From 09d793d9cf1c1b9fd5240b1837ff78c337ffc812 Mon Sep 17 00:00:00 2001
From: Lucas Leblow <lucas@quiet.chat>
Date: Mon, 25 Sep 2023 08:36:14 -0600
Subject: [PATCH 1/2] Backport .github changes from develop

---
 .github/dependabot.yml                        | 108 ++++++++++++++++++
 .github/pull_request_template.md              |   5 +
 .github/secrets/CI.mobileprovision.gpg        | Bin 7821 -> 0 bytes
 .github/secrets/Certificates.p12.gpg          | Bin 3272 -> 3303 bytes
 .github/secrets/decrypt_secrets.sh            |   4 +-
 ...ppStore_comquietmobile.mobileprovision.gpg | Bin 0 -> 7879 bytes
 .github/workflows/build-release.yml           |   4 +-
 .github/workflows/codeql.yml                  |  73 ++++++++++++
 .github/workflows/depencency-review.yml       |  22 ++++
 .github/workflows/deploy-android.yaml         |  18 ++-
 .github/workflows/e2e-linux.yml               |  26 ++---
 .github/workflows/e2e-win.yml                 |   2 +
 12 files changed, 235 insertions(+), 27 deletions(-)
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/pull_request_template.md
 delete mode 100644 .github/secrets/CI.mobileprovision.gpg
 create mode 100644 .github/secrets/match_AppStore_comquietmobile.mobileprovision.gpg
 create mode 100644 .github/workflows/codeql.yml
 create mode 100644 .github/workflows/depencency-review.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000000..3ffaa8c891
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,108 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: docker
+    directory: /3rd-party/tor
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: npm
+    directory: /packages/backend-bundle
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: docker
+    directory: /packages/backend
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: npm
+    directory: /packages/backend
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: npm
+    directory: /packages/common
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: npm
+    directory: /packages/desktop
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: docker
+    directory: /packages/e2e-tests/docker
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: npm
+    directory: /packages/e2e-tests
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: npm
+    directory: /packages/eslint-config-custom
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: npm
+    directory: /packages/identity
+    schedule:
+      interval: weekly
+
+  # Currently, the integration tests pkg is waiting for a clean up.
+  # @SEE:  https://github.com/TryQuiet/quiet/pull/1734#discussion_r1302831794
+  # - package-ecosystem: docker
+  #   directory: /packages/integration-tests
+  #   schedule:
+  #     interval: weekly
+
+  # - package-ecosystem: npm
+  #   directory: /packages/integration-tests
+  #   schedule:
+  #     interval: weekly
+
+  - package-ecosystem: npm
+    directory: /packages/logger
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: bundler
+    directory: /packages/mobile
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: docker
+    directory: /packages/mobile/android-environment
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: npm
+    directory: /packages/mobile/nodejs-modules/builtin_modules/rn-bridge
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: npm
+    directory: /packages/mobile
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: npm
+    directory: /packages/state-manager
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: npm
+    directory: /packages/types
+    schedule:
+      interval: weekly
\ No newline at end of file
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
new file mode 100644
index 0000000000..1087841c9b
--- /dev/null
+++ b/.github/pull_request_template.md
@@ -0,0 +1,5 @@
+
+### Pull Request Checklist
+
+- [ ] I have linked this PR to related GitHub issue.
+- [ ] I have updated the CHANGELOG.md file with relevant changes (the file is located at the root of monorepo).
\ No newline at end of file
diff --git a/.github/secrets/CI.mobileprovision.gpg b/.github/secrets/CI.mobileprovision.gpg
deleted file mode 100644
index fa7e8e7346fccd05f8de9cd75f0c2634626a78e4..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 7821
zcmV;89&+J~4Fm}T0>AJ)X2SG#?ex;>0WaYyycMQ`x#l}2B(t<Ibi4%(!U2AZ0@Db~
z9G2nZvczK_3+_)9TU4Omn_Y%)y^G3xo&#fQyhdFL%AWnK{lH+)vbM4d<SO~3v={~i
z{GLWpUM#)esMC~cXsKI11sc{mWi)BmS}YAjL4CIh+atJFB?0K2pIS;pF$>DgRZ&(}
z_IjN$Wnep%ODMlKlxi+RvONw|tR@D2O^AqXYpicRV?nGeay+nG@c9xo{G&B4aE5tk
zGP6w*(zT+*cOm5u8v*+rQJC98Rp5U}Kl=g}qac4(eEsLDb~KUWD=B8>``AiQ+>R#K
z3}7fs+8jVP{S}+(|C|=deE>ZS=$(KtmXU8RO;zpL@Z+W`y+OxNpZoM7cBnfXG}Rt~
z#=l`0Mc_YuvJ^tvMo4aCZcYX0vA>#`In2G1He`MqU&_SWiO!!O=abux>r&TZ$aSb(
z<HZbzG%`j$@~YL&C;hrZ`gF@`(q+y|N@VZ@2G>d3mBXM{y0V@?{mCa`X!ma&RgR%K
z;Y!q6RJAI=RAc1Tj_e(SmBcQ|=hwXfIfVrTx`df05BYA(zxe)MJ-zdYj~S+gHUcVx
zR*nvFkSJwYh^bBO;)j;YtMoOY1`R7g_5)73|8?B1=}kiE<kW@5J%K+B=D6H30!`rz
zVJFYi=IchJ+)x3l@6pCJMb0vMkVTBU5lwC5;Tqu~8fZb%6FPc$nvje9A)Cf0n1;Ee
ze<ueskuyz17JYb@G(?W=x9I3eTP3FluFF=#50_4gV9AkW9+R5*JQSG<QWg9TC5XRu
zFotz6vXu4E_|`@#jD}?yiw!UBqp5{z2Z{xm7by%Ci3b<%_2gFmn1gzU9+xULxVz5U
z!JP+cCU+HMxEB7aF34+vV4KDIP|WSmR8vqCL_G}%B>m*@zPe`|JSG!IzHjwwF}dNM
z07LMaC@V3r>W4q^)-tW<mSCdA+Kj<!XQHyB#*MaR_v|Cdvi{hnHS`{gsQACt-rMxW
z<w7!r4#H=y4-t;Kx#Z*OdH5`O$9-P}iU^L&*0|)uh>9lgnyKmL|Ed)8I<+t{!}m=H
zCQOg{e_8s=Tr2ErXx5i<(<5&BkxFIjr`4l>Cvot<k9C~Ou48CT(r?U`kiR@)O)^;p
zTFDtLtw@;kig%h{#4xtIPS^Rt4tZ};^<eeo2%V-1&lu+4s+5IU0f63@M@1-dA=A5t
z9C*{#C#5Wg`Ma9s1Uu;N{ptH7qz#@1^$0T0e;+}8@yfRLbu7u9y++eb^uwk|_Qh~*
zs&B*KWojT+N~hF1oe-Xb`~U4xnA1?5tvX$sb&bMs##6eVHfn)8@t9m5{_77=<WX6k
z6A*uOC)_<u>MvPYheSu{(~~3`e#|5fq{Aj&OAX^c2a`XP0zYOZM+1ZRTTfo_vJS9{
zF(r;AHTCX>;Pq%iD`*M4DOT7TECCUt!TXEJvb_n%WEBIA-~hbbYUo~!a4Z3+p+UsC
z%6x0)UQsVjp(#dJJ(7x4ERCIN+5ydgaStY}ApSH!M~<#Y`(;IMwH1ZKH+vfA{dk-H
zs98$*#Ia2Cq~1dAA<mq=Eg1qH)2FdJ%a)cPeaq7niZz0(`z#tZG6-lloRjPU?6@ne
zWRH~;$?U${jMAQjB*UBZNXG17gs8yNpj2nIViL2+ua+3vGXVn|b9*BhLBYEUI}0U2
znf%>yE~k^Nw;J+*lHY5vVQ{i7J%+}Q5#J**B^`y02$usq+X}+3Fs!WS-WrVS58KrR
z+AvvYaq?j3u>Ll&iOXb})&X`(YZDlSG4=K(e`O4iRSHatVO3{{x(s!6fl{ROS?VO>
z0jkoMgN|vT4ciCdR9%u4mA#_Uzin0Fedr4!{CbOH7RGC#YH>KPAcZj$+|$BN!Q7Xo
z0JCTtL2Uzsnr-zWXR!w-Bemt_u+JnjlFhlx#rj(Z`hW->8mS)1+cXidw7qv0)9cKg
zVKs%A*fc&jqh<w(`q0-uTGd2kOa@*UgZa?(k)@E&gn8U}e27u5zI>(14@-w<M4OyR
zJkR{mrQYF30yMJt6+{xfPkYoCL>qGV<edA;NV%@87M14W&T<LDX==|`^)h@cqhef3
zyy;dnoItGrCXqCo6JulXsf)tOyu@~wLyxst4{g@lIZ+Nb2w9cw?}6O?_&?C&o_!P+
z?5&ElYCsDSt;}g67}z?je~*vVbKvMa6_%5%W54rSlGT!9#}Tc_Ivp>it*H81W}ww=
zi(=9J?D*KmC{H=<Y@Z75X`zAci|I^(=HHj`HL*@OaDwzQ=hW3?T?M9KhK{Eqy{4mw
z+gf5K%?gniMvyijwIBft^o<9?Fx>|rDFe-+&-!UjBwtDBpJ5kD^-=HPy0{VeX}Y{?
zp7GXhW_DPIrY4Rx3ku>uFv6pXktL$%Vmh!HMQh$`mXfGBL}Bs}TYIJ;4>|eA25W&H
z=pcaM-zAfyoG-VS^kJ`ks&mfaU9}sAUCQ^jbBXYU|38qPF6D>nU0o0P2TVNS*M!Nv
z7T+Dg>4>5!jcU<fFG^?DV%>K{$P<JMM6UA}z-|QOr@Qaye87z1cyJ5;MkdW14!sEc
zp!qdHw_@5T9m9b2KA|ThP>}Lugt*_|98@B&>^!p|6Jhz9A}+~`0=<1%+dv7x(9$YW
zz-k>rt>tgBrAGv?!dKT~@SRka1-TWjP>-M&KSb*k3QjZm0*{SILnzl`f9$mH*z8$%
zv4A0x5*4|--O6$u9N7CrEWZdB*byYvkb)2D&Zff3%~pTpgNNTbEFVr^w1g{-1Q?f*
zCS@_D^ALwStI%~(1-bJ#c*3b7u~r^>)VsoGq<9fh^Lw)$C1y6B`g6uwAC8wZG-U;G
z&VQJQJ+b5$NJI)Kc`!!h7|+!9mwIQ|5rM!U1O`EWIhy^NU6pyZ1CZ>8rC8f9?Sajt
z_xdQta{=Hy!0}3+9E>aj6iU3zolu%)Z4a=FrEYSc%Qod}aCdb^D4J;Hwe4g}J>?T7
zvfw|TGa*?WHhAhZ7>gK>VExoL#ie<c`|1Y})X;>otpexAhIL;UGN}2`<-VR4g&awX
z+SN?yf|9#5&P>r;QD`};cpa>>j2Me5l!GcJuqu8gslake(E+U}I9g8;eymN8@d{kQ
zvw4dF+GD9c8@nW~WTvx1!QnCwILj1k)wd~5?lm#&WN)x^Cy(@;`6!E$;)M^eJ<5_?
z@GCoy6g76zX5N}yP?i&{*&j@7*|9CJxGDjWwMx8!kR7@}Ibxf&VN1{RQN43b8i<sb
z1*(kyB3h{0ZT-9|?emAP<2~VZWCEK*`^r$&-~|=9&fY6OF-=u&NdNuz44L;x9i)t&
zAn7^qo9@s3)gr9H7H+%V$sFu!VkqPY83uw+%84=!3#i@QG<y-mb1j6dO|xI)UCR5b
zp%g)2KtX|G<1MT6^Qx2$d6mR;x=9c4GO7Oa2|BjlRzYpBGW^jf>{S_%IoPW_)`&-V
z9~M_mwh&!9uP1}lqE5m1M#swGYrG+TQm<0t5Q1QP@Ku^YIs<uW8Rt#X(1mRl9U8Dv
zT=?d7%2hlC*=s$Hnj*yrhow64o&V^?ROvolx3=5^4WR7TT4aH9da;dk)*du|4}Rj%
zVKfSL22!K&!#$LpxlVgLO)#&nk(Ti(83Q3{ID1zhhVC`R8TK0;OxFZq^Y7=drW?q|
zEY(Br`TLyRa1pKHJgqcZo~CZF%mwUuZ?!IAZ=$4Pc1!lEk*ER?yMDct4R=qz9@e?0
z{IpCR8Fw&VAOYGOBMNW)mG*T^&EG7K5Y22*A$=dBO`R=_wjaFDsU_sEIH)dXvx{n&
zq3PuhZ@0^mTpj;B{&qlt;k2M^R}Gm$V29c3ar+5}as@YJBwl2Uk$G=<t|x>Rq&Nrv
z2SBv}Wdv2c_PXJF+jc!Gty|~8fjbe#qH)0^04u`z(xx6XE6Wf@D<=Z{w!`QGd;81u
zN-6!ZpfZZq2INksSbe1@yXy`iE)k<8E)EdVOOOKm@rTrN)oK&d9au6#YbECQ1(QGL
zUYE0@jB~A}VwjJ3>aN``E3D-OIQE{I6IGO+6vEL=c=%@*>1i}3)_Ubf{8#mZllUMf
zEe`p5$tOEzNT7ZhPMf5m#F=y$pYQiVDYY7(=ZYn3@u>=O=yQzvw*`DcTeMiemB?dP
zn&PC@vo!wZCT$#FYz9mWGhWdfq>FeU)I$nqT&GQdxq$pRy_M{7uIO=3FdY5w)^g8S
zE*9A^QpmN7^XfUshks+3u~Vb?!Xc)ki#m^SJSw{R9`#ylnc?OV4M57Ry5aU!E7{2Q
z;=9UukhKq|>EA6NCE`CbbHzEG9lKBACy0csaj3|}#k%pX2-|Pa1q=<zL)BGJsg&A#
z%ajI(WDyDr0pFwkpS;t%)Pw3beb%&#O9>B`z69C<)%xE6`Z>kYt_!Tx^!G2LF4o?&
zH!Diz3B`rGNc|^+4Q$trby|1ybKV9+3W$xlh6IX#RH`T50XoOl<;p>87v(8&o)4H(
zfn5UBrrs0C9nhAM(uH1ot-}hen@oj$lOyf~-eInEs<smx;gOfrdSfa8{QQUc!vs&F
zTp6PR-Y_Xy&dtRaZ8Uwm&#~H?2Fn?G9<2TamcP4{H+jw5uE(>yIykSjnEBmQMBW*~
z;pUS_gvA^%w@h*)5wsl}pi^_aUFX3E=|GK_a%_h4TtcU*khy~FRsGIRkyH{9S(0XQ
zs>c9YRz`?*Y!7o-WZL-#!GsGB)XZ}5m_C6@JRa)j;t|SsQa!GH%%`zaK&iaK<CZ5h
zUoSrO$%$g#S)+8Snbc9XQWd%_UkCP*1X*7zrt?-)Y>^+lOIVU_fv{Aem_X8PNbTB5
zM~bT75gJWil8CE@!5nawpeopoD02D4CG<LYC;gqplZIjF;EbI=lIf}qli5fe8C5b8
zs-QWxcHe1Tb;@e55ANOh?yRF^C_9aZS;fIlMFzDd&+!o3oa_5zWr#IW{Gt=f%9q<z
zP4TG?AU*5kgz>lTMiyuZ^>rwTLhNzj=x7;v8DS!_YMVtZp*fBs)mTTkf4SzZy+*Fp
zCvr)hn}e&i&Caa;7Io?<pcF6^!j?dYyxQ_t;MyJ=iqACPz!D~cs~3KZ{2amM5YC%)
z>d0Pj;q2vX{EiqO1AtMjc}v3sZqb_!OPUX`iiCOZ9gOJKG$yfj<O^P4G<u?D765Op
z>4mq54d<dBa>tp5><h4uux)AtRDIx)O5Ox+`>|J_o}d4dvS;C{zKacB!+S$n*`*m;
z#^_NwDgUC2ZnWxEfH#{Qj>F8><XjM&t_EO*bR(OyDtHOi@wl>N>!i6Jg|e4Y-Z_Ce
ziE-4a@*M;va;_YVf4@NYGjc-ZBU-7@SXb}E`G7grzc0={q&QA#8!g#vG|Ct(y=b+V
zY7tA``$wkx&?QN&#o{GTXf?EZ9bRND=r(}UoH_1k6B*NLjoiRbjmBdOKpxH37Dt@b
zj4Y0aP4QwmK0U}5l<}>+k<qD)J*aC`z1UpeiH<j+rz1UkR!yb~*ssdnfkq!B*ZpK$
zLK)a>nA=h|8oHIM9`v1f+<!>?1+&DH07r*iu)@bUQCA(DL%D^({UB+?j(4NJJ=J3#
zCJS|Da=b8+_xQ%O`tYED|E?0*3A1eBJ&wgIllRaw(ocA}tXIf};?mJ&5{q3EUrT4b
zzWj@MAVz9ptaqE-He>Z#<(A%1X8A}Lgm%3QMssa#v0+fk;Canix%{4m@PAj`7^IH8
zt=c!)#X4j0M98Q)Knrk&rc|5tKYpF}#SH<$eFGxQ`Va>rpokEfuJcbrd4LTOXNiN0
z_y0`gqSVUMAhA#m;-U{~<PLc%t)G@eILOJR2mB%eo-tJV#xWX6Tena}C!y5aM14UE
z1R+Min7!-Jf7dtM_DxodQ!UVaf-RGeckqBfgM;s;Qhw(^g8;}ZS~3^nOm)dk1IXg=
zW|G4k4vB^Ap%k9*k;&7|{GuAoei_>M1z53&Dk_6n=}IZJ_pLWVP+m@a&wdZv%rWx^
zk;k{`RB>I*)r^YX)5e4~T{p;??b2jV0eNQV2mR=HN&gm>9}yC>5~chUT~dMVN9Hda
zPaO}dM9kqMEJDqGO?ji#Sxr4%YB%fZ0|bYzl=xeysIi`e6d{d=z@M^u*Ae1bW9%Kg
zzQ)e+4cso5Mqcx+Xb|a^WbeIdvK{0r^X7VLf9@}51zR~s5LAaS@7~dVZFIo`-ipyd
zbq>QB#3|P)!^=1Gsd&Zh^%B6?qLS%`mxydcjO*o`Hhr5=0qSIB60~u?Eve3Vy#EPs
zQHF-b(_OGqV`^7d6c|WR-?NcyA>R=d@b)j3Ut~;(1S0u}64!ytduv6=^PG@n|Nc8c
zheXV7a!(MxGClGWP=au|J+KPhA*?6eb620F>wOc_=PfLps>yxKm7Hz4o2FOjH=8aa
z_43-f@&#V8VC+Wwc_U0xWbOQdo6h!jKUXG{e7u=4m*V7*+1o&G49XixBvKLmVSn27
zHjO&ZGpST`3K4EY#QBgU1w&BS8(lMY0GDZRi$g~K-yed<dyz<G6A^Ab+z5b&bO4;W
zl7rL5Q}q8Q{Q5u`YRG|hOX_Mt)~Dd_mHfd<u_)N-iGGB!7s%JS!^CEr_ETjRv{(9l
zD{OWzJIEot_}CEy?rKa%vLVUgrA<YMbB-2?lh%F{+$WMv2KJeO1aTFq$`f$%+~+zH
zB3U`@(>+MDD3LGY>v8AJM%#H&_QCaSTA!_y9q`<H7$Ql$XpcI<O3<9Xxk3H4Z=<eN
z)4>*AAo|*^Q5~q2BZWE~V-`N=s=kzFx=*OuI|>Nk-IcprX{f*zwS2)Ww*f$Kq_y~>
ztBW+J_ZkxUjG&FbfaS7n23v-P8eE!<3mGuR$guym|M}bh!P!yGA6@E3+<I@U@#G}#
z&wz}6G*x*Tr(z6(J|y?dCrwD`+>?^9?|y+CgOtg`jfX7?iSA!zvpE3k#j)>wWqXXQ
z*7o-q;MU^qL;yKRLw*{3u%q^xT{VjcD3C1XU9OE$6x*4@b#UIGM4iW)T%^YgR=ood
zD2j=XvM8YPbub}j056D>0iGztUTau--BGX0V-DiwX9HrKbWjo0O&cT!b4$gx_<@rT
zKeqf=AL7CY9>tm)hH0K!slEX`(I8g#t*9BMY-`4nvS`_C+ypNxCU!vE`bM3G6t}9$
zt|rKLour<U<D!_u{XY3i`f=wpyV8T;6HQoBtSQ}Gvszbgw)*$CS4XwZym^W^x~H(`
zH8-wWc5%@JW9e&P!#@}HIruKKLGa3>AxbxOW0FGu#^GY^+UKI#1r8#g>C5tK+!SLQ
zAy)%1^Uw?klCscBEGF$-GDy9y<MWPEwEM3b%;(SP-9eTuh`zW~1Ur;&_gBDA8vW~5
zQ;g01;@G{uo+v8nJCTlBA&G13(7hc$&LStR2GAPPgN!yLkIWH2QXalq0d^8-Vip>|
z<40a1v8ZoD4+Bb5uq%Z3Z<osrw;qQjvbxnWSE;!(pK8@lW1oVJ)?$yMrM1kgl^_C!
z9qTFv{9fF1ICEjLUf&ah6SR<Bsb1ul4H1}w1%N5{dO~J116yzz4>ieI7>COLrYOeQ
z4EkbI0Glepci9KAEsk_lYP3eHQL9TWQYbKoW%MaZ9>Fa<E9z+;+9qHctgKffLPstY
zkTPVI4+viTw{=;_E!<`NMtpL|MP-k5AG0Szd4>p;&6;v$$yFUdlt3QojcL6N4pVTu
zFmUb`-waFplBhAuG)Omr@P?ePIp+6bpPPThnrq`=)vQzQh#sF_Vwd4F{P0^>ZrFMv
zo+{@mE1@4=?sr+s(L`w?)yk-0!cn{+MFt&Ms_xZfo&$px5}!8T1EFSp^-cO<m@0zg
z0FRkUUdCGASO$S%F(d$)n0G3meEuEZ$94(=Ak~Sra6Bg4RcS!)Xzy!&VaZsi!{hTa
z#i-a%I|Wkpal57P32YI$M<LBIb<#rgd8CEBB+KyZBgVZvYM+cx$m8H|Tw%iesq8*m
z4gzdEo*|-iSI}a2oj!<dp^Yi9%DC3W!m%4<T(nohtoWrEAja*y{?^M^KtT}qB4Q>H
zWi*epsxW##Z2ONTdHB1Fq5SUxGr4};xJ?X`#%NN6Fd6ECJP@Zk&&5F<#7LEwB%gO_
zuQCfp+48~%m3q)PbFNX%;M)ox08Z1y@7n+)&I9*&6TDAUu$^2d@dydHNs2bLr)y@U
zHLx<<3puqofXYoQWZc-}BPr=a)l)LS(2`uIt%oCn&f89H>h4LX>ibe2)v8f8IED&h
zFm$mG1UlB`P3j(O5q%@jQdVHLhXQrC6L8C)shv*Cnge)cC$;IW^{=yYwPs0Ra9j}{
zDCJq$_V3}gH6?q3s8lcFaZ}?uAAOOd<HNfCfdM8t)4KH#QodzyuL@KiCr9k9XRU9>
z*_8~HJnxh*4IIkrC|{KND$L$->6)pzM|3zWBvV4qh}egTwRByYorLlDU{r|r1Ed?l
zE0xCPwI(K}YtVvgq}<+LX2u-OL(bw)G5(yg<5&w;IJ^9E&lyEpO^Hc{*mj>Q9cB{&
zQq`t;=`HBkhQ9D929a=R>oGyBJ-EX=qq>tgMDx~JX_Nni*sa88H7r02e6Ld)Y^$NX
z3fbq9395MV5qX8mJhfm|15U7C4vcDO&;I@hEXYw62eJtBYs)~e4<@Nd0C@RW;dVMP
z<Z^w|AYD-k${89Uuhi>?Ot<~%s3x6?00JDSfq>~aB@W$%2#T3F%WM}z;Z2&G{2{<*
z*`Wx0`$01HYdZs)q#AuhLLNChcE-v!iSOcNSCw_EVCY{++X919RKfDMkd5IU*OFNk
zf^Z@p1!_1R*N`m<xf5zG(x9qQCF(^>iYY=i=iGic_F+m@QH8vdg^|g3{+0<BRz<Ch
zK1FVcV3tWN*xZ>byJNmQ*m;I)dGha}Lmwk@3~N|@+ckqQZAj!tDK1Ye>^OQ#rm>yD
zGZXY>Le=1*=xqy<_^Yq#Lp>@&Nl@mCkh$Y~#&jZv91<a5w+6$@urj-Q&n|1*(Id;0
zxlJj*dsd*hAo;Z#Or%>#jska+eI3Q}>qbs_`f~6cNs&(d%rmb;HSZk(Itp#BcT<;W
zQq>Mqa?@;<dY~H^?QCoJ@+d%ARpiDA{}?4b4wI_P<RJ9Qh(~7~9>{wXKh!WmR5wg}
z2l-u8xW{E<_Q3Mn5+Nx^Z#)_ov~AA4ZH0TSpR___Jb#31k*WU~7RKn-WNk>le4Dzr
zE|jSPSdsA+E!6!{??LPmAT<rD2D<!TG-li|&vs}wKf`ZQjlT?DLrQv4^`2%M=r};l
zGu?t<Z-Sm8wGt?T?7sE4wqdH`TE!4ezL(Pv^ocxaQL34o7e~Nd^xMhF9{wFEj})6l
z9KKr<5qdSet#FfAkTNEEP%de!Ll=yr&U80php2(t?a(KZ^1yw`A`zLkHIbYot_w2b
zlF5X3<oRDP_@t2?wF@X@p2!O65i<i<$dz9AC63{#Jj!YQ;R@zGi+3I`xiIZ6wmgGS
z|Ne{B`}Vg`vM#4(S~!pxK2C!}bq&f8`VDkci*^;DjL5?P2C6Gg|9Q$o=H_jPRhJ~S
zR#+r0@3@tJ*v!#07I&|ghX}#V&Ss`V%H{Xal!Hlc)r1}gWiwtJQvkec^XB@7z_}eI
zp9_K43hZVcFkkdfcgCLs9;Oj&>VH(<NPWJ${0`KinYyN7WXYY@vs-O`6|5cLaREZ*
zVEM)!v@TEpzP<7$uvr;BvW`5uP5SSRr`9HdOXNq(Oj9D2cuyDxm9p0LMSc86bf>}L
zNlFa>wdTe#sn-%zG-<^%hjqIRtQSnas^4sWn9d}vt!QR5R4EeA+3cB>(-6;ai2Uc;
ztGN2W55XeZdvA&-rx<K;uN<D-#K-4i%0_$KcG7N;_g2!IkEL*Ud1<uBjU*(RVva|L
zu_g^UX9K*M^wWe-t43rr@+N*@&GA&UH+GZ^_|e~1N28k)@#a$OM&48(m^Y5yd<lh_
zc>u#RSbGSWATX$%YB!3326YMc4c$sDiHBK@;F@h*5Yu(H7n9F~g5t}w^FhI%i0Tz>
z&mH)1LJ4NthC~l_3cntffddN9kSt1BM8}>f$@HI0Y$C{joO-_t`u=O&iC<;~t7T5V
zU}rqQRKoN3n;nbacT;{a5QwVhh#loN+ySke_038(2*eNRKw5@(GWXXBPm-XSXD_Al
za}c2MD0Pg!%~15;=jEInV{0CG5F0PAgL8t`3OBAdZ`0+QIeG+GOi8RqKxz&s0<}D<
fM7J<O7F$Oh-gec^F&BofQv5B2CaH6Bb2B`mxg9;E

diff --git a/.github/secrets/Certificates.p12.gpg b/.github/secrets/Certificates.p12.gpg
index 30d97a6468481182f0d6e98555cc66a3a924666e..bd1a14ef78ff822d16364248c346758eb6ad6835 100644
GIT binary patch
literal 3303
zcmV<D3>fo_4Fm}T2+mG0`@#B1ZSvCU0j;4=Gck3;I>M)DatarwvsU~X;FQ}DOzH!U
zo?U?V|Kk;3STs~|`r*4j6tV6Pma*uRnEhDk(?}J7P@)h)hRtCdx|7}1VP9MMSs8Vc
z|1JdUZWw;HUroh^8a29mcKGhV8c|Z16npUptlCaV##K^?06J};Z0R5pvHV^^hEV_~
z;SCh^bn+&A@H9$NF??WtYos`*f(;K$i>$Gv#Lv$MM~ofE0j5$RyZA9*uN-p2B3|Hc
z^hO-Hz<4;<c3P*h-osx=|E8JU`^MBYXPc1@O0@DrNj+9wXQbd)SRbZ?E-xZu3S4=}
zH!Qh!bmRR2v5p<u@jYlC6&kYcVVYHJH{d*TVb6<WYEP<jr_u*+KZ3^nb+B&=y%kYs
zq+}9}K9Hhg=vMaHp}WxDK61GwQYv+2w&Jkp&naA=He1L)yS<sQEga;YlH7h7q)Gut
zg~&Tx+h{POLK$w-1s}VS*JirF2DdrFQQ0AO9Rzeh>(7@DX4DX!?BEl|kSYl$sC@65
z>1%=?C;ECx`hNvlvP-Rdgayv2med9M)|6t=9Xwq&tuK${0O({=cBU6wml46b(wdyW
z2Vu%QHxvka338tdB*cE&B?w!L&-4l$7jNAkj75hCmxC*NVSml77DldRH)~m=Otk|g
zFWkwnA!!G;?C619T3@g@@6mrQytW~Q3X~@w_ZpxN>hDFcrVF6leo}WH`Z_CD;!xd`
zYycLjd~VZ=8tOE6%-Zz^c5$(k=L_h7ej+EAhl&eYG(lHo?q%gjsGvQd%iiNtNG8M_
z`lPzs(XynX^TO9VMc^rGB096!`%9S|NUE0H1%}WpZULh$%2==*S4m^+JopAE#3rAM
z!8rmSwKE{Ub<Vu$sqkO-rN72&X|_l*#1f3=5h&$ysjWF~vDh13n89j!0+0l|l>z;b
z%wA_^EcCTpmXU3prE?!~Di)pAZCcw2krluq<GQC6!nAnt`~zG+Eq3Eoo)C3Uj(t^(
zV`$Au|GNr_($8!P0o!`5b3zX+2>v$z3sAS(3M~NU#JUEiKd8w+sjIVPK7Xfam>e(Y
z!a=m5lLYg(h9Ed)*M^^m?+$-xfXeBZwF!iSTUg(q%$tp6X5_MR`!JN@gjMiDq*S++
zr@)DVR}c-f$cBTnd|@)_suUe!n*6IJr4}kmHK0l!Z{zZEWq@IjFbi@{CflWTvaK3h
zgu@U>4hL9u6$6W1NYgPgJGfPw2wwsQg_4ZKcK{Om0H&PHTEc&)VR*oqz%1DAE=S&G
zo~hC}`-xTxjXVw1j)Rd|s^Nl?$|*!6@i&SR7G@NLZ+<+V6YDTc`P)qhYYv}D=nzfu
zNp)y6!j$<(>V%XB!e0q<D$V;0M-ot5xlXlJ?zQgOm7EvH2C{NM?Sv^C6nFL<*gxKX
zk@2%M&1aP^qgGRu_4gQD$8VcU{?`&9AySyj9dQtHUVr$~bm|M{s{<wKN}O!AYEP0(
zept<w{B*5oV?_>)PIVMbLe~pJC1--9;Ryf)RK}Kl2R3maIR-7DUFq=-vm!)FDBAYK
zN!?$*9rz>Ca%$j(a7IBQ#m6okDBSBt2w4!UIc$$b`pZ-$s7l;4@dvICUdk#38TeH3
zV~2RYf##U;C~u9Mm7_mLEd$Oao5$cRv`p#^cU%{n^#wtOKgGtHdm^_3$lKpiFXs3Y
zS|h$FH<yr9GEdiOC$j)F$J}Z+Rgan@AV{+)x@}Mt3B2ZR_#Lx>M+9jKj`dU3;ooe!
ziVyv}_;_?IH6wm5@se$+B%EB+SLYvTh;2b4t?oiuh2V?pMy_Z5WVT8o>Zmrx))>PR
zRry&#jh4Q6sBS}AcwQA<e+#4_$Hpz8x2`hgv)dLbcxc-+X$6lP#>^oub@JCOc+Z?8
zlQN(~lOl4XChsr`qFJ}^NbX8LT26!3lOHwqC88FIl~k_WE;y9hub~oc0hnr!Eao32
z%bMzLDuGTBUF_Y%tWm~3B7y$%N~(npS&#d7WU)rk?mPF@+Yi7ciKan)s}3nMeI$fU
zkw`MeT$QGtx^iy+4Ywp_`=VBGn;9d+bDsd$-!%B1Rlu9FkMfefw|r%y;J%*abapeM
zc5?#+s@|7Jm<Hv-y~jvqj_#XpD+q+@H@#B=%aCec6=4e`7Lw|-eC;G_idid}(q3|F
zXi%j_qW1f>jZYCQGd(KK|1h46au&(l_zVcsQ~?yiE6{pe+|xw-OzYGP$8C-m0UzCq
zf_ujY)|cg{0FevoLQ~)lN3n;~k<MF$F!~$FjS(rQPkY~mI{h?tN;*w~Qgza#H2#m9
zEp!L1M}R)tYP-5T^JK_W7ytYH)QVh%18*3h*B7$my*<lziBJe&vM?iYS5%}2|MrG@
zz}8T_5lsW|xishIJW`S2)(W#D07vZjj@OFxtJt%WKd#Oe{-Kq8!fIy*!!PJ&CMHx)
z1}fN2;_^PE2J!#ichqDAVN2o+6qzI>>pO(&!hbMg^fy)Kf2q$(?Gko;S~N#=He6$$
za*%ccsymBq{>RikQO$t-C;$kJh~QkaZ0>_U3870A=8Rs-ISkRn0xvmmd%8{YPwai7
z+;zP_b;y>bK&V`itM74Sx^BC1BqntO`5VuZOH7*j^p1!(tVy)4juMh2?WOSD6&T%<
zxz6-I#)?h3fM*?}JWU`!n`;v!r~RG5v^`M02+GJfX6DO@LY+i>gz7mg=IWQTiaX?t
zNZ5TYirPzQ)yJAtbc@@-pGS?fjH{dJM;~%fC%dOFZ_%U}4$h;z7N0w`cOgonE!eb2
zZkaLrjK*W-r++SB96ljTs5a*WY6>%Xtx4C6^Zy5O+^HmZ3TxIV?2N2JEG~a{0bp7}
zE!B@`Pih|d5v<gUNfrAR@(QA|^)ZSaFZB?2I+ohLG!g^``Os|xuPP%gdU(y<`bDu;
zO)#jLIxt*+ASgny)6L3C%Hn6Yz|xo9>Y;jjr)f3y?faL*8+6l~(@ZAkCO{m-Ya=_>
zQuLhWrk#ceAW+k<H%1dPA&h>sO;4CIpX*nrlwt7E^b8Xu7t0*HM09Q(*K+R^2<xuY
z%4@(n1_3Q;!w{*PkQx<h5}Oj=le<%y5#YAHpn1XP_4DVb0YAF`*jdYFX|=&jyiEV}
z%2g6uz<;!WC3U&yPCOTBp(HZC6cFWH@T5?u`JJrkz>?Dv)N3I>ah~YIbUdzL%<!ij
z)5HJ6&>EU?EB!Zqp9jJ_@Kq(Y4^-3$@bB{Wd>QQZGnb7`B~Ux<EV1CX|H4s*rTpwO
z2~EkGKx^tgvr)0vj+dW0HRMmQH}qDh<ANzpWNX2NsSi<(?{}u(K{LoBJ8kLPh>QC?
zUzb8Kon{P(ORAn3Ne7Um8@w%smb?+b+f{<{fn~ZNCSuOvaD#{OY(RFI&9a9**wPcc
zXgv+GP0iA0u0h+H#r_=uV+}r(N*XH~JerelE0DA3*Cj*&0o>sa>W%JF{^e5<D*8DZ
z+czxfbQG}<;Hj_raZ`b<Gq?z-dmy2ErXgWa@n_Qd#E-=MB)eJkruAcPIjh=;2X!Ks
zN8y22HztdmEAV^&*Tc(Sq<PUqQD#;I>oZb*1=-K^%$Qmf<w$UNbv+=khzM|Z1;0nh
zZ<YO4U3Lp4YdGfa%;-?V9yeM^1|TN|97g7uwnla-aebA6(p<@s=(kgdS}e9&V^maP
zOwq2PNqs&{QwJGBoPOUi*3oJ^5P2liv&L_xozWr47ax=PAe7}%Y!0}5_yGgurhmHf
zTU;jH`XOlx=Rd2ymr6I-+%;q*7p>KCf%Mtsk2kjD*8C;3dnq%mUGh^1xoTOA6W2KV
zKHpSJZMivxV;KyiT;>E?f%0k&nUGuY9QMMNH^H%vC5bF~K2d*`=#Fq&3K)@3048lX
zeTqsPH4+zJx0%ih*lLLBzIkU=$cRNzoG-d!)=*I<sVY!i(H7av(a*-7V7Ywx5;NSJ
zp8fJ%5>>H&``-tFa%gJIlsn-Zh_S)gP?QKLvF)`&6*dA2&Tgy=Z|&inG}wo5iJN9D
zRR;~jl`ZAC__JUOywESdlP&P-`1H~I?DV7`hyuV8$)|}J@U~)xj<m)&zpCC_-JT(x
zp|y4tm3;XgfCGF%DUlS#O+ybHw6QQ$K=BT{GNXajC0IpX+fPaO4SjhkW%K^c&6a-*
zHhr!Y{`e8#&&LAD+0T%tQ*%VmUqKfUoSRhf&}o<eArS8MLHdm6Fr>2_cPXpP;Jd(Q
z%}N7dw+v~xr+SC4M3bv9XW0ZNp9{VqXUyc`2>7fyWC_7K>zhG;GovtK6^K5U^BfK9
lL)f|Ir@nmCJG)u6IVqx|iTi!^f+>2zQg{GzZo*>^+A)_uQVak9

literal 3272
zcmV;(3^((P4Fm}T0&lgvSBW0vY4p<S0mUIn)*I2Q5*?%t!XQ-AoN0%nmeZHj2qXyU
z^lD(t{NB3bme8^@+=nohr3_vUnY)<vu*u**P@1(u#+aZA0<c@sn8ostz$&t1{bH?Y
zD3lJGz3N~Tc8K9{l>G=b&ylC?B}Q5jM1ikg>6qiHPOhqjq8`AG<()&GOU2i;{@N9O
z?g)`~GAgN7tYXXuasXhO)+4;$iIj@fBzC=F2|iAKq~o&lNNdHpTmErU9c68<9Eeuy
zGt19;&n>d7vU=co^-T|IR+qd_VNQG-r9@?H5L;1G7{C5!B8b<~v<26b4&_W`)ARIe
z<i(ld|G+?X`6c28H0PNeyM2)p^jh*dSgbR{&E?}>ZJ*B;AFz8m!tY>jvC33AJGg;o
zRO-6S*uL8l)Z3P*Z!oM|h}HwN<#y(odIAst&|YV1RKj#0;mOeMphT`ksCu;6ngucR
z0<d4(LjYj9G1;Aq#p0K0WsgZye}jNr)5@)gSW4iU_*2V=24JCyF;Q`0q6H+jyO<SA
z*aO4p)xR8MP|g~(ak9!WQ>@ppdCNXV(MZ`CHaZl6rh}g{IwsYhHcLhT-PM;hx8DnU
zKg(H4<pl;?QW0yKn7{1|X-y4hK?;QN19apywZaPv?ruepgB+q3{WdVb(F`8ScCNUI
zF#ZdyS+t;~n?|Z?`%+}R8*DTUV6{M8x7$&QrL)rgBk>1rx)j9GcH<50#NAyd9r^P_
zB?i~mPz`68Ul%#<ymwcFK?5+TKk_ZjPfm}7w@$bQ<FH~f=fotDC{P;Uq~sqVYq>*f
zFxnA~qC4Fn5V2^hSu(#qt9NOSm?>iI`;i=pSPVsikHXl?nOh#*n1g5=&K56k5}~O_
z6)5|Z3dSYkyoAo7V|d*qjyP96paFhd7E1YT5+8)tK+{2NvEZS@)t~ETI%@0(Kn9F{
zH)1>~Kd(v)s|4P)D%H_>AU$`)-tEM+#%JvR(Y&Z~;oTqvhc=b@qlfBfO2mZLT6Ohz
z3;pL$R3(1D$^8jmO^vFe$WF^@A1DAK$zD4mJ)n+w{yRvF<K~QF?`+Hq4HKIm4+A@`
zZz@TWODh+j#V|_&VZ8z9v7}_Kmc-tN=<vkV$jUiq2<UXFm0E){S8U7fMIE5pKTfSh
zR3{RgC(j#ddP1HRtG_Q&<)KP_u_5JfG_m8wUHF}cUfS>LCI#<c#X~0L<YkbP*&__y
zkrXt;N*H|q_gb&9PZwh!ln%qKqi$p5^Z*F|6Ah0^4%&+MJN~%rKOSzx`E;0fG7ZR!
zUyczc8ZB*-1o$jXdIk;DDN&WN({iGBXr8PU7(Fa(%C_Mb22NCYZ0=mR=&8V3gyq`C
zgSE=LRI38A>T0-7(pm4L7gZOF2ns|m7uqosU<vBn+4gQXrw!GQ2*3C-Qjp6rN}Mj^
zwD`-c%}PwtIY6k4SMhAWZjwgq4C+XZ#7jM)OGZ=kGbmwz<)F@CD8Yd+2>R;zF?~l8
zc1EB<Hm2T^*X|fsYSQtdUpiHHWw~Bshpf>yn4abI?Lk(HICK3tywYyDD1aZDjs{a2
zz=4QUi+~=DZnY)UHHDFLG<Qj9zaPYJk){W^j|eH(B;(qP9M(s>TEJF!jaN*fTq~uu
zq-hm_W<P4WB6GZiL&T*Xgl81A^$Quaud@HvDMZ>(m)i<vbv%ygzcp&iypaLRIUe*z
zjO?e^zVY8hG8;0!aToGgd2z)-YvRMj*dPGa(TWI8^<kgtIz5h3WK&%^C<AHQL$3n}
zUjb)=Way2Z0(0A0bPjDfl(O?7d1d*E<b4bq-`U&c*Q#G@OA9QlnAK*`WZ_*gbjDeG
z+D~pZ)ONi*N5731F(y!@Vw3-BJVwX`fX^N4mLB!(V3@=8DXJevF4KoR1qf_e>WFlw
zz2FNeR*@9UM9mrN?^_vF#<~+!52mT8ky8>JRr}9>%{~=}9b~=g31(gRX@08%^!=~7
zYLAf=xRDwK@%od;lvwBpYk6`2lUfaluR<OGS2N>;A4a1zZFIN?%S${xiYQjDg?s>5
zvp5)hNNI8X(Eu8sy1a6FFdyK0Yow!>>)sLYHDpf)*Wthfbyu-|V<A#<EErc{vI{(H
z=}k|$7LkW&zn-PNl%CAt1{8j?w&rxBW&RPw;1T1gdLOq$eckrA3gk9mDh6S9iqnAJ
zdqYz|4y%0b3K=v!C=8Za71QhbB<NKOyZ#q%dMuPSyV;Q5Hp8O}$V}SU{eYsAknmvr
z_z23;5DBm4$A^!B=10}5BQC;Frp*fEHkbxJD0oI_rJS0l7TxU`?LL;>y^5*ehy9AR
z+e5z(`Yrgt3;|v{eLIb!ZkbZq0ma$%n;v8rI~g3@%6IUW8wI^FeV#$f4$PuP4+5*5
zSL)lB{ut2tT+2?4nfUX>jifx7;v}xC7sr?MVAd2dZ>h3rEcCcf21`Y3XR*4UvPjn8
zuu(qTn1PQN4`Il1qp7a`Jk%Sv9Xgr^n-QNPKHVH;8TP>vQ9*zepzIZwDr)Q1;1S(N
zJ*>;#?d!z`^aP0Z7G<-X<|v9^x&H-9z>_Z1!;-75E`1?sGoM`DhDyH0J^@up4qqr(
zJtCS@8b(x4W&5nutLx#8WFZ6Vp4gU>_Jj6fOW<H*u=$H~{tH3gYU`X)5L*2f74`pK
zS$Z202?IWzvo^seEq=;RgaUG;->K0To!>*!aSIG9T+!|a>#~5KqdscIUh1VUK5)Qq
zqpn(Fc{L}WwUO5zcX2HQiYq*AGI-pQ;tPyCdwJM=Im0T!!N`>`U-HhPg-Q|oj7C-R
z*6Z<TeauDSVBc7TEdzJfsgI1B%J&)sM{LSon;7W*sLZogQ)$z&QC*Q|az+f*G)UYQ
zHY^Od^3kliQo9QgU1+qZi3e!|+HbmycnuL@2PsyqV@jy~!PiO*q(aWQ0$YmlwGAs;
z0DMN?p~XjpB<5aI-t^Ni1(~ey@L=~r$KwR1$+08}jztnRc9QR}K*k=!Z0T+E@fO9J
zK$x{0Q`*w7I9hVe*Il^1XLBa_(gT$}Jcz!6^&Giz(J#S3ZqD<fjJtUz(6#=GR62Vd
zzGFY_Y#OF<bYqLi=fYYS2B#K^wEqf5b}*d9v0SM<VaA8u$nAd3JohyyjGs(w7b+<W
z;vO>}l?NZbEiV6R>ba40f#B)POyHF!sF*`)eJc>5VeKU<#jaN#VzE8D`~Em#PtY|Z
zz1Avt{fQub+B0)d!D(?HuOX{Nk?+C5Hrhe^GH!WkHvAfp(7hII!kyBdw6T=O9mfl$
zsrmfiq`5X+J@R#P<>x<CMTRNE!X^kg?qbt&nJ3D*ERu%<)Yvg@h~5pOpvUm_A>6DU
zD3*py<VuzL)RJdk*qQ}MqAEaFHP$iSwziR}rcG6#Yl)DJ<bo;U(jA9HYO{iO+d5r$
z=W@sq%^699_H$U)y7avt)}_TGP<uZLwJvSRgP163`OIY<3BQwRpVw2stctMXbPr6=
zFBThEoZDlu!AZ-iZg-+(wVr7mKG5Frz>Sm=&)oxI`!_po?vPYY>yCf<Fs{n@l7=CL
zupdE;O<{JTM11zvJ?Gn|`%dNGsq29$!of^4NyuM8u;nu&0xjh8B4euDg@Ti$^qz2{
za*3#Kb=F3t*+a-_KN6UjG%TkK0RIh$N@6DufV(8<O(G<e#nh4mOh05QaBa#|IG3L<
zJ^YLhtGKy&9WWw{S@2<R$X)E=DN3^si}qd`dVAUFZ9_kBi3>XRNOt`1Zx@9-*_WpC
z^dLO%m~m96)ABt!+FwiM(2^tVG7A6KgwXC<MLjVyv4|$g8sl8FiMp3I5GB|ER34^`
zD@7`yNs@;wsu7CXR2`)cBy}jpXlBM^?hUur{@i_c8D*=-Mo)-@WLD$H;}Z*OEAEHB
zKJ^3ctnW6?%PxKyQGCxDel>mSn3BAU4wCm#A-7ZidWWYAQXd%IZ#0EQvJQ21uobw8
z-2$5wAIqqa@)8LK$*h7=Y_pivAw3xdi*E>rxj{`?ew>drPWX$Cu@;7`P<1i>9>VlK
zI<Qz^!yhj$)4R`Rz=`6#vlUk>Id;hw)w%!i57)F~dN10nX16H%Lsb8Kaz*8BpF6{i
zZ#kYIU1pQN4<c6g18?(0_m3gO((7mbMQx`3yZ*#9b#>6S>@?!(0b0vl1t9A+WFFnP
z57dgWhlop&wLaUQb6`o5sXVBQ`g<We&1vEh19I}G;fqa)!8sqGf4y(4AyHC184$Y_
z|FdwYkNLm>IQg|%JM_N`mrm3D>}j;L7h><dfHWr_6bl|fpA5!qPbkNPh0o!6AQNM6
G;QAB2W?8}j

diff --git a/.github/secrets/decrypt_secrets.sh b/.github/secrets/decrypt_secrets.sh
index 5bdd715a42..e63edf9a6a 100755
--- a/.github/secrets/decrypt_secrets.sh
+++ b/.github/secrets/decrypt_secrets.sh
@@ -1,11 +1,11 @@
 #!/bin/sh
 
-gpg --quiet --batch --yes --decrypt --passphrase="$IOS_PROFILE_KEY" --output ./.github/secrets/CI.mobileprovision ./.github/secrets/CI.mobileprovision.gpg
+gpg --quiet --batch --yes --decrypt --passphrase="$IOS_PROFILE_KEY" --output ./.github/secrets/match_AppStore_comquietmobile.mobileprovision ./.github/secrets/match_AppStore_comquietmobile.mobileprovision.gpg
 gpg --quiet --batch --yes --decrypt --passphrase="$IOS_CERTIFICATE_KEY" --output ./.github/secrets/Certificates.p12 ./.github/secrets/Certificates.p12.gpg
 
 mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
 
-cp ./.github/secrets/CI.mobileprovision ~/Library/MobileDevice/Provisioning\ Profiles/654a2214-095f-4939-a9e5-09f7a2ccf530.mobileprovision
+cp ./.github/secrets/match_AppStore_comquietmobile.mobileprovision ~/Library/MobileDevice/Provisioning\ Profiles/654a2214-095f-4939-a9e5-09f7a2ccf530.mobileprovision
 
 
 security create-keychain -p "" build.keychain
diff --git a/.github/secrets/match_AppStore_comquietmobile.mobileprovision.gpg b/.github/secrets/match_AppStore_comquietmobile.mobileprovision.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..27f3a9a0384cd6a5f10843141fbde0d31291e0bf
GIT binary patch
literal 7879
zcmV;&9ysBQ4Fm}T2+J%qGK?8#ee%-k0SYYZ1XudZe%wyg@z!fhLW@L?t-~)j<r8!X
zmQaOw1oJ&&CR8|NDOu3uy;jq1Onm3^p?hm;-+-;mYZ=APdRm)FN}A{0B2j_<!Bs+y
zE)q<Rd6(3|v!^Ia69nUc!a!Ugd(q(hgLYSAz`-G;ltxV&FxNI+M=W!Fn2S2z?tVG_
zZNXcbyZE#;_xAxt8JD59#7Mw$EBlix28V#X-y()YiP@%UoPQFaY1wQ>8W44!w3;JQ
zbdER_)d-sIN2w<{6=|sbC4i&UFrD((Un$-4Nr%9)!v}iv`9}v@FzB_j!9kO0P6_XZ
zts(v=8J2N;yM$G^UU?th1!(^!c?n*groOjroZELB7YzW(_4WA_fBL&f4LlyPy;IMt
z=HAH&-hYreLWtKLiMAA$o_!qVrOKNNSiMvACMBkD`_1unW^-ZV<zwqJ!*Y*0N1SZ@
zemE<(68ms~NsmrKk74bjaTgX$ZQzAklcjQN?|D~HMK(x?j&|P9v1lW>e#$?kwSMb(
zJ$qS59}g(~w{ZMx=Yx#n`OJ9bKRd>C@~G=U&uP3Lr6K-P#sB$+p{Z0kyN$QpuM??%
zH^Bdvt}q5X7JyhhC|TP^3(L)M<kSt(VRem8*0iAX1GyZ{XiI6*dcpQQTSIWBbmJ&V
zbiSBIx7oP1jfiFKSLES}k3({h#G#<w{g;9<Mgaj*QaB0~W<%kwkP7%@w0vTyV*qjj
zd9YF}6v(>R$ZPz%?lE4XFs1q^)kUDRs7ID4yN6j*M0Dgebk?gs4xvG(R&B1+?#Ns?
zoQOhtUe8gUz#viv;BoJl6+ohjP;MYAX<&hGOUvtuFRG%@V22Z+plFntq;SKEFx=$Q
zwBver<AOY+Fy-NOEwW1DsGKa&cS+W?eilCoASxSAVB0Y==Bo5R*($CnqFmp8B9wm_
zE~1a7$!fHt#KzXzC?-TPKRk=z=&v{xKjM0v{hvp4Zk4sOD6Lmfz}u&n!l(E0E*!cu
z64$TQo5E&g`thBNF-C-A%)!l{?EI4kAT}p4jB5PIk!(>ic`}HZc%q$NX{CZ+7`oaY
zyUZlk9{3R;{J$;Nrc~DvY&`FHp^(1U5io~-eSXfnOr=dHhHUo-w5>*KR|&lc7ImTN
z+i)JMWWS1dwHEszn8%G;D9U-x>Ly{B|LL#EymLn@MauWmI(PIRghq_9n>fixkwCIn
za10DiL6rx8DIq~R(Pgn;jL_?#Q1-WZQA^AqOvwU4^o61QtbyI()L&r{jZ~awOm1NH
zsLyW)4b_VXtpQegS>8LoC)Ure-?L`<5Y6PLPn<B7STX^Lq_-|~7a`4ciHkxstAca{
z&AmR697e*(>YDiaN4-4Y-8d>PvksX4a4|)+@FofV21YUAU4H<oj@s+oXfpOa?9s1U
zXf<?15eTWrM{JDQHB?+z{xd%D^lLwI1K7h*dLi1R1kbDH7pLL^r3$$)tEb1|6w=41
z01@(pTOgvUJaGp+Z^C>WWAXTBCSafRa+@GXrXrJ#^aKnU7*y*yJdKfMaGtEkmnW7s
z$OnJKkLpy-ky(_)6VNEx$uGt;`>;XRp^@I$stJx*=m=f8)+81Non8nE)H}m?{$_F(
zn$@2xV78HUWE&fq9HeG*Y5#JZmqw{s%XZa0r%F@$I7COGeW}}=b24ZUU&Z3{e{y0K
zP<urY9>pl{G^i={668r}kYWKu9Y1%0)vCqw0$U-U`$_-HB%G+LU02Mqlxrq@n`6zS
z+c_=}41^Ymdt4ROr~QjkgYjdj#X^XUYFwn=`Q93d9te(f#6fBAzii(o@0<wI)L}>G
z@6qxm(*E9-6fJ2Y?W@R>)=hi_&%pKn-$g}gYdq-Y!+Lt#8!o4tOGIAf{>#2|z&Gu6
z?1lD<ez1unBZCv-Cau#mrx3%5u4p$Iq+J-0QQ2-MxA12Y)RAJ<I$fMXW6S#n3%8>o
zOV?DcF}IVUwQaZ}i30^60W3#(ne!G$d-nn(KW_<~7_}@WltM$h>Y34$v(wl75%@}$
zz?2~I&t!>1uuCb7hZ(kJ7i~hDAB#;T2T5i$SG<~cdrPpL{F;a&OeT!IcPQ5aYQiJT
z&~F$$t{MUg(Q}q^1RYd&G7wUQ#}f&9N0qd%aP76L<u9qw$<lNO4*cIN=O{~<)*yX}
zBvsf#<C$LxE=DTF>DZNvH%Oh(Pi+6{qd@&Qm3IPlI5$!IJ49*bf&(C!4<G;e15nMn
zS${6sM9X2va`%XisHX4>2_^78N}24lf`!HyD-wt;np=@WBRzewlwH&;QPGnii9uU@
zK&jsgS|IJDs6K&Q*uFz0v{sjJ&+QK-e{we5P&%V4<t~$eD8U}m_QJOHlyl_s<;kT?
z=|fjiyuBK<7Aa39L=ydwWD-l3y0=3?J$T$0ZcM3T&st(ZH3}8xwrDv>D?VIYT;mFh
z7rvr2SwluS%3}MeLvxdd>2s%jufl?DIWjqlulc9Cnn#f?!WG8@Vur2EGR|rgVIi^o
z30GHw)~G_c<rnK|SE#I_(wUi8F`ROd;?h_V8NPqCG>R;Lta`EGiNMV}uvqP0rio}@
z%3{45pr87={9BV-fv^#&b5c??lWlF86<QP;YKT#5+2Dmmw<R@&&1zKEqj9zU=6Yqg
zS;)zD=&Qx@{Py)o55<s)m408olxR(w+#qecS1ar<YSBrkeZ33*hmzBXAMC_F()FHV
zG>(VuLwE2P?A6x^yxA5BeD2F}b8zwAMm6v2S+P5;j4ffcP#^HJ?n(+6<!HM2T%wIw
zFm^2l+Ew%WNiKM;N<RRP)GYG==={5_U#S4EX{m+-F~|9Hx=r6M8zqH*=eOjYLnV8^
zA73=}J_Arr!<d;wBa1Ad>|+F7qmRaM@S`n*O+)@3QTxpvuSpirHXM5ns|$d^7uzqT
zbApU(YCjq!DI5d=P`*}=5=|Qoe8)3S1?mSZ7zns<KIRbo&%aosMB+W^7UiEJrIZSp
z(qFxn+lv`nIv^^sLXvP9&0$q;5mwd*KUQr|o(^GJRdXdX2U~D)E|%ov2_>EyFPG2s
z3LVD2+{T!io^J(-%H;irXbj^0T0@lfxI;+6la>}$86qd2#fM~TyA0T~7N??n1gH(S
zn}ylqi9w_+kKMKY1V^KSDBwQ>AC}Gi`G>I1d*}0kI3nJ>W<en9Y<DA&NJZ@*t7cF0
zhIMY{Jm8aJZ^%|6-f{wvOz|0c%#~~$5M{VF8ugDgrL=rpjKzX_&ADJx{nxXH!ijjv
zR3cvO1$K~(Ev9Pd&muC=z5l7raQ4pgwx%14K?%d84pO`H0y)^2&XXxOVig9A|Jg6V
zoWhUPK>IDPx|Q$9?>>&P>@{G>ny1kjQ_QTdHnnVbH<fjLN#L?ZS&ByQoTXfwkd_l5
zfts^V(#_u_E``}}^^hz}$jTs(&ER2GHbnHMf^N(Z7JHb^TMb-M&Q}L?!-@cU3t41+
z;Rzvlo&y*?n(p@Quq5DR0<8nhA<o+*C-?)zbx}JuM^pvs=*^!#yO8I|-QV@KaPrs9
zal%s0<ccuz78SMag?_~UT_8o!uGI&JVZc?xdXCSEWmsU$Rl{bCWI4OYG;<2*M;P2_
zI8O2j0Xl|r*&4I;0guKb?YevZJ+bLoWAEl@kN=(D(;WXDgc3$K<9siNf+#MG;0v`2
zz5T&=1(?uc_XkMIixs(#^bCd~O$92$j(JR=CtC3=2?*b>G{+UU!VayYUrdMyT5e$%
z+r~WWO^i)X$U*N!l6jsag+(UwkAT|iSXbf-6^DSPcaPqVuM93<A6{y8tcX6vZDt@!
z*_@C8Fr?%`RvaZRMh+TSzV%4KGcnB4sx~Tt<uRFVc`Kgs|3q!0&M^1l8#cvclEci<
z@pvIGKBiRW%3i<?3>q`Kk~K~C`#M&ipTRx=FS`J~W7~$dZ-12~zcc{#r!9}WCnE9r
zO*FvH9nTz1jjT8_<LG(m%!>Y}BAvcCmKgiL@TyTS_-}zxeBlO_DD~<9{j&<cEGifv
zCI*J*AFxcc9?`SNsC`C~6S*QByf=eI`wXNA$y5;g(Ao+-=}6EVnxDWilTwslKtW?z
zWo?SC+^u0-9L8-eY=W72P>D^8q&I(kLXKG|ok*i@xC0G9f4gFHEv{eOLdRZ*K#Skp
zr=sl=(qZ~nL75eUqnAgYsmRq(pY2s2g9$<UhH8<}3m@NbR4MSM*d;G{l;lWYvK70^
zvN9$4k5@#=4Z=BraKDiamVfmGqYOR7`BC)V{80<OGSQ10GX+wxH2eTxknm{7m3=rM
zvxo6WnsdO`cs>?22AW|GI1;A%Xf3@G0A}<n4(>X=E8i|yJ~WJce;N4{!q#Ruog<*D
zSUG(f!w|yb^z2n-1;Jj*n>NoZGOWN{(3#UNMwY343s~j2!Cu*99m9DIsJVWEs*Yl_
z#r9HMN##Vf_6s*uX5;&ub{Y>?0MAF()OuR?y4T4WZ)s%wv`k8~R5UHEZaZ7l!Va`t
zChm8Qts#pF=^}jjVx2u_(O#kEpu64up?>62qiy}5w$yE+@=YcH#r<pRa}mIklX7(+
z?@B-V38wJR)QV`czx{2@n@m&HA($YN7`wBQGd@LV6w=fOTX%?3>(XYEMATc4Hul7A
zBsbjt&ij@d`=IQTh4+lzcKwfpX%*b>2E=XP+guDb2FZCkh&@hnh$bJHY_U=oO5ro5
zUOz3!%5lj~I)cTU3S(3CKXuEma^S9*shHUQg^{&}!UABJX+FVGh!2AjS9e)e&`0n5
ztCU1xVjZ~t<ORN`FY@QjVqi#ux(qd%km@JQ`yCgHW06Ee`L=LBv$v-XIs@{gXF%Ls
zrle<bOAH+@Y~KV{uao8+ns$=VAvBD9+tt%|6May>Q<LvPffkMVdGZ9_xJjReb>OP;
z?NRk_z%lZj`0|;Qz#p2IEH#kJn=QXp@!~7jAcOlHnQ*w|Rr-21yN-mT?9@(uVA1!+
zq+?OCgBlA<+o4&DDiUOJp>SCwGU*YYb;4htK>V^l)u2JAhuXt}CQ)qGI%UkxLO0<M
z@=T5bZHNAzr?)85dlF_p@4A+%M_qDmNre{R&r5n|sJ)d~*xwS37%P9cMh%xHUKB(-
z52ccgEcIwCUEIlBhl~Q$;8V?e+vHVYv+Jik6wb{?To7rPlyV755ZQUN>udj=Ah;Rv
zfsV%!#0gp&^Sfj0(6fOnUG_%u3@1lPT?m`I{zE&QW*}MIi-jOA{jG5}(qvX;vE0}+
zY*_Vzl?zongJxIp83rkK-Lee(djhO5>OA<H;ofIopvOGvbG}c7y5+q`B%S?_@#0Vl
z{quy<Pwd~%+ERpmC6az{eI(m7q7HzCUQ@1;>KSz(gYJWsL(&lQdDqN3RH-=WsQ1b?
z)aCfwIQAK}kdPuJaFNpVAJ}Y_R9sN?3>3K(s&g5t&tI+Ilq%?BKLRPWV!(ajF?3Li
zBy|kje_!S`XGCLc-x5?dT<buy@2{JtSbF3mAT&E8AOmS1Ki;+04Cnp~Ie`E`H&c^C
z19QIGLTC6IL*Lt6RNT&JJ9jGTb_*-l<FabKCrtRl?x{?T><2G=@ERhap2XFQ71YCO
z9B=gJg1x=CxZq|Cp)W0AdhEtgZjKn8zqabYV`si~W8O*yDF$(tNy)zJa!wt=M98X3
z>OJBjBRH>YJapi?>)4brxDG4P$klXx+}r1@#W9vK<k)rJHN2Km*=JxU7GEZWtI3c6
zDc=$>+gneqpWeqk{j-3cb-6W{1_zj6A8@h)s;hx&E1JBiRgx7Ng0)rM-l%Xn`@7^I
z4>+J8p~~WG&nWEaUf(L)gA%6d-?V^f3rb;Y?HeTSr9^|*N~2tajc{2RUAa`_XAPZQ
z;#E?Wdb#(}OpoVsa=$rfhx7eqC6ph$;!#i9+3~o{f&CI~@>H@6Py$u%<3}kw+nSAp
zI(nKP>-ik7HvWsIwM=~X@tqyRfUf(`KfAQ5bCQU&IP6_Ap);|)kDglfcN%!d-u=-s
zdK?jIOErB8y7><Mu!StV<1NJOViNsTN9Il;fs2A;R_g1Wpv=vOA6DQ8JBYgCO1Jth
zn*vfcmUnfOq##$o687X**~OcjcGGZD)n`R9?V!58w4F9`0$1`hVoS%Wne3^#;~L$1
zf#sfK-ho#`#y?w?ZDlKKF}@;>_s+I|Rdx3A&!7XZB?#x?3|<}^ZE&T_)3>o+jFW4M
z5Kb__o1i)jsKR1t`H1MHV)Ku*r3*!oj$&+hKT=*9aL7t=!>i4{koqZzcH`Sfr3n=z
z-`l)z#*D$<XEGosyQ2w9F8CYjSpS#Qc3W9Qeioq%N!v`5CeD4<XoxLSM*c*~-0Yd2
zACrxJ#1na*Hu@(0Kb-+20Tf*JIrQaPM<EqQkQ@M<(hWFFWBv(ap-46%y?XMZ!~gM+
z6U8&k{%!LD5AG<Vp|OD8u^2ovpq_$H5`!y1T*jIzV_LcATDY=&8UdT=g-HM%1ts_y
z;K=O&>5M+4%A;ss<ad~q!*Fy{LdVV0+(pwHb<z5sIWz^JH)(cswOGepao88x(D8>@
zILo4O0f4fZXq>Km#n7C<z#e~b{eJuH-PVx59f?Y^{NXSV$>y}y0x=eQeneLJf8MeK
z*KoXZU49fu8;vp%wMVNWlJU|c^uOfIh6~yQT^YJ@5BTO0drwc;k#1LRSIP}Y?LT+o
zpiKa?F$5OEM{Vr&{C4ckz@t>9MOZ?tu!QLgo5ZL_#^}EqxN2%EeFV7PP<jL`9<K^a
z)}qT%s>EH?i090-t&82v2<b*Y6HNLPiOo2Kb6byf>d7&^c`KWB0dcbo`sKJ|c;?qI
z;Xt@Oe3*_8!j$qa5XC}9o)-JibJ{oYG`hneV^vN0&;&|hV&SSHb#EbCJJKiCWc}&y
z7EFAM!9_R(wm*zQK&VcYWR^;aD_#E^GyT0BGwvfKp(68PkZAV^Eg7xKAN+c~gpe{c
z3-k(B>`qjA*vqfF3al+{q7*vk^RjzRkZS3fN;tOJ#2Z3W%biHR5&;9{@hF2v*w`%M
zOgG+!f+GDD&Ni!Jdz#Z(|7d(@;<#h{o{K3Ys!dW$#WY1#^M*)@TF-p+=N9DsHR?w!
zj2w~$4P83XFVW0r&N(QC8spCxupx)V=c#%5?jm9{3SxR_{;3wbJ{on|1O)ZkPLm|<
zeq~17lt%vT2lhheOhKM<4kW>wJEEBtyC8;sJ*RMINl5;P-BbGU9;iN5ZQ}yOH#sD1
zEjdcdw|+}%{vGaPSeke*;XbC3>nZG^kLWoQh%3EVsYZPQXH54ird($V4@QNY92D;z
z`x$%Mmj*T`YEU=T<%eEo+zRCP<=+)xZcXPDkxPqGg%ha#8n_4_Pd?ATbToJCZ*utF
zr=GkxCrSg3D&o$%<VEHBG@TQTxdI}IhP_?H=$4UHu;x<8BRpK9e}JY(YudaUmAhOH
zll|ld#K`kP9AeSu5jA;TIISW7A~MXvL<U&tJ1S&e*d^4@8;BcLGpn{)ZSod1u=yIr
zQny0s8*nBJn;d>(_#;~r0%|#oUue?$Uh69L<9&$_!zNQhMQBh%c%MBFb+@27+r}G;
zLoHOV?-KU21~B$4r!FQsC!v5!v!+!xy*BFT+w!O<I@2bbPPi`c2&s7_c_D1|-Tmz%
zj-EhG`hxgsMz>D5Qf~dJ%ZdE%;wXo4+W75PtY)4mOPmE~OS1XBzP}hD8)Z;9)TAhf
znD_q3X$SzKzpVB~-c>%^M7(OxnsU~ee{{?&mkd8*{EXPZz79xgzE^dtFy8yIx;aPg
z!bS@lt;OAwxsH3#b0nm-H~A&OCXJFjsF=02{C3K01-CMCH4M_JaCS`1=iX=CH)rzt
zi)a|K$|`0>g}_SJ9vN$bw;MVJ@3b6b4HBk0_}}V;yHXNuf8*z{Bk468i4rXYnLwx)
zr$B!2-i++=zL*=YSF$5~^7-C$y^)LCPEf4X$&=#Z|HR-wRL}-w$yjWYYGyT$3?bdk
zJ2C8M`l>UC0@z_9ud$ECx{6Lr0^hG^CKNE<CtJ2ASSYV@y&DNrhH;wUiEY*dxC^)B
zYS1Uv9%n)z(B2SxCDr_}#Rc8g3YB+1lF+aHj5Jp~+%xJaFMeEN^8iUTu>EnU9^NDw
ze_G;u>=)mX?!ZZ97|j|e0};{CVhbT*TbQ~NUn?hiDNK{i&rdxzSX7XmUN=TyPopX&
zvja{}$h3sCW~%fSV-y7tCSD0OOcrk(IoE)}sEs-K4}Q&u{Dk>yw<m7+E(G93)fnBW
zN$3f$`4^>$lI2{o#xh{njJgGF@U{IUToM%N7^N#l*9)PrR&$B&UDZ>zBfHLY$6mU~
zRYAUD_ut*+JvD}HPFQqzJ_az)0qI=zSsd<N5aq2;41*%Q?Q$!MZFpv0Egd9$#;fBn
zphIW1%DkDI3|&18Vsk&Nk)=m+v01^>gU+CT9_P%+;mr|on9QcXUE{KIxOY*-TOom1
zAL6e;d&rd!7$7MgBN-9#HL%RO95m)++#v?R?1_Bjj>hK}yqjiOBIa(V0jo4aXe2la
zR0InKE=4V7<IR-+=ExO&?mP2m0IsY8!|?=nMbve9Uqz@YWK;czsn})Am!8{@!pEV8
zsyg;D%Aa~HZ^_Fg@5UQWMJmfzA@dW8YQb3_w1pswK4o47qX+ZqOhRbEoR80C#))~k
zmbyMB1K{H&&q`npN?soSzGjAiq;BKzA}Xz>Pu$xV7)R}JkcMB?^XC#gxiD)Y(&li@
z^#!N(ZzeL4c&A=^sO`kjJX~C9Q8J_FQK5~@LHQ~m_H}1ORnnnh+{4S`3FVzKA?Ri%
zUs}x<cO?nzlCj|;pD`JpL5anTu^xf9edUbsJx^d_$RItXe`sTH<%@a)JztnccNc@F
z#*3Zkzex1z8w^&=1#@z_&8cUt725Zhv)jiCjNZYZQm`R`+Ia!h_A>lh0k#r4<8buk
zllNrJ;L#$?>GHH^xg#NPYFYty_0^bw|1ZXv@-4NNU46Cau*dWKP92UB;-%af4zt<4
zv&<G~js&OgqWR{fXUfJ0WANrNz7IT$$^$&p{u1R>2RGVEZfl%smKsR=tD)M}vMVPr
zuelv7C}ff5VEiIg$7v^l(m@BzI0r0Woq&cePK>PixD#z=!t6$m^adp|IiXZ>-@8v`
zYjA53ueMptv6*YYTg))G<2aY@RXPV*Kwko<>9);<Pl~XwQ4h?lmQCuTWXW1*LT7M&
zW)*14R!9Il2Y69mH3e4h>Z%g08*0ZFOMy?!_}T6s<B$)TbpNj=u7O=>)%Amgh=SWc
z9rVb=U+m&U0vuYOtYCc9#~)D_(nyFW9ZHitAh_8&Je$CS@R-~@++jL;J@SeTwAx{Y
zK&cc<4=DIBYVeje@T{aFzf%NF=v?g0ilhq19;Cmh9)1#v;KQ-Cij|)!(E>)9+XVOa
zwR5FR=Wu99MeTMe1;1T?g`KMDe`xQUNSbx|vpZkVc(=xgtr0f#2)vw*JhrbSt2}~T
zb|g~1Jkijf6Gtagtj7N4G!}wW)1W(#^O(OB_K0HeJdwrM7VSIaCOFZ*nQ1^vEO4#0
z%Bv!9bl>MZrlhf_6JoGWDQ(c}&u-El#v`2&G^byL41Cst59YZHsU@`}z=^feNS^Tz
zcJAEdkLy!Ezc=i1nkE}r)FI<P!6Mezn&fy2L;uG?kB@{#C4+L==LqHNba<AgP4{N&
z$k+~b!*B8J2GTXkCyW@crH<;>y1E`uUmWMG{nKNmJ)L+5`!Q!^Rh9;@O^3x{w+Bh4
z4YW{VE(c<>P>yb(>jp8FY$WcMO<0tp7`q5q{5kZmm}-Lu9kTsSe%{fg5Al~Wa%;MV
z?C`X?ExttG-_4LZf8`xU$c0OrkfED=Tn)-#Dow+hW>0UwvJ=;p80kaJD4O#O{#`eu
zBbF)5=qy>6!O-`jtfJfg+l6AE0!s8w+B7jkGSGPzhY;#cmqqg{U)4Z1m4`_wFT)6@
zvB0r(LUK6zdPP%6B7~D-cnViBHxV&m2EaTAr+kB@?|+594=-Jq5-)K0T_jNrlw0r5
zO|Y&fHB>qyzs&x8EBi27W<qADM-J$ag#=tLK59=K=#%u+XLB6XH!V8n36<&GLw<Zt
zD(>#hMEgO1YELfpv6vAxsL3vjPLWPtJuHZ_Z6d;IBXNpcVnfqjV}YoN`;NCp_W1a;
zb#3~tPT{YAu9zaA;B=APXVv{Hanme@5AF#y<@&^~(~+^PD2?gYzDcCCwojyn#*_9E
z+k1#OT6Xr8u+wy^;80e3LA@Bul9||@_cjdH@T%b68`zB;nD)<E`(AvDjt#yTBI4oc
lABgX8s?5Wg_gm?&Je6by#o=1CD@%x2p(_YpYZ~Mt-{vv?YlQ#+

literal 0
HcmV?d00001

diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml
index c02ec9b3a4..cccdbde5a0 100644
--- a/.github/workflows/build-release.yml
+++ b/.github/workflows/build-release.yml
@@ -14,7 +14,7 @@ jobs:
     uses: ./.github/workflows/e2e-win.yml
 
   build-linux:
-    needs: run-e2e-tests-linux
+    # needs: run-e2e-tests-linux
     runs-on: ubuntu-22.04
     if: |
       startsWith(github.ref, 'refs/tags/quiet')
@@ -86,7 +86,7 @@ jobs:
           asset_content_type: application/.AppImage
 
   build-macos:
-    needs: run-e2e-tests-mac
+    # needs: run-e2e-tests-mac
     runs-on: macos-latest
     if: |
       startsWith(github.ref, 'refs/tags/quiet')
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 0000000000..090aaa8b24
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,73 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: ["develop"]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: ["develop"]
+  schedule:
+    - cron: "0 0 * * 1"
+
+permissions:
+  contents: read
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["javascript", "python", "ruby", "typescript"]
+        # CodeQL supports [ $supported-codeql-languages ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
+
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+      #   If the Autobuild fails above, remove it and uncomment the following three lines.
+      #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+      # - run: |
+      #   echo "Run, Build Application using script"
+      #   ./location_of_script_within_repo/buildscript.sh
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
+        with:
+          category: "/language:${{matrix.language}}"
\ No newline at end of file
diff --git a/.github/workflows/depencency-review.yml b/.github/workflows/depencency-review.yml
new file mode 100644
index 0000000000..23044f791b
--- /dev/null
+++ b/.github/workflows/depencency-review.yml
@@ -0,0 +1,22 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Request,
+# surfacing known-vulnerable versions of the packages declared or updated in the PR.
+# Once installed, if the workflow run is marked as required,
+# PRs introducing known-vulnerable packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c # v2.5.1
\ No newline at end of file
diff --git a/.github/workflows/deploy-android.yaml b/.github/workflows/deploy-android.yaml
index 2f5ca63eed..881fa11bb1 100644
--- a/.github/workflows/deploy-android.yaml
+++ b/.github/workflows/deploy-android.yaml
@@ -63,14 +63,13 @@ jobs:
       - name: "Build for Android"
         run: cd ./packages/mobile/android && ENVFILE=../.env.production ./gradlew bundleStandardRelease
 
-      # Temporary disable, failing on CI
-      # - name: "Upload Artifact"
-      #   continue-on-error: true
-      #   uses: actions/upload-artifact@v2
-      #   with:
-      #     name: app-standard-release.aab
-      #     path: ./packages/mobile/android/app/build/outputs/bundle/standardRelease/app-standard-release.aab
-      #     retention-days: 5
+      - name: "Upload Artifact"
+        continue-on-error: true
+        uses: actions/upload-artifact@v2
+        with:
+          name: app-standard-release.aab
+          path: ./packages/mobile/android/app/build/outputs/bundle/standardRelease/app-standard-release.aab
+          retention-days: 5
 
       - name: "Configure Google Play upload"
         run: |
@@ -79,7 +78,7 @@ jobs:
           echo ${{ SECRETS.SERVICE_ACCOUNT_JSON }} | base64 --decode > google-play.json
       
       - name: "Upload to Google Play"
-        uses: r0adkll/upload-google-play@v1.0.17
+        uses: r0adkll/upload-google-play@v1.1.2
         with:
           serviceAccountJson: google-play.json
           packageName: com.quietmobile
@@ -87,4 +86,3 @@ jobs:
           status: completed
           track: internal
           whatsNewDirectory: distribution/whatsnew
-          changesNotSentForReview: true
diff --git a/.github/workflows/e2e-linux.yml b/.github/workflows/e2e-linux.yml
index 1756069a6c..e2dd29f39a 100644
--- a/.github/workflows/e2e-linux.yml
+++ b/.github/workflows/e2e-linux.yml
@@ -64,20 +64,20 @@ jobs:
         uses: nick-fields/retry@v2
         with:
           timeout_minutes: 25
-          max_attempts: 3
+          max_attempts: 1
           command: cd packages/e2e-tests && npm run test invitationLink.test.ts
 
-      # - name: Download App Image 1.2.0
-      #   working-directory: ./packages/e2e-tests/Quiet
-      #   run: curl -LO https://github.com/TryQuiet/quiet/releases/download/quiet%401.2.0/Quiet-1.2.0.AppImage
+      - name: Download App Image 1.2.0
+        working-directory: ./packages/e2e-tests/Quiet
+        run: curl -LO https://github.com/TryQuiet/quiet/releases/download/quiet%401.2.0/Quiet-1.2.0.AppImage
 
-      # - name: Chmod App Image 1.2.0
-      #   working-directory: ./packages/e2e-tests/Quiet
-      #   run: chmod +x Quiet-1.2.0.AppImage
+      - name: Chmod App Image 1.2.0
+        working-directory: ./packages/e2e-tests/Quiet
+        run: chmod +x Quiet-1.2.0.AppImage
         
-      # - name: Run Backwards Compatibility test
-      #   uses: nick-fields/retry@v2
-      #   with:
-      #     timeout_minutes: 15
-      #     max_attempts: 3
-      #     command: cd packages/e2e-tests && npm run test backwardsCompatibility.test.ts
\ No newline at end of file
+      - name: Run Backwards Compatibility test
+        uses: nick-fields/retry@v2
+        with:
+          timeout_minutes: 15
+          max_attempts: 3
+          command: cd packages/e2e-tests && npm run test backwardsCompatibility.test.ts
\ No newline at end of file
diff --git a/.github/workflows/e2e-win.yml b/.github/workflows/e2e-win.yml
index d03967a883..9f3fa52e37 100644
--- a/.github/workflows/e2e-win.yml
+++ b/.github/workflows/e2e-win.yml
@@ -4,7 +4,9 @@ on: [workflow_call]
 jobs:
   windows:
     runs-on: windows-2019
+    
     timeout-minutes: 180
+
     env:
       ELECTRON_CUSTOM_VERSION: 23.0.0
       TEST_MODE: true

From 03105fe934df93d639accc1c64cd0f1996b45e07 Mon Sep 17 00:00:00 2001
From: Lucas Leblow <lucas@quiet.chat>
Date: Mon, 25 Sep 2023 10:24:10 -0600
Subject: [PATCH 2/2] Hotfix for file download vulnerability

A malicious user can overwrite another user's files if they supply a
filename that escapes the download directory (e.g.
../../../profile.sh). Prevent this by using UUIDs for filenames for
now and revisit this in the future.
---
 .../ipfs-file-manager.service.ts               | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/packages/backend/src/nest/ipfs-file-manager/ipfs-file-manager.service.ts b/packages/backend/src/nest/ipfs-file-manager/ipfs-file-manager.service.ts
index 31c5a9a538..b8cb12a034 100644
--- a/packages/backend/src/nest/ipfs-file-manager/ipfs-file-manager.service.ts
+++ b/packages/backend/src/nest/ipfs-file-manager/ipfs-file-manager.service.ts
@@ -2,6 +2,7 @@ import { Inject, Injectable } from '@nestjs/common'
 import { EventEmitter, setMaxListeners } from 'events'
 import fs from 'fs'
 import path from 'path'
+import crypto from 'crypto'
 import PQueue, { AbortError } from 'p-queue'
 import { decode, PBNode } from '@ipld/dag-pb'
 import * as base58 from 'multiformats/bases/base58'
@@ -433,13 +434,20 @@ export class IpfsFileManagerService extends EventEmitter {
   private async assemblyFile(fileMetadata: FileMetadata) {
     const _CID = CID.parse(fileMetadata.cid)
 
-    const downloadDirectory = path.join(this.quietDir, 'downloads', fileMetadata.cid)
+    const downloadDirectory = path.join(this.quietDir, 'downloads')
     createPaths([downloadDirectory])
 
-    const fileName = fileMetadata.name + fileMetadata.ext
-    const filePath = `${path.join(downloadDirectory, fileName)}`
-
-    const writeStream = fs.createWriteStream(filePath)
+    // As a quick fix, using a UUID for filename ensures that we never
+    // save a file with a malicious filename. Perhaps it's also
+    // possible to use the CID, however let's verify that first.
+    let fileName: string
+    let filePath: string
+    do {
+      fileName = crypto.randomUUID()
+      filePath = `${path.join(downloadDirectory, fileName)}`
+    } while (fs.existsSync(filePath))
+
+    const writeStream = fs.createWriteStream(filePath, { flags: 'wx' })
 
     const entries = this.ipfs.cat(_CID)