From 59e001cc7cde536859a41fad08986889508faee0 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Mon, 28 Oct 2024 22:11:31 +0100 Subject: [PATCH 01/34] feat(checker): add dlt-daemon (#4513) Fix #4457 Signed-off-by: Fabrice Fontaine --- cve_bin_tool/checkers/__init__.py | 1 + cve_bin_tool/checkers/dlt_daemon.py | 22 ++++++++++++++++++ .../dlt-daemon_2.18.0-1_amd64.deb.tar.gz | Bin 0 -> 34838 bytes .../dlt-daemon_2.18.8-6_arm64.deb.tar.gz | Bin 0 -> 31180 bytes test/test_data/dlt_daemon.py | 20 ++++++++++++++++ 5 files changed, 43 insertions(+) create mode 100644 cve_bin_tool/checkers/dlt_daemon.py create mode 100644 test/condensed-downloads/dlt-daemon_2.18.0-1_amd64.deb.tar.gz create mode 100644 test/condensed-downloads/dlt-daemon_2.18.8-6_arm64.deb.tar.gz create mode 100644 test/test_data/dlt_daemon.py diff --git a/cve_bin_tool/checkers/__init__.py b/cve_bin_tool/checkers/__init__.py index 54713aa239..880879e59f 100644 --- a/cve_bin_tool/checkers/__init__.py +++ b/cve_bin_tool/checkers/__init__.py @@ -72,6 +72,7 @@ "dhclient", "dhcpcd", "dhcpd", + "dlt_daemon", "dmidecode", "dnsmasq", "docker", diff --git a/cve_bin_tool/checkers/dlt_daemon.py b/cve_bin_tool/checkers/dlt_daemon.py new file mode 100644 index 0000000000..9726d37dde --- /dev/null +++ b/cve_bin_tool/checkers/dlt_daemon.py @@ -0,0 +1,22 @@ +# Copyright (C) 2024 Orange +# SPDX-License-Identifier: GPL-3.0-or-later + + +""" +CVE checker for dlt-daemon + +https://www.cvedetails.com/product/136117/Covesa-Dlt-daemon.html?vendor_id=29885 + +""" +from __future__ import annotations + +from cve_bin_tool.checkers import Checker + + +class DltDaemonChecker(Checker): + CONTAINS_PATTERNS: list[str] = [] + FILENAME_PATTERNS: list[str] = [] + VERSION_PATTERNS = [ + r"([0-9]+\.[0-9]+\.[0-9]+)\r?\n[A-Za-z0-9+_:%(), \[\]\.\-\r\n]*DLT(?:_| Package Version)" + ] + VENDOR_PRODUCT = [("covesa", "dlt-daemon")] diff --git a/test/condensed-downloads/dlt-daemon_2.18.0-1_amd64.deb.tar.gz b/test/condensed-downloads/dlt-daemon_2.18.0-1_amd64.deb.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..c65998553e3801811bdbf322b5fb28e3a8e1dcc8 GIT binary patch literal 34838 zcmV(pK=8jGiwFn-00002|72`*Eo5P3ZEtR0GA=PVE-)=IUtw)zHZ(3|WnwOLVR8WE zy?a+0N%tuH{Lc9+^(i_D&R|A~7|Do{j0k8GK^eisBqoT^2#Uba-HM6feD!zlU6-!v zZq#I+b=ErT%}PsOcHMUEd)<6@^75=deAyXz%bk{UH5&fszy5Cp{=HsXqhI)E{-!gl zf3B^{cl>=i{VKikA8X}5{}=xGuGgAC@&Eb%=fD3`s_gu)|M{Q)&ES{49Q4m#ue}^} zmIwWzKV6=#zg~X5mU2g_Rkpi-L|5*QEXzMz*kY|W?^0Heowc@$Z0p)$R>CSL#%w3s zuvp)=Snksjd->&zjc$E*lFYI5W0!5+ZnxQ*-~3u;e>GZc>E-fx=CkH`i+$^UIcC$> zug=(2rF~l7*n7dQzfJ-A`P0TSdsQm=f3Uy)vCdevy~Hj*ef%(BpWvFlJDjm^Zq8aj>E*}!4V<~gug6Y0)t zHaTc4;MG6PbH{6W-h{OWqxK~}dHpK~3mSX9iPP#}X)CPNZaZU-xz4b2<({*ydpm5y z(^Ydkay>S2+ShF0I?g2&?Mx=aQ4?}&dHvClfcnF}M>jVuxPiRenColidXsj`b>Iim zx!$-vzHPR9m#o_z_-+s0jVJw~*QIw@mrj4ex}&i(Waq6uB$z;1qX}l?_Roi{0p1PU zS7U~4m~=bMHl*?#Y@6#)V$T@}sPQcu`<@H=O)jbQ7Bn9UYIa-w0lXMY;g!eyArR^% zg0_3D3Dg~MIAm9sm>Xn1fOaxK+PL4rY&-s#^@onv9DCSwZ_*`fwtH8j4nvd-@VQA< z_C}ZdXTbU{bipm_I-@RYcU{NpyJN@curB26vNkUTUM&T{%~f zh}}&3o^ws;0E~KVS9C2%U&xEPr`^Mf13Y30T7Bz6UW8vP3MgO%y$rYb1C3dQ_Cqet z@S2TB14K(#>k`-NjC@bDrOC4ev~~&I0DJ8Y4QK%K0sBEgSE^-gMDTJMk%hmA;*#q@;+d~gKNdH8%G~%?>Z1VO%CtZ!M z9pY%$MSLLEcy0L@a|e<+ts$^4ejR}T0yb`XlUCbl zV$V0J_l%U#%c77~`k>`SG|~h?*=)DkJ)Z6gu#Mk%t$WUt-csI3OYo)z^xJf%K-wMX zFKWtY*zKQlAfOZI_^Yb}HE z#2I7r019=!mS{W~q3~$>E}~BKp)@e`A}JBz3Ub9h$I`BwEw|n8BeH$qg!JpCr)RAt zcA+vY!uk$~qiqn(MG&tVEETUL3?j{m{|suzz^tIDx#jkUz-fIVyKX1iNBt|1HO+DB z618&(my^)|Rgc+`2C1PiXH5rkZ$+~14=;c?6}q*~K!WRcrXZTAu}D@i-58)uexTB* z7oasaty>{e{E4G8(8M8~5YKstJ(+)`#`w{c?*TouqEZZ`ivt~L03x~|?@0@&4HyMT z$c>ShT+WXNEt5YLt4H}2>lR0~vYSNyys&H3U}4FMIz?az$dzX;nSr{rOXDM9DcYky4k#6ui-)tX#728WP#MHnCqV9r>XuCcewD1uZ` zAIvU};AJ`uEviXT5!~s!rWB6KE^cJ$RRRmoze3y*HP9z$7UhT1)zvHlG}LvZ2Rc^q zT&Vuzmg@p`N4dufVi_Wpn|zP(s!P!gnHSD3FA_i$E8Rp_vbp zuwlcP#tHW-h*yV_SxrN2o{Ut2q;(q>kEV`@RU@(W6som}ip7oEg-+X-RzZZBWPad# zdCnE76O(DNj?IZbBv(<2>sHu0*4fzc?y(Fc;ZZ9?92@S;fRX*7QE7kJpGG?(Y`ubo zf|QRw3bGpa8SWFof(6hE>65q`U@uKvfe^EMl^E&ASdiy)lnC`2*_Ct~rQ!Ane3-CS z>p0z(FSspWjW~#ip4TPs6+raIgTQzNc@SggMVrdw7NA#dVl}-qGNQ`YbgulNGRi_O zmLdwksT2Ol#Yf+Z^+8-A;FV2FU$8b@e#O<5o1&mXyR9}9cq_3t#{diTjB?xD-aOb& z$n4-!lWa^~ssfnfIrk|qWVdglA=qZ+1HenCPtu|DpeWFg9JYMtbXlbHbsQ7oMgNm% zkS3^Th{6p8fuekW)tUx`?{WdHll?udk0C^kw&rNi0lgK_qUaZ}gTWU57Ij17XP}d3Bav*4g)S2gdr%gXnTDwwBVj!b=*5c8>IO~Uy7By?z-ejQ6BI=hIiAj?0 z4CAKpDn-f&&D)6h`;*p9eDpvw%P5fys;M|goRcfnUL;%*R>(mbLmYIRfbWCOnj;NO z8yKUMXDxvWnV)1B!@x4^ZiRGDs+V!g>pkAt6p}T-lOh3%(W2YsPq1uoxdh{cBQc6K z!nG#pa)mN`;{4+~t{15>U=za`<2Y}PGqv=9kyl0&BUBKhS}C?|c#B+hVI5>Bhrbae z#oJ`w$O8rmEC9zemQ6~$-$&P7be(tZ)5U_cyMxxb8;2PghiIPNHZPsqdG1@Btr8&r ztmStm8e4hNwKn2RC`er)pN2O=Bw-{u)_F$1Y!dWX>mt-+^RZ-zXvIUOEDaliTuXD6 zZP1^f9$h7C%*JDW!m?mWe#!eNUOQNe&Li<4# zYFb-fC?+85r}dBKpkgA0e&s{;Mfa~`BfnuodFWqB zW7(Y_wT$@j21^D4=^kYmk+C52CX?3i+?j6+khoI>7yb~9f6hUZkh6x@u2n?I<5-^+ z#1fE@Gr>rSZj1zF1)gtgUCDz4!f|h!Z5}z*1hvsOrcj*c6p7Yw`zx^Pv|1w_o3RC* z8l`Ws8+fq~n#_)9`RD@hf;R987i{ z)haR{A_jN7856ZHxVx(BMAO&}1;t{L>S6U*(=rI`3i_m;`r$A}MAMWt;+(--jd zZl%0kXs)JKQyF#tDzz5etGjgYa$Vi6v4w9h*}?>_3%JhU`UKY@T<_r8hHC?^Rk&Wj z^$f0WDS(IT0J%j7pGQh)i0oNH^pWr%#>m6L%aBaY~ z3fBv`p278P3E<(nfa?sdPjDT=^$xCWxHjNgh3f@e&z4xek!MGBn|170?DLoWN&XAV zEUz%nwpnJDVwpc*vRb3U{Fg^I%f0xG<=^L7{-_M;%9PIkLr zU)L6r%>TzGAeR3Cc^u^_hh&GoZ^HMa%pu=oZ|y~vEM{+6W_k)GLTLit|4}td%WXn^ zSH4iG_`!c-BX9$&_R_l=v&_dd%VpuJq-Fcs-c;U-AFL7;(x|fIj%bjq%@>wiPO{wb zZ!Gt9f!#FojOtHKd>Lx|*QU)8AhILOCRWNOl*C=4vBLbB&AcahR!mqNJ&ExO%WcnC z=JkvvPN65R1>SO>03Z9eMpN-V_jbr~8`mt8y5@-ISblHxQqN{Tl0_zKplU+(Ec0}; zBmfRVEwaS89CLdhFC?NU1?1}$ppOS>ru7|l(+YgLtTL+hMhB|aVWR7qnZY1o*{qQm z+pGjPKN2<|VhYz*4*nokk}udvqC#&^5_W~%C6)lAJ$P}->~u@gYWW)Goreti16OfS4p)fX>|A-z+o!8|s=AE#p+5$8N1KuUTOqzm}N) zEmGNBW1nU0eZWG69YevqQXDJZf~|vQ7N4`+lT(&?@=OUH|Ayy?%p+M?$tCE&FUbnL zs4{;m$SReY2dhat3_4^|> zUGijhvjdx1l`QjK+98pc+qeL>y@2vdgi48eFF`DXEwPK@El@%lpcgKH>5VGNPDN4q zq{?R7`Jggmt!r`@AS1qZm?Q!J9IEyLs%B@EQktDn`LkC*E!mRREs-Wk9`n;_Qb2EEv=`FHIk|^uYX6t%O1R>8St2l1qYBh$dbh`G<*h?ymiOjWgi~e7?Db0GH&h^) z-S4(!+ZA}dVhho-j#3MH&*9<=E+S@lvx#po3wpCfPbe6-%JAp6{5s}YL<*)yd?ICq zf+=Z-qy-WMh=~eh)5jcvT2}C~+Z8MeAS(E=if|QKq>z!~<2rxcfY%MqH7ooz2mH;} zYCxiCY!F@V_e(dDb?|zu66UvB$MR5+rb*mD@hG6h$d% zpNdFoqYARTkMOG`hoshj_$lf5RP3WXq5r{Rx@AKI~g5}Du zp=*-59b*)F9Vs-Ce-9LodMz`}88S{;V}>bq{Hd7z!Rk+noYK6UX~j`7Iq0y=3n7wy zgD7%e)>!86HN)r|)zETqLF&52u;qZ+Sx}8VtH`FWwxscBQJI_6bj#;eu|#e8w{>`( z8!WTT>9V0|rF}cQ0@OW4w0&i>TA65;IvMn272El{HT~98k`N% zytLy;X$IIR02=|Ccc0t?&Ji^Gf=NbfwrkUGd|j~qXgqpWV1pkB^HfM6zY97t7ibOB zh}U}9`y*l;cwi}dUm$$~CFlemuHgC`L}~?k_D{Hf#tZX4)tOha3Hxs*NuOmWNe^sS z?{i%m%bfhEpc`P`Y+6=WEAKl{#1=5eW&$rzeQzpl-~iM4c1Y_Y8Eru;&F)X58w%AA<*HM7>h@0;c zXnGaPC`b3my2Ec|*sj#`N3{#M*@@UgFIJfc9E7$HR+vx$2HObau~)WPVJi)nO)z@D zC>7$rP^wGU7VehKZ80=5T@dNsZiQYJ#D&(M{B^g|A%PI*;E|*U^YWQ@0k+y76+}lG z{y^nG_Y`V854vCa%fvKlUz>@Ouy_1q*x&SHzFkVI8hb ze5)lYth^~KnJO3R!Tf4qiHq*KL;FArD+mVkmcpi{DXzK83?w@%mDwI}=-MICeU@|4 zCU`YfGCxnnpGsniZs8aS1iiVnGU{ZY%>;UWTkwl^$P#IAB=br8|BU#no9ZD~iK7q&?bm@pM8!jrVq+Y#oUe?U-s*cJ%X&9X7gWL}aBWqMzzegkrEwtGZ!X#YcR-W*G61G6f zQr2F&`zTALrX%!o!K$xdz(g0G)IyKpJZk|ng_x0Wv06bdpdksmdd>(!tx=r0S* zypQ-K80X1Z2jCr%Ep&>tJ%+q%I$#562jmAi-<8l)F1OG84N!hNn7&p;w+Kx^DET;# zZ91kbizI-c0Qz`}RB+6p1i6D>1yzAhtO;4)Kyy#KdA4g++08MMBqZ4#BPpMD+09ms z+r>zoT0IdU6@rQ)`m6!`F_>{NQoIJ)K`|H{2tr_(9+K2p4GfVt1aMzs|F?W7 zEfJmPQG5X|p1c^L_B)i(B(bUdK=DZFddHoSWRa)`7(7k>JhlepbOAmU(J#3xlFH3k zyMU%1cW>^9AxZ8LD^Okl$3dknBg7$slw+wdfVWB69<`{gDyZ2`hyNd@PvlC zC*TnNgu712adL>@;$?0Ab|xSVCB2If1~_D|->3i=Zl>WP!G9c73wRuH7y; zDPZQje?rm@BUeBQD3?4EfcOovMNPL};RT?)J3-_kKcCuZZl)D^x7by{ZT=`Ow}EXCah?;gB;eV|CO&OMh*;o3QnIdc%dAJn*)cG~ z4hV>Rl^vjBrM^1Ge0o|&AC61F$Q3R}PEdaCj*)O0Hh(G-`BrD^*#FVbPY1I7Oy?&7vU=t~kbk!)b*Zm&L?$^tz!ppF<6QltCxbm$0>| zy+#+w%(|qshsg7p%J&Odsm}qC&*QSqTzsWZcWcjI&`oACqTe7E613?%xKQ;cGx*K_ zKhd^N$7b79yEI<#fn&XM?%SZT9sua-${S>WGo4X4|*ukdte(h{zjfU zt#M0WYDY|ZsP+#W_xLlAaq8vlT^b!Y9-@aoq!qRTxVu311>|)n7*Of1^^)daB&mTS zfVxuVcceDHTav@kWVK5ux;Ej{N|7WwWKrUIAIH1<9x0hk89qz0%x?ztOGUwLGRKr+6q$1xxndH?2GHHYV zw-pn4Alhn`1a0M2L{FKso)F63*D|{*X91`ZXJM!yHOpk*v&`ZV%j_O01s4jyqESxn zH8Cj00oDym1!VFM;C~zdA_0vzh%K-DcrW5&GfK7+uqn{b*>>6G{j)hj9RJJslnO$o!~BNVTF1KpKQYNkxIh*)4t^ zi!h^%MgJKe6z6>dif*=v#B(fg*bCWh z*AhG2D|OlI5-qb1V37<1j=O#scU`7q&yE!}UIz$k3;kDHhVas+1TgzxJuM^SiLx9A zuy{jih!F6)xV_MjuZz*4D-}fF!9o0@;il_j%3hVt5@kIiAxGz`JRrCR4ieZd0gqRh z9-k24vy*aoI3E8L!G!#)=rJSAHG7W{JQ6FS--WZVB?sp^e%{9`o0jqcB8{oU~OR(a%58v`9|Cyn_tm#w@BkGst4Zj6X0z6T7T8U0T z@V`UN!Ns3_07A$fOugS(_D`SJY9NCAqV5DAoiQPcApFTyeGGvpGGaw{MUyuZ0^2!arvz_lp1xpyOch#EaZ?r*B-jf!~XyD|r& zY)FO{)gQDsFpBGa!&qT<%Df?O5q>E2(s6@%AaF~p00=D{Z?Q{Y<$4W=HeKccR_efR z1(37#agpBrR>@NQF>4OHW^(H+|HfmLcAH(=+@?bC<4+Z~2M(XRWW#SBu5GG90q9>| zRK1Tfa&NOs;3=tpFM(RWAA^fJI}rqe*Y}SVpMC$-V1vJe>Ci#p* z(;vzR+!}8eIPY!^Y69T!LJXThQ3SSUaV5s;rP5xrv|r>m^-@C;ICDXcx$D$4$ghyp z;-7YVk3R3wcyGOCw+jthy_H|^*RjSU*Xp)df8gM_6L_2Wx`mHVp(%WH!MC_IEJu{k zLM~?8syu9}U&e6~Tk&Bw=g=>(2m7%g!rDLyZZ-o=o~B84 z;A{l1i&fskDpr{9XW8VRBj!Q3W@b;2G{EL~!jbwU%`$&K0dB_x`#A0r%q(~-n`O6s z)gvI5y)6I!nr&KH_MEU~w|_8kvunu7U5sY7ZzvC(6=1iISn-b^Y%`IM1k`c931Ady z4lAi?9egyEeiF6bI1hgkT!Q(#^GsQ8(uGrlwNSUK*ck~N4*_y=OIhgOB8{r~EwuBk zF1iCk#pzkXC%OoSV!X}!&DOMRp4FsnJk1r^G^Nbon$j}f$21#ypJ!PbZ}Pz^n=K1r zq}^j0WHIlzdOm(`&a72t2gjAT894{Xc`~ocyp3pw9vlPtZs#dQY4LZq3m_jr$bF#S zJo^OXiSGcJDwW0Zi!b48g&=o9sYr`ePJVj7m1jHfZRa==x!Qql+DriB;!W=E8_Tr6 z(FjAr2JZY`BGY9p@s55^Q15*F%7v(h>iSx`y^;j~<;!P6N8#@e5iLKlSupsA94sfj zGn_lEhLf3JvZYZ>6(nXqqmjHe0jQUppMsZWm{(BXZ)A|nE>L0r2F4^D*`NT9 zM%hUMiROu&g`#R~x+w^vYO@f5iMViENc<|9Y}l7I)Lk{hv-RIrso?LZt7>RyK$ndr zUP$q@Y*w?mZK%eQg~IhN;QmySZDB<>U@7tFgT-nf#74~(c8r5z=UeP_3w}p6)&tEm zx;bUzQ(%24vNpzQq-8LOPpb<;Lsaf2w7`6m7WNqj*b@!tI|{CERoR;&Jkn@LbnXM$w-_Np zC5OMrkksw)rAuaTF>xZM&-OU6+==is1?ABMZzN7^J|+{uV^HZ-P*){!T#~`_6JkX^ zfPpci4xcC4#hW}0bDZF`Uz;b-dNig$K|TQAL?SLB&#v$Z#oi5fz&Ayuws<4%gk=sl zQ$Ep{5B6?p*Qs{j1A$g2F+%+T?uVBbmeng;7h^(Jdzn()%oS+t1{!ZKH{j3P4fYwd z*=JxH_fwa>?&h_=axwU}-v#}a?XmGnbUJ4^YS2q-0hLAJh@4{A@-cw@b(;TyeMd1m zlpQNH%w601^btEpRCj7d5{p9TpfotQj`$=LKJ7~%r}r}HFyZC;RkDQ9?~ra|;49?8 zO5;h5UAyFLWP57c1yx@-?<4$OR3 z2iPlMw%l}wWzKfMsI=+IWv{pZbZwd(ND^j?OBrLd-0j(F09*|m#{_w6?9B-f;R#^d zKgF@mQ}hZ!z|e%nJ7NloL?e>f51?cm!G@bOO`)APoI3p>z-$7Wo{JH-24s>+eADJi zlvO;{vtkCgX=;d|8WO8d1Ql1sZ_(B=$?LI!ycBHF8%o(OvP^SJ7qH?xHVUsohtF0b z-%^Cg3&+t=IavqgXnc*PUQ{=qc)!Qk3*NAl4mX$d79aQ9QZw55JcHl63s4{MR!ZQ$ zSKe$Uyq6_5`wZ&1@@6gJy^c)uY4Gq^lI!$4jDAb*Z{M7gvX=r@PSO|@nN`gybo*-< z8_2HA{;=CRv!K#+ZSv%B&b68e{bvlHlXrwZ)0?8Na|T(&pZR!2*tZw~irpTPu;EYa z)krYq#-tLX7Kz3z% zj!I*)_`r$c6LxE0#N@L(1YgYVB`5>G0w%<`tl7c718%29VWAaB@na#dEI-P@0iq3$-ughuHrN}*fSu(<)Wtszka{;`kpyO~+Tv0@It`!aVi^3Xw&2z_T zLoYkd^~{dAEJx3dTt@3584cvU}u)g|gwSGHn8+kVhwa7byEYdpb{gzC*E%yT|6^_as zR>R#NT(323J9WM~yN3HpRYvFM{o#2PSKN#H3N8E<4?A*+FIMTm_YQ_wO?Id@g01$4 zb?n%Mfv>-9P3dj$rtUdodc|pBr@V7OkM&+_;y}BvMw455aljYrHgK(Ou|IKWmmT9R z)+quiOT_9yi|b-XlJ{cM3v6s-6!QV$8*-;RkzqxxV24~eUft+7s2rg%@&U60Oka&- z(l~?uRUdZ+j4P^uyG+J?E8unk)Vu;;99^f49;ou!_^VHa{sb-t~vHJA)PMJ!;|Bkydv!!NMdQuH2Uxv~Y6@OYFhWL9&t9=KE(^ zXSW{oMRzi~l28-MPtU|f{nEDNz67XwRP8Kd%N2sLl10AZ!G>k1j77`_=ut`^$VS~_ zk+cg15wHd5ry4Ai0@5=CRfGAM|B`uaHzVt&H6-jJ-ueCpc-xW{_Feqgie%FEK`dNp z)f+mT^3NQL_8*gE?e%~shu8hdXoy=yTalcuTN66l0MXQ}m20JDv3!VxX0^uS$!H8; zJ!f!B_!x8T%>U6Xl!#g#sz6xj58ET$eZmr(1M1j#wU%A^?_fi;K9U#J=&^{9?T+Mv zcqrye)r0*eDB5Q2;II*g4rQ-M`nGVh3SM@EF@?;vz-}SbK)1O-HoxB^~61QM>I=o<`IpngdE5;fVnql^30zK^+&;5x{%> zlvM>ZBOd!hi?+@Jrthax3;i$iGtkt?LwW3sCT%BFZXOh|rih}&Je5jm0CsV>)J9rBXaSUxeN2ZZq4v5WYcdKKl!zNPJy_xh zf^jKb3jnUB3Eo)W6|a{_k(Dg*v7)~eIuchuUg~YXre>K;ZC+v zY#R12n<@5tf@VgI3ajIjdB~3mAf^m#Mm&%#xwvFGk!0eiCuQEm!UUbp6{f{c>B1Mv zdQ4fRz;um)2g7zQJlzqoW5Eg}wl4n_N=X9>g$+wWCThp((gQDp=t`FY%IyNrDBG8tlcFpoRh8-ZC~H$> zu5FaalWB>_{s7;Z=wZ|i(hEyJKAV4!JM#zuKpH=z5O4$uj`qvPAw>cvwm?mY?xhn0 zrp1kLN>bLpub{C-=YxG}nDwD9{7Gb+9>RaM9crgfl-^V~B}lajpqC7?nbd{y7&Y4$ z^sL*S^ttutOxs|^x)ucrG%6|Ngj*>Cv4a*+5OiwFQo%*^{(NtYRyKMqZYq_U zcaBNmdiRHz07z80-Gx{x;zt*!;t1%!ZGLLf?S7kZ#CKc$HA_$={;%18Aq(q)qhszr z*6-&I*L!$B=U+NO?B0D|e|;zKUp%|$@u#o+(%GO7o@4v7hsDJL0!KGpbMNK(8|gph zw8#gJGyA181MfR@;r^2~L z%qd%P$$AA(XCtqt2lv562#(y7?2A@D2)c^n47+a8}_0N$O$q^W%Pp<8BFgn(Sd+Mhbz);Wg(?^CMDm3A%_c zAzSs&RD+++l=qknt5c>wclPX09bx|Xvt;f)qVN~a?tJt??6F73%sCt8(Z>MYf0j{9 ze&NI3e(Lz6dFNo``%d&oX8joNdk=~)|oQe9VBc+V5bDRF)0XgBbp2CJ= z_$YE|aB!_ILMZ%%CMmYf&}ra%K3@3DXEoeeU5b?lyPEvo&7Z|O#k-ufUSO7GGOF4nuFtCouQt`s4npiI~Y=62wbg$VUf-cW#t-%>L(bx6>|?bXt^d{ zvm+`+>SR7~EM-j92wZ}5V1uDD{rNFZau(7CrK`*7#OMa}J3&`dj{R_s+@O?m;wZRH zfj_cN0`UY;Vw4#lK5Zp+X#sxgN8Q_@b0 zjeiriS*h)pi;{?GlJ3a&)I?)EJqhn?G;6TmmhUiMvs5AlQLafEx;PZ%0d)bd5IUke zf^5V{M_a`T&m84QbRK72hoPb-tFpgq{8S)IG{q7#rso&WtXC(~9$6Zj=qI-YCoMH`+FRgE(O{#X&hUY$F{kuClrR|d6-*7PLZ0A=Ms{>Q72^}R zWd}(47|mLG%dFbxax#>c;`h*pK&+%#`FuD+q)?w}Fp!95Ea|X@I01R!QOdYB6FVqj zr*($tTmdTP@bdV8n87+yy%)@`m05+UMTjZDy_oL8wV%=b{SI^)imeHBgbT)YzfDSv zSCLSpX3VCnx*R#dVubV)rKgn4(i+;927s!e`qWznVnqLw7ion045+~fYBMl0)2-k2l zUC-@b^#`qqF%?h%;P(_xsT8$PHKh;nYF;%)*e}5X1!WFF%fUTHL^x!>01hWsHGeFp z5~3c1epzArBO}bvIvdg84{sum)wxD3ilv?WQH9s0QhHyiM5-eiqw}K}E>s|KNb2;_ zi*@HCsmSO5^I5kdbFhEmt>6=~@r>>f^Vy_fL7Ax_n+tAopIqjS-r*raeCPyh`DyOa z;Ey}K{V}IwK7695f>6h0#vdgZg_Fl>#uj880cZ>WJmx542?Ht={dIok?O-$-8(-D1 zbmUBM3DI#PXNg8$aD%%)j(LeHI_9<0_G8|PIvA&Xnh>6_@nX|PM`jcfgh_Nil&G;V zh#mvW5Bd!TZ`4=GN+z+&6M-cqL;s=Rz>LOSr=0h$E&}O#GkWYrsK$qUAJsQBn+yd*t zS|3>?+DZ?NAt^5|E>A>3xC!%M2ZWx$w4*_UN2L@9A)6Qk1c)%Tf-9N?p(f6NmQhG7 z^Q5BO&lJ+f)L))H;w)zE{9;iZxjrIrBoW4v(+13rHNWZjGQV)_M8EKP1-eI#BobrI z3hM#CZu9UbC6<*mo-AC>(*^PH^cL?>mj81_XZNG1*b zCCI|Fv^AmFd(au^1^eis;z1NsugrUtpx?CDkcS8_Qya!6R#ID zbUKfcW8*w7E9TRzSV*JcDaKl2x@S&AhoUtWKOmW(k1Sq+A{L|l;>AtNYxg=(gl5LF zz=m~|>(j?oX^v$*_VnVIlj$FO*m1x-{P1dRsmITpt^Dw*^g34(z)u`C9Rn2}rkMvP z&Be#S8lyQ6W%wZAyb>use+60e#{(ybNRhPzf955-_oH5JY{ecZG&aq>14(=u4q(i^ zX}0^r3(bL;)92B7U2#-F%jNHZF{~S5-OmBNf0|a9@RfYJCr2@tEp9rLe%iU=dOZ3x z^cX-_tP7K~hJNl$drjrWdS5YM$N`c{?tx)36NU6~1wQVrlp}$Q6@kjN3t z$CnFNFTt2!us0T}8w+*#oPu0C7F$TK_#Be|gEy&H@SbmXgZrT5X!#MC`{IG^@CjFu zmDf-C7aaN-_`+|%g}uVPQfLH3nnui7qUN%2r4q60pa8= zgP>rmsq}hkg)QR-%gc>Yy#co$>y1*i*!+-h6zt-`F8f2gVd?ZnW@RJ2%66PH%X($4 zuB5Z9-pFrPN^Io}khL;hSOKKt&l>+(hc4&=N_#%TiVF3ZT<{m!g1=-j3+LQ_UU0t< z){7!=x>K%{_Vd+}dO;FdJyj2i{FB@Zf{B^J7-oSE96OUMkO0Fz+=F1pAPhi&$p8j3 z8iSH4`dA^IU?YZ>p?~9*t%?=lT7$W>Zd?igUNzNnPgw$fxaQk9@d@boLRtu1!eaGf zOj%wxjM0$&3no5I3B~{f&Y{PFeKc$Mqo+3eA-E~{bKv-j#X>CJ5}j-C#u^jztQr}` zRTfcy+-5-ktUGX~lh!S}!oh>qQ417OkhTNrOEveldfq z{#1@--=BDgE7$H^fkE!9e07J1^rQ{1@VBhr6z0nBw5Se&X!>9KJ2jm(XhrZs{)15xack=}5#8)pJG zMt?A%sU04ekU&yHH037~e~htveUz0?k+!r5?S@t7I9TE<)YP1cg~71_7UlpMX*7UD zP}Cgj?ZmlSq1nbUCH03m`rrzxK6BbFj3>3Cky~ey3-WIL)8TZ8ec**6A4Or$n<%s z|JA3ZFcr#q?IC)Lz(qk+DH=Hhy{QO;R9_9m7|JEF*(8M{Fp?nOAA&P2KOlYdfnN9o zCcX$n{%18I-hnLjff6MFV@)El-4CjSrw;)xSw=H11B(|ZoCuc3|k$|vA~cb4g-7FJ$&zRaLgXYe#zaAz1`s+JCSOZ$b7 zEMF-dHgID)RyZs-%7uKzVx_~wgF|}vA%D1E-rt40{R8+|!gn-LhrSj|+ef=}r?$7F z3XwgcW~bAW9&V%;G#VN_5;`ZX8}m)@qy}>XXxa?Se8m}8`AG3!Bc(`JO1(r{TXS-_IZTuG(jMjC|6Axj6)9P2-(tOLx#ZH?vh}moHSsMgDw~5B-f? zEFm7%G6(Uj)=P+IRTl}bb+jkw5M)!`>^z*dU|5+eOVV5%v~U_>e?ZS@mw|oaf>j$K zjwP$>YMDd_on>69)8{fFW{5B8@>T0*LOw;KIdpECJTxOrDy*J&HI_!{Q#~mkmQ{AE zwoAi^qESPNNImrZK;L{V#?BR!M;?Sj#$QG_6!4FQHQ>~4pQJ=kjHB&Li#e@Ff%bq< zXx#-L`^TL;z(`{YE9n)VEqq+KTIe(v?1d@?;$DU^*<5h>8AhS^2rH(P7~pc!qHLb@ zEcUrSBsS^f8!L34h8kebP7p-06zozc9BX#4->lYm@ki|0SvoE^=&@AI?-%*qdk~Dx zV!2*8*xxS|=ySbRDwKE1g=W3{se~^uEXE&XBKP%o(o)j{+>6m{kMkB4?Dbma;a+=+V^T&qcI05X4nS!BChZyX%vcT3CA zkVfgy_yna>kZ-xrIIO7owjxKhKvm3p5vx?BmuK@wK6?m9-Sguy?JzE;IPl%ZQC+JI zruPpp;Oa8mq?CvP z-16xsy_VavJc_MpgJ;^*Xfd5s%+Bs;b4L3UH@cT+{KyYZtQWl=`b18g49^DB^+R*! zjqawEq%NOz&X@2*u7QWXz>%!>-)CZ{!@5R-!6F9>dY>DLeESv`?8q^^#*hTSgYAgh zWfCoEEj{ya&(qd;j9kqfjhM}uqbV@Q`x4|k9kKgN&@XChNWNrR?yZ9p6QQZHah@K* z<6F*ZUUz)A1j`G;JWNVhM6P)eR=5n6dz94OL$@#tuqEbW+qP}nwr$(CZQC~9W81cE zTmALQ%I!&#dHzF9s@AS&o4nh6LX6N@yIJe!uKz-O`VukDv6c|M; zHCyB`C7CmXT!`^4+>@NS+49J4QhhfwG&^)zm><3rcUZI_{))6|Wws6CdpL~{<=c;3 z$!6;uP1?2Q#O?~HM`Vn69C!MPfPvCmaBcQrN-2_;ExdlCxYNHMvdc1nc0r5x^8cG? zka$?~hK+WS%qi=jIO78|hsnq%br$JeBH<90dt4`;hok%0Y_NbT&cZ@wk4#KEnAxF1 z2mkg^4E)$u+;Vl$pQBpC1AtO+q$dyuq7q&`pRf#P8AOOEhPD3dPcnA0Vl(PE-%S^( zJvw?Y*HVuuma(;}>y@LyI6lhz(SdL-Pk>nN<`p%1HCQW;RNkwa=yRGw^(c3%T+&A? z;SuGr!iHNCk~=Cc$sphv4>uVO3X&+VILQX(D;G3o^aX>V`-5o{nl9HYOo*$&NtTX) zd)4e!%ifcH&K=ozr|EYuYjV}ca*3&NKk0IbuudIyjom!dCq+HVkyP5A3*%dvyZ@% z$feCjspM}MU_qJql_DW^5P%`qA-tA-rxR>=)4$$}cokaDz(VbA4#7zobu4NK7}RJP z$ZX@$kupJyT!cPzph|#eRX9^vd=!x~5!HoUhIfBC->^*fui2yM>QL=8IVBao4QwBI zIy581oC{1K2Fw9ij&3fx^|&altamjlohr;id37KGE9wiqvIu_$7b>U?g1HoM2KF%= zFJ3$JA9EYCM?v!J3R6HN%5j?b_C+M1z+LotiraQV3?7hG`)CLzZ+rN@&|ViX{x*$p zRtOUK-X=7)b#7>?YG>LBte(v-6?P15BOSd7T>c^w3*Kse1Y>Xot^7-Q0E;ZaCG-<7 zkcAkgvEi+>|4CkSN4&+rvUE6#Clz{js86ZV-#ksq+g>VE?BjqR#=ga0LyLADyHvO= z10YuEkr)XyUUyK7V1neAPeZdZnK&wxW zo}a$eEk25L6IXoT0M*!8geuT$7ZE3Vj;f5tAo^HrKpxMLqsC3*Rxk^m?xsjOvt`E&k0lfF>@$ zy4=Y=Fn5sDEkG+8CE)V6f;8$ZNS5xWO9TFZHmmr*yW{S7=xh!i1|Zspxr zd2k+C*XWywK}8wUdudz+As(DB)F)sUb?cg-L4!U`U=GJF<(egey;<>o?j!*3i``E8 zuG^{C50m3~;duI!NH=@EZYiE2S6SbzOrfc~7G}reJh0P3XCG#H91<=2Qs#QDYV-Q0 ztBqSNvLllv^V!KO{-ur7)#|m}>y0Z{^Orf4eAWynZ-Y{gTIMt&Yp-dg0?b?$zpn1< z*4dGzk9qk8i8rS8-RF=2uC&W-xScKP-z(X7bWQ1>LdZR`*@Do3Lpz@PhH<{{(5>YU z2s?{a=PGD>Knsyc>XYXz-Imtuo>>x)L&@w~$l1&ilt(;eL&yZcm1r>^MsGc$x#wxu zNmJYaCa>$7R$UYAHMC|VHBLq|?v1dK&$bb#{IvBcdUG3> ztL9{rxLo`$n=7}jnbq&pHKwoX1tV$t^fBgq);aBK?YAk$>|Q_D(K@P|rN_}-Xty6% zsQI~kwzQ3ErHQ}bpO<*o(W)C#w~vdXaKJB+wdb9K7+>$MVY)mNjk|MrwT7;1yN2mJ zTn`%uX0zbQ$JjZuwe;(AWQU)fEq2@2hx&T$8o!UN4<_p$&(SPxyeWNC`;DEoX83D2 z`njkZO7D*cRPVRqp|D3Cfeq~^kB-)rfK}72w;VrrkQsy zFE`i74#884A>$Ui7-@iRNpKeAI7s#}Jhq)|7szav7L;Pn*Z1ubD(_ z*IdQ))~>pvmjThy1Fvlqb&vrBHvm!NCr5SE zvW;%Ha4?pD58xXI4YyLQRWTL)R-IkcW!@AB?Pyjzwyl5P)t;*;5Mxvw7(^F`fDQYk z%zk#5(78^59~Z3v1~eU0$x(w^c{K+J7l}t@Q;-4x_m#-Rt0z|toh*i84pS9dfG?5% zM@-SgI=6+rkAd1IJi-6GY9;+sR5fWX>{vpZ^)0l_*2pU6!oJ^ha_wF$bO?AU496|; zC(^=l)Usmp^e#wtKms~KCPKiEVAbpFA6g;Jdy!fpmmwH}G8Fo1btl~-9CA7pic0Z_ z8#bFkRrk@yY7|A&2gKRDB=39*s}b3H$u>D6z~CYeQh<5q7$@ zX%?pwh?yN=DIc@kxPP}~UhkdZh=p zE+^4v=LLW3-wk{SF-Ji4O5WFU^GwV(=VyR!QXGH$*zv^{6k!utAQ3CplO31EP-Q+7 zZi?C|Y@PU(OBq3iYU97`wr0g=@-3!n^~-Sa-;hMaV!Jb+c$-L7(v1jo?t`4>XLVIg zeLNJHKAL-EU)-kw#PcqkaJdZ5{(ys8Zt)t7!3ayo1uJU^D36|#6#;?D97wR$;5piT38Q&hDbgk=}(YlWvE(_!zqhV6$>dp`e z2WsKoZ?};DcP3;f-XFJToU~I6*i!8NQM{Cm%S{&t2;QOLr`4QzGFoK)K zjvmSY>u^Oa!INDdd_2c%?F;mbj?DxqYd)JDja!IRkJyJIgFozT%3bWD0>tlOPP)`h z*M=FnE5q6=P@2XRZ8pFYotlBL*=`f1>T?K_yxKt9PAm(X>ki}CbD0-T2ygMQPJsuc z%jK5{pY=I}?FM6qTyT&LNB@#95XjEo2Vp<~iGKW6vBE;^od9W(e}%X4F+(O6*K%UH z2-t(RaJUz4_H+eV_9hn=5?$@%aSSthwdk1iB&sB1j9cWjdOY6+R@RS>s{C(Iqi8&< z@mRyC_Oo8%e=`~_q*huuB(oE#R`f`99tQk98MXec|08Jp)43#PXIp){IJ*ob z^Zs3gOgWX}|37XD{&fhTHq9Zx=QOA4e=v;C`H!w{KdnCtxT?mM6$sRe$AbgSImPx1onhDPKMp?q(YoUxD)YQ( zBzF{B9hI^(U09<-Y)0rZ&;X$nCk~dI!lSNvYgs?fq4_bJtiPqMpxM~(FxZnq{}mTw zkK4ed`&<4R+uz0!v14>{7nr%+kGB3F^V1z~fL&qk_%QVM@5|kAc>Hg6|N1rOUd*gZ zY-NgB=crSg?1B}ni}e`V^KFakeYQV@3VrV82Xi<0yymlS`W&p^bJ{TcT}#f}n6WSR zFqZI1nEyx4BA;v5;a6=GJ|FGz{ORxo`R08(H2iHV!&_v`mptcOuvaxVt{6O3;kwRp zbA9v|qdWaGckCvS%ilZUsf?L*1%VHnJa~GmpXC3dDp>wX1ZI@sz>{^wTcf7KBL;rn zVU5pl`hM^ACZ6K;<2m;PR8==Cx|vOQDY^fLrI5ezpq;J8)YES#D>MkwsKd`PL+I<8Gk&Y^ zzfOC98V;{2T5K!4fPVLCSK6gxQCF_6jOp}G)q=iV(dF{!sJmTVA8b#zF$7uz)iHPQ z4Z1?8b9b;EY6V=Q(xKn?0$XcG`Trm%F#q4kiT%$ukb4K+epj$H@_%p#Uf^qNI@k`i zgD*gJ=F&8K!C2vhz6JaLaH!cD?^><8XTrwR5= z?XN`AXwB_3%)FsUg)D$~e-&A!Cv1hi)cO@F-~0THi2njri#Mh+<1N#s22~}eUR!%A zyHWWyNU2H`O~-H-2sE?lY1(s4I*#@D9aG|60N z5a$}dch5`nX8cH^WmW}NLM}B=FU%wXa6+_9A{{wTUj_6eL=>UM*Qf>X;TL7DxG&34 z-(56KRc>P8RBDGr)|i=t1qYini5c58A?^G~Yy^f;>S}Sm1#3w38{VXzV;`q{hF?uDA@n}in2hG)JV6F)Gyb&e&00ES7tBwB;iLHEiybt9Z6huz5` ztEbQ!&p3~<+Wc7OR*@_zK%{kNo2852WDB14LCH+^Zq{m)Yn8 zD!W8Ln;S{K1nGB3+X7baD&Ae&w4}tFWj3G7dq&D=yJnJ7+4X=Bl0%^9GrPXBO-KEO zb(4!sb1t9OYf(>GsjrXLke>QPsj{uFn`3(5H7Xj6DKgZfj7PK^T<50`ozuLXCYj{( zC}X^FO<7Euh|2K^DITT%Wg1~vWpU^&Xox+u zQ2>5m(l?(Jj$X>#`GOVs`45*#=S|zW88BBTneIw+lOQ=`qxZL=EBHk!P%7S$Muawy zx+!*pN=X1e4}voED2i@WQc&fqY}jz)tC-ce%H9H*46nf@lkDdUujmP^T-PW`H8WHB zzd}`zdME8G(J^zYMqax~s{SsiBc$rXHffdL0`s+O@v4FP8AOVpKI16lx2qc3nZ?ug zh@wd%nc{BR=-NjTg!p7gne8pvfVmV{Q(jA~u+^yDHViOv!;i7(Z4#U{9J;0g?+P9rU zf*z@1{(h(FkMTrH3_M53m((aQklrM;2owP@DhAqoW)Le({TF%d3Ni&00p(XitRsp> zVN&wZIjhIM?;Pkb3++1%=-beOm0*d54T45gU?M2k9>JSm&l^}Au|Y)mbr&U?+cf)N z?>eA+{l_K|1Tx#~v{jx~L_vC^j3{ZVBAE7u=$CptkCJ;Q3IYS<^KIqaq=#(6E1ibA zfeq3Mnae^A)JXR3%f~Izp!31%BCFJH93xau97^_h7kH>xZ(7DFJW6Rj%`g(jkJ`+y z@gte2oR!X8%Rxm3j+^F5DAHt)AbLB6HTB(NhT&U`r3FVPq1%qphQq)OUDargy79b{ z#)3yn<(!;l_t8z2RzdsM23PMKY?{WY%f?dMVsEY<&{-bQR&S$5y;QF!e+McNgU0z929I|XHZ;tL+N4s^OMvkzKzCtC`O z6R;UB^#N|8iO|xYN`@8zxo;O|-LBJ3kflZ~im6?^cbA z1mO^eC+XQhkMD`DU+t?n=v-n5zXInxPbl_G@J%}ZgEzsFFcA(b%njoEkT(iPMQRs4 zI|ktnn4ASaPY?$4wk%xZ+fk=vH09s7d8tX>^zLGkfBa4v8?XLIv3 z&~@q-dqgf%q(a>R!xQ6^+LUvxpltVSnZV~>;q;vV!pC*0VH=;Of(dwxo3>q_`5Iap zWM4o7Zbey>1mx*gW5VH{AX3HFy{y4)l$Z~o`=~y6Vao?6!;1@~h7w<|yAqQOx_~JG z*;LK*DcCnQ{yAXAdp!?z%}{HkeXB@lDtjoY@`(^{hCVEf`(()u#X z2&;Q$pow`Y(-ttCE;mW%oD&D0eiceST0OUrofy%wBG`p zCJ}6$3Et&8*Eov*7MsBQjF$90%o@^vZ%Y8UKS#r4``_Vo%6UW{xt0un)~Gejv^NmX zgKQIk$YnyJ9!Y3FYV+g)R^e8Un)}k4Gp-FZz_67g@Djw1F9-3VyFK$Za;AF*H)5{Q zv3&I|8xY(77D%)1%n5Sx1Y6Y$SGW3s!tZZ`maExkr?NhDR}?$QVS|x<6TSouO=6|4 z-XcT_L)o;2GD4)cCy{^U2hk)nCpV?t@j+o&bl>t4Fc&OHHYQ|+?q85C(CJDwn?lsS zR~JFEg#^P$AB#twda#y3e@p{2-w^Xbj(9k)0J@2rLggCU#uD6R!EFF;0=@~(x{$mk zPhKLP)xdNlupNx;CmDyD%!1tI2^vc!G#3gcKA-@>v7;!I&x1k;`OgsK4gHem?dPhm0D%g4MZ#rH zEgQN=lBcfopx{0nFAPrfdlQ&)B8dTV!(ux3&$JNTp>;w1o53GBVQYXTnsp{h1L48m z7%q>6K!oOzkXlu>%X}H<;07~W2Lw#4Zvs}SSyms*ke8o2A994m=oma1hn$?-VMLM} zI+YhC!jFEI;_Hf*Q5F#ug0nyhRNz54b)5QA` zf32#t~ct`0{!iUSI{s!&X7ldyeY@9vhh8xV$-B0P)#Nale@R=V#N zKHcWZw8DUnP&xi0Pww^-AhW&yYcnE(7tyXwDyZ#_I;V7AMHbrl(lS#&p#e}mq=7*# zG0VL6PSfNu%G@C?-4_DXV40lgAp;xX=eiu6&a|z3&ke__adp*`oQT6ynFhDz?^Y!iS~x5`qjoWq{kSEiW#{ z%fx^A&q{Lvln8d9sHAA%=o*>@j*{E*P zEUFPFIX>4(1qWH{7X;cO-G6{uIzk5WaZ`eWA3Mq?%1H1>I>TYzBoC8b=sd zkV>T0{~;x3dY3(6_y6QzCO~i7Ym&8Zo@DFObB=Yf>A%eV0DHIlMyh$g8EXHY@HeZV zx8_nEiuf$`9I_us29RIQRVzY9_`Xwcc6czy4?t)FSH5#k`&l|`#fl*4tKc3GH{%WPG27sIY@re_aEy;H@{~XQ))IPceI@_fkoCUzqjWA@UfD(A4sT0}gRoSve zbA$dN+q0YiGOLqde9OfO`$$dF`d+@XTRi8@va4OcaU(ROW`BbI?RsAWQoUvLubxJ& zOsIY&Qy7%7b6mvi6-J+xZ-QJ@`ih!O*rKgncTS=urEB z?@KN8)SV_NZdhZUXddw?mJppFm+1lJWeRQoo(z&gm^tcHrn^m3J4TAp9+|J0^P)7t zc^9ZBfa@bq$HWgB%a)L6cil(kv~}l~;OucnZp|2en!>k#7L{w8Bb$cwqKJ`^N_5W`OMZnmS`2q}{!ud9>X`z2KOVw%n{A_#Y zIUEFPxjAJ1IT23O1KSf_ zl@g%joAFolQPtuC9d54d8OB@&c)P}PyxgvB_EV`o>P$Opx~SZfZQgh_)f?i){HeA^ zFa1+Waf`ov4)8d(fRp{Xz1}y_6ms8y!KF^#_}yOkGL~T8P+<{;n(6oRlcrt@VeK~? zX$RF13-4ZNY&1N*-=8WE-nSH1*bdb7?4FcJC(q^&`p-|m*=(0TGg9pRzu%g5y;hLF zMgvsM| z&qa^q3E2@1#`TCWT}Pneq7+LWgEYwa2*gSxiAd&=o$tHdXbqykH1>DQiV1X@Os-Wn zEf$&)sm;z4nlx=ZYl%bbq}Bg43z3a*T^*J^Rk?zyw12*I=psEtNYFBqq2NeIYmp{H z9X1CWD@`0*EAp;Y@9aF)S`rrhDYVP~<_DJQBh*4Ig=?kL!0n##J$eLO~Cs%>89cw}aZPd`C!zy;q=7GPa z@Tf~Jj!-;np8emyelw(m=U3$N{0{&c5+P9E{aGJWRu7r}6D>%IGgRql*O(Z-5vaZ6 zp#J~%cLU(dqaobBvx&H>X6;(4Rn6?;qOCt6ePtH05&iYZ~_>vUi0!4ZR ze0SCvCf#lpw^6{^VF3QsVY`gse&{NhJ~&8&jn&-nHv87Ym@^izz!f59!SDAI@s!l$ zt;w*EIlMe~oG|SG%HN z&5^7ecwa}TxRw?>1}aZ;1&A#-`3rOwXW|;h6)!op%l&zTBNu0TTTLTDJIM@Q-=FlJ z5u>nqHNCtj9vhnoeKS%bm%{jf8(|ym7Q(AwnYDuC7IC)8g!&dM>PnA^jIL?$raZOh zW$fcXdV0vrpw~Kd#)k9LfK7dn=ni59H|aeGxMsC!LvJ^IcyEFcF%9+8&(UE9f}u9S zk-#{OX^bhQg&#w$1z3wR4o_$&&GQWqegE%F=Ni~K3w;a)IFK-Kc-KNHffO4|^Ba&F zgJt8vL593Z<9d06k5nUM(5|jDv>GaeclT?xE~V1S!}^E=Wyb`YSRFQh>F$KOcCu$Q zLP26b3HAupSc*?^RzQLGHY)={z0|1uu8q;uiu91CB%>r5C0Q}>$FYyYSDeE^xBlgXGp$g-i!BmONWG-(?4Z&u885Dd5MVp2#AR;nJ(f;UlI5S?Wv*Mn^~laTjQTitHJy5sL6GQ3lN6#sAi-A&=r7E#Cw%Xw+Fka*i>mBvnBluJo~JQ9;qISH6R`u7;82jrx(#lcVe(1vq#jf4E^ zF(Z*AZz;}(;R4krKmqLl3-DQvZWQ$trQA6$*qT>T*7p!;@#ey>q5Y?yt3MzhNVUL< zoPBnd?~3)Gz*#>2=&-pvadZ{|wXuDMe%hrpFy5PH)E?aHOKQ@~0p#{E(i-(FD%1ru zu$k=FM5gun1+wBF_u+YRtsFmUY}@SRU^esil8;-i;u}P&S&UT*r)a-cP-vfd*wocxn zX;s>TOdP0k60!I8sr&{=g|4j>S`@y8GhEJr35MI7x6jwB*!sD$X6hOysJu)&cArRV z>OPE+v8pRNhs~ha-axeRWh$!NZM&HI-Rv!{y-Slrp*=^g33X`MEn1sz>w^iy0gB<9 zP`uOauFzgu_@AoVC_|~NM9c)^xtEA1<(Do&U)#9fN(j8yJ-U!X#|ZBTR`S#ta=~JW z3uj369~zX@qsQ?KxH$0&)(6y8L7kf}riuZ+ad>d)$K56rgIDQ^-4|k}%;8{Qg-e23 ztsQK5)*8aBpyS}8Dq8|@U$YMF+Cm`+vmK^5vh;I|-l~qe|HK;Ij55Bv*sSym%e(aM zyUOhK5Xu3{EHom%E{zv_v)%(ej!S|Ru48gFvL7NEOMv@m%$_Aeg!f3pP;;m#8j6O0 z$9O$bhYG4KBn8}4MOgvQ``VRWLeEI_hyGsYH7lMULw;83gbNIOh_;^ZOnt-;dW%JX zqmIV~c^A{i3Gd=9JGdDch8jJNJn6h6kI};wDcb`cvEuh~NPWIX6z_8RgkweGKFfzT z7BHaE#UC?gF-WijZA+U_NVOxw&YbVQ`QG{3y(=yU{hD)27C$UljXp>j?-iqvCJA8+ znL@=0kyc^+JI@gkoh(I|v1-}yPjmM~H z4;$;Xx~Cc*_Nz)5fSMm{UFg>Ar~XSC1fzdxiW_YpH_s=Z`hd|D^{!0fdrL>z0tl~M zt7?<#F=~y4h8=>UKZBNt4Z6UM9Sf2-|1A`+K$L&6=uH6(1b?!Q%aoY~oLTUAKR-UN z$AsPZQqf#4vIQ4<;Z}_zer>VlsG6AX!Q-k{I9No+RzB2$KS#sD%4kDajV@;22{=Rm`Ig7bMc-$q^A7Orbk-D&y8F4!-*k zhB4!!VYt1>S`iJ;EX3R~4{Ki2TO=sWKr;5QLLvq zaD+;?#yH8@CI}Uwbqq;n$FNBYde=Gthw>iH5!@W;6rRNXA#%j9T0qpHGB1e9wGnX* zliUv16m6KxcyEtGuohwXkL|Sq6n!lME}LyNqA;TtO1ZxR^QoQt)x}6{I;Y3?ZC~n) z6_2xC6W)lU(RHwKPa@;^>enb{p|N?W+BjL2zI3U9e?#`-4ze?oj7mkq1rFK43LJGT zz{L9t90Qg&Q8vtL@i-QlEYF3Hfj4e36rbhg+`BZx#kC*UFdI@{zGc192=>rsO20`d z&JcnWR$78gb}VZh!t$VYUJVN&xTSVXw}solvjz+iOyT47wiccQ@W++&@-o)q^o;Rk zY}v3v1FFIu#9M5sS4M8KlSOT%M#LZBPUgyxFX~BJYEO4MAD^2$ z1ONtWj3R_F2Νr9CnjM8bxXCDOG%0|N?wR{7A|zc(-~dN$VCD)A+f@_TZijWeXL z1%Gpi+{oT4TdYJ3I6-<;;@m^WB5t9;_aFxrdQ>lz+9eT-zf`Qv0QLRltV?ihtRQ^1(Kd*1R>Dqp2m^pOi^Lfs*qIE3Ig9?xKO>!l zrZfzY@p2uDX9my!PFXvh6Ny1mFG~|i_f#uk{?h(Y6OFGL?ebb6gycNftb24w5f3+B%s$q1GEtf zBoNNb(JQUkQZu(@?dDXqrkI#4sdz|SNj*XGb!}3o#mp2`I+)BvMphS~;2f~s#zvPU zgyX~wWu;)&fNkR;{~s)ky8ob>pP@XVi|WvF9@*^a;9bMde=8#RUKFn;Fk};IRD#zn z@YE1wD{n0hh#h^ZEdo^79clA#KQ$a=j90vwhF}^+NjG#H>WJZVue#9Z^<@08*KK)Z zInC`W_QfEkr+qQM(h3^bLSr@XS8uKZFKl1Vzhw|c)<4~TUF3K6F}f|j&#CrNu$_!? zH)~+g&On24x1nu!CpO}rTO!fh2(#DOMqqW&oeg|Sq0EoRY;YCq;MG%Z0=byroXir+ z*Yw(7KjL!32id1qlI zxt6%NLiu->9CaM+nZ?M2u96 z&k^y$62MtYXANr^+A ^N(ZEXUzLpsBL!aZzc+K(zo`KPZ36B4Z%Gk%v*xFeK?s z%jVr94Y^WEf0<@x5gGl&(u}qPv_A4aGf4$WHfUNo6CR6=MUqCRZb;I10OgKs;jBcY zk{mjbG?W-PtB9kKd%>Ap0-}#TA@N_}#Rq)Puok>1)kll>sSy6w9@d^8DeT-Fp;qLT zbcQblEcA^LksMqa%{@%nVNojX?!9!NW2J+(A3= zEr);#jr0k@#6GS7!za+P(s&;52RBZ5v9bqz4G@mwysf^8liz5 zrhtXlvB!T$cnZmgsSLQ+jwVPZO8;gHLl~wS36e!gsYzt7x0giVvpJNA zc*58-*n{Kmbuq;_^pM)KCYFQh=~B#PB3CNs>!W$UR0*fs<4K#@L=M=8Z@0M+x|m&L z#B4HZhX88hO^+$)F|Ti`2k}iu21f6OTqMkxW8O9ktm}qNwsIMj)`mrPs7g{&vo>C0 z0iBW>^O8c0m{2;1INnv#iBRI^OXk~XxneyPc*dQDjkgMkG?U}oAW}Uxeo+V%vlB#$$C;z^4{`UpXZ!C8VnVFd5wUIi%C64&=^N@^13D)q)Ok&CezFvXN-N#&48n*=Fs z3@18dgZPW&Qc+9SOE(FG*i6q*9tWv91HdLgX(XfRO{gz)rPVmzEM-wWfzf!ks(@v;n9? zATwqOGb$}H&NmHC2{0oK-BetWsAQR}JiA9119>)4=e1^vUo>lQYx`cu4KYwTt+N*Q5x4gr)FctL7@&HMqan@rWy#_ zu>wNzmqn{>H&w`E$dgSje(@$E6r<{^)SEfupky%vgE1wJBtcpiBKLzMp18bZwgrp1 zjhc*4q!uiOrJn#V2D#Rm)3?>Bijt~FizqX^E^dd)^ILzC3uiEiXiH~AAVl0u1i&%c z5y2+5WxVvnE#?@oB7IG4`o=cL#KEBe7HC(vB^dfywvFM%{h~Y^<}%{hq9tqVHo$p8 zOHw6?<$kVtFnD;I8R&EUzOB3hCM6^JQn%-|M& z5mGVw+~E`!An=AEYtI#h#cNw?jA3Zxn@wS1aQ+R8Y8CN8TXBK=Tw$%LgdZx0$a65Q zL6ff~Tl!mO0!abLye*U{wF$MSAZ?Fz-^P^aA3{TA;RNLYd&dAHBK!au|9igtXrD|$ zm}AUHCtk?VHVXSa$w}eg7EN0TRiln7b^3LU)mEnd(WxrUBIY)}6|baQCa4p{l1qq& zZ3eF#fBmy@rG^IoMDLyS6=KO_6>GN>+@p5NaR zwcjJ-Iz5fZ!x9RgatTM08LDi^nvJSK2uK4m$W|DI0*g~PUgJEyapBX~sMMm(je@Kr z2ot1Av$zCC-cAlZBF0;Yn;S4Vd8gVk5dCN&B$7Phd@5sQ_Cg?$Y{8Ri(?Am0>US#G z)9@@-UQug8ua1JKQDd6MSK=_i6kU`iSg^PnJ3Np!X)ifNx){c45~@+kP2Aw`uV*Uy z$(xK3xX>sy=ES9}NqS8PM`~fe1YYdso{@!HMn9am$6YmL!JjU_Ptr6b@4YIn64A0u zhLd!5tYdP7NYWh-%3Zu4F2SWlY@4J653w*3KnNIohOKi!3(*2o?i4E&%WR(X+Dn$e zclO`jAVOAq$l=X^ zFB)0ZO;Iqe2U{k4t^G`DQ+xTnIqt-l=idPZt)Yqy;*&*d@Jm}*FXWohnvmm^r-=G6 zR;0lpKA?1^jk}mgI8SI9Jp!1(!PoQ)3f8dtItkDAW5IwggbI#9WrW4HS~U-9Uj&-l zV)JSwX8LIxh&!4Y8mNw~#?wdE_H6AU05o zCCTp#BO;5oM363t*bMw@YO0lGxpHN*5iXtOu|}1&2?HiZ+kFO0-tdP3BQl;{a?`C- z6(^M0ExBbDSj)B~MeiMzx0Xt2v!QdQVBYK)@v^~%-2udy^fsKdI=?d7#1^kh z{&EU9fK#Y8fsJv%fXeg&UG=^iO6)(06`0v%;)_eYE&i~{V32E)BfBDtOd4^QqU+sB zWL?l0ZqQmFvScdXCz#{9yYHuVSxH7AGQbQg7(^oXQx1F_U7NwM<*|UdFlsXNFA!&W zeieGh@yrkE@-^0}lgR?9z?6AYAR)39AYY=e%r&W?uEBm%8V4<=j^AWR5>nh6mU+#m z>{AvUE3yer3&z6ZJ7ju%EYko+*qsTm91i9O?zePCH-|4;5!xDj!2#E4BF41rZlW~> zE-8C$NDOZM%*0$YrQYr?+(z8hOe?il+}>Q}d{F4DAfaq5(-~Vhz!)+x2qyK{i5@++gBVBa6no7jC21M1ai zIXw`;grCShP%ijn0htVnlo^Y@=B5-8C1HW#aGVOD7zX}(uk!qM^C6}}r-c!)fAd7`%_b##FYc6G_-4iX&W zkAI(2&In?Jx$q!uD17wTo~nHnwR7EvgtxujI~$B=xfG@3pjEdn737{kY<@X{~{{ z!!ps@2_XUKzP-50s{)gGpSH_c2f*d0fC^-!VcQd&blOr76Mm*ocsD_c0fJ~L6d&PB zV*SRlH0K9#hyKQ4=zVNTa8NGF1gTHX7%#F)K~Yy0NgfgC|3ojgbm+R?i?mk3^TE@F zy150KQ^KJ9jTRDNlf@bk%UTSHGIZ$ZL~_~&**tpcdD@8eQ2>z%fBw%zz`F-z2~xJh z*>1A4s{g~BMXyO>t9tfg3`zI3AIoHY^?Zm0)seSLrStYZWx}s3mI)EOzP{8dY~Y;+ z!^Y1%{VyXwTWI6}-yNwUJek6;*pI~O20%&Z1_EthHE>OZrL4bd(7)Q!2SuKatkj=i zqlW(oTDjiN`E0=_j!!fdq4lp>j-$Xvpu_`crC%fHd0}XhQzDHluLN%3VTaIqW4N_P zlz;GvH!b4&JF@IfVXIcG0C5Q+QchFLX<$!i5KHD$WIsxF=o zGrK2UXRHKmnABbd8~PSW;lV2K3O08KM7n^HY>6_{O+-LwFe!_WvQMWDjiQUawZ?|% z1`}yhxqislp`U%ZMOM`Aa}`MX7J$^UC7?uMdG!TOw?=Jnb6s)CBy2PMzXrl7gL!dJ zC4SnAm{KFPbQM3gV)glJD5LDWq;DiO5U&D5aU$z47zYQX-^rB;#+_a{O^Dp%Nw_eO z5T%KPjNBy^Kw3PBXr!keHXESX-!M&VDoIMZ8p7)3+@)98ljQPVSXIeCnFcf97EJRA znr7=+rCK1pqmsp(g7R`}4J3+gkt5N_V0yz?A0-R`z#k6zDi%IAh|R%zIs($SS)i}a zG*8cGS92VM>?~;TimoshLa3BUg^#Dp?=?yA3Dt`0P2?+D&~&hcR*WgaJlP(G^K)xJ zEa7gFT-hWJAX3OnZ|n@q)PO5vpsP^WjCZ7nPjW4!o}nfdR8lNpE=i(`Tk!ahTv-6@ zh%%N`-<`f2-N6ZGW=t{TLmX0HD+%5cbXw!&JM~AXDj(gN!3W_dU_*$f;6d&l1>NH% zQs!T2(tV+e1tFHcq;Y~DOj#E1A#RR6vfyR+>$soH>sy@t=iGrA?v^+ewtnE->xcO{ zTwYASZ=mE)(B0nSL3#>F@inO%I<7M0P`6fX+GFcHiq@?eHec^#d-keW zXAdhD!p4xjafNWD=+gB1xeLjz_F^zZ-lE#2iy0L5MexP2(R!Agso&TiQop6iZH%m( zz>R#5BP+a#+^j0mMx{^UI?=L(Bl}Ifp>A0jk)%RErloqelB?eh9Aa$V^;tp>Ypp#K zeX*tARNWdpw--TnowPYQzG?c)rVyW%HJszFUV6ekS8bGT#)U+k@PKTt*W<#CAW>61 zTnZ=0O>ySIiIm+$I^a(dkSexT4!CYb3zQ@^F6xd&he3{k!ow}-kJZlHL|GQE=KZp< zB1}mo!>6LFP$DV!>6)6f6_@IRQbW1L3QWlowo-Q4Gix|5b*y-skfB)r2#1LM_R!Y- zmUekA5rkOc8<}*@o?3yi28Huo(5v5tWN-vaB6k;`7NidMj;rm4^y=eFl8CN+oC!U; zV+^s#I|yo7DH;dUmWs}Dj%cta;YCSuZZ(Ws5-tO6@^Mio1aHcem{tomua{ZQ-$Xuc zY5QtjFWQx-SR(!(n21L88aJpJv0{~iW4UUTinQubz4A|KNd5wi82uEI8cn(}p=KX; z{Hbw>pG$U;flpA!dOyPF>ODWYR(&>ZQd@K^+z_AeP`j?O8(Y)J&!DOn@5FW$lyvn2^)@`AT5rEb z0{ElF;lQ5QBga}?8TKp+2Ut)pN`K7$qU`DP%g>PjT@CXo%w@Nj9>Z~Xa0)hzsSk2| zmI%X=rGA43t)gQCq%dliW!dT=Q)s1sKsm74_%R77%+qm-h6f9{`TJH#Ar>OI7t-WT zo~-{Xp$1<0uuiEmlb&Qg1$S(IGVX_CFCy8Rp*%B8qop~iw9XzHHlveenD*uA*8HGh zy`1$#5;1W~JR6(qCv4`e>86{cAzPjE6@Dl+=FoFI$lCwDke&`Z#uAJ#Ie0MpOenJZ zmJsO31$;)41i%CBi0(3JEg3z%jL_$4f3d(_&5VY_IdeJ(mbflMemIogXX1I$t|9r# zwDPTkhKbNs)w#%&;IYeDgX?xrOMJZ`xrgZxmXd3(!b{enOHVHuwx&<5m;dFMF5mDxE3fD}2LEXU)S%QYF)izqkjfHr7$p0hXoRFgJCr3uAA7dpn?m&Md6n)qX zwpa$RlI6uI#6X4|5uHn~0v1%v&^(Lul&Laf6=s-9BK0Kic0-@0XcbPDWEQ%M4wlg* zU5c?bl1W6XRmm0pG*UMf+1`rVO-`=yX1Bi1Mqgkmq|9P555ox#1_>|79BplZ3e`z7 z+VRR~_JS|J8Hg$NE}Tl==ww*t_-bFnGT$DWY3?iA$2i7-ovb!TDxHkrEIi4wM_4;} zt-^rU7-=yeAeb`IxiMgs?q@q@c2Via30*n`YuP zx7zqu`CNf-+Do1Jv7qoNj-%mlm@aZ!iE72f;z3r)$O{FjNzvCg3vAP1Y%$XU2Csj{ zt`PIbqEI+a-5gU_h?)(NZ?&?g$vuiN6QO;_&*2|I)R4ZW^1jc7-o39oNCgFmS5 zcMxx9b%%|VmZ35nk`BSGD_o*Mkmm)WLhl}ijFJQixouaDi!$z`>gJf1^QM^+ z3mi~m&jN?Ii!|A)OR4rt0>sFPyHBGe9~EL~a)+!pd#*vTc1&#F$osmw0OY=Cos!25wb2tmgZ_d>#w=|UTq1om zT>+bAVUtAWIBk$SdNj-(J)qx1^?<)3>y{15mc)oF$=IiK1&zh}OQ|zR)AH1Q5=fH) z(L|E(DL`Aw=!999|2n*qwvR}`bV_ZKJXMRmLcUh(yy+FHjenI2-D}MX1QFeHcBXIl9He#1X|#-aL6$EGSbiE^iG$enC!wX|j&aN~KSI@ugz05a?Z>q&^#RV=Uaj|t>BE4SfbYRNl_*Wa}&Vi`bAq9rG z@T$~Jwdyq#56h<1D3*%7N-19~wOxg594!-Q)6jRCe(N`R{)yR;pGS8-Uw;!-gvl--#BZpzeJl!%AuYy7uEm;P`gOui^X$|TLGPNvfx@Ko&k8Zuv zrAw46R2TcN>Qu9HQ?;iIYB%h&uV>qRK=u^CGL%+EJ!|Iugx z+X_}dxSPwFq`LOi4CxEYFk7Xj8;WKCTj%7*{|0_ri!b4DxHnWg*wzaA%AWhP8-U{< zGKk(gxW0n+@$3Tq)AMbBbf1GicyW9=mVv;|_X`|)d+|f>ZAmjaT@>)F6m)$a`>)&U zQs~O|!wP7R;O<~4))!`Px7Tg|Ex6Cg!T0ab4eMG%?fowO2|Z?$KgHSa0OWY9Ywlpn zV8wsvTm(NZhp76y_rJd1Ht^7Y1_PU3@VjGwf@c>X+jfQ!-r;=fR6U>Y7$2!%^>Ns@ z;cy;Hn?YSOlU(a_Pl|o6z6g1ra(lj@bxT(qJbrlE5%v5YetQjk82P8uI+19E`za)*aF>BWUqgXOYLXKS#0oE6^zrD+vyEp zeoZ$)e_%@vz&IjIy}E7Lbg+oAhqy1jHf!}zE#?H2Dt-DiJea3ls3*$7S-D;q^|C*4 zvE^`HitgNgGR+pj$A{@ycNadLW2-%4|I8dDiK zefWU6^P_@b2M3;b%s{z?`=M>Wc`F6rSfg#F$j!H9Hrjf-LD()qBWo8fM50D{xvPT= z#b~6`oig}Ug;&B^#fCV0>b29Nw)L-&)N?civUA zH}Z(Bf%>HzD6yM0K!NZ$ITq5BrXB+#aC2k$ZD+@6$N3umzfr8s6EBppl8+HEXi`k4 zP&vKACBk|y5`-xX!56(@&_Qu&UmV%^SKl5g#DuVUB%pe{u^T0OsF%XqSZ?@2te1jW zOeuqqpXFoywWk4h$WUM02QT{o7Sw2R!HZSzqL*beyMP^1Nl4z&uq+X|RB!yW^9f`u ze+W9nb+8xmA}fqbST^=gQ^t+$4fTJQK1qmEp9qN*E?EHkY3=UQfRH=(|$E)%{mb34h{@b;H`%v^yfTTWkLMkOsP3hLd6zirLc3Rrk zc`GNl0b@}h$%fMxYpWz_XKvh;!xdGip~xhwWi4e;FqZX+oAdcV{+0ggoOp=cTQZGuRL?Vt{9gX3fB4w13-3>pw( z4|1dfVIp%2co8cpvfWc+f22#R&(@`S16xrtQN*HUc~)Z7>s8HdG87{1%J=c_viSN& zX)-gjZ`(?96&=T>MV441{nWIR&-8yBk4*fE89;)Q=dfOEx@wbdb!*np&1LIAV=iBg zjoI_!^9QnGs&06q*Gr3@SXU1Aky$S?XW=z=V{~LM;;Z2^ua2U~S4CK?_YSS9d49&*IQE9r1EwYV`>w)e@5g&kmg2b_5cQYZA(fZ`rjN_yBFFDZe(|5&DqQIHs>@ zDM862*Q?*;9rr2CfOJM6Q7U3idgrCh0IDuy(wmy;PO2HRfIQ_ zF(G+kNE&whCjblOxgwaeba_A`w70ELOKM#8)silPRfjdW!pzqCQq*^iWRw!l2KD}! za?P|}NwDtj71AvuYPEiteZAe<+uW1WOY~?8BtA^mxM+~Oi4C~6HeL+*R9OUns`ZRD zn{^z76xC+SOu(_!i1&rh%JiDQk>m6mhWfc4w+sCWyvg>&+x^%`LWkrQiHv)or76JX zOR0~l#BDx{M7wm~1*a$03HR&fgB91YRg+0vLR!6T#)cR94m3v%lCS}s(mDLABg z0;O9&`pBj!mIf~9AnI4Nwla#P!dD<3v(i@G5Tez@ORlOrGZcI7Y&Pg zVou`9-t9KQjg*LF=EWQk5sd+2U?PDz0SBvS84P(8d7Yxbd>sUz`NX=Ys!uIC1XXG}(tW#Q>{JIp#E#-<=qXEad7V)fAk z?444Y;(bL;tL&VFoao+D_N47x7b~EOA6U8sL3@sVc|IdAuoF6M$YGnHhxQf zd!+CY_DaJ;61N06F&95y789Xgm0iJRVgEXfoV~gu7MQObQUunbc#+pTC-K4jvjT=2 zlNuTb#=i?DS2}6k=~FP{9==2xWeMFMZc&uNe=3M1-PB|uM%8vKsYF{4Qq3*YPCAdC zwCL9yBAK;c&eA8ILNe17ksGWzEszVa06n9;rc0Ngyu^a-T&n*f_s73)Rzfb@+-u@P zkTU96s=1KQC{`xNcqTGyDnQbEq(+{rNR{hK1#(TphxPe)pdi<$RJxz6%AK&Silhz=2>~fD!~@GQtfB@HV8_d2t%|#%*gAQGmV8iI`2^DC>-^%?>J>Q z1sN2}i7*RSW^N?I^mjuU0t;?~e~nWP~LF zHOpH2FG4rQFA|`&_mXUtPCj>VW3bs-sR86&EWw+|2Gt~dWJs8~!u-IZ@6#4(Qjzhl z+Ibh7Fk#Drku1GNswQ*LfOg&SgETLpL`Wza97mv+Ht7pXs+6PseN+5HV1JM~Z?sS6 zs1GQHCbD$P8hYoHaG#wpncPOTqq5|8cSNFyB4xLka5mglrY`fQR#dSd1_U@-p*ba_ z{GcjB=P*gOck-2*#NqD|thFXI`}z5gp{eK65(3UC`M6wACc#1d@-MNH)A2-z z^10Vk@lt|T#swID1{b15eT_cj9q&vc`G11jDYG^)Mhqrh z@=ev+rUHbkhPx`+Hmu~%KaMf2mwx>Y;b$~QWdk_5@U&F5Bh)jwZO0%qNVX#)TbKZAJQ~Gzu_sgXnuHU$tb(dOd)M zJNcJhO~*hNZl&7ILqu9Dl!1U)`vAPYy~QpVd>-de`P6)IEPI2SNmfh;zM4fYL#H)v zy~-(>I9cQxu$%;KXxI%|+4r5c{3Nl9QFZAA${FyG6N!n&Pbd~axs)uNgjFCNW%Lfl zn-Z`hYngJZj;NegfZ${&13wzRzNuoHFF zVgu4S!BUdqaRa8gS=}podsg+POzRO@A(||p!zExACJ!qQ?4A0_)8g@VEgKDAB+el# zsFIwN(D?zE@GL`!0;O;$?A9d-8?i_(6?*4{8Ad@@4)`ax>=*UZg4hjYaisfd8D;Km z_>k|l9ddUR%nk=TF$732kJzKvs#&B80ki$mA}Qn39>}XB8Tw>GV-**#Rnxr_yJWaV zlEnTr3N2Fzw*en(Kt6>H*}{(*UbOS~TQ#6cZh}`Y(kNp0q}A+W$Mr^U{)Rlcw7HPU z*{1A-%)4RBybq%6a+DcfxOh9YZs33xkf+5t3=~uN2mw9OL-SmPImrd`*d(y%LC(X< z;WCqTItC;9moK+7_DZh7%wlPSMj-V-AxEo)P}#X)OVMvpmO$1I?FAw;&67v$q~WaC z7*-luCEVu_*y!O?a(BFCv~eI5oj)KjlN~rC8IKQXl;ZK-2sqKhys%R} z%~G3147va%S~E=`##hGa{(r1OVj;0n(J^2oZ5k1h90=b5TAv6tRRSqa1n4v$rp zOEme={k23l^5)MoD5b8>>?1EQ@2cgvyIIT-MW8^&&xd6vL9_2t*g81`Yq8d!4dH2J z#essh^ap9jxkR>Q_BpCETU+;OaV0~gy}BV%Dh`V|ZCu#Ke-Q-n)~dv~K0rC)LMoQj z9?(W)J&X#bT0L}X9W%~sf+Ji8F6mj*=wlyBME|j5X57m&I@u=q;Q!0-mjvsHfJUh}5FIaWus=wjpNJ@ciNYVAgD27P(~`p} z`(_N221XDO1Taz{&F29k(JV@IBo%@*-T)y^TdaPF~6 z#Y9fk(J7uztv<*S?`5Mjj#BkOEC4>Z8P|kK*lID-#2Y*Vz(99^QL0B{_Ck&b zL@D~bWG*uN53vWvO5?@WZ~i2THGd)PZVfTeCDb&12G0tiQ?o~KK0z|2(ew7^VEYV& zPZ%NU!qlp%K}JSsl%QLUz@+8DDr2cr^!=v>)`rd$uXUp^Ge@<97bf9ePSJd8L>?Z5 z&-MZir?|>ZofUP4clC2sI`K%jO?twNOQ1)DZ?Q~ka7$1nc%jU753E$1A8NlZ6 zo#TFKhjvEc9h?~y>g71$J-=sagdER6w`bv&zc?JeJU~h=>+T9wwRpp}Ibd>LP|5-M zf^6QxV0KISc;$vklRDSdCz#M^*Xk#1V%H*$9xWuWg8a}g4jk|F045z8RI_;ZQ#D3tW*mbm^j_!L4I|%HB*Infsak#gS zFuZcNR%GyvZdSow;}(q+v4uc{xH=xd>HhVCu64<%!pqA+*mY_yu8BNk4;17RcJC*nvx!)p5Y+lvr@)Fc`uNiLXB| zzVd{0&g^)?Lm-sZ156CgE55UWIWW6;G7fqH2g~a%>~RwHmKsLG_E+yI)S7YObL8&J zyIepNeK0z%pOwTbg$daH^Z8v4LHn_P*YNr=b>;0J>@AIlXKZ>#_)?S2sZl|FcSk@E zmiXfd0K6m=qHnbBi~GX~93*9*rvKjN!huP+fRxIOr?b9yHQvqf9`4Z8hl>OBA2B6G zbSwVg#lkm380@bZ`~{Cb;Ma%F>N!csjVc=BKwKmkIBnV6j>t6a@%Op-^X-{r>&l&iU=94`m=|&n<9rCQ^gi25KeCn1ndU9XW*z# z5RB2J?yn?%)0zS#Gzcy2DX|rd;v#& z!HWabnml)gLgmP~o2E}U4LH~u=g};03S*Q*Z_xX%yN%dWJy=Mor84i?u zyxk!=AapVN+Chao+_B6b`DnqhU13v636;`*_~J?{l|v8hNyB5rF-RKr(jL__HosM% zaVmn5uUW`828#(gf$X-y)t^7!$;v|zZyfDa8uYjN1q;(beBtzA(uRQXa*3~BD8tiU zOHI(9TD~l^rBvEG6Q_*ghG(rB!q<(xtz`wwn&eCGuhhzrFN6ckoWhtwt3AEPZV>8i)q*>bF zQ*UwkQM!B`K>8yXBI$Je^zZQQliMTbHapUz0en19_Nmp23vg^l$1e!=#-rG3MGNaF zl>qVF@eEt=y&Y;ua~~D|)P5T1@F&j!(c`kWSQ=Lo_jGoobpJ#fn}CNAZY&(AzceN_ zfnV#cv3f>X;)AEO5bzNPb>WGCdr+C~X#BXmNALG)Y@bw``>up`g*pe49iP?syS^hH z(8iN+7WnP~lr!uO%&C>J(6zE%YT|^&^x5}U>Aad9J$mcIm3Q5EwlK4!+xWGy!}xUl zzthaubF~A%Pju_~TcJM~U-zO`zK2=nh!z5Z4~CE>b$bcslVhLYu^mJ$hhX%;?6vb8 zU>R7%!xq?{56S}xHQyWwdDFNWlVJYSk5Uv}0^t0k7E>~p>PGbD912WDDMsy6BI}F9I5o}enNeNs zr@4LrR<2Zq@@VfrvC8Z^>cjiamMBQg*~@^m1@Ip^MZek$PSdeFWB38g3#3nw4<-pC zqCm?=WKZDagHgn9+a!b5GC{eoxPD7EmIXxZ+*grf3(4)(S06S;E#fg!Md5cvoAJbGClKEFu2zSaE)AZc-ZBf(^&;lOY2IJ!qqeqTU&XJHP> zo$P)4IF2LwaTsv!guM2Rr2Q z!`rmehK+h2@tCgRFtQgLv+UKryR8QZY94kef!W!?Ig}s2=`8i;ZwX~$yWX$XUEtCA zTqRH9)8Nw2MiA~sZR>-`b_MKbZ3jo&iH5ICpFnX`B83|GL`Q}^jPX#?p){PMta{VU z6DMf9qBz}6|332vz#Wnwb6jrWI2u(oPlQ_Qacl3vMwktRuD4fVa;#aBatAkH2r35U z#1yRb5eLXqG>ixY2%v&wjvgQOVJQXXw&v(n>SJEQ2+pFI4-dO^!XG0zyD|1}IWIpD zwx@~v%$AgSK*Gnydo{wIqji_%!@$c&h;}s02)?2}8sw&2G1ydO8_S#$GXksx)hRLtZcnQbG<7~`JA7O$c$YaA1H`}n>u->C&j^&PK5Lt*eh*B`QMIa{YY||ha z*Mbyc*|nxqt~=konujyHFxsLj);I<{)I4A0}m2%YvPS9hH!AO6yyIo)|gm2kS zw@3o6iKkpbNIxQk_vZ84o*_8UXWbX(?B5u|;=tVBF{F2O%J=vP%=d$PKhPHs zKkp$k5w;A87W})Dm7ccTqZ<>Z`CcFKD#kaTl4?}4N-V8}_);l4z4-N1^_ugaZ z9)a%+l|^703}*g@+^w$ig>&&`6|$pp_+Ya6zL(U)MDOut*ub6ga-u;Ds5dR)ysr{C z@8+w|ynI|@glQepP7j7S?|ui#>k+tUM%jU_0n;k0v|jG?N_JbYEiIWJ%-?oD({Tqi zr0^~hSJ9-ck|TCLrR}wZ+{UZneJqG-?GPq~S0>SN^D0?cd#`R2{=1T)iNvu(KO9)l zx`32tkUnE>LN3-8=AP!V)7!IlwWs4IRpc^rDvYtk`z(`Ko$9zQeM@pa_8xFg{_jhQ zAluk|j8vk)*!ohqJq(I0iwrmFNq+i*>!%b`+x@)VZl+0l#%+nh(8!G&gm_%#Eyp7- zavrovF1I#b56cDA$z_{DhMi>77V1=+E{_lzI+Y}A_S~IxD#;bq#n50)ocNDCJ1!EI z0Iy7IwqVbl$2j5xazCGW?IqEdJBNg^HTek>kx3d(*I;nYiBwwiRtX6l|*b*u~;NHd#xFoTaVpZS611d_qrr>IhvHI%4HsgEAz%#K+Oo zRJ7B@eWj197A;wzh?0L#qo&I!`DL7?&sy$8V5s9@$}klfDh&}{Ztf9#N2n^SzUZXv zim+xv@Zah6hj$NO@e3;qX66Y`NNE`C^x^^mUF)QA%E=o99#ayHt(>)At(p#@wp5P= zN}LM{sSLzwr>LtsrL?}m-em2eKTh2~ha)VkhN|1|=l!#4cdvW+Whgvl&y>6k=$a&x z$Y(w(A(cxaRbuyCCNh1%T*FxqYWjJW!h@Hu$&c5vqp%r?`tTs<2~rh-?mD%F&_x0P zfgg9x0Gd@Ok-Qu3n>KET{sLGOi=(-ZJU8RxPfUEy$yg+}ZYjAQ{Pz?*8%oqB@}Osv zv)uALWJ7pjg3aEI<2)O2M0Bn#$-;hsj3cy8k%*?;p>W}HfTpsV7%S0B9(L4^?b|r6 zOl)BkVtZO=N}tpT=cP|YHloml%q4Xe?Vl`xipdD@tUfRN)*NB1*f~1cv7@KjFq3TM zWkRhX`3PQ;HN42aVh+Hd2^(DFPriUPzT8LPI5Zrn7!!h48n&sQ@7S-~H<;qI%12g( zFE-KPOL@+2e$QzWMHRM+ku*Pw#)JX4&)_qt_nrkPJ&!S~4%{wCy}etjkwWPG%sLZd-pR z-V`-TWm5#|Y^dPmFl7@F&PV=$Hb%rzA_UT)URsYcdckBai<(X<(Hggb+C`PX_V>4C z{2L^^R_@n!{*K&bMpB`AT&z@CBP(8(xO6a6kA*BI46_!!cIYKb^%tNdY8XixFvg)wTqO=|MU8ANHfJIE zx51$Nft}vCe4|ZwY^FQlvJ_Le%&eqd*psIW&@VW=kdMjby4|B#Sr>C-QZ=Gwy2)!= znm~6k%`y`^enJkULCd98cfrmdZoi3~(UTd_Xwi|4Ld6I`gxhqhTe#_x0-Xw|4GLCe z_{|PTh)RQuI5JA+@-%r;!@1u^UA6Z3gx<7k0pn6lPM1BHWuVovtA@0K^6(Ryog8MR ziFl;JYs|$Wj9#bE8Wg1iI~Ucu;w&JCx=36tEky9$YHpHxx7G$paI z5rB(+I88<5l=5mg;U-aTBS-}HiW)TTam}g6))yuwzFK6}pSmtZewrAJ-69~)PKrz{XU+X;|7h})nwXA!rWpiXRUccr|h)}9VtIGri#rIT?f2}Dn4lRY56fuck>Xag5bSY6s? zs^YR(ktQm(%Q8k>bAGtEhTWa^w9jle)Oe*ex^?we0}TiCWdFd6$yA-2`^d)plM>p# zO+@mPGo}#x6&o^8acstsFDb*q^_0Q@3yw@6np&@IDTRqE+n+K^v)<1L0d^QIxd^DV z8kBv@q_qNWgvwnpJhGhO`p+V{{x@I0 zBO*D+n(HF!3r?UdVto2QuOwi89B``B7l4)wRiP0gmqQ)WmefeLauQLQO3Ik|xjVXlfd&HBQq27Z+m+ipbVXEx6TX){)!1>{R*!hC8#N z)?q4uGUzH|jC&uDXJd(rXp^jF0XD8@#?iy~`D77L?A<@;BeT7$P|2*@YG0gJ>4B0R zgRWA4NUDWAZrhE>8oyzo`4B4}$rANdbl6!AJIE%u;fVO3LhBu?H6*Te-qc|wHYkN~ zR_;LSCkYGE%<l`QtXO$fnDq=}Tush%j4JVxHLEcWz2o>9G|` zBY5ls;tHf63HPH=r{tuivgbsSyEt7Zi?uQl*J@*h45Z2)b6j`1JtqRF$LP2#+N{mL zsk7Jmjn?3a;YL5(oNa_{4sXaq{-ms4vrW2oX@I#)I_D^uRFE$tGoY|W`6nT>gMg9q z6(p>jVzVUk6aR@6XIH?`@ubX_R?Y;=FDY{I0`^zdtbuHY`(sX%I?Gbnr21qopOuX_ zRwkaHC6swr_+DY%InxrzO*4})liH-O0RHb zwcvG|Ioa04;NJfeDVjH*ZT4b@=P{dTMU;fbIe56{)W$9T>L8X;gJdh7PI)^-^ZPXG zT>uwOG_W>B>8(YTrg*5GA{EoXMu{C}P4cto8FORQg_IT0aI}J@lT&GJMX9?0lP20f z&s(PWs@u4py!)HOtwdD771jzwP|66x&;fX)<%~aS5rwg8ldpr3dD#Shg-#dab}3V1 z`Wm`OwM@f`s@^>!&5l*}H9WbNTeWQ^9v=-FD`E2e7^wY@&C{Ha*N(YC{V_QD1ADx* z4;(4|9L-55qgC&TF=3q6u3F`nl1Z;-^C5EgB2Ct6Tz&XoL6TMt_g(2WRB7x|WDs1G zvYN#$$_D8QQ(hI8Ry42A4+W?Lo?2thDtVWDNE?wKyd#&Z7I09e>l^WWDSN=C&SWoX zXF0%=v!t(Th(&DTy8>=24{{c>rVXTmHMg3Ib^L|{0`X0czg>Y(pW?2h{?&4bu6 zBUR7$hP;a@S;&<#PC=E#prh3!&>bkgJ@uH&_1i_3hjLO2O^SBcC~G2BG!;5X*@XLS827tziJAxx2&m7A(gm(_&=(VzK`U{Z>ha!jd zUv)LeV!;z>2{~8ImLEI52u`?MU?rV-8k&lZJ{nrQI1%IWcU9x>^J^nr*|m_5GiP-s zYe)AKrKy&)l53fNiQ8|Fz)bB3WSVGlC~w|4*R9(kE`cb_x6Oekha?Yuuh{WbJsc~8 zRLBY?(b$NJo@DsQQt;C?oexYP7t&Lm_WB-ZpumH#dZ8!(w|`g!+w`*BKeBOrElenN zRlm6ieLahfk(;qZ_A3t`9uLQI+h-aB5B6oe5Kik2wwAM-*Dh3oRv1yT7H&E%1h;I6 z(%k4k#txZ<1UD8woOLn!jqHX7-n-f*9A{2x7Xm6mWG#Ct68W6CXuU6u|1NQr zOl_zDcc{?;;UhG%@9N^uYm*1~(s{e3tfa@eCtpDt(FuS{gebSgV5o$a)trEX*W*dy zE`ao)q9@@r3~oHay`WO^Ugbs>=ApAqUq!9Jt}v~K4P|F;$>pG+M@{$2dfu$H_=_NI$}v9@~iRSG591xrx- z8DB>q?ZR6bW6m-ZksG>Q%NWn6(?oJ@)I&_>rpXcWgV6!Pt^hkftz<+EtO)$5xZg6t zbCL?>cVH2c`fF|)RXlsir?IS^c>_ise&qr|5nIOUHspZ>*CL1wm&6Mv9;uS=lsKn< zB>?|;m$Ew!Y^Y|XJQz_bMT`J8Gj{grKcvIxh=2L1ywT@qG}S3m)!{U{9DF@1g1LX9i=d0 zuP4xbu$n7}18j_}PmO)Dgq}q^pEDF$>pU&-9zNL{hR|-G%98Sz9$t+Mab(k155-_e z>DsTH+z5oIY76rONA%i=5>=>;f#F3mCb~JF%;X>`rrE)3E75jz*ojE_w#85}sXh`+ zqA}k3bRlf@xR%%Pj2g9O)f(wVp1G(DgCaf6#m`zeMSe`N~2>yi|Pv=8X(yNUj@Xmn zT2m{J!mwKn*2N}r)ZZ>*H^>Yt=n8}{SWlTkFS3sS;F@u}&}-WaZZz_-*=3EN&0YXo zIqH=uts>YFt#(iJwe#!@#TZ3I@T#Ums^!Fyw?-9PiP2;z5{GWqy22|N6t4GQ4!~|Y z&FNnPvJZRlg`VajQN!RM<84 zH=4&;6t7WtI8F>N*AcloN1>2Ao_|0F8LBeO%Ax@vJQ((i>Ll7Mn}TFDv_V1yM*d=l{YDCar9=iN52aPldG zjB4{7i|Flql%c44^(EQ%8&%HynI|oo80VEfBP3j}@a_zGN4cL&#Oao?H1mfBKT2wl zg_KI+xYMCf(V*v@)2=%J(I8UHY@M*?6&&V034hWpaYAOEYx;2eZyfzdR;qp~%T3ql zRXQiTSkRd8KFQrEIZ&4s1aTF3kJA}U@P{s@u8Tj;g1_ZKfvXM6>(}k)AWH!+_@j%N zxROR1khFRw`2CVn}twM~_Su zRV0pC^bg?O4YQ)udE<2Wy%)JxD;%g#FM)dq-2?>lygZObaZ{9HrT3jnNAo!`;BFXB zsjirpr6H5C=X3Wh6Xzxf+ryfKS|uVf?EunWef5Kvp;2hgOx$Xn=1H0lQCkSb`b{CD zC6a)c)_F$(^ydWrCz@4-Zc$r9+> zFIKxAC8cB~N24}z@mUX&lNb#VCrSg9=@|(9UCE}TyJq;`%nal73wTtPv;~m0Qa0@f%^xq@~+{hWU;BYFiDjGZQPs#p6`tp~R(iKA*?4Q{?U} zGw*I6u?Q;waWmv(s-W7=8q#gCS!@hs>HxEBwuaF-IkW{I=?Xd}1!}3B)N>IEry0_b zT(ipP$A&nbu}+V?{Y}Seh!v*ama+#q_H;dhMP(d~$c57T6#Qp47^)iWwN!Im2Q5Im zNFe3YD@hzEl;xY$g4`x?)eTCXDRL7y`NG1&E&yHATJcrMRL{b5pPL)uPIx}v&^U= z$y!@0FFj&J=Z}l0FLIipbS5y&udi8c4|Dj`=2uV0Q%{GDtv$Ms@=#b^4LohF%J)#h zwRo%uZM*eGJFG^w4_#oUlkc%R<=dfAu6N%S8I0q2vXTu8p&epwN3Kp^g8+wSW5@yv z^W1R01gF!ZNzPy&a-Y--339tKU{SO(A;yr^ig4L7ol>Lu{D-hXs<;sLjO3;Ro{rj@ zOjf>Bn}}4MTCSXpqQVmSF-XQH&)Z({ZKdSu=m_EDDEi+8vOYn&s2*v(UBwiiX*0Q- z`V0nn0zqP1> z2yg-zN4-Q+v13LL8cPttp^sZ_M-69Efg4MmGoAYm>s~oiYNb?HRCx$P{o6322xE=M zTHA8*zl-k}$S-6*7Mrg3Xe3{;KNm0G77?SbbhMI^=0*Z+gq*VTkg~lUvsQP;$!T<7 zzxxiJ1C*dJQVp*0)vS%EEU_J=vb_P!b>!8$q5ok7!j{^!LXoFP!B0QCP6}(%2;+r6 z5`}Pr#KS-6R|nAiH$KlhO^mFJCUb=`eydz6v(N z$4i7KNz10%Pl2r(+7x3HVq4r!juh{!NTV$d)g+XsX%$r9d^sPKkRrK*Dkt-LMA!6a z>NKi(Le7Sv)p(437+PK|Z1nZRRnGhvrJ%MDVSps7%Ds-16I~KbvCx7^i4;>V4&P3H z0%I{&pQpDqaeII18)}+$UfWzU$?aHNS2`HozNd&3!X!6L=%`9FJHPT*FPp1Jk7tm6 z|MGUV`0%0hvG=if@bz!X{XQBtuw|wv_NJ!>?;WkMt<}1wu9oE`bcH&tfjdWML=Ni5 zHYz`tC_(@ZHxc~Mr3$<|YAO`DEYwr?-x|s~3762|s*rXU33h&Fis9g?u>NyaJ`OEV zEV-tsmAHOOi)NIR1sO$|#TdrNlL=mbIK}7H_oJjJmC7a}vOxBmNU<8uNIw+17N^|m zTY;s+uvvkFCZPWmykrECC^sl?%l;^?acTICqDui=G^40G1meUnAKnPAW8HVabirYK z!lyE+Wz6Z!O>0U)weTULm5){tvS?bQCX}!(tw)JRc83#`FmnKDw-AY3Liv$%=NfxZeLP8lw#3?*8TwnIxVnCLWFJ z^}PN50Vi|N6?~&(c0BOuE}$oF>$qiZq^M zVV`MZEKjS?jb}{D7Gb28fn>>SFIli?F-7t@wWzBBCaS_koFejt_vLF~vjDELsZ7Hy z+!&tn#=WOcZn4umrzhiN*6`Rzl{dj zi~k)5m}^vL7j)B83Uwh5lAdvir*DlM+QBw=pr2M)Ua?ro9vGvQpy&(v8tTG3G5B;>FYD=i=?@8RGsOoP8XI9~rYgKOP^$W{c-MxL!17 z_+w1Dr}p*o|J=0u1o|{pdS|gN^KbvA@asvaEbWkhDu-|=NGejFG7)wpFe=7I95VS1 z4<=t?ZUs1|W^?OGIWn!(Xo5l7ge^~8bQQxJzNDWde-n{^>7}MEj}J{b+kz5LNqLzZ zUCch^PlbMuEc7YFOW!3Y{kiGV>gp3fc$Y|ie>}Xf6+r`9>SaxZQ2z7qierkv2`7k? zp&}ff7=*;Z(X0M`zgJoO?$5BP&RY;*N}Cjs%rPKC|Lkyy$#7Qn^Uo28QV74Q0H2d& zg_5adP>>!kB|wp^m}$_WBGP(yaSBrTMNZDm(fierjsfw@o$jYxsiHbzegf5zM|N3Yj&K)_6x<8C2 z2ypkP7sre*uRI)FOk5a!d_JFM0854t@~5ma?nE@c+f{gPx$rIKytYUu+ivL=2$0-) zR6cFPTo!bTQ_Wm5Lx{~=t?Lgxdg4$WG@+IwPOwPnqJ)x)Vh+Akdv-~Teo1<6*%SXs zz@xO2i*!{?z6(R87c(*hnnYO?0FRkPR1Hcdqkd@1X@kIb7ViK-cHvKgGBc$LjYx40 zy+u~=pDJsPl0?ASxiX}Y$Dj-KO|AyJsMSbl;YrZkRTavuM3Azu=e5k3U*?(vwtiJHbvG8mE6xfSuj<^>X019NtYA%wpr~mD9=dA%B4cb{y{Cg zGo7~&<;`=zAXj_=DUA_NXy`;D#Cd!$LM7OVZu+9;QAm+NNL3r|V#TyL&aJc~6SicW z=!In!R&HN=`>{KnsdzAnQ*^?8P6( zVNm@u1{f@2`$`kLVs?>>wk2RG#02j-TP4sQs3*$POO<6LOkc8RwZSQy&8OsgZkF$6 zdAhLA+?+**YCgG`i(1ejjRb@yjL=F8R(}0xTQWh((w=&kwVa3${3W<~#*(Csm%j@UPr2cLb2wQr^H~1wmXiU^#I6)wj4hbb6etT zlhBK=IZ4-?j+L3s?MrTfsmstj*0ZS58q73GZoh!mLFf=Gje!Q8*#a_AayEBLWy=wy zNzt;<$6_~ES2`Rv+9;iKLk=3nFt?S5ye7p^Ito?Y0ip~ zY1KzE&+!zMEIuwO5o^+P$qqp*+Dq{sjL)#L%eJ-{+yEL^k+l3z_6m;2$eyf@$7_9Q zn0BhCar%c$pmf5x@8NQWz7k5L=`jgVAvV%s@m%I}z-=Ep3Q{c6ndM&%Lk4agpVLJout4lUwU^R(#Y`kz~_ z$WF{Km9mw({HTzmHZg6~f+L`xc129!I747!Y5~Cgt?~*Wre%-(4~p{=HzPNB!o=_( zEn?39gg3f1+>vf_(;2M*A-zF<2sN@?u4d*Kn25(nWvE)E0J?}RlsFdcSxc{Gl6)cS zUD#OP3`3GQwW_hPuykS@u>?g#$6TE@P&~_N+>#frot_ArDh@h?v-j>Zk~A3}2d%bV zjR!P11OJd860fjIhG?*0QxJOn*O0~6f3!AObQ-eU)CdPBOp zV(^ejMYEI1svM92)b!nY!Sp6JW~6SuH%Wkp7GGC4)ps%%k}IR1UjNBi;t@l-S2eM)*=`|Qo)bGz#xecTD?25P5Dh7*DV<9LsyA^ zRoW*EAeDU-mM-F2$9@eW)t*qAoYPX-b5wn^x@yp&^RfeIQ#aUgTyx7^nbC81{@1Hs zRZ|P-os42Rs9qC%C;kG_;;%m!LRXra*>wZgQvcH&rAvmK#E?(-#c5K+1vC=r;J9`x z>3o0sBK_00@=IZ=y=%3Vrrh(Q%dfOOG+0%bBktN6Zl}-JHs1knbdnUEgu~VPA#+N( z;l~SchJTUoC^w`H$R2|5+}Ns}^A`ma9aGB#TkB;07a+UK_kH#E_x88o4^r0`G@K}h z6ixLxx7HB#*UG{1f$Wj+vWTHrv=|@RJbX&n%Y{oz663F zt6>Z;0s=!0Uv<_ntq}S6yZKzHD(heMkp6H?Q`KtPVHgI`^^QKg?_jre1Tyyf`vaAO z9ZjHb9Ql7cK{!5Pedv8d8*6Cqk8V)EU7yBCw|RJjS4Wo<>F})lKfvL4S3k5qHgrSN zCH{}9ftTm;ARaHv!K)jOOF+E>yF+C-|EITmh|(+yv;>`DX4tlE+qP}nw*7}~M`YL; zwr$%sJ6~7V>#BZLt9#VLJGqlPIBVU#zkQ0={{Nxsy=JL_nl0iAA1W4z3-E1PyZsmQ zg@`(xpl(pmHe%80E_#-d+GEZeLR+BBF4^0VhaiK6=my29^ zpJSnEup5Ty<}?1bTC+KZ1Z~V5gp_7NoP~A@NT?_3wTk+ z^9JJZEW55DG|Ej%waue(PMBst%4N8kOkC1OVNb1%anc(tu>DqFyCx`3%zEe~nDkLZ z#ymS;-J`okOtp!37;#-SIXa)B6>`|s;zw>o()ggZa z`ww(poIgCtp+L}=Ky7mlodX_-+RnHB&Y<9n&KOvisI&vVP~Z>=KPLxw!RN zShKlv$aAQxpuIpsN<3a${C76zi9JLc2zWob7D@}DXGO&JEo>Gaf*Ve84!+?!myrme z-CSI7XeUMYxJIhlZei9*>FQW|VgKMowU&DIQfB`zV+~A-E^c{OO>|Vn`7QMU6649} zWfZT-LUkg<3h{eEl~sFU>%Fa(4pp1jWGk5?0G+HlT_G?>-?D*9Ho|oS)3$2#?>0(b zGM{_~;gtIkSx+(7FQjJKiLw&s&3+2+zLJLlwbp~wBroRaSqqK$I-T028Dz53BT!lS zA_c-oS_rjzA!1P>XWKVY8rGE}S!%*Do7JOZjuYv7?xp%fP6rNgB97W@;Qe)k)*hx< zUTgqHNOI?r$D;j2dcHg^NwbyK1Iqh$m>DUday|$az|K-Ow8wac)ykMp@KO~Nvg$zu3Co;ST~qy`c>brb*dcivJLFzf2V}t(aY-9_H1`tD z1r3!*L&2q$>O&+FSEHYyGzk=@Wi7k4uufM$(w@o;sId$eC6~$c0)8UfIq{GQwu)9t z7Uu_LtcbX*L`X)=DlL%n)gWth@+1I}I-UN24h@n?-Zc$5)w!?eQEU9oYG1??*B{o)a(jZz+bOsI+%qXSl_HXDIR>TCz5aql*@Hdf@Q8le9#o6UFqQaD zMi;dvMik~BcRp%~Raj)kaA8t2x<7$xwe*`d&B}+T%nGISVK38$K>1A`8^d%Jm$?*( zU+N&llFvq~td$zQoj3mdY{8R z*&&0v!9JhJ8p!$?#EzZ3(>Jfb%gDnVX>-c!l7i?3M7%(zlf@Ix{%3x9sdz#dS!emP z3H^PHZn616)DZ>Ey&GeB2Xnw!o@K!zUqB!NJO}?y33aQVxxgAq-G2G1dYi+J;Wd`cs0DY`@nO=m#)FnBhs4&)~T6bYw)3>Mu z?9`#PZ;_LKbW(RfsjiNFha|W#l1x{$d7MN$eE>ScI#w#KSj|ooTGxJ~KddG7A2CkR z-6RmtxG^r-sr}cQF^q)Ui^0w@Uj5h4VII5D2~vJf=AIh+Z>9?B`Rg%@@-l3XLiPp3BR z+?<2w|K`K;e+hV&VVVdLV5YWKYm8_Wh+|V;|0gyqtE$ZzdA{YegcfdK?4mV-r5>}z z`s3K6FqYP2tb5_2NzBa2B-zBaJYsO({E|+wwJIfAyC1()oHc#p5+rH^^50o-(4^;A zK*b5vGo|bi<-iq?WMmmSYbG&H3x`26CHmjncSLmRtR(u>DM&#5;$OO8aVsxLbY_c)9y5l9%3Jeq~2Qw*y8zl%H3NkAzV=m?F(% z-ef%&0BVLQ>&`t}*C4{ke}Pq|3r8fYO!GJ*P=03r(YXW&&0ZVrZ_y+-n7&ojE5RCj z@;@Ck-pffS3vrTb2pyzYu?oW)8qO|3E6Wu%&B#fs?uaCk_)%JgoT;}?Xj}DAY6`cZ zfa=Nk|3tpcY`H~1{~h^aT;#6cJgfN4aA3pC;0oV=fTW54SJ`WW&QY0`8T3vtO%&dD z3hk{f3GR#p7u8Rm-!U-BFc@z+qD3!<_J4t1N-{&G1TmXPVki&PQP zSRD^`WLLI~@?SXT`M+`kQ^F`1O?oY=F)c|2&FLL%?xmjS_8^6k-n2a{b^RP5`aM#? z^(`(-6L?DTU|2rgsHY6vRworu`T%w7IDi4MLF}j3E0+crqwJOVY!mQ<%X2A zi^y{<;{HygF;y!bSXsV+`VTLiiLjpt4TeQr^QPclF$(?}CTj^v`@I&@9t+4d;R$kKcjMpX(OpUv7?Tm~CGpfA2aA{dFCZ5M;)SuHKWlGxZ_uNxFEBF& z<$vP1u%7X3|IOlNphGI}q9VeI(L~FhBw1{ZD!ysGT5?gMSGEIw_m^}?V4ZA_@fd35 zt&a#bq;NBO-7VaoP90D{5a)Eu9T9VG8Ew;!aSN}??GU<~ShC#`$z%orj=L6ghshmo z4=(20-~I|Pw8B}{w!P`a$f(@`tAO@Y9jSxx8Q}0e`3jHxPXe2 zJ{~!8O3t7p_(wC#1%7(9^;Y`SL}V6B6n@`4Jdw7ix-?eVk7Ihg5ZEf1GjjJ+K?X?p z9)}YdDiir69F?n5l|;se{9mpMQjerRw%4$2SnuZsy^}^HjtrriGcpo@sayslR4<n4?EhTV&KZOEpqYjv~40uTlRq9XA(eA~b zGld(SXpD?;O`pY4nAby8_j19jN5O-=z(0zj(!g0xYh?dtnsO@+F{fTnxLzsLi0}oL zN&R0Yu@>6DPS>@@JGh*Dmk}7oTUPpGovwz`-*t zv}14xrSdEX3chQ=ui|_=r#aNE#RZ#ZetV8c*mx%dZsbngQ*$r=R11;P&t0C~6~3R> z$OZIecObB~)7?-0Ipu2^?Ai`96b+o#p)t%dgqfZ*)u#p)9@48l?gQdgWXurZ+H`OKQZN;;T{37rcKZzE!iY@6GU@X=>7ug=;iH<<05PusG}k zC)K*C1#NuGOW2loGqCbBQ6p>(%;c`3tsE5A9S%r zN(E6?3c{{Sb9PbiI<>3N-3v^iG!?b-+xj&{*!<3N@^ZEljQ-5n8^S4e5<&0Jv6w->|P7_I1vs^#0j8K zVKkHVyP@`JjC*~7rZ!R%p!b9=Cahib4=)t9?N4KWPUFwN^MSbBbJoa41k|Z$jsSHO zq2sV+ZQLPMv%}xw4H2zR>8)gC8`1K;JcSvk;eyU2VANWn^Z zv>5?>sAQU0l*In*c6zqzW4zwG9lO9D;7LS=&fgYNIi0-21{BTYXrw98M4GWvNct-fDEt-?NC zH_TKIdt;ICMHShRlNTpZ#{7fJ}U=VB9d=O(XnEUBedPDCl=IAK|9#;^tSgV%&n6;)+J zh?NN1LUq*17sRm-G)0QU{_);B;96!>y^VUHXWUr{CaJs6^>LpskZ><>CUZ1ckN(L% z@xhZRSXoNy34Co0_*e`yA?YSo_>?Ogew2)hzg;^#2LOAd+&V{E6kB(f zlLIQX((G?G<3pDOI+GzR^}<>8sCuzLu z&22gxqb2ukxR!sTBzEvCVn*?32L5K4&*m!zKW}K4GgtlJ(Y_vqO?-~B%n^{y|PDfp4r%)a4G04iPj3$wEf}4Is~{z zqo8@f8<42)$E=YGRfmV55aX~F5@w18ZM7=r5r0#->JeiU=|w3D&st&?Qwk{>N%SIk zv-f((p_HO_%9C~mVVoN#x6P=mcTt}`fGAZfL3wm`@0%vK?snk5r-)~zrtM`wTiEg( z+eJUv369aS+F^Rwm=#K#A{|T-L_~uYj7smp%le>*U$ja3E@Xgno^XEVZO-wDTDh$w zhZO+q)EBQd2aO{z<77$6`@}T>)pDm+2W$qf>8Z8irvLkAZbi!ks z97ld(WJ@uX>CFuyx$YwR#$7}FmAlUSOCV!7nsh)M@K$9t!y z1m%+dy%JNS(R*}(=!Vz3SvPoSCVSqK*bId9y)L-3PTR&1id`Y=VdK{ET7uyN!}r%n za=|Qhe1c;gZu$slNk1x%aVDMF`r$paec|uzHN~$P1CTaJPdToaFlU#oh4LJ4J zAft>w1a5X0U~dGVlqC5~?%4&cdoCs*calp4cc z1M$wHn2vW_HNu`EINLA|?l@1M5O!vXI}Mf70n}yj$_Fro20)QDPry)gd`8I6On3>#CL^rO%5R~9B7k9G$g2(5PFSBI z()-dovxtm@O9Uy{oC1&|bv9|xbnCt{u`C)hDK}joUakGfEf}3Cv28m4a)=A#I1f>U z1{pitjbQJOP4H`C?ral{lzA|}x6@59{ET7l(WcwCu*-d#q!FBybYjhj<`NhuhUYi3 z+VbhjT_+f^d*GyRS-p->7s3~;hbu$@w?tDep(G!X0{hb$?e}18n3K-alhzM(;gKNj zPZ-i0+Qpk(c;?%_Z6I_<%lfFQf4}gWir$23@16@2%oyDB*~(->tlZIJERwF@cg~RY z^yqrWmw@A6%J%>yCp4|z2sGdNG-OiIV0{P)Ho?QykN4Qiq4Zf-_DN}VgH5X{GBTnq z0RY=}ly$`5uY9qb^hqS!1nO{aoQs6Zz!s{DAWn_q(WGzX#CT$SG!`1@Y3tl}@*lZt zuhY9mBIu3bt}ob_WlF5zYV~*wOJ9$W$#C1cgj4?QvGTX8PEk#XV?1xqcok5Pu#4nq z?fi2JNwRa!mgY7@eJP3k%c?%gH=nGBrZt-uF1ksG6&?Nbc)O$>X45N|=`4N7$xe8#ew-#lqU^=w6iQtt@f8{Q zs_g6rQ%ll#lxOK?Ho>hr{;6mFk}Mf!MK$(_!-Bwvcg2|{v_CJ&&c?O$H6(UznvmM7 z{6P!R^PY>uRrf1V|7fhCat0ifid=>c1+jMc_gUhT6J6)o-$R@?y<6ItO8@zh($y`- zu{Bay1@wMa8HzcYJ%;P=EvN9fi)EgwB^!2MHz!Pt%HnI%_Lw|SS%!_`Sas{Fn+D7| zGiinut2sxZ7qK2<&D83me2|Y0wt+ZfkJnRejSzU{Av6gH@$S2u`*RpVVIAuG^YEU2uz8F)bFe zdHw&iiZ3@iqA@T{xI@bR#!N3M>Onz1`u_%8&nEAq#;5i1b919sUal4X&H|OVuUW2>Zof0V%dFC;b>io(xF3C7T(tV)R`(s}XuzXioi$JYskfX$5sJrw2rlY{U zKNyfNV{Id$dKEe=LBF1oUaVIPL1Ym1ig{rXoyd z;kG2(hpY}rj5gmqbDUx!4%R>&oZ%4o#;2Sjr~%p(%Gs9f!7Hf>p(lZO9 zAp@-|q$zcgL0r2RWh3$*NnKH8Q}H$Choiu<|9arG z88ffJ1`0d2(AtPOKh68m|5L5#aBQnDfg=1@2!gwK8AaRd9{auQ$|SsGHfA->#Q`Gw z3FwAbvWK}@YnM6?@~S-Wqs_Aw(zFW_EETKBN)C}Mr11wVEtz8({Y$lUn$`rVFMtJr zH29y-!O&-1ZRKwl7uRxD%T;7!p`kmGarD1Vl_I%ij7#nFLmYp{rExbMPEj*@C|I~z zQFC?;lB{_C8r>wBDTx9Sw;RIUY|2znOeZ0g?O4ALctxzlS&i9*1@e(UB1y`k{ztlM zQVHaKJVQy^pO zy5+$_Q^Sk)~L^FgIKnjz_KRAwC$dT+WEgCRVths z3-Q_iEm3_YrP(7TA!?wLJ!qb^qhidX*=+kFY{1O$xQUA4Cq}LPSL!DGh(>>SF+^v> z2^K(34M!A9-&+_uI~i>Vqpo$6z|7>4dK|cCVE~-fas@i?@tBC`tP#&1=zT*;^=i#RLxtFCJ_xiGS+p;YXW%I%8~c~vMbwt6n;lH^uWp$ z-O8`9*=H=yN0hHhhdevUc&WV4(Phx88fZ6cIDrmklxA#ZXA3PKl5k4a4=x&D_26%F zEy@xA(HlcYJ}?V^rdfz*1yOsgR!21>{4>bL!IXq}`V68P(BeMf#BEt|By$17k=a<~ zH0DPZauGJju?xhzGRr}*Ojb1wozOXM=jHu4;sD(ZK{MGpc=c6GHDLN7c3u(1UO#40 zf3H|g8aO!&BlwW+8-}`Lk<3xlMo;C-7)781l8g(1cx&<@R}|K3I5R<0TN${wuUgN% zs^)J(R+!`L=0mh|MyO^!!aufm3WA&-BxyTju=3L|bkaSirWH?Fo$nodkPFvor{A4o+qFkVe+=H-RTHT?Mq$-Hn z=$+wc;d<<0b)ErTY)gzyH`Hs6b3JW16pJ)#fI@(tlk62)Ru{8sB*q)5TQswl^S09L z|H1ny!>=EG&^*ZA?jr8NRFY+BU}BfpwCXl{X~WxwbY^Y%S|u8ijTo}8jr)9K zLqo_=Wtt;wn5Om8I=SUpQgaynp&?(&W#{kGb~h zVK$-3=W3YELg;DKih9sehV&9vcZm{_WWiDVz%u`mH2~#W~H&v}Q^hjyU$1bQ3)LAkIms?bp)!sc&RDT(WeAPt6ry%V`(b zC8R=STP|Ec8N5)X_(B593_LwOT^zi0SsMD$=aTB%=lfQYigz9-XXe~w%C6QS;?>W_ zcH>n`EQxpS8|ou)KL-b!v3b&3Og*MRqJ=nji;0929XAGKgXEeB$pp1j{a^TpEA16C z_O;~X?C=L7qhZ9gp>DL!3q2g$ag9pOYuwNdNT`(I@%Pc9{E}sx@|7(4xzoTa0PR)2 zIK$X}+1h7T6h6K*izP~vaxAKPs(wpY+k)yg?cT`L;RdurT zfe~(wY}@hajHC`AYUznpT+KK+kuxG+@`?J8IL&W*@8tmK?(`7^MKuTEvz$7J6vhyt zq-~0^h#;*qqXQe!K2m1LFa*~L+ZEGRhQ~c3Y4Sq;4rO{cP;!;hpE=_jXc&@(Ob|8>ETCh{wV9&NNfC{ zCi+Gb*0uVRRUKo)Vn-rIiyJ``Ro2v^8Uuw*W)t-1E_+2#MMejg?De}+50U8y$sh?A zh=j;Z^ONqt_ciuDXD)(G(XUCQwcVn4!j9OvNHuOVY0S49)eb3`h1U-C(nS?Qt2!1i zwQw8SvR~hV^N`gaGk zg;zpN67lnNo@mr>4##wO5M?pN_a&`S)YdH!g#&lf_#Jq2-EaT3X}GPDU9&i(X^b~z zqem#cMtgU|PdSKIqFXVl8H>z*Vl$+~X{QgLDn%DAibRa3SYqka5=@CBJ?Ai;u9MsF zVB7>e9*;-?^4stM7EOc|MD@=YtEdeBCx%7Vb_deGT?n|23+E)#sWDXRF| z2QkB0?72d-QIH3oA?p;_@c(3KEqCyB=PAesK8c=lF zv5Yh(5Gjo}?Ff|Co>orpaNl1f#!x@!mmJ>Aq*={(_NF%(9`*`W`U^s);Ik?cM2uPF z=Q%pNzNk9Qr!H5YyQJen7GhE6y$(bAR>50TPJ3hUE3~_E!8+k7X+SevE|ioyz8Ptj zNkz5G!lZb7h9gTRwHH0IyB|jVfKp#5kpkY3Gc;gmMSG{J~Ve#v@%IJ`l4SwOce5p5y(#~tOIo0DyU>V77AQ8q&HFSyxpeqst-lXUerl0^71J9j+U@7;jJ>zz=`K4K5 z#WTrc%!(6sL{d8v5FH1;|vCTa;8-;k{^c?CFYZaJUgGp^Cs86Q7Z`N@~RnrD}}q4k_4cd z_4J<%`ZGo(dF^9}TXWVwGq-vGT~BACl`G&H`^5Y%7L|+wTZ5_!Qz=)~TyFrFHk1LT z<9UOw9RR8_lXIrtevM3Uba-%o<7h%JPh6=WMp>4$M%UH}@NPnF&GcZKqv%jooG*iu zkALq{(IC&(VZ@fifxXMi3#6J3U?=Ag>`x8&;EyaU;7k@#gau|o-ds&b>g^}lsd+`k zAihRudnC1MVK`enp(Xw0Fi`)gwpQ+-OW2M3^6|IZHc^~ww|`^@Cbu08HLHRmAnQUb^eei*n>DahF46A6ogvC0_-l(eXkTy;?Cg0j#k`#biWC z!f9^F=*yA2h1#iY_TuH@;W^M;6hRVjApsM|exi*4%M}elV?wh@t)xnr=a6wyl}cB2 zgT+ZrTH<)OY4ZG#djZUYKZtR7SEM zyM>;fl&n zm)L#(enwz9xDcFdykp#=R>#6L`(HB-t-{WeVi1wWspdbCA<$*Z$5L|}6w>#ZN~Wfb zAv3GZ3ZxTdnaf>nN_>u~?BQ}_Q^jOCrnXV{&5_(Ir5@V}>yEbIORR6rtz)vw5qi9P zirTD^j0Lxga9#pJ;|v*PNW)-pOP!CAh^GFZztw=jnr>!iWsMR^ZxH04yZ)dtj`-C9 zkMnd)O~jt2l>rzCcIHPMYk@`#qF+ZozU@DC20iWWD6QuPtE-WG&FDEoVB{wgYG&1$ zYr_BC6(xxviLbmga%7d}hhRqZm4tM9SjBGdRLRi0brpW0onHq^00vC;ec!<7y%u16 zH6VGgU(6WrEyh3!?xpft@gAz%`PSKb4a9la|FbHw8T^Cr+b$!81#y?KAr$zelH<)_AuFmb3x_NaAJJO>s#&z%hF5l_sD4sB1BqT35m!$`dN7$( zg?cHtszIo?@xi~lfJdlO2kv_-pwKKx%n2ohJffHLz+(*b-~#5;vuQ#mgvL{{l8WI3 z2^Pm8e4BLCaIKPARJkb#gN+G^@qh^;ckh@5mu~=sd71 zjV5q|giw$eoTbuimIso&oi$|yn^4a-iI=RVG-t?p_Cjj2&~_t5quLND?9J-C4dEvYgJ8_mOQ5#Y0H^x{ z1Ls&5KJYKS%+m)ScrE08U&LwQYw|Yl`xyu9zCMl3^kjE=Vt*o=-MmuxxIRX??d+an zopX3u;Q%QI{d67sZ}WkDp1`Rc!Z~edNIC>L0mEMq%w0Rg?`(k9 z1-2uI|M?m|7Y(Sw48gDz)3Fs!GAgV+Y;wkP&qA;F6c|T#cAv9$P7Ire!?|m`!Y5L+ zO%5HxPd$6ky1mmQy>a!aG~-PM`Jo9zhHj);n2?pK@x~j@nE3(cKlHCS&yfC7N5Z||f z-J=w7qI&}M6N)49%vwY!k)Pm<2HU5Rp)vG9t>nMiec2^8U&rd1Z*qleqJClD=$+d> zJ0SnM!;>jJTQK^>nN+BFwROTxhdi<fBDV&b59VZW1P}Vvnko=?G8YqKjMhK^1 zG;l|DgMSq6g*c4v_(OBu(hWNG(8fQQej-@4gXyL<<(xk+(G)qu$NI4)_X6wZ>aBor zz^p{AWXbL4?<&?KbLjG_v0Ys_JV#%}{}Uv?`)4@o@Q>Jcnntf=m^pEAqW3{E!OL)k zz(gZaE60$RWVZH!DZxv2dOy^mffh?!vFtgB-p8B?SND{zL~Sx0b=j|#oKatC6YI1C z$$g$tYdr!XH75yr(O_kS)_F$Jc_m8Ge5=1UY(0_X8M4PO}|SZa=<6nbvYS>P^nuP$+vNc{#RlK&E;VM*i# zZr___jqwqN6I1)aASQClLC8ui$0UXy4^ZQ)qJ)QwUlRnmz{%3hVis$%_&VEW0egw{ zmfvf_pL|=E*yEyYaw3ja9ur91*pD$Sx#%UouSV=xOL?;fl*o%j!+O098m>P=*iVSs zNm`9@f>9}LLZORBCwYtj*9j57g_rI^EuwzFRnQiaW=TEU$@uQQRYDjZfTaw3cVA`a zK~YQ!;rK(0(_19x4Ql@Qw!2WiboTG|ufd=yJ8r%!mjkvyJ)mkZeZQ~DjrbWZfv%Ui z1se>1JT)u|oY~ttdUSYh^t&Fft+vn4!nGgX>$JRQIr*6aYY9yFu)lr})%V+`&J3qM zG2*)US`qcO)VaIgCwcuj`0Evd!XPyQ`!JlsE@{76+AD^^(`P5Sgp2g zKBlM(HBul9D=f-oIm|o1^53>ko7RBq=(V!`0BW|uT!0gfnz|cR+oF$8=040?zbY2+ z{B8sNV?J)YgWGmfq>j+<41SddRiiCJk(9dwbE7K&x6Qrt;w{S%`p|^br7VRGA1tTb zd;}x`vB;m^&Sh|6HDK2FhIC+Xo#4s94xV@y zh5_MB-ew>}0Ikje0-QC<)gT0)MRZ)w!;#M{HEBu#>0~vEi?Lu8_#RC&qn<8R8eQ9R z53ej%7$rTx8J?Y)9{~=ZRjb83l*cXH5ljDT>kWO%r;~ZM2DY_gqHT%us!1$(y2r>T zfC#i(vC8l<0(z{KU+)Sf__XB)p?@2;;!*Wby2?|~4g#U#@$7unaK00^SV2L+iW^tygm zdKFni5)x5nNfImvMiKycz=4+qqzMUCbeJ!P@b};EW=Y5CPBNCm3Xhtde^Wl|bNyJMvI^0J3ww$7`z*~4ti=oxj3 zk~S!q+=)yMNZ}@|ZPZ>sZa^;opsR4tl=`Q1<6}hgrARbW*$JJ7%6J%2`q7gRWQ z3em9Pb4eOlM*7Zo^%MdN|1>B5bwv%HhL3gza$Ow%Ftjo$C$mt_ffjA*E8ISp4zT{$$En1O0I7R*PFXzAg={Sr^Rfm;Cu}=kC zcS3>WuI-=l@M_F#7$uR+!|2C|+m$Y-MUlOln{!lwqk*Pz>6>C2Cs42X{x_m)xBk?| zibmCaY(g1nR5y?O@%0wc!%=Tks(Vj9nLwGxV(K(6U`3Hu?wC&l=UTN@dw09&coHrE zRBVLp^xB3|occq6E>SMP${+>*&-#>le&Ac55%<>VBT>W8IU zHgZsmkw7l)Jdlzzqdbt47V*sgh@1K)+@VHhT^Tu0kxn>EjRMI|cE(I55W&{KD#C?I zMlhyCp`x*izsg$maKpM1BJyf{T7qa;HPK}eF5}|TrK^dUXo$zVm^Pdy?I0)%Ydo}? z%E0lHNY|@XMum;4RzZb39sHYT6(3af^c@V_pnFWU=L|3q0d`sZyUANSo zxXF(rCp&b(aiIKm6xP|)i$zXona-jKIc@*k7Km(fJ26K#2|=%SQL1}cvX{u6rg zw+U>iV9gHS3eM%Q;sH3) Date: Mon, 28 Oct 2024 22:13:01 +0100 Subject: [PATCH 02/34] feat(checker): add linuxptp checker (#4512) Signed-off-by: Fabrice Fontaine --- cve_bin_tool/checkers/__init__.py | 1 + cve_bin_tool/checkers/linuxptp.py | 22 +++++++++++++++ .../linuxptp-4.4-2.fc42.aarch64.rpm.tar.gz | Bin 0 -> 37744 bytes .../linuxptp_2.0-3_x86_64.ipk.tar.gz | Bin 0 -> 36280 bytes .../linuxptp_3.1-2.1_amd64.deb.tar.gz | Bin 0 -> 50629 bytes test/test_data/linuxptp.py | 26 ++++++++++++++++++ 6 files changed, 49 insertions(+) create mode 100644 cve_bin_tool/checkers/linuxptp.py create mode 100644 test/condensed-downloads/linuxptp-4.4-2.fc42.aarch64.rpm.tar.gz create mode 100644 test/condensed-downloads/linuxptp_2.0-3_x86_64.ipk.tar.gz create mode 100644 test/condensed-downloads/linuxptp_3.1-2.1_amd64.deb.tar.gz create mode 100644 test/test_data/linuxptp.py diff --git a/cve_bin_tool/checkers/__init__.py b/cve_bin_tool/checkers/__init__.py index 880879e59f..add502b310 100644 --- a/cve_bin_tool/checkers/__init__.py +++ b/cve_bin_tool/checkers/__init__.py @@ -214,6 +214,7 @@ "libyaml", "lighttpd", "linux_kernel", + "linuxptp", "lldpd", "logrotate", "lrzip", diff --git a/cve_bin_tool/checkers/linuxptp.py b/cve_bin_tool/checkers/linuxptp.py new file mode 100644 index 0000000000..6f459a099d --- /dev/null +++ b/cve_bin_tool/checkers/linuxptp.py @@ -0,0 +1,22 @@ +# Copyright (C) 2024 Orange +# SPDX-License-Identifier: GPL-3.0-or-later + + +""" +CVE checker for linuxptp + +https://www.cvedetails.com/product/98135/Linuxptp-Project-Linuxptp.html?vendor_id=24927 + +""" +from __future__ import annotations + +from cve_bin_tool.checkers import Checker + + +class LinuxptpChecker(Checker): + CONTAINS_PATTERNS: list[str] = [] + FILENAME_PATTERNS: list[str] = [] + VERSION_PATTERNS = [ + r"(?:ptp|PTP)[A-Za-z0-9_:% \[\]\-\.\r\n]*\r?\n([0-9]\.[0-9])\r?\n" + ] + VENDOR_PRODUCT = [("linuxptp_project", "linuxptp")] diff --git a/test/condensed-downloads/linuxptp-4.4-2.fc42.aarch64.rpm.tar.gz b/test/condensed-downloads/linuxptp-4.4-2.fc42.aarch64.rpm.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..7959b026c81864ab329955da81278800acc1f3b8 GIT binary patch literal 37744 zcmZ_VQ*175)F$BCwr$(CZQHi(UGLiMTiflfZQHhO%r}|L!9U3)_u+HAa_3psBK!jd z1q=iP1oCTV?cna^B1>|$!g!N%a?WY6Gc>;iPv{Vuw(@yPk( z-7~8=V~D)f5+marypa`D-VB9S)atW|B%)i@0bd#exN2XtXR>B|2i zA?5bv3IlQz1IA z{Pk%yaC~YWj6(7pJvxlsVJ*r+1BNxq7S1r(0ea%22&JpR$?Nv59YF~@)X3INtKthW z%WNQy%ohr6+N1{&^Ef~}8q*AFS!?WxP^R{5Ejo*Homv7^JD&A?XE!nufGuowpVb(j z5(s*@r7N#3S^jQSAQ~9;JA$e57coARWssj-|4;Skp%zp1$sv@?!qd&rd0V9BcAr|~ z^=Xyii!A(SJ{?;QIrZ69s`L_{Cgasy3aK&_3qS5eQI;pVZnKCIa@mgliGc^5U7-y+ zSwNtko$N&#ZJHVLvMTaE%gWn8B?rm4ZE& z6dZZEDXW!vO`G$jfaLh!Rhz%XKBi0xwx~58a+6nEnc(LNb}C7rqO=LcNf z{e@NNbdF6_nVuGa%eVp2Y<#v@%C3azEP=igE5$~KOAq=oC=#^+@bIqI0I(UdF{_8!rgfiM~=#UjH+1|-O< z9B(z7^SBz_3(qVR5M9|T>WM|#S38&Zs*S_NRg(qnVJ_rb(4K>y@mKF+>KcDx-vr~K-`J`oLT ziG4dESH2>a{{{Vw_|D;EBmF9e)_H!jzj+fl4qm+KKPC|5pa<+@WkyWy=wk7G$$j4= zGt|8DRQvA+z`_b1-pP7<1=UR`fYd(IT$!odEw6&@K7jl67ZiHZqGaq&61542R$Q9| zsqd0kHzN|$_y@n!!^f_CiGb|jtz06L{3(TL*ef31n<%;LY1HP&w_M< z2iO5E8rnR4aSCxkJaogv>!*fXhk-6xXfm!FE(JS@0hQ8SYG8kb3lHKf4Li1x z`du09z0b|nh4LpsUAJk}OgiH4Ygnt@b=tn%Gsgd*KiOhD)glBmRipEkCtDqhSU!=9 zSoxFz5XGQQb48Sguz)S)>NMe|UqpxyUtiOYUk{@8&&uE4i{D?^@7^_L`SNUcJS>TB_cv~{oh_9;iFu!KDHmt146@%)=1KYt3?Iy>1F)FdwfPlO2FXMN0o+QTCn#g3;sHPie z;`qCj&aBD}g^?iVzy)P_~4`i;Zqx_gW?6K23T4#k3)* z>Rx_n&h0y+g*w-|5>Z#L2QgMsY-9mbXiSWjvNby5AWGJaJd=(hC~_I&4=2LU^x4I#WCQ|RN3*9mt8gB%N*>k}LztV?9g~3E`x}y&ozA?3@Yb4SqZnE<1|(3pD?PTV@`<;~ zq`=Gm;jmg);2$6y&W)liH2dO>(ZmahZ6CkA@r)+*M=gv#afVFk&i_|x3F!T{E@c(L z52+ijpIYE}09X)jxin#X;sZFT2Br~e{{3tg+HU}f+GQYJ{oVsPx&Q4Qw#e4CJaJsm zTx)&u-F(da?%e3a_trQV24Jdd?7qNSFJL4~^h`vU2KfQ$4fKY&WS9hXq;Pl1;|UUK zh^+LudS;jc$sP4V>Xh3n;ob$6AeAo3^NnFmF6d3v9RM3T3We4q$!ubG(J$%eS1@5d zW<4hQCKW&^_&@~Xs*eBd!lF0%Z+?={8g4z^o@N;TV*{P9U-_11iLO&?xR7*hq-$!N z7&>&1vzug^TWQA~`5VJ0i!#)ppy*-^_gEN;G@d1nFKR!u=KSxRFBUER z^VLMkPU{!8pP|cG=ReunD%qTfqpSKE)Z+)pXYV9rGhamu(?446>b#n75Ih=|3Tl)V zs-qWE+eN38_cc;n#JW{8&Zz}eU?Vu>_I~|!G;}Uvgu;a~YAznnpLk~Awb440eSwt=R>gQJ=lBB@S?yRvgllw46GOcEx*VfpG(-MhPIhWQ5t4Q|Gp zBHI6#r;E1+v;7xq?b!cM5oi(V70R#xbjZ{mM94J#n0Pp%a-!wQJ_O5|f__v{$(+rN zjzuKM&w{UjNc@^0%#!3+E0r*aI^ckK5)gJ&(%sLjG+dE1XgDP{;0(<24+!o-S_wjO zu69b;-5o(dI|)3NBLu!0$2$I2jH039{%&_J`vC9O`5y)FX!4&0d>A@VQIg}x110w)y7@qK zMsVUQN2PWJcGukNPf>x*l<*VQ<3wOPUNXhtAnEE9gWe}XB=+X$S42Jiu5pem86Qy? z2(g+?!6$E&iTmZ4t&>zW<$I#2l3hiQxSz&7KcuAVGaes__!2`Zp3a`*GnDFI^LBqO zAi}ikkA0kpcTkI1MXfT&vv3@;a6)ZAwvXXFz2RLH0SE!XyMLpj17*>(=`B!r!SWif`=U@gAL`E+pg7z{`LpctDE92TBQ z+#wU%!zWmH?hW^jWn&dcFX-&)qbSD@Qwfi1@6z5%1)QPS#g$v4%Vi{oSZhKVcak=A zvA(H0eoknqQCQXiMtK~Wi24=qsFUQ6%!?6p7 zqWMsXQI_KdP2@=7Re3ds1=YbiS(XizyJ;U}*$$c?XH_%mZgBqmn)lC<(%_nt$Dnw7 zwC3}P4@T-JE=!iM3#4oGs@5K^lXL~5daZD&xwbzL<1%k%@feJY@{!+Jjk^KbE}2au2K{58-O?7fzq$twz3~5?$V8^!soU$(7C)>NY<% z-ta9+?nWPuH6duwWpES z1v|(4cLH@lh^;D(c+O(})&$|sNsuV`!}IJY2D_)mN&_iwg64K{lO0v2*h$Bp&*q&@ zpceQRI_Ufj>a;ntEEmRXI7Y4e9V`h`u{deB2ulW%1T0b~R8UxpL~S$Fi~zfVm6=qh zCpuwW$A&d4TKNl*$)^B)Jqc&c)03jnNdL4vVX)&&kzu%FfuN)W7y?R(QpD`S!KyyF zuzcBS&iAor((h=Ik$d>*L#U&ljJB3~DF=dMgo{urMp719RoMaNHaOmY|B?X7a-|H( z^H{|RrqIW83BXEHSRzHURJ4Amw&f@`{|18B=NW z#{0$MKI>#0@K*KOIf-TIW9XqQrUGbYtRz=(W?}3%dgFcn&QxfTh zy6839L+gf`tXc3?vb)33n2uuZxfarR8f;%>a5NL zQo1r%(ac%pK=j%_3y?+`Uyk7Bu7_BuL5 ztK>Ri5hX7F2=ksHQB(FLr@L5fd+)w2Dl}-{(pz^|V0Nu2;ZdD($|o++Co9=x zda!r8+~V2XyKPhagSQ=^7=#?ru-<<3l;(K)pt_#5$5OR|aLCR@y@zV5+ z7y|9YR~SVt7&{dWR-M8wS@CHSThpZ!4CG1Hk$-QjtHhWz8WvJB3aIu|dY0%-ldK(^ z&+Q5Zs7OUAih;lvS$I-4+SZ+w=dxnLo?HHcubKC@teX8*JW4e{&Me-+zhP*s- zfQoXWLAvX_B*|C+BBs^rmLO&X&}wd_#DeIR?Ra!mZa7MA&WoJhnMBXK%t!vA)_HH2 zzv$$Y+rCytqrj0SZn1UElc&uLrRjc=<>FVJJ32$!AooId zLmixc^F>lP0+7*IMyXh`>zM3LABjp)92&=WlF*{lqVPzHGZw+-9B=o#hlnO>E3Y_Q zGv~wc)h?Y;u||Adg2%IJ*`#1OsTZ7r!4>qDR3AFZ&DpL zSh-Nk%9Zg9>b46~LH8|~M|VLRozMG6e9T;ag9p<`tXZjENg+cidYiOX<7SDr-=i%~ zUL_8y2TFJqa=;eR6x(a|54T4y5_aUXiFHo?qe#t_kN3lWO~6+8xI>OgnwWZhu%oWv zZjZ;h<7vnm1mhzkahTqhm$H~GdCW-e z9=od+jVYa3jLyIb{m0GBnwa?D;slR<7Dh2Qxf_)Rge?F&EeXlN)(HzM!YB?S*Y+-|xaVEEb z$IoV(r_;a4joA_U*&fjYS6+x)l$1VHOlMA*Z``5E#O_px{s|hBEe}N>YNoU2JeZm4 zO1TJ#XOdz0{1?kR6ccq2AR1R8*|mNRW}6jeL)KEjn#V%Lzy; zsc1-TD1%W<>0mN@K+Sp1b=6_D`sNiUtIhTyt?``n6SDUhl9M~&p;x$6le10X=552& zCw&(CMadjIce8aoT_-q8yooRn$zTfhvaH8c6M8@1>DghB*VRqkFPIHi8XL zTLRHYmmA|6A?b|KD%2#02Rm5|9qR@mo1W%VZPsS>93**)f$v1O=hvlA9aduO^+RFv z2Z1t!ZG8b31sxpU5Q)wa!RZZkcY{AZwi#w_@SKPqMTtW%_=#YKtFwi7reVo8<2x-Q zQL6@{ZJajF6+{!x=Tl6DZ zfOeU%*_5T0ROEGgY}^S|=waAewHl^RlGt)$jKM&1ws!a=*ks-?igm{1f|_o6GKDAl zdDnWmTXyb#O11`nBEB3zr5dYi=frBuID^#R*wS*85DM(eaku9gGE{iK{Bqw&k=XJVWfCWby?k|=!6qu4B9}qt<-)t# zNDW2Vy8p%ofzkwk#g?!DJ;SpsWhx=zqyU9_8TE|X*;Ttp;~-wGDfHc=i(9Fmy0X0! zwj&;I0$N1?HZxQAA_A1-wQ@Cte0gZc#-AhmHY$~a9>z?f z`4h6pg70Sg$Dk-Eearw&M1yhZjPJpkuR?(*peIVvS-j@MZ{hiBK%2P4+<0}uvWfa$ zyMP*Yz$A$og^*^~Ej#E!pROQbg-V!C=wb`|Z3Rd%pW<72p-6JuFS)Y+@1TY9MIsGH zYO=x~#ol7&6bGx8N8AT&S3z{(XBy&Et5omsF3qh~ZUc}18jLu?tM_X%vT+#(T)CI7I88^Z3Q zPl;LGtD@RXVp?aCDEmCSo^^bZz@p_=roZxQCd%G>-Vp+uiKOyC#TS$Z;`~`NZ>u7- zuEL={As)Loz&NMI{*;)pNh0V$WpG@1vE1ouY@iw%Jx6N5qn5x43qzoHJZ<5`2@gV3 zt(w3mV^LmeLJy$18u5v`*mzh^Yd(qYp)(z~gcX^YPH} z37>YBZRXBPd&9+?W_e&9ZPv|4SZybO+ZT=Xe1pkik$~Ow`ru{RSdknza=33@=o_c3 zd(nb&PJZm;Rn2DEz_@R@IdGB}xf7wr@p)tsop!vbT1?8#R+~ZU+fQj4zh~#iI0pR% zq1)cb(i(13H92Svt+{E4(xhyi>b&-5D7k5)gT5o>hBdiMGPd7uqcb`q;9N`XA%(U3dkLu-DZ*UY(dK1JsPg~CfyOj{Nn zV}6zk0;`%!x!r|fpU-_dUu68y)8yc03%X=7m4pC66?jcADesnr{dpn!&Qw|R$r2|^ z)%%_m_IB(KEPLuaQr*@O%8Y2KUucBU;0Nxw&{Tx+D8*QTTH?ELBPIjftt=llOmn`V z5y`QEK>*)wViLmB#c*#AQ(?k*&_6`cd&%HbwaDhA_Ig#vtEP&wuk3$hJj)abd(!1i zvU44`93SA=Yx8PRqIQ!!dDkKWpq7~J6iRgTnB3EI0h5f3$kJYj115r;Vf9Ohyy?GBxO=1*j-*cZdc#1>cU#xAJ zcYcyrT@sPj)U|xGAK#bx|E3cdi{rk+tw(+yzGlBYehd_D@r%P6w`}Khh}R^GQRJ(# znU!-m=oUeAI?mbQSVbojYHDd(JB8bdeEvAf?GIIGj$*I*|D7c*nz~|#@v$s`UU$uQ z#2|7ZP!Gdfis??XfX9jWR4UrvaX~Tc(j_;@ts(rBA;{-<%Jpd$$CHUI{Z@eCsVBPs zBNjn96$Y?WR_0oM-n5|9wHkqK4aJgsQ-=Z=JM~g^S9nXkKtN2r?MzcOJ{Il?MU`bW za%{`s@|! zKGDN%M~GBk0?_h8BPwjwybJLZiHTz~oorHeQjL_f>0Q#V8;;$?f0Dx>=Ulez_1b1D zKIo3nR{Ppi3$HNC0#zxpsaGG(*}df0d#`P`U4*I=nT9VAtb&$QUOjsuB0`MqsZ#wutU zwo)wy@ta27u{!bR+kcq~Nq$2C&LF(ZXiHmeLq4Ks5OuWFMFFcAJkd8^qMk!nXeOQD z`J`K~p4s}{FJzg%mp@oJ`q8=jxG;d%4?t+R_RKij$(dGeUA{g^(I2ofvq6W7Xa zks%$XJL+TEFWZrm!5A`IH$k5v8dXcQ`mfyH1Y&GDu1$(Vk2odfotqA%!sBK8;Xwo* zA@k7h_o^IhqIiFszo<3lfFS32;<7~hW&CaJ=B{z5?%dLb#TGr zoB>SqfJ)}++>*#md|e>&#!YN-P>tx7B2yMo&J^3CKfDOtS>`*MFkB}a4BHm{1d4Ov zrCA4LJP-WPOMh`-=B!6QBXomn^#ypkZ+JR>j{dzgxZb|>NXOmea~f@MOw1)=wHPt_ ziXygv0@Dc9;d}0$6T3nofZG-FZJ$}rfhvoV=tDY`887DtufL~C(rhv#2?uZ!mB5qc>dj)pGd+x`82{u9!A`-V(=L~q;{6GcN z2u}5(zkxi)0V@L+`UUebU6AOU6t(*9y8mc4!C^q7nei|d_ftQ6Sw=o zZ?>h@@Fpf?&-t{!rAAIN@-)}rft|$Y-ik>xPC$GP+|Glb7SzN4cX=@ZHo5F~ZID_=hci>L;FnDhbeum>%Q& zK;aJ#)L9{e7^*70+TQ(~qF>Q5>}-cL;zTAq@GE!<`bTc(PN(X(*KRTN$EZbg-NK-e z1Ko185pQ)1et>^haY@m3IvN`L|708a2N3>3f~x^_z6t{WT5`5Odf@%KeqQg;{>=80 z{3JZ=5B6e1AkBclY&$Cv;7(h@Ow2aj32>Aq#vLApUmzR$?5{xFU=Lzvg){LCA$=Qy zd^5QqkiHp3=umYwT#@VeGp@Qr_AQM(oNKc$+RaM{gVJK63;cP3!z)n1)sEcvDh(oK zMoI*=A_EGRz!F6mS#a|sMg&tH73+?%kR_c1MC@3_RClA*NCH87GyB?U5eIX!A+(r* ze#nI~eaP0U>J}@v@oxW;@#S~K?LJZ_`GXYpq8(9U{Lx2(Ll~63l2TSW&ekJTXMG3d z$$tm?3X?-Zdpy$u5;Zv4T=E;{X#+!)Aat;&BmAJh#c%LE>c<4)E*=yO5bHA%Y~!ML zI7PFPMfO8^3y39n{PqhZIGOYg8BF}ZDxiO79(I>|hw?arXZipgvoeRqxYNF^5s}ai z5;lW%fn_mc;{8bA4etGm#KZ$;*_4`Z*+c1S+CCJ_dVd zYFtm>SYY-K?%I`3^vE?z208df8{b74e`#fawC70Z>*A}2y$woN8CFLH;rSBJjr1Au z>j3vxNYCny#RGH6 zhzTR+gj{@bKd>R(5dTVsb#fvfF<;c^5vYBW!Ss?Sd$9?ce3fBT8`p=k^w02})!(5S zYG4bSB7dqO<%2?6Nrk*h3NpuXfV~zOBBmsQl8Om@u$##g}DQO1?zuU-gR-KV)rA9iAgdUPhIi2*|*1KW>V2bxB--*;S*AV z=IvZ)h{9b-Z+smUqGAT(^9d}gcd#Y|m`+o7h1IY78TEnkP_k6v_p>;G(3sxfY0Ss^ zGCWb$Q&?n3V$>o`6v$?c+X6n%>Eq0xPYU;CXNm#35&2rrpWFx`2D<6)ai99EqppU@!@!yh75-?k;foE`)vekA`w98RQkEXN@BrK zAmNp~<*bc}9oSE)l&?8KJm;`_XlZbtRq>a6Vs$1InwV9Se{Q$`8 zf2PE18!X1;!n)@sXqsdqN3;?HBw87RhE&o7%2|hAqxXcn^aNs5+E#V@)dj8F(g4osZi(9CMWxq6G9PNGio-#7~(=w>c>IAX;_{y zH1A4*q%qWyFhdlAcnhRct2C`MF`%?zNy?&B5bVeRCH?7 z%pp`s=t`nMyUdPuLi^8Td3$i&|$tt_MW4i;GxVh;`&af(NR~-~2r>?uE8@%|3g;H(@q2b3-RFiGo!k*oP z9o+|6L6hD}?Hxi-b5kbL-t%?|B^8BSZ4Qw6If^lxxxw#rku6z3k zM<)!?R4gCSljiz~A-ti)D)Ak)$R;r%bDPKZL`SP~ef)j>b1ygT7|k5oKW!FVT(S2> zEQL=O(E(R!khv8s+k~0=tr+6#bDnD%q5i=+8nL0rGO!RU3+^zx+X3<5Qd}VzjFuWN z+eMC*X7yL05{@zKZ5N}&X7ZmAQLl9N4_UERJ++mzAeQucHo)+6Lv`fg6w)18Z$&WbNu?mF^E`J8E zwXzt~p~1s?HUMr|O3$>?Id4uh3_x0ZrpaVWp+TD)S)fbqhO2%n^DI*+Oi5d^49nhe z0v`+~L?o&hc_*S3=OPP!p>6t3ilQDZ8)9AN)iLCf|ycBCT( z;)fisJnLoR%+w;cYQk^V9n}0<1=W2tOWrH=mdegCAfd28Uhwt+n>7z)0hhGJlc-CJ zeKDbHii_BlC28%9uXM>4eXYWh_!rG;>EhmAJ$(-|#qYo3^*Cf-wiFyZ_te0+k zk~eD7@+p3Cno`Jhp5FG1-D3jWzD`YDzHC7pzeEd}@tnuJY->et`51bzcmc~UgInt! zrwixRX1AMhUojN=TcV82iNxb)IGl<&?R4i&<;@-PeQaFAT1|zoZ#Ip?p@uKE8nU@L zW~P-GpG70dqYa15ug;Bb6c}-qroVbe%e`pQuhvAHyE%j~RNSh1XN9=RhpST+;$XEo z?ORsz{V{mNWFt$g?5PhybUdic%yMh1Q<7Tn8R~WCg1O0fCzjUblABmDeE*tE3;$rx zXvrU!$t~KGTKBse<~2j*@T`O6gys9Y=Vi&c!RO&Wq|6cY2$gGRW+W4#2|>KMeLj|K zBkJMXfvGhMSjM;i+p^}MK|BZwSFdT-8OYZyt=@z}1N$bj38ye%+ia^t`$Hvtx2Wvb zC`hAV1!Gg(IoPPId5BxBzf=QuVmf&D`Mp_vQCDAhP_n#mmqK8Y>AC+ z{f_Lm=zeAXX<(LQWXy7iMn&Re+YW=X%-m?gZ#*=DU*Y)4Afz(e4da>YhO9_KOdY$F zI%}O%uE|LHzyXvNP0i43R=JNEN>5Iul#Amv6L$&`q0(j^~0GgMbUqNl3lZa&3I8}+ggn^IwPu%VGcSh#*f>i zL2a~KomgtdF3ofP0&ef@lxI_2wo376$HXzOXj9^tj34GT3PGjwJTb%$r|dKrD@H9D zU9UktK%B`=ZX(P^#CWf@>)}~6ty0j$Q=5iCN*t)r|FLierSAPNKHJT&7 zIhDAkJEO1SpY$$@wMIvwb(Q=S>)QU1zD~#S13jj^GrmGppX@*60%vEtfnw{Q!c81&+dSpCmFKQ>2uVa;^UGF6hpLuR0 z7&ou)#p))y=hm33d$|&R3zir|J_)RCtuc84Lj_t?kjSx6%|$1^%{fAAZ3zZ*RNH#l z7duy_#{1#8x_DDW&V*RPKM*`xqji35!(@D~d_+E1G$ z>(FrnA;0u`G=uTcNKsxIdc;%Nq!X)sTl2hYQ{KueiuPJa3j`g%enmQt=bU}x{NW_3 z{C3QTIx(Md==~=jdTHkH_!Wq3c@!8f_KG*Kvt{wob{Ht`?EC-8=dGx7Q`y=q(LZuq zs{D@{z`p%gj1)(n&b!e%NVBUr zZ!5p6S^f|l>%jzx3w}C*2#me!@MPVvS=`{~Z-FyN`yBJr6Cob^K1#fu&1je|-Ob>= zWqh;)S|{H+V;BJ?)lWks?z?*;Z$w|4y68OEIp4?2dw9FNrOjI*gXw_y-2U``h)Qq) zq2hti@f@P{Ia@lxRZ_QTGjXV1ofnb0hSxX4ie~~cPHjF2k%+?W-mHk9?~Da>nN0Z` z!CF;76Y}^zvXXQ8pKyY&1Q>f-@6e;Y@q(g)XQ68YkZW3>cujk9KM3?o=Fg(`K>OjM zZ)*lK{lb@!bbLi5EpDfiqBC0deHQiLA7!j>c^f@J*MM*Rw`NptaCcvD_s`3_-Ty7+ zM-O|i?QVPF<@S27d;Et3KQ)H}Kim2PvSW@$yo?luTcNk=p|#qf$vAPR?eH3=M=Tyg z8lzdMIAS)D*ryF#>sk8)ox{xCSb{N5gc_Oivg5Wb4%FbNdAWFrU41#wwz;aeuaKZZH}GMi0m3%8dz}lb zBkB=nY>i*XrT$Ar%@Hm-#}p3$MRn+n3Sf^Tu%Fd9!-IV2F`U?lyrAm!yHy)qst@xc zz_XO)Ye|V|DV>2_d5`bm8Z&tpZVn^cUXy(6frjjm=^GW)xISi4UPpH}u|0^TB{X>b zqWwn#%%kJ^CqB}HgpllXWREHLtMA_=akQ@2f_zo#?+M-%E=q!e2oLul%i_4PY~!{6 z=Dkv_m&m?Ci}=a@H7dQnv$4n=k#O5$^?dvxzXojtdzk$7yx{2%1~`s5vqvKM_*2>{ zh<~BUJULIqXE2x9j5}kSOxerQV%8~9| z&@Htql14#B6G3eh#{TLex$Zn(je=-Br%Pvs_CI{O=N!wZnfQPV?Rx^a|CD-oE;HO= zr4Ns8fF^ZRK@%?<4+y@bRdp08m1%mv1a~QwnC3I6YguP+M?7u&_TZX&x&#;Q;)bry zaF!mbTgD;E4F7P$Ox8|??f^bz4Oj97ds_*YFZ$F&7@Dy2g1$8dO#~T|oqh7YvLHzX zn@;ylT6;Tn%h^q&m?$43$Nju3Zt~E-iK!lmvS<~T_WGew+N~cB&S)Qx_gI=f2P)5V z+!dTeHdp*PlQ;cwZDt(iWFp^?gf1`xjz;=RHcl`-+{?85A1iLX);FoWf=HN zXr)Y_NmtBe0-d36(wVKr`Ad2_%9WNKc3V*1hQP_oJT{#l`aLN({0a<*z#iHJ!%w`l z5dyn(x|=gHMC}|HW^wtUSdL4*;rs?aj}MZz-ocP;TmDoH!#r)p>75(l-)_Q_-oS{x z%pVR!&v*Kd@ zf5H8ZR(ql9g~+vg!uq@#;hJV(L7kq-Zu{~ao4NE_B7K~`xb?{CNV=<16?ZNiEhm?@ zc$d#y2*iZ8Po?f(rFZQAX4$Bc7 z)XZSIlfy*)$0)a&=w!+39IQv7pk`DzgXPa)I;-Smp!?yij;W8&x1(pEr?20)BQFwE zPwnqFZS5~P2g$F7ZP0*3h%da8-M8#olv6B5Ed8T=gFn--8CZ5QRxPJb9Q;}uS{DV` z$dv$}x$*%yZLH`fY?qo9u)jBj5Rek-C#McMxV}<&G;3DAo@vJkL(>-5#{#agS@=FMEa}_ zpa39lI?1;Z#BMQ^tLQ}Z`Qf~2%82UnST4dJcX!pVIh{aShhB-<4cN~_0#_1UkCFnG=tKOldCQIz=m&bueBq~f#@LWS z^ZVEK2F6{{x**gmX=SP+OiPkDZC#UI(6VVM013H`Xtvnj)=eI(Tip9(d`Tx34G}D$ z^H!Z0s(8?1GqnJbbi>jO>MPr`5W)mWtdVxi`DO_W@rXt?d5digEb{n?HH{}_cS&q1 znT)FwgM`%qYsYV5#eP6THu!^FV6ZJqml=9v!lGM*@8;RN4bO6Z~ulY6YS6p8!eu|*~3 zAUl-h-5vqA&~_;`td?5*U_vBX#S5L!tIouuzC33YmO@Wd=~ zsX6T}0x%dAR2GfcQ-sK#h3`L+c4|(&rNYI^#5)Z{Tne5pQPS+1B!{fjdcOEAzIc=1-|@ z+9%JGnY~olR!TN*Ygl5r0Xb4h_^jW5196xo;^O!jeS(2`6BIi({wighDqkZF)9Hqe zxx&&a5d}VMx@W}O3E@2&zQsQAMIApNC2mqN3DPENZ;k9Jmrn?A^dvI38gqU;B6n86 zF@H^CrNb(vD!Ht#D!&>ADJIPgIgWW7Uswkg$v`=b5WHYfj6m?L`1>j?V~_fy4k^@x ziMDlx&m#PTu$uCRy#%@3{uvPT6)J_u;`1OM55ABT2!e9a<+Ukn7Sr(VyYY348Z^dQ ziDNC6N3Iok;k;N|@_3ib%vZ(nulv`-<%3dac1MCpjQ1o`0uiaCtblISe&tV@l-L$W z;AC6>iH{h7k#fRLb;{nl5cKTW4N6)kWSy&96ISzupGuCWc`LoANvnBx+!HuEt$Ze? zOu0ev2cyWF3U1*=G4T*51N^%ak+7A@Y4tyi%jjMO>G#3)q+1Y}tnC>h@`Dw7%QB;B z>QpaZ(o~N#z$Fz{9`Fy(0xO!@0Ne$hBNizHRpo}{O~eOkB~*bx>^1nxeO#GpcF{Ff z5pI}~pYko|0Cn_~RN(ZD>|UCC_{G`m(?7IETPZ|RD-esZ+hjSFi3ilxa--LtfoS

`heHWhQC-|_Zo7Pm5V4re#hIm`a3Z@rmlqRSfUw_k9=eR#tB-^j^Z;jIZ{6Z>-k z!YG|eq9rlXO}pPw0ShYj)nfh8U2zOtKC=T+WZRy^-Fg1jBk(j&SG?ZcXE+KTxk2C& z(3_h{6hHLPb=z}lb@y0|-kn-@nV!0C)ZvVzap6TDO6Mo&Z7HL+ROX{!*GdNzlVZ6~ zCCnJ>ndS5Q9&NOGiZZ23Z{wQuxfA6&8tO|K%}*;Xde*BdfPE#G&eBvkgpiGfA{v~M zvxk^G%J`9~>m*vg^5IxO@!el6vz zbguS;KO}fSUj@^8KMZW=PT_@~Q!UEgmRsYda4@GPH)g)^1H6!TrEI*V=l?p{Pd3vn zcBo8wF%}&XqYJ{CS)6UBqT4t%DmoQVJ1bdorE`Z+nQbu9pa0S=7pNjlywC)5JMq6j z4LVwmR!H3c>y@xV%y#<_!;5Mm!;`Ub<7=FAvtQ01Q9KwwTuZ0MeWyObF)Mj=W8w7& z{61aDn1i%=7OE0AcgK6vGR<9rjoR&=q)Gq}eXlC(ty?=+xJ8T#{G}9$1r*=)bo*yn z$;>odY~9Z%0YA-*pfr?M4zpliKZ;+GSY*36t$dVt>8Qphv^=hPlckO44KEt}MRe$R z{1b+gK%=cLTddM_&hTo0L#iTxd^%JCtNB0l@5&xLO8<+d>S)8H7u!ptTyDt%K|uNA za?Pei2{Tw}J~l_dLvp3s@{sIUSCV(e$N$B@!>i|Q^}7!A+Pd*791s{5gtYtL#Q)LX zlG6@0gNE!A^+g)?)8Zn~70QBHCPne2oTcl8W}@-dLm?tR2TRSIBPs;wopjpR4Z5JR z(LtdSVVzPTtQ?nBMXDyzWEyBT5rH;F7ZXNYu2PsGVDqJ5-;;>BJhIL@fI{?#b}9l2 zwp#~UMF(q)({A+vT#^>W|Th)TaZ@8O(6v)jz=ICKvbnb2$JtRd*N;d z5BczgL+viax<%wcXHuq^d&x}7WS*)#Jisf+IP~b`jf8o>T-@BiK=Gh)<)P0RO|z2a z22xQpiLw9S17KXg)Y~67@j$s-y_ZNo-C}J4<~{Y5qISVo0~c{AW~oLF3R@BKq=#Hq zz<~W7lEA{I%=-a0^I#|lc+%yH6dHK79GsZR)A8HKIQEbpk zVv;5KG8f`pErNaHPxVptiCywL%HE{VfjZtCZ@f7m(<{qOk%oWvzw_+%&R_diNyQSVKsFQe+jq=yS!=`Eq*+RB^QwKEW$QkDWTf!I z$i?H<1&eB|7SZvqDc%Pjy9UzP+1c#6WXT0qPLOf?(R6ZdsGYUjRBWim08H##v6#w< zaIJ$WxyXNf=WLg!Aeo-yy{cqA%+C@!w`tx1gGWaK0>S{1vtl^K>-j@(jAHGG?Y!?< z27lJsKQZCW0y>~xl`P#)%9WjL_&#xs_-H7W3ZHmL|7;0T^ZKCy|5@mtGq`{ZdA@Mo zQdXG%;h%9=?OZ%QjUMk}@gOhR6cP^`s>|Za7#*M>vU=JZj=ba<9O_q}hW{4;V?dn0 z4fdM8xWQi27dO~z`r^hg)a2sEumKz$YDe-&1+G8GFCclkEBhU%&XqWeGEZM*KQR)f zl8LX9M@nIS#K53Lv5%t8Ax+4VVZK!Kk13IO0@HUjj5NI-W>o^Zvo;!460xyZJQa;} z3aN-mMU9Eo8RrT?k}&;($%H~^$3-frR|-)8f_2R5~iLO=1gY@@=|@K zEJ1&UakOjFy;}4S8daZIiJd8~o)lP5iY)0Vq4lKLdQxybDY{%0lD&wKRuze9u}d78 zoqC>Jk#+II5{n(A#o{J9{pm5W+5~R z!dU9sWBa)0boe)BHf}Q0?3|BlIm3=Q1y9c5RPvsV%Q$4@F(^4VpATmr=MDhjL^qfL zQ0IiUS6wG`zooI-vnzP^YBiN(=6bb=%cT&A*#3NTcrM?KdyZ~iO@tis>2q0d<}Q7W z>VBG*Q|k$Tt_Ce*wrBW@s-Ga3^tW15{Z9mj<3;P4^u58S#_x`6=aY7u{dJ$IzwVRuC%841 zq1Ef(;aW$a43|O2Qe~{i3BQrQDDgA`;qL&N*(jSXO0U0-J2~NRt2$G%>G7YEP2u0} zVTBee;%e8jhy#W{%B3 zkELg)v=h6UJcP~O*K}6OJsJ-+pi`~pD}4V32y8`;eN{CryD195|?#`h0h^06dC(Wio_*#n7Fh# zTyTrWVlnApJK%qdu0hB3;y6tk&A}lU4jJa#8}r>`qlH7ati<@-Af*U=N=gkurt%KR zl!NUqm76VVLvnC-c7#1nLE|x9IHK8ho4^#n4PG-|baZiryjR?4P|pBCZB`sJpdht{lb)}u%I~Ic%myMuU(53 zzp#l|Hv43P)M-P#%?M*rKKL zD8i?QyphZbOv6Q3@{&5SIfbM8L8TT8UEtKbQB8z}iCaJ;?PbDisP2yss!xQ$%CwJQ zinD%au|yi?ZiE{AjhCqCboJ1|psO>iDsRxy^bIL`e#}S8$sVARJchZb10%~gb957| z(m?gw=4@g`IxLED==nUIXwuo#;hd^uNdLZZFP429IVPktgVhQ(6j7`yOUe^>MVM_X#d z>~_qOZOzEG+vqVlGqU3NYQXX31{~=^YATtHffD_cOkE{n$EUHs->T!&c!1-!7^gkK z7uq?DJb_s_+a_al=%-Av2{~yaGV-jAK*vtw;?Q2B*Vg0epTJx^`AwUOifv2rDca~W z-@lv3*uRWj$yd9JuXYz-?JmCBU3|5>_-c3Y)$Zb}-NjeCi~n7A7sqcOL6#2Z(*abR zt6ruOipr;2)Ko^nDG<(!=;-7$ui@+{Cgw(3B6T`?(>UbB9j1xPIOCUSX5PFQ-AowW zL$GfhxGorQ@UdG3aG^$BG0wV5F!g2tW=}oSID|$sKKHk{3*b569Zg(}j$GkfG8#*Z z(^u}JSX123l`r-&tt{2&Q+E%ZxKJ>|iz5FN`}*u10{3};s-$GrZX4(J-dIy&Gn^}# zubSNm-U|V<&b?1Nqy6NmXh>cp5}FGXYT_=T_nhzavqv+}7fl`@8apTiqT2a@xHJ0~ zAI>qmWb8DBJ%Mv>x6!l{c;k-aZ9bh@>==(-t!FPDOtz4>9>$I`J#}Vj;-vJHrG zfAwUTyWg*Nim-NheGh}HI7BlKP}xzTwR}PE1cz1sFet8KRS4%6`5d0DEz_0lnSdA() zzW7$*L-yPc4?h#o`BI6&YHaoWIlMp4!122)xY1JZGqnPLwBs;;U4f75{vw>;pMv~T zgZHI(5c_q!{td#98*n8bg7#$t65R&;SbogH_n@TQ!pHd066}23gT%WB$g2u`D}K%< zA-H=42d9TVh+dyqH*o*s8s4Pdf|=bb!_W6WU@37O--*lLU+pZsnvI>X|3K@n{{;IF zJKKSs3Hz_x!Tr5g`w#z$_8-1$oAc{S5d5(HZ*B^f?LOF+7i{Ycj;)3<0}RvcJ$UWL z3d;+&#nv$^590!lFrkvksM_n1*$mZ1aNb$g;Ox0G_LMiiM%!+80@2pjjB3e{flTu*&s9cfz^_ z#zO;!V}xObX` zwvCV}CP9RCjiD8e8AdF6Y*&p=C^wLgsRGEl75?a5+iu3lxW&leg{BFvv`v@jmfMoa zUtwmqMJpKXPWL~_SjEUn@SieU5eRuKSj@6a@lw+k7oR`FwXw{m6{Ih0yFy-sNN$nA ziG5Wa2qig^!$)3*(64h)YgZt*b%-9z{0!(1L6S!vWN0U%P|fv0qCdXej<8Ms~Y!U7Be^KcYA1|u2DK_+j)U_MRg&x;&N!YA~_ zHgw^Wwgh&tB)5IGX$W~9F3H-%(KbKE&tDK-n?pTHCYby){PS7)`3NfgS*YlspdPRC}dC>Rv5rK$MExV)p-eN_U{p_&;Nvz+#86b z-@pZ-WIyIP>Us7Tfiua0W*aj&LeB=gKl(Ye22Jn!_ak9Ky7wL{caWPWe0R0`5k698 z2uNKK$lXT^+$hU(D8I}I)FEL8qo0R8eBUFt{TvhsqFNc`;hLcR9~#H-^DYL1dkwJwW3X-6mP77{xyA>B+!3^MF?>>xV@Uqo z738%jKWs_hP>(`;V;6RFr-biL?(MlljHv*NZS13jX-@e2IfLj@Y;i%gZn28BzV!g# z*zN+^JjuiN{txaqgaD5T<%eO(G{S%^GALLEEat!@EO|m+zt$s|slFZova7=8R2<_B z!$d%jeCykZ%rkBO7bT|Wzhi(rb0OIRXqP{5pCeloWUk`Y?33w`+a;zs|F{id+?wSztG~HgB-bO5zRh zO;oQi(XebswOgd#W~V_=`OCK12eQc!VWSMxYP)Q3V^?3cZ7Pg%qz)UgEzPsl1~orV zeL6ywJr9GA@7aC>S#MAyWDOLkLQtLji0NcBflEsK)YsH+8VD{OJ z3t9HKM#Ag+JPb^XUH5~s=3_$u!Y&J^Ei5gR_`OW>s<=ni9Ine4qBKuqfDpsIjy$YK zvipFdXP}c2fb0A+#=TDQE>i~Sn=^_HctBQ34w;=J!Ydv3C(bHu! z1vxGj+dvs06O)|)={qvacZ`M&g|NkgA!i@CKTKiXCS<^_flar7KXya2+;-YI$BZTq zid-iso3qpfd}LLl?~B5~x&&W|a)EuoSHgViA{+i6$nJ)ni!bmqA(>784SR;S@w7g`@t?z!1g!h6<53k`!VLB zuxiJ($aX~*v3}=QnXEvSSP&I|*hPjkKM4CgW#Y)|5^-aZ%U}{WTF8yvJoDAS^pnAl zfnYr1Im!g_AbXqayn`_roR1E3AH7rI3UFOq=5bJ!|4>l;D`JF|THM!8iR0dr#gj#p zTB|rd;2@O?jGoA#XIq8nBk2R1VL8Evct8n>6hkKFz5fAFB%|OO3KY{Y?Du+qpYJW>$%hLte$B&NhC#Z#wkU6$6ax4`- z`#}jl1y>=3LW;z!uy}MS#_-&C1yw0@h=s^I|ES;_{pC;c*u~b%3yUxC8EcqyUb1&$ z{2aydIDgE2Gt)z&Fd5Pz>uF^6LJpPk++6dhy^y9=MTPfsz9IT4)^8;gtIqea87WR8 zEL0Z`_~n>hPD1<8CRrr=p^r>o-G`9=NVeaE=0_$rA_F4=zPB}>UpP*lAW4kK z+6q#j!{A59ercV+Z0Iu>S| z$f(FF_4PB6zq0uGB7O|w@d6ES_>{>;2@RX`*c-ZUqdY3*_fb*64yYEq242uP@_@XP zM}aU9-}I<=;+ukJ_AiC#i42Z7Gi2YzrllNJB}sHRUygK-eKzN`&x46dR#J4f%0o4z z=I+SMPjsXO=jMb|EpWS_>?KoFZ$dnzX6A_jI+Wd`81$(IGF>gk5x>u0V{bFDtG_q! zEl2F2qhBui2BX^w1VEv4mw5{G@MV0L+9+Jgk4@Nf!!; zFPLLW)geRPLNXd5FzFzTm?0DzkpflVcT{F`m|1#pdgsNVY-?v9-F?dG#OryCcb7Vy zm{5pG#a7gUt+_?$o}oS)#R0IjfZBXC2jW-f_gwi7pLvY#7t0Oqd-R;hpvf|Pzz(*6 za)9QF^H>wicng0-**4)K*FhAzw=#5b4vLKrdYA-k4#x=zP+FEDREj{TaE+599Ii8t z!L;{eFpX6G!?ih?ZK_545_7{1wwXcAtKy7c0Jkw@e|(S`e0BKV&mzzAE_C80?|O0!!$Rk=(&OR>Q829GCyDh{mK^)8NRNaMP3T zBR?F+#NhNG3vGlLB$z`6J!S3kJGE$risTdiD*0vf0QX4BmQE??AMpB{8It`h3epp-g!zU|(T0xGczU=IimTi-i$T**AFd*||N5Uc*8@pn&Wcal^v_BTS z$GP_2Dhw8K!WJ3Ly}>bG#uJpFVUygW%QAO4Y=Q+gvbp9RolZgp7D*8tOG&v1<&g^? zXau-tvs5ADnrvE;M}Q1j(MyJTmds6RIH~6`EGl#PLyO1Q>)4=UD0U2cU-B%yGSurF z6M(xUWoWpj;rm!(-E!%e^0*={pkD3Rg{%dODlk(ts+63Xi{J zc?&1VDrQO;aFcg|N=+a1P{E1SL8FdwBrR1}*=}8hI|`Bqm@G(=tVZVhkZw6oGAzB4cx_kpnRc`O>c%!7%i+YilT}-%+fz zkd`BfBkwyRI}GO!KJLQ%xvGK%NU&ad6jfL#kz}L-`S5#P+T+Z$r8BG`EU=71>_MSX zN28FNkb5VyE`5UYt|S?Ug!!l~a}8cz`7YD}E=oJG$xV>TrDRbNI+rr{&R)v-VE?{n zGRLx{#Co!knCH>nz?AdzwAe!nL^)o{Iux2EMwlzfoa5bnGC+B@i#gau)%Osx$|4ud zF{6m>{2BHn+jeEPY`L81D+TEXDDXfw+z8 zk$Ws=SVj)z7lXF3RMP@m=AMi1Y^ME*tpx zQ64P=*;mdQxA?n*gh?8pZH>N-)f=QKn2J+OtawbM`<<6fNiap^x4g`iEubjJxqOD| zg46@sb~3U-@`0NIYw~lCvJsy{PD~07#673r`2>xI!5j~KIAWy6=N+RK+2u;li;5pP zlb(tdae%Q?iKzqAn8)F5?e9-aXjB6g?_J*?ikOCBdvc}6zQl$mjmbEqG)ERYeRKT5 z#+tG293zh^a;LJU2}6(CAx$44@&-l7LLA5LA5k6>s2#~sSalTNnaJUA);9W;Y!i^9 zCD{oZk-UyO(~zyhE~w-ANY7Jwk$Ig0%6**7@;dV#uWRMW_+gk{7if`zdS$=20ZMKe zbZ0Twd1wvz=)8^$whV^kLk4-zi^aa&Jg9qfu%D=t{}1#CBGH25@Rmc_A8XDF6>MSL zdgiKFB__*~6J`%?%*^eB5krYL?rgx_7TTiwxA{DAdOEqQvbj&)V?P;Mw2>6 zD=sQ6pObPd^Hxiqm&0@0=)TR8N!amx$cYzW{&QY}FFa?$64La5o)9K~8rr3C2RZBi zZ|}<+(rA``-}m0XtWPnhxFmv#E5yWMb4gr?U`)&c!zP4P1{6%<{pz=>x@RBMU!l3oq*DP&Kjy0BnS+r~cJZl2&3vZX zA`;{JFugbNv2AYvM^6OodSp$WrIDygGfQPIcbwq@c>r%Na?cmKzNH5O91|BTt zt~DScix{UgVsb^pJu%T@`J^ILBUMi)3Y-A6_L%Kp z5}g;(C~XOQu=~En-wleOrFsTWMzy&i?2+&eH}c%xI@Y4<(AzF4xH-+jS?N1xp;#k3 zeYNR5a)&#|wVlp!o40|aDv{c5(kcniL7}!SUvaGHCB#ael>ML183ttHx7)cBdD~11LgY|U$s>fle2w$c$#0EDjKG0MP(r(?@NKODC($Gp_Ln~_fJjPT1wH)YI2J)BAn0P`ZMG2YEuH}vZ9P%V( z%q*d{{|kUxPsAX5-2LZ&xHntt0eRT7b5e3b$Dd^w~9 z*XT;DUcn7V=+pBv%7SUmLY=8FYzNN>rKB}WjJn@x%U2{_dlK?Pv#jXSStb^{Ma43_ zplneTM+>d5%WTvs9HT_5P?dJ05)YJuq@|Z)3(^OzkcB92d#6ylHHaiw+ zMYPpGMbj0mUZnI|&KgJ;tmfvn{&GYTmInbnR+^Q51qR)+#@i&XkW$aOE*2V`Eo6^M zpk?Ah7^u}E939s zUCyy;z0af_KBtMWuBTw@{Q~@&?-9r> z&~C#%2I<|JD)E`el*4(1iu!Mbr2XZISj0XY2bLJo_R`-Fh7}so0s7P!&FMEKj zX{u!pa3Rj}^Her;cHv95nbD^r+7AT7+wi7=Ns5c7ClQy+F9bJS!k{tF%Yt4pb~RU& zfl@gxzDMJje0&B4-Z-D-P3PMaM*|N#8VChTF=b4lE?^>C(x0KE4VVfWs0BG8h^I4= z_05CqQ8iYNbz^!n*1Eo_IUtVQkYg@nF<$@=JH(V1L8jfYaY)VW!Hy@ENGk10r7TED z+y?rzp;?)9$UT-ofH}%Uc;jJA3z$cl0B<}AJo8F!5DqlaD~H!}_R(y2HbN^Uv%84C ztd_Np!SZK@-@Mi8f>c>7ia3s(#bBVFXnw_y3l!)ecLXvZSlWN`3lnXvW^ z`oNwKx2~b_4SO!=Yi+oKVI)>OaR@FF9IwQtF_YN>&BWXpJeZh3!6C}9MMkn-hp^H+ zy$Y^0Mi@=`0iWM!YwsJL4na~H;t++i8y^~5bwiJiZ5_7E*Dca`GEfUnI1LIDEsIF&3wlgGgT2txH5G$EzeeVne)vD~MT= zk?O`28_8#J(lF*~BSlvMu|5v^H76Zrg?dP^3I4LcU+(viN@9_x9f|nA1$`OEIecT< z@CROh3^to(+`QMCg3`df#~vg?XiOd3cjs&2G0+;^NL^kr)k7|2G>d;s0z+#YauH(S z3IVfH>|70W*HkvCkjR%{S+1aMmIOYQu4@8_(zGWcjZZ#yromWc;T338mYs6)GiH~0C*YI@RG=9y3 z9eg{++)!@Bvf|v#Mb)%1%4l1#&PmE7p3_t8{UaQxW7s$u|4>p5BB`ATwsS5}gtpJRw`LG9pp2 z(=*dRc`iI9@e4IG5mBS`n>U^%h8+O1Ygq}0q$lPq$9VY-SHG*9ViCeTCGZ3wVBEyc+LIEPWc)q z+@UoReWH0V+QSW!RYG^0akwWml={nWwAlYp`mN5(Z$xq|;VJ8f6Pn4%8&PgGT0>Wc z!6C5lQWV>%a*!ard9?QN*R`kMi|LQ8)81HP4YEIoZaUg_k?6cbP&-*AiH`EbIx?SI zoP)dOeoK)Lmc<~8N_U{woJRz|}1D#tQd2oVCtt; z%5wwlr*I?8eKc`I$T{N8aK+?;e9_+Xjc+sDk8GZ1eVl0uo@!9&HxdhFdnK}}>AvN- zIMW{Go3DdbS7=HyD+LQQ*iBVAZD>t2)`h_M5{g=>;VwdN@~+`3!aiNaXvL+32A4_h z$|e3Jd+b@={pnEq6d*nubBeJCdX=wSsh4nb9Y}r1aU(@g7ez{aQra#mCD|Z$l8OnN zbaudTIFj5m)?spHHx9&-cK05LCms|h9uy}Y6ek`OCms|h9u%MCL9txdOSs|kVyX%1 z{+FB~KJ51HU*;EJCu)KB1>8_-rbSKdL*}! ztTI;QL!*4fMiI)(m&!b`vFF1sq*I;=9xqwGp0-@Bv!3F9i`=CAW(SEz+wAvPRu6Y*3&lTM%IPtv)I)3Y}emc2O4B@gnMgQURLKhN0x zbEML&Rf-R8x)ZPknJx`QA0>~{@iX#Qm?LKcDXf^iA+Wawczcc|?j0tDw*%=zA)kJq zIXp{e$2wUs6Sy5caE)L(&ma?xZ2CyNB5Hp=d3u~V!j}eTS;OxEUOAj7;=ORKh!=+A z#Xs)3v0b^+c)yc|Fk~qsCaLmLS?EV_`R}hSD$kT&PkD|3>lCoM2r>o}1)p;s8Dj-t zhL^(fg>jt~?EK_DcKJyv{oc-}kg=!S$M~*}GbdRG>(WvIIn3naDQtS0{8?lV4m0D^ z9b;Ds7Y;|Kr{mMT+k9$?m~woXPL+X^R!Q1IM0+cA+@Spr4*m|l5_}#-c7Abig;Y|b!pH4_j$Ksmk9maK zPNPDsU|e(CBvd;)6RLs+fOb%~kFXlCS=>EpaA~};I5SL+m3E8Eb6v-kn4at1QT#+K z+Z>^r24A=XSaCu|F=mWoMQ7>rY#JwoL&=Jz9AmR2a6;!!Q)%*_^0diwaGG&U@D^Le zeC^;CWN>T8<~`hd%9PLLj-HZiY+?9VhHIwrDdM?Y9Cxa{L-J=cCRrw)d_#_l&a7G= zO&LEr;>3?8%$%JbA7+#Gba=3raww_%s9Rl1Q0?}#zFxi@0Wq(kpiRid33@`)pR9Iu zX^|l!+=E7@7I^UPHABc|Oh&Jv&*5uxR<(i2+shg2vC!)s(a#0pIM0S-T^joOOnjo> zMVBi{af{u+`1kgQvc+gFF`vJaK!<4ap||HsDk1otW6s}C;25`pj!pjH!o7$r>mz-c zEkTysmHu*2UpBSreU;xC{{P8atZlOut{mJFU15pPH>|~^)+4s5Dyp-)WHfcatS}nZ zc8{E9l87UT+e@P1XV2jZ(p@|S+RJw)iZ~OE^P;=wu!|77>8WfoWA1ZdR}zDOa3ym1 zsq|^-rkLQS+dzlUQlCb1dO=PqlEffM0o!9M3T{=B;?!{m9xW-7V{HiU-L1Z(3E|1k?+!(vu75lgd_V`zId6jnh+J1@;UY8r(f2Dt3U+?a|u18sC zyd#Z>g`Bgj$k#?gpB1j;xQ_{I6(3)vcJZ7c-8aRg<}0^(`*wLn9q*spkaIhXDX3U6 zDoH8NVMbv^S+xnK4fUpO;SC98dFMEh<=EOO$S)z_W0Vja>bO6$ywxEJ?RH(Frw%dP zDj~L+v>L_foR%Y*T;?VcUUf0v{7=B?+(GX2^vI*SM7_^%kdSx?2%=&tV=OroRNO4^ z$8%dzJ)D2_is1d*bXOk8E1CRtqeh&l8nc`GB^&i+S`CgL=eb_g+fr0}lNCw{u4SBSvPpGchpb$iWJiOYp+w9mf5z4`^u_ zvi+)*24nF>Lh|TWGwCXr|ZRZq)5(rhRaT;z`3j0Bl&Mji=;=NB?lA6Gv z%auAtFV|W3hryZ)lPdJOPC0rBUySXrWj{8V%S< z%Ry)xK$@0z}| zWAelw$dh<5{Z#14Cp_u6PdyMf{!8gnPj1Iw`)>P&ryi&`>DzDK_q1o0ll((%fB1c6 ze{0=|zZmaKn+okc@ZM8n`uF$sW8z8a4t~1asnDVPJ(s_~r;k%V*_Nq4Hece9{!7pE zt8;n%iSNvsqe)Ml<9>hrJ2iGK_IrnkF=f1Vtvks-u_n3*4>rHeb@0EY46l01Uf z^N_ZP1^QzL8?c=mJ*q3?wNhN12d@^)SOpL7dD#gw;-fcWhhCvStm5jYj5A(u$5#cW z=~b1n!A96HLER`wcCZIuKqnWv=ornJF^nL8^&1a^$P0Ai5<-ka!Wygj z!*=eu53|aGI`Wm+JW;N)#vf39Wi$TLA%CflENHCor^+AL9V1M70x#`v=9fLl$n$}% z^1(lI2r(RT0=w|Ui$*d|RAoa;GZfLiU_ds^-f@DbadIjjC?5;0*Da|bMJ?A#YX@lZ zpc(n8>ACr>Hn1lblFt%`f&NrLsG*poL3KfIKBZ~k?p~_G+>tqKrAy1*EKQ4 zjetQ@uiVzlxaZ1{ey1$=69*WT9j46}4#$wQ*#uK|EHGb5w>{D+_;zw`eVNL>JYpO4 zj~nFA1_5RO1$iLD_T#g#rmX_oorl)L>!C=vT3U~U4Ts$2N^x)nTX*j-A+hsq0NIUi za8rHOf$tx$p&Bag!I$+oH2S-s?T@l>xV5%F1>s&2rZ>rJ-QDO7D9vZ^=Ar?OZB`#JDAa?K0!N^55SwXND-G!eRB=zfL0dni0%Am!wM_}GY}43>9q}b zaoN3%H(TaMOYe!mJE{po%9G5Z;&dvD z&cpdI(C)(GmzOmizRhkGa6xzl`wLZ=YpuZ4#TSV6Ll6%S;qofjh(k5|4yJ|;h&@|{ zRHhA!_Zu+!9BRYYm1VfOTYIqsANHcqIz5F~cP-dDIETeg>n|WWKQ+~Xd~p|6E>2-% z5CCnXwGf1Nhu^oLoYAT<+F!Ya)%)AEI%qfqg8c-X;CpTMKYxSwD{IHFvwaH6QR+2l z2Qx4nrXj4?^nMSAJ%oAn>q5AVt3ddwJqSy@=8-L^IH)(vA*2RHP&{!MBDzQ1b+uB1 zbeA|Kj{F*g%cC}u=Hj>C6EVilVZX^^Tn|?&N+_?o%|2iCL>Li<5bopR2;nN;U|ffe z0}!s%a7)o}1+JBQ)}6?a*Lpo%{y2wmO}VIGEPxxPwQz|JUv>H-3c^KPH>{@(YyEz& zUK|kPn?mzEQOR`McFP(6XY%b#gFrGj*Vq3?z-6wuepe%F z>l;Rx2wz>@TwVJgW##YbfWFql>i&k7>$awsrU|?oZ#X0F=@=rHG7PkKcMPU7>jbodheC{# zbznqCPjY#sZY8$diB&7*PEW%%mlT2JU2J`I`Um8ZSSgnB>~khh><0`f4T-2G(bXMp zzC|L=Fpyf9FXoXR$Gb|e*Y4yQk&Kqxe7=rkabzt|>wTw*_gEnDbZU(}$(o#|<`{jW zx7mwFm69O6T*d-1xM~ZmR+|G{=JS#;G7=KehP9LjT_ArS&|+XTN@g#yN(x~>rw62$ za4NFl4-@XJlL{px*Nvvzvh^w=94kN~tx{?cX^&4-hAP1c(oK^IJB^>hcxcue!+Wf# z)E#k2WDGVWs{Xc3YdqUfc>+l{6G%3k!aOD5oIJ`dz}%zgZ53m$EQOxMHi|} z974I?<2I7D2DBP@%aEM(060X%4KaX_+-z1V_>}c4wy)xTs$U_6E3b%@<_6-mKs>B= z@cDU*!Y=9JcHO8qn~a7?H$qvIC9T|xq-9;rQ(O8SLBdOUFvYeh8cXSP`-Bs!^{zl7 zpNQD*NXYl0+C?&$3gROA9r0}Pg*!&u)j;bJ6il&1Gi?*b%)g_dP5bY@0Iw#-XB(3_Xr*5x|n4|B)(N_v&6Iv>T4lg&=Ml4D9gpTEM>qnuiKk<>R~ zNmU?GP~f_G4Dn$B3itPL7ORo#=n`BnMPa6KgOTL?D+Gb}H~1TdjU?SKgR-nbL0JWI zi}oy_Zkn##=Anc|Bx>xO>pAE}g*|}MFZ(nN3IF zpZ&t^D&+c7oq|p5hTSC&92T$}N=T>1YXvNRd$-RH|H!8nb=2E3GhBE$Z&|(?zB2(f|18_9?~fI z!+Le?&NcY}0ofe3yVvXGiseWH=UW*hnRi6RI$^oJ-f*;>UWC*qdx(L< zsLQ0Svqu%)z*wg{*-=&+0i`ZM>4KSqWUw3xmV?1y+kf8U-;XPy=;vp=C6hX=q0Yqd zn9Z185}7MljuA40wKLl-vs?CU+8IH_5h5WqlD08EnC zGv5TPJ1DW;uoMFvnX$ClYo9s(*b$tO5!edE(~H73#OUdNZ>2AW(EB@d-v|`k$D<^< zL1Y%VaUtA<8O|95P+G^wtqW#o+Z+)JuNmyK&v3j@=5)eEoK$Gm*=?Zk56IOJuAjqe z;KJsj-C^JpeFi?{Hqh%b&@9yLC(!OD&`jj(C=jZ#wuDq~`}K|u{XB@%*0zr0t+|xr zo<~o9lFJwXJ3$@HD@E>oj4dp-Ke`O^JC#}4d4{=Pc;WwqzMwTS7%M1dnT$MH8P@Js zqwn!?QtcSqs#TTLeBv}%R`zG)a%#+ zKeFyMo1(qB>+O8i09tf|o5Z&3ewEq|>x8zLf$ zYt0Z6UW)fOatn+4M0y&%JxLx&*7a=WzEz$J^(s zwhXt6QRsYbFT!_iwh#6E1Qn6H&xO6!G`+|5+;iN9uT(|G&NwSzUGU|1o)F z!vFtwuBS6%YooeX|ohQ5nM-z9w+t<2~R=1mLNpP|X) zmJDRCG{NN3lNdlc`eB~1Kjl2!j% zM86}ix^yMv6^uqABn90;Uw6F=;aABKgq=)*^5Mw^QNPl@A>oNZrna?qM+z4DEN^Hv zxS#qZ(FOey=AjLTULKLWELM<60zAmfz$>jzkH^ku@WDtz!%BeEYf^ZT&pU)T0t*2c z_yEZc&L~(OmiU8Z4te%QCIt^tn87{heqbTIkwJnB^m{n}-OjCnv}Zn}9eIyTmT3fe zasKSd99ha0cQltmdf~)xa24fDP2+(iGA`^tM*t4pt{A;unM+H`T+>elk?nBHounN%&$hQyY&YoHe2&%W^yv^>mY%~|qOe4NRw1E8Akfg@T3LgH z8p8V(j8HLxzMNnMziV)&>TrD&h3lmamNk&5AfT+nU2zCs3q$B^?UGDm0lsQO2oyFk z@&#ne-$6^NaNVp!?%PKda-Uj2av9A1l8aD224MP|2BSoZ%8S9-1+Gg&1se4!q+?Z) zQpK#Qu0niQg-Z;Kewqihrr|e$#VtWHsNF&3WfoVccL7lh2~bv* zFa+>djZQ=PBbQH!ut{$eP}C?i4!Zb|_^|j(_t#kDb!b3kzk=l=*77Q|k6of*s&^3W z&lyGVcZPC=-oSOMD!WNxDNJJ9O0$)phuXq6eAUIbTB~eBZGIa*L{*U?nuqJ-b$+xn z?i9{RlBw${?4&*H;s7;i@9UK~cnXLvcKM)d?g+L?y0ZSa!ceBu5ZwnL%e z!Yx*#B>pPK)RFc|9RdD@+>b;83VV2WS=fWoj|Ak3ml$6q$yjojfXm_~TxwN3PbHv; z>9ntyRtZxCrq{m0=sp4EFG(yID;d4UZvfxO6u#sd6!Jq*@vDRb{8dLun8LA~Qwumu z)Pi;KDTBF(s!SEP=f1RMKjPxmXdE`;^y)X_vm~Zl!8T2ioGz!%ir&C<$1L5`RE(oc zmz7L>2&30iFw|7s7wD03FKDWxC>EX+1&`AB&C?siXtUG}RUt{^iux7;?@8)cc*h;~ z4%BN!W;DJ@?u2!1np?rGj2q2N&*Gyk$oAkBXxO0z(V^Ht4Lh{(6(iq>`?!L~;>E@k zcL;_mP+FvVOYiZn0kd2Xo}#G>;|2Kw0GI>)ZQ~ox%lckSOp)W?IL=8-d-UBxsR+$OXPz zk)`chD1J(CWD(0=E)*fB?IqzyA_@1E*I2>64vUzDmQk9`rDxbIT!wP@IKc0)jo)wL zuycQ(B)Ky;oPOyca)nD3%J`*U%34fNAWq&gP2jKyOsKrp;7Fbo*&>BAC?!bPJp;K# ze9Ku;w#&_XboyFy9pF$eEKB*0e=aX=Xaq8$C zMl(C`L*0twV%o#R1-M=mi_~@K6*N>FFV{E|F#C0&j|E-O#8xjb#SDHm*!h9;`<}Fw zo#k5-4!p%dL>S#7jf{~Z-OVUzq-!WCoj*E8qev*D8^*xVQW65AkrrWe_voI8*SGh@ zeQ}@XJkR+bzUQ3phr}_`RWocW=tC1^K;eA4pmigd+SII{JTHTDkLPI?yWZ6nyW*mz z$F&hNjQxfM&sQ~AvOZ0JLVQDP$okFh_JO1+!w3vxJ@r-U0O?PP_lTJOEGPH7U(`#c z!ao(s4t=&F1%3T#x#~^R0ga0{=C`G-_xd_wRT)G@D`PqnlM4*px&vZC2^V3|-&|1m zI^8pzrC#TtU8)WlN<&d7vok*!3fY)r*tu;J?5kV)+9n=KnmKU*ePf;Uh$P>IABBBe z{ryGFhJVKhEe*(6cZNH2WKqpFcJ*8UhU{TFQ8i%cp0Q}# zDSs7m;4h0udIY{aqKL=79bWpe>-8hIABo?ZhtP2qRUj^vvhqzn`{pIWVF6@crFO5X z?au?)QmdUN#ZNPs2(E~=UT4l1AKJD}dW_@sixxIT|N%-otA1_h+ z8Fxpwr$ARMBOsQ0v2}lwY5hn0I{_mlEL#wByv``sp5i}xSq)a4z^O8_Bfmbuy}gD) z3e;2tP$w#3nM`~GUQMga8KC;RWQ{JYHDhlOeb5D)(XEck^>F#%xq@P(9}QkVD}KXBp46Uc@9vC=2S#zT{R( zRzq1Rzp2M}>e}tEC_{PnXTTRF_)$_~-bgej7!I*Cf82j%&bBsFqJwe?8nna9SEX}^ z0Pe%oG?IJu}_5zPQD>wOmet%wyg{>1NX)oswQXNmKX z%=_vCekvf_xZBuNB6SAHrFnZxCGLn4dA?~@FI1+L-!1M;h%uCeTva^X(<9g-{_Hj5 z5P9STJ8E2OdiG)gv)At5t1%@iUmdJ$RoZiS7(T&1NyemtA0ua{*2v!yO(HUqqb9KT{kxMdpgj&iLo5I5sT5p*KR~-8x8~)uc2@WUt85p^rA5&zJos3ZYzHzE6o=e8wOP8Dhawlh%g@q-$@Vxta`T=E$zONed z-loRPYY@j2d<^w~7-N`d21%`Dxo}b;F7NS8&#xhI-MVo_Y|Md+T<3E~9Cww*8{#ej z2a2`$AZQ3Tp51kKq2I4i7A zk!$0t%qnD%P~5Zo8i&wR6M3iQO2uptr0N72hPiUyh7wCq58}1sJou=e0NYCI+gGS;+UU{0qz%KCMS>Z>W zCZy@b{G_uoo&WOGziJ*a05Z7Nt;j5hPfnO#J}?4FJejDq8qun?y1Kgw(`dW=Z6$E1 zH3ew0FSdJ$Jj|jaA^FXdTnidU2wZl&a5hLJJ&SduPF+>PBx*O zdl*-g@TbNs2Rw)zNl$P_l&d=W6gJx~c@AiJKW_-ESoyr^XXO?zhj+WAj}RRAC|W{D zME&&IkSlp~`s4!~m29aJKQvUHHi`Vtsa7Vjp}?P+~2^c zvv8bqGaJ+A^rH*y^Z`%q6y=-qRP*F>UO|XXMEk@xP_jKt=u1@ZAl=E^W@udq<$UE>w%eVW#LB7 zKhFvxp{@=pJtZt|l&-nCJ;f&FUnB)m7ig#K^c&so7_ z_Njhue{?Uc+kBqDk@It825^MIKLe6XA*9B!PTzF?j*->K1+`UwQYhd5tgjX(WW0>7 z+)Oobr+|A5ld`@i!M-<9a>Jh*EC1C+al~A(^>u$~7( z*5tj-{V8`oL$2UQ2j&6{E8LnVOEx{MySZh9!d>z|!v;?>5h8`}Q>W1Na{(r+M6!nw)0#~dG-OHS0 zHQ%&AehIu>W<;o}e?XFdi#A-FFmjg4j7II?MS2TBB0!6xK&H>jtt8?b~t( zUK_VqfJFR-eEW>j2i^@vpBo_UI1HAaA;`orwOpIV)*{v&DJH5^pOZC zMWkHa%{S=7;B?z;Trk|wd>OqW9!f*P1Ch@xd%mZ>=S1I4;$AgMdaP(Abh^|z#4o7s2?{2Z7{hUU!9PB3}0d zZi_>PLU_SOx>KeEz~WEW?%Z4RqA9H z`>uQ1B?*Y41i%x-{$0CBv}6dVoJ%g6OE5ZyPs}B>3T)1WwuwKP7$cp%ejM5|C_5$S zwfLH1QM*GF5HZ`uQ4*bUtsRq7jHLh=3Z3rLeY>^5?E^t6=MI`Q1 ze`~^r7egla5PRgHes$w&oQwZ;A-?O?F`E+FaMjkBGhL)ZW9^2$g4=<~DE)wd7A~Aj zSsaNrD0xte;r^0?g9nH{L^1;pkfgx(aXRS>8uG;(F_MyarTY%8CNxlL<3-*fKIQk% z!L49uWN|uM-WZjdfgtfz_KPfrSfwdrfi;UlI^R6624L#2=tLmF(q}A5{MqvgQje|1 zR>5`BO;VJEJ@^Z4t9Fgu1tD%--MB3js!V9}qHGza&!pLv$|c_nyoi^Uu(=RCY55oBv>v8=NAhXQI^)p}Lz;^fiDeZ}ZFdIq|Gj z(-p69SizBX44qNV4vcCrmhlh8&Cvmp@=Z=IjfAeTH${H0yOJQZf5q;+4Y(6kkFys1iqJ5x549s(rJsosbIItEv6f-$V(;Wm3{DJ#*09%zH=} zd1o3I*8hz6KCoG)#@0nFvI^zj zotF|uOAy7B0tk)7TJMr*(1R~w(qIuv*#=TwTj^Hfo5LPveNTqeQBNhGQ?d=pyv2!~ zHFz`O*t#f?adq9tJi?cJ^)+tbpHlLR_Tm)N9$>m7M>KAkr*CS0SESDud|$3VAL&N< zRo5^Nt`WpG-^~-dw{^E3Xs&G{hLvQh|6O40xX5I_K6B=DN>;SAiv8Lz47M5Xes{oN z;rZ`}aX4;G!|PKQUgF+N^Q>XfBJs{*)NbtdjkJ-%NqC%9bIYUL+*(sm1|Rhg*s#-i Yb||Ru|7j0Ag@4H>AhQ`bW{+_G2Qa-x+yDRo literal 0 HcmV?d00001 diff --git a/test/condensed-downloads/linuxptp_2.0-3_x86_64.ipk.tar.gz b/test/condensed-downloads/linuxptp_2.0-3_x86_64.ipk.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..780f447e41d0927dbc2d563c5eb0f52be6ce0d5d GIT binary patch literal 36280 zcmV)CK*GNtiwFn-00002|7>Y)b$D=ea9=VmFfB7*csMp+HZ(42aBD7fVR8WMy=y}n z$<{W!pZED>{fbToBF00&sG}q%bO3E8s6;R^F&RW?4v|ynZqXR?{Pp)*tE!KHF|+r~ zo_lUh3Yt1~9apWYTI*VlHF{#5b^1@*W6Q4fhSj>={nvl^FNwd6wKe|6U-bKFYQuY$ z{;AZj8>xS3$$$L?e-5fW!t4L_zw__^<%>K2-~ahP|5xB!l;Rn7Pr9A6C*8(!&#}78 zmzx{ajkOhPu#ys5CL<8ms@JQQ^r?3G9a~hJ_!8CX$ZT~i+Z_JEDX0z3& zD@jp$bj8)w-|27lBfWA|HbgFFq{R4_jM(lz5#M53iata)mJ}6yuWv1h^+!u09?J;Z z%9CG8lS7glfYYb&6KQ|893OYOQ}2 zjjJLhMy6$sF3g5@QR_P9g7Pj^O4>zgNju7wmN@l!2lX8^HS@yk+uji%&gxIRZuR!pt=|5+&E)EeUPhVncH12FP5Xy0oswem)l(wfTHhyL0(v_l znxi|`ern2DZ80_SM8ULWo5tcdITSUm(Xnc07^*aC`}|~&YJIEMvBLus2`{Ei6~q`c z?Qv~nY8U3n!n6uZnRX{VO55oRmzcb!=IUyVfoWk_+giJZ@ozc9;b3I*#OV+E%MBAm z#;MyhH_C;B?5^>yQm*KGr4^BrQ>`&V*yxXE6Z)wUeKZ@Q?u9pRUVQL*&R#i;IIlJQKYu82%YQ7cG zH^+B)`zpxmzwZD3R)3Dm{|(#qRqM+7Gv0AK|F^cbx}J*if61ro_x#^q&i~Ei`_^9B z&Vpzj)kLPRM>xP9*7HGK)aBR6l;6#fY5oV8!%lyr)@Y2XSQjKeSF_A|ZzwKmmf{yd zc8Ek1hu3U&9jhH>C_7l@szV!$BQj_>L(v=z&Aw=YEwsdi)mPElh|!(oKFQk>byVrR z+9C?qGX99UoUq-e}*oUWjS-;jF zSY6Y^?>4Bgpk+x62jHE0W{;WxleIf&2_$KE`4il*iGmFWV_{kKTEB_Ts9!WkgPvlU zQGd7nkhnfT3>2f&q!yNmZLs5=R=+0M>$)mRt?`-bEm>|P8Fm^G&YSxN`8xe>r+?0G z!Y`K}w@3D%A-|li{O*d;z@cUg^XfEg+yXT%(>xbVl)*CHcI;z>+``FIg?m;j%*?;g zMFK7fw+WYlGvG>a$8e``ZMY%aC7kvW@!^tin{XL81Fi&j40j6Gh8x0NQaEM=Z5D*P zTlf}RGK7tdK`yolmxH6{1o;*5@SI`@qmCzo{kM-_i|y=du|E6_n}-toN@6|jKTm!e z;&<#x#CpDf9~qrK#QHfrb__gkrsxAMM-Mq{KZaB)eC%e7Epahth&RW0cvHg1u7M9X zMox@3Tk=;W)@Cn}d)5=i)+=Fb(r?saL4N1g=ER(x52S5nTEZR};>IY7n@fBn;0C$e z98&~**z^R3yi@DfwO8QkOdps2u1nr>$Tc{Nc z8?wjS;q4Rk#2$A=K^&EJ@vIv|yC-fjkl zc>CNDrKPR%lDJf*7S6m;&!Yp&&qaQ?Xe^-)R>lyo(Vbga^v1Q36W7mEV(U6*i!3@J zA#>)!6*zC5^S*3w)l%X**;1o~+(Y3U>B8Bh$|tB99^v5;50&d=jw4Wl>yjakk_D09 z(6@yCEQgBjqp>$yVoP5Wdu#B`zbK0O@tzE&5aZczXyrDwDUXq!O%#yVsUbebP7A_q z0(wg>c9{~f_YR73>2_+MS?r?GS&E4)+VtW5KunMxuOrl z{h1&qDKy%Kl4gVr623n7NX%hwQ-Irw#^L}p0E5$5e2v1=s8BAC?$P#reqB^f=Lhr(7mwYx-LOVedAaRLG5!=n- zL%v3H)-j$Q%VEojk+2wDaZpf0NP?IWZ=5~1E70C(vU1YqK9kMi4+UEFf|Nm#T6;4v zQ>pnWGtJocX02R*42;p0^jC1Ix_G&FE_RQL3*u|SdDH}PG(`N>SF!x!Yv^n-qrI(X zL?)U49iN-~_>^TV&dIXb)W_>oSA&Qke?M?3g|IMcU3b0O6xZ8L@x6wL`8f}o`Oye= zTiK72rN-MV`U8>z)$nrm%KQ?ZwH)CYX5+ZTBpE9~vQ)v!mC=%2D)wXg++3tjV+o(x zk{W_GdM%T9(93Z9kKw(G)n$xX@U9Ie##r1fiQQpS*uOMIC9aLd`*)X3@gAfgtG@k} zBdZO*V4CL)@ipyWEPhZ$Ej`3=TBfd`ST{tF&{{g07jI0+wLmo$tz#J4Jq$p5;aeX4 z{B1>iT5AgDA;#V^kwc7Q(Bu3D7HJI8BlP$V^4LiRdS3gav-6fHVGl7#Q88;SNXqGb zWl*E@jE(osGv!kBi$9n6Gs&N8{JB}8dH#`js}D5(k1_n+)!bQR@Qat%$f$ubZ-ICHD6b+)-fK1^9N(t9x-?=*UOQ9BFT)kW5TY2T-V~=E z)--%z-hbmA$0fcmi(&(f;dThItA3k@coJIah%FqguxQSxMR%raI!G`hgubs?U zfK_O?i#XSMlQ%=OJIe9>41H%(;<3@W6c%Px+(}Sy0zKN%HTsw~B0vZ27b$Ty@2&60 z?=*3|iypVAQ)hc1LJEG~Wx5A*{Kj9W)&UT!WHjR}HyF zZ@^(k5+vQodc8R{=J-Q%n*-st!Ai>)(M!1JcTpODZXG3j?)=W4^pjeBR}Ek$NsBFy z6v@e(N9DmUrY7hPO;6_mR-+fP;p}B(Q&B@^m$tTUpU|*=Ea$BpBTI0PiPxv`o?{R1 zp@GR<2~F4l5h!vYkH3IDhI4L+z0-q*;<>72u|mDaBDResY&W!Daegy+7EP%O&p$db zSfI)9h}eCei(dVn@KUGhH>CQx>;+Zug;3k&=b-mgl^4kDIRc*Nc>m82ANe3a(`jDQ zdo=j?)7jfDcofeNr>N%;E{pAKnWz-i`IpH$XPyO8%89UJ^rQ9UJ)hd|?HYx;*c{kY zfjyrm$s{f#%#Ym*ziuwGDTflVOYfbhs!7O6G7t}}g-`i2UE(Gx;@vteg&8W?8Wsd9 z$oGYU7`eF+-LbJsj8ihlHmJ?_c|_Py5o~Nm7gBnVx1$x=`K7oertSSA0qnJeyjIZ5 zT4c}bJTyEW#P{7U-f+nF;~OuOW6xuI()}jZ^WWsYwL-+YNOTxAq`DgRuhh#Wu~3Yi ziiHXtDK* zxTV$GwSEiHEgQ*&y2(cBnqA`yIH!N!AB_8&iZ8OogY4_-VO}p*3VV6s2FpUkEiRFN zqmCDZ@Ahh1$;gT)4fEp3&>qGcqF(D$Ae}+G$z@*ZmaW$KOjiJ+n6$U2*wqvS@U|D~9cQAhw$cDsD}B%R7ALQ$^3@BxeND%qe@oArcpEK zH#;q7M0cdMCf#rHc;P{%hM4FNG;83D>gJM?o1n;eWldf_H_T?u>DsEhdU))R;6<-S zcOlXjaW7B?8VpN#fn^T|eaghT>ep9RRzxr^4<4E+S4-Ns)}fbC6chpjaB6_vro2!) z%C0>^)?ZB#Dk+U8KTuw9Osh(;9Kt&942LqDMONA>l2z-uql~WEG2CliE|zK?nxmcS za5SKn#G7i}Dq7jH$(JTrYvlO^=g@rIn&(+GzucMUmz|mLZkR*#5_+StqM=!9mPs-$ z+WfLLuXT_IUc92NH{`79cKRceu2Y6qn`ZPyt=nnH8K=>$1JQzJXJpw`Bpz1n_Q99mGluSNbw<`Cq7aw5`zqIDV= zDIJmmvIaDMYD(gOX9}3iTHmR4C(B%C0j6)%6Q59$F40ywm=a+My@1FKj{Hd#L5e1_=ZB@5W zMVi`46J$jdE>usA0uUvyoeVqQi9-MR-mQLW|_iZW`(2Q86W;r89vPWn#Itw5hw8f*AHhQ2Eq@6`Yz%mjn~cxPi=>5NS+BcFdxeE5e8`aZ| zbTe(G^XXE$kS?cp(ue8&^g+6q-b;7VPI}x=Uw%z@({{S|<)SSnNUNq+ursWkolEc- z;||t^5bbkm#>$k`=rpxFG1XM#tOvf4a&(u|6%nLXUZ`Z>@J`2~jsyWicFPA5ZpR8nDI)2_EEh?x+I zq8NFa?j-NXT}wO|C}BLg)$M|U>P`L=FQ4+CcoAqU=Kp!X`dgmJUI>NoBLt|KOiT1B zl8PyGbO*&#dO$3(iM|OC6cW4gBigrE{Zr{SnKUsc{ir}(*{6LtD_Pe;#HH_OO$AK7?^k3%Me-cv&8nELU?ml zCE0VEw;!Vml8R!_vsz7&;z z5^iDvIi{1J&jNTR^!N3P*D6(p6Q?`wH?hWkoXbpS68$> zMOZ<(XsWR7AO?Ap1B4Fgu-H;y^FDyU`&rE^D-o8AwZk}Om-p;3Fgn;scV`V2@{R$#pQwO#=@SoS(Vhv-=%`S zR6SxW{L$U90^8B0;C7S(CCla=Ecwa&T0~whv#fEISSNxf`Lu*y)LyNNI6d>O3HqV- z|4|};WXm?2I<#evQ9Fg&ZKB>ks@~n|boYudmsItX1qOXnE|)YtXeToqVA#^A;)UFm zd5@?VI795J8tOd7%OWgG-yz10cE5Qy?ml};w*fAZN(rn9TAPhNy~0%BAf3n{{19h(G53yngT8?kLKA#czeT4)G|j0W<$goV#g|h_n)FOh%mV1`THDb?&uUdY zen8SSH%TO@)9Md+q|6BS4!==E8r;ldVaW1`73KH)Sy9U6i~4&o%WwS0aw+&+-8m>0 z58hReNC1R(|ev?T5y;z#Y<~28eJ{9L%~<1xiW3;6f6!^lD~E@D@Y578mYzvAA`W| zbZNKU7!X}!vc%)b($FwdyoggPBSecowxnyf9f}7}t#6tQOG`;w=tp7BHQTLWfermp zQW>b%>!9h_XM_ST71v&-mT43Rt+yagwLV>jAWZ2d9oh8*xexUcHh2TEkk0~QGJ_Bb@|NsKxJp%)d+cbNTxyZ_R1IqRE!rm{ zc{Ui8FsfLat-@zyTHFCa&en#JqNsOt zn!K3tE^?v_sUKkEizP94B1hjRS|jI3NzC&A4I@4g18s?lx};_Ia!WMkvIl#Z@i{S< z9rSuNI+~)Tl9Ud3)7ZBmccT}ttvbwkDn;lax z7CG_{BbE*i_6p@}FdnForfR2-u)Hf+dsuDoZl>;Cumt?5bHFc5Mp+F-Q7V+~JuYUa z=4mvl7kV0qJfVo>MpO}9Kh}$pI+leUw0QnFSQ8a`P^EJse!+fuN;p#ID@Ntupg27c zSsU;4TrSi>Ppm8JNu8+e6YL|O#H}ap<|HyJ)t-=*VS*VD2}=L?L#YA zVBAC%b!Uu8Dn@WzpaT(H&KL99N)>ggzB$Std4CjzMJ%}R(PK$yOYkfctr`S#i6=jAsazDQ7Bb0?yGzGy;u3evQa3_peKmu(WYwg z;Gi^{;vMFX%K7MInw3?h5}J}dK1=zG-GNJyW+g1_1k*VUj6}ODR#(?nk}Ii|)asUc z#;@eBqG8pCRXK9_QFU!VeuEevsVbiAIDP2Xc3a zvK$9n9xX)wf=<_OEd*`)3fNG4CtBoDB;17MRnJe8B@KSA%={rgxjf79dRm)t$Px_v znZv`MOy+Ph=Vz0#09f2~_t@YN8eM`=*eziHIpO){s4&GBjMSdkKiJQU(!sm@A-1)J z{X(UH?d*rV$mMx!Tgm6D`F;Hrc*meuu27bKJ38hFcCLB-(EF9kS3r>Q6GXd`$Iom5 zM1H@Te@mO=H%EBE4yILw{D`(69D#ZtmkMB4y^S@fUp8MTRVE_PUfno6*e`sL8SpEy z`7Wb2Y6mSB1iYWBQw7UhDxyTe6Qi_<_Ue$@g>fIKnH_8j59!QdXjkOIF2MgdJ+o?$2P{@2&PXY^HoB_H zrRDP(78Jf&sWzQqmG=B1v=tTpt~DghBcF)}6xv5!kaV9sa-m|WrNZ@b$EY#7N5;x10SBM05OKNp-gNdw6gtdBVmnzyUumGJ}x5{lAl8@>RTDlr3?qvY^ z?REORfj%_9M7&FlDgJ~r6Z{<%rQ&;ngMRlaBvnOM?@erPosl_mH=ZJVp5N>AtL~1T z4~kUrXYBF?buJCqYHxt*4o2iL9*oZYmSc6ah_Kj|Aek`T# zoikI9wx-MAO+PeK8O=O9b1%AQoW-e;mhzrf@ib^SbvvgHRQa|guyG9T5b5NABsp@J z-c#i8Sip$8Ix4a!#c=#NLj4q>Om-auyT+3W?QWXFKMRW77)(mW+7>E79gmGZYh4D; z_^0h}JPtF!E(N6l-D|)u;bip1v|B;Xld9ivCHO)@g61gLrVc8o#93XDLU7iHSeVM$ zL##1aM#S@rj3{FXs229CSQ4vm4~ke{iur1}a&V~c<^^eYVg1QhW(NmWPx>hr!{Whi z_*a#4VZU5nEtq;muaYN~B71arh;=gTS<)x{Xl0~RiBkTsQplGh2@VSfhlR@fl=rkM zatC{QK~vBlm>T6X(IrxPS%W0<#4 zd&A)Sr$^Y=_ihWO7roBEza_?GBkq?~zshEx7!KS-hlM@;@O@Qv9;c*CiMKi`SNBWY zxWOhv$_jWC4%Mhsdw$y@B+ zh*jG^qKzDT$=0sYi{(s^{G{)3v@bVa`}y4iOe$ve0$t<=PmF*_z_jk4K7KqdH{5}W z$(!C`;dYZVnl6j>@>xUQFO>JZM%e>d@h_Od%@fLnI_(~+>rco3`ZKU!e~kZ?T2HP0 zI)VSSk-W$M`pfaZPR}yzX5xVTg~(q&f$$Z=^`a|)eq#dOYXaCS4C!?nj#sAzK8*OJ zAeI+cLJ54;X_>vDeMRATCcY1B+4%&Vm!)1*=TFL02@=tP^-ORth2u37z6%^?1j7p( z7rbEP!gx&s@S2X?^&f=nQh>V(x$Ec9x_nL2qq2}tJqE^|y)NF^=c4VrDT*(4QCv7_ zL#&?+B~%Qd@fKq-e6JJGz&e54tQW=HaYiiKG4VZT)Wt8yQ*n41L`v_6L8P`*T>(~* zRJ%!)vmj29m~gLrxDGJ&PYsbSWrPN|l#7WYe2?K+v2%OAB_3BYVju1^96=S>1iT}a zFf**}Ym;JnMXK48&n9U}YQ_SiV-P}3ho3631U`R1$|%GQ8wrwcGYn|)`fbL8XVFCm zzw7{Di;6sYml5l5Z{Nw1x_D$RxKrv5-~k)&GvYV6=^z5XBg6v|7~;q6U;-3<2A}{1 z%>Wfx`~Vgmj=%*>eE%%~298fMw}K3ue$3njXy75D5!gWXVPZdo#!NVT_ z!fI7A9vD`t1{zk&1VFK#6?{;ve-Hj*`=u_{W4f3F$Fcpj5XO1gzA_l=o8+Kr z+6A<%(hY?Od+|L4%Z`v<@nA$Trf6wu&!wWu3vGE>JE=>VnNPx1Uvd9T1=g)e4Hfks zSC`S1dH6Yvtv{$-_2zDAJO!>lUl~hN&4wp=5PjwONQqsrGY%cCS}R(%*7qX03fF!H zRPZws*_w5SuIXKQ-4(5@^z5j-tc_B`+vIrCNUoa?A+=_AP-9IZmOoW;TPs5Lgm$8o z^*+hpq!7d-C7}-HWm|Wo5dVZqD+_A`|5|}O1nJs+*0ks96)!Ybi^zM+*_Eriu1OX5 zli~2}ldGra#r0K*++v}=q#$g$Vs|PVDiYYmP?6m0Q_4swouNt*Z7W2p4MP%!jgB=W zrF=E$>vZGL>2^qm%r8Z!NyY?JPid{rh1sVfu)1xa+RRO(6Ya6d8Ww6~w9#J#%Ruv* zP#Gei4nC!zqRVou5EmORjCZ4KiJ*U4u#}OjTr^D^OG}`&7i2upl@@k8Qcs~<8}%&d zZ(d>}L>jySqX=}@)Hl0UD5Xpa?!7Z;bn2R9^f`*94V|vVVXj`55;axV3L4*xPgWkJ zia?HgLyyS$YPGDy|AX|kAq8Z}*ATM^Z{Q!T?aXri0>2JY5Ug(HNECByDi zu8AV>n!`n)X_0mt&C(b~T5~T2{N|I6p`5ClMU(_h|P zwEtvu75QqJiKNteUrPF>bjTex|izu?@4vtLl*qkAPfEy zIqo~F#E^L3auxg%+;4DIxEr__xzmhz0(XDW`nSLT?bZLRcl^NqQ}WlRYmxik5F1c4?uvib6x7ccfePAv3fvL@oQbC&ns@qvS*K}+oc@3Xr~j<& zCbq&l?Mm1kay~}Av}aObV@Tf$Is?g9_!@&ChNY3DTrANN&PrZ|n%i@l7#mHp<|3~5TOy0-*Bd!?=)6SyUI!Ny>rlnlpU2O6D)9 zGALO=)D09X(-LJAO|O&;k=-td>~pwhrJQ)3PKn3mjCh>g6xXLMeD8?YFW|p#AVo=7 zhlpft(T}&{dfVV^UZ-;+yZKJMD^b>S7p$&ZKbTs5yziCawE-DK;dam~WHAHXMYmzym zB>lp@U6Oy-F3E47GWTXj{$#Tw|2Z2W%YTK9kmY+DAz1x%QAyrrBV?Q*Dv=A(y3#I%d_J#jCRbOU!gtN} zJ<62`Tw%=b}GUdG#(2pzVstPVyq-*%Qp142CSa>2YHU3H)WO5-3E zF%raeKyX;8TZ^QOC>eV}L8amVFdGF$bZ8?P(roZw;|4{QYPD(kAYN3@k>UjrKEo(+ z2=ug@Cm`eyDCcvD5!J)Mbq*I+saqe_=$JlGkYHBzA_-(orxbm4c4_>` zxAYIXXO_}9)2*ohmT~}12e6F0L6ZQM95fxkl7prLSaQ&G080*<4q)k}ngp=)I>1wi z*Fsc*+s{*x*Fw{k!=&D|7M+V6=4;VwAu5IPgca$v30mTnYlbepHoYBYH3IynDc)<* zhF0->?QxA455A8YgiuS>`?~Z(g?7T?U)rH2RF?_HHPAgD_cZqEII1& zs@+~-#(I@%^{AAu5K!nh2(@=G3RCj#w4|X)GapZ;Ho7Dhq-IdBL>M!Ddj_Fu^=8f$ zgwIf^*Z!ha;}$g8nbYys33=<3)NY%Uw@%AjC+4kFGdMYeD)2mLXDl>wfuSvmtw?<| za5{tz_YK$3G)H^UMb8_@Q!shlj-}w~$WC6rN8osZ!-7&XhR&Xgsx&cbW`O*-sTF5E z!3szM7J(3;CY%k)OEsAZ$~ztUL7UMyT)0`%UE1s><5EwcMQBqRk>3zTkkBTYLsIH6 z_JTIqW0(pd+R0t3#^w+MIyU5X>xDU%I zFE2A94M*R{$}Q$H;u&0iN4j5?ySGpB2kn#G+vvEr(Q$91eNleXneNuWbEyFro1$n9sO3opEnE2%F5Hj3!NHkne1h85BCpWXANch|L6! zbeqYH*%8=e#_V9%WX9|mla2TzlNsDZVUro0GHfz~8uyQz%;2sGnSLOj=_WHMWTwds zH(A(Z2Kh!zW{_9VWCqWKpvesKxW!~fFnD4F+-@@Cmht0pwc!p_Ox^Sj3%8q`(P5Jr zZllaHnK9A&cQu*eB+z#*<-i5~!n{DfHvq$WU*pMVt!S(!j1ar2-B6@19uu}0i}l4oLn zzz~J2Fl^81q<1Mb!&z}{iIfDF#C$~;8*r~lXY+YVyu){$p5g3mgAo(7qmWJ_O`eq~ zI0e1rLNmnWf}=IX>sWJZFE(OLSKFen(Tnkxcs;kdH#b@vKM|wH<9JgblCLB0t3V!m zih=yT@n=K4N=p^U?6IpjXKa0v*?$kDd|lWQ&Z4Jm?qgBttSxCjmP)n+%aB%;O0kbr zPPAhg@anN)OMHyAS+Bpydgn>!k*G-}@q$Ra)x|ToeYhH&4Ht{KI2i#IST3cn+rB|h zD=m>F#oDyeR^EsE2=}Y8CF&bejr%Ccfm^I``1&`cin*7=!zZLY`Wy^4@UZs{ALeIt z+(uIdy?%=i`IP1-UF6qwalUDYdP<*x&6WP@!DWRhoNSl9Bq5h~`M4#-4 z>tp1O)cMB|mrL@)&k*mn46&PsdyD5cM#v&cph+ZhiYBtldl+g(R}Wn? z*cwW9xhU!n+2%+Q?S&%5N20ujDz7z#{cJ4kd8%v?m1>Gzs?<0y9JBbW8{_sWQ~hl2 zKCK{jj|<{m38N$I{o-0@cpLErP8+A_(=z!JEI)mZKGNq!uDL8S_S#rz_R?59#IMVT zgkUp)L6B(3A;wD13KOLgdt`XkrwER2h?RF32I%QDeXkp$^-gC*9y@O^gad_TF-)wq z)I~01*8WBqF6jQ>UNyzxZ-yu#U1_N)wvKgi3U>o%KbK0S*QFL0B;f*apx4T_9ngMt zRcwQLu^iwb8#tuE8pd^@@YVOaD8U_{gi#5IhA?^p`tRwtn6MLL(L=mTxcCQMq(8_3 z{t@3DGAh|BiW{dWwsJ8>vROXS#pdFx2}d+3@e%PK=Edb14UYslvXPSzPZ2Z2rLl?Sgx5*aLgLgKE$1kJ$n6e~JGrQif1DQPxCQAndaG4ZUhAgY{{GfqH%W%7e~MAzLkr<`a#$=o^=b?vc*o- z2bwY#2cp=)Og9!^Gir~A&G5${g)*o5AA%L4bRlS=-BW!QywGO^5iZIyzFn9helPp~ zB;3%qw?7Lvv{chwKYHs9eolcNq9B4FIzw;}g6KPb-v&dpL~}j@MYMQ^aSRuNB>Hlu zd$2^`@%#g5qE~f&3Ovyfd{5yfV2W?Mef*j1)s98t93-l%|54y1&Df4GCI)8UO8P5UZe6_GJIA6@ zTo7Lq&ZDLn_H=RazzC5Pqke$aeun}Z3kM1AJ9x2smrN0%uZwR^232zSg+`q)M|P8V z(*b7FJN)>r8TF3@t|P|{2xeUr#~IPT$OyvS$R_OgZ*B(eM7T5DlhN0I7V;@E&~Jx* zS{ZuW*E>9h;GYI6jBSFAOS(k#nEwL)DOsw370M*Piw*oFE~E5CMUG#87dBB3Z2-#P zAW{!g6#J4dIuEn>>l9zORuy zKL0hqt34i}TjA`SA-<*^%;O*k#l= zhPNDs`$3|j8rSI5u8sDDJHt?T^;-(%H`r0JZ=Qs4uu|gLUdQEy1NCJl4}8Za+jHxP z?`lW|IPcgR)hCR7L;Qh5{2%k_DhP^2 zw*qr~Z9Eg2(B8v>$S;9|U(?k$3LTSS8c68gLs0CoK0%jlu-_&4kKpVA8t*r3Is*8+CG9&fyehX!8e_NXgq2K zi*g)c1nh?+VLu&t04UUrg#2S)$>-*lYQzVI+foWB4!i9K&t%xZVA!|jR%vQnM&7Xx z(S(jf`r?+J@3ZF(F}&3IH!Y_2Twn|6 z=W+wyg#fLx55S&dXPiX`W}oQ13(VpL*>&s)x6!GIoEY0X!v26()N(vZsmj_F;$7*} zvEkhP1WyHavV3PqaC0TgcCG0OJ?#Ml+v#kL5#tm47iyxwXq=!r+-%s;+1Rg~ugN(p zry>|l4Dxxn0$gx$rZ8Hd&%Y9*MhJenJ=$^QikzJ@HdNC;r*_NHoO;f9nf4Am3gBWl zGTgWnOZz^n@Puj|@_t1YcU@sYY#MOOG7C z1HX2PVh5A>L6hp1+oNRsxKrSK3)FT-QT(RiXoCZ2Lv1ct{QOd039v7B{UMhM+LoS!Gh6m;K z$l&pOjU^*XL*X0R1~02chRb!*#x^!%+m8f&Z_0-y_Q)-EV_Y&i2%+PS z=dtJx!dp7??pCNNj@FvF(E3nwtoE<^L)2gU*8e!(!Oa<-;dyp zxd^4pF{N{KjNc1vLCO+*^B)eHsa3&-6YyUeYjpp)5Ers5=YZ!kEtWY{U_$T9q z9>3GX@oqxh8{`vweBjZJ?^?^>>qambZLl2rGit=9C2fI9kb)LT$`LVxx(Gx+j&ad-QI$TGP`SX3~^uQx7Aj}24QnDhW9$}W9jz7Q!`u7=Jgx?L`vpxHck+wUR-kBSH89QRs z8lTez%sVkU8CS*V&G<-+cE_(>tjQo^>vmfc+bQjjBe(wPsI7kmVrwfYlVmfF8-1)9 zfkW1+CI*S(;y_%Tdl}l;6519w+BMh~S~ju)^X6ECei@0~WD3d4B4%gAc!5~#@0yB3 zE8E{1Dt0DBY!R!(8CHoMtP-XF+0d{*goMrghu~m&Vey8>Ntg`KWsC#n&3=*!j$!K3 z-?0I5Ud!{I8?bJcf5IO){3Ktx0SVU99lia8Je4uA^`I)Pwte8X)gyoC)x~?0dMUa#Xu@qPN;|pFkByrH_(|Jz4Y`z}}E- z<3L`T2m^DAh7R-2s^;p*=^%X6McfUB&rMQt_~LEC*m{=``$=Q#Ao(rOHbUPbWO>>Y z+DF)l*x1O@$kgX{d2??icuH^cg+rar1DA}+Mb4nad`L~_1jnKNGnfaDtlEe;M2DWy z?y1OKN6hz!8I96zGFz@4OiZDWNdjv zm@G1-dYveE6l-EhoB~*Us=Z>zz{MIK$o+2vFb z7ylTRm=ws&OBA?kPJt#)C`Eat&Oxf9%DTMNVx?LP-FK8KB_DD{0s+jxK&}y}NbogM zf26^saU0`_*8*W|mIcN@c0q{XEwIsq?GOlJoK#xGrmsZy{jB>G=?xcrltDEk9xoC%!XrfA75rwU( z8W2Hct)L>%q((=75E$9sAPs7Gy~-*qiy9lrBx|1IKq5<2eiT8X*r-VOF+oryzKx22 z9}^KKlvou`M#x4cqf+$IY^3%h&0;EhnPSwlwD{UevdKv9@`)Nji!W}_^Wu|bE&i0A zX^FXH`+JKM3ziV_XlOLt4GotuyZDps!S>Tm$X#RI=O9ECpwRY=5O}8Hiq$ zXsg>0M2(-YGMR)P-oi#x>8mOH5%N;%K3c#FBWT%2YGE(=em6JvYIK@SKN91R{unZd z;n*1P%x`-TASQncIR%+w-QIDeLNMz3Ue{s34xS!5^jf`(HzA+}t6-QQyb*fDF>*XAc zM?hL7`Rw$Da$CdP0(b#;F>5LeRIrHP(}z4`ABdSbkU{fk78c%A&c*EitllX z?{SLnafe+@G6e;kqcc`GBzaP<8}xppTbPR=u8bgA*7mCF#T(}T8? zc6XSpC+d01vyVytFAmngW=AU0df`srUBuaoj%9}(h27z&^`L`E>(pgQKv}%}!f_{1 zTf>-EYAx^%B_D{w{#(6R$Vrr_oZVxLC{f!k=-sw$+qP}n?%r+Nwr$(CZS1yfo73<4 zX3qICGs)ykQb|3jR95|{q$;bPyRP;3$UFS;JN9`>ed zh4B89@Rpm($3`;4{fP!l0uw0>PUEbsgez|`F}b>gTfRI~h?zax%^&9wtlljhfzFH_ zQi`&*#;0`eT(6i*;rf&FGQi+b`xDf+P3cL-<~q_RHh>2Qge#zu*tdkGJP}tI7&>T4 z5MWh+Np3GugyeRQ|al_L3THcZR-iB4KOVu~7ZP18At{mnyswa8u z&?#cbZIIf7!wGJVg;$&UiFM!*XlV}N1FTY86n{wGc7i($J!QWFZp~lvA)cgG!GktF z2EI2=JqF6{nHeD|T=Jw>-O=Z599gdTZY>W>akUs+=-0!blc`OsfMM+X+9|v)%ZBEv zz3hxifs3YGxJIXZQNY3Z>g;qKI4kXz{a$;~?xAc1W88B1Ahqar+0oI~r#Ngc-?Bh< z3+4yDl$$DQ%Rz$Fv>F@?4Eu)Ow`$rCUZS+r`_7c$7a$~&y!w%qjKv-Ndd}u@AVnMw z?f2rWO};X5?YVLJ)Kay+jMgDLEFVVExXQ@5T6`fk6G-W!qXI3$mtk}14*A$Q@_%6; zN8K1#Y}xw2#IB#Ojkc>6n9}K!NUpavI%gESjoU{I>|+(y1K4fj<+LrTenMEf-h(MXo47HX?yeqQ zn);brl@v-*SF(n7aPX0}I(<4K#xa708{KA)GBW{e>_Qj13bh?(>ZS+R&%8?^GSy3o zSkIoG_&?U3_#*B8E@svlE=#8n^!F~&w4$x!&!Jm4lII{jeo`dffG^AoLIf@#1;Dkn zRWoYgMzW}+R!n0M^l53FekGac9q>_`u=?L)!8@aKFGlon-%02{ZkA*(E;83w8K0dl zGM66u86FJ=xS42il^K|eMkas=WJVH11k}5gDcJ3J=And{UHP3&G<-~SIp@LUCU&#o zKq9A^G%fd6kazJ(xrdBR)-(pSevv35U@*q9N~i;`Fs7 zt|%&}8WO|&jWq;i1~rSf-E5hUx6P+^Ce5Y6S)3Clt>k~RjidrnB4!fY1z4-Fc7nPK zXKB+L4HEGp%@v?7JkSc5tM0*UqS1ZdQaNgE7ztCwG7f0Y2_Tp6cNUJ|6X9+;%@t+w_k3%`?wd>bZTa5xDqKW&Kq(&@JV#1PyG zWM5fwDt3h<2Y`SaT7JDib2$(dMq4^DiT0@PTEB|UkbRIZR%P8>(QR$$b+q3ySPh)n_4Z%&C+}|ef5EB+S`HfcMEGv~ z$khJ`dQ*BH)3y90tc!nj;MV`{)w^4N?pHQ^(=9%Zu9tPcVYuk{3>Ha@$4%JlI8%l1 zM!qtvW5=kWT;k9tPmn})NvAr4U^v7F15JJp8?m$(smwCz3$^F{v+!Y6hiz6~o0 zXL=$rKV#rL35hatVB>CKRWW-@aWU~s&QOv|(~huv8iM=B68yV}XjgD&5D_uvz_660 zmr8{9nm!z0!g6cGrAU|qYvCS4S1+jy4STAH0Z9a{E`&pe1ydi4K{~Pyc7IA60Tg}| z+$yR596{g*V!&KE0g)HcV_&FI#f!ZZA<)Pj6+kO=YLF+S*=UFeM53V*$E!u)S98I@ zNnr^)Ze;8&PjKN)%KP;oijlQ87H$=*~tCI#{Ga#c6&I8-xEW_-oZrdmA0=f7*+NQYrxg!jm2>9 z^%N0WIunpvBP|3y_zTmiQ%-F% zH6w|t;0m*XUck3e|aKaV*fn~?;GV8r<7$)dAaXFT5+n5UKQX>TT)x?-+ zJ~V9vp%PQ7D;jR`!LW6b#(a~#1KmN6s>KwAY;L&f>G1o=sZz^+`EhJY z`yD~FZ8ir)!2oZ2Jd9qn8$MnkCvYMrp@7#zZ*8R^p+Q_mk@$`x->@1WYc8OM8`wbt zDy>-FDGt6x*#1>Esh!YGlHb5BlHUY7T z3XqUQ5es$t!U`qKkSb0`oQ`V7^FqR3j`JcLZi9igiopesG)z#|O?NT`F{E{X-+!E& zg2+?t5FY2X`lr#CtRU0Y`dz6(c1%3iUcbcvGp)^@O9L{ibFagns(Fq%$G(tPF&Zg< z9RJLIN)LEC1O*W5ZxQZazB0~d0OQL`yrK<`s2g$` zhu=&_lO;TmTvxk1x_W*8$R6fs_a3&W9uE(9DGO zr8-GMa{RFy%t(TEFG--Nqh=#`)h<6lv-$J(qZ1X*uVQ$ZbLcr$i_wd%WaLoFFTNB1>ROP8soecz;F`D+Z&mP7Irw*>i&O z@#~enw4im!7|vf=i1+XWYox5GfdwwE!?awnoVJLqvQsUPD`~-1PDC;wRmn2WdIsVy znkN(Pys{f0^7WOWQM+@-L8Ror;52 z<*M6+!VlFVdPGf?_Op_rc~n=Gw&v~d;QgIVmjlQ2&8GPVy@ z+0@E>OI=thhfCXjvOq=k*rPuL6JC(6fu)p`d=@rA6o_$+1#R$TV_!kGCb=R#e;5o5 zRf*qs$Q8ILntkYuyy%QRW0M$sexK1IZE)wAn~jXDO?IKbMYr(3|Jr=j3eLaZziu3V zc5o+;z>8jLyMN?(Wvqz{Uw(RRimq>de(pbh6uAd&O0fM>#)XXm4o#kV9k1}(*K^wn za=SuLeq)ka)h-7@s)Eng*+(ri-HNKNqt`HZQImVSDD)~!Zql=Aum^gKhMgZlvOh{z zq4kp?oy_$;&BV)iG~w(R@vZlVsfZ+>Zl~07GUy#kho0ei)A3J%A_#Ickyo{ods1Uc zT^sy($OreHCBw8w}AHIWI6N2@4htYR3hl)K0aIpw$X0%3v> zA+?a)3Vgy%96Qcl$#>WBZ$q!ug)2?2wD26T@QW?l1%h1;;E*Cv2Kmyv ze;1b%GiE`EwGoOo9}Ze~8ohjtzU8(wKQV6FvVXL+v~=V|-g*xgpFF>BZis%`pC?>U zg&)dD8NI*AiUfYFkLwn9@)9E{mqEs7DKJKI<4{ce#|a{>L5oET3-YapPGuc(53NOp zgf+O6?BQ%t5Sy`fX@CF=5QXAsE|TajR^EXqC^c;ZA!n1Gg%ey- z`Dju`gtO|Y0M99pWGDOx8Fn0iO$0RR*{BgIBNZ*Zjy*zwg$J`*so>s`9P)@3;v??Q z6BBYJ50#n=si-&u6J15Pgr+{BbclEVpXk(p1sww3|BF!-Y$Q5o+TSSlO4CAYLhVRh zn5L9cgj9ok=omo|#hFtyH}iaFS)c7qvmDxM@E~spQT^2P!~JF*wj}>E}0kYp;6WbN_34qI4Ib(hetP)yvE<%xx*=0khi zE2t0RRL2nN5_PpPna5fYmDT2x3$MP&qG>n{8VY(-qd;~VPmsMzYLjhQA~(o97~oh4 z9t?1xc6tfBOnQ)Smpx_&Bx$3?u=>Z;n{Qk1ZEA4y|IJQeDppWnFf?aB7HNB9bX!fK zo{Ywf<@5w>AUsc|jJ52A*rm4A;YnastO1A1<|bgQFA9#K@?beece`o_)*wJocA7h- z7!pRZcDu!)onQz}nfKkGfleRLCxO?poYZ+#wKL?;=ced()k=8KGP!wLcMCMvIIC}FGg(7wbWZWwL{_Jy=Wsf^PRssCB zmqT7yG;(IbO+JmuIVdi9b_OY-o+$0y-5rXEJY;F?>63vdmPhU=D};uZn{2objzlj- zV6Dt9^MHEjWG!b*eWkAn|0o&ct_R&nv%c>k6l~E5 zvCNB92Dh=V0!PeF1ac2cO)*LLi@1C|sA$d{OOi4;VC4iioP**GvrdWU4@}=KGpb%; z-APZmKI;1ON4AJBp6HOzlPi9|rhIc>4qiCp2yOJ!3b`T=L89XEn#^c1c8kYO*tZD`FV z;M&jpzOg!V#ot`D^0-n!rnxGEjz~fBH2&>y%0ja}5E9E_qzIzU00}{;#tx$+y|0Bw z?=@%c)4ro_;6v!wM+&AS$V7=@nn_XYDVv8-E36P!JVcN_(t5d!n-P&TAu$6WrmiyH z+r)qrp0Q*!#@s!s!)nP!1r0;&sUbqA0yB_ovwPa8<#o>+9~Dh|qoUZAs?dpJAeWOI ztZa|z$EzEcU~C`|XaX5Ik$j<7GN*x|AWV8bBzKB-XmzG8A}O_|$X zV8lxt`;ML*f8SuJjO=IGQg7(8t)?;l$CJ9HX4OJ(uIbdZj<~ogdDR^p`pg2G{xlDg zp8im1SaQo0@#R;{!_=M8P1hS}Od;YPw8Bnxvhd(ep;mbwKX-4C8upRS&5V4spx$HB za+q!}Twx3c>xORqX&YLe8b)v2)xnaEs&CUm>>Mnq^Rwnvlf=~}aT_?-VZWV^`3={D98zkK8 zjdAopAt@?+itNK#mhVmKdG4RztQQ#O�vGnu=}y#F`WaN0`M_JL`rsf@K^xeI*IQ z8+l;WoU0QrFikg_m&>u16)saH{{$JDswlJJ!{rM)lu!0+Jy6{16JcYY;Xhr9tjKA@ z>{ZQ-ZKNp)afyH=LUDqCBm%(*_?pcZbmb*8Koc{*Sh66KIYaGmnH7WfUpz|uTQ@oY z&4fss!wNvV1)vK3&X|D~(PH5+jm=Yi)nScIh<6QWK}mnPFKr~!FWfar#--{um8?iN z>BTdPQjnQ2kpo#7fr}x5g+!AQB}_AOY5@t(7mOwRj1n;uA;xx5M`wT%foX|gpaQ-M zbgzPcQ{iiGR>eCl|Ge)nET6o6SQ#t!f4Zr(9-9RTCrH;-5+Kiz%qA^N8h72oYd!!P z44k$JkNM$r;qul!wHT7-J3s$jaB}i<=DAo0gHs#mtiprXH<37Sfm+FCzkzuCu=0;Vn4$UZ2(K z5Jlb3V>-*?`w$5q)Yf#VMHbU4KL2SWV zuVwG8UtenKxcw|d3Ixf3jt$#7X+QmU13~9p;UiR$JE>bI8TG#jIjzNET0hezI?r%J zmB%V9;1uFjlij>6`PiAtSWa{r803c!)qF$f-I>AIu8FCWm)P+bw?Y%O! z_QABGJ_Ei#Zu>@MJ-laMT0;U2)H%U)Lo&C4kV?A9w?B%tMNbNg{Q8r|vxXVEZc2!T zcct;YqIod923ek=AiV<88;qy(!uq>wbi3aT#$MoCY|t*3uf@=u6t!A<;Q@_I=$vXlC@3 zG3Fc|Z1KdBUnX{9A_5!(v9y110#+(R5uuP=G1Bm_-&H}Tl1mZs!rR{nc?k>dH~;$p zBTbcnBlu-^F+v8(D>!K&=QUYXMiYgzjBH?uWQP#Th_{)R+yKWgY0q2g487~Ahshaf zw+~f3wE$JTlhkVWmFojZ@V_)xM>8s%N|0E}PKrTkpk}NP+sOUHkbpt;l1iIw$~{9y zn(I0+f@C7{y@2w1wC4)oL>3Wlakj)kcwd-)l2va{GHp|I_{vG<-CEq8E7a zcH(Ht^U#a@jGiJG12`f^X%{E4628A|u3^c$Q&K_%L(GY=&RXe6G^uI)v&eQHE|<|j zgAb-eD4j16SlJ)XS58uyC*QZEik z96IN3aFzYw7&Tfgagaa^$&IFYr}t%P&@C$%V2d7ReyVnB8I z+*ImHvVjnBG<6k5b=s8@H+2ITEyZc8M{o44Ua;!sJp^jQP5*#+V}- z&6KV#>BXk5$|g1Sw0p7rq-F)4EpfI*RnA=6VyH6*4>IqxZ8^N6$g^%Iva6!eug9Ym zCpK#-nrVoI^K<8{c$7>jwNWnN5ABS4MiLfI85%ih79FfB$*+DLSvBD}P51m9(Z;1v z!2gB#EI`We)9C@S<)+6YPyIolVHAjzz6iCd2#PEE|`Db)W{Pe!v5;?c7&1MK%&Qk@@fQYK-nkck7PMlWh=$KIWu%!eB~JlV zI6Z}xOwR<8vMR6z1P%^z^2`>^t%9}ujd4KjA?Gm`MLBs!)cL#gHX)ATYw`-0pMtQc z`f8id%UE68x&+H`J@V#s+fbrv>;Ze46+??1c+34)161)KSB6(#o7_$Fl7s~952&8w z^gkYWCP((lf3t-e>c;vmgpuse>Z*O8#=G%|p2zyd)fU3Z>*M{%e-Sqs*SL}X3I2jT zAhRX#LN{9bQx?U8z~bitQpn)O#pnlMHmDWcREl_1+g&`NU`zoT+Dj_O*~zX(9ef+> zITqnqBpEoOA>_o0g7{KaH^m0=7H%U>4lsjKK|dA1FKWLC&&llH3z_M`t%0>>MRx zSD2!QD&UGopRpw4`~nDz_vOW=9d#wrt0SV!Jtd|@2|^b%WtW# zCbFWyR`*K50MULFb{c`S6iW49k%LI4OmnH_J5CXL~(HB6VlTCW)`$>zIcmc7JQxVCa`brT|p9}4UwO_IpKji6xYuX>CyYNx-1 zMffuf)l}rqD0NX6$fM!sHGPmg?6I`)1!rJ@iMgeL|q*w*rw6#-k5M? zt}>)cmn@X4oh_+yrYHT3n=z%&)O7H=BWy#&F>vSWAC3Z}*!*``C&(-|gC73d&N*#A zv{3uZFq)4o2sT7DZd|aTgo+`eVihuG^|k$Td<694|1@nY5w#+d7omUA`2*gy+w$CKd7rG$i}?~7z26ZTAo6Z4RsMxpeIk^!@C*^%vVL z#As|GUdU7FN29_^QCxpSLX{3Xv^Gf-lcCqc1LdBNAwh09gK&V0^V@M~D7B30 zgdq04^)R;Y=G-TNa5hOX2WbMtLsM&d{JgXmW~fn9 zfh6wW83AqQSoRlM#%+( zD*yq?XB;FKdtEzYfw> z1M4Y?tct*~&OGbmh4qsvCO(b=tN*DaA@Ez>MC>8Fv{o`-gbf05W;VsBnrD+$AiXr3 zi`pY_=PU~ZMY)L+;V$e%hcXAeN96SomeuM(Jw087A-#cpiN%rO_N)*A4u|pIb%G-+ z;Ls2%d^SoTOI+Od3KW4SJh4hkA6>FeG0;cXot$7&4IKm#h)(4ade)5R%k6PP|06OPpq>JT38+eK9sVqU|N~O-c*zm@oD@|)W(9dkgeI0 z%khwJ6@Es#zAEH`O|on#Dj23iT`T!TYEeLt?tTyCB8PQIf}m>)n^x1OT#r@iHF51; z;XV@>ud1yu-g0etNh;l^ZGl0C(Br5M)~C{ZtAiyy_L)qiO*uQg!=b(KY?BSTBK02` zKq&Jr20}aAd~wNQ1PqEv)h-iYnIx3jX7K`JkYnVBE$vFwxa_i|%7WJ+dh6@YO*B@e zDdeDpCO#k4y2PpU0Mn2mfEiq4TI${TWi9Q2P#g`2#om4pkvaH>5*vnQO4MDf50+YU z<>E_@%JB}*&3|Hr^^Jp{J%WlzE_5q26lKqYm38vo=y&Yad0h-zd>+UZ$!V}Raw=!0r^2g zYK?rpG#k{!6#?})+_VENH2*ay6Dt@0pqF-u2VpI{Dzt|TxcUd3_1^{rLlM)<)9VWS z(d{48`5`n;&8&L5nCq~TS;%HY`b7?!xE$lV8RXP0A4|q&rU<$4OrTp{d+72EYr=1s zL1#sPG1Z0RGKUE>R~J{CFpTsZM3cXo(ZU9$@D)8)UPAIG`@!0g0}Y zVO9VHzmx(^Bry;4O&u6ofM)F_?kQ@dS=SCCMp*kll@PL`Nda%bNu*^Q>i$yX(@VrL zg$V>#RVxL>_=B@pdsGe~-u^7ckRq_f9kaZt67feqwPt|K7BsScGUE8rEIjC|8Aa-E zUq@t7ax;QlCv||i^)2*_=-!0hQTwdB-cmomG;{R<&v}C9{oxGugOu(CLcoCzfLhwI z=mqQR+xEOtjq@LbTle+@#SLHs#v1dPyPhp(|4?Xb%17I=kc~c_5W9j~j;KKiR(-4_ zob+1o%9sbL)B0?iK}B2s5x+8L`?G8?59IgsDIWuIvv-8$SC@e@4LB%?(~s^_#PJ{B zz)HUACa_oCy}WTaZH6=^-oAO4V6dAR{8u+%r|e4oX9V|l#jD;GXwT47vdD#scm}s? zA|{ouc|Ors6#79->$*Z>SyCt!>Z(Zb>c!*r23hIwnuIUY`wW zzt@u%Sw;7DP2*d)!Q9(e(p%)~ABj2}8YU$pPVr>fHMdvx$TAzHT6eo1x|ILLD3uY% z>KC$YUIPM~i$E5}-txI!j9F|)3R$t8wHUv#wsTmEF3ui9cSkMP=%nH-?1R)gxma9= zxg6|3vuG(9xY*fuc~>jTsIbiKi=xI&;cGOcz>*@OgOP5MvzGS$OL^0R3CxM!A_AC@ zPNy%sFKwb*e==%(^2A;7g3gKH@RxV5@2A4qnTC(G3SlzMtFAIUZiS^QBjyxhSY!=# z`GHcDIAwM}nR`=p--g1D^I+XF?y~}g9_u@04to=q^%6m&_*3t7o%|3gb*d zD#1-Gr;vk^hsJ$HIk)Pr6XW%d8+rx&;cJsEj6;iNb)H=p&!+<3J!r14@jebVg4QCB zG3%F5iBTJ}d)}S{ai|nIkCqAWWD}44>0^Z$6klu9)9;N2Xt0CCy%g!z2)2vTTaxc+ znW}UolM3m{1NbLRX4iT=an+wqv*%Ll_13`e2x|h+DI$up9)}dgtQHFBatC4Cdbsp^ zhSDBtmeLat;x&}Bn;OKxpFYm?Mz)h`yr>$&aFO9Fc$8*rp?#qa^}s7+sT4`v&OhGh zA6TefvwdB_i6BOPYr?9iZtu3mKX8gHqN&J*QW1Q|35L!BM&9&#he*@?1tXmLGe<}= zPL)(0|4_Eh-y+$xV8i?kcAH)VW4GyXkC%&>p*cJDoM?ZmY{eOA>#>j(3}7hYUdb01)-r5{-YTf z7q)YMz;g*;h9Pl+Ba7uGj@dU^)qTkkfip|&zRL8g2+ci3imJSS|0x++7)I~SF<0-c zHS)au6z+|@wXxalhsKRy4pTSqhXux>&IE3pQ%~QuvSN;#4%V?|)j;jiqd7VZhq^1B zL&%y&Gtmbo z*TG@kYoA!w^ZP0RAds|bgUJc8_`FNesYXYh_8=W?nC!G_4N{QHO6;(4rn-F~=vE6+ z0TmAuJjzpxV*sjvlAElG{#dEi@#`2w4&AI=Lv@T5)7lc;f0u}-saf&NuDLsJ6vxe; zyg4}dTvM#ll5b>dL-eDdRzcB)m2@B4>kt;%Pu5IHXr$iJbm5M)R$1zgo@1sdmK;~> z`m!4#$QA($_S_x}V6}b`XNx}t_zp*(g`o+M&bu$T>s`cDYBpMfOxfn1O|?koiq%Jwc6? zs(e7QbxvSid6XWLmq!*o{iB-l=jiO{Jwj%ucBw)AGxLVMQjwoTU9t%AnpFPRDnfXTr6Ot~21W`^dU+Q|xS} zX})ahP-L)lnc*O!0lzz6EIqI?40xWV+y@Q%O6>}3rR{6p>A-HuXIZo`vzQYadVn>V za#%0{k<4RuNWkTheT3P)R6Re=iNhr^nj9}zzWie3EMO(u8=&1u<31_Yu&RcnnAZqZH`3>wvH3`mTVo&od)Sf=r#BAeVYMBvl$U&y`zzS z>$_3irFeP1E~gkuVuSt9*t>@4jSTwIUqSaSgP>9lvQs<8h5yjL&By;&F{7Rpk|Yy6~{;08Ry52dCI| zvK^4}ZFOZYn+TRI_M}}_%-9V}N7NDZ!T6FQSS`pnu9K!R%utW*7iDs?N!Fi%$c%(sVElXd>901DtQU^ zd3Q`dJf||-WAM|v{vg+x#ufXYL@^a=PB0=aji+n>1AA5|Xc=@)EJ&5{mA``gKFa14 z8Xv*{41VtTz;)n*1nzfIf&%V=`FL*Pd-BHvHm-NKgoWB4bA)dE1d5P0z!29|undZw z^=NIqW7Wz+yXdbv|Locj>r+4B>QaFT<3*B45sD>*Ef5tlgp){rP>aJeLsj9kKA#kg zFz8=56HPfw>&^7K5|3g*JdnF&oU#Md|#TfT9~nSK6viwb8WD42P{Ig1Ks-kB|$eyUM0p+>mMo96wx z1-~(j%QTw1QknF+SA0dgi~W!?$sI|!Qz=%_KdbpMvU-=Q!?(-AI@_oVUVS`|!#Jn<)@?94>c5v~XI z!dw+h` z4ie>$t@T5(ub1X0P`KlVkbI5%Fp4hoK=d@+;TO(F4w;6)d7=$AWv8f_&P&*Z&a67M zf|%kwx8jwn*Kt$5!-;A)gf|4-u|Fd=JV}2DP|_zn+0;ix$59P181D-ejfs+wrqe(hJgRn#@eFAeF6a`r-5nmoa3DzT z0HwPAtufJO>c{k@=^HWxC+^An7i+I~TuHsMt{7`5S51psAIZ?;^?h0wX*f%i+20V4 zGss|uUep#-9*e^2@(QkI`)196c3Ei;_P+l%gQQ^gn!ZuL!&{-d&!~IL8WT+dkEGu(QyU=0q3?UN(=XANk$xBz8nDxBpz2Cm9CG>WKti)RsukkgF`di6~}-Ht=S znDSyVIU@44faCqsw|rGN;KuqFIm^jFS%F4R7&qZpEb90%l#wnoHz)b&@ zJ@_Zo`5lgsj~5K@_Q$=3VUpR=V5*IS$rNsHWmrhK?#=+7_-{dYd_v=paQP4}#_~yF zXuM5byN)@i{33=IEoN1FB@$t5Ive-^z*fVYbO=U%q;`nz2PT7d-n(A!-@2<6P%448 z1?j-z7bh3+W6-EKZSrK@CfyL#v5UvpFgv#36iXlm!`_bXWCJ5R;D`_ zR_^b~v%6_YuYbPrj@O16SYv@P562|xN_YK!#R50hz9@YENjO9JN^ZB|1o-|bG4M?W zbAF~>9zT)Ma^x(2ViFrfg+Mk`q6u7oQGX#ywsqoG_G8y%%cJ-UwoJ7VVnFk8dW%}JPMWqP3`+BIL2&AF$I+F+~}AjpYLwnBMV?Wu=19PMP7BH#$2pyB>2EGNpk~Y~@;eEl=@CIJm*VT_ zgVvmrfsFhpSS>CG0s>m3*@e2s8LhKr(mLrqF{=P>icyW-K}lnr(=dML?j|hf-M(?P zE>nnP^uo@Mwji?mBN1Zs40&KPCcJ@T)s3lGWc208rK=}HrwV~ja?UQ_eRePuqRvo~ zo@k6#($*wp*L@LFHjKeQ-pM+#%&$cVB<9Kpj>a?)6xIT^>%n+>Z31wBr8}@6%qy)$wK{Ij{d`YFSoZ%R3-}+? zxPjjOLl%%1k@VJ)yoM`^o=JPe=y@BE#^82=5eDM`mCIx?2EtFc@AGfnA!;Js*5|g%-=Qr5K1Kh-37O zfyxz%v0eetM(>BA=)h#dS=Mz)R2MHg2zPu}YNTAPOz(J^2?F;~)LYNZRW@?GDEV(9 z4xJE!oyED;z8kyz@tV?HBe)&UTF|>S1aSa;O8vk3HT_jYoN!gTqAXqmnpOo8g@Ehr z8M!q<>6cOpJ>a&0v!u~p7qvyJ+Moaxzy=Tc>8Zi?CMckhH!JCI)WB%)@}J5uhk7AY zBe>Lq^d3F^qPa)+`%DuMaMbgWm$;ZS5^M;6&WC36+x-~y(8TvG`?(4rthuS{KB2{L zp*p+-ON<7h2jM&J;6*R%udz~P;CrR?`TiK8=H2p64lpiOxYSXP+nzxbOhbe>d;&s( zy|c;QsLN}_G0z%Avz2H zvk>0Lx>IapS!jg8L8~YtlEbQQz~w-+<_Of;Mmtf=(GlFFZO8`^`9F$;^TQN{vLwZZ zvdnuq0A`g!7_PYqq-kX|m62rm-N)r{Sk!$7%l6tcvXEg*@pGkM#p%G$QGWaxa#Y7K z%LiLd{h;rt9doaR`5a<;9g5>ie`rY+D4$WhhB3}cW)@X5e_ZH8unr0UCplROpIKQ7y>||#J{rS4)$9Fx}f}A~{Zyo%n13*|+Uz`S( z`#hQs{Q^;{^|^D6aO^NA49xXlQ`ET4Jq4n|nQ?iW7ziXpCBp^K1VZxD#B^ShbWY~9 z>J;STmr;*a%of?GUoOvJV6JGJCrzqMSG|&qO(! zb{y3Ml0aUMfBAxOIDTlc-CpRhJ^MK51>&61hpcr8nh`8WRmA#os-PIFk)gN`|C})E z=-0*2Z5bu(e9K)8_I-K<6eH=FzQt$gW{FipHZ4%CbWwVKbd$dfm>LME^xgv#O~GLo zK0#wO`1Fo_vT#Wb2lXmhSX&b|ax$=E#jfUY@b&|x>9D%- z@#+V%9pJF4W7SesNst*{NJcg$BmcM@F5|_lzcayWWlA6rS4JnjFtA}~R)J+bAr7D6 zc5>GfG8;&k!szM0%%E<;Jc*{OGihS$`5@H6ys&B`B;{%%7?8I zP9cucOH~a}E4RTArXN-8h(EEil5W#Oxkx`gojZl68L*>nPtlqQ( z%v+n^+;Xw<&7;ckXX%w|+OiS2n4HreWzr3kPR95%%H(W6Fc7&xP(HLkQ*~NrR}WD3 zZ4T7SyViWv`(K7$Ld>;a@}`v*s8rexD9hB#_Q8e5Zc9ks8Lw0Rag+#)=CL;)fIih) zbrN?;(W7n6YT4A%A>ZPEXqSM5$nBOvKidM{kj6Z#K5Q>9R8vg(D4X{#ja?>V>fyw;{XC$BxSiqx@Q71)8)#i6lt#5E(v(B4 zLYQPD0sVuDcdup)-j+59mGQ&!$LOSo0TAscJa4$E{bCfsRJ+es<5W7VtmbhB!N@RV zu^C0VkN6TcC~LRT{RqT|kda1IAoV8n_%e_8QfSE;t;tRTgnT;H6g*rsqydH5hd7Es z7xl!%86j&Hb0RX|_Qd7ss*5V1!GXrMT6GTPGGd}8O;3niz-T2l(98F8ztbRG!N1A} z0ONWIC@&mIQ9-xDG4H(0I2BE^>J`O1S+rcSfj|uyo*x|a9w8utJrUuZh-D(0GKx$U zqOD$|1RO}iANnBK2Y_FIojQEm-J9Ng<$UmuekKJVe~RyZ3h!P-#8iNhn7} zs$N|)@unuDBvW6$Sl)@$1C*3#`|4N|)7Mm8A_otbZF`b=m!vjsa5X;+cxgk562e&R z{QMP%X3IbEY)swS2E@tzFmcBCX~#=&X5-{eZg6C*GYFqoP-K5wBA!0DT(Dfk%As*P zdt*dO5wr-He?Gu8C5My7fr|vObWHJN;MoqxNbdE{aOXx8pa^mUI z{BWfP`4mt8h`+%#C7kiD>jF@jEs2`rlEw9gMOB+!3Jp97u@^cC0>NXV|IA)CgbIMa zXMuz=1!#)cw!T69BTQlU9h_$%mAL(ct#dFo9^C_hlyw+`T3C3W_lt~2?C6>*ICB49 zROxbYjQzuT?2iR2%@vpDDb&&M8gV2zk!d^b5HGoP%=|u2a9z=PE41 z1gs;^Dn_t+mDVwUQMnKP5<*(C4Ec}l1S+%S_}I*?{w`E3S-2fheR0@Bic^i?L4vn# z{qug_vC^1w8pA$olNi?Y(dj>n<|G{<6p*iTN7R~dJgS_yQSHA@6OB+jIbH6}V@Yy! z;N0%8$|cGK0oWq+slR%`sZnkV9XnvOJyt-vuxQe{qDMMkor?0!oFj}PThj^B)Ssy> zXEd7>M81m{|Ae?6`PSKD=SU+8W+oCK7@13R=**U;e07?BNG`AmkK^PZ9#<3gpK-{HJt^U(^bp)NY`ZuFdK)z*db+RU=%_hEYUa>!LY&O|N3%T zJhXBll>Vu9tjXd?=?S;|36I7#eIkhZvWYgzg)PJL0A#opVv=ZpAiEo4FK|nZs*#L2`PJQk#gb&iu%l}M%OnLV=>?=_>f!Csoo_2( zNBu$?WDA-X1vQy{@YvrRH9U%syvdaVa@-sxRNSm*sw*& z2#BXA4ev`+zuf!%TF8ka5w`d^+&Xel6f$TVazqm{_>q$wJGuIFmoXiRYT}TShea$k zF=zN54Z_V*$!nzif8+vImO%;l5^qi@uZ%6kEl1pdD(Bi$dGe}6@-y~7Lk9y~Kox^D z^XK-iyZ=W3h6{Q0YooCC)-V`Zw`=ze)5X1*yFB~d{G0X^k!!!+UIaR~CP8-P?oC)n zLf!h<<4E|(t|_m_3H}}bC*s4YP}f`V+I-M%LD*Y9M6GbZIR}{AZ7_BLh;V_(abZYq zVaRW8Xoift$V9IBaj!WVx=*w1v19&Iyyj}lUD|25pYOid62n6n#1o#+iz#PAUUK#y#&_0 z#fK_*zYnKW=NZ170$o5C2$bc#OCpsp6eb?1d&VePh@0h&kn#&2FdR2`Z2#dW?AQ$g z`m*l~Uhzr?fX`Zo#~?u-m_u=r?K-Hjz0g+t5kH11ZK2dHPHTp?2Us(ygCVt(X*)WO za;&~R!{ynIX&zNukd_Cz)`JM^gB}e)5cOePdeB?lu(fv9p$=U)B+$k2X*dtLE=YLX zZ6H~(SAy45hW0fu%b)iXWQ-0RTKDYhW)4s_>^bvppVDrDS?^p1bTQ(cgvQ+iUv%sO z(v|1Vk*js9b4HtT7G#5CDBVk}Rkepzuic;TLoV3lOzmH=M|>c^nh&HX7SO8KW^hFf zH35RWd4va}E6Dv}b~|G90=a;4C2Sn$G{Qn6b~(H_kFSR9&jQCB879oSQxYIBF}VSa zCoy;+=s6vL{v#%S8$;jrK|uNeKK^*NlZe+O;x+kRUK6wG=%&`)FiXsH+^Y)oX^Aop zkA7c*B!n*b$|*;z2U;%Abz0C}m_s`<%b%=;z&xmZVn-Ib^(L`=t4n-%%TGude1#{> zc|Oa{r&Ihf9}M_3SS+ALYKlo0@D!h>Fw(`gfB-A<)}CZ#7L|koB;6(C9Of#SVniAf zk;eR9q%khkRKJv2!%*G&7%y7NaTc#fbR5e83P@8rZnIfSHgRQ9&Z>@84?&bVR$lIf zQO&Xb68jY@LcDWn;=PM1-UaN~{&8^#BPaOlKmkD$p&=gqKpZMGtmPpEnmYWx)W=J$g!l-L%EKxU7d=6h=%_>V5?YT(gHyH50AGFDTe*VPG6Uv@4b5Jk zc5i~#^#i7|iQkjFh+pvfg(+4lIOKO~UcP{E0**e)LG6_*+)}*pWP&aVh-B?_`fah0 z;o~Db8ADr`;7zdg>`!(fPhl}f{7Vu4QpCUXYx$QDxjEusia3}e4yK5MDdJ%IeK?qE z=Q?}b)Y&o^9n5Pm8(>OccENlCa|EUZ2Kp!azvwT3{{`z*)XY!je@QK+{$BL(zoeGt zBmS44&;Jt2{c?Y{m+#Fc)ADi3V};k^)~9eP7hb0)eFUbdjtOQO+bZJc9S< zf@)!OQDnnJQQ?(9OgAk8xIrwFqQVhuvKwRoA$-6V0)zGm+!qmq4h`Yq8qotEj`6$q zngSUx4!;s$X2B%EJOyLM`b7bgVq!k%ZHer8QR4GqQS6P`2e3T^gU_aXcEJ>5Ni3E< z#Jbf)E{hbVg|_&aO+uVREI<07bdgG?B;ZZ25gHajY0WnUHVLKt42l$g&t7O=NU1;; z9tF}enh~Ho2r*Pdv?FHzWr$}S5djM}{HO}zM}}!iDHV~-< z4Z<(abHRUcGtdYf5Z{mBJv~6TrtpJ6T1hBeuxob z6(tV^nD?U(8?t!_xHDn|nJCiJ#R{@A>amr2&kd@&QtQ$!_eato$m&YDLqMx&k6^24 z?*d#^0HS{IQ1p5ifasG;%?~14xYX_sB>E0KBbaFCQVRkT)zKQv*Mf@1a+(u^?RM1A zsn1#na_9=USm>c!pEW0f=*k+bo53moNfd*HpoyZB8&MRS1tE&kNFz~2=dQH-B8zT= z*B^^6+JY1wTniP7(zOLTfxl;)GPqZZ0ie51z$vY znehB0fz4L5%|LLo#lsD@nBE|%1I<@~osp>W-vK3@}X7w&LkuO=@y}6M~8_+KLCLYLca($X2^meOKe*b4CSq1hp?TPavjLp61m#}1#wc` z?#iPpJT5>%7A@^uJ3m0dR-j7wG443w(PD@PI;4}gkR1Rwq)ADTXEK-s%TfVB&J}uo z?gAiNtB`PS&e8*gc$%;*vvemQoVwYo?&)BnU9*264n}cPQ7k}?F6aprIT)JO4KShd z85hAIHVmmQL#agV*qrIowi#_hyKkJ474Op4G+hlBdzj!v>GxaJc~}L>AE;6((_;># zD(iFY2puUqv9g8^;1T=;M~HY$#6L%LnXvNcbuVj}k($bca2I(K1?&7~tFR%-!KjN% z7`a*Q*ijwS#S+GLgr?xT4+*&}oJMT?a6pP#q@RIEB?xBYy&h0 zp15_lLD%_V>#Rtwpdxcxo+N%qkge_qnTfx!}<-ZYEp|&QT>f-(E8kARDyWl zkEsrp!J_=g)r80r4>XtA1fzTGoaW`duX}&nWnxk!`d_?J?7y`h-7${t82^!Xj9+eR ztO(|ve4=?)h6OE{ZTUnK-KdIgR7E$ce(jB_==eSQi~gd&=P{Xg3(1{nZ=0sy|! B)J*^Y literal 0 HcmV?d00001 diff --git a/test/condensed-downloads/linuxptp_3.1-2.1_amd64.deb.tar.gz b/test/condensed-downloads/linuxptp_3.1-2.1_amd64.deb.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..2c4cccda06cb03227145b813d46e0cf2a60a92b4 GIT binary patch literal 50629 zcmaf)LyRsAu%_F#ZQI7zHcs2NZQHhO+qP}n)@hucKX-AHSxhE*YEktjwXD2VNfAav zK>-5+0fGG5SlYRIIJh|IvobK#voJ908`_$1urZjJ8Zo#SIsx7Me2HvHzC*_K3+~S= z%;_h-1*%pnDHZ{y*QhKkgenh8+e;-;q)ye6BHG&W{eQgYGAC0D+}gY6?*v>plV*J9 za=4w(-gx5J{j74cgUfd#P20bU)yD6B_7(o6hxuo3()|qeU)Xc>raJC-dQ&vFc0T$m zeg6In@<&kdhTHtz|2^yft=HN8`u!37o&TLaNaw%JJkQ=N=eMmjN65Kuz1}(7GUG6X zSH8CSJ;=yYE7i2N{M6`YqSq$mwC?Ub1lYIDd-J?Uzgu1&KN@UY!SmW~;~`|Q-{@R% zbi|LH4RC1X-jO%oJa#POHzSAO$2~ePVDAF3EQ;pHAuO?No5Km-8pau1yt#(RVia+< z78$?rCO29dsdBH~rkNmb^ZtSh7B1n>7}>Oc+By#$c$>J7dub16 zl|Oa|+h^PKYi(}Y)|PW9Y2NSpYb#79Y>D}EAyu|!^gO4K%RC&|1LwJV(MkE zoq{m|?!QGpvAuN-_4xg3;#HHi^A*V$vPA(!T(wwv@UL&{!Z_ zgQTc+CI2P-vzl~MXDQ{oJM^IBT_E+@YN?I1ma=F0nYy_sD2WoXGA`a-EVCok6rN;! zS)Ig;Cjy2<$FHlka%<;>Y!p}OE=8XzZH1)V^pdyNSlYO^I7=I0@#Y#Sn#kQj)estb z(uLuW0wFR{!+H~3&t^r6DrNi8zn+b-MX)0}90iau-d!43@1oFc^^WVK%ekKIa!J)p zjgxs*jq&+Y+$(ZAzSjc_#y%HPPAubT`Gq^Q2o+}cwIj9VhvgUX?qBj?lT9So5 zO%2iEE#UOtA<*z$Mqs57?TNakK{B$~NPg2uuX||(-=$eF)g$)wO5#|dH!#+|Y75+_ zH)q3%v%R7UJ~WV97V6=~$Nds6cIxP^&*Q+AD^*iyM7h`6!ulTT7tD-fB_Iu@-)$?T zQ48E$r~fi5k&%jxtruc@D_}jAK)nJTaU!DEg+&EiA+qbTctVSwA)S4PMJ(9Hvy%x& z!M{v`vRq|_Iu0`EbPfwwjG(~y>XMF&uQ-yX8qVk0kP$SOBUG>uRp(oMb~-<@mCE(; zg#y>KW}+8wjt+QA+mm{y6aj8ljl44XyQEl1v*piuym;5=EVRsNlkM$Kc*G^9r!;$g z`%>pEuCvn68O%yy4mctFMgxv)SDKk+Q2z~CUl~C$w)w&P8*;G{FDP1X+ommb(;M&H zUDwuey!CsmsCo0*?LT1M@t!Q)W#fAkUYw_ikz4+8-R8%waKm;eod3=K{o?#~*7+d} z*~w2G-~Id@OQW+FfBAjs%E`R`_2>QRC#JsnTHmXGN!)G3U*nA17POTvKs3-;;8h>< z*eFl$a~0}8F-5$D+#R7>46I16ZF_^3pfJPYhdiN0Xq~}|djZY|yhzM|m6oiw5yP&y z5GPNF7O%1pkNWhPYUaKT1UzKh%Hg&H91k2JnHCMwJb{(NHk(n*0Zzzg@cdMm^8B(i zL1z&tF%4k33~)I<5XGIS*q~-C7}p(-WBgR!`uD>PlXHz7VWrpU7eT3kKK3tMzvYCJ}C&-rh^>dI-w_ zo+<58ogPFd&SB&9RHqnU$i< zl}DpEv~6o2CoiuwB~S`xsS2`=N!NUJEL3d#Q;mUkiZj1-%|}BlxE!c99|TF*Rta|v z=>b&;x1zc5_NauL4Ov)?#!{wpw5e7KsqWBXCOpe3IsBl#PhU1qLayaY=D@daoOyY2X}b^a@d&X$Ig* zyGF06%qIwx@QbRbOS-{)Qt~OixoVnf`(pnfmSabMYr{Y38+!7luP&jk=`}HH=)MEd}nUrSiJ6OPK)SndV*uEg3{gYW1Q7j^FX+rGp-8b@TQg< zmGoHb^Yuu@$y!9@+9xcu--isWY!zVB!>-AsT6&2Bezir{_@@q!{DAhMjmVfY%Na_@ z{Sen18H_fxYstTkp-R>%YEh+tw`!rSTGi+k#bplVWfsLnE(Kgp{>TersFbya!O&lm zzS-8n58lT;_qe~*ob-$j)3z88HHCXhpCVhDB&Qdt^wTmz8P*$ z7EN38xIGI<5c=NecUZL3uU!0hD_wrwH9F@Lb=|qnA7%+J92UF=z$x5B^Nw&`4P=*Mtp3^X76YaFd zK{If=+^55Pq|bl&T^|mK2%3YL1|J85*oC8WBu7;!*uWcUI2C1}cE8>Lh%n{J#t7&1 zJK$7?%Vh|FdTHWhI#Sm&&0~?K z)7ZY`5Rnpm-sw@_ji6g_#=fcv@Wluhx8&XuM@5Z4H_ zrn+a1meiVwD<6rXb_xKFn0z}2x~JkIihT1pX3k$?)5r?*Rx(YS_`)QB`)QaUeY!XE zF!YXeQB}dX%uovfn})`Rlu`nxaiOln5iL(kv4;rCgfEPdawDBEO|Xld%;X%fBb~Xg zEKp=`gj-2ffT)l`&W(O)SCN?W4K?+g%yAcnn%X5uhUAZciJa(v+u?W+N1WO8D{fc^ zkkK4&Cv+sfGlsHNx&=fK>bfOHphqy;?D1HxTC-wJ$SerZblC(;muL0VceEb+p*w4n zK*t^T^*ll26A2~h-a9s33oggujN zzLzo~mO8YFqIvX=?WFx5l=G z>ddgcPeEX8nP3uMDf(0l>gKC#B#)4%3ceBZ4r@@UQ$WTRKoktBtixD%1yM{IQNGwF zIB_FFt}uw0&l7|C5p8*U?ve2W(BS1a#I$^LtTGz`=$XY~sE|$KzRH`E9$!}$NKIQa zz2##Sp-Zlvu;?g0;UY#Zk zbQb>;)tPa^K514C>Cj#&uk3+AbcX5m==lBPfOvbrE-V~7Nf_U7W4ah7p0X&(aHwM> zAxWMCTER95(utS@{1*gLr7^xw!m$(?x$93GPsk^NKC9+t6fxvc|KNicSH zNHR}CclQ-gx!X2ZYjv|OO2|6bsL1YP8oM}z^Qc`zhW4S+7FBbC(9Q414yPvbMsYQT zANBmkTwa#>>o^1-(s`tZft9*{UZCZnJB1uaEJ=0__6-=sn(xIz_$3Q3_^!Wy_Xxr@ zc^e{Xx}-}w6suu%q%7cf zEA$d;U6d~se&rA@)UJg4l>$FPa|R5Tv1a(p8`{hsr$=yW)^n!G}=<`}D8NbWCf ztfgs6G!^%{;{1gaG0I;N1mT}@>8GhxaPlNGDQUCRe@|qvDJ4Va*syajh;p(; zPeAjqm6S zV}#L(H;xWLZbz?rs;I&+=mNwsI|ife3Yoi%jo0@Tvj;mdsOk0oDa_Hg0F1-Hr;!Ir zRHo4R=5l}tT$|{jLz)JK>&l!NpX!B%%MNeP0(WvDHAJF3g!JuzbB3XlH}*=psg1tP zs;v&bV&aXf%|0ty5aFg%s+mWLb)wSkq=-An5$bs-TGlGedU&}HJWt~6@?}Srt^rtK zns{pEq&kb!2uTLXC37(ixzluNBXZZX%fYH29YpSVOOEhl;aq+I(0sr~(8Bk}h!L-g z4~dft2qv!fo;(wSqW3xJNL`61Ggh2sdP+B|W0%nIGY0DN9Rhw|p=>2nt4?imXt224 zlnG1a>+9>v*qAs?_N>#mTepLs-h~THmfFH=5O8y=35BiHJY~mg>eDg5d&WBn}wx53cIHxS`k(5H<=Y`U?owf_ZP`vKq!Dx&9-6WKZ z>8@&--TL5E-m^2CYm|$ms=dqB0?z8;sFb%&8zjE2v_9qX=H08xhptXvy?bFy_wL() zupmmxzymj&A258u>vo5`3Sss_=}q>`Oq0%wa>{{Sy{+au`VM@J3(s7~Zf7K747ldK z(j@Uv&6OC*L)I9Yudkcs_keo~B1b$|&tW^=2)3q#mw&|4X`Gfdf%RQ%_z%u0JE;wg zG2ozYk6>lnEq!igMm__?xV|#JusqIIx&3=6a*1F&cbL};oKZ)?KAwa1{SBA1BFA5G z!2()-i(fe!k*7&Q?&fEs@4Y1I)fQy?!bS9At^gu3M(F%(?m@3AwvhF1hZ?~r4@`hk zX#K?m1Cy@Ogy(*S>%d&{9u6sukZfl+DA3p-19Jg*L4U|s-4eMMGgtzc&<(-ijd;bfw z)u22G@??OB$L+;&cGLtOzV{hWd>}fR{Q)|2MhLn^WMJksS4u_w-2GmQFJ=fAgZ&An%j-xG5O`j$8VxNZ4_Oei>-^JzOD*q%S}H@E+Cc!~4&LyQVN0MLl|Eudh78z|gHj z94~e%0i)*n>jpC>Wp&rs-08+&l{=qlIbCB^wPy@tV}z2(P8S?Z6-B8hxB-<^C)TpBLKQfR68g?tS1g7iiikK@n=es6+%Vld4)@I z1i3mKRA@%3cy~DIAbf}J6{w)3Y(D%cyQ)=vJ~I6d!I?7TRMjQZ>_FS1S}AhOArfpD zU4YVpB{Wre#Ur&HG^cA$7wq6UGq9?Bu;zyjWIW0;c%74kId zGGa?RWZ-r&jH?OT{-G9prO zIU+-W)d+J&LPpRr+j=q%xTRGT!DGMo7z0)+`ySp+lUJpV>RwCSRQ=DoIRD4q7H^Fj zqJs9gYZ)FM9s%J^nr3m6e}M`uIGjx6_5|ys?r00{j(k0d|Iw2QzBvZ)~l03Pv8GNGR$$ z>L&#mMH;$A;5egH0T>@Gj&@LI6x^t#7)&K`v%`6S_!Rz#lmyIq^@7Wb9F!-~*I%T0 zdKAwf@&aS`?*M<(dM8Di{L!zpY^&#o2Amfkt6dERUM_V%m=pi3mb@++<&wW6Ok(9o z!O#!ONkW*vbovXbP4%GDGD0AL-675NjKoK6@Ti|+_P(+7XMtoI{xjzD^cUh)@)HzNL9L|S_wChSL^si{FAO= z+jB~Z1@Q+(C>See%|{hB3XeoL;av_7N0CCVi>t{1OqK)(5(}nWLT4C4y7TTOZ1Icf zzxB*8Zm01t9HI-JgnsJWAfhM@*UO9yK95K_yfM4(gGD!|;sb-Ij}+yw4A!)PpFLd%96$BilOj* z3W(jtxe$6jLK6YZ(DIl}O3M%$SAVqXCUE2eA6=>fP4}tdJbY*sp(;W=%`9iL2-R#^ zQ+3-L&8pd73-N}ormw0Uo7Fh2)?=&YrfQGm^G)JZt5lGE+y*}vjcPWx;X{z?rIV%d z%Zqa27~r6>IEWa#_l-|4j#PP5rOekJkMQ~zjOCiSic#!jJ#bp^X~oL+g5q|o(=GYG z6@_Y7tWz+DJzniq;o+~FD||GBoKt@;nQ1G{nm-c^QhN<5dKXgi_RDG6-L8|SDJvzB z+7ZP-LY;UweW=KZPJ%6vp(_d2a1mj#D{u9>bR;4FO&^@)aBSIV;$sag`17CicY^L= z5PDe7(k5VebXX(uAze})0tx8~(+Pm1r325DUvA;=GfSE+@yBjnFJ+n7ONvo<4&gUl zBs}7e8T%-l!uP3z63UP)HNA*}?4vszB&LZWNlmb;C^5r30BMpr`5+hbz_uQbMq}1E zcC7QM#!b~|?Ww!%x2!0;c>p=p>x@@=gz2fAR)`wH7>y#M&q)8!T+`Pq80h#r9Dp}}?NBe1-m9j9t%{o@8h$*>N zooFsJsyI8g3cw5yvpsMwuKm)d6c(fp(8Kc0aQWTnSRja6r>Hq7Jpy5HZvl_l7h$42 zd=RUrHF|-W;BtVK;^E*a?K=hPp%@UH2T56=jwaAaW6S^C?dqT6(cr`Fe~C_tFg~1B zQ_$d*w6Wsgdc9dkA)zdu!&T@|egO!t#Z9=_Wf({{=TOz~!^<8%pw4{qlXDI6*)n#^ z*FCF}*AMUS0jqVplBXP^uCH{Go1T*Z*TWoCX6@{hbnijPIt;I6Lf zR6k_N1`h9(paZjq*L}8d1ScxnA%f; z(09mly%KK8*A+Fkw`~$G=5Q3W^7{6h$;7oX!!;Aw7PpUb(fVMYE&?kX^0w-Sw5jyN z*sV3$LgD+UPVJu`n71fT>h9BWI+R2BQ-vPmmEg-CernOr^_K9E%3qf*^*U5}gYg*p zF-Ug4y`W2AW^=6U@e5-;et|h!;FGbmi-H{kgxy~DaE@Yy;3k8Wbh>UsWmAsr#aP4o!C>Z3fdW&U0gB>&t5%LE^%8x~;n* zQ~yIGE{}se-GCwRO9O=Z#OHa0vu?EGxNqly`#}WQejgX!i`~I%7xG3wd~Wqc zJ0yaO-!}GF_7GhU_aY}`EpXj+KH@kNBvzbguY>M{?P!{}$sl~hSBpwAMI$)Dbb!hX0@GIksh#XW9Q<~HzYXt&6mKUMo)qY7z@<9VX+m{+mn7BIy{XB9;2Q}Jz~n4X z>0xi}(6)jbzng50&hnU==`ZZu)7WQfq<3LQ@Ejcy`WrmEd$swSTy~;~6?{%#H>DU) zEcs4o_WpJ)0UWx{lt-+L-H5lc@_0i9kkGcolqDbm)%6uwM2QjgF^+Q$K`nFZ|9P;g(l5ZwN=6 zBc&Tc7w9E`04%q#=Xt#o3-7?Rb`)yYDQ$IQxppgMe_FxY@`|v;*u)H2v{m<(g z(x5_?BkDJ8Z({C|@SocUA|>y>#&Jd77xH)b!|L0n1Cp`IY38eEj3PvGc#%lQ0Fpb9 zaKM=pu%G*puxR3W*H7EemjSVOobBvLSbz&VZx9l&DQ@N#BCwbuJ>>1+!qp`cGz_T3 zw*s*^lx##kA}BE0@Q*hlLecyoApsCv;%_n&$;q>TjMc-zy|zc(fhY7l0w1`?+My@N zys<~$i-r^2Jf+9np(pG-G9TmNW?(tcJP)73fhXL2x(pQJ|D_%7FX9${ux;8F(bOrN zfg~WiTqgKt)>MZ`{ZTDe7r3-Lq~C)rZT@VJWcbH@+>V+Jt$IlLnH@>d$G*E=W+~mB z`4O?MBv1ub@PMmV0K>D&45O>^zPrQOUF5|nV9%WdY?gES&SXy6Z%kJ{R9HwS26O zetmSelL_?uA=$p+Ca9)yZhSGsX1_=-blDa0lvoFOTw167362k=6|)ITbBsAV@?+c+ zPG;KUJp%n(XLrH!g1uWiy&%R(Ryuo+rc8SBAPk9gr!A#B2un(#tR4aTbdNei(E;D} zbPLF^I}tDTMkJ(t@M53O8I>*{i<6+`t+s;nXn52yU2B`t8?^Ux-}W0}Xh(m0^$a`h zPqTSz4LQ|9QO_B1{qOR+$dA{YZqQwAby1}~dky7XO$&442o3G8D#q&rZugHTD81U1 zbn5R#_&RL=(&z=xmsjliPhB9CZYmMeNAL2VNcOn|T`QOP^XiZZjCINCI?Sl#w0*@+ zw|ZVu_5LYp026xs*6I7^x=Um(2YxgHPOgKeS(&rVYfMX znE-C%x731lJ6H>1Xm_w(J<7WH1l0Fd!T zlRQ1>Y`qufxFC4ODil!i3(9xWUrli~n0{LLoRwNbPHN;n(7?i%2NqUg1Rwm=O#n?Z zY-Nu5RI@MD2^b7SjIJ4HxvAf{rNU`@zCCisXsm)B$STpqo@$R(+xDn{cJMx2Hr}AO zx}ocZ$@~>`_-Y^wuci;i1_IlUz&F7nzj!G3Fix}m;riiSdNEAMI9T;d$D>;}`sY8G z{&Mq?qP~Sul0r!>3J^i$_N50iM^w|dR_|t-LEgz%_0$De**7>atcj!~N#I-nTd;BR za#LKS?J_@$v_TQe-`H7(51i;jeM$EV;q@f%^DNBC#BU(G?8Df)tEmLJG}gdsXF`ot zFzSjrHlis}Rt*Ut{O|1smn6ze?!38uOoj4|FQn*7OL*G7oW`R^ z?86(h^m#vwwK=@sGscmAYO^W#Fy+SK`by#vqzdvPzW~vFQ2CCaDW7ztHh34HoDpzaBToH(_aI~CZP}B>eP-3KFEb}rsS&n zrW6#M2~!g5VuCQp`bhrrKHbl5+4Rvp^MrQY>lSqE%a4`8*1#89 z6Kj<~1wJ}0cs^t;-MP?vQcF0?ks;^9nLR~RMiAV5bY4TZP03j9c&m9ZJ5P%qn4u}atX}zceVGwI9 z&O_2-a-u4WjH^zO11V z`hLLN?~^ZDwzOTJ`P1N6KhS@D2Fk1OMhuiDb5SV>^F|DnCnwJc$I3rp8!Auq^%V}4 z`Jq%SZ;uZZfYp+!1sar|4*Y>MsKKhp_J=IAX?|`8Q`huo0#kB(pgkZRAOC!X zd_8qA_HeqcKa+1W`QY0Mo=Kmb|Jy-~GX;#hQ&r%44t-0sy2 zp=|6rJ_K@SBOO0CCvc0#tAWkSldu8tL*{q*X7>Tz@AVb+`?m91iV`&9@wK9N@?!G1 zKtTjvTK#*dIK;oNTDjkcaezJ8tdt0v5~!SX$6P*8Sixiqxf0-^guJHUL6&Ch)B-InVx=zxb~LBF2XINtVZv^x6fZX57>ZNr-5W4oCZ&w9HNEga zgzq6qH#!!AtMC<-a1_UJ>^2rcwTe(UT?n)$quom!zb*o7I1*Z9%9X;C(D@ISB_`2k zfAl@M$VuBBWOvk(gzNZILBqlQ!hTnq^g(_nt?V>t2g-7IZ~X-N&am+rh>_lG*Q|M(CBP#?VT)B&} zV7#dl05iKi=*0l}9%KfkXz8$GQh#?MpbSD@Lf03S)h(e;#`v^EM=fb+fZdi z0>CNuD%!&&ciVti56o4``K)*EvVLCrTO*3?c@zqe4agMYj#x z&TM2*hM`HYt#vJKP%b5V0BS`&YlbEGG*y?>QnoX8XjRO=Gnhg#4?y7zQDLf3LjsHa zmKHEjN@;tsGujOAf)QFyp8aer%=29@cTO*Z5>8Ly*d&d+1O}H%+E{HMhH{KGSUyzk z1`F_TTM2uINF*T61<>wniD@B10`MYtyXZ-EzapP55s;|k#Ua;Nw~}7rNJ@4s0Me*F zQ6S|rfYQFSOeWgmJHQJPG+Z0l9}fD}_YVtKh~EISb$7=uhTd3 zn`wOULPtx>9Z|q&MvLk=*i6@|f?X;m*G`BFk&AT-s|HuNTJngBQ$1GnM2L!I-F0YE zKU|}R9|zbMv^Y9ceURH9Dlx$Gc@W>oAJ{HvaF?7X=wEE__1#3(cxhM*+8FDQj(4FG z@o+I1>T$p5vEbXK7*q=ty)A>k_Fluj6`VgkYS-# z1^P^oat0jCx;{*AknV+l-&GU!;+0+~uS7#_}>~v z2LDbGsVMN$)br_9tBGV0`~aZflQo3QA^gR-gQ(3U; z=Wt#Vxr1Z{ZJ-=+NERZ=K8NAUio5VNEc zwP14s08S4bRIntCJ9$H-4p;m6OcpL?`8B2G3r{W<K;`(*`eymS#U z0^C2yqQDFxdomBiM@4wDHy;IXTjVaY$jqyx9IW6YA(0e@#C7v3D9sHppm)w2L*9n4 z=TM=_P@#v_8o#_Aq5i;1hj`fzadKSa6gkGIbB)lybT-1k$B8jnS^bNI765?9-!Le% zEsTif5GE{yHK?lE;lpkNyMbmpxuX7@!usE^wmjaa*HK`PD81?DTX8>7{-vLL#Q(a$l72Y%6Akh zwY0t-nm)zuU_?>lB70jdjgU^G4SLl69Y6sWwW##WB9B`LT zWPWlVyKEb922q+Gn5=;eMu}_$5o5s0SC}`WbQ)2bR2a@K%iLX;c)KtC!FE%i1q5pz z%NF=|w}Fzjsqj+%VU_ATZbW0KK1ZqP#g``E#Ul=ZIzQkxRTI7X(M1aIRdD zoc}H7Lp#E-c9SkJ<916hVFgc3;1pc7IxOO>j3*D%TqLeKRWI`KDZNd15CT7MYt#ok zO}}nj9rpdM6=f8F!s4r2(sTrmy2Z!G0cv0IucSY4S3z^+)~6+Ar8|+Ks4#$8_O^Lw z@z+vdRDf4k*A9hV;l(g91ygh<;LKQWIy!MB6WIqFYi?Ak5=1BP)BOS7@Megk)>ZUT zi^9H~AG5DM;$6+j+zCx5wOo(iNBoE> zTXc-F->QFS;r5vf5pat5xuDCl5GD1M4ylQA+VD8FAYYNFiCj?6AWrtU_JsVl zsh_#w-Mfw7L-6s`t7`||sU>;^RLraL(D0t$gY#12E#_Pu zVyq!!lCwDcGcvj#%!jAFTxLA!WR-bPi8*DY;4Y)p3K~QWtNw3 zZFr0AZA_lHMbbG>T)BG_vx`Z8jTaJse}02L=4<12zpfwi*O#^XvcrFKcC(HJe{Uc1 zAOA)g%okK+F9YUDccPww^JZcD4*e;|o^uc8I!;*^im>LFFXmX0at~42jTE&Q%L8+L z>CT~ioar2#p(?Q1G*GXZ#_(SLP4o%nz6njt;*oP>3}8=`T4pGQUy$Cle1lP)Lk4hm zTg%{uaYOC<5Sly>8)O}h+ji%NuYW5GWkKHrJ#ef=$(;r5cnm<`1#!;mxk?krM)-sF zWon2y9H{n0%%3b;o84F2jLIVc*`eQ`dUy0Q?5#;)7N~IOA+Lafz|^Cpq4f|wAPzY> zZ0L+sQxkf0D0_$z?&>6pk9s6YdsNdk*wkj&P;wyd>KWK?#i*1&I!&<3T>_ z3Lya}17Ov&@SLMD4}&MpltU+z)rk-KNKEL>^#^^rQNZrVhI)i1V4qE~7J^B$e12=k zqA;Jprf%ShWFW#>`B~he`_$7O^-Lqf`m!4xJi5u0Zb!6u1W8CQIah`QdU`?)B@XRwSqrZ9z`c| zKzZWt-v_p*^i{&pioY;F7VfA0(0`P_-}2Do_XOdp&K?<^D{u&_%pg8nYsl^-2GY`h zpHUSX2z&bw!Fm5`MM(_(LoERRRc#1Tpslf}KpavE4GUP~*Vx`i1g_c(HbDc8A?80< zkMU1kTPtzL_ha}A>dZ*c{p->#^Oc7Z?t}y>qVoZjxPhpb^qc#>sV_(u=WhOQzWwuoUcC4YhK)T4eYH>N9u4{=p@=@s zr8%86NHn-Zr%Cdj07pf6|1OkH^nOCB;fL9sUy!v9c@PY`p5YLNtrwNP;B>Zjr&)qy~ii;jM{utlrH&aeTiiB_}#y zLFB|iWE{H{=wIEoj{m}NU$3{lXus7vz{nzV`>9csC2%c?pDi?VBkNlt3i5D&Vv69# z;(k+(!z7QL0S;{>+bSpRKz6Lx(+NN7%Y9sE`gWdjxzPI1KS1tennA~8!0H01tMn># zfzL7Wo_HhR)3=X=aS67w%AJ}h;O=0S@q>^64VYdT(H14B5{1#OjH^ z;VcjED)5^uLV_+rQ=tLfij()<$po>t(M>iZ3k~=2P?`t>Z!bs_eQW=wW!FpeY~Xbo z0Vn6fMud*xazZpY0I6mIq39rOL${N)?qVL6?*S>>mM_(hQ#?(!w0$-l6k#b=_adawG$(Xe)(KF&d>iK_6fzKSs0v;jG_@@r=-^ zjIYRNHa=tifB03vXU;#4{>gnD{YSk{>woan?O%QvubHyHp|dZ0&hhdpPmw)+&cTD* z`Q5cBFmL8`ogHR#p}o1Y_C2$b?_xG3_`7`nt!XZM*Z7;4$aAig+sBi!mpm+~dk!0vTl|M$jFJW+QwhQpcKE^}6vmO)1WewZed)#{xTLu&VoYcu?5mJzmEE=R}uAds9p*RLG(FW~*(;E?L=A ziN`*03C<_xk+*(0&-$%gAyN=ZtL6u-%3aZ5pKYoppt8X%YaL(x(5GzXb_AES$>2$` z&(G^ZgG0GBrmW~;5^Q7ZPHV!R4QDf~g7@7m4cd+{nRO)r=RG^cE$Q%_f`49ZviGzt zluDP+%l;W!qo2ANo}RHM0adA%sZ7(nB@fLRQ0Smo>jb`BM{4T8*ei;WoMlno9k(b> ziRCsT!&HP~lbrg><7GzlPUG#=Gn<#m2gJU17{_Z2^x@ zD=yA3ndT99!%94u0I?#fo0^?ee{^R9Kg9crgQjOnSa8^&F@>C`4$!_a*MO1tG!M_h zq)|N`&tyWoT`si6OIitUyh1z`}?=WKU?>-LhiIEH-B68AMU2A zfNWz?+gQ~6`q3>drW&D*cISuDYv5aI^c)JU+JO|q<6KBvYIN;rr|+qMn(t|+?P{6t)6v&B-N)3~Iw8LZZG8VX z`MJfZJLfmu?HPMA<+}fv=T^<|2^!y&Nm=N=T=pbWiZk)69X-G5d1dcJlh%iE0{3~UbYSx1WS$nNq?rMjY??HIfVVdESpba4(QcDBqtK6&ChI zK8Ul%@Y>zuH;SdEK=*W%mId=0+U_vgl^D`Xb#O5KN?U8Ly>zNbH%!-f(_+ldI7s`l zO@ii~ttG(_$4W%_Mi}wE!e8fihd&vTvRClqYEQTeI{*##&CjTO;FpgS}>2&f4ja~QjXRDPcpscVHB*m@_67L7Gfgzd8~;q zz6@jf^0~;l7OcYh4dw5%43sQj1T{bsb3I?g1lO|BvR_z%ag*RXEPR3^0I4Hts6f48 zJiN=9%Wfh8t%U<|2G1RC^e{on-Ph#e2IOCjD!wh)y}R*iRPvWZ6T&1Dvo-6M-@j}{ z1o(p;iD>Xhc5S9S_UMHcFM_i?HyyT~O40^)6|o28tLYA@Mc3cQtEdB7fV<)7_;V7{ zXVA_N)B-q)vc6p^e;IvqZ}f^6uJ$x26qDo+R>wtJk~WUnoqN#+w*#f)MF%1t)6G2C^Lcg- z{xKOG=Z9_MaMpx%?lHabE#56QhK6aYh;T`#wO8-m|`UJY!{0?}xAhXOd`0$|1HAvZW0*_)>$aL#1N!d@(?MuRX{!0_o zdlGS;qBxa~N3%GTj@bcN%ko)QJ9-1y4{l06gJ!8PJI4V(lquSB5vqSTlbJ%3F?*60%=Z=d^Di&^tSNhhKpO# z(Kts(qb5Afo5RnoL8V`=A)ELctYqV2{uIwazi=*mmy9UK?imhQn}T;Y#O`m%mvwqh z=7OEg050~0V3h|$lF@s@8RA~iist~LZpP7@ zqbWR0a)Lrfn_~?P6s)s`qXC%z8X=%}abvwcQAa8>h$Tn6qll7l^xG3Y9Yyr#5C4gV zVIaAO2~z%339$6HM!W7GXC8`|ct0VGBgpn+qMzSCoz;A`UKkvL$_4$``UX^X^;3a# z_V11VrTM-v-xu-c#{0s2UqtYW;B)hRVZJZi?|-BceY&VBHjxs=^gP#R;VgQKih2d$ z25IJ^a3?6xW@%;Nkove#LxoaHq0>_yPi$$=Y^l=?^!`b^nN0Yy5ANMBzW&k9zIvY$uAS->8HJ=kN7?+<(_%#V@2A z^@3*bTc3R5T+5RpiH48s!Qr8V!qL5;6c}bw7FB2REgDVZHWu`KMz~_Jp=eug_rr0y z;JC0-R&HQ?Z|=ooZ?6JY>Ay@58tG?g=CGea22H>~n#&f4hJxM`)tra7LOmeyXkVS5^5H)YaNUcxD0x}c_gZqs9X?VlW(0R@t zdqd7(^D-W82h;=22=k~O1jEm#C`11bO<(+m1p+9OOf_SW;vrsV0>KSLC=&(hb_|}5 zGHPZoWZ!CxGthSzpcwZZK9Z53f@C({SHq;OykP=)$dBnX4r|Pjc<3z^m@tkOmOd^< zjt}5bsJi*0B@e;wR5$(7S7}pL+=PWMlw69i9b+3&^3CTWJs}n)A}&ZQIv>MFb~JhK zh0WDKh9W(U8Hk@IRym-6kZU|{8MM+)#Zq28l?xeCg|dC!PMhlMRpe$n$P=FEI1Pp| z97>y~v8h*_Y<}{N!>%~fU&XJut!52}@0WfkIovcG-e0-_CF5ZeV8-`*@5Az|94d$w zB4b*#lwoAFF!yqCbt{~ zt~(4j%2dIsVu;=gSCDy=1f+o^X!Q%F|KXB8VJ8cfj4Ty}z^Mz6Rg!)X9G6k$U|vP| zZ?)f1)4WZdiqlim&<%q;TFoCy4mC$#(ooE6ypLy15YNOFbKk4D!N6%U{K}|(BPESX zhQhAINdv)7dwQK@*k1C5qWN;Z}h@G#jKH5(|;il>3gtdk^|Qe7!?-E^HK~d1KqQZQHhO zJ2$p%JGrr)FSc#lwpD+3S9jN-R;{%MXY|hZ*=Ij*04fWpf)pUD0-Hu3v-)ko(79&% z=$W0y+F?EGBMmLy-(*;UAmi&hZ2b9FR=+)v^Dj9Cx$Mr@$kE_t#SZh}!(F#}xc|~Y zy^lAF$zPBCEBdOz@hQ=Qw|DjMkM`~g9ZkpiJO?n30^{G!lKNPmc41@4r9ozX- zz5iN`Sx=}!$ms~_Yy4TiH#x}LP(Nr&=Y2rZo*DLtf1Ya8!P0lv=*qEDg8Pv_4g-oc8;Es9e4 zQ?Jh={(XUs*p@c5sdOT0LS(iRcojBZ?#00ceA)YhlLB<b~)& zw=Gbv?vzrugF60xw+`8pCGw?sjR!B(yl1TTd6F$bBUWMr4xxn=TOZ762w#mUA4CE> z`=b3;Q(avo3VT^gj{j|;F)f{4>w;EWRVh=gtG4!QwuV>}5SZYu&f3)(rW%w=!vF4F&p^@S$bE_jeVqA4EI;Uno#UswnMYXtH_ARoprUNy9)v{6#A~rUD9XUYKkm<$ z2=^k~(e9@SDHJ+K8${WXbDN$u76+=S$0OubPZN}S0~B*|3kgy0St07(&@jn>^n~E} zfjr{}%)Ccc%Ea$ec8qWXwPg^b)O52jbOYgJmVN~TqYp=@YPWY>)BxMik*5H3hJcCf zj;8=E{Sr@FM7t{*L@<-F*##p+MMD@^68~>9*3cthU!%q$a%ELkO`g=QT*KIOMv~y- zYq3z9OU5VYG-0;;3XGb}wf=ToS@F7xs%uQ5e)6}7-0I5rU^QF;W6Ytk+d0sLrx8)O zYATGk)NvIsyKM>1;U1>sLDMsY(uuFZfU?9C}Zm`Pah>Au%u6w?dwF!Fx z4xw9D2BG@G)oC72S2N5;nKF?QQ5m%>`RZJiH1dquk+5>i*^#_*%tobPvvt+_q*#F1 z$4tCN$gx{`y}~iH|B&Z64}D-6gyZrzQDA&F)wccf8T_cv}yc#-I zBOJj^RH0t&DMUo?8Wv6Jrtv=~n-*$eHo)^r80R;G${G$6l`fyf`p|gQ^JJx)JwqO(_rj)QrppB`4Mv>g^DJxS}KY@eAkYO^hp8P3$qyjmx$&#CwGADM&c6U*yS_Kx`qcKc0Sr#5;ieZ16^4_zdF2x%ny z;y)2nY!u%<2@*edrTSjlSXj^}{YQ?G^c;$e03RQcf1^yxnuq#NPP zRz5+$6CEE;C|WETKQs5I4cZ^Hwa5aS;08@9pNbp9uDYYdkt60ggdRuGsCn)|f4{UX z=)hQoDD3JHvVDx7=pcF_KMd z-s|;qTTtI=cr6d515@0VsM;RlG}C;*5M)y(*>sCkDRcJawYLl9VTZ=XQ`Pj>k!RA} zR5Vu&>cgn``$0;rO=Fek%14&4=VwqrTtP!VOUb&s4ve-J|LcYU4?}FQC6n`gbXwGp zM<|pN&K+T>y`>`;&;vggDhh&Asz=6$=1Ch-_z|7osVNU>?=z5=s!IveL1p+l^ogM} z(A?o-=YfByO?aU1TeD`8fdOD<#|p3(`6K$jl{2|I3)f-6`{~1bIg@xGZl!?@dWN=I z=!OZbdsFv-)PAy|70~iJEV4*XC)}Y??%Y`&QfS=yfPIst5i3b;OA;7fa&zi>@v88( zvbrb=se&ks%}mibdjgneAsf8GM6PyBQlu|f9I{gU$8-Ls`Z-nqr5a^gk%F$3&Gc<} z9sZEDloCH0v~PoR+niw`xZ7@GpNo)%k>Z)H^YuuO!)%5KMzQU5`#THz8N)S=g>t1F zNv<=alVRw8NW8 z$s;Y3EVfE6+~@wYxknq(M}SW34=0P@I(1Jc`c|qm>8cSyndX#1mA7iGv3QT9$tm-L9$j~? zUo7{}kl-7e8;4%<5;h({Becu{;dV{I_EL*TaW z)?X=zZ-Q`M^KJYl*f@@Ve)v^XoL@FYrsTe>rewwBWW{7sZL?R5)7KiH)i_n|x`&Q_(i4=L>e3UNv=6mRoD$N7I&Sx^($PZAD}Wf>_owjh zl{BV%A4)F(pg7go<)XrQ(M`;pe1n73Pl4uy3I$Mgceed1Z02Sd!4us`$pW$8M$T+N zbdjIJOIf|4+A5d@#M6BQu*bPXICqlXj( zX+r%la1L6jo6jSOEb*Pgzk%B8JZRdCS#w)-m*t$Z6U%_KU;acr&d&U=+jhTnv&nT( ztdZ^Dg8>!LZbCI9h=fykKo@8}2bZ7e6_=DQM^>&OP^|kT!O!4kAbS>qPK>5Z9FwDk zNNJpE?m{XE=>w`Nf058RywQ_D=srBg{A+ssFqzNnVj*IMuuKV{=;Y_YJv4U@C?Xg} zz37~U3eBQ_k-UwK{MQ^2rX*72>iNqj$J=o-=^U|m*QMfZ&zbVo1s z?2X-+8L5%t;7;1cj04iAD3eK6Sa(w&2j)_lh{x$Khp=yVk95Wqaaug%oyA7+;AgM$ zVD~0XO@%!o1`~OT;NbH!qeXE`<>kn}1?jWvM)~$&?EJQa348D8!6)* z=+U1d4zdn>;c8t06fm(1(+F0n)VVs`MQ zQhn7jgEYRp>}=an{nf)6e5*YKK@>#r;evPxkbnQkbU^+{*7}V(=SFK=Al)JNW)anR zmVa*~3_>V?k$Jm+VL#k5hP?`Y2J&`lVs=&wVyy4sX&{m&Y8YM|Wk8TxxxV;d1x6!n2L z$QIfAkvF0pX^0i-Ku`7`3@otgW2Z18q#3lmbYF6#({57Iy6OfYPw^L=O4|Q&goi_6 zuMFSL&-(*X5QbzrK>`(|E)!BL-7R*}?2X49!HNrs3l9_?)mO_W*9h82Y1$Qvm0YN% zbmF6667nH8_SW+bakkNSl7(<*j>P$uQ=9h2intRws46 z2||pE;PYjCb3P#BsO!dDGn`;39_@6V7L- zmC!>NtjB?BhP&3dQ|-b|v=tWyk*cZTu2JIAJTFNYI7PEp(4ycm`S?}aELygI4@@bN z#IgX{H65tWF-KT`GB+25r>3|Jp_9|PEQt=I`^&k8iEo?^V)Q(11Eus$wwpyKdGa+XrbUkG*e2E2MGf^VO){#Suq|Yu$JKC zL*Yz}p}eEza=g+68OIGC6VLgmrJF&>$U>1BAkA1Hx;41gW)K8 zaNt^*IcUU$ymsP3JTi}?y?%Y=s1h~L*FJBf!N9Ag0reM~AIlpZ;LIdF>jqQYuxbGj| zcq2x1=FGv=cjdS%4gh775Mv+J6*WdccCD*;p{;P95+fr5nJxN+5^RnFWb5d41kvX5 z63{uZIh64K_*LJ~A_c>k{7{<(k**1ZMbofvt(?5g zR`m^3Iaz8zGN?1pA`g4JkMC&J+t;3;f__3BhRGR`$hm7bdtr0f}9?raksi1FDU1{3e;de0Az6E(>MwqM4^0-MD?qd< zp=$qqY?OKJw$h(w~+e_xA1rrZhdjq2KL;F-dl8WPYa5{p`D=w zXW=ggoK(c0{=`xZo&ERs-+1<_lHp-Tn@D|928J9E$9UTPf=c1Z7b(3uZh?R9(RV2! z?MmK+EbWk3y)6^z%?DpqXa)YrHVpMimoZu%$Le4eOAS$z#njqu+7Iex+eVOqaDlR$ zb`|=oA@i^j#}Q!b5H$zJ^9LRj(868sN__eLL-A4V>-L@$@I4HT-Vj2h0=HFvgF{~j zV)|?*G`#H2wgQ*v2D9rRihaAmw^T}8#3Q12<=E^>_1+TVhCm1O-*4u|14SyLK@XAA zQ4x2VBh*Mm!~BQ%q9?04&g^kt>&;+JWwOg7u|6l6N$5-Q3|K!AykX`+X6r(-@GwrB zkIP)4F~^$8F!MFpz?Z^&XhCG@Ba}0bl6=TXvk|J{FB%6eV^AUfEKqW3g2n}jW+_3b zR~1(O`^8^z)6v;>BdxSVDnGO|1)EHYv`E4vE>vnOD>~I55_<&dWs`B%FC~}qvLmaa zcnndUA0<^fw^C{`s>Xlp8mZdHMX89Ws?{0mZ8Uteq>qRgI_rKQ+n$I9$Usy@(s6iw zH^fyZ2mFYrUSPim6g~C)^~&jdB`#VFj26!SPd!$SP>=B+2FG#ehht~ zRlJ3LX5Og*Fwg;eNL> zUBb)_#^TAuH@1EE#SFW2^9^wMoWe}47aMcz+Q^oeN5M<(md6j6mjO0k64|4!3^O&zi}moohXRsJ656&Zs?qYC^!q*SD?W1;Ri5HtTc!wv!{>O?MGQ=uOz_Z z{aS;m1~&R@=@paaOQPiw!bvde#;vOsOxs~$1588c%o2tMIjhRhJK+s2M&apA$? z86fa$e`ba-i2D zSKDy?@PR@kB0e|OAlaXFx+hp6A9L;+^I`7Zj1N)Xk=?ZJKT!JXcap$*n-m~X^^Jx@ z6+%q?vmuM^{vES7Yr156^e7JYM$G-@q+<({NN==41R?Z7Mzv1c!Ei=TP!YeTX42YR zUD>4uj5|Qhd1RaT?IP!B&xpN?FU`|1N1rbcWRqXB!xUI!_yl2~SgZodMc7hy;s!)a+Ks^6|T z%mo7R?~d$1<(pt!>vtL7A8`hVF;?JP`H~^pKshvz0S_-`sfb<22j|UfQc!a4!qzer zcSX=5dAErVmgjX@0JDdE8}$hWuK)OTS>ZqqpI~XkgL!NyvVKq4*o7M6SEEhLZ@?s$ zL#*!<@GePxqqAO6utm;4!HCs49865Cl-l7vnu_b>X2M#p5vz*~Odg>@E?a%lV*~q- zpxDc{jNUMkst!YaBwlCrFHUT>?EMtv*ehuQ_()M)E%R9xMDZYf+;t!;=$~qCK#kyB zf(8e@^l$YDiCXtc0JCoSz7yO(`G~SmNjjB7eJvlB?`sCdl@>c7(r+&TW++|3;~zjj z(B48zsrKz$&{B+jbmK%GNJ`A6tcmXOJ`4JWM#7@>w@jWu_?KviAbB7jdEEz*Hi0P~ zjSpg>ddDI0y480FV{=DHJQS!9JIAa&$Mq(wlW%P>{_~Jkbd`NO>k6gQMzBi)lL^N6 za-P&VHdbWs&+;lX4=`sa3pEzbVl%f1>#3hp#bY3$;|8e$ySh=;JrT;vGr!z}w$k_M z2JKh~?@sr#O!>sU-an7Bkt0BO#p0V~SrNk3;Xm*yve&vAtNH z1%H$kz*=3?f&917-H40jA!4(W696TML;n+i63Y3)5$MDxQWQy{KaZV#8dnp&*n_(h z_u>GiPGAg~>r#)_g@lF^08bUkvkgQk7351uXow^iFx`RF?HzTqZxX{;FG1($M+s_d z4Q2?&glT6p2Tz`hH(Y|)Wa7Qn9c<)ZP879gXc@mr@>U3<8N6>HiWnK}EgoaMk>X+i z>RKmAa^%h!&V-1KXoM&TbrOLdQhzCoWQ`hks2aKX7d`OHnblwd++ie~(J!4nJ@~E% zLG-N~=Exm;Z&ijh>H-J!`5Ab4;KP_?xG(B0q3M7Y(`Xs?EXFNqu48Mp7!6!>aPUk? z6~TlOe!IS2;cVp}VCQ5vcPgY6kSGW2O^nG}4<>EN_mkFjH1HMTM#5Ew^<}FlQZv8p ztpqpi8~DfdT2t5%Yr`m+xuUrz&3%@>lsTk>_$*0lS9-rGPlia(SV~lr42wAVAJFxn z(-v%S0nSp}Fcul5bp7T+BOIPib7|qt7Kp;z@NMW!N6>z|^P8;SEpI()M>8(B^+laW z7+*ptD6B8=lw=&C?N@o@|QoC2l2>k`#UJwAoq>GHKR!+Dpz!b^VJZKD7 zbZ@O_`ZO&8LSNXg+EDw($tlj^5D(g&bsEHRqI`@pz`a|vlJT7oEA z#xIZYRr&5UD2UA2SMQ9&@j-Fm3v&)U9rO_lw`U*bL73>!pRj2$)0sS}%tR=y;vD}a zNeL6O@4EOo1tkClgugK83-5zJ?YclKowwnL8+ogmqu`FG`=^4E+ekYiFQv$(!-MsZ_!{E!ItUqzR!3=0@jr_G{Dyj>NQEwqknQr%^{)5S5pnspUFWua z2Tq`=IrHm#*X&_W_UCnnaFTk_`q$;2LStUnl= zH0bkH4L^AiH#8UJpZC&!+?)b!eVhK;ei0C<_fGQQkNncnNu+nb2{`s3@BR95f9?A5 z|KRvqalFtVkN|CG6y5jr(Xb8%dY(F>5>wtQQd|SM0-@3UMBA<<_*v{#LZWPFXnuDZ7@IB%qPT}~@ zGQFPb{NEFf2(A!fSm9H`>w^B?fFTb~ zp*V6ROWN*S_i}q4_!Xkx#=ZIs8Nn{%1AJil(1AOw=aHhY(}*+rZUaJhhuyyTC95&8 zfWfLz$r1OA3>D!xS*b6eivW~_7-(pc2YCGocnKHOGjUvo%vAT-tk*bj$Ex&Fg7FyZIlZqSSryM&%YfFog%-{vo26`Y!fWtEc1%`Paj|Z9P$oC zhI+9{ad4dI5;QtTUUS9GykoyJ-`%1g9j_o^#Q*dvARH|Ef!k*J>G>k_$1+(t&=^EZ zEmoBYfTou^Je!)`^nPVX< zO^1iP^C0j9|5Xq$*X(}vqaxYy8H-|o8rm#HadTB;GFXnO1aS2QPDwrurAxiN9}GH5 zWk6tQWG$cu^Ol7$*>EsE==LB#u6JP4myUA}YUaYgt@RO$xPeu1748<14OE7>oQP!d zzFyu6Un&)*S31%t5aEEvu;rf;Io#31`FZ*nU>RuC3f-W34g{ifU@*#Vg(g{<%{r0H zd&YIGF&iB7?%n$;shSOHRspJoYLgH@rl|f#R!pi?LDG*MCWgk7(ekMGF=shb7FSlr zf{sJ)>!L0+`4Ptq@ra(`dqVrbU3|zvd(~8fK9@k2nZ%^YK_)m`& ztg=k7ReWZS4~K$;HoRKx$u5?9qdN`|+&Q3H8-hw^bH$|+4AV!5#agJ_yf0EXb0xM< zYYyZ?`N45a)-FR1Jt_|LEHUpX{^xbZw$aHJj6}rFi{a?D3^I?eBzf_>!O`A#ypAy| z!v3CwH)V(-{(Cu9in(kWu&s2NW-7?knY5(5-b;dl{AnQ5cUWr%lujkwjJCS@Q&aDs zt8?qp@#uhu?%aK6LZ;LT!PqGu)?hht4{+_NT72W5TC)Nw%=XeX1%kd#H*YS?pz*bl z=;3Aa0_@v}eLUEybC9z?wJ-{UhaL5RkK54RsL^W?nT)CRjIEa!f1u<|U3U}bUm@Nb z6-R*AZRp&pKB$K-2mWg0@bjLdZ+)3?cAfQT%f~a`Mp4gd^NyI>1oU0tH7fp~jy4QZ z2+PuR^jPy8?{Ddy=?jGyqyFoO)B0T+lx$gr4Vd$W;i&+BasH(+&4ys>k0wAslXMbQxqP&ZO{+ zP)a_?^N->jmh8kK&F0T>B!##5ddO*NpX^o1$>nMTqGBfQcn1|{vSa(O1Q89poz@qa zae6CADHARS&~hwk9Ead4vH7)(7q~w*5dNRhK!hfdczvFAb*#Wg`W(SR84Dp)K2m1E zXFj}$CK4q=$_guQxPiExVu?1o-+Zp(QI==cC?h#iqr=^<>WZy(dNiNf!{|h z8qXOtozZ{B*$;1E&$y+OwHF2*8JwxmsA+tm=- z(u*ib%_{J$RWj**^T>mTGIEXUAnu>>5U__}Qu_NRSxcAp>H8vPy=`NExzUh{=(^HCFp8f_9j5grprWv}XRN715*h!f`~TJC%-x z)>JgpQv|4>XU`)Mp`%HxHJu1!ie!ogP;WLU;0o2Hu!xtVNbaB$N25lVrQ>BUGo~ zee-`T6;i|#syes;7f&s-&sFr5tdEZK7QZQ+C3`2VtsGkA(?n^t+5|VSj*BP%EkJo6 zWJ9|rPWGyrb7>|pCQ=Ym2$813QG&|=^B)>&Z_By?=rK10&QW6GE>@e->Nf1ySx+`r zC)A(bE!XDD6HHdiAN$yJZOwOA(DK6|$-R9?4F4hOWPgCwvIUpP6z z^Yd4dwh{UH;S4Z}I-y&H>$XYN>9)$e6qG+knP2+XCyJY%h9dGM-LCq?H+)QXLfsSKD~)Wg~7*s^&4D?ZZS_vkngalJZ6ru zXOf~^6RLJph*gaUCqD`>`Qe^r%pA-jtDj8t)iIzHYX-0BgM0OhcVZ`&1Vc<^+me?e z;^d6`faeK9Ag&m9BE}Qk4aNM-n-~*<%)Jjd78~l5orb_RHAF3t$+kK z5;70i>!P%99)ck~tZ~-~bSQAjDV!t0G=42jo$?>1`OtpM3bC!y73zJp|( zaF1YlBxJTPQ=gS{t5wXwE^c-vSrk6`)w7MxqC@G7>O^$Y%cx~Tx7AajP&e7lVuF<5 zbb|_ze~+i!2K+=;%J?}$X=|Xm;n{8!%r{i1o?AsB&~9B~W<~894hud;;Ah<31cE2VH!vyP+vp!tp``;llv<%u!+`*{$Fv?n8DMfpw$*(uUO) z;P?7N0R@#&0f>F5vKX+jw^7Op&Btm{+VLzp_Z}Z7!!Y|o8U#}FLmQlT>Z?3>$(|-t zp0jD5=|DS#uvk!C3d>D?T7V{*@**`=*fZcI#{W_oe}S#E^^U!%>$I-#?2P`x*g81) z|GGDHtCbpkFyqyCdoHC@&>%4Nv?t~i6O`W}J*X})Yb%RyAa4r_H%4(zwJNbUz87Vz zQK2BN6;s8w}db*yEd}OOGwRiY!x%i@B|*K&5!hp?5yw zVDisE*{Z07WCxp~5UO%Zp1;Y8Kwx2S+T!+>?N(h zyD<}7+;WY0;L;sJbNr9QFsptQ8O?C2hpT5h=^Uh;T)>laM`6C)ly|A2fk^bgm(xw8E~qrrc2 zH7n}O;!If>QLaDNZdxi}{l!P&ao#A+&%@8FBA@W-4bjET1%W+<1AQ9_`oD>sAs8X&ro0GcWJA0^#a-#&2@#A$T!i8> zU0cir(*Sd}L$^JY<49>_B%J8IWrGv8Sc9?QC-fFq`0%J2XBe5EIaGf zMtQeyck8}SdtjV9b9Ec#*q%HbU+rL83_p#ywfZQp@laizPPWH3w|L;+GUv`FA4=e% zzq-M+FNAI8niyn3kyvp>b<9!6qwV({7~2vxBI-rZlOMUip=n{sa34m9)OrBJeHSOt zRa?ADi`R0J*Y3?o|HngfZ{y_Wcy0VFscw74#87R|@sDcSDqT#?Zcn^EXD*2?D!mvF z8jZ9T!I!9Q!=n{oqv$(Mei%4hSffkJJ6TBHn3iP6a{9s;9^}e40nTIS$YZD@xdlb& zYCb)NoD!1^jI;DRaNEm~p(GdZK3E8RX3gBbj|6(W$&B9UGN-qqqT`+9F!ms^-UW0F z+`>eH=P&ogQ=MCBXV34Q({33mEG|Tnf3oEiBOm61!vq%k98Lz@&=+*VoZSF-bpG$h z-r;1VnhTleM9n8zgB1Bg}WTFqISaT-`!Ps+55KM62>|3aM;C>3_f_?ue!GOJ zgZEX|iBOq_Ktd2{Tb>yiLef3q*#JM-bfON1FQd*Pf&jL~K|~;@OEwz=F;t<7D^>1o zzbg1>LJp@P|0pJ5XJH?2Y{)St-rlw|!VTHqJ5b|@A@_rbx!Db3-C!7j-GLT}RT{v` zzVtu~f_?7bOFCU|$L=7T zTz_vm;d|=nPDTAJg%P|IBvV&Pegq7-gW@q9{bYqkx-OAU#es|6Q2M)BBpr%05%Daf z?_))*-qh3Fo;WG;K#0qFZ3 z%X+qCr>xTK6ReR3U@4+8%l)ugH52uXu(y|#S zVTK|sR{k+=lG;m+B=GC49rPw=B#kxENrgD(CFAVFs*p~sX8|#tvzSemj0>nEw97$5 zoe7MQ_QA3}5PK&BCiCT2cT7Nar^v>PnN{dRehzNFGv&f~wB3yVEszm6?=sgkS@I(% zTbcpBNNACpF;w;}m~~WE2c*+v!xXVsj#)JcYZ)xMrS@P|M7A^2rTcj4h<7zall$n_ zk9G(>x(w`HYy|m*p8IrI;uyo%a9N+*g5#jbt)N-mdLm}?&087Lb9x5=l7%m&6-Q={xw*B@AAEKKO;7h6opSj4DP-%*Vv26l- zi;3FD_vw|4CT4A1Hnt>;N`Sd!>LMTFM*T+jxk1SD>hNFv~T(j7voUBCTNXpg;UW3UpM&o8YlVN5C z?E=$d*`jsPM`x;MYb5#iCoF7kH{&4ZRTH~a=pz8OqcmljO~R^R9bPrFP)x(Gl_qRa zDg1oPJJCUy!E!3CZ?b*`QBBJAuFB~=1fd8he`a>FEZMsI^>|6j*M~y6(0w;UN8aIkK8y?w^CO93X7SXFj17 z&U)^IM?-7>$_bMR7Y_ z1CAko7{mCcN}6mr_&1a+Bm&&9ljFZHAFDl9!=wyhT=N5lGl!U;+Qf!89@mF7i*ECB z@yG8jll4A3=qeU@Uq`o;39@VMwRk5yRq+M%$%x_YzF`CS5=KzG+H?}SmeB1BJ;`wO z4}9idGTm86Fje@-B&J62AgwqfWd_)$eXNKl+7b7(>OCCe^{Jp&&#zFC(O&{RJ zM1Ec5kNKqN>oNK8BTGiZ6Nje-<2sEDbPEiyHm66dCGx@2P)5QkFIKc^g+X95?dpDA zQ?(f|T`jQ5X32)G!#!T*96?!V(-~1uw3GDt|2ref08<9ZcVSWazak<=5X^yW1c#Uq z$goK|1Tx7oB(={q(#9UKpe$QDjdJ%3}??VG+#&_*IIgIbjk9Pri6Ke-8eerJ}g{6WId455tF)T znZ>(tdR9u_qg&EGVw^-c?0D)wH|0E~Q9wDGL3Z@jM6tEBF>+`m!E0ngef8UZqSEzj z!mtu0dL}r@(&8)F@}f6#;R^BhAC#T}ZHf!O+IkMUb&ns3%~!#7C1J(CeFcRNXMZl? zj|VxC5?D=3(GS)%T-#%5@hA_;(?3r*iD(!&&ik5jf|L@CB%Na(s7qRQdk% z-y89(Bwwlu#A;ar+u!6v(q22{>d?1e5D}@m#nK;mF|Ch zS^C4*_1)8!JLLahz0@6-HyU7par^$`{%G>e1wA1)6W39PWRo=;hjDf@te~1o=#<%r z>!ov{tc|10<*aif|D(NoY7(W1)ZUF$voha&Mr@7(QKC%DL@a%{lcE(Y4igR7z%ogf#xboxh(eWYLe!j&Somx{ zK=;~(>p%TQrC~s~j^b~trnipmD2sZm`hnIc(P@kt%Z7&CH=PN3o#*h>Y28>M{JigA z=#tp0WFGuc*!5xY1u$QVN5#a4X$eO^)ll4iQcHDvL>B3p7cvx;!2rHq`1`mf0s$4a zF9AjK2Nbl(_}?||JP&eDdkzv0{u4eiyHM1Iv1f*0c+4SB>B+7;M`E32uQ@3r@qb1_ zOBv$IbHb7DzGzOZgyYcYl@$al9SfMzPRV7_*L8zla0~*MRa0XWZlhc^;osv8 zgQm0A;=2VmkTWVB>z}lTM9rX({@X0IX}0t=4dv1zw>m;F%?G*tTe5T zxB0Cc*|hnK39eB>Va`*+NS4g=B}MppFgmuphY3?Z1m1vm`n%vH+QN2T>kNwG6m~I! zNjBl&B^fx=?v*kkXykrwO-AVK%7B*)L(2>GF!?pvphUrtR+3^j9#?52ys&>mg{KFu ztRA6v{#|5SC`CfPhVeqxpxq=zYL1heJ6~YegBZ--<$7zZr{+@xrl$gayHOskZ z3+#1Jsh6w;d%Hl_c{higc@lDkc(ujd?0+#Ulc8^`long)rJCHtsXX^BDUxY_i@L3* zQR}K3FoGi;^@|?yvtCTxHCN2k%rONKOM@V%yM>)LhD5k6HV2F=t-6wg&+n@mWyaIL z&1C&4oiwPPq-GQ5xiPK)I_<-6d)pE_;SQSeTd-O~IM-$6Vr)0ku841nb#PhM0vlLW=bzz>D4J~RGMpK_4Y8>BYh5^pRodMoKK}_~i-c2IsiIF8L<$ciFlV@LlKb;#xkt65HRQ`a5Lv+@{ zIX#8mqr=>_KU!JvoM$+%Fy=)6Kn$2knvUS&r9!bM=}5@mEc$Ky_pu8m#3A+?!O^e3 zEw>8m1HZUlQ2v}v#M90m)hB>-FaVoDpA5P^66j_S0NdWnK4}s&u0ie6XX!f<2=F11 zR+xTO%iml?!P1R%vWgbUMYsO-ykMz0O*AV`6|ISg9?Vk=nft!J#Xg`q(r$BPL_A?AS11EgbqiP5NezVE_1%qLX|tv+4RQsaEe&;? zA;)-)s+BSMPhy~iHqb5r++Fh{@ynrfmh0?}@AQ24M1`SZ2V*CL!cWIitg%4*=#C!k zJlA5RbUttKqe=}|RZ6OdMacDyS~E6192D2r$#P*{;!t!?EX|FP8oR}41KS30D{@?9 zTp}~q6lv;D7mH5!XfxNlU=0lOH=3c43L!eT@efq$G;F@p?nk|cVh&*U?1bhbQ$&F0Lx_K}+wR?g` z(+k8=T1^f>4ne^<(oJzAksq0s-C$Dm-0y!?D1G8b4dS|uQ_nBYu;nOgz=pAJnn*l) z^DU;mP*X71P2_x8_ng`ZM&OmA4m#1LocAV+?u1!k)fIb@=|<-jqm1go|H%NkF8ZZuPw6zsX^-SQQG|OK$8R;ayCeXlHrBADLb59$kxuBF$d*%Ks8&kcA zs2OYTzrT$xGoJ;zDgS0rqWIur&^LftR|iU6^#g*s(%aYdPG`UkLoN#xvG{kNIgkB+ zDIc{Ivj!$?;f~Xaqj}Jy3?|4W>6f|sWvtS8aW9VzaMNdVk|sL6&Z?<%#QNS>UgC}J zCm;TOUZ;Fr1$hr(tIs$r9x>NdWCs%OIzJh^k^O{pNe#w6f_6cxG8y)E?SU&K?U}N6=S&L0*L<{n0X3?fTo8Dg z90Yl1?Ru}iWuCkR9M7yodFAp>J^~ZQ(JZKOaN&CO#_{f(k&#TzGG80+PWY2bt^5XA zW`Fi%JLs(YuO>XdSCF?O$S8mEEcULaO6(TY!_#^;}}+?yF@n z@DjJW-SyewhTmRwaW6K`itW3;cktpP`*MYL$v2{%8trLJWhp0f+wr*;e+6=ZmZ7}^ zlZL>J_jcTcpwpnp&9NAer0I`_Wv=svgzMXobZbn9^pU%^ zUJOmm(s{gO6=F3VjR?}6sE*#k@2eHL^~Jtd>xh2df3iMj$y6Gj4&HLnh^U@x4 zG&_GM-XIRAE$zZB(y||?V-;BWqDwG%mDhZ@dXDWR7o?5RhFTeNDWOChjS#TtLF|OB z)tFFa!fXKaV5bQu5*Te}6O2rr^>2g*v9WL8560a3%k z;X!))(#Kqp#DFq{G+8uEC#Yh3-QLrqS#zNqwEI2CU7E2rgPvR`#Mebp9)U?{(`vSY zaHh;}_xbpWKHxRkNXN3Eyse^LnYA#hmDt1iEI}G#JzSJfgL@XVNQzO=3S@y9b>mSS zz(U>}V@Lq{RKn0>N(uAsO@HHkFtIfZkPNik4z%n+N^(r7d-zwsCPu22LMK9m<36`)O2-XffnJt7aNz}F?Q>{%Pm0Lti3dTNzERQ3rP z9}7hn^6DoY@iTvTSa(Qv7{3W-<{8VRs z*xC8kNn8WndEIQfG;!6FVsOw}W%mZKfAc@=fxXZQy zVhcPH9KbC5X9mXryol|!%!2Na>U%DUq5UbPQ7%G4(ugtpK=o#5hOx!%rEV)yg8+O%!8#2lU~w_mFt*{UZE3b0am>0(*kxxu4-+^S5LGO>0Gn7Zwx#K+cb(B?J1`O zX~l|M1E85vsIV3P+yxHcAIc=y`^Nf)#CC?b}*hxhAU#n+;HR}yEsyaq7!Dds} z-<=m%2gwRB%hUm>czh#)dQ1M_iPb?rd|TZGi_LF9;C?T!4wFhHEC@P z$ZiORM0iB#50B~Ze1_Z*MPLXR?)AD8s*z7K?OH4Ak47GgMjqN+Gr=z8v=h7?NtrDB zMiEGN(8T<;hFw#;U6={v*WSnG(V?K+9TDTiaBKNcVsty%&2OsMaX`oUn*S}`uk0Go z{^P*x`&*mihLNI#>^r9}7peL%x3-qfTDAM+DU=e*1eFG|pc~S|1JR-|#1q zE5i?>bi3I-3jY*Pn8zQ6A31?3Am94jbiKb(IaZqXgXT9M^PUVR6PiKr5y++lLNo?<(psz58)r43NbXE*W58f=Dwd# z?^nEo>vVMsYrp8v4|VXlRwVZy(%sx%s;lo-ku4yE7dzVhnm&F$WWdAzJ__Nu0iw-d zLFjJy5&MBMPZ0p6w*>L&q+9F6SvI97p7`~DjWOSPL8=)zFHcqULSpb!nj;C` ztARHdEe?nA6H$VnpmF~Q9pY=OVTb4pW%V~cLQ{|?E0lJIZF_>9 zwu~~IDnPG@n{mt||>NjXw@CsAor+Frd0y+8A&yGMt zOg3Xj>L@_+j52x#86pO;h!xVP(yzgh&nIA|d9seav*^vJX;4$*Fd+rhIm#7R^KcU= zvV0(XGTheFt9*%}+PF5mI^zXUvmD1ywQ~fqwpLoAa zFRs0;tgfPi^;7gY8olF(1T0$JMuZmsaVAro?#z`Kez~D|J)hpF9iBT^%k=|~QRVv{ zQeQv9%7?S-0n1@!g?|UsKHF0d-Z4=+tqc1cSF!LT5Ybcz(V}d+!QRnZ4#IuIf6PAD zQ!es}z_htiKHXZ>la79VzA8hsIg0)r3osN4d|pIP!R&kyNY>}9_(;|#6XxKgdL)}3 zYJ+ioziQIA*Et}|r-%u@^%Clfz?t_dgUqu%8^d7ZPniNv)|9`IisbLe82kp+z?yp>xCRPcUx@dDOa2f)m|kci85d9J zk&$Kz^TOs__sAFq)KItJA9uH!%Vf=>zF|Dr>;jqj-ZN!>0q1H#^Cgw?+IxZ2i%Cr2 z(9%|0A0Qp0sW>~WS*u2h*&nE7#+G+}q!T9Sj8LmHPE65w<(4MfuN|#NO^0ZZ~m@ld`h)QhZ4S?8 z#%1#RQ;bbtfu@tL)3~r+XI{+8pl7Xy4qcya1HB%o3W9O_lJ^lO31;w=LB0RvI3;@G zp8kX>OT$#nz7S#gXNS6dsQNf}yH=v6$UN|T;cRsaK%+m({#qaK6u)BXRPjUakks2D zFneXV)ECJy0p5N1H_k}h!ftY|pt)irR^YXee}eEdbo);xsMN#TvuwFa4A+u6mhKXU z+XFhbYe_vrk9~J$G9u_Yi;~^e22?G#Dw_B3yGne2tq{aE7NO7)w}N}5%%^OW*Aou` zgeEf$z4YB*)=;}*MV|Q^hiF;jxY?@d{{6|(UjfSDmVh!Cfhr|)E*VXom$nPuM*pZx zjZ@^5D||jK>%a%D6g|2WC8+zoh1)J`%_1DwVDu-k{3b`CREH{|bW4nB@yZwIp(gCm z8mnkDdMk!9mz|R@RJMC0%YK-Fr9WoU!^^-(+6VpSU#aV>8uBeYtp_e#mSS!hT}*8B z)vN!#|2~EooLF{ZtvHMtzF&MsohLJ;qEPIoh~;T~uQ&|PJz9Cb*f$|dO07aXX62vF zEZ24MgBI+V{MN-!B34>e`<+-gxrY+%jz)=H=JST|p}LC%NXHnygvDg~myF!N3Km2s z8>g7jMyT)*7UPpW6)hVvqy|Kn?Gg2w!9eZO5J{~qD!0}3`-k(2;lw?0=l0-NO^xCW zk)pM$G$YTLhv$D2P_v_T2Nrx~SbqEi7SKM4Li2#{;hp`%~`qwH%DY;12L< za+V7Em?qxCc%JZ#$&1PX4sVjfr4V&{INl!1vZFAp-Q)U)t0_9YZiM`L3@Tug%Aej< z`nhg3WJW{#)R#%TFXb9+R9N8L>KjQlkwydd>v7A=jL_qg?bK)a24}<+``L$gOw?m%+9fnFH74P!N$MR}yW$9nOLV8yI<|?sf@gK){%%t<}>pyz* zo_u&Gatyq9#dhsnZLxWqsjoPxu#Fbi3ik=h@p9#$QR1jqw039H^ReNL^F73WGW}m~ z{htpe3d;8oK5OT$q*@M8H)Ua;rji_DGGEMA_gsG3^#|&GRu6o)_q>%2)L> z7tAQ+aeh!Bj(R!){3)L&DI`A(5r@R=M4J=mAflz_jYOP(?gxeA!%@{eKh`Ck=keH1A5VZgm} z{x(kd8rYypp#Qb>BiOU-#*ALUT2?2S<8aldMuMl%krPtZ(!z(oO8y zmX)yqk*?|u^K72}iI6Yz3;1y{anOkMeAA0ZWZm`qT6@)-l}fMO^ZnvvIsML66F1}Z zrevb_)qJeG6|k;{n;ROSgebPeHI5|VITpPNa#i2a(Z zs=xBYGE4noyjM>?@sWahmoRRC1za;d0PgoSO-%*8P3+-cF^Hu*Gm(>JXTf%19=>S# zVLiDNidbSq@Ds}5yaN}xih$F&QX;o}IfXA?iL6_V(MCgm!u5 zNd`^*I1D)`RF~j_pOMz}UX$%)Ct`aryl5m?Nepq<5TZ-~cgzgObS&?I!a;a|XN-fN z7oX@DWs7$(KFBVRostNNw^qI%9ge58$H=A)`w|yIR(0f6oL@638jwNSIRA`-OqAinlL0)kAMK9N=@0q z7{cxildBsa8S&I|&2FlsDaan#ZIKKPbve04kPdH5;wcW&~-(l8OCV$7>=u zX3TBJPs7if1ACa*KCTg)%8@=i5JuoHT}5CwE3~B@gcuEBLobZkU=kmFbcRHGs1rqW zb1fsJ-@>*4amXJbG=ghxF=ev9F-RC_6x%JTX)WN{ zv5G#B3ho_9Hz>YNSZlENk3vWxnPaUpj&dAZvVa7vcm>Ry(ZV#m%ReuUf&nQ)u%Dzp z!C3Iq%#V^TM5a&@x~+BvTH)0^tXqvkVQCN0Z+K@fqMrrKK)Oh6IQ2vUoM^J(G>|Q% zEiiyOoz<-Jt!hs#F${y^<{IREs!DwNG+KtmEV*;ILOkHS>?Wowf)R;O)o|Jj1_^A{XiEn-Z1Hu zB3#Yscg5fYCf;)m-ZP)@aX3PJc{{@6pj!OO557G1Ciwd(aV}CXi1!2H6FC?c6Vm5R z_q5ZEsM;jz{GJ4^tENiER~i5`AU;(^?I> zv=COe@`Z2*T3|YphJeAcnxF!Gs1d*owwK-Pu{WGf^G5F*Wyaj+>foSj{@rt97^hl} zb?bBf-S$GuQM{BlmoHdMGuNCx)!9v?Xq)EaLA-YvZ!dmjnh7kmX`9!JGSwO4J;GGE z$X-}gdm;8#{Gz;K?q)V;fQ-jrK%P0@(=c%DmRP3Y;U;Je6(}s^K^Jx3lMh7aMpZOT z-Z$`to?T$?JX}KjIy_C;Csko9n2<*}Vd!j&qCWV3XIW^%t-w!2m9q_?elt2L?9Y46 z|3r*&q?sI-8Ij^Dgs6A?B8W2YZU3%9#ySshG&$GXI_Gza z$c`?Gfx5OfHf?re+Sw0?#J7QnPRIc&CkB+m9JXlwiDEWt|_TTK(t@IlsL_8 z+y~X1*QwP}mLR-F_yws=S!+shd&TyOo`uA|$<-)S!RvF9OV zkRl|mDf^&k!dE;R95raoOvK?Q3QHl&gRa_rK@jRXIjp3?V%EFfWIH|+ZI2@7;T=@J zhjd1|CT8pzH&ni741*9scL2*8^%*2zuivF*7t;75czkQG+CZJS;Jt}f{%*LLJ@M%b zH3cqJewkLU4;VkCkYS4$J7EJtb~4 zUk=%!opbTCd+M%&Kn&YfF(r54#lCkODJO5|Q zg9zp%YG?*K3YQDHAYQcy7COU{k*}i>06}!qGq*OE7Lo3bz=ya!%KpUDLhLZm!Bbb*MimKgb z4Ca$}zHcYwU#RZL9zD(Fw*N*-dSMKZZ|PaiTWD6Qyb2VLmJhuw`iba0UoWEdTjM@HzR z|6i)JH;}I@1Te=aw2JeG{+I;9Hi8rEIqjoV+Mz-#>~PyVLFZUoZtjKF467S*C@TdP z=Yukw{(4WC&}+h&#nJ*VFdsRr$$hsaivh;J4HEsImW-0Zm%)~1lvE)&>UMZXAlDG? zVmebV{nD<+9Cxo?3=QhnnQ<*Z8$aZ`93tq80FA(r#bokzx&K+o)ft<#Zh%mknwJ z?l}-JC1#GE^Mn#YD9@)F97l60o0^0Ed@3N5S)@V062jd1rlX0zIJ^ok_=(S^QcM+t ze$s{og3nUlF2CX|c0wTV{Ix>b_x!U;O3e)D%z*NXB6rd{Tc91^z@9q+Z~(oWM3 zgGQay2(noqo!A+o*;J7)3p=Eq=;W0354t9W6_via*8mdD-5)Hu0@=zqs{oV8OZb8b zCXEPxi_PYYWC3-R=jswh*YL%^!*sn)#E%Wj@ZSLl3OnYv>DWm+yfhlY3xQ%B416_o zZ176b0Q8q=_h5BOidS&20vn4M&r(v+S}Uk_)&3f@b|;J#sAr`JjYu0Hjj08oH-K8L z096UiDQGLB2E#x5YSTFgR*ui1c<(x=toYA+jQr=8g=cxMTz{yN`xj7ckG6;uW(n=5 zo5PViZ}~>i_RHX8ffr3sZIdEZNS@&qq}CI=kC0><6I%qcsw(UJHADawbkOV?V1 zur2SH?u2?vnnc9fA^rJ0IczJH8HQ2Lr+`MH2D;;v&0GhY@v)b%&gPJ|O5z}ySKD%! zB<@MUjBK*w9X<&p&?kL+e;d>qJPm!kZ~>1gK(566;gww)>bl_Q7PrNP-^i!H$AN|D4vf zF;Y%K0VEA|_n0X)Xz8MUFM`eKguKXwfV^e^m%I!_uXI8W4s(4=wZtZU=rw`fxSh!J z5s-+x@@|ozXf2xA4IdL!`|z^A2aHv1A0%hMQ!^}qP^1;|IzsKzLwKp&Nk#8>nzrE*k+XMIl&teR$#L(lmw-G$29u~Y{v|2Zh zU1S<3L&A_Jxnc$s!w;6ynG{y|m6^OsZ)R(;_KW);aGhpo^c;-zQ-Pq|-5&^|JO1ZL zeVwuuxRL9HavHm;K%g=~o2gvk-FWyc$*qog(U)9e5!*DP+xP~|BXW}1^v z+4Al)w%Cbxv^PeR6|_gVBnS2Y9pTVpGNCk|;9rR0)Sm9s1@wH9iu$V%cFv`t`IRIe z&U*}z`GS2Ba8d|AXqbxT$K7B7EHBCPpiZCOFg~%-vJJZTSv_Te1wA=crjS6NzhuWo1jT=SLg=Xwy3o{A-vhpn^p^Z&-*1QPlMf@oFHqZh+1}mOMpA*2ju32=^()07vphR#&QLy5(vSPK&u=nB7`gS{r zrT%6Z6NQ%2LR2m>dzJmkrPq-`0mjkol^>l4B?7;6D~2nm7}?EQj}pF0q#vx7w%iK! zcZq8f!`3u>hq*?7dy%*5NR@^G8{=P(H z>Fj>gZ>|}M9-ird?*1Sx&@o+Xl62u##4={e8>5{8@zD5v3S7Lov!nVIUqgnYWGI>apX z&oI%kHaUu69VKb52hghr%elDW!Z+Jj+@rkHLLhRi+#@lnE~1Id0OcZoz{(j{otg}o zi<-5p^>;a`bayqrJLRqSPwy`MMjtxU(qe+e(cO>=pwu9bL7+J5fo`-zxoUUEGueek zbme0!yV42v((Y>h4fcMp&k4WPNyKV4#P(%F(BYWB#kV&QMOHyj#+t)->Y#tY8MF<` zJXTXsJHYgkfg=|jnO7paEiIAx$wdMI^Iv8~Leu10C^{SpXKtbdedi0PkPET|&B>jj z)81=WLv{N-3t#nQud~fxf9MTk>V7|U_`FYVj5dF4cKBqo3CayFd%Y}PyjUFZ_s&-D zoGe{GoIbyW4M0S@08Lh{}>0J`3aO+VECp^~oh+4B{89J%1)E zr#hYup(Kay8#=_Wrx(*@8ti&mF64jJsw%d0uXp8Vk&mFO{ULc;+RvIlemKWnoHZZW zD=XVt96rTeO%tk#eTNZlQ+b(B&rHB}PjLLB(G|z>2PaX3uB4!JTfmaMyblhhfvpW5!z*Ct) zd5JahBdl@LhSbZ}ge$&UI&Efn-3cVP#_-ysUpZoM++zQ*6Ws*ul>L6%7E+cl388~R z;y07A?n8sE6~-(cn$&ABrs?jA(L4LiTN|8ui)Ci3?zZLA@k1sLLo}Y0Od_sXjgUy$ zj9RT}p&|iaz7fxjodAmxuA{|LO$Q;mH%#?vh^U$DAlqaapxzsfv6JHWw*+Rn%M_{W zDIEKgfK67@uVA+cJE0uz8T>epFK0mNzW4>qEY12b0t1hbR2GKN^%E@nT_zR-iUbWG z3j>Bq1~VHU@7?9p+;V9p{9EII78bJsdf2h+b&plM(=Q?~eAXgx_!>6Beha88H3NFs`&=9As4~cT1WWk_z2KP` z5&)^RGBqvx!ACY0xCIMoo>5YfYyu^^-FQU-hpm8CdMicN8EPvu3g%V?3l_`H1J7fEzXr9zfqIPhske3$PX$3oQ)M}T=bC1cR4pqd$8)it<9y)S z)shs^QBldA5wYW)Z#%`DcaYpBCUXwxzHt+V(9ZE_D61qZ>wwb1ZiB-dq|N*D)IrDo zbm;rGLzAuL@gebt!$U~4JyA5PrZUeHR&PBHizN~AC%tQaS8Hf{ZjQr-BZw#jv0M@^ z+!h&4YS@`BM;*svv0fIsyLY(?kk@XMAGdy)$MkdF6^yD06N>>cb}wUgAcpM9#i9?^y<%bsL$D6>=5#4DZm zC*F(TfnDL!eVQMGA+aw1uoMX+R*^BYKzaQ}+3Z!zbv*-53txxC;SY+M0ePzVrKz2>cyqy_BNifh2@mP zOC=nB_-$zG=nE%gAfZBj*&|Y;=>)d0eCG<;p$;m8&9|$d1~&QyY#m!wJj-w@oPMK3 zmpjA}B1XVDr^^b_;KwvAC90IgGW*m{3mP7;X|h}wIYuZ>xP9wfOObd3ENZ&0=1;H8 zt2|u3VjqANP67c}6(X*J zo>2`<;Yb|)Yxf?KdanMYs5|PDAcJ0Y)lcBl5FV53cWE(9Lsm6Q2vJ|U2OjW`V7{L) zdk7MJ{i~@*)&_fh9YVmll+rnQ$vJ5`1&)Pucim~7XG`I#g$;n7&(|Yb1y37*v5;HppytiX{^_lLz75d#zqEiW6Z+aeOV(NGQF* zum;9?bR`L^cxc8l_T; zPL{tm!GJ0$a#@ra>MFE`>E|7hQ&=QMN9!-R2iZ&Eb5O@XphiA_(>M}ZTn2vL6i z&t~DDd}*s?=@?b`L3{=Vk;HyH?i~UM#(diCSbv*{BX;$2_SuX`G}}#ea>-P3tvp|H zq%?;XmJZH|$9Op-MYxsxm_XV@1`0QnRIu1g0KSrY_W{|FD5X6wEjfW{_rh`iKb~}b z7g=xfLb|ex{;xes$o_qV!922JqG{Plju3%oR=&nGBuSeLdSrd|G2=+E6L-o@TS0xs z2XnrGm~bM{PfASrY`bK-q{j(rD+xF3QVegQ2F6Cp(&iH5Y3gm!AVdzKI$*o50qs_) zT}I%>rj9T=4RL1o2;J(JJXri8Fj4LIeUj!G zYL=$SoKNe46Gx*i+UYXTnB2K3_OFck0hXQ#b~)u$iYyeph*ZgUQOUzDY%(q;*??zYh3+*ys3QA7j5BW4WFlAZHj+ys_@K2DF!sS)3%KEcP^d5C*Xn zK0v2Hl@LKBz7^M#9+|7B&2ODiZR<)c&V&%+!kLKC04)Us1cyr%uy!CE6#GLz zunEXwbZFZTZ41`v>Q;-1WK9w<(K9fk#B|ElBsQ{d|HNL7lHj!#e>U{R1DzUM(<;}j zTi&27%w3n**4rQde*3!B$n3jXEa1%Ark7}PxHr9o2*vB^OH#}dKr5B<44@a6uO z@(t;5{3m6^o;pXpO3X;=ZtOmy2RU;2Nwiv(BXT&EGF-jTGetdo=n>_NDh};i;C>+G zn@*LdhM!OU$IXGErRjA3Cz@8Q(Es~JuJk8zH87&rh{RWn+2^MsqE@J9HRbB*^wAT= z^LG?_01eGFC^gJbBU|bkm3$hIyDZPA(T+*Jve8?~P;0Tad&pWt)z|gbW%HV2(P7o9 zRv^%84XS0+WI+e6>Buc=s(qnwo`ONA>&oc8z4q)h^BwTT+817LmP7kv>Y$^CvwO@D z#fp9&s|Nf`{>P7LS+8}S4iy76Sx!`Fzx?&1+Ozv54f%F_9A;oFYwt0M_ZFz3j~EPk zy1;3x>)bVm5bSd9Pt5x`z^G4^r)0EH( zA?OBCNqdjcy9Y7+HNnk|NQSx6O{9kc5F1?>-A6EStXwkhg3>;%)Rs3f<_eeME!TUP z@E%8e#;dsWvm1ffKT^upe8Xv-(_vwNA3~uYs2G+u(Uc~ZNMJnPcx0RCW)RTCGa=*a zNl2aA@WNIPLegF$!2_1#&mJPq<~GAO(Up0tgkj~kSP>)zk-*KsG8J_`kr=kXpR_ca zYiR$mqv6z@6^hBH0gBBrw4iPFc#3)Yeq;m5kndtr#a5Q>GU5q`;!O;?3edopnbu zDNZU;9;X@uh`T+zQhZWLEd)E#g(=AuPP$R-`kyD`1{4gJ`N0;6C7;=cx-N6}v$&^6 zfAK9p_+#j%zv->GoYPQaU=PuAKi)#xhl*GF(+S*dL>>Ly4-=WG9)`CoN}+|837C>@ zg62wKx5IIQIXCnt3TJe99Z2ujR`C+jFhSq(N$5K%u%2g>sf_~4Kkon0X*Q15h z+`$p@g_4PB7-0hF=XaJ=L9);_e!GIkNHWmSAR>`-sEHx!C8=|jTFR?LwR0XZSxk2N zGsX6=gh2%vBnCD7s3=mrk71}>RqeTMlcfLB!w1&i&v5J0lrW~XAU&l2aJgT}YgwNR zb3C%B1Dz{s`AZ-U$l7_lsaPL;6!W|ItlvjcH;KiIavQ2rvC2!+e zM=-pUc^Sr4+=STUBX23<2Vo=F*+{JRIK(+#!%do4;I<&xE92+aj=bf5HZ8$(H;TTN zv}EU37Zv)={p53~^mu@_BP%GPr~4&|fzqA!w<6nJS(c=E%SXOVXeai^YKZHx3zh=~ z$y36N0M5toyO;VnpKiLJoJDR;AHs`U)@C#Fi*#vZjUsYgeRk&a<18Alm{qo#_hAl8 zt=TVOg?*VeV#)JP;&B9^xju58eObqC9&0wY#)~56N=ScmcFue+oK#b7y3t=F)m*Qn zweUe}d^r?b&`i1|09By}7QBeqrUOSgLHL7TxNjkoI8z0ehD!v5R}>DX(QV+B04>~N z=Xbko=2SgUmL7sDLW^L!!ouOjwd2YbMgy2j=b>UD5Drk^rNfUfFbr>t$q{)mKkJ>a z+=~Q@U_;;4hn%@jXtW=3DhhR|uCff=>M+KmqR2%jSKK#!I#o9?<&HLHr~Jr*tosHD z!xxY64Tt2l8Sts$om0YxMy#i)M_rt^iIDZEYA66fO(v9n-N5idQE$+PjQ}%XzPk!H zx(0X)`~@j>xsche(T1$BhRC*xG=>Sm`J5e)qy_gwTvv&iuV(SLM+wXbXmS+b+V-UJ z(h{0Izv(C@;^Z7eCaO-@(g_k|XB#}p3Q9WN{BSZz7wQ328eNZuur`UpM2P^*{q~hu z_nbtBfQ^=65giGwl%?g3dk3CA z3SmiM4DgZx?tv-!c9Rj!t@M>Av8eNE1PiMIR3C`%Z0($+WQI%tpV%zngT|ON>Kusf z)7kBt@H3bye+!+NIwbAPCo3ws^uMhHEaw>>6|t2e-azJ4pU3ZQ5f_Av(ocVAO-9^- zeqS4sY1lagqWk8*G78FcH67V;vZ$?} zRWqBA{k%|)BjP+NOLq2?h7gTD{21DZ(`ZY#B%MTZq=nCLRhK~&XpHUwAWxai9mCyA z;;zJdu5CYDW`E2;KZAhp-ONAGTeBS%8aqf_5>HL50fKEjZIqD-q!V?EkoTMsaE|^X zpZ_DD|0AFOBcJ~xpZ_DD|0AFOBcJ~xpZ_DD|6d`We|ozcSAV-*6x>!i8!$4c1MdM~ zM@2$F*YH~m6i7ft%GvoL07QpJhM!myck=_Wb#L0gN4x6h_)new)Z*R7u^VyEz_f9t;m9>FPN$=mQZ11y97 z|HUzt9uJL%;sX2jih?APXrc_NlcwWLK~qHr^&x=?bkDor!?F-Ou)zOZUm4f Date: Mon, 28 Oct 2024 14:15:49 -0700 Subject: [PATCH 03/34] chore: update SBOM for Python 3.9 (#4528) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.9.json | 58 +++++++++++++++++------------------- sbom/cve-bin-tool-py3.9.spdx | 44 +++++++++++++-------------- 2 files changed, 49 insertions(+), 53 deletions(-) diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json index 79f4383c38..b3bd6dc437 100644 --- a/sbom/cve-bin-tool-py3.9.json +++ b/sbom/cve-bin-tool-py3.9.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:446914dd-c18a-4e5a-8c75-a21664d12eb9", + "serialNumber": "urn:uuid:fad70535-a2c6-4cf6-84b8-75bf196560b4", "version": 1, "metadata": { - "timestamp": "2024-10-21T00:38:06Z", + "timestamp": "2024-10-28T00:40:22Z", "lifecycles": [ { "phase": "build" @@ -129,6 +129,12 @@ }, "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*", "description": "Happy Eyeballs for asyncio", + "hashes": [ + { + "alg": "SHA-1", + "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f" + } + ], "licenses": [ { "license": { @@ -215,7 +221,7 @@ "type": "library", "bom-ref": "5-frozenlist", "name": "frozenlist", - "version": "1.4.1", + "version": "1.5.0", "description": "A list-like structure which implements collections.abc.MutableSequence", "licenses": [ { @@ -233,12 +239,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/frozenlist/1.4.1/#files", + "url": "https://pypi.org/project/frozenlist/1.5.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/frozenlist@1.4.1", + "purl": "pkg:pypi/frozenlist@1.5.0", "properties": [ { "name": "language", @@ -247,10 +253,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2023-12-15T08:40:29.000Z" } ] }, @@ -432,7 +434,7 @@ "type": "library", "bom-ref": "10-yarl", "name": "yarl", - "version": "1.15.5", + "version": "1.16.0", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -441,7 +443,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -459,12 +461,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.15.5/#files", + "url": "https://pypi.org/project/yarl/1.16.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.15.5", + "purl": "pkg:pypi/yarl@1.16.0", "properties": [ { "name": "language", @@ -2775,18 +2777,12 @@ "type": "library", "bom-ref": "57-packageurl-python", "name": "packageurl-python", - "version": "0.15.6", + "version": "0.16.0", "supplier": { "name": "the purl authors" }, - "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*", "description": "A purl aka. Package URL parser and builder", - "hashes": [ - { - "alg": "SHA-1", - "content": "14a11b50ab723796888133d3722b5b3e2845b084" - } - ], "licenses": [ { "license": { @@ -2803,12 +2799,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/packageurl-python/0.15.6/#files", + "url": "https://pypi.org/project/packageurl-python/0.16.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/packageurl-python@0.15.6", + "purl": "pkg:pypi/packageurl-python@0.16.0", "properties": [ { "name": "language", @@ -2824,7 +2820,7 @@ "type": "library", "bom-ref": "58-rich", "name": "rich", - "version": "13.9.2", + "version": "13.9.3", "supplier": { "name": "Will McGugan", "contact": [ @@ -2833,7 +2829,7 @@ } ] }, - "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "licenses": [ { @@ -2851,12 +2847,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rich/13.9.2/#files", + "url": "https://pypi.org/project/rich/13.9.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rich@13.9.2", + "purl": "pkg:pypi/rich@13.9.3", "properties": [ { "name": "language", @@ -3590,7 +3586,7 @@ "type": "library", "bom-ref": "74-elementpath", "name": "elementpath", - "version": "4.5.0", + "version": "4.6.0", "supplier": { "name": "Davide Brunato", "contact": [ @@ -3599,7 +3595,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*", "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", "licenses": [ { @@ -3617,12 +3613,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/elementpath/4.5.0/#files", + "url": "https://pypi.org/project/elementpath/4.6.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/elementpath@4.5.0", + "purl": "pkg:pypi/elementpath@4.6.0", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx index d4bb770ec9..b948398790 100644 --- a/sbom/cve-bin-tool-py3.9.spdx +++ b/sbom/cve-bin-tool-py3.9.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-fb473dd3-9d06-4045-8446-8b94d55b0135 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-eb859755-2df3-4cff-8f13-6688d449550c LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-10-21T00:37:14Z +Created: 2024-10-28T00:39:33Z CreatorComment: This document has been automatically generated. ##### @@ -49,6 +49,7 @@ PackageSupplier: Organization: J. Nick Koston (nick@koston.org) PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs +PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f PackageLicenseDeclared: PSF-2.0 PackageLicenseConcluded: PSF-2.0 PackageCopyrightText: NOASSERTION @@ -76,10 +77,10 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1 PackageName: frozenlist SPDXID: SPDXRef-5-frozenlist -PackageVersion: 1.4.1 +PackageVersion: 1.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/frozenlist/1.4.1/#files +PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/frozenlist PackageLicenseDeclared: NOASSERTION @@ -87,7 +88,7 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A list-like structure which implements collections.abc.MutableSequence -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.4.1 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0 ##### PackageName: async-timeout @@ -157,18 +158,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e PackageName: yarl SPDXID: SPDXRef-10-yarl -PackageVersion: 1.15.5 +PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.15.5/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.16.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.16.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:* ##### PackageName: idna @@ -945,35 +946,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:* PackageName: packageurl-python SPDXID: SPDXRef-57-packageurl-python -PackageVersion: 0.15.6 +PackageVersion: 0.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors -PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.6/#files +PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/package-url/packageurl-python -PackageChecksum: SHA1: 14a11b50ab723796888133d3722b5b3e2845b084 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: A purl aka. Package URL parser and builder -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.15.6 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:* ##### PackageName: rich SPDXID: SPDXRef-58-rich -PackageVersion: 13.9.2 +PackageVersion: 13.9.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rich/13.9.2/#files +PackageDownloadLocation: https://pypi.org/project/rich/13.9.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:* ##### PackageName: markdown-it-py @@ -1224,18 +1224,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:* PackageName: elementpath SPDXID: SPDXRef-74-elementpath -PackageVersion: 4.5.0 +PackageVersion: 4.6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/elementpath/4.5.0/#files +PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/elementpath PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:* ##### PackageName: zstandard From 2132f2492e8ba5500674b10b0c338360a9410174 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 21:21:46 +0000 Subject: [PATCH 04/34] chore: update SBOM for Python 3.8 (#4527) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.8.json | 50 +++++++++++++++++------------------- sbom/cve-bin-tool-py3.8.spdx | 36 +++++++++++++------------- 2 files changed, 41 insertions(+), 45 deletions(-) diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json index a664a2838d..aaa515d518 100644 --- a/sbom/cve-bin-tool-py3.8.json +++ b/sbom/cve-bin-tool-py3.8.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:bc112257-5e89-4898-95bc-ba411056a8d5", + "serialNumber": "urn:uuid:e019cd5f-9c97-4fd6-b01a-e1fdc281d319", "version": 1, "metadata": { - "timestamp": "2024-10-21T00:38:42Z", + "timestamp": "2024-10-28T00:40:20Z", "lifecycles": [ { "phase": "build" @@ -129,6 +129,12 @@ }, "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*", "description": "Happy Eyeballs for asyncio", + "hashes": [ + { + "alg": "SHA-1", + "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f" + } + ], "licenses": [ { "license": { @@ -215,7 +221,7 @@ "type": "library", "bom-ref": "5-frozenlist", "name": "frozenlist", - "version": "1.4.1", + "version": "1.5.0", "description": "A list-like structure which implements collections.abc.MutableSequence", "licenses": [ { @@ -233,12 +239,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/frozenlist/1.4.1/#files", + "url": "https://pypi.org/project/frozenlist/1.5.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/frozenlist@1.4.1", + "purl": "pkg:pypi/frozenlist@1.5.0", "properties": [ { "name": "language", @@ -247,10 +253,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2023-12-15T08:40:29.000Z" } ] }, @@ -2889,18 +2891,12 @@ "type": "library", "bom-ref": "59-packageurl-python", "name": "packageurl-python", - "version": "0.15.6", + "version": "0.16.0", "supplier": { "name": "the purl authors" }, - "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*", "description": "A purl aka. Package URL parser and builder", - "hashes": [ - { - "alg": "SHA-1", - "content": "14a11b50ab723796888133d3722b5b3e2845b084" - } - ], "licenses": [ { "license": { @@ -2917,12 +2913,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/packageurl-python/0.15.6/#files", + "url": "https://pypi.org/project/packageurl-python/0.16.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/packageurl-python@0.15.6", + "purl": "pkg:pypi/packageurl-python@0.16.0", "properties": [ { "name": "language", @@ -2938,7 +2934,7 @@ "type": "library", "bom-ref": "60-rich", "name": "rich", - "version": "13.9.2", + "version": "13.9.3", "supplier": { "name": "Will McGugan", "contact": [ @@ -2947,7 +2943,7 @@ } ] }, - "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "licenses": [ { @@ -2965,12 +2961,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rich/13.9.2/#files", + "url": "https://pypi.org/project/rich/13.9.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rich@13.9.2", + "purl": "pkg:pypi/rich@13.9.3", "properties": [ { "name": "language", @@ -3704,7 +3700,7 @@ "type": "library", "bom-ref": "76-elementpath", "name": "elementpath", - "version": "4.5.0", + "version": "4.6.0", "supplier": { "name": "Davide Brunato", "contact": [ @@ -3713,7 +3709,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*", "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", "licenses": [ { @@ -3731,12 +3727,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/elementpath/4.5.0/#files", + "url": "https://pypi.org/project/elementpath/4.6.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/elementpath@4.5.0", + "purl": "pkg:pypi/elementpath@4.6.0", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx index 87e23e8dac..8522bd1ea0 100644 --- a/sbom/cve-bin-tool-py3.8.spdx +++ b/sbom/cve-bin-tool-py3.8.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-31326d6d-bbe6-44f9-b106-9f12af5fb249 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a8eca549-4f66-4938-9caa-1ff2abaec047 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-10-21T00:37:49Z +Created: 2024-10-28T00:39:21Z CreatorComment: This document has been automatically generated. ##### @@ -49,6 +49,7 @@ PackageSupplier: Organization: J. Nick Koston (nick@koston.org) PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs +PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f PackageLicenseDeclared: PSF-2.0 PackageLicenseConcluded: PSF-2.0 PackageCopyrightText: NOASSERTION @@ -76,10 +77,10 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1 PackageName: frozenlist SPDXID: SPDXRef-5-frozenlist -PackageVersion: 1.4.1 +PackageVersion: 1.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/frozenlist/1.4.1/#files +PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/frozenlist PackageLicenseDeclared: NOASSERTION @@ -87,7 +88,7 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A list-like structure which implements collections.abc.MutableSequence -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.4.1 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0 ##### PackageName: async-timeout @@ -977,35 +978,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:* PackageName: packageurl-python SPDXID: SPDXRef-59-packageurl-python -PackageVersion: 0.15.6 +PackageVersion: 0.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors -PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.6/#files +PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/package-url/packageurl-python -PackageChecksum: SHA1: 14a11b50ab723796888133d3722b5b3e2845b084 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: A purl aka. Package URL parser and builder -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.15.6 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:* ##### PackageName: rich SPDXID: SPDXRef-60-rich -PackageVersion: 13.9.2 +PackageVersion: 13.9.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rich/13.9.2/#files +PackageDownloadLocation: https://pypi.org/project/rich/13.9.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:* ##### PackageName: markdown-it-py @@ -1256,18 +1256,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:* PackageName: elementpath SPDXID: SPDXRef-76-elementpath -PackageVersion: 4.5.0 +PackageVersion: 4.6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/elementpath/4.5.0/#files +PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/elementpath PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:* ##### PackageName: zstandard From 4b4e3f84eaf4c4592e5a71ab8210bf46bb08ce76 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 21:24:17 +0000 Subject: [PATCH 05/34] chore: update SBOM for Python 3.10 (#4525) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.10.json | 58 ++++++++++++++++------------------- sbom/cve-bin-tool-py3.10.spdx | 44 +++++++++++++------------- 2 files changed, 49 insertions(+), 53 deletions(-) diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json index 86ec5733d2..19a898bcac 100644 --- a/sbom/cve-bin-tool-py3.10.json +++ b/sbom/cve-bin-tool-py3.10.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:56360034-11b1-4e31-8643-843d5a966243", + "serialNumber": "urn:uuid:f845813e-87fb-4b9d-a68b-cf62b5eebeb4", "version": 1, "metadata": { - "timestamp": "2024-10-21T00:38:03Z", + "timestamp": "2024-10-28T00:37:59Z", "lifecycles": [ { "phase": "build" @@ -129,6 +129,12 @@ }, "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*", "description": "Happy Eyeballs for asyncio", + "hashes": [ + { + "alg": "SHA-1", + "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f" + } + ], "licenses": [ { "license": { @@ -215,7 +221,7 @@ "type": "library", "bom-ref": "5-frozenlist", "name": "frozenlist", - "version": "1.4.1", + "version": "1.5.0", "description": "A list-like structure which implements collections.abc.MutableSequence", "licenses": [ { @@ -233,12 +239,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/frozenlist/1.4.1/#files", + "url": "https://pypi.org/project/frozenlist/1.5.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/frozenlist@1.4.1", + "purl": "pkg:pypi/frozenlist@1.5.0", "properties": [ { "name": "language", @@ -247,10 +253,6 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2023-12-15T08:40:29.000Z" } ] }, @@ -432,7 +434,7 @@ "type": "library", "bom-ref": "10-yarl", "name": "yarl", - "version": "1.15.5", + "version": "1.16.0", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -441,7 +443,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -459,12 +461,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.15.5/#files", + "url": "https://pypi.org/project/yarl/1.16.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.15.5", + "purl": "pkg:pypi/yarl@1.16.0", "properties": [ { "name": "language", @@ -2707,18 +2709,12 @@ "type": "library", "bom-ref": "55-packageurl-python", "name": "packageurl-python", - "version": "0.15.6", + "version": "0.16.0", "supplier": { "name": "the purl authors" }, - "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*", "description": "A purl aka. Package URL parser and builder", - "hashes": [ - { - "alg": "SHA-1", - "content": "14a11b50ab723796888133d3722b5b3e2845b084" - } - ], "licenses": [ { "license": { @@ -2735,12 +2731,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/packageurl-python/0.15.6/#files", + "url": "https://pypi.org/project/packageurl-python/0.16.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/packageurl-python@0.15.6", + "purl": "pkg:pypi/packageurl-python@0.16.0", "properties": [ { "name": "language", @@ -2756,7 +2752,7 @@ "type": "library", "bom-ref": "56-rich", "name": "rich", - "version": "13.9.2", + "version": "13.9.3", "supplier": { "name": "Will McGugan", "contact": [ @@ -2765,7 +2761,7 @@ } ] }, - "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "licenses": [ { @@ -2783,12 +2779,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rich/13.9.2/#files", + "url": "https://pypi.org/project/rich/13.9.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rich@13.9.2", + "purl": "pkg:pypi/rich@13.9.3", "properties": [ { "name": "language", @@ -3522,7 +3518,7 @@ "type": "library", "bom-ref": "72-elementpath", "name": "elementpath", - "version": "4.5.0", + "version": "4.6.0", "supplier": { "name": "Davide Brunato", "contact": [ @@ -3531,7 +3527,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*", "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", "licenses": [ { @@ -3549,12 +3545,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/elementpath/4.5.0/#files", + "url": "https://pypi.org/project/elementpath/4.6.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/elementpath@4.5.0", + "purl": "pkg:pypi/elementpath@4.6.0", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx index b90ba2c350..6adec42bb4 100644 --- a/sbom/cve-bin-tool-py3.10.spdx +++ b/sbom/cve-bin-tool-py3.10.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-31c41ad2-71db-4400-b6a9-3897d659df61 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9d9a0807-ce81-4de1-9676-a3d3dbacf13f LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-10-21T00:37:15Z +Created: 2024-10-28T00:37:06Z CreatorComment: This document has been automatically generated. ##### @@ -49,6 +49,7 @@ PackageSupplier: Organization: J. Nick Koston (nick@koston.org) PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs +PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f PackageLicenseDeclared: PSF-2.0 PackageLicenseConcluded: PSF-2.0 PackageCopyrightText: NOASSERTION @@ -76,10 +77,10 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1 PackageName: frozenlist SPDXID: SPDXRef-5-frozenlist -PackageVersion: 1.4.1 +PackageVersion: 1.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/frozenlist/1.4.1/#files +PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/frozenlist PackageLicenseDeclared: NOASSERTION @@ -87,7 +88,7 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A list-like structure which implements collections.abc.MutableSequence -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.4.1 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0 ##### PackageName: async-timeout @@ -157,18 +158,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e PackageName: yarl SPDXID: SPDXRef-10-yarl -PackageVersion: 1.15.5 +PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.15.5/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.16.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.16.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:* ##### PackageName: idna @@ -915,35 +916,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:* PackageName: packageurl-python SPDXID: SPDXRef-55-packageurl-python -PackageVersion: 0.15.6 +PackageVersion: 0.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors -PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.6/#files +PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/package-url/packageurl-python -PackageChecksum: SHA1: 14a11b50ab723796888133d3722b5b3e2845b084 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: A purl aka. Package URL parser and builder -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.15.6 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:* ##### PackageName: rich SPDXID: SPDXRef-56-rich -PackageVersion: 13.9.2 +PackageVersion: 13.9.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rich/13.9.2/#files +PackageDownloadLocation: https://pypi.org/project/rich/13.9.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:* ##### PackageName: markdown-it-py @@ -1194,18 +1194,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:* PackageName: elementpath SPDXID: SPDXRef-72-elementpath -PackageVersion: 4.5.0 +PackageVersion: 4.6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/elementpath/4.5.0/#files +PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/elementpath PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:* ##### PackageName: zipp From df49fcac1517e26ca88e6cc847bb5d70d516c106 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 21:25:31 +0000 Subject: [PATCH 06/34] chore: update SBOM for Python 3.11 (#4524) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.11.json | 58 ++++++++++++++++------------------- sbom/cve-bin-tool-py3.11.spdx | 44 +++++++++++++------------- 2 files changed, 49 insertions(+), 53 deletions(-) diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json index df44fa0767..9fd08a49aa 100644 --- a/sbom/cve-bin-tool-py3.11.json +++ b/sbom/cve-bin-tool-py3.11.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:d5e538e5-15fc-467b-9af5-fdbadcd9bc9e", + "serialNumber": "urn:uuid:0f266371-5f01-4b1f-a630-b4a42e8ab4c2", "version": 1, "metadata": { - "timestamp": "2024-10-21T00:38:07Z", + "timestamp": "2024-10-28T00:37:40Z", "lifecycles": [ { "phase": "build" @@ -129,6 +129,12 @@ }, "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*", "description": "Happy Eyeballs for asyncio", + "hashes": [ + { + "alg": "SHA-1", + "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f" + } + ], "licenses": [ { "license": { @@ -215,7 +221,7 @@ "type": "library", "bom-ref": "5-frozenlist", "name": "frozenlist", - "version": "1.4.1", + "version": "1.5.0", "description": "A list-like structure which implements collections.abc.MutableSequence", "licenses": [ { @@ -233,12 +239,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/frozenlist/1.4.1/#files", + "url": "https://pypi.org/project/frozenlist/1.5.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/frozenlist@1.4.1", + "purl": "pkg:pypi/frozenlist@1.5.0", "properties": [ { "name": "language", @@ -247,10 +253,6 @@ { "name": "python_version", "value": "3.11.10" - }, - { - "name": "package_release_date", - "value": "2023-12-15T08:40:29.000Z" } ] }, @@ -340,7 +342,7 @@ "type": "library", "bom-ref": "8-yarl", "name": "yarl", - "version": "1.15.5", + "version": "1.16.0", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -349,7 +351,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -367,12 +369,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.15.5/#files", + "url": "https://pypi.org/project/yarl/1.16.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.15.5", + "purl": "pkg:pypi/yarl@1.16.0", "properties": [ { "name": "language", @@ -2615,18 +2617,12 @@ "type": "library", "bom-ref": "53-packageurl-python", "name": "packageurl-python", - "version": "0.15.6", + "version": "0.16.0", "supplier": { "name": "the purl authors" }, - "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*", "description": "A purl aka. Package URL parser and builder", - "hashes": [ - { - "alg": "SHA-1", - "content": "14a11b50ab723796888133d3722b5b3e2845b084" - } - ], "licenses": [ { "license": { @@ -2643,12 +2639,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/packageurl-python/0.15.6/#files", + "url": "https://pypi.org/project/packageurl-python/0.16.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/packageurl-python@0.15.6", + "purl": "pkg:pypi/packageurl-python@0.16.0", "properties": [ { "name": "language", @@ -2664,7 +2660,7 @@ "type": "library", "bom-ref": "54-rich", "name": "rich", - "version": "13.9.2", + "version": "13.9.3", "supplier": { "name": "Will McGugan", "contact": [ @@ -2673,7 +2669,7 @@ } ] }, - "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "licenses": [ { @@ -2691,12 +2687,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rich/13.9.2/#files", + "url": "https://pypi.org/project/rich/13.9.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rich@13.9.2", + "purl": "pkg:pypi/rich@13.9.3", "properties": [ { "name": "language", @@ -3372,7 +3368,7 @@ "type": "library", "bom-ref": "69-elementpath", "name": "elementpath", - "version": "4.5.0", + "version": "4.6.0", "supplier": { "name": "Davide Brunato", "contact": [ @@ -3381,7 +3377,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*", "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", "licenses": [ { @@ -3399,12 +3395,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/elementpath/4.5.0/#files", + "url": "https://pypi.org/project/elementpath/4.6.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/elementpath@4.5.0", + "purl": "pkg:pypi/elementpath@4.6.0", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx index 27c84d6e71..19aef3bfe5 100644 --- a/sbom/cve-bin-tool-py3.11.spdx +++ b/sbom/cve-bin-tool-py3.11.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a9a33c0b-ebd3-45ac-a9ec-32d3d43f6e62 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-74592506-2886-44ae-895a-da1f0f1334ca LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-10-21T00:37:27Z +Created: 2024-10-28T00:36:57Z CreatorComment: This document has been automatically generated. ##### @@ -49,6 +49,7 @@ PackageSupplier: Organization: J. Nick Koston (nick@koston.org) PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs +PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f PackageLicenseDeclared: PSF-2.0 PackageLicenseConcluded: PSF-2.0 PackageCopyrightText: NOASSERTION @@ -76,10 +77,10 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1 PackageName: frozenlist SPDXID: SPDXRef-5-frozenlist -PackageVersion: 1.4.1 +PackageVersion: 1.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/frozenlist/1.4.1/#files +PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/frozenlist PackageLicenseDeclared: NOASSERTION @@ -87,7 +88,7 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A list-like structure which implements collections.abc.MutableSequence -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.4.1 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0 ##### PackageName: attrs @@ -124,18 +125,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:* PackageName: yarl SPDXID: SPDXRef-8-yarl -PackageVersion: 1.15.5 +PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.15.5/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.16.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.16.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:* ##### PackageName: idna @@ -882,35 +883,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:* PackageName: packageurl-python SPDXID: SPDXRef-53-packageurl-python -PackageVersion: 0.15.6 +PackageVersion: 0.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors -PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.6/#files +PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/package-url/packageurl-python -PackageChecksum: SHA1: 14a11b50ab723796888133d3722b5b3e2845b084 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: A purl aka. Package URL parser and builder -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.15.6 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:* ##### PackageName: rich SPDXID: SPDXRef-54-rich -PackageVersion: 13.9.2 +PackageVersion: 13.9.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rich/13.9.2/#files +PackageDownloadLocation: https://pypi.org/project/rich/13.9.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:* ##### PackageName: markdown-it-py @@ -1144,18 +1144,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:* PackageName: elementpath SPDXID: SPDXRef-69-elementpath -PackageVersion: 4.5.0 +PackageVersion: 4.6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/elementpath/4.5.0/#files +PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/elementpath PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:* ##### PackageName: zipp From 06886b3d2a149e713beee24e72f88db9cb94c03c Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 21:26:41 +0000 Subject: [PATCH 07/34] chore: update SBOM for Python 3.12 (#4526) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.12.json | 58 ++++++++++++++++------------------- sbom/cve-bin-tool-py3.12.spdx | 44 +++++++++++++------------- 2 files changed, 49 insertions(+), 53 deletions(-) diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json index 0eef678b0b..beafd63bdf 100644 --- a/sbom/cve-bin-tool-py3.12.json +++ b/sbom/cve-bin-tool-py3.12.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:0f75c410-49c3-4b71-9350-9079ef768e63", + "serialNumber": "urn:uuid:c3f0a58f-1000-4930-b89e-cb88efacd5d3", "version": 1, "metadata": { - "timestamp": "2024-10-21T00:38:03Z", + "timestamp": "2024-10-28T00:38:50Z", "lifecycles": [ { "phase": "build" @@ -129,6 +129,12 @@ }, "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*", "description": "Happy Eyeballs for asyncio", + "hashes": [ + { + "alg": "SHA-1", + "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f" + } + ], "licenses": [ { "license": { @@ -215,7 +221,7 @@ "type": "library", "bom-ref": "5-frozenlist", "name": "frozenlist", - "version": "1.4.1", + "version": "1.5.0", "description": "A list-like structure which implements collections.abc.MutableSequence", "licenses": [ { @@ -233,12 +239,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/frozenlist/1.4.1/#files", + "url": "https://pypi.org/project/frozenlist/1.5.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/frozenlist@1.4.1", + "purl": "pkg:pypi/frozenlist@1.5.0", "properties": [ { "name": "language", @@ -247,10 +253,6 @@ { "name": "python_version", "value": "3.12.7" - }, - { - "name": "package_release_date", - "value": "2023-12-15T08:40:29.000Z" } ] }, @@ -340,7 +342,7 @@ "type": "library", "bom-ref": "8-yarl", "name": "yarl", - "version": "1.15.5", + "version": "1.16.0", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -349,7 +351,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -367,12 +369,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.15.5/#files", + "url": "https://pypi.org/project/yarl/1.16.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.15.5", + "purl": "pkg:pypi/yarl@1.16.0", "properties": [ { "name": "language", @@ -2615,18 +2617,12 @@ "type": "library", "bom-ref": "53-packageurl-python", "name": "packageurl-python", - "version": "0.15.6", + "version": "0.16.0", "supplier": { "name": "the purl authors" }, - "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*", "description": "A purl aka. Package URL parser and builder", - "hashes": [ - { - "alg": "SHA-1", - "content": "14a11b50ab723796888133d3722b5b3e2845b084" - } - ], "licenses": [ { "license": { @@ -2643,12 +2639,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/packageurl-python/0.15.6/#files", + "url": "https://pypi.org/project/packageurl-python/0.16.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/packageurl-python@0.15.6", + "purl": "pkg:pypi/packageurl-python@0.16.0", "properties": [ { "name": "language", @@ -2664,7 +2660,7 @@ "type": "library", "bom-ref": "54-rich", "name": "rich", - "version": "13.9.2", + "version": "13.9.3", "supplier": { "name": "Will McGugan", "contact": [ @@ -2673,7 +2669,7 @@ } ] }, - "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "licenses": [ { @@ -2691,12 +2687,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rich/13.9.2/#files", + "url": "https://pypi.org/project/rich/13.9.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rich@13.9.2", + "purl": "pkg:pypi/rich@13.9.3", "properties": [ { "name": "language", @@ -3372,7 +3368,7 @@ "type": "library", "bom-ref": "69-elementpath", "name": "elementpath", - "version": "4.5.0", + "version": "4.6.0", "supplier": { "name": "Davide Brunato", "contact": [ @@ -3381,7 +3377,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*", "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", "licenses": [ { @@ -3399,12 +3395,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/elementpath/4.5.0/#files", + "url": "https://pypi.org/project/elementpath/4.6.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/elementpath@4.5.0", + "purl": "pkg:pypi/elementpath@4.6.0", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx index ae93fe6415..d5dd7e4fb8 100644 --- a/sbom/cve-bin-tool-py3.12.spdx +++ b/sbom/cve-bin-tool-py3.12.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-b2973599-018f-42ec-9c3a-664a3e5f75a2 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-8092be7a-891d-43e8-92da-4f3a027149cf LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-10-21T00:37:15Z +Created: 2024-10-28T00:38:09Z CreatorComment: This document has been automatically generated. ##### @@ -49,6 +49,7 @@ PackageSupplier: Organization: J. Nick Koston (nick@koston.org) PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs +PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f PackageLicenseDeclared: PSF-2.0 PackageLicenseConcluded: PSF-2.0 PackageCopyrightText: NOASSERTION @@ -76,10 +77,10 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1 PackageName: frozenlist SPDXID: SPDXRef-5-frozenlist -PackageVersion: 1.4.1 +PackageVersion: 1.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/frozenlist/1.4.1/#files +PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/frozenlist PackageLicenseDeclared: NOASSERTION @@ -87,7 +88,7 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A list-like structure which implements collections.abc.MutableSequence -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.4.1 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0 ##### PackageName: attrs @@ -124,18 +125,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:* PackageName: yarl SPDXID: SPDXRef-8-yarl -PackageVersion: 1.15.5 +PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.15.5/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.16.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.16.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:* ##### PackageName: idna @@ -882,35 +883,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:* PackageName: packageurl-python SPDXID: SPDXRef-53-packageurl-python -PackageVersion: 0.15.6 +PackageVersion: 0.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors -PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.6/#files +PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/package-url/packageurl-python -PackageChecksum: SHA1: 14a11b50ab723796888133d3722b5b3e2845b084 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: A purl aka. Package URL parser and builder -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.15.6 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:* ##### PackageName: rich SPDXID: SPDXRef-54-rich -PackageVersion: 13.9.2 +PackageVersion: 13.9.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rich/13.9.2/#files +PackageDownloadLocation: https://pypi.org/project/rich/13.9.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:* ##### PackageName: markdown-it-py @@ -1144,18 +1144,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:* PackageName: elementpath SPDXID: SPDXRef-69-elementpath -PackageVersion: 4.5.0 +PackageVersion: 4.6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/elementpath/4.5.0/#files +PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/elementpath PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:* ##### PackageName: zipp From 110eaece68b4bd28555ae8431ae305ce5e5314e8 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 16:25:40 +0000 Subject: [PATCH 08/34] chore: update checkers table (#4536) Co-authored-by: GitHub --- .github/actions/spelling/allow.txt | 3 + README.md | 96 +++++++++++++++--------------- doc/MANUAL.md | 94 ++++++++++++++--------------- 3 files changed, 98 insertions(+), 95 deletions(-) diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt index 9e05f3909b..88c55c264d 100644 --- a/.github/actions/spelling/allow.txt +++ b/.github/actions/spelling/allow.txt @@ -129,6 +129,7 @@ cyberciti cybersecurity cygwin d +daemon darkhttpd datasource dav @@ -147,6 +148,7 @@ dio Dio distro distros +dlt dmidecode dnsmasq docker @@ -394,6 +396,7 @@ lighttpd linode linting linux +linuxptp lite lldpd logrotate diff --git a/README.md b/README.md index 27ff4bb6f9..3d5d12c07d 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ CVE Binary Tool uses the NVD API but is not endorsed or certified by the NVD. The tool has two main modes of operation: -1. A binary scanner which helps you determine which packages may have been included as part of a piece of software. There are 365 checkers. Our initial focus was on common, vulnerable open source components such as openssl, libpng, libxml2 and expat. +1. A binary scanner which helps you determine which packages may have been included as part of a piece of software. There are 367 checkers. Our initial focus was on common, vulnerable open source components such as openssl, libpng, libxml2 and expat. 2. Tools for scanning known component lists in various formats, including .csv, several linux distribution package lists, language specific package scanners and several Software Bill of Materials (SBOM) formats. @@ -226,7 +226,7 @@ The following checkers are available for finding components in binary files: | | | | Available checkers | | | | -|--------------- |------------- |------------------ |--------------- |----------------- |-------------- |--------------- | +|--------------- |--------------- |------------------ |------------- |---------------- |------------ |----------------- | | accountsservice |acpid |apache_http_server |apcupsd |apparmor |asn1c |assimp | | asterisk |atftp |avahi |axel |bash |bind |binutils | | bird |bison |bluez |boinc |botan |bro |bubblewrap | @@ -234,52 +234,52 @@ The following checkers are available for finding components in binary files: | chrony |civetweb |clamav |collectd |commons_compress |connman |coreutils | | cpio |cronie |cryptsetup |cups |curl |cvs |darkhttpd | | dav1d |davfs2 |dbus |debianutils |dhclient |dhcpcd |dhcpd | -| dmidecode |dnsmasq |docker |domoticz |dosfstools |dotnet |dovecot | -| doxygen |dpkg |dropbear |e2fsprogs |ed |elfutils |emacs | -| enscript |exfatprogs |exim |exiv2 |f2fs_tools |faad2 |fastd | -| ffmpeg |file |firefox |flac |fluidsynth |freeradius |freerdp | -| fribidi |frr |gawk |gcc |gdal |gdb |gdk_pixbuf | -| ghostscript |gimp |git |glib |glibc |gmp |gnomeshell | -| gnupg |gnutls |go |gpgme |gpsd |graphicsmagick |grep | -| grub2 |gstreamer |gupnp |gvfs |gzip |haproxy |harfbuzz | -| haserl |hdf5 |heimdal |hostapd |hunspell |hwloc |i2pd | -| icecast |icu |iperf3 |ipmitool |ipsec_tools |iptables |irssi | -| iucode_tool |iwd |jack2 |jacksondatabind |janus |jasper |jhead | -| jq |json_c |kbd |keepalived |kerberos |kexectools |kodi | -| kubernetes |ldns |lftp |libarchive |libass |libbpg |libcoap | -| libconfuse |libcurl |libdb |libde265 |libebml |libevent |libexpat | -| libgcrypt |libgd |libgit2 |libheif |libical |libidn2 |libinput | -| libjpeg |libjpeg_turbo |libksba |liblas |libmatroska |libmemcached |libmicrohttpd | -| libmodbus |libnss |libopenmpt |libpcap |libraw |librsvg |librsync | -| libsamplerate |libseccomp |libsndfile |libsolv |libsoup |libsrtp |libssh | -| libssh2 |libtasn1 |libtiff |libtomcrypt |libupnp |libuv |libvips | -| libvirt |libvncserver |libvorbis |libvpx |libxslt |libyaml |lighttpd | -| linux_kernel |lldpd |logrotate |lrzip |lua |luajit |lxc | -| lynx |lz4 |mailx |mariadb |mbedtls |mdadm |memcached | -| micropython |minetest |mini_httpd |minicom |minidlna |miniupnpc |miniupnpd | -| moby |modsecurity |monit |mosquitto |motion |mp4v2 |mpg123 | -| mpv |msmtp |mtr |mupdf |mutt |mysql |nano | -| nasm |nbd |ncurses |neon |nessus |netatalk |netdata | -| netkit_ftp |netpbm |nettle |nghttp2 |nginx |ngircd |nmap | -| node |ntfs_3g |ntp |ntpsec |open_iscsi |open_vm_tools |openafs | -| opencv |openjpeg |openldap |opensc |openssh |openssl |openswan | -| openvpn |p7zip |pango |patch |pcre |pcre2 |pcsc_lite | -| perl |php |picocom |pigz |pixman |png |polarssl_fedora | -| poppler |postgresql |ppp |privoxy |procps_ng |proftpd |protobuf_c | -| pspp |pure_ftpd |putty |python |qemu |qpdf |qt | -| quagga |radare2 |radvd |raptor |rauc |rdesktop |readline | -| rpm |rsync |rsyslog |rtl_433 |rtmpdump |runc |rust | -| samba |sane_backends |sdl |seahorse |shadowsocks_libev |snapd |sngrep | -| snort |socat |sofia_sip |speex |spice |sqlite |squashfs | -| squid |sslh |stellarium |strongswan |stunnel |subversion |sudo | -| suricata |sylpheed |syslogng |sysstat |systemd |tar |tcpdump | -| tcpreplay |terminology |tesseract |thrift |thttpd |thunderbird |timescaledb | -| tinyproxy |tor |tpm2_tss |traceroute |transmission |trousers |ttyd | -| twonky_server |u_boot |udisks |unbound |unixodbc |upx |util_linux | -| varnish |vim |vlc |vorbis_tools |vsftpd |webkitgtk |wget | -| wireshark |wolfssl |wpa_supplicant |xerces |xml2 |xscreensaver |xwayland | -| yasm |zabbix |zchunk |zeek |zlib |znc |zsh | -| zstandard | | | | | | | +| dlt_daemon |dmidecode |dnsmasq |docker |domoticz |dosfstools |dotnet | +| dovecot |doxygen |dpkg |dropbear |e2fsprogs |ed |elfutils | +| emacs |enscript |exfatprogs |exim |exiv2 |f2fs_tools |faad2 | +| fastd |ffmpeg |file |firefox |flac |fluidsynth |freeradius | +| freerdp |fribidi |frr |gawk |gcc |gdal |gdb | +| gdk_pixbuf |ghostscript |gimp |git |glib |glibc |gmp | +| gnomeshell |gnupg |gnutls |go |gpgme |gpsd |graphicsmagick | +| grep |grub2 |gstreamer |gupnp |gvfs |gzip |haproxy | +| harfbuzz |haserl |hdf5 |heimdal |hostapd |hunspell |hwloc | +| i2pd |icecast |icu |iperf3 |ipmitool |ipsec_tools |iptables | +| irssi |iucode_tool |iwd |jack2 |jacksondatabind |janus |jasper | +| jhead |jq |json_c |kbd |keepalived |kerberos |kexectools | +| kodi |kubernetes |ldns |lftp |libarchive |libass |libbpg | +| libcoap |libconfuse |libcurl |libdb |libde265 |libebml |libevent | +| libexpat |libgcrypt |libgd |libgit2 |libheif |libical |libidn2 | +| libinput |libjpeg |libjpeg_turbo |libksba |liblas |libmatroska |libmemcached | +| libmicrohttpd |libmodbus |libnss |libopenmpt |libpcap |libraw |librsvg | +| librsync |libsamplerate |libseccomp |libsndfile |libsolv |libsoup |libsrtp | +| libssh |libssh2 |libtasn1 |libtiff |libtomcrypt |libupnp |libuv | +| libvips |libvirt |libvncserver |libvorbis |libvpx |libxslt |libyaml | +| lighttpd |linux_kernel |linuxptp |lldpd |logrotate |lrzip |lua | +| luajit |lxc |lynx |lz4 |mailx |mariadb |mbedtls | +| mdadm |memcached |micropython |minetest |mini_httpd |minicom |minidlna | +| miniupnpc |miniupnpd |moby |modsecurity |monit |mosquitto |motion | +| mp4v2 |mpg123 |mpv |msmtp |mtr |mupdf |mutt | +| mysql |nano |nasm |nbd |ncurses |neon |nessus | +| netatalk |netdata |netkit_ftp |netpbm |nettle |nghttp2 |nginx | +| ngircd |nmap |node |ntfs_3g |ntp |ntpsec |open_iscsi | +| open_vm_tools |openafs |opencv |openjpeg |openldap |opensc |openssh | +| openssl |openswan |openvpn |p7zip |pango |patch |pcre | +| pcre2 |pcsc_lite |perl |php |picocom |pigz |pixman | +| png |polarssl_fedora |poppler |postgresql |ppp |privoxy |procps_ng | +| proftpd |protobuf_c |pspp |pure_ftpd |putty |python |qemu | +| qpdf |qt |quagga |radare2 |radvd |raptor |rauc | +| rdesktop |readline |rpm |rsync |rsyslog |rtl_433 |rtmpdump | +| runc |rust |samba |sane_backends |sdl |seahorse |shadowsocks_libev | +| snapd |sngrep |snort |socat |sofia_sip |speex |spice | +| sqlite |squashfs |squid |sslh |stellarium |strongswan |stunnel | +| subversion |sudo |suricata |sylpheed |syslogng |sysstat |systemd | +| tar |tcpdump |tcpreplay |terminology |tesseract |thrift |thttpd | +| thunderbird |timescaledb |tinyproxy |tor |tpm2_tss |traceroute |transmission | +| trousers |ttyd |twonky_server |u_boot |udisks |unbound |unixodbc | +| upx |util_linux |varnish |vim |vlc |vorbis_tools |vsftpd | +| webkitgtk |wget |wireshark |wolfssl |wpa_supplicant |xerces |xml2 | +| xscreensaver |xwayland |yasm |zabbix |zchunk |zeek |zlib | +| znc |zsh |zstandard | | | | | All the checkers can be found in the checkers directory, as can the diff --git a/doc/MANUAL.md b/doc/MANUAL.md index 4125d3b20d..4a7644afff 100644 --- a/doc/MANUAL.md +++ b/doc/MANUAL.md @@ -241,7 +241,7 @@ which is useful if you're trying the latest code from | | | | Available checkers | | | | -|--------------- |------------- |------------------ |--------------- |----------------- |-------------- |--------------- | +|--------------- |--------------- |------------------ |------------- |---------------- |------------ |----------------- | | accountsservice |acpid |apache_http_server |apcupsd |apparmor |asn1c |assimp | | asterisk |atftp |avahi |axel |bash |bind |binutils | | bird |bison |bluez |boinc |botan |bro |bubblewrap | @@ -249,52 +249,52 @@ which is useful if you're trying the latest code from | chrony |civetweb |clamav |collectd |commons_compress |connman |coreutils | | cpio |cronie |cryptsetup |cups |curl |cvs |darkhttpd | | dav1d |davfs2 |dbus |debianutils |dhclient |dhcpcd |dhcpd | -| dmidecode |dnsmasq |docker |domoticz |dosfstools |dotnet |dovecot | -| doxygen |dpkg |dropbear |e2fsprogs |ed |elfutils |emacs | -| enscript |exfatprogs |exim |exiv2 |f2fs_tools |faad2 |fastd | -| ffmpeg |file |firefox |flac |fluidsynth |freeradius |freerdp | -| fribidi |frr |gawk |gcc |gdal |gdb |gdk_pixbuf | -| ghostscript |gimp |git |glib |glibc |gmp |gnomeshell | -| gnupg |gnutls |go |gpgme |gpsd |graphicsmagick |grep | -| grub2 |gstreamer |gupnp |gvfs |gzip |haproxy |harfbuzz | -| haserl |hdf5 |heimdal |hostapd |hunspell |hwloc |i2pd | -| icecast |icu |iperf3 |ipmitool |ipsec_tools |iptables |irssi | -| iucode_tool |iwd |jack2 |jacksondatabind |janus |jasper |jhead | -| jq |json_c |kbd |keepalived |kerberos |kexectools |kodi | -| kubernetes |ldns |lftp |libarchive |libass |libbpg |libcoap | -| libconfuse |libcurl |libdb |libde265 |libebml |libevent |libexpat | -| libgcrypt |libgd |libgit2 |libheif |libical |libidn2 |libinput | -| libjpeg |libjpeg_turbo |libksba |liblas |libmatroska |libmemcached |libmicrohttpd | -| libmodbus |libnss |libopenmpt |libpcap |libraw |librsvg |librsync | -| libsamplerate |libseccomp |libsndfile |libsolv |libsoup |libsrtp |libssh | -| libssh2 |libtasn1 |libtiff |libtomcrypt |libupnp |libuv |libvips | -| libvirt |libvncserver |libvorbis |libvpx |libxslt |libyaml |lighttpd | -| linux_kernel |lldpd |logrotate |lrzip |lua |luajit |lxc | -| lynx |lz4 |mailx |mariadb |mbedtls |mdadm |memcached | -| micropython |minetest |mini_httpd |minicom |minidlna |miniupnpc |miniupnpd | -| moby |modsecurity |monit |mosquitto |motion |mp4v2 |mpg123 | -| mpv |msmtp |mtr |mupdf |mutt |mysql |nano | -| nasm |nbd |ncurses |neon |nessus |netatalk |netdata | -| netkit_ftp |netpbm |nettle |nghttp2 |nginx |ngircd |nmap | -| node |ntfs_3g |ntp |ntpsec |open_iscsi |open_vm_tools |openafs | -| opencv |openjpeg |openldap |opensc |openssh |openssl |openswan | -| openvpn |p7zip |pango |patch |pcre |pcre2 |pcsc_lite | -| perl |php |picocom |pigz |pixman |png |polarssl_fedora | -| poppler |postgresql |ppp |privoxy |procps_ng |proftpd |protobuf_c | -| pspp |pure_ftpd |putty |python |qemu |qpdf |qt | -| quagga |radare2 |radvd |raptor |rauc |rdesktop |readline | -| rpm |rsync |rsyslog |rtl_433 |rtmpdump |runc |rust | -| samba |sane_backends |sdl |seahorse |shadowsocks_libev |snapd |sngrep | -| snort |socat |sofia_sip |speex |spice |sqlite |squashfs | -| squid |sslh |stellarium |strongswan |stunnel |subversion |sudo | -| suricata |sylpheed |syslogng |sysstat |systemd |tar |tcpdump | -| tcpreplay |terminology |tesseract |thrift |thttpd |thunderbird |timescaledb | -| tinyproxy |tor |tpm2_tss |traceroute |transmission |trousers |ttyd | -| twonky_server |u_boot |udisks |unbound |unixodbc |upx |util_linux | -| varnish |vim |vlc |vorbis_tools |vsftpd |webkitgtk |wget | -| wireshark |wolfssl |wpa_supplicant |xerces |xml2 |xscreensaver |xwayland | -| yasm |zabbix |zchunk |zeek |zlib |znc |zsh | -| zstandard | | | | | | | +| dlt_daemon |dmidecode |dnsmasq |docker |domoticz |dosfstools |dotnet | +| dovecot |doxygen |dpkg |dropbear |e2fsprogs |ed |elfutils | +| emacs |enscript |exfatprogs |exim |exiv2 |f2fs_tools |faad2 | +| fastd |ffmpeg |file |firefox |flac |fluidsynth |freeradius | +| freerdp |fribidi |frr |gawk |gcc |gdal |gdb | +| gdk_pixbuf |ghostscript |gimp |git |glib |glibc |gmp | +| gnomeshell |gnupg |gnutls |go |gpgme |gpsd |graphicsmagick | +| grep |grub2 |gstreamer |gupnp |gvfs |gzip |haproxy | +| harfbuzz |haserl |hdf5 |heimdal |hostapd |hunspell |hwloc | +| i2pd |icecast |icu |iperf3 |ipmitool |ipsec_tools |iptables | +| irssi |iucode_tool |iwd |jack2 |jacksondatabind |janus |jasper | +| jhead |jq |json_c |kbd |keepalived |kerberos |kexectools | +| kodi |kubernetes |ldns |lftp |libarchive |libass |libbpg | +| libcoap |libconfuse |libcurl |libdb |libde265 |libebml |libevent | +| libexpat |libgcrypt |libgd |libgit2 |libheif |libical |libidn2 | +| libinput |libjpeg |libjpeg_turbo |libksba |liblas |libmatroska |libmemcached | +| libmicrohttpd |libmodbus |libnss |libopenmpt |libpcap |libraw |librsvg | +| librsync |libsamplerate |libseccomp |libsndfile |libsolv |libsoup |libsrtp | +| libssh |libssh2 |libtasn1 |libtiff |libtomcrypt |libupnp |libuv | +| libvips |libvirt |libvncserver |libvorbis |libvpx |libxslt |libyaml | +| lighttpd |linux_kernel |linuxptp |lldpd |logrotate |lrzip |lua | +| luajit |lxc |lynx |lz4 |mailx |mariadb |mbedtls | +| mdadm |memcached |micropython |minetest |mini_httpd |minicom |minidlna | +| miniupnpc |miniupnpd |moby |modsecurity |monit |mosquitto |motion | +| mp4v2 |mpg123 |mpv |msmtp |mtr |mupdf |mutt | +| mysql |nano |nasm |nbd |ncurses |neon |nessus | +| netatalk |netdata |netkit_ftp |netpbm |nettle |nghttp2 |nginx | +| ngircd |nmap |node |ntfs_3g |ntp |ntpsec |open_iscsi | +| open_vm_tools |openafs |opencv |openjpeg |openldap |opensc |openssh | +| openssl |openswan |openvpn |p7zip |pango |patch |pcre | +| pcre2 |pcsc_lite |perl |php |picocom |pigz |pixman | +| png |polarssl_fedora |poppler |postgresql |ppp |privoxy |procps_ng | +| proftpd |protobuf_c |pspp |pure_ftpd |putty |python |qemu | +| qpdf |qt |quagga |radare2 |radvd |raptor |rauc | +| rdesktop |readline |rpm |rsync |rsyslog |rtl_433 |rtmpdump | +| runc |rust |samba |sane_backends |sdl |seahorse |shadowsocks_libev | +| snapd |sngrep |snort |socat |sofia_sip |speex |spice | +| sqlite |squashfs |squid |sslh |stellarium |strongswan |stunnel | +| subversion |sudo |suricata |sylpheed |syslogng |sysstat |systemd | +| tar |tcpdump |tcpreplay |terminology |tesseract |thrift |thttpd | +| thunderbird |timescaledb |tinyproxy |tor |tpm2_tss |traceroute |transmission | +| trousers |ttyd |twonky_server |u_boot |udisks |unbound |unixodbc | +| upx |util_linux |varnish |vim |vlc |vorbis_tools |vsftpd | +| webkitgtk |wget |wireshark |wolfssl |wpa_supplicant |xerces |xml2 | +| xscreensaver |xwayland |yasm |zabbix |zchunk |zeek |zlib | +| znc |zsh |zstandard | | | | | For a quick overview of usage and how it works, you can also see [the readme file](README.md). From 8ca4b0b02207026f6d63b5549220f1b077f8eb83 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 14:16:32 -0700 Subject: [PATCH 09/34] chore(deps): bump codecov/codecov-action from 4.5.0 to 4.6.0 (#4493) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.5.0 to 4.6.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/e28ff129e5465c2c0dcc6f003fc735cb6ae0c673...b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/testing.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 7a63aa2896..b1633d6760 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -339,7 +339,7 @@ jobs: test/test_cvedb.py - name: Upload code coverage to codecov if: env.sbom != 'true' - uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 + uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 with: files: ./coverage.xml flags: longtests @@ -583,7 +583,7 @@ jobs: - name: Test PDF generation on Windows run: pytest test/test_output_engine.py -k test_output_pdf --cov --cov-append --cov-report=xml --durations=50 - name: Upload code coverage to codecov - uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 + uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 with: files: ./coverage.xml flags: win-longtests From e0d8264eee2547b67d6b2e648ba3adaa15a1ec1a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 14:21:28 -0700 Subject: [PATCH 10/34] chore(deps): bump github/codeql-action from 3.26.9 to 3.27.0 (#4530) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.9 to 3.27.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/461ef6c76dfe95d5c364de2f431ddbd31a417628...662472033e021d55d94146f66f6058822b0b39fd) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9be38b3a64..9c0c72cf4a 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -51,7 +51,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 + uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -76,4 +76,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 + uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 From 85e2512362ace24fd014d26657c9e685c42f5727 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 14:22:26 -0700 Subject: [PATCH 11/34] chore(deps): bump actions/dependency-review-action from 4.3.4 to 4.3.5 (#4531) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.3.4 to 4.3.5. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/5a2ce3f5b92ee19cbb1541a4984c76d921601d7c...a6993e2c61fd5dc440b409aa1d6904921c5e1894) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 026818198f..717e3e7f10 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -24,4 +24,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: 'Dependency Review' - uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4 + uses: actions/dependency-review-action@a6993e2c61fd5dc440b409aa1d6904921c5e1894 # v4.3.5 From ca9f067a983358235e20ef5f0c06d08d6ff907a5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 30 Oct 2024 10:43:24 -0700 Subject: [PATCH 12/34] chore(deps): bump actions/cache from 4.0.2 to 4.1.2 (#4532) Bumps [actions/cache](https://github.com/actions/cache) from 4.0.2 to 4.1.2. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/0c45773b623bea8c8e75f6c82b208c3cf94ea4f9...6849a6489940f00c2f30c0fb92c6274307ccb58a) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/cve_scan.yml | 2 +- .github/workflows/fuzzing.yml | 4 ++-- .github/workflows/testing.yml | 18 +++++++++--------- .github/workflows/update-cache.yml | 2 +- .github/workflows/update-js-dependencies.yml | 2 +- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/cve_scan.yml b/.github/workflows/cve_scan.yml index f3ef84aa58..212af4496b 100644 --- a/.github/workflows/cve_scan.yml +++ b/.github/workflows/cve_scan.yml @@ -31,7 +31,7 @@ jobs: run: | echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT - name: Get cached database - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml index 0ff4d7bbcc..478c5a8b42 100644 --- a/.github/workflows/fuzzing.yml +++ b/.github/workflows/fuzzing.yml @@ -51,13 +51,13 @@ jobs: echo "yesterday=$(/bin/date -d "-1 day" -u "+%Y%m%d")" >> $GITHUB_OUTPUT - name: Get today's cached database - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 id: todays-cache with: path: fuzz-cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} - name: Get yesterday's cached database if today's is not available - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 if: steps.todays-cache.outputs.cache-hit != 'true' with: path: fuzz-cache diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index b1633d6760..b74a2a89d5 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -135,13 +135,13 @@ jobs: echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}" echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}" - name: Get today's cached database - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 id: todays-cache with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} - name: Get yesterday's cached database if today's is not available - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 if: steps.todays-cache.outputs.cache-hit != 'true' with: path: cache @@ -267,13 +267,13 @@ jobs: echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}" echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}" - name: Get today's cached database - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 id: todays-cache with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} - name: Get yesterday's cached database if today's is not available - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 if: steps.todays-cache.outputs.cache-hit != 'true' with: path: cache @@ -411,13 +411,13 @@ jobs: echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}" echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}" - name: Get today's cached database - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 id: todays-cache with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} - name: Get yesterday's cached database if today's is not available - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 if: steps.todays-cache.outputs.cache-hit != 'true' with: path: cache @@ -517,14 +517,14 @@ jobs: echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.DATE }}" echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.YESTERDAY }}" - name: Get today's cached database - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 id: todays-cache with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.DATE }} enableCrossOsArchive: true - name: Get yesterday's cached database if today's is not available - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 if: steps.todays-cache.outputs.cache-hit != 'true' with: path: cache @@ -558,7 +558,7 @@ jobs: test/test_cli.py test/test_cvedb.py - name: Cache conda - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 env: # Increase to reset cache if requirements.txt file has not changed CACHE_NUMBER: 0 diff --git a/.github/workflows/update-cache.yml b/.github/workflows/update-cache.yml index 0ab91e9a27..7e77e1ecf1 100644 --- a/.github/workflows/update-cache.yml +++ b/.github/workflows/update-cache.yml @@ -39,7 +39,7 @@ jobs: id: get-date run: | echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} diff --git a/.github/workflows/update-js-dependencies.yml b/.github/workflows/update-js-dependencies.yml index 27b1081df7..d4921f0f4d 100644 --- a/.github/workflows/update-js-dependencies.yml +++ b/.github/workflows/update-js-dependencies.yml @@ -36,7 +36,7 @@ jobs: run: python .github/workflows/update_js_dependencies.py - name: Get cached Python packages - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} From 29fc1b1da226f08077297c11fb3eef29eca60cb5 Mon Sep 17 00:00:00 2001 From: Terri Oda Date: Thu, 31 Oct 2024 08:38:03 -0700 Subject: [PATCH 13/34] ci: add comment for interrogate (#4542) I have more than once wanted to cut/paste the interrogate config flags into the command line while making docstring-related issues, so I went ahead and put it as a comment for next time. Signed-off-by: Terri Oda --- .pre-commit-config.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 5d4ccd7243..5e194bd6b9 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -6,6 +6,7 @@ repos: verbose: True exclude: ^(locales|presentation|fuzz/generated|test|cve_bin_tool/checkers|build) args: ["-vv", "-i", "-I", "-M", "-C", "-n", "-p", "-f", "60.0"] + # args for cut and paste: interrogate -vv -i -I -M -C -n -p -f 60.0 - repo: https://github.com/pycqa/isort rev: 5.13.2 From 439e3c3665718b923737cb7ed132f995c269da74 Mon Sep 17 00:00:00 2001 From: veesood <123954200+vroomvee@users.noreply.github.com> Date: Fri, 1 Nov 2024 23:47:59 +0530 Subject: [PATCH 14/34] docs: Add docstrings for VEXGenerate class and methods (#4544) Added detailed docstrings to `VEXGenerate` class, including description for class attributes, methods, and parameters. This enhances readability and provides clear guidance. --- cve_bin_tool/vex_manager/generate.py | 80 ++++++++++++++++++++++++---- 1 file changed, 71 insertions(+), 9 deletions(-) diff --git a/cve_bin_tool/vex_manager/generate.py b/cve_bin_tool/vex_manager/generate.py index 83ddc9150b..d18735c749 100644 --- a/cve_bin_tool/vex_manager/generate.py +++ b/cve_bin_tool/vex_manager/generate.py @@ -1,5 +1,6 @@ # Copyright (C) 2024 Intel Corporation # SPDX-License-Identifier: GPL-3.0-or-later + from logging import Logger from pathlib import Path from typing import Dict, List, Optional @@ -12,6 +13,26 @@ class VEXGenerate: + """ + A class for generating VEX (Vulnerability Exploitability eXchange) documents. + + This class maintains the state of vulnerability analysis for different VEX types, + including CycloneDX, CSAF, and OpenVEX. The `analysis_state` dictionary maps + remarks related to vulnerability status to their corresponding states for each + VEX type. + + Attributes: + analysis_state (dict): A dictionary containing the mapping of remarks to + analysis states for different VEX types. The keys are the VEX types ("cyclonedx", + "csaf", "openvex"), and the values are dictionaries mapping `Remarks` enum values + to their corresponding vulnerability analysis states. + + Example: + >>> vex_gen = VEXGenerate() + >>> state = vex_gen.analysis_state["cyclonedx"][Remarks.Confirmed] + >>> print(state) # Output: "exploitable" + """ + analysis_state = { "cyclonedx": { Remarks.NewFound: "in_triage", @@ -53,6 +74,23 @@ def __init__( logger: Optional[Logger] = None, validate: bool = True, ): + """ + Initializes a VEXGenerate instance with specified product, release, and other parameters + for managing CVE data and generating vulnerability exchange (VEX) documents. + + Parameters: + product (str): The name of the product being analyzed. + release (str): The product release version. + vendor (str): The name of the product vendor. + filename (str): The filename to use for generated VEX data. + vextype (str): The type of VEX document. + all_cve_data (Dict[ProductInfo, CVEData]): Dictionary containing CVE data by product. + revision_reason (str, optional): Reason for the VEX document revision. Defaults to "". + sbom_serial_number (str, optional): The serial number for the software bill of materials. Defaults to "". + sbom (Optional[str], optional): Software bill of materials, if available. Defaults to None. + logger (Optional[Logger], optional): Logger instance for logging. Defaults to None. + validate (bool, optional): Flag indicating if input validation is required. Defaults to True. + """ self.product = product self.release = release self.vendor = vendor @@ -67,7 +105,12 @@ def __init__( def generate_vex(self) -> None: """ - Generates VEX code based on the specified VEX type. + Generates a VEX (Vulnerability Exploitability eXchange) document based on the specified VEX type + and stores it in the given filename. + + This method sets up a VEX generator instance with the product name, release version, and other + metadata. It automatically assigns a filename if none is provided, logs the update status if the + file already exists, and generates the VEX document with product vulnerability data. Returns: None @@ -82,11 +125,11 @@ def generate_vex(self) -> None: vexgen.set_product(**kwargs) if not self.filename: self.logger.info( - "No filename defined, Generating a new filename with Default Naming Convention" + "No filename defined, generating a new filename with default naming convention." ) self.filename = self.__generate_vex_filename() if Path(self.filename).is_file(): - self.logger.info(f"Updating the vex file: {self.filename}") + self.logger.info(f"Updating the VEX file: {self.filename}") vexgen.generate( project_name=self.product, @@ -97,10 +140,13 @@ def generate_vex(self) -> None: def __generate_vex_filename(self) -> str: """ - Generates a VEX filename based on the current date and time. + Generates a default VEX filename using the product, release, vendor, and VEX type information. + + The filename is structured as "{product}_{release}_{vendor}_{vextype}.json" and is saved in the + current working directory. Returns: - str: The generated VEX filename. + str: The generated VEX filename as a string. """ filename = ( Path.cwd() @@ -109,6 +155,17 @@ def __generate_vex_filename(self) -> str: return str(filename) def __get_metadata(self) -> Dict: + """ + Generates metadata for the VEX document based on the specified VEX type, product, release, + and vendor information. + + This method creates a dictionary containing metadata fields, such as `id`, `supplier`, + `author`, and `revision_reason`, depending on the VEX type. Metadata fields are populated + according to the VEX format requirements, such as "cyclonedx," "csaf," or "openvex". + + Returns: + Dict: A dictionary containing the metadata for the VEX document. + """ metadata = {} if self.vextype == "cyclonedx": if self.product: @@ -128,10 +185,17 @@ def __get_metadata(self) -> Dict: def __get_vulnerabilities(self) -> List[Vulnerability]: """ - Retrieves a list of vulnerabilities. + Retrieves and constructs a list of vulnerability objects based on the current CVE data. + + This method iterates through all CVE data associated with the product and vendor, + creating and configuring `Vulnerability` objects for each entry. It sets attributes + like name, release, ID, description, status, and additional metadata such as package + URLs (purl) and bill of materials (BOM) links. If a vulnerability includes comments + or justification, these are added to the vulnerability details. Returns: - A list of Vulnerability objects representing the vulnerabilities. + List[Vulnerability]: A list of `Vulnerability` objects representing the identified + vulnerabilities, enriched with metadata and details. """ vulnerabilities = [] for product_info, cve_data in self.all_cve_data.items(): @@ -156,7 +220,6 @@ def __get_vulnerabilities(self) -> List[Vulnerability]: if cve.comments else cve.remarks.name ) - # more details will be added using set_value() if purl is None: purl = f"pkg:generic/{vendor}/{product}@{version}" bom_version = 1 @@ -170,7 +233,6 @@ def __get_vulnerabilities(self) -> List[Vulnerability]: vulnerability.set_value("action", detail) vulnerability.set_value("source", cve.data_source) vulnerability.set_value("updated", cve.last_modified) - # vulnerability.show_vulnerability() vulnerabilities.append(vulnerability.get_vulnerability()) self.logger.debug(f"Vulnerabilities: {vulnerabilities}") return vulnerabilities From ab886a513b9492434205e64e66d35e20ccd9c626 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 20:02:28 +0000 Subject: [PATCH 15/34] chore: update SBOM for Python 3.11 (#4551) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.11.json | 70 +++++++++++++++++++---------------- sbom/cve-bin-tool-py3.11.spdx | 55 +++++++++++++-------------- 2 files changed, 66 insertions(+), 59 deletions(-) diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json index 9fd08a49aa..1ab4cf5700 100644 --- a/sbom/cve-bin-tool-py3.11.json +++ b/sbom/cve-bin-tool-py3.11.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:0f266371-5f01-4b1f-a630-b4a42e8ab4c2", + "serialNumber": "urn:uuid:d41bd464-c594-4908-998a-aa31f02d37f2", "version": 1, "metadata": { - "timestamp": "2024-10-28T00:37:40Z", + "timestamp": "2024-11-04T00:39:27Z", "lifecycles": [ { "phase": "build" @@ -271,6 +271,12 @@ }, "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*", "description": "Classes Without Boilerplate", + "hashes": [ + { + "alg": "SHA-1", + "content": "6771a04893780166e4b7826b63599f43ac30d00a" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/attrs/24.2.0/#files", @@ -342,7 +348,7 @@ "type": "library", "bom-ref": "8-yarl", "name": "yarl", - "version": "1.16.0", + "version": "1.17.1", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -351,7 +357,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -369,12 +375,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.16.0/#files", + "url": "https://pypi.org/project/yarl/1.17.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.16.0", + "purl": "pkg:pypi/yarl@1.17.1", "properties": [ { "name": "language", @@ -563,7 +569,7 @@ "type": "library", "bom-ref": "13-cvss", "name": "cvss", - "version": "3.2", + "version": "3.3", "supplier": { "name": "Stanislav Red Hat Product Security", "contact": [ @@ -572,7 +578,7 @@ } ] }, - "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*", "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", "licenses": [ { @@ -590,12 +596,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cvss/3.2/#files", + "url": "https://pypi.org/project/cvss/3.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cvss@3.2", + "purl": "pkg:pypi/cvss@3.3", "properties": [ { "name": "language", @@ -2301,7 +2307,7 @@ "type": "library", "bom-ref": "47-rpds-py", "name": "rpds-py", - "version": "0.20.0", + "version": "0.20.1", "supplier": { "name": "Julian Berman", "contact": [ @@ -2310,14 +2316,8 @@ } ] }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", - "hashes": [ - { - "alg": "SHA-1", - "content": "fac4daa73aacf2df7b4341d51f0c24f5f80aa03d" - } - ], "licenses": [ { "license": { @@ -2334,12 +2334,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rpds-py/0.20.0/#files", + "url": "https://pypi.org/project/rpds-py/0.20.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.20.0", + "purl": "pkg:pypi/rpds-py@0.20.1", "properties": [ { "name": "language", @@ -2660,7 +2660,7 @@ "type": "library", "bom-ref": "54-rich", "name": "rich", - "version": "13.9.3", + "version": "13.9.4", "supplier": { "name": "Will McGugan", "contact": [ @@ -2669,7 +2669,7 @@ } ] }, - "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "licenses": [ { @@ -2687,12 +2687,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rich/13.9.3/#files", + "url": "https://pypi.org/project/rich/13.9.4/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rich@13.9.3", + "purl": "pkg:pypi/rich@13.9.4", "properties": [ { "name": "language", @@ -2875,6 +2875,12 @@ }, "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*", "description": "Core utilities for Python packages", + "hashes": [ + { + "alg": "SHA-1", + "content": "85442b8032cb7bae72866dfd7782234a98dd2fb7" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/packaging/24.1/#files", @@ -3286,7 +3292,7 @@ "type": "library", "bom-ref": "67-setuptools", "name": "setuptools", - "version": "75.2.0", + "version": "75.3.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3295,16 +3301,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.2.0/#files", + "url": "https://pypi.org/project/setuptools/75.3.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.2.0", + "purl": "pkg:pypi/setuptools@75.3.0", "properties": [ { "name": "language", @@ -3320,7 +3326,7 @@ "type": "library", "bom-ref": "68-xmlschema", "name": "xmlschema", - "version": "3.4.2", + "version": "3.4.3", "supplier": { "name": "Davide Brunato", "contact": [ @@ -3329,7 +3335,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", "licenses": [ { @@ -3347,12 +3353,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/xmlschema/3.4.2/#files", + "url": "https://pypi.org/project/xmlschema/3.4.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@3.4.2", + "purl": "pkg:pypi/xmlschema@3.4.3", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx index 19aef3bfe5..17f485a570 100644 --- a/sbom/cve-bin-tool-py3.11.spdx +++ b/sbom/cve-bin-tool-py3.11.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-74592506-2886-44ae-895a-da1f0f1334ca +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-42a5440d-e497-4f5a-8c23-5f4cbc506669 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-10-28T00:36:57Z +Created: 2024-11-04T00:38:31Z CreatorComment: This document has been automatically generated. ##### @@ -98,6 +98,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files FilesAnalyzed: false +PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -125,18 +126,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:* PackageName: yarl SPDXID: SPDXRef-8-yarl -PackageVersion: 1.16.0 +PackageVersion: 1.17.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.16.0/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.16.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:* ##### PackageName: idna @@ -205,10 +206,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:* PackageName: cvss SPDXID: SPDXRef-13-cvss -PackageVersion: 3.2 +PackageVersion: 3.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) -PackageDownloadLocation: https://pypi.org/project/cvss/3.2/#files +PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/RedHatProductSecurity/cvss PackageLicenseDeclared: NOASSERTION @@ -216,8 +217,8 @@ PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3 -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:* ##### PackageName: defusedxml @@ -782,19 +783,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* PackageName: rpds-py SPDXID: SPDXRef-47-rpds-py -PackageVersion: 0.20.0 +PackageVersion: 0.20.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.0/#files +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds -PackageChecksum: SHA1: fac4daa73aacf2df7b4341d51f0c24f5f80aa03d PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:* ##### PackageName: lib4sbom @@ -899,18 +899,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 PackageName: rich SPDXID: SPDXRef-54-rich -PackageVersion: 13.9.3 +PackageVersion: 13.9.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rich/13.9.3/#files +PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:* ##### PackageName: markdown-it-py @@ -971,6 +971,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files FilesAnalyzed: false +PackageChecksum: SHA1: 85442b8032cb7bae72866dfd7782234a98dd2fb7 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1113,33 +1114,33 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-67-setuptools -PackageVersion: 75.2.0 +PackageVersion: 75.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:* ##### PackageName: xmlschema SPDXID: SPDXRef-68-xmlschema -PackageVersion: 3.4.2 +PackageVersion: 3.4.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.2/#files +PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/xmlschema PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:* ##### PackageName: elementpath From 5c42868ae8d2ece510e4d05652f57f9230f827ed Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 20:04:08 +0000 Subject: [PATCH 16/34] chore: update SBOM for Python 3.9 (#4550) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.9.json | 76 +++++++++++++++++++++--------------- sbom/cve-bin-tool-py3.9.spdx | 56 +++++++++++++------------- 2 files changed, 73 insertions(+), 59 deletions(-) diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json index b3bd6dc437..d9f6feaf78 100644 --- a/sbom/cve-bin-tool-py3.9.json +++ b/sbom/cve-bin-tool-py3.9.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:fad70535-a2c6-4cf6-84b8-75bf196560b4", + "serialNumber": "urn:uuid:cf0e1889-1a11-4eb0-90b5-58e1bd7cf8fb", "version": 1, "metadata": { - "timestamp": "2024-10-28T00:40:22Z", + "timestamp": "2024-11-04T00:39:04Z", "lifecycles": [ { "phase": "build" @@ -329,6 +329,12 @@ }, "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*", "description": "Classes Without Boilerplate", + "hashes": [ + { + "alg": "SHA-1", + "content": "6771a04893780166e4b7826b63599f43ac30d00a" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/attrs/24.2.0/#files", @@ -434,7 +440,7 @@ "type": "library", "bom-ref": "10-yarl", "name": "yarl", - "version": "1.16.0", + "version": "1.17.1", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -443,7 +449,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -461,12 +467,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.16.0/#files", + "url": "https://pypi.org/project/yarl/1.17.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.16.0", + "purl": "pkg:pypi/yarl@1.17.1", "properties": [ { "name": "language", @@ -655,7 +661,7 @@ "type": "library", "bom-ref": "15-cvss", "name": "cvss", - "version": "3.2", + "version": "3.3", "supplier": { "name": "Stanislav Red Hat Product Security", "contact": [ @@ -664,7 +670,7 @@ } ] }, - "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*", "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", "licenses": [ { @@ -682,12 +688,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cvss/3.2/#files", + "url": "https://pypi.org/project/cvss/3.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cvss@3.2", + "purl": "pkg:pypi/cvss@3.3", "properties": [ { "name": "language", @@ -2202,6 +2208,12 @@ }, "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*", "description": "Read metadata from Python packages", + "hashes": [ + { + "alg": "SHA-1", + "content": "b34810b1e0665580a91ea19b6317a1890ecd42c1" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/importlib-metadata/8.5.0/#files", @@ -2461,7 +2473,7 @@ "type": "library", "bom-ref": "51-rpds-py", "name": "rpds-py", - "version": "0.20.0", + "version": "0.20.1", "supplier": { "name": "Julian Berman", "contact": [ @@ -2470,14 +2482,8 @@ } ] }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", - "hashes": [ - { - "alg": "SHA-1", - "content": "fac4daa73aacf2df7b4341d51f0c24f5f80aa03d" - } - ], "licenses": [ { "license": { @@ -2494,12 +2500,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rpds-py/0.20.0/#files", + "url": "https://pypi.org/project/rpds-py/0.20.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.20.0", + "purl": "pkg:pypi/rpds-py@0.20.1", "properties": [ { "name": "language", @@ -2820,7 +2826,7 @@ "type": "library", "bom-ref": "58-rich", "name": "rich", - "version": "13.9.3", + "version": "13.9.4", "supplier": { "name": "Will McGugan", "contact": [ @@ -2829,7 +2835,7 @@ } ] }, - "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "licenses": [ { @@ -2847,12 +2853,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rich/13.9.3/#files", + "url": "https://pypi.org/project/rich/13.9.4/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rich@13.9.3", + "purl": "pkg:pypi/rich@13.9.4", "properties": [ { "name": "language", @@ -3035,6 +3041,12 @@ }, "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*", "description": "Core utilities for Python packages", + "hashes": [ + { + "alg": "SHA-1", + "content": "85442b8032cb7bae72866dfd7782234a98dd2fb7" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/packaging/24.1/#files", @@ -3446,7 +3458,7 @@ "type": "library", "bom-ref": "71-setuptools", "name": "setuptools", - "version": "75.2.0", + "version": "75.3.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3455,16 +3467,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.2.0/#files", + "url": "https://pypi.org/project/setuptools/75.3.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.2.0", + "purl": "pkg:pypi/setuptools@75.3.0", "properties": [ { "name": "language", @@ -3538,7 +3550,7 @@ "type": "library", "bom-ref": "73-xmlschema", "name": "xmlschema", - "version": "3.4.2", + "version": "3.4.3", "supplier": { "name": "Davide Brunato", "contact": [ @@ -3547,7 +3559,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", "licenses": [ { @@ -3565,12 +3577,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/xmlschema/3.4.2/#files", + "url": "https://pypi.org/project/xmlschema/3.4.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@3.4.2", + "purl": "pkg:pypi/xmlschema@3.4.3", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx index b948398790..f90e2a7e85 100644 --- a/sbom/cve-bin-tool-py3.9.spdx +++ b/sbom/cve-bin-tool-py3.9.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-eb859755-2df3-4cff-8f13-6688d449550c +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9f3d8833-874a-4b8d-97a0-34ac23a6561e LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-10-28T00:39:33Z +Created: 2024-11-04T00:38:06Z CreatorComment: This document has been automatically generated. ##### @@ -116,6 +116,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files FilesAnalyzed: false +PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -158,18 +159,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e PackageName: yarl SPDXID: SPDXRef-10-yarl -PackageVersion: 1.16.0 +PackageVersion: 1.17.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.16.0/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.16.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:* ##### PackageName: idna @@ -238,10 +239,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:* PackageName: cvss SPDXID: SPDXRef-15-cvss -PackageVersion: 3.2 +PackageVersion: 3.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) -PackageDownloadLocation: https://pypi.org/project/cvss/3.2/#files +PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/RedHatProductSecurity/cvss PackageLicenseDeclared: NOASSERTION @@ -249,8 +250,8 @@ PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3 -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:* ##### PackageName: defusedxml @@ -740,6 +741,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.5.0/#files FilesAnalyzed: false +PackageChecksum: SHA1: b34810b1e0665580a91ea19b6317a1890ecd42c1 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -845,19 +847,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* PackageName: rpds-py SPDXID: SPDXRef-51-rpds-py -PackageVersion: 0.20.0 +PackageVersion: 0.20.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.0/#files +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds -PackageChecksum: SHA1: fac4daa73aacf2df7b4341d51f0c24f5f80aa03d PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:* ##### PackageName: lib4sbom @@ -962,18 +963,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 PackageName: rich SPDXID: SPDXRef-58-rich -PackageVersion: 13.9.3 +PackageVersion: 13.9.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rich/13.9.3/#files +PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:* ##### PackageName: markdown-it-py @@ -1034,6 +1035,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files FilesAnalyzed: false +PackageChecksum: SHA1: 85442b8032cb7bae72866dfd7782234a98dd2fb7 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1176,17 +1178,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-71-setuptools -PackageVersion: 75.2.0 +PackageVersion: 75.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:* ##### PackageName: toml @@ -1208,18 +1210,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: PackageName: xmlschema SPDXID: SPDXRef-73-xmlschema -PackageVersion: 3.4.2 +PackageVersion: 3.4.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.2/#files +PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/xmlschema PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:* ##### PackageName: elementpath From cb74c562a7776866aabe94cce964924c58995b63 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 20:05:42 +0000 Subject: [PATCH 17/34] chore: update SBOM for Python 3.10 (#4549) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.10.json | 70 +++++++++++++++++++---------------- sbom/cve-bin-tool-py3.10.spdx | 55 +++++++++++++-------------- 2 files changed, 66 insertions(+), 59 deletions(-) diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json index 19a898bcac..a6e3c0437d 100644 --- a/sbom/cve-bin-tool-py3.10.json +++ b/sbom/cve-bin-tool-py3.10.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:f845813e-87fb-4b9d-a68b-cf62b5eebeb4", + "serialNumber": "urn:uuid:888833a5-aabf-426e-88d8-8eb73ab2cb9d", "version": 1, "metadata": { - "timestamp": "2024-10-28T00:37:59Z", + "timestamp": "2024-11-04T00:38:13Z", "lifecycles": [ { "phase": "build" @@ -329,6 +329,12 @@ }, "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*", "description": "Classes Without Boilerplate", + "hashes": [ + { + "alg": "SHA-1", + "content": "6771a04893780166e4b7826b63599f43ac30d00a" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/attrs/24.2.0/#files", @@ -434,7 +440,7 @@ "type": "library", "bom-ref": "10-yarl", "name": "yarl", - "version": "1.16.0", + "version": "1.17.1", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -443,7 +449,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -461,12 +467,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.16.0/#files", + "url": "https://pypi.org/project/yarl/1.17.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.16.0", + "purl": "pkg:pypi/yarl@1.17.1", "properties": [ { "name": "language", @@ -655,7 +661,7 @@ "type": "library", "bom-ref": "15-cvss", "name": "cvss", - "version": "3.2", + "version": "3.3", "supplier": { "name": "Stanislav Red Hat Product Security", "contact": [ @@ -664,7 +670,7 @@ } ] }, - "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*", "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", "licenses": [ { @@ -682,12 +688,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cvss/3.2/#files", + "url": "https://pypi.org/project/cvss/3.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cvss@3.2", + "purl": "pkg:pypi/cvss@3.3", "properties": [ { "name": "language", @@ -2393,7 +2399,7 @@ "type": "library", "bom-ref": "49-rpds-py", "name": "rpds-py", - "version": "0.20.0", + "version": "0.20.1", "supplier": { "name": "Julian Berman", "contact": [ @@ -2402,14 +2408,8 @@ } ] }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", - "hashes": [ - { - "alg": "SHA-1", - "content": "fac4daa73aacf2df7b4341d51f0c24f5f80aa03d" - } - ], "licenses": [ { "license": { @@ -2426,12 +2426,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rpds-py/0.20.0/#files", + "url": "https://pypi.org/project/rpds-py/0.20.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.20.0", + "purl": "pkg:pypi/rpds-py@0.20.1", "properties": [ { "name": "language", @@ -2752,7 +2752,7 @@ "type": "library", "bom-ref": "56-rich", "name": "rich", - "version": "13.9.3", + "version": "13.9.4", "supplier": { "name": "Will McGugan", "contact": [ @@ -2761,7 +2761,7 @@ } ] }, - "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "licenses": [ { @@ -2779,12 +2779,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rich/13.9.3/#files", + "url": "https://pypi.org/project/rich/13.9.4/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rich@13.9.3", + "purl": "pkg:pypi/rich@13.9.4", "properties": [ { "name": "language", @@ -2967,6 +2967,12 @@ }, "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*", "description": "Core utilities for Python packages", + "hashes": [ + { + "alg": "SHA-1", + "content": "85442b8032cb7bae72866dfd7782234a98dd2fb7" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/packaging/24.1/#files", @@ -3378,7 +3384,7 @@ "type": "library", "bom-ref": "69-setuptools", "name": "setuptools", - "version": "75.2.0", + "version": "75.3.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3387,16 +3393,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.2.0/#files", + "url": "https://pypi.org/project/setuptools/75.3.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.2.0", + "purl": "pkg:pypi/setuptools@75.3.0", "properties": [ { "name": "language", @@ -3470,7 +3476,7 @@ "type": "library", "bom-ref": "71-xmlschema", "name": "xmlschema", - "version": "3.4.2", + "version": "3.4.3", "supplier": { "name": "Davide Brunato", "contact": [ @@ -3479,7 +3485,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", "licenses": [ { @@ -3497,12 +3503,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/xmlschema/3.4.2/#files", + "url": "https://pypi.org/project/xmlschema/3.4.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@3.4.2", + "purl": "pkg:pypi/xmlschema@3.4.3", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx index 6adec42bb4..7b519501da 100644 --- a/sbom/cve-bin-tool-py3.10.spdx +++ b/sbom/cve-bin-tool-py3.10.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9d9a0807-ce81-4de1-9676-a3d3dbacf13f +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-3b2a6d00-6777-463e-bce6-aac435fde0eb LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-10-28T00:37:06Z +Created: 2024-11-04T00:37:10Z CreatorComment: This document has been automatically generated. ##### @@ -116,6 +116,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files FilesAnalyzed: false +PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -158,18 +159,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e PackageName: yarl SPDXID: SPDXRef-10-yarl -PackageVersion: 1.16.0 +PackageVersion: 1.17.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.16.0/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.16.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:* ##### PackageName: idna @@ -238,10 +239,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:* PackageName: cvss SPDXID: SPDXRef-15-cvss -PackageVersion: 3.2 +PackageVersion: 3.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) -PackageDownloadLocation: https://pypi.org/project/cvss/3.2/#files +PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/RedHatProductSecurity/cvss PackageLicenseDeclared: NOASSERTION @@ -249,8 +250,8 @@ PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3 -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:* ##### PackageName: defusedxml @@ -815,19 +816,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* PackageName: rpds-py SPDXID: SPDXRef-49-rpds-py -PackageVersion: 0.20.0 +PackageVersion: 0.20.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.0/#files +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds -PackageChecksum: SHA1: fac4daa73aacf2df7b4341d51f0c24f5f80aa03d PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:* ##### PackageName: lib4sbom @@ -932,18 +932,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 PackageName: rich SPDXID: SPDXRef-56-rich -PackageVersion: 13.9.3 +PackageVersion: 13.9.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rich/13.9.3/#files +PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:* ##### PackageName: markdown-it-py @@ -1004,6 +1004,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files FilesAnalyzed: false +PackageChecksum: SHA1: 85442b8032cb7bae72866dfd7782234a98dd2fb7 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1146,17 +1147,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-69-setuptools -PackageVersion: 75.2.0 +PackageVersion: 75.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:* ##### PackageName: toml @@ -1178,18 +1179,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: PackageName: xmlschema SPDXID: SPDXRef-71-xmlschema -PackageVersion: 3.4.2 +PackageVersion: 3.4.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.2/#files +PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/xmlschema PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:* ##### PackageName: elementpath From a0bc80b69596679361b0bdd4bea39d3b6ac669c7 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 20:06:30 +0000 Subject: [PATCH 18/34] chore: update SBOM for Python 3.8 (#4548) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.8.json | 74 ++++++++++++++++++++++-------------- sbom/cve-bin-tool-py3.8.spdx | 49 +++++++++++++----------- 2 files changed, 72 insertions(+), 51 deletions(-) diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json index aaa515d518..4079d26ba9 100644 --- a/sbom/cve-bin-tool-py3.8.json +++ b/sbom/cve-bin-tool-py3.8.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:e019cd5f-9c97-4fd6-b01a-e1fdc281d319", + "serialNumber": "urn:uuid:b70c8919-aa47-439d-9ce3-c84a2d16b633", "version": 1, "metadata": { - "timestamp": "2024-10-28T00:40:20Z", + "timestamp": "2024-11-04T00:37:54Z", "lifecycles": [ { "phase": "build" @@ -329,6 +329,12 @@ }, "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*", "description": "Classes Without Boilerplate", + "hashes": [ + { + "alg": "SHA-1", + "content": "6771a04893780166e4b7826b63599f43ac30d00a" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/attrs/24.2.0/#files", @@ -445,6 +451,12 @@ }, "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*", "description": "Yet another URL library", + "hashes": [ + { + "alg": "SHA-1", + "content": "33294bf084d2dde1ac1e8133b0125e1f142a8274" + } + ], "licenses": [ { "license": { @@ -655,7 +667,7 @@ "type": "library", "bom-ref": "15-cvss", "name": "cvss", - "version": "3.2", + "version": "3.3", "supplier": { "name": "Stanislav Red Hat Product Security", "contact": [ @@ -664,7 +676,7 @@ } ] }, - "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*", "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", "licenses": [ { @@ -682,12 +694,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cvss/3.2/#files", + "url": "https://pypi.org/project/cvss/3.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cvss@3.2", + "purl": "pkg:pypi/cvss@3.3", "properties": [ { "name": "language", @@ -2202,6 +2214,12 @@ }, "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*", "description": "Read metadata from Python packages", + "hashes": [ + { + "alg": "SHA-1", + "content": "b34810b1e0665580a91ea19b6317a1890ecd42c1" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/importlib-metadata/8.5.0/#files", @@ -2532,7 +2550,7 @@ "type": "library", "bom-ref": "52-rpds-py", "name": "rpds-py", - "version": "0.20.0", + "version": "0.20.1", "supplier": { "name": "Julian Berman", "contact": [ @@ -2541,14 +2559,8 @@ } ] }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", - "hashes": [ - { - "alg": "SHA-1", - "content": "fac4daa73aacf2df7b4341d51f0c24f5f80aa03d" - } - ], "licenses": [ { "license": { @@ -2565,12 +2577,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rpds-py/0.20.0/#files", + "url": "https://pypi.org/project/rpds-py/0.20.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.20.0", + "purl": "pkg:pypi/rpds-py@0.20.1", "properties": [ { "name": "language", @@ -2934,7 +2946,7 @@ "type": "library", "bom-ref": "60-rich", "name": "rich", - "version": "13.9.3", + "version": "13.9.4", "supplier": { "name": "Will McGugan", "contact": [ @@ -2943,7 +2955,7 @@ } ] }, - "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "licenses": [ { @@ -2961,12 +2973,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rich/13.9.3/#files", + "url": "https://pypi.org/project/rich/13.9.4/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rich@13.9.3", + "purl": "pkg:pypi/rich@13.9.4", "properties": [ { "name": "language", @@ -3149,6 +3161,12 @@ }, "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*", "description": "Core utilities for Python packages", + "hashes": [ + { + "alg": "SHA-1", + "content": "85442b8032cb7bae72866dfd7782234a98dd2fb7" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/packaging/24.1/#files", @@ -3560,7 +3578,7 @@ "type": "library", "bom-ref": "73-setuptools", "name": "setuptools", - "version": "75.2.0", + "version": "75.3.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3569,16 +3587,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.2.0/#files", + "url": "https://pypi.org/project/setuptools/75.3.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.2.0", + "purl": "pkg:pypi/setuptools@75.3.0", "properties": [ { "name": "language", @@ -3652,7 +3670,7 @@ "type": "library", "bom-ref": "75-xmlschema", "name": "xmlschema", - "version": "3.4.2", + "version": "3.4.3", "supplier": { "name": "Davide Brunato", "contact": [ @@ -3661,7 +3679,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", "licenses": [ { @@ -3679,12 +3697,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/xmlschema/3.4.2/#files", + "url": "https://pypi.org/project/xmlschema/3.4.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@3.4.2", + "purl": "pkg:pypi/xmlschema@3.4.3", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx index 8522bd1ea0..c2f86ce550 100644 --- a/sbom/cve-bin-tool-py3.8.spdx +++ b/sbom/cve-bin-tool-py3.8.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a8eca549-4f66-4938-9caa-1ff2abaec047 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-549306a2-498d-4c40-9fba-23e2d0d32c42 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-10-28T00:39:21Z +Created: 2024-11-04T00:36:57Z CreatorComment: This document has been automatically generated. ##### @@ -116,6 +116,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files FilesAnalyzed: false +PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -164,6 +165,7 @@ PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/yarl/1.15.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl +PackageChecksum: SHA1: 33294bf084d2dde1ac1e8133b0125e1f142a8274 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION @@ -238,10 +240,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:* PackageName: cvss SPDXID: SPDXRef-15-cvss -PackageVersion: 3.2 +PackageVersion: 3.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) -PackageDownloadLocation: https://pypi.org/project/cvss/3.2/#files +PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/RedHatProductSecurity/cvss PackageLicenseDeclared: NOASSERTION @@ -249,8 +251,8 @@ PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3 -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:* ##### PackageName: defusedxml @@ -740,6 +742,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.5.0/#files FilesAnalyzed: false +PackageChecksum: SHA1: b34810b1e0665580a91ea19b6317a1890ecd42c1 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -861,19 +864,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* PackageName: rpds-py SPDXID: SPDXRef-52-rpds-py -PackageVersion: 0.20.0 +PackageVersion: 0.20.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.0/#files +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds -PackageChecksum: SHA1: fac4daa73aacf2df7b4341d51f0c24f5f80aa03d PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:* ##### PackageName: pkgutil-resolve-name @@ -994,18 +996,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 PackageName: rich SPDXID: SPDXRef-60-rich -PackageVersion: 13.9.3 +PackageVersion: 13.9.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rich/13.9.3/#files +PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:* ##### PackageName: markdown-it-py @@ -1066,6 +1068,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files FilesAnalyzed: false +PackageChecksum: SHA1: 85442b8032cb7bae72866dfd7782234a98dd2fb7 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1208,17 +1211,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-73-setuptools -PackageVersion: 75.2.0 +PackageVersion: 75.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:* ##### PackageName: toml @@ -1240,18 +1243,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: PackageName: xmlschema SPDXID: SPDXRef-75-xmlschema -PackageVersion: 3.4.2 +PackageVersion: 3.4.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.2/#files +PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/xmlschema PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:* ##### PackageName: elementpath From e3962393163d9a8383c800da097849328ae513f1 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 20:07:42 +0000 Subject: [PATCH 19/34] chore: update SBOM for Python 3.12 (#4547) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.12.json | 70 +++++++++++++++++++---------------- sbom/cve-bin-tool-py3.12.spdx | 55 +++++++++++++-------------- 2 files changed, 66 insertions(+), 59 deletions(-) diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json index beafd63bdf..78cbb8c8a1 100644 --- a/sbom/cve-bin-tool-py3.12.json +++ b/sbom/cve-bin-tool-py3.12.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:c3f0a58f-1000-4930-b89e-cb88efacd5d3", + "serialNumber": "urn:uuid:06a39a94-1422-40df-893c-b488d152ad6c", "version": 1, "metadata": { - "timestamp": "2024-10-28T00:38:50Z", + "timestamp": "2024-11-04T00:37:49Z", "lifecycles": [ { "phase": "build" @@ -271,6 +271,12 @@ }, "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*", "description": "Classes Without Boilerplate", + "hashes": [ + { + "alg": "SHA-1", + "content": "6771a04893780166e4b7826b63599f43ac30d00a" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/attrs/24.2.0/#files", @@ -342,7 +348,7 @@ "type": "library", "bom-ref": "8-yarl", "name": "yarl", - "version": "1.16.0", + "version": "1.17.1", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -351,7 +357,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -369,12 +375,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.16.0/#files", + "url": "https://pypi.org/project/yarl/1.17.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.16.0", + "purl": "pkg:pypi/yarl@1.17.1", "properties": [ { "name": "language", @@ -563,7 +569,7 @@ "type": "library", "bom-ref": "13-cvss", "name": "cvss", - "version": "3.2", + "version": "3.3", "supplier": { "name": "Stanislav Red Hat Product Security", "contact": [ @@ -572,7 +578,7 @@ } ] }, - "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*", "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", "licenses": [ { @@ -590,12 +596,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cvss/3.2/#files", + "url": "https://pypi.org/project/cvss/3.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cvss@3.2", + "purl": "pkg:pypi/cvss@3.3", "properties": [ { "name": "language", @@ -2301,7 +2307,7 @@ "type": "library", "bom-ref": "47-rpds-py", "name": "rpds-py", - "version": "0.20.0", + "version": "0.20.1", "supplier": { "name": "Julian Berman", "contact": [ @@ -2310,14 +2316,8 @@ } ] }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", - "hashes": [ - { - "alg": "SHA-1", - "content": "fac4daa73aacf2df7b4341d51f0c24f5f80aa03d" - } - ], "licenses": [ { "license": { @@ -2334,12 +2334,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rpds-py/0.20.0/#files", + "url": "https://pypi.org/project/rpds-py/0.20.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.20.0", + "purl": "pkg:pypi/rpds-py@0.20.1", "properties": [ { "name": "language", @@ -2660,7 +2660,7 @@ "type": "library", "bom-ref": "54-rich", "name": "rich", - "version": "13.9.3", + "version": "13.9.4", "supplier": { "name": "Will McGugan", "contact": [ @@ -2669,7 +2669,7 @@ } ] }, - "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "licenses": [ { @@ -2687,12 +2687,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rich/13.9.3/#files", + "url": "https://pypi.org/project/rich/13.9.4/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rich@13.9.3", + "purl": "pkg:pypi/rich@13.9.4", "properties": [ { "name": "language", @@ -2875,6 +2875,12 @@ }, "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*", "description": "Core utilities for Python packages", + "hashes": [ + { + "alg": "SHA-1", + "content": "85442b8032cb7bae72866dfd7782234a98dd2fb7" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/packaging/24.1/#files", @@ -3286,7 +3292,7 @@ "type": "library", "bom-ref": "67-setuptools", "name": "setuptools", - "version": "75.2.0", + "version": "75.3.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3295,16 +3301,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.2.0/#files", + "url": "https://pypi.org/project/setuptools/75.3.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.2.0", + "purl": "pkg:pypi/setuptools@75.3.0", "properties": [ { "name": "language", @@ -3320,7 +3326,7 @@ "type": "library", "bom-ref": "68-xmlschema", "name": "xmlschema", - "version": "3.4.2", + "version": "3.4.3", "supplier": { "name": "Davide Brunato", "contact": [ @@ -3329,7 +3335,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", "licenses": [ { @@ -3347,12 +3353,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/xmlschema/3.4.2/#files", + "url": "https://pypi.org/project/xmlschema/3.4.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@3.4.2", + "purl": "pkg:pypi/xmlschema@3.4.3", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx index d5dd7e4fb8..785cc63656 100644 --- a/sbom/cve-bin-tool-py3.12.spdx +++ b/sbom/cve-bin-tool-py3.12.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-8092be7a-891d-43e8-92da-4f3a027149cf +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-6d5d65ce-7ee4-477d-bfcf-c94432e85cfb LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-10-28T00:38:09Z +Created: 2024-11-04T00:36:55Z CreatorComment: This document has been automatically generated. ##### @@ -98,6 +98,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files FilesAnalyzed: false +PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -125,18 +126,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:* PackageName: yarl SPDXID: SPDXRef-8-yarl -PackageVersion: 1.16.0 +PackageVersion: 1.17.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.16.0/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.16.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:* ##### PackageName: idna @@ -205,10 +206,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:* PackageName: cvss SPDXID: SPDXRef-13-cvss -PackageVersion: 3.2 +PackageVersion: 3.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) -PackageDownloadLocation: https://pypi.org/project/cvss/3.2/#files +PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/RedHatProductSecurity/cvss PackageLicenseDeclared: NOASSERTION @@ -216,8 +217,8 @@ PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3 -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:* ##### PackageName: defusedxml @@ -782,19 +783,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* PackageName: rpds-py SPDXID: SPDXRef-47-rpds-py -PackageVersion: 0.20.0 +PackageVersion: 0.20.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.0/#files +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds -PackageChecksum: SHA1: fac4daa73aacf2df7b4341d51f0c24f5f80aa03d PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:* ##### PackageName: lib4sbom @@ -899,18 +899,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 PackageName: rich SPDXID: SPDXRef-54-rich -PackageVersion: 13.9.3 +PackageVersion: 13.9.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rich/13.9.3/#files +PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:* ##### PackageName: markdown-it-py @@ -971,6 +971,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files FilesAnalyzed: false +PackageChecksum: SHA1: 85442b8032cb7bae72866dfd7782234a98dd2fb7 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1113,33 +1114,33 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-67-setuptools -PackageVersion: 75.2.0 +PackageVersion: 75.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:* ##### PackageName: xmlschema SPDXID: SPDXRef-68-xmlschema -PackageVersion: 3.4.2 +PackageVersion: 3.4.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.2/#files +PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/xmlschema PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:* ##### PackageName: elementpath From 8da67fa38e048038ac2b36acc42ea90693070eee Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 20:26:38 +0000 Subject: [PATCH 20/34] chore: update pre-commit config (#4545) * chore: update pre-commit config * chore: older black for py3.8 --------- Co-authored-by: GitHub Co-authored-by: Terri Oda --- .pre-commit-config.yaml | 6 +++--- dev-requirements.txt | 7 ++++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 5e194bd6b9..8a14acb674 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -15,13 +15,13 @@ repos: exclude: ^fuzz/generated/ - repo: https://github.com/psf/black-pre-commit-mirror - rev: 24.8.0 + rev: 24.10.0 hooks: - id: black exclude: ^fuzz/generated/ - repo: https://github.com/asottile/pyupgrade - rev: v3.17.0 + rev: v3.19.0 hooks: - id: pyupgrade exclude: ^fuzz/generated/ @@ -46,7 +46,7 @@ repos: - id: gitlint - repo: https://github.com/pre-commit/mirrors-mypy - rev: v1.11.2 + rev: v1.13.0 hooks: - id: mypy additional_dependencies: diff --git a/dev-requirements.txt b/dev-requirements.txt index 676d73734d..d98d7977bb 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -1,14 +1,15 @@ -black==24.8.0 +black==24.10.0; python_version > "3.8" +black==24.8.0; python_version <= "3.8" isort; python_version < "3.8" isort==5.13.2; python_version >= "3.8" pre-commit; python_version <= "3.8" -pre-commit==3.8.0; python_version > "3.8" +pre-commit==4.0.1; python_version > "3.8" flake8; python_version < "3.8" flake8==7.1.1; python_version >= "3.8" bandit==1.7.10 gitlint==v0.19.1 interrogate -mypy==v1.11.2 +mypy==v1.13.0 pytest>=7.2.0 pytest-xdist pytest-cov From f5b160980e6ae87fd867cb89bf4d481400b57829 Mon Sep 17 00:00:00 2001 From: Terri Oda Date: Wed, 6 Nov 2024 09:24:11 -0800 Subject: [PATCH 21/34] ci: switch default runners and timeouts (#4556) An experiment to see if we can fix some periodic test fails and timeouts in longtests and the cve_scan job. Signed-off-by: Terri Oda --- .github/workflows/cve_scan.yml | 5 +++-- .github/workflows/testing.yml | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cve_scan.yml b/.github/workflows/cve_scan.yml index 212af4496b..3ce69d8833 100644 --- a/.github/workflows/cve_scan.yml +++ b/.github/workflows/cve_scan.yml @@ -12,8 +12,9 @@ permissions: jobs: cve_scan: name: CVE scan on dependencies - runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} - timeout-minutes: 30 + # runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} + runs-on: 'ubuntu-latest' + timeout-minutes: 60 steps: - name: Harden Runner uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index b74a2a89d5..651c378eb6 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -197,7 +197,7 @@ jobs: github.head_ref ) ) - runs-on: 'ubuntu-latest' + runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} timeout-minutes: 120 env: LONG_TESTS: 1 From 505bcf044cb263f473703669b713c1ee54bd4f11 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 18:59:51 +0000 Subject: [PATCH 22/34] chore: update SBOM for Python 3.11 (#4560) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.11.json | 61 ++++++++++++++++++----------------- sbom/cve-bin-tool-py3.11.spdx | 36 +++++++++++---------- 2 files changed, 51 insertions(+), 46 deletions(-) diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json index 1ab4cf5700..5ba8175fb4 100644 --- a/sbom/cve-bin-tool-py3.11.json +++ b/sbom/cve-bin-tool-py3.11.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:d41bd464-c594-4908-998a-aa31f02d37f2", + "serialNumber": "urn:uuid:427b46ae-e987-4f40-8517-9a8d3fcec56e", "version": 1, "metadata": { - "timestamp": "2024-11-04T00:39:27Z", + "timestamp": "2024-11-11T00:37:40Z", "lifecycles": [ { "phase": "build" @@ -541,6 +541,12 @@ }, "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*", "description": "A modern CSS selector implementation for Beautiful Soup.", + "hashes": [ + { + "alg": "SHA-1", + "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990" + } + ], "externalReferences": [ { "url": "https://github.com/facelessuser/soupsieve", @@ -2142,6 +2148,12 @@ "name": "markupsafe", "version": "3.0.2", "description": "Safely add untrusted strings to HTML/XML markup.", + "hashes": [ + { + "alg": "SHA-1", + "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/markupsafe/3.0.2/#files", @@ -2307,7 +2319,7 @@ "type": "library", "bom-ref": "47-rpds-py", "name": "rpds-py", - "version": "0.20.1", + "version": "0.21.0", "supplier": { "name": "Julian Berman", "contact": [ @@ -2316,17 +2328,8 @@ } ] }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } - } - ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2334,12 +2337,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rpds-py/0.20.1/#files", + "url": "https://pypi.org/project/rpds-py/0.21.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.20.1", + "purl": "pkg:pypi/rpds-py@0.21.0", "properties": [ { "name": "language", @@ -2671,6 +2674,12 @@ }, "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", + "hashes": [ + { + "alg": "SHA-1", + "content": "43d3b04725ab9731727fb1126e35980c62f32377" + } + ], "licenses": [ { "license": { @@ -2864,7 +2873,7 @@ "type": "library", "bom-ref": "58-packaging", "name": "packaging", - "version": "24.1", + "version": "24.2", "supplier": { "name": "Donald Stufft", "contact": [ @@ -2873,22 +2882,16 @@ } ] }, - "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", "description": "Core utilities for Python packages", - "hashes": [ - { - "alg": "SHA-1", - "content": "85442b8032cb7bae72866dfd7782234a98dd2fb7" - } - ], "externalReferences": [ { - "url": "https://pypi.org/project/packaging/24.1/#files", + "url": "https://pypi.org/project/packaging/24.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/packaging@24.1", + "purl": "pkg:pypi/packaging@24.2", "properties": [ { "name": "language", @@ -3422,7 +3425,7 @@ "type": "library", "bom-ref": "70-zipp", "name": "zipp", - "version": "3.20.2", + "version": "3.21.0", "supplier": { "name": "Jason R .", "contact": [ @@ -3431,16 +3434,16 @@ } ] }, - "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*", "description": "Backport of pathlib-compatible object wrapper for zip files", "externalReferences": [ { - "url": "https://pypi.org/project/zipp/3.20.2/#files", + "url": "https://pypi.org/project/zipp/3.21.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/zipp@3.20.2", + "purl": "pkg:pypi/zipp@3.21.0", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx index 17f485a570..272ff4e086 100644 --- a/sbom/cve-bin-tool-py3.11.spdx +++ b/sbom/cve-bin-tool-py3.11.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-42a5440d-e497-4f5a-8c23-5f4cbc506669 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-efe4b143-b05c-44c4-852e-b6b21a68340f LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-04T00:38:31Z +Created: 2024-11-11T00:37:01Z CreatorComment: This document has been automatically generated. ##### @@ -196,6 +196,7 @@ PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com) PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files FilesAnalyzed: false PackageHomePage: https://github.com/facelessuser/soupsieve +PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -723,6 +724,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files FilesAnalyzed: false +PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression. @@ -783,18 +785,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* PackageName: rpds-py SPDXID: SPDXRef-47-rpds-py -PackageVersion: 0.20.1 +PackageVersion: 0.21.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:* ##### PackageName: lib4sbom @@ -905,6 +907,7 @@ PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich +PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -966,18 +969,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:* PackageName: packaging SPDXID: SPDXRef-58-packaging -PackageVersion: 24.1 +PackageVersion: 24.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) -PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files +PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files FilesAnalyzed: false -PackageChecksum: SHA1: 85442b8032cb7bae72866dfd7782234a98dd2fb7 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Core utilities for Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:* ##### PackageName: plotly @@ -1161,17 +1163,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:* PackageName: zipp SPDXID: SPDXRef-70-zipp -PackageVersion: 3.20.2 +PackageVersion: 3.21.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files +PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Backport of pathlib-compatible object wrapper for zip files -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:* ##### PackageName: zstandard From 58235bea62c81bb845e53652ddc2c8eca96886d5 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 19:01:02 +0000 Subject: [PATCH 23/34] chore: update SBOM for Python 3.9 (#4564) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.9.json | 67 ++++++++++++++++++++---------------- sbom/cve-bin-tool-py3.9.spdx | 37 +++++++++++--------- 2 files changed, 58 insertions(+), 46 deletions(-) diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json index d9f6feaf78..2f66f324d6 100644 --- a/sbom/cve-bin-tool-py3.9.json +++ b/sbom/cve-bin-tool-py3.9.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:cf0e1889-1a11-4eb0-90b5-58e1bd7cf8fb", + "serialNumber": "urn:uuid:b533a6a5-37a1-49d0-ac98-ad45000656d8", "version": 1, "metadata": { - "timestamp": "2024-11-04T00:39:04Z", + "timestamp": "2024-11-11T00:38:15Z", "lifecycles": [ { "phase": "build" @@ -417,6 +417,12 @@ }, "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*", "description": "Backported and Experimental Type Hints for Python 3.8+", + "hashes": [ + { + "alg": "SHA-1", + "content": "e1250ff869e7ee5ad05170d8a4b65469f13801c3" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/typing-extensions/4.12.2/#files", @@ -633,6 +639,12 @@ }, "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*", "description": "A modern CSS selector implementation for Beautiful Soup.", + "hashes": [ + { + "alg": "SHA-1", + "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990" + } + ], "externalReferences": [ { "url": "https://github.com/facelessuser/soupsieve", @@ -2237,7 +2249,7 @@ "type": "library", "bom-ref": "45-zipp", "name": "zipp", - "version": "3.20.2", + "version": "3.21.0", "supplier": { "name": "Jason R .", "contact": [ @@ -2246,16 +2258,16 @@ } ] }, - "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*", "description": "Backport of pathlib-compatible object wrapper for zip files", "externalReferences": [ { - "url": "https://pypi.org/project/zipp/3.20.2/#files", + "url": "https://pypi.org/project/zipp/3.21.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/zipp@3.20.2", + "purl": "pkg:pypi/zipp@3.21.0", "properties": [ { "name": "language", @@ -2308,6 +2320,12 @@ "name": "markupsafe", "version": "3.0.2", "description": "Safely add untrusted strings to HTML/XML markup.", + "hashes": [ + { + "alg": "SHA-1", + "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/markupsafe/3.0.2/#files", @@ -2473,7 +2491,7 @@ "type": "library", "bom-ref": "51-rpds-py", "name": "rpds-py", - "version": "0.20.1", + "version": "0.21.0", "supplier": { "name": "Julian Berman", "contact": [ @@ -2482,17 +2500,8 @@ } ] }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } - } - ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2500,12 +2509,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rpds-py/0.20.1/#files", + "url": "https://pypi.org/project/rpds-py/0.21.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.20.1", + "purl": "pkg:pypi/rpds-py@0.21.0", "properties": [ { "name": "language", @@ -2837,6 +2846,12 @@ }, "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", + "hashes": [ + { + "alg": "SHA-1", + "content": "43d3b04725ab9731727fb1126e35980c62f32377" + } + ], "licenses": [ { "license": { @@ -3030,7 +3045,7 @@ "type": "library", "bom-ref": "62-packaging", "name": "packaging", - "version": "24.1", + "version": "24.2", "supplier": { "name": "Donald Stufft", "contact": [ @@ -3039,22 +3054,16 @@ } ] }, - "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", "description": "Core utilities for Python packages", - "hashes": [ - { - "alg": "SHA-1", - "content": "85442b8032cb7bae72866dfd7782234a98dd2fb7" - } - ], "externalReferences": [ { - "url": "https://pypi.org/project/packaging/24.1/#files", + "url": "https://pypi.org/project/packaging/24.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/packaging@24.1", + "purl": "pkg:pypi/packaging@24.2", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx index f90e2a7e85..e3fee52bd3 100644 --- a/sbom/cve-bin-tool-py3.9.spdx +++ b/sbom/cve-bin-tool-py3.9.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9f3d8833-874a-4b8d-97a0-34ac23a6561e +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9649f957-449f-4148-b2c1-9a5ec28d0ff8 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-04T00:38:06Z +Created: 2024-11-11T00:37:24Z CreatorComment: This document has been automatically generated. ##### @@ -149,6 +149,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files FilesAnalyzed: false +PackageChecksum: SHA1: e1250ff869e7ee5ad05170d8a4b65469f13801c3 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -229,6 +230,7 @@ PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com) PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files FilesAnalyzed: false PackageHomePage: https://github.com/facelessuser/soupsieve +PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -752,17 +754,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*: PackageName: zipp SPDXID: SPDXRef-45-zipp -PackageVersion: 3.20.2 +PackageVersion: 3.21.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files +PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Backport of pathlib-compatible object wrapper for zip files -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:* ##### PackageName: jinja2 @@ -787,6 +789,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files FilesAnalyzed: false +PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression. @@ -847,18 +850,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* PackageName: rpds-py SPDXID: SPDXRef-51-rpds-py -PackageVersion: 0.20.1 +PackageVersion: 0.21.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:* ##### PackageName: lib4sbom @@ -969,6 +972,7 @@ PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich +PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -1030,18 +1034,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:* PackageName: packaging SPDXID: SPDXRef-62-packaging -PackageVersion: 24.1 +PackageVersion: 24.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) -PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files +PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files FilesAnalyzed: false -PackageChecksum: SHA1: 85442b8032cb7bae72866dfd7782234a98dd2fb7 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Core utilities for Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:* ##### PackageName: plotly From dfcfff7783f286003d9161782891f8b411393604 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 19:02:28 +0000 Subject: [PATCH 24/34] chore: update SBOM for Python 3.8 (#4563) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.8.json | 42 +++++++++++++++++++++++++----------- sbom/cve-bin-tool-py3.8.spdx | 17 +++++++++------ 2 files changed, 40 insertions(+), 19 deletions(-) diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json index 4079d26ba9..8e6c4b88f2 100644 --- a/sbom/cve-bin-tool-py3.8.json +++ b/sbom/cve-bin-tool-py3.8.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:b70c8919-aa47-439d-9ce3-c84a2d16b633", + "serialNumber": "urn:uuid:09185e60-2171-4493-a4fd-eaadb9d689b9", "version": 1, "metadata": { - "timestamp": "2024-11-04T00:37:54Z", + "timestamp": "2024-11-11T00:37:58Z", "lifecycles": [ { "phase": "build" @@ -417,6 +417,12 @@ }, "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*", "description": "Backported and Experimental Type Hints for Python 3.8+", + "hashes": [ + { + "alg": "SHA-1", + "content": "e1250ff869e7ee5ad05170d8a4b65469f13801c3" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/typing-extensions/4.12.2/#files", @@ -639,6 +645,12 @@ }, "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*", "description": "A modern CSS selector implementation for Beautiful Soup.", + "hashes": [ + { + "alg": "SHA-1", + "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990" + } + ], "externalReferences": [ { "url": "https://github.com/facelessuser/soupsieve", @@ -2288,6 +2300,12 @@ }, "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:*", "description": "Read resources from Python packages", + "hashes": [ + { + "alg": "SHA-1", + "content": "284148b005b57031a354402c446473f53cab2c49" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/importlib-resources/6.4.5/#files", @@ -2957,6 +2975,12 @@ }, "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", + "hashes": [ + { + "alg": "SHA-1", + "content": "43d3b04725ab9731727fb1126e35980c62f32377" + } + ], "licenses": [ { "license": { @@ -3150,7 +3174,7 @@ "type": "library", "bom-ref": "64-packaging", "name": "packaging", - "version": "24.1", + "version": "24.2", "supplier": { "name": "Donald Stufft", "contact": [ @@ -3159,22 +3183,16 @@ } ] }, - "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", "description": "Core utilities for Python packages", - "hashes": [ - { - "alg": "SHA-1", - "content": "85442b8032cb7bae72866dfd7782234a98dd2fb7" - } - ], "externalReferences": [ { - "url": "https://pypi.org/project/packaging/24.1/#files", + "url": "https://pypi.org/project/packaging/24.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/packaging@24.1", + "purl": "pkg:pypi/packaging@24.2", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx index c2f86ce550..c66cbe5150 100644 --- a/sbom/cve-bin-tool-py3.8.spdx +++ b/sbom/cve-bin-tool-py3.8.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-549306a2-498d-4c40-9fba-23e2d0d32c42 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7d29612d-e195-4775-b376-646cc2514ac4 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-04T00:36:57Z +Created: 2024-11-11T00:36:58Z CreatorComment: This document has been automatically generated. ##### @@ -149,6 +149,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files FilesAnalyzed: false +PackageChecksum: SHA1: e1250ff869e7ee5ad05170d8a4b65469f13801c3 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -230,6 +231,7 @@ PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com) PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files FilesAnalyzed: false PackageHomePage: https://github.com/facelessuser/soupsieve +PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -773,6 +775,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Barry Warsaw (barry@python.org) PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.4.5/#files FilesAnalyzed: false +PackageChecksum: SHA1: 284148b005b57031a354402c446473f53cab2c49 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1002,6 +1005,7 @@ PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich +PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -1063,18 +1067,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:* PackageName: packaging SPDXID: SPDXRef-64-packaging -PackageVersion: 24.1 +PackageVersion: 24.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) -PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files +PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files FilesAnalyzed: false -PackageChecksum: SHA1: 85442b8032cb7bae72866dfd7782234a98dd2fb7 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Core utilities for Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:* ##### PackageName: plotly From 59680eecec7abafe77b3d6247c11a7357f46a651 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 11:03:28 -0800 Subject: [PATCH 25/34] chore(deps): bump conda-incubator/setup-miniconda from 3.0.4 to 3.1.0 (#4566) Bumps [conda-incubator/setup-miniconda](https://github.com/conda-incubator/setup-miniconda) from 3.0.4 to 3.1.0. - [Release notes](https://github.com/conda-incubator/setup-miniconda/releases) - [Changelog](https://github.com/conda-incubator/setup-miniconda/blob/main/CHANGELOG.md) - [Commits](https://github.com/conda-incubator/setup-miniconda/compare/a4260408e20b96e80095f42ff7f1a15b27dd94ca...d2e6a045a86077fb6cad6f5adf368e9076ddaa8d) --- updated-dependencies: - dependency-name: conda-incubator/setup-miniconda dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/testing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 651c378eb6..f6dd40f734 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -566,7 +566,7 @@ jobs: path: ~/conda_pkgs_dir key: ${{ runner.os }}-conda-${{ env.CACHE_NUMBER }}-${{ hashFiles('requirements.txt') }} - - uses: conda-incubator/setup-miniconda@a4260408e20b96e80095f42ff7f1a15b27dd94ca # v3.0.4 + - uses: conda-incubator/setup-miniconda@d2e6a045a86077fb6cad6f5adf368e9076ddaa8d # v3.1.0 with: auto-update-conda: true activate-environment: pdftotext From 0499d4e0dc53cdbee0fdc177995d9c988a092d5b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 19:03:44 +0000 Subject: [PATCH 26/34] chore: update SBOM for Python 3.10 (#4562) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.10.json | 67 ++++++++++++++++++++--------------- sbom/cve-bin-tool-py3.10.spdx | 37 ++++++++++--------- 2 files changed, 58 insertions(+), 46 deletions(-) diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json index a6e3c0437d..11e8b80d5a 100644 --- a/sbom/cve-bin-tool-py3.10.json +++ b/sbom/cve-bin-tool-py3.10.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:888833a5-aabf-426e-88d8-8eb73ab2cb9d", + "serialNumber": "urn:uuid:9d8b3f1e-c984-4279-a86b-50bcec4fda9b", "version": 1, "metadata": { - "timestamp": "2024-11-04T00:38:13Z", + "timestamp": "2024-11-11T00:37:52Z", "lifecycles": [ { "phase": "build" @@ -417,6 +417,12 @@ }, "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*", "description": "Backported and Experimental Type Hints for Python 3.8+", + "hashes": [ + { + "alg": "SHA-1", + "content": "e1250ff869e7ee5ad05170d8a4b65469f13801c3" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/typing-extensions/4.12.2/#files", @@ -633,6 +639,12 @@ }, "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*", "description": "A modern CSS selector implementation for Beautiful Soup.", + "hashes": [ + { + "alg": "SHA-1", + "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990" + } + ], "externalReferences": [ { "url": "https://github.com/facelessuser/soupsieve", @@ -2234,6 +2246,12 @@ "name": "markupsafe", "version": "3.0.2", "description": "Safely add untrusted strings to HTML/XML markup.", + "hashes": [ + { + "alg": "SHA-1", + "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/markupsafe/3.0.2/#files", @@ -2399,7 +2417,7 @@ "type": "library", "bom-ref": "49-rpds-py", "name": "rpds-py", - "version": "0.20.1", + "version": "0.21.0", "supplier": { "name": "Julian Berman", "contact": [ @@ -2408,17 +2426,8 @@ } ] }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } - } - ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2426,12 +2435,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rpds-py/0.20.1/#files", + "url": "https://pypi.org/project/rpds-py/0.21.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.20.1", + "purl": "pkg:pypi/rpds-py@0.21.0", "properties": [ { "name": "language", @@ -2763,6 +2772,12 @@ }, "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", + "hashes": [ + { + "alg": "SHA-1", + "content": "43d3b04725ab9731727fb1126e35980c62f32377" + } + ], "licenses": [ { "license": { @@ -2956,7 +2971,7 @@ "type": "library", "bom-ref": "60-packaging", "name": "packaging", - "version": "24.1", + "version": "24.2", "supplier": { "name": "Donald Stufft", "contact": [ @@ -2965,22 +2980,16 @@ } ] }, - "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", "description": "Core utilities for Python packages", - "hashes": [ - { - "alg": "SHA-1", - "content": "85442b8032cb7bae72866dfd7782234a98dd2fb7" - } - ], "externalReferences": [ { - "url": "https://pypi.org/project/packaging/24.1/#files", + "url": "https://pypi.org/project/packaging/24.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/packaging@24.1", + "purl": "pkg:pypi/packaging@24.2", "properties": [ { "name": "language", @@ -3572,7 +3581,7 @@ "type": "library", "bom-ref": "73-zipp", "name": "zipp", - "version": "3.20.2", + "version": "3.21.0", "supplier": { "name": "Jason R .", "contact": [ @@ -3581,16 +3590,16 @@ } ] }, - "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*", "description": "Backport of pathlib-compatible object wrapper for zip files", "externalReferences": [ { - "url": "https://pypi.org/project/zipp/3.20.2/#files", + "url": "https://pypi.org/project/zipp/3.21.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/zipp@3.20.2", + "purl": "pkg:pypi/zipp@3.21.0", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx index 7b519501da..3450e18661 100644 --- a/sbom/cve-bin-tool-py3.10.spdx +++ b/sbom/cve-bin-tool-py3.10.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-3b2a6d00-6777-463e-bce6-aac435fde0eb +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-fbb1f496-d598-4256-ad86-451dd81c5ec2 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-04T00:37:10Z +Created: 2024-11-11T00:37:01Z CreatorComment: This document has been automatically generated. ##### @@ -149,6 +149,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files FilesAnalyzed: false +PackageChecksum: SHA1: e1250ff869e7ee5ad05170d8a4b65469f13801c3 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -229,6 +230,7 @@ PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com) PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files FilesAnalyzed: false PackageHomePage: https://github.com/facelessuser/soupsieve +PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -756,6 +758,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files FilesAnalyzed: false +PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression. @@ -816,18 +819,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* PackageName: rpds-py SPDXID: SPDXRef-49-rpds-py -PackageVersion: 0.20.1 +PackageVersion: 0.21.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:* ##### PackageName: lib4sbom @@ -938,6 +941,7 @@ PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich +PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -999,18 +1003,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:* PackageName: packaging SPDXID: SPDXRef-60-packaging -PackageVersion: 24.1 +PackageVersion: 24.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) -PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files +PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files FilesAnalyzed: false -PackageChecksum: SHA1: 85442b8032cb7bae72866dfd7782234a98dd2fb7 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Core utilities for Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:* ##### PackageName: plotly @@ -1211,17 +1214,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:* PackageName: zipp SPDXID: SPDXRef-73-zipp -PackageVersion: 3.20.2 +PackageVersion: 3.21.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files +PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Backport of pathlib-compatible object wrapper for zip files -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:* ##### PackageName: zstandard From 9213882091af3bfa35fb4c26bd5e1ac98897d9f3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 11:04:12 -0800 Subject: [PATCH 27/34] chore(deps): bump github/codeql-action from 3.27.0 to 3.27.1 (#4565) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.0 to 3.27.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/662472033e021d55d94146f66f6058822b0b39fd...4f3212b61783c3c68e8309a0f18a699764811cda) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9c0c72cf4a..aa82ed9ecf 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -51,7 +51,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -76,4 +76,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/analyze@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 From 43dd144a91be2091f91782d792ff5f9fcf040910 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 19:04:59 +0000 Subject: [PATCH 28/34] chore: update SBOM for Python 3.12 (#4561) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.12.json | 61 ++++++++++++++++++----------------- sbom/cve-bin-tool-py3.12.spdx | 36 +++++++++++---------- 2 files changed, 51 insertions(+), 46 deletions(-) diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json index 78cbb8c8a1..60821f01a1 100644 --- a/sbom/cve-bin-tool-py3.12.json +++ b/sbom/cve-bin-tool-py3.12.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:06a39a94-1422-40df-893c-b488d152ad6c", + "serialNumber": "urn:uuid:473bf76a-fad4-4e1d-858c-96c7fb94c47b", "version": 1, "metadata": { - "timestamp": "2024-11-04T00:37:49Z", + "timestamp": "2024-11-11T00:37:48Z", "lifecycles": [ { "phase": "build" @@ -541,6 +541,12 @@ }, "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*", "description": "A modern CSS selector implementation for Beautiful Soup.", + "hashes": [ + { + "alg": "SHA-1", + "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990" + } + ], "externalReferences": [ { "url": "https://github.com/facelessuser/soupsieve", @@ -2142,6 +2148,12 @@ "name": "markupsafe", "version": "3.0.2", "description": "Safely add untrusted strings to HTML/XML markup.", + "hashes": [ + { + "alg": "SHA-1", + "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/markupsafe/3.0.2/#files", @@ -2307,7 +2319,7 @@ "type": "library", "bom-ref": "47-rpds-py", "name": "rpds-py", - "version": "0.20.1", + "version": "0.21.0", "supplier": { "name": "Julian Berman", "contact": [ @@ -2316,17 +2328,8 @@ } ] }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } - } - ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2334,12 +2337,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rpds-py/0.20.1/#files", + "url": "https://pypi.org/project/rpds-py/0.21.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.20.1", + "purl": "pkg:pypi/rpds-py@0.21.0", "properties": [ { "name": "language", @@ -2671,6 +2674,12 @@ }, "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", + "hashes": [ + { + "alg": "SHA-1", + "content": "43d3b04725ab9731727fb1126e35980c62f32377" + } + ], "licenses": [ { "license": { @@ -2864,7 +2873,7 @@ "type": "library", "bom-ref": "58-packaging", "name": "packaging", - "version": "24.1", + "version": "24.2", "supplier": { "name": "Donald Stufft", "contact": [ @@ -2873,22 +2882,16 @@ } ] }, - "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", "description": "Core utilities for Python packages", - "hashes": [ - { - "alg": "SHA-1", - "content": "85442b8032cb7bae72866dfd7782234a98dd2fb7" - } - ], "externalReferences": [ { - "url": "https://pypi.org/project/packaging/24.1/#files", + "url": "https://pypi.org/project/packaging/24.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/packaging@24.1", + "purl": "pkg:pypi/packaging@24.2", "properties": [ { "name": "language", @@ -3422,7 +3425,7 @@ "type": "library", "bom-ref": "70-zipp", "name": "zipp", - "version": "3.20.2", + "version": "3.21.0", "supplier": { "name": "Jason R .", "contact": [ @@ -3431,16 +3434,16 @@ } ] }, - "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*", "description": "Backport of pathlib-compatible object wrapper for zip files", "externalReferences": [ { - "url": "https://pypi.org/project/zipp/3.20.2/#files", + "url": "https://pypi.org/project/zipp/3.21.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/zipp@3.20.2", + "purl": "pkg:pypi/zipp@3.21.0", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx index 785cc63656..132341bedb 100644 --- a/sbom/cve-bin-tool-py3.12.spdx +++ b/sbom/cve-bin-tool-py3.12.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-6d5d65ce-7ee4-477d-bfcf-c94432e85cfb +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-780d67c5-e334-4774-85fc-7ad1e1961493 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-04T00:36:55Z +Created: 2024-11-11T00:37:00Z CreatorComment: This document has been automatically generated. ##### @@ -196,6 +196,7 @@ PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com) PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files FilesAnalyzed: false PackageHomePage: https://github.com/facelessuser/soupsieve +PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -723,6 +724,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files FilesAnalyzed: false +PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression. @@ -783,18 +785,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* PackageName: rpds-py SPDXID: SPDXRef-47-rpds-py -PackageVersion: 0.20.1 +PackageVersion: 0.21.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:* ##### PackageName: lib4sbom @@ -905,6 +907,7 @@ PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich +PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -966,18 +969,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:* PackageName: packaging SPDXID: SPDXRef-58-packaging -PackageVersion: 24.1 +PackageVersion: 24.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) -PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files +PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files FilesAnalyzed: false -PackageChecksum: SHA1: 85442b8032cb7bae72866dfd7782234a98dd2fb7 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Core utilities for Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:* ##### PackageName: plotly @@ -1161,17 +1163,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:* PackageName: zipp SPDXID: SPDXRef-70-zipp -PackageVersion: 3.20.2 +PackageVersion: 3.21.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files +PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Backport of pathlib-compatible object wrapper for zip files -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:* ##### PackageName: zstandard From 6918c32f225f614866ddf112cc322c167d463210 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 11:06:32 -0800 Subject: [PATCH 29/34] chore(deps): bump actions/setup-python from 5.2.0 to 5.3.0 (#4555) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.2.0 to 5.3.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5.2.0...v5.3.0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-wheel.yml | 2 +- .github/workflows/cve_scan.yml | 2 +- .github/workflows/formatting.yml | 2 +- .github/workflows/fuzzing.yml | 2 +- .github/workflows/linting.yml | 2 +- .github/workflows/sbom.yml | 2 +- .github/workflows/testing.yml | 10 +++++----- .github/workflows/update-cache.yml | 2 +- .github/workflows/update-js-dependencies.yml | 2 +- .github/workflows/update-pre-commit.yml | 2 +- .github/workflows/validate-yml.yml | 2 +- 11 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/build-wheel.yml b/.github/workflows/build-wheel.yml index 8072d5fc17..f2b0195499 100644 --- a/.github/workflows/build-wheel.yml +++ b/.github/workflows/build-wheel.yml @@ -28,7 +28,7 @@ jobs: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: ${{ matrix.python-version }} cache: 'pip' diff --git a/.github/workflows/cve_scan.yml b/.github/workflows/cve_scan.yml index 3ce69d8833..c97248eeb3 100644 --- a/.github/workflows/cve_scan.yml +++ b/.github/workflows/cve_scan.yml @@ -22,7 +22,7 @@ jobs: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.11' cache: 'pip' diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml index dc99b6d2e2..5ef52b7699 100644 --- a/.github/workflows/formatting.yml +++ b/.github/workflows/formatting.yml @@ -24,7 +24,7 @@ jobs: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.11' cache: 'pip' diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml index 478c5a8b42..b4fb4a9fcb 100644 --- a/.github/workflows/fuzzing.yml +++ b/.github/workflows/fuzzing.yml @@ -19,7 +19,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Python - uses: actions/setup-python@v5.2.0 + uses: actions/setup-python@v5.3.0 with: python-version: 3.9 diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 48f759c58e..c4737601f6 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -23,7 +23,7 @@ jobs: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.11' cache: 'pip' diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 05fe91de08..1d42ac5baa 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -27,7 +27,7 @@ jobs: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: ${{ matrix.python }} cache: 'pip' diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index f6dd40f734..6ed476bcb6 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -49,7 +49,7 @@ jobs: pypi.org:443 - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.11' cache: 'pip' @@ -108,7 +108,7 @@ jobs: www.sqlite.org:443 - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: ${{ matrix.python }} cache: 'pip' @@ -240,7 +240,7 @@ jobs: www.sqlite.org:443 - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.10' cache: 'pip' @@ -397,7 +397,7 @@ jobs: www.sqlite.org:443 - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.10' cache: 'pip' @@ -503,7 +503,7 @@ jobs: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.12' cache: 'pip' diff --git a/.github/workflows/update-cache.yml b/.github/workflows/update-cache.yml index 7e77e1ecf1..fa2c93fae7 100644 --- a/.github/workflows/update-cache.yml +++ b/.github/workflows/update-cache.yml @@ -31,7 +31,7 @@ jobs: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.10' cache: 'pip' diff --git a/.github/workflows/update-js-dependencies.yml b/.github/workflows/update-js-dependencies.yml index d4921f0f4d..f2b3fc0bd9 100644 --- a/.github/workflows/update-js-dependencies.yml +++ b/.github/workflows/update-js-dependencies.yml @@ -28,7 +28,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.11' diff --git a/.github/workflows/update-pre-commit.yml b/.github/workflows/update-pre-commit.yml index 23a58da58f..2b3be9cf39 100644 --- a/.github/workflows/update-pre-commit.yml +++ b/.github/workflows/update-pre-commit.yml @@ -28,7 +28,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.11' diff --git a/.github/workflows/validate-yml.yml b/.github/workflows/validate-yml.yml index 477aba9b85..b4bd97f31d 100644 --- a/.github/workflows/validate-yml.yml +++ b/.github/workflows/validate-yml.yml @@ -19,7 +19,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.11' cache: 'pip' From 377b9ca36529259048d4b8886ac34d2b20b0c6a5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 11:06:58 -0800 Subject: [PATCH 30/34] chore(deps): bump actions/dependency-review-action from 4.3.5 to 4.4.0 (#4554) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.3.5 to 4.4.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/a6993e2c61fd5dc440b409aa1d6904921c5e1894...4081bf99e2866ebe428fc0477b69eb4fcda7220a) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 717e3e7f10..d99c952123 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -24,4 +24,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: 'Dependency Review' - uses: actions/dependency-review-action@a6993e2c61fd5dc440b409aa1d6904921c5e1894 # v4.3.5 + uses: actions/dependency-review-action@4081bf99e2866ebe428fc0477b69eb4fcda7220a # v4.4.0 From 97569385065b84d536b749155ef46fac632683ff Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 11:08:49 -0800 Subject: [PATCH 31/34] chore(deps): bump check-spelling/check-spelling from 0.0.22 to 0.0.24 (#4553) Bumps [check-spelling/check-spelling](https://github.com/check-spelling/check-spelling) from 0.0.22 to 0.0.24. - [Release notes](https://github.com/check-spelling/check-spelling/releases) - [Changelog](https://github.com/check-spelling/check-spelling/blob/main/gh-release-downloader) - [Commits](https://github.com/check-spelling/check-spelling/compare/v0.0.22...v0.0.24) --- updated-dependencies: - dependency-name: check-spelling/check-spelling dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/spelling.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml index fd7d1d7d4b..2dec16dcae 100644 --- a/.github/workflows/spelling.yml +++ b/.github/workflows/spelling.yml @@ -19,7 +19,7 @@ jobs: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: check-spelling/check-spelling@v0.0.22 + - uses: check-spelling/check-spelling@v0.0.24 with: extra_dictionaries: cspell:python/src/python/python.txt From 9712d5cfed57445b9e6462fac28042d8a4b24e9d Mon Sep 17 00:00:00 2001 From: anchita20 Date: Wed, 13 Nov 2024 01:09:59 +0530 Subject: [PATCH 32/34] docs: add docstrings to parsers/env.py and format changes (#4552) * Fixes #4539 --- cve_bin_tool/parsers/env.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/cve_bin_tool/parsers/env.py b/cve_bin_tool/parsers/env.py index 536f681752..e4cb15a55c 100644 --- a/cve_bin_tool/parsers/env.py +++ b/cve_bin_tool/parsers/env.py @@ -15,6 +15,12 @@ @dataclasses.dataclass class EnvNamespaceConfig: + """ + Configuration details for environment namespace in the CVE Bin tool + Attributes: + CVE ID associated with this namespace, vendor name, product name, version of the product, file path where product is located + """ + ad_hoc_cve_id: str vendor: str product: str @@ -24,6 +30,12 @@ class EnvNamespaceConfig: @dataclasses.dataclass class EnvConfig: + """ + Configuration for multiple environment namespaces + Attributes: + A dictionary mapping namespace names to their configurations + """ + namespaces: dict[str, EnvNamespaceConfig] @@ -40,6 +52,13 @@ class EnvParser(Parser): @staticmethod def parse_file_contents(contents): + """ + Parse the contents of an environment configuration file + Args: + contents(str): textual content of environment configuration file + Returns: + EnvConfig: EnvConfig instance containing parsed namespace configurations + """ lines = list( [ line From dafb9da81b0bf8832b5f0ec920cd9860ae11caa7 Mon Sep 17 00:00:00 2001 From: weichslgartner Date: Tue, 12 Nov 2024 23:19:52 +0100 Subject: [PATCH 33/34] fix: csv output under Windows with correct newlines (#4557) (#4558) * fixes #4557 --- cve_bin_tool/output_engine/__init__.py | 5 ++++- test/test_output_engine.py | 10 ++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/cve_bin_tool/output_engine/__init__.py b/cve_bin_tool/output_engine/__init__.py index a697785d1f..0de9c28a2e 100644 --- a/cve_bin_tool/output_engine/__init__.py +++ b/cve_bin_tool/output_engine/__init__.py @@ -882,7 +882,10 @@ def output_file(self, output_type="console"): with open(self.filename, "wb") as f: self.output_cves(f, output_type) else: - with open(self.filename, "w", encoding="utf8") as f: + # if type is csv, file should be opened with newline='' + # see https://docs.python.org/3/library/csv.html#csv.writer + newline = "" if output_type == "csv" else None + with open(self.filename, mode="w", newline=newline, encoding="utf8") as f: self.output_cves(f, output_type) def check_file_path(self, filepath: str, output_type: str, prefix: str = "output"): diff --git a/test/test_output_engine.py b/test/test_output_engine.py index 5510738a9f..5a65e5c4cd 100644 --- a/test/test_output_engine.py +++ b/test/test_output_engine.py @@ -1270,6 +1270,16 @@ def test_output_file(self): self.assertEqual(contains_filename, True) self.assertEqual(contains_msg, True) + def test_csv_output_file(self): + self.output_engine.output_file(output_type="csv") + filename = Path(self.output_engine.filename) + n_cves = sum(len(c["cves"]) for c in self.MOCK_OUTPUT.values()) + with filename.open(newline="", mode="r") as f: + n_lines = len(f.read().splitlines()) + # cvs file should have one line per cve plus a header line + assert n_lines == n_cves + 1 + filename.unlink() + def test_output_file_wrapper(self): """Test file generation logic in output_file_wrapper""" logger = logging.getLogger() From 7d0d8c84282a02b94f3604087cca0fa60037dcca Mon Sep 17 00:00:00 2001 From: veesood <123954200+vroomvee@users.noreply.github.com> Date: Wed, 13 Nov 2024 04:21:51 +0530 Subject: [PATCH 34/34] docs(available_fix/debian_cve_tracker): Add comprehensive docstrings * fixes #4540 * docs: Add docstrings for VEXGenerate class and methods Added detailed docstrings to `VEXGenerate` class, including description for class attributes, methods, and parameters. This enhances readability and provides clear guidance. * docs(available_fix/debian_cve_tracker): add docstrings fixes #4540 --- .../available_fix/debian_cve_tracker.py | 65 ++++++++++++++++++- 1 file changed, 62 insertions(+), 3 deletions(-) diff --git a/cve_bin_tool/available_fix/debian_cve_tracker.py b/cve_bin_tool/available_fix/debian_cve_tracker.py index 542fc34375..fcb0733bae 100644 --- a/cve_bin_tool/available_fix/debian_cve_tracker.py +++ b/cve_bin_tool/available_fix/debian_cve_tracker.py @@ -33,7 +33,27 @@ class DebianCVETracker: + """ + A class for tracking CVEs (Common Vulnerabilities and Exposures) for Debian-based distributions. + + This class is designed to monitor CVEs specific to a given Debian distribution, + taking into account the distribution name, codename, and whether the package is a backport. + + Attributes: + distro_name (str): The name of the Debian-based distribution (e.g., "Debian", "Ubuntu"). + distro_codename (str): The codename of the distribution release (e.g., "buster", "focal"). + is_backport (bool): Flag indicating if the package is a backport. + """ + def __init__(self, distro_name: str, distro_codename: str, is_backport: bool): + """ + Initializes a DebianCVETracker instance with distribution information. + + Parameters: + distro_name (str): The name of the Debian-based distribution. + distro_codename (str): The codename for the distribution release. + is_backport (bool): Specifies if the package is a backport. + """ self.distro_name = distro_name self.distro_codename = distro_codename self.is_backport = is_backport @@ -42,7 +62,17 @@ def cve_info( self, all_cve_data: dict[ProductInfo, CVEData], ): - """Produces the Backported fixes' info""" + """ + Generates information on backported CVE fixes for a given set of CVE data. + + This function processes CVE data and checks for resolved vulnerabilities in + the Debian or Ubuntu distributions. If a fix is available or backported, it logs + relevant information about the fix's availability and version. + + Parameters: + all_cve_data (dict[ProductInfo, CVEData]): Dictionary containing CVE data, + organized by product and version. + """ cve_data = format_output(all_cve_data, None) json_data = self.get_data() @@ -72,11 +102,30 @@ def cve_info( ) def get_data(self): + """ + Retrieves CVE data from the Debian CVE JSON file. + + This method opens and loads the Debian CVE JSON file for processing + vulnerability data, calling `check_json` to verify that the file is + up-to-date before loading. + + Returns: + dict: Loaded JSON data from the Debian CVE JSON file. + """ check_json() with open(DEB_CVE_JSON_PATH) as jsonfile: return load(jsonfile) def compute_distro(self): + """ + Computes the distribution codename based on the Debian or Ubuntu release. + + Maps the specified distribution codename to either Ubuntu or Debian based + on the provided `distro_name`. + + Returns: + str: The mapped codename for the distribution. + """ if self.distro_name == "ubuntu": return UBUNTU_DEBIAN_MAP[self.distro_codename] elif self.distro_name == "debian": @@ -84,7 +133,12 @@ def compute_distro(self): def check_json(): - """Check to update the Debian CVE JSON file""" + """ + Verifies if the Debian CVE JSON file is current and triggers an update if outdated. + + This function checks the modification time of the JSON file. If it's older than + one day, it calls `update_json` to download a fresh version. + """ if ( not DEB_CVE_JSON_PATH.exists() @@ -94,7 +148,12 @@ def check_json(): def update_json(): - """Update the Debian CVE JSON file""" + """ + Updates the Debian CVE JSON file by downloading the latest data. + + This function requests the JSON data from the specified URL and saves it to + the `DEB_CVE_JSON_PATH` location, logging the update status. + """ LOGGER.info("Updating Debian CVE JSON file for checking available fixes.") # timeout = 300s = 5min. This is a guess at a valid default