From 6b6d6effecbc88726d6b73f1aecf5beb68bc6012 Mon Sep 17 00:00:00 2001
From: lachlan-robinson <lachy4242@hotmail.com>
Date: Thu, 1 May 2025 10:24:28 +1000
Subject: [PATCH] chore: exposed sourcemap review

---
 .../exposed-sourcemap-review.md               |  67 ++++++++++++++++++
 .../Security Analysis/img/exposedmaptest.jpg  | Bin 0 -> 11937 bytes
 2 files changed, 67 insertions(+)
 create mode 100644 docs/OnTrack/Security Analysis/exposed-sourcemap-review.md
 create mode 100644 docs/OnTrack/Security Analysis/img/exposedmaptest.jpg

diff --git a/docs/OnTrack/Security Analysis/exposed-sourcemap-review.md b/docs/OnTrack/Security Analysis/exposed-sourcemap-review.md
new file mode 100644
index 000000000..865eef965
--- /dev/null
+++ b/docs/OnTrack/Security Analysis/exposed-sourcemap-review.md	
@@ -0,0 +1,67 @@
+# Exposed JavaScript Source Map Review
+
+_Lachlan Robinson (220325142)_
+
+## Summary of Finding
+
+The audit conducted by AppAttack identified that the main.js.map file was accessible to
+unauthenticated users at http://172.18.0.1:4200/main.js.map. As noted, source maps expose original
+source code structures and may lead to reverse engineering or disclosure of sensitive implementation
+details.
+
+## Assessment and Remediation Status
+
+We acknowledge this as a valid concern and appreciate the identification. However, it is important
+to clarify that:
+
+- The main.js.map file is only present in development builds of the application.
+
+```
+"development": {
+              "optimization": false,
+              "extractLicenses": false,
+              "sourceMap": true
+            }
+```
+
+- In our deployment process, production builds are created using the Angular CLI with the
+  --configuration production flag, which disables the generation and exposure of source maps by
+  default.
+
+```
+"production": {
+              "budgets": [
+                {
+                  "type": "anyComponentStyle",
+                  "maximumWarning": "6kb"
+                }
+              ],
+              "fileReplacements": [
+                {
+                  "replace": "src/environments/environment.ts",
+                  "with": "src/environments/environment.prod.ts"
+                },
+                {
+                  "replace": "src/app/config/constants/apiURL.ts",
+                  "with": "src/app/config/constants/apiURL.prod.ts"
+                }
+              ],
+              "optimization": true,
+              "outputHashing": "bundles",
+              "sourceMap": false,
+              "extractLicenses": true,
+              "serviceWorker": "ngsw-config.json"
+            },
+```
+
+- Therefore, in production environments, this file is not present, and the application does not
+  expose source maps publicly.
+
+  ![](./img/exposedmaptest.jpg)
+
+## Recommendation for Retesting
+
+For future vulnerability assessments, we recommend that penetration testing be performed against a
+production-equivalent build of the front-end application. This ensures the test environment mirrors
+the real-world deployment configuration and avoids false positives related to development-only
+artifacts.
diff --git a/docs/OnTrack/Security Analysis/img/exposedmaptest.jpg b/docs/OnTrack/Security Analysis/img/exposedmaptest.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..226bb15680aac4f2fa6b8d4dcb0fb141be0aaf61
GIT binary patch
literal 11937
zcmeHtcUV)ww(mxI5u|re0YMOv-ie5SfQX=g(xRYrh&1U0L3)!eBA^s$0#X7>6$rg|
z2|WR%lh6zhk{i#x?_AG$_uhBz`{TXue&3nw^~au>wPyX+UYS|5W(YqBi@*h4Egda@
zgoFfmLi_=Q89)OdJ$LT+Lo8&(hn$L>oQ#Z|hLVzkijIbkj+Ta&_B=h)h4b``^t7}W
z*e)<Kv#_$V(lM}eu(5D3v9PlI7D7Tw<RK%cCMTz6IZu0@<-c7B-vLG{AnF_?DamEv
z93u%SBMAWx@B;t|IZ@l+3jbRnIY-oyf|81whL+d?b^$m?LP~m$jP$qG#NL6#c7TkL
zoavIJIt8=gQ_9P3EK;u$KT-+Ys%&L78bJ$6Tf2u))3C8~aB>M<5f-^BDkCc=ub`-;
zaa&VM`;Lz8gNMc@rjH(***tr0YiIA^=;7)0(%Z+^FZ6X-ctm7WbW(CkYFhf+jCZ+t
z`30W}i;7FCs%v1ibzi^Lx3$ANI=i}idPm2`Cnl$UOe2<%sO6Q_pKI$In7#dj!=qo=
z<CEXGNC47*h4oite}{{ai0d2~87Ud%Z(Jnjyop50NJf51l7dOykn*V;^JS@5R4lg=
zKUTI<3rHKGS*_hiXxId0mV_|Bq5TEfKL#x1{|eb(f&Du!1VBehLi~87i~tD0j+RZY
zdwZj9+#GC~Ujs>NrQ1pzQe9LLlLx8yoRRzSxaCWJb}PDV7@YT^;+EvMRb7ihS^_{d
zSU>>O7LFOAouyU|-Y-d|zjwFHZ-6ANV)T<_-pR#l(#PI-cpz(0lwdz3nOnAzX5D^2
zo20kY?LZ}ActW@The(A6TB5B1#JVnRxxpt8dNV^<QXJN=;UQwIjJLC*wpM~tm-o&b
zJr6&cv#rHE^S)3wm!y2L_k~+4)5+8~1HpdL)`xN8{O`b-D!S8?=U&f>KCHGf!i`og
zJv7wx(XM4N)CB%J#OgStSKq=JLXqeZH%GZ@Ke~lqC{ia;pr1tzyF=BjqF8k3oOm1=
zS)Pb&n{v!X>7^_|mpI2;e$Ehp%M#d;zcETvp&r($ctg^xrcO@DIo;<}w&~zh=q+E^
z{c|q@H@V?fT;l;^Mck^ov#r<VuMQedO&GWtq%sc(l_f|JfY)|L1Rw{3i)=w@;{=q_
zai`E_O#;BRD^l1S_0x{>Z-z?1YI#W<9}$4=7`*Jfp|&Xf%NI~|>;`y$n*b!T<Lv)N
zp5+RQ`-gvu_=|1-VO!`gHR-Tl`GJ~FApio8N3}*OO^sreO6eG_vMdNdOwB>k(6%Fx
zCPm6`tO8ZKC#2>5(vDw~#l-egVK{VI(S-n<BLKtt-l;#$EEm6wUwpq;GJD2Ac_6#y
z)}5?X!A+^fNvFg$smw7x`>WK_e6iO-9~Cin1wVgBvkC`-hj-7rbRin|I^t^8AR<|(
zcq84tfJ^bKg20FD&=2{adM;~ltHd(0JgZz2O{zRUyA+^L050|AU>WcsV%N(y(nAQq
z{cN|kYPSO(hGApfjvY_&gyDtP;%M&&X!fv7cvpMcyQVEh4ZrGw`W|P`(_&#eXB5Q-
zGtcchiP(UNz0MpI$ysrEZ!IIddZDIG<W9UoyH<o_kp&<fOzukyw$SODvrHaasZXR_
zJ})cGxTD~0tDKSlra|&MPjZqE>0ZUyi;T&0?^n#c_#1cayj>1VOr{I=)HE2=rpn0m
zQXL8=U^9V%L3>=M0!CQ7%lN@Q^n~?De1%J{aNIe$3g>s}M<4sEX1IY>)Qhp4dYc>Z
zl!lll7igOcQUa^P4F}I43UPvTI!bjjf~ST;a?GncbG=DTer}^JHynRX3)^fw!ZWTl
zGoyz(4M=>T22(JD3+86nptjYc)eVkq7<IWUtsE^ANBY*Z?IqeCk>|%z7Ecy8bE+%a
z&m=6+eXyOXdhu?I)JDux=uwYhO)1HX+foBI_Mh*DB?fD2R7bhrTcA!yPQ?q4h<iGy
z*deK9{2#_E2dct!1{%e<#k7j~&PrJGZUH<jMoKiU4H(nTW|6PqsK=P_rqUrgk9L+i
z#QXgk2brLU8wGFQRB7+s;E_VRD-_tOJ@a?1K$Cu-LWmEek1;ZS6GI^=OhL4jrMk-f
z!VDIdXB%(C?rqJxF%>6p=Yhq)JUS6h2;y>J#z|MAwW_bD^5vi>U6lN1;%Fbkn#Z4o
zJDl5$*jgKsQG2*o+@H8e<!ktz|MKI2n;5N3FY<xHC|Q5=On=QU;r5Uf?f7YP_wV^~
zx1R<-2@TeAGro+u2ZKP1!J4HDUH-+|*G#9x+>v_u>1U3;(|r*`{oKk8t1&lLEfex_
zI;R)c`6$o>s|96F?mccxUu8KP^_+NT4V6MhyYi1oZMNANxRM)_qX5HfF^K-z8ytHe
zC_=pA`eC5heHWiKzm>S!qV!z{k+Dw=&zQJ51egSFe<+dZ2|qpCT*=btvJ#wVfvL?Q
zc}@0DAKsE>sIlr3o*}zPb^9A+-WhP2%lgXE;RFt_$A%WeG8!=pQRM@fkXq@DUkuAP
zv~E6-*vpFF?6P}0{O;Om*p!V2vg?(KY%W&2l}`*^cvM!Kj#Suv_+yiu(PD@$ZHhv5
z-r23Qz*3jDK`Q^o>@3%>AyS`{uJ8OLc$WFiW(g+{J+CtSs@EbqT`JBu+rcJ|OV;3G
zksYOHISopbnsuK)9Dnirl{V$`b~nFZ(sEoGemEcYHDJz%uZmv^bJ=-H+xW&@vFE<e
zPsJcXjQ&t$el$qp6r@vYC#R&^1m83JQJOXQB`QBLMLMACnvSsGh|?N-ZQ-{7Gi))+
z()7p)Ys$JCE4$f!XgX;<&V+i9)q&J@ql&X7Z}DOAJpcY>{#j-KaRH%fX>EyBiogk;
z{CX{?7Tbcz=8oxaygQ_T$Qud`9mb>GejHRVjs`q-bGVYqR_K~7IC3y1X1-Qm(9!i{
zs-Itt%&4;`4bf$DT{m{w&5{Z`P-gG#0(ymlgj+e1)hD!>eaZtGT7~X@GSA>h?dhcA
z$rh<iquulvuSp0A;=n|-pMoOm(ygvHCp?^(y8TW$lxawIxsFsRS=SijY#g0>DRbyp
zWmL^^ZR+R|T0UCEp&09}k<+2ZAIRN#0qeTD4`)&r-C(Tos18hJVu7Q&yR~e|1x>mK
z5olF0lyJ-z?x`J;dzWd`uWVNRVph4VVr;rx?o%;y<s_ZB9Kqt=<)35|2~i8&DyA4v
zNBTP$zTtCV%&D%6hW?nVtfH&Hn0&XT5ziauCx{Ov6>~iFDUZWO*0cGsI_OfknQB7R
z^<A9$;s7TsbAY<$%=><{&UIItI-REjqh=(I1<SOT?4MJo3N9u!)JJTME%K9NU#e;&
zDJr3h4lw1u20e4%LyB?w_tw#Ju?>hvI=s_1qCGV_E_<v9bHR#meM}uvs1pYH+=p6V
z?kSyVn?!Fge4fpWL|W5c?rC{pbW@Nt^woU_5IfHIL+vNeAueppJ*E6zuOJuM$H-HQ
zp<m1CPH{Waincv6M70mJU*Y+%{!6<N%>wJSlPBA|kpy7LoL6_#%r4<n)P5(8Iz*i#
z!H0%VmMMcnSzDsJ@o9ZsJFj$?oEk|3hPA0}tsWd)lahwy)!9NQ?nt<r%&R6&Tj`1E
zB-aQ&LJ5W61gRndtTBh-F)n#CJ`3<PgnrfQkTzbkr6*C^H!C9$d23hGTG$)CpO-r-
zO|--XXi`)bU+xMl(kvOQW7qv4`nig7b`b#R?g1>1BcxQTJ3!Uo*D4?aK&|$TulTdx
z5}0~+)6C>cIVL8w$ZR&!IZub|k@464?SxsE24O|i3ZfDFV2J>{VpHNzaIVqYhQQVM
zr^0hS`#2n`2YtD7P3YU346Pg{!8gwHy1r`-9u2WM8Lo{ENZL(HBg9Y3@p5sPc~0%d
zg+5;ap_NXZ{ZC{_?LOvjRqh5VlN|)06B5al_d|6zK0wb05m2m}Y2o;b-X;HjZv`KC
z`3YyR02zf^&0jo337v^8)lKf=s*Coj;PP=4SLrM0^Nl=oVBV&Xi(Z=5dBqaDa6{@U
z$4s4&X}1@zvO$FYmj;+#5n_KpwCZlfN=YTabiq|H@G7MFl275oNdiy{QPKNsxq&xL
zKKrPOt8iN(03Q9~4G`g2WEDhKZ{U`J)W(i~hSWg41LvSlkD~CmO?{?b*bcaA>IVU+
zX?#F5qxO+0P7Ja|0I<c-8n@MB|Agcti=h2&HCs7nl;T{6j|<EEhZ?(YLE{TH_)&BP
z?lJ+G2BXVbs#}on@Pji%j)<(IM*MFM?_CtgI~t7;`A9lGjvm5Ah_@_)PpB*IqKP~N
zpsr@2*5y<fVZC4HIo;?wR4Z-ewB#jTcJt<v1~UN&NIY|@FSDt9{Y!P%Vpt-8w#3ou
zy1vmM-d6`wHP>F*SoVD@t}gplFeNX!M-EHl0~Ztn`TD!aDknuVOw#OKb?;c=!FK-k
z278=Xay2%wSo2e>jla{=&#e%A-l;Bw3|umnG_h++Hl`dKatcomSv|4bDy@<+rb#SX
zE6EEMF$~ncTKbq*;`{EgIGBL|Y&{(#00*Cx4nT|sAF%r!e9|o#`RGO`<e7ZCpYv3r
z#><fzeVzd*#Pv((sGd8S_RvbO(GB{sxWe{pkaEw4P5(aSC>IIw<;NetzUtLsE+&8c
z$errq1?`K`vs2B2K6M>;ddhqX%_bRhZ?LwEUwO~bmmfxd1iI>ja`x<Z^eg%_Stq31
z+f~+s_HSjZ;fR5I1g5u+VC#<snnOKXM}XRxGyY|oQLzm3AjU_|C@*zT8;JZ7R@xNv
z8ts#ODk~GH{IGgtxgnf8#VMwEJ45j8_tvo+$3>f5JKBadb}#m5!JJM<O0f81mvTpw
zldM=Vh=VWdY>aH9ZUL*n3-@T2RNw+2XtZG^g`udtQXqu?Rt(lDemk%~JJ)lmVGpx%
zoS)p{N+EB@flL?M;pwZ4(_}Hu2xBq4N&a6^pg39s&&Yr^Rf6EeCAOejkZn2Q7R0H4
z2%&<*pKkMk2aZ%{<RL$a-gNva+Q?K?YQ<Y=A%=ejimp5)y6T<guCwZ+<fDYGvmCoM
zxnpxR%gmQ3-pXtbt3V{=m}Hg!e1{%fGE2=wYD(nJ21~st+<RibM(gn^H(HD|Uvw_J
z*!zhj*;dTieBPcc!u~`>$*U@8`|k3&9c{%ju94e411}XoSRI(e@iB4N<b-E6+ke>5
z!jb*b3%{#=Omkp%b*~vojAA5mn{Gv0gdSyUr;k{D)Z}@!t@5vRilhi%KCq@=7>he)
z&7Mkg^dXJNGK0giZy@Uii(xn4SohwE*tkgE8`Z+Zl>^fvL+y+H1_FI+6$W;XrmnSW
z7b}!(7tdU6P2VFM>09N&Yri+NiaRTIA^@sT%ov^p>S#s)hQK&a0uaX2Y_l4epqSgl
zeQGp?_agwPLYxSG97X`LTd?Z{fJQN(J>y7aHTnRutp`5dBmnU_=)6DruI$s>{n&pe
zHqrtUhyJX<D?!^5{^*(Bub5*qXkVfAr%cdayT*fW{2speX>Hm{n<n?2t`COq4*37z
z|8pcuq9)Qf<&RlXa%s+iA3JX-B2?92Fk|Rn#r-jI=?JHC)dZ{Q9|HbV!J9S1F}n0W
zF$z1a)PK%-o$YyvXvI-M1&-)VT?SagKZICZ>w9Pn{*TrF`Z%qqqy>@IvOh%tctK0r
ze~5TdEpGT9!^mB-HOnm_0DpWk{(qOD+13x!H2xFUzneBD?EeG8;;PPSEzH;1Sh>V4
z$Cf`3{$V6b@{BIWZ2oU!tICX@UgxBaKRaV+VkIsre_&+I5tUsHj3K64?5$Z$$G_nF
z>VJmd*#t|MoS>}OA$VHDn?5g^8T;C@5MJ*)&ClCkK25#J07jxAytr!^?RL-?0??*Y
zKmcsd>iSPXC%27ur|Z0DZ9C;FEWC=146J7@ycLy1a*Kj<YYxEYH`Fffw^VQAN0zr2
z_DfKTUGoCNQ%{B48@3;`4+uCE7drX{JhrY9PWR&2xW}>WwmE#}U{NaPyTW34_f2l}
z2`$`gDk6vuTQ&BbEr=UEH(e`-amp6NTzNmWCo_6krazKevV(7nJeFOVde+-I`Q=ry
z9JLXv{Zm~%^q|3ctQekk++?vw2#1KBtd+meY1ur;%Jdkiog^!EWkRUdRUlZ?N0!ms
zl=`~qlicV7;(VvZj6UlOMM5}z(grup#&D`a?<MVDCaiFu#)QAos=A~0EY?@Q!Ty>%
z&~g5Uj^&Si8nJZ-hW-U!*tT-(ydpX!h;v+)TCL}U(>s$CakbVka+i5fiar%>Fh{y2
zJX}?5^@RB=qW0t6?B{h+`K~brp9kD;2}CJN3hxns!!c{Ks*=wqHSnJ_AfeKjj~#Ux
zJUPxZTWS}uJU*wLcuw?i&Q@{Bye3&4@T@bo-T&2WSPxEYf*2t>6H^+`vF|q9toTM{
zTBz2~lihGgwm0#Pk&zG+h0X4VN-NWE7+kygL-agDri4r#%yPrKYhm12^k^vNgg&Jb
z3xS^qrTAH;BjZ#n=rg#}^z<TElc-U5lWsppUHhg&*`-jymZ9=33seses)@FI+bcH9
zzUUcr9nIf<^?;*HW=_Ls%*#^Sd;+p#DUJ+5tQBSn&m)T7a%lDlzR>xs0J5|6Hu^d$
zGz!aNHXW7~GcO&&-YHvsr_BARERvl9Dkqo*k`TEgx$-)u?xmYyfBD!N;xyCrU}SUI
z^zdY6$}&MLw~2mX>3Wt&5tTMPfl??_lew!%Whz(RS1^$*2s|CI@^mGsBafz}TQ6WU
z#~KShRbH#Ka5#~Vm5JOre5-a@I6}foxj0d<md(A}P`3*AdE+xbNoD*^Wa$ac2zR~w
zZb1*ba1{Z#LIAV^V48l13tLka3ziQ2=s3rE{^&B8rIib((5P$vw37$dacojX-aRt^
z9KW4gMQ};fjT!u)(qx@SUST-wjI^T`5&uO-+P6Sosl&<B)IBO-&Bi76;}0dVVyf>v
zi=0MAGbb~+srl%4%P#VD>(ITRG;fvc=wA#G1fZG#L<DFDB1;1`kn~Y1es&SAF#GE=
zL$xkC)`2<Arq%O|RDB}%;YuuXg9^OD-|zQTm<x55+4$yZJIiu!Zc;x^qawX<f9Jl*
zgW!);gO>J2_bghbz<Z+iQ(WIoLHclma?u9~j1GP#p%{(FBQgs#U1ef(`D`ZA78VzR
zgLM<cC#K`IsI4hgcrYGj#5gew$IVt<awUsDa;vk(bLNrow?vzGnVWlWFj8sGUo@Rj
zKoSE>O0upc0a%onph3W9@C?U%rkZ~Ero|R|obtCgNKMQ3j|y0LZOk@vcN}?czO&m(
zmF<I{^ycokEX8tnDETzj@3gb?SZ&%a@6HihL%zuKZ@x6Q?@4AARa_!XcthG+(zN}P
z0FdHF59zHIh=KO<Abs=!ug2oQQ5xdS*Qo;;E_1E=DCWCC-Q^5v1Ch-xaFWPhH?B!h
zD)fBC`d`VZm|r(b`<A~R=dxnGiqtW?3XkTb^B1taSWGE&lauq}8xezyY3fqPL8IuM
zmZiszr44tJc-53!D?UZLnmrC^6}$Q!wY>LruEBLD>+9zsMjwiw?I(JUV#Vu-f<|xK
zPSh5YGPiHY4q_(Jo$7qJe(%d{`+DMfU!JoX(Mtd-a*n0n<~BUT`g#|eO<S;!9%M@9
z$7wlLP0{Cq6yRK%G~11J9GVCU2A)Z+h{c%%MxQVCa_qGa?sncx*U~cgrixt&W$h-r
z+Ie$x@akdR;fH$g31XF;bzvrex2YLFD2F&A`pR3k!uq}&rxuZqR2=ElQ(qbOg+2K8
z;+_-tE%deKi<Q3Ous~S|oY~?^+O7n`^0J9-r+^4OYoy7OJDi<Vz4cSw0TnhGxefl{
z*T1Ijud90n3PBFd!LT3e12WkGo8fI3z6qO}S4}C*--X{HsYLGxP~@01k1lDl+$Z@5
zh|-vtUM*Byo8)H^mxV;I^D$yvQV=DN;6qE>x@_lu-b>kEP6|3~@HSXdDf1m*F?2fL
z@H=u1sk?%qdwD|R@XlG>v0B7w`t7P-IDSX_Hg7scHbRq>MkMzYxxe^NxI_e)N!+;t
z=U?a(-Pd7)(S~>wVZA>1916x6v##jenZ7>J`n+4Ahc_b5P^UB{D}Dj#4JSt2vkqoK
zai4hE+fH~ZYeu&O(+5(nTJPzJExIOY3&jJZ7fD_v!wofMKV*J2tqnMb5q`a;B7|%b
zfX@p@v`bk!`l+7PBtN#Wh%!OwAT-Z<<roID+@^j^MUCi`meNb4&Yo(w697IHb|eE^
zc?A+2S*^hrgF4fGJeJo|(^N0zkid0~noR(5ReRvI!pu;wG??8`Q=~)tY41JrFuTqB
z>2;<&TPkPg?Tw_ujXp~;kQp=8JkKHVsr}XVZa%fl!Tqz+r*t>oe!5-`N-etl&~dlX
zrcWsN0v)VR)e)%*u|lVCEybgZ(c9&TtVo%n(>8MpnO;MAHh~w57wFxF2J5&yCzE{B
zRx<ouHm<hJuuI}Tm*yO$tmci64Ie<GgH)<9wgvW{eWdw5-gm0?mGvrLnkFe2XY}1^
zz3CvBxSSZT^o<v&5KZil@As?hDZYNa;G1*z^Z{>}=AHcd>S+~;)7uOTSZKQvYgYub
z;i%`Cu;GZ82p75&vR(djKhuWntnVXj`0=p?3ig<IC}UsBKsUWU&p#R<d=Y*7rRk(8
z!V+I(+t9@RoNmz7Nbup4OA)p|zBEW_Je!I#ypPP<o&0rNyMUZFbuvEl#MP)av_knB
zWzk22Cw=XB77Rtq`SzJ!uk-R9Alva}$qc<N@m@3BaPvXGeIfxUd648=)_GPT?^EyM
zfoB9AX5TPiJ?2MP${}j_?dDdXu!bOI8;IZWWHisig8p9wAS7q4c?slqodJS{?%S2)
zRL^oH)OgmE0>k3t&i79?3np7RxC&oUv`LyM%ddS#Lr<d|u=I6ER{-0!WGSHs8$N)L
zEtvVZ9J+mWWUDhf)$>w`;_jl+P<f%f{5i<xix6*&jo_=$<%fp7^-vR7^QIWI^||gn
z{W{{z7q|OsZed4tb@M2@t_4H#wF$kAFDM*X>Z_o)GJt-*R^K%HKn*3B-eN~H_|{l|
z_`OK$klFroY$QUpVH)dwuWn3c9TjOg1J<Pfc$8ryUTY!+zp3CF4UjQW%65(1ijJwr
z!yx<K^mb={LdODQvJ5dtev^er?!Ik$`)3o4UvYDyJ7PL{Vd`^?&`Wg@g02c=VL%dv
z7+ZU%nNV|%N4~|HsdqhNz21!f%W-47==&edr6OPSet!}djJ~1Hsp7&iZZrZlVVzz(
zk1-OrwoQjCiEcpnauKPyGqZtNmtWG>Um@oY(0&G$=xuj6{#L>#iE;L8PI&4<hxCuh
zjDor7r%6S-7FeI7i+vMGA=znJ8lM|uHo1Nl6tly-aCqk1(v+1GsU`q*weYC|6B8){
zr@kMYeNP(`#6zK;u7j$T=5j3@sPL1M<@LJBWDB8O@y^tez_cY3s@u=$a<5#GzbI)K
ze{*@!G-Kqpsc03ud3K@~CSlubY=eKA+uJ8v9NKq!F9?~qVrLg{wmVua!_WD+QF`6`
zMAXrw4p9PDF#-o>1T9Bi=y_FRdvhj=bmeDg7pvxVV<+O~Fq{Ags@eGy088jVc3!DZ
z^*wZR-iMjp`o@Ma8J{w<ef5d3hE~bM<rm4K-Q{vUUr++&46GRp@IG27vs@E@_)_S7
z|Cr)uPX1}P?N=f@D__slunJZ_QL{GCU9|t$_3qauv|}zLpjNM-h1{lcIOsC;Y2T7C
zerUht%k?Wcd@mP3{uEtv%5L$ElRqQWq`H>2*=R)$W>)OC?P`5oU<OwPJubSf_5qQ*
zZzxHHT3-2ZaO{g-g?S>6Sj=PURlyH2olzepLLp^apqj%0kY?1=ukmLAk<aI@j9gQv
zw!P(T<9EnO=Czk*-T!D$rzbx*#&O}WsXf;!C)iMv1^$m5@A@a;q@f+46Jh)%0?-<e
zv!wlZ@8B;7CVX>8N@`_%KT%zO*Z3cFHr!r#a#G`;lfaK2AOI``U@ZqrjJ3%3pke=e
zO;G!Yc3oiT#>h^P3bb7wM@-7)LXrG9_8#Ic|8L(}PZ>0cdN7n~f5T!30Nnz{03SsF
zBB5xoFxK$zD@?akS^T|!{8Q=wW&3|x`cHrPr+fU}U-O^t@juQzh!gX_&9z}HroAoa
zo?*>}<7Fu^i|G1*0AhwE{lVEnWd5teaf2GYBXzr<LBELW^RvBx7U5;YqlC9j9^%h!
z%GUWHn-$0W#)e=jtld!|CJ2Vw_FSL8rnh~0_b!HIcx_54E^g&0Otz%^Xu+X2^lmWX
zPQWL)^sI%ni1TuutfyaHM?zFHDH;?hoYN(R4K-~*ljlTlyH?bcDj>%y_)s=obZ%Oi
zA1+O;q~^O-pV`Ue9@knDZzar34hNY#GSx@~#V^E~;^z~p)+&-4H8EnH(DR29%ve)%
zY=Y;BWqfgN*>3!yxLT*;L5y;@om4FodF^dx^UfH-k*@|dNh@v9t7?}vi3wqN&h%6V
zS32%m+yf(YON7evC(Z#+pF;}CCl0zRu02oNF+IH+mNcp15%uKG@LBqG9?IEYt}|lb
z-Ds${?1^(1B>W7zNC48811mM%p|oE5%8$@$S>6RcC_I~NY`B30JUj6Hf)hNJVaSf>
z1@CK?;|qa<?(PQtAQ<1rr7{pwIIdjn(i~Qmydu2J702#?x!ek=(Tif-;X1w;qVrL^
z!CHJc6)I_nyvQmjGoD_(aI&GGjj(Sia}G?^3=r^{XU6bvi`x}ps~=+ZmYR$pv{)<T
zV0#xAoxHcWfa(~>LA%hhI4K39@!D%<e*WtW<r?S*OUs~IopAv)dpHx$=ZVv~bx(gc
zk!Gb=1C!es`z`B*^S{d8^Ej5c?+Ous;7<g=ATdG7b50XMyhe4-A&6ZqsRTO1#*g@Y
zuH{;bAKz1(IO10%x{vV71!-Gv=ef=;8x`Y1uQ<-RkdoLmn_$Yafc6TXQVSSX9>b2h
z66(*FQ|=RPe&>L@=Q6uwM}EhPF9`XxS=JOi)lLP4`c8Eqw&55Go=UQ90#$56I=jYM
z4IWKiQvnrNZuk{!H)npDhL6q8Tj^G6kU2^X?!d|KlL#gUlLvqb@WXfzIy(Ush0{S<
zYM9r-Dx1Q4ms~tIDXY?WgDj=QGK5dXI%8laI{7}?GRA_Mom@V6xdm+Aku|n^UJ9F$
z53iS<oiqbSvhC}RyT}G3JUt2uGt{!kVF(?8J8$)#U!xcvsA;%e=;)femU&vxcZ}!r
zW2M?RJ~Hs1K^q+6(+X#fyx%yoy|FYK;vM+BR@EVMomWtc)5L`5f;t)Fl&oyPggjhq
zH_{EqGOETGpaC0|QS}?$QPqBkZe(MBD>pd;N~QK$4!>gBn^+l4o^G$KdkCfrQhj6=
zz=?&FVShb(<OOA#@A#nZUK<}YS0vrTb*}Q#qyB6?Nri_-ce*)PM-=wPQ<Rk@)F$z;
zwWs$2&=2++_I7{q!OF17I_Q3rs!gtfv{c@S{+A}ZfiK=fl?%F5!ownGw|tCwl7~&=
ze4yLxOAQ17)Yg27Pq5LS7Q$@*BH{e(I>Kc#d+_A7B<H?t-e6K#%C^s{QNhD<dXIi=
zAM)^51k|CApJ6WGrg@y&#zt@NSnE9dcufWb>2QHP@K!I90d@?Q+ZV5ae}2NuR8kY6
z;D2Ok@g7RmGCpdxy>Pn%TfOcmHiXm1*xlCK<-&q>C)`ltq#8;!M>%%TS?$X@%RNoW
zea<y5dm#oq@lMMLB=`|1vrM3__=65L>2Vdkye<dvj?Roi`$@yQ$LMjTVn)^&p`^!h
zoz$JP$KiKFDhJCHJ);{=5o4?G#8SU$(fTSw*Fm@>yZHmtRyFpsLYyyuu$m|_Rn``m
zw`r#}QWIxtfFbisO{;dX6a3|_tzx7PDg4paYRK$PZk+*YA`8yZ!Vlu5nlL7LD5{H?
z%>Y9*?0s#^bhGH*){&kxTz{ZS$ARTVZ)Iv+ooEtW2WQkhSvLpRG#FDyOqc-!I-pHr
z{wZ1YQ?y92h)8ZU@c)9s_XZb?s<TITsCLR+1?)eCJflw%pp&Y~rn>k>ee>P5t;MnJ
zi!fM-veP3*>u8Sqm$jmAl$0nCuOX9;e##9dCUpKn3jAyV0tVbZ4SEwWD9dIYmt3Yd
z#Yf7psja9&?zi{W3T(~YUUYz+Gw+_ti>}<^C_jl7F%y#jZ=#O{>nV1A=cOp+G0fl7
z_?cDsp~T6{>FqTLovn^Ir-@;e=9?!~Up7KjJO?~e{tu_4|JBLq|A01r!t}oY`_HNK

literal 0
HcmV?d00001