=;vK`v}N)Y-|2j-LKCXay#EW&V=N zLuE}>m%F8ld3<(pRsQ6?1rDxFCDkO=Cy&2Ydz*Q=9K>oWs@raPh77p#Zgs0~uXtxY z#8jJNV{^l2p&oa&wdFigMJssG! zTwZr}c_23>`;pwu(=*^Bu+aVjM)`OizSQZ>BcS)ML8HGqAVGfw@XvQua&mHDe9)^i z4h;x^x|ZJnp{d>{<6LxYKH?mH{zA|zXRfZcheWG7JpU2`Pws53<<1QRfq)Y?I0l*x zbtKUTl`mUtj4yc&AQ}c@VkiA~AU$zeo-l0utrv~|Q2_hRn>T7NpAT6}UHA^6adB}q zJHAfm0o4oUouNcbN-`3iuM;R-VolL6O&SFz63 zgc$`LMd@2ov39_|z?WuvHf#J9aoD(!QZ8Gk&Hk$Jpp}q(@#C_(*3IF@dfWD5-_DG~ z)#YS}-q`r$A~c&SD>PgH=E&Ft6Fakmy^DuH4|!pOm$=mOSwdaSXOqs$7qozj?7Tc0 zaot!lTK?=}?!?N^-t(KO+9vKM^PKXtXQ*P4ZIUKmmrP(7VV? z9@oK57StX{FR~ncYwJi3lZxQLKrCF`zen>(;;2(wuJx9?XJ-t&sBg2M7PM>yk*!x6 z5KvJ~W6*$ne|oq9%-u}`qeANk>fAR7s=!uun>F~)7j4aHgk-D0rI((ELnW|tatid^ zDgf9QQXOz>JQh=AWxrVcHw-VydOmo}#_;AJX}ms@ZiCoTK`U^L8?G<~f-fs-5JLIA02?D%=yaPxVylO%;QV64j(|2Cx`g9$$RJ zjlvcOlAF_xTpBs7)>!N=n$@bbduZEQTOr}D$pYWleM1HQh&KR&TTt4h%@E{(qF{mQ z^EDSmscvdW>sRr`4u+lU@q#S(qd+YnkTGDg`aMffd2 ztS533G0>atte3E8~M zurTHpe@UIIj*Z^8w7ZDIn5>}%=DZIMCl8gY@>wX<^t7`gpE;QqXR~&UZY^EgL_1Dj zj*jidH{KPi_A4`|_Tcx;EnPTX^wApC*s)asI5UV?Hl*{5=6gng3_Il7)qZ zYZ~DM*1&HR-Q%6!|3H2RXpMj_UjW(lgZ^~>vjOh_b1L#C2)fZ`()Pn)!dNKOWn~dI zyy311C_(zxz5L}8pp>2MZ6?#PluE51LPE-ZS4nk?VJ9)X%Rj7FZ-FZCXMAL(ilL%1 z7zo40WzhZz@|i)Gv$M0ck?PXYqhNM1fNDI)uAa1w6p}DEFaSX=J%xPWY6#gqerHvR zR10sXprF7aQIX1)Nn7*W02e4>1(#5_Nh{;3>1$Aai~?jRDs z{o`CJ=#F~LZlS3i=D(ZknB6_ZOi67%n>LM)jl?GYv^k)EPnlMvRQj>rIsFGAuls`_ zG_D%vdRCN}cV>hKkM6(4p;GSl>Z_N>8%Oq|Gkx`ct^I?;Q&TbPZ?UlEx_o^P6UhDU zjLa8ndMLf6PXM%k{aq*#= znop%(1h;#m$(fm%;t}trJH0)}0+fLh3_`@gJy`y~lBHrq{ETCpE}o_!4!04k`Xuzf zW8^?L7dKh3gCLr@Ikh4ftCTZ=DNjf!=L}#Wfk2blBq87)oUm7|u76Oy1e|vvi}l~v zO{FRsnd9b&@f)QZ^AA(u=;&n5&4b(O^uA-I-b_BCApBE`dTW(%2x>I{vm2ODsT4-Y zoqVMf!ebOjVd@CD>@9ABWespiv1B9Z;F-V6%UJZ|;k9VTretUL;Ba|$ z)fbSKp6&}u1SlKVpqIBfAHxoTXtE8+C*1jzE`cL=w-2)RFm&HAw3!EXoB*s{1olS9 z{eC)tb~UxNJ#WzPmwZB3BoVZqVq|lPI{8pg6mZ)luH#~Z^ z>v`Rl66)|A&;Mg5@tLlf$Z$uB%I5oWESIJr^X>uGgI&mzj3bv8 zp!y`?FxG6G2gVd6nQrtMVwCTGR9gtHa@!cD29#oPDfXyARvYd2fEdF>eEr_l#osUN zSc3IAEIJza-|lX1obZq+5RzI=R?8q62o!>9mG(VIIWOv>BKs+-fk?HJs7spIumEh3 z02)wVd1BP$JCrzhc#_0Un!tXMlxf?dLGJ4XN&8uP0B4s3%wO-%pTk2*xVZ2l@NG?d zJtQS5!TZf^fRD4g2LNli+f7_K=QbLs`p!U^2@C@yB&%~l8<=-tKcb)04{gfrz z<}ed@1F7p^cdkKipAnhQC+~5h0;{}7RIj?Fda}PZKlr-3 zb4>}8*oi1ykapcN;D^n@_aIw<&^}o%RDh5>2$l#T15ypJ!<5KN^*6M0_~(P!;z>|{ zAd3EOc%o4R(10*#*%f-nN1=l(iM4w=vbj&Cb4ML;Xw}+3E*#dd7c5*+HDX%Z+nbyF z!J}_{zI&>MkIf)DD~o}FhKZ|iSRO+%Z=ku>zc;TTg3ic@v^wNiM-;8Rp|P>Dva&Fo zi&gLjM*~EHx<3GyS|7%x)H~_d%}iyB>B8I`Rt5?(G6BC&drJ$K(bD+1EVnEvnG+Aj z5Lm}~|FQih3o7JAv!0!uA?uVUj4loW(pElt_}3un!Rl!5S_L25Wj^3qtDXlx%TVxV zS?bQFY%>h)h4^%Jqh)=J54wGB_(RCAzm>NG3AGH4v6b=e{*INo zjmy21wz>JuYI2%(oOMu;Xz3vy1;yY7;aMc-zmH@9A^5(Yqt?bU#x7pByED>ovQlnP zQIk@!vs0GV78j>`I$f}}6x5ro<~5&DiFmSNQxRrU(#_?_@bKPyw6?9NuZoE1C1pht zo0tnJnt~lEK|uoti!?A7{wOX6P75x$c|7D`q!;=Tqn*3ty9-D(zESmBp{0fm6-pZw z*7%dxQ+o%p#RlAK9@6DvCtLcZGcG12Gd(>e198o*xn;pW9Ed$YVk;w^jb&uamp^dr z_|wpqBZh~~%&;IwBJ-|m4~QlU2?@DMyzW*VVW8U`9Ml3|aiCv^y36&a5-qRJdXr!! zq-H}*)@rU&sqjR|2QHtwx;!OuE%8$2q9QX@Rh5<&?)20&sfDA%!`8NzmDQEOe%;u_ zja*CZf@9mTS(f?;*@!i5?S8hD*Jl!XeI^^4AR+hb-O_n{4)KBhjl=YeV``lbnW)yQ z4VQ}wNUEZP{aJjjy3Aw{Sf&@DrlSER%D{|^gZ+Dd56sQ2oLr%+xj}(}X{!HypE=+P%o6`z zuv&TV0;e19#?#8wnDNioLeMH9DXGZJ)ZE;Xi-$X9p~~TFfiLU-qoVFnj^r0`+FoTEN=%RNJ&sq$?pai+dxIv zM^IPS5BTz=TS|`G=icREWu|*7Dw^}bmO`)iRqOR`JP?7|xQ9}%YQ6c!(0I<{>YU2_%=ow$m*@>@jUt} zt6ce;42!^0>NPGqqBNvvTLeqHw=^8H<^HGy3UFmJT${lxKMU*Vvs05f^#mAC*JL(XrEN7eQ$s_=xoW)0Nl8F$+ySTovdxKNit$w3 z+^?bKrkWc4?sfowtU%ajEsh@|^X~4hqJmCKYZYi&DKM!!xwv%t28T^OQTR0o3B9kK z|iPlPXt5ReYtfU1apDb2>84}~ML-c#h zV;rhlt}$6X^VZ?h>-b`#Qg7(I_uNqTcVgF@FwON-2VF-)yShp$*%w=RhD>*g zKb2ovc;clcXO#z~hS<@ekmG*Q#<72gK|x4vD(u59AX6BTs9Qnr#KFRXfCfplKoJoU zknejdM;Tw+T9h_(M`IE@k^qSym;j<<#1Y}Rj8X%aiSpEi1?9ARtqtZ=hXsRgn%(tcpO5KLq9g_|YBiz$k$ z+_}E#ug!-zl0kHUPVdLImm4(Zo_9DM3ipD4!N(w_p0Xdl*}6Af>`5~+5s@I6CMv4O zz!1w;CHzxGQ6p7PAtobEYM%Zn-KdM=Ojklhqme`Q*~qPDzhFihrcB6$oI=VhsG(fe zI;pxsA~rF5@{2B=!l9)laG;LXHxzNb=-n<3i?hL25G5NM8z<+|!~_E+r5PCEthNf! zz#bRaZ&XuLTRR7e^;;a!mYyCS80pE$96&(AIUt=ZO{;zS`wEjdLXm zRA5>fgoQ~;81T@X^wSmr*+cB_$k}Xj?GS2l)1nUY2 zD$<3j)tX(~-Ld&ndrxjaHlq~cNVc}N0*CeC_GBZc{&ktGmAe%$H8r`qpQBa&XYg+Z z8V1#$iF~?*QK+bYYaGLs6U(cAHjyWe%)Ok4Q50!<5eJfc)wVKgsDcP+Yf3d)e~*N? zS{qYH21IN@0U7)jxRhXx6d)=d5I6yezCDL~@KS*Aqd37MAgmW_ukk$viEc5FxsyRh zM~C1&+3fN?n92pqPg*~0tQV_3ti95*M-Q;4NsTBDgzy!uS``S7K#BPwZ@B$JNtIau zR5Sn%&7TcO?I8LsSXWn946s>?NcS-&f~=~f2%BQK&yg5~Cg}%UgIT01HqTsOjkXt<22K00#gdNs)8-JB$rPKF6jP3y9@@ z`eb)=G+zKM3&Gjj=5#2uv$Ujc0k#S0-mwDaJBZKLWV6mqPQC|5w!%R|UXN~fuv+Yd z)FC2VlPc7W%kFV|LS6Ok9#`tbfjHOV4~8fCbMJsOInZWxS)L3~P{QiPx$^S4v{sds zPfuxm3~4!Hp$=u9oP5u_hv*NQm>!JEipw&Jx+(~R>yJ-!fyWl+D#~oq^eTU(Y5!e% zJs(p#s`V!tkI>E~qOfGC4h;=aQc&y!yslIp&K9Sqq-^E(G=mA}`xc%brRs=rKYDJpPurX&ydv^fwiOVH`!n_^6m}+lS1JVP(W%*Iy&T> z;faao95Dc7&cH4C*$E7A0I5`q-+i)}D*@YX0%#VE?+G7vkCXdzJDhy4w;|b`77N5yT0;qkx z9QruzmtcZ@HDe(NmTLve6c6jHZGQ=46HtKnuirhe2n z*4EWD%cAw9H8&TKanYX=dZr!yOFwr0f@SVxu|(ccv7=t}_(M9VI{T*vA?0YCnqFX@ zq!aD5`X@-UlkIK4zCjKsbR{$agcH*=>;yb6Rv?P$(2`+T3ds{26a?cA(8~QTt*J1Ly7Z}+KWEO; zyk}B`R}c#b+XG$?_Q?MMvlC>tz{lV+2&jQ3fE5%3mX%n;jAwcXnP;$P>@&d~{lYk& ztLXF=22#EOX(o>aL^fp(^eAe71qGHZzJL&piOKvAOACKO5~g*KPKO|h{F>R6^y<)* zrk3vivxYY-Rhs|nu(gWyTrX%xR@n87b~tyf(OJjLs&?;bygfSP=+A;RCF31v22$KR zm?ul%ivQ0(L~{{%C(s8HYN(*HgC%11HwE85+iie?;)MaDBtUa#3vUWaCwRfk&CT7M zzHfstJ;a-!3f&HFPEI!fC_vm116z?!5A5;@=yI>k&o_b+0UFyXfL;<3@TLlH6CggJ z;4$xl-tci8karn|;VrP}3I&H+Gu`57c4E9Mkqt3>w%!&^z$Jw633@DW94kCCFq_Z& zeO!!^)Sf<>3IrZVF@VAK)m?tw#sQ1vBBG)o&`@eL6ooDcNR@_!jIe{Fqj_e++bBO} zAZcF{?o(4!z;;lgTNB3W)i=*?VgRl6zcP)qc&R`#%AaQ+X{n=fV-Ru_&Pzy^SVnt4 z>(!EYG|PUP7Qk9F+M+$sb6rQ!vTr4^o;L~V>%X(MKfQPWAz>QHa4&!?(I^hR<~Jm; zPtL2IS6v+)@B)0RtE;QmMIFF|azHX;3ihA|2qOSp-tHW3cJcc`gcKI;fz|abhzwrn zbKrXVJRBDDdR%`K0?TQyzSku9l0oSO1=tG&?WqG}P(N_%_sx}l0c&9!9>?^c=UD|f zfR=a*F1^1jShFr>g=C5rs!5UpTXG1o`jBOAuRCF5DR0;fvPw&-uOaXi?|h%Hh|rBe zCanP#F*fRV?VDw%KO5d_&Gw*0(l;8Ln#yHx#s&wNfZOtq=TCdSG7UA3%bPDB!SMK~ zRHzi28SxraVzZb7?wqVkcM$u-{kmO1(p)~Q9`=h7j{s1M)=B8b6DZ^*8?K0W;IG4{nF~8?cGC}YYwzRV`?Xzw>C0zw2SpDV1iS}7 z!vabb7LAZjXC5rSGjO?qp4PetGOXWVh{*sKp<-YFdBS~6J@7*+PLGblepAT)ho~8| zLEoIA@6Y)b9*#ub%?k_*;CCkwyn6?q6GILp6Zm(=;9r6)Z-V@M3Ltl4#DJqF0Fpj> zM{Ey#NEsRARehBFaQUC+pfZ8e(gJ=o!SELSj2B3NfTTAtnu;Ue0cb>>JX#80@Aqk> zfWcyNWCXIZp!FNR)%WP=VwYw(p}cUQK5F~~Fye!+!T;J{C%9Vb4_S*>=jRCmUfsA3 zJxX)Zg&g=-LTI)B9edB@z=GXspT~O{iIN8OcK)Eu$Q&H)*utOzN|w#D)p}21klWRS zog9C*_Hh^Oh+lSC*By@q z`+lvALWN2hk&&I5J)&$9viGQrtb|bZN{Z}FQHbow%E(GXA{3!0q)2wf?>z7K_x{-* z@8|J6_kG>xI@dYp;(Wc2it7B)-gS>FKgRO2(dulUr{AiGeorj<@J)_Ev0+Bu7M1#o zzBhMn$DL1|c)!Y%bib@@yz1I-tMP_UyBvy(oKtvDoY4DZr`XOjvRqU?>TncRHx_dh zmc~chkbEyE9SC^$;;!S&zT4g(tHULvU)&rVSoZ&bBm-VUDbx)HCmRziFX~A^!~?_xlTm! zxsB@9f7yTH-SNLKU#&dOChyG@FgS6Czc(Ru?-j8dV{dLH$umj>vT?2 zO>EGeo1aI}h!5^KMmbEFXkTab3bLm9b3HK7e|3IW%cal^39*wW0i3Ty(Xz0XKB1In zrn84PgaZw=#uruJ#ev?QSzFRWXet}8etR4m+U|cc&Y}2ldem*!vu}EuvPn5*K79E3 zSjawdZ`qBmaZBkxDZJ%90*{LReExQp{NYQ@p=9ZsH$_;v6@9D!RFtju z5g&9XH@h*~`}I!Fnzc{OoSl38xsulggRy3uQ{%t3_7>ggUiePYN<$g}r4-@pIz2zl z++Wq1MD?Y?dtoV_#j~xAC+P)8x9$&l?}DQGt^Kwc(V0b6ReUE-1WmMcsGT*k)+nL6 zoL7=@9`9CTgH)J62l=Yxvw4P&Y~Wp;T{5s&Uf)(He&t8Ea@=B|Kjiv0665 zH6^D#sce2%Uw_#3!`AwIt=id~7rn2}4>v{ES5@5&axF3}8CG)nVU^KPdir;iX)evmSK=kj8Dk!Xo2p048@{#Qn0xD! zu~;WKM{y=f{cN;Td{2Z(#)(zE)z({lUZ> zta=jfwCSky`p_Q+ruDVwW>daej)lF&#hz3#8oj*2nm%rB7mR!~oj(-LrqN$~y`ae4 zw4>)S(isid(N)`U(6lR#`J|tc;-3tPkV~I`Hr>@6Y&3Y`m7Lt1ee17axjeC9QAv%+ z;M_Nd1sm@l2TrcMtkmB8K$hO(enzFuAfWb%4^0su`$6urL! zr?`O3Ng>G-xd$%a{}{V>$=jDn-gP!Uq^uU~J6hc9|s8yR&yeDdTZlW6)antg{~BSEUOv-9-ZfV=eP z`I5s82csRLNABG_rhhj=eEL{;(&-_?^MXFiPCQv|#}DT^Jj@yxm>&+MYd4NiK1HGc zO;s=T6Ah(8hleHr@x>!6E8fh1(?skU-S5f|?H$0<{-Dr2+O%n)Luhr5?siLQhfRteU`|zD38rp2DcO%ap z5gO`=EP!(Z!9!V!K{o)2^$wl8i{Glw@0VT4NePMZN_&djPoF+9mc|@xSR`=!vt4#{ z4%eOR9ZmHNladoV<3O` zYFY^$hQAZU*}x#uvTr9QjvD_%CwCo?6aogvxy7$vBad4l2BUGYB{L~0JoiaWjku)b z1O`XwuAX?!XhNiP_UzexgbXZ(PM(>>29Id~t8e7^%dma z0y6J8BqU(jkfgl5{m1>q82S)k<5O#}dQ|DnK~PW?v~z>`X?3;O`O~VZUuR~(1H>jl z|02T^pOLZKLGKV326K_(NUqS-)%Ef6LO>6QoOMu5XKy*dS0P*pIss~*bUW}&XzqeG zrYPtzDpd9Yw^Vpc8<`5B^O~BPvx$eS{H7pKS|O5GJ>IXhkng+FUo=5 zgVWm}gc2qF$;p$_*EUhA{8j=K8pqSj00n63bTq9^JDV)Ins41+tb3=lEF&v(n?=NR zrJ~LI!}#K(j5gj3RhPFx<=&I-=DDEetiQuno~vlB!g5)Gu#Q2@Oj}e;U~*T5yj%1^{1I($oNEQc|(@+AEQ*GLBX#sapJ^rsbSgUJ+@)px0wAU7a1GO zOqXv?50EQ%9a1qjo3E>UD_N?bF(6=k?w5++)M7$s5;^(#L5mPAsmha)GQ>t(CpOHR zhCd7pTbzJ9IOx&ESLg0o2&L*~Q=@5zUTx_V5FGl)SH|}C_JK=(w9VKF1EyinQA9qdIS(3)S5z z<|R8|&@>tFNibT`DXX9|ETWQE>2bUYZ{>-%10PE(XDjzl#k@xrwkXI~NW?j#Z`~s6 zgH?NXuEq)FhHZ*H)6!B>N{K7B78Vvr9^qD=CH_y{W8TxM^vp6dZ|>cLCr&H{=2s4c za(}i`w?6x3wD;{~?(t&#JC9-$L)x0Vc>~NpR&qq?9G2|r`Y@lvw&z8PvBTKkoNqD? z4<5=7b(e;f5vPUzSb9;_*ZD52T7jx}BAzXlPY;O5CHINeXInRJBxbzpbNly+s6lz2 z#zIQh(4S1f>TsQoRAB3Eb5o9@Gcpgu+`ArXmb0G*Dd$1eo0kHXFrL6;?sB9Q7ZdA{ z*P2nGL((Ea69SnJEK>Q0=Sk8=xH-m115M1#s@jfUi{UzbvqV0GFwcy!SCfZH zBRSdei(85t-6^JG#{+S*y9C^9^A+32$vmiP1{NJI_K)fBm61;2+SyiayJbK6hUL|# z1Pi{MD2tVv+7F|QNhOcmHp9n`SQq#1GO4iquD1W<##iKpJ+^FIgZMNmZup|&lS^+& z-elzD(1tS0`!m$-c2=T>Nc|Z6R|cFM0sjrFo_J4(y@9?{&L8@vf-5S1m&UFsE0au7 z9=|@_v!7Y9omzqSNmm0OodNH8BKrC(!XyH0YtR98MD0aKn?C@;3uzp-Z$Po`(zlV$ z3W-2S4y2$Lm^Fz)i1!`1guFoVqww`I2C!aVITsYP1F_Kjy=KiqQPfiOa1KyP=NAII z>{46%IgW{o+5ymV;AKL4kwlS`o_?5#NsACJIiLt?Z1Z#M3E``_SxG7abCprF+Pb=* zDs02NsUJM>eRL*nKvhG7sUVuiusyTt%Sfw^X28C)?lA1${|8kL zRBfK1EXUR$_aj#Lt-d$k7gJj+F@q|319^P}-sYg$TYMT~QgXTF9u9bHMNJ3n-mnL-l|o$n@M!T?6M)_&~y34^0P zw@#$lCE3dbV#t4(<(Co=7iS0qw|LQ?El-t}mbTUU>a*eKpPhbQl{(GdC#cm(+gNr# zbV%1$?bf6UXJv4r{SJ0^NbNv!^8SQ#&jc;#{I^N2%nYq~M4dk1bMn2tDlL=9rM%cH ztCik5&v$m)i;7nJ9F?l^{P_B1X=&qHBY8e|9E-fuU&eY(dhbQUb3+SCW}^tM>zseF z_oLaJUmH8JYLAUfubn@0J{hTBt7rc`Bs21=4UjnZV4I`F&)PXX;qiMh!I#JV(%-i@ zi!|t+p%UV5xY{H`l$@GMdTbvNE!{e`IFB<~v=TL*htmn%yu2D^MjtU zj;KfnavhG8Mvhe1J7zi+T`+?+p%!Rq=vXyU$wItqpS@^rS1xH~)U*ks&G(@0B9}?r zet5OuxRK_G6(x0o{ITOX=MDB_UfXva^KGZJGinW{v-d@qo0{EX7QOUh!}Ip-q2qrf z_Dj+|n;C2RTh{1PK3Xq*T+$lU(2UJRN!yn_ylj2V3NQ5euR0D{r)s_DOlle#u*>>J zqoiqiu2#m%=c)Q?c&=$|W>XZU28(6PHv^+qr4O%aN~vpfR=0OD4yQNhBNKCHO(>!z zpV0uI}g+AXUJB4DYPd7 zcB!tcbed@ShsiVsHj877jfEB6pFXwV*T>`?8s%b=ZjN9tvfedDy6Qrc1@RRuZu47naZaQ8a zP~{vUA5XsqQAMi|iD~%Hd_vWhPz7PL_T1l}@>Oi<4a@2ePhld2F-J4wCS=Dk@p^0_cIwzj60yn#{n zaL37v=f3LH#~Ze`pH6?iQH}5Qkva2~gK!F_Q&X?NRqJo};`t}}lA|L-)2Y$v85tX! ze&*(;PA$Xc&|K7%u*CgJ5QJtytlTL(1o^e-{ew zOAK^8?=W1n3t9G19nGoH-xiuKez{W99gwkQIu`TD6l$OO|HhGVsUab!^pyJ4x^B=wVcb^pUxy{(+|I?3Ku4P{sui%x=nc zT-UGvGujs9zQy{sOiK;vt=wdX{5r?Rw9Oy3De5B}?TUdIY1o56pOo8Ao@B=Uo}E&G z>-Nf7D6x(g+%LQ;)x2=&LDSc*4?77@jH-!WcQrH9(A3mMOY}RP?Ch?|t^Rf1cmMc_ z639n+d7VnCLz0c<$;#b|hvpIR!>#yyB)t7erUb>8gs*+_cO5>_$i_FvTwA{~@k!-B zb)e;8qobZwX~NE@qn?z}(9mQ$KPIL=@`_wX>p&7hN`wQKf=~VXqtM^u6*pc(YBQQ^ zbkHcUj9dS;H!_LM|k-7)EY8xHO|`#uHRvFMVEx$Oj}C}Bb&%+uWP4IhieuN z1eO~>?r~Orm7%p@^Ttk$LjDzT>&JAj``2 zJvL_XH^qBjgvVVCC(ix40(MzYmuPVz(xd3MN!4Udp+I2a!1r!CCy3B{j}-!g-Iz%> z_E>ZMVo;gRb8_QmQE0iJsdCTk&!5|v8HCIQ7FxY1u1$HaPrAvu7HOYGS8%uYn8e|8 zQpp2?;VuLJI5N&2h<+Z(MLb#=Wi}E&(7(It5CcR1@uX*go6BHyemPTe82k9FA+?n- zSj4H&nccZ5Zph9uKWQ+J80eJtIaQs8Bj;irY$l}1C0$Nr%o?64%BQXKdpuJTA41J#Xz>s@wGh$R)`lWT<+$21Q z7M9szBxduHOY*#$$@42uudsjX(A@Ejyc~WhG&b=a&UN=~#-BDjdB^r>CKac4r<6A6 zdlf5j8GJci>%nlhyr`%|lUHzW?|IhVc*raozn-;zxYc>{)O+$cS&8ub?NryH-$xVE z9#RXeZY++VWde;y$i>&qqNJvFuoXleMr$jZl$4Z!z^xnGKk6o+z~9r}+|-01;`WXX zjjyw_>PL!40R7?C^8in!L~i9lFm1^pVE_cj0yI5Ik+GIYgnwi-PS8zevZ+4tV%^0SbXtOF0Y@UiX<(tj)nquTFfbxv2q|p(=kw!*F0N=q% z-js*>eL;Bx-3APP&Gy~2N1_v8W~)gZfX4$PTY^IG=p=uPHO1OHDse?#-k1egiW&bR z)anK%z%>j8mmfEbWs*aX^(}0#0+E!qjt+dhr-)xZpg@XKf#vV7+|d_7;(<*O(y6Gc z!=$i17~$1_hSd3@gpQ>+c$<}5HNzvvA7L%1XAi=PQAH4Qbx~*^xv5jAImq3u}3A;;pR{YTf1zoD1F&0%I9+WyK*aK z31#R#D~;)Jkuw%ojfzWGGz0ByJ?WVne7(FGW$k9e-*POt9$j!Tg}LE8Clrw+l{F9Sg#6x@Uze{?@CPJidU=XsGnRA=U znwAWI!NS;6`V+U;Lz$LhT|sHFGEDOKdiZTzAUPF}u!t{Zo?b{Nw;caqsl;CYja?;@ zAYa@t7HucqFr-s|>hW!36%lNBJ0~MY^T;?IQ%`phCjD4>klGYrVSz#0m%!^_AAj@> zL+@ii7?oc~P+Fka>l^663pi7ZCM`lLz!>*Ah>k=wO$7ed0kv8|>@r1FKmTX(S=8|* z0vn#ex05g^mPd5sh#0QnR3?;HB-#btk%<0!$CJUv@*%%Fk7si4xp5#Dq@(QqWXt|9 zSi~e6@vl5`Ya>uZuvFL7K;osS6g(RO_^GgY9^D6Z2R!7YL6=H5t!<@ePOGWeb4IJa z8@X_z|B*@Z-Mb_YZ0Mf6_3@#frbug#0871cQJz(bO!h>> zgLykaDFvB`1-OBLPvoYT9(b!qJ|T@Ic!c^@zg=>rYtST&$1?QEx3(^andt-tI)BV# z8+-X9SnJHSYhIep8-?o0CB&&TpPvbJK7ZbMTzJkU^az(gU0v;A*}&Ow5stFOFpBK) z2h`p*7&1LRGFfxA;@y+B*Ta7=A6}?&ihtL2>bCLD{;JY)m7t4XR42qwA8kLjMD}rm z6Huv%jR^}I29$#k>l0X8UEOhp_?X{M2oMz&6)g@aFfPu1{dy9*D?5VG1OB8y&NEXl zm$FMc!IP=86TF2UO487R0=-9`Fm-}!_yOOsM z$iF%c1Ix>594r^@Esxu0yKGZ7P349qyk32i=MwL6kFGh^7;=BgXmUsjCjdI4MtV&MJyd{)Fy7JBWN98|1*4Yg(a5hF-MknjWs-K&Vn1X0e zmX9!KLKd~ovo`sVkPvk3`UhXO${mS7=??#uNA0crJ@~lC?(V&Ekh@ZT31O9qvlvlI z_4)q(Rd=_VGI7cMfsA91&Qz-ZE>s;(qnQcZ-uy_w3z2KvBniSz8D#{&*ZPUYmDpy(4p{k=>H%sn{ktfse zuX727Pd7&rIv(g`*xZjG*M4AU@2J#PS)c&kSV*g|(UR#3fl$fyp zL*Uh^bUYrPJK4!wBO;`9Z$GcMLXtsrH09r;gf!9i85JUj=g)j*`-x9P8+7w({$#!* zd*LOcoE=CwH#fH*N?3}rF&VZuI1`hB4voN0*1udn`i*21kicx%H%UbzA}VU0ph*Yg zqxCcQ9;b#?3e8_}-47idUob=+2}FwirCY5)cSS`-kFrI++G-;s7G5vRsk+zT-)${N z2zg{AqE3l5Oe8M#=NXlmopK$yHYSFhOG?7-Ipy60hYr1aggjV6>=*7Q zUW02}6czWa?*6hb2!KUf?M?r=jCq&RnZ)gwxVU6m9gSla4Gc%Jr94B6;LnVwRk{Y? zpmbETi>~BB(5%NL4lq1S!UsBL9g1GV1C?oeh;N2}3IpGPh!X_wUoaQ@o_j(sn34E+ zy6^To#$R`?DGzHA>=Z2fuQ>jBUuGR(>#r1hQ09Y7Tu#{X@}4I@J~duh+%8?1=h(^U z-#HLLpPZf8_`S7FBJ+vE%=D#WN4R8}GCl9BDQwObI^>t`l_e~Uf4u# zolqy#&WMP-y;Y8p`W5bLrwZ5l`Z}BcTxt^CJrYNczZ+gfp(Oc_p?IvrRfO}KTy*x>LcSB$a&D(9V5z-D;I7f6cZ^HSCPPHg1EE+0*C(!D^M=(Z8uL+J<=a{uVBFWvdu*0iGp%v<40R$ zITsAz$}H|&IP4?x`3+ZJhme))O5@EQM|b=2a^E*C%~%@MNKEg)W0BVTrmo4t(&Ctw zriOgr-{&nVYF=L3K_cUN=N^PLkB{u{c&N+h@@en{*~akhH{p`Ij(EJ3I%#nZ$~N%F zx=BiMhjp`C?`9nD)HozwvG1&oj$p}C26D>QD6C~k(3crCG#79xSm4ZCdXe$nlJYp2 zL)#uvI`ny-o+54s)|))Ps4@#rlZoq*RGzkF8ZtFEmz9>bMS9!GsR4;&X;Hr2)_qHCe(S-hNnUb6ftnfMV)lj<2CV^8{j&rfE4G_y9?c3 z^T(QFVyMa)2gxbc#%;!4csecI1taKgt%A$OQZ}2_e`9+Wjb2mJ2uZ;U@Lp2k|wjip>9sa@T(BM4{Gkd0u zGXWaBKTh8)^l;8E7miubzrqu4$IBd05wEGyO515zOjUc&oF~Q0*|$!wjKI5$n~GeE zu)b-rv0ifJTSwaJ5elImCF_atp+c39Cqsw@fBbMY2~j?*S;%)naYx_#R@SIGs2QlV49L&Kh3;~c;A9CJO0%I{zlcQ-99nsgh~TppRu z%Fb>!A{V?MgP2*OoxwzvFdn62+T7R}bMM~ExsfQPLC@(O^uN+zyt+SiDY}qP7F#vlpFfi7%C85&E#Z}6EzGPn3+SGYMw^vA4mmv6&bgq9@_GwuCN>Oa` zy|0ZBo2-e--v0Hj{?xJ5K7{Z>BxLdrQI!K9K5Si>!3Lpo=fJGv92FLF#bEY6$vQCM z-V@5$JFwwyfh^_g|M3k>cKO$Y1OhidAeBytAO$*`@YiOu)97ra1eak@*(TM5Zpa4v zMYX7ej>ua_r594l&j<(!Dd0%xFd~Y7sJl0U)nCMLk~Okh;-Q!u&m|&#+e_n71;bex{uTU|8%-8yQKS=0dW5|(cmv;IL0xJAx#ec^{ z9(~{F=m${yJr0F%Eb%4Jul3%4OM+r!(H+Nl($(gA!mjkRG_qa068s=F$7lP6e8lDD zk~h4h_#ftfOeL7V8u`FgnKSW^a49~c^e9$1Ul8*&prnM5_VnZHXF2ED$^BszA3lz6 zJ=ZH!cXD<Y=@etya0lEw`u z4C#HN&d9H=`LOk&(qOelEy8JtEk=ke(8-`@-BnLXMK$h(lh6=!-pcB+9?ys$&vo`m z67i8ylZO`^zJ8sN*mB~hNiK_%=n?f?xD@cwd~7;Ui&zM<669UweqZFXJFe;5 z>fEviFmyZ;-|YCq_EkImts4wLo}ntIZj2vrjgS=kdbeb5d^}ro#(8@0D~bWh zpn!gac?B(bbz-7{fdq(X&0@nBGhTC-6Kp2Nk21m^yM7uy#m_vnTEA=oVlSAOn4r0J zpPPI)Frfa-eL`XEZe3knR1`&h^|jv@vSi%ejQtgAj%HMb*6t-NqB)pU5FBUV`LnUb zh&HVpA<1wOq^-P`U9>sCl;K+U(AlH1*3zcXc5yikVX;V9gcJTnKz5XfZ-9 z!^2tqW9p9Y9_O8Ugf5e?G_Gg{jZ~_TCHjfnTXAs`ZzTt?%*9bO9YXTw{rA=OMko`n zS44O3@KgjI1@|QG{>g%V@btZV)%mtTLgqJk zMN8f;@|7eTi3!Tee#iCK$y|w!TNV5?J!bgg#fuF2fRkC>LSn+gJuhDt9KbLcPt1Py zjMH&I#wY>{P&ZW9O}@kRLrjVxTmpnC_Bp*bI2y0&s9;mJL`1g;Yt%Xc*Mpj7Z$ih{3z z{Ue#*xT;T1PL2$PNB%jO)U zA4`KwT8mdjb#+~xAdkSy-admzOjn*q=q9p`DBc*1{)oIK`A${=e*XLSfsU&Y5QYz3 z{r%Kg9dDXft@OcKUue@r9%IiBaVmk$!Av>o`r!)|0(PV(bJ$_vunAg8q;_EP{dsA?7YMrc=`A=wY8sDwn?&S!R?^+ zZTsJ!FoF79NDOQ5Ijg92EH5v^Pu9Qtq;m(nBW-lKCcFi`XAZ1A@qsU~v$Lu+%k{5k zm<+M#l7}yoq}@o7t;$c5DzLb$J+n<;XBkF_%?Wa^{c`Myy#yr>HZ~A4 zo6!?catU8}ynlg?f#JD=S@nguoSYnSFY!%isacN^{tgmiW(HHfbpr zvVA`}E%Tc_-hUYaj3>2~LVSF$U%oCrUO)Nls&~yeWR|o?WxV@?KL%}GmhZgr(40sI zCHP;)yHK*K^@JoM;)CF8I8DQ}@4ZPCFeRyy1I9vsaxDC$<~id>52j@BDp4!9Ml}3) zya>Bv2FdJ-n~`gTostf41>m@2kZ~B=`@q1a`}e=l935=SFex_tJb;UWYstohzGaNM zC8``L2!O-B-Q%CMrTWl>5Xd4_E$|n^FbjFy#Icv^#Ewfsr1w>8qcP4B@4HCa={{Hxc zwcAD-Jyl2od6;{{AK^LT`oKtigzQlqB#;Sgww%&HitSIIaE`R$*CEGzc=J}wEmmaL;f_vxx&M2&)wKu zb_6Mpdf?aD+B(U4Y>(Ep_&ru3X2M?zQ>{V?7as<-fO~+nlkhCL4&jM5RPQ@Z^e`lR0(EgNMSMCx7%aC8sWYlA>5Ou7kzz&7e9hU zX1<2ar_iukT3BGM;`gQR_>l;TqM10RzMdWoMQUox6jG-a7H;`I{lqmPp>e1xaH)-= zbWvmuRu%}QBeSzvxY_G>S04>nsB{}|7}wz_)&F#E!Y7_773y1GzZZUa z>(%%x$H5BrFRHY@O~XB2wX-~~VW$u8-RF#RinVNRPOPn!SZar_IamM*=6UfAXQ?eu z*zEE+$HTCoNxg6K80ShqBoBIF5qsJaf>~^!!rgs?#ksBc%be%mfmafeE8o#%@+E8f zo6IBo+`|TY0a5WmnAcTQw5AUwk_!jd`k~SM8F$&jP+sgk`%{Y+^z)#XmhdG64`xYU zQH?v|=;~@=UWG-vmvL7(E@-j)8q~af`|0&?-=0Om`$Ng+%|3jPk@*lwPVQ~Vzw;Hz zzKX7TL7CkCiB}T$JenlmT1x3@H!(wKQ_rz+k<(p~$MziCGej(Os}B9Yez_k}Hl9QF zU#=GUkyH=wVt>%oRAtc4Ht2c9KMU0`P9lejplb$^IDj96$*SiV)$^x;o1#VehJ27$ zq{qj%F4_N!(|TV}6cv16H`U&~Xoqb?e*FA-`^xg#+T$;qSL+a^ItAY-fkAu`-k@}? zb;f_k%*sl4Qt;o;Z2B5w?o?QgE$jVwxdd5KT`xNxn4FL+ITn{`aM`e8kFE500RxL#FguR#n*rVgxI&ne2R4wv z-+up&!jb*^ZGk0a#unJUqHoPY%Z46g;|{O^&i`ZB8ufJlxp%ci6+U<%WZgnYQG|gR zH8C7RPy+^P0z*kZ(yw*m@DA!a9OkCL9Q&5Qhd%rLT2^@U-?it;bU95`_ei2{Z;nu% zk*FD3f9RYrLtw>CiD-46UsfkM%tSs%)nq6@RN<7A7W-xhCfqLN0pUVDQI2QH8r=Op~G0u1;a1AWGaTMPmK(VdOO)R zF|9E!GvgYc4$K5dOd%6Ov?zrSf&c5e%n}9HQuxm+G2hL?=lO|t4MVfKUrkNT-F*>X z+v_xuj^W`tKxVc+8dKu#Fw{@%g~lcd{GH#veEBjt8GHzNsAW6*NuF8|a_j*Q3>GPl z1}d>n7pl$)he6f>cCMqNLj~$X5|a5C7CQ1~e4(Z7PMtwJe2mIS)H}kFj56i>;aXuI|yy$T{f>{huEnE3_PFopCFh!>x(;q^%=s6%my5Ff%G4 z&vA8eVq#!mIkHFp+_?liAz4|F?>v8^oDa^%5riyGjHRXJ_n@olo}RzD;+R0torFVQ zib|Ee;=R*(`*Y`$;Xrlcm6BrI=QQ3>i*vvbAoh0OK4;|k1!K$B^_G8YA2Dhh+_6a3 zqt}F5Re;jr>C8;sbAtL{$?a)u`Tm#VSOc`=JKk{Bb&m(u%qelf2smy=M4@m4rDucs z!e7vINb0=4{daTV%X#sb#|G$}klF#9^O)qht+~HAUy?zPLw-D$R!SC<4r7kzFiLsk zwY1!r(aAa4<-diM5vU=ggUg`(H9f90GcMIP69{1l(Z5MTM2JAFH~7)Exv3=bTe}H? z>plA2q<^?X{w8U1k=}VjF#9%z9BQeE?Iqa;$sRY4@8Y=7>jQNDlblGjAL6>OiO2~I ziUq7&ns9$mA9;9qi1ye}RuF~0EqJtln|#WQ(C4Vab^01EvcbWm231?(yyAfTSt ztM@Q35l$`~1{@{AZX6_X{K1(HL~EAz3#T_!pdv{r zCE!@Pc2_-#DWfjZEXocmTot@W^bW}#&;i5b@&n+#^Le=eQ&}cG|cnv}#cSh{*95{Fo*^qn;H#1ob8`G6?L59U& z2du$AewIeK(%uw8du=G-4D$kPEC=`RCoZpX9rc366f03k_y?K%{V6#B&}3vXOuP_> zR+ZJMGI>G9XCb<-zo0SM;|yje2q!riL4ebNpB75{SKD>}>Nz{l!$y#mo!uJ{R~)#y zw8SW4cN#3+^9X@;O}zy?>B-4O)o81f}^rmzl`Yxwe4l1;#3gU5$pCdX9Y+{9$?s41r{d3<>G2(^>t z&Wbc05)h&ftTofUti15*Nc;>gL;R=d(wO?Ec{j160pSPD8Q<94#~a{demy?UvbD0j zd@p>9!K;?10u9o@{zEFid@ix)Q>XzNK0cu9h&zbdE+Q&A-=9y)w6Ot@we{yu9U2?Z z1jE)HMf$}aeCYjbcE=j?sO9Uy*Mscm&eyMLHTw%58A!1j4M40g0o^k6d8VQEN-E6> zoN{`PjLJYY1pWGa=HwCoXEFWR^iq3xN=+(B9MVzBDD`tKU((9M$U?Ay+=7`75eCb> zQV#Jb^k7$lpHR!`%x_V7*!tPOfmwc~lVc|$oOK_bjs_#}8n78J4i>+Izh&|cyhqW~ zmEEj~x6h6(eZZosB*Gf$uV0m^O0VzPy}L(O)y3ue7KfI$_DjHA6ke=bHGSXj;L2RZ zCi=MpgQTS^jCZ&`yCwWNmDhzWXv79{xAXmv?dj#?;{&Wr%E?i{&My<>dE6S8L0W27 z7IPYD&y&hZ;$kL$liR<>a382F7}-C6w)p?Gu#XRHvnmn?RnW!7#xh|&2$8LeOF+lR zAl$SiW}FEGB4WS|2aikiCIw`yJ95W3NM1vV=c~PiW2GM*g%@RD6aqEZmB%n+O~@ZAIh{YdZC7 zjOv~^58Z6m7G3lD7t6&pN&ux67KD8_ki{UOn-FBSUQJf}_hX?UUv+hLdhz}H_f4OD z7#*#A<=O(ZON8<-JgK60D9FjpOfCP2+P<#^N`=Ve)3YGOxfw6%!&qXDXm2;4r$1>T zh(W{>^yqo_&_X@`__0x8_`-WN6Rzg;OMn-CQl4*T^gVPVJXbw(a5YJfXLTB$w;>aWP8v3pzPlF``iY>=7xqY{cF!ZDvp8 zB!Fl%7cEhfEB7WRv5OG&MJeF2gN)>gH zEcn8ib>u`gBZ=vtb1nD15W9&GS!CndEHp2*?*Tl!*orX4*7w0ky!?plX|_p>7x7>9 z_ugYPmQIbd8i&5&X(VVcME2HGwjQ8sP$c{XNVN$=wkuF5Bq`st$11e&xI!sJH9S20 zEd35NL7;i=MMOj(!}qtWxRN?yHLI)Z{2hS}LT5x+HiJ5Y;#(RM(<|7l#St!#V$)T} zBJBk1b$dLbLSw%a@QeB+m=S zo^qJ^p}p zMJQxOKx-uP*G>ImhzYfHbuZkg!;&BpJ9~S~?{ukNE=%@ZZAP90zB@){=9gQ464Y4R zE{;(-B%GeYD^>cIy$rKl67vkod|81tCqKUp$Odo)X;A7m2B+-ermgdI*;m zdR*M)2<5kR?$+@UbLNRZWlk{>V(3>^YHDhlyk>4jMX3R-rGNe&RK{<}uz&wA$PNIP z390zde>_jyl1f&MZP$UKtEtInVFZ(2w^&@k+)%-%_Sc9^hc^A7KD!Jof3F&}IqtiR?l(#j_w^cNib?yO8;e=z~`qTXN)j>5gGqdb zSv}hpI;v*^ZW|Q}8bXb^l9#GkC)f_*s3hjVR$6|?mPRmY#qWMWK>=XJTumrkd9*z2 z>{EE?!J{>(2<0|A+1T_K8yxQ%0yTd45ele%UT7yAppv4Zp~mQqFfsw)q>L8!!d(}6 zpdeYAaO-aGp89A5!k-X>KY^btP8io&x_(etU77F+M#4ES9IC0e7Q!C1|x#;#i9tQ~E@Qp~{ z`0Hn7mDAjOo#kS!8+YK|QlHPysWg$HMKLbEUs*>`cpXKhKR-5Bi^IoXzLO|r<0^KI z<8jLob=-Zc{gQ3}*Kgm%3>lB-@sVD@cHzL)-@mVTcoe;vI!a}+aUi#!XqQMp^p{Tv$0`|{fY^eEhjgz5Dj1Aa|bku zgxGhJYxW2BJ&2)q)(@ct=-(&SuSdZ=p+B7rl{N=21K`GPRqpubJX|8|uun&1b=^7o zW*F20UevRhC*$O;cJ`F?@Ql+oqXFTu4u%e;IXN#S${KL5^b{U-#2c{5NAC(G$Xoy} z-M*4Lh>qf+MLu&M`KRo&r>O=s4(r@Ar^>BF-ABt+RdfAIoFrR;s&xQA%OyheGBItd zBd!RJ1nh4i(rk{%6;l-Ff*ggU*CZ3g@p8gc?GKfgcv+P@t3R5m(P3D)U`Q6_t^1*BX zq6}D``45l<@SGCdTb4EoN)Um6HoN>HxK6yzDTjn$47=UZ{-wuCXq3~%^u2fi3LU>; z+JtH55hkYZv$GZNYo0u5u}xvxO;LU0-_`+sqZPt6wSDY9wwmTAaJsq15w9W93%Jj~ zpU6RkSE#Sid-_}|CSoe`$JXNaSgU`l2zHyj%&ok-KOo9h*nJ zYl}6>ZRq6GR8^~nTXj?yY5LePX#EF8fX~mdYmhqCuR;5T$-y7YACdpukN#j~Wd#|W z8^xZ!2OKY6L;*TAb{tW4;?O5usZ)U#eM=tjf= zKnSqL*OyyX2DBEoAgo2=C?Kh3;^&}FVKE5_M`6MaVi0fymiZ5Kk%g0(?lpA`p9&-2 zML{9fekwiEj-m@eguEOaVG|6~Wc9)o5}t&hU#-tY8!G&P*Dz$oK}wr7WqWM#bQxw` z7KK1RmP83LQIC!V0hUX>eSM&n?PH2#9!Gho%m z2WO58J@>ZI(+fUs!*@}65z17T&(YD*aN&DnXs{Zjz)0;0m8ogPf-qyl9u|(% z^uzn6bf>+f{}MF#7_z~GgjMy~NX5V$A$ZSYk~-T97b4dQ%TDGzo#JG(!dh8I3im(f z7-U1g{}&o|;gct~K~5aw;P_4|R3Pp9lezIKE-w6KR`njX@K`Ri3)v5cu~F0M3^2tk z6uf!$ilF{SzNL~-u~KX5DK`Z4jS=auRu&l1(KTaMGD3QmRA_gEGCel5cpD=rO1{QU zhTMQ~Bk$iw;{BPTGxVO>H)CV5TJZ+BC-}?nwh8r3?daJpts_T{|*5 z`YKC0@xbMOXUQx$1iEWq=E!Fz|HA&{e$4VQUQ-gp{*I;fb>vYl;F>|ie>O)BH?0zA zJ=7>8i-tkxKJyY~3H`!VIVP)`AVNp@tD1>kHqAKj|?09H|-1j}vHv~se zptjv%`}qjwG>yQfdt)^F9#zd8FkRk_5E}W*uNYoB%+JgWVXh3WfOq;x2zS*H%qod^ zY$)86kP$fv?!dvaugN->s=1)R0YhQDdU)PH0;66w`^|V&$3i7svDLWpmKDhGuATK~ zJ9xgrj$^=9DJUmL7-AqnCE>M00^Pb8j69j+hF)6dI)T98c9~-T@QCU_gP0u~SbQjn ziG?WkvO3hgrx7ZM%7JE?-My8BHuBaK^_tXwmUQ$kc#qzT44^nMGP%Zci;H`MkNwMR z1*|B=+Jrb$iph2pyJ`EFq{5u`CqOo~j2%}06)s5>F5;AuDn4t|^m9i0EsGSg*eC9q zG)NaSba{xsmv}qG%$6Xf^r1yndq#T{lS1u!8yyUC&{5(z&>j?K!HsR*?J!)>@)Qdr z2+@HU9EUOxD$0<=ZT2F5q(@3iAHEo7+!2fmsn6i^*;u^-0F}}nPt!)(!yJES$p8KJ z{8i&9;W$)wJ1)+$!sZmdPW;i@S2LvYWw{$zCW$OsBLIY2cL}tN{^VdzBT#@Qql@S_ z*jB+9?QVe@A~C<6G5)8^qkyEl5E5+w#NMw#p;-h)`3$jR_|+i@r- zHQ0O33H(!qGcM5IKqTuDL^k8QfGJuHO@~UA&Zid^sq>x7ePOhq&ihC9$@F^9J&yF{ z5xcAYrklM2j;7a=V=EsQhP+nnws2!Js(d*Nqz-NZS&KZ?ihJ}>CNOu*Im;YYUHw}y zA;OgPJ#gkWAQSRaB6<^#Oa9!qClt#(4=jQDz?;f)`0zEz_EM^mftM8XMMPZOA@227 z+NwWrtcLav8ZWWhd*Uyi6WmH~vA~Qw_G8ZC1EN&y;7}dMeKM`j9Lo-VxGImRLbR532;bC7S@lgK(wyAZW*v3m|+p~XHx$ua3 zu*LzJCYrcYl>aajz!MjuN(Jtiu%~dDjp`6h>fghb)WrhPyr0tb59X93>LK{Js>}xo zT8lozvyC-PnwIAeIFz~PT@idzH01m~`{gi_papzP+t+5_hK;7g{DCs{qTr*44O!x)I6W;60rN{6`RtUG_gEr*u&thAUfJ(Z zRtk_Ec+xMF8tp89XJ7&6y#`4rTL!o8tQ(c4+i2Ac-0O$KT~U%Se_G%kP&)8`EPZ!8 zmVN)eanWU8_K55~LN-ZuRtO;p*{Kj^Rkp0ML+UnCR#p^|%ra6UkyKPFDoH7o>UW&a z_xF0;f84L4etdU@nVoJFDbJiD}D)2_;;;Q^I_(*rzL z&pSFesn_b~l@HiA7j>i_$!gtc5zv08@`c)g>*r||=-c>eYl|g^A9Fj7&hc6Q^&JI& zO@Lcq5Vvf30ip}A(Z?6JH>-BbqqBN^y4O*L3*@&8cK>B(Kf)0@`}*j6oizc>i!5hq zzUYRPPICE*N@#lwe#!XudeF!6PIcfcH{d`6Kp#cW1cr1>*ZDTE=0MgxjZV{j>DtW~ zp(jpE^)o!*|8!=CMhpVEIKyJiqpX^+pd!fhns zGTi@Mc$v~4=Z{wlcPIUOHnX(j`D|xqrvBsAQ=31O)l1!<#b!@&{0arRXYby+ zk*qVW-gpytJZ3wHn9>Pgx@Sc<{3u*gX5X_nVrpodT?C@Lu>moYpX89Df0 z?@LXE6a!sd7`Zp17Tmu5HZWK`Zhb|?!?;lyw=vnHvVs1KFIuAZ-$Ux`HdGEAZMGd+ zM5XvnqG};7yR$sd&tkDl?QcUex3AC1Prlm)Sza8R`$H*5j zBS`XsY{WC9N5SfueLHN?o{D@OGjH&YxSYy)%gl?9ihoXaj^?x)f3_A--0yw4;F_KMk%I^8(xM_F)XqeMwp^;dJ9}C*Y-oKV1Z><_{W#Y(So%!T8ZyrO z*PIW5U=?`go<9*RDRB&fxi89Mr*xQ|R-E!e;Yk z6x1`|WMbPjJBBR;>@rAc$gE!eiq4I(P4~zUKVnK)f|zlXk_@lBdX;u;OwP73YWet7q`?YiPZ&rY9h6#-6FkbtquwG%Hy48y|IzUnUj z>tov?2ouuL&R)eN>26D6^Lh+HM`{(~t{k3jq!#RnbOv7IIyyLrF|Gu_28)&!7IT~Z zQ@JDI0rLU_d<8S%S~qGX)s-bAyisv0Oc1>aPk+uaj$5ZmoO7=e5)y!^IQ|%DKO@s` zljwyldb`X4Q{Zmzi=LKJRJ?}1*Z$Q9I=|ehI@7#u=mCMQVUn!CplfvkaFST&ojZ4M zAdSMnf0BTBJ=rwI|IFLF&E5eF$>pm9VAj+z{I91xKJ{c(WojgEubYznwu-N<6&F4C zZKmCSSkcjBazV_otY-MGLCOwZ&gU^c3j;KhKlLgrnv~|e${MUyt#_(>oi#1qdXpnI zUbhH)v0Pk;g?NuTBaaCtOV!VhPfk9+ad;mjW%y=KP*CzTw-o_dfn%=4cdXaij>2W4 z?ClNK_x;d6BT@h#8U%YqY(})DKVK?aYcp@C%y(cNl_fm2Fr{@5R|RF!Z!7d9>(T3L zpzjp}FO}^3;ht>P^AtoWHhQAVdW{`QsLK7`fX$8F3RfG?sal7cTkUabZ{p|pQ!><& zF-xL!f9Iz}32A9ys-N>1xLsUbpQN~&(|)jBM0HYWnW4^3>{^jPg`8s*)|ybab};R6 zb>)Js`Mc9qNl*XScLfeDaA=X-8AkUk+sOVF?G(9X{(Pcm%-l@A+<>m@@t5@i9R~<; zfPfIuz!EOZ*L0S*UfXBD!Pg`G6taWF=t8X!ub7w(xFypxn;)G@$Q0r3gtOn~Bg|*B z-RSs3=vi)Y&}l%IItyhBJcbD%8tbX;N|EckkVE&QR)iSxBm%w6*8=g(CU$=Qq4gk? zOen~AG2xamo-5igbLB?3Ea%oO7F{roVz<8)mP8o$iMiJ<=Lby)3H#u zreE(YlXP=NY`o>gm>fVAk54b|J_{?$e^jV{*_?b>yN_*PR1*PJu~{53}8m zhOkN1cmGIyAJ?;!QukCDh>8j~9H+$xG;P(Jkx~#r0 zZAs=nhp(AYLkq9o8?K4FQ|<1nl2lO%fl9aTq_lN$|F3-6u1lOh)V;QxJA2k0suZlh z2v%+rD`-S39w&#=R`T|kjZ`j{BX73i*E~{EUw`DaoZ({xz)jrq;UG-hqZTVMi_BS0 zm`M8kd1%Rl2=bw;_ROPKi;E0-$_3v)K0WB+L4f#FKEOHvMu?kc#Gd={>6!HNGO3Gl zIqMZpdG~D-b2&IT_}(FAL<0?weTV+>DuLIFyak1s;Z745V0}Z!ggbT}LItdqjr;Te zA4prudurQAM@N{CWX7Fss`q{1=;Uy5(4MPWKKWKL-xEEm^S7PdUASGU&D z@KnB&b=5Vb@=e5*@{5^0GjV54r?$)e@a+|zTc2n4{R({+;eig!0|!MV0l=8@+CLmj z;7mSGi;IhApsPZw^$iFx397pE1%(%Mye5OhKpi}p?oKAn$tkcgG4+LN5D|CdrTSTm z_i?tkZJ6`K6v1CmcE5lBo(d7-rp-8+=`jJq!?sZ6ZfPKfvR=o9v|?w%U2bDTf$EY& z$%$$fk}@e_ahFi^yie)bE#geutoLK~7_17#pDIdQHB;%JL_P_V2EL{L|46i+tWs5V z*0{u^>eM@b3aXR8xG+D_=KxF8XI8tvHjC%2!UVuod7lY$!V4Gnkf0H(v#8~43N0ENI* zVBFAY3EE*NkM-MRrgIp%*Yai!J&9YWWPo#h=^5(FuE!qVLqz zWz3TfBb3~R4S$A;sYh5QcB??24HAui8ngv!rm1c-mhVsv4CC+5B|h{cn0w_v&}Vd^ z)kJ0U{o6Nhg~?-DpD-}L3WEJ+Tb_kEv9N4`nxf@(7903Ibc!d z6E8))VxXzqmxxk<)J*7|v(oU>Zr|SCsY+~;uk$%7qsqg}yJreJoMDUg8?E`CD~Opr zTqV>E=I0U)VOh!Z6Wl5-STzkK_~~!t2xkrZ z*2gU7*^i+ZD2VTkj4-W=WQP6TzNXq;WtjWzZMnTjD$zc@00{rfo1KFrFblzwZ+!B| zm4=G7y+Nrd)%DLEce`g3-L<)6bzNP~1D;6>vCUpZ9~0_4FYU9ngm&-$Fn*Xq&D(reQjje#H}^UiunjY`j##S+*G)f>UAgV^ z_(3BN9=LbKXzN3Svw4Rx;VLUhaZT13+zhzdu6>UQnLFDm4Yg zG!B{_vmsWyi6Ubr!>I56T1($oM>AEfPeCmA*Z%oQ3{p}A(mr|eqhh{f9Dd~TjJhROw zoXBzPa}Q9OukbJ?c>#Mw|JkY;1u?-qz4Iei7Z;UloOEL=j=Ak|I~wUsgqys&VIS@;e{VMRvp+W4c<0L8#~cka?Y z{k0Sh4_?Lq;&Nm;$Y&u*u@e&jUiS|wCjC!DNw}A9;ZtELejgy6mv_`Aujs>}n~jfa zPc~%TIDUO~*w^n^K3&alKSy|Q@~en~SN3Ic*Xz96I=)2gp3uok+EtYF5o+7Zztv0A zbe5;u+@~Hs=q8PEqIN~b4p?U}y!GChmhd{UBheZ1KZxqIAG?F^*-n0`rYu zE2N5%moM)uy9N$;pl?P!1iSBL=p)B410SaVSl9Q)$@^=U zx9x;i_i^=`>IdX(tL1Bdn!30wc-H*3kWYVMb2q$%&%Sn2>n|v%;=;n1)gkE@FJ7#f z@kkv?aQ_2hmua8zAsH^XE zsM2`+NMPA_)pOsW9ZY|8d~J)Yl3$4=~ZN}9OGtZtK zI2lOK26gzySFd1SY@=s}$B(%rYH`T=14W02hN^cey$PI`2Am6R`b~62b`_?h5U|4b zh*SET?Ffu7nh>TRLAFBM6aLbXw4IBG2Y0_EaB}$Gy{nI;w|~eA%cJui0w?|p=zVD_ z1-iBy1%<-q6lVVNU3TIzrje09QFP&!5r{O1 zZT>*fl8+I^IwjUZ% zjmhqL>vBg^L(_c28?=zv{*hHAvYP=DrktXHK%^zlw(3RDm@}L3KV(qCgO!{L| z1i)1;G4KW!xa=Ei@-5HVcGgUHj&hN*gKdZ;t((E$-{3+_`?SIdoNhb5y zE1lOkH$Qu^=;GmRFMmAv_))=5(UE(4F#7)GM2?g;iwjZ1KIa6YI{=C24)s6Oa^Hwk zXdLUGBrFMms>_ z_il2=00q;Ipx$_J`GC_!R4qR3mEcJ2@t8)I#-Pb0bZ_PbkmPghux(dAi3(#3& zn@o<|{U0ZXS+}~ZYbJ}h*f#F6lc1C^1YCQ^_^1d!>6V#LV>!qo%0Z#T(l28W?9p%#WNQK!!A27mR+-$`dqJHre+LIH z2PSWpMD`mT%`%D`^|`sZP`!r(3&E$Jx?iYbvtpGfN9sQT58CyqGU1<2cKka7-bgY9 zPN31xloK(gkV(>bE$W+=B&4K#p&1AH0-j>?_9(T-1}c(F_tgZNG3p03{KA2wtV~Qs zgLuLSH{k3E<90~qF(pJu@K*Sd&h;?#hx3FX6Yecr+ME<1%8QrAA5=%pvu zm}F`9&VT;Q=8{lQ1=#^G8H;PK5#fZG4p^?|RX~dGp~PfOJts+7j^kAVxnf!*`|Dcy zxZQfDsOm<6L6!4hjN&9u?ob%0e8{jMyFlf}nNwcKdALW+NE22~r(tGJkw+?IV`W8k zD6Nq)kE&(@r&q)YNK%JKPdsQTv68JO)07u9wPW&?8Xu;e8m6EYIDyW_x>zj|g#j2Z zip>V8%-_}vx66|2H~ObmaJ!O1H`bIzT-G0o!Th#-3%1ecaGB7Q(TJW@oa8i50h~iD z1VB1Zu10~T)a4yVLj5{iZjxSV=^p*5_5TlYW(uh5M6P;l&<_tHZf&V7ZU@e+!fpO7q&+* z^W_gp4^A=+fpI(Zl&CWIa4o!k%}JpUttdLrRw!UTaz=XcW+^~Si(qjNH3kfYzsw$c z_*(YA&?35HR*xUnx)_L3W}jD1qi~>&U`{q zOW7$xk>eVlvS-<4WwinQ4@3kD_A#gET+0By+Uh|kSzu9#pPLl?6hRCv2^JMF=}RXD zc|HNE1g`^=i7?{8e%i9$bdxZIQ)+BLDU8ivLSo4{uNG-{?wrQmhU0p&q2sNaX|}6B zn-rkYhu%A2s{Z2tzJP$Lz)gWrh=n0XID!C@#Z}pM$ClW51u>Uy$g6(zA{4?AZty%N zSGQ|vwFTc~d}(H1U=wlb<0o+D8bQ;s_sh~sixRbH%9!15M}=ekr&R7@wy;a*Ch`xw ztCN5*1TuY*)NS7o*SCs9nY3roKK)nEfk`c;Uq9g*#g#)u%Htd1lZ7fcF)4{i*TuIp#@RBi-%JAu7=d>LwnyxRoMDl%HfE-F1qRA} zi^3}tb~%ydXm3A`n+F^zWdUDqwW5nmGW@v{u^YAGxEfB^X-s@nD}0tP+J$7csa;h5 zniCUCqK{~OOE>3S1e9JYSk3ok+xPGIn8)L31`!hIq7BC@GAaJGNKK^F2BV;IsC*(AD|}9@E{_yMW(z_50Dk)i z>RhcHoOlsiJfjk(w5CV?(41SFn|C)iG+>4#yln5VyOd}w?)VBs45;BC8$66^8(G3| zR>(?O44E+R9@%n!7D5V2imAof&i!7oT*{iyvun#zEPDIefX|$Z6HRXT&Kr;xb>6 z{7e-)puSCHS`v^G+Uh3ag%I0{$0uc7Z18ktk%45mOSGo)S3>fB1kAC)1pdPlS28QE z?3WcNzB1~&?eaM8bsW#T+J>&Qz=Z`}G= z0pAPmHTW(FaEQcnpFe-j%5EPs;z{?xGz5kqcK#;Rf7cG&>B1X&tYEQ z>^>`hm5oRqSGjAT46-09XN(R$M8$XusU>Z1nutrIql3d^P*HpA?FrUF`cg!^UX3)R z)C3U|?jVl18 zoXiK9x(ZY)hFB#fys~iAx9|Z`(zH&w8;!8(T+v#H6OQgU{qOIczrW-m4?~*-fxMw$ zoI!+E)>aH%V>wzs0Gu(`_wd13yd*)fAlWHSlK$!&9)}3%9t1g9)QlodN(yju7?u{9 zWVprExwHmy-+zDMXxCFzDrTp61#;*vY@qx{iVcJW2Ou#JS5oCT>m*k058Rey2B}4q8=7MMai76eaX@Ne8YQZ>|TX zk0bg;?(Xb7v@)1ME3%UM4I{*{za0nK&J1`J!~UrP{BjXivB#{hK>nKVFT)&XAVMMg zTz1npH43J&Wj3t{!Mq;9tOC}DL?GnheF{Y$Jf5M7@Jr~$36(9h&z1!Wj{;jMGKPsl z!w(R0c@@_YQgp5zawg?<1;3@JqSnJ6eqX9+*-ECcJxn@e~Y1wAfb@ ztA_iUKO*2=+5O+CPc!PGgZe^D5+j?BcG{IUo#II+3|Wa&a3c^JzKc5HjZn=VLw$o% zA1q3yknWRb&-R&H6JIm_7~*nZ!n5;PS&aaG@Y9VNrVgnI{7ohf0q_aHE|n2yY1e4y zy_ES%Q@mA+CIc&FYS5G7qDmYM;20+g2zrU5Wv`tec4JpieA z25YDli6&D)Aqa&tZohZ80`W&`IMJ)_QWF>@j0piD03T%DtPzC6k25s!VGXYe8moB( zY#?GzOGm{x$Ud8VlYC4vGJhv!i#jD6R2i1`Sf&o-IUDbBrqIYU;PbX)m_pQ|)Riwe z5?i07FrsqqK$9z?!x57~BwzPiZ1|W;dYS=mc9%MhyS@qbo}X%xk^-A{wg&f_n4963 zY!8;9D5|f81LYm3*Fd_5C$DZX4al!GZDPsN2_rm@LgSzR`{aQxx8by@dcs-(>?xix> zR$@6j+sus_tDR-Tmnar^%k)vV{{njg^}?lr=NmfklQ_0IVeduy*~vE4$9ufzCDNZ5TcJ0Up;qQ^ zaejj;>GI_k%6pkXWAA+S^np~uzBYDL+$?r<$p41In}DGs;(lyL0I-yc{Y)W3yKQRLnAic{VG}#2m#%oLn59Q?gwdB0s9bZ&cL28$mzh( z-{1{7)wX6B9m?JedH&I7Hxyga?W?)O$ccfO`AwAz$2h+;eIWk4f4^9EhyBObu2%w% z;RCR;LObj|1O+iY9?zQllrwl(VN0{-Je9SD;H=fH@ zwtRbVEAXM}`J9|kjM)mfJO}iKL8npSV6$3Kz+RDT9uYDg)*)7i-r^k!@dGPxL>*{27A3bP! zD6HmkVAIneTMnE>soZKezZ)iR|8Mx(#==7E;ReGb+uaxY4&7j^CEm`9?(+hQ8Yctp zgg8k$TEcV7*qHQT<-uym8qUmW5uGp7R`H`_I zswTLqiP6g?oks(3rMxJDFW@Zxi;`78=qLk2PoGWT_v0TfmTBL!Xu~;Sju0nvvW$|WRqN#|R}6Kuetxl~Zu|l%PSkC8XK6}}g2KLE znrtZP%08BU>bKV1YpCmx?~sn(7(TT}lfJc5ebiJ^vZ;7P{y@^D91Bvf6!>A%?Or&j zriefDD)ywhtB9+GuW#-66en&!5E6b&@Mhp*QzAeyfk z@TX8t$UR8{)LDj_2l9~KC~G=NX*szixPAg(xf{5a8{#BC#Y^o%7-#|e*z3S{K-;r% zIw$l@peT?~`Ucl{J=tC1j*7uqfHbE3)wn!!?YgX$p{gFq610j785 zxzYl!xCX~F_wi-k#rP1~fty%GtEbmFL*{)Pd3&fJ$IJoQq)OT2ly{5Pn2|zmUU!R= z&OfiUm6c=s$D=M3F%$OcK zJ|v|yKiI+8e^;ojuqm}Jqpg?C)o`9>M&`Hr8zXXMd`Etrb&yZH?mn8myJUnV@}?hJ z*A<+fb8?WJYzCl*W(r`2=WVe$#}O2Ez=hoYnELblhv#Hu+y$(rH>#Ch^CSQf)D!_v zn=2^}#CLeo)P5_pVMBFB>MFmiPwvdpJyr*IZrIh@`$(@o5~;dk`X%~M=9p`*=Acm%%Nvc-G1t(0v|K|mAj|I zSi5E!Ue4Atqp8#p)6cL$!2C`ja>Vv@M(a-x0G$TK`!#X?rT!dc71rpp0MMywBq zlc?vU>RqEFA$y${)TD(1f||#x+mP z$ib4%-rmSzz`;`Ti{PZMgRcu}&a5Ht(Dsc>`ilN!l0~Jxf;i*I!t+1L_GZfwsaf`Q z7iJlEZ>@0oZN&0G*>Q5mhS4t0V}DHL7+y==G!H0XlH1)ccENSH&AfJiuCCrYri(E0YqDunfvxmz|4c0}6WeZuS>H?Ie5{`XY4>?4l^a_SEDQY(TigS(%vs=a1X-I8k6#`FFPktibpL+h@t+_8 z=VkG!C5459(jr`&{zmEWcr&?Z18(4o1_b_T6-}8zM<+B#SX5gdbhPP_*AWl#9oSn! zwNRJU*phIugeCGx$sy;bvCIp}uAJBRwpUwxZH!ph5t1`rsys!{W5i;|I7W0 zy1e)387490U;C%lplyBnGeKcON%Hy!1eOh5zXG8PgM9n#;-ZU98qcQdcxLyuL=zJy zhGWm+h-hMLJQq7s;cci7NJmCe(!`lJ6|4UQ)B_(k9N0k?P{{M*Q?1`qaCUT3w{BTn z+&SiGQl%-2h>vr~*=!Bh0JG=EWp*6RM|yMMYReSZcJXNW5J|~~mZ$GoQmFh;j3V-7 zcM7&MNMo|A+?}sy0YopD;FgAl2Fe>Qh}{5QpE;27pO&Cvo*B4_txSvtZKw><;)^l? z_!dum0hqBj2+TW>e_*$A=e$z&LQZ6uRy3a4)av>iN*n<15ZTyQ+B1|5^v&1M@tDaT z)LS^gT~=&RZ&!Y^dq|tUC~+-kA2#o%(OlZ&cjc><+Q@Axvtatk1FfY405`t_rH|k1 zd2u)J`T1@)KtJJEfi7&rv}b3h9==@(BP;jM=ot%{ccO=)nXqhm71iO z;=ZRhq3SPwY7F3R&_29R`(!c!g)>?ip#TJ|cq-lRRrIZnSVgLMpk6N80X>BNK)mW^PBH&~7~>j2$M4ePmWv zo+q{XsQL_Z{{Z22zWX%%<8%n%JJ@%eDs-QhJvvEK`dTBl8WNDStpN#;;S;x8gurowHDS@eKQm(bCXR9tS)>c>LaSA_U-Q`o(I&7 zY^>w(GIDPC#mAhC>+Rki3L#aPsm4@++ zDe!hQ<r$QOP%u6VudkcN zV#i#vl1R4YqI-A}94v+_0$N?`dXqHa?+Qy{;nQh3u`;;FqUl+oa`(Ac6UpTpz@v#t z>cD$V+hfk2Hk7#0F3;yP8g1y^653FbC2c%OJ8Qg}I5_n9Oo$@YJwZ;+>-gBqmnE(; z@V4Ctz)f>%WaxG92pgI8qD{&~+!SwoTIMkarr0mtipfkjUA2v90^$#R%-ec1MggZ) zxsmr>El&y8GAj?(Vzb7wg>f0TYB2)a0VJpOpMXj|U8zA?YbL!6^Q~i-ID3*1C-0yi zpEPZzT90m-vlMkHVW`*p#<;9{mZz6}iB#L^Eqg}s=z@c2X;#Oy=-XU8I>xG;8oKV3 z*2B*V{^M)GnhnlD;TN~T@VmRa8&Y}}=alk(WP*Pr8A@KQso{zBC48{@dV7Z_i$ss5 z8jl0iN28kMw3WaL$=v4LPKwDB;L0F^O zK*Re>Qx}ozi-9iaKSMETh~e$d0a=Z#2*Hs?4hw>jc8o%ttyN8DAaxZjW&yEjlCX5( zVl?4zWxAs+@C1LoVWpwEc+SEp&>R0Zl{L_;P`^8z&M%F#KfsV53iI?GCuqtToA(nS#L^>W&w+ z`e=k8#3Z!I(a{7~tg~Ixc$cPgkZF3O>v5STbJ3<@6!Y8Y~-NfK-E=TreV+Jcz^uf zflYAM!VD)k0t}6dxmitYrec^Q#pJ6EInWjqrao-UZrbc13%Y9_hrC5|DXz+wVPRdcJng=cJqF3C8p73qvHIE znHZxAIJ+G|oJ8%WZ~qtn3-sQmG=krevXsI5;eUQ{$tR%OTH^YB?V@5;&1LbONkhZK zY4FCuvL5RsWiugz_3e_`J5FqrzbfOWeg{QvvcSF}Y4=)(6*$EvP*2&CYm`dw15B!P zEc8^@h2N{p~?S0pr%oCyMFlZq5r;!04ceppOv9KhW z8+JUxChoLNz5bXDfMM-F#@d364CX}GXz*K*pOu%>kw^yg!~kY0VHD@}pQV9gI4IPmzz(!2l2iN8f_2J9S8 zP0}2@r`e})Tx3r~Qrrrt#Zz$4rig)&UC`u*hS8N!&m?Sr<2V9&f2k#94KLd$(!L6I?rgV=w zZ{c-=7HEeOtF@v>!ZkG9R#zwXLrR5`5a)?Fgrb#Av6F*?=H?U$8Q0LV$hcc6a)~Il zRAC0=zWTKj>Ay-D<9No*1Skc$k(BQd~ z#T&ki)mkCW&w(l*vDEdS`ND+ZynKsFM1#g#6d7`y|J>KI0DZ&O!jSa<9j@4GNv7BVLKA?-7G*v7w8o#% z0gXWG>zHJ5)ivUFD2f5pfW!b8&MS1lABlW%;0`NY0$rWqi3%_9Is8f7s(1W9(TE%X zg#wiawnN%=U^VhO{3Uig-t{>5)wfw9yXMo{iz_HFXA(_oN^&w{#2j7_o!vSy7R+wn z4Rv6d#yTlUMIcjQq_@DZdc|lT+>&pA8zj(xde}B!TV5BfcIuuP=l67G~V`Fwc87UU*g-g9fO6XtpwV> z*q8?+BSz2XIvlBZ8W~SQD|KpNI3KcBqSv?}Vlh}g>%m7Ky=mj#1`ukzC&to94akG1 z9};?=coD**ZXKHlToJ%P6(+odgqfSCb>*FT*^ZU;EZ7Ik-Ncc1Cfc!6**U!OxDyDi z{?t$+DC_D*Be71~;bp<&gUS$uNs z!uEMus9cYM-e7%7j4DBvPT5)Y#6fH_zBw9i2{p(?{gVQQq+hYk3GqzpY8$FFWp#F* zAU4ox{4c6?M&>r`SfFOLYM8=mOrBP<4nw&dPI!tm^pGS&$2kl#Bo`9eec=2}I$r%} z5O0l~4crM{2s$9sQ<(wYD8};r>_x&v!9N?DR6hdl ziH0fgKg56V6laBZT-tql$Fw&BKLU4Oc7~vKb8rK5nZOawv&{5hwd*rW$Yz6S>%f7Y*sQ)N(+DPY63B+3O zYxJP*Cw1x<$JlO$Fa(k{%@tjwEMQRFr&2kh#E`O^seaKP);P0;BqluF4ameJ7eiAt z{HHL^GRUa`0CdwWzwTJ-!Johlb{;&6N)KI$(0}_pp+x$HM|Ch47YLvPS=9U|6n_Ul zBmQ!KC)*`Sc|AHXlhW4n!clG#uGEPlhT&K3JB>(@tV1*|keT;X=W}F8@fffMw(6*< zwVTeI3zNb&XZ1ehub|% zkaby$QDQmNCCz6cv5LnGV#g#8jSHSd)>0EN?+*nH5C3$wEqcypuHYZGEk1W81!uBPurGpGt<%Cj}EV7GMBcQ{!H=B4oKQa{=iEhVGqx#p0s74`W zejE>?GTF4TSK3?E#lyn`H7Zk7gaIx@I@Q+{UDl^Cy?ioY zGoR9O1Y2YF|~5 zwm4}v(1s2QF(h$ql~l==LvyDp1+f}ZScGe0Ots_0R&P$iF%R&Dy*-Bm6Kh?V(2g-3 zOuu4J7Y|QjX&}pvw-r+6YFrE@QZ_tS6-eylNv=%OuRWWDTj0$Hd;nJ#Du3)SFq`Ks zXUOMh=~B!X4VwSk*gfN8na{CbvcijCYvml6{{8e3t=f>y+DhT6O7Y*lGN-)Gd%^PR z-iSu+Rqg2S3YX7O9B5_EJxkI1Y<8xDQ@(DNrT6D=`8r)zZ>CQ)iQ#^6UM@z)%4In# zm@_$zi4>U?>@^+lPv!I+ZTy9;q1mCpNsAJy6AXqXns^Ud$=^Km!XuwBr>7E>2e|>y( zw{Gjba;uPlC;iMHD)(Jc-_-K*Pwmr4*Yg)2sviHa9Q4}p!I*H&N?hZ61&?%4#rg1i zjH{_Ei9Mb4x(*y%KHn$mAEzPjL16`<#jU}cwae1mw-ahxEF=o^U?Z_o@vb1>V&nTV zAYH-?4Ur1|eU@U`E9W13D91qLfLSMEO2EEaq4SX7zXsq&$ZPZ@63TNer?mNQ432CT z5LmkZsI5v!s~RIG039wuO90h&8|&E`)wWRj^wIZiy94aJvJJg*?Hxa4-=b}7&Py$G z9&{BgwHoxl;P$FiMOAXs6%Q~`$Ww%q^1l_{N>-m!kock}+bR>SEP(W%jsb|D-@bgA z|6~gFC8|8wQX%;q!_GT3J?sFDKpBa7xI$iu*wy4;scC5lX!;hR^D&LCS-WxWRsqE` zLk+B7wfZ1tfZD8^=pd~a-0udohm?%3Mlkw>GLw7zI zI56K+1-l9lm+4YUV_0Jvd7SXnV( zaYb@>&5xNwmp6v!@9t+1X1I%y zE~F%_q*UK~``}ONlqd*FD*hO)7 zty@3C^$}-M*yHaD;GmG^f>j`2YeC2nXR&(G_f4rk%}VO^=%Fm{UMnM~-Y z*MX+~bPmSU2nt;mVf{}0_v-Kf7%C?SO*R}jK(6UA2vn|?$c}6OUNy|Jn1yNPDw=M47gO636H*hnbJ0ww4dr;B;O;djtZ&p*@jy-sXaHsm zJ5^S`zlW(AVeGu)U}jd;2DD1H(S(X0lTeU`da@jvtfAYSM*9KAuX>u^M?yoJvwn$+ za5@h$E>0&UD;HU{EwY+b+V8A`s$2ZDgJ6}WnloY5xU<9H1^Xw%V1-7iF@6H-g#|s7 zDV{8NU4)_F&PXbMfyW5E(yMz+urSY9>3qegcu9W)8q%+_!c#u8eZ! z_(G@y9zgV~19F zSHb^5VPDydlS-G!0-XM)i76?%D|U28I5(UkXBDRN(2FbWyODAF`rc{>Oj@w;DO0hC zs1?qs3rFw(>cWuRJE&D(QSLERdn)tkug}rGA`8q_$IHvKqI_qF=t_4`O)LTQ_S-O|g5UZ7qOV#x!uvm!nt81GbTvd{SHg!abx zygwWlPyha;dE0#}>1nGa5|XF>*cM{)^-n@ND6G<5ClH^|GJpi@S{dZ-U-e_L{DCCy zXgIkFsErUV;ubH2oLFHxbn2h&mg%rr@xeAQwRRv*%LWoqblZ(OSfXqR4C{HvF)swg z_#NB~P-q{ZsRtJ#s`d?^zpO%*Ng<$?z_{n=IS=&gnL)iGx`LK)3(!E^6Nqx-o6}q~ z-cr)SjExiBl-})G6%lrCg{s99Mf8KyGwBzcn`-EElZ-DqTZ|ALw)fVx`Vtzb7A?jv(9nehT+llv&D%hcjg8AP!{Kp)} z=i+MUoaoxy+uDd61Z1)^;)_>suyQW}sROjAhxQo5s?H{di0Sf^OVwAi_GLOMPH$em zmBc=9#r1*Ng{{xkBz;t*nD%m{MM?z!Gba!1DH*4|dCuG3_06J%X0`lbUZr~tuAZ6_ z4)aN^ z!L`K+KbQwMifnYGCxx_O)TGSS<98RRE{y0pe-vM*QXm`%fb%DOcY%A!LX2VJ^PS=I z5rRjSf+Iuhfj>SN9`2R zEly|}K`B1@(-U^JFE2uPk<3c?gTv_~W|&k=p?Ze*M3V{LGVH34P*5c&lVIMT8p0?? za6?Ou{DcjW&_$YfY@i|nl_30YNWgfbtb|=kAj|@4nFTbO%p_Y@Y73$aXZA~Q6L@T@ z5(JEe$4ss)H3oatz4iY3X=J{kT%U|F#`WEPm=c-d?q(`En3O&J+EI0rcP&0kwn&c? zmOJp#8@sqvH^^6h?PQb>l>M3qbkjHGKBa5myu|x#*g|Gh^#Tem*Ndw?XJIqDWSDw% zJ3;eHvA!Byvg$ew&NlNKScgV4ErGN=p7RM}%?yS|cBQ``${?xjG@}@n`UXuM+4{K- ztdbhfAkPF{{iSt^N;uIUP-l0o%MzqLsW~J-zIF4&`S7JlhkyzBxZnqDJ*Ea>+)wxL z91WZXNZmPHDReG7vo%PouUuXTtreV5VAYnpEUE1UKL#36?xTXIFuWX=DP4Mbc#+#0 zGJ|;pjS%BNOCgK}L_Y_{Wd5+4z8!-XOqA^;;@|DL`JRz6lP9xvFi7RScU`ID zgZW+cwu=v6D^BhHN#xIxt8#}Dytx(BGWWDv$0xqgE6}%sJG~-0Kg%7Rt;s>e_h{qu zzZ>IyQ6ryKIe4DCb9tPbXd?tu9Z-~-JJO=(>VxJTr9EVm-X+yi7rSE_Y9q|{5LJu| z0L_psJ9SheXFM!L;0$w^DxClih`BnQ25r@OKK6cy^8}ULDh%_Hm5f7yQSJuJ%nrff zLGfCFgxTN}Hs64wN|XQpPjJP~WGegrgps)p5P~BJ^RdE$;&QH*s3+Q-IF4U4o!rW1 z0?BY@i8#i|5jX8QLxDmKI&Th z=Z&)t=ZFH6tp)bCH1sm{}3h*^q z4G{SJh7K2wK?d-N!7&5J(>KWQnY3#{mh}1Q_Xr6gGz6bRR7Lf7$4ikQ7n7G;dtiwG zyA;;aDb&hP&{At11)Dx&L>GEJ@_Lt`{Oe+im|aC~mXO^z$`%CfmYTg(RYM_L#`5@1 zZyA~{?y>ao;_ZLGe7{$bR4m)E-wcnOS-eZ@oqc^UWssK~6{naEMTL!HRD+DWQAzjGZ||kZ=6kx0p5m zkW)gKxx;)EIV_Jkuwa#R?ae*RP5<3vR2Pfda!)0+qy;FJ{f(FoZi$cX@sw^cA#r|z^JKMXO#RS9p?S<||loQ`>0cCIbo zZ>xZ9`o|qk{5qK&0+HyQv#?U8&`g76^+=XFyA}EFKFe2APVA?vrR`Ivd6Mr|3HR79 z?9>i|m59$eZRv_1OWhx^UeDo79+N268_Gk3xngKVGs``3FNGuQP*y;$o&<&2$fw87 z8ug$SE<31;j(-1k8}NvzN5#4w3<<$g&}PA^4HDakhJ^)hc=NBMOd%z0iWBYMZxT7_ zn&iLP8ADhu8oo*(c-ElnxV80j?s#I0Un!OMq=p2A^cG{VBo-&pH|9HO<0i!>wD0nr zXl0Y;U);RnVf|`Eomk{4EZfwvnS0+P{o30X1p_Bhi5z-;(gn>!v3xo)oo3?>O#)U_F1K9YjXR_mHo@xQcBg#@ zD}${;(<=-~jg7|0_V0z5=LW5E8^5HRN|^)eLoNEu(#Dv4Vt4XhXipFsEw)Dm+%z0C zM6}}lD&HBG()$*n$J&xD&TD+S)}}Db!!_;jUfoxp-1SxB04M?M<04$^S#kk#fZk9< zSk85|M52duH0g9)mu&O;CG7{-Fsia7#K=@8O3vvXA(WU%F)k+`p6EWz+PL_Mol}GB zMKhzeR8-eB7P{4jZlbG``S+;gQTfyVCcSQi<7$}vKOH5jem9HKa+&2aNyNyFk6KE$ zu;QvDyN!V=os`&3k!QpfLF%dXEapi`g=Ts9c1{W9G)|Tg?(a?EQ3?Y;EVK~RV00d1 z=lMr2%ik{F;dds#FMH_!yz(-$d(kLNh4I8xoW|f4OYl?jB~$npQGciQu-8)D`X${~ z#?q?ucxAsYf#`3yyfWMme;kw}Ug!l~ecUd*+39Oyic(i0A2SVB8nT zJ&+ULJEW#tB2cTRa44Wu$+vK5`{7s(Wgz3xe~CQe)7Uv@KUNeD%1J!2&Md#@@VEbN z{8pN?^M36pXLPSTJmw>1oznA0>kYneQg!rooavC5{?u+}BQ{B+s#F>lqie7Q|2aE@ zWUunm?i39dkd<9uUBQ+MlutyZ20(1Dy0-X8mR)uhjgdW5zE5Hmg>)*7C~t< z=DZnOIbT{>dLMi!Tc$c#F3(xqeDjni!#OH_CNK?0a&J7KiAPex^sSb>rP+VW*`N1T zuBu8-CX^9X37d^EN`=YVUe|>+xNiRT@v1MGdogBC^Ga|$gN?L?SYCI&xOhL`HAlT# z;=Fi3G+9+yP^`^C`Q0 z9|}x=z(5xorP_SQXY#;-Z9s97UM?fSb~@APJB@bSULM{_DyCnr#qeaUBmPdR%fz0@ z^Vmo}TgN#GPSQ^YSzaL@&%fs$xE5ZV;2u{W_l4m&-j|G$QBbx!h|M+ax?L!}tm9NJ zFc9(Icl$FJHIe(tS-q8WIiLSD61MqwL_O$X(o!mWfxChCZk2{vce2$jn`h(@#xSDZ z2gyndZysW%+%qu{ZiU4RXx=fUr?EpjT|w6f)={`gk3HIS8!jDr({o3FWM>E_@GMKl zf5Ng+W`i6acwKc3BdiRS5sNCbV!!o$xedw!l6o|S8c{Zig&J1=Rfu?vhP7RGjI2f5 ztC0LqJF{b>SyU!9Qq32bqk%L}vI?%F=kof5+uC z1L9pX6!RjIn^_-SZ1&o(G*Fww%9c4vWJTE>FI5;%bKH`8Qxp1GtSs;aQc5hnvjq0U zY+KU1-g4sWuFR>&3tewvo}oO)7)#bv{+tsz!$u|bI*|h%3_%W8IOtuQF!hF=rqYuq z)mQHxvapVu!*&SDd6)5AX|F^M*lsAU8BEjXIW4PT{}=8R;?b!#_4a1~@%78KdTZ3p z2Xsq+uLVb&eE1{@7g0N3D^gMUru7}^-)Wn{KL1rk?X%PKc(*=CpuZ-=OQAaK&>BxQ z@4u7$!KZXLSvlMp&d>j4cx*&R)t&t~Jh;D5WKJM%S!#StV7S)4y*vNzg}vZAUW;25 z_~IOGX6~9%&;FZi_YxLb?F-h?nwBZ;GXNdKq=QI1rKh0U*Kzjgtxk2n zrbwQPPO!DBV`=K`{eS6}K7X}m9|!HtGFcn_RBR1=tJNwe=J<9u>AsG8di+~+=YLca z*Y%2N8N-2Nt**h2I>vv~10Mx(WOBTZo7p;OH{-avB|qg|WFpp>WHBUl&^8`G%lq-3 z<=@q_s~(O!tT7TyREaW7)Qj>0ElERl_)-7!U&MiOQgO|0n%+Ilcv|aA3_(_03h8z_ z!<`CCe_~-*+2$NxCyCNB^t*vjzx>18SWse@qJ-Or7>&6%S&mo zs_w$$eqXftcS}-D91Cxo|0GY?ZBd^c9xR!19xNK%z{x=nWG_7{neW1sxpE_LrpI}+)7x2@wPgD-BIIUYA zdg04-L!+bDzyyMC3_QRZ=MCRDhLI5;FkJi=6aiKXD_dI-T~+9?ExSK>0m1_kd8jlF zjYSaspJdVENg3ZO+xKrOu}~xQDjUYP6urZf?=7l?&cE2J|M?<=biMS)m1cM{@6P=4 z4kC{?n#h>^TNMd*<85X&7MH&Zv^2{7uiRge7H#p~AwH`uGMzMY3^# zvi+^e5kP);5~DD#N?3))=E@;O$}taDkC%S7j9V~a<}u~)+B|_&4teY27ZTl4Nq5ch z(b)>EOB*$v%fb+rBAjW4b*61r+BZ#T2bbYWv_&Foyw)#w_so$$+|u;A84bnLcPmsD z;scqd?s*{rKUh(x8Y0?YN}xT5(NEhv67b@W#8TIv3r#G<0rndUO-_8}OILD1#k~g| zjJ&mjh9d>qseE!!8HK5gLZXN@?>s=@AY})75VkPHI!sGLxNbq4p2=-~J9!j5`{f4# zi-MU3mWgj^O(Nah?pB)C-{aU6{PC0{TDi_@i!W}+mhdm%-=C_;iy%pNV$PWY?V9QfnM^AAQzo{N3|VD|B{wt7d3 zChAaUz$Qkup>nSJV!QOlA!PGhH>q>vPmR?0$@79kPv63f^-~A_m}+L3107dIT1}*% z>nJfJ<8IL;oOdwp`{wi>2IASf#Gfglg$NRbiK+%SEX~2#pz=9-Y_6wOq3nwc-(IMV z0kbgJF0mhc5m0X0au0ADb_lmHJM!vvJrzuNhp|MfG<24Ik5h0U#tB#G^L{$z*7JYU zIT5a{$NSb;oOt-jr_NR7``0V?j8}{EKL~2RFYOoSTlXHQ%|G|tJ#x<2w|#9CIyw~j z#6)1zPIx*5clWRA?%#=%f<~13`Z*f?pK7F6zyf|f2ga3wD>w#d(+MSMQ`S^R9zfJO@UH_k>q?)+C8xg=6Ba{gM7FNvsldwZzAvB>K9J#d(Zs7k;NV5?%gM z{5MzPtVMzM?m807GaK(6e|D=lk0^Spv+HdPH`2}Q_b$}yJONk#U@q2=G*<3>^H=+N zqv6IjPp=PY1Ff=pt;W!fBnH61sZAAYBgpgh?|}E4A=3Xnct%D6fj=O|gO`Lior9Sf z){+vKS1>{Qb;0rzWP}oR4M0_j%!F|Yhw=N$g%M?EVz-CI8I>08;WO#>oXjQz&shJ_ zYPWQLK@4@d#w};92C&u%KZpx1WZBv~%;8ENk$6oB(U*AG=9;zlnN6JX&mV8?s$B>r z{_{sAP_h2U_&tsCNb-XH*SmrbPNP9zne1`)64f$}n>i3`yU{OtOw^xhrRr*MS|r4= z_o|=%Q>w%{YiDp_s3Fj}MKBGR2sT!5Bt#e>F)vWc!Tb#w=Y*E?$V&ypL|8sHV>y9c zc=@35y?dcG`l&K;MNve#Qg7xC!zY9>Toq)hYMrU#GS6E#zmMFVI7*F}d7!#OGY!RPilkO_7OpqVsEUA-c4z zr>cq;ZaTL?X0iOOr;Y2Me;UgzS9_k>3@Klm zl8J3!bXPp(d*`-0DW}&Tcj~#;6D>~q*}hKdgV=o`+F33iwmbj#58Qxx1PE;5(9gMVwo357snjq8u3gF1xky~i zzin~fmyX}f(letIhkJ^8%Qeq!(Af&YE({(D7V*-~L zQ5V?AV$V!?d$D~#e6wxseZm?0I><-I6_&Z0$bHjYA=+kxN0n5x<>By%9vP&<7DOBY znM>L}Ce8p#1X76r#VA0QkY?ig+ku4HPJ;vfhyAZ}QO>EcBPs1j!XN7lhaPzn4v8`% zX7Q5+%O4!SC}_d@_3KNX)E&By&|DoTot^c47^6P;uqqM<%>a7AQy)65d!}Whc?HCChDC|ZOo=b?L zMFbtEYdA|K)N;S4@wUTz%9~%j^h_ofUu-J*o#tVVZ+rc~Ajaq%D0 zR#uKWHA(Z_8?BtN`${=)_AIJoH#lR;oH8~S)jR?oB^8-B`3VZ7DGzTh7a+7qZi`@CC~duQJM$dwQ?POd|i}+r?&XYZ1302PW;ETa__Sz{?*E+ z6Aobxjp}B$G2jx%yNAs&EY3N3Z%z{bry!Nk;zJXH z-ExvK=xSTuRPJqlA}J3KI8K);b;~W&3jcIrlJ0gc^bTwKPV{=QpomAPf9H12V5o+A zVWXXux9*vZN>hkGL!nSiB5###!DyL?UTdt@AnO#XU8HP6-{v>|-8k}7Q{J4<_ED;~ z?p}gPx>oPq3tU9`Tf8whPWR4+k zGXXqUW1wqthDAt6^)`R4BzvBI+;~=wNJjX_p>I|bK`W!mv-KHo_rJxeZ-L7#mmw2Y zHk25uA|mt%s7Mpoi^Cot^xAxS@mqdWo;7D~rO2%|b}Zf6nRWhg@hjbdmN=OQVZ}Ym zE+_ML+IpWf9@QzPk{a$^;5d~yk#K~bOWnY&{O&3RU$^mBK9*tyU!7iRrsbAh^3N+y z>{EZqEC;OQ8T`bF-b~GAOtv%!b7#RUF|KIzAiWu@@D!`xw)M3JP4y-m-ChcAW2HT3 zc!Gee*n~gm|6ZS$4$3373VlXLp71y2eET``U4PV{>)zQ@UQ_kP9ks=8vg3%Ktxm&! zlM50=I_&yI_uM!1qNklU9Sm=A?x?&wDBq&N&wIpd%M&BC`CK9o|D-tdBO}S_Yc^J5 zW*c|>l=HLdI)O8Ggg^!R{b^ZTwNL`PVj6Gz*0qPOGnFjjapFP40UNv}W?vLC)$n-; z`8i#56lZeZpCqi91Ta8HW4*i`C>8m(s&b~Ma5MdR(QZMaXWF{J_Ik_bW48?K=GM;* zZW(-a8Q5+Y30N79gMZH-TfUjG;N}|_$_fLMJQRX#sQShA>YkU}?`*7Fuzv6!8MG%* zs&rM{_4z##AV@!x-!%4|Jxw!Iv^-;G?U9Dhw%zm1n1!%m@x5Q1s7bx=kF##})Q+do zc4xl6iWSTAmy?P4<`EZvbIC!E5Hs!RZY#gt-qIYqTKSyG*oBF2oc&|vErddHMT51y z!H+@=i$*PR(zmLD<-+kA{Y_?F_ITlHwwRa8u^7!&T* zlv0-7UAvj0yH&pM-`(f<=_agob53O!Tf4!_5?!riEO)3GmTAmmmFv1HWO}Clq={X=eZ&!;iIX-< zL(S%v$z4{F=&|COqCqYCh5XplByOdSz4+^_n!@E`6F;K^6$kDS;%QOedzIGnpI^$q zye8$nQCQ(8+I?zYNt6j+Nql`_MyqQ#8rVh09Md^rdeLtv z>wq`Q6G~7Z-*{a~$Ef;)*-cv;F0>^bi&vYky2O?hcp4jq)Os%hlX_pQCjS0GdT=}u zpx1lLc5VNO_=K`yf6dz!V^1;b`?D72P9l#~15$ZdXT!A5Jku_G2BuY53$gy$Rs9(5 z#I;?UjAZ05ivL>87G=a3>@za?mhY(bq2n;aqHTT)G|rvU9XWdEEdaj=L*f8=dFw%j zJ0@{iX~HE59u!#i7(qlZ0>Q*keiHA-8J1tR$r$V(r{3&v!bptq`{(1AWH5TVjn9%N zZyv1WEszr5sl=GC9M?93zoCO2U~N_Tb4>PctQf*8euZ1T|Bm0+c!4>B=#o_Czyl^B z8EZ5D-i=$;2H}#uuV5**a#Nx9<-bE5AAGbIvQ-3Uc6s;4pH{`Y(~NS73Oj8B;?REg z@nehkbX;E}#V>u`0@>VInRQi6L+cnfV%jMcqNig6uo(z>W#2D$FaR9|lP%QY0+a(c zpl}A6(ONSo@!{8OFyH{^(nmmRg9uB*M`CdZ2TohX_1!1N{j`Z#sm zL{W8@`zN2N?xzD28kBNLovE=l0m3?j9O-dHj;$%_>er?VuVlG#p+P^=a$k_Qs9PXvc+A9Ck*KY;DAd0nB2`+aa|bfphf`ry z3tVFxSLTp@9v2SH zo#{uPI&hzUTvS$3k%4&~_%<;0Kn@LiJwO=}k&$ih?^o$n?9WFMLD|dfkuew=Y}I{gN-dwq=rKnvxZGr0aWZDQb#;6!EeZrY`7?{)ss>>nEyH zQgDmt3U%yRaKag0{@34rY*LsK+I4cKg?7Q_jx$p+_<^H}{45m8K~x|khS;pY`W7T5 zc1`YaYaqS)1MUx4+8$wntps$Rm!Na<15F@gF4;|&PlI^sycD#74+uV>rH^EZ5HDB* zf&dd4X#8#!KAoN&5bo9@1DL@L3~G#{qO_-epccq;0zva2^Cc*f;&Cuu20$C6_6n7F z2-SzvXY-RY$*4@xNrA%FvaDyl*Sy~7#IQm^I%Vtaezv?{IB%Qa4L@KT>VJJ17Tbs-awe2dyWQjxCf=PLg=2j7A;D&7{+4)z+qnre|&t4XyE z+wT}%3GrYJEa~*BL-K2IpaY>B91D6%NC_N_LnQx9X~U!05;Z#U3xs7rLw!ARTRLYM z2Q&hymRuuXBu#z$b{PaVF_2)qNoGsAE3?5Vs=D+73VW%&6a*!@>)j(xd%Uoj4a43lhB}Lz{G1TiUCLz7 zOQ%w84T=~rvvIMd@HmNmm-d)7Z80H$swHtii5^kLXi*wZl_b#Jfve1Fb1)~zmABV! zm=!=MgB|>RWI$lsk;5x+qp6+b34&{`O`!lusUSxpZta;t7tYL#v4D<&Q?b3f3r}PT zJdYg|UA2J2UDXE@w;=&$%B!JVBb1XNc=#agY6ee#aZynot_DPZfSMVcb=Yf=(S?DJ z#0tGb=Jj2}Q3)4asMOOYNUwsxM3iaVIt@Ccrx)~aFjOU@r2GbQHJB#?Pm+g??QSp# z#V$eX>C;^grzw~zIgA>Az?;9Ws|u;^N1Zi+l8oKy<>5r%#?4-(l(1%oh0J#Dd(7Rh zRE{LiypG$v6Hxm_i<^bcuAe53*G0Hob-+wzqti94n$1DV_#*66b<@WKQaqdo^+yd& z3r&RXsjlL;PFqB!R-7aYo_T1HMfmCM)p4NAvu&>5IP1zjVmD2G^G>loKsRQ&r^ou< z(c{X`%_el0zq-tAwNwg|BdaP|zS(VV%@NO!oId1EAu(~mBpV<*;L|$GM#B@}o2{HM z-0@)#5zC(Xe!Dv(F)^eMP(j=92}hw*Dcq8w7Y*Q9dzPK3#K4`*T~ONvZq64T9&OD8 zgqWm?jGCP2KsAM2^II0TkI>!!!AKJ(&zX*u6#&HSw%&znOmE1Y&?hBr zpudDusN`|_5s(YwK$}W`hb=-~`zn4llTSRhp=j zZODrt*e$=_Gbof+$xbl+z!)^F96Hf;F>i63j5#S%ls_@<*Y@n9TIu3-6o zp?9p^aP{WgXTW4SF^t2~h}u*00>K}d2sld^!FTX}IvQfP+XghNOb>||Y1eO(S1V|B zN|yW-aR8skoyfTaJ>Ua+`V+r)asAuD9l;Jnz|M2>9B<}3VW4#!j)L+4f2hJT65GRa&9w}u8S{E8fn7zf1!k1t-L8H zR1eR>3Bc)zj#yl$x7;)3K5{JI{%c_;xFaAzn~lLJUqLU8fH<3c-2(2@wWbt-ZS-9Eom|n$0&n6rh>&n z5+W-KPVzf03OD`_W8T(l@^7zI+0<#Olk;0#rQ^`g4B@K0SHxodg(8yQ%xl!p+qL-3 zQ&w>Kz&$+VQ?~uc%rd#74j#x<73Jke-$~N!i`d~U!w(XL@@|hhOjy()JQ7^&pip}C zV;-OqCMHz;xbG6BN(ZHS;5a}gdY9gpA=rxw^XDYSj;94tMjp!!Y!bj1-n0+n_bo`! z0O#>0@yZx5vNS)#ci{^s0GtdEe@kBrs%wWP3NLb^h%xZdi?lg=O45+v9{v= z4P9Qpys3Ddq5o;vcY8L=`k%uL^^}W5-sM@c%aZ1jdK*8@zx2x??|F})QTh4{$K%td z-1)R#j^&t#^+ASpb5o~DI6w2t_d}yu!*uRYUvKeM>%ZztOm=klPWez)gidCt617xl zfzBz&{a&YCq~EIjEJrrkHPF@1D2;veabo{7-9Ci@%ZIAO&y{!+?b=`M9?KjMaGjXS zTKU9hPT$Dn_1v&o-l}zUXRQ)2z_poCqf1EXMhgUzFEVE$kx|vc(sKW9m~13F-PL=5 z*%oF4>o6!Nh*vL7qb_$rcQ12noDp_7AOoLke*SLIO6GM7Ncce#gRDZpH4gOr`xd|l zc7`hxJf~8~L_iw-N`t&<2c+~Hw4P2&A4r|Ce&oO`>#j(&9PC?>+z=?^Jlx%LpJxa- zzLHV`PUS}^>_G!oTvGB6zAsR_$$WvRf=({T&UOdZCeo(*b25CaurT>7bIi4<+Wn5& zQ<>H-Q4hXQB9ns~@{}Gm`3s-%DDs)gfP?hT2delx`k!Z_&6jkzR2+_#ugi9A8m^_| z!U>Bu>t>0nwq1^U$oT2YARE;+Iu5$%MS!k zJ&Rs>>o?=3SvIWe?IngbxLyTt8W9tx*(VR#J;$#eOT|d+)n!Yauy~ywY&Ee`V6cZF zMebFfY+N20deATQA!ok&(|<;UL29WaoN=FvTgb~ky5A0(OuonCXuWwiL5C~9=+yBK zjlr7DSe^F{iUfg@U7eiD=7vW>;F8XpES5f-2I(@SjRsVruXwzsbo7ONHh@#v4DP=< zJ#dP*ejLC^M3eE=0?Lr*-W=hdU62k!2LS;Vf1pFkWy__8QU+Z-cwwSMod#5QfFhAz zq;-HT3Md`6`M_X)vG+@xjw9DG?*M}>};lhC*YylVP! zt94GUD%bD5hS-c2>*rm0^M38S(?^jLEqXIAM8CexYe4g1w<79f`i=j}Dw$>0N=?XM zq_qCj_10c?oeCe(R2p7sb#~z&qf638tPr$e1G!JJ;%HI5^d3^;rr$pG-ElV1SNE@P z!^1LWDQXP)o`L%j`spi+e>(qm`u~mUU;BmaoEsLH(J( z3f2pAb2-tmo#yN*TSsc6mp(zl)y)nvL1f;ff&4?~y&tZ6MuX`&||3ClpsnB@pbk3F^k~7o2LOT)HB%l#~^}OXSxuDmtnS@c4Zg)Ui{Z zm$j=Kke6Y#cgq>fu&FgTNaC<)&?KZ>bF;e7fNkB>yw&o3En@vHwuK2d$FazQQzMfi zp?~`1reQm(K??Rpn)te8%Nno6UWP0tQ4|TUk*(DTA~RE^E3mK4Nvd65K|!Y8+ zSq#`x?+Li<@G>43A0E2$V+`9XqR9|;aO?U!!;aG`LlPvQ@zb~u9=LK7FP6`r5Oaz` zBHHH9N-Gki0%TuiWak^9s39l)eh`f`?C^eW>AS2QHJh`Mz5{n%5cQ;K)Wc5xD->44 zOcwPqLA|3>oDxW-@>9Ts0Cs!b+IvV%mJmA(&ay zmQ^8l8l)06C$D19`S?Sp!w3C(4T~6MuRme^Yo9mm-4^Oi@pB$tgBIU}IqS&P4HKg7oRnww0&nwiA$%x`T(WRlm+2wap z5FfRBuFUJ6p1g;lUeJXeDR1bz7=iNSnGj7Zf65Q`Sh3Pn-$#Pl-CMhJ`?k1I={Vay z;R9_itxNaWeLuZ(Y?mtYh|USsRek>@@vZaGpJdgdt{6FxKh_lj6(D-|O%hE>@nan7k0Eqp$?`poXW zM4sG;T7<>3jd)eo_NY1oLvO}6bthyZAeVxber#mqODn>VA>t>6JR@*igFzSGdey%_ ziErn{B4yg}_pVy772)sqF(+eNENWEO6fp#nTgz7w_O@ym-3M_cB1~> zROGg-`EiAqwdnPqviq`Hz$fQ>_!MO%q=fyCr;zTjpL@hu@FllOo)I-08)q!%N{13d zvI^I^PU&q@p5|?9R^dP>A_ugT*c_qM;rF4Z~H?Sn1QP6B-uloEYY+QgP1lTAY`oXSx z4oLykTbQhV@fzl|COCJxLDc~4PLZQW{J~N!82_DqqhLm5M^r1Wyx5ivdlF(U{|B|` z`djJkc1Dw$0oj+590iH%9xU|4KT4K4Q?e=93x(rVOpd6_jgC%caB$D+@^0%g74)cN zOd7s*DoFXDSP|9RD537PA9nR3dGv-Y-hit_hfP9dB(UwL^bl_O<|kF9y4b&6biIF$ z7bz!zgRA93L}p^BpQ6KBBA~!-l?u^Axq@KH0Ly@Y`L(80nv@kvlhJ(=5&*9tAf^m# zqHw#@(9mQQ`(Dr&auG%611JlU3Dc948DJBJ7IOd6V<*D@o{Wgu=k=CD?>>`9xS6He z4}3qrzl%>+?z7z8*^xAvT&it(L3}?&#n;U?p^Sz43gR`g3K}*j?mfd_LpRO1>>v8EYiMASu2fWsLT|YHkW7O3tGI>((;~$)FJ~W-6EduT}97h9WF_=$K zo1(?&+%Y%L!jyns)Y$N8NU1h7X7qnRAg+%dHDdB^4?G%h7=a~ zwVk(!?hcOMSNR?Gqw~4MuG(X#;?ADv+aF0I``#rY{0Ca3Ta=9&{^Y3jkXVnmP=8x} z;lM8R%;XkPltIxt)6Dd4c)H6$Xj47?ZXiZSeQb>X@=LN4XTKQEv;RbM5HZtQQH|p< z&k*dH@eZZm8Ed|4*Qd9_*bAmTA3!WKkdTkfy3z~5D*K>G2Kqh+2ghT!6qz3+ABzT= zYmKTNWgh^UCWLlCjjbL-JXjhwbxO_J;+HuVo~&!0z6I}DFC|7^rh;*h$MQd8C> zQp3wmV%mC^^@+02rfr*2o|ly|B@!x9qr?cgadL3PfQ)=wa)BdE0<$pe+zvu!kOlph z>~9}^J(`T*cD>6^w1Glcpuqy@6lnMF@|=L0;^Oks(wLUPk6?~q-3D9$V0^%YZ4OZE zQQvfZdwnpgKnek@4jEZfA zW|CtYPJWUg9k7LzMnrMK*^+saG(zp;w)>nQyklE^B0+2;9b zeu&A6qK0vI@_5vB6#XE*xQ9r^$-+RqTdc#952tFZ0GGmvHY}N(1>N57BR?M&wu}bd zy_r{%=DlxJq{%s)Jj-wNGNf(U^n|>C8wqw7uScd6Y-ov4#v{PCgolqGRQQw?=VTP@ z!O-9PLZzt4#@aAXh3s$5v;Y6UHC+&Q<9eZ7=DKx^owsseD0!I1q#}-Tsi-X9n>}1b zGbKlES%5-lr9-NI<0pARxReX8@|cKmrBub=y!3eZF|XCdQq}D3+jjkMGgMZ2(u1*lmO6#!qhAe=arN-2T8{{2 z9qAr`IMsKxNkNu4&CxYW*yzgm{Iz^#I~WsX#U;*85FpZ57drZiDTX6(w>l%p3OhwtJ<;q~$V z*nU(83wzx`nnd9@^>6w{rwzaKI&j3QF%{ho*r2ZFm0J%pDN2q-xY4{2Tt3spiAGTJ zyC@2^QZMyHGnk|i-^52EVp=~diV3XeoER8TTGIUO8ciOSJd=*9o8O53DE;uqBV2+^ zwbMrLyj=T~lWN~H;>nZwQ?C52&T8qnzr2Lq+yG}>gR`BMESe>UC~5-?^hhue>N8+I z3=a=O`i2HGfP?XgslewA`B@(WF6wJjP3Ix5pd?`GI|DP zW$svjhs6a<=MDvD8Uz=(v7=>K_oi|y#`bM4>ohCd)log_{ZBAn23|AkR=S7i?XnY#Ie;80wT4<=AKvMzRG|$#I8&7|e7D>`~ukx2Uq1v1>@z5GA!J%Zz+c zSEn_@Qcup|slZk=7`Qr)=<7pBP-XFiTj(Xu?$OE7l7K;Ek>&{;YLMXL_Sq`)Mx7JTne!!TKrh` z^OSP_phvs8^TLU0072-SS@uM&|aeq1jZ>_b45d>Y(e%spvqZ~#v)77TNku0b% zBmlV=Fc^@W`aBpDvKhI6VG%;X+T-&#r1X(qC775~3p(A?gS;P*mg9Vleqna~_s<3Y zms>)0#ebS~go}PS`qnzQX{+v{m7bR^<{Ew6NM7z@a!~UgouWq!=RYuQu1wvu8fZJ! z{1bS0J+$rDT%@YCrMpM0;tR^S18a{-)|9Zs6-E=M%E$>i(e%P6;+q||B%|LJ3NAISB|C^CsNjF3cs^|f9m zyITP;qX;-IqMgYhFA;;c;}k4Wiv?mDs6a+Jh8HArbjzQY10|#we9tt2CllBC5mK%k zNE*ygr4h`Ou0 zlh!8;3zG5v$uOt0d~ih{oEGPIc<)bqokbIdqnVSp5m)VcT=c z>IQW36POu4$!hUEX6p8TR%ftWU6F4aMESr1yM21tD9`BLBNl_-bF|9)1QNf%f$#C6 zzP_PV&Z4ef`?>W>34=}O-WKU2p(J8{^h46ar<$4vu<_4J$eZ1zVd*7|Y!HUvFL6{8 zT03Y?fVf2X3RRQh^_>NIh(rMYObB8MhT7m!gCz_Zq~4K|dI3R#?g@h*ycp9C0#>77 zDFjQttc;8Vq@(f=5}>nB!6mu6x(Yc=;9bTa1WFY$FbV^2_!8D~31;A(xN-nGod2)( z*%miTG>cg<(c1vXoyH6De8A->D^FJr@Z!1qMt0mKz%nrW;K@q#5h$6FMlG)902VoY zV}0Xeb`L^ExkhE18zuIiBtBtho`Fu9IYx%K5YJiKQCzvaP7f8Fs* zdg13n(=IG;_P4j0E589B(hmTM0D`7@Pv=0fvjH%eXcZPT-TSof&1xHss=xrnD#VjnpAChqeRC+(>3bAh54H9trD|>vxVEU``w2=y? zB4s)XD^SC+uQ;)*Pv17bWsG8q&F{t=Ev^ z^muvIw($055l_$o359Pfl9 zow~`k9EYb7`kZi)9RWt@RXk`|4u6UC_4fY!<5!vrPyZSgP~g9kDLMyX>GnuEYRVz3 zVP#mv9yd{mzQCaRlIlP0lBMJmtMkO=TN8@ikgiiL_euh}L1d85`A!^d`N_#g;}nx0}ds zzf_a6{aT;+y$%vXo33}A$d4oAFf%~B2>P-&PZM~aC$9g6@`v~H$(xIU9$ghydBKXv z34_vA1+E9r;su<(FpK!@&1JQE#L2$%9PJF_Wjsb z`ZAJMIs=QK2qhyseis=iAjZPn^|LOFR4}SZGcbYuPQ7#5-GeciD+oE`_le{%>$Rz- zLlE7tTz#bwN}xk3H4M;y54&J#r_LSeiq2HsC9b>t80PGtJ*NHW+Ti*SnNoV4Q$vjW zB}*J&T>~ZLI1R{uWvs)TrE$YIgD)X%Ree(()KIWOLIJyM$PtL>%De)3KW~2CS)Qzs(UOhHB6?K|FP8u z=I#ZF)N=?0#dJFz%63RV-X6voj;w~kKIu!TG94rt`SLnTuOfV(OLSjjIbHOx+NuBDz=4FD|5C z6wn1f@-t?`!Dh(5tIy~f}ABo;&hJ6^tGq%Y&wa< z=;@DVU_bH0Z>q?@oab4>IIrFEN0Db^*itdK{vZVO41x$s(}4=6tJDNcKCD2uzn&9ge)- zaWn$10NT5`y`NZ02%qEE*Xezx^|&r}viTsuvrOF+>_??CT?+D;Zm$>b4))UwCS7f;u^qwlVN!AcXYM`u$JzUT6p zzWr88LXo`+Q{K6BPn=xMEQB)kAqKA>p*CUa;yI%?nrVo%wl9cNAqddhkKph=4opE} zWJ^2j>LqLGZfn%lK{(r=UkRcqh%5mPQwZJyJh$7yv{dCH{*${UfFO$Nv{<+DHGWL1 z<9>8>1T@jR;S+$tnX}4)1yWa6$2t(M)Rb(4P=CP0Y613yKu3;N7=R^hf>tDP6bRf= zQ;y;3eFAS7w+SQ(_|JWHM(ze@%Cxt^1E!$_FhL}wqhU-!6i|W&nogJxd=FPUffu~z z0{?k9=N(B;oXajfVHt^d4BOvb*bmLjq5NXrLsnA*xHj+Yu;feo7B}Ulc^{3aldo4` zp2Qbu7?O8BZs1<2RFc+Ki3+5`x@z?1R5jpJm5Kd*Vs4yg!}3fvj8s&x&mrnfea|9+ zs{NV>NQf;Gdaa`3%-wnS%g_#%7H#+xO&d*K*MK)~cqqom%iWaJfI4Q+>Mf zZ1bj6o%yy;E>sXmJ|D7m=*QoNwfYbpr~jRy_KqLf4h`Z*|6E)0%#A{FjT-sOiJwr>G!Q1aY zVMBsoDs7F}=F?Olm8XH0V!gVgqsOo8>ohD43V_e2{h+JnNQ|$S4IjN_y03-@* zk&b?a1#0&XvIEJQ$@qzuH~BbaG*C_*IILqIp#QFHSm{?##vIT5t z-pw;sysk$_{^Be2!(6^ZQ!)hU?qPpA4*p-=X2^aoYgwzMpj}xxD^NpRSO1-pol;ra z68+=o;vuG0VvDcyao&50M9tfW+t%YlIXs2*8c8i9yEJ>9_qsgB3ysnb54V9P0a?ut zd30srYAQB%p}r&fi`Nw~=5bEwL3X-f6Ys@yJ`n$@(tXOtBnai2cO$Yu{njgsd!#86 zaXx6?Lyo&+$>gMURKO^V2ODVuZfLUM{JoI8hjo*1jaLIOxOoI@$e3`@8xVZIDkHRJ z0t%o7=Fm$4H8LR*s2R5PyUMWglA-(6(y5XC9{j)S0hV1(PR<=Qw9_l~uP0v+1kM?r z+pUj&fU`4*lId>IZl+oAqjvc!RTLDwk+2|!74adjdbTZv>KV@Kyy$$}(7BIbB>8dx z8$KG|O{hU%%^3O=aY*~FFJ1aWEoJ^l!1dH?79(Rbypl* ztfQD%Sjv4{MGpbFvT|}dpqK<%P8(ZMUvibpT)-DEi2v!RbOt71z&>*V1t0M@Er*k4 zw0O5$#k-7kT!j1(A@_}5A-BWj|xYd;FJRY61{GdGc^oeuR$#V32m=p z+#9S+)ii-JI73tVhB3{|t;4G5ANe5~3O8LgoB;Up4fJK`j8os$fujG)z>p_8kNn?M z=r<)z85uW98d`F+7wWgW`G@XL;SkpK)F$azPIBas?|fkplL9M}5~erhfK8JM(6fw-6a9Y4_2H2<1L-ZnbprC(UBcv~=FBesF z5nP)5wEO1g@#ZleT7eW3OrtJzlBA7}9tXrl4==Av^5$gEj<q!q z%DJ{W4wOq_(SHW@0QhCeAe3){ke=9rNC9#RK8*i?Z@6uAkUv$gdQyI_QIl=gX?fow zq!7Wsos?cneJIDnFmf8I!h{Lm@q-!f0PiKL8EfUbXURxquE2WgW6iup#jRhjW_+%) z3nN5y|>gTItW4 z-&oUv`7JyL)2N*C3LkA~dsj8)ub1TTz^Ws^g zjLfXPhIOOPe_TFEQDHTVfX}SeC-;tzu15+36BAJ9J_6!zb~dUXq9pR#aH`$i{LGB% z-39nmPe8;0o-au?HC#^m)+13Aa(VE}Tz9FM$is~Xnf@SZ64VYU1-DT1Fe38rk}u}r zfAS4EfHWx(EDoGl`=Fu*r>cW#JjkzqsBHtyu;{4JJ7FA=5-^5*HF|*C>qEL6La_V6 zatnK1h{hvGI!KbC#+d~$G_ns4sZF*^xOjN*qe>NOOwYAS5naOIWas4INa7>+#NS3# zQo3$eO*+Ib_!R_NB&E^e;a3!jI5-g6opzAkS%xf#>e##@m6A5W*OtRF!%~pz+keos zeHTK8+)U2I`8C}T`Cdy5hiOO=e?dhGT!%5Sv7yWx zyQIArAj81zXaO?yHP?B2Ugwo_Nuq(&TObZ6NlRfcf^S?3l4HT#^E)7c2?z)@x5x8>{(Kd<#lPPIdp`)W zd@F-F2#pzp0?J`ox-{^5KmLyr@C^*MNuPoG0n*+uA|kB*yXD>$X@PBu*J%lON%Lcm z78{YPSkkhQNLzqC^-r6dJwhr-d&w)z3hb zPY`Xk<7{d}5i@J{;}ehhryj#X3nC^4_fBWLhTsQ;NoZYIsEzVtQvG(k+VEt08?1Z@ z={}>7-~^nDLlonYUtA-WwYixMX^9&G7|AkV5jY%(rUj+`3=pR2r0)seyt$tKBnZSA z^o%W#o^TJKGT_e3$ju!e#4R1VeC`CNFL;c0B;(Y)95fkmM}V6!EHDO7cE^A8% zZq+(Y|9-Dl8^w#QI9~3wrFJTgGTbA-VZS91P}I|T^42qSVn@TvAeW z<9O}oPw)tVDqtBX_h9KJ&lm*`y87)AeUiSGmX?f+jFpv@kr9P*!3RL939ATZ2<5P# z1Uv$hKf;&iz$Ks<-|Qn(jI|NZ4N`}d>2P3u-c3k@()e|C8>nQ_#CJka`G5TvIY8iE zmD(%e0RRaP=W7aoaR6K#7=T!~Ax6lIfF~JT2~p*=mDmV7zbRFb<7LapKEX0!neU`; zAh`cTSwi0^NRT$skqjG^m}F$ChhGaxYt(`|sP&N;=DjI>4CFrU2~jo*$w0Ep+hZ3Y zS`{drIFxz`Sdl6kN=al?KKX1;z8pJe5CW32lJA>&44%E3r$8$O@QPS=HFrJ5j0PS%}AMKrH6D`SbDhMW#6BeMCRP z1FZIM>E59GiDv|Xx(`4<1hWH1JrHgTgs90A5m$yiJK^Jz(NS?@hzMkL+!%=00<;l5Ho6pli?EK{N(UPn6dJJmm3%fd9i^`1|D(;eR|Sx zPDCio&l57_s$OrawEQ!bv5x4QG6*bSQyR}HphE}~0&`2$P(sf0(D$UMroKhtjrCJA zldE*kFDndg)cP@x^*8^UrIQ;iewk|Vre*OG=@-A7k*1yTklwpOb_3Ax&eb2KmlEYxeEw^ z0~OXIcH|&AoKzz-f)e43At_8?zI0s}#N)HnQT|KYy zsvIEWdytI~|JxR@Gw-ead;ub~BDIqFq`>}68TJoUbaYYx#b12gyS@h%#t*Am zB+1z#X>8&ya4Y=#284^ZUdx?6yo*`7V1UCIhcKII)%zXebB2<@M)x$}~P=)-a?Z%k(EdhX(`hkT02XjAEbknk@@W8i zv~bp{cB0eAOCT8jLoIL-x0?uS8x6&ie*gsl@`>BCDVAZ`#R#Lvp@iL7{Zfr!on$qQe894e=0e&b$wOd?vtC7v#rb}blQK{Y? zM~5|7_F`q*JtnLnm?|8qQNi~tl6QnbU!_OcM9PEj-pSsUJ5S~*3(J8FAUJ_HtF>nz zd0^5Y_Q*N7OFreUg0(~>(hhy{_41x*Gc&Wzo1O{qATPJNBEzYM|8R?$xQU~JD6(Ao z!Bolgn_2J-77-&{Hq7=Prnpona+FQ2B8XYj*#M(0@CJ}UUUai$SZn{V(FEJAH`?qq zAM6!8_Q!1+b4Wd|s6K{Yiji_m~^gY*@Y26`B%pikJ==jC@j z!11k>1`1B?1kiUZq5=_P@I!^I!2$}U1=F5O>nFh{oDb(frweoq!4Je0t_o(|#1@PO za}qE$IsNv$&<+NUtYfb;nb$?4(^aM-j0gk%3I9J}#EEGx`OPe89Wg2xOSBQjYq-%< zRxRhxuVs&=@d0^`!5Gb!@ey`T?dDY3Qyu}lSki#V+?#`n(~g(ttfsXba3r60UZQ0a z-fDC}a1)celG|{gvZ%(B-xSvSQDBA<{jIrBO`Rv=0$X;jTd!pgI(k@~%gi*zo$3Nw zv&M`!$A{M?Ngl?&&%_RA!1LnG`x|kcLdfCn;Q^?gJ!G%05Jm7Yeu61|!1_A&**!E) z<)%pYqp$;nUgLTRga840Y8$`LtK#K$+6guRIbg=KdEsqwu(2<}yt13Fw;bfmWAc=c z`B1|TrdyYm6SL+!1rqknv&@hQZ2P(+PPI6jcShzXczSyF2mm%G_-D-Lx8V!UW%dm7 z3SP6Az3~tZ+9oafpbp3iz9S=GK1zs*okfrifJM#PRKRtFhlQQ3gU%0%2PYFUy%94ezSsTu0+}O92uIG$ zMzMMN^LeqwSkhCgwN&d|B&t={%8NW8zJWC<_yOCo2O*a6lezRb=P+HlQr=>P4GSti z7RMm1T-q7PM+dao`IVK9ykcc5#eZK#K}#@!`+DgqCVEUOZmfTsP=3Y0vFJ1#xDV}; zlOVLSR396E0p|`YkPtcYeZerdvXT+NQQ5;dxQo1!D1P+7$~F0wzOB$0AlWE9fn4gT zjv?X29c44&1tKCKNNfV@(tsWSrO?P{%zy{UhPkNv>Z}~rR-VJ5mMjd2|*u2aJ{~*wX(8 z?#^3K#p;9Y=JrP9YC{W)J#B#C1LY~G(K6*qzzDJc+-lq?$uh8`@4+%ZC{z*3j?d5| z3|bs)npqU76cd}H(V1=3tbv`k6A0y?MBc0xj_IaD2QzUBGl2fGI8NR}Q)A@T1axaK zfZNakhrRpVnPGu0LNP?Y@9R$X9XR%Zet#$A0CsCIDJ4L8#?77<9_2;2t>NyQl$VQUSgvl^W zuE0eDn)kSBAs?^2OHr}{h#GsqQ+=H%$MJ$_0N}UG+X*0~qpITgHfxndl64QdO#qsy zn6${l$|E;04aPywcX8g@M9LEM^97$89KAUotZ}bk`jCj(nbCqt2tz=r5(vqZMVsXY zLX5#UZWbJ)HnIFh+RJD<=H&e=WXm9Y|5s@4HK`G755hk|Mjyv6Uj`F9o#q(8d;-r$ zfxI`!8KPs&3IT&X=8X7)hIOdK7Dp11gTqv5ARMprK-3^X(~#Yk_}D!+(c^Fb4EF;Kald0bS_bq$Fv+0;s=G-mp_sn}U_a zA=JSjp(JO2tJrrav$4JYK0`x8{*K%p7gRWWTADxylQivv6op$^8>2^VUI3qvcI&Ri zF-nN3lxRjdG?OIl)cYxl&P&*h&58v6`O2HA&QZamxo_IGELx1d>xJZKnM3bV z{_fd&c$lFVH%QyM=B2hXVy~wVCh4fw1M{}<(kR$lpY;M*I8a;#z>CKKsMuMVLoLME z+ZeAI?PiVURp1!_Y)%g#2cNcIDgY@ENiVSs3|nm-f>C-w#Qf_9Ai(?GgUvPr`n%h= zB*@FGC}0lF@LH09_TVpg?j;yrVSW-wO6}`yyNH-VQo`K0LWY{ofd_9Qx96dX}z)sHI> zU%0krM>`);#AfF*A_^-Z+$ZYxiv-P>-2>*}fp2%Jx}r%L#fP%*GhMTyLl{`Pme*@| z6$xq~=Iv@V*75RX^Rx^|$aK!4;NCB@_5^(Q`Qu*^8yh=NQ^>Y0Y{yNh(E#8k7ja=2 zP}36y;>ZhR8c2+M-%a&f?FD)f{_gC&f>F)F{SyCxp$gLJAM@N0-*?7JjDikX;(nJO zL7W4iw#jP@u9Em$2hz~YP`z-%UkrW_8*$&8$Om)Apa)^1q)(a@8W*GH@Jb*K3B}m; zY+YFO3(ow+#Kfx^qbj6lOGC-OzP{ejL~+Nk8wt34vnMTH`AypT-|@jnKyixI#T)8b z#fUWywD}hAz@i!jMy*sY?Yb}_Aba$N|DN35g07vuy1EKnzBmRxNHWx12wXU#3-oY9 zW6b`rOG#Mh&90^}2WML-G z7}Q!A9?()b9W~~2jW<{ppHgF4_IH$44do}s#)gOK6%I?qy287%KpYFwfD}SqE>r{Z zq8?Z*_Wql0-qYI~63&~X&RsgYF#-J2Q|3w?fD|5#YFGa@w9aqQ|{*0+m8kkvG1s(*P`o$ve5mg)1Iw zr>xPu+BLV0Qj?w#L8NCqqD8R;e~e#}6BjTXk`tUF*n=C%h|lO%6+j1gL=yh;ow8vI zJi%y|Q$Qmkzd{4#2fhV*p+C^^j3O4p8#SS#zZ@_PSi~z*KyeS623BxQ&{D&EL^vW` zKgrXihgpG)Q5cf3_ycYcoCcjJ#Q$=XQVxKp=~Z3oQAN&g518h0Soa?`ak4QLv5O}G z;emRsE@gT(EC`jr69*2a9PbP1hQFkD#YM^$xF%zQyx4Q65XZ_BTY)g>E-&HzCrDH4 zcrwV^(#Pz|XCDm$;ylR~h%JMYje-i9v>L&BqL{ci!O8EST_J}$z@vM$pUKEXVo+gu zxVx`Q0m2`0N6#llDlr_Q|3z2LBK{}NzQ(FxC8ng@3=o04<96*aFCCoQpyog$)UI_`y)hhDefgu#QRicu@-*H0(&x6Yt z7-^-V&-(iMuxS;#3MqBUR5|UI@!5b$8+i#t8RYmSh1&k>fS~H#2gtj(ft5u)u<1Be zTEEcuX24;72j=CQ@RFi64WPXOB?PFzQNjGsbsp{i`?-RgU6En`zram84(xUx2<06d z9KcTbTcGd)Ps08EJ+7{`Y^jz-1_(}h^*#WB2|Zb+|EIoft;XH?PmrL)m{r@>_V6ky z0^%s)@uekh(kCk5SebvF+XGW9P`Cls2u1Sb?_W4fXW)-SNCh7b5JsPYyBGv1_-Ay} zIQ--0Yte}%G0X>=V>sA%80`I9=7s;J7>s8gQ}xe~h2b>kz{5o@8Y)zSGnuPO{0ev$ zYgDBLe+z&tF&POXqfH=%f+Bng+`quW1@K8-OG|CsOn2Z(I64P{Xz$y>7^2BHN?@pKm7*m zyVn?-AwrWj(4E`xn*GLq{AJR^G5U(g0oOY&qs9cVTj-UYZ5bSWO!h}oV&V<~XIq@W zJsmf#fGweBVk70 zuYyjYrGqT%P47ZX%INOcvrS8ZJd2jZxDzbz4*lH>(nCj~^l3tx8*vAY`6Dy${5E+) zF_y|Nf~TkmwL*~ExmZgn33SdMj!&Ug+CPZ-8(x5mwN!za*LCym+;|WygS>I2e)oYo zxzUjwC)s5YkrrAqAvM>JSAd-7Ud?9t7<9!FdJ(Oj$KauJQdX9c(IOPY5v567-Lhk# z#fs=htvcuvk@Angf=nyI7LR9}AngX5Y3s z`CgI075-%^j$*DfHn#dLY!#zTEaR<2exFAm+i{reO|+7`hA_TEZ5AU)PY3EjTw8X0 zN={C0sxgPv>^o^YyB}&5VB_%oJam4B$c7oj6EmMQTKx+Pg_%dM02xfW)Z4Q3bR*aW z;HLrD*Wji3GC|s&CS(WpO8{d~quGI6=Ned_fr=WDm9K>Kix&5L8vtzx+knY0`05)# zmjY7|kTC!nI{-Kf4EEfNpe0kh6Yc4I#omMO2Q-5R;HhESM_BFwoUs{Rv7O*vFjFfI zK37&t|767*Nn9vqPmf1Si@W5Vj7y*^0GDxw0WyHS*(W2%3YDX+YqhGrVq${esE8I1 z`xw9k;cLI*;1JbCMyC}&t>M6{TYeH2g3N(h=B z{yoLcsm{Xk0xXLhmdmUhMRq%jJJYz;yCGs9rC201ii^>l|p24>4S;UF5kNO4* zVMn3AA_cJXI=pVO1UwQ<@kvPqzs7tG|6P?idpOk@qC-=ghJw&ki_+8bB+|CvbphP; zb~z{O5y(HEJEj@(PIxa@EvFjja}8k=l9PST&L&4vYfQ}hA0CEVU9F}nBXXmnU?}

D?r6jIzT`!BIq$EgLsRMQRi}@)Z#9_%; zs88eR+f}drrPyOe^F(ndMCpYjO$kd`fvup;g}4MDA6u zxVF?E&+6)U*hAm4Eopc6`)BzRVv8!UJH|iq@JyY2g3MR60L@ywsEo`n(wDozZ*iED1z%e=?v1;|IqB9FKZGgb$@5H41l!C<;ca9#jN>gLCXX*7iW84` zoWvj}uav%=$9*RC%SuX8eedB!hqDePn#z*adX`|>Oi>4k{z!XiD85Oti4`M(5y>6P zPVkK(_4niIe9iHxjpx;P+>eF^3+HiUjLVzPBzN=9ER~vysKF4AZ)|83$BNf(^IJV)2)JIG~uU}ASSZ_BSXP9n@AdWb3)nLeyy^fx8TJOIOibHiOy_n+zxHuI?AsBbzEJ5oFx07cX zW>+1p#^ zp_*!YM_*(MG~%tF{$|%#>nbhIDm^_$u^cb7Jh)gr;^Al1S@@d+pVt&5#W7yJh zb$R(~h}Ycs0;m%}Y>bze7tqN7U$GS!B3{*{wl*TM(#FO&B>>8qn3ZMIv_vjyi%rJS zJ00%q|79i4w*|QS32_}2cn(L&$O6}yCt1Slp|j)_MY;3OR7h#L$p`Swj|d8EwVOJx z|7M23!eWRE-0vlFx9yiy;O_1e)kD@W)>(@JGxbd-?%gd(|UEpyWXazYM#9j}h$^Wp)V9IN2Dh8RPmDQWPw*I!Jw06e+4M+)n z-txU6vEj2$J*In_+Y*KY>PfJe!I6#_Ah*kIt1RjK2X)au;LOrl>+O-21;CDeFWZ$3=ee!1zTsQ@FgVK`|*EVo0^@yhHHI4S0eT%D?v03?(l+RiTdN~vP{dJ?L(=nNMU#sx>P@ZyyZxLmX(ee6o$!cFa41Y*e zf>Awz)OD3_WVgS0(UPgOMw^{m_zvy1iFMGQIDLgttnmNfo5%%K$?f<2c026F;tm9sbRrJ$Qr%rTSE? zPuGBJV%J6RjNRxf4K5=3*+Gzjl;#+6sR5ID9+#cE`EIY@{d9_aX6bkuT0U5jsH*PF zxkmMVA(~%831*b7i(OEfJsXoGLex=^jm=c~=%}R`;4ZhKKDqJX+E$m}hmp2&wPA37 z>jh|?r#rH#66U$48nIqCYb-PK#~tU3^z_nj6(NTBSiVGeOt4D6Cm~g-qYQit6YBK` zL+ze^Y2;7`Z(wB6!#U(#m1Q)(8e9I__{&u^LG7k$R`Tao)s0zG$Et~-aS10M1ODab zsnAOsDT(HH1EA7WvF=?@+Qx}0RB)v#6cG($1O&N-03gE^Q*+v<> z3nYUH5|#>30q!0$^QxNYA5;)TQ&^32sVZ=6!X1v1uo3hUT5R!b;#tqIW|a`?pE1I} z`-^tyB#ny(7b0qY`UO+nc}-vU4|yk*AKhS`L6J7(5+B#`E-HA(+Yzb5aa>4y1T+}W zm&?vT1OlSu7czV(Q%gImT7t6uH~%~dX{8HFYA?4Md7Y*E|Vj6;l^L zk}IX6}^rL>VQ+VBX^s^1Y2Mhg4^9E8i1L!^FEI)oJB2#rmu;+|4yn;qOYRq zRZ3@w%WUoK!?f7M5annO>4%7W-+K@3kIBWf{VNwo%S<=*P{c)m7UGC1^w$ieb7Iuj z<1@6<%;^dxf7xrVA71Tv;Iz~E>0qbO-&eFMz;(n~tcF$SoS6Z?c_dMoV?;LAx zK}2KrN#-!9Re+_3`lHy^pG0;Z2ahPtd1*Q;_G+pJC`NeaIHYv$SP!54KkQR@W22rA z9d24$OP>Vu^nRm^pxzS<5}w&>zoEputqYE$gyzFk6Ad9`bw?y(A!X|6R_c0waGx6a zN)8#QbA>;S_Z>PACCP4pFGzvi|eq2^{BMj7Ye!g&2KjU!S((xQ2IvF1k zzVf)@*(bTAq8`MusK0V`X)#*Z$d9gG&;ouA8af6Zu0`0kguPmeUfR6(SX;y#5&yh% z1(Cc`99nd0+Hcehb6ih;yGX>rZ~Q7MI6*%m6YGmrD4p$@pvn;>H$0h|S||>gU*$6f z3twmWOnL|Ob=-pI38vV#vdAUOxoOF7Bn{F6XmqRd?liY3P4G#r?G7EBDjoVwVF@f> zsklprmt~g&Ln_RNAOQZ(WQoAVex|jCxL^UfG0#;eE?mgeaB^I&c^Qe zFl#1#E(;3pW3gFYcRs{OWF6J6$)K*^PEwnFy6cj&$A5=S zzgwRM2tKAe!o&_PqKJz6Dg_s+)d%s((+nJ<1`ST&_#Q`I+{6w%eTIiI)IkeWNGRfj zvAueLMa4nn)~Mn|GitDSNz1e1J;{Kluw}9;_P(RTKov9N4nq2<$@N#PJx76WA zTB1VsSV8g*aaPp^*I35L#^vL6LCuft3YAEa_@vBE(as!S+Sp#gzK#1IKJY{o zka}T>E;~h7aV!&yf97W=J?|#+>+uLp#Vu`Y%B%R>_Y!_zsfJPgBFV09)~Nr}=lw&z zS;KIh;5)hlO2W6Z_94du$&N{%tJpI8y_hkmE+t~lpy_=)n0Zcl5 zKVdv?!f+Pz1#~rMw|%LviZQ?fsI zV<1P=QN8(VmKHPcndpY2@kT0vm3uo!CxNSsQBc0-bg}8SChn>DMye{MmjH&UxUs6k zFRzJpeDgc|_j>#iXV1Vux=9oQvwxu_&$EYCdY-0UqSFv`2){p*ZpISh^s#19%${RY ztaD2!_Bm7pRdN#2=Rjzytlb`HdkJVdHy67qCYi+N&)~F8qh>0e#%qsW{W3MJP^%#% zbh2WIrIe#lk&}y_KMZjuly4P+1dVfaOw5Pe-u$33p0q_*(hpQ*7~z*=7NSFCeE;~k zS_953?t4{ZQ$#XgM@rtfO9K+dgMuxC@9vut0 zAa9NtU9{?P-y!np@=CjvimfR^lp{WugK!9W{j@Pb226$0T1DRlX?2CQ1;JHw5F8Q_ z{uOEEzNHn3OKTvGv`JBaux7En|22FI|3fA=c0wH+dxM_v7Hk6523=cQ8#XpJ%epqL zL-mudpRTShFmV9Q@Qz247E-2+Y+vN@{TpPEF~J=sB=muZH3MIq#A;@aB65?qLe1yy z)ZG64UTPW&(Nnj9PSHde=Tdd=KUz5Ajtf=Ozb?Dg zOHy`tZOo3#D5THv0T1-#q-;xhSyx3WJ2qu)H%?;i31+AEzH^j-U9$nX?6j%LE&8nZ^^0Kat>0)B z0VWnGw2N(7_MPqQlcVw}Qqa=wVve@*gIO*A3|Q;vkjZbPMD^8kYshE?82HV)qlq(m z;NiV}?I(`WP*CoqGa59aH@^2dok1(k!e`ok@e=V~<~}$@JSU>6>*yc>AvuCCj4M67 zKi9uDeXY^|`F2cJTs&mbB6_Tu48v46UUV){h-{1&CRX#>eOoE(E1T7;`|IB>_9v4Y zmo=*rNm6i17xDcr%4!VK+P_b zt&^jqoQASGJ$-0rN0h-s&(GAKm0;4a6rHe5O6WqutvX((qpZB?UN*sw0v*s^T|IXE zW$E~ft;^zG`#B0R>>bkj=;WM%sZL(s}3xcHhdA;4@tLgJBO4cbT? zMI95pgiLB8>kNX)=BVf?*m;Sj%%*CObfNnFQ6(YecQzK%oiHz0CG8trNM%mLCAB7! ze$w^{44-1)k@KOFR=S`qQYW!GB5@c^S8FY7U2Uu>(I{O&?2*D+T3QsZsA_MQ^DBqm z5PgP*4yyV2?24tf#Lo z8dw?7xS^@B*-_2FS_+luAgxBC(dYx(7qujFe3S-8hI7aJ$SIsCM0;!NZvr#RtE-8r zxx9KjzKb?L0JRd#*SND4lyEdtLM{<$!(q;ebN%aJg1W(<)z#HSsrd`w0L|)Th!Zvu z-!=Z)_3fc zpm1BTwY${vjdBbWup1kDU9>T;tTA8MVO9wDeW0UY7%#) zr*uNwgU|TS#?uOQwWI3&erfOXO{XYv`7qdxZ3M=LHo=(|J} zvSz_0Go!oGz6&az(CbM!-?cL+WLSpAv=E!5)X*qIcfYq4XDxVt_5~Py4SY2NQ77@| z_O50^n?ve3v39hueJ>&%C8@TUwF4}sbySZF{V*JI- z@{1hNY5bY6vbs@cT&RI|mMd(-%j=;mX@)+LRwe1)B zqW3Jo*UjreQOQwDBrv(lk@Z~@?aa#7AHVO$69iZHf8=?!dnz6BO1v&l=6bJv7#a4c z#4$~eDG{btgR+-y8%fJgms);yxOL(E?JLj7>7$ag$s+h+!Zt-k{3akOq1{7!Yi2n8 zt2&Ojn^301LRwJc$?|gG-5t00BVT4OtDKWl-5;A!shVuUyX!7pgL{jHB$i^*Hhk7B z_oF`6LEUp%Z%cwZ&x=Nb>R}V`r4HOc9jANuE|796_Pht$yMJ5+mGb@#Kvj;tFBefv z`|LNjsAXksP5QiYYUB0ggHCi7j(=H4w3*<7aySXU z-D!+4*dIOm-7-o^M?r5yRO4BOp8s12BVF^jp4Cs+`-m!H;WFTEyiINOo2}JPbPHQ) z>e{3DOw%iX0x*QLh?^$@>-x0M>P?w|hp;PyQoE1mdYKD_n$$VCcSTO@Y7 z8KwMJ2IkC{s->DKMDlR`MYi0+AK&9)s;z;5)>1P^iZacCC_*MRHB;vuNu_4LytKSp z@4kv7$l&7FaLyL{shHliZ&|8vEJJ8dG~wUkC%-Q%jq~7V13!Lw>w6oJ0Cj20r7H5q z^RAg(%!4l=HYI=`o>xWLcw_exJ`bz>Id52+Gch6ny4z81ToEly+J|Hkk*I#gMOyi3 zU?1r$uyxCTwHt$r8wUfH0BtUhmOj+RVy~@;je-2*zy>S&?oE2*QS0A~8dZf%9^We1 z_skH6U*JvE9hMnrpaSsYx{Aa4T=N*sp7zQkC>v9R$j)y49*rN?-oBVBXT@{{N_NPh z^@XS>QD)tBvP=*i-raE7b)H0eK%Qc_3vd5uDOh!gU@Uuw+~4rSt#!q&bmXUxU(6tp zL+g{C{#p5mnefEg_YTkQ$_v}pY*T*3>vwq5O))8~gz z`TGJ>a~EFq0Ug&2Z_aBE(w+=ZzG^jYeu3@iWGyT;BBm*nj_bBB3-r=q9Iv=|zlUOp z&BxNp4@rJ;5nxD$`~goIsxU(Sdt#Cm=a)>q@%Z?kD+3evL-BfN+9Q!8`?mldnnDm7 z8CSo~jW+$2RE7lZZ=ByB-zQftKp%`<(!$sZ!Kk@vp5&*1fpUE7&wwt!H$|KWTbPi7 zsVyrjJ5m_O7g(cvIUTG~TGXL<Aj{jkTu*Ly9>egwo0BQ(n@UlJ&Mm3ODP~ec z)7601i;!hub-1Xld-`27@{*lg=N8?gOP6gL>k0*xGd?r9^^4am?|7$k#30v_3BGS5 znT?2YQfby((~V8i$GtFML!Bf5Hi-V8{O56EuQ%?eco+3o%P6uCD(?&YSM%+U~Ms(_x|WjTn%T_`h(zu zCZIEMxc2#zwqGm~0at&^L&XlZYyx2hRNIZK{o3sM`JI?FN^rBgQfe_Jf%ID^ud6_d z0SE4}x8es%V*N%aLkXFt#}dY6c?@c*rF&od6~vD|7m)>|kDAHaphzdKORQwCuv4?? z4TuwnF%%^6mbm%YW~4b33oMx8in9 z%q<_Hg|hgmGWN~#6T%+W?Dqp~(NdcdZPZ>ODMFZh;yPHV?#RZO0ql{LF25+u z^G4|-YGJ{Mnn3fT<-X>y2kak-AYZI}{m}gyiWshmxlH^+CQpX#l2YlwK4W7LifPQo z&LJ8e$;>%t$U#U*=%wfFdN^R4eJw8#G-=ZAkgF{mP4A#%9uDZJpnYzE3FOrPGkR?u zi4mz>@9K|ECgWkGqXt7TSb|DXYy>U;93hH&@^W=Gt5v8pajMkVdnbTU%v>W#NgYri zWg8uy)Ym+WeaRq0BgZtJD^TVzH!}rvdekL!zT5lq>XT;|{$y!oGDFF=$e#B$LP_ZL z-uqb}!Sr}?1~bSoZPG-e$u4MC#JG7s=uhdi@T+Kg@&p!^XIFba zxG`gYW6TO%69HSqJeG;EYrp7DDyf_cDBshkszLx7%Ncjq7Y_g^Ne@r2R%U!uXqPVaCY@GkMQ;K7n;*HBe4*e;=EzxISb zhfSR5`fNIR9d+@8wP|UK)TCwkDEjEPs`NIsbm*Q9E9>X5OwaqQ2*)pNqbLuI!)(&) zYW432>>4%Ypo31(=a1Z@caaNyW z2z=_dM-}fgQPz=y-s;ElHU!iDU5{2TJ?bgWPMXOeT*@?|RN2CwR>9gdT2Y8w7BqSD zX7W&Q?~>TSfpefl5r-wRQ_+3sm;~RUHA^pd{`3+qxx%L~o%pOjf zk3+w=XQFW;2VkXVL|}-sA;JR#=_LxgcU*XhOIExN?e2e}iig1VgM6PG z{WAye7&Ez}ZZu+PH<84+RMpPeS4vBF;I?&6fb-Y_?nO!H#FUkrU8a5tlv zc6xXc8RN)pgIkybl^Ge=h*;2WdfQDYPon3CP{7u!$Roac4ttovJ7-(v>302tOWhV2 z=lXXP8qD8#a#s&;8BxEFpt8;755%d(-G`u+)A?>-WNArdJ3~cHbB*5Yb}G0$JEyXT z!klV}EOFEm-00+9^VY3j10hN?K`eKE_e)Dy=<=w1RT7;x39f!th=NnnU(;<98X!JI z^cerX*N7sAq>`HiuWlst2|e4JDC`H*XNcmfqQ#}nQGOh|xJGR5)jzZBtb17Qh|?P! z;_MAMCG-w>#JvQI6U)mI%5$LJ)%UuVsVAsJ3*g2R5{G9dt;`b(wUYq-OFf#-m)|I6 zTsbnL$gESV&Gwy7H|*$q4*He+VHBY?_Q48+^fDwYHi)(G4g;z2hO)m|xi>YMrk9$3 z(oy=}TuH;p(7aE_?mIc@?sa97T=X)sN$JUIxWi|#$wsY*qMd1Sop-w`QB?iW&1&++ z!6Wg?EVJTY{LCM2(16qLL$|O2kMug|Fm+d^{_HaTmS-809Uhly#7CtHNWW^h_beDf zzFCKdKjxmA`q@#QUy{Eo103_)q`Cs&1ctMlqbz+ksh?(M5pbr9Pc>gviKB zs4Vp;pX=x2{l(_l1Zj|;#8pT8n5n_8x>0yctkS;S3NLvt`U{DMa1tOe)92PPjo`|ng-e+)mA zKl!-e(;^ruAOv&kslsLDxVBlj!W5fd1qF?P1>@V@@ysYY6!J0Tf}*Q`Nvv`0u%Hsx z&1<#)VBq*y#l`|s!ZYk!ON+oigcob?d9;r9P4eYU;}jF<9^6_h{|v2^hk=Z zr<3pV{UMJB$cdKx67eYF-x=`^_Odp<=vmgAsF*Oz@4Rp5HRzIqV~}r!(=D@m$)+(T z5dGs&DUT5s?-^m_!rh%_^PI<$iJHX5LHtfbmYrn=Yog|Yj#@fbrT(EEzv zwS_^=+x&#xsxk6SGKDwetH8g?PW*8r$4H85mA1jR+rfCy8&4(pb>G`SSe-=|*a~B@C^Q;fbjiuuK~@CDtyXRkzmjdtW>@ih~-j zeJkGUWE}S4MC_VMuZ#Om9HWPR)Kr7N1oOpgwia$5H4g>t8n2b=#rDXLD{qV4x(WrJ z07O>L=J5PW+oPe9oPzZ4A(_IfnLMuVmij>~7@i+pLIv!dP+;t0D4J5nWTtOLfA9x!)8$NnW9lr!s@$TrO@nlIEK-n`2I-Iv zLAs?&x91@k0;iECu{7 z0(4@T9v=KK)mX{PxXYF|+J1yeUkqevnxqG@i4Lll3Rhn%s=Pl@sA|(xSI>N-%kflv zV2X>kF{)vx898c`BsFn#SyqK{YsWlTGm8*L@-_DZ7Ef!NZ`8u?%bQF=WNl^t_5+Wb zqZ-V_o-F0mzGwMjvTIT#vFOizU@?;sF^f8y-_2Dn1LiSmm}Crvax76{ryRmHJ-=a> zQ^O3ZZ@CxOke2?N7I2-|m=WIqlv^6Ho5oD~ly8)|z-qeJQbe~9o>6Y<1y5#Ub0e{? z4jCcglR56xf|LG7XBpTAh!k627+fSvZ|d*K-qKORm!J6%W4=*WC&+$y=HHF3Gf5KD z-hA^cm7PZ^%E}m+k>QLKEr$G|Lwfg3>aJ{I1kG$9Tc>_4UAmQeKw8G2ccmRY`gP4uvC z@%nHC+;v%TU%D4MK_AO%=*%my?yne&)OjgB09V3@%H$j&xDdDrL95nGWxNFFjKi$H z;6AHa+IPd>j%JXt44Tg)PkeV*_C8HH!j&+g>Qj$7&_Gb${YDM-3WP8am@5s) ztEec*Da#uZe|`TGSwOlDDRpY^6|Ck*p#)5{umyzHmAzfZKz;*6X^1jB<3|Rh#=?%b z;B-@z#AzYMD;CA8Xr^r-4C;>0O%0=`BR3V8w|gN+_{MBN7~lPJ{ps?kFOr5U)FM%! z$7wY1G?e|igLR_SQJSAk8a<3Sl8rf=-}3e%`hKH8A$3bZ4j?3NHsOH1qDqcUBNlf+hsCmVU^mqqjCyt$%)w`*E1^X5pBcB!1u zFn%UeDwkTmb_y>|Kda8CJ9!(ec*V1SWKen!DU{S1nHXMwj(}}Mg>C31$z>qpr!C6` zR!ze-Z9~*hf%zE{a~(dmOyA-2bUyY>r@<}#sJ%Zm4o>7~q4Tt?!il$vxQq$I1wZZ# z^5^G0aocxEoD3sePkvN*7ePzs(c-1=hD>C3>N9m{qG?j^+kUluQI89r&nwV&WQk&k z5%;jlBYVzx?-_R(=rN$Lo&5$sa`x|Udv=!=OP_TE>*ne0xgCQRnwo0Ull;Zw9Llg> z9LzB3oK!^WH7A!gF%ECGwNXL|0oRMGcoj{X-u2|f#0e2$;2EhUV82hG#nP})t}Cyv zUrxsyw30U{76r#1UeIs4PkI`roujcDN!)M3#g=C1I#a-;Wh7|6M{n+(VRJ~nSYIL@ zhL=a=(8$NNVrI&yUCYQU0w@%L$;rvpyRy4i`?J25;F2h7H!n47F~1Ne7d?_@i7edt z`x7_&FE*EFwT#cudw+7X4!0b`s(5<~vgF&72Jjnob;7jbz>muOWd`K{>w>H0;FfsG zprM=eujnxsgO-4XgwgT~@Sf%K2Uz4OA{tY7KVb0M%75z$r4JBoG1qBd>Isoeq=_cf z!R0_FVro$Vm2|s_p3i%DCHp98?@sLa3sSWU7iyi3bYnS(i48j~Ux(v4MeZ1U{M6=` zk)!qltmUuTzDbbL*8P12BGy-xblE7vh2vvG+$1xwTHGjsrGl!gj_W<;!OO^`_vBS` zQ*EUO6pon}MWc2Qxj+Uv>4dPh?pTrW?%T2Nn3kzr+-uuN4>oy#E8D{|Tai9iERQYDKE~!7=kgV48R@+a z4LUThlb^z?$h8yTuCbf!i=Z!UMs!-Cc8sRs;J9OVr+E$3w;Bwgza;Ab3;{KH<%@~w zDGPjiP!(0FOiR`p1pB!-}moQ-tj&GlZmG9{r}#;-7GK(swL1#ce}N({4D;OvdnX&_cdd6!O?iM zvUs1+@?%`pH?l{;Rs#{NVL{U)y6&c|j{6b(B=M?Pp^~Y9hAqp_3B<5Qrlu6$Nlc6= zD;!Hl=N?V>Zp)Gw?Ul3?K^W~hv*Ml1#Jm|m8y>IZbhP2?NgKX-iZ5wyFRQNhH~Fc6 zhw~0jIK-Mg;mMiL8MFt8NfwhL+^4K##++FSt!!cKc=i0v=j<0U{5Nm77ue;)5J~Fz zW!uxyZsHtl1FXqy?7RyxpG)P$XfBuu98x-aG~9Z(%4Tu&f6qMRw7+~k`HsbDa1T(& zwQ}hhW@`2V$5w`_Z4+{eIoee4`4AS43Vd!x`HX7p7D%jPIEXK7XYD7GOs#zdLzpmF zmkWy0Di|7#?3qYTgBS0XAFFj|`j{r|c&E6xFK^o@t8(Zz%0mM$nm~+k;-w{jTZD-2 zGS9*-9Rf!!jeT#}`Qs?y-LtTsYX8BmzWzR9C5FNUtCwY)Ti*IPW|=h|H8TV8!a>Id zGciRg&Y)nN$A?Y*9n&%2gvMZZEjM6)2h@-_O$TKE>b0&beyat&QC-GJaMkDaqR>8= zS-FUY?OhUZ@aH5Ue`eR^0(vQQ&mkLJNF=>Q7YmuV}+W;&Lyqv|T0N*m-bkwa8V zt16lsOR5T6+37ZuCusg;ZS1pR2U1G^?O<<;!Lz}TAqve@+S%AhOq(aRM=J^Hw-ZtQ zXytdA5J2tm!DF?XcGNo(AEDcn2ao&n+`*_tA#CxIa+HJrF&OWCs-LerTg}5`HwavD3{G77}1!?RMbdu*gW37JrU9 zM%@Ve<9v!-u4eW)-+v(ovhE%Ia@q004H5CiO3JS<4eqPFH)>>~ay-XgTFGDFJG9YM z8q>hgz>el?A-LunkkAokMXZwoCMy5_uJYyS6|SE)_2I%c{FIie%HO}Vgw*^6n1hUj zP|K<#C3V{+IVE1U($>{um_#Zk^uVqh;QxYW$ly*JvFk#flgbv5F}aBBQpnH4b^LK^ z5@AtWqGHr`JvqI#l{fx(hwS}W7SBQEYRm4$Nl}*?)t8E;W)}|*{J>v=LPBjp!kmP~ z!vu~ua5b7PZ?Z;BjW6&WrqyeBU3{YHStr&p6hJohD5m|rG-dXic5A;4XHcBm-wQX) zYqRL+8Z~iE|J8bD)5o4K&5q4j!8(n6#HfEBjkOaA{Nlm2?q4HC7$5YQY&Skf5t5*L zC(=z#zG0d!MC4=$V3rEkx-ZAw!rx*8kB2V4X{`LJU6>0?fGSl@4{h!5-P75{)O*0) zk74+zost_js{A5*@8CccIToHnAKkmDn@vAVjj)xDiF!Pq*P>EzjkWl(WJO)gjFTKc zP(&vY#XnGx;&TUvbRu2OyNg?MW-Wd1y^XCRx{Q20JTM<(n(KXj@;a8hd3R~`1rt-m z;ea(PG9_vlqBsXhOi)lz+^h3lIlM!B>6TaG*iqW8I(Ho4?k2wy&fUQW(Rm-^>LsSL z#C{u_6RL}Ia_KLdS1qp$g+mEm7WY-B6|5;MIw;m?X%ZSVI3_MjMHLjaGm0fnue_oQ zK-50Vx6~3o6@Ah(Y&;Lj+n|9IGQ0plw zny5|mB^Hc~pl4WU7^pq{)p3kP7Z>_D*JyLpLTEW)73aoF)#3Aa7(G%>8-}%d)6i-a z>eQ;gox}jBRKTp#c6Y2K_x8smbBck7JiCv`vs2ppy>UNI#(@4$%?!fNLSb8F*Zc+L z*#q9S+I}$9Z*Z|b0U4>s@uEEkamUm0-J3UW>a)Q^VQDKx zJC77)sS9+UBMK1HpBBRoQwU(%U`9eM9P{N1o4B+k`EJv&v%Af6by-pM_1pYA3@0XB zNMJ)LgTzZDmwkjqs~pjH=N=s{C!ZBk6tj6Nnu>}_iADNPnWja+RSxM8;0)r1p(IRB z!j(V0y85xdK)}Q2$aXo~Kr<@DB#kGxQs9j`?Xa_{M8S;3a+^~UBWgSu&(QOT*pOYX z6mx2-dGi>IOb>Gg-AUX-V`ek6B3%v^?9>+JaWtxvaO-0|wh3v}1eSNFayV`R#OV?0 zcpP8x3;(!Ek;}XkRGi#fdyga|i14|k#Lwu&xHHcFw=1S+Gd0!fE~W*}4br$yM?Cos>o zF^?Pdc3Ev%22BGsVT-z@q#bFv691=$+v|%n`7O8tR4~ z`uOLO@JjYhK0rP}Odg+P%9=_^wVYV_-PiIiM19+Dft`*xDl_YHg1?ryrso9aSLfB| zrk7Rcd{1SE12R$`ca$Ieg*w{bhwn1HRc=1|rZ+Jq8GZ(*U&1J1k6=MVRbfLvoKOZ# z3=lQ~Wn!EXGR3{+KYpkaO#TMTwa0m`D9Y%HtGul1KR>ViGj>$(oBAw2g>;nug-*Wg zDn9RTk|8;{G+~!pIT`JMnFUp=AFaqYG^$4gb*Lu^Qa=t8Q`%XkA;YW79ki;V+LoKUMQ)CUVWBAIMqR2i{?apA8Ug z=x$N*gp{!|6SmvD0F70oFu!X$oQT`qc=f}%mm@7aw!UWvt5KXJ$*fm(mLW98+5%ZO>RcPoLVQ z^SQ$JTC0!6f$EL|v6X+#>)(kSpPlY16S~ zw$`aP)acc9X1qvBgvxecht&&zlk!y|Fhl;d^5JiATO0Ii)*dbOB3=?ey?&eT-D|b{F;oK_ZS++2h$PaZ{Sb_KdU@{zUN5lJ7TryXW2N?QI_g= zc4su6#T6ws{)(23ze{6nvcQ-7oxr*%1W2l@@L=t0l?N$wi$mzwcz1VY^tjReZ3R%i zF->a9yH*ldqMU5iDzaC%b{psd?+9~UES|`$w<(Ye8LOpKv1zz z9w-wnL`%ZtUT2X|FwaIVJt5FdNsnlRywNHmJP zrGFLT%|-+WH(8|%Y>%~`WW5m}SSFKzd?%GhNaNp3B?Wz?TX3Ns#v%&wS3!9}TTu}m ztH6ZN&!w432vU3CI0@!jw9a^MJ;El_UVzvej6;T+an+)VT1EA=6ZY8|l-`{6Y$ss2rBU1u} zD6;TSP}2lcbYZ>gz>ji5qmNPG-E0Bu+oa^_>BPy&2y^qP7tC^zcBNIr10z`+CK9d@ z>_KPbbHAn$Hqt+3H@sgJk<9=To?ax3vo>`*+dCUIu?E@pLcfBJ5`R|8N=E+rf^tV! z8JWx*nP2h7GcNW$cS8Qi^)s$0Fhr@5kW2oKC+#A**QPq{!X$f|6xH3)Ze?WX;JE2B zl38mcSLlO{w6wb>!$9POl~`nqShRVU7GOu2%OwJ5pRBYr;(uSFIz{w;9SiUnJi$$c zl?bW|>8va+J62NcG;t#U*^J$U(9nr%DCbgUd!WA>Z)j{}7BrBt@U|bt@q=)94dEvZ z;)Ayku>5VIJjAQn%becT`vsAu$I@sv`h@vx(q}|7@!0k@DaB~}tLEieY^wJP5e=xX z=B8J)=6=<+e_fxlNA}Q|AyND$x1ChgeEZc_vocMf{Us;$ij`P#pjb2+0DOXBa`?CF z!)&eSI%pf{G{fg$7_i;%=@C>jvl2XDjIy$hlg6JvCq@^!8pv%oJgM^gs~4YUwNLac zOhT{GPC(lL<3p|apPj&h0;rKi`Z#Udh+-8Egx^j zQ+84cHa51w3(FMsi~g&D7zdjPYjk$wQ@}WZZ{4tf?%m+U)B>$C65?S!qGJ#L*Qy=u>hk}w z84(pF`QG$(mX3A`Mp&;*Ar3*s)Oz_UHQd*-GNTXMpKe=j9U1AEBN-#pZh09L6X_En zOc|!cAAu;v;Pa*L%!9OGLK{g~kGFH3j~hgtO$U{&YgN4ghD`zdTwl&{mAOBO!Vj_tC+%Xc)+$35?U0&W9os<+7eCqqh z6ELs0EBbT;{3xEyIu`^KV~0<`<$uf1U;nn`aBy(&VefM)aAYOR4j`uAH7(~#q}#;9 zMU9FoeycgwZgyM%s(6OATa)xrL~Od;e-jm6l&G+0Yey!7t|0`Qh?m%%O&68T?k7qG zNNEdXKD>n7ZhMNQ1(+8YL5F1!b-;nsRJ!n=XUO8*oJW1DShjWY<-^I+>f;qyd-$j!^=H)LI*=@GZtnX> zuqe;s{C+Jj$At2VMH4deLNRo}bHpXX2WA-oiv)lR7|4HgYx$lh<^FQ|K>^01t0$~jn3%*14QOQ)?Ck7-7{c;B z4FXSb9Lx|TTnW9^mrZnST?UR(i>!^mYCTR2Gm0Akat-zpT>?B69!HE{z&8WHXF35= zI&DIS%8D3dTMD5S8Y1L%vR3z}Ra z--_ou9i8+m0?rrl;D$I#aHL^X*#3JbCr*tJfS@8`)3>TyDENaNKGkK#ZRj$}1E3X) zbAUy!z}Af5)+5aG@BflY2IKJ>8X98R#9w;=PcgEX2D=1V96Qy(J$*I`vFW(wKvi;> zDG0j6AO&KV9>5?_%g~Gd9{5}Ri7a)Wq+Y3N@vhbQ{W3+kxI%Z~mEZ19fO z`X=c5e*gE!;Nq58ig|^t!iA9O1&E>G`+@}{BG&E%3UVOIL}RJyfep$3B%4@d5cQK_ zPr=Fq?-WHBb%Pvc8)(gIAvV-4>9?}b?+otJ>j(aF_zR#Gcel3^`SCwC#XTP47y#GR zBn{X%o}W7xPJn|oOQ}mMk6ZKY+h%>X+;Jjwq#vH?!4eWvt^i7pkDD~;YVw38@o!p$ z%<;kcJ%GK~lj*xtV21UZ;z)A}V&McpP^tw%GGXMs_xZQiVI2k|+O_<!0>5ac8D8m zT@(BFvtl`V0YDzR1|BmrbGO!-ZZO;HABg*-{;MaeKn3wOeKo9#8vb;?R@NB0L3PHYU7U(|;+XG%2h`Fc_%ro) zG#ciAQzJ0zus_a#<;KJn8H^DQLigrbump9Jw$ZEG#N^~Yr(g3Y7M#8&I)reYqZVW( zqA%}VWEB;I{d9;NssF8(F|0N605M~Yqj?CUqrf9zE4^<$`UdbxY=&*uevi9;q-12z z0{IuA_uji=*511snjNRUfhpCi(rwsJx6Ii)JPfu@Lu;5ZdOS}BbkUq|9FB*&ub)eF zdH&81`)0RLz(%@0Z?23y&~3~C201vsS>bLdZeDt??^1L=l;y>DiI$?Z#{XNUyU3?l zrTDQgvVyWT-o6bmRLpsGqXH(@RX|V%utVti+t^67gW0${T#KIGYh+JDj!E@km6&q= zd06mJ#?Q}BK_TiYjTr`QdTvg#fS1Ub-<@^d&yhV15v^+upbJumKPyQVd=ssX{1)BP zV-2rIE~3~+f~<^(k9C9|Ym_%&&=rCJJ*@cONAtewIuFC5y1MaU)+|pG^?L-U!4t3} zK~Pv+T!aP`fVWmv2vxYs1oS~bFL40I<^X4VH*EA+Yc`l@^sukB#>YWa4mGTA1&F~D z@P`0-LqSpCNFIi`#;$)BuwK;#enBVyflv1`a2N$9M93s?euBUt8R&pZz~1UEudHMn zfW?!ZvuVTL_j zHFgI4^0)U-xCfHK+RBR9xBin!T1pBO6X&p4Zw5=GMr5e>OfsX^z zXYs1 zc0F?Q@*b~tQbn5`EjEbWEsV1PY^2a}lVsIg5K_Q`zWaiC{1TwUD>2}CzIFWosxtqD z-pywmiQqLp0A1$`=tq>^zw-f<2QbUsRy#fd-UD~$XdVlUTp~cqAPl}@{q>l zp;fbKqohfho6{>z(bLm|!;y!Ff=*W+*Hv&MPfJN~D&eD*Xk0Mms!(gE{gH;RiW^KgjeZVjSj{r;D6pEGu zd-GRiP!mj-2<Y6EiR_vU`WEM{<2NQI)B{6++$FBL0`ULf zEzKOcW9gy6;Gi6W&~7XdCAY@O%E}6OK`zbu0A6&ww$7xw!s-x3>b$Gb@ZfvY!bB1vIC) ztd`n_Rdc;BI54mgV9UB#;;HBRKpa9YK5swycrvNL9x~c(G(QBQu=>D0V7Tknm`Yn) zf6-n3UJYjR?v7jE1J4-jcz_-S=qqvU9ii15;Cospp4nB#Z7Z;tg1w2tNbG2lf8TcY z9XbvW6bM^#4P8+H!DEv04ILkzzw=b<4pk~LbjVSVktKNrglSgkOrBR-deWING=CCy zzUKYKrUpW!7vQ!)j5@7&|1oO!#%gll)Vtl@-kvQL4V@M^mD1AoT5g|f#$vJfr|Sgv3S1Su%Lv2o7qW%o-*Dez8W2kz2M zNajss!w5`}XDbcRcrIpi&V zecW+(T=ntDR+ZRzYVk#N^v+NT5?He`^fq-`^z*>ZBkC)H5{1JkMuBgTaH4 zR7V%H#KTb|*UKC%!X3W>;vG1ul~3yqumZqk4S>Lg9*_J$J2R(G-eOgs$G(vI=L;e=W3yJM8`gmYxukDv+Dcmq3vK+Js-KVs5^LiZ)SX_7l*V3w9 zS30u3CMls4N8NR)-UWmJqz{zQr%^`t1sxqwwmveKFVH@(e21vsCnhG=--UwP6I8^+O)q=ECMBh! z!rFm-vH9nwvh(q_6{ID$MtA>mRNFbWqX!-S*q{wp506z4;^Hw~#5?%x=3(3uGc)zn z)i=*P*WQCe^~DP~PN3JJnM|}6M7B$s>anLDL<$Fj>_u~f;TN~tov>)|6YPZu?pTO9 zXh;=wVuN6fKl@kwc>LDb2#wN)KnJsduHHR>#8`vLR*k?a6a0cW{Je;qz5#zwcGQfF{D7tB!`)v|u*?Cy^$_^l zfTC;Gr%#A=Ag@qYSI^h(0P+!(Wc?#l87}~{e-6Mb8yebg_sfi5RQt~^F##HUVc|O< zOaP%00|Nt?=jtmfV~)hc#TkKD0BS~dHQL~nhTcUOZT(Z)n^-7h1&n}4cnQiAVbz?V zmh#IJQ_H;~ZfhddGc9yGZb=M|8I(*MRy!U*(I@~0ei*$KaSOf{&I$1iWd9Yw7_P|y z?zE|#p<#~ZS;%&SIS3|XcCb|-uP1Y8f(_pMuzI%w zl&u>h88k5hChkT+*a4d%c7qmfCZ=cdXeh||`Jmhb1;7FnEipNH+eRd_F`*e^2m<-G z-s&x3ve{`45QN=xnGP*Xyu5_+JLahdNZ;$geX{y`ZVgZFpPv85=^ckQ8(`?`^r>S&0zGay_;>rjDsQn5=8tw)6b&e(i!B>7re zS~@s@)Qt&c3Xt{m!Tvsb7N`mC=9wXq^bne;I5ck)&Lg)jcL1s(RJ*C>hI(GjRQVFP zU*og2VPCCWQj+@cK8QHwtrJhr-edI$Ualt4FNqiEyyj6XfBK7pJi=*O#zpOV0Q zZ;crm&w(2qHK{PDmw~k74m_#Ly^>s;@$Me?1`4rgp}aJmirK)xKtSAotD(_lq^hl? zW6V|>+HK6p&YmmkCt`(~%sgrb!|@6D%t*+=u){VWvIj^Ynxkt@99)79KolWsU_%$L zaSCH3u*L;vgC9nS7pQN?7i`Dym7U9&f<|j7 z1`k_6jQ{rT4q)`ETK2z!VihP?wqvV-;1o+J5oy9o22z0Z z{cvwDfC9jvs*`}x$WuSNFDGCd7qM(ooT4*IymqO7)5Xn_#|rPa&dfgqaQXE_N?mj7 z+YN}JS^=G}Re&rM`vU(E5?I6<3iF?yM4Erb56o#t!P-ZgnF1n|RO21cb;j_j&yZe& zh7$+ujD9#_9%PLQOt$;)fr?)m0cIFAo)QJ53=~L$e%zm@b|T#PTcZ$wY&0e&#`rmq zO4aCA*u+@nXl3zq&&s+Gv;m37{-1T(3!ji@+PHQ|8`#s)Nr{PhSBg{IcEX~fet@(L zwRX}dH1b?WZC*a6Da| z%oEBJF(!Z>6n=kOSH)4AqWVn(-hw029AwVjk!^-mR}THMD>k$-6IQ`WFvhHlN>tdi z_JsFunTK(V1AyAQ0wrOr!{=6`K$xsKH`h~$>C<)XAsK`g5I=~#1hWmj>;4-EpBcf$ zCTLX&$bFoXg99Lbz*f};?w%k6scPDY1Vt=Rss8?5#xV*kkos@mC`Eh#5lRvikP>tu%0}~Kqsgs}qRv&7tZ6Ra|s;!ph#1o zE{KZ|c%eD_3;3xnP<8b<{`D;V?%@%bN39rhbm_*6kiRpA>j*r%zZv&KN(Gw}iqkfp zq9Hxl-gviF!P49HqNI8j5es?@I{AhNKdSvb^)EFtGGa&R0qI9QvOKl<&PY0h(U?p% z+W?sUY7e~CGLTN(0-*xU#bh12rtWuMi{63?Hz5nl$1CLmKn0hG`BqRMF--pQOL;j$ zFC!yk8X&<+VhJPIHtSb{_7@91JtE64z_mkPEejGE+yt!B&7g`eoB~uU=Betw6Uj4o zc$qF{4%SuA`YG5`h_mOwH$3^%r|hvZJe74K;4G;>AA%r!1D(>u0`--uFJEA5!hNYo z9HlXlg4SR&@W8;x8_%4-cMmMXfrMg1Kzcqy^S6Wn@Or3=p*VY&mN7JfTMapCDwp6f zK%~_%WY4_Yny4+c*uPapVfB`2}r$vl|Q}JP{HS)+!#!G zq}X;{=pZ+TT4)Tx3H0jEtJ>J?gO^TiK&EE^Z_y8|Q~UcdPGE}W?RZDk>WO}ciL8<6 z#vwR{1O~!s!^{SL^tTrvj|Gt$6fQtA8+it9rAqNl3i9UJII#19fMBSDOCo`3h`W zraqa4Vhrk6f^PU3E?b}~^;T@>l)yiW8mCr*L1xldnwRTfUXxHRqCDNyR(ZH&&nSRi2OX<-1<)a z1kav5n;;42!nmIXPF;J)$2p+X1Pnj%bI#t_8EcvB=Es8yBRlXBhGV0Hb}#z8-~*jN z00lnlQIU~A_T|O$`|9nCPgcXXe!?6YMB` zBya>@r~Xw$#e7J@*?!9*g0}C!tOnA7&N$rUyG~=u5;Qck_uqHw@SobdxbazBA}^E! zqZ6Bd@8ARcmmM0xowonqT`__wM}z~?)|{9D1oSLQ(AdKSfkYgbJpP~0nJq+&%KHq# zE{P+DWl(Jvq<|i@p!?#)Cf4D6`+u4;(3isIE|ISa!R8-Kb1quuUI712&{oOhB?=&> zUS3{?9%-xI2Nm7j;*1vjlo(B_mH5)I`CrP)K7eAd2`4KBC+@%FKZ-P*KIyp%kQp6& z#hIXt-^tC#SI2_37YG5DZUcV)0y!MW#vny$qdNnnD1G6wDk^gam(b!Vs6syiv!SMC z2S*}R!rXD>?IUPq5;&FuJ@oF~yFzA&3=HWL4(Q_^$|hbwuMqHc-Y7w^2S!JMqcEti zv$3*IMEKXL0o$i1k)|C z3Ga)E*H5QmqM#j-NSDtqP7`XvA+9!k0{Ye33kJP}c(Xq1HgGL^J z-eX(j@uK@ls|EjrLvlH4nA6nMlp&Ia$iU-QlvTETEiXqeZoowpgAKX>5dcuBAm$|h z+uMv`1DcK*G|haU(8KwFZ(rTg(Z9AT00R5Jk(zS7_<(TjJ!jxSp|^tlMDSm4Q&+*u z>jsDe3?xZzxe{8rbI_~L1cB&62#(VmB@hf19{?6g;VNw-1T+EBLX@iJUMFGGB0(Df zVx?AmL7^0guPnf+3{}o=SV;ni2~;bAkmm)yc_yz-h<5<@n}w0_X9tZ8BJ^Aj2!H9c z(Wk)Pu5n-kQ|k=GskJaJXo&{U$^FDX^2MI#AVweHq_c6sDTMp?cSr@;oPmmpdJUJa%1DlxIcgDVQXm(Oh7;~q7Bs=4j%1FVxil%^WwzQOg{ZDYOg3;d! zIiDi%qh4oINy4gcu&7ouMwj?0Ns41Ero}s)3lVglFw$R@9erUNOufv1 zGV{2jE!j3NW8C|{CZxVBmHZhfXcal*pK77zB2Vm?I;}lf^h3<*yU@ST4Cl1oix$ZY zX~d9yJ9(8xbW`f%CZ&erGMYqbnDus@DAtx?!ZTyk*G4EQ4(bSTa-x6|sPS@~$)r2O4yIHGE z3+;{*@zj=w*TQw+u5H0E*96j)va4vIklV~OC43)6cgTAN_d}L^Z`f1f4?(I?rmF}|^!eAkwT_U8u{xV~4H86K$NEKg~WqqI$@w&V1h?Y}sWnuf|e z0AcpkL^*#M`wm@6l@19HJ8Er_Q66=ixee0mM)9lv>+=!sM73@D40uyJIFlGWe9Jzq zE55TZ-EOTu$cG*)WG>vp>nu~5u)S|o>$ktoBa}IdGA}*7U#VrtsSFmPPVMnW-DZuE zu;V6{i>yv>;+E;nNR}QT7~yzv3jWnLMm~Qtpd+oQUR7PC2IB;hFQikhu#f=-q=y2A z?UySd zXcd*C@#Bwb63#m`el7AUbkA*CidP7C8SWh}s;Ev+^kdzJ8|ddb<`#@dPuG2Zr3U=P z5Fgky%jtJtYRu#qcf?_%5C=Q#b-T3sGn~n)l_? zN9%zFb`7dBs@UYcv=4ae85rHLrfIi)=M--sgxz6uj)eg~*9A*dj1kkR*Ky-W4M4qQ z#ww=6b#$9eGwVV$dso;hFME>jA<{}H{%wWlgE;~7CSRx+=Pj5W;68M6jMCo8 ztiMF<85GG4XEfpOmSl>;9~|mX(;}_<`kJCUR;oYi`t|Hhvv#g$Xt;l#D?xI~# z{ySY^P+$JuMTQR?l*&N2sYukQ8js8y5I4N|W2%bXn>Zr>lIVsEcMFF7)|0v~%9u-+ zPZ>L#n3;7`J1z{ZIw7DP`(2PoV|`(4nKe<5ejiWa;B$B%`pLw6D-6ri+$#+Zx}Nd` z7_z|88Mg=_n;Xix2%(&47_~S1t=C5l`hVkZW&g8#aS1afW#(+QJ=YeUF1@>~ZQ%gJOwkW3s0E%QVU;C=eQBX2EE* zgi4Xg8KrCCG{``*Vg2*)voDFP%C9HCcK>#zi`{z`82gG9HT7dv93Qq+WRRwi6l9E< zTJy&0{k5nq+_JLV!DoaT4CSZ*%}j_y7MzoA5($boh?iv5hf+LUDj8xWKX7=ttRh=< z!;^$zn_X0Y&Cwm&Yfy=xR-+E=S3mpGFNjO>AcnbK_e`F~JmuMei4Ur1>(# z)Qj=Ak34Vf;?<3rNsTGJNy}wFzK~a#c#LCk#jM-cn?g%ZL`UTwHtoB_XOne?un2v0 zmTaspNvLwbL25fs{XPXh2m2gP%7FMhdgm+UTp!Er3PH-boehg9=6^5zy6bb>(x{7I zcE1#Er_qrKlUrZ|q_UB(`McBY81eXLqa0#PwYU+(CBL00zO}sg zB?9@vY7Qw!Psx>F`TBF5b>{iJTx58b7LQ$783rGZnCgj3R3=u<0amS&Fs>PzOIKJe zUPOP=MV?sMRjA$_{ZTA#d0|QQ!7lN81FOi!?4fskYr-+hJ?~Dg|MHwAp5Ne!aiQ)h z$fqqTI}PJty2>ww5u@=k0Sx~Fhd?Ulo>M&6s5}aJlxzPR3bdD7o}X)8Yq!TO8~(Uz zF|#Kp4GnY~RFJ>CG}zdGU_lwJj{n?;y{coKZd8o?Hj*JmSoOU=(97#nC)@A^b}thh zb@&pS7>6aZie8}Uub3xT3!5!nM}D!U0+y5vPAg? z$EJ%y+7e;ZbWvUw;!7q?x6u6du65F*`z`p)APcOVClX zW*IJqGihGMTMjF;Aa*b`W*apVV{a4x@=n!;N~2XfpxaY&KmJM5@R=sEs6qt&a|<<2 zi(h!j58@#-)sf`;SJFE}a7ex}!ZEL&%VZ`PyTyMFuy-+(lZ8!iSc3AO z6$*-UZkY802TVEi-n3ZKrP;=d2YWLgatjW|Hkftg_ISzP{%E2adIS;24&M=!Wydt5 zEt=}f3=4llo}7G-XqkGFZrOpNEJ^$pJR86S(RS9=>w9*1ytl;0Pm?vgrs7s~)!T-QnzC7<6 zOt+!=^Mq4cF{d%Pg32@t*+^>4Ml{DF(CwBXU1R;?B;|zk(T1;i4C9|xLX72t1k+2u zhcGp0p;BVgv9o`1f-R?At2y>u{n><7ryJ2nr#Q|Skf*#h6JAnL-q7}rm}j1T5iht; zkpicg58v8Bjmjss2@OFQUMX*dbr(%;mcnM6kHSK@d;CLi7n7OS=g&rP`8C9+=^-QZ zpKl|{1qD)E5tEg|=I3}rM1Bp=xuKuL{460 z!+FKT729T3;9Go)E45hkL(jWE?r*T+0{)^aF@iLMqk*|dQj($<-1$zgzFVg16dSqC zX1Cpl_ginVwxPP;Lq4QeE;Aw=b&is8D4k0aOM!CN`7aoLauPBwPxRFw-SUNk(t}wZ zA*I=j7FxHtwo0iA`i;nkxTwI*+gV9Pk08t+pHyW@NfVKg33%^sLdXLXc`+PlBEQqN zmgZAxD=7I7)d=QAWh4bq*9RC*)8p*Ii)$c#tev82Z+wZKC2XjQ`3(hV8xPFLGk3TR z&dT15mXJ92u)o}A;+jV@u(lI){G~QU++WwNk9lgj#+my9wdhR06whn$7I;@^xZ|A(lv463qg12vsnT1vXR zML@c{C8S$Wy1Tm@>27JHTN>$*ZfT^E^eo=*oH_nth8btGpJ&A#*LA-sUsS5-O(>Le zh|6Wl%snpM-oWVABg2#hc3&~0C4WEu9=N2R(6Q|vqz?x^xauK!XK;v?+*_V+nw4(q zvcwJpWu-`AQp{xeL9PP!V2|P-u#UR?UKTpDg+4!)1B=zb^Zl z=0IaLA$8-;i|E8OJ{NdIlmfjt`>3<`GF_-u+Y$G_`omdgFnY*7((&9L?SHfMUyY8|C|=#gblB^CJ3^eJnJ@O@2{Emz>spTbMIR4vV5VfWs} zGLhgmn>Qh&!`Ps&!6h=GyLPv%Ct;n)vq`sYx9qeO<=92_j|syVbyO>TRL8>AxD-H; zQT13&7-fx}*EgDI3#GE9Qyq_iPN=J&2QI zd><~{?v_uZ3$4#va<={)d%AGTXuLs-J#nu_4XLpkbxl zxw*Psubssy$wty@D8BPL;kevYyXrqMb$~#}XH(4?X-06;OFu3dU%sA+qOT2_q5ZZt z=+p3iyGy* zjRTA}NCytH5OQM2>5Cjj?Q{|#{$yanh4u+ChDgU(ajmc<{#HAzVbDqGweJf;vTJTuoU4&$Qp#@^@mJ9T3}Y}ZLzyH$p%Sh7U2AXww$aM)y1Ncf35%M zXiEHMwYdo?`BCbvD{KY|X%>_2^hwkgeqa0jc8e!xE)O1^mV`}UZ4S0OHeJ7m@*xym zxlz0i53pOCWWH*hn=*)5C8EN$2oQ_1$^A}N;nkk{?T_l9{`1QfJLCs$($O9cXFy?P znX!>C9|Bbyrd&fJ8frGKlA?66EJtY+TmXf=awZQWwAEYY9GPh9&A&%{ckjN3%o7{B zi)f}P_AetDD3={z2rJ|-|AqYGq5^Fm^>Hyxu~TR*|2wGUWdn|G?B2W`dmX^hPc%Y8O?wez%u8i?DGB;;tU$-mqSt9b-GHq>7 zz(1TJUSeD_F8n1vL|S#og;|R$e||r=m$Mz;nCU2*X|s%JVazBx|)j%47j0u9YDo;%wnO=;fESZ2+uc))4&Of)nzWT-jLg=0Qh zBUEwgzaqUM-(f=l$4ITw(FdOn!y+2^Rw|~)rniUJkXd_**alC34L@LgkQk~+?Lt+= zW)`vjmg_=Huu)=P?oE&ZM788MJHff>kAXp=eFHoYq{Q{ies*>uoFx2MI!*(N$Mw@d z_BRe!Q=|1tdrL)AECU0lek)89?Pw-sls+@&Yv*M14#T2x1)tleqZ?v<8E$>|L|%Gr z1D#;c%)e8vjSAv`_6$lWsyyr<^reaqXLT8Ylu`XuVkyO(K?$r zcV3kT7GMPN#rdkmPR>#y^l@ZrNngS3zH34-SSLCpOxQR^=#{;V+d-8vheaTm-Z`J( z8B%CcyMULPVuic#&s3UygTU2WIH*cwrG!(WdD2NKYZbd8_N|w*0=Df)TVMT;ynh&v zx2iQFx+f|sM)MMRQ=^jGJ@&tWz)IG_wR3{2kq$)}oY!`QZS>QHZtct=JVoBZgg*Y= zTCguU*ycFstjQ>tXLObmy931Ny!6isGRl-Jdv4EDgU=5A7rU%o7bvq?2fZ8=Z{@s| z;b6kndVusWzJ%Hxwfv-5Ga}A)f5ejH>=@=As;2NMzdj>8 z)Lt+Rd!$PAp@<@a)TZ0@3JkPH*&m$ymGa{tce7>8QzcuEe^(){adxeKY<#r8F9Ive=Q859EcWS@08CgU(-EQP?35?gp$ z6aqmXcn!pyZA+4~vWNlAr27+Lv1K|7J^fdHFmq2HqC0~umFdxEfMJ+&Z`$CoJ19OR zfF(`gi?NqPUd=Z>eEvoxCe#6d`fIRPiO`omf1ti9!C zeYK4DHrX#^DsvjFg`e#DyfbXnsj{(}w&eb8pJJ5)>q=KOVqEL;_^%)`itBVF#39tn z_j8iD(%O7z@lrvvv>OzxG=oIuOtj&dD$)k;7Mk4>^p|V(QycQq1*XYuzHJ`1iQA#U zEP$-$y9u>adPQ376F4y={zu0+^~Py6WslgVfANUvA3fkxNDE>y|M%T6*?lWPl8*?B zgqsgA;evZps*wIApKNFoLu}^O>oVg{=jAvk_(&xb5MlXY0Z1C9XC}sbCmh&%GS%{bYLxl%rRYCJpIj}v1UKj+^k=2zAA36CP;JoDGkYn)nCnK!jZs4~$_3{13;RY{t#}l?oQ5aCwlX1klNPG| zPof#6PUFDfF7IIXU5JldMg#9T$Deun>^K@_L|3jyKz@zH6T_=6S z4rb(%*@F0o*RjC;+vHhPMXe2&mnoq8SiO)42d(+}wA;pK9XD$Ou}wuw(V`)~Y_YjV zdZr=UNLXe^Id1i;EQj4b_;rLnF_sc=N}dLEz%84d zBtBMyn6Yn2%8UX#&!`W%fz&14bE{x!f22F@ctgKdoq2 zz6RGoS--^!DE#ED_6a4jG2yOkcGioAHlB;)unXzeKmF9oKAgs>{m6&vfP;;u^tj4S zYp!$-^Zy!PShPN2H60E^(c0(7L`_^Z2*Y z&MCs2&Bn)QBV)OGG?rtH_aP<`WYS_!D>2dj<2T)fEvg^USVlbppg#M5_FIh)q{@?vq^42G9jz;yX0ozD=HyM~KK!uk_lwBTtVHS1 zUY7aE*t!I&BJihh6rvgZxZmyp+#6_w<-LR(?hA#E{2A5XUj2meYS4{UJ+O_2_KS%iH9n?LgtTbu_BCq`N*o^ECka=YbaXv(3ryd+wD0{M+g#C51sCgOrgPV553 zz9|VM)^u5~1F;P9HR2-Mo`IKuCck!1x3!ZbRw29zZ@5K~`g;?0jHQS$$AK!o(^OUu z#P+H8;uznoC6DWd?{||C+6d6?QAR7Wl*scl@Y_K~Z?2o$B~nZf>G2|032yK2fa>V6 zamRO-+^okFsosf7w15@ApFftvc~AvGF-+x$DYYuO;wg!$=RvtOF9K2K@29NIxd-jo zd!B?=7Pt>XH=0dL45+iqVgHf`*KWFMnUNmKh+!(Tm!*Yn*NBrnU zAd6UVMODnX$G3B=<~y^oM}U_j`SN=07vYjyob>@7tPyWF!#8i^!Q3HKs~Syc%MItt z(JSq6TDQr4I>XTQRm}1utQepCLF4WjV`TkVP>op7bkwo>B~qP9+|uG$6YXmue3pcn?e%Y} zwC`^kZNnU2Wkwfl3&@9PnOO+jKDKV49tDv8LH<*|*F?PO`qoZF0|d~Fb(VI73at2q zjHAW0RPlD>?-7ccz6Y-@5e9UlPkD-BeMnIdIq>T@T!ecM>ai9-5=9gjmxru{dQU7d zx_$IlFalnkRI2^?Bc2Se?1b;rix?0Ce?yAT;!}+ZooH%e;o93k zYVyl(Z;!JPe59EFt&N{Keh#d*MxJwx?0dybX!6~F_rDgs%|yeZXett85xpeCo#3Wi zIusd3xFQ6CSJK>RPB=x0RL+JjG8ALn5LGTV;3!2rQudTJhLpLW`!RMbOuUB#g^Mgq zUy8Ly4=LUChS}ETJHjWW2+DZJ(QH)8ToX!`MNr*YJvd}2 zqOr6-7D&)-VSv4dI)WhS?X2>Vh($J{AI$8XU@-q8*`BAvGg}-JjJ_C=a9^qLIcEpW zr=>zdALaFD;;9qSxY#X-mXs=HkuMQ=^%2N-p)Sl zL%bNMmez2>>f3LVyU4w2I)z%Er9{bxbV0&UiHMm}Z~`Y-XHw0l>}EeGcsb@2K5>xi z9}p%iJy56o^SZ2&N$-{AoKpZO1=hX+A-G4Mk=ugfAV6+&iGv-e~|a zrN)vgIov*pr|lPnRYb_dILYib;PL<2G5wwLOODQnG+CYTknbj36n&Fr}3;SRn{jY1r-5IUH-`+CuC{t~-J}MK|pc?+ZE8Cg2 zL@+;IC4o`ydg=XC=~h7K(-i@}IdzUwWlD^r)u z*5!6JF;M=*mqrKgoc6INF`B!qG$BSVZx(tW$x!*nYrTjp_Q_K0Q}@8U8XiUx(;og= zk^NY-?mqGS&MnkobJ&!x!o~gZ$S%FoN5wnr8`Pb-j|V<3tI#Y%2w9VM>%yX5s~;ycm7k?gH4Si| z;6r)Rp(=uSuJxoX?bRjukt=?U{q1!K>d?672SxxsCLRne zTU4P;`7XwkN=e@wlvw;uy57UWTNgP?cO$8bbb+~LeRrDJHzPGV`PXid#EjYg{WL@Q zV;2eCWfQNyzWUcONWE2QJY6A{%;Rn4x`Zv^eTEsf`&@G~AOa)m=2OnM^(}kgjb{)@ zsS(Ra7Y|Z!l$^nFlAu$$Dvw1^*HUw+H7UH4wj-_f(t(~f6cit&i$K8 zjq=ZLxE9{A!|q0F?|eoMra$(Y$yCmde01I6F8uT%Q1jxrZayq_BlEvb zJ6&6y~$NnabWn1o{*-rOElP=4^RH_P}bW_JWFMJp9k;dthfA5)Zt)4t;ZI6 zlcA^b#a^|CYYhh*f*g@s$ctZrNk4jrXxe8(1A)wMCp91%#WbQwL+9Dw&D}sEy0M7G zqX;Z0l)U{5zZ&uzhA-n72a3axwB}~Ya}5v@BB(8q4G!C znOg>*m7G2YvJ~`3b5pxSlF;oFmk5yN_N|FLu_yMXJwfdz$NzMk5PpC3J8gPvh<&+* zD0<n1~6HZe1s0IkX?qB9c zFcspu;jZ@3{w8GOT^#s?o<=r+)LCC1L9XS7Cv z2Lkz;V*nP)sF6Oj!K7N6b}Tzrv4A(WadPZUkp41}6{#QmToQIXiIUeY)=XU)LdJnQ z3PMudIQc>UwZBq@mcbcn!2{{5V;HeR+4}vq)HK??>3EfmSxw>kc8CkLG)jyK4Fc$R zX<`+jiLI7}#TUu}U(swJHrurh)ik zY&f_k{`G|eKG(cEpDyqwv9bgk15ty#;*zV#Ed2zg z8d!^e5)eA99?*$8`@;g+zFr@W)@bPyoR#)Xvg51?Pzkot@azltV8-72J(o2l+(&QQziPL;j`_L5rA%k6eQa=dE>mcBpK564;s@Vn;wJXPz`0&H!JWSvv zG-vki{hSe4aa->{X#soei^+zWNYZ8$vpMp0AR1A7GTsz1K3>?510GI64z_f>R){O!KgBq3g26*F{+(>1w8nux6O2#W`e7MVLuMPbS|T9t9D4 z2D6limsL~!5LRv{H=ATd_b^jZ-js-Y6Gc%IBU0O`GZsc^fiumH`>53w%)CRDs435x zY?eb{20iBC<@43Zs73G@ZhO{@8pAQ-dP56wS)DWR1cs@)IpC0)yu{$9;vN4Sdqi$` zFNc_*yF=AIg(OeDNd`TBO%=a~dlCC0I~XAGUyzIuhKdMVfacd$8X)81rL99|eq`CG zU1TlHvqBRTONfD+qAnzLt>4{dVOpq|TS?>O^iH#ZKhFM&PH$9C6IC|S?0;Yy1|Ff|YtYFM`6l29ttOXV zs;M8+*6@9QBE-sZNM*^MPY3?MNP4xw%e>!7to;e%OfDGuzt-^|!N?NAZW`;vX+#B` z)q7X|@(Dyg>MTP>yh3Tl1X`!45O_qxSume=@>P zFUBPpdveZ=`1M~{UY=4z2gyY>8U>kg@AH0 zt_2FO{o8n8>M3710<*a1$mcQl(8C-+UqZ2%u3kxZg-LZ51y}Iv;&?~7D+1)b)@0GR zBr)sW-(ujpO!y%-rNCeBJN`K+WkgY!AIJK8QvBEWhKifL*JQK0^y?Ro@AD&|06!hF zyYXiOZ9`*2gVT5>FA&dN02U89zz)zgOD8v$aq9G0`s;BxKO?~ zG-xrUe41tl;vws`_7~`?p#1mGOx_u*#$Gh9vmQhMRi;Pqkos9*G~YumEq%xmFY}qY zzw!mye`A6oG(!Vz@qW#^Rlqf7cYC@DKKC_XsmLU}t^b{4NSp)zm!iD9E|3?=Buve+ z8aFL_dUybLmxF_YtxY0$YpJ3E^gh6%(k$p1TeKV4m4cU+7xk`cUH zb(+cKb(~#j$ZQT+Sy>^1AY5Kt;D?0M5W|XKEExE93~n!Wdbg1wP0jv8_=1yU2AbW$ zU+U}Zd@b~R9t+UJa+4ZLj4(C$|4us8i23<>z>Q^ZH^2YWUSCtgmhNG!?|Jf81qaZN z4E2jd3VbA73P;!XNr zki_7!=r#i_Wvaf1rJWrcAFRE8JXKjiK|x6g?fp|P%t{A9OmI*nx(qP>TRV6#0c2km z>vn;<#?{{b{2dU-VBQF7H`!$M7^bnCNM1e2K-;$f1o;giA-DCC6N-|7F+Q-nq^<%h z+=k4)%@jWL){DjA8KAONF(qt*i*$zxq=wt*`$BFmUU)Z_MdVBL6`pQJz3D zLYw0SQ)_Vmw7EcgKz}$&*-VOu1O@D%2webl4X4S%nT!F?22iYky8YJD!kf-V*zE}j zEFWMt=(_?0cRP5_c083oMKke`0zLr+M|E|q4{3#8zzZ+qd2<}U8y_nQQ4>(!)h|M* z5rZ}WrwH^sFtO}}(cBr|0NV%*L&a~=ZLF<{ z3`~?HO51mPIiY8EPuB}M?WCuvevE=l=$qtVqXJ5obUs-_T9IU96BBYtQ6_mnOXKri z2uNk3VdSm*Je&-YctXaYjCs=-Gb8UV_r$~jnLPNiC%llk;eb9Yuden5NC*}d)`qy) zhVR8NZAL~0tx~p^#vnu;#|$iQ!1gmG)qc}yBH?uaElRe)hN3(UR&;KhSnb`5g%H?Q z{BygX1DkPhaU=5o0`^eocExdSZVn**8|Q#|Gt>lr5R5QI9-?O;k3jN4An*a7!cLd$ zh$hhz7^&@s&hVazdklE2c=$T>NmrBEk^ei`1{m$)gGag4+5Z4{2zaSJ9S-?5ZY*V` zr{5bqY?6#pr|QBqE}twn0V4F%G~E=O8L%LLO3%b59htaDF5w;LT-XdW#k-(Ku!sf0 z`v&kE{pwVz;qh_BuzTD{_?-=)kqYicmq7I@s;yNy8h|S*s;WZU!BX_*DyWA|<4Ow6 z%gcLN*@l`M7yttX1PtukyF<+`l--qG2Y=0{u79`x1c4v}7?rjGfC;Shi_P}iV3qj* znL)P-P&KfT)DXnI*1}?n-sVxxjERYPp~~%M4MmmLfIQFVJkp?>Tb z8#=Cj-zVzBe+Pvz@k&7-OfUiMg(HjV=$Rs5#$i`vF=m6@PDcm*+YyYv0 zJiq@LXnE*9LKP}y^AkK80z|RL5aZbB&sxXX>j+({jC!Qf0Z=q_1p zKj9AA2at7>1bpzb_5#cm!1>t=13!vT9JenVIr9)LiNsSOKlnP`;$Yyhu_X?}VMF0V zc3=nLD?TYm)v!IjCwv%z`Jb->xoaJL;Rx)?N)^O0XZCpo{&JV`lu~36;QY#QK!h*t zeX%xTFpxQ9`V{c(ASC|-!J5xDYXJ!GVYk>DuRA?giTDPZazz^WfjWqq-C zl<665PCtUZK_oX|$cfJzhfH1g>GdPMfPlAp!7d5jHv|a7{Ol~;d~e+sz*ZBA-hP1! zQ2p=$o?&uv5jbOQZC0A?fk@>=M7fVD?+S=ME@Ae-T(kp(Kxp+1z-MQ0n4xHKct!tq zn1>2=1CJ0;gUoE<022oLYap*e7T;@G_#|+@g26Zi+ZQnK0P^t5uNvqSX!{p%+h5RW zAA{*~m^KG+gX?yEuQrTo_Fk4D4~o35^V|m+85y$0msLR?_+e>z*@&6W0jRS=Djggh zS%KZs(Jrb4_9fJ07xcT|ePi1WEwT&F*HAl$kz~=FiCgfq*eXu>_*9`9j0+UZG9aUS z*uXMUY+3yMsk?|qAsx;hUK9yV4kMMFM09{MHw_T;7#BeCkro#R)$^vo@M32ekb@iS z7+ssGUBH_1r~Oj#@A)Q^m>*(ZCJ>&2Uvfp(BPT)AWo}S_Lph|YzrVj}#X-*4m;&EL zPj58{8Qajdhr3(RP)M^%_iKDSGy?2*=+FMqJ>-55y({1|gCpdX?0Y8kkJu0di;3)4 zgD@I9w+~<+*>u|s11c{vozOn$i>$9-kx@BK9(cVP6BV7XUYr{Y%746ouxc~Fb4KBv z2vclv3`z5rH@G{3^ZG^kJ32CwUsi&$gJ8cKFGbP<6m=|Mdr-qIV})J>kNxHJ$1osg z65$GHbpU8F1RChB3t3ms{S8R4dfxbbns$e|5%(-U7UzaI$|TH25FK9vNEzIkQHtPq zwt=I>3oQC);L*+TBBLmo0oDYifa0<+#ovfxm_0n}TSZlIqxq=^UT{wVZ+TBw()H1TEqG`9BVH@}G{g+h z2JE@BxoP1?0jby9T*0O_kI%-&TUtDiiT}G_>237B2tZ%n?|1KRvprAQzsgS$l#GDw zp&J(10i`bZ_T!;a-G&YU1sW15D4!|PY{WTa=G{rXu!GuOdV^I;ckkCJWL=vb=!9UUR|6V(V0@HhxikILz zSm!`-=rc^6D!h6gr4IdKQM|sn>4oRx=H^a!q5%ej1eJdZIp5E$wq*1+~ zqpF(kY<_%r7(gue6cZgM1HO3xZ+5Q%YvShTj~|z0Y>0HFgLsPaq;z%qJ6qoVz4<;_ z^3b;&Q`49gFjKP6mKEP~#TB%--)ll}mi*nvzE9-zNDCIiYWh3G||hR>WJn&RO5WwFobHEoA?#Uwr0%G6_(gZPKKnUMc- z?T@hRoo#LJSy&X?JkVaf>Hth^oWuXnT+uDxj`D1zrsb!{%Zb1zV0;eHY5;l}1mISY zu*e}dyaj>Oi>NE(XG&I92k`uWTlz&5Kjtgp-;xFPz&m&rc>JrjZ`VN~jct<%Lgdg1 zdfo9gcp{&QlcQ9wu`-wuXj+r3Cp{Z-)XrZmX zp7V07eQEFIhm(A&Bc2pdy(=_^*FQy_QGZFKPz77i3&^pLS!}WnGHOrpt~lt0x|Pnp zI$ZJ@aqiT|g&48&tpke; zK_Zz-PbWuro@}-u@(C>zB`d;S}ZudaA#15I6pZ^Xl*(EdX z;5|~xQmw2tX-tNwc1wlt=Wne&g^=h@oD3FhJrSYT|sv3ORsVOOvl9Gbp8asqZ zU}kQ9kM3)g*PvD`&yEiPAs?{e$Vy8ip`Zjf+cdpFfHCgv?d|*u_~+A zXvxj%LZ{%%&|9PO2-*x0h6=d+DXN_~xyIN6A4l-5ZgkHkEPuZ}zpBE3p$gk&uWjx9 z?u_7u1;%f5X}Hfw2YyaxMh!^dyHAowhu^RYV@ zAo*ldVDAxr4G8wS#V-I^ch%5H5gKU3(AAce9RWj2jL?wAOgVt7!^O#I1^iw?L7}vR z_0J9qjLklxsat1<#3{N`o4uI93{5LMydwL?y`3+qUCQ4L$u0}!D$Cau%RgK)c5d$P z_1q$!bQj@S+80>-RnW38k9l_2boLQG_QXL|LlQ?=o?PHH)SCkIOxtuqx^8)&Ck8Rj zP@pQlDKV6upE6&0xh*+2j}0=`#cE38Ad@47ZW4Q|nnfxvkO$Dm!^n4swjb`qx>*-S z56r!MGxUESUIcqDzB`a*0D3I$(7yPTl$)0k0TrqCcHy4)2PMAXvJQ7oUQ-MFfiIWu zdW#7SF~JUf-zVo9%s4tA5#)z1*sufsB!@v_*S{vZYUED~`kt?XQZq6>b7$nZZ6SkI z4P<*0z(_hex0=r-XT1;Qdi+xTK^(l{ zy847d^x?rOJ;f7MGAeK-I?ym0T*&>`YY85;wQ^3)EK@|EVj~s&FapAGDYJ0;cZ$#4 z%e>6_Q6r=7KM$~cH27~RDJ7?-{yTN;s;I6;tOg;vpI+x}#~;0AkvBji{2pAO;zYeW zj6sC{U;bk}^FYXp8IBRWBj14^()sQCAivg^sSxGOB!Zzv_=S}VN8lLoKHKO?NWe-R z4ekb-N1q;AZeoTeP0N$`i_h&3C<1MldV`|^&cq3t${Xt;Ej&Df%ACo`-2`qUznh0X zP*6}LlEgrB1QZr4d^(8FV!2R-P+aE7xCWCk5OcSbD*iIqS#q9tu3SMys&7O78pZX) zI9D}ayFS~&{WYfiwvedt7UeKshMv`Ng4J?RF^grlMAV1(%vBZSLkR8Dlk{1YWY)D! z-QM3vmgi}a3*I8SPzLNL(IHs$p!k+5QPC77&{@W`x7;3&|{++QE%c;74nP2_#7 z9_8-NPANY0BN)Gk1TDs-U1tg`1Pivmz8Dy+4=2)sK;AmzX9&tMxOUTmxfI@l6R!s- zt4kZMq%A6fy(MgThB)Wee%o-An}7mbo~V`$!)-T8{hTn~0;=5!2^Y zGEXDl5l2A?(ER9GbdOfnqC<3b?V>B>V()=t>Qp{me_44X9A8qJ(!N3^{rr)b<}o}U zzn=5%jYY-^$#e|e30oPhhlJjQAB6L0xyU7B{~{rtB_~_&|87ae;NOe*0N6trs+(6& zfh+}xA!}-Cz|4?Rd%=#2%S&`39z!;KuqMC1h;)H}?}D`1C4dveyx`dPadT_#+XSK- zKM4?9eq}cqxK1M+Ke~Pfs<^+qtiH&mB1L8X2~^OdaR+!UZSW*j9hxK6m{5$KD7qFO z^v`1)#7HrG2)Vvx2>N$f)DpZqC&g>~5Xz@&ML~v~A!c(LfB3$Cozwl$aHJ`8gr_5jT!dY=BBUm(Tv(y0=7^AQ+ z(*~nxRI{{5=)t$=5pAU!`wcRwTgiTqcAIDMr}Be=VwT!=ZQ$kfB;h^i9`yNnVRc($A z1FsX%n1K-NAJC;H#m8@=cc8(rjAin2va(JX*8*RnJP3;*_5!667(pO^J852D7P;xp zPvS+1VP2)*agVyZN)gsNjqvCF;E)NXz{UQ4(GdcC=7yn4HfF1^SBOl8=7_rp8vR>i4_ zqHFHsU}zlmMXUqVp=r1Ox0@FOD|I`V z!*Eu2cu^1JNq?^#Z(?yucUM{*%LMNNtLmXJKqM#W0ygkYMWrx5dSGYiP8t~*`ThHM zc6K%}m)niKsDmf5E`u{esyfxY>_eZ7vg5CbU{m->eexCkrXWA8XvKyo<|Ckp}X!7q#rjv+*r!6Xe(N1^)V}f8bR|px9cT-uu44f$u8^Cp@#=t-DV( zpisHK&d!luUZ`g6YTB@Qdv?ry`P&d!U^Eo3I$_|lG@1@a^&VGE87k+q<`vW1cNzZ% zKFW!eG*~tfA8(=3hD5Ow#}v(vu?g0VWa3DRrn8`6p4dA9Ekk7j>1`F%Wp^>~G>JZ6_8{>$LDFF5=VaiA+(A+} zLNx!bM>AnSfQ5W&YRX_t9~VT_L`>(IWmot3)2wdqo2}s>j&4X&hBe_MiW|R8&m(D% z@D%20rR*iM(HfPJG3DdJ5d@msyYWP+#3s-R36KU6C=fHg4%6$VUC+$N&Q!eru-RiV z39Ky)$#Rl!#Z_@C;>W|b%`GlaX%6sq2@Tc52twG-H|5ik5x(*wg~m^#J!K(GLxQ$- zREKn=u@nE6V%(RnpGb~mJxxDTC`oYIyb&D6S%4K%T=z+({@7{nIJhIMeyCMs1)3kw@XXKI;s5Q8@GOWH!}?c zA>Lr6aPy6AR(U)*nYu5o@tVb>=|R1OwklbZ^HTcUnpvbo>2uQkA?*6`?SYhGR2Tu< z^0AvFU5g%KrzM_s`ILcn?@pY(?4}8FaZMv&XoEPPK$lm>M|`+mTpSw4?5yPBy`n=k zqp;wc=%Rj0I5l08mOh#fT#;D}gf#9t^zc_MXWpB--BOnL$TR;h4uJ zM@*v^5QJw21rfbeZlr(L&%*Xue(5S|BAsM;Lx#n*Y7hvvBzqj|Bo%9NMsnGN%+402 zR=vnxMo8LOAQe3<3&$^9{gVg#@BQ0|ODykLXJ6kn&1#T1d3 zV&*5^bDEq51M>8@fH-me<*4fY>Y!p_;+giDFhKiR>9XB{-KjARq&aq9J!-xz&sB{?b&45wwno}^!b;jxAg}QD)~ff#wFP?!s_z4uX$EwC&ihR zVxVS`3{p#R*xlIOF%@KF^%s!%(LjZ9e$a1wNVHH&D5R2d+&PapXBgaXhSw8`wrid} z!4$mPHpI8`;1d!Wj3bCm*K9?kf-T8NEJEaE&ar~jvcYyHCo6vNU`Us!_pc*77*ITy z{#w#0CcX+o-NUuf8%9Pb`Kr|vYVnX@K<76BCiaj+RgV<nBx-B0CxbejiyLA60&5Nq!x&l;qK$Klwrvx7=kX5*e@l4h!EPzY%0Q zSDRuR5{By@0r|sP5Mcu|7pRc=x^09vCqKa*&ZaAv+^sOyv3}sTNMETmQ*85FS_IJQf zO(8P8UDon*62{xB_d*1-0slM^%?z<883aP)!p+aMx%;7FYVr3&&<=#d_W~2gvn*DF z8`nz7XgK|kT!;RUxSsNCBYb@8+J`|sBt0m_CZodC?xToBFw!^O8pv~=6p8PUXAp{? zPpLFdLw(sDQ1N*fy5zzh*3_Y(}VaR5q89@s|E+q8V>P;wmupATlhLCjFz5H?ui$e?ZGiz@w!gJyH&?t`< zvM+g6hPH|nwnTf5EY`X&pI%Qhs3tazw)X|6U=ru%_c1u{qoAB^3OZzd}X!T zr>7c3idjtYF>dwYXtBB2+h4D^XehIW#|&xBXH?=%m+IIfqtwV!o&U|LI^X@cR7)a5 z0^!Kr-5rpS1MMiE{Z`Q6HYlZn#59;OaD9CZ6`YoqHdmnurWS!E%&Oar(Po9hQ%HmL zOL-B#cPd^~U%IBee8fDkjYdM$E4{d{uMcEtK>;zE<7Jpxe0)5pSGV?U{%W?T{8Uz7 zuNM3oi5?LizUU4ow{${s^=X>a6>`dRaubI4vmylLt)03gQJYJ#QNMa%c8P+AEXHfM z+Y?&7l8W|KSW{^!N&bhd>-i$J=x+jBzFk64784wND?Jwd^%WNQDZdFem{tQ|NOc#F zSG|VZzkh^6hv)BLaNAwMIbA;b=2%zty!f^6TYKwz4AYmG$h9C*eWnVz7*kE9ce&D= zB9KAVzwxi<+=cje`Fz%9)}%<%#o<(9E9+J`*5O9(wnGCSB32ZeU=nAxeVCd9d< zcb|XHh7$Fq`#65HN$NgNOntq>2$^9Tj-JT{W~aAG%_A9)mw(`cqOOP<4HKR{-|1}k z4L(w|Dg7@6P*rOh`*WslboDH|=_%LLw(zgvM^gT+-UrJf2pY-*TC>6OvG*U?KT>T$ zi6uqF=2?BvM7dfiTRdKgh<^hERZSALyc8LjaOFmeMi{a*bMp(z&gGvGe5)zo#WZTD zm!ZNyxyBYK-C2F_Mj5Ny!9Y4NkY_$BDr$E$b=~*h)5~xP&|d<=!ZCA4DXGEp?Li?B zVgvPK0B;Ry9kc+HjU0531;n;7~_ICxN5dd;p29p(c>lYHoHj zG|UBUCqUR&Qi4bgK}P2FzQ6k4fDXSQD=)9qq$DU0D3+Yv?$mJ~%RK^D$J;Y)_45o2 zD&k4F<@)+7%pTJo^H3d@s!NhH=af>`dGSyVRL3is_?=-1k!a;93W{_ovdE1f?SnBl zmLH*(iZ8Hl?~e-~Xx{}Z zMeW3;($T{=_WEPFiqRf0i7bDFTxBu|zV{EEgMYi$iiSnHZ|FK~6{_aO)_0ekM#KzH z*Zlr|`13I3Feh`~mHxw-Yj*8XMu-6lhbkw>l?crR1{m;2 z%w(TadUmylT*ubH!WX2UDL2sU^lGStQD8NYV*RVQ@SxCnkF94!UA%Op52~ z+NQO?9=^>6J;sikXVm}V_r@fO$h8}>n|uQg9T#N1lAvr+;?KV+%~f{BFVkggY|g(d z9zKuCtp$cA-?(Hg$Vmqq4ei?PQ%^R@(V!2K$4Z^<$H|WNUpRc3v9EPP(mEW0ffhb| z)6bpp>I~Y+?Rrl0Wlmx{s4RBlMfTS@9ZbI{wKtMqCb-O%e;6Jf2BDsAv)v|0J(kFS z4bU@`0{TuLA3>gi(o&@T$+#T84lF1hqyR7vASCP?VH6?hd{}@8r-YqOG9fOHKUk0&QGJNkqbtsrwAJdbQ(Z zjlSW%dm^fcM23gn$5Y@g?04Yb#NhbRSSI&lN-3lsf-OOQQD}O481g+g8Dv|$B~I@Z zF{!UY5ybiVw72YSz6-8I7`&&4;RwiRYDsk8nB>{Cr1kHHs){eu)$L}kX(sppSHHUL}`tS?AMx@upzi!VJeoN4=3QXUjc&YXD zIGMs7B>W$i&N3>?uG_+NcXxM5cO%{1p_GJlcSv`4w<0OsB_SOGN_R?2!`XiC`Ke?0 z4964qUVE-Nuh~{TPtOkw9KEUk zrBn!m4J>9*D3E@Al=cvupq(~|1pq_^e6BxeYvUr6my|&3VS8C{VHxGB?0=6V_B>e% zKKWmZCMZl`2J2EF<3{5$M4e=VET&$UswpBUY>r6J-dBHe&sBapkoT z&dSPqqFp44)y9b;aac4SC3C(p&uX1jIpQR)yiQXz8am-FlEQ~mT)W>x>h}q=j2x6o z9#Hre?L^@+uo*l^@KfIH4`u3=(lcS1RZU!RW{h694``_p@Usf>7LXiww10&x+&i6o zSm+tsw+tMOI}pfw{624%x0NsJ`#`I1SDSR;Sd>o4d~R2^JxmH08B~WAjX|UABBI=L zM*ryS?I!y}*!oLX2*1J@JF`G^munFr`^-<~;90dy8cvr;7V3?^V`wc{_fG{o%QjVE=1TtPJd;jryGh3o>u6%AsG`{5*>7J1p#x zkzPfF^y1R6u&{p{4^wbFfc}Bo>+7A}-C$@4=6|C9zlJrmhRr`yM{#TvB zPam>Hy)SpJro?){eEjs}hvQNSsxAzTjq?%{6Z7&&Nl0SvK-=!_TRbo}N&eYjWltAN zIA-ind}&?M)Hu88Rel(Fl0-ceSiN@Jx(bIa>~)D+x&&-gYHHg65i1S#GQqn|XfeoPW?53A_}nS)Vy zZX#l3i>pb*&IC;U^r72YY#{_snVk7PR*mqnReV*AMkz9v%o>#2x>5EKq|D9BDoQ}1 ztbG(*;Z!o@9jdc!=b(<4f?|K|+Me8VK)f)Q)UQ+5{sKXCW$jeYpPrvSNqsRBz?m@@ zq-f6w=6>n$waXLgo*wINdugD(LDqQ z!|B6vIk?fOQ+_fRW%D=_Rs!La9H}IwYk=#!b5G0 zeljF>ob0?2o%HKBf7S7$C%ABwkQ>>9Mv{H{c1b5qMo2vfZ>~F|d?1cT`i&I+r>xtM z*g9Q5dk#^mDHeTgs;gaK^l_DXuY5w!Rj+|kn*v+(%)lz(gnNRYM%SWsggRP5S3o$8 zdo4Kjn8y>E4;L}qt5%iHQEU8#;k|RzF?t{t8X4s_VnjZzyqiYx%VsShxp$|{#Ty1vtt2R?M}0KE}KK-+H4tiPEHu>4h0aXC<7GnZ#byzsoA-?aqb#Gp%Bop zL3tz$)iNlM3oMPXZ21is_IY5a{%7=J;lv5=9~b~!>Qd2XLdFfuB?du3qB7}a4D$K+ zjmzVBKSXXr=o``eQbAm$ZR3ywHwa-d7 z+qV?5f&~9Nl+n11hD(s36O0(bAUbD?WhJbx>$RaJe= z^qQ0ANS!_{eG6A4Sxb}aFNP_YjJigd)ZCo5;suOGx=tFUana;|sb|W_&TEhk)l!{KKJ9;P z+5O2IxG|&=9J=zztYB}?f&kI2c50+9tu}NkEQd1$o;sk9Q|xIU*$0?^0a~X36cSOu z@?^IMJMzGW_9X%jbE)_PM*lEvF2BueDPaa~B`pgJ3xwd3czj{O&IZQ)5dM&L0q%OB zDH(xUf(d$GTl38rvjn~Vv{BBa$FORBSG?3yh>$lv^5eAVE{HWx81iU;I|QFxBff3Px~`X^5~N73VD zXm=<>CB;6(NMkV2P(|*<3<^Ec)QT6oFYl067z?Qg_314Q6)0IYp8r+f|I^4u6SfWk z#hm?VB7&sib0-=)2aG#xzpJ+eg=A$|_xwtIarKuosuJ&~M|11|&!$rV3Fd`;Nkc*cb~4dJ*G^_b_g3bBUMaJ>ma9Oio>m$Fnl(ZQ^tUl>W@kh>^nv$ zp~OHW0TmFW?cE7SE))>(AI!iV`ClIbufxjS5iIc3AO7>sfw^V<=g)A2;Jbe^4KZF! z*mkS4I`X6~=)dmtz5d{aMX;Duq!_(8rsE6D-DF@qO#IjcBk`uh2In`Xct z0gzp>%$XqHHu%AOVBk|KvHxL;8s~CwxUvFOSVEAWy+bpY3y$g%#bIj{8sTPNeUYuZ zdHrJ6VYs~OZ;7P?zZ7YiQ}v{6F@y+GueOd6+0dTa#;en#!_RFai;W+9?-7e<-=+Ba zzj$@po~E_KiDv1)QYA%@rjCkJt40{scZ?EqGvFc-TF{6{Aw+a-1OcVvrTxcC%j(}0 zT(XR_G?M6_usH{2*t6O&QJrEdXUP(};>t~qR$4_E?x!IGBBD#M8d^=sMGYkc!3qmW zw$_AdF%HwTLL#N@=eO~24Md}wtb_eUM>@`PCd2C<%cepbl{Wa(CJ6fk#+hN97dQs+ zI{d2^{#2JfToJrPU6U9H=Es75d~eLt|EG)-ebLK~=Y-MMdle>c#qhQ$TDENT?plDZ zDam^l%JyyH^E^Ac&OiUotEjVOz(5ME)mJvPTEtJ}Tm-d+(16p=fgOTE!Zu!FGR2m@ zvO;z8inr4w{Q zD%>|gIA*XVGb0Zg;)T%^N8t)IhAj>tRFDU1qd}42y=DO!C?EuFOu)PdJWoiNk=ET_ zscaUUS@Vkt5pX6Zk;_Xn=o#0A~Ur6-U*M|?>Ws_P;;AMR;T?m6Ei3CTEf0ht$=EO@+ zVD>DiA@c}?8H)Y58)3TQbNn_w`Lhw_{!!Xhs|jHh+C@2MNk~r6z?;)D_X4Pg3DwQ^ znIFfM_as>gk&`iIDaFobqN8GkLuTit$F|XlLjRLf_;Ch_vBoKnnrTK=D%7S|o`$#j zZ;5@Id2UW@8hQAI8{+rI8U5~*zziUhSZt}S^t&NhFVLESMmMhN)y zR~;Pf>;`83HN*X@_|vw%2d#2>85#Q?9pH2A6A8X6BuVCGBpA9XEr8riB;v>O?pgz7 z&9b2626SC{flS9)$C+p;wP|rcxPnJV*+4{@*ptNKN~{58$^i|%rrqLn-{P(%)zUnl zTsjZgUOGlic1$^C^`>3-4#VF~?et;CX3+pwjNJ9lhcfOpyd=@6=2ljTLk0A-uID8d z6bu2;z={X+ys9|vl)m0E^Z>+MVme|quMp9j&&o%Eh>s&UFL_Kk z(!9@vKh3&oMGGwbB;X`eSM0+C6t7|>x_QFQV3Vc8M=X{!abWrrf97wx`w|vailZ)x zo@7YcBHG+>YP{0iRI|Ma^R;NYzsRX(-wDP|mrjZ6>s}nv&yF3Jb}f9GoAu^K{e`gK z`;FKo&eYK19u1{u`Qe<2%V3PpE7FaqDlJ^;X~A70x!UdKhw*bT+6wcJ*WnV7vQjoz zCvY4`j&c>~>RSE#N5$7Pqp_iF`+02EAmRrtBTL)rAgn@pT$0-oiczr>YltTXuEE)9 zezn#b3Au}%#@$zWOyuH_&>M4~1StnQd^GYjAwe-hxi1Roxa*p@M(F+-Z*Roh&-&pl zDam3EGZX$% z0^;w*J`bcWo;@F26M1~LsF!@j>4{m^^~|%<`bsuD@CkWmxF{g$SY!nG^aFoG&7roz zd8vsgS`IeO(VyFJC>imSzNfnCL`@qg`*y3~u{bShtgmdWVRt6|@slL6025WD3PJ_f z*3xp8pBBRXJ^kATJL}AJRUSH7Xq^$9`aIrxPc%jJ$A>qMJ>hG1>I={-yr zdKmlziTKTNUUNBWhxQy+-~j`f@EBaLa+2YsmhPPBRur7^J$XJ;tEfT0JTuEvA;VI1 z*B;=*Ff|ZWWvU4-FOu|Prbb&IuHd|+d+#l0g-24Xzn}L&+`Se#EJ-e2g4e;)>vXIV zU`%!^EzJ7$I4CMa7!h;FZ#O`4wPVqsR<dbv zDB3Pe`)QeTD9oH^jRkb?^74ro)Hp6z(PqM&!8vOY$4==rLo%PHP{WwGU3^xv{Rzv8 zoy)6zPR7yb-%^BeN-DgPPX(Pu4o5f+f0gJ2fE}x^Lv_>~3md0Gk?`ANiUzDxz0lGM z37yCU`BsX-q;ZEw9%+axtI%9Tb$d$8x(nC=I&- zRp^(Omr&DOI67cgEc$dVWi|ntVGA-d574{x2G%GgJ-})zE$v??D?}4TKRC)j@iRzX zBB)S}XlPP*y|hnm7j12eWl5>3@08PdZ_BJUfBa_KF;m)M1AXivBF6G6CyhU5 zicnf%y4gk26(cvUg-`!7h4HL`6;1SUS5Q>ED54U?5i*q>O`_j8oFHTJg#2E4IcBmr z6|@w6R+*bRCCk%?5wCQ07T{-Pc0+G{ilOVrXiS2V{F?txk6m5tM~jA;5&w^*dkaLD z1F05ki>Ihh^vQ+Iq(y4=BQ~QL%;{DYjik z>=~>?(l91>Xs*~{sv%|@1V+q~dQH(Y%^aH71e=Enx{@z985?pjf_M`p-59#;queKAqMCaBAme3w=r+4C654Z!$fNo~@Jy z4?5jMU7gSH#t}k~s&2ohmUF*)s8)QP+jYmn-|V=X;Wp>_1d}DXkuWN08;$jOpKJVt z=CdWzDnDyv-iM-OlvGSz8-E&n0dpmM`T_{5wNTklB99}Llf7X&=~d_K&v`AxJ@*Vf z7MOgFyoq63{DQ(LYW)*=0}}(*HD|tP66vWl(ffy$3=ZG9dEO4!X(-2`P5K^$&2GP= z+pTL$@tfLwGYhI~#aVlkXcf~xg@yHrZ<+h&(N@AxAhU0QlnJa}wO&0HCuc)#t)rP) z@1Yx2T}_PxsJhL{%A!jNd{2C1#Ip-FT6sdAK3yhiioz7sX4@EXrRktY^QIb@Ac3tv z55&2Oi$j#et?NfVew_UtXHj?B=Gs1jz(lJJi@$uB`f^=-Irc?M75!4pY`fF@8a<$Q zXD=yhVIjAsX~Qxh!}rpzOX|_Tzna@`r(YgUM7FQ1$xWWEmQ6U)jWv}QA?L3^eC}26 z9R55)8f!>?#l}&H^0#URhv0LvyYH+cU~76-;DkGmbe_tOoKL`-l{V5>UCzeQ^Ihmb z147WIK6gkC62ZVnejRK4E$je!3Ci5;{m8~9sy`tqqdU2vtW}tL4nkF!;b?5vmFsmO zc|^_*aw$UnblsQgna3CB{d~#WDkR4M9>#ozltbY0XvpUqeZ&FS4p9n$}SuUNkqoz+T*(7-I^MN&tBiI{g!KDoT9{# zMqd4u>Rs3mYUoaneD@4K#9d`7C2^&EYDa~E@maVxqIWS-h-I3^0{LaO2GT(>Jt!a0 zqPT}=g`tr)klRCQkWKA?K{GJLM`SBLeJzv}Iu0#?;`lmOw4Vrq}qws||JapLUyo0e}(WU3p2iZlvt zE?7M-j4A1ovNF?2NvV!jK4X!FmrjCIu}FyJk|F1i!-)cq3nf2D~z z-dsvgso_W@8XCUIjztS@{qrF6ZG)I%%cG;ds3Gjcw;Wph9uywmhLS%)tU$!x{WHtn zZ72Mzd4J7U1u3!+iq4Dg#GuQ4@a6fjkIyzCW=v%104zUX+|^}xcA_P}fyF)$%(qw4 z)A6QJl3@w5#;w{aWPNV5cW)M}%IQ{TN@fFJbRIrLY`Kh*C0zg2Syg;9M@qVrM%?=2 zn)|`Dz`|-GKs_oc9SAmu(Yhn0?}9`1RgRGq&7}?dOc*ynH|rQM8&2i}ANC z*gktCsr}<>F9Md)lXEI-94|ZgFtsPwO#MTSeWvQY6cLXpd`0JCD2$Fc9(lo(lNq#^%5E-p!0%ouzgH&a7^FQ2A~i$CDe)DDLdE&%<6o7ukROV8oyeENWH@xh z+qbQ)hE9=#y)WWO<_5L>(v8n3bc@?IO4BG6vCSapghgQ$EBWJg$x=fT@_x*Y^Ha=^q-Ug_`PJu%+SL(SB@~Abq}^hT_45C%;Z$04 zuYEe*LmiCX`QJ(+O&v*1V1AzZuCA}sncRCs;yTdwJDJKs1;vz4H*c7QRPLDN>D>&*X5DFtH-`4LnyE}y>aD=S6X$1xUb|>KZh=zu?HHfS&%j<-f2|ds0W;V7PrnJ4i zeb%}i4?3&afCqXsnHHq@+d&KDco0{FF(~l8xuGPw#F)a3d3_e!iuhfIE|&UwCFYKb zN~5b~;lla+9B7qZTj&+=p~=KGc&H%7W7#f z)&yJ5`^dTwmr-U@j-qa!&{zxHgYA8h*QGOxxt-f+5~)p5QLcQhLv=zyYE?lME9(QB zaIjMY=B!?%8`7;qrnC6DKO(RLi`m~9;qc5h*GWqf@$C^&dc>(bGD29I^V~=o{-*Lo zE3azUlxz%O(z1rCS-r&&@rS~MW(5g+JChK+`5xYZtNLZI9&lDIzryS!fg#-G||b zD?Y}o1dVL(n#>!TXY3r`U0kxHWsFVb_QDgZ*Om^TedS_}GyhPwE>V6Oc$Ihs>4^|C2 z1A70h`D!SPex3I{3oHjMme@3MEZL$AHP4K|MP&9WHdBhqBs!|5vl#Rki)$gK_k;uIvD(RKdb*m z<^WxSOi)T}_FvO{VWRDMS(QWOJQg0F6+3}kQ>;W}cq1^Afb<5ye`xFL>l+yOJl#20 z{3!brq1m#|R;$k%9T^R*HL7$y_ksuoIqMC#2T~v1WvSVWg-9oVrE#17lb1f=>CC~VAf98sN3d`9%sLlt{STrFR~SMmsxSZ+S_vx+Oe@z zEi{2G`rkA3WXzuUi@vIPw|I-*r)-2Hu-#E8T z*^-kouD9>PR&IdpTd}tL7Z)BRjALf0ZigRKvW0PhR3Cg6Cko-lJP$=Ed;4SAC#UpO z`Y>qEVgbCJgMmG|z?Hot>TYb0=J(d2ziGGAa+$ z(Gbf%=-a0VRq)+-Q7f3YmI}T*@-#IqV2B3H3%nR<)V5*^eLxZsao&Q#LP0`mF!(A5 ziNVFsPC*=di5gQC_=3O7?8>v*nu)yq5C2yHr#1t)}sjg@4*(+Fk=jEr=dFJ#<-1 z^0P&QO+|+=9J)ppd)2hUZP~g-LTc)Mc2rD@9HeWO0LN~Qj>>}d_eQY)vM2a$osp34 zJ;@hiu@Po0>NaV(pioC46nquevg?p#oh?<4HG{k0p373y9ldH@V(tSrlS*5emC#~u0^bt=cT;murhva~v8-A)y$i6@r^^zE? zZg9V|;z1`*YrU5!hCkduV4{@groFr5?}F|p4qtK?o9dcm`DXv*Cg^3d{TF|y7&jQ zFG(i6LkKFcKV#Lm?RbGH<(XWoG?DlW)%C5)k`vf*uy|$fBey#Y_z*}ED zck!2T*l?JwJ&B}ZBY*b=fME^)oKj!S{Xp{mtv$nt)-k_Iy=~rz8A2E%;|jUFyzK1k z4D^#SybV};tqBzS%6<<;#UC3RW}2GV-Ooj$n~7tzKzu(qJe1fN&*B1|Ag_98grM2rDwNqU=eZ4OGCt^U7+vuA2(8Qy5=tsgxEnDaw_1bUTu!*P82e1;*$ z=FxJEq4z0Ex(R9nf=z5msg{O;YM} zkuFv=KJj;mODn5O7JadKa#1A&$3N*{aL1kZ!uV*?{1Uvo*Wt)cE1jrYsCd*Fp}4BD zF4riL;qqI(#?ebn}R?S~X^jzD=iE z{uVa#^`CBDa9BUBCwFvD#bZEAnsv1pftG!UFN=pi`P;6;lT|B+Txb;O@ikoBqDdy-x{>~J{e}0j7dm#Kzuma{$0(ACAYVqn2?vLW|Nfs< zVm=2FIPFFG%F-PMynGu4raVX^}ru&yj{8F^N0pn5dPG1oN%~8 zrU~Qs70O7Q$rsqJ^vSX`6ghn8f-0%lx87Cc$hLf*G!Kqko!%dDxDwnWtdV6LY1|eigU%TQ<-7 zi!crd`$_b0Pkq?1X({|-Ps>FbN@qhfQAF%E){QyXFeEPMVx_W?bdtq{J_##<=FiKg zHG;oyMehVri&$@g)LsAoUk&~9h9V!fnd%mo7f_@Ay)cbKKiG~>N`2r(oDkq*j7tN zmPcFlj%be4b?fcvt?=2$l*wG}Too5@58u*atf@zGuQh*DelNYl!;9hWRHx_#$$JE| z%wBj1{B%pt(_h+}n&1g36z)(NBJJ<*PeJVWz3do};&VVr%ZB!-0A$iU$2r%%c^;lF0CT~` z#XTzAm=ZsC0%x`1UQTjJ)D@XFLt`mM!rg6Gd<&Y;#_A2p1SigvI`En%)HL}$%5V;? zm>*ZKubH(u$8(HBeJG6;*5}yQ%i4GBIDwx^T7Jvs5T^=b7&<;5Z3D;tb~+P21O;39 zP~-j5jccrT)r#cqL*Zb}n+h67La! z$$|j=E(rh4XIzuz{U!IG$|fk?pAxHv@ zr_Q;bFI(TV)!+vtSirr@6cfqIJw_+Z`EQ4_Ffx8QH-J5o{T3(7lLX%?c)|Ub&*_kR zXf4UX;{|c^tC#Oa8#>7w@-zifoUavn3h;j^@EN3aNRn4nWp=$`^H`iyuw%cJPnWAZ z1#{+9Mj~*2Kf5F&)s^rg$VQ<>dH=F__8es7B`|)n++j;>0^Re2o zw3I{yQdtsBP|UZR$YV1^Laku&)^F7?0nhexU5exAEG>TSS@(a#_5}39G1ePI)jks6 z^*XoC+j$ye=_gVLNFckS@J;ZB84LGYbwX9|lqF~FY83nX)Wg@IVF>d+}A)YGT6zX%)|1WOa74!w9T-0FN$b2o^YE=DN zs{i!do;-}MKLp-%Kc@{yz6-U#RU`Rv@s0#LhFRG8Wl(#zVFzzlRB-&g5g*TWR!9HK zw!;tQ#_*|*KiIe=<1~Ys;p#zFl^!=x(+h`UCPfvc>4pBc z>vwQ~5qGjkRu~$RC^AlHF0-hkL)~TD?tH2g8r)ObDBE^Uc>Wc8$LR;Hd%hHH%_W^< zgt7~wMVjcHbdGV&8HS3sSA0gtZ=WH^jFlN#IuqpHBle}ws7dhi1eSKK>^jFXeL z*l%slJT|l30e!d|m(*h)rFp`B$BzyZl?|Y_Q=|S()=`yOw9mlwd_i(PvbC4d=?s}y zsBtZh=R8DdOWpl0Pl@ig>ayr}_3O~cmK#==H=Ci9i=85$RZFl#>_Rblu(ZrY5r1y; zoh^hVH~V4L%2V4@GBHDnyr5}OBdQuDW%zGLUg1j$sJ7)sgy-`YBOJpXr;S7{&Bsv- z{OEofIuMBu%W|5DeSrigJ1!0mzQGjRz4ZPFPi{7FGs2T3%fk}^QRq%|!S118@Lkfc+<9=@zIViW+d|wV$#I?mS?=uq(BE#UsAu`3u zN<>))3;3swz$u@h!jZ~@6u5fI@0_pX=367dP=$?T_enD?zr->hddNcXwb;N>2|@p^ zs$SFn7*$x1j18plvcIpljR-SlDIK`r{O9m3!)?)RRE*t&kyLXTl!7>^#TQ`@- zi-(RTs#XQW#Srp|!8I&^thv0kwRL@cy|QBD-ft8$1eKf#vXlTqwrDKLx8_wM$VjpT z1ryqsot^y;LYONSNJargiOECFQ~Qoch7|!47t%+ZRi$Fis*$n@z&a=}3FJg9Ge^uh z3q(zAgMla63uA8KP1Eftbswx)Iy-ZdPrGwKyhL8_*R}{2JEPxhI?a)m%2b^%_f|#C z%C_{1^kWd)hldZ9X6-e`gEeAllp$wIm);MS-f#m=IqK+NaV*}4D7h6F|EU|L);0bv z`U3Y;iH~KJE4TVOz$?2`aQ-LrLX)EQ*Z1DkD40`xNm*yV?Oo0ag%5PBtj=v_?9DUg z-%-QxUPfTxO4jDs7>EoI;JH=($-IavV*Ca>d|=>93qp9<=h&1vGz|ew0s_$>=jGh4 zad4DD+%fpeW3=TZNNs|nYJ z>xVD?z3y=%nqX7)%13ka3;yNBc|BpR?%68msusRqg|EV!-)L>*w>UT9I%j1Hle-FO zO>k>EG8OLo={F+?{#)fEfhKr<9ULFJmK&xA=?`eFyIM}!oi%l_ND2E`Gi8T|k}%WE zla=s(LTc2J9AXmv&~HF#*u&l~{nQyoT+8 zY(a+E;z$=Tk1e~GMt{s63a9a2uOW6aa_Lebtb0>D~gEAlymNlvC9_8 zkC^(*7Sg?pHo^hHh1ea6GQou5N?(tIDc6E1Es{mz%d$HV)1|{W+p2Q)RpXu-&qdN_ zYqK3_ekeQ+)C4Pad+X>ZU(xzHw=+PGr4vr|iL+BdAP3jsutsLnPi!_yQcdlhFRChi z`GDE`&x0)U#2^=fvD081jv3xd5_oX;|H%W&q8jrJbfHyQ=AGt%b8(DeYfU;tlSO)k z8TY6)E{7aR=9SdajS5HP*VWLXsTIP9u1877o;cM#8|tzYC+SiP&jNlm=<@RlU&7$X z^4$yOjDX8eBNd8mUUVX>PE*F=j-s}Azq(FJqcURov`_}t>w+e7{HjLI+3F_W*8}3x z`pD#@DEO7;ICd}3%oK%7F)hRJhT9&fBUI%Hdtu5AmQ+kpF-%t7$c%=ncM1kS+>h`8 zsNhxT*^8?k%;eS6;}${<$V$1GU?rgrzidju9oz4!M(V)s% zBOyjad%}X@i@`|{;*l)w3;Y<#o7>!~%U>i&`lZ&9lo$bbg<0UF991_jko2eq3th#E z0|~53w!mpv$hIK5w6FaylAgDTHPz~0#ZUeOcsmw-`K;|0IO`TrBv37L1oH4@-Va{_ zA{5j9-wTH$k4G$2wr3K(KQck5tnX%zRYt$awPNc{Yt%k;y)h}&NGfK6|8mkLv2O6u zL~M>-Bo7tUQt6PJ+;=lSb#|0&**sM2_S8he&4{JP7B(ea!Gu%Yo$*ygU1<+yK=+Kp zf4?9WeQio5pL?glN8-iqH0+8tN+#nX7m|PY#xp=s z+crc^O5K&T3IDi(9 z*?N;*jn2V^-$Y$zcbc>&s(^QH_Xq3ES&{Snp-z0kt%K+eL*)e)=Q%lL4=0fDRe)TJ z{eGAublJ<2S0l#dM)4Ab63^$rkx-!dR^hj58vuRTA9Y^}#xbxf1yKT_i|vfwj$4vH zm26;*dy!kfn*@6-&Ul1bG}f5!2R~~bG&XED^k(I3gUq`t%KaCrmN~9(c`}$=)RSva zw}ugUY0CH_T$(xNR&YH5@is=_A2a=zr_kASks@TP4woenAhafa(_qu7o7> z%RwG=^Bl9PS>^K=>UAkm7tKaT&K1$N7F`DiLJzIDHzWe_I3pj>OTS;OBuk&=lCY<+-$k}JgfXdG2c*hx5EQ3%C)TyoMUtm$1{ zsZ?C)TIORPjr7>$T~Uf-WdxZt4v&&-M?N)1uTp9+M&HBs4@ZPS!$$=E4Lo^8L8dQ| z>KDaAYo(MjA;>oE9zVZ{$h=mJM^5*Db66=Cd=?oQSz1a{C#kNk4no~}dU`%Sf>T#a z-jx>%`DwjTM@4{`^AClV!}}5H!0*^_-3Rb;r6eV_<_U;UI|jHfNs9q97O)o*{VH`1r!*S@uH+9v%Dfin1&X;Sfug;b;qBI74 zbFF@#`}l~*Zg9s4-J>m-REn#;T^4@)c}Zvc5xEsCR)0bNC;mS#WqWPQK7R}_XzqnB9Bu!hKhjEDJM$apimC~Twd$hc z5NE81@^}OTw9bPm69#_vo zKB19|0wnW^*ttN}I^`L&i=*gHr48u?*`#)qmk)B6Pxxky^v*=a7wE_@i42Ug3L;=B z4aE98SicARcacdIIuq>R3QxPhSF&nN!95K0GqB-yLmyjY8pu@J%OBdy*(dz^U3GP0 zE9K{6F>seTM{W`DvMCj0jH{|H?9;h2s;3TpxNVQ|HSk^a;E6BR^vafRc}tTm6=Cwo z@VytV%=w*W+j*7IIZSkyl_M%pQ*r>P`?;h7o=$z7Llr z-`pRkGTzBh3lggp2rXniy2i+W|3E_9R_i7Y6jdHaxte&9w}Qh67x%nr3h*(=f6dft#=p{ z$kb6SDLH1EcRDvS3Lj*nj$XX}ho{lDQ*-KB(7RjwyiKCK(nF!BFER6)-6%{?V-V-W zx_g6Uxi50oxxf07H2brLSfKV7E^V}yR_e=lo(CZZOZxqT@bPWV&+~t<5p)&PnCc+k z_TIL+?u*knc3y-}SjEJ|<5WLU8J_dMabIsG;&og z<_XV&rQW|w(lTbgz1eh;S%MXPv+)-r1f4&$_+VO%jx{VVdH79NaGppCkt-jxb7}W6 zO{Byss{Mu`Y&mm94C_Jf_DKa*xh2$=`~ z%p*~GoJt``ATmUJ|B?uKRF{-UA$3BEk`+|~);_~H0Lcfl=q|o10aQ-r|IH+B6EtHD z42nMCU8%QS-=R{jZ;~^jY>)pjONuqBzv>DK?MT4WKK`6*%mkJ_I-anJu~Pcdq&P$y zEw4eZvmotef_4rK{`tANIRLQy^$W=s68o);3>_^kFgg*&S#S_(LyD_=Y8%rn7h%B^ zb#?ihnQa_Z!s>&T6aW@v?zRPI1-{OIyXPNo)HUGXcPH6^*@=)qZG|idqVtPUF94NC$rl{s3MK_rF`nzpNOoeDcHNBPm)$ z;Oh@+2@C*H(bCl9I$EN0cS@T(e8Liu#+071Y6RAq<@_3k|GgjJ1zvei*Sa460W*4g zg8~C1H)f8Hj|;${G}xv~+cEuL@o}tEy})K2n#~*JFNkzTA<&?;n)Q`0pnLtZnTG0Sp_W5f0`9 z+ZSG4Ye|#ZapmnT>Z-$({PwwQ2$H?XTMQb=Fp|J3;k34-O$`GRFW_;q^bghmZkMrR z+;T`7ElFt2VCVEjKXwpSyF`XSUrP^?k_H1i0>G{psu1eqO5~6*=ii%oerQ0jcW@wE zR{Vqj$Xw6MQvrW}8aldrc)&Ff(|w}OD+*I@Nn+7J*x~#v^Q*YLJU_A&D)_TILo-oh zPfs9-G*SC%8nG<`UlDkNOpC`s$Ir_&vwY5sDY&i!GJ$U&{qFvLMn*?i5WghDCwvA3ZU4RWJ);r_%g^jpPkj!XZ}$v zNrgPraNGep-O}0`-G85CSHNWl0ShR(5|BZn;A@E&Gi1hIc;0hA;h0!GcleeAV@qt9 zp5O89-PG%o>f4}Ab|n1)RmWf75Uq>600Iv@jOzTsrw*7qz(DmE2ztI|*vXO}{Kw~; z14oL7L0`ke!~Y>#H#avaDJdD42#^nhY!X?N=KxfGGL=yiFr}ex!rueTzCSPl$_^FR zIDppymwu~n?o2+uzQJ~YjKPi+4iax%3=9a`ad`ju3u;{qSkWBS22NXwZ@R9*0}k+0 zXz1v|!@?*@yspQXfyIh_%(kg`A<+gbxc`+646bx|zWIelS$PiryEoU@~VQY&7KCC(+h+vH~Tkd-jQmAe}M~xpe_V)+}DR%Q1lS^tg8k!y$NcQ;P6Vz$^g`p zU;%1G9O-BRXflxC4 z4fqyBP@tD~x*z`pK0sjK&*HMCY6^V44Ft6jh`9_T?B76B$(>he?7TfM@c|^7%gfWf z(>HK9EZwACQw4v4nlgovfXFNK>dgRd=|bpB|D&o3a0T29-)v4|=?>-*NAmK&Ir!SL z7M%*H9*~Ox`+1)It^*qLy_*9On1lhOBv%uT0oa?shyj@D;HSfI1awjGsF}F(1GjsC zkbhZ!eGHUiXJh*V$_s+KD6sCl=Ap+*1OqIB=e6e4R469FvLp$CSMAF7UKXhtLP)E+ zk5}XWnmW_4Ca*LMXCWl)K^T@0AVf!zp^U~s!hj(m0nti;6pBVx>qv@#0cER^B&ZP) zWGNt^g|H|~DNB(8QXl~b5$K4r2!l$XRon^@9En(P-ei`m`Ijr-pD))r?|I&H&hy-| zPM;sZCAWautIiRT9WZ735Q~_v=g^?&Vzh$M@y;@oFlLgI3VF z*2}gYHda=bj+{N$vs~CDWkC9fE3BO}Cwi?}=WpySRShg5t1%to30d24L29w)oDt^6 z!!Uj$Ng_L`+jb94`$J$}etrVP^n1W8P`*+|!J&Yf5dtg#Tn#R#xU4Mg*@&eoAf|uL z+BHE-fqGW#o|*ux4=I+Hu=0~je^dWe)FHf~Vamq)g}EQp8~_l3b?auZ_(ZoY!g5n| zIF2!|8H(sb<96oEr4K=Me=|H+rF0zb>uTb*InZbuFKWu4G)JO`(8avCIPIi{@ZJr` zyB5Nhib4YUJo!MjK-;FNB2##yM)N-^`}FJ`LR4VM7=L4LZxNCRq3izscs64vDduMu zxZN9ox_08$i>)NRJMpR~tx-k-k4@9P!d|X>+co7n-Et}s#Ajt1KI0UMxzDLelsE-c z03WFdL@Ym=aYMHg!=NhE#NHzMvR zzSb#_CXIz#_Zd1pVlTQ$vHq)w&Cv?A=pV{r5eS6w%Jj6xgU>4dx2%Vn%dOeSYw{>*CRX_rIuq({eEL}YSnpT=iss*iBrKGX?zlggS1|6L^J)OrQs6LudxeaO zd1Bt@M67ohMH4@C06&BPiGO_8Q*H z=850fPsyCv0Ve~#aS{Aj8YmQgRId{`chD|IQQ-I#&?N-yEP|p$;&dX!x?AoV*yRu7 z;!zk;i%R>T;KR(Ux6T!((99#6vEf`fQhW3CVkb63!ZS8DCT*KafN4gi)OUkXN4T*d zL`ZS0KZ>ja918H)*V~03T-0WQJwF}W#h-(g3Efh`#aG&Ja>DlWP+K@*VVB28b!Bc0eC{w%?TmJi zxkrEfXB#L49(D9$DOF#LkA>Ll+IJW|GZO6qqqV58u;Q-B5mK>O*TJ4yR8+K3cG@uZ zZ8pUGLoI{r064K1wHwmUMzse#nN{r3+Z&Y7W?t6+hxO@0jzyr_`%PvOhCcxZfELk0 zU?+%8Nl}41ii63h@5#Y1i!%8i(x3pSc|O2m<5xncYUT8nU(7tt-lu?FVU%E&@%(N zcH(hmBC(oumVxDANX$GqJEJ?0HksNCo@X*I+#$>10@W;#qIj%8w|Y!=2Eltz{{b!X z2E0F@*TMlKNZL#=EUw-C*9YLPB9l=%G+=r;J3CjISz)|Ss*)SG#9EUz`u|j@7Dw#X z(9i(sbNkrrfo|$=wy2erl{uM$HTPj*q~z>j{zn~}{K~`0Nq{IQ@JYsFaqWH(+r4Pg z)sgIRX6=+v=n*#woB|Gq!?z6&3ky4VFe4kT58giD=VxnSLB|b$Ps*a3e@ds9NF>@F z92FO~1o9xNalx~suJ~J}=K6lVzFygOC_^+pSUg#I^X9gW8pF19_dovS`4N8mRV=ubYpmlvl@Y+5tL_K ztFw>)?u#aiO5K>f7`FRwg9Xop8-6(s8(Ny4Z7sn^W2VqFZ&#R_PEhkxkN$%f8y>+w W|NWxepllKWpM73zR-l;;%y diff --git a/docs/faq.md b/docs/faq.md index 83bdf8d7d38b5..5ce6ca134ff1b 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -268,3 +268,45 @@ The most common instance of this error is with `env:` fields for `containers`. !!! note "Dynamic applications" It's possible that your application is being generated by a tool in which case the duplication might not be evident within the scope of a single file. If you have trouble debugging this problem, consider filing a ticket to the owner of the generator tool asking them to improve its validation and error reporting. + +## How to rotate Redis secret? +* Delete `argocd-redis` secret in the namespace where Argo CD is installed. +```bash +kubectl delete secret argocd-redis -n +``` +* If you are running Redis in HA mode, restart Redis in HA. +```bash +kubectl rollout restart deployment argocd-redis-ha-haproxy +kubectl rollout restart statefulset argocd-redis-ha-server +``` +* If you are running Redis in non-HA mode, restart Redis. +```bash +kubectl rollout restart deployment argocd-redis +``` +* Restart other components. +```bash +kubectl rollout restart deployment argocd-server argocd-repo-server +kubectl rollout restart statefulset argocd-application-controller +``` + +## How to turn off Redis auth if users really want to? + +Argo CD default installation is now configured automatically enable Redis authentication. +If for some reason authenticated Redis does not work for you and you want to use non-authenticated Redis, here are the steps: + +* You need to have your own Redis installation. +* Configure Argo CD to use your own Redis instance. See this [doc](https://argo-cd.readthedocs.io/en/stable/operator-manual/argocd-cmd-params-cm-yaml/) for the Argo CD configuration. +* If you already installed Redis shipped with Argo CD, you also need to clean up the existing components: + * When HA Redis is used: + * kubectl delete deployment argocd-redis-ha-haproxy + * kubectl delete statefulset argocd-redis-ha-server + * When non-HA Redis is used: + * kubectl delete deployment argocd-redis +* Remove environment variable `REDIS_PASSWORD` from the following manifests + * Deployment: argocd-repo-server: + * Deployment: argocd-server + * StatefulSet: argocd-application-controller + +## How do I provide my own Redis credentials? +The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed. +You can config your secret provider to generate Kubernetes secret accordingly. \ No newline at end of file diff --git a/docs/getting_started.md b/docs/getting_started.md index 2058464265d14..4afe4add47267 100644 --- a/docs/getting_started.md +++ b/docs/getting_started.md @@ -40,6 +40,9 @@ Do one of: Use `argocd login --core` to [configure](./user-guide/commands/argocd_login.md) CLI access and skip steps 3-5. +!!! note + This default installation for Redis is using password authentication. The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed. + ## 2. Download Argo CD CLI Download the latest Argo CD version from [https://github.com/argoproj/argo-cd/releases/latest](https://github.com/argoproj/argo-cd/releases/latest). More detailed installation instructions can be found via the [CLI installation documentation](cli_installation.md). @@ -214,12 +217,6 @@ events, and assessed health status. ### Syncing via UI -On the Applications page, click on *Sync* button of the guestbook application: - ![guestbook app](assets/guestbook-app.png) - -A panel will be opened and then, click on *Synchronize* button. - -You can see more details by clicking at the guestbook application: - ![view app](assets/guestbook-tree.png) + diff --git a/docs/operator-manual/applicationset/Controlling-Resource-Modification.md b/docs/operator-manual/applicationset/Controlling-Resource-Modification.md index ae65fa3462e5b..d72cee60ad401 100644 --- a/docs/operator-manual/applicationset/Controlling-Resource-Modification.md +++ b/docs/operator-manual/applicationset/Controlling-Resource-Modification.md @@ -32,19 +32,16 @@ spec: ``` -- Policy `create-only`: Prevents ApplicationSet controller from modifying or deleting Applications. **WARNING**: It doesn't prevent Application controller from deleting Applications according to [ownerReferences](https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/) when deleting ApplicationSet. -- Policy `create-update`: Prevents ApplicationSet controller from deleting Applications. Update is allowed. **WARNING**: It doesn't prevent Application controller from deleting Applications according to [ownerReferences](https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/) when deleting ApplicationSet. +- Policy `create-only`: Prevents ApplicationSet controller from modifying or deleting Applications. Prevents Application controller from deleting Applications according to [ownerReferences](https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/). +- Policy `create-update`: Prevents ApplicationSet controller from deleting Applications. Update is allowed. Prevents Application controller from deleting Applications according to [ownerReferences](https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/). - Policy `create-delete`: Prevents ApplicationSet controller from modifying Applications. Delete is allowed. - Policy `sync`: Update and Delete are allowed. If the controller parameter `--policy` is set, it takes precedence on the field `applicationsSync`. It is possible to allow per ApplicationSet sync policy by setting variable `ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE` to argocd-cmd-params-cm `applicationsetcontroller.enable.policy.override` or directly with controller parameter `--enable-policy-override` (default to `false`). -### Policy - `create-only`: Prevent ApplicationSet controller from modifying and deleting Applications - -To allow the ApplicationSet controller to *create* `Application` resources, but prevent any further modification, such as *deletion*, or modification of Application fields, add this parameter in the ApplicationSet controller: - -**WARNING**: "*deletion*" indicates the case as the result of comparing generated Application between before and after, there are Applications which no longer exist. It doesn't indicate the case Applications are deleted according to ownerReferences to ApplicationSet. See [How to prevent Application controller from deleting Applications when deleting ApplicationSet](#how-to-prevent-application-controller-from-deleting-applications-when-deleting-applicationset) +### Controller parameter +To allow the ApplicationSet controller to *create* `Application` resources, but prevent any further modification, such as deletion, or modification of Application fields, add this parameter in the ApplicationSet controller: ``` --policy create-only ``` @@ -60,12 +57,9 @@ spec: applicationsSync: create-only ``` -### Policy - `create-update`: Prevent ApplicationSet controller from deleting Applications +## Policy - `create-update`: Prevent ApplicationSet controller from deleting Applications To allow the ApplicationSet controller to create or modify `Application` resources, but prevent Applications from being deleted, add the following parameter to the ApplicationSet controller `Deployment`: - -**WARNING**: "*deletion*" indicates the case as the result of comparing generated Application between before and after, there are Applications which no longer exist. It doesn't indicate the case Applications are deleted according to ownerReferences to ApplicationSet. See [How to prevent Application controller from deleting Applications when deleting ApplicationSet](#how-to-prevent-application-controller-from-deleting-applications-when-deleting-applicationset) - ``` --policy create-update ``` @@ -83,22 +77,6 @@ spec: applicationsSync: create-update ``` -### How to prevent Application controller from deleting Applications when deleting ApplicationSet - -By default, `create-only` and `create-update` policy isn't effective against preventing deletion of Applications when deleting ApplicationSet. -You must set the finalizer to ApplicationSet to prevent deletion in such case, and use background cascading deletion. -If you use foreground cascading deletion, there's no guarantee to preserve applications. - -```yaml -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - # (...) -``` - ## Ignore certain changes to Applications The ApplicationSet spec includes an `ignoreApplicationDifferences` field, which allows you to specify which fields of diff --git a/docs/operator-manual/applicationset/Generators-Cluster.md b/docs/operator-manual/applicationset/Generators-Cluster.md index 3cdc5a3dade62..aa18983fe3d54 100644 --- a/docs/operator-manual/applicationset/Generators-Cluster.md +++ b/docs/operator-manual/applicationset/Generators-Cluster.md @@ -75,7 +75,7 @@ spec: - clusters: selector: matchLabels: - staging: "true" + staging: true # The cluster generator also supports matchExpressions. #matchExpressions: # - key: staging diff --git a/docs/operator-manual/applicationset/Generators-List.md b/docs/operator-manual/applicationset/Generators-List.md index cd9b4301bf50e..e5696f37b9745 100644 --- a/docs/operator-manual/applicationset/Generators-List.md +++ b/docs/operator-manual/applicationset/Generators-List.md @@ -61,7 +61,7 @@ The List generator can also dynamically generate its elements based on a yaml/js apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: - name: elements-yaml + name: elementsYaml namespace: argocd spec: goTemplate: true diff --git a/docs/operator-manual/applicationset/Generators-Plugin.md b/docs/operator-manual/applicationset/Generators-Plugin.md index 13e7bcdb01f36..d0888b9949b8e 100644 --- a/docs/operator-manual/applicationset/Generators-Plugin.md +++ b/docs/operator-manual/applicationset/Generators-Plugin.md @@ -77,12 +77,10 @@ metadata: data: token: "$plugin.myplugin.token" # Alternatively $:plugin.myplugin.token baseUrl: "http://myplugin.plugin-ns.svc.cluster.local." - requestTimeout: "60" ``` - `token`: Pre-shared token used to authenticate HTTP request (points to the right key you created in the `argocd-secret` Secret) - `baseUrl`: BaseUrl of the k8s service exposing your plugin in the cluster. -- `requestTimeout`: Timeout of the request to the plugin in seconds (default: 30) ### Store credentials diff --git a/docs/operator-manual/deep_links.md b/docs/operator-manual/deep_links.md index 6a5ab8ba56772..c166a1d25d75d 100644 --- a/docs/operator-manual/deep_links.md +++ b/docs/operator-manual/deep_links.md @@ -75,9 +75,4 @@ An example `argocd-cm.yaml` file with deep links and their variations : - url: https://mycompany.splunk.com?search={{.resource.metadata.name}}&env={{.project.metadata.labels.env}} title: Splunk if: resource.kind == "Pod" || resource.kind == "Deployment" - - # sample checking a tag exists that contains - or / and how to alternatively access it - - url: https://mycompany.splunk.com?tag={{ index .resource.metadata.labels "some.specific.kubernetes.like/tag" }} - title: Tag Service - if: resource.metadata.labels["some.specific.kubernetes.like/tag"] != nil && resource.metadata.labels["some.specific.kubernetes.like/tag"] != "" ``` diff --git a/docs/operator-manual/health.md b/docs/operator-manual/health.md index e958d1a7634ac..8566d6460e6db 100644 --- a/docs/operator-manual/health.md +++ b/docs/operator-manual/health.md @@ -174,31 +174,6 @@ The [PR#1139](https://github.com/argoproj/argo-cd/pull/1139) is an example of Ce Please note that bundled health checks with wildcards are not supported. -## Overriding Go-Based Health Checks - -Health checks for some resources were [hardcoded as Go code](https://github.com/argoproj/gitops-engine/tree/master/pkg/health) -because Lua support was introduced later. Also, the logic of health checks for some resources were too complex, so it -was easier to implement it in Go. - -It is possible to override health checks for built-in resource. Argo will prefer the configured health check over the -Go-based built-in check. - -The following resources have Go-based health checks: - -* PersistentVolumeClaim -* Pod -* Service -* apiregistration.k8s.io/APIService -* apps/DaemonSet -* apps/Deployment -* apps/ReplicaSet -* apps/StatefulSet -* argoproj.io/Workflow -* autoscaling/HorizontalPodAutoscaler -* batch/Job -* extensions/Ingress -* networking.k8s.io/Ingress - ## Health Checks An Argo CD App's health is inferred from the health of its immediate child resources (the resources represented in diff --git a/docs/operator-manual/high_availability.md b/docs/operator-manual/high_availability.md index 75160aba197b4..fd00a5dfe2f3d 100644 --- a/docs/operator-manual/high_availability.md +++ b/docs/operator-manual/high_availability.md @@ -126,7 +126,7 @@ stringData: **metrics** -* `argocd_app_reconcile` - reports application reconciliation duration in seconds. Can be used to build reconciliation duration heat map to get a high-level reconciliation performance picture. +* `argocd_app_reconcile` - reports application reconciliation duration. Can be used to build reconciliation duration heat map to get a high-level reconciliation performance picture. * `argocd_app_k8s_request_total` - number of k8s requests per application. The number of fallback Kubernetes API queries - useful to identify which application has a resource with non-preferred version and causes performance issues. @@ -187,8 +187,6 @@ The `argocd.argoproj.io/manifest-generate-paths` annotation contains a semicolon Installations that use a different repository for each application are **not** subject to this behavior and will likely get no benefit from using these annotations. -Similarly, applications referencing an external Helm values file will not get the benefits of this feature when an unrelated change happens in the external source. - For webhooks, the comparison is done using the files specified in the webhook event payload instead. !!! note @@ -248,25 +246,6 @@ spec: # ... ``` -* **Glob paths** The annotation might contain a glob pattern path, which can be any pattern supported by the [Go filepath Match function](https://pkg.go.dev/path/filepath#Match): - -```yaml -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: guestbook - namespace: argocd - annotations: - # resolves to any file matching the pattern of *-secret.yaml in the top level shared folder - argocd.argoproj.io/manifest-generate-paths: "/shared/*-secret.yaml" -spec: - source: - repoURL: https://github.com/argoproj/argocd-example-apps.git - targetRevision: HEAD - path: guestbook -# ... -``` - ### Application Sync Timeout & Jitter Argo CD has a timeout for application syncs. It will trigger a refresh for each application periodically when the timeout expires. diff --git a/docs/operator-manual/ingress.md b/docs/operator-manual/ingress.md index 584779c5271d0..aad2208c21873 100644 --- a/docs/operator-manual/ingress.md +++ b/docs/operator-manual/ingress.md @@ -350,7 +350,7 @@ the API server -- one for gRPC and the other for HTTP/HTTPS. However it allows T happen at the ingress controller. -## [Traefik (v3.0)](https://docs.traefik.io/) +## [Traefik (v2.2)](https://docs.traefik.io/) Traefik can be used as an edge router and provide [TLS](https://docs.traefik.io/user-guides/grpc/) termination within the same deployment. @@ -360,7 +360,7 @@ The API server should be run with TLS disabled. Edit the `argocd-server` deploym ### IngressRoute CRD ```yaml -apiVersion: traefik.io/v1alpha1 +apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: argocd-server @@ -376,7 +376,7 @@ spec: - name: argocd-server port: 80 - kind: Rule - match: Host(`argocd.example.com`) && Header(`Content-Type`, `application/grpc`) + match: Host(`argocd.example.com`) && Headers(`Content-Type`, `application/grpc`) priority: 11 services: - name: argocd-server diff --git a/docs/operator-manual/metrics.md b/docs/operator-manual/metrics.md index 5aebb9245c0ae..a3ddbfe9904d3 100644 --- a/docs/operator-manual/metrics.md +++ b/docs/operator-manual/metrics.md @@ -10,7 +10,7 @@ Metrics about applications. Scraped at the `argocd-metrics:8082/metrics` endpoin | `argocd_app_info` | gauge | Information about Applications. It contains labels such as `sync_status` and `health_status` that reflect the application state in Argo CD. | | `argocd_app_k8s_request_total` | counter | Number of Kubernetes requests executed during application reconciliation | | `argocd_app_labels` | gauge | Argo Application labels converted to Prometheus labels. Disabled by default. See section below about how to enable it. | -| `argocd_app_reconcile` | histogram | Application reconciliation performance in seconds. | +| `argocd_app_reconcile` | histogram | Application reconciliation performance. | | `argocd_app_sync_total` | counter | Counter for application sync history | | `argocd_cluster_api_resource_objects` | gauge | Number of k8s resource objects in the cache. | | `argocd_cluster_api_resources` | gauge | Number of monitored Kubernetes API resources. | diff --git a/docs/operator-manual/notifications/grafana-dashboard.json b/docs/operator-manual/notifications/grafana-dashboard.json index 19af42cf39d06..5d04f9116aa16 100644 --- a/docs/operator-manual/notifications/grafana-dashboard.json +++ b/docs/operator-manual/notifications/grafana-dashboard.json @@ -60,7 +60,7 @@ "steppedLine": false, "targets": [ { - "expr": "sum(increase(argocd_notifications_trigger_eval_total[$interval])) by (name)", + "expr": "sum(increase(argocd_notifications_trigger_eval_total[$interval])) by (notifier)", "refId": "A" } ], @@ -146,7 +146,7 @@ "steppedLine": false, "targets": [ { - "expr": "sum(increase(argocd_notifications_deliveries_total[$interval])) by (service)", + "expr": "sum(increase(argocd_notifications_deliveries_total[$interval])) by (notifier)", "refId": "A" } ], diff --git a/docs/operator-manual/notifications/monitoring.md b/docs/operator-manual/notifications/monitoring.md index 3d8b4c41ea34d..a0aabbaae1f09 100644 --- a/docs/operator-manual/notifications/monitoring.md +++ b/docs/operator-manual/notifications/monitoring.md @@ -13,8 +13,8 @@ The following metrics are available: Number of delivered notifications. Labels: -* `trigger` - trigger name -* `service` - notification service name +* `template` - notification template name +* `notifier` - notification service name * `succeeded` - flag that indicates if notification was successfully sent or failed ### `argocd_notifications_trigger_eval_total` diff --git a/docs/operator-manual/rbac.md b/docs/operator-manual/rbac.md index 6341482a69cf4..b1d386fb5eb8e 100644 --- a/docs/operator-manual/rbac.md +++ b/docs/operator-manual/rbac.md @@ -211,40 +211,6 @@ data: For more information on `scopes` please review the [User Management Documentation](user-management/index.md). -## Local Users/Accounts - -[Local users](user-management/index.md#local-usersaccounts) are assigned access by either grouping them with a role or by assigning policies directly -to them. - -The example below shows how to assign a policy directly to a local user. - -```yaml -p, my-local-user, applications, sync, my-project/*, allow -``` - -This example shows how to assign a role to a local user. - -```yaml -g, my-local-user, role:admin -``` - -!!!warning "Ambiguous Group Assignments" - If you have [enabled SSO](user-management/index.md#sso), any SSO user with a scope that matches a local user will be - added to the same roles as the local user. For example, if local user `sally` is assigned to `role:admin`, and if an - SSO user has a scope which happens to be named `sally`, that SSO user will also be assigned to `role:admin`. - - An example of where this may be a problem is if your SSO provider is an SCM, and org members are automatically - granted scopes named after the orgs. If a user can create or add themselves to an org in the SCM, they can gain the - permissions of the local user with the same name. - - To avoid ambiguity, if you are using local users and SSO, it is recommended to assign permissions directly to local - users, and not to assign roles to local users. In other words, instead of using `g, my-local-user, role:admin`, you - should explicitly assign permissions to `my-local-user`: - - ```yaml - p, my-local-user, *, *, *, allow - ``` - ## Policy CSV Composition It is possible to provide additional entries in the `argocd-rbac-cm` diff --git a/docs/operator-manual/secret-management.md b/docs/operator-manual/secret-management.md index cb3199bd98c1d..aa224e20ff742 100644 --- a/docs/operator-manual/secret-management.md +++ b/docs/operator-manual/secret-management.md @@ -19,7 +19,6 @@ Here are some ways people are doing GitOps secrets: * [argocd-vault-replacer](https://github.com/crumbhole/argocd-vault-replacer) * [Kubernetes Secrets Store CSI Driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) * [Vals-Operator](https://github.com/digitalis-io/vals-operator) -* [argocd-secret-replacer](https://github.com/mmalyska/argocd-secret-replacer) For discussion, see [#1364](https://github.com/argoproj/argo-cd/issues/1364) diff --git a/docs/operator-manual/server-commands/argocd-repo-server.md b/docs/operator-manual/server-commands/argocd-repo-server.md index 189adbbc3370b..0f824f494f2af 100644 --- a/docs/operator-manual/server-commands/argocd-repo-server.md +++ b/docs/operator-manual/server-commands/argocd-repo-server.md @@ -50,7 +50,7 @@ argocd-repo-server [flags] --sentinelmaster string Redis sentinel master group name. (default "master") --streamed-manifest-max-extracted-size string Maximum size of streamed manifest archives when extracted (default "1G") --streamed-manifest-max-tar-size string Maximum size of streamed manifest archives (default "100M") - --tlsciphers string The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384") + --tlsciphers string The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384") --tlsmaxversion string The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3") --tlsminversion string The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2") ``` diff --git a/docs/operator-manual/server-commands/argocd-server.md b/docs/operator-manual/server-commands/argocd-server.md index 5b3fd72ebff00..659a19de3d3e1 100644 --- a/docs/operator-manual/server-commands/argocd-server.md +++ b/docs/operator-manual/server-commands/argocd-server.md @@ -100,7 +100,7 @@ argocd-server [flags] --server string The address and port of the Kubernetes API server --staticassets string Directory path that contains additional static assets (default "/shared/app") --tls-server-name string If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used. - --tlsciphers string The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384") + --tlsciphers string The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384") --tlsmaxversion string The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3") --tlsminversion string The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2") --token string Bearer token for authentication to the API server diff --git a/docs/operator-manual/tested-kubernetes-versions.md b/docs/operator-manual/tested-kubernetes-versions.md index 897620296a515..a395be421e5fe 100644 --- a/docs/operator-manual/tested-kubernetes-versions.md +++ b/docs/operator-manual/tested-kubernetes-versions.md @@ -1,6 +1,5 @@ | Argo CD version | Kubernetes versions | |-----------------|---------------------| -| 2.7 | v1.26, v1.25, v1.24, v1.23 | -| 2.6 | v1.24, v1.23, v1.22 | -| 2.5 | v1.24, v1.23, v1.22 | - +| 2.11 | v1.29, v1.28, v1.27, v1.26, v1.25 | +| 2.10 | v1.28, v1.27, v1.26, v1.25 | +| 2.9 | v1.28, v1.27, v1.26, v1.25 | diff --git a/docs/operator-manual/upgrading/2.10-2.11.md b/docs/operator-manual/upgrading/2.10-2.11.md index 4cf5c8ed02b0b..ea06a89e6d7d7 100644 --- a/docs/operator-manual/upgrading/2.10-2.11.md +++ b/docs/operator-manual/upgrading/2.10-2.11.md @@ -2,4 +2,57 @@ ## initiatedBy added in Application CRD -In order to address [argoproj/argo-cd#16612](https://github.com/argoproj/argo-cd/issues/16612), initiatedBy has been added in the Application CRD. \ No newline at end of file +In order to address [argoproj/argo-cd#16612](https://github.com/argoproj/argo-cd/issues/16612), initiatedBy has been added in the Application CRD. + +## Egress NetworkPolicy for `argocd-redis` and `argocd-redis-ha-haproxy` + +Starting with Argo CD 2.11.2, the NetworkPolicy for the `argocd-redis` and `argocd-redis-ha-haproxy` dropped Egress restrictions. This change was made +to allow access to the Kubernetes API to create a secret to secure Redis access. + +To retain similar networking restrictions as before 2.11.2, you can add an Egress rule to allow access only to the +Kubernetes API and access needed by Redis itself. The Egress rule for Kubernetes access will depend entirely on your +Kubernetes setup. The access for Redis itself can be allowed by adding the following to the +`argocd-redis-network-policy` NetworkPolicy: + +```diff +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: argocd-redis-network-policy +spec: + policyTypes: + - Ingress ++ - Egress ++ egress: ++ - ports: ++ - port: 53 ++ protocol: UDP ++ - port: 53 ++ protocol: TCP +``` + +```diff +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: argocd-redis-ha-haproxy +spec: + policyTypes: + - Ingress ++ - Egress ++ egress: ++ - ports: ++ - port: 6379 ++ protocol: TCP ++ - port: 26379 ++ protocol: TCP ++ to: ++ - podSelector: ++ matchLabels: ++ app.kubernetes.io/name: argocd-redis-ha ++ - ports: ++ - port: 53 ++ protocol: UDP ++ - port: 53 ++ protocol: TCP +``` \ No newline at end of file diff --git a/docs/operator-manual/upgrading/2.11-2.12.md b/docs/operator-manual/upgrading/2.11-2.12.md deleted file mode 100644 index b85d17cade71e..0000000000000 --- a/docs/operator-manual/upgrading/2.11-2.12.md +++ /dev/null @@ -1,30 +0,0 @@ -# v2.11 to 2.12 - -## Server-Side Apply Management of ApplicationSet Fields - -### Summary - -If you are using server-side apply with multiple field managers to manage a single `selector` or `labelSelector` field -in an ApplicationSet, that field management must be changed to be atomic starting with 2.12. - -### Details - -Argo CD 2.12 upgraded its controller-gen version from 0.4.1 to 0.14.0. As part of that change, several ApplicationSet -CRD fields now have `x-kubernetes-map-type: atomic`. - -Each of the affected fields is a label selector with two child keys: `matchLabels` and `matchExpressions`. - -Prior to this change, two field managers could manage the `matchLabels` and `matchExpressions` fields independently. -Starting with the 2.12 CRD, a single field manager must manage both of those fields. This behavior is in line with the -upstream behavior of the label selector struct. - -See the [Kubernetes server-side apply merge strategy docs](https://kubernetes.io/docs/reference/using-api/server-side-apply/#merge-strategy) -for more information about the fields' behavior. - -The affected ApplicationSet fields are the following (jq selector syntax): - -* `.spec.generators[].selector` -* `.spec.generators[].cluster.selector` -* `.spec.generators[].clusterDecisionResource.labelSelector` -* `.spec.generators[].matrix.generators[].selector` -* `.spec.generators[].merge.generators[].selector` diff --git a/docs/operator-manual/upgrading/2.8-2.9.md b/docs/operator-manual/upgrading/2.8-2.9.md index ef99e09587814..43b5f80e1e6c9 100644 --- a/docs/operator-manual/upgrading/2.8-2.9.md +++ b/docs/operator-manual/upgrading/2.8-2.9.md @@ -3,3 +3,56 @@ ## Upgraded Kustomize Version Note that bundled Kustomize version has been upgraded from 5.1.0 to 5.2.1. + +## Egress NetworkPolicy for `argocd-redis` and `argocd-redis-ha-haproxy` + +Starting with Argo CD 2.9.16, the NetworkPolicy for the `argocd-redis` and `argocd-redis-ha-haproxy` dropped Egress restrictions. This change was made +to allow access to the Kubernetes API to create a secret to secure Redis access. + +To retain similar networking restrictions as before 2.9.16, you can add an Egress rule to allow access only to the +Kubernetes API and access needed by Redis itself. The Egress rule for Kubernetes access will depend entirely on your +Kubernetes setup. The access for Redis itself can be allowed by adding the following to the +`argocd-redis-network-policy` NetworkPolicy: + +```diff +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: argocd-redis-network-policy +spec: + policyTypes: + - Ingress ++ - Egress ++ egress: ++ - ports: ++ - port: 53 ++ protocol: UDP ++ - port: 53 ++ protocol: TCP +``` + +```diff +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: argocd-redis-ha-haproxy +spec: + policyTypes: + - Ingress ++ - Egress ++ egress: ++ - ports: ++ - port: 6379 ++ protocol: TCP ++ - port: 26379 ++ protocol: TCP ++ to: ++ - podSelector: ++ matchLabels: ++ app.kubernetes.io/name: argocd-redis-ha ++ - ports: ++ - port: 53 ++ protocol: UDP ++ - port: 53 ++ protocol: TCP +``` \ No newline at end of file diff --git a/docs/operator-manual/upgrading/2.9-2.10.md b/docs/operator-manual/upgrading/2.9-2.10.md index 7fddc75ab7e86..7803ce84df237 100644 --- a/docs/operator-manual/upgrading/2.9-2.10.md +++ b/docs/operator-manual/upgrading/2.9-2.10.md @@ -14,3 +14,56 @@ before enabling `managedNamespaceMetadata` on an existing namespace. ## Upgraded Helm Version Note that bundled Helm version has been upgraded from 3.13.2 to 3.14.3. + +## Egress NetworkPolicy for `argocd-redis` and `argocd-redis-ha-haproxy` + +Starting with Argo CD 2.10.11, the NetworkPolicy for the `argocd-redis` and `argocd-redis-ha-haproxy` dropped Egress restrictions. This change was made +to allow access to the Kubernetes API to create a secret to secure Redis access. + +To retain similar networking restrictions as before 2.10.11, you can add an Egress rule to allow access only to the +Kubernetes API and access needed by Redis itself. The Egress rule for Kubernetes access will depend entirely on your +Kubernetes setup. The access for Redis itself can be allowed by adding the following to the +`argocd-redis-network-policy` NetworkPolicy: + +```diff +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: argocd-redis-network-policy +spec: + policyTypes: + - Ingress ++ - Egress ++ egress: ++ - ports: ++ - port: 53 ++ protocol: UDP ++ - port: 53 ++ protocol: TCP +``` + +```diff +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: argocd-redis-ha-haproxy +spec: + policyTypes: + - Ingress ++ - Egress ++ egress: ++ - ports: ++ - port: 6379 ++ protocol: TCP ++ - port: 26379 ++ protocol: TCP ++ to: ++ - podSelector: ++ matchLabels: ++ app.kubernetes.io/name: argocd-redis-ha ++ - ports: ++ - port: 53 ++ protocol: UDP ++ - port: 53 ++ protocol: TCP +``` \ No newline at end of file diff --git a/docs/operator-manual/upgrading/overview.md b/docs/operator-manual/upgrading/overview.md index b4f1c397b62fb..6990fb05e2463 100644 --- a/docs/operator-manual/upgrading/overview.md +++ b/docs/operator-manual/upgrading/overview.md @@ -5,7 +5,7 @@ This section contains information on upgrading Argo CD. Before upgrading please make sure to read details about the breaking changes between Argo CD versions. -Argo CD uses semver-like versioning that ensures the following rules: +Argo CD uses the semver versioning and ensures that following rules: * The patch release does not introduce any breaking changes. So if you are upgrading from v1.5.1 to v1.5.3 there should be no special instructions to follow. @@ -37,7 +37,6 @@ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/ -* [v2.11 to v2.12](./2.11-2.12.md) * [v2.10 to v2.11](./2.10-2.11.md) * [v2.9 to v2.10](./2.9-2.10.md) * [v2.8 to v2.9](./2.8-2.9.md) diff --git a/docs/proposals/images/current-summary-tab.png b/docs/proposals/images/current-summary-tab.png deleted file mode 100644 index b9934ea592f36a7cdd3ce147973c7d05e7312566..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 115933 zcmeFZcT`i`);ElbVg)-*igE-MNTf^GqkxD3kq&_2Cyw$Q zWnp1Cp?UYtLl%~UAQl$ZhldXVcZzN~4+E!t9uGBsXDMpGKmvXwSQ~5FKp-sFfa}97 ztowLa4(?R}4wZep|G8G*cZKD^ANTjOu!P#Pu>QM_HgMkidkq|WZT@v;efyGy4fu5$ zIG%sl_wSZK`G@`g)AAtb!-4;~W(7vc!g5RRwx%X<*0XZAws!WgbMX{=;gSQ~IO2NO z#Dj(9{N=r4pXS5gR)N0y?e&d4jUo3HtX!NxkDs_$T7!I@T=$;CqU5UpTsm2MJ{I(K za&-1k@KwI_M-2twdha&)lHeazJmJchj3EyMZ@ai#3(A77gRWmvIVvb9sO0{{M&aQd z^?x@9ekotF^YnC80E2yed_X=@AQyLAu!Ow4JovgKSW;3Ps3Gp*=j{2|SKQe{=wA={ zpXc1M_ONodclES)aTeTr?qf?AFHhx5m-agP&)>hsY3*zOzdbp7{QI?l7XfF(fJ z!T)(S&{S#fuEGO*Uu#E`JN8b%oB@5PNJw0lRr;gBe--_2mw#$%{HLZ;l7DIXr=q_% zHSn-@zwP1#bn2<{zYF&7e*awf?}kd?y?6i9T>NXI|F{dxw8~K>@PAfK<>*K2>{q}- zUa-HTqYs<`lH2>+e--$5-O}DZc}y^mYXb^cW&wX?pqvTOTJ*uU>irheg5Eg zt+~2mcQqd9pJctG@apWF(Kn+3D}1-|?y}uFwNEWB{TWjCR`}gmi`y&DPmeQqh2@f} z>V|6Ymn$v|uLr4ArIbsRc38~VV7C**14vH~(}Itn%CS)bSFI zI$rG;zbgLyrYngv_*W$=B7&8R9xh>LF8%p=|Ly^3<@2Xr{?l*pKdt^WE&t5MpGoJR z+4yHR{!jS^?eY$v@9v8UQZZBc4L@?Sg|b)*{zS@7lf^4`K^mZm(fg;oOu1#S9^TzN>OW)OMQGh zlXjT|M$)j9MuDPu+1*Zm`&#mM_*UH7j>6ER@u&Oj6HILHmEvW!5^ef_dMDMcPOegB zRhfn5i)Ld`1-#OFB!)&03*`@z9`WcvIz$-3oQTo`Ph$IKASVT{&+Mvs-xJvWDj%%|;qsS)_3mlhzdygi}OBwrx8@nj>Z zEC~sp&L-ud#_r42ZEEvK?{3*wT@}%Ub0jI9;JbdSW=SEbYGvdUDa|G3E?MDxqGvi~ zqeVoUS6h)jxU(7{kTo>s4@RsF*plW^WA}LV`@G7r@`pI?i{6*FufCxe^e#@|jvIxa;Cm=`ZEVO^b?b&Qxk1Bz;Hq%0^WbCu_bnot>$6ma z*2+LwYI`$stB#|qaRvDIK zO;lFWCGixr77R~VTfXNPRVBkT=X#G;6@|!{xZx8Ek`|c#P%7tpPghg-ALB2xH`8`_ zCNX#3UxURG@PwI?+Fh~;iGZ#(XwMRuB`E0DzeHu$Ml;;j1kuW4Nz6xSvb&=zWF_hcp+2Tdh&IScSYNBA#s{VprrIir>^d_TOS&BmArwPUvVXfI35T2E}2$sw5_r(VW;;hP^kf>TG)j7wwarVYu~VcMuomGd%Y zGIcHnjnz{Ot88yiT#5KTQ>|yQV41C4mlYkc-M*&Qq`V@u5>vg|v;p2NZ;N%BT=}^Z z%YIK!yPv`EsshJk9Arghh}W;`328*%pH1~~qc3^M$p(sRfiZUmky!KY54SQ@lAB(3 zC^Ibw-Sbo69aW2OOS^x5)FaH~pRrB#x>a4|#MDAKkv+E_Z}%CxRFY*$8-&puyvAK$ z${V)68D0p~f1sE2RtxP=LH`O%ev_5vJZNdcT5RT6rB}0I=2)(4iezAh#1|ZG&KOBpQ}5>s{1*OX6AZ0gxQO2C(%pd!vUln|(#)4|-qdb)FpzP_cGd_BY15G;f3s(t z=+j(4SJ)IQjG_z6M`h}6>||Q1j3za*k7U1FUToe}Tz;SGJ4v$aHR4QGP4WHuIK|0^ zd*6O5!Ovq;;7nc^FW*bA&7Q5nOU`-aNpAC$I?(T5wqDngk!giXmNnej*HZP&eztrI zr>eZSXpxgPj}N9DARg7zPGEnJFb?GiNKtla)=1Mq26*(aeQBUI&WlIj-%Q@N&p0jj z20qHvujy6nP?A==-fuoIKQY^F9?y}~J@a`Z>xC^^SzJY5fIN-E(3XV_+vPqt<7LcE zH^*YK59>FV-C6ae?Jqs61D~lYTxLEU$kJSZNL@S2#krz2{3DIhmQM;tjTZ1{jd(uK zCHpU^eybSzaU6KB-ySfTa`g}7;iKPS$5D!^+cZK1IJK4LTl;uopzFSQV8iut0%MD1 zJL!cDL{EB4Fo3iw*A+%nIDPq9b3SJ>=3TS^6DJT!2pA^~?l{p*VT_y5l?OwgW5aSi zuK459JWbfD^q@EENOfGc&({dke@(vU&1xAkAWc)v>el`b?2bbX<&7fg{OC-zugq` zT^fi5|;4 z&E}-nw_`+YyRV7}yq{sV)?)n5upXw|e{|nD?h<_n-uKu(;}GUhjQ>0_-SDxWu+;H3 zIoF7`1Rjl-R}EasTW4kbljV?R0fWQc*`(^NlYAHFsLKI)ITOaqv!CU&An@|u-^EY{ z0*b&pB-uTxmPNi>&QnTLjVnrsk)a<=dWbv<(n@L{Mag+A1g8ifBu3KUpA5C0pD8Xf zO`jp^th22+j6X1UNn{C@IFo}d`c9Qa{($9p8XQn5vT{?7STMzSazdjc7It}P^g!Qw zZ6CvWy9T0HmEq1Qn#)9U)pu)?OUds9nU^o<+MAy&Jj|YqNHjg+*I=DXeDh^i=x6u% zS{5|GJ?%nIJP~!Q{q1CZj;@I^%obA!1c*V+Hm4C=*!`efqD0k{oW#IJ+ z$w7IxDs+%i_3yuzeMtNbc3^Dx69Yxo4G3Zmy!5h@KZ}Ntpf_Cys&Jgn_B~}g8!`mW zS>;Dxp4$%<%0Y1ARDAkXa?MIz+A^J>Oq$l~xF-;_^|%<{r8PT<2#w4eA(%B-U$9%p zBjaR$;0t-T^7@YiF!K9dIj5?74@m?{YdJdH}OugUb0!-vV%=R2l?*Po7DZiyqPQ0ygBCX zkj9e8A9CEf9@EsS+(G4)NcIoWiB{ER^FKH7Xw^0*%BXfWj9pH6wp~sy8#2^trLX!( zL%g{%EaEh*@_5I^X(n+n(rDTy##$;l=cA7)dlgT-U5SV3u569z`6Nfz>Tyvi15QlR zvRGy036RC3nX(6*c+rj)Ol*5AelkC^W_)e%g-yQm=wk)v<@73_H*cvV8m0_3Z4XX75f{Aq;p5E>rc0Hs z59S9m1x+?nqCl(smWuPo-Jwt_?m$W!(@?BaQ)UWavkAb-~Z69eclA}F>!U}D1(vC}UF>yUL`NY5z$dFS@N2J732;J$EtMgLW` zv@qTDt83@Y9ET?k4kyB?d`7t=J~Zpu^Nc&2Hm>sPZB;hYRZ(#DRL`}JE&&f_!bax% zara&WqkD?XCkyoK^Xue~s`p!M`ibfz2T|E+ZWi>Bm0e?Ji-2K7#Zq^xs5lJJuYs52 zgn8N|dMDcFC7tcoxZr15J>|l@l7)i07kfS_+TbAyFl!b00)G@YdG2W*@-4&EeQn`+tTP*mtWFH9Mg_8X1kd>Cr^;ocD+9Q?43ssPJF{z?e6yabnWUy(o@2W$l1fty!SzB zxY>Z;_LQ)B=9qiLfV+=?IpU=1Z^)|;mu^=CS{OADD=U{#&0(g?Mntexy0;}JGJm|J za||_K+)7HdP(-58_H1S5-RbH?*xFbgefQ&(R^{Sb~O!xx* zQzxdZ(?eY3<_EuE2UqzlDx6K3_ON<4z9J$7AHRK#*=uCGMETOm7U%DO91H2_|} zauw~TT(|tKUI9B3Lz9u&G!VCPALDMAZmrtRF4=KRvfI}{w2J^!da4(k5=Id|`pnY-i^W!^q#B%;uX5*;z@#N_yo{fEp#tS~T?9`= z-6<%j`iD`sGIclm#!vff{t=R(vhKDA<3zb9 zV0u?%LqO3FnTu0?8^mBX{(Aw7UarNJ{vh*%C;m;O zD6sj^*i)krTxFQQ93e1Fcvg4&I$cTB(j9|YS1V=EnLR#^#L1vBMw@v%rtp zn?uZ1%1ZgEY^(8vjObzP2#b<=UFGOukk5eikmsQN?AcIrr{4H(ZPkIi#;e2bI9NAX zWVg(?zVqcmR+0-%%b!NngxIvX6@R-#deyk8qe>^21LlT?mtbH+2Qtwn`J)v+*CqtV+@*dj z+fL2++LL2KOM-(mJC7^hld+5XNqLr*W)aB(bGoNG@%&6yS{l+cTd0v!ksJc3JLl~- z)pK`WPG_mv=yWQH--|q7d9Mh;m2o)XF)VQV0>&-rMs*cKXWeVXELP`XeH_2?QBc6Q8BNyj#*ZAI;VPNtw9#w_grd4=>{j|m z(>!Wo@lNfq^7ps#%MyE3vRs;6WU<~nlW4k(4!jUMF1dUJ)dHEp6-mmb1cjFkwKcYy z`(0q${|x8$w4c+PysbJ6J$7^|Fx_Ty#&3Elv%cIo{7Zg*7jFZRHk+Eb+46WEj;>D? zPVs!}*+iW6%HghB2@2)JNLoEeJUs6`;>D!&4P~gz$sGk{Cpxrx?zn}{bXNLYwdi`Q z1xieUu8b`c4dCwDQcIsbzkS@!a;g~1=+DX@Uwe8W=DyDe0#Qvjwq3OQH@|>V<7r#$d!6dsIq= zc;YJ!J@S=&^llv`makkaiy?UP(ePpEfDBKoUBMcdncnJL#mtPFEjs1PLHTLLxu4oiB&-V0lL}Gy=kq0fY<`mdibW-qV!2aF^2kFKkS>&6O zx2z(eyh8nbgiB+a6SLu_Q)Jck>cFMp-+VO5>O+F20K0bc8^H?6y@)nt=q7MUx+x&* zI|;+!hpybPqQY3Lm}t$(FmP*7+_sCEsvKY@JlULlA-8q0(vihVBG^srL7fXJ@4IJ4 zW9n90{?#HQ-E@NoJ+A14c^RqtEo^a7*5gv@R4*c-yB8ibtVN~#hn!ON5GN!AsDWnf z*R4%&AlV;$x47vlzxfhj!;wAR;Ir%6on!ivs0mSdQd0KyC@yOSiEKJ6f36A9R$+oM{(+Q!ib(5|xPW z8FTEVx^aJ;WT)Nsk?&dx^g9_My8h_U29ZPFc%(wyIBMT1kn^#7`EubKv*ybgJW%zt z+dg6{wx{CMuX7^oN6UUVs)*1M|Zuujf)sV*FSKtmn>)O?Sc4%w_*tLwJ_1t2_w3J@x}B zWr-w?MQp8!*0V-P0vep3JM|(_W#L8W^g`EsJltht#nMqxn9$zrA%II#+H&+qFS)>! zRF@MulN=`lM|j_+$IQ{kZ=4OnrqoMSpB$9NwwHXp zS%sZzypi}F{hkSVgRZ#O!3tFKScvTi-)HZ<(-oQk9ZmB zz;Fi|^|f4BQQ66XPk1Ds+}#7!B5pTH#Mtph3ZI9%5oJhUBZ{u{sih^0&bWHT8xX+1 z*BJL-sf--Vz}D=BTgEK|=3e0Opds1;_3~H0>`7=1+d^g#u8}EI;5$0d@PL=-SK=)(>7;46OW~0HnCrgZNmbNt& z^N{teHKeOQDAjM~zDSCzFVDLJU3B+0x9m(+CN0|1?Kw&SsZ{cA^by0${ls82MtLF4 zCG}rGfo@*3G0((Q22Fi&O#X|ghGLZ9N{?R_S_WC8%E5I8X612Xo4HLe!Aj%6I*cF%wVNU z)P-}8P}?!hXrk~#)%GH*p}3N2oo?2{Wh*O-={uL(&(cQS@a3k{WTtrHbrf+&>FWY_ zN1b8Ycec@9k4KgLs!XGWfbvqnFtwoK5;u+Nc5D>rxklmZuQkK7qi08zb6_>^mvoNKc%?oX>Ui^90ON6s}^`~2Q_hD&Zguuet+PM%mp z#_zV+KyY=?P@Uaz=z5)!D`c2cEiCxQBreW@J840CBh|^VD7SY#j3iOF5;^;AZXR$7 zI8+C2nO#kcG13aOKLZ(%!@+ud&K);Ov+^%{I__T9gtEDIh*Y)FhXvHFommQ&soXi? zdxo=$R=FWwK4%o6!k6LFJXb;P%HftL=5TZaNUn#($&Nc`AaOx{ zL|T)a6udyj|2K+ygLN`x#iddb@eXd|{F<#R%x0q3hJc<$YhDAFt=4`FQX(8Sj1KtWoB|OW2j7CQn+1N~IXeXR~tHeeC{_bDd@l zPkQf?h3{kEL5C#sZjrRWhh|EEuOur1q$H*0qz72$Zlc$PI`5)e{tVk zW)n5A9gJWL6jLqgIlapS_F!Y^-5+KkV04y5MB)YfK_lz!uXIB$PJ`dQoB=1M7rcin ze7~vWhQL}E%da!$Z0$+VsS>diKqFkMh6VkI2ItG-WV|k&jXI6#h-o`exA9`!{eDqO zrkRp@8VZZYv@_pruNL%uiS*JvKuR9|{o<~TrvWR;W)DdBf!bb9cU*R=zbs=Srs9*?+7~&OS=}aFNz-}W>k}7mWU8`MKeVY9^-Z7%t5z%) zG2>YK8P8LmO1S zAXXW;`cVU5mIuN&PJOaK5IefR+{%F8R@vy0!l+1QaMR+eu)7=P4j1X zp?u~RN{4l5zI5){%rVAt4AF7$8sUmL`e8;{`Bzpzl#4$=X6R!Zb27Qc!rSG1ACU2G z8@yc{s@u|qt1BXK{C3cr?Uzt#j&BbW<_eTlZlW+U$OP3-YU}Y1xj|o|i4vB6adaMk zY&)Y2|9)F@u|Pj5#K`3=&M99mQo>=Q$&10>%Z5VYAWb4Ifad%;oU80oE3ry_a;Hk& zQo3S?JN~xhX`IyqHe#TABqC4BH;P$84W)GqLrC`Kh?Scf2H<3h%@&Irx2Uz0&z?Heop1b(rA1vARwws?fk3 zb@0SW$r4iLG0p%>Yzi|9iXdO1EiY6>vlc>dT3{7XwJ!t{`SpThU0#F{;{sFv z+{;~$Lznf292=u5G||{ibqOr9zJ@p$Hg)c92Ajm?_Zlb zmnOOY`>iUMA4x8|S_%`Nq{5dJj)C%L&+tOzmZY1?dj+iZ$j0T}I_28=h1Cz8yb!K_ zWHsBq#BeOFZ%9pVokN9d;{;u{s+?H8P+$?@Yk^VrRc&Aad;b}n&5r}U)7xd$?7-{FEOyvcY;o_=Z>_0%kd+ ze%ayiG7ZbwrCRD1ml|}}t_+DgLa_~=_mU~9a$Aa;2@svW>3)a3vz6tusYl7qQn$%Jl*cP{4LI(sb8yj?;~`HCK}nTWG0ID>aDhBive9UvC(*VV!&)8gyi| zS8=6Ql;in2vPty4+js7V$M1HV_)RoT*sqIw=M`RSY{)sc6(ZnlVHWh&Ej07R`9!QN zEak@Pc!o#!LO{5hXyH~$S@W`Dk0F3dm6Tf*C`p9AM7B;mj*Hb%xWwoAQ-TB_aXM1% z*AWtlzG5-LT}dtjL_ctDpkB@M9@|0;Py}7d#2XJb8Anq)v?|uYm7CW*um#+0jbi5YtF%iU z8X)Bj_;}s?;M)cEIPvqUu)ss5F%AF(F8tCze8nkkJ3ew|9G`IbcdI)?Tm$7|<|B@3 zIT(o9*qdSmt)V*5S;-K7+yLbxQ|HG&;fi{%j+8eLfR4s#_(!rx`p=kbjAlQi#Bw8w zQlzP#_PEeguyEQdT!Zya-7B6#p&|d`g*=Xm18bb- z5Wl7q)X=_>fEFLu3bZq}@{ka0zI{f`{KC zN4#_tRzGA!tViEmG%|wqKb~GN=AIa?R_!m4Woa*NzL0$0d^*2ry$`zGoLg|N-=KTi zuHBqny0j&R;KKP<_9$ot%WN1Nzae#B)jXU<=H7AHGa>DFNSdzP9W~Qk`CXYPbH3Qz z>J_dFcDv{{GqIIxm9hGVSzhoq-?Rk^^@@!hA6*HE6P|E}^ zS*|EZm8i1FjADjiAz1HYIf4MzF$q;!AG_~QgQNOcjlv~wHnUR0wFP8hUugL$_V%6YNIePkq1!Rg}8A?BF*;JTiu6ObcQFP zlc*N>SO8IqGQV@-#g@$Y|T?QjGg34fP4epjQv>?16DMsea!F12e`YRVp}S4IjC?|H{fxp=oz{j#{bXtOEjW7SC4Du-8| z3Uy(b2xRdH6-yl{!-0m%mGh?>+iR9l{C?BLmQDVC0Jy&{D?;0m*a^ySUl0hs^`bjVY9o;6Z6LOxSvO@sM`JzMgbI+bjoA*V*C@tHy4KlT3w` z$~_ndNXKt8-m^2p<@~H^~h9)sKm0Ybb-#B+V&*@@%b-fTeE6r8{0RCXxVC~r51`tO69$`#vd|!w@ zjWp6u4bW${_A;83w^FNgwy@KylJ^3Gy%Ej|XlWq8*Regf!^I2l;(T{DIY4(w$uIPhw%n+1zVX?R4lzv6q_i-3j6C>Ee#%{c%Hmqb`cJ99?JW+PEr4q!Vg4)*PHS{ZmS`~xU%+zgOLn1VVAb7IF(Y;HPqyyVQ;h{Kd;H)Sd# zM|`Nv`uuIoJj32EZ>)uCoZY58UtbC}L@X`^l-v9p3#eL&1m{y*VK+t+*~Y_86Dq9T z4+dWr7JzzIQ10_5lcR_0dNNjG9JKj|7Ugk2%gCN7Mo+>w?gaoMCLjh(8CK(jy)UX< zOZ3KYCqajK>fXJJMY;w(Gw{QZ97kR($oQ$?7@z%BkNhyvYMg4pM+DYMkFg z!BXXV_4TrFpfEv6kW>naV1ZC(*u^e6peJ56Qng@a?!{TpaQ#y*>mSrraUr~F@An*t z^0sME!1r-pKj<(>luP&srR3&@`c>zy=(+S64ZmyD85;t5qCgDWA{1n#@kAVDB#;t{enEBheqo9kpu3m1Wou@8 zMom3xv)|m6TPULW@RV-4A5CDbqOo(u)a3hbm11e#bL0iTo{iGAxrLN?iK^hpS);L` z_Dv&f!64MraTMi_wN;^-DllIV;45ZTwYw6B*u$uvlc3$*9@S>0efy&h<}s0gNZ|Bv z!mSuNylM6-9pp607%%B1Fnqm?usend^SLNEn6iEp1Q+@FC>;oJFr}Lj>tDm#5JEl% z>0{FwYmaSkV7m{E)Z2X@CLZ=Rc6ki+P{6JvMle>pMgz9YZeeR_@uX<4`l6czeo4wEyKrsbizeTU1VV_l1cO+^rNQSPryI+L< zSX3)xd~LmQxp@Oo%9d8R5esEfv(9CNqd?}$fa=l@O1!-bf~|va3}cm4ICnfU`(?xm&r}~UI*lb5Tz~WVyN=mq3H51ky^Vm9pjw46pr5hQLvFHWf@inujn<#4 zkuxEICRvod=r0e&j^F+qivREIl@BNYoUdbrSNuJPX0QC8hW|{?Ka}%-_;t_&U8{bm zG6`DX5$7W(w@Qu;Z)2*ki{Q=$p}&5IFjFAV2(?+b@%8Y@lTbR}UsBoj?T0~uVoqwE z#|-OXPa(j-IrPKfuNiMYLxE6r#1`Jof%R}?3gEL?+)+yUYj#^;>i(&bjq#~8M5@Sm z|F6FFlR2Cx|G*CaI=DZoj(c#y2NHwQP@}xx2IdlA$RAO4*)Y=x@`w z_ne>ZKpC!u@AY3N=a1flmw|76Qe^&7SR}u|Y5r7754%m*=9a{Jm z@o&97LTMQ<(KQ~hqoEd+$?ktkaQ#C#2L!7C@X2-g3D&9X-~)%w#+->%4ZuXOI!AiNESP=WyV1gEhCQwt{cE^rNpwu4UW2{nh8Pdu_Gq z5X#z4p8O%${^yr{j1A@0>R&$a%+_!S5c}c&2FoArd_qFDBQWZh#S6{Q-{xmaJ z?vK_xN&ags)$(fjzZ&+O%l@7_j+cxv+Wi`S!PlzKZ4E!e6>~ib+0yI$m<*x1?WC zk>F22R9VC8_@aI_8^Qnsg$NEj|5aJv(Ze9Kg(bURjPtPcMPM-dTZDgAR%QrrdQ%sT zzlqF0s(v^E4Cc&T*^9rBNgptPn%(EG$n)Q{v~NG;@L^EW&5|R(Dl0q(h@`%u&R=|R zC+&c|@d4JikYAP+0<(r0jaL5^!JPpHBmCO&SGnpp;ehNc-0+tE)iV7*u!Q#M7rFmu zF90A+zN1S1bz$HOE&Wx|2R0wos}Ytml$fp z(2M{CQ+aJGwrMAW=2oI9qS-y`R4po{t?HDBNO-R>vKXtQ0_jj;{_a0XvW-Bd1<_3s z9l~3>p&o6C=M#~mKnC`dkMAgUh3Vpt{Km$YfMskdl6Khya>diEv$!AbEEI^<1EGei zcS6Dqe8#9ZdB_c+DNYH(ZKHY+c{Lu{jkp)vzEe>IlDD~d;BFJD>i~ypqD2r9Lus#B z$^57Xd7qVHV`pml2A!oT%spHbw$;5JGSFHP?tS1}JWHy~Q{gAwI_iti@vX{`L z8rY3PDP3ao;DmWORnx#ot(7{}bm;K1n=AY4J{Y{0(kNqOUs0P(W8jgRw#i6M`J~NZ zxBRl5ii9FOLFdi~%=)fI&v|tH+M4|~UM>$m=D(dn`X<$Z#>*)dZ{~?+79w{Vy^~^g zrei7VT1EG;SR$A-6{AsZX4HP?X3aW~jF*Wr{sh%ma<179CJk`DtT2?Ny%^ATvm`icZBF+0_Mhu)u0bHkiIa+IDGL(1QlpjlxcWQBC_{GfjR;e01O-=> z)eEA8$n4RYG%tY8j?}R$gAiL28kmtgEPS`h{;mK}T>e;PrqJA=+sf?-n=eG1zzx?& z^i2Zlt`z<{BAi7u5w5y}73tCth+>aRFtf=mqiUO>bguH7or0>zE-bgo0T~3Q)-PN* zlbYmRFbn&xe#MpCPf5}Smy8>A6-afw9`&28OZVGGy2q~MJT^{%^uZLJK5ynVEs|!< zlP?Vyg2~DB51%_}OVvwRSEG3|O{XLiUxJf6GR4xSJ$#i3&Vd)@a7C#dcR~(j#zyy} zyMWeZro9?>Pixf45ns;hd+d~>ry5>ys7_cXbK&U~L+j%d)64J7Z87m(HoQe<6qJec_KcZJ_HB>CK@9<9 z9#mhNcg!kO++m&gO-61NhE^C!5jKUSFP zzpda%0N`^7m8!D1<$Vi?q<$~LhZyHyvbeo;Q}}O+X>icqZbr5)v~3~vPbVq{3j1cQ zdh!%!J}5`ra!|;46>PUz$m-Q;H2HF&z;LJxd=snL6s-uK_5J#B`_sXhq#7WU zrgD4@b`GJCfJ-lj_0Zw^{!*2ZR`rbbnx<{NO(X7EzFC+!%7QWENkgO2;`CM}kMl#G zvOj(vYlLYlE(I9Z1P8a@Sbi;wZnrLq7BhK<`egV*-1NAhV{l zRVz00GGNU)z5O|No|coM0|<%h-+zqQ@+0k>*6X>T{6Ul4B)|h-m@;)RTOcV5C* zKw3m~;ag+)DXf*bEiuc?MJGEYK-bAYIyAi*G<;y z!G&^~zXI;Qd~}TjV{#3K3I(h4s>;iSxkxJnINb(v-Ty-AH?gNrLO1g(6f^0AuR<3w zdZrHK7d866n>5ad#HYo&JwGFPg2-H%z`9{;H+@LyqDZ}D*v>0K_w}g0LVOJV4nXf| zfot}rwxxUyGM3mXz-`SODMzQQb$8UgF7Lp9!=1+G$EZG8aWC&~_VGx|R2_Do9jvyS z7l7>I+$mRWGZlB;eB_g&qj)NhwHYO?I8G)XL*K6W>iJtEmdC_j*Vin{bv=v_Pd;>l zr{5VNB?TnxM^1@Vv=O>~yh%G7y7ODi9Ah5tGCeZ}E?PzRW_e7vQUW;tdBbN4gTuC*o8M>rg~q1 z?Y{78`Zyg_0*28%=&0imodG?Bq{uAf0+SvMuth0FZf)=Z% z7P#2%6df-=B({;y+a3di@K5Yp3%}}7_%j~6jz4?gVmxFGx0G=tQ2GT}OA5lU8sa*l zq|OS~iey!3c9fc3^?YJ#HMP{*WM4F33&|Gnc;Hmu`ArmEZ$W7?DT4WjsdY63?0!mK z`q@l8-VKS}{uWqOt|II`78G&mj&sFNAVcV{U(W}~9;pSL>l=I$N&z-OI*0bB+lOYR zrFq|144&g4YYZ)oI-4-sGHp}z^C$XIA-EeW*=Y!slmIeVujizremXbJdB|y0AKz`r ziaM1Cx;~~v3WXz7#f{~7=roi?d{Naz3_f{ZIBn_w%I%#q!N7(hFk-nAdC znz`cOTT}yh^@(n^Qw!=6=)!{g-{xj{9qZsuEtAK<@1px%D1nG5+~CXjFiqk2KqLeQ zo?#AGP4V$@UK;s|(@aGo03k!Ob5R-&DpTX)mY-zF!#kVcjmXl$X zuz;(FSiMf}MV2`&LDOd(dLAtm-AQ}bDQ9C+AI~;30Ot6qx3@P)zwGaX436Q9+xRYE z`-;E8ZNa+$8ntM&NKEygsT#~L5_mOggznA4S0B^ouig`;9eCM9UJ2{YTr5w2&ZD@TsqNmU{DlwvZCh+q7>EY_rnTxS?Q>lCxPKsedj$T$@vS+*T9}0Mi`kSr_b8J<`vMNCQ-N& za2Il9J763he>UPH_>K-%rFC;Dw;3yB%)0Fx+mP?khct6P)(VS7}dLWK_ zQ*q^9=kY2ri4Sdi+DE&$Z|#(TPj-fme17?khN`hp6SgGM$(0+UImKm7Gv!wfOqI74 zwN+H=i|MNCXdn7yjU{8)hvJW!0-?r&3KH+MP4Yte??^GD%17$@$^tfrzwNXQ>pU?c z?&OL2G=b~NT#pdP-BWqj{>o&YvIGMl>t^X#$l=ZODqj=JvRN)Q1-hQ2 zJ`f9;F|Yv$H1mM@hY{dp%TEjH#Ai5U{GQ3 zm*S#a%XO=m4H{kbp=l4y>Xscuv&H2s(6TVq&hT-`Lt|mLd|Tar@+)Sc!BuwhNl9-j z&@w~jKYhQ`P-h`iIKCc&B@nvS+?5)7!K_Hz11|wrpuJ-7%5uhZHXutn9%Fctb#HH! zl4>R1qu?b}Ht*=Y~Y$BJ>r%uLDGs&gQ*=h9uWADqup>Es1 z3y~z1BD=yMjIw4|_C18`l`Z>D3??aM$UH?Hd}GG|qDSgVwis(Y4BKDpladhQAMg>7-H1VU&;UN1U@~ad)G9@*$!9XpE8cJ}eTBGV0 zFDwS8+hxq-CV=WY+BSd8LxO0y+{9(S%(l)pIH6*p8+xE5j?bSPoaIdMhK`M}ILK zwJm`ibI*D2DYk0jK9HdB&}+jS&z}a&7Q&G-i%-?a^)Xg-nV?Goo|urpV$~(@m?j+b z6(wBjl=|Fu?e^h2C6?0S&{MmIx{*!>DYx~9P<5$57o*?H$0ZeDv=%;dA_<2c9W?fd z(V8ZW16_ns{F75@*Oc>-9yB+c8pe}rzb&4t8m+lafAGrSux{9S@9>(-+%okAEy6HD z@J;3vatM+~mu(~%Qy9E>boiJ-V zWiSv9dl|)&KNzU_yBM0H1~D8 zzeIj0>SoGQNNqtB- zdkD&KD4#@xjiwBi?|!Dp`?7<{l{;(XL@lh9O=?#q&-eYEu2#|)OeFeDW|_wM5AO5Q z68Q==hpJoL%^m>5vcaI9(Z#Ypdd0v*q>&2keI)I1C-cnT_NEC2q|SS}5VaKO-Ak9# z)5%o!xX64k@#LUuGGq`euiciyBR%sh?3ZgEb0PT|#pZ*L0|0Bt_4gjB?!W5}tb>j$ zd^8K_d1%%hAj!lT8w2h(RCkJ)h$_U+t*92hXn(A$6<^(2C7(?P&0YseS{k-+CCbqi z)lIhj*y4aOu*=G_nCRhJbrz}P!0_@1^>q7LMe{uEl&Xq82Y?6v7Mo;Bb?2sD(9nEc zW+7^P1Rym1ck)kyGy$RkKk7j2TPY~{7-;#J_pu!NDZQrm)GidT;|ACD5G{}uLQ73$ z!qS+ylGCw2^U-~d@M9^d{asxqktEMqy0A<2C?HF>?a2&e8ftj~(8m)bBJZy*E;#|i z4GuD{5Py#2u)C}&gA=mdHndi^FRjxl4)Lr-_F6cff%W?NjgCcH3B{Z7LP}GEzF8{{ zM|@lbyoJp^?yV?%2`X4NG3F|cN6>b$g@_ubclt+}!FIfXEXs`GdA^^M2l2;I z)%ILH{f8n7#UqMV>OgMOqKCpun?9QnuEI1UyTyNe6q>mbi%LlPTk%7(4+Bb7C<04q z?zp*kt@Dd{mqwIK*O8&(bCInFx&!;~9d^Hx@{9+}VK#x9AO}9~!>J+C%HE8WUcI>3 zIfj}FtF@kgPR_}j{E>=r*yq{k1jp81vv&Jtu7R1_V;Lc`@Lpc&M*-{s=HVIzTH-t(GbLB=pc4Ko&c>MuJb0B@mFs zHr%7X8O*OA6$0oo4vMWJC&?-w00n}M6WQNSDZ#gA(g80cs9OD7K0}b@0=t&rCUNa= zf$`U2?<63L+U1ld$@mD!VjTL@--5@lAAPC_yi9nEKXcvBHy_oJKs%U6M#-2so9te_8NWBHDHp7+Z)}!!?e-J-y2%e%eLxP( z1`8G1Nv+5in@tp^On;g+x?Td3-ktd3(ccNxjFjF#CVVOfbu(?#nvx#Ll}i_GiS$WG zw95ijFXfzl!c1~oea^rZyMm%8MjwF zjcaTp4oPW8PT-M-jxIDe85L7>N0Ok*iiudR-$_PS6Bi2!fcR@A*rI)ur{rP4Y+bw+JV|o(SfYj@)*bKNXB@R zJd6Sb*7mqNNl+=ykp^sZJ-_>q&I;clw%XcEL7V$kN+EX`^D3Jcy8G#1x=X_8tw09d zS=Q&Lh+54vcS9p*UQ_4iYP=&707mL&T>5dY@^I0H?q~@N0O8VWQE{z4L8yk8&&u&l z+CEQ?U|t3XcJVM1x_kA(%5SR6s7Nl#o;pqVCy<9n7MMY>&$&B}LLR@{oEKytJ+k}x zaj%eHrB)!fVMxk%v*v+MT{=n<%UPhCA9K%p40N>bk&xmxK3_k);n)0O$7(uJ#ch9+ zu3OUPM*PCw+S3BETqRU>47Y`%jo0_cLJiq61MEAmqxdiz9JSS5}|rKWXbH2|_~}1bq@xr6Axofi&&?XtEqAR+Qbp&Le$B*j_Zo|A5Lj{k8a- zZ#^n!s9*1%Y1-DWRm4Qg`jLPQRwa1jMFXtjnZG9}&|?#{oLb|wLv0ZHC0fVWIsJRL zNhwUy8xJE7eHLOI+b9ikwcdluSpK~a@;78B1fo;lytE6Ja4~Gzl<#=fDV%PaAp^Zz zjjxjvaUKDUR_G8%;m|@G=aOrQVUh6x-?w`_Zr-u*rCz~!%Zm6PrI{f83`-iN!_G7H zn1&{ry+K;7SJn#rz|eVBZ+G$f97}B<%ixE3GW^%7ij`=`pZGdQFbUr;H=(UCM%|+{ z5wUxSg4>#PyN@Tzeb6hO5O&`EPA=g5LqK9R0__z2K`;FyLS8FflCRML0}6wcRJR<< zwq6#2SHM9o%ZL&yhIW^Lz3b5u7W}ljzD`1a$8z#`NozjUQ>=c9lT9Ep9 znUX-R29HvDA*(^Yioe3$pfljAw9)Z_S+dS{{&lwTt5Vv_jK7Wu@J|g95ec~T)PDR} zu7peNlU|S3bg4zY$FyLxxa~CGb_39<0;`VicsKKqCtjmWHOm-8kfh>aKg4TEW7wI-=PlqqS!3Dj)}@--)u<-t{@K#@<}ldwh)sIT z1xK^D(&y&E~d+uV5dSyN+fSyKmLT9H4Xdmn5moZ9tnJh|~s~HJFT1B|xnsQ6t zPd)Wo+|R>Uk3e*1zA+wiTzS9arZ!T2B#LHppN)fapec_r-yB7EcQWpN`Sv}Fqj0&R zm0IcRd(>k<3Bo-e;E+`rm+#|5GVY7$)6Nzw!d@{Q$raznvr0}sL2OCgzwSb(9K83- zVljQq^$=G($%fLdB}|fjLrK%HH2e>-^{2N1CFl%0jhfH+%d|pxGlTfKjm4l`*q3- z*$4%j)UXcPA=o)JQ{(3BW%!DXg|^|zSRddW#tz#{*WLQPyr4n*p0O<~{@+)To_XVL z*i2XZdda#>p1}6!;k*RTqVuw8+#Racm{Hw+Ko;?xJhlke%P2a0ezM95snXVXY}GR@ znXkTzzYS{bYA`*RfeX&DtL<01865mt2hzUEEe`8JUty-HpvTT`+ zURT8&)~1bYySAnWm0KTQ+FP7g(cLjLUX?N|t?cP|%!odN-GoliTP=OaC#U{eISQXTUk(W=i|u=K zQcj_1L&o2Q$?t#c%hE8|+lOM+kPWp~pO!;D>2Dd)umq}UeA`%w8}X7sB9swcPU(jh z$ZK7qQ;!rAkA;kDB3{wGzgTmg{fi&r#O_f%%`E@gre%rB(2hl5AYVM)zL9|7Y0^ug zg*BjJ?)nwAz5QVoig;;HyV{@KGR&1KR99nR&Yep>0fR+)X6;fG9rDMJl{nGRF*_Sm z0q<*-x9=)bzOn0FbB5|f8LuKSJeocIT|&o_<+Fl&hu_INMt{K3`Po@(KNtK`jYrXGn`E59rQ}AfRpIwKA~)gbW1aF z*C5?{gu7RI)I3Wb*gia8#s}yy%Hzxp_5Q-->~V%Ga9R{rZ(NJ_2`}NJ?37j!9upv zVXBeJWlL<-W40F`gpJ?C*OSMI)Cp%42nw8f7Ei8jH=(PxvkHwD)u8GL&r_P7k5QO5 z6r`~>qHZuj9Dl^o?RS>x#*FxZSxQZNyWk8-&`AN8g1d&)GVv-PF)g&S2--ANnT6JQbHa0a6ATMOW z!)SS3Dms$IzfouU9lb@aujQMMGQa8Pj9j-%Y2>7!EseYWrDarM$)Gc~BPn}4dDgl9 zJ`t=gEdopT{;7z^4sHS`zFkh&y(&P5%ul>6I`!dVO*oIr;$6U^V-lJ=u-ht#?i5h_l#_rMq&w{6O$I*LTHzIQlaFxBJx|+-vy&oisr_}jAZKlrNDwK{v*IC$GwIU&H2E7W6(V>FH zJr42}uOODTi_#5BGfLo1bcmfKF&U|19caq6kL8LLwttYIiA#aZiaKKykbB!?wa4R= z0{g`Q>3d~qtS)rMcdL~M`;;deRvJ(Zw}1(JYS!|55!Q7nH@WPyW*spM);Z_C@@i=& zYT@ljKM4&a=~T9}D^a+3#B_!yPl$wq$;YPLZ6YaGd{(h0L@!SbH{N&t)syWsi%$o@ z1-LVGZqC;iTu@NCcNc3mr6?o`Px~W{dsBQ0IQ!>7WjIV=`+Tz5_L@##Jp`hXA&s!n z^PcDv?C*X#ZiaUY5|0s$^j?ilaI9}L!20oXtnz@JBi~5x=AV9`aXCk!!ri7jASeT& zkaiUaeS-dEYP;@Be0z>jeFYdg=Z*2p-tEKD#Hk}?0qibx_V;cQY&|ANcA+XG3{*s( zfI*v2^kJxVomonwcN$sFGQF9aZTSxA98NOw0w#6CE%BvF*1#Go5F77Xq4--C8jH_j zyRN~y0}f^Chee;NPV{L{{iSbN))JDlCg0*MFBh~h)pS_A2o)md5sFcVFxknf{)xk-(ok zTYsl*Lq&J)`&Sh~+@Y2TIC^uTPrJ_`=JyGtx zbHNNAx>P)q+@s`twQ*|O*mAUH5M5&(XxXuAPIb|SWkrdzrvUz; z)LaUS;F|XUQj6C~@^?2hvN8ui+)XV@wCI<2?=oDPyhjAPey@z4;2pzBgxq(8D-2qj zp*Ji?*_v|$K1l{dc9~DO)slns4<_vE@i>%qTv3Sx+o4`x{w{9)tHy{_SQdo|Sa1s^ zWMR3;w~#zMx8NtnQL3WuZMt7Mo3Qak0hjzu=F{)F`4iD14<+nr$|!&|~@5uk|>6>^%I0f!mU4s#wGe$$AU*0B+#)3FUU zuvS&({-&AF7_zUmoriI)7XymvvHol@W$)(itw7=8FZREq;>)_ zmFV~n2-f4njmUu#J&n;Sr^N?!Gri=gcB>tO?bajm3flVn-lT!;vH~5y92mSwE#sI~ z*Lx+}W*x&$!BUS}{j^VEvKZ=vHRgwOAMrV3%pV$I4VzZ01FeCo%1PW;huP$)05c%^ zW`1Cbap&KGFNWCEKt^n4yk_2o?c~{3BN-RIS#$Lq_`T?KqYo)~?+o=PP+T3L{ z^nST@=Zy^;jZI4t>>k?52l>g~E5-X8Wqf_umGx0G;s%pBvs+RoiLl2k>G0aG* z8!2biSx4pY(c^RCb?xoqrBu-*{gkRj2f-p(P5%3E2I2cQWV|F`;=YdrD^(sMa(2dW z6eID5eaUM%jU^^VKuI~Y^o%NnWzR{7uA!=?B6MkElm*JO;k^nYN-DXHPKaSB+2@Z= z2cxnq9*;xhXlhrm>2IUm6<(YHV`W_AZx&%K4NQ-}2I+upL~H~PYWAk-xXTaOBybEh z4%G{sbd8Siu>`Sfhr%EJEw7xSu$z}Lj=o`bnM8&G3{$?1zezcIZg)_Qs zm+a3oCCfTOs9mb_hmHd|h8QDzKGrS+6>Eur zc_n@0=8L$1oE*f~{#b3JWj_kr`a+?728zW$h5J+(a1x5Gbet!z25#@!^{*kZ>tkW1Z43Q24l(KJm{G_X{vDP( z?8LzheCA0OJr2uX$aXf{)JqO__(;J13eO^d>Lus=X#`XK^argOn68aO&pL)IEJ@a4 zx(C#lVq9jQT*lrg6EON@mlO;YIQ_LnU4NY#1lgSu9cR^L27~rAF6xFwq=-E}aI!tx zvgYnRrb z(|En;kzN_d`X!$`2V3dliT`$b%6P!EV~@qQ#XrA1XR>%Lrb^?v7DQ&hzIcD)9a~?C zg;wu)tY)wJREx%=pMAM%UJ2twdOCY|SnKf>eT&y(pjN51qwlt z1s&O>;3`_Hq0I%$gQN;=Uz5c;b4IbpEx{hud=5n6Bb_3?^>9*V!Nl$wjz}!$RktHp zq7s|}aE~+2_)60{=y9RusGHiXz2$N3Ms=5cUtYBPadnjweoUZ#Q>x2OEy^oDQSw%Sp)4h|&{`wbxRYqTzeDUE>j1o7B5(9P~ckZSLcg{b=Za9&tlLLOhf& zy7-CX0dT}6UFM$}Hh5I!Xr$=Rb}~9cxay2^5Imj@ZF_m%xz;@1p`^TOGV7U$=7y)y zO|6g%%#yrvis96hPwcdm`9|Bw4ZQ=sIJ zAlFY2hChWj7G}=lrro`88w@oAo-z`CCUr@yQ?Fk~Ea+-+TV38h-!P}y7yo%Ti=eRmg|KKD2a(%SVpU3u}J%Nx~Aswy`E0uS}dOTE6payzhJ7xXj_cma5-4GpDi zu#wRB8r-H~Ey&TXHDir_<&OZ|3U&i>S9nPLTS?oqI(=qPsPrvM$4FQSUHi-P|CLe#+37St(8=7(u!y*LqL`f%5VxiY(1)L}rO##8 zX@SPaVfSsNHz$f?r~&b`CLN{Xe?0Q9=lof&CbG$&C~hSOjMptcoRsZEeg32Flg`>d z>i%!r`oqNk$6NOg;oTi#r7!5H;{Whz|K5qeTJpmjf$co+x};BXa-XjPjfoOQ^!1a> z?YV3NV2j65_`@?v!rswo zM-LasW)fcP`5UZB$^bZbkr`au>$prSf<@-~NCk#dF4XoOx?Cu5nMFdr36l24s6V)}+=cE>tTn zq`W~E@24|c_8NCc&8gKonOlhSc(op>l0GJ?V2Dk+L``kO;D2}+R%!*bzG6Tc^ghV# z{ur>S(at1Szgj|Z^wg}d=Yivy+<`9~*}Nz^JLE_MC;(Ia<*-p#z`8*(l!lufU=wif zt31y4q}3e5lnTrnbveU;CQ8<?jTfa|DBpDUng|pzK2}!N~|(>xLNPDT2*+3fTJWyiwrNC1*(~@ zy+s+TzO~aL9RmTtuTv4?jExopkAZ3YxU*^R8L+S{>YY2w-eJ4*@;3dh@AQv@nGy+S z*eZ04*W6+M+xE)9E3G)lgZ=I0r$I1ix)e{v95|x9o3C-@BZAWNZU`i_O{zIm-f#}U zutWQTbPdimZ)R&D0ii!nnviFNjed5pr&NE}%k=DZD>ZaJ@W?O1uG_hhD*#+jow~ik z)sNn?-nnVk|A`2;>b(2VcZUH)%WrmB>H<#87wF&55IQ^UL%8y_>~3|ck=X63pWAN& zdbek{MsI8VeLG}X4GBrQe!k!=SvCSoFKWM9^<$d+OYToo?`NIvGOjx{1A9P6=?cy# zQR;wlWl*x8Pq?!E2F5ExG?NiJ*#1Ht8~ldW%k#|A-`wpz zQJTfMMuX?@URHApd>ufKuDqYR<$S^uZ`unrC6K#!@>X!dyZfy+DbsjJSo=JDzm`@Z zDFW<5M+*X0ERyN+4n2ce`@-(IIG{b6EeN#LfX@*ssP%`IN>yJcu2TsMR!B}8B028#n3Zu>4WTX1t6DW1)bQu6E3Y3B#(_iVINOUGNhs}HkGyGKm^!yP- zY0+^GPh>wjq^N-&DdQ+bh*T7rNSbbLyFxj}nyi2o9<}IA2$ZO&5;QoF9%Ez#f9lXu z?*T_AUAR(n_$3^@x4faTY!~Qck9x&p;2b4=^csCz7*(8VK|H02k^HS3mTkKP)Maj6 zo^fnP2df)81^X1+A{cn^cJx{58V7V4jPgpck+|RlA9|%}rZCT7YS;S)L~OAbmCX7L z{_=87k!8&6;S;B;L*vhU8Op~amQzST4<~eD56?5x_=FvVD)bX?;|Hp1iDT#;1~UsA zC(ZZ=m|;JX>vmWS0^4f@T!~;l>(en$6evcTCV@%892I#HYbocs?oa4Yi!Tf(7+Gu5 zIkuF0u)qZo$4%F5G01xV(OS8%%&By7^v~Z*%~mZ!1uT(&oh7=zLZjt{$zxw;MR|GU z`23|X>#r+=h@hvpdd*$Qz%c$~P_m_UY%62QNZni)BMV2n7XZ90>hY+?x6S0*ZbVcw z;bWReC`_ssdcK4|-jhk$g8+<;BVn|l79>GhADM^a-uKv2&H8j3%8?2roqs6@PmG~};WKw-5$XTU(LR3;I~AzL9}%~eW7yuc zj@yw@Nt^qihE9lv|GdB=tUb&3&@M>FLg~U!ipdKmcB_gSr*!l2_UkBf=m;}xbfeD{ zpaOX<45$VtpP!~sCv}6WJOU2+7L6t1>fWaq4hKcM9sH4o40b{|cFz|c*Ko}219@i2 zFN@v!Ol}fvzc}t~at1ur_LZr|&$&xtJy0dHzt$LvwuFWx5uE`{l{4`}zaEdw_0ANL zxFW-fdEIlrnFZ?vhwMaO7~72GNd4+_Nq_(&HL(z@*vbUQKFNnCtB+FB!>d&sX*yG; zMGGsOCj{zM+61vA48pPnR>PU;I*UJIyhf!(H#~g+-kidc2h7ORJX#8}6SiFgz^SA% zO9S>GfLRw3LpWyTW3k;K)?`#woaQiQV#_aN8Oh;8XFB-0voRX$>McUR6nEWj%})70 zRwe3E;D{S5&LDpjup)X}7ijP%$#fHdT+4$9Ebe-~N~|KY?}QokS6*l55v>%F;n=rb>KCKa|?(4Z57=*)tOD{*0$x7B%lS; z9Z7Nt;KWJqtwd6=g~g(i>>rCTpI9GWqs}Ug6|}*J$0TwCwidYo^nwLYn~P}zj_H&l z5-kBoTZTDpu`>>C?;EToHGWr8jswAW{XDdfD)TK4cH8}~?Nh8mY){OE8e!aW%f>;pml)>D!bhcBY5}N|>I#$eTZw@g>rr z0$yZao(Wq-4c&Z^@GtU`JayMRt{bnaP6R6x_FR=I0gy|pNq(0CoN3vj|AGYIT0Fd; z@EwNmnl&LnCCU;0LWP-vnjW_)~eo#FjmKh!}^@C%YwAE#@VXb zBP!f(-oZ9YWf(vNQvnEJ?FjncJwVh8LaLP+i(|BFuQr`2bVkCpfCl+U5^if3y;_fR z@4SMv-g79m0s{7^y=Kezf!pV+M5mSuEG#!`TCYdCE{yknqmqdity2P>?PI@X#R6r2 zG*J#fqgjE9Ooh5F%i$$=?jl-LW!Qrbyf^B7|4@o3>o28T=5_Izn7CeG+|6#if8eb3 zB+ms<%G%Pk#I*YDin}wL3;pfE!W$d_v9jw4^KaEV>ls4)zsqS%HRxaO`TjLBU{JC( zRV>zK>k*I(sSpQHn%lAw&_pKZ^~vV2#{h4zMAH--MX=w;LetlH+Q#(dWE7xrdJBF&u9>UM)g zi@Y(wA+DQDT+_AOFM0)fo@jIq>sf!exiJ(~9t!bVU;Wx^(UKbh3cQWu_VRwb_oJoL zE5vzX9laV5V_htcw!+j`#(#)!JJ6r;DN*qe5{pdOs{noP+*^N^P|FGUc3`oPM%SwV zwI&vLk~q>Pc9v;bZ0M_cGPeoj$v!DKrFxzVd;HPx#g>~MnZ}`Rt*@odduG#7m3Y;e zF-i5`S9XpN{qJd3x+iX#i@+Z^0~DtAgoFSD8?k?v0Jh~{JirLI15Yl1f!2_PU^^bJ z=+<=voU>JLgG&0GxOU+RPr1!%K!I6RmdCK?miDs&hE=VKI0@AISBBZlEjchd>T+)seuyq45@q08+F2vx1i_F@6 z{tW~CSxs}x0ZBpIo$hTexZ|k(=Dm z(#-d0i}ewhd6>027CI3{>C}}jGE}Vs-!iyI4tRzF$T6U}0r9EN>_927V*f9CuefcP zGmtHD3Ofyb+Wt0xx`)=+$N_3K$LBhtJ+eyxlO!4+q!cpVWxiV?VY&YDM|Aue|8GGz z=MKT2&&N?g>>HTu1=>APZEYNa?2ef}tg|y} zuo>@udtJz)U2mqoaHCb*kUja+a``Nue;rE4b=gUlFnHif%~`rqKrazG$jH zlAxO?Q<$MXIGuZ;FPG9bTrJ-XCuWduCMf2yt6b!3V&^}4!7(yH7H~Rwce@PT$78P+ zqS~?043uHD<@cz&AN0Ze{6huYV(zmp)?|L+U>BcH>`b9Ny54M);w}ZAE#H9E#Vg+3UMgCNfKSeU6AtWK$AJ;pJ*RwJX;1)p{L;g|;L8$sF!w`1!b_m1H`tX@1`o z*W83}+nc>&^(qw~Gezg4M(qE#o8khMJP6SF)~e7PPFe+>wJ%JSQD2@NUk z`+)VFlU!gFI8hv83W%S`$W>DPh35RZe4s=Oyut-^T+gI?T%bEq{1ps{%QCKyp4hOJ zJx5^E5^0IQJ{fa*LcpAcyD#G8{^OBCcKMsAfY)hp)wcsTb%qQUIxU}2XtBfC+aij zA9bH_)@1)t_ep2%f4X(wXRKNU0IjL_pbrE-@o!teiU%z5Tcc~%FmYhJyes`vl9SHP z8^GY?UOo~2{r7*_BO!v4+jOS?_Sb(skyRcL|BD6rXHxMWhRaSsJT2+3w^$jdCG4(5_^u|IMrYqwW(<(?9C|TMPe>|NdXL z?m$cM#Y>m2uWBaodD^3*)ae948`(2I0V@gQ;lJhH1<^sO+qNbNw!}N1=L5cZ2S{@0 z=5ikV)$C+v37p|UwSJOQB3$o`?~9a-^1Hyx95D@~sC`u^*}dt04FNwFexK=g2Q#l( zMB53JeUwS;U9$<-ld@42D30%h1n>!&m8smJH zqn}|}B;J?@n%3{M0XMgX8o9H&VBXw4`~5n({sQHvb)4gR)mmIF(*{5Lb;%c6y>`4 zTJ1PEP23G{%yorxSZdL|n$Pt2+lI(Re~Egd_;WFQ z#`;)2$?l!R>W0Q276*p_t$CV2=S~o#R*GbXbs7i67dNg%VFR#yweDC;{tKZrwYue) z2~)V4e1~yO$H>6Ov*lfK!)m``f3sR0vD({8UflvVS=MjcVt`8?Go_9A7_kjlTZT<{ z+mA0wxsL)<()13cY54UYs$Su@gV`QPAMS>6E#+#asXDd!WY=B8HbocGpDy)uJX!wg~?u)9E8ur?68uGo^$y7Thur)bJ+>(#u5 z)rubymqJ&ZE8_tiuC+3W!gBd#!S=r8ObngtN7%Gpvr>lNbqOe%FEYWm$&9)-a%FQt zu-s)$m2h80@}NW4D|)-g7qVK>GF3)p#-$?2h>OqZ|1l6{R{y_4JKuxt0HG2Nm!;Ve?$Hzcof>Wm(2166ygeerly zVJTA8T7!X2)Dj_my>^6_=L3{^ zK31;VVRndAZ5&&KjeUK1xt(?biVukb8mpD^Ndl%*d#PHy)(kR-560)EWjB=uLM(!n z7Y7O)`=3zPoS#YDY8j-U1*?o!+Ok`Gv%gHCq>Ssaul*p*@Ey4AY_*qVs~zAs#FG9x zGL^M^;Qb9IbffhWaQo%5V`^z!oVkrt`0hCqH|+-Y=QBvu6!0f&;NVzoR8pi|vWMPTH+?+^lpsQc5~Op3rcnR*XvfF4 zw>k`HHt8P(zr`@#^i^V-1^v; z0nUA^S_X9_5UeJ6t`GGPI&V8%Q*~J9pI>Q@d0>b7Fk64F`;shc2%)UZ;slFy1}x#c zI~=>!9Ioy!RpCQ%#>Yn=(V2x5H01d@Ut~TpJH1%taZB$ z=;8<*5tm^Eti)IXg}{G_wI(q#S|K#|5V67mc+9;@9nwpgR*I6UG{r*pC9GSMgGDNaksJ@QEoOUT$kvbaTh zc*-5qn@KDpkfbFN@9QoLLqF4GXck>$Db+9Ddp(dO>{)3; z7pO+1@IsRv_Q(LZ802{#4cz=1-MH;M`%IAJ!8nPODBg=^*^fKQJig3 zH=VZ^rwwtc0KnA2#U!B$V0Mjm>4>Xe`ngc@SUj6$^Wv7yd>7hsQNp=4;h7dF59qP0 zJHP5P&Z<<(59rbPBfV5U|HsM?F56G&loq6y9F@=4{K&>G+N_XruQcBSK&dYq@-0Mu zZDXK-G&(iESG5|FK!+^dO8mCv?n4QrRXxyp+pZXtYCmh@%XQh~MlDJGB%4ct#fbMJ zy_nPNH(`p)%~6z}#^JH;wdXg9!5aq@tZ#r=ow z(Fq2G9&OonmW$0k>4g$8V^Br4VU`1lDqcN{RXo-ZFjwh=i9YgW+rG@I_BoQnGaA$f z>ZwBg;0%Ga;^(KkzS7iqm@6;b(Gn}S2@BKJWcrl~hdhv#c`elX2I$gCK%`^60oX}S zDIC7>nrgv{x>qBks_85Q*21D@<62XgYr1qiHyO`#m4~f@%91B`gh<{b1`#vcM2iQ!YSJlu{P*AIkN4KD%6q` zoxmlHeEHR%yH-mg?zCSoNC>ID0~iYj9k*`j@x<>GeL#WDfoTSgOL*ef%YIA@b-Ne^ zcIR=Ez5;*u?mF>zfnSA}M3UEPP;IOA_^1KU-3UC_!;t~QV!KydhA%yfdaZbdlGy!6 za;!EK1-uR)?D_SJX0^s{(#!y@G05QRf&A+Bd;wHCw7DNQj0#IA ziotgJbXk7O;dO|)G4y^r$L0+k23%(`RIlp0#boXMPAWWgl0;+6OOMH3S1sj&R7cGO zELRR~?S}vCv$q?|Zv|Xp8Fhzkd}9PCDRe&7v%1<{k-GWgUbTKR2ise4dlYjkj2}K` z6~G8K$g5EpYE?(M9=)EHY-QMN2h-7o}?8PNo)ISXvF0BT#ERcUJpHoQYHs$iazc zBP}eKG`i-mc)Kw>&H=zqg<j&dXHK+u3m{+pHWp)h!s+X?wY~z7GjTrHQPLOHB+AI3R=(AEhu^q zn)Sb{R0(Q-hwMsi+gXu#^!jNZD$%J_MKCNmCu7U(JqP?s$7<2+*0n`QAWE@UvUio3 zV%!+qn6z^Wkr&W&{K-UsqGirEfF^ApLI26XTYONcg9e~s|Q|p=K3%+J09=n)UaW~nFj#2 zt+thabF}N$if^hd!g!?{z-$44-m%ov2I&OMhs_9?6&>DcVHShpUuduz7d^dRV6+#) zWics^wgr<&?T9muUW~O$1wa86bD)s!lX-nx{Dn22L^~XNd_|`e8T2}0n2G`u7_l&K zxr5XRY>zJ#RnEYF!L40j>XB1TS&l8^4&igD{Sl;GO3A zcl0L{8;HL;a0_^WX`r3DA$%p#lhN6xLCagJtCBQSEoGuQq0h?xAsRq>tM4|3(Po20 zHxc#U0A7oXKUw(4)5K|W(pt%W@8!@2h+syYxpFOO9{SXN*LvaW7MVK#LX6g6Z+hvh z^G%X;`Wm|#%=AcrJ5R2j^J8f1Qz&+YDMd=5yYGybtLb;0Yz3t4dplNq!G2+a>3O6- z(3O786~p8v(hlFWu+BtB0QG8%*B!K3C1}xx7I}v2aAzL;sFd+ZB(r3r(xxExk&ZKW z`u>WsNX=r=YJ=Ge1aq3mLL@C@hxwxSLQxtz`!FioR(1>5FHC%Q8!giQo3wVszVJe2y_;)f=jP zbSb|Mzj}9WKN#DRm|i-56pXg~$Pr2#@9IpoS=?nm4`#Z2?{%}b*(v(~ zzXvl9a@ql=0{9ML_R!$&x>*$B%?B+Myq!6q!RY0}CHlt!hC95G3orMs_E%)ALU+aH zXJ>DGsVJd4B{N@#q(BuNG*#e$TFRdmlAgj$owa*T@KNxmW0-0xp4!9lru(N;dVZm^XQy628?EE)!7|hRTs3R%>{%e&OS^>cQL%!PeX85RO{H)`F=<&hz&zroJXoJ$N7@LFn z2*Xn90r}(Ap4vzZ@&}Kj!GP_PvEe1bM~ z1+Doj+iyy5HP|H4u}Oa394+5agB4zS9FVia+aID~?r#q(2t>{v#m_Owr?*_n2Kn+i z4VI+Xpl@oSDxf_3b$#x4JohELv2XEd`!s^vzAw!x76UplvX}Biv#L<`rih54Jx;-Yi+$g+;XPlejXh@OJFYZsA?abm15h@&uf-eGz3yP| zJ0y`Z+%nwY=S=K^G-iLErCb(cQM9@_6#C44!gxE2E064o(?q%3TUxe`V*k^}SYR$t zX&wN#4)9a#2bQ!51NRn7aesi^QIcl>a2aX&LK`V#ZQJveoXdZAZSMM1jZCCERWTR( zXtkaNHy0JaZ2PgBn-F65evpDSN_o5Ib|cb`k7O4H&{>WK^<$#%bMLauZI~0ABNc)! zbgfge_)XT|`8@W)9%j#~6;!3^N)~F}70{i;v~DpH8hzRvdN80mwq<|66+SQKF$xfM z=}Mb>nJP*ge5Xfo!ozc=Koy8=7rwZVYEHRZ8>9+M5c#;JUu1+L<;9@wda6uv=a$!d zr$F_zuY`(E3rksJ9~C$`_y&)l;P{8dxD7tSHG01HTeeX>><4QY_AVkAK7i|)^O|bC zGp3PrAkD4MqtE4qUeN1EPiqLX29>1Na}6v->SO?d#8(QKn6bjLmnI(kHuVuY=QOi7 zIb6d?$)i-zzf>p4mmgkvT52aiSoR?^h4_96-ZzOqEV@zdSpc@Xbxb&hL^WZ zT}>}*uPR+U}Jj&cL zoqK(!KWNC?9pIhFUM9euBw9ue$;%`ysb=SY40r;i`l#8_$3BV&b12Ir)`4UD#@!D` zI$7;<+<-FEj?VZBO<|tl#*Y-V`AxQ74B(vua#tlLir|`|or7JbXoAhTb3{ zwD?(l&Jm8%qpZfsvAgdOHTU@Tld>~}L9y;l8kJ_atM8@Wq+Xt@lFO` z**x-gPCH1B{^bC3V-CkJ+QN0e%*fFncoEkzlQYN;5Qk= z8XtYopDMwMo-J;tVisR6n1W(`Ggbkg29E@v{Xuf7Qnau!3-K&%L6i?1Vl^od*E zufxog7JT|nnE4r(pE~*ru89y{n^JTlA>0Co5)yf=nr= zq9l~(3wng#1=6{r>m7sWNSi9YuJPzq2jfo98crm;5b4iuyL6lEEHw-E+uW!Vv2`{O z9*`~BKIfrYk0@%urs5a^0XXBx|1b|~JoM$N$t9ykuK!athpLqM?$F5R&HSfpWL zmzkb;;Qb@?VEPA5SF^^^LL-RQK9B!?tEiwNpduh3MNtrG(xs!) ztAK!Xr1uV?BcdWjKu|(QrAe1wLqLT9p|=1bgx*3=LTG`z@tn7u`}+TMfA`D1=NlTb z*?X}`R@7zlG10R3ro1ZejO}ss+|*QP1Lntl(J}( z^`M&Dh#tJ=78XL+IPob)(kw3*z4iVJGI9P_3aPBg`hlO9t}9~+pFDHJ8ldMy#k|f} zmJmN{a`WWKiNvF`RRqSriA zvzY>lw8HAQ?Uu>H*st~n)x+#k@B4pKXP>K-XW`NfX<@hSe|2fiP}H4oTdl?k*&S0j zTBYNd`c;wcf#t;&T(0IVSliI@lgK*wBQ+|)28U0cG$usx>b#i8`SLKK;Vt&`t0;bq ze~)hx;p1I)ONAYf2wpN}vd+g4c5|3tBq(aH^Hwfhik(HO3wv_6j_$otT`%q?hbo5A zGJ5Z{UQ#}3E^*QVcI9YwgL;eNB$gIpjA%i}0|&{2`0n$KZaosguu{)h_p$cI7~w17 zi7{(tSO(WYRNH7Y%~CW+zU2x}21~LU+@wY$)o9(hoQo;%3AMAmdz*Ck2mY+CwEgPz z#e?2gAlq@wsEQ5uo+(OVw6z~%>UAei-9XLbQx(_3uAU=oZ^*l{$W&al+~%FyscSB& zl^N!xg6bl|cB9u#)NRy6EQ4%%?D9~@fjh0DB07!io&C2zXk1u?G>?rCv|#&A{kesJ z5PU<81buEmG<_z z)+Yc)Sp#Y6{UK&1&YK&2w3L)knAn4xQ%@2I%1D})n){bF&->X!%+Z_Jl)G43?keRd z1?X^Z&4rs%A;ow`i#}0moTQ-M1kt`OmZv`ofl&e^PL^sWop zD~`cb$BKH+k^6FN_I-SLZma8=zjlF>wmSc>yAm-KK8Xx26btq089@Il^pZ zv=Gy}Jl`t;8J&_l-zMVl{t`0m$3iY6rosDuh3Z3}FGx(Z;_fHtu}|sEFekMCxQ*D- z2dMeHgFAMtN>S`v{Z`UPDo!M_8gZL3NVQvEJ0>GOr3Kl)q*WjKQfj0wk}aPw6nOl@ z#`fc<*!9~wJ(xSAn11^NoA(5|(Y=8OfOyIqB)fCqH$?LC9#4<3bKe;vXqwECu2UFc z^{w~2AK&@P*fA_^)N-ifnJR{FczuAT4Y((m;pvJ#Ar15#O#-zNuOMq-e@MoOH z*>3iuT7Z*AKUA73d9?I67=afR?4z3+1#n226ob9NUTC7GG;v@@MBHzs(v~nT`0a73 z%@+f!^sC%&^JEND+)LASbCjkfqy~@Jad0Oh-7N&wohNgpl3lV)d&N;XDkGKBIaT>x-j|)3O0M0#6D3Lupdmssmu&OV zVCnwrlQK+0^cA}(Q%$}fdqJta_+7^z%KJ@4Oj;VJ<3IP__R zfl@96cD!siP1bm#fV_^v@B`#(DJkKs0Ek_XMkc;4hjeA}VKwHg- zRkB%~4TN|wU>RvYCD4Zv={u-iXB({>n(zMzgd|vy(RR~}2;**OSh(883iu8Xxt05m zsr6@cXz)k0t)jfD9CZaDi>cxjmN>h3)`%k%=3tPKi7lWN_LW3W;Z*3)JF*@b+3uPl z##QBu&@r6XC;U<*rAvvW$@1~~>CZptXSZw6pn$ftvE6CghoH4fq@|Wa4`$Psu4|`s z8y$mcTFvBpMrFlwbw0Ukc{RAfYNIhlGa4dN-6?sN23o(MTOiP{=>8F^=ta!KQ zv1ZyDtRRlxW7Hg&uyCqLmvk;c`1DJ;moN%7fYhP_)TFv?R!imdp)t;DH^3VY#@zYa za&&5-at|~D@bym+sSW1&g7A$j_W6Fy1CG#mm#ndn$2>jHKu10AV@`iXxQOTGLeH}I zNT>1hdZSaEv|%D41vXYQbku>{41@h+>>tWVnDS%|S}`Lb-TAzoSxtK00o@sE*OgNSU4KVG@vNW2!s6(MCzIqP z!yC8j2g;mKmI3t$(1;cbAt?c{1D9x3>L*o;kB@r}A$bxV0hQ|OS5pzrp9s#yGNW}~ z8!{i3pY($3q$b&K4c|DoFX~8w8j*vs@9=z%hOIWd+wknxF3Hfzg{@+nYnV^M&zZ}t zVwy7#s4k3LB!pK5x07-~4&+T=Ei*zJUQyQ$g^s3^f0YgUA#vcwd*mhS&XJl;d9gH9 zs`xS4H%dL+7xWkyx*FS49dXAkpH5xFM$*$LY*6ywFL|BpBQoCfIpL<$N}?6PS|h#v zXwceL7bWi8=!J~kgPD9rNA0tV*iok1A+;HqL!9c*45A8zXP&LIDtSGW zT!f7w&`X#S-tpxpB=Rly`d=}OPs+-40Wb5TbG&EnQHdEBT1!u3J8wgoY!lTH;5&O&r2m=)hl1M7IP%?C~3_Cw`nSoFo*@QX03lvDY`}EZ=k_&@Vv{7nTm1+Wzg6 z*;{&YWCU$ZoqF}LBPK;Z;^!T2nfk4HOE~*Ciw_4dr^_k#4%x3JFG_qa6(kl7urwZi zX?ht-t49=>{#7<<&hc=yZbk#Hw?E}Ms=*wRk z2^6qyvVY4)p4(450?_p}4+^=uGvs8HN8q4?)MMi1`PWkuWuIld_Tf*87?X@Xvf+3y zgDwD`+7u0{*MQhmL+V39?$qxC0>fDnHmFQb)L^BbVn{;`C1<{lev$n(DFNb

ZHN<=`1HW(}+nBJVT zfqEQMQQbj+0n7Xqiw_A2jV6*&`X`c+8}By+dlMo(5o=azBSEAq^F=bNn1dG$4`5e{ z$bifU?uN`>i(2>2eP}N=vXdU5nB=aA3ZF|JfjZ~uyzIF|fHdoT&Wr#6E~L-d{fDi7 z>Gnpb4ZdHFdl{#JFi(emadtlf@x^xka?n5H`AbioqEu0qd-!yO1y$!&(;~%$#LnZm zhdnbVd#O(F$T8(F0(duDtUy!WCFWXJe9ntw&bW5!rDK-KT8g1^~5&;75VHC zO3T2r>*U;!&HgBhJUdVb@mpV%QBVZ}SrQmRb3$dOv+*a78!2RYwm;v(=^vT}O&cyk zweyP3K9zR@I)e?ISn#Tm6_80E%eJpL!;+fUvB~#^AMrJMv#gszAbN)cWeWhQ1=B8y z) zH)h)ocZZM;8|hZry?9(IgKFV6Bg@mMvcow@XhP~`C?X#)k*q+51XM2PqMP6E)C#>V z@4N(>qZ~-$H(JB!9tV3R>wF1-Ect7sT8z(X*HGlC*PD2iRsh{qz9lWgeN1!1Q1wL( zUKCX4dk|k=4CVg*kZh8xJK?L)>^=XN3HzXG^Zttg(m3N4U`2CAs7utn0Aak5aa{pc<5JvuJSAr`A~(rd>;k_hy=sDd?$ zCE>yiGZ>To$hxF5tk84WNy$2EM2Xb);#h@G2IW^NfXZ~j^stq%{ce0+DRweUo~#`4 zB`g`8#MaRL!Nuh!)+#ZuK;@ht>eBU)Vcq3)^(@IZscDK_k?XaYMVqyN6k^Z%V7l&v zs90=+7MC7`&qj?-f-5(IdIEp{-7hk?(AgPrG0nS*L7P+0Q`Op(UwNvw9C|n}sBObX zoOiG?ppvu&!P=TRs90=Xy{s~`(8I6`yX`r>z0 zA|(c_DUz+63sH?pFTg=5K*O^KviKa(Q0-Z63F8friWAdONR?BfUaM0DI=!4DoC%ZOOy->$Z-SA9M;8Qv2=|;Yaztmb$o_S%A zO-U%f3y-jUud8a4qK25fVEYAl0X&#dCSEY7m$qLPm7;9+nmUXXAtyM%b|2Blbh%u3 z)jI(IHKaX;*yZc6F~~VE4-#lNlvxu`8TKF8oi^==6LL2PS}NzUd`;DuC2xZaNzsn? zY_L^4(6|M5qFsCcWB;vZv7LpV_Gbqsqf(noECe4b8@Fy1m*7uTrByUhw!UkMTr2{C zMcl@X+CY;scgmL3GxzwwuY?rq$>c2jVd_+4_qg%sZJFc;K5v)2OA?1M()Z~H!pD~{ z>6XdtljIW}FD6s5 zF;XlU7rS2t!}w1>l2A=hT0WR?g&serR;A(b$m@0}B^ND9-uQTp-8gkA9(zO5OU~4B z*g&Wyi8iR%y2B&g?j-|H%BMDE|ElKO#U9X@??EV1fAk1Z9>kk2C%+GZ1ojJ|e(HP| zGs}3_EeFC%^-Rn-+uDD5rhXk$x^xhgLbN+tsI-D7>beLo_Mg2YkA{~v?cZAlwAfRH zCqMy2r+%Nw5LfpDlM#^E31MaVgqGmH$lYUDZ&zo5@;R7$$P-bmEr3`8)A zAahNx?Vsc_pyUl~!N<%vfQh!1QcM@I|J)+jq=wFUe_nxa8~?J_Zu-%-L&ClYJOiOn z!r{MFm`pC*2U>Y*b?Padqe#7xO9$U@f!<|`Bn5qdCly_?u0qqPRJzWz>HxGI;cwUh zNM~Ur#5`Hlvk|fsl}+cSWfcZOnxhHu3>THb;{S-pf1SgFBuoT6DeFA z^kx9zfIgT*!nM7zirY z@j-dQFAjzTDV+2OAQ%NTMRcvI7haL>g!HA(Cr1x76)yUhxc0_;dC0?~F;(svPAj5h z>oQi2Fz=~C|Dc-WD6I)l$Aw#>zhLaDour@uYi}*z?96wD>(0pf2#W8uHG)!H^HJ*P zBux8p1xTh$>%;RKuuL}Qf+t*WN$;JHjEL}f@wnx@?&Ak<70&cu#+%!7eHwauOC>t~ z(a*nl`-zTHAEjzoZ)WvEG^H!UMJ8-DWya{uq|Q1WmfJBBJk58bS|XvR ztDfgH=S<3Y@9QH6u#fBtUw*pyMqwT^y|D@*hEqdXT#ZK^q>Mz9&3c%mspm<+CQPxT zYs^+#0q)}+I?yEB*w+p;b0IcHH9Th3LgVT)T8mSmk00+0Z`MQ*?>z`PuCL1Vr!kIF zslv)*)Ncd5z=PGw$gfYudwENqPZR259zqFOUrrzI=yEwB6Jzd=Ugn8q9t@@fuo8D9 zWU=@Of+LIwzJ2fR`Q4tTuomM?&2H0>1ge-KJ0ly%bpslkYD7~MAls@Jt6tTdvmym@ z>7u?iDbj0!^CX(_TnuAkl79PTs>*i#jdjXtBf;k|RjEbioDJt;lYBm!z@yc6{)Pr3 zB__yEv5|AyZ~Q1ye{(h>VS&&}5v6g1g))dbMCR!5aE~8(+!E&};(F6wK0@T;Ti5l# zuEdGPyG{Pne%E|a4FP$mDu3(eVt`b}CwBlj6LCRXk9ZK>S?HxOAz%4k^)EV%y-Hpi z8mBtN?-@RX}l534$`CQjwjv)z@WE#LCQT8Q(p z#+W#wveG!7!oZ=yKM@jQ-b@;J-QbuU=)TcVEuHdZm}qaFK>oCaZbA z$5x89eBDA;jyPYz7{1!&5!^}=k{ruQ-rZ9 zXcwPb=E>C*21RC?sh#PzTRV3-Tlo5gq0tB#gy8o@!^{nbJKdm`-QC)d-mb5^L7%;k zc8WH}c=W?rpH~rK=u#MaQ&8QaxPo<#s9$bF2}5C(mHQ;^MxnMDZOEIbnqiC(QP<(X z5WF0s3$03~@-W`qh#mP3GRj~3IKP4AeCCN&lklOc^?)^}$YBkJ=yWKM=@CDV=d0sJvHO>I~Ck%KqqlRQ;X?*LY7I$AoDfdg2k?W4q! za%WE9+p-Xn-i>j~`l@GJJP%ijW7mK}3=5F5Vf(2n{}gtX{SPXy#Fme*la6vkBuq zCy7>duTCmU%{wZY`N`Ri- z3G~8oyZ(^)>sikaaeoQ`5u8Fgf)9wL_p^2ekS@i3$PUBz&GS|r+CUfToV+Y`TFh?I z8l-gf+ec?Oc7S^v7%4&zoHkwO;~oCR%lk#K@8h0Mv4;c~C5jfa@up&^Y}!FaG}09;`s)3|YD?_1_-jZ`}i|oWRG+EnL69bbBa} zirw%cQUBXF{?_FZnthU~k(K@rm;OI|=tHVgr;d;38=!Q5D9o**&edMiWo+I;$jZ0U zKG7QZx!(NfT=t!_**eR#oDUz0f4rRiP(_=Qrc8qWTZ`<4_p~&YP;3Tf%vEG#5^lV{ z4mrk3eyb3)?Md6~{@&B%ITObe5KP|wP%Tteb|N$6n5eHIwY3}O>qYtcPb>V7KB;_G zxAUR!r?qNB|CDh6Rv~l(Pz@0PnYi}Q{%$uyKU@atqF2EYD*w>0`4zo40C@C538s7O z_a9#ctVCxtp<+K&L%n2Is`y@=mEne6&i;LaLKL~Z|i z{r>jgvMPWHszt!%?)fQhuG&|ILly_M6Ye{Qf%0rfL8^GN?S~U&;=wis!qI zk8JA}hpFZ>Wm)F}OCId``W3HIcnm!ce^azb@#j(W0t%dMM0~c;pNDSf4c5)Ij3AG_ zZG9_(S%{)kYVMt$cx8mi4R1!SzYf4dK$2!TmM!PcBdv*?+pzpmFskV>Z~bOq-OdU; zi02qZkckJI1*rz_ZgGeme*2Ma9reb;C*n&JGu!*`Ky|*N=o$WHw_%Nsu-N`mW5nu0 zKt@o=FA%<(~v6eF{r^?z@1?x*F2WM>-( zFUwy^6$vDS1#ZoYZrANqSi|+i7FTC>V6(63(irjKA0=Gm9@?~i4rjjgy7%7g#ms=} zYurgPhKX;z>G3$)%?;@BI7_yp%#oUi^W-fUb3l>t(``weV{EqF`|s7#lZP&T)A94= zK=%XCB;oC`B~Mp7tYt<{`#`r7+`zLUqW3H6x=||&X>*>#xQZyPH54krs(C0In~znl zi>$c&IZO-QoPWnC^`xZsaH@tia1j!l?F`GP=7rPse$denHC-E6;sA})W47zltvUfCpZAS7*7rR)^2NY&( z(JY>fh1mg9Dx=XB!@wH;lioPEcJH|$`tY0BEbe8w-Q-;DBILLfnyt1szJ0(F(q0C; z!B&`&%;Tp<{@OQRA$?(cwk^{+5mO4$R-g>JYq~R4jSfa~%omO%$Q{AM^J@AkwV3StD^2es&2o)K`>xDdEtlJdVH(N9nfAcIt=Qb#LkwC*=P2o=d7oJ|0*ZYmRo?cEUVGMb9UsAF78Q1d9XshPAF6U& zKa<{tgL!xsGecsoJ-}bvvmt`Er^hwtod>V#CXh-9FD=K5y7^(>A(SI#W7j0VcCTpKlWYH62cl%-h2SiQt*m$Wa11 z=s3&yd4(s!1yfY)I0Q>=MEneJnUr*?GY>t~uCt&gBRfU}m2xrPjil=Xr%Umvl^;u+j*h9qeM8~l{vc&hw`Csm zxl6)!VorTw9zVSG{X~)T5ec>(bM~IA+oSzwUOvoVq z!F!1_dyr5#+xFa*wU^$r6o}DNCY3s>LMNk}__V8REC&njv;H8JzH3r1<7C7o4KX+D z`t+5#_gqKhHEEqn;ZLMbyjdt1+Eg-=`9)JJm+V9vh=-SqcY^KSF6}1YQRjklQY*F< zyb(jQ`>eLtdjm38dg{(ia%aFPb&iDK?M_Emc_|GWpayfD6RuZM&GUfc9Si$nCS6ck zF#;W^FOEVZM*NNvs8>f*ci!#6O{hu08m~@_g7x4mU=s#4T8w)ONDA%6^@4%V&e&Cn zy5ktNDFGzkX_`NCrg*)RsN6KAC_f1>+e~`1tt}3l(K7(m4EmvtxbQZNouPJUBz!#b z39K_k;Q1>dkx=>cp*-s-(t)qR#cw@O7wK*f@*)5YTpEe$x#md^oqR`=#J31V(%8g2 zuoMT_#N%^1t74d2FexvJN_=fa%1XBM?Q8>07ECQ3G3g6aJM>Jv6nvY<3@|3~vc9Ql zOXs+qJsQuo+D|2`UA_e-bt;6>3lR>(U%AuA(U{06-(eRFC}~T{+agPZhf$Rn;BXdO z>-cC&KwLk&ocvie0h2?9! zCoTbMvW$KIWg%eMMUd1pA5%)14+`g{N_qbH=t{c!L{4FeQtGHiIPpA`%6D&AbiTU= z4fe(~m0Q#C_~)iMvga2XK+3Oi8n@G231s5;e_4dy44ZHx>WbWDnAk+W)SxB&{4lnY zzGL^Gv#YI`({M_g<<|OW8JB~JD%vBAiL`ZnbP3eR0Ju1PF}_ch;^# z*AQzykKQnaw=nH7k1vjvMz7!dm*dzJ;x#h8C|nL{lw#I;#ZhW zS_KOhcn-&N-UuR`Wo-YPPn)jh;+KQ!XB zYPyeMy)!X<_PE^3pF_)K69GatX?&guDf82k9+#@$tt1OM9m zJW9~4?L{hMhp}#zG#X%vp8k~CGO-_AzDJOGTmZb$ufjzCh?bg91Hg|YYts-?OcH2r zR;eF(?=J#OR=colm27-hM`!`4lpf<@ z*`@5ykfg_H7ECNAy62gsF$!;(hsd@9bJ9IJl|5{eM~kW8lkTdUis^-O@wR$n25{lc z0%fDe4&-f-^BZxGY||FXR473L0b>OUMk+ahs_t}iD?~KjlRCIme!7xI)pl%z z-X%4_`=P*EMlNb-p~vjrc=;ntnODnDoU*^rXkMs_^WImJTHzPInm_cm*Y-DNeP}?i zNIb(D?90NiNBBDizHyR)J5oD9NOep1-bdkw4VbWEoe3Y;sdE3}i`pft#V!eFyK3WQ z4tEny(t`4pI`HalJV&P2muTimzUvR9E^CVN=4v?M7T~>SV^jOjfz$_(rG~@X1I3;g zTzMJOuO)ud-1mOg8MLa(%gad(ql`$wq%d-g;wPJPVswnBOZLly4m9jXcA4!bvt52R z@iu>*RcgXbe2=?nGy{mc(tMSEI_QP#_gk}ao&1i^_-s5cev(B<@TY4$S-ctw7rHW^jQ0w`H^|dnXMt0pmB&M>{bAF-nvCVuzso}g47;a zV^8ZzxY`;e7wt+bD9HHhOuBW}u(AnFsX5bhhD{)erk?~nnV2*_e6Wyui=z?=2`Ck^ z8}Fg5b6d}jn4!QbV0-_wygy{*8~>c*D{wNl z3+uyKXIs>qlhIWP2(TXhq_5U(tL;BCzYXUtr(U(w_gH&bZD(pIYPAs|3Ms7!bYLIu zcQ5ziZr_}Cb9{`9@Q124tHm$U?Aciu z2urfaM^B?JQ5l;8*=h?LlLblSYYmz1>JrHYIexL@#tL~D3pV%6mhm^=x=T#_J+yh$ zeD;OIUAIB%*JlL;{a3?)+~+p?C-lu4lwXaVYJfAOq(_0+8?R=p+jVd~S4ULl4y}sGjA`%6|*YD_Z|<_~)r4coLUpC4N8n3AE$;#!#eI zflHxd=C)@trJReR>1A4DLg{(j_5hS2rL1P1+~FFR;e*;$+7Z{?NuJI|1L|z0=|?Su z`l**zAl*70=B0r)mxH-Mz7yT{>eSu%yj-Qw!@SO!94_m=Z~Q)QHuAdVL|g<;t=-FO z`5tzq7N>Xkn$9din)qgX%m8Bf0tiv)0d>%?i&1>gn^ZXepL(8MUlj#V3z=prly;lWmc8ASJ)t4IixeodR zIuGEw8XJ!ck?rmp#@l+Tz4~SWM(d&#A&y|L^ijod1c8O zLYuA6lezv8MunaM3LJj2f%!F_KsJ}r4PY*gu=hhOT;7iQf}wR#3m_UT8jZNOB*!QI zIYzXOH5o`3k*L^vge;|o276SBNC6weU9XOf=6QmQQ)L3tZqM2U+UnEb1G^aF?8?sJ z3s=+rRD2I6Bhv079oIY`>hE%BpYXIaeWc3BsMLXL#8;VvY`_*-=D zcy=ZErXlY6^Mp55^OH9CEauxlXc*3uubuV2yOerk>8vEZ^16fw@SnC^d^%0lhev>* z0yRmU<qsXU4Bh4C@+<+Kf zeX3AP?W8{ku3Fm2DSqXh&vT#RJKkh;w}CjS-lcbZ+{65sc_3RJ7Dt=3ZXQg=3qftz zs54Qg3Bj0p4+?l>tL`k>pCf-;eQEf^SaXh9#=7FS7^s-{O#5X=R}`Ks?`U&KX!pJ8 z&5E!FAbKC*YWrm@P+90{HtVs@VVm6q#;*H!`x}B4fo=r#d%BKyjY7uQ)5ojg4227= zzIp(@CbRfJJ7ogdkx0iZ=SAl3?LkF{@+Zia0s)VeIdt8{dsEl;A!4jg_)6`i@^62E zqn8zdq~}IjS}o`M<{XXaEExwcQYSEQ{EojXQYBQnIACq0Tg!&w{Lyk@Qub$)&ooR=tnYvXrr#0qkI4 zq7ZqVr6>ohgM*P8>+_;@;ur3&xl?aF5VtkmXP&*VAL<@g?vgNgFGo0iV?e_w|e zF*l2kSukfH_L|Z0o;|#@9&vyuQ3`$Ipv@&h&%Kgl{~dZjalY|hUZ!62s)S*TjC6TJ zt#q^m5OVvFNV&EE>$A~#@YyaZP`&>RQ~yo#6(J?Y1aV0>G2h*129;K?nU4Kh(l{E! zE8)5hB8lCpHRJO@?kT=d6%$lU-3Hkj7~HvOBiABb^uWqyfuo9CM$)A9hrI7EJm+LB ztxSPcTv*fg=#>N7UM*OPiE8VPNS+6*A-+@P|4v{ds#jC_#dx03Qe|slDXYnMxO3a6XV!`BH-qN=1<%xq?g2#l^1R+OzF9RcEp?E7>1`kz;K@r1 zj1MXeaYi@k>{Bq@aZS2FF7!@7Fv<+nP2(e00ieB-!k-Ed>ZRx_iZ^abt-CsMun({V zrueLn^8nLl;+HEj$~TOv?O5NfAj;wEd?5An#^P5_UX9SAD}CXf?@~b@D9}Xnutf2W zbW#RkVxxVOm*A{gFdpxJAT8;(2Lv;7lOiaq-VBJ30E8^St5WKeP(@5?z7&aqWPzn> zrZqGVJ0~`gm=yxVlPf>qNI2qZP+VRD&U?8}JCcseiDd~wTqhHGTMNiH80kU8hjW|@ zD@P9MEjk1X<)96CiN(+o=WK@@50T6TvoeQw(Sc51fJeT=P}_{&}RK30-1^e0B^JFI(c!x2KpR``I`1U;{~4m7hroK$hbj z;!5xeV#(6?2%TY__yhUB!b;MjnD^`tm&it4_lPKehV4v@N6kiUz#XB~!}#gua6 zm!BG->x&p;5XP7XT(@&!3YN_Dy*lFWW{R|LFdUF#NB;A=hveZc20Bnt$Us3i#vT7w_iCT+wyL&pWGa*kL+4()3` z))8%%5sOFW(iBM}&O_rn@qHg(Urgs!ObNFeSJ7c9O1GcH)Y+*Bxh*q!3T|jAD)Upz zL5{|`)^<~>Su>Arxh+%QZv7MKmj*~EIC`P6C^(Qnqnpqm7A9z@kUwgZATUXQ#!Ao(t4@ge{PbN#Yy+zS5U;y{c!W0`CuJE#&pXq9MN$LX zH|e|FBT%D)o-}z>9=M0Esm9Mcx;9#d6xF@UOY?|NGim%PVSf27yun-!|cRP*7N{ArwDCGfNxx4U0EVk^uoPZlkTnbUDS1GmXknPh3l0FsMFT z>QpC~i^sY<8^nW@GS}w-lBq7h2qfQ8vSsBv%zK<5whgNYGoT0)pMB$xz^B;^$Xt&6 zwGAn+_37OjAD9C>BXjze^W>Qnxsx@GjJ#YX%XKf(wr4(x6HD%WU4NpkDyAz7b*xVM zgmxLkH^^<>qGyI{HCVa|93xa^Z-*S|$QdCI-s4)bG)SHfMOzo2ZkJ0SrS~p!a{io8 z)s4f;#!K%SL#N610AzN)sG{exbI`Kwy-K&L!%Dv5`IXSbgP-1Xsufplne6yi|MZEh z<^Tab<-M-^0-5?v@;wj6(akHNLlHrL9?wr{foedf zer)|;y4^RvHE-m~+YX9KCyJqoAC}86Ch6szR2Vulf*o?<=8Au;&#BNSzyf_{Zv0Cx zw>^i%sO#rrv-SOMT&-x(x?o&PZ-OGPB!A|O5<#x_e*{XW&jtcjh-Jn*=YFq9`@-y` z9`?7b_!}PxNVYcBfvUahhim_Xlx{GPwBuCcJ^uP@fB&gj6u9XoE$z#H__4oE=#!sz zPe$_aDR=%>J^9pWG_cb93d#@v$Zmme{P{)#QRm4_BIs?-zlO#C$BqB@q5rm4|62C{ z?(_+G@E=z4U-SNlm7F5^zyD4rPn>fet>mfWQUVyK|G6Q*{<#UTjd133bMho$vAq=! zm%qRF|FUJ-o|DolwuIC6w~k5ngf^KtA5 z_z#Ekr|+7R1iYHqMv8~RKkp0hQQ3_rBs1u%wEy&1e|%l+WDs0WLvGrY-(H>b1T>lF zyUFp#@Bhc&`0r!?Zc+cc+rKlG{~GykSLOf0yFDiqy3us3CB3^zov&9Fs39TT17q79 z>`k5jh?tBQ2kGOBtbbM8n}KM_>uTeFvVoOZH`|OhlzXMavNsK0Ta8m^#eY(Gdb9AX zo^*r4{tgQ-&3dD{zf|8tN-11lk@&Uwldp50Ks|T(QbRsY0)xUN4-Qqgf3#&v zJIDWK(8zVqnvB&xEKahvZ(20-m1hpNdWBmaHgMq!$^s##woj-*gbYXv!R7f#+Usq^ z5p)hfa^nFYep!#qtQ5MVa#9i8A%4FDKWUYWSAzVTkJG(Q0MJ2rkyw;fTT$NJLTX6@ zFk2IeS6uAoI;Yn3MZPEg)@$-}vCFXU^}Wz|(;zaqckYpiM0K>`9FP*RnFT?lEs!h1 zrJb=dN4N7bO=UYL-5r1W6mJxZnz58+{EKySbROu$Q8++N6uFyV&xq`U@+GucFUPqe zLO580ars5U=t7Qk-ADKFIl?`r9LMvu|l zw;z;I?HhWBcm#U86^woc*F*$y`eB*vC41wHx};tP!}i|`Y|~$qnS>r6aq$>}gfj~_ za*P&7w0YAVshglpGMDvT{m49+OVSqgpxlfh<8zY=LERxM9ol7wOjnSH;<0aE4jOD_ z)$x_0v(sX&60E~P26pNfN70RYFXkpTS@;>MTLuzkYNW=SP9$Hm7BJny=k>W!>k(*_DU?w~c!pgKK_D~YL-bZr?Fu)v)K2FSgfK-cNs&y)^y zMCZg75qB%5#5cZsBaEN3+{p0#zSS~JsID`UHe{3vxu0M=UBJcrkw1%ht0=-4R}ox- z>xJ$bih}}_0H)xN;)}qrfUZx$QeQ}Iga^OEGU5O||FhTtI^1)s%#8H;m)PDdVDT8< zI*#pxeuWL0+jg(edC#zweZ+>>2o(_A=r4Elzi&wOtkxtr~H!KIGtFaP|97_=|K48z`>Jct| z+QCPD3DHbaebU!E_iVfAPn^pyee5nyMWBB_RwhRs#=H|AbM&n)f2hi1mO>xi!I6G9 zwc6>UC_328G-%B^phulyBrzcMH7Uw?ir=isa^6L=FdBNir&ygrOPiTAa)$Akd{ejN zS(|jR%;DxS88zz2|5Q*xlBokwpX*}ub#~6@AvYO#kwQB1eQ;t=RXqwWHC<@ET`AV$ z-M`}T1Fs)7+2ycJ%9}M$L2E@@*_xlxzz)nOj2HR4^`C&=vIw#)IujFhlD8;V5G ze;t-wzTQ3&1z#xD2aSI_m_{e7YzktrmMzTg@jo9^Y zk!O1YT&|JQPjR^bfL@Fw#GRCI3|HqrHrxYO6tChX%mFUfOR7?4zopPuN4+J;ukQk} zYj5JhP4=IB%er9b;3!9-HmN(Wft0uzyQhKBJMhdjv}kf9Szw-Fpch$cF(1YoS34gF z?@Et+uZ59cG+*7A$ap+cD zGB)Q!9T}5!ZSUz1KTGo2KM@uPgeAT`O)2?|6e+D3@s;+c66aP<7`#>yKzPjkTz&l! zr1)&5?(6E3^O_7xjC-SU4gOD#nR6XCDO$LBH=nh8Q5!v2jF|GT*^IqlF3mr$e1bTc z3?sazn<|{_YYYaEGD-ZQuYJ-3;K+@@%U$_AGAI1BU1`W`Blt*M&_Qrbivh(zn<}rH zL5_vNa(}T&W6@1y<1d=p1yWv<++wIx!UfH)N*QBs6E5eQI>#&y0B zC4YTquD#%5$8Ln++)@^{b2gSDW~rorhZ3LhXz*v*<1dtT7NQD!m~?`4d^J-*WVMrV z_1(4WTIFN923k;e>f8=5!BmBR=|~M0yuLX;is31Sc(s0&wgA>m@>ksQ21ruSVZzG=fh$ zRZnzd#|}=mO&_Ue3dobs1J%ciE}eE$0u?2}nc)(ri8XFNigj0iOmxIj)jYmg=e%Vq z7{I*Msb-Z*8qM{znD0PMb4N#RRYs&2N)jCeHxs73gm&I zT^CkIu|`woM`KL^u2Tq;01~9nI;9h;X;9Mq4wKqx!8XmQ@zi@~OL%pq-9lo6`Kg>; za3r~o@49VCNvS$S%{Q}rf~v;5AB_Z{myYlZHD!DI6gTEk*OaV|qqTGEQN5J{(G%CJbL+*-yaTNImcH?9p;K67ePmFGOHE9| zSTrCGW;a-t*9{`_d_0potU44JQRIaOgs=TR1rGaHs|m)~-)b0_%tfZ5V3l*qzAOU2 z;yf$kW-mPDP-C9F`AT%%X+ecAJhD&@+`*&cCD7v{A*-JcQuBgmt4|YqC^Xsa=(#x{ z8y|ofnB$F}i+mS2b4~J0eTXk^#=a>6xmE_}sOYOB3HdoL-j7PxC3??F4|ZqL;0sNl zImLvxiX3uMM@3`gYdaG6hAwWUi+DDfxH8))pfvSQMujhIP1@!Uch~4wU@U_;LU3EQ zJ`JV^rBDNwiolIGXZ9}n!TaX{MxSGBX{Ivv@*pp0Y1`blx^_blv$E*t%e4d{Lzd&| zHgap>$x^Ykui3x#n}jVC*R#i^a*Js-UxHa5uL+Ale<=MrbnQthYrBjaMXd=bTXQ7z z2fI&^G=9T_o^!jiS(?pR9A8nNDkVO|Fzv0Dk5%iwEYYlNodcervoSAmyk&*1N1c(2 zlkLE9(pR}bNHa}RRVAh4Rj%6g=Y|iwDvMPu-gVO#7g^c4FR$dF<||)^SL42F6)$FS?bh)A8YM~VmmKr?tYzZTj_h^7t_x6m<)Guaxs9a0FpO(JY^|1tY$itw|H#C z?8uzHX}2@cy1moDGCECF$#^7h)3vkj?U)q8C*Rn57OZ~CjF!&?Xh$m*L@bD6{Ui=n zEj(KM7Du;ytGq$J0xg~Z)gWYbbWi+f`NOj3`~gdFyg&`=gB#UdCO+KQFkc72-sV~O z{9>**Br?siu`?y2va&|6D0`MnGgBBH^S(f;(<}b=+V@hzGLbaqL$Of^Fdp4OkttRi z){5A&klEd|94og@B|@u`-1~2)xxC#Di7EUM!z9rvB>Anl+E&A_Yp5a#`SXM#6z2#K zIv2`SOD(yA%-eK_w$f;mS;)8Id(Q9Az)O+b;#t{@zB2vI^8ovP^-_+w&q8EQ#mjIN zuj467En2k+6E*mwfQsA-8w|zI!`Hp-n_96*mNVpCwfDZKhBRm#hB@K)}FnF9B~O zz}dY0zu0@vu%^1LYuJJ!0-~TG-9i(jH|Z(}DosQ>1nIp=4WS5v2uLrXqg0Vz1B8zB zUIT&9J0zh82!VHVKj%E>ocF!I|KE@Ehbvb|_S#u{uDRBnbBr(6?TWy5b3rT-2R2rpG*O$Eqt7Fxm7W?DioMdX7h8hlAlXhgCdBPGhpO<3t6*DNd_`Q}3WeLO@#fqL1BDJ60Mo}ETsJRXn&daT}9(JP5 zRk}}0b~qKc!b{#MH3)g`xWH2gON%%g%Az2aC&SS1JXmZW)0pPWxe=V~E8r>!&| ztZbUSJ5Q^p|*rFCw>91PBx#*j%GTa~8>FuDJ)2VEz;g))!)7V5QCK1h8)9ru|;s&NzgB z?+QfhKQ$PLH_kqU4}UIoAsgGSE#lE24o83uic<9-X1={uVQ zezr1W;Jdv4OZMoZHM8}WWckAJXIfIh?bS2FWfbDO zx(#f-zVMcEBuL_Zo)0lGu}i zM45XoJcj+9A8lqlp&x8|Zltmbfe>Z;uZL~;t?Y07nZDGu8^=45adLreO~5el)DRB5 z0gQh2*qvfzi=d`xVgn&4wB~16Lf0q}YO5e+{>!?;-7_F^t*9O~SRBK@98s1}|5F<~ zvm{AWTmk;4764CrLlSeivCoYOjghqbtgGqnRqoEy%NFr67Sjq-MI2o5y*J&Coea)Y zWePvrnI(f1Kj`YWo0&hpaKYJEf-3~@7wMW2wELu|oDF)BbB#@Rh-B9#qi%bDFNgbm zp{Bav!@;gHm*xtx%3VafrYk+Hsx>(aQ8)&fzLUxR%}uR-DTCB>q59{H@|_+X4H>LE z`nQESF(fuXt4WfqGNzVA{LR!&c6_A$D8&=mT>KW z*(|ewW_k|*K9xCFguJ#ebub$oPMj%dX7gJQo&+>I6G~8^slx}^-hilQIX>JolX_@d zIAKpKei-T&O46vqrz+JZ`Jxh)zrVtU)E1k$B1m7oAAhHzz(A*BGfj~ez+mDC5pLg~ zpm1s1}t zqSH~@GS@8$f>EJN|DtQX>#MDqdIe4`2UF%B)-KqpvEwdt<_7sP+W;eg^~H+qtF}Vr^`)fT8>&ts^D+VQ&eu+nlOo|N;e??k*o=E zqafe1`E01J=`C$L?{xO*GIzb|2)=SV%Wp>ta)=!B^v(C<1-PE5WlqE$?_ZH?twfCY z(ibCcRSDa86;U5M0N#kcUzOA~73OoA`Q;)LysO#F1AmZpi}9!IYs=x;8~DR)*MWX0 zcH-N7N}WmfSD9*ezaCO0KHrT$QB`$v=fiVLjpwH}S0hib0+OiN%*Hj3pYs%SE*vCM z2%uGC2o4rLB{P2BEdJ+@ow==1z21i8bAxw>L+sf?KM-jb%+GtybdrJDYzv5k9N`b0(0F%l7 zHkey*oZRSWXP-a;WTbQS!cjt2r;ZoN-j`+T_vKGmKpmXk9NiIG4(3;&AoBQ&d;7u_ z`MQK{JYr=#sT}}4Mz*@7S5nZ?^nzPdvS=E73vge)hLuv;u6cN>D`PL&>BPPsej_YY zox5nun;`gP;jBqdUUQt6>x%k7p^uKIjL@I!rY_Sesdem8S@j>4pgu#Fq7Taw_{_gC z0C=h3EjmHfN9hky#{iQvB)lWYGvmvqt7@sGk-_JSpFWHcrc?A(||Zgs?hj2^vGgz`IVw(C&2tdmt9}oTb5|& zft-61`fzd`HHd)`!O$Ft=ryRYW$wXv&?epJbOks+_4WtBfZ20EmbQv-Y?e1s`Go$3 zo`2HhGMeQBojwDQ`!sMr&Ze1slUHHOn6J)Ewth9KIb#3j`m5z|#{4ln9P7)195(Rf zs{6G#>e;U6ir>hWel|3ah?s^Gfb=|)U%(Z`DLA%P^TwEEk(3%1 zArWyvm+)vKsf$}U0DMd8K5=E$_0g=$x5!=O6uGAoNsgsY%`NKqVIOy;`m(zm-l(@?(Hq{n3Im>C!hzaBmiuRWo}Z zwqx}%(kZjh*`UNmvzWzG*_f5wx-Y4IP~~-2GtBbIW51qt!PU^J=+WSZ2TVIa?V}vG zx5(Zf3GfoSV@BGEDCTuv5Nl zqY9}^fb8S-R9A1H7PT_LOT^B9a~9x3jMiR6-R46)c%-Y0WE&s~i+$kArOns))Z5zn z$i5l(4-$^tQ7zd_Q)!i@3|vkP7W@~nQVS4Y>NSI+$UydRXTwiUZvYv{*E#*tpt+qf zMBi4}3Y&h6o7ixX!u*q&vw3jqECl|3v&vGG3R&5jtz8~ii|ztAB058^ZZ68aiS%pQ zs@4XC1C5TmWAPO{uLJ?QyiD)N7PpAvl%{ez^OJ@ z5NznWZ1ySa*m<~%y<1Iz$x2ts{vM-)dJMoeBi9wNnbfIrn6+ZQHLZ5SCK1p|!p>kJ zy%&^ZqVnC+DX*1heOob!dLaFgxV)D~$h~S8)KX>O@2U@BaW2yuU^*b+3>1ul7ZPK*6Q2T$7ObsCRA*+!xr=yKI2(FbkieJWN)XE-CWwsym zMqXE69PYub`6ce$;YD$b%JoRgVSX5pAm=xCy8`96nz$%fo7Mnkki?mj47<*-P}x6B z;gEM~^pE;qbV%ENa$tvpuzvdxF-a@2KFp>u9KPX^Dn7FY z=rGWwac@8n>MtQLElW6bkJa3jKAL%^KO`@k0X4*v`>?*#=j*W)JUpy)YM(jm8Dr$D z-*Y^^wWQHOGv?GJT=O|`b~Vb9@HL!)mz0{j+)tLE6p%~sC9ne3zbcbI;|=f-7u#eJ zxk%CU@Kj3~DD4_&5k5I_>y_Ro>(KUd!j~!gcI}*g zemz@jCf1(qc_H^_L$Hz4pD%&ir+-nJKGgzdk>V5B+OJCdW8CkTa2p-04ZWayCBU8P z4e$0^y;x17GuK72kZZUh2j=_Qe1M)%nkD-FWOP60JtB$r5ZwK5g3@c9`RUJfd*1dJNEZ1oyLy>qc@nJu|aVjqIx5P{LZZ}R1ko!Uw%!1bWN%8ey#&oS|#?3fV?od%k z6|k06mgVN4pmuH*$Y8b01*yJmMR~Kk#)8H@|1pT*ctD*r1NPXH*E>543Tq~Y)46cF zv|HVooF-d9F6;-!?V(){@sf{j(U}DH&lOUvRW74#1!G)2cCU|^RJOoZ+AAQK??5QI z_!Qj!ompmyf2!m~ki>m+>2z_B=TW30Q2b^Yvk@)V=y^@ELaWLXSsI~Qxj4U(P&@yo zcnsx=t;{C?EzTmcfJTwX=h#*Xx41I*X-Xe$37v#+@Hzm>W)p=#a^1MIH2XO3;DO!a z45-;3!a^`V47LtLKU93kpQ+zP;povsImk!Sk~P#D;y#W-#s4&ux~6cc#%s4$($R3- zbstnEdx_mDrfD24(N}+Y{o~Ek8eiWgFIwWiY8XJy;_}Gvha2;K&zJqCy2mPx(-L+~ zUo#0_%{DMBbSsZMm=Vo^hxVyg4NG0#Go6J$iR?UkC~=BgiPM@bGqXnZP4Ett5h3i3 zFdZL3f`ed3@1quOv)@x*IX&`6Ip1(A@_j4bKr!Q+-Hv8La>7Rg08_$dttlvI)AU`- zd~eKdRQw0xNmPZ&YSEkz0D=gGhthr#`e<$f>)=B<8Lzk^`pG7k1u6cADOe_dQMrJq zoF}~DGG`C&VBpyUbunlXN4XQPU)`#^Yn``M* zpSH)HhWX=qtnzaqN3`<2D{M`7weKvZH6_ak_5}NUU5K;O4Vc^$G;we5p)N%~*KZ}2 z7~C7&)XsTn2VpXQ-?6=bh6oPDqU=4#0&H=6k}q$D@2vm~w@TL`$f{-6cf2)hvk~P! zgXen`dL}b>hUG&=KCbG}D}@ZqJkQh1p8$GDlW})QKL1u5I<5+H_nG_onNC5`bD#*9 z$`h6xd3Zhq6jVsJQ21m$MlVJ|pSL9#Pt`5uB2Xx_Xun9sUFSR%I138$ILMuO;}5Sz zSm~yGwG}O7L|1i>(O(xb^zbBvx%=Zc8m$}zxINHSw+!$eTEtLjp*G_*E;B-gvG#ot%v@&NP zw?)-*R~yh!l1TdOq1_ML^?L@HRcB&5&j8_^$qJ$h*I{Oo;H)ZVe# zRIwi?a9}+>kp*Gz2qev%Z=1jy$IVcyhS_j@^Y7V?bT6g?s1@Np8OXZC19Mt|)hsNx zI-q%PfhxL8g36%~f;r6IDU+I^C-1C&@EtHPjko)PcdZ;z%Tx>j4 z2Vv>@W?xdtrv5W6gnv7Uge@>PDng|K@fIbci??ztzdo(R)jDUtdcw+4*XTzDiNqNktV!>Zmnt*6A-fn6r(oNY#!6{Mid;Q<7Aaa zu+6K`bWyu1jbU$@qqUg1^I}~$fb#EaQ8QP3CgJ3#OMqp#I^s^Re*NQfdkNDLOBn z|2o5<-j$4jkyN3hUzZObJg1as@5?QuNn?+_>?+w_r@&|i2U)s1F^(v79KPYLDKZ!D z?-dv^IQ>JV`fY+$(4eg{a(|=HT%0G84SOGYGK0=vT~KE2`@AjQA9gD?-SSfmw-o}6 zwvPu1_`T1Y;waSnSn%`88fRMCqp6FSxqzzkHEu$fx1O#3c zzn3oP`=&SeLq%P0wS2xp#_CWuzSV7*4yaKbFYn128Vo1S=v8g9rF)$O8n|M_+RzDT zBw81aw;6U~bUppEy@UVJN70v*e;1?h%Dp)VY-J=}yp^sRmoM z#X0sOySJUDi3Kb3smyrcz4ZbxnXa<{pNq}62}G58TT%T;JDymeeObahfra2zJu4y} zFgkmF$_;nRCeS118C|yCF?JYs;16=lxU{DD`B38M7C<+|5ZzE~t6Pm!_QV#MXn4jX zcPb&4yPT_OTdT4P&M^>)>A0eiQe%aLhmz9{R}5C8frRxZnCp1(2iKPxloxUE)I~{c zLA41us68Gr@26qJy>}20TJM_yuf|43)1+{bZ;XGV+j92nc)4QkX%y>Z&5)NW)YNPF zTa+k{Gd2pq7Qm9H&v*~rapIVWnYFcQ=^19D(nAC@vH0=lnWvRDsL}r4 zbZMgHem&ct08Oj8_Z{P-cbTePz^>G4eYxc?HLLgBYBoX?U-~fAc$I>b^Y8MjenYQl z$B@cRAta5eMB~L}f1f=dRRzfJ|3jT*ko1%LB3vYo^)4CjpCB{`rBD1wDB{(uC}DIj zee(tRa25)H>1alFJHH__)~2`u_hR1f+K7N^`}cG@ z&_MzgTa9L0pM@o(Fl>q;iDI^`06$!gUA)(_d(8qk-2-m&L}$~~{~Z7{d?Ls$L+#qW z_`Oy>Up8a)=OX*Y#0rg}i_hp>H3)GLd+V5!bzLL{Wv!Yv{7L)yFW2^L{n7CBrR6?$ zVjAiWtL(oqydBoOeL*QCMEOPK= zOgJm;*^lSUwn}Nz>_>dE^fYU>YbW%1wTTt#>ID!-ySkr<*3B3|R4Y$^{uZF1FMaea z-o;C&o<`NdeAg0RcI(1t<^g;F=Z(0&Ch$5%AmDfJjkr#DMFGf*b;Ii+kN>F?!C-oM z#Qn94f9PTafV%yesksWMzLmw4t&vT9Il)PG3M-vEPU^^@{mOh=DL#!STCfQ9c%E3q zlsjAI^Vz+j=9*jWKl@m-5g=Q7Vw24`bjo|!S359(gFZ{W%P^Xf$R)p!bkkxZsZo25?tO8F- zjnm>lbCX%c=UlF-&CHHbTI850Xk)}7!E&%c9S_OY4C~%0DdRh{`v>Fg zfhegZt_?sxw!5tIa04_&-gS=XdY?DM@`0bSnj+^HO#%773xMh{9HKjr^u;M7Ca0fT zkS&u%{B*GSm%1C134mA-8N6S33yG|lZBolH7|?o}dXHN%XFSnKCEKXn&D;%dV!Cts zgydR;pz8y-i}3xu62PwrG2r|CFS$q{tQJ#$t`{-xfK>4jDLl!GHO28)7V%tMz)wz=kdX(q90*Ao<|LDR7%1IV}`$K$V&rX;a;ysdm$nSW%mn3M2EX_k_4ag;T+ zb03*s9NADWo-0xGdy2gt0k~sXrnQ4_sdipK%-8T;CuxR%G938DS~HymOza10M5bv@8Ecfs3CmN7P^wjY z8TfbCz5V=i6Kne4k9qsGIDqW??e5!mC9nnSz$C%Rq!O? z{Xcf3|6F99R{(R=`JD9q6=k(jd;ZJRzcWl@U=@95ZT0-;4F6x35CJYRDL>%%w*x$X z5D$18ZGnRSl|=fF5&Uc~Jc`{u!~MTshyNY=|DBi4|4#V-Yl;6gv;SCEe_74{pBC3y z$Ba&sj#|C%QRRAU?5!uw^4HYVGF-|m#*CYeCe;3S&u$DCWer0 zKK#$O|MwGqj~;(^)G=L~x6cu+?B_Fov`Vwq2nNeehstdM@nwM!>?bG|%I!hR2Q%$rd zrG8pLr>6;%58Kd#6{Qwh$4$#T>rIuIodG1Qef8@-T`IX@1@X)GGYxZ8l8vz5+j)kr z+kPl2yk3J>4LO~pkgjm4exdF?8_bc2)$m|<{F4}MW`l3`jTX76g1r3D7Z(rbc^AtM z;vU5YW;@qzdn3V3DrMRJV-i|kjipLw7)wUWI{vqz1zZ&f%^ z?qHahtSb5-&D$5-ZP#E}(m9hN-BIPb8WUi?)%bY3xd42)#H@}!GC#0ON9wIqo3wK( z$UWgYt=VPHKUt7yIIXOAE4#XhP|<<j#8 zXQVhe(YQC$;RfJBa?l6n81A7N2-+TMAoL*lTSC|2P&>8}e|^d-$d2%v-k}Bof-Isf zovO@8awvI=Yq#`mra6vf&a{d_c7QTXb-lonvR}c-DnpU|+ z8LTH3b$DXKtMaYZ=*!w6Lf@%@#z>Yn{ja6+uI$E=LUruBDpQohN6rX%AZGqxR@kOs zIwx6s@-8on=!cB+XB6$8#dQvQ=O8O}iuHvy)LQ9`pl1g8(TSFX-R9TBCLX)YS72S~ z<_(0vRTrEZa_&s(4W4va&O68w-ALvux)T9f1PJQJD zRL3#)lvizjXS?-Q#qM(Vu}ZNMg~;A2Z^cgkWA!U(N-ZcmQ3JExyJXa;vrDUS+U4>G z?_&4M6>vON8mLN#V}D1TQsZk9Taj1GM$c__C>v)>7uga5y57cdBGICTX6P!bxa_oU zmivIDtEi9nfwe}VNlx_PIFc;|Q@AK)4yH1ah|r|j!ms;ou?)QIN={QR$7xGC1O=RN^F>?y17&(&m* z?U-w*jZ6rO+1T6|h3&@hvKzXJdn?4PFJ^r5omThM?p#D;X<9!QCahn=LZa6$$lF?m z`?RNFvQgbnX&_#7LQLfb3T96Z_wE?iIYc-tQ5^OLSXIIHDDfX>4a#HJNn6ZBSm>8R z#JJ85jXkpaM9SAy$e^#o2<}At#&eiicBBqZUGo!6psct_!SGO54cWYah5R+0tMg?K ztcIzHqN$!&EA?mpDGIw8(F$U;6pp?Tksfw5%u{>n$y@X$rS5d$G6_?nZTc?;y&ElN z^`5TixEB%aZxKGJ!ZzWlUhRP*kbZqGb#qb({$RDhcJg3kDBW}A6=XZguVEJu_BYQ> z9pw$>J1*WEtX>Ys+jS1kH-y*8Lk_l*Tnu;Ou5s(<>?WiLfq$oZpJ|9VkK6KYG@L9f z2Ft#vR{HVr@`Yy!W(Q2g^Bcv{nhm{(9nh0{RmIKmOC|4fS+v6{Z&~WhNv|sNdFd*X zk?T+INBY!s$n%Q%Dc|IetG@VTs(!jDlmzTp71!7QN#S#8H)FAfT|m#Xs1`!FqfWJ# z72_3PL(%E(|DqJwA%XFk00HV$wk^6jQ|zrt!9ZKYC0B4SiNy&UrtW}lvt(1n2i)v0 zgKmiXA#Y8=D)HFbW@UK)S(Vqa%(?ctdjA2s(|ND&;Z^044(GD-x7DLg9Q|vr zpoDapEQBGr+j^{E9(spI>iXHmj>K^fa5FI!d%erPdfuYS`s#DJVguEE`rqPyrS6RJ z9yTSsaf4E&Uw?MzcM17?SqaIxC>jPPP^mv1VNRJSybqoDstEk7*@*}GD-nkFF!}0U zZvG9~2RPue&I1M74pDjAM_m?~TP=!+n*hK3q#~KJLFAho@B_cZ<~ios;bgWgld+T- z23I);iOv19h8ispWW>IPaJez1TW^%6R>q_~9Ogq9*fn&3ufN?Kb%MT&-Q8=v%Oh-8 z*K_7gDAh+B>$tg-1e)Fe8rJ$=?ANh3uc*y`s#WaYJN>hMI5*LC2&dBGgs&H%VFe2@ z^_C%@N*>GLXN1Dut0#X6l%w&c8!wf=*F9<17>;|@wNZ!3G2mLsF2EBTCK3SYTuGeh;(2WpMDtduW&=)qGCP@B2L@vg98!q0!ofDs8aE5~-k{pW ziG0n&cLMG;RvEl1Nk*$ME8`%cUsP64HjU>#74`JfrB@Z&*0_Rv2I32K(Uf$qZ<5p? zA<0a>^*#HAL0w=T`4tfjPTh{Av8}hF24`xb1_yms&IMWo-I+a}t>dm8b#x8Mh+Y0C zv#s^;sl-1cCh}g`&={vWdpLEKUfAyjNpTG?8PTy*d8o^}cZU-uByNVw#T|ytN7~t$ z8LP+K%LEd$qxn{=71oruSaq&|Yut0|nxuK5oCZbcR^xUXtDf5)n zjFTSua(Xp7w;Lr=+!yc|hLN)VYdf2mlX#x4j*jwGd|s1G^^;R)l+!n}Ai6RASvm{F zqO3)5e=7Fv_;BspYj7*P=Gio&mLwFadyPiXMS`6NREZw1az3bh7&@wuDl2n-3@vnf z81Cj$N+|)iS@d#G<1l?GPTK3{IOUc6s3D_;s!qzJ$Xghz>PuFL0%v-Bw-Ar#=CT;* z_S$i8#5)_#lO5)jXB({5i8X%WXMnl*!=u@*=`B*b*eTkcdk<0OZ&AKopHTf2oH7b) zl_rd9d4mTSz02}S432ua5ieqLrWO}-PVgOOcF9wKUqM1J(}M>k!HZemAY_$}zs*F1 zbgR^hDeh0WsQ zLeA#GRd+H8&06)C$mWP*=Zqg zMXuIICDg)(o(P9%=#pe80~C)s{*6BfXzQ5<*W|%fxK3j4Wj=@AuV&m)vlNa7$(eBsY45C^%PrE-IXHj9fHUJ%@@ZLa5j?~|snnvZ$BH{Io zxee(4D0hqA@*3ZByFxDb8Jv%}%XrcJk-m>O#1D0hC-U{x*;-%|bzC(bD6~%US+%a! z`C21PaFda=FY}hR_}O^NrQTkvvTW1P4DOL^J}HpAn(I4%GSv9y6GT<5(S;Eu>KW}V zV$mQm{!03=3L|T+%Cxx(HBo2 zu@Q8PQD2xNSgvuz`}$rQ9&4ke|EbCWv$a?3!vD1KU?zC?y^_WG8NL`jnGNg0zt?Hx zl|J`f|BWv@e_yR%y{)=AzRA&O$e0|i_SJEnf1CJX%gK9in@C(LHf_4@r@`KcZWJdH z9BklF8}#b|=xcS{khqZ!#dEvq);MFs90As}ylS3irQ6f{4?g8Xj`Y@jBo@aJB-Fev z$cGI`kRwF}yVqH!Z@HPP5UhPVxHf?N7B- z4>9f?_qTSL+dWFvDaK4FHf*UU zNFsPqz^n-R>ptlAQ5;59l>JBDVt`7Zz|kj6dazS*RhzlUc?sdAFmHkWl3aham5hSe zPvsqTGv`}qYvFF&v}|2a^;dkiiV7fyUPj+IFPB`s?n%g)!c-Yl7Nq6Q>r0Orz(d|V zd7(T$b+B`frs_qGutE(D2c@9@s}8+K3p9X3bz}q}A+pD4R@YrULGT^PDc&UAa zyY#>(@2>(R)yCXCg^qcqrjSN_V56!v{zz(W2US%`rEh-pk+KcmaGrh6>4cYam%2U@ z8lhS2yH(6eQljdjom`@^46etBcpoaCFT6A_j}JPeNJeK((9(xsR4D^pP1#|Ak3=-TXpxa zvrXx%r1hO1na=pwg}T{qGPfQ7im$99^R_(}3wf>{Z93pt#IU#MW4}F4TtDn8G3V6h z(W{z1T=)6)1e7hO7z{0wjgXwoQA)LkSIstK8VI$f@Xj(!r->?Thl))Pp9+IPu-cna zN!c&AdVHVgH{j3M-P(jxg)uRtL3f9FpU5Omp9%{ZM%j)c~8 z4$9uA_PAj$&DV1x&0~8eEr5yhz;?HK?}Nl@vLQh{I7&e3<3_W0;9gp+Rc)oD#r|ja zKpQ=30JlyY^|EI-3*HT8sdAk0^t>NUoKa_IN;$?-bS;KY3%iV~|NO9+A58Vui{Lo! zh1-@I0vWQ$dQ}+`$H0vENHnbXUb;(mJagzb&GFte@}gn4e|!3EN*e1u&;0o-wp>wU zfK#fh%S6dI`p;u9YTqd>H7*qvNfcC`@+_NJT1TZN8>zc6(G~901!no(CCkFH`ec*n zoz&;93G?v>hwCk$I!g_Fw+;Dw|ix*x{J!(m%ZAW@SMGMbJv?}y3f%69o0i?wG(^?r^lr?d<|^v2)xWXsLDr^>XJeOKb+1*y z5@EUxb=7ngX1{@D)vGm$fo5T(D8HF{@@FjGqBhHL-GByIqHNq<(?;S@30)Encu|?k z^&ZWmy$>LOs5W4m`o$Xe);*2Lh=WIe#kIiYX)R)dHL^$x+_I52))K60 zz56ka#=!&pP<5Aay#9yPs$|T78>o+XJReRJG;<-ZwEKmXp?F@mCTmx(}GdF}v@ zA8&I?s&Gk!JP{nTcV5(Ui&3`yfD6}=YmAX6m_~?U^}zI-ZK~Dnx14xEE(C<@m6PK7 z!`=n86vQUa4d_O?kHV;XeF=S|X&&yKuT`phZntm|uG*${RkL#1A#+jzBf3H4ZaDP8 zlf?WjhWaVzmQ|`xM1(U=;J_+jZ@AIDSMD7CH0s?dw3=9vU4LWx+4f>FA(VljxpAgF z1=ilsm&PT}Zc*T(G2i4>EHM?{mOLE;Dj3oCOvlR8jpS)Aja-b@nw77LRCkg0v z-B|5oUs05m!>#isSk@omhg`?fs9WW%il{z9$(OAyLDi70C&w9*^2=hJYVQ_4svH`U zKpP3tI!XC+nPWInL$)_k4Dl3y0_*klkU`SwGhRDuhR?-8~{N99JeHl1xA zRWM6Jw+Z$U`#WoKL;Ecc+$G+K-__c`Mc9h={9`BhYH-pzhxwntMNgQrwsLX0rVM{gLWcOEL*>z#zM}YAFB+w zUvJhX?T&8no^?6fwuoN_xn{JOl~u=3Dn=NHrcriLGd38;^FzP=c2<5FQ}=wCJgGO0 zNv02ClS4`Daw-msuG}f2`YbH0!S>L=-?QYG<8dC$E)gG_HaN7}uh}Wv1(~n*aPgOk0#BA%jgVHxO>IzQ?+{oagwU zj4JirFRPQAi$6``KHn1#^n5lD$P>9NUma^vk^@qFK$vOs4}(DlJ7$ld&yrfCTT=I$ zSuj;jgoKr%Hb;lBG_Eet)1`yj(3{XMA6OOBNmQ4!J{zwQm{dVI?N9DA3R{vk#qhPX zZU2aykgmEpi<<3+b~8s4OD}%WNKmeP$)@BHwohVx_yY9v`o1xXwda!zd?qGl_jed1 zTVeC7843ZAq{+A6AZ}GD6c*qZgU4_7{D7>ybRQt&o!A{|Tsw$KhJ;{-Tv3XTOGloP z)lY;ZwJ@x``X>2qIh)CQ=uTmW0Fm6K`LftlVzv2FRczX3pn`jAinwMTh^pMzBI z^F`i6ai~G*Z}ZO;I)Hcf7XY zU`w`Km;I)(mNfv24`o4NpwvK6K@vwZaF6PF=&=8TN_jnl^Ql*)vf~h~A z7ztX3$cRo!{Tg*-qE6C{&wF$F{`9TX)@vb>nO8;-@Pq+wohRV?VzJcYpwEh`hae8KSd~ABxfC#CD-qX;s&6(>hgREgS#JbM zDws7rjiLXi7QhKg-%0U&FC)=lIQ!JBt6|y; z*wr>{9CZGXw`I$ZHZyoZ3e};D@Sbd(l4ff^K$X5CpBH%h#q6)-b@Fo+imSUVQIQYS zQ{J>CU+e^Cw|An!qSi8=)dh1*qX$h)VK!_Oq9ngPIn->QNv*l(>y4-m-0FZrRh5ND zV_SXfPtqxu|i5EUzd#G=HVkuPm+EOq0zHZ}L>3Pz|L&?!G3n5Y`uMpn~ke8Se zF4p6B(2{A+-ml>wFmHyIU+lIjEoL7$-m>O&JHKW6kQX4-_Ew|!L!e$H%;NN+j87e9 z`(3CiFL{M;;zD`Xg0aeN9#-S0u8&lv?~W+{BsX=6SbwKA@*3x^?rf$uFCe4uTw82u zxcfWCJvDkv$;n@*UT#OQ~X<@t2))mEJ~)^xdHQ@89rW9Vl_ zB2c~KTWY9!WBIOiL~OV%lGW1x<^%XOaL2CVmyscK?V(7ml zT4A{}I84Bii^^Tat^KniIvMLz zQ8iUj(ZN(FmAjz{Yygr^;8>WuaU<6EC{a00pwHKL4nuF(!H8t-Zn@H8_Mn*^s0jN- zt3JpL^2?y+5x%k;8xs_=P>-577QL?S#bbsVm;Iqc!J1T-b7WhOI^TJcV+40eZ{Cvw z1@C;XZyr$q<$B&%G}lNCiej1&W(1TpqbJ+@7vI0seQ^^y|3WhCvae~F zsjd{mKUDjxGu}4D@i#g)R<=v*E?k{oQazFB@L-VnUYzq|{hSS14-OSp{jXLryG$|L z3Eg)?-|x`Qx-exK$M*tmCoks*@qlbwXEH<^VXCal`47undw#cEW9E06OzLVvz&#zH zevsNj*&X{)(Z49?bI&4o;+vA+YXQPe-$Oo&kw6o}<8o#c6QXI1Z$lS5qTW`2cnWG0 z3)34V<<)u5H>S#ZagJ%}iC5Pzg9hmjLzR@6&@UuMLnBRTu`wjjp}eUfLV)S}A;|Lz z$+1sDFLZuAzWiRj{os=#8?Pl;Hn*%!-+kUE`DtCqAyq(+I`AE$*q{m;F_5#+PZT)?Cl z`e2^aGFyrS)b)H>7awh;x_k2cp~ya#nCyz!o#)lP!S6`8RM{o_4NC@ZtwS=n4ND)H zF?6|1tp;%3fF^oAZ=c#koIj-(bgQeJsLdnyI!*I%s=~fln=T)*ck3aCT5v@ab6C#r z(yNvdWd!+s1-&nc)&q`y32FVeMZABT1I!nJ{xZpvMK|7jlqo%KWx{ zuYszVCB92YN@u}H^30(24mp#52v_dyXk(|Bj&;Djg6 zg#r_7O#5k{96Q1LALQK{aH{T^EO6sNy>4DFWSn{<0&8&2B1Q~UN^ z=AZjRy)7@QKTvPv^$YUat3~wG-GCYo&c#vK#wX`+IP_S4MXfcsoE^G7O51SQq_ppx zD)Ol*lg=BF$0&{7eXV03sK|P#cEkUAf4uPZfOL$sfPi$)FffE5AuSz4NQ}fV zGz`r>e0{(1zQ5PI*8S_=weI_eYpFbkbIv}`v!A^``?Eh!Otuh=aYDm2tzwpZ=jk@J z)QQZGIICh8<+Op#j|tgiAZ{AAkOZ2P(yXPfq)-s2EA*cHz2Qm&MHS@*r^IDLHiza( z1DW%QJrpgb;d*DcFokdFrSI>RsECWzPw%;h_;}T$cD3CMmySa9xMoxhvy&uf`6q38 zH4MfUysAq{xSkXt_J8^c45iyvp#^7(ZZ9t;f%#WrCEv?JqdSs$5-~e9L~1Qz5=io| zTs>b6n=)dS7PAA{;~iQ2btEbj5_<*`TQ^!nAnQ+fPIW4Ft9W!9GQ)K4G(FT`$E}H~ z#PmR0S|&!0jZg}Aj6}y6RaN`x0NZq`A9wbOFmBJd@Y9@V9D5lr+tEqT7mkoSwLG|i z|5%!)eAVn>spCdJ?A7+Y9H%Q_)onxd zgDI86pr&g?!zkU;!m%blq@0k9nHjOaJ{KLb(@tqf%f+tZzME1V!s@cnqg+UL(i0rA zV?5JY(x4pI5dTRy7x!GqTjCEE#s;(FT<_fQ=okLsLFm%tr&OIX8#t#{DixDbuj;~v zlbUxT*=%`Xq_0zmymzXt-#u!BRBcVv!L<32LSY!^;O(P`5*Pd$+3X9Qderp^Tf;zS|pbJzyvJ9Si zcytgeef+`PXK%Cr)17*KFzS7o@lKM83l+m~q)sJ6nP|=9#^Xan^wMd`PmcGLj0S1t zW;&TCRa@Mr`29qqV&E!nN^?L@ z*{-mnF3mpo(}d)p9JIzr$3HZ}t9i0tFO09eDb=cA3b*GB0MJdSZ7c zGPe93-zGXe%!dYkTHrNB1ev#--ruQ_Zsv$B>*qT}+P=iqP_f#&_J*LH9{R0gHnyHT zmUSy}lQ5e7Fr6sMJXLsFZ#Q(X<>WZ;-PNm|y1qX?C-UQKNz5wuSVy2=iNd`CFXOnv zjwGwpksLF>Gb>*)>vihC!exlIckug%%3gTxHfqQ+a?%$nBQZ$BY%2|e5H~(iMQxdEKIMrgPI&~ zV0+qJ@gF5I*QrEZOvxgQWn#+Q%HEM-=(=@J3)9n20^eqR&n@i6%<(hS$=*wB6P>YDHm? z+JoFbR!zvmo3*!9q34gaXkq-Q>$Ox;TWG8m^jKoVY)B7AL*(j>_G_yK<^KLcB6E9+rji=yp9Ex{b6@cw*s76WOc8nYqi zfkB8F&(DtQY3vC}wX=q4!UGPONXI0TyD{f9+-V(L^fQ@ooc5a$1vt`)Z}m=2k13`V zG)HM+b*Z`YQ7jd9QDG!r9t@&|)B81IMm0-VRB@P2t|ZsyY?$6tOJ}STOK(FEh_aA9 ziGX4JWD67$BYexe?>20I=I$z+4R?H-xr|x1byCMWTK3eo?Bz$7i%j}D*fa*d#Eyl< zT6{1$T=F&;b@yS~bESnPzK`z_Q`8t498h2QY_i5GYHgnzT0nQdbH@OriF?gZW}^l@ z3o;}&DJSJI)@faFb}u%Vu}BwgvnWkXYsOBwgghNE!xmCu7~-AkHHP7Sn`?5jgzmVQ zKwIgtQoz-hnl9#wV%>^w{pk5_h>DFEsCeoxpX7e1>KH8gWSL|@FOPA`>ssqLXEfAu zE1ua)e6$;+@W$)TPd~rdRBqD~T@#LA-xc?Gy~s0%j}>__GOJF-_pCjHheFhzt~bpg zb(#jFB~3=yg5CI=5E9U~V06#KeH#CPd8_%WyLR$02WcGFn5c>XBFboH(+K}+;B?Rh zS2f*s@JUQr*gKaO-2WIswKdSLp`3_v2RFQ(^f`1JTmGc$)Nu-`r1L!*x;r@CF^CVP zU^6QabU3*ngg8Anuwdx5V!?0J;Ct7TscCL4t8Hw9IeqTUyOIsrcM$^4McVl^=H)(! zizb);U^J4;Uzjnb=WNRE4c9 zWDOsYW@hPg9On1=$oX`#LgW!kg>{kJ1zr1qPWpFpJbRz8p3%%JPaV5}(v;*KlJL}& z&GUoMj6F%Bab?z-O?BpL!nesT@r0|C4aF7lrqYu}h{Y5Y$0f>~IL0 z3yxK4nkQ;rwmb`Lz-m70LcYtEtQpF(c5z)&loX(?U%t59`jk{1U3(IuobXAz^cwai zd#;NB!zDEZK}Od;p5D(a`pv{3P_cxV)wKey>MQb$`WAwkNkRIUma1d&ZL_gTSfMT^ zx7^kbdJFVi(`=H&4+qZ`b8jlca;Kc?MkvMi_G-U~t&>C#ioOYSVMuZlyjKvT#KM#t zGb70{p#}#rEQBQF>Jr}<;L$j-btf4j3PCPq4@L|XFwAD=>zh^-p_ET&VvGZ+p4>kQ zSbadZf=UM1k0O2QzQw3h3FLdGETSt#H?N|QSPiv?xeabLLfCzR&~cggR|<)6#`$H> z_U4I|bErl}uYnKPDM~}DKro|?+(aCJ`MIDQYNyo5<#KwNrw^!f`r84uw~G5LV{BZvXthqZB6kFi7+lmog3%E0O7x+F?6Y>WLrKi2gm0ic zFTZaSgV1jCdBZsM!YGnlgvg2lA zjtz~ps09NLc!+<@rS>@<4_i5_Bhw=W)ZQkxTQQ5Dk=%2AD!K5*R!#_xn}U`Twalbe zo^}n>i7wz2wFih*+hDUAACqAAKRCP3${26bUfu)<2i$(qETTzvW>pcQ1{i zu(~5l{Oh!y`4C1XPwlw9oM3KqR6_gK!cF|So#Pr0)9PCw2NzjAay12#4Kjlxp&cO` ze^Vg9ls4d7i8au)doqH!&-B?OSnh*nZT+jf0QvZWbm?ll3Q|%G+;d@#OmTz4-06vA z2+OLQiEEe~g|`Hak@X}U)Qu&i$7ogj03aoMBRpD&<5)Uz{!01@FfIMk`f>A?x}Uja zQ-@ZiVSU42Q%Oig7%hZn2s*h9OfKt8$QM5j>;#x_Ke(~2fdYQ?(PE_I`PHA4HgnWw znW3di`f7#zi~)kXTXePSpA|ulhV4~P*XCa}n(}El(+&|yq$e=0gr)`<(S;3_Io&5x zpXXrJw|QY$9dsBv9`&75oc?_l7ct&lqP+M8O|Y`?2aw7ly(cPqjts&^}d#CSF3 z${&U`@DM7fPTIo54OWmL5MXBoy3A}&K%B>!rP@UAioZNGZA1PDSyWbdB z>ti(KB8?sjX{=%X=5_p_O$|>6jJs@8>&D^B49F#S*`_pK z*k#DXlqKZ|-_i;hf4x`Hmg-Tu*M_4G`lslfw1|x-_+(P9(1P&Kw{PzZYU$VmC3HG4 z48Yzc$2d}%8&-2Yp;^nG~vG3SI)1UTkF;#iJmJBzDYCFg{(z2Mxwgbd7D=E1J2m? z{w9+2er1D?i zB4|~&&t*Zfre2cv^N6UBa3|$c(+2o_UG2T2wC(w->r>nmYlh+8d(rQ5_JwoN$M5-sZ35esYVdu4(9MnRV1(g}6B-@^X^z(hs zC@`Ujksbc82Bzq0AN%E94w8mf?WD9ASCFk9AzE%cdrO^3MJ`SKu7knCa#r#2P2DCf zXFuR|s_(EtmudF;_h&1H=EZ zWPA2`T4~mB;P$&PyA0oaWiWHJCLWr&is7Abcw2jcaUE-z#kV7&z|?CG^}wb%p(Bcp zM7L17Pf?JFp1YpGmySM*XhaqrJ*@0%C<)dL9kMLObDUzbIVsp~V#Q@lF z;8+wA-8iY$hVnwyx|whCsJ}^4Pn)UluMw+hKz;bUi|{IYFyN!Ra^eWKHWF;xL9vFN zFue%uoY>{m7qj86!jspqWC@1@Fj0Nl8YYVR+gvs(p6xOa}o*yo-)N082 z7$DEf6xp$Gxz6NkP=f>81ohM_^Uee}32Q2$gY_v*6l7|$I~QQQM2c>tSnF2RvSGm0 zWrx8Z0y+?2-LX7od_}%SdE4^4Ympm;vop89E+|$_T0RdV#yfGfR848Rl`Bw??DYE( z`|PvOv2h#Fbo|jy^Xe-Du%oJqDCClXh8{v`WzAxu=);IKJU@yxi9EKd(JVE)6F}#z z7JljqMm{?g{aQr8ni%l?F!f3j?Zj-3pq7BLkVxF(c?P?z`t8yD1QsdX^STV|WVKrI%OO9x(Y&oquT_7`cttU@>3|NULFpdOipUq^5g@p zVSLE`)dg9KSwBVqLK{NPzgvZ1B2ACT*XZ+Qo(g8@Tx_d=Q{9n39e5k}U+4S;#xzG8 zO}J`@+;ob)=?UKg#ULpaXp=}~OU5ABPsW6<#qHS5#e1ZYM2&5nuph8wh7!hP+-#kXOxt_mNust`M^#lI7xSFM07K`gL^aTvRgS%EUfI> z4Xc{kRdLc&w`tfC<~6}LYJ_d#J0j}kVCBHJ?`~89dNc(DEw(9DhY|K2^#p|z*I+h! zoVKpQ2jL;(t01Oj#nq|FKA#R(`(Tz?Pv~yl){pSu56GcOAx_r;nA?=!s2l%U`w~CI zZ_|15n5rpzmSZ`|y*<)y#mLr(b}4&2q{mcOt$yx;so;#NPy8Y@dv1S}PL0eod*=Y$ zzlJDI+>;lI&*ch%9dJ+!LxZ{v$}}rsUwkA64o<2xW;Euz^R!z?>&~h)RmWk5V%2rI zR?|uMo#PKv`@_gWHn?`QMv8iJ>E9e)IC(~Y30Rxtue1$>ugbg{ird}aq8d*aD$wap z()09((?=Snr4FQejFmQOG8vP<{nZa<_lRKo+(UoaH%ZOeNNqq=^=-IGWV;Xxs{|7n z3&R^$WJB$>xe#~N9UYRAq_m<@M*(nFo~epM9p!VeO_Ct7YU_Yat597T{eHCKlURN^ zK#IRWvN5pdP-aS=G}A29>ygu3^tVAfqo_tY==*o@+f}Yp;Thf6`MS$Ok=XOq6FJmg zyNL_~A^d`!A>`btBepIJ25cp1>N(o4F$Vj(5AtlPkvU2V8-x}U$YJ)17t5j1q^XhP zQWEb2L_=cQNp~grSk_-CHjMBbc|oRHd+f#@Y2mQC(IdKS3oq_bF*^^vjOmya?Flcd zCA+B1SktGjT9gd==BdI{54A^1y$Jd&lWVJPIyD#qz29TyEmnP8Z0pzGZ$6dGn(HOS zbq4NItO_ZnROx*1O+wEpYZytyO4>p5E^nyeztihWz3B6xuD(;Shw#+l9@`kq4fvw4 z`h--$&92WhyefHQZF6dHW6@W)LB9u&uU*Z3T!K=FWMN$i7bvYr&;AJB@yeJ3xXSwD zhc--ygbS^9?j^$x*}mK^54D-l!4_mPE5n7Mt_$+M2U<~ha>D!rj-dvvYs;c>?}@N- zw7~a{;m_H=`d7c;ybOJ!W8$3DC2jGhQQjU~HMK#E6Dfbom7`Xu^scRLFJzL-mNd#^ za@~OB1L<)LA=2}U?Q;1>hZO3mou^|H@GBW}qi!Dg^{6S%oDUt}{z&U%d{ZRtahf>Ernqgwg>QYTg-JE+ABahpCZM}a+X!@fw z)BlL{k#$pcc|L1IPRt7#*O$V4jEpKNRRDQ@Z^<_)4Ii+(uaNz+buXG9?tvDU@of#m|U;$LuJp z{%H1+B8Aq2#F3nyju=-N*}^zSt58e8L;QXiWr5^)1mIBC6Tfhv!Nv_97L=l88&@ z^{xySXuL|xt`>~a*VHW3Zy6aHTt{fI>If}VD?W(UmteOTI(40qjKdf*IiPD9WYAHl zlwXf}Bk@U_CKA97h+v#We|`FY>(2!;b|^j2uyw`C?!tfm;LjdjauD#gO&EFXpa1bk zn*YoF{>u1i0j}Q9^LLZ~^9O&836uwTM~?gbf`6@-fAt6dc}3I}U`0V+w=(_q9y4ci zSiioK_;-&v?+>I`v>(d|e|L|U|1-s(=Kh~4{$9BMn-%|`oE7$uiztjZ&WEZeVBiZj?l;!^q?SVfAKVv!DN8~Oi+5b^;{mUc$QA_gy00QX0k+c&HIy8&`%T;>@6oaDdm`sY6U%b7h=0-SW%fR$6> z?*=fQbzihU8&Ldf-u}Cw0y#6_KU=ITpKAVQKpdc72+KD6xWx1u_ZUhBc==f#-Fs}m z86Zap3{d6z?n?HX&(RVBIAEu{91(wS+5i5%vIEWlusc>Yg#X=#`_G=yQ=f)Ywq5(p z09A=I{_1s}$v^O^|8vkYr?d9p6sa)Nv!;=MH_`v5!#}>p|E9zLAE(16w2-qwu6K&QFlFri0U=c0)=N&?2`Tt}NrV(eC9NGmEuziz)gbY@SqiI%COa+RCoCJz`?p zkMxJzRKwx+LlZzFeY71}!|Ilb5qhy~4wswmR{;U*z9S z4jQa`hBgG+=!p8!iS$VM>=zliuk;1yh;X(>B)_8b6>iEwxft(ox{odighQB(Ctm(_3eSI`#8;JX|>h@)|=1Nwsdlmj60f}6_lK{#uk&A4wj{22>0 z#|#>jx0COwHz2@j*(T%Ne#b6lHxdOqM+6GYO$*4YE$euFB7CY|MTe(Ud=VU0@HGnO z^99Ne2o={CcKd;{+$+dlzfymis*107hr{D7P7i>leF(Z_uE-*hqfojoslJJl+QCjQ zp3PK|HKAg6s9>~}IvZ`e%cpbkpH36-=dQ%t0JVcis2aCzl~TCL3_DzTvlK~z5WOk;)VjNck! z5ba5C_}(g{Tx;Y@gB!8-tD1C;r%KBNb3kaba*x&|m}wOe;S+C_7es_~gALp(0aK0c zZN#ofFT4=whpKl7u8lPo*KJ-vdv6t9uu?CS8wO4}u4EUtT`D)j?D`mfahufuJg^dAc@&fDjihmO+sKjbSxGk&30!_&x0>Xfy z&6ZfBt2d@hrG+YuQ!Bwzft{tNEvJR$w|XvaA71hsTXy5Tiy9p3H(aUA(m+3e^Lvle zs9gPf1-{Hb3k>sTl%~dd4tF-xGL!{2ZVSzfevQ=%Ejr$Z^+9H>b?Ua$Jobof2Wnmv z{yZpA@du9AUS*AH7LoAW()mdDxN(uPxFJfU5q8^a~1I=(3B)dt2T^~03A-JCE5 zgfis1(NoTr^9u$uVfF_NoweVS3)6;=_XbKJn|G)VW(z<@aO^or409mQC)l#HWOzfCrVq^q2%Ri!$& zzTmT%@DRInG{(HbSzHPJrVbnGGOZBq#6(sJO`*><)9p z%PA#a(Q9uxag%pk$iS`zdSB1_ZfCv91L^hCMhpE#YV=U-8k7R(U4HCYLxx8h_I3`7 zY&j28-mxcdT>5A58syk6`wHNUI3V|FsRdVP&<@jeE5L!;J83Rgc9tz*`i>TInTglz z+$WApBbixBzGxYF3-_g&uIc{d~H03 z8k0%_!1xyaM(t2HqI}-(w1`Trb*gqXNC-T-j`vaM$fd1g>$3;2c;gEo(SEnQ@FY zJh_3ZtpG}gBfd6xGk#u!4OTTB!5J<)7o4&wE}yRLpoC<#e^_Z!5FYF`8l?OW|I@Ds z1mdod4QoDUjAauQZ^;mG_en@mk<*1y0V+coT<8rfwL0N$1u1nZv%TeG``7bku z^XEf&4347P(swY*qRv_pKNOgOMyDY~(I>Gn0ypmNy^<8G*-MMdp;7**(0rgM72)I+oJ70lUy>U2|e@jPzq;p>Q8@w&M znI`1TP=N;A`1xf|l5ezE@Z9Ei8V*9Yics>1m@Y1g(Rmh@NZGL;3$%!!8_WBcir$8P z%fy5z7IE$pN{WKePIadpUJ95(HPc-7^=avCp-CzO_o2XHxcqLgjAGkxrCp+lUMqKS zE-C0MG!ti!+K|ImdL38?EZ4(#Yusb_ z&)OP5d+Z+*<$d5Vi&U_+NfzAdos$=uEdwx0Hi9)@6 zldft)bAxkdy^Ei=zumwE_5v+6wfjW1S3WPZ*yqez=2W~0qtqKovo)AA&$x@a&_>i3cvGmF{zngGJ;usBKxj>*Ji@t<_k7s6cZfvV)3zcQZO(on#<&N4rI%OPQfZTtlF~0iY;o+wV{lqVkf|>3e&J;&l z?a+Rw5ND09zQ=IUF@L<+sv})4mu`-kRMK$K)5xzz?rM2#amwT+M+@=aX+pd1(~jxvG1@xO?j+P7Z9rd|u{{r*pSfMK@GYVBJ8b7~dRHP#X|Qx22Tw zCD`PorA!h(?N@eN`$a;DYd&eJzNt9qS|(4t)5n~C`27l}@YbsY230_>&h?C1cIg>C ztNt*DUTcJXjA65vd4~dZgGb`@7CDtmx$k~?NY>MRK>4l@(0arZp$m_}O5{?MHgRJU zJr1e0wbS3|RuTyZR$hC;SKO$kxkk_1d*UDS*By@L?5yMwqXUO@M7b$Iuwq?syrBoW z?R%|TnZIWIX0fCp{E4DLg6v?;X&NifcUD@TG3NiIF#z2%X?V8sjA)T1&2G`rA zdxDFv?R{(9F&z|NmzymC{wHuIC1RjQH(6$JscjXJz@gfvPZTb@821BMwW1JAHrCWN z$mKq({#gT$D~Qvuwpq~4)$lWa5nkd2^19?1SLoWCXX?lSoWD9?d9`Sk7g*pcVJ<;mrOzD=8W9GQ-ptzF=6;LwmrmnTWTEBS zYqx9H2E3-y(_KfQ&GjjrW+|K{9o5LoG(YL;@`|2Cx=DE5!MI+J+SUm>wh4yRGQ3%! z?z@}F9B4Bp%BE4c7+7p~DVhS1x|2%kL3{|6kHbd$kRXzHN0_)fhF|MBIhL%7?km); z9LX00f{)(Tf2x~EI?24LP)ttP-FsfeJSnt%V|J=+=1Qie$S^Fa*w(Y?t!6+yqEN4zu0C(PaE|lSQeiqlMy` z?CfT&`m7Na+2RgpQhfPJK12^agtn(i`tfhT-xv_OT0B=h&;&;N&csw+ca+uT8@GB$ zhkbd$e9!_2x3AE6)+!IXM3OZ?oE~ToW?srve>==dXzw#jC?&U5QCUKi#TNL#l=Fc-r~NT3J$i!URncUgx|zP_X$1zc*i^`o|fZ+ zk_P_3>mD;>!NNetoSlcxc_0>e3mDxSg2&-Lw~p0~XLXY#@k~Y>t#~!C0#`8z&gqk; zP9)7Lv7VUuG0TbmY;H%UK3!(^I*MdD6Pw$GRz+->bgCoOXVY^)=c86K493S<^!U4m zDcSxBTiyhWe3>+Rk6UeKv&#ikQBuF(7;Dr2bpNf?hh>hk1ss1`uLN)Emz<^Q;BAq< zgc5CI>3fius>llp-MU}xdKkuD7RTnCsNQ{lPQyazf(8YIqQ0vLG&{cA#yaCXR*uPW(PSbS zIDe`~?ZR7m=k)!x)P*#+@*R=wFOu=DO_(m73fwzWCH%st@}kZyQb1`l0#Mrgcvts-TCkX(1fD27D`qf<&1tN8U-LL?VBfX#QJ;zUjaQDKNX>?n0 zv;VVhNlyeo(Ckm;7GMei@{C&1&*G`QfDpOjoq_mOHEJh+C9K4e0%M4ZU3<~;@bGfL zozdBbGg0Zd;ZaqrBV46THlT~?&BZ0 zMnrXT>mz`dp1%U<8}WyvZRFut!_bxw8!ERr>xWB*UELMEND`Eg>Zwskna-+d?|7k} z+(}>N{dozPk?^yECucDcl&Li1DvZke5H$(JQ|}Km=EctB?*Of?CJaXGeHqq|*3vvR z__Xjj9xf+4Yi{99ul^4p{L#kQ=5%y(VWLqXp!4%PhK*bahAmfD68V%@L#KmVNBKlO z0^M*too08P?oHp;u*GQuX% zPnes6HH{TLoIgIx7DbIC2~d+lm62M?-pWk+C&zd>bnan>uP0=p^GVrEO(0%$ZxGaQ zU~zh;_y8zB*w#5@E=&NpOBn}3o6RbJHcMI9GE!u}HgaTtFw1@4Oa+_Nx$D%(I5Gyn zN9(gorS~uTe17|q1<9$O{0vcB+^#lc^`lQ;4d&V)K zz%!h0?&39nqDPt*w*iSGkZyOp%lFyxZMt51i%6=YfcvU9)~hQI;kv|SJ6KvTvNLLs z^EA=PYk$ZXf=wkk7|Km|PNDJI&d|x9XVA~z{M4?7`!LsA8Gm{dJ4*R4F*5m=gD?G2+i!Y$_?Sjsmv()5E@dSCfHk zQe)Ir?XcdGSxs2!`ajd_CBS>-WU0w@09)a&z|S!!*9ontrJEap`ozfXJU9Yb4b(am z>=lKk^EwQVa#}tpmA$v@vL`G0a|VGM_h@9Rskp;!dHD1#fCk~!S};3^wpEnHMy6V; zO-OoZaGs<@q^M&ue3EHvsj=@EQ>p*G9U7yUG4kZoTnynz%E7IU=N5bGA{w=QFN@FO z`>N?a@HOvgz8C z&3faG;Dmh*PSnT<*NLh+?m>HA1)S(Jz!aYH&bJD@Oq-CE0BF!2C<`CI z5jh&=4p9WQ=tpN;^rrZ$=Qlwl2Yb}if^G>c1^ZPZf|$|d)aiq+`oxBB#LiQRfWjY( ziddp!bw8tYGQuwKM!IO*>XFZzaHHBTKBtDxGr^>@{NO>RIGeM&p6A{O zM3i}Ea~DOsxp6t(`k;Fxt)1zl`Bt%E-MHtyiC#+3(ZIp(lKBGh(-y6E^;fa@)Y^43 zej~r?GZ4d9;3)d>8G$^pcGYb2T493*4It-j?6S~Zb&2R?8%x2aG7v{1T8aWFhynDG1)6uAix|!I>*+;5n0+vw~??kahN?an{dVOk`f|e!$0c z?Ew+cMWLaB*kmiIW}GSdtgsEY87>X<1C?73SSE4#b}|sKRz7nT^Z*pn5MIEvz)f9A zTW`v(XN!KB-9Z7Ks=aiuTmK-!A5n8PdX^aQ4Gb(QGCJ0gUZ?5Oc=lG9907(t{r z;7Io$yu96%P5ekOP-y6Ugi~T$r$bFhI#cn|to!O`^#y#uYCK5Rs#(4wYp(N?)@~t8#KuE=(Bi=IOF6=}0N;es^ zA`qWfIfr=CI;(x5&J#%)3U7x{{Z~i>Ne!Of??R`2|q5m)kAY6O^&m ziw@zn3_ZG*1&nzTk70l=K1ijwJ>p6IYI)dY?UFQuxdO6juY2AK5_^Z675rpaHI7eY zAb2;B)heh>GS-50D@EDBft#2j>j9|~?Xz^DXdl>0!P|4n4ddLs4JHqzeK0+#JCWZ6 zNrvX_0kXz?yThUA55c{1i&sCc1{rWPlx|^h6jx9 zKU3N64Oaadruau50{r#kRlu)No_B=+8_<8b0RZ!SI@7>TBgy{Hd;f_5J-c;ADY&q> zLi&F^-oJ*(CQ_crq-SfaL9=z@W z{q{Y#fv+{Nl|lYHLp{0x+~UQ#RD<8X=Mo{X3oSfn`5RODcSHSeLi{V^_}_&1HOc-r zA^smu2swqN=EN;I1*65Q|8 zf8Puz4RwdFUGn7)pPsySy&Xi{UqJsrC*U5Gr%)<@xi*w>@DGD=BF;#F33K3=9tL9 zA7k?$CkFodXOzMP0$95%e;(0)JuLEn7yqZ#{{LaHXC{Q+4ZgA7)i!nHJuWH2j;i6! zH6F#3{&v@d@tqFkmealh4JJC)sz6>MeR$};fIq-fyIlTtE?X1fP5mG>05r0ePv~ft zRcji4>{sutS|Oz&P^QGeqRYd$!gmsw%m+@8PWK$+0J1pgPueyrr#5(~lWvXo7LMdj zLT_r-vmC{A#%kw<7;KF}nz2vgn@jVdognAV-QwX#&X z)LE96U%vWbHCFAOeuN)9aCRx`X!AbatE1hjdPgLAcG{tg>iIXF40UCR8n!FQkj-Xp z5pF#iZNm(2f&I3kkxm`3?&X9)-$j1M(%KD8x~jcmKUY{mjUj1Gi1(9Spk=n&@J<4q zz4(Sn9+yS)v#P|?Bx&L$wrqLWd*or5h!M;4}8+UuS>bN^MFv80qID2C?@Pq^iJSVZcwa}pUvE#U z@%jgs%9{TB5gf^Rlp!R89Hjop@l&dhd;8I)FtgPXBJ;ytT#TOH^IhZu-;%de?iaoj z5}1)s*e6bd8A^>3%@?A}hdF-m!y|MiQf7!mJ=$*GLy~7< z@(q{M|2Ud5LIe2araL{32GSC*e{9M;a=!lSt~cqCUB&^~$M4by=t=w}~&{fKi;gX~jr1I9;#A8`^59&R*!Ie96$6$Xc4Iy)m+FRiwo z%630zc~D-Os!VZ_p-Rn2;Y#bkwgX-Fg1MhPY{3nJ+bH1wcA2I;*RYISpiY4hn(52o zo~FV!+SQG;}y*b)LC)FM{Ha8R3{4b999&q`+}%buUnbe0JjQd-zhaE zHY$_KaTtAI3t5ShYEi?Gr`|Zq(bf1AB&glq;WD?zYTw)c-Mj!J@3!|MJ-s84s3U%e zl|Ur+4r?Y+`9T-7?QxsGC+DvDyk=6E1U~|LZ;tyg;t{&3>KY#kH~{!;3;& z=l^x+rwJuJ@_i!ciF=ovD2C2yA6R8ZNV;Dm_zh(HC zH=N9s477~A>*hKcoWpkt;LrsB$HYmzbRV@%@`lP=#GtiUca7=me$BCUzxH!MwmHob z*zT3L1sbX7_6_3;36~!-xA)#XneZ}kgJR;I&k3E>yHvR*ZfAMBJ$~1fWjrk^l5@#f zGs)^IZ>A!*dsijcPc}Tms2Ve4C_3_L&D*FHZ*+skA@xB1)j+MF((bCyl?dB(=_)YD zlFpBQdz;Tw=_0DllGD-HAUv*#%X|N>gT{}^3+*$OX%DD(#!C);A+M@W-v$P)rD++@*7~%DS4~)a~kn8t!e;K}Y;6oJfm-{Uj+sgCrs%R{`<2ob_dX}OL07Rk;n9cz z-!1n0Z2DQ(0e{U`6)?%h)`)TApM2QRbE?>b^GFchU-a=8oQ5oX<#O5O zG>JW&@LK4$-)F0vjuuZRhB1X>JCjT5ZjbU+kPyHU+e`1A%^mvOs{uq3>5R$JMgc`Fig;DOtaYPv%!0jFtb;iX_yWXVH=kNCX`S# z<2AOM2>9!v;wtU>+RbGa=4#uq3cqykdXu7wC*X)=Hxd2OB^=#>ef@&Mhvg<~Ti(MT zvb@rSZ%UAQyD+fMD}jk3E&8NHtZ;U&Bx?eKugJ3oV$xHmRa zUW{MZC9y=Dl`CI}Ty#VG_?C-vRI5+o_Nnvma>xx`_#wvN`~I{S@tX5o z%a~H=;(soWb8V5_I4ZPVdz}#erg%hGAZ@qBo$EO&TWg>gX-!piqY!@uR?%yVYs&m0 zcl=#TZ^ob?Baeb85#frvImkG%tiDvSQNCG1vsnpY@yk3RwAb@$XGdPQySX`&u8XG{ z`qES#GTt;)W9!u-QSQ=^^t0YKe{!pcsJ=lPzvE@u<(4sd`NrCcE{T?10>lO0Z`56^ zD&(hA>XtlsN3@SaP_@y#a0lt#udr{n#7eb(Lo_SolnZmXlRUruBzCf#lgDiBa|P0i zvERiMz4x|rQp^1s!OYYN7RADY{0eYAr~5 z9V~nN0Dkh$LI0JnLAYFhZc9cxi|KxyXB&p*PlrtfIP6JaH{8Ag>lHgLjbm|nL@-fQ z1ft|HeBknv!_ibvmufv0I~0A2-GBdyoMmPCa2Ms1tvoHRT4ZCskDS&MzYGLn1war6 znk+#{*suD!eXse>S#}wg(H63u`hzQm82iUbzY&OMRyUnbBe(S3^|7>*MtYJ#*vt2T zPdM2aNhdr7pY;;g;}BIXv3R+|;c;X?xn`dj&Tqv*R7cA4x?Iy{c)UCc@kJlHG$wus zJ=7yYNM$iqmkfi^H4b_kS73*z)P;n7BTDSkRNi1845bdeMWeP=wbktPk-OWOau}XP zk-_YzfUCNFqoQZ%ap#-wFzWQrMRX)bD#JoBw~{K#(&4*<65Zd+ebx+R_pRRBI@uV! zPsVy=1hWmx4YX$RVAtS`HprNQX_=}$nM<&;;jieDx~aEi#;g9}z14cC@DU}B2SdCm zyKp-7^AEF()%zg-B331~>yfSBhF|Xamoy4kB|OuB zqlSLhbbIE`m2cw(#xnzqQxd)lzZ$w#iVjBWRucqE*LX>HWm`~9q4nWMQZfxuIZ%@QTayRk|yDfD+PPy&8vEw{4h%P1!iR`V6VYz%9^7# z3{k)!mCR#GBYr28h}tHh4TZSZzk!ZpG4HFF*t0Lij&4pa%C6KjdOvwlEjq*HM2>#W zQ-J^uRqI+QuDd$~EMk@!G6hS^}MIVr8Rf2^G;CRM>vFhkgVD`xKWGx&a3 ze6R<=37sNUzxYmXj1dD9V-BR95>UQtfwnl8i82Ddu9Lk)-lNoCh+CL`C*0)pj;kw! ze;-C@tK@&sp%Y+}=Ua^V(Bsc8F2cWXPFw!{?`DG}dm-p|7PX7nn;a@LKWhAK5Q4ed{ zntFtUMi%cHxx}E+n6~Xc3Mfp)Sz%CQu^m|i8zSRnnE1NwHQnrb?r4Fw#V zhRK&#{mv(4??8YIK{kU)!PDcxOm%#LW|; zUM2=QPJU!3Csg4(%I#CBR=`APFsQ^rO-fV{;)~@_cWL&qw#Ofs)xzvPr+E6QNv9|I zeU3Ni3PQAq$@Uf>;JNFhW zzCMHj=hfs=izpp^NSy$Bl!lvqbQrjUFd6<@JiSMH-#hH#9P=kRykwM?^U&z9Fccdu zj}#_-s&a}C>S3!R8B?Y+35!<(-Je-a)|bu!j^?Xty|A0c$U5K%eCmW^mEIu){`$JHy3QMaDPA zh=)PhUw#AiGpsie`8}`g=_^QaQuJG*3Uqh|D`^d=Ng7$mu}Ki787_lJ}_#w3WvdcVOwRTV!Y25V9D ze_(RPo+s{K4r)ckK)Rjq(?m{TQ16(x+69g#+x?_7&#kSRM^YX8-A~x01FsHb^lOl0 znjlKK&acNgr|E*OSr4C!1$n!6ntotiouHX_8Pk;C!!lU;$Aazb&$PuRAPiTG5m*V` zt93bHNIVe zlmISfI(plzCs~jby~yHsn3_7=w(uEMfXbhQYdFxeKP?+5lX`tfA3NYy7sl`25eTQ5 zlWQ1URqS<+sygEqO{OFEp7^^!|Kq%5Z{Jv7iBgA;TeR**`L*$xT5Gpoj)%*@vtTP<%yNI=H%@DwbxK!m=xD#XJxBAF4!wM{*Z6FrLoo>9+7UrYv` z5FqGa&Q86UcoH@pQzS=LbMcWBlb4oTR<0E&`l+&So@03?iR3(Gw8W=5_0z-6sh;{g z!p@93lo2YY=b^upZOMgGRs$NUH8j>1At)9GYD=7V4L;4u(H3DKcQ|(U!F7yI&yA-Q zm+==b!Ij1+NX7^%>zc1Lo#??D94B8NfF7Oj%}za^z@LI=KkJ2TE~ACF(QiBCs>ftur50mFMe-|MfU7`3x(S-+Spoc9 z)Au)C{vnaWIzJ#)fqZ)I5A-c$CMD}vP;%B(S`FVw6im`Jh{Fmw;NE~#qTO)cxr138 zCFi<6C91&^;By zqOR1(#l5WA4;6t?=?(y;+%hahR`j9v-Rfnw2&|TW(YKZ*e4kIh|CkTpF-IY`!Fk4( z4hG&Xl+lkGTTOD+mtLzqk&OQ=Sb%EgvSMcT-Arx1|Qnxg=i48izl9na%&_#@oz|25hRzVe&ar{Llcs< zh5j~yzc4l(Rn_;FEEYrW{_Zc!CCcAk=_l}Qg7WxkT)(g2Uu*gOm8?HNZu-eBqCb}S z=NmpM0N6?{CZYd8UA=4o()Mw$a^g=T{&}m25`cZs;G)!@tM$_$H>?5s`h)2!jl!RY z1)eqdAV7R81mm0jKAAtEuj)?%?e_*WMe*m^{V2(+IN5qf8ettq9Q2=|pdd4b&{~3B+a6jM$Px9^H|FS0k zH}%h}37Fvjrv7g~{9o+q{wIWZ#Z0Z=M&MoZ|2+cW+(&`HDXC#@=XKIMu4U$S=AV)I zuibQEnXZ}?@;*rX!_QYPgZY3C@#(9iH;QYa!Wq9`GX0qeWB3fz1(Qh#kMD~rJlTwlk)#=MJxbM*@F5yGVU z_gWm25#!q5=~x&T{$?21zuo}@-&cR1fX`K)f4;H9KVaYicej9#Uoz&eoWS#Btlv4W zktSdJeT{Plyod2ZN$mA&;9JSi-pI%rVrt`{da>vZB;eahYCteBZa=#EV7^v-xDC`b zYNo92pe`%JXJ})^rvKK)z=+M+%J!-p3;}08;L^&-L7&dq%F-Ib=PdZ(?>G2>>#Jn; z2XueG;$R{8KwVazPRz#Mh>nZxDcjQrLIiYlbOQEojrkN`ivP+E+zCD~b#SodV`q1A za$<7=vDw(0uygS8^0GgD#{TRXEAR#@#Kqb{->K4#J_NyoC9Bfb7|1BHHDsYv`CvWC#WU2Ae z%nBGYpbjApPS7)fzcc)gM}MkB%c}k-D>u(`^qgo<{_isMy< zhrcokuwQi@Z7BX3=f6{dffgbVVE=d0ga|AW5@#KFWS6~XxZPx6BZAJ)rf5sdFJu&&d2|N0k-f%)#k@0-7qJ8#p8Jd6u^ z_vfAKbRyo#ME_<19*C6STqo_!Or=9BY4Z`O2b1`;ZlW5sgTY!MvvUXqc7R245y9^U zh+y~((G_txhxNTmP%9wFmJ zDB^9K_OU(X!JppRa^pm|IB=uJx&QNGlh}~8Lotss+URXoh!`}&IEzu8yt;`#lA*VZ z&_-6I=_Z}X4^s3Lx^XP*fVWBtq-c%AzD`<(eoHD@fr0s8T$%jkzjFl478bS@`Ym=i ztBAKG7X{AEKQk%fjq!pC?H0r5Eg>mgxa_MJXe}lMnuPnm(j=eSTXYXn4WBbVQH%=l zI&50k^hCxpoAf2q>DdtR+RBhDeb4tfrQdh#tm~sVao$oG{vQ4!%fP_#NVF`mGfJu0 zcp;IW7&-GE!qPat`94AaL~Tx>Yjq<>m|o7JGZ50Xw2|U}UTPldGSh8YIwunmsvXRM zGLceI^E?fGBby{7;j;Tv(f^>pk&Ri3?6Hh0Uzh{Zbei@Ce>yx1oac&SjumjJL5?=c zrAb`U$;rt@vMGs%(3mGv^NT)*Ea?$^r%FE9pc!d;(dx*-r>RSmh#bl(sIVa!iFKq> zt~PMtv{YwTIo7Fh*U+h?`Qd%bC9<_FDI;^Ehu>4&Ca$7UEcd|G_WzNLJh@}gOz*Fvit-?EpDs_=%8O=Bsq!-%_Aqp-W^t7py~9@9VE?^Gt$ zCV%^u;$0Z_fkq(H{af$J6JeJ=cdycHuV(F&@o4I&sItz4R}>&4Nfq7r8~-fe&BwNC zSZz_KVSEYR81QjTuai2cgpRT_oP#lmqn>8GPR+yDKF3Bfx`91G59irY_CSriU?jIc zxTDQfv(2nGUtQ9o2ihNt!I3HR$==xo8CY;S{D`i$CR*g#wuoPjaQ(BGzO6(5FqYCN zf11t&l~!VLzJ!)Kq3KO%0?e(By>7eaVsCRzv)G^<>l)T`)M1P{JTt~1KMMc$;ZQDY zJMAWNTT;6IyfADiZ&c~z=!?(Ewr^#^C<9;RXmX*%itpjfAgx!AVv6W7r~W*-hw1d` z$r0m(!&f~Q)XZI;S+NkBy)+t5p9heoA+i=W?a*Nl3sKa&)$dMRRx9HPc#ii~@2W5- zO;1z9WHSq7pQwpM!F5LJ^TbePt2ajb6JHw=zsi+#rKOPEDzM5VvqWswkDtl>_~dHI zpKK$GDC_2aOpX8-=G9k%tac>e_YXjrg^sZNUCzQBv*H=ysP|cet4w5lxN&iq-7<7V zGbmHY8r{XR+}*tVCH@oHKzH*-mn6?8U-S@ZY^IiDb{_Ii!c^mf?JGR`w3B>J!&XB? zs};%aEdL{ey%G46kr>4r>o^`2{eA&GtHYd6{c$%xRxyk81PEkUKK_gRaBtWgB&zVx zw~&l3RJSf2H*>FI`$!{!+sTiX@O$Q?rDglaPu-nXs=h@K+hetDLheLP!^Pgq;BC!m z$DqzapQ`lFXQ}m0^$bCkK?Kk_P+FU(3BipT+>zOAu;8*o?|(pl{Ks`&Lu460>M&SGVI%VB%=ez|K^V6I9Y zxf&bi*_&%^rToN9Vl@t~?G9l7xZ2sz#u4j#^DZbw+vrWsjmKeyQAnfy>`g6_*gjYm zgyD=GBz03*q$f-ujoJ8Nfy8vYd5L}{W#IQzdrFT4#~p;5F`TU<4&!rkUBxq}F(rh- zH9w-0;b*5gHW%@I*WcVWtoZIOm(;ygm~)e%@TgAj`~Bgk)~|Y<-1G6zxbku0wzkGv zKf5+cdLK`BAPaQ-6R0q!dM@?Ixwt9Rf62w!&A-RLP3An?nD54(tiM4dK3)Yq${Qai zvPWm4PwQ}X-2Fn+Z7E(fEtSGh^j*TB!}F7HGP80h4wt- z1vg$@Aes4^0*|xt%7$9SSsZS9xULUCT{lop!;Lc#D-(CRps#wN2hkQp+eJqnl>G`zEu8TA7kea{(`)#29-% zF`sf#U!2)BI(etw>?8E`*z|^S?GO!JuE{Q3(D?Z`wwp_}r-eUkO_WU>R^7o(VV5o@ zAXlEcw?ZfmIH{FwoMOr>1*U<2^E}ZzcB2UtpqX>Sh%Sroq>k z8G)(El;`JKphMo$>a>*tOk;Ckuobwq#6iQYT6uCwASE&Pcw!wFxB~xMahi4VOym-5 zY2Pp_zGdV#dlHcgg;^+9aG_hc81F z!S_)0p|8Y|W5tq!h`hK54<4WpKZWDr?&((2k&GHLw4VDJpxD`s#R8#zsM@94j9uo# z`pf1ha|^6*C5w5ENAgwRB;K^BlY>Eshpx)%;G;#0rHo2$rKE4?PZczt87a0E8=my@ z7xFegDCe2L(C0tfid%igjz>E}3Yz)`b!LynJt@W~yjZFZNJNnE^pDli*pK1kw)Q$y z)!$*$y-BB?V4$Vft5VyuM-)SydXg#IVYAhH4$3;g*ztF7Vs)e4krUd@uv3XrotWKpf4VMroBV^}(v^K` zZ__Crv+Ssh`cqpMrjfl9o$Z~rIl4ghVfAqe4|vS&vXTl5)QZ#+Wgna)Xhh5oJA#~BOk zJyw2cTc>gsfZposlCSpgwA-7mx2ZhL{}1|V1CU){XAup0Rj^xhBHFK72>vY>cql0Y z^e6hp8akAlWyZw%KUH8=8s@y@PkgHx50OL~8mXStBG6`71vr|2miyfqu4DInxG%?+lF0MeHnV4qPqu@PQCW9$Sii9 zK?cOZindHJU$iixF33c6R3fmUp~fyt_lbf$=Bh{eS`TkQkU&N#4(#H~JU+{q`)+WT zQE!AT=N8(~R5AJR-=#aacVqPU;{dY?k0h6j-#UM~R7MaZ*FlMaOctNTQZS$0N&aAr zr}K!++R-ZU8L+m)auYioi`OlcrKInMqTgCm1zjT5_RlnU>b)1Okj&2?u z`V5u`OHy{Fr8VmO8TD|mFX27`@p!@UUewB7|HYTL$9o*b$P)W6kB4B{bG5{bN#iDa zb=9!iDY+&0k1>Wh5v-*&It{NIr5lhj( z0;^8tuwQuUM2$ruJ~5>u&jZCrgg8u1!fqwox?X#N9{bIRPUbb{{eg-p^JoVD++|7E zm-l<_9qt-3>{lLd?FBv3QF(YWVY#C@+#9LWE*roY&EZQ%r@7Q!kaGW2r91e|`qRh# z6fDWyTsUhx?_A0ScGGFPz9@yzqt#gw6kb~QPqgSuCt#QunK9}l2=GM-~DCKd7^$q)@Gn@?2CBo3!8$s0r z^*VTr(uBaP-hA6%!gX{-3=f|yWF=6wR}i~__~v#dG?-x?6RvnTTM#5Hob}_xV!xr< z)Zk($Ucj)HFGVzq|Ca;i2u6dJR{i4>=e(+z*nM~~4zp6ax516R7>Gijb9VIUdc5MlW{&1a(aF5F{hOP{Cg(KjCwRUC(Dvt6Ct<(I1&#~ zSux-C^^fN}Cpwb+!_3~j_QN?FOA^DAOhtPul9V%wydwjXC z9y10L3uY(vUhmkiQITmy$;V}^ajs5Fy;kX8{%u~1#NI0M$n%Mm&N+!+ysKCHZWGm? zshd}sW7MD>>o6POnXRIGp|rHN#+-q28@mZAZEcM)dN!~><5`~-&i4e7d|=FcQdvua z?9il$KwV}nm?R0v`Q}E1C(KXRs(Tvk?$*qIu<5|^F}FA|p;cpqN%R~*DT^S5mNVNo z;hjm2JS{QfgNCTvocPcb8a(WU~QHKLPra>A$cWcjnMssGd^JBv!i%>JV z$Wjx#TW=w7=d9tJc>~G)VXocP%=my*B`-b+Rv0~kg+!@w4!7?xXv3&^s_*B zIeMO#iGUJeP1*|{=Gx=1y&N0YB9u z`X%~xSR8(~tyc9`ci6AuV?$&!?yZR6f(Ca>@#UeJ-63pD%p&&$>}B{5X_Rq6%H*ct z%r|eWdv%ImRQC?ioi>%Th`fx=0XJvH6Wzwag77Xb#n{L6xLWjYbABdjo$YvKQz=0uUR@wId#M^*F0h;am{Z^U-6^In~6S@6w>FmRv+7ezS*b&?Y9d0 zJFrJ1+B{Ux6bElvgd#%e#(vn9ezb}X95%cbIu%A;WANf%D(R@un?W&zvOG)(Jme9tFP~@ZSIjj z9+dgK%i#!g6Y-1)=LTCz3ktazC22M7IWUH28#xXe(F9mh(DGHT@wRMb;2F2 zI<^GYd)^e!Er#($7V=FyRrsy=V#8O-2uUwhs;a$|w7sjU;rbT;DnU%_aE95~E<M|^a`g7WxW{kRS|b$$0p>1JTM~Tj59agX zzc1olMb@>Bo~HZ&fVGeAgu~GQ<183}rkj4xPSMinB7ro;&i6l`qfvHMWLU3pub<)} z+V;~OoKnKK41$T{jAH8;Q zbDR0W`;d~3O}8$4lDA|^K7(BR-{l2xyAkZR4|o0C-QBHMMDR(u+g|CT4_Fv5U?^?r zJ~WK(gJ1&&Y@=-*y_6w(V88@N!$E(RuE=Z!U@%zobMT`N80u=k`pbXHpbyvvUh|oSb zT+FjUs4KQp?qa<3JG^zFV&fx*9l|u{uYcDKT>-(%c%F=F5)W)FOeK3pJ_IID^8QR> zl{R=~ZCrX?eU5X&hEiLqA?ZJxAVQN}Y?9%+Ahq=lF@A&MH zWn^@gPXqM|&t2yC8{>By`!&)>LN?XJ8*khdfTkvTmX$Yf>Zd~&cloR<3e`%3N?CvN zAHX(C7sNd6Y0doP;bb(SXfRPhtKFdPqje(VhrkQCxxkQTk~Lz7IbYE4&zFXs$7QWD z14}3ymEqSc_ACW0eh0hk9vln?e#vswLrJOebdZqVNlQb)hsOH?-myN1G|w=rm1G;o z-6XI9MVgtc2$fq6il}r&4wjV1mAyr|)(>rPFl1{hFxmXsF@wP(N5y1)5Ry^;x#;M> ztfnYazb`OEu$X`&xwvaL@+oW2>dg!AX*v4JPVF60BdaBW;e2H<9x<(5qGOR#*t-4t(Q6aeLHgdie0NMQb~(+RZ9?+I=`01Ie$Bc+ zILN%zmQ`irKVRp^(of3au|o!L7OJ$5TaUCDA;;!Zu*>RR{VQ7}rLp)AKdkOo?~MvB z@)AZduiIAHM}r%QZoVR<_~F5s$BU4O1L={B)T-$wCK_k<81=^2$`kdTX0VKA8%G9d z8e40Q=BV_#R2&|TLr}J9c=1JZ1ayHLJf(WBk&MyY#bGwiSNnB&=2+XY*CB;)X;hyx zS4;ZhabWd3-!;_!IOOCwOjxDiEr*F;viuLPfr*&U*AR2UcPKJI%c%}} zs+VivQGL-Dt2S_BUd-muC)oa*cGjv+=J1wdBLT8Zuo?|$aCU7i?`|ZE>Bw2T`N+1X z6{5O3<`r3uQzLQ&W^EmMiX;Kdw`h#d@$F#4T;)`G`=G~p!9d5}CTQGxzrHnB9zCkH z4!Xs4?&5srq`vBEbbRBFG_xYiAHVIY;|*C_La}@GIEc2^bLN_N1`YRJ7tI>!P0(8h zO$CcQx0WB>R}f5yc?QEMwx7aX?2l86tJpY_z-*yW9v*xJbF<{$)sH12<$m{4lI<1>hPsd9KU{-!{ToL9CpBNh7>YPcscje z@gA1vDm+g!W48pJ^p}q$l6jl=Um1phW&Pk&ya}B_uZ{VHS!S0+;!_fZxFY#F+Z2Q+ zRN$H&B5)iN?QL$hPw_J?4h!YeXSWXu6|;_ko4w$n-;fe8t(pobX17EhZpLgLt(GqB z%(q2-T;e8MRb;R)5Ao_)IP^O3wM;R$3INH2056Xn>A8h23tuxN2W+B~10$0a{i(%nFTz zku(I9=W}Q?uMXNISc`jO*nwOvKmJ>Zx5!;GI+65Z!oF2BUd|Q-WR4p!MCbGdqX8Tc zqGJob^Y4(uF%l?k5OyQcu4cp zP*N8c7xRhWMp(AfL@=-U^nP>Pj*%8NjOD52PaZ+|0)Cc^!~P>`-n%L8F4xLTwlLuh zzOY)WGZKLL%_LatHl4Zf)vR!L)K1vx9!px-VxKb^b!{};gC_8KXdaHhJPX1S9ASp% z7SjgHr%|Ragnl6+ALaW%Pg-z4RO-6D&?CN^(!pOoygeYyv$a7nUSgH?&R1+0Irr^k z1>WqMu0z*BMs3#IDV(M<%qydd5HCs?2q>uHg(dQtC{f*ioK=ie5A14_~9`r3FU>3b^_OPcHJ6L6B##~U3m|W-F9xI zWdrDbEp+WD@C&m}N!5tWSiZ3=6|>T};L!f!?+dZqUV-Mr`MLBG58~}Jq{xTo8`W~5 zz2?lHg!LxvlykIoWwoFq$?Vgh`;* zp~;z>US-jOdH9i5$`#O7cvxEa;Tz7EHP9{-)}>6c z<0I7Nbnr9N@n#| z%{@1biwoZ8#_Rpa!Q-1D7uI#I(6#&{M=p!OAHl}!+%rCwyW5gki!7tL;^k7B<*vT? z*Hk#Cu)|?Gd}hP3DA#;Ls^y344N039Ri*v@G}+78*8!KfO0K;4wFa7uuf0?{cK2E( zJPSup4hKy1h!nN}N8fi2;aEO?b07SlT;G#~AO}H?T*(6RjiIVA-K=LBL3!HaikCOS z3VvaPS=jX|BX8%80+OK|F^gWUqL=IktE)2lCG@wT#q^{Hn`R%4NthY+k|7NHMb-Qk zTMZW+=W+~h$8uz$1n}AWhC_v0pjbf@AN!@AO&JfV{OMYI$1$_qJI;r#>taura@ ztRJO9ky6O~s9EE+loU6We06;lm^xS~tCtHiwM0NrF#e{u75_Vxtp?4LcA3-CxmLCf zK9oFSr1z(hs4vkXG=09Q`RU^B;b?p{A!^m%1{f)>s=A3S4HJhnv0DFf*IwLm3%Is| zf`T!#J}yI3o8BR+Xlv-QU3bD#oaum8;HNvc()s%(?0+Pv zdO*Y(oZWspRGu5p(^;3QX%I^v<7}Uf`YmN8uFTej>1F9~pCER+3=?mb^y7sj@w8LA zY#$t`5`&llhwRuJ9heN$xsXSNfuTVp6GWVX`O^$ODb(*lloz-+UQll9{4}y^p@^Qg z^g=tixP_|V!}IEB zO17#S(37?9m}7!ys%i5oTq!HBy%-C3BfD#T5Ku@BZz3S=1f9K$;#Xb*#_P@TR@Mna9D{U<7>rvQ+Xah(0 zDcu`^6Yxo=){zZa#~i^@a1D=SHTk&EIE491gCQ>!*#SLk_K${rvHWwnMn=TTY>&#{7WD&u{hTXS4-ZcvO>)bbS^Wun8sNOMebI8+r>ZTIe zuYOKiVOA27DlGR~%#Nn*PjvU24OI%~?D!tWfg6&h&$p$^EeF(5Yg1{5!Zg`{Vs0*` ze(IbKi1T%9pF^R$$y^1o%sf2G1vJ*{?m};moXkfvs{tuhZjW;1bjfZg74oER1jlCX zJ}x>l(A7a%k5_;+P?H;kJr_!_ruG$6D+En`&|){w+;ci7Hr5Nb4D-=^;}$C+kAp>d zPWR+cW);S)*-!F|-FK3UifpYW>tsV{YxIgaieq`*5~ZTp=CIA(GP~7aDy(GLYB0?# zS+J71LR z)b-2F#+9e1b^CD4M|1pRpPMHSW|kW9>x>eRcIGg=(y=0b+>Sq1ai-oeqFH1bgSGpU zOFtzTH`@EGPwPBBv_2{->tug3GqCXjrpcMdbH74*S>pNep~fy(npMS=&CJbI|2W~F z@rWp2@$3$zF!PlFJJ5K>gWv5;WO;e4o&2hQ5%R`S(!nKx73) z)2wo?22r;jiBlQpn58>sE^s?=BMAX0mM%Owscv0M6OnlC)b; zz+-UqO~%Q7SgTr*H{>srFDTru-Zj4K2+!vwcIYb_wJ=?Fi$TAElaiJgFdQ#$0a^Z@{m8# zl(w|Y*GTAdPu$d`WpJA+$YmJkPk)n377!R{Cu(&@R=UCLi3rhK3U_H}zL>`twVxG< z_T+ASne5ch)|Y!^q+|3)uvv@K$pUr`rhyhVAd4?DpPqhl$PA{OS}o%Jtv77xF|qup zbe<4Xpjkb&KwxJTLe2a94=+tOD-K9Q?i%%b%xJRINefU-m4z6;rt9xz*%Sgu>;D;~ z3aBP)J_q2bj8D)IDeQdQjw-d zfEInd{l^^sTlZDzcwZkc*IG{P%M-00zl*K9ZdpCPbZo!Hx=#ii*nYjZRyV zrF8&%_D#OZRm=Jc*n|5W`@$;aQm;I?t>4)%AE-5By~tIpu6rySbDxBSq}&D}3YZ&G zw?fe7?s~e)|BI67?(dh|@;u7WtT4?#L2VA4(vl2m71qyc!!dm&a!o4xGG%b<4+k*H z&4!hmn^VkDwuZ}l_gfp4YPotBS66c)^G5SJ#ZYi_t=T%X8Ix3O+Q9M?OzX$Hp_Bw@ zjnycz{ev|R)I$H49!4=M0PVdx*ISQ#>;2bRuc=C*>g&TPC9#GEp%eYHhZO9p>Q`__Uu-G|`6@+A1n zR4ei|_L~{5$sRve3l_1Qs!%eLiu$p{ia;Ii4)>Y9(zLn}j~;XV8XqXX3J5VVAGU%u z8iR+X>rW}}m1q@caScp+;Fa0#*aHgs1x0t1U0=O8N-CDuqM_t%XF32s85tQ1wdqNZ zcX4@?qM+|L2LR2elA}CL87WB+(vLnec~@)Mdf#BYN&m8xL`u&hFeHRC4<6GG*I6?h z`4i*VHGD(i`If9E81>M$H%O^L0Sv2-GLul(VMv~cZClx;j)Fb3BV>^OT0;o)(P(> zD}d3NjWcREiLnZbz?F2*8cV+RXTyXkDw61;p5YTpz%B z00sa!dW=SZ{!zAni?-PcpcZQ?Rthw^_~`@~)10kXdvUZ{Cb;eQB-L{|Z`1Z|wH8vzysXlzfYW!xUY=b~Gxyx=DIDt29JMA+8K~F&{ z&bu;;86TFe_(ofW4sg8kw;Po43jiOl`0^+I2CuUu&K@qKTHm_e;xQ(gkaHpj)Dg!@ zExx(xr7k>2IDtPy_7 zeyI3WhO*p!%2@Uo;v?j`$g3niQN^kb_$`K$opeX;(0eK8`6GE97r%d1G3iVALUhlI zO%q1kORN0G8VL5Ct7PetNveDq*%cu_^qx@D21~LwlZeyhz+KQ*&XHBOe%hrRQH& zIGs+Uk$_XFPdOE!)0OFLXh7{N`IZdzQq_vCYY?qWKUJ&A+y)(fCa1o8C!V`E1jk|3 z;&BSNRK)Ao{rn~P-mi~u1(sMP=xe46s<;E>W_bvl>jQOv3W{!7(Ky%52id=X7ARF|EslG7movb$iNECc0 zhM$kin7N(|aM>Yh5A^lOa0C20c3OX4hKh`xfaCen9xNT-IKAhWP*G;N@fZko=@9g~ z*{JJ@){Z6}>`5V!bwd995QNxJU9(5%alhADj<}95&XRT`x-CGm zALz%F$2qmh>X#_xO>nu098?F~8!zD@QK|$y>sOA;sETGgGznuHd9_pX`X0P54B%2K zsH?A2JW{ZCM%&*HuTH*91l&SPqT9X%08%U#npnC15P(OYEtv_>%Jv2hHF5n1FZ_Q! z)C5Rb(`)Dr_+$x)wvrsi|AdBOU!V9Ru7Run|29d|5!0Z5`WmzHQ%SF0t^5x}$Q58q zove4KxSmG}5qCuh8+UfY;SrsM)q7FduH{m>+Qs?L-hLpwTkqMGmDf|*%hma70d$la#aR!;vjHb!s4W-dctcqIaXjuBtz=9 zbed*7*RLL=V_)IB;^L_CHv@``L^po4w0D;oA;5yC`(MBvYXhMLobEplT?@QuJr0IR z>j5%xk54&aqSC%gXdtiZR~T$4|fHf8(oB3C<_3r68^E@>>v3)n~7z8ht9yj;Q4mk0JCwXo#l9q z7)>G#@>H87>x<)zAm={ZuM=#0^z)<5P=PccfwwgIyS!V6Zi&m zJS=379COL&a7m~af)&U5sYVJHumd>PxcH2Kke%F^(&Zdu6mzcL77cg(&^@RW`4!8% zFp)r11ua`Ydrx>pD|{`~KAj;wTO>t!)g0E3RyM5Om$i))lO6!?}LCE;c8M6TeD}>0-|h7q%SlR5AhLm)>)Fj7(bK z2HZ6CbQl4ARFZ8eM z$T;oYL#YCdT7|d@OL(`38^`-qu=ZaE|HRN^UAx`Xm^Wzh%jcW>>DN?c2B5gU!!q(at{nY=HY_9?SxO z+~(@FI3~ky{Ph+G{(ppuNDyG1rDu0HH=}9iPgkcfnNCk^9nd5cz{p^|463~>af8Xf)UnV?1 zA+g#L>+zJc-+a1=tyCwX8XCxuj@loO5<{J^c-#wS^6CkX%F1H;q6b-KS3sFZ0tXE> zjJ|)mPrTODEXD^}${);<+Zv)c^f{gzeGM-&T_rH;4c7n;$z=k*g0@SZfh2CLX_!)$ z+}iZSFd6HYZC^8BExEw)INkcNRA9>BYRFV#Mm&ZE%*;)z!Un z^uak|PdY5m*FvJm9WUx899A-Ia6Qx2rk&;FoV>J+q@(0_3|^Jl?WtbTHL33jndE4^ zfNi33sLRgpsKa%qRyBlKv)VktT)8km#;Z>)aq=QpF{ke9S-m2I3_~|AKGm(zB%Uj4 z8`#BKH#;71dNnITv?=1BRe+2~`=bR%Et9%)KO~UNs-B_}WbdlC{%$XJ(~++0DFnB4ihZQpg}! zj3;($aK}6`{~?*>@s&+Q`=GJ?aaAI(8(5Ymx6p`XWTmZBiJ<2TKkQuiNMwp-;=AGN;v&9^j=+f*Y&lYv-NgwZz-T3e^`HS|8dpvhN^Dv+ySx&kp=IIZ~YV zorH7V1{#1*iN1eX3$i!q<+$>aO(D_S_{X&4e#Y3 zf8IP*vC}Rc)s1_PDp)PfV>Dm49e-`7pQD!(7yK*GjQellN#&+Nc$-yax(S0-yG}-{ zVq>UOPB=&SQZrkEzhY$j^UPZLg~$H5n%KU1qe<_YyrcO{7t^V!|Hu{X-e=k-5AQ5q z^WvZ<2rDy#S@-Y5#}uw{zS)-Kv^w*KEDz)2YK?jqO630LS~K*vsxWR+QRM;ja~8ye z-=SMIUlpK(V-~cQ9L~Jrp6Oh9_Znyp3Xr3<9l_@DaKP5z7dhwCtaeT4iU!a9oH5DS zf=r>lrwI-NKEo~p(Y6OeD6@;DhyX84=m6n`vG{ zP5m>&wX_}-qZf!W^V}`36HZtNIg_#o;FB%WUr?RWJEZB2=2WAWjicS~WfVlc#7p3F z6p!p#iKF%@N^>AW&bYmD^8`p{V`1Ty;!vxhj8nq9g6q;DCkGPCWAl}#gm>6@nhk(R z0TX5Gw*y=uzkds0aEOvwp)UI?tDe=!=-@a+p(}>I_T4+I-UbPNtJ75zy@72Tp<%!+ zZ8}fVYJ`BM;cbm3)}Jo)4ScZreTGER<+n=z;UF4B!IaLb<@CK3-s;fg_8qFZKIMwQ zFKup~9^V+r_%aa_>aq;B+HXC2t+~Bi*ynm$oj~(HwE4!}SmFk1R`pWrG^NoGvRVoJ z`3Gz{L|Cw!0UoEsx!U95%;uqsAAMTOp;M1N_~%(n_}${WWwTc<6>UP!=k7ol#$;BX ziczj{Swcm>0sK$-j7%ipEG4&$si3Z1%PJO&4^_^T@kCmQekP(|kG8d&ZMr`UQ&F+0 z-wPzO-o;%~sIb&1uJc3;*DWhPJFeg{;&_i6~=6L4^?r6Go>Xh#h6f8A~ecf>s>NC)HV=8PpG~^mb+Gi zZ;hEe?E1>K8vNX0V{j+v!17udbxuGKAG@1-KgyMvExNwM_RB#nZI~!Hba*ZH+QNAPfz$# zn!Y-E-1e$HT3a7tI2EZ#kU|+G(JX$m8HUn&qVy(=id0-qx_kEh@ELc z?D69MNvC>=@lu=7Q%1Kt!1R#*vCY7ixksl8}Py|V_{0O?Qdgt5$- z?96l&a$mUqw(@-Hkk3kXqmZzqn%ZlPlC|!9T1fUgm=~B*j}Jzo&?PHdE6pKG`3zu6F9M% zj=J4+j7A3jKR57~7u@W;#tywuZM9_E+!Y-fPpgI2j!&5YDQSkZhoJvr$z(jxiKVl#yMGuzpXY!VLQ*Lz z?#u6h1ONojE&-Xjmpew#T9eKMj9zTbWc(BK(PNlBz%&51i8)}C8uiBVDg+9;kz~s^ zCtG;ZKpD0DTf?#ew;RD!y_&)@d$#53t&{?m@rQeF)(Z?8aVt}3?5`G@w_dq3Cy%A~TOd<5l8^XK!b9(c$T!qss#)HlbP)wyx?SR4Zg-*=_Xt=1UwU(pj^pKTIaFvpm99KY-MYTZX!retB$AFjU$TdAz zEhqbj;OWn(`}LZ!CxU|+@Uj@M9FYrm@S8v{8Zq(U;g9`?4xz$tN3FAj5Y29v3qB{K zRP4HTH=x2?@e%AwiXSg^a{w{QOD$YG1sM1$HE-<-W{Na=W4V+qWh~?0qx4_%VnxZs zO#rcbL3dd5fpD*E*I_AeoXpl5m6Oi-+2Aiy<8ScIX`yTfZu;OY&dRsCx*3)y+nt#S z5*Wpv(9Sgy(yK5CfeWo4wwA~9Ir71%{ruLyTG=RhQl=#|rx0*ma#{__pX<6v90Rd< z1M4pUg$HiFpR(lP9ZDl;9BNarS*WEoUSh1EJcN@qVF@sLGp$p#hfIu&@-Ek|l?}(s z0jv(}2sXZFSAOa(P@RzM`5oKoG-0gRFbaR+^q&8yt|wT~?a(PS#VRjz$xXY>tb^-k z6thOpy?$$)=wyX7%}19MfV*6njnn_>XgA+aByPR)4H$@InvnYP3hDusIea!$-nT%jRwTx~IZ z$5}QI9%tU%(wM-XQ<1jszZ!kGIsWR(Gj9L3f61ZAN}>h&;fjno5t42ca#F>Ij&BdltmSm@e}~F*Sx)ALKl;e$ znDP*AIofYg^IRGY4WqkOmHA>n4fDL(Oae{D#kTtMXD8mM*83*<8NZ+Y^lC zuz+cnTc+xHp3-j$Saz@gz}3VHvc&pKzg0{_7OxlDM`H#*3o<+c3=pETGo7qG)f`bu zGF5TjQ}wF=Kr$78=g`ZX25XiZ*Z0MoPuLo=(pX>oDA&TY*otks3V(1PR|G&w3?yMU z_J?zupZ=(0x&H8nmdL!3RRHq;)Sn2jpnP`54*-6tFPVMM=~W!d>`{D?Oe)#{Z&eN# zIy;9{1@X;Ls_|E4sdAR~-f;9na=^u-_^7>VF9F!{wo;?axq4OI2_g@Z*VvXl3QKVpUE{D?RehoUZ{PkCtvJNxg2k4TA9+yroy7;AP%t%aII6) z0(E`Xy*!?k{srZ~O=2*vMJ)VwFjQ3lkx17Oc16@@&`c$23W^NCB#@P*;{LG(zfisk zo!mR09^tn+fCC|e6i}YY)uA!@ft}A^UDp!iWXADi{F%Z=3TEo@W+} zt=iysPvi)|w%W+TVnXZ93@cg%e)u5`UJ;mek5K0tPdEXXJK^bGz8T^gUYK$gae?Dp z%PUsR5^YM*32z!<1;i$*CNpH5|Ckz4sf-AnG76i5cf(`uQe4(@HOs6)%1?V@p2a|V zAC5X16#ie-y=PQYTiZ4&2!be0L=>bbDgq)RRk})3>AfQ$z4u;4QE4I|9i&JL5PFAz zh$y{<&_R(-=%JT0mm9a)`+Q@3&yRPU=RJS;kr7~JWzBou_tj=B(ZEo^9Moe<;9ABM zH9tj6^6-&T-<3G>UcWxGXVf{@%l?ut?JA@JZ42g7^TXF4L{(Z? zEDI00^*Rsvp-sp$*Tj*Zdea)+P|#>ToDHbt&j!TjnMN0f!TEX|LFR zX3d5Fp`UTpOSJqTNiZ>)^X|)0c;Z!k0XscXS_&6B8tF`U{3Y%J+U)xJk&aPQ4^-dn zGDFuq!)>6f$w-Usjg2#yY4Gsy5J+QR1^GFgt8C|Nh&=6i@fL4(+eBmvSgkh75twbG zlHXi1!&xA2O<2Ydat@gyY&LHIORJ;XK6%K_k_l4)m!-VqlQyn8Q;PmPrEy`Q%Oa>F zs)6NnAtnL-ceZx;gdU#G*KU@_cBp^C3)=p2y8QcZy`>cRa1?X4 zB)GV5zeiT2W2sR+u*Si`VW$+F5cPVW0-?R1tkX1!n$w(duT^zJnVb$2`0k-r832Ec zj2+nB9&Rpwg-A*U3cb>NnAg(x%+nD@FK-RwAqmQW*G+JlWdFR(E07dPRoOv>768fl{AX0LAadV&T1Y%WZtRRL+n9%B8=(td zHL%`kD+wBMmw?zrtk>T1L$ZTOe)|hpUHS+)xPP?z#!OhRrIUcpeZC?z0Uzt5xrhP5 zgJjI$X{^_>AA*m|pU-IWn?wMA1YDx+-U$xxALk+2Wsz}v!p(udpye)Z5mJHk`K1fI z*=`XphiXldq3FcHp6mG<@1p>v;3pGbzR)++~TQ491#y5Y~I}esxZ|OrL^qBC93DWOAq;3BADc|9lsf9?r%Lt z=4;3RIgaUS&(xb>!IYM$7PHc91R#L`U-Q9?^GMNee@FSF;tp5eGd`piv+b?5is^Q} zR3PD;e`VGPA=BCC#3zT6t@JpJ53cL!>8bp&cSJ;+p@6Re}kw*bN@9U7%XubmZfCY7Twzn1cf(|?6BM9xpJBGBZwIU{8Cj^ z<|Cco^Tr#zk=vpP!Vap~?IQ38p7V+6@LW#P*#NlkP03A5AORH=kpW+gm&U`I@UP)q0jA&G(k zXoM$+^jfDw&Y!Dl#`7OxF~nWP!fyNa=0G0WZOefY6)$%uWDfU2RI5nl=He)Pak~2L z?Zoo{kgf5 z?y2kBp_?=y+YS2PzI+)6adGjvy<~5t-Y>)(dnF=?B*=gEL)wrtB;ZYGSV^DOvZq0d z@Kb(8w-W0EW6WK@M(2*j#KHahZrq2_%;tS7-hdN$#{cwCmUj7QMkTYiA0WQ6LQqfS zHd?*xJ3pe;TRGw!fB9Zf<>1E|TP1(dYFVMaGAB;A*e-dX5oHp+%y;nu>QMM#g{@tu zKslbrN(sdzV7}opIc5Hwc1Xyx$>qvo7x{79!MuAkP)@piGp7kXN&3hXw+Hu{Z$Q^W zg76!)r?YOd7~H=fNz#LtkFiIp;SrO$M`fh?az$O$abK3XlX8RWifESEa%`o`7J{K5 z6{l!$+*=qG3+V6Zgk|Z9^~HM>G_aMGMwVw1lOW7B|3%Pyn7rRUSilI{%bo|Gltzcb zEm6#78Cz4uty`qD8DV1!-)lM}o|9S~OYQxBGED#gaQC`X*ISNFc33~WNHR=3C-yW& z+83EZpO2$;hG7R!ZDe}+jQ#8PysG9YIK}5a8q07E2MglG80Hd`f+2pCj3LRYr;9E- zYsK^ur;J(k!I^w+V)LHuJ2G*1WfF%F-#rV8B<|&slfXiO)F=mO(H_NLs<&2MRdRFi zjP#E4%X2>{A~}?RJ#*_7EyHC-!v2G;ZwL>`mCsKxN|Rf-H2wfxJ@PcMqBYT-|{!d6}}7D;gDo=_+deOp}U*;ov`I>X*ojdhr|dw)-LC*^KEMQ z(DXO2Zt45%jQd=Y#0g>U2lK z-xmvf4IV(oR^d|C7ySG0frQ*QkR!6<$>YG|r2}c({=fQzVQ0z66-*RIUVM0nb?MhW zirRkgQBjjN+Ub1jy}-^sqGm0NwGaE6fZPSaz1?nith=%V1DklAy~ACs z*8~B*{CyA=){ljb+3JC=U@Iy<0;^M)0I9fyops(NSe6*SJr;2D;3ElGtp`pg$RKvz z#H3-cE`LPL@BAeOZ&Hz53sio#t5i55AT}l@%S>b+Py(sQ54tjxgd|npD+UJmfLl_+ z&7NSSAd#K$+Kc+8m?xTb2Bk^fMSd69b+Un@jTQJ5tzp98S=B0E?g{D?@oFye*gVV_ z7*LO5)_E}A83Qx!6uM4NpDaLUh~9@`s`LJKx4cco6TB|?K zBwUM8e3Z~}x`7B74s@efg>$ao5UuI0eGZxRicQi~@+}`(4HZ3%qGN?ypy144hI|vu zpZ(N9PHR{#Z}0=@INF%k`+Mq?^PR6-QgoDTid};#0Rebk8>>_~N(*-4l6vwV-%L5J zY!M~~3B%u}z9?-Ec*{hC+Up(fDWbGU!01)lH|?{rDS$Lkl{!miqt^FL8X~O6-_(Q- zE*%v^zIJU+f&OG)kvM02T(xNS!M<{_J0*J9M_wk${HdOhr0>`F+(B#8#C>nSPa;d# zwc^$%AK>HtR8GO&X@59ynt}y)amDs#a$%iS8$V?NaJl>R@pV^!(Z@*u$ z0=ww)=6vexI@NijPZB`!JydFfsJqPdcwG8&#uOsI`-{x5%Ez9xUAG29z|*V z;05J1=Xe5G!o7p`jqu&go1cBV$mhGtKJq(xsYM{DuP*Gx+tlQ0I7}~K)bzUEO~FbX zW^_xfG4J+^O`g=Ly?=k*!w)Pei@nfMlY6HI--vLHEV;6z0PMC;cby zANF=ODwjFh2_Y-$Mn#%82Ssi}Z2ls{UDH{0V(Kn6lQu$4*U$Pm}kZnw{Bb6WE}8 z6cJ?j9Y0OBa(IHbMXz1E#^Sgl<#DaSUG4kNZ@pEn91_h})0E4dojk-E+>cU}_IOK7 zSK%OEEg|+ti8RF*lDmi^>+(zsN6s{IFA-uDfK5;1EWA2I!iv9y9!U%qo0Mjn3YvX- zjcHwuFm_jZ8AzwtYeGGDP?x;$kt(Sh4nr;MViq)zc5SGgM5;Q!otF1NiF(bjK5o0?LU9tBANT#mUCt~WSc{c<{sB~U#iotmcA9ysINp< z0!iqLXF|tY*X4O}A2C0bd0sR&$*fYOuBd8(GQu}q7=6RA?(eM2+5U#~cn)%f0|%i8 zTu2DZYB`Y)b_*AoFF05Q|9{#0K+zWyORQW7wg0orpTHfvMs|7DN3Loi9Op-plsq%m ztVdV@w$zI2|8!aMfr*mj^n0w2$uI#%;P3DM-d}#{RwuxO%6Cm2i!$@|)dHRut$$E; zzP@0b{QmYSmRSHKT7Wxg{V%%=7*7Kp`d|O&#YrjP{BZqw+Kbn!%-z|-#>MkXZgP~s zo#-6Z{E2{9AtAjW9$f{L?HL|a6ut3L?o6^*&ls1(rXaUhM!4d~$5Wa=BdNA z!&9XTBU*AixtZ=xISa=dCLNpFV*wYm5}@L_ZN8tIYKeUq#rhsKgo&s0I`qFPLue)s z&)7dGHe2Z`bT3z<%G0jZ<%qrw(?!o~9xhM|B`~MiPj8^Ah_#eq5|n#2sC*qYKwXts z?wCiht7-1geKRD8qF|C6*1yi678>a|-bMANpJAt5sW@RbHLvo5m?rZ*Tbx<{2>xUA zjETsHWw3+cgJ72)BiJ*cT&i1d#|7(cis*l?PoGvEtMQ}0>shl~)2lJbb2VnK6^yg}{)h)!WwVw^Sboip~ zBA22Le@XwB_Tit&Lh&8q$>k`4a-WBd5;F38Jn(FpKwWAP^ABHSw!hqC`SEe<(&!(V zx73w?Zz*$+K0XdG?S4o3M$oP&_;O#5-}CR&KIBKl7mOVzX1k?4o-qswPQcYGWxYh) zCH3OT$Y`iCbw>qEQA=L@<{1p=fl5g)cjqGZ1+b|Y54~%9=tCfr$n)g;_dt~_`2t8} zg0$exaR}tys2<#0$Z>);P0F(*MJGS^TL~aRVVBu;uR6^gg?S$Pz(^)@o}Pb1!-c5Q zX7<$I52J51k*l_^l$4b6>_j*b;n!^3>4t;!*sG4K2Eibzd2aAVh-1C9jr(lM#v4Az z&oz51F|{?GJ8wFY1WYpc*?MQcA8=cJ3Cq!(;;`aMBc*DuK7$@}mofa}gZBKIeApN^ zWR2UD>9sctm_Oss208Yz3L(wy96|5*%?SuCxEMi)ROOD21F8aj0z#POB1YY#R%Sts zTYqiKSpzp9`p~J{>i5IJfDc`(t@iWnZP&fglM5aRmt+bus7L1}Z~DxxaCm(F)DzH9+ajOR{uxkk@Rn|ZCYzB| z01KiMtyclXBd3A??=J$>wGjmfv!ZkUN8te-|0k8_PT1E{kp`xKP{Bnkgzf~68qQyX zhxT6mKmX{j8rl0keP=!#=c-wiEVe<3!L}SsS=E$jf>_s~drQ=JhnX z`bGh3cEDkW=7iOz%mu8^KLW7KAJ$Dbv7`#VRA7*)+5XXs{TY@(*|jS-h{W23>VrV- z)b(7Q!@hhM*0-s+VwRQ(vWdcJf|Vz&=iWkN2j}#BSn-T9T$UIBOcU>?F4K_G3TFT~ zgH{hcRXC~e=5=Mdf%utGXa@N+Xt_T3l|1!ooFu@aIltC?;KO@o^cegNWeZ43k>R&n zD}lOwg@+>1m=!$+zU0(Sy)GQ3I=eJ?%_`3*5Ztb1)Ee10p>K$sM3(`w?|EukC#;*o zsl)*#tP}jY8wo>2^2&YCES<~9j*uLYZwB1ABYMcmAzz7~&g}vI^L3aq!00O7YYlGe zsHUANEpoConZmOTh;g_lvU8Y%UTx(Bo%CxDal;7jFX03-~BpeR+ z(%=P{hb4Jk1+uJ z40fdb2Ch9hR2yOTeUQ`?!f!~ z*j)eNOMdD;m>B^ie4kI-a?kRawe={uD!5-jL`kH2kF$znCiBI7Z*fFNQb>R5b=LE4 zKhmq>?==1md4P2@V9TXx*8ZM$=>!#D-abuzYnMpZge0$I`Dw>uvZV$zDFE; z*NBUB{d(V4ulzBjGLKAqUKh8KXg|GDzJ=moyfDcmqq6Hbr<|r~#CGHq!e3%Fcb1GI zQ(CF_1~K>4@TCrZ-~`tY5VahuY9u+W>gzg*nWh%e&#|9s(I3mp%FpgK9^NzVNXiVN zGIYFk_wn-9-2B`Y5gKc)h=SqeGOCT5%~o36-m>_8e^6hx(%wB@4Zp@+b)}%o$?;(_ zQc`#Jye?NKKC#&I5jhg-FC{U#5*?+5q@bc=5N{>nQMu+l$L*Lkf~i{l=(LXiLvgJ74~yf|e-+2=*1J(Gmr~DAvCo5s zmhx-|T)T4L2^2oBwLyldZxmS|y=yjHu(G`<{S+w;jLxPUz~VILX}xqqlCshgt2gHi zq=WNyYcpyxJYhVeTuy6*A0H)ZvdUDlM6t}K1ojL%CGoknxFsoG5BgR*sw$*9Ob6Hg z-OU16W)dqfRn-2%|GRwzE|+)Sx&;FPehkR`oeJZQ*h~mn`GWVxT4%@{6NhP`z4!qF zgFrLl>uCYw1Ag z+YkC;BcPGVkMh>2dBD!=qiXoYE6>HlrF%^em18;gDS%7k9^s zlu;PUQh6YnK3=#@t$khv5~Fat<=nTgQ!}N(+KSgeE4=-c!>g+taWIh#jR!G$D_XTk zm6Jf73d~-;x%bvpN^I}%?C#|B7*3t%@vI@D{0blS*o4`pJQWc26fq1Hc83S<29l`N z4k1Au`}|o9s;}`pHYkTqp7%bRmYT)Z5weN=Y45JT$@!4Y$YojbV{#Ii=RhNnr3}+l z821)=0-DgC&&=bjfe6HD2G)%sR`vm>e2sGOVWQ)N93EDqtOg9|T{bOCyrh4=j+nQ` zCB^Qj-W5ZeSU`Z-3lcgrM6-N-Fu!`k2i1_AxXs2e_e?Dhua)G(9GfwnuaV4YEwOV_ z$DjdG7+-1&W$Q4G!DiT*#XuL-iSWi?;afU|ns6?g9QX|{69k1mQUPe!gOj;b=6XLW zg_uXROEpqEnGW|{Vz?n2n-Q(&DbZ_k_zYLf*@M5wqjtRPnFx(?_ z9U&C67fmC^{#Q`1rv(>0_%l?9PS}9ja(Ie55UadR#?**S8#$v>HrHuMJiKJA4T`G@B20gjkQ+7-(8o`dQ@=SQTuW29$n;-%3Jh|9Ep4K)jEH=5j&LkGk$y=)uQ3tH}K7TeA;Pd3sJS!yWiBZBJU0r7_YBP2d7{Td#WvQ+^u?f55SzM zboimhr&196AURhuTsi=$3y|g0R&VC$Ki3>8^+2$w-pq7b;GO&Yt(Tg^_?-mt!H72l zJ6VEU_YC{2FY|bXf)G^MiRY1#2p=9|I)2q<$Au3-^#Q!@mw_F$2CQ@xj9rLHL`3AH zOoZl4YUjenoXGi0PKr%$E`R})9L#uT9crriRxzLfb6y;QvG00iMS!E+oQCPBg*<(M z;}mApss{6{?0Fo|(@u=htsqMa;^3%q$Hc9HN&C1&3v}fU7l@adD=Pqyj=)aNRu=0S zvu1_*zZN8nh=xa&O^d5HxAKf~t@-tXnx}sFTZUC!rk1b zNX~Y>iL$_KL=cxuL>q0M1lh`@7Bfp;Ia<|KJiyEd$nkjh_gSFKMU4q=i|pIp5V!*^ zd?lt3`SlBE?j6__2m)~5T6BF#bJwWt!}<(+PB%pOV==n< zsSrC{oZ!m8dR)Bc+Q2mHulc7sM{rZi|5cph?#RpPPx~Q`dB_7_VTQilD7|?z3Hk?( z64`27B*y0rlSApk?xqoXC<8?Mam0;~+}AP)$;)LAKO@GM^}}R0<^~`2ud>&zlnC#4 zo-m;ay)0yn`#^(Da}8!N`6F^vS|>*soimzI1pdt5$zoOL*hB#&Wk|_8+m@=0*1GN>SUGhga2A6Ukgh-2_0(#(CQ z$%Mw%>6g*eSX1y9c!PcJW8y~HOA;@}*@gM{(CdVMcX z&%;=cUg%C7WY^!dTn} zzr(F`Lr|}lUjNf8`aceg{)Z*{KSXW)&Qk*E;H2aH#-*umw6?9GM|bv2gpL*?HtQgB z^c-hMB#R1*$)JKE6ATbKiQ^hrU(N|X8vK8XRPv=yV-C2K@9(U!2>y6gx4+LQ!#h!T-f-hemqZHcVG}lbRS?F zxs3Nw?#0MfY9Z@4KssC~$>=R`@ir@;dT;z?oYc&FouU-NxpUI0G_rBoN~$}C;R@~u zIaH)Oyo(*HYW)Nv6uWlNjf06}VS8R%lU*@W7Cp0XjZd;LIl1lwV(?w!q5yqd+}Z5Z z%T_)rKjEXNJxoSLWr7f}gW3P13VnDu@IS!iax>HU?n>s7W_ zzT8R!!3=3}NZ7RymQt)o@^&LX*AoYo!TAtF&v!uW#*=i0*s9awT%b#kyE2B$scXm9SmR4TYUF3W4&;Ca* zTUrS8QT=l37c4%-+#jlO3It0^`kaj*y+%3=W`QNks{ zl2b?gaDa*wy1E}ZxU}>Vz z-S7u+?osS$E&4NHP_jikX=^7O$UZk5ZXc%|2HL8{t;@N~`3uhjLshDI;LJKhC1AFo zj-J3mHBR7`Q><*Cu&WL|K%x#Mjf;SO;pMGSXJx4$8OX!p8UK>PxZAEr6$Lnzr48Ip|j`s{f9X1J$LPp zwtuOPupuEt$RA~jTK0jK84y3Sf7mW=pNuYJ!6Xf9ryXMN@$7`DIf zS!#|s1(w8<17SBc1TCQpodd7mwaPKUl0OT)e(#sQ=crXzUB>zG z?WGeElNiS3-6t9nzY=1O^3--)KV|-PWp#J+|p$1A5^FPh^g&@{prhDUiQX+={ap$a-x)m>O%`uJbgScrSQm$@+H| zz?$KUmm&Q@?1Fg}6|RZAeg=uBS#$&tAE)7Ey`tN$|6(SXFtD*TIgHu-QwyJ zoIM)GJB@N*`*~X4bz7g3<$SKa(PQ)egdJz8LfjygC0Zq5wvPbH&}3>M1xfl1H2lkr zte+%pMg;gUA*f~$P@DxcmPxtMLRli9BGQt4Dnm|f9&Hgft1~iU&nYWhIAJ8fKq9Tg zLQfAeg4uUb0*L@!>i;S_Lt-;PdUQYRCvp&+NbU3euFORNDG(p*6spbVFV%{Qn}fX` zX9ikQAiu5xt!g7)XlW6ySmF?JQNH`*-k$lo@tLSwy3)V8sAM8M0uY8z?Cix$@G7nO zDtfQMd^|XN(wc92l_kt=sP=&e)~@_k@)RLz;XN3 zMJBB|8J%1`Aj9O@XlK*IH^7!Hx$HI!1jEPsp)D)4K%)WmYC3Qe2rs3esYUYW(g#5| zT$LO#j*yF-kJ4Ux=NmT5&5l%>LPEQ`c;VsOCip>eBBZ?lJMOP}@dTX2L;}t=(6vC> zsBY|>iR1Q2(&+^Fj2$ae*%cs|6F#z!ImF1Cc=gy6@B@7#$lg$RUd7GjI;*asUpBZd zw*XM4MGws0oCC7jM3R`0R-b+O(epn{lr1A@Y*VMSbhwXe-sAJ^EIvn;Ey>H|&@hL8 z<|hhB*;Ej+#E_!1(5`Up(NtQS2A!(dXL6wpd3Vlp3Zwh;)hbOvl&T2!m&}W;VbEzD z)k)xllZq>bKqtoZ^u^GoO>IWBt_8elJ#&x}u3N33mamO`pC^F+umW@>kK=EIfHTic zeCW9xgZWE+9-4u{qw1yn@9=eo6)I>j4yG2+5UMU!1NE8(6t*Ih&YTaPZrm0foj5jkqCO+sIrDOJMg+?2R$cPtEJw22#WT6#n?f901$4~t+|LfB_uSA8q zKfI?U%gvUBbV)8laW-|`!NS_XmFdpY(c>JGi1(BXxs|i3LZj6sPCtNVul53;@q=7S zPgd2Nuy@APy78g4eIIm*Kk_bboM+XP0x>(?Q>|)?^@4lA`?U*H0evaxg{>;HzP~jQ zBZ>fB`<&+v_&gJYlocB))`c1v6VUf2fv~WgB_EITfgQ{%)ZN;RjE3Cx1TOD5Y;|=N z#36Z|VEZ2VyT7aV!B-UXwXKaYIpniItUr~}`SJHhhw8^8*0&&sq-RYYn@}RG0F;0> zw>lP=e8NuvyteeU5gWn%FX~;OIp|duXTH}zMKspuAnMlaNslMy>xpnKoy_0CJAa9G z{%iUaz({Lxv|u%z6HQ>IX0O|J#L@uyRYUDsIFPOwv8uvk^UPg_)mj+eTH;HDB<5~f z=_0K5Al0^6?@Z2=1^ZZ8Tb{EtfIg2q#ZmL}T6EWU!xs8THR#!|SBeO^F{BN_ zr&7ZiI%J-X3^+~&qDEP!d#)pMbX9F$ElgdEbY!d>uqSAU5Iy*Lya{BPsFfl6Ieuxz<(!>Aua7$KY+0 zh+~EO)@+vE1-QJWb^`4)(Cp?o(UfIDv1rxS#gICvkP&f*bk93O$ZXL;EmyvOKV;ge ztk8Ru`p9XpR1M_Ny^~|1Kd?LueGYo;%DdOwIV?78GlGeD4$5nCC&TDMl($nD-EVsF z3-zX_^rXw?f%>94%&Rpbk6KZnfaLF!2ql7GuSp3^WXxNJR<>*DuSn>E3x@eTcGZRu zM=nvf6xzn31zdc+k}w(Uz?C#~w5eU?IXGusS+(hL@P+M-u+M!bbKxby!y%-FkGUZc zVswrU`hrD?$iXA1f1tV3R3HB44k>}x*j&0DMIAS(7Sd_$r&$!6(gOu1*=#^qQwv%q zxIN8Ii^%M_`S4|6iGHstP!`zGY3IZdL|ivtZCP)LyY4_#8SL1ogfDy`DE+%X-mqyN zAca|Jm3IO0eH;63l+&hm$y!XH0_zEN{Q-b8)Ot88&wfxa-|DxZ7V>_RqmrG)4g8hO z!{|uR;qDS&oF9o6(ozN5nBl_a9hcQMCArzB+gCt-oU&BmCu+_mi`wDppi^fr>-#^Z zoVf@5NoazNAY;d;i)!Q0xKiTTM2#Nx5j{p6vP@9Unnt)DK!MKhbC?QXT5|$=R#)}= zDO0d^$LX-*A?psk64U$Z69}@7fqowIzU?)wS?`h#(-o1S?<{DchUo6Fzu2SL(DNYeJLv z;q$RPMviP{-~@RxnT<$ITMVW+M@0A0p3mMW37&wch5AfnWC^c6tr5A%ZzxzPy zHB@Thtg-M(PyznF$f)(lY1Av8jHiC=Z4W)z*I5tN*~_~>;CMl@HEy4j*KX>xDY(X; z+jd`!#yLBT?YoZ_d}G}_xdOVO6e{VRnRsC{x!%)Xqm=5r>oyzn#iyz|-S3o3uubom zbnUosOcaxrd=6$<9H~^x)2dBhrN|sYe9~e(^@3>HC5e-Vr=O0p;6X!1`!L2od!{9d zm72%ie{}kho*XY}Zz=b%V4oIZ(Pw>B8YCF1raWkHrtQC{XEvtn;H{kno3>d7>|P9c z*vPIEl3$=tEA3YCbX$3=CVHgGE7~n)`Dt<^wTfLy;r)X+B3i+grE2b|*mzDD11XUZY60==c6ix6`)6v|@2(7)PD^O{rAF<%=-MrPPl`*b z`1I4yWpwWm82REjoDzVp#qh}ACIo02plPst8O2|k6L)XhLZv}4fIdu6U*s9nXQrEm z8E0F}aEn3n(_Q(lDadT8^UT!1Rx|y~;t7tHU{k)s+rm38Hf(p&F7-dm#XJF-UP_p? zpw8LA!S%NBrl1Z79&7dHq@~_2X)S85p9pl31Y2(4iuyX44I4;l$?ne`zP9ik<({lx zliljhP&W3lU<~2fv;V^;BYrg??w%9ZYb@bHeR-0p~Sfil%`xrb0ff)7w%rZZlakBM z%q2euX$QgEuHyn*SN^Y-# z>EqKiHy3uUj$&&1%lOuX1Gp($ch#5WDo(kf4D*~MY4VElF%|h*dza}^leELRR9$%| z^ks_eJ*|buh%Nv}W=FH0Rhm<rJJ5VAK9eJp3di|G={>wT>Kp?d z{Iy`*k2SnQ>Xh{D6RW(^d{{?I(i>;>SXjb|cCzKjQS@nGgEwdaBzlN?#v9C)v^-G>+>ro0> zumDo5pECDc9$+gv0 zg*wT#tfzhqdns+2>|oG@S`PYs7;KtN-9V&3gVYKLrw1@L;AGJDB#+02b-Q2kx9a_D zg@)5pKueKhZBt&@Dkhm+PQUp@F2OvS80g9*Tci7rd(fz}%sC}ikCNr$ zV&2xJgSrr3C(^oAcLyQVzDx)mk7%!V3=9wh;B=VH-P|LxTGWiyf$>r;t-w~6HQM}! zAiVn(N5sZX=JMP?;msML!Tlza^K{ME#j z5t%Aw(x=4}`92nX46;}$urtO>36)LaPdj^wt_Ng?MsWrr%#m5<1TQbZ1>wTWMjCFkb3qWs!aNe@ zo-!Aa!KMVfNk)l6RCxeBaq16v>9t2XL>i!4Fwqb!QW=k*dt$Zj^l8;QUO-24AVNX? zI8Gs7yVBlta1A*>w8JKFr^IUX0pLy)7T&X)O((dy*O-e}jzwS=`unPg~Dsc;jm@H{-QzWbG5JB_6!PYZDjoiyv4d zCnYW_aIngI_Sn45*9%htQ^3HL(w#Fh(zbLd{dv0mkhHT&I?bV$36(#5OONx-TP7D@ z;n`um5So7OEvMU2EaV19Y+^}#W(1}dk*V@2Pxt6bB?KV3Cv8lggTT;ArbN-->S9^{>TYiYkM)o-!5dXLcR77b zF0*u~9DtEn?l5GQEe{xm-L5!A*nIv5Y!RHc#O>Xq{827i7G#B$N%CH1BxBRF$atib zF+5{BQV<$@qiFOHxizY*b2(H0wXf2ID$b`Wrm)y-*JZChIf`aYMm)nsg_9Q7&>)8j z<2~Mq+~2vexxr|mnTXM-G_R#)U{Ui_29PpK{YZ2Ft7z`KE`NEFvLS!aSnxZIG#bpj za{2hE9We>;Z|6q0E8ol*y2noXnawm4XN-|wWtPu;F0!Slt5GOi@Z^y&q=hZt5(F-ZLjJ9gH`CDN2>%Vwpz#zTx^J-zU5&n@kn@ZK z)xKqPkl^-h_iMNzi&E8RuY2@NSZb3A-7{b>wS(hiV;>A=1ES|$dyyH~XEg3V1WcL; z-cMVsZL8)Hpuc3);_I-?Lo1|!COaZ~+laLfuiOA`L|z@MU96zbdJ!O^-+w4d^7rBa zhj+z80w%}OIqb70kK}z%tdio~yNtDm+nihZdV-wX=}UY*xfd2V4NRrbKDrx&u!j&G zL=Q&`7OL$l+5=oc@BWorR0z2ZJj~`U{swI!7z+d;N&PF1s0jd8ii;mV8vef7KxuLf zr0#h#d-6ma4eyscjaDiZ>l9HD0E24y{ zWU7|>q?6OxsXvK^_lK=tn49~80a8Uw6st+7k1`VhBcK{VGhIyj8qD7|wX1LLK6Cwg zSZCgTN~hLc20W%Ns+G?MS;Q~%r=G%?vjEs6Vfc^KXekqtr=2lbe^0x%icxUfz~6~8 z0>T!@-Hl5^M*j7ylM0$B!14*j2?0%{QjNhZ0(LLcO4ff)?gVALSnj7`Hi zAk=e%a`i(`6k0aL4byE|!*6fR+1pavoF4#zMu6gkIk)FHZ;62Y{8GEr=cXWzc>~;s zK=&EHx0?>7MWA%u?gIr-7LXc^Nr@*PKgSH0AT7%)xmRkP`DiY~{?433*X!sbw2J`Q z;z+I9z5Rny;NwT$C4B}!aD^&IGw!eZ<{rPQ`_!RWt!4`Vq&Y>U6V?u_!f3cY*xap9 z=DPBcNZoHDaS4qMzY7aH+VMFF*}R4-J(8c{Iv`oX<_y}d%K*F4P~G5zlZ_Ivz{;&Z z{5$CbkYFM<&*eSemyb-wJua^KAeX}Y^ILCfZs#|Odppb^_JT#_t{4rkRq;u27%Gkx zc)?A4XSbTVhUril7#Qh~AzN8?GAP8QKl0-=I~Rw>6@@e28X3Sl#_h4>+0@hwdpP_a zieIJX&4mGm7U);cwnPZjA1>hwI{tp}-=+K-H4HA=&_QBHsN|ssN+ls)v;lWVrPLn( z`n79(K6AB|`2w^q4jOfgw(R)UF3J2$-5ze%^M7|6OV{3BJsDsTSZ+0L75G~5dQhdc zbM>K1n1dDv_A!4ePyNo*GYD=Ebva^{qj!m5MGfklqYeN|^LX8ht^p6_wQ-Awt=OUq zXRsWfxjZuc`&1gR=D(={uFexq%!aLY8w75mcca%+?*IOK(4yA^E}^wro)WD562E8A zxn|DM0jIE6y(cJz-?oOju#;2XB_3nV-$>s5I)CE^SCfKpvQ5j)P3={-?Eh-C7nsw9JbaY= zCOpB;hywHtvfw`3_0LSEho3$Yon}sjV1zOMCLk-%^QxKj2PrNi8r~pa5X&A3W$u#1 z96%Dv?bG8d>FWA>+u+Q2$kB%Z`e)#TRBHp$9{}g3$|m&XAZgm{s{58BTxc_&zV>A! z12v5)$$OB5NRBrjo;<^@D&NKEzSwHj2$M8r5edIfPrr*=SN29fCB(n&LkQ@JaJ&vwkwf5COvjurX1|Pr53>I%_VY=&ieH_}PjddqDe)Y?VGJz!jT%6BZYkA5L^9 z?QB1L1(RG-KiFtCXT^JOgp@q(w%6e$J?bZHQsr#V(tpm+8>t7Zy+Ul?;*vI;oBOeZ z?M5w;-6S`mATR(|bD57ks|CX$XQ|mQ-{z6KWxG|muQaatj>JI16>>AHY&(!X_Mm4{4>oom^(SwSXuKcTKtp9iJv*0y=x;h0cWzOoq~+%AJyhX!0O~D6^7; z$smXwS}4YOxS_jzdslx`5NcE*mFRLtrz)VXR5Bb-n`o$#RcL@14Xd?vjLMGvN9!@C z#;u2eVaz`AV>D&gkMtpD3w$T7>I>vaKbF4S+$~soM7(vh17IKv0DkB)kA^=*DswLODs$50Z#> zxSK1(a>EU8WbaN!L0Wy_Sm_43yhvd$e!wtY6CG&TZ&sNAK@}jyL=(vTRVBkDSVl$+ zNn`h>Vs8*T&HpsZ(=NWR!lEJ{$CZut;MXd2^km#UlcYGI zt;loI@_JR4Q7mfi%3(j-t&%hU+WO`YGsBgVP8MoPAhBd|vst_9S+e19s1E@2}nk?A94n8u|@HWNhQ}Ijd=>%tr!jBCkI& zUVp2sL(}$LZPnlf$j`b>t7!q!|BHscFDJ_gXL}}K&a=emjmss&9=!0UOb|(?Wq_2( z_-*_+SEu&7uNldKU>0Q%eWO%7-NC!{%o?2b)=iQXeOoU)xl*t7{q6jQ#xL1Pm85wd zRiNay9f&*-s&mZ({=A55o+ z;^&p`wUm_%L%Sa4A3nD}a*mNL^na|_Lm74UR!R)IdTMG)+;>|*;LPw}Wots1+;$M8 zgSh0@-x;Vg97vY_6D{2Ps=ExZRK@F0W|6#1IS;E<`^9B^L6lGyalC=! zVP=r?_CSeKCJDW)yz5cY8oTCa5;EhsFX{`aE!wx-JUlE$X20{>Z&Y*~y50|qWQSSx z-waIF6Q(TtB;K9+LIq&4_sV+r=JGW+!zgn!(%!7??P%a!{Yu?1ko%(v9FDgXLE?j; z{ql2bdcdnqIyq?Ap=;hjmx%CYM!@9w5Y=SU{sCH;rvGD_bh7oc5SExav)#j#?XMv5h=8II=+3e9HpdFB4C~D?zmt{5L;yQ9IX(1x8Y-6 zcYS=E#fvv}Z__ZeMTUOwCwv}juaEl~$mbUY zlJsur8S1@_4ax&UyG2XMy-nqiqJG-Jp#I3WFg5sK8dXZ-um$>MUX|Bgnb+24eFNj> z?B~?$$+LssPc8=KUg(b`;Y3f)mo99M4wzbSH3TcioGAj>yjd~kmc(#>dvAH~LN*ho zX|0sHt2`5^QJ;x0cDGmg@~^gU;k{bKD3#~Y9;}Mwp79!_8mD9xv<$?fke2bibM$71 zsx)&nwtj+;EF&zA{5EG)hhRl=VOac`t?71Zjn1{)u872;0Y(~;q@zbSd@qCOo+STg z{-R$_bh}JA%$v>WgJ$Lul8U6TFJD;2BanT%%ekJ_>D<`Z9#k%0=Xn$AQCfX^EuY zf&*lO(nM5}1S|7q-ch%fG~>-gWO{col13ZheX{bnP5f&{TX}{P4MKASG^X=S8wk$K z_I9eZj2N|VKmLEHd&{sY*S1?&T2w+25R@QP&%ch6{Nen1O-t9N$IXhcb6bY zcQ?|VlbFQ5?zKec+TZu==h^#s-(w$p{a8PcIp;NR?)!{!j&lr2$)ecs$1812ml>HG zDtmf*GVK@;**R5rf>^=wr2v}-$qEfk>d@`Fyy)54H-euW6oRrUYUXdt3y%-dNEC0( zE9R&)=aGb7OuEc=Bzoj~h2klE{7S~$qSI#^J9@j4z0Z!iBQe@ba1*<3a%R7!zNWcTkwYLy=VN5+|m?T&%hs^8kAA}=~2vtABfLe z)lDVzF>1c!kVaWdqyhsyA2gOfVknBvdk64uo51kVOE}t;^y8lrhz|~+v*De@bC*)6 z{Ury=6`N_jlG;eG{SgCtWGC0Y-yJtV-4ek|$!*FFkWFZYftcx=PX7_4y2c*3KdHc9W;}fUL9#RyxWZc0$R` z`Xv?^)Ie*JN2f8SNk~qcqm4b8W-MZmoRma&D)M%u$RNA0j|q4YC==52B!Dfm{^g>Z zA)I!m71hJ0mX^M@tG>N8kEmdC+I~Q`StCoOK&Gw^FP+bocaMTgOgyY@phrg&W|@46 zj#ySmA%n{hw*8E<6?G?pr!T;xsz5E)_xx|kCv~Y*&HXW$#HV(2m+cTUS?arGP2NaM zb$V}TJFDgAXd6(@%Po*oc~EKleXZZ;_6ZaHHrn3GxVolukz$#%%ihc0_Z+S>oERaO z`s`?=>2n1v6!K98yYIZSIXTL)74dO)3%rw<&|hq0g@J)#*qC|0ip8}srIJ;N;Y`@8 z9DXB>N`{fiWZv1yMJnbod`<(Emque?z@*|j2-i-`p9X$`H}0dCN`dNNBB$c38=0M9 zIf_9-d%L^?X|<(K?p`0T3aFZB8Wc_z3+>7M{~c@P5O}dp%#|U^i>9f=5HhsOghDe18E6KN%X$MhxDrh%8kEXsIP#=@#)l6sAAlZr3N>5LRGZN_Ph>7_+ zXQfNbhlGaeRyj3~j<%kfraT6F+#iIltm$R#6c6fTBHZReP9xRbS<&G|^;u!Cw!KpB{QoN!Rz1lH^49-Nu6P(S#3W{|EnJQc-DuzC&&LU4gm03c0_O^ zH-Fo|V%qHXCevTa8GrxJ!-*FE8c=>@*$9M`A9H1p&WdjiEj@|-dxf5Ka8}xXuh5eU z`p?vVuh0_(W)e~VfqW3%)K!!_Po9XDSsudpJdVTP-U2H@6+hwWFY2%eiAF?$e^+>@ zRc58t!sp_KRr%I=$y*u7Qj}9yQ6CXg1_sF$y69y}+)o4L7<}Dd>7=~qx>|YgfY~P* zOEF)dIhD-F8>O&1i0H3WeqQxtS{*3Erh)rVyWg+3Xr%_`5=msMFH*k!aVB$fbKZzy zafKU8K1t*@;UhH>V95Hy^QZ{g0|bHbM<+whv$x`{3^lPGv1g)?nB$sCKM?mfHF6qU zb8+22q5V!F`l5oRJ!G=8^DYOz-yeaa%?D5bp4Z}b{&7RFBO-}s`l<^2by7-A4IkPO zyem1Dz~=txS33FosR~9cv|9G1U|s1xqt?`hroe>81c%FfCK-O){rbu@f2NahY!1s+ zFF+elZ1h`R&P&1B>qrVGk zYqrC^MjR8r;bhmUij|K!0}wDD(;uY&@b~@aE_|^R2$@7tWaTBkH<$@lcC=U(aXPg2 zfALT=Pm0xSTo#N!2<2f(#cMuALb%)M=J9XoR0?yieRj(TqUlU?KE#Kxz*eQ~f|bat z?|uDwGV#J(Q^fpv66~lu3sauj1m`dxy|@!s>g?>&m&Q-l{*{c1!pzL?#)u|}{xW5j zb#U93mv;#!W4W@h&7>9nj-s`=cgVXv_3t5_6C0fK<*h1-yWThllJ1N8>ZNYg&P5=q z6Th=rO8ZGuEeFE?8lOy4gkj;ZqwaKgj5=YFemW|uZ@Nuuic0yaI47TgOKx8TY}Q0l zvOI0mmAmNm4oh-!3auLoFX8^aG#)+xJG<+i3-9(^?i@i$(2QMIxpk7hJ=>fGH&I;_ zH=3>c^dcAsTM;NHbHna-zx?z3b>f4hy``5*#mwCAs#_;R{oRrL+u-2fsbNg?V?5bN zB^8y3y|}`Xli{t7l_$r375&#{E(i@6x=(EFr@>jBeUb6RJr^>HG4ZJ%-9JYPb-ZKTY+pFmuaA`_I>=BMF2?aJtsMN$ z7h??nRbg<1tVCK=$u*C+hTGzOW6eR73oy;A%xoVJRR0qM({`Uz*{nBRb{pC#G8)`9 zKg{>#wUmIGtGQ<_X<~DimYTFaXUXYPw13?WJwDzZ*6BPpm)i37PgnRzU2d@x3UP6O z{qS;g#~PDCi!qRY*jYN!j_v2^O#u>ZbS$Phq|BL-r#C6oRBLzViluk+J>O#IWDFR~ zn{PgcBygyuqZ5gR@CJWXqTCa(@ajW&Qh(<)$O~j{f5&RA(dv8^ekvcjIuPT1^S1VN zcB8-}FJb**?=KOjr>HoKqtC-!rTXFzv|%seqimiOi(aj-FVdUj59cgDJr$f?n=|pl zj8d5X_HK4(fH?Jsg$k^BM5D!5l zEVo-r@~Ce#+?q-$3w9@!6vkzSin{c<@$A;(m5 ztyt&@xzPyUpj%aZj$)P)Q1DU!t^M-R8!W`Ld>1h7)KM1+y^O86pG%`wTwpQfcKs{a zp@$=PzhJ6Vtip>Iak_23Jw`u;jgHzd49D}+t2rH1Jg9s#GHuoqc~8BM_SUl*s#P+s zK0i9K(9Zll3$f&@r9u;!J=XUlW0oLDZR-K`=16O*lb7M4uT8nbN~jAKYnr^M$>>$1 z$vpd!k`tByY$1pD{H#Dnoi+IC-8);P=q?Xrc65q03rq+o zbvu;P2AlkwcVD)N_^?YcK1}|?472Ft_)I>|p*sDlcvxw8$Y@UmhR$H zAAIHPPK>#kdFmN6m{g)E7r-3&t!d)xLXRVD^1or_2f06`l6z5`n}! zm_s|AFP-y?JZ$TcS${mHYc!u>8^CTO=l0E^W2@`oyHW-y|MrvlMHig^S_)dm4K z*>g#WJjs;$;N~yHq)RtCE^~NJBwbI33U1zB5eRBfHV+ofiy_pavF`@fWr|c<5^?l183E)jVF;DZgV%*i%kY9QfoI5pA3?hXad8y#dNCm6dN-a zevdR}gWXjze4?Id^CIN}dl<+Ca-CdjNWDAdWsox-#L1kW3rY#npuM(V4o@9NdhHvK zZ@yqK!I09;R5~={;NB@jYTG>?fF;&^ccI@iSP0&SM1#}yVr-FSCIJ{Ar4eybSwGF~bjuKjiNIU)|6D7lRG{ z7xBTcuvc61=As7{d6%!k%APGyEu8mRfZjpjtJSzQUtC=E!5 zYQm5bz;5TqvmUs*X2$Cij`FDBBtr$du%(O#Pm|VVGL_TNNgwB#MqxeUk-W7w2Ck``(Ke&4}d&tH=A^wS!K$ zz>Igz_r}$1ke??hu)fRuzUAEROj)ALjO?vkqIfFwrGPqJ+TJVFZ^|XYmZb*P$(7Zzol9$D8b+C%l_Y2ay^VWCqok6L6R&}&4bcId-n@<|iXM0v zL1z~;=3Dekc<|9$Nbs)s5z9UWTc&9|S<$O**&@?nd47Hm+pjk`9lv7YIPuF^rRuLA zQ#n@ZFmm#(4m$y>B%e>d0{|sIon_h#qPg4_Q}WWq@!eHQt}=qIU*14!BL60CFArp! zPHwsFWYI!FWd7l?$h;k6!loucs;b<_WzcMkqo8~bHa}LSzo#bi#LdlQ=z5~v8N#ML zyhH$M$+X|+(@tNwa6w*FfL|UlP&1r@P4)T0Yaw2Vs;_H#jwT>uI2pW!;Qr5G!77gn<15f2(!J=Z$Orw<6ZuvG)z_Ux>zh9lryYhZN@ z%U(h7TjN&PJ$%aDiQ5-1v0M+i)AR8!UD$6kW*i&YVokb=ujrpIM(sdW||KPC8zyh^Uy6oXnGwPwu?bQUS zXj~a<`9j%bco26CF{<6Q8$kIm0+6DCrt!D|W6kd;(Lba%eCM@T=!0SIe%j{5EBJ2m zy=iIp!2n~@BJAte8^gRB8X9(Et|i(V@QR1CaFg!t?i%_txXZe|rR$%jl&|(V`Zam? zO?)dDk`{@36BIPzJu((ZL6f{146dgmt&r^+xfDSV&I|kOixh-6HvyuFHyOo<6g{T^ zoAIK5m9;z)ThhZD050|i^HIpij6aklR+AHFkdg$KGoX0Zvo3r>`k6goDSp#tAR|Pg zX--W;qB3mG%d7QaGynMI0CzXI#Fnfo5JK9z!yk|IK9u;Wpj(o78cTl!#4+Dj@q?Kq-*5P7X=a| z+lQgwoMhzXa%)0SyR+tii zQ91WyyBCVS2Y-2}N<_wH|C0FIBiN=KM$t)_I#`(q)NPN+fffkdVryt;CDK$dtsz4N z>&DC; znC{hBA`VX$PJ4Rz_T`bnL*j);n`#7@DlA5nPIhb@94g@SibaF1Msv$J<`?)kMw{h&sg}@=C&AA z(x+P?LZ!wva@0END=7L)P+7j7zB&>a9gw{6yLTXWf=DHao+)WggSP7x#Vi-(pVrlO zkY}pbh{n2(wGYo9wPSj$18M0L>}$#5go9=XTsoKXLX~{uBA(R={tcV6NW&_H_VD=J zf(uTrqdECGAzhy~++=;PH%Gf~?gWPTRyxR$wD%-i>azFR@wO=d&(0|2x9jSohRxf| zBL=#3DlBeFKdGg9D{PEl`+6?X_(6A_6ir5}#n;dx*!k-_)Mh(Ep7-h=#|_el^a2W2 z|IZV+RPIpqPbGq>7a;F58`P%)18w7%$tFd4`aycuZiWJq4_ciqX` zcqPB-kMSr{$1br^LN-h)D|$GOcOo+D{7J1%BnHIqCxBJN{xXOSH(i2A2t!$#>N;Ou~F>~EpjZ(QNGY=QC^VLa1CV6wh$A?_S-R%)su;pH} zG!55upPm#+?P9YaG6~E=Lu1U~ppf1N??y@uB2OnOA{)cEfuU=r7@-)aj&56k#$dLl zQpP+ExeHzbrkiM-Q>WVxUQP03skzjM6zL>J7mq&!KsJc{ZQu3P_CsJ8_SO9(-_M^d zaPwMyS6f5xQa#b3I^57>pA!-k3=hXK(~IRjT7f$rckf5)Qa3a;E%^ItBWo^f-3eGk z6R1p+MV`E2gNfP~K86SFNUS7E9)Koo#fycXUt@rQ-FpGbd(^62rt?|?1Y?f_0D(1l z)9D~(n*ctLfv|VK^*lg|!ZXj^FI=U71tX<7K2(T=+jUvI04b{b;DHZuPLriZivIuN zfPfNvi^qnA=fQn~KbV{c`rWBmZn?_B??A$)Qsf2l7yZANMgG$y7jPe~VXk%hX#dl& zSm3=66In`f>Bq-2UY2X-GqbesyoJ-cx zOV%Q3z{n<@DP7KB9mqjPvX=N(9lvEU9)nHE-R`*HcIHtJanE-UkN`fpgQpYM%ie4mXRQ(9p)eo~iE{oXGkP1kP)$W~!=RC{Q;Wutf`D&%xTmOC(t z5lhCsGm%zilUEjZ)7Jh zaHZzvepJabtU7W&%)^ZEIGvOX$Q^aG-AHpq6S}Y0Va#E@n0D#<=HN%cnEuS+o&J^j z4&M(SEZ~URU}npjGR2K6kEWtAX!i)k>{ zU?61<3|b?Y(*YCiEDPG(mwnd*N&r37CJq`t`TJ)P1aurVXCFYy$<&K|l!W3b%po4T zjaY!D%F)}Vc=%1y=$t3hO=TaMtVV`ZKhr8~hjHn770jOsTE1E^B5fLFFm6_QF zr%Cx-$>O4Zfmd_uVS5M9P?$@=kyH+^obKwjF^Sv!SI+2fYA0{cr>rE{+%^C5Nt#Hx;dBHSL)XXSci zFwyCl=r}j&V!P&sKvczSz<(ablwv@p($G%k(l=??o2{^0pFR>Z7&Y$m(rLfng((z7 z+|+N*@8@uy{R)$(%it=r;;5NivfoE>{$2IY@Iyi2&8#Hj)JRhA?RYxX@}#Fa5;?K+ z47Ql^w1G5AJ1pwVHs4-AH8e)-=HQW^>TZiT!+lVxCM0SXYA@u#UY;_mSJ|r9tPiKI z4j1Sz{Oq4k2OJ5Gte^98Dlz&x;RJeNJer! zJ3QHGte=bj;q|D?toEYIP?e|JMsbyPqa@fiGBfO+A*7SZ1T6Pvs?iPa&$n_Ok*NaP zIZB(2k&bu^vIR%!MU6tdU-uh%6}0){<3n!}+yNSW=0 zK{2D4gU4wUK=OurU*dMw%c2f!(j~^E-uyYE>s|SILjKV+V{7UauM0+sOby{=cPR)k zSNXCRfMcYxRg??pk0m{iTvD!TQbNP{03$l85<34EWNgQ(;z2=0J>w|gczqc7<-*}m=Q5GUD&#YOoWzrF*P z7$hB;7T4TCHdKxFeg)9g=+t4Qo~MqA9_{m9-sbxFI5bD}Oir=#S`1^RZX(<730F4EAdMyJUl!S`?JJVac(_r+)ZW4=ePc`X+bT)WQY1ZJ8BrD*(7Z|%$Beg0h=pJqZUHP}I^8FC1sj;ZlS+9QPy6@fJS3Om$$ zd;Np;Kq^a8{bEHL)E*$*b&vFFZj-VnU$tW8oqkww{T|!V@ zs*WC!7Q^eKgZh0__Kv0pugi@?IifG}BuhKmb`!f`axT!n3KidaHl=})(ixRVuavzU zp)5O?ElKe3WuXLnzFt2t&W)a2lTD^-Rb)pQeDBqlejLmw%tH92ZXY09Qf@Y6lRR-t zRWUIq=i@gIr@w4uQi+6wg~`iQ^_qjY?`Q9P zSANWS&(Q;55yN^$S~XhxB||ln29um8M2H(azgu8DSxSC%A1v%=%1A+z(%cSo`r{@; zNcb&~dj;LIDcUsh?&ZZXK$y3%yIK4j!~^eAYXVy8QNDwJL_0e`gdYQc=YM=kBmgp4 z@R7Ge-D}4|9JVWYeHp3hy9ju1K)S&TdENA19q||NVA4MIk8?H2iCB%#@MYEzZ1vw&zkAN zEWbZJvgzcR+wV+_WKBGexPoeBK*E#akXjse`8BZ(eAOWu7$jledKW_%z*m9V?sy#) z+7Q@G#~*erI;(vROriz9Yq-|!PDYQI9hvSKhFm8g%L3bpuw3j)tTvvzjS@Y0jE(ec zYz^Zjc(>RR0vO}zc2q2qMZV0)Fuk+-mAm=wKnhYxq(A&Ju}MlMPf0`GceWZ}jzx@VH+h#PBc8hY9O03scRIRJGUVL*kmS_Wc0iP- zT=FhOk~IFvZ`2@vNgDtFy_1erIiP>PFAN-w@(iPw%rvB4P9R26s#IolTzH*gBA8%S z;*&hCTrc;QE7R|Eaz8)&wDD2s@b9POo+VV|**eJXXRr0y)tc*>LoG7|A$*Qheygrq z9RH_8tZ;N2Q0mW6Wb(|*JDqu8o9-bBME474w$n6xn4&X4WrV_)sZ4MG=6$;x8a~fgS z=Tp__#utn0>h?_0yw*m~4r)+E<-M`=jUcGkwL-RZu@^M|d=X2qz zKaW&5oPU+(^1S~>?+YHJz~c`V$!GFv1my9NB1)4m*nB@wyKIOQrfan!Fn5*VD&aXm z213i!)>TSAE}p@+5lC@*a|i@3a)h|RKm323K?&{OSrkWoel*bTbHPEBYC63p!;ciE z$SFXI_-XYp4g2386RIAj<@6{h`2Ts-`+qg)eJ%fQHt47gz-{9?IeGjuX+m?)C|-(` zBvF@O4ja0Cv#rBvph|KCuZZo-v`}AQ>a9NE@7K&pD>RThTQB5gP)q0 z#KVTjB?K*DtV-VuuV?+LT0GDnLM{+bw^I~z#^bsQ78K%*X~DK1KVV;gZ4*KTI!zV8 z>QW#jxRn2 z!9uT9C(+ZnEJht+HqVpGuV1T_8yA6xN3_gp&YYtWaDK;XhIejpILoI>y-S-{Rj{GH zC!aB3D&IWAKwprqSL1Pa7gS#9&f!XsvTDD}0*+u)L#cm>NjRt5htIKW>0o>~cFq2p zHG@QwUx7=iV|yd%)2YkA=9vx@>OCoD zUZ2PO@eYyMq}-XYLjI8n5NP-%u_*-XMUDGZ#?wx=^?jW_>38cAu`!+O!A1{%s@wGr zH0HoK4pDN0(YyrBHs_wk`p>G$!29MyFC|I;hJgVt99@GykM0NRqK7X_B}`OVEjmU4 z;JR=PzQo#h5{YvO>_{mN_fTE8n1eYxJMVtmkv7Vu-KjSv>npS&_PfcN-ZMQ1 z2S4#`N~wS6*V|P9nw9c=|49ZwG1&P2&AfpJnT@;%+-~6%2AA#q9C-jcP)lTYJCUg_ zjfPvv4|r*g#+q$dZ7EZ<{4OPCAkB*I>K)+-E|6VtZcL9QbN`JbD8tuu1X|$ zIf}*9>+^&F8s=d{To{dWeQ0wsC1-bLzQ^8a`lRR_qXNFB;HxI-==G;5in`Lu!JZw; zlCr*zVAN+&*d}CrsY!bivOJ)15#o=+_0N%y z2c!*bTRuH3+xE!5-XvPaV6L(pm{L|8NObo(=v2~W5wxlU4;?=G!;LwCK>hysnK4yn8{GyBYn!rq41}5)X?#w=hjnCVzxyr+16xueDZ{rPIXcF3xUgA|jog`kf5?U&Sl_~6BX$r>61slxBu4`c}$Pz95Ra4jGq7`14i94EK$PJ4>< zj{agG@1)JLGa&tp94xb;s7Iz8O(k~rZ^XIc9zJ7MNJ>LViN~{kp0X4T$VIi6|xTUkxr3Dmqek804K;Gzl z5?SR3r4aw4x^WebwNVQBEHR8;Z`}-&73%eIwG(Q%*}C5!e1$v!f+Ikepi*V)`K&WW z>0N#@*u2HuaY_6J#(*O$gx1u%nMmlZe1Yj@m$AeGUt)UL?YoV%$Ch4>EPOc;8oal{es68=)FvfCN%0;h(6Z-Dfph~H9Pk-5Tt=CU^Wo*W3MqA zD{RLm#EV~!Lj6_8UQ37i0eCcT55V{P0NBQ@{J4hEXcN>%r1)$qPrAF8yR$qES@jb) zQZSazjxZxQ_mp+Q?1Jg#WY1!rs7gw@e?9s6OufQYJ*QH>fh5@F$buCjk^pJ-a-B%B z0QR}6Q57_VOUgv-p28lCu>IAejDhUQOlTB3pIHXsSgxaXz_&J80oa`>jE>!gZ@~xR z?>0$XFi3<*C`LI%y)|v)KV!x@Ip&y*)TBumla$_HS?U9&$DVyn6(Ij-Xwyg=gkjTw zIpbQGdPgx>!;Gk%TJ!oUpDxSOll=0-?qn;PS@D{59-^*+wl{=bj{2nX%{!1npHJw1 zh>ZSn=@yR^h6Kgr$%QCZ#DB(0v9Tk}el8VCl~W!bYGPumsNfQB+t)bIe9=WJa|DC&=Blwr zw0bEwNWgZn35f|IbVaeBDex2lPPTp_Z|H&gHmE_AZFRyPmqDZKL29`Pot?Jld>M_T zoD&^}$9kAEeM|TR?r%c*)vbz|O}m?~T;p6m)Vo}PyDuJc(C)XnOh4UKNRbU)nk zhv#)#+>>11sd#>tHj!-t%oqml7hD0;7ciVYRKI;ZwS{W8%-P*d%^wkV(s^Nh*K*IF z)8r@Xc}|+*{|j63q(|_QaDU<5@U$*9Qif0WlX1E!d|8N*87cHX^_T;imp=x%a-&X7%R@O_|3EEfJh6;a(l&OTG#L>iZ%pwB>~U6h7@ zD3Tt;LYKWhwc|7g(=2FqtJ0{SnJHW zbzyYB%yJHf>g^A>_j@6Ld9z<#v&NZ5m@&`{*bNg|ssOZ~ST}LreBe<4=BpFml3}U{ zoMe$0HSy4_f$6(VKz&phxaSHnR-eg0At)=NA7UyDpB@1CPa*$6Jf{DJ;dur1SJCH1 z_6E3U@W<;;{c0ZToF~)3@Dc`h#Lx?<{)P6%0ya8?v4b&X1dn#H;UFv?h-sXIf2$W< z4qI&K05Jw=o?4t9K=58lW&ooeq3u?nZsfGA!$WiuOoQf4iYw^d{ za!+0eNVT%ScU2HjlK>~r&4wl zdmGs+O+BL5U<@C@WAz!e=2UI6GbWXT+Wym}h#B-Rpjfef`>lA5vuLmlefKo&BVyY> zl1-8jXvISCW?_0~YV7`CQl3Z0t6Ud8#?(w|zvVGm@17hY)@kiLY!U~B3G_Qo)fWiF zR*iscd-*N$_$y1jOSSQLTTFFtTYe?^^p2N7DG0Nu$fe12jN&&W6 zvordlx4=ml%BayJMWx@fl>9r^9e1X?FAcpi$kDSG@FJj&V9NaIg|13}^9HajV3>T< z+?LtvxPXX@*Y4|9>wF^`#53Y+^@}TuFA|KpPe5rsZ7I-3ae~cmcbmFeV|x1P6G;_o zTi*@D-sV^3f`z896$p^}yPuq3`F&bqeN|ep7Hy{r^hK=M8y{%;mbsodN`U!!)u4a@&fv9RhG; zl1AdR#0nQNdgem7xJp1sxOQuW&TJu@`-!fySQ|h*-3!J;ZQx^vU*onW8$daJ9Lk|q zV{tcyzZWjWt&U*B3a%^$3QQ#1`V1z&Um<-; zJwH;kvJNlpFxxN5=@@rx8e5+?p2}%@_6mr}N@-SEvvW1VSrMdW1)dD4uM3opu3gO! z3`pm=q+e}}QE)i-DW6&aNy4ffTbuB@$VZyEN?S_4hOx?)Z#E|ULDyk3>F~T>NK)R@ zkvVz+R|Va=_bvORepUGG+yb0#nQl7Ol%&;dnB;s#G_(F_`3I{^Bg{CXRF11BSc?fai$(KQp6r|i6sC||BPrYjz;NO@REj)yXM#Y;V( z$^6F+z@J*+qSuZM%M9k&T#%jnfJ*Ef0` zrWB>Tfh}Y8q7+4=-0~sne;R9YZAe?kKaWZQS)Q;CnoS*3rFbCaMlN7K)!bPuWE zxCU0F@6>5(ks`VI)p`Pn2QD^oF{C1d^1tB?|8Db*-_|^4LI$^M?f`JOSCjoXyUFp5 zd#RDpkozCR-~#Fv*r)bU(zt|F2vEKTHO{qxy(DI&Z`+UozL|ytEpj2?1?a*eF9(AL zkSYQE98mYz&m|)l0@p&pYhSBNtNhk=1CAw?5U)5S?AxD9k1z5Pyw=Nx+W>jfbBiwE z)n7An!@-nvqK6vsKWW}7vu zdjWvp-JfHEjs-#?lWX;O{!&w`!#lv@IemG+^*NwU3eaF*sT;_6Eo1-b*%dOepcl3CXcwm^pf??U4_}Q)FO*s7D(I5M3osrwVCYd zt}$n7wqC*fyY&YY45(KH!}vWfH=Z?Ka}lJOp}Mzvg&X678_*~-9#{%^vCjkObA=~i z<0<6vbOF3M$Fj+R8Kw&zn&x4Mv4VGn#@|WXPc7nkPD&%6z7a{qxmm&yzXS{>bv)(W z)3sZIX?F!<>yDE2h<`DkVQP7wfIG@;b}K}7-T}2?sce$Sm$b9jT$zodu7&nXbT;c< zvdxn2H#jUS%dL%*0SOrz4iG$;uzr@iCf%#o*6lscnKtQuwF6NPySwn4uAuc7d(Wpd zVcw+Na5vW#@@rv6q}8IwlxPe zIxg1)A+Y-{Nb4Y%9R_@Cg*s^jR)s(0nQWM;<#TERqD?qNgu-=(TmT2>KM1V=~@55V$D-&YGch5cw&V7ASgKe;x= z&9ob(Qlg&*6y8>T#%$1Xa5Q4$WVC(qdT2JdUd7?M9n2C=`C1PHa0}O0d5z%CG@HAp znK>1>ppea+&#Fk9KB{K2gOEk#iP--Oh4|} z9J8kj$H#l-=xQj>L<98!dT%*oo^I^yY-E`eouY@*lfF36HKd+{>;EHlBr#p*EH5*2;TZA)y1~ztg!hmv;E6} zve6g?nl>wZZr;T=p-g_V#b*;Pyl>tR=L2?M;C<{D zp})R87z|iAMHd%S06DVTu|WPu2aABPV1{vcV18?cv3@BiYr)i>ZMr`6HJZSnl*ukM z&h6FM;9Riif4!emldcx7w6|u*y9`FXeFzE{!mj);*%}quI=XRYSi1mo+<3{VYFeDB z+_ps(0-y&PXNawSxs9*)eG1KGo@w-CiZ)|$z;Bw3W$;%UH5)69Ptj$Wy-C2KW;6T- zl@R3)oY&ubXPA(3HIV8iu59YIRZK`;XX^viya8py!SP)`3Rkr$=W5*}A%uGhUaIBq z3y5DT3C%~nntS`>O&AN>8e7Ms^ci=ij>r)O<8^=69~(FSo-{8wt-5Ht*=`(9;@L*J z412#c`H|bHIusV|lFRy5-OlqY?bFbnk2+Rr+}SCiQ|wU9nM_&UzLiTcp5iFy5S&n3 zHt>XCw5e~XN@B^>#v3$i4yv)IYQA5S=rYTH{3aIa=`iC--2h^8_6y3)X=Lk{fBdr&_%3dO{>U;}B5%N#5wNW@ zc!YEWH$gBLQQBoA`U7`(2mtDm$Q$CQc_gkWQ1bdOf5U6W?l%aTl-EX>`V+p>TOSML zULx953Lg|3E9f8Di-eXbu3OGWZO^sav~Kn4bpSiaY0%LtM%zuipyTD;hyVY~71sD& z*erJ&HkNneT2i9C@8%lqYdlmgR#E3DvW@NPw;L%oojLWxJHJ-7KOxoP|L@2e33Z6Z z=FaFhVliBSs~=_B+2LHdm8C&pJFrVqpirTR1K>UhU`Zm=Pd8^h*P`%HvrGzN2zg!j z&&vg1A0`WuR{~&;9-VrZ!ITyrK2)t164Z3o0G!UWv)V6)6NNF^nl-mIC*Q1FMRVIt zcm?X&Oif({%SM6#(YA$$*O;eU&i+VIn~wqv(uH7)9o^uHY7Nm!Cc9Iux%Noabh$$a z>W^S?@B)h-iOIV7DhUVT08nrG*;A4xd<(Uhq2^Q;UVe#wB@_5)A%?aD#Vcvs6-1;ghHuNOh+lOuOA)r#%%cZ_6}5`a5MXedEE+8aa;_5KCe6;xC4)Yh4dn+W z0WSe=@man&8ES+9=y2DMLhX~&&I$cy6g4?0owW|5nZ12qrFB23U|;sf|DLY6DCOW~dTyse|MEroh)GBBydNEe9j=`N4ut zu4J0+h29H{qxjmomx177+z8Hy{>)eYa{HzH{5N1B?dXbP(0iLU1f@cbiVVcV1RzR( z{n%WU;~tE~SqI{N4Dt>?41E-s7(rF59G|d1BT`(_EVtxEDr`f(JK>RT%d;l zo3Bxn!Cg!)p0_yf1ncce` z4zZ}V>FS=2MG~50^VP*?#|dFVe&Lzf(W*ut!n;Sxto&i}k08QS8R8jWE^O?4y7k*M z;+XmOq~IZ#6!esdbDH)rF**f|IW*Sc_N}b|hJV|3%okFw2R|MVw7>}F*?nRtte=WU z2+>9=v%J|@B!9|Z#|4W6%DhX_B^gG$L$n=?IN#f&T{$!GIr*;K)Y-U>oSnZ!`{e>q zKL^^`6Jh*OA|AIIVO!zV%#3ESZ0&Fvo1}yT4xXSfzwWWFdac_IZELZ}vzW*WPf8#r#)-v3oWG-~2owHF29&p< z@$%Ql4&`N5lWodJKg;iT>(19b!pP47>@B;B0WJes3PiVqprBy$=vY=s&Jd#Ubk+FN zUf8&Saq9xoyOB~ z1@es;D)UsMgIJ@ehTXNZ-5}1jpUPQD#lHe45R?8Z*S4H)JeQvBM2M^^WvVQ+SvQa$ zOd1K|M%b)X>z2tsBDb$r;(-6@ckLUXmyzcYr~dgFAEgY`@$b!@3%~u9TgM=t?L_4e zvXFxS#76B4i*5W}9ABg~Hv>t{X-CWKyb1tG_gWF?fn_vZNs-y8RS;da{bLnUW)2CJb}vbu4#1dGG8JRMrUqRR;pGn0^mW;b3l6 zqGZt^l~K3htk&u2a@)0XI;98N%QbR{eF|9{0zM#lXgp%~n<*f9^M7Ir%yop+%ONQD z{@hxdln?@T^{P@|rKFM{`G7RA^0L4jt*g5Y?Nbk!3?%>;b(nbS0BkZXYrZ`O_CYRX z<@oS%f0~Ase8?e}W|`&u3qbwtc;yQ4`TT;*&>k5W3d@lZaDml3 zi?=_*G%;Ynzjj0y^Wdh0k9~#^;Tos;50YB5;o|22Fz?C*gxa;L3s%_{&{_&jfbmHF zxC>-xMlZQ6uL8JS<#r}C3=9lagC}M{^16&syC?2+bR=&_Y3@giB)wvm)i=Rk8_VI_ zV)PB@p~P*OKcKa;VjF^{c!0)}_pPPT{eI}&Q=!17KY4gplAKonuywnFFm_gk^5fn8lzhT{qGR@DG{par`=EdjTq z!!2%1M>+NMk#t;X0@SQA6s=K)im?SCfNA?y0wzz}U+0C1Smu0HT5fCj6FoHWyQb~L z<*zJjU?IF&9_AEQ9KmjsEfz+XJqah12OPKl)Uy|QircMC%$v_uQS+?`ZlPqm?5G?!}jLiP4GzSg3l{>8E=VdSoj29!I z4R2`ahO76*aY#Z(<}=_gYTPHloTen_>Pp*xCoYnx?NG>;<=dmzmQ|YWpS#>}B)d?OvJ*>A}W5kBLS(T60p5fu0 zZZ!Tq+`bb15i9oW3NhkOL&qibSB|>N2}7bN^CbXa`ChrWlqXXDD0Ks<^vS5jz2A58 z1=J5xVA{L*h#lw8L(VsK3Qc>>nvgrRdmPZTw_=v*d|wF~cq5=`Zw;9+QpgWj1bx?s z^}ya&NLO}U6O5zJY;PeiAtn$2oXFy!Z&<)CUjH%DiT3{jrK?s?Q}==4`&O!I(?7b| zO=#a4FF5EMa*`SXNy^K`#efXyeel4d^%fsHEwV$97nG5Q2E+b{{D7?Y-|&Y2izGGi zf10Eo^6)_Ol|y@{6#zq;(Yg-%GLHbH5t3+`^VKmOhErBcAmCUEZdD1OXF8$u6}Q$I z;;~-p(V>!F&#+sm&H~)&)2^w_FWL};my|WlrRn5o_a+QfRgpZ0O><*gul}f|oC4FB z|Cq$~pQk~+S{*F)^ECM1o%%*d1VCvk|L!txx&#TM{^aTNa`W45*yy5xB7l9G33el4 ziej*Pw%EhuGSi9Ob z+$>QWKu;6Wcx$JD;Bd^Q$mZiXTs-WXAOF|N%1ZfSYthu37_pbSA-7VmhPs04BYNjsC;XZ#>y;@KV&yOQk;UoVV***eh$cw10v3f3&z?R1D=B6 z(TYs;Q#kV^3wj*5hfp*DIiV2X-X@Q4&j53d z!j0P7dR@j?y-3*`VCt!W9cP95fvl~p1L}VD@M|ph9HE6zk~A#8vqqB4|H0l{MpYFx z>cUb|0*V1hhm?eXpma$o9fG8^bax99(jnd5Al=<5(hbtxU3YF1-#GWY-}ufQ2XNl1)j;mM?~1X$og;S)k=ktTJ}dt@=SKJowC`3 z<63WZv{~0uXhqvD*3Avlb|_QH9GGCQ>OAdRkR^DY3-!9%vEZHSgk&s#RlywIch zf6gW9R32R8*&$Z;TZVBCixk>ijCEa1P2r>OLC;{ir7Kh9bFBcH$OXcG0wC!)i<`OC z*hcX3vU$pkFqJ_zNxWqU}D z)yI1j(bF4mr-rs>5|Vld`rL10WBTE;CV*Awm|fCed`|4y4HMl^n2;O>1`A5FMd8ho ztEWbvNikWmJ;A^nZ8m;m)*w`u{Yp_)glVJjz%lP^dVjrNjG4or>y~fK?B~vOFyZgd zxa-tRy}hz@5i`Ts1Y5zOVxO1??>hjrqUR-B1KEZRn&_I{k)sh71;c8yy^r^O5RqA} zw)#BlIONr|sw_7rl0v(uWn5EnrKh{zivUr(P+RniXW!j}mDb7VCtr)DqNWeZ%k*0D ze)D!)aG*frsm|!AO$nsiM7PI`P!X$ zc^|0sYg2rs!Y%;p0F|dw!+fO6bItcIYroh5t@x2XM0`u3e(u8Pb`CKUqT`T`5K7g} z7gzJJUc=pzk1LBbgArLRW9<9+Eg1FZty9F}dfr@WXyfY>n8JC2`UqxC4wf!#La6lRUD-wZ4bT#8m~Nc?T<; z1I$Ojk87djs9#s`D*LDJ5t4b}Yp}zC2A0I3S$K-L3ht1@^=Hc7R@p@%?;RFuvZ2 zy1&jf&0%DcCab79!ZPNewGo7Wmam6?=G^F{0vsjgv3$mp8>OxdmBlOmJ#&;xho(x? zN?V^hJugOSY;?v`y@H~O4?eFgvGml89~>QSTCdCM50BLDolL>1sd$(96`gf-;Z8bI z8**+MI&2Cty_SkfPdT{VhW@eCm(w1ECJ?YDdi3Xlnb7=Yd&^H&=)8wmiIyzdvE{(9`etbqg;07ss( zk44wozg#>(#@AZ#OZ2r>HeB35ZL=VP>|b@v+W`Pgq9I21|AD&%0k>g)cF_=y^xwRO zG68<)v`e+782`UA>h|x93`C*<<5qH&j)lrpyFNTU(NZ;4<%Xkd4vRQSH8?c*_(p>^ zODHM3duB%dUS53=WfXXmesM={)3K}K`%~q zfWXimBgLm;EoyhTIova8CzJEiCPg&nWogt1%OyxaeN7Qb0%a~yC2p$=iF`#iYqT#n z*Yp~s9Z~QeB!i(`cQ6tK$-nGd$bEat7g?|KWI@bAdTOL)$`Wv|G)Q&ge}`si$8v`MckYD$Sf$X)*M_%JDA^ECv!s5yel=Q-cKk5! z3T-BigakqNF6&`tX361HQnA$?JGXR6>EYhIjl7Q!35n3@&{xAG?fl1xnG(p=_=sTX z?t0B%_8#pYO+zY*?Nupvn{7D^*-R~2SNAM2FJ<)N+`|5f7OQ-ju2SlbN^*vV zN2l`GDmS_T)I*rrDzNXvi8y~${QczRjcJs&o1E6#6f#8 zXc7jY7^db#71_iv1v34~66_rLr}Zi#!1UlYSr5NYN6$mFu+~@XTH$d+qifmcP`9W_ zR!OYKY4)3@Mt3CNr+U#(WSG34l+I`_wi`>6@W)GdKhVD#9{6%B)xduK#E_B$f7XTe z>L3Xz9)Gr!y7GyJxY2pyn97E{%$>5gbf-rvspF^bit#a!#GRq<#ovG<-xfn2(Qw9G z-eHE;5^Fy8nj)8|Lg@HJ?Ul%fq@MWD;7LZ``#X&jeI;fpT?a8fhmg#)g-}pffm$dF=lrJ` znX#`~({*G-R~-X2KXU?|1C}A7Fq2>B}9~JPc>cJFdxrs#p+qHN>PU| zsWOGhr4+*|7^f=*+r6F0K2gt={9#2R7Cl@pCT2ERFM-aLed zFETpo>r@HQhFnZ8D9ClCrFa_*m8d|Ac46pZ=6>s)cpmBb618*^{K`Hn>Q{*{K9)vg z7_H?D78)B)MP@g}4u4rU4dmZnXmQWDMLnO9A z4dWKpt7r}!MgCy8e|Br_HI=guf7?A$^%LfI6yN5)S)?h&4t0W`VR=$-U=6PhS3a&d z#PJEF3=ljHpb%LaFek;LMnLxG%2}1k2j(PPl80FYU{PN03(ECmDPodIPD8XjtipqI z7h$I$D{77ThOZn=-tGf<N`m=%yMNkAwZ97+u}bWBi(y zP=m^V@BmMri0Hl&nZ2;8hiGYkt|2YBhCD1vn-`P&1Ng24625G0(gbg)I6JLu1PBbq zp6*J}A|fIhi;J0Sex4ZKEu4C{BT&*#L`(QeKxL{_Q1`PXDn(M&7J*bE|1Iov*7X(} zJa*gU>BfQ3q@cq6_+seJd&!@K)p#@@4W3b!2 zTUcyndRB;hUhHr=I9gE6arUO1?AL9+Cx{0Xg?#&KM9`I)2w2!6NT8|XP3gu+k^sxR z(1kb65)bY23g1cGwq&-C;K=ysnvO)TsjsXi5v?yi@`+M4iSh%Z>Q5_gXu2JKJ~)ss zGaf}_y4Zc|h`%CY?ZK7-#RlSAF~ zyeET8b?f(`f*nhi+<MWZ;o`zdyP^cJ2~FU3Vj}V9g^X z>Gut}7ti$({jIa0#9)2HuXhJz7X+HfPq>oTPgPg0odh{JTzz`3Xn)U_5}yBX7?I9d zulzJ9f<$h5Y6Q**T|Y@Ks4Q?kuf57(t{*u0TZAWEnCOa9Ki^nC4*WG7CP6m33HI^)umu z;&p~<2$+eye%0>fQwHe5xcRHxxVgXKhZ0pXYby8rBZe6tAP=(NpIdlL+M&%%T6GZZ zj-lM63Ay^*&Fw8avpH!e7~BH2F=p@S)6=uKK^lx$bGg@7r2{ijX@#Hi@&SX<85w7E ztubQd;kv+Zj{*K;enmx`l8q5>P<%Q&uu^y$`|-YogMQr7h1x*<9^Mh@2CczzPfVp? zSPx>%SSim~kxs1bnOG+0T>R&`G}Wejm(0spM?7_>+~1eEZVzb$1nd2s++r$SP1sjS zR|j+baF`1+w$5(jI$(=n4>uOCNsN^1;iKX*`_ZYOw375jV6uOO;r0$qGFV$gV0S`n z^^1EE%x|$h!+i^QK3!jK$$r75Sutm3PHm>P$ZgY;@T_rwhubYDAf&r8`hfB^Sg?^ReqrPD2cc7!AOAx1|?Ya8@&D08j`V=`>J8^IDA}# zgOg6=C7u~(ic6wu_bNHRidAfjW)9wbk*jot4GLadfE91npCO^l;_*X#COrgJ*0+OW zBII%e_>`}$vB|_@xZAv>-i@Wx0Jkav-DriwGy1GvQ?xA^Dt|y%*Ec^Zt(f)(y<9Ik zABfC^Gf`JLED@d#8Q9b5BB0+DkpmGo)z*LAt0s*>XufNMzSWsa0W>gVI6#j&_ebkxC6)_$C8Jk~><1pHh99)s+j) z)*jQBftsr$PTN(cB7;`Erluy{C5#MCM8{`F{Bz^@qzMZGBI2c%jO(1%u(Az#iRpT( zY(93!rA%RC1~yK=9%2%I=WaO9vrOW#q%HBT{fGV$moBGXHrCc8KrQiOuZK5T*}XrB zxOr^il>LSS-wejpyfxFN@MZ}w2o)l8I;y`VvsM^|HxOH`+~Mqbfm)InS91u0@4e3f48lD#Be6{lFcFzd%^uA zqwVPbkUK-E5NR_jUs?eU%4jfy_I1${u+DonYqmD;)h#*@x)mpU*R2kvHfO{-Lzf@6 z>FKWI^&~7oBufkPVBzT07K=W)bvds!b9?`e<9Gow@6Cf2+78j&;+fi4`|OHk)>v-} zwIq&o(zfVqA`1*+Ek@et(q+?FNYW41r|x)%c<6|or(N7RR_gO-73if&llln=;1vZ1^lD( zG>x|68=9#!y27D0FYK0?2*muK8BV!xX9c!}4f9P4WIYg(F-ENWcW5j8?rpbv7(3nI zz{W{BjpN~W{RI)5MN2&~QvUK_HSo6=Ee7OSEK!7Hq7CC_R7_cSf&&7Am&a15AKauK zbkVwK$!Uvae+-gg(1^_F?=;*R$$7hVKYi9;U~yol2r(CjKQxm{!ZxE5gd-O_s4hf$ zgHEuUbtn4E7jN>^)PVN%S1%(vQs|`W;*4ryoG%?JR9E-kV4h8e9qa7gsuH|7SnWfM zsjN&&dI%R>l5f9*W8E9=ZB&DK6ET<<{^&v>>J?OJFVU|-?X4>`6Ba?m!S0u>2hX+J zoWTmK4Ng-$jJ5%ywQ~fx7H?kXPC0*oVtCTrDJF8a!}kdyY#hpKsYv?(0TFDaD(tN?toO0_%0cDH!^pf21|ZQ!go69x|- zBToQFgEBx^m7bq~Nczc>+`&96S@R8MIg5MnE8B!pkv$nJ!n+)Na@MfAGI@!yFY>-} zCw`99eI%uDn3YewH(%*Afv2n+!X3NZxld*@%)?LPbAyg{8)GEn4obNb){e3GmbM^f zfR0$JSab^pvB$DF;q0rPYMV~cwlg$aX{{6aHqZCM?Lnw%Ze)l8pV9CWfv7_@Wg>yjK>ZREO9v+{8Pr{AgcCVoMv4gA( z49Q<12GL47$qYyrDCp`&4zxGFQayEepkwyc{SjB&*gLa@&QF(D(A#%^5B1ifP*JyT ze|=-QwUx@!aJV=wB2A3eV%6DO;95oe_QW)k&CANz_)Dw&rryb@{kJQJ0D}TS0Wp@- z-5Neg?_x7Stc8>}5$KO-E63WAQLhxf<2}`p&kS-_=P6Rh$#%A(YnV$8W2e1m1^o#; zhlNFfTl^98d;Pf-KImAvcdXtWaC1-51HB{0~7$Wcvixz|oHg#H!v40<=;LEy2 zXg70XTE$yZQlUtXEI8XQqpH>^ubz>0`d#fQ??>BiaVbmoISBr9$FsS%1cX* zpJ2nq%GSw8*-h=4IQ_ybQ;OfQo}tW6&+qXWK$q=a0IAOREb7pIJ(Cc~Q>O(Gpnhtm zocOOlhrpEcJ%E_5>~Zs9e~k=~zsbjfx`_~#LHQu$I%>J9x&hO~sRB<0_4{-HF4X4- z_(m)9BV5Wg)KtewTX$opcNpr`5481j=TUb6K#Iszppq1UcYe8(C#;2+z9I#ub(yfTN!ZLly|Ja6}SfX zZh`B@`(E$*6&A0{vnxRcFbSyY3h3N`FS$9mciXVt2Nhrtogl zdnR5ce%Z1g(HH$ zXVYMtUb@_@fy1as?FJVJ)u{;G;qi-Wh^e%as9uH7o3}UmCX|daS#E~0@|77B0KFEB zV(ON{0>Yu2lHFmF-cpIs<}=Ilr#_fW;>GQ0ab)eTC&a(c$@(Vb5!>1E&o{Grk}ELz zqIzsFkXV4}zyUuo$tX!@&bG{w9f{RyqY=~{&@E=ohR-wKO%kvrc-LoIWH5=7utYlx zGOh2vrlaDqdDahY*om)PAXPLzilHHEEh=jmZjUFb( zrlwC-9eabB$Uks@m|` z@|B2i$n*W&GxHe?2+Sr(BG`j`slr$mjPP5m$*w``v@R_p)9vku+5_eC#qSc2Sgn^a zJF<4SrYcp!DlNM+5&X+OA^{t8*Qoe&?Jj55(k&u|lI$|4D<}XaVCkm6LqJ^`Ex0$XDet z(dO_jbGqM9<6L_-g%AK}4-hr*ui>TZ*JINtwE?S8K?d?;6;hHIGR{G_S6^t9^1$=(8=?ZG`cmObsBSPwR=!}Apdsy8(^ zH>9_>caR6TU$EFKv6QsT5)&f4CQRhp<3HxLs6w9a^>+2}SKW4w-QJCGRpmXc@9)Gv zSR48hqyHQ3`TPy{oXr=-{+SDtCaaEIr84Bt3KjXhJp5^SVF*#7bYrM~rY}k0_{fPg z0hGy7dQS8&JUP7L`j7;wG$LS{%Dnn5uqIFKp`GG{!Wp$)kjO2!#Zhb1?Q(M(>Uyt~ zKDxQVZiEx^+TxO&qTwMiaV#DdX(PSuVj{s7awmJSYWaN_qDnl*4bqOJy z{r()8ZPJS!B68W1hNJnsP!&NWeI#ZsU7Y)Xof#ww}=~fNIqm zFsstIF?YzqCD=yaFjFqZBa{o1PQRx01p+8N#+m*|WNe|W_@ z-xG6}ew8G_@H@6_;A!&;-af?f?$&L3OfpXbOyzDplaqZCzVC&Us8!hDrx=#LMbWyi zu;8(jZB36w4>nw54g%bq0U2Rf&9+|&*MmjBd~$xd_aL*+)%+9}ekHxL!1UlI)va(B z3S~##NO40qA%bK5{K&8Ku57wv;&+C5Y;8S%@OAI{GqJRKkOsD%wgszT$>iUQoVnh;>o3BY7lMa*lg{4r*n|90IXHS3IgdOV(tSCyp_ z=OEKz9L6#7`hcg`v12ZqCX!T(PtW4+!SYbwDw|`Yw_f;oK$V^uZ!rvFkb9nw9CP~0 zyU{}JL8x!XUj4^v^S5y+N!VVEk5p-ref#!JJVla^abbfAEOAJQbqBm8X_LFLlK2Xk z#uQIXQ-s8R6EDhgb)+zE=30|yl`9#XEiq)7f$$MXB;E_!Cp2cq)GC1SE=NU0Em-;N zaAg}kHS6T05k>X2FW9f9$|!I^Z39P=-$v(k>WlWyTzZE#IStC7D)oGI?flK>FVnV# zjzR`3eC8JHg$$nM1`nLt9E#~qCp*4cWjXJzsN0k4s1cvjqL}k-CJ~U1%3qo*SLhvrZFBmZ;_#NkIQ17H(2TlPz5Kd2!FCX(S z>;?xgh(h|K(7@~1jp7C1={`uqdUOB2Z~(R_0KO~#gS;Bn|C!zXr1S{wsc!xT7!YPL z^#`RF{{JYwe?jTJ62iZg7DnCw!CTd750Tjs$!c?o53HuKz4mqRcCckm6tUhA6|G%) z8eZ*onC82oGL9+R$Nf@AuMn|Q{t5PZgB8mjt&bJrE3uY}nAZLx`9wG_*o5%9@P9uB zbqo-|@c)tJ%UP{*kF9kBR_R2cBo^y!f}0AZTihu}kC#!y%qyaC`oD#;$j%p&znHFZ zg+5UX2nhFd+$4T7Y=rdf+uTmixMsf5m8$+o6|RcIC1NhWax2K3_a!JH>yK6--=C)T zC(4DRQ~i2te|ZWD4Zo$ny}i#qCms8l3^|2I;Sx>VBQY9{o@gN}qT$>tloT0lR?wV$ zJSR+UIQg-~qx)e)52{?TU88$#Ngd?;lBA8B>!ZkJc3XIA>i9&p^s9YVNoJf#Kg{TI@2xcb^D?j9{bh8SwpV3Z2Yecu za*(+9M6igXR(RT1GF7v8+hL8V29pui%PX~2*l^0HrIb^cr_(<&-f%;A#AzEL*G+{_ zVz|K?^Jv@1VDn&_I#2NDJA_O3c7FK{6BP^7ltPxDu(C(vzl4>7{}qckh}h%3zeN~sEG^J2oBpd&Mv5Q=9tyB3M&t0=$!wqW3u zvWG8@tF1+*dLEL2q?7lcpf4;7qUANXnu*dBZ<&+1eHh`b#)q8rE)W1#xybDCe7>j- z1fKzuD8FhtqfoL`;k|ys)jR_lzW4d!zXqOUYY6uO!_F~`JHB(bS|ZWcidh6_rqzQpYKU@_DwSu|({1{9j?F}bPuzNo39IpqK| zx=faOsOP|IqWd~8`v~x{L9jRx^pBQa#&J|TqC0GFOW?+5W~QCd6EO(FVTlczggEa^ zqDgfr3;4y<;VclTk`WR@(eu6Hzsv5euN|j)l3wcUG7g=R2vDd)V&R zYcW>bMK?vSwl)8n^c0<7o^4^8#`lIMO(?IslP|=y%d(cm@2fFD;p+-BR(c_LmQuty zZO_W>5q%Bun#%>BLHJbN$CkSHDAMpOf==aYO|UyMZ`?QiMpDJz%AxhOypokAQzD-k zid(M68nsHhr}>%6`5S*pS@av!rxX&F=g!{LA^bXc0?pmy^(jQsWd=Zato2{Fo2H#ZCHQX(1}QLLiIKK0r)D^U_I z>8xE2NK`B4L79s>35v5+Zd{?IMH0iS*Qa#Y|%Xu*?y=kGQ{ziqHlhJ|=!` z>hv2zk4f`<81O3c?biJm3R)wjB}8m0eTQ`2Uane>`&9=pX}|I3j|$FER{V7{-QYsvp>SHKT|s^i1Ay2%Gw{jp{wrHy$wk1J~W`$AKVPhzuQ{Xx#=EtV0xnk$d`-<%$8xSOvkL3ipY z;O*6ZBPlN^Dx9d_4%{Uz_J_qCZ8g4H`|MQRTN|oyc(wP?@-(ArVW&mghK!44IP{ey zQ0ZgQIk7E{s5A?;)S~Bv40=X-{!nt(uOSfmD`CjhoEXs3V-N6DRvdQ=vd*WYFUL+C zW4)uL%uZqk%rnl#tUt^0ldNy76ZR)6Tb^WvDJt+2_@JJ3#&VYXUFnqvudx_)*yI$K zKWlb568bsP)pa5RJY;>Mu!!~h>OqJ<7YrczT1znF30#BKF3-fBp}wJHn@`bShq=nq zU@PB(HO}>oQ(Qo6f0qB%rt{aU6hb{(OMtBypXN;d+6V(A>#4ezOVqz4AqclR!w0r1 zOZ&A-T$8tFQ0{@lf_WTMDt!I8Fz)BK-!S1ITIJgc`}_a<-Zr*q52QNM35FtiLt-uY zYv%F&Wa}~k|0zSX`4^Rogb9daci7?UM;Pxc1LhuCFD6{BPd)BE0n?OQh<_yH?~LjH zKT5r0W?f3B?Dn=Q4p7e-w=nSTc#Q)x(LCeZ;`H&gqad(AP9D24JBQ&6nP%(x`~?Cb?#LPViYd-t8bwRNJBHe0?6T6onSpH#%B1sX<>q z?8FiI%)r_1XfsK=U2V}IZ;!WaN2<*1h$d6^VkU)VjZqynk}21ttn9g`5P<071=bS6 zam*Mh{&=U7ON;fiG{&=PBhzCG-f_MHlE3fQ8Z;9I!M8bl)uqk1ivAT|w#8Y*0)G0d zXB;mCriXAR^oEo2&4xK}SWI!$YaaRu#WK*@Cd0pfKrJvn)P2YH65S7%(+gDg&D6VM z>QC0df11jR=iz#I5f`j3KOwpFvFgExcL(Ox|2u~DeOBOq!LWW2+l-0E=^p-AVIuV* z$n?40CbZ)2JkMfRgz-|3QZ__T&+@bJTOZwSjS!!xxbKS=#po7;o3Fb;dXFjq?f&B` z-{7Et=p>unIBcca=C%Ah;CAwh98hZz=>wd zZurd{5O{62ujcTCkmMdNbp>8{9oWIbqQ5<>kj<`vGsc zS?{yiL-6g%rGS|EKZ@iOwEtElx0*S^XM>)T2kR}o&>GyCt}&x^N5j1VrYFbU%Fbhq zS)eqx(Acsk9$FmX;ZRme?X=T2m&La%)$WS!cY_5K4=yUut0!1g*GeYe4JLY_vUrDO z^Wfd*|A=8RsL9kJ0XzhZ(7QKUc^o}FDuz`C930}I`(@QzR2TPmmWMiFYP;exI#`f> zv4`qEc!vct>OGJlWyQ5-yLtFNL`j$mrfFWM1~YlnVpm$_rf1l(?8(-Z@OxD%?rot1 zDuW!}O808fxAGRGaw&?vX-b)2MGV7O*1WPw?ZFli?gPpqV!MCA zO7EJVdUuv%1E*@x->}l;c-dsHczpxc+=E@c<-4bOOK=5f-{;C`QsX*5}L=5@ekHe`QmeaXG~l`Q*fflk?+v@7KHz2BsgvNVJ@V`B{a zCnT3@CGBE9pc#m|+u)29{%s*G6>)(-+!jr3K-+aNgcScGSvl3-Ei*n|S%ynr9|Gl4 zSzC8SU4@qdf5_CSn-G_w)xPZynVO5ASOY2e^Epn@y&aPs+a_*)Ztyc5^qqwFE+#pS z)s=~Qz4f|CUkGqHG+y>IGsXzz;y%E0ksr)j_Dh8IYSGP<5f-KbGIg-1Z-Dt#8GDsh z*N|Ae=4o)19-+&-4R`A2iJK1l2xxMlyzf1PRf8y`={EqXOMJSR)oU&nn6HXOKtgZ~ zFkI^Mg@N480dilrq!AA^3oMOF;gp~ZmCv8iWIReLPpliA*Ou;vvrJCwE0zeilMU^y zaQ3X+FgfdqX+zL=f?voJXL7iLS@yn zKqiBSC+T58S9qRobyMRno8fI>GgKxQ{Rf-jl+p232AMw|``0bi^%1OF@CRy^Kb(eQ zm3|?QGd6@Sv^Ma3=xwsXQoJ!9CxZGA$KCgqU%o9IJ9ecfi#ATjO4L0GoxGA4aJn#z z{(7u5RDfwPeH|zX(tHO>HlMEcg!_oDx?UxXTdwyJs)5>?TgQ=C$9i%J09v0RyY>mo`kk-31+VUV;0o3*gr6Ug2ik-z?L2AaE0* zBRBuXXxa||7}BEL z{6$;*`0qb7=jO=k7R4KIu|zYgL30!eD)zyEjl`%`!utgQfBaRI5759nmv`iTeH`SY zs#F0MGLrkS_m|~zn;vYXO=?xYe!ko8h)=kxRPXnUUl+6MI)O#8$_LN?uZ`HGKtp$z zd2SST9Zt~_gRS(oY@ydT8ij+y!hStVYg-vcqf!slP@pgm+JD^k6r2EFIVj%Cr2i!!)$nQvl@PTlU4JM&Bje6jE<|3o&To$ z&@Kl5n)FO-@g@(;>`Rded(|iAyF=MmC>!IBp5gGH!#T`oYVg?iQ+m2x<3!$$c323` z%{YS~ZvuC9q(5#EfDF&I1^p|Ev(~0-fso}2zt1(4{RVH`U*-3Wt?T?p8)8O}q#w@c zz>$NeUri2c*>J9a>Qb)5bMyJw(WqpVip{^0!dl=GS_y}DxSVoxI|DExx+=uY_BGdPo-9qXkH`jOJBCrtWNet8^M zu(HH?>R>(6;41a?_2iF@{(;T#*_eB&A4ZoHP_eITB-(83kM9=OnOh18NWqQ6R)jRJeNlQ=0w~!&N(qEMBQ46V2lApr;2*`UVnr zqiyj%gh)&mwf{FUjXrMeogkUEqz1vA#N3K5e&*Go+*E!py!4)ht<3&u?Ar9RQ!cpF zycVB++%6y{Zg-wXWM&tBDO1ITFp8YTC8eePxC;I*)dZRtcM)$(G8s+VEDx1a!!&tc zRWjf+TQ)p3s|=8!>@2AgF7C7`WTVrJ#IKP|Vgp2czk%^NiP3maG5@F z%f5g=iB}vAB9~8o@~>FF*!3mA^3kUxDTG<-vSWcIe+87oCNk$NV2L?!J%JECD8%s( zF^?h5hmv-T?Cr7^+Y6PjL0~bKc(GoZQwYsRU{{iTins$i_&HdwH>y_9-?$4|Q3Lh1 zhddw;4z@*J-|~X8}D`!Vy8H zX<~88R~&=m_^7Ko`vmvjQvHR`Al1pW}MfS|QwP%Vx&J0XOo63qG z`(oL|Y3sJGyDEvx$a9qS5bJU3r9oSpL|@_ud_7t8qVnG^B$p+~%$-oIdtnlK=@!<$ zqVbgt^58NzOWV&tNE--*y!{v!7fBj|t-8wYDe=QnxF381@8Jk?wLr=_sS5?Bh^ zyLnUh+S1=^Is+qych9O!1fogxeS*T7^!R-JFVfqg*Q`tA9r9xWl z4qcc&lrlH?HU!szhiZ<09*3=E*@4z_QPN0E-ag*rJGsHdKQ!}dsj3yS<`0lBQ zf(3R_HZd{R{_+sF|Hl*=sV&n?XDS0;{`?1*1-C2)-+dA`%TmrkKiBFNNO*s8Fi;(e z&*Ye`)Gp0N^Lsd)v4I0qjV?q4NwG~xTx8DuI}rx|n+RL7>%=jIKcLUNPK3>;=&mex zA~y?B5A_ggh8*E)yd3aUg&90UpS=3dNLLWW`Y|VK3Ws11WTbinB=2zWM(-6AB2Iki6$Ks}>$vAiYdc`pG^@ zgQncaT+Z@5?noD8O6r6}!a9D~3-2J>vD&dyQ)X|cqA3=yDT7Y~wed0dA*?c`twK4olwctD7p90h_Z zx>*uaXup9v*cv1OraMh1p6MDSvl-VB+1s=4Cc_0%@CcB2!-~E93yuCKk&gcf>)?OE zyouc}Ge1EBIS1YywcN#v24W(UvqRhv8kvc6Y|h`W4iM)tbdkm;02ITMcq1$Qks_3^ z#s-Vl($~I}y-HD)M|gFWTOoY&#n|ME8=Yj=Jpeo7tz%7%yK6{{8eob7gK~$K( z>FIEALRR+B1{bWj!tY^8ov*n@BW+*G_Oa|ilbaC3mn1v*i}|U4Emb6 zub{UDvSVL9zxz?4G;v3@&^^Bp=5@}b+k3d(1ho&PCc6VzZqd&_r24KBNu~NARHC~) zMMX94S@zl9&H`5Wta6-hL`T6O8YxY#f(i+efR>i$=Fedv5s^ux1>>17bkdjciKv3C zmT+@Z7x1SOOSFm&Qw|;=Wh!%CVUA*Jx#hW#HI($KbqMpB2@5|8zJ~Jn>q0T+luwo< z2eSNwm2ScrR!I&owUx)-9#C#Yjq?Lnj*0kSm=7%0#=`pO-u7XPho-ky)~Wwfe5b>8 zxQS{jG%(K&R4JarbMR18b$$l@fU2do2FJZ|b-Hcg@hpqt!;M35yTzpJztmdEPEI{y zW3xZLy&;p&;j}~FlYXX~%G1erP;NZ?es#Jxfn;2zBLgec?H7K(3ieKZ=Dfev2662B&pXk^O>g@TzshVz-LMsp0y){+P-mVG#xU zY~&|oGqtH+Que}Wm(TTVZ{Jma$f_Di!S*dvh@E-3wetkpNf|V+8I_h5@kPmuBARws& zuv_rzOazEK^e=_!iNcpUmT;v$9)!DtEH}%+5t;A<{QhDy^5}H6+5b zf6&auj>Xh{bt3B!1KM&U45vOaF&a&Fn_peR^rOwCMoPC1>;oG~>U7B_Jy^AS{ORJE z*O(13C#LF56^f`m>ICLuQpScP&a30#Fy*~oZ^R<~;eHZ>#Wg4YXBjhxa%WG+;x)$u zn8-IecAtTTMv5KmZk@d>h1YpDoMae2zMaV!Wj-GH)FL%k>cmQ;Xgo}ZcGsxalPzEET?v*8$J2oV1&@r_?F6e?D^Fn~_|X4%nJLWIWC zw{wdI2(=G0QWML*<4_6>%Ar3Y7)Fa_AKPzKQmM%kEz$uQQ@9gRg-x(Kc%7DQD4nIwB-FGRq4eE^u4p1$V5Zhr99%x&w0senHTO<-Ngr)G*2n zlbdk|3(G}NTI!wsK>sEPo%JcV2)fbWT(OmMjf*;LuQ_R}R`lXLO_xQUzIxs~!J)Y? z0J(>lEM<9kqd|w-MPZxxr5;GZ@8oJ9)I4O^{5+?5^{8_=p1=6zG4s0&j<}+zh{DA= z2_9$;DT5iA;;=`ZLo?nIy!!*`p!Ro8u5IgGQmO#l`T66I8BTFzj+{9Htss1q#t$od zo^#P&ZTbrr5G){9wIMWd;{6HB#Iqmk*;0I(p@Rox87`QUOU!LeP*kC}qLVG}+P_A}uR zqh3;4;p1t--FFpM!m$nJyaRd7D=A+W<)4)Hx}!FQsXI13OX3_nP%SdjVSqU+2hQh- zIu&zln%4s|V%n?IY1o;s9k)IeW7uRUzvorsA=1s#F*3aXYRwnba`F0e+tYYhN5tE@ z1LE-VorkTK`{x@T0zc8jB_c%qH-mmZ5N!8sB#UgbB{9`9yjH<6bYpkw1qhG&C?%w# z)N@xe5O^=tgvNEVUTwMR2lFXIf9i>@5|94ww$!qjt_P7o-`BUKx1P0yx5jlQ3Ha~Z zVX|7@Y~-#ES4xp=CY$Q-&n4D=rE4cyd$IM^KZojwp<_NrIg~~@+tabbV4ccr-}M1) z>ybJ?7N^NYH1t=OP>CmSzA8#dp zoq*klyXS+lb8sZhCr+m+60}dh;B!0fv3lm6fUwks47NY|#oNaaD6S6|x^SJJAn-U_X6jFJ3IdOXzz!nb+Q?r=_{sc``@KY*D5tCbw=`LZjc>E9AF%Vg!S*p81dOlv!9$TDNPTOW`Y zob=;>s;sv2RmRiXyR|h&er_o~1*Cb-)X&&9UVTYicsEvtN3Y%ECZqRkwlNhYwuH6x z*W3wmP<2{x`ZQckt(*-#ll5hI7IzPHWd#)N*&I1f;0vlgVF82Ti`a?se60&Duwukr z8A_R^*cn$y2)f)iES76Esa7B>jlVG=keo&&Sv#;(hZ-2%m&>zDJvjqBiktLz8&{t z2PG*2AOdUx5}Nb9OYaMTUXl2o3+q0)*741BaS2KIaB2ms1W=ChVzSIDsnt=SJ%|rd zHX`@D7aO+{l?%WIpzq)ldsH_5k!WY8db{l%9IroWTrVMv3*DDFv&lR70B6WNu7&q_ zifU|X-juUE4rv%!Jx6QWxtnJEMnsS0!EPmlw1Kx@(QKvEnY+%p<~N;;l8#tIsn8Nl-DYMNOBk0)uC_!{}_? z;14%J?&cKzROsK?sy-pxHO#5LJv@Rz=~)vo5Q|&D&V5TK_-nq=C9ramwS&P0T)rO z+Y`XTufr$QPMUdiU!y}p(p%pfxZ}H`Y7y`mjnY#I7lta^mtA9U2b@-WuO6I;Jg__C zbh1mH(h&?M^}Q77NjhXQ>gSX{7ZMb7c6D`arWJCsAG!$Qh^)OXCCwZ_q=Nv|((|~G z`A5qbN*bB{j}CI1SV67iGQ~gGbN-+6{{NCPjV2I?1Ib1dP}T76e*Fl57&l-}EuYnx zinwTCia*v~kG5Lz$SeV(DwEvfKSd;q0Y$uVrXS9eWgC=o zPB>+`8O}L2i4tL9nu~7!8N!34AeI3i8rbx-LP!uzcj0IzpoQDR!&GxHc!KByU7r~#sJ*^b zpxyhiTftHdbQ+kPH&H0opeGFPvXheDROT?lAGf5Mx4P*$uW!J1G!0vGp^9E}qK2ul zp9QFXxeEIn<<28e2(cRYG%3d)XY;aj?&LSObI*G6XSSXT1Yu{Q30-4pX`m8cd?wnC zE4>Yt-{uAVDQ~sm&r1w2GPCY{ywKgB-K;)a2B7zK#vO!UL{DE|z7JL%>?Pg6$_3N3 zX6RyceBh&FRsdpMv^6+;#Fr`1&G+)&ygQIkKVPei>oTa8@(495dtemzi)RQS`17)= zpPITfa`*D`TAW^RK(q-Q+kM7dw_CZeR2$>NDL%u9ELZX-BKMimWg=P0!LZ^}Cs}-B+%_{;dFrP>@CRrZ$$p9~dL8~r697zyL>XB6=g|c= z#NkH(?NlV&;9f^N$C@t<)1$TXG6%E)r{HS~FItU}U4+QAs_b=zEuWy~PfIu@E z9p%4B*9&DzW`$i!a?p=kHCu*Xxl01>!2-2tZwj; zKtc2bDa?xk!R_ShfAxRfMtGgT{?CHt`76I%g$mW}VWSW#6H?ftDO#^ivHijY@Hwh` zp)tom!`$Qe8SVjt|DMtLpW7$-5mLo+d@KND=x6lW9iD&(O#&^t?Lh0VvbUm7?2Q=mOXd29C ztx3}7%*+X3Wde|%NiUDlGPf+5W!3KcMV{wtLZ0EHEl#ehdg57D2WXbca^f#el%!&N zywl3~bBo;y&u!POK<(~5uq2NFAcrBjo~Qca3La2EK<%oP$$O31DBxQ^;5FT7b!cB^ zVc-v5RtX*O_X9a=kyAyFT8CBaKY9f_JOL2ZF?uG2)fVW(0Ht_P4>NbhzJ~=)b-pFk z9OKJ|h1Ri{rJ^^GsOJqeB=$XjLu4-l6dTm7Wf3<7^TS(%B62|yPp>l+(%s=K%LjOZWI8C??D z4^$BXas>6Ks;PTr4Xm0iKs=>8JfkJRt&(VjPf%K_0SnkNe|`Qu-eKH-Dw(OlPJ|yS z!hN`$_kR`l<>65E@Bc_;$x_IJL@A1pgzQtwQuZ}_vhNCG-&#;vL$Zt|jD5+zQxREX zF!oV)!`Roc{NB?OO~3EwdtKi@e#`UEb6qFrocDRpIrr;cUiba7?lqu_8ycZP1^b8E z6ZiwJKalC823-GO#=fr&S0$#PI#p)9CfDfj>Lm%+9w7)nXdM`3=%EE{+Ht^rdUj@9v_~a1-#H+ss%y4-!@kYR`ql zmDy!xD(YTuvcF-L5uyiLOmQf3hUQE-Uqq3_L4;hzOQKGmN5mvCcIL%Z1GN#?%?+p} zZ2Ab$f_A+Z$^oCg;L(pWj-t5+>(9;WNH+gOxcSOBYLMZgI3J%%C{Od^uNiA>#9tp* zELhfk6Kpl+mTVO^2|snTS98QoINKBW^7o}5kd#+WxV}nB^vnPicMcR~8NN{lVf|GA0r8b$ zLijgP1vk0NnXNoZiGTF18rTwHXE(dUmmjx;)EhWl&`hrW3oS0Cg9|*JTN%dR5n0@h zWaiv)6aDL`BDlar&t%1+DZoWeVJ*0BRPC25(7zrto=A}SckyY{WR(<@Dt^(X|CmGdA54?63oXziz6sPN#dBzz*>X}JF?>jG_VNTE{Uc8sKsA_YuX`a8oe>n z9DkJ!N5?5ldw^qpS4PwsAp~)ybs!|dCLwX&8hPMf?Y5fKjitLe2orT#w@>Tk1LI@9 z{yS5P5ZC($(&eYUu#})P$A6Qn_Bo&$e|Y5Q>AH2DQc*EvF4kksjf|dissG8-pDbS$ z?!C*g|5TG0H;P)Rd^%i%-E;=2^~#sH$n$5_qzY)y1I!T3=<%^+V+RL^`Vo&!Y9=i8 z_G(3v3@Z8IKV!k#j^5H>cqO0b41pJ{i%tBITcV7VBCE(wh{))9(D_vEElvgok_7^y z@c8fP8DI)XUAOd?2)w*Pbp>t{Fxiwo{}Tg@RKjd7NCx>+Sh1-|oByT=&xKSub@S>~ z2jyrN)sK!+*6x#!Z6nIIOuyYCGIE7k44V9CLqUFvdHDHfw)({3GAT=JdR%urOaBX8-8-qzCV;>f3dBJ;}zy4YRn& z@cGW>_a90Bw!X2PIlG_oS+3&7<#16KMKHC#!ud{5aNHDjEpgQcRQ_D)G(I;iv&dbs zCYYtBPPNP+x~M9(SRku*_cpPgEIqYDuUBucm+3ua_mhNLsU$BLMPwtCkEb$0_^2x{ zkr194bu>eHBt8fvzHU_W&1HW~(X1mrW;N!ATZer|Obp|i85M^`PbOVzb90eml1}O4 zV3A^vQ9Z{D$B-UuAmZuK_+`IT+NBl(KIffl>+^joxd!t&_O%JAd^GS(#r7HDqtLmH@BGfNc{6i@024!nG_G%5$0vj2i2!yr(g% zJbHz9l%lz9;TP!~r0+_g+p1JFFy-rJ*_z;|MR(8=CbT650j=5_|~g z`6uutz1nlR)4F>a(J3F+QW!1=zJA^JEl{l^@THfBJ!&4A%Y13*M=9ZFp7q%3jK)>C zHHzvajNnNNafoi237lSE4e;nEMe_Vf2}{TALf^cpN(&7LQU;Spho?)}NcqjVl|fz% zhAv8;0)GNk9}hOrm){O2YmR7TP;jlTH=Z+tLn??G=*=#rERc83qJ_!VF}hwRbxp2V zABjE)4a9~)OVsBU&{?WjIz_F0zCEV|Ep#AH2` z4s^^s8?j3#9k3_WdowM8ERCCDA{D*(L+1?V_~7(5Q=Q&!-C~K&?zqiTfm+5--qLve z`DVG@%if~ni!OU!`ICB++xH0mY$YFIJ{9#Vfv`Qiq2jDzPC)S`wJ4SS=mjJsR>cXd zH=_O$Sci0j(dBPD-p1mq#Vmt!X?@;Uvf|A>m*ar=%8ER&!WUw11Uhf3yWD>%yI+EV zo6KIzBt2Rnfgdd|ICr`1{fVPF+9dzY0)4ek1RAGzq-`-t9m5mm*HZ9zxqK6JM}B5+~TMz4@15dsq&*iOFQzpU)iZGET7FbmVWr_Cm7MEdo9e(+k+@ z0aX$$^=kz)$Ba5+tCUq#x>i-_~qHXHd($wXTIIb$5PNj2T)yBVK0yQVs5v z3$@kd)UR|(h=Z-yU@7OGsz+vN=8f&vJY6pXYGl5zX?a{_v;}wh{0bJTN)GBTh^rJA z3}Hiio4XF*B*+SxtG;jflX3X$HG9n|c?OMQiwn8hRVq=O?~umZL_m$jeWct?EtsiC zWg>=uu>7h#kbzJ`jq20VIOmYJyW`AD>B1% znL{J%E+03Ae%jhBLUi(%b*b%@NoVV{8hv(|Q>(O?XU|>R+4?vrQTO7eIo^-H23PVA zR{3_uFH585_0y@gJP_S*?zGrjsn@-8r1yDsEBBqP0b)xf@rukw&R~JCd=!^Nip=?M zV|pl{%7UJx*Nsj3nZ7pLJ@+%s(0Ti5v1O|^h$B>nTrd^6wFi4hk{a=hvb^_>rd*ogWG&FS!)bRtmt;;W8=apW3H~wn`+a5AAOYK4 z0Gk|30NRmj)D$cNa-U#B*1Ho7bN#i!2-1D;PVeI<&Z^A3cAi5N6%AIO%b`Ls%{T?p z^JpiZ|CBFsJH>SMYwU8b-gNHX?#tx+)*=g~t6odrRXBpqQApZ5fi7?crK#8y zOh1ebYaR;FOIxpGSJy)r1?;k{dNUqN-}R1Qo-Ke4bxO-SNK2o0BIeN8RdTPF9yI^pQs>g{ zcs9dMpN7TDy&mE4&!Nc*Ga)iyV1+9trX`GsWH}G#lFcV1l6$+PC;%Tlfl z`dqru?dv_#+Y;&K0pWEyxfh(Ef0NfFlZ^h_nA1BZp`4Uz!isj1J5LZX2Kj-AaK+|_ zwxeGcM?4@f122`t(0GeyU&&h%xU+GSEqy4Mb8qi?STvg(3nbYKEnt5nh4?3auik!e z)2oGqf{*RA+v=1``GA>>Tuao|NpFuuk&QPDMUnh6l+*DGhE@x;wJmUFsE!Jw;~Srw z%v=2C9Wf!MC);6lTOm7Q$6ioy@1a~rDoWR;wqAtD#R=xtj%>kp_gKQ2gB`R%>u*kN zLQVa0;g2g|=xaB(B~W(nDBYA~%+hR+%W%qkEVnVH(&a;ZQSqKgC+g(EIr!%2>`C&& z?OIBwUz#H@lA)gONePPCrQ5oDn&Y2-%R8k-);5O~Q*+{I+uoel;V6 zKTEWRtaeiwI!gMx0%^>8J{hd$NAsdI4gGevCm2}ul3V%~$*7k@wI50A*pL)nXf5qE zH9GbJX6HPOFMp zbEC7NTCx;Jrtbzh_$C7vPct!b8Lp}n>Wd*4PyoEmcEUpS_eL65-vb|$6ualAKmYN@ zI01C0YvkS5wCucnXQf!@LWQ_D^JZmdQT%kJxmSYi+BIXOcx%PR<>K~|P*m#a@*#1# zSbpWB-3MrGz{2`AO(w15(2*lobnv$N0vXxOh`OTL`))doa^wZ!PQv9-U9&RyRd;L%IfQ@>r3zh z{^&UVsb_Esdh89}cpe6|1G%fI?=9$Dd=+61K0?>SZ~#7B!ADvO{y_E_RP8wa6Nvc| z5dI|mevA0e_5FHqSe@&V0L5F!5&^*5laO(0ynCwRu)1W_Z7>+Oc-(%l`qm!<;w$F~ zf~D}inp|*hkNdPGzM2aa&{T0HxJik(Ppl=tnNUT;(nk)j1}-V)3wcdN4JNi|fw+>E z+3Q{-(HjYZ@SE0{J3yVcwX;(zS65I&+UG!Yt^$ZSoB0$yWF8dvX_7$t>z3JBF6<~| z0sSrO2)!ZjI(EktO~==b8)kF!8?8jQFoo#?-hbElHj7&8R4^#FinxeF8%x*MdGd!# z+gC$Z>3IMerU9Y!F7n*{EHGro9aFow9+h3E@#D^M^;CyXSc!MX_SqaT!^gSxYo$BO ztg`A%nv;61h35K~6V>bNDCn9Ksg69sF(r;MXTqOfgX467FJUSOLxG6GGI-WOBkQ3- z=p^}fAOr0@KBXXFrz{h0-eEBgzrHYBqvYk`q9Whs43qQ$E=yM>lv{dzP96D!?Z;rz zqA!r|&Mfc0#m&!L@v|{eJ@ZUs@lB_w?sTQaNUX(@Lk(7w1r{P^Ei(2%Je#P~{S`8`wY6pX0VB|#=@E?lMzQQ6%oimMCDZt1Z2Hf^Tj&zI#*eR9 zHWz#(BWX@!yd4$AW2@t3oR`vsX0{h?s`C%&tM?ump#<&Py^j1LRwu=Qkbk2B>JQSN0xV^K)xpd}DqjU!){!Hfxy-_*v(A+k(~8QiVHawua&s>6JX&nc5@71d_TVtRPWX7D|LPoKT)<1>>4%-VW%r+S z%0!26xN9?!0X=KpdrCKlPQTde?t%WHv8iJn3j*FNr<`q2($gJ=-#0xrxULrj-qFfY zOH6?EPE9`Y+8TxESFdHC{f+y~^Y7Z3tiNhG!cITmCYOrp>+GD3XAyJiA!U>K63WG@ z#1nPh@9|QYidA1~EhP&@^n!&F_GyT}&kohgYX){A{kP%#wGUpBO(DmWWUN=plRIP~ zdm;i(yA7Q!u>x=0#uLA04uxFmXLY#oGZHH@SZbMf)zC9nk=dZ9IxLOT5OZ}}$CjgR zUhVQ)h2=PQaifkK(l3Ny@wuT&G1ptYa1QlyK|LTkv98@{V5P)8Q-OS8utuvhk~f9d zyaPeQ?porR_fcZcCTA$Wl$42{$3RtrrXlY=^+zyf#d)Deah#+5dl6lWWvj~&m~A}U zVy^`gn%Edl41S-)12gDDI^OA7juNc&6xK0qjr42|E!a%#IMK9Wt1JAY-T&1FZ%H4A zRFlP{1I#Gumd?Mnfq>|$Vm;Tf2GHBwQ=}_XVmEXTXrS=f&wIgC0>kdLI&-s2)5*&W z)DAE|8vR;!!*ulg_tx3S#r_f*5Dfox>LI7UmZUNc&wBDjq@yRP`|=y>$vIqjKI??h z${$JvZT}gFY+e!j=c2_Pw+D($HNbco6Vw{j97;+`{v;U0V>h_@FFu_@YVZjFJ1dH_9QL*&Q&@yYh~*3PYI zo-J2G^WslBC6*&?mJeQ|a`*Lvq}zP*OO;o_a5G5ZD*6kwE8EzRK^Dd433_ zIpqz!a^QtD?+==WGdR1NE3Mc@|feFmX1rbRtt9mA{H6FyI#1N``f*aPa%}W z7JahGT*%p-b#wx&p4OdcE|r9(Jks=!gV8tb4FbNiZBB za={6t1twkuNmE#f-e%RWECx1%f*M*p0oy!@u7Fd-&uW5ZRY9C{k!yu%d)4s->K?{y z`Ym={g=5R4eI-Mzlh1L3NPy3;ImD#=9GGMe57Eb7b^1}K@XxlUWNdg8TF7q3lAog0 zpFG;IgtOCXFi6;pQNdlnO1ZT>*GXCl_+u&%jNXa>%EzQLp_i0exX?TT1})hPI5xNK z&cSU^dcUGAGMA%WJVU#t@Xaff2d%?#60AbYb^fe~Z(@?$@&qM6-W}oWRuL)A3!$=@ z9v_;OfG+Em`7|{)3bULVT1V-Mg;rSBCNA--#mqkrjoLo*Nl~(L=*+>nS9@M%mGhg- zmWci7-O~8!l97e-t?4x}yOiya&nMWJ4Cc?&=_i=#V;5xlmXR=u^9K!*>FF>TK1~(~ z>%O>~FXta1mKDTh7rwDa+~G8+GkTMym2G0yG%QY%7BIjAXOn|#_iT`>p9#)6F z1@6YxS-bADM}J00{1ynKhqu+M;|aM#?w?_Wq^4HM>EeU68E}1W98(iNf^_iN%7Js= zV%Tl*!8!(r-F`bIzmA91sX%1y?)}QR;-g&zO1%Ghfz>x4=R}=(E{_}=#McIXOHNDH z96sSZNLKT!r6US2Z{Z910Q`u%udWFt} zl1rRnKYz`t?FD_a_hbxJKGuJD_3V=RqrTynuV24@mzbCj8Y8lT_V-E;?jAT@(QY>*R3N4LZbC1@-l-!zpD?2t^ zL9SEj8Ju9>s}7>S+n{dP^Ko1<(|d%GGfdL(4D6-V;STtv(tsS;lku+#xmaisC{$+r zzj8dX-N@f%=nZsNuAxnPbLmV(e6piNwG^XxwB-{|F{Qk{Or(+RPB+;WqYpZnHP)g~ zJsIBI(;)-asB*XLj#x!wkUEXJ{J;!+zAdv?-tlM;kMKxJN=EtYTvZd4kLKCS0u~3o z6U?MjXj9@XvHd19zZ67cki~;Ng_pKNX<#JD6&}pHDsIcYZV}sWaYCU9UhsLJ!3vi; zFnI({Bf0l9?o%cr+%Db6d#TTML9wzaDArr4epHg_9}nln)Klz`pmU=4yxgndoid8* z2SNr1HDCHe4&RwwBylwlM30Yo+6}lO>Z&~H>Kfdl`l+hil=z+_9xXxtINQd~dXh9P6IE{!J$1bGw ziQxke{3)0C;^A+cr5s-v{m`dG03jB2BE2&nvhRL-GZ) zOP_1^sDy^*uYkHoTKue2#K( zGee8#=9zYIxdo?5kpaqbuWZTRsRfRDI#wGQuQ&#;z#Ay7{<5!LC#$FB-CEvvp%`wz z|2MNR>)H9J(^lrfpvznu7;@Bd5H6$sJxIrf-`S)&Y_!eqAiH*Vj>*N>HCIYkAwduk zLvL84b9s7UEd=IK3~<|hHP~*@M4H7Wupot&+0c@W>5`u9M?3XoRByI%^Z5(^daUc!(Qz7u@91vs6YrbX9#0&J`Fo9X!-(1=sy=76`I{Auy3>Mhu1R-9Okl z=69Uz_=M}2@gg({)Eue=0=@8-#v0}c?m1DEW`=*ycyQ0g5mm+)c$>0<+mz0Cv3O7| z`vjaz>+-;o8gEm+;mRixx>nMEmcZJGt2_*Ir`^W8^QA;^lWm(!hQr?m_%5`#bDxw& zp19z9bZ4-@s}c~LJRlIvQgd3Pqa(kz19@9C#iOpSUc9^O*;{Fu}vv;M0nF)$5%`^N&-?sk0!CCksu*ny)3?GE4|Xt?}|8oG8Qr!D42mPOYc zog!!oC*Wf@tsJ)ig2RalcP-mbyqH`O#A|+3!TQa-hMf=|h_&BvMD&wY?cf=2r7$G$88Ez{C&mo_pT!ua! zY@58GvGVTsk)2HRzAp;JJn=?)RW(M|{nR_CSe;f7Et?rIZ^;@P-?qQ}e>ydewJeqP3|MOl6$ATT1Q|yr8AN$iKsF-Wi$AoZ8r`nF-nVbRR5kEUE<- zSJ?K7YDN++nh1{j0>+f&TlFNBvitC{89wm zhLs0|R@c!z-E6ZV$V^AjNv3XuOUCYo(1i?I5lLUMbPTkULiUBC- zZh)ttCa(5h3&u%UY>~Fd)!jv;2YsjJKNBuwfBt2hEi^I}RQ@~GGRw<#2S1`c()kSr z^cDx5;{*zPT-HI!o`#51c#=%Q03u{J{5_B_0#>=uli_xub=Wz|D=U@%zLDr!DW$0D zSS6;mrgHQ&tBvb7m}olaA^ji~;NwK}U{k_JO}Y1VN0Ie&#jRx;jCEnk^@CNYWO}fl z5-lGhiAW>W;Wh=c#3;l1M>gsRxc6k~p4rr0`vb`(!Tjp)PU`Uo7A0O8n z&*(hJwB(<1cM>@y_%cy_Ax)*f?$s)%;7f%8qag3J%O_bGkH%Z{;ELeD(tSh8l+4wgEMY* z)`_E+^vWhNrpr04@9K1!msx38G+%lN|pbsIj z7znWw7<2GKd*6C}aLi@WhyxGdNL)c6D<<&p=tl?6jb9ZwhH3ethzFz8OSG&ISF3`f z=mmFs7dlqRa8v*c4+&Yvu0nj5dLI3?77Qo~lygyu;=wJXUJcYHGCzsnuVq*Rm*V@V zHjNp)0>$?w263=2dzJ`%;NLFZPQ$-nSO$Pzm5XFY+X4R3_W`)}+cA3l{Wt^Gdg=aM z{6o|Z0Lt~w?Bd<&|3aSNzfcG)KCqI~y%%sv{_x=gAPZ&pamR6{)EzK4{_iA$Wg3ok zS3ggkD(?s@WX@Ct+ON;n>o|*#Jl6YG24J0CX-$dg&AO+yy_M>gw4--Yy9`-X{c|S* zWpbu}eNV!+zr1&tmu1~`Pa{okwF#qpL!Z6(=vnOu^U0}!z3Hj67vge+2XX2YhxO%* zWZb7~MSt`p)cI&tV>eu#`ITbs%1Rr9?JzAIbj)YkFY>&8Rgt$k&CAItqJzw9%m6Yt z{|`6<$GpeJPS*@hQnbfQNYnG~bFvt+0Fs1u?UWGspNPjsJPnjbuX@5xYrkp5YJBRt z8b%9b_jFN+p?ioy5DB zl#x45s4pmgN`&piD!o5vZepSpu}0q~DH+)Hr#E-YiB=|5NolT}pkhb^ZSClS+2SF} zy_*PamftWx`{LwP8!QhU=X*myS@=Z>sIAF2O!p5-+|mZxlux9O*^HFgjdV992KDHI zh6_aJ*I7_+x;fK+KKAB1S9*dhjdIJotC`yXeijOEb6mWr+W1ENN6__nQ5S=n$~yRf znR+Th0M+;>|@Z!36CG;8_}+GXrFk=a@tpe_F*+un6j@=dR?y4?IFDp;qb3 z5oR+c4Oh#)J>V_<-cO1cv16%`lue)niFSprGJMXO;x40)Vd5^g!9a>0(dX{`MBySV z$8`QJ4*F`5g7V{g5wCadP;^G0ZPoi(5rv6qG&%^M6@bt_|2@A-C+3Dd)yyPuAam8m z%pYFBVd@{0?S_I_X^}0xXgZ_O`k^o|SA>1xZ)QLtvjrApRLMIghg0(KydW z*J%E_CwY!j^T#ozFKtl^deeYaNcV(ORaYU*0#O;`2z$cbQ!bwsUM9Yuke)?#3)~4c7JO{0Zt~ z&fj#Klb-~_p3c@Mg)e;Zj{;0YJzfb^ThNX7Dxpr^iVt70umb(}c{{COt0)1tLHWJQ zQYQex=Ua?jF|yb=CFcD4w}X9sLHQD|AHwFupA}ygrqCTm^+iQ<3+lPRU+v9qvSt+B zCpR}~KpmV`+bzHigx_7l|<~CiEUTk?dWe;p2(p2K%M! zL!oAirLG3i+|%0jyUtapKJz*%xws8UqQ!bXcQ0J=t@n{)wZYmg zNIJ+W(Q@a2vfr){kDuca#%^B5FWGlQs@!{XwmY_jNh9;I+xE`R+)}uMezmI{$ORw@ zPLJbqhYO%+4ivo+g_G8iAb0>dN@*_5Tx4*ZP%jWTyC)+fihWJ*qpB3e>22srD?JuU zcFnLt5fp8EKqYuKSIA?(Ywp(h!=FeNghb@jT6w$hKN;q445t4`y7_}lc03d_nhl1I zqsNj{M3z_ODCUvBELdMoXqL+JL0qX_NnGO&GS2|imXZ4Ay|FvQpp2*-;Zt7~^*qG^7BwdJz1_bKzV|N)7 zZ!&%_i_0^t%L5UdMc3P?4sTILl}eK*xq3AQr_EPXj&_-*|S#>o>t_ppw}V#TGEtVVL9TcC07KTLI+J(UjD^S?b?G zs=^7-2aBhi^V#Vh;7N!uJh>0}(h-mCu2C#g`h^?AuSB?cr+moE z(ArcSebS|O`S&Z6YK7b2!o1E3XFaE*0lj!N}`<)WpxD;R`t+_OZ-jIG%IoZff zl+@PtcE$b#yKv*ur47X;L_2*~2_Obdk72o$D1^Vt0Lp8sFC z;O|fwk*<(d&|NUmdd-;yaG?!_-Jez*vjq=d{Xcv(WgARK zkHpnfsPT`IP>UTqeEo3t%%KxlP!ISAR{T$#n$`6L{#J}70Q0#ifA2Q_p0PrfPT_|X z_2R&GVq)$y{%r+_L-k6`p5r_;zz&K8?e@g21*Zw4>w)ZQvC}rAI4Uc1|Luk6n)xFc z#!Wt|dzAuf7E^7p{Py9vp+aXn1-kv7%M@={EpV#r%4y_19Mw2pclZGHQaJMYe=5A) zfMtRg`Zrf6ABg*)fhAcOs4@iOT@g{Jyq3;RCD0bz+xVc4bEQofN8GVOW@MSdSKlF> z))KwoIbiZb)(lr&rplgJFRs^pl-H1 z4WUi*4^TNshgEINH7Icin0>y<{ht4x^e7VBlzU7mMi2P?TN?I8X8=abd=P0{iG zL(!QCA_+*-n=hZiM2IL^|UpFjQLu;7%CtK3mNqLAMf!#~^H1?-zkGLCK2 zZdfiK%-Hj8p<%KmO3GZmpc&9>X4}&FE||V?|Ca=t4d#V(NEsb#08}Lblm3Ssk50K4 z1+XjZwY-RAy(gWZF>vED9mu~KpucOb-g%d$7C^uLNiraFoXZwxfQlqJcV4qAZkH9= zkL1ZlGA0&(h&y-4yR6)bIa#FL>`Jx2-{M!LVCT7XKk(35UJbgjjYIN*N z8B-nq4g?b6QHZ#8N8x0v zzn_+YU2eX4z^xQgK>{EH*URt%2i7NO z?yU{k*9kj&nThy9Q@@0~>la>lNp{u&EXuktUcrwM7m_^PB@gL7WV9K}t^g-EtZ?NQ_sB6oqG*63SrUMC7F4wf7B> z3uTO!h#lcZnye;g15u=S`2!Er>nOWaKKrDFGq{NQg!!?9R8GIG&f@9S*$Q5bI7KB$(+|;@T@X$U5M@$(l`>~8D-TFkm{KnexQTT z`X~f;`7P`{4W6+Mdy3<*OdE8c!8`e_J^;b_2H>+C9rTN21OA`z=G%ApC(i@OFyWXY zJ~YDsM^ev$#k5pJ7vnQsP3QsAit=$BZX~!Y>m-SotnZej?l+wSe~N}y0`Q;QJ;l3u IcOE_aUv+h;f&c&j diff --git a/docs/proposals/images/history-and-rollback-button.png b/docs/proposals/images/history-and-rollback-button.png deleted file mode 100644 index bea82323a1e4d80ec4d776c80dc53b3696b35ce0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 20446 zcmdSAby!?K_c(~V3{cz#D-?HkDDLjA#eMK1MT=9UxVyU-cPsAh?!|ZddEc-8_Rrnt z*}c!rBsa;CBqt{)Cz)_11xZvS0wf3s2vlh)aTN#%=rC~F2LTTJOQ)Nu2aX_JR3t?q zDkq4Jz#mEGTGAHs@({G(Gy((+Bmo5M-zwlB2ub*#X$eRg2_la>a@s;187 z=JqaD4zA=)TQ%SeL`NxY7YGO(s=onJT7~iwOl#g+P0LkFUXIt)!H&_`%)!K*5oG81 z7Y_tKh!>o+Gj}xxg6wSVU3ftP|L zJndbLK@9dT6#qi>i-`l|3&e?L2CUM zBoFidfc$SI{~J=>#oSrU!46E)Rq(%t>)&Mmd*QzU`I-K<{J-_Yzqm1kq(!jfQOODT3k^L9D@b!pGOeQmfio#_fQAugnJe~^LaQvjxX zwj6$3t@(&d%gTt%Mp}Oy+v9~nNaSzqwafoJ<+1v@{7vQ;akmK4s zajoaG{gU^l5@2y1dT{A zNp4IV2a{$RhV`USrU}iiK=a_ff1(Z{X7ft5Xb*I*y~991jT`ZU;vemRAPr&A&-;mh zN3~9(=7wGc7tPZ%6^H^AK6|ol0n8i|pm0g1Plh$DG-_cwK%JZP2e*UVCC~8{M9mvG*Ae#@-ti5ZZ<_yu&C1V7CDUR zW12;Ok{B?&^v6)ezZ0hmI@FBmRM-EBw;Yzv4#vb=t}6PDH>G>&DE%>j1$4QH_{#S~ zuHQuaU+N=1MOfmC{IFC712aK_bTKmZ%pA>}a!!rkz2SZNaa+MEZ-~KiGX*gk+Yvf;Vc~#0J=JILS+_v(Y zQ3^@{S5qe@7QpB%PF);EL)B771Ugx${#4lc=xjsg(6hyOZchs`q{S=?D+G=3~W7@a4Yr-=526 z$7q%xT;!_Es>~WFj*tDKimQNNkx2;!RWo&x%L&k|+@N=mPr(s!N=*cdXDTB9{aoDd z7X7kjoU6X0x&iL*C(^@LJ|d>xvvuVSrl`fS~zQcA@ZHQvjp~ zo?7G|FUQ18O-bw{s(+t7qhULZgS`Gl^0!2`wnj%vXqpNxqg_QYXn~8MgOMB>BgoPJ zegB!rMXP-UQC1Nu00z+Z_JV~zV7pBqCsk+u02$4Ll0T90uZeU8{K^u}P{(G<>4fUG z1=6D;VatTcojxIF1sM9B5l?6kOwtXRCJ4s^e$i_&@xMCC$<$eEqFK^KAxe`3|1-uw z0;rU=dbgdYX)}hz&{jt>%2g#41o6^^Z+5`z6~_L}qa7rb8N9$to^5YsV z9ohzqP+yvGhR&z!oeTa?=58pGl+LfMLm|Z8d)s?-ab~7E|27Q52m>PaMx|E@Q48c! zhZIEgxmgY5GTQ%*c1BQ_rVfW*e*I^y8JIsOD&~4aMSM@ojj#!)%|k>U(5afZXG+Sy z`P-HUQZy8r70yK;vd?~_=;`m1Rsa%pFir{cr+Q1gop|_5Uw^3ufe~GOyiD+a4VjfG zA(^*kELm_|yYDbAFem>vQ&Q{!_u~XIuy-FrC}zL)=Jc`mM+wvXMU>8NS~;fMnmcry zuF;lcW@#>Chw2g}TkqVDC9jOC0FVK88R^@;Vqo)$IMM)bgUynfm)j9gzOIgv zM($8gV!U;&wk< zRM2U%!ub~(u=b>RgCWRYNNRQa0;dt&>Ift`r{9MOyyZ27zDoA@ll{9CRhKr|&ufvi zdo-)f$D~To*>KqK+FEPCjiu3mx6`x`-C60Pv9AS#KF*?%XrRy zj$JnsWK^%fNAy97z`)7EHZ?1)gqpV*Gq5SVad4X!OO;~f~t(u77-=m ztazhHwk%`gx#8iL@lvZx%#VgChqZd%-!*P7CHicidyi>LL^G%d71HB5(i(qmh~oFG zDph>J9v&&SsT*l?RK6$Xru6P1Pduv8spr>Gp(-4AF<(;AP)d?({;ksR ze97gQYT2mBi4o;=O+MuQ;?p58r809@k2q*Q2~FqWmbYOw&HU?r$C*Uf@bTTIK4^cu zB{F$b{Z3_L`qjNeE2o_Yt`fI0EjfRogn?M+z`KB1!hId{!l}K)>+JXh)cmwO@tYkT z1W z9D1s*WBF9x_j^_=f~FeAf94mSCuEf*M}ZRpz7m6m8gmEY4AOJ=hVp~PynBJ`Rk|KH z_w6JCg>_Tw%zb56c=mMzQRz!#tjo3`f`n^O6g~&*ug)qfH!U{@4eQwXtufVdZ+fo0h2JYg80Z;iwi(6V#S*QESlX3lldvXcQJlHBzgl37Gc_c5teWdQf zakf>ZoSGUcoG<`LCqY@4oj{*&u~6hoQ@m#uq~0VC6=nGwADmReP54rTE}nGxzX}ZV zBwid%=X#`C)zA3Qzdb0z$)FXSmFWU{W|U^FD!f$?!N z-7+cT{c_6RXjaL(fJ8?qwF(PE{`uCWYprvo&E1y5^t^Ru;RXu&_U=K5-e~u2*Lzaj zt>S@{pZxu1!28=s{10u#Oz&+-?`PXr%E$#vZIZ`hDeDc|R;3=&*C+ouI$v$SmzRZt z5Zaa42kOb#A19nE2X2g;{M@84kFgt{Qh(>E8ve7Bfdd!x6xu{4@SJghx$v@-eaZ;Y4 z@(9QJeSbL1=L_M>+ATrjw9OG!O1;(gAe-BE?#u8vZ=)Sm#&W}z3_ztTQ$umq<&jg?X=&S-d zjS^$fx=oWifm(v#8lR1&!k3)a!`(lQPxRh==Y*?5Ig}cYFB3uTk={&+0WmL!YD7Yh zrY-pw5D3TN3dN2vAsi^93|>q-+y*L40`lkWd73#7RW}4r0xnZ;LaA&U=YVe*J`34z z0mR%BtVDc%J&8=kb!bOUs~@9k^CQ<2hQH9j`CjL;pY#a5RUY$krISq9I4~G0_1g6> z%d_g<88!97Sg$^n|CqeMoea-WIAEg{)@?9)~ETAGg! zR7gxleDlLQYw?Xpni}`>$|wr>b8T}mWN>HFr)#w5e{cogL*Rm-ICjK#Fbl0gQEu{T z*TX);2GB5(B>(R3YifTNArI*ne$3z_l;gckJ&+<8__F=;Il3jl@ z`nfa2h1*pISHm&kTsG17wD9mTHN${wR;Xw!e$R$$ee6^V$s9QUo8-ZPpMQP~;$+Ao zF>l2l#8h#12~v34Wz!w5ZG3)>CT5ZHa%U`-+X)Cr{#qA`&Gnl0o?b4n{y3smjw+5< zoH8{OpK$E?+)uiZcrqVC*i{39=<5*{uUf`h?p!tCrtvvPG}@H**&$63AnmL?rm}6w zA=m}m+tmk;oM$6(H;@9snW^Nfhn7H5#FjkEt*bcZpTFj1Tl(0{Cj$GO4~LZ7K6u=p znYXjvhv@1dNNT%ek`FN>umZMtMD(LexA#AQR#wR#N{;1;W~-XiO0}kMVFpKpgS*de zrMO48^g`kVT!jszMvBi@%QMH)23!M(N$4*5-Odoin7d{yYY4Vh*oE?I*G-ve+AT`^ zwdSI98&h44*xYxS6&35GH*e6-tb1k^k@)GJt-@-PljnGY+w5spinoH)A%%?E5=5iB+pU3qD*h`zRt;wP^AqNZCrF(lC&s(+1h>1sehYj)UT@Q^7->99hT zwbX7;(q*@!?`T~=Zx~%~^xp7G?fN6@O^j@MPEr`+B*Nqu0Mi<1Id6%ayhsd~_iNXz znf%n89C~{}hixz3Xp{vOV*D@~+!4#+uYv-%8ETgVTF(TnzPpT(d>JmpZX{D} zl8bP~Y!2sVP1JN*;eCJ1Y?qs2- zBV|k)ACKI=p@_G?7`)7pVyVzJySFe3@(>U>G= z3Y9xhxO`DHWHSakQFO#U4k%_6kdg2dO7a&-aBxKM4sCX>o!MTh>DW72`Wj`wXiUa9 zbHi@cD++?DmV(*+m8w$QOg-0>4pSfRvNrBdStb{wSUh|_oQkZTwJUP^nlF^l z>(N2EqZ@w&XW&rJKsGNQ%4npoo<~W2+G1HEmt+@g*N7jkAMwMuYmznLI(88pf<(5l z(ZT^zpe*_rT+!+ad`=pRyMJVy{vR372tofaY@fj^Wg7MMD~7AIn4k;$nA=q{-Pt4* z89T-Rb32y74%dRsVT<``&WvSWEaZgAPjezdiH|UFkl)#539KYV6C_aYv~?DO2hSEJ z&}foqkYRGXJkasAHnlg+zD>mEKwng&QERflAmr?vaN2!hmOUHF@%U*<_F^CJl}qy~3fD`oDz^2~ zcVyo9J9wwYpv|eST*sqM6|auLG@V_PbGj4b_@RG<<7r}ubbs4ka>C}&99X$jEv-?t zVTLVj@30|3{rbhc3Z9`{udRDENW}W(K1Y?{j5z0L_#?6Ihs<$ye77yD=Ferwe5m3m zb=|non-~)+ua&8O#@PkOv>HX6TCYvKN$I`bt52sV7yf1;(|_h54P3-CMAFxrb+3S; z9%z{S)LS61vOlC}o4`MB2^vWr@-^_%Cxdp{Y1F?yZo|S-sVpKTD1(#J7;@q1uw6oB z-PMhWLQaK8e7n5|Ej2I+QPQQOFhls?uBy7Lupcszz(MP6SfRvH5cIyJX}((|jUK)q zWcny|1i6hrmENW8b;MYtn4gf2MDq$WTby5D2{pPuw(f3;1XE8lfQ<;gGj0Fd&KG9M z-RB~L*3pGkpChfoR*yvpzS*l{0?`}-j_dBPB2o-6ruznuUH&QN2VFmpiT`Z5C@yDx z5^1JfeKh#3gbfdhXLyV;e4EzTF1Iu2!V3ylGHNQ5;db3M+i~yY@V(Z3o8LOym^jl(MNF%P%s>!&el=dhWr_UK|Wu2n8=wL1KiXwBqAtF{=UL`P#<130MZ zNaT3n2}B73LOaEW$eW-5VD7|y*8*$gvY7NO96Akq$yw~jWsQK9T4@e21*M`M51Wt% z!(*J^dD5BPLhN3;wF1cx&k=eSyB=ljz0_7E^tj8XhHv8tZkbQX@D}DO)!*DcgU&(- z*F~z|M#6GnbMZAQRrlO?a1zi*-tpEhqVt*g#9p2c6P5yNGVBqr(Rfbw#|{oWQNF+{ zKu^;N3Er^2&Um^P!ShNOT?SK3I6pNkWZQgo8B2d|Ir||Qc5-MO6s5V~=~qAZiS1x< z(i2bkb*|S;TA47+AX74!+JEzsh=Ls-E-P8s*xfrdZX%|{?Rz^i0aV39JhnyzOMtJp zYmNI#mpA*YPi9EEuJb!hM{+m74zEAPdbH(K1;TlocfIQ1 zu~zF3(|%Tmx^l1h+@1W4c)8X~*t69@wQB@?$wB_x3ShVz?m$gCTyFB47E?vE&-0bj zeafX>+x@T&+Df+_urohSKkO1oGJQa!9?pdF@nz&gxF4Qf>gz&9m4 zGJB27xtiz0$o-8_yK(66daK_`oo@{+7Nnx8{&@m;8dV6LCx5<&_<$9sIS0LQqV{%Y zPWjoNel79u(ylVG0SJ@y{6AyIS3FXcK3f{t;6vMNaWufd<<`l~yB{#2D4r1f!LO2f zKc#qB!s`8nSIb{9VQS2y1AX=Bt}hoC`MQ%}n|XE1v-g*EU#)J(;m3fZxlSoH@yfG|AOO+Zs7^{MydpSBekF?9#Y>zrc45MRD@HLO(iSaNhpoiCi|%=YBEm zByVHe|9d&w@OxETp5+1*SgWt?&&uZNY5KTdDzpiU;IcO}t6xFj%&kTce=qgA)f z{)kIT`-ays))-(0?0nx+^Da+Fp8o2x<(E=EfXYh@yaYbo?Ms>f&sXa-Q78BIQ!e4i zTrnf6lYzv)#T?Hu(0bYQG%nY>BjLNn1%jUMSVoIC`mEW`Ske{HF7y!=3?StR)EusFK+-$ z&j$wl0s|+|wP<)FwhdBcv}5jd)UK_X6Uttde>>l<)W#jfDKBRzKTY?3Hf4{@tkqGOIX7A zy*&p-JinU=FXmVeFR2oWiTu_zOgHOprbymoq01_&!s@0)!J$ebmvrE1)twBpezRcV zRS0}o{Qhn$3+)C0!C3M4r1(r9J{^0mJfMKl?x^Dd4N69}e6fv1Il=0B_Kyz} z%Nf;2mT>9WVwM4kFdA}|d@k$X-b}KC-(ZsrKCC}vc~73U)Uml(o@aPJ82l0RJI!$3 zPiK3#-gx)f`_R@W`qPKmo|QqrLu4gBrN8n_ciOHO?qlJ#W5px2!tbj0>&64l%Fbij zr#Tlzr7N3Cmgv+r5RZKNRl&iIdiTY;Hyy`FrD-{%enaMfT)I8Ie@qh>io^StJ>Dm? z-zaWjSGonxpPz=Y(0{JX+pfyk{p8}DM1#q!{fCT8Z)Kt zQ)xMonP>R+$k6K2cQ@Pk87q&w8g^iMw`tNps}j-hqDj(UBCY9wo8)??s7nlc_5B_7`d+LYIpwJlugaOn%zydMZp#tFEx zD~Xp=p9{xR72!K4IOfYVD@386@AGXcJC|24JdD={80vlG4w!Uz~GV{CA_oN?iY}?O>O25OPkBG~_rWHaL_mIOM9Ih(6O^ z@@*HA1tDDY&Yf^w-$zNb;qQ&kgpol4-s|kHiu6_DX3NZcAXl_dS`yB%}VK_(p7)s z9OHFC^X0gQ`@TrArc+fg|H6men7~lg+u-u_;k@XJIxXS&5pSJ(*6VoL#niOv;GI1W zuec46W9d`$s?^28(p6iO2P<)MT(E@fIW}oIdzPyqi7DLeULpG#9 zo4DP6->_=E`GGxDOvg{`ObgVy#{v!3V<#HN@b|9Em9EdRrB?9kzB5K&HcC^qQP4NX zU}d!+d5!EN8aN(^u-=7vOtP^52(D@la zhycW2sRAeVNCZU<#|(y;o`~V%!k4!`&`f39Gk861wUK+(dM^0!dh+JiOPtbdV^_gA z9h?iWJ4~zOH32_7)S7r>(=}g3WYq3!6cMsGQiOT&6$|BwdLB=;QqApqDAONog@R9a zS%cuiL`mN)%9%aP`>mO&1Gzo6G!yHnZyBnzJ7^y&no8HN z7M2x@0x*kgF0m7O<>fHRu-Ry*!n)6cem%9++sp+nH=_7@S3HFGEZ6L85r^}h^P}I| zO)kmHYJ?0kosd(&p=V$3Atj`X$-PidrkLIq^P|(Ovz~hK4$8bq?og+CjS*9Xs9aq_ zRQf6K*4WOKBf8nH$ZVWhFL|Mg3<%r0pda85nhLuj2zmUVQ@>Rsb*-wwDq?NnKhyCO z&LUAOlW@}+f;L%kKX+zW352KT^~S4qtf2gru{V;KTX=^Ax1;1nd(?wh|Gpr(6D5L; z$NXiXT!K$~Fo4}bFN8+a!todD-{#OJY*tC9Ei_IBap zW6*syjrMi!Y#3fr1;<~>O@z2wD&TwZw61TL+hf2=D4VghnXN&yEl1aPHWcSb)F+xq zzw|X|^$wYj0?r2rd3YZZg*rGQoO>xI6<}&C8fb5K2G2Rl-iQ;XdnKb&PekZlZP!+- z7mwV!TU-2Y+;!@GQ0+DvG&lBIiI7En&adE$zgSS^t^2=t6VVy9q4Yd$$B^c!P>De! z%zF=3Vhw)`JM2B{g;!2?XP{^eidzGF-+pgn+xV_kVf>)9rb@Wj!}WAkPIg;ypK19} zA50s#*l6zZWudfXeJ{+s%mjZHp{cSwr&|V_jeNPGk_Z(G)%L+uMBJ0cLU+leM0Ply zYSAW#k;7Um%ZTTO)(>IZUog#z=2tP{E+BtgI@{Lo&oHQU2--5XQ*OSt*GztJBpSG_ zrNx>^1sF6O6-U88K&dI3tgQLYQ;t)FepcBI+*x1O*C-G=8q;uU z3LIq@M^LI@K}^D~Cq@qw#KqDv4|(;WuSJX_ev22Zt6NCywyJC~*6M`Vmx(IMmkn#hod{-&2=C5+cTOGhNlpDk)wQ0;HLv7?kUM|B zTYE;qmD0kP3nfJ#c37IVmt?I#Pb6@fmb7xe47weF&%&EmrVdQeZ!5H}=;L`k-Rq*> z{mEIZnP!jg%%G0mhD-Bui9EU}`Y|Fhg~-sXe?tBRv(Kv>;P;*r%W=P3GILv|`DWb6 zavdTv+hTVZ#BbBB(m283X!G->9U`zAn9J7x$A1B>!dmJ*^Yn|xVn2MI;|)$#b`+$J zufE7-3l`4HhQNDJSe}O6gtRm=&FXBnt%)nPOh$$qJT+9=l$HC18teD9s#50EFiltU zaR+@rMDpWM6C~FBa&xb=YVroF-;33>$17(^Zof_4cIuP-{l~axFyWH9n+IBk2eCS{ zXN)zQ&dbXK+eOQ@L~7Kb3Lb~1O)=Ji8eF>SIJ;O2#20V~^u-aeJ+IjI)iq)E95ZXk z(-Vu~s^4jyvZBmRVx2EE&khd?hnPC4c9u}p?o>(p5CVZc+Z^v@<`THs%^RLKj&sC= zh8iuAg8NB1%DZxqP#zT)!&}$_~QF^=WIVZZ)3%P9QoAH(WcAASJ~@J zWWTEbCC7~LEnq1!nen&6ys|m#s1!=in9KKyCorx`_vb%H| zr(Vkf{JU$ckD<$tZ=R4PP-_F=vrQy+5BW?+9mT{_J>vQ7o1=N1+LIVnmp;3~wM8t4 zV~L2buGGbBIOq%jX2KRFr~|F2^sbDI78HF64aymo8n6zQ>P0$4gT2=F?bwfJn8-iy zy@KdVb$+vR|DzuQIep+S z+`vUzt?AWWp`FETJokrL)5CJDmbvNH&#Gv!R$IkJ_LEEfyH=j!*amC#6lh3QU#I+f zC;>R^G!0D~+?3>g$c*0{8G;YpBgKT!%1tiqmh9mV1cw@|u{2sEt7a2Wjojy`E!}};x5vxFG?@`F7z@M;r1AZg ziFl4Z95bIi)T^`t^lf?O)e%i1g-meG@5+DW+B6)WOsZ^<5G80+e@G}fzPvu!BY3J& zAm=1xSyq6ehjSXM!)*7!p%3@DpA~$?odlRTsfzqk*!GJ7T=YbH zaU9p9)lay}KHB-e{*^mr?RL8rcbWjge`&^0A%C6#eVXD{!-r^gTj7g9ROKYKTx=m2 z42^*I$2A+}FVUTZq;ULS^_Lr1hhk;kzG4_PbM=&3QUiZT@#c*L6_b--?EY3LM^CH; z=9a$!OcLQNe41&OsY)PgeBXvc$3DJYPfnMI{i)0S3ID7m+zvbBntabtQflEVvW-jm z)d>?!i>WW`^^otQwqM2$${hv=Wd&qh5GI@mW(wFp#KWOai6h=N0j#V;rnZOjYgKo; zE`MbAHa?E)>w0@h4V%&GtoilrlZhl!InZ--j0v|TUR)nh)OKpEX%!$f>1HlZ4X5y< z4FkFgM!AZxCcu&J+ns0}>#1bm4~_8*>0Hu4gp*W);F$^|FQHl1A-dJWM4)|%`*>`D z(jd~a@m-+aw*SZ(+DSDO#r&jv_K^RCy%Q}bruj|{Qq@}XlB;TijiKU%i6!yx$#E~z zG5zLXQ&_PLK%Xf&zq)nbylT(~nbL?ir!KD(c}AY9EAB%?2pRSxh>X<0|iYNoo%N zF2dtM&#EyBc2WD;mZBTM%|~?-kjX;4OA$YSPdpPPbTycLz-9MiRq`g?JMd!5qMi4V zfg5>4%wzTNQO}et>=|wUH=V=#iVL9u5_#u^F-eUwPQSSg=agiYq6`0rtN5_AU|^^1 z>27MY`5FmLtXiK$PX}foh@;tc5ktIr=TsC=kVVw&z8Z~dH!r%rN6zC4!6-Lnk|9&o zD)SB-M^k69cl_G+hu$fVH*YrnHWpp2@TvQ*+s!$lfiPvZ0=1vSE2`V2RI!VZMzzv5 z-^6$SRC|Us_;n~VLR>^a*K{SO&WxQyRSo-Djht8;}Zr*0L@Rb;Bmcpv2*H=%u3 z=9-!Zk^kD$(H_CC4tz6$K#!#%j9#LZo@ixT-vME|e3v%P*<5Q1Qyy$Ya^AwW@NE*| zc^#^1)}YNJlMY3NOkVTz0bwAk|F(AtOn7ACoMFtc+Vh=Zb1toi+H8)V!JSRmHR|!4 z`KTXtZv`P@!K`mcz;`m}CyDy1g{mYsx~64|2i>f!SHYK4iW$~*b^E}8^)`pQ%J-Hz z>^?!gz}#A(#LTxCr;jEeQIXpeF@cXYYzORk!*I~l;h%Bm?}(e|3l;g9K-q3^P3AM<;f&6ChE<3e!kt=Prudp)HM+2!fy zNx`$vLWr1SU~qT)b9ZyLk%u*hU^%<;E6+k99|=*ys3YhQy-J^yq~qixNyjLsyY?Dc z#a^C(60k^7$gAmSJ`h8M<1A2c9QOE|>=%wV2;ssBZ7H_>(0DpL!g`@U?62S1GDVGp z#VHc1QOIfV1LIy}c)W|Ta$Yt_1xI95c=F1fBRMqa{a*m$%`rVuvt_`tEhZj`=}&E? zq=8|5Ld|foM>jY#>~9X#udN=e2(0(r1yC$SfY?V)<1*9_=4J&ASY@zy8V6>S(X}U$ zYn*(BcWO~0v(M=92sWrH?LjFt{V0fm+1w>ZRI&Q#+V_C~eeFnzk*Q1t@%Gk~^Cgd8 zV;bT0yVcuEh^(UiBlvBP;aB$He#>iK77>emt(Km|0BM@>;c1Q%G1xgXdx z*@17nsFhi`xg-ll$<%x6DI(-2NWT)~Za+(|+jgF8dPO%YQn_m=G$_7ia(l*a5KaVb zmZp;i;_U*{zX)Y+`GN->c`h1v9p(|<2hKPlEcaQ}u$cMSS7_syvs zHxNO8^BXCD&pX%E-cg;`d-`yW@`wNo%#|T2Hq7|(Ud|!K8#>g<9Qb~7)&Ah>V(}|t zJTOR{Tt6A??;|QAU9jNqTo{xKV zF=;rGT2?H)=G4Hth8{#RVI{CXx{po-X6c305C2m?$^3)>JW^BCw6MALXYVXOmeDZ7 z2AdUhk>EW%3J^e!Fz`t1R9um^KEqUP1EI)w-~&U<{zFu@!p~LkNybJf z*Jz$Lvx~(psv$BT532MV%hbkAzI=v};VR!dCh2)QayhuEN6dLfINz*hq%D~AYTt0v z*OvVtGRwes$Q2)Vcu@3&G8&K>HfSvam$)#jUQfwU4f=JR1CvUVQ>_Dg78F(n!!iH( zo@)&2j1ZVhsndi1O0-QDmNJOxtEv*kCc6^;Qv%|dxoPL@ryI?3OE(n`ju7@>@xnzi zFqctFcij7D1xJboWG4AErH)XZK6L%-v}MAW0|M(TxoSlQkQ495M6`TTq7+lyY^p!~ zCt%Yv#sXFqvF3Zm%iySQAf8ws0c{PYtuFzdI$YN;{F?R=f?^@$>B=0EhwyHEvz;i5 zsH`E4cYcPn_I2Dt82!goNgs|{xSf>{xt<~JQ%b4ZpcWq0&k?MVpO`Omkq0Bx>06nX zBP0M<#Nf*rD2t)|yN*mIf?u#jsbE;l@WSp|sh+v{Iw}Doa`UT9+@7uoGuXu#W_-e% zJuN=t0|=i967tbWXG2HYrzhR-;CTd$wv1WTs7?+t%qcc6^hSW zuyh^7&4oRfr<6}TeKLS)2TB~}BZBZBDG z4D5yk(JqFc*CLK$uR0pbhi>A}n_6xW2)HVBg+bCKij-5Y>XYGpXx;gEkpvnW=Jp$L zb-5&}oB~C=jwUMC+*_U~G`=t)YQHs%50LL)^zmo58j+~*BfAH>3;>D3%uA(|CxQ@A z+7EkbOt2#vzc;QTkn;~e)i_CJRmv{7Ikp4(Zpp*`fo;8xFLd@4V!KRv*hTfXsnVRBGPwsjw&0y(f%sdq_udtA89ooz+!W8PT1!?!1S&AVq9S+SPgQ z8_)#vY_e#Koq?bjcOHha;%jYJ)|&SgX9)~euBnNue!CGY9b7rS3^M~%p=34IE0GCR z7@zx@adLZs#9cL`7=}k(-}uk2u+3}alEL{pKjV|sWS3r+r`0g6&}Izr(@-iLaZWC# z$@&QszCLS%fvNQ#|BhSmiubF{@%MKg3>@m}qrku|8Yc8d(cdsxTVUr~}o( zohB0h1ZH0`^60icRW2g4lZINKJOQmkc;`SWv&-N^4U4uL7Nl?QMi9m*=)A@G%KCiu zJ1t^j&=WLJep1a&@g)P*g@9@m0Ovw@K!j~=PH3MvMiw` z37c;}ncZ;wi%#KbS*QT~hKWSOlQF+!?FOr6Ad(C|E{&$*@6qs;>4?{9)-s|1T?511 z@NBX-%w72FkcfNS5#UBxs4^He0-H@A1kqZC7b3;!4O>CsfC!jreYu+G#x=8#-o@Qk zn-9%FEuI7Iy9#d4)969=DCKNUk(Te9=x4vjUX7~83%j1Bdw*4y8al@ z&sTl;h2+L-hH58V)o$)e+-P8hZM4p^oa`-L@$n89=`pZi6p<1l6*exmSANsEBX*Py zmp`$;_#S{>sbPP&e0Gytel*xG15h3uX&}^FYgOZuq6}hx`0`cKZo%K}uY7_XxxY3! z5q#GA7`-V*y!&M)VZ!lbD1()QSiRc*(R@YYsSXx?^{vpyb|vP%KcR0CUC4V>w(nM% zwOHOF@zX!m0n5n=z#EK{E+87QPLu1nT3NE@sKGP-8Nt_=U&|p!rmHY8Wu$Fd7u=^N$>DR4qa2QzNtI7vWiC+)r z8ccH_F{>5;HNRR5@Kx1mdTbU*q&|gp2~L@6PS_EaS30IOxCD6cF-|{!Q7@C@V5LYf z&_8Oe{sCOphemOiONAByX_E;o$^g!y7n;akc0AD*0=0&d3?}R!IVLQ!de?3JVpeKR zxdOG7Lt5zEX-@{Q`l+N`jZmz z`5$lnEPM8_cQFOWh-<_5J-eA#S>oLT*zD-;LDZVk%MMADA_5+P(MrBB_?323+)2ac zRU$}@!J{rI;B1woq=L>2ch4N$6(QbSPuObi9xM*o>te3K+qytgZ9%=CIM=meW}%%o z61^G*A69#=<+QkJwVp8==Zgl7;W}R5FUpf@$Ac>x3VQ1ibHJVmnz#E|UqsS7&!A&_ z8c2O!jra;YU*aY!ha6c}`)_2(?!^&Tr@l%;XWF3I*H4R6YZ`#vx53W@g+7bzzVO}S za=4T`Usa-Z3Ej7`>1awFdsT68%3vktDze1rVKBsTRYAq><>K-UdGDg05-6FqGQG6W zC*K!b#Pq%7KFwF09ZP?yCJpq!Tpu(aO=Kx=j5=Om+Xjkxcf8*%D>5xWjO=i_2Lur}Q$y+k*%?DbHl!Se;W*>F@D{d;I z@%X1ef_KiKB$ijSV|YaMK+a2)hW%hm$BX)i1)H#k-UA}6^1|Y7p7o(uN0-;W^dE-K z1C~F8hnE{yydItRP@KcuRpbfgN<{GYM#NoDWEQ@iA&{d`fH-6JvNriqcuwt_*HZ+k zpqeiu0OEXVNR6KdgL8S5juzFBb;#3NiH>+4-o1i)mgS;S6u^_5~L)8ABt6 zG)uu6ZhDa*{N8kfOd&KS<}=KWzByq`^pJjt8>u7<%~&jc(TvGq|66oLe*JDqSif7P z??%U(PTW_ssc3^eNC*Xx55rsSdEX?a+tZ;<;pH-4=3bSD5DLiPdI(jZv7Az`SfNZiDC?xny~#zE{6$8W%mek0eS&~uU~w{Lk6vRH z{tMY<$QUW|Se;EkJqBY1{I7@^ara1h%j^9kvw~QlQXj(Xc&W(br7Nj>tXS3w4=xVI1Wwv7;@-@N0QWiix@$-UvP`B2xWU?}2jjw(mk=q6z zhhNJoadXc#tbzj=f?$AcQXCs+C<3fO_+{t8t*B^9{mk?>P}@x7`9z#$A^;K zh;@pT*CyH>|4m$2NrRvU`AccE1vM(YwG@~sm;i3TS2rxi>A`4HE`Fozv>*RhHP`+R zRr<%74xK^mjAAO(828&~CAat*npqhP#;q{O5-Pbw?lFTJL)JBN50gt|T&pQj(M6kF zU&K;rXE$cFt8pnsdq&iL_q+eV_owqZ=k+|F%lrL#KA+F?I?p*j>iZ>iI&vcK_Y`Sr z3^R}AGIE?+n*#L-sJ3K+p2soJU^=`FKxPN6W;Q2WVRY`V(Yf_9SKa9zJva3tAn&xS zwSoY!`oJo;KgIxVZ8JV-6#koRU{A{Kyc03OFg^1qs?1Q7suqvvs$+a92v(4#E+V`J z&;WvZ?0M^G;C1w-t7pZ^#ku~E-foAP3G27_W}pq83xkpIg<>q6?=B>J5$eCxri0 zCk~?}Kng)v4OM8swI#saAf~1@qFme!nYr*pgz6t%tY8KRm69&moR-$^aA#%k1@!Dd zzIn*^pVYb0QB|=NTWoRD;+;uuuKBts8mVx=;zOlet|B&TBQH}L$y7R!Hxm-Mk zW+}$p3G1IXa-q>r+a&9D1f07W=7P9UhX^K8d1ta}_HvTlKKqoeIYsNtO-UFZk|xpV zSYA@vNm~ox_M32f_*8c)YT70KqY6h(Dz7o@HoWo~4QCAcIQNv5uD(Rl8rXZxB&L>U zZ%xa(Z6mCaCve*lSElH;#Z9lyYHVn%gssG8spMDM?LxnFYDgs_LasrdF%5L+Tz zrA65ejYlIRBY(Xxbd8XmUuzuwY5VNxQn>ZQ9<#4F^?|z8PQ~g@sxl6((5@FKl+E!5 zBZs-hNPN+Fe#&6LYSXaVnSud1LG)~gwHviEGw*Nic3OFxcz(LC|8>Z){N}F=&SC6Y z$s)CG6-4)8I#w1H8ybvMcxlnVw?>4Jv^y5$XD8!XbX(g36l5A+!A}3Gs0n|xovPa` z$QN;o?&xq!r47>(Jb|7Zb<3yRk#{lqfl>X*fk!hhsHG=(w)djUj5A{LJ)-<{i;=$C z-9ekCOVEe|(A&m?%k%dm?4KT=yUHDuPEXCSJ_ZIu3aEb7QyRi+*K<7rvRWRhC}(K>P@a zL+pipH>p=-)N))pxc>4?x~!??fhCS|<*6FSjWx=`*mXGXuXVp%6n+}bEf?Pmt8mQn z0=$R0-Wa+8Dr&D}EP)wqhJFloElbV~+Q_Gz?aOLfN39W)aVWHUS&_{$H$Uruq(;uO z^Wm6;gp`%`#%<6UMyWradCamaUrd z7e=n3Lu`6i4`xjaX?T%IUtB_~!yY*o6g%x_CF$DBNT3juQ4KN~+YbWFk!~Bra7xcF zd&S@%q=111LuW{vBpr8*DY5JOYVFn&{fgB3$cE)Na}F)q`aktj-aq(gMka5d z>;({|JI)<bU~!E*G!r^1V@RlnJ(D?P&C?A(_7$6&m}=+Z0}Z&tMybHqmfK z=wLxZ*y8yeoAIMA*%C|fj##*F@&0q8!?`9$Yh8NFBu|=H`ywd@xecV{MXjCDlzU(~ZDsya zbBlkst1J7M$?WH4)|h68AdJ0$rdpTFz0f(xrLFZf*3)G8DXr0&jt`3%j@$uK)CUzf zJP^Mg($`J`#5_$i!6vcUTZH}F%+Nbp${AlgD*aprZ;6J}Szsq^!>=So%$nd%Tt8W5 zGajnQt=XEUDGn2sPvAK{-R0}RRo+tLFUF0+`zdk*`aQ$~C<3gg zm6(LO%AFh{|8tXLTiD~uw&LmsP*K|6l;_t@V2&u|qG$59R;U?T?^u%inVEQ=pVp-Z zotKqtD?Jcz_6s?j<#Pl9DhOStWhpUar0=G^GtTNcrMJJ(PkT}Vv46%3emqltgSjl?*t3?n?2^Dv%6zT2%TDRLQ#>pqX&-Zx44yc8 zWHHuK-|DibDgm{aI?8eRkJADhqd?Dlp>%PdpwND;gX_e%BN4Rx$r0OVZK#&5FUO4w z&I<(1BqWG6YrVyPPo>WPfCIgwJx!Oz=!>>{cf?;rR!1CdG8}@e` zL1_s2yHjed@C}~6Nyun}xV9d*QjuHFrt7`e+68?WLS8hrYDoEC%o)Q#TnB0whq-?V iDFMeDTB%;h_wl-!o!U1mU4x(#>_V0V68@UG7ws>XfOo9` diff --git a/docs/proposals/images/history-rollback-contents.png b/docs/proposals/images/history-rollback-contents.png deleted file mode 100644 index 3070a8e19d6279554dde26a3ca2a6333fd308eb4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 128640 zcmeFZWn3Iv)-Oy53GN|C2*KUmJ-CJ7?$BuP#zTU;ySux4aA+jK-6goYbH!(r|EvQI z1?3Ndg86414dDCfF9P^H(fs2ZCdv;A7P!KAD#>{E@26)#|BDiqGUNHb&Y^RFdQd_i zMIUq6W;PBXtj{%p0{Bl7>h@4jugRW1&mp7yv_J($#PYxg(Yr?1J>KoWNI`9z_KfUOG z{{GQUV=(C7Z?d-kXSaY3GCbX3V4`Pa_-|wmAd~-v?CH)w$o}ZpKVHZC^e}D(5ZKsK zO%!AW3^mX+ekM*9X5K&E^S4|7Zs|WrMQki>>^^?dH#FvF`X|YsivC(#+1}Vr#KsDE zj|2a|r}m$8f4=!w!arK5{_hsDbFlxpfq%O5C(5TDb1NF#+gLh2jkvNk$blc|*MBSi zE0y}c$@rOAS^r7&=hDAYsQp)pKbQWMLf#GpjD!AD)1Joek7oV3?4R{{8J;-hPn`1) zw)~?M;7fi4UWWhSaejozj}(YdP=ZjBqC!gGXZxuyJ}XUP_o6Pol?J$#gv?2g5aD%D z6tp4+!WW;Q3^*zHEDUO|4^5;w&CSj6BfoAA_uX0&Q`Jr47Jaqbo>!l(E!`d7wQ?{V zI*&G1j=a=uB4NcKeD+&M05o)Ew%(fs82AXN-#T!hUs1Xc|7K-T+-C?eAN-Qu5dU6l zG6V2ie ze|Nl@f$_^mV&f3~t(K4qdPi;l-o!)*#-L{i;u;q;68+Z969QAi3;UZr%nE^eF-R#g zj2!uUjp_DKfID1hJj-AoK8X4~l7+8=C2Ez2k;LxB*)kap2vK#cAbFqi)1mjjH&STu zFiOcjZQC)FBvKV2O5S4_WT7a9UWY#g3`aoPf~JEKoFFyQ-(nURi4LbEB|e6@$7akd zg(T4AE$z2c&+b79OiCg-JTB&q`5{9Mf%?i$jdz5v$SHo0w*$1G#R8OSnd{^PLs;KQ zr}+dGYUqOB4@#g@Y8&K03{UHdBApKxUb`<><%#%6Juv&7|K=+8hL!HXc$+C?z+Hz< zVJMBSOl`PFp;9t)8_F%*iIgsZy9%AVN#&yXUOb-DMI3`vg79R$Css{EQz{bmGG}c{ z@{jdK94@%luvLcd@4TU28i6|WpUd2U9pFQzyKB3n z|CJS2K9E91o?h?R+nr6(Wk2);BW8|~sr0I>j&17iAUxY+NQbk(sOW5J;sxGue+^G+ zyC(XI;(-rCM*O!}2Nl;lClEubY)D8frX_1BX1Z)K;thv&Q9PL+cp@Bk4qZg?_6QS~ z2s#&?0xOQ&A*rJ5I7KFcuubJB5lR2#pTQf2J7N<(@n8_RTJ;O@*@ zC|7H7KEoO>+$|0?FGbHBTCH;pFi{-EQ=diu&U)ONp!Vmuz4QpR$7DN2(a~Jo2PagY^%RpXYybCkkMO4#ez@e?rEN@>{5%PW-A3SV%h{TO(fru9%j<-Feqhd)vHU< z>SYUJes{&=NUzl4I*(ycXfH*Npq0n@{Y32WfRD*j@F$n_7{fN9|1F{9oglPwdB9_` zFfi{-DAz<>I_I|a9p%870P~7L!SB`2zB*p^VfEkJO}u}K2^tnBF;Qr*q4?_9>cZ0JM`HJ#rp^=0_J}pYb9|aQnhNBY_cJrI-2AUL&qvQMs^UZKF zhw;gpF|+9iG}ot<2z(x=&e!CIJwaqUW4VzsiOf>I2*$ZWU;9X1PK|!p38;g9OA>)+ z;JeMdnK`esWRlMF?;oycx$L(}rVXFj3}RBqC5|>ZzA@hDw^gh*!E)Kj-6mBn!`C_c zMD&}B_!_QT&D*XoOnWR_Tz8!g7Y@(IJ(bO(Z7986O{3OTH4U8QNjRGr_nSK*5;T)y zMhd%Cp8MJGC!P=soVz1?ET2K4uWhli$#s(Rb#$acU#|Jbd(W}f`{ZMQPm)4IdHbWC z%(AxIFF%wAp)&1edY99UnEZ6l1)UN2zYGz!w*U%$G_JT@LgHgCqGS-5=@cv4KlyL1 zBm4s2-B2$c5dHNfawww=i|GiKPtd_)bFp5_prGaMgqI9>_H3J>|D!xxMK!r}oYI#s zW0G~2>STt!gl;!o+$Trv(ni}OeB>Jk*`x|12~4W=+D)XfH1XkR-gZL?@XWSr@5U+( zEebzm4|cgWs54*?dYeh+&Rn_5@-}o z1-v6K`UQT?P~Gf(x8(xw6lqO845YGFZb+vo;cXAm7GieWlecf5TfIdvd^{Piy10LT z!{~*QzVl%kod-4Hf-iVGT*2E8a-&!Mu&!Dr=_d-m*=ULDKJ}I6?+YUf+Z%^W!FsuE z94vQh4@X#I42gU1hlERnhSpV;D;*E2ogT06158Lm4w@7Z%FoFE1|c4a7RqL$>2$J zerJgizSY7=99MLW`?e!h1czz@DBFB9>zB&FyI(`>$+6XZoZ`7+t4qx*4KGYsdk?gLUSDOZmMAeFBMO(&(QXXNKGU!4b9zVreeT-ce>n4c%V1@sP)IUk)c2{Nxj|> zE~nPjSorb@Zb$Puh`X%&)uKcqpIe(cA7~6G@C`@ry^+TOb3CA4FHk&N5J%V^T~`@& zX%#2n@swIoZn)|o+Bx5W0!^>U7OGU1Xg0wzMe~TWOU5vIFEn|GpKgty>njJ8*pZZc zp$&kMSji-+kmZBf8&W4nqcSXpx^b8yEG)`eC@h{fo?FGNTHSwv+qm}`zu8VXPl1z zk#q91gw-%`sPLmu6@}!+5PiQ*V03}Nsp=1Tl#4XcMe)LZ1e?*Tc$=6SZcAT|BU!i< z%&T{iOw=;;mqd0=R;*DbpOEk#nl&DIT&AoLXW}smqnqj0k^Ux21<%RR3@1>)oWkd4 zeNp7H1{Bg!q?LScr@E~UCPQrL`a*8#ON?};jR&G6U!vU8PBc00u@Ck~t~;baO22%{ zG968eZ}Vt|#g}4N`lfZPfZmY1T5B?rvaOQ8GroNdu-ylyRlwa~?ZPGU#1Q)EpRoXy`-)oy??C zgaXQK^YA}t&rkBNdQ-(RWQtOUmxhyv=_Z%`wKffic-g!P)MQG$$+%yQ&^@ppM2+kg z!jJYIIq%1}ks&s0dfl}n*KKcb7$ZVp30BpTi>FDuhaq^(bvLKTr{JygC{Anq=8$pj zE!Vo`?WBvTPAzIUf_B$opTyd@_m>=^V}83Y5I$h3@Q7&aD6)pbmnTadss7!P@J@J7 z=p-|f3YfNVFzNm5K08|No*#Xz@#*f> zyG$t@l4jtuXd{w)$LD&#T0m$a1WkI}kM_CG$RBl?{mxBXnyK@v-D)S<6}~ug7LI)CZTKq&9n!3z=2^=PjfX3N zC}4Li65j-aW-4?N)-hkg>c+5HOeLStMVkds_>}n0;PN<`wc;Xw2Luk|#rvjLR8f#k zh^o=Wu4B@#2G`MU4ntdFFWSBY?$t#hpP|L}U!T!86!Yci8YfuDC2O_xIs z7u|-lawMarrb-f1iw{8H2|ddXYEh(;GTH~RVetFwW!i3=W4REFS1}_#>&OUFM-rZY3%r`37aFS<2s(QeFAe0w!yEc6csSYWy~11|L_xoNffHg zhz6plzT$J+$<*yRve5E4t>swGwn>i^_a=iQg!;oBhD+HIcFuea|eT}!*uWwydB1dl<#I`3bsCU2G zvb83*ZxSE zB5u%RT(wo~I*YZg+ad++IuW0y8B+HM0FuEIlhbuGX}{sqKu&p%{)blF&aBrGkxFO? zPM#7tDmFXrbZ@eWROAadh&#*c=+SN)XAllFs2ve_+)GT=;ShsQm{e2wZG@XTF){0O zT9FwFwuwr_{8+c<=hMxT+U5I$=(fM+y3fTpRgvz>-dId3;?1#tB|W#5t;M|K@^&rd zve%I_Pgp3C#E{x_C?rc3H`6fvpvt<|KNE4npS(Fjts6(Rp*8$>Ro5Fwf=~=D1}+>= zxz6l|7xl3=d#8b@6^qBM!|9wws0^HXOsm6=U7>oldBK{^?lm(U{M~l?FC1@3A|arp zfu;{ds6O`c4ZS+8G5fJZYBj#)LDK1QcOZdvs)fv?f;(Gn8hg0NQ?eL&j98ujZ_+gG?&DHb2X%^hXQM&VlGYSF4Q08c=YJ_2O*IY{NE(QRb1bUS&szvDmG;9LwB+Vn`KSOc*Pb~ZS~N#{&U%=P}jG= z96A(O7L|{%Vj-~zv5u#@EJpX;g?8E`2jon#^FlgWlo_W#>^6ibNQ&fkiIY6GtEBT~76v^nbAFMN~bM==$3{eb(@faRd0IN};D~yxikXeq&nK zi(}0Q8rfepQ&@fe3~g1|?P51yUqoAnG85tZ3;QkF2*BjQ0xxV1Cqss-(N`_pF859G zidr|3EpWjOyAzPt@E?mPBy*)U$<(WI$mh3)HFFL72<%QbsG4!$VrtEmSubl(6~*$z!al}gOAR5FsAnn20^48 zBwe6fJx#ag8RU~r3a`uDP@3ZCyP@$XO@BoPW@QsrI(OPa-u5)Wb-I4{KJmWZt`z-% zkX+^a2m{)@-f_YH*(PHn`j}d{acz-OM|@=u-qc*Ow!+b`(7D7HDy@oK=}UoWF0dXP zQeqFhvjNcsHe45W;vS61-|VtnbFbd;YJKuT>HgHZKkF4h*V)O_YB`VCl+8y2^ zt2?ZPgv>cAcnV|?{KBSp9q#i5n))9H+FLk1wNSv`kUBGdlXH}(O)f0wP~dDd%{1qx zkmZdIt*V6A-Qj+77$k~bd9cuEkAsd#fDhNY3+nO@uk35L9NQrC<{GOGqzML#|lVF<*AR|AVMBSW9k8PeSZXl<Wtb`a+K9gV!q}%=tWq@!AMNe+#KRqk-X5?h zi4l2f%8ccZy2%pHLda8L?~u1kBWA;uEBXpsa;J;Q zgQo`{rBy>1ZX_B$&8~fNEZ7K_%VyEu?Lc}Y9oz6)! z9B;!&WH(>FM6ArZU=cVma9}{#K`-DqGK4)<$u2M*e=*8&_-bMv6mGG|L|}Fc)vA_i z{3+?Lew?hN4)uf2>NX>G>MnB^OJ5J1HR~5!mRr(jj-6Wy%DjxM8Jvt>6JQyO6r3VK zUiUjO#p&`QqhkjMWrUb@sm0(jH@F(5b8iyZy&~}Nx@Q`;tg@U{G+7XqPU#kgvqziN z<8eNWY_!Kt0@--+-<1T@$r^okPRW zN$8$Nw=JZ`a(3ZWz4)7&_B-nwZ3l1Y8&YYB86KaJ3*ImZ8yBCcvV&9p8s>03wk4mr zp1LMS3!CY8dqi`s*`dQP5Vtr6{E?fRWobKbBI2eGip$$F2twJcY%%tTD!zzDQM)8Ps4E!juR)#jm!SAS#{OR7Lg*vL()+qNTZDaY4;|tK!jA zI#1r`P%_-$dVs6MZP({?uh7+CpiAeCO{7`;A~$YzGdPi&IL3OrR&%k)O>6HZ5vE^S zxAwF(%bL+kV{OI0&6>g6?PGXQi9u=XR4LlXUp@RCB2pQ%V;4Y|ivq8b^6vrU4cSJe|wOfADs}ac* zkS*1koy4779@Cc0>qKSbSn)q z`>MP@sWWubZ2I_(HG@y0Vzr(2XN>chF3DOxv?h{SyJ~J9RRNBNgdDW!V&&rfxKeBF z_&%f-zAlWIMP^&Sr)7Ch_!+IV{hojL;A|LGU;y^5+aT<_D~u2Zc#F%yGet2GO&+U5 z;rM#u&L(!(Tib1Fwj&ChSaDCZ)i5#1}B!{3YrF8;}L&n z_L07*5#4>yk}=&k)-Em%LcG$9+;wx_xr`&hp@i^dWf|bxYKNe54 zP?8T=nrV}4dGl!zBh+aiPIqx9$=ksydPUc3$i)+U~1M+g08%M$%U$>MPsn>6iG- znaYv)I-xH#gola@WwjhAhjQvfM(~QB%?RlX@6`ZyU??rv^eTB4!lGv&f zFE9HLc$!s3#$BqJjip>QE#tl=|EOwpLsg5`_q17R8Gii+aW6qrKe6_4ELXZ0GA?D| zf?+_gmOEZ@Lh+$qCh?GcS5U8;GpRyLAH2E&ajy67K1~o!TWr=QDg(^y!|4;TG(qG( zyQP-*`iRdA(Cg%nR3oDyjlTwUkPlq%F0BS)h+1nr z+7nxjl|1VA)#}yz;(d%&kDMU(V|0-tf(_NenTH?4Wgvu?u@ez<6+L)%lOURDtD3%& z67}2`d*y`jSXT4T#@dr-_H|1XjB&Z+E1~K+dTj~>AtS6Kpb*VQ*=*zvyS<0y(+-Ec z$~^R-$*POwdd+C-<(sn&yJY8)929i=(UjIVon4J-Z=ha&naou#8=KD?h4Df$% zyvJg*_YI+$^>}dFY4r3DUs%FsnEX_HWZti#HjD(yu_>%bpKguEm>C1lNq&!yRj`r3 zfsyp#tlF38zfPOtZIL9J(TG!ip##^=Nnf$_#%XX8ZFNSf%jPek4h%33e2NMzS%|<6 z1m))^g7B(F8vP#;q6k)KzSqx>LIjZvFNO3hmLEkh{aEEvIG?QM3B-z&^Zi+QMuKbx zNCH#;bkQdUfBzh^tX#R&vCk!s#(rE0ExK40nRj2dxuHr`cwK*CTHZ7KDsfIvtox zm?!rFiocJ=sGhz1-7u) zZ*C^9vWNMgHya4PVX9P20dISsgyZeO3n_f2knEo}YKq(Fe%~hxKQe$a*5y5p zzs&>wHjMSjsZ0?X(B!V6sbc+(47aC>==^Gz_{Oese18&s>YbzuKPi5C`#chBt1`WC zhj4}u=g)AiuDm?iJss20`;iN51|28OP{wjJO7tzq@w`$+CB9E_^xFDk9bfZJhMQNl zD;at3OgFtb5g3SYgj>YoLJ9c3(ciZJQW*@2=yh?+l;iYO2^r=xQ?U7mLm)!10nTXb zB*e{gVUUi2+q7l2sanwI-sSWcjJ^t{5BP;T{HPn4Tm#Z|dwFhBQjm5F*X+8v%ckDq z9*b*=P7quy3^S&I7ssPeoPYIM_~vZzo!4m8X7O~g$4pjQ+VwrBb=E7I7~MIqf8qzg31Ae@MutI+el+8foThf_}0DIZ`VpkV;< zmfb9!zQ1Ii=wXH{jpJ&iPaoL5<11DxGE#Z1?&b%bi~JSyKP*K+skr)HQs+nx_qd^52aKpQKQ#_&aDl`q4~5qSbO?I{2g4c-9po(8xBW~ zxZ241Gq9K1e8cn={RMj^t<4heRL%_`QYvvp&<$lCkGu5h9nrb$_Y-KAY)z1tx5IN~ z5*OrNdb8Q+EbAYlyyG{|_nj^tClo|^d;7IR#NpeQ9vPr!X&avB6PG-(Q}s_i5j`mA8183Amm&;Pbf-ja+W0d(Drxkx!MV+gvWs z<7Bp-e&TxaYhO!48Eh1f3Q#SF;WOm3E&PlDu?)Acc&&*B?#~usK?a*;@n+B3$a(qB zD&KBDTk!iAN8Xkk3Xa@RiAKy zHxfGLtCi!I#+s!y2NLO|6E^jXgEpMsG=%#tT)7)_1ODIxcon zG2!Zkc3J4d2}h%{|&JIL+71I!?r}g(-oG9e)`BNkrnS5gh?`rZwFD25^x5gkF3J0dIDO# zP6u3>^*c$M(V2K*UoBat@_13BRnhab(C|WBcMD&p1s}Q*q~Y3c)7L->Kj!=Kg$6nR z?ml=cQr|w}Zobi%`t{xVLt4||zP9}mb~QtH2^>*1FIq~<)KnxQr6((X)J=}FYlQoZ zNZZbemOfwq7LW(loh|HEw?!qI+j!37EG;x+U;T|uM^dozo%3oJra6Rf41U$wEEi_# zgkMWJ=|W705)8LT^FlYLW-=~?`?^!O5ceC&q~oL=8T7FaU{anS$=-K_3hgRv>%L&o z_l;Cu!x1m>_<5B3aRMpXWs73!>Ir%2jyAP_7E>RO_y`8t63Fkcxq<>7XMIJ1-R`n8lx{kXVJpJ(}W z(;c&^1nD+TY}=UqA3XnO%Y&B|MrR~a@|X*7_lq?IQk*DPs6eJZCo+EOAB3TUTLtv30$C_Gmw#lj1^sZJZ{i`vzr~T&+H^n z-+G75E{0I~j^GMI;bh!%Xf%C>_J_~YH?5HMYKA1I4S3rd{XZjKw zXrfj30)DzzzEwPq=9on@t{3Kryub8x-I>%@*nSSjS#Y)j!G*fMs&kp=-k51oX)i~I z^t;58df=EeG6eZYNp-d(>x8~?o4oB@lS{eIpLP&Rj z>_rIF5bI->j@!4UMMJ z3PW70sXjh#Tb=O5mrkAhSUEsA6Cd*9R4+}kkYNvK8L_4MAU2lc>^8>Jci+v8_axC_ zq@ajYfS}r!L@uvNe9nzSNuByU2qpovNxO~Tyy2y*wP|NeyV2<{6EHpdnaTbN8k60| zwIoK#6^>6hoo-XZ^m*HBa+wIhuvA_u=?lC^$kDjFlbFy=MF>i{r>?OEgyC;GbCqkQrX6568rtrTc|II^~3=Qom(E-79s zsE(~0E*fSAwOdH|>Td@7;Yp86Vb3lf(asZcDAQilpi?iDA)u?bPPW^lPorULj=)NX zU-0l&C!et1S=G6&W2QDkwo z+OUsaz0ExqeU<;d;wwU!ZZfw>!S2{5$v_O%`E|H@wMksKfVGuRYcz#?qC!pZYr08= z8dVvckfUqB-CG>LWXf#6rIom`inZ=D*7iWL>)SX0rWCHwsx+uQ|M^2zE}h>ns`W~T z<*nhFHJq}kj?MT{+nrww)yK{fJTAKwzqwS}DR49_3O+_aw7@Ukfs#J8NZF*8jZ&O- zbWmWJ3bf6tcB!M)T#Ko{oG&ajKM)IHDK6J(r9PgqoGvRS^w|YAeX4KYocYKsrpv7T zvr_>S3KGG6tL0qHB&%n3NTs1yq)q$7k2xj5Wfqf$7Q!EbHZHzP#h(H9b0TSd?FYoZ zQ4jzct1~4s=^}ye8wQ~@=z2ZyC0EvEJsJmD&fztokenE$||=fstE{^zqY*vZL$1p7*EyYxXM>+A74NC90WoCWSvb@)>d6f4PUKEp&;wc_MoNz z%t7{gm3!v874bQG*taZ9(~TZ4Rm9$k?uIl06{M0b>4H$(XMaN@KtYSwWZ%OaxHqXS z+gdN6ELNU9Q`+&iVHOJ!0)4PtxPCudWt@C}wJc@v!N)y+Ou>=Q)!ovK$uIxA^Rm?e z%NyY$r=z70c0hQ61-a$qI}RcfGO_8^p~nk?kmCxTd_!OL%OMuz&Dv=^^=j+oRE-^pmSAMWt+islzI_i=&0|?&^rFRKtTd4h@0n)%^RJDNUl*(T}^= z=3if4plk-t0%p~0twlM2SC|RtIi7=&m%jhH;;}WvRlU@>SdsV5?gz1IfzF0}dFb4u zTA^YOsch1O7^xo|5NlpsS5<3u`jle5&_D#la9#&=;8fcW#-z*qKr`$MN!0Us9#F&3 za$Lhz_h=apdSVk+DK= z0)Ivy$%ld-O~srH=kU7}?niolx7ut3q;*BVK0LmMhNXOZ2%t}g>fOdIwKIm1^+xcn zH(V)GYf71`7QgyVPN+b@V=J}w*sNsoQ!VZ~!xC(yk=Yf!!*@9@S4!rq<4iI}c>9IU za&5vZCuIrN4A|OG{h)e9QgrLHSQVdHZbe3)4%fAAVdiA&GMMLAND~PYtks-TsSDD| z3yjXKP1>!*Et=S(AnV_zgbD1Fd#LACkWTH*ZBuX1O`w(bJZhMUe)n-L<#V}c(ncD@ zSDkHTdFj(TVo^T}^0Qv1xL$yWDO1xA+nKhiR(+o8Q;tgw-ijP$-;WVMC1BAHUQss3 z?e0luJGV4{Ytu6x;haX`|I$7lLXKs|Q1-PesEoq-_kJ3z+Y1j8i281BLnNmg_shi4!zV%b%)a%GUtzjpn_#WZT z2t+d)Qb+l&a?TItyL7gTk1@y&!;W5rD{mk}6mul#bvUpqAkXqQnnZt zE^|)%G!p~5+*L4xs{{~;K9K!vYWX&$PNmdb%t1DqJhpWtJrD?u3|{P&iRA#{i<{`4 zoNw&!5aBuCY&5|Q8gWD-uE-zfhfTb>HP&dxI?n2}8pp`Fdi8yeWu82q-frk-MfyMJ z?wGnEi%ESRMP2?j5DNx=tKO*YQ)y~7jWwfh?v1(et{2k^<<}KMR8p@|w>@wjUG{3R zb7jx+zA&RvUkV?;Cy`s50}L{97fqf`hr0q_QUqLa`VwxJG7A7t0J=T3kJ320V2nYw z#h5SEDvLSaTN0`=I@L8grd^(PU(%W-)1I3UGb>e?!}9G=)p*Jz32=uVV6)s?t{ohp z=sCr+83b1v4%i|)BHJ?imKDbmmC6+A^yUM$|D)s221`D#A4+w~-uS)aqsvK}YulsB zQg}xaU^C(p+HOf7uO4tPnmC2UTa048?V9=1o>R%9>yvIOxh=^! zQO{x(siGH)$c1|gs4`v6cD4_LrzUA7QFMXDh9P8fTZ%uN!M+A#!hE8jKWm0h=V+;L z?p4;!0Nku8UD4y^4_7pv;f!)kpuS@*aK+<2+MV(kq4kTn z0$c+Lpb*D^`{NNv7IF(3E=ech_qPC)9WDm#8bC=WTU~!-7oK9b{CP^?L#agu75>KZ zs=@D3q(B2Mex|H_-8W6Z>l;|AH~gJ0v&qm3`(d`gMOY9k8rfvGl8 zy8|&Kgb!MRewx}&G(weoFFDXyyfaV=P<6{^RWgOd9Z8`h>-$&2l%8OfUR>S!DZH@h zab9v+^m%Aey@jphcidI_A`hmsnq!^&zR&L|3x?QjJ#V(en?g+&w0gXMPYwW1C3D~OcUMl#63m?((fblur01zzKyhwhqNhOIa zVqoQp^qq^e0C^?cOW!pkr5{^P5`>J<#~QTJy_@Q9)kXp&k%`I#gL2S6&OE1nfrPlr zzk;d5(wP$!{Wru+KpD*Uld*WtKo1SiUCWx+lt)($-4fnoUx0)J<-$BeMLO*!tvtC@ zdW)%&`o7qzG0ygCqXAlZKILT}9oaZqgT7=tYya^~_>SjxYuy4vK^nD1w+D{6O{DZh ze;M_^Ujmt;P;VJnb`+f2L!Ep^#X0R$#DF0SQOmwNwLth+Nk5d zXBGh3ZhG|DJOlFapC*6R9hw)k-d~&#QOzvU}iZ%L(B&S|7HTN-dFSVM*;ZNZ-<%(SD< zn@-E=q)`Q$QT1^O#eQQ!U={4hem$0YOx$3<9Tv7jX}5Q2)#$Ppr`77D{bej4*~WJ0 z3JwDf1%=&hm`UK>x34kJ0+0UnTL7cls%3+Yp%PN|=ozqNqcDFB$NYVAfRX?h==Dqds3%P$^;KLf5Zk!uf_~4#0i+Qw0TIsW5Za`{k^Fs zgr-{Wi@tHB9@O;@g8(idGR-K_-r_1HbLSt-U)ZrrgE9qiOHr_C0BFX4HsQZqqG`jC z24k!03@6UIXGy1KXQd&X;9W7AlbdbgOS;(Sz`=PQS}!XR0(D z1{N05<^fA8pQeSHL$E*zu>A_mc3T_+oZcJPCzu!<*1RqQ;@Pt39;JvqaUsQmf3DOOM^L|HYOV^qTru z0x{+e1;0w2wdCWt4UqCz*6P&O%fK(|&0O&@qENCUw4+A-Y_m#-AsR?K4;N5bv`XC` z0$}O~axZMxdt>u=r^mK~@4Rv~YOS+}bQ+Y3R47T52jedn_W8E6Z<8vt%Y|sBO5)ck z7tu=mh8=N_&}_1 zIOB0ea6Wh@FBT~10w4$O+F*r&YUva>(CdH&5cp1@jZ`Y3!@1MnUG~#4*ALf882d9BZ63rD~CRl*w z8sJuZn{AfMH-Idg(}|DB6JKv!K8}3*>c7$V&Z|j0QPm?4w9xRO2AeXTL6@xk;nH7U z;e#9Q$BdS~onyEXoeHByTJ_4_{T+E%>+_wtL-ZMoL*l0e2qUI9sLK-iJ&sC5Apv@` z5%JsD!5PB~VzR6PhwI}5ICP2+^WR83qsC1~2B{A$l`>`E1K&`{>G7byFI;{0YdD~? z%CXP7T=V{5v^^I9!H(4)+==0zBn2P>QlB^mYAGBoQh(rdvPvqOCWYTkWyKajI`1vR zSiUUDi?hu*irNQai##OsCac%~nM!sANQ~U{bF?`}R|!sT)?4|6X$t^h~lEjq{(gC7rU4IU*S=gIP73twg6tyM7pzBa(k1u63vk7xAt&DPGGF; z)!mIkmMHpCFCx(+f8l0%eh%boxW&1>^{K0mug;zlc&@w{H znSNuHX>6y4jgN&d#ir9mh|lLny92SE#~zNcYC~zs1j1Wan-`saAjuUW^ceuB>DTr! z3ntG-`NSV!C$J??5QocQ@xx9q!!kr1fE>&zfdev(+AziVUlR@7jXCa9Pral zZzgm^-TjZ~J~qS55Zu{5d5TRgw787tlxfrw_ecsfGU39Dl6nKKN{j8!19|;zS53A#Y8*HDt*Sf>#td?!am(L$Wi+0dZ)7D7qLMkawXs?I2)BEp+ zbz)g|V;3v8u}wlw1IlrwN&iFn`32vthB^p|XMkKDG#gzVwnnM+Y4sPcMltVz5y7@7 z-C_7#)Z4Xv$8mJ?`<6gbR0KX(RniUM50~l<5xV5whVgkypn_ByQYa}%=FCrfFG|0P zow>zWWsM0x=m53=@<2=qyE68107eltTfLpkJQ&aL)|~G(KEJyXuvO@_@SJTz*4bp$ z5I?{&@&E~I8w1f0M(G$zeKqxcNAYli=+HOygMbM`3Ydu|mU4_&eI2HEm#KEZkHtvF z)0e)Y)9A-%@jC4+c1#Vc_HNQ`byWsTcj<3mZeR?3ZmWR2@qwN3{0prBx)-dpSV$1S z^vNRnBqz;&AQ{AbkK2yAPFSW{{{w#=$o0ZC(c3O3ayZsOhE!Y4%h_9Rji&ci1P2^{ zL!11Dwf!E*ny$5O9I8CYw>EV^%DI?peyzo9jDV3MuZK8aX&4^{vV$4C;_et5`O3dX ze3@Y&5xz%&)J})*OxyMUG4&Q~ZFbSNc3Zr-6n8J~?oeEdyIXM&5-7zTO0nXF;_edM z-8Hy-kV0_2yx+CYIr}H%%Cpv-bIdXB)!Jn$ExR2s;DTs*E!*Gfz}GJh{qk-@>;|8m z+ghtyOO@%^#pa?*X`isl%dknQwih8FHGuN=|nZ3ORd&6(IuTP;A{ z|Fr|Uc6w{4u4=+%5FB0JQQ1dNd)lszW{@$o;^X%bqWxpgYgpRcEeXHXc{r=P%%=HI z`@>d{0i@y)6yuM15z_M*n<4{I(5D8BcWJ@|W2eGJbGc{Ud9P}*`c{_I*1O$|EvcF@ zZhrs8aj^^?DLDi03B1LYmaQ@&Sq4`032cpjuLKR1Z|80b~s8MM<$%o`>Ss=``Q%$k>GcKmULKljN?oxOW*3FX{f!~O zSSj}p64kFxEq&{D3Hk+*Q@a!rYi-Pp6iXIWq8C+bFqRg!&#U^mz)UAw(qe?_!W@A%ST#k;-D-l`oU_=v{UTgc67g2rseeg$(MaFIJqdM)zw zkF$3@>!h;ilSlg`Q6u~{Y`$x%vEHxkq>4o&=Fxgxki7vnyBNky@b}kvKh|kiW%+R8 zN5L}L%;MkVNiIEz$?ISlQx*!~zu+Z5Sdg|E1vlE$8>qGJgpHzmLilk$=PL1O2BfD|~R|ifXEdP>m+x&R`6X%w5TULmEXWZ71j45_xrq}Uw zL2^CH%&xa`<`UVo{Q8wl4kZpzHAG?wyn$8I{^Pk2rSGezg4BSWI!4~?Y z*ENu48aO$>U`Qk#9-ElLyd=-`i7)UCnAJ=xHl-GsEFezI>$m98IcySn=&p$UQZr9x{kX(bg z>8Cgn92P5=?vo zc=0VLkP--)VbC^AuMWuql)=c5=H%jakndR4l84&-0^+OH^_)x4GL)KUw6GkYnxUi!6u;CQDT+(T3HO)CbOw%#R+)9KalsN1ISMdO zI%iI|7FiJak_@3t!o{N_5xdE9wc2)v3EH!FArTG6&YsVU|8J+jqFqs`7B}L-;D)O5 zb8&#uw`1Ooxr-wY-oZlYd%5``d$sw>&#W7cXGWe=$8S1SjnxT_W!fNH2F_R&lx@5} zgIqwiTRL?MU{_C{$`Gb4ohvXDD|V8)({Zx*FPBa=*p9`AI0sU0XRB(ImJB%l_t0!I z#Gsn(3}4z6NY2*x&zM~#tHu<$5+!NG9*ahN=EmxN*)%Rsvkid#pe$`K8!8!)e!Zle zQB9WU=k@K}r{Jy9uzCLmmZy#8B~j-6eZtMwfAVQH%DKgFu-8>}Ywgk|Bs`9b%6~h9 z-@HF<<7cP=pTcH}oLag?Y8tb?a$DmYrPgmZ+_zuixBTAwquR}0BMp``7ZdEq?Rt8M z`Q%+BYV5|IzfYDrLYDkVM*BJdu%ULmKK{_3w7;R4WImNXF6XN4xTkL@y_P)2L9Tkz zX#*Ad@N~2HHbN_kNkuAL8F0LFu;#MVQSH0=ttk7w$^4;*8p+k1i;XCV3J#m0(*2uu zW!@BB`8Wi(3ljb42;p%MpV7}-VV)X0G!3eTU{uw-px=vITDQ0V)`|#pf ze@G)Qb@*5TL)ZM=U>8i0NJsQR)~_`5`T6#0cnsaJS{Ot|cFGC2zPDO5DO8mXF?qVn zMV5KTLr5>5DDkDU?uWY>mim8@*3GJ%Fg-*FU1TvwWY~t|m4)tLBOFSR%QM!f*hYxAG8sEZ(kr zi<&ymh84M9X8wL3*%c-_d4M3sOT*=Lv*&a45G-KY zM@oYDh50=d8q?$pZ0SjaDgO(OeFmRZjLRftV>IkY*!ztA4%H$WZ{+-?*B3fS!rEJb z3-CO?&S2G(US@;^!_KYITvj$ZkYMAz3Pp+jq39&0sY!ouDv|!NT#4CiHEbAu4!w-< zD0kidA?q6M1LXi}7&h41TRCkwwBD25U5IvP`Cu`)P4ocTU)0{R;MOh5BI)ajYmBgfE}x6yo-YknfLa^@+_D*;uB_A)hXOrDY+ORsRM8|%H9 z{p|x9buvFD$6@CN@T@ZLh0-J<;=9`%k7DGT={_oG)rY86)Q1>LkQ37c~%3@ zJN2y8&^M&Jnb0(#uy(3=T(4tv+ue8b(&cx?VN+sD(^gMf*ms4HAR#Epcm{J38D@pL zBB^l#u*qN)iPaKql_UH zE+a6jTHk=!1p*s;9~r&qMeQq~?}ghopH-Fmw`5uqgb2G|zuENdJ0tHzWHPdok>sX6 zWdj{d5cAX_Eo5fTecwG|srP`|o| z+SiYZVjMCB(&+HK2VDIz!HVtW0?0!bJy=8z+51J1f29gU`RzUjbHrfiPJq2`9@i`v zY;PYY4ggXj<)-Cjjmxj$NMxah_+^U-yJO_mN&tc-Jn_bcPio?o@Kz< z?eW|Ma?m0h<-7wdj1Rxltp>{oe`+L16Tf>rWk(f5wq9;>B1qofO#sWkJT`XNP*im= zVH4vn7LF**>iK6%7KT#cQICFKGEX1}S|3fnFOvLpO4;%s)D0b}bw;FSJ9wHa(o488 zX^|^3<#Nq)_3^eUKo3!Jn4%Ak0bU@0M%nu9wZqX38#4~~cHry@B1g3CQP(Nc@%EbO zT??3gKC6E(+Y)LvU#@E#96@#x2P&a~nG^`ake7=lp1e(zV+lD20eR+amP0zTc|Ged zl6GGsNw*M^FsL-^1wg`EWKR!=A>-bZ&)ugy5#eURl7I&}Q=ZN_0ypHa%jy2BYirG- z=PAJZ&eD$XnUeQ?-r$B~$A0{Zpwmiv?*fcP2-rtL6h6Y@E5dKI6G`watLNv?iJp)y z{?m?^mA`Q!^){`d6IE}OHFb@HehB)!a`h5?jpkN#CVB1C+Sh1(z4C&@*{QupFH zOt}Ar?ZmKm^6g-U9v@6(wrOLMN1Fm~v-J_xbpUwubxfE!!3w^#_>Ko@pCU0rM zc)$tPKnxuTh7xJ}XP6JxU{)`e? zoCIoPU(arWcC*fxVSW)Z7MF--uqW^K`LqOYjczf=SZ=djhCS9}%R;;NE;X@0TbZpm zY@{+?FU_A+Pql8@K%16j{zp6nEKczo)v7j{#88X4)H*^>xO4~3JHUGlm!kjMK#SwI zBLzx}Dn{dv+Df$xkz8%9L}C4?(arIf8q)P&!&k@tdSU70C~0Yy%N{Y3Hzm{__rha1 z^c-r7frj4h()sw~s<&4pzK_F6B1_N(+XgaLg9$lG2TUEcxGn+-ctQC z^b(8qe!N8p{v?G;Ogh83uGeuVir&kP7MFJPph^=g7xivXwVxMpiTGKEQdO!Dl(s%~ z+iSRDyxNwNi@no0@^r3(6RC9h9d!(Amc&F?#l&wAKiswBWVyWSs_M<-(a6_07lCDl ztD>&vVtl3D#6-d{;p4>u7FI<)O(9|?+J%K=okxYZj9lx=;v=3?W)v?5I=U=4yE2bRizM6 zXVJY|T=EHnW_Et_rtMDYX2PGjFY{+^>PLIxEv^O3X5DD!$LDYu(3 zXUM_XB7TvqTr{zt`?!&x+jHvCt3y)+lb$WAbzNcCp3|pt^Mc!~i3+Owka3}BNkV;3^$#`2FB1VPOAn>&bGRXr%Wa%#PkL&Vt>1Xji$PI9o9Vuw4XlFcJ`3oHs5di zgkH|Q{Ch!zViuAtpISaG`!B*lL1K@F?y_(_btbC^?=fv7?>J=WdU&UB=qpdD`c=>@ zzvmNYZL|!a9;OlGl(A#&y8$HyYyvp&;0C#>Gz;op&Mx#BCjYP1PecgbV(6D~7^4LW zVf8mSN)S$V_`@MD2pP?CT(aapsz8ukUPKD3p(57D861XMG?O1#yJlFV+hMjDbWAW# z9|_fvLA*<-n%C+#U};F=J`eIoj@XPerH*$mwdjwOD3Szs(RX>C@vV_*WRZla&?9&B z_qz@HkJnal3rot_y1h z-=dQB;&nyJ;V`DO4=BW zBhuZ@Q-yGr2zhLpaTP{Sl4X(U``F)CgBHh?pj~YR^0@@pT%a6ry7*G`*6%hF|BgM9vI_&-X&Gl2W$~mJJ}{*ye<4C;I0tdmzk$q>oe> z=E&SJZvR-MAwJCiSc#Em0LMJ@WN|hefWH7fJ>fa`-|!a1?_=5Tj=NpXWdV`Flbco5 zFCDq3VbxrH?WE?WRE!dOHE2uB%v!WU^4)V&rqX>}XiF=Rq{7YRA8W9DDjW!!G_()L zelh+~=xJ$F4H1BI!@7-V)YO6t!Bd$bMOUV8hQ~aSn8~POhoBT^u9|nW?r#(ln4%FU`(y zs8xGWU6;R`a9RITCz`EpH#W*z_NhkE(_=Ixzlp7}2V)4w9m31V83|91pm+`3prQ>; z<0#F{l*2r!;2qk<-4!JBl9>^>oL{&+Akdtw0}{uQz|!Nz$9$b!ei8loOKCj0jO_>3 zf_n11_jjG%I^JRt7DWB_fYM&d#V-x(5SMMkPj#$QlRD(jm%>s*0?*`TSc5ZeeQ8u^ z6`ENxLZp}?hC=9vKj>5~1gn4)N9vfVzGBtV&vJ(#H^23hI}KD#1|x`uizmI^?4OWV zdisdtZTpmo{~PoRPFJEFgyGWAg@Rs94?^7LK`U=7!nhLUMR#%4T^YlPg|o3(Vbol| ze8-I_h`3}ze$w0L9L};ZNhe7ieEymL>#KZtwAM$3aI_4ufH!FKg|FJ_MLU$}La^Dn z`PLo$RMD}x>LBiaZZCQYG@-j7gk6~I;Bein&b=l(H_fU9r*(p_If{A}cnMg%g#um@ zcvIp_zo!4F(#kxPP`ze541+C(C``vxR9h}4fA*Jik6((B3c7#q4*~H8I_^n-#0z2h zHeV8KjQP5YlWB}X~5D6`=ct#gv3 znx4cS){5}r+h)!TIgt|W$9X4q^1SG3f8!S4j~2k`yqu;W#FFVrp}ni6`M6Zp14uoh;s|+g?S-Izww*K_X4qXOzG|4TL1l+-brC{3=}td_;TSd zWf!cs6ZFOYy~n1xWhR%w{Lf2dbDh!v!A#{WbCKxUi%q^;Isxq%_!2E~CAW7(n`lX!+zbQ}XXgm=hRIdNWAv&_kM7i5b=ex!8CM2low zz7NZD?5nxTHNheu{ll{vAIXDtAn!B>M(@(cGlq{BE9N75XT%uIJCRx<_y%?VfQO!P9qZ;ESMC{p*>`GWQHrnq z66+c)@tZp+zg=+2uk9tR7k1O}MzOf1W5aQeHh@kWOMNr&!ni&}<2qSg|N03cj!AJD zr`(7bnE$L^7FkyUeJ8SgDKyZM`U9Tgm~OBAe0dpuWx>H?(?cvKtT;b`n}}&V(l9-G z|Ii@Z6X>=o^Hf~u>1tZmS!=QITcDP7Jb807!wA(#`o?na1*I`QzUveL{9$CYoif}4 z5tp*}Os14(9ODzUX`DZ%`=TT>YtEpb=||O%(;y>p_yBM6Pc_b|qc)wOaPN zk+N}uL^_asE=}yY^rVWz{-E&(dAD8l9gWi4#T0_^WSL$J&Doz`@@!UewYX}^*?A&o zHPXAa>`_tBy#A41)Op@Q?I@+FUuA*wQkP7@!3||a?fZHWw3@zZP`#9`kiG8}QFYsW zPchKlIUU8XH;mY0kZ;%&T#kLo30 zXzNZ&cK@)^yAN;rA?# zLkkDO^x3pl^2Q*>!KjM_WyB~hI<|EOdZubMc0%~e2K8z}n`ESkIR3wGOd-Ba{~$Db zfdn>aKaTQS za~~w~0Sxy6aP-0m@x!9^bD`SUN{_;15Pep@AWⅆ||#n4jH(M8z`oGK|1Ut9w)dp z9LX*@Us2rj$=$gs3%obKdD*iik|qr zhArf(t~%@-E3k+o>vvWrk^^1GDNnsZZ8hhiI?G~-M1R?0(}#?$|CFkRq8~)m2x&yZ zq5Vv{kNXxQZbZy*cskH2>6O{O*HO?cFL~1Z<&Eu}dSv$#2DZ2S4_lf&h==B2<}oxO z$~5LeOt6X(tOjbTF{4;|?c;2>0@md86*>?2EA+QZ*Tg;vm%T}~cm(xepqGfY?iX}6 z4;R4G<+N2%-3Y3IjH!OCHnwnz^~8vXJC8q1uK7Snjn>@#W723+kJdLQAXRgw^N}7T z*2GiTQ)(|4`MIC*BeX_*BR(=y{JTdRlQsyf+OKH?sO=CR0)LBVuUU6x(+qdi_it&o-kTaOCr89TDZ+WBR+ppw?fid^ANl))Ztw5is$b3tqxztQc6+-Mga_F= zi9=7>{hZyAhu#MnX|(GpKfnCGf=}A$@yEG_baB0lS=$jwBHs=poIQLOHSyh(sqU{! zSBJdG-fQi3o?>?rh5n>g9As$nrR-YI2qtYb}dC)^+dgHfEb_7FSu21PtCyMsYQ=OsETD|nFf@^CJ z(B7ZbcfpZ|BFP4JK6UBo8n-RS019B^1xcnBpLdsMb42wUyNF<7TLhrF^eXo0E9f#w zQkm|qG}W?IRf-xdxyAP}OJqqW4jXm_Q5 z(PseBiInj0RpGD)Uhq?}8)CD6I`AUfJkk~U06Poc|NqLwSci=F`3KI*++_AsKhkWB^L2GegA0f)wcjf5H)L|FOsSn$- zXbRVilKRqn{_~ccE1h1#h0Fa>1>^IjYNMSSd;rgFFCpvE-8;C-~aMV6FeNaXTM$-!u9NO{)7dLVBoXmlr?d#*Ii#`>jc4zWSS+m|BJ{c#PRGKSM zilAqEB`N7{x5)<*{tGdW26+?g@@diVlD4&fNaX1j^lCXa$@iDyQZ`FphfKI?x+Csy zrn=5-5~_oq&JXUH9t7D$*|pLuCWfK2_+o$7-LD2iE9@Ml`L>CS^(M{_OPi9o41eT> znjJ6K7H7jtf?E8m%eJfxh7br8GCyLJ>E)%zQYOauk0m+_X9lE=T|=Q@KFV? zoc6oL{=E3eYJ`l#FUVP#grQ^w&^USt&)7X)Roh8QjDKO7vS~!;g!pfW_gYQym`bv* z3t0CAf3`Bw{(!}Xf(+zp@u%f^>#E^r-K@v$Q*pq*9K8ONc&xbxK9;xMMlnuXrgh?6P!*)hJ|nj ziH_0>x`Et?#F4S-+k|V8)di}$d*DNtyx<67p{te?!>7#7aJS%>a9B$+M+ILN_ z2=+fvP-TNSJJ}Q!=jmV9YLD&js=K_x@6sD|?ZH4&ktK)8k#4 z;LX&ylWbk#&hT_hBaGMJT0{XDg)G^$6T>4}qm;f*c3d_GfKVeAGB$Z0S2A}# zKg?F}PZZ}?$LsbL1}j+w?8WLSuiYbd?fmcJ5G;{I#n|XRf+W5YP55d*i!CJ+iom4=b5mka^>{mPROO5Oz+ zBj!`F!#?3VydT`+Iu&}HQAB{sm#4>5uO^d|aF)LIawjm`LAgJrn5PL3kMmUaF5jndlGJ#^RB>+26thgN&ou&-@QHi;%p0p zCXgUz)W_gBAM5EKL!Z`i&YE)wu7S7OJ1yR(F=-ef{H84RCmEZzX<>9hPILPcs2}WYRFMuPmHe(FamL$y)TDywHo&Qo)s=HSPEc z`I$jw+DGeEL_ZL!_t!HKW&AGw!9o{6qDh|D#`V|TzY)tH*Vn-2iklH#vXq>=edI-Q zSJ$TWb0={^H(zkKuWc5w3&Wl|v#$*XjAG>%iEZgJ|Gf$kWhT$sy$g9!dpWS(3ONT@ ziuDW2G7%euY8-Guq%TO@@rE0O-m3gUrqin0V3s+m7rw8=5SN}75F`1n4PNPwkoPjx zswTT$Rhu&Deu98wzctP4wt=q;x%h*|%~nIP@;Yt;_hGK~(r6RnSXw_2~Bp8#brO7;U$<5RWfPRDy1_Utf#L}OH0KV zoF2EoF#v72V(&_IX|XDT5cu0l2FpSB6$gq}gBn$>xG?TBBOU+1gBkZz@1sT?WxjxY?F;QXu8SfxCI5ZY0+wh!iWe3q( zeyScLOlD??4d8W?byyUb#pyksKfdvU%{Tv3RMb7O7`fo-eilE%mUU{jN!v#Ylp*UrJtb!yvKS`I}UE0VA=qOZ<=qPX(quT`I=I2}3ht-nL!| zJ9DhG41)}=zbbvt#{VJ_sfulL0!cXB}@U)OB^leGS(9wirTWj{to z@xo(Y^A4>K_6$w!-g#(E66$TWk!$BGdbZzXSwAv2;exrxyG_s^Oz4%Y`ihi&l_UGK zo0uk@)F1Vr+dp5~^gl}843Y@uc)^}dif%nAV{VYIvi@T^nKJXn_zM|yJ!p94O{GHk z$t7AD4a*Eo1_#b=Qx8Nx>u!vMJ*7hTGTikyj!+R`{LBjF*8R#`L3VKmx3`i~MOE1> zi7bZrHD-*`+Es!>1E?)yV|30;G@U@r`1W~ApaCFkzP39?p=FSXXPQG_zd*&9lv9w+ z1o4xqBsTQi64;=G-HOZ6$P#Dpl{r}a{RaLT^qv7P6Mo#+8wy2p=Mz6xD)4LrAq2im z%vLBv6o%^}*qYmvY$W7fQD~Si{^VKT7$UQ%Hd$Bdeog{O)wqU1jF!UTdv;tdVns$kJaYT9ohO%BPAzE3r`U!EWfqGb&<~bR z7Ajc2m8r%eQ+PCDMtq&pFfvh8HTXaTbI zt%EHWAeHQ0lfHb#nhaJ%h@FhqEf8Ae;a-8kJRrX2r0eD_Pl5>p(^b`RDU0!gIiC4! zRH+JuE(-vM`se^y^sA#-H!WWBzr`liu)h zd|qsr?~!$CL21C!UCHFlx&68Ae+dO)sKFBjS7GJG_RTgA*Hex}Vmy>wy=Rrp_@Q*R ztmk%73!zs%AwTg~1V!n$Bk&yR(&G(G(uPN12#(D` zsd*kB6m#$Gu)}5AVS$wQVSq0}cu!~bpFWRyu70?l%8$^gE$@oNGof~=H18WkHeXsr zBNH-+`Mo;%eOMT>cZVNs`}0$c#*PlBSM#9{*`Io4mV;Qos_+E_!A~|p@&Pb+2c-4T zCe#{xeCksjmo25)%%6dL-(H+s;yj=^h2F2=XAEvc=OgLmodKmCa=9Lm#t?$JPWd7y z-&6FbT=4Smp1Q{;vMApC)X7#s4*V(lGIRr5dZj{FFM8-|W0a_5-(3OpT@$t%pW)qK zdA3ffJ=`Ebp6m)kE=zsp{gy3tFmdvGEmeMvGp#g{#k#;&C(79%kak& zZn$d0l(jO$VsDOe*zCFNjNS4@#9>|uYL zFMsq>DjV{)PFCF*^?Gm%aUaS7GrPc79*lQUc+Cir{_Lhxt;%^n@-uf&D9Y>>2-w-XBEzG%w zhzaU{GCmbL$dT1%w5WQr^_}d4H7%`zF5M=fN_w4)EWOu7nMH;A_78*e&^$9TbLgX4 z&hzW!o`Hb!pr+O}k-||)Xa7@q4hcQU-l51L^q#T#V9d+S9S5=^o3_*pt>>F?zTC5- z?|!WNf3u7QG9J;7uL?B7J+PR@zMx9~z5jm7LM9ZG&a7A zzde^vOo|y3P2Eh1gNwLB>U|(RO&tc+?K19K;F4p~0>89)LQb}SVSd@;g#j9ST9h1^ zVl8#}yxQgD)bNKrcTh_l?w#c2ZU>Q&3RfdIM6_lZPKtQ~qr^EKel_~jlg5Ybh}>m9 z#8Znm7*qz89=s`E;qJJF!Kd+}?zR+2W}r{0aWh*5$!a10eZJd0Wa_%v-_buzfFG0i zoK?+OZu(}_9<_`QGYfy5K-_-pg)Ie~w$d?5t8g(peRi5dFK9z#9%C*J>!-xh^w@nx zRS8)1@LD5&^CsX|Pm`hylxpTi4n?5jOANLeHU~=aRiQe6e2H7DU#-WuroDZ)Myl(&ll z5;>v-h53j!njSwjv;^*8Qs6;Q_(66T#6DeamI9nug-=oy=8=aF{3ECvecI3&m)zDW+=J88r> z8_biS)UFCRsujqn23WawO$+@=mH*77Q0PWjaE&h`^yK`UtK_sG0vEn{W46~Wj%!FS z{@5@PGqePgIEKp|8%`5PKTY(cFfW(o;JI{J=T?quvO>!HE;_|u$y}=#<*eq)hUlv< zpL>*e#&fW7_%jhXeQ!SztOUOt@biq~22HOo1tXn7UU^i)wzR%lL@PVKaO{BI8l zO7;8~I-=7nnx1mEcC$spN3?com1I^td$Lfr+IA&#Kt#s#2w8`!p};;bP{NT+L9WGY z#cz!fE4px-|HA?(bLo6hO+Nd|Kz0RZWGroyib5c-PeGn3aptVnguw}v7`IGbE)}9; z(!+pEiuDZ|K(u`_{Um}|sOWjZ+uF%k1~;HJnZFip;Vc!!&L}>==DEciSq2O?DnrI# zIt61?7I1Z>NpQ>>6#8VIuJWmMpWW&Y^Pm+1Fg|pjwSW){>;onB_xLCZxQOZ zw@#D)ku3fb(?5!T_!6Eca?vtT@4=v&<(Lz2EqFSBfXyK-hLg$fl6LA?!mm-)j~0YA zRBbu5csJk@GQM^`U)qeNaTALO>yqtP8yHm5*ns0>>{DC`;;+g%qSrHS~ zlykQhr3fq4s2&#Vh+E^O0Ky@9^7}{O(E?j-r-D<@w0j9jDUn?|8bh+bfB)se1QT6v zcdle|0XzEKs*zZg$=>djb?j)=*S{Tz56bW@j36`sd~QjLS}Z2zpWV2CbTr~vVlNkv z@~==Qkr30*TF9<(6VWQ;pK0p5HHobLRObY`Vtia6!=2@>D^%)9&g-v*i9jcufL|HRCR=FAmVheNG=IZts)C7fm&y9C z0nT51nmPwCD%{Ur;G2oK2vI(_DqKw54D^*aylp$*1yon-J%k;zvw+wjs3xOD*HrrL_R$qrmiIV zJ@TlI&&hq1>XZU@m|vs&O-aS=4Vbk5W=AMg+)fFuE0fNcTA=GFl#1*L{p?R1XuvLA zVw{?q3(fOHL8D)h_*m>P(Z8$rmxPMyHb5Qo)+fzFKKDR>SkP0OXmJ$kE_W;q%1qQ9 zne+r>rRGLS8?W*;<0b%#q<`mINEpe{dir)I4?bbE+#XFU?yW=7%9%Fp`Hj~l3SE^} zuc2xg&L~D3DJ`kTU0J!joKl}18TKus`6Z{M21x!~5=^I|UnDOIbTuGRlE zMc7W2V)dY)A#OVTeC6u+X8kE;&{tpaJyE$4vBDhNF@AHfGhBt-1#G*sUxv-{uai%M z9w@?;uR=N4TKpXWDE-&LK(hPWpn`s( zIE-g%S*9z_rTgHqFOA%bL`^isI!SW%6!>_|@Dwa>BQk@Cab_MJLmKJO52Af(0t*== z)b?D$UWX#!V-eU zY^{#6D@1irVle5pZa>0}y!&+FKm6J{^d(F4Jkwy(n9n&NC53XpkceIRHF9Xwcjgt| zm)}lZ?P_=(%=+6id%2v3E*`@PRzrdX_Yx;^8Wm8BlY%V)w+sAdw`Fx@XjP?FI9xRg z{UppsNoDONTBScoO);rL+ZBUeS8y5~3pSZbhh0vN7EV=ll8MR3eKtks2Sbe~@M%Oi2_17bxr(&GkDHF-#k$S{U-l|+%0jl8T5wR z6`!OK(h|#MGq6k4?X{_z6N08VpW2i3j1y-5)RPIX_I_9&vH#wZGN~u;{zWziwFBbl zl$bJF9X#jK_2w)}O!?tyr2m6W)ox|?R_1D$ZLW>m+$IZV>XW2qYcU7oP#&|)NqRc} zJ2(rGp{bt=%vDGghGHpRB22`iH_j)?Q{eX!&>R(Ct1(KH-oo{USKM>j>ZgCjap-t& z+yCtzf(1TcX%gi66iH$b5zVysYgQXR8SX+(GS=94groFIsi4}35Gs!Rk{5IL2aWbH(BqcyM6jv-gI&^?Xamwdx^!`;xLB3nz85%|xu`G=JL z7?*!G&3iHKa?olE2Sp!dS;|Z7*0C0t_kpnXSx0m(LX0Wiw>oEAmdgDq;t1w z74}H*@J*^pRqY<@-raO9?*0nEAGG-mfst7&SwT^eak0`P%URK3#Gkv+&LK)Js_vc4 z9HB4&qOBW3#ynVOLy4;4vaP+;i{Vszz(Zq-%B!L4wx|M1g-m8;cg%m5DIQrAv=0pP zF^#qLXvgOt+>DtOx~I)ZvN&HW$^i23tbeeG5^sJZWoP1s48!+wlz)cY_s0c7LK0#X z7k@$qWp$UKTsvDP>lNAkimVQiZ@NYsA&=h9mJE0xL6>|G>Y07@rww6%&t8sKpmGYe zW6;Q~KpM!_>x6qeM|i`7qe_#G>0v^c-sGri-)v^B;e2)T=K{#*`q08{(!Myo@xfkmy4eiap^}9L@ftJ8QB-@SS8!^QqXh zYCJ%F-v1sf*Ll2li4-wPyBS~UJmS&Oe$H6pRmJM^eLHjoE^DlX1sHj;fyD%jXF9$+UGCqsLW z^j7!EL@jf~kphzdEHb7|!c=|@16c2a8a%s{MOz=N^lN#_Pm2n7Wb5KRS355Ii2p^a z5(jH$G4bl=UnOCWK6G7hoz?dm&4ih63mDBZJ4Ckg6Pl^;$hab;RL;v3{m2yIX9N~7 zvZr~G1oW>9L1b~>Np9NB1ul{X zl}!93iuYTxPZuq_e5dPCX^imXd$e#PSiM`b?LM|}oGE3JS#E4o!Vs4FYAm#G^ZLd+ zjd2v>y%tr+=1bjFTqNy5Z_bE6RpNI4#KrCPK@T#k=k|toPbur;GKV9?Ur<5{cc0zY z0I%_h`kMffVh5}%+c7g-J|E|vf#k5G&Zi4=9EfMVZr#u1f5(9@Z5h}5V|0#USB4Ro z5QdzI%-uUiK?MqX%43&WJ`ZEQMgvW1cFSLA9P_YUUL zFkSK`PIsL&B}WU|0~~$hs}k8k1qeA-T)#65?UpLdEvR$>$3IWt=LvoNj&hsB~O z8@YwKj`jw@!X^GhH5G~9sfsRmN3hT?zASigh?_V|tByb_%vNBE^YMYwH!zpTy&=g=VQFn4zD z=F;^)j&ni}zC855yFw-@3fMcLJ`e_eI%-2niztv6UrF@js)83a$#7KB%YHbm;q|Tf z*MVlGp94OpZ8g+G5UeAucU;rcuQ+9%%;b}2SShEJ0Dz*< zHMl|p5W-d>IP9LrF(Kl(vUoFYM)QIC7&c+QxX$CIe{4OwAs(Sd8H7k)LVTH?)L-S< zE#9Y9hAG2e@yB-+)iw{{XcDnxy!KxBh<-Lz&@*sVf!Wh?kBin~mAL5eQ!HpC_Cvsl z-f36T2>f<9o=capM3!_3D>#27ABldUnF;DL`vHBG%1KCV!0K1fnNMf`M|~OY?w)Du zY-JIi^icje8+1ek^3ZZg^GDVcQ~`({-Ur%}nS?#E4qN^o%}6Kv`FkAbbPeV9 zy$TlMs=i<|5N4JLhQ&Tw&`2lU?@H2}oKs2`sIsRV)nufyXX7(I%3fzt@%MlAbH`Dh z%*V4usLh=)fMSGmd_$9Oru&%aCB|9rt8Ni;X3m^hs)dTyD}(MwtItfbSZ*-s!lp9x zFXzpRY(}p!oHgg4o1~!UsHfHLSimM_+ze*9%XA1T1W{C4D0MqhVot3RRG$*yg)u6W z!nt?K4DV?9*6Dkd91D_r?{EP4lfC~MB<3wsJ{9{`^efl0PwKu8`){8VcXg~o^#ys} z29jjvpRS#q7dK{=V5C^ei@#dtZ>A4e+TMuKA6^tWD>|a^M%skk5E|kNyC!WK?(w~b z1Jep8k%ng2eE}E?lLv&%p;(7YsUb9=#I?`Zal7AuVuQ?7lON?xe(RWh4Y3NH@wrluQ*;u7M^ zn7Qjq%)rRXA@?E^%E@JpJ&*sw6#rwjw&g$vgP6k-i{KNlAN#gZ`O|&6N9Dnx>&9&g z;>1OJBG%F5wmr7RN8X@fl5CG_gJ{i-NC+L+F@aM2yN$pSi@);?s-M#I=8q(#jBm<& z{gDd&v%-FSfU?cy-sv|m@ST1@eoQ<3m3_uk^_e$DcKmhS*intZF^7PxZIfNWyzV2I z?JlOnirYL!GIF`#*;&h%7uzet>pcg{_k$%r{EAHYMVX)euK$|VAhhK5DPL#c>3=&! z{XsCNGzq7WLqqzW7BdhA0W9_?Z*pE#vj^}jvs4eNEZgjW5X{5lUZ#EyqNd`eHw5Sr<_P`lAgzA+@$er-@Q?v zro2if1!%`7Zs-sP3HwB`K{(9g_dx8G=)`Jj5HeZs%MF?L)n8KSkBK*nHZgnD?sxQ> z6Ru~ok4xtG_l&X-%Tb9bw5E(x7k)V}TaQ$o#Y?iaIjVz%E{~oT4TNh~4N63b(i3If zCG&##obr${kN567tOX7FYzQA;vz3uI+a`H856IQ-Ggr{Ye1|nH>hpd$L8l;j097$* zNlcXeW~`~Z?BYwSIt(k*F*WeB@lQA^ru!y-;r5t!`IB$O8C#6r=|ZCM#l?&NHbGPQ zU(+A<_SINS>bphW(ef%^JBx?z0S3V>oi?`>ryw9mLHPhMn5ZNdx!(Up-ttKWfF5{1 z8by_?3vXpc--4Y1U-ijBLTUAv9YLox1_}FaZGa8iGb{*nvc$g;VcCea==%FGZ`SE) zk$zRs*6(i`r7!L}{()zY=e!9&EBWVz-4K zJa2esCUKLq@`^#*&>x4&8PV|@q3gA4@9Anwxh=fK7u5Tfn96fNNYFH~B+S=6nwj>w zYD0j3as1#i;Z+L=EJ^^b_MRTGnESP0|I~N>-`ws$10tH|L5f`SC0RTOahq|3+pQ6J3kv_y)PHD7 zEuM?szNp%0pw}M+#m4Dw%0jclXuJ7nxWgjuOt1 z(4F_r0DQzBFFYc-pQC5!d&9wdH{YfC+o(?8t->e2@B~I|LuuNV$eG}T)|%i@w_)h3 zzny04i*i-VbQ;hr)6Py6Xjc) zRy{Vk^;gj3(Y^c1N+kEbx5@$U?$;jrPjxtcz=ZnO4UMj(jNp{+hmP1`JzLVtuCSJ{ z*|tJVEmk_|HT-|QXaD@~*YEU;`LZOZyt`4u|MNBY7tQ@Y8{}`I?p?^AUrzg)yp`qu z{ty4#*Zs31KQS?fU6P-{H~upK^k4Y+|8_lQNi0Y}B|!!b;>mv>vHxQH{=HKDjr{%l z;~N#}AH?xeH#k=-|DT!vuRi`?FYts8T}VtjL@CH2^gm?l|Lp<)eM6v6fQH5H%kmAn zLH?O~|9^brU%&qmAuwv#C7C+-yZ#@0WQ-8#5f#yn+l&9F8v^Sv)_vu7Bw2AwY5zfq z{f{>MzkX!i{?jAhVa9&m{|~H2BJ!`bSc=g9?&iQx3R!;5^WPe5 ziji<}exMCz7neW8Kl4wE)T*FgJG)Z|JGM>(_kH94r>!3ZPaXW-hPDW-YP;Dk0Cfr7 zqd@mN`EQT*=>7x0YgGQ0=rUE6cUPhKuV)DKf4@z()L6~86W-3lfog+*2HNEFyj=9p z2>U@FO$YRf0wFW(&tCCQKaWT+0z3MvzSagLB14VVOKLAGp`>37WD&;D8YVm`&!gcX>cA;^eN9`Fgxxk{yb1eM~L_1;zu>$kTTlnsut$@q5B1KJ5XS)PO-wIYXHhb zMXGaIHLRHm7|Zj!=w@{SwoPWa8K&I|++3{}p#}O)i9iiVk}8Dn72}LurrpCY^HJb? zJkIMo0kgBAE-SMsdR+?APQ(3{ioAab( zcZ9xeD{5W$cvM+*T4eZCN^mRi?%eN=RC@ym7Y_pb`XEq`N2@exbinV{+3M%D@l)Zu zYaCvi3EPI-R^A8-L-Tt3a^O@kD|ET3W-K)jOzmru$d2l<7d&XL5+8Q#jRobDj!N`5 zK~wbF(y2>>)pxIthrw6-P0E?Yp7?#Mw~0!k(_RP5d0J(He`L79Pxsw>g|pHN-dA{M zx}pB#)w4tAyE$tD*@BSuH34aGKYR9aIEcutLxcneU^?IgRz}>&0b_o8^kvU3L)gqx8f9+q7QyjftM)INu~B z<&HD*A1ja4)%%JX)^va5AWf#ywdubJnvQ`p^s;r=TxaM z!_dvFt$SogNNduegkhk?LK8yF)$B2KzH>N~wzw;#$g z+)Z6k@$EUZuqac({+`bOM&R}UZpgPL_=*hw2?}vdPn|A=bsJ5(pejox{ty=&cn&C? zJa-ACdE8A)K}CbElltVfy?Hn6T;Tb})2KMY_He*@jfAc=m>{%(P{baESOsO7!l~Bj zQHPItdwLlaOJ9=eyBJJaq+u+*Fzea;wGueha5i(7yt8J`61wVfb1IP6HZb8Ij$Ji# zL^qbF_*kuQ?7nfD#HcT7jnv9H`=a)bf`Gf)o(A>*9Zp`B3Ru?lU!To7tOFWqYMOl` zUv=L`W}5MSqmAumtt52%15@YIOk?X6cocVV4_u}&(QfxuSv11vJkp!{Fow_N11zVL zH}I_~TA&F{mUX2M(`<;zBYvOl}3>G+O#^@~!nKLMv zS+W>NPH)Ttn|t1f&{Lz)zYPy76w$i8K+@-OX$~bMZryOi`GSE20*mF&-n>}va)k4+ zz6Gg=2Uln&)>ku`(1 zUPFQ_>Z9B1JC77+Ym z0`i;p!8cR(7-CIPNgKpa-9{SD=xe_i*^X!#UPQ8uh;G9SBU58-sr|$dk&}){0tj)b zEX2*2P|SzlshQu}L3ggE)IFfH;1VIQ9a6|LDcda#^KDm1P2@FxHP6=|=xI0P&Fgd> z_-)v^ySKFY0yAIqu?) z-9D?@-8Lj}^MqfZ^|plIXtHij2v0+UQ5E-KR-jclA>kYN7EROorm;Fg8K?eW2|h?X z+*X`6V$kUN<>}DLC2mn%waewZyc;usZ_C?QR7w1bZ-XDFy>C0uJ}mh~G0m5kzi!JU z`Rni73C4Ao6oS>iHzBq=SVFhkdTPy6RLDQ^nDO1(9Zt8(sYtjb$R(nTxf8330 zZGd#5wRR^Rl0hYhM}k4qFzM%v=!*vy`*SFZ>B`}O2PsbhXMa)W^Z5?dvnK%Y(F&p9 z)o#z;OVBdl6 zJg`0u#JfrJZKTF)--AX;Y5ApW8@zw7|Ou6)QoLWcB2IIFL z1kQKwI?_n#UVeaJFaqfh zDWd?K+Ex-Z56I>|EsLM@YDsVY6Z8l2qBnC2DYwNXjaDmc&M|SuS7|JWh{@ZH*c_@4 zIwS|ON$F!Jc6PmAJ-AYEa16*8^dbPL)<8m%C{kV!$|&D?($X= zC!Vu;))v4COq*obJ6IIv%bw6seqUuk;6jeni#$V4ciRKc68IOu1e~Uwf%y<*OL1M| z?Ava&dL}1_&cYt|C7$u9@>j+2y?F=Cci&J3&Ff_84x_u>)tFO=Se{_oEb-4Lyi}$y z3pHw}g4=reH?E})biGNTSsJi!rW{*D>gCH#d9$B@g4U%0-ye>P)HYJmdu+6ToH8|2 z%cM&3C8GQ-ejfT}byo*_K{R!Eh`l$N_HSveke72B7|SAYJoz4vN&9an(`xDR=jxo( zs-d=rh76NqMdEUt(Fe%yP~HYS*0Yr-$hk`mtY~%HNT604zYo2JF57~y`x&`4pBx!} zX;gOPtFc6cc~Zs~_S*r^cV!94x=bg^2+A>f^8gZMbD;;kHK?O`JY>*PyJs=;3rd#B zVL4=u9#Xh>j z59BTUnL|Eb83r2!?!F>7J0f(#rDTd@<-5JETB4HFCF%32gehb#QY}6^&$cml!m2zs zJ@A|IY-K#=bM3$STc&vTgz!&JgHxhJaAfT&nt?m8lhP?v`t zQ7O(+L}*#ExI|BeRfV>r8z^5|M}vZ0yt3bFB?AkwP5?pg7*H8uM$dKpX`_Hs!-wA{ z^2~27WE{~(GBO0ud!?uxy{iRND4i8tX?2U3`Yq~!{GoA9T6pyJU?*emfKJZ4W1H!p z`wL#wFGll(2^}zQvcr3lXgX3t9dWh=pwExcz+S3X3u{S+4642IQjN9Q!u;9NQT*o% zf;Qh%1P9Q7De-22Z$}?z*3!Gk_Bqe^NQ@3vh6qx#uYjR}fLUc&-rP}$b zu}WZ)b&_Bb62J62xXvnB?3%aXK43)?CG$4_mQXt7&usCdHEd8WI36a1%1rNkayNK# zn`k9E?Xi(D$Wf=qmM>>wZG-q1{DOF;V*2${8r?kshxJ;-|E$ z4QDrl$hE(c(xdW z^Pf3Y$T%){o&FeO8lhv3A*On<4P;l*We7`(i`A3yH(v?AQlTK%@G&~M9YW^&$p+Tn@fAv{4tcZE{*}=XOYn`#m=~FE!yS{|m3I&`ASx}O} zN6k_@718=&mqb~(oD$yVgp!#OKiioe-N+DE8=rJDDU`UOqazr_y(O%{YDyEU!Rg&$nFPI`*rWqA22|LGFSpzPPWtXx+1hTu4Rt6HmE#C zn6s5JuWHs?77Nq%1V@ozjLE7MyVUd}Ffa?)N^hNfvptE!%oDM?dSz$D$?CJwFRW1l z{odwE!L7GIA~L|3#wBaokAo9Tsm*>Q6yo8ki7_Hf=g-1%z(`pQgOj^c2p z5G|Afk46R)P3X*R1`@?Y^T~J?S_ui<465eRr%1`Lw|^x(z>8AYHTOu~ybVAFv;kxx zom-I5X5cErmPVmEk@i@ac1>oym--sa+9rqrf zL4ido2ig9+a&6FUg0_v6YY18g_l&QA0hOX>2c`R^6&Zs_nO-fagraj%70UP&B9CAN zOID%MG(r4YfTLt-Yye8&%+^GDKm+GzLhD^8aUAaFMjh~Oh;*S(w$D|fqmybsy}l>1 zOQ7m;I{|*Zi*2~fIf48Wv~zB!Si2LO9PbKTB81sDnG&fKD&jpQ$=8i*P{0d|=WTd6 zhgFI}+l=PvS9TVp!w5k3I!tderF+c`d3bH*YK;n`!w~;Og@hhxOE0#7V4a99avG;z zS+{O}bX9xn&RGCh4pXYfwL{03E&Q z6YDd9d?Tb701e4(P^=bvGIe3|EdQXz)J+a|*p{krKzTAz!h+LtN+2P`Oiw!EtWRg= zh;kq}6vMK`Ucs6k+!lre9nabvd*S`Z>NnQ5 z#ev78FFr>%UH^1eSPNaVZO|6)1XzygcBT!_*E)>C!7;BO2`scRFiVV^M*$^ngU|B9 z2;QqP2w_kaTWga&;~51h;03|;<4M!^m6K$2mIZ>uE*n>K*2QAgO{>KN8mDYB7mpsM zTuT^SQXKW7YNEcx8`g>BbMX;mr9qNQml`mPqi$$dh#^Oeyhl7xZ28GJf%p6uj>Tkl zR$QH~hg2PWrDe3j2O$n#+CQm4;1&_XBqZMQK%U9#0yCSrD&7X)>`0Cbk$5Xnv8Ol( zrn@~I__!^YG^Waa-3C7NTn&Q)O&86)yJs##X&j4p{{$Kd{&emA;s}BvK!{bG9aqrHd3v6am7NqpbmwTNUsLERO9nfkEn2 zp6DLe0B`PYfyhw$!mg>PR-?95qj#U3zfY>tO>34Ufhy#9mW${dnn8nI16?C_5?MQ1 z$39F|@jRssF6#rQZrx;i;@JU0wZ+Ynk?*N@nSNYMhO2gX*(6X^Ve7!0bKZ-M< z*Zo+kgkBU{hgq?57;E(IMGQdl?wN6uNYEYaeK|PPYtNAH{w4P6iav113GknGX z#}u@dEk^uo=vsMv-A0f=)Jnm%)9EE^n zO%$sP+GoLllUvV3|EhdXG!x9P>r5BqF$ad6e%4opj97WHF2w7(pP244V{Z_d;}jQ_ zpum=NF4yN;hO<}8NV>E~DkK)c>ZJtAw})}cD?7cK@#Wc~iBHLUxjRhX_2$0x|HU;Y z(Ev9h=!GOb#2s0?=G~q#+gB@Uol^K=5sJUD4@3r`E5vhkw<52C@E1NR5XrzpqAq^b zf6EIdsAqzbRw+G`$&Zxuh%s7Q2+${57RK&Yu>Q5-KXJNLIk+J}sGaWGqZi!W-lmif)>xF^%iT+tkY15LN1ZL zKuRJ>K8cf5xy5p?cGkfmlc`kV!#8wjry#qGE)$o_wuWcdQ_?jLC`3_YF6KwqYj=B_ zq1QXrJ?lc8U<#PrfV4@R)2_1#(v9vhI^Qa0Q<{Ul-I^KgB9hb9Fd%E05yOoFrFJEk z`8O==yxuPp3Q}i{e3yJ2sc_@k2fQDnRU4(Jb!V&>3}LFL98*%4CBHCs`#_v zOSABPy(#@MJ;haPXZjD$c=8&1h29=uprh= zex~O_aZ~)pXE1~Rd3B8Zf${F zRXR{zSqk$vGBR#=+>{Q@R*{oylNe>KnUb`zNy zxO?;iO)m9H8n>q^1AXST`tlTJ6mg}o(K%k8cc+o7i-xSw-Y)^aCZzPjf7*FC!Nj z>+A2H7dxI~iepsQh|-y5y0{5cF!^=$ux&h=cnv@8grBr2(}3QpC&6wloDxmc7-lO0*SEmEHmYCUXFkW`84Q$Q~H z{_v2o;1rozFf(^)B2v2)ob6{aA(oXC?mV)Aw2RSsM7I46#En z^5wu~ROx4P^_y+s-m1#T@Nb*KLacs#qr5G?9W$}^)Fa242;XI;*236DDs}Bka^iwl z?mfmykG>oImM+o|o>HpxM2_VJmTLV*MiRZ{%0B4>`9b~37y5Kn zS3l73XJLw|dX{UfuDY!K*G8D+b;c5r8_&_7w!M67#(Jd?AAI&*%Oa~)3f9T%+z}+I zwtv3sUa(?*uQw(1i!2RhzyEznQoFacrvlKun2@jPT=Hf!L!<)Pb%=#Z-mw!;h0i>2 zGS{2Rh#lf6^NCU|Wp%YJ>XHS_#$uC|jFmn1bP;uczE`6Ey`GLjTY?$=f zfWiUFPv#f{IX8Xdrv?2zXq0~HNpMse{5|C4U}QoLv0rs=;K(8x;V#`ob98tCrSoV_ zNS625F74KLbmQLc{>R`;G4 zPBpp_-SCq-r3qy6E+E`C`7JyxsMDK9lj{4Jed_(gv`}KWJ@0sLaG8qGo)VIULnTbR zZ&w|r&=WZD<)qW}=#0}R&Jz+zn)0q$jHlf47g3Y~mQC|go(QUWK9N%vRiNOc0j_f^ z$+n~Hy`9!w7(KlHJb2=WRteX&D2ec4IwXj z2x@qlVUBF!^U}QCj-OV&So9BHDj{8CvF5d1@{2a}wNr}xNmwDp;y=HZM_T>%g+iiowx-L(1bQBM$Lt!#)|?_kG9?O07G+q z)Ru(jLJc+g&KTm)JvGEGn!D9ZdkiU}C7ix)oXagjG8VXGC`H&n@kcBr$1 ztT^s^Co|IZ1obTvqP>uod2=j@nroaty*7f&`_$R*m0)hN z-Lp?A_qLyjI=Y{es5ouV^I9a2CM_SRX#*HYm>pu_4}3*BB1hx}HmJcFLf#+jWYq?q zbbR;OIV;~eznTiBGe=%fir$KCRkgv3mK#encF0C6Ol{cKo+D`38vRCGsQ2CUqZ-?C zbrwnx9NDK;tC^qY&fs9O5XtJl_eFo?yeAguWSbqP_#Ib=>E1&hgK5m7tMtPtR-7uD zvlp?!=Nad_iyCRAH@i963+}aiHR%`o1X5@qYT{}tzx7-pbPyVB9y78UouYF!qaebs2C6lFs2(Lv#`N(D2v-ReO-5@Xx;G}Vu1Hjo3 zq`10M!1+0oROnf2Fm+vJVNW*Wap<^Dr5V999OQ?cg>UAid}2cjw5w)#vKM+(0YtW! z^R9IuCUUd3maWsgA>_*yJ)vR2 zf3o~K#T{pDOwUTTr$QaaX)~Z|TRVU#>es`OyUix!vyq}IJFtN&Q;*koPuifhd7YaV z#T@M~N^xt{9a#?u;zh47;z**ns3EJ+R|2waA6rZ}R|t^NvwE|Ts|11ac)c|DnIne* zeWNQ}(LZ@Bk+=$_kp~PgHW`OPOEQBN1vdrw2gJ#SL8a7CQfn-0LE5%RGDG`I`1xRg zYh=I1z$wGytJ2AVeZIPId*$i@bn1QSx&C-Fdqy6xK;%!8boWf*aGsADm=V|{?sINc z(eDp*SWH1ofv7BBURg2I4|-AX0; z?bZ47b;Io3>AdM|L2$3=TvOm#vXD*8R(Joq6-|ueoZ~Ad@;FsCwnxS_tJJ|WhQj_9l6jjK@4M&M6CID&>hR5Hl;?nQb!zb+XLEP# zMP2$g-4dUs%U&zIJx0$Bi!?k3&XToE=tm;Zu%6$;(fBQx)ZUWI&mxJpCTsJoM)@!* z(Pbwxg^zt-+%0u-$i4{c0j}KpgwKRXyqp_?Xhtb|6ps2dTn)#`63y+E7R$Uh;K$8c zG>%FCITQ`S4W>32pMP!$H{Ai;b86bs`hrP#I372NHPb0Rs!h_@6s>N6l)kj{478fq z?UupTmr*hkr|q7pb4WM~e#Eb-Imon>;7~5pOO7+A%cwB z++1>*RW}da^yYG7s?k}dM@ymz#zy^X1}}oPD0A%F!$&kKJZd=EZcFy~25ksG7_VSP zrMy|~>s5yOZA>m|tH-3ROz7srdYvGY>s@iv)nc8^pRR7&Uw7=^ZnSsr-{jM0jk%71 zctQRv!fPyk&#Iqg6!x@WEVyK2)-K~}MtcuJ>_&v&__a>il%ByaO zLQ+XhR)O%>o{6uv{fx%w+#WB?|e~vOa103-85{f?_ zav&DJ^}lB0G;p#0V}xPl>qCEIC6e@uEae$dET@31PqhkEEx~B?hQKnmU1m2lY$zfw z?s{DxYg+6Stb1`A%#d#;b77U<6+{Y4%2%u=^w7XD(KH2|JGf-76`J`g*tTJoLj4h5ApMsY0AEGt%f02yi}KF` zVu=k_v!!k$7@c@vSvjQWE`ddh&Hq?di;%b<5XB+%z?}ui1Y(pFNkM~8CqNgALe$ngc z-muj>;lVfWb4OpRoPF<;nN55IOla`UOw2(l2C0;Jf80>jR(DYuH^2TUO;q>}H5iIH zdhlE5iz)WL8{;i{#KtZVS1#`b1bn&z1-o+ZDTh-tONuzcN~^i5m;m9^PMzAB$%Rx0 zXkWR{KuCsPW>T~%bbs1-jaRXM{WJ~nCwk@>B?dS7`O)zzMYnsfXqaGR0Lb$X-r{l_gm1tS>5m=4I zf1)|jF=>|0&Hn1Rsg%oP;1^DqD7It0n8}NLi<1tm;U7&=#FP~gcvm3h930^ ztCc|n;I(vxsnX$8x*es#J|U7d-^z2G2j)7W!@AUtJjpu&r_rp_c;AB-{DC-S5ld+Q zu#`xtbkwcIudfEOqC>S46)a-1&*lCLy9GARIMnBFGS_!O2XG(InMqc%rpKd)L}cF| zwPr^@WKkF5)p*9sPDO@_21zF3NA+--9X=sf4ZpvEA_}7j>@hPE7&vT9Lv`x~Vlo`r zbJ*9<>;tk((2ATzWwsTE^i&L&q{w$P3$bNu7F|%y4Mt1T{06z7f51Z zmxeGZW=b3DXmTf8Xm^UH=2GfMM&sI#B3KjP74)zT&ngz}Fn-JI{thN_DxKUc%>+wS zqe4!0$$K_zYQpv24lkFmv{IgoOPrbwzoF|ddH&zqa!jI`$U3=Bb4+mD0_Pj@Vb(30 z&?_iY9#NtWe1LzUazT1kSedcjWIH9>!$o`QYKyTUa_nrDKiFjq0ZqKxSDPd9DJ{fC ziN=T&yY;)?{T|noXNWF>zF;+|eJq)IG4koBTIqoHHIL1iP+$^|8}$3{des`0CjU>5 zpAl0h8xc-e270L7MC3b`(V7;szeGR8jo?(S`7m*m8-{J>Why00d~jtYAyU<#uN5l?85;oluAHAom=7-_lhP0$QkEY91L&EGt+ zoq?MYiG*2y_(m3=6Nle{*wfR0FeaEuAQ_M({ydhxCMSmefJa8`xyw6k=e?RG>J+H; z3`vE&i%^06ta0#j0SXM4pBSOhtdzo@-e#_4EoZi7qJd^}imTeu8~O}r&N~x6rV9zv za9~IGI<*^*v-xliqQC7=-mvn5FPxmWon80L>H~CtUQkZ2=SHF~H|>4PWz2etWnS{j zqon}JLcvW1Tnv>~_Qg4?7|O@u&}co0Yjx5RX3ewK|@ta2K-`mmkl{M4Q)X zx(t2oBCXgzhdtX%=CO&q@kp1sS>A$fy=k~vx>f^*MdT4>aURm*)IDnr;kOZuEv9OC zg)_-(Od5k5EY&Y1E#2I9bXFs+jaRX=h?~hd_BvGs82j zcF>+1Q>!#u?j`o|ul%4M_ooI6i_@|>g`-eVTKUlv{&h@P9D~rXHS+VVRw;3FsE6+x zf_YK%#thrvazbBuQ|4k#M&m3xnvh$h&QF4AlJNVo8VLpcSeSh3ECn(Ihw>9uu({|3GWH{O3aOh``&ShjBuOGLsvw zuh)G3_N{rRPQYA=Zf+U_ceE>Mez6Sd0pyQ&EQYOmrR`TPCNHg9P%PQz+Tt%<_UGWf zJxka@CxC5>%9g!P`>A?gcr4_FjFHJ;8sdX+Rlw;Xg>pWW*jdD)v?1>sNap9!)4Ufl z71C1H4+G~4p7AWk77tdLCvH9ey}glJ*&_2ISFodu+cZgz8hbfTDW&CnD8+xksO$2S zV!(fhhUhfFs$2xb8+e6#o2P`;_u4hGPPGHlungcO@xx)&MAS{u+ZzHzywfLNub0DK zCf4KEMj;wui#$PVxOra^?w2v++nC5Nxaq2m<|$h0jsvVz*MXz4>%()>>%BzB$v?Yq zCe}aPa%Y&M4q>O|#V68`4ny*>Gu1IgMb&`}VCqTt-*wIWA~`1{W;D?cjy zl6s10h_{GRD0Z0DVtIc1#@eyzHmX;$d()SYEEA52{~n`xQd(kfQVPiD_QW*?zpsEJ*hUeo}0#t87;TVG;?zhCrm18K_^?n z91?e3>w-(z#4rmyvWx^b_P&S`a4k1m-eSSeA_%OMO9WvhSpC;|8^5ct4!5X_7sU5$JgF` z7F!)?YGwj6HXUqnKkWq>?yW1jX4FS?&UU4Sc<1jF>`ug3r;T#N8G1*fyCJ_B3IV+G z*#V&bP+<2M1J$UP_$-TxS4sxa@pmiPy>^_Ul9`F6%ZZ}|8DnKkuL9Lz$y^s# zZIQcz=cWwXC3QLBKHJWQEvzhImbpsbe`B+>zdk;uSO%ag?Sfc=xZ3%Z$Ni*M`+JKg0Fp%p=ci4H?avD&zD|SI zU|rIHp32oql&H(g;gR{E=hnWs;I&9W&t#aCJFFem9_W>_d=yJ!UhOdd+N4*iE~2tA z<2_&RgH+{|qhycEt><<(Y^C*6hot5ms~v$UtI_m5AM77vRD@tsPP|(dU4{F`yyu4~ zn{0&P$VEJp&eK;k?&ci#9Tu}e$mJuFm@7QG5Bm~|jtJs`s&U_zhHI3-#O|#!S|Hwx zih;1}het6lwU^(&sU@~?Gek;$Tv1&%-ZU^&8DZ%?Bd=`%3Yo0WId_1Z#?;DbN)hF? zZ+;%f_6H-6*4UQ80|l9u!tk-Z%nkK^HKm=8{c-!La(A({a4N6*wEr-BeDw4IfsusQ zycGaxP7HnYTa00n+^lkivxV+D`o z%ISwoJaY&5EHUn^=bq0(c|aO1!esJrwC@Q z@ltIGd=@8cv7*4M_TxMKa4c3%wBax9G&N19)b_$O$n~9B0r&K2msus|ROg%0^4<+@bJt+ctqvIle{lvX%Z#@A)oBn@sv)RpMc#($=8)DolUeL-TH^*D1| zW@`vQ_Ca>B9`*2c=1)&sabez^OpL6^cx2{a;?hGANydY6{77VEBEPg!?Wg9ENw`t?e4@ggLM?E_Y(05 z0OSdU5A&$6c(d}$eO?v7Vq~~Sm%UwhQ#l0^CB^b#D&m&}?{23oP4pyi1C}CfZBMQ!Z{7f;x&YqP0-q;|R~e8`KYvRL@y)pFBRtncW&dx?vvT z7PuxrvPqMGj+tL=kYd=NFB=*k!ASTwfp zH5K*7!O8ocSnNWu0~Sqb=yZMhyBch#2X8#PLN%PIj+nyMC&+7k+aGQu1BoH*N^;^^ zfx>{f9FDCR`N%-8LK!^Z$J9LkMpe#$62PhBYEJ0XZQY_WzT9n4vxIOD>DzXXB$DYsucGc`_v5BQ` z=-Mc#!oc!H$S9;KIzAufBrd0jl3QiH!f%_6jeEN4wX1}Dq83G5vIy~*>h(wk{q_a$*RgL!-e7zoUtOr@5wf@B_B(Vx zr7zTR5dY}8HO`NV4kGF}Mhqfd=#@YR&brTJr|HqIv1Ai=yEqPK53HXVB% z%naJ@c;Kdr$954QN$vCd^tRM%8LjU5vsH9o^j3O0O6o{QKBvr)#yrdbynP{?a5{CbbZPpIJ4RZmTmP4PD}+kHE4x5D~)k6U#E>l zG~7JkddFB~1WDyQHVa#P9Yr#qRfdKA5{ zXa+Gubps?BMxv4hWg^W?<7xW~*AstNo5`O|*Vu?s9LM;a@6BqMkrgqpkvJgu5yf@X z?fVK`b>+2ODzhZ)@6Cd6`%yimz)53^nJX45!micDU_FJu%IepvAS>v;Zc+)Jp1Zxh zlJ5*;XG+D-{05EW`t7S#GBZaSuPz%8v-8{qLw|Lnja`3vDu^}yhuk7M^;(83?}dT3 zbv=t4g-*wa2Zhh)9Q=sds=tQ6iei#^{!pful;O5ZgGhM|u*jX7cO0ayNifxAwm`M` z#U^($!mDgG_(1oNZfU(@dobe5;LLVWlh#1B;;|y?GaT0$uIgZN67;h#paqSU|Ki z*|oa8FHzPzz2u2Z4m$SWvejD<`|nV7_HAm&$>-^^kpuOaml@9aXqlonM`0k0ksC%j z(FH!7?xNzIG-m`9zZB+t$znV>7^exG5(vRi@&`*ys09^|2_Z~EnfF`33RddsQd$xm zGRKXcE675l6~u88=%qnTI|-GA3l{}{W|L+7GH}W*A0NWaXd&4(JnvJdKX||5cBi{b zapPBrsetuQ23>UJIlvND;c^~ttF%@#B$HX9QX^uAec&h%-(WUORL8nVP;AIcJ$>Mj zlf%1yE)gA(QINp~88T9NaHDh2h~khY=psl)yp`Deevu6OW$ zWURW)dH+1ghHHSY?^W8&eI9bXo4usJj+I7U;xyO)hr0KSYckvVh7~~tL{yqcwbBHX zs&rID>C#&O!GQD{LPuc4QKU(e8l?9UdO{JE-lc>PLXi$3p@$F%&*jXy&*RLT=RWV( z_e*|+B-h@1?bY{xuSNfo`%Z8Rx~LBf3b`#KIQEB$E)} zwoaAe)!#X!8b``h+j@pQXlnEcPa8k?%M;%R5Ei}P_I(mh$rAMa@z$<1NdRN^Hm40p zK08(6;XVBrYVVHD4qobo{A&&HXSR>tw4E9W8VFI@74{zt3I4s*Z-3T+;Rv4&ol3YI zE7}28J!K+JF=?SRBxcS7!R;(K+xb?YqgftGlo(NXsXXj5BELst*99x{8#hqt)N#G0 z?{Q<>DBL}`$5s)js>?ZGxGOd0eei!9a@9&umA`${>aVUK^(|Pga_sIW!f~~IdI6J_ z&sk-^b=ds0 zA5iuh2f%LOFRsGl3cnp4YILfcv)1X7OPx8)cHd0P*>?aZpFN}8U^+F#TQ_;nW>bUK zkQW^DT1uKcyrqRz5F>Y*`eDPclo0jSK9P*a;Z$ktZ;J+O&*FDbW(I3+?i7dCjpuq0C`35$Q^~7Bm zR0gCfZ5T;_Sr=d5o6f!Vl*9H4EZ&)%e+qYF%r^*_5EX&M38S`8nA_xysFb(E-SZ|PH? zx~1Q1qR-4E=*L3yEap8gyS~SVmgb3d^b|T7&FQQDW@V+U3?FpM1*Twtms8P+TJw7} z>8>3nL$~7?pvnS{TccuUfzYNVXW_o^?gtaDYfl`7x%R}l$eT&I{!rA5moFc{h3~E& zV2knLiMl#Xyy{w0Ee*R@y1UjMd6Vl=COScGEy%q{cMD^f=mE~)*#PUN#n-h5C%b)G zltZ1}qfbzsWws0X(6%r$QR}?UsFEDpo%POuwLyeGNULE&*wAVt=HdCB;zBa&EfZg^ z;{)Y;V7o%x0>Z7}@|9y=(86VLZjV!4#Yp{xsV4shje)P$Bk$zbP7phk-Bd~^p5^I# z`Hml*%+e4_Fh1FKQ#~=IorqbbWI8NTUS1K)X<3WPbn+5k;YI<6JZEfJVj`jRb_Mn_ z1#I|RVxX_S5;o1`t9e!*--YTebc69{oJ+8=dTzHj@pD|rASD(Wl)vMcY1YGDp~4uWc8%UT z21k1a|IXso6-jheg?`spfw`(bF!DLwk;l`jEx#MEF-XI2rjjRlQEmWz6hJ>V5Q%yk zvtTliZl1~e3ZNXXP7IZ@cZ|rB)Pp1KyHFLQ*5d<=d5Z@23Ts|gT;K7kU;XsW^xuPo z7hDsT0|QzaS}u5PLJxN!16H8ni6bGH0Sa*(IBhv?;4 z_D^p`L{bGV^XbmP+7Nei$r~@bUFB#lGs^P&a(3#7yYq#e$Q7h!|L88%VUp>5I=P`7 zi9&6~TLl`5xzqKmN%UVmKrf{Q!40%l!nKvpLM+*f`NtK%M>ep%Xg2r42VVI4v~p8l&92KPs@&NFj{ew2!4+Z|EYy7(sLUaZ!X5DMk!Y8*7a|$f@KvN0K^-E6-Dl9_C#y7{C6KP;fm8%Q8jlBN4SRHPjEB<$o zm{Cvfe2yxk&n=U~p z!sNh3Fp5#qSI?VD>l{6;iuZkwZ~3|CCfy8TSeS=oeH~M=SoJnuV377Qys)t+u1oPH zW@{g{iTL>_Ekjt#vR7&Z9$vCfIj1I|b3w@p%EB*oQjI1nw72}^Dg52Y%K9k~IyXx+ z5X@ENXh5^aTs?RhGNiH{Dr5$fakh)YjvB2>8P07BaI9tcbN_z$v0?wmc9xO${ytFl zq!MM}k3rqv9f>nPJ%2Lqea9nd8miDN0L%&vmMG-Ech~wG|FmWacX8wcT(%w$Ba9(k}atR?t*K*%-}o_ z6r{*@uepsR($_0UGF?L3@fk;RCy|%#*GW$n4!73YbsMyFKMLAxGr}5YJ099DBA7s5 z-zZ*Qsom=p*M`jH<(;R?NDh2<=eTjZf5Tvxq8D?xkTm`NJ!2s;A2D$BBcdFa;^-1Z zeW%8vxam+46I>#wOR_PVk=tnx2u3`i>$4RMbS(y2G1R`k(LN)Lr*o z1V&$Hx96t*5CaM{AK{6UiUU{cSqyz-s=MscUKg@ zwP-QV-`^UXr_T)wXQrm_&c{P?QDGJYWviRUtOSeXZ+^nX{ElVWJtL!QLPMJ6b(v|9 z)wdK#b|8Mv&r&zBd{0?L`6(D28E6|CT*7-iL~y@`Po$O2<$Fpjkm2XaX`ViZO z6-2zug!I@3$y6PCd9$@phxi7vt&wCXAFqoe{W8XSR>;!%vPm4}aojGPPAupsuea9@ zN(+c@6vTJUX6%V(8Y)emX{&xY5k}P+@A@C2vLjGF8ojC~La<7_h4q}-h&#CH<6F=l zL9dQ&T*fQT1X!uCJ9T%`g$B}DpJ(?_?RDpo3>{0PQfb*}=n9IF{Xk7CGgW*q25s7Kq77jp9pl zH|*I(28VGd-b6HRb(_^rLc+4Lco$fVCNF?)Vr|fxA2(hgNUwd{)u1<5I|NR>fLO1mVPfKIK<_}BoOt$pp1ryDNa@Hzc2{0J4i^zr0^H6% zQA>rkX_s3Nzs1sdzNMCVe{4JoEwCzPg09Y1Rb0UY%*S?UN`vbJUlvB3_@Z+1&fGnd4E}uX73&!!E)Uz`!U1%m{~bg1WM*bgsvQ1Eq>)56If8Q1imr+B}E!`EZM#gNJMNb5Ua=dKZ*VoTR?Mf9E7bdW&>FV%wFaYF(}Gm^uP`V7brd}V@gG=+%S(>$Q?CB z(ucWtW93$5Wdus&h8HGP z^65kzIV*VYWh#B9u}e=}aW2BfQAS6h>xJ*7Xg*|#UmXQyv@_|O%&tC4no6=xLVv(d>jyAy>z24APIyVIy8E~5o${TQ#`{a9|NUU8^I zDbl6#9bAoUjus!grl@`L6N#QRRqSN~sTgnLI9h^7P)*G!I_f{QNoH8~cSdAZwM#gT zWM&NLk|$_BY9VLTh|QAzFUC(e;=*&E>hGiskrnwTYF*e9fMvYs@P2x}R&c{F1bN2* zL@q+kH-|mm?-imMF)9bGX@4u02WL*Nhy;xJ->m|Suv28asQ$B=Cg_ODiOPv*-k4!V zhKSp`MhU2T5%*o+%-)qxjPEyLidQfShYEUDO6A9HT?{R`~yiOvB zu{jy?%JTcc%#+*bF<}tTIZ6#wVFwm@aJcOKVAVJGk+YDo+*G>k_i4w0=EHDH?J~h( z+g^!COmWu0TKK5d)Q>C$Xyja=eC{AWtfPXGg^AX)_YWTM+ zjLOxmORqqu6rX`kwv~Qt4W%n{{NPV$>Y;f{nXBS8kUz_7FV|-iz3#xMDEFlrHgr?E z+%&=kc}G5IAwl|Ds{qXhakG)YJSzF_+K7IIJ|_-e0{|OMldeA!Y438HFD%f|s22F? zWR$y+>RL?>QEOvDH&Yi4z5e)I?=xrvT}c#|e@psI`^s4atKo*^*;}h;(x$!=vCujO zE5eoNJk>=R|t z^iIQ9s_b`&Q;-P8jfJ*7&umTba|UlVv2-7&q)yj1-g|{sNpQ8(^(P!H4x>gWJ%ugE zK|PG_5G`UxIs+CCXlU@lW|$xCVaRwQre$<>QxrMUP^p|RwurAP3vs!=U9VvNk&qB5!~J-P!(N^+oK zE&lpfg2uK5U3tFMdTCSn#>wsXTKq)0V~w>HzYoup9+m4sl8WfB?)b^)Z9k{%PTc6< zhxlo(NET$ZEF`37XF?v|6o-g8JnR`*_70VIBRVVeXtaXCTDMxJds7hG3?eE(IPwLDXX0wTvR8>c1$jQ*9fn(5O zXdK<*ilhgc#ttnha`qN7l%K9s^8hE*vJys|=EE+TH3sTh6=&1y6m!t zTp0$r`}UpR^x4q31M@3C6kws;tk&ywBIfVBlJWgtp8=L71Z$G{4YA81PD$WUePWq) z5ZO36QSMjLmeBeaZ5O>5c>%gk4(oNpevOL`fdVlyO9%6Zo$a1bnODn}yU z<|=t;LM3b4r}f?LSKS1}0_~gb zuCi6cuVJz8rTOeKrJGM(}0T5&V&@=pscit(l6B~P<& zgEefuIqnzc6Vt^qcZsp^>8c;8aqFkoR;_6RUEn;Lc-QaH#= zF4vb`?q!!X2I^p&L?rrQ@Nqbq!r&?^ng?$Bazlz*s_? z80A`@E#>?O{z7C|E4B(d4NvaMcfeX9e`Q1CvUdBA4X z{qoo(>d#-eU(_)q+(hkd+bpeS-2^p0QU;XcJGhe8srVc}<^?-g;7@J&?)O&+%uh`p z2(^<&iY#6N-Pe0`{w?;=ADR?+aT=K$m?(u#uXPMZEb2U7u^G_XsM^Kkt9R>A5AALp zY_jKb62y^X^%_}5(-huvX;m^X-=9;spgPl#G_}#%b!yMvPL;>^WtwU4W8jJ2JSVB* zkprH6u|REMDw=DV_{7KWFE1eOVO-?>(!gAk<5!sh!u&CT%mVtu%7ENJsRgrC1j3TCek^r?-|K zzx9)XC#aA$pR3th#=mJdS2!3Hk25rh%zjzN9*ll&z5YsxSBb4Wgqrxr7aK$}T?S5{ z=d^_dO114_p{^YFw?tqn$!i>fHyFORIbQX>HqP+p47Z+I?M>2ncgQn->&+Yy;rHBX zVM_z&A5IUEs#Q0ow?kwF4qmN!SkBo*ULHhUX>d0b_!o6zh*XGID`Tz1l=f#_<3v*o zjJ|H0J6#yq>*llb)e)$i0JOSP=ubjcn9(^+RHO4Wk{v(@Ao3ww7?p&@As3i>m9PIn z>55ePYI}5VdnBSm;ds?7^>9IYkId5pbaQbYL#T*jsti0au7swNK+M?d2P^g2Q5D~F z<8ZB&1LN8vYjG#QpL|TmX@4#V2wP^>2ze&Dx&p|ifdoojtBYGF=QUssF#;#W_{G~E z-TdQgI695=gC?$kjgx3l)00xw)8JS?#JI_yH1SqH2@V`9H^bQJ;uBABO8iNE((MW_ zG~IOZgD^kHmT!;Kc|Z+yngI{p9!na#_;a^C_$!dqe4d@(R{uq!pOoNVi~EBHz&c5M zgB3y8L(FBf2f(-A#VB=Mt1ib0{`vU-`NEzdjHkF{)3ZKqQG_PautQ~#I zf7@whMSxe@2=^C$|CRo{OjJEaW$=NPgMQRxFwA=lZW8yK;}MDIN8X4N4M-moPF?VS z<#u!sxku@Mk=LbNj1{NrU>DxJ{yRlqCh zU9(1cKccw%E%+kuZ3R)9DC)m*1uu-|a+nyb70vlym;hM?>@AjrUK;-|yx(aDESz+% zfAQCK{|CMvPX|W!fClZ|_x_cwI$1(g)F~ChX0^s`bSx#$!u*>1Nc6#V4fL$&yuQ?< z{Y2qZ=}Hf9k8ORE;<1IRxNSe2r5I(Lpq6lm=u4IAcWZKc4Hhy)r;+HLa~-okVDeAz zt{RhTOG{roEqlfwd-qQ>_-`rFxdX^5eS3Q8uN$az_mYoQubz}+e*h*Qn=wW}^f)h{ zvcYx0f;ByV%T-ILRxsMD?tjA-ZyU7V`kVAr4V#5Os@569n&C{Yb#(+1@E$3?mE4C5 zp{b1T11Iu=j^lt@XhNC^h#E(9+Y+TC>Rygb3Q6u45&wfmye)u2SggB;dH4&-Lac=< zp3mJvu1%@pmMnv-1QUczwr@phqTd6@#I@OL!vcEiD{Pk0 zz2&C4a7p`-&#bpCeuSk5-?n5oVFk{A`effk!qJ{f-BN{ZYKp^B~qT(%|%zvMaf*dls3|v*q1V{X=LdDRs$+8rq+$m_^X~N z_V{`J_NSZjr;bo+roWKc3-yrt{nroLOfu)1{X66uZT%(owk5UZClrs>^z5Q~-1P6` zJ|7+3OSEUrle@S3&Bms0Z(D)%!!g*h)PV&#gB!LUbDXSbP7m604?^?w7(GISMw%oi z|7A>Ir1?*PfXaQ#wf}W%lz1-`Sd^;Wv3EpK*pn&4G`CT?)VIxQUS3M(k$+b7qHx)S zvRS*1aUM&Xcjq&cz<#xR+Fr73iyzGczZlXMw^Pka{s)UH{$$a7Da=pX`G3isMa}vf zBEZ?W#bV_9d!8~7G0Fa%TEeYJjvMBmp3a5GE;yocPd~jb{?F&}Py^39C6@Z@Kq1(N zna__9CJKWI#i&PPg?PlvJ_mHYz21w26v-mhJR8lC0>e?Yc>Y;7=gI2(hAfL$|3^dr zi!d=ufLw2}Yz{auZcGh3#RUfz4fcFU#Sfequ}BWH`8e(uOi(Yu!mKfZkn z^lmaaLevEI!EF2AA=?oxl&FRh{lX8m!Ed~S(2cJn)(7tG>dylG-=eDBXM+6yzixHN zgX=nZUiNE#`>jF2V9^Y37oJPE3*_ za0_))b*)4NYfK%XqB}uwLNaOZcdxD#GpeLC43_5H+WsPU@ZQbTjdo-n-U5mnf3Aqk zT##psl8oeGFXs&Stl*6grmV9ClfQcTZ&cc8u*2w_D1g!S|EVUnX88{1{2&fyEsmlQ zDCX_I+s97NkQ}*bDvn>-`y@48p^~$7;(Vua-FRj!V=7e~j~3n(3}f)MTigRhNDmBI{*Hsf8NK7AS+c&}{j;@v8tup_-!9;EKk zJ)jgc`dhRju@0~i=mQ3hKr7u{W~-l3L9uDBN5z#t!;)Wg$2{@`dpt?2|MaiZ&b&jb zUu4{Rdip!Yj@Ns7${ zWbH&`af8R`mEvWpid_d39FP}qF74{CZop3_yI?f4@Kmql9ob*J9w5V5cY^TTakz*9 zJO}xC?2^R`b+&SMdy~H?A7u6`I0L;{j}E3BR2<#{Mz!RSZ7Q@%Qz(g8DdT^LcjG1A z(d*?e?AiV%_y2hN9f$!mRKJ}2yHNatd_q6f(oJ>bFZ=wf7W}vD#ApHLT;`JPfBf*5 zB`H||BlilKOsM=t<^O$LKvj7Gs%kj)&Z&RQ{cqphQUgY|==v`5SKImTnf-h49420+ zdYg3K=2p#WvBUGOW5_xkpYNEJB9WK>6Z4%g>zuZP?COrC7p`nn!OhNx4jZm2wy{297JDuU!Ue zrk9NtJQLo!H}ws0+K&*eTUzPoYnuc8%}84dp(c}THX#W@MwlufL!~-ivo>3MOd&I; z0LR=7NlpMx-4N-mxi&Oc@}SBRclLkV_86v+Ydo1Ftw};g{bv%toa~O`B33o+ImCVH z1MZG|r{*V4A=3dG-ktRWu0PdT1|@S<^=}WfI3c~)#lYU)D;_?*GOApVoY8VilxV8V zu7B!1_YdWm2G9JDyUEE=Dxgq!UDI~|qm~e0Gg*pGEG)sa-LVVp0OQ9#&2^?=J?|T8}!IHQA;o2$_vJ=$AYABMI$cM1mC%2fX#iaY#GYLKV|Ep}t+Z zH%lE7x()LUH62lTxi@cuDNEmWlB;lUfV5Y)fg`TG1!V>%rkf#c8Du-x^?>k7lZ|@; zN(x*N^Iz#BmVP3;C{$r+Y2b{cz+R`ntGqvUIV6<1^N_tQbh1aoNfx0#MnlgE7F4<) zO!*>FTIbGZDlVv(PZ_ucI2X@r8a$U$T`JX5rAn`z?7n#YF&Y4AYB&q}iwp7j+SK&@ z5vPP;&8*g8!RVuC1@QFoPF0K5Ez>zJHXnUA_s@MO(=}GjY&LQSuts>kMS$=kd^wp# zD84TEczVd&f~a@t^j=W1JnFIh-g{xwEmbcj%4RVkV1}ql&OPcG*!rp>WT5jHvvM}HEYx7W||zyB6JHsWe}O>_5GM+R&qL8W_4P@W&waW zR$qO1&{6ckc51zD`el0fDc||LQbZ z;9nBIrY5D>{q%U%;SDmd2p4o}9woIsS6>|&Y+kp$s%E5e5={3W^~q~xUf|OC!f>ob z;BIgrE7)5qzs!KV(;z5Yyy%nu<8oT>UAjLbofl7)Kz03=J4j1AZ4}4nn@bcvkee<& z(Rq5zg%HR2XtH6OhrGXCUR9l*=>hawDODMkce0vxEcG33586XbYgRRsMeMqZMOmtDQkwc^)!6joRNQtvi@x_V>Cmo za_U0WWiQ5B;!$2YH#L-a?b4wer3mV?moharL5B z1<2vTRXmFr$E=F+G#^v=%$fsUuY7ZhyA|n7Xd;sX(*PQuM2BntzK~@~nE^q|I(F{{tiVaMERGee72lTeU@C4u9-VP#xy6R05>N0U8VQ_jFR2ftPB9LtoR>MzA{@=eIbHEQ+n?bkA-F!nB23)&(0U#8D%-rl zW2kTYG7v22%zV{u*)bDcYSumgfEcrOOF?*~4I>IfvX>(x6t^f^uon0%%Xr;AR81>GM#KT-a$ zv50m_NY4!)+9u^XYh7$n^RC8Yx_lQ4HEqngJx~)&Sz)Vl8k2Cz)WzoZ@9#>R)!3F2 zLTe4SZ~e3pEmJ_0<+P+I3xXmfOCQ%1#cCGfO;Lf)Z!g`vZWH7%)obDjs;gZqaSuBf z%L7+wL?R0bKH!i2W5j9>zUpK$*Wedycarw8Z;6Oc9bp`g>}T+{tzA=tdUx-S1G9LI zs5UT}ZBC+iO-~D!VqHHOm(zedL@eMVsKT{oMdm?lx_P22d7xFok3FzO ziXh#2Zchz6Bv8`!JN1KMeLDI5#Z-dR@*w%4=Lf#>rrL5?fn`eu&`Qb1K2hjpUgnk& z{zijVbGUkw9|Q;Q5rK<<&NB}5f8W{P6h#A$%kM8XsD+BvXXr)l3He+m2BphZ1^@*+ zF!2IJ4|KukBpPV)^0kgMAIFGJb#1mIG;W8id-1*ax-b*QSV1{*?e|_J z0L6ryq7{MG2Nq4YCQBGKfNSPm@&u#2m0F+D9yK}(BeABrsMO&SHaVa5nmXsn`c2C0 z#_Xxw@RMcASr*gM&TGpDZX zi;VO={+J&)D0x7B)LLJRCED{58#q8yK7{N3SgignIm#;oZ?>*SNt@-3U{R#Y%P@C| zu!S=`714}mEeY-YBQ)39(mfH7W8!A3wLc16TSPVugf+_ty(e6P{^)?EQhCj0x!C%H z0$h9yQ&x=v0;KWOp(2f$>WG8uD8Y(3}kIfpv3U%b5*h`|OK!h}TK z2f9859VFDE%?#`lsV$@4@wu+`@ z-0(V{%(KfTV~>7YX5sb91RU)`74{2`^rSN2SC{(CtWu?2H%zE@k zu&v;of)Y6zHAOEzBOwD1K5q~kf<3`uw1|Y086~45Jz1H-9)e-IA!BaO>VhW-mcg3+ zwIh}5NY^t^^A@B=3yZ?sW*PGF{`;TqF@1ST;R?WPy=OK;yGJLx2zh1dUwpS&50v)4 z=XRkpTDO+TH${Zz57u0FO`=T=oBSj(Jz$?+FFs!uDrNH& zqnv}{(M}cP1Hn`S_KNO2{baz4MiQD;absq#8_`u;152=AFmZBQ>Bh?mi!?5PRjq^I4D`Vysjm+d9dYS(5GEI25ki38MpxaFv*Zb3I+wEXS3$e=4khvw1l zy)i_y7ywCDYNk6}6k84bJ_tJdAvvq^CZs1a>x7+7d@FlAubFl<2iT*9xu8dDNMRCy z#m0)*a*UNb_DwGRXxB^y@p@+rtm@5_Ecs$J=R9q5`7`rQfOVL0P80Q?c)~o3*3dI> z;KUk+Y~3;@(v3s`K-)qgi``p;Q#26i`anI_;zau(nj~7^PxKqFd-m34am}i*YVG`h zH9M4-ykNDvNz~J)xj1Q}nN;hEdBC_JfW%Bbt9 zlFUn?0}7!l9_Nn*$zfj?Nx7Mv9b4b;CL> z;WZ$+Q)y_&{U7`orMnmT69I%gN5W{{2mUAQ)O_^*F)FPU*Q4cn0YD4ailN@g0)VkF zY?cAwHB@;Wa6`ZK%x3ucrs4PmHfHbBkq|3arhZcX!|=(au(%pWlt)N! zNb{O;Y59qfdiMcLglMxvcYz)h&JGrHz_jkEMg?@*F%*@);l9F3`(XtDG@9X?{c{+# zR&V6O<)Rf1Iy>(Qrs{85^SP=<$1>PFMBhROu-nNQ#Kfw9gz! zZ{v}IC&*FZPj^1_p+4$wfa!1=1vH3YgJ0JPG7kJEpDwqqT!R`xqOJ~VDA!#^D4 z6$>|0Bh4AMuNFLuCfUFwR`l4YaWi7((UA>7CCS}`@#%XH(N#_U#H|pcQ3E2J(4dj2 z%I*8*%=2Bj$$)K0tZkHhZA7FyT4Xg!TUiZk8r}m$kc|zCE2Q&?@lo1c;8@<~C(0n| z-j6$>anB|4F7jK204HQT=&;@w+K&a7zJJp|$wPI%fC?9vf&#bNP_Z-fKeKZk5czB4 zH_cW=is}P9fp&RF{)MMR(7q@UZCGjjx^wFh6FmruWt87cE7wH@Y8N>}RIUU_30CZP z#&xkTy`30>OHae*tAqv=t5R<^5KghI4{M$ZM_c0W2h1Hs2TIo~V@xR|)b!)fxO|vb z+Q8tsL?Qa^=XI_;0b8#%J+ZFZ&=xisd@83`b1rlX`uz%Y_B+Yw#_=tgYz(dUtVw<$ zT28=Y%v~U2=hgZ3(iLuoVQQEB0P@2d_k3TieK|Uv)W+_`QhZ|j0-KUy;!w_y!&l3jQ0t$PH-Nq+9hIQvEm%;D>&oQkg{lr6(qVw7x2q>wkTK7XHSit8O?Vc&E+$6FWWNDDT zGOk=k2Mh`~D0oUNKDS7;D(L~z?76gB4yjl8bU__OxJgnp56_Td=Ql-d#Ct_hMYhLo z?h>ZC%#pAGeJiH$wRP~3W|6u94Iy+UXI07@WP1km#X(k`@`O9??n}PTw2}J6D?$>D z&NZGS8aq`)f4YKrgLJ4BHniSo@L9)jqrFW_`GN4KEP97_h3za@*^1xw`pu$@*qIz# zK_LTdzo1)*M)#6sUESuGej_ijV4;QhBR8TZ+7ns>q(}9c>12gHZ9S9{z%~e6cWVu8YjtA#ILS$SfqPafMUY7p@e%`&Gagpz z@>CjVVF$X2iB>##3AZ%D=I!Co*KK9#K4v6*SpS4K3@fv;F^o!Kr)GmV(P^~{Vv(>* zj09mv`|^h0%2*44y$N*C*E5 zdl$KZh@tXxt#cR1%aKjU@Cl5);4^BHCgR7Glq>oQad|}EVMjCBulqFT<_6PG#L)r$ zEwuzedn1d03`Pl>NM}uSxfobYHS}ex7*@#f&QQ?nHCqWTFK5J5V8-KULIH&6f|&@% zy2rKDxFjE7lb<2C&83>(wWmxfwi9y_(>(&VXs)Jc>G#X+e)|}aDrwK0tQb7>p|kqd z>0M<1l>er?KYl3oZZLg;;|}k>>@awT&1(hccjb43JY?^&L2+CMUqTqwhanX#3QzEJ z)G^ujH+{2=ko$@G`g>B8e}bxT1*$^6XN^BHveewgX11H|&xF|o>`l<}y=XS;GhUzX zXygsMJ67v3R&p^J^yvYq)5|9-Ty~Z%9>gjC>g%@rm%CDr1S(_Q*SH5mblx}{u zt;cWa$ERNwQYryoAwDyKt%^WGWJ%?>dzN(@JQkKsVmtitXc@86naa>mb`~1`uuHYH zi!?+Q^O!84GKWGzvAe)m6>MV>*E(^e@OT?^*0F&qclCpz3if1&tcztxFo5zKJR8q% zat$up4UZC02SKM$I~>gNvRgg{J)MLLOQFB1w20Pl9Pss9q1rCgAw*QNPx;)`+f#=X zc4tOVG)OzeuFk!BqL22j`~ASOajVy9d8N;6K6mN;LclI1ArhKq_pW+pAWyu2?fE}$ zf1w|JY8@0KCZuw51cE0&%7rY4W-d$p2uyl}D!#nrkMJ86j4g5mC6&B=$C+>!X}b=q z#e#ftfVetfMwphW@9jiyG+6QY!0d&%CKhVf`2BliI_dRVkU4026~feiIkN8j_QlS! z&mZ$GcWfHkOxNha%q1e`JC98!N*mg(#A=+jj zBS>2L!kzOz>FN?xVSxv7J!KR=5y`?5?>^U#+`J{u{ZL)Ge)6nNnMqZ@;+ct{djIcM z!C#1dDUxsH&WWA5F8)KKHyz0ff0X>rM3~NHRWd6}$pTfzXE*+v6WsKQv=&yHCOB+U zmZ_#n=H@9CzJpYWr|T1vV={dy>$9ig>CUbJHJ8;T@$*M6C8B+(j~}}E4M{-!W=?$5 z)yfcgMosxdNY+)I8nxBe7t|Al>uNvIt9wz?Sqgr=Yfd5A8O?i&$SIChBU~8Rz(V+; zf)Ghh6MP@mSutssmD^vez)W(1DsmkI-FN4e47aI|_k!8nN0+;qb<_{srO})Az?u#u zw+w>46=wX@_~(f08)32&SGkClbPG0?olGu#a!sEj71`qt@iNlmWq6hX@+#6^!4Xo+ zk#yfM{AGQRvL@dZaSzBcRbeW=k?$*L#Bq_4&DeDwfy?EMF`|kXm3`B5DcYdcRl83k zx+cx{A0bDKcu2J!r{|dAClgsiH(gM`6a-ZYL<|731}h|}+%5QtX`taP=X-|41gWYj zt&+X3ptdm&o3NXL-IomRXbl+oG(B4T4XMsx7jw&$ukp5QM{+vk3wuSeVd;6ogUOZ8 znT@hT+@g+B#`m3&&%fq9d8La^c+=przhkivL;``t_cF0OUWB6FK>#0grtfEz`Py7* zj_EY`xjx&cl=AmL@5N|_qJ6T_H0g7O4}L*n+gg5K5nB00(nanEF8<1>9#OrudHKXb zR~fxK_RE463XH4!q_MdHe>6;&<&f5Oiip8X!FC#W>^vgYZqB40A1%9fXC4}%zOKW$ z?b>iIQihmfUBvJh+%3_j1mP>G&1SmGbMWd2$h8GA0pOe(pt9fsk#D)(9|$U!Mi;9_ z%E(1gW)zE-t9ZB%J-kY*vG!xM((Mp&WV%&{_kFpsYea7Kqr-P5A^!k-@WxyZv1ZFO z$7#JffBDXB&BdJ1xQF38L>n!jk{S;qD_4%b(k*GRQ=U6c^V{8Yx-<)ac%$<66>{~A zGM>UV$FDvL}3v2!7m8)lPsY^(& z&kF0Bbr^-#`pv75zwj6y_IiX?GXQ=^SeP((>Ru3H?xtecFC_T3;6SH*Y;>71= z_W|igTki@uigc!(TU=2%tIHjE1}Ex{qXx6(O>eQsUe zWJ=DAk209My|^=PW7xaH>4mF@S%UGCzO^n`n7h&O9){;y&w1~;-@$qOmr=anNkJ~N z#!Ifq?(j*+a;c!2`<{!o2uHLrhBOyFa=U$bLGdsK;W}F>mA&?w=S@eU{-RAId@>T7 z``$Xi*oE!_blvYaOUf>48qEj00lhe0WI*53U!UH5l>#Vfs*5@ogwNKOPFD=k%w-6~ z9Q{7^5;)u_)l`EH{XA4!Ffhug!q$IoW1)G7BoXXamVN zRb0r5S!wBgN0x8sr0w{ulJsqOqX5wl7` zT|QYRf8;c$GA*K*f!p)%n6jUSu!2m>Tzq1|%(V%&$gZE1$SA*4AIV8_Ltu`GiYX#y zTUe-~1o$~#L>Y4Z})3$4# z<6fi8#~lwSPFCAjad7OkZe(@t9Glk#5Sqy$!6h24k4-x3&x+AQoPezRvz$Jw2Pe^F zJO`JY1~m8!?eW%jyum%UnTq=INV^Q*A&Y>`QLnW#;u!&34IkHl5=@Ts<0%sMxGMHA z$R%u@{cyKwoy$sbwYR4Yx;&pEa4jXzT?Lx>Ab>*Wj2#bm?oP^@t9t=zv>?HZ*-`boI5L{_neo zxbcQze6W}Kj)RF`BMkXc!=zbI6gllUY!d*rM{gw*JH?Q(iNmi7CjN7p*&@W6DN|oM zq5Cp@k|>sT0y>p^nFtiTg}p9DifqiXrAkmXumg~{T2(5Oxqbz~zS}+Dd4s$8s%mH8JIAXJhK=P}q%pJb&c()_&xe1du zldJI>kh5<YV_B-n z_uD)+KYX(h;B!zMf&-XkQ(5SC#xnP#4`oE_uLBgSqE|Jrw6v~qZoQ2<;0s?;7~mm^@1=mNc~T_03oVTj)~KVMI} zGVGaKJDMlv09=G!G>~|_yo9g&yj#b(ITx<5vtMOmpMm&?#|F66DjJ#N@0Cdy*9P(0 zgo!REqf`}KLsSE@JBw4w=@rPcudi8F2YhPP5DRwZUoN&vQ>$?>0G-$rDF#ladcCdt z^f%N&xh~Vq*!K7AOYQpsV|KL72M!LXFgA0y+M`)51d!rShbnAHgPVaY+}jt<+Zq1& z9r6W7+08|R662xM=a%i7{B}2$TRX5_TG-G^(VC3Vm`b?N|6%Vv>Pvwzd6w%WMSM*)&maH@$N z8TVwk-02ikU4_haRO^8l_BPy452=(BwRs`mqX{a*ej`(M%k#iNe)1KfnK}yWv|XNj zz?c-?>1A+RdGMJPsxqJ6CIz=a15Jz|zPk_pdKjz!QMKH}UvS+4|9RKcaosDUKGC)R zz&=rhf@MDa*w7Z^pnDBRMN0sF2_|B=KDv^98fi1<{u=jv^C`ZObm_t|_b-ekby7o< z(&aCkZ;>{(;ymOd>SVHK(Wk4^wx|XCLwAN}D0-t`>wqTLAkCij5K;kX0nD>K4thZAV@u6kp^>Bmc{gL&QEv)8D5-}a zzJJnptBhHaILua4E<_r-4TI8vh11abi#(K3eQSf$suzB7kvP(vzV*8|An^{=RAF_h zZ(Vg?5t#MWj;_9yq^ej98?KEu4F1-e@k1x}*KF-^7>TbU8Ppmo&7-&Ds^W5B4>hDd zTd_UzSz0$A?4K${|CWzqsV{Aggh-(HfdY&b6LZ&1y-3%l4NgPpGDXs*X zu{O7Z3j4g$mZ4)uSujD3EcNAk4#2_R^s2o(oSg9dyPbyw#XkG+0I?LcseqtAAL{l zkWggNqQe}gUX!bcF%kYa3P)_2Ux%ha3`?LWHiQp8H$?Zbapsa*PtnqA(?pu);&V&Y zLtHKTv}0FKYze@FGp!nuW}^b6*KRVnF6$#Ue(~AsZ?caQlOT}l9>RwgmUxvDz zQHJM*mRpyN6zuJrI(hzs<#>b(!Rp9o>sIsi2HlGuU?2_dwj5HTz1Si5iCeb>GA!D! z6>V`dHk`?GpU!o{f7>lWPdN5%wq`HX;S!FY!n$-kv!PT}7-T%5va zl}=<@Y~rwrkx$Qc`#a?kbj$3E%5w_rm#*0{ioA*De`EwKyIi{zop$b(3?ot)-8X`z z*KMOQPar50|IrhW8(#!Pd|#$p=z6JvfAC5XuR`ohfGVdl{02%@u+Y z=1}tZ6l)XAWT$Czfa39DQoqPjmS@P`8=8FsNyCl@HB9Rkx=BCtd^c3BulFpy5_xbni}i)EUL31PV&uwJH)URN+G#A{*Ow`b#7H{`==uCrOz371L_U!94QFI(3{3rlr~m0cPAmh}?SR=yhIc$-_qx9)?wR?7Sy3N|QQ)?plM zafgnsNwe9y?pe0C293$1NWNf|j(3`*cj1`DWDzeSUo^DD?C`>V7q`ScoTWnZ6TRkz z!e49{p|4EpM0@v^%dO99oDqF8dfGcQ^MS1@#RU@IH!q~|7mO+R*-v2%EaRHdOSdV8 z*D}L+;wJ^z9a0Fe+$?+2xk*U5CZ*@85((3TbRKRY)U1V(BB%z$xJ)7U>0pzv90-$cu;s=Lz zPc7aM88M0l?p#p`M;Z|4EnuFr!y~`xIyr#hdDsWLH{_rH_uTl`gwJbOA*tcSjZHTp zP&VZ$Uq~Ka$e6JGr6Hk4psm6T3{gNBPo<__!(o?QWYQtVZ0CPnH-jXgud%{JaBsDr zZ|iSEP4DOm`lC4*ZP$xHi|We?pt}4e4gc|0qDS;ox|zNxe_1c`FmBymdLfJ162ni= zc8LZ9wHY*N>p0LhQw1+_%aC8(Q}y~a$trIi@W?A3yo%!fOaUhCr6D_ zUkY%iWygPM$0KqW1aef<Z9Vd>t%SE@k5ldf~~_0Kok9}n!z1(?YH`-4AS&HrDnVTkH=zqW3`nO*=b_G0s{ z^ubIG%WSKDe$6}sM%+-@Q7>Nj3-K_}`TWYyTf^7@!gM&`=qY8XAtT_Rw!?_%yA=@@ zCQ$s%FS0LHE^%NPG%NtYTL)C*t=gn?`#T;u6*q-*LQ6fx^ku$KPO7}lP^&Hh-j$F@ z9v}S7l|bP;s6V#o&tARO{?&5B3F>rsp~2yBu+{V6(-8;kNI;T%YLePGTEeMn*dD_| z8>PqSAaX{!G-cSXzD2Xjtt<+2c;H$&?13K^26-%Bq==RFC@2Dc0e8+t2j}GILs2AX znGPAaE-ps(6e;{B(B~{kl7RgtTF&is&24)v-gzPnT_d*TogOlKP+nC zM)>Zi(4Kxby%%}zcXGtzCqyWeyG2qBBAW8gfkyT-`LE6o8QPcavmRGvhdYpa%caSK z0Sc@+uOwJ?ZXbSSw`)zU%g}Ey<=lZU7P-6I7K9P^nI>)_`k}M~bf$3@{tVYoTtF%j z5;vDUotm$z)NH25F1;nW9xG(|Y$k4<8P~t=mgvmha3l)o(HdP4U^WsCc`}_67~n^8 zJzU7SQ?9;WLrZ@i#Sd<5OTZAaJKppeP#<~ubQ|aP_!wI1qZ!2u*L4Ri^Q6d?rc)$h z|EdW5+Z99+D*LG^=@S2>0en=%4dc5da`N27UMZgs?ov4$V zL?>`FK%mpjhVEbpRHtT+PG1z?cG^3x8An3H8;a-8T4IW-9t{$WPzoPa*e2fr?UQq@ ze9CWoD2SQJ`0=z4|KOh#5lMX~gKkBysawN`F-i&hX`bD{WHB-RB7tkv_DeW$Q?bY9 zf`ZGX%0BWq(0g;^F5LiKR<0fl<WWh zq-&-Db%3eHyX`(cz~)JShb{7TCJlz`$RN@5S@t6p zq`}ab$2F>p9FK0I_gB6sduSdpY!3v?^Ob})cZV&5@&Q@2RIHA(#*OrYUo_XH@8eLc}7 zkNzxEALz-|iFmBF{cfOFGSW!X#Z?0p+Y-ZSFOSuaDqq~5thI=Y`aLJX zF*>#%M|`2wg2am#xyjlCVrTrs-jh$&c{)YD{ulXf_&<7lOMj&`T3|Fr#KuBdl8+;5 zv7{?Yi}`RT*{`*Tm};nPsR}Qx3uG^;0c;lp0g?G~It%yDO6GrntRyoE;L_D(o0P3n z#9^1{Z);-woRO5v`&{n%=2J`5FHXrncW==}J4PF(a@B%VhNQ>sm{R{6j&}n*D#@=h zTp{7MgA{So#_pp}*bbe6t@Hvo+XcX-LqUJ4805(zAt4ieV4O}RC6i<=n7XA)`|1)j zRv5O1*&fXE*2ptxu^G>+K0xUAjad895E2@>({qZSuP!4n+}>`s1s()+dNJ|3%;7$U z^q~z3icy7i<+fb?X@vZJ*Lv0RJhtM$@#T0O1vST4cph*jForyjUvVr|O0{pgTe`R+ zt^@iZQb4yECb25WaU?d4j z&N`{FLx5(DPn!7t?UB{qM)W~CR|8;VK|n#_%A(Z44vNQNgHU(VeSrVG<8z7`mN!xeg^ zj&t5a=*Bp_wrgDc*6^5g1y@A?Am}t|NVWAE@H&_BM|{4Q$2%A270v4(XbmRoN=+i^YS07{w^JK zl#{m#fw+0{`PR4(bBIch6|c>ZC|m(!B~t7Am&@cIi1)Q-QXk0;POaPvw?@!Ha7j>Y z4tocl`>x56E{mVhKt}Jn>SgcEqi&LEF)Zi2m4pPI#)hy`bzy4`s0V1a^oU{Hkeid~#_CrNHIhqc{29>fiw`uX=I08jE-7fPnxxOZca)!k^yhh$~Ne`AC+7 zU&LPi4qW$S?xue^4}@w300!bAz+5b!g1YGe4K`OFLob}Y%6ET}fDJ%wNP+(1!} zS&de~vN`x>fI4TyE#~u+js!vf)jw{+pT6=U0>|&TJoL`d zT_#Wkj7e!)9Zy@0x~)r{D&V97a-AoL$%7-q^DdML!Q}jPCEsQ$wrN0d1}&`*o~2j= zSoX7T-F#f$;;T#E#X{24N7mz6>AObt(u*^ZAiETIG>c4EQo<^CU8MTsJN)UZ8!Sgn zoG?Q`{dcWnltA#j^dGC$*|+`UcEv6 zQJrk&?JvYRdS#Pbt+QnIXb(r%pEA+@gc^a3%TcA%P75KDc`Oz`ia=W{JC#~LF0mRm zf#bTHtR2d#MgV_TuOuTYTOqoW$4nc0fduH%!I6aZ7f?&rK%yf$iWv|}rYh@|eszO7 z(^sFZ>fHFcPW`x9;W6LH$GUK>yc} z#1f=SWTz@+pXK~d*2O<=PgPQ1I2m;QDgTc`h3qQzV<+6Bh`fAY@KbJGhk^7oh3|jP zlps~qvW4KI*$+#31|!kA9U7S$xmMwv8gH{{tgiB36;vs9G|$pVi3xYq7rDlvtFN`f ziOoeF@u`-^d#3IrCnIp(nZJ}Yv0?T1fNB!f0%W90*d8}(r))*~Zd9g5NT5tb@_eR& zV@FlCc4co{E~GLuoL5U2?JJV4%8sBSpC9p91vY6d=xV)^?ec6Of$A;wV9e6~;D$!j z3LMz$R~%M8HF_SA$n%sn+oh+;4vQ7n(Modx8rw#AO0Wu~XiFJOd8lcaW3U*bDSk@7 z$+TM-^V4EaLjaJGFMRxT<_Ao9{ZQ8H+qhAJfB6Fn5`@`clQ?63ppfMdi*=zi=qd z9Fx8`&8@pgP_8b>L$=%`HTZImhH-lYqvVMDMiG&@L_4a4qN zK_O@7$k^v}(0I=T)DUK2p?Rs9KVPD}dfhp)%&xU;#$)*fzEz-2Ok(>krm2VlI%_)G zHx?hd8^vctmWUmk3D=nGa}MCF<;+se%Q0&IWY%$7gR<3vY>vlaA)oxp0gNaztJfwh zm+{b)*gt{bY%|juJ$#8j>&>A32+8HZK`yzLFufw{6sw^E#ign#@kTR#c_A}M^?hj9 zp*;lkG&CD;<99cl3-JLq6e%Y#GccB#Q1%HXAaH+1+zw~|H_xyiaoLNLRrbZ2yqv?4 zwJ`Wq?u!>DycR4?>@mBg=7UPR4!tr3-6Us_ZTejOre6+Nr8N;X4Hy(KVSiRUx&;?fY;Z5cJ zuLt_88H6#kqlZ@{5Dzfz%GD7_X0)zgl1`c)9e%?7Gq(hy43a{xo&zbXa0=JP16o2T zRsDM>?@$rLVbz%4oXasn8B;(4TkxcxgKoX+uGsV0x2Ks2@fGcrp=}vP@d2A|Z%%*m zWF7Qe$yX5m{4IK&789ajIW>uud00|zRKS{N(|?zS%MjLbT_KuX*>Qf%ks7zzKAy6M zt@yU34LSc+o%rVp-o{%jt8?cYpKiQA{@XqGow_|+I=;7PopDj|W?o!Qxm$}%^i!hn z4_x$5vQ(?yJC@@#8LYZ$W($OHx1Gs%p-qOuq8afc?dS|jwir5nqj38)KTP~$Zb7|Z ziv720hG+5B-SLfV?OC6dxpU}ygu3#25#FIL3IZ2!nt9hmieS0r$+vD(ULn(UWNaGD zwYf@Zsew|&M%82~ac12^`osE@iibz?onspd_S>vo5BXL>G&-y1Z;j?KksN{d{nVq7 zg&mksu)P+?{y2VP6sOFB;4LzjbnXOaA@TcZpu;_(Oaeq=?dnRGrh@k^UwjRy(} z=9+mCuym|J^<1(k14`PgIQy5aAzrl!GFdqNK>w+Tf%T$H^`P&sPq9s}75;!HJYvviD|a z^7R(xR`ERM%S>&V>=vTGBSc1dc788JhrT=80vophhs|hz8Q|*=6elcZZXSyHc)PS1 zVF87*z!|SplB1;Ss<{3J;fac_b&AHK;zW%C^u5)Q2|ZS7|Ho#L1NJEPF7)qz)C#;X zT#r*_rMD?Kd*2}T)R0D$3Kku*P_*NRT@9lw2xlid>H3tNFrlirI`j2u=W%l9#kt(e z4Bkq}`7qhK$2XV1*;x+tJShUNU!h~Xmd;RN*viuwtv_kKhhj79Ajna$b z%b&jnm?k{Fe1Ul$Ax2w)_&^(kpH|YfDt* zEmP^PRcJL-F)YlbQE0ouxMOa&)1czopBkY2yBENHWaj4S{oM=?$QfqzO|nJFpkvSk zJ+W(d_BIe)2{2;DII>HoEr#DUx3{{-@vQD9T_pRa7Jc+W&6bvslQOdyV#xY|Nec&^fQfCOVI!rf3w9wGa&MXU zLrC3Swe_h+cKSjo`==ItuLfqF^=<6ymnzq07CendI>U?QLdARTVYfGUggC;_>r**Q zL@ci1x*@78Hr9}Qx1yZ%&vKNiKd<*av<99wp@Zk2O8!9ZdM3xOm!?}@WlL8`*bL-4 z-2T27j#QArpSk2%-dV)6T)jxvX!8=fO09pQ%TUaLZL6~Hjo;-|Cvs0`uzcM z*2s3~-0k5m(^i*6`)xz!gN#`73{)YL=<^1B8#PXi_Z+Mx2H1g|<;o9T{Z&Ht?-zVW zt}n;daNLd zP?{t;v`X_%P_3~}YpG(KgW>tQR=um$91jVbvMVVMp{V*&eSEXx^;m%*%S)9(yV2|k z*=?10UNWaj{K7LX&T#HUchTM|lgFBQ+L{sBI-Dn{zDW*(qx*1gWA0gx(UBSTpAh(O zL2B{}Xke8|lGl0tnnTo3pX;l#46F=6(LnPfxz& zN-kk8Pts+1G34@>Z|0V?G3+`>LgiR(kv~y=jD3Q^R`->&~q*-wS*-qhPW3-ftlYXYzQ+7yU5MB-a{1@l^FD=Eq z@g|O2wa|C-B31VjKGzIS)02m*A(b)XSL+u7m7M8)ztgpEM&6otj-PeM-}5ffksNgC z?N|&kNH_|KzSKNVvJ|7%BK5nv%Kf)JswB&Xip2abH1L}2KKeiICQWcR6}StYKK<*8 zd$pgk>MLkjEY$gCzqFNRtbLk75<{WV=XY=>#UoY3KE``PugQx) z5dE|&Hx5i}`Qs93jDFaNjGZIdT99Cw@JzIDZD-fSM4pi}qiKM`V^p|(0+~V^Q3vFy zay4*yT3(J;!HiJTmQVrH);*XjU>ieLm&shKEMDITRlFGESbK$ZU9M_K3|6f+!*w=( zzQ?d*PX91U44cpjMp)kszcHPc*)~Dl6c%Jpo6we8J?)E%NNa1l^dGb9Kkr4BW)LFZ z^b;GE{x~()?#p_cGkb`&QaTPh-x&-dU5Z;ZivZyqx{yn@a)wF#dmMTa3nX9Ml+*>smPGTOYR}%HY1|Vb(&~ zSSGE81ErEuyg*yP2U{<<&P)~ka>fPbZ>MO(V!|((x{l+nj^Ufo!*%in;M{$pzC`@sVX@Z$#CAZNs;ZYd`*pL z=*w0=tpmP`=7Q5WoU?b{Uxg49V$CU!(kY+Zq zEAD7VMEWPe>8l+(=T7o0S`yghLR^2tgI@XP-!{`+-U|(5eKf7GG!P{xb|&|4p1?m! z7P6%$cjPutMve<8{q*Sk>4=}a4jlK!HwrKQ{CoXl$)56nZ@8J6<;zd8^dA*ZmbjxU zqpRy#_8|a>foi}_&ljiv;tu+!NBbTA*aAB{IwfVlPyfX%?(8%G9bfj3^Sk|* z4_$kNQAMS=>;7Uv{m+M#jRJnSr`Jz3to*c`@kh-5-y;64RQ9JI|F?)ggLl9E?teS+ zr-AX;?eo9m{KuvG_g7y3AKZy7?xK_tpV(}?hRai+-5+fhSO6*F3eZhZnbiQVMo67M zzQ4EfU@t56_UnSe8y6JC=CJrYFB`v+8MOFy^ZZ``{n4H<4zLI=U9Eo zE+q}2t`ESpQtoRIg*6gx2}u9jH4pIgZQ9S}uWr4{oJ*DKy5}9HV_j9I|ByIL4cQuI zQ%&gDiWjkAn(JE?E@y0J_C8U~+0o$&#CyA)rFMj%0NyCO$N$CF)+_bg6UwGzQ-EUx zBuB;(3eo&~%_|JjZmHzHBT&!QII#&7)}n`Fa3Y*TMNHPk9=JqGwV!ieCXS^Z$%@;J@!j4iQ3+5wQD2ht?X7q!*N{BYm-}& zmqHfRkV@s)ZCVz}#@Dkyt$hA*6L~#43xX<%!E|%9_s7NZ`KgmidsXKi{FgZQ(1R$0 zP1bp1R;9nfIm?|0w4lyX3Ny)g+@|5u=8`}xgbkHBJo@GfO|u=pEuGjIeDwj4Uqx-* z^P>rFXt1(h8N1vMv`abF_EYpF@z$mdK?eLL%{PFDr+uK!P^p|!oaoc^cP-Zdugfve z)y9l$a&MCXx;bA|9Qg5Lr)sA9s%TfOMI~VB4Ni|>+hT;+Fet#_vl}ochLxLjs5&SQ zTH#-ku0Qgp*KjxS8K7YDG)w=ebhX@J#=0^1s_F*4c->gse3 z@uk?up6+LK;%4S8FO@qj2Lmsgel=G43nJUm->hx=RubL)m!114_J3sJf9&zUzB+r( zOZ|LO_puRywvA%5<%%vtKq=s1c3a7~B<&_jW1J>G1#M5NvOb0pD|4K)cOHL@T>zuE zD^tz8?yqf+uBUn)mc(-`;U)rQOiNBtbKEehb6a5YobVS>l(qAwR0_DXo9jB%FY3IO zdYW!6K_OOHO({`&@ltUf{es)~ce(b9MX;d>dRtuYqPf#(|IS7i?>)~#xAhieh>WMf zOqhGT=&CXu-?K2Yv+bza?xO7xSLBcfz9qrO20N|=G8L)vk7~#_8%u;ZV@yPk)INCNDbPqSz|T8?QJiHnk|G;o=CYcM)rTHo zQbN$C({qDPLBk#gyU0}7U_^pq-_IN{{yVdlC_8^=B``3lcCD@%L&E}L7!(fi(U%wv`lVrF}rV+QD$1$@+-y& zs^;iGT@TUj3w?YYV`Jdr+Oqm?eYiX0$k6BbG8DXRJ|r?YIJm%e{G2mkvt$VUZup|i z!F4)`Emt{U@2dXsu@W#rpGF9I9z4Sj4H289Xk?j$@aT)XJ|r%$@+JEa$)o>N8Q9_0 zx11X;=4QidC_lHx&wCsF6L|i4V}1DLEn_8xB3K&Qmeww-3R=Sj^K_~f>-wy&%B_Xn zkZkQw10<*jOpK5vY>cNWHp8&Gcs4NN@|`!0ugK3YZsk8Ec2~->P~O{}K(*ENnd=M9 z_GMv1I}4y{CFx2}_ZCojeSH3O>+wU*Gly1hOqYhr6t>1>b(Ot+@+yVxT># zODa(xyz29+_F9*Ev$O^c9(cdk*`Uv>60b3#+gd&hh~_Cuy}+%bt=zvh>KUtOYa2D( z+uWWY#T*Vi2K!`_nfAwh3@3r4E`Nr1ii+~AAzXvgd95)QL2s}KsPEkT_LDcxi^gB2 z*E?9PHyl=wW2~0OlsV8wu|JK(91u=i)5?we^ya2%tDBhXR<=|x8ZNLs0L0> zmKeFUnCBFT`u78ByGx=9B}=nEb8#h;A+DRi1>wgS1xjVd7H8|0bo5s&6?CSu<2J`^~wD;6IB3$&HYRXhywY4HgY|7_OL1KCYvGwVOTWUIy0jWuv%I z-bkQYTn1#b?>(IzO2)Kxe^9drew{(^BTf)S0PTE2XWApAHjOo@@ITX{KkoA5B)55j zIEcg0N*|Oi&+9wtXw2+{pMGr7JNb&-5YwF@gTe61Oh|E+8=@WMws#7koWqN&a9WDc$m;DgH;q5`!N3riLRmb! zfmCAG$b5yOn<>&O%5qs65-WEftGU%*VpBaFV56^S%H1FuPiDu$!7;s86?6Aq zxIGmv45ic<#vW=mrtUX_48XFVqT#X=kkKuoP<(^z68SH)pFW>TZ4$cSZHngScC_d* z^o+j--1%ayhS5^Jg6WasFK1`{j$`YYJ$XJaIS%y01`!WGJ-hc+AQnjcu8QVb% zV4p-(+D))^ynl$C70mP8=j$QUfaf$ZSeMo%#0YVkxM;;QX<{=||8G!ygte~afW$d< z(u$WYh5)0(R1-TW^aovi5CCkL1cvuMTVIlVexr{q873$@r$Cv- zIN2J{IqPw|r^ca0p}ujhTr+1r+0qisSZ)(Hf1!#^jg!JN>!v|a_s{vBR-SRG`1g$a z+K~zW_o3SZ^GDU3W&z&8G2^>;UsbH!rZVr#&rOvJt*dP9NQtCL>h_3Vn?o+k6GZu?fbkjYD-*x_f<2s2y6j53strhMrD|$kktt1Z2h6`)j}<9ggo#(r*m; zHcWUW+!V$R^-hZkE`?%>Uu7D0?h2SH;bD1QBjRa}b0Mwi_{^>f3$Q8x$Tp#A&*2wgvWReFWUJg-5c^kD@N*wFAcyzWFtBZ(s?S(!@8ed>~LwXYuy zEy@aCxl-_Oyp|N!bI&hg4`!cX)EyAd4sq8v?ns6%J&ix;EeE0@9S~JasFY)cF(m9p zy@^)+1?JgS>dT0Qf9DzLiGjk-<$|p^ehsYO>2%T0GB5#X(|b|HqeJ!Ojr#%%FCJ8r4~q2c$Zc1GRkP&Z^Adm)8{3g*ZhQY=?VGa(BU#&(HeNLTrO5IL>72 zqUV3v)|FsepOy0d_>tdQx%%(`N!e%qgfA%BQrx5|tWh&w&^+e-C9x)@T^9f&V@dl^ zGZ=oSC882e!{hA$9WL$49LDh=mEsGG+UJytW?dp|Dpm{b-oNjg>%7~9{=7Ww72N;)8oy0?=5sC{Fqev$Sf}zI`_3v3V&Tee~_UEkK!?+&a)Tsp!qEfQ6J}YJ zrFSbBnl~W9-v1uoFP{fV#90-<$G^pI+`xiVPK*E%q??QmWf}-fpsF6OPz)^1A(?}Z z6ORM~QeeYuhtXo7=@-CQY@F{o9JmuRHLJfi*~krOO`k09&Ub?@vuiA6H!#@9l~~MB z@)Lg|YvVkhK?@rL{=ZL)8T3>5#9i_R(?&2^dD1gWxch+7*7C`qGiR_15XDuF5F$Yi z;8IbqK3uLPPN1A$^8xw7kV9Mi)`-xH%v%}+yO-Gm8&&uNWe%;}*^75Zcdm8~DD+mX?BPU7OhvVNO4d%_4@6<1WdCT3OM$0aHiqC6Sf}59vj%5zOfK?{q~*(}rV2L~zBa0YKX3yU5y}bMve9t}04bUdZ}VzkRqo<0>=NMS^IvJV!{Jtl2}- z{MNlnl|Jr4CFkB2C-JASK1OlUO~N_CxQ%}N;I47wwP*oo*oH|)m7{rA%&X$4sS^as z*X#y_#%pV(xxuq#Ovca9jmAt*Kq_>;tGk$8uQZ4}fJQ#Q(uCFGEN@?OSMI!e=AJ{D zufZMS#J%$h9q*6QfkCz$U3}t5&s=Ct>ebKxTBo*!lI*9t=tcWEP?Ox|zG>d69x8>d zR|*|O!~GsRDSQ6=QH;DHOE$$y)G0Yf>WJqgEcM=y~3>3qj@=L01JARQn zG`{$+s*kf;AS&ve4|o+_&UsB<1x5B<$y4`3 z9v;`(mnub!ie<_@mx_|dxjGx+=S-x{;003?w(^oILAk`YhOw+qAN zhHKL;+~!>c+4I!5X0H6(0?1wgbTqbe0Va(PWCdvdT)#7#Wz z&m;eS_Gn%~;IU4#UyuLS$PJ!N)(w>KC%VS}+f2ukuhhXJKNOq$_vHWumG58*4_)G! znLn@6A9a>LUa_PS&D|Mb_}df8-8jowsa!>m_s$+&NsN#BI=pVbBy}v9Q2|CiVW{j`{Ps}U+?%X4lTD5UpM@>J4TaX` zg&KEF!|cEBkY{Lr0Gb0mgZW+%`%g_fff*r{4@M4WPaPEwVBas4L$b}DcICcw=&RDq z)K;=S9HsmeFc;-{01ep}un7hZLO>eSc)&;)71xncZ@eX=&FO)g zml8r9yzewiF-qI3i;p<_h52(#T?*KA+266FyJ=i1we=8-XSGQfLgCeHq?CO3{%UbZfk)optvHUKAVk$Y+BAh}MiGZ`K=gVeS#m~61FHdMQ z7C77^>CG9vK?V1`zp)&oX5H@@kD}|wja1?%F?scmS}*mJKPF>+0R4M`@f-~xi{$?z z^yBM&*h>^MmGW7RTj@!wLrpN-i}kN5RPyDx0T(7j2`#Vw<rV5W0PSFo6BT~wqdv+a?%33e%gc>B%pP#uQDqDasNaJuXuukwla zhSC@9Hj!VJjgZU+dD%5VB{GGdN()WZuD2F4mm?a$__U0WbOEXJp z9thJ#P&vBmNPBn&8DnC4awe=!drUytHM8HM7-oPQKwp1&N}ZdjcW4aUxgI9+&Y--o z@&3^HN~}WB4yw_F{(7JcA%s%3m;bZk;$WF+TkCQu?rAyx2{NEFT|=NvEu@D;EI!$* z%{p*91e9XmZ8^m^%EJ1R0zh`8WzrIT9oVqNwp?+~uJ>E(aP^)r_7f*mNR>I-%V4~)lL$pNcJ8}vlnC1{Y>ZbhNj~pWQqI7~ zFXPT~?%=vtH)G-wL-SVIwxY=3GS8h}4DP>b^cY6NeByo81Z)6G%IgDt%pAWtz#yl-e zS>g_iR(3J%qT_PBYPn_+r^K<`zsxcGHLM&z>Xt_N{-#>GX5&?1GT#IC1lqgXTt#AN zWQ1%$aA(b;S_GD^y`D}vEbe7xhDbH79!N(w%3Jg&e;OKDecGRI7s{nws_wQ4ZWz7} zb4_A)HAT&FS7tX8?-zNMYuS_+#TVCRFr4DUNV4Q~r9@U{&%Lw?Lsa#wW9Eoam#~Xs zOI){txZzAuE112MW_ajiWvl89x#Lq|^0Jh#ntrY@c^=s{GVd51qqsY~ef}BLz=Bzc zT_^Q%HlE8U{Zh}14<-s8YrELwuG#spT=9`ys*$Ue_%ji9Y>(8D;w`4>-#5AFQ+wvv zH<_%f=5*TBR;{nk%v@Nm@s^C{(H{_PQ%^L+MJT3XQrZUC^*n{5^ORn!fi1xA++?`L zLBLm?#kr>~Q&Bzxx3{J=y_n8@cOfM=;Hc}&e8O2mo$5nPmHUaw?zyhw`T-$wr8hwl zx&H|#zgAFhRHZwvKD(wc@o= z%K?|9=y8`M8VzL+VO>Sqp1ZIDi9Q)N<&ye{CKS-B@wc`MYX#V$_u+mXpRy+7) z|0Fnc@dvbJe=ydoJJ7#ym$Irkju2RA(Q)mXNTk36#9&(l_aIM(jK1Mxq;Ai5&huS! z71r_e_AMIRivyvt!Zx9q8XTg?mmcxrM#V6-vS(uKdLLhmZqZlJZyg|oT^$H-6jjq5 z$*bX&%6IRZpy)ot-f0beZ%obO3&s9e6d8c6T+|By)^v;c1I~+N;Q##!%!W zb!hkk#8JnR8$DvaX%W6yOh!CPzZcy2=HT0s>wyYV6Fzr1u%7H`O3WS;J~*=}axZTY zLP67Plb+=9O+k?nKT7U?SlRCSqUD&=Jg&PIox8N&CTUVXcWH+DZ>Y|zn*{(>AxY@c zFGv5v(sRlT0Z~_%lhBx3qqe+Flca~X3NPZ;DsE<_v*~x?tAS)1+f}>IxmWCUc6qd& zaCk;|b7%$EpWv@j&6o9%5XvPx0~a5BLKMcSnfpnt(PGPhF7U3r*n5v6VxOc$KNB~)@4VLGlL|PsKoM!O+h}}$-VsZM zSY(%R+s?Ra;s=S;68N$?AT9;>pAVmkh|LW>3XcobGZWIJjd)3P2&C479NZIbs&mE!hp;71$Uy3r(DQJ1;7DLnm2V zC3d{b=FsbfPqAs6fwNKjV_idRK{t!9sdIOB#_skI=^Ad?v&r3QlqaQS&j;<1fL71? z?#iLsw&i8*gLk0VkOn+a*9ZP|rdcI7-z3}qdARIoJ^ALBUCh;_L$aPs6%ENlSQfN5X(O%}g4~Vgho!feF>PtebO^Z?&5n8! zN>;}oBn00x@zrd3+Z@JjR6z{y6FtW>04smuRbt}sJ^>AeBI#?GOOg3 zgKIgkPEX>t=nZ$b9Lo~6RAn$1w&{I)l1|($wSsR&f7fg$>3JST?(dLJHAL1I)b{#5 zsij9{L=<*sX+3IkadQ~K5=+>QCG9_}n#xW~jvmN~2(;d86`CqM5|qOn{y zbA~9)D@o;7{_a@8DKoYt8bXqER5INIao7hn!IkuWGjK^1`6LM9bS>V*l9Y>Jy1$e6II{;2DCiXXD95@&%B@qf zwTtcpivVlybCrhAo66tC6BP`@VUtL5&nVgHa)gw4OX0%E)PX3RSS(02F?72UNAK}P zW^YK!ZKFX2V%{6wy?GZ-uNY6ieYjNGFO|ozyFL}3cb_s+SsLG@v|MIQxbJM*carX4 z+?1_!M0Q~Gc}}-L*9knQS5+XPXy$q6saaZP54`#N-CD1Q#o2t({;eM~wX&{(5PLyi z&3-ecXelhe)p;4aZqj7J{oqW!L7qBs@|TgN>#i-4%oNlWqOgq$FlmdxLp8KWc75^q zdOi1IUiedHw<}rA8(#oq6gb{p*vfA3_YU;K4kC6o*)li|LC5#~6h420`0XpAFxM85 z*!VqQVIrM+yy*fVV0`-55Lv4^)({+3ldAOSqSdZjw|1i9h*0#yRZ;|#=j8Efx-cN} zEpty-v`i*TH+wNBAAXv)mtGRF|NLd7q{sfNoQde*ss4uoD7WwcM(bew5?a3?w&=Qh zxR1mrx2HmaHS%@$I$G0=FBBTy7jiB!l=qb9_U?Cwz`^W?EiRip5Ps9*&!er|gv92k z-I5l)cnO=}eKB}Cp+lkcI+Js|NwZ4{<%avhZ~$TQYLb_XX_JQjx+eB&k9l}t)Ugs8 zN+pYqjJWe0T1DnOM^N!Sew?-+z|UOf{`^~vgViR+E~Zdk-KqgZnR`7?^Z_@_Q(d?%34ke+b(W+R(0#v+B@e z!u30AK3|%9Fm$@f!L+S0MY+;U+4BC!>akSK_U2}Z7TPpvhE4x?qAf4{VH;{NsaS2^ zVeR$Gh(unwkJHi+xBKYx!6n>J}aEhj*H2)?Ys&3R@+&JM-5##==Ve^^jai9<8?Yn_NYmCrK^L!Y=&^ zWmt+%kFRRI5y!@W39LlJg#K>4>N*%-9Z`>lpDE<5-i%9{1I4MksQ11!?2{!+Aj7^V zK#vLIxQsS|K6~_;Xm>%qh@A9B;3cVfvWpaxZMb!NxWbcKfpxof241-~1NX(4w<57~ zcZ4p^=Y{cT3?(#$3z*8{F7M&4UrJB|(tw4P2~3!j!}K$noV+<6p^vy-kM1+r78FqD>#n^^ z;2rcVIf98!gwexmnT~Sh7re>NA3Dtt3w!gmm*+q#ecvCNq_%wRJ~mZI=U^NFQPcDU z_?p|@W&1+Qz$TYe!t50~USn%lCa2#Ao#RDz|>IX=$C&sxRW=L?d|~NW!q7? z!5Q}gxpfNFJ#JbK?OUaH>6TdEslhqS`Q(5xUlEDT^kPQ!9=w2A#lQWjeukweH{hOU za*K|5)&FDfJHwjH+HOS@WfW0S5s+d5M4D0sq$n!ANR^HPq4y>=ASxmtNR<*$dXEx9 zFJhsG&;x`fE%ZnU0YczxoSE-)#(Br<{5sdUuJ_M4kc8}KKl{1&zSq6(wO+im82>Ci z6#-Br066(+zvokx=2UAa_)0fNTJd^t?0cba<8%iXRjS`tVV_#Cxv)c}M)d;xCB8YQ z`Pb-+gf7Nx;_JWBN)zv0ESF8>@+4^U+ND3hL$An1u&fRQ`hSB59)Pt70%R)HeZORX zfi-2PdwwsjhE{5IK$$X(GWcj2PG7|Fl;e7|=b;FlML)^#yryJvq6p z@lI$wsip?}cfeJ=H4j{2%XDlkXn-@j1{4Iz^9bUq$tb~3XEjs z1#4g$g*NO}V)hMoIQ0TuG|{$zZsG3*s>sI&yRyf8l-3G?Bp5%SDtWGd3T=*tM!uDm zj-jUGXlO378r|{s+Fs_nX@bj#*G5N3z1X~3b~C85s|>$dN=tUiFeuAjTqhGfV}PY+ z%RIzBsnDS8OXahoZo)d&QJ#90#tEDWLN4A7dqHQ{Lu(H7cz7he-9%YiAnr-?%fNz5 zTgdfIX7hzdn^TrUuI&w=d=HpHuZ2^9f`=8!xm^sN-o~gu(YVV4O20yZo!8c#F5_D( zj{RQEram%rXz9oqzF4#z)E2=h>{_ggmZNhxYZ|^}v=mKZ_154>;0JOxH8om!_xV1= z)#kh7UFu*i?gJ~mUC?h=y~aBa4Yysif141SNRvGUiGJ#q%PwG`<5gnI=~H-Z`iMN> zc0~aUa8b22$6wrHW||jk$JX7uMkuuOSN{a#9DryJsYQ0rb+{P zJYa1G@9sZ4#>!ynZR*GGw>;&!z9ZpL&VD&~w<^8HmqFu@|Tw?Xze(F{Umo1P%>@2Oe`&?W=x(&A5vDC316yA4*)0P6|){{ozgc|EDu;=Ae zO^%^AVKyxzLBSb(WP{=?9m=ddNWZd50`>Dk`nv_E1Q1IMCC z$<@GE&{r%|q>>UZ!J!!&k)lB(KFkYden zdHfDLbjP>2-7guTRH44mE3R(Hpv=gjPkjDOc(-f{Wz>^ZU5CoAHWj(Uz3U}KD3KXLymH4X z*QVKuo1ixCXs$7`c+=4oC?AYE*Lta$AtEtUnbskwQ5bBJaTYV?=ijo(~(;eQ+tdTpg1 z3bIN@csYm)>@F_z08^?M;)s`#6pNTXM}qLs+9#;q1(6P|(Keor;yY%dZ)OMh-eb2c zk^v4J1#sm-Wlci2vIH+9kCkmPeo1hiDURo!(7pH$Yb&@z_bq?H?sVI@l%jj_r`W-A zqJnsjMFi6d41}fM#t@T5%wDp0hUuW*^|Z+qM!!y@u%uzMb}|l%QT^~fWtLcVjkWbM z-SZt#I7zU{s==h8O@b6qNg^fg?ni4C0f=hi=fq=uaBWnYeDcny=t!Ix6isgwud9^M z#h!`NG@2r@LZd^XvqDr+-ey(#Q&R2@URIP%r2feib3$jU-@ z#B-w0>~vC5Y#Si3-ClL9e;94C3D;Y?Nx7TxT?yNSRG)!)XlI**!wXF6?y)=? zyJj#|iXBYK)t0F0mEPHKmH3j+Qr_Zg+L5oTEb_vj-VPkzfEj#<SHxj&VQ*)PqZ14 z<5lJ1+4A13G2>~o{_HSGkGQ6{dUUBgJ(|XNZmlrYSD?*YwZV@?TqR$XB7f>By|+Bm zYJKh**m!{->7_{dK(DXhHrQB88ws>D_dS-*`RIeJVS!T^RaOT}OGv8mse9mAx4m+4 zul77#+e32M`VMZ%FYP}uOXgWL1RY+oCebsymk#woU-xz)IXoAJ*sWELD`1kVPu{`Q z_Siy15c^JDjx-T4AFDE?t}vN%?P@bYnR07ns3#9FovieDh{j_*W!9Il{GdK|^bxG} zvvH_LvzmQlf#@yvlf@kT+NtXl)ZcvM z|EJjTM;U2F*)@)PePle4Fh}4W|Wh-pl$Z1JpTyVd)qgPafnUB#U6k3 z4$fF9{-s{oT_PsI-EN#)DV|SMvtqrhUIAv~{%s61et^>tNj#=%!%WVC=4!Cpx#Q>g z^hhzZq=;?S#O5ma@R;DbE-FGMcj=y~Xx;e#r~XSsb6<+)IDG za2EGkQw`Fch$XV(;P8x(YGLw~)#=Nb%23*ZaL-_I! z@o#T6=W2tB(0(;z>6|s~wIJSXQ0c}DgsoOuw2F8wfAM$eGLN@m5XgX!et2s+0k|MO zOAUh_`+Y|+?)#tUR}|~%HktqiM`RSc+2iE)#8;}rTLiPLK>%-m>U8v!079IvXEBMd zh1&qF){2&NL|w%0YUGn<8qG`|I`8?P7S2k{~c2L3tAue4b%+15>idz#(uXk zyj@YK0$Z&Nc~i}v)7)q7OQOHdpR(2$qI`Qho|Bot|7xh;Q()X63QW zGcX(bsg_<3AHbC>?kk8+wb#TeOJQoY}I9mq7iNa?r%SS<&J!~KPJVt+-lwA))z$kl(Csj#~Ue)Qafvj4F1{; z{Tta2RjiWhlhFx+RfYb5oGs=wW?Bu5wyMc7C$7f|Xe zPE!5WRgtZa%tNHS4Ep@9l#u|LbAhMm-n7NzAKo1UT%w7g93ll;d~+4ID#ct(woLWA zHP@5N#b38wfU>!{F;ohwyZ($!mN#T;XAs( z$cR@dzUZCNBdW{p20;mc2f_(DBwT`uXc&74?qV;0!G$nAsG%I75fqjnU{NB9e0ZmA zFl1TM3@r}&5<=l~?67>Js!Ds45~~M*+a_<@8JbWqiFmCd!}|4QAdK3wSMyl& zbUx~T=mYh?FKw;w_YR~TF@U4he~5v(M)&T^b5q2(?J1JF$+-%`*BM3=L;NKaK8N%b zCMi^T=wjml>yWUp7#2yE_koqy1>$Ev08O?_ zj7{Au1D0lOYq_n99yvQR82p`Pz?nvQFJL|2fIa7unA^-dR9{c7z6q49LQFKO@`y?l z&flyqA!-%Y?vDXnjRM(Ow=rd!`GsE%IG{|%8&CPQIu&$oFo@Vi?vXK>UiXY8@670j z%ywlWZYtt-UYy~5C_rs;2IfsrJOg`H>WR0U0{&AmfFvlNDivh@`T5%@LCcqsM`eSe z$s}T2Ba2U85o_+v!4m7>kRsvSK*j7Kw{CYAtoA=R-~0J+{>jR zXx_wjnmaBYn1Crfqh^i#hW;_IT>xVxDJ>X3o-d`4I_$`6Es$)lgJqlK2?fb z&$pEq2O=Zm9;dfWp*jaZmJ|HdI}aO!jrAL(v|)|L-LJ=jHQ%u@dE3ed+Z72p=*oC;H1TidP(c z>ip+#1WsK(J@$G7c0uNH-VY~;$fE}pPq!o;l{>u~d04#x|4Hxn8x@6=xxTaVs^BKW zA3TU$t$MV=D&0J9~aqwm(72kn*T1F|2#MUKSY}hwX}JcKce#S!+`*mB45hafrs~Y z7fgH*V59vs|Yap=2-6F+p&CHWhHg0 zigB0E`&ZYi&>xl`_f)r4XAMj^c>{D2oY_}+rU2c2{tI8nT!!qu7eq2G#(B3AKPg^dG z;8v$ly!R{=2U0cILzO_IN0Ikn1`AeW{o)~c42s@TC{fC zrn`-31jUOj))&Ph&*tb8T%rhHC_>d$Daa$w{>EBD!SjDAP6|FZE1PVQMxiAggz{9Xl@*}p&Z41aWPwcptl>BHm%Cqe8CKeZU8dU@vR^daJwbCNoSBFi>R#5F-Rh_TMD2w)y;tb2uJrDH zQN1kySoQGQ?GnIF{Ji>Z)Sl*%b*h)j2cC|7nYioYOlpDKn|1*L_JbwsjG=Kn@$+zd zI$Z6IL&V0^ZhIq|%9@^eYM(3M{-q0Mqsw*nsKZ_RrqFfD#S??Y?p19&KDA885r=Aa zzMZSWaCzzmRl|w1?4S{}yfHbP26XpDqpL4~R$Px`0|7H&!7lpO`g%>m>iz5k1`AC^ z-0ZgOgshlN0ALZRuQnR08lbVbRvw3MP>U=rOjH0&xJ7?os1=)j(4u}{g6Uh!fUfTI zk;Jg|uhpXNB%o@$(h@4^)@_+kX8OJ@q3Xi{VrV7WY$c{{vg7S1srmVvcxS79J=E$c z5}v9fUXD+ECD-N3{GJ`1wLsO)Pc>50u>+D{*DjJi;{kba$xGxfH{^TX@#kHEnO`pj z%7-lx(mPjkE;8Yc+Wxe+fMFVIg|wtRExlfeUdaEy_8aeQX^5k26)*1TV`7|+OE zX~vmg%|^p^uJ(xya~WZTir=lNcUc`Dr;Z*3ckCk&Q`Qv`8rKybw^d*4bs}huAOJLL*nsf>H4uRRzA93 zyLsD$Y@3yO2BpQcJbRYO+@SVhI7((!+a!W~&8t$<-5opaEI>zDlTueJ>ugAALFW%! z@DQ#y=Mrb|S-Q!}G=g3jdn*eJPoUF!5vNgCeBaD>uPl>-E*bO{IM~vxOZJc%#C$iN zYl#d*i4H#s7jjV7y>Jnc5LSy6n9Fxw!L(JZI1y7;>fcd_Fm>CX`xuUgZt>RdoBEBe z!?3FT_5j`G5Wi9gP7OXLQ4~)R^_URveGfd8Ca_tfkM5 zlk+U#=c3&mcoItk{*dIa+JnyX(1=v&CNj(#16 zx(|E*4?2^V1Ord8zPaJOmUHy%RV@+6kqhVqT3&9g%kexc^@gj3TYIgCyvlbKR;R|%47>%|QpY=Q%%wfA$e!!HGLS34nQ&AAcA;Chvp^cwr`bxtl!R!q zcg%mWKKqe!b(;UA-^<>7ov84n(x$e7RrB2)O2~_m^6mm}<35aFx0HUV6;GL`?|mUn z4MD3U(VFYLd5~|`P6D78W~J|q)cdUKg$|Dg#d+tuYqnYz#8z)-v-p1GQ}Qd zU)=1wF%KUA|5%B-Oy(%faFwVWqV?AW<`UMAvmF~#H26#6sjVG>8F&IyGN2$g18hzr z6F^v*%TJN9x4f^3e}@6e7xqi<+~_O_@f@OJW}V*&K+n4avVxG!9s-_%=(gP|IEAkF z!B-ALSeB%nI;d*KbG`4ViBU94XSbIOyshP1GFO`$44Z0+Ti0f9j+m`{sqbLt8CzoA z+q0wkcAlG~bh0Jk(|Y14MnvxD)To*SvdFq_BEvsF_) zRG&@?x9*mCvIgAK!cH`*{Z>O9x#_K$cv$2B*O{>p!ug!T@~_e^UwF=Z^Yi`}G$&3o z-C%mrRYh~^_VLIoFWl7GV)lXSR5f$heJtJ_*;VpbZ-*sFq=rbZpa)zX+LK)r zRvXf6P20Dp+XllG)L7_TwWiyQ>@b~n!*g93Rp>20KrK_b`aYTFsM_o6n+53jL29>f zJ({EWjy09Se#bDDaC<=4a{280ChX@Pjl)kWW%>_Y7FO!C2I>W&3)l3h7>0$|26MZi zi{K=z;AmJ9a3kniukI}fMhIg%)C3{0SyTpF3n299=sf(ohf&er!Z zd&|)D>-ZBSH?knV$Px!fR;E22&ZM|Pqm`LCJNPIuGs`}j>pbHX6+EakEEGHLQgpiC z@Dt{g8K_;1t@TJw-)!&BIL~tt$KU>!=D|YP?fLnG8?aNkCs*td69F>^rU!GXU zUCMMn#w3z+5ni`aa6@$ZUWk%Ldykl|w~6rBz-Fb#`ZqMhcY-K{nC2;QwIAHL#idj7 zeAIb%_=NqA0fR%H3upy@eX>dL4n_dgl%>}-xaN6{GhK9+0L&w}S!;-S)zVWIRZF&A z|M90eDIMb?eO&4Z$i6kPD(=i>=d zelNn9Nl(z^w|#&K;()Fx5t(;*grMW0`p58&Qm%hXef)&xdgk}AWneln| zo8e5}#E_AQxIA8itQfnImEal1uvz3;Dt#+BFziEGT@i@-JS5^9LhO1a}iewd$dk zQ3XP_g{@s)wWUao7Lodq^C}FLR61|Ec^~#UiJJ`iM?V-ZNff5rk)N*qz29JLo329! z6n^!%VwE4!_+DT9P#>gG?$k2RByL6^5C9o;>Otr!zDtQyv9DApJ$9DvAofcbrAGSU z+TQwMb<*^r^k2F)z457*@=dqZw6X15yU?NjslgrAw<~pK=cBU}>wK1+QpIzy=o@0n z-s@g6pm&tl@6b^?UWuW%M%-2H`EgU3KcG2(;x4!(nSQFv!miFQH)S(Rfj6BNUrk8` zjk*oTn>Zu;{&y+E^i5^q)3ip|HckTVxeYlWjKmMrv92ck=2d;HcYgM|eI2>99-&qy zoPX0mI67o3#tg4&!1p)<&THcJKe?k5sqIQP-2`=O6oNWT;*ydC` z(qoa`@8w{&3T2kQw<Oz2 zG2Y%gy%q>$@Zx9ni!U)3`aeU1Gln284HQYyY^s>?|t4wvtsf}fVO<+pc(6sc72 zle&SA?l-in0OqcK5l(!eKvdYY{3{WaR-X$|;af{qLr4nCa zLPebhL6yRya1%Bau?QU~x=CDLGheiBto5U2)w&YNpX&M?M~F9p(vg`ttn z$h449NoS3s#g2xd2~yg8@QCP}_{r9Ij4L&#&&rl9ytK}7#yd6_xh5q`c6``RNzU9I z`u23cE;4&cjer)DQofn z8I)x+Kk!jRW^>rHRnlTczpVCFUQ)5k7nKkmqaY28#?ebM6$9JLmP6(7HTz#~O$xE; z)OZVfO};vGqh5^WHDT5jT6{TU&n5mxP(Ne`qN^aS} zrLNrIw+ukson5BmOy)z+zs4EArw~+=8*fOWOGQ{%Mz5!$NYT@{cRAEKwt85Qhqkoo ztxjbz6(O>F*k*a6PvoNsTed}|e)=BLnI5I+cOld+CT9NhUGCDUX9d9qo9S1Fg0h^!wx_IQvcItz6U+?=mA#yg0q8Yfi^^c8b zsTkNzr$9~saj*a*+2XY3mL|xKsX^oRP4y(I;lj}tFTU2m(d!&MrFuHZd`sKL+m1&6NKrLCVbD`I$YP~61 z?In^SHoQ$-V`p#>Io~GcPdvamJh66etI@?ClI+nx3xX(qD=9ErOWOa|Ns^+~hyQDZ$PjQO1 zHS?gc1!YX=87TjIS=AR*4#Z;G^bj#T(?wNmAm~d-fMFX zgV_`{i(HCsT$2H+!^*t`Ve8h(v^Pq^~S`N=MO3t8OH8wCOSajAkF7+y4Mi zN$ncIIlg(&R=vx*&>)G28hjz!;P$4{%=E<$BRgjn{D~AE8 zI}O0cSr|-uSMg}s(<9w^;>aBg#x0SG4+hBk6`LKhK{rT9<$1G+@KOttRIlkfnt7#Z zF}(B4hHmW>{x#(Fq&sybJWFqGep)C34w{#N?Uj*2Qk<3F)+}zXO*ox6j8W51XnUDF zO}9H(a$pI8t~D2w1DhrL+*C}Nigyu`!{-iWrkb>bRbjw@67@NHddpzz4<%};Rdxfz zs<0vj@5}h_rIr21J3b^qL|KIN@CGUY0+}n3ssn1|jxadkEL>!_)??n=Y@hDwikXkz zD}A;T`x%oMg7UPA*n0VM9=2xsJNkQCbynxL3D;e;n(tW3YkPew5&qtMfS6)-SL)R_ z(zEPO$oGp8b(4;(U*B|PDwccGiOlyFa)t91;AiWaVrosw>I+7#S{hVE0#QDwI>eIB zh4-JgJT#4sf}SiL9eN2-k@rk8Z;5R90(0?9DEN4pG(zp>v*=bM7P~=l3H5lbcg>T= zUfh!`2?^y&fU`s9lW5KT67LV!8?|5<@biZCbKNHqi4_uV8=5P9F|?B}TKAKV-@jS} zXMf>Cn6XJ+j-Dn~C5*PkQ~2RU^fF@VXrJ-peyaTjhS7Z^V^YJajI)xxfS#eqs%nrq zAO%+75>H==L1gM7%^(l0h0v;)hPBz$P>}a_?@N%lp6izwI};<^8}&X>o1viZbHT;T zOcf-rVL8u$HFVbq<2GbQ5+0iqB2x|>K%99cLbCu=`}*mUd!!_@*Jt%36BRa>s#tA2 z)sy1+(|)3bB!0<% z=B^+o)EKG1&U)P{$VC5&@F{ESyE6%F{I5xGPO89vUo!qnrqywK}>bB^;pnTZHwxe9F`u z{`%Gr<-k8~QlKmQ@i+=aBQuR8s*~=+w>-O%%t-5yK6?(c&$=W6=E+z_oM;W-a)gOO zqmi#OUFS;Xpj%C=sW8n)Bd@83}zwV%N?qrC3tYm}TkHo_uiq9gr_lj9@7v-FQkB;#gaO7$(MZDd1ur6NK+K zc70Dd1ytYoJv3ESGMgKWtR3V)u&nw(!tdHM9zN38*Dw?xr($B$k`I+Ki>vvvu4}>& zRaWVV_Xn~EsrFar5Y~>(6A?$3H-)!yzk2MLB#ega=PeuT@s(E;q!X51iN$0+8m@!1 ziwO2Ilt^y29dY@riJj;5&A% zBsGgU)}QpUoD-_5OW&+nG_;^S#^4rVC6Zb6V5=LQAB_^NVYaFBY89#K%cyf*5Sqdh zKG|&fn1@`lh$S=2O8*>To%jxZzxfxW$=v#rmK3$Xx-5Gskgn3t^2fubMDX!AqLEwO}OqO2E zmLrr@`j+8M@+RsA3GYevM&8D}TEhrQ=wPCUkUsE&4eQvt2hCfg^(6<=benC6p}faBU5tYJq#7Z2vy0~E3U*(w zQ9>+T$@y*iIe<_e#TpNf(H(u%NEJDZ>n>;p4cpxw!UZOBD~VIoR)5yE|F;Y!lXK*D z@YaEDacRz(*SrQI6+6KU|2&rrbrBIzNb5z?1GVU777qqPD3!sqIteI4ZW(JgK z)lQyH(-Ja?c2I3;zT%1wPwF_=Fol*8e~+$h&*jxt#Af0lzdh)>{K!$}F7!6mQ$8+< zO(&ItcHm815w2{+_r4s0P@*lwu&5?2BBUwUEwtfo39t9xbYE-&Hj86O6TzFi0=uP| zJ==xQ0g#yL74w`AEqTjjk)-hrEe7?5d&;42YDhhWLQRscHc(-c=gUnjFU8r}V>qVv zAxhB=G{f1;RYv*K2h%bYaY=-CCf;6A)#49IEbRsaGR@aCXOg>(zCZPCc-Cai1aw{nb{jqAAdAOawzRQE-%+ZKF7jN9226g1 z-Yc=@jiXg|Av&m*9)e7&4A+KWR~o~gLAmb~(6avTm; zXQn2bH7#bl@Kd#C0cv%?RZLO~;l9{!N zQT`28;=~%?b#3801ln|#0#)k$V8Luqi@l#}T}4eo5pL2`u;+ZeWax#k>}-IT9zHDPveTBR`jVnS~BRThI6~8 zm{xDXK|Kh|FX31&t)fpe5lEE{aBzVO% z2h)wJ&FNivxbd(gY5(wRQO8#|HYe{(Y!6tn5(`K(Qni+73ZVUPCfBecO*v6$q^8vY zKUAUQP(yHlyRI#Wb(}-!Rl3by_S+hoa&ODIhi+XMShXLWZ01)Q*|#H;IgnAQbB|30 zQ+`g!>NWG$SP*5V{dlEC`+LUzn&k$G1?)VE_3)u%)r|wO3)+~Jg+XNeqUUHRRV=n- z)((s?tB|IRL*n%@koB`YIp`vn%4Iz(jGC)$ed-h5DazDER&y!V%q*K2tB0CLG$;2g z6r|mGVQ$lB?u~16#@!t&*&J3w*wH48St=lw-cprxcd4e_V8^QH?Px%1oQw>T&Xj)$ zq}*-Vp*)mnmk?FDZ966>aFXIcamEL)H6QsnU#TIXA2upn?uU|!)=SWop%nN~g^Ro@ z;>N=gJ;=2y0$slE#J_&(-ErW5HxpBrE?WSdZmURPu=c{lJa%+d+2plnd?aDI^8u7u z&XbIHWpuKXtqqK|mENS}>*Q%E0Fi_&z=c#jlPF-TzoH!!J(w(fW!RNlXF=KY{%(1) zeu6gfeSN=_mHOyWo- z#LXKM-X~C^pBEqJL1Bc~sQbq?bmchk>Zai+GOlTm3hoiua8nOHW`BbrFwrY#AWF6B zLjg2nUV3L8>n-Ly{$#T0Rdvs62+8{HSL$eC?_u}F@0m~Vp+#i4o{1u5jQ(`59xdXr zUT{vL9-hnE*0irRQJi3gC9k6EH<>r-EgDfP%EDE!@w_o3FS1$S48wu zCW+KEvD86#DG~&xWK(ha?@V(GjH--95(v?AeT7rP4MxTUyT1Ew#WL=NO+ZByYy3%f zJ!7eSCXGrX?Y6VTG$lgn73A5LjlQ@C$mb^UbwR1ja|f)E%6oazLB!3aGP*hkP6xQ%lKasUjNY^w}OXjDuGsKDA z6{Lp=pUGAswH@ezC?)GzYGOfvm|8_!dhd4vV5hQGIWtxH1)wFdwZYd+ZsQa|7J+ z6>ul$4{LLtFm`5TiCLURCCL+)$_8Eih{G;kOBK{2&-2l8aA~s!QAl_PuJCExJ3j!L zb-5d%jQzHkueo51$amnf|4v}N4n6QO?eqM~lyoZq6brVrb&Xiw)j}?cTimm3Pd3}1 zBrMr@jAcl-)SjdXw9AYdUNZB8Mu@yqTpIE~$`ePeW79Wo7C}QeH(>{UcfTc;`yzCw z;u94m7CHa$3}tvEfapTwtW=b`+2*3yM+aoxR9a&Cyz;biABV9>YEaR#@FlwEQrxl! zt-H$yt`KUdocvG*M3_Br4mcAHt7xSP6PC#{0h++^piv9^AtS{kC?{P``pUs0XXG(c zLK0d*g@Zs{GEw)qs1fHR+t29Z4^-qpWxB(mM-@FobU3*Mj^Cs?1DZon$BfFIa?eTo z54qkiwHvUz`w-WTQ3PAa9mKlF;-FcO9YEY;ii{kKZ>w@ASJe80@rT7tFL$jppY#bi`g;JJ@y|NVlFpLl-# z(RGf+dx+1?wjBy)4%sUEmSU(sF#oZ;yfQd4A|!OZ!iQ)KT2jkH=}eas z6zX7%32`}j;CPe9{)%+6?^3q+ZPR1l1HCEE^3)%(*jy3_v^IOA|02-JMt2|!WyG<$ zI=SvU)gCMBGTp@2dGFrI(+t*8eV?P{akk>0Fj?{~ogTUajBb zUi)gcKmYTP^`AcSyRi4$@37nt3+yLW`D1=SzuCx2{*#pdGZ*BKk8A@&-8D*C(I57* zA7a!04y9wS~w?BcK9xN(9_X7wHz@GpZ7U&5s+5$mPT`hz z93R;jl;17_(p}v6mrzA;y2$ie3jU1W_htZ>;Hg3fe20QyhXdNtnRXfp5%in0Xf$o(%Ye3#U6S3wDLWi05T zijy-8{eUrfp))<-(9=jFm4tL1EI|X|6NLuJO*8KM?*hUYg}V-L=Wj~x7%t6pWmYX< z%SH#G%U=#zo}Q76C)OkP);n}B$e!ZJVfl(bj^Cka-gT@Z?i=}^@~rhK;N>Xv_}aN2 zADR6pUW<4pOroQ)tFaQg$C|BAQl+P-UAiKmaiJ~s_QkcN)M*@luK(TOM`cuXR7cMO zlbU-}Z$LG)D__^MV!1(8qsZ`<%yKZRP7~-gTU=EYnjwCmyeL`UtQdQxsSxCNLC+Gs zaw9=$B4&ro8go(Zp>N736C5}RNrGlwAT1y~6=&cOc{6CMiGV4K2QC54Uq1y;ZQ@K` z0ds-P8z`Vo!Va%q$pR`dDg%8k?-}KWq4}4vp94_CJWdDQ44iJwehZF!S7va=4+7y#c=tjTE2B4r0+~F86De zp{*vIYyy>(YY6jdUbpT5^?>unq){levU<7U6cz*a?5=DzS~!`j2B@iA1I_^_CConr zjC8#>I|TolBl z$J>aIxUxd+{L1R>mHX&g^}+tS-2iY@x*n7D*>I16@rF9`CWDZo>YwdZ^(Wba1nx&A z|HX;faKE`a$HU~SQx^0*_iaXd^L6ElDyD7dH9t=K5ec!$VswgC{;Q~Ja}ul;NZ=>% zG^aGLkGg4cb`n^Spb2% z|7cJ~(yvg3iEk9x8h{gf#m0DpM_ZnDo%g}BYTzN?BLgf|jlYOXn-}A-*B9w)Zs|c@ z5uWcH7CN4b>*cxWi7m0tr#{PqGy+wAcl^p=UsQ=IwscX=vb%Q93psnvrmy;g11DLh z%z+o{K3H&Q3n=rm4=)mH;s77lA&9JT$ljaw2t8kHgw&Q+?T&ZR_6{k_ypdJf-!P7s zbTdnBcj)CnC4n|XaQ@YnZKVl3T4*EBp`E}iv1m}?g7jS<&=mlu>onWYIls>TxO0Dh zq1`cXX4PlQ5(2*|lWk3{1yvDbL-x!8oWq>BRI?WkCEUQ!UFLeYs$gBqy?N~B>T@zR zS<&}$@$O`KnyfpCU!=2D{XV%am6vy?4a5)fRpz|)Baj!{9=-+Idjv*6Hn~YMrVL2r z&9hbIu&->-?Ea0OZ_+MnE3bYyn8kbOC6ly&7>zP;xl)b@c74pD!WTtan&oZOKgVo#Iu#P zZgi^&bn#nQCk+i_-M5dIbJgD_>qrU@$~aZm z2W^MMhPy2O6N@5A+pON!oc@)N0T!8cwBa7cShg>B*T! z8UzImCb!*!!$KUvrO{VqT4?3#6i(X8=lOx|+?U&UsEK^3U1wUR3v$iQ&F$7X60p6A z%1&YA-rG^AZ@nzjds}JJ+Ir?n%yAhqaa7i2mwa(DLb_T|Mzh9gJYW&K8}r~(%DZ|6 zWS6VN^zQa5oI3JYJWK-JPvvdg@IR6E9~b?TXEOcf>XnpXfLXPkpCsYQhn6BYpv3oz&P8RU)8*^uprh5wpqIlXVQ9|Ik2N! zS3V3^fL`W*5?jo zbmG(8dbRADwJuv=g<~?f8uU z>Mqf?!=WkC2lm$58zwX>xtEm~nXRPwEGc>vjC5}-r(0}%%eD)6Cl}$9sge1cNR_&v zC~;xHHez;!tTWrU7-!yiXz*?318{ND#-ETw3m*cBO=I=6K3j5OXU9(`_b>y+s@MSp zE|f|L8Dr~>eL{^^>^g}AO~)~S0fH@1@e~_fGY*>Ai@i=KuCqcn57YZBeODU-zc@MO z`NGLNap=eo=j*rpP8|C5Tdp)%1{-z9tu^!_dD!WbyFccBTReX%=f1p5V-P<%K-2j8 z0Z#tvceQSd-rag)?hF0(xMlsUKIV z_Q%8pI{xGG`r}mn!3#8_uAGxD1pq^WOBUS%k6X=`D*V#4=iS8E>rP{`9(8eV?T0pQ zS@+Hf-$Vr-FX9QKI1PwQ6VUO`353g% zun;EDKGDqA20G#`%SeyF(-@%jQcau>Nd&U=k%w5$a)D}N+@7S>>uV7TfWxrOvc5Hs z?;p!}$t-M>p$mM}@&LJHrZRF+#D4ICAf&Ari^G;J47escYC>xNeLU9354Y}{0`)F` z>W2?sdaqXmMJ+8}lxq)LKB_wO&C|EbnX3k~lFgVrRO1t2HLFFV8pk^??W(SnxwAE| z@6!UL*|285u-&xKIVHdqSuA3O8h*7syjM*5@v{H^W3p!8J8Jc~%lFzSH$epSE{%4u z($lsFk{B8#RwvL7_=z%~t!Rhqjka~9*BKMrAPg0OCBhB}E75xgv}m^#4Id>XYhE%~p@b>DuRA)DR)m_!=A zOhxu1;(lB7=`~oo8Y62J#zY`b}3y>XenOooVgy@!&G;6e6lT5eauFx zzwAjiV70-agvj?}U+Yh7gT3UNdT+w=AQ3D^ymNcjkUcrhA_f|i9(x`Co2&G#d(1NO z9$%5kalxu=cog9JRG{-Jdol64b1~2Tcc0Jsv{8|TT!C2L%`)(yI5(_rJ zpdoi%sAefauT!iXOTw!GdEJBuRpRcIcN0ZwTfEQ~lXMB}wt$<)M;wvp z88NW4D;Or@>w+f%kQ#+cNirP;hfbNIy4o7o%fIlYJNzU}#;vLC(qX#JqfPBFI5O}9 z@D6GL@fjp?UiRu}>a%m=;j+($Y`0d~tJ31`)a>r;aFlOW@A+A=Kz+lEI5h;%Mw|;- z4g(r^>FBNkU|xW*Rhrw1S{y{ih4R^$Ms&(dFgYqOpW6jH*9-s5K9)zO0b*!vkNd50 z^m`tPm((N)$$BO$0X3pE^t`)yfvVZsIqL0g&9fhznyAI&6>BK?SV;nVqFTqp!`nr8}sx|m_2-W325M!p0mvh zLc0LLf6^iu9K`Ak1u=Rl;h(;vF6}yOo+YU*v%MGhOAwy9?M9#L-(-0DM?BI~3mBCx z9udU7`~jh9IuK~>8n3W(qe9Z8!gVS#IqQP8n^w&2J9iVWCuE%EK2mj5v8;mX6eabQ zO0bjI$_N(TL;--cT{VzhnVYW!1 z6Cag&;8#FblMq0C67Hg&{`_q}X4%JO0`{>>Q~o^;|G1j=<|on`Kt6)uiAVnZBndu7 zq3BQbtFL7129AOdMq&Ej%}0KOmi~5G`(w6`{(UTe-#}!tKxcfLkPY9Tx#xepm;;wL z8U87N{rEe8u7ier>mI|yf1ReE2YFb1Mey%q`Dt%U-~iBRcTUCeU)|T^Zze5&{*J%R zq<{**O|$N~p8wl4{q!T7Of&kYvHX2r%o71N3>+di8ea80|+^=Ti`2V8?CnI#= zkKsG{A1N4pry!NQUg5ht0fKJxQ?8M=fLc!lV8Cm!aD;A;Inb4HkJ5UyG8E^ zLE1_Eif$fT*{Da5uMqi&UYUP7X2S$i5MAf7P~x{(RNG~nT07gFpLB{}N2^O54L0$X z_Y;j4YyI)jFhQSEJB?fouU!4iG(&ad3m{>~KkyoE$sfrYrts?H(+p^;MD(Jk=Z(#_ z(7l|wBA>*oQDkRLtdp9R z-1NaYSi3!ttjO}4KNSJQ$?B@N2eBS)uwjR|m8q6XOuLIjZu5@FS1wo-Y|3~Q5vh^1 zu_aOLgEoerfA#7FXkO;Z)j>v)uV@!P!T9?jK$FR2Yl3U0R`YmQz8uD!G|XK8TJ7tt zrx}2j-8CMSwchLJKkVVZv@(Ud2>3!Uw=y)b9ig;XmkR)y<}n{1Z`i~bkTy&EGTK~8 z!!$(NJ&@59`$u+2YW@w&brYJ3F%sEc;^Ljtt0Ak3ejjt}Y-*1?ntSM%xW{-rh z4uR=HJ^hKWvJk2r#Z&woj@822XL$5E{!e>X8VL2;_KB!tsgu(YQaZ(OBFk8^50&g| zkv-WOyNJdXsZ)}jVXToMOcY~Zi(>4?zAMYbFm^+>_nzu`pVM=kZ+SZfbx?HwRR!RvlCDfotcK|oS`R>RUpShk@rBVWEuyU#plvzoK z&2(p{vp;8?^7&A?Qs!Qk`)Wx3^QpXzi}IepNHAZ7P0L7EPDlIgtW=-%^uGh>FH1F- zw4Rvh8N0hiDU*U*L<;Kk1^&6XHU07l-j6bX=lmp-jaIGEc;ZD$(#50E(8jlD*P zTb!gvZCVVuoHaJutF}K^_9i;D*-zs~-nL9MSLx# zcb;l$|EPs)KeL@aUg$Xd_+F8D;zEYW5GLXm0o}gN*q)G*l6whkpHGq}nO^XZIWieQ)905ZZ_b~H%_df!E^1@ z18JxS0isNyjNS`o)7_p=T4)oY&Tp`Q%|K{B%mN8UW_RH+zTS7qE35!#Jw=RgJ6ywP zw>o{c=jzpJk{OQu9T3qBJS<}xkE5?F^N4d?qe<_S-@rTjFD*ozU|SwKF9IsCNO~D? z?~SK1MHBGtvO+83>HCd%=h!AdBj|h9C7Q&`6iBJWS|xVp2fUZ$xr9Ib3qVrW6%}?6D^654ZOToOl5hR_Hc6HGT$NFm@%X}^R zBcHjANTLD)_m+PyeQjadzev{XNEy$oO6I^)S@T61o@{8tj*!zps(ftX5z|ckvk@ru zpbz53tKJ+IrKT3s`8REMx@W}j>uGfGkGJ^uP!{?JA}sDo3^9KH6D|MqehWY(okQrI zT2@wnHrz8?BB;KgI!F_^87Fq$t$$8?y9d2o=wSzLAWO@Z`hZ<`1uWmT&51@iUMzlO zinc4aJR`*9uCQZv!=LsJ2TU3_`(H{1j5of8W|}y6Uyq2RSoVAS)^zfO|d+CQ#O(%&V>A8 zcaUMC*gj}RE^{I$&vj)FxMZjRY`Fft#-Z=YPd{2wY2AWz2i;;DG5g+4*%yQ zhWj9v8@20rJp`X{-(?NMVXwN-}fzDP`4*!^KbT(p!eN+jbA zM5__dG*yyiN*%MV3rLnDnoj3?4A1j%di89sc*Pc0^d*Dg@9%M~nW*qVbzFZ#gL3(r zMLuM{E;yarV@#-5}6SS$1Iul6xndyU+MsG$}PxDZ9o^1x(3pJ##U>WJ9oULQLbsw07 zvVoY)6Nh$H?!4p-Z!D%TXU>L&fYHde(6=MrfoYE+*FrBAY&sB@@l8=yU2%)Hnx6;C zdZH0?gXQHpgjsPh{~UWKP{fp9*tt3q}nX1zVmRC%Mao_$p4Qzkvpmn(PTbGDNq zC#3PvHUqPS-zFPliely2yz#lIB_6|cl3puuNy`n7=`$}Dg1T1RT=DSDz>+o@X$3hS z&s#8}y_CI}-I{R$535&hM~~GRFpHcw1afP?t!aeC`cy_Gfno z9Nc^zHT(55M-kgLYd#(RpC)6?_(302x3al=fCsc7hNhalJibG29X?!-5-A(pS#LrL zcjwoX6%pce&K|hqe!-_`IVebSCb5xt9m*mIWy@uM#%!}pF31i57(+J?VL&#Xm5LHn zzo+L1MHR9$_6icJv+Sj@zivyW?WH_SDavE_@Yv2b!BQP7?KrzVqBSCe*dlFC6rhrQ zL9JRbzl6eT9v)t#j)3fPVzoECUz}^DbbD zP0_h|Yk`D~iVEm%kz?-4KptAV{#gR=c|RlWa*z2!!x%G~W20Nk^Jh>?qjPiKONSQ_K0Fp;Z@{O38#oGo{|?D1@DTS2Avu+LSv7Npgv2C zi?p!1a)yr}m@BJOAb}zz_r#UcGDFE?TBITBgOIx}fDt+IF_i{wFnR{`Gl8O4ug9v^ zez|K>usqV$TpO0*>m&`j>R-4Y4~r^?r_k|^`VndwnY3rbq_LHaloH_`vs;f7vE(#s z^TI+Aw6R!%Fnn-f(iX}K&xAU z#vRV2NoOf%H?lYY2H{Mh4KqAftF!>lj5o1+PzZ{1-8|5n*8@YQH=I=kUn(?IRnCWd zdwCQqjInCK2Q(6jRrCCgG)7C9M+44Ny0_WMJ<5g>=K*wYBSRXtzQsl^G6a;ATtwKd z1XIF<3Bnr_4fK;A2E7I%lk>E^v`BN_y@rXhC6C3+URFgzCvB6~Fnj`16RD7iVe&2n z5WXRg7+Bps(CgWTVIX?>!K$DoJTn=gGm^5DKe|}v@uE{nPPnIEeJ$HstB}!7i7pB7 zxNeHj=RBd?sM`GqVYz5O!`C#JI(!{BmCo5ZfGYE~ml#F)m(A0#JU`i<_juh1qBG24 zdc*v2|JuyMj-`|Y?*=XTJft;<)~j7`nw?c$6+5xK==rlLyQtTWWN32W96c41f7{Gy=8mrsn6>&BZyUyip?y%UtaYQq1^Qiu zRoBp;_T?c;IOG!{a`(*5`LwxGn66DH*|)2bAK8_6VI*z2$%PE8s)uyv zNAI@}Cw&}@XG7Q*SK+rw0e-SzI0JV}f>^$r;YL$DV+srFpMxUbjk=K!P2Zg;tt)v(RqN5D}DK1`ZyRgU%IWg=@FyH2GRGNxhqzdLqlz z8$KWS!4zepL(l+BGxEHxCYyMA^^o`IA-$0`7B^*|{8|vw6&&4NFKGFFYh_$TH#>bk zGO-Lf9(Y6^-aMrmChf%164&&y=L4-u;kD0rYk9AH&O!6J%A$0)xhuidQMHf5`Y^3p za`6*v^B^)`U%4Jn@$6BH-3}CDpr+^3JX7aN1-b1l`vj)-_pt?)sx@Dvh0YRQ^vd|0 zQxbRHt~IO5$BDNz>yKb+v#gyhEiJ8EoH=~xp52v;x6XN`KCQbJvqz>2rhgoiJmknB zNZ)9#O$;)YJt)c)G%)Z)$EmzDDz+YYMzidXNvnL7bPpR6=vM6qkG+V0FJbX%LbN3t z9>p-puE%~oEF@U%)K_Xxc^()Ow{0~KQtigU|Dm@TjKXW>KY$27&RM6 z%kpO3qh&D+$pZG>Bzwo{1Vv1^Ob)KiNppFwu_u0-gR>c!)-R|<&5_5SUKby926TLG zsew&{1E$0`n{yIDbSWc=GS_n}Fr@9up26>f60n7)2Sh z+hkww4o~%^IAnFD_b$Ii{zADNUP3Z z%aL%O8FTi`-(j9J!bMuk_wD?_G_%f_Od2ULK<3?m*JB;suH?IwNZa+iHNvA5E{K34Tj{T^ZoD9os^QWco`tRs1E z;WWbaU4q9A0&!3+X+X^9)SXR7QwQWok^D}yPMaoReESR#N><$IMA~3&#)YcfrC+j} zCW-wF>KmOBlSwLq2fbcWD!cz+th)LKGr6i5c-)2D(qhoun8R`zJ)#UcfN72Nac;_< zK@1C^HywYuX?UIB6D#Wc$>AyJ7M*$4bsWT$9QAL{#j`4d3AT|W%{4QE{Nk#o1F9EB z6Ajv<$Cl4mv>>Vdc5AgJ<#`&6(p^%m2tA=U+v?}CdRVXJ@Ux1)Ja6h;t{~dfW$t!5 z*8N#Ee`j>4Ys#g-tv311I563$i`F5tDGyZSnCs^iUJ|{TO+?$lhX8A3R_@sz0|U6! ze!6^8=44bwhN1s2i;Ii5b|9G=aID^x9s03I9c@9Z}*4I9l8QM<<#|SaV-0+Z1Fo-S^YGB@xSs`e{+~HUW!1x&wQ7- z-^zLvAN|YCQh|L0LQw|@1h3rjseSS+{}si5IB_6~X_s7ezl(MNKcBYjZ)zjr5`R-m zZKwti7iP7h)OepSrSrZh_DsON~!N#<~o1K;Yr(1o;caROJh@0ie8Vh1pfIve$b)c|G;$uoMm8Y zgXF#sa)G-@EiAlm?(xAHa7HJdChie)`|+?290MxyzpuErB>ndk|3M(R{-0$rfd99n zXMR5H8NVLcGspu&=?j0@7t}m}Nj->GIIOL7&g`Oy2q$#x<31R}zXoyU=;_mf>>SU8 zMibRlhkK^#81>2{p40Nq9c+<+o`$4C3yJyvSba~qK&{Y#ILms+n|L~27Md6@2Dpl) z3w&6)bor7v`L~dVdPOtqk2Fz!2 z*9eJ)@Yx>2lDD zjf#5fo<;ATlH*@=b=}Fmx<~7aA27_J#K#B9$-8IEn+-ro%f{1a-sMRvJv)px&EqeT zM$$wov>SEE!-3mbDwA7;(OPQLAxWgczOQK-u)coJu+$>hDl9b8p+Ak=7-TT7DRJBA zWgx|-s|vt3p@Gj3n9pX5*5SG3H32-B^|mt)qMhLTm6=^Uau9F;KNAX%xy_bXwIyrZ ziKDXi;7EU#|3)F?XAsKWHRlqL3RlPqeKQ>&uK+&~&7;ch_*(}3j_f(eElc!`2*qRY z2gt8&@b=aR-)_UjYFaEN$41l6MZ|V(HnPcQItO$N?8`9C+nK?euHQfm+SotJRdE;$#PRYCC9qLsv)4{TLRRM`Xz}3}tN-Ye! z+a?zH5Q=sY_So+}!P;qu(1v1FFXs#I*rmTpWVh}~Qs6QY~gDGU_Bq@CPFg+6?1fC^0~&Jq}{ zz%p_9Z{X|y7O#X~pk~rky6u7wT11Um7S&Oqk$1bBRWd8=vHh6=%@223Z@B0}jz?3W zlX=guvpXwB@%(O=mSy9YAt?2cZnjRtz1!W+18rkyw`P?{$LsjT>efj5`6%5sl|3@( zKd8e1^`oy*QC^%ZPF-W^Oxj9)v&t=z*hv$O=OU>Xdquc`hHjVZ)cv40?`o#luvF-z zT(e=U@@5O>D%=SMK?hqV=d(z>#ns_+T^C)8u=a}n_>(Xf-R?ce@&CJ9$^}j22zaQS z!X$3jCy2)gWU)oE6N5$G$hE|EIda6QH|KZVv{C%ca!ijIh`by=n!ZeQrDhb zS;TaS=L1)gBjg+^{B>LvpUn+_-OO=ybx1Zf?%|E>esNBZ!5|$e&&Vq8G2VTZR|f3X zRx9TRw_EpZy-^@aUj`v0zaDvF>WTNgN_y+CpS`M)Jnm9Yejpj4&Y;bc!vt2azTsy@e*y2_XuE(2EGDbficZ0YQ3ip@^vT z4xxl13IqtD_mJeP0z1Dlw_>I^S5MwD+#=R zOaAwgCph0y{Qa5yDv%GPsHdc^4&3#uU2Sb$+#F!;fr9xyK*GrIOh-%u(Oi-B|O1lr;=0WMu<;Y%Ammee$y&kc_7k@Cdbax8n4KI=i?@dCGGAC5II7 z{4-gYi}Np8+##}D#+urkN-$SjPH~}|LN~eOPH}Q_%DCFtN$K8G`CD<|mn@fqyZaL< zVPOOUA%wUs1aq|)z9lIsDST5zSVTk+$RX(F<>GGTDd^(H{ntwVUe7&SH)~hNC+?0g z7tWvcT0Mrr-DSDBeiHh}=dbOw^>q9vB^S59bqnaA@Xt5Gw}fsA|D$f8sLan)DQ!nj zTW6Ddj!)qIYEelK)@c{FCA@C5``C^41*@(O--H^6GyVHE^?aRf0hQn(lJ{ zoUgwX{`KYG3d#uo?D{W5@z-(wODZtXa;Id3|1oKDr%s+TzX#0YCC7VO`oJAP+|Li$ zPc&Ws>;31m-$3m_cPR*@08+oFsP9R(I!%>kHagM1nWz2&iTygQbnfn@b2Jy!Xes$a z-U(hn+%T;23$J#toSGBV6@4D_=+@mANF-8veLF1~DJd;onLM4GKD~N;CbNI7Bb|Si z|Ac&lX^EY2)S2KUtu)h#eO97GD3|%*2_{@b*_P4@rmM@>P8X*}TD z+aA*jGq6ObT9;KHxK2MsqDYwM6|+Xy(W&nHG@P{E(yji#!xuTt1uz*chiX(N7yp<` z%pwas*9aqi5{F$kt^H zIt3Tyl)hx-9Wm5o zIiwHY{#f0h3d6BF_bZ_(*3YMRK3M{mPHQy%>fF4G#R3icQy_rvJJ&h|Dgx< z=K(T%D^p*KujXM~YZJI3j^rKOSi)l%!*3_^)Jp{!GHaRc3vq4glP>>Pn0HRNg3Gg? zc)4&)!x{bw*>UUl>oDg5r*P0?3yaqk6!*76f!*eG*UInl@~T9EOYt#RschW6lbq2x zh;TpU-_G~-n?W{|FFK7?gUCMDTakC%$ud6u+oj0qM`b5y#wY(UHTC3xOm@l6%G9-O ze;1c~p)u`Muq(x>HuH9jA>JnB9d`+PWp2Oc3?Yh-NI}6OuE!Tl>OF$5o|B_)KleNa z4l#WF1Br+~_a&T4i+!^N=*U5B48?Ef;;dRoU`Wh%qJY+tKg z)w62nfmI{wl`Z+;4@*Gz3PAXjZB5W0=%xT0|NBn1UaQ|TIL??;0Ac;>m2`igJ9IA) zB%(RvaOV7P(E|$7|4I06GW7Sr=Zv{VP8s94rQ-JH_XwiNxeE|x>~f~~16@%DfIYvK zNNKzG+x4Kp$p{espl!$YC%P{IB&0MBUb^-N?(*R*KsZF?zYzRih*bD51pmXD`Y#0k z!&?3?7yM7s=zqE3e;AqnuWiJ6kJ!*>F2ysX)^w+_``GmL$+~VZ$JQ)pXdqp4=g05c z=DNQ8ZnF11d>3uggJNGRzwM+SC&bug<2AFkI-GC}-(=nQJpBG;VJ}o{3YUI#&~|iS z-w;)x%9x~AXcWW7_B_Ll_VdAJM;v_X%Te)Tyi;j?o{r!RlT{;^Wi7b*ddY;qZI4xt ze!34P>QV{)&055QfT;!zIrEk;I8{~iy+&}te2x?2v2w-KWu$GMnWTM)&uS+VJSSjb z%OqoeeVllFac`4D*r4c*sGy#1O41D;!O@z>n~&EVE4@8C!4v!8pCHJphX#&C-O7;c zn$;L#31>I0QDFn!l6)hv$;UFG3bD*@Zn@PwNEO#(5-=9%HY$og+FiNd&D5Kti8dU1 z4-dZ-9Wc5gwsnYUvu*vPT;Wep`JkH{XCs;~%$q5yogxmsuv=Z)L@X&XLH5b+=gC`K zP2jU5H5=DGdD%#s<8?_kECzRc(>qa*uEg{uY00sqK%2gVGma5TxFcEZ)qZ@X%e9MK znMmB^7_W1zJk5So-IF3~gepdJRzpVPQN^j@(8Bb~h?nPhj=%7XudNtBzBE#wUP@i? zB0Y?@Zn!@y*M3A_KQ=#lr~6f1umZ#R15Cy4Rz?P5Trx8K^;DdW9$x|tA@wp=8+zC; z;hgjVjp*zgBv*%-NM4R#)qi-{I%q8#61MU6am4~OU{l^8NQ zW@9c6P8zY*cJ8MtVPL_9MsaJ5^y&Nr>t(5l3R0kt$-HD@`tXCv8noZ5kJ19*NO&}#DMv5&8Zp6N~ni4V4*X}l7~ zxuaE?1j(=K7KAbH&A6n-9!_?!#p2H&Hckr{;)#!jCtZCLv|}8ZS#XcD#gI1-)rP@q zHKaD;bvf(Fb0(LX%l2M06X!48)gx6;sl3gnxpe1=f`$Js)Qd#W9$?1R^|5ZT)$hb@ zFBr9)g6nQ1d2JVyI!s|C)iaYMZJkN=;HV@>NwbXUn|(|n?5R~=)BNsOMl4tiV&}7~ zC9fHeT=V)YJ5y>YT)(}CoyKvfL?)cz@RmVu#nPuC)>yW}X!|1@W?x^^dhO#r?X#~; zDp~V(SFOjandaz!P-<0bL{}5;?5EwH{~q4whK$dDI{)-3N6@=#Pu>$v8y}5j#bD3i zY~T-zyKd3DMf=a5POBP#zdOa`U0`dzoUN!(WrxwGxF#6KKDpdA8R8ukr)Mu15Fjw( zTL`7N!LWc|w`A3CZsc<(?j@;+EePPs7^@UtGk2ymWu0}4$grO9dR6V&=lBdxiLtBq z>UCo+0ozMJJfb`?&qg1oH@_3ZdhThzo_vh)LRlEs>tvWTUzvP&i=*<4Q)$fyj%}|D zg}2vF9n3O>NjIOIPU%#|)^sU_k2NTx9S=x$snoYDJusg}C)GtqB)4P;mm4)(=(7n; z%n&LR!%p=E={3=RaStglxE?&^Px>r%`LgOSXNjQspZeSW3I$Y^ws1zewDpHoI?ETe zkBZIfwP6R2(jJ`x>w-ZErv(FIt^a8Xz!RtOkbLUx4dRl z0Jy2Lswv71TXojGII6&`>6&|N|K-)`!Y~*7wSC_W>&`e^*S1JRXH{WD&)_bkY;_NG9NM$s(T;>UhUHAP1hv&LBpotIG$VUki{u~H1j`EFBFxS@!!yXEn z3yNeUu6p*FIiUeO$^XP9V5Bm!UyfUrlnHMQhPPi>rL(HiF+!6&2=$8nABb-;hOvSy zWI6IqBCZ6j>U`eZol8CP^cA+Q-o3k%huwYhxHRXD5uOUJsVgNeo!RqC_ib}tMF~`& zVwcC#^bi^%7T)bI(G<@*VI_~{_^ zQ7hujUn(bWJVJW-U(8SETqQ~3eHJtb#194{kOV59NQ0-652cO9w@@h0IJ{uejGtzqLiM#;g9S$_qMX}$NxA{55!Weilg$jT7Q2r>qEdCP7(KEJ&C=dXbiQVHfdUz z$NfNleY|7Z-_U21R4QlRD^xU{m#qh(&thQK!gieG&$_3?nNGR4I>D{f zSATEMDF())o$2}A>Vr|O$F$j=j)BT&-hE7XnWGcR9zYlT_m>3 z-&nNP3_dgT5WUFbxNska+?AUsMwfZCL&r2o#HJ}IKDG$tI`Fc+J5s_dx!wY4mCd$( z+)a_3Ei&s#sPAztN)?C3LP}fAgS!S0D7rDrWR?q)kly(cpUbEX`1|RELXz)?G>=L3 zwHgiu6?BQ|_3x@&Ul|I&3y~`ua&7_8S_+%I)mh3k$8l@`hFet`!CN!BZv^fX3Q=MY z^9-|>@^a5+S9cI@Wb@3*J7->j?_6qwy`+wb#fTCc2x!Ul6NlZ0wY&~bJd+Jm%TOj7 zc=_xrYBx^}U&gECovQO9Ix*{mlaHcDq`{RUyR~7`kcoVKw)Fc-oYPdt>o2U>#U2PG z$UcY=ZSYv@>WS-RItvc#?64cPDJqDl4h7E~{5X?E5+*Rj?C$z3Rc_2m#g;}luCM3G zCMB(l1f*~Jb6myZ+h@gVe^qmFJ_S@fpXq4b=~{*dqi?rmUy@%NxZd3;Rby>#>w3U?QAk@3HGo{712qa>BEpLz}53*dP zEOm6-7==pL19?rxf01&1nu%{~h>N05FW|9)M!hb59HDY&Dnx?+i$`NIk!b>1}+S$iU zU0QYc=}MMr_q5sWH*Fbl%lmez(^6>WV`~6iEyMK{fU(?b1eljA()3FO zn2uM!skPSo(IEJcQ-+k?s}Z2wO%Ffz( zVYOq_&9Ez9Q2O)zrzZIa3Dj|@$5b(feY>L@$0{i48ShR!^k{E-3!j{Ic$HvlO%-## z78j>s7veonQYV#_=)bEQ_l-nlj11BcvH?7pfgDS#y(CnZl$9Z*q1_$2QViYne*35F z+fd59$oVRd=Dr|FrC=?HI3l*!3g9Huly?2eykq78dD5%Y;IBKg{j%4-gxd>p*LZCw z_P7>|78t;}Pa@W5in)1(6a0MkUq$*KAGAs2+T45jlcK?+Z9%}UW%qvDnNA3iJbuks>dV+yH54f-p&iVm^CY((6r7`xboP*Nx->k5n-pP0!kiR7a{pY z?Bh92X61=B^^w0S>|W9W!i|gZTZpHruoIP4N^j}`=4f;BH)e<5VQD^>=QK9+$+|)v)QQaUpGvuO|`Mu!j4yiEqlGYVZO6=5ooJ91Tx=(t!;pU-e z0$PrVpZGs_#epHy1tDf$U%m`g*j8SWTyQPS&4FJHf} z$3TTtQeO{({ZGVb$#1{&J({>#Tb%0BaR1?@@!4s)T?q{G+sInu{+fnvy{_`Ur;Pm8 zIfcd1I~fEk7RpzzexhK}v)QOS*D^ajw@9{d^pdxVz8g)VY{Oj>T$R3fNu>fOj0~uV};*<(Fv9g#=Q`C8bWPa7Qfe)^R+N~ zL(wte9kq{4)|fs_U~h+2T_7ZQuQ5a8vt>C7zp&l;>@6G3t$pF=&f!U+=2mBlc}LL4 zfUEb62ql#y;o!aPn)KuVRb|5r^}o!1#Us)xqH*>_=MizUwio)Vc2dm@(6T>mBR3B= zUuw`%{chq_`Zi(6E123)kXK3cMU|xIyJ~>fh1YHaD(&1JOq#t`^wIQblh10J zgN_9Dvb&PriEU-~G1v$if(~8Kr^_vh#C0p)N2y#aD5X{5Hhx(Z#Cq9faArGrmwsuu zI*jmTZZL9?yu-ZV7$m5O)C;H`U^qhp1XZZ?o75X9hv#YJ9TY9c@3!S#;+fmrWK~j` z7qa1|3#HygDCd$+N3=)xJPtXvG`v449=~W?8MWe0yG0Qs%J4=KQZnU%_Nzcx=KEH% zd$fhp&Ce@R%s)SWq;a@4fl=G;e&vBhnOts^7kwqdIx*bed^OYmDA%VeQ|p#IMMwD$ z|F|#?|4;0CC)ryMK9S_+R4mq}>NOt9Z{MvIUg%Cppq~j4oD^#J?V;y{X7!~{s+xOj ze0!aPDWATb*&Y6LF}yxVft7}mdAqm`wQrtMcdoExq`;%-$Y*#U-_g3Pi^{O|<0OUm zrhm1EkoPs2hFf6JGJub_gXF3K7vchhz8kU<8CIjGtDm$=J*0Be#JhR&vMPX29_TfJ zKFx;d?Tl+Uw%>pdy<(>2-#^~j?(|_DbLClrvOr)f4uh)jDu)4Q__TYf{ZjoL2)AR4 zF%N@mQlAMkrSIp~j;B0cr%5dwlnPX-aRuveRrG8d7wfw%q-optc07zhy&RRQ1S1VF zFOJhCRC720iLtzyLJHD;8f(KU8X&)YWX@F7?T=Z+bF%zLKJpDRUK%uxE|lm71l78? zy|Y<%;IG)@Ndq%&jC@8Bs6sWjV#~MNyX0y?f(lN%q^fbIMse|dsKZT3OVyLq+finB z-0B~Ua`u4%_SyA%ZJZQtmfJ)smMz4te?XVp@eH}3K8~jJW;tZj1>(NPrp<&$NFWT9L-^VcG#(l??zXkqQ4wJkqB3X8xnmnYyi_2qg#%^1Pu!AblJ zEmM&PGH#Q)CXGI&$Z@;%STX)sNUp0RO%C$oP;U3ahdj&p55smgS!ERk1pH3?c0fSl zNQuGi?Rp08=A@s8Da7ovE^KKF*LHme+j`S}Y~%3?dTmbL%(LWpt?~9W?k~GEaL%fO zgO^8m!jn1|1+#Qed*8&2EQRtiT;KWlw;e@pA!&*8E~Yn(`A?>%GO;Lp^~M<(S#SlP z$V^*Uo?^B4x`jA<{X2Q9vMcT9YwnP1B(r7<3zPaz1EGyV$zx67ftEt%rEYLSn2_cI zmF!r>LtWH6s+fJJ(U9mi1LjrVj=u1s=?@q#%jc?Bn)1@Kz)pGBTd45X(G$u(sd-05 z%Njc}k2A52J5H$s4d>`M2~d?8qDt`iTN&qhFYWn?R>FRD#q)H?5zeRBeG>sUWys)` z@$6ef%a}{Io4|rJzXQ>C4f_vf9#2GAjnJH}`Ls&e{^iUGaV~ zOZ(9+P#5lBl)wt#0XyDHHl`FYXW1v(q0sR~Azzb=OA^>Y@9;fmx}$Vn{=n7z?Tg^f z5mM1K7rmebR{U`GOk|GEa<6`{}y;S{=@NdA7x9@wRy8f+WU#am}dE!eGY#$82){7q>Qf7gOR` zi`tL9%Z zguB_R$k}^%^kh1OmFh^5^Dn)y?KXi&4^}s;>Vj>+}P%&O1QX8Pw2F96O^$ z_{IS-VITC<`#i$9*GNLl&cZDw6s1aw2*n40NIE!e=rP%)g$F=Ywf@R%e zNXIVwtroIa96vfYbLgSd&++A=SGiE##-54i&a-071KgJY#1AFzs$)1B%C_y(7%x^=a)F; z-YvVfc}d_}C;ux{^jq zjZ`&Cb``+?@aM5#oJ<(XICT>I4F=(KUP=xNQXfv2UO zPc*nW5xuk`FYZ%h|trENN!oX*Fx`#C;Wh=qJQ-wh^YfK z)!##@YN%=PMYT=Uy53FFV9COD_o{DjDW`!H%gej!bo&-`NoT`X71x8a+!P%cc!mnU2Ah_&mMZtuVx-Co z_+0NZl-|xoXUg1Ojl-bC%awx}<&zXrd^;5E>`sD)18mr8nJ5LF3**h!dB^93tenZL zZ7O3{_gZAG-?r;<)so%$WlUFbyf-Z$E813xA7j^T@HGRz&3Q{|s?vRFHEdA!J!6YV>*DBk zhU>3>GBE5TTlV6au_#k|p;HEK2gd!@mn|C}uF7;Rn&R*Hmi$Q4jXcdMJX}C~{*wXo z8T-9Ai2_xU48ed#6_9Px#yo^$0 zQojics`9;X0*`k~gnwzoNJX(Nmx>BLV4a6M@F$D{9&Gw@T;2YU`Wk1tA5}S{jBa-}NZBFS1xIzq}7Co|*639N#h&Z|{m!uGut2baL1WBk1vSxug>x z0(4x8*0gSN{5Wfl!Owl`y)I7`LjlRUwAV2xph32)G_{4zW&R4ow-Kt zp0qxnm~lH6*2oKMA~Yj?`X*WuG=$`4r~7Wuq)9@erk?yTcah|;JX#6Ys^7S2jQOD@ z!`s%(y1ZsVz-TN~4L>}U(RJM9hd(2UP1A7CnOEGzyy|g8CJRT^#lCp@xu7mwA(nAN zcoE$~606!C@i6MOiZwL5bKQO<|9YmwC`DnzH=`IDDN~jR4h3+X9fsY5$e@Katxr4F z=#HW8o#l`Ztilu@eKMbOqDSGl##O9Naqb_xYI|!MFEu)ssHUpk1|tATx z6_6tqI1u*CMte5X#~uEL1F;bt=H8iKs+9C0YH4ImQi-;hywpk67zA6VS8i~#m)rN= zm8IP;8Xc6pH{&wK={Cc$|CU&Xm}8a5%$b&N@nEdy$!_rJA_b4oa~AI}ck023SJG8) zIEYIPEIvOCcA-!Ucy3)5_2_xdbTp#^u@RbQCdGfD&v3xvKzK>H!~rMHUhUWvP)x`+ zVVBHuauB`ykSwP@Q^Ypbc_i*J$^wS|7%2otaQUBAPzih@fulM;Wa*d1oUT83w_TBZ z5Hy{Rn7U3lx{OUc+!+>LShlxxtu565aJ63^|3<&W*Wuwi0)D@HSAwX#*h?EZB}drN zn|~#55noS4%;L2zymr|UE$z3=7iN51I#2WBTFsFj$T4Ay#t}ic*{0gAa@mG@bQmr9 zdNYQBg*1Gxc9kdT*rHDoE3sBXcq8hSGUeY+So5#1uw76V90pf|6M8VX(2xu!e=wWt z;-mWG3fd`L8+1(Y!X`Jvj~50{nS;3azghOsldDM^2RzT7u5~)0BrP77GPhl5OqOE_ zpSy!g+u;>F&oObv!QFuyRBV!0CM>L{pLpU7q}+3n3qG|bW+%jHwd@}J?KYt`2;6(tRt>|CcvlzHsqqwa~H*Q@| z$BB5Z%02EIkK%KB(f=FX$9HRMGX zE#F)^-q8xjqPmxE{aARd6)N@a9MAoZfEgc?u0*=Xw>5)75>p$@$+C!MpJtEZlp&+G z&M5ZD&c;Jp+mZaIA_1*j`)S4NUjpQl55Yc9wig9mCpb!zpmQR5On1**8aGnCgo^#5 zkywxG%edX&)U1?NUpt&Du|XzfQc>ZFx-RYhGj`ngMEywp-l60FhfGF4`BO*4g0DJ=3yKVXvs6AwQt4dv^EBG+NHo}1rYhv@=5qE+!a zS{hw7PJ<85-HNKQxUBTk+R40401e%hLn>UZ%J8-#nlveJR5_64EIOGK2pJ!uLT`0d z;@zHDma-#-hR#_0gd3BB&|t-my{09Xp})Mthf|zB4l$kuQE{(E8w{@tR_|UK%uGVx zFPrqr4T)jgL3T^|Of-HoY-$4|w{jPHU)0wJ@3ynuq3qsf3vxfZ(ZXF)VyWo_IWc66 zyNA;@5qXzWAjsC^#@1L;;1PImU;3_b*o%%uQj>kZ$>E}L@!gYx^u^f?#fSKx8p#0Z zKUpork2dWD?RSg&bmH}}hUG=a<{GJ!94U(E56tB*8MV4!p9@n{MdMqF+evz0t|HqB z-DG-vK#U4?jQ={AP3&fo9ye|}z(L;*U|Q(>1op}}SybQ9P>DyYpaXD@lP)2XLM#Z; z@vqW5@lzP8lWs<#R`1RPs?(ak1P27rGb>DDAEwsaajVL+4DFpgLzYw83Z=YDu9w#v z(=tUU8~2SaPw5TtoE{Ar2`sZrRCX5n;hK6rXa3@cyTyrSfO;YV(k zPQ+edNXEX?$?-=n-Oj?O6MTjO!t^sFX2*#Nlf_}8$8C;?r)~F<;Fm^_mlxZOW$C%K zb0`7H+8^Y&IaA6joM_;)U;l&PQ#mP;@02glD0@~gFzs#Dg6-TuMWhG04-%SB5oD_P zIeJ;zqkFwAo3nU(ENrgp0+DzR=>RJ%2VgVE{}U*|xGzUIqZm)+?vWF@?AC&?1c}Q~ z3)9I&es*}QCq-Dk@S-B+t9;;;_OwpvSOw!=wQ?sGXO5%XsO8Bz6TdfAU(MHzql4TN zT3iDpA!YNAK4l;Lll)>nuZzG&>scAnBmN_Y+7KK6Qn4-?=&LDw^Z?zAPOzy?uQ)ti zOu6!rk8xgvo!~%bYEuc?p5+(s8ZVZ%UF(xAv2PMg&}qo261KcwGRp8;aiaWNHIXAH zmMllmt+QxB|hl;_+{Nkwx1>8xJ)rBCft-QaCbTb{W{F zVLMFHtE}frf=J$jz?@k2Jy<^<;?MI3PUX!S*!LUrg?ofZ!7h9S4MjQbMagcx>Jua4 z-m|;NY5Mf^2^L3K+ZVGw)l-Rl!`|j>LawIw_DYNape5=!da&nH4g{mX?)Z$d9TA4* zR8#{yY%5_41Khw)LBDVA;m})8l2hCHkFxS8tAMsyHKJv8EL@*X)HlLVmlt&g4JrO? zB*?yNY@uO42sq#azUkvjAFCl_8oR8cIl5nzxFf$$?7i1CwP_2Dlw!6~reiN`P!P@- zqv~FrX)-k|wcv$gNBfwhsJrLeVYG@8&f`~i-I0bKVlAdzUk{sLMI2<5uigj3V@yji zIZQU915r@hck#~!QdIkNt^_J5(rys+2G&97U))GIuPT5#dCC5R1MEM-7~-x0ZvLY8 z4WIvNqxto$`FBkiWsEQNA7Tp>I2{31nR>R3^1rL#*EFDM_P>Y*|Gts`ZQ9?*{%=F~ z-%c0O$Lt7sRFADFH z?tID_sE`Gi`UQ4i4AO5Ff5z4j$-Zs;>IU-nh5hULofiPuOeK9km-YZqgo<#c%3#rUTZIj;f5nN$<{ z68|4^9{y}^|Hq=s|DHAdoe>7Pp98!e@(`)kzYmU6;LHRLKie#CM*r>T{&SrJZeElz z%R4S^MZdDkf4=|6(|je+6FG`X?|(ClzqWZu9k92i&p@LXe@*>+`~R61wtc>87xy+{)XBpdVdzW@q<*+Bme<6qjU0Qj5% z;eE@~i^hNGRfj#$D_?56-9Jp@e*yWQX8r%afc!5Ae`Pp77xDkoT=APtk^g!#LBwZs z>rElwUZJJ>a-6DqeMN4r;b@m`k#YH(ZYC7(9&T3nwY_jWprwy}D9EO6pJUY&$W;DB`)H9a&{9O4?{ z+G4ae$^ApzIdPM%wj+)mnG4O`8v5W$wQNxxHzHu}Dc5bfi=59@=1;Q%%FeG+SJPwb zF&`DZJX%F+%~D@2*l6Qc!u;rH|Myt_EC$6ZdFKg zfh=gk6w!hAE&~^dDO?|1MHm`w98&T9+gX z?ypGpx&o6>nek?mR@`Y*m2Wf`%CK4D3X8bhLYtxY&@~zqVed{kcDQN^*ytAf3KbIf zC^{-~HPjbg=sd#1pAUT%MB9*pD3bAGRf_D(qaPxpLS;mVdE;eXg}#zU_LBM8JJgqk z)mKpYDP96o9Zerg%#riR_4clfx!H~#mdeVaw`J5ZhzIGs{b8z;6Kd@itP#~?vClQc zM15crPA0k8r;E)|InBq}*5Lx}`ezYmmh5*!)!jsV;^6}f(e29^@oY24WotXKIqi1ZofZN*T<(Iq{+J)I$0w}eau9Iu?S*|z z*zUiGAqsQMfZt@j$G*j~*p@1S(?}G`DN*gLe?b3A_8uU;tb*5Hh_RV39V`^=R$#uh z3YcCE?D@p7&raS^_u-U_qI{t9U|Gh_YP=t1T*BB?PLt_Z&2(;vgo}rCs!m?$rP(Iy zR-C6$tut8xd%F(L{rRl~fi+s^=>|>zfVqSUd#&qbm6(;05}s6XSmHEt|3Vi-OsRv( z02^=r)3B%BO(|QCYimqGt6(D*yuqrPaV(}aNZZhTET4Iyp?fXuO1mmQs*C4G9jlxgGDstehV!5I zR`0d(4k;#MH5dQha8(ELwLoeI!XS>>-a!oS7$Qu8M&g1i4Jz95ZqnAWkMG%YH=KpZ* z{i_6Y{TLAFLP)ZY>1i_+_UC@sZ1$OpyaoQirPPX@MIV_mRYYMoV^-0HTlE%fU7?q| z;j5~BXa5DL;z_fx$sV5sSx(cFwa4jNPw(#?Uf5ql3!B!gKf#vhH>ZvJ#zMrM`%d$l ziWcyG$)=P?d#t)<^C6Zujzw}c?k~Jr$PP_0t--}Ku?9}s6piw=Urw)4@}XND$q+{s zINfnV_cXw4;j>Y${i=8?e5Hj(&7}A0MLwqi!$Pp_VS>a_Pe6JCy!u=zs^~eiUL=>0 zcN+$qXx7`e&P*&8WZFG=Muk|Pz}CRJjfT!8j_w+3B=NDxn15?2K3+Mp$#Ffp_g0;y;~)M>q^u9)Uea3KJ@z zdgW;k=w<^fySJ#fLuMu#US2Zd7bUL{=h1TfJd=ywMBo! zw|2*^zgcH0GHs%t?(@^}%yLYU_ygFZ7ykx*W z-J&$T$ZfZG6f!Hg(}3W`IaqSjk3j+kDNd=hQe8&xqy3@rJgg5Bgbb%}uQl0i$3FgW ztZ80$YB4Zh!B$t4c$?AfAgb)LafTlfs{7BzpqlUzqUY%-Az{JPI;} z8<|Kkr>KHBvF)uTPx$A?toW^}y$)}6H$x^U# z)774!rkuMGgBERHAH*AA#qYBaRKKk%`k6g(z~B1beq*h=9lp*hW61qMhhZvk^QHayDIS;COy8%63Uq3E+u0PF zvtNtI-*mHDG)r%NCE(j=Fy>R8=)H?JDwODuv{oYZXX+yx8r_^vkQ@>C^-AW>Svx`3 z+TyD(4wa+6MfeWxy!O7|bTR!jSJHyqzn%)UM<{_X0`{=T*j!f7S0~iOtP}wcEw(Uf zdOCE8rC=-!dNydbNRLQsj<%z|-|9vb%M`|679@>2Mp&ShllD}4K1jSZ6g#xXB(6#I znM!r7t}SnWDN#D?B_E9TMkMadarOrExu7?X72EV_E4flbY)jdP`$Ftu`@b~6$e_6B z7PyxDWO;5ppTz^B2sDG1o-j7vV7WG9DBT@KE=Q{WRznpnu}sr&g8^@sy%Z{%&!Yu* zNr&G2XlXAH^9?+G5F|T){8aCD+Z0nnFUN_?=ZoYP*B`MnCWb;lqgN=oy%<0&}pj5!}`a+S7up}WLI8`9a8oDgyu|%pu3B(ub zga?QwBv`!P5a2}InCJfcxgObbz=Y@uw$PvrXins&#~~XhceCb&89Ve5xjw? zA3Cp&uaerV3k=Vt)=j7cQuF4OV%0kx;Sd|iWB!1Q8|y;mxXV84<58~f62)m!c3oC( zeOE=qJ?1s8ftl{DCDFErc`r@K&-hoqwt&>6r+6*REtZD=4;Qb$DqlXv@&P=$(c##= z{E)+FeG;p(P1Vk9rdO{leQbLDVilFtN}m+UG~c?nq}II{tm8ifaTotSkfOPKTVLs` zuDAIO2Y=9np6aQn!Hq(*m)~7J=R}gHWskWPze=pO-eujb78DV^ntDw8+P6g}G>2ZZLK7t>CLa-fZ*E8xz%psK1Wr2_j6rZmW0Xx65YzmeG05!dpoMq4 zR}+e!vv){t#!96Uw{x4@p_gHQO2jY0j~%p?%b9<#8_QZR2)ROXyY+T;%pXg6Po z$=Ny$Rc|ofdidz^*y8b`rFCTtEDb@Bt0l`Ru8od*QcZSF{PAFk#^m)uD7f{e18H^Y zzR-x`saV{^VfXxHy63nfi<_*~H6_+H&BBV~Xzde}e&fj3qAx{gI;r`N4>2amh1L55 zr|p+M-aw)pxGzI<-c>sQaW(Qji}0=e^V8nY_!WDlB~Yr4@V zT{4<=z`P4fQc``)9VkOSQw{KQy+xro^-88XZs{6pe#eRYW+d)J3}7vdfx_=S5@hc+ zzAOKc>5?(aaPSfRM~wXOyvospH35F_aWHsv+HFr6!hN=7G&ax!&0*z;J>Efc*tR7? zh0hO#VROZI%sH<|#|M zn3lXn$6i*T-o7{4+1D?X`Phmy$6Sm6YI*(f7IBSM|D+9s&&AkuqzKKgW>3< zvCEdxZoHQaQICs4t6EP&HvCOX%Y^alxGp`)(#qLIpTp-YYgvGpeU435h%vs0)8~a+S!G}?f}AosC&-P*ZHB)$zGrXN8jAYi(c2-F8qn<2 zWc=2#R(KF=5$!eBbPO0wZL?QP91~-`nmWmQXQMK%Zr9+d^2{qYHsI{V4rGr9j-v=h zOAbw{QZ~g-_SqCI1B9}VTZ9aD^G?*aYNnm^+_{_(Kf}G@XP-P%0LHe3G9gN`v#>@e zRG!(6cH)s>D|Zx}6x9*utK5IFDYR56lE<+EFMOo^ERx#yo+>p_Pn8<%Q|}`!In7_V z0-&TZ^1HNjcB1=mkfH~!r0PtUq*=IGSPPxB96zs5ZfLMaZ$HX@Sj1$5O%&uxNb`))AzWV2zBt}^mnRsSp~J+ABhaK*r`rIernjE*As@Vw=S_8OCL zeE4b3^M|Vwa`MsvAE?Kr7hLH)ts~Q_f4s=!VO1bLl+RY$y`AEKe<+#!>_ zo!NCGFs;daCABb=+2ywZQs(_tD2ab*%{zP%$| zuJeXz5uDF9an0$Qv_Y^X#ISi(C4#BO<0@b`7O~=GL_OZ^x#0lg=YK@%Fp>2v441Ri zdbipY1ls>+V6wVhd+FDPBSJOY-vAqF zEt_&&b6<-udNek|kR(5;o=o6&CS5e8?fQ5WZJwQLx(*xbvCKtkf|4VjpZHZ9{5K6T z5c6~xYQfR$@p#F*NHf@G_=>VP+m-#1#@w|zbt&VIiwBi}SF-q)OJ8Tx^baC^z$BNC z?`oiR#q&q470{MTIF(0}YF+(JgU(C>;)lm4m|efD9FX1`Uh{d-b{A_WZ@Paa!;2R1 zv#o9!#A3j7{jiz`EwS?Tv1xk;`|XJSbM6GkPY(`TYzxi5?Kx)lxy0v@yx9yqhY<3} zE-UfK7){;_qVh6TD=xd|g@3H>ZI4_` z`-)mC@SmW!lXfZ8QmqFU!4as?sFZJAl}B!(Dnghf)9S;kx1GZ7^G`O$k|b77NJtGW zf~(GzDWdbv?=?ddGuB}CbmG$9t#*LRU*y*+k-QptrH8BOCR<|0unnJ~RVoqNhu0}( za$yoiBB%@vzz;PakMA2;x6M4G)vsOqBfD-wyk=>>234S6#Az5+T~^I47Fd-qBxIAewo8?}vT1?WLHLHWPFcp|kSxH1tQU3nZYoVt+hxe{4Sxvm zCjsIWn-X)9Ld8PFT+Mg=Prb_bUQ~LM_UPZI$1B&!ue_WH*!kS!ZSEIfhF}q~t0$zEL|My;Nuchn#@E*^XXMellnESe~IOBJnIgH2-N_msHSc0(@ zK6N{eDbTUhWHYxi1;-{13vRn7D3=V)r;XlkP;+jhO9+2ZQZP}fJhvpS3(3Qz=Tk3F z0m4of_Kc7-4G}5)exm~&HKr!;cx!ZH6y~DO;bbdGDC3(JaKo@49e^H|C)7f9s?B}L zB3piS>3A+USYm;{*oAwp_5-qOlG~RCdG11u9)3sp`YatYx=J}Y^Qc8i@7|m-a^2;s zK<=wU%hQq%9o9ll(fR#bxdNDJkrt_Lx|0Y|9zTVdQgX-O?Sm(&Sm`!($^AnYk(8#oV!Qn|WQhJ)0qJ_TN;BP@s*#=OqHy^*Nld$SR(g7FZ zqAj8^I>@e*tu&i2W!_=SeD@=m1;}#b_-uZ$#NOQkF3fg5Tq%pA71S>`K+Cc!bCtdz zaNf_3>5Iyn0r^%rZ0*I@-v;yhvP0cQvyVlUAu}T=35e$79~2z&R6-!q?Fee( z>3o;l^7i^~B+~7N`G^g$8uK6Qcn;;f7%`ya8^1+Nc?#MhC7R3^)-KbWkFpyhkn-fz z1i4So2yL~clCI6>;q3zw$6&Ab>f!T4%Kgy@Jj9H$a8F@~p|8BjRrw@hmM>?dc5b(eE7@JA z4O(c_=3BQ3p%vFt+jl*Zh~(b(ujr0lq51NB9f9!7; z6!swu3cnnT@d3dW%)4zKzLNkhF2idxjDhS|rqXCcu+mv>Z2@_1x|SMsq!{$07^fRU zxx!m;tBfnEJlf_+R&w1{Gue%J0cpnPBVfQ zvnH*zPI2g^#T@b$e8@+*H8dm+(5(v_4m{syB62GT?R!L*lxIRC%Kc(m(_IOtjm!Bc zo!;#O(m=xRL}?;qA}B9oXue*Y91Wyw@}Rp7%WN38v@fEMgGU1+o-%rsO*8rNy?H!- z0xEgh;L)QdpEsA$bQ5elTGH8>5tp#5H|hSeTatm%rmJzkw(MgD{-{@|fL&UsN!eE3 zo_08KLAu8Dk&eK1Hou+ymN}m?=O!xw)@_8c)R(LTfoulv%D^-9MSwgTVz*nT`my!B z`QgxnvD4>9a*NfjNqYR9F8cM`Z>IJmZ-LjembaUgoOi$3+^^e(3M;m=P+NAURP`|J zAm7yxme6nl;s)(OH`E#x<8xbZ<2L!3uA(<2QmpPZ&+Q5!raG2Hu>t7RTW%dI&d@@q`+~as#7Y+kqqHfvzBQLOEHp0l`0UGzkU@gV zPa5cDgaFU>NBb}2qRGAMqqq@fCYqW|{cRb#rPtpGlspjZq!XjGbBpUenl=cIK_VcY z1MDCq{X+|qZr%ImaW#Wu2uLZJ(g25n9BW=qKaN)?Rm3EIgdLXwqt>ZtdrcQ!)J{)@ zNE$*L%Oo|W#$rTnrq~280!gN*)hpd~d*LvH+TOE~z)zwA|?)_+?C9;AR=y1tv6*$kDkx)NefIb`*m&#|# za1Bof^_+b!@h!?1%MlAb`y>_?)`*mp927j?yVKU1@+U((~uAw9}{Q@EcAWTztS>TGn=U+6}zY{x8{ zHVzZPW(_#}ycDD0YA2 zeP)=YUP^XxjKaV%(glU0mpuyDppJQn2bi`I;HW=@FC5#c86S4e@s(lpwgCvH)-wk! zo9hl;q}}joyh4BTbj3YErmfQiKLV*%>p7!DhS)%dg@bsu3^)V#)qvx3kJayZhE*z`j5mrC9$4cMlA-5-{6Vwr~ z9$%srH-ARQk|y@}ik^rnHtHC#lrhh7zVdQ~aAi>G39wp6zpQ_Gt=hSV7A(E&l~t@8 zTiD!|N>inOI5>4$*{sXX7~TSGVAufz)v5{0{g!J&*jxTE!r4uskg;0d)NQOCbPt)k zrH?xvp;+B_TI~U&RitLi<4adii5W7^M9p-Lj5d@iuW=ymKIZd1oCFF3B`2tiys-cbkL!raGpO$C{&<6` z5{ULdtxlCn*KM((v04qfDu!lfj&g7`-DXg*iedcWv+896JRI%$bJDEcZfe|(s#j{J z*-(Q5z07C@nm#paToaQj=Qe%!7gG-VMZn#azZWmXXI@;yMG*sEm4X22SWhH8(a0E- z@gblj&z=z833+*7(IN-3yz-_xgU65WeYfv{?0}`+o3yg|H*bO&8=_EiL9J~uXY+X~ zwo0vVVY}%v_mHO7U(bZK(nIq`82k~UtjMa9Eb&4_c%EOt(|8l*3fsB)&@~6l__3q$9&-P(7oH9 z8uG1VCV&{wFZC>hzNDFN`>adC&K7P3*fpqgm^I9Ulyj|9U$Id{j+ikswS*n0SWm<+ zjYg#5JH=8lcfMkHzKV;IdNgc-LP>!rSib#DfExH78q{;u=2k+e8Cw?SjagzJ8$4Ib z-~8A!0*bBY~M*|%$qC*pY`DFf-I87Sw%iqOvHK1HaF0UBn)8O~o0{(T@5p`j(qw#(;J$K0vfBQH?b9A-IndWR-B#?>#gjf$cA3W44^3HPVZF}2rL_@QCAYCwV zFYEL{Yr(W(5^~AIZa5dXyTL?a(y0zf0hFXe;EvfjgnzJazcSm1=lUd!PqF94tpzKf zyF;`@ZD^LTU*i7x%Gl)(2D8ri8{Ns=<3&VB?%N;km`$i?hx$ic6S|!9@w>ohIkpVT z$Vyqo@@&<3DHU0ax?(zCu6j(SMqh4dd_=aYB`E>Xy*pT?b}m4$l+u*5pmkb=$gQ(QT*m{lxXDg4ttNVnwKD)Q7gzhtgA4R*HIHQ^B(V|~W2{YC!kQ^h-JLId;_jNRF+u`QFD+!PyBFy@4;RncIGU4q zR@RQN(w!XT^0rq&+1ZtwIDB<_ zhLOtW{ScL$*l9v;?_RF(2i|JD_fFPBx>@HrbT=~XLd`%hE<@L$H>R>q?U1llvv*GyTb_`O~kYh{wRp}Yshwoz?A(Z0R1t*PO&AedrUPfOf zk=8@#aOwHlz^BW@3=GA|G1I~=`@3#tQnKm@E28M#Pp7s`2Ik1cheE-u)%h&c5s<@O=XEA!@R0zrqaRvntU+qM<^Ewg9A0$S~K-Upv&t9zBR z=L)=p_ck}bOy6zji=B>@4(kGK#T>lZK%7_Pc!=jcDox!U%(m~S;41Ceen;@x_Pr37 z(ObIP6=T-*!m7{p3cPNd$G2h4?5B)sYV^!<9hQ=JacQMET9I1RT*oAS!CC(FN`1Z- zE!?uDKmK$#GGQH#-Fp(T>1v*&-W9rU;~AOwW=exdxq5$yk$O zv6oV9QUOc+&5!dX6>IIrR6{+}lGo{dGF0xwN9oMtL#c=0cSkh&qLMeXTIL}4trMK~ z`R<3cm4-qb@DCHWd&9gfPv^ui?Pn)D(`|)xjx$Aw8N^qTC(cGlU&TD-X8r;a+E+5I z&a*xfM?0mnj{6eo1C5v_Uh``?0|cm$f);rlJQrq4)yKYvT8>@Z?7WYCIEq7+ z%i1}s^6b@gRTqusqazIWSWilGnY@su6s`U2dxo~9`&Wjqt;ene?U7#>Hh*I-W@}XA zpk4o{E95YY%9cYXBH|5I%0nObL$Ln7h)35-$sBBTmQFxaxAywB!tV#zay;I?y`S)E zytITj{8%h4E}(QgJhFCe9pnI5Uq+0vQM3=!qOOC@iuT5`7e;m##_8}VYG?dO^L$lHE3?X_1duv@U>c| zt}*=S01cnFxzgi6KF`BGh7rz_mP_X9bXT^Et4G#eThvqvi659GU`~qqtJ7F_HGN$b zcVDm@*u7;%sR`>ACsWZuF)hI<)D*&V!Ijoi9$sY}5B^W){+pWZp8BJ4BRa#>E%|ui zQD-`VmYr(`6f*`CV{PzvUvp_G_GYJdoy3N&vsJ~No#Y~P>TJGHbu zSiQjHd3t&r#2V^?l-moE_^b)>hw7S7-b8Gen113Fs^0TkPa+Pl-9n+X zhv`8gW+mQOk9wLEUAYIfs2Ax$%__x7l#iBsFT|hoqtWak#PQQ`0;7qWHeS7@v=qd3 zC&P8UoDZ&?>mzB1<_AIs`->tI^^X@9v%#)oUC@ENJ)V{9p1>n9C%^rJ& zX%|}-ggSE<{s_5V#^3Vspx$ZjGF#geI(0X+xn`M;6S8JxR5N2t_r)nC#y<^^L%wU? z3sYNPgE%xcwCn`)h+^qnWQ4XGNoOaUNmh;ykCwNuXP#`VIrn>g+%-Pr51-AC3TGpc zdTOre9Ciylx6ET*4b*mQSN@?Cx?1>#_RtM4C1jes=P)ZtTjTkhvDzzzSGC(n=Mr8ziKge{-)+ksErwgYUDuTjuzNz=&(^ik`fiH_SJ0_I|t zIfXp6O|64sbskmRSFH6C0u`ETuwJN_OU*o4y8tH$M{Rpzu!PHl2^Y+CG8 zQc#UZql3-Nt(Z`~Ja?=FWi#d?i4SlMp(G_oCpNzh8?#T)&tvff?Io$DwRdAU9!=0< zAlq?aYjMQc6@^I?f;cGaL#HZ8!*7=ry zC^~HS-3!6h`7Mc?j#55AX^*hQ`{|YED)-6^4)gz>Fsz-ZqZv*~DwYt*ZEM0w^YWBZe-`Rua>=|4 zA7*SD4Kts7I1ou1qeBWKbCixlx#ll#AB~fvjNT{Qof#*qTPRVrD;X(Jf?6PTP|qK% z6Ns>{<+oLEZxa`v3JCxVD%M+iRJI*3ayANgzWHBx3)e$uvNfqH*Cj@WB~GwcP_IZJ zoXw8dmk&-fzZ+YPK70FxHlEZ=&2ol6Ctq8i3dFluLCt@ni^t-NDsTrb%Z|>y%Q(Gq7)HyItYN zWug+ueTa>XYL&p>`x9{dw-5s!;-2_>Uy6wOB5yptBZD;)r^Qo$iN~q)(<`It5bgqv zHS;h?8qvxjHzpmO0*rMgS{U~Jk0A7qW8Kd1135%Lv)d?1q}w?a95dA95YN^pwJ|Jp zhB%t=FSafFsyi#UTXl$N6;eC%n>mWrt`lKlnb;*Vdjd%=e}J}s7F7T^L?p;{^~bI1pYNXZwlUH;zE$!f$$!Cm znSeg4XQ+tl4+H**5y6;CxDl%n=i8YDv-|7%S`KH;ky2gV2Z$K+=xs8N+l!XryODmN zl5nL=$vc0B-~So1nRCNIeX#(r09e(x$8xX$GNNfvi>FooWc8?%5$7v4#?VVsN7S)7 zeMJSSd%D!1*NzAm(-EjGO3QT_h*!y;Awj?8@y%@g>7JXWRUb{j-U$txl`Oi20 zqJVIZbitq@Octj8`hU~uAAY+42PR)Nj+FY@_5!={sSwx$Z*LD8>c2mM-!{zue^dJ3 zF8#ktOP}VkQCddch(hJJ0SrImJ%Vd)%U6K*9|iLywdU9;vyH)%+WBrjoL}$+{Wa{) zjp9S^!l|7nAeg`L-R?wgZL_Py(f*4#o9l*Y$hu##-QE=wyuIGBs`mCOLl&-@>b&R` zT*^Dzyk6Emb*`;Br(@A1^f!H)zk*@Bo@Ovk=fvT4CQs>~v)=x60G z8J|f9{6y4W2%4{YPbX&$s@l{>k~wf9qx!K-d^*vDcV?pV{W?HA=hUKhw#xLi8sjTr zKqBbRR`UFu&_oHjd!C$+jq=ZbO^wpbZx|_FJFmHYPL`<;($SKrr98DE=Zq6PV<^4% z(_#ET{R(@jH3KF=yhtj+ znpv}`uRNf~GEqJYFY5ip%QtTfmd&DB{ir+0@~=NJyJS*&#o;mAL^mNJ{XTC||6j1p zA9Tj;ysym!^vfIEbxPe5*B@Ke3v0Hzd5fK=T|vE?)Cv6gwtwQn6|i+rkH>K+LI-Jp zgu2w&{HU1|oBlBNe-qA;6rjX@8mS=hMpO;7PXT4c=nO?84jP)1vlzi(N80j{Q8^Q5Xm-LUM z^5;2#l>z*qCu)O@BI7RjDO>|IKQo}yIFbc`HOFZ_{ke?#9)%4IrJMk`V-@o5{$l%N zf7?FA|83u&Nb>)C+qdHYIy?tjwx6G~epk->zdr3NWB6XTo>H}J29tR(?}X9QJYg?< z$+dHrHI+}~)7$%>QeSFad#WD6boUDD6}jt8VQ=4RgP-6M($kCWd<=xTCg1TKXLP;n zf4MbiqL!|rW^8DvVtuA_*6}<6W-YR}A|Ihp#(3}E+cVc0)O8k>^k+;~6pD}jE(!cU z|C^j4$TvJLoI%0V9Oh6j=p5r(R)$LDk=8>izRX#qEv~WFxDhS*EgF9b>iTnTeR?bi zD_v4Y3M|~1&ib>2=-&fmjjmh+3$F-Z%LK=%zxic?`=mS;@T)N?(BieI+`kE1{KI#= zSiqpgA|U>p=B4VdYbf|}0d)*$T&RHQD&#)?&rbZ!(?$lcs0N^vveR4Hf7pQ9Tl9WT zgEqJk#N0Vo{!^3SZ=Sx!0!e7ZRiU7sJ4_nC?r(pf>Idq10W>K2-=_XzQ~lYQiX=D< z_nMmJtxvGtN!ULlrWU=2PeKP}kiPMR7Y{j2j)HO|m~~s(qFlBv zImACJvG=c5{qo$0#p=vh-uHrRoBxRxQm!;6M22#UxX5>Oi3Nti@=5qVu&bnhioUNa zgtX?-ve2Ld47fz!iP?=41*Lz?`VNCym2POZ32RHn`o_%rCDR)m;8KavI z80cw~!M?OL8+j$;y?m``1q11n8|6je3BMR!6>L;r;KQF6=>QL0|ISZ~u^x?gHoR8& zgf-?J67uBntCs-VFwc=Y@MD<};4A-J8lXzBmw`NKMQ)MOm1U6_Bkjc-Pt*0Ciq&9~ zfkq-&Gna3kX#o}$U$T{-Ghc+pr2*Ubk$}bByg#;OnFkyFlu)**hq36P5>OOlI*`zn z0?XtfY1l7DaK;}?qjvMX7Z9gjq8Q%|R33q`_Y>Z@@#Ji*YzWGxPG5J6 zQ=7gYBG6(Ti-S)hmz;h79j75*`U%uVmuIB2>?0df;|zieR`pr;+9s zOj_U%0`pHB=pV)QwJeVrBf>ixx~LsqNDd@Ob#ts};6}XAQCgUsYLK2uW;QBv*7rFZ z>X~~_s8+B(gtkK+De7f-#JqRVDkr`(8(g!8yo@avNG-o88?LmP;j){HM7@uJn9MY? zxYS8!<#ledvKUZ0a30i>wncwD8>o8KoBEERe%AoyIPccggs9)wlXF!YV^U1ukYLv#yDtr*`1BnAC;a}91^amVhw0(cF7vG6 z=sm|PeYvVifXGM^qKdt&_Y_b$Y8NVpNi)U}%Ou0WG=1GBsi*IGEY^&>`9N$~L7~F# zS@E3W>eT17naO%d{}S8?tSc^m+WY@}*+1&;MoT@BCR3@em#Y8hkC zL#Yf}de2tl7%LF$azEtB_2vLM)9rt%#wLUpfjD&YO3t@mF}|Cqg?luzyfRmj=dp6sqgp64hwBsG=^ z4<|AGpApx;|LnTtG$w6u9!cb%j$KKd4##gLyQnkt2Wj&fM}{Mj*;PFk)7V5;WSXm$ zbKli@`I@R>7GHmkqO*Jfyya+=^KfhKvVPsmSxO3_SMR;Y(|Y?=t2|=9R`j`49}g62 z7}(ap3p#W*N)?Ws!e#^t=W}Ys7+uxj5v;X`FNzgT59HtRwCs9SyDQ=t-L`4J1`c|* ziTfYo{?n5Txj&;XJW?{4BujpblU2-N<}IL}$DV5RMN0W63OUFGP{#DQ_2*~+%>2R^ zpvXprd{#>k3@VaN2F}#Pd^%o>J~`aNdtX67578=Q6%$63FN2Axg>?bqzlSNeWIczd zbJ^34QHWZ-wjQKrm`~C%5=PdlzC^A^GaJ&H|9X1%oJGdn;ySzQX7jtrGH>vSX`^G# z^J5U_wh>~U`@`KZ$2j`@=l&Zn$OR3jIr$^ zjiYLRCC13t=(SWu|H@zk)(*^s#$z&hBbN^?s6TN&vV^(V~R(Ar9J0HUq| zvf+YZ?LqDUSN1IR5USR+w%=rGN77W?%K(+Qp}+MUH;1tdXrw>$k1*2b#70q?shbrx zs=#h$d9zD!9vZMh**H#Zm#HnL#2XU0xV8)$tj@?-Mi`Fp{=Mj=j4-_nWL0jJ(yGuTs$jw$e3LlTpES6Shv4}(2 zRrKSHTp~Gmr=z$`=HX-4+adQo{4J%O;=t++E$cq|CWQr#9?q7dMaeoP)(IVF4z`U) zcas)|r*b2@HyL8&!>5}F$s^iK8So1hUnxuU%L1~v{C8PQN)2?0{gxlVpg zc0&O^@zDNlS1mkRFRA8RM1JKSyG#zY ziaTuh!FXr(rSY`s{Mz~BE_<7*AE`_fWMCd5h>RHG zc34w$bF0Mi8UKqPg?p8w6=~^18RYMSV#moi{dT%8Ni;V%wR-Z3BZJ@H;=E^*U_k37 zthR#rmqKM3{y0SW2slLPe<{>{9F)5RJCudam&Lt{>#@2t7+Jfex~@KWJ;Fcgk%$igJsXts4*Kai zp;kb=Z`=9}u<*%s;O6(6wj`lnecM9b@m9Jt4j$%qG8g>RA4dMaU z6aO`s`ZuW_0mr5kw<3T=Cct+en$B5MJqUtGFMdQj%r+^SOwVy_9gZGOy&p6VUBX0q zAe6%0#A~pDZa6zbDItQ4kc7-wS@hjEHXTH#P}$QeZM3h>>QYHk0+S@@@ctY*xTUPz z;fX@`q{FE9cK#1ao;O2uWr0k11_QJ3`8HUue!|!qiRY?~PK|BAJp&w7W%yW;Y%)-# z0@~}F`#Xz^Z|J)c&`Umad;L=e{#p{Ve6OoRH#Tx4cEXGK+;%kjlWC`f4*6%>`vO6tIdQeCFXpcyn>d&PyN!*P(1zVC7;7>I&^m?uS3FF zF|5|9JGn>^Wrw6?a1W_mcQnZ}{y0|_uS4)H3zXi6k zKGeXLNqVi3^|CXCt5DS4j-=I6$`H>EH=>?$*W?e%&qv%(Ko~ZW3E{LgNX@@M{rW@rGYofzXMe>^I<MM||sZno$tfTNOnG%z8e&{b`0)FlZHsDu_A z*`GA@2~L5~X;?GQ0I3>%haprA;hnV$Y8!OG1d^2g;pU72`FA|PcG!z`1i&EjmQhX6 z8vu#P^7~m|D1=HAr@_h|Ucak8M6re&5;@P1A8aInwNhYF0G&x`@A-YOj+)~I&@ALm1HX25{j-z`&ELy1n)DaE*DP!tp_AkxjNvO>Sau_KV5UaqnZ(qm}LkIE7Au!&6=j z$TWB;U1ae(*viw)`z*#{tTM@XATQr?pkN328%NdKCRveI$2J>B0OdokHNRWC0Zz`Q z$NY@afYN)#*uDj0_pA1s%&ZwY#_HnB!2>pfarrbA9hKp`kQ7d#67%wT0ox(g8fN+EKlJ64&`ZS;$KNTc-#XK*-m zak+(hVOSrp4bgasDoE$PuVIei=0aadePN{cb$|vW058KY?SlSSuW47YNFmn-ldxQg zYfSa^tGy0}w9GvErwJvg`UR(q3chb}?GV3|W>HEOXIq>q>JIr`huU^u!jE`Cm=LfF z!Q3KZjf#p@-E7Y%f6 z9Yz5a9-a_J__OO7?lsgc?Bh;U!)zYL{5{fwVQ*!O&2f$^nnuJmW0)z)MMGMApg@PA zzvR}#SN^&hZL)v`Nx3?eT^k3$x=M`yw3vvmA0;rT&ke!63u~=*o`Yqkvl5Wm@R&T) zEH1HK#t~&ZYkJY#3_{$LS@&@_mQMN?q=p>Trh`I4Y5_f3TNDJiU4^0Odlb=kswPtHjn(+(AN7u*?20`!~9 z?SHU5(+A+XtPC;dosA_va-B!|T+7z2jlRVZH$kG<86f}&Hj|6%`7e+26WA;vh#!aL zi}MYvOe00?8*?mJCby%f#h!rNs~z-%f6lIRH?-?atE`8iUNub}{c^fd*RcU(Vx$9O zh-qVix1%yZ%?5zk>ub^gOl-e^3coV-Q?T2E zr60ldnU4-7sIZ4hOrt9MS!Hge(W#xj0LV0EVGt;uOIt5b``7<<4f?~M2U3&a{8T3EXAdXJVuLEl??-TjCmQDDAHOfP z2)&>%=s!`IEbd-QQ#*jfd1WCMQc?u}XL!0^zBem&`Tqw82K~*;jVq%J5CPlHCmg9P z%<`X9VHSW_XtK4^0Q!aG!m)AhpXi9ke^;-(Ju@x|maoCbEOtpQ_Ws@3)R2sMjuMkG zU>Q~aWSow;{BJ|*Hz@iZ=Kl<-`dXfHeHX`=04(K~#|TsRyT%jc@}a@(x_I(!Cajrv zhi~*1K@{KWZ~k20mE?nZi_M1Mq?ra{o3)I7qOTgjM87h<0oDoB7B;uYJ}N#`uk>VD zG{*4x@3zHywME9Pb_gJJP;&o3_y2#jf!`V|v&pg^td!(qd%hk1o6*eLNrlCr`mHbJ zY5?>C-`x8LeB;-Rd*KP8d}2FRJYvov!Jj~7P!>T%o8~Yp%8%8vsc~Ug`6p?5piV!I z8_CTS*vEgDghqU&S1Xb~A&FO-xT@Ls@=ftMCO3t0B_=;78To(M9TYY;;G>K(IGPyO z{)W1`q)bFZNRDEALpT?kIwyhL0d$9xg~C4#^71!(tdVtfV>4aE0S^AtENd|fDH&R! zk6(u)nFleIP~*Lop?k5Hshs8dM^!5B*{$6NEa2rc?NP_Lkom1L!1?hrPQA{5P~I1ot^Yao{^u$EpZocLKK=js^nZm*FYL$v3zWFH1N<-gxuLC-<{7 z^4K}z4WOL+_69k0BP+vxM}K1g{w>ai{{mk!X(E1v*O_ibQ?#;jKBKQo)I^k=+Ls<# zYB0L4Wt*5vg?g(E*bUy7_c=A_vR0QEa$g4rcpz}-bi2>2!`M$=M7pwW#4$({=V$_@ z>vMGstOl}~+_&e55(&#oy_$@8P8*bGQuvnvA6AWOu1Q&+aRGmZtM*rS4B(? zP@8+B0sH&VZ2gLF(B9)35$DWo`8shiY}3By+t334`N}9UPXQJ!F|3X3yz zV9&Knir(GPu!n2^wpzG83OC_*NrAahTy-MDvXUN?h-9wF0-sJwID%W1SY9Scq&*b~`h+&6s2#k!9#+`GIKbTg-Nt zCBeY~!|4is-Z=OA=J(H%a{(LId6uWUYb5W4yKl`vTk!W{L%2?iP@6K!18_Yq%(#7( z*y-;4y8O7P`!}*A-hC1G$*HUix8l^T%@4BvJS{K37s%r;y6b7RLOJv%g}ZB>ynDHY zE_>%c{hQ|sra0+_gDR{&)BN${$E@#sBFobdvdiu|$NMd9m?b-$ zJDyJ}T`Hy4R<2Wmtq8K~heNt0UKnN75@Vw_YG9FAGnKxAsGbR^{JS4bGb^QC1eTMi zVmlPo&55W=XR9_yT5wR}^yR-A#UfxA!Do9wV?@c0#@uRp1qo_ev6G>%M8K4uNV`;< zOPzA)991pI)LiEhXW&ukA1ij?Bns794sKTZe6h)riblJ zBkm=0b^?iEKY3N$akj%I@_ysYr{-g*l-ohE`Rq1VUF6B(c5DBt?%M&i;+O7+n^{IP z?Lylf_``%Nh;9-e^{(>?9seVS)h}1*?dmd0^<7#o?Fn4IENuemaN*@~f>rN!;opF; zCm6ZE6BQ^j`b3c|f@R_tNCVuN(y@UW$jIup54e1Fge@O#-zB0748!dMFT^j~mDUxK zcO=Eg8Xcm|h;BbbDLgtZP;mFmSI>XO`F)@vm_&YgZ|t6VS0ayh+wvY_K^7YYQb8#J zy(oo^zkRyXknt)FZ>vqdJFpDW(q*tUG;h?d6G|lqv?0SRL4bNooDdxRGD+> zh1K{p{CGB&v3;fzGSXI46COs^*Iom1`0DM-NO*+-(FYU{Fnm=kx+!yB)YSYT;r{eQ z9Q)IdThJlii7Owd6GiO&NB1Yu==gvXk7t|}3nwO+eY%ZwukF=+7r6n~2}+t*PtsgJ z=K-+@_2CldcWaJBO^h1MOUH}V4i;LrwpbFOs@lxpe%fspJx=!JGjdV1{E_T|evsHh^oIHJ{*xtgg9osaEH$iWjU(v?Ef& zFM3n)=aXm4NoOtP<3I*Z+4wtjyNNnIVuV>G3KD9y&aE;9`(Xral);XaDKCz>EyW^- zS7P+)UPPVP9<6rQX~w(UitWwQit=!VyoX<>u?-0gMMyB$ah=Qmn4VtkerhmHB|28v z^`z)UFBweS5qWwyW?;Hg%6`_Ae7I7pz>vW=PMp<%RkzFHncz^tj<}KcY0|<3VI?gR z4guOWhpN|2M(5vk1Y@Gk+&2qLypNTR%M}4tmhKgoqPVVmnlP7FvE6xYBoG&g6iR=8 zc>cYKJel0Zz;>OI_Ahp@$-WEM<{;+Z6xTu3ltowVz1>s>W&m6SeN_53nRCY&FM@)! zd(LGuVKgEcPpi6sfS|{NiznEjJR-`X+poR&j^#xjt4hmdmL+`vZS9Gym-ZI#ExAWI zRZLNiBpSa`&KXO*D5I+c1q04CwVWjaXQHI)0-34DJXQzKMZ7Zv5xK6M2gPbFduDAb z4lb-6lhfm8-_7X|y;h$4y%&{7PI+2zAJiuVMGKp{9Xgo4CJ71RClTjC;o8;(Qe&8p zs`k5R1@T@>5KZVJ)>)5S-@so{TehuHRgSSx3D^pxZ8E>XRidO{+@)L!^>DXGomPXk zTBX;c(1o=ul=+wJw8|kY`@4!~jFdLLN#3-4M%p^$`ucKGu@BTfNpQq;I8Bd}v2;KN zGNZifs1GK^wtj4A6})o|6&K(&YIEQDT)Tz3DY@b_S3iGcrrR!ynJC#x?7-{GDFA4! zFp=Y>u0|-!Qz3Wv1+_bmbkYTuhr1dKY1!1Wyl<%ni=$c8cD<{g*JIzA*MuKQAB~>} zT91|q&A3HhHlU*$6f6qbVF3EKr^GL6G}svV3TSN2bwV&3eF#ymnlJCJdN_b(RFYoT zuAhc8JF=^1e=^uF4ZB<(ZrWRC@C~+%D2O-WBoVWBExG13UQTE_IW4)uw^qOZedvx; zC%SA$ZDaSZUOXT~^MW#B|4kVR(m5ZzZ9euD>d70@I6FNFF-$hZN{7STEPEk}gKkg8 zJs}@XzdNJ34kI+DD+DO5ATb)3Tk&DdRf~I`>56%5v!9RGkr?-L1&?`e3ULRo z!N@&BP>$)YbGhBfV>u}M9f{NG#;~KlI@4+{jN9(&c#U*rg36gNW#QA(_La(dX$2vo zZt=4jd66p)Cvh)6GArA9zS|d%<>TANmf`4wEAmzpwN^CWk4=jAYCEPIhVXxV&$}*L zKIRnA$Ioz;U!fnfJyJrN`l3Y1o7VD4b^-ln3aMGTW%oD<>a%2U#`f;2jaxoMx=!NM zctnemei@}=7t&|Ob*~TYEoQfFg&9)MBQfhh(#|K2p#ovb9{q2_WUSHfkOhko$Z+`$ zn%3;~;uJ6O7Wf^TL6d``teJdXs^JH&RfpKUA4nu(l*JQ_jbh93(!&n=FcdikddOy( za=mqEl3BEMDH~Ued}rDEn=7OdT%Fy0RcdB~8x9?B&1ZKg`>}08%6P3-66Vg?)`u|z zm9sGpVTXFpcO@XJ-2rFkkLoN)MLBB1qWc!t`4{YZOLFu*S`P(2oI7-t@0q6pkdVh` z<$;J5Z;zNz*k7C-Iz|^^^>qIVD?`vL1k`!1dye`{Vvf7?o=6wDC6I%c%1l>>`Syu} zMVEpbg-w&oY1%0xxI%9;+trCE?%*K9%@s;wJ$k>Av1vXr>vn6;<6KD#qg)W2ye#ta zM@aYtkzTV%TryU=&sVXHP4mu$r1h1ZK(%pNw!@B{fXa-yHAJ{HU^k>syYw2TzPRuz zciPz!ZhZPwOqdd8f47Azl}P55l~ZUCYf7G)T{B|82#Mfw9!Qn~89)>xww( z4RF`dWM{;pDF3ac!Hg^- z6q=*=UeCYro&E^*!D4pn%|RHybQ#>gpF~6N2GA6Z%E4lOd1oK&{7t%KP#7Q9m~_w7 z(m+qSa`;zMVF$H_3^s+hy*}f8{IKP&ntd^*i|d%6bB&V6=s6$Dy!l{L`8c8;8?!FTu8QxW7{y!-9mQX6I zc~eZIVpXpsJvsFg5WxJCtiSI~9oq#dVC6xSUDuscp1?r6Aw%nzq|}!9N^$UrOL|MK z2xzLsHa2?q!~_@bs}X(1C!(;GR`DK0sY^v|HMVyC5aDwT`9*tSwnqm*47Y(~v9gd8IUJr$LCzua9Jic4b1uz6tPJcE|)H<{D}zR(9Nv{8uIS z_mK>b$|Cl$zQ8Z<&K*Qc*!M=_2#yc5gjs7p*k5=X{x$UD3IN@m`(*TZhZ}9@0^AI? zRivX9@ZSo*l#w7HPR{Lg#Oxx);{~{7^V}|4N}AAOt?w5iEvBkxdQGgfQ+uPWiqh1~ zJQ6}cJfo-M57IcL!@L{dV-F8%~|Tnq4gk7##+lL*AspZHPQ>RB z{EKOZy{R_lYRYI6hQ-)3!1xNvN|u?GONRWm7erLo4)d2b_P9}m1$cTM`HxqKx#m9GFRJ*=b; zkQc$a_X|ghMVDkA(Qw}uZR@F8TQoQN2rCsYReO%-Tihrz(HHnm z#C4VUa%Z*U_FTgCBNEX&!ea|F@6uML_#x*p#7UJSr+2zVS4fFOtqg<>3Y4Ue(K~5I z+Ly`a7B7+OyTs5mWi#L`!xl9H$}6_XP~If8L=PG+MR*^H-6bSDV?SMAw9FD9sufr~ zy-EuZnutmh5ds7f2q-lP5LyTj0&m5=@7?DdefRx%_3ch5=`Q`N5qVK zb^v?Q&Z>5&_^Bey@&b&|aF)qP`a)uG376iEh}4ToIH2Thn;+fn9x(akOwxrHDWrj- z2M~-tn0tU-FQ_rM&N1``c=d>VnoAq~#x-zEn(P!+*j+mleMpF^tpkB};rD};KbXqq zdnd$(dd9;pEzZ_)Y3|n_`eRp=@rChy@xVouTr+k@#6|)m5h-a~^(fS7@SHK4NVmXy zLn|l;#zJMK-W|<;W*d6@V^MG;n7^(J*~C7J3$sRQRy1tv?ke{~XJnf;Z+t%h9n!?q zo9d-2LNPX-$>N@px`>C`0y5r%f2=LwVP636(|yQz!?Wren=3RCXofmRYXe}yc8=-{ zIP8mM@`|Db+`W+DtnMF*^mdXTachzeww;k_ID0A{*rkUip10&bP6V+Z6{0pgNZQO1 zhOA)lfgj(NJ}!`#ne55zQS%YRoYFK+UrSJ@eb85-jC_`xt83FH8Iqs7l|bKl$C6&f ze&0>broz3QNQjq&+1_kd^_}q`ljq6bRek|zT*8>6TVYHZQog+K#oc!|TiZG(X>R)S zwu&xWFL@G8>|keETrd*S$zlS;h%Yi8%#sA{h-k6n(j6+mo`uX++hN5qo_KRyAWkz~ z<4TPT7%nr+eTz^{IQ62p_md75*yW+WUzKfSfFGJvTf6S!?Mti{uL}uUdBhCO`&ncn z)&Iixo+}ao=UM_is&wVj3`V?zfLwdo8!(ot$kn{D7E&4f!z}n?+J19YPRiC!dQvgN zfW3I^UB~vepa1so^44oTEmJZsWOFJ_12!s(g?aG!e+~HoXcg6c^I_5>2iwPY`D^af zH@vwiXs6UXvcELpgF5uk;0s+%^bw&T^w2_0AS>Pql<$3)#JzyN?_K%ebIoXP&$HJ9 zO~laF0smL5=))%@Z_q8r^mZW4vMzhGOC*;vW06Y8aEJ3_U+4}ekm4hXcLuLM1wf|$ zuP?`wOuTmyV z|6ClT;@)69kT=QvST3f?^HLs}?LJaf(tJJH zT%wU9-jhwJ+7y~z-mhyxCx(I438jr z$njey_XUrS|G_Kk-_QVHy!;TbGwI%oC-?y8&n7RHpvK9!$mdD)t_naMZ-XIlr%S7k zBm+CikasP$`()gkQzWmj!QyV+%t%(VVaZm;M4ASutq$w8D#{L*-|}@>Z#_#Kg}r8F zlW13iK05->>_3FF4||)Qs7O56?vjMuqZYi72z+h0XZF6mb8o*fa@Wq5bmZ#F7-RMD>5z@*!*EYJw)WZ;^>RPrv(x6I$7dX~f6$Y9A=U2_L zw<4Dr$HJL{0U(ai{_x8#&;)RuXS1h_(a94b&^XrAO@*9ADRUz;;mH1AkB~r@kJ(GD zt);Zduy!VT4u|#4#&aA?z$x4q7uq0^p*i#t$mFyif9nY{fviE#$~CP#rLH9+vWNdZ zW*cocr)r5XS>!G$sC($U_W+PZ0hwHTJ|MC5s;xfMNEB22(tAZunZKm0rTaclnnVpD zFd8(?2mq?gy4fdd!K!BI=9bzy`bg7_;k8$MQ{TR82UpcMrQAU(yV68>(!~H+uU#!| zP8LY~R<~S>o>h2b1$Z^)i1F08#!jl@WgQ*3S?e>={^w#6k@f&gH1ci!s5sC-H@FkL zgU}<{`0}b@JIck8z^R8v`4d-UR8-M2mw<^S6#%G_s2Rfzm#*-JI?8;LbS#Z&0K@Ia zU(jm)n9ya@%0*&#f4|$y1h_;@$~gG5Ha^#;OfuV^AmZ0C3G1h&Dz#hxw|-67XSBS_CBa8}@AMaj^!GVYDNfre z@@W*BL8pl+cn3sF$rICQ+MU4hn}&qqz6_sfvp~oJjm6rls5o|mg6l&8<>j|o-MF(G zw?E@IgW#K@pQchPlYk=R+M2s%oaj=P|1aWz=j8slnJH#|OB9ZiIBJ@KhPE zFU>gao@p{u4~IV`bAI72jG91Cq?4GR14IToq?HI*ZU zbyHw@aFTs@n@PTF7qZ~ep0>a|Px4#Jv#Z(3yLKtDGxxM(o24NF{`Q%njP70zY{`wVna!zHke93{RQMJQgvo*$(GgAI2_YdW?3rwN}Fc zKxH08bw9H%uo*r^i)x!!3F@W6pdqeb_J-I~__mq~XB>GMXi&;3^hlW_9@a2WB)WLA z6oT+yZ-2`uiGY4=Ydg@1EEwQgAnxQh#_@{tUGm#)L9avwkx{@T%5bfx(T5}{HQchn z&gb>-d7oHkAS0qJ_tIHy%ltOwNdwTqDdTU5Mw6WgOu3Pn9d@Nv7yc0bYoNBcc4OdG z5Uckf)c877BVvfVa@5WJRhDORa%x56E#HpZ1M(JrKH(28?_i+0Dd)}4%PV%*_^Ko) z+_3<^6zO5(bJY_FzoE-L`{=-ELvIAyF>j5yc`UfdWXeLaFcGKC#sZhZD(6ud-fZG>t1Stk9W3Ll40;E1CVu@pUKif z-oAjTPVs8*!FS#qJDYg_jj)Z(HA-YQd4h#l!UrW3jm9lCNz9lT!(KHYbNMo;anR zgR=e{qMiYKxSCkh&hwt>N2Z_<-DtEqqw2yk{Rw#fMVTt+%0^4vqtey_yV|QEh!N_+ z_9=;NPOkT!1HqTGo=L8vfK|r&GzS`9Loy!RoEBnw4v&4BBFVMl$}jHNR2-v#$}!Z% z8-1v@fk4so0vi)$Nx`IHM39#uAr$UfKqS}JUQ+Y2lsTHwbPapGsh)B!nA?eH-s_)X zqb3I>sK4=rRNX0<-{HxOI6KL(&2v{gQ_2`t0bl@ePh6lG1wV)G`Hst>^*1ZhS0ko>}z=i3f$XpXoWm&0mm@x1)p#$;5?9&0TB8l{(PWU9kE6G-@SZ z=1nXr4LW$C+jDb`Lmo1BJO$!G?u~Hj_NMsd(isyyNo&y3!(R~D<>gBi;~|x~1uA)D zS5l9*A^2fbCr~v1U2^<<6eTG!KEn~eH{NEgZMm6edf&~2+#3Uln=K`!$}YM|?QB?x z2#kgvuo}M)-5EF$ZU)Zgqb~P~cbY0h_N)1fHCYhukU>B&tkj&%Z1JShBIC*` z1J-7+1sz^m1ZJ2^HN5V)g-4k8M{MhNpBA{^VGj9unMeHTsf zP+d6gqDdyXKR5Q&U=mr)-nG?+k_-R?SeD7pCP*L)H2R+3T=>{)Uc1;UBLtuScJbEM zy^dwf8k!E!6ic zdeK)vWt84c+C2i6u9X;0%ugoPAK0W-FbbybDyKgPYX6onXcO0yv6Rd$VI}PJvd9&X z7)r=IJL!(QsCQIAJ^P{0YXtGrOjkO{uY#ox!9pFv&@H*iF}mI(TD+K4lwweTe@F09AlIdx1naNef8G~pG(z0d1LT7 zK+WJ5RTvm}Hx+FbJU@Ic$0*r&tz~wp=`usbjz-zvkqORZI~-RdQ2I0ZAL~8lO(8Ip zUUohggB^UlEwJO>t*Vx26s^VI3yeu3qTGFaiW!_S;T)6K@A61B-<)t0cPuTwYt(Lntu?f!tOB~#D&6CtccS%CfF4<0Q{ca7y3|=$a>w05eNC`_xn6bQ~$MvS0 zt!`vTlyQeMT9gQa{|4c;U?RNDfJpYg-Du>pG;4P)yC_)bsd%;b<6_Xpr~Jb&GMu?w zrjwJqWz=|0z6<<|fctO$HTwcEN_U~R9MGq#2TK_KxjJK9k6HaQJamx1fICbk3-Ysz z1V+vOTPNRs4*&;K-&uHY{?c;-(vDm%CY>U}q*MMfI*Bqq|Jov}2?T%Dug*}YtH+k4 zzPqo$`X6!V&tMe8l+F$v_?K7z?$4Od{UcNTN2dCZO!Xg`>OV5o|0gol+yXD^=aV(Z z&G~*40re^;MBMZ3TG@sDfb|AiH0``+DPnN7=Snf0rtMOHSp3iXm)RkQsb zA6D7H3Dw@%u1^5QOeGJhDmo~XasFD8w`(!=0%}YZHIO*wyq~+Ye(vt8y&C2@@Z$-$ z#27jV*&ye3S1KT&=9zi9R-MaKTjMsWL3LXS4p8Gv;ZMic1A-?N*Gz^RT#Kqa;W-Mb zZygp3-qE!kPfLZYEj%~n#~V>Gh4-Ym`1mAxj`Dl*+E(6LT*NrF5E*pXo9a+&2v;ERvnKwH~O$=%tIw5(?T%(Vx zjBTX}a-K&)Ma*2bz`X8FAUU)Iv;#EYfQnlt+nAWx#~753@&-(;CIRhkc@G5*G?xy= z9^>}e{FLoB=XcIC(y8?B-So{JK)uYZWJ>+=aDW=qnmX++1~`5s_;uZ8<~_?O<*`>6 z%3{JH(tpX>3a7-!bzhq`>$$Xi$jsRRfu>%qm5f|7l=@x&CT0R8gENZEnQMzAo|DN+ zEZ9}rXQsjFS;BZphhTeGS%WAb1W$;|ZA_I6#5IGhq&*R_joSbmKiQ3Scy>J{V>ZxP zW+PQ#Pvfe+BW61Lw%WKWy#Q3;zD1iiHrqt6gz1=;`Kh<<%+$H}IMg+K3PODWq;5%o03bKe zJ7nQHC9{7#uGy+HY){4u6J!kz;XnOF93UnRjhNA$zCC9*To}0;<@{3#?+K{)jGrdg z18#H+k_EqMDglKZP-l>s9i@pSS=lEMz(FsNQ~^z#d|`>(N4~&%s-MkL+gM+@wq4y! z>9?zQ5xp@snVs@I+Wcp_-Wt=;-y0rLvZW{bibE}6`fCcO$ditj9NJo?E2Zq=tGhM%K`OW2gIe;m z)>fvwrB3Z8B@3{)*dAG(nRws_(+8{)6zZ2bi8$gZKGNq`Gpc8=Ibui=gNCj9gIqqo za~HNQO*>O|pE*JCz8r8v5O|tMmjjO5q=3mS{6|c@l*+s%tN)}E2O6v)xRQk%&o`dGd?0&B2){`d8oE{Mm0epJv@WzfbKwY7em(7-ORx$g= z4=$NVV+dgBh_}Q!9;Pj;JK=|NYhHHGQ6i^vKr)KHrAKdr}D`$irre<)<3L zzsZD$LYsE2(8h}96-H7ZeZn`gG52;*KKHj4F*4?_HNy*h32y^O9n!Vb?*KM}gEs_! zz4#UZUmZXv!gL!>y*|(sM$ducO*sW4GenUs=8T8(wkrid~4(?HUY#_$Hm zTZfd#P_rbydV4WIv3a4<;y zySA)&)Oq5EOXbEQ1p8oh5P5{|)cpr=&dk`t4K%i9qL_U6As>9_ll97EmfiuQZj9M;<Yav=l$I?56si8 z79S_}ip+V;XE&Esmx^V;TbkJSr(k6Uj>wabT9hs3lRsdrTlow$>0EMo`fGwuP0M=2DerFxEZp!R4QkeG4M+&_F z;q)ZH-E>;|BD?l55c|?OHo9U;XG1My)cl zrrVv(G-PJd@z)=KXm|AC6azPQA!n3t$}`bBqm{7C{(>;HI(3K<9QYKwU8S)p8_A?6 zCo{I=a4ERlfuvx=(QJ#}+<~ZNp!JhsVe16QTc0M6cY1_yXP1hr_pF0zfwjXUl5h3Y zCEOMAy`!tWOPe7|emF@U$Rb#+5f*iK!*xOVu_{JlzL5W#FHvM& zmXtc(#RHT_1L3T$oBi0F*SrQNJu&aArz|0t^}@VP7G~ww5U&k%;{z*Z2$|~A?;I8Z z5xYD7T8_UC{Zsmr67wI+S3F$$?}7U?6VrQ?&6ns{8ZN`kyfI zUndYKCUn4$`Z>4-dtP$OQIV$Fg_r~qH%ygNn3zijt%Zy~j`!3La=EcG=yq)?YL8q1 zY477_(iy82M|fEZVrOsLVO@NC_iW-6BiRUn+%sY9Ad%a*mx8Ol+Qjz6Cr|I0HaX-091Le(jfYZP{4#<3`y$&3?g@|u;mcjiYA zyx_K6Yg>|#6C#gAN*ub2zWZALb9-s6^qadea*36Zocr#bnK^y=N4$&v?z8%wM}^J` z=^v9Vu8+|9<1+Smhm&SX@eWL|X&Xjc{c`ck#5={%u7KS7qC!Vl#1qVXf#WEB4)$SM zieluH5tN zTU-{Ug-6#c@&3~kyyms&t2Jrra6?WnC630EuD5plfLa$`BR*Ync;(bU*_j@c4=2uj zqf=4tR=Y>tTMv%Z1a({~*niR;57*RgaeeBRI#`6gw}w?o4f2~lefxHW+f-;r>WVQn z?9Q$_rw$*y(kRH2RuhtgNOzyp_O+}>d}=rdV>>_K0FDknQBzABsneDyxGF^`nLhDr zP}UR@0!jh_c5aqzy)W;ws=Ty|PEs$EUvlip9%+Oogny<9&v!1yvgXs^b$OT9X#@a^RYz1kZ_MZAzZupg5K_)Z1skhLpGS&kOtl&MgJ$6bV^Nr=P>x2ULf6hL8)eX*~q|vwRRJkmvg)euxxvXGICLWyWk@MDW1nNRZb!YpP z?5($r2#Am^aW$d&+1(_r4cIY`*xoL*OzPlz@YJE|jS+Bef}A^1B})URI$EN~hT)g= zj?6n}PHflqlvpMob}$Gon!m4yVButOd35hLhR~X?0qhJUAiY~Z?&Vc&5fg=#JKYdT z%L`!PFoZC!Boi>^GOL;Mu zx2%OHzNT|hy?ES?wl`pB623l85PLbwhd~9o8l~J~w-_OHj9Yqtty;ts3PM(e5zP+i zeI+ryVXb@G4Rb|q6izT5N1*g9`BZ)xJEcu)&Wn$5=KY8`Nf4*Y=(RzUK=9rllcGofv)#5?d_pLh;m3&#~#|4yG)h1 zJMLlLfWKm>F>K6on>=6aY2a^{ptU9s=5*9Eed)KWH|f~|oF3D$#_xFjZKg>V6rwOR zpwnzueY{AT2vk*d)D^OhB;vOIdc{13zpqN?P06Zbb*P^Q*YWr>hZg=LhBAMR0+t`F z-WdW;h?6c`HMy%ShhS0StN6LoHNc0i%=1b_{i*>P=Ep}pl8{NU^zG-K zR|#Q}zBV9n&+8u#BCd8VUgh#Rz%uiu?5)g{K-(dq!>Mq=AnC8OIx}8_D#(XyBv1Uk zhfuM|BiM0`Uom6go@QR;M$C&`_JP-GpxW@#hBW-92efXdhi16-oXwYBC;nVlzvG9F zh57_x+0wlDY4s1(hx;yrtJ#lCc-e%C20bKg#otg&imo|HA+&1z2R4JBTS2_2Inpzn z+rwhHD|tKPSC=>Wyr;^hx(tfFkc)YlT_NjGHlfiORm5t(f@j8gT<*nkNI(IkvJn4K z3ec#^vXq4PUuf6bx8t(=9c$L%D>x9ns=v%aYSmNmWq&6;ede9RyqL&#`IEID_w4KZ zJEEc=`qV>5H$o4@mrK85Z8QkTGn{&ob;!8JL4rfs2Z5~`A)Kvm+Dd_xG%N4f3_f~4 z$#3j>4doR)I+HwvcX(0RzO|q2w5o1$a}&p+Nt#=uD;?RF?tA{N50uV8Zj_s zHBq>t>~*kUMTOMxtbDhA$)kR1?_m~~s)KRAvb29nN0&}=X(B$x$o3Z7U6JFtax}Pl|E&~AvOI#vE;h?oEy$+EE6W3EQRAWzIXCG2uHaIr zo;@{|Pi$+gk$wA&ui9!=(O`4kmDPJS(!6XtRhyHk$&dZNqzNzJC9W!H##Z|vWgJMN_Ki*s#SksB+@`?lV;;H4{?5-Ddvsr->Tk=1E$4r;_swEorKbzagQwHrPkled zS`pqcFX`jo;6gzf?Hd82_>H5m&~2S3gKun)mklhj#vwa5q!W@>fDbCCW5D;Aw1Se@Qta6_-ct6{6(1`2E2D(^GpZ_6WwQY7e*T!SkGDXxhQ1G)P)Qf^=p#>`bl>)d$v@TrjCFlnc7?HUKOE9A$d)nuSz=sNsXEERPp$93yvi!3ZtJqTr- zsbc1bmTi{2Bcf8(Q+F>yRcvSsym{SL5h@(ZH+VGmc({AZ8&^4}FHimTde6$8g9onX za?^UIK=$psmOpkpU%rxK8@y1_f8hpIJD9Ba5%tFRN)5WocU0lijN3lodgo_RX3q+D zm$6xU;9F86g=*#TRVggdbB0J(z`N*5{TN11?(V*B*@BYF>af7|zMM88eABgP17M6S zI6YvgO)yTscyJ62nQ;zW;U$O0mf$i{cW(DDh6nrUkG4rk8xPdMsmgOcC)jipPfI}x zU#2^nOPmgxTXbF65|MKo;jXLnF-W}>?6EGY5=45jH3fAq>;NS69(VqI0_o4td`v`h z7w^8r)Q3Pe>Q$?s2`0Ij3P1^7utBR^W!;&g8_T+1=kw+#1d4E);oDO@sTYGEjaZ_t z6-M`@)?ZH)HLaAgS8Vq;(%qw9;?w)QH_t3Hc{8ZUpnlM-K5K5CRLz$?_Bvs0(l;<4 zF8zJ1(-Jzo^y5cG*ZU@j#g~Gd`Hg7?_E_X(}v4cDIz;;aM$T7;kq9Y(lyBH91q6lp3ZXTw)u%gm6Pt>Hs`q< z(#{+gXmEURbWY$@sdvvGDE>l+WAdT5plUOvep{cbqDyY#T1cGynj}i>_QGV-<^{NC z=Se!l6{ZlOp_oM9Y%Gy7s|FQImlj$GdaKzekGH!33%d!mw5DmG=5T-$mY*sE|$-E&3{zwya>%~kQ3AEv_d)y`4# zkceWvT~Rk!0~a*DeSMx!QAJmyO6fG^F`SA}#3u0(8*!njsA_9*!YsH+o56;Csvl^h z04?Nh&+H+XNkxvV5dmLC4YTG5z#H{EfR81n*EcDQ84S-|?`6qeDB^iLOSuLpw{naN zekhI81L-qwCLjo6j-1nVK|7N&neCpPQBi&qp!%{p(b)KI)UikytZ;l$wYg+}0mkG$ zeZU&xIaU--Q}!Dq5ZHH)1b?DLcqx0_3>OQ=>wTYpKdRyNE!*b6aCtxq!%ymF_=JDz zi7B8{PG$9o8y+(nRc;6X&Ms!+cU{JNVEd3ND|-!a;*Vi?wY003k8{pB6m*B=1ZamZ z(jp975sJV-u_!U-e4kQzN&{_MkAwd305IEdF?dq5j*?N41qt-~z?1g{#WJ2nIf|#+ z-n8hymp~<7dpd*#iK~YOkj?8y(YJLzil$S1rn^>54$`uKzN^y@Q`nA#qOV@CIxl0U zm>*=-f(&7A+SC3>nQx-yb4~KlvGlXH<|L=zIxJX zy7u8k6Nqc7+>m{EChvqMNw>sLFiFAYsNi?6&EnmWZRi6Egj?y5*K-rS(pFmsK@rKjtGvE%EfiX>sY~4hmovi5Jat-)$%rJ z6R>49YR#SZsofyW@tm6u?w?23##>1UJ7&mkf9cF`Mx5z>pXKb*RWJAmb$0-;MF$(q ze6(7|^(9q!Q4wmC?CqmutzDkH>%a5MKPC!<*#`;3^+1?C4%k3oNrojSI-rFf_V|Vs zDy!lne8l+c(;&nbtJ7Yt-Jeh%mm1xBG}Iz&H89E4P^6eqT>SW_a4=qYivHh=T8ORzh^%CRpx>00Cy4Mqs#ffaQ*hG_m8>6CLfm|9gX4rXslA|0gsc{%=SB z3#agtVmO%14D77{5XJF4>vw_w@8@i?HuCEsry!oI;D-}`rf{Pj^(;9kED zn6GNcI~5Q>gs$F`dzZdTZqM~OrrE)7Olg4q%Q8|k^gxU=`nqP5RZEZ zEbTles{Ol6`uDr+WiIWUxOpye^-;%_|KZ(#;${bdJ+Tqx9}Gs7N)kkYeX+X?bWAUo JYTdZ|zX0#1RZIW? diff --git a/docs/proposals/multiple-sources-for-applications-ui.md b/docs/proposals/multiple-sources-for-applications-ui.md deleted file mode 100644 index 09b868db0d5ef..0000000000000 --- a/docs/proposals/multiple-sources-for-applications-ui.md +++ /dev/null @@ -1,226 +0,0 @@ ---- -title: Proposal for support multi-source apps in the UI -authors: - - "@keithchong" -sponsors: - - TBD -reviewers: - - "@alexmt" - - "@crenshaw-dev" - - "@ishitasequeira" - - "@jannfis" - - "@rbreeze" -approvers: - - "@jannfis" - - "@alexmt" - - "@crenshaw-dev" - -creation-date: 2024-02-06 -last-updated: 2024-02-06 ---- - -# UI Support for Multiple Sources in Applications - -This is the proposal for the UI changes to support multiple sources for an Application. - -Related Issues: -* [Proposal: Support multiple sources for an application](https://github.com/argoproj/argo-cd/blob/master/docs/proposals/multiple-sources-for-applications.md) -* [Issue for the Proposal: Support multiple sources for an application](https://github.com/argoproj/argo-cd/issues/677) - -## Summary - -This is a follow-on proposal to supporting Multiple Sources for Applications, but for the UI. - -The above [original](https://github.com/argoproj/argo-cd/blob/master/docs/proposals/multiple-sources-for-applications.md#changes-to-ui) ‘core’ proposal deferred -any design changes for the UI to a separate feature or secondary proposal. The proposal implementation that was made in [PR 10432](https://github.com/argoproj/argo-cd/pull/10432) -enabled the UI to tolerate multi-source applications with the new Sources field, while still supporting the original Source field. - -Here are the current restrictions and limitations of the UI when applications with multiple sources are used: - -1. The application’s details page (for [example](https://cd.apps.argoproj.io/applications/argocd/guestbook?view=tree&node=argoproj.io%2FApplication%2Fargocd%2Fguestbook%2F0&resource=)) -currently shows one ApplicationSource, regardless of whether the application has one source or multiple sources. With the PR 10432 implementation, if the application has multiple sources, -the UI displays only the first of the sources. Also, in particular, in the Summary tab, the source parameters are non-editable. - -2. History and Rollback is disabled for multi-source applications. The button is disabled. Jorge has submitted a PR for -rollback which includes [controller and UI changes](https://github.com/argoproj/argo-cd/pull/14124). - - - -3. The New Application dialog currently only allows users to provide one source. - -Thus, multiple source applications are not considered first class citizens in the UI. - -Note, see the [Open Questions](https://github.com/argoproj/argo-cd/docs/proposals/multiple-sources-for-applications-ui.md#open-questions) -section for concerns regarding the priority or value of some of the above changes. - -## Motivation - -The motivation behind this change is to add a more complete story for the multiple source feature. The UI should support -the creation of multiple source applications, and also support the viewing and editing of parameters from all sources. The three -points in the summary above are the base or core changes that need to be addressed. - -### Goals - -The goals of the proposal are: - -- Provide first-class support of multiple sources for applications in the UI (e.g. address the aforementioned restrictions) -- Outline stages of implementation that will help ease PR review, and reduce the risk of introducing regressions/issues. - - -### Non-goals -* The design changes for the Argo CD CLI is beyond the scope of this proposal (The server APIs can probably be reused) - -## Proposal - -As mentioned in the previous summary section, the application source parameters are surfaced in the UI in three locations. -The Resource details pages, specifically, the Summary and Parameters tabs, the deployment history, and the Application -Create panel page. These pages should be updated. - -### Resource Details - -The following describes the current behavior and proposed changes for the Summary tab and the Parameters Tab. - -#### i) Summary Tab - -_Current Behavior:_ - -The current Summary tab includes source-related information, including the repository. For example, in Figure 1 below, -the REPO URL and PATH. - - - -Figure 1: The current Summary tab - -_Proposed Change:_ - -To support multiple sources, the source-related information, from a single-source-based design, will be ‘pulled out’ -and put into a new tab called **Sources**, and it will be combined with the **Parameters** tab (more details following). -The new **Sources** tab will allow users to view all the information related to each source, including the repo URL -and path, chart and revision for Helm, etc. - -The view should show one source at a time (similar to what the UI is doing now, which only shows one source), but with -widgets to allow users to cycle (via pagination or combo selector?) through each source. There are API calls to retrieve -the data for each source. - - - -Figure 2. The new SOURCES tab will allow access to view all sources and application parameters. - -#### ii) Parameters Tab -_Current Behavior:_ - -The Parameters tab shows the application parameters for the application’s repository details type or source. These can -be Helm, Kustomize, Directory or Plugin (CMP). - -_Proposed Change:_ - -The Parameter tab will be removed but the contents of the current parameters tab will be ‘reused’ and will be shown in -the new **SOURCES** tab as described above. The parameters and parameter values will be shown for whatever source is -selected by the user. - -#### iii) Update/Edit Capability in the New Sources Tab - -The above points describe how all the sources will be rendered. However, the Sources tab should be the page to allow -users to delete and add sources. (You can currently change the repo URL and path from the Summary tab, or manually edit -the application by hand, in the Manifest tab, but this is not considered as ‘guided’ editing.) - -_Current Behavior:_ - -The current form-based UI doesn’t support deleting a chosen/desired source of a multi-source application. It, -obviously, does not support deleting the only source in a single-source application. - -_Proposed Change:_ - -In addition to adding the new SOURCES tab from section i) and ii), two new buttons (_Add Source_ and _Delete Source_) will -be added to the page. For the _Add Source_ button, a separate dialog/panel will need to appear to allow the user to -input the parameters or other information. - -Validation of any newly added source should prevent users from adding the same resource, and prevent users from -deleting all sources, etc. - -### History and Rollback - -Current Behavior: The History and Rollback button for multi-source apps is disabled. It's only enabled -for single-source apps, and shows source information as shown in Figure 3. - - - -Figure 3: Source information in History - -Jorge has submitted a [PR](https://github.com/argoproj/argo-cd/pull/14124) for rollback which includes controller and UI changes. -This can be treated as a separate, independent proposal. - -Other related changes pertain to the Last Synced Details. The Sync Details panel needs to be updated to show sync info -from multiple sources. See [Issue 13215](https://github.com/argoproj/argo-cd/issues/13215). - -### New App Dialog - -_Current Behavior:_ - -The dialog currently allows users to ‘quickly’ create a single source application.. - -_Proposed Changes:_ - -Make the form view of the dialog support adding, updating and viewing of multiple sources. The issue with the current -single source New App wizard is that it can lead to loss of “input” provided by the user. The content in the form-based -editor and the YAML editor (accessed via the Edit as YAML button) must match. If the user provides multiple sources in -the YAML editor, and then switches back to the form view, the form will only show the first source. The other sources -are effectively ‘lost’. Furthermore, if the user switches back to the YAML editor, only one source will be shown as well. - -The design and changes (React components) from the new Sources tab can likely be reused in this dialog. - -Other Changes. This includes the underlying plumbing to create an app using the Sources field of the Application CR, so that the -deprecated Source field can be removed in the future. - - - -### Use cases - -The use cases involves those areas in the UI where the current source is displayed. These have been described -in the Summary and Proposal sections. - - -### Implementation Details - -The implementation plan can be divided into different stages. Read-only capability can be provided first and it will -be the safest change. The UI currently is not showing all the sources for the multi-source application so this should -be the highest priority. (Before you can edit, you have to first display it.) - -Here are the general enhancements to be implemented (Upstream issues to be opened if not already): - -1. Create new Sources tab to replace Parameters tab so that all sources can be displayed (Read-only) -2. Update History and Rollback to show a summary of all sources of an application - As mentioned above, this is already covered by Jorge’s [PR](https://github.com/argoproj/argo-cd/pull/14124) -3. Add _Add Source_ and _Delete Source_ buttons to Sources tab. This will depend on #1 above. (Update and Delete) -4. Update New App dialog. (Creation) - - Support adding multiple sources in New App dialog. (This will likely depend on the Components from #1 and #3) - - Use Sources field instead of Source field. Clean up code. - -### Security Considerations -None - -### Risks and Mitigations -None - -### Upgrade / Downgrade Strategy -If downgraded, the UI will revert to showing just the first source. - -## Drawbacks -None - -## Open Questions - -Supporting multiple sources in the New App dialog may not be ‘worth’ the effort? The drawback is that switching from the -YAML editor and form editor can lead to loss of information. - -Users can simply edit the application manifest to add their sources by hand. - - -## Appendix -Multiple sources can be shown as a list of collapsible cards or sections, one below the other, under one page of the -SOURCES tab. However, this can be cumbersome especially when a source, like Helm, has many source parameters. -so it'll be difficult to find the desired source. Perhaps showing one source per page will be better. - -Appendix Figure 1: Zoomed out view of the Helm source parameter list - - diff --git a/docs/requirements.txt b/docs/requirements.txt index 7245c6823c935..d350ac4870ee2 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -4,6 +4,6 @@ mkdocs==1.3.0 mkdocs-material==7.1.8 markdown_include==0.6.0 pygments==2.15.0 -jinja2==3.1.4 +jinja2==3.0.3 markdown==3.3.7 pymdown-extensions==10.2.1 \ No newline at end of file diff --git a/docs/snyk/index.md b/docs/snyk/index.md index eb60e85f03604..5f26934a1b4b4 100644 --- a/docs/snyk/index.md +++ b/docs/snyk/index.md @@ -13,63 +13,50 @@ recent minor releases. | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](master/argocd-test.html) | 0 | 0 | 6 | 0 | -| [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.38.0](master/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 2 | 2 | -| [haproxy:2.6.14-alpine](master/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 | -| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 5 | 14 | -| [redis:7.0.15-alpine](master/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | +| [go.mod](master/argocd-test.html) | 0 | 0 | 9 | 0 | +| [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 0 | 0 | +| [dex:v2.38.0](master/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 2 | 1 | +| [haproxy:2.6.14-alpine](master/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 1 | +| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 8 | 14 | +| [redis:7.0.14-alpine](master/redis_7.0.14-alpine.html) | 0 | 0 | 2 | 1 | | [install.yaml](master/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.11.0-rc3 +### v2.9.9 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.11.0-rc3/argocd-test.html) | 0 | 1 | 9 | 0 | -| [ui/yarn.lock](v2.11.0-rc3/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.38.0](v2.11.0-rc3/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 2 | 2 | -| [haproxy:2.6.14-alpine](v2.11.0-rc3/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 | -| [argocd:v2.11.0-rc3](v2.11.0-rc3/quay.io_argoproj_argocd_v2.11.0-rc3.html) | 0 | 0 | 5 | 14 | -| [redis:7.0.14-alpine](v2.11.0-rc3/redis_7.0.14-alpine.html) | 0 | 0 | 2 | 2 | -| [install.yaml](v2.11.0-rc3/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.11.0-rc3/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.9.9/argocd-test.html) | 0 | 1 | 11 | 0 | +| [ui/yarn.lock](v2.9.9/argocd-test.html) | 0 | 0 | 0 | 0 | +| [dex:v2.37.0](v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 1 | +| [haproxy:2.6.14-alpine](v2.9.9/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 1 | +| [argocd:v2.9.9](v2.9.9/quay.io_argoproj_argocd_v2.9.9.html) | 0 | 0 | 9 | 14 | +| [redis:7.0.11-alpine](v2.9.9/redis_7.0.11-alpine.html) | 1 | 1 | 6 | 1 | +| [install.yaml](v2.9.9/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.9.9/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.10.9 +### v2.8.13 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.10.9/argocd-test.html) | 0 | 1 | 12 | 0 | -| [ui/yarn.lock](v2.10.9/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.37.0](v2.10.9/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 2 | -| [haproxy:2.6.14-alpine](v2.10.9/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 | -| [argocd:v2.10.9](v2.10.9/quay.io_argoproj_argocd_v2.10.9.html) | 0 | 0 | 5 | 14 | -| [redis:7.0.15-alpine](v2.10.9/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | -| [install.yaml](v2.10.9/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.10.9/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.8.13/argocd-test.html) | 0 | 1 | 11 | 0 | +| [ui/yarn.lock](v2.8.13/argocd-test.html) | 0 | 0 | 0 | 0 | +| [dex:v2.37.0](v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 1 | +| [haproxy:2.6.14-alpine](v2.8.13/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 1 | +| [argocd:v2.8.13](v2.8.13/quay.io_argoproj_argocd_v2.8.13.html) | 0 | 0 | 9 | 14 | +| [redis:7.0.11-alpine](v2.8.13/redis_7.0.11-alpine.html) | 1 | 1 | 6 | 1 | +| [install.yaml](v2.8.13/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.8.13/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.9.14 +### v2.7.17 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.9.14/argocd-test.html) | 0 | 2 | 12 | 0 | -| [ui/yarn.lock](v2.9.14/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.37.0](v2.9.14/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 2 | -| [haproxy:2.6.14-alpine](v2.9.14/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 | -| [argocd:v2.9.14](v2.9.14/quay.io_argoproj_argocd_v2.9.14.html) | 0 | 0 | 5 | 14 | -| [redis:7.0.15-alpine](v2.9.14/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | -| [install.yaml](v2.9.14/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.9.14/argocd-iac-namespace-install.html) | - | - | - | - | - -### v2.8.18 - -| | Critical | High | Medium | Low | -|---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.8.18/argocd-test.html) | 0 | 2 | 12 | 0 | -| [ui/yarn.lock](v2.8.18/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.37.0](v2.8.18/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 2 | -| [haproxy:2.6.14-alpine](v2.8.18/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 | -| [argocd:v2.8.18](v2.8.18/quay.io_argoproj_argocd_v2.8.18.html) | 0 | 0 | 5 | 14 | -| [redis:7.0.15-alpine](v2.8.18/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | -| [install.yaml](v2.8.18/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.8.18/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.7.17/argocd-test.html) | 0 | 0 | 9 | 0 | +| [ui/yarn.lock](v2.7.17/argocd-test.html) | 0 | 1 | 0 | 0 | +| [dex:v2.37.0](v2.7.17/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 1 | +| [haproxy:2.6.14-alpine](v2.7.17/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 1 | +| [argocd:v2.7.17](v2.7.17/quay.io_argoproj_argocd_v2.7.17.html) | 0 | 0 | 12 | 19 | +| [redis:7.0.14-alpine](v2.7.17/redis_7.0.14-alpine.html) | 0 | 0 | 2 | 1 | +| [install.yaml](v2.7.17/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.7.17/argocd-iac-namespace-install.html) | - | - | - | - | diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html index c58d1909aebde..c063a06f7dae8 100644 --- a/docs/snyk/master/argocd-iac-install.html +++ b/docs/snyk/master/argocd-iac-install.html @@ -456,7 +456,7 @@

Snyk test report

-

May 5th 2024, 12:17:54 am (UTC+00:00)

+

March 24th 2024, 12:17:17 am (UTC+00:00)

Scanned the following path: @@ -507,7 +507,7 @@

Role or ClusterRole with dangerous permissions

  • - Line number: 21070 + Line number: 21035
    • @@ -553,7 +553,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20779 + Line number: 20744
    • @@ -599,7 +599,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20864 + Line number: 20829
    • @@ -645,7 +645,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20892 + Line number: 20857
    • @@ -691,7 +691,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20922 + Line number: 20887
    • @@ -737,7 +737,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20940 + Line number: 20905
    • @@ -783,7 +783,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20956 + Line number: 20921
    • @@ -835,7 +835,7 @@

    Container could be running with outdated image

  • - Line number: 22250 + Line number: 22203
    • @@ -893,7 +893,7 @@

    Container has no CPU limit

  • - Line number: 21547 + Line number: 21512
    • @@ -951,7 +951,7 @@

    Container has no CPU limit

  • - Line number: 21798 + Line number: 21763
    • @@ -1009,7 +1009,7 @@

    Container has no CPU limit

  • - Line number: 21764 + Line number: 21729
    • @@ -1067,7 +1067,7 @@

    Container has no CPU limit

  • - Line number: 21858 + Line number: 21823
    • @@ -1125,7 +1125,7 @@

    Container has no CPU limit

  • - Line number: 21957 + Line number: 21922
    • @@ -1183,7 +1183,7 @@

    Container has no CPU limit

  • - Line number: 22250 + Line number: 22203
    • @@ -1241,7 +1241,7 @@

    Container has no CPU limit

  • - Line number: 22014 + Line number: 21979
    • @@ -1299,7 +1299,7 @@

    Container has no CPU limit

  • - Line number: 22335 + Line number: 22288
    • @@ -1357,7 +1357,7 @@

    Container has no CPU limit

  • - Line number: 22681 + Line number: 22634
    • @@ -1409,7 +1409,7 @@

    Container is running with multiple open ports

  • - Line number: 21778 + Line number: 21743
    • @@ -1461,7 +1461,7 @@

    Container is running without liveness probe

  • - Line number: 21547 + Line number: 21512
    • @@ -1513,7 +1513,7 @@

    Container is running without liveness probe

  • - Line number: 21764 + Line number: 21729
    • @@ -1565,7 +1565,7 @@

    Container is running without liveness probe

  • - Line number: 21957 + Line number: 21922
    • @@ -1623,7 +1623,7 @@

    Container is running without memory limit

  • - Line number: 21547 + Line number: 21512
    • @@ -1681,7 +1681,7 @@

    Container is running without memory limit

  • - Line number: 21764 + Line number: 21729
    • @@ -1739,7 +1739,7 @@

    Container is running without memory limit

  • - Line number: 21798 + Line number: 21763
    • @@ -1797,7 +1797,7 @@

    Container is running without memory limit

  • - Line number: 21858 + Line number: 21823
    • @@ -1855,7 +1855,7 @@

    Container is running without memory limit

  • - Line number: 21957 + Line number: 21922
    • @@ -1913,7 +1913,7 @@

    Container is running without memory limit

  • - Line number: 22250 + Line number: 22203
    • @@ -1971,7 +1971,7 @@

    Container is running without memory limit

  • - Line number: 22014 + Line number: 21979
    • @@ -2029,7 +2029,7 @@

    Container is running without memory limit

  • - Line number: 22335 + Line number: 22288
    • @@ -2087,7 +2087,7 @@

    Container is running without memory limit

  • - Line number: 22681 + Line number: 22634
    • @@ -2143,7 +2143,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21688 + Line number: 21653
    • @@ -2199,7 +2199,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21806 + Line number: 21771
    • @@ -2255,7 +2255,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21781 + Line number: 21746
    • @@ -2311,7 +2311,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21891 + Line number: 21856
    • @@ -2367,7 +2367,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21967 + Line number: 21932
    • @@ -2423,7 +2423,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 22257 + Line number: 22210
    • @@ -2479,7 +2479,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 22223 + Line number: 22176
    • @@ -2535,7 +2535,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 22591 + Line number: 22544
    • @@ -2591,7 +2591,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 22877 + Line number: 22824
    • diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html index 88bee89daa134..1795ba67af3c6 100644 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ b/docs/snyk/master/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:18:04 am (UTC+00:00)

    +

    March 24th 2024, 12:17:26 am (UTC+00:00)

    Scanned the following path: @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 1336 + Line number: 1324
    • @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 1336 + Line number: 1324
    • @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 1421 + Line number: 1409
    • @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 1767 + Line number: 1755
    • @@ -1867,7 +1867,7 @@

    Container is running without memory limit

  • - Line number: 1336 + Line number: 1324
    • @@ -1983,7 +1983,7 @@

    Container is running without memory limit

  • - Line number: 1421 + Line number: 1409
    • @@ -2041,7 +2041,7 @@

    Container is running without memory limit

  • - Line number: 1767 + Line number: 1755
    • @@ -2377,7 +2377,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1343 + Line number: 1331
    • @@ -2433,7 +2433,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1309 + Line number: 1297
    • @@ -2489,7 +2489,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1677 + Line number: 1665
    • @@ -2545,7 +2545,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1963 + Line number: 1945
    • diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html index 45385faf00d73..b745cf7cbd119 100644 --- a/docs/snyk/master/argocd-test.html +++ b/docs/snyk/master/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:15:44 am (UTC+00:00)

    +

    March 24th 2024, 12:15:25 am (UTC+00:00)

    Scanned the following paths: @@ -467,9 +467,9 @@

    Snyk test report

    -
    7 known vulnerabilities
    -
    25 vulnerable dependency paths
    -
    2045 dependencies
    +
    9 known vulnerabilities
    +
    144 vulnerable dependency paths
    +
    2037 dependencies

    @@ -538,6 +538,2627 @@

    Detailed paths

    More about this vulnerability

    + +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/internal/encoding/json +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#d56162821bd1 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.59.0 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.59.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Stack-based Buffer Overflow

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#d56162821bd1 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 + + google.golang.org/protobuf/types/known/structpb@1.31.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.59.0 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.59.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.59.0 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.59.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#d56162821bd1 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 + + google.golang.org/protobuf/types/known/structpb@1.31.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.59.0 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.59.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.59.0 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.59.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    MPL-2.0 license

    @@ -625,7 +3246,7 @@

    MPL-2.0 license

  • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.18.0 and others + github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.15.1 and others
    • @@ -639,9 +3260,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - code.gitea.io/sdk/gitea@0.18.0 + code.gitea.io/sdk/gitea@0.15.1 - github.com/hashicorp/go-version@1.6.0 + github.com/hashicorp/go-version@1.2.1 @@ -710,7 +3331,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -732,9 +3353,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -745,9 +3366,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -758,7 +3379,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -771,11 +3392,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -786,11 +3407,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -801,9 +3422,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -816,9 +3437,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -831,11 +3452,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -848,11 +3469,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -951,7 +3572,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -966,9 +3587,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -983,9 +3604,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -1000,11 +3621,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -1019,11 +3640,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -1109,81 +3730,6 @@

    Detailed paths

    -
    -

    Template Injection

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd ui/yarn.lock -
      • -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - dompurify -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - redoc@2.0.0-rc.64 - - dompurify@2.3.6 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.

    -

    Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.

    -

    PoC

    - 
    <![CDATA[ ><img src onerror=alert(1)> ]]>
-
    -

    Remediation

    -

    Upgrade dompurify to version 2.4.9, 3.0.11 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html index a8b34e1212383..7d85ddf3861f8 100644 --- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html +++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:15:58 am (UTC+00:00)

    +

    March 24th 2024, 12:15:32 am (UTC+00:00)

    Scanned the following paths: @@ -469,8 +469,8 @@

    Snyk test report

    -
    29 known vulnerabilities
    -
    71 vulnerable dependency paths
    +
    27 known vulnerabilities
    +
    62 vulnerable dependency paths
    829 dependencies
    @@ -479,86 +479,6 @@

    Snyk test report

    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.19.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.19.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.20.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -

    Out-of-bounds Write

    @@ -713,10 +633,6 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • -
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • -
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -863,14 +779,13 @@

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

    References

    @@ -2627,38 +2542,9 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

    -

    References

    -
    @@ -2667,158 +2553,6 @@

    References

    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    diff --git a/docs/snyk/master/haproxy_2.6.14-alpine.html b/docs/snyk/master/haproxy_2.6.14-alpine.html index bb13bc1cb2a26..106ec7c2cc72f 100644 --- a/docs/snyk/master/haproxy_2.6.14-alpine.html +++ b/docs/snyk/master/haproxy_2.6.14-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:16:08 am (UTC+00:00)

    +

    March 24th 2024, 12:15:37 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    6 known vulnerabilities
    -
    54 vulnerable dependency paths
    +
    5 known vulnerabilities
    +
    45 vulnerable dependency paths
    18 dependencies
    @@ -660,14 +660,14 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    References

    @@ -844,14 +844,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

    References

    @@ -1037,10 +1036,6 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • -
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • -
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -1209,14 +1204,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    References

    @@ -1363,38 +1357,9 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    -

    References

    -
    @@ -1403,180 +1368,6 @@

    References

    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html index d77bb8858c3d3..045db290b0fbb 100644 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:16:29 am (UTC+00:00)

    +

    March 24th 2024, 12:15:54 am (UTC+00:00)

    Scanned the following paths: @@ -470,9 +470,9 @@

    Snyk test report

    -
    27 known vulnerabilities
    -
    160 vulnerable dependency paths
    -
    2282 dependencies
    +
    32 known vulnerabilities
    +
    175 vulnerable dependency paths
    +
    2276 dependencies
    @@ -480,32 +480,32 @@

    Snyk test report

    -
    -

    Allocation of Resources Without Limits or Throttling

    +
    +

    CVE-2020-22916

    -
    - high severity +
    + medium severity
    • - Manifest file: quay.io/argoproj/argocd:latest/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • Vulnerable module: - golang.org/x/net/http2 + xz-utils/liblzma5
    • Introduced through: - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.17.0 + docker-image|quay.io/argoproj/argocd@latest and xz-utils/liblzma5@5.2.5-2ubuntu1
    @@ -518,9 +518,9 @@

    Detailed paths

    -

    CVE-2020-22916

    +

    CVE-2023-51767

    @@ -571,12 +576,12 @@

    CVE-2020-22916

  • Vulnerable module: - xz-utils/liblzma5 + openssh/openssh-client
  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and xz-utils/liblzma5@5.2.5-2ubuntu1 + docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.6
    • @@ -591,7 +596,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - xz-utils/liblzma5@5.2.5-2ubuntu1 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 @@ -603,27 +608,27 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream xz-utils package and not the xz-utils package as distributed by Ubuntu. +

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.

    +

    OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 xz-utils.

    +

    There is no fixed version for Ubuntu:22.04 openssh.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    @@ -698,9 +703,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 libgcrypt20@1.9.4-3ubuntu3 @@ -711,7 +716,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.4.12 + apt@2.4.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -802,9 +807,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -830,7 +835,6 @@

    References

  • http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236
  • https://access.redhat.com/security/cve/CVE-2024-2236
  • https://bugzilla.redhat.com/show_bug.cgi?id=2268268
    • -
  • https://bugzilla.redhat.com/show_bug.cgi?id=2245218
    • @@ -972,7 +976,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -985,7 +989,7 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -998,7 +1002,7 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1192,7 +1196,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1205,7 +1209,7 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1218,7 +1222,7 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1412,7 +1416,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1425,7 +1429,7 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1438,7 +1442,7 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1559,6 +1563,491 @@

    Detailed paths

    More about this vulnerability

    +
    +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/internal/encoding/json +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + google.golang.org/protobuf/internal/encoding/json@v1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Stack-based Buffer Overflow

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + google.golang.org/protobuf/encoding/protojson@v1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + google.golang.org/protobuf/encoding/protojson@v1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Information Exposure

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + gnutls28/libgnutls30 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@latest and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.4.11 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 gnutls28.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Uncaught Exception

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + gnutls28/libgnutls30 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@latest and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.4.11 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 gnutls28.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    MPL-2.0 license

    @@ -1645,7 +2134,7 @@

    MPL-2.0 license

  • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.6.0 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1
    • @@ -1660,7 +2149,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - github.com/hashicorp/go-version@v1.6.0 + github.com/hashicorp/go-version@v1.2.1 @@ -1969,7 +2458,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.4.12 + apt@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -1991,7 +2480,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2002,7 +2491,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - util-linux/bsdutils@1:2.37.2-4ubuntu3.4 + util-linux/bsdutils@1:2.37.2-4ubuntu3 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2013,9 +2502,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2046,7 +2535,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 systemd/libudev1@249.11-0ubuntu3.12 @@ -2057,9 +2546,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libudev1@249.11-0ubuntu3.12 @@ -2087,7 +2576,6 @@

    References

  • https://github.com/systemd/systemd/issues/25676
  • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/
  • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/
    • -
  • https://access.redhat.com/errata/RHSA-2024:2463
    • @@ -2157,7 +2645,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 shadow/passwd@1:4.8.1-2ubuntu2.2 @@ -2271,15 +2759,15 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 pcre3.

    References

    @@ -2418,13 +2906,13 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 patch.

    References

    @@ -2505,7 +2993,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - less@590-1ubuntu0.22.04.3 + less@590-1ubuntu0.22.04.2 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2560,7 +3048,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2769,7 +3257,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - less@590-1ubuntu0.22.04.3 + less@590-1ubuntu0.22.04.2 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2824,7 +3312,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3019,15 +3507,15 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 libzstd.

    References

    @@ -3169,7 +3657,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -3182,7 +3670,7 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -3195,7 +3683,7 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -3310,7 +3798,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.4.12 + apt@2.4.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -3624,13 +4112,13 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 gnupg2.

    References

    @@ -3665,7 +4153,7 @@

    Allocation of Resources Without Limits or Throttling

    Introduced through: - docker-image|quay.io/argoproj/argocd@latest and glibc/libc-bin@2.35-0ubuntu3.7 + docker-image|quay.io/argoproj/argocd@latest and glibc/libc-bin@2.35-0ubuntu3.6 @@ -3680,7 +4168,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - glibc/libc-bin@2.35-0ubuntu3.7 + glibc/libc-bin@2.35-0ubuntu3.6 @@ -3689,7 +4177,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - glibc/libc6@2.35-0ubuntu3.7 + glibc/libc6@2.35-0ubuntu3.6 @@ -3708,10 +4196,10 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 glibc.

    References

    @@ -3802,8 +4290,8 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 git.

    References

    @@ -3863,7 +4351,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.4.12 + apt@2.4.11 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -3874,9 +4362,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -3954,7 +4442,7 @@

    Improper Input Validation

  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and coreutils@8.32-4.1ubuntu1.2 + docker-image|quay.io/argoproj/argocd@latest and coreutils@8.32-4.1ubuntu1.1
    • @@ -3969,7 +4457,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - coreutils@8.32-4.1ubuntu1.2 + coreutils@8.32-4.1ubuntu1.1 @@ -3988,12 +4476,12 @@

    Remediation

    There is no fixed version for Ubuntu:22.04 coreutils.

    References

    diff --git a/docs/snyk/v2.11.0-rc3/redis_7.0.14-alpine.html b/docs/snyk/master/redis_7.0.14-alpine.html similarity index 73% rename from docs/snyk/v2.11.0-rc3/redis_7.0.14-alpine.html rename to docs/snyk/master/redis_7.0.14-alpine.html index bd29d333cc51a..f47d4fe717527 100644 --- a/docs/snyk/v2.11.0-rc3/redis_7.0.14-alpine.html +++ b/docs/snyk/master/redis_7.0.14-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:19:00 am (UTC+00:00)

    +

    March 24th 2024, 12:15:59 am (UTC+00:00)

    Scanned the following paths: @@ -467,8 +467,8 @@

    Snyk test report

    -
    4 known vulnerabilities
    -
    36 vulnerable dependency paths
    +
    3 known vulnerabilities
    +
    27 vulnerable dependency paths
    19 dependencies
    @@ -653,10 +653,6 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • -
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • -
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -825,14 +821,13 @@

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

    References

    @@ -979,38 +974,9 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

    -

    References

    -
    @@ -1019,180 +985,6 @@

    References

    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    diff --git a/docs/snyk/master/redis_7.0.15-alpine.html b/docs/snyk/master/redis_7.0.15-alpine.html deleted file mode 100644 index 26d3c74a390ca..0000000000000 --- a/docs/snyk/master/redis_7.0.15-alpine.html +++ /dev/null @@ -1,659 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    May 5th 2024, 12:16:36 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • redis:7.0.15-alpine (apk)
      • -
    • redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
      • -
    -
    - -
    -
    1 known vulnerabilities
    -
    9 vulnerable dependency paths
    -
    19 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.15-alpine and openssl/libcrypto3@3.1.4-r5 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240315.235535 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240315.235535 - - openssl/libssl3@3.1.4-r5 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240315.235535 - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.10.9/argocd-iac-install.html b/docs/snyk/v2.10.9/argocd-iac-install.html deleted file mode 100644 index 77f83e382a406..0000000000000 --- a/docs/snyk/v2.10.9/argocd-iac-install.html +++ /dev/null @@ -1,2621 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    May 5th 2024, 12:22:34 am (UTC+00:00)

    -
    -
    - Scanned the following path: -
      -
    • /argo-cd/manifests/install.yaml (Kubernetes)
      • -
    -
    - -
    -
    39 total issues
    -
    -
    -
    -
    - -
    - - - - - - -
    Project manifests/install.yaml
    Path /argo-cd/manifests/install.yaml
    Project Type Kubernetes
    -
    -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 16] - - rules[5] - - resources - -
      • - -
    • - Line number: 20871 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 10] - - rules[0] - - resources - -
      • - -
    • - Line number: 20580 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 11] - - rules[4] - - resources - -
      • - -
    • - Line number: 20665 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 12] - - rules[0] - - resources - -
      • - -
    • - Line number: 20693 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 13] - - rules[1] - - resources - -
      • - -
    • - Line number: 20723 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 13] - - rules[3] - - resources - -
      • - -
    • - Line number: 20741 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 14] - - rules[0] - - resources - -
      • - -
    • - Line number: 20757 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container could be running with outdated image

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-42 -
      • - -
    • Introduced through: - [DocId: 47] - - spec - - template - - spec - - initContainers[copyutil] - - imagePullPolicy - -
      • - -
    • - Line number: 22039 -
      • -
    - -
    - -

    Impact

    -

    The container may run with outdated or unauthorized image

    - -

    Remediation

    -

    Set `imagePullPolicy` attribute to `Always`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 43] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21348 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 44] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21599 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 44] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21565 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21659 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21758 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 22039 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21815 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 22124 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 49] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 22470 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running with multiple open ports

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-36 -
      • - -
    • Introduced through: - [DocId: 44] - - spec - - template - - spec - - containers[dex] - - ports - -
      • - -
    • - Line number: 21579 -
      • -
    - -
    - -

    Impact

    -

    Increases the attack surface of the application and the container.

    - -

    Remediation

    -

    Reduce `ports` count to 2

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 43] - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - livenessProbe - -
      • - -
    • - Line number: 21348 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 44] - - spec - - template - - spec - - containers[dex] - - livenessProbe - -
      • - -
    • - Line number: 21565 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 46] - - spec - - template - - spec - - containers[redis] - - livenessProbe - -
      • - -
    • - Line number: 21758 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 43] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21348 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 44] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21565 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 44] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21599 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21659 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21758 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 22039 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21815 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 22124 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 49] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 22470 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 43] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21489 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 44] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21607 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 44] - - input - - spec - - template - - spec - - containers[dex] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21582 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21692 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21768 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 22046 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 22012 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - containers[argocd-server] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 22380 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 49] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 22666 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -
    - -
    - - - diff --git a/docs/snyk/v2.10.9/argocd-iac-namespace-install.html b/docs/snyk/v2.10.9/argocd-iac-namespace-install.html deleted file mode 100644 index d1027993f915b..0000000000000 --- a/docs/snyk/v2.10.9/argocd-iac-namespace-install.html +++ /dev/null @@ -1,2575 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    May 5th 2024, 12:22:45 am (UTC+00:00)

    -
    -
    - Scanned the following path: -
      -
    • /argo-cd/manifests/namespace-install.yaml (Kubernetes)
      • -
    -
    - -
    -
    38 total issues
    -
    -
    -
    -
    - -
    - - - - - - -
    Project manifests/namespace-install.yaml
    Path /argo-cd/manifests/namespace-install.yaml
    Project Type Kubernetes
    -
    -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 7] - - rules[0] - - resources - -
      • - -
    • - Line number: 77 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 8] - - rules[4] - - resources - -
      • - -
    • - Line number: 162 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 9] - - rules[0] - - resources - -
      • - -
    • - Line number: 190 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 10] - - rules[1] - - resources - -
      • - -
    • - Line number: 220 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 10] - - rules[3] - - resources - -
      • - -
    • - Line number: 238 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 11] - - rules[0] - - resources - -
      • - -
    • - Line number: 254 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container could be running with outdated image

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-42 -
      • - -
    • Introduced through: - [DocId: 38] - - spec - - template - - spec - - initContainers[copyutil] - - imagePullPolicy - -
      • - -
    • - Line number: 1324 -
      • -
    - -
    - -

    Impact

    -

    The container may run with outdated or unauthorized image

    - -

    Remediation

    -

    Set `imagePullPolicy` attribute to `Always`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 34] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 633 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 884 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 850 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 944 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 37] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 1043 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 1324 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 1100 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 1409 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 40] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 1755 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running with multiple open ports

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-36 -
      • - -
    • Introduced through: - [DocId: 35] - - spec - - template - - spec - - containers[dex] - - ports - -
      • - -
    • - Line number: 864 -
      • -
    - -
    - -

    Impact

    -

    Increases the attack surface of the application and the container.

    - -

    Remediation

    -

    Reduce `ports` count to 2

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 34] - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - livenessProbe - -
      • - -
    • - Line number: 633 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 35] - - spec - - template - - spec - - containers[dex] - - livenessProbe - -
      • - -
    • - Line number: 850 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 37] - - spec - - template - - spec - - containers[redis] - - livenessProbe - -
      • - -
    • - Line number: 1043 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 34] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 633 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - memory - -
      • - -
    • - Line number: 850 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 884 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 944 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 37] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - memory - -
      • - -
    • - Line number: 1043 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 1324 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 1100 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 1409 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 40] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 1755 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 34] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 774 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 892 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - containers[dex] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 867 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 977 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 37] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 1053 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 1331 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 1297 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - containers[argocd-server] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 1665 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 40] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 1951 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -
    - -
    - - - diff --git a/docs/snyk/v2.10.9/argocd-test.html b/docs/snyk/v2.10.9/argocd-test.html deleted file mode 100644 index 3f6d212bee664..0000000000000 --- a/docs/snyk/v2.10.9/argocd-test.html +++ /dev/null @@ -1,7066 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    May 5th 2024, 12:20:40 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
      • -
    • /argo-cd/ui/yarn.lock (yarn)
      • -
    -
    - -
    -
    14 known vulnerabilities
    -
    306 vulnerable dependency paths
    -
    2040 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/apimachinery/pkg/util/net@0.26.11 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/soheilhy/cmux@0.1.5 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/apps/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/rbac/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/errors@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#792124280fcc - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/equality@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.26.11 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.26.11 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#792124280fcc - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#792124280fcc - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/testing@#792124280fcc - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/scheme@0.14.7 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/resource@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#792124280fcc - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/util/retry@0.26.11 - - k8s.io/apimachinery/pkg/api/errors@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/managedfields@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/portforward@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.26.11 - - k8s.io/apimachinery/pkg/api/equality@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/validation@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/utils/kube@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/utils/kube@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.14.7 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@#792124280fcc - - k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.26.11 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.26.11 - - k8s.io/client-go/tools/reference@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/common@#792124280fcc - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/apps/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.26.11 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.26.11 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.26.11 - - k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@#792124280fcc - - k8s.io/kubectl/pkg/cmd/util@0.26.11 - - k8s.io/kubectl/pkg/validation@0.26.11 - - k8s.io/cli-runtime/pkg/resource@0.26.11 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/common@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/utils/kube@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/common@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/utils/kube@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.26.11 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#792124280fcc - - k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 - - k8s.io/kubernetes/pkg/apis/storage/v1alpha1@1.26.11 - - k8s.io/api/storage/v1alpha1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/hook@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/common@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/utils/kube@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    LGPL-3.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - gopkg.in/retry.v1 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - gopkg.in/retry.v1@1.0.3 - - - -
      • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Stack-based Buffer Overflow

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 - - google.golang.org/protobuf/types/known/structpb@1.31.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 - - google.golang.org/protobuf/types/known/structpb@1.31.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Authentication Bypass by Capture-replay

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/crypto/ssh -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/crypto/ssh@0.16.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.2 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.2 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.2 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/xanzy/ssh-agent@0.3.3 - - golang.org/x/crypto/ssh/agent@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.2 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.2 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/xanzy/ssh-agent@0.3.3 - - golang.org/x/crypto/ssh/agent@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.2 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/xanzy/ssh-agent@0.3.3 - - golang.org/x/crypto/ssh/agent@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/crypto/ssh is a SSH client and server

    -

    Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

    -

    Note:

    -
      -

    1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

      -
      2. -

    2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

      -
      3. -
    -

    Impact:

    -

    While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

    -

    Workaround

    -

    Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

    -

    Remediation

    -

    Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/whilp/git-urls -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/whilp/git-urls@1.0.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    github.com/whilp/git-urls is a Git URLs parser

    -

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression in scpSyntax. Exploiting this vulnerability is possible when a long input is provided inside the directory path of the git URL.

    -

    Note: - This vulnerability has existed since commit 4a18977c6eecbf4ce0ca1e486e9ba77072ba4395.

    -

    PoC

    - 
    
-        var payload = strings.Repeat("////", 19000000) //payload used, the number can be tweaked to cause 7 second delay
-        malicious_url := "6en6ar@-:0////" + payload + "\"
-        begin := time.Now()
-        //u, err := giturls.ParseScp("remote_username@10.10.0.2:/remote/directory")// normal git url
-        _, err := giturls.ParseScp(malicious_url)
-        if err != nil {
-        fmt.Errorf("[ - ] Error ->" + err.Error())
-        }
-        //fmt.Println("[ + ] Url --> " + u.Host)
-        elapse := time.Since(begin)
-        fmt.Printf("Function took %s", elapse)
-
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    -

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    -

    Let’s take the following regular expression as an example:

    - 
    regex = /A(B|C+)+D/
-
    -

    This regular expression accomplishes the following:

    -
      -
    • A The string must start with the letter 'A'
      • -
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • -
    • D Finally, we ensure this section of the string ends with a 'D'
      • -
    -

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    -

    It most cases, it doesn't take very long for a regex engine to find a match:

    - 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
    -

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    -

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    -

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    -
      -
    1. CCC
      2. -
    2. CC+C
      3. -
    3. C+CC
      4. -
    4. C+C+C.
      5. -
    -

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    -

    From there, the number of steps the engine must use to validate a string just continues to grow.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    -

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    -

    Remediation

    -

    There is no fixed version for github.com/whilp/git-urls.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/r3labs/diff -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/r3labs/diff@1.1.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-version -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.15.1 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - code.gitea.io/sdk/gitea@0.15.1 - - github.com/hashicorp/go-version@1.2.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-cleanhttp -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/gosimple/slug -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/gosimple/slug@1.13.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Handling of Highly Compressed Data (Data Amplification)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/go-jose/go-jose/v3@3.0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-jose/go-jose/v3@3.0.1 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/coreos/go-oidc/v3/oidc@3.6.0 - - github.com/go-jose/go-jose/v3@3.0.1 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

    -

    Remediation

    -

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Template Injection

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd ui/yarn.lock -
      • -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - dompurify -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - redoc@2.0.0-rc.64 - - dompurify@2.3.6 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.

    -

    Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.

    -

    PoC

    - 
    <![CDATA[ ><img src onerror=alert(1)> ]]>
-
    -

    Remediation

    -

    Upgrade dompurify to version 2.4.9, 3.0.11 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.10.9/redis_7.0.15-alpine.html b/docs/snyk/v2.10.9/redis_7.0.15-alpine.html deleted file mode 100644 index f910d7c9eaafa..0000000000000 --- a/docs/snyk/v2.10.9/redis_7.0.15-alpine.html +++ /dev/null @@ -1,659 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    May 5th 2024, 12:21:16 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • redis:7.0.15-alpine (apk)
      • -
    • redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
      • -
    -
    - -
    -
    1 known vulnerabilities
    -
    9 vulnerable dependency paths
    -
    19 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.15-alpine and openssl/libcrypto3@3.1.4-r5 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240315.235535 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240315.235535 - - openssl/libssl3@3.1.4-r5 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240315.235535 - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.11.0-rc3/argocd-test.html b/docs/snyk/v2.11.0-rc3/argocd-test.html deleted file mode 100644 index 166d4809e425b..0000000000000 --- a/docs/snyk/v2.11.0-rc3/argocd-test.html +++ /dev/null @@ -1,6476 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    May 5th 2024, 12:18:17 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
      • -
    • /argo-cd/ui/yarn.lock (yarn)
      • -
    -
    - -
    -
    11 known vulnerabilities
    -
    284 vulnerable dependency paths
    -
    2039 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/apimachinery/pkg/util/net@0.26.11 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/soheilhy/cmux@0.1.5 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/apps/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/rbac/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/errors@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#5fd9f449e757 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/equality@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.26.11 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.26.11 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#5fd9f449e757 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#5fd9f449e757 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/testing@#5fd9f449e757 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/scheme@0.14.7 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/resource@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#5fd9f449e757 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/util/retry@0.26.11 - - k8s.io/apimachinery/pkg/api/errors@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/managedfields@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/portforward@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.26.11 - - k8s.io/apimachinery/pkg/api/equality@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/validation@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.14.7 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@#5fd9f449e757 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.26.11 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.26.11 - - k8s.io/client-go/tools/reference@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/common@#5fd9f449e757 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/apps/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.26.11 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.26.11 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.26.11 - - k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@#5fd9f449e757 - - k8s.io/kubectl/pkg/cmd/util@0.26.11 - - k8s.io/kubectl/pkg/validation@0.26.11 - - k8s.io/cli-runtime/pkg/resource@0.26.11 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/common@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/common@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.26.11 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#5fd9f449e757 - - k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 - - k8s.io/kubernetes/pkg/apis/storage/v1alpha1@1.26.11 - - k8s.io/api/storage/v1alpha1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/common@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    LGPL-3.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - gopkg.in/retry.v1 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - gopkg.in/retry.v1@1.0.3 - - - -
      • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Stack-based Buffer Overflow

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 - - google.golang.org/protobuf/types/known/structpb@1.31.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 - - google.golang.org/protobuf/types/known/structpb@1.31.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/r3labs/diff -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/r3labs/diff@1.1.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-version -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.15.1 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - code.gitea.io/sdk/gitea@0.15.1 - - github.com/hashicorp/go-version@1.2.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-cleanhttp -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/gosimple/slug -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/gosimple/slug@1.13.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Template Injection

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd ui/yarn.lock -
      • -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - dompurify -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - redoc@2.0.0-rc.64 - - dompurify@2.3.6 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.

    -

    Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.

    -

    PoC

    - 
    <![CDATA[ ><img src onerror=alert(1)> ]]>
-
    -

    Remediation

    -

    Upgrade dompurify to version 2.4.9, 3.0.11 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.11.0-rc3/ghcr.io_dexidp_dex_v2.38.0.html b/docs/snyk/v2.11.0-rc3/ghcr.io_dexidp_dex_v2.38.0.html deleted file mode 100644 index a75d20b2773b7..0000000000000 --- a/docs/snyk/v2.11.0-rc3/ghcr.io_dexidp_dex_v2.38.0.html +++ /dev/null @@ -1,2827 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    May 5th 2024, 12:18:24 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • ghcr.io/dexidp/dex:v2.38.0/dexidp/dex (apk)
      • -
    • ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3//usr/local/bin/gomplate (gomodules)
      • -
    • ghcr.io/dexidp/dex:v2.38.0/dexidp/dex//usr/local/bin/docker-entrypoint (gomodules)
      • -
    • ghcr.io/dexidp/dex:v2.38.0/dexidp/dex//usr/local/bin/dex (gomodules)
      • -
    -
    - -
    -
    29 known vulnerabilities
    -
    71 vulnerable dependency paths
    -
    829 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.19.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.19.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.20.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

    -

    Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

    -

    The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

    -

    The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

    -

    The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-0727

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

    -

    Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

    -

    A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

    -

    OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

    -

    We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - google.golang.org/protobuf/internal/encoding/json@v1.31.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - google.golang.org/protobuf/internal/encoding/json@v1.32.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Stack-based Buffer Overflow

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - google.golang.org/protobuf/encoding/protojson@v1.32.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/vault/sdk/helper/certutil -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/compressutil@v0.5.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/jsonutil@v0.5.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/pluginutil@v0.5.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/strutil@v0.5.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/logical@v0.5.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/vault/api -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/api@v1.6.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/api@v1.6.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/serf/coordinate -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/serf/coordinate@v0.9.7 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/serf/coordinate@v0.9.7 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/dexidp/dex /usr/local/bin/dex -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/hcl/v2 -
      • - -
    • Introduced through: - - github.com/dexidp/dex@* and github.com/hashicorp/hcl/v2@v2.13.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/ext/customdecode@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/ext/tryfunc@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/gohcl@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/hclparse@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/hclsyntax@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/hclwrite@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/json@v2.13.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/hcl -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/hcl@v1.0.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/hcl@v1.0.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/hcl/hcl/token@v1.0.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/golang-lru/simplelru -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/golang-lru/simplelru@v0.5.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/golang-lru/simplelru@v0.5.4 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-version -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-version@v1.5.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-version@v1.5.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-sockaddr -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-sockaddr@v1.0.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-sockaddr@v1.0.2 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-sockaddr/template@v1.0.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-secure-stdlib/strutil -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-secure-stdlib/parseutil -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-secure-stdlib/mlock -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-rootcerts -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-rootcerts@v1.0.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-rootcerts@v1.0.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-retryablehttp@v0.7.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-retryablehttp@v0.7.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-plugin -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-plugin@v1.4.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-plugin@v1.4.4 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-plugin/internal/plugin@v1.4.4 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-immutable-radix -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-immutable-radix@v1.3.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-immutable-radix@v1.3.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-cleanhttp -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-cleanhttp@v0.5.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-cleanhttp@v0.5.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/errwrap -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/errwrap@v1.1.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/errwrap@v1.1.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/consul/api -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/consul/api@v1.13.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/consul/api@v1.13.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/gosimple/slug -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/gosimple/slug@v1.12.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/gosimple/slug@v1.12.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/dexidp/dex /usr/local/bin/dex -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/go-sql-driver/mysql -
      • - -
    • Introduced through: - - github.com/dexidp/dex@* and github.com/go-sql-driver/mysql@v1.7.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/go-sql-driver/mysql@v1.7.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Handling of Highly Compressed Data (Data Amplification)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/dexidp/dex /usr/local/bin/dex -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
      • - -
    • Introduced through: - - github.com/dexidp/dex@* and github.com/go-jose/go-jose/v3@v3.0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/go-jose/go-jose/v3@v3.0.1 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

    -

    Remediation

    -

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-6237

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.11.0-rc3/quay.io_argoproj_argocd_v2.11.0-rc3.html b/docs/snyk/v2.11.0-rc3/quay.io_argoproj_argocd_v2.11.0-rc3.html deleted file mode 100644 index 049a698fdee3c..0000000000000 --- a/docs/snyk/v2.11.0-rc3/quay.io_argoproj_argocd_v2.11.0-rc3.html +++ /dev/null @@ -1,4230 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    May 5th 2024, 12:18:53 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd/Dockerfile (deb)
      • -
    • quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.11.0-rc3//usr/local/bin/kustomize (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.11.0-rc3/helm/v3//usr/local/bin/helm (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.11.0-rc3/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
      • -
    -
    - -
    -
    30 known vulnerabilities
    -
    164 vulnerable dependency paths
    -
    2277 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.19.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - golang.org/x/net/http2@v0.19.0 - - - -
      • -
    • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/net/http2@v0.17.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2020-22916

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - xz-utils/liblzma5 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and xz-utils/liblzma5@5.2.5-2ubuntu1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - xz-utils/liblzma5@5.2.5-2ubuntu1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream xz-utils package and not the xz-utils package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 xz-utils.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Information Exposure

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - libgcrypt20 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and libgcrypt20@1.9.4-3ubuntu3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - apt@2.4.12 - - apt/libapt-pkg6.0@2.4.12 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - apt@2.4.12 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - apt@2.4.12 - - apt/libapt-pkg6.0@2.4.12 - - systemd/libsystemd0@249.11-0ubuntu3.12 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 libgcrypt20.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-26461

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - krb5/libk5crypto3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 krb5.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-26462

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - krb5/libk5crypto3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 krb5.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-26458

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - krb5/libk5crypto3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 krb5.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    LGPL-3.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - gopkg.in/retry.v1 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - gopkg.in/retry.v1@v1.0.3 - - - -
      • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - google.golang.org/protobuf/internal/encoding/json@v1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Stack-based Buffer Overflow

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/r3labs/diff -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/r3labs/diff@v1.1.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-version -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/hashicorp/go-version@v1.2.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/hashicorp/go-retryablehttp@v0.7.4 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/helm/v3 /usr/local/bin/helm -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-multierror -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - - github.com/hashicorp/go-multierror@v1.1.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-cleanhttp -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/hashicorp/go-cleanhttp@v0.5.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/gosimple/slug -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/gosimple/slug@v1.13.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-7008

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - systemd/libsystemd0 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and systemd/libsystemd0@249.11-0ubuntu3.12 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - apt@2.4.12 - - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - procps/libprocps8@2:3.3.17-6ubuntu2.1 - - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - util-linux@2.37.2-4ubuntu3.4 - - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - util-linux/bsdutils@1:2.37.2-4ubuntu3.4 - - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - apt@2.4.12 - - apt/libapt-pkg6.0@2.4.12 - - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - systemd/libudev1@249.11-0ubuntu3.12 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - libfido2/libfido2-1@1.10.0-1 - - systemd/libudev1@249.11-0ubuntu3.12 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - util-linux@2.37.2-4ubuntu3.4 - - systemd/libudev1@249.11-0ubuntu3.12 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - apt@2.4.12 - - apt/libapt-pkg6.0@2.4.12 - - systemd/libudev1@249.11-0ubuntu3.12 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 systemd.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Arbitrary Code Injection

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - shadow/passwd -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and shadow/passwd@1:4.8.1-2ubuntu2.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - shadow/login@1:4.8.1-2ubuntu2.2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 shadow.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Uncontrolled Recursion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - pcre3/libpcre3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - grep@3.7-1build1 - - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 pcre3.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Release of Invalid Pointer or Reference

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - patch -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and patch@2.7.6-7build2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - patch@2.7.6-7build2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 patch.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Double Free

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - patch -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and patch@2.7.6-7build2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - patch@2.7.6-7build2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 patch.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-50495

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - ncurses/libtinfo6 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and ncurses/libtinfo6@6.3-2ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - bash@5.1-6ubuntu1.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - less@590-1ubuntu0.22.04.3 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - util-linux@2.37.2-4ubuntu3.4 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - readline/libreadline8@8.1.2-1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 ncurses.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-45918

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - ncurses/libtinfo6 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and ncurses/libtinfo6@6.3-2ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - bash@5.1-6ubuntu1.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - less@590-1ubuntu0.22.04.3 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - util-linux@2.37.2-4ubuntu3.4 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - readline/libreadline8@8.1.2-1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 ncurses.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Resource Exhaustion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - libzstd/libzstd1 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and libzstd/libzstd1@1.4.8+dfsg-3build1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - libzstd/libzstd1@1.4.8+dfsg-3build1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream libzstd package and not the libzstd package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 libzstd.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Integer Overflow or Wraparound

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - krb5/libk5crypto3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 krb5.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - gnupg2/gpgv -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and gnupg2/gpgv@2.2.27-3ubuntu2.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - apt@2.4.12 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 gnupg2.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - glibc/libc-bin -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and glibc/libc-bin@2.35-0ubuntu3.7 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - glibc/libc-bin@2.35-0ubuntu3.7 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - glibc/libc6@2.35-0ubuntu3.7 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 glibc.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - git/git-man -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3, git@1:2.34.1-1ubuntu1.10 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - git@1:2.34.1-1ubuntu1.10 - - git/git-man@1:2.34.1-1ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - git@1:2.34.1-1ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - git-lfs@3.0.2-1ubuntu0.2 - - git@1:2.34.1-1ubuntu1.10 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 git.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Uncontrolled Recursion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - gcc-12/libstdc++6 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - apt@2.4.12 - - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - apt@2.4.12 - - apt/libapt-pkg6.0@2.4.12 - - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream gcc-12 package and not the gcc-12 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 gcc-12.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc3/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - coreutils -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 and coreutils@8.32-4.1ubuntu1.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc3 - - coreutils@8.32-4.1ubuntu1.2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream coreutils package and not the coreutils package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 coreutils.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.11.0-rc3/argocd-iac-install.html b/docs/snyk/v2.7.17/argocd-iac-install.html similarity index 96% rename from docs/snyk/v2.11.0-rc3/argocd-iac-install.html rename to docs/snyk/v2.7.17/argocd-iac-install.html index 444385fc2e128..cfced2ce2b173 100644 --- a/docs/snyk/v2.11.0-rc3/argocd-iac-install.html +++ b/docs/snyk/v2.7.17/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:20:19 am (UTC+00:00)

    +

    March 24th 2024, 12:23:21 am (UTC+00:00)

    Scanned the following path: @@ -482,52 +482,6 @@

    Snyk test report

    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 16] - - rules[5] - - resources - -
      • - -
    • - Line number: 21035 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -

    Role or ClusterRole with dangerous permissions

    @@ -553,7 +507,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20744 + Line number: 16324
    • @@ -599,7 +553,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20829 + Line number: 16401
    • @@ -645,7 +599,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20857 + Line number: 16429
    • @@ -691,7 +645,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20887 + Line number: 16459
    • @@ -737,7 +691,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20905 + Line number: 16477
    • @@ -783,7 +737,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20921 + Line number: 16493
    • @@ -820,7 +774,7 @@

    Container could be running with outdated image

  • Introduced through: - [DocId: 47] + [DocId: 46] spec @@ -835,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 22209 + Line number: 17537
    • @@ -872,7 +826,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 43] + [DocId: 42] input @@ -893,7 +847,7 @@

    Container has no CPU limit

  • - Line number: 21512 + Line number: 16980
    • @@ -930,7 +884,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 44] + [DocId: 43] input @@ -951,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 21763 + Line number: 17152
    • @@ -988,7 +942,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 44] + [DocId: 43] input @@ -1009,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 21729 + Line number: 17118
    • @@ -1046,7 +1000,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 45] + [DocId: 44] input @@ -1067,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 21823 + Line number: 17212
    • @@ -1104,7 +1058,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 46] + [DocId: 45] input @@ -1125,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 21922 + Line number: 17293
    • @@ -1162,7 +1116,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 47] + [DocId: 46] input @@ -1183,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 22209 + Line number: 17537
    • @@ -1220,7 +1174,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 47] + [DocId: 46] input @@ -1241,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 21979 + Line number: 17349
    • @@ -1278,7 +1232,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 48] + [DocId: 47] input @@ -1299,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 22294 + Line number: 17622
    • @@ -1336,7 +1290,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 49] + [DocId: 48] input @@ -1357,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 22640 + Line number: 17932
    • @@ -1394,7 +1348,7 @@

    Container is running with multiple open ports

  • Introduced through: - [DocId: 44] + [DocId: 43] spec @@ -1409,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 21743 + Line number: 17132
    • @@ -1429,6 +1383,60 @@

    Remediation

    More about this issue

    +
    +
    +

    Container is running with writable root filesystem

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-8 +
      • + +
    • Introduced through: + [DocId: 45] + + spec + + template + + spec + + containers[redis] + + securityContext + + readOnlyRootFilesystem + +
      • + +
    • + Line number: 17303 +
      • +
    + +
    + +

    Impact

    +

    Compromised process could abuse writable root filesystem to elevate privileges

    + +

    Remediation

    +

    Set `spec.{containers, initContainers}.securityContext.readOnlyRootFilesystem` to `true`

    + + +
    +
    + +
    +

    More about this issue

    +
    +

    Container is running without liveness probe

    @@ -1446,7 +1454,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 43] + [DocId: 42] spec @@ -1461,7 +1469,7 @@

    Container is running without liveness probe

  • - Line number: 21512 + Line number: 16980
    • @@ -1498,7 +1506,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 44] + [DocId: 43] spec @@ -1513,7 +1521,7 @@

    Container is running without liveness probe

  • - Line number: 21729 + Line number: 17118
    • @@ -1550,7 +1558,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 46] + [DocId: 45] spec @@ -1565,7 +1573,7 @@

    Container is running without liveness probe

  • - Line number: 21922 + Line number: 17293
    • @@ -1602,7 +1610,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 43] + [DocId: 42] input @@ -1623,7 +1631,7 @@

    Container is running without memory limit

  • - Line number: 21512 + Line number: 16980
    • @@ -1660,7 +1668,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 44] + [DocId: 43] input @@ -1681,7 +1689,7 @@

    Container is running without memory limit

  • - Line number: 21729 + Line number: 17118
    • @@ -1718,7 +1726,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 44] + [DocId: 43] input @@ -1739,7 +1747,7 @@

    Container is running without memory limit

  • - Line number: 21763 + Line number: 17152
    • @@ -1776,7 +1784,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 45] + [DocId: 44] input @@ -1797,7 +1805,7 @@

    Container is running without memory limit

  • - Line number: 21823 + Line number: 17212
    • @@ -1834,7 +1842,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 46] + [DocId: 45] input @@ -1855,7 +1863,7 @@

    Container is running without memory limit

  • - Line number: 21922 + Line number: 17293
    • @@ -1892,7 +1900,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 47] + [DocId: 46] input @@ -1913,7 +1921,7 @@

    Container is running without memory limit

  • - Line number: 22209 + Line number: 17537
    • @@ -1950,7 +1958,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 47] + [DocId: 46] input @@ -1971,7 +1979,7 @@

    Container is running without memory limit

  • - Line number: 21979 + Line number: 17349
    • @@ -2008,7 +2016,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 48] + [DocId: 47] input @@ -2029,7 +2037,7 @@

    Container is running without memory limit

  • - Line number: 22294 + Line number: 17622
    • @@ -2066,7 +2074,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 49] + [DocId: 48] input @@ -2087,7 +2095,7 @@

    Container is running without memory limit

  • - Line number: 22640 + Line number: 17932
    • @@ -2124,7 +2132,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 43] + [DocId: 42] input @@ -2143,7 +2151,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21653 + Line number: 17055
    • @@ -2180,7 +2188,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 44] + [DocId: 43] input @@ -2199,7 +2207,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21771 + Line number: 17160
    • @@ -2236,7 +2244,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 44] + [DocId: 43] input @@ -2255,7 +2263,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21746 + Line number: 17135
    • @@ -2292,7 +2300,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 45] + [DocId: 44] input @@ -2311,7 +2319,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21856 + Line number: 17227
    • @@ -2348,7 +2356,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 46] + [DocId: 45] input @@ -2367,7 +2375,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21932 + Line number: 17303
    • @@ -2404,7 +2412,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 47] + [DocId: 46] input @@ -2423,7 +2431,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 22216 + Line number: 17544
    • @@ -2460,7 +2468,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 47] + [DocId: 46] input @@ -2479,7 +2487,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 22182 + Line number: 17510
    • @@ -2516,7 +2524,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 48] + [DocId: 47] input @@ -2535,7 +2543,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 22550 + Line number: 17842
    • @@ -2572,7 +2580,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 49] + [DocId: 48] input @@ -2591,7 +2599,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 22836 + Line number: 18074
    • diff --git a/docs/snyk/v2.11.0-rc3/argocd-iac-namespace-install.html b/docs/snyk/v2.7.17/argocd-iac-namespace-install.html similarity index 95% rename from docs/snyk/v2.11.0-rc3/argocd-iac-namespace-install.html rename to docs/snyk/v2.7.17/argocd-iac-namespace-install.html index c811849f8fab8..f9744975422e6 100644 --- a/docs/snyk/v2.11.0-rc3/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.7.17/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:20:29 am (UTC+00:00)

    +

    March 24th 2024, 12:23:30 am (UTC+00:00)

    Scanned the following path: @@ -466,7 +466,7 @@

    Snyk test report

    -
    38 total issues
    +
    39 total issues

    @@ -553,7 +553,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 162 + Line number: 154
    • @@ -599,7 +599,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 190 + Line number: 182
    • @@ -645,7 +645,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 220 + Line number: 212
    • @@ -691,7 +691,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 238 + Line number: 230
    • @@ -737,7 +737,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 254 + Line number: 246
    • @@ -774,7 +774,7 @@

    Container could be running with outdated image

  • Introduced through: - [DocId: 38] + [DocId: 39] spec @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 1330 + Line number: 1197
    • @@ -826,7 +826,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 34] + [DocId: 35] input @@ -847,7 +847,7 @@

    Container has no CPU limit

  • - Line number: 633 + Line number: 640
    • @@ -884,7 +884,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 35] + [DocId: 36] input @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 884 + Line number: 812
    • @@ -942,7 +942,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 35] + [DocId: 36] input @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 850 + Line number: 778
    • @@ -1000,7 +1000,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 36] + [DocId: 37] input @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 944 + Line number: 872
    • @@ -1058,7 +1058,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 37] + [DocId: 38] input @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 1043 + Line number: 953
    • @@ -1116,7 +1116,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 38] + [DocId: 39] input @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 1330 + Line number: 1197
    • @@ -1174,7 +1174,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 38] + [DocId: 39] input @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 1100 + Line number: 1009
    • @@ -1232,7 +1232,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 39] + [DocId: 40] input @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 1415 + Line number: 1282
    • @@ -1290,7 +1290,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 40] + [DocId: 41] input @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 1761 + Line number: 1592
    • @@ -1348,7 +1348,7 @@

    Container is running with multiple open ports

  • Introduced through: - [DocId: 35] + [DocId: 36] spec @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 864 + Line number: 792
    • @@ -1383,6 +1383,60 @@

    Remediation

    More about this issue

    +
    +
    +

    Container is running with writable root filesystem

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-8 +
      • + +
    • Introduced through: + [DocId: 38] + + spec + + template + + spec + + containers[redis] + + securityContext + + readOnlyRootFilesystem + +
      • + +
    • + Line number: 963 +
      • +
    + +
    + +

    Impact

    +

    Compromised process could abuse writable root filesystem to elevate privileges

    + +

    Remediation

    +

    Set `spec.{containers, initContainers}.securityContext.readOnlyRootFilesystem` to `true`

    + + +
    +
    + +
    +

    More about this issue

    +
    +

    Container is running without liveness probe

    @@ -1400,7 +1454,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 34] + [DocId: 35] spec @@ -1415,7 +1469,7 @@

    Container is running without liveness probe

  • - Line number: 633 + Line number: 640
    • @@ -1452,7 +1506,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 35] + [DocId: 36] spec @@ -1467,7 +1521,7 @@

    Container is running without liveness probe

  • - Line number: 850 + Line number: 778
    • @@ -1504,7 +1558,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 37] + [DocId: 38] spec @@ -1519,7 +1573,7 @@

    Container is running without liveness probe

  • - Line number: 1043 + Line number: 953
    • @@ -1556,7 +1610,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 34] + [DocId: 35] input @@ -1577,7 +1631,7 @@

    Container is running without memory limit

  • - Line number: 633 + Line number: 640
    • @@ -1614,7 +1668,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 35] + [DocId: 36] input @@ -1635,7 +1689,7 @@

    Container is running without memory limit

  • - Line number: 850 + Line number: 778
    • @@ -1672,7 +1726,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 35] + [DocId: 36] input @@ -1693,7 +1747,7 @@

    Container is running without memory limit

  • - Line number: 884 + Line number: 812
    • @@ -1730,7 +1784,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 36] + [DocId: 37] input @@ -1751,7 +1805,7 @@

    Container is running without memory limit

  • - Line number: 944 + Line number: 872
    • @@ -1788,7 +1842,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 37] + [DocId: 38] input @@ -1809,7 +1863,7 @@

    Container is running without memory limit

  • - Line number: 1043 + Line number: 953
    • @@ -1846,7 +1900,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 38] + [DocId: 39] input @@ -1867,7 +1921,7 @@

    Container is running without memory limit

  • - Line number: 1330 + Line number: 1197
    • @@ -1904,7 +1958,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 38] + [DocId: 39] input @@ -1925,7 +1979,7 @@

    Container is running without memory limit

  • - Line number: 1100 + Line number: 1009
    • @@ -1962,7 +2016,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 39] + [DocId: 40] input @@ -1983,7 +2037,7 @@

    Container is running without memory limit

  • - Line number: 1415 + Line number: 1282
    • @@ -2020,7 +2074,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 40] + [DocId: 41] input @@ -2041,7 +2095,7 @@

    Container is running without memory limit

  • - Line number: 1761 + Line number: 1592
    • @@ -2078,7 +2132,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 34] + [DocId: 35] input @@ -2097,7 +2151,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 774 + Line number: 715
    • @@ -2134,7 +2188,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 35] + [DocId: 36] input @@ -2153,7 +2207,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 892 + Line number: 820
    • @@ -2190,7 +2244,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 35] + [DocId: 36] input @@ -2209,7 +2263,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 867 + Line number: 795
    • @@ -2246,7 +2300,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 36] + [DocId: 37] input @@ -2265,7 +2319,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 977 + Line number: 887
    • @@ -2302,7 +2356,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 37] + [DocId: 38] input @@ -2321,7 +2375,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1053 + Line number: 963
    • @@ -2358,7 +2412,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 38] + [DocId: 39] input @@ -2377,7 +2431,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1337 + Line number: 1204
    • @@ -2414,7 +2468,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 38] + [DocId: 39] input @@ -2433,7 +2487,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1303 + Line number: 1170
    • @@ -2470,7 +2524,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 39] + [DocId: 40] input @@ -2489,7 +2543,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1671 + Line number: 1502
    • @@ -2526,7 +2580,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 40] + [DocId: 41] input @@ -2545,7 +2599,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1957 + Line number: 1734
    • diff --git a/docs/snyk/v2.7.17/argocd-test.html b/docs/snyk/v2.7.17/argocd-test.html new file mode 100644 index 0000000000000..f130f831d96d1 --- /dev/null +++ b/docs/snyk/v2.7.17/argocd-test.html @@ -0,0 +1,2957 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    March 24th 2024, 12:21:51 am (UTC+00:00)

    +
    +
    + Scanned the following paths: +
      +
    • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
      • +
    • /argo-cd/ui/yarn.lock (yarn)
      • +
    +
    + +
    +
    10 known vulnerabilities
    +
    106 vulnerable dependency paths
    +
    1755 dependencies
    +
    +
    +
    +
    + +
    +
    +
    +

    Regular Expression Denial of Service (ReDoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd ui/yarn.lock +
      • +
    • + Package Manager: npm +
      • +
    • + Vulnerable module: + + semver +
      • + +
    • Introduced through: + + + argo-cd-ui@1.0.0, superagent@8.0.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + argo-cd-ui@1.0.0 + + superagent@8.0.9 + + semver@7.3.8 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    semver is a semantic version parser used by npm.

    +

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

    +

    PoC

    + 
    
+        const semver = require('semver')
+        const lengths_2 = [2000, 4000, 8000, 16000, 32000, 64000, 128000]
+        
+        console.log("n[+] Valid range - Test payloads")
+        for (let i = 0; i =1.2.3' + ' '.repeat(lengths_2[i]) + '<1.3.0';
+        const start = Date.now()
+        semver.validRange(value)
+        // semver.minVersion(value)
+        // semver.maxSatisfying(["1.2.3"], value)
+        // semver.minSatisfying(["1.2.3"], value)
+        // new semver.Range(value, {})
+        
+        const end = Date.now();
+        console.log('length=%d, time=%d ms', value.length, end - start);
+        }
+
    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    +

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    +

    Let’s take the following regular expression as an example:

    + 
    regex = /A(B|C+)+D/
+
    +

    This regular expression accomplishes the following:

    +
      +
    • A The string must start with the letter 'A'
      • +
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • +
    • D Finally, we ensure this section of the string ends with a 'D'
      • +
    +

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    +

    It most cases, it doesn't take very long for a regex engine to find a match:

    + 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
+        1.79s user 0.02s system 99% cpu 1.812 total
+
    +

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    +

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    +

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    +
      +
    1. CCC
      2. +
    2. CC+C
      3. +
    3. C+CC
      4. +
    4. C+C+C.
      5. +
    +

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    +

    From there, the number of steps the engine must use to validate a string just continues to grow.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    +

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    +

    Remediation

    +

    Upgrade semver to version 5.7.2, 6.3.1, 7.5.2 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/internal/encoding/json +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#a4dd357b057e + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Stack-based Buffer Overflow

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#a4dd357b057e + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.7.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#a4dd357b057e + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.7.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Authentication Bypass by Capture-replay

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/crypto/ssh +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/crypto/ssh@0.16.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/crypto/ssh is a SSH client and server

    +

    Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

    +

    Note:

    +
      +

    1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

      +
      2. +

    2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

      +
      3. +
    +

    Impact:

    +

    While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

    +

    Workaround

    +

    Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

    +

    Remediation

    +

    Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/r3labs/diff +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/r3labs/diff@1.1.0 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-version +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.15.1 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + code.gitea.io/sdk/gitea@0.15.1 + + github.com/hashicorp/go-version@1.2.1 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-retryablehttp +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/xanzy/go-gitlab@0.60.0 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/subscriptions@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/subscriptions@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-cleanhttp +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/xanzy/go-gitlab@0.60.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/xanzy/go-gitlab@0.60.0 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/subscriptions@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/subscriptions@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/gosimple/slug +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/gosimple/slug@1.13.1 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +
    +
    + + + diff --git a/docs/snyk/v2.9.14/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.7.17/ghcr.io_dexidp_dex_v2.37.0.html similarity index 89% rename from docs/snyk/v2.9.14/ghcr.io_dexidp_dex_v2.37.0.html rename to docs/snyk/v2.7.17/ghcr.io_dexidp_dex_v2.37.0.html index 07f30b33a9d48..2bc1adb34dcef 100644 --- a/docs/snyk/v2.9.14/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/v2.7.17/ghcr.io_dexidp_dex_v2.37.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:23:11 am (UTC+00:00)

    +

    March 24th 2024, 12:21:56 am (UTC+00:00)

    Scanned the following paths: @@ -469,8 +469,8 @@

    Snyk test report

    -
    44 known vulnerabilities
    -
    130 vulnerable dependency paths
    +
    42 known vulnerabilities
    +
    121 vulnerable dependency paths
    786 dependencies

    @@ -655,7 +655,7 @@

    Remediation

    Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

    References

    @@ -818,14 +818,14 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    References

    @@ -904,7 +904,6 @@

    References

    -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.7.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.11.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Heap-based Buffer Overflow

    @@ -1236,7 +1154,6 @@

    Remediation

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

    References

    @@ -1386,13 +1303,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

    References

    @@ -1545,18 +1462,18 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

    References

    @@ -1707,20 +1624,20 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    References

    @@ -1875,14 +1792,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

    References

    @@ -2046,10 +1962,6 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • -
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • -
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -2196,14 +2108,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    References

    @@ -2734,18 +2645,13 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
    • -
  • GitHub Commit
    • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • GitHub Issue
  • GitHub Issue
    • -
  • GitHub PR
  • Go Forum
  • Google Groups Forum
    • -
  • Jenkins Advisory
  • Security Release
    • -
  • Nuclei Templates
    • @@ -4412,38 +4318,9 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    -

    References

    -
    @@ -4452,158 +4329,6 @@

    References

    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    diff --git a/docs/snyk/v2.11.0-rc3/haproxy_2.6.14-alpine.html b/docs/snyk/v2.7.17/haproxy_2.6.14-alpine.html similarity index 78% rename from docs/snyk/v2.11.0-rc3/haproxy_2.6.14-alpine.html rename to docs/snyk/v2.7.17/haproxy_2.6.14-alpine.html index f9e040cba19f3..4487d720d3a0c 100644 --- a/docs/snyk/v2.11.0-rc3/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.7.17/haproxy_2.6.14-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:18:28 am (UTC+00:00)

    +

    March 24th 2024, 12:22:00 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    6 known vulnerabilities
    -
    54 vulnerable dependency paths
    +
    5 known vulnerabilities
    +
    45 vulnerable dependency paths
    18 dependencies
    @@ -660,14 +660,14 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    References

    @@ -844,14 +844,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

    References

    @@ -1037,10 +1036,6 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • -
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • -
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -1209,14 +1204,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    References

    @@ -1363,38 +1357,9 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    -

    References

    -
    @@ -1403,180 +1368,6 @@

    References

    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    diff --git a/docs/snyk/v2.10.9/quay.io_argoproj_argocd_v2.10.9.html b/docs/snyk/v2.7.17/quay.io_argoproj_argocd_v2.7.17.html similarity index 64% rename from docs/snyk/v2.10.9/quay.io_argoproj_argocd_v2.10.9.html rename to docs/snyk/v2.7.17/quay.io_argoproj_argocd_v2.7.17.html index 93cf1c001a823..88785b4be1777 100644 --- a/docs/snyk/v2.10.9/quay.io_argoproj_argocd_v2.10.9.html +++ b/docs/snyk/v2.7.17/quay.io_argoproj_argocd_v2.7.17.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,23 +456,23 @@

    Snyk test report

    -

    May 5th 2024, 12:21:10 am (UTC+00:00)

    +

    March 24th 2024, 12:22:17 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.10.9/argoproj/argocd/Dockerfile (deb)
      • -
    • quay.io/argoproj/argocd:v2.10.9/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.10.9//usr/local/bin/kustomize (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.10.9/helm/v3//usr/local/bin/helm (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.10.9/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.7.17/argoproj/argocd/Dockerfile (deb)
      • +
    • quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.7.17/kustomize/kustomize/v5//usr/local/bin/kustomize (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.7.17/helm/v3//usr/local/bin/helm (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.7.17/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    -
    32 known vulnerabilities
    -
    166 vulnerable dependency paths
    -
    2275 dependencies
    +
    46 known vulnerabilities
    +
    224 vulnerable dependency paths
    +
    2070 dependencies
    @@ -481,7 +481,89 @@

    Snyk test report

    -

    Allocation of Resources Without Limits or Throttling

    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/helm/v3 /usr/local/bin/helm +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2/hpack +
      • + +
    • Introduced through: + + helm.sh/helm/v3@* and golang.org/x/net/http2/hpack@v0.5.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + helm.sh/helm/v3@* + + golang.org/x/net/http2/hpack@v0.5.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    @@ -492,7 +574,7 @@

    Allocation of Resources Without Limits or Throttling

  • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/helm/v3 /usr/local/bin/helm
  • Package Manager: golang @@ -505,7 +587,7 @@

    Allocation of Resources Without Limits or Throttling

    Introduced through: - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.19.0 + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.5.0
    • @@ -518,18 +600,92 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + helm.sh/helm/v3@* - golang.org/x/net/http2@v0.19.0 + golang.org/x/net/http2@v0.5.0
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/helm/v3 /usr/local/bin/helm +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2 +
      • + +
    • Introduced through: + + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.5.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    +
    +

    Directory Traversal

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/helm/v3 /usr/local/bin/helm +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/cyphar/filepath-securejoin +
      • + +
    • Introduced through: + + helm.sh/helm/v3@* and github.com/cyphar/filepath-securejoin@v0.2.3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + helm.sh/helm/v3@* + + github.com/cyphar/filepath-securejoin@v0.2.3 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Directory Traversal via the filepath.FromSlash() function, allwoing attackers to generate paths that were outside of the provided rootfs.

    +

    Note: + This vulnerability is only exploitable on Windows OS.

    +

    Details

    +

    A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.

    +

    Directory Traversal vulnerabilities can be generally divided into two types:

    +
      +
    • Information Disclosure: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.
      • +
    +

    st is a module for serving static files on web pages, and contains a vulnerability of this type. In our example, we will serve files from the public route.

    +

    If an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.

    + 
    curl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa
+
    +

    Note %2e is the URL encoded version of . (dot).

    +
      +
    • Writing arbitrary files: Allows the attacker to create or replace existing files. This type of vulnerability is also known as Zip-Slip.
      • +
    +

    One way to achieve this is by using a malicious zip archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.

    +

    The following is an example of a zip archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in /root/.ssh/ overwriting the authorized_keys file:

    + 
    2018-04-15 22:04:29 .....           19           19  good.txt
+        2018-04-15 22:04:42 .....           20           20  ../../../../../../root/.ssh/authorized_keys
+

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    +

    Upgrade github.com/cyphar/filepath-securejoin to version 0.2.4 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    @@ -572,7 +828,7 @@

    CVE-2020-22916

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -585,7 +841,7 @@

      CVE-2020-22916

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and xz-utils/liblzma5@5.2.5-2ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.7.17 and xz-utils/liblzma5@5.2.5-2ubuntu1
    @@ -598,7 +854,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 xz-utils/liblzma5@5.2.5-2ubuntu1 @@ -635,6 +891,82 @@

      References

      More about this vulnerability

    +
    +
    +

    CVE-2023-51767

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + openssh/openssh-client +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.17 and openssh/openssh-client@1:8.9p1-3ubuntu0.6 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + openssh/openssh-client@1:8.9p1-3ubuntu0.6 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 openssh.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Information Exposure

    @@ -648,7 +980,7 @@

    Information Exposure

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -661,7 +993,7 @@

      Information Exposure

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and libgcrypt20@1.9.4-3ubuntu3 + docker-image|quay.io/argoproj/argocd@v2.7.17 and libgcrypt20@1.9.4-3ubuntu3
    @@ -674,7 +1006,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 libgcrypt20@1.9.4-3ubuntu3 @@ -683,7 +1015,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -694,7 +1026,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -705,11 +1037,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 libgcrypt20@1.9.4-3ubuntu3 @@ -718,9 +1050,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + apt@2.4.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -731,7 +1063,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -744,7 +1076,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -757,7 +1089,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -770,7 +1102,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -783,7 +1115,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -796,7 +1128,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -809,11 +1141,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -839,7 +1171,6 @@

      References

    • http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236
    • https://access.redhat.com/security/cve/CVE-2024-2236
    • https://bugzilla.redhat.com/show_bug.cgi?id=2268268
      • -
    • https://bugzilla.redhat.com/show_bug.cgi?id=2245218
    @@ -850,7 +1181,7 @@

    References

    -

    CVE-2024-26461

    +

    CVE-2022-48624

    @@ -861,7 +1192,7 @@

    CVE-2024-26461

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -869,12 +1200,12 @@

      CVE-2024-26461

    • Vulnerable module: - krb5/libk5crypto3 + less
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.7.17 and less@590-1ubuntu0.22.04.1
    @@ -887,27 +1218,99 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + less@590-1ubuntu0.22.04.1
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream less package and not the less package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 less to version 590-1ubuntu0.22.04.2 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2024-26461

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + krb5/libk5crypto3 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -917,11 +1320,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -940,7 +1343,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -949,11 +1352,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -970,7 +1373,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -979,9 +1382,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -990,11 +1393,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1003,11 +1406,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1018,11 +1421,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -1037,7 +1440,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1081,7 +1484,7 @@

      CVE-2024-26462

      • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -1094,7 +1497,7 @@

        CVE-2024-26462

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.7.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
      @@ -1107,7 +1510,7 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1116,11 +1519,11 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -1137,11 +1540,11 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -1160,7 +1563,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1169,11 +1572,11 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -1190,7 +1593,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1199,9 +1602,9 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1210,11 +1613,11 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1223,11 +1626,11 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1238,11 +1641,11 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -1257,7 +1660,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1301,7 +1704,7 @@

        CVE-2024-26458

        • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:22.04 @@ -1314,7 +1717,7 @@

          CVE-2024-26458

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.7.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
        @@ -1327,7 +1730,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1336,11 +1739,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -1357,11 +1760,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -1380,7 +1783,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1389,11 +1792,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -1410,7 +1813,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1419,9 +1822,9 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1430,11 +1833,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1443,11 +1846,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1458,11 +1861,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -1477,7 +1880,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1510,7 +1913,7 @@

          References

    -

    LGPL-3.0 license

    +

    Infinite loop

    @@ -1521,20 +1924,20 @@

    LGPL-3.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang
    • - Module: + Vulnerable module: - gopkg.in/retry.v1 + google.golang.org/protobuf/internal/encoding/json
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 + github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0
    @@ -1549,7 +1952,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - gopkg.in/retry.v1@v1.0.3 + google.golang.org/protobuf/internal/encoding/json@v1.31.0 @@ -1560,17 +1963,28 @@

    Detailed paths

    -

    LGPL-3.0 license

    +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    +

    References

    +
    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Infinite loop

    +

    Stack-based Buffer Overflow

    @@ -1581,7 +1995,7 @@

    Infinite loop

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -1589,12 +2003,12 @@

      Infinite loop

    • Vulnerable module: - google.golang.org/protobuf/internal/encoding/json + google.golang.org/protobuf/encoding/protojson
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0 + github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0
    @@ -1609,7 +2023,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - google.golang.org/protobuf/internal/encoding/json@v1.31.0 + google.golang.org/protobuf/encoding/protojson@v1.31.0 @@ -1621,27 +2035,24 @@

    Detailed paths

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    Remediation

    -

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Stack-based Buffer Overflow

    +

    Infinite loop

    @@ -1652,7 +2063,7 @@

    Stack-based Buffer Overflow

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -1692,24 +2103,27 @@

      Detailed paths

      Overview

      -

      Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

      +

      Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

      +

      Note:

      +

      This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

      Remediation

      -

      Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

      +

      Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Infinite loop

    +

    Allocation of Resources Without Limits or Throttling

    @@ -1720,7 +2134,7 @@

    Infinite loop

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/helm/v3 /usr/local/bin/helm
    • Package Manager: golang @@ -1728,12 +2142,12 @@

      Infinite loop

    • Vulnerable module: - google.golang.org/protobuf/encoding/protojson + golang.org/x/net/http2
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.5.0
    @@ -1746,9 +2160,9 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + helm.sh/helm/v3@* - google.golang.org/protobuf/encoding/protojson@v1.31.0 + golang.org/x/net/http2@v0.5.0 @@ -1760,22 +2174,23 @@

      Detailed paths

      Overview

      -

      Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

      +

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      +

      Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when MaxConcurrentStreams handler goroutines running. A a handler is started until one of the existing handlers exits.

      Note:

      -

      This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

      +

      This issue is related to CVE-2023-44487

      Remediation

      -

      Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

      +

      Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -1791,7 +2206,7 @@

    Authentication Bypass by Capture-replay

    @@ -1878,7 +2288,7 @@

    References

    -

    MPL-2.0 license

    +

    Information Exposure

    @@ -1889,20 +2299,20 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/r3labs/diff + gnutls28/libgnutls30
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 + docker-image|quay.io/argoproj/argocd@v2.7.17 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4
    @@ -1915,69 +2325,74 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.7.17 - github.com/r3labs/diff@v1.1.0 + gnutls28/libgnutls30@3.7.3-4ubuntu1.4
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-version -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1 - -
      • -
    +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + apt@2.4.11 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + -
    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + -

    Detailed paths

    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + openldap/libldap-2.5-0@2.5.16+dfsg-0ubuntu0.22.04.2 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + -
    • -

    MPL-2.0 license

    +

    Uncaught Exception

    @@ -2009,20 +2437,20 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/hashicorp/go-retryablehttp + gnutls28/libgnutls30
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4 + docker-image|quay.io/argoproj/argocd@v2.7.17 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4
    @@ -2035,54 +2463,1105 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.7.17 - github.com/hashicorp/go-retryablehttp@v0.7.4 + gnutls28/libgnutls30@3.7.3-4ubuntu1.4
      • -
    +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + apt@2.4.11 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + openldap/libldap-2.5-0@2.5.16+dfsg-0ubuntu0.22.04.2 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
    • + + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 gnutls28.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/r3labs/diff +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + github.com/r3labs/diff@v1.1.0 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-version +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + github.com/hashicorp/go-version@v1.2.1 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-retryablehttp +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + github.com/hashicorp/go-retryablehttp@v0.7.0 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-cleanhttp +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + github.com/hashicorp/go-cleanhttp@v0.5.2 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/gosimple/slug +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + github.com/gosimple/slug@v1.13.1 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/helm/v3 /usr/local/bin/helm +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/docker/distribution/registry/api/v2 +
      • + +
    • Introduced through: + + helm.sh/helm/v3@* and github.com/docker/distribution/registry/api/v2@v2.8.1+incompatible + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + helm.sh/helm/v3@* + + github.com/docker/distribution/registry/api/v2@v2.8.1+incompatible + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper validation of the value passed to the n parameter in the /v2/_catalog endpoint. + Exploiting this vulnerability is possible by sending a crafted malicious request to the /v2/_catalog API endpoint, which results in an allocation of a massive string array and excessive use of memory.

    +

    Remediation

    +

    Upgrade github.com/docker/distribution/registry/api/v2 to version 2.8.2-beta.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Resource Exhaustion

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + expat/libexpat1 +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.7.17, git@1:2.34.1-1ubuntu1.10 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + expat/libexpat1@2.4.7-1ubuntu0.2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 expat to version 2.4.7-1ubuntu0.3 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2024-28757

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + expat/libexpat1 +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.7.17, git@1:2.34.1-1ubuntu1.10 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + expat/libexpat1@2.4.7-1ubuntu0.2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 expat to version 2.4.7-1ubuntu0.3 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Out-of-bounds Write

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + bash +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.17 and bash@5.1-6ubuntu1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + bash@5.1-6ubuntu1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream bash package and not the bash package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 bash to version 5.1-6ubuntu1.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2023-7008

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + systemd/libsystemd0 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.17 and systemd/libsystemd0@249.11-0ubuntu3.12 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + systemd/libsystemd0@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + apt@2.4.11 + + systemd/libsystemd0@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + procps/libprocps8@2:3.3.17-6ubuntu2.1 + + systemd/libsystemd0@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + util-linux@2.37.2-4ubuntu3 + + systemd/libsystemd0@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + util-linux/bsdutils@1:2.37.2-4ubuntu3 + + systemd/libsystemd0@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + apt@2.4.11 + + apt/libapt-pkg6.0@2.4.11 + + systemd/libsystemd0@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + systemd/libudev1@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + libfido2/libfido2-1@1.10.0-1 + + systemd/libudev1@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + util-linux@2.37.2-4ubuntu3 + + systemd/libudev1@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + apt@2.4.11 + + apt/libapt-pkg6.0@2.4.11 + + systemd/libudev1@249.11-0ubuntu3.12 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 systemd.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Arbitrary Code Injection

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + shadow/passwd +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.17 and shadow/passwd@1:4.8.1-2ubuntu2.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + openssh/openssh-client@1:8.9p1-3ubuntu0.6 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + shadow/login@1:4.8.1-2ubuntu2.1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 shadow.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Improper Authentication

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + shadow/passwd +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.17 and shadow/passwd@1:4.8.1-2ubuntu2.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + openssh/openssh-client@1:8.9p1-3ubuntu0.6 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + shadow/login@1:4.8.1-2ubuntu2.1 + + + +
      • +
    -

    MPL-2.0 license

    +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 shadow to version 1:4.8.1-2ubuntu2.2 or higher.

    +

    References

    +
    -

    More about this vulnerability

    +

    More about this vulnerability

    -
    -

    MPL-2.0 license

    +
    +

    Uncontrolled Recursion

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/hashicorp/go-multierror + pcre3/libpcre3
    • Introduced through: - helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1 + docker-image|quay.io/argoproj/argocd@v2.7.17 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    @@ -2095,9 +3574,20 @@

    Detailed paths

    • Introduced through: - helm.sh/helm/v3@* + docker-image|quay.io/argoproj/argocd@v2.7.17 + + pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 - github.com/hashicorp/go-multierror@v1.1.1 + grep@3.7-1build1 + + pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -2108,41 +3598,58 @@

      Detailed paths

      -

      MPL-2.0 license

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

      +

      Remediation

      +

      There is no fixed version for Ubuntu:22.04 pcre3.

      +

      References

      +
      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    MPL-2.0 license

    +
    +

    Release of Invalid Pointer or Reference

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/hashicorp/go-cleanhttp + patch
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2 + docker-image|quay.io/argoproj/argocd@v2.7.17 and patch@2.7.6-7build2
    @@ -2155,9 +3662,9 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.7.17 - github.com/hashicorp/go-cleanhttp@v0.5.2 + patch@2.7.6-7build2 @@ -2168,41 +3675,51 @@

      Detailed paths

      -

      MPL-2.0 license

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

      +

      Remediation

      +

      There is no fixed version for Ubuntu:22.04 patch.

      +

      References

      +
      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    MPL-2.0 license

    +
    +

    Double Free

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/gosimple/slug + patch
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1 + docker-image|quay.io/argoproj/argocd@v2.7.17 and patch@2.7.6-7build2
    @@ -2215,9 +3732,9 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.7.17 - github.com/gosimple/slug@v1.13.1 + patch@2.7.6-7build2 @@ -2228,41 +3745,56 @@

      Detailed paths

      -

      MPL-2.0 license

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

      +

      Remediation

      +

      There is no fixed version for Ubuntu:22.04 patch.

      +

      References

      +
      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    Improper Handling of Highly Compressed Data (Data Amplification)

    +
    +

    Improper Check for Unusual or Exceptional Conditions

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • Vulnerable module: - github.com/go-jose/go-jose/v3 + openssl/libssl3
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.1 + docker-image|quay.io/argoproj/argocd@v2.7.17 and openssl/libssl3@3.0.2-0ubuntu1.13
    @@ -2275,9 +3807,113 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.7.17 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + libfido2/libfido2-1@1.10.0-1 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + openssh/openssh-client@1:8.9p1-3ubuntu0.6 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + ca-certificates@20230311ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.13 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + adduser@3.118ubuntu5 - github.com/go-jose/go-jose/v3@v3.0.1 + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + openssl@3.0.2-0ubuntu1.13 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + ca-certificates@20230311ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.13 @@ -2288,26 +3924,56 @@

      Detailed paths

      -

      Overview

      -

      Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      Issue summary: Generating excessively long X9.42 DH keys or checking + excessively long X9.42 DH keys or parameters may be very slow.

      +

      Impact summary: Applications that use the functions DH_generate_key() to + generate an X9.42 DH key may experience long delays. Likewise, applications + that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() + to check an X9.42 DH key or X9.42 DH parameters may experience long delays. + Where the key or parameters that are being checked have been obtained from + an untrusted source this may lead to a Denial of Service.

      +

      While DH_check() performs all the necessary checks (as of CVE-2023-3817), + DH_check_pub_key() doesn't make any of these checks, and is therefore + vulnerable for excessively large P and Q parameters.

      +

      Likewise, while DH_generate_key() performs a check for an excessively large + P, it doesn't check for an excessively large Q.

      +

      An application that calls DH_generate_key() or DH_check_pub_key() and + supplies a key or parameters obtained from an untrusted source could be + vulnerable to a Denial of Service attack.

      +

      DH_generate_key() and DH_check_pub_key() are also called by a number of + other OpenSSL functions. An application calling any of those other + functions may similarly be affected. The other functions affected by this + are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

      +

      Also vulnerable are the OpenSSL pkey command line application when using the + "-pubcheck" option, as well as the OpenSSL genpkey command line application.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      +

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      Remediation

      -

      Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

      +

      Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.14 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2023-7008

    +

    Out-of-bounds Write

    @@ -2318,7 +3984,7 @@

    CVE-2023-7008

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2326,12 +3992,12 @@

      CVE-2023-7008

    • Vulnerable module: - systemd/libsystemd0 + openssl/libssl3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and systemd/libsystemd0@249.11-0ubuntu3.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 and openssl/libssl3@3.0.2-0ubuntu1.13
    @@ -2344,110 +4010,113 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - systemd/libsystemd0@249.11-0ubuntu3.12 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - systemd/libsystemd0@249.11-0ubuntu3.12 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - procps/libprocps8@2:3.3.17-6ubuntu2.1 + libfido2/libfido2-1@1.10.0-1 - systemd/libsystemd0@249.11-0ubuntu3.12 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - util-linux@2.37.2-4ubuntu3.4 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 - systemd/libsystemd0@249.11-0ubuntu3.12 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - util-linux/bsdutils@1:2.37.2-4ubuntu3.4 + ca-certificates@20230311ubuntu0.22.04.1 - systemd/libsystemd0@249.11-0ubuntu3.12 + openssl@3.0.2-0ubuntu1.13 + + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + git@1:2.34.1-1ubuntu1.10 - apt/libapt-pkg6.0@2.4.12 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - systemd/libudev1@249.11-0ubuntu3.12 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - libfido2/libfido2-1@1.10.0-1 + adduser@3.118ubuntu5 - systemd/libudev1@249.11-0ubuntu3.12 + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - util-linux@2.37.2-4ubuntu3.4 - - systemd/libudev1@249.11-0ubuntu3.12 + openssl@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + ca-certificates@20230311ubuntu0.22.04.1 - apt/libapt-pkg6.0@2.4.12 - - systemd/libudev1@249.11-0ubuntu3.12 + openssl@3.0.2-0ubuntu1.13 @@ -2459,32 +4128,57 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

      +

      Issue summary: The POLY1305 MAC (message authentication code) implementation + contains a bug that might corrupt the internal state of applications running + on PowerPC CPU based platforms if the CPU provides vector instructions.

      +

      Impact summary: If an attacker can influence whether the POLY1305 MAC + algorithm is used, the application state might be corrupted with various + application dependent consequences.

      +

      The POLY1305 MAC (message authentication code) implementation in OpenSSL for + PowerPC CPUs restores the contents of vector registers in a different order + than they are saved. Thus the contents of some of these vector registers + are corrupted when returning to the caller. The vulnerable code is used only + on newer PowerPC processors supporting the PowerISA 2.07 instructions.

      +

      The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the application + process. However unless the compiler uses the vector registers for storing + pointers, the most likely consequence, if any, would be an incorrect result + of some application dependent calculations or a crash leading to a denial of + service.

      +

      The POLY1305 MAC algorithm is most frequently used as part of the + CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) + algorithm. The most common usage of this AEAD cipher is with TLS protocol + versions 1.2 and 1.3. If this cipher is enabled on the server a malicious + client can influence whether this AEAD cipher is used. This implies that + TLS server applications using OpenSSL can be potentially impacted. However + we are currently not aware of any concrete application that would be affected + by this issue therefore we consider this a Low severity security issue.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 systemd.

      +

      Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.14 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Arbitrary Code Injection

    +

    CVE-2023-6237

    @@ -2495,7 +4189,7 @@

    Arbitrary Code Injection

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2503,12 +4197,12 @@

      Arbitrary Code Injection

    • Vulnerable module: - shadow/passwd + openssl/libssl3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and shadow/passwd@1:4.8.1-2ubuntu2.2 + docker-image|quay.io/argoproj/argocd@v2.7.17 and openssl/libssl3@3.0.2-0ubuntu1.13
    @@ -2521,124 +4215,113 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - shadow/passwd@1:4.8.1-2ubuntu2.2 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - adduser@3.118ubuntu5 + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - shadow/passwd@1:4.8.1-2ubuntu2.2 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + libfido2/libfido2-1@1.10.0-1 - shadow/passwd@1:4.8.1-2ubuntu2.2 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 + + openssh/openssh-client@1:8.9p1-3ubuntu0.6 - shadow/login@1:4.8.1-2ubuntu2.2 + openssl/libssl3@3.0.2-0ubuntu1.13
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 shadow.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Uncontrolled Recursion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - pcre3/libpcre3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.9 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - -
      • -
    - -
    +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + ca-certificates@20230311ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.13 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + -

    Detailed paths

    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + -
    • -

    Release of Invalid Pointer or Reference

    +

    CVE-2024-0727

    @@ -2687,7 +4360,7 @@

    Release of Invalid Pointer or Reference

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2695,12 +4368,12 @@

      Release of Invalid Pointer or Reference

    • Vulnerable module: - patch + openssl/libssl3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.7.17 and openssl/libssl3@3.0.2-0ubuntu1.13
    @@ -2713,79 +4386,113 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - patch@2.7.6-7build2 + openssl/libssl3@3.0.2-0ubuntu1.13
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 patch.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Double Free

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - patch -
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + -
    • Introduced through: +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + libfido2/libfido2-1@1.10.0-1 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + - docker-image|quay.io/argoproj/argocd@v2.10.9 and patch@2.7.6-7build2 +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + openssh/openssh-client@1:8.9p1-3ubuntu0.6 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + -
      • -
    + +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + ca-certificates@20230311ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.13 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + -
    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + openssl/libssl3@3.0.2-0ubuntu1.13 + + -

    Detailed paths

    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + openssl@3.0.2-0ubuntu1.13 + + -
    • @@ -2832,7 +4555,7 @@

    CVE-2023-50495

    • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2845,7 +4568,7 @@

      CVE-2023-50495

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.7.17 and ncurses/libtinfo6@6.3-2ubuntu0.1
    @@ -2858,7 +4581,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2867,9 +4590,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - bash@5.1-6ubuntu1.1 + bash@5.1-6ubuntu1 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2878,7 +4601,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -2889,9 +4612,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - less@590-1ubuntu0.22.04.3 + less@590-1ubuntu0.22.04.1 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2900,7 +4623,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 libedit/libedit2@3.1-20210910-1build1 @@ -2911,7 +4634,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -2922,7 +4645,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -2933,7 +4656,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 procps@2:3.3.17-6ubuntu2.1 @@ -2944,9 +4667,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2955,7 +4678,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2970,7 +4693,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2985,7 +4708,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -2994,7 +4717,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 procps@2:3.3.17-6ubuntu2.1 @@ -3005,7 +4728,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3020,7 +4743,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3029,7 +4752,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 procps@2:3.3.17-6ubuntu2.1 @@ -3040,7 +4763,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/ncurses-base@6.3-2ubuntu0.1 @@ -3049,7 +4772,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3096,7 +4819,7 @@

      CVE-2023-45918

      • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -3109,7 +4832,7 @@

        CVE-2023-45918

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.7.17 and ncurses/libtinfo6@6.3-2ubuntu0.1
      @@ -3122,7 +4845,7 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3131,9 +4854,9 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - bash@5.1-6ubuntu1.1 + bash@5.1-6ubuntu1 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3142,7 +4865,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3153,9 +4876,9 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - less@590-1ubuntu0.22.04.3 + less@590-1ubuntu0.22.04.1 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3164,7 +4887,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 libedit/libedit2@3.1-20210910-1build1 @@ -3175,7 +4898,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3186,7 +4909,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3197,7 +4920,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 procps@2:3.3.17-6ubuntu2.1 @@ -3208,9 +4931,9 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3219,7 +4942,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3234,7 +4957,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3249,7 +4972,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3258,7 +4981,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 procps@2:3.3.17-6ubuntu2.1 @@ -3269,7 +4992,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3284,7 +5007,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3293,7 +5016,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 procps@2:3.3.17-6ubuntu2.1 @@ -3304,7 +5027,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/ncurses-base@6.3-2ubuntu0.1 @@ -3313,7 +5036,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3358,7 +5081,7 @@

        Resource Exhaustion

        • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:22.04 @@ -3371,7 +5094,7 @@

          Resource Exhaustion

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and libzstd/libzstd1@1.4.8+dfsg-3build1 + docker-image|quay.io/argoproj/argocd@v2.7.17 and libzstd/libzstd1@1.4.8+dfsg-3build1
        @@ -3384,7 +5107,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 libzstd/libzstd1@1.4.8+dfsg-3build1 @@ -3405,15 +5128,15 @@

          Remediation

          There is no fixed version for Ubuntu:22.04 libzstd.

          References

          @@ -3435,7 +5158,7 @@

          Integer Overflow or Wraparound

          • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
          • Package Manager: ubuntu:22.04 @@ -3448,7 +5171,7 @@

            Integer Overflow or Wraparound

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.7.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
          @@ -3461,7 +5184,7 @@

          Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -3470,11 +5193,11 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -3491,11 +5214,11 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -3514,7 +5237,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -3523,11 +5246,11 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -3544,7 +5267,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -3553,9 +5276,9 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -3564,11 +5287,11 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -3577,11 +5300,11 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -3592,11 +5315,11 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -3611,7 +5334,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -3659,7 +5382,7 @@

            Out-of-bounds Write

            • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
            • Package Manager: ubuntu:22.04 @@ -3672,7 +5395,7 @@

              Out-of-bounds Write

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.7.17 and gnupg2/gpgv@2.2.27-3ubuntu2.1
            @@ -3685,7 +5408,7 @@

            Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -3694,9 +5417,9 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + apt@2.4.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -3705,7 +5428,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3716,7 +5439,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -3727,7 +5450,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3738,7 +5461,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3751,7 +5474,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3764,7 +5487,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -3773,7 +5496,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3784,7 +5507,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3797,7 +5520,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -3806,7 +5529,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3817,7 +5540,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -3826,7 +5549,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3837,7 +5560,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3846,7 +5569,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3857,7 +5580,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3870,7 +5593,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3883,7 +5606,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -3892,7 +5615,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3903,7 +5626,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3916,7 +5639,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3929,7 +5652,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -3938,7 +5661,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3949,7 +5672,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -3958,7 +5681,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3969,7 +5692,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -3978,7 +5701,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3989,7 +5712,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4010,13 +5733,13 @@

              Remediation

              There is no fixed version for Ubuntu:22.04 gnupg2.

              References

              @@ -4038,7 +5761,7 @@

              Allocation of Resources Without Limits or Throttling

            • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
            • Package Manager: ubuntu:22.04 @@ -4051,7 +5774,7 @@

              Allocation of Resources Without Limits or Throttling

              Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and glibc/libc-bin@2.35-0ubuntu3.7 + docker-image|quay.io/argoproj/argocd@v2.7.17 and glibc/libc-bin@2.35-0ubuntu3.6
            @@ -4064,18 +5787,18 @@

            Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - glibc/libc-bin@2.35-0ubuntu3.7 + glibc/libc-bin@2.35-0ubuntu3.6
            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - glibc/libc6@2.35-0ubuntu3.7 + glibc/libc6@2.35-0ubuntu3.6 @@ -4094,10 +5817,10 @@

              Remediation

              There is no fixed version for Ubuntu:22.04 glibc.

              References

              @@ -4119,7 +5842,7 @@

              Improper Input Validation

              • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
              • Package Manager: ubuntu:22.04 @@ -4133,7 +5856,7 @@

                Improper Input Validation

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9, git@1:2.34.1-1ubuntu1.10 and others + docker-image|quay.io/argoproj/argocd@v2.7.17, git@1:2.34.1-1ubuntu1.10 and others
              @@ -4145,7 +5868,7 @@

              Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 git@1:2.34.1-1ubuntu1.10 @@ -4156,7 +5879,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 git@1:2.34.1-1ubuntu1.10 @@ -4165,7 +5888,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 git-lfs@3.0.2-1ubuntu0.2 @@ -4188,8 +5911,8 @@

                Remediation

                There is no fixed version for Ubuntu:22.04 git.

                References

                @@ -4212,7 +5935,7 @@

                Uncontrolled Recursion

                • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
                • Package Manager: ubuntu:22.04 @@ -4225,7 +5948,7 @@

                  Uncontrolled Recursion

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 + docker-image|quay.io/argoproj/argocd@v2.7.17 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04
                @@ -4238,7 +5961,7 @@

                Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4247,9 +5970,9 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + apt@2.4.11 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4258,11 +5981,11 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4271,7 +5994,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 @@ -4280,7 +6003,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 @@ -4327,7 +6050,7 @@

                  Improper Input Validation

                  • - Manifest file: quay.io/argoproj/argocd:v2.10.9/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
                  • Package Manager: ubuntu:22.04 @@ -4340,7 +6063,7 @@

                    Improper Input Validation

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 and coreutils@8.32-4.1ubuntu1.2 + docker-image|quay.io/argoproj/argocd@v2.7.17 and coreutils@8.32-4.1ubuntu1
                  @@ -4353,9 +6076,9 @@

                  Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.9 + docker-image|quay.io/argoproj/argocd@v2.7.17 - coreutils@8.32-4.1ubuntu1.2 + coreutils@8.32-4.1ubuntu1 @@ -4374,12 +6097,12 @@

                    Remediation

                    There is no fixed version for Ubuntu:22.04 coreutils.

                    References

                    diff --git a/docs/snyk/v2.7.17/redis_7.0.14-alpine.html b/docs/snyk/v2.7.17/redis_7.0.14-alpine.html new file mode 100644 index 0000000000000..ea9cd5f9152fd --- /dev/null +++ b/docs/snyk/v2.7.17/redis_7.0.14-alpine.html @@ -0,0 +1,993 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
                    +
                    +
                    +
                    + + + Snyk - Open Source Security + + + + + + + +
                    +

                    Snyk test report

                    + +

                    March 24th 2024, 12:22:21 am (UTC+00:00)

                    +
                    +
                    + Scanned the following paths: +
                      +
                    • redis:7.0.14-alpine (apk)
                      • +
                    • redis:7.0.14-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
                      • +
                    +
                    + +
                    +
                    3 known vulnerabilities
                    +
                    27 vulnerable dependency paths
                    +
                    19 dependencies
                    +
                    +
                    +
                    +
                    + +
                    +
                    +
                    +

                    Out-of-bounds Write

                    +
                    + +
                    + medium severity +
                    + +
                    + +
                      +
                    • + Package Manager: alpine:3.19 +
                      • +
                    • + Vulnerable module: + + openssl/libcrypto3 +
                      • + +
                    • Introduced through: + + docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 + +
                      • +
                    + +
                    + + +

                    Detailed paths

                    + +
                      +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libssl3@3.1.4-r2 + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + openssl/libssl3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libssl3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libssl3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libssl3@3.1.4-r2 + + + +
                      • +
                    + +
                    + +
                    + +

                    NVD Description

                    +

                    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

                    +

                    Issue summary: The POLY1305 MAC (message authentication code) implementation + contains a bug that might corrupt the internal state of applications running + on PowerPC CPU based platforms if the CPU provides vector instructions.

                    +

                    Impact summary: If an attacker can influence whether the POLY1305 MAC + algorithm is used, the application state might be corrupted with various + application dependent consequences.

                    +

                    The POLY1305 MAC (message authentication code) implementation in OpenSSL for + PowerPC CPUs restores the contents of vector registers in a different order + than they are saved. Thus the contents of some of these vector registers + are corrupted when returning to the caller. The vulnerable code is used only + on newer PowerPC processors supporting the PowerISA 2.07 instructions.

                    +

                    The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the application + process. However unless the compiler uses the vector registers for storing + pointers, the most likely consequence, if any, would be an incorrect result + of some application dependent calculations or a crash leading to a denial of + service.

                    +

                    The POLY1305 MAC algorithm is most frequently used as part of the + CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) + algorithm. The most common usage of this AEAD cipher is with TLS protocol + versions 1.2 and 1.3. If this cipher is enabled on the server a malicious + client can influence whether this AEAD cipher is used. This implies that + TLS server applications using OpenSSL can be potentially impacted. However + we are currently not aware of any concrete application that would be affected + by this issue therefore we consider this a Low severity security issue.

                    +

                    Remediation

                    +

                    Upgrade Alpine:3.19 openssl to version 3.1.4-r3 or higher.

                    +

                    References

                    + + +
                    + +
                    +

                    More about this vulnerability

                    +
                    + +
                    +
                    +

                    CVE-2024-0727

                    +
                    + +
                    + medium severity +
                    + +
                    + +
                      +
                    • + Package Manager: alpine:3.19 +
                      • +
                    • + Vulnerable module: + + openssl/libcrypto3 +
                      • + +
                    • Introduced through: + + docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 + +
                      • +
                    + +
                    + + +

                    Detailed paths

                    + +
                      +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libssl3@3.1.4-r2 + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + openssl/libssl3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libssl3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libssl3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libssl3@3.1.4-r2 + + + +
                      • +
                    + +
                    + +
                    + +

                    NVD Description

                    +

                    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

                    +

                    Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL + to crash leading to a potential Denial of Service attack

                    +

                    Impact summary: Applications loading files in the PKCS12 format from untrusted + sources might terminate abruptly.

                    +

                    A file in PKCS12 format can contain certificates and keys and may come from an + untrusted source. The PKCS12 specification allows certain fields to be NULL, but + OpenSSL does not correctly check for this case. This can lead to a NULL pointer + dereference that results in OpenSSL crashing. If an application processes PKCS12 + files from an untrusted source using the OpenSSL APIs then that application will + be vulnerable to this issue.

                    +

                    OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), + PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() + and PKCS12_newpass().

                    +

                    We have also fixed a similar issue in SMIME_write_PKCS7(). However since this + function is related to writing data we do not consider it security significant.

                    +

                    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

                    +

                    Remediation

                    +

                    Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

                    +

                    References

                    + + +
                    + +
                    +

                    More about this vulnerability

                    +
                    + +
                    +
                    +

                    CVE-2023-6237

                    +
                    + +
                    + low severity +
                    + +
                    + +
                      +
                    • + Package Manager: alpine:3.19 +
                      • +
                    • + Vulnerable module: + + openssl/libcrypto3 +
                      • + +
                    • Introduced through: + + docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 + +
                      • +
                    + +
                    + + +

                    Detailed paths

                    + +
                      +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libssl3@3.1.4-r2 + + openssl/libcrypto3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + openssl/libssl3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libssl3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libssl3@3.1.4-r2 + + + +
                      • +
                    • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libssl3@3.1.4-r2 + + + +
                      • +
                    + +
                    + +
                    + +

                    NVD Description

                    +

                    This vulnerability has not been analyzed by NVD yet.

                    +

                    Remediation

                    +

                    Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

                    + +
                    + +
                    +

                    More about this vulnerability

                    +
                    + +
                    +
                    +
                    +
                    + + + diff --git a/docs/snyk/v2.8.18/argocd-iac-install.html b/docs/snyk/v2.8.13/argocd-iac-install.html similarity index 98% rename from docs/snyk/v2.8.18/argocd-iac-install.html rename to docs/snyk/v2.8.13/argocd-iac-install.html index fc5b4388a1a3b..8e0c8abdd40c3 100644 --- a/docs/snyk/v2.8.18/argocd-iac-install.html +++ b/docs/snyk/v2.8.13/argocd-iac-install.html @@ -456,7 +456,7 @@

                    Snyk test report

                    -

                    May 5th 2024, 12:27:04 am (UTC+00:00)

                    +

                    March 24th 2024, 12:21:30 am (UTC+00:00)

                    Scanned the following path: @@ -507,7 +507,7 @@

                    Role or ClusterRole with dangerous permissions

                  • - Line number: 18460 + Line number: 18466
                  @@ -553,7 +553,7 @@

                  Role or ClusterRole with dangerous permissions

                • - Line number: 18537 + Line number: 18543
                @@ -599,7 +599,7 @@

                Role or ClusterRole with dangerous permissions

              • - Line number: 18565 + Line number: 18571
              @@ -645,7 +645,7 @@

              Role or ClusterRole with dangerous permissions

            • - Line number: 18595 + Line number: 18601
            @@ -691,7 +691,7 @@

            Role or ClusterRole with dangerous permissions

          • - Line number: 18613 + Line number: 18619
          @@ -737,7 +737,7 @@

          Role or ClusterRole with dangerous permissions

        • - Line number: 18629 + Line number: 18635
        @@ -789,7 +789,7 @@

        Container could be running with outdated image

      • - Line number: 19755 + Line number: 19761
      @@ -847,7 +847,7 @@

      Container has no CPU limit

    • - Line number: 19112 + Line number: 19118
    @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 19345 + Line number: 19351
    • @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 19311 + Line number: 19317
    • @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 19405 + Line number: 19411
    • @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 19498 + Line number: 19504
    • @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 19755 + Line number: 19761
    • @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 19555 + Line number: 19561
    • @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 19840 + Line number: 19846
    • @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 20162 + Line number: 20168
    • @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 19325 + Line number: 19331
    • @@ -1415,7 +1415,7 @@

    Container is running without liveness probe

  • - Line number: 19112 + Line number: 19118
    • @@ -1467,7 +1467,7 @@

    Container is running without liveness probe

  • - Line number: 19311 + Line number: 19317
    • @@ -1519,7 +1519,7 @@

    Container is running without liveness probe

  • - Line number: 19498 + Line number: 19504
    • @@ -1577,7 +1577,7 @@

    Container is running without memory limit

  • - Line number: 19112 + Line number: 19118
    • @@ -1635,7 +1635,7 @@

    Container is running without memory limit

  • - Line number: 19311 + Line number: 19317
    • @@ -1693,7 +1693,7 @@

    Container is running without memory limit

  • - Line number: 19345 + Line number: 19351
    • @@ -1751,7 +1751,7 @@

    Container is running without memory limit

  • - Line number: 19405 + Line number: 19411
    • @@ -1809,7 +1809,7 @@

    Container is running without memory limit

  • - Line number: 19498 + Line number: 19504
    • @@ -1867,7 +1867,7 @@

    Container is running without memory limit

  • - Line number: 19755 + Line number: 19761
    • @@ -1925,7 +1925,7 @@

    Container is running without memory limit

  • - Line number: 19555 + Line number: 19561
    • @@ -1983,7 +1983,7 @@

    Container is running without memory limit

  • - Line number: 19840 + Line number: 19846
    • @@ -2041,7 +2041,7 @@

    Container is running without memory limit

  • - Line number: 20162 + Line number: 20168
    • @@ -2097,7 +2097,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19235 + Line number: 19241
    • @@ -2153,7 +2153,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19353 + Line number: 19359
    • @@ -2209,7 +2209,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19328 + Line number: 19334
    • @@ -2265,7 +2265,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19432 + Line number: 19438
    • @@ -2321,7 +2321,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19508 + Line number: 19514
    • @@ -2377,7 +2377,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19762 + Line number: 19768
    • @@ -2433,7 +2433,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19728 + Line number: 19734
    • @@ -2489,7 +2489,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 20072 + Line number: 20078
    • diff --git a/docs/snyk/v2.8.18/argocd-iac-namespace-install.html b/docs/snyk/v2.8.13/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.8.18/argocd-iac-namespace-install.html rename to docs/snyk/v2.8.13/argocd-iac-namespace-install.html index d177cdcf0a0a9..17296cd003c37 100644 --- a/docs/snyk/v2.8.18/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.8.13/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:27:13 am (UTC+00:00)

    +

    March 24th 2024, 12:21:38 am (UTC+00:00)

    Scanned the following path: @@ -2545,7 +2545,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1828 + Line number: 1822
    • diff --git a/docs/snyk/v2.8.13/argocd-test.html b/docs/snyk/v2.8.13/argocd-test.html new file mode 100644 index 0000000000000..8f02f01423f2f --- /dev/null +++ b/docs/snyk/v2.8.13/argocd-test.html @@ -0,0 +1,3027 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    March 24th 2024, 12:19:50 am (UTC+00:00)

    +
    +
    + Scanned the following paths: +
      +
    • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
      • +
    • /argo-cd/ui/yarn.lock (yarn)
      • +
    +
    + +
    +
    12 known vulnerabilities
    +
    108 vulnerable dependency paths
    +
    1856 dependencies
    +
    +
    +
    +
    + +
    +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/go-jose/go-jose/v3 +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/coreos/go-oidc/v3/oidc@3.6.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/coreos/go-oidc/v3/oidc@3.6.0 + + github.com/go-jose/go-jose/v3@3.0.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    LGPL-3.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + gopkg.in/retry.v1 +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/Azure/kubelogin/pkg/token@0.0.20 + + gopkg.in/retry.v1@1.0.3 + + + +
      • +
    + +
    + +
    + +

    LGPL-3.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/internal/encoding/json +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#d56162821bd1 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Stack-based Buffer Overflow

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#d56162821bd1 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.7.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#d56162821bd1 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.7.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Authentication Bypass by Capture-replay

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/crypto/ssh +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/crypto/ssh@0.16.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/crypto/ssh is a SSH client and server

    +

    Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

    +

    Note:

    +
      +

    1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

      +
      2. +

    2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

      +
      3. +
    +

    Impact:

    +

    While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

    +

    Workaround

    +

    Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

    +

    Remediation

    +

    Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/r3labs/diff +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/r3labs/diff@1.1.0 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-version +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.15.1 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + code.gitea.io/sdk/gitea@0.15.1 + + github.com/hashicorp/go-version@1.2.1 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-retryablehttp +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.4 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/xanzy/go-gitlab@0.86.0 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-cleanhttp +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.4 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/xanzy/go-gitlab@0.86.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/xanzy/go-gitlab@0.86.0 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/gosimple/slug +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/gosimple/slug@1.13.1 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Improper Handling of Highly Compressed Data (Data Amplification)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/go-jose/go-jose/v3 +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/coreos/go-oidc/v3/oidc@3.6.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/coreos/go-oidc/v3/oidc@3.6.0 + + github.com/go-jose/go-jose/v3@3.0.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

    +

    Remediation

    +

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +
    +
    + + + diff --git a/docs/snyk/v2.10.9/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html similarity index 89% rename from docs/snyk/v2.10.9/ghcr.io_dexidp_dex_v2.37.0.html rename to docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html index f388b196b9e93..24a737a6ba12f 100644 --- a/docs/snyk/v2.10.9/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:20:48 am (UTC+00:00)

    +

    March 24th 2024, 12:19:56 am (UTC+00:00)

    Scanned the following paths: @@ -469,8 +469,8 @@

    Snyk test report

    -
    44 known vulnerabilities
    -
    130 vulnerable dependency paths
    +
    42 known vulnerabilities
    +
    121 vulnerable dependency paths
    786 dependencies

    @@ -655,7 +655,7 @@

    Remediation

    Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

    References

    @@ -818,14 +818,14 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    References

    @@ -904,7 +904,6 @@

    References

    -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.7.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.11.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Heap-based Buffer Overflow

    @@ -1236,7 +1154,6 @@

    Remediation

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

    References

    @@ -1386,13 +1303,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

    References

    @@ -1545,18 +1462,18 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

    References

    @@ -1707,20 +1624,20 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    References

    @@ -1875,14 +1792,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

    References

    @@ -2046,10 +1962,6 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • -
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • -
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -2196,14 +2108,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    References

    @@ -2734,18 +2645,13 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
    • -
  • GitHub Commit
    • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • GitHub Issue
  • GitHub Issue
    • -
  • GitHub PR
  • Go Forum
  • Google Groups Forum
    • -
  • Jenkins Advisory
  • Security Release
    • -
  • Nuclei Templates
    • @@ -4412,38 +4318,9 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    -

    References

    -
    @@ -4452,158 +4329,6 @@

    References

    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    diff --git a/docs/snyk/v2.9.14/haproxy_2.6.14-alpine.html b/docs/snyk/v2.8.13/haproxy_2.6.14-alpine.html similarity index 78% rename from docs/snyk/v2.9.14/haproxy_2.6.14-alpine.html rename to docs/snyk/v2.8.13/haproxy_2.6.14-alpine.html index 0cc87f18067b9..b2b3a76ed356e 100644 --- a/docs/snyk/v2.9.14/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.8.13/haproxy_2.6.14-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:23:15 am (UTC+00:00)

    +

    March 24th 2024, 12:20:01 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    6 known vulnerabilities
    -
    54 vulnerable dependency paths
    +
    5 known vulnerabilities
    +
    45 vulnerable dependency paths
    18 dependencies
    @@ -660,14 +660,14 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    References

    @@ -844,14 +844,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

    References

    @@ -1037,10 +1036,6 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • -
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • -
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -1209,14 +1204,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    References

    @@ -1363,38 +1357,9 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    -

    References

    -
    @@ -1403,180 +1368,6 @@

    References

    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    diff --git a/docs/snyk/v2.9.14/quay.io_argoproj_argocd_v2.9.14.html b/docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html similarity index 83% rename from docs/snyk/v2.9.14/quay.io_argoproj_argocd_v2.9.14.html rename to docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html index 0ed72b091a090..01078e7e7a861 100644 --- a/docs/snyk/v2.9.14/quay.io_argoproj_argocd_v2.9.14.html +++ b/docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,23 +456,23 @@

    Snyk test report

    -

    May 5th 2024, 12:23:35 am (UTC+00:00)

    +

    March 24th 2024, 12:20:18 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.9.14/argoproj/argocd/Dockerfile (deb)
      • -
    • quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.9.14//usr/local/bin/kustomize (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.9.14/helm/v3//usr/local/bin/helm (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.9.14/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.8.13/argoproj/argocd/Dockerfile (deb)
      • +
    • quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.8.13/kustomize/kustomize/v5//usr/local/bin/kustomize (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.8.13/helm/v3//usr/local/bin/helm (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.8.13/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    -
    33 known vulnerabilities
    -
    167 vulnerable dependency paths
    -
    2189 dependencies
    +
    39 known vulnerabilities
    +
    182 vulnerable dependency paths
    +
    2120 dependencies
    @@ -492,7 +492,7 @@

    Denial of Service (DoS)

    • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/helm/v3 /usr/local/bin/helm
    • Package Manager: golang @@ -500,12 +500,12 @@

      Denial of Service (DoS)

    • Vulnerable module: - google.golang.org/grpc + golang.org/x/net/http2
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and google.golang.org/grpc@v1.56.2 + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.8.0
    @@ -518,9 +518,9 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + helm.sh/helm/v3@* - google.golang.org/grpc@v1.56.2 + golang.org/x/net/http2@v0.8.0 @@ -532,15 +532,14 @@

      Detailed paths

      Overview

      -

      google.golang.org/grpc is a Go implementation of gRPC

      +

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

      Remediation

      -

      Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

      +

      Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

      References

    -

    Allocation of Resources Without Limits or Throttling

    +

    Denial of Service (DoS)

    @@ -574,7 +573,7 @@

    Allocation of Resources Without Limits or Throttling

  • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
  • Package Manager: golang @@ -582,12 +581,12 @@

    Allocation of Resources Without Limits or Throttling

    Vulnerable module: - golang.org/x/net/http2 + github.com/go-jose/go-jose/v3
  • Introduced through: - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.19.0 + github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.0
    • @@ -602,16 +601,87 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - golang.org/x/net/http2@v0.19.0 + github.com/go-jose/go-jose/v3@v3.0.0 + + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Directory Traversal

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.8.13/helm/v3 /usr/local/bin/helm +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/cyphar/filepath-securejoin +
      • + +
    • Introduced through: + + helm.sh/helm/v3@* and github.com/cyphar/filepath-securejoin@v0.2.3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: helm.sh/helm/v3@* - golang.org/x/net/http2@v0.17.0 + github.com/cyphar/filepath-securejoin@v0.2.3 @@ -623,22 +693,41 @@

      Detailed paths

      Overview

      -

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      -

      Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

      +

      Affected versions of this package are vulnerable to Directory Traversal via the filepath.FromSlash() function, allwoing attackers to generate paths that were outside of the provided rootfs.

      +

      Note: + This vulnerability is only exploitable on Windows OS.

      +

      Details

      +

      A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.

      +

      Directory Traversal vulnerabilities can be generally divided into two types:

      +
        +
      • Information Disclosure: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.
        • +
      +

      st is a module for serving static files on web pages, and contains a vulnerability of this type. In our example, we will serve files from the public route.

      +

      If an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.

      + 
      curl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa
+
      +

      Note %2e is the URL encoded version of . (dot).

      +
        +
      • Writing arbitrary files: Allows the attacker to create or replace existing files. This type of vulnerability is also known as Zip-Slip.
        • +
      +

      One way to achieve this is by using a malicious zip archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.

      +

      The following is an example of a zip archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in /root/.ssh/ overwriting the authorized_keys file:

      + 
      2018-04-15 22:04:29 .....           19           19  good.txt
+        2018-04-15 22:04:42 .....           20           20  ../../../../../../root/.ssh/authorized_keys
+

      Remediation

      -

      Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

      +

      Upgrade github.com/cyphar/filepath-securejoin to version 0.2.4 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -654,7 +743,7 @@

    CVE-2020-22916

    • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -667,7 +756,7 @@

      CVE-2020-22916

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and xz-utils/liblzma5@5.2.5-2ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.8.13 and xz-utils/liblzma5@5.2.5-2ubuntu1
    @@ -680,7 +769,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 xz-utils/liblzma5@5.2.5-2ubuntu1 @@ -717,6 +806,82 @@

      References

      More about this vulnerability

    +
    +
    +

    CVE-2023-51767

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + openssh/openssh-client +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.8.13 and openssh/openssh-client@1:8.9p1-3ubuntu0.6 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + openssh/openssh-client@1:8.9p1-3ubuntu0.6 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 openssh.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Information Exposure

    @@ -730,7 +895,7 @@

    Information Exposure

    • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -743,7 +908,7 @@

      Information Exposure

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and libgcrypt20@1.9.4-3ubuntu3 + docker-image|quay.io/argoproj/argocd@v2.8.13 and libgcrypt20@1.9.4-3ubuntu3
    @@ -756,7 +921,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 libgcrypt20@1.9.4-3ubuntu3 @@ -765,7 +930,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -776,7 +941,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -787,11 +952,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 libgcrypt20@1.9.4-3ubuntu3 @@ -800,9 +965,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - apt@2.4.12 + apt@2.4.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -813,7 +978,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -826,7 +991,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -839,7 +1004,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -852,7 +1017,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -865,7 +1030,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -878,7 +1043,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -891,11 +1056,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -921,7 +1086,6 @@

      References

    • http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236
    • https://access.redhat.com/security/cve/CVE-2024-2236
    • https://bugzilla.redhat.com/show_bug.cgi?id=2268268
      • -
    • https://bugzilla.redhat.com/show_bug.cgi?id=2245218
    @@ -943,7 +1107,7 @@

    CVE-2024-26461

    • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -956,7 +1120,7 @@

      CVE-2024-26461

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.8.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -969,7 +1133,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -978,7 +1142,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -999,7 +1163,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1022,7 +1186,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1031,7 +1195,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1052,7 +1216,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1061,9 +1225,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1072,11 +1236,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1085,11 +1249,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1100,7 +1264,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1119,7 +1283,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1163,7 +1327,7 @@

      CVE-2024-26462

      • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -1176,7 +1340,7 @@

        CVE-2024-26462

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.8.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
      @@ -1189,7 +1353,7 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1198,7 +1362,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1219,7 +1383,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1242,7 +1406,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1251,7 +1415,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1272,7 +1436,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1281,9 +1445,9 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1292,11 +1456,11 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1305,11 +1469,11 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1320,7 +1484,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1339,7 +1503,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1383,7 +1547,7 @@

        CVE-2024-26458

        • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:22.04 @@ -1396,7 +1560,7 @@

          CVE-2024-26458

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.8.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
        @@ -1409,7 +1573,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1418,7 +1582,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1439,7 +1603,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1462,7 +1626,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1471,7 +1635,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1492,7 +1656,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1501,9 +1665,9 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1512,11 +1676,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1525,11 +1689,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1540,7 +1704,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1559,7 +1723,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1603,7 +1767,7 @@

          LGPL-3.0 license

          • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
          • Package Manager: golang @@ -1663,7 +1827,7 @@

            Infinite loop

            • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
            • Package Manager: golang @@ -1734,7 +1898,7 @@

              Stack-based Buffer Overflow

              • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
              • Package Manager: golang @@ -1802,7 +1966,7 @@

                Infinite loop

                • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
                • Package Manager: golang @@ -1860,6 +2024,78 @@

                  References

                  More about this vulnerability

    +
    +
    +

    Allocation of Resources Without Limits or Throttling

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.8.13/helm/v3 /usr/local/bin/helm +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2 +
      • + +
    • Introduced through: + + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.8.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + helm.sh/helm/v3@* + + golang.org/x/net/http2@v0.8.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    +

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when MaxConcurrentStreams handler goroutines running. A a handler is started until one of the existing handlers exits.

    +

    Note:

    +

    This issue is related to CVE-2023-44487

    +

    Remediation

    +

    Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Authentication Bypass by Capture-replay

    @@ -1873,7 +2109,7 @@

    Authentication Bypass by Capture-replay

    @@ -1958,6 +2189,281 @@

    References

    More about this vulnerability

    +
    +
    +

    Information Exposure

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + gnutls28/libgnutls30 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.8.13 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + apt@2.4.11 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 gnutls28.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Uncaught Exception

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + gnutls28/libgnutls30 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.8.13 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + apt@2.4.11 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 gnutls28.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    MPL-2.0 license

    @@ -1971,7 +2477,7 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -2031,7 +2537,7 @@

      MPL-2.0 license

      • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
      • Package Manager: golang @@ -2091,7 +2597,7 @@

        MPL-2.0 license

        • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
        • Package Manager: golang @@ -2151,7 +2657,7 @@

          MPL-2.0 license

          • - Manifest file: quay.io/argoproj/argocd:v2.9.14/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.8.13/helm/v3 /usr/local/bin/helm
          • Package Manager: golang @@ -2211,7 +2717,7 @@

            MPL-2.0 license

            • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
            • Package Manager: golang @@ -2271,7 +2777,7 @@

              MPL-2.0 license

              • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
              • Package Manager: golang @@ -2331,7 +2837,7 @@

                Improper Handling of Highly Compressed Data (Data Amplif
                • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
                • Package Manager: golang @@ -2344,7 +2850,7 @@

                  Improper Handling of Highly Compressed Data (Data Amplif
                • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.1 + github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.0

                @@ -2359,7 +2865,7 @@

                Detailed paths

                Introduced through: github.com/argoproj/argo-cd/v2@* - github.com/go-jose/go-jose/v3@v3.0.1 + github.com/go-jose/go-jose/v3@v3.0.0 @@ -2387,6 +2893,76 @@

                References

                More about this vulnerability

    +
    +
    +

    Out-of-bounds Write

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + bash +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.8.13 and bash@5.1-6ubuntu1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + bash@5.1-6ubuntu1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream bash package and not the bash package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 bash to version 5.1-6ubuntu1.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    CVE-2023-7008

    @@ -2400,7 +2976,7 @@

    CVE-2023-7008

    • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2413,7 +2989,7 @@

      CVE-2023-7008

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and systemd/libsystemd0@249.11-0ubuntu3.12 + docker-image|quay.io/argoproj/argocd@v2.8.13 and systemd/libsystemd0@249.11-0ubuntu3.12
    @@ -2426,7 +3002,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2435,9 +3011,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - apt@2.4.12 + apt@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2446,7 +3022,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 procps/libprocps8@2:3.3.17-6ubuntu2.1 @@ -2457,9 +3033,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2468,9 +3044,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - util-linux/bsdutils@1:2.37.2-4ubuntu3.4 + util-linux/bsdutils@1:2.37.2-4ubuntu3 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2479,11 +3055,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2492,7 +3068,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 systemd/libudev1@249.11-0ubuntu3.12 @@ -2501,7 +3077,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 libfido2/libfido2-1@1.10.0-1 @@ -2512,9 +3088,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 systemd/libudev1@249.11-0ubuntu3.12 @@ -2523,11 +3099,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libudev1@249.11-0ubuntu3.12 @@ -2555,7 +3131,6 @@

      References

    • https://github.com/systemd/systemd/issues/25676
    • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/
    • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/
      • -
    • https://access.redhat.com/errata/RHSA-2024:2463
    @@ -2577,7 +3152,7 @@

    Arbitrary Code Injection

    • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2590,7 +3165,7 @@

      Arbitrary Code Injection

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and shadow/passwd@1:4.8.1-2ubuntu2.2 + docker-image|quay.io/argoproj/argocd@v2.8.13 and shadow/passwd@1:4.8.1-2ubuntu2.2
    @@ -2603,7 +3178,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 shadow/passwd@1:4.8.1-2ubuntu2.2 @@ -2612,7 +3187,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -2623,9 +3198,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 shadow/passwd@1:4.8.1-2ubuntu2.2 @@ -2634,7 +3209,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 shadow/login@1:4.8.1-2ubuntu2.2 @@ -2681,7 +3256,7 @@

      Uncontrolled Recursion

      • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -2694,7 +3269,7 @@

        Uncontrolled Recursion

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.8.13 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
      @@ -2707,7 +3282,7 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -2716,7 +3291,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 grep@3.7-1build1 @@ -2739,15 +3314,15 @@

        Remediation

        There is no fixed version for Ubuntu:22.04 pcre3.

        References

        @@ -2769,7 +3344,7 @@

        Release of Invalid Pointer or Reference

        • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:22.04 @@ -2782,7 +3357,7 @@

          Release of Invalid Pointer or Reference

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.8.13 and patch@2.7.6-7build2
        @@ -2795,7 +3370,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 patch@2.7.6-7build2 @@ -2839,7 +3414,7 @@

          Double Free

          • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
          • Package Manager: ubuntu:22.04 @@ -2852,7 +3427,7 @@

            Double Free

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.8.13 and patch@2.7.6-7build2
          @@ -2865,7 +3440,7 @@

          Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 patch@2.7.6-7build2 @@ -2886,13 +3461,13 @@

            Remediation

            There is no fixed version for Ubuntu:22.04 patch.

            References

            @@ -2914,7 +3489,7 @@

            CVE-2023-50495

            • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
            • Package Manager: ubuntu:22.04 @@ -2927,7 +3502,7 @@

              CVE-2023-50495

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.8.13 and ncurses/libtinfo6@6.3-2ubuntu0.1
            @@ -2940,7 +3515,7 @@

            Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2949,9 +3524,9 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - bash@5.1-6ubuntu1.1 + bash@5.1-6ubuntu1 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2960,7 +3535,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -2971,9 +3546,9 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - less@590-1ubuntu0.22.04.3 + less@590-1ubuntu0.22.04.2 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2982,7 +3557,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 libedit/libedit2@3.1-20210910-1build1 @@ -2993,7 +3568,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3004,7 +3579,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3015,7 +3590,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 procps@2:3.3.17-6ubuntu2.1 @@ -3026,9 +3601,9 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3037,7 +3612,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3052,7 +3627,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3067,7 +3642,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3076,7 +3651,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 procps@2:3.3.17-6ubuntu2.1 @@ -3087,7 +3662,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3102,7 +3677,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3111,7 +3686,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 procps@2:3.3.17-6ubuntu2.1 @@ -3122,7 +3697,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/ncurses-base@6.3-2ubuntu0.1 @@ -3131,7 +3706,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3178,7 +3753,7 @@

              CVE-2023-45918

              • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
              • Package Manager: ubuntu:22.04 @@ -3191,7 +3766,7 @@

                CVE-2023-45918

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.8.13 and ncurses/libtinfo6@6.3-2ubuntu0.1
              @@ -3204,7 +3779,7 @@

              Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3213,9 +3788,9 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - bash@5.1-6ubuntu1.1 + bash@5.1-6ubuntu1 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3224,7 +3799,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3235,9 +3810,9 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - less@590-1ubuntu0.22.04.3 + less@590-1ubuntu0.22.04.2 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3246,7 +3821,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 libedit/libedit2@3.1-20210910-1build1 @@ -3257,7 +3832,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3268,7 +3843,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3279,7 +3854,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 procps@2:3.3.17-6ubuntu2.1 @@ -3290,9 +3865,9 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3301,7 +3876,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3316,7 +3891,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3331,7 +3906,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3340,7 +3915,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 procps@2:3.3.17-6ubuntu2.1 @@ -3351,7 +3926,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3366,7 +3941,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3375,7 +3950,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 procps@2:3.3.17-6ubuntu2.1 @@ -3386,7 +3961,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/ncurses-base@6.3-2ubuntu0.1 @@ -3395,7 +3970,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3440,7 +4015,7 @@

                Resource Exhaustion

                • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
                • Package Manager: ubuntu:22.04 @@ -3453,7 +4028,7 @@

                  Resource Exhaustion

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and libzstd/libzstd1@1.4.8+dfsg-3build1 + docker-image|quay.io/argoproj/argocd@v2.8.13 and libzstd/libzstd1@1.4.8+dfsg-3build1
                @@ -3466,7 +4041,7 @@

                Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 libzstd/libzstd1@1.4.8+dfsg-3build1 @@ -3487,15 +4062,15 @@

                  Remediation

                  There is no fixed version for Ubuntu:22.04 libzstd.

                  References

                  @@ -3517,7 +4092,7 @@

                  Integer Overflow or Wraparound

                  • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
                  • Package Manager: ubuntu:22.04 @@ -3530,7 +4105,7 @@

                    Integer Overflow or Wraparound

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.8.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
                  @@ -3543,7 +4118,7 @@

                  Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -3552,7 +4127,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -3573,7 +4148,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -3596,7 +4171,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -3605,7 +4180,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -3626,7 +4201,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -3635,9 +4210,9 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -3646,11 +4221,11 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -3659,11 +4234,11 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -3674,7 +4249,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -3693,7 +4268,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -3741,7 +4316,7 @@

                    Out-of-bounds Write

                    • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
                    • Package Manager: ubuntu:22.04 @@ -3754,7 +4329,7 @@

                      Out-of-bounds Write

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.8.13 and gnupg2/gpgv@2.2.27-3ubuntu2.1
                    @@ -3767,7 +4342,7 @@

                    Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -3776,9 +4351,9 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - apt@2.4.12 + apt@2.4.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -3787,7 +4362,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3798,7 +4373,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -3809,7 +4384,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3820,7 +4395,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3833,7 +4408,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3846,7 +4421,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -3855,7 +4430,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3866,7 +4441,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3879,7 +4454,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -3888,7 +4463,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3899,7 +4474,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -3908,7 +4483,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3919,7 +4494,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3928,7 +4503,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3939,7 +4514,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3952,7 +4527,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3965,7 +4540,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -3974,7 +4549,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3985,7 +4560,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3998,7 +4573,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4011,7 +4586,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -4020,7 +4595,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4031,7 +4606,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -4040,7 +4615,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4051,7 +4626,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -4060,7 +4635,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4071,7 +4646,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4092,13 +4667,13 @@

                      Remediation

                      There is no fixed version for Ubuntu:22.04 gnupg2.

                      References

                      @@ -4120,7 +4695,7 @@

                      Allocation of Resources Without Limits or Throttling

                    • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
                    • Package Manager: ubuntu:22.04 @@ -4133,7 +4708,7 @@

                      Allocation of Resources Without Limits or Throttling

                      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and glibc/libc-bin@2.35-0ubuntu3.7 + docker-image|quay.io/argoproj/argocd@v2.8.13 and glibc/libc-bin@2.35-0ubuntu3.6
                    @@ -4146,18 +4721,18 @@

                    Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - glibc/libc-bin@2.35-0ubuntu3.7 + glibc/libc-bin@2.35-0ubuntu3.6
                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - glibc/libc6@2.35-0ubuntu3.7 + glibc/libc6@2.35-0ubuntu3.6 @@ -4176,10 +4751,10 @@

                      Remediation

                      There is no fixed version for Ubuntu:22.04 glibc.

                      References

                      @@ -4201,7 +4776,7 @@

                      Improper Input Validation

                      • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
                      • Package Manager: ubuntu:22.04 @@ -4215,7 +4790,7 @@

                        Improper Input Validation

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14, git@1:2.34.1-1ubuntu1.10 and others + docker-image|quay.io/argoproj/argocd@v2.8.13, git@1:2.34.1-1ubuntu1.10 and others
                      @@ -4227,7 +4802,7 @@

                      Detailed paths

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 git@1:2.34.1-1ubuntu1.10 @@ -4238,7 +4813,7 @@

                        Detailed paths

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 git@1:2.34.1-1ubuntu1.10 @@ -4247,7 +4822,7 @@

                        Detailed paths

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 git-lfs@3.0.2-1ubuntu0.2 @@ -4270,8 +4845,8 @@

                        Remediation

                        There is no fixed version for Ubuntu:22.04 git.

                        References

                        @@ -4294,7 +4869,7 @@

                        Uncontrolled Recursion

                        • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
                        • Package Manager: ubuntu:22.04 @@ -4307,7 +4882,7 @@

                          Uncontrolled Recursion

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 + docker-image|quay.io/argoproj/argocd@v2.8.13 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04
                        @@ -4320,7 +4895,7 @@

                        Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4329,9 +4904,9 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - apt@2.4.12 + apt@2.4.11 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4340,11 +4915,11 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4353,7 +4928,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 @@ -4362,7 +4937,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 + docker-image|quay.io/argoproj/argocd@v2.8.13 gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 @@ -4409,7 +4984,7 @@

                          Improper Input Validation

                          • - Manifest file: quay.io/argoproj/argocd:v2.9.14/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
                          • Package Manager: ubuntu:22.04 @@ -4422,7 +4997,7 @@

                            Improper Input Validation

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.14 and coreutils@8.32-4.1ubuntu1.2 + docker-image|quay.io/argoproj/argocd@v2.8.13 and coreutils@8.32-4.1ubuntu1.1
                          @@ -4435,9 +5010,9 @@

                          Detailed paths

    @@ -476,8 +476,8 @@

    Snyk test report

    - - + + @@ -485,6 +485,114 @@

    Snyk test report

    +
    +

    Out-of-bounds Write

    +
    + +
    + critical severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + busybox/busybox +
      • + +
    • Introduced through: + + docker-image|redis@7.0.11-alpine and busybox/busybox@1.36.1-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/busybox@1.36.1-r0 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + alpine-baselayout/alpine-baselayout@3.4.3-r1 + + busybox/busybox-binsh@1.36.1-r0 + + busybox/busybox@1.36.1-r0 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/busybox-binsh@1.36.1-r0 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + alpine-baselayout/alpine-baselayout@3.4.3-r1 + + busybox/busybox-binsh@1.36.1-r0 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

    +

    Remediation

    +

    Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +

    CVE-2023-5363

    @@ -507,7 +615,7 @@

    CVE-2023-5363

  • Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    • @@ -520,97 +628,97 @@

    Detailed paths

    -

    Improper Check for Unusual or Exceptional Conditions

    +

    Improper Authentication

    @@ -699,7 +807,7 @@

    Improper Check for Unusual or Exceptional Conditions

    Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 @@ -712,97 +820,97 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 @@ -816,53 +924,45 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Generating excessively long X9.42 DH keys or checking - excessively long X9.42 DH keys or parameters may be very slow.

      -

      Impact summary: Applications that use the functions DH_generate_key() to - generate an X9.42 DH key may experience long delays. Likewise, applications - that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() - to check an X9.42 DH key or X9.42 DH parameters may experience long delays. - Where the key or parameters that are being checked have been obtained from - an untrusted source this may lead to a Denial of Service.

      -

      While DH_check() performs all the necessary checks (as of CVE-2023-3817), - DH_check_pub_key() doesn't make any of these checks, and is therefore - vulnerable for excessively large P and Q parameters.

      -

      Likewise, while DH_generate_key() performs a check for an excessively large - P, it doesn't check for an excessively large Q.

      -

      An application that calls DH_generate_key() or DH_check_pub_key() and - supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

      -

      DH_generate_key() and DH_check_pub_key() are also called by a number of - other OpenSSL functions. An application calling any of those other - functions may similarly be affected. The other functions affected by this - are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

      -

      Also vulnerable are the OpenSSL pkey command line application when using the - "-pubcheck" option, as well as the OpenSSL genpkey command line application.

      -

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      -

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      +

      Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

      +

      Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

      +

      The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

      +

      As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Out-of-bounds Write

    +

    Inefficient Regular Expression Complexity

    @@ -883,7 +983,7 @@

    Out-of-bounds Write

  • Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    • @@ -896,97 +996,97 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 @@ -1000,58 +1100,55 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

      -

      Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

      -

      The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

      -

      The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

      -

      The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

      +

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      +

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

      +

      The function DH_check() performs various checks on DH parameters. One of those + checks confirms that the modulus ('p' parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use a modulus which + is over 10,000 bits in length.

      +

      However the DH_check() function checks numerous aspects of the key or parameters + that have been supplied. Some of those checks use the supplied modulus value + even if it has already been found to be too large.

      +

      An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulernable to a Denial of Service attack.

      +

      The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

      +

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the '-check' option.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue. + The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2024-0727

    +

    Excessive Iteration

    @@ -1072,7 +1169,7 @@

    CVE-2024-0727

  • Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    • @@ -1085,97 +1182,97 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 @@ -1189,49 +1286,59 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

      -

      Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

      -

      A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

      -

      OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

      -

      We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

      -

      The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

      +

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      +

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

      +

      The function DH_check() performs various checks on DH parameters. After fixing + CVE-2023-3446 it was discovered that a large q parameter value can also trigger + an overly long computation during some of these checks. A correct q value, + if present, cannot be larger than the modulus p parameter, thus it is + unnecessary to perform these checks if q is larger than p.

      +

      An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulnerable to a Denial of Service attack.

      +

      The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

      +

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the "-check" option.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      +

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    CVE-2023-6237

    +
    +

    Improper Check for Unusual or Exceptional Conditions

    -
    - low severity +
    + medium severity
    @@ -1248,7 +1355,7 @@

    CVE-2023-6237

  • Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    • @@ -1261,97 +1368,97 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 @@ -1365,50 +1472,56 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

      -

      Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

      -

      When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

      -

      An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

      -

      The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

      +

      Issue summary: Generating excessively long X9.42 DH keys or checking + excessively long X9.42 DH keys or parameters may be very slow.

      +

      Impact summary: Applications that use the functions DH_generate_key() to + generate an X9.42 DH key may experience long delays. Likewise, applications + that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() + to check an X9.42 DH key or X9.42 DH parameters may experience long delays. + Where the key or parameters that are being checked have been obtained from + an untrusted source this may lead to a Denial of Service.

      +

      While DH_check() performs all the necessary checks (as of CVE-2023-3817), + DH_check_pub_key() doesn't make any of these checks, and is therefore + vulnerable for excessively large P and Q parameters.

      +

      Likewise, while DH_generate_key() performs a check for an excessively large + P, it doesn't check for an excessively large Q.

      +

      An application that calls DH_generate_key() or DH_check_pub_key() and + supplies a key or parameters obtained from an untrusted source could be + vulnerable to a Denial of Service attack.

      +

      DH_generate_key() and DH_check_pub_key() are also called by a number of + other OpenSSL functions. An application calling any of those other + functions may similarly be affected. The other functions affected by this + are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

      +

      Also vulnerable are the OpenSSL pkey command line application when using the + "-pubcheck" option, as well as the OpenSSL genpkey command line application.

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      -

      The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

      +

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    CVE-2024-2511

    +
    +

    Out-of-bounds Write

    -
    - low severity +
    + medium severity
    @@ -1425,7 +1538,7 @@

    CVE-2024-2511

  • Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    • @@ -1438,97 +1551,97 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 @@ -1542,38 +1655,372 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

      -

      Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

      -

      This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

      -

      This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

      -

      The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

      +

      Issue summary: The POLY1305 MAC (message authentication code) implementation + contains a bug that might corrupt the internal state of applications running + on PowerPC CPU based platforms if the CPU provides vector instructions.

      +

      Impact summary: If an attacker can influence whether the POLY1305 MAC + algorithm is used, the application state might be corrupted with various + application dependent consequences.

      +

      The POLY1305 MAC (message authentication code) implementation in OpenSSL for + PowerPC CPUs restores the contents of vector registers in a different order + than they are saved. Thus the contents of some of these vector registers + are corrupted when returning to the caller. The vulnerable code is used only + on newer PowerPC processors supporting the PowerISA 2.07 instructions.

      +

      The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the application + process. However unless the compiler uses the vector registers for storing + pointers, the most likely consequence, if any, would be an incorrect result + of some application dependent calculations or a crash leading to a denial of + service.

      +

      The POLY1305 MAC algorithm is most frequently used as part of the + CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) + algorithm. The most common usage of this AEAD cipher is with TLS protocol + versions 1.2 and 1.3. If this cipher is enabled on the server a malicious + client can influence whether this AEAD cipher is used. This implies that + TLS server applications using OpenSSL can be potentially impacted. However + we are currently not aware of any concrete application that would be affected + by this issue therefore we consider this a Low severity security issue.

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

      +
      + +
    +
    +

    CVE-2024-0727

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL + to crash leading to a potential Denial of Service attack

    +

    Impact summary: Applications loading files in the PKCS12 format from untrusted + sources might terminate abruptly.

    +

    A file in PKCS12 format can contain certificates and keys and may come from an + untrusted source. The PKCS12 specification allows certain fields to be NULL, but + OpenSSL does not correctly check for this case. This can lead to a NULL pointer + dereference that results in OpenSSL crashing. If an application processes PKCS12 + files from an untrusted source using the OpenSSL APIs then that application will + be vulnerable to this issue.

    +

    OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), + PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() + and PKCS12_newpass().

    +

    We have also fixed a similar issue in SMIME_write_PKCS7(). However since this + function is related to writing data we do not consider it security significant.

    +

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2023-6237

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    + +
    + +
    +

    More about this vulnerability

    diff --git a/docs/snyk/v2.8.18/redis_7.0.15-alpine.html b/docs/snyk/v2.8.18/redis_7.0.15-alpine.html deleted file mode 100644 index 5f9f1d3fd98ec..0000000000000 --- a/docs/snyk/v2.8.18/redis_7.0.15-alpine.html +++ /dev/null @@ -1,659 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    May 5th 2024, 12:25:56 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • redis:7.0.15-alpine (apk)
      • -
    • redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
      • -
    -
    - -
    -
    1 known vulnerabilities
    -
    9 vulnerable dependency paths
    -
    19 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.15-alpine and openssl/libcrypto3@3.1.4-r5 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240315.235535 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240315.235535 - - openssl/libssl3@3.1.4-r5 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240315.235535 - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.9.14/argocd-test.html b/docs/snyk/v2.9.14/argocd-test.html deleted file mode 100644 index 2019a17649901..0000000000000 --- a/docs/snyk/v2.9.14/argocd-test.html +++ /dev/null @@ -1,6049 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    May 5th 2024, 12:23:06 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
      • -
    • /argo-cd/ui/yarn.lock (yarn)
      • -
    -
    - -
    -
    15 known vulnerabilities
    -
    266 vulnerable dependency paths
    -
    1917 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/grpc -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and google.golang.org/grpc@1.56.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.56.2 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.56.2 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig@1.16.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.56.2 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.56.2 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    google.golang.org/grpc is a Go implementation of gRPC

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

    -

    Remediation

    -

    Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/apimachinery/pkg/util/net@0.24.17 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/soheilhy/cmux@0.1.5 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.24.17 - - k8s.io/client-go/tools/auth@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.24.17 - - k8s.io/client-go/testing@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.24.17 - - k8s.io/client-go/testing@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/apps/v1@0.24.17 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.24.17 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.24.17 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.24.17 - - k8s.io/client-go/transport/spdy@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/rbac/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/errors@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/equality@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.56.2 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.56.2 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - - k8s.io/client-go/listers/core/v1@0.24.17 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - - k8s.io/client-go/tools/clientcmd@0.24.17 - - k8s.io/client-go/tools/auth@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.24.17 - - k8s.io/client-go/listers/core/v1@0.24.17 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.24.17 - - k8s.io/client-go/tools/remotecommand@0.24.17 - - k8s.io/client-go/transport/spdy@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/managedfields@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/resource@#b0fffe419a0f - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#b0fffe419a0f - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#b0fffe419a0f - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/testing@#b0fffe419a0f - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/scheme@0.11.0 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/resource@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#b0fffe419a0f - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/util/retry@0.24.17 - - k8s.io/apimachinery/pkg/api/errors@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/tools/pager@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/portforward@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.24.17 - - k8s.io/apimachinery/pkg/api/equality@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/validation@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.24.17 - - k8s.io/client-go/testing@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.24.17 - - k8s.io/client-go/testing@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.24.17 - - k8s.io/client-go/transport/spdy@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.11.0 - - k8s.io/client-go/tools/clientcmd@0.24.17 - - k8s.io/client-go/tools/auth@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@#b0fffe419a0f - - k8s.io/apimachinery/pkg/util/strategicpatch@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/sync/resource@#b0fffe419a0f - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.24.17 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/scheme@0.24.17 - - k8s.io/api/storage/v1beta1@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.24.17 - - k8s.io/client-go/listers/core/v1@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.24.17 - - k8s.io/client-go/tools/reference@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/tools/pager@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/apps/v1@0.24.17 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/tools/pager@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.24.17 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/tools/pager@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - - k8s.io/client-go/listers/core/v1@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.24.17 - - k8s.io/client-go/tools/remotecommand@0.24.17 - - k8s.io/client-go/transport/spdy@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.24.17 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.17 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.24.17 - - k8s.io/client-go/applyconfigurations/meta/v1@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.24.17 - - k8s.io/client-go/tools/clientcmd/api/latest@0.24.17 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/kubernetes/scheme@0.24.17 - - k8s.io/api/storage/v1beta1@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/tools/pager@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.24.17 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.24.17 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - - k8s.io/client-go/tools/clientcmd@0.24.17 - - k8s.io/client-go/tools/clientcmd/api/latest@0.24.17 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/kubernetes/scheme@0.24.17 - - k8s.io/api/storage/v1beta1@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.24.17 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.17 - - k8s.io/client-go/kubernetes/scheme@0.24.17 - - k8s.io/api/storage/v1beta1@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#b0fffe419a0f - - k8s.io/kubernetes/pkg/apis/storage/install@1.24.17 - - k8s.io/kubernetes/pkg/apis/storage/v1alpha1@1.24.17 - - k8s.io/api/storage/v1alpha1@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/sync/hook@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/kubernetes/scheme@0.24.17 - - k8s.io/api/storage/v1beta1@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/kubernetes/scheme@0.24.17 - - k8s.io/api/storage/v1beta1@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/kubernetes/scheme@0.24.17 - - k8s.io/api/storage/v1beta1@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/tools/pager@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/kubernetes/scheme@0.24.17 - - k8s.io/api/storage/v1beta1@0.24.17 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    LGPL-3.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - gopkg.in/retry.v1 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - gopkg.in/retry.v1@1.0.3 - - - -
      • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.56.2 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.56.2 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Stack-based Buffer Overflow

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 - - google.golang.org/protobuf/types/known/structpb@1.31.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.56.2 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.56.2 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.56.2 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.56.2 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 - - google.golang.org/protobuf/types/known/structpb@1.31.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.56.2 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.56.2 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.56.2 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.56.2 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Authentication Bypass by Capture-replay

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/crypto/ssh -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/crypto/ssh@0.16.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.2 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.2 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.2 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/xanzy/ssh-agent@0.3.3 - - golang.org/x/crypto/ssh/agent@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.2 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.2 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/xanzy/ssh-agent@0.3.3 - - golang.org/x/crypto/ssh/agent@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.2 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/xanzy/ssh-agent@0.3.3 - - golang.org/x/crypto/ssh/agent@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/crypto/ssh is a SSH client and server

    -

    Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

    -

    Note:

    -
      -

    1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

      -
      2. -

    2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

      -
      3. -
    -

    Impact:

    -

    While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

    -

    Workaround

    -

    Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

    -

    Remediation

    -

    Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/whilp/git-urls -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/whilp/git-urls@1.0.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    github.com/whilp/git-urls is a Git URLs parser

    -

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression in scpSyntax. Exploiting this vulnerability is possible when a long input is provided inside the directory path of the git URL.

    -

    Note: - This vulnerability has existed since commit 4a18977c6eecbf4ce0ca1e486e9ba77072ba4395.

    -

    PoC

    - 
    
-        var payload = strings.Repeat("////", 19000000) //payload used, the number can be tweaked to cause 7 second delay
-        malicious_url := "6en6ar@-:0////" + payload + "\"
-        begin := time.Now()
-        //u, err := giturls.ParseScp("remote_username@10.10.0.2:/remote/directory")// normal git url
-        _, err := giturls.ParseScp(malicious_url)
-        if err != nil {
-        fmt.Errorf("[ - ] Error ->" + err.Error())
-        }
-        //fmt.Println("[ + ] Url --> " + u.Host)
-        elapse := time.Since(begin)
-        fmt.Printf("Function took %s", elapse)
-
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    -

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    -

    Let’s take the following regular expression as an example:

    - 
    regex = /A(B|C+)+D/
-
    -

    This regular expression accomplishes the following:

    -
      -
    • A The string must start with the letter 'A'
      • -
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • -
    • D Finally, we ensure this section of the string ends with a 'D'
      • -
    -

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    -

    It most cases, it doesn't take very long for a regex engine to find a match:

    - 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
    -

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    -

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    -

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    -
      -
    1. CCC
      2. -
    2. CC+C
      3. -
    3. C+CC
      4. -
    4. C+C+C.
      5. -
    -

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    -

    From there, the number of steps the engine must use to validate a string just continues to grow.

    -
    Project docker-image|haproxy
    Path haproxy:2.6.14-alpine
    Project docker-image|redis
    Path redis:7.0.11-alpine
    Package Manager apk
    - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    -

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    -

    Remediation

    -

    There is no fixed version for github.com/whilp/git-urls.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/r3labs/diff -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/r3labs/diff@1.1.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-version -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.15.1 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - code.gitea.io/sdk/gitea@0.15.1 - - github.com/hashicorp/go-version@1.2.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-cleanhttp -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/gosimple/slug -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/gosimple/slug@1.13.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Handling of Highly Compressed Data (Data Amplification)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/go-jose/go-jose/v3@3.0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-jose/go-jose/v3@3.0.1 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/coreos/go-oidc/v3/oidc@3.6.0 - - github.com/go-jose/go-jose/v3@3.0.1 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

    -

    Remediation

    -

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Template Injection

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd ui/yarn.lock -
      • -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - dompurify -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - redoc@2.0.0-rc.64 - - dompurify@2.3.6 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.

    -

    Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.

    -

    PoC

    - 
    <![CDATA[ ><img src onerror=alert(1)> ]]>
-
    -

    Remediation

    -

    Upgrade dompurify to version 2.4.9, 3.0.11 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    - - - - diff --git a/docs/snyk/v2.9.14/redis_7.0.15-alpine.html b/docs/snyk/v2.9.14/redis_7.0.15-alpine.html deleted file mode 100644 index 7eb5001b6c239..0000000000000 --- a/docs/snyk/v2.9.14/redis_7.0.15-alpine.html +++ /dev/null @@ -1,659 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    May 5th 2024, 12:23:39 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • redis:7.0.15-alpine (apk)
      • -
    • redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
      • -
    -
    - -
    -
    1 known vulnerabilities
    -
    9 vulnerable dependency paths
    -
    19 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.15-alpine and openssl/libcrypto3@3.1.4-r5 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240315.235535 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240315.235535 - - openssl/libssl3@3.1.4-r5 - - openssl/libcrypto3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240315.235535 - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r5 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.9.14/argocd-iac-install.html b/docs/snyk/v2.9.9/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.9.14/argocd-iac-install.html rename to docs/snyk/v2.9.9/argocd-iac-install.html index 3201c23eb7665..e25fc886459cb 100644 --- a/docs/snyk/v2.9.14/argocd-iac-install.html +++ b/docs/snyk/v2.9.9/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:24:52 am (UTC+00:00)

    +

    March 24th 2024, 12:19:27 am (UTC+00:00)

    Scanned the following path: @@ -2545,7 +2545,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 22194 + Line number: 22188
    • diff --git a/docs/snyk/v2.9.14/argocd-iac-namespace-install.html b/docs/snyk/v2.9.9/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.9.14/argocd-iac-namespace-install.html rename to docs/snyk/v2.9.9/argocd-iac-namespace-install.html index 54300b5572051..5fd494538c87c 100644 --- a/docs/snyk/v2.9.14/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.9.9/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:25:02 am (UTC+00:00)

    +

    March 24th 2024, 12:19:35 am (UTC+00:00)

    Scanned the following path: @@ -2545,7 +2545,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1849 + Line number: 1843
    • diff --git a/docs/snyk/v2.8.18/argocd-test.html b/docs/snyk/v2.9.9/argocd-test.html similarity index 51% rename from docs/snyk/v2.8.18/argocd-test.html rename to docs/snyk/v2.9.9/argocd-test.html index 3ba42bf8a64e0..c4894f56b168a 100644 --- a/docs/snyk/v2.8.18/argocd-test.html +++ b/docs/snyk/v2.9.9/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:25:21 am (UTC+00:00)

    +

    March 24th 2024, 12:17:43 am (UTC+00:00)

    Scanned the following paths: @@ -467,9 +467,9 @@

    Snyk test report

    -
    15 known vulnerabilities
    -
    237 vulnerable dependency paths
    -
    1856 dependencies
    +
    12 known vulnerabilities
    +
    133 vulnerable dependency paths
    +
    1917 dependencies

    @@ -478,7 +478,7 @@

    Snyk test report

    -

    Allocation of Resources Without Limits or Throttling

    +

    Denial of Service (DoS)

    @@ -497,13 +497,13 @@

    Allocation of Resources Without Limits or Throttling

    Vulnerable module: - golang.org/x/net/http2 + google.golang.org/grpc
  • Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 and google.golang.org/grpc@1.56.2 - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/apimachinery/pkg/util/net@0.24.2 and others
    • @@ -517,9 +517,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -528,9 +526,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/soheilhy/cmux@0.1.5 + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -539,9 +537,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/rest@0.24.2 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -552,193 +550,7 @@

    Detailed paths

    github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - golang.org/x/net/http2@0.19.0 - - - - -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -747,13 +559,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/health@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -762,13 +570,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/reflection@1.56.2 - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -779,11 +583,7 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -794,11 +594,7 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -809,11 +605,7 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -824,11 +616,7 @@

    Detailed paths

    go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -839,11 +627,7 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -854,101 +638,7 @@

    Detailed paths

    go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.24.2 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.24.2 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.24.2 - - k8s.io/client-go/tools/auth@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#3446d4ae8520 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.24.2 - - k8s.io/client-go/testing@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -957,13 +647,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/kubernetes/fake@0.24.2 - - k8s.io/client-go/testing@0.24.2 + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - k8s.io/client-go/rest@0.24.2 + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -972,13 +660,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - k8s.io/client-go/rest@0.24.2 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig@1.16.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -987,13 +673,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/remotecommand@0.24.2 - - k8s.io/client-go/transport/spdy@0.24.2 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - k8s.io/client-go/rest@0.24.2 + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -1002,15 +686,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - k8s.io/apimachinery/pkg/util/net@0.24.2 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -1019,15 +699,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + google.golang.org/grpc/reflection@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.2 + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -1036,15 +712,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/api/rbac/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + google.golang.org/grpc/health@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.2 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -1053,15 +725,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - k8s.io/apimachinery/pkg/watch@0.24.2 + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - k8s.io/apimachinery/pkg/util/net@0.24.2 + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -1070,1786 +740,64 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/api/errors@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - k8s.io/apimachinery/pkg/util/net@0.24.2 + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#425d65e07695 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/equality@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.58.3 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.58.3 - - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#3446d4ae8520 - - k8s.io/client-go/listers/core/v1@0.24.2 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.24.2 - - k8s.io/client-go/listers/core/v1@0.24.2 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#3446d4ae8520 - - k8s.io/client-go/tools/clientcmd@0.24.2 - - k8s.io/client-go/tools/auth@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.24.2 - - k8s.io/client-go/tools/remotecommand@0.24.2 - - k8s.io/client-go/transport/spdy@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/resource@#425d65e07695 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#425d65e07695 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#425d65e07695 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/testing@#425d65e07695 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/managedfields@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/tools/pager@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/scheme@0.11.0 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/resource@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#425d65e07695 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/util/retry@0.24.2 - - k8s.io/apimachinery/pkg/api/errors@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/portforward@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.24.2 - - k8s.io/apimachinery/pkg/api/equality@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/validation@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.24.2 - - k8s.io/client-go/testing@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.24.2 - - k8s.io/client-go/testing@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.24.2 - - k8s.io/client-go/transport/spdy@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.11.0 - - k8s.io/client-go/tools/clientcmd@0.24.2 - - k8s.io/client-go/tools/auth@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@#425d65e07695 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/sync/resource@#425d65e07695 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.24.2 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/tools/pager@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.24.2 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/tools/pager@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#3446d4ae8520 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/tools/pager@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/scheme@0.24.2 - - k8s.io/api/storage/v1beta1@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.24.2 - - k8s.io/client-go/tools/reference@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#425d65e07695 - - k8s.io/apimachinery/pkg/util/managedfields@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.24.2 - - k8s.io/client-go/tools/remotecommand@0.24.2 - - k8s.io/client-go/transport/spdy@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.24.2 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.2 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.24.2 - - k8s.io/client-go/applyconfigurations/meta/v1@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.24.2 - - k8s.io/client-go/tools/clientcmd/api/latest@0.24.2 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#3446d4ae8520 - - k8s.io/client-go/listers/core/v1@0.24.2 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/tools/pager@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.24.2 - - k8s.io/client-go/listers/core/v1@0.24.2 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/tools/pager@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/kubernetes/scheme@0.24.2 - - k8s.io/api/storage/v1beta1@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/sync/common@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/sync/common@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#3446d4ae8520 - - k8s.io/client-go/tools/clientcmd@0.24.2 - - k8s.io/client-go/tools/clientcmd/api/latest@0.24.2 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/kubernetes/scheme@0.24.2 - - k8s.io/api/storage/v1beta1@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.24.2 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.2 - - k8s.io/client-go/kubernetes/scheme@0.24.2 - - k8s.io/api/storage/v1beta1@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/sync/common@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/kubernetes/scheme@0.24.2 - - k8s.io/api/storage/v1beta1@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/kubernetes/scheme@0.24.2 - - k8s.io/api/storage/v1beta1@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/kubernetes/scheme@0.24.2 - - k8s.io/api/storage/v1beta1@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/tools/pager@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/kubernetes/scheme@0.24.2 - - k8s.io/api/storage/v1beta1@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
    • - - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/coreos/go-oidc/v3/oidc@3.6.0 and others -
      • -
    - -
    + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + google.golang.org/grpc@1.56.2 + + + +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.56.2 + + -

    Detailed paths

    +
    • +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 + + google.golang.org/grpc/health/grpc_health_v1@1.56.2 + + google.golang.org/grpc@1.56.2 + + -
      +
    • Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/coreos/go-oidc/v3/oidc@3.6.0 + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - github.com/go-jose/go-jose/v3@3.0.0 + google.golang.org/grpc@1.56.2 @@ -2861,32 +809,32 @@

      Detailed paths

      Overview

      -

      Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.

      -

      Details

      -

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      -

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      -

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      -

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      -

      Two common types of DoS vulnerabilities:

      -
        -

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        -
        • -

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        -
        • -
      +

      google.golang.org/grpc is a Go implementation of gRPC

      +

      Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

      Remediation

      -

      Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

      +

      Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    • @@ -3024,11 +972,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3043,11 +991,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3060,13 +1008,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3081,11 +1029,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3100,11 +1048,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3119,11 +1067,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3138,11 +1086,11 @@

    Detailed paths

    go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3157,11 +1105,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3176,11 +1124,11 @@

    Detailed paths

    go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3195,13 +1143,13 @@

    Detailed paths

    github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3214,15 +1162,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/reflection@1.58.3 + google.golang.org/grpc/reflection@1.56.2 - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3235,15 +1183,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health@1.58.3 + google.golang.org/grpc/health@1.56.2 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3264,11 +1212,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3371,11 +1319,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3390,7 +1338,7 @@

    Detailed paths

    go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.7.0 + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3403,11 +1351,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3418,13 +1366,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3437,11 +1385,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3454,11 +1402,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3471,11 +1419,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3488,11 +1436,11 @@

    Detailed paths

    go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3505,11 +1453,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3522,11 +1470,11 @@

    Detailed paths

    go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3537,11 +1485,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3549,6 +1497,23 @@

    Detailed paths

     + +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 + + google.golang.org/protobuf/types/known/structpb@1.31.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + +
  • Introduced through: @@ -3556,13 +1521,13 @@

    Detailed paths

    github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3573,15 +1538,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/reflection@1.58.3 + google.golang.org/grpc/reflection@1.56.2 - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3592,15 +1557,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health@1.58.3 + google.golang.org/grpc/health@1.56.2 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3613,11 +1578,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3630,13 +1595,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3651,11 +1616,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3670,11 +1635,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3689,11 +1654,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3708,11 +1673,11 @@

    Detailed paths

    go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3727,11 +1692,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3746,11 +1711,11 @@

    Detailed paths

    go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3765,13 +1730,13 @@

    Detailed paths

    github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3784,15 +1749,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/reflection@1.58.3 + google.golang.org/grpc/reflection@1.56.2 - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3805,15 +1770,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health@1.58.3 + google.golang.org/grpc/health@1.56.2 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3834,11 +1799,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3857,11 +1822,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -3961,11 +1926,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3980,7 +1945,7 @@

    Detailed paths

    go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.7.0 + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3993,11 +1958,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -4008,13 +1973,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -4027,11 +1992,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -4044,11 +2009,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -4061,11 +2026,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -4078,11 +2043,11 @@

    Detailed paths

    go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -4095,11 +2060,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -4112,11 +2077,11 @@

    Detailed paths

    go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -4127,11 +2092,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4139,6 +2104,23 @@

    Detailed paths

     +
    • +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 + + google.golang.org/protobuf/types/known/structpb@1.31.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + +
  • Introduced through: @@ -4146,13 +2128,13 @@

    Detailed paths

    github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -4163,15 +2145,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/reflection@1.58.3 + google.golang.org/grpc/reflection@1.56.2 - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -4182,15 +2164,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health@1.58.3 + google.golang.org/grpc/health@1.56.2 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -4203,11 +2185,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4220,13 +2202,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4241,11 +2223,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4260,11 +2242,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4279,11 +2261,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4298,11 +2280,11 @@

    Detailed paths

    go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4317,11 +2299,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4336,11 +2318,11 @@

    Detailed paths

    go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4355,13 +2337,13 @@

    Detailed paths

    github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4374,15 +2356,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/reflection@1.58.3 + google.golang.org/grpc/reflection@1.56.2 - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4395,15 +2377,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health@1.58.3 + google.golang.org/grpc/health@1.56.2 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4424,11 +2406,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -4447,11 +2429,11 @@

    Detailed paths

    github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/pretty@1.56.2 github.com/golang/protobuf/jsonpb@1.4.2 @@ -4559,7 +2541,7 @@

    Detailed paths

    github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - github.com/skeema/knownhosts@1.2.2 + github.com/skeema/knownhosts@1.2.1 golang.org/x/crypto/ssh@0.16.0 @@ -4585,7 +2567,7 @@

    Detailed paths

    github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - github.com/skeema/knownhosts@1.2.2 + github.com/skeema/knownhosts@1.2.1 golang.org/x/crypto/ssh/knownhosts@0.16.0 @@ -4602,7 +2584,7 @@

    Detailed paths

    github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - github.com/skeema/knownhosts@1.2.2 + github.com/skeema/knownhosts@1.2.1 golang.org/x/crypto/ssh@0.16.0 @@ -4647,7 +2629,7 @@

    Detailed paths

    github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - github.com/skeema/knownhosts@1.2.2 + github.com/skeema/knownhosts@1.2.1 golang.org/x/crypto/ssh/knownhosts@0.16.0 @@ -4666,7 +2648,7 @@

    Detailed paths

    github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - github.com/skeema/knownhosts@1.2.2 + github.com/skeema/knownhosts@1.2.1 golang.org/x/crypto/ssh@0.16.0 @@ -4700,7 +2682,7 @@

    Detailed paths

    github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - github.com/skeema/knownhosts@1.2.2 + github.com/skeema/knownhosts@1.2.1 golang.org/x/crypto/ssh/knownhosts@0.16.0 @@ -4760,18 +2742,13 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
    • -
  • GitHub Commit
    • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • GitHub Issue
  • GitHub Issue
    • -
  • GitHub PR
  • Go Forum
  • Google Groups Forum
    • -
  • Jenkins Advisory
  • Security Release
    • -
  • Nuclei Templates
    • @@ -4780,221 +2757,6 @@

    References

    More about this vulnerability

    -
    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/whilp/git-urls -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/whilp/git-urls@1.0.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#3446d4ae8520 - - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 - - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#3446d4ae8520 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 - - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#3446d4ae8520 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 - - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    github.com/whilp/git-urls is a Git URLs parser

    -

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression in scpSyntax. Exploiting this vulnerability is possible when a long input is provided inside the directory path of the git URL.

    -

    Note: - This vulnerability has existed since commit 4a18977c6eecbf4ce0ca1e486e9ba77072ba4395.

    -

    PoC

    - 
    
-        var payload = strings.Repeat("////", 19000000) //payload used, the number can be tweaked to cause 7 second delay
-        malicious_url := "6en6ar@-:0////" + payload + "\"
-        begin := time.Now()
-        //u, err := giturls.ParseScp("remote_username@10.10.0.2:/remote/directory")// normal git url
-        _, err := giturls.ParseScp(malicious_url)
-        if err != nil {
-        fmt.Errorf("[ - ] Error ->" + err.Error())
-        }
-        //fmt.Println("[ + ] Url --> " + u.Host)
-        elapse := time.Since(begin)
-        fmt.Printf("Function took %s", elapse)
-
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    -

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    -

    Let’s take the following regular expression as an example:

    - 
    regex = /A(B|C+)+D/
-
    -

    This regular expression accomplishes the following:

    -
      -
    • A The string must start with the letter 'A'
      • -
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • -
    • D Finally, we ensure this section of the string ends with a 'D'
      • -
    -

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    -

    It most cases, it doesn't take very long for a regex engine to find a match:

    - 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
    -

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    -

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    -

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    -
      -
    1. CCC
      2. -
    2. CC+C
      3. -
    3. C+CC
      4. -
    4. C+C+C.
      5. -
    -

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    -

    From there, the number of steps the engine must use to validate a string just continues to grow.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    -

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    -

    Remediation

    -

    There is no fixed version for github.com/whilp/git-urls.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    MPL-2.0 license

    @@ -5167,7 +2929,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/xanzy/go-gitlab@0.86.0 + github.com/xanzy/go-gitlab@0.91.1 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -5178,7 +2940,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5191,9 +2953,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5206,9 +2968,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5221,11 +2983,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5238,11 +3000,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5317,7 +3079,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/xanzy/go-gitlab@0.86.0 + github.com/xanzy/go-gitlab@0.91.1 github.com/hashicorp/go-cleanhttp@0.5.2 @@ -5328,7 +3090,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/xanzy/go-gitlab@0.86.0 + github.com/xanzy/go-gitlab@0.91.1 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -5341,7 +3103,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5356,9 +3118,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5373,9 +3135,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5390,11 +3152,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5409,11 +3171,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5524,8 +3286,8 @@

    Improper Handling of Highly Compressed Data (Data Amplif
  • Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/go-jose/go-jose/v3@3.0.1 - github.com/argoproj/argo-cd/v2@0.0.0, github.com/coreos/go-oidc/v3/oidc@3.6.0 and others
    • @@ -5539,80 +3301,18 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/coreos/go-oidc/v3/oidc@3.6.0 - - github.com/go-jose/go-jose/v3@3.0.0 + github.com/go-jose/go-jose/v3@3.0.1 - - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

    -

    Remediation

    -

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Template Injection

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd ui/yarn.lock -
      • -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - dompurify -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
    • Introduced through: - argo-cd-ui@1.0.0 + github.com/argoproj/argo-cd/v2@0.0.0 - redoc@2.0.0-rc.64 + github.com/coreos/go-oidc/v3/oidc@3.6.0 - dompurify@2.3.6 + github.com/go-jose/go-jose/v3@3.0.1 @@ -5624,24 +3324,20 @@

      Detailed paths

      Overview

      -

      dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.

      -

      Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.

      -

      PoC

      - 
      <![CDATA[ ><img src onerror=alert(1)> ]]>
-
      +

      Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

      Remediation

      -

      Upgrade dompurify to version 2.4.9, 3.0.11 or higher.

      +

      Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    diff --git a/docs/snyk/v2.8.18/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html similarity index 89% rename from docs/snyk/v2.8.18/ghcr.io_dexidp_dex_v2.37.0.html rename to docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html index 1ade62e22c1ae..ca1fb70c0e4b2 100644 --- a/docs/snyk/v2.8.18/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:25:26 am (UTC+00:00)

    +

    March 24th 2024, 12:17:49 am (UTC+00:00)

    Scanned the following paths: @@ -469,8 +469,8 @@

    Snyk test report

    -
    44 known vulnerabilities
    -
    130 vulnerable dependency paths
    +
    42 known vulnerabilities
    +
    121 vulnerable dependency paths
    786 dependencies
    @@ -655,7 +655,7 @@

    Remediation

    Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

    References

    @@ -818,14 +818,14 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    References

    @@ -904,7 +904,6 @@

    References

    -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.7.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.11.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Heap-based Buffer Overflow

    @@ -1236,7 +1154,6 @@

    Remediation

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

    References

    @@ -1386,13 +1303,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

    References

    @@ -1545,18 +1462,18 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

    References

    @@ -1707,20 +1624,20 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    References

    @@ -1875,14 +1792,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

    References

    @@ -2046,10 +1962,6 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • -
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • -
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -2196,14 +2108,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    References

    @@ -2734,18 +2645,13 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
    • -
  • GitHub Commit
    • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • GitHub Issue
  • GitHub Issue
    • -
  • GitHub PR
  • Go Forum
  • Google Groups Forum
    • -
  • Jenkins Advisory
  • Security Release
    • -
  • Nuclei Templates
    • @@ -4412,38 +4318,9 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    -

    References

    -
    @@ -4452,158 +4329,6 @@

    References

    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    diff --git a/docs/snyk/v2.10.9/haproxy_2.6.14-alpine.html b/docs/snyk/v2.9.9/haproxy_2.6.14-alpine.html similarity index 78% rename from docs/snyk/v2.10.9/haproxy_2.6.14-alpine.html rename to docs/snyk/v2.9.9/haproxy_2.6.14-alpine.html index 22f27bd619126..22d46e565dc6f 100644 --- a/docs/snyk/v2.10.9/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.9.9/haproxy_2.6.14-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 5th 2024, 12:20:52 am (UTC+00:00)

    +

    March 24th 2024, 12:17:53 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    6 known vulnerabilities
    -
    54 vulnerable dependency paths
    +
    5 known vulnerabilities
    +
    45 vulnerable dependency paths
    18 dependencies
    @@ -660,14 +660,14 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    References

    @@ -844,14 +844,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

    References

    @@ -1037,10 +1036,6 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • -
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • -
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -1209,14 +1204,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    References

    @@ -1363,38 +1357,9 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    -

    References

    -
    @@ -1403,180 +1368,6 @@

    References

    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    diff --git a/docs/snyk/v2.8.18/quay.io_argoproj_argocd_v2.8.18.html b/docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html similarity index 89% rename from docs/snyk/v2.8.18/quay.io_argoproj_argocd_v2.8.18.html rename to docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html index b708770d0969c..704d480d51ff7 100644 --- a/docs/snyk/v2.8.18/quay.io_argoproj_argocd_v2.8.18.html +++ b/docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,23 +456,23 @@

    Snyk test report

    -

    May 5th 2024, 12:25:52 am (UTC+00:00)

    +

    March 24th 2024, 12:18:09 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.8.18/argoproj/argocd/Dockerfile (deb)
      • -
    • quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.8.18/kustomize/kustomize/v5//usr/local/bin/kustomize (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.8.18/helm/v3//usr/local/bin/helm (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.8.18/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.9.9/argoproj/argocd/Dockerfile (deb)
      • +
    • quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.9.9//usr/local/bin/kustomize (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.9.9/helm/v3//usr/local/bin/helm (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.9.9/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    36 known vulnerabilities
    -
    170 vulnerable dependency paths
    -
    2120 dependencies
    +
    179 vulnerable dependency paths
    +
    2189 dependencies
    @@ -480,86 +480,6 @@

    Snyk test report

    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.19.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - golang.org/x/net/http2@v0.19.0 - - - -
      • -
    • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/net/http2@v0.8.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -

    Denial of Service (DoS)

    @@ -572,7 +492,7 @@

    Denial of Service (DoS)

    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -580,12 +500,12 @@

      Denial of Service (DoS)

    • Vulnerable module: - golang.org/x/net/http2 + google.golang.org/grpc
    • Introduced through: - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.8.0 + github.com/argoproj/argo-cd/v2@* and google.golang.org/grpc@v1.56.2
    @@ -598,9 +518,9 @@

    Detailed paths

    • Introduced through: - helm.sh/helm/v3@* + github.com/argoproj/argo-cd/v2@* - golang.org/x/net/http2@v0.8.0 + google.golang.org/grpc@v1.56.2 @@ -612,15 +532,14 @@

      Detailed paths

      Overview

      -

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      +

      google.golang.org/grpc is a Go implementation of gRPC

      Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

      Remediation

      -

      Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

      +

      Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

      References

    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/go-jose/go-jose/v3@v3.0.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    +

    More about this vulnerability

    -
    -

    Directory Traversal

    +
    +

    CVE-2020-22916

    -
    - high severity +
    + medium severity
    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • Vulnerable module: - github.com/cyphar/filepath-securejoin + xz-utils/liblzma5
    • Introduced through: - helm.sh/helm/v3@* and github.com/cyphar/filepath-securejoin@v0.2.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 and xz-utils/liblzma5@5.2.5-2ubuntu1
    @@ -761,9 +599,9 @@

    Detailed paths

    • Introduced through: - helm.sh/helm/v3@* + docker-image|quay.io/argoproj/argocd@v2.9.9 - github.com/cyphar/filepath-securejoin@v0.2.3 + xz-utils/liblzma5@5.2.5-2ubuntu1 @@ -774,47 +612,33 @@

      Detailed paths

      -

      Overview

      -

      Affected versions of this package are vulnerable to Directory Traversal via the filepath.FromSlash() function, allwoing attackers to generate paths that were outside of the provided rootfs.

      -

      Note: - This vulnerability is only exploitable on Windows OS.

      -

      Details

      -

      A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.

      -

      Directory Traversal vulnerabilities can be generally divided into two types:

      -
        -
      • Information Disclosure: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.
        • -
      -

      st is a module for serving static files on web pages, and contains a vulnerability of this type. In our example, we will serve files from the public route.

      -

      If an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.

      - 
      curl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa
-
      -

      Note %2e is the URL encoded version of . (dot).

      -
        -
      • Writing arbitrary files: Allows the attacker to create or replace existing files. This type of vulnerability is also known as Zip-Slip.
        • -
      -

      One way to achieve this is by using a malicious zip archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.

      -

      The following is an example of a zip archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in /root/.ssh/ overwriting the authorized_keys file:

      - 
      2018-04-15 22:04:29 .....           19           19  good.txt
-        2018-04-15 22:04:42 .....           20           20  ../../../../../../root/.ssh/authorized_keys
-
      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream xz-utils package and not the xz-utils package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.

      Remediation

      -

      Upgrade github.com/cyphar/filepath-securejoin to version 0.2.4 or higher.

      +

      There is no fixed version for Ubuntu:22.04 xz-utils.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2020-22916

    +

    CVE-2023-51767

    @@ -825,7 +649,7 @@

    CVE-2020-22916

    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -833,12 +657,12 @@

      CVE-2020-22916

    • Vulnerable module: - xz-utils/liblzma5 + openssh/openssh-client
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and xz-utils/liblzma5@5.2.5-2ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.9.9 and openssh/openssh-client@1:8.9p1-3ubuntu0.6
    @@ -851,9 +675,9 @@

    Detailed paths

    @@ -901,7 +725,7 @@

    Information Exposure

    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -914,7 +738,7 @@

      Information Exposure

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and libgcrypt20@1.9.4-3ubuntu3 + docker-image|quay.io/argoproj/argocd@v2.9.9 and libgcrypt20@1.9.4-3ubuntu3
    @@ -927,7 +751,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 libgcrypt20@1.9.4-3ubuntu3 @@ -936,7 +760,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -947,7 +771,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -958,11 +782,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 libgcrypt20@1.9.4-3ubuntu3 @@ -971,9 +795,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - apt@2.4.12 + apt@2.4.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -984,7 +808,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -997,7 +821,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1010,7 +834,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1023,7 +847,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1036,7 +860,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1049,7 +873,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1062,11 +886,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -1092,7 +916,6 @@

      References

    • http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236
    • https://access.redhat.com/security/cve/CVE-2024-2236
    • https://bugzilla.redhat.com/show_bug.cgi?id=2268268
      • -
    • https://bugzilla.redhat.com/show_bug.cgi?id=2245218
    @@ -1114,7 +937,7 @@

    CVE-2024-26461

    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -1127,7 +950,7 @@

      CVE-2024-26461

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -1140,7 +963,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1149,7 +972,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1170,7 +993,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1193,7 +1016,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1202,7 +1025,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1223,7 +1046,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1232,9 +1055,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1243,11 +1066,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1256,11 +1079,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1271,7 +1094,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1290,7 +1113,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1334,7 +1157,7 @@

      CVE-2024-26462

      • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -1347,7 +1170,7 @@

        CVE-2024-26462

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
      @@ -1360,7 +1183,7 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1369,7 +1192,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1390,7 +1213,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1413,7 +1236,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1422,7 +1245,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1443,7 +1266,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1452,9 +1275,9 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1463,11 +1286,11 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1476,11 +1299,11 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1491,7 +1314,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1510,7 +1333,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1554,7 +1377,7 @@

        CVE-2024-26458

        • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:22.04 @@ -1567,7 +1390,7 @@

          CVE-2024-26458

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
        @@ -1580,7 +1403,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1589,7 +1412,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1610,7 +1433,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1633,7 +1456,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1642,7 +1465,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1663,7 +1486,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1672,9 +1495,9 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1683,11 +1506,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1696,11 +1519,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1711,7 +1534,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1730,7 +1553,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1774,7 +1597,7 @@

          LGPL-3.0 license

          • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
          • Package Manager: golang @@ -1834,7 +1657,7 @@

            Infinite loop

            • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
            • Package Manager: golang @@ -1905,7 +1728,7 @@

              Stack-based Buffer Overflow

              • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
              • Package Manager: golang @@ -1973,7 +1796,7 @@

                Infinite loop

                • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
                • Package Manager: golang @@ -2033,7 +1856,7 @@

                  References

    -

    Allocation of Resources Without Limits or Throttling

    +

    Authentication Bypass by Capture-replay

    @@ -2044,7 +1867,7 @@

    Allocation of Resources Without Limits or Throttling

  • - Manifest file: quay.io/argoproj/argocd:v2.8.18/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
  • Package Manager: golang @@ -2052,12 +1875,12 @@

    Allocation of Resources Without Limits or Throttling

    Vulnerable module: - golang.org/x/net/http2 + golang.org/x/crypto/ssh
  • Introduced through: - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.8.0 + github.com/argoproj/argo-cd/v2@* and golang.org/x/crypto/ssh@v0.16.0
    • @@ -2070,9 +1893,9 @@

    Detailed paths

    • Introduced through: - helm.sh/helm/v3@* + github.com/argoproj/argo-cd/v2@* - golang.org/x/net/http2@v0.8.0 + golang.org/x/crypto/ssh@v0.16.0 @@ -2084,28 +1907,49 @@

      Detailed paths

      Overview

      -

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      -

      Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when MaxConcurrentStreams handler goroutines running. A a handler is started until one of the existing handlers exits.

      +

      golang.org/x/crypto/ssh is a SSH client and server

      +

      Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

      Note:

      -

      This issue is related to CVE-2023-44487

      +
        +

      1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

        +
        2. +

      2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

        +
        3. +
      +

      Impact:

      +

      While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

      +

      Workaround

      +

      Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

      Remediation

      -

      Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

      +

      Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Authentication Bypass by Capture-replay

    +

    Information Exposure

    @@ -2116,20 +1960,20 @@

    Authentication Bypass by Capture-replay

    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • Vulnerable module: - golang.org/x/crypto/ssh + gnutls28/libgnutls30
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and golang.org/x/crypto/ssh@v0.16.0 + docker-image|quay.io/argoproj/argocd@v2.9.9 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4
    @@ -2142,9 +1986,74 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.9.9 - golang.org/x/crypto/ssh@v0.16.0 + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + apt@2.4.11 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 @@ -2155,50 +2064,162 @@

      Detailed paths

      -

      Overview

      -

      golang.org/x/crypto/ssh is a SSH client and server

      -

      Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

      -

      Note:

      -
        -

      1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

        -
        2. -

      2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

        -
        3. -
      -

      Impact:

      -

      While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

      -

      Workaround

      -

      Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

      Remediation

      -

      Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

      +

      There is no fixed version for Ubuntu:22.04 gnutls28.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

      +
      + +
    +
    +

    Uncaught Exception

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + gnutls28/libgnutls30 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.9.9 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + apt@2.4.11 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 gnutls28.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    @@ -2214,7 +2235,7 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -2274,7 +2295,7 @@

      MPL-2.0 license

      • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
      • Package Manager: golang @@ -2334,7 +2355,7 @@

        MPL-2.0 license

        • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
        • Package Manager: golang @@ -2394,7 +2415,7 @@

          MPL-2.0 license

          • - Manifest file: quay.io/argoproj/argocd:v2.8.18/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.9.9/helm/v3 /usr/local/bin/helm
          • Package Manager: golang @@ -2454,7 +2475,7 @@

            MPL-2.0 license

            • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
            • Package Manager: golang @@ -2514,7 +2535,7 @@

              MPL-2.0 license

              • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
              • Package Manager: golang @@ -2574,7 +2595,7 @@

                Improper Handling of Highly Compressed Data (Data Amplif
                • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
                • Package Manager: golang @@ -2587,7 +2608,7 @@

                  Improper Handling of Highly Compressed Data (Data Amplif
                • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.0 + github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.1

                @@ -2602,7 +2623,7 @@

                Detailed paths

                Introduced through: github.com/argoproj/argo-cd/v2@* - github.com/go-jose/go-jose/v3@v3.0.0 + github.com/go-jose/go-jose/v3@v3.0.1 @@ -2630,6 +2651,76 @@

                References

                More about this vulnerability

    +
    +
    +

    Out-of-bounds Write

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + bash +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.9.9 and bash@5.1-6ubuntu1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + bash@5.1-6ubuntu1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream bash package and not the bash package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 bash to version 5.1-6ubuntu1.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    CVE-2023-7008

    @@ -2643,7 +2734,7 @@

    CVE-2023-7008

    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2656,7 +2747,7 @@

      CVE-2023-7008

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and systemd/libsystemd0@249.11-0ubuntu3.12 + docker-image|quay.io/argoproj/argocd@v2.9.9 and systemd/libsystemd0@249.11-0ubuntu3.12
    @@ -2669,7 +2760,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2678,9 +2769,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - apt@2.4.12 + apt@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2689,7 +2780,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 procps/libprocps8@2:3.3.17-6ubuntu2.1 @@ -2700,9 +2791,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2711,9 +2802,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - util-linux/bsdutils@1:2.37.2-4ubuntu3.4 + util-linux/bsdutils@1:2.37.2-4ubuntu3 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2722,11 +2813,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2735,7 +2826,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 systemd/libudev1@249.11-0ubuntu3.12 @@ -2744,7 +2835,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 libfido2/libfido2-1@1.10.0-1 @@ -2755,9 +2846,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 systemd/libudev1@249.11-0ubuntu3.12 @@ -2766,11 +2857,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libudev1@249.11-0ubuntu3.12 @@ -2798,7 +2889,6 @@

      References

    • https://github.com/systemd/systemd/issues/25676
    • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/
    • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/
      • -
    • https://access.redhat.com/errata/RHSA-2024:2463
    @@ -2820,7 +2910,7 @@

    Arbitrary Code Injection

    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2833,7 +2923,7 @@

      Arbitrary Code Injection

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and shadow/passwd@1:4.8.1-2ubuntu2.2 + docker-image|quay.io/argoproj/argocd@v2.9.9 and shadow/passwd@1:4.8.1-2ubuntu2.2
    @@ -2846,7 +2936,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 shadow/passwd@1:4.8.1-2ubuntu2.2 @@ -2855,7 +2945,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -2866,9 +2956,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 shadow/passwd@1:4.8.1-2ubuntu2.2 @@ -2877,7 +2967,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 shadow/login@1:4.8.1-2ubuntu2.2 @@ -2924,7 +3014,7 @@

      Uncontrolled Recursion

      • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -2937,7 +3027,7 @@

        Uncontrolled Recursion

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.9.9 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
      @@ -2950,7 +3040,7 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -2959,7 +3049,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 grep@3.7-1build1 @@ -2982,15 +3072,15 @@

        Remediation

        There is no fixed version for Ubuntu:22.04 pcre3.

        References

        @@ -3012,7 +3102,7 @@

        Release of Invalid Pointer or Reference

        • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:22.04 @@ -3025,7 +3115,7 @@

          Release of Invalid Pointer or Reference

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.9.9 and patch@2.7.6-7build2
        @@ -3038,7 +3128,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 patch@2.7.6-7build2 @@ -3082,7 +3172,7 @@

          Double Free

          • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
          • Package Manager: ubuntu:22.04 @@ -3095,7 +3185,7 @@

            Double Free

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.9.9 and patch@2.7.6-7build2
          @@ -3108,7 +3198,7 @@

          Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 patch@2.7.6-7build2 @@ -3129,13 +3219,13 @@

            Remediation

            There is no fixed version for Ubuntu:22.04 patch.

            References

            @@ -3157,7 +3247,7 @@

            CVE-2023-50495

            • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
            • Package Manager: ubuntu:22.04 @@ -3170,7 +3260,7 @@

              CVE-2023-50495

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.9.9 and ncurses/libtinfo6@6.3-2ubuntu0.1
            @@ -3183,7 +3273,7 @@

            Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3192,9 +3282,9 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - bash@5.1-6ubuntu1.1 + bash@5.1-6ubuntu1 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3203,7 +3293,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3214,9 +3304,9 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - less@590-1ubuntu0.22.04.3 + less@590-1ubuntu0.22.04.2 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3225,7 +3315,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 libedit/libedit2@3.1-20210910-1build1 @@ -3236,7 +3326,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3247,7 +3337,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3258,7 +3348,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 procps@2:3.3.17-6ubuntu2.1 @@ -3269,9 +3359,9 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3280,7 +3370,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3295,7 +3385,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3310,7 +3400,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3319,7 +3409,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 procps@2:3.3.17-6ubuntu2.1 @@ -3330,7 +3420,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3345,7 +3435,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3354,7 +3444,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 procps@2:3.3.17-6ubuntu2.1 @@ -3365,7 +3455,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/ncurses-base@6.3-2ubuntu0.1 @@ -3374,7 +3464,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3421,7 +3511,7 @@

              CVE-2023-45918

              • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
              • Package Manager: ubuntu:22.04 @@ -3434,7 +3524,7 @@

                CVE-2023-45918

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.9.9 and ncurses/libtinfo6@6.3-2ubuntu0.1
              @@ -3447,7 +3537,7 @@

              Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3456,9 +3546,9 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - bash@5.1-6ubuntu1.1 + bash@5.1-6ubuntu1 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3467,7 +3557,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3478,9 +3568,9 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - less@590-1ubuntu0.22.04.3 + less@590-1ubuntu0.22.04.2 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3489,7 +3579,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 libedit/libedit2@3.1-20210910-1build1 @@ -3500,7 +3590,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3511,7 +3601,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3522,7 +3612,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 procps@2:3.3.17-6ubuntu2.1 @@ -3533,9 +3623,9 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3544,7 +3634,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3559,7 +3649,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3574,7 +3664,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3583,7 +3673,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 procps@2:3.3.17-6ubuntu2.1 @@ -3594,7 +3684,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3609,7 +3699,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3618,7 +3708,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 procps@2:3.3.17-6ubuntu2.1 @@ -3629,7 +3719,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/ncurses-base@6.3-2ubuntu0.1 @@ -3638,7 +3728,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3683,7 +3773,7 @@

                Resource Exhaustion

                • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
                • Package Manager: ubuntu:22.04 @@ -3696,7 +3786,7 @@

                  Resource Exhaustion

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and libzstd/libzstd1@1.4.8+dfsg-3build1 + docker-image|quay.io/argoproj/argocd@v2.9.9 and libzstd/libzstd1@1.4.8+dfsg-3build1
                @@ -3709,7 +3799,7 @@

                Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 libzstd/libzstd1@1.4.8+dfsg-3build1 @@ -3730,15 +3820,15 @@

                  Remediation

                  There is no fixed version for Ubuntu:22.04 libzstd.

                  References

                  @@ -3760,7 +3850,7 @@

                  Integer Overflow or Wraparound

                  • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
                  • Package Manager: ubuntu:22.04 @@ -3773,7 +3863,7 @@

                    Integer Overflow or Wraparound

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
                  @@ -3786,7 +3876,7 @@

                  Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -3795,7 +3885,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -3816,7 +3906,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -3839,7 +3929,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -3848,7 +3938,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -3869,7 +3959,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -3878,9 +3968,9 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -3889,11 +3979,11 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -3902,11 +3992,11 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -3917,7 +4007,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -3936,7 +4026,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -3984,7 +4074,7 @@

                    Out-of-bounds Write

                    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
                    • Package Manager: ubuntu:22.04 @@ -3997,7 +4087,7 @@

                      Out-of-bounds Write

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.9.9 and gnupg2/gpgv@2.2.27-3ubuntu2.1
                    @@ -4010,7 +4100,7 @@

                    Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -4019,9 +4109,9 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - apt@2.4.12 + apt@2.4.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -4030,7 +4120,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4041,7 +4131,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -4052,7 +4142,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -4063,7 +4153,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4076,7 +4166,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4089,7 +4179,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -4098,7 +4188,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4109,7 +4199,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4122,7 +4212,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -4131,7 +4221,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4142,7 +4232,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -4151,7 +4241,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4162,7 +4252,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -4171,7 +4261,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4182,7 +4272,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4195,7 +4285,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4208,7 +4298,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -4217,7 +4307,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4228,7 +4318,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4241,7 +4331,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4254,7 +4344,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -4263,7 +4353,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4274,7 +4364,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -4283,7 +4373,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4294,7 +4384,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -4303,7 +4393,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4314,7 +4404,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4335,13 +4425,13 @@

                      Remediation

                      There is no fixed version for Ubuntu:22.04 gnupg2.

                      References

                      @@ -4363,7 +4453,7 @@

                      Allocation of Resources Without Limits or Throttling

                    • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
                    • Package Manager: ubuntu:22.04 @@ -4376,7 +4466,7 @@

                      Allocation of Resources Without Limits or Throttling

                      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and glibc/libc-bin@2.35-0ubuntu3.7 + docker-image|quay.io/argoproj/argocd@v2.9.9 and glibc/libc-bin@2.35-0ubuntu3.6
                    @@ -4389,18 +4479,18 @@

                    Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - glibc/libc-bin@2.35-0ubuntu3.7 + glibc/libc-bin@2.35-0ubuntu3.6
                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - glibc/libc6@2.35-0ubuntu3.7 + glibc/libc6@2.35-0ubuntu3.6 @@ -4419,10 +4509,10 @@

                      Remediation

                      There is no fixed version for Ubuntu:22.04 glibc.

                      References

                      @@ -4444,7 +4534,7 @@

                      Improper Input Validation

                      • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
                      • Package Manager: ubuntu:22.04 @@ -4458,7 +4548,7 @@

                        Improper Input Validation

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18, git@1:2.34.1-1ubuntu1.10 and others + docker-image|quay.io/argoproj/argocd@v2.9.9, git@1:2.34.1-1ubuntu1.10 and others
                      @@ -4470,7 +4560,7 @@

                      Detailed paths

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 git@1:2.34.1-1ubuntu1.10 @@ -4481,7 +4571,7 @@

                        Detailed paths

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 git@1:2.34.1-1ubuntu1.10 @@ -4490,7 +4580,7 @@

                        Detailed paths

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 git-lfs@3.0.2-1ubuntu0.2 @@ -4513,8 +4603,8 @@

                        Remediation

                        There is no fixed version for Ubuntu:22.04 git.

                        References

                        @@ -4537,7 +4627,7 @@

                        Uncontrolled Recursion

                        • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
                        • Package Manager: ubuntu:22.04 @@ -4550,7 +4640,7 @@

                          Uncontrolled Recursion

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 + docker-image|quay.io/argoproj/argocd@v2.9.9 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04
                        @@ -4563,7 +4653,7 @@

                        Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4572,9 +4662,9 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - apt@2.4.12 + apt@2.4.11 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4583,11 +4673,11 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4596,7 +4686,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 @@ -4605,7 +4695,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 @@ -4652,7 +4742,7 @@

                          Improper Input Validation

                          • - Manifest file: quay.io/argoproj/argocd:v2.8.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
                          • Package Manager: ubuntu:22.04 @@ -4665,7 +4755,7 @@

                            Improper Input Validation

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 and coreutils@8.32-4.1ubuntu1.2 + docker-image|quay.io/argoproj/argocd@v2.9.9 and coreutils@8.32-4.1ubuntu1.1
                          @@ -4678,9 +4768,9 @@

                          Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.18 + docker-image|quay.io/argoproj/argocd@v2.9.9 - coreutils@8.32-4.1ubuntu1.2 + coreutils@8.32-4.1ubuntu1.1 @@ -4699,12 +4789,12 @@

                            Remediation

                            There is no fixed version for Ubuntu:22.04 coreutils.

                            References

                            diff --git a/docs/snyk/v2.9.9/redis_7.0.11-alpine.html b/docs/snyk/v2.9.9/redis_7.0.11-alpine.html new file mode 100644 index 0000000000000..55538b9b23982 --- /dev/null +++ b/docs/snyk/v2.9.9/redis_7.0.11-alpine.html @@ -0,0 +1,2032 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
                            +
                            +
                            +
                            + + + Snyk - Open Source Security + + + + + + + +
                            +

                            Snyk test report

                            + +

                            March 24th 2024, 12:18:14 am (UTC+00:00)

                            +
                            +
                            + Scanned the following path: +
                              +
                            • redis:7.0.11-alpine (apk)
                              • +
                            +
                            + +
                            +
                            9 known vulnerabilities
                            +
                            77 vulnerable dependency paths
                            +
                            18 dependencies
                            +
                            +
                            +
                            +
                            +
                            + + + + + + + +
                            Project docker-image|redis
                            Path redis:7.0.11-alpine
                            Package Manager apk
                            +
                            +
                            +
                            +
                            +

                            Out-of-bounds Write

                            +
                            + +
                            + critical severity +
                            + +
                            + +
                              +
                            • + Package Manager: alpine:3.18 +
                              • +
                            • + Vulnerable module: + + busybox/busybox +
                              • + +
                            • Introduced through: + + docker-image|redis@7.0.11-alpine and busybox/busybox@1.36.1-r0 + +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/busybox@1.36.1-r0 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + alpine-baselayout/alpine-baselayout@3.4.3-r1 + + busybox/busybox-binsh@1.36.1-r0 + + busybox/busybox@1.36.1-r0 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/busybox-binsh@1.36.1-r0 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + alpine-baselayout/alpine-baselayout@3.4.3-r1 + + busybox/busybox-binsh@1.36.1-r0 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + + +
                              • +
                            + +
                            + +
                            + +

                            NVD Description

                            +

                            Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

                            +

                            There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

                            +

                            Remediation

                            +

                            Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

                            +

                            References

                            + + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            CVE-2023-5363

                            +
                            + +
                            + high severity +
                            + +
                            + +
                              +
                            • + Package Manager: alpine:3.18 +
                              • +
                            • + Vulnerable module: + + openssl/libcrypto3 +
                              • + +
                            • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            + +
                            + +
                            + +

                            NVD Description

                            +

                            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

                            +

                            Issue summary: A bug has been identified in the processing of key and + initialisation vector (IV) lengths. This can lead to potential truncation + or overruns during the initialisation of some symmetric ciphers.

                            +

                            Impact summary: A truncation in the IV can result in non-uniqueness, + which could result in loss of confidentiality for some cipher modes.

                            +

                            When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or + EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after + the key and IV have been established. Any alterations to the key length, + via the "keylen" parameter or the IV length, via the "ivlen" parameter, + within the OSSL_PARAM array will not take effect as intended, potentially + causing truncation or overreading of these values. The following ciphers + and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

                            +

                            For the CCM, GCM and OCB cipher modes, truncation of the IV can result in + loss of confidentiality. For example, when following NIST's SP 800-38D + section 8.2.1 guidance for constructing a deterministic IV for AES in + GCM mode, truncation of the counter portion could lead to IV reuse.

                            +

                            Both truncations and overruns of the key and overruns of the IV will + produce incorrect results and could, in some cases, trigger a memory + exception. However, these issues are not currently assessed as security + critical.

                            +

                            Changing the key and/or IV lengths is not considered to be a common operation + and the vulnerable API was recently introduced. Furthermore it is likely that + application developers will have spotted this problem during testing since + decryption would fail unless both peers in the communication were similarly + vulnerable. For these reasons we expect the probability of an application being + vulnerable to this to be quite low. However if an application is vulnerable then + this issue is considered very serious. For these reasons we have assessed this + issue as Moderate severity overall.

                            +

                            The OpenSSL SSL/TLS implementation is not affected by this issue.

                            +

                            The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because + the issue lies outside of the FIPS provider boundary.

                            +

                            OpenSSL 3.1 and 3.0 are vulnerable to this issue.

                            +

                            Remediation

                            +

                            Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

                            +

                            References

                            + + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            Improper Authentication

                            +
                            + +
                            + medium severity +
                            + +
                            + +
                              +
                            • + Package Manager: alpine:3.18 +
                              • +
                            • + Vulnerable module: + + openssl/libcrypto3 +
                              • + +
                            • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            + +
                            + +
                            + +

                            NVD Description

                            +

                            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

                            +

                            Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

                            +

                            Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

                            +

                            The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

                            +

                            As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

                            +

                            Remediation

                            +

                            Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

                            +

                            References

                            + + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            Inefficient Regular Expression Complexity

                            +
                            + +
                            + medium severity +
                            + +
                            + +
                              +
                            • + Package Manager: alpine:3.18 +
                              • +
                            • + Vulnerable module: + + openssl/libcrypto3 +
                              • + +
                            • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            + +
                            + +
                            + +

                            NVD Description

                            +

                            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

                            +

                            Issue summary: Checking excessively long DH keys or parameters may be very slow.

                            +

                            Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

                            +

                            The function DH_check() performs various checks on DH parameters. One of those + checks confirms that the modulus ('p' parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use a modulus which + is over 10,000 bits in length.

                            +

                            However the DH_check() function checks numerous aspects of the key or parameters + that have been supplied. Some of those checks use the supplied modulus value + even if it has already been found to be too large.

                            +

                            An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulernable to a Denial of Service attack.

                            +

                            The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

                            +

                            Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the '-check' option.

                            +

                            The OpenSSL SSL/TLS implementation is not affected by this issue. + The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

                            +

                            Remediation

                            +

                            Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

                            +

                            References

                            + + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            Excessive Iteration

                            +
                            + +
                            + medium severity +
                            + +
                            + +
                              +
                            • + Package Manager: alpine:3.18 +
                              • +
                            • + Vulnerable module: + + openssl/libcrypto3 +
                              • + +
                            • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            + +
                            + +
                            + +

                            NVD Description

                            +

                            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

                            +

                            Issue summary: Checking excessively long DH keys or parameters may be very slow.

                            +

                            Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

                            +

                            The function DH_check() performs various checks on DH parameters. After fixing + CVE-2023-3446 it was discovered that a large q parameter value can also trigger + an overly long computation during some of these checks. A correct q value, + if present, cannot be larger than the modulus p parameter, thus it is + unnecessary to perform these checks if q is larger than p.

                            +

                            An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulnerable to a Denial of Service attack.

                            +

                            The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

                            +

                            Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the "-check" option.

                            +

                            The OpenSSL SSL/TLS implementation is not affected by this issue.

                            +

                            The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

                            +

                            Remediation

                            +

                            Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

                            +

                            References

                            + + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            Improper Check for Unusual or Exceptional Conditions

                            +
                            + +
                            + medium severity +
                            + +
                            + +
                              +
                            • + Package Manager: alpine:3.18 +
                              • +
                            • + Vulnerable module: + + openssl/libcrypto3 +
                              • + +
                            • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            + +
                            + +
                            + +

                            NVD Description

                            +

                            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

                            +

                            Issue summary: Generating excessively long X9.42 DH keys or checking + excessively long X9.42 DH keys or parameters may be very slow.

                            +

                            Impact summary: Applications that use the functions DH_generate_key() to + generate an X9.42 DH key may experience long delays. Likewise, applications + that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() + to check an X9.42 DH key or X9.42 DH parameters may experience long delays. + Where the key or parameters that are being checked have been obtained from + an untrusted source this may lead to a Denial of Service.

                            +

                            While DH_check() performs all the necessary checks (as of CVE-2023-3817), + DH_check_pub_key() doesn't make any of these checks, and is therefore + vulnerable for excessively large P and Q parameters.

                            +

                            Likewise, while DH_generate_key() performs a check for an excessively large + P, it doesn't check for an excessively large Q.

                            +

                            An application that calls DH_generate_key() or DH_check_pub_key() and + supplies a key or parameters obtained from an untrusted source could be + vulnerable to a Denial of Service attack.

                            +

                            DH_generate_key() and DH_check_pub_key() are also called by a number of + other OpenSSL functions. An application calling any of those other + functions may similarly be affected. The other functions affected by this + are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

                            +

                            Also vulnerable are the OpenSSL pkey command line application when using the + "-pubcheck" option, as well as the OpenSSL genpkey command line application.

                            +

                            The OpenSSL SSL/TLS implementation is not affected by this issue.

                            +

                            The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

                            +

                            Remediation

                            +

                            Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

                            +

                            References

                            + + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            Out-of-bounds Write

                            +
                            + +
                            + medium severity +
                            + +
                            + +
                              +
                            • + Package Manager: alpine:3.18 +
                              • +
                            • + Vulnerable module: + + openssl/libcrypto3 +
                              • + +
                            • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            + +
                            + +
                            + +

                            NVD Description

                            +

                            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

                            +

                            Issue summary: The POLY1305 MAC (message authentication code) implementation + contains a bug that might corrupt the internal state of applications running + on PowerPC CPU based platforms if the CPU provides vector instructions.

                            +

                            Impact summary: If an attacker can influence whether the POLY1305 MAC + algorithm is used, the application state might be corrupted with various + application dependent consequences.

                            +

                            The POLY1305 MAC (message authentication code) implementation in OpenSSL for + PowerPC CPUs restores the contents of vector registers in a different order + than they are saved. Thus the contents of some of these vector registers + are corrupted when returning to the caller. The vulnerable code is used only + on newer PowerPC processors supporting the PowerISA 2.07 instructions.

                            +

                            The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the application + process. However unless the compiler uses the vector registers for storing + pointers, the most likely consequence, if any, would be an incorrect result + of some application dependent calculations or a crash leading to a denial of + service.

                            +

                            The POLY1305 MAC algorithm is most frequently used as part of the + CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) + algorithm. The most common usage of this AEAD cipher is with TLS protocol + versions 1.2 and 1.3. If this cipher is enabled on the server a malicious + client can influence whether this AEAD cipher is used. This implies that + TLS server applications using OpenSSL can be potentially impacted. However + we are currently not aware of any concrete application that would be affected + by this issue therefore we consider this a Low severity security issue.

                            +

                            Remediation

                            +

                            Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

                            +

                            References

                            + + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            CVE-2024-0727

                            +
                            + +
                            + medium severity +
                            + +
                            + +
                              +
                            • + Package Manager: alpine:3.18 +
                              • +
                            • + Vulnerable module: + + openssl/libcrypto3 +
                              • + +
                            • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            + +
                            + +
                            + +

                            NVD Description

                            +

                            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

                            +

                            Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL + to crash leading to a potential Denial of Service attack

                            +

                            Impact summary: Applications loading files in the PKCS12 format from untrusted + sources might terminate abruptly.

                            +

                            A file in PKCS12 format can contain certificates and keys and may come from an + untrusted source. The PKCS12 specification allows certain fields to be NULL, but + OpenSSL does not correctly check for this case. This can lead to a NULL pointer + dereference that results in OpenSSL crashing. If an application processes PKCS12 + files from an untrusted source using the OpenSSL APIs then that application will + be vulnerable to this issue.

                            +

                            OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), + PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() + and PKCS12_newpass().

                            +

                            We have also fixed a similar issue in SMIME_write_PKCS7(). However since this + function is related to writing data we do not consider it security significant.

                            +

                            The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

                            +

                            Remediation

                            +

                            Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

                            +

                            References

                            + + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            CVE-2023-6237

                            +
                            + +
                            + low severity +
                            + +
                            + +
                              +
                            • + Package Manager: alpine:3.18 +
                              • +
                            • + Vulnerable module: + + openssl/libcrypto3 +
                              • + +
                            • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 + +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
                              • +
                            + +
                            + +
                            + +

                            NVD Description

                            +

                            This vulnerability has not been analyzed by NVD yet.

                            +

                            Remediation

                            +

                            Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

                            + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +
                            +
                            + + + diff --git a/docs/user-guide/commands/argocd_admin.md b/docs/user-guide/commands/argocd_admin.md index 4375c7f2e3cae..0aa338f1570e2 100644 --- a/docs/user-guide/commands/argocd_admin.md +++ b/docs/user-guide/commands/argocd_admin.md @@ -64,6 +64,7 @@ $ argocd admin initial-password reset * [argocd admin initial-password](argocd_admin_initial-password.md) - Prints initial password to log in to Argo CD for the first time * [argocd admin notifications](argocd_admin_notifications.md) - Set of CLI commands that helps manage notifications settings * [argocd admin proj](argocd_admin_proj.md) - Manage projects configuration +* [argocd admin redis-initial-password](argocd_admin_redis-initial-password.md) - Ensure the Redis password exists, creating a new one if necessary. * [argocd admin repo](argocd_admin_repo.md) - Manage repositories configuration * [argocd admin settings](argocd_admin_settings.md) - Provides set of commands for settings validation and troubleshooting diff --git a/docs/user-guide/commands/argocd_admin_redis-initial-password.md b/docs/user-guide/commands/argocd_admin_redis-initial-password.md new file mode 100644 index 0000000000000..85e56195758dd --- /dev/null +++ b/docs/user-guide/commands/argocd_admin_redis-initial-password.md @@ -0,0 +1,67 @@ +# `argocd admin redis-initial-password` Command Reference + +## argocd admin redis-initial-password + +Ensure the Redis password exists, creating a new one if necessary. + +``` +argocd admin redis-initial-password [flags] +``` + +### Options + +``` + --as string Username to impersonate for the operation + --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. + --as-uid string UID to impersonate for the operation + --certificate-authority string Path to a cert file for the certificate authority + --client-certificate string Path to a client certificate file for TLS + --client-key string Path to a client key file for TLS + --cluster string The name of the kubeconfig cluster to use + --context string The name of the kubeconfig context to use + --disable-compression If true, opt-out of response compression for all requests to the server + -h, --help help for redis-initial-password + --insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + --kubeconfig string Path to a kube config. Only required if out-of-cluster + -n, --namespace string If present, the namespace scope for this CLI request + --password string Password for basic authentication to the API server + --proxy-url string If provided, this URL will be used to connect via proxy + --request-timeout string The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0") + --server string The address and port of the Kubernetes API server + --tls-server-name string If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used. + --token string Bearer token for authentication to the API server + --user string The name of the kubeconfig user to use + --username string Username for basic authentication to the API server +``` + +### Options inherited from parent commands + +``` + --auth-token string Authentication token + --client-crt string Client certificate file + --client-crt-key string Client certificate key file + --config string Path to Argo CD config (default "/home/user/.config/argocd/config") + --controller-name string Name of the Argo CD Application controller; set this or the ARGOCD_APPLICATION_CONTROLLER_NAME environment variable when the controller's name label differs from the default, for example when installing via the Helm chart (default "argocd-application-controller") + --core If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server + --grpc-web Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. + --grpc-web-root-path string Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root. + -H, --header strings Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers) + --http-retry-max int Maximum number of retries to establish http connection to Argo CD server + --insecure Skip server certificate and domain verification + --kube-context string Directs the command to the given kube-context + --logformat string Set the logging format. One of: text|json (default "text") + --loglevel string Set the logging level. One of: debug|info|warn|error (default "info") + --plaintext Disable TLS + --port-forward Connect to a random argocd-server port using port forwarding + --port-forward-namespace string Namespace name which should be used for port forwarding + --redis-haproxy-name string Name of the Redis HA Proxy; set this or the ARGOCD_REDIS_HAPROXY_NAME environment variable when the HA Proxy's name label differs from the default, for example when installing via the Helm chart (default "argocd-redis-ha-haproxy") + --redis-name string Name of the Redis deployment; set this or the ARGOCD_REDIS_NAME environment variable when the Redis's name label differs from the default, for example when installing via the Helm chart (default "argocd-redis") + --repo-server-name string Name of the Argo CD Repo server; set this or the ARGOCD_REPO_SERVER_NAME environment variable when the server's name label differs from the default, for example when installing via the Helm chart (default "argocd-repo-server") + --server-crt string Server certificate file + --server-name string Name of the Argo CD API server; set this or the ARGOCD_SERVER_NAME environment variable when the server's name label differs from the default, for example when installing via the Helm chart (default "argocd-server") +``` + +### SEE ALSO + +* [argocd admin](argocd_admin.md) - Contains a set of commands useful for Argo CD administrators and requires direct Kubernetes access + diff --git a/docs/user-guide/diff-strategies.md b/docs/user-guide/diff-strategies.md index ffd09660696ac..2890fe64cbb0e 100644 --- a/docs/user-guide/diff-strategies.md +++ b/docs/user-guide/diff-strategies.md @@ -114,7 +114,7 @@ metadata: ... ``` -Note: This annotation is only effective when Server-Side Diff is +Note: This annoation is only effective when Server-Side Diff is enabled. To enable both options for a given application add the following annotation in the Argo CD Application resource: diff --git a/docs/user-guide/diffing.md b/docs/user-guide/diffing.md index 95fe7f0ace3ac..2a69654b4aa1a 100644 --- a/docs/user-guide/diffing.md +++ b/docs/user-guide/diffing.md @@ -68,7 +68,7 @@ spec: The above configuration will ignore differences from all fields owned by `kube-controller-manager` for all resources belonging to this application. -If you have a slash `/` in your pointer path, you need to replace it with the `~1` character. For example: +If you have a slash `/` in your pointer path, you can use the `~1` character. For example: ```yaml spec: diff --git a/docs/user-guide/helm.md b/docs/user-guide/helm.md index 3b5a5de0dc262..c3b6aa0c6e8fa 100644 --- a/docs/user-guide/helm.md +++ b/docs/user-guide/helm.md @@ -72,22 +72,6 @@ source: - values-production.yaml ``` -If Helm is passed a non-existing value file during template expansion, it will error out. Missing -values files can be ignored (meaning, not passed to Helm) using the `--ignore-missing-value-files`. This can be -particularly helpful to implement a [default/override -pattern](https://github.com/argoproj/argo-cd/issues/7767#issue-1060611415) with [Application -Sets](./application-set.md). - -In the declarative syntax: -```yaml -source: - helm: - valueFiles: - - values-common.yaml - - values-optional-override.yaml - ignoreMissingValueFiles: true -``` - ## Values Argo CD supports the equivalent of a values file directly in the Application manifest using the `source.helm.valuesObject` key. @@ -217,28 +201,6 @@ the result will be param1=value5 The list of parameters seen in the ui is not what is used for resources, rather it is the values/valuesObject merged with parameters (see [this issue](https://github.com/argoproj/argo-cd/issues/9213) incase it has been resolved) As a workaround using parameters instead of values/valuesObject will provide a better overview of what will be used for resources -## Helm --set-file support - -The `--set-file` argument to helm can be used with the following syntax on -the cli: - -```bash -argocd app set helm-guestbook --helm-set-file some.key=path/to/file.ext -``` - -or using the fileParameters for yaml: - -```yaml -source: - helm: - fileParameters: - - name: some.key - value: path/to/file.ext -``` - -!!! warning "Reference in multiple sources not supported" - Please note that using a multiple sources application will not let you load the file by reference. See [argoproj/argo-cd#13220](https://github.com/argoproj/argo-cd/issues/13220) - ## Helm Release Name By default, the Helm release name is equal to the Application name to which it belongs. Sometimes, especially on a centralised Argo CD, diff --git a/docs/user-guide/kustomize.md b/docs/user-guide/kustomize.md index d8f5330667973..1aa876fb74224 100644 --- a/docs/user-guide/kustomize.md +++ b/docs/user-guide/kustomize.md @@ -212,7 +212,7 @@ argocd app set --kustomize-version v3.5.4 ## Build Environment -Kustomize apps have access to the [standard build environment](build-environment.md) which can be used in combination with a [config management plugin](../operator-manual/config-management-plugins.md) to alter the rendered manifests. +Kustomize apps have access to the [standard build environment](build-environment.md) which can be used in combination with a [config managment plugin](../operator-manual/config-management-plugins.md) to alter the rendered manifests. You can use these build environment variables in your Argo CD Application manifests. You can enable this by setting `.spec.source.kustomize.commonAnnotationsEnvsubst` to `true` in your Application manifest. diff --git a/docs/user-guide/status-badge.md b/docs/user-guide/status-badge.md index a933a751d2550..3363227997309 100644 --- a/docs/user-guide/status-badge.md +++ b/docs/user-guide/status-badge.md @@ -14,45 +14,7 @@ The URLs for status image are available on application details page: for the status image URL in markdown, html, etc are available . 4. Copy the text and paste it into your README or website. -## Additional query parameters options -### showAppName -Display the application name in the status badge. +The application name may optionally be displayed in the status badge by adding the `?showAppName=true` query parameter. -Available values: `true/false` - -Default value: `false` - -Example: `&showAppName=true` - -### revision -Display revision targeted by the application. - -It will also extend the badge width to 192px. - -Available values: `true/false` - -Default value: `false` - -Example: `&revision=true` -### keepFullRevision -By default, displayed revision is truncated to 7 characters. - -This parameter allows to display it fully if it exceeds that length. - -It will also extend the badge width to 400px. - -Available values: `true/false` - -Default value: `false` - -Example: `&keepFullRevision=true` -### width -Change width of the badge. - -Completely replace current calculated width. - -Available values: `integer` - -Default value: `nil` - -Example: `&width=500` \ No newline at end of file +For example, `${argoCdBaseUrl}/api/badge?name=${appName}&showAppName=true`. +To remove the application name from the badge, remove the query parameter from the URL or set it to `false`. \ No newline at end of file diff --git a/docs/user-guide/sync-kubectl.md b/docs/user-guide/sync-kubectl.md index 53700afed4f67..100ec2cdf70b1 100644 --- a/docs/user-guide/sync-kubectl.md +++ b/docs/user-guide/sync-kubectl.md @@ -38,7 +38,7 @@ operation: username: sync: syncStrategy: - hook: {} + hook: {} ``` ```bash diff --git a/go.mod b/go.mod index 486451df114b0..ef33baa591249 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.21 toolchain go1.21.0 require ( - code.gitea.io/sdk/gitea v0.18.0 + code.gitea.io/sdk/gitea v0.15.1 github.com/Azure/kubelogin v0.0.20 github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible github.com/Masterminds/semver/v3 v3.2.1 @@ -78,15 +78,15 @@ require ( github.com/valyala/fasttemplate v1.2.2 github.com/xanzy/go-gitlab v0.91.1 github.com/yuin/gopher-lua v1.1.0 - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 go.opentelemetry.io/otel v1.21.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 go.opentelemetry.io/otel/sdk v1.21.0 - golang.org/x/crypto v0.22.0 + golang.org/x/crypto v0.19.0 golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 golang.org/x/oauth2 v0.11.0 golang.org/x/sync v0.3.0 - golang.org/x/term v0.19.0 + golang.org/x/term v0.17.0 google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d google.golang.org/grpc v1.59.0 google.golang.org/protobuf v1.33.0 @@ -129,8 +129,6 @@ require ( github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect github.com/aws/smithy-go v1.19.0 // indirect - github.com/davidmz/go-pageant v1.0.2 // indirect - github.com/go-fed/httpsig v1.1.0 // indirect github.com/golang-jwt/jwt v3.2.2+incompatible // indirect github.com/google/s2a-go v0.1.4 // indirect github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect @@ -210,7 +208,7 @@ require ( github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-version v1.6.0 // indirect + github.com/hashicorp/go-version v1.2.1 // indirect github.com/huandu/xstrings v1.3.3 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/itchyny/timefmt-go v0.1.5 // indirect @@ -269,8 +267,8 @@ require ( go.opentelemetry.io/proto/otlp v1.0.0 // indirect go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd // indirect golang.org/x/mod v0.12.0 // indirect - golang.org/x/net v0.23.0 - golang.org/x/sys v0.19.0 // indirect + golang.org/x/net v0.19.0 + golang.org/x/sys v0.17.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 golang.org/x/tools v0.13.0 // indirect @@ -302,6 +300,9 @@ replace ( github.com/golang/protobuf => github.com/golang/protobuf v1.5.4 github.com/grpc-ecosystem/grpc-gateway => github.com/grpc-ecosystem/grpc-gateway v1.16.0 + // Avoid CVE-2023-46402 + github.com/whilp/git-urls => github.com/chainguard-dev/git-urls v1.0.2 + // Avoid CVE-2022-3064 gopkg.in/yaml.v2 => gopkg.in/yaml.v2 v2.4.0 diff --git a/go.sum b/go.sum index c8b733a32fd79..4517cdc08744e 100644 --- a/go.sum +++ b/go.sum @@ -597,8 +597,9 @@ cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoIS cloud.google.com/go/workflows v1.8.0/go.mod h1:ysGhmEajwZxGn1OhGOGKsTXc5PyxOc0vfKf5Af+to4M= cloud.google.com/go/workflows v1.9.0/go.mod h1:ZGkj1aFIOd9c8Gerkjjq7OW7I5+l6cSvT3ujaO/WwSA= cloud.google.com/go/workflows v1.10.0/go.mod h1:fZ8LmRmZQWacon9UCX1r/g/DfAXx5VcPALq2CxzdePw= -code.gitea.io/sdk/gitea v0.18.0 h1:+zZrwVmujIrgobt6wVBWCqITz6bn1aBjnCUHmpZrerI= -code.gitea.io/sdk/gitea v0.18.0/go.mod h1:IG9xZJoltDNeDSW0qiF2Vqx5orMWa7OhVWrjvrd5NpI= +code.gitea.io/gitea-vet v0.2.1/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE= +code.gitea.io/sdk/gitea v0.15.1 h1:WJreC7YYuxbn0UDaPuWIe/mtiNKTvLN8MLkaw71yx/M= +code.gitea.io/sdk/gitea v0.15.1/go.mod h1:klY2LVI3s3NChzIk/MzMn7G1FHrfU7qd63iSMVoHRBA= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= @@ -833,8 +834,6 @@ github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxG github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davidmz/go-pageant v1.0.2 h1:bPblRCh5jGU+Uptpz6LgMZGD5hJoOt7otgT454WvHn0= -github.com/davidmz/go-pageant v1.0.2/go.mod h1:P2EDDnMqIwG5Rrp05dTRITj9z2zpGcD9efWSkTNKLIE= github.com/deckarep/golang-set v1.7.1/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ= github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f h1:U5y3Y5UE0w7amNe7Z5G/twsBW0KEalRQXZzf8ufSh9I= github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f/go.mod h1:xH/i4TFMt8koVQZ6WFms69WAsDWr2XsYL3Hkl7jkoLE= @@ -923,8 +922,6 @@ github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY= github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4= github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= -github.com/go-fed/httpsig v1.1.0 h1:9M+hb0jkEICD8/cAiNqEB66R87tTINszBRTjwjQzWcI= -github.com/go-fed/httpsig v1.1.0/go.mod h1:RCMrTZvN1bJYtofsG4rd5NaO5obxQ5xBkdiS7xsT7bM= github.com/go-fonts/dejavu v0.1.0/go.mod h1:4Wt4I4OU2Nq9asgDCteaAaWZOV24E+0/Pwo0gppep4g= github.com/go-fonts/latin-modern v0.2.0/go.mod h1:rQVLdDMK+mK1xscDwsqM5J8U2jrRa3T0ecnM9pNujks= github.com/go-fonts/liberation v0.1.1/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY= @@ -1256,8 +1253,8 @@ github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdv github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= -github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI= +github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -1749,8 +1746,8 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 h1:ZOLJc06r4CB42laIXg/7udr0pbZyuAihN10A/XuiQRY= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0/go.mod h1:5z+/ZWJQKXa9YT34fQNx5K8Hd1EoIhvtUygUQPqEOgQ= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 h1:SpGay3w+nEwMpfVnbqOLH5gY52/foP8RE8UzTZ1pdSE= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1/go.mod h1:4UoMYEZOC0yN/sPGH76KPkkU7zgiEWYWL9vwmbnTJPE= go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc= go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 h1:cl5P5/GIfFh4t6xyruOgJP5QiA1pw4fYYdv6nc6CBWw= @@ -1802,7 +1799,6 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= -golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= @@ -1818,9 +1814,8 @@ golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45 golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= -golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1966,8 +1961,8 @@ golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= -golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= +golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2139,9 +2134,8 @@ golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -2156,9 +2150,8 @@ golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= -golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= -golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2236,6 +2229,7 @@ golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapK golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200325010219-a49f79bcc224/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= diff --git a/hack/gen-crd-spec/main.go b/hack/gen-crd-spec/main.go index 283752f8e881c..e7dcd658ef26a 100644 --- a/hack/gen-crd-spec/main.go +++ b/hack/gen-crd-spec/main.go @@ -2,7 +2,6 @@ package main import ( "encoding/json" - "errors" "fmt" "os" "os/exec" @@ -28,6 +27,7 @@ func getCustomResourceDefinitions() map[string]*extensionsobj.CustomResourceDefi crdYamlBytes, err := exec.Command( "controller-gen", "paths=./pkg/apis/application/...", + "crd:trivialVersions=true", "crd:crdVersions=v1", "output:crd:stdout", ).Output() @@ -117,10 +117,6 @@ func removeDescription(v interface{}) { func checkErr(err error) { if err != nil { - var execError *exec.ExitError - if errors.As(err, &execError) { - fmt.Println(string(execError.Stderr)) - } panic(err) } } diff --git a/hack/installers/checksums/helm-v3.14.4-darwin-amd64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.14.4-darwin-amd64.tar.gz.sha256 new file mode 100644 index 0000000000000..a17a4f14d364d --- /dev/null +++ b/hack/installers/checksums/helm-v3.14.4-darwin-amd64.tar.gz.sha256 @@ -0,0 +1 @@ +73434aeac36ad068ce2e5582b8851a286dc628eae16494a26e2ad0b24a7199f9 helm-v3.14.4-darwin-amd64.tar.gz diff --git a/hack/installers/checksums/helm-v3.14.4-darwin-arm64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.14.4-darwin-arm64.tar.gz.sha256 new file mode 100644 index 0000000000000..0eaa6ab9a823b --- /dev/null +++ b/hack/installers/checksums/helm-v3.14.4-darwin-arm64.tar.gz.sha256 @@ -0,0 +1 @@ +61e9c5455f06b2ad0a1280975bf65892e707adc19d766b0cf4e9006e3b7b4b6c helm-v3.14.4-darwin-arm64.tar.gz diff --git a/hack/installers/checksums/helm-v3.14.4-linux-amd64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.14.4-linux-amd64.tar.gz.sha256 new file mode 100644 index 0000000000000..de8a7a596ea6a --- /dev/null +++ b/hack/installers/checksums/helm-v3.14.4-linux-amd64.tar.gz.sha256 @@ -0,0 +1 @@ +a5844ef2c38ef6ddf3b5a8f7d91e7e0e8ebc39a38bb3fc8013d629c1ef29c259 helm-v3.14.4-linux-amd64.tar.gz diff --git a/hack/installers/checksums/helm-v3.14.4-linux-arm64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.14.4-linux-arm64.tar.gz.sha256 new file mode 100644 index 0000000000000..f10ab40830331 --- /dev/null +++ b/hack/installers/checksums/helm-v3.14.4-linux-arm64.tar.gz.sha256 @@ -0,0 +1 @@ +113ccc53b7c57c2aba0cd0aa560b5500841b18b5210d78641acfddc53dac8ab2 helm-v3.14.4-linux-arm64.tar.gz diff --git a/hack/installers/checksums/helm-v3.14.4-linux-ppc64le.tar.gz.sha256 b/hack/installers/checksums/helm-v3.14.4-linux-ppc64le.tar.gz.sha256 new file mode 100644 index 0000000000000..7a84560c18fe4 --- /dev/null +++ b/hack/installers/checksums/helm-v3.14.4-linux-ppc64le.tar.gz.sha256 @@ -0,0 +1 @@ +d0d625b43f6650ad376428520b2238baa2400bfedb43b2e0f24ad7247f0f59b5 helm-v3.14.4-linux-ppc64le.tar.gz diff --git a/hack/installers/checksums/helm-v3.14.4-linux-s390x.tar.gz.sha256 b/hack/installers/checksums/helm-v3.14.4-linux-s390x.tar.gz.sha256 new file mode 100644 index 0000000000000..869e43aecfebf --- /dev/null +++ b/hack/installers/checksums/helm-v3.14.4-linux-s390x.tar.gz.sha256 @@ -0,0 +1 @@ +a5750d0cb1ba34ce84ab3be6382a14617130661d15dd2aa1b36630b293437936 helm-v3.14.4-linux-s390x.tar.gz diff --git a/hack/installers/install-codegen-go-tools.sh b/hack/installers/install-codegen-go-tools.sh index 373d6977d127a..6c9775ff46274 100755 --- a/hack/installers/install-codegen-go-tools.sh +++ b/hack/installers/install-codegen-go-tools.sh @@ -45,7 +45,7 @@ go_mod_install k8s.io/code-generator/cmd/lister-gen go_mod_install k8s.io/kube-openapi/cmd/openapi-gen # controller-gen is run by ./hack/gen-crd-spec to generate the CRDs -go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.14.0 +go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.4.1 # swagger cli is used to generate swagger docs go install github.com/go-swagger/go-swagger/cmd/swagger@v0.28.0 diff --git a/hack/snyk-report.sh b/hack/snyk-report.sh index 8147c3bba3bc4..074f218289c43 100755 --- a/hack/snyk-report.sh +++ b/hack/snyk-report.sh @@ -37,8 +37,8 @@ git clone https://github.com/argoproj/argo-cd.git cd argo-cd git checkout master -minor_version=$(git tag -l | sort -V | tail -n 1 | grep -Eo '[0-9]+\.[0-9]+') -patch_num=$(git tag -l | grep "v$minor_version." | grep -o "[a-z[:digit:]-]*$" | sort -V | tail -n 1) +minor_version=$(git tag -l | sort -g | tail -n 1 | grep -Eo '[0-9]+\.[0-9]+') +patch_num=$(git tag -l | grep "v$minor_version." | grep -o "[a-z[:digit:]-]*$" | sort -g | tail -n 1) version="v$minor_version.$patch_num" versions="master " @@ -54,7 +54,7 @@ for i in $(seq "$version_count"); do minor_num=$(printf '%s' "$minor_version" | sed -E 's/[0-9]+\.//') minor_num=$((minor_num-1)) minor_version=$(printf '%s' "$minor_version" | sed -E "s/\.[0-9]+$/.$minor_num/g") - patch_num=$(git tag -l | grep "v$minor_version." | grep -o "[a-z[:digit:]-]*$" | sort -V | tail -n 1) + patch_num=$(git tag -l | grep "v$minor_version." | grep -o "[a-z[:digit:]-]*$" | sort -g | tail -n 1) version="v$minor_version.$patch_num" done diff --git a/hack/tool-versions.sh b/hack/tool-versions.sh index e87dc54590afd..a49285c88000d 100644 --- a/hack/tool-versions.sh +++ b/hack/tool-versions.sh @@ -11,7 +11,7 @@ # Use ./hack/installers/checksums/add-helm-checksums.sh and # add-kustomize-checksums.sh to help download checksums. ############################################################################### -helm3_version=3.14.3 +helm3_version=3.14.4 kubectl_version=1.17.8 kubectx_version=0.6.3 kustomize5_version=5.2.1 diff --git a/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml b/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml index 68dd75de2f47f..815e4123d05e3 100644 --- a/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml +++ b/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml @@ -20,6 +20,11 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: diff --git a/manifests/base/application-controller/argocd-application-controller-statefulset.yaml b/manifests/base/application-controller/argocd-application-controller-statefulset.yaml index 7b6302a09c449..2219f5f9b4731 100644 --- a/manifests/base/application-controller/argocd-application-controller-statefulset.yaml +++ b/manifests/base/application-controller/argocd-application-controller-statefulset.yaml @@ -21,6 +21,11 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_CONTROLLER_REPLICAS value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT diff --git a/manifests/base/kustomization.yaml b/manifests/base/kustomization.yaml index e80274cddc620..ef54af86025e7 100644 --- a/manifests/base/kustomization.yaml +++ b/manifests/base/kustomization.yaml @@ -5,7 +5,7 @@ kind: Kustomization images: - name: quay.io/argoproj/argocd newName: quay.io/argoproj/argocd - newTag: latest + newTag: v2.11.2 resources: - ./application-controller - ./dex diff --git a/manifests/base/redis/argocd-redis-deployment.yaml b/manifests/base/redis/argocd-redis-deployment.yaml index bcbe729ac6d00..a2951694ed7d7 100644 --- a/manifests/base/redis/argocd-redis-deployment.yaml +++ b/manifests/base/redis/argocd-redis-deployment.yaml @@ -15,6 +15,23 @@ spec: labels: app.kubernetes.io/name: argocd-redis spec: + initContainers: + - command: + - argocd + - admin + - redis-initial-password + image: quay.io/argoproj/argocd:latest + imagePullPolicy: IfNotPresent + name: secret-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault securityContext: runAsNonRoot: true runAsUser: 999 @@ -23,13 +40,20 @@ spec: serviceAccountName: argocd-redis containers: - name: redis - image: redis:7.0.15-alpine + image: redis:7.0.14-alpine imagePullPolicy: Always args: - "--save" - "" - "--appendonly" - "no" + - --requirepass $(REDIS_PASSWORD) + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis ports: - containerPort: 6379 securityContext: diff --git a/manifests/base/redis/argocd-redis-network-policy.yaml b/manifests/base/redis/argocd-redis-network-policy.yaml index 837b3e0424502..1454874742240 100644 --- a/manifests/base/redis/argocd-redis-network-policy.yaml +++ b/manifests/base/redis/argocd-redis-network-policy.yaml @@ -8,7 +8,6 @@ spec: app.kubernetes.io/name: argocd-redis policyTypes: - Ingress - - Egress ingress: - from: - podSelector: @@ -23,9 +22,3 @@ spec: ports: - protocol: TCP port: 6379 - egress: - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP diff --git a/manifests/base/redis/argocd-redis-role.yaml b/manifests/base/redis/argocd-redis-role.yaml new file mode 100644 index 0000000000000..a7a33f48a4c11 --- /dev/null +++ b/manifests/base/redis/argocd-redis-role.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +rules: + - apiGroups: + - "" + resources: + - secrets + resourceNames: + - argocd-redis + verbs: + - get + - apiGroups: + - "" + resources: + - secrets + verbs: + - create \ No newline at end of file diff --git a/manifests/base/redis/argocd-redis-rolebinding.yaml b/manifests/base/redis/argocd-redis-rolebinding.yaml new file mode 100644 index 0000000000000..f396914dffdca --- /dev/null +++ b/manifests/base/redis/argocd-redis-rolebinding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-redis +subjects: + - kind: ServiceAccount + name: argocd-redis \ No newline at end of file diff --git a/manifests/base/redis/kustomization.yaml b/manifests/base/redis/kustomization.yaml index 4a0b64c4da6a8..f13b17e134234 100644 --- a/manifests/base/redis/kustomization.yaml +++ b/manifests/base/redis/kustomization.yaml @@ -6,3 +6,5 @@ resources: - argocd-redis-sa.yaml - argocd-redis-service.yaml - argocd-redis-network-policy.yaml +- argocd-redis-role.yaml +- argocd-redis-rolebinding.yaml diff --git a/manifests/base/repo-server/argocd-repo-server-deployment.yaml b/manifests/base/repo-server/argocd-repo-server-deployment.yaml index 051e66027ec11..971b7a21c2151 100644 --- a/manifests/base/repo-server/argocd-repo-server-deployment.yaml +++ b/manifests/base/repo-server/argocd-repo-server-deployment.yaml @@ -24,6 +24,11 @@ spec: args: - /usr/local/bin/argocd-repo-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -198,12 +203,6 @@ spec: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true - - name: ARGOCD_GRPC_MAX_SIZE_MB - valueFrom: - configMapKeyRef: - key: reposerver.grpc.max.size - name: argocd-cmd-params-cm - optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME diff --git a/manifests/base/server/argocd-server-deployment.yaml b/manifests/base/server/argocd-server-deployment.yaml index 0ebeb70e08531..1107323b2e3b9 100644 --- a/manifests/base/server/argocd-server-deployment.yaml +++ b/manifests/base/server/argocd-server-deployment.yaml @@ -23,6 +23,11 @@ spec: args: - /usr/local/bin/argocd-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index 946afb8a8ac3c..555d6a82acc68 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -35,19 +35,14 @@ spec: description: Application is a definition of Application resource. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -145,21 +140,22 @@ spec: type: object type: array revision: - description: |- - Revision is the revision (Git) or chart version (Helm) which to sync the application to - If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version (Helm) + which to sync the application to If omitted, will use the revision + specified in app spec. type: string revisions: - description: |- - Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to - If omitted, will use the revision specified in app spec. + description: Revisions is the list of revision (Git) or chart + version (Helm) which to sync each source in sources field for + the application to If omitted, will use the revision specified + in app spec. items: type: string type: array source: - description: |- - Source overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Source overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must be specified @@ -480,18 +476,18 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be + commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: |- - Sources overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Sources overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -819,10 +815,11 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -841,10 +838,10 @@ spec: the sync. properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force flag + deletes and re-create the resource, when PATCH encounters + conflict and has retried for 5 times. type: boolean type: object hook: @@ -852,10 +849,10 @@ spec: perform the sync. This is the default strategy properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force flag + deletes and re-create the resource, when PATCH encounters + conflict and has retried for 5 times. type: boolean type: object type: object @@ -876,9 +873,9 @@ spec: not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. The namespace will only be set for + namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -907,9 +904,10 @@ spec: kind: type: string managedFieldsManagers: - description: |- - ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the - desired state defined in the SCM and won't be displayed in diffs + description: ManagedFieldsManagers is a list of trusted managers. + Fields mutated by those managers will take precedence over + the desired state defined in the SCM and won't be displayed + in diffs items: type: string type: array @@ -936,17 +934,18 @@ spec: type: object type: array project: - description: |- - Project is a reference to the project this application belongs to. - The empty string means that application belongs to the 'default' project. + description: Project is a reference to the project this application + belongs to. The empty string means that application belongs to the + 'default' project. type: string revisionHistoryLimit: - description: |- - RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. - This should only be changed in exceptional circumstances. - Setting to zero will store no history. This will reduce storage used. - Increasing will increase the space used to store the history, so we do not recommend increasing it. - Default is 10. + description: RevisionHistoryLimit limits the number of items kept + in the application's revision history, which is used for informational + purposes as well as for rollbacks to previous versions. This should + only be changed in exceptional circumstances. Setting to zero will + store no history. This will reduce storage used. Increasing will + increase the space used to store the history, so we do not recommend + increasing it. Default is 10. format: int64 type: integer source: @@ -1265,10 +1264,10 @@ spec: that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. type: string required: - repoURL @@ -1597,10 +1596,10 @@ spec: that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of + Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2093,10 +2092,11 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -2438,10 +2438,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -2453,9 +2454,9 @@ spec: type: object type: array observedAt: - description: |- - ObservedAt indicates when the application state was updated without querying latest git state - Deprecated: controller no longer updates ObservedAt field + description: 'ObservedAt indicates when the application state was + updated without querying latest git state Deprecated: controller + no longer updates ObservedAt field' format: date-time type: string operationState: @@ -2568,21 +2569,22 @@ spec: type: object type: array revision: - description: |- - Revision is the revision (Git) or chart version (Helm) which to sync the application to - If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version + (Helm) which to sync the application to If omitted, + will use the revision specified in app spec. type: string revisions: - description: |- - Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to - If omitted, will use the revision specified in app spec. + description: Revisions is the list of revision (Git) or + chart version (Helm) which to sync each source in sources + field for the application to If omitted, will use the + revision specified in app spec. items: type: string type: array source: - description: |- - Source overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Source overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must @@ -2925,18 +2927,19 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL type: object sources: - description: |- - Sources overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Sources overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -3287,10 +3290,11 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision + of the source to sync the application to. In case + of Git, this can be commit, tag, or branch. If + omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. type: string required: - repoURL @@ -3311,10 +3315,11 @@ spec: to perform the sync. properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to + supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, + when PATCH encounters conflict and has retried + for 5 times. type: boolean type: object hook: @@ -3322,10 +3327,11 @@ spec: to perform the sync. This is the default strategy properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to + supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, + when PATCH encounters conflict and has retried + for 5 times. type: boolean type: object type: object @@ -3369,9 +3375,9 @@ spec: description: Group specifies the API group of the resource type: string hookPhase: - description: |- - HookPhase contains the state of any operation associated with this resource OR hook - This can also contain values for non-hook resources. + description: HookPhase contains the state of any operation + associated with this resource OR hook This can also + contain values for non-hook resources. type: string hookType: description: HookType specifies the type of the hook. @@ -3756,10 +3762,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -4110,10 +4117,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL @@ -4140,9 +4148,8 @@ spec: description: Resources is a list of Kubernetes resources managed by this application items: - description: |- - ResourceStatus holds the current sync and health status of a resource - TODO: describe members of this type + description: 'ResourceStatus holds the current sync and health status + of a resource TODO: describe members of this type' properties: group: type: string @@ -4225,9 +4232,10 @@ spec: if Server is not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace + for the application's resources. The namespace will + only be set for namespace-scoped resources that have + not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -4256,9 +4264,10 @@ spec: kind: type: string managedFieldsManagers: - description: |- - ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the - desired state defined in the SCM and won't be displayed in diffs + description: ManagedFieldsManagers is a list of trusted + managers. Fields mutated by those managers will take + precedence over the desired state defined in the SCM + and won't be displayed in diffs items: type: string type: array @@ -4604,10 +4613,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -4958,10 +4968,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL @@ -5058,7 +5069,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -5655,7 +5665,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -7418,7 +7427,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -8015,7 +8023,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -11881,7 +11888,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array template: @@ -12478,7 +12484,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -13075,7 +13080,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -16941,7 +16945,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array mergeKeys: @@ -19642,7 +19645,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array goTemplate: @@ -20329,37 +20331,6 @@ spec: - type type: object type: array - resources: - items: - properties: - group: - type: string - health: - properties: - message: - type: string - status: - type: string - type: object - hook: - type: boolean - kind: - type: string - name: - type: string - namespace: - type: string - requiresPruning: - type: boolean - status: - type: string - syncWave: - format: int64 - type: integer - version: - type: string - type: object - type: array type: object required: - metadata @@ -20392,28 +20363,22 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: |- - AppProject provides a logical grouping of applications, providing controls for: - * where the apps may deploy to (cluster whitelist) - * what may be deployed (repository whitelist, resource whitelist/blacklist) - * who can access these applications (roles, OIDC group claims bindings) - * and what they can do (RBAC policies) - * automation access to these roles (JWT tokens) + description: 'AppProject provides a logical grouping of applications, providing + controls for: * where the apps may deploy to (cluster whitelist) * what + may be deployed (repository whitelist, resource whitelist/blacklist) * who + can access these applications (roles, OIDC group claims bindings) * and + what they can do (RBAC policies) * automation access to these roles (JWT + tokens)' properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -20424,9 +20389,9 @@ spec: description: ClusterResourceBlacklist contains list of blacklisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20441,9 +20406,9 @@ spec: description: ClusterResourceWhitelist contains list of whitelisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20470,9 +20435,9 @@ spec: not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. The namespace will only be set for + namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -20485,9 +20450,9 @@ spec: description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20502,9 +20467,9 @@ spec: description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20851,6 +20816,30 @@ rules: - watch --- apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +rules: +- apiGroups: + - "" + resourceNames: + - argocd-redis + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: @@ -20903,6 +20892,22 @@ subjects: name: argocd-applicationset-controller --- apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-redis +subjects: +- kind: ServiceAccount + name: argocd-redis +--- +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: @@ -21219,7 +21224,7 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: argocd-applicationset-controller ports: @@ -21314,7 +21319,14 @@ spec: - "" - --appendonly - "no" - image: redis:7.0.15-alpine + - --requirepass $(REDIS_PASSWORD) + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.14-alpine imagePullPolicy: Always name: redis ports: @@ -21325,6 +21337,23 @@ spec: drop: - ALL readOnlyRootFilesystem: true + initContainers: + - command: + - argocd + - admin + - redis-initial-password + image: quay.io/argoproj/argocd:v2.11.2 + imagePullPolicy: IfNotPresent + name: secret-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault securityContext: runAsNonRoot: true runAsUser: 999 @@ -21369,6 +21398,11 @@ spec: - args: - /usr/local/bin/argocd-repo-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -21543,19 +21577,13 @@ spec: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true - - name: ARGOCD_GRPC_MAX_SIZE_MB - valueFrom: - configMapKeyRef: - key: reposerver.grpc.max.size - name: argocd-cmd-params-cm - optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -21607,7 +21635,7 @@ spec: - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 name: copyutil securityContext: allowPrivilegeEscalation: false @@ -21692,6 +21720,11 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_CONTROLLER_REPLICAS value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT @@ -21874,7 +21907,7 @@ spec: key: controller.ignore.normalizer.jq.timeout name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: argocd-application-controller ports: @@ -21956,12 +21989,6 @@ kind: NetworkPolicy metadata: name: argocd-redis-network-policy spec: - egress: - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP ingress: - from: - podSelector: @@ -21981,7 +22008,6 @@ spec: app.kubernetes.io/name: argocd-redis policyTypes: - Ingress - - Egress --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy diff --git a/manifests/core-install/kustomization.yaml b/manifests/core-install/kustomization.yaml index 07a82b3707700..f0ac65d0f7dfb 100644 --- a/manifests/core-install/kustomization.yaml +++ b/manifests/core-install/kustomization.yaml @@ -12,4 +12,4 @@ resources: images: - name: quay.io/argoproj/argocd newName: quay.io/argoproj/argocd - newTag: latest + newTag: v2.11.2 diff --git a/manifests/crds/application-crd.yaml b/manifests/crds/application-crd.yaml index 6b67f460587e5..aaf1347f64dfb 100644 --- a/manifests/crds/application-crd.yaml +++ b/manifests/crds/application-crd.yaml @@ -34,19 +34,14 @@ spec: description: Application is a definition of Application resource. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -144,21 +139,22 @@ spec: type: object type: array revision: - description: |- - Revision is the revision (Git) or chart version (Helm) which to sync the application to - If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version (Helm) + which to sync the application to If omitted, will use the revision + specified in app spec. type: string revisions: - description: |- - Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to - If omitted, will use the revision specified in app spec. + description: Revisions is the list of revision (Git) or chart + version (Helm) which to sync each source in sources field for + the application to If omitted, will use the revision specified + in app spec. items: type: string type: array source: - description: |- - Source overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Source overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must be specified @@ -479,18 +475,18 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be + commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: |- - Sources overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Sources overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -818,10 +814,11 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -840,10 +837,10 @@ spec: the sync. properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force flag + deletes and re-create the resource, when PATCH encounters + conflict and has retried for 5 times. type: boolean type: object hook: @@ -851,10 +848,10 @@ spec: perform the sync. This is the default strategy properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force flag + deletes and re-create the resource, when PATCH encounters + conflict and has retried for 5 times. type: boolean type: object type: object @@ -875,9 +872,9 @@ spec: not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. The namespace will only be set for + namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -906,9 +903,10 @@ spec: kind: type: string managedFieldsManagers: - description: |- - ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the - desired state defined in the SCM and won't be displayed in diffs + description: ManagedFieldsManagers is a list of trusted managers. + Fields mutated by those managers will take precedence over + the desired state defined in the SCM and won't be displayed + in diffs items: type: string type: array @@ -935,17 +933,18 @@ spec: type: object type: array project: - description: |- - Project is a reference to the project this application belongs to. - The empty string means that application belongs to the 'default' project. + description: Project is a reference to the project this application + belongs to. The empty string means that application belongs to the + 'default' project. type: string revisionHistoryLimit: - description: |- - RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. - This should only be changed in exceptional circumstances. - Setting to zero will store no history. This will reduce storage used. - Increasing will increase the space used to store the history, so we do not recommend increasing it. - Default is 10. + description: RevisionHistoryLimit limits the number of items kept + in the application's revision history, which is used for informational + purposes as well as for rollbacks to previous versions. This should + only be changed in exceptional circumstances. Setting to zero will + store no history. This will reduce storage used. Increasing will + increase the space used to store the history, so we do not recommend + increasing it. Default is 10. format: int64 type: integer source: @@ -1264,10 +1263,10 @@ spec: that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. type: string required: - repoURL @@ -1596,10 +1595,10 @@ spec: that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of + Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2092,10 +2091,11 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -2437,10 +2437,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -2452,9 +2453,9 @@ spec: type: object type: array observedAt: - description: |- - ObservedAt indicates when the application state was updated without querying latest git state - Deprecated: controller no longer updates ObservedAt field + description: 'ObservedAt indicates when the application state was + updated without querying latest git state Deprecated: controller + no longer updates ObservedAt field' format: date-time type: string operationState: @@ -2567,21 +2568,22 @@ spec: type: object type: array revision: - description: |- - Revision is the revision (Git) or chart version (Helm) which to sync the application to - If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version + (Helm) which to sync the application to If omitted, + will use the revision specified in app spec. type: string revisions: - description: |- - Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to - If omitted, will use the revision specified in app spec. + description: Revisions is the list of revision (Git) or + chart version (Helm) which to sync each source in sources + field for the application to If omitted, will use the + revision specified in app spec. items: type: string type: array source: - description: |- - Source overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Source overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must @@ -2924,18 +2926,19 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL type: object sources: - description: |- - Sources overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Sources overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -3286,10 +3289,11 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision + of the source to sync the application to. In case + of Git, this can be commit, tag, or branch. If + omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. type: string required: - repoURL @@ -3310,10 +3314,11 @@ spec: to perform the sync. properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to + supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, + when PATCH encounters conflict and has retried + for 5 times. type: boolean type: object hook: @@ -3321,10 +3326,11 @@ spec: to perform the sync. This is the default strategy properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to + supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, + when PATCH encounters conflict and has retried + for 5 times. type: boolean type: object type: object @@ -3368,9 +3374,9 @@ spec: description: Group specifies the API group of the resource type: string hookPhase: - description: |- - HookPhase contains the state of any operation associated with this resource OR hook - This can also contain values for non-hook resources. + description: HookPhase contains the state of any operation + associated with this resource OR hook This can also + contain values for non-hook resources. type: string hookType: description: HookType specifies the type of the hook. @@ -3755,10 +3761,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -4109,10 +4116,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL @@ -4139,9 +4147,8 @@ spec: description: Resources is a list of Kubernetes resources managed by this application items: - description: |- - ResourceStatus holds the current sync and health status of a resource - TODO: describe members of this type + description: 'ResourceStatus holds the current sync and health status + of a resource TODO: describe members of this type' properties: group: type: string @@ -4224,9 +4231,10 @@ spec: if Server is not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace + for the application's resources. The namespace will + only be set for namespace-scoped resources that have + not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -4255,9 +4263,10 @@ spec: kind: type: string managedFieldsManagers: - description: |- - ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the - desired state defined in the SCM and won't be displayed in diffs + description: ManagedFieldsManagers is a list of trusted + managers. Fields mutated by those managers will take + precedence over the desired state defined in the SCM + and won't be displayed in diffs items: type: string type: array @@ -4603,10 +4612,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -4957,10 +4967,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL diff --git a/manifests/crds/applicationset-crd.yaml b/manifests/crds/applicationset-crd.yaml index b0ea7bb05d9c0..2668052f431a0 100644 --- a/manifests/crds/applicationset-crd.yaml +++ b/manifests/crds/applicationset-crd.yaml @@ -61,7 +61,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -658,7 +657,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -2421,7 +2419,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -3018,7 +3015,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -6884,7 +6880,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array template: @@ -7481,7 +7476,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -8078,7 +8072,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -11944,7 +11937,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array mergeKeys: @@ -14645,7 +14637,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array goTemplate: @@ -15332,37 +15323,6 @@ spec: - type type: object type: array - resources: - items: - properties: - group: - type: string - health: - properties: - message: - type: string - status: - type: string - type: object - hook: - type: boolean - kind: - type: string - name: - type: string - namespace: - type: string - requiresPruning: - type: boolean - status: - type: string - syncWave: - format: int64 - type: integer - version: - type: string - type: object - type: array type: object required: - metadata diff --git a/manifests/crds/appproject-crd.yaml b/manifests/crds/appproject-crd.yaml index 2ebe3c2f4e325..989b3004892f6 100644 --- a/manifests/crds/appproject-crd.yaml +++ b/manifests/crds/appproject-crd.yaml @@ -20,28 +20,22 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: |- - AppProject provides a logical grouping of applications, providing controls for: - * where the apps may deploy to (cluster whitelist) - * what may be deployed (repository whitelist, resource whitelist/blacklist) - * who can access these applications (roles, OIDC group claims bindings) - * and what they can do (RBAC policies) - * automation access to these roles (JWT tokens) + description: 'AppProject provides a logical grouping of applications, providing + controls for: * where the apps may deploy to (cluster whitelist) * what + may be deployed (repository whitelist, resource whitelist/blacklist) * who + can access these applications (roles, OIDC group claims bindings) * and + what they can do (RBAC policies) * automation access to these roles (JWT + tokens)' properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -52,9 +46,9 @@ spec: description: ClusterResourceBlacklist contains list of blacklisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -69,9 +63,9 @@ spec: description: ClusterResourceWhitelist contains list of whitelisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -98,9 +92,9 @@ spec: not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. The namespace will only be set for + namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -113,9 +107,9 @@ spec: description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -130,9 +124,9 @@ spec: description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string diff --git a/manifests/ha/base/kustomization.yaml b/manifests/ha/base/kustomization.yaml index ae40b96e8657e..64db612f4fc75 100644 --- a/manifests/ha/base/kustomization.yaml +++ b/manifests/ha/base/kustomization.yaml @@ -12,7 +12,7 @@ patches: images: - name: quay.io/argoproj/argocd newName: quay.io/argoproj/argocd - newTag: latest + newTag: v2.11.2 resources: - ../../base/application-controller - ../../base/applicationset-controller diff --git a/manifests/ha/base/redis-ha/argocd-redis-ha-proxy-network-policy.yaml b/manifests/ha/base/redis-ha/argocd-redis-ha-proxy-network-policy.yaml index 7732c0debdae4..89c9302e9430a 100644 --- a/manifests/ha/base/redis-ha/argocd-redis-ha-proxy-network-policy.yaml +++ b/manifests/ha/base/redis-ha/argocd-redis-ha-proxy-network-policy.yaml @@ -8,7 +8,6 @@ spec: app.kubernetes.io/name: argocd-redis-ha-haproxy policyTypes: - Ingress - - Egress ingress: - from: - podSelector: @@ -25,18 +24,4 @@ spec: protocol: TCP - port: 26379 protocol: TCP - egress: - - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-redis-ha - ports: - - port: 6379 - protocol: TCP - - port: 26379 - protocol: TCP - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP + diff --git a/manifests/ha/base/redis-ha/chart/requirements.lock b/manifests/ha/base/redis-ha/chart/requirements.lock index 9e5e9273942da..25a568b2620d4 100644 --- a/manifests/ha/base/redis-ha/chart/requirements.lock +++ b/manifests/ha/base/redis-ha/chart/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts - version: 4.22.3 -digest: sha256:ae773caf65b172bdd2216072c03ba76ef3c0383dbd1e2478934a67b9455f6a2e -generated: "2022-11-02T16:57:25.047025473-07:00" + version: 4.26.6 +digest: sha256:c363f48ea8339c4bdb7c8a2cca62aa487b69d0a52a6fe6267fbbbbc07e468abd +generated: "2024-04-10T11:02:32.957812-07:00" diff --git a/manifests/ha/base/redis-ha/chart/requirements.yaml b/manifests/ha/base/redis-ha/chart/requirements.yaml index bdcde75a60727..618eecda6ddcc 100644 --- a/manifests/ha/base/redis-ha/chart/requirements.yaml +++ b/manifests/ha/base/redis-ha/chart/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: redis-ha - version: 4.22.3 + version: 4.26.6 repository: https://dandydeveloper.github.io/charts diff --git a/manifests/ha/base/redis-ha/chart/upstream.yaml b/manifests/ha/base/redis-ha/chart/upstream.yaml index e78ed94856d91..c486cc286315d 100644 --- a/manifests/ha/base/redis-ha/chart/upstream.yaml +++ b/manifests/ha/base/redis-ha/chart/upstream.yaml @@ -9,8 +9,10 @@ metadata: labels: heritage: Helm release: argocd - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 app: argocd-redis-ha +secrets: +- name: argocd-redis --- # Source: redis-ha/charts/redis-ha/templates/redis-haproxy-serviceaccount.yaml apiVersion: v1 @@ -21,7 +23,7 @@ metadata: labels: heritage: Helm release: argocd - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 app: argocd-redis-ha --- # Source: redis-ha/charts/redis-ha/templates/redis-ha-configmap.yaml @@ -33,7 +35,7 @@ metadata: labels: heritage: Helm release: argocd - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 app: argocd-redis-ha data: redis.conf: | @@ -50,6 +52,8 @@ data: rdbcompression yes repl-diskless-sync yes save "" + requirepass replace-default-auth + masterauth replace-default-auth sentinel.conf: | dir "/data" @@ -59,6 +63,7 @@ data: sentinel failover-timeout argocd 180000 maxclients 10000 sentinel parallel-syncs argocd 5 + sentinel auth-pass argocd replace-default-auth init.sh: | echo "$(date) Start..." @@ -82,7 +87,7 @@ data: sentinel_get_master() { set +e if [ "$SENTINEL_PORT" -eq 0 ]; then - redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' else redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ @@ -191,9 +196,9 @@ data: redis_ping() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping else - redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping fi set -e } @@ -226,7 +231,7 @@ data: if [ "$SENTINEL_PORT" -eq 0 ]; then echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" - if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then echo " $(date) Failover returned with 'NOGOODSLAVE'" echo "Setting defaults for this pod.." setup_defaults @@ -345,7 +350,7 @@ data: sentinel_get_master() { set +e if [ "$SENTINEL_PORT" -eq 0 ]; then - redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' else redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ @@ -454,9 +459,9 @@ data: redis_ping() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping else - redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping fi set -e } @@ -489,7 +494,7 @@ data: if [ "$SENTINEL_PORT" -eq 0 ]; then echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" - if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then echo " $(date) Failover returned with 'NOGOODSLAVE'" echo "Setting defaults for this pod.." setup_defaults @@ -554,9 +559,9 @@ data: redis_role() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - ROLE=$(redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//') + ROLE=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//') else - ROLE=$(redis-cli -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//') + ROLE=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//') fi set -e } @@ -564,9 +569,9 @@ data: identify_redis_master() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - REDIS_MASTER=$(redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//') + REDIS_MASTER=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//') else - REDIS_MASTER=$(redis-cli -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//') + REDIS_MASTER=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//') fi set -e } @@ -576,9 +581,9 @@ data: sh /readonly-config/init.sh if [ "$REDIS_PORT" -eq 0 ]; then - echo "shutdown" | redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key + echo "shutdown" | redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key else - echo "shutdown" | redis-cli -p "${REDIS_PORT}" + echo "shutdown" | redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" fi set -e } @@ -591,6 +596,7 @@ data: identify_announce_ip done + trap "exit 0" TERM while true; do sleep 60 @@ -674,6 +680,8 @@ data: mode tcp option tcp-check tcp-check connect + tcp-check send "AUTH ${AUTH}"\r\n + tcp-check expect string +OK tcp-check send PING\r\n tcp-check expect string +PONG tcp-check send info\ replication\r\n @@ -730,6 +738,7 @@ data: get_redis_role() { is_master=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ info | grep -c 'role:master' || true @@ -766,12 +775,13 @@ metadata: labels: heritage: Helm release: argocd - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 app: argocd-redis-ha data: redis_liveness.sh: | response=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ ping @@ -784,6 +794,7 @@ data: redis_readiness.sh: | response=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ ping @@ -816,7 +827,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 rules: - apiGroups: - "" @@ -835,7 +846,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 component: argocd-redis-ha-haproxy rules: - apiGroups: @@ -855,7 +866,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 subjects: - kind: ServiceAccount name: argocd-redis-ha @@ -874,7 +885,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 component: argocd-redis-ha-haproxy subjects: - kind: ServiceAccount @@ -894,9 +905,8 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" spec: publishNotReadyAddresses: true type: ClusterIP @@ -924,9 +934,8 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" spec: publishNotReadyAddresses: true type: ClusterIP @@ -954,9 +963,8 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" spec: publishNotReadyAddresses: true type: ClusterIP @@ -984,7 +992,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 annotations: spec: type: ClusterIP @@ -1012,7 +1020,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 component: argocd-redis-ha-haproxy annotations: spec: @@ -1040,7 +1048,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 spec: strategy: type: RollingUpdate @@ -1056,12 +1064,11 @@ spec: labels: app: redis-ha-haproxy release: argocd - revision: "1" annotations: prometheus.io/port: "9101" prometheus.io/scrape: "true" prometheus.io/path: "/metrics" - checksum/config: 492a6adabb741e0cee39be9aa5155c41a4456629f862d0006a2d892dbecfbcae + checksum/config: e34e8124c38bcfd2f16e75620bbde30158686692b13bc449eecc44c51b207d54 spec: # Needed when using unmodified rbac-setup.yml @@ -1081,7 +1088,6 @@ spec: matchLabels: app: redis-ha-haproxy release: argocd - revision: "1" topologyKey: kubernetes.io/hostname initContainers: - name: config-init @@ -1119,6 +1125,12 @@ spec: runAsNonRoot: true seccompProfile: type: RuntimeDefault + env: + - name: AUTH + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth livenessProbe: httpGet: path: /healthz @@ -1167,7 +1179,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 annotations: {} spec: @@ -1183,7 +1195,7 @@ spec: template: metadata: annotations: - checksum/init-config: 69130412bda04eacad3530cb7bcf26cf121401e725e15d0959dd71a7380afe75 + checksum/init-config: 9d3c019a5ea1fd98ab5cde397d8eecd351da884f15e6ba346c607cb2446c2198 labels: release: argocd app: redis-ha @@ -1207,7 +1219,7 @@ spec: automountServiceAccountToken: false initContainers: - name: config-init - image: redis:7.0.15-alpine + image: redis:7.0.14-alpine imagePullPolicy: IfNotPresent resources: {} @@ -1231,6 +1243,11 @@ spec: value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 - name: SENTINEL_ID_2 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca + - name: AUTH + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth volumeMounts: - name: config mountPath: /readonly-config @@ -1241,12 +1258,12 @@ spec: containers: - name: redis - image: redis:7.0.15-alpine + image: redis:7.0.14-alpine imagePullPolicy: IfNotPresent command: - - redis-server + - redis-server args: - - /data/conf/redis.conf + - /data/conf/redis.conf securityContext: allowPrivilegeEscalation: false capabilities: @@ -1256,6 +1273,12 @@ spec: runAsUser: 1000 seccompProfile: type: RuntimeDefault + env: + - name: AUTH + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth livenessProbe: initialDelaySeconds: 30 periodSeconds: 15 @@ -1298,7 +1321,7 @@ spec: - /bin/sh - /readonly-config/trigger-failover-if-master.sh - name: sentinel - image: redis:7.0.15-alpine + image: redis:7.0.14-alpine imagePullPolicy: IfNotPresent command: - redis-sentinel @@ -1313,6 +1336,12 @@ spec: runAsUser: 1000 seccompProfile: type: RuntimeDefault + env: + - name: AUTH + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth livenessProbe: initialDelaySeconds: 30 periodSeconds: 15 @@ -1349,7 +1378,7 @@ spec: {} - name: split-brain-fix - image: redis:7.0.15-alpine + image: redis:7.0.14-alpine imagePullPolicy: IfNotPresent command: - sh @@ -1371,6 +1400,11 @@ spec: value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 - name: SENTINEL_ID_2 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca + - name: AUTH + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth resources: {} volumeMounts: diff --git a/manifests/ha/base/redis-ha/chart/values.yaml b/manifests/ha/base/redis-ha/chart/values.yaml index c15def91ece21..47a8c43b8c001 100644 --- a/manifests/ha/base/redis-ha/chart/values.yaml +++ b/manifests/ha/base/redis-ha/chart/values.yaml @@ -1,4 +1,7 @@ redis-ha: + auth: true + authKey: auth + existingSecret: argocd-redis persistentVolume: enabled: false redis: @@ -11,6 +14,7 @@ redis-ha: IPv6: enabled: false image: + repository: haproxy tag: 2.6.14-alpine containerSecurityContext: null timeout: @@ -20,7 +24,8 @@ redis-ha: metrics: enabled: true image: - tag: 7.0.15-alpine + repository: redis + tag: 7.0.14-alpine containerSecurityContext: null sentinel: bind: "0.0.0.0" diff --git a/manifests/ha/base/redis-ha/kustomization.yaml b/manifests/ha/base/redis-ha/kustomization.yaml index bf0c6c3dff255..0da9beb9930e8 100644 --- a/manifests/ha/base/redis-ha/kustomization.yaml +++ b/manifests/ha/base/redis-ha/kustomization.yaml @@ -20,7 +20,7 @@ patches: kind: ConfigMap name: argocd-redis-ha-configmap namespace: argocd - path: overlays/remove-namespace.yaml + path: overlays/remove-namespace.yaml - target: version: v1 group: "" @@ -34,28 +34,28 @@ patches: kind: ServiceAccount name: argocd-redis-ha-haproxy namespace: argocd - path: overlays/remove-namespace.yaml + path: overlays/remove-namespace.yaml - target: group: rbac.authorization.k8s.io version: v1 kind: Role name: argocd-redis-ha namespace: argocd - path: overlays/remove-namespace.yaml + path: overlays/remove-namespace.yaml - target: group: rbac.authorization.k8s.io version: v1 kind: Role name: argocd-redis-ha-haproxy namespace: argocd - path: overlays/remove-namespace.yaml + path: overlays/remove-namespace.yaml - target: group: rbac.authorization.k8s.io version: v1 kind: RoleBinding name: argocd-redis-ha namespace: argocd - path: overlays/remove-namespace.yaml + path: overlays/remove-namespace.yaml - target: group: rbac.authorization.k8s.io version: v1 @@ -294,3 +294,15 @@ patches: kind: StatefulSet name: argocd-redis-ha-server path: overlays/statefulset-containers-securityContext.yaml +- target: + group: rbac.authorization.k8s.io + version: v1 + kind: Role + name: argocd-redis-ha-haproxy + path: overlays/haproxy-role.yaml +- target: + group: apps + version: v1 + kind: Deployment + name: argocd-redis-ha-haproxy + path: overlays/deployment-initContainers.yaml \ No newline at end of file diff --git a/manifests/ha/base/redis-ha/overlays/deployment-initContainers.yaml b/manifests/ha/base/redis-ha/overlays/deployment-initContainers.yaml new file mode 100644 index 0000000000000..8e6ea2754a9fa --- /dev/null +++ b/manifests/ha/base/redis-ha/overlays/deployment-initContainers.yaml @@ -0,0 +1,16 @@ +- op: add + path: /spec/template/spec/initContainers/0 + value: + name: secret-init + command: [ 'argocd', 'admin', 'redis-initial-password' ] + image: quay.io/argoproj/argocd:latest + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault \ No newline at end of file diff --git a/manifests/ha/base/redis-ha/overlays/haproxy-role.yaml b/manifests/ha/base/redis-ha/overlays/haproxy-role.yaml new file mode 100644 index 0000000000000..b74a48006a977 --- /dev/null +++ b/manifests/ha/base/redis-ha/overlays/haproxy-role.yaml @@ -0,0 +1,20 @@ +- op: add + path: /rules/0 + value: + apiGroups: + - "" + resources: + - secrets + resourceNames: + - argocd-redis + verbs: + - get +- op: add + path: /rules/0 + value: + apiGroups: + - "" + resources: + - secrets + verbs: + - create \ No newline at end of file diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index c1d60412b387a..4a26535d43212 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -35,19 +35,14 @@ spec: description: Application is a definition of Application resource. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -145,21 +140,22 @@ spec: type: object type: array revision: - description: |- - Revision is the revision (Git) or chart version (Helm) which to sync the application to - If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version (Helm) + which to sync the application to If omitted, will use the revision + specified in app spec. type: string revisions: - description: |- - Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to - If omitted, will use the revision specified in app spec. + description: Revisions is the list of revision (Git) or chart + version (Helm) which to sync each source in sources field for + the application to If omitted, will use the revision specified + in app spec. items: type: string type: array source: - description: |- - Source overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Source overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must be specified @@ -480,18 +476,18 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be + commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: |- - Sources overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Sources overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -819,10 +815,11 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -841,10 +838,10 @@ spec: the sync. properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force flag + deletes and re-create the resource, when PATCH encounters + conflict and has retried for 5 times. type: boolean type: object hook: @@ -852,10 +849,10 @@ spec: perform the sync. This is the default strategy properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force flag + deletes and re-create the resource, when PATCH encounters + conflict and has retried for 5 times. type: boolean type: object type: object @@ -876,9 +873,9 @@ spec: not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. The namespace will only be set for + namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -907,9 +904,10 @@ spec: kind: type: string managedFieldsManagers: - description: |- - ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the - desired state defined in the SCM and won't be displayed in diffs + description: ManagedFieldsManagers is a list of trusted managers. + Fields mutated by those managers will take precedence over + the desired state defined in the SCM and won't be displayed + in diffs items: type: string type: array @@ -936,17 +934,18 @@ spec: type: object type: array project: - description: |- - Project is a reference to the project this application belongs to. - The empty string means that application belongs to the 'default' project. + description: Project is a reference to the project this application + belongs to. The empty string means that application belongs to the + 'default' project. type: string revisionHistoryLimit: - description: |- - RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. - This should only be changed in exceptional circumstances. - Setting to zero will store no history. This will reduce storage used. - Increasing will increase the space used to store the history, so we do not recommend increasing it. - Default is 10. + description: RevisionHistoryLimit limits the number of items kept + in the application's revision history, which is used for informational + purposes as well as for rollbacks to previous versions. This should + only be changed in exceptional circumstances. Setting to zero will + store no history. This will reduce storage used. Increasing will + increase the space used to store the history, so we do not recommend + increasing it. Default is 10. format: int64 type: integer source: @@ -1265,10 +1264,10 @@ spec: that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. type: string required: - repoURL @@ -1597,10 +1596,10 @@ spec: that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of + Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2093,10 +2092,11 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -2438,10 +2438,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -2453,9 +2454,9 @@ spec: type: object type: array observedAt: - description: |- - ObservedAt indicates when the application state was updated without querying latest git state - Deprecated: controller no longer updates ObservedAt field + description: 'ObservedAt indicates when the application state was + updated without querying latest git state Deprecated: controller + no longer updates ObservedAt field' format: date-time type: string operationState: @@ -2568,21 +2569,22 @@ spec: type: object type: array revision: - description: |- - Revision is the revision (Git) or chart version (Helm) which to sync the application to - If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version + (Helm) which to sync the application to If omitted, + will use the revision specified in app spec. type: string revisions: - description: |- - Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to - If omitted, will use the revision specified in app spec. + description: Revisions is the list of revision (Git) or + chart version (Helm) which to sync each source in sources + field for the application to If omitted, will use the + revision specified in app spec. items: type: string type: array source: - description: |- - Source overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Source overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must @@ -2925,18 +2927,19 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL type: object sources: - description: |- - Sources overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Sources overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -3287,10 +3290,11 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision + of the source to sync the application to. In case + of Git, this can be commit, tag, or branch. If + omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. type: string required: - repoURL @@ -3311,10 +3315,11 @@ spec: to perform the sync. properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to + supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, + when PATCH encounters conflict and has retried + for 5 times. type: boolean type: object hook: @@ -3322,10 +3327,11 @@ spec: to perform the sync. This is the default strategy properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to + supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, + when PATCH encounters conflict and has retried + for 5 times. type: boolean type: object type: object @@ -3369,9 +3375,9 @@ spec: description: Group specifies the API group of the resource type: string hookPhase: - description: |- - HookPhase contains the state of any operation associated with this resource OR hook - This can also contain values for non-hook resources. + description: HookPhase contains the state of any operation + associated with this resource OR hook This can also + contain values for non-hook resources. type: string hookType: description: HookType specifies the type of the hook. @@ -3756,10 +3762,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -4110,10 +4117,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL @@ -4140,9 +4148,8 @@ spec: description: Resources is a list of Kubernetes resources managed by this application items: - description: |- - ResourceStatus holds the current sync and health status of a resource - TODO: describe members of this type + description: 'ResourceStatus holds the current sync and health status + of a resource TODO: describe members of this type' properties: group: type: string @@ -4225,9 +4232,10 @@ spec: if Server is not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace + for the application's resources. The namespace will + only be set for namespace-scoped resources that have + not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -4256,9 +4264,10 @@ spec: kind: type: string managedFieldsManagers: - description: |- - ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the - desired state defined in the SCM and won't be displayed in diffs + description: ManagedFieldsManagers is a list of trusted + managers. Fields mutated by those managers will take + precedence over the desired state defined in the SCM + and won't be displayed in diffs items: type: string type: array @@ -4604,10 +4613,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -4958,10 +4968,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL @@ -5058,7 +5069,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -5655,7 +5665,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -7418,7 +7427,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -8015,7 +8023,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -11881,7 +11888,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array template: @@ -12478,7 +12484,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -13075,7 +13080,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -16941,7 +16945,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array mergeKeys: @@ -19642,7 +19645,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array goTemplate: @@ -20329,37 +20331,6 @@ spec: - type type: object type: array - resources: - items: - properties: - group: - type: string - health: - properties: - message: - type: string - status: - type: string - type: object - hook: - type: boolean - kind: - type: string - name: - type: string - namespace: - type: string - requiresPruning: - type: boolean - status: - type: string - syncWave: - format: int64 - type: integer - version: - type: string - type: object - type: array type: object required: - metadata @@ -20392,28 +20363,22 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: |- - AppProject provides a logical grouping of applications, providing controls for: - * where the apps may deploy to (cluster whitelist) - * what may be deployed (repository whitelist, resource whitelist/blacklist) - * who can access these applications (roles, OIDC group claims bindings) - * and what they can do (RBAC policies) - * automation access to these roles (JWT tokens) + description: 'AppProject provides a logical grouping of applications, providing + controls for: * where the apps may deploy to (cluster whitelist) * what + may be deployed (repository whitelist, resource whitelist/blacklist) * who + can access these applications (roles, OIDC group claims bindings) * and + what they can do (RBAC policies) * automation access to these roles (JWT + tokens)' properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -20424,9 +20389,9 @@ spec: description: ClusterResourceBlacklist contains list of blacklisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20441,9 +20406,9 @@ spec: description: ClusterResourceWhitelist contains list of whitelisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20470,9 +20435,9 @@ spec: not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. The namespace will only be set for + namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -20485,9 +20450,9 @@ spec: description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20502,9 +20467,9 @@ spec: description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20745,6 +20710,8 @@ metadata: app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha +secrets: +- name: argocd-redis --- apiVersion: v1 kind: ServiceAccount @@ -20975,6 +20942,20 @@ metadata: app.kubernetes.io/part-of: argocd name: argocd-redis-ha-haproxy rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +- apiGroups: + - "" + resourceNames: + - argocd-redis + resources: + - secrets + verbs: + - get - apiGroups: - "" resources: @@ -21419,7 +21400,7 @@ data: sentinel_get_master() { set +e if [ "$SENTINEL_PORT" -eq 0 ]; then - redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' else redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ @@ -21528,9 +21509,9 @@ data: redis_ping() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping else - redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping fi set -e } @@ -21563,7 +21544,7 @@ data: if [ "$SENTINEL_PORT" -eq 0 ]; then echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" - if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then echo " $(date) Failover returned with 'NOGOODSLAVE'" echo "Setting defaults for this pod.." setup_defaults @@ -21628,9 +21609,9 @@ data: redis_role() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - ROLE=$(redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//') + ROLE=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//') else - ROLE=$(redis-cli -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//') + ROLE=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//') fi set -e } @@ -21638,9 +21619,9 @@ data: identify_redis_master() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - REDIS_MASTER=$(redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//') + REDIS_MASTER=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//') else - REDIS_MASTER=$(redis-cli -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//') + REDIS_MASTER=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//') fi set -e } @@ -21650,9 +21631,9 @@ data: sh /readonly-config/init.sh if [ "$REDIS_PORT" -eq 0 ]; then - echo "shutdown" | redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key + echo "shutdown" | redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key else - echo "shutdown" | redis-cli -p "${REDIS_PORT}" + echo "shutdown" | redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" fi set -e } @@ -21665,6 +21646,7 @@ data: identify_announce_ip done + trap "exit 0" TERM while true; do sleep 60 @@ -21707,9 +21689,10 @@ data: decide redis backend to use\n#master\nfrontend ft_redis_master\n bind :6379 \n \ use_backend bk_redis_master\n# Check all redis servers to see if they think they are master\nbackend bk_redis_master\n mode tcp\n option tcp-check\n tcp-check - connect\n tcp-check send PING\\r\\n\n tcp-check expect string +PONG\n tcp-check - send info\\ replication\\r\\n\n tcp-check expect string role:master\n tcp-check - send QUIT\\r\\n\n tcp-check expect string +OK\n use-server R0 if { srv_is_up(R0) + connect\n tcp-check send \"AUTH ${AUTH}\"\\r\\n\n tcp-check expect string +OK\n + \ tcp-check send PING\\r\\n\n tcp-check expect string +PONG\n tcp-check send + info\\ replication\\r\\n\n tcp-check expect string role:master\n tcp-check send + QUIT\\r\\n\n tcp-check expect string +OK\n use-server R0 if { srv_is_up(R0) } { nbsrv(check_if_redis_is_master_0) ge 2 }\n server R0 argocd-redis-ha-announce-0:6379 check inter 3s fall 1 rise 1\n use-server R1 if { srv_is_up(R1) } { nbsrv(check_if_redis_is_master_1) ge 2 }\n server R1 argocd-redis-ha-announce-1:6379 check inter 3s fall 1 rise @@ -21772,7 +21755,7 @@ data: sentinel_get_master() { set +e if [ "$SENTINEL_PORT" -eq 0 ]; then - redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' else redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ @@ -21881,9 +21864,9 @@ data: redis_ping() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping else - redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping fi set -e } @@ -21916,7 +21899,7 @@ data: if [ "$SENTINEL_PORT" -eq 0 ]; then echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" - if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then echo " $(date) Failover returned with 'NOGOODSLAVE'" echo "Setting defaults for this pod.." setup_defaults @@ -22024,6 +22007,8 @@ data: rdbcompression yes repl-diskless-sync yes save "" + requirepass replace-default-auth + masterauth replace-default-auth sentinel.conf: | dir "/data" port 26379 @@ -22032,10 +22017,12 @@ data: sentinel failover-timeout argocd 180000 maxclients 10000 sentinel parallel-syncs argocd 5 + sentinel auth-pass argocd replace-default-auth trigger-failover-if-master.sh: | get_redis_role() { is_master=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ info | grep -c 'role:master' || true @@ -22075,6 +22062,7 @@ data: redis_liveness.sh: | response=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ ping @@ -22087,6 +22075,7 @@ data: redis_readiness.sh: | response=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ ping @@ -22275,8 +22264,6 @@ spec: apiVersion: v1 kind: Service metadata: - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha @@ -22301,8 +22288,6 @@ spec: apiVersion: v1 kind: Service metadata: - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha @@ -22327,8 +22312,6 @@ spec: apiVersion: v1 kind: Service metadata: - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha @@ -22582,7 +22565,7 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: argocd-applicationset-controller ports: @@ -22705,7 +22688,7 @@ spec: - -n - /usr/local/bin/argocd - /shared/argocd-dex - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: copyutil securityContext: @@ -22787,7 +22770,7 @@ spec: key: notificationscontroller.selfservice.enabled name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: tcpSocket: @@ -22845,7 +22828,7 @@ spec: template: metadata: annotations: - checksum/config: 492a6adabb741e0cee39be9aa5155c41a4456629f862d0006a2d892dbecfbcae + checksum/config: e34e8124c38bcfd2f16e75620bbde30158686692b13bc449eecc44c51b207d54 prometheus.io/path: /metrics prometheus.io/port: "9101" prometheus.io/scrape: "true" @@ -22861,7 +22844,13 @@ spec: app.kubernetes.io/name: argocd-redis-ha-haproxy topologyKey: kubernetes.io/hostname containers: - - image: haproxy:2.6.14-alpine + - env: + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: @@ -22896,6 +22885,22 @@ spec: - mountPath: /run/haproxy name: shared-socket initContainers: + - command: + - argocd + - admin + - redis-initial-password + image: quay.io/argoproj/argocd:v2.11.2 + imagePullPolicy: IfNotPresent + name: secret-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault - args: - /readonly/haproxy_init.sh command: @@ -22968,6 +22973,11 @@ spec: - args: - /usr/local/bin/argocd-repo-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -23142,19 +23152,13 @@ spec: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true - - name: ARGOCD_GRPC_MAX_SIZE_MB - valueFrom: - configMapKeyRef: - key: reposerver.grpc.max.size - name: argocd-cmd-params-cm - optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -23206,7 +23210,7 @@ spec: - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 name: copyutil securityContext: allowPrivilegeEscalation: false @@ -23291,6 +23295,11 @@ spec: env: - name: ARGOCD_API_SERVER_REPLICAS value: "2" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: @@ -23525,7 +23534,7 @@ spec: key: server.api.content.types name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: httpGet: @@ -23637,6 +23646,11 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_CONTROLLER_REPLICAS value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT @@ -23819,7 +23833,7 @@ spec: key: controller.ignore.normalizer.jq.timeout name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: argocd-application-controller ports: @@ -23879,7 +23893,7 @@ spec: template: metadata: annotations: - checksum/init-config: 69130412bda04eacad3530cb7bcf26cf121401e725e15d0959dd71a7380afe75 + checksum/init-config: 9d3c019a5ea1fd98ab5cde397d8eecd351da884f15e6ba346c607cb2446c2198 labels: app.kubernetes.io/name: argocd-redis-ha spec: @@ -23896,7 +23910,13 @@ spec: - /data/conf/redis.conf command: - redis-server - image: redis:7.0.15-alpine + env: + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.14-alpine imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -23950,7 +23970,13 @@ spec: - /data/conf/sentinel.conf command: - redis-sentinel - image: redis:7.0.15-alpine + env: + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.14-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: @@ -24003,7 +24029,12 @@ spec: value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 - name: SENTINEL_ID_2 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca - image: redis:7.0.15-alpine + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.14-alpine imagePullPolicy: IfNotPresent name: split-brain-fix resources: {} @@ -24033,7 +24064,12 @@ spec: value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 - name: SENTINEL_ID_2 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca - image: redis:7.0.15-alpine + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.14-alpine imagePullPolicy: IfNotPresent name: config-init securityContext: @@ -24156,21 +24192,6 @@ kind: NetworkPolicy metadata: name: argocd-redis-ha-proxy-network-policy spec: - egress: - - ports: - - port: 6379 - protocol: TCP - - port: 26379 - protocol: TCP - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-redis-ha - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP ingress: - from: - podSelector: @@ -24192,7 +24213,6 @@ spec: app.kubernetes.io/name: argocd-redis-ha-haproxy policyTypes: - Ingress - - Egress --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml index a32b5d005a544..7654b66082b0a 100644 --- a/manifests/ha/namespace-install.yaml +++ b/manifests/ha/namespace-install.yaml @@ -43,6 +43,8 @@ metadata: app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha +secrets: +- name: argocd-redis --- apiVersion: v1 kind: ServiceAccount @@ -273,6 +275,20 @@ metadata: app.kubernetes.io/part-of: argocd name: argocd-redis-ha-haproxy rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +- apiGroups: + - "" + resourceNames: + - argocd-redis + resources: + - secrets + verbs: + - get - apiGroups: - "" resources: @@ -505,7 +521,7 @@ data: sentinel_get_master() { set +e if [ "$SENTINEL_PORT" -eq 0 ]; then - redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' else redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ @@ -614,9 +630,9 @@ data: redis_ping() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping else - redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping fi set -e } @@ -649,7 +665,7 @@ data: if [ "$SENTINEL_PORT" -eq 0 ]; then echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" - if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then echo " $(date) Failover returned with 'NOGOODSLAVE'" echo "Setting defaults for this pod.." setup_defaults @@ -714,9 +730,9 @@ data: redis_role() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - ROLE=$(redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//') + ROLE=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//') else - ROLE=$(redis-cli -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//') + ROLE=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//') fi set -e } @@ -724,9 +740,9 @@ data: identify_redis_master() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - REDIS_MASTER=$(redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//') + REDIS_MASTER=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//') else - REDIS_MASTER=$(redis-cli -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//') + REDIS_MASTER=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//') fi set -e } @@ -736,9 +752,9 @@ data: sh /readonly-config/init.sh if [ "$REDIS_PORT" -eq 0 ]; then - echo "shutdown" | redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key + echo "shutdown" | redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key else - echo "shutdown" | redis-cli -p "${REDIS_PORT}" + echo "shutdown" | redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" fi set -e } @@ -751,6 +767,7 @@ data: identify_announce_ip done + trap "exit 0" TERM while true; do sleep 60 @@ -793,9 +810,10 @@ data: decide redis backend to use\n#master\nfrontend ft_redis_master\n bind :6379 \n \ use_backend bk_redis_master\n# Check all redis servers to see if they think they are master\nbackend bk_redis_master\n mode tcp\n option tcp-check\n tcp-check - connect\n tcp-check send PING\\r\\n\n tcp-check expect string +PONG\n tcp-check - send info\\ replication\\r\\n\n tcp-check expect string role:master\n tcp-check - send QUIT\\r\\n\n tcp-check expect string +OK\n use-server R0 if { srv_is_up(R0) + connect\n tcp-check send \"AUTH ${AUTH}\"\\r\\n\n tcp-check expect string +OK\n + \ tcp-check send PING\\r\\n\n tcp-check expect string +PONG\n tcp-check send + info\\ replication\\r\\n\n tcp-check expect string role:master\n tcp-check send + QUIT\\r\\n\n tcp-check expect string +OK\n use-server R0 if { srv_is_up(R0) } { nbsrv(check_if_redis_is_master_0) ge 2 }\n server R0 argocd-redis-ha-announce-0:6379 check inter 3s fall 1 rise 1\n use-server R1 if { srv_is_up(R1) } { nbsrv(check_if_redis_is_master_1) ge 2 }\n server R1 argocd-redis-ha-announce-1:6379 check inter 3s fall 1 rise @@ -858,7 +876,7 @@ data: sentinel_get_master() { set +e if [ "$SENTINEL_PORT" -eq 0 ]; then - redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' else redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ @@ -967,9 +985,9 @@ data: redis_ping() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping else - redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping fi set -e } @@ -1002,7 +1020,7 @@ data: if [ "$SENTINEL_PORT" -eq 0 ]; then echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" - if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then echo " $(date) Failover returned with 'NOGOODSLAVE'" echo "Setting defaults for this pod.." setup_defaults @@ -1110,6 +1128,8 @@ data: rdbcompression yes repl-diskless-sync yes save "" + requirepass replace-default-auth + masterauth replace-default-auth sentinel.conf: | dir "/data" port 26379 @@ -1118,10 +1138,12 @@ data: sentinel failover-timeout argocd 180000 maxclients 10000 sentinel parallel-syncs argocd 5 + sentinel auth-pass argocd replace-default-auth trigger-failover-if-master.sh: | get_redis_role() { is_master=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ info | grep -c 'role:master' || true @@ -1161,6 +1183,7 @@ data: redis_liveness.sh: | response=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ ping @@ -1173,6 +1196,7 @@ data: redis_readiness.sh: | response=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ ping @@ -1361,8 +1385,6 @@ spec: apiVersion: v1 kind: Service metadata: - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha @@ -1387,8 +1409,6 @@ spec: apiVersion: v1 kind: Service metadata: - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha @@ -1413,8 +1433,6 @@ spec: apiVersion: v1 kind: Service metadata: - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha @@ -1668,7 +1686,7 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: argocd-applicationset-controller ports: @@ -1791,7 +1809,7 @@ spec: - -n - /usr/local/bin/argocd - /shared/argocd-dex - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: copyutil securityContext: @@ -1873,7 +1891,7 @@ spec: key: notificationscontroller.selfservice.enabled name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: tcpSocket: @@ -1931,7 +1949,7 @@ spec: template: metadata: annotations: - checksum/config: 492a6adabb741e0cee39be9aa5155c41a4456629f862d0006a2d892dbecfbcae + checksum/config: e34e8124c38bcfd2f16e75620bbde30158686692b13bc449eecc44c51b207d54 prometheus.io/path: /metrics prometheus.io/port: "9101" prometheus.io/scrape: "true" @@ -1947,7 +1965,13 @@ spec: app.kubernetes.io/name: argocd-redis-ha-haproxy topologyKey: kubernetes.io/hostname containers: - - image: haproxy:2.6.14-alpine + - env: + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: @@ -1982,6 +2006,22 @@ spec: - mountPath: /run/haproxy name: shared-socket initContainers: + - command: + - argocd + - admin + - redis-initial-password + image: quay.io/argoproj/argocd:v2.11.2 + imagePullPolicy: IfNotPresent + name: secret-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault - args: - /readonly/haproxy_init.sh command: @@ -2054,6 +2094,11 @@ spec: - args: - /usr/local/bin/argocd-repo-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -2228,19 +2273,13 @@ spec: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true - - name: ARGOCD_GRPC_MAX_SIZE_MB - valueFrom: - configMapKeyRef: - key: reposerver.grpc.max.size - name: argocd-cmd-params-cm - optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -2292,7 +2331,7 @@ spec: - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 name: copyutil securityContext: allowPrivilegeEscalation: false @@ -2377,6 +2416,11 @@ spec: env: - name: ARGOCD_API_SERVER_REPLICAS value: "2" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: @@ -2611,7 +2655,7 @@ spec: key: server.api.content.types name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: httpGet: @@ -2723,6 +2767,11 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_CONTROLLER_REPLICAS value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT @@ -2905,7 +2954,7 @@ spec: key: controller.ignore.normalizer.jq.timeout name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: argocd-application-controller ports: @@ -2965,7 +3014,7 @@ spec: template: metadata: annotations: - checksum/init-config: 69130412bda04eacad3530cb7bcf26cf121401e725e15d0959dd71a7380afe75 + checksum/init-config: 9d3c019a5ea1fd98ab5cde397d8eecd351da884f15e6ba346c607cb2446c2198 labels: app.kubernetes.io/name: argocd-redis-ha spec: @@ -2982,7 +3031,13 @@ spec: - /data/conf/redis.conf command: - redis-server - image: redis:7.0.15-alpine + env: + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.14-alpine imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -3036,7 +3091,13 @@ spec: - /data/conf/sentinel.conf command: - redis-sentinel - image: redis:7.0.15-alpine + env: + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.14-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: @@ -3089,7 +3150,12 @@ spec: value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 - name: SENTINEL_ID_2 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca - image: redis:7.0.15-alpine + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.14-alpine imagePullPolicy: IfNotPresent name: split-brain-fix resources: {} @@ -3119,7 +3185,12 @@ spec: value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 - name: SENTINEL_ID_2 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca - image: redis:7.0.15-alpine + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.14-alpine imagePullPolicy: IfNotPresent name: config-init securityContext: @@ -3242,21 +3313,6 @@ kind: NetworkPolicy metadata: name: argocd-redis-ha-proxy-network-policy spec: - egress: - - ports: - - port: 6379 - protocol: TCP - - port: 26379 - protocol: TCP - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-redis-ha - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP ingress: - from: - podSelector: @@ -3278,7 +3334,6 @@ spec: app.kubernetes.io/name: argocd-redis-ha-haproxy policyTypes: - Ingress - - Egress --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy diff --git a/manifests/install.yaml b/manifests/install.yaml index 6f107373ad140..644aafa5de525 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -35,19 +35,14 @@ spec: description: Application is a definition of Application resource. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -145,21 +140,22 @@ spec: type: object type: array revision: - description: |- - Revision is the revision (Git) or chart version (Helm) which to sync the application to - If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version (Helm) + which to sync the application to If omitted, will use the revision + specified in app spec. type: string revisions: - description: |- - Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to - If omitted, will use the revision specified in app spec. + description: Revisions is the list of revision (Git) or chart + version (Helm) which to sync each source in sources field for + the application to If omitted, will use the revision specified + in app spec. items: type: string type: array source: - description: |- - Source overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Source overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must be specified @@ -480,18 +476,18 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be + commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: |- - Sources overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Sources overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -819,10 +815,11 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -841,10 +838,10 @@ spec: the sync. properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force flag + deletes and re-create the resource, when PATCH encounters + conflict and has retried for 5 times. type: boolean type: object hook: @@ -852,10 +849,10 @@ spec: perform the sync. This is the default strategy properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force flag + deletes and re-create the resource, when PATCH encounters + conflict and has retried for 5 times. type: boolean type: object type: object @@ -876,9 +873,9 @@ spec: not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. The namespace will only be set for + namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -907,9 +904,10 @@ spec: kind: type: string managedFieldsManagers: - description: |- - ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the - desired state defined in the SCM and won't be displayed in diffs + description: ManagedFieldsManagers is a list of trusted managers. + Fields mutated by those managers will take precedence over + the desired state defined in the SCM and won't be displayed + in diffs items: type: string type: array @@ -936,17 +934,18 @@ spec: type: object type: array project: - description: |- - Project is a reference to the project this application belongs to. - The empty string means that application belongs to the 'default' project. + description: Project is a reference to the project this application + belongs to. The empty string means that application belongs to the + 'default' project. type: string revisionHistoryLimit: - description: |- - RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. - This should only be changed in exceptional circumstances. - Setting to zero will store no history. This will reduce storage used. - Increasing will increase the space used to store the history, so we do not recommend increasing it. - Default is 10. + description: RevisionHistoryLimit limits the number of items kept + in the application's revision history, which is used for informational + purposes as well as for rollbacks to previous versions. This should + only be changed in exceptional circumstances. Setting to zero will + store no history. This will reduce storage used. Increasing will + increase the space used to store the history, so we do not recommend + increasing it. Default is 10. format: int64 type: integer source: @@ -1265,10 +1264,10 @@ spec: that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. type: string required: - repoURL @@ -1597,10 +1596,10 @@ spec: that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of + Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2093,10 +2092,11 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -2438,10 +2438,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -2453,9 +2454,9 @@ spec: type: object type: array observedAt: - description: |- - ObservedAt indicates when the application state was updated without querying latest git state - Deprecated: controller no longer updates ObservedAt field + description: 'ObservedAt indicates when the application state was + updated without querying latest git state Deprecated: controller + no longer updates ObservedAt field' format: date-time type: string operationState: @@ -2568,21 +2569,22 @@ spec: type: object type: array revision: - description: |- - Revision is the revision (Git) or chart version (Helm) which to sync the application to - If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version + (Helm) which to sync the application to If omitted, + will use the revision specified in app spec. type: string revisions: - description: |- - Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to - If omitted, will use the revision specified in app spec. + description: Revisions is the list of revision (Git) or + chart version (Helm) which to sync each source in sources + field for the application to If omitted, will use the + revision specified in app spec. items: type: string type: array source: - description: |- - Source overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Source overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must @@ -2925,18 +2927,19 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL type: object sources: - description: |- - Sources overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Sources overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -3287,10 +3290,11 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision + of the source to sync the application to. In case + of Git, this can be commit, tag, or branch. If + omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. type: string required: - repoURL @@ -3311,10 +3315,11 @@ spec: to perform the sync. properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to + supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, + when PATCH encounters conflict and has retried + for 5 times. type: boolean type: object hook: @@ -3322,10 +3327,11 @@ spec: to perform the sync. This is the default strategy properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to + supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, + when PATCH encounters conflict and has retried + for 5 times. type: boolean type: object type: object @@ -3369,9 +3375,9 @@ spec: description: Group specifies the API group of the resource type: string hookPhase: - description: |- - HookPhase contains the state of any operation associated with this resource OR hook - This can also contain values for non-hook resources. + description: HookPhase contains the state of any operation + associated with this resource OR hook This can also + contain values for non-hook resources. type: string hookType: description: HookType specifies the type of the hook. @@ -3756,10 +3762,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -4110,10 +4117,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL @@ -4140,9 +4148,8 @@ spec: description: Resources is a list of Kubernetes resources managed by this application items: - description: |- - ResourceStatus holds the current sync and health status of a resource - TODO: describe members of this type + description: 'ResourceStatus holds the current sync and health status + of a resource TODO: describe members of this type' properties: group: type: string @@ -4225,9 +4232,10 @@ spec: if Server is not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace + for the application's resources. The namespace will + only be set for namespace-scoped resources that have + not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -4256,9 +4264,10 @@ spec: kind: type: string managedFieldsManagers: - description: |- - ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the - desired state defined in the SCM and won't be displayed in diffs + description: ManagedFieldsManagers is a list of trusted + managers. Fields mutated by those managers will take + precedence over the desired state defined in the SCM + and won't be displayed in diffs items: type: string type: array @@ -4604,10 +4613,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -4958,10 +4968,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL @@ -5058,7 +5069,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -5655,7 +5665,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -7418,7 +7427,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -8015,7 +8023,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -11881,7 +11888,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array template: @@ -12478,7 +12484,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -13075,7 +13080,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -16941,7 +16945,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array mergeKeys: @@ -19642,7 +19645,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array goTemplate: @@ -20329,37 +20331,6 @@ spec: - type type: object type: array - resources: - items: - properties: - group: - type: string - health: - properties: - message: - type: string - status: - type: string - type: object - hook: - type: boolean - kind: - type: string - name: - type: string - namespace: - type: string - requiresPruning: - type: boolean - status: - type: string - syncWave: - format: int64 - type: integer - version: - type: string - type: object - type: array type: object required: - metadata @@ -20392,28 +20363,22 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: |- - AppProject provides a logical grouping of applications, providing controls for: - * where the apps may deploy to (cluster whitelist) - * what may be deployed (repository whitelist, resource whitelist/blacklist) - * who can access these applications (roles, OIDC group claims bindings) - * and what they can do (RBAC policies) - * automation access to these roles (JWT tokens) + description: 'AppProject provides a logical grouping of applications, providing + controls for: * where the apps may deploy to (cluster whitelist) * what + may be deployed (repository whitelist, resource whitelist/blacklist) * who + can access these applications (roles, OIDC group claims bindings) * and + what they can do (RBAC policies) * automation access to these roles (JWT + tokens)' properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -20424,9 +20389,9 @@ spec: description: ClusterResourceBlacklist contains list of blacklisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20441,9 +20406,9 @@ spec: description: ClusterResourceWhitelist contains list of whitelisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20470,9 +20435,9 @@ spec: not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. The namespace will only be set for + namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -20485,9 +20450,9 @@ spec: description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20502,9 +20467,9 @@ spec: description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20943,6 +20908,30 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +rules: +- apiGroups: + - "" + resourceNames: + - argocd-redis + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: labels: app.kubernetes.io/component: server @@ -21212,6 +21201,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-redis +subjects: +- kind: ServiceAccount + name: argocd-redis +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: labels: app.kubernetes.io/component: server @@ -21677,7 +21682,7 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: argocd-applicationset-controller ports: @@ -21800,7 +21805,7 @@ spec: - -n - /usr/local/bin/argocd - /shared/argocd-dex - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: copyutil securityContext: @@ -21882,7 +21887,7 @@ spec: key: notificationscontroller.selfservice.enabled name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: tcpSocket: @@ -21959,7 +21964,14 @@ spec: - "" - --appendonly - "no" - image: redis:7.0.15-alpine + - --requirepass $(REDIS_PASSWORD) + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.14-alpine imagePullPolicy: Always name: redis ports: @@ -21970,6 +21982,23 @@ spec: drop: - ALL readOnlyRootFilesystem: true + initContainers: + - command: + - argocd + - admin + - redis-initial-password + image: quay.io/argoproj/argocd:v2.11.2 + imagePullPolicy: IfNotPresent + name: secret-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault securityContext: runAsNonRoot: true runAsUser: 999 @@ -22014,6 +22043,11 @@ spec: - args: - /usr/local/bin/argocd-repo-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -22188,19 +22222,13 @@ spec: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true - - name: ARGOCD_GRPC_MAX_SIZE_MB - valueFrom: - configMapKeyRef: - key: reposerver.grpc.max.size - name: argocd-cmd-params-cm - optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -22252,7 +22280,7 @@ spec: - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 name: copyutil securityContext: allowPrivilegeEscalation: false @@ -22335,6 +22363,11 @@ spec: - args: - /usr/local/bin/argocd-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: @@ -22569,7 +22602,7 @@ spec: key: server.api.content.types name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: httpGet: @@ -22681,6 +22714,11 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_CONTROLLER_REPLICAS value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT @@ -22863,7 +22901,7 @@ spec: key: controller.ignore.normalizer.jq.timeout name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: argocd-application-controller ports: @@ -22992,12 +23030,6 @@ kind: NetworkPolicy metadata: name: argocd-redis-network-policy spec: - egress: - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP ingress: - from: - podSelector: @@ -23017,7 +23049,6 @@ spec: app.kubernetes.io/name: argocd-redis policyTypes: - Ingress - - Egress --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index c2acc80e6cd4e..49c8c34a280aa 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -241,6 +241,30 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +rules: +- apiGroups: + - "" + resourceNames: + - argocd-redis + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: labels: app.kubernetes.io/component: server @@ -349,6 +373,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-redis +subjects: +- kind: ServiceAccount + name: argocd-redis +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: labels: app.kubernetes.io/component: server @@ -763,7 +803,7 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: argocd-applicationset-controller ports: @@ -886,7 +926,7 @@ spec: - -n - /usr/local/bin/argocd - /shared/argocd-dex - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: copyutil securityContext: @@ -968,7 +1008,7 @@ spec: key: notificationscontroller.selfservice.enabled name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: tcpSocket: @@ -1045,7 +1085,14 @@ spec: - "" - --appendonly - "no" - image: redis:7.0.15-alpine + - --requirepass $(REDIS_PASSWORD) + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.14-alpine imagePullPolicy: Always name: redis ports: @@ -1056,6 +1103,23 @@ spec: drop: - ALL readOnlyRootFilesystem: true + initContainers: + - command: + - argocd + - admin + - redis-initial-password + image: quay.io/argoproj/argocd:v2.11.2 + imagePullPolicy: IfNotPresent + name: secret-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault securityContext: runAsNonRoot: true runAsUser: 999 @@ -1100,6 +1164,11 @@ spec: - args: - /usr/local/bin/argocd-repo-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -1274,19 +1343,13 @@ spec: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true - - name: ARGOCD_GRPC_MAX_SIZE_MB - valueFrom: - configMapKeyRef: - key: reposerver.grpc.max.size - name: argocd-cmd-params-cm - optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -1338,7 +1401,7 @@ spec: - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 name: copyutil securityContext: allowPrivilegeEscalation: false @@ -1421,6 +1484,11 @@ spec: - args: - /usr/local/bin/argocd-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: @@ -1655,7 +1723,7 @@ spec: key: server.api.content.types name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always livenessProbe: httpGet: @@ -1767,6 +1835,11 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_CONTROLLER_REPLICAS value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT @@ -1949,7 +2022,7 @@ spec: key: controller.ignore.normalizer.jq.timeout name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.2 imagePullPolicy: Always name: argocd-application-controller ports: @@ -2078,12 +2151,6 @@ kind: NetworkPolicy metadata: name: argocd-redis-network-policy spec: - egress: - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP ingress: - from: - podSelector: @@ -2103,7 +2170,6 @@ spec: app.kubernetes.io/name: argocd-redis policyTypes: - Ingress - - Egress --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy diff --git a/pkg/apiclient/apiclient.go b/pkg/apiclient/apiclient.go index 9b22530c45e74..83e841dd99bea 100644 --- a/pkg/apiclient/apiclient.go +++ b/pkg/apiclient/apiclient.go @@ -62,11 +62,13 @@ const ( EnvArgoCDServer = "ARGOCD_SERVER" // EnvArgoCDAuthToken is the environment variable to look for an Argo CD auth token EnvArgoCDAuthToken = "ARGOCD_AUTH_TOKEN" + // EnvArgoCDgRPCMaxSizeMB is the environment variable to look for a max gRPC message size + EnvArgoCDgRPCMaxSizeMB = "ARGOCD_GRPC_MAX_SIZE_MB" ) var ( // MaxGRPCMessageSize contains max grpc message size - MaxGRPCMessageSize = env.ParseNumFromEnv(common.EnvGRPCMaxSizeMB, 200, 0, math.MaxInt32) * 1024 * 1024 + MaxGRPCMessageSize = env.ParseNumFromEnv(EnvArgoCDgRPCMaxSizeMB, 200, 0, math.MaxInt32) * 1024 * 1024 ) // Client defines an interface for interaction with an Argo CD server. diff --git a/pkg/apiclient/applicationset/applicationset.pb.go b/pkg/apiclient/applicationset/applicationset.pb.go index 68db654fe9c4e..8f717d1f6920f 100644 --- a/pkg/apiclient/applicationset/applicationset.pb.go +++ b/pkg/apiclient/applicationset/applicationset.pb.go @@ -322,69 +322,12 @@ func (m *ApplicationSetDeleteRequest) GetAppsetNamespace() string { return "" } -type ApplicationSetTreeQuery struct { - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - // The application set namespace. Default empty is argocd control plane namespace - AppsetNamespace string `protobuf:"bytes,2,opt,name=appsetNamespace,proto3" json:"appsetNamespace,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *ApplicationSetTreeQuery) Reset() { *m = ApplicationSetTreeQuery{} } -func (m *ApplicationSetTreeQuery) String() string { return proto.CompactTextString(m) } -func (*ApplicationSetTreeQuery) ProtoMessage() {} -func (*ApplicationSetTreeQuery) Descriptor() ([]byte, []int) { - return fileDescriptor_eacb9df0ce5738fa, []int{5} -} -func (m *ApplicationSetTreeQuery) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *ApplicationSetTreeQuery) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_ApplicationSetTreeQuery.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *ApplicationSetTreeQuery) XXX_Merge(src proto.Message) { - xxx_messageInfo_ApplicationSetTreeQuery.Merge(m, src) -} -func (m *ApplicationSetTreeQuery) XXX_Size() int { - return m.Size() -} -func (m *ApplicationSetTreeQuery) XXX_DiscardUnknown() { - xxx_messageInfo_ApplicationSetTreeQuery.DiscardUnknown(m) -} - -var xxx_messageInfo_ApplicationSetTreeQuery proto.InternalMessageInfo - -func (m *ApplicationSetTreeQuery) GetName() string { - if m != nil { - return m.Name - } - return "" -} - -func (m *ApplicationSetTreeQuery) GetAppsetNamespace() string { - if m != nil { - return m.AppsetNamespace - } - return "" -} - func init() { proto.RegisterType((*ApplicationSetGetQuery)(nil), "applicationset.ApplicationSetGetQuery") proto.RegisterType((*ApplicationSetListQuery)(nil), "applicationset.ApplicationSetListQuery") proto.RegisterType((*ApplicationSetResponse)(nil), "applicationset.ApplicationSetResponse") proto.RegisterType((*ApplicationSetCreateRequest)(nil), "applicationset.ApplicationSetCreateRequest") proto.RegisterType((*ApplicationSetDeleteRequest)(nil), "applicationset.ApplicationSetDeleteRequest") - proto.RegisterType((*ApplicationSetTreeQuery)(nil), "applicationset.ApplicationSetTreeQuery") } func init() { @@ -392,43 +335,40 @@ func init() { } var fileDescriptor_eacb9df0ce5738fa = []byte{ - // 573 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x95, 0x4f, 0x8b, 0x13, 0x3f, - 0x18, 0xc7, 0xc9, 0x76, 0xe9, 0x6f, 0x37, 0x3f, 0x51, 0x08, 0xb8, 0x5b, 0x47, 0xa9, 0x65, 0x0e, - 0x6b, 0x5d, 0xdd, 0x84, 0x56, 0x4f, 0x7a, 0xf2, 0x0f, 0x2c, 0x42, 0x11, 0x9d, 0x15, 0x05, 0x3d, - 0x48, 0x76, 0xfa, 0x30, 0x3b, 0xee, 0x74, 0x12, 0x93, 0x74, 0x40, 0x16, 0x2f, 0x82, 0xaf, 0xc0, - 0x77, 0xa0, 0x17, 0xc1, 0xab, 0x77, 0xaf, 0x1e, 0x05, 0xdf, 0x80, 0x54, 0x5f, 0x88, 0x4c, 0x66, - 0xda, 0xee, 0x84, 0x6e, 0x2b, 0x58, 0x6f, 0x79, 0xf2, 0xe7, 0x79, 0x3e, 0x79, 0x9e, 0xef, 0x93, - 0xe0, 0x6d, 0x0d, 0x2a, 0x03, 0xc5, 0xb8, 0x94, 0x49, 0x1c, 0x72, 0x13, 0x8b, 0x54, 0x83, 0x71, - 0x4c, 0x2a, 0x95, 0x30, 0x82, 0x9c, 0xae, 0xce, 0x7a, 0x17, 0x22, 0x21, 0xa2, 0x04, 0x18, 0x97, - 0x31, 0xe3, 0x69, 0x2a, 0x4c, 0xb1, 0x52, 0xec, 0xf6, 0x7a, 0x51, 0x6c, 0x0e, 0x86, 0xfb, 0x34, - 0x14, 0x03, 0xc6, 0x55, 0x24, 0xa4, 0x12, 0x2f, 0xec, 0x60, 0x27, 0xec, 0xb3, 0xac, 0xcb, 0xe4, - 0x61, 0x94, 0x9f, 0xd4, 0xc7, 0x63, 0xb1, 0xac, 0xc3, 0x13, 0x79, 0xc0, 0x3b, 0x2c, 0x82, 0x14, - 0x14, 0x37, 0xd0, 0x2f, 0xbc, 0xf9, 0x8f, 0xf1, 0xc6, 0xad, 0xe9, 0xbe, 0x3d, 0x30, 0xbb, 0x60, - 0x1e, 0x0e, 0x41, 0xbd, 0x22, 0x04, 0xaf, 0xa6, 0x7c, 0x00, 0x0d, 0xd4, 0x42, 0xed, 0xf5, 0xc0, - 0x8e, 0x49, 0x1b, 0x9f, 0xe1, 0x52, 0x6a, 0x30, 0xf7, 0xf9, 0x00, 0xb4, 0xe4, 0x21, 0x34, 0x56, - 0xec, 0xb2, 0x3b, 0xed, 0x1f, 0xe1, 0xcd, 0xaa, 0xdf, 0x5e, 0xac, 0x4b, 0xc7, 0x1e, 0x5e, 0xcb, - 0x99, 0x21, 0x34, 0xba, 0x81, 0x5a, 0xb5, 0xf6, 0x7a, 0x30, 0xb1, 0xf3, 0x35, 0x0d, 0x09, 0x84, - 0x46, 0xa8, 0xd2, 0xf3, 0xc4, 0x9e, 0x15, 0xbc, 0x36, 0x3b, 0xf8, 0x47, 0xe4, 0xde, 0x2a, 0x00, - 0x2d, 0xf3, 0xe4, 0x92, 0x06, 0xfe, 0xaf, 0x0c, 0x56, 0x5e, 0x6c, 0x6c, 0x12, 0x83, 0x9d, 0x3a, - 0x58, 0x80, 0xff, 0xbb, 0x3d, 0x3a, 0x4d, 0x38, 0x1d, 0x27, 0xdc, 0x0e, 0x9e, 0x87, 0x7d, 0x9a, - 0x75, 0xa9, 0x3c, 0x8c, 0x68, 0x9e, 0x70, 0x7a, 0xec, 0x38, 0x1d, 0x27, 0x9c, 0x3a, 0x1c, 0x4e, - 0x0c, 0xff, 0x13, 0xc2, 0xe7, 0xab, 0x5b, 0xee, 0x28, 0xe0, 0x06, 0x02, 0x78, 0x39, 0x04, 0x3d, - 0x8b, 0x0a, 0xfd, 0x7b, 0x2a, 0xb2, 0x81, 0xeb, 0x43, 0xa9, 0x41, 0x15, 0x39, 0x58, 0x0b, 0x4a, - 0xcb, 0x7f, 0xe6, 0xc2, 0xde, 0x85, 0x04, 0xa6, 0xb0, 0x7f, 0x27, 0x99, 0x27, 0xae, 0x64, 0x1e, - 0x29, 0x80, 0x25, 0x68, 0xb1, 0xfb, 0xb3, 0x8e, 0xcf, 0x56, 0x3d, 0xef, 0x81, 0xca, 0xe2, 0x10, - 0xc8, 0x07, 0x84, 0x6b, 0xbb, 0x60, 0xc8, 0x16, 0x75, 0x1a, 0x73, 0x76, 0x4f, 0x78, 0x4b, 0xcd, - 0xba, 0xbf, 0xf5, 0xe6, 0xfb, 0xaf, 0x77, 0x2b, 0x2d, 0xd2, 0xb4, 0x9d, 0x9e, 0x75, 0x9c, 0xd7, - 0x41, 0xb3, 0xa3, 0xfc, 0xa2, 0xaf, 0xc9, 0x7b, 0x84, 0x57, 0xf3, 0xf6, 0x21, 0x97, 0xe6, 0x63, - 0x4e, 0x5a, 0xcc, 0x7b, 0xb0, 0x4c, 0xce, 0xdc, 0xad, 0x7f, 0xd1, 0xb2, 0x9e, 0x23, 0x9b, 0x27, - 0xb0, 0x92, 0xcf, 0x08, 0xd7, 0x0b, 0xe9, 0x92, 0x2b, 0xf3, 0x31, 0x2b, 0x02, 0x5f, 0x72, 0x4a, - 0x99, 0xc5, 0xbc, 0xec, 0x9f, 0x84, 0x79, 0xc3, 0x55, 0xfa, 0x5b, 0x84, 0xeb, 0x85, 0x88, 0x17, - 0x61, 0x57, 0xa4, 0xee, 0x2d, 0x50, 0xcc, 0xf8, 0xbd, 0x19, 0xd7, 0x78, 0x7b, 0x51, 0x8d, 0xbf, - 0x20, 0x7c, 0x2a, 0x00, 0x2d, 0x86, 0x2a, 0x84, 0x5c, 0xf7, 0x8b, 0x6a, 0x3d, 0xe9, 0x8d, 0xe5, - 0xd6, 0x3a, 0x77, 0xeb, 0x5f, 0xb7, 0xcc, 0x94, 0x5c, 0x9d, 0xcf, 0xcc, 0x54, 0xc9, 0xbb, 0x63, - 0x14, 0xc0, 0xed, 0x7b, 0x5f, 0x47, 0x4d, 0xf4, 0x6d, 0xd4, 0x44, 0x3f, 0x46, 0x4d, 0xf4, 0xf4, - 0xe6, 0x9f, 0xfd, 0x52, 0x61, 0x12, 0x43, 0xea, 0x7e, 0x8b, 0xfb, 0x75, 0xfb, 0x37, 0x5d, 0xfb, - 0x1d, 0x00, 0x00, 0xff, 0xff, 0xfa, 0x8f, 0x0f, 0xad, 0x45, 0x07, 0x00, 0x00, + // 526 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x94, 0xdf, 0x8a, 0x13, 0x31, + 0x14, 0xc6, 0xc9, 0x76, 0xad, 0xbb, 0x11, 0x14, 0x02, 0xee, 0xd6, 0x51, 0x6a, 0x99, 0x8b, 0xb5, + 0xae, 0x98, 0xd0, 0x7a, 0xa7, 0x57, 0xfe, 0x81, 0x45, 0x28, 0xa2, 0xb3, 0xe0, 0x85, 0x5e, 0x48, + 0x76, 0x7a, 0x98, 0x1d, 0x77, 0x3a, 0x89, 0x49, 0x3a, 0x20, 0x8b, 0x37, 0x82, 0x4f, 0xe0, 0x13, + 0xa8, 0x37, 0x82, 0xb7, 0x3e, 0x84, 0x97, 0x82, 0x2f, 0x20, 0xc5, 0x07, 0x91, 0xc9, 0xcc, 0xb4, + 0x3b, 0xa1, 0xdb, 0x0a, 0x76, 0xef, 0x72, 0x26, 0x99, 0x73, 0x7e, 0xf9, 0xf2, 0x9d, 0x83, 0x77, + 0x35, 0xa8, 0x0c, 0x14, 0xe3, 0x52, 0x26, 0x71, 0xc8, 0x4d, 0x2c, 0x52, 0x0d, 0xc6, 0x09, 0xa9, + 0x54, 0xc2, 0x08, 0x72, 0xb1, 0xfe, 0xd5, 0xbb, 0x16, 0x09, 0x11, 0x25, 0xc0, 0xb8, 0x8c, 0x19, + 0x4f, 0x53, 0x61, 0x8a, 0x9d, 0xe2, 0xb4, 0x37, 0x88, 0x62, 0x73, 0x38, 0x3e, 0xa0, 0xa1, 0x18, + 0x31, 0xae, 0x22, 0x21, 0x95, 0x78, 0x6d, 0x17, 0xb7, 0xc3, 0x21, 0xcb, 0xfa, 0x4c, 0x1e, 0x45, + 0xf9, 0x9f, 0xfa, 0x64, 0x2d, 0x96, 0xf5, 0x78, 0x22, 0x0f, 0x79, 0x8f, 0x45, 0x90, 0x82, 0xe2, + 0x06, 0x86, 0x45, 0x36, 0xff, 0x39, 0xde, 0xba, 0x3f, 0x3b, 0xb7, 0x0f, 0x66, 0x0f, 0xcc, 0xb3, + 0x31, 0xa8, 0xb7, 0x84, 0xe0, 0xf5, 0x94, 0x8f, 0xa0, 0x85, 0x3a, 0xa8, 0xbb, 0x19, 0xd8, 0x35, + 0xe9, 0xe2, 0x4b, 0x5c, 0x4a, 0x0d, 0xe6, 0x09, 0x1f, 0x81, 0x96, 0x3c, 0x84, 0xd6, 0x9a, 0xdd, + 0x76, 0x3f, 0xfb, 0xc7, 0x78, 0xbb, 0x9e, 0x77, 0x10, 0xeb, 0x32, 0xb1, 0x87, 0x37, 0x72, 0x66, + 0x08, 0x8d, 0x6e, 0xa1, 0x4e, 0xa3, 0xbb, 0x19, 0x4c, 0xe3, 0x7c, 0x4f, 0x43, 0x02, 0xa1, 0x11, + 0xaa, 0xcc, 0x3c, 0x8d, 0xe7, 0x15, 0x6f, 0xcc, 0x2f, 0xfe, 0x15, 0xb9, 0xb7, 0x0a, 0x40, 0xcb, + 0x5c, 0x5c, 0xd2, 0xc2, 0xe7, 0xcb, 0x62, 0xe5, 0xc5, 0xaa, 0x90, 0x18, 0xec, 0xbc, 0x83, 0x05, + 0xb8, 0xd0, 0x1f, 0xd0, 0x99, 0xe0, 0xb4, 0x12, 0xdc, 0x2e, 0x5e, 0x85, 0x43, 0x9a, 0xf5, 0xa9, + 0x3c, 0x8a, 0x68, 0x2e, 0x38, 0x3d, 0xf1, 0x3b, 0xad, 0x04, 0xa7, 0x0e, 0x87, 0x53, 0xc3, 0xff, + 0x86, 0xf0, 0xd5, 0xfa, 0x91, 0x87, 0x0a, 0xb8, 0x81, 0x00, 0xde, 0x8c, 0x41, 0xcf, 0xa3, 0x42, + 0x67, 0x4f, 0x45, 0xb6, 0x70, 0x73, 0x2c, 0x35, 0xa8, 0x42, 0x83, 0x8d, 0xa0, 0x8c, 0xfc, 0x97, + 0x2e, 0xec, 0x23, 0x48, 0x60, 0x06, 0xfb, 0x5f, 0x96, 0xe9, 0x7f, 0x3a, 0x87, 0x2f, 0xd7, 0xb3, + 0xef, 0x83, 0xca, 0xe2, 0x10, 0xc8, 0x17, 0x84, 0x1b, 0x7b, 0x60, 0xc8, 0x0e, 0x75, 0xfa, 0x67, + 0xbe, 0x75, 0xbd, 0x95, 0x8a, 0xe3, 0xef, 0xbc, 0xff, 0xf5, 0xe7, 0xe3, 0x5a, 0x87, 0xb4, 0x6d, + 0x43, 0x66, 0x3d, 0xa7, 0x89, 0x35, 0x3b, 0xce, 0x2f, 0xfa, 0x8e, 0x7c, 0x46, 0x78, 0x3d, 0x77, + 0x39, 0xb9, 0xb1, 0x18, 0x73, 0xda, 0x09, 0xde, 0xd3, 0x55, 0x72, 0xe6, 0x69, 0xfd, 0xeb, 0x96, + 0xf5, 0x0a, 0xd9, 0x3e, 0x85, 0x95, 0x7c, 0x47, 0xb8, 0x59, 0x38, 0x8c, 0xdc, 0x5a, 0x8c, 0x59, + 0xf3, 0xe1, 0x8a, 0x25, 0x65, 0x16, 0xf3, 0xa6, 0x7f, 0x1a, 0xe6, 0x5d, 0xd7, 0x90, 0x1f, 0x10, + 0x6e, 0x16, 0x5e, 0x5b, 0x86, 0x5d, 0x73, 0xa4, 0xb7, 0xc4, 0x31, 0xd5, 0x58, 0xa8, 0xde, 0x78, + 0x77, 0xc9, 0x1b, 0x3f, 0x78, 0xfc, 0x63, 0xd2, 0x46, 0x3f, 0x27, 0x6d, 0xf4, 0x7b, 0xd2, 0x46, + 0x2f, 0xee, 0xfd, 0xdb, 0x28, 0x0e, 0x93, 0x18, 0x52, 0x77, 0xf6, 0x1f, 0x34, 0xed, 0x00, 0xbe, + 0xf3, 0x37, 0x00, 0x00, 0xff, 0xff, 0x96, 0x3f, 0x16, 0xa7, 0x2a, 0x06, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -451,8 +391,6 @@ type ApplicationSetServiceClient interface { Create(ctx context.Context, in *ApplicationSetCreateRequest, opts ...grpc.CallOption) (*v1alpha1.ApplicationSet, error) // Delete deletes an application set Delete(ctx context.Context, in *ApplicationSetDeleteRequest, opts ...grpc.CallOption) (*ApplicationSetResponse, error) - // ResourceTree returns resource tree - ResourceTree(ctx context.Context, in *ApplicationSetTreeQuery, opts ...grpc.CallOption) (*v1alpha1.ApplicationSetTree, error) } type applicationSetServiceClient struct { @@ -499,15 +437,6 @@ func (c *applicationSetServiceClient) Delete(ctx context.Context, in *Applicatio return out, nil } -func (c *applicationSetServiceClient) ResourceTree(ctx context.Context, in *ApplicationSetTreeQuery, opts ...grpc.CallOption) (*v1alpha1.ApplicationSetTree, error) { - out := new(v1alpha1.ApplicationSetTree) - err := c.cc.Invoke(ctx, "/applicationset.ApplicationSetService/ResourceTree", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - // ApplicationSetServiceServer is the server API for ApplicationSetService service. type ApplicationSetServiceServer interface { // Get returns an applicationset by name @@ -518,8 +447,6 @@ type ApplicationSetServiceServer interface { Create(context.Context, *ApplicationSetCreateRequest) (*v1alpha1.ApplicationSet, error) // Delete deletes an application set Delete(context.Context, *ApplicationSetDeleteRequest) (*ApplicationSetResponse, error) - // ResourceTree returns resource tree - ResourceTree(context.Context, *ApplicationSetTreeQuery) (*v1alpha1.ApplicationSetTree, error) } // UnimplementedApplicationSetServiceServer can be embedded to have forward compatible implementations. @@ -538,9 +465,6 @@ func (*UnimplementedApplicationSetServiceServer) Create(ctx context.Context, req func (*UnimplementedApplicationSetServiceServer) Delete(ctx context.Context, req *ApplicationSetDeleteRequest) (*ApplicationSetResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method Delete not implemented") } -func (*UnimplementedApplicationSetServiceServer) ResourceTree(ctx context.Context, req *ApplicationSetTreeQuery) (*v1alpha1.ApplicationSetTree, error) { - return nil, status.Errorf(codes.Unimplemented, "method ResourceTree not implemented") -} func RegisterApplicationSetServiceServer(s *grpc.Server, srv ApplicationSetServiceServer) { s.RegisterService(&_ApplicationSetService_serviceDesc, srv) @@ -618,24 +542,6 @@ func _ApplicationSetService_Delete_Handler(srv interface{}, ctx context.Context, return interceptor(ctx, in, info, handler) } -func _ApplicationSetService_ResourceTree_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(ApplicationSetTreeQuery) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(ApplicationSetServiceServer).ResourceTree(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/applicationset.ApplicationSetService/ResourceTree", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(ApplicationSetServiceServer).ResourceTree(ctx, req.(*ApplicationSetTreeQuery)) - } - return interceptor(ctx, in, info, handler) -} - var _ApplicationSetService_serviceDesc = grpc.ServiceDesc{ ServiceName: "applicationset.ApplicationSetService", HandlerType: (*ApplicationSetServiceServer)(nil), @@ -656,10 +562,6 @@ var _ApplicationSetService_serviceDesc = grpc.ServiceDesc{ MethodName: "Delete", Handler: _ApplicationSetService_Delete_Handler, }, - { - MethodName: "ResourceTree", - Handler: _ApplicationSetService_ResourceTree_Handler, - }, }, Streams: []grpc.StreamDesc{}, Metadata: "server/applicationset/applicationset.proto", @@ -892,47 +794,6 @@ func (m *ApplicationSetDeleteRequest) MarshalToSizedBuffer(dAtA []byte) (int, er return len(dAtA) - i, nil } -func (m *ApplicationSetTreeQuery) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ApplicationSetTreeQuery) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *ApplicationSetTreeQuery) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.AppsetNamespace) > 0 { - i -= len(m.AppsetNamespace) - copy(dAtA[i:], m.AppsetNamespace) - i = encodeVarintApplicationset(dAtA, i, uint64(len(m.AppsetNamespace))) - i-- - dAtA[i] = 0x12 - } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintApplicationset(dAtA, i, uint64(len(m.Name))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - func encodeVarintApplicationset(dAtA []byte, offset int, v uint64) int { offset -= sovApplicationset(v) base := offset @@ -1049,26 +910,6 @@ func (m *ApplicationSetDeleteRequest) Size() (n int) { return n } -func (m *ApplicationSetTreeQuery) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Name) - if l > 0 { - n += 1 + l + sovApplicationset(uint64(l)) - } - l = len(m.AppsetNamespace) - if l > 0 { - n += 1 + l + sovApplicationset(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - func sovApplicationset(x uint64) (n int) { return (math_bits.Len64(x|1) + 6) / 7 } @@ -1678,121 +1519,6 @@ func (m *ApplicationSetDeleteRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *ApplicationSetTreeQuery) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowApplicationset - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ApplicationSetTreeQuery: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ApplicationSetTreeQuery: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowApplicationset - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthApplicationset - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthApplicationset - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Name = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AppsetNamespace", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowApplicationset - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthApplicationset - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthApplicationset - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.AppsetNamespace = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipApplicationset(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthApplicationset - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} func skipApplicationset(dAtA []byte) (n int, err error) { l := len(dAtA) iNdEx := 0 diff --git a/pkg/apiclient/applicationset/applicationset.pb.gw.go b/pkg/apiclient/applicationset/applicationset.pb.gw.go index daad3043c52ca..5e4c73f7add3b 100644 --- a/pkg/apiclient/applicationset/applicationset.pb.gw.go +++ b/pkg/apiclient/applicationset/applicationset.pb.gw.go @@ -265,78 +265,6 @@ func local_request_ApplicationSetService_Delete_0(ctx context.Context, marshaler } -var ( - filter_ApplicationSetService_ResourceTree_0 = &utilities.DoubleArray{Encoding: map[string]int{"name": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}} -) - -func request_ApplicationSetService_ResourceTree_0(ctx context.Context, marshaler runtime.Marshaler, client ApplicationSetServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { - var protoReq ApplicationSetTreeQuery - var metadata runtime.ServerMetadata - - var ( - val string - ok bool - err error - _ = err - ) - - val, ok = pathParams["name"] - if !ok { - return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "name") - } - - protoReq.Name, err = runtime.String(val) - - if err != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "name", err) - } - - if err := req.ParseForm(); err != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) - } - if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_ApplicationSetService_ResourceTree_0); err != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) - } - - msg, err := client.ResourceTree(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) - return msg, metadata, err - -} - -func local_request_ApplicationSetService_ResourceTree_0(ctx context.Context, marshaler runtime.Marshaler, server ApplicationSetServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { - var protoReq ApplicationSetTreeQuery - var metadata runtime.ServerMetadata - - var ( - val string - ok bool - err error - _ = err - ) - - val, ok = pathParams["name"] - if !ok { - return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "name") - } - - protoReq.Name, err = runtime.String(val) - - if err != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "name", err) - } - - if err := req.ParseForm(); err != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) - } - if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_ApplicationSetService_ResourceTree_0); err != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) - } - - msg, err := server.ResourceTree(ctx, &protoReq) - return msg, metadata, err - -} - // RegisterApplicationSetServiceHandlerServer registers the http handlers for service ApplicationSetService to "mux". // UnaryRPC :call ApplicationSetServiceServer directly. // StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906. @@ -435,29 +363,6 @@ func RegisterApplicationSetServiceHandlerServer(ctx context.Context, mux *runtim }) - mux.Handle("GET", pattern_ApplicationSetService_ResourceTree_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { - ctx, cancel := context.WithCancel(req.Context()) - defer cancel() - var stream runtime.ServerTransportStream - ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) - inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) - rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - resp, md, err := local_request_ApplicationSetService_ResourceTree_0(rctx, inboundMarshaler, server, req, pathParams) - md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) - ctx = runtime.NewServerMetadataContext(ctx, md) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - - forward_ApplicationSetService_ResourceTree_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) - - }) - return nil } @@ -579,26 +484,6 @@ func RegisterApplicationSetServiceHandlerClient(ctx context.Context, mux *runtim }) - mux.Handle("GET", pattern_ApplicationSetService_ResourceTree_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { - ctx, cancel := context.WithCancel(req.Context()) - defer cancel() - inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) - rctx, err := runtime.AnnotateContext(ctx, mux, req) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - resp, md, err := request_ApplicationSetService_ResourceTree_0(rctx, inboundMarshaler, client, req, pathParams) - ctx = runtime.NewServerMetadataContext(ctx, md) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - - forward_ApplicationSetService_ResourceTree_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) - - }) - return nil } @@ -610,8 +495,6 @@ var ( pattern_ApplicationSetService_Create_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "applicationsets"}, "", runtime.AssumeColonVerbOpt(true))) pattern_ApplicationSetService_Delete_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3}, []string{"api", "v1", "applicationsets", "name"}, "", runtime.AssumeColonVerbOpt(true))) - - pattern_ApplicationSetService_ResourceTree_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4}, []string{"api", "v1", "applicationsets", "name", "resource-tree"}, "", runtime.AssumeColonVerbOpt(true))) ) var ( @@ -622,6 +505,4 @@ var ( forward_ApplicationSetService_Create_0 = runtime.ForwardResponseMessage forward_ApplicationSetService_Delete_0 = runtime.ForwardResponseMessage - - forward_ApplicationSetService_ResourceTree_0 = runtime.ForwardResponseMessage ) diff --git a/pkg/apis/api-rules/violation_exceptions.list b/pkg/apis/api-rules/violation_exceptions.list index 847a3efaf8daa..5630d8d4bceb2 100644 --- a/pkg/apis/api-rules/violation_exceptions.list +++ b/pkg/apis/api-rules/violation_exceptions.list @@ -18,9 +18,7 @@ API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/ap API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetSpec,GoTemplateOptions API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetStatus,ApplicationStatus API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetStatus,Conditions -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetStatus,Resources API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetTemplateMeta,Finalizers -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetTree,Nodes API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSourceHelm,FileParameters API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSourceHelm,Parameters API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSourceHelm,ValueFiles diff --git a/pkg/apis/application/v1alpha1/applicationset_types.go b/pkg/apis/application/v1alpha1/applicationset_types.go index 0715f9c02e96d..389f421fed400 100644 --- a/pkg/apis/application/v1alpha1/applicationset_types.go +++ b/pkg/apis/application/v1alpha1/applicationset_types.go @@ -759,8 +759,6 @@ type ApplicationSetStatus struct { // Important: Run "make" to regenerate code after modifying this file Conditions []ApplicationSetCondition `json:"conditions,omitempty" protobuf:"bytes,1,name=conditions"` ApplicationStatus []ApplicationSetApplicationStatus `json:"applicationStatus,omitempty" protobuf:"bytes,2,name=applicationStatus"` - // Resources is a list of Applications resources managed by this application set. - Resources []ResourceStatus `json:"resources,omitempty" protobuf:"bytes,3,opt,name=resources"` } // ApplicationSetCondition contains details about an applicationset condition, which is usally an error or warning @@ -846,21 +844,6 @@ type ApplicationSetList struct { Items []ApplicationSet `json:"items" protobuf:"bytes,2,rep,name=items"` } -// ApplicationSetTree holds nodes which belongs to the application -// Used to build a tree of an ApplicationSet and its children -type ApplicationSetTree struct { - // Nodes contains list of nodes which are directly managed by the applicationset - Nodes []ResourceNode `json:"nodes,omitempty" protobuf:"bytes,1,rep,name=nodes"` -} - -// Normalize sorts applicationset tree nodes. The persistent order allows to -// effectively compare previously cached app tree and allows to unnecessary Redis requests. -func (t *ApplicationSetTree) Normalize() { - sort.Slice(t.Nodes, func(i, j int) bool { - return t.Nodes[i].FullName() < t.Nodes[j].FullName() - }) -} - // func init() { // SchemeBuilder.Register(&ApplicationSet{}, &ApplicationSetList{}) // } diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index 24d8e7c920ed2..aed1ef619b350 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -797,38 +797,10 @@ func (m *ApplicationSetTerminalGenerator) XXX_DiscardUnknown() { var xxx_messageInfo_ApplicationSetTerminalGenerator proto.InternalMessageInfo -func (m *ApplicationSetTree) Reset() { *m = ApplicationSetTree{} } -func (*ApplicationSetTree) ProtoMessage() {} -func (*ApplicationSetTree) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{27} -} -func (m *ApplicationSetTree) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *ApplicationSetTree) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *ApplicationSetTree) XXX_Merge(src proto.Message) { - xxx_messageInfo_ApplicationSetTree.Merge(m, src) -} -func (m *ApplicationSetTree) XXX_Size() int { - return m.Size() -} -func (m *ApplicationSetTree) XXX_DiscardUnknown() { - xxx_messageInfo_ApplicationSetTree.DiscardUnknown(m) -} - -var xxx_messageInfo_ApplicationSetTree proto.InternalMessageInfo - func (m *ApplicationSource) Reset() { *m = ApplicationSource{} } func (*ApplicationSource) ProtoMessage() {} func (*ApplicationSource) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{28} + return fileDescriptor_030104ce3b95bcac, []int{27} } func (m *ApplicationSource) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -856,7 +828,7 @@ var xxx_messageInfo_ApplicationSource proto.InternalMessageInfo func (m *ApplicationSourceDirectory) Reset() { *m = ApplicationSourceDirectory{} } func (*ApplicationSourceDirectory) ProtoMessage() {} func (*ApplicationSourceDirectory) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{29} + return fileDescriptor_030104ce3b95bcac, []int{28} } func (m *ApplicationSourceDirectory) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -884,7 +856,7 @@ var xxx_messageInfo_ApplicationSourceDirectory proto.InternalMessageInfo func (m *ApplicationSourceHelm) Reset() { *m = ApplicationSourceHelm{} } func (*ApplicationSourceHelm) ProtoMessage() {} func (*ApplicationSourceHelm) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{30} + return fileDescriptor_030104ce3b95bcac, []int{29} } func (m *ApplicationSourceHelm) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -912,7 +884,7 @@ var xxx_messageInfo_ApplicationSourceHelm proto.InternalMessageInfo func (m *ApplicationSourceJsonnet) Reset() { *m = ApplicationSourceJsonnet{} } func (*ApplicationSourceJsonnet) ProtoMessage() {} func (*ApplicationSourceJsonnet) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{31} + return fileDescriptor_030104ce3b95bcac, []int{30} } func (m *ApplicationSourceJsonnet) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -940,7 +912,7 @@ var xxx_messageInfo_ApplicationSourceJsonnet proto.InternalMessageInfo func (m *ApplicationSourceKustomize) Reset() { *m = ApplicationSourceKustomize{} } func (*ApplicationSourceKustomize) ProtoMessage() {} func (*ApplicationSourceKustomize) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{32} + return fileDescriptor_030104ce3b95bcac, []int{31} } func (m *ApplicationSourceKustomize) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -968,7 +940,7 @@ var xxx_messageInfo_ApplicationSourceKustomize proto.InternalMessageInfo func (m *ApplicationSourcePlugin) Reset() { *m = ApplicationSourcePlugin{} } func (*ApplicationSourcePlugin) ProtoMessage() {} func (*ApplicationSourcePlugin) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{33} + return fileDescriptor_030104ce3b95bcac, []int{32} } func (m *ApplicationSourcePlugin) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -996,7 +968,7 @@ var xxx_messageInfo_ApplicationSourcePlugin proto.InternalMessageInfo func (m *ApplicationSourcePluginParameter) Reset() { *m = ApplicationSourcePluginParameter{} } func (*ApplicationSourcePluginParameter) ProtoMessage() {} func (*ApplicationSourcePluginParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{34} + return fileDescriptor_030104ce3b95bcac, []int{33} } func (m *ApplicationSourcePluginParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1024,7 +996,7 @@ var xxx_messageInfo_ApplicationSourcePluginParameter proto.InternalMessageInfo func (m *ApplicationSpec) Reset() { *m = ApplicationSpec{} } func (*ApplicationSpec) ProtoMessage() {} func (*ApplicationSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{35} + return fileDescriptor_030104ce3b95bcac, []int{34} } func (m *ApplicationSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1052,7 +1024,7 @@ var xxx_messageInfo_ApplicationSpec proto.InternalMessageInfo func (m *ApplicationStatus) Reset() { *m = ApplicationStatus{} } func (*ApplicationStatus) ProtoMessage() {} func (*ApplicationStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{36} + return fileDescriptor_030104ce3b95bcac, []int{35} } func (m *ApplicationStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1080,7 +1052,7 @@ var xxx_messageInfo_ApplicationStatus proto.InternalMessageInfo func (m *ApplicationSummary) Reset() { *m = ApplicationSummary{} } func (*ApplicationSummary) ProtoMessage() {} func (*ApplicationSummary) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{37} + return fileDescriptor_030104ce3b95bcac, []int{36} } func (m *ApplicationSummary) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1108,7 +1080,7 @@ var xxx_messageInfo_ApplicationSummary proto.InternalMessageInfo func (m *ApplicationTree) Reset() { *m = ApplicationTree{} } func (*ApplicationTree) ProtoMessage() {} func (*ApplicationTree) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{38} + return fileDescriptor_030104ce3b95bcac, []int{37} } func (m *ApplicationTree) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1136,7 +1108,7 @@ var xxx_messageInfo_ApplicationTree proto.InternalMessageInfo func (m *ApplicationWatchEvent) Reset() { *m = ApplicationWatchEvent{} } func (*ApplicationWatchEvent) ProtoMessage() {} func (*ApplicationWatchEvent) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{39} + return fileDescriptor_030104ce3b95bcac, []int{38} } func (m *ApplicationWatchEvent) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1164,7 +1136,7 @@ var xxx_messageInfo_ApplicationWatchEvent proto.InternalMessageInfo func (m *Backoff) Reset() { *m = Backoff{} } func (*Backoff) ProtoMessage() {} func (*Backoff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{40} + return fileDescriptor_030104ce3b95bcac, []int{39} } func (m *Backoff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1192,7 +1164,7 @@ var xxx_messageInfo_Backoff proto.InternalMessageInfo func (m *BasicAuthBitbucketServer) Reset() { *m = BasicAuthBitbucketServer{} } func (*BasicAuthBitbucketServer) ProtoMessage() {} func (*BasicAuthBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{41} + return fileDescriptor_030104ce3b95bcac, []int{40} } func (m *BasicAuthBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1220,7 +1192,7 @@ var xxx_messageInfo_BasicAuthBitbucketServer proto.InternalMessageInfo func (m *BearerTokenBitbucketCloud) Reset() { *m = BearerTokenBitbucketCloud{} } func (*BearerTokenBitbucketCloud) ProtoMessage() {} func (*BearerTokenBitbucketCloud) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{42} + return fileDescriptor_030104ce3b95bcac, []int{41} } func (m *BearerTokenBitbucketCloud) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1248,7 +1220,7 @@ var xxx_messageInfo_BearerTokenBitbucketCloud proto.InternalMessageInfo func (m *ChartDetails) Reset() { *m = ChartDetails{} } func (*ChartDetails) ProtoMessage() {} func (*ChartDetails) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{43} + return fileDescriptor_030104ce3b95bcac, []int{42} } func (m *ChartDetails) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1276,7 +1248,7 @@ var xxx_messageInfo_ChartDetails proto.InternalMessageInfo func (m *Cluster) Reset() { *m = Cluster{} } func (*Cluster) ProtoMessage() {} func (*Cluster) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{44} + return fileDescriptor_030104ce3b95bcac, []int{43} } func (m *Cluster) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1304,7 +1276,7 @@ var xxx_messageInfo_Cluster proto.InternalMessageInfo func (m *ClusterCacheInfo) Reset() { *m = ClusterCacheInfo{} } func (*ClusterCacheInfo) ProtoMessage() {} func (*ClusterCacheInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{45} + return fileDescriptor_030104ce3b95bcac, []int{44} } func (m *ClusterCacheInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1332,7 +1304,7 @@ var xxx_messageInfo_ClusterCacheInfo proto.InternalMessageInfo func (m *ClusterConfig) Reset() { *m = ClusterConfig{} } func (*ClusterConfig) ProtoMessage() {} func (*ClusterConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{46} + return fileDescriptor_030104ce3b95bcac, []int{45} } func (m *ClusterConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1360,7 +1332,7 @@ var xxx_messageInfo_ClusterConfig proto.InternalMessageInfo func (m *ClusterGenerator) Reset() { *m = ClusterGenerator{} } func (*ClusterGenerator) ProtoMessage() {} func (*ClusterGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{47} + return fileDescriptor_030104ce3b95bcac, []int{46} } func (m *ClusterGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1388,7 +1360,7 @@ var xxx_messageInfo_ClusterGenerator proto.InternalMessageInfo func (m *ClusterInfo) Reset() { *m = ClusterInfo{} } func (*ClusterInfo) ProtoMessage() {} func (*ClusterInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{48} + return fileDescriptor_030104ce3b95bcac, []int{47} } func (m *ClusterInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1416,7 +1388,7 @@ var xxx_messageInfo_ClusterInfo proto.InternalMessageInfo func (m *ClusterList) Reset() { *m = ClusterList{} } func (*ClusterList) ProtoMessage() {} func (*ClusterList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{49} + return fileDescriptor_030104ce3b95bcac, []int{48} } func (m *ClusterList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1444,7 +1416,7 @@ var xxx_messageInfo_ClusterList proto.InternalMessageInfo func (m *Command) Reset() { *m = Command{} } func (*Command) ProtoMessage() {} func (*Command) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{50} + return fileDescriptor_030104ce3b95bcac, []int{49} } func (m *Command) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1472,7 +1444,7 @@ var xxx_messageInfo_Command proto.InternalMessageInfo func (m *ComparedTo) Reset() { *m = ComparedTo{} } func (*ComparedTo) ProtoMessage() {} func (*ComparedTo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{51} + return fileDescriptor_030104ce3b95bcac, []int{50} } func (m *ComparedTo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1500,7 +1472,7 @@ var xxx_messageInfo_ComparedTo proto.InternalMessageInfo func (m *ComponentParameter) Reset() { *m = ComponentParameter{} } func (*ComponentParameter) ProtoMessage() {} func (*ComponentParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{52} + return fileDescriptor_030104ce3b95bcac, []int{51} } func (m *ComponentParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1528,7 +1500,7 @@ var xxx_messageInfo_ComponentParameter proto.InternalMessageInfo func (m *ConfigManagementPlugin) Reset() { *m = ConfigManagementPlugin{} } func (*ConfigManagementPlugin) ProtoMessage() {} func (*ConfigManagementPlugin) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{53} + return fileDescriptor_030104ce3b95bcac, []int{52} } func (m *ConfigManagementPlugin) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1556,7 +1528,7 @@ var xxx_messageInfo_ConfigManagementPlugin proto.InternalMessageInfo func (m *ConnectionState) Reset() { *m = ConnectionState{} } func (*ConnectionState) ProtoMessage() {} func (*ConnectionState) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{54} + return fileDescriptor_030104ce3b95bcac, []int{53} } func (m *ConnectionState) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1584,7 +1556,7 @@ var xxx_messageInfo_ConnectionState proto.InternalMessageInfo func (m *DuckTypeGenerator) Reset() { *m = DuckTypeGenerator{} } func (*DuckTypeGenerator) ProtoMessage() {} func (*DuckTypeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{55} + return fileDescriptor_030104ce3b95bcac, []int{54} } func (m *DuckTypeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1612,7 +1584,7 @@ var xxx_messageInfo_DuckTypeGenerator proto.InternalMessageInfo func (m *EnvEntry) Reset() { *m = EnvEntry{} } func (*EnvEntry) ProtoMessage() {} func (*EnvEntry) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{56} + return fileDescriptor_030104ce3b95bcac, []int{55} } func (m *EnvEntry) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1640,7 +1612,7 @@ var xxx_messageInfo_EnvEntry proto.InternalMessageInfo func (m *ErrApplicationNotAllowedToUseProject) Reset() { *m = ErrApplicationNotAllowedToUseProject{} } func (*ErrApplicationNotAllowedToUseProject) ProtoMessage() {} func (*ErrApplicationNotAllowedToUseProject) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{57} + return fileDescriptor_030104ce3b95bcac, []int{56} } func (m *ErrApplicationNotAllowedToUseProject) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1668,7 +1640,7 @@ var xxx_messageInfo_ErrApplicationNotAllowedToUseProject proto.InternalMessageIn func (m *ExecProviderConfig) Reset() { *m = ExecProviderConfig{} } func (*ExecProviderConfig) ProtoMessage() {} func (*ExecProviderConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{58} + return fileDescriptor_030104ce3b95bcac, []int{57} } func (m *ExecProviderConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1696,7 +1668,7 @@ var xxx_messageInfo_ExecProviderConfig proto.InternalMessageInfo func (m *GitDirectoryGeneratorItem) Reset() { *m = GitDirectoryGeneratorItem{} } func (*GitDirectoryGeneratorItem) ProtoMessage() {} func (*GitDirectoryGeneratorItem) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{59} + return fileDescriptor_030104ce3b95bcac, []int{58} } func (m *GitDirectoryGeneratorItem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1724,7 +1696,7 @@ var xxx_messageInfo_GitDirectoryGeneratorItem proto.InternalMessageInfo func (m *GitFileGeneratorItem) Reset() { *m = GitFileGeneratorItem{} } func (*GitFileGeneratorItem) ProtoMessage() {} func (*GitFileGeneratorItem) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{60} + return fileDescriptor_030104ce3b95bcac, []int{59} } func (m *GitFileGeneratorItem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1752,7 +1724,7 @@ var xxx_messageInfo_GitFileGeneratorItem proto.InternalMessageInfo func (m *GitGenerator) Reset() { *m = GitGenerator{} } func (*GitGenerator) ProtoMessage() {} func (*GitGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{61} + return fileDescriptor_030104ce3b95bcac, []int{60} } func (m *GitGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1780,7 +1752,7 @@ var xxx_messageInfo_GitGenerator proto.InternalMessageInfo func (m *GnuPGPublicKey) Reset() { *m = GnuPGPublicKey{} } func (*GnuPGPublicKey) ProtoMessage() {} func (*GnuPGPublicKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{62} + return fileDescriptor_030104ce3b95bcac, []int{61} } func (m *GnuPGPublicKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1808,7 +1780,7 @@ var xxx_messageInfo_GnuPGPublicKey proto.InternalMessageInfo func (m *GnuPGPublicKeyList) Reset() { *m = GnuPGPublicKeyList{} } func (*GnuPGPublicKeyList) ProtoMessage() {} func (*GnuPGPublicKeyList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{63} + return fileDescriptor_030104ce3b95bcac, []int{62} } func (m *GnuPGPublicKeyList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1836,7 +1808,7 @@ var xxx_messageInfo_GnuPGPublicKeyList proto.InternalMessageInfo func (m *HealthStatus) Reset() { *m = HealthStatus{} } func (*HealthStatus) ProtoMessage() {} func (*HealthStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{64} + return fileDescriptor_030104ce3b95bcac, []int{63} } func (m *HealthStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1864,7 +1836,7 @@ var xxx_messageInfo_HealthStatus proto.InternalMessageInfo func (m *HelmFileParameter) Reset() { *m = HelmFileParameter{} } func (*HelmFileParameter) ProtoMessage() {} func (*HelmFileParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{65} + return fileDescriptor_030104ce3b95bcac, []int{64} } func (m *HelmFileParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1892,7 +1864,7 @@ var xxx_messageInfo_HelmFileParameter proto.InternalMessageInfo func (m *HelmOptions) Reset() { *m = HelmOptions{} } func (*HelmOptions) ProtoMessage() {} func (*HelmOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{66} + return fileDescriptor_030104ce3b95bcac, []int{65} } func (m *HelmOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1920,7 +1892,7 @@ var xxx_messageInfo_HelmOptions proto.InternalMessageInfo func (m *HelmParameter) Reset() { *m = HelmParameter{} } func (*HelmParameter) ProtoMessage() {} func (*HelmParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{67} + return fileDescriptor_030104ce3b95bcac, []int{66} } func (m *HelmParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1948,7 +1920,7 @@ var xxx_messageInfo_HelmParameter proto.InternalMessageInfo func (m *HostInfo) Reset() { *m = HostInfo{} } func (*HostInfo) ProtoMessage() {} func (*HostInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{68} + return fileDescriptor_030104ce3b95bcac, []int{67} } func (m *HostInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1976,7 +1948,7 @@ var xxx_messageInfo_HostInfo proto.InternalMessageInfo func (m *HostResourceInfo) Reset() { *m = HostResourceInfo{} } func (*HostResourceInfo) ProtoMessage() {} func (*HostResourceInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{69} + return fileDescriptor_030104ce3b95bcac, []int{68} } func (m *HostResourceInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2004,7 +1976,7 @@ var xxx_messageInfo_HostResourceInfo proto.InternalMessageInfo func (m *Info) Reset() { *m = Info{} } func (*Info) ProtoMessage() {} func (*Info) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{70} + return fileDescriptor_030104ce3b95bcac, []int{69} } func (m *Info) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2032,7 +2004,7 @@ var xxx_messageInfo_Info proto.InternalMessageInfo func (m *InfoItem) Reset() { *m = InfoItem{} } func (*InfoItem) ProtoMessage() {} func (*InfoItem) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{71} + return fileDescriptor_030104ce3b95bcac, []int{70} } func (m *InfoItem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2060,7 +2032,7 @@ var xxx_messageInfo_InfoItem proto.InternalMessageInfo func (m *JWTToken) Reset() { *m = JWTToken{} } func (*JWTToken) ProtoMessage() {} func (*JWTToken) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{72} + return fileDescriptor_030104ce3b95bcac, []int{71} } func (m *JWTToken) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2088,7 +2060,7 @@ var xxx_messageInfo_JWTToken proto.InternalMessageInfo func (m *JWTTokens) Reset() { *m = JWTTokens{} } func (*JWTTokens) ProtoMessage() {} func (*JWTTokens) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{73} + return fileDescriptor_030104ce3b95bcac, []int{72} } func (m *JWTTokens) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2116,7 +2088,7 @@ var xxx_messageInfo_JWTTokens proto.InternalMessageInfo func (m *JsonnetVar) Reset() { *m = JsonnetVar{} } func (*JsonnetVar) ProtoMessage() {} func (*JsonnetVar) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{74} + return fileDescriptor_030104ce3b95bcac, []int{73} } func (m *JsonnetVar) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2144,7 +2116,7 @@ var xxx_messageInfo_JsonnetVar proto.InternalMessageInfo func (m *KnownTypeField) Reset() { *m = KnownTypeField{} } func (*KnownTypeField) ProtoMessage() {} func (*KnownTypeField) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{75} + return fileDescriptor_030104ce3b95bcac, []int{74} } func (m *KnownTypeField) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2172,7 +2144,7 @@ var xxx_messageInfo_KnownTypeField proto.InternalMessageInfo func (m *KustomizeGvk) Reset() { *m = KustomizeGvk{} } func (*KustomizeGvk) ProtoMessage() {} func (*KustomizeGvk) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{76} + return fileDescriptor_030104ce3b95bcac, []int{75} } func (m *KustomizeGvk) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2200,7 +2172,7 @@ var xxx_messageInfo_KustomizeGvk proto.InternalMessageInfo func (m *KustomizeOptions) Reset() { *m = KustomizeOptions{} } func (*KustomizeOptions) ProtoMessage() {} func (*KustomizeOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{77} + return fileDescriptor_030104ce3b95bcac, []int{76} } func (m *KustomizeOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2228,7 +2200,7 @@ var xxx_messageInfo_KustomizeOptions proto.InternalMessageInfo func (m *KustomizePatch) Reset() { *m = KustomizePatch{} } func (*KustomizePatch) ProtoMessage() {} func (*KustomizePatch) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{78} + return fileDescriptor_030104ce3b95bcac, []int{77} } func (m *KustomizePatch) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2256,7 +2228,7 @@ var xxx_messageInfo_KustomizePatch proto.InternalMessageInfo func (m *KustomizeReplica) Reset() { *m = KustomizeReplica{} } func (*KustomizeReplica) ProtoMessage() {} func (*KustomizeReplica) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{79} + return fileDescriptor_030104ce3b95bcac, []int{78} } func (m *KustomizeReplica) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2284,7 +2256,7 @@ var xxx_messageInfo_KustomizeReplica proto.InternalMessageInfo func (m *KustomizeResId) Reset() { *m = KustomizeResId{} } func (*KustomizeResId) ProtoMessage() {} func (*KustomizeResId) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{80} + return fileDescriptor_030104ce3b95bcac, []int{79} } func (m *KustomizeResId) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2312,7 +2284,7 @@ var xxx_messageInfo_KustomizeResId proto.InternalMessageInfo func (m *KustomizeSelector) Reset() { *m = KustomizeSelector{} } func (*KustomizeSelector) ProtoMessage() {} func (*KustomizeSelector) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{81} + return fileDescriptor_030104ce3b95bcac, []int{80} } func (m *KustomizeSelector) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2340,7 +2312,7 @@ var xxx_messageInfo_KustomizeSelector proto.InternalMessageInfo func (m *ListGenerator) Reset() { *m = ListGenerator{} } func (*ListGenerator) ProtoMessage() {} func (*ListGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{82} + return fileDescriptor_030104ce3b95bcac, []int{81} } func (m *ListGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2368,7 +2340,7 @@ var xxx_messageInfo_ListGenerator proto.InternalMessageInfo func (m *ManagedNamespaceMetadata) Reset() { *m = ManagedNamespaceMetadata{} } func (*ManagedNamespaceMetadata) ProtoMessage() {} func (*ManagedNamespaceMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{83} + return fileDescriptor_030104ce3b95bcac, []int{82} } func (m *ManagedNamespaceMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2396,7 +2368,7 @@ var xxx_messageInfo_ManagedNamespaceMetadata proto.InternalMessageInfo func (m *MatrixGenerator) Reset() { *m = MatrixGenerator{} } func (*MatrixGenerator) ProtoMessage() {} func (*MatrixGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{84} + return fileDescriptor_030104ce3b95bcac, []int{83} } func (m *MatrixGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2424,7 +2396,7 @@ var xxx_messageInfo_MatrixGenerator proto.InternalMessageInfo func (m *MergeGenerator) Reset() { *m = MergeGenerator{} } func (*MergeGenerator) ProtoMessage() {} func (*MergeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{85} + return fileDescriptor_030104ce3b95bcac, []int{84} } func (m *MergeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2452,7 +2424,7 @@ var xxx_messageInfo_MergeGenerator proto.InternalMessageInfo func (m *NestedMatrixGenerator) Reset() { *m = NestedMatrixGenerator{} } func (*NestedMatrixGenerator) ProtoMessage() {} func (*NestedMatrixGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{86} + return fileDescriptor_030104ce3b95bcac, []int{85} } func (m *NestedMatrixGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2480,7 +2452,7 @@ var xxx_messageInfo_NestedMatrixGenerator proto.InternalMessageInfo func (m *NestedMergeGenerator) Reset() { *m = NestedMergeGenerator{} } func (*NestedMergeGenerator) ProtoMessage() {} func (*NestedMergeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{87} + return fileDescriptor_030104ce3b95bcac, []int{86} } func (m *NestedMergeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2508,7 +2480,7 @@ var xxx_messageInfo_NestedMergeGenerator proto.InternalMessageInfo func (m *Operation) Reset() { *m = Operation{} } func (*Operation) ProtoMessage() {} func (*Operation) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{88} + return fileDescriptor_030104ce3b95bcac, []int{87} } func (m *Operation) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2536,7 +2508,7 @@ var xxx_messageInfo_Operation proto.InternalMessageInfo func (m *OperationInitiator) Reset() { *m = OperationInitiator{} } func (*OperationInitiator) ProtoMessage() {} func (*OperationInitiator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{89} + return fileDescriptor_030104ce3b95bcac, []int{88} } func (m *OperationInitiator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2564,7 +2536,7 @@ var xxx_messageInfo_OperationInitiator proto.InternalMessageInfo func (m *OperationState) Reset() { *m = OperationState{} } func (*OperationState) ProtoMessage() {} func (*OperationState) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{90} + return fileDescriptor_030104ce3b95bcac, []int{89} } func (m *OperationState) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2592,7 +2564,7 @@ var xxx_messageInfo_OperationState proto.InternalMessageInfo func (m *OptionalArray) Reset() { *m = OptionalArray{} } func (*OptionalArray) ProtoMessage() {} func (*OptionalArray) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{91} + return fileDescriptor_030104ce3b95bcac, []int{90} } func (m *OptionalArray) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2620,7 +2592,7 @@ var xxx_messageInfo_OptionalArray proto.InternalMessageInfo func (m *OptionalMap) Reset() { *m = OptionalMap{} } func (*OptionalMap) ProtoMessage() {} func (*OptionalMap) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{92} + return fileDescriptor_030104ce3b95bcac, []int{91} } func (m *OptionalMap) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2648,7 +2620,7 @@ var xxx_messageInfo_OptionalMap proto.InternalMessageInfo func (m *OrphanedResourceKey) Reset() { *m = OrphanedResourceKey{} } func (*OrphanedResourceKey) ProtoMessage() {} func (*OrphanedResourceKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{93} + return fileDescriptor_030104ce3b95bcac, []int{92} } func (m *OrphanedResourceKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2676,7 +2648,7 @@ var xxx_messageInfo_OrphanedResourceKey proto.InternalMessageInfo func (m *OrphanedResourcesMonitorSettings) Reset() { *m = OrphanedResourcesMonitorSettings{} } func (*OrphanedResourcesMonitorSettings) ProtoMessage() {} func (*OrphanedResourcesMonitorSettings) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{94} + return fileDescriptor_030104ce3b95bcac, []int{93} } func (m *OrphanedResourcesMonitorSettings) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2704,7 +2676,7 @@ var xxx_messageInfo_OrphanedResourcesMonitorSettings proto.InternalMessageInfo func (m *OverrideIgnoreDiff) Reset() { *m = OverrideIgnoreDiff{} } func (*OverrideIgnoreDiff) ProtoMessage() {} func (*OverrideIgnoreDiff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{95} + return fileDescriptor_030104ce3b95bcac, []int{94} } func (m *OverrideIgnoreDiff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2732,7 +2704,7 @@ var xxx_messageInfo_OverrideIgnoreDiff proto.InternalMessageInfo func (m *PluginConfigMapRef) Reset() { *m = PluginConfigMapRef{} } func (*PluginConfigMapRef) ProtoMessage() {} func (*PluginConfigMapRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{96} + return fileDescriptor_030104ce3b95bcac, []int{95} } func (m *PluginConfigMapRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2760,7 +2732,7 @@ var xxx_messageInfo_PluginConfigMapRef proto.InternalMessageInfo func (m *PluginGenerator) Reset() { *m = PluginGenerator{} } func (*PluginGenerator) ProtoMessage() {} func (*PluginGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{97} + return fileDescriptor_030104ce3b95bcac, []int{96} } func (m *PluginGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2788,7 +2760,7 @@ var xxx_messageInfo_PluginGenerator proto.InternalMessageInfo func (m *PluginInput) Reset() { *m = PluginInput{} } func (*PluginInput) ProtoMessage() {} func (*PluginInput) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{98} + return fileDescriptor_030104ce3b95bcac, []int{97} } func (m *PluginInput) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2816,7 +2788,7 @@ var xxx_messageInfo_PluginInput proto.InternalMessageInfo func (m *ProjectRole) Reset() { *m = ProjectRole{} } func (*ProjectRole) ProtoMessage() {} func (*ProjectRole) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{99} + return fileDescriptor_030104ce3b95bcac, []int{98} } func (m *ProjectRole) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2844,7 +2816,7 @@ var xxx_messageInfo_ProjectRole proto.InternalMessageInfo func (m *PullRequestGenerator) Reset() { *m = PullRequestGenerator{} } func (*PullRequestGenerator) ProtoMessage() {} func (*PullRequestGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{100} + return fileDescriptor_030104ce3b95bcac, []int{99} } func (m *PullRequestGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2872,7 +2844,7 @@ var xxx_messageInfo_PullRequestGenerator proto.InternalMessageInfo func (m *PullRequestGeneratorAzureDevOps) Reset() { *m = PullRequestGeneratorAzureDevOps{} } func (*PullRequestGeneratorAzureDevOps) ProtoMessage() {} func (*PullRequestGeneratorAzureDevOps) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{101} + return fileDescriptor_030104ce3b95bcac, []int{100} } func (m *PullRequestGeneratorAzureDevOps) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2900,7 +2872,7 @@ var xxx_messageInfo_PullRequestGeneratorAzureDevOps proto.InternalMessageInfo func (m *PullRequestGeneratorBitbucket) Reset() { *m = PullRequestGeneratorBitbucket{} } func (*PullRequestGeneratorBitbucket) ProtoMessage() {} func (*PullRequestGeneratorBitbucket) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{102} + return fileDescriptor_030104ce3b95bcac, []int{101} } func (m *PullRequestGeneratorBitbucket) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2928,7 +2900,7 @@ var xxx_messageInfo_PullRequestGeneratorBitbucket proto.InternalMessageInfo func (m *PullRequestGeneratorBitbucketServer) Reset() { *m = PullRequestGeneratorBitbucketServer{} } func (*PullRequestGeneratorBitbucketServer) ProtoMessage() {} func (*PullRequestGeneratorBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{103} + return fileDescriptor_030104ce3b95bcac, []int{102} } func (m *PullRequestGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2956,7 +2928,7 @@ var xxx_messageInfo_PullRequestGeneratorBitbucketServer proto.InternalMessageInf func (m *PullRequestGeneratorFilter) Reset() { *m = PullRequestGeneratorFilter{} } func (*PullRequestGeneratorFilter) ProtoMessage() {} func (*PullRequestGeneratorFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{104} + return fileDescriptor_030104ce3b95bcac, []int{103} } func (m *PullRequestGeneratorFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2984,7 +2956,7 @@ var xxx_messageInfo_PullRequestGeneratorFilter proto.InternalMessageInfo func (m *PullRequestGeneratorGitLab) Reset() { *m = PullRequestGeneratorGitLab{} } func (*PullRequestGeneratorGitLab) ProtoMessage() {} func (*PullRequestGeneratorGitLab) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{105} + return fileDescriptor_030104ce3b95bcac, []int{104} } func (m *PullRequestGeneratorGitLab) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3012,7 +2984,7 @@ var xxx_messageInfo_PullRequestGeneratorGitLab proto.InternalMessageInfo func (m *PullRequestGeneratorGitea) Reset() { *m = PullRequestGeneratorGitea{} } func (*PullRequestGeneratorGitea) ProtoMessage() {} func (*PullRequestGeneratorGitea) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{106} + return fileDescriptor_030104ce3b95bcac, []int{105} } func (m *PullRequestGeneratorGitea) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3040,7 +3012,7 @@ var xxx_messageInfo_PullRequestGeneratorGitea proto.InternalMessageInfo func (m *PullRequestGeneratorGithub) Reset() { *m = PullRequestGeneratorGithub{} } func (*PullRequestGeneratorGithub) ProtoMessage() {} func (*PullRequestGeneratorGithub) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{107} + return fileDescriptor_030104ce3b95bcac, []int{106} } func (m *PullRequestGeneratorGithub) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3068,7 +3040,7 @@ var xxx_messageInfo_PullRequestGeneratorGithub proto.InternalMessageInfo func (m *RefTarget) Reset() { *m = RefTarget{} } func (*RefTarget) ProtoMessage() {} func (*RefTarget) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{108} + return fileDescriptor_030104ce3b95bcac, []int{107} } func (m *RefTarget) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3096,7 +3068,7 @@ var xxx_messageInfo_RefTarget proto.InternalMessageInfo func (m *RepoCreds) Reset() { *m = RepoCreds{} } func (*RepoCreds) ProtoMessage() {} func (*RepoCreds) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{109} + return fileDescriptor_030104ce3b95bcac, []int{108} } func (m *RepoCreds) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3124,7 +3096,7 @@ var xxx_messageInfo_RepoCreds proto.InternalMessageInfo func (m *RepoCredsList) Reset() { *m = RepoCredsList{} } func (*RepoCredsList) ProtoMessage() {} func (*RepoCredsList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{110} + return fileDescriptor_030104ce3b95bcac, []int{109} } func (m *RepoCredsList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3152,7 +3124,7 @@ var xxx_messageInfo_RepoCredsList proto.InternalMessageInfo func (m *Repository) Reset() { *m = Repository{} } func (*Repository) ProtoMessage() {} func (*Repository) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{111} + return fileDescriptor_030104ce3b95bcac, []int{110} } func (m *Repository) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3180,7 +3152,7 @@ var xxx_messageInfo_Repository proto.InternalMessageInfo func (m *RepositoryCertificate) Reset() { *m = RepositoryCertificate{} } func (*RepositoryCertificate) ProtoMessage() {} func (*RepositoryCertificate) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{112} + return fileDescriptor_030104ce3b95bcac, []int{111} } func (m *RepositoryCertificate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3208,7 +3180,7 @@ var xxx_messageInfo_RepositoryCertificate proto.InternalMessageInfo func (m *RepositoryCertificateList) Reset() { *m = RepositoryCertificateList{} } func (*RepositoryCertificateList) ProtoMessage() {} func (*RepositoryCertificateList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{113} + return fileDescriptor_030104ce3b95bcac, []int{112} } func (m *RepositoryCertificateList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3236,7 +3208,7 @@ var xxx_messageInfo_RepositoryCertificateList proto.InternalMessageInfo func (m *RepositoryList) Reset() { *m = RepositoryList{} } func (*RepositoryList) ProtoMessage() {} func (*RepositoryList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{114} + return fileDescriptor_030104ce3b95bcac, []int{113} } func (m *RepositoryList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3264,7 +3236,7 @@ var xxx_messageInfo_RepositoryList proto.InternalMessageInfo func (m *ResourceAction) Reset() { *m = ResourceAction{} } func (*ResourceAction) ProtoMessage() {} func (*ResourceAction) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{115} + return fileDescriptor_030104ce3b95bcac, []int{114} } func (m *ResourceAction) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3292,7 +3264,7 @@ var xxx_messageInfo_ResourceAction proto.InternalMessageInfo func (m *ResourceActionDefinition) Reset() { *m = ResourceActionDefinition{} } func (*ResourceActionDefinition) ProtoMessage() {} func (*ResourceActionDefinition) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{116} + return fileDescriptor_030104ce3b95bcac, []int{115} } func (m *ResourceActionDefinition) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3320,7 +3292,7 @@ var xxx_messageInfo_ResourceActionDefinition proto.InternalMessageInfo func (m *ResourceActionParam) Reset() { *m = ResourceActionParam{} } func (*ResourceActionParam) ProtoMessage() {} func (*ResourceActionParam) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{117} + return fileDescriptor_030104ce3b95bcac, []int{116} } func (m *ResourceActionParam) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3348,7 +3320,7 @@ var xxx_messageInfo_ResourceActionParam proto.InternalMessageInfo func (m *ResourceActions) Reset() { *m = ResourceActions{} } func (*ResourceActions) ProtoMessage() {} func (*ResourceActions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{118} + return fileDescriptor_030104ce3b95bcac, []int{117} } func (m *ResourceActions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3376,7 +3348,7 @@ var xxx_messageInfo_ResourceActions proto.InternalMessageInfo func (m *ResourceDiff) Reset() { *m = ResourceDiff{} } func (*ResourceDiff) ProtoMessage() {} func (*ResourceDiff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{119} + return fileDescriptor_030104ce3b95bcac, []int{118} } func (m *ResourceDiff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3404,7 +3376,7 @@ var xxx_messageInfo_ResourceDiff proto.InternalMessageInfo func (m *ResourceIgnoreDifferences) Reset() { *m = ResourceIgnoreDifferences{} } func (*ResourceIgnoreDifferences) ProtoMessage() {} func (*ResourceIgnoreDifferences) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{120} + return fileDescriptor_030104ce3b95bcac, []int{119} } func (m *ResourceIgnoreDifferences) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3432,7 +3404,7 @@ var xxx_messageInfo_ResourceIgnoreDifferences proto.InternalMessageInfo func (m *ResourceNetworkingInfo) Reset() { *m = ResourceNetworkingInfo{} } func (*ResourceNetworkingInfo) ProtoMessage() {} func (*ResourceNetworkingInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{121} + return fileDescriptor_030104ce3b95bcac, []int{120} } func (m *ResourceNetworkingInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3460,7 +3432,7 @@ var xxx_messageInfo_ResourceNetworkingInfo proto.InternalMessageInfo func (m *ResourceNode) Reset() { *m = ResourceNode{} } func (*ResourceNode) ProtoMessage() {} func (*ResourceNode) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{122} + return fileDescriptor_030104ce3b95bcac, []int{121} } func (m *ResourceNode) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3488,7 +3460,7 @@ var xxx_messageInfo_ResourceNode proto.InternalMessageInfo func (m *ResourceOverride) Reset() { *m = ResourceOverride{} } func (*ResourceOverride) ProtoMessage() {} func (*ResourceOverride) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{123} + return fileDescriptor_030104ce3b95bcac, []int{122} } func (m *ResourceOverride) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3516,7 +3488,7 @@ var xxx_messageInfo_ResourceOverride proto.InternalMessageInfo func (m *ResourceRef) Reset() { *m = ResourceRef{} } func (*ResourceRef) ProtoMessage() {} func (*ResourceRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{124} + return fileDescriptor_030104ce3b95bcac, []int{123} } func (m *ResourceRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3544,7 +3516,7 @@ var xxx_messageInfo_ResourceRef proto.InternalMessageInfo func (m *ResourceResult) Reset() { *m = ResourceResult{} } func (*ResourceResult) ProtoMessage() {} func (*ResourceResult) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{125} + return fileDescriptor_030104ce3b95bcac, []int{124} } func (m *ResourceResult) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3572,7 +3544,7 @@ var xxx_messageInfo_ResourceResult proto.InternalMessageInfo func (m *ResourceStatus) Reset() { *m = ResourceStatus{} } func (*ResourceStatus) ProtoMessage() {} func (*ResourceStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{126} + return fileDescriptor_030104ce3b95bcac, []int{125} } func (m *ResourceStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3600,7 +3572,7 @@ var xxx_messageInfo_ResourceStatus proto.InternalMessageInfo func (m *RetryStrategy) Reset() { *m = RetryStrategy{} } func (*RetryStrategy) ProtoMessage() {} func (*RetryStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{127} + return fileDescriptor_030104ce3b95bcac, []int{126} } func (m *RetryStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3628,7 +3600,7 @@ var xxx_messageInfo_RetryStrategy proto.InternalMessageInfo func (m *RevisionHistory) Reset() { *m = RevisionHistory{} } func (*RevisionHistory) ProtoMessage() {} func (*RevisionHistory) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{128} + return fileDescriptor_030104ce3b95bcac, []int{127} } func (m *RevisionHistory) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3656,7 +3628,7 @@ var xxx_messageInfo_RevisionHistory proto.InternalMessageInfo func (m *RevisionMetadata) Reset() { *m = RevisionMetadata{} } func (*RevisionMetadata) ProtoMessage() {} func (*RevisionMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{129} + return fileDescriptor_030104ce3b95bcac, []int{128} } func (m *RevisionMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3684,7 +3656,7 @@ var xxx_messageInfo_RevisionMetadata proto.InternalMessageInfo func (m *SCMProviderGenerator) Reset() { *m = SCMProviderGenerator{} } func (*SCMProviderGenerator) ProtoMessage() {} func (*SCMProviderGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{130} + return fileDescriptor_030104ce3b95bcac, []int{129} } func (m *SCMProviderGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3712,7 +3684,7 @@ var xxx_messageInfo_SCMProviderGenerator proto.InternalMessageInfo func (m *SCMProviderGeneratorAWSCodeCommit) Reset() { *m = SCMProviderGeneratorAWSCodeCommit{} } func (*SCMProviderGeneratorAWSCodeCommit) ProtoMessage() {} func (*SCMProviderGeneratorAWSCodeCommit) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{131} + return fileDescriptor_030104ce3b95bcac, []int{130} } func (m *SCMProviderGeneratorAWSCodeCommit) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3740,7 +3712,7 @@ var xxx_messageInfo_SCMProviderGeneratorAWSCodeCommit proto.InternalMessageInfo func (m *SCMProviderGeneratorAzureDevOps) Reset() { *m = SCMProviderGeneratorAzureDevOps{} } func (*SCMProviderGeneratorAzureDevOps) ProtoMessage() {} func (*SCMProviderGeneratorAzureDevOps) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{132} + return fileDescriptor_030104ce3b95bcac, []int{131} } func (m *SCMProviderGeneratorAzureDevOps) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3768,7 +3740,7 @@ var xxx_messageInfo_SCMProviderGeneratorAzureDevOps proto.InternalMessageInfo func (m *SCMProviderGeneratorBitbucket) Reset() { *m = SCMProviderGeneratorBitbucket{} } func (*SCMProviderGeneratorBitbucket) ProtoMessage() {} func (*SCMProviderGeneratorBitbucket) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{133} + return fileDescriptor_030104ce3b95bcac, []int{132} } func (m *SCMProviderGeneratorBitbucket) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3796,7 +3768,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucket proto.InternalMessageInfo func (m *SCMProviderGeneratorBitbucketServer) Reset() { *m = SCMProviderGeneratorBitbucketServer{} } func (*SCMProviderGeneratorBitbucketServer) ProtoMessage() {} func (*SCMProviderGeneratorBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{134} + return fileDescriptor_030104ce3b95bcac, []int{133} } func (m *SCMProviderGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3824,7 +3796,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucketServer proto.InternalMessageInf func (m *SCMProviderGeneratorFilter) Reset() { *m = SCMProviderGeneratorFilter{} } func (*SCMProviderGeneratorFilter) ProtoMessage() {} func (*SCMProviderGeneratorFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{135} + return fileDescriptor_030104ce3b95bcac, []int{134} } func (m *SCMProviderGeneratorFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3852,7 +3824,7 @@ var xxx_messageInfo_SCMProviderGeneratorFilter proto.InternalMessageInfo func (m *SCMProviderGeneratorGitea) Reset() { *m = SCMProviderGeneratorGitea{} } func (*SCMProviderGeneratorGitea) ProtoMessage() {} func (*SCMProviderGeneratorGitea) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{136} + return fileDescriptor_030104ce3b95bcac, []int{135} } func (m *SCMProviderGeneratorGitea) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3880,7 +3852,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitea proto.InternalMessageInfo func (m *SCMProviderGeneratorGithub) Reset() { *m = SCMProviderGeneratorGithub{} } func (*SCMProviderGeneratorGithub) ProtoMessage() {} func (*SCMProviderGeneratorGithub) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{137} + return fileDescriptor_030104ce3b95bcac, []int{136} } func (m *SCMProviderGeneratorGithub) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3908,7 +3880,7 @@ var xxx_messageInfo_SCMProviderGeneratorGithub proto.InternalMessageInfo func (m *SCMProviderGeneratorGitlab) Reset() { *m = SCMProviderGeneratorGitlab{} } func (*SCMProviderGeneratorGitlab) ProtoMessage() {} func (*SCMProviderGeneratorGitlab) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{138} + return fileDescriptor_030104ce3b95bcac, []int{137} } func (m *SCMProviderGeneratorGitlab) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3936,7 +3908,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitlab proto.InternalMessageInfo func (m *SecretRef) Reset() { *m = SecretRef{} } func (*SecretRef) ProtoMessage() {} func (*SecretRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{139} + return fileDescriptor_030104ce3b95bcac, []int{138} } func (m *SecretRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3964,7 +3936,7 @@ var xxx_messageInfo_SecretRef proto.InternalMessageInfo func (m *SignatureKey) Reset() { *m = SignatureKey{} } func (*SignatureKey) ProtoMessage() {} func (*SignatureKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{140} + return fileDescriptor_030104ce3b95bcac, []int{139} } func (m *SignatureKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3992,7 +3964,7 @@ var xxx_messageInfo_SignatureKey proto.InternalMessageInfo func (m *SyncOperation) Reset() { *m = SyncOperation{} } func (*SyncOperation) ProtoMessage() {} func (*SyncOperation) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{141} + return fileDescriptor_030104ce3b95bcac, []int{140} } func (m *SyncOperation) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4020,7 +3992,7 @@ var xxx_messageInfo_SyncOperation proto.InternalMessageInfo func (m *SyncOperationResource) Reset() { *m = SyncOperationResource{} } func (*SyncOperationResource) ProtoMessage() {} func (*SyncOperationResource) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{142} + return fileDescriptor_030104ce3b95bcac, []int{141} } func (m *SyncOperationResource) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4048,7 +4020,7 @@ var xxx_messageInfo_SyncOperationResource proto.InternalMessageInfo func (m *SyncOperationResult) Reset() { *m = SyncOperationResult{} } func (*SyncOperationResult) ProtoMessage() {} func (*SyncOperationResult) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{143} + return fileDescriptor_030104ce3b95bcac, []int{142} } func (m *SyncOperationResult) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4076,7 +4048,7 @@ var xxx_messageInfo_SyncOperationResult proto.InternalMessageInfo func (m *SyncPolicy) Reset() { *m = SyncPolicy{} } func (*SyncPolicy) ProtoMessage() {} func (*SyncPolicy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{144} + return fileDescriptor_030104ce3b95bcac, []int{143} } func (m *SyncPolicy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4104,7 +4076,7 @@ var xxx_messageInfo_SyncPolicy proto.InternalMessageInfo func (m *SyncPolicyAutomated) Reset() { *m = SyncPolicyAutomated{} } func (*SyncPolicyAutomated) ProtoMessage() {} func (*SyncPolicyAutomated) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{145} + return fileDescriptor_030104ce3b95bcac, []int{144} } func (m *SyncPolicyAutomated) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4132,7 +4104,7 @@ var xxx_messageInfo_SyncPolicyAutomated proto.InternalMessageInfo func (m *SyncStatus) Reset() { *m = SyncStatus{} } func (*SyncStatus) ProtoMessage() {} func (*SyncStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{146} + return fileDescriptor_030104ce3b95bcac, []int{145} } func (m *SyncStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4160,7 +4132,7 @@ var xxx_messageInfo_SyncStatus proto.InternalMessageInfo func (m *SyncStrategy) Reset() { *m = SyncStrategy{} } func (*SyncStrategy) ProtoMessage() {} func (*SyncStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{147} + return fileDescriptor_030104ce3b95bcac, []int{146} } func (m *SyncStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4188,7 +4160,7 @@ var xxx_messageInfo_SyncStrategy proto.InternalMessageInfo func (m *SyncStrategyApply) Reset() { *m = SyncStrategyApply{} } func (*SyncStrategyApply) ProtoMessage() {} func (*SyncStrategyApply) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{148} + return fileDescriptor_030104ce3b95bcac, []int{147} } func (m *SyncStrategyApply) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4216,7 +4188,7 @@ var xxx_messageInfo_SyncStrategyApply proto.InternalMessageInfo func (m *SyncStrategyHook) Reset() { *m = SyncStrategyHook{} } func (*SyncStrategyHook) ProtoMessage() {} func (*SyncStrategyHook) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{149} + return fileDescriptor_030104ce3b95bcac, []int{148} } func (m *SyncStrategyHook) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4244,7 +4216,7 @@ var xxx_messageInfo_SyncStrategyHook proto.InternalMessageInfo func (m *SyncWindow) Reset() { *m = SyncWindow{} } func (*SyncWindow) ProtoMessage() {} func (*SyncWindow) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{150} + return fileDescriptor_030104ce3b95bcac, []int{149} } func (m *SyncWindow) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4272,7 +4244,7 @@ var xxx_messageInfo_SyncWindow proto.InternalMessageInfo func (m *TLSClientConfig) Reset() { *m = TLSClientConfig{} } func (*TLSClientConfig) ProtoMessage() {} func (*TLSClientConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{151} + return fileDescriptor_030104ce3b95bcac, []int{150} } func (m *TLSClientConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4300,7 +4272,7 @@ var xxx_messageInfo_TLSClientConfig proto.InternalMessageInfo func (m *TagFilter) Reset() { *m = TagFilter{} } func (*TagFilter) ProtoMessage() {} func (*TagFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{152} + return fileDescriptor_030104ce3b95bcac, []int{151} } func (m *TagFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4356,7 +4328,6 @@ func init() { proto.RegisterMapType((map[string]string)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSetTemplateMeta.AnnotationsEntry") proto.RegisterMapType((map[string]string)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSetTemplateMeta.LabelsEntry") proto.RegisterType((*ApplicationSetTerminalGenerator)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSetTerminalGenerator") - proto.RegisterType((*ApplicationSetTree)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSetTree") proto.RegisterType((*ApplicationSource)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSource") proto.RegisterType((*ApplicationSourceDirectory)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSourceDirectory") proto.RegisterType((*ApplicationSourceHelm)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSourceHelm") @@ -4506,700 +4477,698 @@ func init() { } var fileDescriptor_030104ce3b95bcac = []byte{ - // 11073 bytes of a gzipped FileDescriptorProto + // 11054 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x70, 0x24, 0xc7, 0x75, 0x98, 0x66, 0x17, 0x0b, 0xec, 0x3e, 0x7c, 0xdc, 0x5d, 0xdf, 0x1d, 0x09, 0x9e, 0x48, 0xe2, 0x3c, 0xb4, 0x29, 0x2a, 0x22, 0x01, 0xf3, 0x44, 0xca, 0x8c, 0x68, 0x4b, 0xc6, 0x02, 0x77, 0x38, 0xdc, 0x01, 0x07, 0xb0, 0x81, 0xbb, 0x93, 0x28, 0x53, 0xd4, 0x60, 0xb7, 0xb1, 0x98, 0xc3, 0xec, - 0xcc, 0x70, 0x66, 0x16, 0x07, 0xd0, 0x92, 0x2c, 0x59, 0x92, 0xad, 0x44, 0x1f, 0x54, 0xa4, 0xa4, + 0xcc, 0x70, 0x66, 0x16, 0x07, 0xd0, 0x92, 0x2c, 0x59, 0xb2, 0xad, 0x44, 0x1f, 0x54, 0xa4, 0xa4, 0x4c, 0x27, 0x96, 0x22, 0x5b, 0x4e, 0x2a, 0xae, 0x44, 0x15, 0x27, 0xf9, 0x11, 0x27, 0x4e, 0xca, - 0x65, 0x3b, 0x95, 0x52, 0xe2, 0xa4, 0xec, 0x72, 0xb9, 0x2c, 0x27, 0xb1, 0x11, 0xe9, 0x52, 0xa9, - 0xa4, 0x52, 0x15, 0x57, 0x39, 0xf1, 0x8f, 0xe4, 0x92, 0x1f, 0xa9, 0xfe, 0xee, 0x99, 0x9d, 0x05, - 0x16, 0xc0, 0xe0, 0xee, 0xa4, 0xf0, 0xdf, 0x6e, 0xbf, 0x37, 0xef, 0xf5, 0xf4, 0x74, 0xbf, 0xf7, - 0xfa, 0xf5, 0x7b, 0xaf, 0x61, 0xa1, 0xe5, 0x26, 0x1b, 0x9d, 0xb5, 0xc9, 0x46, 0xd0, 0x9e, 0x72, - 0xa2, 0x56, 0x10, 0x46, 0xc1, 0x2d, 0xf6, 0xe3, 0x99, 0x46, 0x73, 0x6a, 0xeb, 0xc2, 0x54, 0xb8, - 0xd9, 0x9a, 0x72, 0x42, 0x37, 0x9e, 0x72, 0xc2, 0xd0, 0x73, 0x1b, 0x4e, 0xe2, 0x06, 0xfe, 0xd4, - 0xd6, 0xb3, 0x8e, 0x17, 0x6e, 0x38, 0xcf, 0x4e, 0xb5, 0x88, 0x4f, 0x22, 0x27, 0x21, 0xcd, 0xc9, - 0x30, 0x0a, 0x92, 0x00, 0xfd, 0xa8, 0xa6, 0x36, 0x29, 0xa9, 0xb1, 0x1f, 0xaf, 0x36, 0x9a, 0x93, - 0x5b, 0x17, 0x26, 0xc3, 0xcd, 0xd6, 0x24, 0xa5, 0x36, 0x69, 0x50, 0x9b, 0x94, 0xd4, 0xce, 0x3d, - 0x63, 0xf4, 0xa5, 0x15, 0xb4, 0x82, 0x29, 0x46, 0x74, 0xad, 0xb3, 0xce, 0xfe, 0xb1, 0x3f, 0xec, - 0x17, 0x67, 0x76, 0xce, 0xde, 0x7c, 0x21, 0x9e, 0x74, 0x03, 0xda, 0xbd, 0xa9, 0x46, 0x10, 0x91, - 0xa9, 0xad, 0xae, 0x0e, 0x9d, 0xbb, 0xac, 0x71, 0xc8, 0x76, 0x42, 0xfc, 0xd8, 0x0d, 0xfc, 0xf8, - 0x19, 0xda, 0x05, 0x12, 0x6d, 0x91, 0xc8, 0x7c, 0x3d, 0x03, 0x21, 0x8f, 0xd2, 0x73, 0x9a, 0x52, - 0xdb, 0x69, 0x6c, 0xb8, 0x3e, 0x89, 0x76, 0xf4, 0xe3, 0x6d, 0x92, 0x38, 0x79, 0x4f, 0x4d, 0xf5, - 0x7a, 0x2a, 0xea, 0xf8, 0x89, 0xdb, 0x26, 0x5d, 0x0f, 0xbc, 0x67, 0xbf, 0x07, 0xe2, 0xc6, 0x06, - 0x69, 0x3b, 0x5d, 0xcf, 0xbd, 0xbb, 0xd7, 0x73, 0x9d, 0xc4, 0xf5, 0xa6, 0x5c, 0x3f, 0x89, 0x93, - 0x28, 0xfb, 0x90, 0xfd, 0x0b, 0x16, 0x8c, 0x4e, 0xdf, 0x5c, 0x99, 0xee, 0x24, 0x1b, 0x33, 0x81, - 0xbf, 0xee, 0xb6, 0xd0, 0xf3, 0x30, 0xdc, 0xf0, 0x3a, 0x71, 0x42, 0xa2, 0x6b, 0x4e, 0x9b, 0x8c, - 0x5b, 0xe7, 0xad, 0xa7, 0x6a, 0xf5, 0xd3, 0xdf, 0xda, 0x9d, 0x78, 0xdb, 0x9d, 0xdd, 0x89, 0xe1, - 0x19, 0x0d, 0xc2, 0x26, 0x1e, 0x7a, 0x27, 0x0c, 0x45, 0x81, 0x47, 0xa6, 0xf1, 0xb5, 0xf1, 0x12, - 0x7b, 0xe4, 0x84, 0x78, 0x64, 0x08, 0xf3, 0x66, 0x2c, 0xe1, 0x14, 0x35, 0x8c, 0x82, 0x75, 0xd7, - 0x23, 0xe3, 0xe5, 0x34, 0xea, 0x32, 0x6f, 0xc6, 0x12, 0x6e, 0xff, 0x61, 0x09, 0x60, 0x3a, 0x0c, - 0x97, 0xa3, 0xe0, 0x16, 0x69, 0x24, 0xe8, 0x23, 0x50, 0xa5, 0xc3, 0xdc, 0x74, 0x12, 0x87, 0x75, - 0x6c, 0xf8, 0xc2, 0x0f, 0x4f, 0xf2, 0xb7, 0x9e, 0x34, 0xdf, 0x5a, 0x4f, 0x32, 0x8a, 0x3d, 0xb9, - 0xf5, 0xec, 0xe4, 0xd2, 0x1a, 0x7d, 0x7e, 0x91, 0x24, 0x4e, 0x1d, 0x09, 0x66, 0xa0, 0xdb, 0xb0, - 0xa2, 0x8a, 0x7c, 0x18, 0x88, 0x43, 0xd2, 0x60, 0xef, 0x30, 0x7c, 0x61, 0x61, 0xf2, 0x28, 0xb3, - 0x79, 0x52, 0xf7, 0x7c, 0x25, 0x24, 0x8d, 0xfa, 0x88, 0xe0, 0x3c, 0x40, 0xff, 0x61, 0xc6, 0x07, - 0x6d, 0xc1, 0x60, 0x9c, 0x38, 0x49, 0x27, 0x66, 0x43, 0x31, 0x7c, 0xe1, 0x5a, 0x61, 0x1c, 0x19, - 0xd5, 0xfa, 0x98, 0xe0, 0x39, 0xc8, 0xff, 0x63, 0xc1, 0xcd, 0xfe, 0x13, 0x0b, 0xc6, 0x34, 0xf2, - 0x82, 0x1b, 0x27, 0xe8, 0x27, 0xba, 0x06, 0x77, 0xb2, 0xbf, 0xc1, 0xa5, 0x4f, 0xb3, 0xa1, 0x3d, - 0x29, 0x98, 0x55, 0x65, 0x8b, 0x31, 0xb0, 0x6d, 0xa8, 0xb8, 0x09, 0x69, 0xc7, 0xe3, 0xa5, 0xf3, - 0xe5, 0xa7, 0x86, 0x2f, 0x5c, 0x2e, 0xea, 0x3d, 0xeb, 0xa3, 0x82, 0x69, 0x65, 0x9e, 0x92, 0xc7, - 0x9c, 0x8b, 0xfd, 0x2b, 0x23, 0xe6, 0xfb, 0xd1, 0x01, 0x47, 0xcf, 0xc2, 0x70, 0x1c, 0x74, 0xa2, - 0x06, 0xc1, 0x24, 0x0c, 0xe2, 0x71, 0xeb, 0x7c, 0x99, 0x4e, 0x3d, 0x3a, 0xa9, 0x57, 0x74, 0x33, - 0x36, 0x71, 0xd0, 0x17, 0x2d, 0x18, 0x69, 0x92, 0x38, 0x71, 0x7d, 0xc6, 0x5f, 0x76, 0x7e, 0xf5, - 0xc8, 0x9d, 0x97, 0x8d, 0xb3, 0x9a, 0x78, 0xfd, 0x8c, 0x78, 0x91, 0x11, 0xa3, 0x31, 0xc6, 0x29, - 0xfe, 0x74, 0x71, 0x36, 0x49, 0xdc, 0x88, 0xdc, 0x90, 0xfe, 0x17, 0xcb, 0x47, 0x2d, 0xce, 0x59, - 0x0d, 0xc2, 0x26, 0x1e, 0xf2, 0xa1, 0x42, 0x17, 0x5f, 0x3c, 0x3e, 0xc0, 0xfa, 0x3f, 0x7f, 0xb4, - 0xfe, 0x8b, 0x41, 0xa5, 0xeb, 0x5a, 0x8f, 0x3e, 0xfd, 0x17, 0x63, 0xce, 0x06, 0x7d, 0xc1, 0x82, - 0x71, 0x21, 0x1c, 0x30, 0xe1, 0x03, 0x7a, 0x73, 0xc3, 0x4d, 0x88, 0xe7, 0xc6, 0xc9, 0x78, 0x85, - 0xf5, 0x61, 0xaa, 0xbf, 0xb9, 0x35, 0x17, 0x05, 0x9d, 0xf0, 0xaa, 0xeb, 0x37, 0xeb, 0xe7, 0x05, - 0xa7, 0xf1, 0x99, 0x1e, 0x84, 0x71, 0x4f, 0x96, 0xe8, 0x2b, 0x16, 0x9c, 0xf3, 0x9d, 0x36, 0x89, - 0x43, 0x87, 0x7e, 0x5a, 0x0e, 0xae, 0x7b, 0x4e, 0x63, 0x93, 0xf5, 0x68, 0xf0, 0x70, 0x3d, 0xb2, - 0x45, 0x8f, 0xce, 0x5d, 0xeb, 0x49, 0x1a, 0xef, 0xc1, 0x16, 0x7d, 0xc3, 0x82, 0x53, 0x41, 0x14, - 0x6e, 0x38, 0x3e, 0x69, 0x4a, 0x68, 0x3c, 0x3e, 0xc4, 0x96, 0xde, 0x87, 0x8f, 0xf6, 0x89, 0x96, - 0xb2, 0x64, 0x17, 0x03, 0xdf, 0x4d, 0x82, 0x68, 0x85, 0x24, 0x89, 0xeb, 0xb7, 0xe2, 0xfa, 0xd9, - 0x3b, 0xbb, 0x13, 0xa7, 0xba, 0xb0, 0x70, 0x77, 0x7f, 0xd0, 0x4f, 0xc2, 0x70, 0xbc, 0xe3, 0x37, - 0x6e, 0xba, 0x7e, 0x33, 0xb8, 0x1d, 0x8f, 0x57, 0x8b, 0x58, 0xbe, 0x2b, 0x8a, 0xa0, 0x58, 0x80, - 0x9a, 0x01, 0x36, 0xb9, 0xe5, 0x7f, 0x38, 0x3d, 0x95, 0x6a, 0x45, 0x7f, 0x38, 0x3d, 0x99, 0xf6, - 0x60, 0x8b, 0x7e, 0xd6, 0x82, 0xd1, 0xd8, 0x6d, 0xf9, 0x4e, 0xd2, 0x89, 0xc8, 0x55, 0xb2, 0x13, - 0x8f, 0x03, 0xeb, 0xc8, 0x95, 0x23, 0x8e, 0x8a, 0x41, 0xb2, 0x7e, 0x56, 0xf4, 0x71, 0xd4, 0x6c, - 0x8d, 0x71, 0x9a, 0x6f, 0xde, 0x42, 0xd3, 0xd3, 0x7a, 0xb8, 0xd8, 0x85, 0xa6, 0x27, 0x75, 0x4f, - 0x96, 0xe8, 0xc7, 0xe1, 0x24, 0x6f, 0x52, 0x23, 0x1b, 0x8f, 0x8f, 0x30, 0x41, 0x7b, 0xe6, 0xce, - 0xee, 0xc4, 0xc9, 0x95, 0x0c, 0x0c, 0x77, 0x61, 0xa3, 0xd7, 0x60, 0x22, 0x24, 0x51, 0xdb, 0x4d, - 0x96, 0x7c, 0x6f, 0x47, 0x8a, 0xef, 0x46, 0x10, 0x92, 0xa6, 0xe8, 0x4e, 0x3c, 0x3e, 0x7a, 0xde, - 0x7a, 0xaa, 0x5a, 0x7f, 0x87, 0xe8, 0xe6, 0xc4, 0xf2, 0xde, 0xe8, 0x78, 0x3f, 0x7a, 0xf6, 0xbf, - 0x2a, 0xc1, 0xc9, 0xac, 0xe2, 0x44, 0x7f, 0xdb, 0x82, 0x13, 0xb7, 0x6e, 0x27, 0xab, 0xc1, 0x26, - 0xf1, 0xe3, 0xfa, 0x0e, 0x15, 0x6f, 0x4c, 0x65, 0x0c, 0x5f, 0x68, 0x14, 0xab, 0xa2, 0x27, 0xaf, - 0xa4, 0xb9, 0x5c, 0xf4, 0x93, 0x68, 0xa7, 0xfe, 0xb0, 0x78, 0xbb, 0x13, 0x57, 0x6e, 0xae, 0x9a, - 0x50, 0x9c, 0xed, 0xd4, 0xb9, 0xcf, 0x59, 0x70, 0x26, 0x8f, 0x04, 0x3a, 0x09, 0xe5, 0x4d, 0xb2, - 0xc3, 0x0d, 0x38, 0x4c, 0x7f, 0xa2, 0x57, 0xa0, 0xb2, 0xe5, 0x78, 0x1d, 0x22, 0xac, 0x9b, 0xb9, - 0xa3, 0xbd, 0x88, 0xea, 0x19, 0xe6, 0x54, 0xdf, 0x5b, 0x7a, 0xc1, 0xb2, 0x7f, 0xb7, 0x0c, 0xc3, - 0x86, 0x7e, 0xbb, 0x07, 0x16, 0x5b, 0x90, 0xb2, 0xd8, 0x16, 0x0b, 0x53, 0xcd, 0x3d, 0x4d, 0xb6, - 0xdb, 0x19, 0x93, 0x6d, 0xa9, 0x38, 0x96, 0x7b, 0xda, 0x6c, 0x28, 0x81, 0x5a, 0x10, 0x52, 0xeb, - 0x9d, 0xaa, 0xfe, 0x81, 0x22, 0x3e, 0xe1, 0x92, 0x24, 0x57, 0x1f, 0xbd, 0xb3, 0x3b, 0x51, 0x53, - 0x7f, 0xb1, 0x66, 0x64, 0x7f, 0xdb, 0x82, 0x33, 0x46, 0x1f, 0x67, 0x02, 0xbf, 0xe9, 0xb2, 0x4f, - 0x7b, 0x1e, 0x06, 0x92, 0x9d, 0x50, 0xee, 0x10, 0xd4, 0x48, 0xad, 0xee, 0x84, 0x04, 0x33, 0x08, - 0x35, 0xf4, 0xdb, 0x24, 0x8e, 0x9d, 0x16, 0xc9, 0xee, 0x09, 0x16, 0x79, 0x33, 0x96, 0x70, 0x14, - 0x01, 0xf2, 0x9c, 0x38, 0x59, 0x8d, 0x1c, 0x3f, 0x66, 0xe4, 0x57, 0xdd, 0x36, 0x11, 0x03, 0xfc, - 0x17, 0xfa, 0x9b, 0x31, 0xf4, 0x89, 0xfa, 0x43, 0x77, 0x76, 0x27, 0xd0, 0x42, 0x17, 0x25, 0x9c, - 0x43, 0xdd, 0xfe, 0x8a, 0x05, 0x0f, 0xe5, 0xdb, 0x62, 0xe8, 0x49, 0x18, 0xe4, 0xdb, 0x43, 0xf1, - 0x76, 0xfa, 0x93, 0xb0, 0x56, 0x2c, 0xa0, 0x68, 0x0a, 0x6a, 0x4a, 0x4f, 0x88, 0x77, 0x3c, 0x25, - 0x50, 0x6b, 0x5a, 0xb9, 0x68, 0x1c, 0x3a, 0x68, 0xf4, 0x8f, 0xb0, 0xdc, 0xd4, 0xa0, 0xb1, 0xfd, - 0x14, 0x83, 0xd8, 0xff, 0xd1, 0x82, 0x13, 0x46, 0xaf, 0xee, 0x81, 0x69, 0xee, 0xa7, 0x4d, 0xf3, - 0xf9, 0xc2, 0xe6, 0x73, 0x0f, 0xdb, 0xfc, 0x0b, 0x16, 0x9c, 0x33, 0xb0, 0x16, 0x9d, 0xa4, 0xb1, - 0x71, 0x71, 0x3b, 0x8c, 0x48, 0x4c, 0xb7, 0xde, 0xe8, 0x31, 0x43, 0x6e, 0xd5, 0x87, 0x05, 0x85, - 0xf2, 0x55, 0xb2, 0xc3, 0x85, 0xd8, 0xd3, 0x50, 0xe5, 0x93, 0x33, 0x88, 0xc4, 0x88, 0xab, 0x77, - 0x5b, 0x12, 0xed, 0x58, 0x61, 0x20, 0x1b, 0x06, 0x99, 0x70, 0xa2, 0x8b, 0x95, 0xaa, 0x21, 0xa0, - 0x1f, 0xf1, 0x06, 0x6b, 0xc1, 0x02, 0x62, 0xc7, 0xa9, 0xee, 0x2c, 0x47, 0x84, 0x7d, 0xdc, 0xe6, - 0x25, 0x97, 0x78, 0xcd, 0x98, 0x6e, 0x1b, 0x1c, 0xdf, 0x0f, 0x12, 0xb1, 0x03, 0x30, 0xb6, 0x0d, - 0xd3, 0xba, 0x19, 0x9b, 0x38, 0x94, 0xa9, 0xe7, 0xac, 0x11, 0x8f, 0x8f, 0xa8, 0x60, 0xba, 0xc0, - 0x5a, 0xb0, 0x80, 0xd8, 0x77, 0x4a, 0x6c, 0x83, 0xa2, 0x96, 0x3e, 0xb9, 0x17, 0xbb, 0xdb, 0x28, - 0x25, 0x2b, 0x97, 0x8b, 0x13, 0x5c, 0xa4, 0xf7, 0x0e, 0xf7, 0xf5, 0x8c, 0xb8, 0xc4, 0x85, 0x72, - 0xdd, 0x7b, 0x97, 0xfb, 0x9b, 0x25, 0x98, 0x48, 0x3f, 0xd0, 0x25, 0x6d, 0xe9, 0x96, 0xca, 0x60, - 0x94, 0xf5, 0x77, 0x18, 0xf8, 0xd8, 0xc4, 0xeb, 0x21, 0xb0, 0x4a, 0xc7, 0x29, 0xb0, 0x4c, 0x79, - 0x5a, 0xde, 0x47, 0x9e, 0x3e, 0xa9, 0x46, 0x7d, 0x20, 0x23, 0xc0, 0xd2, 0x3a, 0xe5, 0x3c, 0x0c, - 0xc4, 0x09, 0x09, 0xc7, 0x2b, 0x69, 0x79, 0xb4, 0x92, 0x90, 0x10, 0x33, 0x88, 0xfd, 0xdf, 0x4a, - 0xf0, 0x70, 0x7a, 0x0c, 0xb5, 0x0a, 0x78, 0x7f, 0x4a, 0x05, 0xbc, 0xcb, 0x54, 0x01, 0x77, 0x77, - 0x27, 0xde, 0xde, 0xe3, 0xb1, 0xef, 0x19, 0x0d, 0x81, 0xe6, 0x32, 0xa3, 0x38, 0x95, 0x1e, 0xc5, - 0xbb, 0xbb, 0x13, 0x8f, 0xf5, 0x78, 0xc7, 0xcc, 0x30, 0x3f, 0x09, 0x83, 0x11, 0x71, 0xe2, 0xc0, - 0x17, 0x03, 0xad, 0x3e, 0x07, 0x66, 0xad, 0x58, 0x40, 0xed, 0xdf, 0xaf, 0x65, 0x07, 0x7b, 0x8e, - 0x3b, 0xec, 0x82, 0x08, 0xb9, 0x30, 0xc0, 0xcc, 0x7a, 0x2e, 0x1a, 0xae, 0x1e, 0x6d, 0x19, 0x51, - 0x35, 0xa0, 0x48, 0xd7, 0xab, 0xf4, 0xab, 0xd1, 0x26, 0xcc, 0x58, 0xa0, 0x6d, 0xa8, 0x36, 0xa4, - 0xb5, 0x5d, 0x2a, 0xc2, 0x2f, 0x25, 0x6c, 0x6d, 0xcd, 0x71, 0x84, 0xca, 0x6b, 0x65, 0xa2, 0x2b, - 0x6e, 0x88, 0x40, 0xb9, 0xe5, 0x26, 0xe2, 0xb3, 0x1e, 0x71, 0x3f, 0x35, 0xe7, 0x1a, 0xaf, 0x38, - 0x44, 0x95, 0xc8, 0x9c, 0x9b, 0x60, 0x4a, 0x1f, 0x7d, 0xc6, 0x82, 0xe1, 0xb8, 0xd1, 0x5e, 0x8e, - 0x82, 0x2d, 0xb7, 0x49, 0x22, 0x61, 0x4d, 0x1d, 0x51, 0x34, 0xad, 0xcc, 0x2c, 0x4a, 0x82, 0x9a, - 0x2f, 0xdf, 0xdf, 0x6a, 0x08, 0x36, 0xf9, 0xd2, 0x5d, 0xc6, 0xc3, 0xe2, 0xdd, 0x67, 0x49, 0xc3, - 0xa5, 0xfa, 0x4f, 0x6e, 0xaa, 0xd8, 0x4c, 0x39, 0xb2, 0x75, 0x39, 0xdb, 0x69, 0x6c, 0xd2, 0xf5, - 0xa6, 0x3b, 0xf4, 0xf6, 0x3b, 0xbb, 0x13, 0x0f, 0xcf, 0xe4, 0xf3, 0xc4, 0xbd, 0x3a, 0xc3, 0x06, - 0x2c, 0xec, 0x78, 0x1e, 0x26, 0xaf, 0x75, 0x08, 0x73, 0x99, 0x14, 0x30, 0x60, 0xcb, 0x9a, 0x60, - 0x66, 0xc0, 0x0c, 0x08, 0x36, 0xf9, 0xa2, 0xd7, 0x60, 0xb0, 0xed, 0x24, 0x91, 0xbb, 0x2d, 0xfc, - 0x24, 0x47, 0xb4, 0xf7, 0x17, 0x19, 0x2d, 0xcd, 0x9c, 0x69, 0x6a, 0xde, 0x88, 0x05, 0x23, 0xd4, - 0x86, 0x4a, 0x9b, 0x44, 0x2d, 0x32, 0x5e, 0x2d, 0xc2, 0x27, 0xbc, 0x48, 0x49, 0x69, 0x86, 0x35, - 0x6a, 0x1d, 0xb1, 0x36, 0xcc, 0xb9, 0xa0, 0x57, 0xa0, 0x1a, 0x13, 0x8f, 0x34, 0xa8, 0x7d, 0x53, - 0x63, 0x1c, 0xdf, 0xdd, 0xa7, 0xad, 0x47, 0x0d, 0x8b, 0x15, 0xf1, 0x28, 0x5f, 0x60, 0xf2, 0x1f, - 0x56, 0x24, 0xe9, 0x00, 0x86, 0x5e, 0xa7, 0xe5, 0xfa, 0xe3, 0x50, 0xc4, 0x00, 0x2e, 0x33, 0x5a, - 0x99, 0x01, 0xe4, 0x8d, 0x58, 0x30, 0xb2, 0xff, 0xb3, 0x05, 0x28, 0x2d, 0xd4, 0xee, 0x81, 0x51, - 0xfb, 0x5a, 0xda, 0xa8, 0x5d, 0x28, 0xd2, 0xea, 0xe8, 0x61, 0xd7, 0xfe, 0x7a, 0x0d, 0x32, 0xea, - 0xe0, 0x1a, 0x89, 0x13, 0xd2, 0x7c, 0x4b, 0x84, 0xbf, 0x25, 0xc2, 0xdf, 0x12, 0xe1, 0x4a, 0x84, - 0xaf, 0x65, 0x44, 0xf8, 0xfb, 0x8c, 0x55, 0xaf, 0x0f, 0x60, 0x5f, 0x55, 0x27, 0xb4, 0x66, 0x0f, - 0x0c, 0x04, 0x2a, 0x09, 0xae, 0xac, 0x2c, 0x5d, 0xcb, 0x95, 0xd9, 0xaf, 0xa6, 0x65, 0xf6, 0x51, - 0x59, 0xfc, 0xff, 0x20, 0xa5, 0xff, 0xa5, 0x05, 0xef, 0x48, 0x4b, 0x2f, 0x39, 0x73, 0xe6, 0x5b, - 0x7e, 0x10, 0x91, 0x59, 0x77, 0x7d, 0x9d, 0x44, 0xc4, 0x6f, 0x90, 0x58, 0x79, 0x31, 0xac, 0x5e, - 0x5e, 0x0c, 0xf4, 0x1c, 0x8c, 0xdc, 0x8a, 0x03, 0x7f, 0x39, 0x70, 0x7d, 0x21, 0x82, 0xe8, 0x46, - 0xf8, 0xe4, 0x9d, 0xdd, 0x89, 0x11, 0x3a, 0xa2, 0xb2, 0x1d, 0xa7, 0xb0, 0xd0, 0x0c, 0x9c, 0xba, - 0xf5, 0xda, 0xb2, 0x93, 0x18, 0xee, 0x00, 0xb9, 0x71, 0x67, 0x07, 0x16, 0x57, 0x5e, 0xca, 0x00, - 0x71, 0x37, 0xbe, 0xfd, 0x37, 0x4a, 0xf0, 0x48, 0xe6, 0x45, 0x02, 0xcf, 0x0b, 0x3a, 0x09, 0xdd, - 0xd4, 0xa0, 0xaf, 0x59, 0x70, 0xb2, 0x9d, 0xf6, 0x38, 0xc4, 0xc2, 0xb1, 0xfb, 0x81, 0xc2, 0x74, - 0x44, 0xc6, 0xa5, 0x51, 0x1f, 0x17, 0x23, 0x74, 0x32, 0x03, 0x88, 0x71, 0x57, 0x5f, 0xd0, 0x2b, - 0x50, 0x6b, 0x3b, 0xdb, 0xd7, 0xc3, 0xa6, 0x93, 0xc8, 0xfd, 0x64, 0x6f, 0x37, 0x40, 0x27, 0x71, - 0xbd, 0x49, 0x7e, 0xb4, 0x3f, 0x39, 0xef, 0x27, 0x4b, 0xd1, 0x4a, 0x12, 0xb9, 0x7e, 0x8b, 0xbb, - 0xf3, 0x16, 0x25, 0x19, 0xac, 0x29, 0xda, 0x5f, 0xb5, 0xb2, 0x4a, 0x4a, 0x8d, 0x4e, 0xe4, 0x24, - 0xa4, 0xb5, 0x83, 0x3e, 0x0a, 0x15, 0xba, 0xf1, 0x93, 0xa3, 0x72, 0xb3, 0x48, 0xcd, 0x69, 0x7c, - 0x09, 0xad, 0x44, 0xe9, 0xbf, 0x18, 0x73, 0xa6, 0xf6, 0xd7, 0x6a, 0x59, 0x63, 0x81, 0x1d, 0xde, - 0x5e, 0x00, 0x68, 0x05, 0xab, 0xa4, 0x1d, 0x7a, 0x74, 0x58, 0x2c, 0x76, 0x02, 0xa0, 0x7c, 0x1d, - 0x73, 0x0a, 0x82, 0x0d, 0x2c, 0xf4, 0x97, 0x2c, 0x80, 0x96, 0x9c, 0xf3, 0xd2, 0x10, 0xb8, 0x5e, - 0xe4, 0xeb, 0xe8, 0x15, 0xa5, 0xfb, 0xa2, 0x18, 0x62, 0x83, 0x39, 0xfa, 0x69, 0x0b, 0xaa, 0x89, - 0xec, 0x3e, 0x57, 0x8d, 0xab, 0x45, 0xf6, 0x44, 0xbe, 0xb4, 0xb6, 0x89, 0xd4, 0x90, 0x28, 0xbe, - 0xe8, 0x67, 0x2c, 0x80, 0x78, 0xc7, 0x6f, 0x2c, 0x07, 0x9e, 0xdb, 0xd8, 0x11, 0x1a, 0xf3, 0x46, - 0xa1, 0xfe, 0x18, 0x45, 0xbd, 0x3e, 0x46, 0x47, 0x43, 0xff, 0xc7, 0x06, 0x67, 0xf4, 0x71, 0xa8, - 0xc6, 0x62, 0xba, 0x09, 0x1d, 0xb9, 0x5a, 0xac, 0x57, 0x88, 0xd3, 0x16, 0xe2, 0x55, 0xfc, 0xc3, - 0x8a, 0x27, 0xfa, 0x39, 0x0b, 0x4e, 0x84, 0x69, 0x3f, 0x9f, 0x50, 0x87, 0xc5, 0xc9, 0x80, 0x8c, - 0x1f, 0xb1, 0x7e, 0xfa, 0xce, 0xee, 0xc4, 0x89, 0x4c, 0x23, 0xce, 0xf6, 0x82, 0x4a, 0x40, 0x3d, - 0x83, 0x97, 0x42, 0xee, 0x73, 0x1c, 0xd2, 0x12, 0x70, 0x2e, 0x0b, 0xc4, 0xdd, 0xf8, 0x68, 0x19, - 0xce, 0xd0, 0xde, 0xed, 0x70, 0xf3, 0x53, 0xaa, 0x97, 0x98, 0x29, 0xc3, 0x6a, 0xfd, 0x51, 0x31, - 0x43, 0x98, 0x57, 0x3f, 0x8b, 0x83, 0x73, 0x9f, 0x44, 0xbf, 0x6b, 0xc1, 0xa3, 0x2e, 0x53, 0x03, - 0xa6, 0xc3, 0x5c, 0x6b, 0x04, 0x71, 0x12, 0x4b, 0x0a, 0x95, 0x15, 0xbd, 0xd4, 0x4f, 0xfd, 0x07, - 0xc5, 0x1b, 0x3c, 0x3a, 0xbf, 0x47, 0x97, 0xf0, 0x9e, 0x1d, 0x46, 0x3f, 0x02, 0xa3, 0x72, 0x5d, - 0x2c, 0x53, 0x11, 0xcc, 0x14, 0x6d, 0xad, 0x7e, 0xea, 0xce, 0xee, 0xc4, 0xe8, 0xaa, 0x09, 0xc0, - 0x69, 0x3c, 0xfb, 0x5f, 0x97, 0x53, 0xe7, 0x21, 0xca, 0x09, 0xc9, 0xc4, 0x4d, 0x43, 0xfa, 0x7f, - 0xa4, 0xf4, 0x2c, 0x54, 0xdc, 0x28, 0xef, 0x92, 0x16, 0x37, 0xaa, 0x29, 0xc6, 0x06, 0x73, 0x6a, - 0x94, 0x9e, 0x72, 0xb2, 0xae, 0x4e, 0x21, 0x01, 0x5f, 0x29, 0xb2, 0x4b, 0xdd, 0xa7, 0x57, 0x8f, - 0x88, 0xae, 0x9d, 0xea, 0x02, 0xe1, 0xee, 0x2e, 0xa1, 0x8f, 0x41, 0x2d, 0x52, 0xa1, 0x0f, 0xe5, - 0x22, 0xb6, 0x6a, 0x72, 0xda, 0x88, 0xee, 0xa8, 0xe3, 0x18, 0x1d, 0xe4, 0xa0, 0x39, 0xda, 0xbf, - 0x93, 0x3e, 0x02, 0x32, 0x64, 0x47, 0x1f, 0xc7, 0x5b, 0x5f, 0xb4, 0x60, 0x38, 0x0a, 0x3c, 0xcf, - 0xf5, 0x5b, 0x54, 0xce, 0x09, 0x65, 0xfd, 0xa1, 0x63, 0xd1, 0x97, 0x42, 0xa0, 0x31, 0xcb, 0x1a, - 0x6b, 0x9e, 0xd8, 0xec, 0x80, 0xfd, 0x27, 0x16, 0x8c, 0xf7, 0x92, 0xc7, 0x88, 0xc0, 0xdb, 0xa5, - 0xb0, 0x51, 0x43, 0xb1, 0xe4, 0xcf, 0x12, 0x8f, 0x28, 0xbf, 0x77, 0xb5, 0xfe, 0x84, 0x78, 0xcd, - 0xb7, 0x2f, 0xf7, 0x46, 0xc5, 0x7b, 0xd1, 0x41, 0x2f, 0xc3, 0x49, 0xe3, 0xbd, 0x62, 0x35, 0x30, - 0xb5, 0xfa, 0x24, 0x35, 0x80, 0xa6, 0x33, 0xb0, 0xbb, 0xbb, 0x13, 0x0f, 0x65, 0xdb, 0x84, 0xc2, - 0xe8, 0xa2, 0x63, 0xff, 0x72, 0x29, 0xfb, 0xb5, 0x94, 0xae, 0x7f, 0xd3, 0xea, 0xf2, 0x26, 0x7c, - 0xe0, 0x38, 0xf4, 0x2b, 0xf3, 0x3b, 0xa8, 0xf8, 0x91, 0xde, 0x38, 0xf7, 0xf1, 0x80, 0xda, 0xfe, - 0x37, 0x03, 0xb0, 0x47, 0xcf, 0xfa, 0x30, 0xde, 0x0f, 0x7c, 0xaa, 0xf9, 0x79, 0x4b, 0x9d, 0x78, - 0xf1, 0x35, 0xdc, 0x3c, 0xae, 0xb1, 0xe7, 0xfb, 0xa7, 0x98, 0x07, 0x49, 0x28, 0x2f, 0x7a, 0xfa, - 0x6c, 0x0d, 0x7d, 0xdd, 0x4a, 0x9f, 0xd9, 0xf1, 0xa8, 0x37, 0xf7, 0xd8, 0xfa, 0x64, 0x1c, 0x04, - 0xf2, 0x8e, 0xe9, 0xe3, 0xa3, 0x5e, 0x47, 0x84, 0x93, 0x00, 0xeb, 0xae, 0xef, 0x78, 0xee, 0xeb, - 0x74, 0x77, 0x54, 0x61, 0x0a, 0x9e, 0x59, 0x4c, 0x97, 0x54, 0x2b, 0x36, 0x30, 0xce, 0xfd, 0x45, - 0x18, 0x36, 0xde, 0x3c, 0x27, 0xb6, 0xe3, 0x8c, 0x19, 0xdb, 0x51, 0x33, 0x42, 0x32, 0xce, 0xbd, - 0x0f, 0x4e, 0x66, 0x3b, 0x78, 0x90, 0xe7, 0xed, 0xff, 0x35, 0x94, 0x3d, 0x44, 0x5b, 0x25, 0x51, - 0x9b, 0x76, 0xed, 0x2d, 0xc7, 0xd6, 0x5b, 0x8e, 0xad, 0xb7, 0x1c, 0x5b, 0xe6, 0xd9, 0x84, 0x70, - 0xda, 0x0c, 0xdd, 0x23, 0xa7, 0x4d, 0xca, 0x0d, 0x55, 0x2d, 0xdc, 0x0d, 0x65, 0x7f, 0xa6, 0xcb, - 0x73, 0xbf, 0x1a, 0x11, 0x82, 0x02, 0xa8, 0xf8, 0x41, 0x93, 0x48, 0x1b, 0xf7, 0x4a, 0x31, 0x06, - 0xdb, 0xb5, 0xa0, 0x69, 0xc4, 0x13, 0xd3, 0x7f, 0x31, 0xe6, 0x7c, 0xec, 0x3b, 0x15, 0x48, 0x99, - 0x93, 0xfc, 0xbb, 0xbf, 0x13, 0x86, 0x22, 0x12, 0x06, 0xd7, 0xf1, 0x82, 0xd0, 0x65, 0x3a, 0xe5, - 0x80, 0x37, 0x63, 0x09, 0xa7, 0x3a, 0x2f, 0x74, 0x92, 0x0d, 0xa1, 0xcc, 0x94, 0xce, 0x5b, 0x76, - 0x92, 0x0d, 0xcc, 0x20, 0xe8, 0x7d, 0x30, 0x96, 0x38, 0x51, 0x8b, 0x6e, 0x3b, 0xb6, 0xd8, 0xf4, - 0x12, 0x47, 0xbe, 0x0f, 0x09, 0xdc, 0xb1, 0xd5, 0x14, 0x14, 0x67, 0xb0, 0xd1, 0x6b, 0x30, 0xb0, - 0x41, 0xbc, 0xb6, 0xf8, 0xf4, 0x2b, 0xc5, 0xe9, 0x1a, 0xf6, 0xae, 0x97, 0x89, 0xd7, 0xe6, 0x92, - 0x90, 0xfe, 0xc2, 0x8c, 0x15, 0x9d, 0xf7, 0xb5, 0xcd, 0x4e, 0x9c, 0x04, 0x6d, 0xf7, 0x75, 0xe9, - 0xe9, 0xfc, 0x40, 0xc1, 0x8c, 0xaf, 0x4a, 0xfa, 0xdc, 0xa5, 0xa4, 0xfe, 0x62, 0xcd, 0x99, 0xf5, - 0xa3, 0xe9, 0x46, 0x6c, 0xca, 0xec, 0x08, 0x87, 0x65, 0xd1, 0xfd, 0x98, 0x95, 0xf4, 0x79, 0x3f, - 0xd4, 0x5f, 0xac, 0x39, 0xa3, 0x1d, 0xb5, 0xfe, 0x86, 0x59, 0x1f, 0xae, 0x17, 0xdc, 0x07, 0xbe, - 0xf6, 0x72, 0xd7, 0xe1, 0x13, 0x50, 0x69, 0x6c, 0x38, 0x51, 0x32, 0x3e, 0xc2, 0x26, 0x8d, 0x9a, - 0xc5, 0x33, 0xb4, 0x11, 0x73, 0x18, 0x7a, 0x0c, 0xca, 0x11, 0x59, 0x67, 0xe1, 0xab, 0x46, 0x60, - 0x13, 0x26, 0xeb, 0x98, 0xb6, 0xdb, 0xbf, 0x58, 0x4a, 0x9b, 0x6d, 0xe9, 0xf7, 0xe6, 0xb3, 0xbd, - 0xd1, 0x89, 0x62, 0xe9, 0xfe, 0x32, 0x66, 0x3b, 0x6b, 0xc6, 0x12, 0x8e, 0x3e, 0x69, 0xc1, 0xd0, - 0xad, 0x38, 0xf0, 0x7d, 0x92, 0x08, 0x15, 0x79, 0xa3, 0xe0, 0xa1, 0xb8, 0xc2, 0xa9, 0xeb, 0x3e, - 0x88, 0x06, 0x2c, 0xf9, 0xd2, 0xee, 0x92, 0xed, 0x86, 0xd7, 0x69, 0x76, 0xc5, 0xaa, 0x5c, 0xe4, - 0xcd, 0x58, 0xc2, 0x29, 0xaa, 0xeb, 0x73, 0xd4, 0x81, 0x34, 0xea, 0xbc, 0x2f, 0x50, 0x05, 0xdc, - 0xfe, 0x6b, 0x83, 0x70, 0x36, 0x77, 0x71, 0x50, 0x83, 0x8a, 0x99, 0x2c, 0x97, 0x5c, 0x8f, 0xc8, - 0x28, 0x2d, 0x66, 0x50, 0xdd, 0x50, 0xad, 0xd8, 0xc0, 0x40, 0x3f, 0x05, 0x10, 0x3a, 0x91, 0xd3, - 0x26, 0xca, 0x3d, 0x7d, 0x64, 0xbb, 0x85, 0xf6, 0x63, 0x59, 0xd2, 0xd4, 0x5b, 0x74, 0xd5, 0x14, - 0x63, 0x83, 0x25, 0x7a, 0x1e, 0x86, 0x23, 0xe2, 0x11, 0x27, 0x66, 0xd1, 0xcf, 0xd9, 0x54, 0x0e, - 0xac, 0x41, 0xd8, 0xc4, 0x43, 0x4f, 0xaa, 0x80, 0xb6, 0x4c, 0x60, 0x4f, 0x3a, 0xa8, 0x0d, 0xbd, - 0x61, 0xc1, 0xd8, 0xba, 0xeb, 0x11, 0xcd, 0x5d, 0x24, 0x5e, 0x2c, 0x1d, 0xfd, 0x25, 0x2f, 0x99, - 0x74, 0xb5, 0x84, 0x4c, 0x35, 0xc7, 0x38, 0xc3, 0x9e, 0x7e, 0xe6, 0x2d, 0x12, 0x31, 0xd1, 0x3a, - 0x98, 0xfe, 0xcc, 0x37, 0x78, 0x33, 0x96, 0x70, 0x34, 0x0d, 0x27, 0x42, 0x27, 0x8e, 0x67, 0x22, - 0xd2, 0x24, 0x7e, 0xe2, 0x3a, 0x1e, 0x4f, 0x8b, 0xa8, 0xea, 0xb0, 0xe8, 0xe5, 0x34, 0x18, 0x67, - 0xf1, 0xd1, 0x07, 0xe1, 0x61, 0xee, 0xff, 0x59, 0x74, 0xe3, 0xd8, 0xf5, 0x5b, 0x7a, 0x1a, 0x08, - 0x37, 0xd8, 0x84, 0x20, 0xf5, 0xf0, 0x7c, 0x3e, 0x1a, 0xee, 0xf5, 0x3c, 0x7a, 0x1a, 0xaa, 0xf1, - 0xa6, 0x1b, 0xce, 0x44, 0xcd, 0x98, 0x9d, 0xfd, 0x54, 0xb5, 0xd3, 0x75, 0x45, 0xb4, 0x63, 0x85, - 0x81, 0x1a, 0x30, 0xc2, 0x3f, 0x09, 0x8f, 0xc8, 0x13, 0xf2, 0xf1, 0x99, 0x9e, 0x6a, 0x5a, 0x64, - 0xf9, 0x4d, 0x62, 0xe7, 0xf6, 0x45, 0x79, 0x12, 0xc5, 0x0f, 0x4e, 0x6e, 0x18, 0x64, 0x70, 0x8a, - 0xa8, 0xfd, 0xf3, 0xa5, 0xf4, 0xce, 0xdf, 0x5c, 0xa4, 0x28, 0xa6, 0x4b, 0x31, 0xb9, 0xe1, 0x44, - 0x52, 0x61, 0x1f, 0x31, 0x7b, 0x43, 0xd0, 0xbd, 0xe1, 0x44, 0xe6, 0xa2, 0x66, 0x0c, 0xb0, 0xe4, - 0x84, 0x6e, 0xc1, 0x40, 0xe2, 0x39, 0x05, 0xa5, 0x7b, 0x19, 0x1c, 0xb5, 0x23, 0x66, 0x61, 0x3a, - 0xc6, 0x8c, 0x07, 0x7a, 0x94, 0xee, 0x3e, 0xd6, 0xe4, 0x49, 0x91, 0xd8, 0x30, 0xac, 0xc5, 0x98, - 0xb5, 0xda, 0x77, 0x21, 0x47, 0xae, 0x2a, 0x45, 0x86, 0x2e, 0x00, 0xd0, 0x8d, 0xec, 0x72, 0x44, - 0xd6, 0xdd, 0x6d, 0x61, 0x48, 0xa8, 0xb5, 0x7b, 0x4d, 0x41, 0xb0, 0x81, 0x25, 0x9f, 0x59, 0xe9, - 0xac, 0xd3, 0x67, 0x4a, 0xdd, 0xcf, 0x70, 0x08, 0x36, 0xb0, 0xd0, 0x73, 0x30, 0xe8, 0xb6, 0x9d, - 0x96, 0x8a, 0x44, 0x7d, 0x94, 0x2e, 0xda, 0x79, 0xd6, 0x72, 0x77, 0x77, 0x62, 0x4c, 0x75, 0x88, - 0x35, 0x61, 0x81, 0x8b, 0x7e, 0xd9, 0x82, 0x91, 0x46, 0xd0, 0x6e, 0x07, 0x3e, 0xdf, 0xfe, 0x89, - 0xbd, 0xec, 0xad, 0xe3, 0x52, 0xf3, 0x93, 0x33, 0x06, 0x33, 0xbe, 0x99, 0x55, 0x79, 0x69, 0x26, - 0x08, 0xa7, 0x7a, 0x65, 0xae, 0xed, 0xca, 0x3e, 0x6b, 0xfb, 0xd7, 0x2c, 0x38, 0xc5, 0x9f, 0x35, - 0x76, 0xa5, 0x22, 0x05, 0x2b, 0x38, 0xe6, 0xd7, 0xea, 0xda, 0xa8, 0x2b, 0x67, 0x65, 0x17, 0x1c, - 0x77, 0x77, 0x12, 0xcd, 0xc1, 0xa9, 0xf5, 0x20, 0x6a, 0x10, 0x73, 0x20, 0x84, 0x60, 0x52, 0x84, - 0x2e, 0x65, 0x11, 0x70, 0xf7, 0x33, 0xe8, 0x06, 0x3c, 0x64, 0x34, 0x9a, 0xe3, 0xc0, 0x65, 0xd3, - 0xe3, 0x82, 0xda, 0x43, 0x97, 0x72, 0xb1, 0x70, 0x8f, 0xa7, 0xd3, 0x8e, 0x9b, 0x5a, 0x1f, 0x8e, - 0x9b, 0x57, 0xe1, 0x91, 0x46, 0xf7, 0xc8, 0x6c, 0xc5, 0x9d, 0xb5, 0x98, 0x4b, 0xaa, 0x6a, 0xfd, - 0x07, 0x04, 0x81, 0x47, 0x66, 0x7a, 0x21, 0xe2, 0xde, 0x34, 0xd0, 0x47, 0xa1, 0x1a, 0x11, 0xf6, - 0x55, 0x62, 0x91, 0x8f, 0x74, 0xc4, 0xdd, 0xba, 0xb6, 0x40, 0x39, 0x59, 0x2d, 0x7b, 0x45, 0x43, - 0x8c, 0x15, 0x47, 0x74, 0x1b, 0x86, 0x42, 0x27, 0x69, 0x6c, 0x88, 0x2c, 0xa4, 0x23, 0xfb, 0x96, - 0x15, 0x73, 0x76, 0x14, 0x60, 0xe4, 0x2d, 0x73, 0x26, 0x58, 0x72, 0xa3, 0xd6, 0x48, 0x23, 0x68, - 0x87, 0x81, 0x4f, 0xfc, 0x24, 0x1e, 0x1f, 0xd5, 0xd6, 0xc8, 0x8c, 0x6a, 0xc5, 0x06, 0x06, 0x5a, - 0x86, 0x33, 0xcc, 0x77, 0x75, 0xd3, 0x4d, 0x36, 0x82, 0x4e, 0x22, 0xb7, 0x62, 0xe3, 0x63, 0xe9, - 0x13, 0x9b, 0x85, 0x1c, 0x1c, 0x9c, 0xfb, 0xe4, 0xb9, 0xf7, 0xc3, 0xa9, 0xae, 0xa5, 0x7c, 0x20, - 0xb7, 0xd1, 0x2c, 0x3c, 0x94, 0xbf, 0x68, 0x0e, 0xe4, 0x3c, 0xfa, 0x47, 0x99, 0xe8, 0x61, 0xc3, - 0x90, 0xee, 0xc3, 0x11, 0xe9, 0x40, 0x99, 0xf8, 0x5b, 0x42, 0x87, 0x5c, 0x3a, 0xda, 0xb7, 0xbb, - 0xe8, 0x6f, 0xf1, 0x35, 0xcf, 0xbc, 0x2d, 0x17, 0xfd, 0x2d, 0x4c, 0x69, 0xa3, 0x2f, 0x5b, 0x29, - 0x43, 0x90, 0xbb, 0x2f, 0x3f, 0x7c, 0x2c, 0x3b, 0x87, 0xbe, 0x6d, 0x43, 0xfb, 0xdf, 0x96, 0xe0, - 0xfc, 0x7e, 0x44, 0xfa, 0x18, 0xbe, 0x27, 0x60, 0x30, 0x66, 0xf1, 0x00, 0x42, 0x28, 0x0f, 0xd3, - 0xb9, 0xca, 0x23, 0x04, 0x5e, 0xc5, 0x02, 0x84, 0x3c, 0x28, 0xb7, 0x9d, 0x50, 0x78, 0xb5, 0xe6, - 0x8f, 0x9a, 0x4f, 0x44, 0xff, 0x3b, 0xde, 0xa2, 0x13, 0x72, 0x5f, 0x89, 0xd1, 0x80, 0x29, 0x1b, - 0x94, 0x40, 0xc5, 0x89, 0x22, 0x47, 0x1e, 0x3e, 0x5f, 0x2d, 0x86, 0xdf, 0x34, 0x25, 0xc9, 0xcf, - 0xee, 0x52, 0x4d, 0x98, 0x33, 0xb3, 0x3f, 0x3f, 0x94, 0xca, 0xa9, 0x61, 0x11, 0x05, 0x31, 0x0c, - 0x0a, 0x67, 0x96, 0x55, 0x74, 0x1a, 0x17, 0x4f, 0x8a, 0x64, 0xfb, 0x44, 0x91, 0x5a, 0x2e, 0x58, - 0xa1, 0xcf, 0x59, 0x2c, 0x81, 0x5b, 0xe6, 0x19, 0x89, 0xdd, 0xd9, 0xf1, 0xe4, 0x93, 0x9b, 0x69, - 0xe1, 0xb2, 0x11, 0x9b, 0xdc, 0x45, 0x21, 0x06, 0x66, 0x95, 0x76, 0x17, 0x62, 0x60, 0x56, 0xa6, - 0x84, 0xa3, 0xed, 0x9c, 0xc8, 0x81, 0x02, 0x92, 0x80, 0xfb, 0x88, 0x15, 0xf8, 0xba, 0x05, 0xa7, - 0xdc, 0xec, 0x11, 0xb0, 0xd8, 0xcb, 0xdc, 0x2c, 0xc6, 0xf3, 0xd4, 0x7d, 0xc2, 0xac, 0xd4, 0x79, - 0x17, 0x08, 0x77, 0x77, 0x06, 0x35, 0x61, 0xc0, 0xf5, 0xd7, 0x03, 0x61, 0xc4, 0xd4, 0x8f, 0xd6, - 0xa9, 0x79, 0x7f, 0x3d, 0xd0, 0xab, 0x99, 0xfe, 0xc3, 0x8c, 0x3a, 0x5a, 0x80, 0x33, 0x91, 0xf0, - 0x36, 0x5d, 0x76, 0xe3, 0x24, 0x88, 0x76, 0x16, 0xdc, 0xb6, 0x9b, 0x30, 0x03, 0xa4, 0x5c, 0x1f, - 0xa7, 0xfa, 0x01, 0xe7, 0xc0, 0x71, 0xee, 0x53, 0xe8, 0x75, 0x18, 0x92, 0xc7, 0xae, 0xd5, 0x22, - 0xf6, 0x85, 0xdd, 0xf3, 0x5f, 0x4d, 0xa6, 0x15, 0x71, 0xee, 0x2a, 0x19, 0xda, 0x6f, 0x0c, 0x43, - 0xf7, 0xe9, 0x70, 0xfa, 0x28, 0xd8, 0xba, 0xd7, 0x47, 0xc1, 0x74, 0xc3, 0x12, 0xeb, 0x53, 0xdc, - 0x02, 0xe6, 0xb6, 0xe0, 0xaa, 0x4f, 0xe8, 0x76, 0xfc, 0x06, 0x66, 0x3c, 0x50, 0x04, 0x83, 0x1b, - 0xc4, 0xf1, 0x92, 0x8d, 0x62, 0x0e, 0x13, 0x2e, 0x33, 0x5a, 0xd9, 0x5c, 0x28, 0xde, 0x8a, 0x05, - 0x27, 0xb4, 0x0d, 0x43, 0x1b, 0x7c, 0x02, 0x88, 0x3d, 0xc4, 0xe2, 0x51, 0x07, 0x37, 0x35, 0xab, - 0xf4, 0xe7, 0x16, 0x0d, 0x58, 0xb2, 0x63, 0x61, 0x47, 0x46, 0x60, 0x04, 0x5f, 0xba, 0xc5, 0xa5, - 0x81, 0xf5, 0x1f, 0x15, 0xf1, 0x11, 0x18, 0x89, 0x48, 0x23, 0xf0, 0x1b, 0xae, 0x47, 0x9a, 0xd3, - 0xf2, 0xa0, 0xe0, 0x20, 0xc9, 0x43, 0x6c, 0x1f, 0x8e, 0x0d, 0x1a, 0x38, 0x45, 0x11, 0x7d, 0xd6, - 0x82, 0x31, 0x95, 0x3a, 0x4b, 0x3f, 0x08, 0x11, 0x0e, 0xe1, 0x85, 0x82, 0x12, 0x75, 0x19, 0xcd, - 0x3a, 0xba, 0xb3, 0x3b, 0x31, 0x96, 0x6e, 0xc3, 0x19, 0xbe, 0xe8, 0x65, 0x80, 0x60, 0x8d, 0xc7, - 0x16, 0x4d, 0x27, 0xc2, 0x3b, 0x7c, 0x90, 0x57, 0x1d, 0xe3, 0x59, 0x84, 0x92, 0x02, 0x36, 0xa8, - 0xa1, 0xab, 0x00, 0x7c, 0xd9, 0xac, 0xee, 0x84, 0x72, 0xa3, 0x21, 0xb3, 0xbf, 0x60, 0x45, 0x41, - 0xee, 0xee, 0x4e, 0x74, 0x7b, 0xeb, 0x58, 0x00, 0x85, 0xf1, 0x38, 0xfa, 0x49, 0x18, 0x8a, 0x3b, - 0xed, 0xb6, 0xa3, 0x7c, 0xc7, 0x05, 0xe6, 0x25, 0x72, 0xba, 0x86, 0x28, 0xe2, 0x0d, 0x58, 0x72, - 0x44, 0xb7, 0xa8, 0x50, 0x8d, 0x85, 0x1b, 0x91, 0xad, 0x22, 0x6e, 0x13, 0x0c, 0xb3, 0x77, 0x7a, - 0x8f, 0x34, 0xbc, 0x71, 0x0e, 0xce, 0xdd, 0xdd, 0x89, 0x87, 0xd2, 0xed, 0x0b, 0x81, 0xc8, 0x14, - 0xcc, 0xa5, 0x89, 0xae, 0xc8, 0x02, 0x34, 0xf4, 0xb5, 0x65, 0x5d, 0x84, 0xa7, 0x74, 0x01, 0x1a, - 0xd6, 0xdc, 0x7b, 0xcc, 0xcc, 0x87, 0xd1, 0x22, 0x9c, 0x6e, 0x04, 0x7e, 0x12, 0x05, 0x9e, 0xc7, - 0x0b, 0x30, 0xf1, 0x3d, 0x1f, 0xf7, 0x2d, 0xbf, 0x5d, 0x74, 0xfb, 0xf4, 0x4c, 0x37, 0x0a, 0xce, - 0x7b, 0xce, 0xf6, 0xd3, 0xe7, 0x3c, 0x62, 0x70, 0x9e, 0x83, 0x11, 0xb2, 0x9d, 0x90, 0xc8, 0x77, - 0xbc, 0xeb, 0x78, 0x41, 0x7a, 0x55, 0xd9, 0x1a, 0xb8, 0x68, 0xb4, 0xe3, 0x14, 0x16, 0xb2, 0x95, - 0xa3, 0xc3, 0xc8, 0x7e, 0xe5, 0x8e, 0x0e, 0xe9, 0xd6, 0xb0, 0xff, 0x77, 0x29, 0x65, 0x90, 0xdd, - 0x97, 0x53, 0x25, 0x56, 0xc6, 0x43, 0xd6, 0x3b, 0x61, 0x00, 0xb1, 0xd1, 0x28, 0x92, 0xb3, 0x2a, - 0xe3, 0xb1, 0x64, 0x32, 0xc2, 0x69, 0xbe, 0x68, 0x13, 0x2a, 0x1b, 0x41, 0x9c, 0xc8, 0xed, 0xc7, - 0x11, 0x77, 0x3a, 0x97, 0x83, 0x38, 0x61, 0x56, 0x84, 0x7a, 0x6d, 0xda, 0x12, 0x63, 0xce, 0xc3, - 0xfe, 0x2f, 0x56, 0xca, 0x87, 0x7e, 0x93, 0x05, 0x20, 0x6f, 0x11, 0x9f, 0x2e, 0x6b, 0x33, 0xe4, - 0xe9, 0x47, 0x32, 0xe9, 0x9c, 0xef, 0xe8, 0x55, 0x5f, 0xec, 0x36, 0xa5, 0x30, 0xc9, 0x48, 0x18, - 0xd1, 0x51, 0x9f, 0xb0, 0xd2, 0x89, 0xb5, 0xa5, 0x22, 0x36, 0x18, 0x66, 0x72, 0xf9, 0xbe, 0x39, - 0xba, 0xf6, 0x97, 0x2d, 0x18, 0xaa, 0x3b, 0x8d, 0xcd, 0x60, 0x7d, 0x1d, 0x3d, 0x0d, 0xd5, 0x66, - 0x27, 0x32, 0x73, 0x7c, 0x95, 0xe3, 0x60, 0x56, 0xb4, 0x63, 0x85, 0x41, 0xe7, 0xf0, 0xba, 0xd3, - 0x90, 0x29, 0xe6, 0x65, 0x3e, 0x87, 0x2f, 0xb1, 0x16, 0x2c, 0x20, 0xe8, 0x79, 0x18, 0x6e, 0x3b, - 0xdb, 0xf2, 0xe1, 0xac, 0x03, 0x7f, 0x51, 0x83, 0xb0, 0x89, 0x67, 0xff, 0x0b, 0x0b, 0xc6, 0xeb, - 0x4e, 0xec, 0x36, 0xa6, 0x3b, 0xc9, 0x46, 0xdd, 0x4d, 0xd6, 0x3a, 0x8d, 0x4d, 0x92, 0xf0, 0xba, - 0x02, 0xb4, 0x97, 0x9d, 0x98, 0x2e, 0x25, 0xb5, 0xaf, 0x53, 0xbd, 0xbc, 0x2e, 0xda, 0xb1, 0xc2, - 0x40, 0xaf, 0xc3, 0x70, 0xe8, 0xc4, 0xf1, 0xed, 0x20, 0x6a, 0x62, 0xb2, 0x5e, 0x4c, 0x55, 0x8f, - 0x15, 0xd2, 0x88, 0x48, 0x82, 0xc9, 0xba, 0x38, 0xec, 0xd6, 0xf4, 0xb1, 0xc9, 0xcc, 0xfe, 0xa2, - 0x05, 0x8f, 0xd4, 0x89, 0x13, 0x91, 0x88, 0x15, 0x01, 0x51, 0x2f, 0x32, 0xe3, 0x05, 0x9d, 0x26, - 0x7a, 0x0d, 0xaa, 0x09, 0x6d, 0xa6, 0xdd, 0xb2, 0x8a, 0xed, 0x16, 0x3b, 0xab, 0x5e, 0x15, 0xc4, - 0xb1, 0x62, 0x63, 0xff, 0x75, 0x0b, 0x46, 0xd8, 0x71, 0xdb, 0x2c, 0x49, 0x1c, 0xd7, 0xeb, 0xaa, - 0x95, 0x65, 0xf5, 0x59, 0x2b, 0xeb, 0x3c, 0x0c, 0x6c, 0x04, 0x6d, 0x92, 0x3d, 0x2a, 0xbe, 0x1c, - 0xd0, 0x6d, 0x35, 0x85, 0xa0, 0x67, 0xe9, 0x87, 0x77, 0xfd, 0xc4, 0xa1, 0x4b, 0x40, 0xba, 0x73, - 0x4f, 0xf0, 0x8f, 0xae, 0x9a, 0xb1, 0x89, 0x63, 0xff, 0x66, 0x0d, 0x86, 0x44, 0x5c, 0x43, 0xdf, - 0xb5, 0x25, 0xe4, 0xfe, 0xbe, 0xd4, 0x73, 0x7f, 0x1f, 0xc3, 0x60, 0x83, 0x15, 0xed, 0x13, 0x66, - 0xe4, 0xd5, 0x42, 0x02, 0x61, 0x78, 0x1d, 0x40, 0xdd, 0x2d, 0xfe, 0x1f, 0x0b, 0x56, 0xe8, 0x4b, - 0x16, 0x9c, 0x68, 0x04, 0xbe, 0x4f, 0x1a, 0xda, 0xc6, 0x19, 0x28, 0x22, 0xde, 0x61, 0x26, 0x4d, - 0x54, 0x9f, 0xf5, 0x64, 0x00, 0x38, 0xcb, 0x1e, 0xbd, 0x08, 0xa3, 0x7c, 0xcc, 0x6e, 0xa4, 0x7c, - 0xd0, 0xba, 0x84, 0x92, 0x09, 0xc4, 0x69, 0x5c, 0x34, 0xc9, 0x7d, 0xf9, 0xa2, 0x58, 0xd1, 0xa0, - 0x76, 0xd5, 0x19, 0x65, 0x8a, 0x0c, 0x0c, 0x14, 0x01, 0x8a, 0xc8, 0x7a, 0x44, 0xe2, 0x0d, 0x11, - 0xf7, 0xc1, 0xec, 0xab, 0xa1, 0xc3, 0xe5, 0xa1, 0xe3, 0x2e, 0x4a, 0x38, 0x87, 0x3a, 0xda, 0x14, - 0x1b, 0xcc, 0x6a, 0x11, 0x32, 0x54, 0x7c, 0xe6, 0x9e, 0xfb, 0xcc, 0x09, 0xa8, 0xc4, 0x1b, 0x4e, - 0xd4, 0x64, 0x76, 0x5d, 0x99, 0xe7, 0x3e, 0xad, 0xd0, 0x06, 0xcc, 0xdb, 0xd1, 0x2c, 0x9c, 0xcc, - 0x14, 0x80, 0x8a, 0x85, 0xaf, 0x58, 0xe5, 0xb9, 0x64, 0x4a, 0x47, 0xc5, 0xb8, 0xeb, 0x09, 0xd3, - 0xf9, 0x30, 0xbc, 0x8f, 0xf3, 0x61, 0x47, 0x45, 0x17, 0x72, 0x2f, 0xee, 0x4b, 0x85, 0x0c, 0x40, - 0x5f, 0xa1, 0x84, 0x5f, 0xc8, 0x84, 0x12, 0x8e, 0xb2, 0x0e, 0xdc, 0x28, 0xa6, 0x03, 0x07, 0x8f, - 0x1b, 0xbc, 0x9f, 0x71, 0x80, 0x7f, 0x6e, 0x81, 0xfc, 0xae, 0x33, 0x4e, 0x63, 0x83, 0xd0, 0x29, - 0x83, 0xde, 0x07, 0x63, 0x6a, 0x0b, 0x3d, 0x13, 0x74, 0x7c, 0x1e, 0x02, 0x58, 0xd6, 0x87, 0xc2, - 0x38, 0x05, 0xc5, 0x19, 0x6c, 0x34, 0x05, 0x35, 0x3a, 0x4e, 0xfc, 0x51, 0xae, 0x6b, 0xd5, 0x36, - 0x7d, 0x7a, 0x79, 0x5e, 0x3c, 0xa5, 0x71, 0x50, 0x00, 0xa7, 0x3c, 0x27, 0x4e, 0x58, 0x0f, 0xe8, - 0x8e, 0xfa, 0x90, 0x55, 0x20, 0x58, 0x32, 0xc5, 0x42, 0x96, 0x10, 0xee, 0xa6, 0x6d, 0x7f, 0x7b, - 0x00, 0x46, 0x53, 0x92, 0xf1, 0x80, 0x4a, 0xfa, 0x69, 0xa8, 0x4a, 0xbd, 0x99, 0xad, 0x57, 0xa3, - 0x94, 0xab, 0xc2, 0xa0, 0x4a, 0x6b, 0x4d, 0x6b, 0xd5, 0xac, 0x51, 0x61, 0x28, 0x5c, 0x6c, 0xe2, - 0x31, 0xa1, 0x9c, 0x78, 0xf1, 0x8c, 0xe7, 0x12, 0x3f, 0xe1, 0xdd, 0x2c, 0x46, 0x28, 0xaf, 0x2e, - 0xac, 0x98, 0x44, 0xb5, 0x50, 0xce, 0x00, 0x70, 0x96, 0x3d, 0xfa, 0xb4, 0x05, 0xa3, 0xce, 0xed, - 0x58, 0x57, 0x96, 0x15, 0x41, 0x83, 0x47, 0x54, 0x52, 0xa9, 0x62, 0xb5, 0xdc, 0xe5, 0x9b, 0x6a, - 0xc2, 0x69, 0xa6, 0xe8, 0x4d, 0x0b, 0x10, 0xd9, 0x26, 0x0d, 0x19, 0xd6, 0x28, 0xfa, 0x32, 0x58, - 0xc4, 0x4e, 0xf3, 0x62, 0x17, 0x5d, 0x2e, 0xd5, 0xbb, 0xdb, 0x71, 0x4e, 0x1f, 0xec, 0x7f, 0x5a, - 0x56, 0x0b, 0x4a, 0x47, 0xd2, 0x3a, 0x46, 0x44, 0x9f, 0x75, 0xf8, 0x88, 0x3e, 0x1d, 0x91, 0xd0, - 0x9d, 0x5c, 0x9a, 0xca, 0x45, 0x2b, 0xdd, 0xa7, 0x5c, 0xb4, 0x9f, 0xb6, 0x52, 0x95, 0x99, 0x86, - 0x2f, 0xbc, 0x5c, 0x6c, 0x14, 0xef, 0x24, 0x8f, 0x96, 0xc8, 0x48, 0xf7, 0x74, 0x90, 0x0c, 0x95, - 0xa6, 0x06, 0xda, 0x81, 0xa4, 0xe1, 0xbf, 0x2f, 0xc3, 0xb0, 0xa1, 0x49, 0x73, 0xcd, 0x22, 0xeb, - 0x01, 0x33, 0x8b, 0x4a, 0x07, 0x30, 0x8b, 0x7e, 0x0a, 0x6a, 0x0d, 0x29, 0xe5, 0x8b, 0xa9, 0x4d, - 0x9c, 0xd5, 0x1d, 0x5a, 0xd0, 0xab, 0x26, 0xac, 0x79, 0xa2, 0xb9, 0x54, 0x06, 0x93, 0xd0, 0x10, - 0x03, 0x4c, 0x43, 0xe4, 0xa5, 0x18, 0x09, 0x4d, 0xd1, 0xfd, 0x0c, 0x2b, 0xe0, 0x15, 0xba, 0xe2, - 0xbd, 0x64, 0xac, 0x3d, 0x2f, 0xe0, 0xb5, 0x3c, 0x2f, 0x9b, 0xb1, 0x89, 0x63, 0x7f, 0xdb, 0x52, - 0x1f, 0xf7, 0x1e, 0x94, 0xaa, 0xb8, 0x95, 0x2e, 0x55, 0x71, 0xb1, 0x90, 0x61, 0xee, 0x51, 0xa3, - 0xe2, 0x1a, 0x0c, 0xcd, 0x04, 0xed, 0xb6, 0xe3, 0x37, 0xd1, 0x0f, 0xc1, 0x50, 0x83, 0xff, 0x14, - 0x8e, 0x1d, 0x76, 0x3c, 0x28, 0xa0, 0x58, 0xc2, 0xd0, 0xa3, 0x30, 0xe0, 0x44, 0x2d, 0xe9, 0xcc, - 0x61, 0xc1, 0x35, 0xd3, 0x51, 0x2b, 0xc6, 0xac, 0xd5, 0xfe, 0x87, 0x03, 0xc0, 0xce, 0xb4, 0x9d, - 0x88, 0x34, 0x57, 0x03, 0x56, 0x1b, 0xf1, 0x58, 0x0f, 0xd5, 0xf4, 0x66, 0xe9, 0x41, 0x3e, 0x58, - 0x33, 0x0e, 0x57, 0xca, 0xf7, 0xf8, 0x70, 0xa5, 0xc7, 0x79, 0xd9, 0xc0, 0x03, 0x74, 0x5e, 0x66, - 0x7f, 0xde, 0x02, 0xa4, 0x02, 0x21, 0xf4, 0x81, 0xf6, 0x14, 0xd4, 0x54, 0x48, 0x84, 0x30, 0xac, - 0xb4, 0x88, 0x90, 0x00, 0xac, 0x71, 0xfa, 0xd8, 0x21, 0x3f, 0x21, 0xe5, 0x77, 0x39, 0x1d, 0x97, - 0xcb, 0xa4, 0xbe, 0x10, 0xe7, 0xf6, 0x6f, 0x95, 0xe0, 0x21, 0xae, 0x92, 0x17, 0x1d, 0xdf, 0x69, - 0x91, 0x36, 0xed, 0x55, 0xbf, 0x21, 0x0a, 0x0d, 0xba, 0x35, 0x73, 0x65, 0x9c, 0xed, 0x51, 0xd7, - 0x2e, 0x5f, 0x73, 0x7c, 0x95, 0xcd, 0xfb, 0x6e, 0x82, 0x19, 0x71, 0x14, 0x43, 0x55, 0x16, 0xee, - 0x17, 0xb2, 0xb8, 0x20, 0x46, 0x4a, 0x2c, 0x09, 0xbd, 0x49, 0xb0, 0x62, 0x44, 0x0d, 0x57, 0x2f, - 0x68, 0x6c, 0x62, 0x12, 0x06, 0x4c, 0xee, 0x1a, 0x61, 0x8e, 0x0b, 0xa2, 0x1d, 0x2b, 0x0c, 0xfb, - 0xb7, 0x2c, 0xc8, 0x6a, 0x24, 0xa3, 0x08, 0x9d, 0xb5, 0x67, 0x11, 0xba, 0x03, 0x54, 0x81, 0xfb, - 0x09, 0x18, 0x76, 0x12, 0x6a, 0x44, 0xf0, 0x6d, 0x77, 0xf9, 0x70, 0xc7, 0x1a, 0x8b, 0x41, 0xd3, - 0x5d, 0x77, 0xd9, 0x76, 0xdb, 0x24, 0x67, 0xff, 0x8f, 0x01, 0x38, 0xd5, 0x95, 0x95, 0x82, 0x5e, - 0x80, 0x91, 0x86, 0x98, 0x1e, 0xa1, 0x74, 0x68, 0xd5, 0xcc, 0xb0, 0x38, 0x0d, 0xc3, 0x29, 0xcc, - 0x3e, 0x26, 0xe8, 0x3c, 0x9c, 0x8e, 0xe8, 0x46, 0xbf, 0x43, 0xa6, 0xd7, 0x13, 0x12, 0xad, 0x90, - 0x46, 0xe0, 0x37, 0x79, 0xa9, 0xc4, 0x72, 0xfd, 0xe1, 0x3b, 0xbb, 0x13, 0xa7, 0x71, 0x37, 0x18, - 0xe7, 0x3d, 0x83, 0x42, 0x18, 0xf5, 0x4c, 0x1b, 0x50, 0x6c, 0x00, 0x0e, 0x65, 0x3e, 0x2a, 0x1b, - 0x21, 0xd5, 0x8c, 0xd3, 0x0c, 0xd2, 0x86, 0x64, 0xe5, 0x3e, 0x19, 0x92, 0x9f, 0xd2, 0x86, 0x24, - 0x3f, 0x7f, 0xff, 0x50, 0xc1, 0x59, 0x49, 0xc7, 0x6d, 0x49, 0xbe, 0x04, 0x55, 0x19, 0x9b, 0xd4, - 0x57, 0x4c, 0x8f, 0x49, 0xa7, 0x87, 0x44, 0x7b, 0x12, 0x7e, 0xf0, 0x62, 0x14, 0x19, 0x83, 0x79, - 0x2d, 0x48, 0xa6, 0x3d, 0x2f, 0xb8, 0x4d, 0x95, 0xf4, 0xf5, 0x98, 0x08, 0x0f, 0x8b, 0x7d, 0xb7, - 0x04, 0x39, 0x9b, 0x15, 0xba, 0x1e, 0xb5, 0x65, 0x90, 0x5a, 0x8f, 0x07, 0xb3, 0x0e, 0xd0, 0x36, - 0x8f, 0xdf, 0xe2, 0x3a, 0xf0, 0x83, 0x45, 0x6f, 0xb6, 0x74, 0x48, 0x97, 0x4a, 0xa6, 0x50, 0x61, - 0x5d, 0x17, 0x00, 0xb4, 0x41, 0x27, 0x42, 0xe5, 0xd5, 0xf1, 0xb0, 0xb6, 0xfb, 0xb0, 0x81, 0x45, - 0xf7, 0xde, 0xae, 0x1f, 0x27, 0x8e, 0xe7, 0x5d, 0x76, 0xfd, 0x44, 0x38, 0x11, 0x95, 0xb2, 0x9f, - 0xd7, 0x20, 0x6c, 0xe2, 0x9d, 0x7b, 0x8f, 0xf1, 0xfd, 0x0e, 0xf2, 0xdd, 0x37, 0xe0, 0x91, 0x39, - 0x37, 0x51, 0x09, 0x1e, 0x6a, 0xbe, 0x51, 0x7b, 0x4d, 0x25, 0x2c, 0x59, 0x3d, 0x13, 0x96, 0x8c, - 0x04, 0x8b, 0x52, 0x3a, 0x1f, 0x24, 0x9b, 0x60, 0x61, 0xbf, 0x00, 0x67, 0xe6, 0xdc, 0xe4, 0x92, - 0xeb, 0x91, 0x03, 0x32, 0xb1, 0x7f, 0x63, 0x10, 0x46, 0xcc, 0x54, 0xc5, 0x83, 0xe4, 0x5c, 0x7d, - 0x91, 0x9a, 0x64, 0xe2, 0xed, 0x5c, 0x75, 0xb8, 0x76, 0xf3, 0xc8, 0x79, 0x93, 0xf9, 0x23, 0x66, - 0x58, 0x65, 0x9a, 0x27, 0x36, 0x3b, 0x80, 0x6e, 0x43, 0x65, 0x9d, 0x25, 0x00, 0x94, 0x8b, 0x88, - 0x40, 0xc8, 0x1b, 0x51, 0xbd, 0x1c, 0x79, 0x0a, 0x01, 0xe7, 0x47, 0x35, 0x69, 0x94, 0xce, 0x2a, - 0x33, 0x82, 0x56, 0x45, 0x3e, 0x99, 0xc2, 0xe8, 0xa5, 0x12, 0x2a, 0x87, 0x50, 0x09, 0x29, 0x01, - 0x3d, 0x78, 0x9f, 0x04, 0x34, 0x4b, 0xe6, 0x48, 0x36, 0x98, 0x9d, 0x27, 0xa2, 0xec, 0x87, 0xd8, - 0x20, 0x18, 0xc9, 0x1c, 0x29, 0x30, 0xce, 0xe2, 0xa3, 0x8f, 0x2b, 0x11, 0x5f, 0x2d, 0xc2, 0xff, - 0x6a, 0xce, 0xe8, 0xe3, 0x96, 0xee, 0x9f, 0x2f, 0xc1, 0xd8, 0x9c, 0xdf, 0x59, 0x9e, 0x5b, 0xee, - 0xac, 0x79, 0x6e, 0xe3, 0x2a, 0xd9, 0xa1, 0x22, 0x7c, 0x93, 0xec, 0xcc, 0xcf, 0x8a, 0x15, 0xa4, - 0xe6, 0xcc, 0x55, 0xda, 0x88, 0x39, 0x8c, 0x0a, 0xa3, 0x75, 0xd7, 0x6f, 0x91, 0x28, 0x8c, 0x5c, - 0xe1, 0x1a, 0x35, 0x84, 0xd1, 0x25, 0x0d, 0xc2, 0x26, 0x1e, 0xa5, 0x1d, 0xdc, 0xf6, 0x49, 0x94, - 0x35, 0x78, 0x97, 0x68, 0x23, 0xe6, 0x30, 0x8a, 0x94, 0x44, 0x9d, 0x38, 0x11, 0x93, 0x51, 0x21, - 0xad, 0xd2, 0x46, 0xcc, 0x61, 0x74, 0xa5, 0xc7, 0x9d, 0x35, 0x16, 0xe0, 0x91, 0x09, 0xe9, 0x5f, - 0xe1, 0xcd, 0x58, 0xc2, 0x29, 0xea, 0x26, 0xd9, 0x99, 0xa5, 0xbb, 0xe3, 0x4c, 0x66, 0xcf, 0x55, - 0xde, 0x8c, 0x25, 0x9c, 0xd5, 0x82, 0x4c, 0x0f, 0xc7, 0xf7, 0x5c, 0x2d, 0xc8, 0x74, 0xf7, 0x7b, - 0xec, 0xb3, 0x7f, 0xc9, 0x82, 0x11, 0x33, 0x2c, 0x0b, 0xb5, 0x32, 0xb6, 0xf0, 0x52, 0x57, 0x29, - 0xe1, 0x1f, 0xcb, 0xbb, 0x87, 0xad, 0xe5, 0x26, 0x41, 0x18, 0x3f, 0x43, 0xfc, 0x96, 0xeb, 0x13, - 0x76, 0xda, 0xce, 0xc3, 0xb9, 0x52, 0x31, 0x5f, 0x33, 0x41, 0x93, 0x1c, 0xc2, 0x98, 0xb6, 0x6f, - 0xc2, 0xa9, 0xae, 0x74, 0xae, 0x3e, 0x4c, 0x90, 0x7d, 0x93, 0x69, 0x6d, 0x0c, 0xc3, 0x94, 0xb0, - 0xac, 0x47, 0x34, 0x03, 0xa7, 0xf8, 0x42, 0xa2, 0x9c, 0x56, 0x1a, 0x1b, 0xa4, 0xad, 0x52, 0xf4, - 0x98, 0x1f, 0xfe, 0x46, 0x16, 0x88, 0xbb, 0xf1, 0xed, 0x2f, 0x58, 0x30, 0x9a, 0xca, 0xb0, 0x2b, - 0xc8, 0x58, 0x62, 0x2b, 0x2d, 0x60, 0x51, 0x82, 0x2c, 0x54, 0xba, 0xcc, 0x94, 0xa9, 0x5e, 0x69, - 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0xcb, 0x25, 0xa8, 0xca, 0x48, 0x8b, 0x3e, 0xba, 0xf2, 0x39, 0x0b, - 0x46, 0xd5, 0xd9, 0x07, 0x73, 0xaa, 0x95, 0x8a, 0x48, 0x87, 0xa0, 0x3d, 0x50, 0xdb, 0x72, 0x7f, - 0x3d, 0xd0, 0x96, 0x3b, 0x36, 0x99, 0xe1, 0x34, 0x6f, 0x74, 0x03, 0x20, 0xde, 0x89, 0x13, 0xd2, - 0x36, 0xdc, 0x7b, 0xb6, 0xb1, 0xe2, 0x26, 0x1b, 0x41, 0x44, 0xe8, 0xfa, 0xba, 0x16, 0x34, 0xc9, - 0x8a, 0xc2, 0xd4, 0x26, 0x94, 0x6e, 0xc3, 0x06, 0x25, 0xfb, 0xef, 0x97, 0xe0, 0x64, 0xb6, 0x4b, - 0xe8, 0x43, 0x30, 0x22, 0xb9, 0x1b, 0x57, 0xca, 0xc9, 0xf0, 0x92, 0x11, 0x6c, 0xc0, 0xee, 0xee, - 0x4e, 0x4c, 0x74, 0xdf, 0xe9, 0x37, 0x69, 0xa2, 0xe0, 0x14, 0x31, 0x7e, 0x00, 0x25, 0x4e, 0x4a, - 0xeb, 0x3b, 0xd3, 0x61, 0x28, 0x4e, 0x91, 0x8c, 0x03, 0x28, 0x13, 0x8a, 0x33, 0xd8, 0x68, 0x19, - 0xce, 0x18, 0x2d, 0xd7, 0x88, 0xdb, 0xda, 0x58, 0x0b, 0x22, 0xb9, 0x03, 0x7b, 0x54, 0x07, 0x80, - 0x75, 0xe3, 0xe0, 0xdc, 0x27, 0xa9, 0xb6, 0x6f, 0x38, 0xa1, 0xd3, 0x70, 0x93, 0x1d, 0xe1, 0xaf, - 0x54, 0xb2, 0x69, 0x46, 0xb4, 0x63, 0x85, 0x61, 0x2f, 0xc2, 0x40, 0x9f, 0x33, 0xa8, 0x2f, 0xcb, - 0xff, 0x25, 0xa8, 0x52, 0x72, 0xd2, 0xbc, 0x2b, 0x82, 0x64, 0x00, 0x55, 0x79, 0xd5, 0x0b, 0xb2, - 0xa1, 0xec, 0x3a, 0xf2, 0x8c, 0x4f, 0xbd, 0xd6, 0x7c, 0x1c, 0x77, 0xd8, 0x66, 0x9a, 0x02, 0xd1, - 0x13, 0x50, 0x26, 0xdb, 0x61, 0xf6, 0x30, 0xef, 0xe2, 0x76, 0xe8, 0x46, 0x24, 0xa6, 0x48, 0x64, - 0x3b, 0x44, 0xe7, 0xa0, 0xe4, 0x36, 0x85, 0x92, 0x02, 0x81, 0x53, 0x9a, 0x9f, 0xc5, 0x25, 0xb7, - 0x69, 0x6f, 0x43, 0x4d, 0xdd, 0x2d, 0x83, 0x36, 0xa5, 0xec, 0xb6, 0x8a, 0x08, 0x8d, 0x92, 0x74, - 0x7b, 0x48, 0xed, 0x0e, 0x80, 0x4e, 0x35, 0x2c, 0x4a, 0xbe, 0x9c, 0x87, 0x81, 0x46, 0x20, 0xd2, - 0xa0, 0xab, 0x9a, 0x0c, 0x13, 0xda, 0x0c, 0x62, 0xdf, 0x84, 0xb1, 0xab, 0x7e, 0x70, 0x9b, 0x15, - 0xc6, 0x67, 0x75, 0xe0, 0x28, 0xe1, 0x75, 0xfa, 0x23, 0x6b, 0x22, 0x30, 0x28, 0xe6, 0x30, 0x55, - 0xa1, 0xaa, 0xd4, 0xab, 0x42, 0x95, 0xfd, 0x09, 0x0b, 0x46, 0x54, 0xce, 0xd2, 0xdc, 0xd6, 0x26, - 0xa5, 0xdb, 0x8a, 0x82, 0x4e, 0x98, 0xa5, 0xcb, 0x6e, 0x7f, 0xc2, 0x1c, 0x66, 0x26, 0xf3, 0x95, - 0xf6, 0x49, 0xe6, 0x3b, 0x0f, 0x03, 0x9b, 0xae, 0xdf, 0xcc, 0x5e, 0x67, 0x72, 0xd5, 0xf5, 0x9b, - 0x98, 0x41, 0x68, 0x17, 0x4e, 0xaa, 0x2e, 0x48, 0x85, 0xf0, 0x02, 0x8c, 0xac, 0x75, 0x5c, 0xaf, - 0x29, 0x0b, 0xdc, 0x65, 0x3c, 0x2a, 0x75, 0x03, 0x86, 0x53, 0x98, 0x74, 0x5f, 0xb7, 0xe6, 0xfa, - 0x4e, 0xb4, 0xb3, 0xac, 0x35, 0x90, 0x12, 0x4a, 0x75, 0x05, 0xc1, 0x06, 0x96, 0xfd, 0x46, 0x19, - 0xc6, 0xd2, 0x99, 0x5b, 0x7d, 0x6c, 0xaf, 0x9e, 0x80, 0x0a, 0x4b, 0xe6, 0xca, 0x7e, 0x5a, 0x5e, - 0x13, 0x8e, 0xc3, 0x50, 0x0c, 0x83, 0xbc, 0x0c, 0x44, 0x31, 0x57, 0x01, 0xa9, 0x4e, 0x2a, 0x3f, - 0x0c, 0x8b, 0x3b, 0x13, 0x95, 0x27, 0x04, 0x2b, 0xf4, 0x69, 0x0b, 0x86, 0x82, 0xd0, 0xac, 0x6c, - 0xf4, 0xc1, 0x22, 0xb3, 0xda, 0x44, 0x52, 0x8d, 0xb0, 0x88, 0xd5, 0xa7, 0x97, 0x9f, 0x43, 0xb2, - 0x3e, 0xf7, 0x5e, 0x18, 0x31, 0x31, 0xf7, 0x33, 0x8a, 0xab, 0xa6, 0x51, 0xfc, 0x39, 0x73, 0x52, - 0x88, 0xbc, 0xbd, 0x3e, 0x96, 0xdb, 0x75, 0xa8, 0x34, 0x54, 0xa0, 0xc0, 0xa1, 0xca, 0xa2, 0xaa, - 0xba, 0x0c, 0xec, 0xb0, 0x88, 0x53, 0xb3, 0xbf, 0x6d, 0x19, 0xf3, 0x03, 0x93, 0x78, 0xbe, 0x89, - 0x22, 0x28, 0xb7, 0xb6, 0x36, 0x85, 0x29, 0x7a, 0xa5, 0xa0, 0xe1, 0x9d, 0xdb, 0xda, 0xd4, 0x73, - 0xdc, 0x6c, 0xc5, 0x94, 0x59, 0x1f, 0xce, 0xc2, 0x54, 0x7a, 0x67, 0x79, 0xff, 0xf4, 0x4e, 0xfb, - 0xcd, 0x12, 0x9c, 0xea, 0x9a, 0x54, 0xe8, 0x75, 0xa8, 0x44, 0xf4, 0x2d, 0xc5, 0xeb, 0x2d, 0x14, - 0x96, 0x90, 0x19, 0xcf, 0x37, 0xb5, 0xde, 0x4d, 0xb7, 0x63, 0xce, 0x12, 0x5d, 0x01, 0xa4, 0xc3, - 0x59, 0x94, 0xa7, 0x92, 0xbf, 0xf2, 0x39, 0xf1, 0x28, 0x9a, 0xee, 0xc2, 0xc0, 0x39, 0x4f, 0xa1, - 0x17, 0xb3, 0x0e, 0xcf, 0x72, 0xfa, 0x7c, 0x73, 0x2f, 0xdf, 0xa5, 0xfd, 0xcf, 0x4a, 0x30, 0x9a, - 0x2a, 0x34, 0x85, 0x3c, 0xa8, 0x12, 0x8f, 0x39, 0xff, 0xa5, 0xb2, 0x39, 0x6a, 0xd9, 0x68, 0xa5, - 0x20, 0x2f, 0x0a, 0xba, 0x58, 0x71, 0x78, 0x30, 0x0e, 0xe1, 0x5f, 0x80, 0x11, 0xd9, 0xa1, 0x0f, - 0x3a, 0x6d, 0x4f, 0x0c, 0xa0, 0x9a, 0xa3, 0x17, 0x0d, 0x18, 0x4e, 0x61, 0xda, 0xbf, 0x5d, 0x86, - 0x71, 0x7e, 0x5a, 0xd2, 0x54, 0x33, 0x6f, 0x51, 0xee, 0xb7, 0xfe, 0xb2, 0x2e, 0x07, 0xc7, 0x07, - 0x72, 0xed, 0xa8, 0xb7, 0x34, 0xe4, 0x33, 0xea, 0x2b, 0x82, 0xeb, 0x6b, 0x99, 0x08, 0x2e, 0x6e, - 0x76, 0xb7, 0x8e, 0xa9, 0x47, 0xdf, 0x5b, 0x21, 0x5d, 0x7f, 0xa7, 0x04, 0x27, 0x32, 0x57, 0x60, - 0xa0, 0x37, 0xd2, 0x55, 0x93, 0xad, 0x22, 0x7c, 0xea, 0x7b, 0xde, 0x8a, 0x70, 0xb0, 0xda, 0xc9, - 0xf7, 0x69, 0xa9, 0xd8, 0x7f, 0x50, 0x82, 0xb1, 0xf4, 0xdd, 0x1d, 0x0f, 0xe0, 0x48, 0xbd, 0x0b, - 0x6a, 0xac, 0x3c, 0x3d, 0xbb, 0x93, 0x94, 0xbb, 0xe4, 0x79, 0x25, 0x70, 0xd9, 0x88, 0x35, 0xfc, - 0x81, 0x28, 0x49, 0x6d, 0xff, 0x5d, 0x0b, 0xce, 0xf2, 0xb7, 0xcc, 0xce, 0xc3, 0xbf, 0x92, 0x37, - 0xba, 0xaf, 0x14, 0xdb, 0xc1, 0x4c, 0x19, 0xc3, 0xfd, 0xc6, 0x97, 0xdd, 0x85, 0x28, 0x7a, 0x9b, - 0x9e, 0x0a, 0x0f, 0x60, 0x67, 0x0f, 0x34, 0x19, 0xec, 0x3f, 0x28, 0x83, 0xbe, 0xfe, 0x11, 0xb9, - 0x22, 0x17, 0xb2, 0x90, 0x72, 0x8e, 0x2b, 0x3b, 0x7e, 0x43, 0x5f, 0x34, 0x59, 0xcd, 0xa4, 0x42, - 0xfe, 0xac, 0x05, 0xc3, 0xae, 0xef, 0x26, 0xae, 0xc3, 0xb6, 0xd1, 0xc5, 0x5c, 0x4d, 0xa7, 0xd8, - 0xcd, 0x73, 0xca, 0x41, 0x64, 0x9e, 0xe3, 0x28, 0x66, 0xd8, 0xe4, 0x8c, 0x3e, 0x22, 0x82, 0xac, - 0xcb, 0x85, 0x65, 0xf1, 0x56, 0x33, 0x91, 0xd5, 0x21, 0x35, 0xbc, 0x92, 0xa8, 0xa0, 0xe4, 0x77, - 0x4c, 0x49, 0xa9, 0xca, 0xc0, 0xfa, 0x22, 0x6e, 0xda, 0x8c, 0x39, 0x23, 0x3b, 0x06, 0xd4, 0x3d, - 0x16, 0x07, 0x0c, 0x60, 0x9d, 0x82, 0x9a, 0xd3, 0x49, 0x82, 0x36, 0x1d, 0x26, 0x71, 0xd4, 0xa4, - 0x43, 0x74, 0x25, 0x00, 0x6b, 0x1c, 0xfb, 0x8d, 0x0a, 0x64, 0x92, 0x13, 0xd1, 0xb6, 0x79, 0x75, - 0xa9, 0x55, 0xec, 0xd5, 0xa5, 0xaa, 0x33, 0x79, 0xd7, 0x97, 0xa2, 0x16, 0x54, 0xc2, 0x0d, 0x27, - 0x96, 0x66, 0xf5, 0x4b, 0x6a, 0x1f, 0x47, 0x1b, 0xef, 0xee, 0x4e, 0xfc, 0x78, 0x7f, 0x5e, 0x57, - 0x3a, 0x57, 0xa7, 0x78, 0x99, 0x13, 0xcd, 0x9a, 0xd1, 0xc0, 0x9c, 0xfe, 0x41, 0x2e, 0xe7, 0xfb, - 0xa4, 0xa8, 0xc3, 0x8f, 0x49, 0xdc, 0xf1, 0x12, 0x31, 0x1b, 0x5e, 0x2a, 0x70, 0x95, 0x71, 0xc2, - 0x3a, 0xad, 0x9e, 0xff, 0xc7, 0x06, 0x53, 0xf4, 0x21, 0xa8, 0xc5, 0x89, 0x13, 0x25, 0x87, 0x4c, - 0x84, 0x55, 0x83, 0xbe, 0x22, 0x89, 0x60, 0x4d, 0x0f, 0xbd, 0xcc, 0xaa, 0xdb, 0xba, 0xf1, 0xc6, - 0x21, 0x73, 0x23, 0x64, 0x25, 0x5c, 0x41, 0x01, 0x1b, 0xd4, 0xd0, 0x05, 0x00, 0x36, 0xb7, 0x79, - 0x40, 0x60, 0x95, 0x79, 0x99, 0x94, 0x28, 0xc4, 0x0a, 0x82, 0x0d, 0x2c, 0xfb, 0x87, 0x21, 0x5d, - 0x17, 0x02, 0x4d, 0xc8, 0x32, 0x14, 0xdc, 0x0b, 0xcd, 0x72, 0x1c, 0x52, 0x15, 0x23, 0x7e, 0xcd, - 0x02, 0xb3, 0x78, 0x05, 0x7a, 0x8d, 0x57, 0xc9, 0xb0, 0x8a, 0x38, 0x39, 0x34, 0xe8, 0x4e, 0x2e, - 0x3a, 0x61, 0xe6, 0x08, 0x5b, 0x96, 0xca, 0x38, 0xf7, 0x1e, 0xa8, 0x4a, 0xe8, 0x81, 0x8c, 0xba, - 0x8f, 0xc3, 0xe9, 0xec, 0xc5, 0xee, 0xe2, 0xd4, 0x69, 0x7f, 0xd7, 0x8f, 0xf4, 0xe7, 0x94, 0x7a, - 0xf9, 0x73, 0xfa, 0xb8, 0xc0, 0xf6, 0xd7, 0x2d, 0x38, 0xbf, 0xdf, 0xfd, 0xf3, 0xe8, 0x51, 0x18, - 0xb8, 0xed, 0x44, 0xb2, 0xec, 0x38, 0x13, 0x94, 0x37, 0x9d, 0xc8, 0xc7, 0xac, 0x15, 0xed, 0xc0, - 0x20, 0x8f, 0x1a, 0x13, 0xd6, 0xfa, 0x4b, 0xc5, 0xde, 0x86, 0x7f, 0x95, 0x18, 0xdb, 0x05, 0x1e, - 0xb1, 0x86, 0x05, 0x43, 0xfb, 0x3b, 0x16, 0xa0, 0xa5, 0x2d, 0x12, 0x45, 0x6e, 0xd3, 0x88, 0x73, - 0x63, 0xf7, 0xd9, 0x18, 0xf7, 0xd6, 0x98, 0xa9, 0xb0, 0x99, 0xfb, 0x6c, 0x8c, 0x7f, 0xf9, 0xf7, - 0xd9, 0x94, 0x0e, 0x76, 0x9f, 0x0d, 0x5a, 0x82, 0xb3, 0x6d, 0xbe, 0xdd, 0xe0, 0x77, 0x44, 0xf0, - 0xbd, 0x87, 0x4a, 0x3c, 0x7b, 0xe4, 0xce, 0xee, 0xc4, 0xd9, 0xc5, 0x3c, 0x04, 0x9c, 0xff, 0x9c, - 0xfd, 0x1e, 0x40, 0x3c, 0xbc, 0x6d, 0x26, 0x2f, 0x56, 0xa9, 0xa7, 0xfb, 0xc5, 0xfe, 0x6a, 0x05, - 0x4e, 0x64, 0x8a, 0xd2, 0xd2, 0xad, 0x5e, 0x77, 0x70, 0xd4, 0x91, 0xf5, 0x77, 0x77, 0xf7, 0xfa, - 0x0a, 0xb7, 0xf2, 0xa1, 0xe2, 0xfa, 0x61, 0x27, 0x29, 0x26, 0xd7, 0x94, 0x77, 0x62, 0x9e, 0x12, - 0x34, 0xdc, 0xc5, 0xf4, 0x2f, 0xe6, 0x6c, 0x8a, 0x0c, 0xde, 0x4a, 0x19, 0xe3, 0x03, 0xf7, 0xc9, - 0x1d, 0xf0, 0x49, 0x1d, 0x4a, 0x55, 0x29, 0xc2, 0xb1, 0x98, 0x99, 0x2c, 0xc7, 0x7d, 0xd4, 0xfe, - 0xab, 0x25, 0x18, 0x36, 0x3e, 0x1a, 0xfa, 0xc5, 0x74, 0x69, 0x27, 0xab, 0xb8, 0x57, 0x62, 0xf4, - 0x27, 0x75, 0xf1, 0x26, 0xfe, 0x4a, 0x4f, 0x76, 0x57, 0x75, 0xba, 0xbb, 0x3b, 0x71, 0x32, 0x53, - 0xb7, 0x29, 0x55, 0xe9, 0xe9, 0xdc, 0xc7, 0xe0, 0x44, 0x86, 0x4c, 0xce, 0x2b, 0xaf, 0xa6, 0xef, - 0xed, 0x3f, 0xa2, 0x5b, 0xca, 0x1c, 0xb2, 0x6f, 0xd2, 0x21, 0x13, 0xe9, 0x76, 0x81, 0x47, 0xfa, - 0xf0, 0xc1, 0x66, 0xb2, 0x6a, 0x4b, 0x7d, 0x66, 0xd5, 0x3e, 0x05, 0xd5, 0x30, 0xf0, 0xdc, 0x86, - 0xab, 0xea, 0x1f, 0xb2, 0x3c, 0xde, 0x65, 0xd1, 0x86, 0x15, 0x14, 0xdd, 0x86, 0xda, 0xad, 0xdb, - 0x09, 0x3f, 0xfd, 0x11, 0xfe, 0xed, 0xa2, 0x0e, 0x7d, 0x94, 0xd1, 0xa2, 0x8e, 0x97, 0xb0, 0xe6, - 0x85, 0x6c, 0x18, 0x64, 0x4a, 0x50, 0xa6, 0x08, 0x30, 0xdf, 0x3b, 0xd3, 0x8e, 0x31, 0x16, 0x10, - 0xfb, 0x1b, 0x35, 0x38, 0x93, 0x57, 0x19, 0x1c, 0x7d, 0x14, 0x06, 0x79, 0x1f, 0x8b, 0xb9, 0x7c, - 0x22, 0x8f, 0xc7, 0x1c, 0x23, 0x28, 0xba, 0xc5, 0x7e, 0x63, 0xc1, 0x53, 0x70, 0xf7, 0x9c, 0x35, - 0x31, 0x43, 0x8e, 0x87, 0xfb, 0x82, 0xa3, 0xb9, 0x2f, 0x38, 0x9c, 0xbb, 0xe7, 0xac, 0xa1, 0x6d, - 0xa8, 0xb4, 0xdc, 0x84, 0x38, 0xc2, 0x89, 0x70, 0xf3, 0x58, 0x98, 0x13, 0x87, 0x5b, 0x69, 0xec, - 0x27, 0xe6, 0x0c, 0xd1, 0xd7, 0x2d, 0x38, 0xb1, 0x96, 0x4e, 0xa1, 0x17, 0xc2, 0xd3, 0x39, 0x86, - 0xea, 0xef, 0x69, 0x46, 0xfc, 0x42, 0xa7, 0x4c, 0x23, 0xce, 0x76, 0x07, 0x7d, 0xca, 0x82, 0xa1, - 0x75, 0xd7, 0x33, 0x0a, 0xf0, 0x1e, 0xc3, 0xc7, 0xb9, 0xc4, 0x18, 0xe8, 0x1d, 0x07, 0xff, 0x1f, - 0x63, 0xc9, 0xb9, 0x97, 0xa6, 0x1a, 0x3c, 0xaa, 0xa6, 0x1a, 0xba, 0x4f, 0x9a, 0xea, 0xb3, 0x16, - 0xd4, 0xd4, 0x48, 0x8b, 0xb4, 0xe8, 0x0f, 0x1d, 0xe3, 0x27, 0xe7, 0x9e, 0x13, 0xf5, 0x17, 0x6b, - 0xe6, 0xe8, 0x4b, 0x16, 0x0c, 0x3b, 0xaf, 0x77, 0x22, 0xd2, 0x24, 0x5b, 0x41, 0x18, 0x8b, 0xdb, - 0x20, 0x5f, 0x29, 0xbe, 0x33, 0xd3, 0x94, 0xc9, 0x2c, 0xd9, 0x5a, 0x0a, 0x63, 0x91, 0xbe, 0xa4, - 0x1b, 0xb0, 0xd9, 0x05, 0x7b, 0xb7, 0x04, 0x13, 0xfb, 0x50, 0x40, 0x2f, 0xc0, 0x48, 0x10, 0xb5, - 0x1c, 0xdf, 0x7d, 0xdd, 0xac, 0x89, 0xa1, 0xac, 0xac, 0x25, 0x03, 0x86, 0x53, 0x98, 0x66, 0xe2, - 0x76, 0x69, 0x9f, 0xc4, 0xed, 0xf3, 0x30, 0x10, 0x91, 0x30, 0xc8, 0x6e, 0x16, 0x58, 0xea, 0x00, - 0x83, 0xa0, 0xc7, 0xa0, 0xec, 0x84, 0xae, 0x08, 0x44, 0x53, 0x7b, 0xa0, 0xe9, 0xe5, 0x79, 0x4c, - 0xdb, 0x53, 0x75, 0x24, 0x2a, 0xf7, 0xa4, 0x8e, 0x04, 0x55, 0x03, 0xe2, 0xec, 0x62, 0x50, 0xab, - 0x81, 0xf4, 0x99, 0x82, 0xfd, 0x66, 0x19, 0x1e, 0xdb, 0x73, 0xbe, 0xe8, 0x38, 0x3c, 0x6b, 0x8f, - 0x38, 0x3c, 0x39, 0x3c, 0xa5, 0xfd, 0x86, 0xa7, 0xdc, 0x63, 0x78, 0x3e, 0x45, 0x97, 0x81, 0xac, - 0x25, 0x52, 0xcc, 0x7d, 0x7e, 0xbd, 0x4a, 0x93, 0x88, 0x15, 0x20, 0xa1, 0x58, 0xf3, 0xa5, 0x7b, - 0x80, 0x54, 0xd2, 0x72, 0xa5, 0x08, 0x35, 0xd0, 0xb3, 0xb6, 0x08, 0x9f, 0xfb, 0xbd, 0x32, 0xa1, - 0xed, 0x9f, 0x2b, 0xc1, 0x13, 0x7d, 0x48, 0x6f, 0x73, 0x16, 0x5b, 0x7d, 0xce, 0xe2, 0xef, 0xed, - 0xcf, 0x64, 0xff, 0x55, 0x0b, 0xce, 0xf5, 0x56, 0x1e, 0xe8, 0x59, 0x18, 0x5e, 0x8b, 0x1c, 0xbf, - 0xb1, 0xc1, 0xee, 0x28, 0x95, 0x83, 0xc2, 0xc6, 0x5a, 0x37, 0x63, 0x13, 0x87, 0x6e, 0x6f, 0x79, - 0x4c, 0x82, 0x81, 0x21, 0x93, 0x4c, 0xe9, 0xf6, 0x76, 0x35, 0x0b, 0xc4, 0xdd, 0xf8, 0xf6, 0x9f, - 0x95, 0xf2, 0xbb, 0xc5, 0x8d, 0x8c, 0x83, 0x7c, 0x27, 0xf1, 0x15, 0x4a, 0x7d, 0xc8, 0x92, 0xf2, - 0xbd, 0x96, 0x25, 0x03, 0xbd, 0x64, 0x09, 0x9a, 0x85, 0x93, 0xc6, 0x25, 0x32, 0x3c, 0x71, 0x98, - 0x07, 0xdc, 0xaa, 0x6a, 0x1a, 0xcb, 0x19, 0x38, 0xee, 0x7a, 0x02, 0x3d, 0x0d, 0x55, 0xd7, 0x8f, - 0x49, 0xa3, 0x13, 0xf1, 0x40, 0x6f, 0x23, 0x59, 0x6b, 0x5e, 0xb4, 0x63, 0x85, 0x61, 0xff, 0x52, - 0x09, 0x1e, 0xe9, 0x69, 0x67, 0xdd, 0x23, 0xd9, 0x65, 0x7e, 0x8e, 0x81, 0x7b, 0xf3, 0x39, 0xcc, - 0x41, 0xaa, 0xec, 0x3b, 0x48, 0x7f, 0xd8, 0x7b, 0x62, 0x52, 0x9b, 0xfb, 0xfb, 0x76, 0x94, 0x5e, - 0x84, 0x51, 0x27, 0x0c, 0x39, 0x1e, 0x8b, 0xd7, 0xcc, 0x54, 0xd3, 0x99, 0x36, 0x81, 0x38, 0x8d, - 0xdb, 0x97, 0xf6, 0xfc, 0x63, 0x0b, 0x6a, 0x98, 0xac, 0x73, 0xe9, 0x80, 0x6e, 0x89, 0x21, 0xb2, - 0x8a, 0xa8, 0xbb, 0x49, 0x07, 0x36, 0x76, 0x59, 0x3d, 0xca, 0xbc, 0xc1, 0xee, 0xbe, 0xe4, 0xa7, - 0x74, 0xa0, 0x4b, 0x7e, 0xd4, 0x35, 0x2f, 0xe5, 0xde, 0xd7, 0xbc, 0xd8, 0xdf, 0x1c, 0xa2, 0xaf, - 0x17, 0x06, 0x33, 0x11, 0x69, 0xc6, 0xf4, 0xfb, 0x76, 0x22, 0x4f, 0x4c, 0x12, 0xf5, 0x7d, 0xaf, - 0xe3, 0x05, 0x4c, 0xdb, 0x53, 0x47, 0x31, 0xa5, 0x03, 0xd5, 0x12, 0x29, 0xef, 0x5b, 0x4b, 0xe4, - 0x45, 0x18, 0x8d, 0xe3, 0x8d, 0xe5, 0xc8, 0xdd, 0x72, 0x12, 0x72, 0x95, 0xec, 0x08, 0x2b, 0x4b, - 0xe7, 0xff, 0xaf, 0x5c, 0xd6, 0x40, 0x9c, 0xc6, 0x45, 0x73, 0x70, 0x4a, 0x57, 0xf4, 0x20, 0x51, - 0xc2, 0xa2, 0xfb, 0xf9, 0x4c, 0x50, 0xc9, 0xbe, 0xba, 0x06, 0x88, 0x40, 0xc0, 0xdd, 0xcf, 0x50, - 0xf9, 0x96, 0x6a, 0xa4, 0x1d, 0x19, 0x4c, 0xcb, 0xb7, 0x14, 0x1d, 0xda, 0x97, 0xae, 0x27, 0xd0, - 0x22, 0x9c, 0xe6, 0x13, 0x63, 0x3a, 0x0c, 0x8d, 0x37, 0x1a, 0x4a, 0xd7, 0x3b, 0x9c, 0xeb, 0x46, - 0xc1, 0x79, 0xcf, 0xa1, 0xe7, 0x61, 0x58, 0x35, 0xcf, 0xcf, 0x8a, 0x53, 0x04, 0xe5, 0xc5, 0x50, - 0x64, 0xe6, 0x9b, 0xd8, 0xc4, 0x43, 0x1f, 0x84, 0x87, 0xf5, 0x5f, 0x9e, 0x02, 0xc6, 0x8f, 0xd6, - 0x66, 0x45, 0xb1, 0x24, 0x75, 0xa9, 0xc8, 0x5c, 0x2e, 0x5a, 0x13, 0xf7, 0x7a, 0x1e, 0xad, 0xc1, - 0x39, 0x05, 0xba, 0xe8, 0x27, 0x2c, 0x9f, 0x23, 0x26, 0x75, 0x27, 0x26, 0xd7, 0x23, 0x4f, 0x5c, - 0x4e, 0xab, 0xee, 0x9d, 0x9c, 0x73, 0x93, 0xcb, 0x79, 0x98, 0x78, 0x01, 0xef, 0x41, 0x05, 0x4d, - 0x41, 0x8d, 0xf8, 0xce, 0x9a, 0x47, 0x96, 0x66, 0xe6, 0x59, 0xd1, 0x25, 0xe3, 0x24, 0xef, 0xa2, - 0x04, 0x60, 0x8d, 0xa3, 0x22, 0x4c, 0x47, 0x7a, 0xde, 0x81, 0xba, 0x0c, 0x67, 0x5a, 0x8d, 0x90, - 0xda, 0x1e, 0x6e, 0x83, 0x4c, 0x37, 0x58, 0x40, 0x1d, 0xfd, 0x30, 0xbc, 0x10, 0xa5, 0x0a, 0x9f, - 0x9e, 0x9b, 0x59, 0xee, 0xc2, 0xc1, 0xb9, 0x4f, 0xb2, 0xc0, 0xcb, 0x28, 0xd8, 0xde, 0x19, 0x3f, - 0x9d, 0x09, 0xbc, 0xa4, 0x8d, 0x98, 0xc3, 0xd0, 0x15, 0x40, 0x2c, 0x16, 0xff, 0x72, 0x92, 0x84, - 0xca, 0xd8, 0x19, 0x3f, 0xc3, 0x5e, 0x49, 0x85, 0x91, 0x5d, 0xea, 0xc2, 0xc0, 0x39, 0x4f, 0xd9, - 0xff, 0xc1, 0x82, 0x51, 0xb5, 0x5e, 0xef, 0x41, 0x36, 0x8a, 0x97, 0xce, 0x46, 0x99, 0x3b, 0xba, - 0xc4, 0x63, 0x3d, 0xef, 0x11, 0xd2, 0xfc, 0x99, 0x61, 0x00, 0x2d, 0x15, 0x95, 0x42, 0xb2, 0x7a, - 0x2a, 0xa4, 0x07, 0x56, 0x22, 0xe5, 0x55, 0x58, 0xa9, 0xdc, 0xdf, 0x0a, 0x2b, 0x2b, 0x70, 0x56, - 0x9a, 0x0b, 0xfc, 0xac, 0xe8, 0x72, 0x10, 0x2b, 0x01, 0x57, 0xad, 0x3f, 0x26, 0x08, 0x9d, 0x9d, - 0xcf, 0x43, 0xc2, 0xf9, 0xcf, 0xa6, 0xac, 0x94, 0xa1, 0xfd, 0xac, 0x14, 0xbd, 0xa6, 0x17, 0xd6, - 0xe5, 0xed, 0x21, 0x99, 0x35, 0xbd, 0x70, 0x69, 0x05, 0x6b, 0x9c, 0x7c, 0xc1, 0x5e, 0x2b, 0x48, - 0xb0, 0xc3, 0x81, 0x05, 0xbb, 0x14, 0x31, 0xc3, 0x3d, 0x45, 0x8c, 0xf4, 0x49, 0x8f, 0xf4, 0xf4, - 0x49, 0xbf, 0x0f, 0xc6, 0x5c, 0x7f, 0x83, 0x44, 0x6e, 0x42, 0x9a, 0x6c, 0x2d, 0x30, 0xf1, 0x53, - 0xd5, 0x6a, 0x7d, 0x3e, 0x05, 0xc5, 0x19, 0xec, 0xb4, 0x5c, 0x1c, 0xeb, 0x43, 0x2e, 0xf6, 0xd0, - 0x46, 0x27, 0x8a, 0xd1, 0x46, 0x27, 0x8f, 0xae, 0x8d, 0x4e, 0x1d, 0xab, 0x36, 0x42, 0x85, 0x68, - 0xa3, 0xbe, 0x04, 0xbd, 0xb1, 0xfd, 0x3b, 0xb3, 0xcf, 0xf6, 0xaf, 0x97, 0x2a, 0x3a, 0x7b, 0x68, - 0x55, 0x94, 0xaf, 0x65, 0x1e, 0x3a, 0x94, 0x96, 0xf9, 0x6c, 0x09, 0xce, 0x6a, 0x39, 0x4c, 0x67, - 0xbf, 0xbb, 0x4e, 0x25, 0x11, 0xbb, 0x80, 0x8a, 0x9f, 0xdb, 0x18, 0xc9, 0x51, 0x3a, 0xcf, 0x4a, - 0x41, 0xb0, 0x81, 0xc5, 0x72, 0x8c, 0x48, 0xc4, 0xca, 0xed, 0x66, 0x85, 0xf4, 0x8c, 0x68, 0xc7, - 0x0a, 0x83, 0xce, 0x2f, 0xfa, 0x5b, 0xe4, 0x6d, 0x66, 0x8b, 0xca, 0xcd, 0x68, 0x10, 0x36, 0xf1, - 0xd0, 0x53, 0x9c, 0x09, 0x13, 0x10, 0x54, 0x50, 0x8f, 0x88, 0x9b, 0x71, 0xa5, 0x4c, 0x50, 0x50, - 0xd9, 0x1d, 0x96, 0x4c, 0x56, 0xe9, 0xee, 0x0e, 0x0b, 0x81, 0x52, 0x18, 0xf6, 0xff, 0xb4, 0xe0, - 0x91, 0xdc, 0xa1, 0xb8, 0x07, 0xca, 0x77, 0x3b, 0xad, 0x7c, 0x57, 0x8a, 0xda, 0x6e, 0x18, 0x6f, - 0xd1, 0x43, 0x11, 0xff, 0x3b, 0x0b, 0xc6, 0x34, 0xfe, 0x3d, 0x78, 0x55, 0x37, 0xfd, 0xaa, 0xc5, - 0xed, 0xac, 0x6a, 0x5d, 0xef, 0xf6, 0xdb, 0x25, 0x50, 0x85, 0x1e, 0xa7, 0x1b, 0xb2, 0x8c, 0xee, - 0x3e, 0x27, 0x89, 0x3b, 0x30, 0xc8, 0x0e, 0x42, 0xe3, 0x62, 0x82, 0x3c, 0xd2, 0xfc, 0xd9, 0xa1, - 0xaa, 0x3e, 0x64, 0x66, 0x7f, 0x63, 0x2c, 0x18, 0xb2, 0x62, 0xd0, 0x6e, 0x4c, 0xa5, 0x79, 0x53, - 0xa4, 0x65, 0xe9, 0x62, 0xd0, 0xa2, 0x1d, 0x2b, 0x0c, 0xaa, 0x1e, 0xdc, 0x46, 0xe0, 0xcf, 0x78, - 0x4e, 0x2c, 0x6f, 0x5d, 0x54, 0xea, 0x61, 0x5e, 0x02, 0xb0, 0xc6, 0x61, 0x67, 0xa4, 0x6e, 0x1c, - 0x7a, 0xce, 0x8e, 0xb1, 0x7f, 0x36, 0xea, 0x13, 0x28, 0x10, 0x36, 0xf1, 0xec, 0x36, 0x8c, 0xa7, - 0x5f, 0x62, 0x96, 0xac, 0xb3, 0x00, 0xc5, 0xbe, 0x86, 0x73, 0x0a, 0x6a, 0x0e, 0x7b, 0x6a, 0xa1, - 0xe3, 0x64, 0x2f, 0x6d, 0x9f, 0x96, 0x00, 0xac, 0x71, 0xec, 0x5f, 0xb1, 0xe0, 0x74, 0xce, 0xa0, - 0x15, 0x98, 0xf6, 0x96, 0x68, 0x69, 0x93, 0xa7, 0xd8, 0xdf, 0x09, 0x43, 0x4d, 0xb2, 0xee, 0xc8, - 0x10, 0x38, 0x43, 0xb6, 0xcf, 0xf2, 0x66, 0x2c, 0xe1, 0xf6, 0x7f, 0xb7, 0xe0, 0x44, 0xba, 0xaf, - 0x31, 0x4b, 0x25, 0xe1, 0xc3, 0xe4, 0xc6, 0x8d, 0x60, 0x8b, 0x44, 0x3b, 0xf4, 0xcd, 0xad, 0x4c, - 0x2a, 0x49, 0x17, 0x06, 0xce, 0x79, 0x8a, 0x95, 0x79, 0x6d, 0xaa, 0xd1, 0x96, 0x33, 0xf2, 0x46, - 0x91, 0x33, 0x52, 0x7f, 0x4c, 0xf3, 0xb8, 0x5c, 0xb1, 0xc4, 0x26, 0x7f, 0xfb, 0x3b, 0x03, 0xa0, - 0xf2, 0x62, 0x59, 0xfc, 0x51, 0x41, 0xd1, 0x5b, 0x07, 0xcd, 0x20, 0x52, 0x93, 0x61, 0x60, 0xaf, - 0x80, 0x00, 0xee, 0x25, 0x31, 0x5d, 0x97, 0xea, 0x0d, 0x57, 0x35, 0x08, 0x9b, 0x78, 0xb4, 0x27, - 0x9e, 0xbb, 0x45, 0xf8, 0x43, 0x83, 0xe9, 0x9e, 0x2c, 0x48, 0x00, 0xd6, 0x38, 0xb4, 0x27, 0x4d, - 0x77, 0x7d, 0x5d, 0x6c, 0xf9, 0x55, 0x4f, 0xe8, 0xe8, 0x60, 0x06, 0xe1, 0x95, 0xbb, 0x83, 0x4d, - 0x61, 0x05, 0x1b, 0x95, 0xbb, 0x83, 0x4d, 0xcc, 0x20, 0xd4, 0x6e, 0xf3, 0x83, 0xa8, 0xcd, 0x2e, - 0xd5, 0x6f, 0x2a, 0x2e, 0xc2, 0xfa, 0x55, 0x76, 0xdb, 0xb5, 0x6e, 0x14, 0x9c, 0xf7, 0x1c, 0x9d, - 0x81, 0x61, 0x44, 0x9a, 0x6e, 0x23, 0x31, 0xa9, 0x41, 0x7a, 0x06, 0x2e, 0x77, 0x61, 0xe0, 0x9c, - 0xa7, 0xd0, 0x34, 0x9c, 0x90, 0x79, 0xcd, 0xb2, 0x6a, 0xcd, 0x70, 0xba, 0x4a, 0x06, 0x4e, 0x83, - 0x71, 0x16, 0x9f, 0x4a, 0xb5, 0xb6, 0x28, 0x6c, 0xc5, 0x8c, 0x65, 0x43, 0xaa, 0xc9, 0x82, 0x57, - 0x58, 0x61, 0xd8, 0x9f, 0x2c, 0x53, 0x2d, 0xdc, 0xa3, 0xa0, 0xdb, 0x3d, 0x8b, 0x16, 0x4c, 0xcf, - 0xc8, 0x81, 0x3e, 0x66, 0xe4, 0x73, 0x30, 0x72, 0x2b, 0x0e, 0x7c, 0x15, 0x89, 0x57, 0xe9, 0x19, - 0x89, 0x67, 0x60, 0xe5, 0x47, 0xe2, 0x0d, 0x16, 0x15, 0x89, 0x37, 0x74, 0xc8, 0x48, 0xbc, 0xdf, - 0xa9, 0x80, 0xba, 0x42, 0xe4, 0x1a, 0x49, 0x6e, 0x07, 0xd1, 0xa6, 0xeb, 0xb7, 0x58, 0x3e, 0xf8, - 0xd7, 0x2d, 0x18, 0xe1, 0xeb, 0x65, 0xc1, 0xcc, 0xa4, 0x5a, 0x2f, 0xe8, 0x6e, 0x8a, 0x14, 0xb3, - 0xc9, 0x55, 0x83, 0x51, 0xe6, 0xd2, 0x4f, 0x13, 0x84, 0x53, 0x3d, 0x42, 0x1f, 0x03, 0x90, 0xfe, - 0xd1, 0x75, 0x29, 0x32, 0xe7, 0x8b, 0xe9, 0x1f, 0x26, 0xeb, 0xda, 0x06, 0x5e, 0x55, 0x4c, 0xb0, - 0xc1, 0x10, 0x7d, 0x56, 0x67, 0x99, 0xf1, 0x90, 0xfd, 0x8f, 0x1c, 0xcb, 0xd8, 0xf4, 0x93, 0x63, - 0x86, 0x61, 0xc8, 0xf5, 0x5b, 0x74, 0x9e, 0x88, 0x88, 0xa5, 0x77, 0xe4, 0xd5, 0x52, 0x58, 0x08, - 0x9c, 0x66, 0xdd, 0xf1, 0x1c, 0xbf, 0x41, 0xa2, 0x79, 0x8e, 0x6e, 0x5e, 0x75, 0xcd, 0x1a, 0xb0, - 0x24, 0xd4, 0x75, 0xf9, 0x4a, 0xa5, 0x9f, 0xcb, 0x57, 0xce, 0xbd, 0x1f, 0x4e, 0x75, 0x7d, 0xcc, - 0x03, 0xa5, 0x94, 0x1d, 0x3e, 0x1b, 0xcd, 0xfe, 0xe7, 0x83, 0x5a, 0x69, 0x5d, 0x0b, 0x9a, 0xfc, - 0x0a, 0x90, 0x48, 0x7f, 0x51, 0x61, 0xe3, 0x16, 0x38, 0x45, 0x8c, 0xeb, 0xb2, 0x55, 0x23, 0x36, - 0x59, 0xd2, 0x39, 0x1a, 0x3a, 0x11, 0xf1, 0x8f, 0x7b, 0x8e, 0x2e, 0x2b, 0x26, 0xd8, 0x60, 0x88, - 0x36, 0x52, 0x39, 0x25, 0x97, 0x8e, 0x9e, 0x53, 0xc2, 0xaa, 0x4c, 0xe5, 0x55, 0xed, 0xff, 0x92, - 0x05, 0x63, 0x7e, 0x6a, 0xe6, 0x16, 0x13, 0x46, 0x9a, 0xbf, 0x2a, 0xf8, 0x0d, 0x54, 0xe9, 0x36, - 0x9c, 0xe1, 0x9f, 0xa7, 0xd2, 0x2a, 0x07, 0x54, 0x69, 0xfa, 0x2e, 0xa1, 0xc1, 0x5e, 0x77, 0x09, - 0x21, 0x5f, 0x5d, 0xa6, 0x36, 0x54, 0xf8, 0x65, 0x6a, 0x90, 0x73, 0x91, 0xda, 0x4d, 0xa8, 0x35, - 0x22, 0xe2, 0x24, 0x87, 0xbc, 0x57, 0x8b, 0x1d, 0xd0, 0xcf, 0x48, 0x02, 0x58, 0xd3, 0xb2, 0xff, - 0xcf, 0x00, 0x9c, 0x94, 0x23, 0x22, 0x43, 0xd0, 0xa9, 0x7e, 0xe4, 0x7c, 0xb5, 0x71, 0xab, 0xf4, - 0xe3, 0x65, 0x09, 0xc0, 0x1a, 0x87, 0xda, 0x63, 0x9d, 0x98, 0x2c, 0x85, 0xc4, 0x5f, 0x70, 0xd7, - 0x62, 0x71, 0xce, 0xa9, 0x16, 0xca, 0x75, 0x0d, 0xc2, 0x26, 0x1e, 0x35, 0xc6, 0xb9, 0x5d, 0x1c, - 0x67, 0xd3, 0x57, 0x84, 0xbd, 0x8d, 0x25, 0x1c, 0xfd, 0x7c, 0x6e, 0x85, 0xd9, 0x62, 0x12, 0xb7, - 0xba, 0x22, 0xef, 0x0f, 0x78, 0x15, 0xe3, 0xdf, 0xb2, 0xe0, 0x2c, 0x6f, 0x95, 0x23, 0x79, 0x3d, - 0x6c, 0x3a, 0x09, 0x89, 0x8b, 0xa9, 0xf8, 0x9e, 0xd3, 0x3f, 0xed, 0xe4, 0xcd, 0x63, 0x8b, 0xf3, - 0x7b, 0x83, 0xde, 0xb0, 0xe0, 0xc4, 0x66, 0xaa, 0xe6, 0x87, 0x54, 0x1d, 0x47, 0x4d, 0xc7, 0x4f, - 0x11, 0xd5, 0x4b, 0x2d, 0xdd, 0x1e, 0xe3, 0x2c, 0x77, 0xfb, 0xcf, 0x2c, 0x30, 0xc5, 0xe8, 0xbd, - 0x2f, 0x15, 0x72, 0x70, 0x53, 0x50, 0x5a, 0x97, 0x95, 0x9e, 0xd6, 0xe5, 0x63, 0x50, 0xee, 0xb8, - 0x4d, 0xb1, 0xbf, 0xd0, 0xa7, 0xaf, 0xf3, 0xb3, 0x98, 0xb6, 0xdb, 0xff, 0xa4, 0xa2, 0xfd, 0x16, - 0x22, 0x2f, 0xea, 0xfb, 0xe2, 0xb5, 0xd7, 0x55, 0xb1, 0x31, 0xfe, 0xe6, 0xd7, 0xba, 0x8a, 0x8d, - 0xfd, 0xe8, 0xc1, 0xd3, 0xde, 0xf8, 0x00, 0xf5, 0xaa, 0x35, 0x36, 0xb4, 0x4f, 0xce, 0xdb, 0x2d, - 0xa8, 0xd2, 0x2d, 0x18, 0x73, 0x40, 0x56, 0x53, 0x9d, 0xaa, 0x5e, 0x16, 0xed, 0x77, 0x77, 0x27, - 0xde, 0x7b, 0xf0, 0x6e, 0xc9, 0xa7, 0xb1, 0xa2, 0x8f, 0x62, 0xa8, 0xd1, 0xdf, 0x2c, 0x3d, 0x4f, - 0x6c, 0xee, 0xae, 0x2b, 0x99, 0x29, 0x01, 0x85, 0xe4, 0xfe, 0x69, 0x3e, 0xc8, 0x87, 0x1a, 0xbb, - 0xb5, 0x96, 0x31, 0xe5, 0x7b, 0xc0, 0x65, 0x95, 0x24, 0x27, 0x01, 0x77, 0x77, 0x27, 0x5e, 0x3c, - 0x38, 0x53, 0xf5, 0x38, 0xd6, 0x2c, 0xec, 0x2f, 0x0f, 0xe8, 0xb9, 0x2b, 0x6a, 0xcc, 0x7d, 0x5f, - 0xcc, 0xdd, 0x17, 0x32, 0x73, 0xf7, 0x7c, 0xd7, 0xdc, 0x1d, 0xd3, 0xb7, 0xab, 0xa6, 0x66, 0xe3, - 0xbd, 0x36, 0x04, 0xf6, 0xf7, 0x37, 0x30, 0x0b, 0xe8, 0xb5, 0x8e, 0x1b, 0x91, 0x78, 0x39, 0xea, - 0xf8, 0xae, 0xdf, 0x62, 0xd3, 0xb1, 0x6a, 0x5a, 0x40, 0x29, 0x30, 0xce, 0xe2, 0xd3, 0x4d, 0x3d, - 0xfd, 0xe6, 0x37, 0x9d, 0x2d, 0x3e, 0xab, 0x8c, 0xb2, 0x5b, 0x2b, 0xa2, 0x1d, 0x2b, 0x0c, 0xfb, - 0x9b, 0xec, 0x2c, 0xdb, 0xc8, 0x0b, 0xa6, 0x73, 0xc2, 0x63, 0xd7, 0x04, 0xf3, 0x9a, 0x5d, 0x6a, - 0x4e, 0xf0, 0xbb, 0x81, 0x39, 0x0c, 0xdd, 0x86, 0xa1, 0x35, 0x7e, 0x4f, 0x5e, 0x31, 0x75, 0xcc, - 0xc5, 0xa5, 0x7b, 0xec, 0x36, 0x14, 0x79, 0x03, 0xdf, 0x5d, 0xfd, 0x13, 0x4b, 0x6e, 0xf6, 0xef, - 0x57, 0xe0, 0x44, 0xe6, 0x22, 0xd9, 0x54, 0xb5, 0xd4, 0xd2, 0xbe, 0xd5, 0x52, 0x3f, 0x0c, 0xd0, - 0x24, 0xa1, 0x17, 0xec, 0x30, 0x73, 0x6c, 0xe0, 0xc0, 0xe6, 0x98, 0xb2, 0xe0, 0x67, 0x15, 0x15, - 0x6c, 0x50, 0x14, 0x85, 0xca, 0x78, 0xf1, 0xd5, 0x4c, 0xa1, 0x32, 0xe3, 0xb6, 0x83, 0xc1, 0x7b, - 0x7b, 0xdb, 0x81, 0x0b, 0x27, 0x78, 0x17, 0x55, 0xf6, 0xed, 0x21, 0x92, 0x6c, 0x59, 0xfe, 0xc2, - 0x6c, 0x9a, 0x0c, 0xce, 0xd2, 0xbd, 0x9f, 0xf7, 0x44, 0xa3, 0x77, 0x41, 0x4d, 0x7e, 0xe7, 0x78, - 0xbc, 0xa6, 0x2b, 0x18, 0xc8, 0x69, 0xc0, 0xee, 0x6f, 0x16, 0x3f, 0xbb, 0x0a, 0x09, 0xc0, 0xfd, - 0x2a, 0x24, 0x60, 0x7f, 0xb1, 0x44, 0xed, 0x78, 0xde, 0x2f, 0x55, 0x13, 0xe7, 0x49, 0x18, 0x74, - 0x3a, 0xc9, 0x46, 0xd0, 0x75, 0xeb, 0xdf, 0x34, 0x6b, 0xc5, 0x02, 0x8a, 0x16, 0x60, 0xa0, 0xa9, - 0xeb, 0x9c, 0x1c, 0xe4, 0x7b, 0x6a, 0x97, 0xa8, 0x93, 0x10, 0xcc, 0xa8, 0xa0, 0x47, 0x61, 0x20, - 0x71, 0x5a, 0x32, 0xe5, 0x8a, 0xa5, 0xd9, 0xae, 0x3a, 0xad, 0x18, 0xb3, 0x56, 0x53, 0x7d, 0x0f, - 0xec, 0xa3, 0xbe, 0x5f, 0x84, 0xd1, 0xd8, 0x6d, 0xf9, 0x4e, 0xd2, 0x89, 0x88, 0x71, 0xcc, 0xa7, - 0x23, 0x37, 0x4c, 0x20, 0x4e, 0xe3, 0xda, 0xbf, 0x31, 0x02, 0x67, 0x56, 0x66, 0x16, 0x65, 0xf5, - 0xee, 0x63, 0xcb, 0x9a, 0xca, 0xe3, 0x71, 0xef, 0xb2, 0xa6, 0x7a, 0x70, 0xf7, 0x8c, 0xac, 0x29, - 0xcf, 0xc8, 0x9a, 0x4a, 0xa7, 0xb0, 0x94, 0x8b, 0x48, 0x61, 0xc9, 0xeb, 0x41, 0x3f, 0x29, 0x2c, - 0xc7, 0x96, 0x46, 0xb5, 0x67, 0x87, 0x0e, 0x94, 0x46, 0xa5, 0x72, 0xcc, 0x0a, 0x49, 0x2e, 0xe8, - 0xf1, 0xa9, 0x72, 0x73, 0xcc, 0x54, 0x7e, 0x0f, 0x4f, 0x9c, 0x11, 0xa2, 0xfe, 0x95, 0xe2, 0x3b, - 0xd0, 0x47, 0x7e, 0x8f, 0xc8, 0xdd, 0x31, 0x73, 0xca, 0x86, 0x8a, 0xc8, 0x29, 0xcb, 0xeb, 0xce, - 0xbe, 0x39, 0x65, 0x2f, 0xc2, 0x68, 0xc3, 0x0b, 0x7c, 0xb2, 0x1c, 0x05, 0x49, 0xd0, 0x08, 0x3c, - 0x61, 0xd6, 0x2b, 0x91, 0x30, 0x63, 0x02, 0x71, 0x1a, 0xb7, 0x57, 0x42, 0x5a, 0xed, 0xa8, 0x09, - 0x69, 0x70, 0x9f, 0x12, 0xd2, 0x7e, 0x46, 0xa7, 0x4e, 0x0f, 0xb3, 0x2f, 0xf2, 0xe1, 0xe2, 0xbf, - 0x48, 0x3f, 0xf9, 0xd3, 0xe8, 0x4d, 0x7e, 0xed, 0x1e, 0x35, 0x8c, 0x67, 0x82, 0x36, 0x35, 0xfc, - 0x46, 0xd8, 0x90, 0xbc, 0x7a, 0x0c, 0x13, 0xf6, 0xe6, 0x8a, 0x66, 0xa3, 0xae, 0xe2, 0xd3, 0x4d, - 0x38, 0xdd, 0x91, 0xa3, 0xa4, 0x76, 0x7f, 0xb5, 0x04, 0x3f, 0xb0, 0x6f, 0x17, 0xd0, 0x6d, 0x80, - 0xc4, 0x69, 0x89, 0x89, 0x2a, 0x0e, 0x4c, 0x8e, 0x18, 0x5e, 0xb9, 0x2a, 0xe9, 0xf1, 0x9a, 0x24, - 0xea, 0x2f, 0x3b, 0x8a, 0x90, 0xbf, 0x59, 0x54, 0x65, 0xe0, 0x75, 0x95, 0x6e, 0xc4, 0x81, 0x47, - 0x30, 0x83, 0x50, 0xf5, 0x1f, 0x91, 0x96, 0xbe, 0x27, 0x5a, 0x7d, 0x3e, 0xcc, 0x5a, 0xb1, 0x80, - 0xa2, 0xe7, 0x61, 0xd8, 0xf1, 0x3c, 0x9e, 0x1f, 0x43, 0x62, 0x71, 0xef, 0x8e, 0xae, 0x21, 0xa7, - 0x41, 0xd8, 0xc4, 0xb3, 0xff, 0xb4, 0x04, 0x13, 0xfb, 0xc8, 0x94, 0xae, 0x8c, 0xbf, 0x4a, 0xdf, - 0x19, 0x7f, 0x22, 0x47, 0x61, 0xb0, 0x47, 0x8e, 0xc2, 0xf3, 0x30, 0x9c, 0x10, 0xa7, 0x2d, 0x02, - 0xb2, 0x84, 0x27, 0x40, 0x9f, 0x00, 0x6b, 0x10, 0x36, 0xf1, 0xa8, 0x14, 0x1b, 0x73, 0x1a, 0x0d, - 0x12, 0xc7, 0x32, 0x09, 0x41, 0x78, 0x53, 0x0b, 0xcb, 0x70, 0x60, 0x4e, 0xea, 0xe9, 0x14, 0x0b, - 0x9c, 0x61, 0x99, 0x1d, 0xf0, 0x5a, 0x9f, 0x03, 0xfe, 0x8d, 0x12, 0x3c, 0xb6, 0xa7, 0x76, 0xeb, - 0x3b, 0x3f, 0xa4, 0x13, 0x93, 0x28, 0x3b, 0x71, 0xae, 0xc7, 0x24, 0xc2, 0x0c, 0xc2, 0x47, 0x29, - 0x0c, 0x8d, 0x7b, 0xb8, 0x8b, 0x4e, 0x5e, 0xe2, 0xa3, 0x94, 0x62, 0x81, 0x33, 0x2c, 0x0f, 0x3b, - 0x2d, 0xff, 0x5e, 0x09, 0x9e, 0xe8, 0xc3, 0x06, 0x28, 0x30, 0xc9, 0x2b, 0x9d, 0x6a, 0x57, 0xbe, - 0x4f, 0x19, 0x91, 0x87, 0x1c, 0xae, 0x6f, 0x96, 0xe0, 0x5c, 0x6f, 0x55, 0x8c, 0x7e, 0x0c, 0x4e, - 0x44, 0x2a, 0x0a, 0xcb, 0xcc, 0xd2, 0x3b, 0xcd, 0x3d, 0x09, 0x29, 0x10, 0xce, 0xe2, 0xa2, 0x49, - 0x80, 0xd0, 0x49, 0x36, 0xe2, 0x8b, 0xdb, 0x6e, 0x9c, 0x88, 0x2a, 0x34, 0x63, 0xfc, 0xec, 0x4a, - 0xb6, 0x62, 0x03, 0x83, 0xb2, 0x63, 0xff, 0x66, 0x83, 0x6b, 0x41, 0xc2, 0x1f, 0xe2, 0xdb, 0x88, - 0xd3, 0xf2, 0xce, 0x0e, 0x03, 0x84, 0xb3, 0xb8, 0x94, 0x1d, 0x3b, 0x1d, 0xe5, 0x1d, 0xe5, 0xfb, - 0x0b, 0xc6, 0x6e, 0x41, 0xb5, 0x62, 0x03, 0x23, 0x9b, 0x7f, 0x58, 0xd9, 0x3f, 0xff, 0xd0, 0xfe, - 0xc7, 0x25, 0x78, 0xa4, 0xa7, 0x29, 0xd7, 0xdf, 0x02, 0x7c, 0xf0, 0x72, 0x06, 0x0f, 0x37, 0x77, - 0x0e, 0x98, 0xdb, 0xf6, 0xc7, 0x3d, 0x66, 0x9a, 0xc8, 0x6d, 0x3b, 0x7c, 0x72, 0xf8, 0x83, 0x37, - 0x9e, 0x5d, 0xe9, 0x6c, 0x03, 0x07, 0x48, 0x67, 0xcb, 0x7c, 0x8c, 0x4a, 0x9f, 0x0b, 0xf9, 0xcf, - 0xcb, 0x3d, 0x87, 0x97, 0x6e, 0xfd, 0xfa, 0xf2, 0xd3, 0xce, 0xc2, 0x49, 0xd7, 0x67, 0xf7, 0x37, - 0xad, 0x74, 0xd6, 0x44, 0x61, 0x92, 0x52, 0xfa, 0x96, 0xf5, 0xf9, 0x0c, 0x1c, 0x77, 0x3d, 0xf1, - 0x00, 0xa6, 0x17, 0x1e, 0x6e, 0x48, 0x0f, 0x96, 0xe0, 0x8a, 0x96, 0xe0, 0xac, 0x1c, 0x8a, 0x0d, - 0x27, 0x22, 0x4d, 0xa1, 0x46, 0x62, 0x91, 0x50, 0xf1, 0x08, 0x4f, 0xca, 0xc8, 0x41, 0xc0, 0xf9, - 0xcf, 0xb1, 0x2b, 0x73, 0x82, 0xd0, 0x6d, 0x88, 0x4d, 0x8e, 0xbe, 0x32, 0x87, 0x36, 0x62, 0x0e, - 0xb3, 0x3f, 0x0c, 0x35, 0xf5, 0xfe, 0x3c, 0xac, 0x5b, 0x4d, 0xba, 0xae, 0xb0, 0x6e, 0x35, 0xe3, - 0x0c, 0x2c, 0xfa, 0xb5, 0xa8, 0x49, 0x9c, 0x59, 0x3d, 0x57, 0xc9, 0x0e, 0xb3, 0x8f, 0xed, 0x77, - 0xc3, 0x88, 0xf2, 0xb3, 0xf4, 0x7b, 0x91, 0x90, 0xfd, 0xe5, 0x41, 0x18, 0x4d, 0x15, 0x07, 0x4c, - 0x39, 0x58, 0xad, 0x7d, 0x1d, 0xac, 0x2c, 0x4c, 0xbf, 0xe3, 0xcb, 0x5b, 0xc6, 0x8c, 0x30, 0xfd, - 0x8e, 0x4f, 0x30, 0x87, 0x51, 0xf3, 0xb6, 0x19, 0xed, 0xe0, 0x8e, 0x2f, 0xc2, 0x69, 0x95, 0x79, - 0x3b, 0xcb, 0x5a, 0xb1, 0x80, 0xa2, 0x4f, 0x58, 0x30, 0x12, 0x33, 0xef, 0x3d, 0x77, 0x4f, 0x8b, - 0x49, 0x77, 0xe5, 0xe8, 0xb5, 0x0f, 0x55, 0x21, 0x4c, 0x16, 0x21, 0x63, 0xb6, 0xe0, 0x14, 0x47, - 0xf4, 0x69, 0x0b, 0x6a, 0xea, 0x32, 0x14, 0x71, 0x65, 0xe0, 0x4a, 0xb1, 0xb5, 0x17, 0xb9, 0x5f, - 0x53, 0x1d, 0x84, 0xa8, 0x22, 0x78, 0x58, 0x33, 0x46, 0xb1, 0xf2, 0x1d, 0x0f, 0x1d, 0x8f, 0xef, - 0x18, 0x72, 0xfc, 0xc6, 0xef, 0x82, 0x5a, 0xdb, 0xf1, 0xdd, 0x75, 0x12, 0x27, 0xdc, 0x9d, 0x2b, - 0x4b, 0xc2, 0xca, 0x46, 0xac, 0xe1, 0x54, 0x21, 0xc7, 0xec, 0xc5, 0x12, 0xc3, 0xff, 0xca, 0x14, - 0xf2, 0x8a, 0x6e, 0xc6, 0x26, 0x8e, 0xe9, 0x2c, 0x86, 0xfb, 0xea, 0x2c, 0x1e, 0xde, 0xdb, 0x59, - 0x6c, 0xff, 0x03, 0x0b, 0xce, 0xe6, 0x7e, 0xb5, 0x07, 0x37, 0xf0, 0xd1, 0xfe, 0x4a, 0x05, 0x4e, - 0xe7, 0x54, 0xf9, 0x44, 0x3b, 0xe6, 0x7c, 0xb6, 0x8a, 0x88, 0x21, 0x48, 0x1f, 0x89, 0xcb, 0x61, - 0xcc, 0x99, 0xc4, 0x07, 0x3b, 0xaa, 0xd1, 0xc7, 0x25, 0xe5, 0x7b, 0x7b, 0x5c, 0x62, 0x4c, 0xcb, - 0x81, 0xfb, 0x3a, 0x2d, 0x2b, 0xfb, 0x9c, 0x61, 0xfc, 0xaa, 0x05, 0xe3, 0xed, 0x1e, 0xa5, 0xe5, - 0x85, 0xe3, 0xf1, 0xc6, 0xf1, 0x14, 0xae, 0xaf, 0x3f, 0x7a, 0x67, 0x77, 0xa2, 0x67, 0x45, 0x7f, - 0xdc, 0xb3, 0x57, 0xf6, 0x77, 0xca, 0xc0, 0x4a, 0xcc, 0xb2, 0x4a, 0x6e, 0x3b, 0xe8, 0xe3, 0x66, - 0xb1, 0x60, 0xab, 0xa8, 0xc2, 0xb6, 0x9c, 0xb8, 0x2a, 0x36, 0xcc, 0x47, 0x30, 0xaf, 0xf6, 0x70, - 0x56, 0x68, 0x95, 0xfa, 0x10, 0x5a, 0x9e, 0xac, 0xca, 0x5c, 0x2e, 0xbe, 0x2a, 0x73, 0x2d, 0x5b, - 0x91, 0x79, 0xef, 0x4f, 0x3c, 0xf0, 0x40, 0x7e, 0xe2, 0x5f, 0xb0, 0xb8, 0xe0, 0xc9, 0x7c, 0x05, - 0x6d, 0x19, 0x58, 0x7b, 0x58, 0x06, 0x4f, 0x43, 0x35, 0x26, 0xde, 0xfa, 0x65, 0xe2, 0x78, 0xc2, - 0x82, 0xd0, 0xe7, 0xd7, 0xa2, 0x1d, 0x2b, 0x0c, 0x76, 0x6d, 0xab, 0xe7, 0x05, 0xb7, 0x2f, 0xb6, - 0xc3, 0x64, 0x47, 0xd8, 0x12, 0xfa, 0xda, 0x56, 0x05, 0xc1, 0x06, 0x96, 0xfd, 0x37, 0x4b, 0x7c, - 0x06, 0x8a, 0x20, 0x88, 0x17, 0x32, 0x17, 0xed, 0xf5, 0x1f, 0x3f, 0xf0, 0x51, 0x80, 0x86, 0xba, - 0xca, 0x5e, 0x9c, 0x09, 0x5d, 0x3e, 0xf2, 0x3d, 0xdb, 0x82, 0x9e, 0x7e, 0x0d, 0xdd, 0x86, 0x0d, - 0x7e, 0x29, 0x59, 0x5a, 0xde, 0x57, 0x96, 0xa6, 0xc4, 0xca, 0xc0, 0x3e, 0xda, 0xee, 0x4f, 0x2d, - 0x48, 0x59, 0x44, 0x28, 0x84, 0x0a, 0xed, 0xee, 0x4e, 0x31, 0xb7, 0xf4, 0x9b, 0xa4, 0xa9, 0x68, - 0x14, 0xd3, 0x9e, 0xfd, 0xc4, 0x9c, 0x11, 0xf2, 0x44, 0xac, 0x04, 0x1f, 0xd5, 0x6b, 0xc5, 0x31, - 0xbc, 0x1c, 0x04, 0x9b, 0xfc, 0x60, 0x53, 0xc7, 0x5d, 0xd8, 0x2f, 0xc0, 0xa9, 0xae, 0x4e, 0xb1, - 0x3b, 0xb5, 0x02, 0xaa, 0x7d, 0x32, 0xd3, 0x95, 0x25, 0x70, 0x62, 0x0e, 0xb3, 0xbf, 0x69, 0xc1, - 0xc9, 0x2c, 0x79, 0xf4, 0xa6, 0x05, 0xa7, 0xe2, 0x2c, 0xbd, 0xe3, 0x1a, 0x3b, 0x15, 0xef, 0xd8, - 0x05, 0xc2, 0xdd, 0x9d, 0xb0, 0xff, 0xaf, 0x98, 0xfc, 0x37, 0x5d, 0xbf, 0x19, 0xdc, 0x56, 0x86, - 0x89, 0xd5, 0xd3, 0x30, 0xa1, 0xeb, 0xb1, 0xb1, 0x41, 0x9a, 0x1d, 0xaf, 0x2b, 0x73, 0x74, 0x45, - 0xb4, 0x63, 0x85, 0xc1, 0x12, 0xe5, 0x3a, 0xa2, 0x6c, 0x7b, 0x66, 0x52, 0xce, 0x8a, 0x76, 0xac, - 0x30, 0xd0, 0x73, 0x30, 0x62, 0xbc, 0xa4, 0x9c, 0x97, 0xcc, 0x20, 0x37, 0x54, 0x66, 0x8c, 0x53, - 0x58, 0x68, 0x12, 0x40, 0x19, 0x39, 0x52, 0x45, 0x32, 0x47, 0x91, 0x92, 0x44, 0x31, 0x36, 0x30, - 0x58, 0x5a, 0xaa, 0xd7, 0x89, 0x99, 0x8f, 0x7f, 0x50, 0x97, 0x12, 0x9d, 0x11, 0x6d, 0x58, 0x41, - 0xa9, 0x34, 0x69, 0x3b, 0x7e, 0xc7, 0xf1, 0xe8, 0x08, 0x89, 0xad, 0x9f, 0x5a, 0x86, 0x8b, 0x0a, - 0x82, 0x0d, 0x2c, 0xfa, 0xc6, 0x89, 0xdb, 0x26, 0x2f, 0x07, 0xbe, 0x8c, 0x53, 0xd3, 0xc7, 0x3e, - 0xa2, 0x1d, 0x2b, 0x0c, 0xfb, 0xbf, 0x5a, 0x70, 0x42, 0x27, 0xb9, 0xf3, 0xdb, 0xb3, 0xcd, 0x9d, - 0xaa, 0xb5, 0xef, 0x4e, 0x35, 0x9d, 0xfd, 0x5b, 0xea, 0x2b, 0xfb, 0xd7, 0x4c, 0xcc, 0x2d, 0xef, - 0x99, 0x98, 0xfb, 0x43, 0xfa, 0x66, 0x56, 0x9e, 0xc1, 0x3b, 0x9c, 0x77, 0x2b, 0x2b, 0xb2, 0x61, - 0xb0, 0xe1, 0xa8, 0x0a, 0x2f, 0x23, 0x7c, 0xef, 0x30, 0x33, 0xcd, 0x90, 0x04, 0xc4, 0x5e, 0x82, - 0x9a, 0x3a, 0xfd, 0x90, 0x1b, 0x55, 0x2b, 0x7f, 0xa3, 0xda, 0x57, 0x82, 0x60, 0x7d, 0xed, 0x5b, - 0xdf, 0x7d, 0xfc, 0x6d, 0xbf, 0xf7, 0xdd, 0xc7, 0xdf, 0xf6, 0x47, 0xdf, 0x7d, 0xfc, 0x6d, 0x9f, - 0xb8, 0xf3, 0xb8, 0xf5, 0xad, 0x3b, 0x8f, 0x5b, 0xbf, 0x77, 0xe7, 0x71, 0xeb, 0x8f, 0xee, 0x3c, - 0x6e, 0x7d, 0xe7, 0xce, 0xe3, 0xd6, 0x97, 0xfe, 0xd3, 0xe3, 0x6f, 0x7b, 0x39, 0x37, 0x50, 0x91, - 0xfe, 0x78, 0xa6, 0xd1, 0x9c, 0xda, 0xba, 0xc0, 0x62, 0xe5, 0xe8, 0xf2, 0x9a, 0x32, 0xe6, 0xd4, - 0x94, 0x5c, 0x5e, 0xff, 0x2f, 0x00, 0x00, 0xff, 0xff, 0x13, 0x8b, 0x32, 0x8c, 0xdc, 0xe2, 0x00, - 0x00, + 0x65, 0x3b, 0x95, 0x52, 0x4a, 0x49, 0xd9, 0xe5, 0x72, 0x59, 0x4e, 0x62, 0x23, 0xd2, 0xa5, 0x52, + 0x49, 0xa5, 0x2a, 0xae, 0x72, 0xe2, 0x1f, 0xc9, 0x25, 0x3f, 0x52, 0xfd, 0xdd, 0x33, 0x3b, 0x0b, + 0x2c, 0x80, 0xc1, 0xdd, 0x49, 0xe6, 0xbf, 0xdd, 0x7e, 0x6f, 0xde, 0xeb, 0xe9, 0xe9, 0x7e, 0xef, + 0xf5, 0xeb, 0xf7, 0x5e, 0xc3, 0x42, 0xcb, 0x4d, 0x36, 0x3a, 0x6b, 0x93, 0x8d, 0xa0, 0x3d, 0xe5, + 0x44, 0xad, 0x20, 0x8c, 0x82, 0x5b, 0xec, 0xc7, 0x33, 0x8d, 0xe6, 0xd4, 0xd6, 0x85, 0xa9, 0x70, + 0xb3, 0x35, 0xe5, 0x84, 0x6e, 0x3c, 0xe5, 0x84, 0xa1, 0xe7, 0x36, 0x9c, 0xc4, 0x0d, 0xfc, 0xa9, + 0xad, 0x67, 0x1d, 0x2f, 0xdc, 0x70, 0x9e, 0x9d, 0x6a, 0x11, 0x9f, 0x44, 0x4e, 0x42, 0x9a, 0x93, + 0x61, 0x14, 0x24, 0x01, 0xfa, 0x51, 0x4d, 0x6d, 0x52, 0x52, 0x63, 0x3f, 0x5e, 0x6d, 0x34, 0x27, + 0xb7, 0x2e, 0x4c, 0x86, 0x9b, 0xad, 0x49, 0x4a, 0x6d, 0xd2, 0xa0, 0x36, 0x29, 0xa9, 0x9d, 0x7b, + 0xc6, 0xe8, 0x4b, 0x2b, 0x68, 0x05, 0x53, 0x8c, 0xe8, 0x5a, 0x67, 0x9d, 0xfd, 0x63, 0x7f, 0xd8, + 0x2f, 0xce, 0xec, 0x9c, 0xbd, 0xf9, 0x42, 0x3c, 0xe9, 0x06, 0xb4, 0x7b, 0x53, 0x8d, 0x20, 0x22, + 0x53, 0x5b, 0x5d, 0x1d, 0x3a, 0x77, 0x59, 0xe3, 0x90, 0xed, 0x84, 0xf8, 0xb1, 0x1b, 0xf8, 0xf1, + 0x33, 0xb4, 0x0b, 0x24, 0xda, 0x22, 0x91, 0xf9, 0x7a, 0x06, 0x42, 0x1e, 0xa5, 0xe7, 0x34, 0xa5, + 0xb6, 0xd3, 0xd8, 0x70, 0x7d, 0x12, 0xed, 0xe8, 0xc7, 0xdb, 0x24, 0x71, 0xf2, 0x9e, 0x9a, 0xea, + 0xf5, 0x54, 0xd4, 0xf1, 0x13, 0xb7, 0x4d, 0xba, 0x1e, 0x78, 0xcf, 0x7e, 0x0f, 0xc4, 0x8d, 0x0d, + 0xd2, 0x76, 0xba, 0x9e, 0x7b, 0x77, 0xaf, 0xe7, 0x3a, 0x89, 0xeb, 0x4d, 0xb9, 0x7e, 0x12, 0x27, + 0x51, 0xf6, 0x21, 0xfb, 0x17, 0x2d, 0x18, 0x9d, 0xbe, 0xb9, 0x32, 0xdd, 0x49, 0x36, 0x66, 0x02, + 0x7f, 0xdd, 0x6d, 0xa1, 0xe7, 0x61, 0xb8, 0xe1, 0x75, 0xe2, 0x84, 0x44, 0xd7, 0x9c, 0x36, 0x19, + 0xb7, 0xce, 0x5b, 0x4f, 0xd5, 0xea, 0xa7, 0xbf, 0xb9, 0x3b, 0xf1, 0xb6, 0x3b, 0xbb, 0x13, 0xc3, + 0x33, 0x1a, 0x84, 0x4d, 0x3c, 0xf4, 0x4e, 0x18, 0x8a, 0x02, 0x8f, 0x4c, 0xe3, 0x6b, 0xe3, 0x25, + 0xf6, 0xc8, 0x09, 0xf1, 0xc8, 0x10, 0xe6, 0xcd, 0x58, 0xc2, 0x29, 0x6a, 0x18, 0x05, 0xeb, 0xae, + 0x47, 0xc6, 0xcb, 0x69, 0xd4, 0x65, 0xde, 0x8c, 0x25, 0xdc, 0xfe, 0xc3, 0x12, 0xc0, 0x74, 0x18, + 0x2e, 0x47, 0xc1, 0x2d, 0xd2, 0x48, 0xd0, 0x47, 0xa0, 0x4a, 0x87, 0xb9, 0xe9, 0x24, 0x0e, 0xeb, + 0xd8, 0xf0, 0x85, 0x1f, 0x9e, 0xe4, 0x6f, 0x3d, 0x69, 0xbe, 0xb5, 0x9e, 0x64, 0x14, 0x7b, 0x72, + 0xeb, 0xd9, 0xc9, 0xa5, 0x35, 0xfa, 0xfc, 0x22, 0x49, 0x9c, 0x3a, 0x12, 0xcc, 0x40, 0xb7, 0x61, + 0x45, 0x15, 0xf9, 0x30, 0x10, 0x87, 0xa4, 0xc1, 0xde, 0x61, 0xf8, 0xc2, 0xc2, 0xe4, 0x51, 0x66, + 0xf3, 0xa4, 0xee, 0xf9, 0x4a, 0x48, 0x1a, 0xf5, 0x11, 0xc1, 0x79, 0x80, 0xfe, 0xc3, 0x8c, 0x0f, + 0xda, 0x82, 0xc1, 0x38, 0x71, 0x92, 0x4e, 0xcc, 0x86, 0x62, 0xf8, 0xc2, 0xb5, 0xc2, 0x38, 0x32, + 0xaa, 0xf5, 0x31, 0xc1, 0x73, 0x90, 0xff, 0xc7, 0x82, 0x9b, 0xfd, 0x27, 0x16, 0x8c, 0x69, 0xe4, + 0x05, 0x37, 0x4e, 0xd0, 0x4f, 0x74, 0x0d, 0xee, 0x64, 0x7f, 0x83, 0x4b, 0x9f, 0x66, 0x43, 0x7b, + 0x52, 0x30, 0xab, 0xca, 0x16, 0x63, 0x60, 0xdb, 0x50, 0x71, 0x13, 0xd2, 0x8e, 0xc7, 0x4b, 0xe7, + 0xcb, 0x4f, 0x0d, 0x5f, 0xb8, 0x5c, 0xd4, 0x7b, 0xd6, 0x47, 0x05, 0xd3, 0xca, 0x3c, 0x25, 0x8f, + 0x39, 0x17, 0xfb, 0x57, 0x47, 0xcc, 0xf7, 0xa3, 0x03, 0x8e, 0x9e, 0x85, 0xe1, 0x38, 0xe8, 0x44, + 0x0d, 0x82, 0x49, 0x18, 0xc4, 0xe3, 0xd6, 0xf9, 0x32, 0x9d, 0x7a, 0x74, 0x52, 0xaf, 0xe8, 0x66, + 0x6c, 0xe2, 0xa0, 0x2f, 0x58, 0x30, 0xd2, 0x24, 0x71, 0xe2, 0xfa, 0x8c, 0xbf, 0xec, 0xfc, 0xea, + 0x91, 0x3b, 0x2f, 0x1b, 0x67, 0x35, 0xf1, 0xfa, 0x19, 0xf1, 0x22, 0x23, 0x46, 0x63, 0x8c, 0x53, + 0xfc, 0xe9, 0xe2, 0x6c, 0x92, 0xb8, 0x11, 0xb9, 0x21, 0xfd, 0x2f, 0x96, 0x8f, 0x5a, 0x9c, 0xb3, + 0x1a, 0x84, 0x4d, 0x3c, 0xe4, 0x43, 0x85, 0x2e, 0xbe, 0x78, 0x7c, 0x80, 0xf5, 0x7f, 0xfe, 0x68, + 0xfd, 0x17, 0x83, 0x4a, 0xd7, 0xb5, 0x1e, 0x7d, 0xfa, 0x2f, 0xc6, 0x9c, 0x0d, 0xfa, 0xbc, 0x05, + 0xe3, 0x42, 0x38, 0x60, 0xc2, 0x07, 0xf4, 0xe6, 0x86, 0x9b, 0x10, 0xcf, 0x8d, 0x93, 0xf1, 0x0a, + 0xeb, 0xc3, 0x54, 0x7f, 0x73, 0x6b, 0x2e, 0x0a, 0x3a, 0xe1, 0x55, 0xd7, 0x6f, 0xd6, 0xcf, 0x0b, + 0x4e, 0xe3, 0x33, 0x3d, 0x08, 0xe3, 0x9e, 0x2c, 0xd1, 0x97, 0x2d, 0x38, 0xe7, 0x3b, 0x6d, 0x12, + 0x87, 0x0e, 0xfd, 0xb4, 0x1c, 0x5c, 0xf7, 0x9c, 0xc6, 0x26, 0xeb, 0xd1, 0xe0, 0xe1, 0x7a, 0x64, + 0x8b, 0x1e, 0x9d, 0xbb, 0xd6, 0x93, 0x34, 0xde, 0x83, 0x2d, 0xfa, 0xba, 0x05, 0xa7, 0x82, 0x28, + 0xdc, 0x70, 0x7c, 0xd2, 0x94, 0xd0, 0x78, 0x7c, 0x88, 0x2d, 0xbd, 0x0f, 0x1f, 0xed, 0x13, 0x2d, + 0x65, 0xc9, 0x2e, 0x06, 0xbe, 0x9b, 0x04, 0xd1, 0x0a, 0x49, 0x12, 0xd7, 0x6f, 0xc5, 0xf5, 0xb3, + 0x77, 0x76, 0x27, 0x4e, 0x75, 0x61, 0xe1, 0xee, 0xfe, 0xa0, 0x9f, 0x84, 0xe1, 0x78, 0xc7, 0x6f, + 0xdc, 0x74, 0xfd, 0x66, 0x70, 0x3b, 0x1e, 0xaf, 0x16, 0xb1, 0x7c, 0x57, 0x14, 0x41, 0xb1, 0x00, + 0x35, 0x03, 0x6c, 0x72, 0xcb, 0xff, 0x70, 0x7a, 0x2a, 0xd5, 0x8a, 0xfe, 0x70, 0x7a, 0x32, 0xed, + 0xc1, 0x16, 0xfd, 0x9c, 0x05, 0xa3, 0xb1, 0xdb, 0xf2, 0x9d, 0xa4, 0x13, 0x91, 0xab, 0x64, 0x27, + 0x1e, 0x07, 0xd6, 0x91, 0x2b, 0x47, 0x1c, 0x15, 0x83, 0x64, 0xfd, 0xac, 0xe8, 0xe3, 0xa8, 0xd9, + 0x1a, 0xe3, 0x34, 0xdf, 0xbc, 0x85, 0xa6, 0xa7, 0xf5, 0x70, 0xb1, 0x0b, 0x4d, 0x4f, 0xea, 0x9e, + 0x2c, 0xd1, 0x8f, 0xc3, 0x49, 0xde, 0xa4, 0x46, 0x36, 0x1e, 0x1f, 0x61, 0x82, 0xf6, 0xcc, 0x9d, + 0xdd, 0x89, 0x93, 0x2b, 0x19, 0x18, 0xee, 0xc2, 0x46, 0xaf, 0xc1, 0x44, 0x48, 0xa2, 0xb6, 0x9b, + 0x2c, 0xf9, 0xde, 0x8e, 0x14, 0xdf, 0x8d, 0x20, 0x24, 0x4d, 0xd1, 0x9d, 0x78, 0x7c, 0xf4, 0xbc, + 0xf5, 0x54, 0xb5, 0xfe, 0x0e, 0xd1, 0xcd, 0x89, 0xe5, 0xbd, 0xd1, 0xf1, 0x7e, 0xf4, 0xec, 0x7f, + 0x53, 0x82, 0x93, 0x59, 0xc5, 0x89, 0xfe, 0xae, 0x05, 0x27, 0x6e, 0xdd, 0x4e, 0x56, 0x83, 0x4d, + 0xe2, 0xc7, 0xf5, 0x1d, 0x2a, 0xde, 0x98, 0xca, 0x18, 0xbe, 0xd0, 0x28, 0x56, 0x45, 0x4f, 0x5e, + 0x49, 0x73, 0xb9, 0xe8, 0x27, 0xd1, 0x4e, 0xfd, 0x61, 0xf1, 0x76, 0x27, 0xae, 0xdc, 0x5c, 0x35, + 0xa1, 0x38, 0xdb, 0xa9, 0x73, 0x9f, 0xb5, 0xe0, 0x4c, 0x1e, 0x09, 0x74, 0x12, 0xca, 0x9b, 0x64, + 0x87, 0x1b, 0x70, 0x98, 0xfe, 0x44, 0xaf, 0x40, 0x65, 0xcb, 0xf1, 0x3a, 0x44, 0x58, 0x37, 0x73, + 0x47, 0x7b, 0x11, 0xd5, 0x33, 0xcc, 0xa9, 0xbe, 0xb7, 0xf4, 0x82, 0x65, 0xff, 0x6e, 0x19, 0x86, + 0x0d, 0xfd, 0x76, 0x0f, 0x2c, 0xb6, 0x20, 0x65, 0xb1, 0x2d, 0x16, 0xa6, 0x9a, 0x7b, 0x9a, 0x6c, + 0xb7, 0x33, 0x26, 0xdb, 0x52, 0x71, 0x2c, 0xf7, 0xb4, 0xd9, 0x50, 0x02, 0xb5, 0x20, 0xa4, 0xd6, + 0x3b, 0x55, 0xfd, 0x03, 0x45, 0x7c, 0xc2, 0x25, 0x49, 0xae, 0x3e, 0x7a, 0x67, 0x77, 0xa2, 0xa6, + 0xfe, 0x62, 0xcd, 0xc8, 0xfe, 0xb6, 0x05, 0x67, 0x8c, 0x3e, 0xce, 0x04, 0x7e, 0xd3, 0x65, 0x9f, + 0xf6, 0x3c, 0x0c, 0x24, 0x3b, 0xa1, 0xdc, 0x21, 0xa8, 0x91, 0x5a, 0xdd, 0x09, 0x09, 0x66, 0x10, + 0x6a, 0xe8, 0xb7, 0x49, 0x1c, 0x3b, 0x2d, 0x92, 0xdd, 0x13, 0x2c, 0xf2, 0x66, 0x2c, 0xe1, 0x28, + 0x02, 0xe4, 0x39, 0x71, 0xb2, 0x1a, 0x39, 0x7e, 0xcc, 0xc8, 0xaf, 0xba, 0x6d, 0x22, 0x06, 0xf8, + 0x2f, 0xf5, 0x37, 0x63, 0xe8, 0x13, 0xf5, 0x87, 0xee, 0xec, 0x4e, 0xa0, 0x85, 0x2e, 0x4a, 0x38, + 0x87, 0xba, 0xfd, 0x65, 0x0b, 0x1e, 0xca, 0xb7, 0xc5, 0xd0, 0x93, 0x30, 0xc8, 0xb7, 0x87, 0xe2, + 0xed, 0xf4, 0x27, 0x61, 0xad, 0x58, 0x40, 0xd1, 0x14, 0xd4, 0x94, 0x9e, 0x10, 0xef, 0x78, 0x4a, + 0xa0, 0xd6, 0xb4, 0x72, 0xd1, 0x38, 0x74, 0xd0, 0xe8, 0x1f, 0x61, 0xb9, 0xa9, 0x41, 0x63, 0xfb, + 0x29, 0x06, 0xb1, 0xff, 0x93, 0x05, 0x27, 0x8c, 0x5e, 0xdd, 0x03, 0xd3, 0xdc, 0x4f, 0x9b, 0xe6, + 0xf3, 0x85, 0xcd, 0xe7, 0x1e, 0xb6, 0xf9, 0xe7, 0x2d, 0x38, 0x67, 0x60, 0x2d, 0x3a, 0x49, 0x63, + 0xe3, 0xe2, 0x76, 0x18, 0x91, 0x98, 0x6e, 0xbd, 0xd1, 0x63, 0x86, 0xdc, 0xaa, 0x0f, 0x0b, 0x0a, + 0xe5, 0xab, 0x64, 0x87, 0x0b, 0xb1, 0xa7, 0xa1, 0xca, 0x27, 0x67, 0x10, 0x89, 0x11, 0x57, 0xef, + 0xb6, 0x24, 0xda, 0xb1, 0xc2, 0x40, 0x36, 0x0c, 0x32, 0xe1, 0x44, 0x17, 0x2b, 0x55, 0x43, 0x40, + 0x3f, 0xe2, 0x0d, 0xd6, 0x82, 0x05, 0xc4, 0x8e, 0x53, 0xdd, 0x59, 0x8e, 0x08, 0xfb, 0xb8, 0xcd, + 0x4b, 0x2e, 0xf1, 0x9a, 0x31, 0xdd, 0x36, 0x38, 0xbe, 0x1f, 0x24, 0x62, 0x07, 0x60, 0x6c, 0x1b, + 0xa6, 0x75, 0x33, 0x36, 0x71, 0x28, 0x53, 0xcf, 0x59, 0x23, 0x1e, 0x1f, 0x51, 0xc1, 0x74, 0x81, + 0xb5, 0x60, 0x01, 0xb1, 0xef, 0x94, 0xd8, 0x06, 0x45, 0x2d, 0x7d, 0x72, 0x2f, 0x76, 0xb7, 0x51, + 0x4a, 0x56, 0x2e, 0x17, 0x27, 0xb8, 0x48, 0xef, 0x1d, 0xee, 0xeb, 0x19, 0x71, 0x89, 0x0b, 0xe5, + 0xba, 0xf7, 0x2e, 0xf7, 0xb7, 0x4a, 0x30, 0x91, 0x7e, 0xa0, 0x4b, 0xda, 0xd2, 0x2d, 0x95, 0xc1, + 0x28, 0xeb, 0xef, 0x30, 0xf0, 0xb1, 0x89, 0xd7, 0x43, 0x60, 0x95, 0x8e, 0x53, 0x60, 0x99, 0xf2, + 0xb4, 0xbc, 0x8f, 0x3c, 0x7d, 0x52, 0x8d, 0xfa, 0x40, 0x46, 0x80, 0xa5, 0x75, 0xca, 0x79, 0x18, + 0x88, 0x13, 0x12, 0x8e, 0x57, 0xd2, 0xf2, 0x68, 0x25, 0x21, 0x21, 0x66, 0x10, 0xfb, 0xbf, 0x97, + 0xe0, 0xe1, 0xf4, 0x18, 0x6a, 0x15, 0xf0, 0xfe, 0x94, 0x0a, 0x78, 0x97, 0xa9, 0x02, 0xee, 0xee, + 0x4e, 0xbc, 0xbd, 0xc7, 0x63, 0xdf, 0x33, 0x1a, 0x02, 0xcd, 0x65, 0x46, 0x71, 0x2a, 0x3d, 0x8a, + 0x77, 0x77, 0x27, 0x1e, 0xeb, 0xf1, 0x8e, 0x99, 0x61, 0x7e, 0x12, 0x06, 0x23, 0xe2, 0xc4, 0x81, + 0x2f, 0x06, 0x5a, 0x7d, 0x0e, 0xcc, 0x5a, 0xb1, 0x80, 0xda, 0xbf, 0x5f, 0xcb, 0x0e, 0xf6, 0x1c, + 0x77, 0xd8, 0x05, 0x11, 0x72, 0x61, 0x80, 0x99, 0xf5, 0x5c, 0x34, 0x5c, 0x3d, 0xda, 0x32, 0xa2, + 0x6a, 0x40, 0x91, 0xae, 0x57, 0xe9, 0x57, 0xa3, 0x4d, 0x98, 0xb1, 0x40, 0xdb, 0x50, 0x6d, 0x48, + 0x6b, 0xbb, 0x54, 0x84, 0x5f, 0x4a, 0xd8, 0xda, 0x9a, 0xe3, 0x08, 0x95, 0xd7, 0xca, 0x44, 0x57, + 0xdc, 0x10, 0x81, 0x72, 0xcb, 0x4d, 0xc4, 0x67, 0x3d, 0xe2, 0x7e, 0x6a, 0xce, 0x35, 0x5e, 0x71, + 0x88, 0x2a, 0x91, 0x39, 0x37, 0xc1, 0x94, 0x3e, 0xfa, 0x19, 0x0b, 0x86, 0xe3, 0x46, 0x7b, 0x39, + 0x0a, 0xb6, 0xdc, 0x26, 0x89, 0x84, 0x35, 0x75, 0x44, 0xd1, 0xb4, 0x32, 0xb3, 0x28, 0x09, 0x6a, + 0xbe, 0x7c, 0x7f, 0xab, 0x21, 0xd8, 0xe4, 0x4b, 0x77, 0x19, 0x0f, 0x8b, 0x77, 0x9f, 0x25, 0x0d, + 0x97, 0xea, 0x3f, 0xb9, 0xa9, 0x62, 0x33, 0xe5, 0xc8, 0xd6, 0xe5, 0x6c, 0xa7, 0xb1, 0x49, 0xd7, + 0x9b, 0xee, 0xd0, 0xdb, 0xef, 0xec, 0x4e, 0x3c, 0x3c, 0x93, 0xcf, 0x13, 0xf7, 0xea, 0x0c, 0x1b, + 0xb0, 0xb0, 0xe3, 0x79, 0x98, 0xbc, 0xd6, 0x21, 0xcc, 0x65, 0x52, 0xc0, 0x80, 0x2d, 0x6b, 0x82, + 0x99, 0x01, 0x33, 0x20, 0xd8, 0xe4, 0x8b, 0x5e, 0x83, 0xc1, 0xb6, 0x93, 0x44, 0xee, 0xb6, 0xf0, + 0x93, 0x1c, 0xd1, 0xde, 0x5f, 0x64, 0xb4, 0x34, 0x73, 0xa6, 0xa9, 0x79, 0x23, 0x16, 0x8c, 0x50, + 0x1b, 0x2a, 0x6d, 0x12, 0xb5, 0xc8, 0x78, 0xb5, 0x08, 0x9f, 0xf0, 0x22, 0x25, 0xa5, 0x19, 0xd6, + 0xa8, 0x75, 0xc4, 0xda, 0x30, 0xe7, 0x82, 0x5e, 0x81, 0x6a, 0x4c, 0x3c, 0xd2, 0xa0, 0xf6, 0x4d, + 0x8d, 0x71, 0x7c, 0x77, 0x9f, 0xb6, 0x1e, 0x35, 0x2c, 0x56, 0xc4, 0xa3, 0x7c, 0x81, 0xc9, 0x7f, + 0x58, 0x91, 0xa4, 0x03, 0x18, 0x7a, 0x9d, 0x96, 0xeb, 0x8f, 0x43, 0x11, 0x03, 0xb8, 0xcc, 0x68, + 0x65, 0x06, 0x90, 0x37, 0x62, 0xc1, 0xc8, 0xfe, 0x2f, 0x16, 0xa0, 0xb4, 0x50, 0xbb, 0x07, 0x46, + 0xed, 0x6b, 0x69, 0xa3, 0x76, 0xa1, 0x48, 0xab, 0xa3, 0x87, 0x5d, 0xfb, 0x1b, 0x35, 0xc8, 0xa8, + 0x83, 0x6b, 0x24, 0x4e, 0x48, 0xf3, 0x2d, 0x11, 0xfe, 0x96, 0x08, 0x7f, 0x4b, 0x84, 0x2b, 0x11, + 0xbe, 0x96, 0x11, 0xe1, 0xef, 0x33, 0x56, 0xbd, 0x3e, 0x80, 0x7d, 0x55, 0x9d, 0xd0, 0x9a, 0x3d, + 0x30, 0x10, 0xa8, 0x24, 0xb8, 0xb2, 0xb2, 0x74, 0x2d, 0x57, 0x66, 0xbf, 0x9a, 0x96, 0xd9, 0x47, + 0x65, 0xf1, 0x17, 0x41, 0x4a, 0xff, 0x6b, 0x0b, 0xde, 0x91, 0x96, 0x5e, 0x72, 0xe6, 0xcc, 0xb7, + 0xfc, 0x20, 0x22, 0xb3, 0xee, 0xfa, 0x3a, 0x89, 0x88, 0xdf, 0x20, 0xb1, 0xf2, 0x62, 0x58, 0xbd, + 0xbc, 0x18, 0xe8, 0x39, 0x18, 0xb9, 0x15, 0x07, 0xfe, 0x72, 0xe0, 0xfa, 0x42, 0x04, 0xd1, 0x8d, + 0xf0, 0xc9, 0x3b, 0xbb, 0x13, 0x23, 0x74, 0x44, 0x65, 0x3b, 0x4e, 0x61, 0xa1, 0x19, 0x38, 0x75, + 0xeb, 0xb5, 0x65, 0x27, 0x31, 0xdc, 0x01, 0x72, 0xe3, 0xce, 0x0e, 0x2c, 0xae, 0xbc, 0x94, 0x01, + 0xe2, 0x6e, 0x7c, 0xfb, 0x6f, 0x95, 0xe0, 0x91, 0xcc, 0x8b, 0x04, 0x9e, 0x17, 0x74, 0x12, 0xba, + 0xa9, 0x41, 0x5f, 0xb5, 0xe0, 0x64, 0x3b, 0xed, 0x71, 0x88, 0x85, 0x63, 0xf7, 0x03, 0x85, 0xe9, + 0x88, 0x8c, 0x4b, 0xa3, 0x3e, 0x2e, 0x46, 0xe8, 0x64, 0x06, 0x10, 0xe3, 0xae, 0xbe, 0xa0, 0x57, + 0xa0, 0xd6, 0x76, 0xb6, 0xaf, 0x87, 0x4d, 0x27, 0x91, 0xfb, 0xc9, 0xde, 0x6e, 0x80, 0x4e, 0xe2, + 0x7a, 0x93, 0xfc, 0x68, 0x7f, 0x72, 0xde, 0x4f, 0x96, 0xa2, 0x95, 0x24, 0x72, 0xfd, 0x16, 0x77, + 0xe7, 0x2d, 0x4a, 0x32, 0x58, 0x53, 0xb4, 0xbf, 0x62, 0x65, 0x95, 0x94, 0x1a, 0x9d, 0xc8, 0x49, + 0x48, 0x6b, 0x07, 0x7d, 0x14, 0x2a, 0x74, 0xe3, 0x27, 0x47, 0xe5, 0x66, 0x91, 0x9a, 0xd3, 0xf8, + 0x12, 0x5a, 0x89, 0xd2, 0x7f, 0x31, 0xe6, 0x4c, 0xed, 0xaf, 0xd6, 0xb2, 0xc6, 0x02, 0x3b, 0xbc, + 0xbd, 0x00, 0xd0, 0x0a, 0x56, 0x49, 0x3b, 0xf4, 0xe8, 0xb0, 0x58, 0xec, 0x04, 0x40, 0xf9, 0x3a, + 0xe6, 0x14, 0x04, 0x1b, 0x58, 0xe8, 0xaf, 0x58, 0x00, 0x2d, 0x39, 0xe7, 0xa5, 0x21, 0x70, 0xbd, + 0xc8, 0xd7, 0xd1, 0x2b, 0x4a, 0xf7, 0x45, 0x31, 0xc4, 0x06, 0x73, 0xf4, 0xd3, 0x16, 0x54, 0x13, + 0xd9, 0x7d, 0xae, 0x1a, 0x57, 0x8b, 0xec, 0x89, 0x7c, 0x69, 0x6d, 0x13, 0xa9, 0x21, 0x51, 0x7c, + 0xd1, 0xcf, 0x5a, 0x00, 0xf1, 0x8e, 0xdf, 0x58, 0x0e, 0x3c, 0xb7, 0xb1, 0x23, 0x34, 0xe6, 0x8d, + 0x42, 0xfd, 0x31, 0x8a, 0x7a, 0x7d, 0x8c, 0x8e, 0x86, 0xfe, 0x8f, 0x0d, 0xce, 0xe8, 0xe3, 0x50, + 0x8d, 0xc5, 0x74, 0x13, 0x3a, 0x72, 0xb5, 0x58, 0xaf, 0x10, 0xa7, 0x2d, 0xc4, 0xab, 0xf8, 0x87, + 0x15, 0x4f, 0xf4, 0xf3, 0x16, 0x9c, 0x08, 0xd3, 0x7e, 0x3e, 0xa1, 0x0e, 0x8b, 0x93, 0x01, 0x19, + 0x3f, 0x62, 0xfd, 0xf4, 0x9d, 0xdd, 0x89, 0x13, 0x99, 0x46, 0x9c, 0xed, 0x05, 0x95, 0x80, 0x7a, + 0x06, 0x2f, 0x85, 0xdc, 0xe7, 0x38, 0xa4, 0x25, 0xe0, 0x5c, 0x16, 0x88, 0xbb, 0xf1, 0xd1, 0x32, + 0x9c, 0xa1, 0xbd, 0xdb, 0xe1, 0xe6, 0xa7, 0x54, 0x2f, 0x31, 0x53, 0x86, 0xd5, 0xfa, 0xa3, 0x62, + 0x86, 0x30, 0xaf, 0x7e, 0x16, 0x07, 0xe7, 0x3e, 0x89, 0x7e, 0xd7, 0x82, 0x47, 0x5d, 0xa6, 0x06, + 0x4c, 0x87, 0xb9, 0xd6, 0x08, 0xe2, 0x24, 0x96, 0x14, 0x2a, 0x2b, 0x7a, 0xa9, 0x9f, 0xfa, 0x0f, + 0x8a, 0x37, 0x78, 0x74, 0x7e, 0x8f, 0x2e, 0xe1, 0x3d, 0x3b, 0x8c, 0x7e, 0x04, 0x46, 0xe5, 0xba, + 0x58, 0xa6, 0x22, 0x98, 0x29, 0xda, 0x5a, 0xfd, 0xd4, 0x9d, 0xdd, 0x89, 0xd1, 0x55, 0x13, 0x80, + 0xd3, 0x78, 0xf6, 0xb7, 0x4a, 0xa9, 0xf3, 0x10, 0xe5, 0x84, 0x64, 0xe2, 0xa6, 0x21, 0xfd, 0x3f, + 0x52, 0x7a, 0x16, 0x2a, 0x6e, 0x94, 0x77, 0x49, 0x8b, 0x1b, 0xd5, 0x14, 0x63, 0x83, 0x39, 0x35, + 0x4a, 0x4f, 0x39, 0x59, 0x57, 0xa7, 0x90, 0x80, 0xaf, 0x14, 0xd9, 0xa5, 0xee, 0xd3, 0xab, 0x47, + 0x44, 0xd7, 0x4e, 0x75, 0x81, 0x70, 0x77, 0x97, 0xec, 0x6f, 0xa5, 0xcf, 0x60, 0x8c, 0xc5, 0xdb, + 0xc7, 0xf9, 0xd2, 0x17, 0x2c, 0x18, 0x8e, 0x02, 0xcf, 0x73, 0xfd, 0x16, 0x15, 0x34, 0x42, 0x5b, + 0x7e, 0xe8, 0x58, 0x14, 0x96, 0x90, 0x28, 0xcc, 0xb4, 0xc5, 0x9a, 0x27, 0x36, 0x3b, 0x60, 0xff, + 0x89, 0x05, 0xe3, 0xbd, 0x04, 0x22, 0x22, 0xf0, 0x76, 0xb9, 0xda, 0x55, 0x74, 0xc5, 0x92, 0x3f, + 0x4b, 0x3c, 0xa2, 0x1c, 0xcf, 0xd5, 0xfa, 0x13, 0xe2, 0x35, 0xdf, 0xbe, 0xdc, 0x1b, 0x15, 0xef, + 0x45, 0x07, 0xbd, 0x0c, 0x27, 0x8d, 0xf7, 0x8a, 0xd5, 0xc0, 0xd4, 0xea, 0x93, 0xd4, 0x02, 0x99, + 0xce, 0xc0, 0xee, 0xee, 0x4e, 0x3c, 0x94, 0x6d, 0x13, 0x12, 0xbb, 0x8b, 0x8e, 0xfd, 0x2b, 0xa5, + 0xec, 0xd7, 0x52, 0xca, 0xf6, 0x4d, 0xab, 0x6b, 0x3b, 0xff, 0x81, 0xe3, 0x50, 0x70, 0x6c, 0xe3, + 0xaf, 0x02, 0x38, 0x7a, 0xe3, 0xdc, 0xc7, 0x13, 0x62, 0xfb, 0xdf, 0x0e, 0xc0, 0x1e, 0x3d, 0xeb, + 0xc3, 0x7a, 0x3e, 0xf0, 0xb1, 0xe2, 0xe7, 0x2c, 0x75, 0xe4, 0x54, 0x66, 0x8b, 0xbc, 0x79, 0x5c, + 0x63, 0xcf, 0x37, 0x30, 0x31, 0x8f, 0x52, 0x50, 0x6e, 0xec, 0xf4, 0xe1, 0x16, 0xfa, 0x9a, 0x95, + 0x3e, 0x34, 0xe3, 0x61, 0x67, 0xee, 0xb1, 0xf5, 0xc9, 0x38, 0x89, 0xe3, 0x1d, 0xd3, 0xe7, 0x37, + 0xbd, 0xce, 0xe8, 0x26, 0x01, 0xd6, 0x5d, 0xdf, 0xf1, 0xdc, 0xd7, 0xe9, 0xf6, 0xa4, 0xc2, 0x34, + 0x2c, 0x33, 0x59, 0x2e, 0xa9, 0x56, 0x6c, 0x60, 0x9c, 0xfb, 0xcb, 0x30, 0x6c, 0xbc, 0x79, 0x4e, + 0x70, 0xc5, 0x19, 0x33, 0xb8, 0xa2, 0x66, 0xc4, 0x44, 0x9c, 0x7b, 0x1f, 0x9c, 0xcc, 0x76, 0xf0, + 0x20, 0xcf, 0xdb, 0xff, 0x7b, 0x28, 0x7b, 0x8a, 0xb5, 0x4a, 0xa2, 0x36, 0xed, 0xda, 0x5b, 0x9e, + 0xa5, 0xb7, 0x3c, 0x4b, 0x6f, 0x79, 0x96, 0xcc, 0xc3, 0x01, 0xe1, 0x35, 0x19, 0xba, 0x47, 0x5e, + 0x93, 0x94, 0x1f, 0xa8, 0x5a, 0xb8, 0x1f, 0xc8, 0xbe, 0x53, 0x81, 0x94, 0x1d, 0xc5, 0xc7, 0xfb, + 0x9d, 0x30, 0x14, 0x91, 0x30, 0xb8, 0x8e, 0x17, 0x84, 0x0e, 0xd1, 0xb1, 0xf6, 0xbc, 0x19, 0x4b, + 0x38, 0xd5, 0x35, 0xa1, 0x93, 0x6c, 0x08, 0x25, 0xa2, 0x74, 0xcd, 0xb2, 0x93, 0x6c, 0x60, 0x06, + 0x41, 0xef, 0x83, 0xb1, 0xc4, 0x89, 0x5a, 0xd4, 0xde, 0xde, 0x62, 0x9f, 0x55, 0x9c, 0x75, 0x3e, + 0x24, 0x70, 0xc7, 0x56, 0x53, 0x50, 0x9c, 0xc1, 0x46, 0xaf, 0xc1, 0xc0, 0x06, 0xf1, 0xda, 0x62, + 0xc8, 0x57, 0x8a, 0x93, 0xf1, 0xec, 0x5d, 0x2f, 0x13, 0xaf, 0xcd, 0x25, 0x10, 0xfd, 0x85, 0x19, + 0x2b, 0x3a, 0xdf, 0x6a, 0x9b, 0x9d, 0x38, 0x09, 0xda, 0xee, 0xeb, 0xd2, 0xc5, 0xf7, 0x81, 0x82, + 0x19, 0x5f, 0x95, 0xf4, 0xb9, 0x2f, 0x45, 0xfd, 0xc5, 0x9a, 0x33, 0xeb, 0x47, 0xd3, 0x8d, 0xd8, + 0xa7, 0xda, 0x11, 0x9e, 0xba, 0xa2, 0xfb, 0x31, 0x2b, 0xe9, 0xf3, 0x7e, 0xa8, 0xbf, 0x58, 0x73, + 0x46, 0x3b, 0x6a, 0xde, 0x0f, 0xb3, 0x3e, 0x5c, 0x2f, 0xb8, 0x0f, 0x7c, 0xce, 0xe7, 0xce, 0xff, + 0x27, 0xa0, 0xd2, 0xd8, 0x70, 0xa2, 0x64, 0x7c, 0x84, 0x4d, 0x1a, 0xe5, 0xd3, 0x99, 0xa1, 0x8d, + 0x98, 0xc3, 0xd0, 0x63, 0x50, 0x8e, 0xc8, 0x3a, 0x8b, 0xdb, 0x34, 0x22, 0x7a, 0x30, 0x59, 0xc7, + 0xb4, 0xdd, 0xfe, 0xa5, 0x52, 0xda, 0x5c, 0x4a, 0xbf, 0x37, 0x9f, 0xed, 0x8d, 0x4e, 0x14, 0x4b, + 0xbf, 0x8f, 0x31, 0xdb, 0x59, 0x33, 0x96, 0x70, 0xf4, 0x49, 0x0b, 0x86, 0x6e, 0xc5, 0x81, 0xef, + 0x93, 0x44, 0xa8, 0xa6, 0x1b, 0x05, 0x0f, 0xc5, 0x15, 0x4e, 0x5d, 0xf7, 0x41, 0x34, 0x60, 0xc9, + 0x97, 0x76, 0x97, 0x6c, 0x37, 0xbc, 0x4e, 0xb3, 0x2b, 0x48, 0xe3, 0x22, 0x6f, 0xc6, 0x12, 0x4e, + 0x51, 0x5d, 0x9f, 0xa3, 0x0e, 0xa4, 0x51, 0xe7, 0x7d, 0x81, 0x2a, 0xe0, 0xf6, 0xdf, 0x18, 0x84, + 0xb3, 0xb9, 0x8b, 0x83, 0x1a, 0x32, 0xcc, 0x54, 0xb8, 0xe4, 0x7a, 0x44, 0x86, 0x27, 0x31, 0x43, + 0xe6, 0x86, 0x6a, 0xc5, 0x06, 0x06, 0xfa, 0x29, 0x80, 0xd0, 0x89, 0x9c, 0x36, 0x51, 0x7e, 0xd9, + 0x23, 0xdb, 0x0b, 0xb4, 0x1f, 0xcb, 0x92, 0xa6, 0xde, 0x9b, 0xaa, 0xa6, 0x18, 0x1b, 0x2c, 0xd1, + 0xf3, 0x30, 0x1c, 0x11, 0x8f, 0x38, 0x31, 0x0b, 0xfb, 0xcd, 0xe6, 0x30, 0x60, 0x0d, 0xc2, 0x26, + 0x1e, 0x7a, 0x52, 0x45, 0x72, 0x65, 0x22, 0x5a, 0xd2, 0xd1, 0x5c, 0xe8, 0x0d, 0x0b, 0xc6, 0xd6, + 0x5d, 0x8f, 0x68, 0xee, 0x22, 0xe3, 0x60, 0xe9, 0xe8, 0x2f, 0x79, 0xc9, 0xa4, 0xab, 0x25, 0x64, + 0xaa, 0x39, 0xc6, 0x19, 0xf6, 0xf4, 0x33, 0x6f, 0x91, 0x88, 0x89, 0xd6, 0xc1, 0xf4, 0x67, 0xbe, + 0xc1, 0x9b, 0xb1, 0x84, 0xa3, 0x69, 0x38, 0x11, 0x3a, 0x71, 0x3c, 0x13, 0x91, 0x26, 0xf1, 0x13, + 0xd7, 0xf1, 0x78, 0x3e, 0x40, 0x55, 0xc7, 0x03, 0x2f, 0xa7, 0xc1, 0x38, 0x8b, 0x8f, 0x3e, 0x08, + 0x0f, 0x73, 0xc7, 0xc7, 0xa2, 0x1b, 0xc7, 0xae, 0xdf, 0xd2, 0xd3, 0x40, 0xf8, 0x7f, 0x26, 0x04, + 0xa9, 0x87, 0xe7, 0xf3, 0xd1, 0x70, 0xaf, 0xe7, 0xd1, 0xd3, 0x50, 0x8d, 0x37, 0xdd, 0x70, 0x26, + 0x6a, 0xc6, 0xec, 0xd0, 0xa3, 0xaa, 0xbd, 0x8d, 0x2b, 0xa2, 0x1d, 0x2b, 0x0c, 0xd4, 0x80, 0x11, + 0xfe, 0x49, 0x78, 0x28, 0x9a, 0x90, 0x8f, 0xcf, 0xf4, 0x54, 0x8f, 0x22, 0xbd, 0x6d, 0x12, 0x3b, + 0xb7, 0x2f, 0xca, 0x23, 0x18, 0x7e, 0x62, 0x70, 0xc3, 0x20, 0x83, 0x53, 0x44, 0xed, 0x5f, 0x28, + 0xa5, 0x77, 0xdc, 0xe6, 0x22, 0x45, 0x31, 0x5d, 0x8a, 0xc9, 0x0d, 0x27, 0x92, 0xde, 0x98, 0x23, + 0xa6, 0x2d, 0x08, 0xba, 0x37, 0x9c, 0xc8, 0x5c, 0xd4, 0x8c, 0x01, 0x96, 0x9c, 0xd0, 0x2d, 0x18, + 0x48, 0x3c, 0xa7, 0xa0, 0x3c, 0x27, 0x83, 0xa3, 0x76, 0x80, 0x2c, 0x4c, 0xc7, 0x98, 0xf1, 0x40, + 0x8f, 0x52, 0xab, 0x7f, 0x4d, 0x1e, 0x91, 0x08, 0x43, 0x7d, 0x2d, 0xc6, 0xac, 0xd5, 0xbe, 0x0b, + 0x39, 0x72, 0x55, 0x29, 0x32, 0x74, 0x01, 0x80, 0x6e, 0x20, 0x97, 0x23, 0xb2, 0xee, 0x6e, 0x0b, + 0x43, 0x42, 0xad, 0xdd, 0x6b, 0x0a, 0x82, 0x0d, 0x2c, 0xf9, 0xcc, 0x4a, 0x67, 0x9d, 0x3e, 0x53, + 0xea, 0x7e, 0x86, 0x43, 0xb0, 0x81, 0x85, 0x9e, 0x83, 0x41, 0xb7, 0xed, 0xb4, 0x54, 0x08, 0xe6, + 0xa3, 0x74, 0xd1, 0xce, 0xb3, 0x96, 0xbb, 0xbb, 0x13, 0x63, 0xaa, 0x43, 0xac, 0x09, 0x0b, 0x5c, + 0xf4, 0x2b, 0x16, 0x8c, 0x34, 0x82, 0x76, 0x3b, 0xf0, 0xf9, 0xb6, 0x4b, 0xec, 0x21, 0x6f, 0x1d, + 0x97, 0x9a, 0x9f, 0x9c, 0x31, 0x98, 0xf1, 0x4d, 0xa4, 0x4a, 0xc8, 0x32, 0x41, 0x38, 0xd5, 0x2b, + 0x73, 0x6d, 0x57, 0xf6, 0x59, 0xdb, 0xbf, 0x6e, 0xc1, 0x29, 0xfe, 0xac, 0xb1, 0x1b, 0x14, 0xb9, + 0x47, 0xc1, 0x31, 0xbf, 0x56, 0xd7, 0x06, 0x59, 0x79, 0xe9, 0xba, 0xe0, 0xb8, 0xbb, 0x93, 0x68, + 0x0e, 0x4e, 0xad, 0x07, 0x51, 0x83, 0x98, 0x03, 0x21, 0x04, 0x93, 0x22, 0x74, 0x29, 0x8b, 0x80, + 0xbb, 0x9f, 0x41, 0x37, 0xe0, 0x21, 0xa3, 0xd1, 0x1c, 0x07, 0x2e, 0x9b, 0x1e, 0x17, 0xd4, 0x1e, + 0xba, 0x94, 0x8b, 0x85, 0x7b, 0x3c, 0x9d, 0x76, 0x98, 0xd4, 0xfa, 0x70, 0x98, 0xbc, 0x0a, 0x8f, + 0x34, 0xba, 0x47, 0x66, 0x2b, 0xee, 0xac, 0xc5, 0x5c, 0x52, 0x55, 0xeb, 0x3f, 0x20, 0x08, 0x3c, + 0x32, 0xd3, 0x0b, 0x11, 0xf7, 0xa6, 0x81, 0x3e, 0x0a, 0xd5, 0x88, 0xb0, 0xaf, 0x12, 0x8b, 0x44, + 0x9c, 0x23, 0xee, 0x92, 0xb5, 0x05, 0xca, 0xc9, 0x6a, 0xd9, 0x2b, 0x1a, 0x62, 0xac, 0x38, 0xa2, + 0xdb, 0x30, 0x14, 0x3a, 0x49, 0x63, 0x43, 0xa4, 0xdf, 0x1c, 0x39, 0xfe, 0x45, 0x31, 0x67, 0x3e, + 0x70, 0x23, 0x61, 0x97, 0x33, 0xc1, 0x92, 0x1b, 0xb5, 0x46, 0x1a, 0x41, 0x3b, 0x0c, 0x7c, 0xe2, + 0x27, 0xf1, 0xf8, 0xa8, 0xb6, 0x46, 0x66, 0x54, 0x2b, 0x36, 0x30, 0xd0, 0x32, 0x9c, 0x61, 0x3e, + 0xa3, 0x9b, 0x6e, 0xb2, 0x11, 0x74, 0x12, 0xb9, 0x05, 0x1a, 0x1f, 0x4b, 0x1f, 0x55, 0x2c, 0xe4, + 0xe0, 0xe0, 0xdc, 0x27, 0xcf, 0xbd, 0x1f, 0x4e, 0x75, 0x2d, 0xe5, 0x03, 0xb9, 0x6b, 0x66, 0xe1, + 0xa1, 0xfc, 0x45, 0x73, 0x20, 0xa7, 0xcd, 0x3f, 0xc9, 0x84, 0xcd, 0x1a, 0x86, 0x74, 0x1f, 0x0e, + 0x40, 0x07, 0xca, 0xc4, 0xdf, 0x12, 0x3a, 0xe4, 0xd2, 0xd1, 0xbe, 0xdd, 0x45, 0x7f, 0x8b, 0xaf, + 0x79, 0xe6, 0xe5, 0xb8, 0xe8, 0x6f, 0x61, 0x4a, 0x1b, 0x7d, 0xc9, 0x4a, 0x19, 0x82, 0xdc, 0x6d, + 0xf8, 0xe1, 0x63, 0xd9, 0x39, 0xf4, 0x6d, 0x1b, 0xda, 0xff, 0xae, 0x04, 0xe7, 0xf7, 0x23, 0xd2, + 0xc7, 0xf0, 0x3d, 0x01, 0x83, 0x31, 0x3b, 0x08, 0x17, 0x42, 0x79, 0x98, 0xce, 0x55, 0x7e, 0x34, + 0xfe, 0x2a, 0x16, 0x20, 0xe4, 0x41, 0xb9, 0xed, 0x84, 0xc2, 0x9b, 0x34, 0x7f, 0xd4, 0x44, 0x1a, + 0xfa, 0xdf, 0xf1, 0x16, 0x9d, 0x90, 0xfb, 0x28, 0x8c, 0x06, 0x4c, 0xd9, 0xa0, 0x04, 0x2a, 0x4e, + 0x14, 0x39, 0xf2, 0xd4, 0xf5, 0x6a, 0x31, 0xfc, 0xa6, 0x29, 0x49, 0x7e, 0x68, 0x95, 0x6a, 0xc2, + 0x9c, 0x99, 0xfd, 0xb9, 0xa1, 0x54, 0x32, 0x09, 0x3b, 0x4a, 0x8f, 0x61, 0x50, 0x38, 0x91, 0xac, + 0xa2, 0xf3, 0x97, 0x78, 0x36, 0x20, 0xdb, 0x27, 0x8a, 0x9c, 0x6a, 0xc1, 0x0a, 0x7d, 0xd6, 0x62, + 0x99, 0xcb, 0x32, 0xc1, 0x46, 0xec, 0xce, 0x8e, 0x27, 0x91, 0xda, 0xcc, 0x87, 0x96, 0x8d, 0xd8, + 0xe4, 0x2e, 0x2a, 0x10, 0x30, 0xab, 0xb4, 0xbb, 0x02, 0x01, 0xb3, 0x32, 0x25, 0x1c, 0x6d, 0xe7, + 0x1c, 0x99, 0x17, 0x90, 0xfd, 0xda, 0xc7, 0x21, 0xf9, 0xd7, 0x2c, 0x38, 0xe5, 0x66, 0xcf, 0x3e, + 0xc5, 0x5e, 0xe6, 0x88, 0x41, 0x19, 0xbd, 0x8f, 0x56, 0x95, 0x3a, 0xef, 0x02, 0xe1, 0xee, 0xce, + 0xa0, 0x26, 0x0c, 0xb8, 0xfe, 0x7a, 0x20, 0x8c, 0x98, 0xfa, 0xd1, 0x3a, 0x35, 0xef, 0xaf, 0x07, + 0x7a, 0x35, 0xd3, 0x7f, 0x98, 0x51, 0x47, 0x0b, 0x70, 0x26, 0x12, 0xde, 0xa6, 0xcb, 0x6e, 0x9c, + 0x04, 0xd1, 0xce, 0x82, 0xdb, 0x76, 0x13, 0x66, 0x80, 0x94, 0xeb, 0xe3, 0x54, 0x3f, 0xe0, 0x1c, + 0x38, 0xce, 0x7d, 0x0a, 0xbd, 0x0e, 0x43, 0x32, 0xd5, 0xba, 0x5a, 0xc4, 0xbe, 0xb0, 0x7b, 0xfe, + 0xab, 0xc9, 0xb4, 0x22, 0xb2, 0xaa, 0x25, 0x43, 0xfb, 0x8d, 0x61, 0xe8, 0x3e, 0x16, 0x45, 0x1f, + 0x83, 0x5a, 0xa4, 0xd2, 0xbf, 0xad, 0x22, 0xd4, 0xb5, 0xfc, 0xbe, 0xe2, 0x48, 0x56, 0x99, 0x42, + 0x3a, 0xd1, 0x5b, 0x73, 0xa4, 0x1b, 0x96, 0x58, 0x9f, 0x9e, 0x16, 0x30, 0xb7, 0x05, 0x57, 0x7d, + 0x32, 0xb6, 0xe3, 0x37, 0x30, 0xe3, 0x81, 0x22, 0x18, 0xdc, 0x20, 0x8e, 0x97, 0x6c, 0x14, 0xe3, + 0xc4, 0xbf, 0xcc, 0x68, 0x65, 0x93, 0x80, 0x78, 0x2b, 0x16, 0x9c, 0xd0, 0x36, 0x0c, 0x6d, 0xf0, + 0x09, 0x20, 0xf6, 0x10, 0x8b, 0x47, 0x1d, 0xdc, 0xd4, 0xac, 0xd2, 0x9f, 0x5b, 0x34, 0x60, 0xc9, + 0x8e, 0xc5, 0xdb, 0x18, 0x11, 0x01, 0x7c, 0xe9, 0x16, 0x97, 0xff, 0xd4, 0x7f, 0x38, 0xc0, 0x47, + 0x60, 0x24, 0x22, 0x8d, 0xc0, 0x6f, 0xb8, 0x1e, 0x69, 0x4e, 0x4b, 0x07, 0xfd, 0x41, 0xb2, 0x66, + 0xd8, 0x3e, 0x1c, 0x1b, 0x34, 0x70, 0x8a, 0x22, 0xfa, 0x8c, 0x05, 0x63, 0x2a, 0x67, 0x94, 0x7e, + 0x10, 0x22, 0x1c, 0xc2, 0x0b, 0x05, 0x65, 0xa8, 0x32, 0x9a, 0x75, 0x74, 0x67, 0x77, 0x62, 0x2c, + 0xdd, 0x86, 0x33, 0x7c, 0xd1, 0xcb, 0x00, 0xc1, 0x1a, 0x0f, 0xaa, 0x99, 0x4e, 0x84, 0x77, 0xf8, + 0x20, 0xaf, 0x3a, 0xc6, 0xd3, 0xe7, 0x24, 0x05, 0x6c, 0x50, 0x43, 0x57, 0x01, 0xf8, 0xb2, 0x59, + 0xdd, 0x09, 0xe5, 0x46, 0x43, 0xa6, 0x3d, 0xc1, 0x8a, 0x82, 0xdc, 0xdd, 0x9d, 0xe8, 0xf6, 0xd6, + 0xb1, 0xc0, 0x05, 0xe3, 0x71, 0xf4, 0x93, 0x30, 0x14, 0x77, 0xda, 0x6d, 0x47, 0xf9, 0x8e, 0x0b, + 0x4c, 0xc8, 0xe3, 0x74, 0x0d, 0x51, 0xc4, 0x1b, 0xb0, 0xe4, 0x88, 0x6e, 0x51, 0xa1, 0x1a, 0x0b, + 0x37, 0x22, 0x5b, 0x45, 0xdc, 0x26, 0x18, 0x66, 0xef, 0xf4, 0x1e, 0x69, 0x78, 0xe3, 0x1c, 0x9c, + 0xbb, 0xbb, 0x13, 0x0f, 0xa5, 0xdb, 0x17, 0x02, 0x91, 0x22, 0x97, 0x4b, 0x13, 0x5d, 0x91, 0x95, + 0x57, 0xe8, 0x6b, 0xcb, 0x82, 0x00, 0x4f, 0xe9, 0xca, 0x2b, 0xac, 0xb9, 0xf7, 0x98, 0x99, 0x0f, + 0xa3, 0x45, 0x38, 0xdd, 0x08, 0xfc, 0x24, 0x0a, 0x3c, 0x8f, 0x57, 0x1e, 0xe2, 0x7b, 0x3e, 0xee, + 0x5b, 0x7e, 0xbb, 0xe8, 0xf6, 0xe9, 0x99, 0x6e, 0x14, 0x9c, 0xf7, 0x9c, 0xed, 0xa7, 0xa3, 0x0d, + 0xc5, 0xe0, 0x3c, 0x07, 0x23, 0x64, 0x3b, 0x21, 0x91, 0xef, 0x78, 0xd7, 0xf1, 0x82, 0xf4, 0xaa, + 0xb2, 0x35, 0x70, 0xd1, 0x68, 0xc7, 0x29, 0x2c, 0x64, 0x2b, 0x47, 0x87, 0x91, 0xf6, 0xc9, 0x1d, + 0x1d, 0xd2, 0xad, 0x61, 0xff, 0x9f, 0x52, 0xca, 0x20, 0x5b, 0x8d, 0x08, 0x41, 0x01, 0x54, 0xfc, + 0xa0, 0xa9, 0x64, 0xff, 0x95, 0x62, 0x64, 0xff, 0xb5, 0xa0, 0x69, 0x94, 0x67, 0xa1, 0xff, 0x62, + 0xcc, 0xf9, 0xb0, 0xfa, 0x15, 0xb2, 0xd0, 0x07, 0x03, 0x88, 0x8d, 0x46, 0x91, 0x9c, 0x55, 0xfd, + 0x8a, 0x25, 0x93, 0x11, 0x4e, 0xf3, 0x45, 0x9b, 0x50, 0xd9, 0x08, 0xe2, 0x44, 0x6e, 0x3f, 0x8e, + 0xb8, 0xd3, 0xb9, 0x1c, 0xc4, 0x09, 0xb3, 0x22, 0xd4, 0x6b, 0xd3, 0x96, 0x18, 0x73, 0x1e, 0xf6, + 0x7f, 0xb5, 0x52, 0x3e, 0xf4, 0x9b, 0x2c, 0xf2, 0x76, 0x8b, 0xf8, 0x74, 0x59, 0x9b, 0xa1, 0x46, + 0x3f, 0x92, 0xc9, 0x63, 0x7c, 0x47, 0xaf, 0xc2, 0x5a, 0xb7, 0x29, 0x85, 0x49, 0x46, 0xc2, 0x88, + 0x4a, 0xfa, 0x84, 0x95, 0xce, 0x28, 0x2d, 0x15, 0xb1, 0xc1, 0x30, 0xb3, 0xaa, 0xf7, 0x4d, 0x4e, + 0xb5, 0xbf, 0x64, 0xc1, 0x50, 0xdd, 0x69, 0x6c, 0x06, 0xeb, 0xeb, 0xe8, 0x69, 0xa8, 0x36, 0x3b, + 0x91, 0x99, 0xdc, 0xaa, 0x1c, 0x07, 0xb3, 0xa2, 0x1d, 0x2b, 0x0c, 0x3a, 0x87, 0xd7, 0x9d, 0x86, + 0xcc, 0xad, 0x2e, 0xf3, 0x39, 0x7c, 0x89, 0xb5, 0x60, 0x01, 0x41, 0xcf, 0xc3, 0x70, 0xdb, 0xd9, + 0x96, 0x0f, 0x67, 0x1d, 0xf8, 0x8b, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0x5f, 0x59, 0x30, 0x5e, 0x77, + 0x62, 0xb7, 0x31, 0xdd, 0x49, 0x36, 0xea, 0x6e, 0xb2, 0xd6, 0x69, 0x6c, 0x92, 0x84, 0x27, 0xd4, + 0xd3, 0x5e, 0x76, 0x62, 0xba, 0x94, 0xd4, 0xbe, 0x4e, 0xf5, 0xf2, 0xba, 0x68, 0xc7, 0x0a, 0x03, + 0xbd, 0x0e, 0xc3, 0xa1, 0x13, 0xc7, 0xb7, 0x83, 0xa8, 0x89, 0xc9, 0x7a, 0x31, 0xe5, 0x2c, 0x56, + 0x48, 0x23, 0x22, 0x09, 0x26, 0xeb, 0xe2, 0x90, 0x59, 0xd3, 0xc7, 0x26, 0x33, 0xfb, 0x0b, 0x16, + 0x3c, 0x52, 0x27, 0x4e, 0x44, 0x22, 0x56, 0xfd, 0x42, 0xbd, 0xc8, 0x8c, 0x17, 0x74, 0x9a, 0xe8, + 0x35, 0xa8, 0x26, 0xb4, 0x99, 0x76, 0xcb, 0x2a, 0xb6, 0x5b, 0xec, 0x8c, 0x78, 0x55, 0x10, 0xc7, + 0x8a, 0x8d, 0xfd, 0x37, 0x2d, 0x18, 0x61, 0xc7, 0x6d, 0xb3, 0x24, 0x71, 0x5c, 0xaf, 0xab, 0x48, + 0x94, 0xd5, 0x67, 0x91, 0xa8, 0xf3, 0x30, 0xb0, 0x11, 0xb4, 0x49, 0xf6, 0xa8, 0xf8, 0x72, 0x40, + 0xb7, 0xd5, 0x14, 0x82, 0x9e, 0xa5, 0x1f, 0xde, 0xf5, 0x13, 0x87, 0x2e, 0x01, 0xe9, 0xce, 0x3d, + 0xc1, 0x3f, 0xba, 0x6a, 0xc6, 0x26, 0x8e, 0xfd, 0x5b, 0x35, 0x18, 0x12, 0xf1, 0x04, 0x7d, 0x17, + 0x55, 0x90, 0xfb, 0xfb, 0x52, 0xcf, 0xfd, 0x7d, 0x0c, 0x83, 0x0d, 0x56, 0xad, 0x4e, 0x98, 0x91, + 0x57, 0x0b, 0x09, 0x40, 0xe1, 0x05, 0xf0, 0x74, 0xb7, 0xf8, 0x7f, 0x2c, 0x58, 0xa1, 0x2f, 0x5a, + 0x70, 0xa2, 0x11, 0xf8, 0x3e, 0x69, 0x68, 0x1b, 0x67, 0xa0, 0x88, 0x38, 0x83, 0x99, 0x34, 0x51, + 0x7d, 0xd6, 0x93, 0x01, 0xe0, 0x2c, 0x7b, 0xf4, 0x22, 0x8c, 0xf2, 0x31, 0xbb, 0x91, 0xf2, 0x41, + 0xeb, 0xda, 0x41, 0x26, 0x10, 0xa7, 0x71, 0xd1, 0x24, 0xf7, 0xe5, 0x8b, 0x2a, 0x3d, 0x83, 0xda, + 0x55, 0x67, 0xd4, 0xe7, 0x31, 0x30, 0x50, 0x04, 0x28, 0x22, 0xeb, 0x11, 0x89, 0x37, 0x44, 0xbc, + 0x05, 0xb3, 0xaf, 0x86, 0x0e, 0x97, 0x80, 0x8d, 0xbb, 0x28, 0xe1, 0x1c, 0xea, 0x68, 0x53, 0x6c, + 0x30, 0xab, 0x45, 0xc8, 0x50, 0xf1, 0x99, 0x7b, 0xee, 0x33, 0x27, 0xa0, 0x12, 0x6f, 0x38, 0x51, + 0x93, 0xd9, 0x75, 0x65, 0x9e, 0xf4, 0xb3, 0x42, 0x1b, 0x30, 0x6f, 0x47, 0xb3, 0x70, 0x32, 0x53, + 0xf9, 0x28, 0x16, 0xbe, 0x62, 0x95, 0xe0, 0x91, 0xa9, 0x99, 0x14, 0xe3, 0xae, 0x27, 0x4c, 0xe7, + 0xc3, 0xf0, 0x3e, 0xce, 0x87, 0x1d, 0x15, 0xd5, 0xc7, 0xbd, 0xb8, 0x2f, 0x15, 0x32, 0x00, 0x7d, + 0x85, 0xf0, 0x7d, 0x3e, 0x13, 0xc2, 0x37, 0xca, 0x3a, 0x70, 0xa3, 0x98, 0x0e, 0x1c, 0x3c, 0x5e, + 0xef, 0x7e, 0xc6, 0xdf, 0xfd, 0xb9, 0x05, 0xf2, 0xbb, 0xce, 0x38, 0x8d, 0x0d, 0x42, 0xa7, 0x0c, + 0x7a, 0x1f, 0x8c, 0xa9, 0x2d, 0xf4, 0x4c, 0xd0, 0xf1, 0x79, 0xe8, 0x5d, 0x59, 0x1f, 0x0a, 0xe3, + 0x14, 0x14, 0x67, 0xb0, 0xd1, 0x14, 0xd4, 0xe8, 0x38, 0xf1, 0x47, 0xb9, 0xae, 0x55, 0xdb, 0xf4, + 0xe9, 0xe5, 0x79, 0xf1, 0x94, 0xc6, 0x41, 0x01, 0x9c, 0xf2, 0x9c, 0x38, 0x61, 0x3d, 0xa0, 0x3b, + 0xea, 0x43, 0x96, 0x3f, 0x60, 0x59, 0x04, 0x0b, 0x59, 0x42, 0xb8, 0x9b, 0xb6, 0xfd, 0xed, 0x01, + 0x18, 0x4d, 0x49, 0xc6, 0x03, 0x2a, 0xe9, 0xa7, 0xa1, 0x2a, 0xf5, 0x66, 0xb6, 0x50, 0x8b, 0x52, + 0xae, 0x0a, 0x83, 0x2a, 0xad, 0x35, 0xad, 0x55, 0xb3, 0x46, 0x85, 0xa1, 0x70, 0xb1, 0x89, 0xc7, + 0x84, 0x72, 0xe2, 0xc5, 0x33, 0x9e, 0x4b, 0xfc, 0x84, 0x77, 0xb3, 0x18, 0xa1, 0xbc, 0xba, 0xb0, + 0x62, 0x12, 0xd5, 0x42, 0x39, 0x03, 0xc0, 0x59, 0xf6, 0xe8, 0xd3, 0x16, 0x8c, 0x3a, 0xb7, 0x63, + 0x5d, 0x52, 0x55, 0x04, 0xeb, 0x1d, 0x51, 0x49, 0xa5, 0xaa, 0xb4, 0x72, 0x97, 0x6f, 0xaa, 0x09, + 0xa7, 0x99, 0xa2, 0x37, 0x2d, 0x40, 0x64, 0x9b, 0x34, 0x64, 0x38, 0xa1, 0xe8, 0xcb, 0x60, 0x11, + 0x3b, 0xcd, 0x8b, 0x5d, 0x74, 0xb9, 0x54, 0xef, 0x6e, 0xc7, 0x39, 0x7d, 0xb0, 0xff, 0x79, 0x59, + 0x2d, 0x28, 0x1d, 0xc1, 0xea, 0x18, 0x91, 0x74, 0xd6, 0xe1, 0x23, 0xe9, 0x74, 0x44, 0x42, 0x77, + 0x56, 0x65, 0x2a, 0x09, 0xab, 0x74, 0x9f, 0x92, 0xb0, 0x7e, 0xda, 0x4a, 0x95, 0x24, 0x1a, 0xbe, + 0xf0, 0x72, 0xb1, 0xd1, 0xb3, 0x93, 0x3c, 0x5a, 0x22, 0x23, 0xdd, 0xd3, 0x41, 0x32, 0x54, 0x9a, + 0x1a, 0x68, 0x07, 0x92, 0x86, 0xff, 0xa1, 0x0c, 0xc3, 0x86, 0x26, 0xcd, 0x35, 0x8b, 0xac, 0x07, + 0xcc, 0x2c, 0x2a, 0x1d, 0xc0, 0x2c, 0xfa, 0x29, 0xa8, 0x35, 0xa4, 0x94, 0x2f, 0xa6, 0x28, 0x6f, + 0x56, 0x77, 0x68, 0x41, 0xaf, 0x9a, 0xb0, 0xe6, 0x89, 0xe6, 0x52, 0xa9, 0x3b, 0x42, 0x43, 0x0c, + 0x30, 0x0d, 0x91, 0x97, 0x5b, 0x23, 0x34, 0x45, 0xf7, 0x33, 0xac, 0x72, 0x55, 0xe8, 0x8a, 0xf7, + 0x92, 0x31, 0xee, 0xbc, 0x72, 0xd5, 0xf2, 0xbc, 0x6c, 0xc6, 0x26, 0x8e, 0xfd, 0x6d, 0x4b, 0x7d, + 0xdc, 0x7b, 0x50, 0xa3, 0xe1, 0x56, 0xba, 0x46, 0xc3, 0xc5, 0x42, 0x86, 0xb9, 0x47, 0x71, 0x86, + 0x6b, 0x30, 0x34, 0x13, 0xb4, 0xdb, 0x8e, 0xdf, 0x44, 0x3f, 0x04, 0x43, 0x0d, 0xfe, 0x53, 0x38, + 0x76, 0xd8, 0xf1, 0xa0, 0x80, 0x62, 0x09, 0x43, 0x8f, 0xc2, 0x80, 0x13, 0xb5, 0xa4, 0x33, 0x87, + 0x05, 0xd7, 0x4c, 0x47, 0xad, 0x18, 0xb3, 0x56, 0xfb, 0x1f, 0x0f, 0x00, 0x3b, 0xd3, 0x76, 0x22, + 0xd2, 0x5c, 0x0d, 0x58, 0x51, 0xc0, 0x63, 0x3d, 0x54, 0xd3, 0x9b, 0xa5, 0x07, 0xf9, 0x60, 0xcd, + 0x38, 0x5c, 0x29, 0xdf, 0xe3, 0xc3, 0x95, 0x1e, 0xe7, 0x65, 0x03, 0x0f, 0xd0, 0x79, 0x99, 0xfd, + 0x39, 0x0b, 0x90, 0x0a, 0x84, 0xd0, 0x07, 0xda, 0x53, 0x50, 0x53, 0x21, 0x11, 0xc2, 0xb0, 0xd2, + 0x22, 0x42, 0x02, 0xb0, 0xc6, 0xe9, 0x63, 0x87, 0xfc, 0x84, 0x94, 0xdf, 0xe5, 0x74, 0x5c, 0x2e, + 0x93, 0xfa, 0x42, 0x9c, 0xdb, 0xbf, 0x5d, 0x82, 0x87, 0xb8, 0x4a, 0x5e, 0x74, 0x7c, 0xa7, 0x45, + 0xda, 0xb4, 0x57, 0xfd, 0x86, 0x28, 0x34, 0xe8, 0xd6, 0xcc, 0x95, 0x71, 0xb6, 0x47, 0x5d, 0xbb, + 0x7c, 0xcd, 0xf1, 0x55, 0x36, 0xef, 0xbb, 0x09, 0x66, 0xc4, 0x51, 0x0c, 0x55, 0x59, 0xb1, 0x5e, + 0xc8, 0xe2, 0x82, 0x18, 0x29, 0xb1, 0x24, 0xf4, 0x26, 0xc1, 0x8a, 0x11, 0x35, 0x5c, 0xbd, 0xa0, + 0xb1, 0x89, 0x49, 0x18, 0x30, 0xb9, 0x6b, 0x84, 0x39, 0x2e, 0x88, 0x76, 0xac, 0x30, 0xec, 0xdf, + 0xb6, 0x20, 0xab, 0x91, 0x8c, 0xea, 0x6b, 0xd6, 0x9e, 0xd5, 0xd7, 0x0e, 0x50, 0xfe, 0xec, 0x27, + 0x60, 0xd8, 0x49, 0xa8, 0x11, 0xc1, 0xb7, 0xdd, 0xe5, 0xc3, 0x1d, 0x6b, 0x2c, 0x06, 0x4d, 0x77, + 0xdd, 0x65, 0xdb, 0x6d, 0x93, 0x9c, 0xfd, 0x3f, 0x07, 0xe0, 0x54, 0x57, 0x36, 0x08, 0x7a, 0x01, + 0x46, 0x1a, 0x62, 0x7a, 0x84, 0xd2, 0xa1, 0x55, 0x33, 0xc3, 0xe2, 0x34, 0x0c, 0xa7, 0x30, 0xfb, + 0x98, 0xa0, 0xf3, 0x70, 0x3a, 0xa2, 0x1b, 0xfd, 0x0e, 0x99, 0x5e, 0x4f, 0x48, 0xb4, 0x42, 0x1a, + 0x81, 0xdf, 0xe4, 0x35, 0x02, 0xcb, 0xf5, 0x87, 0xef, 0xec, 0x4e, 0x9c, 0xc6, 0xdd, 0x60, 0x9c, + 0xf7, 0x0c, 0x0a, 0x61, 0xd4, 0x33, 0x6d, 0x40, 0xb1, 0x01, 0x38, 0x94, 0xf9, 0xa8, 0x6c, 0x84, + 0x54, 0x33, 0x4e, 0x33, 0x48, 0x1b, 0x92, 0x95, 0xfb, 0x64, 0x48, 0x7e, 0x4a, 0x1b, 0x92, 0xfc, + 0xfc, 0xfd, 0x43, 0x05, 0x67, 0x03, 0x1d, 0xb7, 0x25, 0xf9, 0x12, 0x54, 0x65, 0x6c, 0x52, 0x5f, + 0x31, 0x3d, 0x26, 0x9d, 0x1e, 0x12, 0xed, 0x49, 0xf8, 0xc1, 0x8b, 0x51, 0x64, 0x0c, 0xe6, 0xb5, + 0x20, 0x99, 0xf6, 0xbc, 0xe0, 0x36, 0x55, 0xd2, 0xd7, 0x63, 0x22, 0x3c, 0x2c, 0xf6, 0xdd, 0x12, + 0xe4, 0x6c, 0x56, 0xe8, 0x7a, 0xd4, 0x96, 0x41, 0x6a, 0x3d, 0x1e, 0xcc, 0x3a, 0x40, 0xdb, 0x3c, + 0x7e, 0x8b, 0xeb, 0xc0, 0x0f, 0x16, 0xbd, 0xd9, 0xd2, 0x21, 0x5d, 0x2a, 0x99, 0x42, 0x85, 0x75, + 0x5d, 0x00, 0xd0, 0x06, 0x9d, 0x08, 0x95, 0x57, 0xc7, 0xc3, 0xda, 0xee, 0xc3, 0x06, 0x16, 0xdd, + 0x7b, 0xbb, 0x7e, 0x9c, 0x38, 0x9e, 0x77, 0xd9, 0xf5, 0x13, 0xe1, 0x44, 0x54, 0xca, 0x7e, 0x5e, + 0x83, 0xb0, 0x89, 0x77, 0xee, 0x3d, 0xc6, 0xf7, 0x3b, 0xc8, 0x77, 0xdf, 0x80, 0x47, 0xe6, 0xdc, + 0x44, 0x25, 0x78, 0xa8, 0xf9, 0x46, 0xed, 0x35, 0x95, 0xb0, 0x64, 0xf5, 0x4c, 0x58, 0x32, 0x12, + 0x2c, 0x4a, 0xe9, 0x7c, 0x90, 0x6c, 0x82, 0x85, 0xfd, 0x02, 0x9c, 0x99, 0x73, 0x93, 0x4b, 0xae, + 0x47, 0x0e, 0xc8, 0xc4, 0xfe, 0xcd, 0x41, 0x18, 0x31, 0x53, 0x04, 0x0f, 0x92, 0x73, 0xf5, 0x05, + 0x6a, 0x92, 0x89, 0xb7, 0x73, 0xd5, 0xe1, 0xda, 0xcd, 0x23, 0xe7, 0x2b, 0xe6, 0x8f, 0x98, 0x61, + 0x95, 0x69, 0x9e, 0xd8, 0xec, 0x00, 0xba, 0x0d, 0x95, 0x75, 0x96, 0x00, 0x50, 0x2e, 0x22, 0x02, + 0x21, 0x6f, 0x44, 0xf5, 0x72, 0xe4, 0x29, 0x04, 0x9c, 0x1f, 0xd5, 0xa4, 0x51, 0x3a, 0xab, 0xcc, + 0x08, 0x5a, 0x15, 0xf9, 0x64, 0x0a, 0xa3, 0x97, 0x4a, 0xa8, 0x1c, 0x42, 0x25, 0xa4, 0x04, 0xf4, + 0xe0, 0x7d, 0x12, 0xd0, 0x2c, 0x99, 0x23, 0xd9, 0x60, 0x76, 0x9e, 0x88, 0xb2, 0x1f, 0x62, 0x83, + 0x60, 0x24, 0x73, 0xa4, 0xc0, 0x38, 0x8b, 0x8f, 0x3e, 0xae, 0x44, 0x7c, 0xb5, 0x08, 0xff, 0xab, + 0x39, 0xa3, 0x8f, 0x5b, 0xba, 0x7f, 0xae, 0x04, 0x63, 0x73, 0x7e, 0x67, 0x79, 0x6e, 0xb9, 0xb3, + 0xe6, 0xb9, 0x8d, 0xab, 0x64, 0x87, 0x8a, 0xf0, 0x4d, 0xb2, 0x33, 0x3f, 0x2b, 0x56, 0x90, 0x9a, + 0x33, 0x57, 0x69, 0x23, 0xe6, 0x30, 0x2a, 0x8c, 0xd6, 0x5d, 0xbf, 0x45, 0xa2, 0x30, 0x72, 0x85, + 0x6b, 0xd4, 0x10, 0x46, 0x97, 0x34, 0x08, 0x9b, 0x78, 0x94, 0x76, 0x70, 0xdb, 0x27, 0x51, 0xd6, + 0xe0, 0x5d, 0xa2, 0x8d, 0x98, 0xc3, 0x28, 0x52, 0x12, 0x75, 0xe2, 0x44, 0x4c, 0x46, 0x85, 0xb4, + 0x4a, 0x1b, 0x31, 0x87, 0xd1, 0x95, 0x1e, 0x77, 0xd6, 0x58, 0x80, 0x47, 0x26, 0xa4, 0x7f, 0x85, + 0x37, 0x63, 0x09, 0xa7, 0xa8, 0x9b, 0x64, 0x67, 0x96, 0xee, 0x8e, 0x33, 0x99, 0x3d, 0x57, 0x79, + 0x33, 0x96, 0x70, 0x56, 0x04, 0x31, 0x3d, 0x1c, 0xdf, 0x73, 0x45, 0x10, 0xd3, 0xdd, 0xef, 0xb1, + 0xcf, 0xfe, 0x65, 0x0b, 0x46, 0xcc, 0xb0, 0x2c, 0xd4, 0xca, 0xd8, 0xc2, 0x4b, 0x5d, 0x35, 0x74, + 0x7f, 0x2c, 0xef, 0x02, 0xb2, 0x96, 0x9b, 0x04, 0x61, 0xfc, 0x0c, 0xf1, 0x5b, 0xae, 0x4f, 0xd8, + 0x69, 0x3b, 0x0f, 0xe7, 0x4a, 0xc5, 0x7c, 0xcd, 0x04, 0x4d, 0x72, 0x08, 0x63, 0xda, 0xbe, 0x09, + 0xa7, 0xba, 0xd2, 0xb9, 0xfa, 0x30, 0x41, 0xf6, 0x4d, 0xa6, 0xb5, 0x31, 0x0c, 0x53, 0xc2, 0xb2, + 0x10, 0xcf, 0x0c, 0x9c, 0xe2, 0x0b, 0x89, 0x72, 0x5a, 0x69, 0x6c, 0x90, 0xb6, 0x4a, 0xd1, 0x63, + 0x7e, 0xf8, 0x1b, 0x59, 0x20, 0xee, 0xc6, 0xb7, 0x3f, 0x6f, 0xc1, 0x68, 0x2a, 0xc3, 0xae, 0x20, + 0x63, 0x89, 0xad, 0xb4, 0x80, 0x45, 0x09, 0xb2, 0x50, 0xe9, 0x32, 0x53, 0xa6, 0x7a, 0xa5, 0x69, + 0x10, 0x36, 0xf1, 0xec, 0x2f, 0x95, 0xa0, 0x2a, 0x23, 0x2d, 0xfa, 0xe8, 0xca, 0x67, 0x2d, 0x18, + 0x55, 0x67, 0x1f, 0xcc, 0xa9, 0x56, 0x2a, 0x22, 0x1d, 0x82, 0xf6, 0x40, 0x6d, 0xcb, 0xfd, 0xf5, + 0x40, 0x5b, 0xee, 0xd8, 0x64, 0x86, 0xd3, 0xbc, 0xd1, 0x0d, 0x80, 0x78, 0x27, 0x4e, 0x48, 0xdb, + 0x70, 0xef, 0xd9, 0xc6, 0x8a, 0x9b, 0x6c, 0x04, 0x11, 0xa1, 0xeb, 0xeb, 0x5a, 0xd0, 0x24, 0x2b, + 0x0a, 0x53, 0x9b, 0x50, 0xba, 0x0d, 0x1b, 0x94, 0xec, 0x7f, 0x58, 0x82, 0x93, 0xd9, 0x2e, 0xa1, + 0x0f, 0xc1, 0x88, 0xe4, 0x6e, 0xdc, 0xa5, 0x26, 0xc3, 0x4b, 0x46, 0xb0, 0x01, 0xbb, 0xbb, 0x3b, + 0x31, 0xd1, 0x7d, 0x99, 0xdd, 0xa4, 0x89, 0x82, 0x53, 0xc4, 0xf8, 0x01, 0x94, 0x38, 0x29, 0xad, + 0xef, 0x4c, 0x87, 0xa1, 0x38, 0x45, 0x32, 0x0e, 0xa0, 0x4c, 0x28, 0xce, 0x60, 0xa3, 0x65, 0x38, + 0x63, 0xb4, 0x5c, 0x23, 0x6e, 0x6b, 0x63, 0x2d, 0x88, 0xe4, 0x0e, 0xec, 0x51, 0x1d, 0x00, 0xd6, + 0x8d, 0x83, 0x73, 0x9f, 0xa4, 0xda, 0xbe, 0xe1, 0x84, 0x4e, 0xc3, 0x4d, 0x76, 0x84, 0xbf, 0x52, + 0xc9, 0xa6, 0x19, 0xd1, 0x8e, 0x15, 0x86, 0xbd, 0x08, 0x03, 0x7d, 0xce, 0xa0, 0xbe, 0x2c, 0xff, + 0x97, 0xa0, 0x4a, 0xc9, 0x49, 0xf3, 0xae, 0x08, 0x92, 0x01, 0x54, 0xe5, 0x1d, 0x27, 0xc8, 0x86, + 0xb2, 0xeb, 0xc8, 0x33, 0x3e, 0xf5, 0x5a, 0xf3, 0x71, 0xdc, 0x61, 0x9b, 0x69, 0x0a, 0x44, 0x4f, + 0x40, 0x99, 0x6c, 0x87, 0xd9, 0xc3, 0xbc, 0x8b, 0xdb, 0xa1, 0x1b, 0x91, 0x98, 0x22, 0x91, 0xed, + 0x10, 0x9d, 0x83, 0x92, 0xdb, 0x14, 0x4a, 0x0a, 0x04, 0x4e, 0x69, 0x7e, 0x16, 0x97, 0xdc, 0xa6, + 0xbd, 0x0d, 0x35, 0x75, 0xa9, 0x0a, 0xda, 0x94, 0xb2, 0xdb, 0x2a, 0x22, 0x34, 0x4a, 0xd2, 0xed, + 0x21, 0xb5, 0x3b, 0x00, 0x3a, 0xd5, 0xb0, 0x28, 0xf9, 0x72, 0x1e, 0x06, 0x1a, 0x81, 0x48, 0x83, + 0xae, 0x6a, 0x32, 0x4c, 0x68, 0x33, 0x88, 0x7d, 0x13, 0xc6, 0xae, 0xfa, 0xc1, 0x6d, 0x56, 0x11, + 0x9e, 0x15, 0x40, 0xa3, 0x84, 0xd7, 0xe9, 0x8f, 0xac, 0x89, 0xc0, 0xa0, 0x98, 0xc3, 0x54, 0x65, + 0xa8, 0x52, 0xaf, 0xca, 0x50, 0xf6, 0x27, 0x2c, 0x18, 0x51, 0x39, 0x4b, 0x73, 0x5b, 0x9b, 0x94, + 0x6e, 0x2b, 0x0a, 0x3a, 0x61, 0x96, 0x2e, 0xbb, 0xf6, 0x08, 0x73, 0x98, 0x99, 0xcc, 0x57, 0xda, + 0x27, 0x99, 0xef, 0x3c, 0x0c, 0x6c, 0xba, 0x7e, 0x33, 0x7b, 0x8f, 0xc7, 0x55, 0xd7, 0x6f, 0x62, + 0x06, 0xa1, 0x5d, 0x38, 0xa9, 0xba, 0x20, 0x15, 0xc2, 0x0b, 0x30, 0xb2, 0xd6, 0x71, 0xbd, 0xa6, + 0xac, 0xec, 0x96, 0xf1, 0xa8, 0xd4, 0x0d, 0x18, 0x4e, 0x61, 0xd2, 0x7d, 0xdd, 0x9a, 0xeb, 0x3b, + 0xd1, 0xce, 0xb2, 0xd6, 0x40, 0x4a, 0x28, 0xd5, 0x15, 0x04, 0x1b, 0x58, 0xf6, 0x1b, 0x65, 0x18, + 0x4b, 0x67, 0x6e, 0xf5, 0xb1, 0xbd, 0x7a, 0x02, 0x2a, 0x2c, 0x99, 0x2b, 0xfb, 0x69, 0x79, 0x31, + 0x34, 0x0e, 0x43, 0x31, 0x0c, 0xf2, 0x32, 0x10, 0xc5, 0xdc, 0x81, 0xa3, 0x3a, 0xa9, 0xfc, 0x30, + 0x2c, 0xee, 0x4c, 0x54, 0x9e, 0x10, 0xac, 0xd0, 0xa7, 0x2d, 0x18, 0x0a, 0x42, 0xb3, 0xa2, 0xd0, + 0x07, 0x8b, 0xcc, 0x6a, 0x13, 0x49, 0x35, 0xc2, 0x22, 0x56, 0x9f, 0x5e, 0x7e, 0x0e, 0xc9, 0xfa, + 0xdc, 0x7b, 0x61, 0xc4, 0xc4, 0xdc, 0xcf, 0x28, 0xae, 0x9a, 0x46, 0xf1, 0x67, 0xcd, 0x49, 0x21, + 0xf2, 0xf6, 0xfa, 0x58, 0x6e, 0xd7, 0xa1, 0xd2, 0x50, 0x81, 0x02, 0x87, 0xaa, 0x07, 0xaa, 0xea, + 0x32, 0xb0, 0xc3, 0x22, 0x4e, 0xcd, 0xfe, 0xb6, 0x65, 0xcc, 0x0f, 0x4c, 0xe2, 0xf9, 0x26, 0x8a, + 0xa0, 0xdc, 0xda, 0xda, 0x14, 0xa6, 0xe8, 0x95, 0x82, 0x86, 0x77, 0x6e, 0x6b, 0x53, 0xcf, 0x71, + 0xb3, 0x15, 0x53, 0x66, 0x7d, 0x38, 0x0b, 0x53, 0xe9, 0x9d, 0xe5, 0xfd, 0xd3, 0x3b, 0xed, 0x37, + 0x4b, 0x70, 0xaa, 0x6b, 0x52, 0xa1, 0xd7, 0xa1, 0x12, 0xd1, 0xb7, 0x14, 0xaf, 0xb7, 0x50, 0x58, + 0x42, 0x66, 0x3c, 0xdf, 0xd4, 0x7a, 0x37, 0xdd, 0x8e, 0x39, 0x4b, 0x74, 0x05, 0x90, 0x0e, 0x67, + 0x51, 0x9e, 0x4a, 0xfe, 0xca, 0xe7, 0xc4, 0xa3, 0x68, 0xba, 0x0b, 0x03, 0xe7, 0x3c, 0x85, 0x5e, + 0xcc, 0x3a, 0x3c, 0xcb, 0xe9, 0xf3, 0xcd, 0xbd, 0x7c, 0x97, 0xf6, 0xbf, 0x28, 0xc1, 0x68, 0xaa, + 0xc0, 0x13, 0xf2, 0xa0, 0x4a, 0x3c, 0xe6, 0xfc, 0x97, 0xca, 0xe6, 0xa8, 0xf5, 0x92, 0x95, 0x82, + 0xbc, 0x28, 0xe8, 0x62, 0xc5, 0xe1, 0xc1, 0x38, 0x84, 0x7f, 0x01, 0x46, 0x64, 0x87, 0x3e, 0xe8, + 0xb4, 0x3d, 0x31, 0x80, 0x6a, 0x8e, 0x5e, 0x34, 0x60, 0x38, 0x85, 0x69, 0xff, 0x4e, 0x19, 0xc6, + 0xf9, 0x69, 0x49, 0x53, 0xcd, 0xbc, 0x45, 0xb9, 0xdf, 0xfa, 0xab, 0xba, 0x0c, 0x1b, 0x1f, 0xc8, + 0xb5, 0xa3, 0x5e, 0x4f, 0x90, 0xcf, 0xa8, 0xaf, 0x08, 0xae, 0xaf, 0x66, 0x22, 0xb8, 0xb8, 0xd9, + 0xdd, 0x3a, 0xa6, 0x1e, 0x7d, 0x6f, 0x85, 0x74, 0xfd, 0xbd, 0x12, 0x9c, 0xc8, 0xdc, 0xfd, 0x80, + 0xde, 0x48, 0x97, 0x0b, 0xb6, 0x8a, 0xf0, 0xa9, 0xef, 0x79, 0x1d, 0xc0, 0xc1, 0x8a, 0x06, 0xdf, + 0xa7, 0xa5, 0x62, 0xff, 0x41, 0x09, 0xc6, 0xd2, 0x97, 0x56, 0x3c, 0x80, 0x23, 0xf5, 0x2e, 0xa8, + 0xb1, 0xba, 0xec, 0xec, 0x32, 0x4e, 0xee, 0x92, 0xe7, 0x25, 0xb0, 0x65, 0x23, 0xd6, 0xf0, 0x07, + 0xa2, 0x16, 0xb3, 0xfd, 0xf7, 0x2d, 0x38, 0xcb, 0xdf, 0x32, 0x3b, 0x0f, 0xff, 0x5a, 0xde, 0xe8, + 0xbe, 0x52, 0x6c, 0x07, 0x33, 0xe5, 0x03, 0xf7, 0x1b, 0x5f, 0x76, 0x09, 0xa0, 0xe8, 0x6d, 0x7a, + 0x2a, 0x3c, 0x80, 0x9d, 0x3d, 0xd0, 0x64, 0xb0, 0xff, 0xa0, 0x0c, 0xfa, 0xde, 0x43, 0xe4, 0x8a, + 0x5c, 0xc8, 0x42, 0xca, 0x28, 0xae, 0xec, 0xf8, 0x0d, 0x7d, 0xc3, 0x62, 0x35, 0x93, 0x0a, 0xf9, + 0x73, 0x16, 0x0c, 0xbb, 0xbe, 0x9b, 0xb8, 0x0e, 0xdb, 0x46, 0x17, 0x73, 0x27, 0x9b, 0x62, 0x37, + 0xcf, 0x29, 0x07, 0x91, 0x79, 0x8e, 0xa3, 0x98, 0x61, 0x93, 0x33, 0xfa, 0x88, 0x08, 0xb2, 0x2e, + 0x17, 0x96, 0xc5, 0x5b, 0xcd, 0x44, 0x56, 0x87, 0xd4, 0xf0, 0x4a, 0xa2, 0x82, 0x92, 0xdf, 0x31, + 0x25, 0xa5, 0x2a, 0xf2, 0xea, 0x1b, 0xa8, 0x69, 0x33, 0xe6, 0x8c, 0xec, 0x18, 0x50, 0xf7, 0x58, + 0x1c, 0x30, 0x80, 0x75, 0x0a, 0x6a, 0x4e, 0x27, 0x09, 0xda, 0x74, 0x98, 0xc4, 0x51, 0x93, 0x0e, + 0xd1, 0x95, 0x00, 0xac, 0x71, 0xec, 0x37, 0x2a, 0x90, 0x49, 0x4e, 0x44, 0xdb, 0xe6, 0x9d, 0x9d, + 0x56, 0xb1, 0x77, 0x76, 0xaa, 0xce, 0xe4, 0xdd, 0xdb, 0x89, 0x5a, 0x50, 0x09, 0x37, 0x9c, 0x58, + 0x9a, 0xd5, 0x2f, 0xa9, 0x7d, 0x1c, 0x6d, 0xbc, 0xbb, 0x3b, 0xf1, 0xe3, 0xfd, 0x79, 0x5d, 0xe9, + 0x5c, 0x9d, 0xe2, 0x65, 0x4e, 0x34, 0x6b, 0x46, 0x03, 0x73, 0xfa, 0x07, 0xb9, 0x95, 0xee, 0x93, + 0xa2, 0x00, 0x3d, 0x26, 0x71, 0xc7, 0x4b, 0xc4, 0x6c, 0x78, 0xa9, 0xc0, 0x55, 0xc6, 0x09, 0xeb, + 0xb4, 0x7a, 0xfe, 0x1f, 0x1b, 0x4c, 0xd1, 0x87, 0xa0, 0x16, 0x27, 0x4e, 0x94, 0x1c, 0x32, 0x11, + 0x56, 0x0d, 0xfa, 0x8a, 0x24, 0x82, 0x35, 0x3d, 0xf4, 0x32, 0xab, 0x2a, 0xeb, 0xc6, 0x1b, 0x87, + 0xcc, 0x8d, 0x90, 0x15, 0x68, 0x05, 0x05, 0x6c, 0x50, 0x43, 0x17, 0x00, 0xd8, 0xdc, 0xe6, 0x01, + 0x81, 0x55, 0xe6, 0x65, 0x52, 0xa2, 0x10, 0x2b, 0x08, 0x36, 0xb0, 0xec, 0x1f, 0x86, 0x74, 0x5d, + 0x08, 0x34, 0x21, 0xcb, 0x50, 0x70, 0x2f, 0x34, 0xcb, 0x71, 0x48, 0x55, 0x8c, 0xf8, 0x75, 0x0b, + 0xcc, 0xe2, 0x15, 0xe8, 0x35, 0x5e, 0x25, 0xc3, 0x2a, 0xe2, 0xe4, 0xd0, 0xa0, 0x3b, 0xb9, 0xe8, + 0x84, 0x99, 0x23, 0x6c, 0x59, 0x2a, 0xe3, 0xdc, 0x7b, 0xa0, 0x2a, 0xa1, 0x07, 0x32, 0xea, 0x3e, + 0x0e, 0xa7, 0xb3, 0x37, 0x9a, 0x8b, 0x53, 0xa7, 0xfd, 0x5d, 0x3f, 0xd2, 0x9f, 0x53, 0xea, 0xe5, + 0xcf, 0xe9, 0xe3, 0xe6, 0xd6, 0xdf, 0xb0, 0xe0, 0xfc, 0x7e, 0x17, 0xaf, 0xa3, 0x47, 0x61, 0xe0, + 0xb6, 0x13, 0xc9, 0x72, 0xdf, 0x4c, 0x50, 0xde, 0x74, 0x22, 0x1f, 0xb3, 0x56, 0xb4, 0x03, 0x83, + 0x3c, 0x6a, 0x4c, 0x58, 0xeb, 0x2f, 0x15, 0x7b, 0x0d, 0xfc, 0x55, 0x62, 0x6c, 0x17, 0x78, 0xc4, + 0x1a, 0x16, 0x0c, 0xed, 0xef, 0x58, 0x80, 0x96, 0xb6, 0x48, 0x14, 0xb9, 0x4d, 0x23, 0xce, 0x8d, + 0x5d, 0xe4, 0x62, 0x5c, 0xd8, 0x62, 0xa6, 0xc2, 0x66, 0x2e, 0x72, 0x31, 0xfe, 0xe5, 0x5f, 0xe4, + 0x52, 0x3a, 0xd8, 0x45, 0x2e, 0x68, 0x09, 0xce, 0xb6, 0xf9, 0x76, 0x83, 0x5f, 0x8e, 0xc0, 0xf7, + 0x1e, 0x2a, 0xf1, 0xec, 0x91, 0x3b, 0xbb, 0x13, 0x67, 0x17, 0xf3, 0x10, 0x70, 0xfe, 0x73, 0xf6, + 0x7b, 0x00, 0xf1, 0xf0, 0xb6, 0x99, 0xbc, 0x58, 0xa5, 0x9e, 0xee, 0x17, 0xfb, 0x2b, 0x15, 0x38, + 0x91, 0x29, 0x06, 0x4b, 0xb7, 0x7a, 0xdd, 0xc1, 0x51, 0x47, 0xd6, 0xdf, 0xdd, 0xdd, 0xeb, 0x2b, + 0xdc, 0xca, 0x87, 0x8a, 0xeb, 0x87, 0x9d, 0xa4, 0x98, 0x5c, 0x53, 0xde, 0x89, 0x79, 0x4a, 0xd0, + 0x70, 0x17, 0xd3, 0xbf, 0x98, 0xb3, 0x29, 0x32, 0x78, 0x2b, 0x65, 0x8c, 0x0f, 0xdc, 0x27, 0x77, + 0xc0, 0x27, 0x75, 0x28, 0x55, 0xa5, 0x08, 0xc7, 0x62, 0x66, 0xb2, 0x1c, 0xf7, 0x51, 0xfb, 0xaf, + 0x95, 0x60, 0xd8, 0xf8, 0x68, 0xe8, 0x97, 0xd2, 0xa5, 0x9d, 0xac, 0xe2, 0x5e, 0x89, 0xd1, 0x9f, + 0xd4, 0xc5, 0x9b, 0xf8, 0x2b, 0x3d, 0xd9, 0x5d, 0xd5, 0xe9, 0xee, 0xee, 0xc4, 0xc9, 0x4c, 0xdd, + 0xa6, 0x54, 0xa5, 0xa7, 0x73, 0x1f, 0x83, 0x13, 0x19, 0x32, 0x39, 0xaf, 0xbc, 0x9a, 0xbe, 0xb0, + 0xfe, 0x88, 0x6e, 0x29, 0x73, 0xc8, 0xbe, 0x41, 0x87, 0x4c, 0xa4, 0xdb, 0x05, 0x1e, 0xe9, 0xc3, + 0x07, 0x9b, 0xc9, 0xaa, 0x2d, 0xf5, 0x99, 0x55, 0xfb, 0x14, 0x54, 0xc3, 0xc0, 0x73, 0x1b, 0xae, + 0xaa, 0x7f, 0xc8, 0xf2, 0x78, 0x97, 0x45, 0x1b, 0x56, 0x50, 0x74, 0x1b, 0x6a, 0xea, 0x6e, 0x7f, + 0xe1, 0xdf, 0x2e, 0xea, 0xd0, 0x47, 0x19, 0x2d, 0xfa, 0xce, 0x7e, 0xcd, 0x0b, 0xd9, 0x30, 0xc8, + 0x94, 0xa0, 0x4c, 0x11, 0x60, 0xbe, 0x77, 0xa6, 0x1d, 0x63, 0x2c, 0x20, 0xf6, 0xd7, 0x6b, 0x70, + 0x26, 0xaf, 0x22, 0x37, 0xfa, 0x28, 0x0c, 0xf2, 0x3e, 0x16, 0x73, 0xe9, 0x43, 0x1e, 0x8f, 0x39, + 0x46, 0x50, 0x74, 0x8b, 0xfd, 0xc6, 0x82, 0xa7, 0xe0, 0xee, 0x39, 0x6b, 0x62, 0x86, 0x1c, 0x0f, + 0xf7, 0x05, 0x47, 0x73, 0x5f, 0x70, 0x38, 0x77, 0xcf, 0x59, 0x43, 0xdb, 0x50, 0x69, 0xb9, 0x09, + 0x71, 0x84, 0x13, 0xe1, 0xe6, 0xb1, 0x30, 0x27, 0x0e, 0xb7, 0xd2, 0xd8, 0x4f, 0xcc, 0x19, 0xa2, + 0xaf, 0x59, 0x70, 0x62, 0x2d, 0x9d, 0x42, 0x2f, 0x84, 0xa7, 0x73, 0x0c, 0x55, 0xd7, 0xd3, 0x8c, + 0xf8, 0x4d, 0x46, 0x99, 0x46, 0x9c, 0xed, 0x0e, 0xfa, 0x94, 0x05, 0x43, 0xeb, 0xae, 0x67, 0x14, + 0xe0, 0x3d, 0x86, 0x8f, 0x73, 0x89, 0x31, 0xd0, 0x3b, 0x0e, 0xfe, 0x3f, 0xc6, 0x92, 0x73, 0x2f, + 0x4d, 0x35, 0x78, 0x54, 0x4d, 0x35, 0x74, 0x9f, 0x34, 0xd5, 0x67, 0x2c, 0xa8, 0xa9, 0x91, 0x16, + 0x69, 0xd1, 0x1f, 0x3a, 0xc6, 0x4f, 0xce, 0x3d, 0x27, 0xea, 0x2f, 0xd6, 0xcc, 0xd1, 0x17, 0x2d, + 0x18, 0x76, 0x5e, 0xef, 0x44, 0xa4, 0x49, 0xb6, 0x82, 0x30, 0x16, 0xd7, 0x20, 0xbe, 0x52, 0x7c, + 0x67, 0xa6, 0x29, 0x93, 0x59, 0xb2, 0xb5, 0x14, 0xc6, 0x22, 0x7d, 0x49, 0x37, 0x60, 0xb3, 0x0b, + 0xf6, 0x6e, 0x09, 0x26, 0xf6, 0xa1, 0x80, 0x5e, 0x80, 0x91, 0x20, 0x6a, 0x39, 0xbe, 0xfb, 0xba, + 0x59, 0x13, 0x43, 0x59, 0x59, 0x4b, 0x06, 0x0c, 0xa7, 0x30, 0xcd, 0xc4, 0xed, 0xd2, 0x3e, 0x89, + 0xdb, 0xe7, 0x61, 0x20, 0x22, 0x61, 0x90, 0xdd, 0x2c, 0xb0, 0xd4, 0x01, 0x06, 0x41, 0x8f, 0x41, + 0xd9, 0x09, 0x5d, 0x11, 0x88, 0xa6, 0xf6, 0x40, 0xd3, 0xcb, 0xf3, 0x98, 0xb6, 0xa7, 0xea, 0x48, + 0x54, 0xee, 0x49, 0x1d, 0x09, 0xaa, 0x06, 0xc4, 0xd9, 0xc5, 0xa0, 0x56, 0x03, 0xe9, 0x33, 0x05, + 0xfb, 0xcd, 0x32, 0x3c, 0xb6, 0xe7, 0x7c, 0xd1, 0x71, 0x78, 0xd6, 0x1e, 0x71, 0x78, 0x72, 0x78, + 0x4a, 0xfb, 0x0d, 0x4f, 0xb9, 0xc7, 0xf0, 0x7c, 0x8a, 0x2e, 0x03, 0x59, 0x4b, 0xa4, 0x98, 0x8b, + 0xec, 0x7a, 0x95, 0x26, 0x11, 0x2b, 0x40, 0x42, 0xb1, 0xe6, 0x4b, 0xf7, 0x00, 0xa9, 0xa4, 0xe5, + 0x4a, 0x11, 0x6a, 0xa0, 0x67, 0x6d, 0x11, 0x3e, 0xf7, 0x7b, 0x65, 0x42, 0xdb, 0x3f, 0x5f, 0x82, + 0x27, 0xfa, 0x90, 0xde, 0xe6, 0x2c, 0xb6, 0xfa, 0x9c, 0xc5, 0xdf, 0xdb, 0x9f, 0xc9, 0xfe, 0xeb, + 0x16, 0x9c, 0xeb, 0xad, 0x3c, 0xd0, 0xb3, 0x30, 0xbc, 0x16, 0x39, 0x7e, 0x63, 0x83, 0x5d, 0xce, + 0x29, 0x07, 0x85, 0x8d, 0xb5, 0x6e, 0xc6, 0x26, 0x0e, 0xdd, 0xde, 0xf2, 0x98, 0x04, 0x03, 0x43, + 0x26, 0x99, 0xd2, 0xed, 0xed, 0x6a, 0x16, 0x88, 0xbb, 0xf1, 0xed, 0x3f, 0x2b, 0xe5, 0x77, 0x8b, + 0x1b, 0x19, 0x07, 0xf9, 0x4e, 0xe2, 0x2b, 0x94, 0xfa, 0x90, 0x25, 0xe5, 0x7b, 0x2d, 0x4b, 0x06, + 0x7a, 0xc9, 0x12, 0x34, 0x0b, 0x27, 0x8d, 0xcb, 0x5b, 0x78, 0xe2, 0x30, 0x0f, 0xb8, 0x55, 0xd5, + 0x34, 0x96, 0x33, 0x70, 0xdc, 0xf5, 0x04, 0x7a, 0x1a, 0xaa, 0xae, 0x1f, 0x93, 0x46, 0x27, 0xe2, + 0x81, 0xde, 0x46, 0xb2, 0xd6, 0xbc, 0x68, 0xc7, 0x0a, 0xc3, 0xfe, 0xe5, 0x12, 0x3c, 0xd2, 0xd3, + 0xce, 0xba, 0x47, 0xb2, 0xcb, 0xfc, 0x1c, 0x03, 0xf7, 0xe6, 0x73, 0x98, 0x83, 0x54, 0xd9, 0x77, + 0x90, 0xfe, 0xb0, 0xf7, 0xc4, 0xa4, 0x36, 0xf7, 0xf7, 0xed, 0x28, 0xbd, 0x08, 0xa3, 0x4e, 0x18, + 0x72, 0x3c, 0x16, 0xaf, 0x99, 0xa9, 0xa6, 0x33, 0x6d, 0x02, 0x71, 0x1a, 0xb7, 0x2f, 0xed, 0xf9, + 0xc7, 0x16, 0xd4, 0x30, 0x59, 0xe7, 0xd2, 0x01, 0xdd, 0x12, 0x43, 0x64, 0x15, 0x51, 0x77, 0x93, + 0x0e, 0x6c, 0xec, 0xb2, 0x7a, 0x94, 0x79, 0x83, 0xdd, 0x7d, 0xc9, 0x4f, 0xe9, 0x40, 0x97, 0xfc, + 0xa8, 0x6b, 0x5e, 0xca, 0xbd, 0xaf, 0x79, 0xb1, 0xbf, 0x31, 0x44, 0x5f, 0x2f, 0x0c, 0x66, 0x22, + 0xd2, 0x8c, 0xe9, 0xf7, 0xed, 0x44, 0x9e, 0x98, 0x24, 0xea, 0xfb, 0x5e, 0xc7, 0x0b, 0x98, 0xb6, + 0xa7, 0x8e, 0x62, 0x4a, 0x07, 0xaa, 0x25, 0x52, 0xde, 0xb7, 0x96, 0xc8, 0x8b, 0x30, 0x1a, 0xc7, + 0x1b, 0xcb, 0x91, 0xbb, 0xe5, 0x24, 0xe4, 0x2a, 0xd9, 0x11, 0x56, 0x96, 0xce, 0xff, 0x5f, 0xb9, + 0xac, 0x81, 0x38, 0x8d, 0x8b, 0xe6, 0xe0, 0x94, 0xae, 0xe8, 0x41, 0xa2, 0x84, 0x45, 0xf7, 0xf3, + 0x99, 0xa0, 0x92, 0x7d, 0x75, 0x0d, 0x10, 0x81, 0x80, 0xbb, 0x9f, 0xa1, 0xf2, 0x2d, 0xd5, 0x48, + 0x3b, 0x32, 0x98, 0x96, 0x6f, 0x29, 0x3a, 0xb4, 0x2f, 0x5d, 0x4f, 0xa0, 0x45, 0x38, 0xcd, 0x27, + 0xc6, 0x74, 0x18, 0x1a, 0x6f, 0x34, 0x94, 0xae, 0x77, 0x38, 0xd7, 0x8d, 0x82, 0xf3, 0x9e, 0x43, + 0xcf, 0xc3, 0xb0, 0x6a, 0x9e, 0x9f, 0x15, 0xa7, 0x08, 0xca, 0x8b, 0xa1, 0xc8, 0xcc, 0x37, 0xb1, + 0x89, 0x87, 0x3e, 0x08, 0x0f, 0xeb, 0xbf, 0x3c, 0x05, 0x8c, 0x1f, 0xad, 0xcd, 0x8a, 0x62, 0x49, + 0xea, 0x52, 0x91, 0xb9, 0x5c, 0xb4, 0x26, 0xee, 0xf5, 0x3c, 0x5a, 0x83, 0x73, 0x0a, 0x74, 0xd1, + 0x4f, 0x58, 0x3e, 0x47, 0x4c, 0xea, 0x4e, 0x4c, 0xae, 0x47, 0x9e, 0xb8, 0x95, 0x55, 0xdd, 0xf7, + 0x38, 0xe7, 0x26, 0x97, 0xf3, 0x30, 0xf1, 0x02, 0xde, 0x83, 0x0a, 0x9a, 0x82, 0x1a, 0xf1, 0x9d, + 0x35, 0x8f, 0x2c, 0xcd, 0xcc, 0xb3, 0xa2, 0x4b, 0xc6, 0x49, 0xde, 0x45, 0x09, 0xc0, 0x1a, 0x47, + 0x45, 0x98, 0x8e, 0xf4, 0xbc, 0x7b, 0x74, 0x19, 0xce, 0xb4, 0x1a, 0x21, 0xb5, 0x3d, 0xdc, 0x06, + 0x99, 0x6e, 0xb0, 0x80, 0x3a, 0xfa, 0x61, 0x78, 0x21, 0x4a, 0x15, 0x3e, 0x3d, 0x37, 0xb3, 0xdc, + 0x85, 0x83, 0x73, 0x9f, 0x64, 0x81, 0x97, 0x51, 0xb0, 0xbd, 0x33, 0x7e, 0x3a, 0x13, 0x78, 0x49, + 0x1b, 0x31, 0x87, 0xa1, 0x2b, 0x80, 0x58, 0x2c, 0xfe, 0xe5, 0x24, 0x09, 0x95, 0xb1, 0x33, 0x7e, + 0x86, 0xbd, 0x92, 0x0a, 0x23, 0xbb, 0xd4, 0x85, 0x81, 0x73, 0x9e, 0xb2, 0xff, 0xa3, 0x05, 0xa3, + 0x6a, 0xbd, 0xde, 0x83, 0x6c, 0x14, 0x2f, 0x9d, 0x8d, 0x32, 0x77, 0x74, 0x89, 0xc7, 0x7a, 0xde, + 0x23, 0xa4, 0xf9, 0x67, 0x86, 0x01, 0xb4, 0x54, 0x54, 0x0a, 0xc9, 0xea, 0xa9, 0x90, 0x1e, 0x58, + 0x89, 0x94, 0x57, 0x61, 0xa5, 0x72, 0x7f, 0x2b, 0xac, 0xac, 0xc0, 0x59, 0x69, 0x2e, 0xf0, 0xb3, + 0xa2, 0xcb, 0x41, 0xac, 0x04, 0x5c, 0xb5, 0xfe, 0x98, 0x20, 0x74, 0x76, 0x3e, 0x0f, 0x09, 0xe7, + 0x3f, 0x9b, 0xb2, 0x52, 0x86, 0xf6, 0xb3, 0x52, 0xf4, 0x9a, 0x5e, 0x58, 0x97, 0xb7, 0x87, 0x64, + 0xd6, 0xf4, 0xc2, 0xa5, 0x15, 0xac, 0x71, 0xf2, 0x05, 0x7b, 0xad, 0x20, 0xc1, 0x0e, 0x07, 0x16, + 0xec, 0x52, 0xc4, 0x0c, 0xf7, 0x14, 0x31, 0xd2, 0x27, 0x3d, 0xd2, 0xd3, 0x27, 0xfd, 0x3e, 0x18, + 0x73, 0xfd, 0x0d, 0x12, 0xb9, 0x09, 0x69, 0xb2, 0xb5, 0xc0, 0xc4, 0x4f, 0x55, 0xab, 0xf5, 0xf9, + 0x14, 0x14, 0x67, 0xb0, 0xd3, 0x72, 0x71, 0xac, 0x0f, 0xb9, 0xd8, 0x43, 0x1b, 0x9d, 0x28, 0x46, + 0x1b, 0x9d, 0x3c, 0xba, 0x36, 0x3a, 0x75, 0xac, 0xda, 0x08, 0x15, 0xa2, 0x8d, 0xfa, 0x12, 0xf4, + 0xc6, 0xf6, 0xef, 0xcc, 0x3e, 0xdb, 0xbf, 0x5e, 0xaa, 0xe8, 0xec, 0xa1, 0x55, 0x51, 0xbe, 0x96, + 0x79, 0xe8, 0x50, 0x5a, 0xe6, 0x33, 0x25, 0x38, 0xab, 0xe5, 0x30, 0x9d, 0xfd, 0xee, 0x3a, 0x95, + 0x44, 0xec, 0x02, 0x2a, 0x7e, 0x6e, 0x63, 0x24, 0x47, 0xe9, 0x3c, 0x2b, 0x05, 0xc1, 0x06, 0x16, + 0xcb, 0x31, 0x22, 0x11, 0x2b, 0xb7, 0x9b, 0x15, 0xd2, 0x33, 0xa2, 0x1d, 0x2b, 0x0c, 0x3a, 0xbf, + 0xe8, 0x6f, 0x91, 0xb7, 0x99, 0x2d, 0x2a, 0x37, 0xa3, 0x41, 0xd8, 0xc4, 0x43, 0x4f, 0x71, 0x26, + 0x4c, 0x40, 0x50, 0x41, 0x3d, 0x22, 0x6e, 0xa4, 0x95, 0x32, 0x41, 0x41, 0x65, 0x77, 0x58, 0x32, + 0x59, 0xa5, 0xbb, 0x3b, 0x2c, 0x04, 0x4a, 0x61, 0xd8, 0xff, 0xcb, 0x82, 0x47, 0x72, 0x87, 0xe2, + 0x1e, 0x28, 0xdf, 0xed, 0xb4, 0xf2, 0x5d, 0x29, 0x6a, 0xbb, 0x61, 0xbc, 0x45, 0x0f, 0x45, 0xfc, + 0xef, 0x2d, 0x18, 0xd3, 0xf8, 0xf7, 0xe0, 0x55, 0xdd, 0xf4, 0xab, 0x16, 0xb7, 0xb3, 0xaa, 0x75, + 0xbd, 0xdb, 0xef, 0x94, 0x40, 0x15, 0x7a, 0x9c, 0x6e, 0xc8, 0x32, 0xba, 0xfb, 0x9c, 0x24, 0xee, + 0xc0, 0x20, 0x3b, 0x08, 0x8d, 0x8b, 0x09, 0xf2, 0x48, 0xf3, 0x67, 0x87, 0xaa, 0xfa, 0x90, 0x99, + 0xfd, 0x8d, 0xb1, 0x60, 0xc8, 0x8a, 0x41, 0xbb, 0x31, 0x95, 0xe6, 0x4d, 0x91, 0x96, 0xa5, 0x8b, + 0x41, 0x8b, 0x76, 0xac, 0x30, 0xa8, 0x7a, 0x70, 0x1b, 0x81, 0x3f, 0xe3, 0x39, 0xb1, 0xbc, 0x75, + 0x51, 0xa9, 0x87, 0x79, 0x09, 0xc0, 0x1a, 0x87, 0x9d, 0x91, 0xba, 0x71, 0xe8, 0x39, 0x3b, 0xc6, + 0xfe, 0xd9, 0xa8, 0x4f, 0xa0, 0x40, 0xd8, 0xc4, 0xb3, 0xdb, 0x30, 0x9e, 0x7e, 0x89, 0x59, 0xb2, + 0xce, 0x02, 0x14, 0xfb, 0x1a, 0xce, 0x29, 0xa8, 0x39, 0xec, 0xa9, 0x85, 0x8e, 0x93, 0xbd, 0x2c, + 0x7d, 0x5a, 0x02, 0xb0, 0xc6, 0xb1, 0x7f, 0xd5, 0x82, 0xd3, 0x39, 0x83, 0x56, 0x60, 0xda, 0x5b, + 0xa2, 0xa5, 0x4d, 0x9e, 0x62, 0x7f, 0x27, 0x0c, 0x35, 0xc9, 0xba, 0x23, 0x43, 0xe0, 0x0c, 0xd9, + 0x3e, 0xcb, 0x9b, 0xb1, 0x84, 0xdb, 0xff, 0xc3, 0x82, 0x13, 0xe9, 0xbe, 0xc6, 0x2c, 0x95, 0x84, + 0x0f, 0x93, 0x1b, 0x37, 0x82, 0x2d, 0x12, 0xed, 0xd0, 0x37, 0xb7, 0x32, 0xa9, 0x24, 0x5d, 0x18, + 0x38, 0xe7, 0x29, 0x56, 0xe6, 0xb5, 0xa9, 0x46, 0x5b, 0xce, 0xc8, 0x1b, 0x45, 0xce, 0x48, 0xfd, + 0x31, 0xcd, 0xe3, 0x72, 0xc5, 0x12, 0x9b, 0xfc, 0xed, 0xef, 0x0c, 0x80, 0xca, 0x8b, 0x65, 0xf1, + 0x47, 0x05, 0x45, 0x6f, 0x1d, 0x34, 0x83, 0x48, 0x4d, 0x86, 0x81, 0xbd, 0x02, 0x02, 0xb8, 0x97, + 0xc4, 0x74, 0x5d, 0xaa, 0x37, 0x5c, 0xd5, 0x20, 0x6c, 0xe2, 0xd1, 0x9e, 0x78, 0xee, 0x16, 0xe1, + 0x0f, 0x0d, 0xa6, 0x7b, 0xb2, 0x20, 0x01, 0x58, 0xe3, 0xd0, 0x9e, 0x34, 0xdd, 0xf5, 0x75, 0xb1, + 0xe5, 0x57, 0x3d, 0xa1, 0xa3, 0x83, 0x19, 0x84, 0x57, 0xee, 0x0e, 0x36, 0x85, 0x15, 0x6c, 0x54, + 0xee, 0x0e, 0x36, 0x31, 0x83, 0x50, 0xbb, 0xcd, 0x0f, 0xa2, 0x36, 0xbb, 0xcc, 0xbe, 0xa9, 0xb8, + 0x08, 0xeb, 0x57, 0xd9, 0x6d, 0xd7, 0xba, 0x51, 0x70, 0xde, 0x73, 0x74, 0x06, 0x86, 0x11, 0x69, + 0xba, 0x8d, 0xc4, 0xa4, 0x06, 0xe9, 0x19, 0xb8, 0xdc, 0x85, 0x81, 0x73, 0x9e, 0x42, 0xd3, 0x70, + 0x42, 0xe6, 0x35, 0xcb, 0xaa, 0x35, 0xc3, 0xe9, 0x2a, 0x19, 0x38, 0x0d, 0xc6, 0x59, 0x7c, 0x2a, + 0xd5, 0xda, 0xa2, 0xb0, 0x15, 0x33, 0x96, 0x0d, 0xa9, 0x26, 0x0b, 0x5e, 0x61, 0x85, 0x61, 0x7f, + 0xb2, 0x4c, 0xb5, 0x70, 0x8f, 0x82, 0x6e, 0xf7, 0x2c, 0x5a, 0x30, 0x3d, 0x23, 0x07, 0xfa, 0x98, + 0x91, 0xcf, 0xc1, 0xc8, 0xad, 0x38, 0xf0, 0x55, 0x24, 0x5e, 0xa5, 0x67, 0x24, 0x9e, 0x81, 0x95, + 0x1f, 0x89, 0x37, 0x58, 0x54, 0x24, 0xde, 0xd0, 0x21, 0x23, 0xf1, 0xbe, 0x55, 0x01, 0x75, 0x85, + 0xc8, 0x35, 0x92, 0xdc, 0x0e, 0xa2, 0x4d, 0xd7, 0x6f, 0xb1, 0x7c, 0xf0, 0xaf, 0x59, 0x30, 0xc2, + 0xd7, 0xcb, 0x82, 0x99, 0x49, 0xb5, 0x5e, 0xd0, 0xdd, 0x14, 0x29, 0x66, 0x93, 0xab, 0x06, 0xa3, + 0xcc, 0xa5, 0x9f, 0x26, 0x08, 0xa7, 0x7a, 0x84, 0x3e, 0x06, 0x20, 0xfd, 0xa3, 0xeb, 0x52, 0x64, + 0xce, 0x17, 0xd3, 0x3f, 0x4c, 0xd6, 0xb5, 0x0d, 0xbc, 0xaa, 0x98, 0x60, 0x83, 0x21, 0xfa, 0x8c, + 0xce, 0x32, 0xe3, 0x21, 0xfb, 0x1f, 0x39, 0x96, 0xb1, 0xe9, 0x27, 0xc7, 0x0c, 0xc3, 0x90, 0xeb, + 0xb7, 0xe8, 0x3c, 0x11, 0x11, 0x4b, 0xef, 0xc8, 0xab, 0xa5, 0xb0, 0x10, 0x38, 0xcd, 0xba, 0xe3, + 0x39, 0x7e, 0x83, 0x44, 0xf3, 0x1c, 0xdd, 0xbc, 0xea, 0x9a, 0x35, 0x60, 0x49, 0xa8, 0xeb, 0xf2, + 0x95, 0x4a, 0x3f, 0x97, 0xaf, 0x9c, 0x7b, 0x3f, 0x9c, 0xea, 0xfa, 0x98, 0x07, 0x4a, 0x29, 0x3b, + 0x7c, 0x36, 0x9a, 0xfd, 0x2f, 0x07, 0xb5, 0xd2, 0xba, 0x16, 0x34, 0xf9, 0x15, 0x20, 0x91, 0xfe, + 0xa2, 0xc2, 0xc6, 0x2d, 0x70, 0x8a, 0x18, 0xd7, 0x65, 0xab, 0x46, 0x6c, 0xb2, 0xa4, 0x73, 0x34, + 0x74, 0x22, 0xe2, 0x1f, 0xf7, 0x1c, 0x5d, 0x56, 0x4c, 0xb0, 0xc1, 0x10, 0x6d, 0xa4, 0x72, 0x4a, + 0x2e, 0x1d, 0x3d, 0xa7, 0x84, 0x55, 0x99, 0xca, 0xab, 0xda, 0xff, 0x45, 0x0b, 0xc6, 0xfc, 0xd4, + 0xcc, 0x2d, 0x26, 0x8c, 0x34, 0x7f, 0x55, 0xf0, 0x1b, 0xa8, 0xd2, 0x6d, 0x38, 0xc3, 0x3f, 0x4f, + 0xa5, 0x55, 0x0e, 0xa8, 0xd2, 0xf4, 0x5d, 0x42, 0x83, 0xbd, 0xee, 0x12, 0x42, 0xbe, 0xba, 0x4c, + 0x6d, 0xa8, 0xf0, 0xcb, 0xd4, 0x20, 0xe7, 0x22, 0xb5, 0x9b, 0x50, 0x6b, 0x44, 0xc4, 0x49, 0x0e, + 0x79, 0xaf, 0x16, 0x3b, 0xa0, 0x9f, 0x91, 0x04, 0xb0, 0xa6, 0x65, 0xff, 0xdf, 0x01, 0x38, 0x29, + 0x47, 0x44, 0x86, 0xa0, 0x53, 0xfd, 0xc8, 0xf9, 0x6a, 0xe3, 0x56, 0xe9, 0xc7, 0xcb, 0x12, 0x80, + 0x35, 0x0e, 0xb5, 0xc7, 0x3a, 0x31, 0x59, 0x0a, 0x89, 0xbf, 0xe0, 0xae, 0xc5, 0xe2, 0x9c, 0x53, + 0x2d, 0x94, 0xeb, 0x1a, 0x84, 0x4d, 0x3c, 0x6a, 0x8c, 0x73, 0xbb, 0x38, 0xce, 0xa6, 0xaf, 0x08, + 0x7b, 0x1b, 0x4b, 0x38, 0xfa, 0x85, 0xdc, 0x0a, 0xb3, 0xc5, 0x24, 0x6e, 0x75, 0x45, 0xde, 0x1f, + 0xf0, 0x2a, 0xc6, 0xbf, 0x63, 0xc1, 0x59, 0xde, 0x2a, 0x47, 0xf2, 0x7a, 0xd8, 0x74, 0x12, 0x12, + 0x17, 0x53, 0xf1, 0x3d, 0xa7, 0x7f, 0xda, 0xc9, 0x9b, 0xc7, 0x16, 0xe7, 0xf7, 0x06, 0xbd, 0x61, + 0xc1, 0x89, 0xcd, 0x54, 0xcd, 0x0f, 0xa9, 0x3a, 0x8e, 0x9a, 0x8e, 0x9f, 0x22, 0xaa, 0x97, 0x5a, + 0xba, 0x3d, 0xc6, 0x59, 0xee, 0xf6, 0x9f, 0x59, 0x60, 0x8a, 0xd1, 0x7b, 0x5f, 0x2a, 0xe4, 0xe0, + 0xa6, 0xa0, 0xb4, 0x2e, 0x2b, 0x3d, 0xad, 0xcb, 0xc7, 0xa0, 0xdc, 0x71, 0x9b, 0x62, 0x7f, 0xa1, + 0x4f, 0x5f, 0xe7, 0x67, 0x31, 0x6d, 0xb7, 0xff, 0x59, 0x45, 0xfb, 0x2d, 0x44, 0x5e, 0xd4, 0xf7, + 0xc5, 0x6b, 0xaf, 0xab, 0x62, 0x63, 0xfc, 0xcd, 0xaf, 0x75, 0x15, 0x1b, 0xfb, 0xd1, 0x83, 0xa7, + 0xbd, 0xf1, 0x01, 0xea, 0x55, 0x6b, 0x6c, 0x68, 0x9f, 0x9c, 0xb7, 0x5b, 0x50, 0xa5, 0x5b, 0x30, + 0xe6, 0x80, 0xac, 0xa6, 0x3a, 0x55, 0xbd, 0x2c, 0xda, 0xef, 0xee, 0x4e, 0xbc, 0xf7, 0xe0, 0xdd, + 0x92, 0x4f, 0x63, 0x45, 0x1f, 0xc5, 0x50, 0xa3, 0xbf, 0x59, 0x7a, 0x9e, 0xd8, 0xdc, 0x5d, 0x57, + 0x32, 0x53, 0x02, 0x0a, 0xc9, 0xfd, 0xd3, 0x7c, 0x90, 0x0f, 0x35, 0x76, 0x6b, 0x2d, 0x63, 0xca, + 0xf7, 0x80, 0xcb, 0x2a, 0x49, 0x4e, 0x02, 0xee, 0xee, 0x4e, 0xbc, 0x78, 0x70, 0xa6, 0xea, 0x71, + 0xac, 0x59, 0xd8, 0x5f, 0x1a, 0xd0, 0x73, 0x57, 0xd4, 0x98, 0xfb, 0xbe, 0x98, 0xbb, 0x2f, 0x64, + 0xe6, 0xee, 0xf9, 0xae, 0xb9, 0x3b, 0xa6, 0x6f, 0x57, 0x4d, 0xcd, 0xc6, 0x7b, 0x6d, 0x08, 0xec, + 0xef, 0x6f, 0x60, 0x16, 0xd0, 0x6b, 0x1d, 0x37, 0x22, 0xf1, 0x72, 0xd4, 0xf1, 0x5d, 0xbf, 0xc5, + 0xa6, 0x63, 0xd5, 0xb4, 0x80, 0x52, 0x60, 0x9c, 0xc5, 0xa7, 0x9b, 0x7a, 0xfa, 0xcd, 0x6f, 0x3a, + 0x5b, 0x7c, 0x56, 0x19, 0x65, 0xb7, 0x56, 0x44, 0x3b, 0x56, 0x18, 0xf6, 0x37, 0xd8, 0x59, 0xb6, + 0x91, 0x17, 0x4c, 0xe7, 0x84, 0xc7, 0xae, 0x09, 0xe6, 0x35, 0xbb, 0xd4, 0x9c, 0xe0, 0x77, 0x03, + 0x73, 0x18, 0xba, 0x0d, 0x43, 0x6b, 0xfc, 0x9e, 0xbc, 0x62, 0xea, 0x98, 0x8b, 0x4b, 0xf7, 0xd8, + 0x6d, 0x28, 0xf2, 0x06, 0xbe, 0xbb, 0xfa, 0x27, 0x96, 0xdc, 0xec, 0xdf, 0xaf, 0xc0, 0x89, 0xcc, + 0x45, 0xb2, 0xa9, 0x6a, 0xa9, 0xa5, 0x7d, 0xab, 0xa5, 0x7e, 0x18, 0xa0, 0x49, 0x42, 0x2f, 0xd8, + 0x61, 0xe6, 0xd8, 0xc0, 0x81, 0xcd, 0x31, 0x65, 0xc1, 0xcf, 0x2a, 0x2a, 0xd8, 0xa0, 0x28, 0x0a, + 0x95, 0xf1, 0xe2, 0xab, 0x99, 0x42, 0x65, 0xc6, 0x6d, 0x07, 0x83, 0xf7, 0xf6, 0xb6, 0x03, 0x17, + 0x4e, 0xf0, 0x2e, 0xaa, 0xec, 0xdb, 0x43, 0x24, 0xd9, 0xb2, 0xfc, 0x85, 0xd9, 0x34, 0x19, 0x9c, + 0xa5, 0x7b, 0x3f, 0xef, 0x89, 0x46, 0xef, 0x82, 0x9a, 0xfc, 0xce, 0xf1, 0x78, 0x4d, 0x57, 0x30, + 0x90, 0xd3, 0x80, 0xdd, 0xdf, 0x2c, 0x7e, 0x76, 0x15, 0x12, 0x80, 0xfb, 0x55, 0x48, 0xc0, 0xfe, + 0x42, 0x89, 0xda, 0xf1, 0xbc, 0x5f, 0xaa, 0x26, 0xce, 0x93, 0x30, 0xe8, 0x74, 0x92, 0x8d, 0xa0, + 0xeb, 0xd6, 0xbf, 0x69, 0xd6, 0x8a, 0x05, 0x14, 0x2d, 0xc0, 0x40, 0x53, 0xd7, 0x39, 0x39, 0xc8, + 0xf7, 0xd4, 0x2e, 0x51, 0x27, 0x21, 0x98, 0x51, 0x41, 0x8f, 0xc2, 0x40, 0xe2, 0xb4, 0x64, 0xca, + 0x15, 0x4b, 0xb3, 0x5d, 0x75, 0x5a, 0x31, 0x66, 0xad, 0xa6, 0xfa, 0x1e, 0xd8, 0x47, 0x7d, 0xbf, + 0x08, 0xa3, 0xb1, 0xdb, 0xf2, 0x9d, 0xa4, 0x13, 0x11, 0xe3, 0x98, 0x4f, 0x47, 0x6e, 0x98, 0x40, + 0x9c, 0xc6, 0xb5, 0x7f, 0x73, 0x04, 0xce, 0xac, 0xcc, 0x2c, 0xca, 0xea, 0xdd, 0xc7, 0x96, 0x35, + 0x95, 0xc7, 0xe3, 0xde, 0x65, 0x4d, 0xf5, 0xe0, 0xee, 0x19, 0x59, 0x53, 0x9e, 0x91, 0x35, 0x95, + 0x4e, 0x61, 0x29, 0x17, 0x91, 0xc2, 0x92, 0xd7, 0x83, 0x7e, 0x52, 0x58, 0x8e, 0x2d, 0x8d, 0x6a, + 0xcf, 0x0e, 0x1d, 0x28, 0x8d, 0x4a, 0xe5, 0x98, 0x15, 0x92, 0x5c, 0xd0, 0xe3, 0x53, 0xe5, 0xe6, + 0x98, 0xa9, 0xfc, 0x1e, 0x9e, 0x38, 0x23, 0x44, 0xfd, 0x2b, 0xc5, 0x77, 0xa0, 0x8f, 0xfc, 0x1e, + 0x91, 0xbb, 0x63, 0xe6, 0x94, 0x0d, 0x15, 0x91, 0x53, 0x96, 0xd7, 0x9d, 0x7d, 0x73, 0xca, 0x5e, + 0x84, 0xd1, 0x86, 0x17, 0xf8, 0x64, 0x39, 0x0a, 0x92, 0xa0, 0x11, 0x78, 0xc2, 0xac, 0x57, 0x22, + 0x61, 0xc6, 0x04, 0xe2, 0x34, 0x6e, 0xaf, 0x84, 0xb4, 0xda, 0x51, 0x13, 0xd2, 0xe0, 0x3e, 0x25, + 0xa4, 0xfd, 0xac, 0x4e, 0x9d, 0x1e, 0x66, 0x5f, 0xe4, 0xc3, 0xc5, 0x7f, 0x91, 0x7e, 0xf2, 0xa7, + 0xd1, 0x9b, 0xfc, 0xda, 0x3d, 0x6a, 0x18, 0xcf, 0x04, 0x6d, 0x6a, 0xf8, 0x8d, 0xb0, 0x21, 0x79, + 0xf5, 0x18, 0x26, 0xec, 0xcd, 0x15, 0xcd, 0x46, 0x5d, 0xc5, 0xa7, 0x9b, 0x70, 0xba, 0x23, 0x47, + 0x49, 0xed, 0xfe, 0x4a, 0x09, 0x7e, 0x60, 0xdf, 0x2e, 0xa0, 0xdb, 0x00, 0x89, 0xd3, 0x12, 0x13, + 0x55, 0x1c, 0x98, 0x1c, 0x31, 0xbc, 0x72, 0x55, 0xd2, 0xe3, 0x35, 0x49, 0xd4, 0x5f, 0x76, 0x14, + 0x21, 0x7f, 0xb3, 0xa8, 0xca, 0xc0, 0xeb, 0x2a, 0xdd, 0x88, 0x03, 0x8f, 0x60, 0x06, 0xa1, 0xea, + 0x3f, 0x22, 0x2d, 0x7d, 0x4f, 0xb4, 0xfa, 0x7c, 0x98, 0xb5, 0x62, 0x01, 0x45, 0xcf, 0xc3, 0xb0, + 0xe3, 0x79, 0x3c, 0x3f, 0x86, 0xc4, 0xe2, 0xde, 0x1d, 0x5d, 0x43, 0x4e, 0x83, 0xb0, 0x89, 0x67, + 0xff, 0x69, 0x09, 0x26, 0xf6, 0x91, 0x29, 0x5d, 0x19, 0x7f, 0x95, 0xbe, 0x33, 0xfe, 0x44, 0x8e, + 0xc2, 0x60, 0x8f, 0x1c, 0x85, 0xe7, 0x61, 0x38, 0x21, 0x4e, 0x5b, 0x04, 0x64, 0x09, 0x4f, 0x80, + 0x3e, 0x01, 0xd6, 0x20, 0x6c, 0xe2, 0x51, 0x29, 0x36, 0xe6, 0x34, 0x1a, 0x24, 0x8e, 0x65, 0x12, + 0x82, 0xf0, 0xa6, 0x16, 0x96, 0xe1, 0xc0, 0x9c, 0xd4, 0xd3, 0x29, 0x16, 0x38, 0xc3, 0x32, 0x3b, + 0xe0, 0xb5, 0x3e, 0x07, 0xfc, 0xeb, 0x25, 0x78, 0x6c, 0x4f, 0xed, 0xd6, 0x77, 0x7e, 0x48, 0x27, + 0x26, 0x51, 0x76, 0xe2, 0x5c, 0x8f, 0x49, 0x84, 0x19, 0x84, 0x8f, 0x52, 0x18, 0x1a, 0xf7, 0x70, + 0x17, 0x9d, 0xbc, 0xc4, 0x47, 0x29, 0xc5, 0x02, 0x67, 0x58, 0x1e, 0x76, 0x5a, 0xfe, 0x83, 0x12, + 0x3c, 0xd1, 0x87, 0x0d, 0x50, 0x60, 0x92, 0x57, 0x3a, 0xd5, 0xae, 0x7c, 0x9f, 0x32, 0x22, 0x0f, + 0x39, 0x5c, 0xdf, 0x28, 0xc1, 0xb9, 0xde, 0xaa, 0x18, 0xfd, 0x18, 0x9c, 0x88, 0x54, 0x14, 0x96, + 0x99, 0xa5, 0x77, 0x9a, 0x7b, 0x12, 0x52, 0x20, 0x9c, 0xc5, 0x45, 0x93, 0x00, 0xa1, 0x93, 0x6c, + 0xc4, 0x17, 0xb7, 0xdd, 0x38, 0x11, 0x55, 0x68, 0xc6, 0xf8, 0xd9, 0x95, 0x6c, 0xc5, 0x06, 0x06, + 0x65, 0xc7, 0xfe, 0xcd, 0x06, 0xd7, 0x82, 0x84, 0x3f, 0xc4, 0xb7, 0x11, 0xa7, 0xe5, 0x9d, 0x1d, + 0x06, 0x08, 0x67, 0x71, 0x29, 0x3b, 0x76, 0x3a, 0xca, 0x3b, 0xca, 0xf7, 0x17, 0x8c, 0xdd, 0x82, + 0x6a, 0xc5, 0x06, 0x46, 0x36, 0xff, 0xb0, 0xb2, 0x7f, 0xfe, 0xa1, 0xfd, 0x4f, 0x4b, 0xf0, 0x48, + 0x4f, 0x53, 0xae, 0xbf, 0x05, 0xf8, 0xe0, 0xe5, 0x0c, 0x1e, 0x6e, 0xee, 0x1c, 0x30, 0xb7, 0xed, + 0x8f, 0x7b, 0xcc, 0x34, 0x91, 0xdb, 0x76, 0xf8, 0xe4, 0xf0, 0x07, 0x6f, 0x3c, 0xbb, 0xd2, 0xd9, + 0x06, 0x0e, 0x90, 0xce, 0x96, 0xf9, 0x18, 0x95, 0x3e, 0x17, 0xf2, 0x9f, 0x97, 0x7b, 0x0e, 0x2f, + 0xdd, 0xfa, 0xf5, 0xe5, 0xa7, 0x9d, 0x85, 0x93, 0xae, 0xcf, 0xee, 0x6f, 0x5a, 0xe9, 0xac, 0x89, + 0xc2, 0x24, 0xa5, 0xf4, 0x2d, 0xeb, 0xf3, 0x19, 0x38, 0xee, 0x7a, 0xe2, 0x01, 0x4c, 0x2f, 0x3c, + 0xdc, 0x90, 0x1e, 0x2c, 0xc1, 0x15, 0x2d, 0xc1, 0x59, 0x39, 0x14, 0x1b, 0x4e, 0x44, 0x9a, 0x42, + 0x8d, 0xc4, 0x22, 0xa1, 0xe2, 0x11, 0x9e, 0x94, 0x91, 0x83, 0x80, 0xf3, 0x9f, 0x63, 0x57, 0xe6, + 0x04, 0xa1, 0xdb, 0x10, 0x9b, 0x1c, 0x7d, 0x65, 0x0e, 0x6d, 0xc4, 0x1c, 0x66, 0x7f, 0x18, 0x6a, + 0xea, 0xfd, 0x79, 0x58, 0xb7, 0x9a, 0x74, 0x5d, 0x61, 0xdd, 0x6a, 0xc6, 0x19, 0x58, 0xf4, 0x6b, + 0x51, 0x93, 0x38, 0xb3, 0x7a, 0xae, 0x92, 0x1d, 0x66, 0x1f, 0xdb, 0xef, 0x86, 0x11, 0xe5, 0x67, + 0xe9, 0xf7, 0x22, 0x21, 0xfb, 0x4b, 0x83, 0x30, 0x9a, 0x2a, 0x0e, 0x98, 0x72, 0xb0, 0x5a, 0xfb, + 0x3a, 0x58, 0x59, 0x98, 0x7e, 0xc7, 0x97, 0xb7, 0x8c, 0x19, 0x61, 0xfa, 0x1d, 0x9f, 0x60, 0x0e, + 0xa3, 0xe6, 0x6d, 0x33, 0xda, 0xc1, 0x1d, 0x5f, 0x84, 0xd3, 0x2a, 0xf3, 0x76, 0x96, 0xb5, 0x62, + 0x01, 0x45, 0x9f, 0xb0, 0x60, 0x24, 0x66, 0xde, 0x7b, 0xee, 0x9e, 0x16, 0x93, 0xee, 0xca, 0xd1, + 0x6b, 0x1f, 0xaa, 0x42, 0x98, 0x2c, 0x42, 0xc6, 0x6c, 0xc1, 0x29, 0x8e, 0xe8, 0xd3, 0x16, 0xd4, + 0xd4, 0x65, 0x28, 0xe2, 0xca, 0xc0, 0x95, 0x62, 0x6b, 0x2f, 0x72, 0xbf, 0xa6, 0x3a, 0x08, 0x51, + 0x45, 0xf0, 0xb0, 0x66, 0x8c, 0x62, 0xe5, 0x3b, 0x1e, 0x3a, 0x1e, 0xdf, 0x31, 0xe4, 0xf8, 0x8d, + 0xdf, 0x05, 0xb5, 0xb6, 0xe3, 0xbb, 0xeb, 0x24, 0x4e, 0xb8, 0x3b, 0x57, 0x96, 0x84, 0x95, 0x8d, + 0x58, 0xc3, 0xa9, 0x42, 0x8e, 0xd9, 0x8b, 0x25, 0x86, 0xff, 0x95, 0x29, 0xe4, 0x15, 0xdd, 0x8c, + 0x4d, 0x1c, 0xd3, 0x59, 0x0c, 0xf7, 0xd5, 0x59, 0x3c, 0xbc, 0xb7, 0xb3, 0xd8, 0xfe, 0x47, 0x16, + 0x9c, 0xcd, 0xfd, 0x6a, 0x0f, 0x6e, 0xe0, 0xa3, 0xfd, 0xe5, 0x0a, 0x9c, 0xce, 0xa9, 0xf2, 0x89, + 0x76, 0xcc, 0xf9, 0x6c, 0x15, 0x11, 0x43, 0x90, 0x3e, 0x12, 0x97, 0xc3, 0x98, 0x33, 0x89, 0x0f, + 0x76, 0x54, 0xa3, 0x8f, 0x4b, 0xca, 0xf7, 0xf6, 0xb8, 0xc4, 0x98, 0x96, 0x03, 0xf7, 0x75, 0x5a, + 0x56, 0xf6, 0x39, 0xc3, 0xf8, 0x35, 0x0b, 0xc6, 0xdb, 0x3d, 0x4a, 0xcb, 0x0b, 0xc7, 0xe3, 0x8d, + 0xe3, 0x29, 0x5c, 0x5f, 0x7f, 0xf4, 0xce, 0xee, 0x44, 0xcf, 0x8a, 0xfe, 0xb8, 0x67, 0xaf, 0xec, + 0xef, 0x94, 0x81, 0x95, 0x98, 0x65, 0x95, 0xdc, 0x76, 0xd0, 0xc7, 0xcd, 0x62, 0xc1, 0x56, 0x51, + 0x85, 0x6d, 0x39, 0x71, 0x55, 0x6c, 0x98, 0x8f, 0x60, 0x5e, 0xed, 0xe1, 0xac, 0xd0, 0x2a, 0xf5, + 0x21, 0xb4, 0x3c, 0x59, 0x95, 0xb9, 0x5c, 0x7c, 0x55, 0xe6, 0x5a, 0xb6, 0x22, 0xf3, 0xde, 0x9f, + 0x78, 0xe0, 0x81, 0xfc, 0xc4, 0xbf, 0x68, 0x71, 0xc1, 0x93, 0xf9, 0x0a, 0xda, 0x32, 0xb0, 0xf6, + 0xb0, 0x0c, 0x9e, 0x86, 0x6a, 0x4c, 0xbc, 0xf5, 0xcb, 0xc4, 0xf1, 0x84, 0x05, 0xa1, 0xcf, 0xaf, + 0x45, 0x3b, 0x56, 0x18, 0xec, 0xda, 0x56, 0xcf, 0x0b, 0x6e, 0x5f, 0x6c, 0x87, 0xc9, 0x8e, 0xb0, + 0x25, 0xf4, 0xb5, 0xad, 0x0a, 0x82, 0x0d, 0x2c, 0xfb, 0x6f, 0x97, 0xf8, 0x0c, 0x14, 0x41, 0x10, + 0x2f, 0x64, 0x2e, 0xda, 0xeb, 0x3f, 0x7e, 0xe0, 0xa3, 0x00, 0x0d, 0x75, 0x95, 0xbd, 0x38, 0x13, + 0xba, 0x7c, 0xe4, 0x7b, 0xb6, 0x05, 0x3d, 0xfd, 0x1a, 0xba, 0x0d, 0x1b, 0xfc, 0x52, 0xb2, 0xb4, + 0xbc, 0xaf, 0x2c, 0x4d, 0x89, 0x95, 0x81, 0x7d, 0xb4, 0xdd, 0x9f, 0x5a, 0x90, 0xb2, 0x88, 0x50, + 0x08, 0x15, 0xda, 0xdd, 0x9d, 0x62, 0x6e, 0xe9, 0x37, 0x49, 0x53, 0xd1, 0x28, 0xa6, 0x3d, 0xfb, + 0x89, 0x39, 0x23, 0xe4, 0x89, 0x58, 0x09, 0x3e, 0xaa, 0xd7, 0x8a, 0x63, 0x78, 0x39, 0x08, 0x36, + 0xf9, 0xc1, 0xa6, 0x8e, 0xbb, 0xb0, 0x5f, 0x80, 0x53, 0x5d, 0x9d, 0x62, 0x77, 0x6a, 0x05, 0x54, + 0xfb, 0x64, 0xa6, 0x2b, 0x4b, 0xe0, 0xc4, 0x1c, 0x66, 0x7f, 0xc3, 0x82, 0x93, 0x59, 0xf2, 0xe8, + 0x4d, 0x0b, 0x4e, 0xc5, 0x59, 0x7a, 0xc7, 0x35, 0x76, 0x2a, 0xde, 0xb1, 0x0b, 0x84, 0xbb, 0x3b, + 0x61, 0xff, 0x3f, 0x31, 0xf9, 0x6f, 0xba, 0x7e, 0x33, 0xb8, 0xad, 0x0c, 0x13, 0xab, 0xa7, 0x61, + 0x42, 0xd7, 0x63, 0x63, 0x83, 0x34, 0x3b, 0x5e, 0x57, 0xe6, 0xe8, 0x8a, 0x68, 0xc7, 0x0a, 0x83, + 0x25, 0xca, 0x75, 0x44, 0xd9, 0xf6, 0xcc, 0xa4, 0x9c, 0x15, 0xed, 0x58, 0x61, 0xa0, 0xe7, 0x60, + 0xc4, 0x78, 0x49, 0x39, 0x2f, 0x99, 0x41, 0x6e, 0xa8, 0xcc, 0x18, 0xa7, 0xb0, 0xd0, 0x24, 0x80, + 0x32, 0x72, 0xa4, 0x8a, 0x64, 0x8e, 0x22, 0x25, 0x89, 0x62, 0x6c, 0x60, 0xb0, 0xb4, 0x54, 0xaf, + 0x13, 0x33, 0x1f, 0xff, 0xa0, 0x2e, 0x25, 0x3a, 0x23, 0xda, 0xb0, 0x82, 0x52, 0x69, 0xd2, 0x76, + 0xfc, 0x8e, 0xe3, 0xd1, 0x11, 0x12, 0x5b, 0x3f, 0xb5, 0x0c, 0x17, 0x15, 0x04, 0x1b, 0x58, 0xf4, + 0x8d, 0x13, 0xb7, 0x4d, 0x5e, 0x0e, 0x7c, 0x19, 0xa7, 0xa6, 0x8f, 0x7d, 0x44, 0x3b, 0x56, 0x18, + 0xf6, 0x7f, 0xb3, 0xe0, 0x84, 0x4e, 0x72, 0xe7, 0xb7, 0x67, 0x9b, 0x3b, 0x55, 0x6b, 0xdf, 0x9d, + 0x6a, 0x3a, 0xfb, 0xb7, 0xd4, 0x57, 0xf6, 0xaf, 0x99, 0x98, 0x5b, 0xde, 0x33, 0x31, 0xf7, 0x87, + 0xf4, 0xcd, 0xac, 0x3c, 0x83, 0x77, 0x38, 0xef, 0x56, 0x56, 0x64, 0xc3, 0x60, 0xc3, 0x51, 0x15, + 0x5e, 0x46, 0xf8, 0xde, 0x61, 0x66, 0x9a, 0x21, 0x09, 0x88, 0xbd, 0x04, 0x35, 0x75, 0xfa, 0x21, + 0x37, 0xaa, 0x56, 0xfe, 0x46, 0xb5, 0xaf, 0x04, 0xc1, 0xfa, 0xda, 0x37, 0xbf, 0xfb, 0xf8, 0xdb, + 0x7e, 0xef, 0xbb, 0x8f, 0xbf, 0xed, 0x8f, 0xbe, 0xfb, 0xf8, 0xdb, 0x3e, 0x71, 0xe7, 0x71, 0xeb, + 0x9b, 0x77, 0x1e, 0xb7, 0x7e, 0xef, 0xce, 0xe3, 0xd6, 0x1f, 0xdd, 0x79, 0xdc, 0xfa, 0xce, 0x9d, + 0xc7, 0xad, 0x2f, 0xfe, 0xe7, 0xc7, 0xdf, 0xf6, 0x72, 0x6e, 0xa0, 0x22, 0xfd, 0xf1, 0x4c, 0xa3, + 0x39, 0xb5, 0x75, 0x81, 0xc5, 0xca, 0xd1, 0xe5, 0x35, 0x65, 0xcc, 0xa9, 0x29, 0xb9, 0xbc, 0xfe, + 0x7f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xb2, 0x18, 0x73, 0x0d, 0xd5, 0xe1, 0x00, 0x00, } func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) { @@ -6625,20 +6594,6 @@ func (m *ApplicationSetStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l - if len(m.Resources) > 0 { - for iNdEx := len(m.Resources) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Resources[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1a - } - } if len(m.ApplicationStatus) > 0 { for iNdEx := len(m.ApplicationStatus) - 1; iNdEx >= 0; iNdEx-- { { @@ -7000,43 +6955,6 @@ func (m *ApplicationSetTerminalGenerator) MarshalToSizedBuffer(dAtA []byte) (int return len(dAtA) - i, nil } -func (m *ApplicationSetTree) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ApplicationSetTree) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *ApplicationSetTree) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.Nodes) > 0 { - for iNdEx := len(m.Nodes) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Nodes[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - } - } - return len(dAtA) - i, nil -} - func (m *ApplicationSource) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -15041,12 +14959,6 @@ func (m *ApplicationSetStatus) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) } } - if len(m.Resources) > 0 { - for _, e := range m.Resources { - l = e.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - } return n } @@ -15168,21 +15080,6 @@ func (m *ApplicationSetTerminalGenerator) Size() (n int) { return n } -func (m *ApplicationSetTree) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if len(m.Nodes) > 0 { - for _, e := range m.Nodes { - l = e.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - } - return n -} - func (m *ApplicationSource) Size() (n int) { if m == nil { return 0 @@ -18361,15 +18258,9 @@ func (this *ApplicationSetStatus) String() string { repeatedStringForApplicationStatus += strings.Replace(strings.Replace(f.String(), "ApplicationSetApplicationStatus", "ApplicationSetApplicationStatus", 1), `&`, ``, 1) + "," } repeatedStringForApplicationStatus += "}" - repeatedStringForResources := "[]ResourceStatus{" - for _, f := range this.Resources { - repeatedStringForResources += strings.Replace(strings.Replace(f.String(), "ResourceStatus", "ResourceStatus", 1), `&`, ``, 1) + "," - } - repeatedStringForResources += "}" s := strings.Join([]string{`&ApplicationSetStatus{`, `Conditions:` + repeatedStringForConditions + `,`, `ApplicationStatus:` + repeatedStringForApplicationStatus + `,`, - `Resources:` + repeatedStringForResources + `,`, `}`, }, "") return s @@ -18458,21 +18349,6 @@ func (this *ApplicationSetTerminalGenerator) String() string { }, "") return s } -func (this *ApplicationSetTree) String() string { - if this == nil { - return "nil" - } - repeatedStringForNodes := "[]ResourceNode{" - for _, f := range this.Nodes { - repeatedStringForNodes += strings.Replace(strings.Replace(f.String(), "ResourceNode", "ResourceNode", 1), `&`, ``, 1) + "," - } - repeatedStringForNodes += "}" - s := strings.Join([]string{`&ApplicationSetTree{`, - `Nodes:` + repeatedStringForNodes + `,`, - `}`, - }, "") - return s -} func (this *ApplicationSource) String() string { if this == nil { return "nil" @@ -24827,40 +24703,6 @@ func (m *ApplicationSetStatus) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Resources", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Resources = append(m.Resources, ResourceStatus{}) - if err := m.Resources[len(m.Resources)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -25957,90 +25799,6 @@ func (m *ApplicationSetTerminalGenerator) Unmarshal(dAtA []byte) error { } return nil } -func (m *ApplicationSetTree) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ApplicationSetTree: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ApplicationSetTree: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Nodes", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Nodes = append(m.Nodes, ResourceNode{}) - if err := m.Nodes[len(m.Nodes)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} func (m *ApplicationSource) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index f81fe77229a93..bde433c406540 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -330,9 +330,6 @@ message ApplicationSetStatus { repeated ApplicationSetCondition conditions = 1; repeated ApplicationSetApplicationStatus applicationStatus = 2; - - // Resources is a list of Applications resources managed by this application set. - repeated ResourceStatus resources = 3; } // ApplicationSetStrategy configures how generated Applications are updated in sequence. @@ -398,13 +395,6 @@ message ApplicationSetTerminalGenerator { optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 8; } -// ApplicationSetTree holds nodes which belongs to the application -// Used to build a tree of an ApplicationSet and its children -message ApplicationSetTree { - // Nodes contains list of nodes which are directly managed by the applicationset - repeated ResourceNode nodes = 1; -} - // ApplicationSource contains all required information about the source of an application message ApplicationSource { // RepoURL is the URL to the repository (Git or Helm) that contains the application manifests diff --git a/pkg/apis/application/v1alpha1/openapi_generated.go b/pkg/apis/application/v1alpha1/openapi_generated.go index bf72c3819aedb..c5a41de677314 100644 --- a/pkg/apis/application/v1alpha1/openapi_generated.go +++ b/pkg/apis/application/v1alpha1/openapi_generated.go @@ -41,7 +41,6 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTemplate": schema_pkg_apis_application_v1alpha1_ApplicationSetTemplate(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTemplateMeta": schema_pkg_apis_application_v1alpha1_ApplicationSetTemplateMeta(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTerminalGenerator": schema_pkg_apis_application_v1alpha1_ApplicationSetTerminalGenerator(ref), - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTree": schema_pkg_apis_application_v1alpha1_ApplicationSetTree(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSource": schema_pkg_apis_application_v1alpha1_ApplicationSource(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSourceDirectory": schema_pkg_apis_application_v1alpha1_ApplicationSourceDirectory(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSourceHelm": schema_pkg_apis_application_v1alpha1_ApplicationSourceHelm(ref), @@ -1339,25 +1338,11 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSetStatus(ref common.Refere }, }, }, - "resources": { - SchemaProps: spec.SchemaProps{ - Description: "Resources is a list of Applications resources managed by this application set.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ResourceStatus"), - }, - }, - }, - }, - }, }, }, }, Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetApplicationStatus", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetCondition", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ResourceStatus"}, + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetApplicationStatus", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetCondition"}, } } @@ -1567,35 +1552,6 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSetTerminalGenerator(ref co } } -func schema_pkg_apis_application_v1alpha1_ApplicationSetTree(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ApplicationSetTree holds nodes which belongs to the application Used to build a tree of an ApplicationSet and its children", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "nodes": { - SchemaProps: spec.SchemaProps{ - Description: "Nodes contains list of nodes which are directly managed by the applicationset", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ResourceNode"), - }, - }, - }, - }, - }, - }, - }, - }, - Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ResourceNode"}, - } -} - func schema_pkg_apis_application_v1alpha1_ApplicationSource(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index eb120b79bd4a5..1ea2277e30599 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -1694,7 +1694,7 @@ type ResourceStatus struct { SyncWave int64 `json:"syncWave,omitempty" protobuf:"bytes,10,opt,name=syncWave"` } -// GroupVersionKind returns the GVK schema type for given resource status +// GroupKindVersion returns the GVK schema type for given resource status func (r *ResourceStatus) GroupVersionKind() schema.GroupVersionKind { return schema.GroupVersionKind{Group: r.Group, Version: r.Version, Kind: r.Kind} } @@ -2090,12 +2090,6 @@ func isValidResource(resource string) bool { return validResources[resource] } -func isValidObject(proj string, object string) bool { - // match against [/]/ - objectRegexp, err := regexp.Compile(fmt.Sprintf(`^%s(/[*\w-.]+)?/[*\w-.]+$`, regexp.QuoteMeta(proj))) - return objectRegexp.MatchString(object) && err == nil -} - func validatePolicy(proj string, role string, policy string) error { policyComponents := strings.Split(policy, ",") if len(policyComponents) != 6 || strings.Trim(policyComponents[0], " ") != "p" { @@ -2119,8 +2113,9 @@ func validatePolicy(proj string, role string, policy string) error { } // object object := strings.Trim(policyComponents[4], " ") - if !isValidObject(proj, object) { - return status.Errorf(codes.InvalidArgument, "invalid policy rule '%s': object must be of form '%s/*', '%s[/]/' or '%s/', not '%s'", policy, proj, proj, proj, object) + objectRegexp, err := regexp.Compile(fmt.Sprintf(`^%s/[*\w-.]+$`, regexp.QuoteMeta(proj))) + if err != nil || !objectRegexp.MatchString(object) { + return status.Errorf(codes.InvalidArgument, "invalid policy rule '%s': object must be of form '%s/*' or '%s/', not '%s'", policy, proj, proj, object) } // effect effect := strings.Trim(policyComponents[5], " ") diff --git a/pkg/apis/application/v1alpha1/types_test.go b/pkg/apis/application/v1alpha1/types_test.go index 5d34e1dcf739c..817003b06a0ea 100644 --- a/pkg/apis/application/v1alpha1/types_test.go +++ b/pkg/apis/application/v1alpha1/types_test.go @@ -3085,69 +3085,6 @@ func TestOrphanedResourcesMonitorSettings_IsWarn(t *testing.T) { assert.True(t, settings.IsWarn()) } -func Test_isValidPolicy(t *testing.T) { - policyTests := []struct { - name string - policy string - isValid bool - }{ - { - name: "policy with full wildcard", - policy: "some-project/*", - isValid: true, - }, - { - name: "policy with specified project and application", - policy: "some-project/some-application", - isValid: true, - }, - { - name: "policy with full wildcard namespace and application", - policy: "some-project/*/*", - isValid: true, - }, - { - name: "policy with wildcard namespace and specified application", - policy: "some-project/*/some-application", - isValid: true, - }, - { - name: "policy with specified namespace and wildcard application", - policy: "some-project/some-namespace/*", - isValid: true, - }, - { - name: "policy with wildcard prefix namespace and specified application", - policy: "some-project/some-name*/some-application", - isValid: true, - }, - { - name: "policy with specified namespace and wildcard prefixed application", - policy: "some-project/some-namespace/some-app*", - isValid: true, - }, - { - name: "policy with valid namespace and application", - policy: "some-project/some-namespace/some-application", - isValid: true, - }, - { - name: "policy with invalid namespace character", - policy: "some-project/some~namespace/some-application", - isValid: false, - }, - { - name: "policy with invalid application character", - policy: "some-project/some-namespace/some^application", - isValid: false, - }, - } - - for _, policyTest := range policyTests { - assert.Equal(t, policyTest.isValid, isValidObject("some-project", policyTest.policy), policyTest.name) - } -} - func Test_validatePolicy_projIsNotRegex(t *testing.T) { // Make sure the "." in "some.project" isn't treated as the regex wildcard. err := validatePolicy("some.project", "org-admin", "p, proj:some.project:org-admin, applications, *, some-project/*, allow") diff --git a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go index 9ecec3f0b8793..d61af65785b95 100644 --- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go @@ -768,13 +768,6 @@ func (in *ApplicationSetStatus) DeepCopyInto(out *ApplicationSetStatus) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]ResourceStatus, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } return } @@ -961,29 +954,6 @@ func (in ApplicationSetTerminalGenerators) DeepCopy() ApplicationSetTerminalGene return *out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ApplicationSetTree) DeepCopyInto(out *ApplicationSetTree) { - *out = *in - if in.Nodes != nil { - in, out := &in.Nodes, &out.Nodes - *out = make([]ResourceNode, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationSetTree. -func (in *ApplicationSetTree) DeepCopy() *ApplicationSetTree { - if in == nil { - return nil - } - out := new(ApplicationSetTree) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ApplicationSource) DeepCopyInto(out *ApplicationSource) { *out = *in diff --git a/reposerver/apiclient/clientset.go b/reposerver/apiclient/clientset.go index 41f8cef73eaa7..417dc758ef5bd 100644 --- a/reposerver/apiclient/clientset.go +++ b/reposerver/apiclient/clientset.go @@ -4,9 +4,6 @@ import ( "crypto/tls" "crypto/x509" "fmt" - "github.com/argoproj/argo-cd/v2/common" - "github.com/argoproj/argo-cd/v2/util/env" - "math" "time" grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware" @@ -22,9 +19,9 @@ import ( //go:generate go run github.com/vektra/mockery/v2@v2.15.0 --name=RepoServerServiceClient -var ( +const ( // MaxGRPCMessageSize contains max grpc message size - MaxGRPCMessageSize = env.ParseNumFromEnv(common.EnvGRPCMaxSizeMB, 100, 0, math.MaxInt32) * 1024 * 1024 + MaxGRPCMessageSize = 100 * 1024 * 1024 ) // TLSConfiguration describes parameters for TLS configuration to be used by a repo server API client diff --git a/reposerver/apiclient/repository.pb.go b/reposerver/apiclient/repository.pb.go index 707e1e95d9220..19ddddf2111dc 100644 --- a/reposerver/apiclient/repository.pb.go +++ b/reposerver/apiclient/repository.pb.go @@ -2310,6 +2310,7 @@ func (m *UpdateRevisionForPathsRequest) GetPaths() []string { } type UpdateRevisionForPathsResponse struct { + Changes bool `protobuf:"varint,1,opt,name=changes,proto3" json:"changes,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -2348,6 +2349,13 @@ func (m *UpdateRevisionForPathsResponse) XXX_DiscardUnknown() { var xxx_messageInfo_UpdateRevisionForPathsResponse proto.InternalMessageInfo +func (m *UpdateRevisionForPathsResponse) GetChanges() bool { + if m != nil { + return m.Changes + } + return false +} + func init() { proto.RegisterType((*ManifestRequest)(nil), "repository.ManifestRequest") proto.RegisterMapType((map[string]bool)(nil), "repository.ManifestRequest.EnabledSourceTypesEntry") @@ -2398,150 +2406,151 @@ func init() { } var fileDescriptor_dd8723cfcc820480 = []byte{ - // 2285 bytes of a gzipped FileDescriptorProto + // 2298 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x5a, 0x5f, 0x73, 0x1b, 0x49, - 0x11, 0xf7, 0x4a, 0xb2, 0x2c, 0xb5, 0x1d, 0x5b, 0x9e, 0x24, 0xce, 0x46, 0x97, 0xb8, 0x7c, 0x0b, - 0x49, 0xe5, 0x92, 0x3b, 0xa9, 0xe2, 0xd4, 0x5d, 0x20, 0x77, 0x1c, 0xe5, 0xcb, 0x25, 0x76, 0x2e, - 0x71, 0x62, 0x36, 0x39, 0xa8, 0x40, 0x80, 0x1a, 0xad, 0x46, 0xd2, 0x9e, 0x56, 0xbb, 0x93, 0xdd, - 0x59, 0x1f, 0x4a, 0x15, 0x4f, 0x50, 0x7c, 0x04, 0x1e, 0x78, 0xe5, 0x0b, 0x50, 0x45, 0x51, 0x3c, - 0xf2, 0x40, 0xf1, 0xe7, 0x91, 0xe2, 0x0b, 0x40, 0xe5, 0x85, 0x2a, 0x3e, 0x05, 0x35, 0x7f, 0xf6, - 0xaf, 0x56, 0x8a, 0x0f, 0x39, 0x3e, 0xb8, 0x17, 0x7b, 0xa7, 0x67, 0xa6, 0xbb, 0xa7, 0xa7, 0xbb, - 0xe7, 0xd7, 0x33, 0x82, 0xcb, 0x3e, 0xa1, 0x5e, 0x40, 0xfc, 0x43, 0xe2, 0xb7, 0xc5, 0xa7, 0xcd, - 0x3c, 0x7f, 0x9c, 0xfa, 0x6c, 0x51, 0xdf, 0x63, 0x1e, 0x82, 0x84, 0xd2, 0x7c, 0xd0, 0xb7, 0xd9, - 0x20, 0xec, 0xb4, 0x2c, 0x6f, 0xd4, 0xc6, 0x7e, 0xdf, 0xa3, 0xbe, 0xf7, 0x99, 0xf8, 0x78, 0xc7, - 0xea, 0xb6, 0x0f, 0xb7, 0xdb, 0x74, 0xd8, 0x6f, 0x63, 0x6a, 0x07, 0x6d, 0x4c, 0xa9, 0x63, 0x5b, - 0x98, 0xd9, 0x9e, 0xdb, 0x3e, 0xbc, 0x8e, 0x1d, 0x3a, 0xc0, 0xd7, 0xdb, 0x7d, 0xe2, 0x12, 0x1f, - 0x33, 0xd2, 0x95, 0x9c, 0x9b, 0x6f, 0xf4, 0x3d, 0xaf, 0xef, 0x90, 0xb6, 0x68, 0x75, 0xc2, 0x5e, - 0x9b, 0x8c, 0x28, 0x53, 0x62, 0x8d, 0x7f, 0xaf, 0xc0, 0xda, 0x3e, 0x76, 0xed, 0x1e, 0x09, 0x98, - 0x49, 0x9e, 0x87, 0x24, 0x60, 0xe8, 0x19, 0x54, 0xb8, 0x32, 0xba, 0xb6, 0xa5, 0x5d, 0x59, 0xde, - 0xde, 0x6b, 0x25, 0xda, 0xb4, 0x22, 0x6d, 0xc4, 0xc7, 0x8f, 0xad, 0x6e, 0xeb, 0x70, 0xbb, 0x45, - 0x87, 0xfd, 0x16, 0xd7, 0xa6, 0x95, 0xd2, 0xa6, 0x15, 0x69, 0xd3, 0x32, 0xe3, 0x65, 0x99, 0x82, - 0x2b, 0x6a, 0x42, 0xcd, 0x27, 0x87, 0x76, 0x60, 0x7b, 0xae, 0x5e, 0xda, 0xd2, 0xae, 0xd4, 0xcd, - 0xb8, 0x8d, 0x74, 0x58, 0x72, 0xbd, 0xdb, 0xd8, 0x1a, 0x10, 0xbd, 0xbc, 0xa5, 0x5d, 0xa9, 0x99, - 0x51, 0x13, 0x6d, 0xc1, 0x32, 0xa6, 0xf4, 0x01, 0xee, 0x10, 0xe7, 0x3e, 0x19, 0xeb, 0x15, 0x31, - 0x31, 0x4d, 0xe2, 0x73, 0x31, 0xa5, 0x0f, 0xf1, 0x88, 0xe8, 0x8b, 0xa2, 0x37, 0x6a, 0xa2, 0x0b, - 0x50, 0x77, 0xf1, 0x88, 0x04, 0x14, 0x5b, 0x44, 0xaf, 0x89, 0xbe, 0x84, 0x80, 0x7e, 0x0a, 0xeb, - 0x29, 0xc5, 0x1f, 0x7b, 0xa1, 0x6f, 0x11, 0x1d, 0xc4, 0xd2, 0x1f, 0xcd, 0xb7, 0xf4, 0x9d, 0x3c, - 0x5b, 0x73, 0x52, 0x12, 0xfa, 0x11, 0x2c, 0x8a, 0x9d, 0xd7, 0x97, 0xb7, 0xca, 0xc7, 0x6a, 0x6d, - 0xc9, 0x16, 0xb9, 0xb0, 0x44, 0x9d, 0xb0, 0x6f, 0xbb, 0x81, 0xbe, 0x22, 0x24, 0x3c, 0x99, 0x4f, - 0xc2, 0x6d, 0xcf, 0xed, 0xd9, 0xfd, 0x7d, 0xec, 0xe2, 0x3e, 0x19, 0x11, 0x97, 0x1d, 0x08, 0xe6, - 0x66, 0x24, 0x04, 0xbd, 0x80, 0xc6, 0x30, 0x0c, 0x98, 0x37, 0xb2, 0x5f, 0x90, 0x47, 0x94, 0xcf, - 0x0d, 0xf4, 0x53, 0xc2, 0x9a, 0x0f, 0xe7, 0x13, 0x7c, 0x3f, 0xc7, 0xd5, 0x9c, 0x90, 0xc3, 0x9d, - 0x64, 0x18, 0x76, 0xc8, 0x77, 0x89, 0x2f, 0xbc, 0x6b, 0x55, 0x3a, 0x49, 0x8a, 0x24, 0xdd, 0xc8, - 0x56, 0xad, 0x40, 0x5f, 0xdb, 0x2a, 0x4b, 0x37, 0x8a, 0x49, 0xe8, 0x0a, 0xac, 0x1d, 0x12, 0xdf, - 0xee, 0x8d, 0x1f, 0xdb, 0x7d, 0x17, 0xb3, 0xd0, 0x27, 0x7a, 0x43, 0xb8, 0x62, 0x9e, 0x8c, 0x46, - 0x70, 0x6a, 0x40, 0x9c, 0x11, 0x37, 0xf9, 0x6d, 0x9f, 0x74, 0x03, 0x7d, 0x5d, 0xd8, 0x77, 0x77, - 0xfe, 0x1d, 0x14, 0xec, 0xcc, 0x2c, 0x77, 0xae, 0x98, 0xeb, 0x99, 0x2a, 0x52, 0x64, 0x8c, 0x20, - 0xa9, 0x58, 0x8e, 0x8c, 0x2e, 0xc3, 0x2a, 0xf3, 0xb1, 0x35, 0xb4, 0xdd, 0xfe, 0x3e, 0x61, 0x03, - 0xaf, 0xab, 0x9f, 0x16, 0x96, 0xc8, 0x51, 0x91, 0x05, 0x88, 0xb8, 0xb8, 0xe3, 0x90, 0xae, 0xf4, - 0xc5, 0x27, 0x63, 0x4a, 0x02, 0xfd, 0x8c, 0x58, 0xc5, 0x8d, 0x56, 0x2a, 0x43, 0xe5, 0x12, 0x44, - 0xeb, 0xce, 0xc4, 0xac, 0x3b, 0x2e, 0xf3, 0xc7, 0x66, 0x01, 0x3b, 0x34, 0x84, 0x65, 0xbe, 0x8e, - 0xc8, 0x15, 0xce, 0x0a, 0x57, 0xb8, 0x37, 0x9f, 0x8d, 0xf6, 0x12, 0x86, 0x66, 0x9a, 0x3b, 0x6a, - 0x01, 0x1a, 0xe0, 0x60, 0x3f, 0x74, 0x98, 0x4d, 0x1d, 0x22, 0xd5, 0x08, 0xf4, 0x0d, 0x61, 0xa6, - 0x82, 0x1e, 0x74, 0x1f, 0xc0, 0x27, 0xbd, 0x68, 0xdc, 0x39, 0xb1, 0xf2, 0x6b, 0xb3, 0x56, 0x6e, - 0xc6, 0xa3, 0xe5, 0x8a, 0x53, 0xd3, 0xb9, 0x70, 0xbe, 0x0c, 0x62, 0x31, 0x15, 0xed, 0x22, 0xac, - 0x75, 0xe1, 0x62, 0x05, 0x3d, 0xdc, 0x17, 0x15, 0x55, 0x24, 0xad, 0xf3, 0xd2, 0x5b, 0x53, 0xa4, - 0xe6, 0x1d, 0x38, 0x37, 0xc5, 0xd4, 0xa8, 0x01, 0xe5, 0x21, 0x19, 0x8b, 0x14, 0x5d, 0x37, 0xf9, - 0x27, 0x3a, 0x03, 0x8b, 0x87, 0xd8, 0x09, 0x89, 0x48, 0xaa, 0x35, 0x53, 0x36, 0x6e, 0x95, 0xbe, - 0xa1, 0x35, 0x7f, 0xa1, 0xc1, 0x5a, 0x4e, 0xf1, 0x82, 0xf9, 0x3f, 0x4c, 0xcf, 0x3f, 0x06, 0x37, - 0xee, 0x3d, 0xc1, 0x7e, 0x9f, 0xb0, 0x94, 0x22, 0xc6, 0xdf, 0x35, 0xd0, 0x73, 0x16, 0xfd, 0x9e, - 0xcd, 0x06, 0x77, 0x6d, 0x87, 0x04, 0xe8, 0x26, 0x2c, 0xf9, 0x92, 0xa6, 0x0e, 0x9e, 0x37, 0x66, - 0x6c, 0xc4, 0xde, 0x82, 0x19, 0x8d, 0x46, 0x1f, 0x42, 0x6d, 0x44, 0x18, 0xee, 0x62, 0x86, 0x95, - 0xee, 0x5b, 0x45, 0x33, 0xb9, 0x94, 0x7d, 0x35, 0x6e, 0x6f, 0xc1, 0x8c, 0xe7, 0xa0, 0x77, 0x61, - 0xd1, 0x1a, 0x84, 0xee, 0x50, 0x1c, 0x39, 0xcb, 0xdb, 0x17, 0xa7, 0x4d, 0xbe, 0xcd, 0x07, 0xed, - 0x2d, 0x98, 0x72, 0xf4, 0x47, 0x55, 0xa8, 0x50, 0xec, 0x33, 0xe3, 0x2e, 0x9c, 0x29, 0x12, 0xc1, - 0xcf, 0x39, 0x6b, 0x40, 0xac, 0x61, 0x10, 0x8e, 0x94, 0x99, 0xe3, 0x36, 0x42, 0x50, 0x09, 0xec, - 0x17, 0xd2, 0xd4, 0x65, 0x53, 0x7c, 0x1b, 0x6f, 0xc1, 0xfa, 0x84, 0x34, 0xbe, 0xa9, 0x52, 0x37, - 0xce, 0x61, 0x45, 0x89, 0x36, 0x42, 0x38, 0xfb, 0x44, 0xd8, 0x22, 0x4e, 0xf6, 0x27, 0x71, 0x72, - 0x1b, 0x7b, 0xb0, 0x91, 0x17, 0x1b, 0x50, 0xcf, 0x0d, 0x08, 0x77, 0x7d, 0x91, 0x1d, 0x6d, 0xd2, - 0x4d, 0x7a, 0x85, 0x16, 0x35, 0xb3, 0xa0, 0xc7, 0xf8, 0x75, 0x09, 0x36, 0x4c, 0x12, 0x78, 0xce, - 0x21, 0x89, 0x52, 0xd7, 0xc9, 0x80, 0x8f, 0x1f, 0x40, 0x19, 0x53, 0xaa, 0xdc, 0xe4, 0xde, 0xb1, - 0x1d, 0xef, 0x26, 0xe7, 0x8a, 0xde, 0x86, 0x75, 0x3c, 0xea, 0xd8, 0xfd, 0xd0, 0x0b, 0x83, 0x68, - 0x59, 0xc2, 0xa9, 0xea, 0xe6, 0x64, 0x07, 0x0f, 0xff, 0x40, 0x44, 0xe4, 0x3d, 0xb7, 0x4b, 0x7e, - 0x22, 0x10, 0x4d, 0xd9, 0x4c, 0x93, 0x0c, 0x0b, 0xce, 0x4d, 0x18, 0x49, 0x19, 0x3c, 0x0d, 0xa2, - 0xb4, 0x1c, 0x88, 0x2a, 0x54, 0xa3, 0x34, 0x45, 0x0d, 0xe3, 0xcf, 0x1a, 0x34, 0x92, 0xe0, 0x52, - 0xec, 0x2f, 0x40, 0x7d, 0xa4, 0x68, 0x81, 0xae, 0x89, 0x0c, 0x96, 0x10, 0xb2, 0x78, 0xaa, 0x94, - 0xc7, 0x53, 0x1b, 0x50, 0x95, 0x70, 0x57, 0x2d, 0x5d, 0xb5, 0x32, 0x2a, 0x57, 0x72, 0x2a, 0x6f, - 0x02, 0x04, 0x71, 0x86, 0xd3, 0xab, 0xa2, 0x37, 0x45, 0x41, 0x06, 0xac, 0xc8, 0xd3, 0xd7, 0x24, - 0x41, 0xe8, 0x30, 0x7d, 0x49, 0x8c, 0xc8, 0xd0, 0x0c, 0x0f, 0xd6, 0x1e, 0xd8, 0x7c, 0x0d, 0xbd, - 0xe0, 0x64, 0xc2, 0xe1, 0x3d, 0xa8, 0x70, 0x61, 0x7c, 0x61, 0x1d, 0x1f, 0xbb, 0xd6, 0x80, 0x44, - 0xb6, 0x8a, 0xdb, 0x3c, 0xd0, 0x19, 0xee, 0x07, 0x7a, 0x49, 0xd0, 0xc5, 0xb7, 0xf1, 0xfb, 0x92, - 0xd4, 0x74, 0x87, 0xd2, 0xe0, 0xcb, 0x87, 0xdc, 0xc5, 0x20, 0xa0, 0x3c, 0x09, 0x02, 0x72, 0x2a, - 0x7f, 0x11, 0x10, 0x70, 0x4c, 0x07, 0x99, 0x11, 0xc2, 0xd2, 0x0e, 0xa5, 0x5c, 0x11, 0x74, 0x1d, - 0x2a, 0x98, 0x52, 0x69, 0xf0, 0x5c, 0xce, 0x56, 0x43, 0xf8, 0x7f, 0xa5, 0x92, 0x18, 0xda, 0xbc, - 0x09, 0xf5, 0x98, 0xf4, 0x2a, 0xb1, 0xf5, 0xb4, 0xd8, 0x2d, 0x00, 0x89, 0x72, 0xef, 0xb9, 0x3d, - 0x8f, 0x6f, 0x29, 0x77, 0x76, 0x35, 0x55, 0x7c, 0x1b, 0xb7, 0xa2, 0x11, 0x42, 0xb7, 0xb7, 0x61, - 0xd1, 0x66, 0x64, 0x14, 0x29, 0xb7, 0x91, 0x56, 0x2e, 0x61, 0x64, 0xca, 0x41, 0xc6, 0x5f, 0x6a, - 0x70, 0x9e, 0xef, 0xd8, 0x63, 0x11, 0x26, 0x3b, 0x94, 0x7e, 0x4c, 0x18, 0xb6, 0x9d, 0xe0, 0x3b, - 0x21, 0xf1, 0xc7, 0xaf, 0xd9, 0x31, 0xfa, 0x50, 0x95, 0x51, 0xa6, 0x32, 0xe2, 0xb1, 0x17, 0x3c, - 0x8a, 0x7d, 0x52, 0xe5, 0x94, 0x5f, 0x4f, 0x95, 0x53, 0x54, 0x75, 0x54, 0x4e, 0xa8, 0xea, 0x98, - 0x5e, 0x78, 0xa6, 0xca, 0xd9, 0x6a, 0xb6, 0x9c, 0x2d, 0x00, 0xf3, 0x4b, 0x47, 0x05, 0xf3, 0xb5, - 0x42, 0x30, 0x3f, 0x2a, 0x8c, 0xe3, 0xba, 0x30, 0xf7, 0xb7, 0xd2, 0x1e, 0x38, 0xd5, 0xd7, 0xe6, - 0x81, 0xf5, 0xf0, 0x5a, 0x61, 0xfd, 0xa7, 0x19, 0x98, 0x2e, 0x0b, 0xe5, 0x77, 0x8f, 0xb6, 0xa6, - 0x19, 0x80, 0xfd, 0x2b, 0x07, 0xaf, 0x7f, 0x2e, 0x50, 0x15, 0xf5, 0x12, 0x1b, 0xc4, 0x07, 0x3a, - 0x3f, 0x87, 0xf8, 0xd1, 0xaa, 0x92, 0x16, 0xff, 0x46, 0xd7, 0xa0, 0xc2, 0x8d, 0xac, 0x60, 0xef, - 0xb9, 0xb4, 0x3d, 0xf9, 0x4e, 0xec, 0x50, 0xfa, 0x98, 0x12, 0xcb, 0x14, 0x83, 0xd0, 0x2d, 0xa8, - 0xc7, 0x8e, 0xaf, 0x22, 0xeb, 0x42, 0x7a, 0x46, 0x1c, 0x27, 0xd1, 0xb4, 0x64, 0x38, 0x9f, 0xdb, - 0xb5, 0x7d, 0x62, 0x09, 0x50, 0xb8, 0x38, 0x39, 0xf7, 0xe3, 0xa8, 0x33, 0x9e, 0x1b, 0x0f, 0x47, - 0xd7, 0xa1, 0x2a, 0x6f, 0x16, 0x44, 0x04, 0x2d, 0x6f, 0x9f, 0x9f, 0x4c, 0xa6, 0xd1, 0x2c, 0x35, - 0xd0, 0xf8, 0x93, 0x06, 0x6f, 0x26, 0x0e, 0x11, 0x45, 0x53, 0x84, 0xcb, 0xbf, 0xfc, 0x13, 0xf7, - 0x32, 0xac, 0x8a, 0x42, 0x20, 0xb9, 0x60, 0x90, 0x77, 0x5d, 0x39, 0xaa, 0xf1, 0x3b, 0x0d, 0x2e, - 0x4d, 0xae, 0xe3, 0xf6, 0x00, 0xfb, 0x2c, 0xde, 0xde, 0x93, 0x58, 0x4b, 0x74, 0xe0, 0x95, 0x92, - 0x03, 0x2f, 0xb3, 0xbe, 0x72, 0x76, 0x7d, 0xc6, 0x1f, 0x4a, 0xb0, 0x9c, 0x72, 0xa0, 0xa2, 0x03, - 0x93, 0x03, 0x3e, 0xe1, 0xb7, 0xa2, 0xf4, 0x13, 0x87, 0x42, 0xdd, 0x4c, 0x51, 0xd0, 0x10, 0x80, - 0x62, 0x1f, 0x8f, 0x08, 0x23, 0x3e, 0xcf, 0xe4, 0x3c, 0xe2, 0xef, 0xcf, 0x9f, 0x5d, 0x0e, 0x22, - 0x9e, 0x66, 0x8a, 0x3d, 0x47, 0xac, 0x42, 0x74, 0xa0, 0xf2, 0xb7, 0x6a, 0xa1, 0xcf, 0x61, 0xb5, - 0x67, 0x3b, 0xe4, 0x20, 0x51, 0xa4, 0x2a, 0x14, 0x79, 0x34, 0xbf, 0x22, 0x77, 0xd3, 0x7c, 0xcd, - 0x9c, 0x18, 0xe3, 0x2a, 0x34, 0xf2, 0xf1, 0xc4, 0x95, 0xb4, 0x47, 0xb8, 0x1f, 0x5b, 0x4b, 0xb5, - 0x0c, 0x04, 0x8d, 0x7c, 0xfc, 0x18, 0xff, 0x28, 0xc1, 0xd9, 0x98, 0xdd, 0x8e, 0xeb, 0x7a, 0xa1, - 0x6b, 0x89, 0xcb, 0xba, 0xc2, 0xbd, 0x38, 0x03, 0x8b, 0xcc, 0x66, 0x4e, 0x0c, 0x7c, 0x44, 0x83, - 0x9f, 0x5d, 0xcc, 0xf3, 0x1c, 0x66, 0x53, 0xb5, 0xc1, 0x51, 0x53, 0xee, 0xfd, 0xf3, 0xd0, 0xf6, - 0x49, 0x57, 0x64, 0x82, 0x9a, 0x19, 0xb7, 0x79, 0x1f, 0x47, 0x35, 0x02, 0xc6, 0x4b, 0x63, 0xc6, - 0x6d, 0xe1, 0xf7, 0x9e, 0xe3, 0x10, 0x8b, 0x9b, 0x23, 0x05, 0xf4, 0x73, 0x54, 0x51, 0x40, 0x30, - 0xdf, 0x76, 0xfb, 0x0a, 0xe6, 0xab, 0x16, 0xd7, 0x13, 0xfb, 0x3e, 0x1e, 0xeb, 0x35, 0x61, 0x00, - 0xd9, 0x40, 0x1f, 0x40, 0x79, 0x84, 0xa9, 0x3a, 0xe8, 0xae, 0x66, 0xb2, 0x43, 0x91, 0x05, 0x5a, - 0xfb, 0x98, 0xca, 0x93, 0x80, 0x4f, 0x6b, 0xbe, 0x07, 0xb5, 0x88, 0xf0, 0x85, 0x20, 0xe1, 0x67, - 0x70, 0x2a, 0x93, 0x7c, 0xd0, 0x53, 0xd8, 0x48, 0x3c, 0x2a, 0x2d, 0x50, 0x81, 0xc0, 0x37, 0x5f, - 0xa9, 0x99, 0x39, 0x85, 0x81, 0xf1, 0x1c, 0xd6, 0xb9, 0xcb, 0x88, 0xc0, 0x3f, 0xa1, 0xd2, 0xe6, - 0x7d, 0xa8, 0xc7, 0x22, 0x0b, 0x7d, 0xa6, 0x09, 0xb5, 0xc3, 0xe8, 0x12, 0x55, 0xd6, 0x36, 0x71, - 0xdb, 0xd8, 0x01, 0x94, 0xd6, 0x57, 0x9d, 0x40, 0xd7, 0xb2, 0xa0, 0xf8, 0x6c, 0xfe, 0xb8, 0x11, - 0xc3, 0x23, 0x4c, 0xfc, 0xdb, 0x12, 0xac, 0xed, 0xda, 0xe2, 0x1e, 0xe4, 0x84, 0x92, 0xdc, 0x55, - 0x68, 0x04, 0x61, 0x67, 0xe4, 0x75, 0x43, 0x87, 0x28, 0x50, 0xa0, 0x4e, 0xfa, 0x09, 0xfa, 0xac, - 0xe4, 0xc7, 0x8d, 0x45, 0x31, 0x1b, 0xa8, 0x0a, 0x57, 0x7c, 0xa3, 0x0f, 0xe0, 0xfc, 0x43, 0xf2, - 0xb9, 0x5a, 0xcf, 0xae, 0xe3, 0x75, 0x3a, 0xb6, 0xdb, 0x8f, 0x84, 0x2c, 0x0a, 0x21, 0xd3, 0x07, - 0x14, 0x41, 0xc5, 0x6a, 0x21, 0x54, 0x34, 0x7e, 0xa6, 0x41, 0x23, 0xb1, 0x9a, 0xb2, 0xfb, 0x4d, - 0x19, 0x1f, 0xd2, 0xea, 0x97, 0xd2, 0x56, 0xcf, 0x0f, 0xfd, 0xef, 0x43, 0x63, 0x25, 0x1d, 0x1a, - 0xff, 0xd2, 0xe0, 0xec, 0xae, 0xcd, 0xa2, 0xa4, 0x64, 0xff, 0xbf, 0xed, 0x60, 0x81, 0xbd, 0x2b, - 0xc5, 0xf6, 0x6e, 0xc1, 0x46, 0x7e, 0xa1, 0xca, 0xe8, 0x67, 0x60, 0x91, 0xef, 0x7c, 0x74, 0x1f, - 0x20, 0x1b, 0xc6, 0x6f, 0xaa, 0x70, 0xf1, 0x53, 0xda, 0xc5, 0x2c, 0xbe, 0xcf, 0xb9, 0xeb, 0xf9, - 0x07, 0xbc, 0xeb, 0x64, 0x2c, 0x94, 0x7b, 0x43, 0x2b, 0xcd, 0x7c, 0x43, 0x2b, 0xcf, 0x78, 0x43, - 0xab, 0x1c, 0xe9, 0x0d, 0x6d, 0xf1, 0xc4, 0xde, 0xd0, 0x26, 0x6b, 0xa4, 0x6a, 0x61, 0x8d, 0xf4, - 0x34, 0x53, 0x47, 0x2c, 0x89, 0x90, 0xf8, 0x66, 0x3a, 0x24, 0x66, 0xee, 0xce, 0xcc, 0xcb, 0xff, - 0xdc, 0xd3, 0x53, 0xed, 0x95, 0x4f, 0x4f, 0xf5, 0xc9, 0xa7, 0xa7, 0xe2, 0xd7, 0x0b, 0x98, 0xfa, - 0x7a, 0x71, 0x19, 0x56, 0x83, 0xb1, 0x6b, 0x91, 0x6e, 0x7c, 0xcb, 0xb7, 0x2c, 0x97, 0x9d, 0xa5, - 0x66, 0xbc, 0x7d, 0x25, 0xe7, 0xed, 0xb1, 0xa7, 0x9e, 0x4a, 0x79, 0xea, 0xff, 0x4e, 0x49, 0xb3, - 0x05, 0x9b, 0xd3, 0xf6, 0x44, 0x86, 0xda, 0xf6, 0x1f, 0x01, 0xd6, 0x13, 0x94, 0xcc, 0xff, 0xda, - 0x16, 0x41, 0x8f, 0xa0, 0xb1, 0xab, 0x9e, 0xc1, 0xa3, 0xcb, 0x4d, 0x34, 0xeb, 0x3d, 0xa1, 0x79, - 0xa1, 0xb8, 0x53, 0x0a, 0x31, 0x16, 0x90, 0x05, 0xe7, 0xf3, 0x0c, 0x93, 0xa7, 0x8b, 0xaf, 0xcf, - 0xe0, 0x1c, 0x8f, 0x7a, 0x95, 0x88, 0x2b, 0x1a, 0x7a, 0x0a, 0xab, 0xd9, 0x0b, 0x76, 0x94, 0x81, - 0x0d, 0x85, 0x77, 0xfe, 0x4d, 0x63, 0xd6, 0x90, 0x58, 0xff, 0x67, 0x7c, 0x43, 0x33, 0x77, 0xc9, - 0xc8, 0xc8, 0x56, 0xd0, 0x45, 0xb7, 0xf1, 0xcd, 0xaf, 0xcd, 0x1c, 0x13, 0x73, 0x7f, 0x1f, 0x6a, - 0xd1, 0xdd, 0x6b, 0xd6, 0xcc, 0xb9, 0x1b, 0xd9, 0x66, 0x23, 0xcb, 0xaf, 0x17, 0x18, 0x0b, 0xe8, - 0x43, 0x39, 0x79, 0x87, 0xd2, 0x82, 0xc9, 0xa9, 0x1b, 0xc7, 0xe6, 0xe9, 0x82, 0x5b, 0x3e, 0x63, - 0x01, 0x7d, 0x1b, 0x96, 0xf9, 0xd7, 0x81, 0x7a, 0x80, 0xde, 0x68, 0xc9, 0xdf, 0x3b, 0xb4, 0xa2, - 0xdf, 0x3b, 0xb4, 0xee, 0x8c, 0x28, 0x1b, 0x37, 0x0b, 0xae, 0xe1, 0x14, 0x83, 0x67, 0x70, 0x6a, - 0x97, 0xb0, 0xa4, 0x6a, 0x46, 0x97, 0x8e, 0x74, 0xb7, 0xd0, 0x34, 0xf2, 0xc3, 0x26, 0x0b, 0x6f, - 0x63, 0x01, 0xfd, 0x52, 0x83, 0xd3, 0xbb, 0x84, 0xe5, 0xeb, 0x50, 0xf4, 0x4e, 0xb1, 0x90, 0x29, - 0xf5, 0x6a, 0xf3, 0xe1, 0xbc, 0xd1, 0x95, 0x65, 0x6b, 0x2c, 0xa0, 0x5f, 0x69, 0x70, 0x2e, 0xa5, - 0x58, 0xba, 0xb0, 0x44, 0xd7, 0x67, 0x2b, 0x57, 0x50, 0x84, 0x36, 0x3f, 0x99, 0xf3, 0x77, 0x05, - 0x29, 0x96, 0xc6, 0x02, 0x3a, 0x10, 0x7b, 0x92, 0xe0, 0x48, 0x74, 0xb1, 0x10, 0x30, 0xc6, 0xd2, - 0x37, 0xa7, 0x75, 0xc7, 0xfb, 0xf0, 0x09, 0x2c, 0xef, 0x12, 0x16, 0x81, 0x9e, 0xac, 0xa7, 0xe5, - 0xb0, 0x66, 0x36, 0x54, 0xf3, 0x38, 0x49, 0x78, 0xcc, 0xba, 0xe4, 0x95, 0x3a, 0xfc, 0xb3, 0xb1, - 0x5a, 0x88, 0x80, 0xb2, 0x1e, 0x53, 0x8c, 0x1d, 0x8c, 0x05, 0xf4, 0x1c, 0x36, 0x8a, 0x93, 0x1e, - 0x7a, 0xeb, 0xc8, 0x87, 0x55, 0xf3, 0xea, 0x51, 0x86, 0x46, 0x22, 0x3f, 0xda, 0xf9, 0xeb, 0xcb, - 0x4d, 0xed, 0x6f, 0x2f, 0x37, 0xb5, 0x7f, 0xbe, 0xdc, 0xd4, 0xbe, 0x7f, 0xe3, 0x15, 0xbf, 0x3f, - 0x4a, 0xfd, 0xa4, 0x09, 0x53, 0xdb, 0x72, 0x6c, 0xe2, 0xb2, 0x4e, 0x55, 0xc4, 0xdb, 0x8d, 0xff, - 0x04, 0x00, 0x00, 0xff, 0xff, 0x0f, 0x5b, 0x4a, 0xde, 0xf1, 0x24, 0x00, 0x00, + 0x11, 0xf7, 0xea, 0x9f, 0xa5, 0x96, 0x63, 0xcb, 0x93, 0xc4, 0xd9, 0xe8, 0x12, 0x97, 0x6f, 0x21, + 0xa9, 0x5c, 0x72, 0x27, 0x55, 0x9c, 0xba, 0x0b, 0xe4, 0x8e, 0xa3, 0x7c, 0xb9, 0xc4, 0xce, 0x25, + 0x4e, 0xcc, 0x26, 0x07, 0x15, 0x08, 0x50, 0xa3, 0xd5, 0x68, 0xb5, 0xa7, 0xd5, 0xee, 0x64, 0x77, + 0xd6, 0x87, 0x52, 0xc5, 0x13, 0x14, 0x1f, 0x81, 0x07, 0x5e, 0xf9, 0x02, 0x54, 0x51, 0x14, 0x8f, + 0x3c, 0x50, 0xfc, 0x79, 0xa4, 0xf8, 0x02, 0x50, 0x79, 0xa1, 0x8a, 0x4f, 0x41, 0xcd, 0xec, 0xec, + 0x5f, 0xad, 0x14, 0x1f, 0x72, 0x7c, 0x70, 0x2f, 0xf6, 0x4e, 0xcf, 0x4c, 0x77, 0x4f, 0x4f, 0x77, + 0xcf, 0xaf, 0x67, 0x04, 0x97, 0x3d, 0x42, 0x5d, 0x9f, 0x78, 0x87, 0xc4, 0xeb, 0x8a, 0x4f, 0x8b, + 0xb9, 0xde, 0x24, 0xf5, 0xd9, 0xa1, 0x9e, 0xcb, 0x5c, 0x04, 0x09, 0xa5, 0xfd, 0xc0, 0xb4, 0xd8, + 0x30, 0xe8, 0x75, 0x0c, 0x77, 0xdc, 0xc5, 0x9e, 0xe9, 0x52, 0xcf, 0xfd, 0x4c, 0x7c, 0xbc, 0x63, + 0xf4, 0xbb, 0x87, 0xdb, 0x5d, 0x3a, 0x32, 0xbb, 0x98, 0x5a, 0x7e, 0x17, 0x53, 0x6a, 0x5b, 0x06, + 0x66, 0x96, 0xeb, 0x74, 0x0f, 0xaf, 0x63, 0x9b, 0x0e, 0xf1, 0xf5, 0xae, 0x49, 0x1c, 0xe2, 0x61, + 0x46, 0xfa, 0x21, 0xe7, 0xf6, 0x1b, 0xa6, 0xeb, 0x9a, 0x36, 0xe9, 0x8a, 0x56, 0x2f, 0x18, 0x74, + 0xc9, 0x98, 0x32, 0x29, 0x56, 0xfb, 0xf7, 0x0a, 0xac, 0xed, 0x63, 0xc7, 0x1a, 0x10, 0x9f, 0xe9, + 0xe4, 0x79, 0x40, 0x7c, 0x86, 0x9e, 0x41, 0x85, 0x2b, 0xa3, 0x2a, 0x5b, 0xca, 0x95, 0xe6, 0xf6, + 0x5e, 0x27, 0xd1, 0xa6, 0x13, 0x69, 0x23, 0x3e, 0x7e, 0x6c, 0xf4, 0x3b, 0x87, 0xdb, 0x1d, 0x3a, + 0x32, 0x3b, 0x5c, 0x9b, 0x4e, 0x4a, 0x9b, 0x4e, 0xa4, 0x4d, 0x47, 0x8f, 0x97, 0xa5, 0x0b, 0xae, + 0xa8, 0x0d, 0x75, 0x8f, 0x1c, 0x5a, 0xbe, 0xe5, 0x3a, 0x6a, 0x69, 0x4b, 0xb9, 0xd2, 0xd0, 0xe3, + 0x36, 0x52, 0x61, 0xd9, 0x71, 0x6f, 0x63, 0x63, 0x48, 0xd4, 0xf2, 0x96, 0x72, 0xa5, 0xae, 0x47, + 0x4d, 0xb4, 0x05, 0x4d, 0x4c, 0xe9, 0x03, 0xdc, 0x23, 0xf6, 0x7d, 0x32, 0x51, 0x2b, 0x62, 0x62, + 0x9a, 0xc4, 0xe7, 0x62, 0x4a, 0x1f, 0xe2, 0x31, 0x51, 0xab, 0xa2, 0x37, 0x6a, 0xa2, 0x0b, 0xd0, + 0x70, 0xf0, 0x98, 0xf8, 0x14, 0x1b, 0x44, 0xad, 0x8b, 0xbe, 0x84, 0x80, 0x7e, 0x0a, 0xeb, 0x29, + 0xc5, 0x1f, 0xbb, 0x81, 0x67, 0x10, 0x15, 0xc4, 0xd2, 0x1f, 0x2d, 0xb6, 0xf4, 0x9d, 0x3c, 0x5b, + 0x7d, 0x5a, 0x12, 0xfa, 0x11, 0x54, 0xc5, 0xce, 0xab, 0xcd, 0xad, 0xf2, 0xb1, 0x5a, 0x3b, 0x64, + 0x8b, 0x1c, 0x58, 0xa6, 0x76, 0x60, 0x5a, 0x8e, 0xaf, 0xae, 0x08, 0x09, 0x4f, 0x16, 0x93, 0x70, + 0xdb, 0x75, 0x06, 0x96, 0xb9, 0x8f, 0x1d, 0x6c, 0x92, 0x31, 0x71, 0xd8, 0x81, 0x60, 0xae, 0x47, + 0x42, 0xd0, 0x0b, 0x68, 0x8d, 0x02, 0x9f, 0xb9, 0x63, 0xeb, 0x05, 0x79, 0x44, 0xf9, 0x5c, 0x5f, + 0x3d, 0x25, 0xac, 0xf9, 0x70, 0x31, 0xc1, 0xf7, 0x73, 0x5c, 0xf5, 0x29, 0x39, 0xdc, 0x49, 0x46, + 0x41, 0x8f, 0x7c, 0x97, 0x78, 0xc2, 0xbb, 0x56, 0x43, 0x27, 0x49, 0x91, 0x42, 0x37, 0xb2, 0x64, + 0xcb, 0x57, 0xd7, 0xb6, 0xca, 0xa1, 0x1b, 0xc5, 0x24, 0x74, 0x05, 0xd6, 0x0e, 0x89, 0x67, 0x0d, + 0x26, 0x8f, 0x2d, 0xd3, 0xc1, 0x2c, 0xf0, 0x88, 0xda, 0x12, 0xae, 0x98, 0x27, 0xa3, 0x31, 0x9c, + 0x1a, 0x12, 0x7b, 0xcc, 0x4d, 0x7e, 0xdb, 0x23, 0x7d, 0x5f, 0x5d, 0x17, 0xf6, 0xdd, 0x5d, 0x7c, + 0x07, 0x05, 0x3b, 0x3d, 0xcb, 0x9d, 0x2b, 0xe6, 0xb8, 0xba, 0x8c, 0x94, 0x30, 0x46, 0x50, 0xa8, + 0x58, 0x8e, 0x8c, 0x2e, 0xc3, 0x2a, 0xf3, 0xb0, 0x31, 0xb2, 0x1c, 0x73, 0x9f, 0xb0, 0xa1, 0xdb, + 0x57, 0x4f, 0x0b, 0x4b, 0xe4, 0xa8, 0xc8, 0x00, 0x44, 0x1c, 0xdc, 0xb3, 0x49, 0x3f, 0xf4, 0xc5, + 0x27, 0x13, 0x4a, 0x7c, 0xf5, 0x8c, 0x58, 0xc5, 0x8d, 0x4e, 0x2a, 0x43, 0xe5, 0x12, 0x44, 0xe7, + 0xce, 0xd4, 0xac, 0x3b, 0x0e, 0xf3, 0x26, 0x7a, 0x01, 0x3b, 0x34, 0x82, 0x26, 0x5f, 0x47, 0xe4, + 0x0a, 0x67, 0x85, 0x2b, 0xdc, 0x5b, 0xcc, 0x46, 0x7b, 0x09, 0x43, 0x3d, 0xcd, 0x1d, 0x75, 0x00, + 0x0d, 0xb1, 0xbf, 0x1f, 0xd8, 0xcc, 0xa2, 0x36, 0x09, 0xd5, 0xf0, 0xd5, 0x0d, 0x61, 0xa6, 0x82, + 0x1e, 0x74, 0x1f, 0xc0, 0x23, 0x83, 0x68, 0xdc, 0x39, 0xb1, 0xf2, 0x6b, 0xf3, 0x56, 0xae, 0xc7, + 0xa3, 0xc3, 0x15, 0xa7, 0xa6, 0x73, 0xe1, 0x7c, 0x19, 0xc4, 0x60, 0x32, 0xda, 0x45, 0x58, 0xab, + 0xc2, 0xc5, 0x0a, 0x7a, 0xb8, 0x2f, 0x4a, 0xaa, 0x48, 0x5a, 0xe7, 0x43, 0x6f, 0x4d, 0x91, 0xda, + 0x77, 0xe0, 0xdc, 0x0c, 0x53, 0xa3, 0x16, 0x94, 0x47, 0x64, 0x22, 0x52, 0x74, 0x43, 0xe7, 0x9f, + 0xe8, 0x0c, 0x54, 0x0f, 0xb1, 0x1d, 0x10, 0x91, 0x54, 0xeb, 0x7a, 0xd8, 0xb8, 0x55, 0xfa, 0x86, + 0xd2, 0xfe, 0x85, 0x02, 0x6b, 0x39, 0xc5, 0x0b, 0xe6, 0xff, 0x30, 0x3d, 0xff, 0x18, 0xdc, 0x78, + 0xf0, 0x04, 0x7b, 0x26, 0x61, 0x29, 0x45, 0xb4, 0xbf, 0x2b, 0xa0, 0xe6, 0x2c, 0xfa, 0x3d, 0x8b, + 0x0d, 0xef, 0x5a, 0x36, 0xf1, 0xd1, 0x4d, 0x58, 0xf6, 0x42, 0x9a, 0x3c, 0x78, 0xde, 0x98, 0xb3, + 0x11, 0x7b, 0x4b, 0x7a, 0x34, 0x1a, 0x7d, 0x08, 0xf5, 0x31, 0x61, 0xb8, 0x8f, 0x19, 0x96, 0xba, + 0x6f, 0x15, 0xcd, 0xe4, 0x52, 0xf6, 0xe5, 0xb8, 0xbd, 0x25, 0x3d, 0x9e, 0x83, 0xde, 0x85, 0xaa, + 0x31, 0x0c, 0x9c, 0x91, 0x38, 0x72, 0x9a, 0xdb, 0x17, 0x67, 0x4d, 0xbe, 0xcd, 0x07, 0xed, 0x2d, + 0xe9, 0xe1, 0xe8, 0x8f, 0x6a, 0x50, 0xa1, 0xd8, 0x63, 0xda, 0x5d, 0x38, 0x53, 0x24, 0x82, 0x9f, + 0x73, 0xc6, 0x90, 0x18, 0x23, 0x3f, 0x18, 0x4b, 0x33, 0xc7, 0x6d, 0x84, 0xa0, 0xe2, 0x5b, 0x2f, + 0x42, 0x53, 0x97, 0x75, 0xf1, 0xad, 0xbd, 0x05, 0xeb, 0x53, 0xd2, 0xf8, 0xa6, 0x86, 0xba, 0x71, + 0x0e, 0x2b, 0x52, 0xb4, 0x16, 0xc0, 0xd9, 0x27, 0xc2, 0x16, 0x71, 0xb2, 0x3f, 0x89, 0x93, 0x5b, + 0xdb, 0x83, 0x8d, 0xbc, 0x58, 0x9f, 0xba, 0x8e, 0x4f, 0xb8, 0xeb, 0x8b, 0xec, 0x68, 0x91, 0x7e, + 0xd2, 0x2b, 0xb4, 0xa8, 0xeb, 0x05, 0x3d, 0xda, 0xaf, 0x4b, 0xb0, 0xa1, 0x13, 0xdf, 0xb5, 0x0f, + 0x49, 0x94, 0xba, 0x4e, 0x06, 0x7c, 0xfc, 0x00, 0xca, 0x98, 0x52, 0xe9, 0x26, 0xf7, 0x8e, 0xed, + 0x78, 0xd7, 0x39, 0x57, 0xf4, 0x36, 0xac, 0xe3, 0x71, 0xcf, 0x32, 0x03, 0x37, 0xf0, 0xa3, 0x65, + 0x09, 0xa7, 0x6a, 0xe8, 0xd3, 0x1d, 0x3c, 0xfc, 0x7d, 0x11, 0x91, 0xf7, 0x9c, 0x3e, 0xf9, 0x89, + 0x40, 0x34, 0x65, 0x3d, 0x4d, 0xd2, 0x0c, 0x38, 0x37, 0x65, 0x24, 0x69, 0xf0, 0x34, 0x88, 0x52, + 0x72, 0x20, 0xaa, 0x50, 0x8d, 0xd2, 0x0c, 0x35, 0xb4, 0x3f, 0x2b, 0xd0, 0x4a, 0x82, 0x4b, 0xb2, + 0xbf, 0x00, 0x8d, 0xb1, 0xa4, 0xf9, 0xaa, 0x22, 0x32, 0x58, 0x42, 0xc8, 0xe2, 0xa9, 0x52, 0x1e, + 0x4f, 0x6d, 0x40, 0x2d, 0x84, 0xbb, 0x72, 0xe9, 0xb2, 0x95, 0x51, 0xb9, 0x92, 0x53, 0x79, 0x13, + 0xc0, 0x8f, 0x33, 0x9c, 0x5a, 0x13, 0xbd, 0x29, 0x0a, 0xd2, 0x60, 0x25, 0x3c, 0x7d, 0x75, 0xe2, + 0x07, 0x36, 0x53, 0x97, 0xc5, 0x88, 0x0c, 0x4d, 0x73, 0x61, 0xed, 0x81, 0xc5, 0xd7, 0x30, 0xf0, + 0x4f, 0x26, 0x1c, 0xde, 0x83, 0x0a, 0x17, 0xc6, 0x17, 0xd6, 0xf3, 0xb0, 0x63, 0x0c, 0x49, 0x64, + 0xab, 0xb8, 0xcd, 0x03, 0x9d, 0x61, 0xd3, 0x57, 0x4b, 0x82, 0x2e, 0xbe, 0xb5, 0xdf, 0x97, 0x42, + 0x4d, 0x77, 0x28, 0xf5, 0xbf, 0x7c, 0xc8, 0x5d, 0x0c, 0x02, 0xca, 0xd3, 0x20, 0x20, 0xa7, 0xf2, + 0x17, 0x01, 0x01, 0xc7, 0x74, 0x90, 0x69, 0x01, 0x2c, 0xef, 0x50, 0xca, 0x15, 0x41, 0xd7, 0xa1, + 0x82, 0x29, 0x0d, 0x0d, 0x9e, 0xcb, 0xd9, 0x72, 0x08, 0xff, 0x2f, 0x55, 0x12, 0x43, 0xdb, 0x37, + 0xa1, 0x11, 0x93, 0x5e, 0x25, 0xb6, 0x91, 0x16, 0xbb, 0x05, 0x10, 0xa2, 0xdc, 0x7b, 0xce, 0xc0, + 0xe5, 0x5b, 0xca, 0x9d, 0x5d, 0x4e, 0x15, 0xdf, 0xda, 0xad, 0x68, 0x84, 0xd0, 0xed, 0x6d, 0xa8, + 0x5a, 0x8c, 0x8c, 0x23, 0xe5, 0x36, 0xd2, 0xca, 0x25, 0x8c, 0xf4, 0x70, 0x90, 0xf6, 0x97, 0x3a, + 0x9c, 0xe7, 0x3b, 0xf6, 0x58, 0x84, 0xc9, 0x0e, 0xa5, 0x1f, 0x13, 0x86, 0x2d, 0xdb, 0xff, 0x4e, + 0x40, 0xbc, 0xc9, 0x6b, 0x76, 0x0c, 0x13, 0x6a, 0x61, 0x94, 0xc9, 0x8c, 0x78, 0xec, 0x05, 0x8f, + 0x64, 0x9f, 0x54, 0x39, 0xe5, 0xd7, 0x53, 0xe5, 0x14, 0x55, 0x1d, 0x95, 0x13, 0xaa, 0x3a, 0x66, + 0x17, 0x9e, 0xa9, 0x72, 0xb6, 0x96, 0x2d, 0x67, 0x0b, 0xc0, 0xfc, 0xf2, 0x51, 0xc1, 0x7c, 0xbd, + 0x10, 0xcc, 0x8f, 0x0b, 0xe3, 0xb8, 0x21, 0xcc, 0xfd, 0xad, 0xb4, 0x07, 0xce, 0xf4, 0xb5, 0x45, + 0x60, 0x3d, 0xbc, 0x56, 0x58, 0xff, 0x69, 0x06, 0xa6, 0x87, 0x85, 0xf2, 0xbb, 0x47, 0x5b, 0xd3, + 0x1c, 0xc0, 0xfe, 0x95, 0x83, 0xd7, 0x3f, 0x17, 0xa8, 0x8a, 0xba, 0x89, 0x0d, 0xe2, 0x03, 0x9d, + 0x9f, 0x43, 0xfc, 0x68, 0x95, 0x49, 0x8b, 0x7f, 0xa3, 0x6b, 0x50, 0xe1, 0x46, 0x96, 0xb0, 0xf7, + 0x5c, 0xda, 0x9e, 0x7c, 0x27, 0x76, 0x28, 0x7d, 0x4c, 0x89, 0xa1, 0x8b, 0x41, 0xe8, 0x16, 0x34, + 0x62, 0xc7, 0x97, 0x91, 0x75, 0x21, 0x3d, 0x23, 0x8e, 0x93, 0x68, 0x5a, 0x32, 0x9c, 0xcf, 0xed, + 0x5b, 0x1e, 0x31, 0x04, 0x28, 0xac, 0x4e, 0xcf, 0xfd, 0x38, 0xea, 0x8c, 0xe7, 0xc6, 0xc3, 0xd1, + 0x75, 0xa8, 0x85, 0x37, 0x0b, 0x22, 0x82, 0x9a, 0xdb, 0xe7, 0xa7, 0x93, 0x69, 0x34, 0x4b, 0x0e, + 0xd4, 0xfe, 0xa4, 0xc0, 0x9b, 0x89, 0x43, 0x44, 0xd1, 0x14, 0xe1, 0xf2, 0x2f, 0xff, 0xc4, 0xbd, + 0x0c, 0xab, 0xa2, 0x10, 0x48, 0x2e, 0x18, 0xc2, 0xbb, 0xae, 0x1c, 0x55, 0xfb, 0x9d, 0x02, 0x97, + 0xa6, 0xd7, 0x71, 0x7b, 0x88, 0x3d, 0x16, 0x6f, 0xef, 0x49, 0xac, 0x25, 0x3a, 0xf0, 0x4a, 0xc9, + 0x81, 0x97, 0x59, 0x5f, 0x39, 0xbb, 0x3e, 0xed, 0x0f, 0x25, 0x68, 0xa6, 0x1c, 0xa8, 0xe8, 0xc0, + 0xe4, 0x80, 0x4f, 0xf8, 0xad, 0x28, 0xfd, 0xc4, 0xa1, 0xd0, 0xd0, 0x53, 0x14, 0x34, 0x02, 0xa0, + 0xd8, 0xc3, 0x63, 0xc2, 0x88, 0xc7, 0x33, 0x39, 0x8f, 0xf8, 0xfb, 0x8b, 0x67, 0x97, 0x83, 0x88, + 0xa7, 0x9e, 0x62, 0xcf, 0x11, 0xab, 0x10, 0xed, 0xcb, 0xfc, 0x2d, 0x5b, 0xe8, 0x73, 0x58, 0x1d, + 0x58, 0x36, 0x39, 0x48, 0x14, 0xa9, 0x09, 0x45, 0x1e, 0x2d, 0xae, 0xc8, 0xdd, 0x34, 0x5f, 0x3d, + 0x27, 0x46, 0xbb, 0x0a, 0xad, 0x7c, 0x3c, 0x71, 0x25, 0xad, 0x31, 0x36, 0x63, 0x6b, 0xc9, 0x96, + 0x86, 0xa0, 0x95, 0x8f, 0x1f, 0xed, 0x1f, 0x25, 0x38, 0x1b, 0xb3, 0xdb, 0x71, 0x1c, 0x37, 0x70, + 0x0c, 0x71, 0x59, 0x57, 0xb8, 0x17, 0x67, 0xa0, 0xca, 0x2c, 0x66, 0xc7, 0xc0, 0x47, 0x34, 0xf8, + 0xd9, 0xc5, 0x5c, 0xd7, 0x66, 0x16, 0x95, 0x1b, 0x1c, 0x35, 0xc3, 0xbd, 0x7f, 0x1e, 0x58, 0x1e, + 0xe9, 0x8b, 0x4c, 0x50, 0xd7, 0xe3, 0x36, 0xef, 0xe3, 0xa8, 0x46, 0xc0, 0xf8, 0xd0, 0x98, 0x71, + 0x5b, 0xf8, 0xbd, 0x6b, 0xdb, 0xc4, 0xe0, 0xe6, 0x48, 0x01, 0xfd, 0x1c, 0x55, 0x14, 0x10, 0xcc, + 0xb3, 0x1c, 0x53, 0xc2, 0x7c, 0xd9, 0xe2, 0x7a, 0x62, 0xcf, 0xc3, 0x13, 0xb5, 0x2e, 0x0c, 0x10, + 0x36, 0xd0, 0x07, 0x50, 0x1e, 0x63, 0x2a, 0x0f, 0xba, 0xab, 0x99, 0xec, 0x50, 0x64, 0x81, 0xce, + 0x3e, 0xa6, 0xe1, 0x49, 0xc0, 0xa7, 0xb5, 0xdf, 0x83, 0x7a, 0x44, 0xf8, 0x42, 0x90, 0xf0, 0x33, + 0x38, 0x95, 0x49, 0x3e, 0xe8, 0x29, 0x6c, 0x24, 0x1e, 0x95, 0x16, 0x28, 0x41, 0xe0, 0x9b, 0xaf, + 0xd4, 0x4c, 0x9f, 0xc1, 0x40, 0x7b, 0x0e, 0xeb, 0xdc, 0x65, 0x44, 0xe0, 0x9f, 0x50, 0x69, 0xf3, + 0x3e, 0x34, 0x62, 0x91, 0x85, 0x3e, 0xd3, 0x86, 0xfa, 0x61, 0x74, 0x89, 0x1a, 0xd6, 0x36, 0x71, + 0x5b, 0xdb, 0x01, 0x94, 0xd6, 0x57, 0x9e, 0x40, 0xd7, 0xb2, 0xa0, 0xf8, 0x6c, 0xfe, 0xb8, 0x11, + 0xc3, 0x23, 0x4c, 0xfc, 0xdb, 0x12, 0xac, 0xed, 0x5a, 0xe2, 0x1e, 0xe4, 0x84, 0x92, 0xdc, 0x55, + 0x68, 0xf9, 0x41, 0x6f, 0xec, 0xf6, 0x03, 0x9b, 0x48, 0x50, 0x20, 0x4f, 0xfa, 0x29, 0xfa, 0xbc, + 0xe4, 0xc7, 0x8d, 0x45, 0x31, 0x1b, 0xca, 0x0a, 0x57, 0x7c, 0xa3, 0x0f, 0xe0, 0xfc, 0x43, 0xf2, + 0xb9, 0x5c, 0xcf, 0xae, 0xed, 0xf6, 0x7a, 0x96, 0x63, 0x46, 0x42, 0xaa, 0x42, 0xc8, 0xec, 0x01, + 0x45, 0x50, 0xb1, 0x56, 0x08, 0x15, 0xb5, 0x9f, 0x29, 0xd0, 0x4a, 0xac, 0x26, 0xed, 0x7e, 0x33, + 0x8c, 0x8f, 0xd0, 0xea, 0x97, 0xd2, 0x56, 0xcf, 0x0f, 0xfd, 0xef, 0x43, 0x63, 0x25, 0x1d, 0x1a, + 0xff, 0x52, 0xe0, 0xec, 0xae, 0xc5, 0xa2, 0xa4, 0x64, 0xfd, 0xbf, 0xed, 0x60, 0x81, 0xbd, 0x2b, + 0xc5, 0xf6, 0xee, 0xc0, 0x46, 0x7e, 0xa1, 0xd2, 0xe8, 0x67, 0xa0, 0xca, 0x77, 0x3e, 0xba, 0x0f, + 0x08, 0x1b, 0xda, 0x6f, 0x6a, 0x70, 0xf1, 0x53, 0xda, 0xc7, 0x2c, 0xbe, 0xcf, 0xb9, 0xeb, 0x7a, + 0x07, 0xbc, 0xeb, 0x64, 0x2c, 0x94, 0x7b, 0x43, 0x2b, 0xcd, 0x7d, 0x43, 0x2b, 0xcf, 0x79, 0x43, + 0xab, 0x1c, 0xe9, 0x0d, 0xad, 0x7a, 0x62, 0x6f, 0x68, 0xd3, 0x35, 0x52, 0xad, 0xb0, 0x46, 0x7a, + 0x9a, 0xa9, 0x23, 0x96, 0x45, 0x48, 0x7c, 0x33, 0x1d, 0x12, 0x73, 0x77, 0x67, 0xee, 0xe5, 0x7f, + 0xee, 0xe9, 0xa9, 0xfe, 0xca, 0xa7, 0xa7, 0xc6, 0xf4, 0xd3, 0x53, 0xf1, 0xeb, 0x05, 0xcc, 0x7c, + 0xbd, 0xb8, 0x0c, 0xab, 0xfe, 0xc4, 0x31, 0x48, 0x3f, 0xbe, 0xe5, 0x6b, 0x86, 0xcb, 0xce, 0x52, + 0x33, 0xde, 0xbe, 0x92, 0xf3, 0xf6, 0xd8, 0x53, 0x4f, 0xa5, 0x3c, 0xf5, 0x7f, 0xa7, 0xa4, 0xb9, + 0x05, 0x9b, 0xb3, 0xf6, 0x44, 0x86, 0x9a, 0x0a, 0xcb, 0xc6, 0x10, 0x3b, 0xa6, 0xb8, 0x7c, 0x13, + 0x35, 0xb6, 0x6c, 0x6e, 0xff, 0x11, 0x60, 0x3d, 0xc1, 0xcf, 0xfc, 0xaf, 0x65, 0x10, 0xf4, 0x08, + 0x5a, 0xbb, 0xf2, 0x81, 0x3c, 0xba, 0xf6, 0x44, 0xf3, 0x5e, 0x1a, 0xda, 0x17, 0x8a, 0x3b, 0x43, + 0xf1, 0xda, 0x12, 0x32, 0xe0, 0x7c, 0x9e, 0x61, 0xf2, 0xa8, 0xf1, 0xf5, 0x39, 0x9c, 0xe3, 0x51, + 0xaf, 0x12, 0x71, 0x45, 0x41, 0x4f, 0x61, 0x35, 0x7b, 0xf5, 0x8e, 0x32, 0x80, 0xa2, 0xf0, 0x35, + 0xa0, 0xad, 0xcd, 0x1b, 0x12, 0xeb, 0xff, 0x8c, 0x6f, 0x75, 0xe6, 0x96, 0x19, 0x69, 0xd9, 0xda, + 0xba, 0xe8, 0x9e, 0xbe, 0xfd, 0xb5, 0xb9, 0x63, 0x62, 0xee, 0xef, 0x43, 0x3d, 0xba, 0x95, 0xcd, + 0x9a, 0x39, 0x77, 0x57, 0xdb, 0x6e, 0x65, 0xf9, 0x0d, 0x7c, 0x6d, 0x09, 0x7d, 0x18, 0x4e, 0xde, + 0xa1, 0xb4, 0x60, 0x72, 0xea, 0x2e, 0xb2, 0x7d, 0xba, 0xe0, 0xfe, 0x4f, 0x5b, 0x42, 0xdf, 0x86, + 0x26, 0xff, 0x3a, 0x90, 0x4f, 0xd3, 0x1b, 0x9d, 0xf0, 0x97, 0x10, 0x9d, 0xe8, 0x97, 0x10, 0x9d, + 0x3b, 0x63, 0xca, 0x26, 0xed, 0x82, 0x0b, 0x3a, 0xc9, 0xe0, 0x19, 0x9c, 0xda, 0x25, 0x2c, 0xa9, + 0xa7, 0xd1, 0xa5, 0x23, 0xdd, 0x3a, 0xb4, 0xb5, 0xfc, 0xb0, 0xe9, 0x92, 0x5c, 0x5b, 0x42, 0xbf, + 0x54, 0xe0, 0xf4, 0x2e, 0x61, 0xf9, 0x0a, 0x15, 0xbd, 0x53, 0x2c, 0x64, 0x46, 0x25, 0xdb, 0x7e, + 0xb8, 0x68, 0xdc, 0x65, 0xd9, 0x6a, 0x4b, 0xe8, 0x57, 0x0a, 0x9c, 0x4b, 0x29, 0x96, 0x2e, 0x39, + 0xd1, 0xf5, 0xf9, 0xca, 0x15, 0x94, 0xa7, 0xed, 0x4f, 0x16, 0xfc, 0xc5, 0x41, 0x8a, 0xa5, 0xb6, + 0x84, 0x0e, 0xc4, 0x9e, 0x24, 0x08, 0x13, 0x5d, 0x2c, 0x84, 0x92, 0xb1, 0xf4, 0xcd, 0x59, 0xdd, + 0xf1, 0x3e, 0x7c, 0x02, 0xcd, 0x5d, 0xc2, 0x22, 0x38, 0x94, 0xf5, 0xb4, 0x1c, 0x0a, 0xcd, 0x86, + 0x6a, 0x1e, 0x41, 0x09, 0x8f, 0x59, 0x0f, 0x79, 0xa5, 0x60, 0x41, 0x36, 0x56, 0x0b, 0xb1, 0x51, + 0xd6, 0x63, 0x8a, 0x51, 0x85, 0xb6, 0x84, 0x9e, 0xc3, 0x46, 0x71, 0x3a, 0x44, 0x6f, 0x1d, 0xf9, + 0x18, 0x6b, 0x5f, 0x3d, 0xca, 0xd0, 0x48, 0xe4, 0x47, 0x3b, 0x7f, 0x7d, 0xb9, 0xa9, 0xfc, 0xed, + 0xe5, 0xa6, 0xf2, 0xcf, 0x97, 0x9b, 0xca, 0xf7, 0x6f, 0xbc, 0xe2, 0x97, 0x49, 0xa9, 0x1f, 0x3b, + 0x61, 0x6a, 0x19, 0xb6, 0x45, 0x1c, 0xd6, 0xab, 0x89, 0x78, 0xbb, 0xf1, 0x9f, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xe7, 0xa3, 0xda, 0xab, 0x0b, 0x25, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -5328,6 +5337,16 @@ func (m *UpdateRevisionForPathsResponse) MarshalToSizedBuffer(dAtA []byte) (int, i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Changes { + i-- + if m.Changes { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x8 + } return len(dAtA) - i, nil } @@ -6311,6 +6330,9 @@ func (m *UpdateRevisionForPathsResponse) Size() (n int) { } var l int _ = l + if m.Changes { + n += 2 + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -12505,6 +12527,26 @@ func (m *UpdateRevisionForPathsResponse) Unmarshal(dAtA []byte) error { return fmt.Errorf("proto: UpdateRevisionForPathsResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { + case 1: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Changes", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRepository + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.Changes = bool(v != 0) default: iNdEx = preIndex skippy, err := skipRepository(dAtA[iNdEx:]) diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go index 1527c4b372c27..c656ddcc86961 100644 --- a/reposerver/repository/repository.go +++ b/reposerver/repository/repository.go @@ -2747,7 +2747,7 @@ func (s *Service) UpdateRevisionForPaths(_ context.Context, request *apiclient.U } logCtx.Debugf("changes found for application %s in repo %s from revision %s to revision %s", request.AppName, repo.Repo, syncedRevision, revision) - return &apiclient.UpdateRevisionForPathsResponse{}, nil + return &apiclient.UpdateRevisionForPathsResponse{Changes: true}, nil } func (s *Service) updateCachedRevision(logCtx *log.Entry, oldRev string, newRev string, request *apiclient.UpdateRevisionForPathsRequest, gitClientOpts git.ClientOpts) error { @@ -2758,8 +2758,10 @@ func (s *Service) updateCachedRevision(logCtx *log.Entry, oldRev string, newRev if err != nil { return fmt.Errorf("failed to get repo refs for application %s in repo %s from revision %s: %w", request.AppName, request.GetRepo().Repo, request.Revision, err) } + } - // Update revision in refSource + // Update revision in refSource + if request.HasMultipleSources && request.ApplicationSource.Helm != nil { for normalizedURL := range repoRefs { repoRefs[normalizedURL] = newRev } diff --git a/reposerver/repository/repository.proto b/reposerver/repository/repository.proto index f715ff8ce4c8c..5b96d6cd61bbb 100644 --- a/reposerver/repository/repository.proto +++ b/reposerver/repository/repository.proto @@ -276,6 +276,7 @@ message UpdateRevisionForPathsRequest { } message UpdateRevisionForPathsResponse { + bool changes = 1; } // ManifestService diff --git a/reposerver/repository/repository_test.go b/reposerver/repository/repository_test.go index f99ce611777c2..00a348fee21c9 100644 --- a/reposerver/repository/repository_test.go +++ b/reposerver/repository/repository_test.go @@ -123,8 +123,8 @@ func newServiceWithMocks(t *testing.T, root string, signed bool) (*Service, *git chart: {{Version: "1.0.0"}, {Version: version}}, oobChart: {{Version: "1.0.0"}, {Version: version}}, }}, nil) - helmClient.On("ExtractChart", chart, version, false, int64(0), false).Return("./testdata/my-chart", io.NopCloser, nil) - helmClient.On("ExtractChart", oobChart, version, false, int64(0), false).Return("./testdata2/out-of-bounds-chart", io.NopCloser, nil) + helmClient.On("ExtractChart", chart, version).Return("./testdata/my-chart", io.NopCloser, nil) + helmClient.On("ExtractChart", oobChart, version).Return("./testdata2/out-of-bounds-chart", io.NopCloser, nil) helmClient.On("CleanChartCache", chart, version).Return(nil) helmClient.On("CleanChartCache", oobChart, version).Return(nil) helmClient.On("DependencyBuild").Return(nil) @@ -205,7 +205,7 @@ func TestGenerateYamlManifestInDir(t *testing.T) { } // update this value if we add/remove manifests - const countOfManifests = 48 + const countOfManifests = 50 res1, err := service.GenerateManifest(context.Background(), &q) @@ -3570,7 +3570,9 @@ func TestUpdateRevisionForPaths(t *testing.T) { SyncedRevision: "SYNCEDHEAD", Paths: []string{"."}, }, - }, want: &apiclient.UpdateRevisionForPathsResponse{}, wantErr: assert.NoError}, + }, want: &apiclient.UpdateRevisionForPathsResponse{ + Changes: true, + }, wantErr: assert.NoError}, {name: "NoChangesUpdateCache", fields: func() fields { s, _, c := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { gitClient.On("Init").Return(nil) diff --git a/reposerver/server.go b/reposerver/server.go index e1d611801c3ec..5d280329deed3 100644 --- a/reposerver/server.go +++ b/reposerver/server.go @@ -70,13 +70,13 @@ func NewServer(metricsServer *metrics.MetricsServer, cache *reposervercache.Cach serverLog := log.NewEntry(log.StandardLogger()) streamInterceptors := []grpc.StreamServerInterceptor{ - otelgrpc.StreamServerInterceptor(), + otelgrpc.StreamServerInterceptor(), //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258 grpc_logrus.StreamServerInterceptor(serverLog), grpc_prometheus.StreamServerInterceptor, grpc_util.PanicLoggerStreamServerInterceptor(serverLog), } unaryInterceptors := []grpc.UnaryServerInterceptor{ - otelgrpc.UnaryServerInterceptor(), + otelgrpc.UnaryServerInterceptor(), //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258 grpc_logrus.UnaryServerInterceptor(serverLog), grpc_prometheus.UnaryServerInterceptor, grpc_util.PanicLoggerUnaryServerInterceptor(serverLog), diff --git a/resource_customizations/astra.netapp.io/AppVault/health.lua b/resource_customizations/astra.netapp.io/AppVault/health.lua deleted file mode 100644 index 7490ed2a89fd0..0000000000000 --- a/resource_customizations/astra.netapp.io/AppVault/health.lua +++ /dev/null @@ -1,13 +0,0 @@ -hs = { status = "Progressing", message = "No status available" } -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "available" or obj.status.state == "Available" then - hs.status = "Healthy" - hs.message = obj.kind .. " Available" - elseif obj.status.state == "failed" or obj.status.state == "Failed" then - hs.status = "Degraded" - hs.message = obj.kind .. " Failed" - end - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/AppVault/health_test.yaml b/resource_customizations/astra.netapp.io/AppVault/health_test.yaml deleted file mode 100644 index 03918c3ecaa56..0000000000000 --- a/resource_customizations/astra.netapp.io/AppVault/health_test.yaml +++ /dev/null @@ -1,13 +0,0 @@ -tests: - - healthStatus: - status: Progressing - message: "No status available" - inputPath: testdata/progressing_nostatus.yaml - - healthStatus: - status: Healthy - message: "AppVault Available" - inputPath: testdata/healthy.yaml - - healthStatus: - status: Degraded - message: "AppVault Failed" - inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/AppVault/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/AppVault/testdata/degraded.yaml deleted file mode 100644 index 0ece84574b9b2..0000000000000 --- a/resource_customizations/astra.netapp.io/AppVault/testdata/degraded.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: AppVault -metadata: - creationTimestamp: "2024-04-26T14:25:45Z" - generation: 1 - name: astra-gcp-backup-743cfd150129 - namespace: astra-connector - resourceVersion: "12094908" - uid: 12943b68-323a-4e8a-ba78-604da0801d11 -spec: - providerConfig: - bucketName: astra-gcp-backup-743cfd150129 - providerCredentials: - credentials: - valueFromSecret: - key: credentials.json - name: astra-gcp-backup-734ced050128-5rdt4 - providerType: gcp -status: - error: - 'failed to close GCP object "appVault.json" in bucket "astra-gcp-backup-743cfd150129": - googleapi: Error 404: The specified bucket does not exist., notFound' - state: failed diff --git a/resource_customizations/astra.netapp.io/AppVault/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/AppVault/testdata/healthy.yaml deleted file mode 100644 index 3ea713e8ef74e..0000000000000 --- a/resource_customizations/astra.netapp.io/AppVault/testdata/healthy.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: AppVault -metadata: - creationTimestamp: "2024-04-11T21:28:27Z" - generation: 1 - name: astra-gcp-backup-743cfd150129 - namespace: astra-connector - resourceVersion: "70908" - uid: d1b552b2-5d8e-467b-829b-1e6af7240400 -spec: - providerConfig: - bucketName: astra-gcp-backup-743cfd150129 - providerCredentials: - credentials: - valueFromSecret: - key: credentials.json - name: astra-gcp-backup-743cfd150129-5rdt4 - providerType: gcp -status: - state: available - uid: c708262e-3944-49bf-af96-ad1c3eb6cafb diff --git a/resource_customizations/astra.netapp.io/AppVault/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/AppVault/testdata/progressing_nostatus.yaml deleted file mode 100644 index d6987da72c348..0000000000000 --- a/resource_customizations/astra.netapp.io/AppVault/testdata/progressing_nostatus.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: AppVault -metadata: - creationTimestamp: "2024-04-26T14:25:45Z" - generation: 1 - name: astra-gcp-backup-743cfd150129 - namespace: astra-connector - resourceVersion: "12094608" - uid: 12943b68-323a-4e8a-ba78-604da0801d11 -spec: - providerConfig: - bucketName: astra-gcp-backup-743cfd150129 - providerCredentials: - credentials: - valueFromSecret: - key: credentials.json - name: astra-gcp-backup-734ced050128-5rdt4 - providerType: gcp diff --git a/resource_customizations/astra.netapp.io/Application/health.lua b/resource_customizations/astra.netapp.io/Application/health.lua deleted file mode 100644 index 967400d8819b0..0000000000000 --- a/resource_customizations/astra.netapp.io/Application/health.lua +++ /dev/null @@ -1,17 +0,0 @@ -hs = { status = "Progressing", message = "No status available" } -if obj.status ~= nil then - if obj.status.conditions ~= nil then - for _, condition in ipairs(obj.status.conditions) do - if condition.type == "Ready" and condition.status == "True" then - hs.status = "Healthy" - hs.message = "Astra Application Ready, protectionState: " .. obj.status.protectionState - return hs - elseif condition.type == "Ready" and condition.status == "False" then - hs.status = "Degraded" - hs.message = "Astra Application Degraded, message: " .. condition.message - return hs - end - end - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/Application/health_test.yaml b/resource_customizations/astra.netapp.io/Application/health_test.yaml deleted file mode 100644 index d1c2bc9b769cb..0000000000000 --- a/resource_customizations/astra.netapp.io/Application/health_test.yaml +++ /dev/null @@ -1,13 +0,0 @@ -tests: - - healthStatus: - status: Progressing - message: "No status available" - inputPath: testdata/progressing.yaml - - healthStatus: - status: Healthy - message: "Astra Application Ready, protectionState: protected" - inputPath: testdata/healthy.yaml - - healthStatus: - status: Degraded - message: "Astra Application Degraded, message: namespace wordpress is in terminating state" - inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/Application/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/Application/testdata/degraded.yaml deleted file mode 100644 index 9b25186fa9587..0000000000000 --- a/resource_customizations/astra.netapp.io/Application/testdata/degraded.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Application -metadata: - creationTimestamp: "2024-04-15T20:59:56Z" - finalizers: - - astra.netapp.io/finalizer - generation: 2 - name: wordpress - namespace: astra-connector - resourceVersion: "10484469" - uid: 5ab7cd7d-7a9b-4508-9da2-c7dcb10a69b3 -spec: - includedNamespaces: - - labelSelector: {} - namespace: wordpress -status: - conditions: - - lastTransitionTime: "2024-04-24T16:13:26Z" - message: namespace wordpress is in terminating state - reason: Ready - status: "False" - type: Ready - protectionState: partial - protectionStateDetails: - - Active backup schedule missing - - Application unavailable diff --git a/resource_customizations/astra.netapp.io/Application/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/Application/testdata/healthy.yaml deleted file mode 100644 index f42f84b1a60ae..0000000000000 --- a/resource_customizations/astra.netapp.io/Application/testdata/healthy.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Application -metadata: - creationTimestamp: "2024-04-15T20:46:16Z" - finalizers: - - astra.netapp.io/finalizer - generation: 3 - labels: - argocd.argoproj.io/instance: ghost-demo - name: ghost - namespace: astra-connector - resourceVersion: "3235325" - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 -spec: - includedNamespaces: - - namespace: ghost -status: - conditions: - - lastTransitionTime: "2024-04-15T20:46:16Z" - message: "" - reason: Ready - status: "True" - type: Ready - protectionState: protected diff --git a/resource_customizations/astra.netapp.io/Application/testdata/progressing.yaml b/resource_customizations/astra.netapp.io/Application/testdata/progressing.yaml deleted file mode 100644 index 64450c1aebc8a..0000000000000 --- a/resource_customizations/astra.netapp.io/Application/testdata/progressing.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Application -metadata: - creationTimestamp: "2024-04-15T20:46:16Z" - finalizers: - - astra.netapp.io/finalizer - generation: 3 - labels: - argocd.argoproj.io/instance: ghost-demo - name: ghost - namespace: astra-connector - resourceVersion: "3235325" - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 -spec: - includedNamespaces: - - namespace: ghost diff --git a/resource_customizations/astra.netapp.io/Backup/health.lua b/resource_customizations/astra.netapp.io/Backup/health.lua deleted file mode 100644 index 39de4ac74eb68..0000000000000 --- a/resource_customizations/astra.netapp.io/Backup/health.lua +++ /dev/null @@ -1,16 +0,0 @@ -hs = { status = "Progressing", message = "No status available" } -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "Completed" then - hs.status = "Healthy" - hs.message = obj.kind .. " Completed" - elseif obj.status.state == "Running" then - hs.status = "Progressing" - hs.message = obj.kind .. " Running" - else - hs.status = "Degraded" - hs.message = obj.status.state - end - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/Backup/health_test.yaml b/resource_customizations/astra.netapp.io/Backup/health_test.yaml deleted file mode 100644 index 56385a102f681..0000000000000 --- a/resource_customizations/astra.netapp.io/Backup/health_test.yaml +++ /dev/null @@ -1,17 +0,0 @@ -tests: - - healthStatus: - status: Progressing - message: "No status available" - inputPath: testdata/progressing_nostatus.yaml - - healthStatus: - status: Progressing - message: "Backup Running" - inputPath: testdata/progressing_status.yaml - - healthStatus: - status: Healthy - message: "Backup Completed" - inputPath: testdata/healthy.yaml - - healthStatus: - status: Degraded - message: "Failed" - inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/Backup/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/Backup/testdata/degraded.yaml deleted file mode 100644 index 8dbe9ca86c361..0000000000000 --- a/resource_customizations/astra.netapp.io/Backup/testdata/degraded.yaml +++ /dev/null @@ -1,79 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Backup -metadata: - creationTimestamp: "2024-04-24T19:54:18Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: backup-20240424193746 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "10641332" - uid: ad301b6a-6536-4313-89c1-d10ad0275430 -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost -status: - conditions: - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Successfully reconciled - reason: Done - status: "True" - type: SourceSnapshotExists - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: - "Source snapshot failed with permanent error: reconcile timeout of 1h0m0s - exceeded" - reason: Failed - status: "False" - type: SourceSnapshotCompleted - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: SnapshotAppArchiveCopied - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: PreBackupExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: VolumeBackupsCompleted - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: PostBackupExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: TemporarySnapshotCleanedUp - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: Completed - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailurePostBackupExecHooksRunCompleted - error: - "Source snapshot failed with permanent error: reconcile timeout of 1h0m0s - exceeded" - progress: {} - sourceSnapshotName: backup-ad301b6a-6536-4313-89c1-d10ad0275430 - state: Failed diff --git a/resource_customizations/astra.netapp.io/Backup/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/Backup/testdata/healthy.yaml deleted file mode 100644 index d3f32fbf93d20..0000000000000 --- a/resource_customizations/astra.netapp.io/Backup/testdata/healthy.yaml +++ /dev/null @@ -1,116 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Backup -metadata: - annotations: - astra.netapp.io/correlationid: 3c492b7e-8b1f-491a-af99-aa3fca9d54cf - created-by-astra-schedule-name: ghost-daily - created-by-astra-schedule-namespace: astra-connector - creationTimestamp: "2024-04-24T01:00:00Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - labels: - created-by-astra-schedule-uid: a2736922-6801-482c-a199-03ef8a3f35d7 - name: daily-a4587-20240424010000 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "9965658" - uid: d4b61932-5c8e-4310-82a5-37a0b671aa2d -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - snapshotRef: daily-a4587-20240424010000 -status: - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/backups/daily-a4587-20240424010000_d4b61932-5c8e-4310-82a5-37a0b671aa2d - completionTimestamp: "2024-04-24T01:02:30Z" - conditions: - - lastTransitionTime: "2024-04-24T01:00:00Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-24T01:00:00Z" - message: Successfully reconciled - reason: Done - status: "True" - type: SourceSnapshotExists - - lastTransitionTime: "2024-04-24T01:00:30Z" - message: Successfully reconciled - reason: Done - status: "True" - type: SourceSnapshotCompleted - - lastTransitionTime: "2024-04-24T01:00:33Z" - message: Successfully reconciled - reason: Done - status: "True" - type: SnapshotAppArchiveCopied - - lastTransitionTime: "2024-04-24T01:00:34Z" - message: Successfully reconciled - reason: Done - status: "True" - type: PreBackupExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T01:02:30Z" - message: Successfully reconciled - reason: Done - status: "True" - type: VolumeBackupsCompleted - - lastTransitionTime: "2024-04-24T01:02:30Z" - message: Successfully reconciled - reason: Done - status: "True" - type: PostBackupExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T01:02:30Z" - message: Successfully reconciled - reason: Done - status: "True" - type: TemporarySnapshotCleanedUp - - lastTransitionTime: "2024-04-24T01:02:31Z" - message: Successfully reconciled - reason: Done - status: "True" - type: Completed - - lastTransitionTime: "2024-04-24T01:00:00Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailurePostBackupExecHooksRunCompleted - postBackupExecHooksRunResults: [] - postSnapshotExecHooksRunResults: [] - preBackupExecHooksRunResults: [] - preSnapshotExecHooksRunResults: [] - progress: - volumeBackups: - - completionTimestamp: "2024-04-24T01:02:30Z" - pvcUid: b9ff9e05-5049-4862-82c6-dea080c2fe0d - resticRepositoryPath: gs:astra-gcp-backup-743cfd150129://ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/restic/ghost/ghost_b9ff9e05-5049-4862-82c6-dea080c2fe0d - resticSnapshotID: 5d066ee6e4626ec2e3eff50d766f080ba90b2339df5b9f7baf46c281d0763da6 - resticVolumeBackupCompleted: true - resticVolumeBackupCreated: true - sourceVolumeSnapshot: - name: snapshot-71804332-e19d-42a0-bc02-56bd606b9f66-pvc-b9ff9e05-5049-4862-82c6-dea080c2fe0d - namespace: ghost - volumeSnapshotContentCopyName: backup-d4b61932-5c8e-4310-82a5-37a0b671aa2d-vsc-ab718bad-fa67-4159-a761-6d1eb5de5330 - volumeSnapshotCopied: true - volumeSnapshotCopyDeleted: true - volumeSnapshotCopyName: backup-d4b61932-5c8e-4310-82a5-37a0b671aa2d-vs-d55f9b97-11e5-4fb7-89c0-a2559eba753d - volumeSnapshotCopyReadyToUse: true - - completionTimestamp: "2024-04-24T01:02:30Z" - pvcUid: 38c468b3-eed6-48f2-b43b-15083dd1c030 - resticRepositoryPath: gs:astra-gcp-backup-743cfd150129://ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/restic/ghost/mysql-pv-claim_38c468b3-eed6-48f2-b43b-15083dd1c030 - resticSnapshotID: dc601d5db3ed78823b134326c6cc9607f1636530783707eb8cd02a018b244e07 - resticVolumeBackupCompleted: true - resticVolumeBackupCreated: true - sourceVolumeSnapshot: - name: snapshot-71804332-e19d-42a0-bc02-56bd606b9f66-pvc-38c468b3-eed6-48f2-b43b-15083dd1c030 - namespace: ghost - volumeSnapshotContentCopyName: backup-d4b61932-5c8e-4310-82a5-37a0b671aa2d-vsc-df43df62-1501-406b-b7ba-90aafcd763d5 - volumeSnapshotCopied: true - volumeSnapshotCopyDeleted: true - volumeSnapshotCopyName: backup-d4b61932-5c8e-4310-82a5-37a0b671aa2d-vs-ecf680cf-1665-4320-9f84-c99911b48a2b - volumeSnapshotCopyReadyToUse: true - sourceSnapshotName: daily-a4587-20240424010000 - state: Completed diff --git a/resource_customizations/astra.netapp.io/Backup/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/Backup/testdata/progressing_nostatus.yaml deleted file mode 100644 index 9cc87d827cb11..0000000000000 --- a/resource_customizations/astra.netapp.io/Backup/testdata/progressing_nostatus.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Backup -metadata: - annotations: - astra.netapp.io/correlationid: 3c492b7e-8b1f-491a-af99-aa3fca9d54cf - created-by-astra-schedule-name: ghost-daily - created-by-astra-schedule-namespace: astra-connector - creationTimestamp: "2024-04-24T01:00:00Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - labels: - created-by-astra-schedule-uid: a2736922-6801-482c-a199-03ef8a3f35d7 - name: daily-a4587-20240424010000 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "9965658" - uid: d4b61932-5c8e-4310-82a5-37a0b671aa2d -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - snapshotRef: daily-a4587-20240424010000 diff --git a/resource_customizations/astra.netapp.io/Backup/testdata/progressing_status.yaml b/resource_customizations/astra.netapp.io/Backup/testdata/progressing_status.yaml deleted file mode 100644 index 38477b5a3f02c..0000000000000 --- a/resource_customizations/astra.netapp.io/Backup/testdata/progressing_status.yaml +++ /dev/null @@ -1,76 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Backup -metadata: - annotations: - astra.netapp.io/correlationid: cd272631-d0a8-4a61-9cde-6a7202074051 - creationTimestamp: "2024-04-24T19:39:34Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: backup-20240424193745 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "10599529" - uid: fea5520e-553c-400d-8539-e9d2bbe5b762 -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost -status: - conditions: - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Successfully reconciled - reason: Done - status: "True" - type: SourceSnapshotExists - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Waiting for source Snapshot to complete - reason: Waiting - status: "False" - type: SourceSnapshotCompleted - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: SnapshotAppArchiveCopied - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: PreBackupExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: VolumeBackupsCompleted - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: PostBackupExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: TemporarySnapshotCleanedUp - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: Completed - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailurePostBackupExecHooksRunCompleted - progress: {} - sourceSnapshotName: backup-fea5520e-553c-400d-8539-e9d2bbe5b762 - state: Running diff --git a/resource_customizations/astra.netapp.io/ExecHook/health.lua b/resource_customizations/astra.netapp.io/ExecHook/health.lua deleted file mode 100644 index 6d7389ccf0704..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHook/health.lua +++ /dev/null @@ -1,13 +0,0 @@ -hs = { status = "Progressing", message = "No status available" } -if obj.spec ~= nil then - if obj.spec.enabled ~= nil then - if obj.spec.enabled == true then - hs.status = "Healthy" - hs.message = obj.kind .. " enabled" - elseif obj.spec.enabled == false then - hs.status = "Suspended" - hs.message = obj.kind .. " disabled" - end - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/ExecHook/health_test.yaml b/resource_customizations/astra.netapp.io/ExecHook/health_test.yaml deleted file mode 100644 index abe46b3f6714e..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHook/health_test.yaml +++ /dev/null @@ -1,13 +0,0 @@ -tests: - - healthStatus: - status: Progressing - message: "No status available" - inputPath: testdata/progressing_nostatus.yaml - - healthStatus: - status: Healthy - message: "ExecHook enabled" - inputPath: testdata/healthy.yaml - - healthStatus: - status: Suspended - message: "ExecHook disabled" - inputPath: testdata/suspended.yaml diff --git a/resource_customizations/astra.netapp.io/ExecHook/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/ExecHook/testdata/healthy.yaml deleted file mode 100644 index fd0e7ad1af15b..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHook/testdata/healthy.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ExecHook -metadata: - creationTimestamp: "2024-04-25T14:17:52Z" - generation: 1 - labels: - argocd.argoproj.io/instance: ghost-demo - name: pre-snapshot - namespace: astra-connector - resourceVersion: "11239151" - uid: 105679e3-4acc-4618-a3c2-53e0e5949f65 -spec: - action: snapshot - applicationRef: ghost - arguments: - - pre - enabled: true - hookSource: IyEvYmluL3NoCgojCiMgc3VjY2Vzc19zYW1wbGUuc2gKIwojIEEgc2ltcGxlIG5vb3Agc3VjY2VzcyBob29rIHNjcmlwdCBmb3IgdGVzdGluZyBwdXJwb3Nlcy4KIwojIGFyZ3M6IE5vbmUKIwoKCiMKIyBXcml0ZXMgdGhlIGdpdmVuIG1lc3NhZ2UgdG8gc3RhbmRhcmQgb3V0cHV0CiMKIyAkKiAtIFRoZSBtZXNzYWdlIHRvIHdyaXRlCiMKbXNnKCkgewogICAgZWNobyAiJCoiCn0KCgojCiMgV3JpdGVzIHRoZSBnaXZlbiBpbmZvcm1hdGlvbiBtZXNzYWdlIHRvIHN0YW5kYXJkIG91dHB1dAojCiMgJCogLSBUaGUgbWVzc2FnZSB0byB3cml0ZQojCmluZm8oKSB7CiAgICBtc2cgIklORk86ICQqIgp9CgojCiMgV3JpdGVzIHRoZSBnaXZlbiBlcnJvciBtZXNzYWdlIHRvIHN0YW5kYXJkIGVycm9yCiMKIyAkKiAtIFRoZSBtZXNzYWdlIHRvIHdyaXRlCiMKZXJyb3IoKSB7CiAgICBtc2cgIkVSUk9SOiAkKiIgMT4mMgp9CgoKIwojIG1haW4KIwoKIyBsb2cgc29tZXRoaW5nIHRvIHN0ZG91dAppbmZvICJydW5uaW5nIHN1Y2Nlc3Nfc2FtcGxlLnNoIgoKIyBleGl0IHdpdGggMCB0byBpbmRpY2F0ZSBzdWNjZXNzIAppbmZvICJleGl0IDAiCmV4aXQgMA== - matchingCriteria: - - type: containerImage - value: mysql - stage: pre - timeout: 25 diff --git a/resource_customizations/astra.netapp.io/ExecHook/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/ExecHook/testdata/progressing_nostatus.yaml deleted file mode 100644 index ba5af3f288bf4..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHook/testdata/progressing_nostatus.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ExecHook -metadata: - creationTimestamp: "2024-04-25T14:17:52Z" - generation: 3 - labels: - argocd.argoproj.io/instance: ghost-demo - name: pre-snapshot - namespace: astra-connector - resourceVersion: "11342335" - uid: 105679e3-4acc-4618-a3c2-53e0e5949f65 -spec: - action: snapshot - applicationRef: ghost - arguments: - - pre - hookSource: IyEvYmluL3NoCgojCiMgc3VjY2Vzc19zYW1wbGUuc2gKIwojIEEgc2ltcGxlIG5vb3Agc3VjY2VzcyBob29rIHNjcmlwdCBmb3IgdGVzdGluZyBwdXJwb3Nlcy4KIwojIGFyZ3M6IE5vbmUKIwoKCiMKIyBXcml0ZXMgdGhlIGdpdmVuIG1lc3NhZ2UgdG8gc3RhbmRhcmQgb3V0cHV0CiMKIyAkKiAtIFRoZSBtZXNzYWdlIHRvIHdyaXRlCiMKbXNnKCkgewogICAgZWNobyAiJCoiCn0KCgojCiMgV3JpdGVzIHRoZSBnaXZlbiBpbmZvcm1hdGlvbiBtZXNzYWdlIHRvIHN0YW5kYXJkIG91dHB1dAojCiMgJCogLSBUaGUgbWVzc2FnZSB0byB3cml0ZQojCmluZm8oKSB7CiAgICBtc2cgIklORk86ICQqIgp9CgojCiMgV3JpdGVzIHRoZSBnaXZlbiBlcnJvciBtZXNzYWdlIHRvIHN0YW5kYXJkIGVycm9yCiMKIyAkKiAtIFRoZSBtZXNzYWdlIHRvIHdyaXRlCiMKZXJyb3IoKSB7CiAgICBtc2cgIkVSUk9SOiAkKiIgMT4mMgp9CgoKIwojIG1haW4KIwoKIyBsb2cgc29tZXRoaW5nIHRvIHN0ZG91dAppbmZvICJydW5uaW5nIHN1Y2Nlc3Nfc2FtcGxlLnNoIgoKIyBleGl0IHdpdGggMCB0byBpbmRpY2F0ZSBzdWNjZXNzIAppbmZvICJleGl0IDAiCnNsZWVwIDMwMApleGl0IDA= - matchingCriteria: - - type: containerImage - value: mysql - stage: pre - timeout: 25 diff --git a/resource_customizations/astra.netapp.io/ExecHook/testdata/suspended.yaml b/resource_customizations/astra.netapp.io/ExecHook/testdata/suspended.yaml deleted file mode 100644 index 607b3df616164..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHook/testdata/suspended.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ExecHook -metadata: - creationTimestamp: "2024-04-25T14:17:52Z" - generation: 3 - labels: - argocd.argoproj.io/instance: ghost-demo - name: pre-snapshot - namespace: astra-connector - resourceVersion: "11342335" - uid: 105679e3-4acc-4618-a3c2-53e0e5949f65 -spec: - action: snapshot - applicationRef: ghost - arguments: - - pre - enabled: false - hookSource: IyEvYmluL3NoCgojCiMgc3VjY2Vzc19zYW1wbGUuc2gKIwojIEEgc2ltcGxlIG5vb3Agc3VjY2VzcyBob29rIHNjcmlwdCBmb3IgdGVzdGluZyBwdXJwb3Nlcy4KIwojIGFyZ3M6IE5vbmUKIwoKCiMKIyBXcml0ZXMgdGhlIGdpdmVuIG1lc3NhZ2UgdG8gc3RhbmRhcmQgb3V0cHV0CiMKIyAkKiAtIFRoZSBtZXNzYWdlIHRvIHdyaXRlCiMKbXNnKCkgewogICAgZWNobyAiJCoiCn0KCgojCiMgV3JpdGVzIHRoZSBnaXZlbiBpbmZvcm1hdGlvbiBtZXNzYWdlIHRvIHN0YW5kYXJkIG91dHB1dAojCiMgJCogLSBUaGUgbWVzc2FnZSB0byB3cml0ZQojCmluZm8oKSB7CiAgICBtc2cgIklORk86ICQqIgp9CgojCiMgV3JpdGVzIHRoZSBnaXZlbiBlcnJvciBtZXNzYWdlIHRvIHN0YW5kYXJkIGVycm9yCiMKIyAkKiAtIFRoZSBtZXNzYWdlIHRvIHdyaXRlCiMKZXJyb3IoKSB7CiAgICBtc2cgIkVSUk9SOiAkKiIgMT4mMgp9CgoKIwojIG1haW4KIwoKIyBsb2cgc29tZXRoaW5nIHRvIHN0ZG91dAppbmZvICJydW5uaW5nIHN1Y2Nlc3Nfc2FtcGxlLnNoIgoKIyBleGl0IHdpdGggMCB0byBpbmRpY2F0ZSBzdWNjZXNzIAppbmZvICJleGl0IDAiCnNsZWVwIDMwMApleGl0IDA= - matchingCriteria: - - type: containerImage - value: mysql - stage: pre - timeout: 25 diff --git a/resource_customizations/astra.netapp.io/ExecHooksRun/health.lua b/resource_customizations/astra.netapp.io/ExecHooksRun/health.lua deleted file mode 100644 index 39de4ac74eb68..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHooksRun/health.lua +++ /dev/null @@ -1,16 +0,0 @@ -hs = { status = "Progressing", message = "No status available" } -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "Completed" then - hs.status = "Healthy" - hs.message = obj.kind .. " Completed" - elseif obj.status.state == "Running" then - hs.status = "Progressing" - hs.message = obj.kind .. " Running" - else - hs.status = "Degraded" - hs.message = obj.status.state - end - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/ExecHooksRun/health_test.yaml b/resource_customizations/astra.netapp.io/ExecHooksRun/health_test.yaml deleted file mode 100644 index 52b629e5e7013..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHooksRun/health_test.yaml +++ /dev/null @@ -1,17 +0,0 @@ -tests: - - healthStatus: - status: Progressing - message: "No status available" - inputPath: testdata/progressing_nostatus.yaml - - healthStatus: - status: Progressing - message: "ExecHooksRun Running" - inputPath: testdata/progressing_status.yaml - - healthStatus: - status: Healthy - message: "ExecHooksRun Completed" - inputPath: testdata/healthy.yaml - - healthStatus: - status: Degraded - message: "Failed" - inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/degraded.yaml deleted file mode 100644 index d8822c311f449..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/degraded.yaml +++ /dev/null @@ -1,71 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ExecHooksRun -metadata: - annotations: - astra.netapp.io/correlationid: 1c47a636-f819-43f3-baee-054793424bb5 - creationTimestamp: "2024-04-25T17:00:50Z" - generation: 1 - name: post-snapshot-073d13d7-4a0c-4c5e-914f-331ef6d00de2 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Snapshot - name: argo-presync-20240425163524 - uid: 073d13d7-4a0c-4c5e-914f-331ef6d00de2 - resourceVersion: "11335239" - uid: 9bfcda95-2731-47dc-8eb2-6e83ae19da00 -spec: - action: snapshot - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240425163526_argo-presync-20240425163524_073d13d7-4a0c-4c5e-914f-331ef6d00de2 - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - completionTimeout: 0s - resourceFilter: {} - stage: post -status: - completionTimestamp: "2024-04-25T17:00:56Z" - conditions: - - lastTransitionTime: "2024-04-25T17:00:50Z" - message: failed to get application archive - reason: Done - status: "False" - type: RetrievedMatchingContainers - - lastTransitionTime: "2024-04-25T17:00:50Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: WaitForReadiness - - lastTransitionTime: "2024-04-25T17:00:56Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: ProcessMatchingContainers - - lastTransitionTime: "2024-04-25T17:00:56Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: ArchiveExecHooksUsed - - lastTransitionTime: "2024-04-25T17:00:56Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: Completed - - lastTransitionTime: "2024-04-25T17:00:50Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailureArchiveExecHooksUsed - matchingContainers: - - completionTimestamp: "2024-04-25T17:00:56Z" - containerImage: docker.io/bitnami/mysql:8.0.32-debian-11-r8 - containerName: mysql - execHookRef: post-snapshot - execHookUID: 2cafb1b4-2575-426c-8102-29437ebee48b - jobName: ehr-47223ea8dd0115ca18a986c77380aeb3 - namespace: ghost - podName: ghost-mysql-5bfb6bc8f5-stw4w - podUID: 15ddfce0-1565-4574-89a6-80662450aedd - startTimestamp: "2024-04-25T17:00:50Z" - state: Failed diff --git a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/healthy.yaml deleted file mode 100644 index 0d237f0eb75a5..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/healthy.yaml +++ /dev/null @@ -1,71 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ExecHooksRun -metadata: - annotations: - astra.netapp.io/correlationid: 1c47a636-f819-43f3-baee-054793424bb5 - creationTimestamp: "2024-04-25T17:00:50Z" - generation: 1 - name: post-snapshot-073d13d7-4a0c-4c5e-914f-331ef6d00de2 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Snapshot - name: argo-presync-20240425163524 - uid: 073d13d7-4a0c-4c5e-914f-331ef6d00de2 - resourceVersion: "11335239" - uid: 9bfcda95-2731-47dc-8eb2-6e83ae19da00 -spec: - action: snapshot - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240425163526_argo-presync-20240425163524_073d13d7-4a0c-4c5e-914f-331ef6d00de2 - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - completionTimeout: 0s - resourceFilter: {} - stage: post -status: - completionTimestamp: "2024-04-25T17:00:56Z" - conditions: - - lastTransitionTime: "2024-04-25T17:00:50Z" - message: Found 1 matching container/exechook pairs - reason: Done - status: "True" - type: RetrievedMatchingContainers - - lastTransitionTime: "2024-04-25T17:00:50Z" - message: Wait only needed on a restore - reason: Done - status: "True" - type: WaitForReadiness - - lastTransitionTime: "2024-04-25T17:00:56Z" - message: Successfully reconciled - reason: Done - status: "True" - type: ProcessMatchingContainers - - lastTransitionTime: "2024-04-25T17:00:56Z" - message: Successfully reconciled - reason: Done - status: "True" - type: ArchiveExecHooksUsed - - lastTransitionTime: "2024-04-25T17:00:56Z" - message: Successfully reconciled - reason: Done - status: "True" - type: Completed - - lastTransitionTime: "2024-04-25T17:00:50Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailureArchiveExecHooksUsed - matchingContainers: - - completionTimestamp: "2024-04-25T17:00:56Z" - containerImage: docker.io/bitnami/mysql:8.0.32-debian-11-r8 - containerName: mysql - execHookRef: post-snapshot - execHookUID: 2cafb1b4-2575-426c-8102-29437ebee48b - jobName: ehr-47223ea8dd0115ca18a986c77380aeb3 - namespace: ghost - podName: ghost-mysql-5bfb6bc8f5-stw4w - podUID: 15ddfce0-1565-4574-89a6-80662450aedd - startTimestamp: "2024-04-25T17:00:50Z" - state: Completed diff --git a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_nostatus.yaml deleted file mode 100644 index 4d3b6704d4d20..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_nostatus.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ExecHooksRun -metadata: - annotations: - astra.netapp.io/correlationid: 1c47a636-f819-43f3-baee-054793424bb5 - creationTimestamp: "2024-04-25T16:35:34Z" - generation: 1 - name: pre-snapshot-073d13d7-4a0c-4c5e-914f-331ef6d00de2 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Snapshot - name: argo-presync-20240425163524 - uid: 073d13d7-4a0c-4c5e-914f-331ef6d00de2 - resourceVersion: "11320392" - uid: 064199e2-d540-4628-b4ec-5b417bb85128 -spec: - action: snapshot - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240425163526_argo-presync-20240425163524_073d13d7-4a0c-4c5e-914f-331ef6d00de2 - appVaultRef: astra-gcp-backup-734ced050128 - applicationRef: ghost - completionTimeout: 0s - resourceFilter: {} - stage: pre diff --git a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_status.yaml b/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_status.yaml deleted file mode 100644 index 44578700d61dd..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_status.yaml +++ /dev/null @@ -1,69 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ExecHooksRun -metadata: - annotations: - astra.netapp.io/correlationid: 1c47a636-f819-43f3-baee-054793424bb5 - creationTimestamp: "2024-04-25T16:35:34Z" - generation: 1 - name: pre-snapshot-073d13d7-4a0c-4c5e-914f-331ef6d00de2 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Snapshot - name: argo-presync-20240425163524 - uid: 073d13d7-4a0c-4c5e-914f-331ef6d00de2 - resourceVersion: "11320407" - uid: 064199e2-d540-4628-b4ec-5b417bb85128 -spec: - action: snapshot - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240425163526_argo-presync-20240425163524_073d13d7-4a0c-4c5e-914f-331ef6d00de2 - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - completionTimeout: 0s - resourceFilter: {} - stage: pre -status: - conditions: - - lastTransitionTime: "2024-04-25T16:35:34Z" - message: Found 1 matching container/exechook pairs - reason: Done - status: "True" - type: RetrievedMatchingContainers - - lastTransitionTime: "2024-04-25T16:35:34Z" - message: Wait only needed on a restore - reason: Done - status: "True" - type: WaitForReadiness - - lastTransitionTime: "2024-04-25T16:35:34Z" - message: Waiting - reason: Waiting - status: "False" - type: ProcessMatchingContainers - - lastTransitionTime: "2024-04-25T16:35:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: ArchiveExecHooksUsed - - lastTransitionTime: "2024-04-25T16:35:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: Completed - - lastTransitionTime: "2024-04-25T16:35:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailureArchiveExecHooksUsed - matchingContainers: - - containerImage: docker.io/bitnami/mysql:8.0.32-debian-11-r8 - containerName: mysql - execHookRef: pre-snapshot - execHookUID: 105679e3-4acc-4618-a3c2-53e0e5949f65 - jobName: ehr-ea0e89c8221790b54e94b4ac937aeac2 - namespace: ghost - podName: ghost-mysql-5bfb6bc8f5-stw4w - podUID: 15ddfce0-1565-4574-89a6-80662450aedd - startTimestamp: "2024-04-25T16:35:34Z" - state: Running diff --git a/resource_customizations/astra.netapp.io/ResourceBackup/health.lua b/resource_customizations/astra.netapp.io/ResourceBackup/health.lua deleted file mode 100644 index 39de4ac74eb68..0000000000000 --- a/resource_customizations/astra.netapp.io/ResourceBackup/health.lua +++ /dev/null @@ -1,16 +0,0 @@ -hs = { status = "Progressing", message = "No status available" } -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "Completed" then - hs.status = "Healthy" - hs.message = obj.kind .. " Completed" - elseif obj.status.state == "Running" then - hs.status = "Progressing" - hs.message = obj.kind .. " Running" - else - hs.status = "Degraded" - hs.message = obj.status.state - end - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/ResourceBackup/health_test.yaml b/resource_customizations/astra.netapp.io/ResourceBackup/health_test.yaml deleted file mode 100644 index 21668ca2006eb..0000000000000 --- a/resource_customizations/astra.netapp.io/ResourceBackup/health_test.yaml +++ /dev/null @@ -1,17 +0,0 @@ -tests: - - healthStatus: - status: Progressing - message: "No status available" - inputPath: testdata/progressing_nostatus.yaml - - healthStatus: - status: Progressing - message: "ResourceBackup Running" - inputPath: testdata/progressing_status.yaml - - healthStatus: - status: Healthy - message: "ResourceBackup Completed" - inputPath: testdata/healthy.yaml - - healthStatus: - status: Degraded - message: "Error" - inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/ResourceBackup/testdata/degraded.yaml deleted file mode 100644 index dc8bcd087f06c..0000000000000 --- a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/degraded.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ResourceBackup -metadata: - annotations: - astra.netapp.io/correlationid: 6094b54d-b02b-475a-b5db-136729841240 - creationTimestamp: "2024-04-24T19:54:19Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: snapshot-7b0d4f5e-53d0-4742-adec-15ef5d527865 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Snapshot - name: backup-ad301b6a-6536-4313-89c1-d10ad0275430 - uid: 7b0d4f5e-53d0-4742-adec-15ef5d527865 - resourceVersion: "10608354" - uid: 9f8505a1-29ac-4755-92b5-536e6d825c35 -spec: - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424195419_backup-ad301b6a-6536-4313-89c1-d10ad0275430_7b0d4f5e-53d0-4742-adec-15ef5d527865 - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost -status: - conditions: - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: - 'unable to fetch appVault: AppVault.astra.netapp.io "astra-gcp-backup-743cfd150129" - not found' - reason: Error - status: "False" - type: JobCreated - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: JobCompleted - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: JobCleanedUp - error: - 'unable to fetch appVault: AppVault.astra.netapp.io "astra-gcp-backup-743cfd150129" - not found' - state: Error diff --git a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/ResourceBackup/testdata/healthy.yaml deleted file mode 100644 index 047ccbf583b5a..0000000000000 --- a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/healthy.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ResourceBackup -metadata: - annotations: - astra.netapp.io/correlationid: 5b89a58c-9b7c-42e8-b426-c8f863e88f41 - creationTimestamp: "2024-04-18T02:00:00Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: snapshot-0b1c9d28-33bd-45ce-b75b-2a45721e7218 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Snapshot - name: daily-02c95-20240418020000 - uid: 0b1c9d28-33bd-45ce-b75b-2a45721e7218 - resourceVersion: "5060306" - uid: 28c08689-2f8d-4b1e-bfa4-ac8c8795adff -spec: - appArchivePath: wordpress_5ab7cd7d-7a9b-4508-9da2-c7dcb10a69b3/snapshots/20240418020000_daily-02c95-20240418020000_0b1c9d28-33bd-45ce-b75b-2a45721e7218 - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: wordpress -status: - appArchivePath: wordpress_5ab7cd7d-7a9b-4508-9da2-c7dcb10a69b3/snapshots/20240418020000_daily-02c95-20240418020000_0b1c9d28-33bd-45ce-b75b-2a45721e7218 - completionTimestamp: "2024-04-18T02:00:09Z" - conditions: - - lastTransitionTime: "2024-04-18T02:00:00Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-18T02:00:00Z" - message: Successfully reconciled - reason: Done - status: "True" - type: JobCreated - - lastTransitionTime: "2024-04-18T02:00:09Z" - message: Successfully reconciled - reason: Done - status: "True" - type: JobCompleted - - lastTransitionTime: "2024-04-18T02:00:10Z" - message: Successfully reconciled - reason: Done - status: "True" - type: JobCleanedUp - state: Completed diff --git a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_nostatus.yaml deleted file mode 100644 index e4e5f9f6512d5..0000000000000 --- a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_nostatus.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ResourceBackup -metadata: - annotations: - astra.netapp.io/correlationid: ee3baf3b-c470-486f-a327-47a6eada0722 - creationTimestamp: "2024-04-24T21:30:21Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: snapshot-0796d78d-e751-4835-a0d4-be61b9f9076a - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Snapshot - name: argo-presync-20240424213020 - uid: 0796d78d-e751-4835-a0d4-be61b9f9076a - resourceVersion: "10661760" - uid: 6ed660f0-95be-4369-b548-15cb094a44c2 -spec: - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424213020_argo-presync-20240424213020_0796d78d-e751-4835-a0d4-be61b9f9076a - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost diff --git a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_status.yaml b/resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_status.yaml deleted file mode 100644 index ba27f3627f798..0000000000000 --- a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_status.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ResourceBackup -metadata: - annotations: - astra.netapp.io/correlationid: ee3baf3b-c470-486f-a327-47a6eada0722 - creationTimestamp: "2024-04-24T21:30:21Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: snapshot-0796d78d-e751-4835-a0d4-be61b9f9076a - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Snapshot - name: argo-presync-20240424213020 - uid: 0796d78d-e751-4835-a0d4-be61b9f9076a - resourceVersion: "10661760" - uid: 6ed660f0-95be-4369-b548-15cb094a44c2 -spec: - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424213020_argo-presync-20240424213020_0796d78d-e751-4835-a0d4-be61b9f9076a - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost -status: - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424213020_argo-presync-20240424213020_0796d78d-e751-4835-a0d4-be61b9f9076a - conditions: - - lastTransitionTime: "2024-04-24T21:30:21Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-24T21:30:21Z" - message: Successfully reconciled - reason: Done - status: "True" - type: JobCreated - - lastTransitionTime: "2024-04-24T21:30:21Z" - message: waiting for resource backup job to complete - reason: Waiting - status: "False" - type: JobCompleted - - lastTransitionTime: "2024-04-24T21:30:21Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: JobCleanedUp - state: Running diff --git a/resource_customizations/astra.netapp.io/ResticVolumeBackup/health.lua b/resource_customizations/astra.netapp.io/ResticVolumeBackup/health.lua deleted file mode 100644 index 39de4ac74eb68..0000000000000 --- a/resource_customizations/astra.netapp.io/ResticVolumeBackup/health.lua +++ /dev/null @@ -1,16 +0,0 @@ -hs = { status = "Progressing", message = "No status available" } -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "Completed" then - hs.status = "Healthy" - hs.message = obj.kind .. " Completed" - elseif obj.status.state == "Running" then - hs.status = "Progressing" - hs.message = obj.kind .. " Running" - else - hs.status = "Degraded" - hs.message = obj.status.state - end - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/ResticVolumeBackup/health_test.yaml b/resource_customizations/astra.netapp.io/ResticVolumeBackup/health_test.yaml deleted file mode 100644 index 2038e85656a2f..0000000000000 --- a/resource_customizations/astra.netapp.io/ResticVolumeBackup/health_test.yaml +++ /dev/null @@ -1,17 +0,0 @@ -tests: - - healthStatus: - status: Progressing - message: "No status available" - inputPath: testdata/progressing_nostatus.yaml - - healthStatus: - status: Progressing - message: "ResticVolumeBackup Running" - inputPath: testdata/progressing_status.yaml - - healthStatus: - status: Healthy - message: "ResticVolumeBackup Completed" - inputPath: testdata/healthy.yaml - - healthStatus: - status: Degraded - message: "Failed" - inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/degraded.yaml deleted file mode 100644 index dd1e080791b2a..0000000000000 --- a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/degraded.yaml +++ /dev/null @@ -1,99 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ResticVolumeBackup -metadata: - annotations: - astra.netapp.io/correlationid: 26d34f64-38cc-4775-881d-a2fa12437f4b - creationTimestamp: "2024-04-17T13:50:44Z" - deletionGracePeriodSeconds: 0 - deletionTimestamp: "2024-04-17T14:51:28Z" - finalizers: - - astra.netapp.io/finalizer - generation: 2 - name: backup-8f2ae7bd-82fc-4b4f-a22d-d08edc2e4e27-vs-54c8ec7f-42e8-48aa-b347-d4acab7b877b - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Backup - name: hourly-acde9-20240417135000 - uid: 8f2ae7bd-82fc-4b4f-a22d-d08edc2e4e27 - resourceVersion: "4675672" - uid: ba90a4f7-a68f-4978-bc04-86902281adc2 -spec: - clonePVC: - metadata: {} - spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 100Gi - storageClassName: netapp-cvs-perf-premium - dataSourceRef: - apiGroup: snapshot.storage.k8s.io - kind: VolumeSnapshot - name: backup-8f2ae7bd-82fc-4b4f-a22d-d08edc2e4e27-vs-54c8ec7f-42e8-48aa-b347-d4acab7b877b - resticEnv: - - name: GOOGLE_PROJECT_ID - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4/credentials.json - - name: RESTIC_PASSWORD - value: password - resticRepository: gs:astra-gcp-backup-743cfd150129://ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/restic/ghost/ghost_b9ff9e05-5049-4862-82c6-dea080c2fe0d - resticVolumeMounts: - - mount: - mountPath: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4 - name: secret-astra-gcp-backup-743cfd150129-5rdt4 - readOnly: true - source: - items: - - key: credentials.json - path: credentials.json - secretName: astra-gcp-backup-743cfd150129-5rdt4 -status: - clonePVCName: restic-volume-backup-ba90a4f7-a68f-4978-bc04-86902281adc2 - clonePVName: "" - conditions: - - lastTransitionTime: "2024-04-17T13:50:44Z" - message: Successfully reconciled - reason: Done - status: "True" - type: SourcePVCExists - - lastTransitionTime: "2024-04-17T13:50:44Z" - message: Successfully reconciled - reason: Done - status: "True" - type: ResticJobCreated - - lastTransitionTime: "2024-04-17T13:50:44Z" - message: - "restic job restic-volume-backup-ba90a4f7-a68f-4978-bc04-86902281adc2 - failed: permanent error" - reason: Failed - status: "False" - type: ResticJobCompleted - - lastTransitionTime: "2024-04-17T13:50:44Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: ResticJobCleanedUp - - lastTransitionTime: "2024-04-17T13:50:44Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: TemporaryPVCCloneCleanedUp - - lastTransitionTime: "2024-04-17T13:50:44Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: TemporaryPVCloneCleanedUp - - lastTransitionTime: "2024-04-17T13:50:44Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: Completed - error: - "restic job restic-volume-backup-ba90a4f7-a68f-4978-bc04-86902281adc2 failed: - permanent error" - resticJobName: restic-volume-backup-ba90a4f7-a68f-4978-bc04-86902281adc2 - state: Failed diff --git a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/healthy.yaml deleted file mode 100644 index 55d5fdf49055e..0000000000000 --- a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/healthy.yaml +++ /dev/null @@ -1,94 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ResticVolumeBackup -metadata: - annotations: - astra.netapp.io/correlationid: 2d54c3e9-2b18-4ce9-958e-4c307619e4e7 - creationTimestamp: "2024-04-25T20:30:15Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: backup-40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14-vs-78b36b0d-52db-4b24-afe4-ceec56209bbb - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Backup - name: hourly-acde9-20240425195000 - uid: 40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14 - resourceVersion: "11460297" - uid: f3424a57-862e-4609-88ce-e534a655a5d6 -spec: - clonePVC: - metadata: {} - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - storageClassName: netapp-cvs-perf-premium - dataSourceRef: - apiGroup: snapshot.storage.k8s.io - kind: VolumeSnapshot - name: backup-40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14-vs-78b36b0d-52db-4b24-afe4-ceec56209bbb - resticEnv: - - name: GOOGLE_PROJECT_ID - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4/credentials.json - - name: RESTIC_PASSWORD - value: password - resticRepository: gs:astra-gcp-backup-743cfd150129://ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/restic/ghost/mysql-pv-claim_5749beb5-e09a-4286-8cb4-1af9750f6929 - resticVolumeMounts: - - mount: - mountPath: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4 - name: secret-astra-gcp-backup-743cfd150129-5rdt4 - readOnly: true - source: - items: - - key: credentials.json - path: credentials.json - secretName: astra-gcp-backup-743cfd150129-5rdt4 -status: - clonePVCName: restic-volume-backup-f3424a57-862e-4609-88ce-e534a655a5d6 - clonePVName: pvc-90470af6-7d44-4500-80c1-99f925193654 - completionTimestamp: "2024-04-25T20:31:57Z" - conditions: - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Successfully reconciled - reason: Done - status: "True" - type: SourcePVCExists - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Successfully reconciled - reason: Done - status: "True" - type: ResticJobCreated - - lastTransitionTime: "2024-04-25T20:30:54Z" - message: Successfully reconciled - reason: Done - status: "True" - type: ResticJobCompleted - - lastTransitionTime: "2024-04-25T20:30:54Z" - message: Successfully reconciled - reason: Done - status: "True" - type: ResticJobCleanedUp - - lastTransitionTime: "2024-04-25T20:30:54Z" - message: Successfully reconciled - reason: Done - status: "True" - type: TemporaryPVCCloneCleanedUp - - lastTransitionTime: "2024-04-25T20:31:57Z" - message: Successfully reconciled - reason: Done - status: "True" - type: TemporaryPVCloneCleanedUp - - lastTransitionTime: "2024-04-25T20:31:57Z" - message: Successfully reconciled - reason: Done - status: "True" - type: Completed - resticJobName: restic-volume-backup-f3424a57-862e-4609-88ce-e534a655a5d6 - resticSnapshotID: 88c5684cf3e0cd73e57d96f11d20b1c6b03c913cf574cb73cb40da95078d6694 - state: Completed diff --git a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_nostatus.yaml deleted file mode 100644 index b622e552015f1..0000000000000 --- a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_nostatus.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ResticVolumeBackup -metadata: - creationTimestamp: "2024-04-25T20:30:15Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: backup-40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14-vs-78b36b0d-52db-4b24-afe4-ceec56209bbb - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Backup - name: hourly-acde9-20240425195000 - uid: 40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14 - resourceVersion: "11459172" - uid: f3424a57-862e-4609-88ce-e534a655a5d6 -spec: - clonePVC: - metadata: {} - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - storageClassName: netapp-cvs-perf-premium - dataSourceRef: - apiGroup: snapshot.storage.k8s.io - kind: VolumeSnapshot - name: backup-40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14-vs-78b36b0d-52db-4b24-afe4-ceec56209bbb - resticEnv: - - name: GOOGLE_PROJECT_ID - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4/credentials.json - - name: RESTIC_PASSWORD - value: password - resticRepository: gs:astra-gcp-backup-743cfd150129://ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/restic/ghost/mysql-pv-claim_5749beb5-e09a-4286-8cb4-1af9750f6929 - resticVolumeMounts: - - mount: - mountPath: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4 - name: secret-astra-gcp-backup-743cfd150129-5rdt4 - readOnly: true - source: - items: - - key: credentials.json - path: credentials.json - secretName: astra-gcp-backup-743cfd150129-5rdt4 diff --git a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_status.yaml b/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_status.yaml deleted file mode 100644 index e0889bf955fdd..0000000000000 --- a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_status.yaml +++ /dev/null @@ -1,92 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ResticVolumeBackup -metadata: - annotations: - astra.netapp.io/correlationid: 2d54c3e9-2b18-4ce9-958e-4c307619e4e7 - creationTimestamp: "2024-04-25T20:30:15Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: backup-40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14-vs-78b36b0d-52db-4b24-afe4-ceec56209bbb - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Backup - name: hourly-acde9-20240425195000 - uid: 40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14 - resourceVersion: "11459181" - uid: f3424a57-862e-4609-88ce-e534a655a5d6 -spec: - clonePVC: - metadata: {} - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - storageClassName: netapp-cvs-perf-premium - dataSourceRef: - apiGroup: snapshot.storage.k8s.io - kind: VolumeSnapshot - name: backup-40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14-vs-78b36b0d-52db-4b24-afe4-ceec56209bbb - resticEnv: - - name: GOOGLE_PROJECT_ID - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4/credentials.json - - name: RESTIC_PASSWORD - value: password - resticRepository: gs:astra-gcp-backup-743cfd150129://ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/restic/ghost/mysql-pv-claim_5749beb5-e09a-4286-8cb4-1af9750f6929 - resticVolumeMounts: - - mount: - mountPath: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4 - name: secret-astra-gcp-backup-743cfd150129-5rdt4 - readOnly: true - source: - items: - - key: credentials.json - path: credentials.json - secretName: astra-gcp-backup-743cfd150129-5rdt4 -status: - clonePVCName: restic-volume-backup-f3424a57-862e-4609-88ce-e534a655a5d6 - clonePVName: "" - conditions: - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Successfully reconciled - reason: Done - status: "True" - type: SourcePVCExists - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Successfully reconciled - reason: Done - status: "True" - type: ResticJobCreated - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: ResticJobCompleted - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: ResticJobCleanedUp - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: TemporaryPVCCloneCleanedUp - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: TemporaryPVCloneCleanedUp - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: Completed - resticJobName: restic-volume-backup-f3424a57-862e-4609-88ce-e534a655a5d6 - state: Running diff --git a/resource_customizations/astra.netapp.io/Schedule/health.lua b/resource_customizations/astra.netapp.io/Schedule/health.lua deleted file mode 100644 index 5d122593e5b08..0000000000000 --- a/resource_customizations/astra.netapp.io/Schedule/health.lua +++ /dev/null @@ -1,7 +0,0 @@ -hs = { status = "Healthy", message = "Protection policy not yet executed" } -if obj.status ~= nil then - if obj.status.lastScheduleTime ~= nil then - hs.message = "Protection policy lastScheduleTime: " .. obj.status.lastScheduleTime - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/Schedule/health_test.yaml b/resource_customizations/astra.netapp.io/Schedule/health_test.yaml deleted file mode 100644 index 73414e0b58d5a..0000000000000 --- a/resource_customizations/astra.netapp.io/Schedule/health_test.yaml +++ /dev/null @@ -1,9 +0,0 @@ -tests: - - healthStatus: - status: Healthy - message: "Protection policy not yet executed" - inputPath: testdata/healthy_nostatus.yaml - - healthStatus: - status: Healthy - message: "Protection policy lastScheduleTime: 2024-04-24T01:00:00Z" - inputPath: testdata/healthy_status.yaml diff --git a/resource_customizations/astra.netapp.io/Schedule/testdata/healthy_nostatus.yaml b/resource_customizations/astra.netapp.io/Schedule/testdata/healthy_nostatus.yaml deleted file mode 100644 index 0456fb39fc0f6..0000000000000 --- a/resource_customizations/astra.netapp.io/Schedule/testdata/healthy_nostatus.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Schedule -metadata: - creationTimestamp: "2024-04-15T20:46:16Z" - generation: 2 - labels: - argocd.argoproj.io/instance: ghost-demo - name: ghost-monthly - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "3231157" - uid: f75ebc6f-627c-4b34-ba36-e64ddc3948e3 -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - backupRetention: "1" - dayOfMonth: "1" - dayOfWeek: "" - enabled: true - granularity: monthly - hour: "2" - minute: "0" - recurrenceRule: "" - snapshotRetention: "1" diff --git a/resource_customizations/astra.netapp.io/Schedule/testdata/healthy_status.yaml b/resource_customizations/astra.netapp.io/Schedule/testdata/healthy_status.yaml deleted file mode 100644 index 71f99ddf23299..0000000000000 --- a/resource_customizations/astra.netapp.io/Schedule/testdata/healthy_status.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Schedule -metadata: - creationTimestamp: "2024-04-15T20:46:16Z" - generation: 2 - labels: - argocd.argoproj.io/instance: ghost-demo - name: ghost-daily - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "9963815" - uid: a2736922-6801-482c-a199-03ef8a3f35d7 -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - backupRetention: "1" - dayOfMonth: "" - dayOfWeek: "" - enabled: true - granularity: daily - hour: "1" - minute: "0" - recurrenceRule: "" - snapshotRetention: "1" -status: - lastScheduleTime: "2024-04-24T01:00:00Z" diff --git a/resource_customizations/astra.netapp.io/Snapshot/health.lua b/resource_customizations/astra.netapp.io/Snapshot/health.lua deleted file mode 100644 index 39de4ac74eb68..0000000000000 --- a/resource_customizations/astra.netapp.io/Snapshot/health.lua +++ /dev/null @@ -1,16 +0,0 @@ -hs = { status = "Progressing", message = "No status available" } -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "Completed" then - hs.status = "Healthy" - hs.message = obj.kind .. " Completed" - elseif obj.status.state == "Running" then - hs.status = "Progressing" - hs.message = obj.kind .. " Running" - else - hs.status = "Degraded" - hs.message = obj.status.state - end - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/Snapshot/health_test.yaml b/resource_customizations/astra.netapp.io/Snapshot/health_test.yaml deleted file mode 100644 index c15b3d8b3a9f0..0000000000000 --- a/resource_customizations/astra.netapp.io/Snapshot/health_test.yaml +++ /dev/null @@ -1,17 +0,0 @@ -tests: - - healthStatus: - status: Progressing - message: "No status available" - inputPath: testdata/progressing_nostatus.yaml - - healthStatus: - status: Progressing - message: "Snapshot Running" - inputPath: testdata/progressing_status.yaml - - healthStatus: - status: Healthy - message: "Snapshot Completed" - inputPath: testdata/healthy.yaml - - healthStatus: - status: Degraded - message: "Failed" - inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/Snapshot/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/Snapshot/testdata/degraded.yaml deleted file mode 100644 index 89851bbe5dc0b..0000000000000 --- a/resource_customizations/astra.netapp.io/Snapshot/testdata/degraded.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Snapshot -metadata: - annotations: - astra.netapp.io/correlationid: 6094b54d-b02b-475a-b5db-136729841240 - creationTimestamp: "2024-04-24T19:54:18Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: backup-ad301b6a-6536-4313-89c1-d10ad0275430 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Backup - name: backup-20240424193746 - uid: ad301b6a-6536-4313-89c1-d10ad0275430 - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "10641329" - uid: 7b0d4f5e-53d0-4742-adec-15ef5d527865 -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - completionTimeout: 0s - volumeSnapshotsCreatedTimeout: 0s - volumeSnapshotsReadyToUseTimeout: 0s -status: - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424195419_backup-ad301b6a-6536-4313-89c1-d10ad0275430_7b0d4f5e-53d0-4742-adec-15ef5d527865 - conditions: - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppArchivePathNameGenerated - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: reconcile timeout of 1h0m0s exceeded - reason: Timeout - status: "False" - type: ResourceBackupCompleted - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: PreSnapshotExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: VolumeSnapshotsCreated - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: PostSnapshotExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: VolumeSnapshotsReady - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: Completed - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailurePostSnapshotExecHooksRunCompleted - error: reconcile timeout of 1h0m0s exceeded - state: Failed diff --git a/resource_customizations/astra.netapp.io/Snapshot/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/Snapshot/testdata/healthy.yaml deleted file mode 100644 index 7073f9c5147b5..0000000000000 --- a/resource_customizations/astra.netapp.io/Snapshot/testdata/healthy.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Snapshot -metadata: - annotations: - astra.netapp.io/correlationid: 87091676-6489-4c76-8728-6b81bf4936b0 - creationTimestamp: "2024-04-24T14:23:18Z" - finalizers: - - astra.netapp.io/finalizer - generation: 2 - name: argo-presync-20240424142317 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "10421471" - uid: 152faab3-0374-4cef-bac9-6e7940b06aa9 -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - completionTimeout: 0s - volumeSnapshotsCreatedTimeout: 0s - volumeSnapshotsReadyToUseTimeout: 0s -status: - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424142318_argo-presync-20240424142317_152faab3-0374-4cef-bac9-6e7940b06aa9 - completionTimestamp: "2024-04-24T14:23:43Z" - conditions: - - lastTransitionTime: "2024-04-24T14:23:18Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-24T14:23:18Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppArchivePathNameGenerated - - lastTransitionTime: "2024-04-24T14:23:30Z" - message: Successfully reconciled - reason: Done - status: "True" - type: ResourceBackupCompleted - - lastTransitionTime: "2024-04-24T14:23:31Z" - message: Successfully reconciled - reason: Done - status: "True" - type: PreSnapshotExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T14:23:41Z" - message: Successfully reconciled - reason: Done - status: "True" - type: VolumeSnapshotsCreated - - lastTransitionTime: "2024-04-24T14:23:42Z" - message: Successfully reconciled - reason: Done - status: "True" - type: PostSnapshotExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T14:23:43Z" - message: Successfully reconciled - reason: Done - status: "True" - type: VolumeSnapshotsReady - - lastTransitionTime: "2024-04-24T14:23:43Z" - message: Successfully reconciled - reason: Done - status: "True" - type: Completed - - lastTransitionTime: "2024-04-24T14:23:18Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailurePostSnapshotExecHooksRunCompleted - postSnapshotExecHooksRunResults: [] - preSnapshotExecHooksRunResults: [] - state: Completed - volumeSnapshots: - - name: snapshot-152faab3-0374-4cef-bac9-6e7940b06aa9-pvc-b9ff9e05-5049-4862-82c6-dea080c2fe0d - namespace: ghost - - name: snapshot-152faab3-0374-4cef-bac9-6e7940b06aa9-pvc-38c468b3-eed6-48f2-b43b-15083dd1c030 - namespace: ghost diff --git a/resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_nostatus.yaml deleted file mode 100644 index 28501e28fd95f..0000000000000 --- a/resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_nostatus.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Snapshot -metadata: - annotations: - astra.netapp.io/correlationid: de2315e9-4733-4733-91a0-1abec5f1e44e - creationTimestamp: "2024-04-24T21:17:04Z" - finalizers: - - astra.netapp.io/finalizer - generation: 2 - name: argo-presync-20240424211703 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "10654224" - uid: b200db48-c186-4ae8-9748-1ba7bec23d6d -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - completionTimeout: 0s - volumeSnapshotsCreatedTimeout: 0s - volumeSnapshotsReadyToUseTimeout: 0s diff --git a/resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_status.yaml b/resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_status.yaml deleted file mode 100644 index 08951648c6d74..0000000000000 --- a/resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_status.yaml +++ /dev/null @@ -1,73 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Snapshot -metadata: - annotations: - astra.netapp.io/correlationid: de2315e9-4733-4733-91a0-1abec5f1e44e - creationTimestamp: "2024-04-24T21:17:04Z" - finalizers: - - astra.netapp.io/finalizer - generation: 2 - name: argo-presync-20240424211703 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "10654224" - uid: b200db48-c186-4ae8-9748-1ba7bec23d6d -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - completionTimeout: 0s - volumeSnapshotsCreatedTimeout: 0s - volumeSnapshotsReadyToUseTimeout: 0s -status: - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424211704_argo-presync-20240424211703_b200db48-c186-4ae8-9748-1ba7bec23d6d - conditions: - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppArchivePathNameGenerated - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Waiting for ResourceBackup to complete - reason: Waiting - status: "False" - type: ResourceBackupCompleted - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: PreSnapshotExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: VolumeSnapshotsCreated - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: PostSnapshotExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: VolumeSnapshotsReady - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: Completed - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailurePostSnapshotExecHooksRunCompleted - state: Running diff --git a/resource_customizations/openfaas.com/Function/health.lua b/resource_customizations/openfaas.com/Function/health.lua deleted file mode 100644 index df72e228b04fa..0000000000000 --- a/resource_customizations/openfaas.com/Function/health.lua +++ /dev/null @@ -1,31 +0,0 @@ -hs = {} -if obj.status ~= nil then - if obj.status.conditions ~= nil then - for i, condition in ipairs(obj.status.conditions) do - if condition.type == "Ready" and condition.status == "False" then - hs.status = "Degraded" - hs.message = condition.message - return hs - end - if condition.type == "Stalled" and condition.status == "True" then - hs.status = "Degraded" - hs.message = condition.message - return hs - end - if condition.type == "Ready" and condition.status == "True" then - if obj.status.replicas ~= nil and obj.status.replicas > 0 then - hs.status = "Healthy" - hs.message = condition.message - else - hs.status = "Suspended" - hs.message = "No replicas available" - end - return hs - end - end - end -end - -hs.status = "Progressing" -hs.message = "Waiting for Function" -return hs diff --git a/resource_customizations/openfaas.com/Function/health_test.yaml b/resource_customizations/openfaas.com/Function/health_test.yaml deleted file mode 100644 index 750089fac48ea..0000000000000 --- a/resource_customizations/openfaas.com/Function/health_test.yaml +++ /dev/null @@ -1,17 +0,0 @@ -tests: -- healthStatus: - status: Progressing - message: "Waiting for Function" - inputPath: testdata/progressing.yaml -- healthStatus: - status: Degraded - message: "Secret missing: secrets \"missing-secret\" not found" - inputPath: testdata/degraded_no_secret.yaml -- healthStatus: - status: Healthy - message: "Deployment and service reconciled" - inputPath: testdata/healthy.yaml -- healthStatus: - status: Suspended - message: "No replicas available" - inputPath: testdata/suspended_zero_replicas.yaml diff --git a/resource_customizations/openfaas.com/Function/testdata/degraded_no_secret.yaml b/resource_customizations/openfaas.com/Function/testdata/degraded_no_secret.yaml deleted file mode 100644 index a1c0c981f1176..0000000000000 --- a/resource_customizations/openfaas.com/Function/testdata/degraded_no_secret.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{ - "apiVersion": "openfaas.com/v1", - "kind": "Function", - "metadata": { - "annotations": { - "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"openfaas.com/v1\",\"kind\":\"Function\",\"metadata\":{\"annotations\":{},\"name\":\"env\",\"namespace\":\"openfaas-fn\"},\"spec\":{\"annotations\":{},\"environment\":{\"fprocess\":\"env\",\"test\":\"yes\"},\"image\":\"ghcr.io/openfaas/alpine:latest\",\"labels\":{},\"name\":\"env\",\"secrets\":[\"missing-secret\"]}}\n" - }, - "creationTimestamp": "2024-04-29T13:42:46Z", - "generation": 1, - "name": "env", - "namespace": "openfaas-fn", - "resourceVersion": "580675", - "uid": "7a00bc7b-eb01-4f6a-b5f7-7893422ace7d" - }, - "spec": { - "annotations": {}, - "environment": { - "fprocess": "env", - "test": "yes" - }, - "image": "ghcr.io/openfaas/alpine:latest", - "labels": {}, - "name": "env", - "secrets": [ - "missing-secret" - ] - }, - "status": { - "conditions": [ - { - "lastTransitionTime": "2024-04-29T13:42:46Z", - "message": "Function queued for creation", - "observedGeneration": 1, - "reason": "Reconciling", - "status": "True", - "type": "Reconciling" - }, - { - "lastTransitionTime": "2024-04-29T13:42:46Z", - "message": "Secret missing: secrets \"missing-secret\" not found", - "observedGeneration": 1, - "reason": "SecretMissing", - "status": "True", - "type": "Stalled" - } - ] - } -} diff --git a/resource_customizations/openfaas.com/Function/testdata/healthy.yaml b/resource_customizations/openfaas.com/Function/testdata/healthy.yaml deleted file mode 100644 index 7d09972561710..0000000000000 --- a/resource_customizations/openfaas.com/Function/testdata/healthy.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: openfaas.com/v1 -kind: Function -metadata: - annotations: - kubectl.kubernetes.io/last-applied-configuration: | - {"apiVersion":"openfaas.com/v1","kind":"Function","metadata":{"annotations":{},"name":"env","namespace":"openfaas-fn"},"spec":{"annotations":{},"environment":{"fprocess":"env","test":"yes"},"image":"ghcr.io/openfaas/alpine:latest","labels":{},"name":"env"}} - creationTimestamp: "2024-04-29T13:38:50Z" - generation: 1 - name: env - namespace: openfaas-fn - resourceVersion: "580323" - uid: 865f74b9-cbc5-455a-abd7-4a1cdeae22d1 -spec: - annotations: {} - environment: - fprocess: env - test: "yes" - image: ghcr.io/openfaas/alpine:latest - labels: {} - name: env -status: - availableReplicas: 1 - conditions: - - lastTransitionTime: "2024-04-29T13:38:50Z" - message: Deployment and service reconciled - observedGeneration: 1 - reason: Ready - status: "True" - type: Ready - - lastTransitionTime: "2024-04-29T13:38:53Z" - message: At least one replica available - observedGeneration: 1 - reason: ReplicaAvailable - status: "True" - type: Healthy - replicas: 1 diff --git a/resource_customizations/openfaas.com/Function/testdata/progressing.yaml b/resource_customizations/openfaas.com/Function/testdata/progressing.yaml deleted file mode 100644 index 4b70ad08c19aa..0000000000000 --- a/resource_customizations/openfaas.com/Function/testdata/progressing.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -apiVersion: openfaas.com/v1 -kind: Function -metadata: - annotations: - kubectl.kubernetes.io/last-applied-configuration: | - {"apiVersion":"openfaas.com/v1","kind":"Function","metadata":{"annotations":{},"name":"env","namespace":"openfaas-fn"},"spec":{"annotations":{},"environment":{"fprocess":"env","test":"yes"},"image":"ghcr.io/openfaas/alpine:latest","labels":{},"name":"env"}} - creationTimestamp: "2024-04-29T13:38:50Z" - generation: 1 - name: env - namespace: openfaas-fn - resourceVersion: "580277" - uid: 865f74b9-cbc5-455a-abd7-4a1cdeae22d1 -spec: - annotations: {} - environment: - fprocess: env - test: "yes" - image: ghcr.io/openfaas/alpine:latest - labels: {} - name: env -status: - conditions: - - lastTransitionTime: "2024-04-29T13:38:50Z" - message: Function queued for creation - observedGeneration: 1 - reason: Reconciling - status: "True" - type: Reconciling ---- diff --git a/resource_customizations/openfaas.com/Function/testdata/suspended_zero_replicas.yaml b/resource_customizations/openfaas.com/Function/testdata/suspended_zero_replicas.yaml deleted file mode 100644 index 3307dfd8e4fe4..0000000000000 --- a/resource_customizations/openfaas.com/Function/testdata/suspended_zero_replicas.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -apiVersion: openfaas.com/v1 -kind: Function -metadata: - annotations: - kubectl.kubernetes.io/last-applied-configuration: | - {"apiVersion":"openfaas.com/v1","kind":"Function","metadata":{"annotations":{},"name":"env","namespace":"openfaas-fn"},"spec":{"annotations":{},"environment":{"fprocess":"env","test":"yes"},"image":"ghcr.io/openfaas/alpine:latest","labels":{},"name":"env"}} - creationTimestamp: "2024-04-29T13:38:50Z" - generation: 1 - name: env - namespace: openfaas-fn - resourceVersion: "580543" - uid: 865f74b9-cbc5-455a-abd7-4a1cdeae22d1 -spec: - annotations: {} - environment: - fprocess: env - test: "yes" - image: ghcr.io/openfaas/alpine:latest - labels: {} - name: env -status: - conditions: - - lastTransitionTime: "2024-04-29T13:38:50Z" - message: Deployment and service reconciled - observedGeneration: 1 - reason: Ready - status: "True" - type: Ready - - lastTransitionTime: "2024-04-29T13:41:27Z" - message: At least one replica available - observedGeneration: 1 - reason: ReplicaAvailable - status: "False" - type: Healthy diff --git a/server/application/application.go b/server/application/application.go index 164eda5937321..19d80303c2dfd 100644 --- a/server/application/application.go +++ b/server/application/application.go @@ -2139,7 +2139,12 @@ func (s *Server) resolveRevision(ctx context.Context, app *appv1.Application, sy ambiguousRevision := getAmbiguousRevision(app, syncReq, sourceIndex) - repo, err := s.db.GetRepository(ctx, app.Spec.GetSource().RepoURL) + repoUrl := app.Spec.GetSource().RepoURL + if app.Spec.HasMultipleSources() { + repoUrl = app.Spec.Sources[sourceIndex].RepoURL + } + + repo, err := s.db.GetRepository(ctx, repoUrl) if err != nil { return "", "", fmt.Errorf("error getting repository by URL: %w", err) } diff --git a/server/applicationset/applicationset.go b/server/applicationset/applicationset.go index 1875d01616858..d67815bd9a53d 100644 --- a/server/applicationset/applicationset.go +++ b/server/applicationset/applicationset.go @@ -280,52 +280,6 @@ func (s *Server) Delete(ctx context.Context, q *applicationset.ApplicationSetDel } -func (s *Server) ResourceTree(ctx context.Context, q *applicationset.ApplicationSetTreeQuery) (*v1alpha1.ApplicationSetTree, error) { - namespace := s.appsetNamespaceOrDefault(q.AppsetNamespace) - - if !s.isNamespaceEnabled(namespace) { - return nil, security.NamespaceNotPermittedError(namespace) - } - - a, err := s.appclientset.ArgoprojV1alpha1().ApplicationSets(namespace).Get(ctx, q.Name, metav1.GetOptions{}) - - if err != nil { - return nil, fmt.Errorf("error getting ApplicationSet: %w", err) - } - if err = s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionGet, a.RBACName(s.ns)); err != nil { - return nil, err - } - - return s.buildApplicationSetTree(ctx, a) -} - -func (s *Server) buildApplicationSetTree(ctx context.Context, a *v1alpha1.ApplicationSet) (*v1alpha1.ApplicationSetTree, error) { - var tree v1alpha1.ApplicationSetTree - - gvk := v1alpha1.ApplicationSetSchemaGroupVersionKind - parentRefs := []v1alpha1.ResourceRef{ - {Group: gvk.Group, Version: gvk.Version, Kind: gvk.Kind, Name: a.Name, Namespace: a.Namespace, UID: string(a.UID)}, - } - - apps := a.Status.Resources - for _, app := range apps { - tree.Nodes = append(tree.Nodes, v1alpha1.ResourceNode{ - Health: app.Health, - ResourceRef: v1alpha1.ResourceRef{ - Name: app.Name, - Group: app.Group, - Version: app.Version, - Kind: app.Kind, - Namespace: a.Namespace, - }, - ParentRefs: parentRefs, - }) - } - tree.Normalize() - - return &tree, nil -} - func (s *Server) validateAppSet(ctx context.Context, appset *v1alpha1.ApplicationSet) (string, error) { if appset == nil { return "", fmt.Errorf("ApplicationSet cannot be validated for nil value") diff --git a/server/applicationset/applicationset.proto b/server/applicationset/applicationset.proto index 07ed4e2c89384..2a857d41a00ce 100644 --- a/server/applicationset/applicationset.proto +++ b/server/applicationset/applicationset.proto @@ -46,11 +46,6 @@ message ApplicationSetDeleteRequest { string appsetNamespace = 2; } -message ApplicationSetTreeQuery { - string name = 1; - // The application set namespace. Default empty is argocd control plane namespace - string appsetNamespace = 2; -} // ApplicationSetService service ApplicationSetService { @@ -78,9 +73,4 @@ service ApplicationSetService { option (google.api.http).delete = "/api/v1/applicationsets/{name}"; } - // ResourceTree returns resource tree - rpc ResourceTree(ApplicationSetTreeQuery) returns (github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSetTree) { - option (google.api.http).get = "/api/v1/applicationsets/{name}/resource-tree"; - } - -} +} \ No newline at end of file diff --git a/server/applicationset/applicationset_test.go b/server/applicationset/applicationset_test.go index e72fec497c9b8..c49ddb35a7970 100644 --- a/server/applicationset/applicationset_test.go +++ b/server/applicationset/applicationset_test.go @@ -4,7 +4,6 @@ import ( "context" "testing" - "github.com/argoproj/gitops-engine/pkg/health" "github.com/argoproj/pkg/sync" "github.com/stretchr/testify/assert" v1 "k8s.io/api/core/v1" @@ -475,90 +474,3 @@ func TestUpdateAppSet(t *testing.T) { }) } - -func TestResourceTree(t *testing.T) { - appSet1 := newTestAppSet(func(appset *appsv1.ApplicationSet) { - appset.Name = "AppSet1" - appset.Status.Resources = []appsv1.ResourceStatus{ - { - Name: "app1", - Kind: "Application", - Group: "argoproj.io", - Version: "v1alpha1", - Namespace: "default", - Health: &appsv1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - Status: appsv1.SyncStatusCodeSynced, - }, - } - }) - - appSet2 := newTestAppSet(func(appset *appsv1.ApplicationSet) { - appset.Name = "AppSet2" - }) - - appSet3 := newTestAppSet(func(appset *appsv1.ApplicationSet) { - appset.Name = "AppSet3" - }) - - expectedTree := &appsv1.ApplicationSetTree{ - Nodes: []appsv1.ResourceNode{ - { - ResourceRef: appsv1.ResourceRef{ - Kind: "Application", - Group: "argoproj.io", - Version: "v1alpha1", - Namespace: "default", - Name: "app1", - }, - ParentRefs: []appsv1.ResourceRef{ - { - Kind: "ApplicationSet", - Group: "argoproj.io", - Version: "v1alpha1", - Namespace: "default", - Name: "AppSet1", - }, - }, - Health: &appsv1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - } - - t.Run("ResourceTree in default namespace", func(t *testing.T) { - - appSetServer := newTestAppSetServer(appSet1, appSet2, appSet3) - - appsetQuery := applicationset.ApplicationSetTreeQuery{Name: "AppSet1"} - - res, err := appSetServer.ResourceTree(context.Background(), &appsetQuery) - assert.NoError(t, err) - assert.Equal(t, expectedTree, res) - }) - - t.Run("ResourceTree in named namespace", func(t *testing.T) { - - appSetServer := newTestAppSetServer(appSet1, appSet2, appSet3) - - appsetQuery := applicationset.ApplicationSetTreeQuery{Name: "AppSet1", AppsetNamespace: testNamespace} - - res, err := appSetServer.ResourceTree(context.Background(), &appsetQuery) - assert.NoError(t, err) - assert.Equal(t, expectedTree, res) - }) - - t.Run("ResourceTree in not allowed namespace", func(t *testing.T) { - - appSetServer := newTestAppSetServer(appSet1, appSet2, appSet3) - - appsetQuery := applicationset.ApplicationSetTreeQuery{Name: "AppSet1", AppsetNamespace: "NOT-ALLOWED"} - - _, err := appSetServer.ResourceTree(context.Background(), &appsetQuery) - assert.Equal(t, "namespace 'NOT-ALLOWED' is not permitted", err.Error()) - }) -} diff --git a/server/badge/badge.go b/server/badge/badge.go index 5ed445e6643c3..8a706f67f2b05 100644 --- a/server/badge/badge.go +++ b/server/badge/badge.go @@ -5,7 +5,6 @@ import ( "fmt" "net/http" "regexp" - "strconv" "strings" healthutil "github.com/argoproj/gitops-engine/pkg/health" @@ -46,21 +45,18 @@ var ( titleTextPattern = regexp.MustCompile(`id="titleText" [^>]*>([^<]*)`) titleRectWidthPattern = regexp.MustCompile(`(id="titleRect" .* width=)("0")`) rightRectWidthPattern = regexp.MustCompile(`(id="rightRect" .* width=)("\d*")`) - revisionRectWidthPattern = regexp.MustCompile(`(id="revisionRect" .* width=)("\d*")`) leftRectYCoodPattern = regexp.MustCompile(`(id="leftRect" .* y=)("\d*")`) rightRectYCoodPattern = regexp.MustCompile(`(id="rightRect" .* y=)("\d*")`) revisionRectYCoodPattern = regexp.MustCompile(`(id="revisionRect" .* y=)("\d*")`) leftTextYCoodPattern = regexp.MustCompile(`(id="leftText" .* y=)("\d*")`) rightTextYCoodPattern = regexp.MustCompile(`(id="rightText" .* y=)("\d*")`) revisionTextYCoodPattern = regexp.MustCompile(`(id="revisionText" .* y=)("\d*")`) - revisionTextXCoodPattern = regexp.MustCompile(`(id="revisionText" x=)("\d*")`) svgHeightPattern = regexp.MustCompile(`^( 7 { - displayedRevision = revision[:7] - svgWidth = svgWidthWithRevision - } else { - svgWidth = svgWidthWithFullRevision - } - - badge = replaceFirstGroupSubMatch(revisionTextPattern, badge, fmt.Sprintf("(%s)", displayedRevision)) - } - - if widthParam, ok := r.URL.Query()["width"]; ok && enabled { - width, err := strconv.Atoi(widthParam[0]) - if err == nil { - svgWidth = width - adjustWidth = true - } - } - - // Increase width of SVG - if adjustWidth { - badge = svgWidthPattern.ReplaceAllString(badge, fmt.Sprintf(` 7 { + shortRevision = shortRevision[:7] } + badge = replaceFirstGroupSubMatch(revisionTextPattern, badge, fmt.Sprintf("(%s)", shortRevision)) } if showAppNameParam, ok := r.URL.Query()["showAppName"]; ok && enabled && strings.EqualFold(showAppNameParam[0], "true") { @@ -246,6 +215,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { titleRectWidth := len(applicationName) * widthPerChar var longerWidth int = max(titleRectWidth, svgWidth) rightRectWidth := longerWidth - leftRectWidth + fmt.Println(len(applicationName)) badge = titleRectWidthPattern.ReplaceAllString(badge, fmt.Sprintf(`$1"%d"`, longerWidth)) badge = rightRectWidthPattern.ReplaceAllString(badge, fmt.Sprintf(`$1"%d"`, rightRectWidth)) badge = replaceFirstGroupSubMatch(titleTextPattern, badge, applicationName) diff --git a/server/badge/badge_test.go b/server/badge/badge_test.go index 706153c267fe9..57d88c963323a 100644 --- a/server/badge/badge_test.go +++ b/server/badge/badge_test.go @@ -75,22 +75,6 @@ func testApp2() *v1alpha1.Application { }, } } - -func testApp3() *v1alpha1.Application { - return &v1alpha1.Application{ - ObjectMeta: v1.ObjectMeta{Name: "test-app", Namespace: "argocd-test"}, - Status: v1alpha1.ApplicationStatus{ - Sync: v1alpha1.SyncStatus{Status: v1alpha1.SyncStatusCodeSynced}, - Health: v1alpha1.HealthStatus{Status: health.HealthStatusHealthy}, - OperationState: &v1alpha1.OperationState{ - SyncResult: &v1alpha1.SyncOperationResult{ - Revision: "aa29b85ababababababab", - }, - }, - }, - } -} - func testProject() *v1alpha1.AppProject { return &v1alpha1.AppProject{ ObjectMeta: v1.ObjectMeta{Name: "test-project", Namespace: "default"}, @@ -245,70 +229,6 @@ func TestHandlerNamespacesIsEnabled(t *testing.T) { }) } -func TestHandlerFeatureIsEnabledKeepFullRevisionIsEnabled(t *testing.T) { - settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") - handler := NewHandler(appclientset.NewSimpleClientset(testApp3()), settingsMgr, "argocd-test", []string{""}) - req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&revision=true&keepFullRevision=true", nil) - assert.NoError(t, err) - - rr := httptest.NewRecorder() - handler.ServeHTTP(rr, req) - - assert.Equal(t, "private, no-store", rr.Header().Get("Cache-Control")) - assert.Equal(t, "*", rr.Header().Get("Access-Control-Allow-Origin")) - - response := rr.Body.String() - assert.Equal(t, toRGBString(Green), leftRectColorPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, toRGBString(Green), rightRectColorPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, "Healthy", leftTextPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, "Synced", rightTextPattern.FindStringSubmatch(response)[1]) - assert.NotContains(t, response, "test-app") - assert.Contains(t, response, "(aa29b85ababababababab)") -} - -func TestHandlerFeatureIsEnabledKeepFullRevisionIsDisabled(t *testing.T) { - settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") - handler := NewHandler(appclientset.NewSimpleClientset(testApp3()), settingsMgr, "argocd-test", []string{}) - req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&revision=true&keepFullRevision=false", nil) - assert.NoError(t, err) - - rr := httptest.NewRecorder() - handler.ServeHTTP(rr, req) - - assert.Equal(t, "private, no-store", rr.Header().Get("Cache-Control")) - assert.Equal(t, "*", rr.Header().Get("Access-Control-Allow-Origin")) - - response := rr.Body.String() - assert.Equal(t, toRGBString(Green), leftRectColorPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, toRGBString(Green), rightRectColorPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, "Healthy", leftTextPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, "Synced", rightTextPattern.FindStringSubmatch(response)[1]) - assert.NotContains(t, response, "test-app") - assert.Contains(t, response, "(aa29b85)") -} - -func TestHandlerFeatureIsEnabledKeepFullRevisionAndWidthIsEnabled(t *testing.T) { - settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") - handler := NewHandler(appclientset.NewSimpleClientset(testApp3()), settingsMgr, "argocd-test", []string{""}) - req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&revision=true&keepFullRevision=true&width=500", nil) - assert.NoError(t, err) - - rr := httptest.NewRecorder() - handler.ServeHTTP(rr, req) - - assert.Equal(t, "private, no-store", rr.Header().Get("Cache-Control")) - assert.Equal(t, "*", rr.Header().Get("Access-Control-Allow-Origin")) - - response := rr.Body.String() - assert.Equal(t, toRGBString(Green), leftRectColorPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, toRGBString(Green), rightRectColorPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, "Healthy", leftTextPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, "Synced", rightTextPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, "500", svgWidthPattern.FindStringSubmatch(response)[1]) - assert.NotContains(t, response, "test-app") - assert.Contains(t, response, "(aa29b85ababababababab)") -} - func createApplicationFeatureProjectIsEnabled(healthStatus health.HealthStatusCode, syncStatus v1alpha1.SyncStatusCode, appName, projectName, namespace string) *v1alpha1.Application { return &v1alpha1.Application{ ObjectMeta: v1.ObjectMeta{Name: appName, Namespace: namespace}, diff --git a/server/project/project.go b/server/project/project.go index 471ac4ade6ce2..44ddee95eaaff 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -137,8 +137,6 @@ func (s *Server) createToken(ctx context.Context, q *project.ProjectTokenCreateR } id = claims.ID - prj.NormalizeJWTTokens() - items := append(prj.Status.JWTTokensByRole[q.Role].Items, v1alpha1.JWTToken{IssuedAt: issuedAt, ExpiresAt: expiresAt, ID: id}) if _, found := prj.Status.JWTTokensByRole[q.Role]; found { prj.Status.JWTTokensByRole[q.Role] = v1alpha1.JWTTokens{Items: items} diff --git a/server/project/project_test.go b/server/project/project_test.go index c970c8b20b4d3..caf0df9f3ebac 100644 --- a/server/project/project_test.go +++ b/server/project/project_test.go @@ -585,7 +585,7 @@ p, role:admin, projects, update, *, allow`) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB) request := &project.ProjectUpdateRequest{Project: projWithRole} _, err := projectServer.Update(context.Background(), request) - assert.Contains(t, err.Error(), "object must be of form 'test/*', 'test[/]/' or 'test/'") + assert.Contains(t, err.Error(), "object must be of form 'test/*' or 'test/'") }) t.Run("TestValidateProjectIncorrectProjectInRoleFailure", func(t *testing.T) { diff --git a/server/server.go b/server/server.go index 625fa2053023e..bd1e9857ce1ef 100644 --- a/server/server.go +++ b/server/server.go @@ -771,7 +771,7 @@ func (a *ArgoCDServer) newGRPCServer() (*grpc.Server, application.AppResourceTre // NOTE: notice we do not configure the gRPC server here with TLS (e.g. grpc.Creds(creds)) // This is because TLS handshaking occurs in cmux handling sOpts = append(sOpts, grpc.StreamInterceptor(grpc_middleware.ChainStreamServer( - otelgrpc.StreamServerInterceptor(), + otelgrpc.StreamServerInterceptor(), //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258 grpc_logrus.StreamServerInterceptor(a.log), grpc_prometheus.StreamServerInterceptor, grpc_auth.StreamServerInterceptor(a.Authenticate), @@ -785,7 +785,7 @@ func (a *ArgoCDServer) newGRPCServer() (*grpc.Server, application.AppResourceTre ))) sOpts = append(sOpts, grpc.UnaryInterceptor(grpc_middleware.ChainUnaryServer( bug21955WorkaroundInterceptor, - otelgrpc.UnaryServerInterceptor(), + otelgrpc.UnaryServerInterceptor(), //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258 grpc_logrus.UnaryServerInterceptor(a.log), grpc_prometheus.UnaryServerInterceptor, grpc_auth.UnaryServerInterceptor(a.Authenticate), diff --git a/test/container/Dockerfile b/test/container/Dockerfile index 125cde44965b5..a6614cd13a2d6 100644 --- a/test/container/Dockerfile +++ b/test/container/Dockerfile @@ -6,15 +6,15 @@ FROM docker.io/library/redis:7.2.4@sha256:7dd707032d90c6eaafd566f62a00f5b0116ae0 RUN ln -s /usr/lib/$(uname -m)-linux-gnu /usr/lib/linux-gnu # Please make sure to also check the contained yarn version and update the references below when upgrading this image's version -FROM docker.io/library/node:22.0.0@sha256:cbd62dc7ba7e50d01520f2c0a8d9853ec872187fa806ed61d0f87081c220386d as node +FROM docker.io/library/node:21.7.1@sha256:b9ccc4aca32eebf124e0ca0fd573dacffba2b9236987a1d4d2625ce3c162ecc8 as node -FROM docker.io/library/golang:1.22.1@sha256:0b55ab82ac2a54a6f8f85ec8b943b9e470c39e32c109b766bbc1b801f3fa8d3b as golang +FROM docker.io/library/golang:1.21.9@sha256:7d0dcbe5807b1ad7272a598fbf9d7af15b5e2bed4fd6c4c2b5b3684df0b317dd as golang -FROM docker.io/library/registry:2.8@sha256:4fac7a8257b1d7a86599043fcc181dfbdf9c8f57e337db763ac94b0e67c6cfb5 as registry +FROM docker.io/library/registry:2.8@sha256:fb9c9aef62af3955f6014613456551c92e88a67dcf1fc51f5f91bcbd1832813f as registry -FROM docker.io/bitnami/kubectl:1.30@sha256:b909f3a93813f25192bcb57f5c1e482d53ba01413db69c8143fca882e6e930e5 as kubectl +FROM docker.io/bitnami/kubectl:1.27@sha256:14ab746e857d96c105df4989cc2bf841292f2d143f7c60f9d7f549ae660eab43 as kubectl -FROM docker.io/library/ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 +FROM docker.io/library/ubuntu:22.04@sha256:77906da86b60585ce12215807090eb327e7386c8fafb5402369e421f44eff17e ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update && apt-get install --fix-missing -y \ diff --git a/test/e2e/declarative_test.go b/test/e2e/declarative_test.go index bbde965b914e1..3f1c1a20e1037 100644 --- a/test/e2e/declarative_test.go +++ b/test/e2e/declarative_test.go @@ -55,7 +55,6 @@ func TestDeclarativeInvalidProject(t *testing.T) { Expect(HealthIs(health.HealthStatusUnknown)). Expect(SyncStatusIs(SyncStatusCodeUnknown)). Expect(Condition(ApplicationConditionInvalidSpecError, "Application referencing project garbage which does not exist")) - // TODO: you can`t delete application with invalid project due to enforcment that was recently added, // in https://github.com/argoproj/argo-cd/security/advisories/GHSA-2gvw-w6fj-7m3c //When(). diff --git a/test/e2e/multiarch-container/Dockerfile b/test/e2e/multiarch-container/Dockerfile index 97f665320188f..681a4bd44e61e 100644 --- a/test/e2e/multiarch-container/Dockerfile +++ b/test/e2e/multiarch-container/Dockerfile @@ -1,2 +1,2 @@ -FROM docker.io/library/busybox@sha256:6776a33c72b3af7582a5b301e3a08186f2c21a3409f0d2b52dfddbdbe24a5b04 +FROM docker.io/library/busybox@sha256:c3839dd800b9eb7603340509769c43e146a74c63dca3045a8e7dc8ee07e53966 CMD exec sh -c "trap : TERM INT; echo 'Hi' && tail -f /dev/null" diff --git a/test/e2e/project_management_test.go b/test/e2e/project_management_test.go index 8f60a901b5f41..fb8886a21dbd4 100644 --- a/test/e2e/project_management_test.go +++ b/test/e2e/project_management_test.go @@ -324,7 +324,6 @@ func TestUseJWTToken(t *testing.T) { projectName := "proj-" + strconv.FormatInt(time.Now().Unix(), 10) appName := "app-" + strconv.FormatInt(time.Now().Unix(), 10) roleName := "roleTest" - roleName2 := "roleTest2" testApp := &v1alpha1.Application{ ObjectMeta: metav1.ObjectMeta{ Name: appName, @@ -366,15 +365,6 @@ func TestUseJWTToken(t *testing.T) { _, err = fixture.RunCli("proj", "role", "create-token", projectName, roleName) assert.NoError(t, err) - // Create second role with kubectl, to test that it will not affect 1st role - _, err = fixture.Run("", "kubectl", "patch", "appproject", projectName, "--type", "merge", - "-n", fixture.TestNamespace(), - "-p", fmt.Sprintf(`{"spec":{"roles":[{"name":"%s"},{"name":"%s"}]}}`, roleName, roleName2)) - assert.NoError(t, err) - - _, err = fixture.RunCli("proj", "role", "create-token", projectName, roleName2) - assert.NoError(t, err) - for _, action := range []string{"get", "update", "sync", "create", "override", "*"} { _, err = fixture.RunCli("proj", "role", "add-policy", projectName, roleName, "-a", action, "-o", "*", "-p", "allow") assert.NoError(t, err) diff --git a/test/remote/Dockerfile b/test/remote/Dockerfile index 139bd696437ce..cf43ee355567d 100644 --- a/test/remote/Dockerfile +++ b/test/remote/Dockerfile @@ -1,4 +1,4 @@ -ARG BASE_IMAGE=docker.io/library/ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 +ARG BASE_IMAGE=docker.io/library/ubuntu:22.04 FROM docker.io/library/golang:1.22.0@sha256:7b297d9abee021bab9046e492506b3c2da8a3722cbf301653186545ecc1e00bb AS go diff --git a/ui-test/Dockerfile b/ui-test/Dockerfile index 12917dcf41a70..46231bad8d142 100644 --- a/ui-test/Dockerfile +++ b/ui-test/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/library/node:22.0.0@sha256:cbd62dc7ba7e50d01520f2c0a8d9853ec872187fa806ed61d0f87081c220386d as node +FROM docker.io/library/node:21.7.1@sha256:b9ccc4aca32eebf124e0ca0fd573dacffba2b9236987a1d4d2625ce3c162ecc8 as node RUN apt-get update && apt-get install --no-install-recommends -y \ software-properties-common diff --git a/ui/src/app/applications/components/application-details/application-resource-list.tsx b/ui/src/app/applications/components/application-details/application-resource-list.tsx index 6cee8b04a7205..d1e01adb52c04 100644 --- a/ui/src/app/applications/components/application-details/application-resource-list.tsx +++ b/ui/src/app/applications/components/application-details/application-resource-list.tsx @@ -12,14 +12,17 @@ import {format} from 'date-fns'; import {ResourceNode, ResourceRef} from '../../../shared/models'; import './application-resource-list.scss'; -export interface ApplicationResourceListProps { +export const ApplicationResourceList = ({ + resources, + onNodeClick, + nodeMenu, + tree +}: { resources: models.ResourceStatus[]; onNodeClick?: (fullName: string) => any; nodeMenu?: (node: models.ResourceNode) => React.ReactNode; tree?: models.ApplicationTree; -} - -export const ApplicationResourceList = (props: ApplicationResourceListProps) => { +}) => { function getResNode(nodes: ResourceNode[], nodeId: string): models.ResourceNode { for (const node of nodes) { if (nodeKey(node) === nodeId) { @@ -28,7 +31,7 @@ export const ApplicationResourceList = (props: ApplicationResourceListProps) => } return null; } - const parentNode = ((props.resources || []).length > 0 && (getResNode(props.tree.nodes, nodeKey(props.resources[0])) as ResourceNode)?.parentRefs?.[0]) || ({} as ResourceRef); + const parentNode = ((resources || []).length > 0 && (getResNode(tree.nodes, nodeKey(resources[0])) as ResourceNode)?.parentRefs?.[0]) || ({} as ResourceRef); const searchParams = new URLSearchParams(window.location.search); const view = searchParams.get('view'); @@ -70,7 +73,7 @@ export const ApplicationResourceList = (props: ApplicationResourceListProps) =>
                            STATUS
    - {props.resources + {resources .sort((first, second) => -createdOrNodeKey(first).localeCompare(createdOrNodeKey(second))) .map(res => (
    className={classNames('argo-table-list__row', { 'application-resource-tree__node--orphaned': res.orphaned })} - onClick={() => props.onNodeClick && props.onNodeClick(nodeKey(res))}> + onClick={() => onNodeClick(nodeKey(res))}>
    @@ -108,7 +111,7 @@ export const ApplicationResourceList = (props: ApplicationResourceListProps) =>
    {res.syncWave || '-'}
    {res.namespace}
    {res.kind === 'ReplicaSet' && - ((getResNode(props.tree.nodes, nodeKey(res)) as ResourceNode).info || []) + ((getResNode(tree.nodes, nodeKey(res)) as ResourceNode).info || []) .filter(tag => !tag.name.includes('Node')) .slice(0, 4) .map((tag, i) => { @@ -137,31 +140,27 @@ export const ApplicationResourceList = (props: ApplicationResourceListProps) => )} {res.status && } {res.hook && } - {props.nodeMenu && ( -
    - ( - - )}> - {() => - props.nodeMenu({ - name: res.name, - version: res.version, - kind: res.kind, - namespace: res.namespace, - group: res.group, - info: null, - uid: '', - resourceVersion: null, - parentRefs: [] - }) - } - -
    - )} +
    + ( + + )}> + {nodeMenu({ + name: res.name, + version: res.version, + kind: res.kind, + namespace: res.namespace, + group: res.group, + info: null, + uid: '', + resourceVersion: null, + parentRefs: [] + })} + +
    diff --git a/ui/src/app/applications/components/application-parameters/application-parameters.tsx b/ui/src/app/applications/components/application-parameters/application-parameters.tsx index 28698c8eda79f..38a6d151a90c2 100644 --- a/ui/src/app/applications/components/application-parameters/application-parameters.tsx +++ b/ui/src/app/applications/components/application-parameters/application-parameters.tsx @@ -14,11 +14,7 @@ import { StringValueField, NameValue, TagsInputField, - ValueEditor, - Paginate, - RevisionHelpIcon, - Revision, - Repo + ValueEditor } from '../../../shared/components'; import * as models from '../../../shared/models'; import {ApplicationSourceDirectory, Plugin} from '../../../shared/models'; @@ -27,9 +23,8 @@ import {ImageTagFieldEditor} from './kustomize'; import * as kustomize from './kustomize-image'; import {VarsInputField} from './vars-input-field'; import {concatMaps} from '../../../shared/utils'; -import {getAppDefaultSource, helpTip} from '../utils'; +import {getAppDefaultSource} from '../utils'; import * as jsYaml from 'js-yaml'; -import {RevisionFormField} from '../revision-form-field/revision-form-field'; const TextWithMetadataField = ReactFormField((props: {metadata: {value: string}; fieldApi: FieldApi; className: string}) => { const { @@ -56,16 +51,6 @@ function overridesFirst(first: {overrideIndex: number; metadata: {name: string}} return first.overrideIndex - second.overrideIndex; } -function processPath(path: string) { - if (path !== null && path !== undefined) { - if (path === '.') { - return '(root)'; - } - return path; - } - return ''; -} - function getParamsEditableItems( app: models.Application, title: string, @@ -137,287 +122,20 @@ function getParamsEditableItems( export const ApplicationParameters = (props: { application: models.Application; - details?: models.RepoAppDetails; - detailsList?: models.RepoAppDetails[]; + details: models.RepoAppDetails; save?: (application: models.Application, query: {validate?: boolean}) => Promise; noReadonlyMode?: boolean; - pageNumber?: number; - setPageNumber?: (x: number) => any; }) => { const app = cloneDeep(props.application); - const source = getAppDefaultSource(app); // For source field - const appSources = app?.spec.sources; + const source = getAppDefaultSource(app); const [removedOverrides, setRemovedOverrides] = React.useState(new Array()); let attributes: EditablePanelItem[] = []; - const multipleAttributes = new Array(); - + const isValuesObject = source?.helm?.valuesObject; + const helmValues = isValuesObject ? jsYaml.safeDump(source.helm.valuesObject) : source?.helm?.values; const [appParamsDeletedState, setAppParamsDeletedState] = React.useState([]); - if (appSources && props.detailsList && props.detailsList.length > 1) { - for (let i: number = 0; i < props.detailsList.length; i++) { - multipleAttributes.push( - gatherDetails(props.detailsList[i], attributes, appSources[i], app, setRemovedOverrides, removedOverrides, appParamsDeletedState, setAppParamsDeletedState) - ); - attributes = []; - } - } else { - // For source field. Delete this when source field is removed - attributes = gatherDetails(props.details, attributes, source, app, setRemovedOverrides, removedOverrides, appParamsDeletedState, setAppParamsDeletedState); - } - - if (props.detailsList && props.detailsList.length > 1) { - return ( - { - props.setPageNumber(page); - }}> - {data => { - const listOfPanels: any[] = []; - data.forEach(attr => { - const repoAppDetails = props.detailsList[multipleAttributes.indexOf(attr)]; - listOfPanels.push(getEditablePanel(attr, repoAppDetails, multipleAttributes.indexOf(attr), app.spec.sources)); - }); - return listOfPanels; - }} - - ); - } else { - const v: models.ApplicationSource[] = new Array(); - v.push(app.spec.source); - return getEditablePanel(attributes, props.details, 0, v, true); - } - - function getEditablePanel(panel: EditablePanelItem[], repoAppDetails: models.RepoAppDetails, ind: number, sources: models.ApplicationSource[], isSingleSource?: boolean): any { - const src: models.ApplicationSource = sources[ind]; - let descriptionCollapsed: string; - let floatingTitle: string; - if (sources.length > 1) { - if (repoAppDetails.type === 'Directory') { - floatingTitle = 'TYPE=' + repoAppDetails.type + ', URL=' + src.repoURL; - descriptionCollapsed = - 'TYPE=' + repoAppDetails.type + (src.path ? ', PATH=' + src.path : '' + (src.targetRevision ? ', TARGET REVISION=' + src.targetRevision : '')); - } else if (repoAppDetails.type === 'Helm') { - floatingTitle = 'TYPE=' + repoAppDetails.type + ', URL=' + src.repoURL + (src.chart ? ', CHART=' + src.chart + ':' + src.targetRevision : ''); - descriptionCollapsed = - 'TYPE=' + - repoAppDetails.type + - (src.chart ? ', CHART=' + src.chart + ':' + src.targetRevision : '') + - (src.path ? ', PATH=' + src.path : '') + - (src.helm && src.helm.valueFiles ? ', VALUES=' + src.helm.valueFiles[0] : ''); - } else if (repoAppDetails.type === 'Kustomize') { - floatingTitle = 'TYPE=' + repoAppDetails.type + ', URL=' + src.repoURL; - descriptionCollapsed = 'TYPE=' + repoAppDetails.type + ', VERSION=' + src.kustomize.version + (src.path ? ', PATH=' + src.path : ''); - } else if (repoAppDetails.type === 'Plugin') { - floatingTitle = - 'TYPE=' + - repoAppDetails.type + - ', URL=' + - src.repoURL + - (src.path ? ', PATH=' + src.path : '') + - (src.targetRevision ? ', TARGET REVISION=' + src.targetRevision : ''); - descriptionCollapsed = - 'TYPE=' + repoAppDetails.type + '' + (src.path ? ', PATH=' + src.path : '') + (src.targetRevision ? ', TARGET REVISION=' + src.targetRevision : ''); - } - } - return ( - { - const updatedSrc = isSingleSource ? input.spec.source : input.spec.sources[ind]; - - function isDefined(item: any) { - return item !== null && item !== undefined; - } - function isDefinedWithVersion(item: any) { - return item !== null && item !== undefined && item.match(/:/); - } - - if (updatedSrc.helm && updatedSrc.helm.parameters) { - updatedSrc.helm.parameters = updatedSrc.helm.parameters.filter(isDefined); - } - if (updatedSrc.kustomize && updatedSrc.kustomize.images) { - updatedSrc.kustomize.images = updatedSrc.kustomize.images.filter(isDefinedWithVersion); - } - - let params = input.spec?.source?.plugin?.parameters; - if (params) { - for (const param of params) { - if (param.map && param.array) { - // @ts-ignore - param.map = param.array.reduce((acc, {name, value}) => { - // @ts-ignore - acc[name] = value; - return acc; - }, {}); - delete param.array; - } - } - - params = params.filter(param => !appParamsDeletedState.includes(param.name)); - input.spec.source.plugin.parameters = params; - } - if (input.spec.source.helm && input.spec.source.helm.valuesObject) { - input.spec.source.helm.valuesObject = jsYaml.safeLoad(input.spec.source.helm.values); // Deserialize json - input.spec.source.helm.values = ''; - } - await props.save(input, {}); - setRemovedOverrides(new Array()); - }) - } - values={ - app?.spec?.source - ? ((props.details.plugin || app?.spec?.source?.plugin) && cloneDeep(app)) || app - : ((repoAppDetails.plugin || app?.spec?.sources[ind]?.plugin) && cloneDeep(app)) || app - } - validate={updatedApp => { - const errors = {} as any; - - for (const fieldPath of ['spec.source.directory.jsonnet.tlas', 'spec.source.directory.jsonnet.extVars']) { - const invalid = ((getNestedField(updatedApp, fieldPath) || []) as Array).filter(item => !item.name && !item.code); - errors[fieldPath] = invalid.length > 0 ? 'All fields must have name' : null; - } - - if (updatedApp.spec.source.helm && updatedApp.spec.source.helm.values) { - const parsedValues = jsYaml.safeLoad(updatedApp.spec.source.helm.values); - errors['spec.source.helm.values'] = typeof parsedValues === 'object' ? null : 'Values must be a map'; - } - - return errors; - }} - onModeSwitch={ - repoAppDetails.plugin && - (() => { - setAppParamsDeletedState([]); - }) - } - title={repoAppDetails.type.toLocaleUpperCase()} - titleCollapsed={src.repoURL} - floatingTitle={floatingTitle} - items={panel as EditablePanelItem[]} - noReadonlyMode={props.noReadonlyMode} - collapsible={sources.length > 1} - collapsed={true} - collapsedDescription={descriptionCollapsed} - hasMultipleSources={app.spec.sources && app.spec.sources.length > 0} - /> - ); - } -}; - -function gatherDetails( - repoDetails: models.RepoAppDetails, - attributes: EditablePanelItem[], - source: models.ApplicationSource, - app: models.Application, - setRemovedOverrides: any, - removedOverrides: any, - appParamsDeletedState: any[], - setAppParamsDeletedState: any -): EditablePanelItem[] { - const hasMultipleSources = app.spec.sources && app.spec.sources.length > 0; - const isHelm = source.hasOwnProperty('chart'); - if (hasMultipleSources) { - attributes.push({ - title: 'REPO URL', - view: , - edit: (formApi: FormApi) => - hasMultipleSources ? ( - helpTip('REPO URL is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') - ) : ( - - ) - }); - if (isHelm) { - attributes.push({ - title: 'CHART', - view: ( - - {source.chart}:{source.targetRevision} - - ), - edit: (formApi: FormApi) => - hasMultipleSources ? ( - helpTip('CHART is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') - ) : ( - services.repos.charts(src.repoURL).catch(() => new Array())}> - {(charts: models.HelmChart[]) => ( -
    -
    - chart.name), - filterSuggestions: true - }} - /> -
    - { - const chartInfo = data.charts.find(chart => chart.name === data.chart); - return (chartInfo && chartInfo.versions) || new Array(); - }}> - {(versions: string[]) => ( -
    - - -
    - )} -     -
    - )} -     - ) - }); - } else { - attributes.push({ - title: 'TARGET REVISION', - view: , - edit: (formApi: FormApi) => - hasMultipleSources ? ( - helpTip('TARGET REVISION is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') - ) : ( - - ) - }); - attributes.push({ - title: 'PATH', - view: ( - - {processPath(source.path)} - - ), - edit: (formApi: FormApi) => - hasMultipleSources ? ( - helpTip('PATH is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') - ) : ( - - ) - }); - attributes.push({ - title: 'REF', - view: source.ref, - edit: (formApi: FormApi) => - }); - } - } - if (repoDetails.type === 'Kustomize' && repoDetails.kustomize) { + if (props.details.type === 'Kustomize' && props.details.kustomize) { attributes.push({ title: 'VERSION', view: (source.kustomize && source.kustomize.version) || default, @@ -450,7 +168,7 @@ function gatherDetails( edit: (formApi: FormApi) => }); - const srcImages = ((repoDetails && repoDetails.kustomize && repoDetails.kustomize.images) || []).map(val => kustomize.parse(val)); + const srcImages = ((props.details && props.details.kustomize && props.details.kustomize.images) || []).map(val => kustomize.parse(val)); const images = ((source.kustomize && source.kustomize.images) || []).map(val => kustomize.parse(val)); if (srcImages.length > 0) { @@ -481,9 +199,7 @@ function gatherDetails( ) ); } - } else if (repoDetails.type === 'Helm' && repoDetails.helm) { - const isValuesObject = source?.helm?.valuesObject; - const helmValues = isValuesObject ? jsYaml.safeDump(source.helm.valuesObject) : source?.helm?.values; + } else if (props.details.type === 'Helm' && props.details.helm) { attributes.push({ title: 'VALUES FILES', view: (source.helm && (source.helm.valueFiles || []).join(', ')) || 'No values files selected', @@ -493,7 +209,7 @@ function gatherDetails( field='spec.source.helm.valueFiles' component={TagsInputField} componentProps={{ - options: repoDetails.helm.valueFiles, + options: props.details.helm.valueFiles, noTagsLabel: 'No values files selected' }} /> @@ -522,7 +238,7 @@ function gatherDetails( } }); const paramsByName = new Map(); - (repoDetails.helm.parameters || []).forEach(param => paramsByName.set(param.name, param)); + (props.details.helm.parameters || []).forEach(param => paramsByName.set(param.name, param)); const overridesByName = new Map(); ((source.helm && source.helm.parameters) || []).forEach((override, i) => overridesByName.set(override.name, i)); attributes = attributes.concat( @@ -545,7 +261,7 @@ function gatherDetails( ) ); const fileParamsByName = new Map(); - (repoDetails.helm.fileParameters || []).forEach(param => fileParamsByName.set(param.name, param)); + (props.details.helm.fileParameters || []).forEach(param => fileParamsByName.set(param.name, param)); const fileOverridesByName = new Map(); ((source.helm && source.helm.fileParameters) || []).forEach((override, i) => fileOverridesByName.set(override.name, i)); attributes = attributes.concat( @@ -567,7 +283,7 @@ function gatherDetails( }) ) ); - } else if (repoDetails.type === 'Plugin') { + } else if (props.details.type === 'Plugin') { attributes.push({ title: 'NAME', view:
    {ValueEditor(app.spec.source?.plugin?.name, null)}
    , @@ -593,8 +309,8 @@ function gatherDetails( edit: (formApi: FormApi) => }); const parametersSet = new Set(); - if (repoDetails?.plugin?.parametersAnnouncement) { - for (const announcement of repoDetails.plugin.parametersAnnouncement) { + if (props.details?.plugin?.parametersAnnouncement) { + for (const announcement of props.details.plugin.parametersAnnouncement) { parametersSet.add(announcement.name); } } @@ -608,7 +324,7 @@ function gatherDetails( parametersSet.delete(key); } parametersSet.forEach(name => { - const announcement = repoDetails.plugin.parametersAnnouncement?.find(param => param.name === name); + const announcement = props.details.plugin.parametersAnnouncement?.find(param => param.name === name); const liveParam = app.spec.source?.plugin?.parameters?.find(param => param.name === name); const pluginIcon = announcement && liveParam ? 'This parameter has been provided by plugin, but is overridden in application manifest.' : 'This parameter is provided by the plugin.'; @@ -734,7 +450,7 @@ function gatherDetails( }); } }); - } else if (repoDetails.type === 'Directory') { + } else if (props.details.type === 'Directory') { const directory = source.directory || ({} as ApplicationSourceDirectory); attributes.push({ title: 'DIRECTORY RECURSE', @@ -772,5 +488,79 @@ function gatherDetails( edit: (formApi: FormApi) => }); } - return attributes; -} + + return ( + { + const src = getAppDefaultSource(input); + + function isDefined(item: any) { + return item !== null && item !== undefined; + } + function isDefinedWithVersion(item: any) { + return item !== null && item !== undefined && item.match(/:/); + } + + if (src.helm && src.helm.parameters) { + src.helm.parameters = src.helm.parameters.filter(isDefined); + } + if (src.kustomize && src.kustomize.images) { + src.kustomize.images = src.kustomize.images.filter(isDefinedWithVersion); + } + + let params = input.spec?.source?.plugin?.parameters; + if (params) { + for (const param of params) { + if (param.map && param.array) { + // @ts-ignore + param.map = param.array.reduce((acc, {name, value}) => { + // @ts-ignore + acc[name] = value; + return acc; + }, {}); + delete param.array; + } + } + + params = params.filter(param => !appParamsDeletedState.includes(param.name)); + input.spec.source.plugin.parameters = params; + } + if (input.spec.source.helm && input.spec.source.helm.valuesObject) { + input.spec.source.helm.valuesObject = jsYaml.safeLoad(input.spec.source.helm.values); // Deserialize json + input.spec.source.helm.values = ''; + } + await props.save(input, {}); + setRemovedOverrides(new Array()); + }) + } + values={((props.details.plugin || app?.spec?.source?.plugin) && cloneDeep(app)) || app} + validate={updatedApp => { + const errors = {} as any; + + for (const fieldPath of ['spec.source.directory.jsonnet.tlas', 'spec.source.directory.jsonnet.extVars']) { + const invalid = ((getNestedField(updatedApp, fieldPath) || []) as Array).filter(item => !item.name && !item.code); + errors[fieldPath] = invalid.length > 0 ? 'All fields must have name' : null; + } + + if (updatedApp.spec.source.helm && updatedApp.spec.source.helm.values) { + const parsedValues = jsYaml.safeLoad(updatedApp.spec.source.helm.values); + errors['spec.source.helm.values'] = typeof parsedValues === 'object' ? null : 'Values must be a map'; + } + + return errors; + }} + onModeSwitch={ + props.details.plugin && + (() => { + setAppParamsDeletedState([]); + }) + } + title={props.details.type.toLocaleUpperCase()} + items={attributes} + noReadonlyMode={props.noReadonlyMode} + hasMultipleSources={app.spec.sources && app.spec.sources.length > 0} + /> + ); +}; diff --git a/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx b/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx index 7c2b65cd3ce27..956e8c679bf20 100644 --- a/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx +++ b/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx @@ -107,16 +107,20 @@ export const ApplicationStatusPanel = ({application, showDiff, showOperation, sh
    {application.spec.syncPolicy?.automated ? 'Auto sync is enabled.' : 'Auto sync is not enabled.'}
    - {application.status && application.status.sync && application.status.sync.revision && !application.spec.source.chart && ( -
    - -
    - )} + {application.status && + application.status.sync && + (hasMultipleSources + ? application.status.sync.revisions && application.status.sync.revisions[0] && application.spec.sources && !application.spec.sources[0].chart + : application.status.sync.revision && !application.spec.source?.chart) && ( +
    + +
    + )}
    {appOperationState && ( diff --git a/ui/src/app/applications/components/application-summary/application-summary.tsx b/ui/src/app/applications/components/application-summary/application-summary.tsx index 83916a001860e..f38a380b50ea8 100644 --- a/ui/src/app/applications/components/application-summary/application-summary.tsx +++ b/ui/src/app/applications/components/application-summary/application-summary.tsx @@ -170,7 +170,7 @@ export const ApplicationSummary = (props: ApplicationSummaryProps) => { title: 'CREATED AT', view: formatCreationTimestamp(app.metadata.creationTimestamp) }, - !hasMultipleSources && { + { title: 'REPO URL', view: , edit: (formApi: FormApi) => @@ -180,89 +180,88 @@ export const ApplicationSummary = (props: ApplicationSummaryProps) => { ) }, - ...(!hasMultipleSources - ? isHelm - ? [ - { - title: 'CHART', - view: ( - - {source.chart}:{source.targetRevision} - - ), - edit: (formApi: FormApi) => - hasMultipleSources ? ( - helpTip('CHART is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') - ) : ( - services.repos.charts(src.repoURL).catch(() => new Array())}> - {(charts: models.HelmChart[]) => ( -
    -
    - chart.name), - filterSuggestions: true - }} - /> -
    - { - const chartInfo = data.charts.find(chart => chart.name === data.chart); - return (chartInfo && chartInfo.versions) || new Array(); - }}> - {(versions: string[]) => ( -
    - - -
    - )} -     + ...(isHelm + ? [ + { + title: 'CHART', + view: ( + + {source.chart}:{source.targetRevision} + + ), + edit: (formApi: FormApi) => + hasMultipleSources ? ( + helpTip('CHART is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') + ) : ( + services.repos.charts(src.repoURL).catch(() => new Array())}> + {(charts: models.HelmChart[]) => ( +
    +
    + chart.name), + filterSuggestions: true + }} + />
    - )} - - ) - } - ] - : [ - { - title: 'TARGET REVISION', - view: , - edit: (formApi: FormApi) => - hasMultipleSources ? ( - helpTip('TARGET REVISION is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') - ) : ( - - ) - }, - { - title: 'PATH', - view: ( - - {processPath(source.path)} - - ), - edit: (formApi: FormApi) => - hasMultipleSources ? ( - helpTip('PATH is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') - ) : ( - - ) - } - ] - : []), + { + const chartInfo = data.charts.find(chart => chart.name === data.chart); + return (chartInfo && chartInfo.versions) || new Array(); + }}> + {(versions: string[]) => ( +
    + + +
    + )} +     +
    + )} +     + ) + } + ] + : [ + { + title: 'TARGET REVISION', + view: , + edit: (formApi: FormApi) => + hasMultipleSources ? ( + helpTip('TARGET REVISION is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') + ) : ( + + ) + }, + { + title: 'PATH', + view: ( + + {processPath(source.path)} + + ), + edit: (formApi: FormApi) => + hasMultipleSources ? ( + helpTip('PATH is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') + ) : ( + + ) + } + ]), + { title: 'REVISION HISTORY LIMIT', view: app.spec.revisionHistoryLimit, diff --git a/ui/src/app/applications/components/applications-list/applications-summary.tsx b/ui/src/app/applications/components/applications-list/applications-summary.tsx index efff821a01def..0a77350fd1127 100644 --- a/ui/src/app/applications/components/applications-list/applications-summary.tsx +++ b/ui/src/app/applications/components/applications-list/applications-summary.tsx @@ -40,7 +40,7 @@ export const ApplicationsSummary = ({applications}: {applications: models.Applic }, { title: 'CLUSTERS', - value: new Set(applications.map(app => app.spec.destination.server || app.spec.destination.name)).size + value: new Set(applications.map(app => app.spec.destination.server)).size }, { title: 'NAMESPACES', diff --git a/ui/src/app/applications/components/resource-details/resource-details.tsx b/ui/src/app/applications/components/resource-details/resource-details.tsx index 5462ba4f7315b..52d2fef184703 100644 --- a/ui/src/app/applications/components/resource-details/resource-details.tsx +++ b/ui/src/app/applications/components/resource-details/resource-details.tsx @@ -40,7 +40,6 @@ export const ResourceDetails = (props: ResourceDetailsProps) => { const tab = new URLSearchParams(appContext.history.location.search).get('tab'); const selectedNodeInfo = NodeInfo(new URLSearchParams(appContext.history.location.search).get('node')); const selectedNodeKey = selectedNodeInfo.key; - const [pageNumber, setPageNumber] = React.useState(0); const getResourceTabs = ( node: ResourceNode, @@ -116,7 +115,7 @@ export const ResourceDetails = (props: ResourceDetailsProps) => { } ]); } - if (selectedNode?.kind === 'Pod' && execEnabled && execAllowed) { + if (selectedNode.kind === 'Pod' && execEnabled && execAllowed) { tabs = tabs.concat([ { key: 'exec', @@ -162,18 +161,23 @@ export const ResourceDetails = (props: ResourceDetailsProps) => { content: updateApp(app, query)} /> }, { - title: 'SOURCES', - key: 'sources', + title: 'PARAMETERS', + key: 'parameters', content: ( - getSources(app)}> - {(details: RepoAppDetails[]) => ( + + services.repos.appDetails(AppUtils.getAppDefaultSource(app), app.metadata.name, app.spec.project).catch(() => ({ + type: 'Directory' as AppSourceType, + path: AppUtils.getAppDefaultSource(app).path + })) + }> + {(details: RepoAppDetails) => ( updateApp(app, query)} application={application} - details={details[0]} - detailsList={details} - pageNumber={pageNumber} - setPageNumber={setPageNumber} + details={details} /> )} @@ -364,32 +368,3 @@ export const ResourceDetails = (props: ResourceDetailsProps) => {
    ); }; - -// Maintain compatibility with single source field. Remove else block when source field is removed -async function getSources(app: models.Application) { - const listOfDetails = new Array(); - const sources: models.ApplicationSource[] = app.spec.sources; - if (sources) { - const length = sources.length; - for (let i = 0; i < length; i++) { - const aSource = sources[i]; - const repoDetail = await services.repos.appDetails(aSource, app.metadata.name, app.spec.project).catch(e => ({ - type: 'Directory' as AppSourceType, - path: aSource.path - })); - if (repoDetail) { - listOfDetails.push(repoDetail); - } - } - return listOfDetails; - } else { - const repoDetail = await services.repos.appDetails(AppUtils.getAppDefaultSource(app), app.metadata.name, app.spec.project).catch(() => ({ - type: 'Directory' as AppSourceType, - path: AppUtils.getAppDefaultSource(app).path - })); - if (repoDetail) { - listOfDetails.push(repoDetail); - } - return listOfDetails; - } -} diff --git a/ui/src/app/shared/components/editable-panel/editable-panel.scss b/ui/src/app/shared/components/editable-panel/editable-panel.scss index ee0d48e77d689..7da3f2c3fc55c 100644 --- a/ui/src/app/shared/components/editable-panel/editable-panel.scss +++ b/ui/src/app/shared/components/editable-panel/editable-panel.scss @@ -13,26 +13,6 @@ right: 3em; } - &__collapsible-button { - position: absolute; - top: 30px; - right: 30px; - } - - &__sticky-title { - z-index: 10; - opacity: 75%; - position: sticky; - padding-left: 15px; - padding-right: 15px; - margin-bottom: 5px; - text-align: center; - top: 0px; - text-overflow: ellipsis; - white-space: nowrap; - overflow: hidden; - } - .form-field__select { line-height: 15px; padding: 0; diff --git a/ui/src/app/shared/components/editable-panel/editable-panel.tsx b/ui/src/app/shared/components/editable-panel/editable-panel.tsx index 6567c7f4e3850..9e62711e0da7d 100644 --- a/ui/src/app/shared/components/editable-panel/editable-panel.tsx +++ b/ui/src/app/shared/components/editable-panel/editable-panel.tsx @@ -18,8 +18,6 @@ export interface EditablePanelItem { export interface EditablePanelProps { title?: string | React.ReactNode; - titleCollapsed?: string | React.ReactNode; - floatingTitle?: string | React.ReactNode; values: T; validate?: (values: T) => any; save?: (input: T, query: {validate?: boolean}) => Promise; @@ -29,15 +27,11 @@ export interface EditablePanelProps { view?: string | React.ReactNode; edit?: (formApi: FormApi) => React.ReactNode; hasMultipleSources?: boolean; - collapsible?: boolean; - collapsed?: boolean; - collapsedDescription?: string; } interface EditablePanelState { edit: boolean; saving: boolean; - collapsed: boolean; } require('./editable-panel.scss'); @@ -47,7 +41,7 @@ export class EditablePanel extends React.Component constructor(props: EditablePanelProps) { super(props); - this.state = {edit: !!props.noReadonlyMode, saving: false, collapsed: this.props.collapsed}; + this.state = {edit: !!props.noReadonlyMode, saving: false}; } public UNSAFE_componentWillReceiveProps(nextProps: EditablePanelProps) { @@ -61,130 +55,105 @@ export class EditablePanel extends React.Component public render() { return ( - {ctx => - this.props.collapsible && this.state.collapsed ? ( -
    this.setState({collapsed: !this.state.collapsed})}> -
    -
    {this.props.titleCollapsed ? this.props.titleCollapsed : this.props.title}
    -
    {this.props.collapsedDescription}
    -
    -
    - -
    -
    - ) : ( -
    - {this.props.floatingTitle &&
    {this.props.floatingTitle}
    } -
    - {!this.props.noReadonlyMode && this.props.save && ( -
    - {!this.state.edit && ( + {ctx => ( +
    +
    + {!this.props.noReadonlyMode && this.props.save && ( +
    + {!this.state.edit && ( + + )} + {this.state.edit && ( + + {' '} - )} - {this.state.edit && ( - - {' '} - + + )} +
    + )} + {this.props.title &&

    {this.props.title}

    } + {(!this.state.edit && ( + + {this.props.view} + {this.props.items + .filter(item => item.view) + .map(item => ( + + {item.before} +
    +
    {item.customTitle || item.title}
    +
    {item.view}
    +
    - )} -
    - )} - {this.props.collapsible && ( - -
    - { - this.setState({collapsed: !this.state.collapsed}); - }} - /> -
    -     - )} - {this.props.title &&

    {this.props.title}

    } - {(!this.state.edit && ( - - {this.props.view} - {this.props.items - .filter(item => item.view) - .map(item => ( + ))} + + )) || ( +
    (this.formApi = api)} + formDidUpdate={async form => { + if (this.props.noReadonlyMode && this.props.save) { + await this.props.save(form.values as any, {}); + } + }} + onSubmit={async input => { + try { + this.setState({saving: true}); + await this.props.save(input as any, {}); + this.setState({edit: false, saving: false}); + this.onModeSwitch(); + } catch (e) { + ctx.notifications.show({ + content: , + type: NotificationType.Error + }); + } finally { + this.setState({saving: false}); + } + }} + defaultValues={this.props.values} + validateError={this.props.validate}> + {api => ( + + {this.props.edit && this.props.edit(api)} + {this.props.items.map(item => ( {item.before}
    -
    {item.customTitle || item.title}
    -
    {item.view}
    +
    {(item.titleEdit && item.titleEdit(api)) || item.customTitle || item.title}
    +
    {(item.edit && item.edit(api)) || item.view}
     ))} -     - )) || ( - (this.formApi = api)} - formDidUpdate={async form => { - if (this.props.noReadonlyMode && this.props.save) { - await this.props.save(form.values as any, {}); - } - }} - onSubmit={async input => { - try { - this.setState({saving: true}); - await this.props.save(input as any, {}); - this.setState({edit: false, saving: false}); - this.onModeSwitch(); - } catch (e) { - ctx.notifications.show({ - content: , - type: NotificationType.Error - }); - } finally { - this.setState({saving: false}); - } - }} - defaultValues={this.props.values} - validateError={this.props.validate}> - {api => ( - - {this.props.edit && this.props.edit(api)} - {this.props.items.map(item => ( - - {item.before} -
    -
    {(item.titleEdit && item.titleEdit(api)) || item.customTitle || item.title}
    -
    {(item.edit && item.edit(api)) || item.view}
    -
    -     - ))} -     - )} - - )} -
    + + )} + + )}
    - ) - } +
    + )} ); } diff --git a/ui/src/app/shared/models.ts b/ui/src/app/shared/models.ts index bb88dcf3cc443..823c61c34dc9a 100644 --- a/ui/src/app/shared/models.ts +++ b/ui/src/app/shared/models.ts @@ -197,8 +197,6 @@ export interface ApplicationSource { plugin?: ApplicationSourcePlugin; directory?: ApplicationSourceDirectory; - - ref?: string; } export interface ApplicationSourceHelm { diff --git a/util/app/path/path.go b/util/app/path/path.go index fe08c3e86c3b9..d2bb166fa1b26 100644 --- a/util/app/path/path.go +++ b/util/app/path/path.go @@ -131,11 +131,13 @@ func AppFilesHaveChanged(refreshPaths []string, changedFiles []string) bool { f = ensureAbsPath(f) for _, item := range refreshPaths { item = ensureAbsPath(item) + changed := false if f == item { - return true + changed = true } else if _, err := security.EnforceToCurrentRoot(item, f); err == nil { - return true - } else if matched, err := filepath.Match(item, f); err == nil && matched { + changed = true + } + if changed { return true } } diff --git a/util/app/path/path_test.go b/util/app/path/path_test.go index b7afd47734082..11c746a87f3b6 100644 --- a/util/app/path/path_test.go +++ b/util/app/path/path_test.go @@ -144,14 +144,6 @@ func Test_AppFilesHaveChanged(t *testing.T) { {"absolute path, multi source - matching #2", getMultiSourceApp("/source/path", "other/path", "source/path"), []string{"source/path/my-deployment.yaml"}, true}, {"absolute path - not matching", getApp("/source/path1", "source/path"), []string{"source/path/my-deployment.yaml"}, false}, {"absolute path, multi source - not matching", getMultiSourceApp("/source/path1", "other/path", "source/path"), []string{"source/path/my-deployment.yaml"}, false}, - {"glob path * - matching", getApp("/source/**/my-deployment.yaml", "source/path"), []string{"source/path/my-deployment.yaml"}, true}, - {"glob path * - not matching", getApp("/source/**/my-service.yaml", "source/path"), []string{"source/path/my-deployment.yaml"}, false}, - {"glob path ? - matching", getApp("/source/path/my-deployment-?.yaml", "source/path"), []string{"source/path/my-deployment-0.yaml"}, true}, - {"glob path ? - not matching", getApp("/source/path/my-deployment-?.yaml", "source/path"), []string{"source/path/my-deployment.yaml"}, false}, - {"glob path char range - matching", getApp("/source/path[0-9]/my-deployment.yaml", "source/path"), []string{"source/path1/my-deployment.yaml"}, true}, - {"glob path char range - not matching", getApp("/source/path[0-9]/my-deployment.yaml", "source/path"), []string{"source/path/my-deployment.yaml"}, false}, - {"mixed glob path - matching", getApp("/source/path[0-9]/my-*.yaml", "source/path"), []string{"source/path1/my-deployment.yaml"}, true}, - {"mixed glob path - not matching", getApp("/source/path[0-9]/my-*.yaml", "source/path"), []string{"README.md"}, false}, {"two relative paths - matching", getApp(".;../shared", "my-app"), []string{"shared/my-deployment.yaml"}, true}, {"two relative paths, multi source - matching #1", getMultiSourceApp(".;../shared", "my-app", "other/path"), []string{"shared/my-deployment.yaml"}, true}, {"two relative paths, multi source - matching #2", getMultiSourceApp(".;../shared", "my-app", "other/path"), []string{"shared/my-deployment.yaml"}, true}, @@ -193,12 +185,12 @@ func Test_GetAppRefreshPaths(t *testing.T) { }{ {"default no path", &v1alpha1.Application{}, []string{}}, {"relative path", getApp(".", "source/path"), []string{"source/path"}}, + {"absolute path", getApp("/source/path", "source/path"), []string{"source/path"}}, {"absolute path - multi source", getMultiSourceApp("/source/path", "source/path", "other/path"), []string{"source/path"}}, {"two relative paths ", getApp(".;../shared", "my-app"), []string{"my-app", "shared"}}, {"file relative path", getApp("./my-deployment.yaml", "source/path"), []string{"source/path/my-deployment.yaml"}}, {"file absolute path", getApp("/source/path/my-deployment.yaml", "source/path"), []string{"source/path/my-deployment.yaml"}}, {"file two relative paths", getApp("./README.md;../shared/my-deployment.yaml", "my-app"), []string{"my-app/README.md", "shared/my-deployment.yaml"}}, - {"glob path", getApp("/source/*/my-deployment.yaml", "source/path"), []string{"source/*/my-deployment.yaml"}}, {"empty path", getApp(".;", "source/path"), []string{"source/path"}}, } for _, tt := range tests { diff --git a/util/config/env.go b/util/config/env.go index d2007fba6af49..b6679bca7e460 100644 --- a/util/config/env.go +++ b/util/config/env.go @@ -1,10 +1,8 @@ package config import ( - "encoding/csv" "errors" "os" - "strconv" "strings" "github.com/kballard/go-shellquote" @@ -48,8 +46,8 @@ func loadFlags() error { // pkg shellquota doesn't recognize `=` so that the opts in format `foo=bar` could not work. // issue ref: https://github.com/argoproj/argo-cd/issues/6822 for k, v := range flags { - if strings.Contains(k, "=") && v == "true" { - kv := strings.SplitN(k, "=", 2) + if strings.Contains(k, "=") && strings.Count(k, "=") == 1 && v == "true" { + kv := strings.Split(k, "=") actualKey, actualValue := kv[0], kv[1] if _, ok := flags[actualKey]; !ok { flags[actualKey] = actualValue @@ -70,34 +68,3 @@ func GetFlag(key, fallback string) string { func GetBoolFlag(key string) bool { return GetFlag(key, "false") == "true" } - -func GetIntFlag(key string, fallback int) int { - val, ok := flags[key] - if !ok { - return fallback - } - - v, err := strconv.Atoi(val) - if err != nil { - log.Fatal(err) - } - return v -} - -func GetStringSliceFlag(key string, fallback []string) []string { - val, ok := flags[key] - if !ok { - return fallback - } - - if val == "" { - return []string{} - } - stringReader := strings.NewReader(val) - csvReader := csv.NewReader(stringReader) - v, err := csvReader.Read() - if err != nil { - log.Fatal(err) - } - return v -} diff --git a/util/config/env_test.go b/util/config/env_test.go index da0ae71ba18da..c19961813a457 100644 --- a/util/config/env_test.go +++ b/util/config/env_test.go @@ -54,63 +54,6 @@ func TestBooleanFlagAtEnd(t *testing.T) { assert.True(t, GetBoolFlag("foo")) } -func TestIntFlag(t *testing.T) { - loadOpts(t, "--foo 2") - - assert.Equal(t, 2, GetIntFlag("foo", 0)) -} - -func TestIntFlagAtStart(t *testing.T) { - loadOpts(t, "--foo 2 --bar baz") - - assert.Equal(t, 2, GetIntFlag("foo", 0)) -} - -func TestIntFlagInMiddle(t *testing.T) { - loadOpts(t, "--bar baz --foo 2 --qux") - - assert.Equal(t, 2, GetIntFlag("foo", 0)) -} - -func TestIntFlagAtEnd(t *testing.T) { - loadOpts(t, "--bar baz --foo 2") - - assert.Equal(t, 2, GetIntFlag("foo", 0)) -} - -func TestStringSliceFlag(t *testing.T) { - loadOpts(t, "--header='Content-Type: application/json; charset=utf-8,Strict-Transport-Security: max-age=31536000'") - strings := GetStringSliceFlag("header", []string{}) - - assert.Equal(t, 2, len(strings)) - assert.Equal(t, "Content-Type: application/json; charset=utf-8", strings[0]) - assert.Equal(t, "Strict-Transport-Security: max-age=31536000", strings[1]) -} - -func TestStringSliceFlagAtStart(t *testing.T) { - loadOpts(t, "--header='Strict-Transport-Security: max-age=31536000' --bar baz") - strings := GetStringSliceFlag("header", []string{}) - - assert.Equal(t, 1, len(strings)) - assert.Equal(t, "Strict-Transport-Security: max-age=31536000", strings[0]) -} - -func TestStringSliceFlagInMiddle(t *testing.T) { - loadOpts(t, "--bar baz --header='Strict-Transport-Security: max-age=31536000' --qux") - strings := GetStringSliceFlag("header", []string{}) - - assert.Equal(t, 1, len(strings)) - assert.Equal(t, "Strict-Transport-Security: max-age=31536000", strings[0]) -} - -func TestStringSliceFlagAtEnd(t *testing.T) { - loadOpts(t, "--bar baz --header='Strict-Transport-Security: max-age=31536000'") - strings := GetStringSliceFlag("header", []string{}) - - assert.Equal(t, 1, len(strings)) - assert.Equal(t, "Strict-Transport-Security: max-age=31536000", strings[0]) -} - func TestFlagAtStart(t *testing.T) { loadOpts(t, "--foo bar") diff --git a/util/git/client.go b/util/git/client.go index bbd510c5d106b..d5ac7643aff45 100644 --- a/util/git/client.go +++ b/util/git/client.go @@ -705,7 +705,7 @@ func (m *nativeGitClient) IsAnnotatedTag(revision string) bool { } } -// ChangedFiles returns a list of files changed between two revisions +// returns the meta-data for the commit func (m *nativeGitClient) ChangedFiles(revision string, targetRevision string) ([]string, error) { if revision == targetRevision { return []string{}, nil diff --git a/util/git/creds.go b/util/git/creds.go index e0ca584ebb7ad..18698449082bf 100644 --- a/util/git/creds.go +++ b/util/git/creds.go @@ -277,9 +277,6 @@ func (c SSHCreds) Environ() (io.Closer, []string, error) { if err != nil { return nil, nil, err } - - sshCloser := sshPrivateKeyFile(file.Name()) - defer func() { if err = file.Close(); err != nil { log.WithFields(log.Fields{ @@ -291,7 +288,6 @@ func (c SSHCreds) Environ() (io.Closer, []string, error) { _, err = file.WriteString(c.sshPrivateKey + "\n") if err != nil { - sshCloser.Close() return nil, nil, err } @@ -314,7 +310,6 @@ func (c SSHCreds) Environ() (io.Closer, []string, error) { if c.proxy != "" { parsedProxyURL, err := url.Parse(c.proxy) if err != nil { - sshCloser.Close() return nil, nil, fmt.Errorf("failed to set environment variables related to socks5 proxy, could not parse proxy URL '%s': %w", c.proxy, err) } args = append(args, "-o", fmt.Sprintf("ProxyCommand='connect-proxy -S %s:%s -5 %%h %%p'", @@ -329,7 +324,7 @@ func (c SSHCreds) Environ() (io.Closer, []string, error) { } env = append(env, []string{fmt.Sprintf("GIT_SSH_COMMAND=%s", strings.Join(args, " "))}...) env = append(env, proxyEnv...) - return sshCloser, env, nil + return sshPrivateKeyFile(file.Name()), env, nil } // GitHubAppCreds to authenticate as GitHub application diff --git a/util/git/creds_test.go b/util/git/creds_test.go index 69c1150db881b..23a705ed33574 100644 --- a/util/git/creds_test.go +++ b/util/git/creds_test.go @@ -17,7 +17,6 @@ import ( "github.com/argoproj/argo-cd/v2/util/cert" "github.com/argoproj/argo-cd/v2/util/io" - argoio "github.com/argoproj/gitops-engine/pkg/utils/io" ) type cred struct { @@ -303,37 +302,6 @@ func Test_SSHCreds_Environ_WithProxyUserNamePassword(t *testing.T) { } } -func Test_SSHCreds_Environ_TempFileCleanupOnInvalidProxyURL(t *testing.T) { - - // Previously, if the proxy URL was invalid, a temporary file would be left in /dev/shm. This ensures the file is cleaned up in this case. - - // countDev returns the number of files in /dev/shm (argoio.TempDir) - countFilesInDevShm := func() int { - entries, err := os.ReadDir(argoio.TempDir) - require.NoError(t, err) - - return len(entries) - } - - for _, insecureIgnoreHostKey := range []bool{false, true} { - tempDir := t.TempDir() - caFile := path.Join(tempDir, "caFile") - err := os.WriteFile(caFile, []byte(""), os.FileMode(0600)) - require.NoError(t, err) - creds := NewSSHCreds("sshPrivateKey", caFile, insecureIgnoreHostKey, &NoopCredsStore{}, ":invalid-proxy-url") - - filesInDevShmBeforeInvocation := countFilesInDevShm() - - _, _, err = creds.Environ() - require.Error(t, err) - - filesInDevShmAfterInvocation := countFilesInDevShm() - - assert.Equal(t, filesInDevShmBeforeInvocation, filesInDevShmAfterInvocation, "no temporary files should leak if the proxy url cannot be parsed") - - } -} - const gcpServiceAccountKeyJSON = `{ "type": "service_account", "project_id": "my-google-project", diff --git a/util/grpc/trace.go b/util/grpc/trace.go index 484e2b61dc253..7ecc5bc9647d0 100644 --- a/util/grpc/trace.go +++ b/util/grpc/trace.go @@ -17,8 +17,8 @@ var ( // see https://github.com/open-telemetry/opentelemetry-go-contrib/issues/4226 for details func ensureInitialized() { interceptorsInitialized.Do(func() { - otelUnaryInterceptor = otelgrpc.UnaryClientInterceptor() - otelStreamInterceptor = otelgrpc.StreamClientInterceptor() + otelUnaryInterceptor = otelgrpc.UnaryClientInterceptor() //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258 + otelStreamInterceptor = otelgrpc.StreamClientInterceptor() //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258 }) } diff --git a/util/helm/client.go b/util/helm/client.go index aab627cb7c4fb..8b99cd67c6904 100644 --- a/util/helm/client.go +++ b/util/helm/client.go @@ -32,8 +32,6 @@ import ( "github.com/argoproj/argo-cd/v2/util/proxy" ) -//go:generate go run github.com/vektra/mockery/v2@v2.25.1 --name=Client - var ( globalLock = sync.NewKeyLock() indexLock = sync.NewKeyLock() diff --git a/util/helm/mocks/Client.go b/util/helm/mocks/Client.go index a950d953b05a4..0acae845a3d33 100644 --- a/util/helm/mocks/Client.go +++ b/util/helm/mocks/Client.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.25.1. DO NOT EDIT. +// Code generated by mockery v1.0.0. DO NOT EDIT. package mocks @@ -28,32 +28,29 @@ func (_m *Client) CleanChartCache(chart string, version string) error { return r0 } -// ExtractChart provides a mock function with given fields: chart, version, passCredentials, manifestMaxExtractedSize, disableManifestMaxExtractedSize +// ExtractChart provides a mock function with given fields: chart, version func (_m *Client) ExtractChart(chart string, version string, passCredentials bool, manifestMaxExtractedSize int64, disableManifestMaxExtractedSize bool) (string, io.Closer, error) { - ret := _m.Called(chart, version, passCredentials, manifestMaxExtractedSize, disableManifestMaxExtractedSize) + ret := _m.Called(chart, version) var r0 string - var r1 io.Closer - var r2 error - if rf, ok := ret.Get(0).(func(string, string, bool, int64, bool) (string, io.Closer, error)); ok { - return rf(chart, version, passCredentials, manifestMaxExtractedSize, disableManifestMaxExtractedSize) - } - if rf, ok := ret.Get(0).(func(string, string, bool, int64, bool) string); ok { - r0 = rf(chart, version, passCredentials, manifestMaxExtractedSize, disableManifestMaxExtractedSize) + if rf, ok := ret.Get(0).(func(string, string) string); ok { + r0 = rf(chart, version) } else { r0 = ret.Get(0).(string) } - if rf, ok := ret.Get(1).(func(string, string, bool, int64, bool) io.Closer); ok { - r1 = rf(chart, version, passCredentials, manifestMaxExtractedSize, disableManifestMaxExtractedSize) + var r1 io.Closer + if rf, ok := ret.Get(1).(func(string, string) io.Closer); ok { + r1 = rf(chart, version) } else { if ret.Get(1) != nil { r1 = ret.Get(1).(io.Closer) } } - if rf, ok := ret.Get(2).(func(string, string, bool, int64, bool) error); ok { - r2 = rf(chart, version, passCredentials, manifestMaxExtractedSize, disableManifestMaxExtractedSize) + var r2 error + if rf, ok := ret.Get(2).(func(string, string) error); ok { + r2 = rf(chart, version) } else { r2 = ret.Error(2) } @@ -61,25 +58,22 @@ func (_m *Client) ExtractChart(chart string, version string, passCredentials boo return r0, r1, r2 } -// GetIndex provides a mock function with given fields: noCache, maxIndexSize +// GetIndex provides a mock function with given fields: noCache func (_m *Client) GetIndex(noCache bool, maxIndexSize int64) (*helm.Index, error) { - ret := _m.Called(noCache, maxIndexSize) + ret := _m.Called(noCache) var r0 *helm.Index - var r1 error - if rf, ok := ret.Get(0).(func(bool, int64) (*helm.Index, error)); ok { - return rf(noCache, maxIndexSize) - } - if rf, ok := ret.Get(0).(func(bool, int64) *helm.Index); ok { - r0 = rf(noCache, maxIndexSize) + if rf, ok := ret.Get(0).(func(bool) *helm.Index); ok { + r0 = rf(noCache) } else { if ret.Get(0) != nil { r0 = ret.Get(0).(*helm.Index) } } - if rf, ok := ret.Get(1).(func(bool, int64) error); ok { - r1 = rf(noCache, maxIndexSize) + var r1 error + if rf, ok := ret.Get(1).(func(bool) error); ok { + r1 = rf(noCache) } else { r1 = ret.Error(1) } @@ -87,15 +81,11 @@ func (_m *Client) GetIndex(noCache bool, maxIndexSize int64) (*helm.Index, error return r0, r1 } -// GetTags provides a mock function with given fields: chart, noCache +// GetTags provides a mock function with given fields: noCache func (_m *Client) GetTags(chart string, noCache bool) (*helm.TagsList, error) { ret := _m.Called(chart, noCache) var r0 *helm.TagsList - var r1 error - if rf, ok := ret.Get(0).(func(string, bool) (*helm.TagsList, error)); ok { - return rf(chart, noCache) - } if rf, ok := ret.Get(0).(func(string, bool) *helm.TagsList); ok { r0 = rf(chart, noCache) } else { @@ -104,6 +94,7 @@ func (_m *Client) GetTags(chart string, noCache bool) (*helm.TagsList, error) { } } + var r1 error if rf, ok := ret.Get(1).(func(string, bool) error); ok { r1 = rf(chart, noCache) } else { @@ -118,16 +109,13 @@ func (_m *Client) TestHelmOCI() (bool, error) { ret := _m.Called() var r0 bool - var r1 error - if rf, ok := ret.Get(0).(func() (bool, error)); ok { - return rf() - } if rf, ok := ret.Get(0).(func() bool); ok { r0 = rf() } else { r0 = ret.Get(0).(bool) } + var r1 error if rf, ok := ret.Get(1).(func() error); ok { r1 = rf() } else { @@ -136,18 +124,3 @@ func (_m *Client) TestHelmOCI() (bool, error) { return r0, r1 } - -type mockConstructorTestingTNewClient interface { - mock.TestingT - Cleanup(func()) -} - -// NewClient creates a new instance of Client. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -func NewClient(t mockConstructorTestingTNewClient) *Client { - mock := &Client{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/util/tls/tls.go b/util/tls/tls.go index c7925b8325273..5e18c8eb75cda 100644 --- a/util/tls/tls.go +++ b/util/tls/tls.go @@ -28,7 +28,7 @@ const ( DefaultRSABits = 2048 // The default TLS cipher suites to provide to clients - see https://cipherlist.eu for updates // Note that for TLS v1.3, cipher suites are not configurable and will be chosen automatically. - DefaultTLSCipherSuite = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" + DefaultTLSCipherSuite = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384" // The default minimum TLS version to provide to clients DefaultTLSMinVersion = "1.2" // The default maximum TLS version to provide to clients