From 4f87f3a87e302083e2aa43edab56f3da79a0aaf8 Mon Sep 17 00:00:00 2001 From: Ben Date: Mon, 11 Dec 2023 22:53:31 +0000 Subject: [PATCH 1/9] docs: add v2.5.0 changelog --- docs/changelogs/README.md | 6 +- docs/changelogs/v2.5.0.md | 117 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 120 insertions(+), 3 deletions(-) create mode 100644 docs/changelogs/v2.5.0.md diff --git a/docs/changelogs/README.md b/docs/changelogs/README.md index c3eb49e6f742b..b84be3beb9362 100644 --- a/docs/changelogs/README.md +++ b/docs/changelogs/README.md @@ -13,8 +13,8 @@ git checkout main; git pull; git fetch --all export CODER_IGNORE_MISSING_COMMIT_METADATA=1 export BRANCH=main ./scripts/release/generate_release_notes.sh \ - --old-version=v2.4.0 \ - --new-version=v2.4.1 \ + --old-version=v2.5.0 \ + --new-version=v2.5.1 \ --ref=$(git rev-parse --short "${ref:-origin/$BRANCH}") \ - > ./docs/changelogs/v2.4.1.md + > ./docs/changelogs/v2.5.0.md ``` diff --git a/docs/changelogs/v2.5.0.md b/docs/changelogs/v2.5.0.md new file mode 100644 index 0000000000000..6d670ccaf2b82 --- /dev/null +++ b/docs/changelogs/v2.5.0.md @@ -0,0 +1,117 @@ +## Changelog + +### Features + +- Templates can now be deprecated in "template settings" to warn new users and prevent new workspaces from being created (#10745) (@Emyrk) + ![Deprecated template](https://gist.github.com/assets/22407953/5883ff54-11a6-4af0-afd3-ad77be1c4dc2) + > This is an [Enterprise feature](https://coder.com/docs/v2/latest/enterprise). +- Add user/settings page for managing external auth (#10945) (@Emyrk) + ![External auth settings](https://gist.github.com/assets/22407953/99252719-7255-426e-ba88-55d08dd04586) +- Allow auditors to read template insights (#10860) (@johnstcn) +- Add support for custom permissions in Helm chart `rbac.yaml` file (#10590) (@lbi22) +- Add `workspace_id`, `owner_name`` to agent manifest (#10199) (@szab100) +- Allow identity provider to return single string for roles/groups claim (#10993) (@Emyrk) +- Add endpoints to list all auth-ed external apps (#10944) (@Emyrk) +- Support v2 Tailnet API in AGPL coordinator (#11010) (@spikecurtis) +- Dormant workspaces now appear in the default workspaces list (#11053) (@sreya) +- Include server agent API version in buildinfo (#11057) (@spikecurtis) +- Restart stopped workspaces on `coder ssh` command (#11050) (@Emyrk) +- Add group allowlist for oidc (#11070) (@Emyrk) +- Display 'Deprecated' warning for agents using old API version (#11058) (@spikecurtis) +- Add support for `coder_env` resource to set environment variables within modules (#11102) (@mafredri) +- Handle session signals (#10842) (@mafredri) +- Allow specifying names of provisioner daemons (#11077) (@johnstcn) +- Preserve old agent logs (#10776) (@ammario) +- Store workspace proxy version in the database (#10790) (@johnstcn) +- Add `last_seen_at` and version to provisioner_daemons table (#11033) (@johnstcn) +- New layout for web-based template editor (#10912) (@BrunoQuaresma) +- Add `arm64` and `amd64` portable binaries to `winget` (#11030) (@matifali) +- Add claims to oauth link in db for debug (#10827) (@Emyrk) +- Change login screen layout (#10768) (@BrunoQuaresma) + +### Bug fixes + +- Automatically purge inactive provisioner daemons after 7 days (#10949) (@mtojek) +- All migrations run in a transaction to avoid broken migrations (#10966) (@coadler) +- Set `ignore_changes` on EC2 example templates (#10773) (@ericpaulsen) +- Stop redirecting DERP and replicasync http requests (#10752) (@spikecurtis) +- Prevent alt text from appearing if OIDC icon fail to load (#10792) (@Parkreiner) +- Fix insights metrics comparison (#10800) (@mtojek) +- Clarify language in orphan section of delete modal (#10764) (@Kira-Pilot) +- Prevent change in defaults if user unsets in template edit (#10793) (@Emyrk) +- Only update last_used_at when connection count > 0 (#10808) (@sreya) +- Updte workspace cleanup flag names for template cmds (#10805) (@sreya) +- Give SSH stdio sessions a chance to close before closing netstack (#10815) (@spikecurtis) +- Preserve order of node reports in healthcheck (#10835) (@mtojek) +- Enable FeatureHighAvailability if it is licensed (#10834) (@spikecurtis) +- Skip autostart for suspended/dormant users (#10771) (@coadler) +- Display explicit 'retry' button(s) when a workspace fails (#10720) (@Parkreiner) +- Improve exit codes for agent/agentssh and cli/ssh (#10850) (@mafredri) +- Detect and retry reverse port forward on used port (#10844) (@spikecurtis) +- Document workspace filter query param correctly (#10894) (@Kira-Pilot) +- Hide groups in account page if not enabled (#10898) (@Parkreiner) +- Add spacing for yes/no prompts (#10907) (@f0ssel) +- Numerical validation grammer (#10924) (@ericpaulsen) +- Insert replica when removed by cleanup (#10917) (@f0ssel) +- Update autostart context to include querying users (#10929) (@sreya) +- Clear workspace name validation on field dirty (#10927) (@Kira-Pilot) +- Redirect to new url after template name update (#10926) (@Kira-Pilot) +- Do not allow selection of unsuccessful versions (#10941) (@f0ssel) +- Parse username/workspace correctly on `coder state pull --build` (#10973) (#10974) (@spikecurtis) +- Handle 404 on unknown top level routes (#10964) (@f0ssel) +- FIX `UpdateWorkspaceDormantDeletingAt` interval out of range (#11000) (@coadler) +- Create centralized PaginationContainer component (#10967) (@Parkreiner) +- Use database for user creation to prevent flake (#10992) (@f0ssel) +- Pass in time parameter to prevent flakes (#11023) (@f0ssel) +- Respect header flags in wsproxy server (#10985) (@deansheather) +- Update tailscale to include fix to prevent race (#11032) (@spikecurtis) +- Disable prefetches for audits table (#11040) (@Parkreiner) +- Increase default staleTime for paginated data (#11041) (@Parkreiner) +- Display app templates correctly in build preview (#10994) (@Kira-Pilot) +- Redirect unauthorized git users to login screen (#10995) (@Kira-Pilot) +- Use unique workspace owners over unique users (#11044) (@f0ssel) +- Stop updating agent stats from deleted workspaces (#11026) (@f0ssel) +- Track JetBrains connections (#10968) (@code-asher) +- Handle no memory limit in `coder stat mem` (#11107) (@f0ssel) +- Provide helpful error when no login url specified (#11110) (@f0ssel) +- Return 403 when rebuilding workspace with require_active_version (#11114) (@sreya) +- Use provisionerd context when failing job on canceled acquire (#11118) (@spikecurtis) +- Ensure we are talking to coder on first user check (#11130) (@f0ssel) +- Prevent logging error for query cancellation in `watchWorkspaceAgentMetadata` (#10843) (@mafredri) +- Keep workspace agent connection open after dial context (#10863) (@mafredri) +- Fix a broken link (#10783) (@matifali) +- Disable CODER_DERP_SERVER_STUN_ADDRESSES correctly (#10840) (@strike) +- Remove anchor links from headings in admin/healthcheck.md (#10975) (@johnstcn) +- Run helm dependency update (#10982) (@johnstcn) +- Use mtime instead of atime (#10893) (#10892) (@johnstcn) +- Correctly interpret timezone based on offset in `formatOffset` (#10797) (@mafredri) +- Use correct default insights time for day interval (#10837) (@mafredri) +- Fix filter font size (#11028) (@BrunoQuaresma) +- Fix padding for loader (#11046) (@BrunoQuaresma) +- Fix template editor route (#11063) (@BrunoQuaresma) +- Hide ws proxy on menu when disabled (#11101) (@BrunoQuaresma) + +### Documentation + +- Align CODER_HTTP_ADDRESS with document (#10779) (@JounQin) +- Migrate all deprecated `CODER_ADDRESS `to `CODER_HTTP_ADDRESS` (#10780) (@JounQin) +- Add documentation for template update policies (experimental) (#10804) (@sreya) +- Fix typo in additional-clusters.md (#10868) (@bpmct) +- Update FE guide (#10942) (@BrunoQuaresma) +- Add warning about Sysbox before installation (#10619) (@bartonip) +- Add license and template insights prometheus metrics (#11109) (@ericpaulsen) + +### Other changes + +- Document suspended users not consuming seat (#11045) (@ericpaulsen) +- Fix small typo in docs/admin/configure (#11135) (@stirby) + +Compare: [`v2.4.0...v2.5.0`](https://github.com/coder/coder/compare/v2.4.0...v2.5.0) + +## Container image + +- `docker pull ghcr.io/coder/coder:v2.5.0` + +## Install/upgrade + +Refer to our docs to [install](https://coder.com/docs/v2/latest/install) or [upgrade](https://coder.com/docs/v2/latest/admin/upgrade) Coder, or use a release asset below. From ddea680f5c697ca62f6e06bd4818bfe213e4b1f7 Mon Sep 17 00:00:00 2001 From: Ben Date: Mon, 11 Dec 2023 23:13:26 +0000 Subject: [PATCH 2/9] fix typos --- docs/changelogs/v2.5.0.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/changelogs/v2.5.0.md b/docs/changelogs/v2.5.0.md index 6d670ccaf2b82..f35e3f144ff3c 100644 --- a/docs/changelogs/v2.5.0.md +++ b/docs/changelogs/v2.5.0.md @@ -40,7 +40,7 @@ - Clarify language in orphan section of delete modal (#10764) (@Kira-Pilot) - Prevent change in defaults if user unsets in template edit (#10793) (@Emyrk) - Only update last_used_at when connection count > 0 (#10808) (@sreya) -- Updte workspace cleanup flag names for template cmds (#10805) (@sreya) +- Update workspace cleanup flag names for template cmds (#10805) (@sreya) - Give SSH stdio sessions a chance to close before closing netstack (#10815) (@spikecurtis) - Preserve order of node reports in healthcheck (#10835) (@mtojek) - Enable FeatureHighAvailability if it is licensed (#10834) (@spikecurtis) @@ -51,7 +51,7 @@ - Document workspace filter query param correctly (#10894) (@Kira-Pilot) - Hide groups in account page if not enabled (#10898) (@Parkreiner) - Add spacing for yes/no prompts (#10907) (@f0ssel) -- Numerical validation grammer (#10924) (@ericpaulsen) +- Numerical validation grammar (#10924) (@ericpaulsen) - Insert replica when removed by cleanup (#10917) (@f0ssel) - Update autostart context to include querying users (#10929) (@sreya) - Clear workspace name validation on field dirty (#10927) (@Kira-Pilot) From 107f7abe83a0d293df1f2f74124e6a9f82a41e93 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Tue, 12 Dec 2023 02:18:39 +0300 Subject: [PATCH 3/9] Apply suggestions from code review --- docs/changelogs/v2.5.0.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/changelogs/v2.5.0.md b/docs/changelogs/v2.5.0.md index f35e3f144ff3c..1d746a12f4f42 100644 --- a/docs/changelogs/v2.5.0.md +++ b/docs/changelogs/v2.5.0.md @@ -9,7 +9,7 @@ ![External auth settings](https://gist.github.com/assets/22407953/99252719-7255-426e-ba88-55d08dd04586) - Allow auditors to read template insights (#10860) (@johnstcn) - Add support for custom permissions in Helm chart `rbac.yaml` file (#10590) (@lbi22) -- Add `workspace_id`, `owner_name`` to agent manifest (#10199) (@szab100) +- Add `workspace_id`, `owner_name` to agent manifest (#10199) (@szab100) - Allow identity provider to return single string for roles/groups claim (#10993) (@Emyrk) - Add endpoints to list all auth-ed external apps (#10944) (@Emyrk) - Support v2 Tailnet API in AGPL coordinator (#11010) (@spikecurtis) @@ -18,7 +18,7 @@ - Restart stopped workspaces on `coder ssh` command (#11050) (@Emyrk) - Add group allowlist for oidc (#11070) (@Emyrk) - Display 'Deprecated' warning for agents using old API version (#11058) (@spikecurtis) -- Add support for `coder_env` resource to set environment variables within modules (#11102) (@mafredri) +- Add support for `coder_env` resource to set environment variables within a workspace (#11102) (@mafredri) - Handle session signals (#10842) (@mafredri) - Allow specifying names of provisioner daemons (#11077) (@johnstcn) - Preserve old agent logs (#10776) (@ammario) From 7cbd76c833b34f50c1d0e271592a346883c0b29c Mon Sep 17 00:00:00 2001 From: Ben Date: Mon, 11 Dec 2023 23:31:01 +0000 Subject: [PATCH 4/9] changes from feedback --- docs/admin/auth.md | 6 ++++++ docs/changelogs/v2.5.0.md | 10 +++++----- docs/images/admin/group-allowlist.png | Bin 0 -> 26174 bytes 3 files changed, 11 insertions(+), 5 deletions(-) create mode 100644 docs/images/admin/group-allowlist.png diff --git a/docs/admin/auth.md b/docs/admin/auth.md index 4c846573cd8ac..d07bac9354dd1 100644 --- a/docs/admin/auth.md +++ b/docs/admin/auth.md @@ -315,6 +315,12 @@ OIDC provider will be added to the `myCoderGroupName` group in Coder. [azure-gids]: https://github.com/MicrosoftDocs/azure-docs/issues/59766#issuecomment-664387195 +### Group allowlist + +You can limit which groups from your identity provider can log in to Coder with [CODER_OIDC_ALLOWED_GROUPS](https://coder.com/docs/v2/latest/cli/server#--oidc-allowed-groups). Users who are not in a matching group will see the following error: + +![Unauthorized group error](../images/admin/group-allowlist.png) + ### Troubleshooting Some common issues when enabling group sync. diff --git a/docs/changelogs/v2.5.0.md b/docs/changelogs/v2.5.0.md index f35e3f144ff3c..3e58de1502e77 100644 --- a/docs/changelogs/v2.5.0.md +++ b/docs/changelogs/v2.5.0.md @@ -9,22 +9,23 @@ ![External auth settings](https://gist.github.com/assets/22407953/99252719-7255-426e-ba88-55d08dd04586) - Allow auditors to read template insights (#10860) (@johnstcn) - Add support for custom permissions in Helm chart `rbac.yaml` file (#10590) (@lbi22) -- Add `workspace_id`, `owner_name`` to agent manifest (#10199) (@szab100) +- Add `workspace_id`, `owner_name` to agent manifest (#10199) (@szab100) - Allow identity provider to return single string for roles/groups claim (#10993) (@Emyrk) - Add endpoints to list all auth-ed external apps (#10944) (@Emyrk) - Support v2 Tailnet API in AGPL coordinator (#11010) (@spikecurtis) - Dormant workspaces now appear in the default workspaces list (#11053) (@sreya) - Include server agent API version in buildinfo (#11057) (@spikecurtis) - Restart stopped workspaces on `coder ssh` command (#11050) (@Emyrk) -- Add group allowlist for oidc (#11070) (@Emyrk) +- You can now specify an [allowlist for OIDC Groups](https://coder.com/docs/v2/latest/admin/auth#group-allowlist) (#11070) (@Emyrk) - Display 'Deprecated' warning for agents using old API version (#11058) (@spikecurtis) -- Add support for `coder_env` resource to set environment variables within modules (#11102) (@mafredri) +- Add support for `coder_env` resource to set environment variables within a workspace (#11102) (@mafredri) - Handle session signals (#10842) (@mafredri) - Allow specifying names of provisioner daemons (#11077) (@johnstcn) - Preserve old agent logs (#10776) (@ammario) - Store workspace proxy version in the database (#10790) (@johnstcn) - Add `last_seen_at` and version to provisioner_daemons table (#11033) (@johnstcn) - New layout for web-based template editor (#10912) (@BrunoQuaresma) + ![Template editor layout](https://gist.github.com/assets/22407953/0351f0bd-6872-4186-a704-a403048e5758) - Add `arm64` and `amd64` portable binaries to `winget` (#11030) (@matifali) - Add claims to oauth link in db for debug (#10827) (@Emyrk) - Change login screen layout (#10768) (@BrunoQuaresma) @@ -70,7 +71,7 @@ - Display app templates correctly in build preview (#10994) (@Kira-Pilot) - Redirect unauthorized git users to login screen (#10995) (@Kira-Pilot) - Use unique workspace owners over unique users (#11044) (@f0ssel) -- Stop updating agent stats from deleted workspaces (#11026) (@f0ssel) +- Avoid updating agent stats from deleted workspaces (#11026) (@f0ssel) - Track JetBrains connections (#10968) (@code-asher) - Handle no memory limit in `coder stat mem` (#11107) (@f0ssel) - Provide helpful error when no login url specified (#11110) (@f0ssel) @@ -78,7 +79,6 @@ - Use provisionerd context when failing job on canceled acquire (#11118) (@spikecurtis) - Ensure we are talking to coder on first user check (#11130) (@f0ssel) - Prevent logging error for query cancellation in `watchWorkspaceAgentMetadata` (#10843) (@mafredri) -- Keep workspace agent connection open after dial context (#10863) (@mafredri) - Fix a broken link (#10783) (@matifali) - Disable CODER_DERP_SERVER_STUN_ADDRESSES correctly (#10840) (@strike) - Remove anchor links from headings in admin/healthcheck.md (#10975) (@johnstcn) diff --git a/docs/images/admin/group-allowlist.png b/docs/images/admin/group-allowlist.png new file mode 100644 index 0000000000000000000000000000000000000000..55fe0ae3f44647e3e5f6f61f421ea01bb22d1d42 GIT binary patch literal 26174 zcmeFZRZv_}*DcyO0TSFTAp{5(Bm{SNm*DR14uRm7AOV6q1R4wOPH+hB5ZvAEEWY!f zIuEyQ-TQEE)qVJ>N_9bZ@4ePsQ^pu`?u04GiN8c4LV-XaFC`^JlpqjTYVZ#m84>(t zp|QynyudpNNva@&A8%yiQ1CmUv#5r%vYn~3n}MSV#LU*t#)QGi$kD{a*2&z?`3SC+ z4}6H>`9s2vCI-$HcDAooENo05>L$jonLfQ1F)@10!ou|01VArur8*;NE`p`oD?YXAN6-zNBPFZlm;AfTN#!idE4M@B_LAYwf| z0jEjZ<|4ga>)W1=UZf%_b;tcL6fq60tWeQoUL13}!e?dKVG!LSwhKzN%hw+2I60@? zT|O{qikoi}clC;PY|UVDaC2^M--Z^htR-M)Q*_MsVe;{bpEeT04i87$yYdCFn%y($ zujtbx^xxZJVfI1FQZaC09MPyOIJvq1)r}a;%*}1ODThiRg6t6vu{%n*S^SDNJ2%%c z1eNz?4-7T-U;SG6&B@7$fk~Z`hf0=)$>v@5LZ`iu${!CIqKswPKR9M)ufDyb-95j! zcv-ON_BNE}iav>-y^~8S59{uVyz3DT$>FR=mL>s)v&J__=nFBs9c-V!5R8VVrX`e| zh$#F4>DA`UZCK&T>LQm&P!eP9j_pDnAsphX;p$J;3w57I$-uHS8*OKx!XjwYBBDu3 zMH56azPCF__dMnNhfB=`E}Wa2n*{&((Cn6)CN+;D%g9aLhXbyNZqP^HW#2z9_G=pF zTET^n7BTV6JbQ4nj}b&b!@X|B2i3_5BA~5JA{9@QHO|FuyHLWGIx{=FT}47c+w^P_ zCOv*X=#hLf7pZc-+{noVZGx2RGRAkYCan;Vbd7`50~>_WF6-MDNdWn3yE$+vb`)SP2LS%pWY4nh5>l z8{N(?ZnlC#D}%v0Xhu%@Utn5vG6Ng=|BicWePC^1Wd#TJOalj-se&kQqaC)@5BZNP zP+)#1>U^R2#sv6UjO5zt=H^d>Mc^wdJ3B$FEhMj{MQ&o!Iz)mZp-=|zXwvqa5I1KO zDuMpaOKHU^wF^7l6nL5W&Sxw!;mSQ3!yTY)kPc9d|`bJtk&Zq|Vs3@emVJbv|L|g+U zJz060%N^E!XcNZ#bJ|BvO=Hu`DpLGS*4vJOYjAse8?1cRh$#}!YinD2Z8d#KqLUA{ z+tJanl7hOXkeWs^R&D?nbrcd5Bv^zdprN4=U6vBM9%BTKibG3lUfZj`tT*=sSBzF4 znu&lw@Se~4@hh;&RqV*H@YmqXaP0|QzC+&2!y+n?ofmkg|JC`ozK={T-iyXxtU`Mt z+IY!1Hw2;>q*qj7R`np$F2pPNbyUheL%BOkHRtvb=0R92r4sL>|O)LBSR&F!UDT7$p4ykb|f zc})T9zVTJUwUS#eY$EV1_eaqVjMwL#CCS!>NW{^(xw(I1o!nd>;((`x=SV7jKJCRuY6ZRGQ;W-H^Ou&u367310&N*w`4DndK-?kNAHH ze23I$IX@LSCn^#|PJS;=2}eeTU4@7Z;*~J{H;WIujB8JH>d7RDyMO#Ki$(0EtCtK> z3yO?6p`jorRc1oDx4>S!$4Y(j17ASWO1q3F3HA7^?*58e;eP`mvTsc& z5=!F)4)rt{`XjCu#BbvV9b?`@!ydE`P?$Ws<-sVAHxz~(Z~Dz_eb`1WzE66HpUy=R z>Jq`JxHkLxk1dJgBftA(&4wjnyH?i++)G0zkQCOefs___C>pP7iM(xp`QL)uL z?C%>K{~i|lyvkX$k$5c!<=&)RIbpqTJ*n>QGNT;Zs+Qaw0zX2l!0lqc5VAHYTy(lF6$pjeM1O_X($a#e%l=({l{Ute!EfeOYsbYD#_v;23SD~H#R6!gnm zpDUcBg*Vxe$Fp1@WrKLLcXa+*P=KFK=hAApx)0*1SIypOoaYM(q;G4N!-OfXrHs6{ z00Y3i%l1Ek`)Z1VUs|kv9XJRgHU-woa~j_Td8N5Gdc@dGy4tt^he)&ITf}oC&QFP=OWc8;e&kNet z6cw7}pFjWAF8g-wj2E1+Y`^3C>f1JunONs}K#TZ_Bx!jlN2udYgX1Vl-B11{?K9U4_^jPrOzSB&i8w&o@?}#nt|^!@v_w=s$|Q3I!F)Z1 z?|hNfd&OIB+=sOQ3Vdry>>DpHFPXGYst>p4MdKhKJOr{7R#NO*FcX%WJg~j4_C>Y5 zNyvC{^wQq-qXc6I2xYaM?~I=u)Gh-w$1(xcs=c>`Rs3#jVevv*T3Yb4v-8Kf#wu}l zcXz((a1^>%q3<99^CR=wE-6zti)c_B6oi%oiYJJu3IQQ8aYR2XEG&TxjXG26w>fax zECm{XD2aS-cM1wsijGljxebCDa}PqJ5Ba>SxWpfCoI(s})Y-Hw)5>rXjLwVMOjtfn&6k928to9foL80hIIYJ$Be`$ zkMx>d+2(C*mRoq$pqfDuiHsD-Ca;(L++*4jzdT>;2fa>!JpaQ-tvw0VEFpw;o3d5R zRgDV6pxcL@%cu&6aWNjBOPnMArrw<1m~!yz%=~=B57ky*pAwzDC_lUVh;Qs~-0#;4jmWPkL?`?cwX;xbu-@eURTCns*<0gV6py75J8u}Tr_ zhYuf8TkXlde1O9wA&CTwGu*8zqERnR9Ud4QdN4LNhL@L@U+}Xh&oanzKf9F8uThtB z^?QP>JOma>~l>Cg9s=Nj#6^2S*namE=uuOuG7e*vkRx6DEZl9H2vkBQ{ccQP{M^I2OiNk=x^=OHKrnbDiEut;b z&I!?9Jcg{jeMzvOVQ2D}D(aF|GXO%JXnTjVzmbF&Lnv5SSfux0A=ud1@U19#@uXbN z$jzRYLPvbf71pyX+k1Nve2MY#U%$X1{VUV)gMlET5%?pZ;!EhBC>5y?@L6+wvYE@R zAVmp+HR_3M-)7Ev_hG)kWu*-UjgUv=l%<8FW=nV*shvwmSlB>$7ICq`t+PLY&cNK9 z=BEDYXgR0MO7HsS#$w?zbxuA%KOY(86;?bck2^-Q*G10{sMctaGPR2b0OS4fj5#hk zbL(A482cA(#N*LBM1$P?Na0c1Jej zr{5~)M*!0{H%GL`UNVx%Zw)LFIO0H_7VrY%yz>_!h21VVU3bdQ$I!?~)Wp=()O@D! z%@6v|6dn{v5FZ~OdYwv~je$h*2s{QRzjp5^9S2WOPmTLt!-+ygVIywfl?X9?WQ6JV zFqz5)ax=f(VvKd_t>raeym(kb>(;hiHjL3oJN~uR%dU4GT+4WLDFqxH`NR zvahlYh=#^xfY!%q!eZuUWgxyLkC_*!sRS65iA&pvTUX0|`1j=9Jv|+LeJ}E) z5<12U%vtdash2L}NN#`eBA>Sr@u-`oloshBnl ziR@Hp6@-46xiF zq85uL2`en5nJD>;eRp{z+#QaKkP#Ic>YtoUIGoOlTH9jlezy6t{|7^aj^9I2PZaTs z-F#QOToX&n@Q@fX6gjzPcb%-nJzT_&W;i}Q?I>UEoG1fFG*)Qv79Jk{kEvJgREFj3 zUy~#b2MQHhTu5768zchngHWsQgNVxk@%-A!TCYb#hHk5G)ZaYmx9{J-uu?1gl953U zN(t?}N>4v7ov6(O6}#UPty&2Uk(=Y*6hqa$41q?dBW$Bfc=?1~GIz~U+rfM-!cl!= zV~$V|O0sT#L`1|kx{{c%hzkP)gW_y{WoC)`(NebE(0q*zcA7nme()9=h{7U0VgiCpvyt@5IWpN& zy~gMl*i?mqFTP)3yX2TB-4LMcu5>MG-xD=3bo}y!6V~e`f+AdPfm9g6` zbwxNYPrzgfc^Hh|-=EcFbM;1(#aSzZs{J~3;UOHZ`$^lj2e(G)D7va7#L)dZn?7uHwlxdGdZ%w@7D6qbZVpYvpU;uh)=r(;Vr+JQ(<0golHac1 z)`oAx$2LJ}n)Y@famiXLV?s7ZlGIkf3*xJ5=gL7CKGWWD9 zx)DNq`O>AqhLyUmzJ3*iW)hbTt!Axl6u=={(oA7dQIi~Q;S(*>ReIQ1ERTNuVafjE z%O|nA&lbYO#EjM9D$1Sv;p#1^dqABa^=_ACFg)P)PMi|R1MvB>X;fSegU6{bkkA-x z`N1F9AJZVQ-|yICUG}DMr4t!~D#DJ@E2Q!|BK#o>^-f5@e>wnI#K6Z-EVfa6SHw~p zkG-e3G3YrsI8;?e9aAH|cFQ^=SL9*&*O#j7QrSAv{V=X6KI7T7%e6w_$@qOEWm7(_ z_LBRlBm!uMmd5QSrs5nwH4+>W@|Kxd@%(@xM=(d}sJEwwf{IHl+jW?kiOGMunzFhvy0f8Pn8h%Cw}-qgZdon ztDU0l@DQm)#9cKKF;)>cWLz@d+Xa0Rw;jNbDUPySmn7S61ESy*?}mIKLCm zecAaU4DbdN;E?$7s%5&Q2i#R7$G^8m!l*@@9H${ccA~ z2_)!>1#)R~tbbGCp#xHF~M6`}BypfftM& zTV=jVF_tUK$jC_O%lP203E7_gO$~hZ-JaIx&spjpP8J33u8yXQ(q`*_zPX@OLq*+j zjef8xG4`l1?5=Ejyr*O<5R(sk3Q<|>iRz3bWMwj3M?T-5#D>mS4R=p%q-OZuN>(oX z`GdUJ;DVb_kYQ7oc~H>w`0%!$0gamSJp~2q+2)Iky{v)2!^fK~@`YAEJq1%BQNASp z6nc9t{ewPCHii8~`W{@aOq0vMy5nR@|8xI^eI9z*-B_PM#EY>^1Goz-0G?z{lfDAr zA<6jm;h-F$`|@BOll0wwgOjs!S7v*lh>MQ4Hj~3&kw_9Ytn~DB4UmX>;#wA}EGJQn zdXT9nS(%vH{&h!)wyWhS87%9r_BDfbF5H84N|Rtn6G1;WBMKv;e~E%#b5i}Jq^9ol z3FVF^ll^do{PDE5xP-A1`dZiv>81><8%hnZ* zaz2{va!XWr0&Ry+Xydlv*Pq&T_Aru?k^!8oK*M%8&&c7hUx8r7VXdxj=Po^h$O)7C zl+Maqq5lXA%0d`bMci+Y@7#w@0}2WXGQF3YJhn%(;N;RdUZ_^0fO?+&S=`9bkjZAZ zs>!-k?r+G}_O>}C6_w#>eBbtH1sq7o2AOvLWi5{=AYyQQe9tzAvWpf_=Y0Ezmie=r zy6lCBx_f&&olN`L+Xm|#H&7N97c0DP9NWqNIBxW3`8_=n@#6!UCdiN8F+}`V9*@uA z{_D0D)3?)*+5^AwNOWRaU%Ut^AcnWs*vzl&?$Xk*gY>J@!0+*o^0{^``&^~1pf>~t z!qwQ$qxkvxUDxBJ+QUMm6X{i#!xGf?rl4b*h9t1x99`OdLcN0H!Z+A>d3ndKbI{58 z^oRF3pShjAz5Tb;12$EC{mgB_#3B^1eCU6cZ%g{uaw|G5I|O#uu=kSmI{%E_{aAqK zqAnhQ?~V;C{QcSA;znt|%|%q&0cQ+l#qVZj?LK{k*7^S zvGrLjw_g<+JG0A$M?hF@JZkAYT>NMDcfI!CyRNkm(EkJ!2hn}_c!G;?9@PG^jd{lG zqAg|Iu7`MHkfl7rKvJelkP3RQoNv5?4sC7a|H*C@9Zkyp&nmHOtmHFmJcAbAGaErg z?cAF#b9lV>AmQ|e=i}qklz(01d%r4vbWLK&zUmR0MJf5|7U<4nCvypK}ol zMMcH!(H6Lcg@w^(akq(Lb#yT?G2~aTdO%h!w_W5) zpT;DE&8mEoN>yZFbhuE@;d{@4_>$=BX2z$G>S{KS4Nunluz_unteU4yXK*zzu9R)> zL5{%%4G3(q@6SDB;{7S0qfvYY0^k2vFU)_A5HU8Y(X+?_>M!#pCB=QNY-aUj8fWR{j zm;S-nUXbDY%Y_h^Rz<*Fq;ACwK;zx30RV(|So7EZZb&10U8+k73;^8Qe==|D zWa#CX0%|{(^R_>K;(Zw4_5Wti%-pXYNz>^v*7_&uG=7`D^t?EHS7-7G>af-mc3BIQ zYU4#$y&CMvmodoVU@???Ko*VIeMQc!U1@uB8jf5+^1o&QHcs}+TK~1R!_~PxkqIq* zT`?Jz)^2vi1&jR>7Z*2t*99{3q446W(*n{+I=}Fr6pV#B54feJrGTe0pgp7|CKCeK zPrzr$5uL%osPT0Bau4Bd*N^y#dX673uK*K^J0B(%7Lbgn5Bck2M#~kNJnqDdQYyVt zb1fJ1s|$HkKH2@fO$O#i-t|L%c>PPcRGV|m5uJo5)3;SFjVp=WFa7q42{0jiM%}jc z_i>6q(t_?$|3%p1e4lGM`3nJX8S|O)tZiP<2uw;z$pK&5o-QN5+@B51IuynvBz*si zn2d~(_BXx73yAq_C*Zy+<^Q^VJ?d|^Wk#h4Biisj+ z@$+=RluJrV6n>k^dM}@O$t1HNU{lL<9WFK^T--lAh-SEe-jY%gP69Wl6w+6_~GqI-tPgM$h=VlU74rqPjJk+gkl7p9E)t^yKm zS9BV;0#uVt&;tarLY@@v`E?7@=14{i;kcPVLhj$X)RJH7Wn?u+GmI$iMSDkc)pU;< z_efOo>5-Kt1L1t+`1sWBq?nj*ei<29z(9_5_o9FqOlI;^IpiEuCS3D_qXD%w05%EW z^oL}EI#{Sx%jkQ(igdoSh_p45F%nm!wAw{S9i&igIl1DrAbu*sm?sSy9YFFsKko_= zwze)Q1j|Qrb#^{_^QJb0dIm)Wb{rrd<9Cv(dztG?ztxyA~tGmo41_Ji`G%lBp z^k%P*Qw*RIULMZVp-}Ba5waqJhO3C7l40=PU?d7It^UXoFHsp!9ucP{CE`mm$_6P| z2w)5W(@L%A|D|VeA;hI}$vJA>Dj?=+6Yfqm6N7FhH42qQ0;3KQx9gz*kY1dAhpGHw zPQ?+TQ!B*?3ii4>Tz%GG{bAtBt#?=`sZiwMZTRgXY!@5Dek8=lQ#LHvS{jA}YTOCz z06G5GjS7#1Bwdqd+!ss0Y$)RTiCVmtn*AeCKTI^0+)V6;9Z5q1>1FChv^ww~? zu#!^j?F9fSqrcVV1=E09WmMT~>}@%)GWLv7KKSf^owzCxs@M}L6@>{3rKp= zq+Nax(eXNQ@y?kU0=L73cK=5>`>kP8hyYl5xyOKM{Cj1wdVi< zf|Wq479e#|F`onI&rFL^ci0m-5FLyj-zWNl5& z@af7-(@grly@La0nmtf0#=yN-zQW~xZFqdRTbnFa4{)@yvhtqa(7M?B{n)|G1;9(8 zVoq@8Ag4}Z^c9g^``)<@_p>Agk1fEllnbPd0C10IZ36)tlC;VR2gVO}rx6hmw`Y~z zyYmLzbVS-InV2wIWA1b?WFY$O0SK{1#+7UHjLYExk`fZgVvz)IIO>7qXVky`zRvYR z^T%|;oXu>rms=z`KN(ONdw||Q(GLG7ZHl5>|_I z)v+6&C!0K+PHx=}g=AzR3wby>35%yohNo^_4`-g$QVVZ>_UO3#a?=YU#X5K;->1j9 zi^M{n2M%fq9gyM-l-{03MMgT`?zaaby&H&&jkUiz)KRRj|9lt>|JrLlPL+WVJL9X* z$hFkOy~OTep6L+3?gnt|_G+sRyVJ`{^42 z`NZ*YjBknZ!5!zd$#FqcRMfh>ghXhjZCZm1ybi=-K5@5ygD$&L1;|z7*Scz;1Ej9v z3UGDQ1?w&Uz@O4qR|}v2EZ_e2+#>2or^#JW<;SBX=J!%}I)^u^01$vi4-#OEVh3~8 z1{M}T{g7J!Qwadd$x1sIrjYg_o){m|eKkCE&=(D=O+-JS{v{WzBN@E-33=p^J4Z(! zlHj`dh7z!WqX;I7?n>@2%sQC^_1ZsPVRL0Avn7r7Apx8JDMp72Nb0e*V~^EZ_p%ys z;6`o3!*aYW0+t^AkduSaqJY3aOl<5pBLk(~R~1|RTSR+Eh=>%QK7AVKod7)?b07ZN z=(r{veEbmn54z^wdb_S}!yZDPyX}>b>+9$J|>?EuQ|yK_L&E;r7EH;PFD!tKcmFk!7To|e=K~xZCK+bdA!{k9 zOTnxPQvIEGji<(5r%Cy*zonY?>T>wOfZOcG{rvtNb9V|F0jLy;shJOm2+vW=U6S`j z)H47aF}WRTf3%&@uy>T%E-tF z6Z^rT+!VAIA0Mvt1l?qS1aY!ENjLFJRa$3rYpa0I0yF~F00XdhmZ`6ddZ# z(i?_TRQ$0BjB0(~xG`p#<5#+4FEg{q?+Ao5ME!0$^fSzM_T~Rnd)^&oe)saT7n~t0 z;=7JC6-n^qKOlKi^mkd;>PSBZ^!-r!@9*!&n;&O%j6f;|G%6IaF`v{9HrM;@kA|~; zAPfaF{7F(_4}nH)CTrSQTRS>qeJXO0pEC`Ig5GenJZz$xEh%*$?a5@MQl6BBHn=@o zb*VD(+qZ933Kay`?p#&(MND>(dgzkaq@iF*_d*ma52dS_>-vd50~@)>(8adKcJeH z-txPb2UTaUF-;IVCErl6Ep>DV-OjQb`4Q87)-BPfAhA()#rb+L3&hL95|BoSGB}M* zOoDWG@BYVW9%%pc=+kb-sMkX8&L{;6jDe9=jxWOn z4=E(p$vHQppYNG28T3RF5->Z$dtUB_P1$Io&O7W>ZnJ{sU|bVdRzX2X2GT=`gU;tS zF7u8tM_v-I>Lvj~Xv;tXV~yhj&^3|W3QWLq%$Hl53!AKGD+yRA*DNlpca~dQjqATx zU^cj5^D_#~AIyu)F{R>AC?#$Ze=Lkav`BByE-QkPlchSuUYCbo z^72e-4$mzBz3Pd^^~GcYa#<{YVrWAg=rCL!&Zca*D30~OR0RD2a>F+Ort5NxfeCV+ zNV-8w_ghjt7-6HnVBh(Vphf$?1ue<+`%@*snRLK4>(Cu~K_4DL-D1vn32*wTIXVyt z{U2!3lowgUC0;US+w}ue*t@w+*WLeqd^AtZr=vb-kyt*+VZ6E$2Q*vs0_Ma$P6g=H z$3Hg^Ks#LU2DBANLBUPsalrazj7vg7BJw+}r>jeUZo(pJI>u~z1P-iX9yTDBxt#pA{h4cUWQ}P^bU_J zkQ2;PY6l%cKsY)Z-HsH1H*2RTacoyRvI3$&LP-E<7eZF* zMjSMLRN)A00FMz z$-gcISt7aZV0rIJss$*GAyFxxq~xkg!=&o1~?YSs%dUbj8U=fk$*JD;Nj&(K!;9Td~qjy;LA-Q?hONi5u;8^{Hm*%h)AaD zfSN{wbG0CRyyf9qyX6k6e0)4c%_M^qy%z5mX4Gb{Li6a2YUSRrx(?2u z-Fblf|CeAV`Jkd%PfIiZ+vx6<_xKGllyxiL7&if#nEeX%7s3<5MZp%K@gaAAiQ-el07ViurG&h&>{&L=KrqQizom68s zIsO1N9zp9z9=fMqq>{vB09#|T_+!IEj^!-?XMmP~lcAtxkupjHQe~$26`A|xe)75z znRBxD@aQN8P*sk9?&P@)$AJvDI&arv!jxrg0QQ89iyQRnfV*vI=;fl9vpC3d`o_jz zS61{F0L25x(HXWzJ>jQ~$EY3p^(%bcrArVP`}_CrpZ(pXjrAgh@3w|7jl}%g(NWCi z(9ayeJ+J3BtUiKjR0^Z@b+Ra zVk%E^_qWI2<+N;zCP__T8s!3+pxRn??Yp|?F`YuqYFZ$aD47bqe9=CnRcn7eYOp_7 zjapGLNB#Qj>`eH~bZC`tf)oU+_=Z%%_oVpH#1DEM)6@8S(@=H(h@Fc)j4@UZ8CltP z^7##?AY6av4^8aV7Fh>Us>bR+6uHIc9xeUZ#U<96iy!ap13o(jgcdNJ0IOGZ2Mg%# z^NR+ z04oXr6j~p8rP+r>k7a_`=n`7^N0|o4{q7K&*|-5XP2uOaduIVS&O41R*%Ucd!%jl+ zanB=hqUmXAY33vn_83S``3cw~dK7nD zYg8*7*S?f|l5fj%LPsNJWfT9Apet7sms|Z%$x5qM(^<6~@^619=Vp;4TifK@^2^No zvCRRwI)@8bGTypCS4N%k13$WNsi~>UL$vm`+Kov?x8J|7a(J584qp^c7Uo>|_`tzY zzN6Z$D*44`x!0uo9OnGSHuFx-cCswxlo1V*VLqmdK?86McWW zCeUR0TzdZAD4$%flAiCf!(R|_tXxLX?Q-2BBHBM#5b!x!BB2h%BBP^rb1tvVG`YS2 zoqCah34m&@Eg}^1wGm|QtNF7j-io*kGD!XF6>QD?;^UN*^mEnb4;{&DD|X1Gt@`xm z+BJg5xduG7yn*b4#58?#4Olljoz7Fyam?G*=JiW3WVd?P61Xz6X{C|C7#Lcvpv~on zNZkA+qHT=^Y5S!@h<4Krm+{d$V7m~RBn}yQ&y}R}@L*4|B9?(QDqtk5wc@Bu z*8Zs*?jsREsw7~QcBYk zXz;kfKw4$fL%O=);SqUyYk3#S-7hJ%x!g3%mviSl>_?{15*b7jjdER^g9$jSNoZ$P z1pgH4TYqj3xZuGR@cx_4{C@^R%Vs7dWh=qqx+7Wtg3Fax{51Q*QZ22+S4^23aXK z>Iz@*Ej8J`zucdBeciMbz!n-4(|dj*jIi;%;8?XhX5WbzE}OLQE|Q;wk(ZRZ9u7KoQO`FhOZKc}qvx)w}xlW?UjPruW&-E{)Lv_J8xl`8oWS z$ovM=BGm;yC{$FE21llbe!b=ZJCvy!%m|JYOxUeHzWYN?2?o>A$hlu`(5iHKk1S*2 z-M(Vm`{;l7fy^EIRLZAAT1rM_tF&~c)r&Q_&Lucc_5GlB9p2&{TG!7!C(6Y6`V=}Y zx4j7dEl+`)eN3su_c2+ma$-t`6jM;`OkKCUe%IrlJSgN#%|X&zhvrL_FDc%3Ob$qb zs}?XeS9mO9mFQJtFs6BCE|26KOLkJtR2p#N4W)8R zX7XgaRp_Sj54g%(B?89-kP;m}^zWFf<)y}f?|-YW^dsoWTyKce;CODY-m>Noe-6Wh zYg~Pp#{iwzww_Y1a9q}|$QPX_r`@b$pCqc46HUxE2%f$C+5+|De#a=1cnKXKb>SoO zknCJliwhR#qPHe1$ID~cs#+ztps7Zf1HBuncX z8wMcguAQtd5_>NeaZ?T5V;hAuP^{cw_qlL`;}aH>?EoplVfczeDuFQ~BP6Ex>rMo- ztqA|%IYAh??;}F>9$Q!L7#zl(-nQJ{_4j6iPo5|xQVH#MZgvnzw=_YPL)=KY?<8zm zE%VzVJ-NT+&yHgx7oPb^&$VNgl@E9g5+wDM(;p8ym+gLnwacYiJT2CCM*W-2+|nu9;siJ3^%r zMFV?=j<2F$*10@j!NR3?c+K)qQg%iBxS&`eyq6~z7V_qiBUwa(xZhs$+3K`@y{_X( z<#L4tcSl%}ilioAszVitpLBU+deM*msg9zO@KzCH`yHTfjE96qM2LEOlfvB~-LGg>e^ z6*QDYWxD%a3l)pW9&0_B!3YBk1ph%ktMyLfqunGPSQi|GF^xaaAg4h8yz4W^mKRBF zsb0?j{)p&+llc_N17dWCOw4ye-#`}DT9MWa@hr78M5a&7s)?;ASg&6Bq}y^TDq=D* zPkI|F(%@{5nY||YSsM@}DoJy$#NxIc;s)`TN;rT(M$&l{{HShPZG-!3CgBHA(A;kw znxAwCJ+g2TlarDxtmRGT{B{;Byr<8olai8FcQ=05x$SY0Ew(}(W{dv1MHyG2=c*Jd zBFU34r|ecr>m-!ke(j-)!{uIji2+=u%8Y?!eno7&C{|a+urk70Vtr#tr@8$9nD(PiofOH z`ds#i3EE1fT=r+0#Oe-_+#nFuUy~hyjqGeSysF;XB=>R;a9bbdiW`kJIcmD|eivYX zgSn0Rx!V-gFgnF69FHjC zC+uV0Px24qx>*YP6W7V3|h0v=Tki`iKb8H@1d-y|F8(skoyHr=TZ` z6)&l6FgBGwSmoDEAJ~c3MGw4Kr#}exajgH3h`E>9EWpv4%OPOmqKR|#O#l_f6 zT|QY^8^VH-AM4pIYIi-oWeDc#zhXIvLiSfo98b?|mjXngw=eIc!$-dJUjH&;pHVCN zl9?zq!)_B+Ki+HVN$m3dk$|#a64);kAkS1jxAv^&d56tbjM!hEQC!cZyhJKdH3q59 zb%(xGhYPjyU$?<>)w|oqnC_MD*b{#HV9r$SVJGNkHD7yMR_p2#bk7|di@x5rk(N!N zR7jLQomJ8vq37=}oTX-;v<(|28XWVv4#MYn<7O}O)wcav9zVyQahbvaNlN}~?9t3A zny0jS+(P=C>;U*%y%$9~f3V;HM~RI1#WH7r?;92=?)%wE1CSNmhJPA?= zPs-vI7K>O-Uc>?4*Ybt4zVYQs-MdwWN}fg40PIAgmlZozj6payJ}vIh`7bmoOf8Wx zB`Mni)$GDCP?rWKSDQ>e4-9m)+`VZfNJ;7_f})(Au9Fkg z8ajKqSNA)@V3apYO~+tb8rtykIn-7XVKi%bCv)!H^v%tYgM`pO=<%pOb@g^zpsh-V zg}FbTzp;#%N^|r!t-0&k`a|Zud5)mTRoj`o7V<5%q<`X*n5bxY>C}ws z_%~25g+N(EM#ETk_@0#HFTFLA>CzbA9!}bD-cyEcmSyYX70+N7<@s`d?C*_qA15Bx zzqONIZS;u}9dezPBkKCY37B;7;Q-YlmU6o(EL%A7f4ic78tRonCX&VUHp&1prSr6e zd^+ID_70K)fc907Y;sJ*mR$S9AS^E3{OUs^22Y(E_VUF&W>kuIuqE5B{`PiXtPY3A zd(d(M(cby(JGNq;rfhtf!ix+}pD#q!yQ_zOcbv2oBtO*hCZ5ohoM(~1W3Zu-XyOT$ z)e4}nQZr!d<+F*IV(9-%TE6c~pdwlVw$$(alZ%+O; zyFJd~LQ^nxG8(mS!Q&Uzol5huU8hu@O9x0}>HPKjs?JBdS;S4ecZyB!FPx89Un}cK zi*SBf%?*`En_o{oa)@#nz9SQVmqJ^p_L~vUGfLb(6Dx;$xFfc@k=Zeo8eBY_O*+?Z z%jfbMrp8V)DBTB1Qtl5f8D4naSwXhJ+NMU0?}wIyCG-J2nch_&ZiRen1ev50@gKD| zHywl$Vk~&jrLa|_g4LCD=uExG%cZaIolala0ZomUb>GluI4n2k(ex)8% zdODZwApbrGZvLQVH0`9-nyUTl{6{``ll~vQO(t3^^=-ruCXf9QO{5qp$>re^daXnw zN(vq{r~H^N^+E4U8MPzc7`)apCX_=Hp1pflfGXX*j()baFOYponEIEiT4(* zs}#C4Q~#NVPZ}Fcy%A!EycM`1cxEL0(~k+2sY6Q~$5(1m8E5=1I0N`z|IW&|jCST) zPxjzHJoB|p8Di*JgR-c&=)cQW_2c75n=ySSothKBV*IyYF?8&tZGT<-gcEW*K#Wbm zZHJu(fLVkW1qkmbXej}mHSB)6H0UO0UG)neUr=uE0#9^{1o?yY_a~Hvk|REZPnYTb zTOiB;{~3Yej|%V%eIbUu^&ad<(2_z?ER$Eid6XLxCNBJcjj62ym4t#K78g7>{Qvwy zJ3%zZ-kZ;B23S&BLy62R%C$$Ad&%{(?>>h!8KA#`A=66F3DV{Bv-<#&I$HYR_SsT8 z!IG`wZW|ZMZ$Yl6o^)}*4||qqgULg{R0f@OBxv@tAE~{76Y$vUpYb_IA^K>WUl9#B z@jjm?f(xHT{KiGDUXMmheG-e8$B#tu_<0UtdR)zSP${E{Bi0JrZto`V6B39*&L#D6 zQa!xlcTA2ZKcoO%8Ut&?@J)t!{e=mH=aK`^A+@I3?(eX4exFc~JKDC6mp|K1Uq%%l zuN=PYyV7k%=|6QujfE2b$g+Lt+2%J!Q+r&^t3FJUbh5vQ<(JFz2-Q(rpKv^#yQ{S; zza9CE?3;X=nhLZO;DqD^`%~`+26$Y}*~4+i!85%RKH>=Yoi9v&wtRt!#lk*oBqZEj zGK26n`9+LB@gme}FbhW}a}e7J1u$Ej3v`Ky7wz4q-6EwmT(+b0KLvQzmPL?#oB4I2 z4xavRzfC}8wmFoFuPvqbEc{st(D>@+h4km;a(aM%LV#NBSjn@gEh8n>vFResWOGPM zvQ!HPGm>Fmq6HNr)oxzTIB?knE7vqO=7=VngMt>4{?K59!+~M`F8+U3+USA|Z2k3S zpw{rN-AMz8O+@TBXsr09&tL!o0aRN5YK*Sj?v@a*Y$=S>?;c&Czi-KAMWSTMk$@Xr zr|p+4(%2o6Tl=_l?fzLO`{FIi)YfAJ(k9~~Jfu*w`I9Sob3i^rDwD~jqxHNW-kuv- z$h<$M0u3Koy54(G@YIDE!j?V@_NZYijCg68nYaeBIHgS?lm zKk`kJ-^wm{Z4NdoV~AiXE`-9F*j+z-N#}qK|KV_T_TbGkEIi_Kc-O#x<-?JB<)bsr zS+(~kSMNu;{gCb^{bEn3e9xL@p+rsZx=LH}kCEm-yLqk2%ioAU+6rb-bSJUd1c)-# zTOFL5{aRWa&T71$&M3}CRhHYy^;6i(JRa%?p4y6y*u{L9!-A}?PCPT-fG>_4l0wR& z7d7f!$zR=&!kFJIMBFnOy^okaG8_JDgLY?5Ka8L=xYx>lYqdoD@N%TaymvxRz0&@G z@9`>!J>i#1t@)MU1;RDyJC1Gmw1)HkOKtk)b86A>gq4FUKBJ{@(#;L@U(5vuxw-kr z{lz}X)#lhsbZ*SM5t4WZNitLo7bJhqJ@z!3eEF6AbR-+`8;lz>+{B}e25b30)2HxQ zasI})8?IW~M)M1s|5QfW$wxGBuiBW@?9S?g7{&B-Z$=WkbL;6B9C@AEAsX@9dpyH= zdjifMc9;?EVFmTs)W9OwuKn7Uo)beg!(JgShgY}#hYMjmawydD93l77k@wyd%wyjp zN#;^AsG{<`%D&(*=*F&dH^1%clY}^XK>3S*44U+RWrmy+pJGDiT>#pTb1zt?8_ZyR z32f)yJi^VnL{%jbDP+=F$bw|%4JWGeIUV@uC7YAfB3&>xh3Ci`u3ps@UDglk|q zjLYKS;yhdGT{fP#Wf-|llKFIfUq8|`*ql#2HugRBnE&U2Yslq6ren3{di8*ru3Dut zC#`DHa5Tf7gtWBLR?W+gRy#on398XCtZ%_HHm5UlrVYu~f4Nz%4i_Suo8hW=HCpOF zTK|oGi*$v7Pb?hR!{C0E<3PgOl<0=!Y_$88dBQ87FmUPNf3$aA;c#{D-=8!>Lh4F%7$hMO^`;4Bgg9f?hvS#+C3K((=B*BK_GSd)&a)iW#Ox6L-!R?J1pz=@<>oe z$OM%?K^&F@&7qm?XjT}`ndsmSu^uM;*`}2t{obnkvwGzN+nTvW8yo6@oH-G%tc zC)b~zjVLGPM;!f>Off%9p=5n5gZ@`IuzU6U_wNvwma}_u6@_@;4qLVq%KrRVro6c0 zb~JlZwf7=-ZH40-Qqaxv-Ie6!TqQYAAIaT~$(GKA22cZ+I*&3U*%cl}GxlB3X)d4y za_Kc}DKalDUWVN(nb3F`Vum;rp76-48O03-(sJK%N{X*$5a`~?OWP~pTU$97)CwXS z)smR1e3#{w`A#li8{k4f>W%~wNk2cYgf$crx^KST1X-S^I@82&ocB9&J zqWz8Q-6)h&RU{k_^ot^4%KEwB$|B`p6llb<I7MV5!5nug78M#hm1A6x z1(zcyS3hqt5E;MPRm)%#WKZJ@9!}SJKnrPZi!?E*XJ2Hbj}s3K)j*uiFD!&0Lw$d+ za1K*H1azf1f~{|C_8~Q4rtQ?kDChMUJH#jWxO{7+JJD*|VWuvwAHxJX6Dn7c-#5(a z6+bhef*o7TFm4loRE_$EmNkF8Or9cgR>yGPlrsL28rW3+0I#)Fr`|kD`wJO@FimH6m5TxQ4bR-J^+4eNX|A(wrDrIpMV(Zv|#2S~{$EEu^ zON&k6j>QJ*dZ$y2evB69RI8_%FEIXUZ+H3I&jDcToY_}55oQ?p{og0ZH&#|ao+R0g z`Byuo__fU{A#c;GhU-f5P_Xcdw4IjM{`F%dN6TAFm1?3>vb=vE%o{Hs-$)9&M(e$J zkz&ggcT_U)93mqltMJm#Gd1I1;X)|Xokq`6>oVDEEe#|x^loDY{g+d5C(CGZ#7ryW z>g9d*G}Rn28QGg1!_zzVX~x&54lwdMBuga(^Tby0Cj>j5T zWX$36%&T5sLSyrQmwk4iB-)_R$)BuW)MpK?F}mN5=#z z&Z^F?MvlP6J5GGMvf<}L9vqyzFb%y;v9*QE+YH0^iMhRYHuXJlH}$g=xfG0?e?RM* zrG1e2W%h+Z1^&xS6gJ^qnAM!Lvks_Vz+fv)xdoE8C*@;IM1Lw-I6j`Q`flc5RAnS ze>#O{>)1^wc$})VRlEb0k(nmEPZ%3p#JEO4qY`MHU6mpvNc~?QFGz2_Bt1h!mDB%D)Dms$1_-NiH?YlbvtBg@O#XjsSPWZsCO z5*ocL+uWi%+b36Dl_H6UH{g>DT4rxqK_QlPiq z(p}t0`GRUlv64GjTmKw+wAyt%e^91zvH=4vm@{u0J$h8v`rDFk=uEOmPzlOF&u)dD zg^yC4Wq?r~?xU%F@fi6QZj9bxapm2=>*`wa@K6=o^ueK_8XliL$ zoF`Aa@kB83&6^HIFGn|$4c4v$JYQTP8|jHo@@X~o;K*vI?R&1Ff%}jgi^y$H4yhg* zp_%b-IruWG5ow0OS>qY6Rgefg74ivVLGnYF9X{>y~C!lJ~+ylJe|O2OoO%c_w@>tW96oXY;AKc zld-k>?7mFCRx>}ZD}y<7nyIlBb-p~i`O)OlOkFSQr69}rKE)xa9z)M>y0I(yMkTcS ztF@XQjuTC&Z}g0npm~9{$##c|9JIvqH>3QjWV%y;&F3n1-=vbY}us63PpU1{0QUMxue*FYHrW%rsqHqN}u2itI<)dQ`$tir$?yt9EfU#UG} zo1$!l&qx&%AFA8cO=xMISGBsj+*(&C4cXMe%0(1iCD@Yfc9R2>gACLAOn4H$+T~Ob z6hmNBf!=MG;d-j0+JFVmmQP0{(OMQsRWFcz=@MXj+q$~O(|dn?y6iN4)#r^7)Xz_$ zyPE!>_B=|}sW*5chKqd52ZOfC;WS# zzi}YfL_N1^w54oAoXX3FAs`shwcBIg6RpK6Z4X$+>*TvmeQumb9*$`hHkT-C7+S{1 z6P^7NR9K715k3y^N`YbcAxh9$Ei7K5sL~T}{WMPCnSD__w$eVYO>c80lk^T-bp_Pp z>0X^;F-5OYX`KGeSc0`RbDdbtd#+F4qW#~m42G>62{yj8-zkL;@8WciTykT0 z`^U2)|JJLUa$P94py=S7B0G1Q^U|a7F2NKm#)0kKSyN0jrIViM7*<|4!r&+Awrh!~ z!&vdx!Xlbkl#S7g@9!vbN4-P)8V;hGTa_>#wLdzp_NGvzpIkE$#C-($Bb=JO7B)A@ z48jy~t2Q;^$KzxZW7nePC+CezfG?fGdBM`_uJUoHo%6$7s&_eo}tVhUz||Fm8L)a&yt~jUqfSaw=gk9Lcm#SkA^qm>{G9a z&rreW!}$dZsOx0BwmQ}A)7~$`Cv20o0i`zu$~^ImVT(Q$&MhNS57^C?JM-$vf!Mk& z%}?&Y5l1st9`iGKWbfrk`}s3LdHGr}=PN<9%5PzX9FuI0RLfLOwt?NN5A8j(4(dJP{Cx%J9Kq6*(Q7guFSmDIaYM&FJv<0lRWPE& z4>3>j4P_%UNj95{OI+J4N-;EwC!8J!MA!9|n{nQKZ>PG*3HSMmihTN}>R~9=Q`=W? z2lnu-*r>1eL^;{0FSOda7T&iyqkqRiF%@$P_LPl92E^BUCRxU6yjo`6zX>}%+Z5rA zc{3B7x<9=gr#ZLnD!8)xzR^k8FRGpCPbA?{^0^)l-Zz8cvy;boQsBWMegFRbhD4bp z5?40o{-3SL7dwV%-_!LzDn#CqUnAEmRkS?I2)t#n%=687@*k=r7eOnGe!2r(nv9xN z)6k9u?9^h`iKlVkrsn4jKUo*Zy{+vH`V&@C(%E{%i2$oiKTk(Er+q-TQgdQ=Iwq8y zD&QpDiaOSl;PCGnaOt=Q$C9IVq9~2JT^wzNlX2!7ZtnB&nh>ov`Sch4_xoKW=TUSv ztHk0Whu^!A@h~vEWgQbq747%hbUu_cbm7lGq`&yC+I3EWZ8cK$ur;*HD}Jz-x>+LlX{n`P0}F!Gy-9<1^jNXU~7=q#>*txh))4pmd^N0DJ+Nw^-=L0O6`Z zy|pC3QfGm$#u~OHz`7^Nz(K#x%N2Jj6_3#uhRw}i@lV=g<#`&@;h_XDG(`Xf8U%fb z%J@gj@9;g)v8cR#c{hNJ=HfTy05XTk@~C2abK`pNSohV@x#eZ}%mN&TvH@?y7DB)g-*&201zT5NQVu_BSs9p}A^?4T~%A_pz|BfB+no z&6x(C1dxhii#E!{%6D23ERsL;D>*)X{0O097W=fPUZ=e^-zGGU0Df|)Q_TCI>+J1u zJw~PZ{K8Vms(qRB$0%S43jqWnkEm$W$4g{4nBu4NNFz;^GVH#I917kd<}IHz)&Xa6 zL0w%vPSCU^=S4PTe=~r_pxT0m;xh%~DlZQY9rI0!rgfvr&q!o@XXj_>8Q%cVmtu%h zUr28H#O9Z7Qf4@Q+vbT@81>M@ioo5TU^Dp}S&6ezbvefM4Le1^fL2LiS1 zYbqnFY(SL&gXU6uyl~he5Vp4ibuw^j36>?JJ0R%vfrulLNM#AMweFZ##wL`+DbJY_ z+acauy}b6x8Jw8?h(nFX`qS61Z-G^YO`|!SBTz(kD+uk0yUwcuA^yEr`B;_F<)x*^ z;FYxqB;W0w1N<0AKy?Bss}O<8FBo0#EruhB0xfD(pW;!t)wB4;cd3y3`UQ7|gnH^G z$7N3vb6w_IJ_QHcR2PICSMn!=$)oYi)f8B*0TZ$D3dd&_kGM1bLEZ&hn;+8E!VL2{ zZ?da>ym$p@gLx$-B_})p!_|#km)k@WdfI2CO98jSHp;-vjIu>v{k}JC+~5nHSO*v+ zGimHryRQ_Pw6t^(HEUPCL7B`=FW_BqM!rG+&1}XWxK_ROJ_d{yw9riT)JP)#j)e$l za*(TT3kxHUkq4i(L!?3DgYbbQ@YNo&?KHm?8~CPti3FrludMKeCct{(Po2Z^*GzD3 zGG}M!ER7W6EJqAgw5=cVaCUC)BakA)4dz+`b9B-!0;|0qHxdBD=NA{P8aUb5y8AtY zzJm5$*U@QT0P<=+F0PNj)QXOQ;cY`;a4>A4{rZg?ccr!dfk3Xn&i^CeMyaEU>gfc7 zma5xxK%>|Wey7k(lmH|pwMMc;6tIXAckg;RI5;Ttev`JauyA{AEE<@j3>6^|lXH9mQ&~O%oP;kjFvNV{_CrywiP`g9r>I#e8 zM9yz6++V|habpWGE-+{`S5VSEL&mAc6Y5i2YHNZJtE@GyiqYRF&anVNMshG@wEKi z821E$%Am%9AK#l|IaX@*o-myPJf=*&POpH?+_nvc+Ocx}6C;y}O8Y)w;9BZn*@sr3 zx+U@fOs2&?drlr}lgg`71RuO9 zJ=LS+v$!R#62PxpD$pB<`9ZFR_8J+Hl3@~7iTbKn&CHSvDxu@Nd?Hr%`=SROx98Xx zQ`65XR%&G7Yl9@WTDB0~p8?H7(V`M{oZ9AG?2qy#N3J literal 0 HcmV?d00001 From 767a3b25f06a4b0980470623dcf37939d2121b13 Mon Sep 17 00:00:00 2001 From: Ben Date: Mon, 11 Dec 2023 23:31:35 +0000 Subject: [PATCH 5/9] more fixes --- docs/changelogs/v2.5.0.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/changelogs/v2.5.0.md b/docs/changelogs/v2.5.0.md index 3e58de1502e77..9b45bacb77f02 100644 --- a/docs/changelogs/v2.5.0.md +++ b/docs/changelogs/v2.5.0.md @@ -79,7 +79,6 @@ - Use provisionerd context when failing job on canceled acquire (#11118) (@spikecurtis) - Ensure we are talking to coder on first user check (#11130) (@f0ssel) - Prevent logging error for query cancellation in `watchWorkspaceAgentMetadata` (#10843) (@mafredri) -- Fix a broken link (#10783) (@matifali) - Disable CODER_DERP_SERVER_STUN_ADDRESSES correctly (#10840) (@strike) - Remove anchor links from headings in admin/healthcheck.md (#10975) (@johnstcn) - Run helm dependency update (#10982) (@johnstcn) From a455ae392ee7cd0f48472e3bb73e6f3d7309aa9e Mon Sep 17 00:00:00 2001 From: Ben Potter Date: Mon, 11 Dec 2023 17:35:52 -0600 Subject: [PATCH 6/9] Update docs/changelogs/v2.5.0.md Co-authored-by: Muhammad Atif Ali --- docs/changelogs/v2.5.0.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/changelogs/v2.5.0.md b/docs/changelogs/v2.5.0.md index 9b45bacb77f02..f214944fee14d 100644 --- a/docs/changelogs/v2.5.0.md +++ b/docs/changelogs/v2.5.0.md @@ -81,7 +81,6 @@ - Prevent logging error for query cancellation in `watchWorkspaceAgentMetadata` (#10843) (@mafredri) - Disable CODER_DERP_SERVER_STUN_ADDRESSES correctly (#10840) (@strike) - Remove anchor links from headings in admin/healthcheck.md (#10975) (@johnstcn) -- Run helm dependency update (#10982) (@johnstcn) - Use mtime instead of atime (#10893) (#10892) (@johnstcn) - Correctly interpret timezone based on offset in `formatOffset` (#10797) (@mafredri) - Use correct default insights time for day interval (#10837) (@mafredri) From fd00125f14b15d0558910cfc5f73b4e91c36ec8b Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Tue, 12 Dec 2023 02:38:09 +0300 Subject: [PATCH 7/9] Update docs/changelogs/v2.5.0.md --- docs/changelogs/v2.5.0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/changelogs/v2.5.0.md b/docs/changelogs/v2.5.0.md index f214944fee14d..b97523790984b 100644 --- a/docs/changelogs/v2.5.0.md +++ b/docs/changelogs/v2.5.0.md @@ -87,7 +87,7 @@ - Fix filter font size (#11028) (@BrunoQuaresma) - Fix padding for loader (#11046) (@BrunoQuaresma) - Fix template editor route (#11063) (@BrunoQuaresma) -- Hide ws proxy on menu when disabled (#11101) (@BrunoQuaresma) +- Hide workspaceproxy healthcheck when not configured (#11101) (@BrunoQuaresma) ### Documentation From fd106097d8f67b9f7f1141c1b47084b68dbd2e85 Mon Sep 17 00:00:00 2001 From: Ben Date: Mon, 11 Dec 2023 23:50:04 +0000 Subject: [PATCH 8/9] fmt --- docs/admin/auth.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/admin/auth.md b/docs/admin/auth.md index d07bac9354dd1..11eeeb2349af8 100644 --- a/docs/admin/auth.md +++ b/docs/admin/auth.md @@ -317,7 +317,9 @@ OIDC provider will be added to the `myCoderGroupName` group in Coder. ### Group allowlist -You can limit which groups from your identity provider can log in to Coder with [CODER_OIDC_ALLOWED_GROUPS](https://coder.com/docs/v2/latest/cli/server#--oidc-allowed-groups). Users who are not in a matching group will see the following error: +You can limit which groups from your identity provider can log in to Coder with +[CODER_OIDC_ALLOWED_GROUPS](https://coder.com/docs/v2/latest/cli/server#--oidc-allowed-groups). +Users who are not in a matching group will see the following error: ![Unauthorized group error](../images/admin/group-allowlist.png) From 108df637882ed1d5250d7dd1335ecb1fdf50de71 Mon Sep 17 00:00:00 2001 From: Ben Date: Tue, 12 Dec 2023 14:26:06 +0000 Subject: [PATCH 9/9] updates --- docs/changelogs/v2.5.0.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/changelogs/v2.5.0.md b/docs/changelogs/v2.5.0.md index b97523790984b..807f42e2c4df0 100644 --- a/docs/changelogs/v2.5.0.md +++ b/docs/changelogs/v2.5.0.md @@ -87,7 +87,7 @@ - Fix filter font size (#11028) (@BrunoQuaresma) - Fix padding for loader (#11046) (@BrunoQuaresma) - Fix template editor route (#11063) (@BrunoQuaresma) -- Hide workspaceproxy healthcheck when not configured (#11101) (@BrunoQuaresma) +- Use correct permission when determining orphan deletion privileges (#11143) (@sreya) ### Documentation @@ -98,6 +98,7 @@ - Update FE guide (#10942) (@BrunoQuaresma) - Add warning about Sysbox before installation (#10619) (@bartonip) - Add license and template insights prometheus metrics (#11109) (@ericpaulsen) +- Add documentation for template update policies (#11145) (@sreya) ### Other changes