From a5d75529921a14bee833912c6b3c1283aed1f21d Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Thu, 25 May 2023 09:35:35 +0200
Subject: [PATCH 001/330] [Fixes #11100] Bump to Geoserver 2.23.1 (#11104)

* Bump to Geoserver 2.23.1

* fixed typo
---
 dev_config.yml                      | 4 ++--
 docker-compose-geoserver-server.yml | 4 ++--
 docker-compose-test.yml             | 4 ++--
 docker-compose.yml                  | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/dev_config.yml b/dev_config.yml
index 3fa02cd768e..b6c89644210 100644
--- a/dev_config.yml
+++ b/dev_config.yml
@@ -1,6 +1,6 @@
 ---
-GEOSERVER_URL: "https://artifacts.geonode.org/geoserver/2.23.0/geoserver.war"
-DATA_DIR_URL: "https://artifacts.geonode.org/geoserver/2.23.0/geonode-geoserver-ext-web-app-data.zip"
+GEOSERVER_URL: "https://artifacts.geonode.org/geoserver/2.23.1/geoserver.war"
+DATA_DIR_URL: "https://artifacts.geonode.org/geoserver/2.23.1/geonode-geoserver-ext-web-app-data.zip"
 JETTY_RUNNER_URL: "https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-runner/9.4.31.v20200723/jetty-runner-9.4.31.v20200723.jar"
 WINDOWS:
   py2exe: "http://downloads.sourceforge.net/project/py2exe/py2exe/0.6.9/py2exe-0.6.9.win32-py2.7.exe"
diff --git a/docker-compose-geoserver-server.yml b/docker-compose-geoserver-server.yml
index 10785a5794a..8dfc08b06c0 100644
--- a/docker-compose-geoserver-server.yml
+++ b/docker-compose-geoserver-server.yml
@@ -2,7 +2,7 @@ version: '2.2'
 services:
 
   data-dir-conf:
-    image: geonode/geoserver_data:2.23.0
+    image: geonode/geoserver_data:2.23.1
     restart: on-failure
     container_name: gsconf4${COMPOSE_PROJECT_NAME}
     labels:
@@ -13,7 +13,7 @@ services:
       - geoserver-data-dir:/geoserver_data/data
 
   geoserver:
-    image: geonode/geoserver:2.23.0
+    image: geonode/geoserver:2.23.1
     restart: unless-stopped
     container_name: geoserver4${COMPOSE_PROJECT_NAME}
     stdin_open: true
diff --git a/docker-compose-test.yml b/docker-compose-test.yml
index de398f099a7..9fed05cbb8d 100644
--- a/docker-compose-test.yml
+++ b/docker-compose-test.yml
@@ -89,7 +89,7 @@ services:
 
   # Geoserver backend
   geoserver:
-    image: geonode/geoserver:2.23.0
+    image: geonode/geoserver:2.23.1
     container_name: geoserver4${COMPOSE_PROJECT_NAME}
     healthcheck:
       test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://127.0.0.1:8080/geoserver/ows"
@@ -113,7 +113,7 @@ services:
         condition: service_healthy
 
   data-dir-conf:
-    image: geonode/geoserver_data:2.23.0
+    image: geonode/geoserver_data:2.23.1
     container_name: gsconf4${COMPOSE_PROJECT_NAME}
     entrypoint: sleep infinity
     volumes:
diff --git a/docker-compose.yml b/docker-compose.yml
index a4fc63d9b88..5bf831b1ff5 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -89,7 +89,7 @@ services:
 
   # Geoserver backend
   geoserver:
-    image: geonode/geoserver:2.23.0
+    image: geonode/geoserver:2.23.1
     container_name: geoserver4${COMPOSE_PROJECT_NAME}
     healthcheck:
       test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://127.0.0.1:8080/geoserver/ows"
@@ -113,7 +113,7 @@ services:
         condition: service_healthy
 
   data-dir-conf:
-    image: geonode/geoserver_data:2.23.0
+    image: geonode/geoserver_data:2.23.1
     container_name: gsconf4${COMPOSE_PROJECT_NAME}
     entrypoint: sleep infinity
     volumes:

From 82ca860929d209e690b781d0cdc0bdd6fb19e1a7 Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Thu, 25 May 2023 09:36:44 +0200
Subject: [PATCH 002/330] Add geotiff to supported raster type (#11106)

---
 geonode/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/geonode/settings.py b/geonode/settings.py
index 1854dc875ea..d408093575b 100644
--- a/geonode/settings.py
+++ b/geonode/settings.py
@@ -2226,7 +2226,7 @@ def get_geonode_catalogue_service():
         "id": "tiff",
         "label": "GeoTIFF",
         "format": "raster",
-        "ext": ["tiff", "tif"],
+        "ext": ["tiff", "tif", "geotiff", "geotif"],
         "mimeType": ["image/tiff"],
         "optional": ["xml", "sld"],
     },

From 100a46e6a23a121edf54096c8c3c9a321c2c35b0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 25 May 2023 10:23:00 +0200
Subject: [PATCH 003/330] Bump requests from 2.30.0 to 2.31.0 (#11099)

* Bump requests from 2.30.0 to 2.31.0

Bumps [requests](https://github.com/psf/requests) from 2.30.0 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.30.0...v2.31.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* [Dependencies] Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index f7098bfac67..c5aca3b8542 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -127,7 +127,7 @@ jdcal==1.4.1
 mock<6.0.0
 python-dateutil==2.8.2
 pytz==2023.3
-requests==2.30.0
+requests==2.31.0
 timeout-decorator==0.5.0
 pylibmc==1.6.3
 sherlock==0.4.1
diff --git a/setup.cfg b/setup.cfg
index a4fb936d3fe..bccde3e9be0 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -152,7 +152,7 @@ install_requires =
     mock<6.0.0
     python-dateutil==2.8.2
     pytz==2023.3
-    requests==2.30.0
+    requests==2.31.0
     timeout-decorator==0.5.0
     pylibmc==1.6.3
     sherlock==0.4.1

From 76f14f8c4fb69247e3ac4665d64d0be7feada604 Mon Sep 17 00:00:00 2001
From: Snyk bot <snyk-bot@snyk.io>
Date: Thu, 25 May 2023 09:23:34 +0100
Subject: [PATCH 004/330] [Snyk] Security upgrade requests from 2.30.0 to
 2.31.0 (#11103)

* fix: requirements.txt to reduce vulnerabilities


The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532

* [Dependencies] Align setup.cfg to requirements.txt

---------

Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>

From 83703e8f5b442802fa18091319d1601be6fdb64f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 25 May 2023 10:25:11 +0200
Subject: [PATCH 005/330] Bump geoserver-restconfig from 2.0.8 to 2.0.9
 (#11087)

* Bump geoserver-restconfig from 2.0.8 to 2.0.9

Bumps [geoserver-restconfig](https://github.com/GeoNode/geoserver-restconfig) from 2.0.8 to 2.0.9.
- [Release notes](https://github.com/GeoNode/geoserver-restconfig/releases)
- [Changelog](https://github.com/GeoNode/geoserver-restconfig/blob/master/CHANGELOG.md)
- [Commits](https://github.com/GeoNode/geoserver-restconfig/commits)

---
updated-dependencies:
- dependency-name: geoserver-restconfig
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* [Dependencies] Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index c5aca3b8542..d5536a6c91e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -97,7 +97,7 @@ geonode-user-messages==2.0.2
 geonode-announcements==2.0.2
 geonode-django-activity-stream==0.10.0
 gn-arcrest==10.5.5
-geoserver-restconfig==2.0.8
+geoserver-restconfig==2.0.9
 gn-gsimporter==2.0.4
 gisdata==0.5.4
 
diff --git a/setup.cfg b/setup.cfg
index bccde3e9be0..646f931d19c 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -122,7 +122,7 @@ install_requires =
     geonode-announcements==2.0.2
     geonode-django-activity-stream==0.10.0
     gn-arcrest==10.5.5
-    geoserver-restconfig==2.0.8
+    geoserver-restconfig==2.0.9
     gn-gsimporter==2.0.4
     gisdata==0.5.4
 

From 65e580cfd877d9ccd810003e6fa221e1f667a2dc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 25 May 2023 10:25:42 +0200
Subject: [PATCH 006/330] Bump owslib from 0.29.1 to 0.29.2 (#11092)

* Bump owslib from 0.29.1 to 0.29.2

Bumps [owslib](https://github.com/geopython/OWSLib) from 0.29.1 to 0.29.2.
- [Release notes](https://github.com/geopython/OWSLib/releases)
- [Commits](https://github.com/geopython/OWSLib/compare/0.29.1...0.29.2)

---
updated-dependencies:
- dependency-name: owslib
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* [Dependencies] Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index d5536a6c91e..d88f97b7f8f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -54,7 +54,7 @@ pyjwt==2.7.0
 
 # geopython dependencies
 pyproj<3.6.0
-OWSLib==0.29.1
+OWSLib==0.29.2
 pycsw==2.6.1
 SQLAlchemy==2.0.13 # required by PyCSW
 Shapely==1.8.5.post1
diff --git a/setup.cfg b/setup.cfg
index 646f931d19c..23a9956d24c 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -80,7 +80,7 @@ install_requires =
 
     # geopython dependencies
     pyproj<3.6.0
-    OWSLib==0.29.1
+    OWSLib==0.29.2
     pycsw==2.6.1
     SQLAlchemy==2.0.13 # required by PyCSW
     Shapely==1.8.5.post1

From f3ddb105417c2f2d9fc5492a3f5fe63ce09ee183 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 25 May 2023 10:34:42 +0200
Subject: [PATCH 007/330] Bump invoke from 2.1.1 to 2.1.2 (#11089)

* Bump invoke from 2.1.1 to 2.1.2

Bumps [invoke](https://github.com/pyinvoke/invoke) from 2.1.1 to 2.1.2.
- [Commits](https://github.com/pyinvoke/invoke/compare/2.1.1...2.1.2)

---
updated-dependencies:
- dependency-name: invoke
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* [Dependencies] Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index d88f97b7f8f..163298b53d9 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -147,7 +147,7 @@ uWSGI==2.0.21
 gunicorn==20.1.0
 ipython==8.13.2
 docker==6.1.2
-invoke==2.1.1
+invoke==2.1.2
 
 # tests
 coverage==7.2.5
diff --git a/setup.cfg b/setup.cfg
index 23a9956d24c..ad6bc2d61f6 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -172,7 +172,7 @@ install_requires =
     gunicorn==20.1.0
     ipython==8.13.2
     docker==6.1.2
-    invoke==2.1.1
+    invoke==2.1.2
 
     # tests
     coverage==7.2.5

From 6d8fe4337ce78bcee53a0c39bf7e70fefb50e1e0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 25 May 2023 10:35:29 +0200
Subject: [PATCH 008/330] Update setuptools requirement from <67.8.0,>=59.1.1
 to >=59.1.1,<67.9.0 (#11091)

* Update setuptools requirement from <67.8.0,>=59.1.1 to >=59.1.1,<67.9.0

Updates the requirements on [setuptools](https://github.com/pypa/setuptools) to permit the latest version.
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/CHANGES.rst)
- [Commits](https://github.com/pypa/setuptools/compare/v65.5.1...v67.8.0)

---
updated-dependencies:
- dependency-name: setuptools
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* [Dependencies] Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 163298b53d9..f6e9025df4d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -159,7 +159,7 @@ pytest-bdd==6.1.1
 splinter==0.19.0
 pytest-splinter==3.3.2
 pytest-django==4.5.2
-setuptools>=59.1.1,<67.8.0
+setuptools>=59.1.1,<67.9.0
 pip==23.1.2
 Twisted==22.10.0
 pixelmatch==0.3.0
diff --git a/setup.cfg b/setup.cfg
index ad6bc2d61f6..f0c8c5aaef5 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -184,7 +184,7 @@ install_requires =
     splinter==0.19.0
     pytest-splinter==3.3.2
     pytest-django==4.5.2
-    setuptools>=59.1.1,<67.8.0
+    setuptools>=59.1.1,<67.9.0
     pip==23.1.2
     Twisted==22.10.0
     pixelmatch==0.3.0

From 32cda5beff8ce65716fa2be71a60e857f2a78ae6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 25 May 2023 10:37:26 +0200
Subject: [PATCH 009/330] Bump wandb from 0.15.2 to 0.15.3 (#11090)

* Bump wandb from 0.15.2 to 0.15.3

Bumps [wandb](https://github.com/wandb/wandb) from 0.15.2 to 0.15.3.
- [Release notes](https://github.com/wandb/wandb/releases)
- [Changelog](https://github.com/wandb/wandb/blob/main/CHANGELOG.md)
- [Commits](https://github.com/wandb/wandb/compare/v0.15.2...v0.15.3)

---
updated-dependencies:
- dependency-name: wandb
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* [Dependencies] Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index f6e9025df4d..3f22f1e269c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -171,7 +171,7 @@ webdriver_manager==3.8.6
 
 # Security and audit
 mistune==2.0.5
-wandb==0.15.2
+wandb==0.15.3
 protobuf==3.20.3
 mako==1.2.4
 certifi>=2022.12.7 # not directly required, pinned by Snyk to avoid a vulnerability
diff --git a/setup.cfg b/setup.cfg
index f0c8c5aaef5..bf8979de6be 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -196,7 +196,7 @@ install_requires =
 
     # Security and audit
     mistune==2.0.5
-    wandb==0.15.2
+    wandb==0.15.3
     protobuf==3.20.3
     mako==1.2.4
     certifi>=2022.12.7 # not directly required, pinned by Snyk to avoid a vulnerability

From 1fa0e2ddde190f490e67ddb45c16f7bddac2a033 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 25 May 2023 10:37:42 +0200
Subject: [PATCH 010/330] Bump boto3 from 1.26.133 to 1.26.137 (#11086)

* Bump boto3 from 1.26.133 to 1.26.137

Bumps [boto3](https://github.com/boto/boto3) from 1.26.133 to 1.26.137.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.26.133...1.26.137)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* [Dependencies] Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 3f22f1e269c..538b9b6d093 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -113,7 +113,7 @@ django-storages==1.13.2
 dropbox==11.36.0
 google-cloud-storage==2.9.0
 google-cloud-core==2.3.2
-boto3==1.26.133
+boto3==1.26.137
 
 # Django Caches
 python-memcached<=1.59
diff --git a/setup.cfg b/setup.cfg
index bf8979de6be..24b27b2e9c2 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -138,7 +138,7 @@ install_requires =
     dropbox==11.36.0
     google-cloud-storage==2.9.0
     google-cloud-core==2.3.2
-    boto3==1.26.133
+    boto3==1.26.137
 
     # Django Caches
     python-memcached<=1.59

From 3fbdad0e340763b131123225d1a6d5e9c7cf8e68 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 25 May 2023 10:38:01 +0200
Subject: [PATCH 011/330] Bump sqlalchemy from 2.0.13 to 2.0.15 (#11088)

* Bump sqlalchemy from 2.0.13 to 2.0.15

Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.13 to 2.0.15.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

---
updated-dependencies:
- dependency-name: sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* [Dependencies] Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 538b9b6d093..a911b3db9e2 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -56,7 +56,7 @@ pyjwt==2.7.0
 pyproj<3.6.0
 OWSLib==0.29.2
 pycsw==2.6.1
-SQLAlchemy==2.0.13 # required by PyCSW
+SQLAlchemy==2.0.15 # required by PyCSW
 Shapely==1.8.5.post1
 mercantile==1.2.1
 geoip2==4.7.0
diff --git a/setup.cfg b/setup.cfg
index 24b27b2e9c2..cbd06ed72ea 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -82,7 +82,7 @@ install_requires =
     pyproj<3.6.0
     OWSLib==0.29.2
     pycsw==2.6.1
-    SQLAlchemy==2.0.13 # required by PyCSW
+    SQLAlchemy==2.0.15 # required by PyCSW
     Shapely==1.8.5.post1
     mercantile==1.2.1
     geoip2==4.7.0

From 927a302bb4494a3d7dce5c829d7c6a646247704c Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Thu, 25 May 2023 16:36:02 +0200
Subject: [PATCH 012/330] Remove doc_file and file_path from document
 serializer (#11117)

---
 geonode/documents/api/serializers.py |  7 +++++++
 geonode/documents/api/tests.py       | 15 ++++++++++-----
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/geonode/documents/api/serializers.py b/geonode/documents/api/serializers.py
index 7fdeb0ad990..dc11cb201f5 100644
--- a/geonode/documents/api/serializers.py
+++ b/geonode/documents/api/serializers.py
@@ -61,3 +61,10 @@ class Meta:
             "doc_url",
             "metadata",
         )
+
+    def to_representation(self, obj):
+        _doc = super(DocumentSerializer, self).to_representation(obj)
+        # better to hide internal server file path
+        _doc.pop("file_path")
+        _doc.pop("doc_file")
+        return _doc
diff --git a/geonode/documents/api/tests.py b/geonode/documents/api/tests.py
index e480cdfd3be..dbb3b13588b 100644
--- a/geonode/documents/api/tests.py
+++ b/geonode/documents/api/tests.py
@@ -16,7 +16,6 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 #########################################################################
-import os
 import logging
 
 from django.contrib.auth import get_user_model
@@ -139,14 +138,20 @@ def test_creation_should_create_the_doc(self):
         }
         actual = self.client.post(self.url, data=payload, format="json")
         self.assertEqual(201, actual.status_code)
-        cloned_path = actual.json().get("document", {}).get("file_path", "")[0]
         extension = actual.json().get("document", {}).get("extension", "")
-        self.assertTrue(os.path.exists(cloned_path))
         self.assertEqual("xml", extension)
         self.assertTrue(Document.objects.filter(title="New document for testing").exists())
 
-        if cloned_path:
-            os.remove(cloned_path)
+    def test_file_path_and_doc_path_are_not_returned(self):
+        """
+        If file_path and doc_path should not be visible
+        from the GET payload
+        """
+        actual = self.client.get(self.url)
+        self.assertEqual(200, actual.status_code)
+        _doc_payload = actual.json().get("document", {})
+        self.assertFalse("file_path" in _doc_payload)
+        self.assertFalse("doc_path" in _doc_payload)
 
     def test_creation_from_url_should_create_the_doc(self):
         """

From 842310855ca8758d86eb00ca5cce9741f7e3ae86 Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Thu, 25 May 2023 16:36:51 +0200
Subject: [PATCH 013/330] change importer released version (#11076)

* change importer released version

* Update setup.cfg

---------

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 setup.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.cfg b/setup.cfg
index cbd06ed72ea..46cefd95511 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -115,7 +115,7 @@ install_requires =
 
     # GeoNode org maintained apps.
     django-geonode-mapstore-client>=4.0.5,<5.0.0
-    geonode-importer>=1.0.0
+    geonode-importer>=1.0.2
     geonode-avatar==5.0.8
     geonode-oauth-toolkit==2.2.2
     geonode-user-messages==2.0.2

From a66bef9bb776f5b1a6e6ae6b9c7ff90af27c0d3a Mon Sep 17 00:00:00 2001
From: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Fri, 26 May 2023 09:21:53 +0200
Subject: [PATCH 014/330] fix: scripts/docker/nginx/Dockerfile to reduce
 vulnerabilities (#11122)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE317-CURL-3320725
- https://snyk.io/vuln/SNYK-ALPINE317-CURL-3320725
- https://snyk.io/vuln/SNYK-ALPINE317-CURL-3364764
- https://snyk.io/vuln/SNYK-ALPINE317-CURL-3364764
- https://snyk.io/vuln/SNYK-ALPINE317-TIFF-3368766

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
---
 scripts/docker/nginx/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/docker/nginx/Dockerfile b/scripts/docker/nginx/Dockerfile
index 3f8c8027c20..92652f376c6 100644
--- a/scripts/docker/nginx/Dockerfile
+++ b/scripts/docker/nginx/Dockerfile
@@ -1,4 +1,4 @@
-FROM nginx:1.23.3-alpine
+FROM nginx:1-alpine
 
 RUN apk add --no-cache openssl inotify-tools
 

From 4bf0d8a699c2f2fceb35ae5ff67cd289d7aa1a30 Mon Sep 17 00:00:00 2001
From: Emanuele Tajariol <etj@geo-solutions.it>
Date: Tue, 30 May 2023 00:37:23 -0700
Subject: [PATCH 015/330] [Fixes #11129] GWC REST path incorrectly renamed to
 datasets (#11130)

---
 geonode/geoserver/management/commands/set_default_gridsets.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/geonode/geoserver/management/commands/set_default_gridsets.py b/geonode/geoserver/management/commands/set_default_gridsets.py
index 0fcfb51b499..0826b744e57 100644
--- a/geonode/geoserver/management/commands/set_default_gridsets.py
+++ b/geonode/geoserver/management/commands/set_default_gridsets.py
@@ -78,11 +78,11 @@ def handle(self, **options):
                     """
                     curl -v -u admin:geoserver -XPOST \
                         -H "Content-type: text/xml" -d @poi.xml \
-                            "http://localhost:8080/geoserver/gwc/rest/datasets/tiger:poi.xml"
+                            "http://localhost:8080/geoserver/gwc/rest/layers/tiger:poi.xml"
                     """
                     headers = {'Content-type': 'text/xml'}
                     payload = ET.tostring(tree)
-                    r = requests.post(f'{url}gwc/rest/datasets/{layer.typename}.xml',
+                    r = requests.post(f'{url}gwc/rest/layers/{layer.typename}.xml',
                                       headers=headers,
                                       data=payload,
                                       auth=HTTPBasicAuth(user, passwd))

From f90bc73734acc6e319c8c40a4d80d64906a5fa7c Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Thu, 1 Jun 2023 15:04:44 +0200
Subject: [PATCH 016/330] Revert "[Fixes #11100] Bump to Geoserver 2.23.1
 (#11104) (#11107)" (#11135)

This reverts commit 91e68714ecf5bfd3afe9262855337e7f959f752c.
---
 dev_config.yml                      | 4 ++--
 docker-compose-geoserver-server.yml | 4 ++--
 docker-compose-test.yml             | 4 ++--
 docker-compose.yml                  | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/dev_config.yml b/dev_config.yml
index b6c89644210..3fa02cd768e 100644
--- a/dev_config.yml
+++ b/dev_config.yml
@@ -1,6 +1,6 @@
 ---
-GEOSERVER_URL: "https://artifacts.geonode.org/geoserver/2.23.1/geoserver.war"
-DATA_DIR_URL: "https://artifacts.geonode.org/geoserver/2.23.1/geonode-geoserver-ext-web-app-data.zip"
+GEOSERVER_URL: "https://artifacts.geonode.org/geoserver/2.23.0/geoserver.war"
+DATA_DIR_URL: "https://artifacts.geonode.org/geoserver/2.23.0/geonode-geoserver-ext-web-app-data.zip"
 JETTY_RUNNER_URL: "https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-runner/9.4.31.v20200723/jetty-runner-9.4.31.v20200723.jar"
 WINDOWS:
   py2exe: "http://downloads.sourceforge.net/project/py2exe/py2exe/0.6.9/py2exe-0.6.9.win32-py2.7.exe"
diff --git a/docker-compose-geoserver-server.yml b/docker-compose-geoserver-server.yml
index 8dfc08b06c0..10785a5794a 100644
--- a/docker-compose-geoserver-server.yml
+++ b/docker-compose-geoserver-server.yml
@@ -2,7 +2,7 @@ version: '2.2'
 services:
 
   data-dir-conf:
-    image: geonode/geoserver_data:2.23.1
+    image: geonode/geoserver_data:2.23.0
     restart: on-failure
     container_name: gsconf4${COMPOSE_PROJECT_NAME}
     labels:
@@ -13,7 +13,7 @@ services:
       - geoserver-data-dir:/geoserver_data/data
 
   geoserver:
-    image: geonode/geoserver:2.23.1
+    image: geonode/geoserver:2.23.0
     restart: unless-stopped
     container_name: geoserver4${COMPOSE_PROJECT_NAME}
     stdin_open: true
diff --git a/docker-compose-test.yml b/docker-compose-test.yml
index 9fed05cbb8d..de398f099a7 100644
--- a/docker-compose-test.yml
+++ b/docker-compose-test.yml
@@ -89,7 +89,7 @@ services:
 
   # Geoserver backend
   geoserver:
-    image: geonode/geoserver:2.23.1
+    image: geonode/geoserver:2.23.0
     container_name: geoserver4${COMPOSE_PROJECT_NAME}
     healthcheck:
       test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://127.0.0.1:8080/geoserver/ows"
@@ -113,7 +113,7 @@ services:
         condition: service_healthy
 
   data-dir-conf:
-    image: geonode/geoserver_data:2.23.1
+    image: geonode/geoserver_data:2.23.0
     container_name: gsconf4${COMPOSE_PROJECT_NAME}
     entrypoint: sleep infinity
     volumes:
diff --git a/docker-compose.yml b/docker-compose.yml
index 5bf831b1ff5..a4fc63d9b88 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -89,7 +89,7 @@ services:
 
   # Geoserver backend
   geoserver:
-    image: geonode/geoserver:2.23.1
+    image: geonode/geoserver:2.23.0
     container_name: geoserver4${COMPOSE_PROJECT_NAME}
     healthcheck:
       test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://127.0.0.1:8080/geoserver/ows"
@@ -113,7 +113,7 @@ services:
         condition: service_healthy
 
   data-dir-conf:
-    image: geonode/geoserver_data:2.23.1
+    image: geonode/geoserver_data:2.23.0
     container_name: gsconf4${COMPOSE_PROJECT_NAME}
     entrypoint: sleep infinity
     volumes:

From 6887596c9672b2e5b6575e6e40c07b37951f4b8e Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Mon, 5 Jun 2023 15:08:40 +0200
Subject: [PATCH 017/330] [Fixes #11147] Strip port from visitor_ip_address
 (#11148)

* strip port from visitor_ip_address

* gix PEP
---
 geonode/base/auth.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/geonode/base/auth.py b/geonode/base/auth.py
index cfef16bd820..e56d03edb01 100644
--- a/geonode/base/auth.py
+++ b/geonode/base/auth.py
@@ -259,6 +259,8 @@ def visitor_ip_address(request):
         ip = x_forwarded_for.split(",")[0]
     else:
         ip = request.META.get("REMOTE_ADDR")
+    if ip:
+        ip = re.match(r"(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})", ip)[0]
     return ip
 
 

From 5ae4e1818d7544acc6cd9c899dc1e270cb979784 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Thu, 15 Jun 2023 17:23:48 +0200
Subject: [PATCH 018/330] Fix region intersection test (#11167)

---
 geonode/base/fixtures/regions.json | 17 -----------------
 geonode/resource/utils.py          |  2 +-
 2 files changed, 1 insertion(+), 18 deletions(-)

diff --git a/geonode/base/fixtures/regions.json b/geonode/base/fixtures/regions.json
index 9aee734f63f..98e93362e0f 100644
--- a/geonode/base/fixtures/regions.json
+++ b/geonode/base/fixtures/regions.json
@@ -4334,23 +4334,6 @@
       "bbox_y1": 27.454559
     }
   },
-  {
-    "pk": 256,
-    "model": "base.region",
-    "fields": {
-      "rght": 515,
-      "code": "PAC",
-      "name": "Pacific",
-      "parent": null,
-      "level": 1,
-      "lft": 464,
-      "tree_id": 90,
-      "bbox_x0": 139.572356,
-      "bbox_x1": -74.531208,
-      "bbox_y0": -56.267241,
-      "bbox_y1": 62.0215969
-    }
-  },
   {
     "pk": 257,
     "model": "base.region",
diff --git a/geonode/resource/utils.py b/geonode/resource/utils.py
index 83dc56290de..70dda53f921 100644
--- a/geonode/resource/utils.py
+++ b/geonode/resource/utils.py
@@ -489,7 +489,7 @@ def metadata_post_save(instance, *args, **kwargs):
                     poly2 = GEOSGeometry(wkt2, srid=int(srid2[0]))
                     poly2.transform(4326)
 
-                    if poly2.intersection(poly1):
+                    if not poly2.intersection(poly1).empty:
                         regions_to_add.append(region)
                     if region.level == 0 and region.parent is None:
                         global_regions.append(region)

From 2c1e886c581466aaec9245e8ecb93fa713fdf1ef Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Tue, 20 Jun 2023 18:29:52 +0200
Subject: [PATCH 019/330] [Fixes #11171] Fix calculation of wkt for regions
 crossing the dateline (#11172)

* Fix region wkt calculation when crossing dateline

* simplification

* fix PEP8

* fix failing test

* fixed wrong local path for fixtures

* restore test

* Keep WKT for regions not across IDL return Polygon
---
 geonode/base/fixtures/regions.json | 17 ++++++++
 geonode/tests/test_utils.py        | 69 +++++++++++++++++++++++++++++-
 geonode/utils.py                   | 39 ++++++++++++++++-
 3 files changed, 121 insertions(+), 4 deletions(-)

diff --git a/geonode/base/fixtures/regions.json b/geonode/base/fixtures/regions.json
index 98e93362e0f..0392627eb0e 100644
--- a/geonode/base/fixtures/regions.json
+++ b/geonode/base/fixtures/regions.json
@@ -4334,6 +4334,23 @@
       "bbox_y1": 27.454559
     }
   },
+  {
+    "pk": 256,
+    "model": "base.region",
+    "fields": {
+      "rght": 515,
+      "code": "PAC",
+      "name": "Pacific",
+      "parent": null,
+      "level": 1,
+      "lft": 464,
+      "tree_id": 90,
+      "bbox_x0": 112.921112,
+      "bbox_x1": -108.87291,
+      "bbox_y0": -54.640301,
+      "bbox_y1": 20.41712
+    }
+  },
   {
     "pk": 257,
     "model": "base.region",
diff --git a/geonode/tests/test_utils.py b/geonode/tests/test_utils.py
index 5132195b821..15b7cf2ef88 100644
--- a/geonode/tests/test_utils.py
+++ b/geonode/tests/test_utils.py
@@ -28,7 +28,7 @@
 from unittest.mock import patch
 from datetime import datetime, timedelta
 
-from django.contrib.gis.geos import Polygon
+from django.contrib.gis.geos import GEOSGeometry, Polygon
 from django.contrib.auth import get_user_model
 from django.core.management import call_command
 
@@ -37,7 +37,7 @@
 from geonode.geoserver.helpers import set_attributes
 from geonode.tests.base import GeoNodeBaseTestSupport
 from geonode.br.management.commands.utils.utils import ignore_time
-from geonode.utils import copy_tree, fixup_shp_columnnames, get_supported_datasets_file_types, unzip_file
+from geonode.utils import copy_tree, fixup_shp_columnnames, get_supported_datasets_file_types, unzip_file, bbox_to_wkt
 from geonode import settings
 
 
@@ -286,3 +286,68 @@ def test_should_replace_the_type_id_if_already_exists(self):
         self.assertEqual(len(supported_keys), prev_count)
         shp_type = [t for t in supported_types if t["id"] == "shp"][0]
         self.assertEqual(shp_type["label"], "Replaced type")
+
+
+class TestRegionsCrossingDateLine(TestCase):
+    def setUp(self):
+        self.test_region_coords = [
+            [112.921111999999994, -108.872910000000005, -54.640301000000001, 20.417120000000001],  # Pacific
+            [174.866196000000002, -178.203156000000007, -21.017119999999998, -12.466220000000000],  # Fiji
+            [158.418335000000013, -150.208359000000002, -11.437030000000000, 4.719560000000000],  # Kiribati
+            [165.883803999999998, -175.987198000000006, -52.618591000000002, -29.209969999999998],  # New Zeland
+        ]
+
+        self.region_across_idl = [
+            112.921111999999994,
+            -108.872910000000005,
+            -54.640301000000001,
+            20.417120000000001,
+        ]  # Pacific
+        self.region_not_across_idl = [
+            -31.266000999999999,
+            39.869301000000000,
+            27.636310999999999,
+            81.008797000000001,
+        ]  # Europe
+
+        self.dataset_crossing = GEOSGeometry(
+            "POLYGON ((-179.30100799101168718 -17.31310259828852693, -170.41740336774466869 -9.63481116511300328, -164.30155495876181249 -19.7237289784715415, \
+            -177.91712988386967709 -30.43762400150689018, -179.30100799101168718 -17.31310259828852693))",
+            srid=4326,
+        )
+        self.dataset_not_crossing = GEOSGeometry(
+            "POLYGON ((-41.86461347546176626 5.43160371103088835, 34.20404118809119609 4.3602142087273279, 9.56208263510924894 -48.8521310723496498,  \
+            -42.22174330956295307 -32.42415870369499942, -41.86461347546176626 5.43160371103088835))",
+            srid=4326,
+        )
+
+    def test_region_across_dateline_do_not_intersect_areas_outside(self):
+        for i, region_coords in enumerate(self.test_region_coords):
+            geographic_bounding_box = bbox_to_wkt(
+                region_coords[0], region_coords[1], region_coords[2], region_coords[3]
+            )
+            _, wkt = geographic_bounding_box.split(";")
+            poly = GEOSGeometry(wkt, srid=4326)
+
+            self.assertFalse(
+                poly.intersection(self.dataset_crossing).empty, f"True intersection not detected for region {i}"
+            )
+            self.assertTrue(poly.intersection(self.dataset_not_crossing).empty, "False intersection detected")
+
+    def test_region_wkt_multipolygon_if_across_idl(self):
+        bbox_across_idl = bbox_to_wkt(
+            self.region_not_across_idl[0],
+            self.region_not_across_idl[1],
+            self.region_not_across_idl[2],
+            self.region_not_across_idl[3],
+        )
+        _, wkt = bbox_across_idl.split(";")
+        poly = GEOSGeometry(wkt, srid=4326)
+        self.assertEqual(poly.geom_type, "Polygon", f"Expexted 'Polygon' type but received {poly.geom_type}")
+
+        bbox_across_idl = bbox_to_wkt(
+            self.region_across_idl[0], self.region_across_idl[1], self.region_across_idl[2], self.region_across_idl[3]
+        )
+        _, wkt = bbox_across_idl.split(";")
+        poly = GEOSGeometry(wkt, srid=4326)
+        self.assertEqual(poly.geom_type, "MultiPolygon", f"Expexted 'MultiPolygon' type but received {poly.geom_type}")
diff --git a/geonode/utils.py b/geonode/utils.py
index b7f82fbeaa0..3c83c824db8 100755
--- a/geonode/utils.py
+++ b/geonode/utils.py
@@ -496,9 +496,44 @@ def bbox_to_wkt(x0, x1, y0, y1, srid="4326", include_srid=True):
     if srid and str(srid).startswith("EPSG:"):
         srid = srid[5:]
     if None not in {x0, x1, y0, y1}:
-        wkt = "POLYGON(({:f} {:f},{:f} {:f},{:f} {:f},{:f} {:f},{:f} {:f}))".format(
-            float(x0), float(y0), float(x0), float(y1), float(x1), float(y1), float(x1), float(y0), float(x0), float(y0)
+        polys = []
+
+        # We assume that if x1 is smaller then x0 we're crossing the date line
+        crossing_idl = x1 < x0
+        if crossing_idl:
+            polys.append(
+                [
+                    (float(x0), float(y0)),
+                    (float(x0), float(y1)),
+                    (180.0, float(y1)),
+                    (180.0, float(y0)),
+                    (float(x0), float(y0)),
+                ]
+            )
+            polys.append(
+                [
+                    (-180.0, float(y0)),
+                    (-180.0, float(y1)),
+                    (float(x1), float(y1)),
+                    (float(x1), float(y0)),
+                    (-180.0, float(y0)),
+                ]
+            )
+        else:
+            polys.append(
+                [
+                    (float(x0), float(y0)),
+                    (float(x0), float(y1)),
+                    (float(x1), float(y1)),
+                    (float(x1), float(y0)),
+                    (float(x0), float(y0)),
+                ]
+            )
+
+        poly_wkts = ",".join(
+            ["(({}))".format(",".join(["{:f} {:f}".format(coords[0], coords[1]) for coords in poly])) for poly in polys]
         )
+        wkt = f"MULTIPOLYGON({poly_wkts})" if len(polys) > 1 else f"POLYGON{poly_wkts}"
         if include_srid:
             wkt = f"SRID={srid};{wkt}"
     else:

From c34e4924414c30c15b14ed6ca7627d457a72a5d6 Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Thu, 22 Jun 2023 17:03:50 +0200
Subject: [PATCH 020/330] [Fixes #11188] Make keywords optional when editing a
 resource with the Django Admin (#11189)

---
 geonode/base/admin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/geonode/base/admin.py b/geonode/base/admin.py
index 7b5cbaba581..0f6c4ee859c 100755
--- a/geonode/base/admin.py
+++ b/geonode/base/admin.py
@@ -338,7 +338,7 @@ def keyword_id(self, obj):
 
 
 class ResourceBaseAdminForm(autocomplete.FutureModelForm):
-    keywords = TagField(widget=TaggitSelect2Custom("autocomplete_hierachical_keyword"))
+    keywords = TagField(widget=TaggitSelect2Custom("autocomplete_hierachical_keyword"), required=False)
 
     def delete_queryset(self, request, queryset):
         """

From 661bd7da21e5a7b6fd7447eb6a92e7a831173978 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jun 2023 12:01:31 +0200
Subject: [PATCH 021/330] Bump deprecated from 1.2.13 to 1.2.14 (#11128)

* Bump deprecated from 1.2.13 to 1.2.14

Bumps [deprecated](https://github.com/tantale/deprecated) from 1.2.13 to 1.2.14.
- [Release notes](https://github.com/tantale/deprecated/releases)
- [Changelog](https://github.com/tantale/deprecated/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tantale/deprecated/compare/v1.2.13...v1.2.14)

---
updated-dependencies:
- dependency-name: deprecated
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index a911b3db9e2..6b27ee9f92d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -18,7 +18,7 @@ celery==5.2.7
 kombu==5.2.4
 vine==5.0.0
 tqdm==4.65.0
-Deprecated==1.2.13
+Deprecated==1.2.14
 wrapt==1.15.0
 jsonschema==4.17.3
 zipstream-new==1.1.8
diff --git a/setup.cfg b/setup.cfg
index 46cefd95511..d8deda410a9 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -44,7 +44,7 @@ install_requires =
     kombu==5.2.4
     vine==5.0.0
     tqdm==4.65.0
-    Deprecated==1.2.13
+    Deprecated==1.2.14
     wrapt==1.15.0
     jsonschema==4.17.3
     zipstream-new==1.1.8

From cdfcbc960f26433339a6eeb56751e5ddd3a04c69 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jun 2023 12:01:57 +0200
Subject: [PATCH 022/330] Bump django-cors-headers from 4.0.0 to 4.1.0 (#11177)

* Bump django-cors-headers from 4.0.0 to 4.1.0

Bumps [django-cors-headers](https://github.com/adamchainz/django-cors-headers) from 4.0.0 to 4.1.0.
- [Changelog](https://github.com/adamchainz/django-cors-headers/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/adamchainz/django-cors-headers/compare/4.0.0...4.1.0)

---
updated-dependencies:
- dependency-name: django-cors-headers
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 6b27ee9f92d..6d3fa4788d7 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -134,7 +134,7 @@ sherlock==0.4.1
 
 # required by monitoring
 psutil==5.9.5
-django-cors-headers==4.0.0
+django-cors-headers==4.1.0
 user-agents
 django-user-agents
 xmljson
diff --git a/setup.cfg b/setup.cfg
index d8deda410a9..7d989d43bf5 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -159,7 +159,7 @@ install_requires =
 
     # required by monitoring
     psutil==5.9.5
-    django-cors-headers==4.0.0
+    django-cors-headers==4.1.0
     user-agents
     django-user-agents
     xmljson

From 89ba02a54237cc995ff40d02ada4fd2450a4bdc5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jun 2023 12:02:41 +0200
Subject: [PATCH 023/330] Bump django-select2 from 8.1.1 to 8.1.2 (#11127)

* Bump django-select2 from 8.1.1 to 8.1.2

Bumps [django-select2](https://github.com/codingjoe/django-select2) from 8.1.1 to 8.1.2.
- [Release notes](https://github.com/codingjoe/django-select2/releases)
- [Commits](https://github.com/codingjoe/django-select2/compare/8.1.1...8.1.2)

---
updated-dependencies:
- dependency-name: django-select2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 6d3fa4788d7..46958d03b1c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -67,7 +67,7 @@ numpy==1.24.*
 # Django Apps
 dj-database-url==2.0.0
 dj-pagination==2.5.0
-django-select2==8.1.1
+django-select2==8.1.2
 django-floppyforms<1.10.0
 django-forms-bootstrap<=3.1.0
 django-autocomplete-light==3.5.1
diff --git a/setup.cfg b/setup.cfg
index 7d989d43bf5..4d72c0dc104 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -93,7 +93,7 @@ install_requires =
     # Django Apps
     dj-database-url==2.0.0
     dj-pagination==2.5.0
-    django-select2==8.1.1
+    django-select2==8.1.2
     django-floppyforms<1.10.0
     django-forms-bootstrap<=3.1.0
     django-autocomplete-light==3.5.1

From cfacef8a25d97ad3028538ff907e908eff548145 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jun 2023 12:05:09 +0200
Subject: [PATCH 024/330] Bump drf-spectacular from 0.26.2 to 0.26.3 (#11196)

* Bump drf-spectacular from 0.26.2 to 0.26.3

Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.26.2 to 0.26.3.
- [Release notes](https://github.com/tfranzel/drf-spectacular/releases)
- [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tfranzel/drf-spectacular/compare/0.26.2...0.26.3)

---
updated-dependencies:
- dependency-name: drf-spectacular
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 46958d03b1c..3221c3d01f2 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -80,7 +80,7 @@ djangorestframework-gis==1.0
 djangorestframework-guardian==0.3.0
 drf-extensions==0.7.1
 drf-writable-nested==0.7.0
-drf-spectacular==0.26.2
+drf-spectacular==0.26.3
 dynamic-rest==2.1.2
 Markdown==3.4.3
 
diff --git a/setup.cfg b/setup.cfg
index 4d72c0dc104..3eaab96ce80 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -106,7 +106,7 @@ install_requires =
     djangorestframework-guardian==0.3.0
     drf-extensions==0.7.1
     drf-writable-nested==0.7.0
-    drf-spectacular==0.26.2
+    drf-spectacular==0.26.3
     dynamic-rest==2.1.2
     Markdown==3.4.3
 

From 1a09fd032d5d5198000218cc9c70ae48ad1d6884 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jun 2023 12:07:39 +0200
Subject: [PATCH 025/330] Bump coverage from 7.2.5 to 7.2.7 (#11144)

* Bump coverage from 7.2.5 to 7.2.7

Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.2.5 to 7.2.7.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.2.5...7.2.7)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 3221c3d01f2..57faa8cb5ea 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -150,7 +150,7 @@ docker==6.1.2
 invoke==2.1.2
 
 # tests
-coverage==7.2.5
+coverage==7.2.7
 requests-toolbelt==1.0.0
 flake8==6.0.0
 black==23.3.0
diff --git a/setup.cfg b/setup.cfg
index 3eaab96ce80..4e676f6761e 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -175,7 +175,7 @@ install_requires =
     invoke==2.1.2
 
     # tests
-    coverage==7.2.5
+    coverage==7.2.7
     requests-toolbelt==1.0.0
     flake8==6.0.0
     black==23.3.0

From 6000205c41a631b6a85582b6f3797b99b58c021f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jun 2023 12:08:05 +0200
Subject: [PATCH 026/330] Bump docker from 6.1.2 to 6.1.3 (#11142)

* Bump docker from 6.1.2 to 6.1.3

Bumps [docker](https://github.com/docker/docker-py) from 6.1.2 to 6.1.3.
- [Release notes](https://github.com/docker/docker-py/releases)
- [Commits](https://github.com/docker/docker-py/compare/6.1.2...6.1.3)

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 57faa8cb5ea..b2764ed97a4 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -146,7 +146,7 @@ pycountry
 uWSGI==2.0.21
 gunicorn==20.1.0
 ipython==8.13.2
-docker==6.1.2
+docker==6.1.3
 invoke==2.1.2
 
 # tests
diff --git a/setup.cfg b/setup.cfg
index 4e676f6761e..6479b690cb6 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -171,7 +171,7 @@ install_requires =
     uWSGI==2.0.21
     gunicorn==20.1.0
     ipython==8.13.2
-    docker==6.1.2
+    docker==6.1.3
     invoke==2.1.2
 
     # tests

From 0e19108f5d3428545431b16a8079658cf7caebfc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jun 2023 12:29:14 +0200
Subject: [PATCH 027/330] Bump pathvalidate from 2.5.2 to 3.0.0 (#11125)

* Bump pathvalidate from 2.5.2 to 3.0.0

Bumps [pathvalidate](https://github.com/thombashi/pathvalidate) from 2.5.2 to 3.0.0.
- [Release notes](https://github.com/thombashi/pathvalidate/releases)
- [Commits](https://github.com/thombashi/pathvalidate/compare/v2.5.2...v3.0.0)

---
updated-dependencies:
- dependency-name: pathvalidate
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index b2764ed97a4..cc517bee3d1 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -26,7 +26,7 @@ schema==0.7.5
 rdflib==6.3.2
 smart_open==6.3.0
 PyMuPDF==1.22.3
-pathvalidate==2.5.2
+pathvalidate==3.0.0
 
 # Django Apps
 django-allauth==0.54.0
diff --git a/setup.cfg b/setup.cfg
index 6479b690cb6..af6dbcd1714 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -52,7 +52,7 @@ install_requires =
     rdflib==6.3.2
     smart_open==6.3.0
     PyMuPDF==1.22.3
-    pathvalidate==2.5.2
+    pathvalidate==3.0.0
 
     # Django Apps
     django-allauth==0.54.0

From d6069c2c9a46c19204660146d6edde971b134d06 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jun 2023 12:30:13 +0200
Subject: [PATCH 028/330] Bump mistune from 2.0.5 to 3.0.1 (#11158)

* Bump mistune from 2.0.5 to 3.0.1

Bumps [mistune](https://github.com/lepture/mistune) from 2.0.5 to 3.0.1.
- [Release notes](https://github.com/lepture/mistune/releases)
- [Changelog](https://github.com/lepture/mistune/blob/master/docs/changes.rst)
- [Commits](https://github.com/lepture/mistune/compare/v2.0.5...v3.0.1)

---
updated-dependencies:
- dependency-name: mistune
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index cc517bee3d1..e4b9200b14b 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -170,7 +170,7 @@ selenium-requests==2.0.3
 webdriver_manager==3.8.6
 
 # Security and audit
-mistune==2.0.5
+mistune==3.0.1
 wandb==0.15.3
 protobuf==3.20.3
 mako==1.2.4
diff --git a/setup.cfg b/setup.cfg
index af6dbcd1714..f372baa9f5d 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -195,7 +195,7 @@ install_requires =
     webdriver_manager==3.8.6
 
     # Security and audit
-    mistune==2.0.5
+    mistune==3.0.1
     wandb==0.15.3
     protobuf==3.20.3
     mako==1.2.4

From 1be6ce462905a8a01cde686369683c4dbeefc712 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jun 2023 12:31:17 +0200
Subject: [PATCH 029/330] Bump pyopenssl from 23.1.1 to 23.2.0 (#11141)

* Bump pyopenssl from 23.1.1 to 23.2.0

Bumps [pyopenssl](https://github.com/pyca/pyopenssl) from 23.1.1 to 23.2.0.
- [Changelog](https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/pyopenssl/compare/23.1.1...23.2.0)

---
updated-dependencies:
- dependency-name: pyopenssl
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index e4b9200b14b..9f77d2541a9 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -49,7 +49,7 @@ django-uuid-upload-path==1.0.0
 django-widget-tweaks==1.4.12
 django-sequences==2.7
 oauthlib==3.2.2
-pyopenssl==23.1.1
+pyopenssl==23.2.0
 pyjwt==2.7.0
 
 # geopython dependencies
diff --git a/setup.cfg b/setup.cfg
index f372baa9f5d..4bebe0a333e 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -75,7 +75,7 @@ install_requires =
     django-widget-tweaks==1.4.12
     django-sequences==2.7
     oauthlib==3.2.2
-    pyopenssl==23.1.1
+    pyopenssl==23.2.0
     pyjwt==2.7.0
 
     # geopython dependencies

From 46feab2272fa050e03573ca7a0b18f2abe654d82 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jun 2023 12:32:01 +0200
Subject: [PATCH 030/330] Update numpy requirement from ==1.24.* to ==1.25.*
 (#11176)

* Update numpy requirement from ==1.24.* to ==1.25.*

Updates the requirements on [numpy](https://github.com/numpy/numpy) to permit the latest version.
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](https://github.com/numpy/numpy/compare/v1.24.0rc1...v1.25.0)

---
updated-dependencies:
- dependency-name: numpy
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 9f77d2541a9..6254a0fd423 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -60,7 +60,7 @@ SQLAlchemy==2.0.15 # required by PyCSW
 Shapely==1.8.5.post1
 mercantile==1.2.1
 geoip2==4.7.0
-numpy==1.24.*
+numpy==1.25.*
 
 # # Apps with packages provided in GeoNode's PPA on Launchpad.
 
diff --git a/setup.cfg b/setup.cfg
index 4bebe0a333e..d53cee5d1e4 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -86,7 +86,7 @@ install_requires =
     Shapely==1.8.5.post1
     mercantile==1.2.1
     geoip2==4.7.0
-    numpy==1.24.*
+    numpy==1.25.*
 
     # # Apps with packages provided in GeoNode's PPA on Launchpad.
 

From c271e5049d30f5b9ec703b0bc01a559d6f6cc920 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jun 2023 12:36:21 +0200
Subject: [PATCH 031/330] Update pyproj requirement from <3.6.0 to <3.7.0
 (#11179)

* Update pyproj requirement from <3.6.0 to <3.7.0

Updates the requirements on [pyproj](https://github.com/pyproj4/pyproj) to permit the latest version.
- [Release notes](https://github.com/pyproj4/pyproj/releases)
- [Changelog](https://github.com/pyproj4/pyproj/blob/main/docs/history.rst)
- [Commits](https://github.com/pyproj4/pyproj/compare/v1.9.4rel...3.6.0)

---
updated-dependencies:
- dependency-name: pyproj
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 6254a0fd423..6aa39029b90 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -53,7 +53,7 @@ pyopenssl==23.2.0
 pyjwt==2.7.0
 
 # geopython dependencies
-pyproj<3.6.0
+pyproj<3.7.0
 OWSLib==0.29.2
 pycsw==2.6.1
 SQLAlchemy==2.0.15 # required by PyCSW
diff --git a/setup.cfg b/setup.cfg
index d53cee5d1e4..d6d3874483b 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -79,7 +79,7 @@ install_requires =
     pyjwt==2.7.0
 
     # geopython dependencies
-    pyproj<3.6.0
+    pyproj<3.7.0
     OWSLib==0.29.2
     pycsw==2.6.1
     SQLAlchemy==2.0.15 # required by PyCSW

From 4f55b1c2d201f070810f52e09ccaed1e51491a43 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jun 2023 13:50:12 +0200
Subject: [PATCH 032/330] Bump ipython from 8.13.2 to 8.14.0 (#11146)

* Bump ipython from 8.13.2 to 8.14.0

Bumps [ipython](https://github.com/ipython/ipython) from 8.13.2 to 8.14.0.
- [Release notes](https://github.com/ipython/ipython/releases)
- [Commits](https://github.com/ipython/ipython/compare/8.13.2...8.14.0)

---
updated-dependencies:
- dependency-name: ipython
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 6aa39029b90..68249b4fedc 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -145,7 +145,7 @@ pycountry
 # production
 uWSGI==2.0.21
 gunicorn==20.1.0
-ipython==8.13.2
+ipython==8.14.0
 docker==6.1.3
 invoke==2.1.2
 
diff --git a/setup.cfg b/setup.cfg
index d6d3874483b..cfa7855b47f 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -170,7 +170,7 @@ install_requires =
     # production
     uWSGI==2.0.21
     gunicorn==20.1.0
-    ipython==8.13.2
+    ipython==8.14.0
     docker==6.1.3
     invoke==2.1.2
 

From 0e56e76c0afbba0e607f4fe1ff841e120670ccca Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jun 2023 13:51:33 +0200
Subject: [PATCH 033/330] Bump pytest from 7.3.1 to 7.4.0 (#11195)

* Bump pytest from 7.3.1 to 7.4.0

Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.3.1 to 7.4.0.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/7.3.1...7.4.0)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 68249b4fedc..50856965940 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -154,7 +154,7 @@ coverage==7.2.7
 requests-toolbelt==1.0.0
 flake8==6.0.0
 black==23.3.0
-pytest==7.3.1
+pytest==7.4.0
 pytest-bdd==6.1.1
 splinter==0.19.0
 pytest-splinter==3.3.2
diff --git a/setup.cfg b/setup.cfg
index cfa7855b47f..132df60ac06 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -179,7 +179,7 @@ install_requires =
     requests-toolbelt==1.0.0
     flake8==6.0.0
     black==23.3.0
-    pytest==7.3.1
+    pytest==7.4.0
     pytest-bdd==6.1.1
     splinter==0.19.0
     pytest-splinter==3.3.2

From 1327ca71fd8e20e7ac493e1beddadd6efdfe0bcf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jun 2023 13:51:59 +0200
Subject: [PATCH 034/330] Bump whitenoise from 6.4.0 to 6.5.0 (#11181)

* Bump whitenoise from 6.4.0 to 6.5.0

Bumps [whitenoise](https://github.com/evansd/whitenoise) from 6.4.0 to 6.5.0.
- [Changelog](https://github.com/evansd/whitenoise/blob/main/docs/changelog.rst)
- [Commits](https://github.com/evansd/whitenoise/compare/6.4.0...6.5.0)

---
updated-dependencies:
- dependency-name: whitenoise
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 50856965940..d5f84d2dfe3 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -117,7 +117,7 @@ boto3==1.26.137
 
 # Django Caches
 python-memcached<=1.59
-whitenoise==6.4.0
+whitenoise==6.5.0
 Brotli==1.0.9
 
 # Contribs
diff --git a/setup.cfg b/setup.cfg
index 132df60ac06..7ef6cdcd078 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -142,7 +142,7 @@ install_requires =
 
     # Django Caches
     python-memcached<=1.59
-    whitenoise==6.4.0
+    whitenoise==6.5.0
     Brotli==1.0.9
 
     # Contribs

From 73130a5e2dc623cb9f1bdb5042bed1dccc0fe8ca Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jun 2023 13:52:19 +0200
Subject: [PATCH 035/330] Bump sqlalchemy from 2.0.15 to 2.0.17 (#11193)

* Bump sqlalchemy from 2.0.15 to 2.0.17

Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.15 to 2.0.17.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

---
updated-dependencies:
- dependency-name: sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index d5f84d2dfe3..f875b3b64ca 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -56,7 +56,7 @@ pyjwt==2.7.0
 pyproj<3.7.0
 OWSLib==0.29.2
 pycsw==2.6.1
-SQLAlchemy==2.0.15 # required by PyCSW
+SQLAlchemy==2.0.17 # required by PyCSW
 Shapely==1.8.5.post1
 mercantile==1.2.1
 geoip2==4.7.0
diff --git a/setup.cfg b/setup.cfg
index 7ef6cdcd078..535c416998e 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -82,7 +82,7 @@ install_requires =
     pyproj<3.7.0
     OWSLib==0.29.2
     pycsw==2.6.1
-    SQLAlchemy==2.0.15 # required by PyCSW
+    SQLAlchemy==2.0.17 # required by PyCSW
     Shapely==1.8.5.post1
     mercantile==1.2.1
     geoip2==4.7.0

From 0808fbfa74c35cee3fc54b9fa142fec40e2b7992 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jun 2023 13:53:51 +0200
Subject: [PATCH 036/330] Bump pymupdf from 1.22.3 to 1.22.5 (#11197)

* Bump pymupdf from 1.22.3 to 1.22.5

Bumps [pymupdf](https://github.com/pymupdf/pymupdf) from 1.22.3 to 1.22.5.
- [Release notes](https://github.com/pymupdf/pymupdf/releases)
- [Changelog](https://github.com/pymupdf/PyMuPDF/blob/main/changes.txt)
- [Commits](https://github.com/pymupdf/pymupdf/compare/1.22.3...1.22.5)

---
updated-dependencies:
- dependency-name: pymupdf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index f875b3b64ca..b6c77a2f555 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -25,7 +25,7 @@ zipstream-new==1.1.8
 schema==0.7.5
 rdflib==6.3.2
 smart_open==6.3.0
-PyMuPDF==1.22.3
+PyMuPDF==1.22.5
 pathvalidate==3.0.0
 
 # Django Apps
diff --git a/setup.cfg b/setup.cfg
index 535c416998e..38835e416d2 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -51,7 +51,7 @@ install_requires =
     schema==0.7.5
     rdflib==6.3.2
     smart_open==6.3.0
-    PyMuPDF==1.22.3
+    PyMuPDF==1.22.5
     pathvalidate==3.0.0
 
     # Django Apps

From a12ce8f8a308591b2c6d1f89ea7a30aca8697080 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jun 2023 13:59:39 +0200
Subject: [PATCH 037/330] Update setuptools requirement from <67.9.0,>=59.1.1
 to >=59.1.1,<68.1.0 (#11192)

* Update setuptools requirement from <67.9.0,>=59.1.1 to >=59.1.1,<68.1.0

Updates the requirements on [setuptools](https://github.com/pypa/setuptools) to permit the latest version.
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](https://github.com/pypa/setuptools/compare/v65.5.1...v68.0.0)

---
updated-dependencies:
- dependency-name: setuptools
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index b6c77a2f555..f40e35e6621 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -159,7 +159,7 @@ pytest-bdd==6.1.1
 splinter==0.19.0
 pytest-splinter==3.3.2
 pytest-django==4.5.2
-setuptools>=59.1.1,<67.9.0
+setuptools>=59.1.1,<68.1.0
 pip==23.1.2
 Twisted==22.10.0
 pixelmatch==0.3.0
diff --git a/setup.cfg b/setup.cfg
index 38835e416d2..044abd669fa 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -184,7 +184,7 @@ install_requires =
     splinter==0.19.0
     pytest-splinter==3.3.2
     pytest-django==4.5.2
-    setuptools>=59.1.1,<67.9.0
+    setuptools>=59.1.1,<68.1.0
     pip==23.1.2
     Twisted==22.10.0
     pixelmatch==0.3.0

From 200d62edfa7790a00cdabf3b07d72d3d7e6169bc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jun 2023 14:00:00 +0200
Subject: [PATCH 038/330] Bump dropbox from 11.36.0 to 11.36.2 (#11178)

* Bump dropbox from 11.36.0 to 11.36.2

Bumps [dropbox](https://github.com/dropbox/dropbox-sdk-python) from 11.36.0 to 11.36.2.
- [Release notes](https://github.com/dropbox/dropbox-sdk-python/releases)
- [Commits](https://github.com/dropbox/dropbox-sdk-python/compare/v11.36.0...v11.36.2)

---
updated-dependencies:
- dependency-name: dropbox
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index f40e35e6621..21065525d4f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -110,7 +110,7 @@ django-bootstrap3-datetimepicker-2==2.8.3
 
 # storage manager dependencies
 django-storages==1.13.2
-dropbox==11.36.0
+dropbox==11.36.2
 google-cloud-storage==2.9.0
 google-cloud-core==2.3.2
 boto3==1.26.137
diff --git a/setup.cfg b/setup.cfg
index 044abd669fa..b775835b8cc 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -135,7 +135,7 @@ install_requires =
 
     # storage manager dependencies
     django-storages==1.13.2
-    dropbox==11.36.0
+    dropbox==11.36.2
     google-cloud-storage==2.9.0
     google-cloud-core==2.3.2
     boto3==1.26.137

From 57525248d4e8949d30be28c7ccf5020ea7c85f50 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jun 2023 14:00:27 +0200
Subject: [PATCH 039/330] Bump boto3 from 1.26.137 to 1.26.160 (#11194)

* Bump boto3 from 1.26.137 to 1.26.160

Bumps [boto3](https://github.com/boto/boto3) from 1.26.137 to 1.26.160.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.26.137...1.26.160)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 21065525d4f..a4a51cce085 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -113,7 +113,7 @@ django-storages==1.13.2
 dropbox==11.36.2
 google-cloud-storage==2.9.0
 google-cloud-core==2.3.2
-boto3==1.26.137
+boto3==1.26.160
 
 # Django Caches
 python-memcached<=1.59
diff --git a/setup.cfg b/setup.cfg
index b775835b8cc..c9385198996 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -138,7 +138,7 @@ install_requires =
     dropbox==11.36.2
     google-cloud-storage==2.9.0
     google-cloud-core==2.3.2
-    boto3==1.26.137
+    boto3==1.26.160
 
     # Django Caches
     python-memcached<=1.59

From d5334dfedd0b17bcaedc31e534173f4756978e87 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jun 2023 14:48:30 +0200
Subject: [PATCH 040/330] Bump celery from 5.2.7 to 5.3.1 (#11180)

* Bump celery from 5.2.7 to 5.3.1

Bumps [celery](https://github.com/celery/celery) from 5.2.7 to 5.3.1.
- [Release notes](https://github.com/celery/celery/releases)
- [Changelog](https://github.com/celery/celery/blob/main/Changelog.rst)
- [Commits](https://github.com/celery/celery/compare/v5.2.7...v5.3.1)

---
updated-dependencies:
- dependency-name: celery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

* - Align "setup.cfg" to "requirements.txt"

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 4 ++--
 setup.cfg        | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index a4a51cce085..a35d6e10545 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -14,8 +14,8 @@ urllib3==1.26.15
 Paver==1.3.4
 python-slugify==8.0.1
 decorator==5.1.1
-celery==5.2.7
-kombu==5.2.4
+celery==5.3.1
+kombu==5.3.1
 vine==5.0.0
 tqdm==4.65.0
 Deprecated==1.2.14
diff --git a/setup.cfg b/setup.cfg
index c9385198996..682ab135d92 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -40,8 +40,8 @@ install_requires =
     Paver==1.3.4
     python-slugify==8.0.1
     decorator==5.1.1
-    celery==5.2.7
-    kombu==5.2.4
+    celery==5.3.1
+    kombu==5.3.1
     vine==5.0.0
     tqdm==4.65.0
     Deprecated==1.2.14

From ea7fd7cbd4418111a7ccfab0656c404ad385a36c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jun 2023 14:48:50 +0200
Subject: [PATCH 041/330] Bump invoke from 2.1.2 to 2.1.3 (#11174)

* Bump invoke from 2.1.2 to 2.1.3

Bumps [invoke](https://github.com/pyinvoke/invoke) from 2.1.2 to 2.1.3.
- [Commits](https://github.com/pyinvoke/invoke/compare/2.1.2...2.1.3)

---
updated-dependencies:
- dependency-name: invoke
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index a35d6e10545..179ad47a106 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -147,7 +147,7 @@ uWSGI==2.0.21
 gunicorn==20.1.0
 ipython==8.14.0
 docker==6.1.3
-invoke==2.1.2
+invoke==2.1.3
 
 # tests
 coverage==7.2.7
diff --git a/setup.cfg b/setup.cfg
index 682ab135d92..647745361fd 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -172,7 +172,7 @@ install_requires =
     gunicorn==20.1.0
     ipython==8.14.0
     docker==6.1.3
-    invoke==2.1.2
+    invoke==2.1.3
 
     # tests
     coverage==7.2.7

From 7954bf13f11d84cd4c2a6c5b11d57b97d37c850e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jun 2023 14:49:09 +0200
Subject: [PATCH 042/330] Bump wandb from 0.15.3 to 0.15.4 (#11163)

* Bump wandb from 0.15.3 to 0.15.4

Bumps [wandb](https://github.com/wandb/wandb) from 0.15.3 to 0.15.4.
- [Release notes](https://github.com/wandb/wandb/releases)
- [Changelog](https://github.com/wandb/wandb/blob/v0.15.4/CHANGELOG.md)
- [Commits](https://github.com/wandb/wandb/compare/v0.15.3...v0.15.4)

---
updated-dependencies:
- dependency-name: wandb
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 179ad47a106..9f96ca8f1c8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -171,7 +171,7 @@ webdriver_manager==3.8.6
 
 # Security and audit
 mistune==3.0.1
-wandb==0.15.3
+wandb==0.15.4
 protobuf==3.20.3
 mako==1.2.4
 certifi>=2022.12.7 # not directly required, pinned by Snyk to avoid a vulnerability
diff --git a/setup.cfg b/setup.cfg
index 647745361fd..c140c4bc986 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -196,7 +196,7 @@ install_requires =
 
     # Security and audit
     mistune==3.0.1
-    wandb==0.15.3
+    wandb==0.15.4
     protobuf==3.20.3
     mako==1.2.4
     certifi>=2022.12.7 # not directly required, pinned by Snyk to avoid a vulnerability

From 156d58bab6d9bd66b66796cb6f3e0b5a01969d6f Mon Sep 17 00:00:00 2001
From: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Mon, 26 Jun 2023 14:50:17 +0200
Subject: [PATCH 043/330] fix: requirements.txt to reduce vulnerabilities
 (#11138)

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5663682

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
---
 requirements.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/requirements.txt b/requirements.txt
index 9f96ca8f1c8..cd162f8c08a 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -176,3 +176,4 @@ protobuf==3.20.3
 mako==1.2.4
 certifi>=2022.12.7 # not directly required, pinned by Snyk to avoid a vulnerability
 jwcrypto>=1.4 # not directly required, pinned by Snyk to avoid a vulnerability
+cryptography>=41.0.0 # not directly required, pinned by Snyk to avoid a vulnerability

From e103d06a391f250218cfbdc35bf6311a2b6e5204 Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Mon, 26 Jun 2023 15:22:12 +0200
Subject: [PATCH 044/330] Direct download on preview on dataset list is not
 working #11156 (#11165)

* FIx download_url for WFS url

* FIx download_url for WFS url

* FIx download_url for WFS url, change settings

* FIx download_url for WFS url, change settings

* Fix tests

* [Fixes #11156] Approach change and code rollback

* [Fixes #11156] Approach change and code rollback

* [Fixes #11156] Approach change and code rollback

* [Fixes #11156] Change delete query for original links

---------

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 geonode/layers/tests.py |  1 -
 geonode/utils.py        | 14 +++++++++++---
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/geonode/layers/tests.py b/geonode/layers/tests.py
index a24fb52ee01..fbe14c340ba 100644
--- a/geonode/layers/tests.py
+++ b/geonode/layers/tests.py
@@ -373,7 +373,6 @@ def test_dataset_links(self):
             links = Link.objects.filter(resource=lyr.resourcebase_ptr, link_type="image")
             self.assertIsNotNone(links)
 
-            # get and update original link to external
             Link.objects.filter(resource=lyr.resourcebase_ptr, link_type="original").update(
                 url="http://google.com/test"
             )
diff --git a/geonode/utils.py b/geonode/utils.py
index 3c83c824db8..6a2cee2708b 100755
--- a/geonode/utils.py
+++ b/geonode/utils.py
@@ -1412,6 +1412,8 @@ def set_resource_default_links(instance, layer, prune=False, **kwargs):
     from geonode.base.models import Link
     from django.urls import reverse
     from django.utils.translation import ugettext
+    from geonode.layers.models import Dataset
+    from geonode.documents.models import Document
 
     # Prune old links
     if prune:
@@ -1481,9 +1483,15 @@ def set_resource_default_links(instance, layer, prune=False, **kwargs):
         # Create Raw Data download link
         if settings.DISPLAY_ORIGINAL_DATASET_LINK:
             logger.debug(" -- Resource Links[Create Raw Data download link]...")
-            download_url = urljoin(settings.SITEURL, reverse("download", args=[instance.id]))
-            while Link.objects.filter(resource=instance.resourcebase_ptr, url=download_url).count() > 1:
-                Link.objects.filter(resource=instance.resourcebase_ptr, url=download_url).first().delete()
+            if isinstance(instance, Dataset):
+                download_url = build_absolute_uri(reverse("dataset_download", args=(instance.alternate,)))
+            elif isinstance(instance, Document):
+                download_url = build_absolute_uri(reverse("document_download", args=(instance.id,)))
+            else:
+                download_url = None
+
+            while Link.objects.filter(resource=instance.resourcebase_ptr, link_type="original").exists():
+                Link.objects.filter(resource=instance.resourcebase_ptr, link_type="original").delete()
             Link.objects.update_or_create(
                 resource=instance.resourcebase_ptr,
                 url=download_url,

From 5811a92469d9347b5f89ed77bbb855a5fca74f12 Mon Sep 17 00:00:00 2001
From: etj <etj@geo-solutions.it>
Date: Wed, 24 May 2023 16:48:58 +0200
Subject: [PATCH 045/330] #10995 Faceting - fixes

---
 geonode/facets/providers/category.py | 6 ++++--
 geonode/facets/providers/users.py    | 1 -
 geonode/facets/tests.py              | 2 +-
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/geonode/facets/providers/category.py b/geonode/facets/providers/category.py
index 3db78eb4d03..aac8b1c7cfe 100644
--- a/geonode/facets/providers/category.py
+++ b/geonode/facets/providers/category.py
@@ -38,7 +38,7 @@ def name(self) -> str:
     def get_info(self, lang="en") -> dict:
         return {
             "name": self.name,
-            "key": "filter{category__identifier}",
+            "key": "filter{category.identifier}",
             "label": "Category",
             "type": FACET_TYPE_CATEGORY,
             "hierarchical": False,
@@ -55,7 +55,9 @@ def get_facet_items(
     ) -> (int, list):
         logger.debug("Retrieving facets for %s", self.name)
 
-        q = queryset.values("category__identifier", "category__gn_description", "category__fa_class")
+        q = queryset.values("category__identifier", "category__gn_description", "category__fa_class").filter(
+            category__isnull=False
+        )
         if topic_contains:
             q = q.filter(category__gn_description=topic_contains)
         q = q.annotate(count=Count("owner")).order_by("-count")
diff --git a/geonode/facets/providers/users.py b/geonode/facets/providers/users.py
index 8a1e5c3effe..4358a3292a1 100644
--- a/geonode/facets/providers/users.py
+++ b/geonode/facets/providers/users.py
@@ -70,7 +70,6 @@ def get_facet_items(
             {
                 "key": r["owner"],
                 "label": r["owner__username"],
-                "localized_label": r["owner__username"],
                 "count": r["count"],
             }
             for r in q[start:end]
diff --git a/geonode/facets/tests.py b/geonode/facets/tests.py
index 67fcf27e11e..6c7fb45780e 100644
--- a/geonode/facets/tests.py
+++ b/geonode/facets/tests.py
@@ -193,7 +193,7 @@ def test_facets_rich(self):
             {
                 "name": "category",
                 "topics": {
-                    "total": 1,
+                    "total": 0,
                 },
             },
             {

From b33f8697d6e73b18e86fcd1a2b5d251c197f9a1a Mon Sep 17 00:00:00 2001
From: etj <etj@geo-solutions.it>
Date: Thu, 25 May 2023 13:50:56 +0200
Subject: [PATCH 046/330] #10995 Faceting - fix thesauri localization

---
 geonode/facets/providers/thesaurus.py | 18 ++++++++++++------
 geonode/facets/tests.py               | 24 +++++++++++++++++++++---
 2 files changed, 33 insertions(+), 9 deletions(-)

diff --git a/geonode/facets/providers/thesaurus.py b/geonode/facets/providers/thesaurus.py
index 5674635b6bd..8961aef5467 100644
--- a/geonode/facets/providers/thesaurus.py
+++ b/geonode/facets/providers/thesaurus.py
@@ -19,8 +19,9 @@
 
 import logging
 
-from django.db.models import Count
+from django.db.models import Count, OuterRef, Subquery
 
+from geonode.base.models import ThesaurusKeywordLabel
 from geonode.facets.models import FacetProvider, DEFAULT_FACET_PAGE_SIZE, FACET_TYPE_THESAURUS
 
 logger = logging.getLogger(__name__)
@@ -65,7 +66,6 @@ def get_facet_items(
 
         filter = {
             "tkeywords__thesaurus__identifier": self._name,
-            "tkeywords__keyword__lang": lang,
         }
 
         if topic_contains:
@@ -73,22 +73,28 @@ def get_facet_items(
 
         q = (
             queryset.filter(**filter)
-            .values("tkeywords", "tkeywords__keyword__label", "tkeywords__alt_label")
+            .values("tkeywords", "tkeywords__alt_label")
             .annotate(count=Count("tkeywords"))
+            .annotate(
+                localized_label=Subquery(
+                    ThesaurusKeywordLabel.objects.filter(keyword=OuterRef("tkeywords"), lang=lang).values("label")
+                )
+            )
             .order_by("-count")
         )
 
+        logger.debug(" ---> %s\n\n", q.query)
+
         cnt = q.count()
 
         logger.info("Found %d facets for %s", cnt, self._name)
-        logger.debug(" ---> %s\n\n", q.query)
         logger.debug(" ---> %r\n\n", q.all())
 
         topics = [
             {
                 "key": r["tkeywords"],
-                "label": r["tkeywords__keyword__label"] or r["tkeywords__alt_label"],
-                "is_localized": r["tkeywords__keyword__label"] is not None,
+                "label": r["localized_label"] or r["tkeywords__alt_label"],
+                "is_localized": r["localized_label"] is not None,
                 "count": r["count"],
             }
             for r in q[start:end].all()
diff --git a/geonode/facets/tests.py b/geonode/facets/tests.py
index 6c7fb45780e..49f199d2af7 100644
--- a/geonode/facets/tests.py
+++ b/geonode/facets/tests.py
@@ -76,7 +76,7 @@ def _create_thesauri(cls):
                 ThesaurusLabel.objects.create(thesaurus=t, lang=tl, label=f"TLabel {tn} {tl}")
 
             for tkn in range(10):
-                tk = ThesaurusKeyword.objects.create(thesaurus=t, alt_label=f"alt_tkn{tkn}_t{tn}")
+                tk = ThesaurusKeyword.objects.create(thesaurus=t, alt_label=f"T{tn}_K{tkn}_ALT")
                 cls.thesauri_k[f"{tn}_{tkn}"] = tk
                 for tkl in (
                     "en",
@@ -261,8 +261,26 @@ def test_facets_rich(self):
     def test_bad_lang(self):
         # for thesauri, make sure that by requesting a non-existent language the faceting is still working,
         # using the default labels
-        # TODO impl+test
-        pass
+
+        # run the request with a valid language
+        req = self.rf.get(reverse("get_facet", args=["t_0"]), data={"lang": "en"})
+        res: JsonResponse = views.get_facet(req, "t_0")
+        obj = json.loads(res.content)
+
+        self.assertEqual(2, obj["topics"]["total"])
+        self.assertEqual(10, obj["topics"]["items"][0]["count"])
+        self.assertEqual("T0_K0_en", obj["topics"]["items"][0]["label"])
+        self.assertTrue(obj["topics"]["items"][0]["is_localized"])
+
+        # run the request with an INVALID language
+        req = self.rf.get(reverse("get_facet", args=["t_0"]), data={"lang": "ZZ"})
+        res: JsonResponse = views.get_facet(req, "t_0")
+        obj = json.loads(res.content)
+
+        self.assertEqual(2, obj["topics"]["total"])
+        self.assertEqual(10, obj["topics"]["items"][0]["count"])  # make sure the count is still there
+        self.assertEqual("T0_K0_ALT", obj["topics"]["items"][0]["label"])  # check for the alternate label
+        self.assertFalse(obj["topics"]["items"][0]["is_localized"])  # check for the localization flag
 
     def test_user_auth(self):
         # make sure the user authorization pre-filters the visible resources

From 8838b8e9c69302f2c1b9df12a34cebbed29eae5f Mon Sep 17 00:00:00 2001
From: etj <etj@geo-solutions.it>
Date: Fri, 23 Jun 2023 19:10:46 +0200
Subject: [PATCH 047/330] [Fixes #11105] Facet topics

---
 geonode/facets/models.py              | 15 +++++++++++++++
 geonode/facets/providers/category.py  | 16 ++++++++++++++++
 geonode/facets/providers/region.py    | 15 +++++++++++++++
 geonode/facets/providers/thesaurus.py | 25 ++++++++++++++++++++++++-
 geonode/facets/providers/users.py     | 15 +++++++++++++++
 geonode/facets/tests.py               | 12 ++++++++++++
 geonode/facets/urls.py                |  1 +
 geonode/facets/views.py               | 21 ++++++++++++++++++++-
 8 files changed, 118 insertions(+), 2 deletions(-)

diff --git a/geonode/facets/models.py b/geonode/facets/models.py
index d271c188c9d..07b1b4c7643 100644
--- a/geonode/facets/models.py
+++ b/geonode/facets/models.py
@@ -28,6 +28,7 @@
 FACET_TYPE_USER = "user"
 FACET_TYPE_THESAURUS = "thesaurus"
 FACET_TYPE_CATEGORY = "category"
+FACET_TYPE_RESOURCETYPE = "resourcetype"
 
 logger = logging.getLogger(__name__)
 
@@ -86,6 +87,20 @@ def get_facet_items(
         """
         pass
 
+    def get_topics(self, keys: list, lang="en", **kwargs) -> list:
+        """
+        Return the topics with the requested ids as a list
+        - list, topic records. A topic record is a dict having these keys:
+          - key: the key of the items that should be used for filtering
+          - label: a generic label for the item; the client should try and localize it whenever possible
+          - localized_label: a localized label for the item
+          - other facet specific keys
+        :param keys: the list of the keys of the topics, as returned by the get_facet_items() method
+        :param lang: the preferred language for the labels
+        :return: list of items
+        """
+        pass
+
     @classmethod
     def register(cls, registry, **kwargs) -> None:
         """
diff --git a/geonode/facets/providers/category.py b/geonode/facets/providers/category.py
index aac8b1c7cfe..e0f24e29044 100644
--- a/geonode/facets/providers/category.py
+++ b/geonode/facets/providers/category.py
@@ -21,6 +21,7 @@
 
 from django.db.models import Count
 
+from geonode.base.models import TopicCategory
 from geonode.facets.models import FacetProvider, DEFAULT_FACET_PAGE_SIZE, FACET_TYPE_CATEGORY
 
 logger = logging.getLogger(__name__)
@@ -80,6 +81,21 @@ def get_facet_items(
 
         return cnt, topics
 
+    def get_topics(self, keys: list, lang="en", **kwargs) -> list:
+        q = TopicCategory.objects.filter(identifier__in=keys)
+
+        logger.debug(" ---> %s\n\n", q.query)
+        logger.debug(" ---> %r\n\n", q.all())
+
+        return [
+            {
+                "key": r.identifier,
+                "label": r.gn_description,
+                "fa_class": r.fa_class,
+            }
+            for r in q.all()
+        ]
+
     @classmethod
     def register(cls, registry, **kwargs) -> None:
         registry.register_facet_provider(CategoryFacetProvider())
diff --git a/geonode/facets/providers/region.py b/geonode/facets/providers/region.py
index b0cd5d45ce8..a0df25b2ea6 100644
--- a/geonode/facets/providers/region.py
+++ b/geonode/facets/providers/region.py
@@ -21,6 +21,7 @@
 
 from django.db.models import Count
 
+from geonode.base.models import Region
 from geonode.facets.models import FacetProvider, DEFAULT_FACET_PAGE_SIZE, FACET_TYPE_PLACE
 
 logger = logging.getLogger(__name__)
@@ -77,6 +78,20 @@ def get_facet_items(
 
         return cnt, topics
 
+    def get_topics(self, keys: list, lang="en", **kwargs) -> list:
+        q = Region.objects.filter(code__in=keys).values("code", "name")
+
+        logger.debug(" ---> %s\n\n", q.query)
+        logger.debug(" ---> %r\n\n", q.all())
+
+        return [
+            {
+                "key": r["code"],
+                "label": r["name"],
+            }
+            for r in q.all()
+        ]
+
     @classmethod
     def register(cls, registry, **kwargs) -> None:
         registry.register_facet_provider(RegionFacetProvider())
diff --git a/geonode/facets/providers/thesaurus.py b/geonode/facets/providers/thesaurus.py
index 8961aef5467..d9897f6139d 100644
--- a/geonode/facets/providers/thesaurus.py
+++ b/geonode/facets/providers/thesaurus.py
@@ -21,7 +21,7 @@
 
 from django.db.models import Count, OuterRef, Subquery
 
-from geonode.base.models import ThesaurusKeywordLabel
+from geonode.base.models import ThesaurusKeyword, ThesaurusKeywordLabel
 from geonode.facets.models import FacetProvider, DEFAULT_FACET_PAGE_SIZE, FACET_TYPE_THESAURUS
 
 logger = logging.getLogger(__name__)
@@ -102,6 +102,29 @@ def get_facet_items(
 
         return cnt, topics
 
+    def get_topics(self, keys: list, lang="en", **kwargs) -> list:
+        q = (
+            ThesaurusKeyword.objects.filter(id__in=keys)
+            .values("id", "alt_label")
+            .annotate(
+                localized_label=Subquery(
+                    ThesaurusKeywordLabel.objects.filter(keyword=OuterRef("id"), lang=lang).values("label")
+                )
+            )
+        )
+
+        logger.debug(" ---> %s\n\n", q.query)
+        logger.debug(" ---> %r\n\n", q.all())
+
+        return [
+            {
+                "key": r["id"],
+                "label": r["localized_label"] or r["alt_label"],
+                "is_localized": r["localized_label"] is not None,
+            }
+            for r in q.all()
+        ]
+
     @classmethod
     def register(cls, registry, **kwargs) -> None:
         # registry.register_facet_provider(CategoryFacetProvider())
diff --git a/geonode/facets/providers/users.py b/geonode/facets/providers/users.py
index 4358a3292a1..aedb2fc06f2 100644
--- a/geonode/facets/providers/users.py
+++ b/geonode/facets/providers/users.py
@@ -19,6 +19,7 @@
 
 import logging
 
+from django.contrib.auth import get_user_model
 from django.db.models import Count
 
 from geonode.facets.models import FacetProvider, DEFAULT_FACET_PAGE_SIZE, FACET_TYPE_USER
@@ -77,6 +78,20 @@ def get_facet_items(
 
         return cnt, topics
 
+    def get_topics(self, keys: list, lang="en", **kwargs) -> list:
+        q = get_user_model().objects.filter(id__in=keys).values("id", "username")
+
+        logger.debug(" ---> %s\n\n", q.query)
+        logger.debug(" ---> %r\n\n", q.all())
+
+        return [
+            {
+                "key": r["id"],
+                "label": r["username"],
+            }
+            for r in q.all()
+        ]
+
     @classmethod
     def register(cls, registry, **kwargs) -> None:
         registry.register_facet_provider(OwnerFacetProvider())
diff --git a/geonode/facets/tests.py b/geonode/facets/tests.py
index 49f199d2af7..d582f4e2041 100644
--- a/geonode/facets/tests.py
+++ b/geonode/facets/tests.py
@@ -282,6 +282,18 @@ def test_bad_lang(self):
         self.assertEqual("T0_K0_ALT", obj["topics"]["items"][0]["label"])  # check for the alternate label
         self.assertFalse(obj["topics"]["items"][0]["is_localized"])  # check for the localization flag
 
+    def test_topics(self):
+        for facet, keys, exp in (
+            ("t_0", [self.thesauri_k["0_0"].id, self.thesauri_k["0_1"].id, -999], 2),
+            ("category", ["C1", "C2", "nomatch"], 0),
+            ("owner", [self.user.id, -100], 1),
+            ("region", ["R0", "R1", "nomatch"], 2),
+        ):
+            req = self.rf.get(reverse("get_facet_topics", args=[facet]), data={"lang": "en", "key": keys})
+            res: JsonResponse = views.get_facet_topics(req, facet)
+            obj = json.loads(res.content)
+            self.assertEqual(exp, len(obj["topics"]["items"]), f"Unexpected topic count {exp} for facet {facet}")
+
     def test_user_auth(self):
         # make sure the user authorization pre-filters the visible resources
         # TODO test
diff --git a/geonode/facets/urls.py b/geonode/facets/urls.py
index 82aef71e751..42bf08de85b 100644
--- a/geonode/facets/urls.py
+++ b/geonode/facets/urls.py
@@ -23,4 +23,5 @@
 urlpatterns = [
     path("facets", views.list_facets, name="list_facets"),
     path("facets/<facet>", views.get_facet, name="get_facet"),
+    path("facets/<facet>/topics", views.get_facet_topics, name="get_facet_topics"),
 ]
diff --git a/geonode/facets/views.py b/geonode/facets/views.py
index 31961bb3b6d..8aa18439f83 100644
--- a/geonode/facets/views.py
+++ b/geonode/facets/views.py
@@ -23,7 +23,7 @@
 from rest_framework.authentication import SessionAuthentication, BasicAuthentication
 from rest_framework.decorators import api_view, authentication_classes
 
-from django.http import HttpResponseNotFound, JsonResponse
+from django.http import HttpResponseNotFound, JsonResponse, HttpResponseBadRequest
 from django.urls import reverse
 
 from django.conf import settings
@@ -116,6 +116,25 @@ def get_facet(request, facet):
     return JsonResponse(info)
 
 
+@api_view(["GET"])
+def get_facet_topics(request, facet):
+    logger.debug("get_facet_topics -> %r", facet)
+
+    # retrieve provider for the requested facet
+    provider: FacetProvider = facet_registry.get_provider(facet)
+    if not provider:
+        return HttpResponseNotFound("Facet not found")
+
+    # parse some query params
+    lang, lang_requested = _resolve_language(request)
+    keys = request.query_params.getlist("key")
+    if not keys:
+        return HttpResponseBadRequest("Missing key parameter")
+
+    ret = {"topics": {"items": provider.get_topics(keys, lang=lang)}}
+    return JsonResponse(ret)
+
+
 def _get_topics(
     provider,
     queryset,

From f3a490a2c2b38975351a887af720e7b7282b385e Mon Sep 17 00:00:00 2001
From: Emanuele Tajariol <etj@geo-solutions.it>
Date: Thu, 29 Jun 2023 16:29:28 +0200
Subject: [PATCH 048/330] [Fixes #11102] Faceting: prefiltering (#11205)

---
 geonode/base/api/filters.py | 15 ++++++++++-----
 geonode/facets/tests.py     | 23 +++++++++++++++++++++++
 geonode/facets/views.py     | 13 +++++++++++--
 3 files changed, 44 insertions(+), 7 deletions(-)

diff --git a/geonode/base/api/filters.py b/geonode/base/api/filters.py
index f8691e0178d..a2428bfdc65 100644
--- a/geonode/base/api/filters.py
+++ b/geonode/base/api/filters.py
@@ -56,11 +56,16 @@ class TKeywordsFilter(BaseFilterBackend):
     """
 
     def filter_queryset(self, request, queryset, view):
-        return (
-            self.filter_queryset_GROUP(request, queryset, view)
-            if "force_and" not in request.GET
-            else self.filter_queryset_AND(request, queryset, view)
-        )
+        # we must make the GET mutable since in the filters, some queryparams are popped
+        request.GET._mutable = True
+        try:
+            return (
+                self.filter_queryset_GROUP(request, queryset, view)
+                if "force_and" not in request.GET
+                else self.filter_queryset_AND(request, queryset, view)
+            )
+        finally:
+            request.GET._mutable = False
 
     def filter_queryset_AND(self, request, queryset, view):
         """
diff --git a/geonode/facets/tests.py b/geonode/facets/tests.py
index d582f4e2041..b5ae7f7541f 100644
--- a/geonode/facets/tests.py
+++ b/geonode/facets/tests.py
@@ -28,6 +28,8 @@
 from django.urls import reverse
 
 from geonode.base.models import Thesaurus, ThesaurusLabel, ThesaurusKeyword, ThesaurusKeywordLabel, ResourceBase, Region
+from geonode.facets.models import facet_registry
+from geonode.facets.providers.region import RegionFacetProvider
 from geonode.tests.base import GeoNodeBaseTestSupport
 import geonode.facets.views as views
 
@@ -294,6 +296,27 @@ def test_topics(self):
             obj = json.loads(res.content)
             self.assertEqual(exp, len(obj["topics"]["items"]), f"Unexpected topic count {exp} for facet {facet}")
 
+    def test_prefiltering(self):
+        reginfo = RegionFacetProvider().get_info()
+        t0info = facet_registry.get_provider("t_0").get_info()
+        t1info = facet_registry.get_provider("t_1").get_info()
+
+        for facet, filters, totals, count0 in (
+            ("t_0", {}, 2, 10),
+            ("t_0", {reginfo["key"]: "R0"}, 1, 1),
+            ("t_1", {}, 2, 10),
+            ("t_1", {reginfo["key"]: "R0"}, 1, 2),
+            ("t_1", {reginfo["key"]: "R1"}, 2, 3),
+            (reginfo["name"], {}, 2, 4),
+            (reginfo["name"], {t0info["key"]: self.thesauri_k["0_0"].id}, 2, 1),
+            (reginfo["name"], {t1info["key"]: self.thesauri_k["1_0"].id}, 2, 3),
+        ):
+            req = self.rf.get(reverse("get_facet", args=[facet]), data=filters)
+            res: JsonResponse = views.get_facet(req, facet)
+            obj = json.loads(res.content)
+            self.assertEqual(totals, obj["topics"]["total"], f"Bad totals for facet '{facet} and filter {filters}")
+            self.assertEqual(count0, obj["topics"]["items"][0]["count"], f"Bad count0 for facet '{facet}")
+
     def test_user_auth(self):
         # make sure the user authorization pre-filters the visible resources
         # TODO test
diff --git a/geonode/facets/views.py b/geonode/facets/views.py
index 8aa18439f83..717eabfc57a 100644
--- a/geonode/facets/views.py
+++ b/geonode/facets/views.py
@@ -27,6 +27,8 @@
 from django.urls import reverse
 
 from django.conf import settings
+
+from geonode.base.api.views import ResourceBaseViewSet
 from geonode.base.models import ResourceBase
 from geonode.facets.models import FacetProvider, DEFAULT_FACET_PAGE_SIZE, facet_registry
 from geonode.security.utils import get_visible_resources
@@ -160,8 +162,15 @@ def _prefilter_topics(request):
     :return: a QuerySet on ResourceBase
     """
     logger.debug("Filtering by user '%s'", request.user)
-    # return ResourceBase.objects
-    return get_visible_resources(ResourceBase.objects, request.user)
+    filters = {k: vlist for k, vlist in request.query_params.lists() if k.startswith("filter{")}
+
+    if filters:
+        viewset = ResourceBaseViewSet(request=request, format_kwarg={}, kwargs=filters)
+        viewset.initial(request)
+        return get_visible_resources(queryset=viewset.filter_queryset(viewset.get_queryset()), user=request.user)
+    else:
+        # return ResourceBase.objects
+        return get_visible_resources(ResourceBase.objects, request.user)
 
 
 def _resolve_language(request) -> (str, bool):

From ad68f2ed7c697345fd0fda644d0e77f49af158f0 Mon Sep 17 00:00:00 2001
From: Francisco Vicent <franciscovicent@outlook.com>
Date: Mon, 3 Jul 2023 05:35:48 -0300
Subject: [PATCH 049/330] Fix #11154 - Wrong login URL in notification (#11155)

* Fix #11154 - Wrong login URL in notification

* fix single quote
---
 geonode/people/models.py                                        | 1 +
 .../notifications/account_active/account_active_message.txt     | 2 +-
 geonode/templates/pinax/notifications/account_active/full.txt   | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/geonode/people/models.py b/geonode/people/models.py
index 37d4c21631c..c07b6f5e81f 100644
--- a/geonode/people/models.py
+++ b/geonode/people/models.py
@@ -246,6 +246,7 @@ def _notify_account_activated(self):
                     "site_name": current_site.name,
                     "email": self.email,
                     "inviter": self,
+                    "LOGIN_URL": settings.LOGIN_URL,
                 }
 
                 email_template = "pinax/notifications/account_active/account_active"
diff --git a/geonode/templates/pinax/notifications/account_active/account_active_message.txt b/geonode/templates/pinax/notifications/account_active/account_active_message.txt
index 02237b540e6..f9ddbc0c091 100644
--- a/geonode/templates/pinax/notifications/account_active/account_active_message.txt
+++ b/geonode/templates/pinax/notifications/account_active/account_active_message.txt
@@ -1,3 +1,3 @@
 {% load i18n %}
 {% trans "Your account has been approved and is now active." %} ({{ username }})<br/>
-{% trans "You can use the login form at" %}: http://{{ current_site.name }}
+{% trans "You can use the login form at" %}: {{ LOGIN_URL }}
diff --git a/geonode/templates/pinax/notifications/account_active/full.txt b/geonode/templates/pinax/notifications/account_active/full.txt
index aac4b9cc507..8344ed13d4b 100644
--- a/geonode/templates/pinax/notifications/account_active/full.txt
+++ b/geonode/templates/pinax/notifications/account_active/full.txt
@@ -1,3 +1,3 @@
 {% load i18n %}
 {% trans "Your account has been approved and is now active." %}<br/>
-{% trans "You can use the login form at" %}: http://{{ current_site }}
+{% trans "You can use the login form at" %}: {{ LOGIN_URL }}

From ec3868ac044e24959032a32dc3f2d53e0ff44fae Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 Jul 2023 11:45:55 +0200
Subject: [PATCH 050/330] Bump google-cloud-storage from 2.9.0 to 2.10.0
 (#11212)

* Bump google-cloud-storage from 2.9.0 to 2.10.0

Bumps [google-cloud-storage](https://github.com/googleapis/python-storage) from 2.9.0 to 2.10.0.
- [Release notes](https://github.com/googleapis/python-storage/releases)
- [Changelog](https://github.com/googleapis/python-storage/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/python-storage/compare/v2.9.0...v2.10.0)

---
updated-dependencies:
- dependency-name: google-cloud-storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index cd162f8c08a..b99ca9afde2 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -111,7 +111,7 @@ django-bootstrap3-datetimepicker-2==2.8.3
 # storage manager dependencies
 django-storages==1.13.2
 dropbox==11.36.2
-google-cloud-storage==2.9.0
+google-cloud-storage==2.10.0
 google-cloud-core==2.3.2
 boto3==1.26.160
 
diff --git a/setup.cfg b/setup.cfg
index c140c4bc986..295dc72d6b2 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -136,7 +136,7 @@ install_requires =
     # storage manager dependencies
     django-storages==1.13.2
     dropbox==11.36.2
-    google-cloud-storage==2.9.0
+    google-cloud-storage==2.10.0
     google-cloud-core==2.3.2
     boto3==1.26.160
 

From c75073f8b653c63b5dec21b0e4de07b85a668fd3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 Jul 2023 11:46:13 +0200
Subject: [PATCH 051/330] Bump boto3 from 1.26.160 to 1.26.165 (#11210)

* Bump boto3 from 1.26.160 to 1.26.165

Bumps [boto3](https://github.com/boto/boto3) from 1.26.160 to 1.26.165.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.26.160...1.26.165)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index b99ca9afde2..4df657af224 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -113,7 +113,7 @@ django-storages==1.13.2
 dropbox==11.36.2
 google-cloud-storage==2.10.0
 google-cloud-core==2.3.2
-boto3==1.26.160
+boto3==1.26.165
 
 # Django Caches
 python-memcached<=1.59
diff --git a/setup.cfg b/setup.cfg
index 295dc72d6b2..1806bbc4910 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -138,7 +138,7 @@ install_requires =
     dropbox==11.36.2
     google-cloud-storage==2.10.0
     google-cloud-core==2.3.2
-    boto3==1.26.160
+    boto3==1.26.165
 
     # Django Caches
     python-memcached<=1.59

From dcc119ab9e6ae400bf8c662a07a8d770aa28a235 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 Jul 2023 14:19:22 +0200
Subject: [PATCH 052/330] Bump pillow from 9.5.0 to 10.0.0 (#11211)

* Bump pillow from 9.5.0 to 10.0.0

Bumps [pillow](https://github.com/python-pillow/Pillow) from 9.5.0 to 10.0.0.
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](https://github.com/python-pillow/Pillow/compare/9.5.0...10.0.0)

---
updated-dependencies:
- dependency-name: pillow
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

* - Bump geonode-avatar 5.0.8 to django-avatar==7.1.1

* - Bump geonode-avatar 5.0.8 to django-avatar==7.1.1

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 4 ++--
 setup.cfg        | 5 +++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 4df657af224..f44b6c465b9 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,5 +1,5 @@
 # native dependencies
-Pillow==9.5.0
+Pillow==10.0.0
 lxml==4.9.2
 psycopg2==2.9.6
 Django==3.2.19
@@ -91,7 +91,7 @@ pinax-ratings==4.0.0
 # django-geonode-mapstore-client==4.0.5
 -e git+https://github.com/GeoNode/geonode-mapstore-client.git@master#egg=django_geonode_mapstore_client
 -e git+https://github.com/GeoNode/geonode-importer.git@master#egg=geonode-importer
-geonode-avatar==5.0.8
+django-avatar==7.1.1
 geonode-oauth-toolkit==2.2.2
 geonode-user-messages==2.0.2
 geonode-announcements==2.0.2
diff --git a/setup.cfg b/setup.cfg
index 1806bbc4910..fdc1c61ab21 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -25,7 +25,7 @@ setup_requires =
     setuptools
 install_requires =
     # native dependencies
-    Pillow==9.5.0
+    Pillow==10.0.0
     lxml==4.9.2
     psycopg2==2.9.6
     Django==3.2.19
@@ -116,7 +116,7 @@ install_requires =
     # GeoNode org maintained apps.
     django-geonode-mapstore-client>=4.0.5,<5.0.0
     geonode-importer>=1.0.2
-    geonode-avatar==5.0.8
+    django-avatar==7.1.1
     geonode-oauth-toolkit==2.2.2
     geonode-user-messages==2.0.2
     geonode-announcements==2.0.2
@@ -201,6 +201,7 @@ install_requires =
     mako==1.2.4
     certifi>=2022.12.7 # not directly required, pinned by Snyk to avoid a vulnerability
     jwcrypto>=1.4 # not directly required, pinned by Snyk to avoid a vulnerability
+    cryptography>=41.0.0 # not directly required, pinned by Snyk to avoid a vulnerability
 
 [options.packages.find]
 exclude = tests

From de59bced4d56479eae55febb2c527132a7a4e2c6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 Jul 2023 16:06:46 +0200
Subject: [PATCH 053/330] Bump django from 3.2.19 to 3.2.20 (#11216)

* Bump django from 3.2.19 to 3.2.20

Bumps [django](https://github.com/django/django) from 3.2.19 to 3.2.20.
- [Commits](https://github.com/django/django/compare/3.2.19...3.2.20)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index f44b6c465b9..022221a3a3a 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,7 +2,7 @@
 Pillow==10.0.0
 lxml==4.9.2
 psycopg2==2.9.6
-Django==3.2.19
+Django==3.2.20
 
 # Other
 amqp==5.1.1
diff --git a/setup.cfg b/setup.cfg
index fdc1c61ab21..d30ae2d8c54 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -28,7 +28,7 @@ install_requires =
     Pillow==10.0.0
     lxml==4.9.2
     psycopg2==2.9.6
-    Django==3.2.19
+    Django==3.2.20
 
     # Other
     amqp==5.1.1

From 543d751d8c5d98184008b175d06d97b4b8131db2 Mon Sep 17 00:00:00 2001
From: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Wed, 5 Jul 2023 09:55:46 +0200
Subject: [PATCH 054/330] fix: Dockerfile to reduce vulnerabilities (#11223)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-UBUNTU2204-BASH-3098342
- https://snyk.io/vuln/SNYK-UBUNTU2204-COREUTILS-2801226
- https://snyk.io/vuln/SNYK-UBUNTU2204-GLIBC-2801292
- https://snyk.io/vuln/SNYK-UBUNTU2204-LIBCAP2-5538282
- https://snyk.io/vuln/SNYK-UBUNTU2204-LIBCAP2-5538296

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 6c62736737b..5d76bb6f25d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:22.04
+FROM ubuntu:22.10
 LABEL GeoNode development team
 
 RUN mkdir -p /usr/src/geonode

From f839d394af4f313b66482a2b2544b556969a1f7b Mon Sep 17 00:00:00 2001
From: etj <etj@geo-solutions.it>
Date: Tue, 4 Jul 2023 18:27:36 +0200
Subject: [PATCH 055/330] [Fixes #11097] Faceting: resource type

---
 geonode/facets/models.py             |   2 +-
 geonode/facets/providers/baseinfo.py | 147 +++++++++++++++++++++++++++
 geonode/facets/tests.py              |  60 +++++++----
 geonode/settings.py                  |   2 +
 4 files changed, 189 insertions(+), 22 deletions(-)
 create mode 100644 geonode/facets/providers/baseinfo.py

diff --git a/geonode/facets/models.py b/geonode/facets/models.py
index 07b1b4c7643..c7f9fbd0813 100644
--- a/geonode/facets/models.py
+++ b/geonode/facets/models.py
@@ -28,7 +28,7 @@
 FACET_TYPE_USER = "user"
 FACET_TYPE_THESAURUS = "thesaurus"
 FACET_TYPE_CATEGORY = "category"
-FACET_TYPE_RESOURCETYPE = "resourcetype"
+FACET_TYPE_BASE = "base"
 
 logger = logging.getLogger(__name__)
 
diff --git a/geonode/facets/providers/baseinfo.py b/geonode/facets/providers/baseinfo.py
new file mode 100644
index 00000000000..b1f55129be3
--- /dev/null
+++ b/geonode/facets/providers/baseinfo.py
@@ -0,0 +1,147 @@
+#########################################################################
+#
+# Copyright (C) 2023 Open Source Geospatial Foundation - all rights reserved
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+
+import logging
+
+from django.db.models import Count
+
+from geonode.facets.models import FacetProvider, DEFAULT_FACET_PAGE_SIZE, FACET_TYPE_BASE
+
+logger = logging.getLogger(__name__)
+
+
+class ResourceTypeFacetProvider(FacetProvider):
+    """
+    Implements faceting for resources' type and subtype
+    """
+
+    @property
+    def name(self) -> str:
+        return "resourcetype"
+
+    def get_info(self, lang="en") -> dict:
+        return {
+            "name": self.name,
+            "key": "filter{resource_type.in}",
+            "label": "Resource type",
+            "type": FACET_TYPE_BASE,
+            "hierarchical": True,
+            "order": 0,
+        }
+
+    def get_facet_items(
+        self,
+        queryset=None,
+        start: int = 0,
+        end: int = DEFAULT_FACET_PAGE_SIZE,
+        lang="en",
+        topic_contains: str = None,
+    ) -> (int, list):
+        logger.debug("Retrieving facets for %s", self.name)
+
+        if topic_contains:
+            logger.warning(f"Facet {self.name} does not support topic_contains filtering")
+
+        q = queryset.values("resource_type", "subtype")
+        q = q.annotate(ctype=Count("resource_type"), csub=Count("subtype"))
+        q = q.order_by()
+
+        # aggregate subtypes into rtypes
+        tree = {}
+        for r in q.all():
+            res_type = r["resource_type"]
+            t = tree.get(res_type, {"cnt": 0, "sub": {}})
+            t["cnt"] += r["ctype"]
+            if sub := r["subtype"]:
+                t["sub"][sub] = {"cnt": r["ctype"]}
+            tree[res_type] = t
+
+        logger.info("Found %d main facets for %s", len(tree), self.name)
+        logger.debug(" ---> %s\n\n", q.query)
+        logger.debug(" ---> %r\n\n", q.all())
+
+        topics = []
+        for rtype, info in tree.items():
+            t = {"key": rtype, "label": rtype, "count": info["cnt"]}
+            if sub := info["sub"]:
+                children = []
+                for stype, sinfo in sub.items():
+                    children.append({"key": stype, "label": stype, "count": sinfo["cnt"]})
+                t["filter"] = "filter{subtype.in}"
+                t["items"] = sorted(children, reverse=True, key=lambda x: x["count"])
+            topics.append(t)
+
+        return len(topics), sorted(topics, reverse=True, key=lambda x: x["count"])
+
+    @classmethod
+    def register(cls, registry, **kwargs) -> None:
+        registry.register_facet_provider(ResourceTypeFacetProvider())
+
+
+class FeaturedFacetProvider(FacetProvider):
+    """
+    Implements faceting for resources flagged as featured
+    """
+
+    @property
+    def name(self) -> str:
+        return "featured"
+
+    def get_info(self, lang="en") -> dict:
+        return {
+            "name": self.name,
+            "key": "filter{featured}",
+            "label": "Featured",
+            "type": FACET_TYPE_BASE,
+            "hierarchical": False,
+            "order": 0,
+        }
+
+    def get_facet_items(
+        self,
+        queryset=None,
+        start: int = 0,
+        end: int = DEFAULT_FACET_PAGE_SIZE,
+        lang="en",
+        topic_contains: str = None,
+    ) -> (int, list):
+        logger.debug("Retrieving facets for %s", self.name)
+
+        if topic_contains:
+            logger.warning(f"Facet {self.name} does not support topic_contains filtering")
+
+        q = queryset.values("featured").annotate(cnt=Count("featured")).order_by()
+
+        logger.debug(" ---> %s\n\n", q.query)
+        logger.debug(" ---> %r\n\n", q.all())
+
+        topics = [
+            {
+                "key": r["featured"],
+                "label": str(r["featured"]),
+                "count": r["cnt"],
+            }
+            for r in q[start:end]
+        ]
+
+        return 2, topics
+
+    @classmethod
+    def register(cls, registry, **kwargs) -> None:
+        registry.register_facet_provider(FeaturedFacetProvider())
diff --git a/geonode/facets/tests.py b/geonode/facets/tests.py
index b5ae7f7541f..156c4908e50 100644
--- a/geonode/facets/tests.py
+++ b/geonode/facets/tests.py
@@ -114,49 +114,46 @@ def _create_resources(self):
 
             # These are the assigned keywords to the Resources
 
-            # RB00 ->            T1K0          R0,R1
-            # RB01 ->  T0K0      T1K0          R0
-            # RB02 ->            T1K0          R1
+            # RB00 ->            T1K0          R0,R1   FEAT
+            # RB01 ->  T0K0      T1K0          R0      FEAT
+            # RB02 ->            T1K0          R1      FEAT
             # RB03 ->  T0K0      T1K0
             # RB04 ->            T1K0
             # RB05 ->  T0K0      T1K0
-            # RB06 ->            T1K0
-            # RB07 ->  T0K0      T1K0
-            # RB08 ->            T1K0 T1K1     R1
+            # RB06 ->            T1K0                  FEAT
+            # RB07 ->  T0K0      T1K0                  FEAT
+            # RB08 ->            T1K0 T1K1     R1      FEAT
             # RB09 ->  T0K0      T1K0 T1K1
             # RB10 ->                 T1K1
             # RB11 ->  T0K0 T0K1      T1K1
-            # RB12 ->                 T1K1
-            # RB13 ->  T0K0 T0K1               R1
-            # RB14 ->
+            # RB12 ->                 T1K1             FEAT
+            # RB13 ->  T0K0 T0K1               R1      FEAT
+            # RB14 ->                                  FEAT
             # RB15 ->  T0K0 T0K1
             # RB16 ->
             # RB17 ->  T0K0 T0K1
-            # RB18 ->
-            # RB19 ->  T0K0 T0K1
+            # RB18 ->                                  FEAT
+            # RB19 ->  T0K0 T0K1                       FEAT
 
             if x % 2 == 1:
                 print(f"ADDING KEYWORDS {self.thesauri_k['0_0']} to RB {d}")
                 d.tkeywords.add(self.thesauri_k["0_0"])
-                d.save()
             if x % 2 == 1 and x > 10:
                 print(f"ADDING KEYWORDS {self.thesauri_k['0_1']} to RB {d}")
                 d.tkeywords.add(self.thesauri_k["0_1"])
-                d.save()
             if x < 10:
                 print(f"ADDING KEYWORDS {self.thesauri_k['1_0']} to RB {d}")
                 d.tkeywords.add(self.thesauri_k["1_0"])
-                d.save()
             if 7 < x < 13:
                 d.tkeywords.add(self.thesauri_k["1_1"])
-                d.save()
             if x in (0, 1):
                 d.regions.add(self.regions["R0"])
-                d.save()
             if x in (0, 2, 8, 13):
                 d.regions.add(self.regions["R1"])
-                d.save()
+            if (x % 6) in (0, 1, 2):
+                d.featured = True
 
+            d.save()
             d.set_permissions(public_perm_spec)
 
     @staticmethod
@@ -169,9 +166,9 @@ def test_facets_base(self):
         obj = json.loads(res.content)
         self.assertIn("facets", obj)
         facets_list = obj["facets"]
-        self.assertEqual(5, len(facets_list))
+        self.assertEqual(7, len(facets_list))
         fmap = self._facets_to_map(facets_list)
-        for name in ("category", "owner", "t_0", "t_1"):
+        for name in ("category", "owner", "t_0", "t_1", "featured", "resourcetype"):
             self.assertIn(name, fmap)
 
     def test_facets_rich(self):
@@ -189,7 +186,7 @@ def test_facets_rich(self):
         obj = json.loads(res.content)
 
         facets_list = obj["facets"]
-        self.assertEqual(5, len(facets_list))
+        self.assertEqual(7, len(facets_list))
         fmap = self._facets_to_map(facets_list)
         for expected in (
             {
@@ -233,6 +230,25 @@ def test_facets_rich(self):
                     ],
                 },
             },
+            {
+                "name": "featured",
+                "topics": {
+                    "total": 2,
+                    "items": [
+                        {"label": "True", "key": True, "count": 11},
+                        {"label": "False", "key": False, "count": 9},
+                    ],
+                },
+            },
+            {
+                "name": "resourcetype",
+                "topics": {
+                    "total": 1,
+                    "items": [
+                        {"label": "resourcebase", "key": "resourcebase", "count": 20},
+                    ],
+                },
+            },
         ):
             name = expected["name"]
             self.assertIn(name, fmap)
@@ -254,7 +270,9 @@ def test_facets_rich(self):
                                 found = item
                                 break
 
-                        self.assertIsNotNone(item, f"topic not found '{exp_label}'")
+                        self.assertIsNotNone(
+                            found, f"topic not found '{exp_label}' for facet '{name}' -- found items {items}"
+                        )
                         for exp_field in exp_item:
                             self.assertEqual(
                                 exp_item[exp_field], found[exp_field], f"Mismatch item key:{exp_field} facet:{name}"
diff --git a/geonode/settings.py b/geonode/settings.py
index d408093575b..9d6a270f138 100644
--- a/geonode/settings.py
+++ b/geonode/settings.py
@@ -2320,6 +2320,8 @@ def get_geonode_catalogue_service():
 GEONODE_APPS += ("geonode.facets",)
 
 FACET_PROVIDERS = (
+    "geonode.facets.providers.baseinfo.ResourceTypeFacetProvider",
+    "geonode.facets.providers.baseinfo.FeaturedFacetProvider",
     "geonode.facets.providers.category.CategoryFacetProvider",
     "geonode.facets.providers.users.OwnerFacetProvider",
     "geonode.facets.providers.thesaurus.ThesaurusFacetProvider",

From 9c7ba9abd6f41cafc26217f37033b1c25435f7f7 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Thu, 6 Jul 2023 18:11:12 +0200
Subject: [PATCH 056/330] [Fixes #11228] Return supported formats grouped and
 ordered (#11229)

* Return supported formats grouped and ordered

* a more compct solution

* dropped redundant variable

* fix typo

* dropped redundant variable

---------

Co-authored-by: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
---
 geonode/utils.py | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/geonode/utils.py b/geonode/utils.py
index 6a2cee2708b..fc27b9b5647 100755
--- a/geonode/utils.py
+++ b/geonode/utils.py
@@ -1963,7 +1963,24 @@ def get_supported_datasets_file_types():
             supported_types[default_types_id.index(_type.get("id"))] = _type
         else:
             supported_types.extend([_type])
-    return supported_types
+
+    # Order the formats (to support their visualization)
+    formats_order = [("vector", 0), ("raster", 1), ("archive", 2)]
+    ordered_payload = (
+        (weight[1], resource_type)
+        for resource_type in supported_types
+        for weight in formats_order
+        if resource_type.get("format") in weight[0]
+    )
+
+    # Flatten the list
+    ordered_resource_types = [x[1] for x in sorted(ordered_payload, key=lambda x: x[0])]
+    other_resource_types = [
+        resource_type
+        for resource_type in supported_types
+        if resource_type.get("format") is None or resource_type.get("format") not in [f[0] for f in formats_order]
+    ]
+    return ordered_resource_types + other_resource_types
 
 
 def get_allowed_extensions():

From 4a1255fb6a1537838f8d2c626f5c5196d0be32dd Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Fri, 7 Jul 2023 11:49:58 +0200
Subject: [PATCH 057/330] [Fixes #11230] Split and tag base Docker image
 (#11232)

* Aplti and tag base Docker image

* renamed image from master to latest
---
 Dockerfile                            | 51 ++++-----------------------
 scripts/docker/base/ubuntu/Dockerfile | 40 +++++++++++++++++++++
 2 files changed, 46 insertions(+), 45 deletions(-)
 create mode 100644 scripts/docker/base/ubuntu/Dockerfile

diff --git a/Dockerfile b/Dockerfile
index 5d76bb6f25d..c09545fcf3b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,51 +1,15 @@
-FROM ubuntu:22.10
+FROM geonode/geonode-base:latest-ubuntu-22.10
 LABEL GeoNode development team
 
-RUN mkdir -p /usr/src/geonode
-
-## Enable postgresql-client-13
-RUN apt-get update -y && apt-get install curl wget unzip gnupg2 -y
-RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
-# will install python3.10 
-RUN apt-get install lsb-core -y
-RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" |tee  /etc/apt/sources.list.d/pgdg.list
-
-# Prepraing dependencies
-RUN apt-get install -y \
-    libgdal-dev libpq-dev libxml2-dev \
-    libxml2 libxslt1-dev zlib1g-dev libjpeg-dev \
-    libmemcached-dev libldap2-dev libsasl2-dev libffi-dev
-
-RUN apt-get update -y && apt-get install -y --no-install-recommends \
-    gcc zip gettext geoip-bin cron \
-    postgresql-client-13 \
-    python3-all-dev python3-dev \
-    python3-gdal python3-psycopg2 python3-ldap \
-    python3-pip python3-pil python3-lxml \
-    uwsgi uwsgi-plugin-python3 python3-gdbm python-is-python3 gdal-bin
-
-RUN apt-get install -y devscripts build-essential debhelper pkg-kde-tools sharutils
-# RUN git clone https://salsa.debian.org/debian-gis-team/proj.git /tmp/proj
-# RUN cd /tmp/proj && debuild -i -us -uc -b && dpkg -i ../*.deb
-
-# Install pip packages
-RUN pip3 install uwsgi \
-    && pip install pip --upgrade \
-    && pip install pygdal==$(gdal-config --version).* flower==0.9.4
-
-# Activate "memcached"
-RUN apt-get install -y memcached
-RUN pip install sherlock
-
 # add bower and grunt command
 COPY . /usr/src/geonode/
 WORKDIR /usr/src/geonode
 
-COPY monitoring-cron /etc/cron.d/monitoring-cron
-RUN chmod 0644 /etc/cron.d/monitoring-cron
-RUN crontab /etc/cron.d/monitoring-cron
-RUN touch /var/log/cron.log
-RUN service cron start
+#COPY monitoring-cron /etc/cron.d/monitoring-cron
+#RUN chmod 0644 /etc/cron.d/monitoring-cron
+#RUN crontab /etc/cron.d/monitoring-cron
+#RUN touch /var/log/cron.log
+#RUN service cron start
 
 COPY wait-for-databases.sh /usr/bin/wait-for-databases
 RUN chmod +x /usr/bin/wait-for-databases
@@ -67,9 +31,6 @@ RUN chmod +x /usr/bin/celery-cmd
 RUN pip install --upgrade --no-cache-dir  --src /usr/src -r requirements.txt
 RUN pip install --upgrade  -e .
 
-# Cleanup apt update lists
-RUN rm -rf /var/lib/apt/lists/*
-
 # Export ports
 EXPOSE 8000
 
diff --git a/scripts/docker/base/ubuntu/Dockerfile b/scripts/docker/base/ubuntu/Dockerfile
new file mode 100644
index 00000000000..3b36cb6236f
--- /dev/null
+++ b/scripts/docker/base/ubuntu/Dockerfile
@@ -0,0 +1,40 @@
+FROM ubuntu:22.10
+
+RUN mkdir -p /usr/src/geonode
+
+## Enable postgresql-client-13
+RUN apt-get update -y && apt-get install curl wget unzip gnupg2 -y
+RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
+# will install python3.10 
+RUN apt-get install lsb-core -y
+RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" |tee  /etc/apt/sources.list.d/pgdg.list
+
+# Prepraing dependencies
+RUN apt-get install -y \
+    libgdal-dev libpq-dev libxml2-dev \
+    libxml2 libxslt1-dev zlib1g-dev libjpeg-dev \
+    libmemcached-dev libldap2-dev libsasl2-dev libffi-dev
+
+RUN apt-get update -y && apt-get install -y --no-install-recommends \
+    gcc vim zip gettext geoip-bin cron \
+    postgresql-client-13 \
+    python3-all-dev python3-dev \
+    python3-gdal python3-psycopg2 python3-ldap \
+    python3-pip python3-pil python3-lxml \
+    uwsgi uwsgi-plugin-python3 python3-gdbm python-is-python3 gdal-bin
+
+RUN apt-get install -y devscripts build-essential debhelper pkg-kde-tools sharutils
+# RUN git clone https://salsa.debian.org/debian-gis-team/proj.git /tmp/proj
+# RUN cd /tmp/proj && debuild -i -us -uc -b && dpkg -i ../*.deb
+
+# Install pip packages
+RUN pip3 install uwsgi \
+    && pip install pip --upgrade \
+    && pip install pygdal==$(gdal-config --version).* flower==0.9.4
+
+# Activate "memcached"
+RUN apt-get install -y memcached
+RUN pip install sherlock
+
+# Cleanup apt update lists
+RUN rm -rf /var/lib/apt/lists/*

From 0bb04fec4b26ac0b45ddc84d1e65d20489d19a57 Mon Sep 17 00:00:00 2001
From: etj <etj@geo-solutions.it>
Date: Thu, 6 Jul 2023 17:49:15 +0200
Subject: [PATCH 058/330] [Fixes #11101] Faceting: keywords

---
 geonode/facets/models.py            |  1 +
 geonode/facets/providers/keyword.py | 96 +++++++++++++++++++++++++++++
 geonode/facets/tests.py             |  6 +-
 geonode/settings.py                 |  1 +
 4 files changed, 101 insertions(+), 3 deletions(-)
 create mode 100644 geonode/facets/providers/keyword.py

diff --git a/geonode/facets/models.py b/geonode/facets/models.py
index c7f9fbd0813..4beffbb1ac6 100644
--- a/geonode/facets/models.py
+++ b/geonode/facets/models.py
@@ -29,6 +29,7 @@
 FACET_TYPE_THESAURUS = "thesaurus"
 FACET_TYPE_CATEGORY = "category"
 FACET_TYPE_BASE = "base"
+FACET_TYPE_KEYWORD = "keyword"
 
 logger = logging.getLogger(__name__)
 
diff --git a/geonode/facets/providers/keyword.py b/geonode/facets/providers/keyword.py
new file mode 100644
index 00000000000..4a82e9a3dbc
--- /dev/null
+++ b/geonode/facets/providers/keyword.py
@@ -0,0 +1,96 @@
+#########################################################################
+#
+# Copyright (C) 2023 Open Source Geospatial Foundation - all rights reserved
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+
+import logging
+
+from django.db.models import Count
+
+from geonode.base.models import HierarchicalKeyword
+from geonode.facets.models import FacetProvider, DEFAULT_FACET_PAGE_SIZE, FACET_TYPE_KEYWORD
+
+logger = logging.getLogger(__name__)
+
+
+class KeywordFacetProvider(FacetProvider):
+    """
+    Implements faceting for resource's keywords
+    """
+
+    @property
+    def name(self) -> str:
+        return "keyword"
+
+    def get_info(self, lang="en") -> dict:
+        return {
+            "name": self.name,
+            "key": "filter{keywords.slug.in}",
+            "label": "Keyword",
+            "type": FACET_TYPE_KEYWORD,
+            "order": 2,
+        }
+
+    def get_facet_items(
+        self,
+        queryset=None,
+        start: int = 0,
+        end: int = DEFAULT_FACET_PAGE_SIZE,
+        lang="en",
+        topic_contains: str = None,
+    ) -> (int, list):
+        logger.debug("Retrieving facets for %s", self.name)
+
+        q = queryset.values("keywords__slug", "keywords__name").filter(keywords__isnull=False)
+        if topic_contains:
+            q = q.filter(keywords__name=topic_contains)
+        q = q.annotate(count=Count("keywords__slug")).order_by("-count")
+
+        cnt = q.count()
+
+        logger.info("Found %d facets for %s", cnt, self.name)
+        logger.debug(" ---> %s\n\n", q.query)
+        logger.debug(" ---> %r\n\n", q.all())
+
+        topics = [
+            {
+                "key": r["keywords__slug"],
+                "label": r["keywords__name"],
+                "count": r["count"],
+            }
+            for r in q[start:end].all()
+        ]
+
+        return cnt, topics
+
+    def get_topics(self, keys: list, lang="en", **kwargs) -> list:
+        q = HierarchicalKeyword.objects.filter(slug__in=keys).values("slug", "name")
+
+        logger.debug(" ---> %s\n\n", q.query)
+        logger.debug(" ---> %r\n\n", q.all())
+
+        return [
+            {
+                "key": r["slug"],
+                "label": r["name"],
+            }
+            for r in q.all()
+        ]
+
+    @classmethod
+    def register(cls, registry, **kwargs) -> None:
+        registry.register_facet_provider(KeywordFacetProvider())
diff --git a/geonode/facets/tests.py b/geonode/facets/tests.py
index 156c4908e50..cc6d9a8e0ec 100644
--- a/geonode/facets/tests.py
+++ b/geonode/facets/tests.py
@@ -166,9 +166,9 @@ def test_facets_base(self):
         obj = json.loads(res.content)
         self.assertIn("facets", obj)
         facets_list = obj["facets"]
-        self.assertEqual(7, len(facets_list))
+        self.assertEqual(8, len(facets_list))
         fmap = self._facets_to_map(facets_list)
-        for name in ("category", "owner", "t_0", "t_1", "featured", "resourcetype"):
+        for name in ("category", "owner", "t_0", "t_1", "featured", "resourcetype", "keyword"):
             self.assertIn(name, fmap)
 
     def test_facets_rich(self):
@@ -186,7 +186,7 @@ def test_facets_rich(self):
         obj = json.loads(res.content)
 
         facets_list = obj["facets"]
-        self.assertEqual(7, len(facets_list))
+        self.assertEqual(8, len(facets_list))
         fmap = self._facets_to_map(facets_list)
         for expected in (
             {
diff --git a/geonode/settings.py b/geonode/settings.py
index 9d6a270f138..8afedc72c17 100644
--- a/geonode/settings.py
+++ b/geonode/settings.py
@@ -2323,6 +2323,7 @@ def get_geonode_catalogue_service():
     "geonode.facets.providers.baseinfo.ResourceTypeFacetProvider",
     "geonode.facets.providers.baseinfo.FeaturedFacetProvider",
     "geonode.facets.providers.category.CategoryFacetProvider",
+    "geonode.facets.providers.keyword.KeywordFacetProvider",
     "geonode.facets.providers.users.OwnerFacetProvider",
     "geonode.facets.providers.thesaurus.ThesaurusFacetProvider",
     "geonode.facets.providers.region.RegionFacetProvider",

From 7ba0ed203c89f0baa092f96f464e1df902fc86f5 Mon Sep 17 00:00:00 2001
From: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Mon, 10 Jul 2023 11:57:37 +0200
Subject: [PATCH 059/330] GNIP 94: Generic and pluggable OIDC SocialAccount
 Provider for GeoNode (#11218)

Documentation available here: https://github.com/GeoNode/documentation/pull/277
---
 .circleci/config.yml                          |   2 +-
 .env_test                                     |   3 +
 geonode/groups/models.py                      |  40 ++-
 geonode/messaging/notifications.py            |  15 +-
 geonode/people/adapters.py                    |  75 ++++++
 geonode/people/profileextractors.py           |  14 +-
 geonode/people/socialaccount/__init__.py      |  18 ++
 .../socialaccount/providers/__init__.py       |  18 ++
 .../geonode_openid_connect/__init__.py        |  18 ++
 .../geonode_openid_connect/provider.py        |  94 +++++++
 .../providers/geonode_openid_connect/tests.py | 230 ++++++++++++++++++
 .../providers/geonode_openid_connect/urls.py  |  24 ++
 .../providers/geonode_openid_connect/views.py |  30 +++
 geonode/settings.py                           | 102 ++++----
 geonode/utils.py                              |  19 +-
 pavement.py                                   |   4 +-
 16 files changed, 639 insertions(+), 67 deletions(-)
 create mode 100644 geonode/people/socialaccount/__init__.py
 create mode 100644 geonode/people/socialaccount/providers/__init__.py
 create mode 100644 geonode/people/socialaccount/providers/geonode_openid_connect/__init__.py
 create mode 100644 geonode/people/socialaccount/providers/geonode_openid_connect/provider.py
 create mode 100644 geonode/people/socialaccount/providers/geonode_openid_connect/tests.py
 create mode 100644 geonode/people/socialaccount/providers/geonode_openid_connect/urls.py
 create mode 100644 geonode/people/socialaccount/providers/geonode_openid_connect/views.py

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 79ebd63c91b..60cfd1c921e 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -108,7 +108,7 @@ workflows:
           name: geonode_test_suite
           load_docker_cache: false
           save_docker_cache: false
-          test_suite: ./test.sh $(python -c "import sys;from geonode import settings;sys.stdout.write('\'' '\''.join([a+'\''.tests'\'' for a in settings.GEONODE_APPS if '\''security'\'' not in a and '\''geoserver'\'' not in a]))") geonode.thumbs.tests geonode.people.tests
+          test_suite: ./test.sh $(python -c "import sys;from geonode import settings;sys.stdout.write('\'' '\''.join([a+'\''.tests'\'' for a in settings.GEONODE_APPS if '\''security'\'' not in a and '\''geoserver'\'' not in a]))") geonode.thumbs.tests geonode.people.tests geonode.people.socialaccount.providers.geonode_openid_connect.tests
       - build:
           name: geonode_test_security
           load_docker_cache: false
diff --git a/.env_test b/.env_test
index 78eebee94cb..a728f8fd4d1 100644
--- a/.env_test
+++ b/.env_test
@@ -157,6 +157,9 @@ OAUTH2_API_KEY=
 OAUTH2_CLIENT_ID=Jrchz2oPY3akmzndmgUTYrs9gczlgoV20YPSvqaV
 OAUTH2_CLIENT_SECRET=rCnp5txobUo83EpQEblM8fVj3QT5zb5qRfxNsuPzCqZaiRyIoxM4jdgMiZKFfePBHYXCLd7B8NlkfDBY9HKeIQPcy5Cp08KQNpRHQbjpLItDHv12GvkSeXp6OxaUETv3
 
+SOCIALACCOUNT_OIDC_PROVIDER_ENABLED=True
+SOCIALACCOUNT_PROVIDER=google
+
 # GeoNode APIs
 API_LOCKDOWN=False
 TASTYPIE_APIKEY=
diff --git a/geonode/groups/models.py b/geonode/groups/models.py
index 373d683d40c..59ae6f61392 100644
--- a/geonode/groups/models.py
+++ b/geonode/groups/models.py
@@ -32,6 +32,7 @@
 from django.contrib.auth.models import Group
 from django.templatetags.static import static
 from django.contrib.auth import get_user_model
+from django.core.exceptions import ObjectDoesNotExist
 from django.utils.translation import ugettext_lazy as _
 
 from geonode.utils import build_absolute_uri
@@ -190,26 +191,43 @@ def can_view(self, user):
         else:
             return True
 
-    def join(self, user, **kwargs):
+    def validate_user(self, user):
         if not user or user.is_anonymous or user == user.get_anonymous():
             raise ValueError("The invited user cannot be anonymous")
-        _members = GroupMember.objects.filter(group=self, user=user)
-        if not _members.count():
-            GroupMember.objects.get_or_create(group=self, user=user, defaults=kwargs)
-        else:
+
+    def join(self, user, **kwargs):
+        self.validate_user(user)
+        try:
+            GroupMember.objects.get(group=self, user=user)
             logger.warning(f'The invited user "{user.username}" is already a member')
+        except ObjectDoesNotExist:
+            GroupMember.objects.create(group=self, user=user, **kwargs)
 
     def leave(self, user, **kwargs):
-        if not user or user.is_anonymous or user == user.get_anonymous():
-            raise ValueError("The invited user cannot be anonymous")
+        self.validate_user(user)
         _members = GroupMember.objects.filter(group=self, user=user)
-        if _members.count():
-            for _member in _members:
-                _member.delete()
-                user.groups.remove(self.group)
+        if _members.exists():
+            _members.delete()
+            user.groups.remove(self.group)
         else:
             logger.warning(f'The invited user "{user.username}" is not a member')
 
+    def promote(self, user, **kwargs):
+        self.validate_user(user)
+        try:
+            _member = GroupMember.objects.get(group=self, user=user)
+            _member.promote()
+        except ObjectDoesNotExist:
+            logger.warning(f'The invited user "{user.username}" is not a member')
+
+    def demote(self, user, **kwargs):
+        self.validate_user(user)
+        try:
+            _member = GroupMember.objects.get(group=self, user=user)
+            _member.demote()
+        except ObjectDoesNotExist:
+            logger.warning(f'The invited user "{user.username}" is not a member')
+
     def get_absolute_url(self):
         return reverse(
             "group_detail",
diff --git a/geonode/messaging/notifications.py b/geonode/messaging/notifications.py
index 763cf05371e..00d3135c1a1 100644
--- a/geonode/messaging/notifications.py
+++ b/geonode/messaging/notifications.py
@@ -38,13 +38,14 @@ def message_received_notification(**kwargs):
     recipients = _get_user_to_notify(message)
 
     # Enable email notifications for reciepients
-    for user in recipients:
-        notifications.models.NoticeSetting.objects.get_or_create(
-            notice_type=notifications.models.NoticeType.objects.get(label=notice_type_label),
-            send=True,
-            user=user,
-            medium=0,
-        )
+    if notifications:
+        for user in recipients:
+            notifications.models.NoticeSetting.objects.get_or_create(
+                notice_type=notifications.models.NoticeType.objects.get(label=notice_type_label),
+                send=True,
+                user=user,
+                medium=0,
+            )
 
     ctx = {
         "message": message.content,
diff --git a/geonode/people/adapters.py b/geonode/people/adapters.py
index bb290e11feb..a322562d19a 100644
--- a/geonode/people/adapters.py
+++ b/geonode/people/adapters.py
@@ -25,12 +25,15 @@
 """
 
 import logging
+import jwt
+import requests
 
 from allauth.account.adapter import DefaultAccountAdapter
 from allauth.account.utils import user_field
 from allauth.account.utils import user_email
 from allauth.account.utils import user_username
 from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
+from allauth.socialaccount.providers.oauth2.views import OAuth2Adapter, OAuth2Error
 
 from invitations.adapters import BaseInvitationsAdapter
 
@@ -222,3 +225,75 @@ def _site_allows_signup(django_request):
 
 def _respond_inactive_user(user):
     return HttpResponseRedirect(reverse("moderator_contacted", kwargs={"inactive_user": user.id}))
+
+
+PROVIDER_ID = getattr(settings, "SOCIALACCOUNT_OIDC_PROVIDER", "geonode_openid_connect")
+
+ACCESS_TOKEN_URL = getattr(settings, "SOCIALACCOUNT_PROVIDERS", {}).get(PROVIDER_ID, {}).get("ACCESS_TOKEN_URL", "")
+
+AUTHORIZE_URL = getattr(settings, "SOCIALACCOUNT_PROVIDERS", {}).get(PROVIDER_ID, {}).get("AUTHORIZE_URL", "")
+
+PROFILE_URL = getattr(settings, "SOCIALACCOUNT_PROVIDERS", {}).get(PROVIDER_ID, {}).get("PROFILE_URL", "")
+
+ID_TOKEN_ISSUER = getattr(settings, "SOCIALACCOUNT_PROVIDERS", {}).get(PROVIDER_ID, {}).get("ID_TOKEN_ISSUER", "")
+
+
+class GenericOpenIDConnectAdapter(OAuth2Adapter, SocialAccountAdapter):
+    provider_id = PROVIDER_ID
+    access_token_url = ACCESS_TOKEN_URL
+    authorize_url = AUTHORIZE_URL
+    profile_url = PROFILE_URL
+    id_token_issuer = ID_TOKEN_ISSUER
+
+    def complete_login(self, request, app, token, response, **kwargs):
+        extra_data = {}
+        if self.profile_url:
+            headers = {"Authorization": "Bearer {0}".format(token.token)}
+            resp = requests.get(self.profile_url, headers=headers)
+            profile_data = resp.json()
+            extra_data.update(profile_data)
+        elif "id_token" in response:
+            try:
+                extra_data = jwt.decode(
+                    response["id_token"],
+                    # Since the token was received by direct communication
+                    # protected by TLS between this library and Google, we
+                    # are allowed to skip checking the token signature
+                    # according to the OpenID Connect Core 1.0
+                    # specification.
+                    # https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
+                    options={
+                        "verify_signature": False,
+                        "verify_iss": True,
+                        "verify_aud": True,
+                        "verify_exp": True,
+                    },
+                    issuer=self.id_token_issuer,
+                    audience=app.client_id,
+                )
+            except jwt.PyJWTError as e:
+                raise OAuth2Error("Invalid id_token") from e
+        login = self.get_provider().sociallogin_from_response(request, extra_data)
+        return login
+
+    def save_user(self, request, sociallogin, form=None):
+        user = super(SocialAccountAdapter, self).save_user(request, sociallogin, form=form)
+        extractor = get_data_extractor(sociallogin.account.provider)
+        try:
+            groups = extractor.extract_groups(sociallogin.account.extra_data) or extractor.extract_roles(
+                sociallogin.account.extra_data
+            )
+            is_manager = extractor.extract_is_manager(sociallogin.account.extra_data)
+
+            # check here if user is member already of other groups and remove it form the ones that are not declared here...
+            for groupprofile in user.group_list_all():
+                groupprofile.leave(user)
+            for group_name in groups:
+                groupprofile = GroupProfile.objects.filter(slug=group_name).first()
+                if groupprofile:
+                    groupprofile.join(user)
+                    if is_manager:
+                        groupprofile.promote()
+        except (AttributeError, NotImplementedError):
+            pass  # extractor doesn't define a method for extracting field
+        return user
diff --git a/geonode/people/profileextractors.py b/geonode/people/profileextractors.py
index e6411c3d267..2bf7fa12e51 100644
--- a/geonode/people/profileextractors.py
+++ b/geonode/people/profileextractors.py
@@ -127,6 +127,13 @@ def _extract_field(self, name, data):
         return result
 
 
+PROVIDER_ID = getattr(settings, "SOCIALACCOUNT_OIDC_PROVIDER", "geonode_openid_connect")
+
+IS_MANAGER_FIELD = (
+    getattr(settings, "SOCIALACCOUNT_PROVIDERS", {}).get(PROVIDER_ID, {}).get("IS_MANAGER_FIELD", "is_manager")
+)
+
+
 class OpenIDExtractor(BaseExtractor):
     def extract_email(self, data):
         return data.get("email", "")
@@ -182,14 +189,17 @@ def extract_organization(self, data):
     def extract_voice(self, data):
         return data.get("phone", "")
 
+    def extract_keywords(self, data):
+        return data.get("keywords", "")
+
     def extract_groups(self, data):
         return data.get("groups", "")
 
     def extract_roles(self, data):
         return data.get("roles", "")
 
-    def extract_keywords(self, data):
-        return data.get("keywords", "")
+    def extract_is_manager(self, data):
+        return data.get(IS_MANAGER_FIELD, "")
 
 
 def _get_latest_position(data):
diff --git a/geonode/people/socialaccount/__init__.py b/geonode/people/socialaccount/__init__.py
new file mode 100644
index 00000000000..da86ef5219a
--- /dev/null
+++ b/geonode/people/socialaccount/__init__.py
@@ -0,0 +1,18 @@
+#########################################################################
+#
+# Copyright (C) 2023 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
diff --git a/geonode/people/socialaccount/providers/__init__.py b/geonode/people/socialaccount/providers/__init__.py
new file mode 100644
index 00000000000..da86ef5219a
--- /dev/null
+++ b/geonode/people/socialaccount/providers/__init__.py
@@ -0,0 +1,18 @@
+#########################################################################
+#
+# Copyright (C) 2023 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
diff --git a/geonode/people/socialaccount/providers/geonode_openid_connect/__init__.py b/geonode/people/socialaccount/providers/geonode_openid_connect/__init__.py
new file mode 100644
index 00000000000..da86ef5219a
--- /dev/null
+++ b/geonode/people/socialaccount/providers/geonode_openid_connect/__init__.py
@@ -0,0 +1,18 @@
+#########################################################################
+#
+# Copyright (C) 2023 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
diff --git a/geonode/people/socialaccount/providers/geonode_openid_connect/provider.py b/geonode/people/socialaccount/providers/geonode_openid_connect/provider.py
new file mode 100644
index 00000000000..329ba3c4bf3
--- /dev/null
+++ b/geonode/people/socialaccount/providers/geonode_openid_connect/provider.py
@@ -0,0 +1,94 @@
+#########################################################################
+#
+# Copyright (C) 2023 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+
+"""Custom account providers for django-allauth.
+
+These are used in order to extend the default authorization provided by
+django-allauth.
+
+"""
+from django.conf import settings
+
+from geonode.utils import import_class_module
+
+from allauth.account.models import EmailAddress
+from allauth.socialaccount.providers.base import AuthAction, ProviderAccount
+from allauth.socialaccount.providers.oauth2.provider import OAuth2Provider
+
+PROVIDER_ID = getattr(settings, "SOCIALACCOUNT_OIDC_PROVIDER", "geonode_openid_connect")
+
+
+class GenericOpenIDConnectProviderAccount(ProviderAccount):
+    def to_str(self):
+        dflt = super(GenericOpenIDConnectProviderAccount, self).to_str()
+        return self.account.extra_data.get("name", dflt)
+
+
+class GenericOpenIDConnectProvider(OAuth2Provider):
+    id = "geonode_openid_connect"
+    name = getattr(settings, "SOCIALACCOUNT_PROVIDERS", {}).get(PROVIDER_ID, {}).get("NAME", "GeoNode OpenIDConnect")
+    account_class = import_class_module(
+        getattr(settings, "SOCIALACCOUNT_PROVIDERS", {})
+        .get(PROVIDER_ID, {})
+        .get(
+            "ACCOUNT_CLASS",
+            "geonode.people.socialaccount.providers.geonode_openid_connect.provider.GenericOpenIDConnectProviderAccount",
+        )
+    )
+
+    def get_default_scope(self):
+        scope = getattr(settings, "SOCIALACCOUNT_PROVIDERS", {}).get(PROVIDER_ID, {}).get("SCOPE", "")
+        return scope
+
+    def get_auth_params(self, request, action):
+        ret = super(GenericOpenIDConnectProvider, self).get_auth_params(request, action)
+        if action == AuthAction.REAUTHENTICATE:
+            ret["prompt"] = (
+                getattr(settings, "SOCIALACCOUNT_PROVIDERS", {})
+                .get(PROVIDER_ID, {})
+                .get("AUTH_PARAMS", {})
+                .get("prompt", "")
+            )
+        return ret
+
+    def extract_uid(self, data):
+        return data.get("sub", data.get("id"))
+
+    def extract_common_fields(self, data):
+        _common_fields = getattr(settings, "SOCIALACCOUNT_PROVIDERS", {}).get(PROVIDER_ID, {}).get("COMMON_FIELDS", {})
+        __common_fields_data = {}
+        for _common_field in _common_fields:
+            __common_fields_data[_common_field] = data.get(_common_fields.get(_common_field), "")
+        return __common_fields_data
+
+    def extract_email_addresses(self, data):
+        addresses = []
+        email = data.get("email")
+        if email:
+            addresses.append(
+                EmailAddress(
+                    email=email,
+                    verified=data.get("email_verified", False),
+                    primary=True,
+                )
+            )
+        return addresses
+
+
+provider_classes = [GenericOpenIDConnectProvider]
diff --git a/geonode/people/socialaccount/providers/geonode_openid_connect/tests.py b/geonode/people/socialaccount/providers/geonode_openid_connect/tests.py
new file mode 100644
index 00000000000..29373c2fd93
--- /dev/null
+++ b/geonode/people/socialaccount/providers/geonode_openid_connect/tests.py
@@ -0,0 +1,230 @@
+#########################################################################
+#
+# Copyright (C) 2023 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+from __future__ import absolute_import, unicode_literals
+
+import json
+from datetime import datetime, timedelta
+from importlib import import_module
+
+from django.conf import settings
+from django.core import mail
+from django.test.client import RequestFactory
+from django.test.utils import override_settings
+from django.urls import reverse
+from django.contrib.auth import get_user_model
+
+from allauth.account import app_settings as account_settings
+from allauth.account.adapter import get_adapter
+from allauth.account.models import EmailAddress, EmailConfirmation
+from allauth.account.signals import user_signed_up
+
+# from allauth.socialaccount.models import SocialAccount
+from allauth.socialaccount.providers.apple.client import jwt_encode
+from allauth.socialaccount.tests import OAuth2TestsMixin
+from allauth.tests import TestCase
+
+
+@override_settings(
+    SOCIALACCOUNT_OIDC_PROVIDER_ENABLED=True,
+    SOCIALACCOUNT_AUTO_SIGNUP=True,
+    ACCOUNT_SIGNUP_FORM_CLASS=None,
+    ACCOUNT_EMAIL_VERIFICATION=account_settings.EmailVerificationMethod.MANDATORY,
+)
+class GoogleTests(OAuth2TestsMixin, TestCase):
+    provider_id = "geonode_openid_connect"
+
+    def setUp(self):
+        super().setUp()
+        self.email = "raymond.penners@example.com"
+        self.identity_overwrites = {}
+
+    def get_google_id_token_payload(self):
+        now = datetime.utcnow()
+        client_id = "app123id"  # Matches `setup_app`
+        payload = {
+            "iss": "https://accounts.google.com",
+            "azp": client_id,
+            "aud": client_id,
+            "sub": "108204268033311374519",
+            "hd": "example.com",
+            "email": self.email,
+            "email_verified": True,
+            "at_hash": "HK6E_P6Dh8Y93mRNtsDB1Q",
+            "name": "Raymond Penners",
+            "picture": "https://lh5.googleusercontent.com/photo.jpg",
+            "given_name": "Raymond",
+            "family_name": "Penners",
+            "locale": "en",
+            "iat": now,
+            "exp": now + timedelta(hours=1),
+        }
+        payload.update(self.identity_overwrites)
+        return payload
+
+    def get_login_response_json(self, with_refresh_token=True):
+        data = {
+            "access_token": "testac",
+            "expires_in": 3600,
+            "scope": "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile openid",
+            "token_type": "Bearer",
+            "id_token": jwt_encode(self.get_google_id_token_payload(), "secret"),
+        }
+        return json.dumps(data)
+
+    @override_settings(SOCIALACCOUNT_AUTO_SIGNUP=False)
+    def test_login(self):
+        resp = self.login(resp_mock=None)
+        self.assertRedirects(resp, reverse("socialaccount_signup"))
+
+    def test_wrong_id_token_claim_values(self):
+        wrong_claim_values = {
+            "iss": "not-google",
+            "exp": datetime.utcnow() - timedelta(seconds=1),
+            "aud": "foo",
+        }
+        for key, value in wrong_claim_values.items():
+            with self.subTest(key):
+                self.identity_overwrites = {key: value}
+                resp = self.login(resp_mock=None)
+                self.assertTemplateUsed(
+                    resp,
+                    "socialaccount/authentication_error.%s" % getattr(settings, "ACCOUNT_TEMPLATE_EXTENSION", "html"),
+                )
+
+    def test_username_based_on_email(self):
+        self.identity_overwrites = {"given_name": "明", "family_name": "小"}
+        self.login(resp_mock=None)
+        user = get_user_model().objects.get(email=self.email)
+        self.assertEqual(user.username, "raymond.penners")
+
+    def test_email_verified(self):
+        self.identity_overwrites = {"email_verified": True}
+        self.login(resp_mock=None)
+        email_address = EmailAddress.objects.get(email=self.email, verified=True)
+        self.assertFalse(EmailConfirmation.objects.filter(email_address__email=self.email).exists())
+        account = email_address.user.socialaccount_set.all()[0]
+        self.assertEqual(account.extra_data["given_name"], "Raymond")
+
+    def test_user_signed_up_signal(self):
+        sent_signals = []
+
+        def on_signed_up(sender, request, user, **kwargs):
+            sociallogin = kwargs["sociallogin"]
+            self.assertEqual(sociallogin.account.provider, "geonode_openid_connect")
+            self.assertEqual(sociallogin.account.user, user)
+            sent_signals.append(sender)
+
+        user_signed_up.connect(on_signed_up)
+        self.login(resp_mock=None)
+        self.assertTrue(len(sent_signals) > 0)
+
+    @override_settings(ACCOUNT_EMAIL_CONFIRMATION_HMAC=False)
+    def test_email_unverified(self):
+        self.identity_overwrites = {"email_verified": False}
+        resp = self.login(resp_mock=None)
+        email_address = EmailAddress.objects.get(email=self.email)
+        self.assertFalse(email_address.verified)
+        self.assertTrue(EmailConfirmation.objects.filter(email_address__email=self.email).exists())
+        self.assertTemplateUsed(resp, "account/email/email_confirmation_signup_subject.txt")
+
+    def test_email_verified_stashed(self):
+        # http://slacy.com/blog/2012/01/how-to-set-session-variables-in-django-unit-tests/
+        engine = import_module(settings.SESSION_ENGINE)
+        store = engine.SessionStore()
+        store.save()
+        self.client.cookies[settings.SESSION_COOKIE_NAME] = store.session_key
+        request = RequestFactory().get("/")
+        request.session = self.client.session
+        adapter = get_adapter(request)
+        adapter.stash_verified_email(request, self.email)
+        request.session.save()
+
+        self.identity_overwrites = {"email_verified": False}
+        self.login(resp_mock=None)
+        email_address = EmailAddress.objects.get(email=self.email)
+        self.assertTrue(email_address.verified)
+        self.assertFalse(EmailConfirmation.objects.filter(email_address__email=self.email).exists())
+
+    def test_account_connect(self):
+        email = "user@example.com"
+        user = get_user_model().objects.create(username="user", is_active=True, email=email)
+        user.set_password("test")
+        user.save()
+        EmailAddress.objects.create(user=user, email=email, primary=True, verified=True)
+        self.client.login(username=user.username, password="test")
+        self.identity_overwrites = {"email": email, "email_verified": True}
+        self.login(resp_mock=None, process="connect")
+        # Check if we connected...
+        # self.assertTrue(SocialAccount.objects.filter(user=user, provider="geonode_openid_connect").exists())
+        # For now, we do not pick up any new e-mail addresses on connect
+        self.assertEqual(EmailAddress.objects.filter(user=user).count(), 1)
+        self.assertEqual(EmailAddress.objects.filter(user=user, email=email).count(), 1)
+
+    @override_settings(
+        ACCOUNT_EMAIL_VERIFICATION=account_settings.EmailVerificationMethod.MANDATORY,
+        SOCIALACCOUNT_EMAIL_VERIFICATION=account_settings.EmailVerificationMethod.NONE,
+    )
+    def test_social_email_verification_skipped(self):
+        self.identity_overwrites = {"email_verified": False}
+        self.login(resp_mock=None)
+        email_address = EmailAddress.objects.get(email=self.email)
+        self.assertFalse(email_address.verified)
+        self.assertFalse(EmailConfirmation.objects.filter(email_address__email=self.email).exists())
+
+    @override_settings(
+        ACCOUNT_EMAIL_VERIFICATION=account_settings.EmailVerificationMethod.OPTIONAL,
+        SOCIALACCOUNT_EMAIL_VERIFICATION=account_settings.EmailVerificationMethod.OPTIONAL,
+    )
+    def test_social_email_verification_optional(self):
+        self.identity_overwrites = {"email_verified": False}
+        self.login(resp_mock=None)
+        self.assertEqual(len(mail.outbox), 1)
+        self.login(resp_mock=None)
+        self.assertEqual(len(mail.outbox), 1)
+
+
+@override_settings(
+    SOCIALACCOUNT_OIDC_PROVIDER_ENABLED=True,
+    SOCIALACCOUNT_PROVIDERS={
+        "geonode_openid_connect": {
+            "NAME": "Google",
+            "SCOPE": [
+                "profile",
+                "email",
+            ],
+            "AUTH_PARAMS": {
+                "access_type": "online",
+                "prompt": "select_account consent",
+            },
+            "COMMON_FIELDS": {"email": "email", "last_name": "family_name", "first_name": "given_name"},
+            "IS_MANAGER_FIELD": "is_manager",
+            "ACCOUNT_CLASS": "allauth.socialaccount.providers.google.provider.GoogleAccount",
+            "ACCESS_TOKEN_URL": "https://oauth2.googleapis.com/token",
+            "AUTHORIZE_URL": "https://accounts.google.com/o/oauth2/v2/auth",
+            "ID_TOKEN_ISSUER": "https://accounts.google.com",
+            "OAUTH_PKCE_ENABLED": True,
+        }
+    },
+)
+class AppInSettingsTests(GoogleTests):
+    """
+    Run the same set of tests but without having a SocialApp entry.
+    """
+
+    pass
diff --git a/geonode/people/socialaccount/providers/geonode_openid_connect/urls.py b/geonode/people/socialaccount/providers/geonode_openid_connect/urls.py
new file mode 100644
index 00000000000..daa5ff7d752
--- /dev/null
+++ b/geonode/people/socialaccount/providers/geonode_openid_connect/urls.py
@@ -0,0 +1,24 @@
+#########################################################################
+#
+# Copyright (C) 2023 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+from allauth.socialaccount.providers.oauth2.urls import default_urlpatterns
+
+from geonode.people.socialaccount.providers.geonode_openid_connect.provider import GenericOpenIDConnectProvider
+
+
+urlpatterns = default_urlpatterns(GenericOpenIDConnectProvider)
diff --git a/geonode/people/socialaccount/providers/geonode_openid_connect/views.py b/geonode/people/socialaccount/providers/geonode_openid_connect/views.py
new file mode 100644
index 00000000000..c009c52b95c
--- /dev/null
+++ b/geonode/people/socialaccount/providers/geonode_openid_connect/views.py
@@ -0,0 +1,30 @@
+#########################################################################
+#
+# Copyright (C) 2023 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+from django.conf import settings
+
+from geonode.utils import import_class_module
+
+from allauth.socialaccount.providers.oauth2.views import (
+    OAuth2CallbackView,
+    OAuth2LoginView,
+)
+
+
+oauth2_login = OAuth2LoginView.adapter_view(import_class_module(settings.SOCIALACCOUNT_ADAPTER))
+oauth2_callback = OAuth2CallbackView.adapter_view(import_class_module(settings.SOCIALACCOUNT_ADAPTER))
diff --git a/geonode/settings.py b/geonode/settings.py
index 8afedc72c17..14b58fec600 100644
--- a/geonode/settings.py
+++ b/geonode/settings.py
@@ -26,7 +26,6 @@
 import dj_database_url
 from schema import Optional
 from datetime import timedelta
-from distutils.util import strtobool  # noqa
 from urllib.parse import urlparse, urljoin
 
 #
@@ -1956,56 +1955,73 @@ def get_geonode_catalogue_service():
 ACCOUNT_LOGIN_ATTEMPTS_LIMIT = int(os.getenv("ACCOUNT_LOGIN_ATTEMPTS_LIMIT", "3"))
 ACCOUNT_MAX_EMAIL_ADDRESSES = int(os.getenv("ACCOUNT_MAX_EMAIL_ADDRESSES", "2"))
 
-SOCIALACCOUNT_ADAPTER = "geonode.people.adapters.SocialAccountAdapter"
 SOCIALACCOUNT_AUTO_SIGNUP = ast.literal_eval(os.environ.get("SOCIALACCOUNT_AUTO_SIGNUP", "True"))
+SOCIALACCOUNT_LOGIN_ON_GET = ast.literal_eval(os.environ.get("SOCIALACCOUNT_LOGIN_ON_GET", "True"))
 # This will hide or show local registration form in allauth view. True will show form
-SOCIALACCOUNT_WITH_GEONODE_LOCAL_SINGUP = strtobool(os.environ.get("SOCIALACCOUNT_WITH_GEONODE_LOCAL_SINGUP", "True"))
+SOCIALACCOUNT_WITH_GEONODE_LOCAL_SINGUP = ast.literal_eval(
+    os.environ.get("SOCIALACCOUNT_WITH_GEONODE_LOCAL_SINGUP", "True")
+)
 
-# Uncomment this to enable Linkedin and Facebook login
-# INSTALLED_APPS += (
-#    'allauth.socialaccount.providers.linkedin_oauth2',
-#    'allauth.socialaccount.providers.facebook',
-# )
+# GeoNode Default Generic OIDC Provider
 
-SOCIALACCOUNT_PROVIDERS = {
-    "linkedin_oauth2": {
-        "SCOPE": [
-            "r_emailaddress",
-            "r_liteprofile",
-        ],
-        "PROFILE_FIELDS": [
-            "id",
-            "email-address",
-            "first-name",
-            "last-name",
-            "picture-url",
-            "public-profile-url",
-        ],
+SOCIALACCOUNT_OIDC_PROVIDER = os.environ.get("SOCIALACCOUNT_OIDC_PROVIDER", "geonode_openid_connect")
+SOCIALACCOUNT_OIDC_PROVIDER_ENABLED = ast.literal_eval(os.environ.get("SOCIALACCOUNT_OIDC_PROVIDER_ENABLED", "False"))
+SOCIALACCOUNT_ADAPTER = os.environ.get("SOCIALACCOUNT_ADAPTER", "geonode.people.adapters.GenericOpenIDConnectAdapter")
+
+# Enable this in order to enable the OIDC SocialAccount Provider
+if SOCIALACCOUNT_OIDC_PROVIDER_ENABLED:
+    INSTALLED_APPS += ("geonode.people.socialaccount.providers.geonode_openid_connect",)
+
+_AZURE_TENANT_ID = os.getenv("MICROSOFT_TENANT_ID", "")
+_AZURE_SOCIALACCOUNT_PROVIDER = {
+    "NAME": "Microsoft Azure",
+    "SCOPE": [
+        "User.Read",
+        "openid",
+    ],
+    "AUTH_PARAMS": {
+        "access_type": "online",
+        "prompt": "select_account",
     },
-    "facebook": {
-        "METHOD": "oauth2",
-        "SCOPE": [
-            "email",
-            "public_profile",
-        ],
-        "FIELDS": [
-            "id",
-            "email",
-            "name",
-            "first_name",
-            "last_name",
-            "verified",
-            "locale",
-            "timezone",
-            "link",
-            "gender",
-        ],
+    "COMMON_FIELDS": {"email": "mail", "last_name": "surname", "first_name": "givenName"},
+    "IS_MANAGER_FIELD": "is_manager",
+    "ACCOUNT_CLASS": "allauth.socialaccount.providers.azure.provider.AzureAccount",
+    "ACCESS_TOKEN_URL": f"https://login.microsoftonline.com/{_AZURE_TENANT_ID}/oauth2/v2.0/token",
+    "AUTHORIZE_URL": f"https://login.microsoftonline.com/{_AZURE_TENANT_ID}/oauth2/v2.0/authorize",
+    "PROFILE_URL": "https://graph.microsoft.com/v1.0/me",
+}
+
+_GOOGLE_SOCIALACCOUNT_PROVIDER = {
+    "NAME": "Google",
+    "SCOPE": [
+        "profile",
+        "email",
+    ],
+    "AUTH_PARAMS": {
+        "access_type": "online",
+        "prompt": "select_account consent",
     },
+    "COMMON_FIELDS": {"email": "email", "last_name": "family_name", "first_name": "given_name"},
+    "IS_MANAGER_FIELD": "is_manager",
+    "ACCOUNT_CLASS": "allauth.socialaccount.providers.google.provider.GoogleAccount",
+    "ACCESS_TOKEN_URL": "https://oauth2.googleapis.com/token",
+    "AUTHORIZE_URL": "https://accounts.google.com/o/oauth2/v2/auth",
+    "ID_TOKEN_ISSUER": "https://accounts.google.com",
+    "OAUTH_PKCE_ENABLED": True,
+}
+
+SOCIALACCOUNT_PROVIDERS_DEFS = {"azure": _AZURE_SOCIALACCOUNT_PROVIDER, "google": _GOOGLE_SOCIALACCOUNT_PROVIDER}
+
+_SOCIALACCOUNT_PROVIDER = os.environ.get("SOCIALACCOUNT_PROVIDER", "google")
+SOCIALACCOUNT_PROVIDERS = {
+    SOCIALACCOUNT_OIDC_PROVIDER: SOCIALACCOUNT_PROVIDERS_DEFS.get(_SOCIALACCOUNT_PROVIDER),
 }
 
+_SOCIALACCOUNT_PROFILE_EXTRACTOR = os.environ.get(
+    "SOCIALACCOUNT_PROFILE_EXTRACTOR", "geonode.people.profileextractors.OpenIDExtractor"
+)
 SOCIALACCOUNT_PROFILE_EXTRACTORS = {
-    "facebook": "geonode.people.profileextractors.FacebookExtractor",
-    "linkedin_oauth2": "geonode.people.profileextractors.LinkedInExtractor",
+    SOCIALACCOUNT_OIDC_PROVIDER: _SOCIALACCOUNT_PROFILE_EXTRACTOR,
 }
 
 INVITATIONS_ADAPTER = ACCOUNT_ADAPTER
@@ -2117,7 +2133,7 @@ def get_geonode_catalogue_service():
 
 GEOIP_PATH = os.getenv("GEOIP_PATH", os.path.join(PROJECT_ROOT, "GeoIPCities.dat"))
 # This controls if tastypie search on resourches is performed only with titles
-SEARCH_RESOURCES_EXTENDED = strtobool(os.getenv("SEARCH_RESOURCES_EXTENDED", "True"))
+SEARCH_RESOURCES_EXTENDED = ast.literal_eval(os.getenv("SEARCH_RESOURCES_EXTENDED", "True"))
 # -- END Settings for MONITORING plugin
 
 CATALOG_METADATA_TEMPLATE = os.getenv("CATALOG_METADATA_TEMPLATE", "catalogue/full_metadata.xml")
diff --git a/geonode/utils.py b/geonode/utils.py
index fc27b9b5647..6d541926ba1 100755
--- a/geonode/utils.py
+++ b/geonode/utils.py
@@ -17,7 +17,6 @@
 #
 #########################################################################
 
-import itertools
 import os
 import gc
 import re
@@ -34,6 +33,8 @@
 import datetime
 import requests
 import tempfile
+import importlib
+import itertools
 import traceback
 import subprocess
 
@@ -2005,3 +2006,19 @@ def safe_path_leaf(path):
             f"The provided path '{path}' is not safe. The file is outside the MEDIA_ROOT '{base_path}' base path!"
         )
     return fullpath
+
+
+def import_class_module(full_class_string):
+    """
+    Dynamically load a class from a string
+
+    >>> klass = load_class("module.submodule.ClassName")
+    >>> klass2 = load_class("myfile.Class2")
+    """
+    try:
+        module_path, class_name = full_class_string.rsplit(".", 1)
+        module = importlib.import_module(module_path)
+        class_obj = getattr(module, class_name)
+        return class_obj
+    except Exception:
+        return None
diff --git a/pavement.py b/pavement.py
index 8ef01a09492..f27d9d3c5de 100644
--- a/pavement.py
+++ b/pavement.py
@@ -521,7 +521,7 @@ def start_django(options):
     bind = options.get("bind", "0.0.0.0:8000")
     port = bind.split(":")[1]
     foreground = "" if options.get("foreground", False) else "&"
-    sh(f"{settings} python -W ignore manage.py runserver --nostatic {bind} {foreground}")
+    sh(f"{settings} python -W ignore manage.py runserver {bind} {foreground}")
 
     if ASYNC_SIGNALS:
         sh(
@@ -784,7 +784,7 @@ def test_integration(options):
                 foreground = "" if options.get("foreground", False) else "&"
                 sh(f"DJANGO_SETTINGS_MODULE={settings} python -W ignore manage.py runmessaging {foreground}")
                 sh(
-                    f"DJANGO_SETTINGS_MODULE={settings} python -W ignore manage.py runserver --nostatic {bind} {foreground}"
+                    f"DJANGO_SETTINGS_MODULE={settings} python -W ignore manage.py runserver {bind} {foreground}"
                 )
                 sh("sleep 30")
                 settings = f"REUSE_DB=1 DJANGO_SETTINGS_MODULE={settings}"

From 892f4f4467200e0e119894bad5ce539bb8e05e50 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Mon, 10 Jul 2023 12:27:53 +0200
Subject: [PATCH 060/330] Docker compose uses the published image (#11238)

---
 docker-compose-dev.yml | 171 +++++++++++++++++++++++++++++++++++++++++
 docker-compose.yml     |   6 +-
 2 files changed, 172 insertions(+), 5 deletions(-)
 create mode 100644 docker-compose-dev.yml

diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml
new file mode 100644
index 00000000000..1ba2fec619f
--- /dev/null
+++ b/docker-compose-dev.yml
@@ -0,0 +1,171 @@
+version: '3.9'
+
+# Common Django template for GeoNode and Celery services below
+x-common-django:
+  &default-common-django
+  image: geonode:local
+  restart: on-failure
+  env_file:
+    - .env
+  volumes:
+    # - '.:/usr/src/geonode'
+    - statics:/mnt/volumes/statics
+    - geoserver-data-dir:/geoserver_data/data
+    - backup-restore:/backup_restore
+    - data:/data
+    - tmp:/tmp
+  depends_on:
+    db:
+      condition: service_healthy
+    geoserver:
+      condition: service_healthy
+
+services:
+
+  # Our custom django application. It includes Geonode.
+  django:
+    << : *default-common-django
+    build:
+      context: ./
+      dockerfile: Dockerfile
+    container_name: django4${COMPOSE_PROJECT_NAME}
+    healthcheck:
+      test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://127.0.0.1:8001/"
+      start_period: 60s
+      interval: 60s
+      timeout: 10s
+      retries: 10
+    environment:
+      - IS_CELERY=False
+    entrypoint: ["/usr/src/geonode/entrypoint.sh"]
+    command: "uwsgi --ini /usr/src/geonode/uwsgi.ini"
+
+  # Celery worker that executes celery tasks created by Django.
+  celery:
+    << : *default-common-django
+    image: geonode:local
+    container_name: celery4${COMPOSE_PROJECT_NAME}
+    depends_on:
+      - django
+    environment:
+      - IS_CELERY=True
+    entrypoint: ["/usr/src/geonode/entrypoint.sh"]
+    command: "celery-cmd"
+
+  # Nginx is serving django static and media files and proxies to django and geonode
+  geonode:
+    image: geonode/nginx:4.0
+    build: ./scripts/docker/nginx/
+    container_name: nginx4${COMPOSE_PROJECT_NAME}
+    environment:
+      - HTTPS_HOST=${HTTPS_HOST}
+      - HTTP_HOST=${HTTP_HOST}
+      - HTTPS_PORT=${HTTPS_PORT}
+      - HTTP_PORT=${HTTP_PORT}
+      - LETSENCRYPT_MODE=${LETSENCRYPT_MODE}
+      - RESOLVER=127.0.0.11
+    ports:
+      - "${HTTP_PORT}:80"
+      - "${HTTPS_PORT}:443"
+    volumes:
+      - nginx-confd:/etc/nginx
+      - nginx-certificates:/geonode-certificates
+      - statics:/mnt/volumes/statics
+    restart: on-failure
+
+  # Gets and installs letsencrypt certificates
+  letsencrypt:
+    image: geonode/letsencrypt:4.0
+    build: ./scripts/docker/letsencrypt/
+    container_name: letsencrypt4${COMPOSE_PROJECT_NAME}
+    environment:
+      - HTTPS_HOST=${HTTPS_HOST}
+      - HTTP_HOST=${HTTP_HOST}
+      - ADMIN_EMAIL=${ADMIN_EMAIL}
+      - LETSENCRYPT_MODE=${LETSENCRYPT_MODE}
+    volumes:
+      - nginx-certificates:/geonode-certificates
+    restart: on-failure
+
+  # Geoserver backend
+  geoserver:
+    image: geonode/geoserver:2.23.0
+    container_name: geoserver4${COMPOSE_PROJECT_NAME}
+    healthcheck:
+      test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://127.0.0.1:8080/geoserver/ows"
+      start_period: 60s
+      interval: 60s
+      timeout: 10s
+      retries: 10
+    env_file:
+      - .env
+    volumes:
+      - statics:/mnt/volumes/statics
+      - geoserver-data-dir:/geoserver_data/data
+      - backup-restore:/backup_restore
+      - data:/data
+      - tmp:/tmp
+    restart: on-failure
+    depends_on:
+      db:
+        condition: service_healthy
+      data-dir-conf:
+        condition: service_healthy
+
+  data-dir-conf:
+    image: geonode/geoserver_data:2.23.0
+    container_name: gsconf4${COMPOSE_PROJECT_NAME}
+    entrypoint: sleep infinity
+    volumes:
+      - geoserver-data-dir:/geoserver_data/data
+    restart: on-failure
+    healthcheck:
+      test: "ls -A '/geoserver_data/data' | wc -l"
+
+  # PostGIS database.
+  db:
+    # use geonode official postgis 13 image
+    image: geonode/postgis:13
+    command: postgres -c "max_connections=${POSTGRESQL_MAX_CONNECTIONS}"
+    container_name: db4${COMPOSE_PROJECT_NAME}
+    env_file:
+      - .env
+    volumes:
+      - dbdata:/var/lib/postgresql/data
+      - dbbackups:/pg_backups
+    restart: on-failure
+    healthcheck:
+      test: "pg_isready -d postgres -U postgres"
+    # uncomment to enable remote connections to postgres
+    #ports:
+    #  - "5432:5432"
+
+  # Vanilla RabbitMQ service. This is needed by celery
+  rabbitmq:
+    image: rabbitmq:3.7-alpine
+    container_name: rabbitmq4${COMPOSE_PROJECT_NAME}
+    volumes:
+      - rabbitmq:/var/lib/rabbitmq
+    restart: on-failure
+
+volumes:
+  statics:
+    name: ${COMPOSE_PROJECT_NAME}-statics
+  nginx-confd:
+    name: ${COMPOSE_PROJECT_NAME}-nginxconfd
+  nginx-certificates:
+    name: ${COMPOSE_PROJECT_NAME}-nginxcerts
+  geoserver-data-dir:
+    name: ${COMPOSE_PROJECT_NAME}-gsdatadir
+  dbdata:
+    name: ${COMPOSE_PROJECT_NAME}-dbdata
+  dbbackups:
+    name: ${COMPOSE_PROJECT_NAME}-dbbackups
+  backup-restore:
+    name: ${COMPOSE_PROJECT_NAME}-backup-restore
+  data:
+    name: ${COMPOSE_PROJECT_NAME}-data
+  tmp:
+    name: ${COMPOSE_PROJECT_NAME}-tmp
+  rabbitmq:
+    name: ${COMPOSE_PROJECT_NAME}-rabbitmq
diff --git a/docker-compose.yml b/docker-compose.yml
index a4fc63d9b88..3af97ca2ebc 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,7 +3,7 @@ version: '3.9'
 # Common Django template for GeoNode and Celery services below
 x-common-django:
   &default-common-django
-  image: geonode/geonode:4.0
+  image: geonode/geonode:latest-ubuntu-22.10
   restart: on-failure
   env_file:
     - .env
@@ -25,9 +25,6 @@ services:
   # Our custom django application. It includes Geonode.
   django:
     << : *default-common-django
-    build:
-      context: ./
-      dockerfile: Dockerfile
     container_name: django4${COMPOSE_PROJECT_NAME}
     healthcheck:
       test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://127.0.0.1:8001/"
@@ -43,7 +40,6 @@ services:
   # Celery worker that executes celery tasks created by Django.
   celery:
     << : *default-common-django
-    image: geonode/geonode:4.0
     container_name: celery4${COMPOSE_PROJECT_NAME}
     depends_on:
       - django

From cb2b4c001441fef3418c63417ecb44ca9dcdb688 Mon Sep 17 00:00:00 2001
From: etj <etj@geo-solutions.it>
Date: Fri, 7 Jul 2023 12:26:30 +0200
Subject: [PATCH 061/330] [#11226] Faceting: improvement: key to filter - step
 1

---
 geonode/facets/providers/baseinfo.py  | 3 ++-
 geonode/facets/providers/category.py  | 3 ++-
 geonode/facets/providers/keyword.py   | 3 ++-
 geonode/facets/providers/region.py    | 3 ++-
 geonode/facets/providers/thesaurus.py | 3 ++-
 geonode/facets/providers/users.py     | 3 ++-
 6 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/geonode/facets/providers/baseinfo.py b/geonode/facets/providers/baseinfo.py
index b1f55129be3..c1178ed69ec 100644
--- a/geonode/facets/providers/baseinfo.py
+++ b/geonode/facets/providers/baseinfo.py
@@ -38,7 +38,8 @@ def name(self) -> str:
     def get_info(self, lang="en") -> dict:
         return {
             "name": self.name,
-            "key": "filter{resource_type.in}",
+            "key": "filter{resource_type.in}",  # deprecated
+            "filter": "filter{resource_type.in}",
             "label": "Resource type",
             "type": FACET_TYPE_BASE,
             "hierarchical": True,
diff --git a/geonode/facets/providers/category.py b/geonode/facets/providers/category.py
index e0f24e29044..ef6f3a27ab9 100644
--- a/geonode/facets/providers/category.py
+++ b/geonode/facets/providers/category.py
@@ -39,7 +39,8 @@ def name(self) -> str:
     def get_info(self, lang="en") -> dict:
         return {
             "name": self.name,
-            "key": "filter{category.identifier}",
+            "key": "filter{category.identifier}",  # deprecated
+            "filter": "filter{category.identifier}",
             "label": "Category",
             "type": FACET_TYPE_CATEGORY,
             "hierarchical": False,
diff --git a/geonode/facets/providers/keyword.py b/geonode/facets/providers/keyword.py
index 4a82e9a3dbc..c63e19ce1ce 100644
--- a/geonode/facets/providers/keyword.py
+++ b/geonode/facets/providers/keyword.py
@@ -39,7 +39,8 @@ def name(self) -> str:
     def get_info(self, lang="en") -> dict:
         return {
             "name": self.name,
-            "key": "filter{keywords.slug.in}",
+            "key": "filter{keywords.slug.in}",  # deprecated
+            "filter": "filter{keywords.slug.in}",
             "label": "Keyword",
             "type": FACET_TYPE_KEYWORD,
             "order": 2,
diff --git a/geonode/facets/providers/region.py b/geonode/facets/providers/region.py
index a0df25b2ea6..d46e6cd0b4d 100644
--- a/geonode/facets/providers/region.py
+++ b/geonode/facets/providers/region.py
@@ -39,7 +39,8 @@ def name(self) -> str:
     def get_info(self, lang="en") -> dict:
         return {
             "name": self.name,
-            "key": "filter{regions.code.in}",
+            "key": "filter{regions.code.in}",  # deprecated
+            "filter": "filter{regions.code.in}",
             "label": "Region",
             "type": FACET_TYPE_PLACE,
             "hierarchical": False,  # source data is hierarchical, but this implementation is flat
diff --git a/geonode/facets/providers/thesaurus.py b/geonode/facets/providers/thesaurus.py
index d9897f6139d..5b4bb92f387 100644
--- a/geonode/facets/providers/thesaurus.py
+++ b/geonode/facets/providers/thesaurus.py
@@ -45,7 +45,8 @@ def name(self) -> str:
     def get_info(self, lang="en") -> dict:
         return {
             "name": self._name,
-            "key": "filter{tkeywords}",
+            "key": "filter{tkeywords}",  # deprecated
+            "filter": "filter{tkeywords}",
             "label": self.labels.get(lang, self.label),
             "is_localized": self.labels.get(lang, None) is not None,
             "type": FACET_TYPE_THESAURUS,
diff --git a/geonode/facets/providers/users.py b/geonode/facets/providers/users.py
index aedb2fc06f2..4845cade297 100644
--- a/geonode/facets/providers/users.py
+++ b/geonode/facets/providers/users.py
@@ -39,7 +39,8 @@ def name(self) -> str:
     def get_info(self, lang="en") -> dict:
         return {
             "name": "owner",
-            "key": "owner",
+            "key": "owner",  # deprecated
+            "filter": "owner",
             "label": "Owner",
             "type": FACET_TYPE_USER,
             "hierarchical": False,

From 92320381e2ee594f5ca4c6a0698c7ca34ffef7e3 Mon Sep 17 00:00:00 2001
From: etj <etj@geo-solutions.it>
Date: Fri, 7 Jul 2023 18:03:18 +0200
Subject: [PATCH 062/330] [Fixes #11233] Faceting: improvement: facet
 configuration

---
 geonode/facets/models.py              | 13 ++++++++-----
 geonode/facets/providers/baseinfo.py  |  9 ++++-----
 geonode/facets/providers/category.py  |  6 ++----
 geonode/facets/providers/keyword.py   |  5 ++---
 geonode/facets/providers/region.py    |  6 ++----
 geonode/facets/providers/thesaurus.py | 13 +++++++------
 geonode/facets/providers/users.py     |  6 ++----
 geonode/facets/tests.py               | 26 +++++++++++++++++++++++++-
 geonode/facets/views.py               | 10 ++++++++++
 geonode/settings.py                   | 18 +++++++++---------
 10 files changed, 71 insertions(+), 41 deletions(-)

diff --git a/geonode/facets/models.py b/geonode/facets/models.py
index 4beffbb1ac6..1b7f9964f7b 100644
--- a/geonode/facets/models.py
+++ b/geonode/facets/models.py
@@ -39,6 +39,9 @@ class FacetProvider:
     Provides access to the facet information and the related topics
     """
 
+    def __init__(self, **kwargs):
+        self.config = kwargs.get("config", {}).copy()
+
     def __str__(self):
         return f"{self.__class__.__name__}[{self.name}]"
 
@@ -51,7 +54,7 @@ def name(self) -> str:
         """
         self.get_info()["name"]
 
-    def get_info(self, lang="en") -> dict:
+    def get_info(self, lang="en", **kwargs) -> dict:
         """
         Get the basic info for this provider, as a dict with these keys:
         - 'name': the name of the provider (the one returned by name())
@@ -127,10 +130,10 @@ def _load_facets_configuration(self) -> None:
 
         logger.info("Initializing Facets")
 
-        if providers := getattr(settings, "FACET_PROVIDERS", []):
-            _providers = [import_string(module_path) for module_path in providers]
-            for provider in _providers:
-                provider.register(self)
+        for providerconf in getattr(settings, "FACET_PROVIDERS", []):
+            clz = providerconf["class"]
+            provider = import_string(clz)
+            provider.register(self, config=providerconf.get("config", {}))
 
     def register_facet_provider(self, provider: FacetProvider):
         logger.info(f"Registering {provider}")
diff --git a/geonode/facets/providers/baseinfo.py b/geonode/facets/providers/baseinfo.py
index c1178ed69ec..7a3ee9b1ffb 100644
--- a/geonode/facets/providers/baseinfo.py
+++ b/geonode/facets/providers/baseinfo.py
@@ -35,7 +35,7 @@ class ResourceTypeFacetProvider(FacetProvider):
     def name(self) -> str:
         return "resourcetype"
 
-    def get_info(self, lang="en") -> dict:
+    def get_info(self, lang="en", **kwargs) -> dict:
         return {
             "name": self.name,
             "key": "filter{resource_type.in}",  # deprecated
@@ -43,7 +43,6 @@ def get_info(self, lang="en") -> dict:
             "label": "Resource type",
             "type": FACET_TYPE_BASE,
             "hierarchical": True,
-            "order": 0,
         }
 
     def get_facet_items(
@@ -92,7 +91,7 @@ def get_facet_items(
 
     @classmethod
     def register(cls, registry, **kwargs) -> None:
-        registry.register_facet_provider(ResourceTypeFacetProvider())
+        registry.register_facet_provider(ResourceTypeFacetProvider(**kwargs))
 
 
 class FeaturedFacetProvider(FacetProvider):
@@ -104,7 +103,7 @@ class FeaturedFacetProvider(FacetProvider):
     def name(self) -> str:
         return "featured"
 
-    def get_info(self, lang="en") -> dict:
+    def get_info(self, lang="en", **kwargs) -> dict:
         return {
             "name": self.name,
             "key": "filter{featured}",
@@ -145,4 +144,4 @@ def get_facet_items(
 
     @classmethod
     def register(cls, registry, **kwargs) -> None:
-        registry.register_facet_provider(FeaturedFacetProvider())
+        registry.register_facet_provider(FeaturedFacetProvider(**kwargs))
diff --git a/geonode/facets/providers/category.py b/geonode/facets/providers/category.py
index ef6f3a27ab9..9e027dec1e9 100644
--- a/geonode/facets/providers/category.py
+++ b/geonode/facets/providers/category.py
@@ -36,15 +36,13 @@ class CategoryFacetProvider(FacetProvider):
     def name(self) -> str:
         return "category"
 
-    def get_info(self, lang="en") -> dict:
+    def get_info(self, lang="en", **kwargs) -> dict:
         return {
             "name": self.name,
             "key": "filter{category.identifier}",  # deprecated
             "filter": "filter{category.identifier}",
             "label": "Category",
             "type": FACET_TYPE_CATEGORY,
-            "hierarchical": False,
-            "order": 2,
         }
 
     def get_facet_items(
@@ -99,4 +97,4 @@ def get_topics(self, keys: list, lang="en", **kwargs) -> list:
 
     @classmethod
     def register(cls, registry, **kwargs) -> None:
-        registry.register_facet_provider(CategoryFacetProvider())
+        registry.register_facet_provider(CategoryFacetProvider(**kwargs))
diff --git a/geonode/facets/providers/keyword.py b/geonode/facets/providers/keyword.py
index c63e19ce1ce..570f2e04cbb 100644
--- a/geonode/facets/providers/keyword.py
+++ b/geonode/facets/providers/keyword.py
@@ -36,14 +36,13 @@ class KeywordFacetProvider(FacetProvider):
     def name(self) -> str:
         return "keyword"
 
-    def get_info(self, lang="en") -> dict:
+    def get_info(self, lang="en", **kwargs) -> dict:
         return {
             "name": self.name,
             "key": "filter{keywords.slug.in}",  # deprecated
             "filter": "filter{keywords.slug.in}",
             "label": "Keyword",
             "type": FACET_TYPE_KEYWORD,
-            "order": 2,
         }
 
     def get_facet_items(
@@ -94,4 +93,4 @@ def get_topics(self, keys: list, lang="en", **kwargs) -> list:
 
     @classmethod
     def register(cls, registry, **kwargs) -> None:
-        registry.register_facet_provider(KeywordFacetProvider())
+        registry.register_facet_provider(KeywordFacetProvider(**kwargs))
diff --git a/geonode/facets/providers/region.py b/geonode/facets/providers/region.py
index d46e6cd0b4d..a4935d35468 100644
--- a/geonode/facets/providers/region.py
+++ b/geonode/facets/providers/region.py
@@ -36,15 +36,13 @@ class RegionFacetProvider(FacetProvider):
     def name(self) -> str:
         return "region"
 
-    def get_info(self, lang="en") -> dict:
+    def get_info(self, lang="en", **kwargs) -> dict:
         return {
             "name": self.name,
             "key": "filter{regions.code.in}",  # deprecated
             "filter": "filter{regions.code.in}",
             "label": "Region",
             "type": FACET_TYPE_PLACE,
-            "hierarchical": False,  # source data is hierarchical, but this implementation is flat
-            "order": 2,
         }
 
     def get_facet_items(
@@ -95,4 +93,4 @@ def get_topics(self, keys: list, lang="en", **kwargs) -> list:
 
     @classmethod
     def register(cls, registry, **kwargs) -> None:
-        registry.register_facet_provider(RegionFacetProvider())
+        registry.register_facet_provider(RegionFacetProvider(**kwargs))
diff --git a/geonode/facets/providers/thesaurus.py b/geonode/facets/providers/thesaurus.py
index 5b4bb92f387..91823f00ac4 100644
--- a/geonode/facets/providers/thesaurus.py
+++ b/geonode/facets/providers/thesaurus.py
@@ -32,17 +32,20 @@ class ThesaurusFacetProvider(FacetProvider):
     Implements faceting for a given Thesaurus
     """
 
-    def __init__(self, identifier, title, order, labels: dict):
+    def __init__(self, identifier, title, order, labels: dict, **kwargs):
+        super().__init__(**kwargs)
+
         self._name = identifier
         self.label = title
-        self.order = order
         self.labels = labels
 
+        self.config["order"] = order
+
     @property
     def name(self) -> str:
         return self._name
 
-    def get_info(self, lang="en") -> dict:
+    def get_info(self, lang="en", **kwargs) -> dict:
         return {
             "name": self._name,
             "key": "filter{tkeywords}",  # deprecated
@@ -50,8 +53,6 @@ def get_info(self, lang="en") -> dict:
             "label": self.labels.get(lang, self.label),
             "is_localized": self.labels.get(lang, None) is not None,
             "type": FACET_TYPE_THESAURUS,
-            "hierarchical": False,
-            "order": self.order,
         }
 
     def get_facet_items(
@@ -153,5 +154,5 @@ def register(cls, registry, **kwargs) -> None:
         logger.info("Creating providers for %r", ret)
         for t in ret.values():
             registry.register_facet_provider(
-                ThesaurusFacetProvider(t["identifier"], t["title"], t["order"], t["labels"])
+                ThesaurusFacetProvider(t["identifier"], t["title"], t["order"], t["labels"], **kwargs)
             )
diff --git a/geonode/facets/providers/users.py b/geonode/facets/providers/users.py
index 4845cade297..a6399952868 100644
--- a/geonode/facets/providers/users.py
+++ b/geonode/facets/providers/users.py
@@ -36,15 +36,13 @@ class OwnerFacetProvider(FacetProvider):
     def name(self) -> str:
         return "owner"
 
-    def get_info(self, lang="en") -> dict:
+    def get_info(self, lang="en", **kwargs) -> dict:
         return {
             "name": "owner",
             "key": "owner",  # deprecated
             "filter": "owner",
             "label": "Owner",
             "type": FACET_TYPE_USER,
-            "hierarchical": False,
-            "order": 5,
         }
 
     def get_facet_items(
@@ -95,4 +93,4 @@ def get_topics(self, keys: list, lang="en", **kwargs) -> list:
 
     @classmethod
     def register(cls, registry, **kwargs) -> None:
-        registry.register_facet_provider(OwnerFacetProvider())
+        registry.register_facet_provider(OwnerFacetProvider(**kwargs))
diff --git a/geonode/facets/tests.py b/geonode/facets/tests.py
index cc6d9a8e0ec..50a7cef842c 100644
--- a/geonode/facets/tests.py
+++ b/geonode/facets/tests.py
@@ -69,7 +69,7 @@ def _create_thesauri(cls):
         cls.thesauri_k = {}
 
         for tn in range(2):
-            t = Thesaurus.objects.create(identifier=f"t_{tn}", title=f"Thesaurus {tn}")
+            t = Thesaurus.objects.create(identifier=f"t_{tn}", title=f"Thesaurus {tn}", order=100 + tn * 10)
             cls.thesauri[tn] = t
             for tl in (
                 "en",
@@ -335,6 +335,30 @@ def test_prefiltering(self):
             self.assertEqual(totals, obj["topics"]["total"], f"Bad totals for facet '{facet} and filter {filters}")
             self.assertEqual(count0, obj["topics"]["items"][0]["count"], f"Bad count0 for facet '{facet}")
 
+    def test_config(self):
+        for facet, type, order in (
+            ("resourcetype", None, None),
+            ("t_0", "select", 100),
+            ("category", "select", 5),
+            ("region", "select", 7),
+            ("owner", "select", 8),
+        ):
+            req = self.rf.get(reverse("get_facet", args=[facet]), data={"include_config": True})
+            res: JsonResponse = views.get_facet(req, facet)
+            obj = json.loads(res.content)
+            self.assertIn("config", obj, "Config info not found in payload")
+            conf = obj["config"]
+
+            if type is None:
+                self.assertNotIn("type", conf)
+            else:
+                self.assertEqual(type, conf["type"], "Unexpected type")
+
+            if order is None:
+                self.assertNotIn("order", conf)
+            else:
+                self.assertEqual(order, conf["order"], "Unexpected order")
+
     def test_user_auth(self):
         # make sure the user authorization pre-filters the visible resources
         # TODO test
diff --git a/geonode/facets/views.py b/geonode/facets/views.py
index 717eabfc57a..e3a8185ae4c 100644
--- a/geonode/facets/views.py
+++ b/geonode/facets/views.py
@@ -38,6 +38,7 @@
 PARAM_LANG = "lang"
 PARAM_ADD_LINKS = "add_links"
 PARAM_INCLUDE_TOPICS = "include_topics"
+PARAM_INCLUDE_CONFIG = "include_config"
 PARAM_TOPIC_CONTAINS = "topic_contains"
 
 logger = logging.getLogger(__name__)
@@ -49,12 +50,17 @@ def list_facets(request, **kwargs):
     lang, lang_requested = _resolve_language(request)
     add_links = _resolve_boolean(request, PARAM_ADD_LINKS, False)
     include_topics = _resolve_boolean(request, PARAM_INCLUDE_TOPICS, False)
+    include_config = _resolve_boolean(request, PARAM_INCLUDE_CONFIG, False)
 
     facets = []
 
     for provider in facet_registry.get_providers():
         logger.debug("Fetching data from provider %r", provider)
         info = provider.get_info(lang=lang)
+
+        if include_config:
+            info["config"] = provider.config
+
         if add_links:
             link_args = {PARAM_ADD_LINKS: True}
             if lang_requested:  # only add lang param if specified in current call
@@ -83,11 +89,15 @@ def get_facet(request, facet):
     # parse some query params
     lang, lang_requested = _resolve_language(request)
     add_link = _resolve_boolean(request, PARAM_ADD_LINKS, False)
+    include_config = _resolve_boolean(request, PARAM_INCLUDE_CONFIG, False)
+
     topic_contains = request.GET.get(PARAM_TOPIC_CONTAINS, None)
     page = int(request.GET.get(PARAM_PAGE, 0))
     page_size = int(request.GET.get(PARAM_PAGE_SIZE, DEFAULT_FACET_PAGE_SIZE))
 
     info = provider.get_info(lang)
+    if include_config:
+        info["config"] = provider.config
 
     qs = _prefilter_topics(request)
     topics = _get_topics(
diff --git a/geonode/settings.py b/geonode/settings.py
index 14b58fec600..4a90f085e68 100644
--- a/geonode/settings.py
+++ b/geonode/settings.py
@@ -2335,12 +2335,12 @@ def get_geonode_catalogue_service():
 INSTALLED_APPS += ("geonode.facets",)
 GEONODE_APPS += ("geonode.facets",)
 
-FACET_PROVIDERS = (
-    "geonode.facets.providers.baseinfo.ResourceTypeFacetProvider",
-    "geonode.facets.providers.baseinfo.FeaturedFacetProvider",
-    "geonode.facets.providers.category.CategoryFacetProvider",
-    "geonode.facets.providers.keyword.KeywordFacetProvider",
-    "geonode.facets.providers.users.OwnerFacetProvider",
-    "geonode.facets.providers.thesaurus.ThesaurusFacetProvider",
-    "geonode.facets.providers.region.RegionFacetProvider",
-)
+FACET_PROVIDERS = [
+    {"class": "geonode.facets.providers.baseinfo.ResourceTypeFacetProvider"},
+    {"class": "geonode.facets.providers.baseinfo.FeaturedFacetProvider"},
+    {"class": "geonode.facets.providers.category.CategoryFacetProvider", "config": {"order": 5, "type": "select"}},
+    {"class": "geonode.facets.providers.keyword.KeywordFacetProvider", "config": {"order": 6, "type": "select"}},
+    {"class": "geonode.facets.providers.region.RegionFacetProvider", "config": {"order": 7, "type": "select"}},
+    {"class": "geonode.facets.providers.users.OwnerFacetProvider", "config": {"order": 8, "type": "select"}},
+    {"class": "geonode.facets.providers.thesaurus.ThesaurusFacetProvider", "config": {"type": "select"}},
+]

From 2a0eedbf28ea0b06f2c4c8feff94a321298df079 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Tue, 11 Jul 2023 12:18:29 +0200
Subject: [PATCH 063/330] [Fixes #11246] Create thumbnails for remote documents
 (#11247)

* Create thumbnails for remote documents

* removed unused import

* adop storage manager and rendere remote pdf

* tests for remote doc thumbanil

* remove unused requests

* fix document type checks
---
 geonode/documents/models.py |  6 ++--
 geonode/documents/tasks.py  | 57 +++++++++++++++++++++++++------------
 geonode/documents/tests.py  | 18 +++++++++++-
 geonode/resource/manager.py |  2 +-
 geonode/storage/manager.py  |  2 +-
 5 files changed, 61 insertions(+), 24 deletions(-)

diff --git a/geonode/documents/models.py b/geonode/documents/models.py
index e9a81dac1dc..402194f9908 100644
--- a/geonode/documents/models.py
+++ b/geonode/documents/models.py
@@ -116,17 +116,17 @@ def mime_type(self):
     @property
     def is_audio(self):
         AUDIOTYPES = [_e for _e, _t in DOCUMENT_TYPE_MAP.items() if _t == "audio"]
-        return self.is_file and self.extension.lower() in AUDIOTYPES
+        return self.extension and self.extension.lower() in AUDIOTYPES
 
     @property
     def is_image(self):
         IMGTYPES = [_e for _e, _t in DOCUMENT_TYPE_MAP.items() if _t == "image"]
-        return self.is_file and self.extension.lower() in IMGTYPES
+        return self.extension and self.extension.lower() in IMGTYPES
 
     @property
     def is_video(self):
         VIDEOTYPES = [_e for _e, _t in DOCUMENT_TYPE_MAP.items() if _t == "video"]
-        return self.is_file and self.extension.lower() in VIDEOTYPES
+        return self.extension and self.extension.lower() in VIDEOTYPES
 
     @property
     def class_name(self):
diff --git a/geonode/documents/tasks.py b/geonode/documents/tasks.py
index a5ddb247a19..e0ed9617354 100644
--- a/geonode/documents/tasks.py
+++ b/geonode/documents/tasks.py
@@ -25,7 +25,7 @@
 from celery.utils.log import get_task_logger
 
 from geonode.celery_app import app
-from geonode.storage.manager import storage_manager
+from geonode.storage.manager import StorageManager
 
 from ..base.models import ResourceBase
 from .models import Document
@@ -90,6 +90,8 @@ def create_document_thumbnail(self, object_id):
     """
     logger.debug(f"Generating thumbnail for document #{object_id}.")
 
+    storage_manager = StorageManager()
+
     try:
         document = Document.objects.get(id=object_id)
     except Document.DoesNotExist:
@@ -98,33 +100,52 @@ def create_document_thumbnail(self, object_id):
 
     image_file = None
     thumbnail_content = None
+    remove_tmp_file = False
     centering = (0.5, 0.5)
 
-    if document.is_image:
-        dname = storage_manager.path(document.files[0])
-        if storage_manager.exists(dname):
-            image_file = storage_manager.open(dname, "rb")
+    doc_path = None
+    if document.files:
+        doc_path = storage_manager.path(document.files[0])
+    elif document.doc_url:
+        doc_path = document.doc_url
+        remove_tmp_file = True
 
+    if document.is_image:
         try:
-            image = Image.open(image_file)
-            with io.BytesIO() as output:
-                image.save(output, format="PNG")
-                thumbnail_content = output.getvalue()
-                output.close()
+            image_file = storage_manager.open(doc_path)
         except Exception as e:
-            logger.debug(f"Could not generate thumbnail: {e}")
-        finally:
-            if image_file is not None:
-                image_file.close()
-
-    elif doc_renderer.supports(document.files[0]):
+            logger.debug(f"Could not generate thumbnail from remote document {document.doc_url}: {e}")
+
+        if image_file:
+            try:
+                image = Image.open(image_file)
+                with io.BytesIO() as output:
+                    image.save(output, format="PNG")
+                    thumbnail_content = output.getvalue()
+                    output.close()
+            except Exception as e:
+                logger.debug(f"Could not generate thumbnail: {e}")
+            finally:
+                if image_file is not None:
+                    image_file.close()
+                    if remove_tmp_file:
+                        storage_manager.delete(doc_path)
+
+    elif doc_renderer.supports(doc_path):
+        # in case it's a remote document we want to retrieve it first
+        if document.doc_url:
+            doc_path = storage_manager.open(doc_path).name
+            remove_tmp_file = True
         try:
-            thumbnail_content = doc_renderer.render(document.files[0])
-            preferred_centering = doc_renderer.preferred_crop_centering(document.files[0])
+            thumbnail_content = doc_renderer.render(doc_path)
+            preferred_centering = doc_renderer.preferred_crop_centering(doc_path)
             if preferred_centering is not None:
                 centering = preferred_centering
         except Exception as e:
             print(e)
+        finally:
+            if remove_tmp_file:
+                storage_manager.delete(doc_path)
     if not thumbnail_content:
         logger.warning(f"Thumbnail for document #{object_id} empty.")
         ResourceBase.objects.filter(id=document.id).update(thumbnail_url=None)
diff --git a/geonode/documents/tests.py b/geonode/documents/tests.py
index 369256492fa..0da85504577 100644
--- a/geonode/documents/tests.py
+++ b/geonode/documents/tests.py
@@ -253,7 +253,7 @@ def test_non_image_documents_thumbnail(self):
         finally:
             Document.objects.filter(title="Non img File Doc").delete()
 
-    def test_image_documents_thumbnail(self):
+    def test_documents_thumbnail(self):
         self.client.login(username="admin", password="admin")
         try:
             # test image doc
@@ -274,6 +274,22 @@ def test_image_documents_thumbnail(self):
                     self.assertEqual(file.size, (400, 200))
                     # check thumbnail qualty and extention
                     self.assertEqual(file.format, "JPEG")
+            data = {
+                "title": "Remote img File Doc",
+                "doc_url": "https://raw.githubusercontent.com/GeoNode/geonode/master/geonode/documents/tests/data/img.gif",
+                "extension": "gif",
+            }
+            with self.settings(THUMBNAIL_SIZE={"width": 400, "height": 200}):
+                self.client.post(reverse("document_upload"), data=data)
+                d = Document.objects.get(title="Remote img File Doc")
+                self.assertIsNotNone(d.thumbnail_url)
+                thumb_file = os.path.join(
+                    settings.MEDIA_ROOT, f"thumbs/{os.path.basename(urlparse(d.thumbnail_url).path)}"
+                )
+                file = Image.open(thumb_file)
+                self.assertEqual(file.size, (400, 200))
+                # check thumbnail qualty and extention
+                self.assertEqual(file.format, "JPEG")
             # test pdf doc
             with open(os.path.join(f"{self.project_root}", "tests/data/pdf_doc.pdf"), "rb") as f:
                 data = {
diff --git a/geonode/resource/manager.py b/geonode/resource/manager.py
index 28d52999e5f..38ca1a0e7c3 100644
--- a/geonode/resource/manager.py
+++ b/geonode/resource/manager.py
@@ -944,7 +944,7 @@ def set_thumbnail(
                         file_name = _generate_thumbnail_name(_resource.get_real_instance())
                         _resource.save_thumbnail(file_name, thumbnail)
                     else:
-                        if instance and instance.files and isinstance(instance.get_real_instance(), Document):
+                        if instance and isinstance(instance.get_real_instance(), Document):
                             if overwrite or not instance.thumbnail_url:
                                 create_document_thumbnail.apply((instance.id,))
                         self._concrete_resource_manager.set_thumbnail(
diff --git a/geonode/storage/manager.py b/geonode/storage/manager.py
index f4adf983d2a..421ce6946e3 100644
--- a/geonode/storage/manager.py
+++ b/geonode/storage/manager.py
@@ -249,7 +249,7 @@ def clone_remote_files(self) -> Mapping:
         """
         Using the data retriever object clone the remote path into a local temporary storage
         """
-        self.data_retriever.get_paths(allow_transfer=True)
+        return self.data_retriever.get_paths(allow_transfer=True)
 
     def get_retrieved_paths(self) -> Mapping:
         """

From 61f69c458a7f274a4c22960a6268c46644d14a4f Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Tue, 11 Jul 2023 15:58:20 +0200
Subject: [PATCH 064/330] [Fixes #11249] Mark remote documents with sourcetype
 REMOTE (#11250)

* mark remote documents with sourcetype REMOTE

* added tests

* fix test
---
 geonode/documents/api/tests.py | 17 +++++++++++++++++
 geonode/documents/api/views.py |  2 ++
 geonode/documents/tests.py     | 16 ++++++++++++++++
 geonode/documents/views.py     |  6 +++++-
 4 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/geonode/documents/api/tests.py b/geonode/documents/api/tests.py
index dbb3b13588b..1951da4e2e1 100644
--- a/geonode/documents/api/tests.py
+++ b/geonode/documents/api/tests.py
@@ -28,6 +28,7 @@
 from geonode import settings
 
 from geonode.base.populate_test_data import create_models
+from geonode.base.enumerations import SOURCE_TYPE_REMOTE
 from geonode.documents.models import Document
 
 logger = logging.getLogger(__name__)
@@ -172,6 +173,22 @@ def test_creation_from_url_should_create_the_doc(self):
         created_doc_url = actual.json().get("document", {}).get("doc_url", "")
         self.assertEqual(created_doc_url, doc_url)
 
+    def test_remote_document_is_marked_remote(self):
+        """Tests creating an external document set its sourcetype to REMOTE."""
+        self.client.force_login(self.admin)
+        doc_url = "https://example.com/image"
+        payload = {
+            "document": {
+                "title": "A remote document is remote",
+                "doc_url": doc_url,
+                "extension": "jpeg",
+            }
+        }
+        actual = self.client.post(self.url, data=payload, format="json")
+        self.assertEqual(201, actual.status_code)
+        created_sourcetype = actual.json().get("document", {}).get("sourcetype", "")
+        self.assertEqual(created_sourcetype, SOURCE_TYPE_REMOTE)
+
     def test_either_path_or_url_doc(self):
         """
         If file_path is not available, should raise error
diff --git a/geonode/documents/api/views.py b/geonode/documents/api/views.py
index 05159272363..720cb7639ba 100644
--- a/geonode/documents/api/views.py
+++ b/geonode/documents/api/views.py
@@ -31,6 +31,7 @@
 from geonode.base.api.filters import DynamicSearchFilter, ExtentFilter
 from geonode.base.api.pagination import GeoNodeApiPagination
 from geonode.base.api.permissions import UserHasPerms
+from geonode.base import enumerations
 from geonode.documents.api.exceptions import DocumentException
 from geonode.documents.models import Document
 
@@ -123,6 +124,7 @@ def perform_create(self, serializer):
                 payload["files"] = [manager.get_retrieved_paths().get("base_file")]
             if doc_url:
                 payload["doc_url"] = doc_url
+                payload["sourcetype"] = enumerations.SOURCE_TYPE_REMOTE
 
             resource = serializer.save(**payload)
 
diff --git a/geonode/documents/tests.py b/geonode/documents/tests.py
index 0da85504577..8bf91a88529 100644
--- a/geonode/documents/tests.py
+++ b/geonode/documents/tests.py
@@ -47,6 +47,7 @@
 from geonode.layers.models import Dataset
 from geonode.compat import ensure_string
 from geonode.base.models import License, Region
+from geonode.base.enumerations import SOURCE_TYPE_REMOTE
 from geonode.documents import DocumentsAppConfig
 from geonode.resource.manager import resource_manager
 from geonode.documents.forms import DocumentFormMixin
@@ -137,6 +138,21 @@ def test_create_document_with_rel(self, thumb):
         self.assertEqual(Document.objects.get(pk=c.id).title, "theimg")
         self.assertEqual(DocumentResourceLink.objects.get(pk=_d.id).object_id, m.id)
 
+    def test_remote_document_is_marked_remote(self):
+        """Tests creating an external document set its sourcetype to REMOTE."""
+        self.client.login(username="admin", password="admin")
+        form_data = {
+            "title": "A remote document through form is remote",
+            "doc_url": "http://www.geonode.org/map.pdf",
+        }
+
+        response = self.client.post(reverse("document_upload"), data=form_data)
+
+        self.assertEqual(response.status_code, 302)
+
+        d = Document.objects.get(title="A remote document through form is remote")
+        self.assertEqual(d.sourcetype, SOURCE_TYPE_REMOTE)
+
     def test_create_document_url(self):
         """Tests creating an external document instead of a file."""
 
diff --git a/geonode/documents/views.py b/geonode/documents/views.py
index 3ba50d2f6bc..ed4355fcee2 100644
--- a/geonode/documents/views.py
+++ b/geonode/documents/views.py
@@ -51,6 +51,7 @@
 from geonode.security.utils import get_user_visible_groups, AdvancedSecurityWorkflowManager
 from geonode.base.forms import CategoryForm, TKeywordForm, ThesaurusAvailableForm
 from geonode.base.models import Thesaurus, TopicCategory
+from geonode.base import enumerations
 
 from .utils import get_download_response
 
@@ -184,7 +185,10 @@ def form_valid(self, form):
                 None,
                 resource_type=Document,
                 defaults=dict(
-                    owner=self.request.user, doc_url=doc_form.pop("doc_url", None), title=doc_form.pop("title", None)
+                    owner=self.request.user,
+                    doc_url=doc_form.pop("doc_url", None),
+                    title=doc_form.pop("title", None),
+                    sourcetype=enumerations.SOURCE_TYPE_REMOTE,
                 ),
             )
 

From 0842b134ece127c7a5fc54f732041f98a1c6b1ab Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Jul 2023 08:42:18 +0200
Subject: [PATCH 065/330] Bump jsonschema from 4.17.3 to 4.18.0 (#11245)

* Bump jsonschema from 4.17.3 to 4.18.0

Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.17.3 to 4.18.0.
- [Release notes](https://github.com/python-jsonschema/jsonschema/releases)
- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/python-jsonschema/jsonschema/compare/v4.17.3...v4.18.0)

---
updated-dependencies:
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 022221a3a3a..e6b588f93db 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -20,7 +20,7 @@ vine==5.0.0
 tqdm==4.65.0
 Deprecated==1.2.14
 wrapt==1.15.0
-jsonschema==4.17.3
+jsonschema==4.18.0
 zipstream-new==1.1.8
 schema==0.7.5
 rdflib==6.3.2
diff --git a/setup.cfg b/setup.cfg
index d30ae2d8c54..abfdb1a0903 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -46,7 +46,7 @@ install_requires =
     tqdm==4.65.0
     Deprecated==1.2.14
     wrapt==1.15.0
-    jsonschema==4.17.3
+    jsonschema==4.18.0
     zipstream-new==1.1.8
     schema==0.7.5
     rdflib==6.3.2

From 84e85290cfc4b08b5f4a990dc23c74d492ffab0f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Jul 2023 08:57:28 +0200
Subject: [PATCH 066/330] Bump google-cloud-core from 2.3.2 to 2.3.3 (#11244)

* Bump google-cloud-core from 2.3.2 to 2.3.3

Bumps [google-cloud-core](https://github.com/googleapis/python-cloud-core) from 2.3.2 to 2.3.3.
- [Release notes](https://github.com/googleapis/python-cloud-core/releases)
- [Changelog](https://github.com/googleapis/python-cloud-core/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/python-cloud-core/compare/v2.3.2...v2.3.3)

---
updated-dependencies:
- dependency-name: google-cloud-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index e6b588f93db..0669008598a 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -112,7 +112,7 @@ django-bootstrap3-datetimepicker-2==2.8.3
 django-storages==1.13.2
 dropbox==11.36.2
 google-cloud-storage==2.10.0
-google-cloud-core==2.3.2
+google-cloud-core==2.3.3
 boto3==1.26.165
 
 # Django Caches
diff --git a/setup.cfg b/setup.cfg
index abfdb1a0903..6719672bdbb 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -137,7 +137,7 @@ install_requires =
     django-storages==1.13.2
     dropbox==11.36.2
     google-cloud-storage==2.10.0
-    google-cloud-core==2.3.2
+    google-cloud-core==2.3.3
     boto3==1.26.165
 
     # Django Caches

From d779c443e5b7fc0c109aa12edb59bc248e8f57b0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Jul 2023 08:57:55 +0200
Subject: [PATCH 067/330] Bump lxml from 4.9.2 to 4.9.3 (#11243)

* Bump lxml from 4.9.2 to 4.9.3

Bumps [lxml](https://github.com/lxml/lxml) from 4.9.2 to 4.9.3.
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](https://github.com/lxml/lxml/compare/lxml-4.9.2...lxml-4.9.3)

---
updated-dependencies:
- dependency-name: lxml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 0669008598a..02b05af4d82 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,6 @@
 # native dependencies
 Pillow==10.0.0
-lxml==4.9.2
+lxml==4.9.3
 psycopg2==2.9.6
 Django==3.2.20
 
diff --git a/setup.cfg b/setup.cfg
index 6719672bdbb..6351f23d76d 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -26,7 +26,7 @@ setup_requires =
 install_requires =
     # native dependencies
     Pillow==10.0.0
-    lxml==4.9.2
+    lxml==4.9.3
     psycopg2==2.9.6
     Django==3.2.20
 

From 2da20b208cb02f2747663453d8137afea7efd240 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Jul 2023 08:58:41 +0200
Subject: [PATCH 068/330] Bump wandb from 0.15.4 to 0.15.5 (#11242)

* Bump wandb from 0.15.4 to 0.15.5

Bumps [wandb](https://github.com/wandb/wandb) from 0.15.4 to 0.15.5.
- [Release notes](https://github.com/wandb/wandb/releases)
- [Changelog](https://github.com/wandb/wandb/blob/main/CHANGELOG.md)
- [Commits](https://github.com/wandb/wandb/compare/v0.15.4...v0.15.5)

---
updated-dependencies:
- dependency-name: wandb
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 02b05af4d82..81494b1bc10 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -171,7 +171,7 @@ webdriver_manager==3.8.6
 
 # Security and audit
 mistune==3.0.1
-wandb==0.15.4
+wandb==0.15.5
 protobuf==3.20.3
 mako==1.2.4
 certifi>=2022.12.7 # not directly required, pinned by Snyk to avoid a vulnerability
diff --git a/setup.cfg b/setup.cfg
index 6351f23d76d..fc454b6d816 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -196,7 +196,7 @@ install_requires =
 
     # Security and audit
     mistune==3.0.1
-    wandb==0.15.4
+    wandb==0.15.5
     protobuf==3.20.3
     mako==1.2.4
     certifi>=2022.12.7 # not directly required, pinned by Snyk to avoid a vulnerability

From 572cde9ada2cd8171056d14d91fcb41dcd9b2b1d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Jul 2023 08:59:03 +0200
Subject: [PATCH 069/330] Bump sqlalchemy from 2.0.17 to 2.0.18 (#11241)

* Bump sqlalchemy from 2.0.17 to 2.0.18

Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.17 to 2.0.18.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

---
updated-dependencies:
- dependency-name: sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 81494b1bc10..7cce230a184 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -56,7 +56,7 @@ pyjwt==2.7.0
 pyproj<3.7.0
 OWSLib==0.29.2
 pycsw==2.6.1
-SQLAlchemy==2.0.17 # required by PyCSW
+SQLAlchemy==2.0.18 # required by PyCSW
 Shapely==1.8.5.post1
 mercantile==1.2.1
 geoip2==4.7.0
diff --git a/setup.cfg b/setup.cfg
index fc454b6d816..bce71b8a3fb 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -82,7 +82,7 @@ install_requires =
     pyproj<3.7.0
     OWSLib==0.29.2
     pycsw==2.6.1
-    SQLAlchemy==2.0.17 # required by PyCSW
+    SQLAlchemy==2.0.18 # required by PyCSW
     Shapely==1.8.5.post1
     mercantile==1.2.1
     geoip2==4.7.0

From d7747b7ecd1051ca769027a4725ef71a67bfb3cc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Jul 2023 09:00:14 +0200
Subject: [PATCH 070/330] Bump boto3 from 1.26.165 to 1.28.1 (#11240)

* Bump boto3 from 1.26.165 to 1.28.1

Bumps [boto3](https://github.com/boto/boto3) from 1.26.165 to 1.28.1.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.26.165...1.28.1)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 7cce230a184..e2ac13c71bc 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -113,7 +113,7 @@ django-storages==1.13.2
 dropbox==11.36.2
 google-cloud-storage==2.10.0
 google-cloud-core==2.3.3
-boto3==1.26.165
+boto3==1.28.1
 
 # Django Caches
 python-memcached<=1.59
diff --git a/setup.cfg b/setup.cfg
index bce71b8a3fb..2dacd3779a2 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -138,7 +138,7 @@ install_requires =
     dropbox==11.36.2
     google-cloud-storage==2.10.0
     google-cloud-core==2.3.3
-    boto3==1.26.165
+    boto3==1.28.1
 
     # Django Caches
     python-memcached<=1.59

From 2285c269296bf0058e2d5d6d2e8b8f02b31b3aee Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Jul 2023 09:37:56 +0200
Subject: [PATCH 071/330] Bump black from 23.3.0 to 23.7.0 (#11253)

* Bump black from 23.3.0 to 23.7.0

Bumps [black](https://github.com/psf/black) from 23.3.0 to 23.7.0.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/23.3.0...23.7.0)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index e2ac13c71bc..4539e9f56bd 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -153,7 +153,7 @@ invoke==2.1.3
 coverage==7.2.7
 requests-toolbelt==1.0.0
 flake8==6.0.0
-black==23.3.0
+black==23.7.0
 pytest==7.4.0
 pytest-bdd==6.1.1
 splinter==0.19.0
diff --git a/setup.cfg b/setup.cfg
index 2dacd3779a2..121bace7dff 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -178,7 +178,7 @@ install_requires =
     coverage==7.2.7
     requests-toolbelt==1.0.0
     flake8==6.0.0
-    black==23.3.0
+    black==23.7.0
     pytest==7.4.0
     pytest-bdd==6.1.1
     splinter==0.19.0

From 2315bee4c9504e5a4a2d5173c0a6bc19e98ba654 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Jul 2023 09:38:14 +0200
Subject: [PATCH 072/330] Bump django-cors-headers from 4.1.0 to 4.2.0 (#11254)

* Bump django-cors-headers from 4.1.0 to 4.2.0

Bumps [django-cors-headers](https://github.com/adamchainz/django-cors-headers) from 4.1.0 to 4.2.0.
- [Changelog](https://github.com/adamchainz/django-cors-headers/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/adamchainz/django-cors-headers/compare/4.1.0...4.2.0)

---
updated-dependencies:
- dependency-name: django-cors-headers
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 4539e9f56bd..17733ac070d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -134,7 +134,7 @@ sherlock==0.4.1
 
 # required by monitoring
 psutil==5.9.5
-django-cors-headers==4.1.0
+django-cors-headers==4.2.0
 user-agents
 django-user-agents
 xmljson
diff --git a/setup.cfg b/setup.cfg
index 121bace7dff..6f5b98c65aa 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -159,7 +159,7 @@ install_requires =
 
     # required by monitoring
     psutil==5.9.5
-    django-cors-headers==4.1.0
+    django-cors-headers==4.2.0
     user-agents
     django-user-agents
     xmljson

From d54d04afa5c1f7e8e4d2d1bea4a6f19051ba7b05 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Wed, 12 Jul 2023 16:37:22 +0200
Subject: [PATCH 073/330] [Fixes #11256] Assign regions based on contains and
 overlaps (#11257)

* Assign regions based on contains and overlaps

* tests

* fix E501
---
 geonode/base/models.py    | 17 +++++++++++++++-
 geonode/base/tests.py     | 41 ++++++++++++++++++++++++++++++++++++++-
 geonode/resource/utils.py | 10 ++--------
 3 files changed, 58 insertions(+), 10 deletions(-)

diff --git a/geonode/base/models.py b/geonode/base/models.py
index 6da70b6994c..1efe7288b0d 100644
--- a/geonode/base/models.py
+++ b/geonode/base/models.py
@@ -41,7 +41,7 @@
 from django.contrib.auth import get_user_model
 from django.db.models.fields.json import JSONField
 from django.utils.functional import cached_property, classproperty
-from django.contrib.gis.geos import Polygon, Point
+from django.contrib.gis.geos import GEOSGeometry, Polygon, Point
 from django.contrib.gis.db.models import PolygonField
 from django.core.exceptions import ValidationError
 from django.utils.translation import ugettext_lazy as _
@@ -204,6 +204,21 @@ def geographic_bounding_box(self):
         """BBOX is in the format: [x0,x1,y0,y1]."""
         return bbox_to_wkt(self.bbox_x0, self.bbox_x1, self.bbox_y0, self.bbox_y1, srid=self.srid)
 
+    @property
+    def geom(self):
+        srid, wkt = self.geographic_bounding_box.split(";")
+        srid = re.findall(r"\d+", srid)
+        geom = GEOSGeometry(wkt, srid=int(srid[0]))
+        geom.transform(4326)
+        return geom
+
+    def is_assignable_to_geom(self, extent_geom: GEOSGeometry):
+        region_geom = self.geom
+
+        if region_geom.contains(extent_geom) or region_geom.overlaps(extent_geom):
+            return True
+        return False
+
     class Meta:
         ordering = ("name",)
         verbose_name_plural = "Metadata Regions"
diff --git a/geonode/base/tests.py b/geonode/base/tests.py
index 7ee9a49b557..3c6cfb9b4f2 100644
--- a/geonode/base/tests.py
+++ b/geonode/base/tests.py
@@ -48,13 +48,14 @@
     Menu,
     MenuItem,
     Configuration,
+    Region,
     TopicCategory,
     Thesaurus,
     ThesaurusKeyword,
     generate_thesaurus_reference,
 )
 from django.conf import settings
-from django.contrib.gis.geos import Polygon
+from django.contrib.gis.geos import Polygon, GEOSGeometry
 from django.template import Template, Context
 from django.contrib.auth import get_user_model
 from geonode.storage.manager import storage_manager
@@ -1124,3 +1125,41 @@ def test_keyword_raise_db_error(self, add_root_mocked):
             "Error during the keyword creation for keyword: keyword2",
             [x.message for x in _log.records],
         )
+
+
+class TestRegions(GeoNodeBaseTestSupport):
+    def setUp(self):
+        self.dataset_inside_region = GEOSGeometry(
+            "POLYGON ((-4.01799226543944599 57.18451093931114571, 8.89409253052255622 56.91828238681708285, \
+            9.29343535926363984 47.73339732577194638, -3.75176371294537603 48.13274015451304422,   \
+            -4.01799226543944599 57.18451093931114571))",
+            srid=4326,
+        )
+
+        self.dataset_overlapping_region = GEOSGeometry(
+            "POLYGON ((15.28357779038003628 33.6232840435866791, 28.19566258634203848 33.35705549109261625, \
+            28.5950054150831221 24.17217043004747978, 15.54980634287410624 24.57151325878857762, \
+            15.28357779038003628 33.6232840435866791))",
+            srid=4326,
+        )
+
+        self.dataset_outside_region = GEOSGeometry(
+            "POLYGON ((-3.75176371294537603 23.10725622007123548, 9.16032108301662618 22.84102766757717262, \
+            9.5596639117577098 13.65614260653203615, -3.48553516045130607 14.05548543527313399, \
+            -3.75176371294537603 23.10725622007123548))",
+            srid=4326,
+        )
+
+    def test_region_assignment_for_extent(self):
+        region = Region.objects.get(code="EUR")
+
+        self.assertTrue(
+            region.is_assignable_to_geom(self.dataset_inside_region), "Extent inside a region shouldn't be assigned"
+        )
+        self.assertTrue(
+            region.is_assignable_to_geom(self.dataset_overlapping_region),
+            "Extent overlapping a region should be assigned",
+        )
+        self.assertFalse(
+            region.is_assignable_to_geom(self.dataset_outside_region), "Extent outside a region should be assigned"
+        )
diff --git a/geonode/resource/utils.py b/geonode/resource/utils.py
index 70dda53f921..ca7175c799b 100644
--- a/geonode/resource/utils.py
+++ b/geonode/resource/utils.py
@@ -483,13 +483,7 @@ def metadata_post_save(instance, *args, **kwargs):
             regions_to_add = []
             for region in queryset:
                 try:
-                    srid2, wkt2 = region.geographic_bounding_box.split(";")
-                    srid2 = re.findall(r"\d+", srid2)
-
-                    poly2 = GEOSGeometry(wkt2, srid=int(srid2[0]))
-                    poly2.transform(4326)
-
-                    if not poly2.intersection(poly1).empty:
+                    if region.is_assignable_to_geom(poly1):
                         regions_to_add.append(region)
                     if region.level == 0 and region.parent is None:
                         global_regions.append(region)
@@ -498,7 +492,7 @@ def metadata_post_save(instance, *args, **kwargs):
                     if tb:
                         logger.debug(tb)
             if regions_to_add or global_regions:
-                if regions_to_add and len(regions_to_add) > 0 and len(regions_to_add) <= 30:
+                if regions_to_add:
                     instance.regions.add(*regions_to_add)
                 else:
                     instance.regions.add(*global_regions)

From 910455379ce0aabbfafc3b7f3b45a82ebdf6b2df Mon Sep 17 00:00:00 2001
From: Emanuele Tajariol <etj@geo-solutions.it>
Date: Wed, 12 Jul 2023 16:45:16 +0200
Subject: [PATCH 074/330] [Fixes #11259] Faceting: fixes (#11260)

---
 geonode/facets/providers/keyword.py | 12 +++++++++---
 geonode/facets/providers/users.py   |  4 ++--
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/geonode/facets/providers/keyword.py b/geonode/facets/providers/keyword.py
index 570f2e04cbb..4d377538a2d 100644
--- a/geonode/facets/providers/keyword.py
+++ b/geonode/facets/providers/keyword.py
@@ -55,10 +55,16 @@ def get_facet_items(
     ) -> (int, list):
         logger.debug("Retrieving facets for %s", self.name)
 
-        q = queryset.values("keywords__slug", "keywords__name").filter(keywords__isnull=False)
+        filters = {"keywords__isnull": False}
         if topic_contains:
-            q = q.filter(keywords__name=topic_contains)
-        q = q.annotate(count=Count("keywords__slug")).order_by("-count")
+            filters["keywords__name__icontains"] = topic_contains
+
+        q = (
+            queryset.filter(**filters)
+            .values("keywords__slug", "keywords__name")
+            .annotate(count=Count("keywords__slug"))
+            .order_by("-count")
+        )
 
         cnt = q.count()
 
diff --git a/geonode/facets/providers/users.py b/geonode/facets/providers/users.py
index a6399952868..80e47c50952 100644
--- a/geonode/facets/providers/users.py
+++ b/geonode/facets/providers/users.py
@@ -39,8 +39,8 @@ def name(self) -> str:
     def get_info(self, lang="en", **kwargs) -> dict:
         return {
             "name": "owner",
-            "key": "owner",  # deprecated
-            "filter": "owner",
+            "key": "filter{owner.pk.in}",  # deprecated
+            "filter": "filter{owner.pk.in}",
             "label": "Owner",
             "type": FACET_TYPE_USER,
         }

From b3f3764bdaaf5f58e57bb2a05f0839d2472ef6b5 Mon Sep 17 00:00:00 2001
From: etj <etj@geo-solutions.it>
Date: Mon, 17 Jul 2023 17:34:11 +0200
Subject: [PATCH 075/330] [Fixes #11273] Faceting: /facets loses some filters
 along the way

---
 geonode/facets/tests.py | 56 ++++++++++++++++++++++++++++++++++++++---
 geonode/facets/views.py |  4 ++-
 2 files changed, 56 insertions(+), 4 deletions(-)

diff --git a/geonode/facets/tests.py b/geonode/facets/tests.py
index 50a7cef842c..127ada7cd7a 100644
--- a/geonode/facets/tests.py
+++ b/geonode/facets/tests.py
@@ -29,6 +29,7 @@
 
 from geonode.base.models import Thesaurus, ThesaurusLabel, ThesaurusKeyword, ThesaurusKeywordLabel, ResourceBase, Region
 from geonode.facets.models import facet_registry
+from geonode.facets.providers.baseinfo import FeaturedFacetProvider
 from geonode.facets.providers.region import RegionFacetProvider
 from geonode.tests.base import GeoNodeBaseTestSupport
 import geonode.facets.views as views
@@ -136,13 +137,13 @@ def _create_resources(self):
             # RB19 ->  T0K0 T0K1                       FEAT
 
             if x % 2 == 1:
-                print(f"ADDING KEYWORDS {self.thesauri_k['0_0']} to RB {d}")
+                logger.debug(f"ADDING KEYWORDS {self.thesauri_k['0_0']} to RB {d}")
                 d.tkeywords.add(self.thesauri_k["0_0"])
             if x % 2 == 1 and x > 10:
-                print(f"ADDING KEYWORDS {self.thesauri_k['0_1']} to RB {d}")
+                logger.debug(f"ADDING KEYWORDS {self.thesauri_k['0_1']} to RB {d}")
                 d.tkeywords.add(self.thesauri_k["0_1"])
             if x < 10:
-                print(f"ADDING KEYWORDS {self.thesauri_k['1_0']} to RB {d}")
+                logger.debug(f"ADDING KEYWORDS {self.thesauri_k['1_0']} to RB {d}")
                 d.tkeywords.add(self.thesauri_k["1_0"])
             if 7 < x < 13:
                 d.tkeywords.add(self.thesauri_k["1_1"])
@@ -335,6 +336,55 @@ def test_prefiltering(self):
             self.assertEqual(totals, obj["topics"]["total"], f"Bad totals for facet '{facet} and filter {filters}")
             self.assertEqual(count0, obj["topics"]["items"][0]["count"], f"Bad count0 for facet '{facet}")
 
+    def test_prefiltering_tkeywords(self):
+        regname = RegionFacetProvider().name
+        featname = FeaturedFacetProvider().name
+        t1filter = facet_registry.get_provider("t_1").get_info()["filter"]
+        tkey_1_1 = self.thesauri_k["1_1"].id
+
+        expected_region = {"R1": 1}
+        expected_feat = {True: 2, False: 3}
+
+        # Run the single requests
+        for facet, params, items in (
+            (regname, {t1filter: tkey_1_1}, expected_region),
+            (featname, {t1filter: tkey_1_1}, expected_feat),
+        ):
+            req = self.rf.get(reverse("get_facet", args=[facet]), data=params)
+            res: JsonResponse = views.get_facet(req, facet)
+            obj = json.loads(res.content)
+
+            self.assertEqual(
+                len(items),
+                len(obj["topics"]["items"]),
+                f"Bad count for items '{facet} \n PARAMS: {params} \n RESULT: {obj} \n EXPECTED: {items}",
+            )
+            # search item
+            for item in items.keys():
+                found = next((i for i in obj["topics"]["items"] if i["key"] == item), None)
+                self.assertIsNotNone(found, f"Topic '{item}' not found in facet {facet} -- {obj}")
+                self.assertEqual(items[item], found.get("count", None), f"Bad count for facet '{facet}:{item}")
+
+        # Run the single request
+        req = self.rf.get(reverse("list_facets"), data={"include_topics": 1, t1filter: tkey_1_1})
+        res: JsonResponse = views.list_facets(req)
+        obj = json.loads(res.content)
+
+        facets_list = obj["facets"]
+        fmap = self._facets_to_map(facets_list)
+
+        for name, items in (
+            (regname, expected_region),
+            (featname, expected_feat),
+        ):
+            self.assertIn(name, fmap)
+            facet = fmap[name]
+
+            for item in items.keys():
+                found = next((i for i in facet["topics"]["items"] if i["key"] == item), None)
+                self.assertIsNotNone(found, f"Topic '{item}' not found in facet {facet} -- {facet}")
+                self.assertEqual(items[item], found.get("count", None), f"Bad count for facet '{facet}:{item}")
+
     def test_config(self):
         for facet, type, order in (
             ("resourcetype", None, None),
diff --git a/geonode/facets/views.py b/geonode/facets/views.py
index e3a8185ae4c..b6e876f1a4d 100644
--- a/geonode/facets/views.py
+++ b/geonode/facets/views.py
@@ -53,6 +53,7 @@ def list_facets(request, **kwargs):
     include_config = _resolve_boolean(request, PARAM_INCLUDE_CONFIG, False)
 
     facets = []
+    prefiltered = None
 
     for provider in facet_registry.get_providers():
         logger.debug("Fetching data from provider %r", provider)
@@ -68,7 +69,8 @@ def list_facets(request, **kwargs):
             info["link"] = f"{reverse('get_facet', args=[info['name']])}?{urlencode(link_args)}"
 
         if include_topics:
-            info["topics"] = _get_topics(provider, queryset=_prefilter_topics(request), lang=lang)
+            prefiltered = prefiltered or _prefilter_topics(request)
+            info["topics"] = _get_topics(provider, queryset=prefiltered, lang=lang)
 
         facets.append(info)
 

From 20efc5064ed416f885135e2d71af7a2b8ae0e4dc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 19 Jul 2023 10:00:31 +0200
Subject: [PATCH 076/330] Bump word-wrap from 1.2.3 to 1.2.4 in
 /geonode/monitoring/frontend (#11276)

Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.4.
- [Release notes](https://github.com/jonschlinkert/word-wrap/releases)
- [Commits](https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4)

---
updated-dependencies:
- dependency-name: word-wrap
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 geonode/monitoring/frontend/yarn.lock | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/geonode/monitoring/frontend/yarn.lock b/geonode/monitoring/frontend/yarn.lock
index d8f15f3051a..d0fab64321f 100644
--- a/geonode/monitoring/frontend/yarn.lock
+++ b/geonode/monitoring/frontend/yarn.lock
@@ -2337,11 +2337,16 @@ core-js@^1.0.0:
   resolved "https://registry.yarnpkg.com/core-js/-/core-js-1.2.7.tgz#652294c14651db28fa93bd2d5ff2983a4f08c636"
   integrity sha512-ZiPp9pZlgxpWRu0M+YWbm6+aQ84XEfH1JRXvfOc/fILWI0VKhLC2LX13X1NYq4fULzLMq7Hfh43CSo2/aIaUPA==
 
-core-js@^2.4.0, core-js@^2.5.0, core-js@^2.5.1:
+core-js@^2.4.0, core-js@^2.5.0:
   version "2.6.12"
   resolved "https://registry.yarnpkg.com/core-js/-/core-js-2.6.12.tgz#d9333dfa7b065e347cc5682219d6f690859cc2ec"
   integrity sha512-Kb2wC0fvsWfQrgk8HU5lW6U/Lcs8+9aaYcy4ZFc6DDlo4nZ7n70dEgE5rtR0oG6ufKDUnrwfWL1mXR5ljDatrQ==
 
+core-js@^3.4.2:
+  version "3.31.1"
+  resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.31.1.tgz#f2b0eea9be9da0def2c5fece71064a7e5d687653"
+  integrity sha512-2sKLtfq1eFST7l7v62zaqXacPc7uG8ZAya8ogijLhTtaKNcpzpB4TMoTw2Si+8GYKRwFPMMtUT0263QFWFfqyQ==
+
 core-util-is@1.0.2:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.2.tgz#b5fd54220aa2bc5ab57aab7140c940754503c1a7"
@@ -6574,7 +6579,7 @@ react-simple-maps@0.12.1:
     d3-geo-projection "1.2.2"
     topojson-client "2.1.0"
 
-react-smooth@^1.0.0:
+react-smooth@^1.0.5:
   version "1.0.6"
   resolved "https://registry.yarnpkg.com/react-smooth/-/react-smooth-1.0.6.tgz#18b964f123f7bca099e078324338cd8739346d0a"
   integrity sha512-B2vL4trGpNSMSOzFiAul9kFAsxTukL9Wyy9EXtkQy3GJr6sZqW9e1nShdVOJ3hRYamPZ94O17r3Q0bjSw3UYtg==
@@ -6706,20 +6711,20 @@ recharts-scale@^0.4.2:
   dependencies:
     decimal.js-light "^2.4.1"
 
-recharts@1.6.2:
-  version "1.6.2"
-  resolved "https://registry.yarnpkg.com/recharts/-/recharts-1.6.2.tgz#4ced884f04b680e8dac5d3e109f99b0e7cfb9b0f"
-  integrity sha512-NqVN8Hq5wrrBthTxQB+iCnZjup1dc+AYRIB6Q9ck9UjdSJTt4PbLepGpudQEYJEN5iIpP/I2vThC4uiTJa7xUQ==
+recharts@1.8.6:
+  version "1.8.6"
+  resolved "https://registry.yarnpkg.com/recharts/-/recharts-1.8.6.tgz#ba651a4610dbac936da5001f8cb556b36a170410"
+  integrity sha512-UlfSEOnZRAxxaH33Fc86yHEcqN+IRauPP31NfVvlGudtwVZEIb2RFI5b1J3npQo7XyoSnkUodg3Ha6EupkV+SQ==
   dependencies:
     classnames "^2.2.5"
-    core-js "^2.5.1"
+    core-js "^3.4.2"
     d3-interpolate "^1.3.0"
     d3-scale "^2.1.0"
     d3-shape "^1.2.0"
     lodash "^4.17.5"
     prop-types "^15.6.0"
     react-resize-detector "^2.3.0"
-    react-smooth "^1.0.0"
+    react-smooth "^1.0.5"
     recharts-scale "^0.4.2"
     reduce-css-calc "^1.3.0"
 
@@ -8464,9 +8469,9 @@ wide-align@^1.1.0:
     string-width "^1.0.2 || 2 || 3 || 4"
 
 word-wrap@~1.2.3:
-  version "1.2.3"
-  resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.3.tgz#610636f6b1f703891bd34771ccb17fb93b47079c"
-  integrity sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==
+  version "1.2.4"
+  resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.4.tgz#cb4b50ec9aca570abd1f52f33cd45b6c61739a9f"
+  integrity sha512-2V81OA4ugVo5pRo46hAoD2ivUJx8jXmWXfUkY4KFNw0hEptvN0QfH3K4nHiwzGeKl5rFKedV48QVoqYavy4YpA==
 
 wordwrap@~0.0.2:
   version "0.0.3"

From be723297ed6946763e8e091ec821e353fc24194a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 19 Jul 2023 10:36:05 +0200
Subject: [PATCH 077/330] Bump invoke from 2.1.3 to 2.2.0 (#11271)

* Bump invoke from 2.1.3 to 2.2.0

Bumps [invoke](https://github.com/pyinvoke/invoke) from 2.1.3 to 2.2.0.
- [Commits](https://github.com/pyinvoke/invoke/compare/2.1.3...2.2.0)

---
updated-dependencies:
- dependency-name: invoke
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 17733ac070d..73b3383050e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -147,7 +147,7 @@ uWSGI==2.0.21
 gunicorn==20.1.0
 ipython==8.14.0
 docker==6.1.3
-invoke==2.1.3
+invoke==2.2.0
 
 # tests
 coverage==7.2.7
diff --git a/setup.cfg b/setup.cfg
index 6f5b98c65aa..054f960c72b 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -172,7 +172,7 @@ install_requires =
     gunicorn==20.1.0
     ipython==8.14.0
     docker==6.1.3
-    invoke==2.1.3
+    invoke==2.2.0
 
     # tests
     coverage==7.2.7

From 61c546f8b2d924a4690399cdb25d95362a88df74 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 19 Jul 2023 10:36:35 +0200
Subject: [PATCH 078/330] Bump boto3 from 1.28.1 to 1.28.3 (#11270)

* Bump boto3 from 1.28.1 to 1.28.3

Bumps [boto3](https://github.com/boto/boto3) from 1.28.1 to 1.28.3.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.28.1...1.28.3)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 73b3383050e..f4277547478 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -113,7 +113,7 @@ django-storages==1.13.2
 dropbox==11.36.2
 google-cloud-storage==2.10.0
 google-cloud-core==2.3.3
-boto3==1.28.1
+boto3==1.28.3
 
 # Django Caches
 python-memcached<=1.59
diff --git a/setup.cfg b/setup.cfg
index 054f960c72b..a0680178b17 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -138,7 +138,7 @@ install_requires =
     dropbox==11.36.2
     google-cloud-storage==2.10.0
     google-cloud-core==2.3.3
-    boto3==1.28.1
+    boto3==1.28.3
 
     # Django Caches
     python-memcached<=1.59

From 279ce27a7dc43b950f00be33d3d15207c1c15a58 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 19 Jul 2023 10:36:52 +0200
Subject: [PATCH 079/330] Bump jsonschema from 4.18.0 to 4.18.3 (#11267)

* Bump jsonschema from 4.18.0 to 4.18.3

Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.18.0 to 4.18.3.
- [Release notes](https://github.com/python-jsonschema/jsonschema/releases)
- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/python-jsonschema/jsonschema/compare/v4.18.0...v4.18.3)

---
updated-dependencies:
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index f4277547478..3b99937e9da 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -20,7 +20,7 @@ vine==5.0.0
 tqdm==4.65.0
 Deprecated==1.2.14
 wrapt==1.15.0
-jsonschema==4.18.0
+jsonschema==4.18.3
 zipstream-new==1.1.8
 schema==0.7.5
 rdflib==6.3.2
diff --git a/setup.cfg b/setup.cfg
index a0680178b17..061a1917fe3 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -46,7 +46,7 @@ install_requires =
     tqdm==4.65.0
     Deprecated==1.2.14
     wrapt==1.15.0
-    jsonschema==4.18.0
+    jsonschema==4.18.3
     zipstream-new==1.1.8
     schema==0.7.5
     rdflib==6.3.2

From e5a47d50c348beb19560ea4ff71941d4212a37ff Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 19 Jul 2023 10:38:35 +0200
Subject: [PATCH 080/330] Bump pathvalidate from 3.0.0 to 3.1.0 (#11268)

* Bump pathvalidate from 3.0.0 to 3.1.0

Bumps [pathvalidate](https://github.com/thombashi/pathvalidate) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/thombashi/pathvalidate/releases)
- [Commits](https://github.com/thombashi/pathvalidate/compare/v3.0.0...v3.1.0)

---
updated-dependencies:
- dependency-name: pathvalidate
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 3b99937e9da..4dc3fe59083 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -26,7 +26,7 @@ schema==0.7.5
 rdflib==6.3.2
 smart_open==6.3.0
 PyMuPDF==1.22.5
-pathvalidate==3.0.0
+pathvalidate==3.1.0
 
 # Django Apps
 django-allauth==0.54.0
diff --git a/setup.cfg b/setup.cfg
index 061a1917fe3..465bbf2b4bd 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -52,7 +52,7 @@ install_requires =
     rdflib==6.3.2
     smart_open==6.3.0
     PyMuPDF==1.22.5
-    pathvalidate==3.0.0
+    pathvalidate==3.1.0
 
     # Django Apps
     django-allauth==0.54.0

From 320892c572a267ed1f2d205af100af8728481325 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 19 Jul 2023 10:39:56 +0200
Subject: [PATCH 081/330] Bump pip from 23.1.2 to 23.2 (#11266)

* Bump pip from 23.1.2 to 23.2

Bumps [pip](https://github.com/pypa/pip) from 23.1.2 to 23.2.
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](https://github.com/pypa/pip/compare/23.1.2...23.2)

---
updated-dependencies:
- dependency-name: pip
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 4dc3fe59083..74ff30058e3 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -160,7 +160,7 @@ splinter==0.19.0
 pytest-splinter==3.3.2
 pytest-django==4.5.2
 setuptools>=59.1.1,<68.1.0
-pip==23.1.2
+pip==23.2
 Twisted==22.10.0
 pixelmatch==0.3.0
 factory-boy==3.2.1
diff --git a/setup.cfg b/setup.cfg
index 465bbf2b4bd..d4b92a88e3b 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -185,7 +185,7 @@ install_requires =
     pytest-splinter==3.3.2
     pytest-django==4.5.2
     setuptools>=59.1.1,<68.1.0
-    pip==23.1.2
+    pip==23.2
     Twisted==22.10.0
     pixelmatch==0.3.0
     factory-boy==3.2.1

From abf6803a104a249421d2636e25f1b60d111adf81 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 19 Jul 2023 10:41:38 +0200
Subject: [PATCH 082/330] Bump sqlalchemy from 2.0.18 to 2.0.19 (#11269)

* Bump sqlalchemy from 2.0.18 to 2.0.19

Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.18 to 2.0.19.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

---
updated-dependencies:
- dependency-name: sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 74ff30058e3..4bc6f0e5eff 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -56,7 +56,7 @@ pyjwt==2.7.0
 pyproj<3.7.0
 OWSLib==0.29.2
 pycsw==2.6.1
-SQLAlchemy==2.0.18 # required by PyCSW
+SQLAlchemy==2.0.19 # required by PyCSW
 Shapely==1.8.5.post1
 mercantile==1.2.1
 geoip2==4.7.0
diff --git a/setup.cfg b/setup.cfg
index d4b92a88e3b..9b959977265 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -82,7 +82,7 @@ install_requires =
     pyproj<3.7.0
     OWSLib==0.29.2
     pycsw==2.6.1
-    SQLAlchemy==2.0.18 # required by PyCSW
+    SQLAlchemy==2.0.19 # required by PyCSW
     Shapely==1.8.5.post1
     mercantile==1.2.1
     geoip2==4.7.0

From fdaa8ba3b62d9344cd465123d57f37fbcd03e8d4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 19 Jul 2023 11:56:16 +0200
Subject: [PATCH 083/330] Bump pyjwt from 2.7.0 to 2.8.0 (#11280)

* Bump pyjwt from 2.7.0 to 2.8.0

Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.7.0 to 2.8.0.
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/jpadilla/pyjwt/compare/2.7.0...2.8.0)

---
updated-dependencies:
- dependency-name: pyjwt
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 4bc6f0e5eff..9371ba8f79e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -50,7 +50,7 @@ django-widget-tweaks==1.4.12
 django-sequences==2.7
 oauthlib==3.2.2
 pyopenssl==23.2.0
-pyjwt==2.7.0
+pyjwt==2.8.0
 
 # geopython dependencies
 pyproj<3.7.0
diff --git a/setup.cfg b/setup.cfg
index 9b959977265..fa2a1178b7c 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -76,7 +76,7 @@ install_requires =
     django-sequences==2.7
     oauthlib==3.2.2
     pyopenssl==23.2.0
-    pyjwt==2.7.0
+    pyjwt==2.8.0
 
     # geopython dependencies
     pyproj<3.7.0

From b52ac9d1796cafbae69b95879bd0621e91235f12 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 19 Jul 2023 11:56:38 +0200
Subject: [PATCH 084/330] Bump boto3 from 1.28.1 to 1.28.5 (#11279)

* Bump sqlalchemy from 2.0.18 to 2.0.19 (#11269)

* Bump sqlalchemy from 2.0.18 to 2.0.19

Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.18 to 2.0.19.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

---
updated-dependencies:
- dependency-name: sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>

* Bump boto3 from 1.28.1 to 1.28.5

Bumps [boto3](https://github.com/boto/boto3) from 1.28.1 to 1.28.5.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.28.1...1.28.5)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 9371ba8f79e..17ef9ea54a5 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -113,7 +113,7 @@ django-storages==1.13.2
 dropbox==11.36.2
 google-cloud-storage==2.10.0
 google-cloud-core==2.3.3
-boto3==1.28.3
+boto3==1.28.5
 
 # Django Caches
 python-memcached<=1.59
diff --git a/setup.cfg b/setup.cfg
index fa2a1178b7c..3b87a7c6909 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -138,7 +138,7 @@ install_requires =
     dropbox==11.36.2
     google-cloud-storage==2.10.0
     google-cloud-core==2.3.3
-    boto3==1.28.3
+    boto3==1.28.5
 
     # Django Caches
     python-memcached<=1.59

From e780750ae26e879d2cc67a1cbdd577d32621ed4b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 19 Jul 2023 11:56:56 +0200
Subject: [PATCH 085/330] Bump gunicorn from 20.1.0 to 21.1.0 (#11278)

* Bump gunicorn from 20.1.0 to 21.1.0

Bumps [gunicorn](https://github.com/benoitc/gunicorn) from 20.1.0 to 21.1.0.
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](https://github.com/benoitc/gunicorn/compare/20.1.0...21.1.0)

---
updated-dependencies:
- dependency-name: gunicorn
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 17ef9ea54a5..b5b5c9be906 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -144,7 +144,7 @@ pycountry
 
 # production
 uWSGI==2.0.21
-gunicorn==20.1.0
+gunicorn==21.1.0
 ipython==8.14.0
 docker==6.1.3
 invoke==2.2.0
diff --git a/setup.cfg b/setup.cfg
index 3b87a7c6909..424e3cdc7cf 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -169,7 +169,7 @@ install_requires =
 
     # production
     uWSGI==2.0.21
-    gunicorn==20.1.0
+    gunicorn==21.1.0
     ipython==8.14.0
     docker==6.1.3
     invoke==2.2.0

From 4d893a19ade200bb3186bfa63099fbb0dc2412be Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 19 Jul 2023 11:57:15 +0200
Subject: [PATCH 086/330] Bump jsonschema from 4.18.0 to 4.18.4 (#11277)

* Bump jsonschema from 4.18.0 to 4.18.4

Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.18.0 to 4.18.4.
- [Release notes](https://github.com/python-jsonschema/jsonschema/releases)
- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/python-jsonschema/jsonschema/compare/v4.18.0...v4.18.4)

---
updated-dependencies:
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index b5b5c9be906..9c40b5461a8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -20,7 +20,7 @@ vine==5.0.0
 tqdm==4.65.0
 Deprecated==1.2.14
 wrapt==1.15.0
-jsonschema==4.18.3
+jsonschema==4.18.4
 zipstream-new==1.1.8
 schema==0.7.5
 rdflib==6.3.2
diff --git a/setup.cfg b/setup.cfg
index 424e3cdc7cf..2e6ec3fa19d 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -46,7 +46,7 @@ install_requires =
     tqdm==4.65.0
     Deprecated==1.2.14
     wrapt==1.15.0
-    jsonschema==4.18.3
+    jsonschema==4.18.4
     zipstream-new==1.1.8
     schema==0.7.5
     rdflib==6.3.2

From a4cb52f3cf41592021b6b89babaef36551e365d6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 19 Jul 2023 12:56:17 +0200
Subject: [PATCH 087/330] Bump factory-boy from 3.2.1 to 3.3.0 (#11281)

* Bump factory-boy from 3.2.1 to 3.3.0

Bumps [factory-boy](https://github.com/FactoryBoy/factory_boy) from 3.2.1 to 3.3.0.
- [Changelog](https://github.com/FactoryBoy/factory_boy/blob/master/docs/changelog.rst)
- [Commits](https://github.com/FactoryBoy/factory_boy/compare/3.2.1...3.3.0)

---
updated-dependencies:
- dependency-name: factory-boy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 9c40b5461a8..a9d73c1d309 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -163,7 +163,7 @@ setuptools>=59.1.1,<68.1.0
 pip==23.2
 Twisted==22.10.0
 pixelmatch==0.3.0
-factory-boy==3.2.1
+factory-boy==3.3.0
 flaky==3.7.0
 selenium>=4.1.0,<5.0.0
 selenium-requests==2.0.3
diff --git a/setup.cfg b/setup.cfg
index 2e6ec3fa19d..3bbf22b9465 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -188,7 +188,7 @@ install_requires =
     pip==23.2
     Twisted==22.10.0
     pixelmatch==0.3.0
-    factory-boy==3.2.1
+    factory-boy==3.3.0
     flaky==3.7.0
     selenium>=4.1.0,<5.0.0
     selenium-requests==2.0.3

From 2bdd2422ae20a389cd2a2910bb6afc121ce27656 Mon Sep 17 00:00:00 2001
From: etj <etj@geo-solutions.it>
Date: Thu, 20 Jul 2023 13:34:55 +0200
Subject: [PATCH 088/330] [Fixes #11225] Italian translations aren't built with
 the latest fixes [Fixes #11264] Fix the italian translation for Position

---
 geonode/locale/it/LC_MESSAGES/django.mo |  Bin 155297 -> 161119 bytes
 geonode/locale/it/LC_MESSAGES/django.po | 2510 ++++++++++-------------
 2 files changed, 1052 insertions(+), 1458 deletions(-)

diff --git a/geonode/locale/it/LC_MESSAGES/django.mo b/geonode/locale/it/LC_MESSAGES/django.mo
index a093d7f2986572518ff6c3196a2195cdfea49d9e..0a9e88e7f7d43b2150075b76272bf4703f194b8f 100644
GIT binary patch
delta 38086
zcmajo2Xs``;{N?J2{rUy149ip^j?B=kls6lBtSGIkV1z6K@gQ92oVsFCPj)6Ac*wd
z5v2(N(yO4-tN-sadxwkn{oVDRwT_>?_u0LinZ$VSf~~19-AV1am^s-DhpS8q$H|Ld
zmUEn-RF0E2M5&IGY8<zZ<D|xXF2~6{-f?D<UT%Wp^d<cOhLK+OQ^!e%Ge2{jc06DF
zx#Kjz=h%hxph=EXm-y_-juV3yu)pJYoYqquC!B=ss0YQTI?gnli!HJ27mm{jM`IZN
zighrEOt+Peqws_2j#B||BV%y<zcd|fiLu0QpvKgd;kL)^xHhB5ak4R-$|UUnmQmvy
ztcYorI!+#}gW0ef`e8I?!jYH{r(giC#v*tcGvF&!N762HoZ46$nPg`qGQrL`^rL-e
zk^=Y@rp85>5?5gp+<<lPAFPITmOD-f9EKBd3GT)+E69Tn@kjZc<21%KE9pEw!{pe0
zmE+{cuISN7h7*vJFbmGN@dPYPd@pJy?qGIIvD)a5If+-a@#a{7cqpo#@z&X>8C-4S
zdr%!XyPEY^!_P>Nerrs@yr_6tEQWPaQ~Mzn!Y@!WumJ<`cl$im_l`4%%@&BINk6pK
zZ0cvI0c2apzQA&r3tO&Z{`DZ71nvHhu_!LI9<&+%M2*xh!Eth9A=FINMy0p6Mq*at
z6EFvUjmo#)dKi`e3M$`AkA0AFy~!AW>S1jxiQP~g`vl#%#6I7L>i9ML+}U78?2nqU
z_fh3zu{(Z)uYB3usE)n-!OWZ|%Vx7FYG67Zyoaf<C2F^Jvi3x6%08F{BQYa>gc{Lw
z)RL`4<=ckoaUZJQQ}+2)8-I*xbpCyRG`l|oW+r29R7It2JP6gHHmII=MIF-^RK=q)
z15U<*I1kmao#=-@+vgWhyZ;Z=03KpG+ILcJF$J=rDk_TF1C@~(bGoA%3`R|DBx+6L
zQ5{;1HE|y{L*K1tDO#aAG79~13aXw}*3FoX_MQC%+;|Gr@DtP&`foE!Pz3W3FNJlm
zF{+}8$P_v=tqV~zvf9SCSP!6P^rU@$12v<M(4!H&CXfxYZFijVSQ2%PdtiPXjaBd)
zERJV!IQr}``A4CqbS-KL_hM>1i>mhuYA-yqrrc?kCi_n2UsGCu1dXIAYK=OeHdQy9
z9*3IBF{qiDhN^HjYQ)P??}tQGz6+><-ABDIQtUDvDuLaJS45Scw##FBvVa6_mX)Xu
zBwDwkrfRo+egrl3XHa|P8ma@2&<A~XoASv~9Z7?}nAgVLsDYM4m9OO?poW`UJE0m3
zK{XVC+H6Bn$8oBC9*<hnZ&2me+4QZbDc^_6{~PAUtEfHn2GwxxJw{In0?JSw^I?0`
z8pdKloPb)}6{soQW}lx%y+Ute3Kyf?Yj(NcKJz(W4Ap@TQ3Hua&4>r9;#3p&I0p%+
z!E>k%{DJCW+Wn4`4D+IvqyVa-04$6ZaUgca+ISf2qTd0&8(?#+hm%mp^8~8H=@0VK
z!eUrZ=l?qbYT%glB&y+aSO_nnHjD2eGZUFnBPohXuY#$tA*zEd(YtvuCGj}a5{|Ub
zzeIIp0p_HA=SKp{coJ3NZ|H}2ZTb_;O8gC~;w*<vg{4qSR1Z5~AJiIeMQzGo?em*h
zlDOXyvu7$}MdFRoQ;on#0<|y^HI<K1Gg9%W=~#74LA)+%FEl}Qv^%E72-Kz<it6|j
z`+T;IFSqga*4?PR^z%{XUlrUTL3`jSY6O1A>=a{u;#E-3JEAu02ln~Ls2P}vs_+L)
zgC|fkdI8hpbxenkP<zYgxEWC9<IKM=3Asqnn){<VR1nK!8Jvr~aT~kb`N>TE_7kQ<
zr%@xnjoOs|pvo8i*)&)V)qx;X{Vh-(Y>Sz(r-wi$0@0WO$Ds;*iREw+s^U|qC3u0_
z3$9<x3}r`^4?s0s4KrgyRL44__DmEi-zTWeIvdNPXAuE4coNmXRa6h}pmzBa)S9L|
zX<nh3QP1;YB`k(+?17qM52_=RP<v}OYPX+6b?iQ>Bd$~4`aMn-6L1QnGE}nh#;CRL
zjHz)bYKF$z^y%nNJOMSeCs3RAG-`yup&Gi58pu-{Pj%YVlN;0O{Ffl0j8(h|>~7Qu
zJD?iujg>JPv*U8qOzl8bydTxUvzQ&PSf8Uhl<^FEjJ=Z`wJCF-H61R9nP}e$AfTzM
zhFP!?>J)TE&B$QX5`2mp*$h;}^HAm1*!Wh|)E~oacpf#dzfc|Y{nb2AhbosFJ!-HR
z0rjjVDr0@r$XlRB&;wN<6#HQ`s-g2X{T8bH6B~bnI#p@UF`JA$BjzRE<vexaU~G@4
z&olp;>QcY4epnUNpx*_)!(&F&xel^+#9G9o&>vT!@*hTZ`~>P<e;&0ba$Yp${ZaK*
z!txl3>Tvu;=3gV3PlBd&C2GpHVop4cIvuxA`JUQ%vP&jk7HbjI^D3yBtB<O$olOt3
zMq54B&lS*SnuTik8`LIRhZ@mA)Chk;_4rpCzl_=oH&OZiL@m(^)YPZ?-Ne(P^5sU=
zUkKH)N~m;CLjvOow8R#88Z~uAF7x)o5?CC&U{)N5dgabSjdY7mKZ5GuWmJc6TOZ(5
z;*U`S9e>4ic#_fM#1ru6!2&FZ+fhBef|`j(HlF6HIhOvY5fn#tpgL-)nqqzo!8$k=
zb$a%oX66j4gV#|r_6H`@`F~14$Lp2Nkn)<zm;rSRb6_s4fa*|l)LMt4W@aE3!a1nD
zvK^K0nDsgax~L!3p^`Vu^V(R8_MP?w)T8OB9?nHKE<yEtAAW!*Q5^}oX-3}J8jd=~
zLs9iiLM>IieZCSkz%4euAJx$_=+P#)L7*BwK&@TzTV{&OSnFT_>8&vZ4n-Z?(WsB(
z&ruC8MOC~Ob!>Oo_*wh>CaU~jn1Ii2G5<<fdE5N%Cjk!<54htve=8#<!)tfVuD*?m
z|AA`gZ`59J-7}wNnNjuCL%ji;q7U{$<qtv4Of;s!3HO-)A_S(B@Fo6$Vc6miGZX7k
zn{zX&;<Km*FQGQwpEjQQzFCsoSf2C}SOvSIW^@Lo#5t$|EJAf)nTLR;a6Oh~lN`rM
z#GOCQ+E2z^M88Izik^R&iUy)aI21MYQ?NMBLhX^=)(h6BSc>#aOlw-KZS}lQK)bw?
zO^8KpmN8fvKgW5v8`bmP4~>0M`64hC4o0o{XjF&3LQVBT)C?q|@@>U*xDN}m|D2Qd
z!BbSvoJVG@(xEcuwU$7g_o_DD7}FE)fLSpNwM4^E4UWP0ae__%1vTa8?DHF#Qs@7k
zO?YH8yzoAtvd3nm>9H6EvtUuIiTN=E-8dGtgp2L-?Wmc$f$HF0RL5VS2I%+1%v=sk
zuJd1zfTpGxX2Wu*ku*Y0X$w??eNdZmJZdv7Mpe8L)!-J?)bB*qbJ(U|Mm2l`Bk&=r
z{$5X+|I7sX63B|fP*Xky)xca-$CjWfUX9u-n{4_?RK*uiQ+vny1hqGOo|*d6p`PbK
zy+;C29d7xI`B%nvB;>%JsGbkD@k!Pts5RY+)p0j&#W$#tY<X@vxEnQ)qp0*NsDa$Z
z0{9oI;Vdsq$8x@4{xyQ4B&dfKQ0F@c-Pj5>0|TwYP*XnEIvq7*i!c+e#S*w1bK-r}
zH=mR*%@P*I+{Ejn+Uw~dFp9v3SQ_u3I+XL3>1h$v$V*^$EQ{)3BUHnkP)pMXRc-*P
z;*s|GL{$EGT#w68Gtm9D>8PhSfqW!PLS<ZunzF4}68EAC{AJUhpkAqOP&4CtW2W5C
znjf|6E25UP9(Ka6sF_=jZE=rz?s0PdV}2n}7B!M^%!@IY2dAPxu0)OO5EjPMs2O=_
z<Cz_ocL}Os8Pc0z795J|&?MBrzDCX5V$81dzm9+^K8WhTDb!S6LS?*XeSw;ZR4$h@
z7SkcG3g-*_49EMp95%j_nJ@diZ5_X4F7IZ3h1wgLlbiYqqh_!?rl5VN5`k7&6I<XU
z>u;!zmE`v;8gUhCH`Fm2gGF$;jUUId#Gj%%UM!`{yF`_(L8uvRjOtJ*dNk5OHeoDk
zv&}$F*&Lg`0&@}Hg4)%mQTZNVMSP6DSR$3nyN3c%@gP(^^-%AbHmE%lhT02}sazg!
zhEXJ_Ba`fd*_e;`3RDFLQRn$As^^zb?~T7~{1vLg^r_8^<-`2MOQ6nuQ{=<Oi9pTF
z6x1=Co7!U<+C+lB!<|7j@Dc+touAA5%B+c1h%ZO&-pe=zE2VKcO>r;w!i;H6Jp-{S
z@fo-fk6~9F$iE`1hDWg`ru3wDd0!ayQO7R|HPX?jshWTq=~Nq^gWlbX<49kJ+9Opm
zn0)n6Z_pN~-5!dnC&I?#P^W1mYKA>??1Rl1LBcNVgJm+hoKJBk>X;SCWE!rDs<<Jl
z;TEU{x}at*#6FKh4QM2~aWZOPYf!J~jgtN6944TQzh^cT|Ajh+&rxgdo5hSQGpb>K
z)aEOK+A}3l6;?$Z&*rG|ZBR4S4b`y^P@8ZBs@^G>MdyDW0d-)VeXtwV(9fvNa}L$O
zD_n+|=(a|(88tIIQJe3q^%iQ$o}tS7W-~9OBB+kHN7dgIQ|bJN5KsdVsE&+5H82e|
z#j{X7UV<9&dQ^iuQM>pAD*rt!jt}i~|Li7zX;g=*qt1T=RL6tSqs=mefEt*LI_Gmy
zJxoNc?RHeh4p@Ih<-dd4M9)!EoHK{Z`_3<cO0SDb4@QkV#>R)DUh$vh;QXtBWh7`<
zu0@UbxXpMTwT6FKU!sm_>YQdROQSkc2Q~7RsI?!8s&6c+BMVUV?m&Ge96`;*?>RaD
zfdpQW;N48Qj8#!RZh)%reQSHvh<c(n(?HbBj6*HS3{;1gU}H?M@mHwL>6hDdECVWD
z+G7LdQ6s5>s;D7qO*`21?x=<$tRqoNG#NF6Gf@MXk9zYRLv{Q<s-9=4k^f`OlE=h7
z0R&WW4b;>&Lv4-$s0t>aHqRHR8T#6~9Myr1SOmABX6BlG{scAUzIn}_%7Ch;II4pc
zk)`oC?Fgu6F&KaoP$ODn<D1Zz`0uC=Ttm&!UpDUYH^(eJsv~8w5_Uih<a1R0i%|6@
zqJAB>1C#6g@8QoH)U!jVH9dv;u(*Z&Fin1!Qv+kMEPijjjOB=DcAE~>NA2o%s1Xjt
z2KWVP6P`gG^CzhHLYe}+s%hUTO+Zsw&-y-UFSNDs-l&m(VB>>r+=KN={~Wc(Cr~3i
zi|WW_RK0JoF{UVJW~3$dBHjl*D!89OS-z4S!#+&SKZQ*P`V=*v_i?DbF&TAi)?rCJ
zhGp;ts)Hp0%nVjRjkqc56osP(6oq<Wjk4*p0yzK5FrNf%wk4<zt+DZqHscPPz7I8`
zqc(mDRq<~&{VwVY%0p|~VrC|aU@6k;qK;h@YRO}Zd0ftH0v-~y$#NGrYncyKaUiNd
zEmY6zqIPw6ERNw=9;ahz+=oH<2z44NmN0vyA(kLM1mDL+sL%fg9s-pKlq%`+{;fv{
zYN}VEHsJ{@jE`(QS1FfMhj>lYt9vB6aXM<#tw(LHlQ#YYbt<x#HcL_y^=9mf%I_I!
z6J}v=5)x6nG<TrO`3lRRzWE%$is+OvBd=ubiS0?Ah}wLYPz~O~F_@m;YUnd%Dr%-y
zppN+k?4$FayqwuY5vUAb<7hmN<FQqF)8jL!8F`GF!kiV%Ooien#6Q8gn5m+ffi<Wp
zK7ra>=_{F6b57Kf7R5X||0M}%Gc-btpbctMc10dL!Kfv=j5=01E1MBl!cU2RhH4;t
z6|;nHR6QS{_CO5g^x<zyQ16d<)lB`zF})f%ML<2eX1$H7;67@zJw<I!-|A-fr$jx^
zfLiOEsF|sb8c284De8y%5iAOIJSU(w^_Qq6UWDGy|4jr`;F!&D3N_MesI_y|Fa`3U
zUcF_lbx`kvR_Oh3LUni~YUC49`RCZ@-=R*)7Sx;eP7TigNCK}(P!EUKG`so})H{0~
zs-ktMbG--k@p=K3|1Rns{|xma%23OE?G8fC#1K>m#@hIFR7dBbI<Te|=f4<%T_or@
z-Nh($)izT+5VaSEp{8;)s^C{P{X0}g*IM_YI`}K9gEvw2K0-~oUy!LcKk9u_%tJs^
zTn{yM-O-KVHvXw~rgb5z;?<}<^P`RLK<$a6s1BS)y(zDu25`^D|3=N|3mf;Otz!yi
zMIAqX+=s1D$0^5qE@usHz;7|EuFLz!WNGV}FC5{hDgFvI<;zeVNkF||wxCA-8|uaO
z7wY|xt-i}?uJd1mfYxLps;9H@D1L+5l#vb0@ruJB;vQ6k+ffZ1M>Y5WHL_>uo$7|>
z)Z|C)`a-CgDUa$%9c-Zk9!j7v2??l*&f-|SjQZRUYh-3-f%PP61SuPvcY0}5yc3qg
zQCJ$kM}0<I#8Q~5iAk@7N)N$OwC_wJpjYf>o8fQN50CDqra)&bLwtfY5i1hEi6t=a
z`{v`g5$aVOgZ1zrHpX<#%&WZv>fQeXs)J|HqY9EYH>aR1x`}s2z59ouD#+5p<;=%!
zsGh$<RZz60*#qrR>0_}Pu0jpyCTdURZ{>12V;j`cti+PIvlZvRI)Oh(D2l~e8(X5L
zau627WvDmY37h^1b$p7pF|XA3P*WU@I&Sk(Bi(=v@E04;)z;Ks1+~|DwDp)5ODGB2
zgd<VkTqavrVOiowP$PJa+9Ms?nN8RWeTfgS##)D91=2^LHtYAOj_t7V)2K~(!(#)F
zu`3D5+M9FR3-t=_hnmulk<SokJL)~L3)PWh)-$Mven-8M|3po7+79LgRRHzks)WO_
zF%Ce_9s(**siRr5)~I7O5j922QB%FfrXNDRSngmh{2R6QX*-!?RT=fF?t&^8gIc=D
zsCw7h^b^P?_c-?m=u@mnXOp23>Yd&f)zB!^n{GU&#?MeoG6U6teW-lDqfW^!)J){;
zV$ORp)J#=IElCh6e++uR{|~nbV^EuBA_n48R7XzR=YODHy^m2d=F`>enS7`hOBvLR
z)k2l4hx%;jf_gDUVjCQdk@yRGfB#pvn<>}?bzE9vFZ>8~Os-;E%+THB3qj3Txb-s}
zMtl|OSQhJH*17{0Q9jg%*A&!gT8fSEC-i8<IeXeELQP!|>Z?;roBlbviO)cdbR%je
z_MjR#fg15s)Qc;9FSFYlq24duQK#e+)TaI%wV9Xq;{59!zmfz^X#xh}aa4f}!KOeK
z)E+2{+H93jr=ln7)ji8T--fDqH)^l!LoLBisQRwi=eJOs@ouoktWBEUW>fg1Dky^L
zSTUPk#->-nuB2B-ZK|2}`FvCdm*RL_i5h8z5SMr6TA>;oh#m0@)O+T(hk%Yps!;Rp
zE{Sg9V^A})5ViK(Pz`1dGas{gP)ku1wVNxVHeXHDlGMcj?1wrfQ&CH{0`(q9L@kZy
z5CM(!vGtYB;M>PEm>tzXe$<O60M&2>R0rR~y4W4N<2Tp>-(W3l-q)1>3{`$Qssr<p
zP3&>j5zy3}M2+AP`r!*y$CCFmYnK-FV#$bVu(*v!pc?)dJK$B+npY1uo3I7yIESJ(
z=XBI(%MlFH=l>f5+P$?uFa_JA&TBYoDu<&s(*o4y`wsQ#b_%r#(|u?<-Uv0N%~5-3
zh)o}k8u=L1o|uGgT!ATR-#JV`4gP{!<LjsyxsNK4KEf0ziCT(gsAJm>HB-^3awAbA
z9dFY&pf=?WR6TofDPF-ZUHm;!f6jjnx|%<VsUe}tKpv1`Ks4WiNlzZ*a@e0vT%60f
zPx`NeT;Bh-<G^6^vFbm><;>)H2x>`Q40U<`B(v5qm-8X<HP{#P40n0|(~hw?o%mDK
z9{Fqp=f4wyb0f@`$_gW0PDA2TF&Pz~!D!;YjWWN}X~}V|LHuJ>M|a{#>@eCid=k46
zZ#c%qf7`)NI9QK(`)OwH%)$!9*I@y?F^vlJxtwacnaX^qr6`VCf*PpJ(iOEACZRT0
z0&4B|qekvxKDBx4qn4s6YR|N_cDLz$QO9rqcEOPz0zm}MVs*?p!+Zv`#TmrM;|0vi
zJRiXq7>@hn&B)4qWu`a|wbmCf0I#4nwcjjr{tKW!j%!#upgt=+0|~eZ%*TSb12yui
zHr;o&dBqmSlB735RTPKXgi}#(venk3s8etc_2S7f$85fGsQfLg5y)osIG++wfgh~b
z%mXLG*XBE2ZPfD*@f-HUOw<}ynP)osq4hI#ll~p5Lq}}<u8pUiZ;o$CEXwot=&$oX
z!W-ZR4^+WTsN-_R#vfU;(7Hxm9`(FAYJ?xy_&C%E7ogsZ+im>3^*L&Wb1X0etB!8k
zclr`g#h;+2coAyE$5B0ffqLN-SZF@KJ7Z<yAK^s&0Y7H(>n$<^IJng0yM=o3WLjqS
zf<J0=Rz$r=YN1Dg1~#ENYInCsy`#fX$7BR@nw)v)hifoBZnhpo<v(k^i#kPbP~Rsq
zE;lpfwpK^I%G)jH{3}C$5(?u;R6`3<6(*pL=RVYo{AS}RSD23aqw<$S)l=7|w?TEF
zk9|JGIuXl~J{xsh53lf;j3-D?16NUNoBlhqBqgyG@rKw7<5B1S8LETjSDNG20CleW
zqh@rN^&`|C`4qL3i&3ARhfz!MtH(aLg8KAIy~<?hg_`O}8y||A@(I?NsI^^!TC%mM
z@B4dE9XW^k&UX_vga4q;d$!ePbJjy`R!>g?#R!Z<o%?Tb3hu))*kO&yI3Bf07o*;6
z+fg%h5Y@38*2ngFvhPj#^r#NiMoszqs8i4y8Gy%$C7`t$Z8J=>@vl%LSb=)=?m|uZ
zEz~i6iCVJUYt0^LfHA~7*!Uq-{`06AxR2^UvUTQrg&(HY`Oic^YnBI<u@GugRkJol
zAL3n674$%DwoufU%2-tXA*dypXrIqOE#VUD_oy}h5j7)wFu%_K2?FZCU)JZSwR9zz
zsm^Y7qh_Q8s-n86HGChnbm6F(oQUe+9Mtjs&UzGe>>i-<rCQJV*XGGhKna1UhU=i#
zwms(Il^czvh)>?&a_ZoZs6Frswe~4CnsV8&0r3*3`UapH{0Mct=b&bI2d2Q&8#(_P
z`2`YG;5rt^r#KS}B$_WAoA7<&={A{Pv3AC`#22B`pQ83ey&qiOzn<%jg^2%&TC%L0
zO@q0u1yGy5*k;bZM$noB^{f|aEeD}GGyyf$vruch5Y^CXn|>7au0M@h>%UPWevLXU
z*?%<U%c1J8j>^{xHG^F}1hfQUsI?r5sxTe{Fae|Syp6ZmVs`Z))C*-Imc;K-pZC9^
zUQiFQI+osQUSRz&i1-hvhM%Km-s8K?d~ryF+Lalt{-_a`K#iy}s^=|HGuFk%!%^j8
zQ5_hAnxU^y`4UlkY9DG3oVRgjyEpFPKRUBhgDThxRUiuWq8MkNFGV%96}5Q|p_b|d
zYN@W+_#;%q$#<CJnHBkPbaJBd`C}a{gL`%U2N1}>0k6E%G}v&r=}<U&Uy-OyITzL7
ze$<QQEb5ruMK$me)j?;E=|DPEJTGePi=#RagcYzgmeu+Hn1I$|BWmQ^P#+q<pw9ar
z=pE5sQ&CoH33T(kj*SPS@(o6<^?20M?L#f)CF@;OJ5SO3_djX(nYGP@>S<wYh1F3@
z@)@e<D^MNUf|c<kYR%K^H=DSiwK8g^n%a0*^e!oC=Eh+OjNi}s*KXWJf*Lr2+9VfI
zYwvr&oZq6TH7|vlsS2o$)IcpkTT}xf)*+}4OtQ{HZQeDg0d7W}x}Oes%nuaTNYF^!
z2Tem&P$RF6D%c%0mHn(^P#v0$KD;3ppxzUU4;fdXI<OHn;{B*4J%<|DBh(u<hv%@#
zSP`{$4NyI6hnkUosF4k`PC+;E#i$wBi~2%w0oCALRQ^|}k!Ct#Iuw8!NLf_<HBfIx
zPfG%t!uB{F!%!7HM=g!tQDatA#raUXy#n@N<W;dO@%Urr7mEk5FY)@vO~Whk0`U!~
z8Jqr-`N3s2meS|{MFQFkX->Gj|Gj@@)aDwG>fu&Y!QH4g+aXj3lKpIsXKJiSJOJOr
zZm2yn4|V*$MGY_kHKV&xOL+>@>-^s*pecOqO`s#cn2fotrBKgnqo%GIYN>kJ^eF2{
z>u1(ks3~8H>cBeGt9=*hd&5Qa{{8P20y>|!P$PYWn);X4<R?uBGN20jqdHK)S{Ai=
zgHR*ufNC%bm!k*u8B+X|nYph~?}r8G(Z}Fr0$Ovw)8=C{52}G6)S9<Ibu0w6Bp;v}
z7=Uwev`x=<#!P)-)M+S%MX(a8ovx@Q7>DZc%rl&SH-T05!7<dX{T<ct6Vx$DbJkQ;
z47J8BP{(R2s=`I6HQ#`mxvi)@vfn;GVxM2M-aswI{j;2ZolC!8&F6Jt)Jz1SK2}?y
z&g%%&i07m7uR$HZgV=~ua2fLxFMi&nH$inY7}cRgs1B||mEVBs_;C+`K?E+NM%w8&
z(@-3$BOjxdVkT-zm!LM`YE*}I+2=o_D!goch-xtT1@rrabf_h)gPPe!sQNwKY=-_e
z!#Aj7vlR8|w;t8-&!~paqt@;Ls$(fGnh|D0HIN_oU{O>D?&1V|h<9-KB~Ar1*5`Nc
zUh+5tFPnmcQEN5|Rq<F<52s-uE<!c%Gis0gihOE24^T7lH)>6Nu9))quq^S?s25ug
z{80H&1L|>AFCfl;Ujj<_5>?S$)KaXn@k7>gSfBJe*a6F2Gx^7(j_*v=%q_I8!2-m$
z;CqbtBCaOxzG05@alA?U&IJNmyS+EfgEOcRUPrw^USb(cam#e9GHSE6wec7%PJAlr
zMYS1K?f_~=enD-*2dIud$2yq&Hs^mUfrbP$1Ig}~B}j)_>&&PMi=w{GRzy|Q619ms
z+jt~uX@;O?(1Vq63aTUfZ2AfGZc@||KfJ^FSAx%7bDpzW15g>Nqc&R;)Mo01YN#JJ
z#VDJ;88!90Z2Y+O4C;k-2{oYWsCu8<^i=ma|C-wL_soySwXrbq2rPwPpc}VgCA@?h
zQMNx!$K2K`sB_%{^<L<Q>gZ_Hj7>m&pZEgRq3==kZ}bo-LEx%2{e80p)lf52+s0d=
z)~-EjMuJhF1w&A8!VwsbQ&3C!9JPmh9+;)ei5htY)J)d3dYTf@)U`qF`kttUMxfU6
z6Z`xt8()H&$_=RFdC+<eHA8n%BP{Tz**gKKkyk?1-wxe4(4>2uX#~{cwb%?d<2FqB
zm+9#~RELhC8a{`b+WXeWSe*DP)cd38-)7gBMAh5K##^CgDgxCZkM}v}Z=N^68xPgM
z_o%7cgPMVJsDgJ;yZSY1tt&n>Z^#ztCLVzr;Uv_IuE61#i24+)@W|BP8MP<+qxbj!
zg9+$!+k=|YuTT{%M|ET)>KGoe>E}@SZrbP1@Hp}GkIf8RMD3BQs1L6fsPg_#%uJR<
z?YS!G{qO&J6HtZ^QLogYHa-H25&sm`!30!?j@bAW>_hw|>V44rsrk8KFlr_aU`M=;
zT8diF%uF;yy}%-#asKs&`kVw!^)f7gn@}&DbEpnHMm3!8x%ttlB5Fzcp~?+M?ds1^
zGdCS|48O7QO{hJz*LuRHUwF>>R|R)S(B^r8-{3#!c2U6#m$QQS&X;tIc*H9jz{#)8
zjLdmsmSR0>P4}W^@HlFd{*3MMS8Ru6{xOb2?X_P$1WFS41B+rViU(pH)X1Z-B7SAl
zkD`|96{<l$moY19SLZ{`OfA%TZ-rXAo~UCv#6BN|s>kz%%`hLeCYw-GcorMub<~R{
z(8tHS>&v6!%}@=sLM>GYYK=#sUR)FG^I53Py3(d^MJ@4hWY2h<zX)imQuz9Kmm(c%
zt^94gIBGXnLp9I}%V1{=z=<}#7M1TZY9P;0ukxJ9d>oyETBzr}P~`{X2z~x9B~Y1!
z!pVKSpX*(55b<@`1&gQf@%}_J4)vnBhqW+!N+0k4%vL*8zKs0Oq?N-Du`bR<HS{}b
zMlz;0OHdFskYbpI_MLJzp_a|i5GRt}47G-*Q6D<jQK#Tf)Y_-;GwB&o73M*GWh;!@
z3w2SaA{ZxQIF80=I0=WQ@o_xb94XV9P2xrssD@gC_fQQrM>X6L)lh%bnhrv}*(TWZ
zRj4=PMjXv4`3Y67b$U~-FKQqIP@8XfdLNH>O(v3{hQ6^GR-i_{0kygIpmy&iRE5`3
z$LFPuXW;iYI`2hL&ugJN(iT-uf7GTPfg0FE48$23JSO8F5;l@>5w#g-WHg)QYt-5$
zSofkjdIsHi8Ox(jCey)6s2Qw*8fiV$09shX?elS{dOr6M(5rJM>P7S&s>eT~cJU!p
zg?CUr{u|Yy0+~&|3aF{9i*9U%DmM@{17Dzy>3678unjc>m#v;Z2x!WlTQg)a@gk_T
zt$}JV7<F!A(2X-t9p8xB6Nga^o<!xlkLq~Ftmf3@M9oND)G=(1EQ!YnC7=-u#6svn
z&BP*90|{6G51=Z1g%vSbHgo=~q1HASHPT4bDHww)H{YiJf*Sb^R6T!t<@~*{2|n4)
zuJ%JUoCmeZ%G&h$s0P}j&U-)9Qtd`<&Yw{qW@k~KC68?SbJPs~W6j3Da##M6=>7ZO
zas)KRb*ybrJq)!*U`^t&SQ6KwMsfkQiEg7Beu!G*4E(jRrno$6AWcx^d)V|jsB-Jj
zqY-Q&pea9WJ#RDIMSUneMpcwImzkk*s41_DTJx5udcsj_KLjh|Y}EVZ1eV4-sDb6o
z?c@E|^6uQ6fA2_1&<iC3)$@@y{v~SHFF{p!5_R0t<ni%-!KjT|lCG#t7>Su&yxUPD
zoS4@*9o3P!SPD1dXuO)2^RKB1_4o1qVZj0{LHq)$p;Y-yhiaf^q77<<L$Nu|L3Qvp
z>Kjka{HB3QsE+kUy-(s$yMF{~sVCU<Sswe~8&r?Kv+)hsl=u!CPvbUIo*i{c3ZX{a
z2s>jd)Xc5GP~3^yWJL=wvp)PP2FEiqwF;R{y{E8wPk7D}&`6)5Mpm+jkN1~D&9MRT
zNvO5|1$7#3VKID#8d;H|W~8N1<%3WS2V4812G$?7)Prr@W1f4Qi6-DoL5*mJjn6}E
zs>L=v0rigGf_kN%L{0qztcLjl%(3f)>S%Xdh67PwSaKIL1IdTl>=n@a_kZ;W==d~2
zy@<k4yEO(?@dDI{&tpqWR@^ku4)r~tA8OBhi;eLFs$A|8=6gUp)KbQy>bYV~Q<68M
zKL0Bc2*4g#9mk_K&rZ~)J86B1%2%+Iu_+cN9&L@cZowj?U$&+!?c@D}!_ugFzs57T
z20ir%Ob9gJR1TwFFfXkEWqiE<lc{Yn73qnnnc0B@@jmKR+pDa3C6B^##1pUsUPqm-
zn&o_)Iye-k<7S+PEy{EL)zd%9n~`Lx;N$%jOI0jR`bb=WOYv)LQqk<%8>p#HQORts
zmZ&xFjM{wtQJXOawbnCGZ_FjAO}iH7;HF9*^CoIn*?d@hg~2>Hf@?9bifQ0?>_+?!
zs-i|!%{gw1T{vE0s8h6~x@q7cYS+I&eHJ9EVN8vh$@Hkrox?*wyR#^2ZAzeC5VcTi
z+Y+^DVo?R=qAFO4`i{2&bt+Dx-k|qTOY$0ZO7he+9jc5fUkmja(F`@io+tu(HO{gb
z)}boeiJHQnZTt~x<jHH97fmMA)D}a1x>ZFT#}=saBT-8>8C9-iZPU>zsOK$_4tbnj
z1k|G_)X1lyK3o=~_QqPQh-a`irVTR3^nKJDuQO@@15h2Ah}sMDu@WYrz7gHVX_&f>
znZd6yg}(nUA)taQQ3ZE-AMmvsRq%rKHEP8E@0q14jhf;*s19^Rz2jq1$JT=-@mtgk
z{ETkAXygA#o&Pj-O@<t(krzT$RMy68pr))bYVA8)d!shjhp7AmP_OFYHa->g%AJE%
za1kED^SB7Vt;hLaL!fDWAMYOqzQA6@7d9~O1K)=BRf!rwJyb(2u>^KOHTW^=y)YZg
z;sG3r&rwSn)5x5LkMSY#DX8?ZjXD21CNmnF51aX@kzPmb?kA`z&(_2gD1vIR3Ucb4
zW~k>aQRRA~PR#(+ah+k~f1_q1M^hi~e>I;U>l0tx)MLI_+$KTqa`*e@J<tQS>84>h
z+>ctz=cthuX=X;+7RwMHhsw7ebqa3S=h>Q@P1_Lle)t&c;3m`;k>?%)H3$@K;p6@5
z)ZVCXI&)A3enxd9c}pMfUp!RD_lQr%?)Ve-#K2Z&Gfu{;#FwMWU9sk9ZN4`&!>yzb
zz((i^Y~$l>CNKzVV!5_v_eP>#JTp*Jx(z$wRcwGY+nE{r2*Zf)KrKPh_9lN73?kkQ
zbqv2o9p|4>1AK<esK+VO!St*vR^WjL^I`&Os((VgsotR8bj3QFV^jz05D!MZKNg~v
zU@s=er>HmHYt->f+sW*yBB*-nV*{Q4XaXOQunBd%3UxM{tQ2aKy@#r>K5DZzMJ-J`
z)QBgb-XC9~8d{BNct2{FpT=;!g{r3w9~gQ?cfv|K|APpqp_Qm(wg%OaAFX>(6&*!4
zUP8V3oUSH4hqX9PB)JCa<8?3U1r^%OOt}ZOlp9eUIgcK_<1Z7?Hz42c=EEXCY9vLm
zDh8o8(-16ztFRFMg8D-86t$c4_pqA`^}-o|n(Ae!_r+<{Qn`AX<5;*S=RX+<rAW}5
zuN>CF+Nhp;P*Xk|wTTv^rurPF!$0lwH>k~)s+XC$#;DKv)~NEGusHTc4d`>!D|&A)
zk6EjGBxnX+qI#Gk*sN`J)LOoedVzF7O?_|FXT?y|(oDh-oR1^Wx3|eZ+WHA<b56xL
z+=V(_RXri*3r8@j$Gb5<9zsp^9h{08L+zJQ)E+sH+C(=|Z_4ChW>Xf%&cr*SrhF}G
zrhY@s+#RfrP9M{rrv?FSin^$g^hISHirVE<(EF)~TFcX@8A#UGytwk9FY%73j(0_E
z=HaLr8-?0S<FPExN9F$s={W!UUj(!V9-_|wGi->Z`k5JsK|kWNP!%smosOlbj(v}+
zaF2a{01FX6j2ig^R7YN;W;l7cF)gOj`OiYY#e=-q5%Zxo;~-SQv8aNd;RKw9n)=)y
z7^|X2-T`~yAk>naLY=Nh*b=jUXgbyhH6x#57ut6g5zq+VSW`!sFBn--yEgze;&P}>
zQyukT6oT5-Q&4;22h<YoMIFa8sB@mIztIo%2F-}7uNZp&{<j<fRZtBxV*^yrJ7EwG
z!wB4r%`qU-$NL|v$Dzt?w;o0<$r;q1x{Gei7-c$84)w;YV&jdYIRENl3lg-c+F>jF
z5Ow~yU>Kgk##n2BncDH_CcXr9toETg`V93UR&}6{_dODa+RPhK9Xo=Wq2Dn8{~pNs
z*9dY)o2e{{`q`}&>SOs+)Y|Vu?f#?a!k0GvHL85F7_%2LqVffzmb4pY#lAK^0@d&Y
z)Q8*}4*`wf2x?8<pf*>^SW|Hk)E+2@>R1g_#c`-pGa6OV$G8O-qB_``Th~$UTbg37
zDjbsz6iTOK#5IqMp2<Y=*#wi!TgnD%Q9zyJ^Tv6PN`5CE%dM+2g?HL=dg1Ud#k@aM
z>e*cy$<F<QddT&m?Z5=`*CG5db?{zuuCo7}as-Z0_y8Fv+l;db7a@F(3Z|<Du3{AW
zn)n#<7QjuE3n2WOXS29#lGehO-$XpO?I=O#Q}RtC|7@F<73+|u_m9(&Lf`O^k7w_n
z(O1X8He&-SW$$?}AKXCva}#xn5${9zQ}U*yj`6n4Fw*i7&tg0C34XxMze4g}YYDd@
zRFLvhJybY^z&!jLb$wuPzOWSrvIF~2i0>!P3i55@*0tK^SNK<(mPWgk>s!hmqQQ@C
zqsy?GtuM~zy^MPQIP-b9mj-HaSEAB-+>3cQi2}0-rzKpKd%tb4H)TrGP%`pA;np|c
zwmeU|ek8n|h~AdFxW6TjF8(E$lbUk<)e)25+rHD&X7J|XA9Kjq(N@@-aMJYyfx<Sg
z+m0sb*+l}gZ3mV173JTzW%ZH!Ir*DWb{}DVInlB8j{iGbVJ9+Ar-E?eleiypXP^?D
zUtO!IpdrrWE@sOtA}x<?^oC6<izi5{Y8&59oPP!Ej7NQ!(Dgg_e$tkB>?leRsZHW8
z;v*>>Lpa1ft8FXRJN-xUHR6u2&q(rK`j?Wr3flA$wo^*W%^*7AD4u;v`fciqCx0u#
z-ud57Ad!S-%FSilbGq6kaFMW?Je~0`Drrg{AAG}|k@c)j*(mOP<X^ACq<zmbeP-y|
zOnM^s6zV9!vqh*Y1^@op8;B-zHY(6{f$(i^e+m>OBOi)RCE}~7xHWe#@=eF(CcE<+
zZY3T_z6Q490>rb@P$lw?BYcALSE=tIx=Fu@J1F;_+Rs3t(%iYoScptJY$b!pw2gSu
zRe^A0(sc1}Yn|7GBS|~TU64vw5g$n%Z@6`RM0%tNI(MiuIdNS(tlo$jKVLp5w4M}~
zZ9ot6+wfpp;ZQ0$YdgnZSvW1Zs}b*mgQ&D7;q>HfNL<&~gu9ublZ@x92>bGkAEcZ_
zTaRZ14}P%`<#myPFR@O9?d3$mk8KBv*ov={R-6&%CcO;#isJ_RY$*1(;hNUb<mt&^
zVyS-#X}-j>V`g8w{zrH)gj-)Yv)P6TdcVg7k#V%0iS;zRjK-!A&rdi+ne4TVe49yM
z!2LD1uCun|pYUuP`45uLpO<*A5#E0?|KmtVPou+0`1_s4|DwPI3KXT19OSu+ElJBy
zI0yMA@@%EeUyrmV+`2krJD#n!jVrAIaa}#E+wd#uvg7B|k3#zDwOonzx<cjC2ruSY
zDyDmwZEOJXP|{a(*QAjFIDs@@TX_cZmat(Sd9P60nSZPWscQk@r2Xf7X)6z)U^Bvd
zsqi(<phMw={iw8<tt^;$JqmXr?+L>Cf#N-^X`er`jVOAWu)fmi`jh*rH^et0(v$1=
zZ=cb?ISS{Yfmzs>dpGw@I}>5HV=e871{2@KosT@<aqH4Ird)(ysf;c6nBYpn8@WHT
zWiQ!hJn~*M^!K+H2p*)u+dS+>uS!zUb>hpo^KkDYy(#JZm5ujGMfh9NPuuu(%t*W<
z>33{H%6N#h!M4FS_^T=IG$KzhdH=vg9s;@!k>NP^HR3<=pfTZKY{0YcFrJ&gnsd5S
z=}_`?MtzZ-NBBGPP9v_X3VAA!cOKyY(ns4)ZYE!T(t47wH{s8@b$PauX(<JC^(4F&
z`MrVjIT`;UtPb|FmAgsrK)eH$2J`H9($jJ0Bwg2X>Y2^6Pe|)dzUIW+^6Vb>dG0Bs
z&9H5?Bv0X__rD4s;GwQaJa2n_m&|T&D!=)rKwVq74wV%mUtXRSX5ZA{S<+RGJb&`+
zWAc>bnXYTxL8N6R%@4n@`7`tPM~<(}l$u6;c(9SohiwP=HtxN4^3RG?{D+M%Bi__@
zCOzfXQ!Wh^ccffKQ^aY)^M!<ccs`luCkX#dp1-)8s($pIza~8NBVoL)oMi7copfEt
zc{Y=0MYzwY5LX*258@t6p1C|fL%4-1<(iB;Nk3<z-XCUd(0NYanT^~ck0-NwPk|EL
zOolVnc7oq4I9EyggtX^m<X1#aVH(l(C3j9ba+5nH;Skgp*`K-j;n*3=-G;LK4WcuV
zwAQ$oJkuzjn{YhgU+^cr|DTchR}ysX!)RPX#=<yX1@wUHD+;`iWcOalk^;mk(Z~p%
zFU3Kmr=Z*#;(55gAuR>>FQnZ=UE>T+0zZFxuL2bMnG9pOlP<UI)L1o4`Tz>oC9LZ?
z&t}@NNnwV_GwGd9?d17M;)^Jkg*%*#MValUHqS)rXyu`h{(srh+Q!ll)-{Ywxyjs*
z_@@+JW1m0eSx1{EKk1XWb@d^CAn7?M)0MpZotkrrXCIM1#CCKuJ|HcpEu(Ut)<n|T
z$~%y-n@Y-4XcXy#C~(JS?r$A#^Ij$2d*th5)7_}way;PqK<>-j(WK?Goh@tgHK)$>
z-0R5OOY2{sh_3nE|JY25`%`&$JV-_5xP8c%iTEbMzTBG$uch+b<jaQpxj&@*bK(oh
zo1K~1Mm}BN8od7_hfR3iiM%;5ROeq;Rtkoa7)0W8tihd^w3pl|sN^(xKBv;ORJw+=
z-rPyo4AOIQU#5(%;?%K^aBb3b@k<aVKjnT!UFCW9n+;d?5GX+dVYYA$3dNIFjs{xT
zv<y67!hMCpXGxn)cnkMP;s?2ZA+MjU@Ck8UyNM5@uAwIS_MZ#LyMSjOk`hH7o-}0o
zlS&Vh@FC&jB<k8p+9lfo{lXy&&+6DwA0({nnYE_Pr?m0hcWGcC&(hfZO0P^fAG6S!
zyj6*hR-#@x^?49Rfj?+Ci15#ZldiNjoCWhzu(^HkHztyQ4L+hweZqBko{4-VY@WJy
zAg4%cNSHscb{25YC!U?WL%G%d+p94TKP8r$2am{fhwxz1ej=Q7m9>E}*q`+C-bzej
zEb%XBs66*iB#pA=s$vFPZm#WAJn?xdtM=2;NOD_|esQR)Fog=)w6%<|Id?jyZx*hk
zlAG9$eBY99CHd-NE7C`icAD^FJc=zzD@3`kX`>2d(vr6|>0jE8c;1jP>1x3PUAeg1
zdqaF?<8m_V7l%DCfl6i&{=rsooOsgpC5>#PflQ>WC4AjJs7~HW+#9%m;?}i?`<4Fw
z;x&!lCG!&sRpDV}?_+j9@$5DnMWy^|?_XCjMs<jkF_ih9@=tkQihS$2ldfU5F~#Gl
zFX_5Yp1s@;HUA+L9`R10IfU=q#(Lux;=61`voM^BzT^Ih`#$#p@?0Uk8uc_LuB#t+
z9PzeT+Lk?L>+C~)*K9Z<>HA*~TQHD9x5!YMczv6x2=P3&l1fxqnYgZ0JpX`v9c@1T
zjhYk3eTuxbNI#0js83fH47cU_6W_p{ku*;|68|7`O72S}Y~n7$)at5Enu~A&(rVkn
z1F$o<Kk2PVpJcLn{~jcp?Z{kgL)k?<tBtzKkhdNN5^sThsUx-i|98?6xxzzTACTCH
z!rh5)r1xdG+mkj2kKi}lx|WgW3-XL4-p!VshTo8{A7<q)PeZ-Pdxr2p@^w)`t{dDZ
zxs!PZ$@=dhV@4{ROQv;X)-{TXbp4LaZP=uke=Z~~1!X!=W+6_Yj)&a8*}R7_k!KsY
zb#15KY4+K#q;2A^p}5X}MGC%eAAXF5sIV^SPslWhf(v<GjJpi!x?W&+Zv9^PCilnO
zyLq0M5tYEHlqq5JhS>paBYuNtU*H4ktxp+Uo*P7T9pphyD(FafFBuEi^bAz+jQD(R
zU3<uvjI@3>{>G|j>ufj|dAbr$Nxr6}ZPP=pRMh!9&*B*5N5nt%{{0n!^tQ30?^HIz
z&PXo%Oce~~ZbJp{kv0cE;jTcwSX++2%J*IsNiV=)UJ)BZ_?3O0$=3M==_5(|(pU4(
zb&7%&u^NfTsXT`G8N#95*SK{}uqvFKitdr;M+_$Y0gdb>{jlw9Hqy6~{xxZHx%1hw
z>&Vxb_zLnJ<^D|Pe=32EWQd@`9^4Iyza&#9o-ILL_X&?9PXMD@M_5-$;`*Dudbom$
zbxq*eH>5r1*43N3s*#of%aisCX{pHnqxY%Vf8Jmt{`o5zHrR@Ow0=mzfi~<<Sl1(i
z_n%Qzc7g_er)&XIN|86fc5tlCmy>cUc>eAcLB8LTe*SAuB?ZagPr+HXk?dqxLi%U6
z;8{%IK180cs3{|MCodD?RK?5W|A9Lb;crOWLReQOGPJdIm=yBb_zV5~UxU=OHgh)`
z%t8gj$uI<U{X}>q_ix1SaknFnt~%a-@`Z(G{ppOZrQBtS=cT^ur1d0RpE47@Px%}n
zo^(|w-TU`{F9_&rZy&a$U@Uh#DtSWM0-mkluJumgmpnT_xl=00)ysAujBsD>1~&dR
z`EJwU@3|L}U;j7nmsG%B`v0HwUi&GKgAC0nkaPu5=r0<rVbi`P?6#fQYCC<4%zeq1
zj(AC%@3eiUdY)15NuEbzKkj8byN5$b<MKFRM0B;cJ|O&^H-%GRD>_fSGS4&7cwZV>
zMd27zfwPgcK%QS9{Q_YX>BO@#1XkM4=C^g9AbmLLQRJyY{<C`j9wyMtHZ&REvlV-6
z;X|YyAgvmObhRb^i2EVs&f!<w?_PhB_nA!_WFM5Wbr#0Pbfyq>PvQPR-~TU?Sj1*X
zPU0Th+tO5Wmh|kzQ<Lw$tt<g!cy^JzH%L#qRM%%j8rr&&(m$g74)QkR`Ec$g#9i2h
ze4Z}}=&EgPMn;v7A=7K_Ai^c>Xfom!TX`d#ZNn;mnfnNJyuhN=p(`7kEe|fY@#&N=
zO5B%xTa-cTU(r5nL}RDO@E55mDOig53!beab28F*5Z85uu&&XhmnA%e^fuhPO|lb6
z_!sW)iR-89orEV7&VfnS5IWw(8)5xN^WZZ(l4CU3mAe)3r=;&E)8{mFlC-aE1xE>w
zC7gmz>iUF6{K$WVw3CE;lIDlHzPDwn;wA3uluf$MP;UjTnXZ#Od~7?R_!;7-ZG5J!
zOzEqsV3#ekl<;phPge5(N%~&yrQBKQ+#H@2rR*J^=_+R%KSumK_aJW11^dusVN(%r
zN5*Tm(Y%C@QIQYn_sF!Ba2}rBwgm<f|C@M8;_b+D3@?!O0p%W(zJq%O>8ZJM(Wx;!
zyGYt@;`8+He`k`=j~=Jt&P6!s`iFRN;@L=epRlg&6de9ep3<acCjJLL<=IMUM_C*b
zNW0G+$=#JZT4^+_Ydq!t(dYlqHsP*GcSez^AZc~U5Nj*5kDMQ<L|1Vv#b{RXe2z(S
zQqsva+*2ugp0c-icAMM(ojN`ue2lV-$#+YGqJ1Ztz_oWWB_|$21*^GJ@q7!<4ik>V
z`BXm6c486nM4mS!e-Ui(P8~DJH-j=qxKk=W_j1A?;ZmOcK;F#QnnzA)TW~AkJ!E*S
zo^f3zLk}$IjqxF4)6-)X(iW>?u2WR}lDreCr`Gf@BC~knc=D9gi{yMCpWr!LIwvLe
zleUN4T_}~xw*G>&8-#CiS0Imz_!Y_wqpluUlDzwPHUJ%4=CO5&t(zyhN;_NagLM?H
zK=>~z)Ac<WYhh+Qj$?Q}J$Ov+glJEOQq_WEgJZ&C-66q|?wGg%1EQj1-BFQY?x<*Y
z?BFPOY<T}LcW`WMba?N$*sz#DcauKuV0TP-WZ#JR)_q*L<7-uOrS9zxk8#JvgoT!J
z$My?zhuSJh42g=22@eg64hwb1Mky8>93JV-K+fP;l^YZs5gtktrqVF?fT-}u*cdn2
z)V8-lIx>CCN4eBihF<?^Cnk&vRn+#*9UV3xIxHqk#nq269!9CVrilSz(cw{{Zg;=1
z$dIuA-BGnv?f<v4Az{(pp_oel)7^xT->pfV(o8_i^r9OI`@b_G)XFS}4GE8lWdhy(
zg9jwk-;l#My*kRX`leVy$4x1cXSQ?LDlEExcuY(<^O(?X>n-0x!J*{+cb$sHghhmf
z#4^oPI^Df<ezCq`kzvunu`HfDGHkGt-Mv|8W`v3D$GqEBB6Hs9+jrh@MJ9Z+YnpEg
z(~0TD_npqJGI3h!e;0VX?}LmQM*jh^Lz8Mr=(s<xZ*K2Ksvp)TI4&aA-8Ob;M3`g8
zG(E$Ee8p|p9U0vJ?E@A$_CMKT+<l_rB15M~9qQE1)Dj#L5*8EVW}1_xK}*^%IC@Z6
zjE2j4N5w^x$4P28YA^%;ADI&N9D42YbLvNh#P!!UN!WD6<w{|vef7}{DT}oX35ko=
zb{*U=JR;0pFCr?^OhA~sjcuyBdwAH$gpDV|UD@6nFd)WhFl0bPRCHL<^2JQge!5pG
zy8~hpB2Igf=SeE+ZWSG+@u<pX;k~1SqlYG3Isd{pB|X-xB%Hj|FilFQS@6)X=$M48
zcRjA0EP~F~f3HIIgir5P<nyUHkEd_G|8cheGgm^*2MbfBOj_wKFA7e7@vO}B3eQU=
zTzu-EI)Fp>?pBJ4jgAY6jbkWDCzmOXjCF6g<9a_unz!Q*3`{JZ(iP-m=Pj{YYFALQ
ztePpNt!<ol!TQ8SL<}vE_(eL`*GcmmUm$}kUy4RyQA}E5#SE@`$ukDiR6FfOyE77F
zv%1!&@@3a17V&pQr3^^gF`-dmG49BySaWvFX=BreFv}59eFNjaFYL;hIIpm4yUSzG
z4V4DF`-k=KZT3R2J3@2n?i(EyH=vYzXjGiLe_Tu~+oyljpnty%`b0<d_fCs9ue*0x
zA1!Vu=Szn+(D8QIPN^nJ-SY04$k>RX?o4_;>E#t1IaG%(CNQx>QCHp6y-mNI_Ux75
z(4+x#NWunGcemyJ+qO;H|NCJ(-h%(%CpugIt}7;SN*Pxz{>5AS7&cGh{&KE*J}HwX
zHd#ei>107+q2aOS<;$4<b*O`!j{SH)>sTvKjLxnO<G*qx7Om=flFTl9{M?$n{rNv1
z2}??7Udt7b+&j$pWwl&I6Z_V3ReHPl-rVJDx-!QPujNXexU#nEgl|&8l674H@gwTG
zqAP^*0m0#BMZzMZ;`+w+b4Q2sPhRIyyy46`C7pPdgg0<R;_bSw_5SH9lrCGPbosLG
za^<R5sFb*(m#dm9d4<5Tf#nkU-#s5$x}Mz@1LAhCOZu48?u(0za!0vC<Nos*7w(Sb
z%@!5Sr&1sbLk{l;Q&hy;kDyc`QSL$Eyk6aLvEdQn!-fUNMwN1hN7ya4d)eDhJsx;J
z^YkkAek_KYkD_pG5FP2Lh;a9SxX9RW-q8`JVQ-_Mac@6dQ}qh>R&GA*_yDn=c2Vx=
z-~smIPP^OPC!8LIhO5KoLy2DMqm{l5j0=zC$^Yo0KJcnj<bQXSnb!L^GMJ8<y2I6y
zccKF0drfhD7~eIgk6--NsjeJ}e@t<e^>c;CyJx$8NLt}zvt1Pm(0tOd;RM7*ay}VB
zusbY<&qLlbVTn&?yH@&U?%Ov!F0ya9JNRw>#0B$QbCV~%#}We;yILh{+feHl5)mH4
zdPXpd5i!Bk;f{%ljg5+l^@cU5U{jqI;N1>HFk_~9eR2-t^OYSEzjK+ZUi_wIu0iF@
z$ESCP@BtbZH7F@NAEM->O=gvkAU2QLS}I#8K5)6~wJ&eN#9}L4PkrMHtafEdI)m|n
zt6dNMld6fMx1mx0T}Q4puINl!!K8^A6c-g6l{kKlYqzg|TXq{?kN9v3W39v0G@B-=
z`5hNr1!}#G^4G<DZ+qvt(~bfW|0<I7+3b#uW_YpT@r@H)9X;>G#YRPIQ)^DV%S?0L
z4|L5Y9f%H(iHeR1OZp7vWzAm>M-7M$=Q#2OOB*Ap1no1;ra<t23Isb1BEq$uoCaQ)
zWwP-e4IdUBzd6BGDTR3+|0KbcKPjAdJs(10-g1eN>s>3}`4|sROux}p)b)0MluUG0
zP33AEU*cm|5&sZY!#fu5bo{3~-cRxPDcfB|5+`hTt#oB&FY;L)qtEi-x3gMer>j?L
z24vPaam-Fv>l6j`$<233a)ogo%qKb@-a5v7ytRl54NE++-&HGFmZU|92uS+E5}lat
zi0e+;R8F(-K}=3~;)AoUZLa*<iEL&*(zGxBds|eG-*L{BJ#oW1*J@tx&6PL4`vuqP
zeBR*yESBhZ(X~Bw{D?cQRPl3fyZn;oC;s=Fu59r+Z@bFIx4G@A5Wn<}D`Vopo31f_
zMVTIb35exOfJXOrJMpp#=JmiK(h*Cn_P6V*Z>lDdAuM=ERAP}Qu3bJk>{lD_MDTJl
zyCg7h>Gfx>q&I!ysh6%t$%;4o&z|6A$ywz*d6!A@^)$wOhlnb$;ebz3mn$azzRPD}
z#&%KByfXgtQiz}8<C8s08@9Dcr|<U5#bO_yE-7-><7b2LLE&u2e;?Gu*QtC~r{+sW
zRN}JCK6{es)s;PdRSusli8FKf4Dl_~<eg!^eK$n0KlyO<zN)-0Yx~_JDljo!9{#7i
zJgxurHgGdAefx;^o(B$e-)Q}8Rf<U+6wc)I=Zz8;t@Fr$%rkaUcz<R++--JwFpmSB
z|EgA<plS;B=YU7@4zQm=S@l^Hs`&|d`(_PHe45wisGt2x<kZt@z1`ZS+yjDRVxp?M
zoA7DJ8hF2em@KAZyXULB>+=PKpW^gGVbVuqSW;#DAj2!+ot={Oz?N1taeIKz1fO*6
zz3+I(OL$^~5<b^_((q*?>8ns;Kxv<D$=dag3Jvc=H}$&KvGcxx{=I-fPQ8Bm*yNM^
zo!ou-C{=I%j{@;S%J~#bdUq@+=QBBZ(&y5GN<KN`TUPPO5MQc_PyP6!wS3a&dZ*5R
zw;NCH%BeNW-k+EiEtEL1iciP4Uvj+F^{VWXIq^bOpPp~ODdnl<v%EnIR<2(#AHrJa
qLChMTaFJp9VSr`Pr>c7pFLpERu-MpOjVEdEzCACAyKDJebpJmPu!I!=

delta 33511
zcmZYH1#}h1<M#2rHwh5jU4naXx8N=<?oiylIExf_4enmF0WR(ocZwEwDGsIR|NGn-
zeuwkEd(QSVKC>fxFCp~ili)?Wg54W&1E)J&?}HpCIiASjIR8d=oB>Uh>NxdW$BE)~
zocfs3<2b(zahw^X4;kt>ZAec%%yC+gK6tp}#J~q59H$ofZ$~;#S*$q9aT<_55laz&
zGTL!^VD>SN)5&pMXAyyRB*YqPGWy~a;{RZE96XLe;2CU%na4X$7*52;O2<LCeS+iU
z!9o)qCl_`?4Rita#Qc*Srv?6wwK3LY$JrR0r)otYKM9EzJ5F@0hIz3eCc{aX0M}qt
z+>deaB&Nihm=V8Xdd#qd#<2=&AdRp%PQXZb5~JV+j7tB`bp`Md2ICuK1)MKf5rdYR
zC$5f#h)=>ScnnA5J3N5yGROIbrI$O-4!Oc{D&RM4gcVlO7B0h7_&d6KlH&yAb&Q8E
zY&>9<<D?^=05ubZF(KBmcEZHOf3xv<n40(|R67@~Pf#=X)yCtmHUr4Cn)O%56-bZ`
zP!&7c_+ZRLd<tr6cVJq)jae}0cQf@lQTg>SI}So^<~68+AH@`SACq9f8k3%44fC&p
zg-FPNb*uwX1(%|pa5pB!OQ;!mZPSC-n*1~vpY$S_2y39qwY9pac4nZ;t+(k1m7#*y
zP$PVeSuyrHGq9o<LcBgIzaQ#}X4?Esn4S1p)J%Ot)z7rvaT;SS{2bsof1n1oKElk{
zVbor5Ul52v;2lQ6fK6tXMz_X8ZN{V+57S_5%#V7a@~EY2hAP(`V`4v4yQ6J>xQ(yE
zXr%ivs?Prb0&z(=g=*-wjlV$+DAHy#@>r+_Gop@HKGZ<UA`LlpY<hFllXXK4xHqca
zSXB90sQRlh1N}SO2{1#>ZH$ihQB(OEwKU1Lm;vO*qQom<6&#7#@dB!0ug@$|JXAZm
zti@3SsEi?4AGO!|VPyJu77@^kVHIj^H((f^Ks6L&tC_N-)(ofybK7{BwTexzhnl(8
zm<YRI0vw6CaUSZJo<UbHg4YBJVBBrIUa=DP$DXJPFHuvOcDq@s0vN1vsD^8y*1Wy7
zFKS6fp=NR_YRz||mgWd1##7swe`P!*K~wk!wTS|Em<FSxo-`Tid}l_LtB!iIW~lc;
zAJl;6qIUgq)PMqant{Z#rbG=Ovo*&~=3i5l&lV_-n(~UMO;QInfY#{6o~Q<TqXse%
zwRa}i_!QIwEkV^^kD7@+)?=vt{zCP0!zGZAz*E#7@a{4Nf>Ea-E~<faHa!Pw$_t{(
zSHomj8`WVq>kv#zd@|}oY7Od?9mh0y1GS{CXSbQk1gHYpF$soYBoD7-OhLT)9`pI_
zqB`D>dV-^<nYf4r@u7`}>^1G>!jz<!K@G4424W9nCS9iw0W~xT^<gs>yWs{bg=zLV
zP6=#<MR6HwfOl{xenvf!yWcF$VpIn!QF~)8YA>8cJ@GBnfZzJlT`C<gQyw2RkQAuh
znFX~OOQV*kvd#YmHGnRta-&h@7Na^^jass8HvJ&RCw>A|{x+(;kC=x3oj3>CXqXqZ
zmSa(yZUv^n&6pK0qxMALA@c<#Ar>ND8H?d?ERF{-2)%!rfki<rS!~n{BtkuCR&@QF
ziGW624fO=|ZM?0G_plB{9lOb>23Dc=%ofzZkD{jbzD<9R+JwP}O?o=i1LZ@Vl6r?(
ze@$IW64Y@=)RXr|ZI;m(31?vdF2q1wiv9thUQk<b9zMq19^Q0E%oLY9W(L?8Rj(_m
z<6bs>$T8+$Q#y?Vb+{ZgkS(Z=521hUP)~LnRsJ<<0D;F%2XRm{nGUtag;C{dqRx9O
z%!!>*?Jq#Jzs@BPjlgD92m3H8o<qISu46QOi23jhhG6CsW~M5k22u~T7h0h<=K|CK
zwxQZRZv7jzWdGQ>>zp*-#p0kk%!QhXA~wA;>il;=P2p(N=9++dvT3M}=2_RH>hHto
zc-E%hu<@6u2l|4PbDiK*=IeJ7)Ul|6nwmDKk#|N7%(eNWtqV~D@nHaKz6&E0-*?&!
z^eAdzr!WTILhb(NsLkp<qnTj+QxedW=R!SEQH+gcQ5EahcuUk1^+K)nP*evqQ3G6U
z^EaXD?L&2V8a1%HsB%v+7QVwEo&TV-rb0AqOFRjxqoFo^BC3ITHogpX8X~YFPwvCy
z#69O7rwOLS+Bgt3)#s5S&P~*eZM<NPu@7CH=hFoA0(pp9>-2w_f~8R-u84Z|)<o@r
zNvL|$F%;LLj^W>^fyTOMW+oBpG-Sq@SPJ!EKiPPbi_Cu<5<1xo7d18GFgDJ$>1(aq
zt%t1_P<!Pzs+~ue5I>>@9_NyIkYuQVrMB_RsHM(viTPK-f+T3oN};B<hK<*<1%E+x
z&;d2Dfi`^tjvyY6)iC8{Geey)2l4Kh85d)GJb`)x-bOuWpnJt+#7B)VGir@;SqtDK
z;>A!;dI~k*zpOV=OZFJmaOA6Ipjl8eQPjq3qV_^7)B|)w4Zs~rATfa{m<oT#Fg%WW
zQAEFHW+oMCfZ0(4$cNesB~YiQjLolZt&7P>Z;DB<KWaeJQF~wwGBd8Tjes`CU0dL_
zHTZ8f7rQ$IHIVApO#{DRG2(qu1M#5-whu$_C~7I6V0-+48bFI1=7|Sd$74L5|9J$|
z&_>i6?XU&Tpq}iOjXy;V^b>0HM7?QVx$#g-Ruwh1HLWc%Bk^9SrJILZf~A-gH(;<!
z;5dOq_!p{!f0TirQ57TI;;dr~RD2)yz$17Ri{9n~2_xMxOY$FT6MwaF?_JYwWYho?
zVouD6t{SXIAOSW-FZMzWqz`IFMxsVO7t`ZPoQ9{c6}Gr%X5c8MAbuLv?mwsw-=g+d
z(0vn6iQ0TQ?lb>-ag-pT0CvY9T#Z`O4H$@9Q3Ke8n!2Nylf7{d#}iNR(5(3q+)sQX
z>bUlNWZD^ldcX;&nO%yRaor==Y>vw$Xp_9QMt|%$*@$OA?be#sW|)k4CmSD)+9NYC
zKQ6-gco{YD-cO7JQ00bT6dZ?I^64&tU;=AVQ|-ebJb@~B4z-)FVH$jF)1yB%OOybW
zpU#>aHML<jUIVq1O;GK3LM_cuR6p)$0+k6&v>Deh8u2@*0?$!P@z%yaV>II4XC^%+
z>PZt~CQODIuneZc4yYv?Ytxsb%AZ6A<~rvHXvDWMI=;fF_!TvP;D5|a#6qoMV$>6a
zqNXq(s-vo?&DRMv;IXK7r=mJsf|}`-sCNGFr?dV?2&m(e*b%RyIw=3#ym+dirmi{0
zz+X`v{D%IuL^V7ewKo=^+S`GesUy}4s0X`+YUioa>EHQ}Kt>FDVMdxARWLVdq{UEA
zTGQGAH8aDoFpkDuco6+-`_c?(G-}{eQRypD17DA+(TA?4<_ZCg=mu)!&rl=(4`XA{
zEAwhih<f4z)-a4kyrQ)}s-1Qi2YX`{9F02vn^0d=PNJ6V$t%`hn<FZ(FLjt62VpME
zjvG(|x`7(#Q`D2cM17dNM-4E>8`E)0)KX+a)yt1+x3tZ#jw;_6H(}>D%)c5=`__y!
z6Q(3y6IHM~YRZOTRve2e@3ZMUQE$wHsF^v8@$roHKE@>e5w(QD?|9o{YShg2a|zTW
zFa}lN1{TEks3*zs-u{3RwYln`c6oQylTE^OI2RM*J{!M`afpAx92o0g^JTOIYCttn
z59a<tKx@_>)j%Iq!xK>hn1h<iWvFt0Sofl4;uP|5&UqY*M?UcP2UzPrjxtvHXf|>2
zPi8>1Q0=rvX3lkb6437KjWuu(R>RZQl%LIjI-#DluXR4^)EvO{_|(SZd@-MHh0y<C
zsHN#+9fHY-kHI+f?<^;vC*0~!;Lm)hO?C-2Ro89$Gt_6qSJZA!{MD4pg?Wh=zyR!s
z+B;osd<d$Y;TRXEp$4=9W9j^Fum$#_269>%_&27+XQ&3EeKRwa6t%XgQSXU7HeMW6
zuLf!fn_(*Kh&u1%P@f^|P&0EDT^+xh1k}+-Op8ezkH3Rr7)rc4cEmxb&H5B4VhNAO
zsf4Go87B35{Pp{zHt_;njF+(?_UF%Oh42y<#W;Z;*Z+d37U=O$Szpv%7=xOk$*3os
zZR5*OBVUKV;ZD?(mJBlGs$v4-^-#OJGpe0mZQR8a#7CkYcv+BZ3LYduPj~`bV<CR@
zH3k==I?Ni`lq-b(4p9wPMJ+`go8K1wYmXtM4?#W9VvLWgBwt*1qspCkqnL*8p^n=#
z)LOqsJ$X>D$&ZcNl!;M$BqgfBtf*rchN@o{HQ?%~&DI#zURR8VE~?|HHr-uHKvNZg
z+9W$r4PVEV_!{*DbE10u?}x>xO}5Q?6gAK*sQULX2S$o!2Am(&eo@qnl|i*%6&Z-@
z{6at-^gvB*Kh%gvpq_L(s>8*o&H4wb{7KA=7i|7lRQZ_E&47}j&UpsZi>(xDZ`4P%
z-vyKC{0}0a5za)7a3N}nR#~^BDjY{`nyaWa{|^&kH2&IC>1k2vrBF*%%f=gEa^f9P
z?T<!1=oIDCzcZhJ)@*}yH|iLkK&|0R)BplvnkSBnTI-^y-CPbefR?C+hoRPbB5DSf
zU?}cE&Cqk}Cv-K^D6vd~F|CPF9j8G}eLmCx%VGtrY2$NIn{PF0AnR@Xr1czX;FnPC
zJU}hodz=0x7Uy469X+<0@)W402t`d*e$>cIU@Gj4dh!XVhGwFkbb&R(dKlI2HPlQ#
zL+ydsaZLS;s7;$I4(DG}Qj`Q)5jB81m>!#;*7P@<KLa(zOHiK$>ro9IMGf!*YAN2L
z1{N=_$NwRf5%oaTZM+@^5FhLkP{+Tarf9N_FG3xsb*O=y!F>20^(5KinGQ;$8m^1_
zDOfYqlD6b6qk*+Yz4LovTbzkS(38O9|1+Rl%mzARE;1IN267g)Yj2~T>?@YVlnL!-
zL!IMcsDaKz9k1=E89ZaXjM@XYZ2Sf4f&Vpe*9lBy5~5=nGLoRywh8LVTA>Eg8P)Ju
ztbkKdGx0Yz!#AjUwG#7We6whXt(lQ=NzDM>B=h(`w!O*Co=AqtbpA^a$V$bAm;*<m
zM(9JGf`h0vy@Z<D_oyfOjCvtOOJUM8pf+bV)Ijpvcrlw_-lkVYJxDFZ>ECHYKn=FA
z8QoD|F#1`iqGn(XX2YYXWA`4l#-DIDM&kD~w5b-MmT(!W-OZ@-2T=n)irU2Y(A6vS
zC4t<SG?mBywYw^oAl@If`*)!B#!1YA->@=f2{E7JzhZvk5m*tQppISM)MoS5!*s;^
z+xS8ZBYq$?=U<y9Fpb9v!KA3oRs^-F8rt|k)G3&UT8aax7tS4<@1!;H5d4Mo;;7BJ
z2xsCJEP&P1nK$T2>&A4h$N!_!Yb0p1<w|clDvU#jH$$ECJE$4@j2SUU1{1G~gNcv9
z5g09_8ORjWvD<)}sq?5ANtMatjKb154^OxR^rY=Go2eX!+C)cDuiW#fwY!aamp?$Q
zxi^a$a17L@Oo-Y`$x%x&7qw^3V{LqiW3XIS)Bai1Qn}X%=*iP(Gix1+i8(%Dn3MGS
zp{9c|sLeD9HJ}C7rKtL=P@C!x)F#}G+U5Ig{xQ^po=45hJLExJCvgsQT+*UGPP3qn
zUnx|F)lqBN1hrRsppMsQ)GnWdnwf>Dcm7V)Ku)4I?-f+Jr#Al+W+xs!r;aysR+zv*
z5~`v)K91_>GU^@v9MzCFmpPX4QA?8@RlW%7MN|Rx{%DH&_B#>P@e$OLT}BP?F6zDV
z7BgwhBIh<8=EN?<%b})p3u<lmpl0R}s^WE<{t`97_tvO+%)nBj29^!=AcasfSRK`F
zOVoRy6S~^nqX=lq7Gnsmv+>i`Yu1OThTov}fRooW7=)UUn5Z>Rjv9D68_$B8!Q3`p
z1~rf>c{%?&R<%j^6Gx$rMfH3hXFdLd%W+<QkN-EA$`ml)2Nt2G_6%xjZ=o7|ih6&%
zMLlu+f*z+TW=2hYZ`8m>;YplOkn^w2)Tod-7A>#@@lL1?)}k8Rh3eos>Pa4;I{1Lv
z?J)|Q%^C+a6CtSc9*WiQXH18SQ0@GQ!|=3AK%d7oi<lS6MC*P`Px?E|g2{@Scsa~P
zyd!4E`KVX;2^)WJ<LQc-{A#GpIKaj?V-DhXt!}*H9{-<SOJi0t`k-DIOR+S5#0prv
zgn6}&M7?^Spau{n%nUF;W+L7kLvRf0)%!cDewmUUX912!4LEx#|5Cb6T>?rNf%?PY
z2GpK-g7q;)X*1QmQ3D)@g>frpz&F;UWz5W!L=B_|>P0ixrtd-R`d6qITlBK}G<Es$
z8UY=X_NXTtjAe1Yjo(9c<Sl15Pi9O^JO^r1RX}|x)wlLRbr6nvfFl?M)08)RDl2Nw
z6p{4rl&}e<F%R+bsLj_OHL$TZz6kY3+-Tj44T+yd9lNX*%sW31Y9?zSZ*pf0>UfVw
z4P=&eF}mvLcLI8a?m+G8OQ;viGt>)5f6Le(;$c^uh$`<?G9RnSQKzI9>Ui};O?5w;
zJ{>i{&6ostp_cqoCC<N&iKnue()6f`#ZhZlAJy;xn?4t{n|-Jclb1F>ZWZ$i&W-A*
zBI*V869!`))RHtq4PY{=-0xL5|2hs4Bxok?qR#Id)Kqz@nk9*fs!$yDgyn3!3Tn^P
z!cgpv`Yc#v^S7ejn0rw(b`rH`9;5pC=n_zaQL34WF;P>W9`&Lrgg;|t?2PkKFRU2V
zO}+T2(~=aMVO7*AS%)?8Dysd^8fM1wTI*mx(%n7;bdKMk);jf1=0%ei^`X-Mb)33m
zd7OiK;=Aadp`XpnMa80|Cq<>##Sm<UdeR}NnV5*_aV|1buCt$j*7OQ$x5uq%UMQJR
z$D}6en@nBQZtjVif!?So9fT!tHmdwpRQVgIJ@5&&*_>MDRAfQDid$l!&i`lvYIp)_
zvrI-U!5mbB>ur7nYBO#@EzL#Lo_J*QU!n%~#-@L?>E7Drm<FL{ra7u!dkmz1r#pcW
z*c&zSuNZ>K>X;6TVqM~mP%oNIsMB#C^{Rf4Ay}oZnUPMYwI7Y@@H*;K@&RfoUZDo?
z4gG)qk6h2JNes+LMjq5LX^2|0UZ}k>6!l>=9rdJpt%q&?DO88IQ5`%%y?9=uI{u1U
zvgq|a{$K6NRG;(Tn1l`_=wtFI7Q@61OapaL4KzUwpgro`4@51+0@Uu_gL=Y4sDYh9
zE!`#5tNI$2!nZbFprOa#Z;ghW|2kx>BSC8()W~eYB&hS81GPDupgwlPu>>APo%7(v
zrd|kYPvk}I?sBNT)DgA$e#HW~5cO)lj2d`cw~3k3#HdYJ8kJEF_2gAhd!inOU@z3v
z&OmiIA2sD0P&2X(RsITw;Cod0L`}`HO@*4NVyJp<1p<1~pKQip)Ug?hYG@L!z_mEd
z!&kLtycZbhljh6}ac@h~$uH81FR!GZ!4{;4we>j9NnhH|<Nx;nQ`?(Q)kipk{Ll{m
zC2^fY9X<Zv_lwfW<8+`xKWu{!um@J_>~W^ze$*bR)5YWeE0kr}i1=45hYh<ja2j5W
z-HEU0W`1Ilw7dC+RRcB9aX1iD_fWr_zXb%;P@J9~{y_jgXu#6MLx!8p(-QL#ABd@O
zBkDzU9yOJZQA_a_wFHqyn7xt#wHNB4_SPWO+D}1k#uMoO{hwGP%~~WtZJLzUOg23?
z>KGQm23P^L3724Dyo<Rp<tUFc9e={>_z+Lvq0t`yzp$7x#yr?()C`A><@{@{R}#pG
zYf-!UFVy*ehWa>;G|reB^;uCAL$E!j!Lg_(UuV-#p<b~sFe}C%Z|a9(3gQh>FS5Sl
zIsXdGBtb70AFAU!sLl5oRUyd)V*%7=t&J-Gn{~ZSzlzyN51wf9^P`roIck8@F$6bT
zFHUsLNdC162`8C&0o1vzgBfrzY9K4Dhfo8*iyEkRvWcg%7DvroV^n@0)Pqg8@%5<o
zPPhd0N_=7yB26(F=}=Q!3iU*-Fa)Qd8je6s?J3kud_)a2{Z#X!se+k^|AzT-Esn-}
zIGi=_%vsh0xNm2gg7IdV7fw;s9;kqNK{Un4*w)(B+6T3(2curi(@>{l1?n5lQPk<U
ziZSuN^)0G=z-<3_P1i|CK*uL5>MK|=)Kpcqwn4qahuHktsLiz+)zE3walB*wfErlL
zIc6YfQ0?YHrI$waSJ$8K^0(Fg052ZYm&CECSMW|$!TqQyzJOZGZ>S|mKG);_3(Er7
zjQA)lgpW}JOFPe;s{E+q+XOX}9jrYt3H>|$325!6qdq2gqNe_sO+Sxyh<~*CKg~B&
z+Z0v4J!*>kSVy8hJ7%E1&M!s{z=!%ucMvsWf1|7O{F;C^VaNir`HG@8PXpAk8HN*a
z3Fg2&3r)EesF@godU4G~&CqhxfDTyC+5Fq6`cF{<O16meuc^+o$n5q|)X0BAO?_ij
zeis|>g?fUKs8{O()Knir?dHp<rTQ1O3DYb#pCNfr@fE1@TTwG`e6edfxJ^PN5+0(S
z<T+}sKG=fJ64O9JYewY5&MAl*U=h?ND~bBz@e``U+NcL=ZS%XMPQ_5`c$a|IdM0X0
z7NMqm9cloltQS#hc>^`TH`Xtx8Hv2qw37-|KND&OE1(9}0ChauTgRbJmAj6B3LZus
zk1IC*530j&s5Onhj6LGvC#0B-c-7?|Ck*?c2DAgU=7&)AE?`-FjA}o}3e#ap)bVYA
zEP?B|1T^*2QBOP<RbeS+#w|DlZ((KZz0&;T@&GCxW0hI^`Z%6=A54ppR-1OSSaYE^
zbwSiXn_~if{&yvywHkryI2^Skt59qA2WoTew&~YVr{w`^Exo^+CyRkP4H;1NOQJSe
zB~-a)sF~`3n(1Dcg8rS+1k~UP%!miDJ3h7XCTq;D9f5jJ%)+d=7xk)shI;V?tTo>U
zieU}neXs-`MRgp!&dhK;)Ql%XSDP*k0X=CB)TStc8gVVuR5i8n&ZzQzQ5}y!&CEPh
zxt*xBKaN`CTQ(lF-poW&RQa5!a@E&!{`D!>k_0t85;d}Es3n<$T9P$3z8lriY1A>h
zfqa-bcTnXXVi^91hp_MlcE8T)M)Q7&9bpEN2UV|P1m|BJS0h0UH$=tT+k(AO4Ub2y
z=>pWqSE4?ocA<{nCDbu{fm-u#s2NJI$>aan&W1{_iYnIvwKP3k0-Ev&)DoPqUPg6v
z4>h3wP)ibNvuP*}YK=3ZrnC?GH!o^Ht1v(ALk;8uYSYEqVrDiiD(>bbppGh_UX6`0
z3wA|qnmMS3m!a0whg!0~QE$F)s3i;Xnavd)HGuf2cC%SaqL#FdwGHw>{QDmQnwnv#
z5zWFPxE3|?$EXgRt>#H1qh=xlYUXlTE1}A@Krb(<_NXQ6w9WV{Y5*?kK_{XA@Bfz&
z&=c)Kz3FbD3VuQDiJ05Xz*3-QA{Xk(N?Yq;2=Pv+C!c`&SYD25XA`RYA=HCjMGfpF
z`v3j!e+2a8fji8UCPr<NlsFYbQ4Q@!Ey;Q7byUL-QM>swHsQ%VJMB-qc9|dBO~y9l
z$JlK;?uFNh4?_R%|2EoV-svq+Yd;CA;||m&iniAbtQ2aBE1+ID)lnUfMtz%|fO&BZ
zmc-krS9;ogX6CY@maG_RX6x+Z{A;RO*@Pap;80ZhG}O#2w)tCZ`XTFi>uu``)ZX}l
zn!zah&6_nb>V1(HwP_2YPFwN)u6d$LBxq`XvNlBjz)%%?phn!=Is&yhr=y-|4XVRK
zxC;M5y~5oCW`<s)&ilWZ2@4!FOWMpOpiirAs1By1)^sUqs<)v=ycgBMpEwUM+Vq}>
z%oO)SZK|P|9>=0O+KAe;S5X6gh9Ma6r%89y5zwy8kLtJz>J&6bH8cpdmP=8`<^ig~
z|4?fi?Xa1-c&NRQ0+pWzm7mvI6!jrj2KDA_hJ0GOPCo+L-P2K@YRgeidJa|a4(eEa
z#`5g$_(#k)oJL1Y`T*1br=gbcBC6wCsQQmk1M(j8IKN_i)B}#iSo-{5Nk9YGidurB
zsHwb++I+WB1A1rkgN~a9<6ASJIxL8}F$}eIJy0{+57queo4?TJpU3F*?_4FI<MR;J
zanK2~RxwcnN{@Q7yr_nY<3TKo>Nx62k24bE;uD;WQJJaXr_A1&blTLLfm)(@sCE~l
ztC4La5Q_Uz9lS#Ai4Ukx&zNV-48%dLVQN$Z#V{vULA|I3Vh4<K);!2S%tm~KjYptn
zawlpDPMqcZE8(%t_z%kv4?bu9#8VBGzYKL=H={lc_gPP2YU0<hBv1SW*AXvq!5rV`
z_>lN#)E>C^mq~w*dceSooPWJAl3p}_GD(jbS#3;(-EDjdW+uKK^<KDws`n5zBd<|Q
z6!Vf9XkrW_o(^|mE7a1ay=;~s8)|RmatWxxvZybQHBk+9Ms1!xHa;G;G~uWjnU8uk
zuR{&wKI#cyqL#*c#l+*Fj%`|NepG%%)ce4#M?jmX3#x<OSP2K&^rNULKWpPRtPfBx
zrst?9d5dZ|%2kt|2y+lmf!VPtro;Xif(tR9&i_6FdV+sZBl2D|CPAIwoT&3(2{pi9
zP&3pH_06XTY9Lckn{6g$!9&)Us9m4zZ!;qysCaISrt@EbfI2RXde=8VO<5Cchuu(X
zcMY{^?xB|IBkGA0TsJeA&YBH1V|h_~sU&L2n%MNtHr^lO>HLo+pkuhex&fIQ{za2{
zvVT!~<O{07XgAChW<t$CMbrS>VioL$yKy&aX$Rgkn{qg6sV1XlavAzR|JM-6OhN=|
zYObSp^&M2hUu`_{ExVae9p^{o*S0o6b<hSiQ~gm-J{dKmi%^?(6KZLn-s1f0%@=gr
zJW*QI6P7_uVRP({olze~Pf#7izGL=4I@A+}qCST6qh_)?s(v%nKsupjaF|V>j4C((
zj%y06C*d>+hfp&x{jS*)vr*p-H=-K2fO-+#L2a_<s2NCd&*Y~;y)kpzcpl6|yd-LX
z?NI|7X5+J50<B5-19je$+&ACrLs2u~VqKhz>gX+MCcdCvP-!2Sr7De@>ZYhSVi(jV
zos1g58dS%BVIF*nS`s(aLsKy~YAQ>irmhm|*wwZ1E~qCTU>#-Cr=dDtgqpdH7{aS~
z3$7-9=@A1WKJ+o|;?gH(CN@6xFM;bEBcStq4K;Q5QM>aI*2WiD3(Gz;&PMHl7nl_T
z{xN?l&VixC>!6-^IOfH5HvKMY3FAID{e}4D{AD4a-JBOSB{fm!x;1LedZAu06Kwu8
zR6{Fl{$|utoI=gqbF6@$Q16p6FU)SQfQtWu>Zdg()%ovBKx;b<^$wqB3#>=&()~95
zJZf$4qxMSVmu9Atqn02oYKijLcnQ>ttvagx)|dmkU`AYkt`ZItP{DsuPZIN$c~^&`
zc7IJ&{;#O=<8c7)!a7*^wfSl_85<Cf^2YpuqXp`{avY1{JKTYJ-kNeR-g5qPkx=QK
z`74nDs1Ej^X5s~E>OJqx6GTQmVQkc%Nsh|TfTJ-RYU#G1K2r{%cKsPt`3E-rC2B@K
zz32Sv1r+$N*#l`%r=TQGz=}8+FXMQu|H15uhp2MSe`Y{YP#wfab(j*>L0;4n7DFA|
zYBs$m>J2#1B`}y{5ss>u_>-v^ih6<qsLfUiwFEU#9ksFf-B3?F0CnESqGn_{s=YO+
z)3P6RoG;q+=coa=fuBtSDN(yOJ8FsxV<?tG73_sua3bn>miuA`R28*UEv>(z1~>{s
za0=$e2-LtHpl0qF@_?@MmVie7&6@P9DUc7<P%+eQFORXX5$cIMqBd)PRD*L+173m}
z&^c7Od#D+FgCXeoX6mIu|DXR$5zu*Tgxc+0P%|*aIv+KatF3#j7g1~a4Ao&=USB$%
z=`aM#p$6UtwHF4UW^y>H+yeCf|9|!o&{`iwt?>oaQanYC`~#-NNFJ|$2C|?UE{uAY
zS4YjjFwBc%F(d9pJ;)=}1HMIV_Q+mSFFm@-s82uzJE9uuV;yWAh3aq;YBw)K)!TwP
z??+Knoi4!ZU*kNe?+=Agp9!^XdIQu<HnaX3;59%0A4h^3n1Y(hMb-$^fDTztVo~CM
zVOESAXa-&!wO1;kI<AFU%C4vxor-#Z)u{S=Z2IRw*HnxbWCoA|waKzsi=rB?f*G(5
zs-c0XnV5oFswJqk-GF+KW2iO0g8A_i>a!$wB(MM5aAnkk^>qo9CNRV%96~jG5;gK0
zHvSGniARcT8q9~eiFZVOPgsCjlAWl{b{gY&cyXZ~;0gZ^Klv83;a41tZq{HkC2Oz<
z36C)grjKemsDT>DFw_jpMm^a+tcrJ01Irc745S&VgMp|4twy~scA+-;LDUkTHtDW&
z+h#mMjqr_)f5A$`qeM3qYoeyQ3F<U-Kt1V1tdBEM1AUDxF*t_VjGZwyUo3j!2xeqB
zKM>X%F?t*??+-qILkMUp!%$Dw154m^EQ^1k);w8UQ!yuIB3=gdWSvk?+7nfOB<fAK
z3iUwiQER=;#`oF$<C6ZJvjp@cmu$u@)Fygh)8C=q-Ct2}%7pRklw%>{%}~c|HtNY1
z;7W`@ec@;n-#kDw)aLGm8sKnrbzH_0(2HgTX2;E_hVP=DG(`fh|L1|_P#w%beV(sI
z?UhGZ0ple!^%`L*l|wDz6;wOv_{EXTSk>A)5$8W635!T5j7L#Z8OU#-YqKS?7Dtt9
zWgU;{h;O!DwSGgrlG7zIR>IE2yQ12?iI?y->eL-e%K6ueBxW*WVQfLXHAYbZ)Qp_R
zZs<vFUZFiOFY(Ek3;)D0{D4!jPztaA{{wImHK2|u&48z18R9<FOni0;EFzF0mDibz
zM^K+?twPL{4o7XGQ>dxGj9R;AsLl2owWje?n>S%P)TYddbFcvFNzY>*Oq9m!G{?%g
z5#6-})Irm<UjJ{wv_pLs{E0fJ=dc0C=N{^ml*nK@=#Hw_7q$6@Sx2E}Zaiue&p>U$
zWvC@sg=%*vvV^X4ihwr98&rkl8BGIO(f_p^wfk$L-i#ekpJD@0r(rhgi8tH)ov4{P
zY2z<Y59DMr?}zB98B2@)zyHfaAe4lPs1Ev|mSQxjVus9S0J%~5l~4n1h-t7r>WRjq
zUQi2AYrY1xN6uk!jGV;`pd9M6pfM)U`Tv!G)^;4`!-c3la1p2Ad(@PU&T5`?3hHBY
z7OLKQn|=UQ@0j%o>Pe$!GgF@wHDlRP1E_$m-pS1g=(u%6orbBXC*Ol1c-+RHSwC0<
zvzsT5jcO+aYKAhQ23*Km3bjWnqsrAly-^!x=lm<7D+zi<_QwJ^43FUsT!JG)z5ag>
zkR^xL|I27su^H(@`G;OP@Gj~}<K;2~Pm5|d2WG*-s193UKkSEEvUj=c=YQnfUgr%7
zaZnjSdCcxkgk_1RMm<>@)TZo%>M$Hteg&$7ZOCD9PTBmksCu`N-R```MwlqCiT88~
z=*ef{Z@37{V1|6=bG`%WRl68<es7^RRs8(s#ZwWrWc^Vusuh?M|FZd!3Yg7Z5OsXp
zU>MFueN4O82<US^N<pvxHyz8MzOf8Mb+id<;$tj{#R_@-zdGq+Q{vZAo2po0Q@<Xn
z-el{an3nh_+=Z!%c>TXed>yyz{HHH!zJT09y$4bhGgDIz>k;pOnt_AZ3cbb6l(t1p
zX<saX^HHbg2I~05FJT^}FlvUnp$0M!HIw@=xjz5j5zy4d4KwfLFw_gDJ%->=48tX;
z^L`I=VdRqLRa^-5J}7}YR@G2@qz$Uw5vV=13ESgG)ahtdiakUBPG<tzG{Z0mN1$G<
z<4|ih1GR~cqR#zQR7WpS9S4^-n=mo9Bc27-&NS4UayDvawxarZjym42(A7x35Rj3|
zn1*6u2=UaYuT-UMdVOmL98LN_oR5*qnmw=_wRiTRmgWO$ASue3S8`g^_l>fsS9bGq
zoPRw@TM`Q55Y*<`j_L6QYRwXqH=qB7P`kD{Dt!X#eenlss-K|Fd*TXasY;_xS8EK!
z&Zt*(4-CV>6<jm&eI#hg|3*#K1JqO}uV}s*<woU)p*CA3)QpWmJ;_v?KN~X>Uy6F5
zQ>Zs<<Vt3#LQykN47Hc)y9Bhh18jlus1eUaP5n}ghdWR&n$y?<Z{q+gTiKM~Z#{<E
zoae9?239ersvkBdz63SkpsMDx!i`QqQ=JVb;m_#*?uXhWDXN)Glo_?F%cC}BYt+~7
zS*R(0gE25=bu)9>urTpbs166B_QY?f2U&&8u<Ps~pa##Po;0wAS<A$z87PN(K{dtz
zoQ0`y9%?u5Le1D-)LuG*dIR1@m5=+A8F)g}9>|9}|An!f&VOeDnt{z26|bQhet=rz
z$Ebn5Ml~4eXOkZl(-Mz?dh%STfs{Z!ad~SsR6DiNgH5n5Hbej4|7|6piic1YPvS_t
zfI7d8Y8v~Yo_r=Y!L6tzNmR=mul!h@cs<m>R-$I)1UA6?s0R$IZLEy`KmXSupxxaL
zHPRlK2?wBFoy$<W`YdWsd_t{Z<T~a!CPAI^a@H!SH|Wo(_S&N!um`Gse~gPG>u~;4
z6PQhcj@3@=h@Y`4wyW#)|0`7=s-mZ!F$QW$lAtzKb_~IvQ3L6LI#qpbe2jGxYER9;
z8o0KeJ^x=xXhlMj`sQo5i<;Ua7=jN`$0|w#Gtk0Vlz2Z3Lm%pW@c}ikm<`PgrNNBE
z^P(Q05o#veqE6Wqmw<Nn3Dnw0X=HYPEYxNxhDtAiYM>lyPyCE}<8?)?>3ocjt89EX
zs^g=W9ABXxAZBB;Bw?s_+=>L$a2wPf=z$v9Kvcs%)Unx*YUnWT#Cxa#>gu35|KZ|?
zrOtIKJyu07kM%jnsvF^sI!0W4e7Mdg60dVlqmkda(-A(!-GoAXlsj2)HHE9%O1}~g
zppoK~^>T-hp4sNTC-1)POb_!D`G0Z$O@1|8LSBFFqqO_CzZ~cPFaaHt#S|DqxIN)m
zglAEyA>k3+`M7m`A?+e%>f;k`U3!`1<B4<HxY7pFLA)R0j|kVKO<jKy{zAV0qJO6c
z8T)PKHJhG@P7;weh&wZl7a(4Riqi?lCakL!VgE&XWEzagU4pdDwyhh4GZC&z`974{
z!JVJ9C#2mbttI8vzw?)A#{b`Uc4U1h@Pw4p#QRa9KhCCsblmeu_t|oFZD&&{zlnPn
zx2}RV{{_yqX?z$uu_?dE6wxms`TO_3os^b~(bdGG+?Oc4k~_EUK=})8LkizuAUU{G
zQzz{YWp*jfJ;RpGNw_%W^>w{9<@oz3|4VHxb-(wokpId?BA-M4s{moO`;B;KD(%NG
z;&Ewsi!C#T@EgLHDd<w>nZHqgb^m{|lUAR50Qo5?`#bqn2)D#^_zUkJXDN}1+*i4m
zaeu$Y5WYvGGiB~^^HTI*r}%Go^7aznO(XHRPtkZLIx0#!FH5HrX-l{(aGxVy8|&D%
zyHURf<#oBaY+xUid)fk<NxNw~YfL)7Q{WsW?;MR3=FY~gcSI4=?vpo^aB9l)6MQG1
zZ6l{`_X=rkNZU)iEal!(cM9Rgq;==-pPbG_Zjh*Jkii*8W4}=`K6wxAKr-2e=a8mr
zD)H8o8OYs;cuU$CKsX-duM*eGY7k|k5kJnIiSQB9^ixq?$0)x_KYt4&L7zqwx%o!z
z@HZpQH5#vp>ACfVGqDCj_$XGvt=OBgjVRZNdkwd)uB1;Te>II?$Bo>BDW~fX%)lK?
zny#yq$)ioPiTe(bp=55Mp({9uv{Gu+79K{!x_V<no7RVNQ>d4Pcv9}0b`T|yzln2x
zx8+oCBH`B<N}calF9QDam(^DMp3#g(buIM&mvtxqD;3Al$R(RMz&13PIDbRSkM8*)
z6ZbURRxeyYnd7vP)V9-{v>J9$IY=w(|M!;!lF>*J?nhLZN1>&JbMT~XD11hZQ|75{
zB#iX=q_rkK$PPkTLr6<QJ^p6Sxj}q5_eJtc(q0kjG(%nO38&yr&+UKy{A48LF3kOe
z3bn}i#2te>7jga2SXU$(FT|~@Dd{H&e<a+4`ypjBkv5OAB~*ZG4DqGh&AEru_F>ZI
za(^bipK__F|Etdb0RjbV!?}r<vmF+r(k#+5(D-A*=gHI6fHZ!g$$yn4oSMAS#LiIe
z55oVDmXxxwxF>R-qU>qz>*UQe)toJq(dAaQfpsSC{AWAaW7BQ2|F;^O(}Aui7-aL$
z+BBu}{nFu2Y|aSoPNeHA*jCET#u|8$LBuC7h`i>6ckBHBcx|_h@;B#B4+{1qQ|+(h
zPDOk)PY}pmiufq*4BX#{&&TiA?=}!f8>^_J%Zm{hK-mvJ47e$O|IGg!jxUN79)b<X
zoW%Wtf=w_9>9@FbWu=kD+~Y|9U>mMNc&iPoOd0CM<*rX#E4l9x{(kugwB_DGdk;vD
z&Yf5P{x&0b7F%k!t#Aq}*|b-5qN}XUQ+OM7bamw}XVY6#ZWrk>Y~Ft2>ulaSJII69
zJ>>16u7Ca?5J|wO-rxl)&!W&PDwd=`1UAL-<cD(aC#*ILQMLzx%#^>3;pFLR!Tp-N
zp~@r7?<zPo2q&Y>g_PxMBY&aEcMi%d*7_$S^8E@X^Q;~H87j50Vdd*f=OWTpP-Z)g
zP9iTq_j%IK+s>cS=%3_gq+BKLv)sRv_Wf!{UK$%2Mfz?%|AQYoQC=h(n@-yA6rN!7
zMpO7Tab5fpga2<kve>*Gr2k{{UXV75{I0l>&UNVz94UyWrA!^d$qBDj23Mf}-(M2w
zMy1Kz$*DA+0^hHc#D5`O*GL?Lw@Hi6fU?uzNNi-wPw<ywL*g0kD%}5Yzu?yO2jxoB
z#!~9&>dx(7e?=;gaf1er(D-@^DB~CID5Q0vVj|M-kbZ{vO2S<zABN*eTSI;U;<E{7
zCA^cn9N`n>>xxf&DEB??oYWs^)BpJ1|9cWb$@I~Pu7rdOQE)x+yTmKgn65jdCE?yk
zI1g!w$)8Mo4)K__ZW7uWOnic^6N(3Ihnp#@Yc*-bD8D?2jOkMswe|lVo<FOz|G#`(
z*y?MjvW22W8PfObK53na|6#jaMJqoOFJcSKCI1TbCy`$tXA{q2+iPyi9HveOJFK&s
zhs6{qNJ1QL{uJqK!os$LaPkt+K`T5!+A{8o<X7j`wVgYd{C(7mMVTq&*XDjl_zAZz
ze(>YGBu#&=zKOGNBX#&OiL+Mk!SysYoQ#g#pQ$uNwYZ8==ooovZ9^uNK@ey`dQAMu
zCYGY?f7Gvs>+qhfbB_Ebbo4XvLe!~FUT*w~Q^|X%?Y4kOTM}<kC<cWG6W4W;u&$o?
zFZsIS<7Sno?0B1|^dh7kBkdsfTFOVp-pb&LAgn(VzhZE&xwlg9A8sG%?jru9%Ozm~
zcQP6Z#c13;$%~*uQPQpw&Tj{#@(&14=kBFEY=JqrD^hO_e)^%T%Ik_kdOYrY<h?ij
zx=wpra5NqLc-5pKT`z5VTq^1cw&~GGPfvKZ%`Z$|JR04{otQRnnhu<jgxC9Pn*aP|
z`@2ZAu>L<3t0>spHmV|5Y=d=dhy42c|E?KSo=5qGHmxFM`3Zw_fVBMFgK38!D*x{q
zLH-_M&&eCX%`bpCQEXp3DHo*g!RNSV+D@}u|D|v+_hsAEuY^n3hIf(Hhx--{O}34#
zv-P^#cp5vvmekYbBRv)Nqm4gE%TKr}W!zary4%X5tQ$!iOJ;=a@Hmwh+3;Q}*5^)X
z%Mx_j*>IpO^Nh6R+<M9X$^HF$NI8!!v%w71<#$?4b_WX1rPFN`C_qvV!U0t1&7F?;
z4C0R{)0g`j@lM=P3G4csI(x|<MtBSNJn9t0`?NiWu&&bv=L2cmY`sHT|Hed0aF?fn
zLv}Dpv4Rb&UY;Mq*J!Xj@o~1{CH9HDv=NtZW$szDrE81rh+hJA0&RJ{d%s_k^ga0d
z^^HOYh$N%HQNl;4{LW^+vEIg5<W<Md+^-0KrF?PjW`xU-Hk5j=Xm^3_ybtNRni!m>
zl$}TZWo~yhk*Bs`3KGWILMuq?%ZN*Jw<TRyVa&tbl?F@Nr{T9toh+oC;BHD<BHLMI
z${)355|H<|4Xd4ogx{JzUH)Ij{BeVX6=WQza%$q;h`%JBgnI&&?~?W(VO@XQ4i2G*
zJ1P$_hdU;BQOfE%Px-Oj->=JrQ<67|GWiHsq}~{RJFNc~Td)}gej+h9@to8wK)i@;
zu-^BUaG}c4&}r_>wr)7-{kR*D_J+HRzj6Ia+y8&vrT%j2UE>Z5BeItYN9^?UvlUOE
z{zm8pg{s?59uS{NdKnv^Lpb%+Tz%rX7fAU+ZbeMRot^M6_z(9n!ingmBE}^CmHQCk
zYNYKZT%Nlg;V?$9lCZAW#LE$HL%0`KW`q|=i;OvlC#UDVIGuQS03YIa3A~~(e^ubW
zw$sp96Lj{I7iz;B$RBCL^9kSL{zQIJ(kj#FUG5*R(zJ7sw7HaNY4d)jP7Mm>Cf>-O
z#v<y<O5sXmw&1=*g<rWZaO-MF-fyH&B0QeEr)?}MY5mAcOIjqt+im%_<e%gTJ;c-F
zFz!;Mb;N0uPi)IYr_Nfv=hBi;*Cs~T#_N!tf^cdYpK0?_63<Ab*|y9*OhsNeX$dI*
zEAdOXfjS+z7to=u+vH~?y%p*@i&4n?g}UxD0%Hm6vY8<?GMU1Mh<D>oPlXiRzmcXZ
zHu*VhSr2uy5${6!9*jjhd$>n(FCre7{Hyqt{O8>3i5Il(6vdZ;{Exc&Q(!v{&f&gK
zAze!h&S=sS&{$m?|BJHINXtchnQcf}B?-5qTrte+|8824l8?z*qilQi#oXM78OCpv
zu16XD1;A&*Gf3+|%erEaz7GeIrYkw=QAyKPiXL{VJa-|RHq+K?L0$&xto!~m8dHVu
z&bGh}3g{ZhebR>g3H)amWvbC=N6dwHY~vLu_mZ@9|4(`Tp4d5I(^^x0HRWHTt^@oX
zk#mue)Fa^-1xFHo%Dv4Ncwig<jGIjzrwREDh~LH;HtnM=U(1$nO<NB6Cy96BzD2ky
zY40dk9#fJXqPq52IX`|z`6&GT>PLmeHnM{Bfjr508Ypf%T1GfJ`9tvg70Cwv#o?sy
zpiVo=595wX8$)RGIJP3+-~SFG2e~Uz-~@?7u|4-_Ze4w;FqVeibH^Z@hWn1ma^_O6
zH1YTN;}t+zU2SlW4gXF2tZg$XgQ^tB|8*%lm6e~3|4hS9*p$pQ+(Cpdk*4b{<!<>y
ze9F?upSGcYDKmgPU8nS>j&Y8fT}aJH3D^JbUO|2}VqHlc$sL*SVq2#e^|le;XCL4h
z`MM_A{N%JYk-RimjJyq$O+fy0(%O->i*k{Fc=*$#<)utC%7mMA*I7xzbs}-p@(<T?
z8cc6HtVDiv?oHg!ZRfqISC?DYTGG4I_;2|An*T%iDebhf^_1U{vbq)ou*mr+c!oQ>
zP3%m;0fehjVAv0pCX$ww4tH|bw*#wVJE={%OQiQD{T+_6=?Mwfrk#(toHBX2?{Gi1
z_5GVH2@NNrPzMU>`j2=r?!(065nql8iLbyI{t|pVT18blE04!1vz~@G5YLOR=}6ZR
z+ir**RCQ}@%J}~TIiHGN3g5ID2dQ+;R&vPGm4W=sRET8bOTXunw~hNF>0Kz(>wkZ&
z??!AUsc~qvETwa*bz1oGicflf(npi{$o5{3I^(DtKwccmFR&H*kROe_#5h)A^52rb
z1mANvA}<qVrv@>rPiY_p_v9aYBiz<@@`!MBDox=2ejT8E3-U+N=m^5P-f|})?FyEp
zY%1<Z<lQCh6KNrIy3DruC-Gj?4biJJ9R(MWF`NQZNgPgi17Te~37@2q`P_%e`-S*M
z)RlpH_leiAWlbudrKF{?Wt3Kva30crqTEvAwd{bK5iY17Z|eG)#C_ZiZDutJKO{Vz
zyvE$8ZMi8l7L|BA?l!jL0faYk*WzACom!Ml%KeS}LBwy8-jZ9_Zt6cKuMGDaZnrW2
z(e?3%5l11Okoa#{n@0YlkrKAtpZJb@FzNltf5t3$xqrO6khjXFJ+am#?fccrwng0a
z|Ia&*&{+qYJDJSlws2i+Pv_aNJ7rFOZvkVIt}BkpP-lsaU$YMqleEa>Z)E@tNh?ph
zKV_PuuG{{BrQsuy#A!r+wj(`Hfh(j{unkR(Ga_k3n%`n&i#WOQ_u#3+cchH?b4Q$j
zh{wCVK@pJ--VB)9=18ikrH{0n`t-<yh)YMu2Tbj8^5oQJr<z4vJ{3P;>QCotMSMQ@
z(K9vpuMZJ%F9t@AD0}@E&(uRV>PCd#>=hJo_};64h{KPHM~jI2wy!5*&AY7Lski<e
z64Cd=f+)VZ9#4v3->aye!jXKX;&}3SeIw&}@&x)WC-O}3gbzsKiR)XC#8WWH_avof
zV-(+_jGm5>!#n2iMD<n4;o0NyEzadB66~u`#FLkr#XQBmzH=o!83TQ#%Xpp!hBvI}
zspm^v$&<+wUcG`Ra(Jpro?u`9%AT_U;r*(6y7|)9@T^Y}BUkpEd9&v(6p|}X;k<c#
zH#>O>d4h6><_*p5OVPzMFnf5B`JUEMS~Tz6qE*L^&1cN^r1PDa@5vA~pjG!);cr%Y
zwuSFn<;moWz1p)l!1w1`&zvBi8{sJw7`|kyCv|w}R?m#^#M?Yye95+Z-Uh_#-pVQ6
zy;bv&&Ru%8>({P%c;?-nH{mCDGq?(SJS}|t_IP#&gnv5VsS~-h=`nogK~Kg1MWP+@
zr21bZ=OIt!$aY}9A%{GxJ-!l$J;^=34o5sWqWEr{@tpC5A3x`*>&tuIQz4RX!4*%@
zK;Mh&p2yLBkDhq8c*37O^F;BTf96@|4Ilr)vogHfOHU$ShnJoe!M=!(o*_|v9fG{)
z0)lIF>A_&TbZ+G<8|>Zh^@T+De)anD#`4|^^p%S5P45YBo4~s`{?F}tcIn=^c}Vk)
zAuYSK=+&uJ=bl}Br4xD^MDlG(?p+%k&ho|g4b0$O8~DFr=gjJz6X5$4>V4wz_08oy
z5!H9JsCTH>SHFb!uGd$wl(#`(xVOAF(f=x>D({^T6n?#mw`BOWYTlUPr>lCS`Bqf*
b*7Ybc*jKo^w`O4YrkdVSzM-|e*F*jfhks>#

diff --git a/geonode/locale/it/LC_MESSAGES/django.po b/geonode/locale/it/LC_MESSAGES/django.po
index 154a9219bfc..f698c7205b5 100644
--- a/geonode/locale/it/LC_MESSAGES/django.po
+++ b/geonode/locale/it/LC_MESSAGES/django.po
@@ -39,16 +39,15 @@ msgstr ""
 "Project-Id-Version: GeoNode\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2021-07-08 09:02+0300\n"
-"PO-Revision-Date: 2021-04-29 13:43+0200\n"
+"PO-Revision-Date: 2023-07-20 11:35+0200\n"
 "Last-Translator: Julien Collaer <julien.collaer@opengeode.be>\n"
-"Language-Team: Italian (http://www.transifex.com/geonode/geonode/language/"
-"it/)\n"
+"Language-Team: Italian (http://www.transifex.com/geonode/geonode/language/it/)\n"
 "Language: it\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Poedit 2.4.2\n"
+"X-Generator: Poedit 3.0.1\n"
 
 msgid "Request to download a resource"
 msgstr "Richiedi di scaricare la risorsa"
@@ -60,8 +59,7 @@ msgid "Request resource change"
 msgstr "Richiedi di modificare la risorsa"
 
 msgid "Owner has requested permissions to modify a resource"
-msgstr ""
-"Il proprietario ha richiesto le autorizzazioni per modificare la risorsa"
+msgstr "Il proprietario ha richiesto le autorizzazioni per modificare la risorsa"
 
 msgid "series"
 msgstr "serie"
@@ -199,11 +197,10 @@ msgid "Free-text Keywords"
 msgstr "Free-text Keywords"
 
 msgid ""
-"A space or comma-separated list of keywords. Use the widget to select from "
-"Hierarchical tree."
+"A space or comma-separated list of keywords. Use the widget to select from Hierarchical tree."
 msgstr ""
-"Uno spazio o un elenco delimitato da virgole di parole chiave. Utilizzare il "
-"widget per selezionare dalla struttura ad albero gerarchica."
+"Uno spazio o un elenco delimitato da virgole di parole chiave. Utilizzare il widget per "
+"selezionare dalla struttura ad albero gerarchica."
 
 msgid "Regions"
 msgstr "Regioni"
@@ -220,11 +217,9 @@ msgstr "Licenza"
 msgid "Language"
 msgstr "Lingua"
 
-#, fuzzy
-#| msgid "Users"
 msgid "User"
 msgid_plural "Users"
-msgstr[0] "Utenti"
+msgstr[0] "Utente"
 msgstr[1] "Utenti"
 
 msgid "Permission Type"
@@ -258,41 +253,37 @@ msgid "version of the cited resource"
 msgstr "versione della risorsa citata"
 
 msgid ""
-"authority or function assigned, as to a ruler, legislative assembly, "
-"delegate, or the like."
+"authority or function assigned, as to a ruler, legislative assembly, delegate, or the like."
 msgstr ""
-"autorità o funzione assegnata, ad esempio un regolatore, un'assemblea "
-"legislativa, un delegato o simili."
+"autorità o funzione assegnata, ad esempio un regolatore, un'assemblea legislativa, un "
+"delegato o simili."
 
 msgid "a DOI will be added by Admin before publication."
 msgstr "un DOI verrà aggiunto dall'amministratore prima della pubblicazione."
 
 msgid "summary of the intentions with which the resource(s) was developed"
-msgstr ""
-"sintesi delle intenzioni con cui la risorsa (o le risorse) sono state "
-"sviluppate"
+msgstr "sintesi delle intenzioni con cui la risorsa (o le risorse) sono state sviluppate"
 
 msgid ""
-"frequency with which modifications and deletions are made to the data after "
-"it is first produced"
+"frequency with which modifications and deletions are made to the data after it is first "
+"produced"
 msgstr ""
-"frequenza con cui le modifiche e le cancellazioni sui dati vengono eseguite "
-"dopo essere stati prodotti la prima volta"
+"frequenza con cui le modifiche e le cancellazioni sui dati vengono eseguite dopo essere "
+"stati prodotti la prima volta"
 
 msgid ""
-"commonly used word(s) or formalised word(s) or phrase(s) used to describe "
-"the subject (space or comma-separated)"
+"commonly used word(s) or formalised word(s) or phrase(s) used to describe the subject (space "
+"or comma-separated)"
 msgstr ""
-"parola (o parole) comunemente usate o parola (o parole) e frase (o frasi) "
-"formalizzate usate per descrivere il soggetto (separando attraverso spazio o "
-"virgola"
+"parola (o parole) comunemente usate o parola (o parole) e frase (o frasi) formalizzate usate "
+"per descrivere il soggetto (separando attraverso spazio o virgola"
 
 msgid ""
-"formalised word(s) or phrase(s) from a fixed thesaurus used to describe the "
-"subject (space or comma-separated)"
+"formalised word(s) or phrase(s) from a fixed thesaurus used to describe the subject (space "
+"or comma-separated)"
 msgstr ""
-"parola(e) o frase(i) formalizzate da un thesaurus fisso utilizzato per "
-"descrivere l'oggetto (spazio o delimitato da virgole)"
+"parola(e) o frase(i) formalizzate da un thesaurus fisso utilizzato per descrivere l'oggetto "
+"(spazio o delimitato da virgole)"
 
 msgid "keyword identifies a location"
 msgstr "parola chiave che identifica una posizione"
@@ -301,11 +292,9 @@ msgid "limitation(s) placed upon the access or use of the data."
 msgstr "limitazione(i) sull'accesso o l'uso dei dati."
 
 msgid ""
-"other restrictions and legal prerequisites for accessing and using the "
-"resource or metadata"
+"other restrictions and legal prerequisites for accessing and using the resource or metadata"
 msgstr ""
-"altre restrizioni e requisiti legali per l'accesso e l'uso della risorsa o "
-"dei metadati"
+"altre restrizioni e requisiti legali per l'accesso e l'uso della risorsa o dei metadati"
 
 msgid "license of the dataset"
 msgstr "licenza del dataset"
@@ -314,11 +303,11 @@ msgid "language used within the dataset"
 msgstr "lingua usata all'interno del dataset"
 
 msgid ""
-"high-level geographic data thematic classification to assist in the grouping "
-"and search of available geographic data sets."
+"high-level geographic data thematic classification to assist in the grouping and search of "
+"available geographic data sets."
 msgstr ""
-"classificazione tematica di dati geografici di alto livello per facilitare "
-"il raggruppamento e la ricerca di set di dati geografici disponibili."
+"classificazione tematica di dati geografici di alto livello per facilitare il raggruppamento "
+"e la ricerca di set di dati geografici disponibili."
 
 msgid "method used to represent geographic information in the dataset."
 msgstr "metodo di rappresentazione spaziale del dataset."
@@ -329,12 +318,10 @@ msgstr "periodo di tempo coperto dal contenuto del dataset (inizio)"
 msgid "time period covered by the content of the dataset (end)"
 msgstr "periodo di tempo coperto dal contenuto del dataset (fine)"
 
-msgid ""
-"general explanation of the data producer's knowledge about the lineage of a "
-"dataset"
+msgid "general explanation of the data producer's knowledge about the lineage of a dataset"
 msgstr ""
-"spiegazione generale della conoscenza del produttore dei dati riguardo il "
-"lignaggio di un dataset"
+"spiegazione generale della conoscenza del produttore dei dati riguardo il lignaggio di un "
+"dataset"
 
 msgid "title"
 msgstr "titolo"
@@ -438,10 +425,8 @@ msgstr "Questa risorsa è stata convalidata da un editore o un curatore?"
 msgid "Thumbnail url"
 msgstr "Url della miniatura"
 
-#, fuzzy
-#| msgid "Dirty State"
 msgid "State"
-msgstr "Non ancora aggiornato"
+msgstr "Stato"
 
 msgid "Hold the resource processing state."
 msgstr ""
@@ -621,25 +606,17 @@ msgid "Reason for the request"
 msgstr "Motivo della richiesta"
 
 msgid ""
-"To allow the change, set the resource to not \"Approved\" under the metadata "
-"settingsand write message to the owner to notify him"
+"To allow the change, set the resource to not \"Approved\" under the metadata settingsand "
+"write message to the owner to notify him"
 msgstr ""
-"Per consentire la modifica, impostare la risorsa su non \"Approvato\" nelle "
-"impostazioni dei metadati e scrivere un messaggio al proprietario per "
-"notificarlo"
+"Per consentire la modifica, impostare la risorsa su non \"Approvato\" nelle impostazioni dei "
+"metadati e scrivere un messaggio al proprietario per notificarlo"
 
-#, fuzzy
-#| msgid "Service rescanned successfully"
 msgid "Resource Cloned Successfully!"
-msgstr "Il servizio è stato analizzato di nuovo correttamente"
+msgstr "La risorsa è stata clonata con successo!"
 
-#, fuzzy, python-brace-format
-#| msgid ""
-#| "Some error occurred while trying to access the uploaded schema: {str(e)}"
 msgid "Error Occurred while Cloning the Resource: {e}"
-msgstr ""
-"Si è verificato un errore durante il tentativo di accesso allo schema "
-"caricato: {str(e)}"
+msgstr "Si è verificato un errore durante la clonazione della risorsa: {e}"
 
 msgid "Resource Metadata"
 msgstr "Metadati delle risorse"
@@ -675,237 +652,219 @@ msgid "GeoNode Client Library"
 msgstr "Libreria client di GeoNode"
 
 msgid ""
-"Flora and/or fauna in natural environment. Examples: wildlife, vegetation, "
-"biological sciences, ecology, wilderness, sealife, wetlands, habitat."
+"Flora and/or fauna in natural environment. Examples: wildlife, vegetation, biological "
+"sciences, ecology, wilderness, sealife, wetlands, habitat."
 msgstr ""
-"Flora e/o fauna in ambiente naturale. Esempi: fauna selvatica, vegetazione, "
-"scienze biologiche, ecologia, natura selvaggia, vita marina, zone umide, "
-"habitat."
+"Flora e/o fauna in ambiente naturale. Esempi: fauna selvatica, vegetazione, scienze "
+"biologiche, ecologia, natura selvaggia, vita marina, zone umide, habitat."
 
 msgid "Biota"
 msgstr "Biota"
 
-msgid ""
-"Legal land descriptions. Examples: political and administrative boundaries."
-msgstr ""
-"Descrizioni legali dei terreni. Esempi: confini politici e amministrativi."
+msgid "Legal land descriptions. Examples: political and administrative boundaries."
+msgstr "Descrizioni legali dei terreni. Esempi: confini politici e amministrativi."
 
 msgid "Boundaries"
 msgstr "Confini"
 
 msgid ""
-"Processes and phenomena of the atmosphere. Examples: cloud cover, weather, "
-"climate, atmospheric conditions, climate change, precipitation."
+"Processes and phenomena of the atmosphere. Examples: cloud cover, weather, climate, "
+"atmospheric conditions, climate change, precipitation."
 msgstr ""
-"Processi e fenomeni dell'atmosfera. Esempi: copertura nuvolosa, meteo, "
-"clima, condizioni atmosferiche, cambiamenti climatici, precipitazioni."
+"Processi e fenomeni dell'atmosfera. Esempi: copertura nuvolosa, meteo, clima, condizioni "
+"atmosferiche, cambiamenti climatici, precipitazioni."
 
 msgid "Climatology Meteorology Atmosphere"
 msgstr "Climatologia Meteorologia Atmosfera"
 
 msgid ""
-"Economic activities, conditions and employment. Examples: production, "
-"labour, revenue, commerce, industry, tourism and ecotourism, forestry, "
-"fisheries, commercial or subsistence hunting, exploration and exploitation "
-"of resources such as minerals, oil and gas."
+"Economic activities, conditions and employment. Examples: production, labour, revenue, "
+"commerce, industry, tourism and ecotourism, forestry, fisheries, commercial or subsistence "
+"hunting, exploration and exploitation of resources such as minerals, oil and gas."
 msgstr ""
-"Attività economiche, condizioni e occupazione. Esempi: produzione, lavoro, "
-"entrate, commercio, industria, turismo ed ecoturismo, silvicoltura, pesca, "
-"caccia commerciale o di sussistenza, esplorazione e sfruttamento di risorse "
-"quali minerali, petrolio e gas."
+"Attività economiche, condizioni e occupazione. Esempi: produzione, lavoro, entrate, "
+"commercio, industria, turismo ed ecoturismo, silvicoltura, pesca, caccia commerciale o di "
+"sussistenza, esplorazione e sfruttamento di risorse quali minerali, petrolio e gas."
 
 msgid "Economy"
 msgstr "Economia"
 
 msgid ""
-"Height above or below sea level. Examples: altitude, bathymetry, digital "
-"elevation models, slope, derived products."
+"Height above or below sea level. Examples: altitude, bathymetry, digital elevation models, "
+"slope, derived products."
 msgstr ""
-"Altezza sopra o sotto il livello del mare. Esempi: altitudine, batimetria, "
-"modelli digitali di elevazione, pendenza, prodotti derivati."
+"Altezza sopra o sotto il livello del mare. Esempi: altitudine, batimetria, modelli digitali "
+"di elevazione, pendenza, prodotti derivati."
 
 msgid "Elevation"
 msgstr "Elevazione"
 
 msgid ""
-"Environmental resources, protection and conservation. Examples: "
-"environmental pollution, waste storage and treatment, environmental impact "
-"assessment, monitoring environmental risk, nature reserves, landscape."
+"Environmental resources, protection and conservation. Examples: environmental pollution, "
+"waste storage and treatment, environmental impact assessment, monitoring environmental risk, "
+"nature reserves, landscape."
 msgstr ""
-"Risorse ambientali, protezione e conservazione. Esempi: inquinamento "
-"ambientale, stoccaggio e trattamento dei rifiuti, valutazione dell'impatto "
-"ambientale, monitoraggio del rischio ambientale, riserve naturali, paesaggio."
+"Risorse ambientali, protezione e conservazione. Esempi: inquinamento ambientale, stoccaggio "
+"e trattamento dei rifiuti, valutazione dell'impatto ambientale, monitoraggio del rischio "
+"ambientale, riserve naturali, paesaggio."
 
 msgid "Environment"
 msgstr "Ambiente"
 
 msgid ""
-"Rearing of animals and/or cultivation of plants. Examples: agriculture, "
-"irrigation, aquaculture, plantations, herding, pests and diseases affecting "
-"crops and livestock."
+"Rearing of animals and/or cultivation of plants. Examples: agriculture, irrigation, "
+"aquaculture, plantations, herding, pests and diseases affecting crops and livestock."
 msgstr ""
-"Allevamento di animali e/o coltivazione di piante. Esempi: agricoltura, "
-"irrigazione, acquacoltura, piantagioni, mandrie, parassiti e malattie che "
-"colpiscono le colture e il bestiame."
+"Allevamento di animali e/o coltivazione di piante. Esempi: agricoltura, irrigazione, "
+"acquacoltura, piantagioni, mandrie, parassiti e malattie che colpiscono le colture e il "
+"bestiame."
 
 msgid "Farming"
 msgstr "Agricoltura"
 
 msgid ""
-"Information pertaining to earth sciences. Examples: geophysical features and "
-"processes, geology, minerals, sciences dealing with the composition, "
-"structure and origin of the earth s rocks, risks of earthquakes, volcanic "
-"activity, landslides, gravity information, soils, permafrost, hydrogeology, "
-"erosion."
+"Information pertaining to earth sciences. Examples: geophysical features and processes, "
+"geology, minerals, sciences dealing with the composition, structure and origin of the earth "
+"s rocks, risks of earthquakes, volcanic activity, landslides, gravity information, soils, "
+"permafrost, hydrogeology, erosion."
 msgstr ""
-"Informazioni relative alle scienze della terra. Esempi: caratteristiche e "
-"processi geofisici, geologia, minerali, scienze che si occupano della "
-"composizione, struttura e origine delle rocce terrestri, rischi di "
-"terremoti, attività vulcanica, frane, informazioni sulla gravità, suoli, "
-"permafrost, idrogeologia, erosione."
+"Informazioni relative alle scienze della terra. Esempi: caratteristiche e processi "
+"geofisici, geologia, minerali, scienze che si occupano della composizione, struttura e "
+"origine delle rocce terrestri, rischi di terremoti, attività vulcanica, frane, informazioni "
+"sulla gravità, suoli, permafrost, idrogeologia, erosione."
 
 msgid "Geoscientific Information"
 msgstr "Informazioni geoscientifiche"
 
 msgid ""
-"Health, health services, human ecology, and safety. Examples: disease and "
-"illness, factors affecting health, hygiene, substance abuse, mental and "
-"physical health, health services."
+"Health, health services, human ecology, and safety. Examples: disease and illness, factors "
+"affecting health, hygiene, substance abuse, mental and physical health, health services."
 msgstr ""
-"Salute, servizi sanitari, ecologia umana e sicurezza. Esempi: malattia e "
-"malattia, fattori che influenzano la salute, l'igiene, l'abuso di sostanze, "
-"la salute mentale e fisica, i servizi sanitari."
+"Salute, servizi sanitari, ecologia umana e sicurezza. Esempi: malattia e malattia, fattori "
+"che influenzano la salute, l'igiene, l'abuso di sostanze, la salute mentale e fisica, i "
+"servizi sanitari."
 
 msgid "Health"
 msgstr "Salute"
 
 msgid ""
-"Base maps. Examples: land cover, topographic maps, imagery, unclassified "
-"images, annotations."
+"Base maps. Examples: land cover, topographic maps, imagery, unclassified images, annotations."
 msgstr ""
-"Mappe di base. Esempi: copertura del terreno, mappe topografiche, immagini, "
-"immagini non classificate, annotazioni."
+"Mappe di base. Esempi: copertura del terreno, mappe topografiche, immagini, immagini non "
+"classificate, annotazioni."
 
 msgid "Imagery Base Maps Earth Cover"
 msgstr "Mappe Immagini di Base Copertina della Terra"
 
 msgid ""
-"Inland water features, drainage systems and their characteristics. Examples: "
-"rivers and glaciers, salt lakes, water utilization plans, dams, currents, "
-"floods, water quality, hydrographic charts."
+"Inland water features, drainage systems and their characteristics. Examples: rivers and "
+"glaciers, salt lakes, water utilization plans, dams, currents, floods, water quality, "
+"hydrographic charts."
 msgstr ""
-"Caratteristiche dell'acqua dell'entroterra, sistemi di drenaggio e loro "
-"caratteristiche. Esempi: fiumi e ghiacciai, laghi salati, piani di utilizzo "
-"dell'acqua, dighe, correnti, inondazioni, qualità dell'acqua, grafici "
-"idrografici."
+"Caratteristiche dell'acqua dell'entroterra, sistemi di drenaggio e loro caratteristiche. "
+"Esempi: fiumi e ghiacciai, laghi salati, piani di utilizzo dell'acqua, dighe, correnti, "
+"inondazioni, qualità dell'acqua, grafici idrografici."
 
 msgid "Inland Waters"
 msgstr "Acque interne"
 
 msgid ""
-"Military bases, structures, activities. Examples: barracks, training "
-"grounds, military transportation, information collection."
+"Military bases, structures, activities. Examples: barracks, training grounds, military "
+"transportation, information collection."
 msgstr ""
-"Basi militari, strutture, attività. Esempi: caserme, campi di addestramento, "
-"trasporto militare, raccolta di informazioni."
+"Basi militari, strutture, attività. Esempi: caserme, campi di addestramento, trasporto "
+"militare, raccolta di informazioni."
 
 msgid "Intelligence Military"
 msgstr "Intelligence militare"
 
 msgid ""
-"Positional information and services. Examples: addresses, geodetic networks, "
-"control points, postal zones and services, place names."
+"Positional information and services. Examples: addresses, geodetic networks, control points, "
+"postal zones and services, place names."
 msgstr ""
-"Informazioni e servizi di localizzazione. Esempi: indirizzi, reti "
-"geodetiche, punti di controllo, zone postali e servizi, nomi di luoghi."
+"Informazioni e servizi di localizzazione. Esempi: indirizzi, reti geodetiche, punti di "
+"controllo, zone postali e servizi, nomi di luoghi."
 
 msgid "Location"
 msgstr "Posizione"
 
 msgid ""
-"Features and characteristics of salt water bodies (excluding inland waters). "
-"Examples: tides, tidal waves, coastal information, reefs."
+"Features and characteristics of salt water bodies (excluding inland waters). Examples: "
+"tides, tidal waves, coastal information, reefs."
 msgstr ""
-"Caratteristiche e caratteristiche dei corpi idrici dell'acqua salata "
-"(escluse le acque interne). Esempi: maree, onde di marea, informazioni "
-"costiere, barriere coralline."
+"Caratteristiche e caratteristiche dei corpi idrici dell'acqua salata (escluse le acque "
+"interne). Esempi: maree, onde di marea, informazioni costiere, barriere coralline."
 
 msgid "Oceans"
 msgstr "Oceani"
 
 msgid ""
-"Information used for appropriate actions for future use of the land. "
-"Examples: land use maps, zoning maps, cadastral surveys, land ownership."
+"Information used for appropriate actions for future use of the land. Examples: land use "
+"maps, zoning maps, cadastral surveys, land ownership."
 msgstr ""
-"Informazioni utilizzate per azioni appropriate per un uso futuro del "
-"terreno. Esempi: mappe dell'uso del suolo, mappe di zonzing, indagini "
-"cadastrali, proprietà del terreno."
+"Informazioni utilizzate per azioni appropriate per un uso futuro del terreno. Esempi: mappe "
+"dell'uso del suolo, mappe di zonzing, indagini cadastrali, proprietà del terreno."
 
 msgid "Planning Cadastre"
 msgstr "Pianificazione catasto"
 
 msgid ""
-"Settlements, anthropology, archaeology, education, traditional beliefs, "
-"manners and customs, demographic data, recreational areas and activities, "
-"social impact assessments, crime and justice, census information. Economic "
-"activities, conditions and employment."
+"Settlements, anthropology, archaeology, education, traditional beliefs, manners and customs, "
+"demographic data, recreational areas and activities, social impact assessments, crime and "
+"justice, census information. Economic activities, conditions and employment."
 msgstr ""
-"Insediamenti, antropologia, archeologia, educazione, credenze tradizionali, "
-"modi e costumi, dati demografici, aree e attività ricreative, valutazioni di "
-"impatto sociale, criminalità e giustizia, informazioni sul censimento. "
-"Attività economiche, condizioni e occupazione."
+"Insediamenti, antropologia, archeologia, educazione, credenze tradizionali, modi e costumi, "
+"dati demografici, aree e attività ricreative, valutazioni di impatto sociale, criminalità e "
+"giustizia, informazioni sul censimento. Attività economiche, condizioni e occupazione."
 
 msgid "Population"
 msgstr "Popolazione"
 
 msgid ""
-"Characteristics of society and cultures. Examples: settlements, "
-"anthropology, archaeology, education, traditional beliefs, manners and "
-"customs, demographic data, recreational areas and activities, social impact "
-"assessments, crime and justice, census information."
+"Characteristics of society and cultures. Examples: settlements, anthropology, archaeology, "
+"education, traditional beliefs, manners and customs, demographic data, recreational areas "
+"and activities, social impact assessments, crime and justice, census information."
 msgstr ""
-"Caratteristiche della società e delle culture. Esempi: insediamenti, "
-"antropologia, archeologia, istruzione, credenze tradizionali, modi e "
-"costumi, dati demografici, aree ricreative e attività, valutazioni "
-"dell'impatto sociale, criminalità e giustizia, informazioni sul censimento."
+"Caratteristiche della società e delle culture. Esempi: insediamenti, antropologia, "
+"archeologia, istruzione, credenze tradizionali, modi e costumi, dati demografici, aree "
+"ricreative e attività, valutazioni dell'impatto sociale, criminalità e giustizia, "
+"informazioni sul censimento."
 
 msgid "Society"
 msgstr "Società"
 
 msgid ""
-"Man-made construction. Examples: buildings, museums, churches, factories, "
-"housing, monuments, shops, towers."
+"Man-made construction. Examples: buildings, museums, churches, factories, housing, "
+"monuments, shops, towers."
 msgstr ""
-"Costruzione artificiale. Esempi: edifici, musei, chiese, fabbriche, "
-"abitazioni, monumenti, negozi, torri."
+"Costruzione artificiale. Esempi: edifici, musei, chiese, fabbriche, abitazioni, monumenti, "
+"negozi, torri."
 
 msgid "Structure"
 msgstr "Strutture"
 
 msgid ""
-"Means and aids for conveying persons and/or goods. Examples: roads, airports/"
-"airstrips, shipping routes, tunnels, nautical charts, vehicle or vessel "
-"location, aeronautical charts, railways."
+"Means and aids for conveying persons and/or goods. Examples: roads, airports/airstrips, "
+"shipping routes, tunnels, nautical charts, vehicle or vessel location, aeronautical charts, "
+"railways."
 msgstr ""
-"Mezzi e aiuti per il trasporto di persone e/o merci. Esempi: strade, "
-"aeroporti/sciviole, rotte marittime, gallerie, carte nautiche, posizione di "
-"veicoli o navi, carte aeronautiche, ferrovie."
+"Mezzi e aiuti per il trasporto di persone e/o merci. Esempi: strade, aeroporti/sciviole, "
+"rotte marittime, gallerie, carte nautiche, posizione di veicoli o navi, carte aeronautiche, "
+"ferrovie."
 
 msgid "Transportation"
 msgstr "Trasporti"
 
 msgid ""
-"Energy, water and waste systems and communications infrastructure and "
-"services. Examples: hydroelectricity, geothermal, solar and nuclear sources "
-"of energy, water purification and distribution, sewage collection and "
-"disposal, electricity and gas distribution, data communication, "
-"telecommunication, radio, communication networks."
+"Energy, water and waste systems and communications infrastructure and services. Examples: "
+"hydroelectricity, geothermal, solar and nuclear sources of energy, water purification and "
+"distribution, sewage collection and disposal, electricity and gas distribution, data "
+"communication, telecommunication, radio, communication networks."
 msgstr ""
-"Sistemi energetici, idrici e dei rifiuti, infrastrutture e servizi di "
-"comunicazione. Esempi: fonti idroelettriche, geotermiche, solari e nucleari "
-"di energia, depurazione e distribuzione dell'acqua, raccolta e smaltimento "
-"delle acque reflue, distribuzione di elettricità e gas, comunicazione dei "
-"dati, telecomunicazioni, radio, reti di comunicazione."
+"Sistemi energetici, idrici e dei rifiuti, infrastrutture e servizi di comunicazione. Esempi: "
+"fonti idroelettriche, geotermiche, solari e nucleari di energia, depurazione e distribuzione "
+"dell'acqua, raccolta e smaltimento delle acque reflue, distribuzione di elettricità e gas, "
+"comunicazione dei dati, telecomunicazioni, radio, reti di comunicazione."
 
 msgid "Utilities Communication"
 msgstr "Servizi Comunicazioni"
@@ -1051,15 +1010,13 @@ msgstr "Procedura guidata"
 msgid "Advanced Edit"
 msgstr "Modifica avanzata"
 
-#, fuzzy
-#| msgid "Document"
 msgid "Document"
 msgid_plural "Documents"
 msgstr[0] "Documento"
-msgstr[1] "Documento"
+msgstr[1] "Documenti"
 
 msgid "Clone"
-msgstr ""
+msgstr "Clona"
 
 msgid "Replace"
 msgstr "Sostituisci"
@@ -1098,8 +1055,7 @@ msgid "Permissions"
 msgstr "Permessi"
 
 msgid "Click the button below to change the permissions of this document."
-msgstr ""
-"Clicca il pulsante qui sotto per modificare i permessi di questo documento."
+msgstr "Clicca il pulsante qui sotto per modificare i permessi di questo documento."
 
 msgid "Change Document Permissions"
 msgstr "Cambia i permessi del Documento"
@@ -1124,9 +1080,7 @@ msgid "Check Schema mandatory fields"
 msgstr "Controllare i campi obbligatori dello schema"
 
 msgid "Error updating metadata.  Please check the following fields: "
-msgstr ""
-"Errore nell'aggiornamento dei metadati. Per favore controlla i seguenti "
-"campi: "
+msgstr "Errore nell'aggiornamento dei metadati. Per favore controlla i seguenti campi: "
 
 msgid "Done"
 msgstr "Fatto"
@@ -1156,7 +1110,7 @@ msgid "Return to Document"
 msgstr "Ritorna al documento"
 
 msgid "Deleting"
-msgstr "Sto cancellando"
+msgstr "Sto eliminando"
 
 msgid "Remove Document"
 msgstr "Rimuovi documento"
@@ -1164,13 +1118,13 @@ msgstr "Rimuovi documento"
 #, python-format
 msgid ""
 "\n"
-"          Are you sure you want to remove <a href="
-"\"%(document.get_absolute_url)s\">%(document_title)s</a>?\n"
+"          Are you sure you want to remove <a "
+"href=\"%(document.get_absolute_url)s\">%(document_title)s</a>?\n"
 "        "
 msgstr ""
 "\n"
-"          Sei sicuro di voler rimuovere <a href="
-"\"%(document.get_absolute_url)s\">%(document_title)s</a>?\n"
+"          Sei sicuro di voler rimuovere <a "
+"href=\"%(document.get_absolute_url)s\">%(document_title)s</a>?\n"
 "        "
 
 msgid "Yes, I am sure"
@@ -1300,7 +1254,7 @@ msgid "Log in to add/delete Favorites."
 msgstr "Accedi per aggiungere/eliminare preferiti."
 
 msgid "Delete from Favorites"
-msgstr "Cancella dai preferiti"
+msgstr "Elimina dai preferiti"
 
 msgid "Favorites"
 msgstr "Preferiti"
@@ -1400,12 +1354,11 @@ msgid "Embed Iframe"
 msgstr "Incorpora Iframe"
 
 msgid ""
-"To embed this map, add the following code snippet and customize its "
-"properties (scrolling, width, height) based on your needs to your site"
+"To embed this map, add the following code snippet and customize its properties (scrolling, "
+"width, height) based on your needs to your site"
 msgstr ""
-"Per incorporare questa mappa, aggiungere il frammento di codice seguente e "
-"personalizzarne le proprietà (scorrimento, larghezza, altezza) in base alle "
-"proprie esigenze nel sito"
+"Per incorporare questa mappa, aggiungere il frammento di codice seguente e personalizzarne "
+"le proprietà (scorrimento, larghezza, altezza) in base alle proprie esigenze nel sito"
 
 msgid "Download"
 msgstr "Scarica"
@@ -1425,22 +1378,19 @@ msgid "for %(map_title)s"
 msgstr "per %(map_title)s"
 
 msgid ""
-"Note: this geoapp's orginal metadata was populated by importing a metadata "
-"XML file.\n"
-"        GeoNode's metadata import supports a subset of ISO, FGDC, and Dublin "
-"Core metadata elements.\n"
+"Note: this geoapp's orginal metadata was populated by importing a metadata XML file.\n"
+"        GeoNode's metadata import supports a subset of ISO, FGDC, and Dublin Core metadata "
+"elements.\n"
 "        Some of your original metadata may have been lost."
 msgstr ""
-"Nota: i metadati orginali di questa geoapp sono stati popolati importando un "
-"file XML di metadati.\n"
-"        L'importazione dei metadati di GeoNode supporta un sottoinsieme di "
-"elementi di metadati ISO, FGDC e Dublin Core.\n"
+"Nota: i metadati orginali di questa geoapp sono stati popolati importando un file XML di "
+"metadati.\n"
+"        L'importazione dei metadati di GeoNode supporta un sottoinsieme di elementi di "
+"metadati ISO, FGDC e Dublin Core.\n"
 "        Alcuni dei metadati originali potrebbero essere stati persi."
 
-#, fuzzy
-#| msgid "Explore Maps"
 msgid "Explore Apps"
-msgstr "Esplora mappe"
+msgstr "Esplora apps"
 
 #, python-format
 msgid ""
@@ -1452,10 +1402,8 @@ msgstr ""
 "        Modifica dei dettagli per il %(map_title)s\n"
 "       "
 
-#, fuzzy
-#| msgid "Return to Map"
 msgid "Return to GeoApp"
-msgstr "Ritorna alla mappa"
+msgstr "Ritorna alla GeoApp"
 
 msgid "New Map"
 msgstr "Nuova mappa"
@@ -1463,13 +1411,13 @@ msgstr "Nuova mappa"
 #, python-format
 msgid ""
 "\n"
-"          Are you sure you want to remove <a href="
-"\"%(resource.get_absolute_url)s\">%(resource_title)s</a>?\n"
+"          Are you sure you want to remove <a "
+"href=\"%(resource.get_absolute_url)s\">%(resource_title)s</a>?\n"
 "        "
 msgstr ""
 "\n"
-"          Siete sicuri di voler rimuovere <a href="
-"\"%(resource.get_absolute_url)s\">%(resource_title)s</a>?\n"
+"          Siete sicuri di voler rimuovere <a "
+"href=\"%(resource.get_absolute_url)s\">%(resource_title)s</a>?\n"
 "        "
 
 msgid "Other Settings"
@@ -1523,39 +1471,29 @@ msgstr "Linee"
 msgid "Polygons"
 msgstr "Poligoni"
 
-#, fuzzy
-#| msgid "dataset"
 msgid "Dataset name"
-msgstr "dataset"
+msgstr "Nome del dataset"
 
-#, fuzzy
-#| msgid "Dataset Attributes"
 msgid "Dataset title"
-msgstr "Attributi del dataset"
+msgstr "Titolo del dataset"
 
 msgid "Geometry type"
 msgstr "Tipo di geometria"
 
-#, fuzzy
-#| msgid "Featured Datasets"
 msgid "Create Dataset"
-msgstr "Dataset in primo piano"
+msgstr "Crea Dataset"
 
-#, fuzzy
-#| msgid "Explore Layers"
 msgid "Explore Datasets"
-msgstr "Esplora livelli"
+msgstr "Esplora dataset"
 
-#, fuzzy
-#| msgid "Create an empty layer"
 msgid "Create an empty dataset"
-msgstr "Creare un livello vuoto"
+msgstr "Crea un dataset vuoto"
 
 msgid "Add Attribute"
-msgstr "Aggiungere attributo"
+msgstr "Aggiungi attributo"
 
 msgid "Create"
-msgstr "Creare"
+msgstr "Crea"
 
 msgid "String"
 msgstr "Stringa"
@@ -1616,18 +1554,16 @@ msgstr "PNG"
 
 msgid "You don't have permissions to change style for this layer"
 msgstr ""
-"Non si dispone delle autorizzazioni necessarie per modificare lo stile di "
-"questo livello"
+"Non si dispone delle autorizzazioni necessarie per modificare lo stile di questo livello"
 
 msgid "Bad HTTP Authorization Credentials."
 msgstr "Credenziali di autorizzazione HTTP errate."
 
 msgid ""
-"a short version of the name consisting only of letters, numbers, underscores "
-"and hyphens."
+"a short version of the name consisting only of letters, numbers, underscores and hyphens."
 msgstr ""
-"una versione abbreviata del nome consiste solo di lettere, numeri, caratteri "
-"di sottolineatura e trattini."
+"una versione abbreviata del nome consiste solo di lettere, numeri, caratteri di "
+"sottolineatura e trattini."
 
 msgid "A group already exists with that slug."
 msgstr "Un gruppo esiste già con questo slug."
@@ -1642,10 +1578,8 @@ msgid "Assign manager role"
 msgstr "Assegnare il ruolo di manager"
 
 #, python-format
-msgid ""
-"The following are not valid usernames: %(errors)s; not added to the group"
-msgstr ""
-"I seguenti non sono nomi utente validi: %(errors)s; non aggiunto al gruppo"
+msgid "The following are not valid usernames: %(errors)s; not added to the group"
+msgstr "I seguenti non sono nomi utente validi: %(errors)s; non aggiunto al gruppo"
 
 msgid "Group Categories"
 msgstr "Categorie gruppo"
@@ -1660,24 +1594,23 @@ msgid "Private"
 msgstr "Privato"
 
 msgid ""
-"Public: Any registered user can view and join a public group.<br>Public "
-"(invite-only):Any registered user can view the group.  Only invited users "
-"can join.<br>Private: Registered users cannot see any details about the "
-"group, including membership.  Only invited users can join."
+"Public: Any registered user can view and join a public group.<br>Public (invite-only):Any "
+"registered user can view the group.  Only invited users can join.<br>Private: Registered "
+"users cannot see any details about the group, including membership.  Only invited users can "
+"join."
 msgstr ""
-"Pubblico: Qualsiasi utente registrato può visualizzare e unirsi a un gruppo "
-"pubblico. <br> (Solo su invito) Pubblico: Qualsiasi utente registrato può "
-"visualizzare il gruppo. Solo gli utenti invitati possono partecipare. <br> "
-"Per uso privato: Gli utenti registrati non possono vedere tutti i dettagli "
-"sul gruppo, compresa l'appartenenza. Solo gli utenti invitati possono "
-"partecipare."
+"Pubblico: Qualsiasi utente registrato può visualizzare e unirsi a un gruppo pubblico. <br> "
+"(Solo su invito) Pubblico: Qualsiasi utente registrato può visualizzare il gruppo. Solo gli "
+"utenti invitati possono partecipare. <br> Per uso privato: Gli utenti registrati non possono "
+"vedere tutti i dettagli sul gruppo, compresa l'appartenenza. Solo gli utenti invitati "
+"possono partecipare."
 
 msgid ""
-"Email used to contact one or all group members, such as a mailing list, "
-"shared email, or exchange group."
+"Email used to contact one or all group members, such as a mailing list, shared email, or "
+"exchange group."
 msgstr ""
-"E-mail utilizzato per contattare gli utenti di uno o di tutti i gruppi, come "
-"ad esempio una mailing list, e-mail condivisa, o un gruppo di scambio."
+"E-mail utilizzato per contattare gli utenti di uno o di tutti i gruppi, come ad esempio una "
+"mailing list, e-mail condivisa, o un gruppo di scambio."
 
 msgid "Logo"
 msgstr "Logo"
@@ -1777,9 +1710,7 @@ msgid "Join Group"
 msgstr "Iscriviti al gruppo"
 
 msgid "Anyone may view this group but membership is by invitation only."
-msgstr ""
-"Chiunque può visualizzare questo gruppo, ma l'iscrizione è possibile solo su "
-"invito."
+msgstr "Chiunque può visualizzare questo gruppo, ma l'iscrizione è possibile solo su invito."
 
 msgid "Membership is by invitation only."
 msgstr "L'iscrizione è possibile solo su invito."
@@ -1862,30 +1793,25 @@ msgstr "Inserimento risorse..."
 msgid "checking-availability"
 msgstr ""
 
-#, fuzzy
-#| msgid "Harvested"
 msgid "Harvester name"
-msgstr "Raccolte"
+msgstr "Nome dell'harvester"
 
 msgid "Base URL of the remote service that is to be harvested"
 msgstr ""
 
 msgid ""
-"Whether to periodically schedule this harvester to look for resources on the "
-"remote service"
+"Whether to periodically schedule this harvester to look for resources on the remote service"
 msgstr ""
 
 msgid ""
-"How often (in minutes) should new harvesting sessions be automatically "
-"scheduled? Setting this value to zero has the same effect as setting "
-"`scheduling_enabled` to False "
+"How often (in minutes) should new harvesting sessions be automatically scheduled? Setting "
+"this value to zero has the same effect as setting `scheduling_enabled` to False "
 msgstr ""
 
 msgid "Whether the remote service is known to be available or not"
 msgstr ""
 
-msgid ""
-"How often (in minutes) should the remote service be checked for availability?"
+msgid "How often (in minutes) should the remote service be checked for availability?"
 msgstr ""
 
 msgid "Last time the remote server was checked for availability"
@@ -1894,26 +1820,20 @@ msgstr ""
 msgid "Last time the remote server was checked for harvestable resources"
 msgstr ""
 
-#, fuzzy
-#| msgid "version of the cited resource"
 msgid "Default owner of harvested resources"
-msgstr "versione della risorsa citata"
+msgstr "Proprietario di default della risorsa harvestata"
 
-#, fuzzy
-#| msgid "Set permissions on selected resources"
 msgid "Default access permissions of harvested resources"
-msgstr "Impostare le autorizzazioni per le risorse selezionate"
+msgstr "Autorizzazioni di default per le risorse harvestate"
 
-msgid ""
-"Should new resources be harvested automatically without explicit selection?"
+msgid "Should new resources be harvested automatically without explicit selection?"
 msgstr ""
 
 msgid ""
-"Orphan resources are those that have previously been created by means of a "
-"harvesting operation but that GeoNode can no longer find on the remote "
-"service being harvested. Should these resources be deleted from GeoNode "
-"automatically? This also applies to when a harvester configuration is "
-"deleted, in which case all of the resources that originated from that "
+"Orphan resources are those that have previously been created by means of a harvesting "
+"operation but that GeoNode can no longer find on the remote service being harvested. Should "
+"these resources be deleted from GeoNode automatically? This also applies to when a harvester "
+"configuration is deleted, in which case all of the resources that originated from that "
 "harvester are now considered to be orphan."
 msgstr ""
 
@@ -1921,14 +1841,14 @@ msgid "Date of last update to the harvester configuration."
 msgstr ""
 
 msgid ""
-"Harvester class used to perform harvesting sessions. New harvester types can "
-"be added by an admin by changing the main GeoNode `settings.py` file"
+"Harvester class used to perform harvesting sessions. New harvester types can be added by an "
+"admin by changing the main GeoNode `settings.py` file"
 msgstr ""
 
 msgid ""
-"Configuration specific to each harvester type. Please consult GeoNode "
-"documentation on harvesting for more info. This field is mandatory, so at "
-"the very least an empty object (i.e. {}) must be supplied."
+"Configuration specific to each harvester type. Please consult GeoNode documentation on "
+"harvesting for more info. This field is mandatory, so at the very least an empty object (i."
+"e. {}) must be supplied."
 msgstr ""
 
 msgid "Periodic task used to configure harvest scheduling"
@@ -1950,17 +1870,15 @@ msgid "harvesting-resource"
 msgstr "Inserimento risorse..."
 
 msgid ""
-"Identifier that allows referencing the resource on its remote service in a "
-"unique fashion. This is usually automatically filled by the harvester "
-"worker. The harvester worker needs to know how to either read or generate "
-"this from each remote resource in order to be able to compare the "
-"availability of resources between consecutive harvesting sessions."
+"Identifier that allows referencing the resource on its remote service in a unique fashion. "
+"This is usually automatically filled by the harvester worker. The harvester worker needs to "
+"know how to either read or generate this from each remote resource in order to be able to "
+"compare the availability of resources between consecutive harvesting sessions."
 msgstr ""
 
 msgid ""
-"Type of the resource in the remote service. Each harvester worker knows how "
-"to fill this field, in accordance with the resources for which harvesting is "
-"supported"
+"Type of the resource in the remote service. Each harvester worker knows how to fill this "
+"field, in accordance with the resources for which harvesting is supported"
 msgstr ""
 
 #, python-brace-format
@@ -1973,9 +1891,7 @@ msgstr "L'indirizzo e-mail '{email}' ha già accettato un invito."
 
 #, python-brace-format
 msgid "An active user is already using the e-mail address '{email}'"
-msgstr ""
-"Un utente attivo sta già utilizzando l'indirizzo di posta elettronica "
-"'{email}'"
+msgstr "Un utente attivo sta già utilizzando l'indirizzo di posta elettronica '{email}'"
 
 msgid "E-mail"
 msgstr "E-mail"
@@ -1986,11 +1902,11 @@ msgstr "Inviti mandati con successo a '%(email)s'"
 
 #, python-format
 msgid ""
-"Sorry, it was not possible to invite '%(email)s' due to the following isse: "
-"%(error)s (%(type)s)"
+"Sorry, it was not possible to invite '%(email)s' due to the following isse: %(error)s "
+"(%(type)s)"
 msgstr ""
-"Spiacenti, non è stato possibile invitare '%(email)s' a causa di quanto "
-"segue: %(error)s (%(type)s)"
+"Spiacenti, non è stato possibile invitare '%(email)s' a causa di quanto segue: %(error)s "
+"(%(type)s)"
 
 msgid "Layer Created"
 msgstr "Livello creato"
@@ -2074,8 +1990,7 @@ msgid "use featureinfo custom template?"
 msgstr "utilizzare il modello personalizzato featureinfo?"
 
 msgid "specifies wether or not use a custom GetFeatureInfo template."
-msgstr ""
-"specifica se si utilizza o meno un modello GetFeatureInfo personalizzato."
+msgstr "specifica se si utilizza o meno un modello GetFeatureInfo personalizzato."
 
 msgid "featureinfo custom template"
 msgstr "featureinfo modello personalizzato"
@@ -2119,11 +2034,8 @@ msgstr "specifica se l'attributo deve essere visualizzato nei risultati"
 msgid "display order"
 msgstr "mostra ordine"
 
-msgid ""
-"specifies the order in which attribute should be displayed in identify "
-"results"
-msgstr ""
-"specifica l'ordine con cui l'attributo deve essere visualizzato nei risultati"
+msgid "specifies the order in which attribute should be displayed in identify results"
+msgstr "specifica l'ordine con cui l'attributo deve essere visualizzato nei risultati"
 
 msgid "Label"
 msgstr "Etichetta"
@@ -2159,11 +2071,10 @@ msgid "featureinfo type"
 msgstr "tipo featureinfo"
 
 msgid ""
-"specifies if the attribute should be rendered with an HTML widget on "
-"GetFeatureInfo template."
+"specifies if the attribute should be rendered with an HTML widget on GetFeatureInfo template."
 msgstr ""
-"specifica se il rendering dell'attributo deve essere eseguito con un widget "
-"HTML nel modello GetFeatureInfo."
+"specifica se il rendering dell'attributo deve essere eseguito con un widget HTML nel modello "
+"GetFeatureInfo."
 
 msgid "count"
 msgstr "conta"
@@ -2216,15 +2127,11 @@ msgstr "ultimo modificato"
 msgid "date when attribute statistics were last updated"
 msgstr "data in cui le statistiche degli attributi sono stati aggiornati"
 
-#, fuzzy
-#| msgid "Append Data"
 msgid "Append to Dataset"
-msgstr "Accoda dati"
+msgstr "Aggiungi al dataset"
 
-#, fuzzy
-#| msgid "Return to Layer"
 msgid "Return to Dataset"
-msgstr "Torna al livello"
+msgstr "Torna al dataset"
 
 msgid "Preserve Metadata XML"
 msgstr "Preserva metadati XML"
@@ -2241,10 +2148,8 @@ msgstr "Modifica contatto"
 msgid "Assign a new point of contact to the layers below:"
 msgstr "Assegna un nuovo contatto ai layer sottostanti:"
 
-#, fuzzy
-#| msgid "Layer WMS GetCapabilities document"
 msgid "Dataset WMS GetCapabilities document"
-msgstr "Documento WMS GetCapabilities del livello"
+msgstr "Documento WMS GetCapabilities del dataset"
 
 msgid "Filter Granules"
 msgstr "Filtra granuli"
@@ -2300,18 +2205,14 @@ msgstr "Mediana"
 msgid "Standard Deviation"
 msgstr "Deviazione standard"
 
-#, fuzzy
-#| msgid "Rate this layer"
 msgid "Rate this dataset"
-msgstr "Giudica questo livello"
+msgstr "Valuta questo dataset"
 
 msgid "Analyze with"
 msgstr "Analizza con"
 
-#, fuzzy
-#| msgid "Download the"
 msgid "Download Dataset"
-msgstr "Scarica il"
+msgstr "Scarica dataset"
 
 msgid "Images"
 msgstr "Immagini"
@@ -2356,11 +2257,10 @@ msgid "Pick your download format:"
 msgstr "Seleziona formato da scaricare:"
 
 msgid ""
-"No data available for this resource. Please contact a system administrator "
-"or a manager."
+"No data available for this resource. Please contact a system administrator or a manager."
 msgstr ""
-"Nessun dato disponibile per questa risorsa. Contattare un amministratore di "
-"sistema o un responsabile."
+"Nessun dato disponibile per questa risorsa. Contattare un amministratore di sistema o un "
+"responsabile."
 
 msgid "Warning"
 msgstr "Attenzione"
@@ -2377,11 +2277,9 @@ msgstr "Stili"
 msgid "Manage"
 msgstr "Gestisci"
 
-#, fuzzy
-#| msgid "Layers"
 msgid "Layer"
 msgid_plural "Layers"
-msgstr[0] "Livelli"
+msgstr[0] "Livello"
 msgstr[1] "Livelli"
 
 msgid "Append Data"
@@ -2390,10 +2288,8 @@ msgstr "Accoda dati"
 msgid "Edit data"
 msgstr "Modifica dati"
 
-#, fuzzy
-#| msgid "View Metadata"
 msgid "View Dataset"
-msgstr "Metadati"
+msgstr "Vedi Dataset"
 
 msgid "Attribute Information"
 msgstr "Informazioni sugli attributi"
@@ -2404,44 +2300,26 @@ msgstr "ISO Feature Catalogue"
 msgid "Legend"
 msgstr "Legenda"
 
-#, fuzzy
-#| msgid "Maps using this layer"
 msgid "Maps using this dataset"
-msgstr "Mappe che usano questo livello"
+msgstr "Mappe che usano questo dataset"
 
-#, fuzzy
-#| msgid "List of maps using this layer:"
 msgid "List of maps using this dataset:"
-msgstr "Elenco di mappe che usano questo livello:"
+msgstr "Elenco delle mappe che usano questo dataset:"
 
-#, fuzzy
-#| msgid "This layer is not currently used in any maps."
 msgid "This dataset is not currently used in any maps."
-msgstr "Questo livello non è al momento utilizzato da alcuna mappa."
+msgstr "Questo dataset non è al momento utilizzato da alcuna mappa."
 
-#, fuzzy
-#| msgid "Create a map using this layer"
 msgid "Create a map using this dataset"
-msgstr "Crea una mappa usando questo livello"
+msgstr "Crea una mappa usando questo dataset"
 
-#, fuzzy
-#| msgid "Click the button below to generate a new map based on this layer."
 msgid "Click the button below to generate a new map based on this dataset."
-msgstr ""
-"Clicca il pulsante qui sotto per generare una nuova mappa basata su questo "
-"livello."
+msgstr "Clicca il pulsante qui sotto per generare una nuova mappa basata su questo dataset."
 
-#, fuzzy
-#| msgid "Add the layer to an existing map"
 msgid "Add the dataset to an existing map"
-msgstr "Aggiungi il livello ad una mappa esistente"
+msgstr "Aggiungi il dataset ad una mappa esistente"
 
-#, fuzzy
-#| msgid "Click the button below to add the layer to the selected map."
 msgid "Click the button below to add the dataset to the selected map."
-msgstr ""
-"Fare clic sul pulsante sottostante per aggiungere il livello alla mappa "
-"selezionata."
+msgstr "Fare clic sul pulsante sottostante per aggiungere il dataset alla mappa selezionata."
 
 msgid "Add to Map"
 msgstr "Aggiungi alla mappa"
@@ -2453,11 +2331,11 @@ msgid "List of documents related to this layer:"
 msgstr "Elenco di documenti correlati a questo livello:"
 
 msgid ""
-"The following styles are associated with this layer. Choose a style to view "
-"it in the preview map."
+"The following styles are associated with this layer. Choose a style to view it in the "
+"preview map."
 msgstr ""
-"I seguenti stili sono associati a questo livello. Scegli uno stile da "
-"visualizzare nell'anteprima della mappa."
+"I seguenti stili sono associati a questo livello. Scegli uno stile da visualizzare "
+"nell'anteprima della mappa."
 
 msgid "(default style)"
 msgstr "(stile predefinito)"
@@ -2476,17 +2354,17 @@ msgstr "Aggiorna attributi e statistiche di questo livello"
 
 #, fuzzy
 #| msgid ""
-#| "Click the button below to allow GeoNode refreshing the list of available "
-#| "Layer Attributes. If the option 'WPS_ENABLED' has been also set on the "
-#| "backend, it will recalculate their statistics too."
+#| "Click the button below to allow GeoNode refreshing the list of available Layer "
+#| "Attributes. If the option 'WPS_ENABLED' has been also set on the backend, it will "
+#| "recalculate their statistics too."
 msgid ""
-"Click the button below to allow GeoNode refreshing the list of available "
-"Dataset Attributes. If the option 'WPS_ENABLED' has been also set on the "
-"backend, it will recalculate their statistics too."
+"Click the button below to allow GeoNode refreshing the list of available Dataset Attributes. "
+"If the option 'WPS_ENABLED' has been also set on the backend, it will recalculate their "
+"statistics too."
 msgstr ""
-"Clicca il pulsante sotto per permettere a GeoNode di aggiornare la lista "
-"degli attributi del livello. Se l'opzione 'WPS_ENABLED' è stata settata sul "
-"backend, verranno anche ricalcolate le statistiche del livello."
+"Clicca il pulsante sotto per permettere a GeoNode di aggiornare la lista degli attributi del "
+"livello. Se l'opzione 'WPS_ENABLED' è stata settata sul backend, verranno anche ricalcolate "
+"le statistiche del livello."
 
 msgid "Refresh Attributes and Statistics"
 msgstr "Aggiorna attributi e statistiche"
@@ -2495,8 +2373,7 @@ msgid "Clear the Server Cache of this layer"
 msgstr "Pulisci la Cache Server di questo livello"
 
 msgid "Click the button below to wipe the tile-cache of this layer."
-msgstr ""
-"Clicca il pulsante qui sotto per eliminare la tile-cache di questo livello."
+msgstr "Clicca il pulsante qui sotto per eliminare la tile-cache di questo livello."
 
 #, fuzzy
 #| msgid "Empty Tiled-Layer Cache"
@@ -2504,13 +2381,10 @@ msgid "Empty Tiled-Dataset Cache"
 msgstr "Svuota la tile-cache del livello"
 
 msgid "Click the button below to change the permissions of this layer."
-msgstr ""
-"Clicca il pulsante qui sotto per modificare i permessi di questo livello."
+msgstr "Clicca il pulsante qui sotto per modificare i permessi di questo livello."
 
-#, fuzzy
-#| msgid "Change Layer Permissions"
 msgid "Change Dataset Permissions"
-msgstr "Cambia i permessi del livello"
+msgstr "Cambia i permessi del dataset"
 
 msgid "Remove Mosaic Granules"
 msgstr "Rimuovere i granuli del mosaico"
@@ -2518,13 +2392,13 @@ msgstr "Rimuovere i granuli del mosaico"
 #, python-format
 msgid ""
 "\n"
-"          Are you sure you want to remove Granule %(granule_id)s of the "
-"Mosaic <a href=\"%(layer.get_absolute_url)s\">%(layer_title)s</a>?\n"
+"          Are you sure you want to remove Granule %(granule_id)s of the Mosaic <a "
+"href=\"%(layer.get_absolute_url)s\">%(layer_title)s</a>?\n"
 "        "
 msgstr ""
 "\n"
-"          Si è sicuri di voler rimuovere il granulo %(granule_id)s del "
-"mosaico <a href=\"%(layer.get_absolute_url)s\">%(layer_title)s</a>?\n"
+"          Si è sicuri di voler rimuovere il granulo %(granule_id)s del mosaico <a "
+"href=\"%(layer.get_absolute_url)s\">%(layer_title)s</a>?\n"
 "        "
 
 msgid "This action affects the following maps:"
@@ -2533,35 +2407,32 @@ msgstr "Questa azione avrà effetto sulle seguenti mappe:"
 msgid "No maps are using this layer"
 msgstr "Nessuna mappa utilizza questo livello"
 
-#, fuzzy
-#| msgid "Upload status"
 msgid "Upload Datasets"
-msgstr "Stato caricamento"
+msgstr "Carica dataset"
 
 #, python-format
 msgid "for %(layer_title)s"
 msgstr "per %(layer_title)s"
 
 msgid ""
-"Note: this layer's orginal metadata was populated and preserved by importing "
-"a metadata XML file.\n"
+"Note: this layer's orginal metadata was populated and preserved by importing a metadata XML "
+"file.\n"
 "          This metadata cannot be edited."
 msgstr ""
-"Nota: i metadati originali di questo livello sono stati popolati e "
-"conservati importando un file XML di metadati.\n"
+"Nota: i metadati originali di questo livello sono stati popolati e conservati importando un "
+"file XML di metadati.\n"
 "          Questi metadati non possono essere modificati."
 
 msgid ""
-"Note: this layer's orginal metadata was populated by importing a metadata "
-"XML file.\n"
-"          GeoNode's metadata import supports a subset of ISO, FGDC, and "
-"Dublin Core metadata elements.\n"
+"Note: this layer's orginal metadata was populated by importing a metadata XML file.\n"
+"          GeoNode's metadata import supports a subset of ISO, FGDC, and Dublin Core metadata "
+"elements.\n"
 "          Some of your original metadata may have been lost."
 msgstr ""
-"Note: I metadati originali di questo livello sono stati popolati importando "
-"un file di metadati XML.\n"
-"        L'import dei metadati di GeoNode supporta un sottinsieme di elementi "
-"di metadata Dublin Core, ISO e FGDC.\n"
+"Note: I metadati originali di questo livello sono stati popolati importando un file di "
+"metadati XML.\n"
+"        L'import dei metadati di GeoNode supporta un sottinsieme di elementi di metadata "
+"Dublin Core, ISO e FGDC.\n"
 "        Alcuni dei tuoi metadati originali potrebbero essere andati persi."
 
 #, python-format
@@ -2608,13 +2479,13 @@ msgstr "Rimuovi i livelli"
 #, python-format
 msgid ""
 "\n"
-"          Are you sure you want to remove <a href="
-"\"%(layer.get_absolute_url)s\">%(layer_title)s</a>?\n"
+"          Are you sure you want to remove <a "
+"href=\"%(layer.get_absolute_url)s\">%(layer_title)s</a>?\n"
 "        "
 msgstr ""
 "\n"
-"          Sei sicuro di voler eliminare <a href=\"%(layer.get_absolute_url)s"
-"\">%(layer_title)s</a>?\n"
+"          Sei sicuro di voler eliminare <a "
+"href=\"%(layer.get_absolute_url)s\">%(layer_title)s</a>?\n"
 "        "
 
 #, fuzzy
@@ -2628,29 +2499,25 @@ msgstr "Gestisci stili"
 #, python-format
 msgid ""
 "\n"
-"      Manage Available Styles for <a href=\"{{ layer_url }}\">"
-"%(layer_title)s</a>\n"
+"      Manage Available Styles for <a href=\"{{ layer_url }}\">%(layer_title)s</a>\n"
 "    "
 msgstr ""
 "\n"
-"      Gestisci gli stili disponibili per <a href=\"{{ layer_url }}\">"
-"%(layer_title)s</a>\n"
+"      Gestisci gli stili disponibili per <a href=\"{{ layer_url }}\">%(layer_title)s</a>\n"
 "    "
 
-#, fuzzy
-#| msgid "Layer Default Style"
 msgid "Dataset Default Style"
-msgstr "Stile predefinito del livello"
+msgstr "Stile predefinito del dataset"
 
 msgid "Available styles"
 msgstr "Stili disponibili"
 
 msgid ""
-"Click on an available style in the upper box to assign it to this layer. "
-"Selected styles appear in the lower box."
+"Click on an available style in the upper box to assign it to this layer. Selected styles "
+"appear in the lower box."
 msgstr ""
-"Fare clic su uno stile disponibile nella casella in alto per assegnare a "
-"questo livello. Stili selezionati vengono visualizzati nel riquadro in basso."
+"Fare clic su uno stile disponibile nella casella in alto per assegnare a questo livello. "
+"Stili selezionati vengono visualizzati nel riquadro in basso."
 
 msgid "Update Available Styles"
 msgstr "Aggiorna gli stili disponibili"
@@ -2658,10 +2525,8 @@ msgstr "Aggiorna gli stili disponibili"
 msgid "Return to Layer"
 msgstr "Torna al livello"
 
-#, fuzzy
-#| msgid "Upload Layer Style"
 msgid "Upload Dataset Style"
-msgstr "Carica stile del livello"
+msgstr "Carica stile del dataset"
 
 msgid "(SLD - Style Layer Descriptor 1.0, 1.1)"
 msgstr "(SLD - Descrittore di stile del livello 1.0, 1.1)"
@@ -2670,8 +2535,7 @@ msgid "WARNING"
 msgstr "ATTENZIONE"
 
 msgid "This will most probably overwrite the current default style!"
-msgstr ""
-"Questo molto probabilmente sovrascriverà lo stile predefinito corrente!"
+msgstr "Questo molto probabilmente sovrascriverà lo stile predefinito corrente!"
 
 msgid "Preview"
 msgstr "Anteprima"
@@ -2679,34 +2543,29 @@ msgstr "Anteprima"
 msgid "Dataset Attributes"
 msgstr "Attributi del dataset"
 
-#, fuzzy
-#| msgid "Upload status"
 msgid "Upload Dataset"
-msgstr "Stato caricamento"
+msgstr "Carica dataset"
 
 msgid "Upload status"
 msgstr "Stato caricamento"
 
 msgid ""
-"This file needs additional configuration to complete the upload process. "
-"Please click on the button to fill the required configuration"
+"This file needs additional configuration to complete the upload process. Please click on the "
+"button to fill the required configuration"
 msgstr ""
-"Questo file necessita di una configurazione aggiuntiva per completare il "
-"processo di caricamento. Clicca sul pulsante per riempire la configurazione "
-"richiesta"
+"Questo file necessita di una configurazione aggiuntiva per completare il processo di "
+"caricamento. Clicca sul pulsante per riempire la configurazione richiesta"
 
 msgid "Delete"
-msgstr "Cancella"
+msgstr "Elimina"
 
 msgid "Upload process completed"
 msgstr "Processo di caricamento completato"
 
-msgid ""
-"The upload process cannot be completed because the original file is no more "
-"available"
+msgid "The upload process cannot be completed because the original file is no more available"
 msgstr ""
-"Impossibile completare il processo di caricamento perché il file originale "
-"non è più disponibile"
+"Impossibile completare il processo di caricamento perché il file originale non è più "
+"disponibile"
 
 msgid "Created"
 msgstr "Creato"
@@ -2726,10 +2585,8 @@ msgstr "Eliminare caricamenti incompleti"
 msgid "Are you sure you want to remove this incomplete upload?"
 msgstr "Rimuovere questo caricamento incompleto?"
 
-#, fuzzy
-#| msgid "Upload Layer Step: Set SRS"
 msgid "Upload Dataset Step: Set SRS"
-msgstr "Carica livello, passo: Imposta SRS"
+msgstr "Carica dataset, passo: Imposta SRS"
 
 msgid "Provide CRS for "
 msgstr "Fornire CRS per "
@@ -2740,34 +2597,28 @@ msgstr "Sistema di riferimento delle coordinate"
 #, fuzzy
 #| msgid ""
 #| "\n"
-#| "                A coordinate reference system for this layer could not be "
-#| "determined.\n"
-#| "                Locate or enter the appropriate ESPG code for this layer "
-#| "below.\n"
+#| "                A coordinate reference system for this layer could not be determined.\n"
+#| "                Locate or enter the appropriate ESPG code for this layer below.\n"
 #| "                One way to do this is do visit:\n"
-#| "                <a href=\"http://prj2epsg.org/search\" target=\"_"
-#| "\">prj2epsg</a>\n"
+#| "                <a href=\"http://prj2epsg.org/search\" target=\"_\">prj2epsg</a>\n"
 #| "                and enter the following:\n"
 #| "            "
 msgid ""
 "\n"
-"                A coordinate reference system for this dataset could not be "
-"determined.\n"
-"                Locate or enter the appropriate ESPG code for this dataset "
-"below.\n"
+"                A coordinate reference system for this dataset could not be determined.\n"
+"                Locate or enter the appropriate ESPG code for this dataset below.\n"
 "                One way to do this is do visit:\n"
-"                <a href=\"http://prj2epsg.org/search\" target=\"_"
-"\">prj2epsg</a>\n"
+"                <a href=\"http://prj2epsg.org/search\" target=\"_\">prj2epsg</a>\n"
 "                and enter the following:\n"
 "            "
 msgstr ""
 "\n"
-"                Un sistema di riferimento di coordinate per questo strato "
-"non poteva essere determinata.\n"
-"                Individuare o immettere il codice ESPG appropriato per "
-"questo livello sottostante.\n"
-"                Un modo per farlo è fare visitare: <a href=\"http://prj2epsg."
-"org/search\" target=\"_\">prj2epsg</a>\n"
+"                Un sistema di riferimento di coordinate per questo strato non poteva essere "
+"determinata.\n"
+"                Individuare o immettere il codice ESPG appropriato per questo livello "
+"sottostante.\n"
+"                Un modo per farlo è fare visitare: <a href=\"http://prj2epsg.org/search\" "
+"target=\"_\">prj2epsg</a>\n"
 "                e immettere il seguente:\n"
 "            "
 
@@ -2784,27 +2635,24 @@ msgid "Select a Source SRS"
 msgstr "Seleziona un SRS di origine"
 
 msgid ""
-"Source SRS EPSG Code is mandatory and represents the native data Spatial "
-"Reference System.\n"
+"Source SRS EPSG Code is mandatory and represents the native data Spatial Reference System.\n"
 "                    <br><br>\n"
-"                    This must be coherent with the Geometry values (lon/lat "
-"coordinates as an instance) stored on the geospatial dataset.\n"
+"                    This must be coherent with the Geometry values (lon/lat coordinates as "
+"an instance) stored on the geospatial dataset.\n"
 "                    <br><br>\n"
-"                    If not specified on the geospatial data itself, it must "
-"be manually declared by the operator.\n"
+"                    If not specified on the geospatial data itself, it must be manually "
+"declared by the operator.\n"
 "                    <br><br>\n"
-"                    More information is provided at the bottom of the page "
-"in the \"Additional Help\" sections.\n"
+"                    More information is provided at the bottom of the page in the "
+"\"Additional Help\" sections.\n"
 "                    "
 msgstr ""
-"Source SRS EPSG Code è obbligatorio e rappresenta il sistema di riferimento "
-"spaziale dei dati nativi.                    <br><br>Deve essere coerente "
-"con i valori Geometry (coordinate lon/lat come istanza) archiviati nel set "
-"di dati geospaziali.                    <br><br>Se non specificato nei dati "
-"geospaziali stessi, deve essere dichiarato manualmente "
-"dall'operatore.                    <br><br>Ulteriori informazioni sono "
-"disponibili nella parte inferiore della pagina nelle sezioni \"Guida "
-"aggiuntiva\".                    "
+"Source SRS EPSG Code è obbligatorio e rappresenta il sistema di riferimento spaziale dei "
+"dati nativi.                    <br><br>Deve essere coerente con i valori Geometry "
+"(coordinate lon/lat come istanza) archiviati nel set di dati geospaziali.                    "
+"<br><br>Se non specificato nei dati geospaziali stessi, deve essere dichiarato manualmente "
+"dall'operatore.                    <br><br>Ulteriori informazioni sono disponibili nella "
+"parte inferiore della pagina nelle sezioni \"Guida aggiuntiva\".                    "
 
 msgid "Next"
 msgstr "Prossimo"
@@ -2831,140 +2679,130 @@ msgid "Spatial Reference System"
 msgstr "Sistema di riferimento spaziale"
 
 msgid ""
-"A spatial reference system (SRS) or coordinate reference system (CRS) is a "
-"coordinate-based local,\n"
-"                            regional or global system used to locate "
-"geographical entities. A spatial reference system defines a specific map\n"
-"                            projection, as well as transformations between "
-"different spatial reference systems. Spatial reference systems are\n"
-"                            defined by the OGC's Simple feature access using "
-"well-known text, and support has been implemented by several\n"
-"                            standards-based geographic information systems. "
-"Spatial reference systems can be referred to using a SRID integer,\n"
-"                            including EPSG codes defined by the "
-"International Association of Oil and Gas Producers.\n"
-"                            It is specified in ISO 19111:2007 Geographic "
-"information—Spatial referencing by coordinates, also published as\n"
-"                            OGC Abstract Specification, Topic 2: Spatial "
-"referencing by coordinate."
-msgstr ""
-"Un sistema di riferimento spaziale (SRS) o un sistema di riferimento delle "
-"coordinate (CRS) è un sistema di riferimento\n"
-"                            sistema regionale o globale utilizzato per "
-"individuare le entità geografiche. Un sistema di riferimento spaziale "
-"definisce una mappa specifica\n"
-"                            proiezioni, nonché trasformazioni tra diversi "
-"sistemi di riferimento spaziale. I sistemi di riferimento spaziali sono\n"
-"                            definito dall'accesso alle funzionalità semplice "
-"dell'OGC utilizzando testo noto, e il supporto è stato implementato da "
-"diversi\n"
-"                            sistemi di informazione geografica basati su "
-"standard. I sistemi di riferimento spaziale possono essere indicati "
-"utilizzando un numero intero SRID,\n"
-"                            compresi i codici EPSG definiti "
-"dall'Associazione internazionale dei produttori di petrolio e gas.\n"
-"                            È specificato in ISO 19111:2007 Informazioni "
-"geografiche: riferimento spaziale in base alle coordinate, pubblicato anche "
-"come\n"
-"                            Specifica astratta OGC, Argomento 2: Riferimento "
-"spaziale per coordinata."
+"A spatial reference system (SRS) or coordinate reference system (CRS) is a coordinate-based "
+"local,\n"
+"                            regional or global system used to locate geographical entities. "
+"A spatial reference system defines a specific map\n"
+"                            projection, as well as transformations between different spatial "
+"reference systems. Spatial reference systems are\n"
+"                            defined by the OGC's Simple feature access using well-known "
+"text, and support has been implemented by several\n"
+"                            standards-based geographic information systems. Spatial "
+"reference systems can be referred to using a SRID integer,\n"
+"                            including EPSG codes defined by the International Association of "
+"Oil and Gas Producers.\n"
+"                            It is specified in ISO 19111:2007 Geographic information—Spatial "
+"referencing by coordinates, also published as\n"
+"                            OGC Abstract Specification, Topic 2: Spatial referencing by "
+"coordinate."
+msgstr ""
+"Un sistema di riferimento spaziale (SRS) o un sistema di riferimento delle coordinate (CRS) "
+"è un sistema di riferimento\n"
+"                            sistema regionale o globale utilizzato per individuare le entità "
+"geografiche. Un sistema di riferimento spaziale definisce una mappa specifica\n"
+"                            proiezioni, nonché trasformazioni tra diversi sistemi di "
+"riferimento spaziale. I sistemi di riferimento spaziali sono\n"
+"                            definito dall'accesso alle funzionalità semplice dell'OGC "
+"utilizzando testo noto, e il supporto è stato implementato da diversi\n"
+"                            sistemi di informazione geografica basati su standard. I sistemi "
+"di riferimento spaziale possono essere indicati utilizzando un numero intero SRID,\n"
+"                            compresi i codici EPSG definiti dall'Associazione internazionale "
+"dei produttori di petrolio e gas.\n"
+"                            È specificato in ISO 19111:2007 Informazioni geografiche: "
+"riferimento spaziale in base alle coordinate, pubblicato anche come\n"
+"                            Specifica astratta OGC, Argomento 2: Riferimento spaziale per "
+"coordinata."
 
 msgid "Identifiers"
 msgstr "Identificatori"
 
 msgid ""
 "\n"
-"                        A Spatial Reference System Identifier (SRID) is a "
-"unique value used to unambiguously identify projected, unprojected,\n"
-"                        and local spatial coordinate system definitions. "
-"These coordinate systems form the heart of all GIS applications.\n"
+"                        A Spatial Reference System Identifier (SRID) is a unique value used "
+"to unambiguously identify projected, unprojected,\n"
+"                        and local spatial coordinate system definitions. These coordinate "
+"systems form the heart of all GIS applications.\n"
 "\n"
-"                        Virtually all major spatial vendors have created "
-"their own SRID implementation or refer to those of an authority,\n"
+"                        Virtually all major spatial vendors have created their own SRID "
+"implementation or refer to those of an authority,\n"
 "                        such as the European Petroleum Survey Group (EPSG).\n"
 "                        "
 msgstr ""
 "\n"
-"Un identificatore SRID (Spatial Reference System Identifier) è un valore "
-"univoco utilizzato per identificare in modo inequivocabile\n"
-"                        e le definizioni del sistema di coordinate spaziali "
-"locali. Questi sistemi di coordinate costituiscono il cuore di tutte le "
-"applicazioni GIS.\n"
+"Un identificatore SRID (Spatial Reference System Identifier) è un valore univoco utilizzato "
+"per identificare in modo inequivocabile\n"
+"                        e le definizioni del sistema di coordinate spaziali locali. Questi "
+"sistemi di coordinate costituiscono il cuore di tutte le applicazioni GIS.\n"
 "\n"
-"Praticamente tutti i principali fornitori spaziali hanno creato la propria "
-"implementazione SRID o si riferiscono a quelli di un'autorità,\n"
+"Praticamente tutti i principali fornitori spaziali hanno creato la propria implementazione "
+"SRID o si riferiscono a quelli di un'autorità,\n"
 "                        come l'European Petroleum Survey Group (EPSG).\n"
 "                        "
 
 msgid ""
-"NOTE: As of 2005 the EPSG SRID values are now maintained by the "
-"International\n"
-"                            Association of Oil & Gas Producers (OGP) "
-"Surveying & Positioning Committee"
+"NOTE: As of 2005 the EPSG SRID values are now maintained by the International\n"
+"                            Association of Oil & Gas Producers (OGP) Surveying & Positioning "
+"Committee"
 msgstr ""
-"NOTA: a partire dal 2005 i valori EPSG SRID sono ora mantenuti "
-"dall'International\n"
-"                            Comitato di rilevamento e posizionamento "
-"dell'Associazione dei produttori di petrolio e gas (OGP)"
+"NOTA: a partire dal 2005 i valori EPSG SRID sono ora mantenuti dall'International\n"
+"                            Comitato di rilevamento e posizionamento dell'Associazione dei "
+"produttori di petrolio e gas (OGP)"
 
 msgid ""
 "\n"
-"                        SRIDs are the primary key for the Open Geospatial "
-"Consortium (OGC) spatial_ref_sys metadata table for the Simple\n"
-"                        Features for SQL Specification, Versions 1.1 and "
-"1.2, which is defined as follows:\n"
+"                        SRIDs are the primary key for the Open Geospatial Consortium (OGC) "
+"spatial_ref_sys metadata table for the Simple\n"
+"                        Features for SQL Specification, Versions 1.1 and 1.2, which is "
+"defined as follows:\n"
 "                        "
 msgstr ""
 "\n"
-"Gli S SRID sono la chiave primaria per l'Open Geospatial Consortium (OGC) "
-"spatial_ref_sys di metadati per il\n"
-"                        Funzionalità per la specifica SQL, le versioni 1.1 e "
-"1.2, definite come segue:\n"
+"Gli S SRID sono la chiave primaria per l'Open Geospatial Consortium (OGC) spatial_ref_sys di "
+"metadati per il\n"
+"                        Funzionalità per la specifica SQL, le versioni 1.1 e 1.2, definite "
+"come segue:\n"
 "                        "
 
 msgid ""
 "\n"
-"                        In spatially enabled databases (such as IBM DB2, IBM "
-"Informix, Microsoft SQL Server, MySQL, Oracle RDBMS, Teradata, PostGIS and\n"
-"                        SQL Anywhere), SRIDs are used to uniquely identify "
-"the coordinate systems used to define columns of spatial data or individual\n"
-"                        spatial objects in a spatial column (depending on "
-"the spatial implementation). SRIDs are typically associated with a well "
-"known\n"
-"                        text (WKT) string definition of the coordinate "
-"system (SRTEXT, above). From the Well Known Text Wikipedia page\n"
+"                        In spatially enabled databases (such as IBM DB2, IBM Informix, "
+"Microsoft SQL Server, MySQL, Oracle RDBMS, Teradata, PostGIS and\n"
+"                        SQL Anywhere), SRIDs are used to uniquely identify the coordinate "
+"systems used to define columns of spatial data or individual\n"
+"                        spatial objects in a spatial column (depending on the spatial "
+"implementation). SRIDs are typically associated with a well known\n"
+"                        text (WKT) string definition of the coordinate system (SRTEXT, "
+"above). From the Well Known Text Wikipedia page\n"
 "                        "
 msgstr ""
 "\n"
-"Nei database abilitati per l'ambiente (come IBM DB2, IBM Informix, Microsoft "
-"SQL Server, MySQL, Oracle RDBMS, Teradata, PostGIS e\n"
-"                        SQL Anywhere), gli SED vengono utilizzati per "
-"identificare in modo univoco i sistemi di coordinate utilizzati per definire "
-"colonne di dati spaziali o singoli\n"
+"Nei database abilitati per l'ambiente (come IBM DB2, IBM Informix, Microsoft SQL Server, "
+"MySQL, Oracle RDBMS, Teradata, PostGIS e\n"
+"                        SQL Anywhere), gli SED vengono utilizzati per identificare in modo "
+"univoco i sistemi di coordinate utilizzati per definire colonne di dati spaziali o singoli\n"
 "                        oggetti spaziali in una colonna spaziale (a seconda "
 "dell'implementazione spaziale). I SED sono in genere associati a un\n"
-"                        text (WKT) definizione di stringa del sistema di "
-"coordinate (SRTEXT, sopra). Dalla pagina Wikipedia di Ben Known Text\n"
+"                        text (WKT) definizione di stringa del sistema di coordinate (SRTEXT, "
+"sopra). Dalla pagina Wikipedia di Ben Known Text\n"
 "                        "
 
 msgid ""
-"“A WKT string for a spatial reference system describes the datum, geoid, "
-"coordinate system,\n"
+"“A WKT string for a spatial reference system describes the datum, geoid, coordinate system,\n"
 "                            and map projection of the spatial objects”."
 msgstr ""
-"\"Una stringa WKT per un sistema di riferimento spaziale descrive il sistema "
-"di coordinate di riferimento, geoide,\n"
+"\"Una stringa WKT per un sistema di riferimento spaziale descrive il sistema di coordinate "
+"di riferimento, geoide,\n"
 "                            e la proiezione mappa degli oggetti spaziali\"."
 
 msgid ""
 "\n"
-"                        Here are two common coordinate systems with their "
-"EPSG SRID value followed by their well known text:\n"
+"                        Here are two common coordinate systems with their EPSG SRID value "
+"followed by their well known text:\n"
 "                        "
 msgstr ""
 "\n"
-"                        Qui ci sono due sistemi di coordinate comuni con il "
-"loro valore di EPSG SRID seguita dal loro WKT:\n"
+"                        Qui ci sono due sistemi di coordinate comuni con il loro valore di "
+"EPSG SRID seguita dal loro WKT:\n"
 "                        "
 
 msgid ""
@@ -2987,87 +2825,76 @@ msgstr ""
 
 msgid ""
 "\n"
-"                        SRID values associated with spatial data can be used "
-"to constrain spatial operations — for instance, spatial operations cannot be "
-"performed\n"
-"                        between spatial objects with differing SRIDs in some "
-"systems, or trigger coordinate system transformations between spatial "
-"objects in others.\n"
+"                        SRID values associated with spatial data can be used to constrain "
+"spatial operations — for instance, spatial operations cannot be performed\n"
+"                        between spatial objects with differing SRIDs in some systems, or "
+"trigger coordinate system transformations between spatial objects in others.\n"
 "                        "
 msgstr ""
 "\n"
-"I valori SRID associati ai dati spaziali possono essere utilizzati per "
-"vincolare le operazioni spaziali, ad esempio le operazioni spaziali non "
-"possono essere eseguite\n"
-"                        tra oggetti spaziali con SRID diversi in alcuni "
-"sistemi o attivare trasformazioni del sistema di coordinate tra oggetti "
-"spaziali in altri.\n"
+"I valori SRID associati ai dati spaziali possono essere utilizzati per vincolare le "
+"operazioni spaziali, ad esempio le operazioni spaziali non possono essere eseguite\n"
+"                        tra oggetti spaziali con SRID diversi in alcuni sistemi o attivare "
+"trasformazioni del sistema di coordinate tra oggetti spaziali in altri.\n"
 "                        "
 
 msgid ""
-"Source SRS EPSG Code is mandatory and represents the native data Spatial "
-"Reference System. This must be coherent with the\n"
-"                            Geometry values (lon/lat coordinates as an "
-"instance) stored on the geospatial dataset. If not specified on the "
-"geospatial data itself, it\n"
+"Source SRS EPSG Code is mandatory and represents the native data Spatial Reference System. "
+"This must be coherent with the\n"
+"                            Geometry values (lon/lat coordinates as an instance) stored on "
+"the geospatial dataset. If not specified on the geospatial data itself, it\n"
 "                            must be manually declared by the operator."
 msgstr ""
-"Source SRS EPSG Code è obbligatorio e rappresenta il sistema di riferimento "
-"spaziale dei dati nativi. Questo deve essere coerente con il\n"
-"                            Valori geometrici (coordinate lon/lat come "
-"istanza) archiviati nel set di dati geospaziali. Se non viene specificato "
-"sui dati geospaziali stessi,\n"
-"                            deve essere dichiarato manualmente "
-"dall'operatore."
+"Source SRS EPSG Code è obbligatorio e rappresenta il sistema di riferimento spaziale dei "
+"dati nativi. Questo deve essere coerente con il\n"
+"                            Valori geometrici (coordinate lon/lat come istanza) archiviati "
+"nel set di dati geospaziali. Se non viene specificato sui dati geospaziali stessi,\n"
+"                            deve essere dichiarato manualmente dall'operatore."
 
 msgid ""
-"Target SRS EPSG Code is optional. This must be used only if we need to re-"
-"project the coordinates from Source SRS to another one.\n"
+"Target SRS EPSG Code is optional. This must be used only if we need to re-project the "
+"coordinates from Source SRS to another one.\n"
 "                        "
 msgstr ""
-"Target SRS EPSG Code è facoltativo. Questo deve essere utilizzato solo se è "
-"necessario ri-proiettare le coordinate da Source SRS ad un altro.\n"
+"Target SRS EPSG Code è facoltativo. Questo deve essere utilizzato solo se è necessario ri-"
+"proiettare le coordinate da Source SRS ad un altro.\n"
 "                        "
 
 #, fuzzy
 #| msgid "Upload Layer Step: CSV Field Mapping"
 msgid "Upload Dataset Step: CSV Field Mapping"
-msgstr "Upload Layer Step: CSV Field Mapping"
+msgstr "Carica dataset, passo: campi CSV"
 
 msgid "Geospatial Data"
 msgstr "Dati geospaziali"
 
 msgid ""
-"Please indicate which attributes contain the latitude and longitude "
-"coordinates in the CSV data."
+"Please indicate which attributes contain the latitude and longitude coordinates in the CSV "
+"data."
 msgstr ""
-"Si prega di indicare quali attributi contengono le coordinate di latitudine "
-"e longitudine nei dati CSV."
+"Si prega di indicare quali attributi contengono le coordinate di latitudine e longitudine "
+"nei dati CSV."
 
 msgid ""
 "With this data, GeoNode was able to guess which attributes contain the\n"
-"                latitude and longitude coordinates, but please confirm that "
-"the correct\n"
+"                latitude and longitude coordinates, but please confirm that the correct\n"
 "                attributes are selected below."
 msgstr ""
-"Con questi dati, GeoNode è stato in grado di capire quali attributi "
-"contengono\n"
-"                latitudine e longitudine, ma si prega di verificare che le "
-"coordinate siano corrette\n"
+"Con questi dati, GeoNode è stato in grado di capire quali attributi contengono\n"
+"                latitudine e longitudine, ma si prega di verificare che le coordinate siano "
+"corrette\n"
 "                per gli attributi sono selezionati di seguito."
 
 msgid "Select an attribute"
 msgstr "Seleziona un attributo"
 
 msgid ""
-"We did not detect columns that could be used for the latitude and "
-"longitude.\n"
-"        Please verify that you have two columns in your csv file that can be "
-"used for\n"
+"We did not detect columns that could be used for the latitude and longitude.\n"
+"        Please verify that you have two columns in your csv file that can be used for\n"
 "        the latitude and longitude."
 msgstr ""
-"Non abbiamo rilevato colonne che potessero essere utilizzate per latitudine "
-"e la longitudine.\n"
+"Non abbiamo rilevato colonne che potessero essere utilizzate per latitudine e la "
+"longitudine.\n"
 "        Verificare di avere due colonne nel file csv che possono essere\n"
 "        latitudine e la longitudine."
 
@@ -3080,10 +2907,8 @@ msgstr "Torna a"
 msgid "Upload Form"
 msgstr "Carica Form"
 
-#, fuzzy
-#| msgid "Upload Layer Step: Time"
 msgid "Upload Dataset Step: Time"
-msgstr "Caricamento livello: Dimensione temporale"
+msgstr "Caricamento dataset: Dimensione temporale"
 
 msgid "Inspect data for "
 msgstr "Esamina dati per "
@@ -3092,26 +2917,25 @@ msgid "Configure as Time-Series"
 msgstr "Configura come serie temporale"
 
 msgid ""
-"Toggling this selector allows you to configure (or not) this data as a time "
-"series; in this case you will also have to select an attribute\n"
+"Toggling this selector allows you to configure (or not) this data as a time series; in this "
+"case you will also have to select an attribute\n"
 "                      to drive the time dimension.\n"
 "                      <br><br>\n"
-"                      If GeoNode is not able to parse any of the values for "
-"the selected attribute red markers will appear to highlight the problems.\n"
+"                      If GeoNode is not able to parse any of the values for the selected "
+"attribute red markers will appear to highlight the problems.\n"
 "                      <br><br>\n"
-"                      More information is provided at the bottom of the page "
-"in the \"Additional Help\" sections.\n"
+"                      More information is provided at the bottom of the page in the "
+"\"Additional Help\" sections.\n"
 "                      "
 msgstr ""
-"L'attivazione/attivazione/attivazione/configurazione di questo selettore "
-"consente di configurare (o meno) questi dati come serie di tempo; in questo "
-"caso si dovrà anche selezionare un attributo\n"
-"                      per guidare la dimensione "
-"temporale.                      <br><br>Se GeoNode non è in grado di "
-"analizzare nessuno dei valori per l'attributo selezionato, gli indicatori "
-"rossi verranno visualizzati per evidenziare i problemi.                      "
-"<br><br>Ulteriori informazioni sono disponibili nella parte inferiore della "
-"pagina nelle sezioni \"Guida aggiuntiva\".                      "
+"L'attivazione/attivazione/attivazione/configurazione di questo selettore consente di "
+"configurare (o meno) questi dati come serie di tempo; in questo caso si dovrà anche "
+"selezionare un attributo\n"
+"                      per guidare la dimensione temporale.                      <br><br>Se "
+"GeoNode non è in grado di analizzare nessuno dei valori per l'attributo selezionato, gli "
+"indicatori rossi verranno visualizzati per evidenziare i problemi.                      "
+"<br><br>Ulteriori informazioni sono disponibili nella parte inferiore della pagina nelle "
+"sezioni \"Guida aggiuntiva\".                      "
 
 msgid "No"
 msgstr "No"
@@ -3122,12 +2946,9 @@ msgstr "Utilizzare un attributo timestamp esistente nei dati"
 msgid "Yes: with an existing Time-Attribute"
 msgstr "Sì: con un attributo Time esistente"
 
-msgid ""
-"Yes: by converting data to a timestamp using standard date/time "
-"representation"
+msgid "Yes: by converting data to a timestamp using standard date/time representation"
 msgstr ""
-"Sì: convertendo i dati in un timestamp utilizzando la rappresentazione "
-"standard di data/ora"
+"Sì: convertendo i dati in un timestamp utilizzando la rappresentazione standard di data/ora"
 
 msgid "Convert a number field into a year"
 msgstr "Convertire un campo numerico in un anno"
@@ -3135,12 +2956,10 @@ msgstr "Convertire un campo numerico in un anno"
 msgid "Yes: by converting a number as Year"
 msgstr "Sì: convertendo un numero come Anno"
 
-msgid ""
-"Convert data to a timestamp using standard date/time representation or a "
-"custom format"
+msgid "Convert data to a timestamp using standard date/time representation or a custom format"
 msgstr ""
-"Convertire i dati in un timestamp utilizzando la rappresentazione di data/"
-"ora standard o un formato personalizzato"
+"Convertire i dati in un timestamp utilizzando la rappresentazione di data/ora standard o un "
+"formato personalizzato"
 
 msgid "Start Importer"
 msgstr "Avvia importazione"
@@ -3187,12 +3006,10 @@ msgstr "definito dalla risoluzione"
 msgid "Continuous Intervals"
 msgstr "Intervalli continui"
 
-msgid ""
-"for data that is frequently updated, resolution describes the frequency of "
-"updates"
+msgid "for data that is frequently updated, resolution describes the frequency of updates"
 msgstr ""
-"per i dati che viene aggiornato di frequente, risoluzione descrive la "
-"frequenza degli aggiornamenti"
+"per i dati che viene aggiornato di frequente, risoluzione descrive la frequenza degli "
+"aggiornamenti"
 
 msgid "Resolution of time attribute"
 msgstr "Risoluzione di un attributo tempo"
@@ -3200,31 +3017,20 @@ msgstr "Risoluzione di un attributo tempo"
 msgid "Enabling Time"
 msgstr "Tempo di attivazione"
 
-#, fuzzy
-#| msgid ""
-#| "A layer can support one or two time attributes. If a single\n"
-#| "                        attribute is used, the layer is considered to "
-#| "contain data that is valid at single points in time. If two\n"
-#| "                        attributes are used, the second attribute "
-#| "represents the end of a valid period  hence the layer is considered\n"
-#| "                        to contain data that is valid at certain periods "
-#| "in time."
 msgid ""
 "A dataset can support one or two time attributes. If a single\n"
-"                        attribute is used, the dataset is considered to "
-"contain data that is valid at single points in time. If two\n"
-"                        attributes are used, the second attribute represents "
-"the end of a valid period  hence the dataset is considered\n"
-"                        to contain data that is valid at certain periods in "
-"time."
-msgstr ""
-"Un layer può supportare uno o due attributi temporali. Se un singolo\n"
-"                        attributo viene utilizzato, il layer è considerato "
-"contenere dati validi in singoli punti nel tempo. Se due\n"
-"                        attributi, il secondo attributo rappresenta la fine "
-"di un periodo valido, quindi il layer è considerato\n"
-"                        per contenere dati validi in determinati periodi di "
-"tempo."
+"                        attribute is used, the dataset is considered to contain data that is "
+"valid at single points in time. If two\n"
+"                        attributes are used, the second attribute represents the end of a "
+"valid period  hence the dataset is considered\n"
+"                        to contain data that is valid at certain periods in time."
+msgstr ""
+"Un dataset può supportare uno o due attributi temporali. Se un singolo\n"
+"                        attributo viene utilizzato, il layer è considerato contenere dati "
+"validi in singoli punti nel tempo. Se due\n"
+"                        attributi, il secondo attributo rappresenta la fine di un periodo "
+"valido, quindi il layer è considerato\n"
+"                        per contenere dati validi in determinati periodi di tempo."
 
 msgid "Selecting an Attribute"
 msgstr "Seleziona un attributo"
@@ -3243,30 +3049,24 @@ msgstr "Un numero che rappresenta l'anno"
 
 msgid ""
 "\n"
-"                        For text attributes, one can specify a custom format "
-"(as part of the \"Advanced Options\") or use the 'best guess' approach which "
-"will try to\n"
-"                        automatically translate well-known recognized "
-"patterns into valid times.\n"
+"                        For text attributes, one can specify a custom format (as part of the "
+"\"Advanced Options\") or use the 'best guess' approach which will try to\n"
+"                        automatically translate well-known recognized patterns into valid "
+"times.\n"
 "                        "
 msgstr ""
 "\n"
-"                        Per gli attributi di testo, è possibile specificare "
-"un formato personalizzato (come parte delle \"Opzioni avanzate\") o "
-"utilizzare l'approccio \"best guess\" che cercherà di\n"
-"                        convertire automaticamente i patterns riconosciuti "
-"in date valide.\n"
+"                        Per gli attributi di testo, è possibile specificare un formato "
+"personalizzato (come parte delle \"Opzioni avanzate\") o utilizzare l'approccio \"best "
+"guess\" che cercherà di\n"
+"                        convertire automaticamente i patterns riconosciuti in date valide.\n"
 "                        "
 
 msgid "The 'best guess' will handle date and optional time variants of"
-msgstr ""
-"L''ipotesi migliore' in grado di gestire le varianti di data e ora opzionale "
-"di"
+msgstr "L''ipotesi migliore' in grado di gestire le varianti di data e ora opzionale di"
 
 msgid "In terms of the formatting flags noted above, these are"
-msgstr ""
-"Per quanto riguarda le bandiere di formattazione osservato in precedenza, si "
-"tratta di"
+msgstr "Per quanto riguarda le bandiere di formattazione osservato in precedenza, si tratta di"
 
 msgid "Modal Header"
 msgstr "Intestazione modale"
@@ -3295,11 +3095,9 @@ msgstr "Scelta sbagliata"
 msgid "Please, select one Time Attribute to test!"
 msgstr "Si prega di selezionare un Attributo Temporale!"
 
-msgid ""
-"Returning to the upload starting page in <span id=\"cnt\">5</span>seconds "
+msgid "Returning to the upload starting page in <span id=\"cnt\">5</span>seconds "
 msgstr ""
-"Sarai rediretto alla pagina iniziale di caricamento entro <span id=\"cnt"
-"\">5</span> secondi "
+"Sarai rediretto alla pagina iniziale di caricamento entro <span id=\"cnt\">5</span> secondi "
 
 msgid " Or just go "
 msgstr " O semplicemente andare "
@@ -3318,21 +3116,13 @@ msgid "You are attempting to {action_type} a raster dataset with a vector."
 msgstr "Si sta tentando di {action_type} un livello raster con un vettore."
 
 #, fuzzy, python-brace-format
-#| msgid ""
-#| "You are attempting to {action_type} a vector layer with an unknown format."
-msgid ""
-"You are attempting to {action_type} a vector dataset with an unknown format."
-msgstr ""
-"Si sta tentando di {action_type} un livello vettoriale con un formato "
-"sconosciuto."
+#| msgid "You are attempting to {action_type} a vector layer with an unknown format."
+msgid "You are attempting to {action_type} a vector dataset with an unknown format."
+msgstr "Si sta tentando di {action_type} un livello vettoriale con un formato sconosciuto."
 
 #, python-brace-format
-msgid ""
-"Please ensure the name is consistent with the file you are trying to "
-"{action_type}."
-msgstr ""
-"Assicurarsi che il nome sia coerente con il file che si sta tentando di "
-"{action_type}."
+msgid "Please ensure the name is consistent with the file you are trying to {action_type}."
+msgstr "Assicurarsi che il nome sia coerente con il file che si sta tentando di {action_type}."
 
 #, fuzzy
 #| msgid "Local GeoNode layer has no geometry type."
@@ -3341,83 +3131,55 @@ msgstr "Il livello GeoNode locale non ha alcun tipo di geometria."
 
 #, python-brace-format
 msgid ""
-"Please ensure there is at least one geometry "
-"type                             that is consistent with the file you are "
-"trying to {action_type}."
+"Please ensure there is at least one geometry type                             that is "
+"consistent with the file you are trying to {action_type}."
 msgstr ""
-"Assicurarsi che sia disponibile almeno un tipo di geometria coerente con il "
-"file che si sta tentando di {action_type}."
+"Assicurarsi che sia disponibile almeno un tipo di geometria coerente con il file che si sta "
+"tentando di {action_type}."
 
-#, fuzzy
-#| msgid "The selected Layer does not exists in the catalog."
 msgid "The selected Dataset does not exists in the catalog."
-msgstr "Il livello selezionato non esiste nel catalogo."
+msgstr "Il dataset selezionato non esiste nel catalogo."
 
-#, fuzzy
-#| msgid "Please ensure that the layer structure is consistent "
 msgid "Please ensure that the dataset structure is consistent "
-msgstr "Assicurarsi che la struttura del livello sia coerente "
+msgstr "Assicurarsi che la struttura del dataset sia coerente "
 
-msgid ""
-"Some error occurred while trying to access the uploaded schema: {str(e)}"
+msgid "Some error occurred while trying to access the uploaded schema: {str(e)}"
 msgstr ""
-"Si è verificato un errore durante il tentativo di accesso allo schema "
-"caricato: {str(e)}"
+"Si è verificato un errore durante il tentativo di accesso allo schema caricato: {str(e)}"
 
 msgid ""
-"There was an error while attempting to upload your data. Please try again, "
-"or contact and administrator if the problem continues."
+"There was an error while attempting to upload your data. Please try again, or contact and "
+"administrator if the problem continues."
 msgstr ""
-"E' occorso un errore durante l'invio dei tuoi dati. Riprova o contatta un "
-"amministratore se il problema persiste."
+"E' occorso un errore durante l'invio dei tuoi dati. Riprova o contatta un amministratore se "
+"il problema persiste."
 
-#, fuzzy
-#| msgid ""
-#| "Note: this layer's orginal metadata was populated and preserved by "
-#| "importing a metadata XML file. This metadata cannot be edited."
 msgid ""
-"Note: this dataset's orginal metadata was populated and preserved by "
-"importing a metadata XML file. This metadata cannot be edited."
+"Note: this dataset's orginal metadata was populated and preserved by importing a metadata "
+"XML file. This metadata cannot be edited."
 msgstr ""
-"Nota: i metadati originali di questo livello sono stati popolati e "
-"conservati importando un file XML di metadati. Questi metadati non possono "
-"essere modificati."
+"Nota: i metadati originali di questo dataset sono stati popolati e conservati importando un "
+"file XML di metadati. Questi metadati non possono essere modificati."
 
-#, fuzzy
-#| msgid "You are not permitted to delete this layer"
 msgid "You are not permitted to delete this dataset"
-msgstr "Non hai il permesso di eliminare questo livello"
+msgstr "Non hai il permesso di eliminare questo dataset"
 
-#, fuzzy
-#| msgid "You do not have permissions for this layer."
 msgid "You do not have permissions for this dataset."
-msgstr "Non hai i permessi per questo livello."
+msgstr "Non hai i permessi per questo dataset."
 
-#, fuzzy
-#| msgid "You are not permitted to modify this layer"
 msgid "You are not permitted to modify this dataset"
-msgstr "Non hai i permessi per modificare questo livello"
+msgstr "Non hai i permessi per modificare questo dataset"
 
-#, fuzzy
-#| msgid "You are not permitted to modify this layer's metadata"
 msgid "You are not permitted to modify this dataset's metadata"
-msgstr "Non hai il permesso di modificare i metadati di questo livello"
+msgstr "Non hai il permesso di modificare i metadati di questo dataset"
 
-#, fuzzy
-#| msgid "You are not permitted to view this layer"
 msgid "You are not permitted to view this dataset"
-msgstr "Non hai il permesso di visualizzare questo livello"
+msgstr "Non hai il permesso di visualizzare questo dataset"
 
-#, fuzzy
-#| msgid ""
-#| "This layer is a member of a layer group, you must remove the layer from "
-#| "the group before deleting."
 msgid ""
-"This dataset is a member of a layer group, you must remove the dataset from "
-"the group before deleting."
-msgstr ""
-"Questo livello è membro di un gruppo, devi rimuoverlo dal gruppo prima di "
-"eliminarlo."
+"This dataset is a member of a layer group, you must remove the dataset from the group before "
+"deleting."
+msgstr "Questo dataset è membro di un gruppo, devi rimuoverlo dal gruppo prima di eliminarlo."
 
 #, python-format
 msgid "couldn't generate thumbnail: %s"
@@ -3516,11 +3278,9 @@ msgstr "Valuta questa mappa"
 msgid "Download Map"
 msgstr "Scarica la mappa"
 
-#, fuzzy
-#| msgid "Maps"
 msgid "Map"
 msgid_plural "Maps"
-msgstr[0] "Mappe"
+msgstr[0] "Mappa"
 msgstr[1] "Mappe"
 
 msgid "Map Layers"
@@ -3560,25 +3320,23 @@ msgstr ""
 
 msgid ""
 "\n"
-"      <div class=\"alert alert-warning\">Could not find downloadable layers "
-"for this map. You can go back to  \n"
+"      <div class=\"alert alert-warning\">Could not find downloadable layers for this map. "
+"You can go back to  \n"
 "      "
 msgstr ""
 "\n"
-"      <div class=\"alert alert-warning\"> Impossibile trovare livelli "
-"scaricabili per questa mappa. Si può tornare a  \n"
+"      <div class=\"alert alert-warning\"> Impossibile trovare livelli scaricabili per questa "
+"mappa. Si può tornare a  \n"
 "      "
 
 msgid ""
 "\n"
-"        Additionally, the map contains these layers which will not be "
-"downloaded\n"
+"        Additionally, the map contains these layers which will not be downloaded\n"
 "        due to security restrictions:\n"
 "      "
 msgstr ""
 "\n"
-"    Inoltre, la mappa contiene questi livelli che non possono essere "
-"scaricati\n"
+"    Inoltre, la mappa contiene questi livelli che non possono essere scaricati\n"
 "    per vincoli di sicurezza:\n"
 "    "
 
@@ -3589,8 +3347,7 @@ msgid ""
 "      "
 msgstr ""
 "\n"
-"    Infine, la mappa contiene questi livelli che non possono essere "
-"scaricati\n"
+"    Infine, la mappa contiene questi livelli che non possono essere scaricati\n"
 "    perchè non sono disponibili direttamente da questo GeoNode:\n"
 "    "
 
@@ -3616,16 +3373,14 @@ msgid "Explore Maps"
 msgstr "Esplora mappe"
 
 msgid ""
-"Note: this map's orginal metadata was populated by importing a metadata XML "
-"file.\n"
-"        GeoNode's metadata import supports a subset of ISO, FGDC, and Dublin "
-"Core metadata elements.\n"
+"Note: this map's orginal metadata was populated by importing a metadata XML file.\n"
+"        GeoNode's metadata import supports a subset of ISO, FGDC, and Dublin Core metadata "
+"elements.\n"
 "        Some of your original metadata may have been lost."
 msgstr ""
-"Nota: i metadati originale di questa mappa era popolato importando un file "
-"XML di metadati. Metadati importazione di GeoNode supporta un sottoinsieme "
-"di elementi di metadati ISO, FGDC, e Dublin Core. Alcuni dei i metadati "
-"originale Potrebbero essere state compromesse."
+"Nota: i metadati originale di questa mappa era popolato importando un file XML di metadati. "
+"Metadati importazione di GeoNode supporta un sottoinsieme di elementi di metadati ISO, FGDC, "
+"e Dublin Core. Alcuni dei i metadati originale Potrebbero essere state compromesse."
 
 msgid "Return to Map"
 msgstr "Ritorna alla mappa"
@@ -3636,13 +3391,13 @@ msgstr "Rimuovi mappa"
 #, python-format
 msgid ""
 "\n"
-"          Are you sure you want to remove <a href=\"%(map.get_absolute_url)s"
-"\">%(map_title)s</a>?\n"
+"          Are you sure you want to remove <a "
+"href=\"%(map.get_absolute_url)s\">%(map_title)s</a>?\n"
 "        "
 msgstr ""
 "\n"
-"          Sei sicuro di voler rimuovere <a href=\"%(map.get_absolute_url)s\">"
-"%(map_title)s</a>?\n"
+"          Sei sicuro di voler rimuovere <a href=\"%(map.get_absolute_url)s\">%(map_title)s</"
+"a>?\n"
 "        "
 
 msgid "You are not permitted to delete this map."
@@ -3688,18 +3443,18 @@ msgid "Show list of services"
 msgstr "Elenco dei servizi"
 
 msgid ""
-"Process data since specific timestamp (YYYY-MM-DD HH:MM:SS format). If not "
-"provided, last sync will be used."
+"Process data since specific timestamp (YYYY-MM-DD HH:MM:SS format). If not provided, last "
+"sync will be used."
 msgstr ""
-"Elaborare i dati dal timestamp specifico (formato AAAA-MM-GG HH:MM:SS). Se "
-"non viene specificato, verrà utilizzata l'ultima sincronizzazione."
+"Elaborare i dati dal timestamp specifico (formato AAAA-MM-GG HH:MM:SS). Se non viene "
+"specificato, verrà utilizzata l'ultima sincronizzazione."
 
 msgid ""
-"Process data until specific timestamp (YYYY-MM-DD HH:MM:SS format). If not "
-"provided, now will be used."
+"Process data until specific timestamp (YYYY-MM-DD HH:MM:SS format). If not provided, now "
+"will be used."
 msgstr ""
-"Elaborare i dati fino al timestamp specifico (formato AAAA-MM-GG HH:MM:SS). "
-"Se non specificato, verrà utilizzata l'ora attuale."
+"Elaborare i dati fino al timestamp specifico (formato AAAA-MM-GG HH:MM:SS). Se non "
+"specificato, verrà utilizzata l'ora attuale."
 
 msgid "Force check"
 msgstr "Controllo forzato"
@@ -3708,11 +3463,11 @@ msgid "Format of audit log (xml, json)"
 msgstr "Formato del log di audit  (xml, json)"
 
 msgid ""
-"Should old data be preserved (default: no, data older than settings."
-"MONITORING_DATA_TTL will be removed)"
+"Should old data be preserved (default: no, data older than settings.MONITORING_DATA_TTL will "
+"be removed)"
 msgstr ""
-"Conservare i dati precedenti (impostazione predefinita: no, i dati più "
-"vecchi di settings.MONITORING_DATA_TTL verranno rimossi)"
+"Conservare i dati precedenti (impostazione predefinita: no, i dati più vecchi di settings."
+"MONITORING_DATA_TTL verranno rimossi)"
 
 msgid "Should stop on first error occured (default: no)"
 msgstr "Interruzione al primo errore (impostazione predefinita: no)"
@@ -3739,8 +3494,7 @@ msgid "Metric name"
 msgstr "Nome metrica"
 
 msgid "Show data for specific resource in resource_type=resource_name format"
-msgstr ""
-"Mostra i dati per una risorsa specifica nel formato tipo_risorsa-nome_risorsa"
+msgstr "Mostra i dati per una risorsa specifica nel formato tipo_risorsa-nome_risorsa"
 
 msgid "Show data for specific resource"
 msgstr "Mostra dati per risorsa specifica"
@@ -3752,12 +3506,10 @@ msgstr "Mostra dati per un'etichetta specifica"
 msgid "Write result to file, default GEOIP_PATH: {settings.GEOIP_PATH}"
 msgstr "Scritto risultato su file, default  GEOIP_PATH: {settings.GEOIP_PATH}"
 
-msgid ""
-"Fetch database from specific url. If nothing provided, default {} will be "
-"used"
+msgid "Fetch database from specific url. If nothing provided, default {} will be used"
 msgstr ""
-"Recuperare il database da un URL specifico. Se non viene fornito nulla, "
-"verrà utilizzato il valore predefinito {}"
+"Recuperare il database da un URL specifico. Se non viene fornito nulla, verrà utilizzato il "
+"valore predefinito {}"
 
 msgid "Overwrite file if exists"
 msgstr "Sovrascrivi file se esiste già"
@@ -3908,8 +3660,7 @@ msgid "Last update must not be older than"
 msgstr "L'ultimo aggiornamento non deve essere più vecchio di"
 
 msgid "Max timeout for given metric before error should be raised"
-msgstr ""
-"Timeout massimo per la metrica specificata prima che venga generato l'errore"
+msgstr "Timeout massimo per la metrica specificata prima che venga generato l'errore"
 
 msgid "Monitoring & Analytics"
 msgstr "Monitoraggio & Analytics"
@@ -3972,29 +3723,22 @@ msgstr "Cambia password: %s"
 msgid "party who authored the resource"
 msgstr "gruppo che ha creato la risorsa"
 
-msgid ""
-"party who has processed the data in a manner such that the resource has been "
-"modified"
-msgstr ""
-"gruppo che ha elaborato i dati in modo tale che la risorsa sia stata "
-"modificata"
+msgid "party who has processed the data in a manner such that the resource has been modified"
+msgstr "gruppo che ha elaborato i dati in modo tale che la risorsa sia stata modificata"
 
 msgid "party who published the resource"
 msgstr "gruppo che ha pubblicato la risorsa"
 
 msgid ""
-"party that accepts accountability and responsibility for the data and "
-"ensures         appropriate care and maintenance of the resource"
+"party that accepts accountability and responsibility for the data and ensures         "
+"appropriate care and maintenance of the resource"
 msgstr ""
-"partito che accetta la responsabilità e la responsabilità per i dati e "
-"garantisce la cura e la manutenzione appropriata della risorsa"
+"partito che accetta la responsabilità e la responsabilità per i dati e garantisce la cura e "
+"la manutenzione appropriata della risorsa"
 
-msgid ""
-"party who can be contacted for acquiring knowledge about or acquisition of "
-"the resource"
+msgid "party who can be contacted for acquiring knowledge about or acquisition of the resource"
 msgstr ""
-"parte che può essere contattata per l'acquisizione di conoscenza o "
-"acquisizione della risorsa"
+"parte che può essere contattata per l'acquisizione di conoscenza o acquisizione della risorsa"
 
 msgid "party who distributes the resource"
 msgstr "parte che distribuisce la risorsa"
@@ -4013,8 +3757,7 @@ msgstr "parte che possiede la risorsa"
 
 msgid "key party responsible for gathering information and conducting research"
 msgstr ""
-"parte chiave responsabile della raccolta di informazioni e della conduzione "
-"della ricerca"
+"parte chiave responsabile della raccolta di informazioni e della conduzione della ricerca"
 
 msgid "Email Address"
 msgstr "Indirizzo email"
@@ -4041,30 +3784,23 @@ msgid "Voice"
 msgstr "Voce"
 
 msgid ""
-"telephone number by which individuals can speak to the responsible "
-"organization or individual"
+"telephone number by which individuals can speak to the responsible organization or individual"
 msgstr ""
-"numero di telefono con cui le persone possono parlare con l'organizzazione o "
-"l'individuo responsabile"
+"numero di telefono con cui le persone possono parlare con l'organizzazione o l'individuo "
+"responsabile"
 
 msgid "Facsimile"
 msgstr "Fax"
 
-msgid ""
-"telephone number of a facsimile machine for the responsible organization or "
-"individual"
-msgstr ""
-"numero di telefono o fax per l'organizzazione o l'individuo responsabile"
+msgid "telephone number of a facsimile machine for the responsible organization or individual"
+msgstr "numero di telefono o fax per l'organizzazione o l'individuo responsabile"
 
 msgid "Delivery Point"
 msgstr "Informazioni di contatto"
 
-msgid ""
-"physical and email address at which the organization or individual may be "
-"contacted"
+msgid "physical and email address at which the organization or individual may be contacted"
 msgstr ""
-"indirizzo fisico e email ai quali l'organizzazione o l'individuo possono "
-"essere contattati"
+"indirizzo fisico e email ai quali l'organizzazione o l'individuo possono essere contattati"
 
 msgid "City"
 msgstr "Città"
@@ -4091,11 +3827,11 @@ msgid "country of the physical address"
 msgstr "paese dell'indirizzo fisico"
 
 msgid ""
-"commonly used word(s) or formalised word(s) or phrase(s) used to describe "
-"the subject             (space or comma-separated"
+"commonly used word(s) or formalised word(s) or phrase(s) used to describe the "
+"subject             (space or comma-separated"
 msgstr ""
-"parola di uso comune (s) o una parola formalizzata (s) o la frase (s) "
-"utilizzati per descrivere il soggetto (spazio o separato da virgole"
+"parola di uso comune (s) o una parola formalizzata (s) o la frase (s) utilizzati per "
+"descrivere il soggetto (spazio o separato da virgole"
 
 msgid "Timezone"
 msgstr "Fuso orario"
@@ -4113,11 +3849,11 @@ msgid "Forgot Username"
 msgstr "Username dimenticato"
 
 msgid ""
-"Enter your email address and click the submit button. <br />Your username "
-"will be sent to you."
+"Enter your email address and click the submit button. <br />Your username will be sent to "
+"you."
 msgstr ""
-"Inserisci il tuo indirizzo email e clicca il bottone submit. <br />Il tuo "
-"username sarà spedito all'indirizzo specificato."
+"Inserisci il tuo indirizzo email e clicca il bottone submit. <br />Il tuo username sarà "
+"spedito all'indirizzo specificato."
 
 msgid "Create Profile"
 msgstr "Crea profilo"
@@ -4129,7 +3865,7 @@ msgid "Not provided."
 msgstr "Non fornito."
 
 msgid "Position"
-msgstr "Posizione"
+msgstr "Incarico"
 
 msgid "Organization"
 msgstr "Organizzazione"
@@ -4219,12 +3955,8 @@ msgstr "Non è consentito salvare o modificare questa risorsa."
 msgid "You are not authorized to download this resource."
 msgstr "Non è consentito scaricare questa risorsa."
 
-msgid ""
-"No files have been found for this resource. Please, contact a system "
-"administrator."
-msgstr ""
-"Nessun file trovato per questa risorsa. Contattare un amministratore di "
-"sistema."
+msgid "No files have been found for this resource. Please, contact a system administrator."
+msgstr "Nessun file trovato per questa risorsa. Contattare un amministratore di sistema."
 
 msgid "No files found."
 msgstr "Nessun file trovato."
@@ -4232,10 +3964,8 @@ msgstr "Nessun file trovato."
 msgid "Not Authorized"
 msgstr "Non autorizzato"
 
-#, fuzzy
-#| msgid "GeoNode Themes Library"
 msgid "GeoNode Resource Processing Library"
-msgstr "Libreria dei temi GeoNode"
+msgstr "Libreria dei processamenti GeoNode"
 
 msgid "Disabling this Task will make the Processing Workflow to skip it."
 msgstr ""
@@ -4253,11 +3983,11 @@ msgid "Error updating permissions :("
 msgstr "Errore durante l'aggiornamento delle autorizzazioni :("
 
 msgid ""
-"User {username} has download permissions but cannot access the resource. "
-"Please update permission consistently!"
+"User {username} has download permissions but cannot access the resource. Please update "
+"permission consistently!"
 msgstr ""
-"L'utente {username} ha le autorizzazioni di scaricamento ma non può "
-"visualizzare la risorsa. Controllare che le autorizzazioni siano consistenti."
+"L'utente {username} ha le autorizzazioni di scaricamento ma non può visualizzare la risorsa. "
+"Controllare che le autorizzazioni siano consistenti."
 
 msgid "You are not allowed to change permissions for this resource"
 msgstr "Non ti è consentito modificare le autorizzazioni per questa risorsa"
@@ -4480,10 +4210,8 @@ msgstr "La Risorsa {resource_id} è in fase di elaborazione"
 msgid "Service rescanned successfully"
 msgstr "Il servizio è stato analizzato di nuovo correttamente"
 
-#, fuzzy
-#| msgid "You are not permitted to save or edit this resource."
 msgid "You dont have enougth rigths to see the resource detail"
-msgstr "Non è consentito salvare o modificare questa risorsa."
+msgstr "Non hai i privilegi necessari per vedere i dettagli di questa risorsa"
 
 msgid "You are not permitted to change this service."
 msgstr "Non è consentito modificare questo servizio."
@@ -4545,13 +4273,12 @@ msgstr "Pagina non trovata"
 
 msgid ""
 "\n"
-"          The page you requested does not exist.  Perhaps you are using an "
-"outdated bookmark?\n"
+"          The page you requested does not exist.  Perhaps you are using an outdated "
+"bookmark?\n"
 "      "
 msgstr ""
 "\n"
-"          La pagina richiesta non esiste.  Forse si utilizza un segnalibro "
-"obsoleto?\n"
+"          La pagina richiesta non esiste.  Forse si utilizza un segnalibro obsoleto?\n"
 "      "
 
 msgid "Toggle navigation"
@@ -4578,31 +4305,28 @@ msgid "You are using an outdated browser that is not supported by GeoNode."
 msgstr "Stai usando un browser obsoleto che non è supportato da GeoNode."
 
 msgid ""
-"Please use a <strong>modern browser</strong> like Mozilla Firefox, Google "
-"Chrome or Safari."
+"Please use a <strong>modern browser</strong> like Mozilla Firefox, Google Chrome or Safari."
 msgstr ""
-"Utilizza un <strong>browser moderno</strong> come Mozilla Firefox, Google "
-"Chrome o Safari."
+"Utilizza un <strong>browser moderno</strong> come Mozilla Firefox, Google Chrome o Safari."
 
 msgid "There was a problem loading this page"
 msgstr "C'è stato un problema nel caricare la pagina"
 
 msgid ""
 "\n"
-"            Please contact your GeoNode administrator (they may have "
-"received an email automatically if they configured it properly).\n"
-"            If you are the site administrator, enable debug mode to see the "
-"actual error and fix it or file an issue in <a href=\"http://github.com/"
-"GeoNode/geonode/issues\">GeoNode's issue tracker</a>\n"
+"            Please contact your GeoNode administrator (they may have received an email "
+"automatically if they configured it properly).\n"
+"            If you are the site administrator, enable debug mode to see the actual error and "
+"fix it or file an issue in <a href=\"http://github.com/GeoNode/geonode/issues\">GeoNode's "
+"issue tracker</a>\n"
 "            "
 msgstr ""
 "\n"
-"            Si prega di contattare l'amministratore di GeoNode (può aver "
-"ricevuto un'e-mail automaticamente se ha configurato correttamente).\n"
-"            Se sei l'amministratore del sito, attivare la modalità di debug "
-"visualizzare l'errore effettivo e risolvere il problema o un problema del "
-"file nel <a href=\"http://github.com/GeoNode/geonode/issues\">tracciatore di "
-"problemi di GeoNode</a>\n"
+"            Si prega di contattare l'amministratore di GeoNode (può aver ricevuto un'e-mail "
+"automaticamente se ha configurato correttamente).\n"
+"            Se sei l'amministratore del sito, attivare la modalità di debug visualizzare "
+"l'errore effettivo e risolvere il problema o un problema del file nel <a href=\"http://"
+"github.com/GeoNode/geonode/issues\">tracciatore di problemi di GeoNode</a>\n"
 "            "
 
 #, fuzzy
@@ -4703,21 +4427,16 @@ msgstr "Chi può scaricarlo?"
 msgid "Who can change metadata for it?"
 msgstr "Chi può modificare i metadati per questo?"
 
-#, fuzzy
-#| msgid "Who can edit data for this layer?"
 msgid "Who can edit data for this dataset?"
-msgstr "Chi può modificare i dati di questo livello?"
+msgstr "Chi può modificare i dati di questo dataset?"
 
-#, fuzzy
-#| msgid "Who can edit styles for this layer?"
 msgid "Who can edit styles for this dataset?"
-msgstr "Chi può modificare gli stili di questo livello?"
+msgstr "Chi può modificare gli stili di questo dataset?"
 
-msgid ""
-"Who can manage it? (update, delete, change permissions, publish/unpublish it)"
+msgid "Who can manage it? (update, delete, change permissions, publish/unpublish it)"
 msgstr ""
-"Chi può gestirlo? (Aggiornare, cancellare, modificare le autorizzazioni, "
-"pubblicare / annullare la pubblicazione di esso)"
+"Chi può gestirlo? (Aggiornare, eliminare, modificare le autorizzazioni, pubblicare / "
+"annullare la pubblicazione di esso)"
 
 msgid "Set permissions for this resource"
 msgstr "Impostare le autorizzazioni per questa risorsa"
@@ -4753,12 +4472,11 @@ msgid "Mandatory files : SHP , DBF"
 msgstr "File obbligatori: .shp, .dbf"
 
 msgid ""
-"Upload a ZIP file containing an ESRI Shapefile. If the ZIP provides also a ."
-"prj file, you don't have to specify the EPSG SRID"
+"Upload a ZIP file containing an ESRI Shapefile. If the ZIP provides also a .prj file, you "
+"don't have to specify the EPSG SRID"
 msgstr ""
-"Carica uo file ZIP contenente uno Shapegile ESRI. Se lo ZIP fornisceanche un "
-"file .prj non è necessario specificare il Sistema di Riferimento (Codice "
-"EPSG)"
+"Carica uo file ZIP contenente uno Shapegile ESRI. Se lo ZIP fornisceanche un file .prj non è "
+"necessario specificare il Sistema di Riferimento (Codice EPSG)"
 
 msgid "Choose"
 msgstr "Seleziona"
@@ -4782,32 +4500,31 @@ msgid "Load SHP-ZIP"
 msgstr "Carica uno Shapefile .zip"
 
 msgid ""
-"<p>This will remove the Geo Limits currently drawn on the map.</p><p>In "
-"order to store the Geo Limits you will need to <strong>save</strong> them "
-"anyway.</p><p>Do you want to proceed?</p>"
+"<p>This will remove the Geo Limits currently drawn on the map.</p><p>In order to store the "
+"Geo Limits you will need to <strong>save</strong> them anyway.</p><p>Do you want to proceed?"
+"</p>"
 msgstr ""
-"<p>Questa azione rimuoverà i limiti spaziali attualmente disegnati "
-"sullamappa.<p></p>Vuoi procedere?</p>"
+"<p>Questa azione rimuoverà i limiti spaziali attualmente disegnati sullamappa.<p></p>Vuoi "
+"procedere?</p>"
 
 msgid ""
-"<p>This will override the current stored Geo Limits on the DB.</p><p>To "
-"apply them you will need to click on <strong>Apply Changes</strong> button "
-"anyway.</p><p><strong>WARNING:</strong> This operation cannot be reverted!</"
-"p><p>Do you want to proceed?</p>"
+"<p>This will override the current stored Geo Limits on the DB.</p><p>To apply them you will "
+"need to click on <strong>Apply Changes</strong> button anyway.</p><p><strong>WARNING:</"
+"strong> This operation cannot be reverted!</p><p>Do you want to proceed?</p>"
 msgstr ""
-"<p>Questa azione sovrascriverà i limiti spaziali attualmente salvantinel DB."
-"<p></p>Per procedere clicca su <strong>Esegui</strong>. </"
-"p><p><strong>ATTENZIONE:</strong> Questa azione è irreversibile!</p>"
+"<p>Questa azione sovrascriverà i limiti spaziali attualmente salvantinel DB.<p></p>Per "
+"procedere clicca su <strong>Esegui</strong>. </p><p><strong>ATTENZIONE:</strong> Questa "
+"azione è irreversibile!</p>"
 
 msgid "Save Geo Limit"
 msgstr "Salve limiti spaziali"
 
 msgid ""
-"<p>Geometry <strong>successfully</strong> saved!</p><p>To apply them you "
-"will need to click on <strong>Apply Changes</strong> button.</p>"
+"<p>Geometry <strong>successfully</strong> saved!</p><p>To apply them you will need to click "
+"on <strong>Apply Changes</strong> button.</p>"
 msgstr ""
-"<p>Geometria <strong>salvata con</strong> successo!</p><p>Per applicarli è "
-"necessario fare clic sul <strong>pulsante Applica modifiche.</strong></p>"
+"<p>Geometria <strong>salvata con</strong> successo!</p><p>Per applicarli è necessario fare "
+"clic sul <strong>pulsante Applica modifiche.</strong></p>"
 
 msgid "<p><strong>Error</strong> while trying to save the Geometry!</p>"
 msgstr "<p><strong>Errore</strong> nel salvataggio della geometria!</p>"
@@ -4822,13 +4539,13 @@ msgid "<p><strong>No Geometry</strong> found!</p>"
 msgstr "<p><strong>Nessuna geometria</strong> trovata!</p>"
 
 msgid ""
-"<p>This will <strong>permanently</strong> remove the Geo Limits from the DB."
-"</p><p>To apply them you will need to click on <strong>Apply Changes</"
-"strong> button.</p><p>Do you want to proceed?</p>"
+"<p>This will <strong>permanently</strong> remove the Geo Limits from the DB.</p><p>To apply "
+"them you will need to click on <strong>Apply Changes</strong> button.</p><p>Do you want to "
+"proceed?</p>"
 msgstr ""
-"<p>In questo <strong>modo i</strong> limiti geografici verranno rimossi "
-"definitivamente dal database.</p><p>Per applicarli è necessario fare clic "
-"sul <strong>pulsante Applica modifiche.</strong></p><p>Vuoi procedere?</p>"
+"<p>In questo <strong>modo i</strong> limiti geografici verranno rimossi definitivamente dal "
+"database.</p><p>Per applicarli è necessario fare clic sul <strong>pulsante Applica modifiche."
+"</strong></p><p>Vuoi procedere?</p>"
 
 msgid "Delete Geo Limit"
 msgstr "Elimina limite geografico"
@@ -4836,11 +4553,9 @@ msgstr "Elimina limite geografico"
 msgid "<p><strong>Geo Limitsy</strong> successfully deleted!</p>"
 msgstr "<p><strong>Geo Limite eliminato</strong> con successo!</p>"
 
-msgid ""
-"<p><strong>Error</strong> occurred while trying to delete Geo Limits:</p>"
+msgid "<p><strong>Error</strong> occurred while trying to delete Geo Limits:</p>"
 msgstr ""
-"<p><strong>Errore durante</strong> il tentativo di eliminazione dei limiti "
-"geografici:</p>"
+"<p><strong>Errore durante</strong> il tentativo di eliminazione dei limiti geografici:</p>"
 
 msgid "Choose users..."
 msgstr "Scegli gli utenti ..."
@@ -4858,43 +4573,37 @@ msgid "About GeoNode"
 msgstr "A proposito di GeoNode"
 
 msgid ""
-"GeoNode is a geospatial content management system, a platform for the "
-"management and publication of geospatial data. It brings together mature and "
-"stable open-source software projects under a consistent and easy-to-use "
-"interface allowing non-specialized users to share data and create "
-"interactive maps."
+"GeoNode is a geospatial content management system, a platform for the management and "
+"publication of geospatial data. It brings together mature and stable open-source software "
+"projects under a consistent and easy-to-use interface allowing non-specialized users to "
+"share data and create interactive maps."
 msgstr ""
-"GeoNode è un sistema di gestione dei contenuti geospaziali, una piattaforma "
-"per la gestione e la pubblicazione di dati geospaziali. Riunisce progetti "
-"software open source maturi e stabili sotto un'interfaccia coerente e facile "
-"da usare che consente agli utenti non specializzati di condividere dati e "
-"creare mappe interattive."
+"GeoNode è un sistema di gestione dei contenuti geospaziali, una piattaforma per la gestione "
+"e la pubblicazione di dati geospaziali. Riunisce progetti software open source maturi e "
+"stabili sotto un'interfaccia coerente e facile da usare che consente agli utenti non "
+"specializzati di condividere dati e creare mappe interattive."
 
 msgid ""
-"Data management tools built into GeoNode allow for integrated creation of "
-"data, metadata, and map visualizations. Each dataset in the system can be "
-"shared publicly or restricted to allow access to only specific users. Social "
-"features like user profiles and commenting and rating systems allow for the "
-"development of communities around each platform to facilitate the use, "
-"management, and quality control of the data the GeoNode instance contains."
+"Data management tools built into GeoNode allow for integrated creation of data, metadata, "
+"and map visualizations. Each dataset in the system can be shared publicly or restricted to "
+"allow access to only specific users. Social features like user profiles and commenting and "
+"rating systems allow for the development of communities around each platform to facilitate "
+"the use, management, and quality control of the data the GeoNode instance contains."
 msgstr ""
-"Gli strumenti di gestione dei dati integrati in GeoNode consentono la "
-"creazione integrata di dati, metadati e visualizzazioni mappa. Ogni set di "
-"dati nel sistema può essere condiviso pubblicamente o limitato per "
-"consentire l'accesso solo a utenti specifici. Le funzionalità di social "
-"networking come i profili utente e i sistemi di commenti e classificazione "
-"consentono lo sviluppo di comunità intorno a ogni piattaforma per facilitare "
-"l'utilizzo, la gestione e il controllo qualità dei dati contenuti "
-"nell'istanza GeoNode."
+"Gli strumenti di gestione dei dati integrati in GeoNode consentono la creazione integrata di "
+"dati, metadati e visualizzazioni mappa. Ogni set di dati nel sistema può essere condiviso "
+"pubblicamente o limitato per consentire l'accesso solo a utenti specifici. Le funzionalità "
+"di social networking come i profili utente e i sistemi di commenti e classificazione "
+"consentono lo sviluppo di comunità intorno a ogni piattaforma per facilitare l'utilizzo, la "
+"gestione e il controllo qualità dei dati contenuti nell'istanza GeoNode."
 
 msgid ""
-"It is also designed to be a flexible platform that software developers can "
-"extend, modify or integrate against to meet requirements in their own "
-"applications."
+"It is also designed to be a flexible platform that software developers can extend, modify or "
+"integrate against to meet requirements in their own applications."
 msgstr ""
-"È inoltre progettato per essere una piattaforma flessibile che gli "
-"sviluppatori di software possono estendere, modificare o integrare per "
-"soddisfare i requisiti nelle proprie applicazioni."
+"È inoltre progettato per essere una piattaforma flessibile che gli sviluppatori di software "
+"possono estendere, modificare o integrare per soddisfare i requisiti nelle proprie "
+"applicazioni."
 
 msgid "Account Inactive"
 msgstr "Account non attivo"
@@ -4907,13 +4616,11 @@ msgstr "Account in attesa di approvazione"
 
 #, python-format
 msgid ""
-"We have sent the administrators a notice to approve your account associated "
-"with <b>%(email)s</b>. If the account is approved, you will receive a "
-"confirmation notice."
+"We have sent the administrators a notice to approve your account associated with "
+"<b>%(email)s</b>. If the account is approved, you will receive a confirmation notice."
 msgstr ""
-"Abbiamo inviato agli amministratori un avviso per approvare il tuo account "
-"associato a <b>%(email)s</b>. Se l'account viene approvato, riceverai un "
-"avviso di conferma."
+"Abbiamo inviato agli amministratori un avviso per approvare il tuo account associato a "
+"<b>%(email)s</b>. Se l'account viene approvato, riceverai un avviso di conferma."
 
 msgid "Account"
 msgstr "Account"
@@ -4943,12 +4650,12 @@ msgid "Warning:"
 msgstr "Avviso:"
 
 msgid ""
-"You currently do not have any e-mail address set up. You should really add "
-"an e-mail address so you can receive notifications, reset your password, etc."
+"You currently do not have any e-mail address set up. You should really add an e-mail address "
+"so you can receive notifications, reset your password, etc."
 msgstr ""
-"Al momento non è stato impostato alcun indirizzo di posta elettronica. Si "
-"dovrebbe davvero aggiungere un indirizzo e-mail in modo da poter ricevere "
-"notifiche, reimpostare la password, ecc."
+"Al momento non è stato impostato alcun indirizzo di posta elettronica. Si dovrebbe davvero "
+"aggiungere un indirizzo e-mail in modo da poter ricevere notifiche, reimpostare la password, "
+"ecc."
 
 msgid "Add E-mail Address"
 msgstr "Aggiungi indirizzo e-mail"
@@ -4963,15 +4670,15 @@ msgstr "Vuoi davvero rimuovere l'indirizzo e-mail selezionato?"
 msgid ""
 "Hello from %(site_name)s!\n"
 "\n"
-"You're receiving this e-mail because user %(user_display)s has given yours "
-"as an e-mail address to connect their account.\n"
+"You're receiving this e-mail because user %(user_display)s has given yours as an e-mail "
+"address to connect their account.\n"
 "\n"
 "To confirm this is correct, go to %(activate_url)s\n"
 msgstr ""
 "Ciao da %(site_name)s!\n"
 "\n"
-"Ricevi questa e-mail perché utente %(user_display)s ha dato la tua come un "
-"indirizzo di posta elettronica per collegare il proprio account.\n"
+"Ricevi questa e-mail perché utente %(user_display)s ha dato la tua come un indirizzo di "
+"posta elettronica per collegare il proprio account.\n"
 "\n"
 "Per confermare che questo è corretto, andare al s %(activate_url)s\n"
 
@@ -4995,8 +4702,7 @@ msgstr "Sei stato invitato a registrarti all'indirizzo %(site_name)s."
 msgid "Create an account on %(site_name)s"
 msgstr "Creare un account su %(site_name)s"
 
-msgid ""
-"This is the email notification to confirm your password has been changed on"
+msgid "This is the email notification to confirm your password has been changed on"
 msgstr "Questa è la notifica e-mail per confermare che la password è stata"
 
 msgid "Change password email notification"
@@ -5006,17 +4712,17 @@ msgstr "Modifica password"
 msgid ""
 "Hello from %(site_name)s!\n"
 "\n"
-"You're receiving this e-mail because you or someone else has requested a "
-"password for your user account.\n"
-"It can be safely ignored if you did not request a password reset. Click the "
-"link below to reset your password."
+"You're receiving this e-mail because you or someone else has requested a password for your "
+"user account.\n"
+"It can be safely ignored if you did not request a password reset. Click the link below to "
+"reset your password."
 msgstr ""
 "Ciao da %(site_name)s!\n"
 "\n"
-"Ricevi questa e-mail perché tu o qualcun altro ha richiesto una password per "
-"l'account utente.\n"
-"Può essere tranquillamente ignorato se non hai richiesto la reimpostazione "
-"della password. Clicca sul link qui sotto per reimpostare la password."
+"Ricevi questa e-mail perché tu o qualcun altro ha richiesto una password per l'account "
+"utente.\n"
+"Può essere tranquillamente ignorato se non hai richiesto la reimpostazione della password. "
+"Clicca sul link qui sotto per reimpostare la password."
 
 #, python-format
 msgid "In case you forgot, your username is %(username)s."
@@ -5039,23 +4745,22 @@ msgstr "Confermare Indirizzo e-Mail"
 
 #, python-format
 msgid ""
-"Please confirm that <a href=\"mailto:%(email)s\">%(email)s</a> is an e-mail "
-"address for user %(user_display)s."
+"Please confirm that <a href=\"mailto:%(email)s\">%(email)s</a> is an e-mail address for user "
+"%(user_display)s."
 msgstr ""
-"Verificare che <a href=\"mailto:%(email)s\">%(email)s</a> sia un indirizzo "
-"di posta elettronica per l'utente %(user_display)s."
+"Verificare che <a href=\"mailto:%(email)s\">%(email)s</a> sia un indirizzo di posta "
+"elettronica per l'utente %(user_display)s."
 
 msgid "Confirm"
 msgstr "Conferma"
 
 #, python-format
 msgid ""
-"This e-mail confirmation link expired or is invalid. Please <a href="
-"\"%(email_url)s\">issue a new e-mail confirmation request</a>."
+"This e-mail confirmation link expired or is invalid. Please <a href=\"%(email_url)s\">issue "
+"a new e-mail confirmation request</a>."
 msgstr ""
-"Questo link di conferma e-mail è scaduto o non è valido. Si prega di "
-"emettere una nuova richiesta di <a href=\"%(email_url)s\">conferma e-mail</"
-"a>."
+"Questo link di conferma e-mail è scaduto o non è valido. Si prega di emettere una nuova "
+"richiesta di <a href=\"%(email_url)s\">conferma e-mail</a>."
 
 msgid "Log in"
 msgstr "Entra"
@@ -5066,13 +4771,12 @@ msgstr "Effettua il login con un account esistente"
 #, python-format
 msgid ""
 "Please sign in with one\n"
-"      of your existing third party accounts. Or, <a href=\"%(signup_url)s"
-"\">sign up</a>\n"
+"      of your existing third party accounts. Or, <a href=\"%(signup_url)s\">sign up</a>\n"
 "      for a %(site_name)s account and sign in below:"
 msgstr ""
 "Si prega di accedere con uno\n"
-"      degli account di terze parti esistenti. In alternativa, <a href="
-"\"%(signup_url)s\">iscriviti</a>\n"
+"      degli account di terze parti esistenti. In alternativa, <a "
+"href=\"%(signup_url)s\">iscriviti</a>\n"
 "      per un account %(site_name)s e accedere di seguito:"
 
 msgid "or"
@@ -5116,32 +4820,27 @@ msgstr "Reimposta password"
 msgid "Forgotten your password?"
 msgstr "Hai dimenticato la password?"
 
-msgid ""
-"Enter your email address below, and we'll send you an email allowing you to "
-"reset it."
+msgid "Enter your email address below, and we'll send you an email allowing you to reset it."
 msgstr ""
-"Inserisci sotto il tuo indirizzo email e ti spediremo un'email per "
-"permetterti di cambiare la password."
+"Inserisci sotto il tuo indirizzo email e ti spediremo un'email per permetterti di cambiare "
+"la password."
 
 msgid "Reset my password"
 msgstr "Reimposta la mia password"
 
 #, python-format
 msgid ""
-"If you have any trouble resetting your password, contact us at <a href="
-"\"mailto:%(THEME_ACCOUNT_CONTACT_EMAIL)s\">%(THEME_ACCOUNT_CONTACT_EMAIL)s</"
-"a>."
+"If you have any trouble resetting your password, contact us at <a href=\"mailto:"
+"%(THEME_ACCOUNT_CONTACT_EMAIL)s\">%(THEME_ACCOUNT_CONTACT_EMAIL)s</a>."
 msgstr ""
-"Se hai dei problemi nel reimpostare la password, contattaci a <a href="
-"\"mailto:%(THEME_ACCOUNT_CONTACT_EMAIL)s\">%(THEME_ACCOUNT_CONTACT_EMAIL)s</"
-"a>."
+"Se hai dei problemi nel reimpostare la password, contattaci a <a href=\"mailto:"
+"%(THEME_ACCOUNT_CONTACT_EMAIL)s\">%(THEME_ACCOUNT_CONTACT_EMAIL)s</a>."
 
 msgid ""
-"We have sent you an e-mail. Please contact us if you do not receive it "
-"within a few minutes."
+"We have sent you an e-mail. Please contact us if you do not receive it within a few minutes."
 msgstr ""
-"Vi abbiamo inviato un'e-mail. Vi preghiamo di contattarci se non lo ricevete "
-"entro pochi minuti."
+"Vi abbiamo inviato un'e-mail. Vi preghiamo di contattarci se non lo ricevete entro pochi "
+"minuti."
 
 msgid "Change Password"
 msgstr "Cambia Password"
@@ -5151,13 +4850,12 @@ msgstr "Token non valido"
 
 #, python-format
 msgid ""
-"The password reset link was invalid, possibly because it has already been "
-"used.  Please request a <a href=\"%(passwd_reset_url)s\">new password reset</"
-"a>."
+"The password reset link was invalid, possibly because it has already been used.  Please "
+"request a <a href=\"%(passwd_reset_url)s\">new password reset</a>."
 msgstr ""
-"Il collegamento per la reimpostazione della password non è valido, "
-"probabilmente perché è già stato utilizzato.  Si prega di richiedere una <a "
-"href=\"%(passwd_reset_url)s\">nuova reimpostazione della password</a>."
+"Il collegamento per la reimpostazione della password non è valido, probabilmente perché è "
+"già stato utilizzato.  Si prega di richiedere una <a href=\"%(passwd_reset_url)s\">nuova "
+"reimpostazione della password</a>."
 
 msgid "change password"
 msgstr "modifica password"
@@ -5208,13 +4906,11 @@ msgstr "Verificare l'indirizzo di posta elettronica"
 
 msgid ""
 "We have sent an email to you for verification. Follow the\n"
-"    link provided to finalize the signup process. Please contact us if you "
-"do\n"
+"    link provided to finalize the signup process. Please contact us if you do\n"
 "    not receive it within a few minutes"
 msgstr ""
 "We have sent an email to you for verification. Follow the\n"
-"    link provided to finalize the signup process. Please contact us if you "
-"do\n"
+"    link provided to finalize the signup process. Please contact us if you do\n"
 "    not receive it within a few minutes"
 
 msgid "Verify Your E-mail Address"
@@ -5235,17 +4931,16 @@ msgid ""
 "contact us if you do not receive it within a few minutes."
 msgstr ""
 "Vi abbiamo inviato un'e-mail per\n"
-"verifica. Si prega di fare clic sul link all'interno di questa e-mail. per "
-"favore\n"
+"verifica. Si prega di fare clic sul link all'interno di questa e-mail. per favore\n"
 "contattarci se non lo ricevi entro pochi minuti."
 
 #, python-format
 msgid ""
-"<strong>Note:</strong> you can still <a href=\"%(email_url)s\">change your e-"
-"mail address</a>."
+"<strong>Note:</strong> you can still <a href=\"%(email_url)s\">change your e-mail address</"
+"a>."
 msgstr ""
-"<strong>Nota:</strong> è comunque possibile <a href=\"%(email_url)s"
-"\">modificare l'indirizzo e-mail</a>."
+"<strong>Nota:</strong> è comunque possibile <a href=\"%(email_url)s\">modificare l'indirizzo "
+"e-mail</a>."
 
 msgid "My Activity feed"
 msgstr "Il mio feed attività"
@@ -5292,13 +4987,11 @@ msgstr "Pubblicato da"
 #, python-format
 msgid ""
 "\n"
-"          Published from <b>%(publish_start)s</b> to <b>%(publish_end)s</"
-"b>.\n"
+"          Published from <b>%(publish_start)s</b> to <b>%(publish_end)s</b>.\n"
 "          "
 msgstr ""
 "\n"
-"          Pubblicato da <b>%(publish_start)s</b> per <b>%(publish_end)s</"
-"b>.\n"
+"          Pubblicato da <b>%(publish_start)s</b> per <b>%(publish_end)s</b>.\n"
 "          "
 
 #, python-format
@@ -5328,14 +5021,13 @@ msgstr "Si prega di selezionare gli avatar che si desidera eliminare."
 
 #, python-format
 msgid ""
-"You have no avatars to delete. Please <a href=\"%(avatar_change_url)s"
-"\">upload one</a> now."
+"You have no avatars to delete. Please <a href=\"%(avatar_change_url)s\">upload one</a> now."
 msgstr ""
-"Non ci sono gli avatar da eliminare. Si prega di <a href="
-"\"%(avatar_change_url)s\">caricare un</a> ora."
+"Non ci sono gli avatar da eliminare. Si prega di <a href=\"%(avatar_change_url)s\">caricare "
+"un</a> ora."
 
 msgid "Delete These"
-msgstr "Cancella questi"
+msgstr "Elimina questi"
 
 msgid "GeoNode Search"
 msgstr "Ricerca GeoNode"
@@ -5361,10 +5053,8 @@ msgstr "Aggiornamento Miniatura..."
 msgid "Message. Do you want to proceed?"
 msgstr "Sei sicuro di voler procedere?"
 
-#, fuzzy
-#| msgid "Harvesting resources..."
 msgid "Processing Resource..."
-msgstr "Inserimento risorse..."
+msgstr "Processamento risorse..."
 
 msgid "Information for Developers"
 msgstr "Informazioni per gli sviluppatori"
@@ -5375,160 +5065,141 @@ msgstr "Informazioni utili per gli sviluppatori interessati a GeoNode."
 #, fuzzy, python-format
 #| msgid ""
 #| "\n"
-#| "    <p><a href=\"http://geonode.org/\">GeoNode</a> is an open service "
-#| "built on open source software. We encourage you to build new applications "
-#| "using the components and resources it provides. This page is a starting "
-#| "point for developers interesting in taking full advantage of GeoNode. It "
-#| "also includes links to the project's source code so anyone can build and "
-#| "customize their own GeoNode. </p>\n"
+#| "    <p><a href=\"http://geonode.org/\">GeoNode</a> is an open service built on open "
+#| "source software. We encourage you to build new applications using the components and "
+#| "resources it provides. This page is a starting point for developers interesting in taking "
+#| "full advantage of GeoNode. It also includes links to the project's source code so anyone "
+#| "can build and customize their own GeoNode. </p>\n"
 #| "\n"
 #| "    <h3>GeoNode Software</h3>\n"
 #| "\n"
-#| "    <p>All the code that runs GeoNode is open source. The code is "
-#| "available at <a href=\"http://github.com/GeoNode/geonode\">http://github."
-#| "com/GeoNode/geonode/</a>. The issue tracker for the project is at <a href="
-#| "\"http://github.com/GeoNode/geonode/issues\">http://github.com/GeoNode/"
-#| "geonode/issues</a>.</p>\n"
+#| "    <p>All the code that runs GeoNode is open source. The code is available at <a "
+#| "href=\"http://github.com/GeoNode/geonode\">http://github.com/GeoNode/geonode/</a>. The "
+#| "issue tracker for the project is at <a href=\"http://github.com/GeoNode/geonode/"
+#| "issues\">http://github.com/GeoNode/geonode/issues</a>.</p>\n"
 #| "\n"
-#| "    <p>GeoNode is built using several open source projects, each with its "
-#| "own community. If you are interested in contributing new features to the "
-#| "GeoNode, we encourage you to do so by contributing to one of the projects "
-#| "on which it is built:</p>\n"
+#| "    <p>GeoNode is built using several open source projects, each with its own community. "
+#| "If you are interested in contributing new features to the GeoNode, we encourage you to do "
+#| "so by contributing to one of the projects on which it is built:</p>\n"
 #| "    <ul>\n"
-#| "      <li><a href=\"http://geoserver.org\">GeoServer</a> - Standards "
-#| "based server for geospatial information</li>\n"
-#| "      <li><a href=\"http://geowebcache.org\">GeoWebCache</a> - Cache "
-#| "engine for WMS Tiles</li><li><a href=\"http://openlayers.org"
-#| "\">OpenLayers</a> - Pure JavaScript library powering the maps of GeoExt</"
-#| "li>\n"
-#| "      <li><a href=\"http://pycsw.org\">pycsw</a> - CSW, OpenSearch and "
-#| "OAI-PMH metadata catalogue server</li>\n"
+#| "      <li><a href=\"http://geoserver.org\">GeoServer</a> - Standards based server for "
+#| "geospatial information</li>\n"
+#| "      <li><a href=\"http://geowebcache.org\">GeoWebCache</a> - Cache engine for WMS "
+#| "Tiles</li><li><a href=\"http://openlayers.org\">OpenLayers</a> - Pure JavaScript library "
+#| "powering the maps of GeoExt</li>\n"
+#| "      <li><a href=\"http://pycsw.org\">pycsw</a> - CSW, OpenSearch and OAI-PMH metadata "
+#| "catalogue server</li>\n"
 #| "    </ul>\n"
 #| "\n"
 #| "    <h3>What are OGC Services?</h3>\n"
-#| "    <p>The data in this application is served using open standards "
-#| "endorsed by ISO and the <a href=\"http://opengeospatial.org/\">Open "
-#| "Geospatial Consortium</a>; in particular, WMS (Web Map Service) is used "
-#| "for accessing maps, WFS (Web Feature Service) is used for accessing "
-#| "vector data, and WCS (Web Coverage Service) is used for accessing raster "
-#| "data.  WMC (Web Map Context Documents) is used for sharing maps. You can "
-#| "use these services in your own applications using libraries such as "
-#| "OpenLayers, GeoTools, and OGR (all of which are open-source software and "
-#| "available at zero cost). Additionally, CSW (Catalog Service for the Web) "
-#| "supports access to collections of descriptive information (metadata) "
-#| "about data and services.</p>\n"
+#| "    <p>The data in this application is served using open standards endorsed by ISO and "
+#| "the <a href=\"http://opengeospatial.org/\">Open Geospatial Consortium</a>; in particular, "
+#| "WMS (Web Map Service) is used for accessing maps, WFS (Web Feature Service) is used for "
+#| "accessing vector data, and WCS (Web Coverage Service) is used for accessing raster data.  "
+#| "WMC (Web Map Context Documents) is used for sharing maps. You can use these services in "
+#| "your own applications using libraries such as OpenLayers, GeoTools, and OGR (all of which "
+#| "are open-source software and available at zero cost). Additionally, CSW (Catalog Service "
+#| "for the Web) supports access to collections of descriptive information (metadata) about "
+#| "data and services.</p>\n"
 #| "\n"
 #| "    <h3>What is GeoWebCache?</h3>\n"
-#| "    <p>GeoWebCache provides mapping tiles that are compatible with a "
-#| "number of mapping engines, including Google Maps, Bing Maps and "
-#| "OpenLayers. All the data hosted by GeoNode is also available through "
-#| "GeoWebCache. GeoWebCache improves on WMS by caching data and providing "
-#| "more responsive maps.</p>\n"
+#| "    <p>GeoWebCache provides mapping tiles that are compatible with a number of mapping "
+#| "engines, including Google Maps, Bing Maps and OpenLayers. All the data hosted by GeoNode "
+#| "is also available through GeoWebCache. GeoWebCache improves on WMS by caching data and "
+#| "providing more responsive maps.</p>\n"
 #| "\n"
 #| "    <h3>CSW Example Code</h3>\n"
-#| "    <p>To interact with GeoNode's CSW you can use any CSW client (QGIS "
-#| "MetaSearch, GRASS, etc.).  The following example illustrates a simple "
-#| "invocation using the OWSLib Python package:</p>\n"
+#| "    <p>To interact with GeoNode's CSW you can use any CSW client (QGIS MetaSearch, GRASS, "
+#| "etc.).  The following example illustrates a simple invocation using the OWSLib Python "
+#| "package:</p>\n"
 #| "    <p><code>from owslib.csw import CatalogueServiceWeb</code></p>\n"
 #| "    <p><code>from owslib.fes import PropertyIsLike</code></p>\n"
-#| "    <p><code>csw = CatalogueServiceWeb('%(CATALOGUE_BASE_URL)s')</code></"
-#| "p>\n"
-#| "    <p><code>anytext = PropertyIsLike('csw:AnyText', 'birds')')</code></"
-#| "p>\n"
+#| "    <p><code>csw = CatalogueServiceWeb('%(CATALOGUE_BASE_URL)s')</code></p>\n"
+#| "    <p><code>anytext = PropertyIsLike('csw:AnyText', 'birds')')</code></p>\n"
 #| "    <p><code>csw.getrecords2(constraints=[anytext])</code></p>\n"
 #| "    <p><code>print csw.results</code></p>\n"
 #| "    <p><code>print csw.records</code></p>\n"
 #| "\n"
 #| "    <h3>OpenLayers Example Code</h3>\n"
 #| "\n"
-#| "    <p>To include a GeoNode map layer in an OpenLayers map, first find "
-#| "the name for that layer. This is found in the layer's <code>name</code> "
-#| "field (not <code>title</code>) of the layer list. For this example, we "
-#| "will use the Nicaraguan political boundaries background layer, whose name "
-#| "is <code>risk:nicaragua_admin</code>. Then, create an instance of "
-#| "OpenLayers.Layer.WMS:</p>\n"
-#| "    <p><code>var geonodeLayer = new OpenLayers.Layer.WMS(\"GeoNode Risk "
-#| "Data\", \"http://demo.geonode.org/geoserver/wms\",{ layers: \"risk:"
-#| "nicaragua_admin\" });</code></p>\n"
+#| "    <p>To include a GeoNode map layer in an OpenLayers map, first find the name for that "
+#| "layer. This is found in the layer's <code>name</code> field (not <code>title</code>) of "
+#| "the layer list. For this example, we will use the Nicaraguan political boundaries "
+#| "background layer, whose name is <code>risk:nicaragua_admin</code>. Then, create an "
+#| "instance of OpenLayers.Layer.WMS:</p>\n"
+#| "    <p><code>var geonodeLayer = new OpenLayers.Layer.WMS(\"GeoNode Risk Data\", \"http://"
+#| "demo.geonode.org/geoserver/wms\",{ layers: \"risk:nicaragua_admin\" });</code></p>\n"
 #| "\n"
 #| "    <h3>Google Maps Example Code</h3>\n"
-#| "    <p>To include a GeoNode map layer in a Google Map, include the layer "
-#| "namein the URL template.</p>\n"
-#| "    <p><code>var tilelayer =  new GTileLayer(null, null, null, "
-#| "{tileUrlTemplate: 'http://demo.geonode.org/geoserver/gwc/service/gmaps?"
-#| "layers=risk:nicaragua_admin&#38;zoom={Z}&#38;x={X}&#38;y={Y}', isPng:"
-#| "true, opacity:0.5 } );</code></p>\n"
+#| "    <p>To include a GeoNode map layer in a Google Map, include the layer namein the URL "
+#| "template.</p>\n"
+#| "    <p><code>var tilelayer =  new GTileLayer(null, null, null, {tileUrlTemplate: 'http://"
+#| "demo.geonode.org/geoserver/gwc/service/gmaps?layers=risk:nicaragua_admin&#38;zoom={Z}&#38;"
+#| "x={X}&#38;y={Y}', isPng:true, opacity:0.5 } );</code></p>\n"
 #| "\n"
 #| "    <h3>Shapefile/GeoJSON/GML Output</h3>\n"
-#| "    <p>To get data from the GeoNode web services use the WFS protocol. "
-#| "For example, to get the full Nicaraguan admin boundaries use:</p>\n"
-#| "    <p><code>http://demo.geonode.org/geoserver/wfs?request=GetFeature&#38;"
-#| "typeName=risk:nicaragua_admin&#38;outputformat=SHAPE-ZIP</code></p>\n"
-#| "    <p>Changing output format to <code>json</code>, <code>GML2</code>, "
-#| "<code>GML3</code>, or <code>csv</code> will get data in those formats. "
-#| "The WFS protocol also can handle more precise queries, specifying a "
-#| "bounding box or various spatial and non-spatial filters based on the "
-#| "attributes of the data.</p>\n"
+#| "    <p>To get data from the GeoNode web services use the WFS protocol. For example, to "
+#| "get the full Nicaraguan admin boundaries use:</p>\n"
+#| "    <p><code>http://demo.geonode.org/geoserver/wfs?request=GetFeature&#38;typeName=risk:"
+#| "nicaragua_admin&#38;outputformat=SHAPE-ZIP</code></p>\n"
+#| "    <p>Changing output format to <code>json</code>, <code>GML2</code>, <code>GML3</code>, "
+#| "or <code>csv</code> will get data in those formats. The WFS protocol also can handle more "
+#| "precise queries, specifying a bounding box or various spatial and non-spatial filters "
+#| "based on the attributes of the data.</p>\n"
 #| "\n"
 #| "    <h3>GeoTools Example Code</h3>\n"
-#| "    <p>Create a DataStore and extract a FeatureType from it, then run a "
-#| "Query. It is all documented on the wiki at <code>http://geotools.org/</"
-#| "code>.</p>\n"
+#| "    <p>Create a DataStore and extract a FeatureType from it, then run a Query. It is all "
+#| "documented on the wiki at <code>http://geotools.org/</code>.</p>\n"
 #| "    "
 msgid ""
 "\n"
-"    <p><a href=\"http://geonode.org/\">GeoNode</a> is an open service built "
-"on open source software. We encourage you to build new applications using "
-"the components and resources it provides. This page is a starting point for "
-"developers interesting in taking full advantage of GeoNode. It also includes "
-"links to the project's source code so anyone can build and customize their "
-"own GeoNode. </p>\n"
+"    <p><a href=\"http://geonode.org/\">GeoNode</a> is an open service built on open source "
+"software. We encourage you to build new applications using the components and resources it "
+"provides. This page is a starting point for developers interesting in taking full advantage "
+"of GeoNode. It also includes links to the project's source code so anyone can build and "
+"customize their own GeoNode. </p>\n"
 "\n"
 "    <h3>GeoNode Software</h3>\n"
 "\n"
-"    <p>All the code that runs GeoNode is open source. The code is available "
-"at <a href=\"http://github.com/GeoNode/geonode\">http://github.com/GeoNode/"
-"geonode/</a>. The issue tracker for the project is at <a href=\"http://"
-"github.com/GeoNode/geonode/issues\">http://github.com/GeoNode/geonode/"
-"issues</a>.</p>\n"
+"    <p>All the code that runs GeoNode is open source. The code is available at <a "
+"href=\"http://github.com/GeoNode/geonode\">http://github.com/GeoNode/geonode/</a>. The issue "
+"tracker for the project is at <a href=\"http://github.com/GeoNode/geonode/issues\">http://"
+"github.com/GeoNode/geonode/issues</a>.</p>\n"
 "\n"
-"    <p>GeoNode is built using several open source projects, each with its "
-"own community. If you are interested in contributing new features to the "
-"GeoNode, we encourage you to do so by contributing to one of the projects on "
-"which it is built:</p>\n"
+"    <p>GeoNode is built using several open source projects, each with its own community. If "
+"you are interested in contributing new features to the GeoNode, we encourage you to do so by "
+"contributing to one of the projects on which it is built:</p>\n"
 "    <ul>\n"
-"      <li><a href=\"http://geoserver.org\">GeoServer</a> - Standards based "
-"server for geospatial information</li>\n"
-"      <li><a href=\"http://geowebcache.org\">GeoWebCache</a> - Cache engine "
-"for WMS Tiles</li><li><a href=\"http://openlayers.org\">OpenLayers</a> - "
-"Pure JavaScript library powering the maps of GeoExt</li>\n"
-"      <li><a href=\"http://pycsw.org\">pycsw</a> - CSW, OpenSearch and OAI-"
-"PMH metadata catalogue server</li>\n"
+"      <li><a href=\"http://geoserver.org\">GeoServer</a> - Standards based server for "
+"geospatial information</li>\n"
+"      <li><a href=\"http://geowebcache.org\">GeoWebCache</a> - Cache engine for WMS Tiles</"
+"li><li><a href=\"http://openlayers.org\">OpenLayers</a> - Pure JavaScript library powering "
+"the maps of GeoExt</li>\n"
+"      <li><a href=\"http://pycsw.org\">pycsw</a> - CSW, OpenSearch and OAI-PMH metadata "
+"catalogue server</li>\n"
 "    </ul>\n"
 "\n"
 "    <h3>What are OGC Services?</h3>\n"
-"    <p>The data in this application is served using open standards endorsed "
-"by ISO and the <a href=\"http://opengeospatial.org/\">Open Geospatial "
-"Consortium</a>; in particular, WMS (Web Map Service) is used for accessing "
-"maps, WFS (Web Feature Service) is used for accessing vector data, and WCS "
-"(Web Coverage Service) is used for accessing raster data.  WMC (Web Map "
-"Context Documents) is used for sharing maps. You can use these services in "
-"your own applications using libraries such as OpenLayers, GeoTools, and OGR "
-"(all of which are open-source software and available at zero cost). "
-"Additionally, CSW (Catalog Service for the Web) supports access to "
-"collections of descriptive information (metadata) about data and services.</"
-"p>\n"
+"    <p>The data in this application is served using open standards endorsed by ISO and the "
+"<a href=\"http://opengeospatial.org/\">Open Geospatial Consortium</a>; in particular, WMS "
+"(Web Map Service) is used for accessing maps, WFS (Web Feature Service) is used for "
+"accessing vector data, and WCS (Web Coverage Service) is used for accessing raster data.  "
+"WMC (Web Map Context Documents) is used for sharing maps. You can use these services in your "
+"own applications using libraries such as OpenLayers, GeoTools, and OGR (all of which are "
+"open-source software and available at zero cost). Additionally, CSW (Catalog Service for the "
+"Web) supports access to collections of descriptive information (metadata) about data and "
+"services.</p>\n"
 "\n"
 "    <h3>What is GeoWebCache?</h3>\n"
-"    <p>GeoWebCache provides mapping tiles that are compatible with a number "
-"of mapping engines, including Google Maps, Bing Maps and OpenLayers. All the "
-"data hosted by GeoNode is also available through GeoWebCache. GeoWebCache "
-"improves on WMS by caching data and providing more responsive maps.</p>\n"
+"    <p>GeoWebCache provides mapping tiles that are compatible with a number of mapping "
+"engines, including Google Maps, Bing Maps and OpenLayers. All the data hosted by GeoNode is "
+"also available through GeoWebCache. GeoWebCache improves on WMS by caching data and "
+"providing more responsive maps.</p>\n"
 "\n"
 "    <h3>CSW Example Code</h3>\n"
-"    <p>To interact with GeoNode's CSW you can use any CSW client (QGIS "
-"MetaSearch, GRASS, etc.).  The following example illustrates a simple "
-"invocation using the OWSLib Python package:</p>\n"
+"    <p>To interact with GeoNode's CSW you can use any CSW client (QGIS MetaSearch, GRASS, "
+"etc.).  The following example illustrates a simple invocation using the OWSLib Python "
+"package:</p>\n"
 "    <p><code>from owslib.csw import CatalogueServiceWeb</code></p>\n"
 "    <p><code>from owslib.fes import PropertyIsLike</code></p>\n"
 "    <p><code>csw = CatalogueServiceWeb('%(CATALOGUE_BASE_URL)s')</code></p>\n"
@@ -5539,95 +5210,84 @@ msgid ""
 "\n"
 "    <h3>OpenLayers Example Code</h3>\n"
 "\n"
-"    <p>To include a GeoNode map layer in an OpenLayers map, first find the "
-"name for that layer. This is found in the layer's <code>name</code> field "
-"(not <code>title</code>) of the layer list. For this example, we will use "
-"the Nicaraguan political boundaries background layer, whose name is "
-"<code>risk:nicaragua_admin</code>. Then, create an instance of OpenLayers."
-"Layer.WMS:</p>\n"
-"    <p><code>var geonodeLayer = new OpenLayers.Layer.WMS(\"GeoNode Risk Data"
-"\", \"http://demo.geonode.org/geoserver/wms\",{ layers: \"risk:"
-"nicaragua_admin\" });</code></p>\n"
+"    <p>To include a GeoNode map layer in an OpenLayers map, first find the name for that "
+"layer. This is found in the layer's <code>name</code> field (not <code>title</code>) of the "
+"layer list. For this example, we will use the Nicaraguan political boundaries background "
+"layer, whose name is <code>risk:nicaragua_admin</code>. Then, create an instance of "
+"OpenLayers.Layer.WMS:</p>\n"
+"    <p><code>var geonodeLayer = new OpenLayers.Layer.WMS(\"GeoNode Risk Data\", \"http://"
+"demo.geonode.org/geoserver/wms\",{ layers: \"risk:nicaragua_admin\" });</code></p>\n"
 "\n"
 "    <h3>Google Maps Example Code</h3>\n"
-"    <p>To include a GeoNode map layer in a Google Map, include the dataset "
-"name in the URL template.</p>\n"
-"    <p><code>var tilelayer =  new GTileLayer(null, null, null, "
-"{tileUrlTemplate: 'http://demo.geonode.org/geoserver/gwc/service/gmaps?"
-"layers=risk:nicaragua_admin&#38;zoom={Z}&#38;x={X}&#38;y={Y}', isPng:true, "
-"opacity:0.5 } );</code></p>\n"
+"    <p>To include a GeoNode map layer in a Google Map, include the dataset name in the URL "
+"template.</p>\n"
+"    <p><code>var tilelayer =  new GTileLayer(null, null, null, {tileUrlTemplate: 'http://"
+"demo.geonode.org/geoserver/gwc/service/gmaps?layers=risk:nicaragua_admin&#38;zoom={Z}&#38;"
+"x={X}&#38;y={Y}', isPng:true, opacity:0.5 } );</code></p>\n"
 "\n"
 "    <h3>Shapefile/GeoJSON/GML Output</h3>\n"
-"    <p>To get data from the GeoNode web services use the WFS protocol. For "
-"example, to get the full Nicaraguan admin boundaries use:</p>\n"
-"    <p><code>http://demo.geonode.org/geoserver/wfs?request=GetFeature&#38;"
-"typeName=risk:nicaragua_admin&#38;outputformat=SHAPE-ZIP</code></p>\n"
-"    <p>Changing output format to <code>json</code>, <code>GML2</code>, "
-"<code>GML3</code>, or <code>csv</code> will get data in those formats. The "
-"WFS protocol also can handle more precise queries, specifying a bounding box "
-"or various spatial and non-spatial filters based on the attributes of the "
-"data.</p>\n"
+"    <p>To get data from the GeoNode web services use the WFS protocol. For example, to get "
+"the full Nicaraguan admin boundaries use:</p>\n"
+"    <p><code>http://demo.geonode.org/geoserver/wfs?request=GetFeature&#38;typeName=risk:"
+"nicaragua_admin&#38;outputformat=SHAPE-ZIP</code></p>\n"
+"    <p>Changing output format to <code>json</code>, <code>GML2</code>, <code>GML3</code>, or "
+"<code>csv</code> will get data in those formats. The WFS protocol also can handle more "
+"precise queries, specifying a bounding box or various spatial and non-spatial filters based "
+"on the attributes of the data.</p>\n"
 "\n"
 "    <h3>GeoTools Example Code</h3>\n"
-"    <p>Create a DataStore and extract a FeatureType from it, then run a "
-"Query. It is all documented on the wiki at <code>http://geotools.org/</code>."
-"</p>\n"
+"    <p>Create a DataStore and extract a FeatureType from it, then run a Query. It is all "
+"documented on the wiki at <code>http://geotools.org/</code>.</p>\n"
 "    "
 msgstr ""
 "\n"
-"    <p><a href=\"http://geonode.org/\">GeoNode</a> è un servizio aperto "
-"costruito su software open source. Vi incoraggiamo a costruire nuove "
-"applicazioni utilizzando i componenti e le risorse che fornisce. Questa "
-"pagina è un punto di partenza per gli sviluppatori interessati a trarre il "
-"massimo vantaggio da GeoNode. Include anche link al codice sorgente del "
-"progetto in modo che chiunque possa costruire e personalizzare il proprio "
-"GeoNode. </p>\n"
+"    <p><a href=\"http://geonode.org/\">GeoNode</a> è un servizio aperto costruito su "
+"software open source. Vi incoraggiamo a costruire nuove applicazioni utilizzando i "
+"componenti e le risorse che fornisce. Questa pagina è un punto di partenza per gli "
+"sviluppatori interessati a trarre il massimo vantaggio da GeoNode. Include anche link al "
+"codice sorgente del progetto in modo che chiunque possa costruire e personalizzare il "
+"proprio GeoNode. </p>\n"
 "\n"
 "    <h3>GeoNode Software</h3>\n"
 "\n"
-"    <p>Tutto il codice che esegue GeoNode è open source. Il codice è "
-"disponibile all'indirizzo <a href=\"http://github.com/GeoNode/geonode"
-"\">http://github.com/GeoNode/geonode/</a>. Il issue tracker per il progetto "
-"è disponibile all'indirizzo <a href=\"http://github.com/GeoNode/geonode/"
-"issues\">http://github.com/GeoNode/geonode/issues</a>.</p>\n"
-"    <p>GeoNode è costruito utilizzando diversi progetti open source, ognuno "
-"con la propria comunità. Se siete interessati a contribuire con nuove "
-"funzionalità al GeoNode, vi invitiamo a farlo contribuendo ad uno dei "
-"progetti su cui è costruito:</p>\n"
+"    <p>Tutto il codice che esegue GeoNode è open source. Il codice è disponibile "
+"all'indirizzo <a href=\"http://github.com/GeoNode/geonode\">http://github.com/GeoNode/"
+"geonode/</a>. Il issue tracker per il progetto è disponibile all'indirizzo <a href=\"http://"
+"github.com/GeoNode/geonode/issues\">http://github.com/GeoNode/geonode/issues</a>.</p>\n"
+"    <p>GeoNode è costruito utilizzando diversi progetti open source, ognuno con la propria "
+"comunità. Se siete interessati a contribuire con nuove funzionalità al GeoNode, vi invitiamo "
+"a farlo contribuendo ad uno dei progetti su cui è costruito:</p>\n"
 "    <ul>\n"
-"      <li><a href=\"http://geoserver.org\">GeoServer</a> - Server basato su "
-"standard per informazioni geospaziali</li>\n"
-"      <li><a href=\"http://geowebcache.org\">GeoWebCache</a> - Motore di "
-"cache per WMS Tiles</li><li><a href=\"http://openlayers.org\">OpenLayers</a> "
-"- Pura libreria JavaScript che alimenta le mappe di GeoExt</li>\n"
-"      <li><a href=\"http://pycsw.org\">pycsw</a> - CSW, OpenSearch e OAI-PMH "
-"metadata catalogue server</li>\n"
+"      <li><a href=\"http://geoserver.org\">GeoServer</a> - Server basato su standard per "
+"informazioni geospaziali</li>\n"
+"      <li><a href=\"http://geowebcache.org\">GeoWebCache</a> - Motore di cache per WMS "
+"Tiles</li><li><a href=\"http://openlayers.org\">OpenLayers</a> - Pura libreria JavaScript "
+"che alimenta le mappe di GeoExt</li>\n"
+"      <li><a href=\"http://pycsw.org\">pycsw</a> - CSW, OpenSearch e OAI-PMH metadata "
+"catalogue server</li>\n"
 "    </ul>\n"
 "\n"
 "    <h3>Che cosa sono i servizi OGC? </h3>\n"
-"    <p>I dati in questa applicazione sono serviti utilizzando standard "
-"aperti approvati dall'ISO e dal <a href=\"http://opengeospatial.org/\">Open "
-"Geospatial Consortium</a>; in particolare, il WMS (Web Map Service) è "
-"utilizzato per l'accesso alle mappe, il WFS (Web Feature Service) è "
-"utilizzato per l'accesso ai dati vettoriali, e il WCS (Web Coverage Service) "
-"è utilizzato per l'accesso ai dati raster.  Il WMC (Web Map Context "
-"Documents) viene utilizzato per la condivisione delle mappe. Questi servizi "
-"possono essere utilizzati nelle proprie applicazioni utilizzando librerie "
-"come OpenLayers, GeoTools e OGR (tutti software open-source e disponibili a "
-"costo zero). Inoltre, CSW (Catalog Service for the Web) supporta l'accesso a "
-"raccolte di informazioni descrittive (metadati) su dati e servizi.</p>\n"
+"    <p>I dati in questa applicazione sono serviti utilizzando standard aperti approvati "
+"dall'ISO e dal <a href=\"http://opengeospatial.org/\">Open Geospatial Consortium</a>; in "
+"particolare, il WMS (Web Map Service) è utilizzato per l'accesso alle mappe, il WFS (Web "
+"Feature Service) è utilizzato per l'accesso ai dati vettoriali, e il WCS (Web Coverage "
+"Service) è utilizzato per l'accesso ai dati raster.  Il WMC (Web Map Context Documents) "
+"viene utilizzato per la condivisione delle mappe. Questi servizi possono essere utilizzati "
+"nelle proprie applicazioni utilizzando librerie come OpenLayers, GeoTools e OGR (tutti "
+"software open-source e disponibili a costo zero). Inoltre, CSW (Catalog Service for the Web) "
+"supporta l'accesso a raccolte di informazioni descrittive (metadati) su dati e servizi.</p>\n"
 "\n"
 "    <h3>Che cos'è GeoWebCache?</h3>\n"
-"    <p>GeoWebCache fornisce tiles di mappatura compatibili con una serie di "
-"motori di mappatura, tra cui Google Maps, Bing Maps e OpenLayers. Tutti i "
-"dati ospitati da GeoNode sono disponibili anche attraverso GeoWebCache. "
-"GeoWebCache migliora il WMS mettendo in cache i dati e fornendo mappe più "
-"reattive.</p>\n"
+"    <p>GeoWebCache fornisce tiles di mappatura compatibili con una serie di motori di "
+"mappatura, tra cui Google Maps, Bing Maps e OpenLayers. Tutti i dati ospitati da GeoNode "
+"sono disponibili anche attraverso GeoWebCache. GeoWebCache migliora il WMS mettendo in cache "
+"i dati e fornendo mappe più reattive.</p>\n"
 "\n"
 "    <h3>CSW Codice d'esempio</h3>\n"
-"    <p>Per interagire con il CSW di GeoNode è possibile utilizzare qualsiasi "
-"client CSW (QGIS MetaSearch, GRASS, ecc.).  Il seguente esempio illustra una "
-"semplice invocazione utilizzando il pacchetto Python di OWSLib:</p>\n"
+"    <p>Per interagire con il CSW di GeoNode è possibile utilizzare qualsiasi client CSW "
+"(QGIS MetaSearch, GRASS, ecc.).  Il seguente esempio illustra una semplice invocazione "
+"utilizzando il pacchetto Python di OWSLib:</p>\n"
 "    <p><code>from owslib.csw import CatalogueServiceWeb</code></p>\n"
 "    <p><code>from owslib.fes import PropertyIsLike</code></p>\n"
 "    <p><code>csw = CatalogueServiceWeb('%(CATALOGUE_BASE_URL)s')</code></p>\n"
@@ -5638,39 +5298,33 @@ msgstr ""
 "\n"
 "    <h3>Codice d'esempio OpenLayers</h3>\n"
 "\n"
-"    <p>Per includere un livello di mappa GeoNode in una mappa OpenLayers, "
-"trovare prima il nome di quel livello. Questo si trova nel campo <code>nome</"
-"code> del livello (non <code>titolo</code>) della lista dei livelli. Per "
-"questo esempio, useremo il livello di sfondo dei confini politici del "
-"Nicaragua, il cui nome è <code>risk:nicaragua_admin</code>. Quindi, creare "
-"un'istanza di OpenLayers.Layer.WMS:</p>\n"
-"    <p><code>var geonodeLayer = new OpenLayers.Layer.WMS(\"GeoNode Risk Data"
-"\", \"http://demo.geonode.org/geoserver/wms\",{ strati: \"risk:"
-"nicaragua_admin\" });</code></p>\n"
+"    <p>Per includere un livello di mappa GeoNode in una mappa OpenLayers, trovare prima il "
+"nome di quel livello. Questo si trova nel campo <code>nome</code> del livello (non "
+"<code>titolo</code>) della lista dei livelli. Per questo esempio, useremo il livello di "
+"sfondo dei confini politici del Nicaragua, il cui nome è <code>risk:nicaragua_admin</code>. "
+"Quindi, creare un'istanza di OpenLayers.Layer.WMS:</p>\n"
+"    <p><code>var geonodeLayer = new OpenLayers.Layer.WMS(\"GeoNode Risk Data\", \"http://"
+"demo.geonode.org/geoserver/wms\",{ strati: \"risk:nicaragua_admin\" });</code></p>\n"
 "\n"
 "    <h3>Codice di esempio di Google Maps</h3>\n"
-"    <p>Per includere un livello di mappa GeoNode in una Google Map, "
-"includere il nome del livello nel modello URL.</p>\n"
-"    <p><code>var tilelayer = new GTileLayer(null, null, null, null, "
-"{tileUrlTemplate: 'http://demo.geonode.org/geoserver/gwc/service/gmaps?"
-"layers=risk:nicaragua_admin&#38;zoom={Z}&#38;x={X}&#38;y={Y}', isPng:true, "
-"opacity:0.5 }', isPng:true, opacity:0.5 }. );</code></p>\n"
+"    <p>Per includere un livello di mappa GeoNode in una Google Map, includere il nome del "
+"livello nel modello URL.</p>\n"
+"    <p><code>var tilelayer = new GTileLayer(null, null, null, null, {tileUrlTemplate: "
+"'http://demo.geonode.org/geoserver/gwc/service/gmaps?layers=risk:nicaragua_admin&#38;zoom={Z}"
+"&#38;x={X}&#38;y={Y}', isPng:true, opacity:0.5 }', isPng:true, opacity:0.5 }. );</code></p>\n"
 "\n"
 "    <h3>Formafile/GeoJSON/GML Output</h3>\n"
-"    <p>Per ottenere dati dai servizi web GeoNode utilizzare il protocollo "
-"WFS. Per esempio, per ottenere i confini amministrativi completi del "
-"Nicaragua usare:</p>\n"
-"    <p><code>http://demo.geonode.org/geoserver/wfs?request=GetFeature&#38;"
-"typeName=rischio:nicaragua_admin&#38;outputformat=SHAPE-ZIP</code></p>\n"
-"    <p>Cambiando il formato di uscita in <code>json</code>, <code>GML2</"
-"code>, <code>GML3</code>, o <code>csv</code> si ottengono dati in questi "
-"formati. Il protocollo WFS può anche gestire query più precise, specificando "
-"un bounding box o vari filtri spaziali e non spaziali in base agli attributi "
-"dei dati.</p>\n"
+"    <p>Per ottenere dati dai servizi web GeoNode utilizzare il protocollo WFS. Per esempio, "
+"per ottenere i confini amministrativi completi del Nicaragua usare:</p>\n"
+"    <p><code>http://demo.geonode.org/geoserver/wfs?request=GetFeature&#38;typeName=rischio:"
+"nicaragua_admin&#38;outputformat=SHAPE-ZIP</code></p>\n"
+"    <p>Cambiando il formato di uscita in <code>json</code>, <code>GML2</code>, <code>GML3</"
+"code>, o <code>csv</code> si ottengono dati in questi formati. Il protocollo WFS può anche "
+"gestire query più precise, specificando un bounding box o vari filtri spaziali e non "
+"spaziali in base agli attributi dei dati.</p>\n"
 "    <h3>Codice d'esempio di GeoTools</h3>\n"
-"    <p>Creare un DataStore ed estrarre un FeatureType da esso, quindi "
-"eseguire una query. È tutto documentato sul wiki all'indirizzo <code>http://"
-"geotools.org/</code>.</p>\n"
+"    <p>Creare un DataStore ed estrarre un FeatureType da esso, quindi eseguire una query. È "
+"tutto documentato sul wiki all'indirizzo <code>http://geotools.org/</code>.</p>\n"
 "    "
 
 msgid "GeoNode's Web Services"
@@ -5707,86 +5361,79 @@ msgid "GeoNode Help"
 msgstr "Aiuto su GeoNode"
 
 msgid ""
-"This page provides helpful information about how to use the GeoNode. You can "
-"use the sidebar links to navigate to what you want to know."
+"This page provides helpful information about how to use the GeoNode. You can use the sidebar "
+"links to navigate to what you want to know."
 msgstr ""
-"Questa pagina fornisce informazioni di aiuto sull'utilizzo di GeoNode. Puoi "
-"utilizzare i collegamenti nella barra laterale per ricercare quello che ti "
-"interessa."
+"Questa pagina fornisce informazioni di aiuto sull'utilizzo di GeoNode. Puoi utilizzare i "
+"collegamenti nella barra laterale per ricercare quello che ti interessa."
 
 msgid ""
 "\n"
-"    <p>The GeoNode provides access to data sets and a map editing "
-"application allows users to browse existing maps and contribute their own.</"
-"p>\n"
+"    <p>The GeoNode provides access to data sets and a map editing application allows users "
+"to browse existing maps and contribute their own.</p>\n"
 "\n"
 "    <h4 id=\"browsing-data\">Browsing Layers</h4>\n"
 "    <p>The <a href=\"{{ url_layer_browse }}\">Layers</a> tab allows you to browse data "
 "uploaded to this GeoNode.</p>\n"
-"    <p>All data can be downloaded in a variety of formats, for use in other "
-"applications.</p>\n"
+"    <p>All data can be downloaded in a variety of formats, for use in other applications.</"
+"p>\n"
 "\n"
 "    <h4 id=\"developer-access\">Developer Access</h4>\n"
-"    <p>The <a href=\"{{ url_developer }}\"> Developer</a> page is the place for "
-"developers to get started building applications against the GeoNode. It "
-"includes instructions on using the web services, links to the source code of "
-"the GeoNode, and information about the open source projects used to create "
-"it.</p>\n"
+"    <p>The <a href=\"{{ url_developer }}\"> Developer</a> page is the place for developers "
+"to get started building applications against the GeoNode. It includes instructions on using "
+"the web services, links to the source code of the GeoNode, and information about the open "
+"source projects used to create it.</p>\n"
 "\n"
 "    <h4 id=\"browsing-maps\">Browsing Maps</h4>\n"
-"    <p>The GeoNode allows users to create and share maps with one another.</"
-"p>\n"
+"    <p>The GeoNode allows users to create and share maps with one another.</p>\n"
 "    <p>The <a href=\"{{ url_maps_browse }}\">Maps</a> tab is a gateway to map exploration on "
-"GeoNode.  From here you can <strong>search for a map</strong> or "
-"<strong>create a map</strong>, which will open the <a href=\"{{ url_maps_new }}\">Map "
-"Composer</a>.</p>\n"
+"GeoNode.  From here you can <strong>search for a map</strong> or <strong>create a map</"
+"strong>, which will open the <a href=\"{{ url_maps_new }}\">Map Composer</a>.</p>\n"
 "    <h5>Google Earth Mode</h5>\n"
-"    <p>Any map viewed in the interactive map editor can be seen in 3D mode "
-"with the Google Earth plugin. To switch to 3D mode select the Google Earth "
-"globe logo, the rightmost button on top toolbar. If you do not have the "
-"Google Earth plugin installed you will be prompted to install it.</p>\n"
+"    <p>Any map viewed in the interactive map editor can be seen in 3D mode with the Google "
+"Earth plugin. To switch to 3D mode select the Google Earth globe logo, the rightmost button "
+"on top toolbar. If you do not have the Google Earth plugin installed you will be prompted to "
+"install it.</p>\n"
 "\n"
 "    <h4 id=\"creating-a-map\">Creating a Map</h4>\n"
 "    <p>To create a new map go to the <a href=\"{{ url_maps_browse }}\">Contributed Maps</a> "
 "tab and click the <a href=\"{{ url_maps_new }}\">create your own map</a> link.</p>\n"
-"    <p>This will take you to the <a href=\"{{ url_maps_new }}\">Map Composer</a> with "
-"a base layer loaded.</p>\n"
-"    <p>To add data layers from the GeoNode click on the green plus button "
-"located below the layers tab on the left hand side of the screen. This will "
-"open a dialog listing all the layers available on the GeoNode.</p>\n"
-"    <p>To add layers to your map select them and hit the <strong>Add Layers</"
-"strong> button. When finished you may hit <strong>Done</strong> to close the "
-"dialog and go back to the map.</p>\n"
+"    <p>This will take you to the <a href=\"{{ url_maps_new }}\">Map Composer</a> with a base "
+"layer loaded.</p>\n"
+"    <p>To add data layers from the GeoNode click on the green plus button located below the "
+"layers tab on the left hand side of the screen. This will open a dialog listing all the "
+"layers available on the GeoNode.</p>\n"
+"    <p>To add layers to your map select them and hit the <strong>Add Layers</strong> button. "
+"When finished you may hit <strong>Done</strong> to close the dialog and go back to the map.</"
+"p>\n"
 "\n"
 "    <h5>Reordering and Removing Layers</h5>\n"
-"    <p>Change the display order of the layers listed in the data tab by "
-"simply dragging and dropping their names. The order in the map will be "
-"updated to reflect that. To turn a layer's visibility off simply uncheck it, "
-"and to remove it entirely select it and hit the red minus button.</p>\n"
+"    <p>Change the display order of the layers listed in the data tab by simply dragging and "
+"dropping their names. The order in the map will be updated to reflect that. To turn a "
+"layer's visibility off simply uncheck it, and to remove it entirely select it and hit the "
+"red minus button.</p>\n"
 "\n"
 "    <h5>Saving your map</h5>\n"
-"    <p>Once a suitable set of layers and zoom level has been found it's time "
-"to save it so others can see it.  Click the Save button--the left most icon "
-"on the top toolbar, an image of a map with a disk--on the top menu and fill "
-"out the title and abstract of the map.</p>\n"
+"    <p>Once a suitable set of layers and zoom level has been found it's time to save it so "
+"others can see it.  Click the Save button--the left most icon on the top toolbar, an image "
+"of a map with a disk--on the top menu and fill out the title and abstract of the map.</p>\n"
 "\n"
 "    <h4 id=\"exporting-a-map\">Publishing a Map</h4>\n"
-"    <p>Any map from the GeoNode can be embedded for use in another site or "
-"blog. To publish a map:</p>\n"
+"    <p>Any map from the GeoNode can be embedded for use in another site or blog. To publish "
+"a map:</p>\n"
 "    <ol>\n"
-"      <li>Select the from the list of maps on the community or map page and "
-"then hit the 'Publish map' button.</li>\n"
-"      <li>Choose your desired height and width for the widget in the wizard."
-"</li>\n"
-"      <li>Copy the HTML snippet provided in the wizard to any HTML page or "
-"iFrame-supporting blog post.</li>\n"
+"      <li>Select the from the list of maps on the community or map page and then hit the "
+"'Publish map' button.</li>\n"
+"      <li>Choose your desired height and width for the widget in the wizard.</li>\n"
+"      <li>Copy the HTML snippet provided in the wizard to any HTML page or iFrame-supporting "
+"blog post.</li>\n"
 "    </ol>\n"
-"    <p>This will put an interactive widget showing you map in your web page "
-"or blog post.</p>\n"
-"    <p>Note that the <a href=\"{{ url_maps_new }}\">Map Composer</a> also has a "
-"button to publish the map. Just be sure to save the map before publishing if "
-"there are changes that you want others to see. It publishes the last saved "
-"version, not the last viewed version.</p>\n"
+"    <p>This will put an interactive widget showing you map in your web page or blog post.</"
+"p>\n"
+"    <p>Note that the <a href=\"{{ url_maps_new }}\">Map Composer</a> also has a button to "
+"publish the map. Just be sure to save the map before publishing if there are changes that "
+"you want others to see. It publishes the last saved version, not the last viewed version.</"
+"p>\n"
 "\n"
 "    <h4 id=\"remixing-a-map\">Remixing a Map</h4>\n"
 "    <p>Any map available can serve as a starting point for a new map.</p>\n"
@@ -5794,86 +5441,80 @@ msgid ""
 "      <li>Open the map in the Map Composer.</li>\n"
 "      <li>Add and remove layers as you like.</li>\n"
 "      <li>Pan and zoom to highlight the area of interest.</li>\n"
-"      <li><strong>IMPORTANT:</strong> Update the title, abstract, contact "
-"info and tags to reflect the new map.</li>\n"
+"      <li><strong>IMPORTANT:</strong> Update the title, abstract, contact info and tags to "
+"reflect the new map.</li>\n"
 "      <li>Save the map.</li>\n"
 "    </ol>\n"
-"    <p>You will be able to see your new map when you search for it from the "
-"<a href=\"{{ url_maps_browse }}\">Maps</a> tab.</p>\n"
+"    <p>You will be able to see your new map when you search for it from the <a "
+"href=\"{{ url_maps_browse }}\">Maps</a> tab.</p>\n"
 "    "
 msgstr ""
 "\n"
-"    <p>The GeoNode provides access to data sets and a map editing "
-"application allows users to browse existing maps and contribute their own.</"
-"p>\n"
+"    <p>The GeoNode provides access to data sets and a map editing application allows users "
+"to browse existing maps and contribute their own.</p>\n"
 "\n"
 "    <h4 id=\"browsing-data\">Browsing Layers</h4>\n"
 "    <p>The <a href=\"{{ url_layer_browse }}\">Layers</a> tab allows you to browse data "
 "uploaded to this GeoNode.</p>\n"
-"    <p>All data can be downloaded in a variety of formats, for use in other "
-"applications.</p>\n"
+"    <p>All data can be downloaded in a variety of formats, for use in other applications.</"
+"p>\n"
 "\n"
 "    <h4 id=\"developer-access\">Developer Access</h4>\n"
-"    <p>The <a href=\"{{ url_developer }}\"> Developer</a> page is the place for "
-"developers to get started building applications against the GeoNode. It "
-"includes instructions on using the web services, links to the source code of "
-"the GeoNode, and information about the open source projects used to create "
-"it.</p>\n"
+"    <p>The <a href=\"{{ url_developer }}\"> Developer</a> page is the place for developers "
+"to get started building applications against the GeoNode. It includes instructions on using "
+"the web services, links to the source code of the GeoNode, and information about the open "
+"source projects used to create it.</p>\n"
 "\n"
 "    <h4 id=\"browsing-maps\">Browsing Maps</h4>\n"
-"    <p>The GeoNode allows users to create and share maps with one another.</"
-"p>\n"
+"    <p>The GeoNode allows users to create and share maps with one another.</p>\n"
 "    <p>The <a href=\"{{ url_maps_browse }}\">Maps</a> tab is a gateway to map exploration on "
-"GeoNode.  From here you can <strong>search for a map</strong> or "
-"<strong>create a map</strong>, which will open the <a href=\"{{ url_maps_new }}\">Map "
-"Composer</a>.</p>\n"
+"GeoNode.  From here you can <strong>search for a map</strong> or <strong>create a map</"
+"strong>, which will open the <a href=\"{{ url_maps_new }}\">Map Composer</a>.</p>\n"
 "    <h5>Google Earth Mode</h5>\n"
-"    <p>Any map viewed in the interactive map editor can be seen in 3D mode "
-"with the Google Earth plugin. To switch to 3D mode select the Google Earth "
-"globe logo, the rightmost button on top toolbar. If you do not have the "
-"Google Earth plugin installed you will be prompted to install it.</p>\n"
+"    <p>Any map viewed in the interactive map editor can be seen in 3D mode with the Google "
+"Earth plugin. To switch to 3D mode select the Google Earth globe logo, the rightmost button "
+"on top toolbar. If you do not have the Google Earth plugin installed you will be prompted to "
+"install it.</p>\n"
 "\n"
 "    <h4 id=\"creating-a-map\">Creating a Map</h4>\n"
 "    <p>To create a new map go to the <a href=\"{{ url_maps_browse }}\">Contributed Maps</a> "
 "tab and click the <a href=\"{{ url_maps_new }}\">create your own map</a> link.</p>\n"
-"    <p>This will take you to the <a href=\"{{ url_maps_new }}\">Map Composer</a> with "
-"a base layer loaded.</p>\n"
-"    <p>To add data layers from the GeoNode click on the green plus button "
-"located below the layers tab on the left hand side of the screen. This will "
-"open a dialog listing all the layers available on the GeoNode.</p>\n"
-"    <p>To add layers to your map select them and hit the <strong>Add Layers</"
-"strong> button. When finished you may hit <strong>Done</strong> to close the "
-"dialog and go back to the map.</p>\n"
+"    <p>This will take you to the <a href=\"{{ url_maps_new }}\">Map Composer</a> with a base "
+"layer loaded.</p>\n"
+"    <p>To add data layers from the GeoNode click on the green plus button located below the "
+"layers tab on the left hand side of the screen. This will open a dialog listing all the "
+"layers available on the GeoNode.</p>\n"
+"    <p>To add layers to your map select them and hit the <strong>Add Layers</strong> button. "
+"When finished you may hit <strong>Done</strong> to close the dialog and go back to the map.</"
+"p>\n"
 "\n"
 "    <h5>Reordering and Removing Layers</h5>\n"
-"    <p>Change the display order of the layers listed in the data tab by "
-"simply dragging and dropping their names. The order in the map will be "
-"updated to reflect that. To turn a layer's visibility off simply uncheck it, "
-"and to remove it entirely select it and hit the red minus button.</p>\n"
+"    <p>Change the display order of the layers listed in the data tab by simply dragging and "
+"dropping their names. The order in the map will be updated to reflect that. To turn a "
+"layer's visibility off simply uncheck it, and to remove it entirely select it and hit the "
+"red minus button.</p>\n"
 "\n"
 "    <h5>Saving your map</h5>\n"
-"    <p>Once a suitable set of layers and zoom level has been found it's time "
-"to save it so others can see it.  Click the Save button--the left most icon "
-"on the top toolbar, an image of a map with a disk--on the top menu and fill "
-"out the title and abstract of the map.</p>\n"
+"    <p>Once a suitable set of layers and zoom level has been found it's time to save it so "
+"others can see it.  Click the Save button--the left most icon on the top toolbar, an image "
+"of a map with a disk--on the top menu and fill out the title and abstract of the map.</p>\n"
 "\n"
 "    <h4 id=\"exporting-a-map\">Publishing a Map</h4>\n"
-"    <p>Any map from the GeoNode can be embedded for use in another site or "
-"blog. To publish a map:</p>\n"
+"    <p>Any map from the GeoNode can be embedded for use in another site or blog. To publish "
+"a map:</p>\n"
 "    <ol>\n"
-"      <li>Select the from the list of maps on the community or map page and "
-"then hit the 'Publish map' button.</li>\n"
-"      <li>Choose your desired height and width for the widget in the wizard."
-"</li>\n"
-"      <li>Copy the HTML snippet provided in the wizard to any HTML page or "
-"iFrame-supporting blog post.</li>\n"
+"      <li>Select the from the list of maps on the community or map page and then hit the "
+"'Publish map' button.</li>\n"
+"      <li>Choose your desired height and width for the widget in the wizard.</li>\n"
+"      <li>Copy the HTML snippet provided in the wizard to any HTML page or iFrame-supporting "
+"blog post.</li>\n"
 "    </ol>\n"
-"    <p>This will put an interactive widget showing you map in your web page "
-"or blog post.</p>\n"
-"    <p>Note that the <a href=\"{{ url_maps_new }}\">Map Composer</a> also has a "
-"button to publish the map. Just be sure to save the map before publishing if "
-"there are changes that you want others to see. It publishes the last saved "
-"version, not the last viewed version.</p>\n"
+"    <p>This will put an interactive widget showing you map in your web page or blog post.</"
+"p>\n"
+"    <p>Note that the <a href=\"{{ url_maps_new }}\">Map Composer</a> also has a button to "
+"publish the map. Just be sure to save the map before publishing if there are changes that "
+"you want others to see. It publishes the last saved version, not the last viewed version.</"
+"p>\n"
 "\n"
 "    <h4 id=\"remixing-a-map\">Remixing a Map</h4>\n"
 "    <p>Any map available can serve as a starting point for a new map.</p>\n"
@@ -5881,12 +5522,12 @@ msgstr ""
 "      <li>Open the map in the Map Composer.</li>\n"
 "      <li>Add and remove layers as you like.</li>\n"
 "      <li>Pan and zoom to highlight the area of interest.</li>\n"
-"      <li><strong>IMPORTANT:</strong> Update the title, abstract, contact "
-"info and tags to reflect the new map.</li>\n"
+"      <li><strong>IMPORTANT:</strong> Update the title, abstract, contact info and tags to "
+"reflect the new map.</li>\n"
 "      <li>Save the map.</li>\n"
 "    </ol>\n"
-"    <p>You will be able to see your new map when you search for it from the "
-"<a href=\"{{ url_maps_browse }}\">Maps</a> tab.</p>\n"
+"    <p>You will be able to see your new map when you search for it from the <a "
+"href=\"{{ url_maps_browse }}\">Maps</a> tab.</p>\n"
 "    "
 
 msgid "Sections"
@@ -5923,30 +5564,25 @@ msgid "Advanced Search"
 msgstr "Ricerca Avanzata"
 
 msgid ""
-"Click to search for geospatial data published by other users, organizations "
-"and public sources. Download data in standard formats."
+"Click to search for geospatial data published by other users, organizations and public "
+"sources. Download data in standard formats."
 msgstr ""
-"Clicca per la ricerca di dati geospaziali pubblicati da altri utenti, "
-"organizzazioni e fonti pubbliche. Scaricare i dati in formati standard."
+"Clicca per la ricerca di dati geospaziali pubblicati da altri utenti, organizzazioni e fonti "
+"pubbliche. Scaricare i dati in formati standard."
 
-#, fuzzy
-#| msgid "dataset"
 msgid "Add datasets"
-msgstr "dataset"
+msgstr "Aggiungi dataset"
 
-#, fuzzy
-#| msgid "Explore Layers"
 msgid "Explore datasetss"
-msgstr "Esplora livelli"
+msgstr "Esplora i dataset"
 
 msgid ""
-"Data is available for browsing, aggregating and styling to generate maps "
-"which can be saved, downloaded, shared publicly or restricted to specify "
-"users only."
+"Data is available for browsing, aggregating and styling to generate maps which can be saved, "
+"downloaded, shared publicly or restricted to specify users only."
 msgstr ""
-"I dati sono disponibili per la navigazione, l'aggregazione e lo styling per "
-"generare mappe che possono essere salvate, scaricate, condivise "
-"pubblicamente o limitate per specificare solo gli utenti."
+"I dati sono disponibili per la navigazione, l'aggregazione e lo styling per generare mappe "
+"che possono essere salvate, scaricate, condivise pubblicamente o limitate per specificare "
+"solo gli utenti."
 
 msgid "Create maps"
 msgstr "Creare mappe"
@@ -5955,11 +5591,11 @@ msgid "Explore maps"
 msgstr "Esplora mappe"
 
 msgid ""
-"As for the layers and maps GeoNode allows to publish tabular and text data, "
-"manage their metadata and associated documents."
+"As for the layers and maps GeoNode allows to publish tabular and text data, manage their "
+"metadata and associated documents."
 msgstr ""
-"Per quanto riguarda i livelli e le mappe, GeoNode consente di pubblicare "
-"dati tabulari e di testo, gestirne i metadati e i documenti associati."
+"Per quanto riguarda i livelli e le mappe, GeoNode consente di pubblicare dati tabulari e di "
+"testo, gestirne i metadati e i documenti associati."
 
 msgid "Add documents"
 msgstr "Aggiungi documenti"
@@ -5968,11 +5604,11 @@ msgid "Explore documents"
 msgstr "Esplora documenti"
 
 msgid ""
-"Geonode allows registered users to easily upload geospatial data and various "
-"documents in several formats."
+"Geonode allows registered users to easily upload geospatial data and various documents in "
+"several formats."
 msgstr ""
-"GeoNode permette agli utenti registrati di caricare facilmente i dati "
-"geospaziali e vari documenti in diversi formati."
+"GeoNode permette agli utenti registrati di caricare facilmente i dati geospaziali e vari "
+"documenti in diversi formati."
 
 msgid "See users"
 msgstr "Vedi utenti"
@@ -5997,19 +5633,13 @@ msgid "is inviting you to join (%(site_name)s)."
 msgstr "ti sta invitando a registrati su  (%(site_name)s)."
 
 #, python-format
-msgid ""
-"To do so, please register at <a href=\"%(invite_url)s\">%(site_name)s "
-"Registration</a>."
+msgid "To do so, please register at <a href=\"%(invite_url)s\">%(site_name)s Registration</a>."
 msgstr ""
-"A tale scopo, registrarsi all'indirizzo <a href=\"%(invite_url)s\">"
-"%(site_name)s Registrazione</a>."
+"A tale scopo, registrarsi all'indirizzo <a href=\"%(invite_url)s\">%(site_name)s "
+"Registrazione</a>."
 
-msgid ""
-"Once you receive the confirmation that your account is activated, you can "
-"notify"
-msgstr ""
-"Una volta ricevuta la conferma dell'attivazione dell'account, è possibile "
-"notificare"
+msgid "Once you receive the confirmation that your account is activated, you can notify"
+msgstr "Una volta ricevuta la conferma dell'attivazione dell'account, è possibile notificare"
 
 msgid "that you wish to join her/his group(s) through"
 msgstr "che si desidera unirsi al suo gruppo/i attraverso"
@@ -6018,8 +5648,7 @@ msgid "this link"
 msgstr "questo link"
 
 #, python-format
-msgid ""
-"<strong>%(inviter_name)s</strong> is a member of the following group(s):"
+msgid "<strong>%(inviter_name)s</strong> is a member of the following group(s):"
 msgstr "<strong>%(inviter_name)s</strong> è un membro dei seguenti gruppi:"
 
 msgid "We look forward to seeing you on the platform,"
@@ -6136,11 +5765,9 @@ msgstr "Il tuo account è ora attivo"
 msgid "has requested access to the site."
 msgstr "ha richiesto l'accesso a questo sito."
 
-msgid ""
-"You can enable access by setting the user as active on the admin section"
+msgid "You can enable access by setting the user as active on the admin section"
 msgstr ""
-"Puoi abilitare l'accesso all'utente impostandolo come attivo nella sezione "
-"di Amministrazione"
+"Puoi abilitare l'accesso all'utente impostandolo come attivo nella sezione di Amministrazione"
 
 msgid "A user has requested access to the site"
 msgstr "Un utente ha richiesto l'accesso al sito"
@@ -6176,10 +5803,10 @@ msgid "A document has been uploaded"
 msgstr "Un documento è stato caricato"
 
 msgid "The following document was deleted"
-msgstr "Il seguente documento è stato cancellato"
+msgstr "Il seguente documento è stato eliminato"
 
 msgid "A document has been deleted"
-msgstr "Un documento è stato cancellato"
+msgstr "Un documento è stato eliminato"
 
 msgid "The following document was published"
 msgstr "Il seguente documento è stato pubblicato"
@@ -6314,17 +5941,16 @@ msgid ""
 "\n"
 "        <p class=\"alert alert-warning\">\n"
 "            <span class=\"warning\">Note</span>:\n"
-"            You do not have a verified email address to which notices can be "
-"sent. <a href=\"%(email_url)s\">Add one</a> now.\n"
+"            You do not have a verified email address to which notices can be sent. <a "
+"href=\"%(email_url)s\">Add one</a> now.\n"
 "        </p>\n"
 "        "
 msgstr ""
 "\n"
 "        <p class=\"alert alert-warning\">\n"
 "            <span class=\"warning\">Nota</span>:\n"
-"            Non si dispone di un indirizzo e-mail verificato a cui gli "
-"avvisi possono essere inviati. <a href=\"%(email_url)s\">Aggiungerne uno</a> "
-"now.\n"
+"            Non si dispone di un indirizzo e-mail verificato a cui gli avvisi possono essere "
+"inviati. <a href=\"%(email_url)s\">Aggiungerne uno</a> now.\n"
 "        </p>\n"
 "        "
 
@@ -6334,11 +5960,9 @@ msgstr "Tipo di notifica"
 msgid "requested you to download this resource"
 msgstr "ti ha richiesto di scaricare questa risorsa"
 
-msgid ""
-"Please go to resource page and assign the download permissions if you wish"
+msgid "Please go to resource page and assign the download permissions if you wish"
 msgstr ""
-"Per favore vai alla pagina delle risorse ed assegna i permessi di "
-"scaricamento se desideri"
+"Per favore vai alla pagina delle risorse ed assegna i permessi di scaricamento se desideri"
 
 msgid "A resource's download has been requested"
 msgstr "Richiesto lo scaricamento di una risorsa"
@@ -6419,16 +6043,13 @@ msgstr "Selezione"
 
 msgid "No list items selected. Use the selection fields to add."
 msgstr ""
-"Nessun elemento selezionato. Usare i pulsanti di selezione per aggiungere "
-"gli elementi."
+"Nessun elemento selezionato. Usare i pulsanti di selezione per aggiungere gli elementi."
 
 msgid "Filters"
 msgstr "Filtri"
 
-#, fuzzy
-#| msgid "Layers found"
 msgid "Datasets found"
-msgstr "Livelli trovati"
+msgstr "Dataset trovati"
 
 msgid "Maps found"
 msgstr "Mappe trovate"
@@ -6466,10 +6087,8 @@ msgstr "Più popolari"
 msgid "Text"
 msgstr "Testo"
 
-#, fuzzy
-#| msgid "Share This"
 msgid "Share This Dataset"
-msgstr "Condividi"
+msgstr "Condividi questo dataset"
 
 msgid "Share This"
 msgstr "Condividi"
@@ -6477,11 +6096,10 @@ msgstr "Condividi"
 msgid "Social Network Login Failure"
 msgstr "Errore di accesso al social network"
 
-msgid ""
-"An error occurred while attempting to login via your social network account."
+msgid "An error occurred while attempting to login via your social network account."
 msgstr ""
-"Si è verificato un errore durante il tentativo di accesso tramite l'account "
-"del social network."
+"Si è verificato un errore durante il tentativo di accesso tramite l'account del social "
+"network."
 
 msgid "Code"
 msgstr "Codice"
@@ -6493,16 +6111,14 @@ msgid "Account Connections"
 msgstr "Connessioni account"
 
 msgid ""
-"You can sign in to your account using any of the following already connected "
-"third party accounts:"
+"You can sign in to your account using any of the following already connected third party "
+"accounts:"
 msgstr ""
-"Puoi accedere al tuo account utilizzando uno dei seguenti account di terze "
-"parti già connessi:"
+"Puoi accedere al tuo account utilizzando uno dei seguenti account di terze parti già "
+"connessi:"
 
-msgid ""
-"You currently have no social network accounts connected to this account."
-msgstr ""
-"Al momento non hai account di social network connessi a questo account."
+msgid "You currently have no social network accounts connected to this account."
+msgstr "Al momento non hai account di social network connessi a questo account."
 
 msgid "Add a 3rd Party Account"
 msgstr "Aggiungere un account di terze parti"
@@ -6512,13 +6128,12 @@ msgstr "Accesso annullato"
 
 #, python-format
 msgid ""
-"You decided to cancel logging in to our site using one of your existing "
-"accounts. If this was a mistake, please proceed to <a href=\"%(login_url)s"
-"\">sign in</a>."
+"You decided to cancel logging in to our site using one of your existing accounts. If this "
+"was a mistake, please proceed to <a href=\"%(login_url)s\">sign in</a>."
 msgstr ""
-"Hai deciso di annullare l'accesso al nostro sito utilizzando uno dei tuoi "
-"account esistenti. Se questo è stato un errore, si prega di procedere per <a "
-"href=\"%(login_url)s\">accedere</a>."
+"Hai deciso di annullare l'accesso al nostro sito utilizzando uno dei tuoi account esistenti. "
+"Se questo è stato un errore, si prega di procedere per <a href=\"%(login_url)s\">accedere</"
+"a>."
 
 msgid "Signup"
 msgstr "Registrati"
@@ -6598,9 +6213,7 @@ msgid "Check this if the jumbotron background image already contains text"
 msgstr "Verificare se l'immagine di sfondo jumbotron contiene già testo"
 
 msgid "Disabling this slide will hide it from the slide show"
-msgstr ""
-"Se si disattiva questa diapositiva, questa verrà nascondeta dalla "
-"presentazione"
+msgstr "Se si disattiva questa diapositiva, questa verrà nascondeta dalla presentazione"
 
 msgid "Choose between using jumbotron background and slide show"
 msgstr "Scegliere tra l'utilizzo dello sfondo jumbotron e della presentazione"
@@ -6611,19 +6224,11 @@ msgstr "Contenuto"
 msgid "Could not access to uploaded data."
 msgstr "Impossibile accedere ai dati caricati."
 
-msgid ""
-"One or more XML files was provided, but no matching files were found for "
-"them."
-msgstr ""
-"È stato fornito uno o più file XML, ma non sono stati trovati file "
-"corrispondenti."
+msgid "One or more XML files was provided, but no matching files were found for them."
+msgstr "È stato fornito uno o più file XML, ma non sono stati trovati file corrispondenti."
 
-msgid ""
-"One or more SLD files was provided, but no matching files were found for "
-"them."
-msgstr ""
-"È stato fornito uno o più file SLD, ma non sono stati trovati file "
-"corrispondenti."
+msgid "One or more SLD files was provided, but no matching files were found for them."
+msgstr "È stato fornito uno o più file SLD, ma non sono stati trovati file corrispondenti."
 
 msgid "Layer already exists"
 msgstr "Il livello esiste già"
@@ -6644,8 +6249,7 @@ msgstr "Previsto per trovare il livello denominato '{name}' nel geoserver"
 msgid "Exception occurred while parsing the provided Metadata file."
 msgstr "Eccezione durante l'analisi del file di metadati fornito."
 
-msgid ""
-"The UUID identifier from the XML Metadata is already in use in this system."
+msgid "The UUID identifier from the XML Metadata is already in use in this system."
 msgstr "L'identificatore UUID dei metadati XML è già in uso in questo sistema."
 
 msgid "Error configuring Layer"
@@ -6655,9 +6259,7 @@ msgid "Invalid zip file detected"
 msgstr "Rilevato file zip non valido"
 
 msgid "Could not find any valid spatial file inside the uploaded zip"
-msgstr ""
-"Impossibile trovare alcun file spaziale valido all'interno del file zip "
-"caricato"
+msgstr "Impossibile trovare alcun file spaziale valido all'interno del file zip caricato"
 
 msgid "Invalid kmz file detected"
 msgstr "Rilevato file kmz non valido"
@@ -6680,12 +6282,8 @@ msgstr "È consentito un solo file kml per file zip"
 msgid "Only one kml file per kmz is allowed"
 msgstr "È consentito un solo file kml per kmz"
 
-msgid ""
-"You are trying to upload multiple GeoTIFFs without a valid 'indexer."
-"properties' file."
-msgstr ""
-"Si sta tentando di caricare più GeoTIFF senza un file 'indexer.properties' "
-"valido."
+msgid "You are trying to upload multiple GeoTIFFs without a valid 'indexer.properties' file."
+msgstr "Si sta tentando di caricare più GeoTIFF senza un file 'indexer.properties' valido."
 
 msgid "Only one raster file per ZIP is allowed"
 msgstr "È consentito un solo file raster per file zip"
@@ -6693,11 +6291,9 @@ msgstr "È consentito un solo file raster per file zip"
 msgid "No multiple rasters allowed"
 msgstr "Non sono consentiti più raster"
 
-msgid ""
-"To support the time step, you must enable the OGC_SERVER DATASTORE option"
+msgid "To support the time step, you must enable the OGC_SERVER DATASTORE option"
 msgstr ""
-"Per supportare il passaggio temporale, è necessario attivare l'opzione "
-"OGC_SERVER DATASTORE"
+"Per supportare il passaggio temporale, è necessario attivare l'opzione OGC_SERVER DATASTORE"
 
 #, python-brace-format
 msgid "Unsupported file type: {e.message}"
@@ -6757,9 +6353,7 @@ msgstr "Permesso negato"
 #~ msgstr "Carica livello"
 
 #~ msgid "You are attempting to replace a vector layer with an unknown format."
-#~ msgstr ""
-#~ "Stai tentando di sostituire un livello vettoriale con un formato "
-#~ "sconosiuto."
+#~ msgstr "Stai tentando di sostituire un livello vettoriale con un formato sconosiuto."
 
 #~ msgid "Failed to upload the layer"
 #~ msgstr "Impossibile caricare il livello"

From b40d44d872a060a6d8321ee56b596a9b18a7c8a8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Jul 2023 12:51:35 +0200
Subject: [PATCH 089/330] Bump pip from 23.2 to 23.2.1 (#11286)

* Bump pip from 23.2 to 23.2.1

Bumps [pip](https://github.com/pypa/pip) from 23.2 to 23.2.1.
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](https://github.com/pypa/pip/compare/23.2...23.2.1)

---
updated-dependencies:
- dependency-name: pip
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Aligining "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index a9d73c1d309..ecea10b78ba 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -160,7 +160,7 @@ splinter==0.19.0
 pytest-splinter==3.3.2
 pytest-django==4.5.2
 setuptools>=59.1.1,<68.1.0
-pip==23.2
+pip==23.2.1
 Twisted==22.10.0
 pixelmatch==0.3.0
 factory-boy==3.3.0
diff --git a/setup.cfg b/setup.cfg
index 3bbf22b9465..557414bae72 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -185,7 +185,7 @@ install_requires =
     pytest-splinter==3.3.2
     pytest-django==4.5.2
     setuptools>=59.1.1,<68.1.0
-    pip==23.2
+    pip==23.2.1
     Twisted==22.10.0
     pixelmatch==0.3.0
     factory-boy==3.3.0

From 8744d3c0042a6e004d3362d54925a0cfe1c9e12f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Jul 2023 12:51:52 +0200
Subject: [PATCH 090/330] Bump gunicorn from 21.1.0 to 21.2.0 (#11290)

* Bump gunicorn from 21.1.0 to 21.2.0

Bumps [gunicorn](https://github.com/benoitc/gunicorn) from 21.1.0 to 21.2.0.
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](https://github.com/benoitc/gunicorn/compare/21.1.0...21.2.0)

---
updated-dependencies:
- dependency-name: gunicorn
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Aligining "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index ecea10b78ba..91ffa8bd8e0 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -144,7 +144,7 @@ pycountry
 
 # production
 uWSGI==2.0.21
-gunicorn==21.1.0
+gunicorn==21.2.0
 ipython==8.14.0
 docker==6.1.3
 invoke==2.2.0
diff --git a/setup.cfg b/setup.cfg
index 557414bae72..5627f5b4574 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -169,7 +169,7 @@ install_requires =
 
     # production
     uWSGI==2.0.21
-    gunicorn==21.1.0
+    gunicorn==21.2.0
     ipython==8.14.0
     docker==6.1.3
     invoke==2.2.0

From a0e88e90337ef25cb9adc56db0fdf3562e1c3759 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Jul 2023 12:52:08 +0200
Subject: [PATCH 091/330] Bump drf-spectacular from 0.26.3 to 0.26.4 (#11289)

* Bump drf-spectacular from 0.26.3 to 0.26.4

Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.26.3 to 0.26.4.
- [Release notes](https://github.com/tfranzel/drf-spectacular/releases)
- [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tfranzel/drf-spectacular/compare/0.26.3...0.26.4)

---
updated-dependencies:
- dependency-name: drf-spectacular
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Aligining "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 91ffa8bd8e0..ea943007e75 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -80,7 +80,7 @@ djangorestframework-gis==1.0
 djangorestframework-guardian==0.3.0
 drf-extensions==0.7.1
 drf-writable-nested==0.7.0
-drf-spectacular==0.26.3
+drf-spectacular==0.26.4
 dynamic-rest==2.1.2
 Markdown==3.4.3
 
diff --git a/setup.cfg b/setup.cfg
index 5627f5b4574..c197c9aa0a2 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -106,7 +106,7 @@ install_requires =
     djangorestframework-guardian==0.3.0
     drf-extensions==0.7.1
     drf-writable-nested==0.7.0
-    drf-spectacular==0.26.3
+    drf-spectacular==0.26.4
     dynamic-rest==2.1.2
     Markdown==3.4.3
 

From a2d0981bce1f1a30ad5bf6df457f21b696c4f49f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Jul 2023 12:52:24 +0200
Subject: [PATCH 092/330] Bump webdriver-manager from 3.8.6 to 3.9.1 (#11288)

* Bump webdriver-manager from 3.8.6 to 3.9.1

Bumps [webdriver-manager](https://github.com/SergeyPirogov/webdriver_manager) from 3.8.6 to 3.9.1.
- [Release notes](https://github.com/SergeyPirogov/webdriver_manager/releases)
- [Changelog](https://github.com/SergeyPirogov/webdriver_manager/blob/master/CHANGELOG.md)
- [Commits](https://github.com/SergeyPirogov/webdriver_manager/compare/v3.8.6...v3.9.1)

---
updated-dependencies:
- dependency-name: webdriver-manager
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Aligining "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index ea943007e75..5fc7074cac2 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -167,7 +167,7 @@ factory-boy==3.3.0
 flaky==3.7.0
 selenium>=4.1.0,<5.0.0
 selenium-requests==2.0.3
-webdriver_manager==3.8.6
+webdriver_manager==3.9.1
 
 # Security and audit
 mistune==3.0.1
diff --git a/setup.cfg b/setup.cfg
index c197c9aa0a2..908a2277867 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -192,7 +192,7 @@ install_requires =
     flaky==3.7.0
     selenium>=4.1.0,<5.0.0
     selenium-requests==2.0.3
-    webdriver_manager==3.8.6
+    webdriver_manager==3.9.1
 
     # Security and audit
     mistune==3.0.1

From d2f5d3df5436d0f49c870db85bf1088a5734e2df Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Jul 2023 12:52:41 +0200
Subject: [PATCH 093/330] Bump boto3 from 1.28.5 to 1.28.9 (#11287)

* Bump boto3 from 1.28.5 to 1.28.9

Bumps [boto3](https://github.com/boto/boto3) from 1.28.5 to 1.28.9.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.28.5...1.28.9)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Aligining "setup.cfg" to "requirements.txt"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 5fc7074cac2..32be7fdb44d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -113,7 +113,7 @@ django-storages==1.13.2
 dropbox==11.36.2
 google-cloud-storage==2.10.0
 google-cloud-core==2.3.3
-boto3==1.28.5
+boto3==1.28.9
 
 # Django Caches
 python-memcached<=1.59
diff --git a/setup.cfg b/setup.cfg
index 908a2277867..f39b8c3d7b8 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -138,7 +138,7 @@ install_requires =
     dropbox==11.36.2
     google-cloud-storage==2.10.0
     google-cloud-core==2.3.3
-    boto3==1.28.5
+    boto3==1.28.9
 
     # Django Caches
     python-memcached<=1.59

From 1b0abd9e1f8c5485ed943e8aee79cf4badf7cb57 Mon Sep 17 00:00:00 2001
From: etj <etj@geo-solutions.it>
Date: Tue, 25 Jul 2023 12:37:05 +0200
Subject: [PATCH 094/330] [Fixes #11265] Change the WMS URL to a more generic
 OWS URL

---
 geonode/geoserver/helpers.py            | 2 +-
 geonode/geoserver/tests/test_helpers.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/geonode/geoserver/helpers.py b/geonode/geoserver/helpers.py
index d04fb3e12ff..c5d4742b6cd 100755
--- a/geonode/geoserver/helpers.py
+++ b/geonode/geoserver/helpers.py
@@ -2287,7 +2287,7 @@ def get_dataset_capabilities_url(layer, version="1.3.0", access_token=None):
     workspace_layername = layer.alternate.split(":") if ":" in layer.alternate else ("", layer.alternate)
     wms_url = settings.GEOSERVER_PUBLIC_LOCATION
     if not layer.remote_service:
-        wms_url = f"{wms_url}{'/'.join(workspace_layername)}/wms?service=wms&version={version}&request=GetCapabilities"  # noqa
+        wms_url = f"{wms_url}{'/'.join(workspace_layername)}/ows?service=wms&version={version}&request=GetCapabilities"  # noqa
         if access_token:
             wms_url += f"&access_token={access_token}"
     else:
diff --git a/geonode/geoserver/tests/test_helpers.py b/geonode/geoserver/tests/test_helpers.py
index 80a0823bf32..9c71711511a 100644
--- a/geonode/geoserver/tests/test_helpers.py
+++ b/geonode/geoserver/tests/test_helpers.py
@@ -292,6 +292,6 @@ def test_dataset_capabilties_url(self):
         ows_url = settings.GEOSERVER_PUBLIC_LOCATION
         identifier = "geonode:CA"
         dataset = Dataset.objects.get(alternate=identifier)
-        expected_url = f"{ows_url}geonode/CA/wms?service=wms&version=1.3.0&request=GetCapabilities"
+        expected_url = f"{ows_url}geonode/CA/ows?service=wms&version=1.3.0&request=GetCapabilities"
         capabilities_url = get_dataset_capabilities_url(dataset)
         self.assertEqual(capabilities_url, expected_url, capabilities_url)

From 1ae4d1200b4384c184734e1c7f0e75f36ce824d2 Mon Sep 17 00:00:00 2001
From: etj <etj@geo-solutions.it>
Date: Mon, 17 Jul 2023 18:55:40 +0200
Subject: [PATCH 095/330] [Fixes #11262] Faceting: improvement: include count 0
 topics

---
 geonode/facets/models.py              |  10 +-
 geonode/facets/providers/baseinfo.py  |   4 +
 geonode/facets/providers/category.py  |  21 +++-
 geonode/facets/providers/keyword.py   |   6 +
 geonode/facets/providers/region.py    |  19 ++-
 geonode/facets/providers/thesaurus.py |   5 +
 geonode/facets/providers/users.py     |  19 ++-
 geonode/facets/tests.py               | 164 +++++++++++++++++++++++---
 geonode/facets/views.py               |  19 ++-
 9 files changed, 236 insertions(+), 31 deletions(-)

diff --git a/geonode/facets/models.py b/geonode/facets/models.py
index 1b7f9964f7b..0270720e346 100644
--- a/geonode/facets/models.py
+++ b/geonode/facets/models.py
@@ -71,7 +71,14 @@ def get_info(self, lang="en", **kwargs) -> dict:
         pass
 
     def get_facet_items(
-        self, queryset, start: int = 0, end: int = DEFAULT_FACET_PAGE_SIZE, lang="en", topic_contains: str = None
+        self,
+        queryset,
+        start: int = 0,
+        end: int = DEFAULT_FACET_PAGE_SIZE,
+        lang="en",
+        topic_contains: str = None,
+        keys: set = {},
+        **kwargs,
     ) -> (int, list):
         """
         Return the items of the facets, in a tuple:
@@ -87,6 +94,7 @@ def get_facet_items(
         :param end: int: pagination, the index of the last returned item
         :param lang: the preferred language for the labels
         :param topic_contains: only returns matching topics
+        :param keys: only returns topics with given keys, even if their count is 0
         :return: a tuple int:total count of record, list of items
         """
         pass
diff --git a/geonode/facets/providers/baseinfo.py b/geonode/facets/providers/baseinfo.py
index 7a3ee9b1ffb..f81e7583c66 100644
--- a/geonode/facets/providers/baseinfo.py
+++ b/geonode/facets/providers/baseinfo.py
@@ -52,6 +52,8 @@ def get_facet_items(
         end: int = DEFAULT_FACET_PAGE_SIZE,
         lang="en",
         topic_contains: str = None,
+        keys: set = {},
+        **kwargs,
     ) -> (int, list):
         logger.debug("Retrieving facets for %s", self.name)
 
@@ -120,6 +122,8 @@ def get_facet_items(
         end: int = DEFAULT_FACET_PAGE_SIZE,
         lang="en",
         topic_contains: str = None,
+        keys: set = {},
+        **kwargs,
     ) -> (int, list):
         logger.debug("Retrieving facets for %s", self.name)
 
diff --git a/geonode/facets/providers/category.py b/geonode/facets/providers/category.py
index 9e027dec1e9..28b27749bbf 100644
--- a/geonode/facets/providers/category.py
+++ b/geonode/facets/providers/category.py
@@ -52,15 +52,26 @@ def get_facet_items(
         end: int = DEFAULT_FACET_PAGE_SIZE,
         lang="en",
         topic_contains: str = None,
+        keys: set = {},
+        **kwargs,
     ) -> (int, list):
         logger.debug("Retrieving facets for %s", self.name)
 
-        q = queryset.values("category__identifier", "category__gn_description", "category__fa_class").filter(
-            category__isnull=False
-        )
+        filters = {"category__isnull": False}
+
         if topic_contains:
-            q = q.filter(category__gn_description=topic_contains)
-        q = q.annotate(count=Count("owner")).order_by("-count")
+            filters["category__gn_description"] = topic_contains
+
+        if keys:
+            logger.debug("Filtering by keys %r", keys)
+            filters["category__identifier__in"] = keys
+
+        q = (
+            queryset.values("category__identifier", "category__gn_description", "category__fa_class")
+            .filter(**filters)
+            .annotate(count=Count("owner"))
+            .order_by("-count")
+        )
 
         cnt = q.count()
 
diff --git a/geonode/facets/providers/keyword.py b/geonode/facets/providers/keyword.py
index 4d377538a2d..ce9e5f6f8f9 100644
--- a/geonode/facets/providers/keyword.py
+++ b/geonode/facets/providers/keyword.py
@@ -52,6 +52,8 @@ def get_facet_items(
         end: int = DEFAULT_FACET_PAGE_SIZE,
         lang="en",
         topic_contains: str = None,
+        keys: set = {},
+        **kwargs,
     ) -> (int, list):
         logger.debug("Retrieving facets for %s", self.name)
 
@@ -59,6 +61,10 @@ def get_facet_items(
         if topic_contains:
             filters["keywords__name__icontains"] = topic_contains
 
+        if keys:
+            logger.debug("Filtering by keys %r", keys)
+            filters["keywords__slug__in"] = keys
+
         q = (
             queryset.filter(**filters)
             .values("keywords__slug", "keywords__name")
diff --git a/geonode/facets/providers/region.py b/geonode/facets/providers/region.py
index a4935d35468..c40138e58bb 100644
--- a/geonode/facets/providers/region.py
+++ b/geonode/facets/providers/region.py
@@ -52,13 +52,26 @@ def get_facet_items(
         end: int = DEFAULT_FACET_PAGE_SIZE,
         lang="en",
         topic_contains: str = None,
+        keys: set = {},
+        **kwargs,
     ) -> (int, list):
         logger.debug("Retrieving facets for %s", self.name)
 
-        q = queryset.filter(regions__isnull=False).values("regions__code", "regions__name")
+        filters = {"regions__isnull": False}
+
         if topic_contains:
-            q = q.filter(regions__name=topic_contains)
-        q = q.annotate(count=Count("regions__code")).order_by("-count")
+            filters["regions__name"] = topic_contains
+
+        if keys:
+            logger.debug("Filtering by keys %r", keys)
+            filters["regions__code__in"] = keys
+
+        q = (
+            queryset.filter(**filters)
+            .values("regions__code", "regions__name")
+            .annotate(count=Count("regions__code"))
+            .order_by("-count")
+        )
 
         cnt = q.count()
 
diff --git a/geonode/facets/providers/thesaurus.py b/geonode/facets/providers/thesaurus.py
index 91823f00ac4..bb40f455924 100644
--- a/geonode/facets/providers/thesaurus.py
+++ b/geonode/facets/providers/thesaurus.py
@@ -62,6 +62,7 @@ def get_facet_items(
         end: int = DEFAULT_FACET_PAGE_SIZE,
         lang="en",
         topic_contains: str = None,
+        keys: set = {},
         **kwargs,
     ) -> (int, list):
         logger.debug("Retrieving facets for %s", self._name)
@@ -73,6 +74,10 @@ def get_facet_items(
         if topic_contains:
             filter["tkeywords__keyword__label__icontains"] = topic_contains
 
+        if keys:
+            logger.debug("Filtering by keys %r\n", keys)
+            filter["tkeywords__in"] = keys
+
         q = (
             queryset.filter(**filter)
             .values("tkeywords", "tkeywords__alt_label")
diff --git a/geonode/facets/providers/users.py b/geonode/facets/providers/users.py
index 80e47c50952..cf2a52cd9ba 100644
--- a/geonode/facets/providers/users.py
+++ b/geonode/facets/providers/users.py
@@ -52,13 +52,26 @@ def get_facet_items(
         end: int = DEFAULT_FACET_PAGE_SIZE,
         lang="en",
         topic_contains: str = None,
+        keys: set = {},
+        **kwargs,
     ) -> (int, list):
         logger.debug("Retrieving facets for OWNER")
 
-        q = queryset.values("owner", "owner__username")
+        filters = dict()
+
         if topic_contains:
-            q = q.filter(owner__username__icontains=topic_contains)
-        q = q.annotate(count=Count("owner")).order_by("-count")
+            filters["owner__username__icontains"] = topic_contains
+
+        if keys:
+            logger.debug("Filtering by keys %r", keys)
+            filters["owner__in"] = keys
+
+        q = (
+            queryset.values("owner", "owner__username")
+            .filter(**filters)
+            .annotate(count=Count("owner"))
+            .order_by("-count")
+        )
 
         cnt = q.count()
 
diff --git a/geonode/facets/tests.py b/geonode/facets/tests.py
index 127ada7cd7a..cf05e1e3734 100644
--- a/geonode/facets/tests.py
+++ b/geonode/facets/tests.py
@@ -27,9 +27,20 @@
 from django.test import RequestFactory
 from django.urls import reverse
 
-from geonode.base.models import Thesaurus, ThesaurusLabel, ThesaurusKeyword, ThesaurusKeywordLabel, ResourceBase, Region
+from geonode.base.models import (
+    Thesaurus,
+    ThesaurusLabel,
+    ThesaurusKeyword,
+    ThesaurusKeywordLabel,
+    ResourceBase,
+    Region,
+    TopicCategory,
+    HierarchicalKeyword,
+)
 from geonode.facets.models import facet_registry
 from geonode.facets.providers.baseinfo import FeaturedFacetProvider
+from geonode.facets.providers.category import CategoryFacetProvider
+from geonode.facets.providers.keyword import KeywordFacetProvider
 from geonode.facets.providers.region import RegionFacetProvider
 from geonode.tests.base import GeoNodeBaseTestSupport
 import geonode.facets.views as views
@@ -48,6 +59,8 @@ def setUpClass(cls):
 
         cls._create_thesauri()
         cls._create_regions()
+        cls._create_categories()
+        cls._create_keywords()
         cls._create_resources()
         cls.rf = RequestFactory()
 
@@ -98,6 +111,28 @@ def _create_regions(cls):
         ):
             cls.regions[code] = Region.objects.create(code=code, name=name)
 
+    @classmethod
+    def _create_categories(cls):
+        cls.cats = {}
+
+        for code, name in (
+            ("C0", "Cat0"),
+            ("C1", "Cat1"),
+            ("C2", "Cat2"),
+        ):
+            cls.cats[code] = TopicCategory.objects.create(identifier=code, description=name, gn_description=name)
+
+    @classmethod
+    def _create_keywords(cls):
+        cls.kw = {}
+
+        for code, name in (
+            ("K0", "Keyword0"),
+            ("K1", "Keyword1"),
+            ("K2", "Keyword2"),
+        ):
+            cls.kw[code] = HierarchicalKeyword.objects.create(slug=code, name=name)
+
     @classmethod
     def _create_resources(self):
         public_perm_spec = {"users": {"AnonymousUser": ["view_resourcebase"]}, "groups": []}
@@ -115,12 +150,12 @@ def _create_resources(self):
 
             # These are the assigned keywords to the Resources
 
-            # RB00 ->            T1K0          R0,R1   FEAT
-            # RB01 ->  T0K0      T1K0          R0      FEAT
-            # RB02 ->            T1K0          R1      FEAT
-            # RB03 ->  T0K0      T1K0
-            # RB04 ->            T1K0
-            # RB05 ->  T0K0      T1K0
+            # RB00 ->            T1K0          R0,R1   FEAT  K0      C0
+            # RB01 ->  T0K0      T1K0          R0      FEAT  K1
+            # RB02 ->            T1K0          R1      FEAT  K2      C0
+            # RB03 ->  T0K0      T1K0                        K0
+            # RB04 ->            T1K0                        K0,K1   C0
+            # RB05 ->  T0K0      T1K0                        K0,K2   C1
             # RB06 ->            T1K0                  FEAT
             # RB07 ->  T0K0      T1K0                  FEAT
             # RB08 ->            T1K0 T1K1     R1      FEAT
@@ -130,11 +165,11 @@ def _create_resources(self):
             # RB12 ->                 T1K1             FEAT
             # RB13 ->  T0K0 T0K1               R1      FEAT
             # RB14 ->                                  FEAT
-            # RB15 ->  T0K0 T0K1
-            # RB16 ->
+            # RB15 ->  T0K0 T0K1                                     C1
+            # RB16 ->                                                C1
             # RB17 ->  T0K0 T0K1
-            # RB18 ->                                  FEAT
-            # RB19 ->  T0K0 T0K1                       FEAT
+            # RB18 ->                                  FEAT          C2
+            # RB19 ->  T0K0 T0K1                       FEAT          C2
 
             if x % 2 == 1:
                 logger.debug(f"ADDING KEYWORDS {self.thesauri_k['0_0']} to RB {d}")
@@ -147,13 +182,33 @@ def _create_resources(self):
                 d.tkeywords.add(self.thesauri_k["1_0"])
             if 7 < x < 13:
                 d.tkeywords.add(self.thesauri_k["1_1"])
-            if x in (0, 1):
-                d.regions.add(self.regions["R0"])
-            if x in (0, 2, 8, 13):
-                d.regions.add(self.regions["R1"])
+
             if (x % 6) in (0, 1, 2):
                 d.featured = True
 
+            for reg, idx in (
+                ("R0", (0, 1)),
+                ("R1", (0, 2, 8, 13)),
+            ):
+                if x in idx:
+                    d.regions.add(self.regions[reg])
+
+            for kw, idx in (
+                ("K0", (0, 3, 4, 5)),
+                ("K1", [1, 4]),
+                ("K2", [2, 5]),
+            ):
+                if x in idx:
+                    d.keywords.add(self.kw[kw])
+
+            for cat, idx in (
+                ("C0", [0, 2, 4]),
+                ("C1", [5, 15, 16]),
+                ("C2", [18, 19]),
+            ):
+                if x in idx:
+                    d.category = self.cats[cat]
+
             d.save()
             d.set_permissions(public_perm_spec)
 
@@ -193,7 +248,23 @@ def test_facets_rich(self):
             {
                 "name": "category",
                 "topics": {
-                    "total": 0,
+                    "total": 3,
+                    "items": [
+                        {"label": "Cat0", "count": 3},
+                        {"label": "Cat1", "count": 3},
+                        {"label": "Cat2", "count": 2},
+                    ],
+                },
+            },
+            {
+                "name": "keyword",
+                "topics": {
+                    "total": 3,
+                    "items": [
+                        {"label": "Keyword0", "count": 4},
+                        {"label": "Keyword1", "count": 2},
+                        {"label": "Keyword2", "count": 2},
+                    ],
                 },
             },
             {
@@ -306,7 +377,7 @@ def test_bad_lang(self):
     def test_topics(self):
         for facet, keys, exp in (
             ("t_0", [self.thesauri_k["0_0"].id, self.thesauri_k["0_1"].id, -999], 2),
-            ("category", ["C1", "C2", "nomatch"], 0),
+            ("category", ["C1", "C2", "nomatch"], 2),
             ("owner", [self.user.id, -100], 1),
             ("region", ["R0", "R1", "nomatch"], 2),
         ):
@@ -409,6 +480,65 @@ def test_config(self):
             else:
                 self.assertEqual(order, conf["order"], "Unexpected order")
 
+    def test_count0(self):
+        reginfo = RegionFacetProvider().get_info()
+        regfilter = reginfo["filter"]
+        regname = reginfo["name"]
+
+        catinfo = CategoryFacetProvider().get_info()
+        catname = catinfo["name"]
+
+        kwinfo = KeywordFacetProvider().get_info()
+        kwfilter = kwinfo["filter"]
+        kwname = kwinfo["name"]
+
+        t0filter = facet_registry.get_provider("t_0").get_info()["filter"]
+        t1filter = facet_registry.get_provider("t_1").get_info()["filter"]
+
+        def t(tk):
+            return self.thesauri_k[tk].id
+
+        for facet, params, items in (
+            # thesauri
+            ("t_1", {regfilter: "R0"}, {t("1_0"): 2}),
+            ("t_1", {regfilter: "R0", "key": [t("1_0")]}, {t("1_0"): 2}),
+            ("t_1", {regfilter: "R0", t0filter: t("0_1")}, {}),
+            ("t_1", {regfilter: "R0", t0filter: t("0_1"), "key": [t("1_0")]}, {t("1_0"): None}),
+            (
+                "t_1",
+                {regfilter: "R0", t0filter: t("0_1"), "key": [t("1_1"), t("1_0")]},
+                {t("1_0"): None, t("1_1"): None},
+            ),
+            # regions
+            (regname, {t1filter: t("1_1")}, {"R1": 1}),
+            (regname, {t1filter: t("1_1"), "key": ["R0", "R1"]}, {"R1": 1, "R0": None}),
+            (regname, {t1filter: t("1_1"), "key": ["R0"]}, {"R0": None}),
+            # category
+            (catname, {t1filter: t("1_0")}, {"C0": 3, "C1": 1}),
+            (catname, {t1filter: t("1_0"), "key": ["C0", "C2"]}, {"C0": 3, "C2": None}),
+            (catname, {kwfilter: "K1"}, {"C0": 1}),
+            (catname, {kwfilter: "K1", "key": ["C0", "C2"]}, {"C0": 1, "C2": None}),
+            # keyword
+            (kwname, {t0filter: t("0_0")}, {"K0": 2, "K1": 1, "K2": 1}),
+            (kwname, {t0filter: t("0_0"), regfilter: "R0"}, {"K1": 1}),
+            (kwname, {t0filter: t("0_0"), regfilter: "R0", "key": ["K0"]}, {"K0": None}),
+        ):
+            req = self.rf.get(reverse("get_facet", args=[facet]), data=params)
+            res: JsonResponse = views.get_facet(req, facet)
+            obj = json.loads(res.content)
+            # self.assertEqual(totals, obj["topics"]["total"], f"Bad totals for facet '{facet} and params {params}")
+
+            self.assertEqual(
+                len(items),
+                len(obj["topics"]["items"]),
+                f"Bad count for items '{facet} \n PARAMS: {params} \n RESULT: {obj} \n EXPECTED: {items}",
+            )
+            # search item
+            for item in items.keys():
+                found = next((i for i in obj["topics"]["items"] if i["key"] == item), None)
+                self.assertIsNotNone(found, f"Topic '{item}' not found in facet {facet} -- {obj}")
+                self.assertEqual(items[item], found.get("count", None), f"Bad count for facet '{facet}:{item}")
+
     def test_user_auth(self):
         # make sure the user authorization pre-filters the visible resources
         # TODO test
diff --git a/geonode/facets/views.py b/geonode/facets/views.py
index b6e876f1a4d..a02c8aa961f 100644
--- a/geonode/facets/views.py
+++ b/geonode/facets/views.py
@@ -94,6 +94,8 @@ def get_facet(request, facet):
     include_config = _resolve_boolean(request, PARAM_INCLUDE_CONFIG, False)
 
     topic_contains = request.GET.get(PARAM_TOPIC_CONTAINS, None)
+    keys = set(request.query_params.getlist("key"))
+
     page = int(request.GET.get(PARAM_PAGE, 0))
     page_size = int(request.GET.get(PARAM_PAGE_SIZE, DEFAULT_FACET_PAGE_SIZE))
 
@@ -103,7 +105,7 @@ def get_facet(request, facet):
 
     qs = _prefilter_topics(request)
     topics = _get_topics(
-        provider, queryset=qs, page=page, page_size=page_size, lang=lang, topic_contains=topic_contains
+        provider, queryset=qs, page=page, page_size=page_size, lang=lang, topic_contains=topic_contains, keys=keys
     )
 
     if add_link:
@@ -156,11 +158,23 @@ def _get_topics(
     page_size: int = DEFAULT_FACET_PAGE_SIZE,
     lang: str = "en",
     topic_contains: str = None,
+    keys: set = {},
+    **kwargs,
 ):
     start = page * page_size
     end = start + page_size
 
-    cnt, items = provider.get_facet_items(queryset, start=start, end=end, lang=lang, topic_contains=topic_contains)
+    cnt, items = provider.get_facet_items(
+        queryset, start=start, end=end, lang=lang, topic_contains=topic_contains, keys=keys
+    )
+
+    if keys:
+        keys.difference_update({str(t["key"]) for t in items})
+        if keys:
+            ext = provider.get_topics(keys, lang)
+            items.extend(ext)
+            cnt += len(ext)
+            logger.debug("Extending facets to %d for %s", cnt, provider.name)
 
     return {"page": page, "page_size": page_size, "start": start, "total": cnt, "items": items}
 
@@ -175,6 +189,7 @@ def _prefilter_topics(request):
     """
     logger.debug("Filtering by user '%s'", request.user)
     filters = {k: vlist for k, vlist in request.query_params.lists() if k.startswith("filter{")}
+    logger.warning(f"FILTERING BY {filters}")
 
     if filters:
         viewset = ResourceBaseViewSet(request=request, format_kwarg={}, kwargs=filters)

From 2f4e4af47a76890e79a3b1da43e6b494ecab80ab Mon Sep 17 00:00:00 2001
From: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Thu, 27 Jul 2023 10:15:00 +0200
Subject: [PATCH 096/330] =?UTF-8?q?=20-=20Updating=20docker-compose=20tags?=
 =?UTF-8?q?,=20images=20versions=20and=20.envs=0B=20-=20Bump=20Po=E2=80=A6?=
 =?UTF-8?q?=20(#11199)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* - Updating docker-compose tags, images versions and .envs - Bump Postgres Image from 13 to 15

* - Fix tests

* - Upgrade "letsencrypt" to "alpine:latest" base image

* Bump nginx tag to 1.25.1-alpine

* - Update images versions

 - Enable postgresql-client-15
---
 .env                                  | 18 ++++++++++--------
 .env_dev                              |  2 ++
 .env_local                            |  4 +++-
 .env_test                             |  4 +++-
 docker-compose.yml                    | 24 ++++++++++++------------
 scripts/docker/base/ubuntu/Dockerfile |  4 ++--
 scripts/docker/letsencrypt/Dockerfile |  2 +-
 scripts/docker/nginx/Dockerfile       |  2 +-
 start_django_async.sh                 |  2 +-
 9 files changed, 35 insertions(+), 27 deletions(-)

diff --git a/.env b/.env
index 96b166bf2fb..492278acb55 100644
--- a/.env
+++ b/.env
@@ -29,8 +29,10 @@ NGINX_BASE_URL=
 POSTGRES_USER=postgres
 POSTGRES_PASSWORD=postgres
 GEONODE_DATABASE=geonode
+GEONODE_DATABASE_USER=geonode
 GEONODE_DATABASE_PASSWORD=geonode
 GEONODE_GEODATABASE=geonode_data
+GEONODE_GEODATABASE_USER=geonode_data
 GEONODE_GEODATABASE_PASSWORD=geonode_data
 GEONODE_DATABASE_SCHEMA=public
 GEONODE_GEODATABASE_SCHEMA=public
@@ -45,7 +47,7 @@ BROKER_URL=amqp://guest:guest@rabbitmq:5672/
 CELERY_BEAT_SCHEDULER=celery.beat:PersistentScheduler
 ASYNC_SIGNALS=True
 
-SITEURL=http://localhost/
+SITEURL=https://localhost/
 
 ALLOWED_HOSTS=['django', '*']
 
@@ -67,8 +69,8 @@ GEONODE_LB_PORT=80
 
 # IP or domain name and port where the server can be reached on HTTPS (leave HOST empty if you want to use HTTP only)
 # port where the server can be reached on HTTPS
-HTTP_HOST=localhost
-HTTPS_HOST=
+HTTP_HOST=
+HTTPS_HOST=localhost
 
 HTTP_PORT=80
 HTTPS_PORT=443
@@ -78,8 +80,8 @@ HTTPS_PORT=443
 # disabled : we do not get a certificate at all (a placeholder certificate will be used)
 # staging : we get staging certificates (are invalid, but allow to test the process completely and have much higher limit rates)
 # production : we get a normal certificate (default)
-LETSENCRYPT_MODE=disabled
-# LETSENCRYPT_MODE=staging
+# LETSENCRYPT_MODE=disabled
+LETSENCRYPT_MODE=staging
 # LETSENCRYPT_MODE=production
 
 RESOLVER=127.0.0.11
@@ -87,8 +89,8 @@ RESOLVER=127.0.0.11
 # #################
 # geoserver
 # #################
-GEOSERVER_WEB_UI_LOCATION=http://localhost/geoserver/
-GEOSERVER_PUBLIC_LOCATION=http://localhost/geoserver/
+GEOSERVER_WEB_UI_LOCATION=https://localhost/geoserver/
+GEOSERVER_PUBLIC_LOCATION=https://localhost/geoserver/
 GEOSERVER_LOCATION=http://geoserver:8080/geoserver/
 GEOSERVER_ADMIN_USER=admin
 GEOSERVER_ADMIN_PASSWORD=geoserver
@@ -186,7 +188,7 @@ BING_API_KEY=
 GOOGLE_API_KEY=
 
 # Monitoring
-MONITORING_ENABLED=True
+MONITORING_ENABLED=False
 MONITORING_DATA_TTL=365
 USER_ANALYTICS_ENABLED=True
 USER_ANALYTICS_GZIP=True
diff --git a/.env_dev b/.env_dev
index 937d630ad4d..88a2b273a4f 100644
--- a/.env_dev
+++ b/.env_dev
@@ -29,8 +29,10 @@ NGINX_BASE_URL=
 POSTGRES_USER=postgres
 POSTGRES_PASSWORD=postgres
 GEONODE_DATABASE=geonode
+GEONODE_DATABASE_USER=geonode
 GEONODE_DATABASE_PASSWORD=geonode
 GEONODE_GEODATABASE=geonode_data
+GEONODE_GEODATABASE_USER=geonode
 GEONODE_GEODATABASE_PASSWORD=geonode
 GEONODE_DATABASE_SCHEMA=public
 GEONODE_GEODATABASE_SCHEMA=public
diff --git a/.env_local b/.env_local
index 4bec5dc60bc..a19213926f2 100644
--- a/.env_local
+++ b/.env_local
@@ -29,8 +29,10 @@ NGINX_BASE_URL=
 POSTGRES_USER=postgres
 POSTGRES_PASSWORD=postgres
 GEONODE_DATABASE=geonode
+GEONODE_DATABASE_USER=geonode
 GEONODE_DATABASE_PASSWORD=geonode
 GEONODE_GEODATABASE=geonode_data
+GEONODE_GEODATABASE_USER=geonode
 GEONODE_GEODATABASE_PASSWORD=geonode
 GEONODE_DATABASE_SCHEMA=public
 GEONODE_GEODATABASE_SCHEMA=public
@@ -45,7 +47,7 @@ BROKER_URL=amqp://admin:admin@localhost:5672//
 CELERY_BEAT_SCHEDULER=celery.beat:PersistentScheduler
 ASYNC_SIGNALS=False
 
-SITEURL=http://localhost/
+SITEURL=http://localhost:8000/
 
 ALLOWED_HOSTS="['django', '*']"
 
diff --git a/.env_test b/.env_test
index a728f8fd4d1..9eed802d452 100644
--- a/.env_test
+++ b/.env_test
@@ -29,8 +29,10 @@ NGINX_BASE_URL=
 POSTGRES_USER=postgres
 POSTGRES_PASSWORD=postgres
 GEONODE_DATABASE=geonode
+GEONODE_DATABASE_USER=geonode
 GEONODE_DATABASE_PASSWORD=geonode
 GEONODE_GEODATABASE=geonode_data
+GEONODE_GEODATABASE_USER=geonode_data
 GEONODE_GEODATABASE_PASSWORD=geonode_data
 GEONODE_DATABASE_SCHEMA=public
 GEONODE_GEODATABASE_SCHEMA=public
@@ -195,7 +197,7 @@ BING_API_KEY=
 GOOGLE_API_KEY=
 
 # Monitoring
-MONITORING_ENABLED=True
+MONITORING_ENABLED=False
 MONITORING_DATA_TTL=365
 USER_ANALYTICS_ENABLED=True
 USER_ANALYTICS_GZIP=True
diff --git a/docker-compose.yml b/docker-compose.yml
index 3af97ca2ebc..d87342e2ad4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,7 +4,7 @@ version: '3.9'
 x-common-django:
   &default-common-django
   image: geonode/geonode:latest-ubuntu-22.10
-  restart: on-failure
+  restart: unless-stopped
   env_file:
     - .env
   volumes:
@@ -50,7 +50,7 @@ services:
 
   # Nginx is serving django static and media files and proxies to django and geonode
   geonode:
-    image: geonode/nginx:4.0
+    image: geonode/nginx:4.1.0
     build: ./scripts/docker/nginx/
     container_name: nginx4${COMPOSE_PROJECT_NAME}
     environment:
@@ -67,11 +67,11 @@ services:
       - nginx-confd:/etc/nginx
       - nginx-certificates:/geonode-certificates
       - statics:/mnt/volumes/statics
-    restart: on-failure
+    restart: unless-stopped
 
   # Gets and installs letsencrypt certificates
   letsencrypt:
-    image: geonode/letsencrypt:4.0
+    image: geonode/letsencrypt:4.1.0
     build: ./scripts/docker/letsencrypt/
     container_name: letsencrypt4${COMPOSE_PROJECT_NAME}
     environment:
@@ -81,7 +81,7 @@ services:
       - LETSENCRYPT_MODE=${LETSENCRYPT_MODE}
     volumes:
       - nginx-certificates:/geonode-certificates
-    restart: on-failure
+    restart: unless-stopped
 
   # Geoserver backend
   geoserver:
@@ -101,7 +101,7 @@ services:
       - backup-restore:/backup_restore
       - data:/data
       - tmp:/tmp
-    restart: on-failure
+    restart: unless-stopped
     depends_on:
       db:
         condition: service_healthy
@@ -114,14 +114,14 @@ services:
     entrypoint: sleep infinity
     volumes:
       - geoserver-data-dir:/geoserver_data/data
-    restart: on-failure
+    restart: unless-stopped
     healthcheck:
       test: "ls -A '/geoserver_data/data' | wc -l"
 
   # PostGIS database.
   db:
-    # use geonode official postgis 13 image
-    image: geonode/postgis:13
+    # use geonode official postgis 15 image
+    image: geonode/postgis:15
     command: postgres -c "max_connections=${POSTGRESQL_MAX_CONNECTIONS}"
     container_name: db4${COMPOSE_PROJECT_NAME}
     env_file:
@@ -129,7 +129,7 @@ services:
     volumes:
       - dbdata:/var/lib/postgresql/data
       - dbbackups:/pg_backups
-    restart: on-failure
+    restart: unless-stopped
     healthcheck:
       test: "pg_isready -d postgres -U postgres"
     # uncomment to enable remote connections to postgres
@@ -138,11 +138,11 @@ services:
 
   # Vanilla RabbitMQ service. This is needed by celery
   rabbitmq:
-    image: rabbitmq:3.7-alpine
+    image: rabbitmq:3-alpine
     container_name: rabbitmq4${COMPOSE_PROJECT_NAME}
     volumes:
       - rabbitmq:/var/lib/rabbitmq
-    restart: on-failure
+    restart: unless-stopped
 
 volumes:
   statics:
diff --git a/scripts/docker/base/ubuntu/Dockerfile b/scripts/docker/base/ubuntu/Dockerfile
index 3b36cb6236f..13ca38d20c4 100644
--- a/scripts/docker/base/ubuntu/Dockerfile
+++ b/scripts/docker/base/ubuntu/Dockerfile
@@ -2,7 +2,7 @@ FROM ubuntu:22.10
 
 RUN mkdir -p /usr/src/geonode
 
-## Enable postgresql-client-13
+## Enable postgresql-client-15
 RUN apt-get update -y && apt-get install curl wget unzip gnupg2 -y
 RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
 # will install python3.10 
@@ -17,7 +17,7 @@ RUN apt-get install -y \
 
 RUN apt-get update -y && apt-get install -y --no-install-recommends \
     gcc vim zip gettext geoip-bin cron \
-    postgresql-client-13 \
+    postgresql-client-15 \
     python3-all-dev python3-dev \
     python3-gdal python3-psycopg2 python3-ldap \
     python3-pip python3-pil python3-lxml \
diff --git a/scripts/docker/letsencrypt/Dockerfile b/scripts/docker/letsencrypt/Dockerfile
index a77f3b0219c..1480342e8f1 100644
--- a/scripts/docker/letsencrypt/Dockerfile
+++ b/scripts/docker/letsencrypt/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:latest
 
 RUN apk add --no-cache certbot 
 
diff --git a/scripts/docker/nginx/Dockerfile b/scripts/docker/nginx/Dockerfile
index 92652f376c6..0a497ce0384 100644
--- a/scripts/docker/nginx/Dockerfile
+++ b/scripts/docker/nginx/Dockerfile
@@ -1,4 +1,4 @@
-FROM nginx:1-alpine
+FROM nginx:1.25.1-alpine
 
 RUN apk add --no-cache openssl inotify-tools
 
diff --git a/start_django_async.sh b/start_django_async.sh
index 78930d0377b..6b2d25eb84e 100755
--- a/start_django_async.sh
+++ b/start_django_async.sh
@@ -4,7 +4,7 @@ set -e
 export RESOURCE_PUBLISHING=True
 export ADMIN_MODERATE_UPLOADS=True
 export NOTIFICATION_ENABLED=True
-export MONITORING_ENABLED=True
+export MONITORING_ENABLED=False
 export EMAIL_ENABLED=True
 export BROKER_URL=amqp://guest:guest@localhost:5672/
 export ASYNC_SIGNALS=True

From 106c42f224c604990e0b027394fd785dcd31092f Mon Sep 17 00:00:00 2001
From: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Mon, 31 Jul 2023 14:47:51 +0200
Subject: [PATCH 097/330] [Fixes #11080] Unable to add ArcGIS REST ImageServer
 as Remote Service (#11309)

---
 geonode/harvesting/harvesters/arcgis.py | 8 ++++----
 requirements.txt                        | 2 +-
 setup.cfg                               | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/geonode/harvesting/harvesters/arcgis.py b/geonode/harvesting/harvesters/arcgis.py
index c57202cc404..f64934f5b78 100644
--- a/geonode/harvesting/harvesters/arcgis.py
+++ b/geonode/harvesting/harvesters/arcgis.py
@@ -205,8 +205,8 @@ def _get_resource_descriptor(
         epsg_code, spatial_extent = _parse_spatial_extent(layer_representation["extent"])
         ows_url = harvestable_resource.unique_identifier.rpartition("/")[0]
         store = slugify(ows_url)
-        name = layer_representation["id"]
-        title = layer_representation["name"]
+        name = layer_representation.get("id", layer_representation.get("name", "Undefined"))
+        title = layer_representation.get("name", layer_representation.get("title", "Undefined"))
         workspace = "remoteWorkspace"
         alternate = f"{workspace}:{name}"
         return resourcedescriptor.RecordDescription(
@@ -307,8 +307,8 @@ def _get_resource_descriptor(
         epsg_code, spatial_extent = _parse_spatial_extent(layer_representation["extent"])
         ows_url = harvestable_resource.unique_identifier.rpartition("/")[0]
         store = slugify(ows_url)
-        name = layer_representation["id"]
-        title = layer_representation["name"]
+        name = layer_representation.get("id", layer_representation.get("name", "Undefined"))
+        title = layer_representation.get("name", layer_representation.get("title", "Undefined"))
         workspace = "remoteWorkspace"
         alternate = f"{workspace}:{name}"
         return resourcedescriptor.RecordDescription(
diff --git a/requirements.txt b/requirements.txt
index 32be7fdb44d..208e17c1a7f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -96,7 +96,7 @@ geonode-oauth-toolkit==2.2.2
 geonode-user-messages==2.0.2
 geonode-announcements==2.0.2
 geonode-django-activity-stream==0.10.0
-gn-arcrest==10.5.5
+gn-arcrest==10.5.6
 geoserver-restconfig==2.0.9
 gn-gsimporter==2.0.4
 gisdata==0.5.4
diff --git a/setup.cfg b/setup.cfg
index f39b8c3d7b8..280ea55eed8 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -121,7 +121,7 @@ install_requires =
     geonode-user-messages==2.0.2
     geonode-announcements==2.0.2
     geonode-django-activity-stream==0.10.0
-    gn-arcrest==10.5.5
+    gn-arcrest==10.5.6
     geoserver-restconfig==2.0.9
     gn-gsimporter==2.0.4
     gisdata==0.5.4

From a9d04f6e4911fdb68ac44359786ba90870ffdcc0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 31 Jul 2023 16:04:08 +0200
Subject: [PATCH 098/330] Bump django-sequences from 2.7 to 2.8 (#11301)

* Bump django-sequences from 2.7 to 2.8

Bumps [django-sequences](https://github.com/aaugustin/django-sequences) from 2.7 to 2.8.
- [Commits](https://github.com/aaugustin/django-sequences/compare/2.7...2.8)

---
updated-dependencies:
- dependency-name: django-sequences
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 208e17c1a7f..2678b560326 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -47,7 +47,7 @@ django-tinymce==3.6.1
 django-grappelli==3.0.6
 django-uuid-upload-path==1.0.0
 django-widget-tweaks==1.4.12
-django-sequences==2.7
+django-sequences==2.8
 oauthlib==3.2.2
 pyopenssl==23.2.0
 pyjwt==2.8.0
diff --git a/setup.cfg b/setup.cfg
index 280ea55eed8..49f59b5ba56 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -73,7 +73,7 @@ install_requires =
     django-grappelli==3.0.6
     django-uuid-upload-path==1.0.0
     django-widget-tweaks==1.4.12
-    django-sequences==2.7
+    django-sequences==2.8
     oauthlib==3.2.2
     pyopenssl==23.2.0
     pyjwt==2.8.0

From bf116689a188312acba09d4f0a7d298e0bbf55bf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 31 Jul 2023 16:04:44 +0200
Subject: [PATCH 099/330] Bump boto3 from 1.28.9 to 1.28.15 (#11304)

* Bump boto3 from 1.28.9 to 1.28.15

Bumps [boto3](https://github.com/boto/boto3) from 1.28.9 to 1.28.15.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.28.9...1.28.15)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 2678b560326..d5f73f708cf 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -113,7 +113,7 @@ django-storages==1.13.2
 dropbox==11.36.2
 google-cloud-storage==2.10.0
 google-cloud-core==2.3.3
-boto3==1.28.9
+boto3==1.28.15
 
 # Django Caches
 python-memcached<=1.59
diff --git a/setup.cfg b/setup.cfg
index 49f59b5ba56..2dad8c7d0f3 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -138,7 +138,7 @@ install_requires =
     dropbox==11.36.2
     google-cloud-storage==2.10.0
     google-cloud-core==2.3.3
-    boto3==1.28.9
+    boto3==1.28.15
 
     # Django Caches
     python-memcached<=1.59

From 4eb1eacb3e80e1058d4bc7ff135684029cf0307e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 31 Jul 2023 16:05:06 +0200
Subject: [PATCH 100/330] Bump flake8 from 6.0.0 to 6.1.0 (#11307)

* Bump flake8 from 6.0.0 to 6.1.0

Bumps [flake8](https://github.com/pycqa/flake8) from 6.0.0 to 6.1.0.
- [Commits](https://github.com/pycqa/flake8/compare/6.0.0...6.1.0)

---
updated-dependencies:
- dependency-name: flake8
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index d5f73f708cf..920bd63847c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -152,7 +152,7 @@ invoke==2.2.0
 # tests
 coverage==7.2.7
 requests-toolbelt==1.0.0
-flake8==6.0.0
+flake8==6.1.0
 black==23.7.0
 pytest==7.4.0
 pytest-bdd==6.1.1
diff --git a/setup.cfg b/setup.cfg
index 2dad8c7d0f3..1a03291ef93 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -177,7 +177,7 @@ install_requires =
     # tests
     coverage==7.2.7
     requests-toolbelt==1.0.0
-    flake8==6.0.0
+    flake8==6.1.0
     black==23.7.0
     pytest==7.4.0
     pytest-bdd==6.1.1

From 32ac5ad4cf6a33594cc17fca6e18a2f3bc57b21d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 31 Jul 2023 16:06:00 +0200
Subject: [PATCH 101/330] Bump webdriver-manager from 3.9.1 to 4.0.0 (#11306)

* Bump webdriver-manager from 3.9.1 to 4.0.0

Bumps [webdriver-manager](https://github.com/SergeyPirogov/webdriver_manager) from 3.9.1 to 4.0.0.
- [Release notes](https://github.com/SergeyPirogov/webdriver_manager/releases)
- [Changelog](https://github.com/SergeyPirogov/webdriver_manager/blob/master/CHANGELOG.md)
- [Commits](https://github.com/SergeyPirogov/webdriver_manager/compare/v3.9.1...v4.0.0)

---
updated-dependencies:
- dependency-name: webdriver-manager
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 920bd63847c..d59ded3314c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -167,7 +167,7 @@ factory-boy==3.3.0
 flaky==3.7.0
 selenium>=4.1.0,<5.0.0
 selenium-requests==2.0.3
-webdriver_manager==3.9.1
+webdriver_manager==4.0.0
 
 # Security and audit
 mistune==3.0.1
diff --git a/setup.cfg b/setup.cfg
index 1a03291ef93..81e041141e0 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -192,7 +192,7 @@ install_requires =
     flaky==3.7.0
     selenium>=4.1.0,<5.0.0
     selenium-requests==2.0.3
-    webdriver_manager==3.9.1
+    webdriver_manager==4.0.0
 
     # Security and audit
     mistune==3.0.1

From a2e1a18567a8ae521253ef4645f69da8ca3efced Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 31 Jul 2023 16:34:27 +0200
Subject: [PATCH 102/330] Bump uwsgi from 2.0.21 to 2.0.22 (#11305)

* Bump uwsgi from 2.0.21 to 2.0.22

Bumps [uwsgi](https://github.com/unbit/uwsgi-docs) from 2.0.21 to 2.0.22.
- [Commits](https://github.com/unbit/uwsgi-docs/commits)

---
updated-dependencies:
- dependency-name: uwsgi
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index d59ded3314c..ea94c549363 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -143,7 +143,7 @@ django-ipware<5.1
 pycountry
 
 # production
-uWSGI==2.0.21
+uWSGI==2.0.22
 gunicorn==21.2.0
 ipython==8.14.0
 docker==6.1.3
diff --git a/setup.cfg b/setup.cfg
index 81e041141e0..2d495df23bd 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -168,7 +168,7 @@ install_requires =
     pycountry
 
     # production
-    uWSGI==2.0.21
+    uWSGI==2.0.22
     gunicorn==21.2.0
     ipython==8.14.0
     docker==6.1.3

From 99ced683ec679c5f1bc0c1fe101602cc9a193638 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 31 Jul 2023 16:35:20 +0200
Subject: [PATCH 103/330] Bump markdown from 3.4.3 to 3.4.4 (#11303)

* Bump markdown from 3.4.3 to 3.4.4

Bumps [markdown](https://github.com/Python-Markdown/markdown) from 3.4.3 to 3.4.4.
- [Changelog](https://github.com/Python-Markdown/markdown/blob/master/docs/change_log/release-2.6.md)
- [Commits](https://github.com/Python-Markdown/markdown/compare/3.4.3...3.4.4)

---
updated-dependencies:
- dependency-name: markdown
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index ea94c549363..a8700f0a047 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -82,7 +82,7 @@ drf-extensions==0.7.1
 drf-writable-nested==0.7.0
 drf-spectacular==0.26.4
 dynamic-rest==2.1.2
-Markdown==3.4.3
+Markdown==3.4.4
 
 pinax-notifications==6.0.0
 pinax-ratings==4.0.0
diff --git a/setup.cfg b/setup.cfg
index 2d495df23bd..882a2e505ff 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -108,7 +108,7 @@ install_requires =
     drf-writable-nested==0.7.0
     drf-spectacular==0.26.4
     dynamic-rest==2.1.2
-    Markdown==3.4.3
+    Markdown==3.4.4
 
     pinax-notifications==6.0.0
     pinax-ratings==4.0.0

From d70b289ca37c8ff8ff275ea32e90b0f2939c9887 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 31 Jul 2023 16:36:58 +0200
Subject: [PATCH 104/330] Bump wandb from 0.15.5 to 0.15.7 (#11302)

* Bump wandb from 0.15.5 to 0.15.7

Bumps [wandb](https://github.com/wandb/wandb) from 0.15.5 to 0.15.7.
- [Release notes](https://github.com/wandb/wandb/releases)
- [Changelog](https://github.com/wandb/wandb/blob/main/CHANGELOG.md)
- [Commits](https://github.com/wandb/wandb/compare/v0.15.5...v0.15.7)

---
updated-dependencies:
- dependency-name: wandb
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index a8700f0a047..10805de234a 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -171,7 +171,7 @@ webdriver_manager==4.0.0
 
 # Security and audit
 mistune==3.0.1
-wandb==0.15.5
+wandb==0.15.7
 protobuf==3.20.3
 mako==1.2.4
 certifi>=2022.12.7 # not directly required, pinned by Snyk to avoid a vulnerability
diff --git a/setup.cfg b/setup.cfg
index 882a2e505ff..7668acc79c2 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -196,7 +196,7 @@ install_requires =
 
     # Security and audit
     mistune==3.0.1
-    wandb==0.15.5
+    wandb==0.15.7
     protobuf==3.20.3
     mako==1.2.4
     certifi>=2022.12.7 # not directly required, pinned by Snyk to avoid a vulnerability

From 3c5729e24fef14c8da0dc4d9575d91a8946d2c21 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Tue, 1 Aug 2023 12:44:37 +0200
Subject: [PATCH 105/330] [Fixes #11312] Expose dataset ows url (#11313)

* expose dataser ows url

* Formatting
---
 geonode/geoserver/helpers.py            | 16 ++++++++++++++++
 geonode/geoserver/tests/test_helpers.py | 12 ++++++++++++
 geonode/layers/api/serializers.py       |  1 +
 geonode/layers/models.py                |  6 ++++++
 4 files changed, 35 insertions(+)

diff --git a/geonode/geoserver/helpers.py b/geonode/geoserver/helpers.py
index c5d4742b6cd..cc9135d243f 100755
--- a/geonode/geoserver/helpers.py
+++ b/geonode/geoserver/helpers.py
@@ -2296,6 +2296,22 @@ def get_dataset_capabilities_url(layer, version="1.3.0", access_token=None):
     return wms_url
 
 
+def get_layer_ows_url(layer, access_token=None):
+    """
+    Generate the layer-specific GetCapabilities URL
+    """
+    workspace_layername = layer.alternate.split(":") if ":" in layer.alternate else ("", layer.alternate)
+    ows_url = settings.GEOSERVER_PUBLIC_LOCATION
+    if not layer.remote_service:
+        ows_url = f"{ows_url}{'/'.join(workspace_layername)}/ows"  # noqa
+        if access_token:
+            ows_url += f"?access_token={access_token}"
+    else:
+        ows_url = f"{layer.remote_service.service_url}"
+
+    return ows_url
+
+
 def wps_format_is_supported(_format, dataset_type):
     return (_format, dataset_type) in WPS_ACCEPTABLE_FORMATS
 
diff --git a/geonode/geoserver/tests/test_helpers.py b/geonode/geoserver/tests/test_helpers.py
index 9c71711511a..cf841bdf457 100644
--- a/geonode/geoserver/tests/test_helpers.py
+++ b/geonode/geoserver/tests/test_helpers.py
@@ -40,6 +40,7 @@
     get_dataset_storetype,
     extract_name_from_sld,
     get_dataset_capabilities_url,
+    get_layer_ows_url,
 )
 from geonode.geoserver.ows import _wcs_link, _wfs_link, _wms_link
 
@@ -295,3 +296,14 @@ def test_dataset_capabilties_url(self):
         expected_url = f"{ows_url}geonode/CA/ows?service=wms&version=1.3.0&request=GetCapabilities"
         capabilities_url = get_dataset_capabilities_url(dataset)
         self.assertEqual(capabilities_url, expected_url, capabilities_url)
+
+    @on_ogc_backend(geoserver.BACKEND_PACKAGE)
+    def test_layer_ows_url(self):
+        from geonode.layers.models import Dataset
+
+        ows_url = settings.GEOSERVER_PUBLIC_LOCATION
+        identifier = "geonode:CA"
+        dataset = Dataset.objects.get(alternate=identifier)
+        expected_url = f"{ows_url}geonode/CA/ows"
+        capabilities_url = get_layer_ows_url(dataset)
+        self.assertEqual(capabilities_url, expected_url, capabilities_url)
diff --git a/geonode/layers/api/serializers.py b/geonode/layers/api/serializers.py
index fd8736fc4eb..270c469aa82 100644
--- a/geonode/layers/api/serializers.py
+++ b/geonode/layers/api/serializers.py
@@ -173,6 +173,7 @@ class Meta:
             "featureinfo_custom_template",
             "ows_url",
             "capabilities_url",
+            "dataset_ows_url",
             "workspace",
             "default_style",
             "styles",
diff --git a/geonode/layers/models.py b/geonode/layers/models.py
index 11612ed8f09..0d6c425e8e0 100644
--- a/geonode/layers/models.py
+++ b/geonode/layers/models.py
@@ -261,6 +261,12 @@ def capabilities_url(self):
 
         return get_dataset_capabilities_url(self)
 
+    @property
+    def dataset_ows_url(self):
+        from geonode.geoserver.helpers import get_layer_ows_url
+
+        return get_layer_ows_url(self)
+
     @property
     def embed_url(self):
         try:

From 2b09aa6df2f2f51f051a8842b50f7fe2cc120c2a Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Fri, 4 Aug 2023 18:48:02 +0200
Subject: [PATCH 106/330] [Fixes #11323] Align the Position labels and
 translations (#11324)

* Align the Position labels and translations

* Improvement to it translation
---
 geonode/locale/en/LC_MESSAGES/django.mo       | Bin 143913 -> 143908 bytes
 geonode/locale/en/LC_MESSAGES/django.po       |   2 +-
 geonode/locale/it/LC_MESSAGES/django.mo       | Bin 161119 -> 161121 bytes
 geonode/locale/it/LC_MESSAGES/django.po       |   4 ++--
 .../templates/people/profile_detail.html      |  16 ++++++++--------
 5 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/geonode/locale/en/LC_MESSAGES/django.mo b/geonode/locale/en/LC_MESSAGES/django.mo
index f8663d06708af49835ebb15452c0cb68aec04c63..b7be4680ab464698552a6af0a9b8ec4582b4602f 100644
GIT binary patch
delta 5371
zcmXZfd309A8OQN?ZxTod2@t{-mNx;iK{j?RAWI{H98)M&Koa&%S*$G<4C%RrfW%M=
z2Z2&V4T=N{q1YBsk<uOt1!~IDs>o(4OTu!57?x03`u)8#e|=`=y?2&po|&6`a4~Z8
z#mJrUL;Xl&%yVA_Ogv7&B{&bG@g6q9h|>Yn0-It(OhLVu<?4N~J@o<D0SjDv5zeN*
z1gB#ymg1N*0TY84&IJ5WhqW|>2E=Ck5OLNH)C!wY4`L$bU;`Y9n(!DIFlG+wxy9$~
zdv9PA^*1pV-$yOv&+hmA7(x9X=lp<aOreqnb$A-X@dm1cTd0{n#5inx-gX$o=G3!L
z0}poXqfil=j7j(+s^4GZR@{VIz|&s`OiLW;Q)ohArgH&mrX{Ej-oR|!g_`jt)Bx8|
zTTq7@;67?1&8qAG9Z?ZYM@66)YN5HP@kU|-`jaSVMn#y8#qNO$)C>Di6FQ1*@pIJ7
zYf(87`CmIg2W&$<6E(r7P!s$SYGPxYFQ6t=h~$cIUZ<cv--@m96Z?ZXiCS^3`~5Dq
zqaO8*?KlOs!fe$0eNkKW40ghCs4eqR1FlAG=_XXNZo>|YZ;nt<M>VKDy@gt7<b{CA
z!p^AQN1-Az0X4DNs1ARI8mI^r+Lfq@yn{or!qxAfax46zoj??ZGrmbx0W(lD?S|@T
zAZlwyxc1SgP)>KwM}@is73x)}3I7g*co;Ro8dN{up%!@08FMLMd^IFdP{+Mcp&NqQ
z;}=mKEJEeLa#RG?Ip0G~U?(QyN2skh?|#3DirfQKZbV(S{d7W2FzYhsUl&Fm4VuUt
z)Jhg%Dwbjx{t-3sZd7Crxca|Qr=$us0k1k>dSM!B0pn5qzJluabqwRaSdH4kbv3@7
z(Z-s9=}1F4&cvhG7kgX@m>hh`S%%%HpFm9{?5a)5=BO3r;FCB4wXk)l<GBkp(W9tS
za~%~q&%b61jZk|Z=jutQ6{ov;Z&!Z;b7>!r+S662mHifVI?7NT??Xl4AWp=ysOS4%
zXF(qK08S?o{wv?wfzRFunASXS4V44oH|;4%!))rgs0qzOW&0x33fG`Q`6tu@K1N+E
zhh6&xR1RHn*17fv$b@_oR_h{wnqeHOqc*NR4K=YG=P=YtCu0WssME6@m82iy2K*G2
zJEOm|TQv^V?<~~wg_xl8?^95gZoqWhg5B{rW@1=fzzo1{sO)|jyI?U6!yTxI)uVE#
z-K~J>i~~^hsW=dqq4xeTCgOPvGQN34LCF!kZIfsaDw`*vLc9!hV{LK2|J~Iu;$+&r
zJ2uItp(b94O415kk6&XSTyWPeaHsP$hQ9yd^>)A*T*QMtQ0H|Qs>5Tb<LKS9^)C1;
z>IJBYoky+oJ`Ts=|7=8NVF~q>_!hSQ-Y#@E_M?94d(OX-qs4uDWd>1ulZm>5yQB6r
z50&L(QOPzL6}g!>4QsGB<~^{vu@s-B{w|hcJ!+idhjz<Wp!)mrA?IIvT17)^k1G;&
z-lGFvXrO-hJoUk-<arA<!R^iuQ623@<<Ndq()|;443D|rzeH_u6>34A=Y^6z#;2gK
zUOeh}WuOLn9CdLFMI}uE>U8`Zb@3FUB2<dHy0@Svum`oE1E}XdcfVgk9oswjON<J$
z<N3=dXn-}StMd1#4*udEIF7nV&Y|vsTlg4u4!0{QKn*n0)fb>9RE!#M4W?l^YMkS!
zh+Rgu(l<9K=)v2z!9+&biNrcPqCTg+Q4z{Tbu<zcp&6(Si%=KOQdIJmp(64LCgLGi
zuXfgjB#RzVP{+{??B2FUb=V#?a0+TKd!mxBpQ{f>Me1o+&quvC6?JOn;2|tSW&ezZ
zp7{etM0#cm?!tU!aekB+`fh)W3S|u{N$OD@hBfj+AD70c6=&cxI0zN$m8gl8VI^)s
z<;uKhFO>BQQT;B(Ag)FAy9@o$UQ<xV$5GjP36+FbP!Xs{-Ea*WdnOONpl-NVQ60UF
z#aNE|YIcpW5t!lJfXTF1Vi&A)^$xL~AG)b>W4+K-`wP?+yxG<N<?8ocJ*A0FzMo(w
z&#l00-0QrCJ*l^C>Y1)M0-wbq{2`viq1dvSbwV@WGrB^z(x96xI?i^Sj+*IcOvA;P
zh}%$C>Sw5qrZxA>JGcWi@w|Aul?zbya(o<5pmHL*g=fa%6R3!<_bF(m75D@E3R5t?
zrL`}1qdplmku|8RcAsmnLS=niD=&0$Wum@{<58z%Ici~>@JZZ{>OX?pPC4UeP|)YK
zJ1Uumqdq$M&V{HMZ@?V9<?6|8?B4sR<SIes&U)uYXBqaOeKYF0Q>cm6*t%~XQc$wR
zCRp3!IO-XwV^@Ou-mgN1vI4oOO*QI#U&Tng<9vh~D6*}+AzPzD-4k`e4MW{G1-MXO
zk)Kj{iH7T_D>c8JXFr#y5bZ>TcsJ_!oIp*i7Te%G)Lu7lZ%;{oR75AC-YZ0H*;>^5
zAG!8Z_!#4xItuzYWOT3(<e{$Ixu}7bqCPq+FbY?rwqhe{0+p!esxcdHpdt_q+T)vz
zico*lRt!NsUx>a|xY#w6pps=3Y63f4`$5zVS&53!X;iM<LER4x6K$kgpx$eX3UznX
z{W1i9jAL*vZbMyA2}zuPO&}@B9*<O<Nd0-#so0C7up0GT-;Op?gPc>akoKjh`@nRv
zdz*#HR0pBHt}{@l$H%8|D{7%PJNY&=v7K$mTA}_jNkxThDkkC_)JlJYio{0L03V=M
zd<^wfyo}23V6weGdZA9mL{t(_MJ4YdR0Njz6cp0sH~`C0FI1ymxQ5#M$P}AoF{o3}
z2XzI%jQV{Ys^d3NIr27Y3$~*A`_%pZS5y)nKy8hGfr66ZwtL_KYGx+Ywl_p|+yr$j
z<4}>A>wce)nt+e5;S$uuqtk5U(oh2q!_oKx>VEkfaw>dNML~CTSh{^-EGi;}sJ&l@
z8t^LWt5}EHiifC)H|}C{BObLS37ColQKw@jYReX*&izW%)&4Fv(D|<n6^!|hd*BRe
zz;96l+(lh9k5B_gceN92gM+E}!U9}?`Z|7r{V_SizCQ)^{w&l4=A({#DTe<3-%df<
z{TXV7CsA8)4z+g|Q5Q-LYQR9It>>Z!F2Lt-FKW-@vTPEjU>5a$sN|f5`j%`)<=PkM
zD|=gJ+ZQuYNihf&%2B9fdKGoU6{G%<s6Zv*CDg=&IX0xps9YI=Y9EDK`B+p=OhZL<
zF>0LB9B+Im)Ej9~lDzL8Jcx<Zzd^ka*3EsMQ4vZ<ZBb9u3j4eE*{EckkL6fYd?bI*
Vk^I2gqW2~|XtZa_g}|Y_{{xu@<l6uM

delta 5372
zcmXZfdvI388G!NgeFPFB3E`sQPJnO?2?Rtg+6pKjLq$glMFk2`K`ba@Ypa6Cj2Xa;
zh_x_^)FM?-1S-O)E!1nRqqfvaMXQLYfFgooMGPWLpXb~C>$kh#IeU5c-95>p`wQ0Z
zFWB7rqO>SUl1cAnlGb=N*5NI92A;-3EPOwcoQY>*K2~4>4vh8lup{*gu@lzB_F9}n
z{Vtq|$FUx#?#?8RdvJFq&2@O3hTMSIf*%S$2m^J%66)nxhJ&yPPC_R<RWnI4AAN4|
zp77oS*p&LiSd34g3;9d@{S|CX{hxc%Owx?PP8#fRFXrJfw1X4qOdEZeNm^nHw8L_2
zg#*!n$Hex@XoO~A7rX)O_qX^su0t1a$=*zI7EVejG^a2(x)7b|QnZ5yupe$iXM6}9
z;3&EU4d?)wkHSRGLI>!HMzji@@Gx|tW6|*@VLMD`Qt*XZ?2Sv}16$A+UPdSMCbq}-
z(U~7dbE4?uFhDnKOML)3!JnWL{3#ltsnP4v38hG`q{%%L-1ALXiZ6s8l6TP+ACJHP
zfE}n8e-b*bKv#G+`u=cqt1iQCI33-xI&{GM(JftvChKPG#Q4d-DA>^vbWcy9D=pfW
zNvg0n`uk)wB3GjmyAkd1*XTgCXlR$C6L}Ob!Y#3W63wlq`@;l^F^}<+z80_=o#{Df
zN2AcKnHbxrprQOlbO9RbrD&*EpcDQBcE%m(1dpKoe1|UZbhPDxOp@BrgMu9oLqj(X
z-Qye34i=#~a4#BxRnf=M2|SJ6@i}xW_Ql`7MI)E}G~`Ax+D|WZf&)M0{Ci<cpuvgE
zM^~~4d*U)|gwLV_Z$~5ZTCD#UJtYUw3FLp4Nd{phx`3<Des4wly$2g*$OUu@R~<~l
zjMf~?BwcCPh}YtqcrFh4Jd^atUq;trHT8GUi4+_PN!bQn(I6a!6VZjOLXYP*bfRyf
zr{-%ka{1{Oq0k)N`_fqNfv&hJ*3XUg3-ChPFGcrs1-i1|qo-pn+VRV11m3{u_%ZtY
z$ipls%RPWIi9~wqmto+Kzse+Sc;G0S15J;HQ&5ThsE<V_bPJm8i_jIWL__&!bOFz!
z7t4;=eh|%}FQW~yJ^OWTLTOS!!5KFX4M{25QK#5miB4=#bUeD!S=blr(9`o2nq1G|
zgZL7fJ5&A_wrV=s?>zMR6x(_J>nNC|tFbq3zyY`mE3x34OmaS+gJ$>5*aw&3Slo(6
z>=c?qU5;gva=Z|&&&J_+H@f#bunhNMXU0$Rz75GyjwaD)G@EClA-)^Eu{OltUyt?A
zv4-~i;~~keLnof1NxB6e!2LKF7k(EO_;hqHrY29*hA?1Dtff8#z00?u9lnho$NUqa
z-Vg7fUV~0-AG*@a_nBlImZK4whf8odK7<`lhJ|j&^QiAR$@w=q+Wio&%yM*Z2B25)
zV02F>pc9>jCfh7Da&z$-Jc8%ogi|3m>Tx3V$FLqxq2nw$9k%Q~w7(BdbN=1a12nYB
zaz&!&y(E*(4KxC;pgsmoo<E`!d@A}3+R=72hh9OG?%!xqza4-706qT)&;{jZv$^Bg
zGNs^GuPu7Ks?mXdj9wfUqe)YPp5Nb~7mx25p=IdRy#bxTU(p4<hCcUx{QVGmY)|4s
zEN&FWOYf%O04vd}@=3IVzr_c3p%=*~=sj=(hhXo#u#y^dpt-TW5S`ExbikF^3pb+U
z>_Q{<1+tZCa*Toxejgf=qQ+q&t)e~A&*`~ngvO#BO+q6y2ko#Hy?E-;<XwwK<OM9l
zf5iIXXhTl2D6dKAxCGtXj%bHn(Sa+_y&Q@r--uWrgGTC-Sf7EuHyb@Q^YK+&i)R0v
z{A}_h78Ycab+`?un8h=iW^>=|=h09eL6hVZ+F?OqHg_+yKv!Ii7vpF&)XUL{t;HR<
z0nL?L&dBDn{tmR?dh~vI5bbvxrn$YQV8^@A>^+1g;g@IxPNC=djAq$nJodwKydCZ6
z5xf&OqF>GaMIi!nqN}kx?K`m#HpF_j;%u6`sm2y(b64$c=oP#^*8dahndag53N-mH
zkM;YoAN3cbNAYaxWhL390w>}`ti=oPUAzd}w+LR{BF!dVp_^#%CM#(f2C715It6>-
zVl2bW=#}~w+R=5bvdL=PicWk&>#&sz(fURlitnH~QF3NBxg0M*BmPiI!I^HsVfZ2T
zz_w=vhhsJMS?EMoqF3$9vHbv=^`)iR+{HBj{VHCCo|1dfg{{L;_zK#8A-A15lU7q`
zLt!wQOqZe`of*+P&>64B{&*tR`?L*vUxy~wQZ#oSimr*S#euZ1N1xk+PV7jir%9uB
zA=z3*yW*8RP>mkDrRev51scjN$W5IbM$h+GSb!&^dF{hMMd%IL5e@ZF^nx3Y-ZwRP
zn_rP%QMiGIuhAD~bjXI!B^siq(GYJ(kIy^k#ExTIJdN&kn~vd>j6@?k6MZj5x9mam
z{pVu)9vs5>NdpBx4%MB)0~63I_a=0pdh}wt51Zos=vJ&jC$JNJ?l5{9j-jD0?;MWr
z*=U4DqFXTzeLlt16)uhqOVMOmflgp+Y<~m2dUv7`+KcAON%VebRu&@F4t=i-4fSC3
zei?_C;Z(dHH=`F+=PsOoC(xryI39g*I`yBUr{YDNfQQlNhIb8-8XdhBZ>7B+E3t96
zu(t!TJN41%*L4nhdg^ctZbBFOZMQUprd4?eSqJnllfG!kW@8!7M_2kgG!kpj0se%p
z_-*uJ`U1`F^6ugO7>1sTYtST~jVA9RGy->}6b$LTcs_1KUpS1ua1`D9q8=g1TB4`m
zJoE~_8U1|~+VR6^jy!^H!6vl7m*Ve#N0ab1bZgRs6ikNi;{(~AVP=id_GW0ut?^1M
zMI&=l{CxpBfjV4-ccBw6=@lYZi4Hg(e}>ni_sgrusYsIp6uhGgdWRRLp%F>Zy<de6
z_!at9Y(Tf7QJ*lu7HDp?MYp6g_QX->>6nXd*<$qEFGsKT$FPa#e`l_cB=5xsK0*il
z293ZE=tYxP5e6<nC)f!`;xL?w3(>FRZu}AU=^Ng^7JYvnI)Me~abJeHzyF`2;0oSC
zSNJZP9G{?j_c?l@96<+cQW@%F(Sd7l626G;d1+Nh!V0XSJ_1e7dFZ!fJ(_E~F*SSJ
z_X{r$K$BuL8p_FNGTn~ea7)mCB(|VQcnF<%dH)d7K4`8?MB68$E1!nu#C2#y7o+1W
z>z|#L3-uZrOp+(!gKuCN_0P~33aaDh8I4dCx<y0L6^@MUH=@b703XBJJ71sj?CVo9
TD;8|M;#A|pXQ%DUygL5>N3G=M

diff --git a/geonode/locale/en/LC_MESSAGES/django.po b/geonode/locale/en/LC_MESSAGES/django.po
index ae445ae92c7..d6ce030a65a 100644
--- a/geonode/locale/en/LC_MESSAGES/django.po
+++ b/geonode/locale/en/LC_MESSAGES/django.po
@@ -3982,7 +3982,7 @@ msgid "introduce yourself"
 msgstr "introduce yourself"
 
 msgid "Position Name"
-msgstr "Position Name"
+msgstr "Position"
 
 msgid "role or position of the responsible person"
 msgstr "role or position of the responsible person"
diff --git a/geonode/locale/it/LC_MESSAGES/django.mo b/geonode/locale/it/LC_MESSAGES/django.mo
index 0a9e88e7f7d43b2150075b76272bf4703f194b8f..ca8e5e1987454996ec2d980155ea22c053d2d976 100644
GIT binary patch
delta 7343
zcmXZh33N`^8piSS9fTlMNC^pF5E&35#z@4Fs5yxth*=Dcs3FES<<J4CR?*&@wuV-#
z=!j}WRjpo>R!i?yRq3j$hF-0qv^A6%?*GZ&*0O$kpJ5O0e)s;4_VmTTGZzE59q;K?
zaU5sq6`#`(S7IgHiY>4hWAUst=y#t}k$Ok0g~_&_j@76S#)ok%R={}}j0KpBD^UIY
zjUni}>hqlX6zX2}IW@2iR>p4D-dLS_CWhf?R7V9^6PMciMYg^XYjgc$d<eg^mSQ{V
z7f}=RU-LOZ*zB5TX5N+y>R=H1aRw?Pt574}hW+pp+=~H!n1OzQ8qg6`$E6s6SFG1D
zhI$z)a*==foCX++YPY9nFQlVFm51thp?zSTbrY(Ct*FrLM@66%_1<sT9`9l(Cj8}d
z!m&U4F%LDt=TQ-T2Mf^KNg<L#o9m{7VHik#Drza_Vm(}l3TY9lfi0+k6r)1<wY^@7
zdhUPr{w@5Lde99Mfm5g)Ig5?y-?>de4TRk^p^QZ(U3*lB#-Z*{K^N!SdI3gLFGLOS
zBh-Mtw)HbOiTWL^gX3=boD7_cio_utO8?Gz3hF57Zxe|$Y(zZ|wN}efq27!USb|F0
zQq%yhqdE@1?Q;?^0ktHPQSUv0isW;s$gRe@_`2%!@03tb5*@JqTQ{ixglgb7RPx-$
zH}F3CeKc^#=e$e(^D+iTJ?}2>;S2XnL|(gZmSP8LNe`eRcodbS|3PmEg_9HpW84Gd
z)2L)SiOumcHp6<n9)~HYnNP#ESY)q%gIcOGREL2+V{KGYhod5sgxc=uKG!Q>yU|?G
zzMN+tSb%D1C2DQgqn4xu6`3Ef7oJBQG%a1XJnLJd>U~iirK6T=JZgy-pboAj_Wmob
z=ay&dd-ld2)EXZ}CCxQds47)(%a@`$YN^6(JsOqG9Z?;mV=EknQMk<3x1pZ<88wkx
z*c9t}6<vpI;3T0Q7=vnHE<TByust@Z<T_cHjdO83W@B`K>rBR{Q3uT>OvaGPuJb7l
zLOoZritDt-DcBv?qWbYpQ&3212AU;^K+PlyHPd)oPqL<AA=d|>*6<`&#S5ri@F!~R
zt5h}DgHi2;qYk8Is9Z=zc7^BUP*}l*JY0l#@C7WWX4XEiy0I~88+AqvtOu&2bX3Q~
zQ5{W39YFI@2V0@Nz7=&c?!ravl4BU6{XeLNc`+9?lYCV2EkG^Fa#Tle+WYULW?q6y
zu7jxLJ%bv^1=Q}jXX~|Uy5;*l3UxmPHIN}#L;HU^1!eU@)XbJ+92TJ-Jcv8-XH+s4
zJ!A&99<_AE)<dX)mZBfeVH>Pi%M7psDuT(ViKd~a8Dvn9dG>)NsD@UccEKyCgXja)
z%s)eA@i(XjFQW#09W|gP!REPks7R)w9|xk|n}wR#OTp}a?b8pqpk44eDgx)MS5YA=
zv(~C@>QSh*O-6N?gW9%p(2qr^f$u`)#1T}7Cs5B_Lk&E*4*NfbLj5`>B&n!1Pe(1u
zB-9LMVG~@8ip1Nf4vJA{{$W&u_pvPogqZ!`8P!e>YN9hxyWnZmdmB7^<9pQ1e?>KP
z-Fnwr@nMtI)lnUXqmrzRz1|bm!BEtGpMqMdFHp&O9Q9-NBkH&0roHZ!QBa6|b&YjV
zFSJB8kbnwtck5u(04G_eVG{MZ*c^ADCUP2;Lzhq;-#{&Kt$HTHZIOw1PG1UYV645d
z4)x;4r~&Lnh5U&1l)Zli^`mqP6_JLaCPE3Qkf);7JQLMU9%}8M!1lNn>uLXgN1-Jb
zE~92vzrO4Az{XfUQ`CVn4V4?7t^X6_sBcC!cmlQEf*QEx9~fOxOEL<Tgfp;~&v70{
zO>lV_YXAR(f_~**#}>E?7vV3c$V>`%ozD0c#^PyIM^zh|0VSg%F&H(&0_>0LPy@V#
zVOYPBX}<$%U=z^OfijPR4uplMwJt<mUt_Poi5l?-wqAmLsPD7&AioKDJ=89VM9sK2
z4#$D0$i0sfa6c-?q9fS<98ykPgzGFJG$~C?Rv&C?4vHU9GrfbFS<6V5j}Nvdrs0dI
zwf`Qq8!lor-bYO!s+pN-9P0gUsE%{2xy?K?v*}#WT0f4O>0<l9a_cJ8jEZdi4OCKX
zve%1I-*kIXC+P`P=>Nb@=#MhnE*mw_F}MY1c@*@;5*BS{;zwnBJJd+iP}`?3>L8ko
zO4d23hTlTX_!OpNK#b`i3-ui^1(h>fuor%ZdM_;2d<S@06ttGFq8d7H4Qg&q#`YM+
z^|6?U%TUR)AC+_`toKmQHEm(+hfS%^w!UiJi;-MEXY`!FmM$NXj?)U&@Ou0Kx1+XU
zVVwC=If6Q1?pb46xlRuCAy@@JK}BXC&cth|qjr3}Ig%G)YwE?Ag%>bM`@c(T*XhcI
z0(=Sg;CjqxV@7%vHItA8*Ga`hj6n}K;5)b$`?fVn`ztEcRoa<c%0#XC2-K2JM<wGN
ztf~E9L_tU9W>nVhz%{rV6@jew=EveS97p{qZpZizrh~IMlKN#-JH0!aZ9D|C*<F)S
zyJ%mcY5xW)$?u|9kwQRclbzL2p?nCH-Jz)Dj7BX@3)K0Lf{I8cDre@Ro_`(n{)eb<
zyb{!|IDtAre@89J1Jo`FPh$UT#vPMP11YE<i2<k(&qSS!YwZ1xQ4Q@!h48qo-$c#4
za<VySYNK{hEb7NC5w#sNQ15%FC0m)y{@05wyO@!7LOqa)n$dXFfM%j*{xa&vWfLlk
zcVJsA#V%MQ#cb35s1t7lY6AJFfh<Sm!Uk-I#U6!56fWUvtk%_pa6KwAn^7-*h<fpW
zy?zq)-f8Ot)QlT-GfUM972@uw0gOT&@pDnzb}=?bZwm!Q;5hp6XIuAmH`jx#p{SWh
zq8e&r>&d8y^+B!u2<rq?Zas#2J|A^dFR=C1$cgJY>nL>K#@l!pPvKj*rHAWm#eS)-
zvl;K=SlpOq&Vx!l?MaE6KpLu}OpL{ms1BE+&V{uYkB9MbEW=vb|8pKO+hHmG#f?>{
zwSKmjxn6{6)Hk4JdI6Q)f1^TPx3_sd3e{mJWY;+ZQ1>%Y?~Oz4ntarDEmB?k|2hRi
z;e_^aoo6rtQ*jgO!{QR^EN|S`oC9M~N%u0g#;;IoS%#WvR6jG*A=rxg64Y}$QM=$*
zd%tdf_P?^W7X=*<OR+2NMtz8sp*}pK2e?j0oPZk8I@I&WQ3I)*?mB}o3A^D+9EHbl
z48~`eWL$}A=RMSW=QG&<Duia54~GHx8TEX81mg#~&TgEKNtiImWbX{r!Bd0^>E}2M
ze?cu(m%%1t&)`Jr`%p^|J;XfU2~((#9^#pOxSk8z&&N?Syn_m9>nt;{QJ6q|F@|9=
zD%8hN2bD9_oFB31r`jF6Vh-y3*oaz!Ls$uKqt2HH9tG{s8pBLdMWGt*iJHl5oPxVi
z+beRoNwPRplJ!6}*b{Z8_d_jB7HY<YsPp4BR6pBL9e;&Na_=OCTnZOa4GrcOLuYh0
z>V%q)>gYq%HrtLG$Y<7rsD{2pKb}FIeC`NyJ=EG93%Q<*>+ukBKzYujktXDeQERyi
zHIP#nf#*<PK$S+B6EOlclW6RS-B3C71V-XkY=Ylo6y8Q9bHr$yW2o~cA6shwze_;}
z#!1v#RTyKoV>7HsJq~s9C16+ViaJ^sqe8wG6{$_AQ2&HM_@}+^j5Wzt6&1NYsH1%l
zmVf_eQ;6Zh1k{XHpw8$+sI~eX6@h!G0fvq<Ynz0+-yd~;j6{Wg0_wM-0JStPVh(P=
zC$Z9a^ZZlj>BZ+LC_7i<96W&9UWqy8gChqu;xDifeuE12Wn78D6YR$*Do0MCa_BeI
zNm+TKNy=t8oceH7#CJ?&|0`7g<$^+Y857Z+WI9Yn<wPoKCb_8R3Q$?T3N_OMs9kds
z6@h@s=HLp)3e<<A20jXv%nMKxUo_b>$+V0M@m$z|df^yq<R?%$a09jf?_f`id(=c=
z4pybU2G#H;)Ed8o8rVmu_72+nhp`FuBdCf0;Ze{?9-u;8IoDVN)ldlfuptgbKPnmL
zquzTK_1+7(6kkS#K5U9H5jFE+I2z}pCiVkrcX>A{q*JJuXGZoYYI{A8+4weUhR#%D
zH4LWuFe>|FPy<as<xCRl<eZ2~>Q$(m_!PB-hfv$G6xrr{|2<~*dv(;uVlb+~Skw#?
zPz`iOb^Hiw<k^^lPvTVEgZ(jPn(Oq&d8qgPWj%sgl2TMoT|vM0fADlOfCSW$*~!-X
zSTj&bm4zAj7;69T#feyoy)b2l3GFiUQ{Rl*RbQe8dI$9*mN?TbKS$<a2>m;|C}?Cy
zQ6V~uQFt9SgRp!P%4pQT-3Fq5mY+wh{g<fh{}z3C&t89kdOu*6$%SClbMdGp9gSWc
z3c2>eLR80vs9(A5s2LnZEr~PRG!%$xI0}^m38;Z3qZ*!v+BHw1+F6Qwa3gAfnf%qC
wBm9T3200}Sa(q*tt1@t6&bS%5v!|Eve<61^sN8#6&ba*CoRU6)ZphUC1JYiclK=n!

delta 7341
zcmXZg3w+P@9>?+D|7R{k%w@LBWnwp*F&oB=nY*xIE<@N5%NV&X%g;GsO`&vlB0?c0
z9VFvO9g1?oNpdKTN**dJmt1OdJ+Jq^-yV-1&+qql`ToA&&-e5B?q3&5{l72u-*Kv!
z=kGX9;T50L1YgF=xC3Lb1Y6=oYptt3$B%wTtb<)_KOJk(ABqhy3oGF~tcwMhgDbEa
zmSZ5g*L<GSkVfz|pHmCtu_~ro`(aJ`gRv2gMSZ9MYvc3w{wmwwjP<y_8w2p)*0b1-
z{;#M7HoNX~9>Iv~o>_T2F6aXp7>YAc5m||v@lNcI`|x9|`n#FvXQ&DN2le5zSOu?I
zZ(|hwd#K2T-|#sh7>ydYw`VV;qe7L7`mnC+fpyj`s1NKwh3*h40%uY0m129mkB?%)
zO`p>k2VyAZq87Le716CYAH6*^!f3?bG9So9<-}CfR?Nj<J%|eFD%1e)pe9m+3gt0-
z{VeLapY8oJ{E~jH+a?0vp>pIRKE|-l9U2;-@gF9X(Ws>BfQmpi>i!gTG2iwJFp~aK
z)C6~-CUng9f5a#0-^Kcv{in}K$GNCT9Kqpy-?>CXA4)DWk?4g@>F1*M>P1wj-^OOR
z7nQVUQ4_e0`f!tSpA(M>s4ba{dT%}|k}sel_X-B#2KD*AvzLaF=&<!G-JpLSH9#pU
zdG6o_e2Aew2DsyMw$eX%mx<BOy~lgF{Jx3Eng?bpK0s~hVN?XaL?!7-^oG*-mPQ7)
zerQ~TO15t?8n0kDKFaH{n1Wh)9wy)_d;K_StL~vbSlwr=k4ow$sK_Lv%01oZdKG&&
zmJ6!OdG>(?sDWNa?d^Khmh44E<{RvTmrw^ytm{@}eOpw&Kk7s2sI3~0+TsPMgR9Wq
zU+sEsMYe9UH$Fn`@t3Hi`5hIiDwW)dt#|~rRgG;w3YE<rQ6EUh)|iPASY-P<QO{jK
zEu;)vV6f-sI+THvjCx=kYJj;|fLpLVwy5kn!*CSN!S`__Mpbd0Nw^4g(ENtU*r2NG
ze25vS=K`v^P8?3bRD2!v9q$Jk3Q2&!*@DMVD~Uv{G|u*u?fqU@#P$BDJv@!o@e-;E
zuA}z8N_BHR05x6+>Og9N%7s*<Dm*8P#&Ry?;6g0JWtd;X?0wam#!yrlbwo|98|p&?
zP#+$S`p{I=0W=47uoc?t@1ah{5?n}?oWMZU|Damt#Yw1@Oh+Z(eAJc{p+2<1-rtH^
z`EFEl9YQ7V_o#_nLRHUQ+pk^Qt*G}f)cs`CM2283)&Eo)%IX5t%8D=+i%}0A!V>%r
zm5jv!W@2kmTer)47&Xx|7>XCLExL8g1lyq^n1otrcl5M^fiz@}eP9u4pche9@ORWf
z^e$@UAEL7O3)Fz6s0rUdO{iI2^ISYClBpPq>8ST+pceLWUFu(T`Ysn#1s|g#aKU;7
z6|!<`?RuskhT7XC)CaRrWjhl?u^2V+5>!qcMSbuT>ba|^i3ilD{-bCF*Eb<aMeX?j
z)Rs&@tzZT=M-LT=ji?XoLY?_XPy^n>1oR6u_1_USP8MpR(@<6L7u0*}J$vJ8)XINC
z4RphL$LcmPSzR6V;Sf}kwXxTGpgu4ZRqvBgTlFa_IZvYgn0<r#TXM@@_sVG~#1E~3
zLFR>M)Btg)5T{rNqb4}Pnv0$3&%$WjiCV~cR1RH6efTD7i)#m)2)9KR;yHb3Xn-;H
z#v0U%@1rKL9~JVW)^qm$uc$vtw^0#k^r(qY94h3gs69_Zjgy1g`+3+NU&CP4|5r3x
zaiJ8ovfzfU(;Y*xVx_19B^Q+&&)WXqFqZyi)PSc@<yIrat@we_1+^ukP)Rrq>-ad@
zQ41_;gsT5nXy~up>llM2xDYR*A~T_}>m=bD*b>j9K2)uVnNSic5`$4I%*O$^1~tLU
z*a(B0n(^DACYFt!4wTt6bRZO<_PP*teYL&50X5@yZGSiRqkq8mYlNDRH$YWMbJU7^
zV<x7fBDWPM;6YSUhBu@BIi#GJX0Ee@&?GlES$(L5IViqCt+Wiavgk0^>52oeCoV(n
z{nw~!_yr^J9%=z$;bx^VsQ0^~KAdHp6z-XoP3402dM;|Eo_(Omx&pPLV%uMbN~%rv
z`YzOOy8Wn=^b{)e*RUfti7;h10yWVm@NJyo(a<lJhLL6^O;Fh$kD6(BRQdEp9YhmR
z$vP7?@EfQVpTjiti!vX`K>ZGwjLMm}un&HPdaq$i^E<%HprO5d6*bV0)*8{~WK6&a
zu8+Y^xCE6v2QeH^S?{8rdo0G-4_nZG+WM+>KZbGrg3)uTwsM_mTxf+FcrBj6?Wi&=
zj5WVhj-n2jyVi)-t}~wg5UhrKP?0%+Gw>?vs2$hF9LWnXj{YtjhL^Cj>c4ZG>!ffY
zA78<JxDE%lH8Z_}T1mZl*Xe<Y7=_Q`8@L76V&4Rlv_GLjU8SALr8Lx@XQH-rDk>Rg
zVr|ubF%2D=n^9T26W8EgR0J~Gn?Dw-FpK^%+=;Or%m;qJ(ez7E<Md86Wjq8&Qe6{K
zRdk?}8UH3K$?u@&N5e14WT!tWl(kUV9fV5GaMaecM4b=GsEDMYa%L9l`PWhJZ$tgY
z+l{J<Q>YX4H`JEgM^#BkXX;-oZr|Aqkc|2x(H|A!Jk-g!+TMR3HPAs+2v6GnE!4^@
zC!2$&4yuYGQGeVLQRO%g_5QP{EnA*U{p-c(E@q}3P!FV`Rx}PZp*+;eSEBy7Y(i!6
zPE5cv*ad5LHD&rZ>cq=LEnqroB1NcNSdZ;+mq(*1jmx+a{ZmW`*P<e`8TH~e)Qg|k
z>!(rgowwdct+;VFvsJB7Ax=R}U=-?zpM~M*VYGaUh9YnhL-9M?e`u|dYVHT2R^A*n
zP#fD%LPe|(YVR|x*{Ix_f_i>B>ZqP?`!69UuIH?w(SaKq@e4eM8}Y5~uCpEc^>Cdn
zcn8Pfn?22WP^p(aDNzgPj`~m<w#1RB4=zTX3$I}tJc9XHj&)T3GkcqISd2Hhu>!T%
z&-F3ai?JvD^{ACzLS^?KsE`NtHP45kKG*@NI;TJCej4h%v8bw<jw;t;^;Q2jXb=h~
zsGsXB!lu{*H=%x5Tt=Pcp^uw$U<@khR$?4}j@rv|)Jntpo0Sg1*7O&lp8Eh*1wYyQ
zfdi<2Wo<7SIv^Hf3hqVy5GhCf@CYC1I*FK#n$Q~5^CwXgshs9IL$DKe!{zt{p1`pf
zn{JYEIcl7DQ1AViPW`J9G|2pL=#L-KpN_pTcChR0!#UU)<A#{*orXGiicul`7)Rhm
z)K+!QFcJGJPNaVTwFTir&GQ|wEB(<!JyVBkxuAMJiCSS9Dx|H4nTd_Uc={eT!d<9P
zpFkZ{4^Ssv<Zx3(DVRb(3w3_HiQ0n0SQ-CBoiF!28miBlBTQ0-p$6`OTFKM+6z)Zp
zSMyAhWHG2D>xLSz2kK1khuWG9)QSsH=f^74cm9F;@aL!`_fFHuq45i9puzmb&>1}f
zbwbTSeP|o1%(kN@@}cz*YM|p7ir=G7K4+A<9%PNeA}%N4Iy{UVP@Xekv<bO~+RGBu
zM9!hk_zS3CK$V^_Ct_37O2RP_yP|Sv9){t2*c`vc2>cV3%uUDG97CNq)3KH6|7{vN
zFixZP$~V@OV+-`7AA>si;xGlfppI4#74p|mk=ld`^;vubuiN_%P{~$poQYf?)X_c&
zD}Mivpb^D|Y}ATgM4i!xQG4|pDgt*=6Aa2Sd)o<h|8dm$F%lK}Y}DV1eALz~!|}Kt
z3$RkQd43^!dhvN0%FdT?HhzLCuf*}@2S*la#-CzS`~nr~QhW&mCfFaNs2n+m%Auc8
zCuQY{CMjEBCjH^4i0_<8{VP=e<AOq0ik;AT(tI!pl@qC`l}tiCmygQw6{wYdf~uO+
zs0jE?G6z=(R-!)~HStlXWS);&_<~8ENv0)SXv2l|s25J4W_}8l12<9iUxvLfX0nOE
zOsr0SHEQ5ZsOs2)n%EB1c!%u$BiNk&QPje(c{DVW`=}6C&N0?R4O9<(*a(MX6I3$J
zLB01J>b)1R5Lco?-|#78B5LKsa172tE$qLj>hf;UNTbnUikaDysPbBhBXJ{Yg%7O$
zx#kB(eN^^Gpe7oJ%9&26lXE;OsaK$K;-9E3Jd7&GGf0_xj^9*M@6}O9XaH)!NYo1B
zPy=+ty4Vvn^AV`BdIocG9}d8XX|B^3XQSTxm-Q%WOU|Hj>Q@X^{RiZk3B;j}%nr8S
z$2t&|R2i6#Q&9E4A1C4&?1RbEO=y>3DE-Z-s`?By(K6H@vBVi}#W^w?1NpvFLPIk<
zh6>RS7=brXD`@z%31v9yzunSNf0mb`_Wm<e_8&(d-nG~7qu%$MX>uU|^;|4!OGl$u
zpT;D6p#b&aLeyWm?Wh$TLv6_eRB~0FWd;sI<v<*2Vo9ihXQQfSA!?k(xF6p{O>hwZ
u>YwA}Z^-yPA>)0yOa0UHX68JTlQ(VRo)uSoB_V!;XXoYa;r}uR=KdcZwVgZw

diff --git a/geonode/locale/it/LC_MESSAGES/django.po b/geonode/locale/it/LC_MESSAGES/django.po
index f698c7205b5..8791b1cfec4 100644
--- a/geonode/locale/it/LC_MESSAGES/django.po
+++ b/geonode/locale/it/LC_MESSAGES/django.po
@@ -786,7 +786,7 @@ msgstr ""
 "controllo, zone postali e servizi, nomi di luoghi."
 
 msgid "Location"
-msgstr "Posizione"
+msgstr "Recapito"
 
 msgid ""
 "Features and characteristics of salt water bodies (excluding inland waters). Examples: "
@@ -3775,7 +3775,7 @@ msgid "introduce yourself"
 msgstr "presentarsi"
 
 msgid "Position Name"
-msgstr "Ruolo"
+msgstr "Incarico"
 
 msgid "role or position of the responsible person"
 msgstr "ruolo o posizione della persona responsabile"
diff --git a/geonode/people/templates/people/profile_detail.html b/geonode/people/templates/people/profile_detail.html
index 0d6a48269e8..1a3c09ef7f1 100644
--- a/geonode/people/templates/people/profile_detail.html
+++ b/geonode/people/templates/people/profile_detail.html
@@ -73,14 +73,18 @@ <h3>{{ profile.first_name|default:profile.name_long }}</h3>
         {% endif %}
       </tr>
       {% endif %}
-      <tr>
-        <td class="table-user-profile-attribute">{% trans 'Position' %}</td>
-        <td>{{ profile.position | default:_('Not provided.') }}</td>
-      </tr>
       <tr>
         <td class="table-user-profile-attribute">{% trans 'Organization'  %}</td>
         <td>{{ profile.organization | default:_('Not provided.') }}</td>
       </tr>
+      <tr>
+        <td class="table-user-profile-attribute">{% trans 'Description' %}</td>
+        <td>{{ profile.profile | default:_('Not provided.') }}</td>
+      </tr>
+      <tr>
+        <td class="table-user-profile-attribute">{% trans 'Position Name' %}</td>
+        <td>{{ profile.position | default:_('Not provided.') }}</td>
+      </tr>
       <tr>
         <td class="table-user-profile-attribute">{% trans 'Location' %}</td>
         <td>{{ profile.location | default:_('Not provided.') }}</td>
@@ -97,10 +101,6 @@ <h3>{{ profile.first_name|default:profile.name_long }}</h3>
         <td class="table-user-profile-attribute">{% trans 'Fax' %}</td>
         <td>{{ profile.fax | default:_('Not provided.') }}</td>
       </tr>
-      <tr>
-        <td class="table-user-profile-attribute">{% trans 'Description' %}</td>
-        <td>{{ profile.profile | default:_('Not provided.') }}</td>
-      </tr>
       <tr>
         <td class="table-user-profile-attribute">{% trans 'Keywords' %}</td>
         <td>

From 84b27ae1b54b3f828b1e29fdcf7750120bcf3d75 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Mon, 7 Aug 2023 17:58:17 +0200
Subject: [PATCH 107/330] use bracket notation inside the default feature
 template (#11343)

---
 geonode/layers/api/serializers.py | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/geonode/layers/api/serializers.py b/geonode/layers/api/serializers.py
index 270c469aa82..3d39fdefe20 100644
--- a/geonode/layers/api/serializers.py
+++ b/geonode/layers/api/serializers.py
@@ -88,20 +88,20 @@ def get_attribute(self, instance):
         else:
             _attributes = instance.attributes.filter(visible=True).order_by("display_order")
             if _attributes.exists():
-                _template = "<div>"
+                _template = '<div style="overflow-x:hidden">'
                 for _field in _attributes:
                     _label = _field.attribute_label or _field.attribute
                     _template += '<div class="row">'
                     if _field.featureinfo_type == Attribute.TYPE_HREF:
                         _template += (
                             '<div class="col-xs-6" style="font-weight: bold; word-wrap: break-word;">%s:</div> \
-                            <div class="col-xs-6" style="word-wrap: break-word;"><a href="${properties.%s}" target="_new">${properties.%s}</a></div>'
+                            <div class="col-xs-6" style="word-wrap: break-word;"><a href="${properties[\'%s\']}" target="_new">${properties[\'%s\']}</a></div>'
                             % (_label, _field, _field)
                         )
                     elif _field.featureinfo_type == Attribute.TYPE_IMAGE:
                         _template += (
                             '<div class="col-xs-12" align="center" style="font-weight: bold; word-wrap: break-word;"> \
-                            <a href="${properties.%s}" target="_new"><img width="100%%" height="auto" src="${properties.%s}" title="%s" alt="%s"/></a></div>'
+                            <a href="${properties[\'%s\']}" target="_new"><img width="100%%" height="auto" src="${propertiess[\'%s\']}" title="%s" alt="%s"/></a></div>'
                             % (_field.attribute, _field.attribute, _label, _label)
                         )
                     elif _field.featureinfo_type in (
@@ -115,32 +115,32 @@ def get_attribute(self, instance):
                         if "youtube" in _field.featureinfo_type:
                             _template += (
                                 '<div class="col-xs-12" align="center" style="font-weight: bold; word-wrap: break-word;"> \
-                                <iframe src="${properties.%s}" width="100%%" height="360" frameborder="0" allowfullscreen></iframe></div>'
+                                <iframe src="${properties[\'%s\']}" width="100%%" height="360" frameborder="0" allowfullscreen></iframe></div>'
                                 % (_field.attribute)
                             )
                         else:
                             _type = f"video/{_field.featureinfo_type[11:]}"
                             _template += (
                                 '<div class="col-xs-12" align="center" style="font-weight: bold; word-wrap: break-word;"> \
-                                <video width="100%%" height="360" controls><source src="${properties.%s}" type="%s">Your browser does not support the video tag.</video></div>'
+                                <video width="100%%" height="360" controls><source src="${properties[\'%s\']}" type="%s">Your browser does not support the video tag.</video></div>'
                                 % (_field.attribute, _type)
                             )
                     elif _field.featureinfo_type == Attribute.TYPE_AUDIO:
                         _template += (
                             '<div class="col-xs-12" align="center" style="font-weight: bold; word-wrap: break-word;"> \
-                            <audio controls><source src="${properties.%s}" type="audio/mpeg">Your browser does not support the audio element.</audio></div>'
+                            <audio controls><source src="${properties[\'%s\']}" type="audio/mpeg">Your browser does not support the audio element.</audio></div>'
                             % (_field.attribute)
                         )
                     elif _field.featureinfo_type == Attribute.TYPE_IFRAME:
                         _template += (
                             '<div class="col-xs-12" align="center" style="font-weight: bold; word-wrap: break-word;"> \
-                            <iframe src="/proxy/?url=${properties.%s}" width="100%%" height="360" frameborder="0" allowfullscreen></iframe></div>'
+                            <iframe src="/proxy/?url=${properties[\'%s\']}" width="100%%" height="360" frameborder="0" allowfullscreen></iframe></div>'
                             % (_field.attribute)
                         )
                     elif _field.featureinfo_type == Attribute.TYPE_PROPERTY:
                         _template += (
                             '<div class="col-xs-6" style="font-weight: bold; word-wrap: break-word;">%s:</div> \
-                            <div class="col-xs-6" style="word-wrap: break-word;">${properties.%s}</div>'
+                            <div class="col-xs-6" style="word-wrap: break-word;">${properties[\'%s\']}</div>'
                             % (_label, _field.attribute)
                         )
                     _template += "</div>"

From 1c8df230c1b44e8631dc8f6b0bec7e18e6d24685 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Mon, 7 Aug 2023 18:00:27 +0200
Subject: [PATCH 108/330] remove Django admin widgets for bbox editable fields
 (#11339)

---
 geonode/documents/admin.py | 2 ++
 geonode/geoapps/admin.py   | 2 ++
 geonode/layers/admin.py    | 3 ++-
 geonode/maps/admin.py      | 2 ++
 geonode/services/admin.py  | 1 +
 5 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/geonode/documents/admin.py b/geonode/documents/admin.py
index 36511c7d331..9af881f0e6d 100644
--- a/geonode/documents/admin.py
+++ b/geonode/documents/admin.py
@@ -36,6 +36,7 @@ class Meta(ResourceBaseAdminForm.Meta):
 
 
 class DocumentAdmin(TabbedTranslationAdmin):
+    exclude = ("ll_bbox_polygon", "bbox_polygon", "srid")
     list_display = ("id", "title", "date", "category", "group", "is_approved", "is_published", "metadata_completeness")
     list_display_links = ("id",)
     list_editable = ("title", "category", "group", "is_approved", "is_published")
@@ -55,6 +56,7 @@ class DocumentAdmin(TabbedTranslationAdmin):
         "is_approved",
         "is_published",
     )
+    readonly_fields = ("geographic_bounding_box",)
     date_hierarchy = "date"
     form = DocumentAdminForm
     actions = [metadata_batch_edit]
diff --git a/geonode/geoapps/admin.py b/geonode/geoapps/admin.py
index f0217db4cb2..33c8ff2f7c6 100644
--- a/geonode/geoapps/admin.py
+++ b/geonode/geoapps/admin.py
@@ -32,6 +32,7 @@ class Meta(ResourceBaseAdminForm.Meta):
 
 
 class GeoAppAdmin(TabbedTranslationAdmin):
+    exclude = ("ll_bbox_polygon", "bbox_polygon", "srid")
     list_display_links = ("title",)
     list_display = (
         "id",
@@ -65,6 +66,7 @@ class GeoAppAdmin(TabbedTranslationAdmin):
         "is_approved",
         "is_published",
     )
+    readonly_fields = ("geographic_bounding_box",)
     form = GeoAppAdminForm
 
     def delete_queryset(self, request, queryset):
diff --git a/geonode/layers/admin.py b/geonode/layers/admin.py
index 379d361943b..7cb712206d1 100644
--- a/geonode/layers/admin.py
+++ b/geonode/layers/admin.py
@@ -55,6 +55,7 @@ class Meta(ResourceBaseAdminForm.Meta):
 
 
 class DatasetAdmin(TabbedTranslationAdmin):
+    exclude = ("ll_bbox_polygon", "bbox_polygon", "srid")
     list_display = (
         "id",
         "alternate",
@@ -86,7 +87,7 @@ class DatasetAdmin(TabbedTranslationAdmin):
     search_fields = ("alternate", "title", "abstract", "purpose", "is_approved", "is_published", "state")
     filter_horizontal = ("contacts",)
     date_hierarchy = "date"
-    readonly_fields = ("uuid", "alternate", "workspace")
+    readonly_fields = ("uuid", "alternate", "workspace", "geographic_bounding_box")
     inlines = [AttributeInline]
     form = DatasetAdminForm
     actions = [metadata_batch_edit]
diff --git a/geonode/maps/admin.py b/geonode/maps/admin.py
index 6be72dd9982..da6f8bf74a1 100644
--- a/geonode/maps/admin.py
+++ b/geonode/maps/admin.py
@@ -44,6 +44,7 @@ class MapAdmin(TabbedTranslationAdmin):
     inlines = [
         MapLayerInline,
     ]
+    exclude = ("ll_bbox_polygon", "bbox_polygon", "srid")
     list_display_links = ("title",)
     list_display = (
         "id",
@@ -78,6 +79,7 @@ class MapAdmin(TabbedTranslationAdmin):
         "is_approved",
         "is_published",
     )
+    readonly_fields = ("geographic_bounding_box",)
     form = MapAdminForm
     actions = [metadata_batch_edit]
 
diff --git a/geonode/services/admin.py b/geonode/services/admin.py
index d447c4145f0..2e61a21ce3e 100644
--- a/geonode/services/admin.py
+++ b/geonode/services/admin.py
@@ -31,6 +31,7 @@ class Meta(ResourceBaseAdminForm.Meta):
 
 
 class ServiceAdmin(admin.ModelAdmin):
+    exclude = ("ll_bbox_polygon", "bbox_polygon", "srid")
     list_display = ("id", "name", "base_url", "type", "method")
     list_display_links = ("id", "name")
     list_filter = ("id", "name", "type", "method")

From 95eb82e8c79146dbe49ca2146fa405defc012732 Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Mon, 7 Aug 2023 18:03:40 +0200
Subject: [PATCH 109/330] [Fixes #11332] Remove geoip task (#11336)

* [Fixes #11332] Remove geoip task

* [Fixes #11332] Rollback requirements.txt

* [Fixes #11332] Rollback setuo.cfg
---
 entrypoint.sh                |  1 -
 geonode/monitoring/models.py | 33 ---------------------------------
 pavement.py                  | 18 ------------------
 tasks.py                     |  7 -------
 4 files changed, 59 deletions(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index 4e394cdc703..620976448cc 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -54,7 +54,6 @@ else
     invoke prepare
 
     if [ ${FORCE_REINIT} = "true" ]  || [ ${FORCE_REINIT} = "True" ] || [ ! -e "/mnt/volumes/statics/geonode_init.lock" ]; then
-        invoke updategeoip
         invoke fixtures
         invoke monitoringfixture
         invoke initialized
diff --git a/geonode/monitoring/models.py b/geonode/monitoring/models.py
index bbef043b228..18f302c73dc 100644
--- a/geonode/monitoring/models.py
+++ b/geonode/monitoring/models.py
@@ -701,39 +701,6 @@ def from_geonode(cls, service, request, response):
         sensitive_data = cls._get_user_data_gn(request)
         event_type = cls._get_event_type(request)
 
-        # ua = request.META.get('HTTP_USER_AGENT') or ''
-        # ua_family = cls._get_ua_family(ua)
-        #
-        # ip, is_routable = get_client_ip(request)
-        # lat = lon = None
-        # country = region = city = None
-        # if ip and is_routable:
-        #     ip = ip.split(':')[0]
-        #     if settings.TEST and ip == 'testserver':
-        #         ip = '127.0.0.1'
-        #     try:
-        #         ip = gethostbyname(ip)
-        #     except Exception as err:
-        #         pass
-        #
-        #     geoip = get_geoip()
-        #     try:
-        #         client_loc = geoip.city(ip)
-        #     except Exception as err:
-        #         log.warning("Cannot resolve %s: %s", ip, err)
-        #         client_loc = None
-        #
-        #     if client_loc:
-        #         lat, lon = client_loc['latitude'], client_loc['longitude'],
-        #         country = client_loc.get(
-        #             'country_code3') or client_loc['country_code']
-        #         if len(country) == 2:
-        #             _c = pycountry.countries.get(alpha_2=country)
-        #             country = _c.alpha_3
-        #
-        #         region = client_loc['region']
-        #         city = client_loc['city']
-
         data = {
             "received": received,
             "created": created,
diff --git a/pavement.py b/pavement.py
index f27d9d3c5de..5a494f124f4 100644
--- a/pavement.py
+++ b/pavement.py
@@ -261,10 +261,6 @@ def static(options):
 )
 def setup(options):
     """Get dependencies and prepare a GeoNode development environment."""
-
-    if MONITORING_ENABLED:
-        updategeoip(options)
-
     info(
         "GeoNode development environment successfully set up."
         "If you have not set up an administrative account,"
@@ -334,20 +330,6 @@ def upgradedb(options):
         print(f"Upgrades from version {version} are not yet supported.")
 
 
-@task
-@cmdopts([("settings=", "s", "Specify custom DJANGO_SETTINGS_MODULE")])
-def updategeoip(options):
-    """
-    Update geoip db
-    """
-    if MONITORING_ENABLED:
-        settings = options.get("settings", "")
-        if settings and "DJANGO_SETTINGS_MODULE" not in settings:
-            settings = f"DJANGO_SETTINGS_MODULE={settings}"
-
-        sh(f"{settings} python -W ignore manage.py updategeoip -o")
-
-
 @task
 @cmdopts([("settings=", "s", "Specify custom DJANGO_SETTINGS_MODULE")])
 def sync(options):
diff --git a/tasks.py b/tasks.py
index f3d72a0fff2..5711ab991b9 100755
--- a/tasks.py
+++ b/tasks.py
@@ -427,13 +427,6 @@ def monitoringfixture(ctx):
         logger.error(f"ERROR installing monitoring fixture: {str(e)}")
 
 
-@task
-def updategeoip(ctx):
-    print("**************************update geoip*******************************")
-    if ast.literal_eval(os.environ.get("MONITORING_ENABLED", "False")):
-        ctx.run(f"django-admin.py updategeoip --settings={_localsettings()}", pty=True)
-
-
 @task
 def updateadmin(ctx):
     print("***********************update admin details**************************")

From e00861b85a024b98ae05d50c4fb99811888bd06a Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Mon, 7 Aug 2023 18:06:44 +0200
Subject: [PATCH 110/330] [Fixes #11251] Extend MapLayer model with
 visualization properties (#11341)

* [Fixes #11251] Extend MapLayer model with visualization properties

* [Fixes #11251] Add test coverage

---------

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 geonode/maps/api/serializers.py               | 10 +--
 geonode/maps/api/tests.py                     | 73 +++++++++++++++++++
 .../migrations/0043_auto_20230807_1234.py     | 28 +++++++
 geonode/maps/models.py                        |  5 ++
 4 files changed, 110 insertions(+), 6 deletions(-)
 create mode 100644 geonode/maps/migrations/0043_auto_20230807_1234.py

diff --git a/geonode/maps/api/serializers.py b/geonode/maps/api/serializers.py
index 2d9c88330e3..382bdd20d0b 100644
--- a/geonode/maps/api/serializers.py
+++ b/geonode/maps/api/serializers.py
@@ -138,6 +138,9 @@ class Meta:
             "current_style",
             "dataset",
             "name",
+            "order",
+            "visibility",
+            "opacity",
         )
 
 
@@ -145,12 +148,7 @@ class SimpleMapLayerSerializer(serializers.ModelSerializer):
     class Meta:
         model = MapLayer
         name = "maplayer"
-        fields = (
-            "pk",
-            "name",
-            "extra_params",
-            "current_style",
-        )
+        fields = ("pk", "name", "extra_params", "current_style", "order", "visibility", "opacity")
 
 
 class MapSerializer(ResourceBaseSerializer):
diff --git a/geonode/maps/api/tests.py b/geonode/maps/api/tests.py
index d5a15323a43..8d21f79bc2b 100644
--- a/geonode/maps/api/tests.py
+++ b/geonode/maps/api/tests.py
@@ -111,6 +111,10 @@ def test_maps(self):
                 self.assertTrue(len(response.data["map"]["data"]["map"]["layers"]) == 7)
                 self.assertEqual(response.data["map"]["maplayers"][0]["extra_params"], {"foo": "bar"})
                 self.assertIsNotNone(response.data["map"]["maplayers"][0]["dataset"])
+                self.assertEqual(response.data["map"]["maplayers"][0]["extra_params"], {"foo": "bar"})
+                self.assertEqual(response.data["map"]["maplayers"][0]["visibility"], 1)
+                self.assertEqual(response.data["map"]["maplayers"][0]["order"], 0)
+                self.assertEqual(response.data["map"]["maplayers"][0]["opacity"], 1.0)
 
     def test_extra_metadata_included_with_param(self):
         resource = Map.objects.first()
@@ -150,6 +154,36 @@ def test_patch_map(self):
         self.assertEqual(response_maplayer["current_style"], "some-style-first-layer")
         self.assertIsNotNone(response_maplayer["dataset"])
 
+    def test_patch_map_with_extra_maplayer_info(self):
+        """
+        Patch to maps/<pk>/
+        """
+        # Get Layers List (backgrounds)
+        resource = Map.objects.first()
+        url = reverse("maps-detail", kwargs={"pk": resource.pk})
+
+        data = {
+            "title": f"{resource.title}-edited",
+            "abstract": resource.abstract,
+            "data": DUMMY_MAPDATA,
+            "id": resource.id,
+            "maplayers": DUMMY_MAPLAYERS_DATA_WITH_EXTRA_INFO,
+        }
+        self.client.login(username="admin", password="admin")
+        response = self.client.patch(f"{url}?include[]=data", data=data, format="json")
+
+        self.assertEqual(response.status_code, 200)
+        self.assertTrue(len(response.data) > 0)
+        self.assertTrue("data" in response.data["map"])
+        self.assertTrue(len(response.data["map"]["data"]["map"]["layers"]) == 7)
+        response_maplayer = response.data["map"]["maplayers"][0]
+        self.assertEqual(response_maplayer["extra_params"], {"msId": "Stamen.Watercolor__0"})
+        self.assertEqual(response_maplayer["current_style"], "some-style-first-layer")
+        self.assertEqual(response_maplayer["visibility"], False)
+        self.assertEqual(response_maplayer["order"], 99)
+        self.assertEqual(response_maplayer["opacity"], 1.3)
+        self.assertIsNotNone(response_maplayer["dataset"])
+
     @patch("geonode.maps.api.views.resolve_object")
     def test_patch_map_raise_exception(self, mocked_obj):
         """
@@ -204,6 +238,34 @@ def test_create_map(self):
         self.assertIsNotNone(response_maplayer["dataset"])
         self.assertIsNotNone(response.data["map"]["thumbnail_url"])
 
+    def test_create_map_with_extra_maplayer_info(self):
+        """
+        Post to maps/
+        """
+        # Get Layers List (backgrounds)
+        url = reverse("maps-list")
+
+        data = {
+            "title": "Some created map",
+            "data": DUMMY_MAPDATA,
+            "maplayers": DUMMY_MAPLAYERS_DATA_WITH_EXTRA_INFO,
+        }
+        self.client.login(username="admin", password="admin")
+        response = self.client.post(f"{url}?include[]=data", data=data, format="json")
+
+        self.assertEqual(response.status_code, 201)
+        self.assertTrue(len(response.data) > 0)
+        self.assertTrue("data" in response.data["map"])
+        self.assertTrue(len(response.data["map"]["data"]["map"]["layers"]) == 7)
+        response_maplayer = response.data["map"]["maplayers"][0]
+        self.assertEqual(response_maplayer["extra_params"], {"msId": "Stamen.Watercolor__0"})
+        self.assertEqual(response_maplayer["current_style"], "some-style-first-layer")
+        self.assertIsNotNone(response_maplayer["dataset"])
+        self.assertEqual(response_maplayer["visibility"], False)
+        self.assertEqual(response_maplayer["order"], 99)
+        self.assertEqual(response_maplayer["opacity"], 1.3)
+        self.assertIsNotNone(response.data["map"]["thumbnail_url"])
+
 
 DUMMY_MAPDATA = {
     "map": {
@@ -365,3 +427,14 @@ def test_create_map(self):
         "name": "geonode:CA",
     }
 ]
+
+DUMMY_MAPLAYERS_DATA_WITH_EXTRA_INFO = [
+    {
+        "extra_params": {"msId": "Stamen.Watercolor__0"},
+        "current_style": "some-style-first-layer",
+        "name": "geonode:CA",
+        "opacity": 1.3,
+        "visibility": False,
+        "order": 99,
+    }
+]
diff --git a/geonode/maps/migrations/0043_auto_20230807_1234.py b/geonode/maps/migrations/0043_auto_20230807_1234.py
new file mode 100644
index 00000000000..894c1e4ea5c
--- /dev/null
+++ b/geonode/maps/migrations/0043_auto_20230807_1234.py
@@ -0,0 +1,28 @@
+# Generated by Django 3.2.19 on 2023-08-07 12:34
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('maps', '0042_remove_maplayer_styles'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='maplayer',
+            name='opacity',
+            field=models.FloatField(default=1.0),
+        ),
+        migrations.AddField(
+            model_name='maplayer',
+            name='order',
+            field=models.IntegerField(default=0),
+        ),
+        migrations.AddField(
+            model_name='maplayer',
+            name='visibility',
+            field=models.BooleanField(default=True),
+        ),
+    ]
diff --git a/geonode/maps/models.py b/geonode/maps/models.py
index 650417aebd8..90b18bc98ab 100644
--- a/geonode/maps/models.py
+++ b/geonode/maps/models.py
@@ -262,6 +262,11 @@ class MapLayer(models.Model):
     local = models.BooleanField(default=False, blank=True)
     # True if this layer is served by the local geoserver
 
+    # Extend MapLayer model with visualization properties #11251
+    order = models.IntegerField(default=0)
+    visibility = models.BooleanField(default=True)
+    opacity = models.FloatField(default=1.0)
+
     @property
     def dataset_title(self):
         """

From 48613757ca48d92f49191fce6ba4632d91c4949b Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Tue, 8 Aug 2023 12:09:08 +0200
Subject: [PATCH 111/330] fix feature template test (#11351)

---
 geonode/layers/api/tests.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/geonode/layers/api/tests.py b/geonode/layers/api/tests.py
index dc6475bfdcc..7361e5c744a 100644
--- a/geonode/layers/api/tests.py
+++ b/geonode/layers/api/tests.py
@@ -93,8 +93,8 @@ def test_datasets(self):
             self.assertIsNotNone(response.data["dataset"].get("featureinfo_custom_template"))
             self.assertEqual(
                 response.data["dataset"].get("featureinfo_custom_template"),
-                '<div><div class="row"><div class="col-xs-6" style="font-weight: bold; word-wrap: break-word;">Name:</div>\
-                             <div class="col-xs-6" style="word-wrap: break-word;">${properties.name}</div></div></div>',
+                '<div style="overflow-x:hidden"><div class="row"><div class="col-xs-6" style="font-weight: bold; word-wrap: break-word;">Name:</div>\
+                             <div class="col-xs-6" style="word-wrap: break-word;">${properties[\'name\']}</div></div></div>',
             )
 
             _dataset.featureinfo_custom_template = "<div>Foo Bar</div>"
@@ -104,8 +104,8 @@ def test_datasets(self):
             self.assertIsNotNone(response.data["dataset"].get("featureinfo_custom_template"))
             self.assertEqual(
                 response.data["dataset"].get("featureinfo_custom_template"),
-                '<div><div class="row"><div class="col-xs-6" style="font-weight: bold; word-wrap: break-word;">Name:</div>\
-                             <div class="col-xs-6" style="word-wrap: break-word;">${properties.name}</div></div></div>',
+                '<div style="overflow-x:hidden"><div class="row"><div class="col-xs-6" style="font-weight: bold; word-wrap: break-word;">Name:</div>\
+                             <div class="col-xs-6" style="word-wrap: break-word;">${properties[\'name\']}</div></div></div>',
             )
 
             _dataset.use_featureinfo_custom_template = True

From c24458220aa1301c446fa2454b435e525cf8dcde Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Tue, 8 Aug 2023 23:43:26 +0200
Subject: [PATCH 112/330] Bump version (#11359)

* Bump version

* set python 3.10 as minimum version
---
 geonode/__init__.py | 2 +-
 setup.cfg           | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/geonode/__init__.py b/geonode/__init__.py
index e221b120dab..9b1e32fbb4d 100644
--- a/geonode/__init__.py
+++ b/geonode/__init__.py
@@ -19,7 +19,7 @@
 
 import os
 
-__version__ = (4, 1, 0, "dev", 0)
+__version__ = (4, 2, 0, "dev", 0)
 
 
 default_app_config = "geonode.apps.AppConfig"
diff --git a/setup.cfg b/setup.cfg
index 7668acc79c2..04f081e7ac5 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -14,12 +14,12 @@ classifiers =
     Intended Audience :: Developers
     Operating System :: OS Independent
     Topic :: Internet :: WWW/HTTP
-    Programming Language :: Python :: 3.8
+    Programming Language :: Python :: 3.10
 
 [options]
 zip_safe = False
 include_package_data = True
-python_requires = >= 3.7
+python_requires = >= 3.10
 packages = find:
 setup_requires =
     setuptools

From 3fa9a8690f4aa27282cd815224014bb6cbc6fb00 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Thu, 10 Aug 2023 18:19:45 +0200
Subject: [PATCH 113/330] [Fixes #11368] Fix spatial representation type
 parsing (#11369)

* Fix spatial representation type parsing

* improved code

* fixed tests

* fixed formatting
---
 geonode/base/fixtures/test_xml.xml                      | 2 +-
 geonode/catalogue/templates/catalogue/full_metadata.xml | 2 ++
 geonode/layers/metadata.py                              | 4 +++-
 geonode/layers/tests.py                                 | 4 ++--
 geonode/resource/utils.py                               | 8 +-------
 5 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/geonode/base/fixtures/test_xml.xml b/geonode/base/fixtures/test_xml.xml
index 34a2af08443..1b990340631 100755
--- a/geonode/base/fixtures/test_xml.xml
+++ b/geonode/base/fixtures/test_xml.xml
@@ -406,7 +406,7 @@
          </gmd:MD_LegalConstraints>
        </gmd:resourceConstraints>
        <gmd:spatialRepresentationType>
-         <gmd:MD_SpatialRepresentationTypeCode codeSpace="ISOTC211/19115" codeList="http://www.isotc211.org/2005/resources/Codelist/gmxCodelists.xml#MD_SpatialRepresentationTypeCode" codeListValue=""/>
+         <gmd:MD_SpatialRepresentationTypeCode codeSpace="ISOTC211/19115" codeList="http://www.isotc211.org/2005/resources/Codelist/gmxCodelists.xml#MD_SpatialRepresentationTypeCode" codeListValue="vector">vector</gmd:MD_SpatialRepresentationTypeCode>
        </gmd:spatialRepresentationType>
        <gmd:language>
          <gco:CharacterString>eng</gco:CharacterString>
diff --git a/geonode/catalogue/templates/catalogue/full_metadata.xml b/geonode/catalogue/templates/catalogue/full_metadata.xml
index 39bffae1d3c..955f81c3e55 100644
--- a/geonode/catalogue/templates/catalogue/full_metadata.xml
+++ b/geonode/catalogue/templates/catalogue/full_metadata.xml
@@ -436,9 +436,11 @@
            </gmd:otherConstraints>
          </gmd:MD_LegalConstraints>
        </gmd:resourceConstraints>
+       {% if layer.spatial_representation_type %}
        <gmd:spatialRepresentationType>
          <gmd:MD_SpatialRepresentationTypeCode codeSpace="ISOTC211/19115" codeList="http://www.isotc211.org/2005/resources/Codelist/gmxCodelists.xml#MD_SpatialRepresentationTypeCode" codeListValue="{{layer.spatial_representation_type.identifier}}">{{layer.spatial_representation_type.identifier}}</gmd:MD_SpatialRepresentationTypeCode>
        </gmd:spatialRepresentationType>
+       {% endif %}
        <gmd:language>
          <gco:CharacterString>{{layer.language}}</gco:CharacterString>
        </gmd:language>
diff --git a/geonode/layers/metadata.py b/geonode/layers/metadata.py
index e61577ff5b5..74aab2ce8a9 100644
--- a/geonode/layers/metadata.py
+++ b/geonode/layers/metadata.py
@@ -79,7 +79,9 @@ def iso2dict(exml):
     mdata = MD_Metadata(exml)
     identifier = mdata.identifier
     vals["language"] = mdata.language or mdata.languagecode or "eng"
-    vals["spatial_representation_type"] = mdata.hierarchy
+    if mdata.identification[0].spatialrepresentationtype:
+        vals["spatial_representation_type"] = mdata.identification[0].spatialrepresentationtype[0]
+
     vals["date"] = sniff_date(mdata.datestamp)
 
     if hasattr(mdata, "identification"):
diff --git a/geonode/layers/tests.py b/geonode/layers/tests.py
index fbe14c340ba..d7420fc2a84 100644
--- a/geonode/layers/tests.py
+++ b/geonode/layers/tests.py
@@ -1631,7 +1631,7 @@ def test_set_metadata_return_expected_values_from_xml(self):
             "date": datetime.datetime(2021, 4, 9, 9, 0, 46),
             "language": "eng",
             "purpose": None,
-            "spatial_representation_type": "dataset",
+            "spatial_representation_type": "vector",
             "supplemental_information": "No information provided",
             "temporal_extent_end": None,
             "temporal_extent_start": None,
@@ -1691,7 +1691,7 @@ def setUp(self):
             "date": datetime.datetime(2021, 4, 9, 9, 0, 46),
             "language": "eng",
             "purpose": None,
-            "spatial_representation_type": "dataset",
+            "spatial_representation_type": "vector",
             "supplemental_information": "No information provided",
             "temporal_extent_end": None,
             "temporal_extent_start": None,
diff --git a/geonode/resource/utils.py b/geonode/resource/utils.py
index ca7175c799b..b8e70a362cb 100644
--- a/geonode/resource/utils.py
+++ b/geonode/resource/utils.py
@@ -167,13 +167,7 @@ def update_resource(
     if vals:
         for key, value in vals.items():
             if key == "spatial_representation_type":
-                spatial_repr = SpatialRepresentationType.objects.filter(identifier=value)
-                if value is not None and spatial_repr.exists():
-                    value = SpatialRepresentationType(identifier=value)
-                # if the SpatialRepresentationType is not available in the DB, we just set it as None
-                elif value is not None and not spatial_repr.exists():
-                    value = None
-                defaults[key] = value
+                defaults[key] = SpatialRepresentationType.objects.filter(identifier=value).first() if value else None
             elif key == "topic_category":
                 value, created = TopicCategory.objects.get_or_create(
                     identifier=value, defaults={"description": "", "gn_description": value}

From c84f55ef2143b962729bda3b85f749ce15c2afdf Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Wed, 16 Aug 2023 11:32:36 +0200
Subject: [PATCH 114/330] =?UTF-8?q?[Fixes=20#11320]=20API=20V1=20delivers?=
 =?UTF-8?q?=20information=20on=20users=20that=20shouldn't=20be=E2=80=A6=20?=
 =?UTF-8?q?(#11321)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Fixes #11320] API V1 delivers information on users that shouldn't be visible

* Fix black and flake8

* Fix black and flake8

* Fix black and flake8

* Fix black and flake8

* [Fixes #11320] API V1 delivers information on users that shouldn't be visible

---------

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 geonode/api/api.py   | 10 ++++++++++
 geonode/api/tests.py |  8 +++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/geonode/api/api.py b/geonode/api/api.py
index 0663176dec9..4303c0caa4b 100644
--- a/geonode/api/api.py
+++ b/geonode/api/api.py
@@ -584,6 +584,16 @@ class OwnersResource(TypeFilteredResource):
 
     full_name = fields.CharField(null=True)
 
+    def apply_filters(self, request, applicable_filters):
+        """filter by group if applicable by group functionality"""
+
+        semi_filtered = super().apply_filters(request, applicable_filters)
+
+        if request.user and not request.user.is_superuser:
+            semi_filtered = get_available_users(request.user)
+
+        return semi_filtered
+
     def dehydrate_full_name(self, bundle):
         return bundle.obj.get_full_name() or bundle.obj.username
 
diff --git a/geonode/api/tests.py b/geonode/api/tests.py
index e8fb96626bb..39a428c21fb 100644
--- a/geonode/api/tests.py
+++ b/geonode/api/tests.py
@@ -321,7 +321,7 @@ def test_owners_lockdown(self):
         self.api_client.client.login(username="bobby", password="bob")
         resp = self.api_client.get(filter_url)
         self.assertValidJSONResponse(resp)
-        self.assertEqual(len(self.deserialize(resp)["objects"]), 9)
+        self.assertEqual(len(self.deserialize(resp)["objects"]), 6)
         # Returns limitted info about other users
         bobby = get_user_model().objects.get(username="bobby")
         owners = self.deserialize(resp)["objects"]
@@ -332,6 +332,12 @@ def test_owners_lockdown(self):
                 self.assertIsNone(owner.get("email"))
                 self.assertIsNone(owner.get("first_name"))
 
+        # now test with logged in admin
+        self.api_client.client.login(username="admin", password="admin")
+        resp = self.api_client.get(filter_url)
+        self.assertValidJSONResponse(resp)
+        self.assertEqual(len(self.deserialize(resp)["objects"]), 9)
+
     @override_settings(API_LOCKDOWN=True)
     def test_groups_lockdown(self):
         groups_list_url = reverse("api_dispatch_list", kwargs={"api_name": "api", "resource_name": "groups"})

From c7d496462de7d67f2f3ee14db9e55bc392e1b9ce Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Wed, 16 Aug 2023 11:35:52 +0200
Subject: [PATCH 115/330] Fixes #11296 Implement custom download URLs (#11298)

* Fixes #11296 Implement custom download URLs

* Fixes #11296 Fix tests

* Fixes #11296 Let the download manager being overridable

* Fixes #11296 rename dataset in resource

* Fixes #11296 black and flake run

* Fixes #11296 perform_last_step removed

* Fixes #11296 file rename

* Fixes #11296 file rename

* Fixes #11296 file rename

* Fixes #11296 fix codeql warning

* Fixes #11296 fix flake8 and test

* Fixes #11296 fix flake8 and test

---------

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 geonode/layers/tests.py              |  32 +++----
 geonode/layers/views.py              |  76 ++-------------
 geonode/resource/download_handler.py | 133 +++++++++++++++++++++++++++
 geonode/settings.py                  |   2 +
 geonode/tests/smoke.py               |  21 +++++
 5 files changed, 177 insertions(+), 87 deletions(-)
 create mode 100644 geonode/resource/download_handler.py

diff --git a/geonode/layers/tests.py b/geonode/layers/tests.py
index d7420fc2a84..2deb3ca0a21 100644
--- a/geonode/layers/tests.py
+++ b/geonode/layers/tests.py
@@ -1210,7 +1210,7 @@ def test_dataset_download_invalid_wps_format(self):
         self.assertEqual(500, response.status_code)
         self.assertDictEqual({"error": "The format provided is not valid for the selected resource"}, response.json())
 
-    @patch("geonode.layers.views.HttpClient.request")
+    @patch("geonode.resource.download_handler.HttpClient.request")
     def test_dataset_download_call_the_catalog_raise_error_for_no_200(self, mocked_catalog):
         _response = MagicMock(status_code=500, content="foo-bar")
         mocked_catalog.return_value = _response, "foo-bar"
@@ -1220,12 +1220,9 @@ def test_dataset_download_call_the_catalog_raise_error_for_no_200(self, mocked_c
         url = reverse("dataset_download", args=[dataset.alternate])
         response = self.client.get(url)
         self.assertEqual(500, response.status_code)
-        self.assertDictEqual(
-            {"error": "Download dataset exception: error during call with GeoServer: foo-bar"}, response.json()
-        )
+        self.assertDictEqual({"error": "Download dataset exception: error during call with GeoServer"}, response.json())
 
-    @patch("geonode.layers.views.HttpClient.request")
-    def test_dataset_download_call_the_catalog_raise_error_for_error_content(self, mocked_catalog):
+    def test_dataset_download_call_the_catalog_raise_error_for_error_content(self):
         content = """<?xml version="1.0" encoding="UTF-8"?>
                 <ows:ExceptionReport xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ows="http://www.opengis.net/ows/1.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="1.1.0" xsi:schemaLocation="http://www.opengis.net/ows/1.1 http://localhost:8080/geoserver/schemas/ows/1.1.0/owsAll.xsd">
                     <ows:Exception exceptionCode="InvalidParameterValue" locator="ResponseDocument">
@@ -1234,14 +1231,15 @@ def test_dataset_download_call_the_catalog_raise_error_for_error_content(self, m
                 </ows:ExceptionReport>
                 """  # noqa
         _response = MagicMock(status_code=200, text=content, headers={"Content-Type": "text/xml"})
-        mocked_catalog.return_value = _response, content
         # if settings.USE_GEOSERVER is false, the URL must be redirected
         self.client.login(username="admin", password="admin")
         dataset = Dataset.objects.first()
-        url = reverse("dataset_download", args=[dataset.alternate])
-        response = self.client.get(url)
-        self.assertEqual(500, response.status_code)
-        self.assertDictEqual({"error": "InvalidParameterValue: Foo Bar Exception"}, response.json())
+        with patch("geonode.resource.download_handler.HttpClient.request") as mocked_catalog:
+            mocked_catalog.return_value = _response, content
+            url = reverse("dataset_download", args=[dataset.alternate])
+            response = self.client.get(url)
+            self.assertEqual(500, response.status_code)
+            self.assertDictEqual({"error": "InvalidParameterValue: Foo Bar Exception"}, response.json())
 
     def test_dataset_download_call_the_catalog_works(self):
         # if settings.USE_GEOSERVER is false, the URL must be redirected
@@ -1249,7 +1247,7 @@ def test_dataset_download_call_the_catalog_works(self):
         self.client.login(username="admin", password="admin")
         dataset = Dataset.objects.first()
         layer = create_dataset(dataset.title, dataset.title, dataset.owner, "Point")
-        with patch("geonode.layers.views.HttpClient.request") as mocked_catalog:
+        with patch("geonode.resource.download_handler.HttpClient.request") as mocked_catalog:
             mocked_catalog.return_value = _response, ""
             url = reverse("dataset_download", args=[layer.alternate])
             response = self.client.get(url)
@@ -1268,21 +1266,21 @@ def test_dataset_download_call_the_catalog_work_anonymous(self):
         _response = MagicMock(status_code=200, text="", headers={"Content-Type": ""})  # noqa
         dataset = Dataset.objects.first()
         layer = create_dataset(dataset.title, dataset.title, dataset.owner, "Point")
-        with patch("geonode.layers.views.HttpClient.request") as mocked_catalog:
+        with patch("geonode.resource.download_handler.HttpClient.request") as mocked_catalog:
             mocked_catalog.return_value = _response, ""
             url = reverse("dataset_download", args=[layer.alternate])
             response = self.client.get(url)
             self.assertTrue(response.status_code == 200)
 
     @override_settings(USE_GEOSERVER=True)
-    @patch("geonode.layers.views.get_template")
+    @patch("geonode.resource.download_handler.get_template")
     def test_dataset_download_call_the_catalog_work_for_raster(self, pathed_template):
         # if settings.USE_GEOSERVER is false, the URL must be redirected
         _response = MagicMock(status_code=200, text="", headers={"Content-Type": ""})  # noqa
         dataset = Dataset.objects.filter(subtype="raster").first()
         layer = create_dataset(dataset.title, dataset.title, dataset.owner, "Point")
         Dataset.objects.filter(alternate=layer.alternate).update(subtype="raster")
-        with patch("geonode.layers.views.HttpClient.request") as mocked_catalog:
+        with patch("geonode.resource.download_handler.HttpClient.request") as mocked_catalog:
             mocked_catalog.return_value = _response, ""
             url = reverse("dataset_download", args=[layer.alternate])
             response = self.client.get(url)
@@ -1295,13 +1293,13 @@ def test_dataset_download_call_the_catalog_work_for_raster(self, pathed_template
         )
 
     @override_settings(USE_GEOSERVER=True)
-    @patch("geonode.layers.views.get_template")
+    @patch("geonode.resource.download_handler.get_template")
     def test_dataset_download_call_the_catalog_work_for_vector(self, pathed_template):
         # if settings.USE_GEOSERVER is false, the URL must be redirected
         _response = MagicMock(status_code=200, text="", headers={"Content-Type": ""})  # noqa
         dataset = Dataset.objects.filter(subtype="vector").first()
         layer = create_dataset(dataset.title, dataset.title, dataset.owner, "Point")
-        with patch("geonode.layers.views.HttpClient.request") as mocked_catalog:
+        with patch("geonode.resource.download_handler.HttpClient.request") as mocked_catalog:
             mocked_catalog.return_value = _response, ""
             url = reverse("dataset_download", args=[layer.alternate])
             response = self.client.get(url)
diff --git a/geonode/layers/views.py b/geonode/layers/views.py
index 609a7f0c839..d9b08da7f97 100644
--- a/geonode/layers/views.py
+++ b/geonode/layers/views.py
@@ -23,21 +23,18 @@
 import logging
 import warnings
 import traceback
-from django.urls import reverse
 
 from owslib.wfs import WebFeatureService
-import xml.etree.ElementTree as ET
 
 from django.conf import settings
 
 from django.db.models import F
-from django.http import Http404, JsonResponse
+from django.http import Http404
 from django.contrib import messages
 from django.shortcuts import render
 from django.utils.html import escape
 from django.forms.utils import ErrorList
 from django.contrib.auth import get_user_model
-from django.template.loader import get_template
 from django.utils.translation import ugettext as _
 from django.core.exceptions import PermissionDenied
 from django.forms.models import inlineformset_factory
@@ -50,9 +47,8 @@
 
 from geonode import geoserver
 from geonode.layers.metadata import parse_metadata
-from geonode.proxy.views import fetch_response_headers
 from geonode.resource.manager import resource_manager
-from geonode.geoserver.helpers import set_dataset_style, wps_format_is_supported
+from geonode.geoserver.helpers import set_dataset_style
 from geonode.resource.utils import update_resource
 
 from geonode.base.auth import get_or_create_token
@@ -70,9 +66,10 @@
 from geonode.groups.models import GroupProfile
 from geonode.security.utils import get_user_visible_groups, AdvancedSecurityWorkflowManager
 from geonode.people.forms import ProfileForm
-from geonode.utils import HttpClient, check_ogc_backend, llbbox_to_mercator, resolve_object, mkdtemp
+from geonode.utils import check_ogc_backend, llbbox_to_mercator, resolve_object, mkdtemp
 from geonode.geoserver.helpers import ogc_server_settings, select_relevant_files, write_uploaded_files_to_disk
 from geonode.geoserver.security import set_geowebcache_invalidate_cache
+from django.utils.module_loading import import_string
 
 if check_ogc_backend(geoserver.BACKEND_PACKAGE):
     from geonode.geoserver.helpers import gs_catalog
@@ -736,69 +733,8 @@ def dataset_metadata_advanced(request, layername):
 
 @csrf_exempt
 def dataset_download(request, layername):
-    try:
-        dataset = _resolve_dataset(request, layername, "base.download_resourcebase", _PERMISSION_MSG_GENERIC)
-    except Exception as e:
-        raise Http404(Exception(_("Not found"), e))
-
-    if not settings.USE_GEOSERVER:
-        # if GeoServer is not used, we redirect to the proxy download
-        return HttpResponseRedirect(reverse("download", args=[dataset.id]))
-
-    download_format = request.GET.get("export_format")
-
-    if download_format and not wps_format_is_supported(download_format, dataset.subtype):
-        logger.error("The format provided is not valid for the selected resource")
-        return JsonResponse({"error": "The format provided is not valid for the selected resource"}, status=500)
-
-    _format = "application/zip" if dataset.is_vector() else "image/tiff"
-    # getting default payload
-    tpl = get_template("geoserver/dataset_download.xml")
-    ctx = {"alternate": dataset.alternate, "download_format": download_format or _format}
-    # applying context for the payload
-    payload = tpl.render(ctx)
-
-    # init of Client
-    client = HttpClient()
-
-    headers = {"Content-type": "application/xml", "Accept": "application/xml"}
-
-    # defining the URL needed fr the download
-    url = f"{settings.OGC_SERVER['default']['LOCATION']}ows?service=WPS&version=1.0.0&REQUEST=Execute"
-    if not request.user.is_anonymous:
-        # define access token for the user
-        access_token = get_or_create_token(request.user)
-        url += f"&access_token={access_token}"
-
-    # request to geoserver
-    response, content = client.request(url=url, data=payload, method="post", headers=headers)
-
-    if response.status_code != 200:
-        logger.error(f"Download dataset exception: error during call with GeoServer: {response.content}")
-        return JsonResponse(
-            {"error": f"Download dataset exception: error during call with GeoServer: {response.content}"}, status=500
-        )
-
-    # error handling
-    namespaces = {"ows": "http://www.opengis.net/ows/1.1", "wps": "http://www.opengis.net/wps/1.0.0"}
-    response_type = response.headers.get("Content-Type")
-    if response_type == "text/xml":
-        # parsing XML for get exception
-        content = ET.fromstring(response.text)
-        exc = content.find("*//ows:Exception", namespaces=namespaces) or content.find(
-            "ows:Exception", namespaces=namespaces
-        )
-        if exc:
-            exc_text = exc.find("ows:ExceptionText", namespaces=namespaces)
-            logger.error(f"{exc.attrib.get('exceptionCode')} {exc_text.text}")
-            return JsonResponse({"error": f"{exc.attrib.get('exceptionCode')}: {exc_text.text}"}, status=500)
-
-    return_response = fetch_response_headers(
-        HttpResponse(content=response.content, status=response.status_code, content_type=download_format),
-        response.headers,
-    )
-    return_response.headers["Content-Type"] = download_format or _format
-    return return_response
+    DownloadHandler = import_string(settings.DATASET_DOWNLOAD_HANDLER)
+    return DownloadHandler(request, layername).get_download_response()
 
 
 @login_required
diff --git a/geonode/resource/download_handler.py b/geonode/resource/download_handler.py
new file mode 100644
index 00000000000..ae21e4e23a9
--- /dev/null
+++ b/geonode/resource/download_handler.py
@@ -0,0 +1,133 @@
+#########################################################################
+#
+# Copyright (C) 2023 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+
+import logging
+import xml.etree.ElementTree as ET
+
+from django.http import Http404, HttpResponse, HttpResponseRedirect, JsonResponse
+from django.template.loader import get_template
+from django.urls import reverse
+from django.utils.translation import ugettext as _
+from django.conf import settings
+from geonode.base.auth import get_or_create_token
+from geonode.geoserver.helpers import wps_format_is_supported
+from geonode.layers.views import _resolve_dataset
+from geonode.proxy.views import fetch_response_headers
+from geonode.utils import HttpClient
+
+logger = logging.getLogger("geonode.resource.download_handler")
+
+
+class DownloadHandler:
+    def __str__(self):
+        return f"{self.__module__}.{self.__class__.__name__}"
+
+    def __repr__(self):
+        return self.__str__()
+
+    def __init__(self, request, resource_name) -> None:
+        self.request = request
+        self.resource_name = resource_name
+
+    def get_download_response(self):
+        """
+        Basic method. Should return the Response object
+        that allow the resource download
+        """
+        resource = self.get_resource()
+        response = self.process_dowload(resource)
+        return response
+
+    def get_resource(self):
+        """
+        Returnt the object needed
+        """
+        try:
+            return _resolve_dataset(
+                self.request,
+                self.resource_name,
+                "base.download_resourcebase",
+                _("You do not have permissions for this dataset."),
+            )
+        except Exception as e:
+            raise Http404(Exception(_("Not found"), e))
+
+    def process_dowload(self, resource):
+        """
+        Generate the response object
+        """
+        if not settings.USE_GEOSERVER:
+            # if GeoServer is not used, we redirect to the proxy download
+            return HttpResponseRedirect(reverse("download", args=[resource.id]))
+
+        download_format = self.request.GET.get("export_format")
+
+        if download_format and not wps_format_is_supported(download_format, resource.subtype):
+            logger.error("The format provided is not valid for the selected resource")
+            return JsonResponse({"error": "The format provided is not valid for the selected resource"}, status=500)
+
+        _format = "application/zip" if resource.is_vector() else "image/tiff"
+        # getting default payload
+        tpl = get_template("geoserver/dataset_download.xml")
+        ctx = {"alternate": resource.alternate, "download_format": download_format or _format}
+        # applying context for the payload
+        payload = tpl.render(ctx)
+
+        # init of Client
+        client = HttpClient()
+
+        headers = {"Content-type": "application/xml", "Accept": "application/xml"}
+
+        # defining the URL needed fr the download
+        url = f"{settings.OGC_SERVER['default']['LOCATION']}ows?service=WPS&version=1.0.0&REQUEST=Execute"
+        if not self.request.user.is_anonymous:
+            # define access token for the user
+            access_token = get_or_create_token(self.request.user)
+            url += f"&access_token={access_token}"
+
+        # request to geoserver
+        response, content = client.request(url=url, data=payload, method="post", headers=headers)
+
+        if not response or response.status_code != 200:
+            logger.error(f"Download dataset exception: error during call with GeoServer: {content}")
+            return JsonResponse(
+                {"error": "Download dataset exception: error during call with GeoServer"},
+                status=500,
+            )
+
+        # error handling
+        namespaces = {"ows": "http://www.opengis.net/ows/1.1", "wps": "http://www.opengis.net/wps/1.0.0"}
+        response_type = response.headers.get("Content-Type")
+        if response_type == "text/xml":
+            # parsing XML for get exception
+            content = ET.fromstring(response.text)
+            exc = content.find("*//ows:Exception", namespaces=namespaces) or content.find(
+                "ows:Exception", namespaces=namespaces
+            )
+            if exc:
+                exc_text = exc.find("ows:ExceptionText", namespaces=namespaces)
+                logger.error(f"{exc.attrib.get('exceptionCode')} {exc_text.text}")
+                return JsonResponse({"error": f"{exc.attrib.get('exceptionCode')}: {exc_text.text}"}, status=500)
+
+        return_response = fetch_response_headers(
+            HttpResponse(content=response.content, status=response.status_code, content_type=download_format),
+            response.headers,
+        )
+        return_response.headers["Content-Type"] = download_format or _format
+        return return_response
diff --git a/geonode/settings.py b/geonode/settings.py
index 4a90f085e68..72f37a84b6f 100644
--- a/geonode/settings.py
+++ b/geonode/settings.py
@@ -2344,3 +2344,5 @@ def get_geonode_catalogue_service():
     {"class": "geonode.facets.providers.users.OwnerFacetProvider", "config": {"order": 8, "type": "select"}},
     {"class": "geonode.facets.providers.thesaurus.ThesaurusFacetProvider", "config": {"type": "select"}},
 ]
+
+DATASET_DOWNLOAD_HANDLER = os.getenv("DATASET_DOWNLOAD_HANDLER", "geonode.resource.download_handler.DownloadHandler")
diff --git a/geonode/tests/smoke.py b/geonode/tests/smoke.py
index 7ae4a37c1b9..bda90ec0e16 100644
--- a/geonode/tests/smoke.py
+++ b/geonode/tests/smoke.py
@@ -18,7 +18,10 @@
 #########################################################################
 
 from unittest import TestCase
+
+from django.http import HttpResponse
 from geonode.base.populate_test_data import create_single_dataset
+from geonode.resource.download_handler import DownloadHandler
 from geonode.resource.utils import metadata_storers
 from geonode.tests.base import GeoNodeBaseTestSupport
 
@@ -333,3 +336,21 @@ def dummy_metadata_storer2(dataset, custom):
     if custom.get("second-stage", None):
         for key, value in custom["second-stage"].items():
             setattr(dataset, key, value)
+
+
+class DummyDownloadManager(DownloadHandler):
+    def get_download_response(self):
+        return HttpResponse(content=b"abcsfd2")
+
+
+class TestDownloadManager(GeoNodeBaseTestSupport):
+    def setUp(self):
+        self.sut = DownloadHandler
+
+    @override_settings(DATASET_DOWNLOAD_HANDLER="geonode.tests.smoke.DummyDownloadManager")
+    def test_download_handler(self):
+        dataset = create_single_dataset("test_dataset")
+        url = reverse("dataset_download", args=[dataset.alternate])
+        response = self.client.get(url)
+        self.assertTrue(response.status_code == 200)
+        self.assertEqual(response.content, b"abcsfd2")

From 05b1b08af665e200efe4f8c49c6b78f33b1b1d33 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Thu, 17 Aug 2023 11:51:33 +0200
Subject: [PATCH 116/330] [Fixes #11386] Configure Django apps (#11387)

* Configure Django apps

* fix typos

* fix

* removed deprectaed default_app_config

* missing conifg for goenode openid provider app

* formatting
---
 geonode/api/apps.py                           |  24 +
 geonode/catalogue/apps.py                     |  24 +
 geonode/catalogue/metadataxsl/apps.py         |  24 +
 geonode/documents/exif/apps.py                |  24 +
 geonode/favorite/apps.py                      |  24 +
 geonode/geoserver/createlayer/apps.py         |  24 +
 geonode/geoserver/processing/apps.py          |  24 +
 geonode/local_settings.py.geoserver.sample    | 442 +++++++++---------
 .../providers/geonode_openid_connect/apps.py  |  24 +
 geonode/proxy/__init__.py                     |   2 +-
 geonode/proxy/apps.py                         |  24 +
 geonode/security/__init__.py                  |   2 +-
 geonode/security/apps.py                      |  24 +
 geonode/tasks/apps.py                         |  24 +
 14 files changed, 476 insertions(+), 234 deletions(-)
 create mode 100644 geonode/api/apps.py
 create mode 100644 geonode/catalogue/apps.py
 create mode 100644 geonode/catalogue/metadataxsl/apps.py
 create mode 100644 geonode/documents/exif/apps.py
 create mode 100644 geonode/favorite/apps.py
 create mode 100644 geonode/geoserver/createlayer/apps.py
 create mode 100644 geonode/geoserver/processing/apps.py
 create mode 100644 geonode/people/socialaccount/providers/geonode_openid_connect/apps.py
 create mode 100644 geonode/proxy/apps.py
 create mode 100644 geonode/security/apps.py
 create mode 100644 geonode/tasks/apps.py

diff --git a/geonode/api/apps.py b/geonode/api/apps.py
new file mode 100644
index 00000000000..bf3d85231a9
--- /dev/null
+++ b/geonode/api/apps.py
@@ -0,0 +1,24 @@
+#########################################################################
+#
+# Copyright (C) 2023 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+from django.apps import AppConfig
+
+
+class GeoNodeApiAppConfig(AppConfig):
+    name = "geonode.api"
+    verbose_name = "GeoNode API v1"
diff --git a/geonode/catalogue/apps.py b/geonode/catalogue/apps.py
new file mode 100644
index 00000000000..961648a7945
--- /dev/null
+++ b/geonode/catalogue/apps.py
@@ -0,0 +1,24 @@
+#########################################################################
+#
+# Copyright (C) 2023 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+from django.apps import AppConfig
+
+
+class GeoNodeCatalogueAppConfig(AppConfig):
+    name = "geonode.catalogue"
+    verbose_name = "GeoNode CSW Catalogue"
diff --git a/geonode/catalogue/metadataxsl/apps.py b/geonode/catalogue/metadataxsl/apps.py
new file mode 100644
index 00000000000..af8e4d6001f
--- /dev/null
+++ b/geonode/catalogue/metadataxsl/apps.py
@@ -0,0 +1,24 @@
+#########################################################################
+#
+# Copyright (C) 2023 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+from django.apps import AppConfig
+
+
+class GeoNodeCatalogueMetadataxslAppConfig(AppConfig):
+    name = "geonode.catalogue.metadataxsl"
+    verbose_name = "GeoNode Catalogue metadataxsl"
diff --git a/geonode/documents/exif/apps.py b/geonode/documents/exif/apps.py
new file mode 100644
index 00000000000..eaeb3e2a031
--- /dev/null
+++ b/geonode/documents/exif/apps.py
@@ -0,0 +1,24 @@
+#########################################################################
+#
+# Copyright (C) 2023 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+from django.apps import AppConfig
+
+
+class GeoNodeDocumentsExifAppConfig(AppConfig):
+    name = "geonode.documents.exif"
+    verbose_name = "GeoNode Documents Exif"
diff --git a/geonode/favorite/apps.py b/geonode/favorite/apps.py
new file mode 100644
index 00000000000..0b27c6eb7e3
--- /dev/null
+++ b/geonode/favorite/apps.py
@@ -0,0 +1,24 @@
+#########################################################################
+#
+# Copyright (C) 2023 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+from django.apps import AppConfig
+
+
+class GeoNodeFavoriteAppConfig(AppConfig):
+    name = "geonode.favorite"
+    verbose_name = "GeoNode Favorite"
diff --git a/geonode/geoserver/createlayer/apps.py b/geonode/geoserver/createlayer/apps.py
new file mode 100644
index 00000000000..a3b9434b8a4
--- /dev/null
+++ b/geonode/geoserver/createlayer/apps.py
@@ -0,0 +1,24 @@
+#########################################################################
+#
+# Copyright (C) 2023 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+from django.apps import AppConfig
+
+
+class GeoNodeGeoserverCreatelayerAppConfig(AppConfig):
+    name = "geonode.geoserver.createlayer"
+    verbose_name = "GeoNode Geoserver Createlayer"
diff --git a/geonode/geoserver/processing/apps.py b/geonode/geoserver/processing/apps.py
new file mode 100644
index 00000000000..8b5d10c06cb
--- /dev/null
+++ b/geonode/geoserver/processing/apps.py
@@ -0,0 +1,24 @@
+#########################################################################
+#
+# Copyright (C) 2023 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+from django.apps import AppConfig
+
+
+class GeoNodeGeoserverProcessingAppConfig(AppConfig):
+    name = "geonode.geoserver.processing"
+    verbose_name = "GeoNode Geoserver Processing"
diff --git a/geonode/local_settings.py.geoserver.sample b/geonode/local_settings.py.geoserver.sample
index 733589d6d36..18aa492c76f 100644
--- a/geonode/local_settings.py.geoserver.sample
+++ b/geonode/local_settings.py.geoserver.sample
@@ -26,6 +26,7 @@
 
 import ast
 import os
+
 try:  # python2
     from urlparse import urlparse, urlunparse, urlsplit, urljoin
 except ImportError:
@@ -35,159 +36,129 @@ from geonode.settings import *
 
 PROJECT_ROOT = os.path.abspath(os.path.dirname(__file__))
 
-MEDIA_ROOT = os.getenv('MEDIA_ROOT', os.path.join(PROJECT_ROOT, "uploaded"))
+MEDIA_ROOT = os.getenv("MEDIA_ROOT", os.path.join(PROJECT_ROOT, "uploaded"))
 
-STATIC_ROOT = os.getenv('STATIC_ROOT',
-                        os.path.join(PROJECT_ROOT, "static_root")
-                        )
+STATIC_ROOT = os.getenv("STATIC_ROOT", os.path.join(PROJECT_ROOT, "static_root"))
 
-TIME_ZONE = 'UTC'
+TIME_ZONE = "UTC"
 
 # Login and logout urls override
-LOGIN_URL = os.getenv('LOGIN_URL', '{}account/login/'.format(SITEURL))
-LOGOUT_URL = os.getenv('LOGOUT_URL', '{}account/logout/'.format(SITEURL))
+LOGIN_URL = os.getenv("LOGIN_URL", "{}account/login/".format(SITEURL))
+LOGOUT_URL = os.getenv("LOGOUT_URL", "{}account/logout/".format(SITEURL))
 
-ACCOUNT_LOGIN_REDIRECT_URL = os.getenv('LOGIN_REDIRECT_URL', SITEURL)
-ACCOUNT_LOGOUT_REDIRECT_URL =  os.getenv('LOGOUT_REDIRECT_URL', SITEURL)
+ACCOUNT_LOGIN_REDIRECT_URL = os.getenv("LOGIN_REDIRECT_URL", SITEURL)
+ACCOUNT_LOGOUT_REDIRECT_URL = os.getenv("LOGOUT_REDIRECT_URL", SITEURL)
 
-AVATAR_GRAVATAR_SSL = ast.literal_eval(os.getenv('AVATAR_GRAVATAR_SSL', 'True'))
+AVATAR_GRAVATAR_SSL = ast.literal_eval(os.getenv("AVATAR_GRAVATAR_SSL", "True"))
 
 # Backend
 DATABASES = {
-    'default': {
-        'ENGINE': 'django.contrib.gis.db.backends.postgis',
-        'NAME': 'geonode',
-        'USER': 'geonode',
-        'PASSWORD': 'geonode',
-        'HOST': 'localhost',
-        'PORT': '5432',
-        'CONN_MAX_AGE': 0,
-        'CONN_TOUT': 5,
-        'OPTIONS': {
-            'connect_timeout': 5,
-        }
+    "default": {
+        "ENGINE": "django.contrib.gis.db.backends.postgis",
+        "NAME": "geonode",
+        "USER": "geonode",
+        "PASSWORD": "geonode",
+        "HOST": "localhost",
+        "PORT": "5432",
+        "CONN_MAX_AGE": 0,
+        "CONN_TOUT": 5,
+        "OPTIONS": {
+            "connect_timeout": 5,
+        },
     },
     # vector datastore for uploads
-    'datastore': {
-        'ENGINE': 'django.contrib.gis.db.backends.postgis',
+    "datastore": {
+        "ENGINE": "django.contrib.gis.db.backends.postgis",
         # 'ENGINE': '', # Empty ENGINE name disables
-        'NAME': 'geonode_data',
-        'USER': 'geonode',
-        'PASSWORD': 'geonode',
-        'HOST': 'localhost',
-        'PORT': '5432',
-        'CONN_MAX_AGE': 0,
-        'CONN_TOUT': 5,
-        'OPTIONS': {
-            'connect_timeout': 5,
-        }
-    }
+        "NAME": "geonode_data",
+        "USER": "geonode",
+        "PASSWORD": "geonode",
+        "HOST": "localhost",
+        "PORT": "5432",
+        "CONN_MAX_AGE": 0,
+        "CONN_TOUT": 5,
+        "OPTIONS": {
+            "connect_timeout": 5,
+        },
+    },
 }
 
-GEOSERVER_LOCATION = os.getenv(
-    'GEOSERVER_LOCATION', 'http://localhost:8080/geoserver/'
-)
+GEOSERVER_LOCATION = os.getenv("GEOSERVER_LOCATION", "http://localhost:8080/geoserver/")
 
-GEOSERVER_PUBLIC_HOST = os.getenv(
-    'GEOSERVER_PUBLIC_HOST', SITE_HOST_NAME
-)
+GEOSERVER_PUBLIC_HOST = os.getenv("GEOSERVER_PUBLIC_HOST", SITE_HOST_NAME)
 
-GEOSERVER_PUBLIC_PORT = os.getenv(
-    'GEOSERVER_PUBLIC_PORT', 8080
-)
+GEOSERVER_PUBLIC_PORT = os.getenv("GEOSERVER_PUBLIC_PORT", 8080)
 
-_default_public_location = 'http://{}:{}/geoserver/'.format(GEOSERVER_PUBLIC_HOST, GEOSERVER_PUBLIC_PORT) if GEOSERVER_PUBLIC_PORT else 'http://{}/geoserver/'.format(GEOSERVER_PUBLIC_HOST)
-
-GEOSERVER_WEB_UI_LOCATION = os.getenv(
-    'GEOSERVER_WEB_UI_LOCATION', GEOSERVER_LOCATION
+_default_public_location = (
+    "http://{}:{}/geoserver/".format(GEOSERVER_PUBLIC_HOST, GEOSERVER_PUBLIC_PORT)
+    if GEOSERVER_PUBLIC_PORT
+    else "http://{}/geoserver/".format(GEOSERVER_PUBLIC_HOST)
 )
 
-GEOSERVER_PUBLIC_LOCATION = os.getenv(
-    'GEOSERVER_PUBLIC_LOCATION', _default_public_location
-)
+GEOSERVER_WEB_UI_LOCATION = os.getenv("GEOSERVER_WEB_UI_LOCATION", GEOSERVER_LOCATION)
 
-OGC_SERVER_DEFAULT_USER = os.getenv(
-    'GEOSERVER_ADMIN_USER', 'admin'
-)
+GEOSERVER_PUBLIC_LOCATION = os.getenv("GEOSERVER_PUBLIC_LOCATION", _default_public_location)
 
-OGC_SERVER_DEFAULT_PASSWORD = os.getenv(
-    'GEOSERVER_ADMIN_PASSWORD', 'geoserver'
-)
+OGC_SERVER_DEFAULT_USER = os.getenv("GEOSERVER_ADMIN_USER", "admin")
+
+OGC_SERVER_DEFAULT_PASSWORD = os.getenv("GEOSERVER_ADMIN_PASSWORD", "geoserver")
 
 # OGC (WMS/WFS/WCS) Server Settings
 OGC_SERVER = {
-    'default': {
-        'BACKEND': 'geonode.geoserver',
-        'LOCATION': GEOSERVER_LOCATION,
-        'WEB_UI_LOCATION': GEOSERVER_WEB_UI_LOCATION,
-        'LOGIN_ENDPOINT': 'j_spring_oauth2_geonode_login',
-        'LOGOUT_ENDPOINT': 'j_spring_oauth2_geonode_logout',
+    "default": {
+        "BACKEND": "geonode.geoserver",
+        "LOCATION": GEOSERVER_LOCATION,
+        "WEB_UI_LOCATION": GEOSERVER_WEB_UI_LOCATION,
+        "LOGIN_ENDPOINT": "j_spring_oauth2_geonode_login",
+        "LOGOUT_ENDPOINT": "j_spring_oauth2_geonode_logout",
         # PUBLIC_LOCATION needs to be kept like this because in dev mode
         # the proxy won't work and the integration tests will fail
         # the entire block has to be overridden in the local_settings
-        'PUBLIC_LOCATION': GEOSERVER_PUBLIC_LOCATION,
-        'USER': OGC_SERVER_DEFAULT_USER,
-        'PASSWORD': OGC_SERVER_DEFAULT_PASSWORD,
-        'MAPFISH_PRINT_ENABLED': True,
-        'PRINT_NG_ENABLED': True,
-        'GEONODE_SECURITY_ENABLED': True,
-        'GEOFENCE_SECURITY_ENABLED': True,
-        'GEOFENCE_TIMEOUT': int(os.getenv('GEOFENCE_TIMEOUT', os.getenv('OGC_REQUEST_TIMEOUT', '60'))),
-        'WMST_ENABLED': False,
-        'BACKEND_WRITE_ENABLED': True,
-        'WPS_ENABLED': False,
-        'LOG_FILE': '%s/geoserver/data/logs/geoserver.log' % os.path.abspath(os.path.join(PROJECT_ROOT, os.pardir)),
+        "PUBLIC_LOCATION": GEOSERVER_PUBLIC_LOCATION,
+        "USER": OGC_SERVER_DEFAULT_USER,
+        "PASSWORD": OGC_SERVER_DEFAULT_PASSWORD,
+        "MAPFISH_PRINT_ENABLED": True,
+        "PRINT_NG_ENABLED": True,
+        "GEONODE_SECURITY_ENABLED": True,
+        "GEOFENCE_SECURITY_ENABLED": True,
+        "GEOFENCE_TIMEOUT": int(os.getenv("GEOFENCE_TIMEOUT", os.getenv("OGC_REQUEST_TIMEOUT", "60"))),
+        "WMST_ENABLED": False,
+        "BACKEND_WRITE_ENABLED": True,
+        "WPS_ENABLED": False,
+        "LOG_FILE": "%s/geoserver/data/logs/geoserver.log" % os.path.abspath(os.path.join(PROJECT_ROOT, os.pardir)),
         # Set to dictionary identifier of database containing spatial data in DATABASES dictionary to enable
-        'DATASTORE': 'datastore',
-        'TIMEOUT': int(os.getenv('OGC_REQUEST_TIMEOUT', '60')),
-        'MAX_RETRIES': int(os.getenv('OGC_REQUEST_MAX_RETRIES', '5')),
-        'BACKOFF_FACTOR': float(os.getenv('OGC_REQUEST_BACKOFF_FACTOR', '0.3')),
-        'POOL_MAXSIZE': int(os.getenv('OGC_REQUEST_POOL_MAXSIZE', '10')),
-        'POOL_CONNECTIONS': int(os.getenv('OGC_REQUEST_POOL_CONNECTIONS', '10')),
+        "DATASTORE": "datastore",
+        "TIMEOUT": int(os.getenv("OGC_REQUEST_TIMEOUT", "60")),
+        "MAX_RETRIES": int(os.getenv("OGC_REQUEST_MAX_RETRIES", "5")),
+        "BACKOFF_FACTOR": float(os.getenv("OGC_REQUEST_BACKOFF_FACTOR", "0.3")),
+        "POOL_MAXSIZE": int(os.getenv("OGC_REQUEST_POOL_MAXSIZE", "10")),
+        "POOL_CONNECTIONS": int(os.getenv("OGC_REQUEST_POOL_CONNECTIONS", "10")),
     }
 }
 
 # If you want to enable Mosaics use the following configuration
 UPLOADER = {
-    'BACKEND': 'geonode.importer',
-    'OPTIONS': {
-        'TIME_ENABLED': True,
-        'MOSAIC_ENABLED': False,
+    "BACKEND": "geonode.importer",
+    "OPTIONS": {
+        "TIME_ENABLED": True,
+        "MOSAIC_ENABLED": False,
     },
-    'SUPPORTED_CRS': [
-        'EPSG:4326',
-        'EPSG:3785',
-        'EPSG:3857',
-        'EPSG:32647',
-        'EPSG:32736'
-    ],
-    'SUPPORTED_EXT': [
-        '.shp',
-        '.csv',
-        '.kml',
-        '.kmz',
-        '.json',
-        '.geojson',
-        '.tif',
-        '.tiff',
-        '.geotiff',
-        '.gml',
-        '.xml'
-    ]
+    "SUPPORTED_CRS": ["EPSG:4326", "EPSG:3785", "EPSG:3857", "EPSG:32647", "EPSG:32736"],
+    "SUPPORTED_EXT": [".shp", ".csv", ".kml", ".kmz", ".json", ".geojson", ".tif", ".tiff", ".geotiff", ".gml", ".xml"],
 }
 
 # CSW settings
 CATALOGUE = {
-    'default': {
+    "default": {
         # The underlying CSW implementation
         # default is pycsw in local mode (tied directly to GeoNode Django DB)
-        'ENGINE': 'geonode.catalogue.backends.pycsw_local',
+        "ENGINE": "geonode.catalogue.backends.pycsw_local",
         # pycsw in non-local mode
         # 'ENGINE': 'geonode.catalogue.backends.pycsw_http',
         # deegree and others
         # 'ENGINE': 'geonode.catalogue.backends.generic',
         # The FULLY QUALIFIED base url to the CSW instance for this GeoNode
-        'URL': urljoin(SITEURL, '/catalogue/csw'),
+        "URL": urljoin(SITEURL, "/catalogue/csw"),
         # 'URL': 'http://localhost:8080/deegree-csw-demo-3.0.4/services',
         # 'ALTERNATES_ONLY': True,
     }
@@ -196,69 +167,67 @@ CATALOGUE = {
 # pycsw settings
 PYCSW = {
     # pycsw configuration
-    'CONFIGURATION': {
+    "CONFIGURATION": {
         # uncomment / adjust to override server config system defaults
         # 'server': {
         #    'maxrecords': '10',
         #    'pretty_print': 'true',
         #    'federatedcatalogues': 'http://catalog.data.gov/csw'
         # },
-        'server': {
-            'home': '.',
-            'url': CATALOGUE['default']['URL'],
-            'encoding': 'UTF-8',
-            'language': LANGUAGE_CODE,
-            'maxrecords': '20',
-            'pretty_print': 'true',
+        "server": {
+            "home": ".",
+            "url": CATALOGUE["default"]["URL"],
+            "encoding": "UTF-8",
+            "language": LANGUAGE_CODE,
+            "maxrecords": "20",
+            "pretty_print": "true",
             # 'domainquerytype': 'range',
-            'domaincounts': 'true',
-            'profiles': 'apiso,ebrim',
+            "domaincounts": "true",
+            "profiles": "apiso,ebrim",
         },
-        'manager': {
+        "manager": {
             # authentication/authorization is handled by Django
-            'transactions': 'false',
-            'allowed_ips': '*',
+            "transactions": "false",
+            "allowed_ips": "*",
             # 'csw_harvest_pagesize': '10',
         },
-        'metadata:main': {
-            'identification_title': 'GeoNode Catalogue',
-            'identification_abstract': 'GeoNode is an open source platform' \
-            ' that facilitates the creation, sharing, and collaborative use' \
-            ' of geospatial data',
-            'identification_keywords': 'sdi, catalogue, discovery, metadata,' \
-            ' GeoNode',
-            'identification_keywords_type': 'theme',
-            'identification_fees': 'None',
-            'identification_accessconstraints': 'None',
-            'provider_name': 'Organization Name',
-            'provider_url': SITEURL,
-            'contact_name': 'Lastname, Firstname',
-            'contact_position': 'Position Title',
-            'contact_address': 'Mailing Address',
-            'contact_city': 'City',
-            'contact_stateorprovince': 'Administrative Area',
-            'contact_postalcode': 'Zip or Postal Code',
-            'contact_country': 'Country',
-            'contact_phone': '+xx-xxx-xxx-xxxx',
-            'contact_fax': '+xx-xxx-xxx-xxxx',
-            'contact_email': 'Email Address',
-            'contact_url': 'Contact URL',
-            'contact_hours': 'Hours of Service',
-            'contact_instructions': 'During hours of service. Off on ' \
-            'weekends.',
-            'contact_role': 'pointOfContact',
+        "metadata:main": {
+            "identification_title": "GeoNode Catalogue",
+            "identification_abstract": "GeoNode is an open source platform"
+            " that facilitates the creation, sharing, and collaborative use"
+            " of geospatial data",
+            "identification_keywords": "sdi, catalogue, discovery, metadata," " GeoNode",
+            "identification_keywords_type": "theme",
+            "identification_fees": "None",
+            "identification_accessconstraints": "None",
+            "provider_name": "Organization Name",
+            "provider_url": SITEURL,
+            "contact_name": "Lastname, Firstname",
+            "contact_position": "Position Title",
+            "contact_address": "Mailing Address",
+            "contact_city": "City",
+            "contact_stateorprovince": "Administrative Area",
+            "contact_postalcode": "Zip or Postal Code",
+            "contact_country": "Country",
+            "contact_phone": "+xx-xxx-xxx-xxxx",
+            "contact_fax": "+xx-xxx-xxx-xxxx",
+            "contact_email": "Email Address",
+            "contact_url": "Contact URL",
+            "contact_hours": "Hours of Service",
+            "contact_instructions": "During hours of service. Off on " "weekends.",
+            "contact_role": "pointOfContact",
+        },
+        "metadata:inspire": {
+            "enabled": "true",
+            "languages_supported": "eng,gre",
+            "default_language": "eng",
+            "date": "YYYY-MM-DD",
+            "gemet_keywords": "Utility and governmental services",
+            "conformity_service": "notEvaluated",
+            "contact_name": "Organization Name",
+            "contact_email": "Email Address",
+            "temp_extent": "YYYY-MM-DD/YYYY-MM-DD",
         },
-        'metadata:inspire': {
-            'enabled': 'true',
-            'languages_supported': 'eng,gre',
-            'default_language': 'eng',
-            'date': 'YYYY-MM-DD',
-            'gemet_keywords': 'Utility and governmental services',
-            'conformity_service': 'notEvaluated',
-            'contact_name': 'Organization Name',
-            'contact_email': 'Email Address',
-            'temp_extent': 'YYYY-MM-DD/YYYY-MM-DD',
-        }
     }
 }
 
@@ -268,50 +237,51 @@ PYCSW = {
 
 # default map projection
 # Note: If set to EPSG:4326, then only EPSG:4326 basemaps will work.
-DEFAULT_MAP_CRS = os.environ.get('DEFAULT_MAP_CRS', "EPSG:3857")
+DEFAULT_MAP_CRS = os.environ.get("DEFAULT_MAP_CRS", "EPSG:3857")
 
-DEFAULT_LAYER_FORMAT = os.environ.get('DEFAULT_LAYER_FORMAT', "image/png")
+DEFAULT_LAYER_FORMAT = os.environ.get("DEFAULT_LAYER_FORMAT", "image/png")
 
 # Where should newly created maps be focused?
-DEFAULT_MAP_CENTER = (os.environ.get('DEFAULT_MAP_CENTER_X', 0), os.environ.get('DEFAULT_MAP_CENTER_Y', 0))
+DEFAULT_MAP_CENTER = (os.environ.get("DEFAULT_MAP_CENTER_X", 0), os.environ.get("DEFAULT_MAP_CENTER_Y", 0))
 
 # How tightly zoomed should newly created maps be?
 # 0 = entire world;
 # maximum zoom is between 12 and 15 (for Google Maps, coverage varies by area)
-DEFAULT_MAP_ZOOM = int(os.environ.get('DEFAULT_MAP_ZOOM', 3))
+DEFAULT_MAP_ZOOM = int(os.environ.get("DEFAULT_MAP_ZOOM", 3))
 
-MAPBOX_ACCESS_TOKEN = os.environ.get('MAPBOX_ACCESS_TOKEN', None)
-BING_API_KEY = os.environ.get('BING_API_KEY', None)
-GOOGLE_API_KEY = os.environ.get('GOOGLE_API_KEY', None)
+MAPBOX_ACCESS_TOKEN = os.environ.get("MAPBOX_ACCESS_TOKEN", None)
+BING_API_KEY = os.environ.get("BING_API_KEY", None)
+GOOGLE_API_KEY = os.environ.get("GOOGLE_API_KEY", None)
 
-GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY = os.getenv('GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY', 'mapstore')
+GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY = os.getenv("GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY", "mapstore")
 
 MAP_BASELAYERS = [{}]
 
 """
 MapStore2 REACT based Client parameters
 """
-if GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY == 'mapstore':
-    GEONODE_CLIENT_HOOKSET = os.getenv('GEONODE_CLIENT_HOOKSET', 'geonode_mapstore_client.hooksets.MapStoreHookSet')
+if GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY == "mapstore":
+    GEONODE_CLIENT_HOOKSET = os.getenv("GEONODE_CLIENT_HOOKSET", "geonode_mapstore_client.hooksets.MapStoreHookSet")
 
-    if 'geonode_mapstore_client' not in INSTALLED_APPS:
+    if "geonode_mapstore_client" not in INSTALLED_APPS:
         INSTALLED_APPS += (
-            'mapstore2_adapter',
-            'geonode_mapstore_client',)
+            "mapstore2_adapter",
+            "geonode_mapstore_client",
+        )
 
     def get_geonode_catalogue_service():
         if PYCSW:
             pycsw_config = PYCSW["CONFIGURATION"]
             if pycsw_config:
-                    pycsw_catalogue = {
-                        ("%s" % pycsw_config['metadata:main']['identification_title']): {
-                            "url": CATALOGUE['default']['URL'],
-                            "type": "csw",
-                            "title": pycsw_config['metadata:main']['identification_title'],
-                            "autoload": True
-                         }
+                pycsw_catalogue = {
+                    ("%s" % pycsw_config["metadata:main"]["identification_title"]): {
+                        "url": CATALOGUE["default"]["URL"],
+                        "type": "csw",
+                        "title": pycsw_config["metadata:main"]["identification_title"],
+                        "autoload": True,
                     }
-                    return pycsw_catalogue
+                }
+                return pycsw_catalogue
         return None
 
     GEONODE_CATALOGUE_SERVICE = get_geonode_catalogue_service()
@@ -321,7 +291,9 @@ if GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY == 'mapstore':
     MAPSTORE_CATALOGUE_SELECTED_SERVICE = ""
 
     if GEONODE_CATALOGUE_SERVICE:
-        MAPSTORE_CATALOGUE_SERVICES[list(GEONODE_CATALOGUE_SERVICE.keys())[0]] = GEONODE_CATALOGUE_SERVICE[list(GEONODE_CATALOGUE_SERVICE.keys())[0]]
+        MAPSTORE_CATALOGUE_SERVICES[list(GEONODE_CATALOGUE_SERVICE.keys())[0]] = GEONODE_CATALOGUE_SERVICE[
+            list(GEONODE_CATALOGUE_SERVICE.keys())[0]
+        ]
         MAPSTORE_CATALOGUE_SELECTED_SERVICE = list(GEONODE_CATALOGUE_SERVICE.keys())[0]
 
     DEFAULT_MS2_BACKGROUNDS = [
@@ -333,7 +305,7 @@ if GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY == 'mapstore':
             "source": "Stamen",
             "group": "background",
             "thumbURL": "https://stamen-tiles-c.a.ssl.fastly.net/watercolor/0/0/0.jpg",
-            "visibility": False
+            "visibility": False,
         },
         {
             "type": "tileprovider",
@@ -343,7 +315,7 @@ if GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY == 'mapstore':
             "source": "Stamen",
             "group": "background",
             "thumbURL": "https://stamen-tiles-d.a.ssl.fastly.net/terrain/0/0/0.png",
-            "visibility": False
+            "visibility": False,
         },
         {
             "type": "tileprovider",
@@ -353,7 +325,7 @@ if GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY == 'mapstore':
             "source": "Stamen",
             "group": "background",
             "thumbURL": "https://stamen-tiles-d.a.ssl.fastly.net/toner/0/0/0.png",
-            "visibility": False
+            "visibility": False,
         },
         {
             "type": "osm",
@@ -361,7 +333,7 @@ if GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY == 'mapstore':
             "name": "mapnik",
             "source": "osm",
             "group": "background",
-            "visibility": True
+            "visibility": True,
         },
         {
             "type": "tileprovider",
@@ -370,7 +342,7 @@ if GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY == 'mapstore':
             "name": "OpenTopoMap",
             "source": "OpenTopoMap",
             "group": "background",
-            "visibility": False
+            "visibility": False,
         },
         {
             "type": "wms",
@@ -384,14 +356,14 @@ if GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY == 'mapstore':
                 "https://maps3.geosolutionsgroup.com/geoserver/wms",
                 "https://maps4.geosolutionsgroup.com/geoserver/wms",
                 "https://maps5.geosolutionsgroup.com/geoserver/wms",
-                "https://maps6.geosolutionsgroup.com/geoserver/wms"
+                "https://maps6.geosolutionsgroup.com/geoserver/wms",
             ],
             "group": "background",
             "thumbURL": f"{SITEURL}static/mapstorestyle/img/s2cloudless-s2cloudless.png",
             "visibility": False,
             "credits": {
-            "title": "<a class=\"a-light\" xmlns:dct=\"http://purl.org/dc/terms/\" href=\"https://s2maps.eu\" property=\"dct:title\">Sentinel-2 cloudless 2016</a> by <a class=\"a-light\" xmlns:cc=\"http://creativecommons.org/ns#\" href=\"https://eox.at\" property=\"cc:attributionName\" rel=\"cc:attributionURL\">EOX IT Services GmbH</a>"
-            }
+                "title": '<a class="a-light" xmlns:dct="http://purl.org/dc/terms/" href="https://s2maps.eu" property="dct:title">Sentinel-2 cloudless 2016</a> by <a class="a-light" xmlns:cc="http://creativecommons.org/ns#" href="https://eox.at" property="cc:attributionName" rel="cc:attributionURL">EOX IT Services GmbH</a>'
+            },
         },
         {
             "source": "ol",
@@ -401,8 +373,8 @@ if GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY == 'mapstore':
             "title": "Empty Background",
             "type": "empty",
             "visibility": False,
-            "args": ["Empty Background", {"visibility": False}]
-        }
+            "args": ["Empty Background", {"visibility": False}],
+        },
     ]
 
     if MAPBOX_ACCESS_TOKEN:
@@ -413,11 +385,14 @@ if GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY == 'mapstore':
             "name": "MapBox streets-v11",
             "accessToken": "%s" % MAPBOX_ACCESS_TOKEN,
             "source": "streets-v11",
-            "thumbURL": "https://api.mapbox.com/styles/v1/mapbox/streets-v11/tiles/256/6/33/23?access_token=%s" % MAPBOX_ACCESS_TOKEN,
+            "thumbURL": "https://api.mapbox.com/styles/v1/mapbox/streets-v11/tiles/256/6/33/23?access_token=%s"
+            % MAPBOX_ACCESS_TOKEN,
             "group": "background",
-            "visibility": True
+            "visibility": True,
         }
-        DEFAULT_MS2_BACKGROUNDS = [MAPBOX_BASEMAPS,] + DEFAULT_MS2_BACKGROUNDS
+        DEFAULT_MS2_BACKGROUNDS = [
+            MAPBOX_BASEMAPS,
+        ] + DEFAULT_MS2_BACKGROUNDS
 
     if BING_API_KEY:
         BING_BASEMAPS = [
@@ -428,7 +403,7 @@ if GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY == 'mapstore':
                 "source": "bing",
                 "group": "background",
                 "apiKey": "{{apiKey}}",
-                "visibility": True
+                "visibility": True,
             },
             {
                 "type": "bing",
@@ -438,7 +413,7 @@ if GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY == 'mapstore':
                 "group": "background",
                 "apiKey": "{{apiKey}}",
                 "thumbURL": "%sstatic/mapstorestyle/img/bing_road_on_demand.png" % SITEURL,
-                "visibility": False
+                "visibility": False,
             },
             {
                 "type": "bing",
@@ -448,7 +423,7 @@ if GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY == 'mapstore':
                 "group": "background",
                 "apiKey": "{{apiKey}}",
                 "thumbURL": "%sstatic/mapstorestyle/img/bing_aerial_w_labels.png" % SITEURL,
-                "visibility": False
+                "visibility": False,
             },
             {
                 "type": "bing",
@@ -458,64 +433,67 @@ if GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY == 'mapstore':
                 "group": "background",
                 "apiKey": "{{apiKey}}",
                 "thumbURL": "%sstatic/mapstorestyle/img/bing_canvas_dark.png" % SITEURL,
-                "visibility": False
-            }
+                "visibility": False,
+            },
         ]
-        DEFAULT_MS2_BACKGROUNDS = [BING_BASEMAPS, ] + DEFAULT_MS2_BACKGROUNDS
+        DEFAULT_MS2_BACKGROUNDS = [
+            BING_BASEMAPS,
+        ] + DEFAULT_MS2_BACKGROUNDS
 
     MAPSTORE_BASELAYERS = DEFAULT_MS2_BACKGROUNDS
     # MAPSTORE_BASELAYERS_SOURCES allow to configure tilematrix sets for wmts layers
-    MAPSTORE_BASELAYERS_SOURCES = os.environ.get('MAPSTORE_BASELAYERS_SOURCES', {})
+    MAPSTORE_BASELAYERS_SOURCES = os.environ.get("MAPSTORE_BASELAYERS_SOURCES", {})
 
 # -- END Client Hooksets Setup
 
 LOGGING = {
-    'version': 1,
-    'disable_existing_loggers': True,
-    'formatters': {
-        'verbose': {
-            'format': '%(levelname)s %(asctime)s %(module)s %(process)d '
-                      '%(thread)d %(message)s'
-        },
-        'simple': {
-            'format': '%(message)s',
+    "version": 1,
+    "disable_existing_loggers": True,
+    "formatters": {
+        "verbose": {"format": "%(levelname)s %(asctime)s %(module)s %(process)d " "%(thread)d %(message)s"},
+        "simple": {
+            "format": "%(message)s",
         },
     },
-    'filters': {
-        'require_debug_false': {
-            '()': 'django.utils.log.RequireDebugFalse'
-        }
-    },
-    'handlers': {
-        'console': {
-            'level': 'INFO',
-            'class': 'logging.StreamHandler',
-            'formatter': 'simple'
+    "filters": {"require_debug_false": {"()": "django.utils.log.RequireDebugFalse"}},
+    "handlers": {
+        "console": {"level": "INFO", "class": "logging.StreamHandler", "formatter": "simple"},
+        "mail_admins": {
+            "level": "ERROR",
+            "filters": ["require_debug_false"],
+            "class": "django.utils.log.AdminEmailHandler",
         },
-        'mail_admins': {
-            'level': 'ERROR',
-            'filters': ['require_debug_false'],
-            'class': 'django.utils.log.AdminEmailHandler',
-        }
     },
     "loggers": {
         "django": {
-            "handlers": ["console"], "level": "ERROR", },
+            "handlers": ["console"],
+            "level": "ERROR",
+        },
         "geonode": {
-            "handlers": ["console"], "level": "INFO", },
+            "handlers": ["console"],
+            "level": "INFO",
+        },
         "geoserver-restconfig.catalog": {
-            "handlers": ["console"], "level": "ERROR", },
+            "handlers": ["console"],
+            "level": "ERROR",
+        },
         "owslib": {
-            "handlers": ["console"], "level": "ERROR", },
+            "handlers": ["console"],
+            "level": "ERROR",
+        },
         "pycsw": {
-            "handlers": ["console"], "level": "INFO", },
+            "handlers": ["console"],
+            "level": "INFO",
+        },
         "celery": {
-            'handlers': ["console"], 'level': 'ERROR', },
+            "handlers": ["console"],
+            "level": "ERROR",
+        },
     },
 }
 
 # Additional settings
-X_FRAME_OPTIONS = 'ALLOW-FROM %s' % SITEURL
+X_FRAME_OPTIONS = "ALLOW-FROM %s" % SITEURL
 CORS_ALLOW_ALL_ORIGINS = True
 
 GEOIP_PATH = "/usr/local/share/GeoIP"
diff --git a/geonode/people/socialaccount/providers/geonode_openid_connect/apps.py b/geonode/people/socialaccount/providers/geonode_openid_connect/apps.py
new file mode 100644
index 00000000000..ce9d3da1ad3
--- /dev/null
+++ b/geonode/people/socialaccount/providers/geonode_openid_connect/apps.py
@@ -0,0 +1,24 @@
+#########################################################################
+#
+# Copyright (C) 2023 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+from django.apps import AppConfig
+
+
+class GeoNodeOpenIdConnectAppConfig(AppConfig):
+    name = "geonode.people.socialaccount.providers.geonode_openid_connect"
+    verbose_name = "GeoNode OpenId Connect"
diff --git a/geonode/proxy/__init__.py b/geonode/proxy/__init__.py
index 79177e00bdd..da86ef5219a 100644
--- a/geonode/proxy/__init__.py
+++ b/geonode/proxy/__init__.py
@@ -1,6 +1,6 @@
 #########################################################################
 #
-# Copyright (C) 2016 OSGeo
+# Copyright (C) 2023 OSGeo
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
diff --git a/geonode/proxy/apps.py b/geonode/proxy/apps.py
new file mode 100644
index 00000000000..9901d333798
--- /dev/null
+++ b/geonode/proxy/apps.py
@@ -0,0 +1,24 @@
+#########################################################################
+#
+# Copyright (C) 2023 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+from django.apps import AppConfig
+
+
+class GeoNodeProxyAppConfig(AppConfig):
+    name = "geonode.proxy"
+    verbose_name = "GeoNode Proxy"
diff --git a/geonode/security/__init__.py b/geonode/security/__init__.py
index 79177e00bdd..da86ef5219a 100644
--- a/geonode/security/__init__.py
+++ b/geonode/security/__init__.py
@@ -1,6 +1,6 @@
 #########################################################################
 #
-# Copyright (C) 2016 OSGeo
+# Copyright (C) 2023 OSGeo
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
diff --git a/geonode/security/apps.py b/geonode/security/apps.py
new file mode 100644
index 00000000000..3475f4d05f1
--- /dev/null
+++ b/geonode/security/apps.py
@@ -0,0 +1,24 @@
+#########################################################################
+#
+# Copyright (C) 2023 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+from django.apps import AppConfig
+
+
+class GeoNodeSecurityAppConfig(AppConfig):
+    name = "geonode.security"
+    verbose_name = "GeoNode Security"
diff --git a/geonode/tasks/apps.py b/geonode/tasks/apps.py
new file mode 100644
index 00000000000..9b49856a418
--- /dev/null
+++ b/geonode/tasks/apps.py
@@ -0,0 +1,24 @@
+#########################################################################
+#
+# Copyright (C) 2023 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+from django.apps import AppConfig
+
+
+class GeoNodeTasksAppConfig(AppConfig):
+    name = "geonode.tasks"
+    verbose_name = "GeoNode Tasks"

From d72cd4f07de4a5912517f72a27a09074432c44d8 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Thu, 17 Aug 2023 12:33:25 +0200
Subject: [PATCH 117/330] [Fixes #11383] Remove explicit dependency from wandb
 (#11382)

* Remove explicit dependency from wandb

* removed wandb from setup.cfg
---
 requirements.txt | 1 -
 setup.cfg        | 1 -
 2 files changed, 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 10805de234a..4c40148f408 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -171,7 +171,6 @@ webdriver_manager==4.0.0
 
 # Security and audit
 mistune==3.0.1
-wandb==0.15.7
 protobuf==3.20.3
 mako==1.2.4
 certifi>=2022.12.7 # not directly required, pinned by Snyk to avoid a vulnerability
diff --git a/setup.cfg b/setup.cfg
index 04f081e7ac5..516ea95be42 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -196,7 +196,6 @@ install_requires =
 
     # Security and audit
     mistune==3.0.1
-    wandb==0.15.7
     protobuf==3.20.3
     mako==1.2.4
     certifi>=2022.12.7 # not directly required, pinned by Snyk to avoid a vulnerability

From 0f874707946b0a0dfe6df47a272b8cffc593f602 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Thu, 17 Aug 2023 13:06:02 +0200
Subject: [PATCH 118/330] Enable IFC format (#11395)

---
 geonode/settings.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/geonode/settings.py b/geonode/settings.py
index 72f37a84b6f..73e6fea14da 100644
--- a/geonode/settings.py
+++ b/geonode/settings.py
@@ -652,6 +652,7 @@
             "glb",
             "pcd",
             "gltf",
+            "ifc",
         ]
         if os.getenv("ALLOWED_DOCUMENT_TYPES") is None
         else re.split(r" *[,|:;] *", os.getenv("ALLOWED_DOCUMENT_TYPES"))

From d95db9f511849c7369fc19f88d0af4cc488be6df Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Fri, 18 Aug 2023 12:12:32 +0200
Subject: [PATCH 119/330] [Fixes #11347] Import resources page displays service
 name instead of title (#11385)

* Resolve issue 11347 by showing more informative and readable service title instead of name

* fix: #11347 by giving better description of service

* small improvements

---------

Co-authored-by: sahilsekr42 <sahilshekhar27@gmail.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
---
 geonode/services/templates/services/service_detail.html       | 2 +-
 geonode/services/templates/services/service_remove.html       | 4 ++--
 .../templates/services/service_resources_harvest.html         | 4 +---
 geonode/services/views.py                                     | 2 +-
 4 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/geonode/services/templates/services/service_detail.html b/geonode/services/templates/services/service_detail.html
index beb8ac84b12..08c1ef70042 100644
--- a/geonode/services/templates/services/service_detail.html
+++ b/geonode/services/templates/services/service_detail.html
@@ -4,7 +4,7 @@
 
 {% block body %}
 <div class="twocol">
-  <h3>{{service.title|default:service.name}}</h3>
+  <h3><strong>{{service.title|default:service.name}}</strong></h3>
       <p><strong>{% trans "Type" %}:</strong> {{service.service_type}}</p>
       <p><strong>{% trans "URL" %}:</strong> {{service.base_url}}</p>
       <p><strong>{% trans "Abstract" %}:</strong> {{service.abstract}}</p>
diff --git a/geonode/services/templates/services/service_remove.html b/geonode/services/templates/services/service_remove.html
index 90a2f8fa9e9..3ce551b58b6 100644
--- a/geonode/services/templates/services/service_remove.html
+++ b/geonode/services/templates/services/service_remove.html
@@ -1,7 +1,7 @@
 {% extends "services/services_base.html" %}
 {% load i18n %}
 
-{% block title %} {{ service.name }} - {{ block.super }} {% endblock %}
+{% block title %} {{service.title|default:service.name}} - {{ block.super }} {% endblock %}
 
 {% block body %}
 <div class="page-header">
@@ -9,7 +9,7 @@ <h2>{% trans "Remove Remote Service" %}</h2>
 </div>
 <div class="row">
   <div class="col-md-12">
-    <p class="lead">{% trans "Are you sure you want to remove"  %} <strong>{{ service.name }}</strong>?</p>
+    <p class="lead">{% trans "Are you sure you want to remove"  %} <strong>{{service.title|default:service.name}}</strong>?</p>
     <form action="/services/{{service.id}}/remove" method="POST" class="inline">
       {% csrf_token %}
       <input type="hidden" value="{{next}}" id="next" name="next">
diff --git a/geonode/services/templates/services/service_resources_harvest.html b/geonode/services/templates/services/service_resources_harvest.html
index 4541223354e..8de1f454f43 100644
--- a/geonode/services/templates/services/service_resources_harvest.html
+++ b/geonode/services/templates/services/service_resources_harvest.html
@@ -8,9 +8,7 @@
 {% block body %}
     <div class="twocol">
         <div class="page-header">
-            <h3>{% trans "Import resources" %}
-                <small> {{ service.name }}</small>
-            </h3>
+            <h3><strong>{{service.title|default:service.name}}</strong></h3>
         </div>
         <div class="container">
             {% if resources %}
diff --git a/geonode/services/views.py b/geonode/services/views.py
index 12edf78e71a..dc67c212c67 100644
--- a/geonode/services/views.py
+++ b/geonode/services/views.py
@@ -352,5 +352,5 @@ def remove_service(request, service_id):
     elif request.method == "POST":
         service.dataset_set.all().delete()
         service.delete()
-        messages.add_message(request, messages.INFO, _(f"Service {service.name} has been deleted"))
+        messages.add_message(request, messages.INFO, _(f"Service {service.title} has been deleted"))
         return HttpResponseRedirect(reverse("services"))

From dc6268c11643d713884d4f43132061b97bd68d0c Mon Sep 17 00:00:00 2001
From: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Tue, 22 Aug 2023 19:07:26 +0200
Subject: [PATCH 120/330] Align to GeoNode master (4.2.0) and improve/fix
 docker initialization (#11308)

* - Externalizing "UID" filed from the "settings.py"

* - Pep8 issues

* Align to GeoNode master (4.2.0) and improve/fix docker initialization

* - Update test docker-docker-compose-test

* Update .env_test test file

* Bump to 4.2.0dev0

* Update .circleci config.yml file

* Increase the Django healthcheck timeout time

* Typo on GEOSERVER_JAVA_OPTS

* Update docker-compose-test django healthcheck with retries

* Update docker-compose-test django healthcheck with retries

* Fix test cases

* - Removing the fixed "IS_MANAGER" field in favor of a pluggable generic "OpenIDGroupRoleMapper" class

* - Fix docker compose structure and .env.sample labels

* Configure Django apps

* fix typos

* fix

* - Update docker-compose-test.yml image names

* - Black formatting issues

* removed Azure ID env vars

* dropped PUBLIC_PORT

* gitignore .env file

* disable abbreviated params

* renamed OGC credential vars and introduced OGC_SERVER_FACTORY_PASSWORD

* removed useless OGC_ADMIN_* vars

* renamved to GEOSERVER_FACTORY_PASSWORD

* use django-admin instead of django-admin.py

* fixed monitoring fixtures

* fixes blowfish deprecation warning

* fix to update method

* break loop if succeeding

* fix formmatting

* - Alingning docker-compose-dev to docker-compose

* set nginx image version

* remove wrong folder pushed by error

* set nginx image version in all compose files

* Improvements to create-envfile documentation

* move location of Geoserver LB host variables

* Remove geoserver_ui variable from .env.sample

---------

Co-authored-by: afabiani <alessio.fabiani@geo-solutions.it>
Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 .circleci/config.yml                          |  24 +-
 .env => .env.sample                           |  93 ++++----
 .env_dev                                      |  49 ++--
 .env_local                                    |  47 ++--
 .env_test                                     |  53 +++--
 .gitignore                                    |   2 +
 Dockerfile                                    |   9 +-
 README.md                                     |  39 +++-
 create-envfile.py                             | 185 +++++++++++++++
 docker-compose-dev.yml                        |  62 +++---
 docker-compose-test.yml                       |  60 +++--
 docker-compose.yml                            |  38 ++--
 entrypoint.sh                                 |   4 +-
 geonode/api/__init__.py                       |   1 +
 geonode/base/api/tests.py                     |   8 +-
 geonode/catalogue/__init__.py                 |   1 +
 geonode/catalogue/metadataxsl/__init__.py     |   1 +
 geonode/celery_app.py                         |   4 +-
 geonode/documents/exif/__init__.py            |   1 +
 geonode/favorite/__init__.py                  |   1 +
 geonode/geoserver/createlayer/__init__.py     |   1 +
 geonode/geoserver/processing/__init__.py      |   1 +
 geonode/local_settings.py.geoserver.sample    |   8 +-
 geonode/people/adapters.py                    |  33 ++-
 geonode/people/profileextractors.py           |  20 +-
 .../geonode_openid_connect/provider.py        |   6 +-
 .../providers/geonode_openid_connect/tests.py |   1 -
 geonode/proxy/__init__.py                     |   1 +
 geonode/security/__init__.py                  |   1 +
 geonode/settings.py                           |  35 +--
 geonode/tasks/__init__.py                     |   1 +
 geonode/upload/tests/test_settings.py         |  10 +-
 geonode/utils.py                              |   4 +-
 package/support/geonode.local_settings        |  12 +-
 pavement.py                                   |   4 +-
 requirements.txt                              |   1 +
 scripts/docker/nginx/Dockerfile               |   5 +-
 scripts/docker/nginx/docker-entrypoint.sh     |  23 +-
 scripts/docker/nginx/geonode.conf.envsubst    |  90 +++-----
 scripts/docker/nginx/nginx.conf.envsubst      |   2 +-
 tasks.py                                      | 210 ++++++++----------
 uwsgi.ini                                     |  14 +-
 42 files changed, 716 insertions(+), 449 deletions(-)
 rename .env => .env.sample (73%)
 create mode 100644 create-envfile.py

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 60cfd1c921e..9babc1a6978 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -23,12 +23,12 @@ jobs:
 
       - run:
           name: Build the stack
-          command: docker-compose -f docker-compose-test.yml build --no-cache
+          command: docker-compose --env-file .env_test -f docker-compose-test.yml build --no-cache
           working_directory: ./
 
       - run:
           name: Start the stack
-          command: docker-compose -f docker-compose-test.yml up -d
+          command: docker-compose --env-file .env_test -f docker-compose-test.yml up -d
           working_directory: ./
 
       - run:
@@ -78,21 +78,21 @@ jobs:
             - run:
                 name: Run test suite
                 command: |
-                  docker-compose -f docker-compose-test.yml exec db psql -U postgres -c 'SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE pid <> pg_backend_pid();'
-                  docker-compose -f docker-compose-test.yml exec db createdb -U postgres -T postgres test_postgres
-                  docker-compose -f docker-compose-test.yml exec db createdb -U postgres -T postgres test_geonode
-                  docker-compose -f docker-compose-test.yml exec db createdb -U postgres -T postgres test_geonode_data
-                  docker-compose -f docker-compose-test.yml exec db psql -U postgres -d test_geonode -c 'CREATE EXTENSION IF NOT EXISTS postgis;'
-                  docker-compose -f docker-compose-test.yml exec db psql -U postgres -d test_geonode_data -c 'CREATE EXTENSION IF NOT EXISTS postgis;'
-                  docker-compose -f docker-compose-test.yml exec django bash -c '<<parameters.test_suite>>'
+                  docker-compose --env-file .env_test -f docker-compose-test.yml exec db psql -U postgres -c 'SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE pid <> pg_backend_pid();'
+                  docker-compose --env-file .env_test -f docker-compose-test.yml exec db createdb -U postgres -T postgres test_postgres
+                  docker-compose --env-file .env_test -f docker-compose-test.yml exec db createdb -U postgres -T postgres test_geonode
+                  docker-compose --env-file .env_test -f docker-compose-test.yml exec db createdb -U postgres -T postgres test_geonode_data
+                  docker-compose --env-file .env_test -f docker-compose-test.yml exec db psql -U postgres -d test_geonode -c 'CREATE EXTENSION IF NOT EXISTS postgis;'
+                  docker-compose --env-file .env_test -f docker-compose-test.yml exec db psql -U postgres -d test_geonode_data -c 'CREATE EXTENSION IF NOT EXISTS postgis;'
+                  docker-compose --env-file .env_test -f docker-compose-test.yml exec django bash -c '<<parameters.test_suite>>'
                 working_directory: ./
                 no_output_timeout: 10m
             - run:
                 name: Run code quality checks
                 command: |
-                  docker-compose -f docker-compose-test.yml exec django bash -c 'black --check geonode'
-                  docker-compose -f docker-compose-test.yml exec django bash -c 'flake8 geonode'
-                  docker-compose -f docker-compose-test.yml exec django bash -c 'codecov; bash <(curl -s https://codecov.io/bash) -t 2c0e7780-1640-45f0-93a3-e103b057d8c8'
+                  docker-compose --env-file .env_test -f docker-compose-test.yml exec django bash -c 'black --check geonode'
+                  docker-compose --env-file .env_test -f docker-compose-test.yml exec django bash -c 'flake8 geonode'
+                  docker-compose --env-file .env_test -f docker-compose-test.yml exec django bash -c 'codecov; bash <(curl -s https://codecov.io/bash) -t 2c0e7780-1640-45f0-93a3-e103b057d8c8'
                 working_directory: ./
 
 workflows:
diff --git a/.env b/.env.sample
similarity index 73%
rename from .env
rename to .env.sample
index 492278acb55..b74e48d371c 100644
--- a/.env
+++ b/.env.sample
@@ -1,6 +1,4 @@
 COMPOSE_PROJECT_NAME=geonode
-DOCKERHOST=
-DOCKER_HOST_IP=
 # See https://github.com/containers/podman/issues/13889
 # DOCKER_BUILDKIT=0
 DOCKER_ENV=production
@@ -13,33 +11,29 @@ C_FORCE_ROOT=1
 FORCE_REINIT=false
 INVOKE_LOG_STDOUT=true
 
-# LANGUAGE_CODE=pt
+# LANGUAGE_CODE=it-it
 # LANGUAGES=(('en-us','English'),('it-it','Italiano'))
 
 DJANGO_SETTINGS_MODULE=geonode.settings
 GEONODE_INSTANCE_NAME=geonode
-GEONODE_LB_HOST_IP=
-GEONODE_LB_PORT=
-PUBLIC_PORT=80
-NGINX_BASE_URL=
 
 # #################
 # backend
 # #################
 POSTGRES_USER=postgres
-POSTGRES_PASSWORD=postgres
+POSTGRES_PASSWORD={pgpwd}
 GEONODE_DATABASE=geonode
 GEONODE_DATABASE_USER=geonode
-GEONODE_DATABASE_PASSWORD=geonode
+GEONODE_DATABASE_PASSWORD={dbpwd}
 GEONODE_GEODATABASE=geonode_data
 GEONODE_GEODATABASE_USER=geonode_data
-GEONODE_GEODATABASE_PASSWORD=geonode_data
+GEONODE_GEODATABASE_PASSWORD={geodbpwd}
 GEONODE_DATABASE_SCHEMA=public
 GEONODE_GEODATABASE_SCHEMA=public
 DATABASE_HOST=db
 DATABASE_PORT=5432
-DATABASE_URL=postgis://geonode:geonode@db:5432/geonode
-GEODATABASE_URL=postgis://geonode_data:geonode_data@db:5432/geonode_data
+DATABASE_URL=postgis://geonode:{dbpwd}@db:5432/geonode
+GEODATABASE_URL=postgis://geonode_data:{geodbpwd}@db:5432/geonode_data
 GEONODE_DB_CONN_MAX_AGE=0
 GEONODE_DB_CONN_TOUT=5
 DEFAULT_BACKEND_DATASTORE=datastore
@@ -47,9 +41,9 @@ BROKER_URL=amqp://guest:guest@rabbitmq:5672/
 CELERY_BEAT_SCHEDULER=celery.beat:PersistentScheduler
 ASYNC_SIGNALS=True
 
-SITEURL=https://localhost/
+SITEURL={siteurl}/
 
-ALLOWED_HOSTS=['django', '*']
+ALLOWED_HOSTS="['django', '{hostname}']"
 
 # Data Uploader
 DEFAULT_BACKEND_UPLOADER=geonode.importer
@@ -64,13 +58,14 @@ HAYSTACK_SEARCH_RESULTS_PER_PAGE=200
 # nginx
 # HTTPD Server
 # #################
-GEONODE_LB_HOST_IP=localhost
-GEONODE_LB_PORT=80
+GEONODE_LB_HOST_IP=django
+GEONODE_LB_PORT=8000
+NGINX_BASE_URL={siteurl}
 
 # IP or domain name and port where the server can be reached on HTTPS (leave HOST empty if you want to use HTTP only)
 # port where the server can be reached on HTTPS
-HTTP_HOST=
-HTTPS_HOST=localhost
+HTTP_HOST={http_host}
+HTTPS_HOST={https_host}
 
 HTTP_PORT=80
 HTTPS_PORT=443
@@ -80,8 +75,8 @@ HTTPS_PORT=443
 # disabled : we do not get a certificate at all (a placeholder certificate will be used)
 # staging : we get staging certificates (are invalid, but allow to test the process completely and have much higher limit rates)
 # production : we get a normal certificate (default)
-# LETSENCRYPT_MODE=disabled
-LETSENCRYPT_MODE=staging
+LETSENCRYPT_MODE={letsencrypt_mode}
+# LETSENCRYPT_MODE=staging
 # LETSENCRYPT_MODE=production
 
 RESOLVER=127.0.0.11
@@ -89,11 +84,13 @@ RESOLVER=127.0.0.11
 # #################
 # geoserver
 # #################
-GEOSERVER_WEB_UI_LOCATION=https://localhost/geoserver/
-GEOSERVER_PUBLIC_LOCATION=https://localhost/geoserver/
-GEOSERVER_LOCATION=http://geoserver:8080/geoserver/
+GEOSERVER_LB_HOST_IP=geoserver
+GEOSERVER_LB_PORT=8080
+GEOSERVER_WEB_UI_LOCATION={siteurl}/geoserver/
+GEOSERVER_PUBLIC_LOCATION={siteurl}/geoserver/
+GEOSERVER_LOCATION=http://${GEOSERVER_LB_HOST_IP}:${GEOSERVER_LB_PORT}/geoserver/
 GEOSERVER_ADMIN_USER=admin
-GEOSERVER_ADMIN_PASSWORD=geoserver
+GEOSERVER_ADMIN_PASSWORD={geoserverpwd}
 
 OGC_REQUEST_TIMEOUT=30
 OGC_REQUEST_MAX_RETRIES=1
@@ -104,7 +101,7 @@ OGC_REQUEST_POOL_CONNECTIONS=10
 # Java Options & Memory
 ENABLE_JSONP=true
 outFormat=text/javascript
-GEOSERVER_JAVA_OPTS="-Djava.awt.headless=true -Xms2G -Xmx4G -Dgwc.context.suffix=gwc -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=/var/log/jvm.log -XX:PerfDataSamplingInterval=500 -XX:SoftRefLRUPolicyMSPerMB=36000 -XX:-UseGCOverheadLimit -XX:+UseConcMarkSweepGC -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -Duser.timezone=GMT -Dorg.geotools.shapefile.datetime=false -DGS-SHAPEFILE-CHARSET=UTF-8 -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL=http://geoserver:8080/geoserver/pdf -DALLOW_ENV_PARAMETRIZATION=true -Xbootclasspath/a:/usr/local/tomcat/webapps/geoserver/WEB-INF/lib/marlin-0.9.3-Unsafe.jar -Dsun.java2d.renderer=org.marlin.pisces.MarlinRenderingEngine"
+GEOSERVER_JAVA_OPTS='-Djava.awt.headless=true -Xms4G -Xmx4G -Dgwc.context.suffix=gwc -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=/var/log/jvm.log -XX:PerfDataSamplingInterval=500 -XX:SoftRefLRUPolicyMSPerMB=36000 -XX:-UseGCOverheadLimit -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -Duser.timezone=GMT -Dorg.geotools.shapefile.datetime=false -DGS-SHAPEFILE-CHARSET=UTF-8 -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL={geoserver_ui}/geoserver/pdf -DALLOW_ENV_PARAMETRIZATION=true -Xbootclasspath/a:/usr/local/tomcat/webapps/geoserver/WEB-INF/lib/marlin-0.9.3-Unsafe.jar -Dsun.java2d.renderer=org.marlin.pisces.MarlinRenderingEngine'
 
 # #################
 # Security
@@ -117,8 +114,8 @@ GEOSERVER_JAVA_OPTS="-Djava.awt.headless=true -Xms2G -Xmx4G -Dgwc.context.suffix
 # in DB will honored.
 
 ADMIN_USERNAME=admin
-ADMIN_PASSWORD=admin
-ADMIN_EMAIL=admin@localhost
+ADMIN_PASSWORD={geonodepwd}
+ADMIN_EMAIL={email}
 
 # EMAIL Notifications
 EMAIL_ENABLE=False
@@ -129,29 +126,36 @@ DJANGO_EMAIL_HOST_USER=
 DJANGO_EMAIL_HOST_PASSWORD=
 DJANGO_EMAIL_USE_TLS=False
 DJANGO_EMAIL_USE_SSL=False
-DEFAULT_FROM_EMAIL='GeoNode <no-reply@geonode.org>'
+DEFAULT_FROM_EMAIL='{email}' # eg Company <no-reply@company.org>
 
 # Session/Access Control
 LOCKDOWN_GEONODE=False
-CORS_ALLOW_ALL_ORIGINS=True
 X_FRAME_OPTIONS="SAMEORIGIN"
 SESSION_EXPIRED_CONTROL_ENABLED=True
 DEFAULT_ANONYMOUS_VIEW_PERMISSION=True
 DEFAULT_ANONYMOUS_DOWNLOAD_PERMISSION=True
 
+CORS_ALLOW_ALL_ORIGINS=True
+GEOSERVER_CORS_ENABLED=True
+GEOSERVER_CORS_ALLOWED_ORIGINS=*
+GEOSERVER_CORS_ALLOWED_METHODS=GET,POST,PUT,DELETE,HEAD,OPTIONS
+GEOSERVER_CORS_ALLOWED_HEADERS=*
+
 # Users Registration
 ACCOUNT_OPEN_SIGNUP=True
 ACCOUNT_EMAIL_REQUIRED=True
 ACCOUNT_APPROVAL_REQUIRED=False
 ACCOUNT_CONFIRM_EMAIL_ON_GET=False
 ACCOUNT_EMAIL_VERIFICATION=none
+ACCOUNT_EMAIL_CONFIRMATION_EMAIL=False
+ACCOUNT_EMAIL_CONFIRMATION_REQUIRED=False
 ACCOUNT_AUTHENTICATION_METHOD=username_email
 AUTO_ASSIGN_REGISTERED_MEMBERS_TO_REGISTERED_MEMBERS_GROUP_NAME=True
 
 # OAuth2
 OAUTH2_API_KEY=
-OAUTH2_CLIENT_ID=Jrchz2oPY3akmzndmgUTYrs9gczlgoV20YPSvqaV
-OAUTH2_CLIENT_SECRET=rCnp5txobUo83EpQEblM8fVj3QT5zb5qRfxNsuPzCqZaiRyIoxM4jdgMiZKFfePBHYXCLd7B8NlkfDBY9HKeIQPcy5Cp08KQNpRHQbjpLItDHv12GvkSeXp6OxaUETv3
+OAUTH2_CLIENT_ID={clientid}
+OAUTH2_CLIENT_SECRET={clientsecret}
 
 # GeoNode APIs
 API_LOCKDOWN=False
@@ -161,9 +165,9 @@ TASTYPIE_APIKEY=
 # Production and
 # Monitoring
 # #################
-DEBUG=False
+DEBUG={debug}
 
-SECRET_KEY='myv-y4#7j-d*p-__@j#*3z@!y24fz8%^z2v6atuy4bo9vqr1_a'
+SECRET_KEY='{secret_key}'
 
 STATIC_ROOT=/mnt/volumes/statics/static/
 MEDIA_ROOT=/mnt/volumes/statics/uploaded/
@@ -177,7 +181,7 @@ MEMCACHED_LOCATION=127.0.0.1:11211
 MEMCACHED_LOCK_EXPIRE=3600
 MEMCACHED_LOCK_TIMEOUT=10
 
-MAX_DOCUMENT_SIZE=2
+MAX_DOCUMENT_SIZE=200
 CLIENT_RESULTS_LIMIT=5
 API_LIMIT_PER_PAGE=1000
 
@@ -207,13 +211,6 @@ FAVORITE_ENABLED=True
 RESOURCE_PUBLISHING=False
 ADMIN_MODERATE_UPLOADS=False
 
-# PostgreSQL
-POSTGRESQL_MAX_CONNECTIONS=200
-
-# Upload Size Limiting
-DEFAULT_MAX_UPLOAD_SIZE=5368709120
-DEFAULT_MAX_PARALLEL_UPLOADS_PER_USER=100
-
 # LDAP
 LDAP_ENABLED=False
 LDAP_SERVER_URL=ldap://<the_ldap_server>
@@ -232,10 +229,22 @@ LDAP_GROUP_PROFILE_MEMBER_ATTR=uniqueMember
 # ## 
 # Note right autoscale value must coincide with worker concurrency value
 # CELERY__AUTOSCALE_VALUES="15,10" 
-# CELERY__WORKER_CONCURRENCY="4"
+# CELERY__WORKER_CONCURRENCY="10"
 # ##
 # CELERY__OPTS="--without-gossip --without-mingle -Ofair -B -E"
 # CELERY__BEAT_SCHEDULE="/mnt/volumes/statics/celerybeat-schedule"
 # CELERY__LOG_LEVEL="INFO"
 # CELERY__LOG_FILE="/var/log/celery.log"
 # CELERY__WORKER_NAME="worker1@%h"
+
+# PostgreSQL
+POSTGRESQL_MAX_CONNECTIONS=200
+
+# Common containers restart policy
+RESTART_POLICY_CONDITION="on-failure"
+RESTART_POLICY_DELAY="5s"
+RESTART_POLICY_MAX_ATTEMPTS="3"
+RESTART_POLICY_WINDOW=120s
+
+DEFAULT_MAX_UPLOAD_SIZE=5368709120
+DEFAULT_MAX_PARALLEL_UPLOADS_PER_USER=5
diff --git a/.env_dev b/.env_dev
index 88a2b273a4f..6119f68ebd6 100644
--- a/.env_dev
+++ b/.env_dev
@@ -1,6 +1,4 @@
 COMPOSE_PROJECT_NAME=geonode
-DOCKERHOST=
-DOCKER_HOST_IP=
 # See https://github.com/containers/podman/issues/13889
 # DOCKER_BUILDKIT=0
 DOCKER_ENV=production
@@ -13,15 +11,11 @@ C_FORCE_ROOT=1
 FORCE_REINIT=false
 INVOKE_LOG_STDOUT=true
 
-# LANGUAGE_CODE=pt
-# LANGUAGES=(('en','English'),('pt','Portuguese'))
+# LANGUAGE_CODE=it-it
+# LANGUAGES=(('en-us','English'),('it-it','Italiano'))
 
 DJANGO_SETTINGS_MODULE=geonode.settings
 GEONODE_INSTANCE_NAME=geonode
-GEONODE_LB_HOST_IP=
-GEONODE_LB_PORT=
-PUBLIC_PORT=80
-NGINX_BASE_URL=
 
 # #################
 # backend
@@ -64,8 +58,11 @@ HAYSTACK_SEARCH_RESULTS_PER_PAGE=200
 # nginx
 # HTTPD Server
 # #################
-GEONODE_LB_HOST_IP=localhost
-GEONODE_LB_PORT=80
+GEONODE_LB_HOST_IP=django
+GEONODE_LB_PORT=8000
+GEOSERVER_LB_HOST_IP=geoserver
+GEOSERVER_LB_PORT=8080
+NGINX_BASE_URL=http://localhost
 
 # IP or domain name and port where the server can be reached on HTTPS (leave HOST empty if you want to use HTTP only)
 # port where the server can be reached on HTTPS
@@ -95,8 +92,8 @@ GEOSERVER_LOCATION=http://localhost:8080/geoserver/
 GEOSERVER_ADMIN_USER=admin
 GEOSERVER_ADMIN_PASSWORD=geoserver
 
-OGC_REQUEST_TIMEOUT=60
-OGC_REQUEST_MAX_RETRIES=0
+OGC_REQUEST_TIMEOUT=30
+OGC_REQUEST_MAX_RETRIES=1
 OGC_REQUEST_BACKOFF_FACTOR=0.3
 OGC_REQUEST_POOL_MAXSIZE=10
 OGC_REQUEST_POOL_CONNECTIONS=10
@@ -104,12 +101,18 @@ OGC_REQUEST_POOL_CONNECTIONS=10
 # Java Options & Memory
 ENABLE_JSONP=true
 outFormat=text/javascript
-GEOSERVER_JAVA_OPTS="-Djava.awt.headless=true -Xms2G -Xmx4G -Dgwc.context.suffix=gwc -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=/var/log/jvm.log -XX:PerfDataSamplingInterval=500 -XX:SoftRefLRUPolicyMSPerMB=36000 -XX:-UseGCOverheadLimit -XX:+UseConcMarkSweepGC -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -Duser.timezone=GMT -Dorg.geotools.shapefile.datetime=false -DGS-SHAPEFILE-CHARSET=UTF-8 -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL=http://localhost:8080/geoserver/pdf -DALLOW_ENV_PARAMETRIZATION=true -Xbootclasspath/a:/usr/local/tomcat/webapps/geoserver/WEB-INF/lib/marlin-0.9.3-Unsafe.jar -Dsun.java2d.renderer=org.marlin.pisces.MarlinRenderingEngine"
+GEOSERVER_JAVA_OPTS='-Djava.awt.headless=true -Xms4G -Xmx4G -Dgwc.context.suffix=gwc -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=/var/log/jvm.log -XX:PerfDataSamplingInterval=500 -XX:SoftRefLRUPolicyMSPerMB=36000 -XX:-UseGCOverheadLimit -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -Duser.timezone=GMT -Dorg.geotools.shapefile.datetime=false -DGS-SHAPEFILE-CHARSET=UTF-8 -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL=http://localhost:8080/geoserver/pdf -DALLOW_ENV_PARAMETRIZATION=true -Xbootclasspath/a:/usr/local/tomcat/webapps/geoserver/WEB-INF/lib/marlin-0.9.3-Unsafe.jar -Dsun.java2d.renderer=org.marlin.pisces.MarlinRenderingEngine'
 
 # #################
 # Security
 # #################
 # Admin Settings
+#
+# ADMIN_PASSWORD is used to overwrite the GeoNode admin password **ONLY** the first time
+# GeoNode is run. If you need to overwrite it again, you need to set the env var FORCE_REINIT,
+# otherwise the invoke updateadmin task will be skipped and the current password already stored
+# in DB will honored.
+
 ADMIN_USERNAME=admin
 ADMIN_PASSWORD=admin
 ADMIN_EMAIL=admin@localhost
@@ -127,18 +130,25 @@ DEFAULT_FROM_EMAIL='GeoNode <no-reply@geonode.org>'
 
 # Session/Access Control
 LOCKDOWN_GEONODE=False
-CORS_ALLOW_ALL_ORIGINS=True
 X_FRAME_OPTIONS="SAMEORIGIN"
 SESSION_EXPIRED_CONTROL_ENABLED=True
 DEFAULT_ANONYMOUS_VIEW_PERMISSION=True
 DEFAULT_ANONYMOUS_DOWNLOAD_PERMISSION=True
 
+CORS_ALLOW_ALL_ORIGINS=True
+GEOSERVER_CORS_ENABLED=True
+GEOSERVER_CORS_ALLOWED_ORIGINS=*
+GEOSERVER_CORS_ALLOWED_METHODS=GET,POST,PUT,DELETE,HEAD,OPTIONS
+GEOSERVER_CORS_ALLOWED_HEADERS=*
+
 # Users Registration
 ACCOUNT_OPEN_SIGNUP=True
 ACCOUNT_EMAIL_REQUIRED=True
 ACCOUNT_APPROVAL_REQUIRED=False
 ACCOUNT_CONFIRM_EMAIL_ON_GET=False
 ACCOUNT_EMAIL_VERIFICATION=none
+ACCOUNT_EMAIL_CONFIRMATION_EMAIL=False
+ACCOUNT_EMAIL_CONFIRMATION_REQUIRED=False
 ACCOUNT_AUTHENTICATION_METHOD=username_email
 AUTO_ASSIGN_REGISTERED_MEMBERS_TO_REGISTERED_MEMBERS_GROUP_NAME=True
 
@@ -171,7 +181,7 @@ MEMCACHED_LOCATION=127.0.0.1:11211
 MEMCACHED_LOCK_EXPIRE=3600
 MEMCACHED_LOCK_TIMEOUT=10
 
-MAX_DOCUMENT_SIZE=2
+MAX_DOCUMENT_SIZE=200
 CLIENT_RESULTS_LIMIT=5
 API_LIMIT_PER_PAGE=1000
 
@@ -204,6 +214,11 @@ ADMIN_MODERATE_UPLOADS=False
 # PostgreSQL
 POSTGRESQL_MAX_CONNECTIONS=200
 
-# Upload Size Limiting
+# Common containers restart policy
+RESTART_POLICY_CONDITION="on-failure"
+RESTART_POLICY_DELAY="5s"
+RESTART_POLICY_MAX_ATTEMPTS="3"
+RESTART_POLICY_WINDOW=120s
+
 DEFAULT_MAX_UPLOAD_SIZE=5368709120
-DEFAULT_MAX_PARALLEL_UPLOADS_PER_USER=100
\ No newline at end of file
+DEFAULT_MAX_PARALLEL_UPLOADS_PER_USER=5
diff --git a/.env_local b/.env_local
index a19213926f2..48cba183d81 100644
--- a/.env_local
+++ b/.env_local
@@ -1,6 +1,4 @@
 COMPOSE_PROJECT_NAME=geonode
-DOCKERHOST=
-DOCKER_HOST_IP=
 # See https://github.com/containers/podman/issues/13889
 # DOCKER_BUILDKIT=0
 DOCKER_ENV=production
@@ -13,15 +11,11 @@ C_FORCE_ROOT=1
 FORCE_REINIT=false
 INVOKE_LOG_STDOUT=true
 
-# LANGUAGE_CODE=pt
-# LANGUAGES=(('en','English'),('pt','Portuguese'))
+# LANGUAGE_CODE=it-it
+# LANGUAGES=(('en-us','English'),('it-it','Italiano'))
 
 DJANGO_SETTINGS_MODULE=geonode.settings
 GEONODE_INSTANCE_NAME=geonode
-GEONODE_LB_HOST_IP=
-GEONODE_LB_PORT=
-PUBLIC_PORT=80
-NGINX_BASE_URL=
 
 # #################
 # backend
@@ -64,8 +58,11 @@ HAYSTACK_SEARCH_RESULTS_PER_PAGE=200
 # nginx
 # HTTPD Server
 # #################
-GEONODE_LB_HOST_IP=localhost
-GEONODE_LB_PORT=80
+GEONODE_LB_HOST_IP=django
+GEONODE_LB_PORT=8000
+GEOSERVER_LB_HOST_IP=geoserver
+GEOSERVER_LB_PORT=8080
+NGINX_BASE_URL=https://localhost
 
 # IP or domain name and port where the server can be reached on HTTPS (leave HOST empty if you want to use HTTP only)
 # port where the server can be reached on HTTPS
@@ -104,12 +101,18 @@ OGC_REQUEST_POOL_CONNECTIONS=10
 # Java Options & Memory
 ENABLE_JSONP=true
 outFormat=text/javascript
-GEOSERVER_JAVA_OPTS="-Djava.awt.headless=true -Xms2G -Xmx4G -Dgwc.context.suffix=gwc -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=/var/log/jvm.log -XX:PerfDataSamplingInterval=500 -XX:SoftRefLRUPolicyMSPerMB=36000 -XX:-UseGCOverheadLimit -XX:+UseConcMarkSweepGC -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -Duser.timezone=GMT -Dorg.geotools.shapefile.datetime=false -DGS-SHAPEFILE-CHARSET=UTF-8 -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL=http://localhost:8080/geoserver/pdf -DALLOW_ENV_PARAMETRIZATION=true -Xbootclasspath/a:/usr/local/tomcat/webapps/geoserver/WEB-INF/lib/marlin-0.9.3-Unsafe.jar -Dsun.java2d.renderer=org.marlin.pisces.MarlinRenderingEngine"
+GEOSERVER_JAVA_OPTS='-Djava.awt.headless=true -Xms4G -Xmx4G -Dgwc.context.suffix=gwc -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=/var/log/jvm.log -XX:PerfDataSamplingInterval=500 -XX:SoftRefLRUPolicyMSPerMB=36000 -XX:-UseGCOverheadLimit -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -Duser.timezone=GMT -Dorg.geotools.shapefile.datetime=false -DGS-SHAPEFILE-CHARSET=UTF-8 -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL=http://localhost:8080/geoserver/pdf -DALLOW_ENV_PARAMETRIZATION=true -Xbootclasspath/a:/usr/local/tomcat/webapps/geoserver/WEB-INF/lib/marlin-0.9.3-Unsafe.jar -Dsun.java2d.renderer=org.marlin.pisces.MarlinRenderingEngine'
 
 # #################
 # Security
 # #################
 # Admin Settings
+#
+# ADMIN_PASSWORD is used to overwrite the GeoNode admin password **ONLY** the first time
+# GeoNode is run. If you need to overwrite it again, you need to set the env var FORCE_REINIT,
+# otherwise the invoke updateadmin task will be skipped and the current password already stored
+# in DB will honored.
+
 ADMIN_USERNAME=admin
 ADMIN_PASSWORD=admin
 ADMIN_EMAIL=admin@localhost
@@ -127,18 +130,25 @@ DEFAULT_FROM_EMAIL='GeoNode <no-reply@geonode.org>'
 
 # Session/Access Control
 LOCKDOWN_GEONODE=False
-CORS_ALLOW_ALL_ORIGINS=True
 X_FRAME_OPTIONS="SAMEORIGIN"
 SESSION_EXPIRED_CONTROL_ENABLED=True
 DEFAULT_ANONYMOUS_VIEW_PERMISSION=True
 DEFAULT_ANONYMOUS_DOWNLOAD_PERMISSION=True
 
+CORS_ALLOW_ALL_ORIGINS=True
+GEOSERVER_CORS_ENABLED=True
+GEOSERVER_CORS_ALLOWED_ORIGINS=*
+GEOSERVER_CORS_ALLOWED_METHODS=GET,POST,PUT,DELETE,HEAD,OPTIONS
+GEOSERVER_CORS_ALLOWED_HEADERS=*
+
 # Users Registration
 ACCOUNT_OPEN_SIGNUP=True
 ACCOUNT_EMAIL_REQUIRED=True
 ACCOUNT_APPROVAL_REQUIRED=False
 ACCOUNT_CONFIRM_EMAIL_ON_GET=False
 ACCOUNT_EMAIL_VERIFICATION=none
+ACCOUNT_EMAIL_CONFIRMATION_EMAIL=False
+ACCOUNT_EMAIL_CONFIRMATION_REQUIRED=False
 ACCOUNT_AUTHENTICATION_METHOD=username_email
 AUTO_ASSIGN_REGISTERED_MEMBERS_TO_REGISTERED_MEMBERS_GROUP_NAME=True
 
@@ -171,7 +181,7 @@ MEMCACHED_LOCATION=127.0.0.1:11211
 MEMCACHED_LOCK_EXPIRE=3600
 MEMCACHED_LOCK_TIMEOUT=10
 
-MAX_DOCUMENT_SIZE=2
+MAX_DOCUMENT_SIZE=200
 CLIENT_RESULTS_LIMIT=5
 API_LIMIT_PER_PAGE=1000
 
@@ -182,7 +192,7 @@ BING_API_KEY=
 GOOGLE_API_KEY=
 
 # Monitoring
-MONITORING_ENABLED=True
+MONITORING_ENABLED=False
 MONITORING_DATA_TTL=365
 USER_ANALYTICS_ENABLED=True
 USER_ANALYTICS_GZIP=True
@@ -204,6 +214,11 @@ ADMIN_MODERATE_UPLOADS=False
 # PostgreSQL
 POSTGRESQL_MAX_CONNECTIONS=200
 
-# Upload Size Limiting
+# Common containers restart policy
+RESTART_POLICY_CONDITION="on-failure"
+RESTART_POLICY_DELAY="5s"
+RESTART_POLICY_MAX_ATTEMPTS="3"
+RESTART_POLICY_WINDOW=120s
+
 DEFAULT_MAX_UPLOAD_SIZE=5368709120
-DEFAULT_MAX_PARALLEL_UPLOADS_PER_USER=100
\ No newline at end of file
+DEFAULT_MAX_PARALLEL_UPLOADS_PER_USER=5
diff --git a/.env_test b/.env_test
index 9eed802d452..fb1910d57b1 100644
--- a/.env_test
+++ b/.env_test
@@ -1,6 +1,4 @@
 COMPOSE_PROJECT_NAME=geonode
-DOCKERHOST=
-DOCKER_HOST_IP=
 # See https://github.com/containers/podman/issues/13889
 # DOCKER_BUILDKIT=0
 DOCKER_ENV=production
@@ -13,15 +11,11 @@ C_FORCE_ROOT=1
 FORCE_REINIT=false
 INVOKE_LOG_STDOUT=true
 
-# LANGUAGE_CODE=pt
-# LANGUAGES=(('en','English'),('pt','Portuguese'))
+# LANGUAGE_CODE=it-it
+# LANGUAGES=(('en-us','English'),('it-it','Italiano'))
 
 DJANGO_SETTINGS_MODULE=geonode.settings
 GEONODE_INSTANCE_NAME=geonode
-GEONODE_LB_HOST_IP=
-GEONODE_LB_PORT=
-PUBLIC_PORT=80
-NGINX_BASE_URL=
 
 # #################
 # backend
@@ -47,7 +41,7 @@ BROKER_URL=amqp://guest:guest@rabbitmq:5672/
 CELERY_BEAT_SCHEDULER=celery.beat:PersistentScheduler
 ASYNC_SIGNALS=True
 
-SITEURL=http://localhost:8001/
+SITEURL=http://localhost:8000/
 
 ALLOWED_HOSTS="['django', '*']"
 
@@ -64,15 +58,18 @@ HAYSTACK_SEARCH_RESULTS_PER_PAGE=200
 # nginx
 # HTTPD Server
 # #################
-GEONODE_LB_HOST_IP=localhost
-GEONODE_LB_PORT=80
+GEONODE_LB_HOST_IP=django
+GEONODE_LB_PORT=8000
+GEOSERVER_LB_HOST_IP=geoserver
+GEOSERVER_LB_PORT=8080
+NGINX_BASE_URL=http://localhost
 
 # IP or domain name and port where the server can be reached on HTTPS (leave HOST empty if you want to use HTTP only)
 # port where the server can be reached on HTTPS
 HTTP_HOST=localhost
 HTTPS_HOST=
 
-HTTP_PORT=8001
+HTTP_PORT=8000
 HTTPS_PORT=443
 
 # Let's Encrypt certificates for https encryption. You must have a domain name as HTTPS_HOST (doesn't work
@@ -89,7 +86,7 @@ RESOLVER=127.0.0.11
 # #################
 # geoserver
 # #################
-GEOSERVER_WEB_UI_LOCATION=http://localhost:8001/geoserver/
+GEOSERVER_WEB_UI_LOCATION=http://localhost:8000/geoserver/
 GEOSERVER_PUBLIC_LOCATION=http://localhost/geoserver/
 GEOSERVER_LOCATION=http://geoserver:8080/geoserver/
 GEOSERVER_ADMIN_USER=admin
@@ -105,12 +102,12 @@ OGC_REQUEST_POOL_CONNECTIONS=10
 # catalogue
 # #################
 CATALOGUE_ENGINE=geonode.catalogue.backends.pycsw_local
-CATALOGUE_URL=http://localhost:8001/catalogue/csw
+CATALOGUE_URL=http://localhost:8000/catalogue/csw
 
 # Java Options & Memory
 ENABLE_JSONP=true
 outFormat=text/javascript
-GEOSERVER_JAVA_OPTS="-Djava.awt.headless=true -Xms2G -Xmx4G -Dgwc.context.suffix=gwc -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=/var/log/jvm.log -XX:PerfDataSamplingInterval=500 -XX:SoftRefLRUPolicyMSPerMB=36000 -XX:-UseGCOverheadLimit -XX:+UseConcMarkSweepGC -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -Duser.timezone=GMT -Dorg.geotools.shapefile.datetime=false -DGS-SHAPEFILE-CHARSET=UTF-8 -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL=http://localhost:8001/geoserver/pdf -DALLOW_ENV_PARAMETRIZATION=true -Xbootclasspath/a:/usr/local/tomcat/webapps/geoserver/WEB-INF/lib/marlin-0.9.3-Unsafe.jar -Dsun.java2d.renderer=org.marlin.pisces.MarlinRenderingEngine"
+GEOSERVER_JAVA_OPTS='-Djava.awt.headless=true -Xms4G -Xmx4G -Dgwc.context.suffix=gwc -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=/var/log/jvm.log -XX:PerfDataSamplingInterval=500 -XX:SoftRefLRUPolicyMSPerMB=36000 -XX:-UseGCOverheadLimit -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -Duser.timezone=GMT -Dorg.geotools.shapefile.datetime=false -DGS-SHAPEFILE-CHARSET=UTF-8 -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL=http://localhost/geoserver/pdf -DALLOW_ENV_PARAMETRIZATION=true -Xbootclasspath/a:/usr/local/tomcat/webapps/geoserver/WEB-INF/lib/marlin-0.9.3-Unsafe.jar -Dsun.java2d.renderer=org.marlin.pisces.MarlinRenderingEngine'
 
 # #################
 # Security
@@ -139,18 +136,25 @@ DEFAULT_FROM_EMAIL='GeoNode <no-reply@geonode.org>'
 
 # Session/Access Control
 LOCKDOWN_GEONODE=False
-CORS_ALLOW_ALL_ORIGINS=True
 X_FRAME_OPTIONS="SAMEORIGIN"
 SESSION_EXPIRED_CONTROL_ENABLED=True
 DEFAULT_ANONYMOUS_VIEW_PERMISSION=True
 DEFAULT_ANONYMOUS_DOWNLOAD_PERMISSION=True
 
+CORS_ALLOW_ALL_ORIGINS=True
+GEOSERVER_CORS_ENABLED=True
+GEOSERVER_CORS_ALLOWED_ORIGINS=*
+GEOSERVER_CORS_ALLOWED_METHODS=GET,POST,PUT,DELETE,HEAD,OPTIONS
+GEOSERVER_CORS_ALLOWED_HEADERS=*
+
 # Users Registration
 ACCOUNT_OPEN_SIGNUP=True
 ACCOUNT_EMAIL_REQUIRED=True
 ACCOUNT_APPROVAL_REQUIRED=False
 ACCOUNT_CONFIRM_EMAIL_ON_GET=False
 ACCOUNT_EMAIL_VERIFICATION=none
+ACCOUNT_EMAIL_CONFIRMATION_EMAIL=False
+ACCOUNT_EMAIL_CONFIRMATION_REQUIRED=False
 ACCOUNT_AUTHENTICATION_METHOD=username_email
 AUTO_ASSIGN_REGISTERED_MEMBERS_TO_REGISTERED_MEMBERS_GROUP_NAME=True
 
@@ -186,7 +190,7 @@ MEMCACHED_LOCATION=127.0.0.1:11211
 MEMCACHED_LOCK_EXPIRE=3600
 MEMCACHED_LOCK_TIMEOUT=10
 
-MAX_DOCUMENT_SIZE=2
+MAX_DOCUMENT_SIZE=200
 CLIENT_RESULTS_LIMIT=5
 API_LIMIT_PER_PAGE=1000
 
@@ -219,6 +223,17 @@ ADMIN_MODERATE_UPLOADS=False
 # PostgreSQL
 POSTGRESQL_MAX_CONNECTIONS=200
 
-# Upload Size Limiting
+# Common containers restart policy
+RESTART_POLICY_CONDITION="on-failure"
+RESTART_POLICY_DELAY="5s"
+RESTART_POLICY_MAX_ATTEMPTS="3"
+RESTART_POLICY_WINDOW=120s
+
 DEFAULT_MAX_UPLOAD_SIZE=5368709120
-DEFAULT_MAX_PARALLEL_UPLOADS_PER_USER=100
\ No newline at end of file
+DEFAULT_MAX_PARALLEL_UPLOADS_PER_USER=100
+
+# Azure AD
+MICROSOFT_TENANT_ID=
+AZURE_CLIENT_ID=
+AZURE_SECRET_KEY=
+AZURE_KEY=
diff --git a/.gitignore b/.gitignore
index bfe33426c44..7a455624878 100644
--- a/.gitignore
+++ b/.gitignore
@@ -95,3 +95,5 @@ scripts/spcgeonode/_volume_*
 # Docker Hub hooks
 !hooks/*
 
+.env
+
diff --git a/Dockerfile b/Dockerfile
index c09545fcf3b..0805c6494d6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -28,8 +28,13 @@ RUN chmod +x /usr/bin/celery-cmd
 # RUN cd /usr/src/geonode-contribs/geonode-logstash; pip install --upgrade  -e . \
 #     cd /usr/src/geonode-contribs/ldap; pip install --upgrade  -e .
 
-RUN pip install --upgrade --no-cache-dir  --src /usr/src -r requirements.txt
-RUN pip install --upgrade  -e .
+RUN yes w | pip install --src /usr/src -Ur requirements.txt
+RUN yes w | pip install --upgrade -e .
+
+# Cleanup apt update lists
+RUN apt-get autoremove --purge
+RUN apt-get clean
+RUN rm -rf /var/lib/apt/lists/*
 
 # Export ports
 EXPOSE 8000
diff --git a/README.md b/README.md
index db5ca65a4b3..8ec744e587e 100644
--- a/README.md
+++ b/README.md
@@ -7,6 +7,7 @@ Table of Contents
 - [Table of Contents](#table-of-contents)
   - [What is GeoNode?](#what-is-geonode)
   - [Try out GeoNode](#try-out-geonode)
+  - [Quick Docker Start](#quick-docker-start)
   - [Install](#install)
   - [Learn GeoNode](#learn-geonode)
   - [Development](#development)
@@ -47,17 +48,51 @@ maps, editing metadata, styles and much more. To get an overview what
 GeoNode can do we recommend to have a look at the [Users
 Workshop](https://docs.geonode.org/en/master/usage/index.html).
 
+Quick Docker Start
+------------------
+
+  ```bash
+    python3.10 -m venv ~/.venvs/geonode
+    source ~/.venvs/geonode/bin/activate
+
+    pip install Django==3.2.*
+  ```
+  ```bash
+    python create-envfile.py
+  ```
+`create-envfile.py` accepts the following arguments:
+
+- `--https`: Enable SSL. It's disabled by default
+- `--env_type`: 
+   - When set to `prod` `DEBUG` is disabled and the creation of a valid `SSL` is requested to Letsencrypt's ACME server
+   - When set to `test`  `DEBUG` is disabled and a test `SSL` certificate is generated for local testing
+   - When set to `dev`  `DEBUG` is enabled and no `SSL` certificate is generated
+- `--hostname`: The URL that whill serve GeoNode (`localhost` by default)
+- `--email`: The administrator's email. Notice that a real email and a valid SMPT configurations are required if  `--env_type` is seto to `prod`. Letsencrypt uses to email for issuing the SSL certificate 
+- `--geonodepwd`: GeoNode's administrator password. A random value is set if left empty
+- `--geoserverpwd`: GeoNode's administrator password. A random value is set if left empty
+- `--pgpwd`: PostgreSQL's administrator password. A random value is set if left empty
+- `--dbpwd`: GeoNode DB user role's password. A random value is set if left empty
+- `--geodbpwd`: GeoNode data DB user role's password. A random value is set if left empty
+- `--clientid`: Client id of Geoserver's GeoNode Oauth2 client. A random value is set if left empty
+- `--clientsecret`: Client secret of Geoserver's GeoNode Oauth2 client. A random value is set if left empty
+
+```bash
+  docker compose build
+  docker compose up -d
+```
+
 Install
 -------
 
-    The latest official release is 4.0.2!
+    The latest official release is 4.1.0!
 
 GeoNode can be setup in different ways, flavors and plattforms. If
 you´re planning to do development or install for production please visit
 the offical GeoNode installation documentation:
 
 - [Docker](https://docs.geonode.org/en/master/install/advanced/core/index.html#docker)
-- [Ubuntu 20.04 LTS](https://docs.geonode.org/en/master/install/advanced/core/index.html#ubuntu-20-04lts)
+- [Ubuntu 22.04](https://docs.geonode.org/en/master/install/advanced/core/index.html#ubuntu-22-04)
 
 Learn GeoNode
 -------------
diff --git a/create-envfile.py b/create-envfile.py
new file mode 100644
index 00000000000..c910e912618
--- /dev/null
+++ b/create-envfile.py
@@ -0,0 +1,185 @@
+# -*- coding: utf-8 -*-
+#########################################################################
+#
+# Copyright (C) 2022 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+import argparse
+import json
+import logging
+import os
+import random
+import re
+import string
+import sys
+import ast
+
+dir_path = os.path.dirname(os.path.realpath(__file__))
+
+logger = logging.getLogger()
+handler = logging.StreamHandler(sys.stdout)
+logger.setLevel(logging.INFO)
+formatter = logging.Formatter("%(levelname)s - %(message)s")
+handler.setFormatter(formatter)
+logger.addHandler(handler)
+
+
+def shuffle(chars):
+    chars_as_list = list(chars)
+    random.shuffle(chars_as_list)
+    return "".join(chars_as_list)
+
+
+_simple_chars = shuffle(string.ascii_letters + string.digits)
+_strong_chars = shuffle(
+    string.ascii_letters + string.digits + string.punctuation.replace('"', "").replace("'", "").replace("`", "")
+)
+
+
+def generate_env_file(args):
+    # validity checks
+    if not os.path.exists(args.sample_file):
+        logger.error(f"File does not exists {args.sample_file}")
+        raise FileNotFoundError
+
+    if args.file and not os.path.isfile(args.file):
+        logger.error(f"File does not exists: {args.file}")
+        raise FileNotFoundError
+
+    if args.https and not args.email:
+        raise Exception("With HTTPS enabled, the email parameter is required")
+
+    _sample_file = None
+    with open(args.sample_file, "r+") as sample_file:
+        _sample_file = sample_file.read()
+
+    if not _sample_file:
+        raise Exception("Sample file is empty!")
+
+    def _get_vals_to_replace(args):
+        _config = ["sample_file", "file", "env_type", "https", "email"]
+        _jsfile = {}
+        if args.file:
+            with open(args.file) as _json_file:
+                _jsfile = json.load(_json_file)
+
+        _vals_to_replace = {key: _jsfile.get(key, val) for key, val in vars(args).items() if key not in _config}
+        tcp = "https" if ast.literal_eval(f"{_jsfile.get('https', args.https)}".capitalize()) else "http"
+
+        _vals_to_replace["public_port"] = (
+            "443" if ast.literal_eval(f"{_jsfile.get('https', args.https)}".capitalize()) else "80"
+        )
+        _vals_to_replace["http_host"] = _jsfile.get("hostname", args.hostname) if tcp == "http" else ""
+        _vals_to_replace["https_host"] = _jsfile.get("hostname", args.hostname) if tcp == "https" else ""
+
+        _vals_to_replace["siteurl"] = f"{tcp}://{_jsfile.get('hostname', args.hostname)}"
+        _vals_to_replace["secret_key"] = _jsfile.get("secret_key", args.secret_key) or "".join(
+            random.choice(_strong_chars) for _ in range(50)
+        )
+        _vals_to_replace["letsencrypt_mode"] = (
+            "disabled"
+            if not _vals_to_replace.get("https_host")
+            else "staging"
+            if _jsfile.get("env_type", args.env_type) in ["test"]
+            else "production"
+        )
+        _vals_to_replace["debug"] = False if _jsfile.get("env_type", args.env_type) in ["prod", "test"] else True
+        _vals_to_replace["email"] = _jsfile.get("email", args.email)
+
+        if tcp == "https" and not _vals_to_replace["email"]:
+            raise Exception("With HTTPS enabled, the email parameter is required")
+
+        return {**_jsfile, **_vals_to_replace}
+
+    for key, val in _get_vals_to_replace(args).items():
+        _val = val or "".join(random.choice(_simple_chars) for _ in range(15))
+        if isinstance(val, bool) or key in ["email", "http_host", "https_host"]:
+            _val = str(val)
+        _sample_file = re.sub(
+            "{" + key + "}",
+            lambda _: _val,
+            _sample_file,
+        )
+
+    with open(f"{dir_path}/.env", "w+") as output_env:
+        output_env.write(_sample_file)
+    logger.info(f".env file created: {dir_path}/.env")
+
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(
+        prog="ENV file builder",
+        description="Tool for generate environment file automatically. The information can be passed or via CLI or via JSON file ( --file /path/env.json)",
+        usage="python create-envfile.py localhost -f /path/to/json/file.json",
+        allow_abbrev=False
+    )
+    parser.add_argument(
+        "--noinput",
+        "--no-input",
+        action="store_false",
+        dest="confirmation",
+        help=("skips prompting for confirmation."),
+    )
+    parser.add_argument(
+        "-hn",
+        "--hostname",
+        help=f"Host name, default localhost",
+        default="localhost",
+    )
+
+    # expected path as a value
+    parser.add_argument(
+        "-sf",
+        "--sample_file",
+        help=f"Path of the sample file to use as a template. Default is: {dir_path}/.env.sample",
+        default=f"{dir_path}/.env.sample",
+    )
+    parser.add_argument(
+        "-f",
+        "--file",
+        help="absolute path of the file with the configuration. Note: we expect that the keys of the dictionary have the same name as the CLI params",
+    )
+    # booleans
+    parser.add_argument("--https", action="store_true", default=False, help="If provided, https is used")
+    # strings
+    parser.add_argument("--email", help="Admin email, this field is required if https is enabled")
+
+    parser.add_argument("--geonodepwd", help="GeoNode admin password")
+    parser.add_argument("--geoserverpwd", help="Geoserver admin password")
+    parser.add_argument("--pgpwd", help="PostgreSQL password")
+    parser.add_argument("--dbpwd", help="GeoNode DB user password")
+    parser.add_argument("--geodbpwd", help="Geodatabase user password")
+    parser.add_argument("--clientid", help="Oauth2 client id")
+    parser.add_argument("--clientsecret", help="Oauth2 client secret")
+    parser.add_argument("--secret_key", help="Django Secret Key")
+
+    parser.add_argument(
+        "--env_type",
+        help="Development/production or test",
+        choices=["prod", "test", "dev"],
+        default="prod",
+    )
+
+    args = parser.parse_args()
+
+    if not args.confirmation:
+        generate_env_file(args)
+    else:
+        overwrite_env = input("This action will overwrite any existing .env file. Do you wish to continue? (y/n)")
+        if overwrite_env not in ["y", "n"]:
+            logger.error("Please enter a valid response")
+        if overwrite_env == "y":
+            generate_env_file(args)
diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml
index 1ba2fec619f..0ac801a9621 100644
--- a/docker-compose-dev.yml
+++ b/docker-compose-dev.yml
@@ -3,12 +3,12 @@ version: '3.9'
 # Common Django template for GeoNode and Celery services below
 x-common-django:
   &default-common-django
-  image: geonode:local
-  restart: on-failure
+  image: geonode/geonode:local
+  restart: unless-stopped
   env_file:
     - .env
   volumes:
-    # - '.:/usr/src/geonode'
+    - '.:/usr/src/geonode'
     - statics:/mnt/volumes/statics
     - geoserver-data-dir:/geoserver_data/data
     - backup-restore:/backup_restore
@@ -17,8 +17,6 @@ x-common-django:
   depends_on:
     db:
       condition: service_healthy
-    geoserver:
-      condition: service_healthy
 
 services:
 
@@ -30,11 +28,11 @@ services:
       dockerfile: Dockerfile
     container_name: django4${COMPOSE_PROJECT_NAME}
     healthcheck:
-      test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://127.0.0.1:8001/"
+      test: "curl -m 10 --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://django:8000/"
       start_period: 60s
       interval: 60s
       timeout: 10s
-      retries: 10
+      retries: 2
     environment:
       - IS_CELERY=False
     entrypoint: ["/usr/src/geonode/entrypoint.sh"]
@@ -43,10 +41,10 @@ services:
   # Celery worker that executes celery tasks created by Django.
   celery:
     << : *default-common-django
-    image: geonode:local
     container_name: celery4${COMPOSE_PROJECT_NAME}
     depends_on:
-      - django
+      django:
+        condition: service_healthy
     environment:
       - IS_CELERY=True
     entrypoint: ["/usr/src/geonode/entrypoint.sh"]
@@ -54,15 +52,12 @@ services:
 
   # Nginx is serving django static and media files and proxies to django and geonode
   geonode:
-    image: geonode/nginx:4.0
+    image: geonode/nginx:1.25.1
     build: ./scripts/docker/nginx/
     container_name: nginx4${COMPOSE_PROJECT_NAME}
+    env_file:
+      - .env
     environment:
-      - HTTPS_HOST=${HTTPS_HOST}
-      - HTTP_HOST=${HTTP_HOST}
-      - HTTPS_PORT=${HTTPS_PORT}
-      - HTTP_PORT=${HTTP_PORT}
-      - LETSENCRYPT_MODE=${LETSENCRYPT_MODE}
       - RESOLVER=127.0.0.11
     ports:
       - "${HTTP_PORT}:80"
@@ -71,46 +66,45 @@ services:
       - nginx-confd:/etc/nginx
       - nginx-certificates:/geonode-certificates
       - statics:/mnt/volumes/statics
-    restart: on-failure
+    restart: unless-stopped
 
   # Gets and installs letsencrypt certificates
   letsencrypt:
-    image: geonode/letsencrypt:4.0
+    image: geonode/letsencrypt:latest
     build: ./scripts/docker/letsencrypt/
     container_name: letsencrypt4${COMPOSE_PROJECT_NAME}
-    environment:
-      - HTTPS_HOST=${HTTPS_HOST}
-      - HTTP_HOST=${HTTP_HOST}
-      - ADMIN_EMAIL=${ADMIN_EMAIL}
-      - LETSENCRYPT_MODE=${LETSENCRYPT_MODE}
+    env_file:
+      - .env
     volumes:
       - nginx-certificates:/geonode-certificates
-    restart: on-failure
+    restart: unless-stopped
 
   # Geoserver backend
   geoserver:
     image: geonode/geoserver:2.23.0
     container_name: geoserver4${COMPOSE_PROJECT_NAME}
     healthcheck:
-      test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://127.0.0.1:8080/geoserver/ows"
+      test: "curl -m 10 --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://geoserver:8080/geoserver/ows"
       start_period: 60s
       interval: 60s
       timeout: 10s
-      retries: 10
+      retries: 2
     env_file:
       - .env
+    ports:
+      - "8080:8080"
     volumes:
       - statics:/mnt/volumes/statics
       - geoserver-data-dir:/geoserver_data/data
       - backup-restore:/backup_restore
       - data:/data
       - tmp:/tmp
-    restart: on-failure
+    restart: unless-stopped
     depends_on:
-      db:
-        condition: service_healthy
       data-dir-conf:
         condition: service_healthy
+      django:
+        condition: service_healthy
 
   data-dir-conf:
     image: geonode/geoserver_data:2.23.0
@@ -118,14 +112,14 @@ services:
     entrypoint: sleep infinity
     volumes:
       - geoserver-data-dir:/geoserver_data/data
-    restart: on-failure
+    restart: unless-stopped
     healthcheck:
       test: "ls -A '/geoserver_data/data' | wc -l"
 
   # PostGIS database.
   db:
-    # use geonode official postgis 13 image
-    image: geonode/postgis:13
+    # use geonode official postgis 15 image
+    image: geonode/postgis:15
     command: postgres -c "max_connections=${POSTGRESQL_MAX_CONNECTIONS}"
     container_name: db4${COMPOSE_PROJECT_NAME}
     env_file:
@@ -133,7 +127,7 @@ services:
     volumes:
       - dbdata:/var/lib/postgresql/data
       - dbbackups:/pg_backups
-    restart: on-failure
+    restart: unless-stopped
     healthcheck:
       test: "pg_isready -d postgres -U postgres"
     # uncomment to enable remote connections to postgres
@@ -142,11 +136,11 @@ services:
 
   # Vanilla RabbitMQ service. This is needed by celery
   rabbitmq:
-    image: rabbitmq:3.7-alpine
+    image: rabbitmq:3-alpine
     container_name: rabbitmq4${COMPOSE_PROJECT_NAME}
     volumes:
       - rabbitmq:/var/lib/rabbitmq
-    restart: on-failure
+    restart: unless-stopped
 
 volumes:
   statics:
diff --git a/docker-compose-test.yml b/docker-compose-test.yml
index de398f099a7..762183a5eac 100644
--- a/docker-compose-test.yml
+++ b/docker-compose-test.yml
@@ -3,8 +3,8 @@ version: '3.9'
 # Common Django template for GeoNode and Celery services below
 x-common-django:
   &default-common-django
-  image: geonode/geonode:4.0
-  restart: on-failure
+  image: geonode/geonode:latest-ubuntu-22.10
+  restart: unless-stopped
   env_file:
     - .env_test
   volumes:
@@ -17,8 +17,6 @@ x-common-django:
   depends_on:
     db:
       condition: service_healthy
-    geoserver:
-      condition: service_healthy
 
 services:
 
@@ -30,11 +28,11 @@ services:
       dockerfile: Dockerfile
     container_name: django4${COMPOSE_PROJECT_NAME}
     healthcheck:
-      test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://127.0.0.1:8001/"
+      test: "curl -m 10 --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://django:8000/"
       start_period: 60s
       interval: 60s
       timeout: 10s
-      retries: 10
+      retries: 2
     environment:
       - IS_CELERY=False
     entrypoint: ["/usr/src/geonode/entrypoint.sh"]
@@ -43,10 +41,10 @@ services:
   # Celery worker that executes celery tasks created by Django.
   celery:
     << : *default-common-django
-    image: geonode/geonode:4.0
     container_name: celery4${COMPOSE_PROJECT_NAME}
     depends_on:
-      - django
+      django:
+        condition: service_healthy
     environment:
       - IS_CELERY=True
     entrypoint: ["/usr/src/geonode/entrypoint.sh"]
@@ -54,15 +52,12 @@ services:
 
   # Nginx is serving django static and media files and proxies to django and geonode
   geonode:
-    image: geonode/nginx:4.0
+    image: geonode/nginx:1.25.1
     build: ./scripts/docker/nginx/
     container_name: nginx4${COMPOSE_PROJECT_NAME}
+    env_file:
+      - .env_test
     environment:
-      - HTTPS_HOST=${HTTPS_HOST}
-      - HTTP_HOST=${HTTP_HOST}
-      - HTTPS_PORT=${HTTPS_PORT}
-      - HTTP_PORT=${HTTP_PORT}
-      - LETSENCRYPT_MODE=${LETSENCRYPT_MODE}
       - RESOLVER=127.0.0.11
     ports:
       - "${HTTP_PORT}:80"
@@ -71,46 +66,45 @@ services:
       - nginx-confd:/etc/nginx
       - nginx-certificates:/geonode-certificates
       - statics:/mnt/volumes/statics
-    restart: on-failure
+    restart: unless-stopped
 
   # Gets and installs letsencrypt certificates
   letsencrypt:
-    image: geonode/letsencrypt:4.0
+    image: geonode/letsencrypt:latest
     build: ./scripts/docker/letsencrypt/
     container_name: letsencrypt4${COMPOSE_PROJECT_NAME}
-    environment:
-      - HTTPS_HOST=${HTTPS_HOST}
-      - HTTP_HOST=${HTTP_HOST}
-      - ADMIN_EMAIL=${ADMIN_EMAIL}
-      - LETSENCRYPT_MODE=${LETSENCRYPT_MODE}
+    env_file:
+      - .env_test
     volumes:
       - nginx-certificates:/geonode-certificates
-    restart: on-failure
+    restart: unless-stopped
 
   # Geoserver backend
   geoserver:
     image: geonode/geoserver:2.23.0
     container_name: geoserver4${COMPOSE_PROJECT_NAME}
     healthcheck:
-      test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://127.0.0.1:8080/geoserver/ows"
+      test: "curl -m 10 --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://geoserver:8080/geoserver/ows"
       start_period: 60s
       interval: 60s
       timeout: 10s
-      retries: 10
+      retries: 2
     env_file:
       - .env_test
+    ports:
+      - "8080:8080"
     volumes:
       - statics:/mnt/volumes/statics
       - geoserver-data-dir:/geoserver_data/data
       - backup-restore:/backup_restore
       - data:/data
       - tmp:/tmp
-    restart: on-failure
+    restart: unless-stopped
     depends_on:
-      db:
-        condition: service_healthy
       data-dir-conf:
         condition: service_healthy
+      django:
+        condition: service_healthy
 
   data-dir-conf:
     image: geonode/geoserver_data:2.23.0
@@ -118,14 +112,14 @@ services:
     entrypoint: sleep infinity
     volumes:
       - geoserver-data-dir:/geoserver_data/data
-    restart: on-failure
+    restart: unless-stopped
     healthcheck:
       test: "ls -A '/geoserver_data/data' | wc -l"
 
   # PostGIS database.
   db:
-    # use geonode official postgis 13 image
-    image: geonode/postgis:13
+    # use geonode official postgis 15 image
+    image: geonode/postgis:15
     command: postgres -c "max_connections=${POSTGRESQL_MAX_CONNECTIONS}"
     container_name: db4${COMPOSE_PROJECT_NAME}
     env_file:
@@ -133,7 +127,7 @@ services:
     volumes:
       - dbdata:/var/lib/postgresql/data
       - dbbackups:/pg_backups
-    restart: on-failure
+    restart: unless-stopped
     healthcheck:
       test: "pg_isready -d postgres -U postgres"
     # uncomment to enable remote connections to postgres
@@ -142,11 +136,11 @@ services:
 
   # Vanilla RabbitMQ service. This is needed by celery
   rabbitmq:
-    image: rabbitmq:3.7-alpine
+    image: rabbitmq:3-alpine
     container_name: rabbitmq4${COMPOSE_PROJECT_NAME}
     volumes:
       - rabbitmq:/var/lib/rabbitmq
-    restart: on-failure
+    restart: unless-stopped
 
 volumes:
   statics:
diff --git a/docker-compose.yml b/docker-compose.yml
index d87342e2ad4..853231d824a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,7 +8,6 @@ x-common-django:
   env_file:
     - .env
   volumes:
-    # - '.:/usr/src/geonode'
     - statics:/mnt/volumes/statics
     - geoserver-data-dir:/geoserver_data/data
     - backup-restore:/backup_restore
@@ -17,8 +16,6 @@ x-common-django:
   depends_on:
     db:
       condition: service_healthy
-    geoserver:
-      condition: service_healthy
 
 services:
 
@@ -27,11 +24,11 @@ services:
     << : *default-common-django
     container_name: django4${COMPOSE_PROJECT_NAME}
     healthcheck:
-      test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://127.0.0.1:8001/"
+      test: "curl -m 10 --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://django:8000/"
       start_period: 60s
       interval: 60s
       timeout: 10s
-      retries: 10
+      retries: 2
     environment:
       - IS_CELERY=False
     entrypoint: ["/usr/src/geonode/entrypoint.sh"]
@@ -42,7 +39,8 @@ services:
     << : *default-common-django
     container_name: celery4${COMPOSE_PROJECT_NAME}
     depends_on:
-      - django
+      django:
+        condition: service_healthy
     environment:
       - IS_CELERY=True
     entrypoint: ["/usr/src/geonode/entrypoint.sh"]
@@ -50,15 +48,12 @@ services:
 
   # Nginx is serving django static and media files and proxies to django and geonode
   geonode:
-    image: geonode/nginx:4.1.0
+    image: geonode/nginx:1.25.1
     build: ./scripts/docker/nginx/
     container_name: nginx4${COMPOSE_PROJECT_NAME}
+    env_file:
+      - .env
     environment:
-      - HTTPS_HOST=${HTTPS_HOST}
-      - HTTP_HOST=${HTTP_HOST}
-      - HTTPS_PORT=${HTTPS_PORT}
-      - HTTP_PORT=${HTTP_PORT}
-      - LETSENCRYPT_MODE=${LETSENCRYPT_MODE}
       - RESOLVER=127.0.0.11
     ports:
       - "${HTTP_PORT}:80"
@@ -71,14 +66,11 @@ services:
 
   # Gets and installs letsencrypt certificates
   letsencrypt:
-    image: geonode/letsencrypt:4.1.0
+    image: geonode/letsencrypt:latest
     build: ./scripts/docker/letsencrypt/
     container_name: letsencrypt4${COMPOSE_PROJECT_NAME}
-    environment:
-      - HTTPS_HOST=${HTTPS_HOST}
-      - HTTP_HOST=${HTTP_HOST}
-      - ADMIN_EMAIL=${ADMIN_EMAIL}
-      - LETSENCRYPT_MODE=${LETSENCRYPT_MODE}
+    env_file:
+      - .env
     volumes:
       - nginx-certificates:/geonode-certificates
     restart: unless-stopped
@@ -88,13 +80,15 @@ services:
     image: geonode/geoserver:2.23.0
     container_name: geoserver4${COMPOSE_PROJECT_NAME}
     healthcheck:
-      test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://127.0.0.1:8080/geoserver/ows"
+      test: "curl -m 10 --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://geoserver:8080/geoserver/ows"
       start_period: 60s
       interval: 60s
       timeout: 10s
-      retries: 10
+      retries: 2
     env_file:
       - .env
+    ports:
+      - "8080:8080"
     volumes:
       - statics:/mnt/volumes/statics
       - geoserver-data-dir:/geoserver_data/data
@@ -103,10 +97,10 @@ services:
       - tmp:/tmp
     restart: unless-stopped
     depends_on:
-      db:
-        condition: service_healthy
       data-dir-conf:
         condition: service_healthy
+      django:
+        condition: service_healthy
 
   data-dir-conf:
     image: geonode/geoserver_data:2.23.0
diff --git a/entrypoint.sh b/entrypoint.sh
index 620976448cc..6bb062b910e 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -41,7 +41,7 @@ echo MONITORING_HOST_NAME=$MONITORING_HOST_NAME
 echo MONITORING_SERVICE_NAME=$MONITORING_SERVICE_NAME
 echo MONITORING_DATA_TTL=$MONITORING_DATA_TTL
 
-invoke waitfordbs
+# invoke waitfordbs
 
 cmd="$@"
 
@@ -61,8 +61,6 @@ else
     fi
 
     invoke statics
-    invoke waitforgeoserver
-    invoke geoserverfixture
 
     echo "Executing UWSGI server $cmd for Production"
 fi
diff --git a/geonode/api/__init__.py b/geonode/api/__init__.py
index 79177e00bdd..55b0b0cb9fd 100644
--- a/geonode/api/__init__.py
+++ b/geonode/api/__init__.py
@@ -16,3 +16,4 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 #########################################################################
+default_app_config = "geonode.api.apps.GeoNodeApiAppConfig"
diff --git a/geonode/base/api/tests.py b/geonode/base/api/tests.py
index 5a278f432bd..88df7c3f7b2 100644
--- a/geonode/base/api/tests.py
+++ b/geonode/base/api/tests.py
@@ -622,15 +622,15 @@ def test_base_resources(self):
                     },
                     {
                         "name": "",
-                        "slug": "http-localhost-8001-thesaurus-no-about-thesauro-38",
-                        "uri": "http://localhost:8001//thesaurus/no-about-thesauro#38",
+                        "slug": "http-localhost-8000-thesaurus-no-about-thesauro-38",
+                        "uri": "http://localhost:8000//thesaurus/no-about-thesauro#38",
                         "thesaurus": {"name": "Thesauro without the about", "slug": "no-about-thesauro", "uri": ""},
                         "i18n": {},
                     },
                     {
                         "name": "bar_keyword",
-                        "slug": "http-localhost-8001-thesaurus-no-about-thesauro-bar-keyword",
-                        "uri": "http://localhost:8001//thesaurus/no-about-thesauro#bar_keyword",
+                        "slug": "http-localhost-8000-thesaurus-no-about-thesauro-bar-keyword",
+                        "uri": "http://localhost:8000//thesaurus/no-about-thesauro#bar_keyword",
                         "thesaurus": {"name": "Thesauro without the about", "slug": "no-about-thesauro", "uri": ""},
                         "i18n": {},
                     },
diff --git a/geonode/catalogue/__init__.py b/geonode/catalogue/__init__.py
index 3b577289766..d1b9c72dbff 100644
--- a/geonode/catalogue/__init__.py
+++ b/geonode/catalogue/__init__.py
@@ -25,6 +25,7 @@
 from django.core.exceptions import ImproperlyConfigured
 from importlib import import_module
 
+default_app_config = "geonode.catalogue.apps.GeoNodeCatalogueAppConfig"
 DEFAULT_CATALOGUE_ALIAS = "default"
 
 # GeoNode uses this if the CATALOGUE setting is empty (None).
diff --git a/geonode/catalogue/metadataxsl/__init__.py b/geonode/catalogue/metadataxsl/__init__.py
index 79177e00bdd..0143f08e23a 100644
--- a/geonode/catalogue/metadataxsl/__init__.py
+++ b/geonode/catalogue/metadataxsl/__init__.py
@@ -16,3 +16,4 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 #########################################################################
+default_app_config = "geonode.catalogue.metadataxsl.apps.GeoNodeCatalogueMetadataxslAppConfig"
diff --git a/geonode/celery_app.py b/geonode/celery_app.py
index 0e3c411c2ad..5f9b5e95624 100644
--- a/geonode/celery_app.py
+++ b/geonode/celery_app.py
@@ -49,14 +49,14 @@ def setup_periodic_tasks(sender, **kwargs):
 
 @app.task(
     bind=True,
-    name='{{project_name}}.test',
+    name='geonode.test',
     queue='default')
 def test(arg):
     _log(arg)
 
 @app.task(
     bind=True,
-    name='{{project_name}}.debug_task',
+    name='geonode.debug_task',
     queue='default')
 def debug_task(self):
     _log(f"Request: {self.request}")
diff --git a/geonode/documents/exif/__init__.py b/geonode/documents/exif/__init__.py
index 79177e00bdd..bc045338385 100644
--- a/geonode/documents/exif/__init__.py
+++ b/geonode/documents/exif/__init__.py
@@ -16,3 +16,4 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 #########################################################################
+default_app_config = "geonode.documents.exif.apps.GeoNodeDocumentsExifAppConfig"
diff --git a/geonode/favorite/__init__.py b/geonode/favorite/__init__.py
index 79177e00bdd..83005e67c7f 100644
--- a/geonode/favorite/__init__.py
+++ b/geonode/favorite/__init__.py
@@ -16,3 +16,4 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 #########################################################################
+default_app_config = "geonode.favorite.apps.GeoNodeFavoriteAppConfig"
diff --git a/geonode/geoserver/createlayer/__init__.py b/geonode/geoserver/createlayer/__init__.py
index 3d54b02dfef..a304ef09a5b 100644
--- a/geonode/geoserver/createlayer/__init__.py
+++ b/geonode/geoserver/createlayer/__init__.py
@@ -16,3 +16,4 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 #########################################################################
+default_app_config = "geonode.geoserver.createlayer.apps.GeoNodeGeoserverCreatelayerAppConfig"
diff --git a/geonode/geoserver/processing/__init__.py b/geonode/geoserver/processing/__init__.py
index 6b4db6084e8..333409c58a5 100644
--- a/geonode/geoserver/processing/__init__.py
+++ b/geonode/geoserver/processing/__init__.py
@@ -16,3 +16,4 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 #########################################################################
+default_app_config = "geonode.geoserver.processing.apps.GeoNodeGeoserverProcessingAppConfig"
diff --git a/geonode/local_settings.py.geoserver.sample b/geonode/local_settings.py.geoserver.sample
index 18aa492c76f..59ac574511b 100644
--- a/geonode/local_settings.py.geoserver.sample
+++ b/geonode/local_settings.py.geoserver.sample
@@ -99,9 +99,9 @@ GEOSERVER_WEB_UI_LOCATION = os.getenv("GEOSERVER_WEB_UI_LOCATION", GEOSERVER_LOC
 
 GEOSERVER_PUBLIC_LOCATION = os.getenv("GEOSERVER_PUBLIC_LOCATION", _default_public_location)
 
-OGC_SERVER_DEFAULT_USER = os.getenv("GEOSERVER_ADMIN_USER", "admin")
+GEOSERVER_ADMIN_USER = os.getenv("GEOSERVER_ADMIN_USER", "admin")
 
-OGC_SERVER_DEFAULT_PASSWORD = os.getenv("GEOSERVER_ADMIN_PASSWORD", "geoserver")
+GEOSERVER_ADMIN_PASSWORD = os.getenv("GEOSERVER_ADMIN_PASSWORD", "geoserver")
 
 # OGC (WMS/WFS/WCS) Server Settings
 OGC_SERVER = {
@@ -115,8 +115,8 @@ OGC_SERVER = {
         # the proxy won't work and the integration tests will fail
         # the entire block has to be overridden in the local_settings
         "PUBLIC_LOCATION": GEOSERVER_PUBLIC_LOCATION,
-        "USER": OGC_SERVER_DEFAULT_USER,
-        "PASSWORD": OGC_SERVER_DEFAULT_PASSWORD,
+        "USER": GEOSERVER_ADMIN_USER,
+        "PASSWORD": GEOSERVER_ADMIN_PASSWORD,
         "MAPFISH_PRINT_ENABLED": True,
         "PRINT_NG_ENABLED": True,
         "GEONODE_SECURITY_ENABLED": True,
diff --git a/geonode/people/adapters.py b/geonode/people/adapters.py
index a322562d19a..63ac7e36659 100644
--- a/geonode/people/adapters.py
+++ b/geonode/people/adapters.py
@@ -44,6 +44,7 @@
 from django.core.exceptions import ValidationError
 from django.utils.module_loading import import_string
 
+from geonode.utils import import_class_module
 from geonode.groups.models import GroupProfile
 
 logger = logging.getLogger(__name__)
@@ -67,6 +68,18 @@ def get_data_extractor(provider_id):
     return extractor
 
 
+def get_group_role_mapper(provider_id):
+    group_role_mapper_class = import_class_module(
+        getattr(settings, "SOCIALACCOUNT_PROVIDERS", {})
+        .get(PROVIDER_ID, {})
+        .get(
+            "GROUP_ROLE_MAPPER_CLASS",
+            "geonode.people.profileextractors.OpenIDGroupRoleMapper",
+        )
+    )
+    return group_role_mapper_class()
+
+
 def update_profile(sociallogin):
     """Update a people.models.Profile object with info from the sociallogin"""
     user = sociallogin.user
@@ -248,11 +261,14 @@ class GenericOpenIDConnectAdapter(OAuth2Adapter, SocialAccountAdapter):
     def complete_login(self, request, app, token, response, **kwargs):
         extra_data = {}
         if self.profile_url:
-            headers = {"Authorization": "Bearer {0}".format(token.token)}
-            resp = requests.get(self.profile_url, headers=headers)
-            profile_data = resp.json()
-            extra_data.update(profile_data)
-        elif "id_token" in response:
+            try:
+                headers = {"Authorization": f"Bearer {token.token}"}
+                resp = requests.get(self.profile_url, headers=headers)
+                profile_data = resp.json()
+                extra_data.update(profile_data)
+            except Exception:
+                logger.exception(OAuth2Error("Invalid profile_url, falling back to id_token checks..."))
+        if not extra_data and "id_token" in response:
             try:
                 extra_data = jwt.decode(
                     response["id_token"],
@@ -279,20 +295,21 @@ def complete_login(self, request, app, token, response, **kwargs):
     def save_user(self, request, sociallogin, form=None):
         user = super(SocialAccountAdapter, self).save_user(request, sociallogin, form=form)
         extractor = get_data_extractor(sociallogin.account.provider)
+        group_role_mapper = get_group_role_mapper(sociallogin.account.provider)
         try:
             groups = extractor.extract_groups(sociallogin.account.extra_data) or extractor.extract_roles(
                 sociallogin.account.extra_data
             )
-            is_manager = extractor.extract_is_manager(sociallogin.account.extra_data)
 
             # check here if user is member already of other groups and remove it form the ones that are not declared here...
             for groupprofile in user.group_list_all():
                 groupprofile.leave(user)
-            for group_name in groups:
+            for group_role_name in groups:
+                group_name, role_name = group_role_mapper.parse_group_and_role(group_role_name)
                 groupprofile = GroupProfile.objects.filter(slug=group_name).first()
                 if groupprofile:
                     groupprofile.join(user)
-                    if is_manager:
+                    if group_role_mapper.is_manager(role_name):
                         groupprofile.promote()
         except (AttributeError, NotImplementedError):
             pass  # extractor doesn't define a method for extracting field
diff --git a/geonode/people/profileextractors.py b/geonode/people/profileextractors.py
index 2bf7fa12e51..7b9cdebefec 100644
--- a/geonode/people/profileextractors.py
+++ b/geonode/people/profileextractors.py
@@ -129,10 +129,6 @@ def _extract_field(self, name, data):
 
 PROVIDER_ID = getattr(settings, "SOCIALACCOUNT_OIDC_PROVIDER", "geonode_openid_connect")
 
-IS_MANAGER_FIELD = (
-    getattr(settings, "SOCIALACCOUNT_PROVIDERS", {}).get(PROVIDER_ID, {}).get("IS_MANAGER_FIELD", "is_manager")
-)
-
 
 class OpenIDExtractor(BaseExtractor):
     def extract_email(self, data):
@@ -198,10 +194,20 @@ def extract_groups(self, data):
     def extract_roles(self, data):
         return data.get("roles", "")
 
-    def extract_is_manager(self, data):
-        return data.get(IS_MANAGER_FIELD, "")
-
 
 def _get_latest_position(data):
     all_positions = data.get("positions", {"values": []})["values"]
     return all_positions[0] if any(all_positions) else None
+
+
+class OpenIDGroupRoleMapper:
+    """GeoNode will look for names like: ["GroupProfile1.Role", "GroupProfile2.Role", ..., "GroupProfileN.Role"]"""
+
+    def parse_group_and_role(self, group_role_name):
+        _group_role_name = group_role_name if "." in group_role_name else f"{group_role_name}.None"
+        group_name, role_name = _group_role_name.rsplit(".", 1)
+        return (group_name, role_name)
+
+    def is_manager(role_name):
+        _role_name = role_name or ""
+        return "manager" in _role_name.lower()
diff --git a/geonode/people/socialaccount/providers/geonode_openid_connect/provider.py b/geonode/people/socialaccount/providers/geonode_openid_connect/provider.py
index 329ba3c4bf3..196be1e17a2 100644
--- a/geonode/people/socialaccount/providers/geonode_openid_connect/provider.py
+++ b/geonode/people/socialaccount/providers/geonode_openid_connect/provider.py
@@ -68,7 +68,11 @@ def get_auth_params(self, request, action):
         return ret
 
     def extract_uid(self, data):
-        return data.get("sub", data.get("id"))
+        _uid_field = getattr(settings, "SOCIALACCOUNT_PROVIDERS", {}).get(PROVIDER_ID, {}).get("UID_FIELD", None)
+        if _uid_field:
+            return data.get(_uid_field)
+        else:
+            return data.get("uid", data.get("sub", data.get("id")))
 
     def extract_common_fields(self, data):
         _common_fields = getattr(settings, "SOCIALACCOUNT_PROVIDERS", {}).get(PROVIDER_ID, {}).get("COMMON_FIELDS", {})
diff --git a/geonode/people/socialaccount/providers/geonode_openid_connect/tests.py b/geonode/people/socialaccount/providers/geonode_openid_connect/tests.py
index 29373c2fd93..04be234c6c3 100644
--- a/geonode/people/socialaccount/providers/geonode_openid_connect/tests.py
+++ b/geonode/people/socialaccount/providers/geonode_openid_connect/tests.py
@@ -213,7 +213,6 @@ def test_social_email_verification_optional(self):
                 "prompt": "select_account consent",
             },
             "COMMON_FIELDS": {"email": "email", "last_name": "family_name", "first_name": "given_name"},
-            "IS_MANAGER_FIELD": "is_manager",
             "ACCOUNT_CLASS": "allauth.socialaccount.providers.google.provider.GoogleAccount",
             "ACCESS_TOKEN_URL": "https://oauth2.googleapis.com/token",
             "AUTHORIZE_URL": "https://accounts.google.com/o/oauth2/v2/auth",
diff --git a/geonode/proxy/__init__.py b/geonode/proxy/__init__.py
index da86ef5219a..7b2209ac902 100644
--- a/geonode/proxy/__init__.py
+++ b/geonode/proxy/__init__.py
@@ -16,3 +16,4 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 #########################################################################
+default_app_config = "geonode.proxy.apps.GeoNodeProxyAppConfig"
diff --git a/geonode/security/__init__.py b/geonode/security/__init__.py
index da86ef5219a..0edec538e72 100644
--- a/geonode/security/__init__.py
+++ b/geonode/security/__init__.py
@@ -16,3 +16,4 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 #########################################################################
+default_app_config = "geonode.security.apps.GeoNodeSecurityAppConfig"
diff --git a/geonode/settings.py b/geonode/settings.py
index 73e6fea14da..9b746b9d63e 100644
--- a/geonode/settings.py
+++ b/geonode/settings.py
@@ -1004,9 +1004,12 @@
 
 GEOSERVER_WEB_UI_LOCATION = os.getenv("GEOSERVER_WEB_UI_LOCATION", GEOSERVER_PUBLIC_LOCATION)
 
-OGC_SERVER_DEFAULT_USER = os.getenv("GEOSERVER_ADMIN_USER", "admin")
+GEOSERVER_ADMIN_USER = os.getenv("GEOSERVER_ADMIN_USER", "admin")
 
-OGC_SERVER_DEFAULT_PASSWORD = os.getenv("GEOSERVER_ADMIN_PASSWORD", "geoserver")
+GEOSERVER_ADMIN_PASSWORD = os.getenv("GEOSERVER_ADMIN_PASSWORD", "geoserver")
+
+# This is the password from Geoserver factory data-dir. It's only used at install time to perform the very first configurfation of GEOSERVER_ADMIN_PASSWORD
+GEOSERVER_FACTORY_PASSWORD = os.getenv("GEOSERVER_FACTORY_PASSWORD", "geoserver")
 
 GEOFENCE_SECURITY_ENABLED = (
     False if TEST and not INTEGRATION else ast.literal_eval(os.getenv("GEOFENCE_SECURITY_ENABLED", "True"))
@@ -1025,8 +1028,8 @@
         # the proxy won't work and the integration tests will fail
         # the entire block has to be overridden in the local_settings
         "PUBLIC_LOCATION": GEOSERVER_PUBLIC_LOCATION,
-        "USER": OGC_SERVER_DEFAULT_USER,
-        "PASSWORD": OGC_SERVER_DEFAULT_PASSWORD,
+        "USER": GEOSERVER_ADMIN_USER,
+        "PASSWORD": GEOSERVER_ADMIN_PASSWORD,
         "MAPFISH_PRINT_ENABLED": ast.literal_eval(os.getenv("MAPFISH_PRINT_ENABLED", "True")),
         "PRINT_NG_ENABLED": ast.literal_eval(os.getenv("PRINT_NG_ENABLED", "True")),
         "GEONODE_SECURITY_ENABLED": ast.literal_eval(os.getenv("GEONODE_SECURITY_ENABLED", "True")),
@@ -1969,6 +1972,17 @@ def get_geonode_catalogue_service():
 SOCIALACCOUNT_OIDC_PROVIDER_ENABLED = ast.literal_eval(os.environ.get("SOCIALACCOUNT_OIDC_PROVIDER_ENABLED", "False"))
 SOCIALACCOUNT_ADAPTER = os.environ.get("SOCIALACCOUNT_ADAPTER", "geonode.people.adapters.GenericOpenIDConnectAdapter")
 
+_SOCIALACCOUNT_PROFILE_EXTRACTOR = os.environ.get(
+    "SOCIALACCOUNT_PROFILE_EXTRACTOR", "geonode.people.profileextractors.OpenIDExtractor"
+)
+SOCIALACCOUNT_PROFILE_EXTRACTORS = {
+    SOCIALACCOUNT_OIDC_PROVIDER: _SOCIALACCOUNT_PROFILE_EXTRACTOR,
+}
+
+SOCIALACCOUNT_GROUP_ROLE_MAPPER = os.environ.get(
+    "SOCIALACCOUNT_GROUP_ROLE_MAPPER", "geonode.people.profileextractors.OpenIDGroupRoleMapper"
+)
+
 # Enable this in order to enable the OIDC SocialAccount Provider
 if SOCIALACCOUNT_OIDC_PROVIDER_ENABLED:
     INSTALLED_APPS += ("geonode.people.socialaccount.providers.geonode_openid_connect",)
@@ -1985,7 +1999,8 @@ def get_geonode_catalogue_service():
         "prompt": "select_account",
     },
     "COMMON_FIELDS": {"email": "mail", "last_name": "surname", "first_name": "givenName"},
-    "IS_MANAGER_FIELD": "is_manager",
+    "UID_FIELD": "unique_name",
+    "GROUP_ROLE_MAPPER_CLASS": SOCIALACCOUNT_GROUP_ROLE_MAPPER,
     "ACCOUNT_CLASS": "allauth.socialaccount.providers.azure.provider.AzureAccount",
     "ACCESS_TOKEN_URL": f"https://login.microsoftonline.com/{_AZURE_TENANT_ID}/oauth2/v2.0/token",
     "AUTHORIZE_URL": f"https://login.microsoftonline.com/{_AZURE_TENANT_ID}/oauth2/v2.0/authorize",
@@ -2003,7 +2018,7 @@ def get_geonode_catalogue_service():
         "prompt": "select_account consent",
     },
     "COMMON_FIELDS": {"email": "email", "last_name": "family_name", "first_name": "given_name"},
-    "IS_MANAGER_FIELD": "is_manager",
+    "GROUP_ROLE_MAPPER_CLASS": SOCIALACCOUNT_GROUP_ROLE_MAPPER,
     "ACCOUNT_CLASS": "allauth.socialaccount.providers.google.provider.GoogleAccount",
     "ACCESS_TOKEN_URL": "https://oauth2.googleapis.com/token",
     "AUTHORIZE_URL": "https://accounts.google.com/o/oauth2/v2/auth",
@@ -2018,13 +2033,7 @@ def get_geonode_catalogue_service():
     SOCIALACCOUNT_OIDC_PROVIDER: SOCIALACCOUNT_PROVIDERS_DEFS.get(_SOCIALACCOUNT_PROVIDER),
 }
 
-_SOCIALACCOUNT_PROFILE_EXTRACTOR = os.environ.get(
-    "SOCIALACCOUNT_PROFILE_EXTRACTOR", "geonode.people.profileextractors.OpenIDExtractor"
-)
-SOCIALACCOUNT_PROFILE_EXTRACTORS = {
-    SOCIALACCOUNT_OIDC_PROVIDER: _SOCIALACCOUNT_PROFILE_EXTRACTOR,
-}
-
+# Invitation Adapter
 INVITATIONS_ADAPTER = ACCOUNT_ADAPTER
 INVITATIONS_CONFIRMATION_URL_NAME = "geonode.invitations:accept-invite"
 
diff --git a/geonode/tasks/__init__.py b/geonode/tasks/__init__.py
index f3b257d5e12..41405557613 100644
--- a/geonode/tasks/__init__.py
+++ b/geonode/tasks/__init__.py
@@ -16,3 +16,4 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 #########################################################################
+default_app_config = "geonode.tasks.apps.GeoNodeTasksAppConfig"
diff --git a/geonode/upload/tests/test_settings.py b/geonode/upload/tests/test_settings.py
index 9e25f52c835..3ff3368c88b 100644
--- a/geonode/upload/tests/test_settings.py
+++ b/geonode/upload/tests/test_settings.py
@@ -100,9 +100,11 @@
 
 GEOSERVER_PUBLIC_LOCATION = os.getenv("GEOSERVER_PUBLIC_LOCATION", _default_public_location)
 
-OGC_SERVER_DEFAULT_USER = os.getenv("GEOSERVER_ADMIN_USER", "admin")
+GEOSERVER_ADMIN_USER = os.getenv("GEOSERVER_ADMIN_USER", "admin")
 
-OGC_SERVER_DEFAULT_PASSWORD = os.getenv("GEOSERVER_ADMIN_PASSWORD", "geoserver")
+GEOSERVER_ADMIN_PASSWORD = os.getenv("GEOSERVER_ADMIN_PASSWORD", "geoserver")
+
+GEOSERVER_FACTORY_PASSWORD = os.getenv("GEOSERVER_FACTORY_PASSWORD", "geoserver")
 
 # OGC (WMS/WFS/WCS) Server Settings
 OGC_SERVER = {
@@ -116,8 +118,8 @@
         # the proxy won't work and the integration tests will fail
         # the entire block has to be overridden in the local_settings
         "PUBLIC_LOCATION": GEOSERVER_PUBLIC_LOCATION,
-        "USER": OGC_SERVER_DEFAULT_USER,
-        "PASSWORD": OGC_SERVER_DEFAULT_PASSWORD,
+        "USER": GEOSERVER_ADMIN_USER,
+        "PASSWORD": GEOSERVER_ADMIN_PASSWORD,
         "MAPFISH_PRINT_ENABLED": True,
         "PRINT_NG_ENABLED": True,
         "GEONODE_SECURITY_ENABLED": True,
diff --git a/geonode/utils.py b/geonode/utils.py
index 6d541926ba1..5abab4b2411 100755
--- a/geonode/utils.py
+++ b/geonode/utils.py
@@ -2012,8 +2012,8 @@ def import_class_module(full_class_string):
     """
     Dynamically load a class from a string
 
-    >>> klass = load_class("module.submodule.ClassName")
-    >>> klass2 = load_class("myfile.Class2")
+    >>> klass = import_class_module("module.submodule.ClassName")
+    >>> klass2 = import_class_module("myfile.Class2")
     """
     try:
         module_path, class_name = full_class_string.rsplit(".", 1)
diff --git a/package/support/geonode.local_settings b/package/support/geonode.local_settings
index 5525ee0aa20..3e485a5d021 100644
--- a/package/support/geonode.local_settings
+++ b/package/support/geonode.local_settings
@@ -98,14 +98,18 @@ GEOSERVER_PUBLIC_LOCATION = os.getenv(
     'GEOSERVER_PUBLIC_LOCATION', '{}gs/'.format(SITEURL)
 )
 
-OGC_SERVER_DEFAULT_USER = os.getenv(
+GEOSERVER_ADMIN_USER = os.getenv(
     'GEOSERVER_ADMIN_USER', 'admin'
 )
 
-OGC_SERVER_DEFAULT_PASSWORD = os.getenv(
+GEOSERVER_ADMIN_PASSWORD = os.getenv(
     'GEOSERVER_ADMIN_PASSWORD', 'geoserver'
 )
 
+GEOSERVER_FACTORY_PASSWORD = os.getenv(
+    'GEOSERVER_FACTORY_PASSWORD', 'geoserver'
+)
+
 # OGC (WMS/WFS/WCS) Server Settings
 OGC_SERVER = {
     'default': {
@@ -117,8 +121,8 @@ OGC_SERVER = {
         # the proxy won't work and the integration tests will fail
         # the entire block has to be overridden in the local_settings
         'PUBLIC_LOCATION': GEOSERVER_PUBLIC_LOCATION,
-        'USER': OGC_SERVER_DEFAULT_USER,
-        'PASSWORD': OGC_SERVER_DEFAULT_PASSWORD,
+        'USER': GEOSERVER_ADMIN_USER,
+        'PASSWORD': GEOSERVER_ADMIN_PASSWORD,
         'MAPFISH_PRINT_ENABLED': True,
         'PRINT_NG_ENABLED': True,
         'GEONODE_SECURITY_ENABLED': True,
diff --git a/pavement.py b/pavement.py
index 5a494f124f4..3c59b99a4eb 100644
--- a/pavement.py
+++ b/pavement.py
@@ -765,9 +765,7 @@ def test_integration(options):
                 bind = options.get("bind", "0.0.0.0:8000")
                 foreground = "" if options.get("foreground", False) else "&"
                 sh(f"DJANGO_SETTINGS_MODULE={settings} python -W ignore manage.py runmessaging {foreground}")
-                sh(
-                    f"DJANGO_SETTINGS_MODULE={settings} python -W ignore manage.py runserver {bind} {foreground}"
-                )
+                sh(f"DJANGO_SETTINGS_MODULE={settings} python -W ignore manage.py runserver {bind} {foreground}")
                 sh("sleep 30")
                 settings = f"REUSE_DB=1 DJANGO_SETTINGS_MODULE={settings}"
             else:
diff --git a/requirements.txt b/requirements.txt
index 4c40148f408..8e5702f81fa 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -173,6 +173,7 @@ webdriver_manager==4.0.0
 mistune==3.0.1
 protobuf==3.20.3
 mako==1.2.4
+paramiko==3.3.1 # not directly required, fixes Blowfish deprecation warning
 certifi>=2022.12.7 # not directly required, pinned by Snyk to avoid a vulnerability
 jwcrypto>=1.4 # not directly required, pinned by Snyk to avoid a vulnerability
 cryptography>=41.0.0 # not directly required, pinned by Snyk to avoid a vulnerability
diff --git a/scripts/docker/nginx/Dockerfile b/scripts/docker/nginx/Dockerfile
index 0a497ce0384..2e3a8fea7cd 100644
--- a/scripts/docker/nginx/Dockerfile
+++ b/scripts/docker/nginx/Dockerfile
@@ -1,9 +1,12 @@
 FROM nginx:1.25.1-alpine
 
-RUN apk add --no-cache openssl inotify-tools
+RUN apk add --no-cache openssl inotify-tools vim
 
 WORKDIR /etc/nginx/
 
+RUN mkdir -p /etc/nginx/html
+RUN touch /etc/nginx/html/index.html
+
 ADD nginx.conf.envsubst nginx.https.available.conf.envsubst ./
 ADD geonode.conf.envsubst ./sites-enabled/
 
diff --git a/scripts/docker/nginx/docker-entrypoint.sh b/scripts/docker/nginx/docker-entrypoint.sh
index 9afb7cffedb..e6bec7a1db2 100644
--- a/scripts/docker/nginx/docker-entrypoint.sh
+++ b/scripts/docker/nginx/docker-entrypoint.sh
@@ -15,7 +15,7 @@ echo "Creating autoissued certificates for HTTP host"
 if [ ! -f "/geonode-certificates/autoissued/privkey.pem" ] || [[ $(find /geonode-certificates/autoissued/privkey.pem -mtime +365 -print) ]]; then
         echo "Autoissued certificate does not exist or is too old, we generate one"
         mkdir -p "/geonode-certificates/autoissued/"
-        openssl req -x509 -nodes -days 1825 -newkey rsa:2048 -keyout "/geonode-certificates/autoissued/privkey.pem" -out "/geonode-certificates/autoissued/fullchain.pem" -subj "/CN=${HTTP_HOST:-null}" 
+        openssl req -x509 -nodes -days 1825 -newkey rsa:2048 -keyout "/geonode-certificates/autoissued/privkey.pem" -out "/geonode-certificates/autoissued/fullchain.pem" -subj "/CN=${HTTP_HOST:-HTTPS_HOST}" 
 else
         echo "Autoissued certificate already exists"
 fi
@@ -32,18 +32,25 @@ else
         ln -sf "/geonode-certificates/autoissued" /certificate_symlink
 fi
 
-echo "Sanity checks on http/s ports configuration"
-if [ -z "${JENKINS_HTTP_PORT}" ]; then
-        JENKINS_HTTP_PORT=9080
+if [ -z "${HTTPS_HOST}" ]; then
+        HTTP_SCHEME="http"
+else
+        HTTP_SCHEME="https"
 fi
 
+export HTTP_SCHEME=${HTTP_SCHEME:-http}
+export GEONODE_LB_HOST_IP=${GEONODE_LB_HOST_IP:-django}
+export GEONODE_LB_PORT=${GEONODE_LB_PORT:-8000}
+export GEOSERVER_LB_HOST_IP=${GEOSERVER_LB_HOST_IP:-geoserver}
+export GEOSERVER_LB_PORT=${GEOSERVER_LB_PORT:-8080}
+
 echo "Replacing environement variables"
-envsubst '\$HTTP_HOST \$HTTPS_HOST \$RESOLVER' < /etc/nginx/nginx.conf.envsubst > /etc/nginx/nginx.conf
-envsubst '\$HTTP_HOST \$HTTPS_HOST \$RESOLVER' < /etc/nginx/nginx.https.available.conf.envsubst > /etc/nginx/nginx.https.available.conf
-envsubst '\$HTTP_HOST \$HTTPS_HOST \$JENKINS_HTTP_PORT' < /etc/nginx/sites-enabled/geonode.conf.envsubst > /etc/nginx/sites-enabled/geonode.conf
+envsubst '\$HTTP_HOST \$HTTPS_HOST \$HTTP_SCHEME \$GEONODE_LB_HOST_IP \$GEONODE_LB_PORT \$GEOSERVER_LB_HOST_IP \$GEOSERVER_LB_PORT \$RESOLVER' < /etc/nginx/nginx.conf.envsubst > /etc/nginx/nginx.conf
+envsubst '\$HTTP_HOST \$HTTPS_HOST \$HTTP_SCHEME \$GEONODE_LB_HOST_IP \$GEONODE_LB_PORT \$GEOSERVER_LB_HOST_IP \$GEOSERVER_LB_PORT \$RESOLVER' < /etc/nginx/nginx.https.available.conf.envsubst > /etc/nginx/nginx.https.available.conf
+envsubst '\$HTTP_HOST \$HTTPS_HOST \$HTTP_SCHEME \$GEONODE_LB_HOST_IP \$GEONODE_LB_PORT \$GEOSERVER_LB_HOST_IP \$GEOSERVER_LB_PORT' < /etc/nginx/sites-enabled/geonode.conf.envsubst > /etc/nginx/sites-enabled/geonode.conf
 
 echo "Enabling or not https configuration"
-if [ -z "${HTTPS_HOST}" ]; then 
+if [ -z "${HTTPS_HOST}" ]; then
         echo "" > /etc/nginx/nginx.https.enabled.conf
 else
         ln -sf /etc/nginx/nginx.https.available.conf /etc/nginx/nginx.https.enabled.conf
diff --git a/scripts/docker/nginx/geonode.conf.envsubst b/scripts/docker/nginx/geonode.conf.envsubst
index 9291ded95bc..1176ce2cc2b 100644
--- a/scripts/docker/nginx/geonode.conf.envsubst
+++ b/scripts/docker/nginx/geonode.conf.envsubst
@@ -6,8 +6,14 @@ charset     utf-8;
 # max upload size
 client_max_body_size 100G;
 client_body_buffer_size 256K;
+client_body_timeout 600s;
 large_client_header_buffers 4 64k;
-proxy_read_timeout 600s;
+
+proxy_connect_timeout       600;
+proxy_send_timeout          600;
+proxy_read_timeout          600;
+uwsgi_read_timeout          600;
+send_timeout                600;
 
 fastcgi_hide_header Set-Cookie;
 
@@ -35,33 +41,23 @@ gzip_types
 
 # GeoServer
 location /geoserver {
-
-    # Using a variable is a trick to let Nginx start even if upstream host is not up yet
-    # (see https://sandro-keil.de/blog/2017/07/24/let-nginx-start-if-upstream-host-is-unavailable-or-down/)
-    set $upstream geoserver:8080;
-
-    proxy_set_header Host $http_host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto $scheme;
-
-    proxy_pass http://$upstream;
-}
-
-# Jenkins
-location /jenkins {
-
-    # Using a variable is a trick to let Nginx start even if upstream host is not up yet
-    # (see https://sandro-keil.de/blog/2017/07/24/let-nginx-start-if-upstream-host-is-unavailable-or-down/)
-    set $upstream jenkins:$JENKINS_HTTP_PORT;
-    # set $upstream $HTTP_HOST$HTTPS_HOST:$JENKINS_HTTP_PORT;
-
-    proxy_set_header Host $http_host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto $scheme;
-
-    proxy_pass http://$upstream;
+  # Using a variable is a trick to let Nginx start even if upstream host is not up yet
+  # (see https://sandro-keil.de/blog/2017/07/24/let-nginx-start-if-upstream-host-is-unavailable-or-down/)
+  set $upstream $GEOSERVER_LB_HOST_IP:$GEOSERVER_LB_PORT;
+
+  proxy_set_header X-Forwarded-Host $host;
+  proxy_set_header X-Forwarded-Server $host;
+  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  proxy_set_header X-Real-IP $remote_addr;
+  proxy_set_header X-Forwarded-Proto $HTTP_SCHEME;
+  proxy_set_header Upgrade $http_upgrade;
+  proxy_set_header Connection "upgrade";
+  proxy_hide_header X-Frame-Options;
+  proxy_pass http://$upstream;
+  proxy_http_version 1.1;
+  proxy_redirect http://$upstream $HTTP_SCHEME://$HTTP_HOST;
+  proxy_request_buffering  off;
+  client_max_body_size 0;
 }
 
 # GeoNode
@@ -89,31 +85,10 @@ location /uploaded/ {
   }
 }
 
-location ~ ^/celery-monitor/? {
-
-    # Using a variable is a trick to let Nginx start even if upstream host is not up yet
-    # (see https://sandro-keil.de/blog/2017/07/24/let-nginx-start-if-upstream-host-is-unavailable-or-down/)
-    set $upstream celerymonitor:5555;
-
-    rewrite ^/celery-monitor/?(.*)$ /$1 break;
-
-    sub_filter '="/' '="/celery-monitor/';
-    sub_filter_last_modified on;
-    sub_filter_once off;
-
-    # proxy_pass http://unix:/tmp/flower.sock:/;
-    proxy_pass http://$upstream;
-    proxy_redirect off;
-    proxy_set_header Host $host;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection "upgrade";
-    proxy_http_version 1.1;
-}
-
 location / {
   # Using a variable is a trick to let Nginx start even if upstream host is not up yet
   # (see https://sandro-keil.de/blog/2017/07/24/let-nginx-start-if-upstream-host-is-unavailable-or-down/)
-  set $upstream django:8000;
+  set $upstream $GEONODE_LB_HOST_IP:$GEONODE_LB_PORT;
 
   if ($request_method = OPTIONS) {
       add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, OPTIONS";
@@ -128,27 +103,26 @@ location / {
   add_header Access-Control-Allow-Credentials false;
   add_header Access-Control-Allow-Headers "Content-Type, Accept, Authorization, Origin, User-Agent";
   add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, OPTIONS";
-
-  proxy_connect_timeout       600;
-  proxy_send_timeout          600;
-  proxy_read_timeout          600;
-  send_timeout                600;
+  
   proxy_redirect              off;
   proxy_set_header            Host $host;
+  proxy_set_header            Origin $HTTP_SCHEME://$host;
   proxy_set_header            X-Real-IP $remote_addr;
   proxy_set_header            X-Forwarded-Host $server_name;
   proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
-  proxy_set_header            X-Forwarded-Proto $scheme;
+  proxy_set_header            X-Forwarded-Proto $HTTP_SCHEME;
   proxy_hide_header           X-Frame-Options;
+  proxy_request_buffering     off;
 
   # uwsgi_params
   include /etc/nginx/uwsgi_params;
 
-  # proxy_pass http://$upstream;
-  uwsgi_pass $upstream;
+  proxy_pass http://$upstream;
+  # uwsgi_pass $upstream;
 
   # when a client closes the connection then keep the channel to uwsgi open. Otherwise uwsgi throws an IOError
   uwsgi_ignore_client_abort on;
+  uwsgi_request_buffering off;
 
   location ~* \.(?:js|jpg|jpeg|gif|png|tgz|gz|rar|bz2|doc|pdf|ppt|tar|wav|bmp|ttf|rtf|swf|ico|flv|woff|woff2|svg|xml)$ {
       gzip_static always;
diff --git a/scripts/docker/nginx/nginx.conf.envsubst b/scripts/docker/nginx/nginx.conf.envsubst
index 4a486226a36..b6065209d51 100644
--- a/scripts/docker/nginx/nginx.conf.envsubst
+++ b/scripts/docker/nginx/nginx.conf.envsubst
@@ -23,7 +23,7 @@ http {
     # TODO : do not use unencrypted connection even on LAN, but is it possible to have browser not complaining about unknown authority ?
     server {
         listen              80;
-        server_name         $HTTP_HOST 127.0.0.1 geonode;
+        server_name         $HTTP_HOST 127.0.0.1;
 
         include sites-enabled/*.conf;
     }
diff --git a/tasks.py b/tasks.py
index 5711ab991b9..967c08af386 100755
--- a/tasks.py
+++ b/tasks.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 #########################################################################
 #
 # Copyright (C) 2016 OSGeo
@@ -23,10 +24,11 @@
 import time
 import docker
 import socket
+import ipaddress
 import logging
 import datetime
 
-from urllib.parse import urlparse
+from urllib.parse import urlparse, urlunparse
 from invoke import task
 
 BOOTSTRAP_IMAGE_CHEIP = "codenvy/che-ip:nightly"
@@ -41,20 +43,12 @@ def waitfordbs(ctx):
     ctx.run(f"/usr/bin/wait-for-databases {db_host}", pty=True)
 
 
-@task
-def waitforgeoserver(ctx):
-    print("****************************geoserver********************************")
-    while not _gs_service_availability(f"{os.environ['GEOSERVER_LOCATION']}ows"):
-        print("Wait for GeoServer API availability...")
-    print("GeoServer is available for HTTP calls!")
-
-
 @task
 def update(ctx):
     print("***************************setting env*********************************")
     ctx.run("env", pty=True)
-    pub_ip = _geonode_public_host_ip()
-    print(f"Public Hostname or IP is {pub_ip}")
+    pub_host = _geonode_public_host()
+    print(f"Public Hostname is {pub_host}")
     pub_port = _geonode_public_port()
     print(f"Public PORT is {pub_port}")
     pub_protocol = "https" if pub_port == "443" else "http"
@@ -62,13 +56,14 @@ def update(ctx):
         pub_port = None
     db_url = _update_db_connstring()
     geodb_url = _update_geodb_connstring()
-    service_ready = False
-    while not service_ready:
+    geonode_docker_host = None
+    for _cnt in range(1, 29):
         try:
-            socket.gethostbyname("geonode")
-            service_ready = True
+            geonode_docker_host = str(socket.gethostbyname("geonode"))
+            break
         except Exception:
-            time.sleep(10)
+            print(f"...waiting for NGINX to pop-up...{_cnt}")
+            time.sleep(1)
 
     override_env = "$HOME/.override_env"
     if os.path.exists(override_env):
@@ -77,24 +72,24 @@ def update(ctx):
         print(f"Can not delete the {override_env} file as it doesn't exists")
 
     if pub_port:
-        siteurl = f"{pub_protocol}://{pub_ip}:{pub_port}/"
-        gs_pub_loc = f"http://{pub_ip}:{pub_port}/geoserver/"
+        siteurl = f"{pub_protocol}://{pub_host}:{pub_port}/"
+        gs_pub_loc = f"http://{pub_host}:{pub_port}/geoserver/"
     else:
-        siteurl = f"{pub_protocol}://{pub_ip}/"
-        gs_pub_loc = f"http://{pub_ip}/geoserver/"
+        siteurl = f"{pub_protocol}://{pub_host}/"
+        gs_pub_loc = f"http://{pub_host}/geoserver/"
     envs = {
         "local_settings": str(_localsettings()),
         "siteurl": os.environ.get("SITEURL", siteurl),
-        "geonode_docker_host": str(socket.gethostbyname("geonode")),
+        "geonode_docker_host": geonode_docker_host,
         "public_protocol": pub_protocol,
-        "public_fqdn": str(pub_ip) + str(f":{pub_port}" if pub_port else ""),
-        "public_host": str(pub_ip),
+        "public_fqdn": str(pub_host) + str(f":{pub_port}" if pub_port else ""),
+        "public_host": str(pub_host),
         "dburl": os.environ.get("DATABASE_URL", db_url),
         "geodburl": os.environ.get("GEODATABASE_URL", geodb_url),
         "static_root": os.environ.get("STATIC_ROOT", "/mnt/volumes/statics/static/"),
         "media_root": os.environ.get("MEDIA_ROOT", "/mnt/volumes/statics/uploaded/"),
         "geoip_path": os.environ.get("GEOIP_PATH", "/mnt/volumes/statics/geoip.db"),
-        "monitoring": os.environ.get("MONITORING_ENABLED", True),
+        "monitoring": os.environ.get("MONITORING_ENABLED", False),
         "monitoring_host_name": os.environ.get("MONITORING_HOST_NAME", "geonode"),
         "monitoring_service_name": os.environ.get("MONITORING_SERVICE_NAME", "local-geonode"),
         "monitoring_data_ttl": os.environ.get("MONITORING_DATA_TTL", 7),
@@ -118,7 +113,7 @@ def update(ctx):
         )
     except ValueError:
         current_allowed = []
-    current_allowed.extend([str(pub_ip), f"{pub_ip}:{pub_port}"])
+    current_allowed.extend([str(pub_host), f"{pub_host}:{pub_port}"])
     allowed_hosts = [str(c) for c in current_allowed] + ['"geonode"', '"django"']
 
     ctx.run(
@@ -326,9 +321,15 @@ def update(ctx):
 def migrations(ctx):
     print("**************************migrations*******************************")
     ctx.run(f"python manage.py migrate --noinput --settings={_localsettings()}", pty=True)
-    ctx.run(f"python manage.py migrate --noinput --settings={_localsettings()} --database=datastore", pty=True)
+    ctx.run(
+        f"python manage.py migrate --noinput --settings={_localsettings()} --database=datastore",
+        pty=True,
+    )
     try:
-        ctx.run(f"python manage.py rebuild_index --noinput --settings={_localsettings()}", pty=True)
+        ctx.run(
+            f"python manage.py rebuild_index --noinput --settings={_localsettings()}",
+            pty=True,
+        )
     except Exception:
         pass
 
@@ -338,7 +339,10 @@ def statics(ctx):
     print("**************************statics*******************************")
     try:
         ctx.run("mkdir -p /mnt/volumes/statics/{static,uploads}")
-        ctx.run(f"python manage.py collectstatic --noinput --settings={_localsettings()}", pty=True)
+        ctx.run(
+            f"python manage.py collectstatic --noinput --settings={_localsettings()}",
+            pty=True,
+        )
     except Exception:
         import traceback
 
@@ -352,28 +356,6 @@ def prepare(ctx):
     _prepare_oauth_fixture()
     ctx.run("rm -rf /tmp/default_site.json", pty=True)
     _prepare_site_fixture()
-    # Updating OAuth2 Service Config
-    new_ext_ip = os.environ["SITEURL"]
-    client_id = os.environ["OAUTH2_CLIENT_ID"]
-    client_secret = os.environ["OAUTH2_CLIENT_SECRET"]
-    oauth_config = "/geoserver_data/data/security/filter/geonode-oauth2/config.xml"
-    ctx.run(f'sed -i "s|<cliendId>.*</cliendId>|<cliendId>{client_id}</cliendId>|g" {oauth_config}', pty=True)
-    ctx.run(
-        f'sed -i "s|<clientSecret>.*</clientSecret>|<clientSecret>{client_secret}</clientSecret>|g" {oauth_config}',
-        pty=True,
-    )
-    ctx.run(
-        f'sed -i "s|<userAuthorizationUri>.*</userAuthorizationUri>|<userAuthorizationUri>{new_ext_ip}o/authorize/</userAuthorizationUri>|g" {oauth_config}',  # noqa
-        pty=True,
-    )
-    ctx.run(
-        f'sed -i "s|<redirectUri>.*</redirectUri>|<redirectUri>{new_ext_ip}geoserver/index.html</redirectUri>|g" {oauth_config}',  # noqa
-        pty=True,
-    )
-    ctx.run(
-        f'sed -i "s|<logoutUri>.*</logoutUri>|<logoutUri>{new_ext_ip}account/logout/</logoutUri>|g" {oauth_config}',
-        pty=True,
-    )
 
 
 @task
@@ -400,31 +382,36 @@ def fixtures(ctx):
 def collectstatic(ctx):
     print("************************static artifacts******************************")
     ctx.run(
-        f"django-admin.py collectstatic --noinput \
+        f"django-admin collectstatic --noinput \
 --settings={_localsettings()}",
         pty=True,
     )
 
 
-@task
-def geoserverfixture(ctx):
-    print("********************geoserver fixture********************************")
-    _geoserver_info_provision(f"{os.environ['GEOSERVER_LOCATION']}rest/")
-
-
 @task
 def monitoringfixture(ctx):
-    print("*******************monitoring fixture********************************")
-    ctx.run("rm -rf /tmp/default_monitoring_apps_docker.json", pty=True)
-    _prepare_monitoring_fixture()
-    try:
-        ctx.run(
-            f"django-admin.py loaddata /tmp/default_monitoring_apps_docker.json \
---settings={_localsettings()}",
-            pty=True,
-        )
-    except Exception as e:
-        logger.error(f"ERROR installing monitoring fixture: {str(e)}")
+    if ast.literal_eval(os.environ.get("MONITORING_ENABLED", "False")):
+        print("*******************monitoring fixture********************************")
+        ctx.run("rm -rf /tmp/default_monitoring_apps_docker.json", pty=True)
+        _prepare_monitoring_fixture()
+        try:
+            ctx.run(
+                f"django-admin loaddata geonode/monitoring/fixtures/metric_data.json \
+    --settings={_localsettings()}",
+                pty=True,
+            )
+            ctx.run(
+                f"django-admin loaddata geonode/monitoring/fixtures/notifications.json \
+    --settings={_localsettings()}",
+                pty=True,
+            )
+            ctx.run(
+                f"django-admin loaddata /tmp/default_monitoring_apps_docker.json \
+    --settings={_localsettings()}",
+                pty=True,
+            )
+        except Exception as e:
+            logger.error(f"ERROR installing monitoring fixture: {str(e)}")
 
 
 @task
@@ -432,10 +419,11 @@ def updateadmin(ctx):
     print("***********************update admin details**************************")
     ctx.run("rm -rf /tmp/django_admin_docker.json", pty=True)
     _prepare_admin_fixture(
-        os.environ.get("ADMIN_PASSWORD", "admin"), os.environ.get("ADMIN_EMAIL", "admin@example.org")
+        os.environ.get("ADMIN_PASSWORD", "admin"),
+        os.environ.get("ADMIN_EMAIL", "admin@example.org"),
     )
     ctx.run(
-        f"django-admin.py loaddata /tmp/django_admin_docker.json \
+        f"django-admin loaddata /tmp/django_admin_docker.json \
 --settings={_localsettings()}",
         pty=True,
     )
@@ -482,6 +470,14 @@ def _docker_host_ip():
     return ip_list[0]
 
 
+def _is_valid_ip(ip):
+    try:
+        ipaddress.IPv4Address(ip)
+        return True
+    except Exception as e:
+        return False
+
+
 def _container_exposed_port(component, instname):
     port = "80"
     try:
@@ -490,7 +486,10 @@ def _container_exposed_port(component, instname):
             [
                 c.attrs["Config"]["ExposedPorts"]
                 for c in client.containers.list(
-                    filters={"label": f"org.geonode.component={component}", "status": "running"}
+                    filters={
+                        "label": f"org.geonode.component={component}",
+                        "status": "running",
+                    }
                 )
                 if str(instname) in c.name
             ][0]
@@ -529,26 +528,16 @@ def _localsettings():
     return settings
 
 
-def _gs_service_availability(url):
-    import requests
-
-    try:
-        r = requests.request("get", url, verify=False)
-        r.raise_for_status()  # Raises a HTTPError if the status is 4xx, 5xxx
-    except (requests.exceptions.ConnectionError, requests.exceptions.Timeout) as e:
-        logger.error(f"GeoServer connection error is {e}")
-        return False
-    except requests.exceptions.HTTPError as er:
-        logger.error(f"GeoServer HTTP error is {er}")
-        return False
-    else:
-        logger.info("GeoServer API are available!")
-        return True
+def _geonode_public_host():
+    gn_pub_hostip = os.getenv("GEONODE_LB_HOST_IP", None)
+    if not gn_pub_hostip:
+        gn_pub_hostip = _docker_host_ip()
+    return gn_pub_hostip
 
 
 def _geonode_public_host_ip():
     gn_pub_hostip = os.getenv("GEONODE_LB_HOST_IP", None)
-    if not gn_pub_hostip:
+    if not gn_pub_hostip or not _is_valid_ip(gn_pub_hostip):
         gn_pub_hostip = _docker_host_ip()
     return gn_pub_hostip
 
@@ -562,33 +551,8 @@ def _geonode_public_port():
     return gn_pub_port
 
 
-def _geoserver_info_provision(url):
-    from django.conf import settings
-    from geoserver.catalog import Catalog
-
-    print("Setting GeoServer Admin Password...")
-    cat = Catalog(url, username=settings.OGC_SERVER_DEFAULT_USER, password=settings.OGC_SERVER_DEFAULT_PASSWORD)
-    headers = {"Content-type": "application/xml", "Accept": "application/xml"}
-    data = f"""<?xml version="1.0" encoding="UTF-8"?>
-<userPassword>
-    <newPassword>{(os.getenv('GEOSERVER_ADMIN_PASSWORD', 'geoserver'))}</newPassword>
-</userPassword>"""
-
-    response = cat.http_request(f"{cat.service_url}/security/self/password", method="PUT", data=data, headers=headers)
-    print(f"Response Code: {response.status_code}")
-    if response.status_code == 200:
-        print("GeoServer admin password updated SUCCESSFULLY!")
-    else:
-        logger.warning(f"WARNING: GeoServer admin password *NOT* updated: code [{response.status_code}]")
-
-
 def _prepare_oauth_fixture():
     upurl = urlparse(os.environ["SITEURL"])
-    net_scheme = upurl.scheme
-    pub_ip = _geonode_public_host_ip()
-    print(f"Public Hostname or IP is {pub_ip}")
-    pub_port = _geonode_public_port()
-    print(f"Public PORT is {pub_port}")
     default_fixture = [
         {
             "model": "oauth2_provider.application",
@@ -598,9 +562,7 @@ def _prepare_oauth_fixture():
                 "created": "2018-05-31T10:00:31.661Z",
                 "updated": "2018-05-31T11:30:31.245Z",
                 "algorithm": "RS256",
-                "redirect_uris": f"{net_scheme}://{pub_ip}:{pub_port}/geoserver/index.html"
-                if pub_port
-                else f"{net_scheme}://{pub_ip}/geoserver/index.html",
+                "redirect_uris": f"{urlunparse(upurl)}geoserver/index.html",
                 "name": "GeoServer",
                 "authorization_grant_type": "authorization-code",
                 "client_type": "confidential",
@@ -617,7 +579,11 @@ def _prepare_oauth_fixture():
 def _prepare_site_fixture():
     upurl = urlparse(os.environ["SITEURL"])
     default_fixture = [
-        {"model": "sites.site", "pk": 1, "fields": {"domain": str(upurl.hostname), "name": str(upurl.hostname)}}
+        {
+            "model": "sites.site",
+            "pk": 1,
+            "fields": {"domain": str(upurl.hostname), "name": str(upurl.hostname)},
+        }
     ]
     with open("/tmp/default_site.json", "w") as fixturefile:
         json.dump(default_fixture, fixturefile)
@@ -642,11 +608,19 @@ def _prepare_monitoring_fixture():
     d = "1970-01-01 00:00:00"
     default_fixture = [
         {
-            "fields": {"active": True, "ip": str(geonode_ip), "name": str(os.environ["MONITORING_HOST_NAME"])},
+            "fields": {
+                "active": True,
+                "ip": str(geonode_ip),
+                "name": str(os.environ["MONITORING_HOST_NAME"]),
+            },
             "model": "monitoring.host",
             "pk": 1,
         },
-        {"fields": {"active": True, "ip": str(geoserver_ip), "name": "geoserver"}, "model": "monitoring.host", "pk": 2},
+        {
+            "fields": {"active": True, "ip": str(geoserver_ip), "name": "geoserver"},
+            "model": "monitoring.host",
+            "pk": 2,
+        },
         {
             "fields": {
                 "name": str(os.environ["MONITORING_SERVICE_NAME"]),
diff --git a/uwsgi.ini b/uwsgi.ini
index a0f786b7058..c519637152e 100644
--- a/uwsgi.ini
+++ b/uwsgi.ini
@@ -1,6 +1,7 @@
 [uwsgi]
-uwsgi-socket = 0.0.0.0:8000
-http-socket = 0.0.0.0:8001
+# uwsgi-socket = 0.0.0.0:8000
+http-socket = 0.0.0.0:8000
+logto = /var/log/geonode.log
 # pidfile = /tmp/geonode.pid
 
 chdir = /usr/src/geonode/
@@ -13,15 +14,12 @@ vacuum = true                        ; Delete sockets during shutdown
 single-interpreter = true
 die-on-term = true                   ; Shutdown when receiving SIGTERM (default is respawn)
 need-app = true
-
-# logging
-# path to where uwsgi logs will be saved
-logto = /var/log/geonode.log
+thunder-lock = true
 
 touch-reload = /usr/src/geonode/geonode/wsgi.py
 buffer-size = 32768
 
-harakiri = 60                        ; forcefully kill workers after 60 seconds
+harakiri = 600                       ; forcefully kill workers after 600 seconds
 py-callos-afterfork = true           ; allow workers to trap signals
 
 max-requests = 1000                  ; Restart workers after this many requests
@@ -43,4 +41,4 @@ cheaper-busyness-backlog-alert = 16  ; Spawn emergency workers if more than this
 cheaper-busyness-backlog-step = 2    ; How many emergency workers to create if there are too many requests in the queue
 
 # daemonize = /var/log/uwsgi/geonode.log
-# cron = -1 -1 -1 -1 -1 /usr/local/bin/python /usr/src/{{project_name}}/manage.py collect_metrics -n
+# cron = -1 -1 -1 -1 -1 /usr/local/bin/python /usr/src/geonode/manage.py collect_metrics -n

From 0a5f27ea97f93970660aecb258796b66526dc30a Mon Sep 17 00:00:00 2001
From: afabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Wed, 23 Aug 2023 09:44:43 +0200
Subject: [PATCH 121/330] - Align setup.cfg to requirements.txt

---
 setup.cfg | 1 +
 1 file changed, 1 insertion(+)

diff --git a/setup.cfg b/setup.cfg
index 516ea95be42..01f2836b571 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -198,6 +198,7 @@ install_requires =
     mistune==3.0.1
     protobuf==3.20.3
     mako==1.2.4
+    paramiko==3.3.1 # not directly required, fixes Blowfish deprecation warning
     certifi>=2022.12.7 # not directly required, pinned by Snyk to avoid a vulnerability
     jwcrypto>=1.4 # not directly required, pinned by Snyk to avoid a vulnerability
     cryptography>=41.0.0 # not directly required, pinned by Snyk to avoid a vulnerability

From c3f275cb8a9ce489df1cdfb612012c5a65bafdf0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 23 Aug 2023 09:45:46 +0200
Subject: [PATCH 122/330] Bump boto3 from 1.28.15 to 1.28.31 (#11401)

* Bump boto3 from 1.28.15 to 1.28.31

Bumps [boto3](https://github.com/boto/boto3) from 1.28.15 to 1.28.31.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.28.15...1.28.31)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 8e5702f81fa..17219ad44c6 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -113,7 +113,7 @@ django-storages==1.13.2
 dropbox==11.36.2
 google-cloud-storage==2.10.0
 google-cloud-core==2.3.3
-boto3==1.28.15
+boto3==1.28.31
 
 # Django Caches
 python-memcached<=1.59
diff --git a/setup.cfg b/setup.cfg
index 01f2836b571..adda03264b7 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -138,7 +138,7 @@ install_requires =
     dropbox==11.36.2
     google-cloud-storage==2.10.0
     google-cloud-core==2.3.3
-    boto3==1.28.15
+    boto3==1.28.31
 
     # Django Caches
     python-memcached<=1.59

From 597edc12acd997070fca1747d76fd6ebacab0299 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 23 Aug 2023 09:47:30 +0200
Subject: [PATCH 123/330] Bump dj-database-url from 2.0.0 to 2.1.0 (#11393)

* Bump dj-database-url from 2.0.0 to 2.1.0

Bumps [dj-database-url](https://github.com/jazzband/dj-database-url) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/jazzband/dj-database-url/releases)
- [Changelog](https://github.com/jazzband/dj-database-url/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jazzband/dj-database-url/compare/v2.0.0...v2.1.0)

---
updated-dependencies:
- dependency-name: dj-database-url
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 17219ad44c6..feb024de6ae 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -65,7 +65,7 @@ numpy==1.25.*
 # # Apps with packages provided in GeoNode's PPA on Launchpad.
 
 # Django Apps
-dj-database-url==2.0.0
+dj-database-url==2.1.0
 dj-pagination==2.5.0
 django-select2==8.1.2
 django-floppyforms<1.10.0
diff --git a/setup.cfg b/setup.cfg
index adda03264b7..a1ad378b070 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -91,7 +91,7 @@ install_requires =
     # # Apps with packages provided in GeoNode's PPA on Launchpad.
 
     # Django Apps
-    dj-database-url==2.0.0
+    dj-database-url==2.1.0
     dj-pagination==2.5.0
     django-select2==8.1.2
     django-floppyforms<1.10.0

From 3c47799c6103016170f6d7ff479d2c3cb29277d5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 23 Aug 2023 09:47:53 +0200
Subject: [PATCH 124/330] Bump django-grappelli from 3.0.6 to 3.0.7 (#11392)

* Bump django-grappelli from 3.0.6 to 3.0.7

Bumps [django-grappelli](https://github.com/sehmaschine/django-grappelli) from 3.0.6 to 3.0.7.
- [Changelog](https://github.com/sehmaschine/django-grappelli/blob/master/docs/changelog.rst)
- [Commits](https://github.com/sehmaschine/django-grappelli/compare/3.0.6...3.0.7)

---
updated-dependencies:
- dependency-name: django-grappelli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index feb024de6ae..7ee5c632236 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -44,7 +44,7 @@ django-downloadview==2.3.0
 django-polymorphic==3.1.0
 django-tastypie<0.15.0
 django-tinymce==3.6.1
-django-grappelli==3.0.6
+django-grappelli==3.0.7
 django-uuid-upload-path==1.0.0
 django-widget-tweaks==1.4.12
 django-sequences==2.8
diff --git a/setup.cfg b/setup.cfg
index a1ad378b070..817f5d27c26 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -70,7 +70,7 @@ install_requires =
     django-polymorphic==3.1.0
     django-tastypie<0.15.0
     django-tinymce==3.6.1
-    django-grappelli==3.0.6
+    django-grappelli==3.0.7
     django-uuid-upload-path==1.0.0
     django-widget-tweaks==1.4.12
     django-sequences==2.8

From d60c6945303904fcb49961dd58877de4a983f520 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 23 Aug 2023 09:49:12 +0200
Subject: [PATCH 125/330] Bump sqlalchemy from 2.0.19 to 2.0.20 (#11391)

* Bump sqlalchemy from 2.0.19 to 2.0.20

Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.19 to 2.0.20.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

---
updated-dependencies:
- dependency-name: sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 7ee5c632236..875cb274a00 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -56,7 +56,7 @@ pyjwt==2.8.0
 pyproj<3.7.0
 OWSLib==0.29.2
 pycsw==2.6.1
-SQLAlchemy==2.0.19 # required by PyCSW
+SQLAlchemy==2.0.20 # required by PyCSW
 Shapely==1.8.5.post1
 mercantile==1.2.1
 geoip2==4.7.0
diff --git a/setup.cfg b/setup.cfg
index 817f5d27c26..bbf44430f3f 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -82,7 +82,7 @@ install_requires =
     pyproj<3.7.0
     OWSLib==0.29.2
     pycsw==2.6.1
-    SQLAlchemy==2.0.19 # required by PyCSW
+    SQLAlchemy==2.0.20 # required by PyCSW
     Shapely==1.8.5.post1
     mercantile==1.2.1
     geoip2==4.7.0

From 027e97365ea9bd65fb8a5dca725bd584294fb111 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 23 Aug 2023 09:49:32 +0200
Subject: [PATCH 126/330] Update setuptools requirement from <68.1.0,>=59.1.1
 to >=59.1.1,<68.2.0 (#11390)

* Update setuptools requirement from <68.1.0,>=59.1.1 to >=59.1.1,<68.2.0

Updates the requirements on [setuptools](https://github.com/pypa/setuptools) to permit the latest version.
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](https://github.com/pypa/setuptools/compare/v65.5.1...v68.1.0)

---
updated-dependencies:
- dependency-name: setuptools
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 875cb274a00..66b5d23adc6 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -159,7 +159,7 @@ pytest-bdd==6.1.1
 splinter==0.19.0
 pytest-splinter==3.3.2
 pytest-django==4.5.2
-setuptools>=59.1.1,<68.1.0
+setuptools>=59.1.1,<68.2.0
 pip==23.2.1
 Twisted==22.10.0
 pixelmatch==0.3.0
diff --git a/setup.cfg b/setup.cfg
index bbf44430f3f..a620e56c964 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -184,7 +184,7 @@ install_requires =
     splinter==0.19.0
     pytest-splinter==3.3.2
     pytest-django==4.5.2
-    setuptools>=59.1.1,<68.1.0
+    setuptools>=59.1.1,<68.2.0
     pip==23.2.1
     Twisted==22.10.0
     pixelmatch==0.3.0

From 16cd8c1c31e6e75127ed1c1f283989506604ecc1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 23 Aug 2023 09:49:49 +0200
Subject: [PATCH 127/330] Bump coverage from 7.2.7 to 7.3.0 (#11377)

* Bump coverage from 7.2.7 to 7.3.0

Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.2.7 to 7.3.0.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.2.7...7.3.0)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 66b5d23adc6..533b56b3c2a 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -150,7 +150,7 @@ docker==6.1.3
 invoke==2.2.0
 
 # tests
-coverage==7.2.7
+coverage==7.3.0
 requests-toolbelt==1.0.0
 flake8==6.1.0
 black==23.7.0
diff --git a/setup.cfg b/setup.cfg
index a620e56c964..109aabe8cd2 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -175,7 +175,7 @@ install_requires =
     invoke==2.2.0
 
     # tests
-    coverage==7.2.7
+    coverage==7.3.0
     requests-toolbelt==1.0.0
     flake8==6.1.0
     black==23.7.0

From 6f3fcbb69557b17356f1bd9de1c0aa42016b7beb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 23 Aug 2023 09:50:22 +0200
Subject: [PATCH 128/330] Bump tqdm from 4.65.0 to 4.66.1 (#11375)

* Bump tqdm from 4.65.0 to 4.66.1

Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.65.0 to 4.66.1.
- [Release notes](https://github.com/tqdm/tqdm/releases)
- [Commits](https://github.com/tqdm/tqdm/compare/v4.65.0...v4.66.1)

---
updated-dependencies:
- dependency-name: tqdm
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 533b56b3c2a..bde78f9ac4f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -17,7 +17,7 @@ decorator==5.1.1
 celery==5.3.1
 kombu==5.3.1
 vine==5.0.0
-tqdm==4.65.0
+tqdm==4.66.1
 Deprecated==1.2.14
 wrapt==1.15.0
 jsonschema==4.18.4
diff --git a/setup.cfg b/setup.cfg
index 109aabe8cd2..8f1ebdeb3dd 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -43,7 +43,7 @@ install_requires =
     celery==5.3.1
     kombu==5.3.1
     vine==5.0.0
-    tqdm==4.65.0
+    tqdm==4.66.1
     Deprecated==1.2.14
     wrapt==1.15.0
     jsonschema==4.18.4

From c01a408bf9cc230cc52b33798de089b9724605fd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 23 Aug 2023 09:50:49 +0200
Subject: [PATCH 129/330] Bump jsonschema from 4.18.4 to 4.19.0 (#11360)

* Bump jsonschema from 4.18.4 to 4.19.0

Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.18.4 to 4.19.0.
- [Release notes](https://github.com/python-jsonschema/jsonschema/releases)
- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/python-jsonschema/jsonschema/compare/v4.18.4...v4.19.0)

---
updated-dependencies:
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index bde78f9ac4f..700eff43551 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -20,7 +20,7 @@ vine==5.0.0
 tqdm==4.66.1
 Deprecated==1.2.14
 wrapt==1.15.0
-jsonschema==4.18.4
+jsonschema==4.19.0
 zipstream-new==1.1.8
 schema==0.7.5
 rdflib==6.3.2
diff --git a/setup.cfg b/setup.cfg
index 8f1ebdeb3dd..4de6c39e998 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -46,7 +46,7 @@ install_requires =
     tqdm==4.66.1
     Deprecated==1.2.14
     wrapt==1.15.0
-    jsonschema==4.18.4
+    jsonschema==4.19.0
     zipstream-new==1.1.8
     schema==0.7.5
     rdflib==6.3.2

From 3779a58de795c80935342ab28ecf77a8afa991ea Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 23 Aug 2023 09:51:18 +0200
Subject: [PATCH 130/330] Bump psycopg2 from 2.9.6 to 2.9.7 (#11330)

* Bump psycopg2 from 2.9.6 to 2.9.7

Bumps [psycopg2](https://github.com/psycopg/psycopg2) from 2.9.6 to 2.9.7.
- [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS)
- [Commits](https://github.com/psycopg/psycopg2/compare/2.9.6...2.9.7)

---
updated-dependencies:
- dependency-name: psycopg2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 700eff43551..cf3512a3829 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,7 +1,7 @@
 # native dependencies
 Pillow==10.0.0
 lxml==4.9.3
-psycopg2==2.9.6
+psycopg2==2.9.7
 Django==3.2.20
 
 # Other
diff --git a/setup.cfg b/setup.cfg
index 4de6c39e998..2485f957baf 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -27,7 +27,7 @@ install_requires =
     # native dependencies
     Pillow==10.0.0
     lxml==4.9.3
-    psycopg2==2.9.6
+    psycopg2==2.9.7
     Django==3.2.20
 
     # Other

From 4620143f32d25cc4b848cbfe29aca8d2af8e85f2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 23 Aug 2023 09:53:38 +0200
Subject: [PATCH 131/330] Bump boto3 from 1.28.15 to 1.28.32 (#11403)

* Bump boto3 from 1.28.15 to 1.28.32

Bumps [boto3](https://github.com/boto/boto3) from 1.28.15 to 1.28.32.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.28.15...1.28.32)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index cf3512a3829..05db52f8a43 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -113,7 +113,7 @@ django-storages==1.13.2
 dropbox==11.36.2
 google-cloud-storage==2.10.0
 google-cloud-core==2.3.3
-boto3==1.28.31
+boto3==1.28.32
 
 # Django Caches
 python-memcached<=1.59
diff --git a/setup.cfg b/setup.cfg
index 2485f957baf..41a528efbc4 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -138,7 +138,7 @@ install_requires =
     dropbox==11.36.2
     google-cloud-storage==2.10.0
     google-cloud-core==2.3.3
-    boto3==1.28.31
+    boto3==1.28.32
 
     # Django Caches
     python-memcached<=1.59

From bf99098fb8bae4c84dc13faf83ccd73f6777b150 Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Wed, 23 Aug 2023 10:20:28 +0200
Subject: [PATCH 132/330] [Fixes #11357] Remove legacy upload code code quality
 (#11363)

* [Fixes #11357] Remove Legacy upload flow

* [Fixes #11357] black and flake formatting

* [Fixes #11357] Remove dead code

* [Fixes #11357] Fix _get_parallel_uploads_count

* [Fixes #11357] Fix formatting

---------

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
---
 geonode/geoserver/context_processors.py       |   4 +-
 geonode/upload/__init__.py                    |  19 -
 geonode/upload/api/views.py                   | 107 +--
 geonode/upload/forms.py                       |  10 -
 geonode/upload/tasks.py                       | 228 +----
 .../upload/tests/test_upload_preprocessing.py | 154 ---
 geonode/upload/upload.py                      | 879 ------------------
 geonode/upload/upload_preprocessing.py        | 116 ---
 geonode/upload/urls.py                        |   2 -
 geonode/upload/utils.py                       | 221 +----
 geonode/upload/views.py                       | 685 +-------------
 11 files changed, 21 insertions(+), 2404 deletions(-)
 delete mode 100644 geonode/upload/tests/test_upload_preprocessing.py
 delete mode 100644 geonode/upload/upload_preprocessing.py

diff --git a/geonode/geoserver/context_processors.py b/geonode/geoserver/context_processors.py
index 35525dd900d..464cfffa772 100644
--- a/geonode/geoserver/context_processors.py
+++ b/geonode/geoserver/context_processors.py
@@ -28,8 +28,8 @@ def geoserver_urls(request):
         GEOSERVER_LOCAL_URL=ogc_server_settings.LOCATION,
         GEOSERVER_PUBLIC_LOCATION=ogc_server_settings.public_url,
         GEOSERVER_BASE_URL=ogc_server_settings.public_url,
-        UPLOADER_URL=reverse("data_upload"),
-        LAYER_ANCILLARY_FILES_UPLOAD_URL=reverse("dataset_upload"),
+        UPLOADER_URL=reverse("importer_upload"),
+        LAYER_ANCILLARY_FILES_UPLOAD_URL=reverse("importer_upload"),
         MAPFISH_PRINT_ENABLED=getattr(ogc_server_settings, "MAPFISH_PRINT_ENABLED", False),
         PRINT_NG_ENABLED=getattr(ogc_server_settings, "PRINT_NG_ENABLED", False),
         GEONODE_SECURITY_ENABLED=getattr(ogc_server_settings, "GEONODE_SECURITY_ENABLED", False),
diff --git a/geonode/upload/__init__.py b/geonode/upload/__init__.py
index c50c3f5609f..c3ad74d2b54 100644
--- a/geonode/upload/__init__.py
+++ b/geonode/upload/__init__.py
@@ -38,21 +38,6 @@ def run_setup_hooks(sender, **kwargs):
             PeriodicTask,
         )
 
-        check_intervals = IntervalSchedule.objects.filter(every=600, period="seconds")
-        if not check_intervals.exists():
-            check_interval, _ = IntervalSchedule.objects.get_or_create(every=10, period="seconds")
-        else:
-            check_interval = check_intervals.first()
-
-        PeriodicTask.objects.update_or_create(
-            name="finalize-incomplete-session-resources",
-            defaults=dict(
-                task="geonode.upload.tasks.finalize_incomplete_session_uploads",
-                interval=check_interval,
-                args="",
-                start_time=timezone.now(),
-            ),
-        )
         daily_interval, _ = IntervalSchedule.objects.get_or_create(every=1, period="days")
         PeriodicTask.objects.update_or_create(
             name="clean-up-old-task-result",
@@ -71,10 +56,6 @@ class UploadAppConfig(AppConfig):
     def ready(self):
         super().ready()
         post_migrate.connect(run_setup_hooks, sender=self)
-        settings.CELERY_BEAT_SCHEDULE["finalize-incomplete-session-resources"] = {
-            "task": "geonode.upload.tasks.finalize_incomplete_session_uploads",
-            "schedule": 10.0,
-        }
         settings.CELERY_BEAT_SCHEDULE["clean-up-old-task-result"] = {
             "task": "geonode.upload.tasks.cleanup_celery_task_entries",
             "schedule": 86400.0,
diff --git a/geonode/upload/api/views.py b/geonode/upload/api/views.py
index 08df61f66ee..23cfdf6c259 100644
--- a/geonode/upload/api/views.py
+++ b/geonode/upload/api/views.py
@@ -16,8 +16,6 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 #########################################################################
-import json
-from urllib.parse import parse_qsl, urlparse
 from dynamic_rest.viewsets import DynamicModelViewSet
 from dynamic_rest.filters import DynamicFilterBackend, DynamicSortingFilter
 
@@ -26,20 +24,18 @@
 from rest_framework import status
 from rest_framework.decorators import action
 from rest_framework.response import Response
-from rest_framework.exceptions import ValidationError, AuthenticationFailed
+from rest_framework.exceptions import ValidationError
 from rest_framework.parsers import FileUploadParser
 from rest_framework.permissions import IsAuthenticatedOrReadOnly
 from rest_framework.authentication import SessionAuthentication, BasicAuthentication
 from oauth2_provider.contrib.rest_framework import OAuth2Authentication
 
-from django.shortcuts import reverse
 from django.utils.translation import ugettext as _
 
 from geonode.base.api.filters import DynamicSearchFilter
 from geonode.base.api.permissions import IsOwnerOrReadOnly, IsSelfOrAdminOrReadOnly
 from geonode.base.api.pagination import GeoNodeApiPagination
-from geonode.upload.utils import get_max_amount_of_steps
-from geonode.layers.utils import is_vector
+
 
 from .serializers import (
     UploadSerializer,
@@ -49,7 +45,6 @@
 from .permissions import UploadPermissionsFilter
 
 from ..models import Upload, UploadParallelismLimit, UploadSizeLimit
-from ..views import view as upload_view
 
 import logging
 
@@ -73,109 +68,13 @@ class UploadViewSet(DynamicModelViewSet):
     pagination_class = GeoNodeApiPagination
     http_method_names = ["get", "post"]
 
-    def _emulate_client_upload_step(self, request, _step):
-        """Emulates the calls of a client to the upload flow.
-        It alters the content of the request object, so the same request should
-        be reused in the next call of this method.
-
-        Args:
-            request (Request): A request object with the query params given by the lasted step call.
-                               No params for the first call.
-            _step (string): The current step, used as an argument in the upload_view call.
-                            None for the first call.
-
-        Returns:
-            Response: response, upload_view response or a final response.
-            string: next_step, the next step to be performed.
-            boolean: is_final, True when the last step is executed or in case of errors.
-        """
-        response = upload_view(request, _step)
-        if response.status_code == status.HTTP_200_OK:
-            content = response.content
-            if isinstance(content, bytes):
-                content = content.decode("UTF-8")
-            try:
-                data = json.loads(content)
-            except json.decoder.JSONDecodeError:
-                data = content
-
-            next_step = None
-            if isinstance(data, dict):
-                response_status = data.get("status", "")
-                response_success = data.get("success", False)
-                redirect_to = data.get("redirect_to", "")
-                if not response_success or not redirect_to or response_status == "finished":
-                    return response, None, True
-
-                # Prepare next step
-                parsed_redirect_to = urlparse(redirect_to)
-                if reverse("data_upload") not in parsed_redirect_to.path:
-                    # Error, next step cannot be performed by `upload_view`
-                    return response, None, True
-                next_step = parsed_redirect_to.path.split(reverse("data_upload"))[1]
-                query_params = parse_qsl(parsed_redirect_to.query)
-                request.method = "GET"
-                request.GET.clear()
-                for key, value in query_params:
-                    request.GET[key] = value
-            if next_step:
-                return response, next_step, False
-        elif response.status_code == status.HTTP_302_FOUND:
-            # Get next step, should be final
-            parsed_redirect_to = urlparse(response.url)
-            if reverse("data_upload") not in parsed_redirect_to.path:
-                # Error, next step cannot be performed by `upload_view`
-                return response, None, True
-            next_step = parsed_redirect_to.path.split(reverse("data_upload"))[1]
-            return response, next_step, False
-        # Error, next step cannot be performed by `upload_view`
-        return response, None, True
-
     @extend_schema(
         methods=["post"],
         responses={201: None},
-        description="""
-        Starts an upload session based on the Dataset Upload Form.
-
-        the form params look like:
-        ```
-            'csrfmiddlewaretoken': self.csrf_token,
-            'permissions': '{ "users": {"AnonymousUser": ["view_resourcebase"]} , "groups":{}}',
-            'time': 'false',
-            'charset': 'UTF-8',
-            'base_file': base_file,
-            'dbf_file': dbf_file,
-            'shx_file': shx_file,
-            'prj_file': prj_file,
-            'tif_file': tif_file
-        ```
-        """,
     )
     @action(detail=False, methods=["post"])
     def upload(self, request, format=None):
-        user = request.user
-        if not user or not user.is_authenticated:
-            raise AuthenticationFailed()
-
-        # Custom upload steps defined by user
-        non_interactive = json.loads(request.data.get("non_interactive", "false").lower())
-        if non_interactive:
-            is_vector_dataset = is_vector(request.FILES.get("base_file").name)
-            steps_list = (None, "check", "final") if is_vector_dataset else (None, "final")
-            # Execute steps and get response
-            for step in steps_list:
-                response, _, _ = self._emulate_client_upload_step(request, step)
-            return response
-
-        # Upload steps defined by geonode.upload.utils._pages
-        next_step = None
-        max_steps = get_max_amount_of_steps()
-        for n in range(max_steps):
-            response, next_step, is_final = self._emulate_client_upload_step(request, next_step)
-            if is_final:
-                return response
-        # After performing 7 steps if we don't get any final response
-        return response
+        return []
 
 
 class UploadSizeLimitViewSet(DynamicModelViewSet):
diff --git a/geonode/upload/forms.py b/geonode/upload/forms.py
index 0d7dc89345f..51d9be10c6a 100644
--- a/geonode/upload/forms.py
+++ b/geonode/upload/forms.py
@@ -243,13 +243,3 @@ def clean(self):
         return self.cleaned_data
 
     # @todo implement clean
-
-
-class SRSForm(forms.Form):
-    source = forms.CharField(required=True)
-
-    target = forms.CharField(required=False)
-
-
-def _supported_type(ext, supported_types):
-    return any([type_.matches(ext) for type_ in supported_types])
diff --git a/geonode/upload/tasks.py b/geonode/upload/tasks.py
index 8deeb6144ba..9f00d9a0030 100644
--- a/geonode/upload/tasks.py
+++ b/geonode/upload/tasks.py
@@ -17,244 +17,18 @@
 #
 #########################################################################
 from datetime import datetime
-import json
 import logging
 
-from celery import chord
-from celery.result import allow_join_result
-from gsimporter.api import NotFound
-
 from django.conf import settings
-from django.utils.timezone import timedelta, now
+from django.utils.timezone import timedelta
 
 from geonode.celery_app import app
-from geonode.base import enumerations
-from geonode.geoserver.helpers import gs_uploader
-
-from geonode.upload.models import Upload
-from geonode.upload.views import final_step_view
-from geonode.upload.utils import next_step_response
-from geonode.resource.manager import resource_manager
-
-from geonode.tasks.tasks import AcquireLock, FaultTolerantTask
 
 logger = logging.getLogger(__name__)
 
 UPLOAD_SESSION_EXPIRY_HOURS = getattr(settings, "UPLOAD_SESSION_EXPIRY_HOURS", 24)
 
 
-@app.task(
-    bind=True, base=FaultTolerantTask, queue="upload", expires=30, time_limit=600, acks_late=False, ignore_result=True
-)
-def finalize_incomplete_session_uploads(self, *args, **kwargs):
-    """The task periodically checks for pending and stale Upload sessions.
-    It runs every 600 seconds (see the PeriodTask on geonode.upload._init_),
-    checks first for expired stale Upload sessions and schedule them for cleanup.
-    We have to make sure To NOT Delete those Unprocessed Ones,
-    which are in live sessions.
-    After removing the stale ones, it collects all the unprocessed and runs them
-    in parallel."""
-
-    _upload_ids = []
-    _upload_tasks = []
-    _upload_ids_expired = []
-
-    # Check first if we need to delete stale sessions
-    expiry_time = now() - timedelta(hours=UPLOAD_SESSION_EXPIRY_HOURS)
-    for _upload in Upload.objects.exclude(state=enumerations.STATE_PROCESSED).exclude(date__gt=expiry_time):
-        _upload.set_processing_state(enumerations.STATE_INVALID)
-        _upload_ids_expired.append(_upload.id)
-        _upload_tasks.append(_upload_session_cleanup.signature(args=(_upload.id,)))
-
-    upload_workflow_finalizer = _upload_workflow_finalizer.signature(
-        args=(
-            "_upload_session_cleanup",
-            _upload_ids_expired,
-        ),
-        immutable=True,
-    ).on_error(
-        _upload_workflow_error.signature(
-            args=(
-                "_upload_session_cleanup",
-                _upload_ids_expired,
-            ),
-            immutable=True,
-        )
-    )
-    upload_workflow = chord(_upload_tasks, body=upload_workflow_finalizer)
-    upload_workflow.apply_async(args=(), expiration=30)
-
-    # Let's finish the valid ones
-    session = None
-    for _upload in Upload.objects.exclude(state__in=[enumerations.STATE_PROCESSED, enumerations.STATE_INVALID]).exclude(
-        id__in=_upload_ids_expired
-    ):
-        try:
-            if not _upload.import_id:
-                raise NotFound
-            session = _upload.get_session.import_session if _upload.get_session else None
-            if not session or session.state != enumerations.STATE_COMPLETE:
-                session = gs_uploader.get_session(_upload.import_id)
-        except (NotFound, Exception) as e:
-            logger.exception(e)
-            session = None
-
-        if session:
-            _upload_ids.append(_upload.id)
-            _upload_tasks.append(_update_upload_session_state.signature(args=(_upload.id,)))
-        elif _upload.state not in (enumerations.STATE_READY, enumerations.STATE_COMPLETE, enumerations.STATE_RUNNING):
-            if (
-                session
-                and session.state == enumerations.STATE_COMPLETE
-                and _upload.resource
-                and _upload.resource.processed
-            ):
-                _upload.set_processing_state(enumerations.STATE_PROCESSED)
-
-    upload_workflow_finalizer = _upload_workflow_finalizer.signature(
-        args=(
-            "_update_upload_session_state",
-            _upload_ids,
-        ),
-        immutable=True,
-    ).on_error(
-        _upload_workflow_error.signature(
-            args=(
-                "_update_upload_session_state",
-                _upload_ids,
-            ),
-            immutable=True,
-        )
-    )
-
-    upload_workflow = chord(_upload_tasks, body=upload_workflow_finalizer)
-    result = upload_workflow.apply_async(args=(), expiration=30)
-    if result.ready():
-        with allow_join_result():
-            return result.get()
-    return result.state
-
-
-@app.task(
-    bind=True, base=FaultTolerantTask, queue="upload", expires=30, time_limit=600, acks_late=False, ignore_result=False
-)
-def _upload_workflow_finalizer(self, task_name: str, upload_ids: list):
-    """Task invoked at 'upload_workflow.chord' end in the case everything went well."""
-    if upload_ids:
-        logger.info(f"Task {task_name} upload ids: {upload_ids} finished successfully!")
-
-
-@app.task(
-    bind=True,
-    base=FaultTolerantTask,
-    queue="upload",
-    acks_late=False,
-    ignore_result=False,
-)
-def _upload_workflow_error(self, task_name: str, upload_ids: list):
-    """Task invoked at 'upload_workflow.chord' end in the case some error occurred."""
-    logger.error(f"Task {task_name} upload ids: {upload_ids} did not finish correctly!")
-    for _upload in Upload.objects.filter(id__in=upload_ids):
-        _upload.set_processing_state(enumerations.STATE_INVALID)
-
-
-@app.task(
-    bind=True, base=FaultTolerantTask, queue="upload", expires=30, time_limit=600, acks_late=False, ignore_result=False
-)
-def _update_upload_session_state(self, upload_session_id: int):
-    """Task invoked by 'upload_workflow.chord' in order to process all the 'PENDING' Upload tasks."""
-    lock_id = f"_update_upload_session_state-{upload_session_id}"
-    with AcquireLock(lock_id) as lock:
-        if lock.acquire() is True:
-            _upload = Upload.objects.get(id=upload_session_id)
-            session = _upload.get_session.import_session
-            if not session or session.state != enumerations.STATE_COMPLETE:
-                session = gs_uploader.get_session(_upload.import_id)
-
-            if session:
-                try:
-                    _response = next_step_response(None, _upload.get_session)
-                    _upload.refresh_from_db()
-                    _content = _response.content
-                    if isinstance(_content, bytes):
-                        _content = _content.decode("UTF-8")
-                    _response_json = json.loads(_content)
-                    _success = _response_json.get("success", False)
-                    _redirect_to = _response_json.get("redirect_to", "")
-
-                    _tasks_ready = any([_task.state in ["READY"] for _task in session.tasks])
-                    _tasks_failed = any([_task.state in ["BAD_FORMAT", "ERROR", "CANCELED"] for _task in session.tasks])
-                    _tasks_waiting = any(
-                        [_task.state in ["NO_CRS", "NO_BOUNDS", "NO_FORMAT"] for _task in session.tasks]
-                    )
-
-                    if _success:
-                        if _tasks_failed:
-                            # GeoNode Layer creation errored!
-                            _upload.set_processing_state(enumerations.STATE_INVALID)
-                        elif (
-                            "upload/final" not in _redirect_to
-                            and "upload/check" not in _redirect_to
-                            and (_tasks_waiting or _upload.get_session.time)
-                        ):
-                            _upload.set_resume_url(_redirect_to)
-                            _upload.set_processing_state(enumerations.STATE_WAITING)
-                        elif session.state in (enumerations.STATE_PENDING, enumerations.STATE_RUNNING) and not (
-                            _tasks_waiting or _tasks_ready
-                        ):
-                            if _upload.resource and not _upload.resource.processed:
-                                # GeoNode Layer updating...
-                                _upload.set_processing_state(enumerations.STATE_RUNNING)
-                            elif (
-                                session.state == enumerations.STATE_RUNNING
-                                and _upload.resource
-                                and _upload.resource.processed
-                            ):
-                                # GeoNode Layer successfully processed...
-                                _upload.set_processing_state(enumerations.STATE_PROCESSED)
-                        elif (
-                            session.state == enumerations.STATE_COMPLETE
-                            and _upload.state in (enumerations.STATE_COMPLETE, enumerations.STATE_PENDING)
-                            and not _tasks_waiting
-                        ) or (session.state == enumerations.STATE_PENDING and _tasks_ready):
-                            if not _upload.resource:
-                                _response = final_step_view(None, _upload.get_session)
-                                if _response:
-                                    _upload.refresh_from_db()
-                                    if (
-                                        _upload.state not in (enumerations.STATE_PROCESSED, enumerations.STATE_RUNNING)
-                                        and not _upload.resource
-                                    ):
-                                        # GeoNode Layer still updating...
-                                        _upload.set_processing_state(enumerations.STATE_RUNNING)
-                        logger.debug(f"Upload {upload_session_id} updated with state {_upload.state}.")
-                except (NotFound, Exception) as e:
-                    logger.exception(e)
-                    if _upload.state not in (enumerations.STATE_COMPLETE, enumerations.STATE_PROCESSED):
-                        _upload.set_processing_state(enumerations.STATE_INVALID)
-                        logger.error(f"Upload {upload_session_id} deleted with state {_upload.state}.")
-            elif _upload.state != enumerations.STATE_PROCESSED:
-                _upload.set_processing_state(enumerations.STATE_INVALID)
-                logger.error(
-                    f"Unable to find the Importer Session - Upload {upload_session_id} deleted with state {_upload.state}."
-                )
-
-
-@app.task(
-    bind=True, base=FaultTolerantTask, queue="upload", expires=30, time_limit=600, acks_late=False, ignore_result=False
-)
-def _upload_session_cleanup(self, upload_session_id: int):
-    """Task invoked by 'upload_workflow.chord' in order to remove and cleanup all the 'INVALID' stale Upload tasks."""
-    try:
-        _upload = Upload.objects.get(id=upload_session_id)
-        if _upload.resource:
-            resource_manager.delete(_upload.resource.uuid)
-        _upload.delete()
-        logger.debug(f"Upload {upload_session_id} deleted with state {_upload.state}.")
-    except Exception as e:
-        logger.error(f"Upload {upload_session_id} errored with exception {e}.")
-
-
 @app.task(bind=False, acks_late=False, queue="clery_cleanup", ignore_result=True)
 def cleanup_celery_task_entries():
     from django_celery_results.models import TaskResult
diff --git a/geonode/upload/tests/test_upload_preprocessing.py b/geonode/upload/tests/test_upload_preprocessing.py
deleted file mode 100644
index 752f8351c9a..00000000000
--- a/geonode/upload/tests/test_upload_preprocessing.py
+++ /dev/null
@@ -1,154 +0,0 @@
-#########################################################################
-#
-# Copyright (C) 2018 OSGeo
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-#########################################################################
-
-"""unit tests for geonode.upload.upload_preprocessing module"""
-
-from geonode.tests.base import GeoNodeBaseTestSupport
-
-try:
-    import unittest.mock as mock
-except ImportError:
-    from unittest import mock
-import os.path
-
-from django.conf import settings
-from django.utils.timezone import timedelta, now
-
-from geonode.upload import files
-from geonode.base import enumerations
-from geonode.upload.models import Upload
-from geonode.upload.utils import get_kml_doc
-from geonode.upload import upload_preprocessing
-from geonode.upload.tasks import finalize_incomplete_session_uploads
-
-
-class UploadPreprocessingTestCase(GeoNodeBaseTestSupport):
-    MOCK_PREFIX = "geonode.upload.upload_preprocessing"
-
-    @mock.patch(MOCK_PREFIX + ".convert_kml_ground_overlay_to_geotiff", autospec=True)
-    def test_preprocess_files_kml_ground_overlay(self, mock_handler):
-        dirname = "phony"
-        kml_path = "fake_path.kml"
-        image_path = "another_fake_path.png"
-        data = [
-            files.SpatialFile(
-                base_file=kml_path,
-                file_type=files.get_type("KML Ground Overlay"),
-                auxillary_files=[image_path],
-                sld_files=[],
-                xml_files=[],
-            )
-        ]
-        spatial_files = files.SpatialFiles(dirname, data)
-        upload_preprocessing.preprocess_files(spatial_files)
-        mock_handler.assert_called_with(kml_path, image_path)
-
-    def test_extract_bbox_param(self):
-        fake_north = "70.000"
-        kml_bytes = f"""
-            <?xml version="1.0" encoding="UTF-8"?>
-            <kml xmlns="http://earth.google.com/kml/2.1">
-            <Document>
-              <GroundOverlay id="groundoverlay">
-                <LatLonBox>
-                  <north>{fake_north}</north>
-                </LatLonBox>
-              </GroundOverlay>
-            </Document>
-            </kml>
-        """.strip()
-        kml_doc, ns = get_kml_doc(kml_bytes.encode())
-        result = upload_preprocessing._extract_bbox_param(kml_doc, ns, "north")
-        self.assertEqual(result, fake_north)
-
-    @mock.patch(MOCK_PREFIX + ".subprocess.check_output", autospec=True)
-    @mock.patch(MOCK_PREFIX + ".get_kml_doc", autospec=True)
-    @mock.patch(MOCK_PREFIX + "._extract_bbox_param", autospec=True)
-    def test_convert_kml_ground_overlay_to_geotiff(self, mock_extract_param, mock_get_kml_doc, mock_subprocess):
-        fake_other_file_path = "the_image.png"
-        fake_kml_bytes = "nothing"
-        mock_get_kml_doc.return_value = ("not_relevant", "for_this_test")
-        fake_north = "1"
-        fake_south = "2"
-        fake_east = "3"
-        fake_west = "4"
-        mock_extract_param.side_effect = [fake_west, fake_north, fake_east, fake_south]
-        mock_open = mock.mock_open(read_data=fake_kml_bytes)
-        with mock.patch(self.MOCK_PREFIX + ".open", mock_open):
-            upload_preprocessing.convert_kml_ground_overlay_to_geotiff("fake_kml_path", fake_other_file_path)
-            mock_subprocess.assert_called_with(
-                [
-                    "gdal_translate",
-                    "-of",
-                    "GTiff",
-                    "-a_srs",
-                    "EPSG:4326",
-                    "-a_ullr",
-                    fake_west,
-                    fake_north,
-                    fake_east,
-                    fake_south,
-                    fake_other_file_path,
-                    os.path.splitext(fake_other_file_path)[0] + ".tif",
-                ]
-            )
-
-    def test_only_expected_uploads_are_deleted(self):
-        UPLOAD_SESSION_EXPIRY_HOURS = getattr(settings, "UPLOAD_SESSION_EXPIRY_HOURS", 24)
-        expiry_time = now() - timedelta(hours=UPLOAD_SESSION_EXPIRY_HOURS)
-        minutes_before = expiry_time - timedelta(minutes=2)
-        minutes_after = expiry_time - timedelta(minutes=-2)
-
-        # Uploads either PROCESSED or within expiry time
-        uploads_to_survive = [
-            Upload.objects.create(state=enumerations.STATE_INVALID, date=minutes_after),
-            Upload.objects.create(state=enumerations.STATE_COMPLETE, date=minutes_after),
-            Upload.objects.create(state=enumerations.STATE_PROCESSED, date=minutes_after),
-            Upload.objects.create(state=enumerations.STATE_PROCESSED, date=minutes_before),
-            Upload.objects.create(state=enumerations.STATE_INCOMPLETE),
-            Upload.objects.create(state=enumerations.STATE_PENDING),
-            Upload.objects.create(state=enumerations.STATE_READY),
-            Upload.objects.create(state=enumerations.STATE_RUNNING),
-            Upload.objects.create(state=enumerations.STATE_WAITING),
-        ]
-        survived_upload_ids = {u.id for u in uploads_to_survive}
-
-        # Uploads not PROCESSED and before expiry time
-        uploads_to_be_deleted = [
-            Upload.objects.create(state=enumerations.STATE_INVALID, date=minutes_before),
-            Upload.objects.create(state=enumerations.STATE_COMPLETE, date=minutes_before),
-            Upload.objects.create(state=enumerations.STATE_INCOMPLETE, date=minutes_before),
-            Upload.objects.create(state=enumerations.STATE_PENDING, date=minutes_before),
-            Upload.objects.create(state=enumerations.STATE_READY, date=minutes_before),
-            Upload.objects.create(state=enumerations.STATE_RUNNING, date=minutes_before),
-            Upload.objects.create(state=enumerations.STATE_WAITING, date=minutes_before),
-        ]
-        delete_upload_ids = {u.id for u in uploads_to_be_deleted}
-
-        uploads = Upload.objects.all()
-        upload_ids = {u.id for u in uploads}
-        self.assertEqual(uploads.count(), len(uploads_to_survive) + len(uploads_to_be_deleted))
-        self.assertEqual(upload_ids, survived_upload_ids.union(delete_upload_ids))
-
-        finalize_incomplete_session_uploads.delay()
-        uploads = Upload.objects.all()
-        upload_ids = {u.id for u in uploads}
-        # Only uploads_to_survive are not deleted
-        self.assertEqual(uploads.count(), len(uploads_to_survive))
-        self.assertEqual(upload_ids, survived_upload_ids)
diff --git a/geonode/upload/upload.py b/geonode/upload/upload.py
index b505e1734b7..0777cb83d3a 100644
--- a/geonode/upload/upload.py
+++ b/geonode/upload/upload.py
@@ -32,55 +32,12 @@
 State is stored in a UploaderSession object stored in the user's session.
 This needs to be made more stateful by adding a model.
 """
-import pytz
-import shutil
-import os.path
 import logging
-import zipfile
-import datetime
-import geoserver
-import gsimporter
 
-from geoserver.resource import Coverage, FeatureType
-
-from django.conf import settings
-from django.db.models import Max
-from django.db import transaction
-from django.db.utils import IntegrityError
-from django.contrib.auth import get_user_model
-from django.utils.translation import ugettext_lazy as _
-
-from geonode import GeoNodeException
-from geonode.base import enumerations
-from geonode.upload import LayerNotReady
-from geonode.tasks.tasks import AcquireLock
-from geonode.layers.models import TIME_REGEX_FORMAT
-from geonode.resource.manager import resource_manager
-from geonode.upload.api.exceptions import GeneralUploadException
-
-from ..layers.models import Dataset
-from ..layers.metadata import parse_metadata
-from ..people.utils import get_default_user
-from ..layers.utils import get_valid_dataset_name, is_vector
-from ..geoserver.helpers import gs_catalog, gs_uploader
-from . import utils
-from .models import Upload
-from .upload_preprocessing import preprocess_files
-from geonode.geoserver.helpers import (
-    get_dataset_type,
-    get_dataset_storetype,
-    create_geoserver_db_featurestore,
-    ogc_server_settings,
-)
 
 logger = logging.getLogger(__name__)
 
 
-def _log(msg, *args, level="error"):
-    # this logger is used also for debug purpose with error level
-    getattr(logger, level)(msg, *args)
-
-
 class UploaderSession:
 
     """All objects held must be able to survive a good pickling"""
@@ -158,839 +115,3 @@ def __init__(self, **kw):
     def cleanup(self):
         """do what we should at the given state of the upload"""
         pass
-
-
-def upload(
-    name,
-    base_file,
-    charset,
-    user=None,
-    time_attribute=None,
-    time_transform_type=None,
-    end_time_attribute=None,
-    end_time_transform_type=None,
-    presentation_strategy=None,
-    precision_value=None,
-    precision_step=None,
-    use_big_date=False,
-    overwrite=False,
-    mosaic=False,
-    append_to_mosaic_opts=None,
-    append_to_mosaic_name=None,
-    mosaic_time_regex=None,
-    mosaic_time_value=None,
-    time_presentation=None,
-    time_presentation_res=None,
-    time_presentation_default_value=None,
-    time_presentation_reference_value=None,
-):
-    if user is None:
-        user = get_default_user()
-    if isinstance(user, str):
-        user = get_user_model().objects.get(username=user)
-    import_session, upload = save_step(
-        user,
-        name,
-        base_file,
-        overwrite,
-        mosaic=mosaic,
-        append_to_mosaic_opts=append_to_mosaic_opts,
-        append_to_mosaic_name=append_to_mosaic_name,
-        mosaic_time_regex=mosaic_time_regex,
-        mosaic_time_value=mosaic_time_value,
-        time_presentation=time_presentation,
-        time_presentation_res=time_presentation_res,
-        time_presentation_default_value=time_presentation_default_value,
-        time_presentation_reference_value=time_presentation_reference_value,
-    )
-    upload_session = UploaderSession(
-        base_file=base_file,
-        name=name,
-        charset=charset,
-        import_session=import_session,
-        dataset_abstract="",
-        dataset_title=name,
-        permissions=None,
-        mosaic=mosaic,
-        append_to_mosaic_opts=append_to_mosaic_opts,
-        append_to_mosaic_name=append_to_mosaic_name,
-        mosaic_time_regex=mosaic_time_regex,
-        mosaic_time_value=mosaic_time_value,
-    )
-    time_step(
-        upload_session,
-        time_attribute,
-        time_transform_type,
-        presentation_strategy,
-        precision_value,
-        precision_step,
-        end_time_attribute=end_time_attribute,
-        end_time_transform_type=end_time_transform_type,
-        time_format=None,
-    )
-    utils.run_import(upload_session, async_upload=False)
-    final_step(upload_session, user, charset=charset)
-
-
-def _get_next_id():
-    # importer tracks ids by autoincrement but is prone to corruption
-    # which potentially may reset the id - hopefully prevent this...
-    upload_next_id = list(Upload.objects.all().aggregate(Max("import_id")).values())[0]
-    upload_next_id = upload_next_id if upload_next_id else 0
-    # next_id = next_id + 1 if next_id else 1
-    importer_sessions = gs_uploader.get_sessions()
-    last_importer_session = importer_sessions[len(importer_sessions) - 1].id if importer_sessions else 0
-    next_id = max(int(last_importer_session), int(upload_next_id)) + 1
-    return next_id
-
-
-def _check_geoserver_store(store_name, dataset_type, overwrite):
-    """Check if the store exists in geoserver"""
-    try:
-        store = gs_catalog.get_store(store_name)
-    except geoserver.catalog.FailedRequestError:
-        pass  # There is no store, ergo the road is clear
-    else:
-        if store:
-            resources = store.get_resources()
-            if len(resources) == 0:
-                if overwrite:
-                    _log("Deleting previously existing store")
-                    store.delete()
-                else:
-                    raise GeoNodeException(_("Dataset already exists"))
-            else:
-                for resource in resources:
-                    if resource.name == store_name:
-                        if not overwrite:
-                            raise GeoNodeException(_("Name already in use and overwrite is False"))
-                        existing_type = resource.resource_type or resource.polymorphic_ctype.name
-                        if existing_type != dataset_type:
-                            msg = (
-                                f"Type of uploaded file {store_name} ({dataset_type}) does not "
-                                "match type of existing resource type "
-                                f"{existing_type}"
-                            )
-                            _log(msg)
-                            raise GeoNodeException(msg)
-
-
-def save_step(
-    user,
-    layer,
-    spatial_files,
-    overwrite=True,
-    store_spatial_files=True,
-    mosaic=False,
-    append_to_mosaic_opts=None,
-    append_to_mosaic_name=None,
-    mosaic_time_regex=None,
-    mosaic_time_value=None,
-    time_presentation=None,
-    time_presentation_res=None,
-    time_presentation_default_value=None,
-    time_presentation_reference_value=None,
-    charset_encoding="UTF-8",
-    target_store=None,
-):
-    lock_id = "upload_workflow_save_step"
-    with AcquireLock(lock_id, blocking=True) as lock:
-        if lock.acquire() is True:
-            _log(f"Uploading layer: {layer}, files {spatial_files}")
-            if len(spatial_files) > 1:
-                # we only support more than one file if they're rasters for mosaicing
-                if not all([f.file_type.dataset_type == "coverage" for f in spatial_files]):
-                    msg = "Please upload only one type of file at a time"
-                    logger.exception(Exception(msg))
-                    raise GeneralUploadException(detail=msg)
-            name = get_valid_dataset_name(layer, overwrite)
-            _log(f"Name for layer: {name}")
-            if not any(spatial_files.all_files()):
-                msg = "Unable to recognize the uploaded file(s)"
-                logger.exception(Exception(msg))
-                raise GeneralUploadException(detail=msg)
-            the_dataset_type = get_dataset_type(spatial_files)
-            _check_geoserver_store(name, the_dataset_type, overwrite)
-            if the_dataset_type not in (FeatureType.resource_type, Coverage.resource_type):
-                msg = f"Expected layer type to FeatureType or Coverage, not {the_dataset_type}"
-                logger.exception(Exception(msg))
-                raise GeneralUploadException(msg)
-            files_to_upload = preprocess_files(spatial_files)
-            _log(f"files_to_upload: {files_to_upload}")
-            _log(f"Uploading {the_dataset_type}")
-            error_msg = None
-            try:
-                upload = None
-                if Upload.objects.filter(user=user, name=name).exists():
-                    upload = Upload.objects.filter(user=user, name=name).order_by("-date").first()
-                if upload:
-                    if upload.state == enumerations.STATE_READY:
-                        import_session = upload.get_session.import_session
-                    else:
-                        upload = None
-                if not upload:
-                    next_id = _get_next_id()
-                    # Truncate name to maximum length defined by the field.
-                    max_length = Upload._meta.get_field("name").max_length
-                    name = name[:max_length]
-                    # save record of this whether valid or not - will help w/ debugging
-                    upload = Upload.objects.create(
-                        user=user, name=name, state=enumerations.STATE_READY, upload_dir=spatial_files.dirname
-                    )
-                    upload.store_spatial_files = store_spatial_files
-
-                    # @todo settings for use_url or auto detection if geoserver is
-                    # on same host
-
-                    # Is it a regular file or an ImageMosaic?
-                    # if mosaic_time_regex and mosaic_time_value:
-                    if mosaic:  # we want to ingest as ImageMosaic
-                        target_store, files_to_upload = utils.import_imagemosaic_granules(
-                            spatial_files,
-                            append_to_mosaic_opts,
-                            append_to_mosaic_name,
-                            mosaic_time_regex,
-                            mosaic_time_value,
-                            time_presentation,
-                            time_presentation_res,
-                            time_presentation_default_value,
-                            time_presentation_reference_value,
-                        )
-                        upload.mosaic = mosaic
-                        upload.append_to_mosaic_opts = append_to_mosaic_opts
-                        upload.append_to_mosaic_name = append_to_mosaic_name
-                        upload.mosaic_time_regex = mosaic_time_regex
-                        upload.mosaic_time_value = mosaic_time_value
-                        # moving forward with a regular Importer session
-                        if len(files_to_upload) > 1:
-                            import_session = gs_uploader.upload_files(
-                                files_to_upload[1:],
-                                use_url=False,
-                                # import_id=next_id,
-                                target_store=target_store,
-                                charset_encoding=charset_encoding,
-                            )
-                        else:
-                            import_session = gs_uploader.upload_files(
-                                files_to_upload,
-                                use_url=False,
-                                # import_id=next_id,
-                                target_store=target_store,
-                                charset_encoding=charset_encoding,
-                            )
-                        next_id = import_session.id if import_session else None
-                        if not next_id:
-                            error_msg = "No valid Importer Session could be found"
-                    else:
-                        # moving forward with a regular Importer session
-                        import_session = gs_uploader.upload_files(
-                            files_to_upload,
-                            use_url=False,
-                            import_id=next_id,
-                            mosaic=False,
-                            target_store=target_store,
-                            name=name,
-                            charset_encoding=charset_encoding,
-                        )
-                        if ogc_server_settings.datastore_db and any(map(is_vector, files_to_upload)):
-                            target = create_geoserver_db_featurestore(
-                                store_name=ogc_server_settings.datastore_db["NAME"],
-                                workspace=settings.DEFAULT_WORKSPACE,
-                            )
-                            task = import_session.tasks[0]
-                            task.set_target(
-                                store_name=target_store or target.name, workspace=settings.DEFAULT_WORKSPACE
-                            )
-
-                    upload.import_id = import_session.id
-                    upload.save()
-
-                # any unrecognized tasks/files must be deleted or we can't proceed
-                import_session.delete_unrecognized_tasks()
-
-                if not mosaic:
-                    if not import_session.tasks:
-                        error_msg = "No valid upload files could be found"
-                if import_session.tasks:
-                    if import_session.tasks[0].state == "NO_FORMAT" or import_session.tasks[0].state == "BAD_FORMAT":
-                        error_msg = (
-                            "There may be a problem with the data provided - " "we could not identify its format"
-                        )
-                    elif import_session.tasks[0].state == "ERROR":
-                        task = import_session.tasks[0]
-                        error_msg = (
-                            "Unexpected error durng the GeoServer upload"
-                            "please check GeoServer logs for more information"
-                        )
-
-                if not mosaic and len(import_session.tasks) > 1:
-                    error_msg = "Only a single upload is supported at the moment"
-
-                if not error_msg and import_session.tasks:
-                    task = import_session.tasks[0]
-                    # single file tasks will have just a file entry
-                    if hasattr(task, "files"):
-                        # @todo gsimporter - test this
-                        if not all([hasattr(f, "timestamp") for f in task.source.files]):
-                            error_msg = (
-                                "Not all timestamps could be recognized."
-                                "Please ensure your files contain the correct formats."
-                            )
-
-                if error_msg:
-                    upload.set_processing_state(enumerations.STATE_INVALID)
-
-                # @todo once the random tmp9723481758915 type of name is not
-                # around, need to track the name computed above, for now, the
-                # target store name can be used
-            except Exception as e:
-                logger.exception(e)
-                raise e
-
-            if error_msg:
-                logger.exception(Exception(error_msg))
-                raise GeneralUploadException(detail=error_msg)
-            else:
-                _log("The File [%s] has been sent to GeoServer without errors.", name, level="debug")
-            return import_session, upload
-
-
-def time_step(
-    upload_session,
-    time_attribute,
-    time_transform_type,
-    presentation_strategy,
-    precision_value,
-    precision_step,
-    end_time_attribute=None,
-    end_time_transform_type=None,
-    end_time_format=None,
-    time_format=None,
-):
-    """
-    time_attribute - name of attribute to use as time
-
-    time_transform_type - name of transform. either
-    DateFormatTransform or IntegerFieldToDateTransform
-
-    time_format - optional string format
-    end_time_attribute - optional name of attribute to use as end time
-
-    end_time_transform_type - optional name of transform. either
-    DateFormatTransform or IntegerFieldToDateTransform
-
-    end_time_format - optional string format
-    presentation_strategy - LIST, DISCRETE_INTERVAL, CONTINUOUS_INTERVAL
-    precision_value - number
-    precision_step - year, month, day, week, etc.
-    """
-    import_session = upload_session.import_session
-    transforms = []
-
-    def build_time_transform(att, type, format, end_time_attribute, presentation_strategy):
-        trans = {"type": type, "field": att}
-        if format:
-            trans["format"] = format
-        if end_time_attribute:
-            trans["enddate"] = end_time_attribute
-        if presentation_strategy:
-            trans["presentation"] = presentation_strategy
-        return trans
-
-    def build_att_remap_transform(att):
-        # @todo the target is so ugly it should be obvious
-        return {
-            "type": "AttributeRemapTransform",
-            "field": att,
-            "target": "org.geotools.data.postgis.PostGISDialect$XDate",
-        }
-
-    use_big_date = getattr(settings, "USE_BIG_DATE", False)
-
-    if time_attribute:
-        if time_transform_type:
-            transforms.append(
-                build_time_transform(
-                    time_attribute, time_transform_type, time_format, end_time_attribute, presentation_strategy
-                )
-            )
-
-        # this must go after the remapping transform to ensure the
-        # type change is applied
-        if use_big_date:
-            transforms.append(build_att_remap_transform(time_attribute))
-            if end_time_attribute:
-                transforms.append(build_att_remap_transform(end_time_attribute))
-
-        transforms.append({"type": "CreateIndexTransform", "field": time_attribute})
-        # the time_info will be used in the last step to configure the
-        # layer in geoserver - the dict matches the arguments of the
-        # set_time_info helper function
-        upload_session.time_info = dict(
-            attribute=time_attribute,
-            end_attribute=end_time_attribute,
-            presentation=presentation_strategy,
-            precision_value=precision_value,
-            precision_step=precision_step,
-        )
-
-    if upload_session.time_transforms:
-        import_session.tasks[0].remove_transforms(upload_session.time_transforms)
-
-    if transforms:
-        _log(f"Setting transforms {transforms}")
-        import_session.tasks[0].add_transforms(transforms)
-        try:
-            upload_session.time_transforms = transforms
-            upload_session.time = True
-        except gsimporter.BadRequest as br:
-            logger.exception(br)
-            Upload.objects.invalidate_from_session(upload_session)
-            raise GeneralUploadException(detail=_("Error configuring time: ") + br)
-        import_session.tasks[0].save_transforms()
-    else:
-        upload_session.time = False
-    try:
-        import_session = import_session.reload()
-    except gsimporter.api.NotFound as e:
-        logger.exception(e)
-        Upload.objects.invalidate_from_session(upload_session)
-        raise GeneralUploadException(detail=_("The GeoServer Import Session is no more available ") + str(e))
-    upload_session.import_session = import_session
-    upload_session = Upload.objects.update_from_session(upload_session)
-
-
-def csv_step(upload_session, lat_field, lng_field):
-    import_session = upload_session.import_session
-    task = import_session.tasks[0]
-
-    transform = {
-        "type": "AttributesToPointGeometryTransform",
-        "latField": lat_field,
-        "lngField": lng_field,
-    }
-    task.remove_transforms([transform], by_field="type", save=False)
-    task.add_transforms([transform], save=False)
-    task.save_transforms()
-    try:
-        import_session = import_session.reload()
-    except gsimporter.api.NotFound as e:
-        logger.exception(e)
-        Upload.objects.invalidate_from_session(upload_session)
-        raise GeneralUploadException(detail=_("The GeoServer Import Session is no more available ") + str(e))
-    upload_session.import_session = import_session
-    upload_session = Upload.objects.update_from_session(upload_session)
-
-
-def srs_step(upload_session, source, target):
-    import_session = upload_session.import_session
-    task = import_session.tasks[0]
-    if source:
-        _log("Setting SRS to %s", source)
-        task.set_srs(source)
-
-    transform = {
-        "type": "ReprojectTransform",
-        "source": source,
-        "target": target,
-    }
-    task.remove_transforms([transform], by_field="type", save=False)
-    task.add_transforms([transform], save=False)
-    task.save_transforms()
-    try:
-        import_session = import_session.reload()
-    except gsimporter.api.NotFound as e:
-        logger.exception(e)
-        Upload.objects.invalidate_from_session(upload_session)
-        raise GeneralUploadException(detail=_("The GeoServer Import Session is no more available ") + str(e))
-    upload_session.import_session = import_session
-    upload_session = Upload.objects.update_from_session(upload_session)
-
-
-def final_step(upload_session, user, charset="UTF-8", dataset_id=None):
-    import_session = upload_session.import_session
-    if import_session:
-        import_id = import_session.id
-        saved_dataset = None
-        lock_id = f"final_step-{import_id}"
-        with AcquireLock(lock_id, blocking=True) as lock:
-            if lock.acquire() is True:
-                _upload = None
-                try:
-                    _upload = Upload.objects.get(import_id=import_id)
-                    saved_dataset = _upload.resource
-                except Exception as e:
-                    logger.exception(e)
-                    Upload.objects.invalidate_from_session(upload_session)
-                    raise GeneralUploadException(detail=_("The Upload Session is no more available ") + str(e))
-
-                _log(f"Reloading session {import_id} to check validity")
-                try:
-                    import_session = gs_uploader.get_session(import_id)
-                except gsimporter.api.NotFound as e:
-                    logger.exception(e)
-                    Upload.objects.invalidate_from_session(upload_session)
-                    raise GeneralUploadException(
-                        detail=_("The GeoServer Import Session is no more available ") + str(e)
-                    )
-
-                if import_session.tasks is None or len(import_session.tasks) == 0:
-                    return saved_dataset
-
-                task = import_session.tasks[0]
-                try:
-                    if charset:
-                        task.set_charset(charset)
-                except Exception as e:
-                    logger.exception(e)
-
-                # @todo see above in save_step, regarding computed unique name
-                name = task.layer.name
-                target = task.target
-                has_time = False
-                if upload_session.time and upload_session.time_info and upload_session.time_transforms:
-                    has_time = True
-
-                _vals = dict(
-                    title=upload_session.dataset_title,
-                    abstract=upload_session.dataset_abstract,
-                    alternate=task.get_target_layer_name(),
-                    store=target.name,
-                    name=task.layer.name,
-                    workspace=target.workspace_name,
-                    subtype=get_dataset_storetype(target.store_type)
-                    if not has_time
-                    else get_dataset_storetype("vectorTimeSeries"),
-                )
-
-                if saved_dataset:
-                    name = saved_dataset.get_real_instance().name
-
-                _log(f"Getting from catalog [{name}]")
-                try:
-                    # the importer chooses an available featuretype name late in the game need
-                    # to verify the resource.name otherwise things will fail.  This happens
-                    # when the same data is uploaded a second time and the default name is
-                    # chosen
-                    gs_catalog.get_layer(name)
-                except Exception:
-                    Upload.objects.invalidate_from_session(upload_session)
-                    raise LayerNotReady(_(f"Expected to find layer named '{name}' in geoserver"))
-
-                _tasks_ready = any([_task.state in ["READY"] for _task in import_session.tasks])
-                _tasks_failed = any(
-                    [_task.state in ["BAD_FORMAT", "ERROR", "CANCELED"] for _task in import_session.tasks]
-                )
-                _tasks_waiting = any(
-                    [_task.state in ["NO_CRS", "NO_BOUNDS", "NO_FORMAT"] for _task in import_session.tasks]
-                )
-
-                if (
-                    not saved_dataset
-                    and not (_tasks_failed or _tasks_waiting)
-                    and (
-                        import_session.state == enumerations.STATE_READY
-                        or (import_session.state == enumerations.STATE_PENDING and _tasks_ready)
-                    )
-                ):
-                    _log(
-                        f"final_step: Running Import Session {import_session.id} - target: {target.name} - alternate: {task.get_target_layer_name()}"
-                    )
-                    _log(f" -- session state: {import_session.state} - task state: {task.state}")
-
-                    utils.run_import(upload_session, async_upload=False)
-
-                    import_session = import_session.reload()
-                    task = import_session.tasks[0]
-                    name = task.layer.name
-                    target = task.target
-                    _vals["store"] = target.name
-                    _vals["name"] = task.layer.name
-                    _vals["workspace"] = target.workspace_name
-                    _vals["alternate"] = task.get_target_layer_name()
-                elif import_session.state == enumerations.STATE_INCOMPLETE and _tasks_failed:
-                    Upload.objects.invalidate_from_session(upload_session)
-                    raise GeneralUploadException(detail=f"Unknown Session task state: {task.state}")
-                try:
-                    import_session = gs_uploader.get_session(import_id)
-                except gsimporter.api.NotFound as e:
-                    logger.exception(e)
-                    Upload.objects.invalidate_from_session(upload_session)
-                    raise GeneralUploadException(
-                        detail=_("The GeoServer Import Session is no more available ") + str(e)
-                    )
-
-                upload_session.import_session = import_session.reload()
-                upload_session = Upload.objects.update_from_session(upload_session, resource=saved_dataset)
-
-                _tasks_failed = any(
-                    [_task.state in ["BAD_FORMAT", "ERROR", "CANCELED"] for _task in import_session.tasks]
-                )
-                _tasks_waiting = any(
-                    [_task.state in ["NO_CRS", "NO_BOUNDS", "NO_FORMAT"] for _task in import_session.tasks]
-                )
-
-                if import_session.state != enumerations.STATE_COMPLETE or _tasks_waiting or _tasks_failed:
-                    if import_session.state == enumerations.STATE_PENDING and _tasks_waiting:
-                        if any([_task.state == "NO_CRS" for _task in import_session.tasks]):
-                            _redirect_to = f"/upload/srs?id={import_session.id}"
-                            _upload.set_resume_url(_redirect_to)
-                            _upload.set_processing_state(enumerations.STATE_WAITING)
-                        elif _tasks_failed:
-                            _upload.set_processing_state(enumerations.STATE_INVALID)
-                    return None
-
-                _log(f"Creating Django record for [{name}]")
-                if Upload.objects.filter(import_id=import_id).exists():
-                    if Upload.objects.filter(import_id=import_id).count() > 1:
-                        Upload.objects.invalidate_from_session(upload_session)
-                        _cause = f"More than Upload Session associated to the Importer ID {import_id}"
-                        raise GeneralUploadException(detail=f"Import Session failed.{str(_cause)}")
-                    saved_dataset = Upload.objects.filter(import_id=import_id).get().resource
-
-                dataset_uuid = None
-
-                if saved_dataset:
-                    _vals["name"] = saved_dataset.get_real_instance().name
-                    _log(
-                        f"Django record for [{saved_dataset.get_real_instance().name}] already exists, updating with vals: {_vals}"
-                    )
-                    return resource_manager.update(saved_dataset.uuid, instance=saved_dataset, vals=_vals)
-                else:
-                    _log(f"Django record for [{name}] does not exist, creating with vals: {_vals}")
-
-                metadata_uploaded = False
-                xml_file = upload_session.base_file[0].xml_files
-                if xml_file and os.path.exists(xml_file[0]):
-                    try:
-                        # get model properties from XML
-                        # If it's contained within a zip, need to extract it
-                        if upload_session.base_file.archive:
-                            archive = upload_session.base_file.archive
-                            zf = zipfile.ZipFile(archive, "r", allowZip64=True)
-                            zf.extract(xml_file[0], os.path.dirname(archive))
-                            # Assign the absolute path to this file
-                            xml_file = f"{os.path.dirname(archive)}/{xml_file[0]}"
-
-                        # Sanity checks
-                        if isinstance(xml_file, list):
-                            if len(xml_file) > 0:
-                                xml_file = xml_file[0]
-                            else:
-                                xml_file = None
-                        elif not isinstance(xml_file, str):
-                            xml_file = None
-
-                        if xml_file and os.path.exists(xml_file[0]) and os.access(xml_file, os.R_OK):
-                            dataset_uuid, vals, regions, keywords, custom = parse_metadata(open(xml_file).read())
-                            metadata_uploaded = True
-                            _vals.update(vals)
-                    except Exception as e:
-                        Upload.objects.invalidate_from_session(upload_session)
-                        logger.exception(e)
-                        raise GeneralUploadException(
-                            detail=_("Exception occurred while parsing the provided Metadata file.") + str(e)
-                        )
-
-                # look for SLD
-                sld_file = upload_session.base_file[0].sld_files
-                sld_uploaded = False
-                if sld_file:
-                    # If it's contained within a zip, need to extract it
-                    if upload_session.base_file.archive:
-                        archive = upload_session.base_file.archive
-                        _log(f"using uploaded sld file from {archive}")
-                        zf = zipfile.ZipFile(archive, "r", allowZip64=True)
-                        zf.extract(sld_file[0], os.path.dirname(archive), path=upload_session.tempdir)
-                        # Assign the absolute path to this file
-                        sld_file[0] = f"{os.path.dirname(archive)}/{sld_file[0]}"
-                    else:
-                        _sld_file = f"{os.path.dirname(upload_session.tempdir)}/{os.path.basename(sld_file[0])}"
-                        _log(f"copying [{sld_file[0]}] to [{_sld_file}]")
-                        try:
-                            shutil.copyfile(sld_file[0], _sld_file)
-                            sld_file = _sld_file
-                        except (IsADirectoryError, shutil.SameFileError) as e:
-                            logger.exception(e)
-                            sld_file = sld_file[0]
-                        except Exception as e:
-                            logger.exception(e)
-                            raise GeneralUploadException(detail=_("Error uploading Dataset") + str(e))
-                    sld_uploaded = True
-                else:
-                    # get_files will not find the sld if it doesn't match the base name
-                    # so we've worked around that in the view - if provided, it will be here
-                    if upload_session.import_sld_file:
-                        _log("using provided sld file from importer")
-                        base_file = upload_session.base_file
-                        sld_file = base_file[0].sld_files[0]
-                    sld_uploaded = False
-                _log(f"[sld_uploaded: {sld_uploaded}] sld_file: {sld_file}")
-
-                # Make sure the layer does not exists already
-                if dataset_uuid and Dataset.objects.filter(uuid=dataset_uuid).count():
-                    Upload.objects.invalidate_from_session(upload_session)
-                    _log("The UUID identifier from the XML Metadata is already in use in this system.")
-                    raise GeneralUploadException(
-                        detail=_("The UUID identifier from the XML Metadata is already in use in this system.")
-                    )
-
-                # Is it a regular file or an ImageMosaic?
-                is_mosaic = False
-                has_time = has_elevation = False
-                start = end = None
-                if upload_session.mosaic_time_regex and upload_session.mosaic_time_value:
-                    has_time = True
-                    is_mosaic = True
-                    start = datetime.datetime.strptime(
-                        upload_session.mosaic_time_value, TIME_REGEX_FORMAT[upload_session.mosaic_time_regex]
-                    )
-                    start = pytz.utc.localize(start, is_dst=False)
-                    end = start
-                if upload_session.time and upload_session.time_info and upload_session.time_transforms:
-                    has_time = True
-
-                if upload_session.append_to_mosaic_opts:
-                    # Is it a mosaic or a granule that must be added to an Image Mosaic?
-                    saved_dataset_filter = Dataset.objects.filter(name=upload_session.append_to_mosaic_name)
-                    if not saved_dataset_filter.exists():
-                        try:
-                            saved_dataset = resource_manager.create(
-                                dataset_uuid,
-                                resource_type=Dataset,
-                                defaults=dict(
-                                    dirty_state=True,
-                                    state=enumerations.STATE_READY,
-                                    store=_vals.get("store"),
-                                    workspace=_vals.get("workspace"),
-                                    name=upload_session.append_to_mosaic_name,
-                                ),
-                            )
-                            created = True
-                        except IntegrityError as e:
-                            logger.exception(e)
-                            raise GeneralUploadException(
-                                detail=f"There's an incosistent Datasets on the DB for {task.layer.name}{str(e)}"
-                            )
-                    elif saved_dataset_filter.count() == 1:
-                        saved_dataset = saved_dataset_filter.get()
-                        created = False
-                    else:
-                        raise GeneralUploadException(
-                            detail=f"There's an incosistent number of Datasets on the DB for {upload_session.append_to_mosaic_name}"
-                        )
-                    saved_dataset.set_dirty_state()
-                    if saved_dataset.temporal_extent_start and end:
-                        if pytz.utc.localize(saved_dataset.temporal_extent_start, is_dst=False) < end:
-                            saved_dataset.temporal_extent_end = end
-                            Dataset.objects.filter(name=upload_session.append_to_mosaic_name).update(
-                                temporal_extent_end=end
-                            )
-                        else:
-                            saved_dataset.temporal_extent_start = end
-                            Dataset.objects.filter(name=upload_session.append_to_mosaic_name).update(
-                                temporal_extent_start=end
-                            )
-                else:
-                    # The dataset is a standard one, no mosaic options enabled...
-                    saved_dataset_filter = Dataset.objects.filter(
-                        store=_vals.get("store"), workspace=_vals.get("workspace"), name=_vals.get("name")
-                    )
-                    if not saved_dataset_filter.exists():
-                        try:
-                            files_list = []
-                            if upload_session.spatial_files_uploaded:
-                                files_list.append(upload_session.base_file.data[0].base_file)
-                                files_list.extend(upload_session.base_file.data[0].auxillary_files)
-                                files_list.extend(upload_session.base_file.data[0].sld_files)
-                                files_list.extend(upload_session.base_file.data[0].xml_files)
-                            saved_dataset = resource_manager.create(
-                                dataset_uuid,
-                                resource_type=Dataset,
-                                defaults=dict(
-                                    store=_vals.get("store"),
-                                    subtype=_vals.get("subtype"),
-                                    alternate=_vals.get("alternate"),
-                                    workspace=_vals.get("workspace"),
-                                    title=_vals.get("title"),
-                                    name=_vals.get("name"),
-                                    abstract=_vals.get("abstract", _("No abstract provided")),
-                                    owner=user,
-                                    dirty_state=True,
-                                    state=enumerations.STATE_READY,
-                                    temporal_extent_start=start,
-                                    temporal_extent_end=end,
-                                    is_mosaic=is_mosaic,
-                                    has_time=has_time,
-                                    has_elevation=has_elevation,
-                                    files=files_list,
-                                    time_regex=upload_session.mosaic_time_regex,
-                                ),
-                            )
-                            created = True
-                        except IntegrityError as e:
-                            logger.exception(e)
-                            raise GeneralUploadException(
-                                detail=f"There's an incosistent Datasets on the DB for {task.layer.name}{str(e)}"
-                            )
-                    elif saved_dataset_filter.count() == 1:
-                        saved_dataset = saved_dataset_filter.get()
-                        created = False
-                    else:
-                        raise GeneralUploadException(
-                            detail=f"There's an incosistent number of Datasets on the DB for {task.layer.name}"
-                        )
-
-                assert saved_dataset
-
-                # Hide the dataset until the upload process finishes...
-                saved_dataset.set_processing_state(enumerations.STATE_RUNNING)
-                saved_dataset.set_dirty_state()
-                _log(f" -- Finalizing Upload for {saved_dataset}... {saved_dataset.state}")
-
-                # Update the state from session...
-                upload_session = Upload.objects.update_from_session(upload_session, resource=saved_dataset)
-
-                # Finalize the upload...
-                # Set default permissions on the newly created layer and send notifications
-                permissions = upload_session.permissions
-
-                # Finalize Upload
-                try:
-                    with transaction.atomic():
-                        resource_manager.set_permissions(
-                            None, instance=saved_dataset, permissions=permissions, created=created
-                        )
-                        resource_manager.exec(
-                            "set_time_info", None, instance=saved_dataset, time_info=upload_session.time_info
-                        )
-                        saved_dataset.refresh_from_db()
-                        resource_manager.update(
-                            None, instance=saved_dataset, xml_file=xml_file, metadata_uploaded=metadata_uploaded
-                        )
-                        resource_manager.exec(
-                            "set_style",
-                            None,
-                            instance=saved_dataset,
-                            sld_uploaded=sld_uploaded,
-                            sld_file=sld_file,
-                            tempdir=upload_session.tempdir,
-                        )
-                        resource_manager.set_thumbnail(None, instance=saved_dataset)
-
-                        Upload.objects.filter(resource=saved_dataset).update(complete=True)
-                        [
-                            u.set_processing_state(enumerations.STATE_PROCESSED)
-                            for u in Upload.objects.filter(resource=saved_dataset)
-                        ]
-                except Exception as e:
-                    logger.exception(e)
-                    Upload.objects.filter(resource=saved_dataset).update(complete=False)
-                    [
-                        u.set_processing_state(enumerations.STATE_INVALID)
-                        for u in Upload.objects.filter(resource=saved_dataset)
-                    ]
-                finally:
-                    _log(f" -- Upload completed for {saved_dataset}... {saved_dataset.state}")
-
-    return saved_dataset
diff --git a/geonode/upload/upload_preprocessing.py b/geonode/upload/upload_preprocessing.py
deleted file mode 100644
index ad3ea584853..00000000000
--- a/geonode/upload/upload_preprocessing.py
+++ /dev/null
@@ -1,116 +0,0 @@
-#########################################################################
-#
-# Copyright (C) 2018 OSGeo
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-#########################################################################
-
-"""Tools for dealing with preprocessing operations in the upload process
-
-These functions are executed before the data is sent to geoserver. They're
-main purpose is to prepare the data so that it can be ingested.
-
-"""
-
-from collections import namedtuple
-import logging
-import os.path
-import subprocess
-
-from .files import get_type
-from .utils import get_kml_doc
-
-logger = logging.getLogger(__name__)
-
-GdalBoundingBox = namedtuple(
-    "GdalBoundingBox",
-    [
-        "ulx",
-        "uly",
-        "lrx",
-        "lry",
-    ],
-)
-
-
-def convert_kml_ground_overlay_to_geotiff(kml_path, other_file_path):
-    """Write a geotiff file to disk from the provided kml and image
-
-    KML files that specify GroundOverlay as their type are accompanied by a
-    raster file. Since there is no direct support in geoserver for this type
-    of KML, we extract the relevant information from the KML file and convert
-    the raster file to a geotiff.
-
-    """
-
-    with open(kml_path) as kml_handler:
-        kml_bytes = kml_handler.read()
-    kml_doc, namespaces = get_kml_doc(kml_bytes)
-    bbox = GdalBoundingBox(
-        ulx=_extract_bbox_param(kml_doc, namespaces, "west"),
-        uly=_extract_bbox_param(kml_doc, namespaces, "north"),
-        lrx=_extract_bbox_param(kml_doc, namespaces, "east"),
-        lry=_extract_bbox_param(kml_doc, namespaces, "south"),
-    )
-    dirname, basename = os.path.split(other_file_path)
-    output_path = os.path.join(dirname, ".".join((os.path.splitext(basename)[0], "tif")))
-    command = [
-        "gdal_translate",
-        "-of",
-        "GTiff",
-        "-a_srs",
-        "EPSG:4326",  # KML format always uses EPSG:4326
-        "-a_ullr",
-        bbox.ulx,
-        bbox.uly,
-        bbox.lrx,
-        bbox.lry,
-        other_file_path,
-        output_path,
-    ]
-    subprocess.check_output(command)
-    return output_path
-
-
-def preprocess_files(spatial_files):
-    """Pre-process the input spatial files.
-
-    This function is used during the upload workflow. It is called before the
-    data is sent to geoserver, thus providing a hook to perform custom
-    pre-processing for specific types of files.
-
-    :arg spatial_files: The files that are about to be uploaded to geoserver
-    :type spatial_files: geonode.upload.files.SpatialFiles
-    :returns: A list with the paths of the pre-processed files
-
-    """
-
-    result = []
-    for spatial_file in spatial_files:
-        if spatial_file.file_type == get_type("KML Ground Overlay"):
-            auxillary_file = spatial_file.auxillary_files[0] if len(spatial_file.auxillary_files) > 0 else None
-            preprocessed = convert_kml_ground_overlay_to_geotiff(spatial_file.base_file, auxillary_file)
-            result.append(preprocessed)
-        else:
-            result.extend(spatial_file.all_files())
-    if spatial_files.archive is not None:
-        result.append(spatial_files.archive)
-    return result
-
-
-def _extract_bbox_param(kml_doc, namespaces, param):
-    return kml_doc.xpath("kml:Document/kml:GroundOverlay/kml:LatLonBox/" f"kml:{param}/text()", namespaces=namespaces)[
-        0
-    ]
diff --git a/geonode/upload/urls.py b/geonode/upload/urls.py
index 9c5b2306e1b..f65777f2b9e 100644
--- a/geonode/upload/urls.py
+++ b/geonode/upload/urls.py
@@ -21,8 +21,6 @@
 from . import views
 
 urlpatterns = [  # 'geonode.upload.views',
-    url(r"^progress$", views.data_upload_progress, name="data_upload_progress"),
-    url(r"^(?P<step>\w+)?$", views.view, name="data_upload"),
     url(r"^delete/(?P<id>\d+)?$", views.delete, name="data_upload_delete"),
     url(r"^", include("geonode.upload.api.urls")),
 ]
diff --git a/geonode/upload/utils.py b/geonode/upload/utils.py
index 2f230d38052..d81f63e9ba5 100644
--- a/geonode/upload/utils.py
+++ b/geonode/upload/utils.py
@@ -30,10 +30,9 @@
 
 from django.conf import settings
 from django.urls import reverse
-from django.shortcuts import render
 from django.core.exceptions import ObjectDoesNotExist
 from django.utils.translation import ugettext as _
-from django.http import HttpResponse, HttpResponseRedirect
+from django.http import HttpResponse
 from django.template.defaultfilters import filesizeformat
 
 from geoserver.catalog import FailedRequestError, ConflictingDataError
@@ -43,7 +42,7 @@
     GeneralUploadException,
     UploadParallelismLimitException,
 )
-from geonode.upload.models import Upload, UploadSizeLimit, UploadParallelismLimit
+from geonode.upload.models import UploadSizeLimit, UploadParallelismLimit
 from geonode.utils import json_response as do_json_response, unzip_file, mkdtemp
 from geonode.geoserver.helpers import (
     gs_catalog,
@@ -52,6 +51,7 @@
     get_store,
     set_time_dimension,
 )  # mosaic_delete_first_granule
+from geonode.resource.models import ExecutionRequest
 
 ogr.UseExceptions()
 
@@ -235,19 +235,6 @@ def get_next_step(upload_session, offset=1):
     return pages[max(min(len(pages) - 1, index + offset), 0)]
 
 
-def get_previous_step(upload_session, post_to):
-    assert upload_session.upload_type is not None
-
-    pages = _pages[upload_session.upload_type]
-    if post_to == "undefined":
-        post_to = "final"
-    index = pages.index(post_to) - 1
-
-    if index < 0:
-        return "save"
-    return pages[index]
-
-
 def _advance_step(req, upload_session):
     if upload_session.completed_step != "error":
         upload_session.completed_step = get_next_step(upload_session)
@@ -255,190 +242,10 @@ def _advance_step(req, upload_session):
         return "error"
 
 
-def next_step_response(req, upload_session, force_ajax=True):
-    _force_ajax = "&force_ajax=true" if req and force_ajax and "force_ajax" not in req.GET else ""
-    if not upload_session:
-        return json_response(
-            {
-                "status": "error",
-                "success": False,
-                "id": None,
-                "error_msg": "No Upload Session provided.",
-            }
-        )
-
-    import_session = upload_session.import_session
-    # if the current step is the view POST for this step, advance one
-    if req and req.method == "POST":
-        if upload_session.completed_step:
-            _advance_step(req, upload_session)
-        else:
-            upload_session.completed_step = "save"
-
-    next = get_next_step(upload_session)
-
-    if next == "error":
-        return json_response(
-            {
-                "status": "error",
-                "success": False,
-                "id": import_session.id,
-                "error_msg": str(upload_session.error_msg),
-            }
-        )
-
-    if next == "check" and import_session.tasks:
-        store_type = import_session.tasks[0].target.store_type
-        if store_type == "coverageStore" or _force_ajax:
-            # @TODO we skip time steps for coverages currently
-            upload_session.completed_step = "check"
-            return next_step_response(req, upload_session, force_ajax=True)
-        if force_ajax:
-            url = f"{reverse('data_upload')}?id={import_session.id}"
-            return json_response(
-                {
-                    "url": url,
-                    "status": "incomplete",
-                    "success": True,
-                    "id": import_session.id,
-                    "redirect_to": f"{settings.SITEURL}upload/check?id={import_session.id}{_force_ajax}",
-                }
-            )
-
-    if next == "time" and import_session.tasks:
-        store_type = import_session.tasks[0].target.store_type
-        layer = import_session.tasks[0].layer
-        (has_time_dim, dataset_values) = dataset_eligible_for_time_dimension(req, layer, upload_session=upload_session)
-        if store_type == "coverageStore" or not has_time_dim:
-            # @TODO we skip time steps for coverages currently
-            upload_session.completed_step = "time"
-            return next_step_response(req, upload_session, False)
-        if upload_session.time is None or not upload_session.time:
-            upload_session.completed_step = "time"
-        if force_ajax:
-            url = f"{reverse('data_upload')}?id={import_session.id}"
-            return json_response(
-                {
-                    "url": url,
-                    "status": "incomplete",
-                    "required_input": has_time_dim,
-                    "success": True,
-                    "id": import_session.id,
-                    "redirect_to": f"{settings.SITEURL}upload/time?id={import_session.id}{_force_ajax}",
-                }
-            )
-        else:
-            return next_step_response(req, upload_session, force_ajax)
-
-    if next == "mosaic" and force_ajax:
-        url = f"{reverse('data_upload')}?id={import_session.id}"
-        return json_response(
-            {
-                "url": url,
-                "status": "incomplete",
-                "required_input": len(_force_ajax) == 0,
-                "success": True,
-                "id": import_session.id,
-                "redirect_to": f"{settings.SITEURL}upload/mosaic?id={import_session.id}{_force_ajax}",
-            }
-        )
-
-    if next == "srs" and force_ajax:
-        url = f"{reverse('data_upload')}?id={import_session.id}"
-        return json_response(
-            {
-                "url": url,
-                "status": "incomplete",
-                "required_input": len(_force_ajax) == 0,
-                "success": True,
-                "id": import_session.id,
-                "redirect_to": f"{settings.SITEURL}upload/srs?id={import_session.id}{_force_ajax}",
-            }
-        )
-
-    if next == "csv" and force_ajax:
-        url = f"{reverse('data_upload')}?id={import_session.id}"
-        return json_response(
-            {
-                "url": url,
-                "status": "incomplete",
-                "required_input": len(_force_ajax) == 0,
-                "success": True,
-                "id": import_session.id,
-                "redirect_to": f"{settings.SITEURL}upload/csv?id={import_session.id}{_force_ajax}",
-            }
-        )
-
-    # @todo this is not handled cleanly - run is not a real step in that it
-    # has no corresponding view served by the 'view' function.
-    if next == "run" and import_session.tasks:
-        upload_session.completed_step = next
-        if (_ASYNC_UPLOAD and not req) or (req and req.is_ajax()):
-            return run_response(req, upload_session)
-        else:
-            # on sync we want to run the import and advance to the next step
-            run_import(upload_session, async_upload=False)
-            return next_step_response(req, upload_session, force_ajax=force_ajax)
-    session_id = None
-    if req and "id" in req.GET:
-        session_id = f"?id={req.GET['id']}"
-    elif import_session and import_session.id:
-        session_id = f"?id={import_session.id}"
-
-    if req and req.is_ajax() or force_ajax:
-        content_type = "text/html" if req and not req.is_ajax() else None
-        if session_id:
-            return json_response(
-                redirect_to=reverse("data_upload", args=[next]) + session_id, content_type=content_type
-            )
-        else:
-            return json_response(url=reverse("data_upload", args=[next]), content_type=content_type)
-
-    return HttpResponseRedirect(reverse("data_upload", args=[next]))
-
-
-def is_latitude(colname):
-    return any([_l in colname.lower() for _l in _latitude_names])
-
-
-def is_longitude(colname):
-    return any([_l in colname.lower() for _l in _longitude_names])
-
-
 def is_async_step(upload_session):
     return _ASYNC_UPLOAD and get_next_step(upload_session, offset=2) == "run"
 
 
-def check_import_session_is_valid(request, upload_session, import_session):
-    # check for failing Import Session and Import Tasks
-    assert import_session is not None
-    assert len(import_session.tasks) > 0
-
-    for task in import_session.tasks:
-        if task.state == "ERROR":
-            progress = task.get_progress()
-            upload_session.completed_step = "error"
-            upload_session.error_msg = progress.get("message")
-            return None
-
-    # check for invalid attribute names
-    store_type = import_session.tasks[0].target.store_type
-    if store_type == "dataStore":
-        try:
-            layer = import_session.tasks[0].layer
-            invalid = [a for a in layer.attributes if str(a.name).find(" ") >= 0]
-            if invalid:
-                att_list = f"<pre>{'. '.join([a.name for a in invalid])}</pre>"
-                msg = f"Attributes with spaces are not supported : {att_list}"
-                upload_session.completed_step = "error"
-                upload_session.error_msg = msg
-            return layer
-        except Exception as e:
-            return render(request, "upload/dataset_upload_error.html", context={"error_msg": str(e)})
-    elif store_type == "coverageStore":
-        return True
-
-
 def _get_time_dimensions(layer, upload_session, values=None):
     date_time_keywords = ["date", "time", "year", "create", "end", "last", "update", "expire", "enddate"]
 
@@ -582,16 +389,6 @@ def progress_redirect(step, upload_id):
     )
 
 
-def run_response(req, upload_session):
-    run_import(upload_session)
-
-    if _ASYNC_UPLOAD:
-        next = get_next_step(upload_session)
-        return progress_redirect(next, upload_session.import_session.id)
-
-    return next_step_response(req, upload_session)
-
-
 def get_max_upload_size(slug):
     try:
         max_size = UploadSizeLimit.objects.get(slug=slug).max_size
@@ -894,4 +691,14 @@ def _get_max_parallel_uploads(self):
         return parallelism_limit.max_number
 
     def _get_parallel_uploads_count(self):
-        return Upload.objects.get_incomplete_uploads(self.user).count()
+        """
+        Count the total layers that are part of the running import
+        """
+        return sum(
+            filter(
+                None,
+                ExecutionRequest.objects.filter(
+                    user=self.user, status__in=[ExecutionRequest.STATUS_RUNNING, ExecutionRequest.STATUS_READY]
+                ).values_list("input_params__total_layers", flat=True),
+            )
+        )
diff --git a/geonode/upload/views.py b/geonode/upload/views.py
index b707c5d52cd..691e105b871 100644
--- a/geonode/upload/views.py
+++ b/geonode/upload/views.py
@@ -31,693 +31,17 @@
 State is stored in a UploaderSession object stored in the user's session.
 This needs to be made more stateful by adding a model.
 """
-import os
-import re
-import json
 import logging
-import gsimporter
-import traceback
-from http.client import BadStatusLine
-
-from django.conf import settings
-from django.shortcuts import render
-from django.utils.html import escape
 from django.shortcuts import get_object_or_404
 from django.core.exceptions import PermissionDenied
-from django.utils.translation import ugettext_lazy as _
 from django.contrib.auth.decorators import login_required
 
-from geonode.base import enumerations
-from geonode.layers.models import Dataset
-from geonode.base.models import Configuration
-from geonode.upload.api.exceptions import GeneralUploadException
-from rest_framework.exceptions import APIException, AuthenticationFailed
-from geonode.decorators import logged_in_or_basicauth
-
-from geonode.base import register_event
-from geonode.monitoring.models import EventType
-
-from geonode.geoserver.helpers import select_relevant_files
-from .forms import LayerUploadForm, SRSForm, TimeForm
 from .models import Upload
-from .files import get_scan_hint, scan_file
-from .utils import (
-    _ALLOW_TIME_STEP,
-    _SUPPORTED_CRS,
-    _geoserver_down_error_msg,
-    _get_time_dimensions,
-    check_import_session_is_valid,
-    is_async_step,
-    is_latitude,
-    is_longitude,
-    json_response,
-    get_previous_step,
-    dataset_eligible_for_time_dimension,
-    next_step_response,
-)
-from .upload import save_step, srs_step, time_step, csv_step, final_step, LayerNotReady, UploaderSession
+from .utils import json_response
 
 logger = logging.getLogger(__name__)
 
 
-def _log(msg, *args, level="error"):
-    # this logger is used also for debug purpose with error level
-    getattr(logger, level)(msg, *args)
-
-
-def _get_upload_session(req):
-    upload_session = None
-    if "id" in req.GET:
-        upload_id = str(req.GET["id"])
-        upload_obj = get_object_or_404(Upload, import_id=upload_id, user=req.user)
-        upload_session = upload_obj.get_session
-    return upload_session
-
-
-def data_upload_progress(req):
-    """This would not be needed if geoserver REST did not require admin role
-    and is an inefficient way of getting this information"""
-    upload_session = _get_upload_session(req)
-
-    if upload_session:
-        import_session = upload_session.import_session
-        try:
-            progress = import_session.tasks[0].get_progress()
-            return json_response(progress)
-        except Exception:
-            pass
-
-    return json_response({"state": "NONE"})
-
-
-def save_step_view(req, session):
-    form = LayerUploadForm(req.POST, req.FILES, user=req.user)
-
-    overwrite = req.path_info.endswith("/replace")
-    target_store = None
-    if form.is_valid():
-        logger.debug(f"valid_extensions: {form.cleaned_data['valid_extensions']}")
-        data_retriever = form.cleaned_data["data_retriever"]
-        relevant_files = select_relevant_files(
-            form.cleaned_data["valid_extensions"], data_retriever.get_paths(allow_transfer=False).values()
-        )
-        logger.debug(f"relevant_files: {relevant_files}")
-        base_file = data_retriever.get("base_file").get_path(allow_transfer=False)
-        name, ext = os.path.splitext(os.path.basename(base_file))
-        logger.debug(f"Name: {name}, ext: {ext}")
-        logger.debug(f"base_file: {base_file}")
-        spatial_files = scan_file(base_file, scan_hint=None, charset=form.cleaned_data["charset"])
-        logger.debug(f"spatial_files: {spatial_files}")
-
-        if overwrite:
-            dataset = Dataset.objects.filter(id=req.GET["dataset_id"])
-            if dataset.exists():
-                name = dataset.first().name
-                target_store = dataset.first().store
-
-        import_session, upload = save_step(
-            req.user,
-            name,
-            spatial_files,
-            overwrite=overwrite,
-            store_spatial_files=form.cleaned_data.get("store_spatial_files", True),
-            mosaic=form.cleaned_data["mosaic"] or get_scan_hint(form.cleaned_data["valid_extensions"]) == "zip-mosaic",
-            append_to_mosaic_opts=form.cleaned_data["append_to_mosaic_opts"],
-            append_to_mosaic_name=form.cleaned_data["append_to_mosaic_name"],
-            mosaic_time_regex=form.cleaned_data["mosaic_time_regex"],
-            mosaic_time_value=form.cleaned_data["mosaic_time_value"],
-            time_presentation=form.cleaned_data["time_presentation"],
-            time_presentation_res=form.cleaned_data["time_presentation_res"],
-            time_presentation_default_value=form.cleaned_data["time_presentation_default_value"],
-            time_presentation_reference_value=form.cleaned_data["time_presentation_reference_value"],
-            charset_encoding=form.cleaned_data["charset"],
-            target_store=target_store,
-        )
-
-        if upload and import_session and import_session.state in (enumerations.STATE_READY, enumerations.STATE_PENDING):
-            import_session.tasks[0].set_charset(form.cleaned_data["charset"])
-            sld = None
-            if spatial_files[0].sld_files:
-                sld = spatial_files[0].sld_files[0]
-
-            _log(f"provided sld is {sld}")
-            # upload_type = get_upload_type(base_file)
-            upload_session = UploaderSession(
-                tempdir=data_retriever.temporary_folder,
-                base_file=spatial_files,
-                name=upload.name,
-                charset=form.cleaned_data["charset"],
-                import_session=import_session,
-                dataset_abstract=form.cleaned_data["abstract"],
-                dataset_title=form.cleaned_data["dataset_title"],
-                permissions=form.cleaned_data["permissions"],
-                import_sld_file=sld,
-                spatial_files_uploaded=form.cleaned_data["uploaded"],
-                upload_type=spatial_files[0].file_type.code,
-                time=form.cleaned_data["time"],
-                mosaic=form.cleaned_data["mosaic"],
-                append_to_mosaic_opts=form.cleaned_data["append_to_mosaic_opts"],
-                append_to_mosaic_name=form.cleaned_data["append_to_mosaic_name"],
-                mosaic_time_regex=form.cleaned_data["mosaic_time_regex"],
-                mosaic_time_value=form.cleaned_data["mosaic_time_value"],
-                user=upload.user,
-            )
-            Upload.objects.update_from_session(upload_session)
-            return next_step_response(req, upload_session, force_ajax=True)
-        return next_step_response(req, None, force_ajax=True)
-    else:
-        if hasattr(form, "data_retriever"):
-            form.data_retriever.delete_files()
-        errors = []
-        for e in form.errors.values():
-            errors.extend([escape(v) for v in e])
-        raise GeneralUploadException(detail=errors)
-
-
-def srs_step_view(request, upload_session):
-    if not upload_session:
-        upload_session = _get_upload_session(request)
-    import_session = upload_session.import_session
-    assert import_session is not None
-
-    # form errors to display to user
-    error = None
-    native_crs = None
-    _crs_already_configured = False
-
-    form = SRSForm()
-    for task in import_session.tasks:
-        # CRS missing/unknown
-        if task.state == "NO_CRS":
-            native_crs = task.layer.srs
-        else:
-            _crs_already_configured = True
-        if form:
-            name = task.layer.name
-
-    force_ajax = (
-        "&force_ajax=true" if request and "force_ajax" in request.GET and request.GET["force_ajax"] == "true" else ""
-    )
-    if request.method == "GET":
-        if not force_ajax:
-            # layer = check_import_session_is_valid(
-            #     request, upload_session, import_session)
-
-            if not _crs_already_configured:
-                context = dict(
-                    form=form,
-                    supported_crs=_SUPPORTED_CRS,
-                    async_upload=False,
-                    native_crs=native_crs or None,
-                    dataset_name=name,
-                    error=error,
-                )
-                return render(request, "upload/dataset_upload_crs.html", context=context)
-        if _crs_already_configured:
-            upload_session.completed_step = "srs"
-        return next_step_response(request, upload_session)
-    elif request.method != "POST":
-        raise Exception("405 Method Not Allowed")
-
-    source = request.POST.get("source", "")
-    target = request.POST.get("target", "")
-    if not source:
-        error = "Source SRS is mandatory. Please insert an EPSG code (e.g.: EPSG:4326)."
-    elif not re.search(r"\:", source) and re.search(r"EPSG", source):
-        source = re.sub(r"(EPSG)", r"EPSG:", source)
-
-    if not error:
-        if not source.startswith("EPSG:"):
-            error = "Source SRS is not valid. Please insert a valid EPSG code (e.g.: EPSG:4326)."
-        else:
-            if not target:
-                target = source
-            elif not re.search(r"\:", target) and re.search(r"EPSG", target):
-                target = re.sub(r"(EPSG)", r"EPSG:", target)
-
-            if not target.startswith("EPSG:"):
-                error = "Target SRS is not valid. Please insert a valid EPSG code (e.g.: EPSG:4326)."
-            else:
-                srs_step(upload_session, source, target)
-                return next_step_response(request, upload_session)
-
-    if error:
-        return json_response(
-            {
-                "status": "error",
-                "success": False,
-                "id": upload_session.import_session.id,
-                "error_msg": f"{error}",
-            }
-        )
-    else:
-        upload_session.completed_step = "srs"
-
-    return next_step_response(request, upload_session)
-
-
-def csv_step_view(request, upload_session):
-    if not upload_session:
-        upload_session = _get_upload_session(request)
-    import_session = upload_session.import_session
-    assert import_session is not None
-
-    # form errors to display to user
-    error = None
-
-    # need to check if geometry is found
-    # if so, can proceed directly to next step
-    attributes = import_session.tasks[0].layer.attributes
-    for attr in attributes:
-        if attr.binding == "com.vividsolutions.jts.geom.Point":
-            upload_session.completed_step = "csv"
-            return next_step_response(request, upload_session)
-
-    # no geometry found, let's find all the numerical columns
-    number_names = ["java.lang.Integer", "java.lang.Double"]
-    point_candidates = sorted([attr.name for attr in attributes if attr.binding in number_names])
-
-    lat_field = request.POST.get("lat", "")
-    lng_field = request.POST.get("lng", "")
-
-    force_ajax = (
-        "&force_ajax=true" if request and "force_ajax" in request.GET and request.GET["force_ajax"] == "true" else ""
-    )
-    if request.method == "GET":
-        if not force_ajax:
-            # layer = check_import_session_is_valid(
-            #     request, upload_session, import_session)
-
-            # try to guess the lat/lng fields from the candidates
-            lat_candidate = None
-            lng_candidate = None
-            non_str_in_headers = []
-            for candidate in attributes:
-                if not isinstance(candidate.name, str):
-                    non_str_in_headers.append(str(candidate.name))
-                if is_latitude(candidate.name):
-                    lat_candidate = candidate.name
-                    if lat_candidate and lat_candidate not in point_candidates:
-                        point_candidates.append(lat_candidate)
-                elif is_longitude(candidate.name):
-                    lng_candidate = candidate.name
-                    if lng_candidate and lng_candidate not in point_candidates:
-                        point_candidates.append(lng_candidate)
-            if request.method == "POST":
-                guessed_lat_or_lng = False
-                selected_lat = lat_field
-                selected_lng = lng_field
-            else:
-                guessed_lat_or_lng = bool(lat_candidate or lng_candidate)
-                selected_lat = lat_candidate
-                selected_lng = lng_candidate
-            present_choices = len(point_candidates) >= 2
-            possible_data_problems = None
-            if non_str_in_headers:
-                possible_data_problems = (
-                    "There are some suspicious column names in your data. "
-                    "Did you provide column names in the header? The following names look wrong: "
-                )
-                possible_data_problems += ",".join(non_str_in_headers)
-
-            context = dict(
-                present_choices=present_choices,
-                point_candidates=point_candidates,
-                async_upload=False,
-                selected_lat=selected_lat,
-                selected_lng=selected_lng,
-                guessed_lat_or_lng=guessed_lat_or_lng,
-                dataset_name=import_session.tasks[0].layer.name,
-                error=error,
-                possible_data_problems=possible_data_problems,
-            )
-            return render(request, "upload/dataset_upload_csv.html", context=context)
-        return next_step_response(request, upload_session)
-    elif request.method == "POST":
-        if not lat_field or not lng_field:
-            error = "Please choose which columns contain the latitude and longitude data."
-        # elif (lat_field not in point_candidates or
-        #       lng_field not in point_candidates):
-        #     error = 'Invalid latitude/longitude columns'
-        elif lat_field == lng_field:
-            error = "You cannot select the same column for latitude and longitude data."
-
-        if error:
-            return json_response(
-                {
-                    "status": "error",
-                    "success": False,
-                    "id": upload_session.import_session.id,
-                    "error_msg": f"{error}",
-                }
-            )
-        else:
-            csv_step(upload_session, lat_field, lng_field)
-            return next_step_response(request, upload_session)
-    elif request.method != "POST":
-        raise Exception()
-
-
-def check_step_view(request, upload_session):
-    if not upload_session:
-        upload_session = _get_upload_session(request)
-    import_session = upload_session.import_session
-    assert import_session is not None
-
-    if request.method == "GET":
-        layer = check_import_session_is_valid(request, upload_session, import_session)
-        if upload_session.completed_step != "error":
-            if not layer:
-                upload_session.completed_step = "error"
-                upload_session.error_msg = "Could not access/read the uploaded file!"
-            else:
-                (has_time_dim, dataset_values) = dataset_eligible_for_time_dimension(
-                    request, import_session.tasks[0].layer, upload_session=upload_session
-                )
-                if has_time_dim:
-                    upload_session.completed_step = "check"
-                else:
-                    # This command skip completely 'time' configuration
-                    upload_session.completed_step = "time" if _ALLOW_TIME_STEP else "check"
-    elif request.method != "POST":
-        raise Exception()
-    return next_step_response(request, upload_session)
-
-
-def create_time_form(request, upload_session, form_data):
-    if not upload_session:
-        upload_session = _get_upload_session(request)
-    feature_type = upload_session.import_session.tasks[0].layer
-
-    (has_time, dataset_values) = dataset_eligible_for_time_dimension(
-        request, feature_type, upload_session=upload_session
-    )
-    att_list = []
-    if has_time:
-        att_list = _get_time_dimensions(feature_type, upload_session)
-    else:
-        att_list = [{"name": a.name, "binding": a.binding} for a in feature_type.attributes]
-
-    def filter_type(b):
-        return [att["name"] for att in att_list if b in att["binding"]]
-
-    args = dict(
-        time_names=filter_type("Date"),
-        text_names=filter_type("String"),
-        year_names=filter_type("Integer") + filter_type("Long") + filter_type("Double"),
-    )
-    if form_data:
-        return TimeForm(form_data, **args)
-    return TimeForm(**args)
-
-
-def time_step_view(request, upload_session):
-    if not upload_session:
-        upload_session = _get_upload_session(request)
-    import_session = upload_session.import_session
-    assert import_session is not None
-
-    force_ajax = (
-        "&force_ajax=true" if request and "force_ajax" in request.GET and request.GET["force_ajax"] == "true" else ""
-    )
-    if request.method == "GET":
-        layer = check_import_session_is_valid(request, upload_session, import_session)
-        if layer:
-            (has_time_dim, dataset_values) = dataset_eligible_for_time_dimension(
-                request, layer, upload_session=upload_session
-            )
-            if has_time_dim and dataset_values:
-                upload_session.completed_step = "check"
-                if not force_ajax:
-                    context = {
-                        "time_form": create_time_form(request, upload_session, None),
-                        "dataset_name": layer.name,
-                        "dataset_values": dataset_values,
-                        "dataset_attributes": list(dataset_values[0].keys()),
-                        "async_upload": is_async_step(upload_session),
-                    }
-                    return render(request, "upload/dataset_upload_time.html", context=context)
-            else:
-                upload_session.completed_step = "time" if _ALLOW_TIME_STEP else "check"
-        return next_step_response(request, upload_session)
-    elif request.method != "POST":
-        raise Exception()
-
-    form = create_time_form(request, upload_session, request.POST)
-    if not form.is_valid():
-        logger.exception("Invalid upload form: %s", form.errors)
-        raise GeneralUploadException(detail="Invalid Submission")
-
-    cleaned = form.cleaned_data
-    start_attribute_and_type = cleaned.get("start_attribute", None)
-    if upload_session.time_transforms:
-        upload_session.import_session.tasks[0].remove_transforms(upload_session.time_transforms, save=True)
-        upload_session.import_session.tasks[0].save_transforms()
-        upload_session.time_transforms = None
-
-    if upload_session.import_session.tasks[0].transforms:
-        for transform in upload_session.import_session.tasks[0].transforms:
-            if "type" in transform and (
-                str(transform["type"]) == "DateFormatTransform" or str(transform["type"]) == "CreateIndexTransform"
-            ):
-                upload_session.import_session.tasks[0].remove_transforms([transform], save=True)
-                upload_session.import_session.tasks[0].save_transforms()
-
-    try:
-        upload_session.import_session = import_session.reload()
-    except gsimporter.api.NotFound as e:
-        logger.exception(e)
-        Upload.objects.invalidate_from_session(upload_session)
-        raise GeneralUploadException(detail=_("The GeoServer Import Session is no more available ") + str(e))
-
-    if start_attribute_and_type:
-
-        def tx(type_name):
-            # return None if type_name is None or type_name == 'Date' \
-            return None if type_name is None else "DateFormatTransform"
-
-        end_attribute, end_type = cleaned.get("end_attribute", (None, None))
-        time_step(
-            upload_session,
-            time_attribute=start_attribute_and_type[0],
-            time_transform_type=tx(start_attribute_and_type[1]),
-            time_format=cleaned.get("attribute_format", None),
-            end_time_attribute=end_attribute,
-            end_time_transform_type=tx(end_type),
-            end_time_format=cleaned.get("end_attribute_format", None),
-            presentation_strategy=cleaned["presentation_strategy"],
-            precision_value=cleaned["precision_value"],
-            precision_step=cleaned["precision_step"],
-        )
-
-    upload_session.completed_step = "check"
-    return next_step_response(request, upload_session)
-
-
-def final_step_view(req, upload_session):
-    _json_response = None
-    if not upload_session:
-        upload_session = _get_upload_session(req)
-    if upload_session and getattr(upload_session, "import_session", None):
-        import_session = upload_session.import_session
-        _log("Checking session %s validity", import_session.id)
-        if not check_import_session_is_valid(req, upload_session, import_session):
-            error_msg = upload_session.import_session.tasks[0].error_message
-            url = "/upload/dataset_upload_invalid.html"
-            _json_response = json_response(
-                {
-                    "url": url,
-                    "status": "error",
-                    "id": import_session.id,
-                    "error_msg": error_msg or "Import Session is Invalid!",
-                    "success": False,
-                }
-            )
-            return _json_response
-        else:
-            try:
-                dataset_id = None
-                if req and "dataset_id" in req.GET:
-                    dataset = Dataset.objects.filter(id=req.GET["dataset_id"])
-                    if dataset.exists():
-                        dataset_id = dataset.first().resourcebase_ptr_id
-
-                saved_dataset = final_step(upload_session, upload_session.user, dataset_id)
-
-                assert saved_dataset
-
-                # this response is different then all of the other views in the
-                # upload as it does not return a response as a json object
-                _json_response = json_response(
-                    {
-                        "status": "finished",
-                        "id": import_session.id,
-                        "url": saved_dataset.get_absolute_url(),
-                        "bbox": saved_dataset.bbox_string,
-                        "crs": {"type": "name", "properties": saved_dataset.srid},
-                        "success": True,
-                    }
-                )
-                register_event(req, EventType.EVENT_UPLOAD, saved_dataset)
-                return _json_response
-            except (LayerNotReady, AssertionError) as e:
-                logger.exception(e)
-                force_ajax = (
-                    "&force_ajax=true" if req and "force_ajax" in req.GET and req.GET["force_ajax"] == "true" else ""
-                )
-                return json_response(
-                    {
-                        "status": "running",
-                        "success": True,
-                        "id": import_session.id,
-                        "redirect_to": f"/upload/final?id={import_session.id}{force_ajax}",
-                    }
-                )
-            except Exception as e:
-                logger.exception(e)
-                url = "upload/dataset_upload_invalid.html"
-                _json_response = json_response({"status": "error", "url": url, "error_msg": str(e), "success": False})
-                return _json_response
-    else:
-        url = "upload/dataset_upload_invalid.html"
-        _json_response = json_response(
-            {
-                "status": "error",
-                "url": url,
-                "error_msg": _("Upload Session invalid or no more accessible!"),
-                "success": False,
-            }
-        )
-        return _json_response
-
-
-"""
-    Workflow Views Definition
-"""
-_steps = {
-    "save": save_step_view,
-    "srs": srs_step_view,
-    "csv": csv_step_view,
-    "check": check_step_view,
-    "time": time_step_view,
-    "final": final_step_view,
-}
-
-
-@login_required
-@logged_in_or_basicauth(realm="GeoNode")
-def view(req, step=None):
-    """Main uploader view"""
-
-    config = Configuration.load()
-    if config.read_only or config.maintenance:
-        raise AuthenticationFailed()
-
-    upload_session = None
-    upload_id = req.GET.get("id", None)
-
-    if step is None:
-        if upload_id:
-            # upload recovery
-            upload_obj = get_object_or_404(Upload, import_id=upload_id, user=req.user)
-            session = upload_obj.get_session
-            if session:
-                return next_step_response(req, session)
-        step = "save"
-
-        # delete existing session
-        if upload_id and upload_id in req.session:
-            del req.session[upload_id]
-            req.session.modified = True
-    else:
-        if not upload_id:
-            return render(req, "upload/dataset_upload_invalid.html", context={})
-
-        upload_obj = get_object_or_404(Upload, import_id=upload_id, user=req.user)
-        session = upload_obj.get_session
-        try:
-            if session:
-                upload_session = session
-            else:
-                upload_session = _get_upload_session(req)
-        except Exception as e:
-            logger.exception(e)
-    try:
-        if req.method == "GET" and upload_session:
-            # set the current step to match the requested page - this
-            # could happen if the form is ajax w/ progress monitoring as
-            # the advance would have already happened @hacky
-            _completed_step = upload_session.completed_step
-            try:
-                _completed_step = get_previous_step(upload_session, step)
-                upload_session.completed_step = _completed_step
-            except Exception as e:
-                logger.exception(e)
-                if isinstance(e, APIException):
-                    raise e
-                raise GeneralUploadException(detail=traceback.format_exc())
-
-        resp = _steps[step](req, upload_session)
-        resp_js = None
-        if resp:
-            content = resp.content
-            if isinstance(content, bytes):
-                content = content.decode("UTF-8")
-            try:
-                resp_js = json.loads(content)
-            except json.decoder.JSONDecodeError:
-                resp_js = content
-            except Exception as e:
-                logger.exception(e)
-                if isinstance(e, APIException):
-                    raise e
-                raise GeneralUploadException(detail=traceback.format_exc())
-
-            # must be put back to update object in session
-            if upload_session:
-                if resp_js and step == "final":
-                    try:
-                        delete_session = resp_js.get("status") != "pending"
-                        if delete_session:
-                            # we're done with this session, wax it
-                            upload_session = None
-                            del req.session[upload_id]
-                            req.session.modified = True
-                    except Exception:
-                        pass
-            else:
-                upload_session = _get_upload_session(req)
-            if upload_session:
-                upload_session = Upload.objects.update_from_session(upload_session)
-            if not settings.ASYNC_SIGNALS and resp_js and isinstance(resp_js, dict):
-                _success = resp_js.get("success", False)
-                _redirect_to = resp_js.get("redirect_to", "")
-                _required_input = resp_js.get("required_input", False)
-                if _success and (_required_input or "upload/final" in _redirect_to):
-                    from geonode.upload.tasks import finalize_incomplete_session_uploads
-
-                    finalize_incomplete_session_uploads.apply()
-        return resp
-    except BadStatusLine:
-        logger.exception("bad status line, geoserver down?")
-        raise GeneralUploadException(detail=_geoserver_down_error_msg)
-    except gsimporter.RequestFailed as e:
-        logger.exception(e)
-        errors = e.args
-        # http bad gateway or service unavailable
-        if int(errors[0]) in (502, 503):
-            errors = [_geoserver_down_error_msg]
-        raise GeneralUploadException(detail=errors)
-    except gsimporter.BadRequest as e:
-        logger.exception(e)
-        raise GeneralUploadException(detail=e.args[0])
-    except Exception as e:
-        logger.exception(e)
-        if isinstance(e, APIException):
-            raise e
-        raise GeneralUploadException(detail=traceback.format_exc())
-
-
 @login_required
 def delete(req, id):
     upload = get_object_or_404(Upload, id=id)
@@ -729,10 +53,3 @@ def delete(req, id):
             success=True,
         )
     )
-
-
-def response_content_type(request):
-    if "application/json" in request.META["HTTP_ACCEPT"]:
-        return "application/json"
-    else:
-        return "text/plain"

From 49cef44283a4a5a9cf8bd88f54b3413214907440 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Wed, 23 Aug 2023 11:50:45 +0200
Subject: [PATCH 133/330] Avoid pip upgrades during Docker builds (#11405)

---
 Dockerfile | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 0805c6494d6..3fb3fe1df84 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -28,13 +28,13 @@ RUN chmod +x /usr/bin/celery-cmd
 # RUN cd /usr/src/geonode-contribs/geonode-logstash; pip install --upgrade  -e . \
 #     cd /usr/src/geonode-contribs/ldap; pip install --upgrade  -e .
 
-RUN yes w | pip install --src /usr/src -Ur requirements.txt
-RUN yes w | pip install --upgrade -e .
+RUN yes w | pip install --src /usr/src -r requirements.txt &&\
+    yes w | pip install -e .
 
 # Cleanup apt update lists
-RUN apt-get autoremove --purge
-RUN apt-get clean
-RUN rm -rf /var/lib/apt/lists/*
+RUN apt-get autoremove --purge &&\
+    apt-get clean &&\
+    rm -rf /var/lib/apt/lists/*
 
 # Export ports
 EXPOSE 8000

From 029a0bf53f49d45a0e7d8e77032febdec6ca8286 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcel=20Wallschl=C3=A4ger?= <marcel.wallschlaeger@zalf.de>
Date: Wed, 23 Aug 2023 11:52:01 +0200
Subject: [PATCH 134/330] [Fixes #11316] external pyCSW Service breaks upload
 of Documents and Datasets (#11319)

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
---
 geonode/catalogue/backends/generic.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/geonode/catalogue/backends/generic.py b/geonode/catalogue/backends/generic.py
index 94eb2198ab2..848fd9758fe 100644
--- a/geonode/catalogue/backends/generic.py
+++ b/geonode/catalogue/backends/generic.py
@@ -89,9 +89,13 @@ def get_by_uuid(self, uuid):
                 return None
             record = list(self.records.values())[0]
             record.keywords = []
-            if hasattr(record, "identification") and hasattr(record.identification[0], "keywords"):
+            if (
+                hasattr(record, "identification")
+                and len(record.identification) > 0
+                and hasattr(record.identification[0], "keywords")
+            ):
                 for kw in record.identification[0].keywords:
-                    record.keywords.extend(kw["keywords"])
+                    record.keywords.extend(kw.keywords)
             return record
         else:
             return None
@@ -111,7 +115,6 @@ def url_for_uuid(self, uuid, outputschema):
 
     def urls_for_uuid(self, uuid):
         """returns list of valid GetRecordById URLs for a given record"""
-
         urls = []
         for mformat in self.formats:
             urls.append(("text/xml", mformat, self.url_for_uuid(uuid, METADATA_FORMATS[mformat][1])))
@@ -124,6 +127,7 @@ def csw_gen_xml(self, layer, template):
         site_url = settings.SITEURL.rstrip("/") if settings.SITEURL.startswith("http") else settings.SITEURL
         tpl = get_template(template)
         ctx = {
+            "CATALOG_METADATA_TEMPLATE": settings.CATALOG_METADATA_TEMPLATE,
             "layer": layer,
             "SITEURL": site_url,
             "id_pname": id_pname,

From be7b716f25f3d82b1e51c0f0bfdd5a514528a496 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Wed, 23 Aug 2023 12:15:30 +0200
Subject: [PATCH 135/330] create-envfile doesn't need Django (#11407)

---
 README.md | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/README.md b/README.md
index 8ec744e587e..1737129a18c 100644
--- a/README.md
+++ b/README.md
@@ -51,12 +51,6 @@ Workshop](https://docs.geonode.org/en/master/usage/index.html).
 Quick Docker Start
 ------------------
 
-  ```bash
-    python3.10 -m venv ~/.venvs/geonode
-    source ~/.venvs/geonode/bin/activate
-
-    pip install Django==3.2.*
-  ```
   ```bash
     python create-envfile.py
   ```

From 1c4b06c707dc021cde7aff8d2dec95c9d8c4dbb5 Mon Sep 17 00:00:00 2001
From: Emanuele Tajariol <etj@geo-solutions.it>
Date: Wed, 23 Aug 2023 12:19:08 +0200
Subject: [PATCH 136/330] [Fixes #11226] Faceting: improvement: key to filter -
 step 2 (#11297)

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
---
 geonode/facets/models.py              |  2 +-
 geonode/facets/providers/baseinfo.py  |  3 +--
 geonode/facets/providers/category.py  |  1 -
 geonode/facets/providers/keyword.py   |  1 -
 geonode/facets/providers/region.py    |  1 -
 geonode/facets/providers/thesaurus.py |  1 -
 geonode/facets/providers/users.py     |  1 -
 geonode/facets/tests.py               | 15 ++++++++-------
 8 files changed, 10 insertions(+), 15 deletions(-)

diff --git a/geonode/facets/models.py b/geonode/facets/models.py
index 0270720e346..c4109d31d9e 100644
--- a/geonode/facets/models.py
+++ b/geonode/facets/models.py
@@ -58,7 +58,7 @@ def get_info(self, lang="en", **kwargs) -> dict:
         """
         Get the basic info for this provider, as a dict with these keys:
         - 'name': the name of the provider (the one returned by name())
-        - 'key': the filtering key to be used in a filter query
+        - 'filter': the filtering key to be used in a filter query
         - 'label': a generic label for the facet; the client should try and localize it whenever possible
         - 'localized_label': a localized label for the facet (localized according to the `lang` param)
         - 'type': the facet type (e.g. user, region, thesaurus, ...)
diff --git a/geonode/facets/providers/baseinfo.py b/geonode/facets/providers/baseinfo.py
index f81e7583c66..11df2783c14 100644
--- a/geonode/facets/providers/baseinfo.py
+++ b/geonode/facets/providers/baseinfo.py
@@ -38,7 +38,6 @@ def name(self) -> str:
     def get_info(self, lang="en", **kwargs) -> dict:
         return {
             "name": self.name,
-            "key": "filter{resource_type.in}",  # deprecated
             "filter": "filter{resource_type.in}",
             "label": "Resource type",
             "type": FACET_TYPE_BASE,
@@ -108,7 +107,7 @@ def name(self) -> str:
     def get_info(self, lang="en", **kwargs) -> dict:
         return {
             "name": self.name,
-            "key": "filter{featured}",
+            "filter": "filter{featured}",
             "label": "Featured",
             "type": FACET_TYPE_BASE,
             "hierarchical": False,
diff --git a/geonode/facets/providers/category.py b/geonode/facets/providers/category.py
index 28b27749bbf..6b7dc331768 100644
--- a/geonode/facets/providers/category.py
+++ b/geonode/facets/providers/category.py
@@ -39,7 +39,6 @@ def name(self) -> str:
     def get_info(self, lang="en", **kwargs) -> dict:
         return {
             "name": self.name,
-            "key": "filter{category.identifier}",  # deprecated
             "filter": "filter{category.identifier}",
             "label": "Category",
             "type": FACET_TYPE_CATEGORY,
diff --git a/geonode/facets/providers/keyword.py b/geonode/facets/providers/keyword.py
index ce9e5f6f8f9..41c4a470cfa 100644
--- a/geonode/facets/providers/keyword.py
+++ b/geonode/facets/providers/keyword.py
@@ -39,7 +39,6 @@ def name(self) -> str:
     def get_info(self, lang="en", **kwargs) -> dict:
         return {
             "name": self.name,
-            "key": "filter{keywords.slug.in}",  # deprecated
             "filter": "filter{keywords.slug.in}",
             "label": "Keyword",
             "type": FACET_TYPE_KEYWORD,
diff --git a/geonode/facets/providers/region.py b/geonode/facets/providers/region.py
index c40138e58bb..bd912ab8693 100644
--- a/geonode/facets/providers/region.py
+++ b/geonode/facets/providers/region.py
@@ -39,7 +39,6 @@ def name(self) -> str:
     def get_info(self, lang="en", **kwargs) -> dict:
         return {
             "name": self.name,
-            "key": "filter{regions.code.in}",  # deprecated
             "filter": "filter{regions.code.in}",
             "label": "Region",
             "type": FACET_TYPE_PLACE,
diff --git a/geonode/facets/providers/thesaurus.py b/geonode/facets/providers/thesaurus.py
index bb40f455924..f8014728c9d 100644
--- a/geonode/facets/providers/thesaurus.py
+++ b/geonode/facets/providers/thesaurus.py
@@ -48,7 +48,6 @@ def name(self) -> str:
     def get_info(self, lang="en", **kwargs) -> dict:
         return {
             "name": self._name,
-            "key": "filter{tkeywords}",  # deprecated
             "filter": "filter{tkeywords}",
             "label": self.labels.get(lang, self.label),
             "is_localized": self.labels.get(lang, None) is not None,
diff --git a/geonode/facets/providers/users.py b/geonode/facets/providers/users.py
index cf2a52cd9ba..ac65d9ee79b 100644
--- a/geonode/facets/providers/users.py
+++ b/geonode/facets/providers/users.py
@@ -39,7 +39,6 @@ def name(self) -> str:
     def get_info(self, lang="en", **kwargs) -> dict:
         return {
             "name": "owner",
-            "key": "filter{owner.pk.in}",  # deprecated
             "filter": "filter{owner.pk.in}",
             "label": "Owner",
             "type": FACET_TYPE_USER,
diff --git a/geonode/facets/tests.py b/geonode/facets/tests.py
index cf05e1e3734..3245fe72d9a 100644
--- a/geonode/facets/tests.py
+++ b/geonode/facets/tests.py
@@ -388,18 +388,19 @@ def test_topics(self):
 
     def test_prefiltering(self):
         reginfo = RegionFacetProvider().get_info()
-        t0info = facet_registry.get_provider("t_0").get_info()
-        t1info = facet_registry.get_provider("t_1").get_info()
+        regfilter = reginfo["filter"]
+        t0filter = facet_registry.get_provider("t_0").get_info()["filter"]
+        t1filter = facet_registry.get_provider("t_1").get_info()["filter"]
 
         for facet, filters, totals, count0 in (
             ("t_0", {}, 2, 10),
-            ("t_0", {reginfo["key"]: "R0"}, 1, 1),
+            ("t_0", {regfilter: "R0"}, 1, 1),
             ("t_1", {}, 2, 10),
-            ("t_1", {reginfo["key"]: "R0"}, 1, 2),
-            ("t_1", {reginfo["key"]: "R1"}, 2, 3),
+            ("t_1", {regfilter: "R0"}, 1, 2),
+            ("t_1", {regfilter: "R1"}, 2, 3),
             (reginfo["name"], {}, 2, 4),
-            (reginfo["name"], {t0info["key"]: self.thesauri_k["0_0"].id}, 2, 1),
-            (reginfo["name"], {t1info["key"]: self.thesauri_k["1_0"].id}, 2, 3),
+            (reginfo["name"], {t0filter: self.thesauri_k["0_0"].id}, 2, 1),
+            (reginfo["name"], {t1filter: self.thesauri_k["1_0"].id}, 2, 3),
         ):
             req = self.rf.get(reverse("get_facet", args=[facet]), data=filters)
             res: JsonResponse = views.get_facet(req, facet)

From 3f694c5857ee0546d19d731cc61266873e1542d2 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Wed, 23 Aug 2023 12:20:03 +0200
Subject: [PATCH 137/330] Remove Install paragraph from README (#11408)

---
 README.md | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/README.md b/README.md
index 1737129a18c..38fc32dc704 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,6 @@ Table of Contents
   - [What is GeoNode?](#what-is-geonode)
   - [Try out GeoNode](#try-out-geonode)
   - [Quick Docker Start](#quick-docker-start)
-  - [Install](#install)
   - [Learn GeoNode](#learn-geonode)
   - [Development](#development)
   - [Contributing](#contributing)
@@ -76,18 +75,6 @@ Quick Docker Start
   docker compose up -d
 ```
 
-Install
--------
-
-    The latest official release is 4.1.0!
-
-GeoNode can be setup in different ways, flavors and plattforms. If
-you´re planning to do development or install for production please visit
-the offical GeoNode installation documentation:
-
-- [Docker](https://docs.geonode.org/en/master/install/advanced/core/index.html#docker)
-- [Ubuntu 22.04](https://docs.geonode.org/en/master/install/advanced/core/index.html#ubuntu-22-04)
-
 Learn GeoNode
 -------------
 

From d0496683764ef15e41ada6feb10cbd41a305b51f Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Wed, 23 Aug 2023 12:21:30 +0200
Subject: [PATCH 138/330] Update link to demo in README (#11409)

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 38fc32dc704..973935b5dc4 100644
--- a/README.md
+++ b/README.md
@@ -41,7 +41,7 @@ Try out GeoNode
 ---------------
 
 If you just want to try out GeoNode visit our official Demo online at:
-http://master.demo.geonode.org. After your registration you will be able
+[http://development.demo.geonode.org[(http://development.demo.geonode.org). After your registration you will be able
 to test all basic functionalities like uploading layers, creation of
 maps, editing metadata, styles and much more. To get an overview what
 GeoNode can do we recommend to have a look at the [Users

From 54d85b0c5cf927ecb728c283eed6f54890094e3f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcel=20Wallschl=C3=A4ger?= <marcel.wallschlaeger@zalf.de>
Date: Wed, 23 Aug 2023 12:25:01 +0200
Subject: [PATCH 139/330] [Fixes: #10841] Serializing and deserializing
 ResourceBase and Dataset objects breaks validation check (#10843)

* issue10841 add convertion to internal types for DynamicModelSerializer

* issue10841 add convertion to internal types for DynamicModelSerializer

* issue10841 add convertion to internal types for DynamicModelSerializer

* issue10841 add convertion to internal types for DynamicModelSerializer

* issue10841 add convertion to internal types for DynamicModelSerializer

* - Fix formatting

---------

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
---
 geonode/base/api/fields.py      | 54 +++++++++++++++++++++++++++++++++
 geonode/base/api/serializers.py | 34 ++++++++++-----------
 geonode/base/api/tests.py       | 54 ++++++++++++++++++++++++++++++++-
 3 files changed, 123 insertions(+), 19 deletions(-)
 create mode 100644 geonode/base/api/fields.py

diff --git a/geonode/base/api/fields.py b/geonode/base/api/fields.py
new file mode 100644
index 00000000000..d719772cc58
--- /dev/null
+++ b/geonode/base/api/fields.py
@@ -0,0 +1,54 @@
+#########################################################################
+#
+# Copyright (C) 2016 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+
+import json
+
+from django.core.exceptions import ValidationError
+from dynamic_rest.fields.fields import DynamicRelationField
+
+
+class ComplexDynamicRelationField(DynamicRelationField):
+    def to_internal_value_single(self, data, serializer):
+        """Overwrite of DynamicRelationField implementation to handle complex data structure initialization
+
+        Args:
+            data (Optional[str, Dict]}): serialized or deserialized data from http calls (POST, GET ...)
+            serializer (DynamicModelSerializer): Serializer for the given data
+
+        Raises:
+            ValidationError: raised when requested data does not exist
+
+            django.db.models.QuerySet: return QuerySet object of the request or set data
+        """
+        related_model = serializer.Meta.model
+        if isinstance(data, str):
+            data = json.loads(data)
+
+        if isinstance(data, dict):
+            try:
+                if hasattr(serializer, "many") and serializer.many is True:
+                    return [serializer.get_model().objects.get(**d) for d in data]
+                return serializer.get_model().objects.get(**data)
+            except related_model.DoesNotExist:
+                raise ValidationError(
+                    "Invalid value for '%s': %s object with ID=%s not found"
+                    % (self.field_name, related_model.__name__, data)
+                )
+        else:
+            return super().to_internal_value_single(data, serializer)
diff --git a/geonode/base/api/serializers.py b/geonode/base/api/serializers.py
index 4d07b9478f7..b831326e88a 100644
--- a/geonode/base/api/serializers.py
+++ b/geonode/base/api/serializers.py
@@ -16,9 +16,10 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 #########################################################################
-import json
+import logging
 from slugify import slugify
 from urllib.parse import urljoin
+import json
 
 from django.db.models import Q
 from django.conf import settings
@@ -26,6 +27,7 @@
 from django.forms.models import model_to_dict
 from django.contrib.auth import get_user_model
 from django.db.models.query import QuerySet
+from django.http import QueryDict
 
 from rest_framework import serializers
 from rest_framework_gis import fields
@@ -51,13 +53,11 @@
     ExtraMetadata,
 )
 from geonode.groups.models import GroupCategory, GroupProfile
-
+from geonode.base.api.fields import ComplexDynamicRelationField
 from geonode.utils import build_absolute_uri
 from geonode.security.utils import get_resources_with_perms
 from geonode.resource.models import ExecutionRequest
 
-import logging
-
 logger = logging.getLogger(__name__)
 
 
@@ -351,9 +351,6 @@ class Meta:
         model = ResourceBase
         fields = ("pk", "blob")
 
-    def to_internal_value(self, data):
-        return data
-
     def to_representation(self, value):
         data = ResourceBase.objects.filter(id=value)
         if data.exists() and data.count() == 1:
@@ -444,7 +441,7 @@ def __init__(self, *args, **kwargs):
         self.fields["bbox_polygon"] = fields.GeometryField(read_only=True, required=False)
         self.fields["ll_bbox_polygon"] = fields.GeometryField(read_only=True, required=False)
         self.fields["srid"] = serializers.CharField(required=False)
-        self.fields["group"] = DynamicRelationField(GroupSerializer, embed=True, many=False)
+        self.fields["group"] = ComplexDynamicRelationField(GroupSerializer, embed=True, many=False)
         self.fields["popular_count"] = serializers.CharField(required=False)
         self.fields["share_count"] = serializers.CharField(required=False)
         self.fields["rating"] = serializers.CharField(required=False)
@@ -463,28 +460,27 @@ def __init__(self, *args, **kwargs):
         self.fields["processed"] = serializers.BooleanField(read_only=True)
         self.fields["state"] = serializers.CharField(read_only=True)
         self.fields["sourcetype"] = serializers.CharField(read_only=True)
-
         self.fields["embed_url"] = EmbedUrlField(required=False)
         self.fields["thumbnail_url"] = ThumbnailUrlField(read_only=True)
-        self.fields["keywords"] = DynamicRelationField(SimpleHierarchicalKeywordSerializer, embed=False, many=True)
-        self.fields["tkeywords"] = DynamicRelationField(SimpleThesaurusKeywordSerializer, embed=False, many=True)
+        self.fields["keywords"] = ComplexDynamicRelationField(
+            SimpleHierarchicalKeywordSerializer, embed=False, many=True
+        )
+        self.fields["tkeywords"] = ComplexDynamicRelationField(SimpleThesaurusKeywordSerializer, embed=False, many=True)
         self.fields["regions"] = DynamicRelationField(SimpleRegionSerializer, embed=True, many=True, read_only=True)
-        self.fields["category"] = DynamicRelationField(SimpleTopicCategorySerializer, embed=True, many=False)
-        self.fields["restriction_code_type"] = DynamicRelationField(
+        self.fields["category"] = ComplexDynamicRelationField(SimpleTopicCategorySerializer, embed=True, many=False)
+        self.fields["restriction_code_type"] = ComplexDynamicRelationField(
             RestrictionCodeTypeSerializer, embed=True, many=False
         )
-        self.fields["license"] = DynamicRelationField(LicenseSerializer, embed=True, many=False)
-        self.fields["spatial_representation_type"] = DynamicRelationField(
+        self.fields["license"] = ComplexDynamicRelationField(LicenseSerializer, embed=True, many=False)
+        self.fields["spatial_representation_type"] = ComplexDynamicRelationField(
             SpatialRepresentationTypeSerializer, embed=True, many=False
         )
         self.fields["blob"] = serializers.JSONField(required=False, write_only=True)
         self.fields["is_copyable"] = serializers.BooleanField(read_only=True)
-
         self.fields["download_url"] = DownloadLinkField(read_only=True)
-
         self.fields["favorite"] = FavoriteField(read_only=True)
 
-    metadata = DynamicRelationField(ExtraMetadataSerializer, embed=False, many=True, deferred=True)
+    metadata = ComplexDynamicRelationField(ExtraMetadataSerializer, embed=False, many=True, deferred=True)
 
     class Meta:
         model = ResourceBase
@@ -596,6 +592,8 @@ def to_internal_value(self, data):
             data = json.loads(data)
         if "data" in data:
             data["blob"] = data.pop("data")
+        if isinstance(data, QueryDict):
+            data = data.dict()
         data = super(ResourceBaseSerializer, self).to_internal_value(data)
         return data
 
diff --git a/geonode/base/api/tests.py b/geonode/base/api/tests.py
index 88df7c3f7b2..4feffb7d3c2 100644
--- a/geonode/base/api/tests.py
+++ b/geonode/base/api/tests.py
@@ -32,20 +32,23 @@
 from uuid import uuid4
 from unittest.mock import patch
 from urllib.parse import urljoin
+from datetime import date, timedelta
 
 from django.urls import reverse
 from django.conf import settings
 from django.core.files.uploadedfile import SimpleUploadedFile
-from django.contrib.auth.models import Group
 from django.contrib.auth import get_user_model
 
 from rest_framework.test import APITestCase
+from rest_framework.renderers import JSONRenderer
+from rest_framework.parsers import JSONParser
 
 from guardian.shortcuts import get_anonymous_user
 from geonode.maps.models import Map, MapLayer
 from geonode.tests.base import GeoNodeBaseTestSupport
 
 from geonode.base import enumerations
+from geonode.base.api.serializers import ResourceBaseSerializer
 from geonode.groups.models import GroupMember, GroupProfile
 from geonode.thumbs.exceptions import ThumbnailError
 from geonode.layers.utils import get_files
@@ -56,6 +59,9 @@
     TopicCategory,
     ThesaurusKeyword,
     ExtraMetadata,
+    RestrictionCodeType,
+    License,
+    Group,
 )
 
 from geonode.layers.models import Dataset
@@ -707,6 +713,52 @@ def test_write_resources(self):
             self.assertEqual("321-12345-987654321", response.data["resource"]["doi"], response.data["resource"]["doi"])
             self.assertEqual(True, response.data["resource"]["is_published"], response.data["resource"]["is_published"])
 
+    def test_resource_serializer_validation(self):
+        """
+        Testing serializing and deserializing of a Dataset base on django-rest description:
+        https://www.django-rest-framework.org/api-guide/serializers/#deserializing-objects
+        """
+        owner, _ = get_user_model().objects.get_or_create(username="delet-owner")
+        title = "TEST DS TITLE"
+        HierarchicalKeyword.add_root(name="a")
+        keyword = HierarchicalKeyword.objects.get(slug="a")
+        keyword.add_child(name="a1")
+
+        Dataset(
+            title=title,
+            abstract="abstract",
+            name="test dataset",
+            alternate="Test Remove User",
+            attribution="Test Attribution",
+            uuid=str(uuid4()),
+            doi="test DOI",
+            edition=1,
+            maintenance_frequency=enumerations.UPDATE_FREQUENCIES[0],
+            constraints_other="Test Constrains other",
+            temporal_extent_start=date.today() - timedelta(days=1),
+            temporal_extent_end=date.today(),
+            data_quality_statement="Test data quality statement",
+            purpose="Test Purpose",
+            owner=owner,
+            subtype="raster",
+            category=TopicCategory.objects.get(identifier="elevation"),
+            resource_type="dataset",
+            license=License.objects.all().first(),
+            restriction_code_type=RestrictionCodeType.objects.all().first(),
+            group=Group.objects.all().first(),
+        ).save()
+
+        ds = ResourceBase.objects.get(title=title)
+        ds.keywords.add(HierarchicalKeyword.objects.get(slug="a1"))
+
+        serialized = ResourceBaseSerializer(ds)
+        json = JSONRenderer().render(serialized.data)
+        stream = BytesIO(json)
+        data = JSONParser().parse(stream)
+        self.assertIsInstance(data, dict)
+        se = ResourceBaseSerializer(data=data)
+        self.assertTrue(se.is_valid())
+
     def test_delete_user_with_resource(self):
         owner, created = get_user_model().objects.get_or_create(username="delet-owner")
         Dataset(

From 618776ef8f4146ffc9fc785b17abac9bba22a409 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Wed, 23 Aug 2023 12:30:21 +0200
Subject: [PATCH 140/330] Typos and fixes to the links in the README (#11411)

---
 README.md | 34 ++++++++++++++++------------------
 1 file changed, 16 insertions(+), 18 deletions(-)

diff --git a/README.md b/README.md
index 973935b5dc4..187d0da3f12 100644
--- a/README.md
+++ b/README.md
@@ -41,10 +41,10 @@ Try out GeoNode
 ---------------
 
 If you just want to try out GeoNode visit our official Demo online at:
-[http://development.demo.geonode.org[(http://development.demo.geonode.org). After your registration you will be able
+[https://development.demo.geonode.org](https://development.demo.geonode.org). After your registration, you will be able
 to test all basic functionalities like uploading layers, creation of
-maps, editing metadata, styles and much more. To get an overview what
-GeoNode can do we recommend to have a look at the [Users
+maps, editing metadata, styles, and much more. To get an overview what
+GeoNode can do we recommend having a look at the [Users
 Workshop](https://docs.geonode.org/en/master/usage/index.html).
 
 Quick Docker Start
@@ -60,8 +60,8 @@ Quick Docker Start
    - When set to `prod` `DEBUG` is disabled and the creation of a valid `SSL` is requested to Letsencrypt's ACME server
    - When set to `test`  `DEBUG` is disabled and a test `SSL` certificate is generated for local testing
    - When set to `dev`  `DEBUG` is enabled and no `SSL` certificate is generated
-- `--hostname`: The URL that whill serve GeoNode (`localhost` by default)
-- `--email`: The administrator's email. Notice that a real email and a valid SMPT configurations are required if  `--env_type` is seto to `prod`. Letsencrypt uses to email for issuing the SSL certificate 
+- `--hostname`: The URL that will serve GeoNode (`localhost` by default)
+- `--email`: The administrator's email. Notice that a real email and valid SMPT configurations are required if  `--env_type` is set to `prod`. Letsencrypt uses email for issuing the SSL certificate 
 - `--geonodepwd`: GeoNode's administrator password. A random value is set if left empty
 - `--geoserverpwd`: GeoNode's administrator password. A random value is set if left empty
 - `--pgpwd`: PostgreSQL's administrator password. A random value is set if left empty
@@ -89,24 +89,22 @@ and configuration settings.
 Development
 -----------
 
-GeoNode is a web based GIS tool, and as such, in order to do development
+GeoNode is a web-based GIS tool, and as such, in order to do development
 on GeoNode itself or to integrate it into your own application, you
 should be familiar with basic web development concepts as well as with
 general GIS concepts.
 
-For development GeoNode can be run in a 'development environment'. In
+For development, GeoNode can be run in a 'development environment'. In
 contrast to a 'production environment' development differs as it uses
 lightweight components to speed up things.
 
-To get you started have a look at the [Install
-instructions](#install) which cover all what is needed to run GeoNode
-for development. Further visit the the [Developer
+To get started visit the [Developer
 workshop](https://docs.geonode.org/en/master/devel/index.html)
 for a basic overview.
 
-If you're planning of customizing your GeoNode instance, or to extend
-it's functionalities it's not advisable to change core files in any
-case. In this case it's common to use setup a [GeoNode Project
+If you're planning to customize your GeoNode instance or to extend
+its functionalities it's not advisable to change core files in any
+case. In this case, it's common to setup a [GeoNode Project
 Template](https://github.com/GeoNode/geonode-project).
 
 Contributing
@@ -123,9 +121,9 @@ Roadmap
 GeoNode's development roadmap is documented in a series of GeoNode
 Improvement Projects (GNIPS). They are documented at [GeoNode Wiki](https://github.com/GeoNode/geonode/wiki/GeoNode-Improvement-Proposals).
 
-GNIPS are considered to be large undertakings which will add a large
-amount of features to the project. As such they are the topic of
-community dicussion and guidance. The community discusses these on the
+GNIPS are considered to be large undertakings that will add a large
+number of features to the project. As such they are the topic of
+community discussion and guidance. The community discusses these on the
 developer mailing list: http://lists.osgeo.org/pipermail/geonode-devel/
 
 Showcase
@@ -147,12 +145,12 @@ Most useful links
 
 - Project homepage: https://geonode.org
 - Repository: https://github.com/GeoNode/geonode
-- Offical Demo: http://master.demo.geonode.org
+- Official Demos: https://demo.geonode.org
 - GeoNode Wiki: https://github.com/GeoNode/geonode/wiki
 - Issue tracker: https://github.com/GeoNode/geonode-project/issues
 
     In case of sensitive bugs like security vulnerabilities, please
-    contact a GeoNode Core Developer directly instead of using issue
+    contact a GeoNode Core Developer directly instead of using an issue
     tracker. We value your effort to improve the security and privacy of
     this project!
 

From a9eebae80cb362009660a1fd49e105e7cdb499b9 Mon Sep 17 00:00:00 2001
From: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Wed, 23 Aug 2023 17:32:13 +0200
Subject: [PATCH 141/330] Merge pull request from GHSA-rmxg-6qqf-x8mr

* - Fixes "Server Side Request forgery"

* Fixes IP or domain extraction

* fixed formatting

* - Bump ipaddress to version 1.0.23

---------

Co-authored-by: G. Allegri <giohappy@gmail.com>
---
 geonode/proxy/tests.py | 46 ++++++++++++++++++++++++++++++++++++++++++
 geonode/proxy/views.py | 11 ++++++++--
 geonode/utils.py       | 21 +++++++++++++++++++
 requirements.txt       |  1 +
 setup.cfg              |  1 +
 5 files changed, 78 insertions(+), 2 deletions(-)

diff --git a/geonode/proxy/tests.py b/geonode/proxy/tests.py
index 73ef8ba989c..e0cd6385407 100644
--- a/geonode/proxy/tests.py
+++ b/geonode/proxy/tests.py
@@ -178,6 +178,52 @@ class Response:
             },
         )
 
+    def test_proxy_url_forgery(self):
+        """The GeoNode Proxy should preserve the original request headers."""
+        import geonode.proxy.views
+        from urllib.parse import urlsplit
+
+        class Response:
+            status_code = 200
+            content = "Hello World"
+            headers = {
+                "Content-Type": "text/plain",
+                "Vary": "Authorization, Accept-Language, Cookie, origin",
+                "X-Content-Type-Options": "nosniff",
+                "X-XSS-Protection": "1; mode=block",
+                "Referrer-Policy": "same-origin",
+                "X-Frame-Options": "SAMEORIGIN",
+                "Content-Language": "en-us",
+                "Content-Length": "119",
+                "Content-Disposition": 'attachment; filename="filename.tif"',
+            }
+
+        request_mock = MagicMock()
+        request_mock.return_value = (Response(), None)
+
+        # Non-Legit requests attempting SSRF
+        geonode.proxy.views.http_client.request = request_mock
+        url = f"http://example.org\@%23{urlsplit(settings.SITEURL).hostname}"
+
+        response = self.client.get(f"{self.proxy_url}?url={url}")
+        self.assertEqual(response.status_code, 403)
+
+        url = f"http://125.126.127.128\@%23{urlsplit(settings.SITEURL).hostname}"
+
+        response = self.client.get(f"{self.proxy_url}?url={url}")
+        self.assertEqual(response.status_code, 403)
+
+        # Legit requests using the local host (SITEURL)
+        url = f"/\@%23{urlsplit(settings.SITEURL).hostname}"
+
+        response = self.client.get(f"{self.proxy_url}?url={url}")
+        self.assertEqual(response.status_code, 200)
+
+        url = f"{settings.SITEURL}\@%23{urlsplit(settings.SITEURL).hostname}"
+
+        response = self.client.get(f"{self.proxy_url}?url={url}")
+        self.assertEqual(response.status_code, 200)
+
 
 class DownloadResourceTestCase(GeoNodeBaseTestSupport):
     def setUp(self):
diff --git a/geonode/proxy/views.py b/geonode/proxy/views.py
index 10030f3dc25..fc49163f01b 100644
--- a/geonode/proxy/views.py
+++ b/geonode/proxy/views.py
@@ -40,7 +40,14 @@
 from geonode.upload.models import Upload
 from geonode.base.models import ResourceBase
 from geonode.storage.manager import storage_manager
-from geonode.utils import resolve_object, check_ogc_backend, get_headers, http_client, json_response
+from geonode.utils import (
+    resolve_object,
+    check_ogc_backend,
+    get_headers,
+    http_client,
+    json_response,
+    extract_ip_or_domain,
+)
 from geonode.base.enumerations import LINK_TYPES as _LT
 
 from geonode import geoserver  # noqa
@@ -130,7 +137,7 @@ def proxy(
             _remote_host = urlsplit(_s.base_url).hostname
             PROXY_ALLOWED_HOSTS += (_remote_host,)
 
-        if not validate_host(url.hostname, PROXY_ALLOWED_HOSTS):
+        if not validate_host(extract_ip_or_domain(raw_url), PROXY_ALLOWED_HOSTS):
             return HttpResponse(
                 "DEBUG is set to False but the host of the path provided to the proxy service"
                 " is not in the PROXY_ALLOWED_HOSTS setting.",
diff --git a/geonode/utils.py b/geonode/utils.py
index 5abab4b2411..2ceaa2ff0d6 100755
--- a/geonode/utils.py
+++ b/geonode/utils.py
@@ -34,6 +34,7 @@
 import requests
 import tempfile
 import importlib
+import ipaddress
 import itertools
 import traceback
 import subprocess
@@ -1930,6 +1931,26 @@ def build_absolute_uri(url):
     return url
 
 
+def extract_ip_or_domain(url):
+    ip_regex = re.compile("^(?:http\:\/\/|https\:\/\/)(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})")
+    domain_regex = re.compile("^(?:http\:\/\/|https\:\/\/)([a-zA-Z0-9.-]+)")
+
+    match = ip_regex.findall(url)
+    if len(match):
+        ip_address = match[0]
+        try:
+            ipaddress.ip_address(ip_address)  # Validate the IP address
+            return ip_address
+        except ValueError:
+            pass
+
+    match = domain_regex.findall(url)
+    if len(match):
+        return match[0]
+
+    return None
+
+
 def get_xpath_value(
     element: etree.Element, xpath_expression: str, nsmap: typing.Optional[dict] = None
 ) -> typing.Optional[str]:
diff --git a/requirements.txt b/requirements.txt
index 05db52f8a43..df52b4ebb39 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -27,6 +27,7 @@ rdflib==6.3.2
 smart_open==6.3.0
 PyMuPDF==1.22.5
 pathvalidate==3.1.0
+ipaddress==1.0.23
 
 # Django Apps
 django-allauth==0.54.0
diff --git a/setup.cfg b/setup.cfg
index 41a528efbc4..28a66b16159 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -53,6 +53,7 @@ install_requires =
     smart_open==6.3.0
     PyMuPDF==1.22.5
     pathvalidate==3.1.0
+    ipaddress==1.0.23
 
     # Django Apps
     django-allauth==0.54.0

From 1671689a2d42f3d44790d4e29fd5e427018231dd Mon Sep 17 00:00:00 2001
From: afabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Wed, 23 Aug 2023 17:42:42 +0200
Subject: [PATCH 142/330]  - Revert ipaddress requirement

---
 requirements.txt | 1 -
 setup.cfg        | 1 -
 2 files changed, 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index df52b4ebb39..05db52f8a43 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -27,7 +27,6 @@ rdflib==6.3.2
 smart_open==6.3.0
 PyMuPDF==1.22.5
 pathvalidate==3.1.0
-ipaddress==1.0.23
 
 # Django Apps
 django-allauth==0.54.0
diff --git a/setup.cfg b/setup.cfg
index 28a66b16159..41a528efbc4 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -53,7 +53,6 @@ install_requires =
     smart_open==6.3.0
     PyMuPDF==1.22.5
     pathvalidate==3.1.0
-    ipaddress==1.0.23
 
     # Django Apps
     django-allauth==0.54.0

From bc7cb13e8d4362d29e4ea14ae400f2c198f87f8b Mon Sep 17 00:00:00 2001
From: afabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Wed, 23 Aug 2023 18:11:03 +0200
Subject: [PATCH 143/330]  - Fix pep8 formatting issues

---
 geonode/proxy/tests.py | 8 ++++----
 geonode/utils.py       | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/geonode/proxy/tests.py b/geonode/proxy/tests.py
index e0cd6385407..f44315c52a7 100644
--- a/geonode/proxy/tests.py
+++ b/geonode/proxy/tests.py
@@ -203,23 +203,23 @@ class Response:
 
         # Non-Legit requests attempting SSRF
         geonode.proxy.views.http_client.request = request_mock
-        url = f"http://example.org\@%23{urlsplit(settings.SITEURL).hostname}"
+        url = f"http://example.org\\@%23{urlsplit(settings.SITEURL).hostname}"
 
         response = self.client.get(f"{self.proxy_url}?url={url}")
         self.assertEqual(response.status_code, 403)
 
-        url = f"http://125.126.127.128\@%23{urlsplit(settings.SITEURL).hostname}"
+        url = f"http://125.126.127.128\\@%23{urlsplit(settings.SITEURL).hostname}"
 
         response = self.client.get(f"{self.proxy_url}?url={url}")
         self.assertEqual(response.status_code, 403)
 
         # Legit requests using the local host (SITEURL)
-        url = f"/\@%23{urlsplit(settings.SITEURL).hostname}"
+        url = f"/\\@%23{urlsplit(settings.SITEURL).hostname}"
 
         response = self.client.get(f"{self.proxy_url}?url={url}")
         self.assertEqual(response.status_code, 200)
 
-        url = f"{settings.SITEURL}\@%23{urlsplit(settings.SITEURL).hostname}"
+        url = f"{settings.SITEURL}\\@%23{urlsplit(settings.SITEURL).hostname}"
 
         response = self.client.get(f"{self.proxy_url}?url={url}")
         self.assertEqual(response.status_code, 200)
diff --git a/geonode/utils.py b/geonode/utils.py
index 2ceaa2ff0d6..22c2fae9c2d 100755
--- a/geonode/utils.py
+++ b/geonode/utils.py
@@ -1932,8 +1932,8 @@ def build_absolute_uri(url):
 
 
 def extract_ip_or_domain(url):
-    ip_regex = re.compile("^(?:http\:\/\/|https\:\/\/)(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})")
-    domain_regex = re.compile("^(?:http\:\/\/|https\:\/\/)([a-zA-Z0-9.-]+)")
+    ip_regex = re.compile("^(?:http://|https://)(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})")
+    domain_regex = re.compile("^(?:http://|https://)([a-zA-Z0-9.-]+)")
 
     match = ip_regex.findall(url)
     if len(match):

From e10635aa91a480d9436497ece3ed49f0bab4239d Mon Sep 17 00:00:00 2001
From: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Wed, 30 Aug 2023 14:33:40 +0200
Subject: [PATCH 144/330] [Cleanup] Get rid of outdated custom importlib code
 (#11422)

---
 geonode/layers/utils.py                         |  4 ++--
 geonode/people/adapters.py                      |  3 +--
 .../geonode_openid_connect/provider.py          |  5 ++---
 .../providers/geonode_openid_connect/views.py   |  7 +++----
 geonode/resource/manager.py                     |  7 ++-----
 geonode/storage/manager.py                      |  9 +++------
 geonode/utils.py                                | 17 -----------------
 7 files changed, 13 insertions(+), 39 deletions(-)

diff --git a/geonode/layers/utils.py b/geonode/layers/utils.py
index 09ef6f02b76..57b53fc2092 100644
--- a/geonode/layers/utils.py
+++ b/geonode/layers/utils.py
@@ -40,7 +40,9 @@
 from django.contrib.auth.models import Group
 from django.contrib.auth import get_user_model
 from django.utils.translation import ugettext as _
+from django.utils.module_loading import import_string
 from django.core.exceptions import ObjectDoesNotExist, SuspiciousFileOperation
+
 from geonode.layers.api.exceptions import InvalidDatasetException
 from geonode.security.permissions import PermSpec, PermSpecCompact
 from geonode.storage.manager import storage_manager
@@ -502,8 +504,6 @@ def set_datasets_permissions(
 
 
 def get_uuid_handler():
-    from django.utils.module_loading import import_string
-
     return import_string(settings.LAYER_UUID_HANDLER)
 
 
diff --git a/geonode/people/adapters.py b/geonode/people/adapters.py
index 63ac7e36659..2a24f6f0bc1 100644
--- a/geonode/people/adapters.py
+++ b/geonode/people/adapters.py
@@ -44,7 +44,6 @@
 from django.core.exceptions import ValidationError
 from django.utils.module_loading import import_string
 
-from geonode.utils import import_class_module
 from geonode.groups.models import GroupProfile
 
 logger = logging.getLogger(__name__)
@@ -69,7 +68,7 @@ def get_data_extractor(provider_id):
 
 
 def get_group_role_mapper(provider_id):
-    group_role_mapper_class = import_class_module(
+    group_role_mapper_class = import_string(
         getattr(settings, "SOCIALACCOUNT_PROVIDERS", {})
         .get(PROVIDER_ID, {})
         .get(
diff --git a/geonode/people/socialaccount/providers/geonode_openid_connect/provider.py b/geonode/people/socialaccount/providers/geonode_openid_connect/provider.py
index 196be1e17a2..34671ce1e3f 100644
--- a/geonode/people/socialaccount/providers/geonode_openid_connect/provider.py
+++ b/geonode/people/socialaccount/providers/geonode_openid_connect/provider.py
@@ -24,8 +24,7 @@
 
 """
 from django.conf import settings
-
-from geonode.utils import import_class_module
+from django.utils.module_loading import import_string
 
 from allauth.account.models import EmailAddress
 from allauth.socialaccount.providers.base import AuthAction, ProviderAccount
@@ -43,7 +42,7 @@ def to_str(self):
 class GenericOpenIDConnectProvider(OAuth2Provider):
     id = "geonode_openid_connect"
     name = getattr(settings, "SOCIALACCOUNT_PROVIDERS", {}).get(PROVIDER_ID, {}).get("NAME", "GeoNode OpenIDConnect")
-    account_class = import_class_module(
+    account_class = import_string(
         getattr(settings, "SOCIALACCOUNT_PROVIDERS", {})
         .get(PROVIDER_ID, {})
         .get(
diff --git a/geonode/people/socialaccount/providers/geonode_openid_connect/views.py b/geonode/people/socialaccount/providers/geonode_openid_connect/views.py
index c009c52b95c..5ff02c11a12 100644
--- a/geonode/people/socialaccount/providers/geonode_openid_connect/views.py
+++ b/geonode/people/socialaccount/providers/geonode_openid_connect/views.py
@@ -17,8 +17,7 @@
 #
 #########################################################################
 from django.conf import settings
-
-from geonode.utils import import_class_module
+from django.utils.module_loading import import_string
 
 from allauth.socialaccount.providers.oauth2.views import (
     OAuth2CallbackView,
@@ -26,5 +25,5 @@
 )
 
 
-oauth2_login = OAuth2LoginView.adapter_view(import_class_module(settings.SOCIALACCOUNT_ADAPTER))
-oauth2_callback = OAuth2CallbackView.adapter_view(import_class_module(settings.SOCIALACCOUNT_ADAPTER))
+oauth2_login = OAuth2LoginView.adapter_view(import_string(settings.SOCIALACCOUNT_ADAPTER))
+oauth2_callback = OAuth2CallbackView.adapter_view(import_string(settings.SOCIALACCOUNT_ADAPTER))
diff --git a/geonode/resource/manager.py b/geonode/resource/manager.py
index 38ca1a0e7c3..79a9bb718ce 100644
--- a/geonode/resource/manager.py
+++ b/geonode/resource/manager.py
@@ -21,7 +21,6 @@
 import copy
 import typing
 import logging
-import importlib
 
 from uuid import uuid1, uuid4
 from abc import ABCMeta, abstractmethod
@@ -35,6 +34,7 @@
 from django.contrib.auth.models import Group
 from django.contrib.auth import get_user_model
 from django.contrib.auth.models import Permission
+from django.utils.module_loading import import_string
 from django.contrib.contenttypes.models import ContentType
 from django.core.exceptions import ObjectDoesNotExist, ValidationError, FieldDoesNotExist
 
@@ -224,10 +224,7 @@ def __init__(self, concrete_manager=None):
         self._concrete_resource_manager = concrete_manager or self._get_concrete_manager()
 
     def _get_concrete_manager(self):
-        module_name, class_name = rm_settings.RESOURCE_MANAGER_CONCRETE_CLASS.rsplit(".", 1)
-        module = importlib.import_module(module_name)
-        class_ = getattr(module, class_name)
-        return class_()
+        return import_string(rm_settings.RESOURCE_MANAGER_CONCRETE_CLASS)()
 
     @classmethod
     def _get_instance(cls, uuid: str) -> ResourceBase:
diff --git a/geonode/storage/manager.py b/geonode/storage/manager.py
index 421ce6946e3..2966fc6924e 100644
--- a/geonode/storage/manager.py
+++ b/geonode/storage/manager.py
@@ -21,15 +21,15 @@
 import re
 import shutil
 import logging
-import importlib
 
 from uuid import uuid1
 from pathlib import Path
 from typing import BinaryIO, List, Mapping, Union
 from django.conf import settings
 
-from django.core.exceptions import SuspiciousFileOperation
 from django.utils.deconstruct import deconstructible
+from django.utils.module_loading import import_string
+from django.core.exceptions import SuspiciousFileOperation
 
 from geonode.storage.data_retriever import DataItemRetriever, DataRetriever
 
@@ -129,10 +129,7 @@ def __init__(self, remote_files: Mapping = {}):
         self.data_retriever = DataRetriever(remote_files, tranfer_at_creation=False)
 
     def _get_concrete_manager(self):
-        module_name, class_name = sm_settings.STORAGE_MANAGER_CONCRETE_CLASS.rsplit(".", 1)
-        module = importlib.import_module(module_name)
-        class_ = getattr(module, class_name)
-        return class_()
+        return import_string(sm_settings.STORAGE_MANAGER_CONCRETE_CLASS)()
 
     def delete(self, name):
         return self._concrete_storage_manager.delete(name)
diff --git a/geonode/utils.py b/geonode/utils.py
index 22c2fae9c2d..694962132f2 100755
--- a/geonode/utils.py
+++ b/geonode/utils.py
@@ -33,7 +33,6 @@
 import datetime
 import requests
 import tempfile
-import importlib
 import ipaddress
 import itertools
 import traceback
@@ -2027,19 +2026,3 @@ def safe_path_leaf(path):
             f"The provided path '{path}' is not safe. The file is outside the MEDIA_ROOT '{base_path}' base path!"
         )
     return fullpath
-
-
-def import_class_module(full_class_string):
-    """
-    Dynamically load a class from a string
-
-    >>> klass = import_class_module("module.submodule.ClassName")
-    >>> klass2 = import_class_module("myfile.Class2")
-    """
-    try:
-        module_path, class_name = full_class_string.rsplit(".", 1)
-        module = importlib.import_module(module_path)
-        class_obj = getattr(module, class_name)
-        return class_obj
-    except Exception:
-        return None

From f64615fc93a9e2f972bb1e96c8485cf63957d1d0 Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Wed, 30 Aug 2023 18:28:20 +0200
Subject: [PATCH 145/330] Update settings_docker_sample.ini (#11426)

* Update settings_docker_sample.ini

* Update settings_sample.ini
---
 geonode/br/management/commands/settings_docker_sample.ini | 4 ++--
 geonode/br/management/commands/settings_sample.ini        | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/geonode/br/management/commands/settings_docker_sample.ini b/geonode/br/management/commands/settings_docker_sample.ini
index 82a28022119..68bbfdf4eff 100644
--- a/geonode/br/management/commands/settings_docker_sample.ini
+++ b/geonode/br/management/commands/settings_docker_sample.ini
@@ -13,6 +13,6 @@ dumprasterdata = yes
 # data_layername_exclude_filter = {comma separated list of layernames, optionally with glob syntax} e.g.: tuscany_*,italy
 
 [fixtures]
-apps  = contenttypes,auth,people,groups,account,guardian,admin,actstream,announcements,avatar,base,documents,geoserver,invitations,pinax_notifications,layers,maps,oauth2_provider,harvesting,services,sites,socialaccount,taggit,tastypie,upload,user_messages,geonode_themes,geoapps,favorite,geonode_client
-dumps = contenttypes,auth,people,groups,account,guardian,admin,actstream,announcements,avatar,base,documents,geoserver,invitations,pinax_notifications,layers,maps,oauth2_provider,harvesting,services,sites,socialaccount,taggit,tastypie,upload,user_messages,geonode_themes,geoapps,favorite,geonode_client
+apps  = contenttypes,auth,people,groups,account,guardian,admin,actstream,announcements,avatar,base,documents,geoserver,invitations,pinax_notifications,harvesting,services,layers,maps,oauth2_provider,sites,socialaccount,taggit,tastypie,upload,user_messages,geonode_themes,geoapps,favorite,geonode_client
+dumps = contenttypes,auth,people,groups,account,guardian,admin,actstream,announcements,avatar,base,documents,geoserver,invitations,pinax_notifications,harvesting,services,layers,maps,oauth2_provider,sites,socialaccount,taggit,tastypie,upload,user_messages,geonode_themes,geoapps,favorite,geonode_client
 
diff --git a/geonode/br/management/commands/settings_sample.ini b/geonode/br/management/commands/settings_sample.ini
index cf02d2532c1..157414ab5e0 100644
--- a/geonode/br/management/commands/settings_sample.ini
+++ b/geonode/br/management/commands/settings_sample.ini
@@ -13,5 +13,5 @@ dumprasterdata = yes
 # data_layername_exclude_filter = {comma separated list of layernames, optionally with glob syntax} e.g.: tuscany_*,italy
 
 [fixtures]
-apps  = contenttypes,auth,people,groups,account,guardian,admin,actstream,announcements,avatar,base,documents,geoserver,invitations,pinax_notifications,layers,maps,oauth2_provider,harvesting,services,sites,socialaccount,taggit,tastypie,upload,user_messages,geonode_themes,geoapps,favorite,geonode_client
-dumps = contenttypes,auth,people,groups,account,guardian,admin,actstream,announcements,avatar,base,documents,geoserver,invitations,pinax_notifications,layers,maps,oauth2_provider,harvesting,services,sites,socialaccount,taggit,tastypie,upload,user_messages,geonode_themes,geoapps,favorite,geonode_client
\ No newline at end of file
+apps  = contenttypes,auth,people,groups,account,guardian,admin,actstream,announcements,avatar,base,documents,geoserver,invitations,pinax_notifications,harvesting,services,layers,maps,oauth2_provider,sites,socialaccount,taggit,tastypie,upload,user_messages,geonode_themes,geoapps,favorite,geonode_client
+dumps = contenttypes,auth,people,groups,account,guardian,admin,actstream,announcements,avatar,base,documents,geoserver,invitations,pinax_notifications,harvesting,services,layers,maps,oauth2_provider,sites,socialaccount,taggit,tastypie,upload,user_messages,geonode_themes,geoapps,favorite,geonode_client

From 499930ac8fdcd380222d9c6a7be5901102c0087f Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Wed, 30 Aug 2023 18:36:56 +0200
Subject: [PATCH 146/330] enable .csv document format (#11428)

---
 geonode/settings.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/geonode/settings.py b/geonode/settings.py
index 9b746b9d63e..a5a4a69582d 100644
--- a/geonode/settings.py
+++ b/geonode/settings.py
@@ -597,6 +597,7 @@
     ALLOWED_DOCUMENT_TYPES = (
         [
             "txt",
+            "csv",
             "log",
             "doc",
             "docx",

From 81f1c4ab45582c6058e3ff9eed80452665bd2b6e Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Tue, 5 Sep 2023 18:09:37 +0200
Subject: [PATCH 147/330] [Fixes #11335] Hookable logic for the automatic
 assignment of regions (#11362)

* [Fixes #11335] Hookable logic for the automatic assignment of regions

* [Fixes #11335] Hookable logic for the automatic assignment of regions

* [Fixes #11335] Change default region value

* [Fixes #11335] Add test coverage

* [Fixes #11335] Add test coverage

* [Fixes #11335] add missing file headers

* [Fixes #11335] Move region dynamic loading into the metadata storer logic

* [Fixes #11335] Add cache system for metadata storer

* [Fixes #11335] Remove default region handler

* [Fixes #11335] Remove cache and use globals

* [Fixes #11335] fix broken tests

* [Fixes #11335] fix broken tests

* [Fixes #11335] fix broken tests

* self document the spatial_predicate_region_assignor

* [Fixes #11335] remove typo

* [Fixes #11335] fix flake8

---------

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
Co-authored-by: G. Allegri <giohappy@gmail.com>
---
 geonode/base/tests.py              | 13 ++++++-
 geonode/resource/manager.py        |  5 +--
 geonode/resource/regions_storer.py | 60 ++++++++++++++++++++++++++++++
 geonode/resource/utils.py          | 55 ++++++---------------------
 geonode/settings.py                |  9 ++++-
 geonode/tests/smoke.py             | 10 ++---
 6 files changed, 97 insertions(+), 55 deletions(-)
 create mode 100644 geonode/resource/regions_storer.py

diff --git a/geonode/base/tests.py b/geonode/base/tests.py
index 3c6cfb9b4f2..4c11e59ee58 100644
--- a/geonode/base/tests.py
+++ b/geonode/base/tests.py
@@ -81,7 +81,7 @@
 from django.core.management import call_command
 from django.core.management.base import CommandError
 from geonode.base.forms import ThesaurusAvailableForm, THESAURUS_RESULT_LIST_SEPERATOR
-
+from geonode.resource.manager import resource_manager
 
 test_image = Image.new("RGBA", size=(50, 50), color=(155, 0, 0))
 
@@ -1163,3 +1163,14 @@ def test_region_assignment_for_extent(self):
         self.assertFalse(
             region.is_assignable_to_geom(self.dataset_outside_region), "Extent outside a region should be assigned"
         )
+
+    @override_settings(METADATA_STORERS=["geonode.resource.regions_storer.spatial_predicate_region_assignor"])
+    def test_regions_are_assigned_if_handler_is_used(self):
+        dataset = resource_manager.create(
+            None,
+            resource_type=Dataset,
+            defaults=dict(owner=get_user_model().objects.first(), title="test_region_dataset", is_approved=True),
+        )
+        self.assertTrue(dataset.regions.exists())
+        self.assertEqual(1, dataset.regions.count())
+        self.assertEqual("Global", dataset.regions.first().name)
diff --git a/geonode/resource/manager.py b/geonode/resource/manager.py
index 79a9bb718ce..245350d6cbf 100644
--- a/geonode/resource/manager.py
+++ b/geonode/resource/manager.py
@@ -44,7 +44,7 @@
 from geonode.security.utils import perms_as_set, get_user_groups, skip_registered_members_common_group
 
 from . import settings as rm_settings
-from .utils import update_resource, metadata_storers, resourcebase_post_save
+from .utils import update_resource, resourcebase_post_save
 
 from ..base import enumerations
 from ..base.models import ResourceBase
@@ -398,7 +398,6 @@ def update(
                         extra_metadata=extra_metadata,
                     )
                     _resource = self._concrete_resource_manager.update(uuid, instance=_resource, notify=notify)
-                    _resource = metadata_storers(_resource.get_real_instance(), custom)
 
                     # The following is only a demo proof of concept for a pluggable WF subsystem
                     from geonode.resource.processing.models import ProcessingWorkflow
@@ -415,7 +414,7 @@ def update(
             finally:
                 try:
                     _resource.save(notify=notify)
-                    resourcebase_post_save(_resource.get_real_instance())
+                    resourcebase_post_save(_resource.get_real_instance(), kwargs={**kwargs, **custom})
                     _resource.set_permissions(
                         created=False,
                         approval_status_changed=(
diff --git a/geonode/resource/regions_storer.py b/geonode/resource/regions_storer.py
new file mode 100644
index 00000000000..e1213dd6010
--- /dev/null
+++ b/geonode/resource/regions_storer.py
@@ -0,0 +1,60 @@
+#########################################################################
+#
+# Copyright (C) 2023 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+
+import re
+import logging
+import traceback
+
+from geonode.base.models import Region
+from django.contrib.gis.geos import GEOSGeometry
+
+logger = logging.getLogger(__name__)
+
+
+# A metadata storer that assigns regions to a resource on the base of spatial predicates
+def spatial_predicate_region_assignor(instance, *args, **kwargs):
+    def _get_poly_from_instance(instance):
+        srid1, wkt1 = instance.geographic_bounding_box.split(";")
+        srid1 = re.findall(r"\d+", srid1)
+        poly1 = GEOSGeometry(wkt1, srid=int(srid1[0]))
+        poly1.transform(4326)
+        return poly1
+
+    if not instance.regions or instance.regions.count() == 0:
+        poly1 = _get_poly_from_instance(instance)
+
+        queryset = Region.objects.all().order_by("name")
+        global_regions = []
+        regions_to_add = []
+        for region in queryset:
+            try:
+                if region.is_assignable_to_geom(poly1):
+                    regions_to_add.append(region)
+                if region.level == 0 and region.parent is None:
+                    global_regions.append(region)
+            except Exception:
+                tb = traceback.format_exc()
+                if tb:
+                    logger.debug(tb)
+        if regions_to_add or global_regions:
+            if regions_to_add:
+                instance.regions.add(*regions_to_add)
+            else:
+                instance.regions.add(*global_regions)
+    return instance
diff --git a/geonode/resource/utils.py b/geonode/resource/utils.py
index b8e70a362cb..5490d85cca6 100644
--- a/geonode/resource/utils.py
+++ b/geonode/resource/utils.py
@@ -16,12 +16,11 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 #########################################################################
+
 import os
-import re
 import uuid
 import logging
 import datetime
-import traceback
 
 from urllib.parse import urlparse, urljoin
 
@@ -30,15 +29,14 @@
 from django.utils import timezone
 from django.core.exceptions import FieldDoesNotExist
 from django.utils.translation import ugettext_lazy as _
-from django.contrib.gis.geos import GEOSGeometry, MultiPolygon
-
+from django.contrib.gis.geos import MultiPolygon
 from geonode.utils import OGC_Servers_Handler
+from django.utils.module_loading import import_string
 
 from ..base import enumerations
 from ..base.models import (
     ExtraMetadata,
     Link,
-    Region,
     License,
     ResourceBase,
     TopicCategory,
@@ -279,12 +277,12 @@ def update_resource(
     return instance
 
 
-def metadata_storers(instance, custom={}):
-    from django.utils.module_loading import import_string
+def call_storers(instance, custom={}):
+    if not globals().get("storer_modules"):
+        storer_module_path = settings.METADATA_STORERS if hasattr(settings, "METADATA_STORERS") else []
+        globals()["storer_modules"] = [import_string(storer_path) for storer_path in storer_module_path]
 
-    available_storers = settings.METADATA_STORERS if hasattr(settings, "METADATA_STORERS") else []
-    for storer_path in available_storers:
-        storer = import_string(storer_path)
+    for storer in globals().get("storer_modules", []):
         storer(instance, custom)
     return instance
 
@@ -464,41 +462,9 @@ def metadata_post_save(instance, *args, **kwargs):
 
     ResourceBase.objects.filter(id=instance.id).update(**defaults)
 
-    try:
-        if not instance.regions or instance.regions.count() == 0:
-            srid1, wkt1 = instance.geographic_bounding_box.split(";")
-            srid1 = re.findall(r"\d+", srid1)
-
-            poly1 = GEOSGeometry(wkt1, srid=int(srid1[0]))
-            poly1.transform(4326)
-
-            queryset = Region.objects.all().order_by("name")
-            global_regions = []
-            regions_to_add = []
-            for region in queryset:
-                try:
-                    if region.is_assignable_to_geom(poly1):
-                        regions_to_add.append(region)
-                    if region.level == 0 and region.parent is None:
-                        global_regions.append(region)
-                except Exception:
-                    tb = traceback.format_exc()
-                    if tb:
-                        logger.debug(tb)
-            if regions_to_add or global_regions:
-                if regions_to_add:
-                    instance.regions.add(*regions_to_add)
-                else:
-                    instance.regions.add(*global_regions)
-    except Exception:
-        tb = traceback.format_exc()
-        if tb:
-            logger.debug(tb)
-    finally:
-        # refresh catalogue metadata records
-        from ..catalogue.models import catalogue_post_save
+    from ..catalogue.models import catalogue_post_save
 
-        catalogue_post_save(instance=instance, sender=instance.__class__)
+    catalogue_post_save(instance=instance, sender=instance.__class__)
 
 
 def resourcebase_post_save(instance, *args, **kwargs):
@@ -507,6 +473,7 @@ def resourcebase_post_save(instance, *args, **kwargs):
     Has to be called by the children
     """
     if instance:
+        instance = call_storers(instance.get_real_instance(), kwargs.get("custom", {}))
         if hasattr(instance, "abstract") and not getattr(instance, "abstract", None):
             instance.abstract = _("No abstract provided")
         if hasattr(instance, "title") and not getattr(instance, "title", None) or getattr(instance, "title", "") == "":
diff --git a/geonode/settings.py b/geonode/settings.py
index a5a4a69582d..48194eaacf9 100644
--- a/geonode/settings.py
+++ b/geonode/settings.py
@@ -2217,7 +2217,6 @@ def get_geonode_catalogue_service():
 Variable used to actually get the expected metadata schema for each resource_type.
 In this way, each resource type can have a different metadata schema
 """
-
 EXTRA_METADATA_SCHEMA = {
     **{
         "map": os.getenv("MAP_EXTRA_METADATA_SCHEMA", DEFAULT_EXTRA_METADATA_SCHEMA),
@@ -2228,12 +2227,18 @@ def get_geonode_catalogue_service():
     **CUSTOM_METADATA_SCHEMA,
 }
 
+"""
+List of modules that implement custom metadata storers that will be called when the metadata of a resource is saved
+"""
+METADATA_STORERS = [
+    # 'geonode.resource.regions_storer.spatial_predicate_region_assignor',
+]
+
 
 """
 Define the URLs patterns used by the SizeRestrictedFileUploadHandler
 to evaluate if the file is greater than the limit size defined
 """
-
 SIZE_RESTRICTED_FILE_UPLOAD_ELEGIBLE_URL_NAMES = (
     "data_upload",
     "uploads-upload",
diff --git a/geonode/tests/smoke.py b/geonode/tests/smoke.py
index bda90ec0e16..8b094310722 100644
--- a/geonode/tests/smoke.py
+++ b/geonode/tests/smoke.py
@@ -22,7 +22,7 @@
 from django.http import HttpResponse
 from geonode.base.populate_test_data import create_single_dataset
 from geonode.resource.download_handler import DownloadHandler
-from geonode.resource.utils import metadata_storers
+from geonode.resource.utils import call_storers
 from geonode.tests.base import GeoNodeBaseTestSupport
 
 import os
@@ -298,15 +298,15 @@ def setUp(self):
         self.uuid = self.dataset.uuid
         self.abstract = self.dataset.abstract
         self.custom = {
-            "processes": {"uuid": "abc123cfde", "abstract": "updated abstract"},
+            "processes": {"uuid": "abc123cfde", "name": "updated name"},
             "second-stage": {"title": "Updated Title", "abstract": "another update"},
         }
 
     @override_settings(METADATA_STORERS=["geonode.tests.smoke.dummy_metadata_storer"])
     def test_will_use_single_storers_defined(self):
-        metadata_storers(self.dataset, self.custom)
+        call_storers(self.dataset, self.custom)
         self.assertEqual("abc123cfde", self.dataset.uuid)
-        self.assertEqual("updated abstract", self.dataset.abstract)
+        self.assertEqual("updated name", self.dataset.name)
 
     @override_settings(
         METADATA_STORERS=[
@@ -315,7 +315,7 @@ def test_will_use_single_storers_defined(self):
         ]
     )
     def test_will_use_multiple_storers_defined(self):
-        dataset = metadata_storers(self.dataset, self.custom)
+        dataset = call_storers(self.dataset, self.custom)
         self.assertEqual("abc123cfde", dataset.uuid)
         self.assertEqual("another update", dataset.abstract)
         self.assertEqual("Updated Title", dataset.title)

From cd70285a2c92732bded9905584e305a4fde9ac77 Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Fri, 8 Sep 2023 18:05:36 +0200
Subject: [PATCH 148/330] [Fixes #11421] Improvements for DownloadHandler
 (#11423)

* [Fixes #11421] Improvements for DownloadHandler

* [Fixes #11421] Fix tests

* [Fixes #11421] Fix tests

* [Fixes #11421] Fix tests

* [Fixes #11421] Improve module import in download handlers

* [Fixes #11421] Improve module import in download handlers

* [Fixes #11335] fix flake8

* [Fixes #11421] fix broken test

* [Fixes #11421] Test fix tests

* [Fixes #11421] rollback test changes

* [Fixes #11421] Test order response value

* [Fixes #11421] Fix flake8 and black issues

* improve ajax_safe logic, extended tests

* remove unused import

* remove unused import (2)

* fixed custom download handler test

* fix

* black fix

* removed old parameter

---------

Co-authored-by: G. Allegri <giohappy@gmail.com>
---
 geonode/base/api/serializers.py               | 46 +++++++++-
 geonode/base/api/tests.py                     | 90 +++++++++++++++----
 geonode/documents/models.py                   |  8 ++
 geonode/documents/tests.py                    | 22 ++++-
 geonode/geoserver/tests/test_server.py        | 29 +++++-
 geonode/layers/api/tests.py                   | 24 +++++
 .../{resource => layers}/download_handler.py  | 61 ++++++++++---
 geonode/layers/models.py                      |  2 -
 geonode/layers/tests.py                       | 76 +++++++++++++---
 geonode/layers/utils.py                       | 34 +++++++
 geonode/layers/views.py                       | 12 ++-
 geonode/security/permissions.py               |  6 +-
 geonode/security/tests.py                     |  4 +-
 geonode/settings.py                           |  7 +-
 geonode/tests/smoke.py                        | 20 -----
 geonode/utils.py                              | 29 ------
 16 files changed, 362 insertions(+), 108 deletions(-)
 rename geonode/{resource => layers}/download_handler.py (73%)

diff --git a/geonode/base/api/serializers.py b/geonode/base/api/serializers.py
index b831326e88a..2b6933b4633 100644
--- a/geonode/base/api/serializers.py
+++ b/geonode/base/api/serializers.py
@@ -29,6 +29,7 @@
 from django.db.models.query import QuerySet
 from django.http import QueryDict
 
+from deprecated import deprecated
 from rest_framework import serializers
 from rest_framework_gis import fields
 from rest_framework.reverse import reverse, NoReverseMatch
@@ -54,8 +55,9 @@
 )
 from geonode.groups.models import GroupCategory, GroupProfile
 from geonode.base.api.fields import ComplexDynamicRelationField
+from geonode.layers.utils import get_dataset_download_handlers, get_default_dataset_download_handler
 from geonode.utils import build_absolute_uri
-from geonode.security.utils import get_resources_with_perms
+from geonode.security.utils import get_resources_with_perms, get_geoapp_subtypes
 from geonode.resource.models import ExecutionRequest
 
 logger = logging.getLogger(__name__)
@@ -278,8 +280,12 @@ class DownloadLinkField(DynamicComputedField):
     def __init__(self, **kwargs):
         super().__init__(**kwargs)
 
+    @deprecated(version="4.2.0", reason="Will be replaced by download_urls")
     def get_attribute(self, instance):
         try:
+            logger.info(
+                "This field is deprecated, and will be removed in the future GeoNode version. Please refer to download_urls"
+            )
             _instance = instance.get_real_instance()
             return _instance.download_url if hasattr(_instance, "download_url") else None
         except Exception as e:
@@ -287,6 +293,43 @@ def get_attribute(self, instance):
             return None
 
 
+class DownloadArrayLinkField(DynamicComputedField):
+    def __init__(self, **kwargs):
+        super().__init__(**kwargs)
+
+    def get_attribute(self, instance):
+        try:
+            _instance = instance.get_real_instance()
+        except Exception as e:
+            logger.exception(e)
+            raise e
+        if _instance.resource_type in ["map"] + get_geoapp_subtypes():
+            return []
+        elif _instance.resource_type in ["document"]:
+            return [
+                {
+                    "url": _instance.download_url,
+                    "ajax_safe": _instance.download_is_ajax_safe,
+                }
+            ]
+        elif _instance.resource_type in ["dataset"]:
+            download_urls = []
+            # lets get only the default one first to set it
+            default_handler = get_default_dataset_download_handler()
+            obj = default_handler(self.context.get("request"), _instance.alternate)
+            if obj.download_url:
+                download_urls.append({"url": obj.download_url, "ajax_safe": obj.is_ajax_safe, "default": True})
+            # then let's prepare the payload with everything
+            handler_list = get_dataset_download_handlers()
+            for handler in handler_list:
+                obj = handler(self.context.get("request"), _instance.alternate)
+                if obj.download_url:
+                    download_urls.append({"url": obj.download_url, "ajax_safe": obj.is_ajax_safe, "default": False})
+            return download_urls
+        else:
+            return []
+
+
 class FavoriteField(DynamicComputedField):
     def __init__(self, **kwargs):
         super().__init__(**kwargs)
@@ -479,6 +522,7 @@ def __init__(self, *args, **kwargs):
         self.fields["is_copyable"] = serializers.BooleanField(read_only=True)
         self.fields["download_url"] = DownloadLinkField(read_only=True)
         self.fields["favorite"] = FavoriteField(read_only=True)
+        self.fields["download_urls"] = DownloadArrayLinkField(read_only=True)
 
     metadata = ComplexDynamicRelationField(ExtraMetadataSerializer, embed=False, many=True, deferred=True)
 
diff --git a/geonode/base/api/tests.py b/geonode/base/api/tests.py
index 4feffb7d3c2..961d28da16a 100644
--- a/geonode/base/api/tests.py
+++ b/geonode/base/api/tests.py
@@ -23,7 +23,7 @@
 import json
 import logging
 from django.contrib.contenttypes.models import ContentType
-from django.test import override_settings
+from django.test import RequestFactory, override_settings
 import gisdata
 
 from PIL import Image
@@ -751,12 +751,16 @@ def test_resource_serializer_validation(self):
         ds = ResourceBase.objects.get(title=title)
         ds.keywords.add(HierarchicalKeyword.objects.get(slug="a1"))
 
-        serialized = ResourceBaseSerializer(ds)
+        factory = RequestFactory()
+        rq = factory.get("test")
+        rq.user = owner
+
+        serialized = ResourceBaseSerializer(ds, context={"request": rq})
         json = JSONRenderer().render(serialized.data)
         stream = BytesIO(json)
         data = JSONParser().parse(stream)
         self.assertIsInstance(data, dict)
-        se = ResourceBaseSerializer(data=data)
+        se = ResourceBaseSerializer(data=data, context={"request": rq})
         self.assertTrue(se.is_valid())
 
     def test_delete_user_with_resource(self):
@@ -2065,6 +2069,7 @@ def test_manager_can_edit_map(self):
         """
         REST API must not forbid saving maps and apps to non-admin and non-owners.
         """
+        self.maxDiff = None
         from geonode.maps.models import Map
 
         _map = Map.objects.filter(uuid__isnull=False, owner__username="admin").first()
@@ -2120,7 +2125,7 @@ def test_manager_can_edit_map(self):
         response = self.client.get(resource_service_permissions_url, format="json")
         self.assertEqual(response.status_code, 200)
         resource_perm_spec = response.data
-        self.assertEqual(
+        self.assertDictEqual(
             resource_perm_spec,
             {
                 "users": [
@@ -2161,7 +2166,7 @@ def test_manager_can_edit_map(self):
         response = self.client.get(get_perms_url, format="json")
         self.assertEqual(response.status_code, 200)
         resource_perm_spec = response.data
-        self.assertEqual(
+        self.assertDictEqual(
             resource_perm_spec,
             {
                 "users": [
@@ -2200,20 +2205,10 @@ def test_manager_can_edit_map(self):
         response = self.client.get(get_perms_url, format="json")
         self.assertEqual(response.status_code, 200)
         resource_perm_spec = response.data
-        self.assertEqual(
+        self.assertDictEqual(
             resource_perm_spec,
             {
                 "users": [
-                    {
-                        "id": 1,
-                        "username": "admin",
-                        "first_name": "admin",
-                        "last_name": "",
-                        "avatar": "https://www.gravatar.com/avatar/7a68c67c8d409ff07e42aa5d5ab7b765/?s=240",
-                        "permissions": "owner",
-                        "is_staff": True,
-                        "is_superuser": True,
-                    },
                     {
                         "id": bobby.id,
                         "username": "bobby",
@@ -2224,6 +2219,16 @@ def test_manager_can_edit_map(self):
                         "is_staff": False,
                         "is_superuser": False,
                     },
+                    {
+                        "id": 1,
+                        "username": "admin",
+                        "first_name": "admin",
+                        "last_name": "",
+                        "avatar": "https://www.gravatar.com/avatar/7a68c67c8d409ff07e42aa5d5ab7b765/?s=240",
+                        "permissions": "owner",
+                        "is_staff": True,
+                        "is_superuser": True,
+                    },
                 ],
                 "organizations": [],
                 "groups": [
@@ -2445,6 +2450,59 @@ def test_base_resources_dont_return_download_link_if_map(self):
         download_url = response.json().get("resource").get("download_url")
         self.assertIsNone(download_url)
 
+    def test_base_resources_return_not_download_links_for_maps(self):
+        """
+        Ensure we can access the Resource Base list.
+        """
+        _map = Map.objects.first()
+        # From resource base API
+        url = reverse("base-resources-detail", args=[_map.id])
+        response = self.client.get(url, format="json")
+        download_url = response.json().get("resource").get("download_urls", None)
+        self.assertListEqual([], download_url)
+
+        # from maps api
+        url = reverse("maps-detail", args=[_map.id])
+        download_url = response.json().get("resource").get("download_urls")
+        self.assertListEqual([], download_url)
+
+    def test_base_resources_return_download_links_for_documents(self):
+        """
+        Ensure we can access the Resource Base list.
+        """
+        doc = Document.objects.first()
+        expected_payload = [{"url": build_absolute_uri(doc.download_url), "ajax_safe": doc.download_is_ajax_safe}]
+        # From resource base API
+        url = reverse("base-resources-detail", args=[doc.id])
+        response = self.client.get(url, format="json")
+        download_url = response.json().get("resource").get("download_urls")
+        self.assertListEqual(expected_payload, download_url)
+
+        # from documents api
+        url = reverse("documents-detail", args=[doc.id])
+        download_url = response.json().get("resource").get("download_urls")
+        self.assertListEqual(expected_payload, download_url)
+
+    def test_base_resources_return_download_links_for_datasets(self):
+        """
+        Ensure we can access the Resource Base list.
+        """
+        _dataset = Dataset.objects.first()
+        expected_payload = [
+            {"url": reverse("dataset_download", args=[_dataset.alternate]), "ajax_safe": True, "default": True}
+        ]
+
+        # From resource base API
+        url = reverse("base-resources-detail", args=[_dataset.id])
+        response = self.client.get(url, format="json")
+        download_url = response.json().get("resource").get("download_urls")
+        self.assertEqual(expected_payload, download_url)
+
+        # from dataset api
+        url = reverse("datasets-detail", args=[_dataset.id])
+        download_url = response.json().get("resource").get("download_urls")
+        self.assertEqual(expected_payload, download_url)
+
 
 class TestExtraMetadataBaseApi(GeoNodeBaseTestSupport):
     def setUp(self):
diff --git a/geonode/documents/models.py b/geonode/documents/models.py
index 402194f9908..5f5f41ab218 100644
--- a/geonode/documents/models.py
+++ b/geonode/documents/models.py
@@ -103,6 +103,14 @@ def href(self):
         elif self.files:
             return urljoin(settings.SITEURL, reverse("document_link", args=(self.id,)))
 
+    @property
+    def is_local(self):
+        return False if self.doc_url else True
+
+    @property
+    def download_is_ajax_safe(self):
+        return self.is_local
+
     @property
     def is_file(self):
         return self.files and self.extension
diff --git a/geonode/documents/tests.py b/geonode/documents/tests.py
index 8bf91a88529..f58a71f4734 100644
--- a/geonode/documents/tests.py
+++ b/geonode/documents/tests.py
@@ -56,7 +56,7 @@
 from geonode.documents.enumerations import DOCUMENT_TYPE_MAP
 from geonode.documents.models import Document, DocumentResourceLink
 
-from geonode.base.populate_test_data import all_public, create_models, remove_models
+from geonode.base.populate_test_data import all_public, create_models, create_single_doc, remove_models
 from geonode.upload.api.exceptions import FileUploadLimitException
 
 from .forms import DocumentCreateForm
@@ -153,6 +153,26 @@ def test_remote_document_is_marked_remote(self):
         d = Document.objects.get(title="A remote document through form is remote")
         self.assertEqual(d.sourcetype, SOURCE_TYPE_REMOTE)
 
+    def test_download_is_not_ajax_safe(self):
+        """Remote document is mark as not safe."""
+        self.client.login(username="admin", password="admin")
+        form_data = {
+            "title": "A remote document through form is remote",
+            "doc_url": "https://development.demo.geonode.org/static/mapstore/img/geonode-logo.svg",
+        }
+
+        response = self.client.post(reverse("document_upload"), data=form_data)
+
+        self.assertEqual(response.status_code, 302)
+
+        d = Document.objects.get(title="A remote document through form is remote")
+        self.assertFalse(d.download_is_ajax_safe)
+
+    def test_download_is_ajax_safe(self):
+        """Remote document is mark as not safe."""
+        d = create_single_doc("example_doc_name")
+        self.assertTrue(d.download_is_ajax_safe)
+
     def test_create_document_url(self):
         """Tests creating an external document instead of a file."""
 
diff --git a/geonode/geoserver/tests/test_server.py b/geonode/geoserver/tests/test_server.py
index 1fbafbff07f..42d7ec06bb9 100644
--- a/geonode/geoserver/tests/test_server.py
+++ b/geonode/geoserver/tests/test_server.py
@@ -48,6 +48,7 @@
 from geonode.layers.populate_datasets_data import create_dataset_data
 from geonode.base.populate_test_data import all_public, create_models, remove_models, create_single_dataset
 from geonode.geoserver.helpers import gs_catalog, get_sld_for, extract_name_from_sld
+from geonode.catalogue.models import catalogue_post_save
 
 import logging
 
@@ -1192,8 +1193,19 @@ def test_set_resources_links(self):
         with self.settings(UPDATE_RESOURCE_LINKS_AT_MIGRATE=True, ASYNC_SIGNALS=False):
             # Links
             _def_link_types = ["original", "metadata"]
-            _links = Link.objects.filter(link_type__in=_def_link_types)
             # Check 'original' and 'metadata' links exist
+            Link.objects.update_or_create(
+                resource=Dataset.objects.first(),
+                url="https://custom_dowonload_url.com",
+                defaults=dict(
+                    extension="zip",
+                    name="Original Dataset",
+                    mime="application/octet-stream",
+                    link_type="original",
+                ),
+            )
+            _links = Link.objects.filter(link_type__in=_def_link_types)
+
             self.assertIsNotNone(_links, "No 'original' and 'metadata' links have been found")
 
             # Delete all 'original' and 'metadata' links
@@ -1233,6 +1245,18 @@ def test_set_resources_links(self):
 
             for _lyr in _post_migrate_datasets:
                 # Check original links in csw_anytext
+                # by default is not created anymore, we need to create one
+                Link.objects.update_or_create(
+                    resource=_lyr,
+                    url="https://custom_dowonload_url.com",
+                    defaults=dict(
+                        extension="zip",
+                        name="Original Dataset",
+                        mime="application/octet-stream",
+                        link_type="original",
+                    ),
+                )
+
                 _post_migrate_links_orig = Link.objects.filter(
                     resource=_lyr.resourcebase_ptr, resource_id=_lyr.resourcebase_ptr.id, link_type="original"
                 )
@@ -1240,6 +1264,9 @@ def test_set_resources_links(self):
                     _post_migrate_links_orig.exists(),
                     f"No 'original' links has been found for the layer '{_lyr.alternate}'",
                 )
+                # needed to update the csw_anytext field with the new link created
+                catalogue_post_save(instance=_lyr, sender=_lyr.__class__)
+                _lyr.refresh_from_db()
                 for _link_orig in _post_migrate_links_orig:
                     self.assertIn(
                         _link_orig.url,
diff --git a/geonode/layers/api/tests.py b/geonode/layers/api/tests.py
index 7361e5c744a..88ba047ed03 100644
--- a/geonode/layers/api/tests.py
+++ b/geonode/layers/api/tests.py
@@ -30,6 +30,7 @@
 from guardian.shortcuts import assign_perm, get_anonymous_user
 from geonode.geoserver.createlayer.utils import create_dataset
 
+from geonode.base.models import Link
 from geonode.base.populate_test_data import create_models, create_single_dataset
 from geonode.layers.models import Attribute, Dataset
 from geonode.maps.models import Map, MapLayer
@@ -415,3 +416,26 @@ def test_valid_metadata_file(self):
         put_data = {"metadata_file": f}
         response = self.client.put(url, data=put_data)
         self.assertEqual(200, response.status_code)
+
+    def test_download_api(self):
+        dataset = create_single_dataset("test_dataset")
+        url = reverse("datasets-detail", kwargs={"pk": dataset.pk})
+        response = self.client.get(url)
+        self.assertTrue(response.status_code == 200)
+        data = response.json()["dataset"]
+        download_url_data = data["download_urls"][0]
+        download_url = reverse("dataset_download", args=[dataset.alternate])
+        self.assertEqual(download_url_data["default"], True)
+        self.assertEqual(download_url_data["ajax_safe"], True)
+        self.assertEqual(download_url_data["url"], download_url)
+
+        link = Link(link_type="original", url="https://myoriginal.org", resource=dataset)
+        link.save()
+
+        response = self.client.get(url)
+        data = response.json()["dataset"]
+        download_url_data = data["download_urls"][0]
+        download_url = reverse("dataset_download", args=[dataset.alternate])
+        self.assertEqual(download_url_data["default"], True)
+        self.assertEqual(download_url_data["ajax_safe"], False)
+        self.assertEqual(download_url_data["url"], "https://myoriginal.org")
diff --git a/geonode/resource/download_handler.py b/geonode/layers/download_handler.py
similarity index 73%
rename from geonode/resource/download_handler.py
rename to geonode/layers/download_handler.py
index ae21e4e23a9..d969a0d3703 100644
--- a/geonode/resource/download_handler.py
+++ b/geonode/layers/download_handler.py
@@ -31,10 +31,10 @@
 from geonode.proxy.views import fetch_response_headers
 from geonode.utils import HttpClient
 
-logger = logging.getLogger("geonode.resource.download_handler")
+logger = logging.getLogger("geonode.layers.download_handler")
 
 
-class DownloadHandler:
+class DatasetDownloadHandler:
     def __str__(self):
         return f"{self.__module__}.{self.__class__.__name__}"
 
@@ -44,6 +44,7 @@ def __repr__(self):
     def __init__(self, request, resource_name) -> None:
         self.request = request
         self.resource_name = resource_name
+        self._resource = None
 
     def get_download_response(self):
         """
@@ -51,27 +52,61 @@ def get_download_response(self):
         that allow the resource download
         """
         resource = self.get_resource()
+        if not resource:
+            raise Http404("Resource requested is not available")
         response = self.process_dowload(resource)
         return response
 
+    @property
+    def is_link_resource(self):
+        resource = self.get_resource()
+        return resource.link_set.filter(resource=resource, link_type="original").exists()
+
+    @property
+    def is_ajax_safe(self):
+        """
+        AJAX is safe to be used for WPS downloads. In case of a link set in a Link entry we cannot assume it,
+        since it could point to an external (non CORS enabled) URL
+        """
+        return settings.USE_GEOSERVER and not self.is_link_resource
+
+    @property
+    def download_url(self):
+        resource = self.get_resource()
+        if not resource:
+            return None
+        if resource.subtype not in ["vector", "raster", "vector_time"]:
+            logger.info("Download URL is available only for datasets that have been harvested and copied locally")
+            return None
+
+        if self.is_link_resource:
+            return resource.link_set.filter(resource=resource.get_self_resource(), link_type="original").first().url
+
+        return reverse("dataset_download", args=[resource.alternate])
+
     def get_resource(self):
         """
         Returnt the object needed
         """
-        try:
-            return _resolve_dataset(
-                self.request,
-                self.resource_name,
-                "base.download_resourcebase",
-                _("You do not have permissions for this dataset."),
-            )
-        except Exception as e:
-            raise Http404(Exception(_("Not found"), e))
-
-    def process_dowload(self, resource):
+        if not self._resource:
+            try:
+                self._resource = _resolve_dataset(
+                    self.request,
+                    self.resource_name,
+                    "base.download_resourcebase",
+                    _("You do not have download permissions for this dataset."),
+                )
+            except Exception as e:
+                logger.exception(e)
+
+        return self._resource
+
+    def process_dowload(self, resource=None):
         """
         Generate the response object
         """
+        if not resource:
+            resource = self.get_resource()
         if not settings.USE_GEOSERVER:
             # if GeoServer is not used, we redirect to the proxy download
             return HttpResponseRedirect(reverse("download", args=[resource.id]))
diff --git a/geonode/layers/models.py b/geonode/layers/models.py
index 0d6c425e8e0..05df8956868 100644
--- a/geonode/layers/models.py
+++ b/geonode/layers/models.py
@@ -330,8 +330,6 @@ def download_url(self):
         if self.subtype not in ["vector", "raster", "vector_time"]:
             logger.info("Download URL is available only for datasets that have been harvested and copied locally")
             return None
-        if self.link_set.filter(resource=self.get_self_resource(), link_type="original").exists():
-            return self.link_set.filter(resource=self.get_self_resource(), link_type="original").first().url
         return build_absolute_uri(reverse("dataset_download", args=(self.alternate,)))
 
     @property
diff --git a/geonode/layers/tests.py b/geonode/layers/tests.py
index 2deb3ca0a21..ec08069bac6 100644
--- a/geonode/layers/tests.py
+++ b/geonode/layers/tests.py
@@ -41,6 +41,7 @@
 from django.contrib.gis.geos import Polygon
 from django.db.models import Count
 from django.contrib.auth import get_user_model
+from django.http import HttpResponse
 
 from django.conf import settings
 from django.test.utils import override_settings
@@ -48,6 +49,7 @@
 from geonode.geoserver.createlayer.utils import create_dataset
 
 from geonode.layers import utils
+from geonode.layers.utils import clear_dataset_download_handlers
 from geonode.base import enumerations
 from geonode.layers import DatasetAppConfig
 from geonode.layers.admin import DatasetAdmin
@@ -81,6 +83,7 @@
 )
 
 from geonode.base.populate_test_data import all_public, create_models, remove_models, create_single_dataset
+from geonode.layers.download_handler import DatasetDownloadHandler
 
 logger = logging.getLogger(__name__)
 
@@ -323,6 +326,7 @@ def test_dataset_styles(self):
     def test_dataset_links(self):
         lyr = Dataset.objects.filter(subtype="vector").first()
         self.assertEqual(lyr.subtype, "vector")
+
         if check_ogc_backend(geoserver.BACKEND_PACKAGE):
             links = Link.objects.filter(resource=lyr.resourcebase_ptr, link_type="metadata")
             self.assertIsNotNone(links)
@@ -373,11 +377,6 @@ def test_dataset_links(self):
             links = Link.objects.filter(resource=lyr.resourcebase_ptr, link_type="image")
             self.assertIsNotNone(links)
 
-            Link.objects.filter(resource=lyr.resourcebase_ptr, link_type="original").update(
-                url="http://google.com/test"
-            )
-            self.assertEqual(lyr.download_url, "http://google.com/test")
-
     def test_get_valid_user(self):
         # Verify it accepts an admin user
         adminuser = get_user_model().objects.get(is_superuser=True)
@@ -1210,7 +1209,7 @@ def test_dataset_download_invalid_wps_format(self):
         self.assertEqual(500, response.status_code)
         self.assertDictEqual({"error": "The format provided is not valid for the selected resource"}, response.json())
 
-    @patch("geonode.resource.download_handler.HttpClient.request")
+    @patch("geonode.layers.download_handler.HttpClient.request")
     def test_dataset_download_call_the_catalog_raise_error_for_no_200(self, mocked_catalog):
         _response = MagicMock(status_code=500, content="foo-bar")
         mocked_catalog.return_value = _response, "foo-bar"
@@ -1234,7 +1233,7 @@ def test_dataset_download_call_the_catalog_raise_error_for_error_content(self):
         # if settings.USE_GEOSERVER is false, the URL must be redirected
         self.client.login(username="admin", password="admin")
         dataset = Dataset.objects.first()
-        with patch("geonode.resource.download_handler.HttpClient.request") as mocked_catalog:
+        with patch("geonode.layers.download_handler.HttpClient.request") as mocked_catalog:
             mocked_catalog.return_value = _response, content
             url = reverse("dataset_download", args=[dataset.alternate])
             response = self.client.get(url)
@@ -1247,7 +1246,7 @@ def test_dataset_download_call_the_catalog_works(self):
         self.client.login(username="admin", password="admin")
         dataset = Dataset.objects.first()
         layer = create_dataset(dataset.title, dataset.title, dataset.owner, "Point")
-        with patch("geonode.resource.download_handler.HttpClient.request") as mocked_catalog:
+        with patch("geonode.layers.download_handler.HttpClient.request") as mocked_catalog:
             mocked_catalog.return_value = _response, ""
             url = reverse("dataset_download", args=[layer.alternate])
             response = self.client.get(url)
@@ -1266,21 +1265,21 @@ def test_dataset_download_call_the_catalog_work_anonymous(self):
         _response = MagicMock(status_code=200, text="", headers={"Content-Type": ""})  # noqa
         dataset = Dataset.objects.first()
         layer = create_dataset(dataset.title, dataset.title, dataset.owner, "Point")
-        with patch("geonode.resource.download_handler.HttpClient.request") as mocked_catalog:
+        with patch("geonode.layers.download_handler.HttpClient.request") as mocked_catalog:
             mocked_catalog.return_value = _response, ""
             url = reverse("dataset_download", args=[layer.alternate])
             response = self.client.get(url)
             self.assertTrue(response.status_code == 200)
 
     @override_settings(USE_GEOSERVER=True)
-    @patch("geonode.resource.download_handler.get_template")
+    @patch("geonode.layers.download_handler.get_template")
     def test_dataset_download_call_the_catalog_work_for_raster(self, pathed_template):
         # if settings.USE_GEOSERVER is false, the URL must be redirected
         _response = MagicMock(status_code=200, text="", headers={"Content-Type": ""})  # noqa
         dataset = Dataset.objects.filter(subtype="raster").first()
         layer = create_dataset(dataset.title, dataset.title, dataset.owner, "Point")
         Dataset.objects.filter(alternate=layer.alternate).update(subtype="raster")
-        with patch("geonode.resource.download_handler.HttpClient.request") as mocked_catalog:
+        with patch("geonode.layers.download_handler.HttpClient.request") as mocked_catalog:
             mocked_catalog.return_value = _response, ""
             url = reverse("dataset_download", args=[layer.alternate])
             response = self.client.get(url)
@@ -1293,13 +1292,13 @@ def test_dataset_download_call_the_catalog_work_for_raster(self, pathed_template
         )
 
     @override_settings(USE_GEOSERVER=True)
-    @patch("geonode.resource.download_handler.get_template")
+    @patch("geonode.layers.download_handler.get_template")
     def test_dataset_download_call_the_catalog_work_for_vector(self, pathed_template):
         # if settings.USE_GEOSERVER is false, the URL must be redirected
         _response = MagicMock(status_code=200, text="", headers={"Content-Type": ""})  # noqa
         dataset = Dataset.objects.filter(subtype="vector").first()
         layer = create_dataset(dataset.title, dataset.title, dataset.owner, "Point")
-        with patch("geonode.resource.download_handler.HttpClient.request") as mocked_catalog:
+        with patch("geonode.layers.download_handler.HttpClient.request") as mocked_catalog:
             mocked_catalog.return_value = _response, ""
             url = reverse("dataset_download", args=[layer.alternate])
             response = self.client.get(url)
@@ -2219,3 +2218,54 @@ def _assert_perms(self, expected_perms, dataset, username, assertion=True):
             self.assertSetEqual(expected_perms, actual)
         else:
             self.assertFalse(username in [user.username for user in perms["users"]])
+
+
+class TestDatasetDownloadHandler(GeoNodeBaseTestSupport):
+    def setUp(self):
+        user = get_user_model().objects.first()
+        request = RequestFactory().get("http://test_url.com")
+        request.user = user
+        self.dataset = create_single_dataset("test_dataset_for_download")
+        self.sut = DatasetDownloadHandler(request, self.dataset.alternate)
+
+    def test_download_url_without_original_link(self):
+        expected_url = reverse("dataset_download", args=[self.dataset.alternate])
+        self.assertEqual(expected_url, self.sut.download_url)
+
+    def test_download_url_with_original_link(self):
+        Link.objects.update_or_create(
+            resource=self.dataset.resourcebase_ptr,
+            url="https://custom_dowonload_url.com",
+            defaults=dict(
+                extension="zip",
+                name="Original Dataset",
+                mime="application/octet-stream",
+                link_type="original",
+            ),
+        )
+        expected_url = "https://custom_dowonload_url.com"
+        self.assertEqual(expected_url, self.sut.download_url)
+
+    def test_get_resource_exists(self):
+        self.assertIsNotNone(self.sut.get_resource())
+
+    def test_process_dowload(self):
+        response = self.sut.get_download_response()
+        self.assertIsNotNone(response)
+
+
+class DummyDownloadHandler(DatasetDownloadHandler):
+    def get_download_response(self):
+        return HttpResponse(content=b"abcsfd2")
+
+
+class TestCustomDownloadHandler(GeoNodeBaseTestSupport):
+    @override_settings(DEFAULT_DATASET_DOWNLOAD_HANDLER="geonode.layers.tests.DummyDownloadHandler")
+    def test_download_custom_handler(self):
+        clear_dataset_download_handlers()
+        dataset = create_single_dataset("test_custom_download_dataset")
+        url = reverse("dataset_download", args=[dataset.alternate])
+        self.client.login(username="admin", password="admin")
+        response = self.client.get(url)
+        self.assertTrue(response.status_code == 200)
+        self.assertEqual(response.content, b"abcsfd2")
diff --git a/geonode/layers/utils.py b/geonode/layers/utils.py
index 57b53fc2092..164d07b8562 100644
--- a/geonode/layers/utils.py
+++ b/geonode/layers/utils.py
@@ -591,3 +591,37 @@ def is_sld_upload_only(request):
 def mdata_search_by_type(request, filetype):
     files = list({v.name for k, v in request.FILES.items()})
     return len(files) == 1 and all([filetype in f for f in files])
+
+
+default_dataset_download_handler = None
+dataset_download_handler_list = []
+
+
+def get_dataset_download_handlers():
+    if not dataset_download_handler_list and getattr(settings, "DATASET_DOWNLOAD_HANDLERS", None):
+        dataset_download_handler_list.append(import_string(settings.DATASET_DOWNLOAD_HANDLERS[0]))
+
+    return dataset_download_handler_list
+
+
+def get_default_dataset_download_handler():
+    global default_dataset_download_handler
+    if not default_dataset_download_handler and getattr(settings, "DEFAULT_DATASET_DOWNLOAD_HANDLER", None):
+        default_dataset_download_handler = import_string(settings.DEFAULT_DATASET_DOWNLOAD_HANDLER)
+
+    return default_dataset_download_handler
+
+
+def set_default_dataset_download_handler(handler):
+    global default_dataset_download_handler
+    handler_module = import_string(handler)
+    if handler_module not in dataset_download_handler_list:
+        dataset_download_handler_list.append(handler_module)
+
+    default_dataset_download_handler = handler_module
+
+
+def clear_dataset_download_handlers():
+    global default_dataset_download_handler
+    dataset_download_handler_list.clear()
+    default_dataset_download_handler = None
diff --git a/geonode/layers/views.py b/geonode/layers/views.py
index d9b08da7f97..3aa3bb91ff8 100644
--- a/geonode/layers/views.py
+++ b/geonode/layers/views.py
@@ -59,7 +59,12 @@
 from geonode.decorators import check_keyword_write_perms
 from geonode.layers.forms import DatasetForm, DatasetTimeSerieForm, LayerAttributeForm, NewLayerUploadForm
 from geonode.layers.models import Dataset, Attribute
-from geonode.layers.utils import is_sld_upload_only, is_xml_upload_only, validate_input_source
+from geonode.layers.utils import (
+    is_sld_upload_only,
+    is_xml_upload_only,
+    get_default_dataset_download_handler,
+    validate_input_source,
+)
 from geonode.services.models import Service
 from geonode.base import register_event
 from geonode.monitoring.models import EventType
@@ -69,7 +74,6 @@
 from geonode.utils import check_ogc_backend, llbbox_to_mercator, resolve_object, mkdtemp
 from geonode.geoserver.helpers import ogc_server_settings, select_relevant_files, write_uploaded_files_to_disk
 from geonode.geoserver.security import set_geowebcache_invalidate_cache
-from django.utils.module_loading import import_string
 
 if check_ogc_backend(geoserver.BACKEND_PACKAGE):
     from geonode.geoserver.helpers import gs_catalog
@@ -733,8 +737,8 @@ def dataset_metadata_advanced(request, layername):
 
 @csrf_exempt
 def dataset_download(request, layername):
-    DownloadHandler = import_string(settings.DATASET_DOWNLOAD_HANDLER)
-    return DownloadHandler(request, layername).get_download_response()
+    handler = get_default_dataset_download_handler()
+    return handler(request, layername).get_download_response()
 
 
 @login_required
diff --git a/geonode/security/permissions.py b/geonode/security/permissions.py
index 0c3ddac2147..4d8b2e0bf1f 100644
--- a/geonode/security/permissions.py
+++ b/geonode/security/permissions.py
@@ -571,9 +571,9 @@ def compact(self):
                 }
             )
 
-        json["users"] = user_perms
-        json["organizations"] = organization_perms
-        json["groups"] = group_perms
+        json["users"] = sorted(user_perms, key=lambda x: x["id"], reverse=True)
+        json["organizations"] = sorted(organization_perms, key=lambda x: x["id"], reverse=True)
+        json["groups"] = sorted(group_perms, key=lambda x: x["id"], reverse=True)
         return json.copy()
 
 
diff --git a/geonode/security/tests.py b/geonode/security/tests.py
index 52b43a38551..f80a0ef8a52 100644
--- a/geonode/security/tests.py
+++ b/geonode/security/tests.py
@@ -2480,7 +2480,9 @@ def test_user_with_view_perms(self):
             # setting the view permissions
             url = reverse(_case["url"], kwargs={"pk": _case["resource"].pk})
 
-            _case["resource"].set_permissions({"users": {self.marty.username: ["base.view_resourcebase"]}})
+            _case["resource"].set_permissions(
+                {"users": {self.marty.username: ["base.view_resourcebase", "base.download_resourcebase"]}}
+            )
             # calling the api
             self.client.force_login(self.marty)
             result = self.client.get(url)
diff --git a/geonode/settings.py b/geonode/settings.py
index 48194eaacf9..eae71d843fa 100644
--- a/geonode/settings.py
+++ b/geonode/settings.py
@@ -1343,9 +1343,6 @@
     "Zipped All Files",
 ]
 
-
-DISPLAY_ORIGINAL_DATASET_LINK = ast.literal_eval(os.getenv("DISPLAY_ORIGINAL_DATASET_LINK", "True"))
-
 ACCOUNT_NOTIFY_ON_PASSWORD_CHANGE = ast.literal_eval(os.getenv("ACCOUNT_NOTIFY_ON_PASSWORD_CHANGE", "False"))
 
 TASTYPIE_DEFAULT_FORMATS = ["json"]
@@ -2361,4 +2358,6 @@ def get_geonode_catalogue_service():
     {"class": "geonode.facets.providers.thesaurus.ThesaurusFacetProvider", "config": {"type": "select"}},
 ]
 
-DATASET_DOWNLOAD_HANDLER = os.getenv("DATASET_DOWNLOAD_HANDLER", "geonode.resource.download_handler.DownloadHandler")
+DEFAULT_DATASET_DOWNLOAD_HANDLER = "geonode.layers.download_handler.DatasetDownloadHandler"
+
+DATASET_DOWNLOAD_HANDLERS = ast.literal_eval(os.getenv("DATASET_DOWNLOAD_HANDLERS", "[]"))
diff --git a/geonode/tests/smoke.py b/geonode/tests/smoke.py
index 8b094310722..1317fd8cc36 100644
--- a/geonode/tests/smoke.py
+++ b/geonode/tests/smoke.py
@@ -19,9 +19,7 @@
 
 from unittest import TestCase
 
-from django.http import HttpResponse
 from geonode.base.populate_test_data import create_single_dataset
-from geonode.resource.download_handler import DownloadHandler
 from geonode.resource.utils import call_storers
 from geonode.tests.base import GeoNodeBaseTestSupport
 
@@ -336,21 +334,3 @@ def dummy_metadata_storer2(dataset, custom):
     if custom.get("second-stage", None):
         for key, value in custom["second-stage"].items():
             setattr(dataset, key, value)
-
-
-class DummyDownloadManager(DownloadHandler):
-    def get_download_response(self):
-        return HttpResponse(content=b"abcsfd2")
-
-
-class TestDownloadManager(GeoNodeBaseTestSupport):
-    def setUp(self):
-        self.sut = DownloadHandler
-
-    @override_settings(DATASET_DOWNLOAD_HANDLER="geonode.tests.smoke.DummyDownloadManager")
-    def test_download_handler(self):
-        dataset = create_single_dataset("test_dataset")
-        url = reverse("dataset_download", args=[dataset.alternate])
-        response = self.client.get(url)
-        self.assertTrue(response.status_code == 200)
-        self.assertEqual(response.content, b"abcsfd2")
diff --git a/geonode/utils.py b/geonode/utils.py
index 694962132f2..26feb074218 100755
--- a/geonode/utils.py
+++ b/geonode/utils.py
@@ -1411,10 +1411,7 @@ def get_legend_url(
 
 def set_resource_default_links(instance, layer, prune=False, **kwargs):
     from geonode.base.models import Link
-    from django.urls import reverse
     from django.utils.translation import ugettext
-    from geonode.layers.models import Dataset
-    from geonode.documents.models import Document
 
     # Prune old links
     if prune:
@@ -1481,32 +1478,6 @@ def set_resource_default_links(instance, layer, prune=False, **kwargs):
                 logger.exception(e)
                 bbox = instance.bbox_string
 
-        # Create Raw Data download link
-        if settings.DISPLAY_ORIGINAL_DATASET_LINK:
-            logger.debug(" -- Resource Links[Create Raw Data download link]...")
-            if isinstance(instance, Dataset):
-                download_url = build_absolute_uri(reverse("dataset_download", args=(instance.alternate,)))
-            elif isinstance(instance, Document):
-                download_url = build_absolute_uri(reverse("document_download", args=(instance.id,)))
-            else:
-                download_url = None
-
-            while Link.objects.filter(resource=instance.resourcebase_ptr, link_type="original").exists():
-                Link.objects.filter(resource=instance.resourcebase_ptr, link_type="original").delete()
-            Link.objects.update_or_create(
-                resource=instance.resourcebase_ptr,
-                url=download_url,
-                defaults=dict(
-                    extension="zip",
-                    name="Original Dataset",
-                    mime="application/octet-stream",
-                    link_type="original",
-                ),
-            )
-            logger.debug(" -- Resource Links[Create Raw Data download link]...done!")
-        else:
-            Link.objects.filter(resource=instance.resourcebase_ptr, name="Original Dataset").delete()
-
         # Set download links for WMS, WCS or WFS and KML
         logger.debug(" -- Resource Links[Set download links for WMS, WCS or WFS and KML]...")
         instance_ows_url = f"{instance.ows_url}?" if instance.ows_url else f"{ogc_server_settings.public_url}ows?"

From 04837e7449bacfa8f5d590c21a256408085da939 Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Mon, 11 Sep 2023 11:54:55 +0200
Subject: [PATCH 149/330] Add args and kwargs in resources API (#11459)

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 geonode/base/api/views.py      | 34 +++++++++++++++++-----------------
 geonode/documents/api/views.py |  2 +-
 geonode/layers/api/views.py    | 10 +++++-----
 geonode/maps/api/views.py      |  4 ++--
 4 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/geonode/base/api/views.py b/geonode/base/api/views.py
index ae81b395883..fbbd2faec29 100644
--- a/geonode/base/api/views.py
+++ b/geonode/base/api/views.py
@@ -378,7 +378,7 @@ def _filtered(self, request, filter):
         description="API endpoint allowing to retrieve the approved Resources.",
     )
     @action(detail=False, methods=["get"])
-    def approved(self, request):
+    def approved(self, request, *args, **kwargs):
         return self._filtered(request, {"is_approved": True})
 
     @extend_schema(
@@ -387,7 +387,7 @@ def approved(self, request):
         description="API endpoint allowing to retrieve the published Resources.",
     )
     @action(detail=False, methods=["get"])
-    def published(self, request):
+    def published(self, request, *args, **kwargs):
         return self._filtered(request, {"is_published": True})
 
     @extend_schema(
@@ -396,7 +396,7 @@ def published(self, request):
         description="API endpoint allowing to retrieve the featured Resources.",
     )
     @action(detail=False, methods=["get"])
-    def featured(self, request):
+    def featured(self, request, *args, **kwargs):
         return self._filtered(request, {"featured": True})
 
     @extend_schema(
@@ -411,7 +411,7 @@ def featured(self, request):
             IsAuthenticated,
         ],
     )
-    def favorites(self, request, pk=None):
+    def favorites(self, request, pk=None, *args, **kwargs):
         paginator = GeoNodeApiPagination()
         paginator.page_size = request.GET.get("page_size", 10)
         favorites = Favorite.objects.favorites_for_user(user=request.user)
@@ -425,7 +425,7 @@ def favorites(self, request, pk=None):
         description="API endpoint allowing to retrieve the favorite Resources.",
     )
     @action(detail=True, methods=["post", "delete"], permission_classes=[IsAuthenticated])
-    def favorite(self, request, pk=None):
+    def favorite(self, request, pk=None, *args, **kwargs):
         resource = self.get_object()
         user = request.user
 
@@ -476,7 +476,7 @@ def favorite(self, request, pk=None):
         """,
     )
     @action(detail=False, methods=["get"])
-    def resource_types(self, request):
+    def resource_types(self, request, *args, **kwargs):
         def _to_compact_perms_list(
             allowed_perms: dict, resource_type: str, resource_subtype: str, compact_perms_labels: dict = {}
         ) -> list:
@@ -583,7 +583,7 @@ def _to_compact_perms_list(
         methods=["get", "put", "patch", "delete"],
         permission_classes=[IsAuthenticated],
     )
-    def resource_service_permissions(self, request, pk):
+    def resource_service_permissions(self, request, pk, *args, **kwargs):
         """Instructs the Async dispatcher to execute a 'DELETE' or 'UPDATE' on the permissions of a valid 'uuid'
 
         - GET input_params: {
@@ -720,7 +720,7 @@ def resource_service_permissions(self, request, pk):
         methods=["post"],
         permission_classes=[IsAuthenticated, UserHasPerms(perms_dict={"default": {"POST": ["base.add_resourcebase"]}})],
     )
-    def set_thumbnail_from_bbox(self, request, resource_id):
+    def set_thumbnail_from_bbox(self, request, resource_id, *args, **kwargs):
         import traceback
         from django.utils.datastructures import MultiValueDictKeyError
 
@@ -778,7 +778,7 @@ def set_thumbnail_from_bbox(self, request, resource_id):
         methods=["post"],
         permission_classes=[IsAuthenticated],
     )
-    def resource_service_ingest(self, request, resource_type: str = None):
+    def resource_service_ingest(self, request, resource_type: str = None, *args, **kwargs):
         """Instructs the Async dispatcher to execute a 'INGEST' operation
 
         - POST input_params: {
@@ -879,7 +879,7 @@ def resource_service_ingest(self, request, resource_type: str = None):
         methods=["post"],
         permission_classes=[IsAuthenticated, UserHasPerms(perms_dict={"default": {"POST": ["base.add_resourcebase"]}})],
     )
-    def resource_service_create(self, request, resource_type: str = None):
+    def resource_service_create(self, request, resource_type: str = None, *args, **kwargs):
         """Instructs the Async dispatcher to execute a 'CREATE' operation
         **WARNING**: This will create an empty dataset; if you need to upload a resource to GeoNode, consider using the endpoint "ingest" instead
 
@@ -981,7 +981,7 @@ def resource_service_create(self, request, resource_type: str = None):
         methods=["delete"],
         permission_classes=[IsAuthenticated, UserHasPerms],
     )
-    def resource_service_delete(self, request, pk):
+    def resource_service_delete(self, request, pk, *args, **kwargs):
         """Instructs the Async dispatcher to execute a 'DELETE' operation over a valid 'uuid'
 
         - DELETE input_params: {
@@ -1065,7 +1065,7 @@ def resource_service_delete(self, request, pk):
         methods=["put"],
         permission_classes=[IsAuthenticated, UserHasPerms],
     )
-    def resource_service_update(self, request, pk):
+    def resource_service_update(self, request, pk, *args, **kwargs):
         """Instructs the Async dispatcher to execute a 'UPDATE' operation over a valid 'uuid'
 
         - PUT input_params: {
@@ -1195,7 +1195,7 @@ def resource_service_update(self, request, pk):
             ),
         ],
     )
-    def resource_service_copy(self, request, pk):
+    def resource_service_copy(self, request, pk, *args, **kwargs):
         """Instructs the Async dispatcher to execute a 'COPY' operation over a valid 'pk'
 
         - PUT input_params: {
@@ -1300,7 +1300,7 @@ def resource_service_copy(self, request, pk):
             UserHasPerms(perms_dict={"default": {"POST": ["base.add_resourcebase"]}}),
         ],
     )
-    def ratings(self, request, pk):
+    def ratings(self, request, pk, *args, **kwargs):
         resource = get_object_or_404(ResourceBase, pk=pk)
         resource = resource.get_real_instance()
         ct = ContentType.objects.get_for_model(resource)
@@ -1337,7 +1337,7 @@ def ratings(self, request, pk):
         permission_classes=[IsAuthenticated, UserHasPerms],
         parser_classes=[JSONParser, MultiPartParser],
     )
-    def set_thumbnail(self, request, pk):
+    def set_thumbnail(self, request, pk, *args, **kwargs):
         resource = get_object_or_404(ResourceBase, pk=pk)
 
         if not request.data.get("file"):
@@ -1397,7 +1397,7 @@ def set_thumbnail(self, request, pk):
         url_path=r"extra_metadata",  # noqa
         url_name="extra-metadata",
     )
-    def extra_metadata(self, request, pk):
+    def extra_metadata(self, request, pk, *args, **kwargs):
         _obj = get_object_or_404(ResourceBase, pk=pk)
 
         if request.method == "GET":
@@ -1488,7 +1488,7 @@ def _get_request_params(self, request, encode=False):
         url_path=r"linked_resources",  # noqa
         url_name="linked_resources",
     )
-    def linked_resources(self, request, pk):
+    def linked_resources(self, request, pk, *args, **kwargs):
         try:
             """
             To let the API be able to filter the linked result, we cannot rely on the DynamicFilterBackend
diff --git a/geonode/documents/api/views.py b/geonode/documents/api/views.py
index 720cb7639ba..dd15a23e363 100644
--- a/geonode/documents/api/views.py
+++ b/geonode/documents/api/views.py
@@ -145,7 +145,7 @@ def perform_create(self, serializer):
         description="API endpoint allowing to retrieve the DocumentResourceLink(s).",
     )
     @action(detail=True, methods=["get"])
-    def linked_resources(self, request, pk=None):
+    def linked_resources(self, request, pk=None, *args, **kwargs):
         document = self.get_object()
         resources_id = document.links.all().values("object_id")
         resources = ResourceBase.objects.filter(id__in=resources_id)
diff --git a/geonode/layers/api/views.py b/geonode/layers/api/views.py
index 3ad985c7781..218216a17bd 100644
--- a/geonode/layers/api/views.py
+++ b/geonode/layers/api/views.py
@@ -100,7 +100,7 @@ def get_serializer_class(self):
             UserHasPerms(perms_dict={"default": {"PUT": ["base.change_resourcebase_metadata"]}}),
         ],
     )
-    def metadata(self, request, pk=None):
+    def metadata(self, request, pk=None, *args, **kwargs):
         """
         Endpoint to upload ISO metadata
         Usage Example:
@@ -165,7 +165,7 @@ def metadata(self, request, pk=None):
         description="API endpoint allowing to retrieve the MapLayers list.",
     )
     @action(detail=True, methods=["get"])
-    def maplayers(self, request, pk=None):
+    def maplayers(self, request, pk=None, *args, **kwargs):
         dataset = self.get_object()
         resources = dataset.maplayers
         return Response(SimpleMapLayerSerializer(many=True).to_representation(resources))
@@ -176,7 +176,7 @@ def maplayers(self, request, pk=None):
         description="API endpoint allowing to retrieve maps using the dataset.",
     )
     @action(detail=True, methods=["get"])
-    def maps(self, request, pk=None):
+    def maps(self, request, pk=None, *args, **kwargs):
         dataset = self.get_object()
         resources = dataset.maps
         return Response(SimpleMapSerializer(many=True).to_representation(resources))
@@ -208,7 +208,7 @@ def maps(self, request, pk=None):
         methods=["patch"],
         serializer_class=DatasetReplaceAppendSerializer,
     )
-    def replace(self, request, dataset_id=None):
+    def replace(self, request, dataset_id=None, *args, **kwargs):
         """
         Edpoint for replace data to an existing layer
         """
@@ -241,7 +241,7 @@ def replace(self, request, dataset_id=None):
         methods=["patch"],
         serializer_class=DatasetReplaceAppendSerializer,
     )
-    def append(self, request, dataset_id=None):
+    def append(self, request, dataset_id=None, *args, **kwargs):
         """
         Edpoint for replace data to an existing layer
         """
diff --git a/geonode/maps/api/views.py b/geonode/maps/api/views.py
index ae127f8fffb..aec88e47fbe 100644
--- a/geonode/maps/api/views.py
+++ b/geonode/maps/api/views.py
@@ -96,7 +96,7 @@ def create(self, request, *args, **kwargs):
         description="API endpoint allowing to retrieve the MapLayers list.",
     )
     @action(detail=True, methods=["get"])
-    def maplayers(self, request, pk=None):
+    def maplayers(self, request, pk=None, *args, **kwargs):
         map = self.get_object()
         resources = map.maplayers
         return Response(MapLayerSerializer(embed=True, many=True).to_representation(resources))
@@ -107,7 +107,7 @@ def maplayers(self, request, pk=None):
         description="API endpoint allowing to retrieve the local MapLayers.",
     )
     @action(detail=True, methods=["get"])
-    def datasets(self, request, pk=None):
+    def datasets(self, request, pk=None, *args, **kwargs):
         map = self.get_object()
         resources = map.datasets
         return Response(DatasetSerializer(embed=True, many=True).to_representation(resources))

From c37b981f9b053efd4460fb5e3d5512c9a2818493 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Mon, 11 Sep 2023 13:07:30 +0200
Subject: [PATCH 150/330] Update .clabot with Francisco Vicent (#11462)

---
 .clabot | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.clabot b/.clabot
index 931c7559a78..6a4e514540c 100644
--- a/.clabot
+++ b/.clabot
@@ -74,6 +74,7 @@
     "JohannesSchnell",
     "EHJ-52n",
     "MartinPontius",
-    "ahmdthr"
+    "ahmdthr",
+    "fvicent"
   ]
 }

From 6b331fdd489df6bd522e9b63914083a22205da64 Mon Sep 17 00:00:00 2001
From: Francisco Vicent <franciscovicent@outlook.com>
Date: Tue, 12 Sep 2023 05:41:23 -0300
Subject: [PATCH 151/330] Remove `ProfileCreationForm.clean_username()`
 (#11433)

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 geonode/people/forms.py | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/geonode/people/forms.py b/geonode/people/forms.py
index 0f2af9ac03f..abebe9c41a7 100644
--- a/geonode/people/forms.py
+++ b/geonode/people/forms.py
@@ -43,19 +43,6 @@ class Meta:
         model = get_user_model()
         fields = ("username",)
 
-    def clean_username(self):
-        # Since User.username is unique, this check is redundant,
-        # but it sets a nicer error message than the ORM. See #13147.
-        username = self.cleaned_data["username"]
-        try:
-            get_user_model().objects.get(username=username)
-        except get_user_model().DoesNotExist:
-            return username
-        raise forms.ValidationError(
-            self.error_messages["duplicate_username"],
-            code="duplicate_username",
-        )
-
 
 class ProfileChangeForm(UserChangeForm):
     class Meta:

From 233567b3bd5acc5eeea2cb59fbdfd1016f02a15f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Sep 2023 10:45:02 +0200
Subject: [PATCH 152/330] Bump django from 3.2.20 to 3.2.21 (#11458)

Bumps [django](https://github.com/django/django) from 3.2.20 to 3.2.21.
- [Commits](https://github.com/django/django/compare/3.2.20...3.2.21)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 05db52f8a43..153ce38977e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,7 +2,7 @@
 Pillow==10.0.0
 lxml==4.9.3
 psycopg2==2.9.7
-Django==3.2.20
+Django==3.2.21
 
 # Other
 amqp==5.1.1

From 20fb68f5a22b979857008f969772dc5d76fd44b9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Sep 2023 10:45:45 +0200
Subject: [PATCH 153/330] Bump boto3 from 1.28.32 to 1.28.44 (#11452)

Bumps [boto3](https://github.com/boto/boto3) from 1.28.32 to 1.28.44.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.28.32...1.28.44)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 153ce38977e..b901f2c8d36 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -113,7 +113,7 @@ django-storages==1.13.2
 dropbox==11.36.2
 google-cloud-storage==2.10.0
 google-cloud-core==2.3.3
-boto3==1.28.32
+boto3==1.28.44
 
 # Django Caches
 python-memcached<=1.59

From f7bce2a82fe13f7c19e4a175eb57d3b5a275c450 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Sep 2023 10:46:33 +0200
Subject: [PATCH 154/330] Bump black from 23.7.0 to 23.9.1 (#11470)

Bumps [black](https://github.com/psf/black) from 23.7.0 to 23.9.1.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/23.7.0...23.9.1)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index b901f2c8d36..dade467396b 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -153,7 +153,7 @@ invoke==2.2.0
 coverage==7.3.0
 requests-toolbelt==1.0.0
 flake8==6.1.0
-black==23.7.0
+black==23.9.1
 pytest==7.4.0
 pytest-bdd==6.1.1
 splinter==0.19.0

From bb536929e1f6272860731c6f2a17edcf028ae0c6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Sep 2023 10:47:38 +0200
Subject: [PATCH 155/330] Bump pytest from 7.4.0 to 7.4.2 (#11451)

Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.4.0 to 7.4.2.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/7.4.0...7.4.2)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index dade467396b..dad5daf3de5 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -154,7 +154,7 @@ coverage==7.3.0
 requests-toolbelt==1.0.0
 flake8==6.1.0
 black==23.9.1
-pytest==7.4.0
+pytest==7.4.2
 pytest-bdd==6.1.1
 splinter==0.19.0
 pytest-splinter==3.3.2

From 377787ee324ff115a0fe691317d2dd6cc529bd56 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Sep 2023 10:48:25 +0200
Subject: [PATCH 156/330] Bump kombu from 5.3.1 to 5.3.2 (#11436)

Bumps [kombu](https://github.com/celery/kombu) from 5.3.1 to 5.3.2.
- [Release notes](https://github.com/celery/kombu/releases)
- [Changelog](https://github.com/celery/kombu/blob/main/Changelog.rst)
- [Commits](https://github.com/celery/kombu/compare/v5.3.1...v5.3.2)

---
updated-dependencies:
- dependency-name: kombu
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index dad5daf3de5..c7479462401 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -15,7 +15,7 @@ Paver==1.3.4
 python-slugify==8.0.1
 decorator==5.1.1
 celery==5.3.1
-kombu==5.3.1
+kombu==5.3.2
 vine==5.0.0
 tqdm==4.66.1
 Deprecated==1.2.14

From 006332bd7f86667c414031830aa64d911e4b71e9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Sep 2023 10:50:05 +0200
Subject: [PATCH 157/330] Bump boto3 from 1.28.32 to 1.28.45 (#11469)

Bumps [boto3](https://github.com/boto/boto3) from 1.28.32 to 1.28.45.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.28.32...1.28.45)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index c7479462401..c6cd3b7d6c4 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -113,7 +113,7 @@ django-storages==1.13.2
 dropbox==11.36.2
 google-cloud-storage==2.10.0
 google-cloud-core==2.3.3
-boto3==1.28.44
+boto3==1.28.45
 
 # Django Caches
 python-memcached<=1.59

From 9626fbde3971ea2476eaabd15c2b3c7af33aa722 Mon Sep 17 00:00:00 2001
From: EHJ-52n <e.h.juerrens@52north.org>
Date: Wed, 13 Sep 2023 11:42:53 +0200
Subject: [PATCH 158/330] Add own service for memcached (#8818)

Goal: one service per container

- add own service for memcached

- remove memcached from geonode image

- add MEMCACHED_OPTIONS variable to env files

- enable memcached by default
---
 .env.sample                           |  6 +++++-
 .env_dev                              |  6 +++++-
 .env_local                            |  6 +++++-
 .env_test                             |  6 +++++-
 docker-compose-test.yml               | 13 +++++++++++++
 docker-compose.yml                    | 13 +++++++++++++
 entrypoint.sh                         |  1 -
 scripts/docker/base/ubuntu/Dockerfile |  5 ++---
 8 files changed, 48 insertions(+), 8 deletions(-)

diff --git a/.env.sample b/.env.sample
index b74e48d371c..47ed2e0c24e 100644
--- a/.env.sample
+++ b/.env.sample
@@ -177,9 +177,13 @@ CACHE_BUSTING_STATIC_ENABLED=False
 
 MEMCACHED_ENABLED=False
 MEMCACHED_BACKEND=django.core.cache.backends.memcached.MemcachedCache
-MEMCACHED_LOCATION=127.0.0.1:11211
+MEMCACHED_LOCATION=memcached:11211
 MEMCACHED_LOCK_EXPIRE=3600
 MEMCACHED_LOCK_TIMEOUT=10
+#
+# Options for memcached binary, e.g. -vvv to log all requests and cache hits
+#
+MEMCACHED_OPTIONS=
 
 MAX_DOCUMENT_SIZE=200
 CLIENT_RESULTS_LIMIT=5
diff --git a/.env_dev b/.env_dev
index 6119f68ebd6..c5ef4c58b63 100644
--- a/.env_dev
+++ b/.env_dev
@@ -177,9 +177,13 @@ CACHE_BUSTING_STATIC_ENABLED=False
 
 MEMCACHED_ENABLED=False
 MEMCACHED_BACKEND=django.core.cache.backends.memcached.MemcachedCache
-MEMCACHED_LOCATION=127.0.0.1:11211
+MEMCACHED_LOCATION=memcached:11211
 MEMCACHED_LOCK_EXPIRE=3600
 MEMCACHED_LOCK_TIMEOUT=10
+#
+# Options for memcached binary, e.g. -vvv to log all requests and cache hits
+#
+MEMCACHED_OPTIONS=
 
 MAX_DOCUMENT_SIZE=200
 CLIENT_RESULTS_LIMIT=5
diff --git a/.env_local b/.env_local
index 48cba183d81..492022d6d3d 100644
--- a/.env_local
+++ b/.env_local
@@ -177,9 +177,13 @@ CACHE_BUSTING_STATIC_ENABLED=False
 
 MEMCACHED_ENABLED=False
 MEMCACHED_BACKEND=django.core.cache.backends.memcached.MemcachedCache
-MEMCACHED_LOCATION=127.0.0.1:11211
+MEMCACHED_LOCATION=memcached:11211
 MEMCACHED_LOCK_EXPIRE=3600
 MEMCACHED_LOCK_TIMEOUT=10
+#
+# Options for memcached binary, e.g. -vvv to log all requests and cache hits
+#
+MEMCACHED_OPTIONS=
 
 MAX_DOCUMENT_SIZE=200
 CLIENT_RESULTS_LIMIT=5
diff --git a/.env_test b/.env_test
index fb1910d57b1..cfbc1098d97 100644
--- a/.env_test
+++ b/.env_test
@@ -186,9 +186,13 @@ CACHE_BUSTING_STATIC_ENABLED=False
 
 MEMCACHED_ENABLED=False
 MEMCACHED_BACKEND=django.core.cache.backends.memcached.MemcachedCache
-MEMCACHED_LOCATION=127.0.0.1:11211
+MEMCACHED_LOCATION=memcached:11211
 MEMCACHED_LOCK_EXPIRE=3600
 MEMCACHED_LOCK_TIMEOUT=10
+#
+# Options for memcached binary, e.g. -vvv to log all requests and cache hits
+#
+MEMCACHED_OPTIONS=
 
 MAX_DOCUMENT_SIZE=200
 CLIENT_RESULTS_LIMIT=5
diff --git a/docker-compose-test.yml b/docker-compose-test.yml
index 762183a5eac..14a4b999fab 100644
--- a/docker-compose-test.yml
+++ b/docker-compose-test.yml
@@ -68,6 +68,19 @@ services:
       - statics:/mnt/volumes/statics
     restart: unless-stopped
 
+  # memcached service
+  memcached:
+    image: memcached:alpine
+    container_name: memcached4${COMPOSE_PROJECT_NAME}
+    command: memcached ${MEMCACHED_OPTIONS}
+    restart: on-failure
+    healthcheck:
+      test: nc -z 127.0.0.1 11211
+      interval: 30s
+      timeout: 30s
+      retries: 5
+      start_period: 30s
+
   # Gets and installs letsencrypt certificates
   letsencrypt:
     image: geonode/letsencrypt:latest
diff --git a/docker-compose.yml b/docker-compose.yml
index 853231d824a..36d6d196fe2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -46,6 +46,19 @@ services:
     entrypoint: ["/usr/src/geonode/entrypoint.sh"]
     command: "celery-cmd"
 
+  # memcached service
+  memcached:
+    image: memcached:alpine
+    container_name: memcached4${COMPOSE_PROJECT_NAME}
+    command: memcached ${MEMCACHED_OPTIONS}
+    restart: on-failure
+    healthcheck:
+      test: nc -z 127.0.0.1 11211
+      interval: 30s
+      timeout: 30s
+      retries: 5
+      start_period: 30s
+
   # Nginx is serving django static and media files and proxies to django and geonode
   geonode:
     image: geonode/nginx:1.25.1
diff --git a/entrypoint.sh b/entrypoint.sh
index 6bb062b910e..bcb925467f7 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -16,7 +16,6 @@ invoke () {
 
 # Start cron && memcached services
 service cron restart
-service memcached restart
 
 echo $"\n\n\n"
 echo "-----------------------------------------------------"
diff --git a/scripts/docker/base/ubuntu/Dockerfile b/scripts/docker/base/ubuntu/Dockerfile
index 13ca38d20c4..8e406212798 100644
--- a/scripts/docker/base/ubuntu/Dockerfile
+++ b/scripts/docker/base/ubuntu/Dockerfile
@@ -5,7 +5,7 @@ RUN mkdir -p /usr/src/geonode
 ## Enable postgresql-client-15
 RUN apt-get update -y && apt-get install curl wget unzip gnupg2 -y
 RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
-# will install python3.10 
+# will install python3.10
 RUN apt-get install lsb-core -y
 RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" |tee  /etc/apt/sources.list.d/pgdg.list
 
@@ -32,8 +32,7 @@ RUN pip3 install uwsgi \
     && pip install pip --upgrade \
     && pip install pygdal==$(gdal-config --version).* flower==0.9.4
 
-# Activate "memcached"
-RUN apt-get install -y memcached
+# Install "sherlock" to be used with "memcached"
 RUN pip install sherlock
 
 # Cleanup apt update lists

From e0afec3558bedffa192c38957b1b3ab7f6691b25 Mon Sep 17 00:00:00 2001
From: afabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Wed, 13 Sep 2023 11:51:45 +0200
Subject: [PATCH 159/330] - Align setup.cfg to requirements.txt

---
 requirements.txt | 2 +-
 setup.cfg        | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index c6cd3b7d6c4..f7849c48547 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -15,7 +15,7 @@ Paver==1.3.4
 python-slugify==8.0.1
 decorator==5.1.1
 celery==5.3.1
-kombu==5.3.2
+kombu==5.3.1
 vine==5.0.0
 tqdm==4.66.1
 Deprecated==1.2.14
diff --git a/setup.cfg b/setup.cfg
index 41a528efbc4..6107d4414fa 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -28,7 +28,7 @@ install_requires =
     Pillow==10.0.0
     lxml==4.9.3
     psycopg2==2.9.7
-    Django==3.2.20
+    Django==3.2.21
 
     # Other
     amqp==5.1.1
@@ -138,7 +138,7 @@ install_requires =
     dropbox==11.36.2
     google-cloud-storage==2.10.0
     google-cloud-core==2.3.3
-    boto3==1.28.32
+    boto3==1.28.45
 
     # Django Caches
     python-memcached<=1.59
@@ -178,8 +178,8 @@ install_requires =
     coverage==7.3.0
     requests-toolbelt==1.0.0
     flake8==6.1.0
-    black==23.7.0
-    pytest==7.4.0
+    black==23.9.1
+    pytest==7.4.2
     pytest-bdd==6.1.1
     splinter==0.19.0
     pytest-splinter==3.3.2

From 8f1c00ec0172daa9ae9d038281990fd358aaad4e Mon Sep 17 00:00:00 2001
From: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Wed, 13 Sep 2023 12:02:23 +0200
Subject: [PATCH 160/330] fix: requirements.txt to reduce vulnerabilities
 (#11445)

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5880505

Co-authored-by: snyk-bot <snyk-bot@snyk.io>

From e13a811e123dc058583e20b0743fe1a99081b51b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Sep 2023 13:02:06 +0200
Subject: [PATCH 161/330] Bump celery from 5.3.1 to 5.3.4 (#11437)

* Bump celery from 5.3.1 to 5.3.4

Bumps [celery](https://github.com/celery/celery) from 5.3.1 to 5.3.4.
- [Release notes](https://github.com/celery/celery/releases)
- [Changelog](https://github.com/celery/celery/blob/main/Changelog.rst)
- [Commits](https://github.com/celery/celery/compare/v5.3.1...v5.3.4)

---
updated-dependencies:
- dependency-name: celery
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 4 ++--
 setup.cfg        | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index f7849c48547..b24ab38f9d1 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -14,8 +14,8 @@ urllib3==1.26.15
 Paver==1.3.4
 python-slugify==8.0.1
 decorator==5.1.1
-celery==5.3.1
-kombu==5.3.1
+celery==5.3.4
+kombu==5.3.2
 vine==5.0.0
 tqdm==4.66.1
 Deprecated==1.2.14
diff --git a/setup.cfg b/setup.cfg
index 6107d4414fa..19dd2ae80af 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -40,8 +40,8 @@ install_requires =
     Paver==1.3.4
     python-slugify==8.0.1
     decorator==5.1.1
-    celery==5.3.1
-    kombu==5.3.1
+    celery==5.3.4
+    kombu==5.3.2
     vine==5.0.0
     tqdm==4.66.1
     Deprecated==1.2.14

From c8e9789cdb89127fe8f267e4523f694b68e2e6df Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Sep 2023 14:02:52 +0200
Subject: [PATCH 162/330] Bump pytz from 2023.3 to 2023.3.post1 (#11457)

* Bump pytz from 2023.3 to 2023.3.post1

Bumps [pytz](https://github.com/stub42/pytz) from 2023.3 to 2023.3.post1.
- [Commits](https://github.com/stub42/pytz/compare/release_2023.3...release_2023.3.post1)

---
updated-dependencies:
- dependency-name: pytz
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index b24ab38f9d1..2377ee48557 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -126,7 +126,7 @@ inflection>=0.4.0
 jdcal==1.4.1
 mock<6.0.0
 python-dateutil==2.8.2
-pytz==2023.3
+pytz==2023.3.post1
 requests==2.31.0
 timeout-decorator==0.5.0
 pylibmc==1.6.3
diff --git a/setup.cfg b/setup.cfg
index 19dd2ae80af..7d6c39d8356 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -151,7 +151,7 @@ install_requires =
     jdcal==1.4.1
     mock<6.0.0
     python-dateutil==2.8.2
-    pytz==2023.3
+    pytz==2023.3.post1
     requests==2.31.0
     timeout-decorator==0.5.0
     pylibmc==1.6.3

From 3a7eed101ead74d6f3b4e9347f147f3319cf2d40 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Sep 2023 14:03:11 +0200
Subject: [PATCH 163/330] Bump coverage from 7.3.0 to 7.3.1 (#11456)

* Bump coverage from 7.3.0 to 7.3.1

Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.3.0 to 7.3.1.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.3.0...7.3.1)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 2377ee48557..fd8ce3257f2 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -150,7 +150,7 @@ docker==6.1.3
 invoke==2.2.0
 
 # tests
-coverage==7.3.0
+coverage==7.3.1
 requests-toolbelt==1.0.0
 flake8==6.1.0
 black==23.9.1
diff --git a/setup.cfg b/setup.cfg
index 7d6c39d8356..60335f5a9ec 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -175,7 +175,7 @@ install_requires =
     invoke==2.2.0
 
     # tests
-    coverage==7.3.0
+    coverage==7.3.1
     requests-toolbelt==1.0.0
     flake8==6.1.0
     black==23.9.1

From 1f2c297a1dfb6c68c23d96edffef920a0dda3fc8 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Wed, 13 Sep 2023 14:29:21 +0200
Subject: [PATCH 164/330] restore loopback port for memcached in local env
 files (#11478)

---
 .env_dev   | 2 +-
 .env_local | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.env_dev b/.env_dev
index c5ef4c58b63..93b0c0e2f5c 100644
--- a/.env_dev
+++ b/.env_dev
@@ -177,7 +177,7 @@ CACHE_BUSTING_STATIC_ENABLED=False
 
 MEMCACHED_ENABLED=False
 MEMCACHED_BACKEND=django.core.cache.backends.memcached.MemcachedCache
-MEMCACHED_LOCATION=memcached:11211
+MEMCACHED_LOCATION=127.0.0.1:11211
 MEMCACHED_LOCK_EXPIRE=3600
 MEMCACHED_LOCK_TIMEOUT=10
 #
diff --git a/.env_local b/.env_local
index 492022d6d3d..5083046741d 100644
--- a/.env_local
+++ b/.env_local
@@ -177,7 +177,7 @@ CACHE_BUSTING_STATIC_ENABLED=False
 
 MEMCACHED_ENABLED=False
 MEMCACHED_BACKEND=django.core.cache.backends.memcached.MemcachedCache
-MEMCACHED_LOCATION=memcached:11211
+MEMCACHED_LOCATION=127.0.0.1:11211
 MEMCACHED_LOCK_EXPIRE=3600
 MEMCACHED_LOCK_TIMEOUT=10
 #

From d30176e9e47234629d77e66888ebcfb87f04007e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Sep 2023 14:56:40 +0200
Subject: [PATCH 165/330] Bump brotli from 1.0.9 to 1.1.0 (#11455)

* Bump brotli from 1.0.9 to 1.1.0

Bumps [brotli](https://github.com/google/brotli) from 1.0.9 to 1.1.0.
- [Release notes](https://github.com/google/brotli/releases)
- [Changelog](https://github.com/google/brotli/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/brotli/compare/v1.0.9...v1.1.0)

---
updated-dependencies:
- dependency-name: brotli
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump brotli from 1.0.9 to 1.1.0

Bumps [brotli](https://github.com/google/brotli) from 1.0.9 to 1.1.0.
- [Release notes](https://github.com/google/brotli/releases)
- [Changelog](https://github.com/google/brotli/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/brotli/compare/v1.0.9...v1.1.0)

---
updated-dependencies:
- dependency-name: brotli
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index fd8ce3257f2..c8f46e0e022 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -118,7 +118,7 @@ boto3==1.28.45
 # Django Caches
 python-memcached<=1.59
 whitenoise==6.5.0
-Brotli==1.0.9
+Brotli==1.1.0
 
 # Contribs
 xmltodict<0.13.1
diff --git a/setup.cfg b/setup.cfg
index 60335f5a9ec..104ad92ad2f 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -143,7 +143,7 @@ install_requires =
     # Django Caches
     python-memcached<=1.59
     whitenoise==6.5.0
-    Brotli==1.0.9
+    Brotli==1.1.0
 
     # Contribs
     xmltodict<0.13.1

From e3cd45eedba7ffdb8d112a6f36fd6dddb3b290e5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Sep 2023 14:57:40 +0200
Subject: [PATCH 166/330] Bump django-widget-tweaks from 1.4.12 to 1.5.0
 (#11420)

* Bump django-widget-tweaks from 1.4.12 to 1.5.0

Bumps [django-widget-tweaks](https://github.com/jazzband/django-widget-tweaks) from 1.4.12 to 1.5.0.
- [Release notes](https://github.com/jazzband/django-widget-tweaks/releases)
- [Changelog](https://github.com/jazzband/django-widget-tweaks/blob/master/CHANGES.rst)
- [Commits](https://github.com/jazzband/django-widget-tweaks/compare/1.4.12...1.5.0)

---
updated-dependencies:
- dependency-name: django-widget-tweaks
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump django-widget-tweaks from 1.4.12 to 1.5.0

Bumps [django-widget-tweaks](https://github.com/jazzband/django-widget-tweaks) from 1.4.12 to 1.5.0.
- [Release notes](https://github.com/jazzband/django-widget-tweaks/releases)
- [Changelog](https://github.com/jazzband/django-widget-tweaks/blob/master/CHANGES.rst)
- [Commits](https://github.com/jazzband/django-widget-tweaks/compare/1.4.12...1.5.0)

---
updated-dependencies:
- dependency-name: django-widget-tweaks
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index c8f46e0e022..60e75c7a97d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -46,7 +46,7 @@ django-tastypie<0.15.0
 django-tinymce==3.6.1
 django-grappelli==3.0.7
 django-uuid-upload-path==1.0.0
-django-widget-tweaks==1.4.12
+django-widget-tweaks==1.5.0
 django-sequences==2.8
 oauthlib==3.2.2
 pyopenssl==23.2.0
diff --git a/setup.cfg b/setup.cfg
index 104ad92ad2f..9316c207ba8 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -72,7 +72,7 @@ install_requires =
     django-tinymce==3.6.1
     django-grappelli==3.0.7
     django-uuid-upload-path==1.0.0
-    django-widget-tweaks==1.4.12
+    django-widget-tweaks==1.5.0
     django-sequences==2.8
     oauthlib==3.2.2
     pyopenssl==23.2.0

From 4b49d62ea192e2d19c103e5221db781e2c62a93a Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Wed, 13 Sep 2023 15:01:42 +0200
Subject: [PATCH 167/330] =?UTF-8?q?[Fixes=20#11349]=20Keep=20into=20accoun?=
 =?UTF-8?q?t=20maplayers=20visibility=20and=20order=20when=20=E2=80=A6=20(?=
 =?UTF-8?q?#11443)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Fixes #11349] Keep into account maplayers visibility and order when generating map thumbnails

* [Fixes #11349] Fix black format

* [Fixes #11349] Fix test

* [Fixes #11349] remove typo

---------

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 geonode/thumbs/tests/test_unit.py | 8 ++++----
 geonode/thumbs/thumbnails.py      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/geonode/thumbs/tests/test_unit.py b/geonode/thumbs/tests/test_unit.py
index 49c8168d604..a00936b4ada 100644
--- a/geonode/thumbs/tests/test_unit.py
+++ b/geonode/thumbs/tests/test_unit.py
@@ -230,8 +230,8 @@ def test_datasets_locations_simple_map(self):
             [
                 [
                     settings.OGC_SERVER["default"]["LOCATION"],
-                    ["geonode:Meteorite_Landings_from_NASA_Open_Data_Portal1", dataset.alternate],
-                    ["test_style", "theaters_nyc"],
+                    [dataset.alternate, "geonode:Meteorite_Landings_from_NASA_Open_Data_Portal1"],
+                    ["theaters_nyc", "test_style"],
                 ]
             ],
         )
@@ -255,9 +255,9 @@ def test_datasets_locations_composition_map_default_bbox(self):
             [
                 settings.GEOSERVER_LOCATION,
                 [
-                    "rt_geologia.dbg_risorse_minerarie",
-                    "geonode:Meteorite_Landings_from_NASA_Open_Data_Portal1",
                     "geonode:theaters_nyc",
+                    "geonode:Meteorite_Landings_from_NASA_Open_Data_Portal1",
+                    "rt_geologia.dbg_risorse_minerarie",
                 ],
                 [],
             ]
diff --git a/geonode/thumbs/thumbnails.py b/geonode/thumbs/thumbnails.py
index a7c8e28a255..3006a5bf58f 100644
--- a/geonode/thumbs/thumbnails.py
+++ b/geonode/thumbs/thumbnails.py
@@ -271,7 +271,7 @@ def _datasets_locations(
             else:
                 bbox = utils.transform_bbox(instance.bbox, target_crs)
     elif isinstance(instance, Map):
-        for map_dataset in instance.maplayers.iterator():
+        for map_dataset in instance.maplayers.filter(visibility=True).order_by("order").iterator():
             if not map_dataset.local and not map_dataset.ows_url:
                 logger.warning(
                     "Incorrectly defined remote dataset encountered (no OWS URL defined)."

From 9e27bf3661a9485356d7f486c824ab7ef89d8641 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Sep 2023 15:13:49 +0200
Subject: [PATCH 168/330] Update setuptools requirement from <68.2.0,>=59.1.1
 to >=59.1.1,<68.3.0 (#11454)

* Update setuptools requirement from <68.2.0,>=59.1.1 to >=59.1.1,<68.3.0

Updates the requirements on [setuptools](https://github.com/pypa/setuptools) to permit the latest version.
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](https://github.com/pypa/setuptools/compare/v65.5.1...v68.2.0)

---
updated-dependencies:
- dependency-name: setuptools
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 60e75c7a97d..3f2ffef9439 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -159,7 +159,7 @@ pytest-bdd==6.1.1
 splinter==0.19.0
 pytest-splinter==3.3.2
 pytest-django==4.5.2
-setuptools>=59.1.1,<68.2.0
+setuptools>=59.1.1,<68.3.0
 pip==23.2.1
 Twisted==22.10.0
 pixelmatch==0.3.0
diff --git a/setup.cfg b/setup.cfg
index 9316c207ba8..72e98f8a1d0 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -184,7 +184,7 @@ install_requires =
     splinter==0.19.0
     pytest-splinter==3.3.2
     pytest-django==4.5.2
-    setuptools>=59.1.1,<68.2.0
+    setuptools>=59.1.1,<68.3.0
     pip==23.2.1
     Twisted==22.10.0
     pixelmatch==0.3.0

From 08f7895189b823149768a31be0e1746ce070ee40 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Sep 2023 15:14:32 +0200
Subject: [PATCH 169/330] Bump twisted from 22.10.0 to 23.8.0 (#11440)

* Bump twisted from 22.10.0 to 23.8.0

Bumps [twisted](https://github.com/twisted/twisted) from 22.10.0 to 23.8.0.
- [Release notes](https://github.com/twisted/twisted/releases)
- [Changelog](https://github.com/twisted/twisted/blob/trunk/NEWS.rst)
- [Commits](https://github.com/twisted/twisted/compare/twisted-22.10.0...twisted-23.8.0)

---
updated-dependencies:
- dependency-name: twisted
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump twisted from 22.10.0 to 23.8.0

Bumps [twisted](https://github.com/twisted/twisted) from 22.10.0 to 23.8.0.
- [Release notes](https://github.com/twisted/twisted/releases)
- [Changelog](https://github.com/twisted/twisted/blob/trunk/NEWS.rst)
- [Commits](https://github.com/twisted/twisted/compare/twisted-22.10.0...twisted-23.8.0)

---
updated-dependencies:
- dependency-name: twisted
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 3f2ffef9439..8551995c41f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -161,7 +161,7 @@ pytest-splinter==3.3.2
 pytest-django==4.5.2
 setuptools>=59.1.1,<68.3.0
 pip==23.2.1
-Twisted==22.10.0
+Twisted==23.8.0
 pixelmatch==0.3.0
 factory-boy==3.3.0
 flaky==3.7.0
diff --git a/setup.cfg b/setup.cfg
index 72e98f8a1d0..fe58f6791ba 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -186,7 +186,7 @@ install_requires =
     pytest-django==4.5.2
     setuptools>=59.1.1,<68.3.0
     pip==23.2.1
-    Twisted==22.10.0
+    Twisted==23.8.0
     pixelmatch==0.3.0
     factory-boy==3.3.0
     flaky==3.7.0

From 01d89c7d7af327d8b754859f38c69d9599e01881 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Sep 2023 15:15:57 +0200
Subject: [PATCH 170/330] Bump boto3 from 1.28.45 to 1.28.46 (#11473)

* Bump boto3 from 1.28.45 to 1.28.46

Bumps [boto3](https://github.com/boto/boto3) from 1.28.45 to 1.28.46.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.28.45...1.28.46)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 8551995c41f..e310a393018 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -113,7 +113,7 @@ django-storages==1.13.2
 dropbox==11.36.2
 google-cloud-storage==2.10.0
 google-cloud-core==2.3.3
-boto3==1.28.45
+boto3==1.28.46
 
 # Django Caches
 python-memcached<=1.59
diff --git a/setup.cfg b/setup.cfg
index fe58f6791ba..c2b6f433c83 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -138,7 +138,7 @@ install_requires =
     dropbox==11.36.2
     google-cloud-storage==2.10.0
     google-cloud-core==2.3.3
-    boto3==1.28.45
+    boto3==1.28.46
 
     # Django Caches
     python-memcached<=1.59

From 8d14e39d0720f1f725097f7d6c1fa6874c23517e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Sep 2023 15:18:37 +0200
Subject: [PATCH 171/330] Bump smart-open from 6.3.0 to 6.4.0 (#11449)

* Bump smart-open from 6.3.0 to 6.4.0

Bumps [smart-open](https://github.com/piskvorky/smart_open) from 6.3.0 to 6.4.0.
- [Release notes](https://github.com/piskvorky/smart_open/releases)
- [Changelog](https://github.com/RaRe-Technologies/smart_open/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/piskvorky/smart_open/compare/v6.3.0...v6.4.0)

---
updated-dependencies:
- dependency-name: smart-open
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump smart-open from 6.3.0 to 6.4.0

Bumps [smart-open](https://github.com/piskvorky/smart_open) from 6.3.0 to 6.4.0.
- [Release notes](https://github.com/piskvorky/smart_open/releases)
- [Changelog](https://github.com/RaRe-Technologies/smart_open/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/piskvorky/smart_open/compare/v6.3.0...v6.4.0)

---
updated-dependencies:
- dependency-name: smart-open
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index e310a393018..08520ba3975 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -24,7 +24,7 @@ jsonschema==4.19.0
 zipstream-new==1.1.8
 schema==0.7.5
 rdflib==6.3.2
-smart_open==6.3.0
+smart_open==6.4.0
 PyMuPDF==1.22.5
 pathvalidate==3.1.0
 
diff --git a/setup.cfg b/setup.cfg
index c2b6f433c83..6c8112577db 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -50,7 +50,7 @@ install_requires =
     zipstream-new==1.1.8
     schema==0.7.5
     rdflib==6.3.2
-    smart_open==6.3.0
+    smart_open==6.4.0
     PyMuPDF==1.22.5
     pathvalidate==3.1.0
 

From 60273ed47ca475e13def4091924a980790d9d23b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Sep 2023 15:22:07 +0200
Subject: [PATCH 172/330] Bump django-storages from 1.13.2 to 1.14 (#11453)

* Bump django-storages from 1.13.2 to 1.14

Bumps [django-storages](https://github.com/jschneier/django-storages) from 1.13.2 to 1.14.
- [Changelog](https://github.com/jschneier/django-storages/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/jschneier/django-storages/compare/1.13.2...1.14)

---
updated-dependencies:
- dependency-name: django-storages
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump django-storages from 1.13.2 to 1.14

Bumps [django-storages](https://github.com/jschneier/django-storages) from 1.13.2 to 1.14.
- [Changelog](https://github.com/jschneier/django-storages/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/jschneier/django-storages/compare/1.13.2...1.14)

---
updated-dependencies:
- dependency-name: django-storages
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 08520ba3975..7b678c828f8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -109,7 +109,7 @@ elasticsearch>=2.0.0,<9.0.0
 django-bootstrap3-datetimepicker-2==2.8.3
 
 # storage manager dependencies
-django-storages==1.13.2
+django-storages==1.14
 dropbox==11.36.2
 google-cloud-storage==2.10.0
 google-cloud-core==2.3.3
diff --git a/setup.cfg b/setup.cfg
index 6c8112577db..35eaad85c52 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -134,7 +134,7 @@ install_requires =
     django-bootstrap3-datetimepicker-2==2.8.3
 
     # storage manager dependencies
-    django-storages==1.13.2
+    django-storages==1.14
     dropbox==11.36.2
     google-cloud-storage==2.10.0
     google-cloud-core==2.3.3

From b64083966772f1cbde42ab48e3bfaa18af5f9a8b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Sep 2023 16:12:52 +0200
Subject: [PATCH 173/330] Bump ipython from 8.14.0 to 8.15.0 (#11438)

* Bump ipython from 8.14.0 to 8.15.0

Bumps [ipython](https://github.com/ipython/ipython) from 8.14.0 to 8.15.0.
- [Release notes](https://github.com/ipython/ipython/releases)
- [Commits](https://github.com/ipython/ipython/compare/8.14.0...8.15.0)

---
updated-dependencies:
- dependency-name: ipython
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump ipython from 8.14.0 to 8.15.0

Bumps [ipython](https://github.com/ipython/ipython) from 8.14.0 to 8.15.0.
- [Release notes](https://github.com/ipython/ipython/releases)
- [Commits](https://github.com/ipython/ipython/compare/8.14.0...8.15.0)

---
updated-dependencies:
- dependency-name: ipython
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 7b678c828f8..0ec3426887d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -145,7 +145,7 @@ pycountry
 # production
 uWSGI==2.0.22
 gunicorn==21.2.0
-ipython==8.14.0
+ipython==8.15.0
 docker==6.1.3
 invoke==2.2.0
 
diff --git a/setup.cfg b/setup.cfg
index 35eaad85c52..08de7a9da04 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -170,7 +170,7 @@ install_requires =
     # production
     uWSGI==2.0.22
     gunicorn==21.2.0
-    ipython==8.14.0
+    ipython==8.15.0
     docker==6.1.3
     invoke==2.2.0
 

From 6a6968fd8a35ee368a913704d7f06a4ee0dfdba9 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Wed, 13 Sep 2023 17:15:45 +0200
Subject: [PATCH 174/330] drop apha channel from thumbnail mask (#11481)

---
 geonode/thumbs/thumbnails.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/geonode/thumbs/thumbnails.py b/geonode/thumbs/thumbnails.py
index 3006a5bf58f..45819775408 100644
--- a/geonode/thumbs/thumbnails.py
+++ b/geonode/thumbs/thumbnails.py
@@ -171,7 +171,7 @@ def create_thumbnail(
                 img = Image.open(content)
                 img.verify()  # verify that it is, in fact an image
                 img = Image.open(BytesIO(image))  # "re-open" the file (required after running verify method)
-                merged_partial_thumbs.paste(img, mask=img.convert("RGBA"))
+                merged_partial_thumbs.paste(img, mask=img.convert("RGBA").split()[-1])
             except UnidentifiedImageError as e:
                 logger.error(f"Thumbnail generation. Error occurred while fetching dataset image: {image}")
                 logger.exception(e)

From 1404400c13b95ba7b5c4e282bd0885a49744c70a Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Wed, 13 Sep 2023 18:10:08 +0200
Subject: [PATCH 175/330] [Fixes #11430] Improve metadata template (#11431)

* Fixup dataset template

* Fixup document template

* Fixup geoapp and maps template

* [Fixes #11430] Fix template typo
---
 geonode/documents/templates/layouts/doc_panels.html |  3 +++
 geonode/geoapps/templates/layouts/app_panels.html   | 12 ++++++++++++
 geonode/layers/templates/layouts/panels.html        |  4 ++--
 geonode/maps/templates/layouts/map_panels.html      |  8 +++++++-
 4 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/geonode/documents/templates/layouts/doc_panels.html b/geonode/documents/templates/layouts/doc_panels.html
index bbde7b2e7d5..d02d01085fc 100644
--- a/geonode/documents/templates/layouts/doc_panels.html
+++ b/geonode/documents/templates/layouts/doc_panels.html
@@ -556,6 +556,7 @@
                 </div>
             </div>
             <div class="col-xs-12 col-lg-3">
+              {% block document_poc %}
               <div class="panel panel-default" style="margin-top: 5px">
                 <div class="panel-heading">{% trans "Responsible Parties" %}</div>
                 <div class="panel-body">
@@ -563,6 +564,8 @@
                   {{ document_form.poc }}
                 </div>
               </div>
+              {% endblock %}
+
               <div class="panel panel-default">
                 <div class="panel-heading">{% trans "Responsible and Permissions" %}</div>
                 <div class="panel-body">
diff --git a/geonode/geoapps/templates/layouts/app_panels.html b/geonode/geoapps/templates/layouts/app_panels.html
index d46741d8c2e..cb8aa41f766 100644
--- a/geonode/geoapps/templates/layouts/app_panels.html
+++ b/geonode/geoapps/templates/layouts/app_panels.html
@@ -292,9 +292,11 @@
                                     </script>
                                 </div>
                                 <div class="col-lg-4">
+                                  {% block geoapp_title %}
                                     <span><label for="{{ geoapp_form.title|id }}">{{ geoapp_form.title.label }}</label></span>
                                         <!--<p class="xxs-font-size">(Name by which the cited resource is known)</p>-->
                                         {{ geoapp_form.title }}
+                                    {% endblock %}
                                     <div>
                                         <span><label for="{{ geoapp_form.abstract|id }}">{{ geoapp_form.abstract.label }}</label></span>
                                         <!--<p class="xxs-font-size">(Brief narrative summary of the content of the resource/s)</p>-->
@@ -312,6 +314,7 @@
                                         <!--<p class="xxs-font-size">(When a given event occurred on the resource)</p>-->
                                         {{ geoapp_form.date }}
                                     </div>
+                                    {% block geoapp_category %}
                                     <div id="basicCategoryInfo" class="col-lg-12">
                                         <span><label for="{{ category_form.category_choice_field|id }}" class="control-label required-field">{% trans "Category" %}</label></span>
                                         <select
@@ -331,6 +334,7 @@
                                           {% endfor %}
                                         </select>
                                     </div>
+                                    {% endblock geoapp_category %}
                                     <div id="basicGroupInfo" class="col-lg-12">
                                         <span><label for="id_resource-group" class="control-label required-field">{% trans "Group" %}</label></span>
                                         <select
@@ -377,6 +381,7 @@
                     <div class="panel-body">
                         <div class="" id="mdinfo">
                             <div class="">
+                                {% block geoapp_attributes %}
                                 <div class="col-lg-4">
                                     <div>
                                         <span><label for="{{ geoapp_form.language|id }}">{{ geoapp_form.language.label }}</label></span>
@@ -393,6 +398,7 @@
                                         {{ geoapp_form.attribution }}
                                     </div>
                                 </div>
+                                {% endblock geoapp_attributes %}
                                 <div class="col-lg-4">
                                       <div id="regions_multiselect_container">
                                         <span><label for="{{ geoapp_form.regions|id }}">{{ geoapp_form.regions.label }}</label></span>
@@ -452,6 +458,7 @@
                 </div>
             </div>
             <div class="col-xs-12 col-lg-5">
+                {% block geoapp_temporal_extent_start %}
                 <div class="col-xs-12 col-lg-6">
                   <div class="input-group date">
                     <span><label for="{{ geoapp_form.temporal_extent_start|id }}">{{ geoapp_form.temporal_extent_start.label }}</label></span>
@@ -459,6 +466,8 @@
                     {{ geoapp_form.temporal_extent_start }}
                     </div>
                 </div>
+                {% endblock geoapp_temporal_extent_start %}
+                {% block geoapp_temporal_extent_end %}
                 <div class="col-xs-12 col-lg-6" id="req_date">
                     <div class="input-group date">
                     <span><label for="{{ geoapp_form.temporal_extent_end|id }}">{{ geoapp_form.temporal_extent_end.label }}</label></span>
@@ -466,6 +475,8 @@
                     {{ geoapp_form.temporal_extent_end }}
                     </div>
                 </div>
+                {% endblock geoapp_temporal_extent_end %}
+                {% block maintenance_block %}
                 <div class="col-xs-12">
                     <div style="margin-top: 5px">
                         <span><label for="{{ geoapp_form.maintenance_frequency|id }}">{{ geoapp_form.maintenance_frequency.label }}</label></span>
@@ -484,6 +495,7 @@
                     </div>
                     {% endblock geoapp_extra_metadata %}
                 </div>
+                {% endblock maintenance_block %}
             </div>
             <div class="col-xs-12 col-lg-3">
               <div class="panel panel-default" style="margin-top: 5px">
diff --git a/geonode/layers/templates/layouts/panels.html b/geonode/layers/templates/layouts/panels.html
index c10634646f3..579b5f46ea6 100644
--- a/geonode/layers/templates/layouts/panels.html
+++ b/geonode/layers/templates/layouts/panels.html
@@ -560,15 +560,15 @@
                 </div>
             </div>
             <div class="col-xs-12 col-lg-3">
+              {% block dataset_poc %}
               <div class="panel panel-default" style="margin-top: 5px">
                   <div class="panel-heading">{% trans "Responsible Parties" %}</div>
-                    {% block dataset_poc %}
                     <div class="panel-body check-select">
                         <span><label for="{{ dataset_form.poc|id }}">{{ dataset_form.poc.label }}</label></span>
                         {{ dataset_form.poc }}
                     </div>
-                    {% endblock dataset_poc %}
               </div>
+              {% endblock dataset_poc %}              
               <div class="panel panel-default">
                   <div class="panel-heading">{% trans "Responsible and Permissions" %}</div>
                   <div class="panel-body">
diff --git a/geonode/maps/templates/layouts/map_panels.html b/geonode/maps/templates/layouts/map_panels.html
index 307549913da..dce48088967 100644
--- a/geonode/maps/templates/layouts/map_panels.html
+++ b/geonode/maps/templates/layouts/map_panels.html
@@ -508,13 +508,15 @@
                 {% endblock map_supplemental_information %}
             </div>
             <div class="col-xs-12 col-lg-5">
+              {% block map_temporal_extent_start %}
                 <div class="col-xs-12 col-lg-6">
                   <div class="input-group date">
                     <span><label for="{{ map_form.temporal_extent_start|id }}">{{ map_form.temporal_extent_start.label }}</label></span>
                     <!--<p class="xxs-font-size">(When a given event occurred on the resource)</p>-->
                     {{ map_form.temporal_extent_start }}
-                    </div>
+                  </div>
                 </div>
+                {% endblock %}
                 <div class="col-xs-12 col-lg-6">
                     {% block map_temporal_extent_end %}
                     <div class="input-group date">
@@ -524,6 +526,7 @@
                     </div>
                     {% endblock map_temporal_extent_end %}
                 </div>
+                {% block maintenance_block %}
                 <div class="col-xs-12">
                     <div style="margin-top: 5px">
                         <span><label for="{{ map_form.maintenance_frequency|id }}">{{ map_form.maintenance_frequency.label }}</label></span>
@@ -542,8 +545,10 @@
                     </div>
                     {% endblock map_extra_metadata %}
                 </div>
+                {% endblock maintenance_block %}
             </div>
             <div class="col-xs-12 col-lg-3">
+              {% block map_poc %}
               <div class="panel panel-default" style="margin-top: 5px">
                   <div class="panel-heading">{% trans "Responsible Parties" %}</div>
                   <div class="panel-body">
@@ -551,6 +556,7 @@
                       {{ map_form.poc }}
                   </div>
               </div>
+              {% endblock %}
               <div class="panel panel-default">
                   <div class="panel-heading">{% trans "Responsible and Permissions" %}</div>
                   <div class="panel-body">

From abd1baf3d709265604010b7b15c8bfcc2a72a252 Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Wed, 13 Sep 2023 22:03:04 +0200
Subject: [PATCH 176/330] =?UTF-8?q?[Fixes=20#11441]Implement=20the=20updat?=
 =?UTF-8?q?e=20of=20the=20spatial=20extent=20for=20non-spat=E2=80=A6=20(#1?=
 =?UTF-8?q?1442)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Fixes #11441]Implement the update of the spatial extent for non-spatial resource types

* [Fixes #11441]Implement the update of the spatial extent for non-spatial resource types

* [Fixes #11441] Fix tests

* [Fixes #11441] Fix tests

* list resource types with settable bbox at load time

* fixed tests

* enable bbox save on the base of instance model

* fix tests

* [Fixes #11441] Fix test

* [Fixes #11441] Expose standard_bbox and add small validation in the serializer

* fix bbox projection

* missing util

* return extent as we expect it in input

* black reformatting

* fixes

* fix black formatting

* fix test

---------

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 geonode/base/api/exceptions.py     |   7 ++
 geonode/base/api/serializers.py    |  37 ++++++++++
 geonode/base/api/tests.py          | 115 ++++++++++++++++++++++++++++-
 geonode/base/models.py             |  18 ++++-
 geonode/base/populate_test_data.py |  32 ++++++++
 geonode/documents/api/tests.py     |  32 +++++++-
 geonode/geoapps/api/tests.py       |  16 +++-
 geonode/security/utils.py          |  12 +--
 geonode/utils.py                   |   6 ++
 9 files changed, 260 insertions(+), 15 deletions(-)

diff --git a/geonode/base/api/exceptions.py b/geonode/base/api/exceptions.py
index a1377af067c..32812298acc 100644
--- a/geonode/base/api/exceptions.py
+++ b/geonode/base/api/exceptions.py
@@ -20,6 +20,13 @@
 from rest_framework.views import exception_handler
 
 
+class InvalidResourceException(APIException):
+    status_code = 500
+    default_detail = "Invalid Resource exception"
+    default_code = "invalid_resource_exception"
+    category = "resource_api"
+
+
 def geonode_exception_handler(exc, context):
     # Call REST framework's default exception handler first,
     # to get the standard error response.
diff --git a/geonode/base/api/serializers.py b/geonode/base/api/serializers.py
index 2b6933b4633..3e18a25138b 100644
--- a/geonode/base/api/serializers.py
+++ b/geonode/base/api/serializers.py
@@ -38,6 +38,8 @@
 from dynamic_rest.fields.fields import DynamicRelationField, DynamicComputedField
 
 from avatar.templatetags.avatar_tags import avatar_url
+from geonode.utils import bbox_swap
+from geonode.base.api.exceptions import InvalidResourceException
 
 from geonode.favorite.models import Favorite
 from geonode.base.models import (
@@ -53,12 +55,15 @@
     ThesaurusKeywordLabel,
     ExtraMetadata,
 )
+from geonode.documents.models import Document
+from geonode.geoapps.models import GeoApp
 from geonode.groups.models import GroupCategory, GroupProfile
 from geonode.base.api.fields import ComplexDynamicRelationField
 from geonode.layers.utils import get_dataset_download_handlers, get_default_dataset_download_handler
 from geonode.utils import build_absolute_uri
 from geonode.security.utils import get_resources_with_perms, get_geoapp_subtypes
 from geonode.resource.models import ExecutionRequest
+from django.contrib.gis.geos import Polygon
 
 logger = logging.getLogger(__name__)
 
@@ -383,6 +388,15 @@ def to_representation(self, value):
         return UserSerializer(embed=True, many=False).to_representation(value)
 
 
+class ExtentBboxField(DynamicComputedField):
+    def get_attribute(self, instance):
+        return instance.ll_bbox
+
+    def to_representation(self, value):
+        bbox = bbox_swap(value[:-1])
+        return super().to_representation({"coords": bbox, "srid": value[-1]})
+
+
 class DataBlobField(DynamicRelationField):
     def value_to_string(self, obj):
         value = self.value_from_object(obj)
@@ -448,6 +462,9 @@ def to_representation(self, instance):
         return data
 
 
+api_bbox_settable_resource_models = [Document, GeoApp]
+
+
 class ResourceBaseSerializer(
     ResourceBaseToRepresentationSerializerMixin,
     BaseDynamicModelSerializer,
@@ -483,6 +500,7 @@ def __init__(self, *args, **kwargs):
         self.fields["data_quality_statement"] = serializers.CharField(required=False)
         self.fields["bbox_polygon"] = fields.GeometryField(read_only=True, required=False)
         self.fields["ll_bbox_polygon"] = fields.GeometryField(read_only=True, required=False)
+        self.fields["extent"] = ExtentBboxField(required=False)
         self.fields["srid"] = serializers.CharField(required=False)
         self.fields["group"] = ComplexDynamicRelationField(GroupSerializer, embed=True, many=False)
         self.fields["popular_count"] = serializers.CharField(required=False)
@@ -613,6 +631,7 @@ class Meta:
             "data_quality_statement": {"required": False},
             "bbox_polygon": {"required": False},
             "ll_bbox_polygon": {"required": False},
+            "extent": {"required": False},
             "srid": {"required": False},
             "popular_count": {"required": False},
             "share_count": {"required": False},
@@ -641,6 +660,24 @@ def to_internal_value(self, data):
         data = super(ResourceBaseSerializer, self).to_internal_value(data)
         return data
 
+    def save(self, **kwargs):
+        extent = self.validated_data.pop("extent", None)
+        instance = super().save(**kwargs)
+        if extent and instance.get_real_instance()._meta.model in api_bbox_settable_resource_models:
+            srid = extent.get("srid", "EPSG:4326")
+            coords = extent.get("coords")
+            if not coords:
+                logger.warning("BBOX was sent, but no coords were supplied. Skipping")
+                return instance
+            try:
+                # small validation test
+                Polygon.from_bbox(coords)
+            except Exception as e:
+                logger.exception(e)
+                raise InvalidResourceException("The standard bbox provided is invalid")
+            instance.set_bbox_polygon(coords, srid)
+        return instance
+
     """
      - Deferred / not Embedded --> ?include[]=data
     """
diff --git a/geonode/base/api/tests.py b/geonode/base/api/tests.py
index 961d28da16a..677c7e06d8a 100644
--- a/geonode/base/api/tests.py
+++ b/geonode/base/api/tests.py
@@ -70,7 +70,13 @@
 from geonode.geoapps.models import GeoApp
 from geonode.utils import build_absolute_uri
 from geonode.resource.api.tasks import ExecutionRequest
-from geonode.base.populate_test_data import create_models, create_single_dataset, create_single_doc, create_single_map
+from geonode.base.populate_test_data import (
+    create_models,
+    create_single_dataset,
+    create_single_doc,
+    create_single_map,
+    create_single_geoapp,
+)
 from geonode.resource.api.tasks import resouce_service_dispatcher
 
 logger = logging.getLogger(__name__)
@@ -2913,3 +2919,110 @@ def test_linked_resource_filter_should_work(self):
         finally:
             if _d:
                 _d.delete()
+
+
+class TestApiAdditionalBBoxCalculation(GeoNodeBaseTestSupport):
+    @classmethod
+    def setUpClass(cls) -> None:
+        super().setUpClass()
+        cls.dataset = create_single_dataset("single_layer")
+        cls.map = create_single_map("single_map")
+        cls.doc = create_single_doc("single_doc")
+        cls.geoapp = create_single_geoapp("single_geoapp")
+        cls.bbox = {"extent": {"coords": [6847623, 4776382, 7002886, 4878813], "srid": "EPSG:6875"}}
+
+    def setUp(self):
+        self.admin = get_user_model().objects.get(username="admin")
+
+    def test_dataset_should_not_update_bbox(self):
+        self.client.force_login(self.admin)
+        url = reverse("base-resources-detail", kwargs={"pk": self.dataset.get_self_resource().pk})
+        response = self.client.patch(
+            url,
+            data=json.dumps({"extent": {"coords": [6847623, 4776382, 7002886, 4878813], "srid": "EPSG:6875"}}),
+            content_type="application/json",
+        )
+
+        llbbox = self.dataset.ll_bbox_polygon
+        srid = self.dataset.srid
+
+        self.assertEqual(200, response.status_code)
+        self.dataset.refresh_from_db()
+        self.assertEqual(self.dataset.ll_bbox_polygon, llbbox)
+        self.assertEqual(self.dataset.srid, srid)
+
+    def test_map_should_not_update_bbox(self):
+        self.client.force_login(self.admin)
+        url = reverse("base-resources-detail", kwargs={"pk": self.map.get_self_resource().pk})
+        response = self.client.patch(
+            url,
+            data=json.dumps({"extent": {"coords": [6847623, 4776382, 7002886, 4878813], "srid": "EPSG:6875"}}),
+            content_type="application/json",
+        )
+
+        llbbox = self.map.ll_bbox_polygon
+        srid = self.map.srid
+
+        self.assertEqual(200, response.status_code)
+        self.map.refresh_from_db()
+        self.assertEqual(self.map.ll_bbox_polygon, llbbox)
+        self.assertEqual(self.map.srid, srid)
+
+    def test_document_should_update_bbox(self):
+        self.client.force_login(self.admin)
+        url = reverse("base-resources-detail", kwargs={"pk": self.doc.get_self_resource().pk})
+        response = self.client.patch(
+            url,
+            data=json.dumps({"extent": {"coords": [6847623, 4776382, 7002886, 4878813], "srid": "EPSG:6875"}}),
+            content_type="application/json",
+        )
+
+        self.assertEqual(200, response.status_code)
+        self.doc.refresh_from_db()
+        expected = {
+            "coords": [10.094299016880456, 43.172169804633185, 12.036103612263465, 44.11087068031093],
+            "srid": "EPSG:4326",
+        }
+        resp = response.json()["resource"].get("extent")
+        self.assertEqual(resp, expected)
+        self.assertEqual("EPSG:6875", self.doc.srid)
+        expected = "POLYGON ((10.094299016880456 43.172169804633185, 10.094299016880456 44.11087068031093, 12.036103612263465 44.11087068031093, 12.036103612263465 43.172169804633185, 10.094299016880456 43.172169804633185))"  # noqa
+        self.assertEqual(self.doc.ll_bbox_polygon.wkt, expected)
+
+    def test_geoapp_should_update_bbox(self):
+        self.client.force_login(self.admin)
+        url = reverse("base-resources-detail", kwargs={"pk": self.geoapp.get_self_resource().pk})
+        response = self.client.patch(
+            url,
+            data=json.dumps({"extent": {"coords": [6847623, 4776382, 7002886, 4878813], "srid": "EPSG:6875"}}),
+            content_type="application/json",
+        )
+
+        self.assertEqual(200, response.status_code)
+        self.geoapp.refresh_from_db()
+        expected = {
+            "coords": [10.094299016880456, 43.172169804633185, 12.036103612263465, 44.11087068031093],
+            "srid": "EPSG:4326",
+        }
+        resp = response.json()["resource"].get("extent")
+        self.assertEqual(resp, expected)
+        expected = "POLYGON ((10.094299016880456 43.172169804633185, 10.094299016880456 44.11087068031093, 12.036103612263465 44.11087068031093, 12.036103612263465 43.172169804633185, 10.094299016880456 43.172169804633185))"  # noqa
+        self.assertEqual(self.geoapp.ll_bbox_polygon.wkt, expected)
+        self.assertEqual("EPSG:6875", self.geoapp.srid)
+
+    def test_geoapp_send_invalid_bbox_should_raise_error(self):
+        self.client.force_login(self.admin)
+        url = reverse("base-resources-detail", kwargs={"pk": self.geoapp.get_self_resource().pk})
+        response = self.client.patch(
+            url,
+            data=json.dumps({"extent": {"coords": [6847623, 4776382, 7002886], "srid": "EPSG:6875"}}),
+            content_type="application/json",
+        )
+
+        self.assertEqual(500, response.status_code)
+        expected = {
+            "success": False,
+            "errors": ["The standard bbox provided is invalid"],
+            "code": "invalid_resource_exception",
+        }
+        self.assertDictEqual(expected, response.json())
diff --git a/geonode/base/models.py b/geonode/base/models.py
index 1efe7288b0d..1a2c8a38abd 100644
--- a/geonode/base/models.py
+++ b/geonode/base/models.py
@@ -66,7 +66,14 @@
 from geonode.singleton import SingletonModel
 from geonode.groups.conf import settings as groups_settings
 from geonode.base.bbox_utils import BBOXHelper, polygon_from_bbox
-from geonode.utils import bbox_to_wkt, find_by_attr, bbox_to_projection, get_allowed_extensions, is_monochromatic_image
+from geonode.utils import (
+    bbox_to_wkt,
+    find_by_attr,
+    bbox_to_projection,
+    bbox_swap,
+    get_allowed_extensions,
+    is_monochromatic_image,
+)
 from geonode.thumbs.utils import thumb_size, remove_thumbs, get_unique_upload_path
 from geonode.groups.models import GroupProfile
 from geonode.security.utils import get_visible_resources, get_geoapp_subtypes
@@ -1402,7 +1409,14 @@ def set_ll_bbox_polygon(self, bbox, srid="EPSG:4326"):
             else:
                 match = re.match(r"^(EPSG:)?(?P<srid>\d{4,6})$", str(srid))
                 bbox_polygon.srid = int(match.group("srid")) if match else 4326
-                self.ll_bbox_polygon = Polygon.from_bbox(bbox_to_projection(list(bbox_polygon.extent) + [srid])[:-1])
+
+                # Adapt coords order from xmin,ymin,xmax,ymax to xmin,xmax,ymin,ymax
+                standard_extent = list(bbox_polygon.extent)
+                bbox_gn_order = bbox_swap(standard_extent) + [srid]
+                projected_bbox_gn_order = bbox_to_projection(bbox_gn_order)
+                projected_bbox = bbox_swap(projected_bbox_gn_order[:-1])
+
+                self.ll_bbox_polygon = Polygon.from_bbox(projected_bbox)
             ResourceBase.objects.filter(id=self.id).update(ll_bbox_polygon=self.ll_bbox_polygon)
         except Exception as e:
             raise GeoNodeException(e)
diff --git a/geonode/base/populate_test_data.py b/geonode/base/populate_test_data.py
index 3b0be582bf0..faa8c3b91f6 100644
--- a/geonode/base/populate_test_data.py
+++ b/geonode/base/populate_test_data.py
@@ -42,6 +42,7 @@
 from geonode.compat import ensure_string
 from geonode.documents.models import Document
 from geonode.base.models import ResourceBase, TopicCategory
+from geonode.geoapps.models import GeoApp
 
 # This is used to populate the database with the search fixture data. This is
 # primarily used as a first step to generate the json data for the fixture using
@@ -482,6 +483,37 @@ def create_single_doc(name, owner=None, **kwargs):
     return m
 
 
+def create_single_geoapp(name, resource_type="geostory", owner=None, **kwargs):
+    admin, created = get_user_model().objects.get_or_create(username="admin")
+    if created:
+        admin.is_superuser = True
+        admin.first_name = "admin"
+        admin.set_password("admin")
+        admin.save()
+    test_datetime = datetime.strptime("2020-01-01", "%Y-%m-%d")
+    dd = (name, "lorem ipsum", name, f"{name}", [0, 22, 0, 22], test_datetime, ("populartag",))
+    title, abstract, name, alternate, (bbox_x0, bbox_x1, bbox_y0, bbox_y1), start, kws = dd
+    logger.debug(f"[SetUp] Add geoapp {title}")
+    m, _ = GeoApp.objects.get_or_create(
+        title=title,
+        defaults=dict(
+            uuid=str(uuid4()),
+            abstract=abstract,
+            owner=owner or admin,
+            resource_type=resource_type,
+            bbox_polygon=Polygon.from_bbox((bbox_x0, bbox_y0, bbox_x1, bbox_y1)),
+            ll_bbox_polygon=Polygon.from_bbox((bbox_x0, bbox_y0, bbox_x1, bbox_y1)),
+            srid="EPSG:4326",
+            files=dfile,
+            **kwargs,
+        ),
+    )
+    m.set_default_permissions(owner=owner or admin)
+    m.clear_dirty_state()
+    m.set_processing_state(enumerations.STATE_PROCESSED)
+    return m
+
+
 def add_keywords_to_resource(resource, keywords):
     for keyword in keywords:
         resource.keywords.add(keyword)
diff --git a/geonode/documents/api/tests.py b/geonode/documents/api/tests.py
index 1951da4e2e1..9a08fbd8671 100644
--- a/geonode/documents/api/tests.py
+++ b/geonode/documents/api/tests.py
@@ -22,7 +22,7 @@
 from urllib.parse import urljoin
 
 from django.urls import reverse
-from rest_framework.test import APITestCase
+from rest_framework.test import APITransactionTestCase
 
 from guardian.shortcuts import assign_perm, get_anonymous_user
 from geonode import settings
@@ -34,7 +34,7 @@
 logger = logging.getLogger(__name__)
 
 
-class DocumentsApiTests(APITestCase):
+class DocumentsApiTests(APITransactionTestCase):
     fixtures = ["initial_data.json", "group_test_data.json", "default_oauth_apps.json"]
 
     def setUp(self):
@@ -143,6 +143,34 @@ def test_creation_should_create_the_doc(self):
         self.assertEqual("xml", extension)
         self.assertTrue(Document.objects.filter(title="New document for testing").exists())
 
+    def test_creation_should_create_the_doc_and_update_the_bbox(self):
+        """
+        If file_path is not available, should raise error
+        """
+        self.client.force_login(self.admin)
+        payload = {
+            "document": {
+                "title": "New document for testing",
+                "metadata_only": True,
+                "file_path": self.valid_file_path,
+                "extent": {"coords": [1123692.0, 5338214.0, 1339852.0, 5482615.0], "srid": "EPSG:3857"},
+            },
+        }
+        actual = self.client.post(self.url, data=payload, format="json")
+        self.assertEqual(201, actual.status_code)
+        extension = actual.json().get("document", {}).get("extension", "")
+        self.assertEqual("xml", extension)
+        doc = Document.objects.filter(title="New document for testing").all()
+        self.assertTrue(doc.exists())
+        x = doc.first()
+        x.refresh_from_db()
+        self.assertEqual("EPSG:3857", x.srid)
+        self.assertEqual(actual.json()["document"].get("extent")["srid"], "EPSG:4326")
+        self.assertEqual(
+            actual.json()["document"].get("extent")["coords"],
+            [10.094296982428332, 43.1721654049465, 12.03609530058109, 44.11086592050112],
+        )
+
     def test_file_path_and_doc_path_are_not_returned(self):
         """
         If file_path and doc_path should not be visible
diff --git a/geonode/geoapps/api/tests.py b/geonode/geoapps/api/tests.py
index 6467e2f9e0d..4b3a545f182 100644
--- a/geonode/geoapps/api/tests.py
+++ b/geonode/geoapps/api/tests.py
@@ -95,10 +95,24 @@ def test_geoapps_crud(self):
         self.assertTrue(self.client.login(username="bobby", password="bob"))
         # Create
         url = f"{reverse('geoapps-list')}?include[]=data"
-        data = {"name": "Test Create", "title": "Test Create", "resource_type": "geostory", "owner": "bobby"}
+        data = {
+            "name": "Test Create",
+            "title": "Test Create",
+            "resource_type": "geostory",
+            "owner": "bobby",
+            "extent": {"coords": [1123692.0, 5338214.0, 1339852.0, 5482615.0], "srid": "EPSG:3857"},
+        }
         response = self.client.post(url, data=data, format="json")
         self.assertEqual(response.status_code, 201)  # 201 - Created
 
+        x = GeoApp.objects.filter(title="Test Create").first()
+        self.assertEqual(x.srid, "EPSG:3857")
+        self.assertEqual(response.json()["geoapp"].get("extent")["srid"], "EPSG:4326")
+        self.assertEqual(
+            response.json()["geoapp"].get("extent")["coords"],
+            [10.094296982428332, 43.1721654049465, 12.03609530058109, 44.11086592050112],
+        )
+
         response = self.client.get(url, format="json")
         self.assertEqual(response.status_code, 200)
         self.assertEqual(len(response.data), 5)
diff --git a/geonode/security/utils.py b/geonode/security/utils.py
index 96a9d763062..91b567562de 100644
--- a/geonode/security/utils.py
+++ b/geonode/security/utils.py
@@ -22,7 +22,6 @@
 import collections
 from itertools import chain
 
-from django.apps import apps
 from django.db.models import Q
 from django.conf import settings
 from django.contrib.auth import get_user_model
@@ -216,14 +215,9 @@ def get_geoapp_subtypes():
     """
     from geonode.geoapps.models import GeoApp
 
-    subtypes = []
-    for label, app in apps.app_configs.items():
-        if hasattr(app, "type") and app.type == "GEONODE_APP":
-            if hasattr(app, "default_model"):
-                _model = apps.get_model(label, app.default_model)
-                if issubclass(_model, GeoApp):
-                    subtypes.append(_model.__name__.lower())
-    return subtypes
+    if not globals().get("geoapp_subtypes"):
+        globals()["geoapp_subtypes"] = list(GeoApp.objects.values_list("resource_type", flat=True).distinct())
+    return globals().get("geoapp_subtypes", [])
 
 
 def skip_registered_members_common_group(user_group):
diff --git a/geonode/utils.py b/geonode/utils.py
index 26feb074218..d9c67345344 100755
--- a/geonode/utils.py
+++ b/geonode/utils.py
@@ -493,6 +493,12 @@ def _split_query(query):
     return [kw.strip() for kw in keywords if kw.strip()]
 
 
+# Swaps coords order from xmin,ymin,xmax,ymax to xmin,xmax,ymin,ymax and viceversa
+def bbox_swap(bbox):
+    _bbox = [float(o) for o in bbox]
+    return [_bbox[0], _bbox[2], _bbox[1], _bbox[3]]
+
+
 def bbox_to_wkt(x0, x1, y0, y1, srid="4326", include_srid=True):
     if srid and str(srid).startswith("EPSG:"):
         srid = srid[5:]

From 79ac6e70419c2e0261548bed91c159b54ff35b8d Mon Sep 17 00:00:00 2001
From: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Thu, 14 Sep 2023 13:17:12 +0200
Subject: [PATCH 177/330] Merge pull request from GHSA-pxg5-h34r-7q8p

* fixes advisory

* - fix tests
---
 geonode/proxy/tests.py | 10 ++++++++++
 geonode/utils.py       | 21 +++++++++++++++++++--
 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/geonode/proxy/tests.py b/geonode/proxy/tests.py
index f44315c52a7..807a64f3f7e 100644
--- a/geonode/proxy/tests.py
+++ b/geonode/proxy/tests.py
@@ -213,6 +213,16 @@ class Response:
         response = self.client.get(f"{self.proxy_url}?url={url}")
         self.assertEqual(response.status_code, 403)
 
+        url = f"{settings.SITEURL.rstrip('/')}@geoserver:8080/web/index.html"
+
+        response = self.client.get(f"{self.proxy_url}?url={url}")
+        self.assertEqual(response.status_code, 403)
+
+        url = f"{settings.SITEURL.rstrip('/')}%40geoserver:8080/web/index.html"
+
+        response = self.client.get(f"{self.proxy_url}?url={url}")
+        self.assertEqual(response.status_code, 403)
+
         # Legit requests using the local host (SITEURL)
         url = f"/\\@%23{urlsplit(settings.SITEURL).hostname}"
 
diff --git a/geonode/utils.py b/geonode/utils.py
index d9c67345344..d15dafe3162 100755
--- a/geonode/utils.py
+++ b/geonode/utils.py
@@ -88,6 +88,7 @@
     urlparse,
     urlsplit,
     urlencode,
+    urlunparse,
     parse_qsl,
     ParseResult,
 )
@@ -1907,11 +1908,27 @@ def build_absolute_uri(url):
     return url
 
 
+def remove_credentials_from_url(url):
+    # Parse the URL
+    parsed_url = urlparse(url)
+
+    # Remove the username and password from the parsed URL
+    parsed_url = parsed_url._replace(netloc=parsed_url.netloc.split("@")[-1])
+
+    # Reconstruct the URL without credentials
+    cleaned_url = urlunparse(parsed_url)
+
+    return cleaned_url
+
+
 def extract_ip_or_domain(url):
+    # Decode the URL to handle percent-encoded characters
+    _url = remove_credentials_from_url(unquote(url))
+
     ip_regex = re.compile("^(?:http://|https://)(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})")
     domain_regex = re.compile("^(?:http://|https://)([a-zA-Z0-9.-]+)")
 
-    match = ip_regex.findall(url)
+    match = ip_regex.findall(_url)
     if len(match):
         ip_address = match[0]
         try:
@@ -1920,7 +1937,7 @@ def extract_ip_or_domain(url):
         except ValueError:
             pass
 
-    match = domain_regex.findall(url)
+    match = domain_regex.findall(_url)
     if len(match):
         return match[0]
 

From 6503e4242dbc1e524af4c13e8d8259ef89968ce5 Mon Sep 17 00:00:00 2001
From: afabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Thu, 14 Sep 2023 14:03:25 +0200
Subject: [PATCH 178/330]  - Test fix

---
 .env_test              | 2 +-
 geonode/proxy/tests.py | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.env_test b/.env_test
index cfbc1098d97..9bb0ed09481 100644
--- a/.env_test
+++ b/.env_test
@@ -43,7 +43,7 @@ ASYNC_SIGNALS=True
 
 SITEURL=http://localhost:8000/
 
-ALLOWED_HOSTS="['django', '*']"
+ALLOWED_HOSTS="['django', 'localhost']"
 
 # Data Uploader
 DEFAULT_BACKEND_UPLOADER=geonode.importer
diff --git a/geonode/proxy/tests.py b/geonode/proxy/tests.py
index 807a64f3f7e..637fa54b8c1 100644
--- a/geonode/proxy/tests.py
+++ b/geonode/proxy/tests.py
@@ -213,12 +213,12 @@ class Response:
         response = self.client.get(f"{self.proxy_url}?url={url}")
         self.assertEqual(response.status_code, 403)
 
-        url = f"{settings.SITEURL.rstrip('/')}@geoserver:8080/web/index.html"
+        url = f"{settings.SITEURL.rstrip('/')}@db/"
 
         response = self.client.get(f"{self.proxy_url}?url={url}")
         self.assertEqual(response.status_code, 403)
 
-        url = f"{settings.SITEURL.rstrip('/')}%40geoserver:8080/web/index.html"
+        url = f"{settings.SITEURL.rstrip('/')}%40db/"
 
         response = self.client.get(f"{self.proxy_url}?url={url}")
         self.assertEqual(response.status_code, 403)

From 66ccb3cb9484ed91f03890677a3fd2db76a533d0 Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Fri, 15 Sep 2023 16:25:04 +0200
Subject: [PATCH 179/330] [Fixes #11430] Improve metadata template for geoapp
 (#11489)

* [Fixes #11430] Improve metadata template for geoapp

* [Fixes #11430] Remove typo

* [Fixes #11430] add block for doc
---
 geonode/documents/templates/layouts/doc_panels.html | 2 ++
 geonode/geoapps/templates/layouts/app_panels.html   | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/geonode/documents/templates/layouts/doc_panels.html b/geonode/documents/templates/layouts/doc_panels.html
index d02d01085fc..2a3a7b08004 100644
--- a/geonode/documents/templates/layouts/doc_panels.html
+++ b/geonode/documents/templates/layouts/doc_panels.html
@@ -514,6 +514,7 @@
                 {% endblock doc_supplemental_information %}
             </div>
             <div class="col-xs-12 col-lg-5">
+              {% block doc_temporal_block %}
                     <div class="col-xs-12 col-lg-6">
                       {% block doc_temporal_extent_start %}
                       <div class="input-group date">
@@ -532,6 +533,7 @@
                         </div>
                       {% endblock doc_temporal_extent_end %}
                     </div>
+                {% endblock %}
                 <div class="col-xs-12">
                       {% block doc_maintenance_frequency %}
                     <div style="margin-top: 5px">
diff --git a/geonode/geoapps/templates/layouts/app_panels.html b/geonode/geoapps/templates/layouts/app_panels.html
index cb8aa41f766..e5ea2378882 100644
--- a/geonode/geoapps/templates/layouts/app_panels.html
+++ b/geonode/geoapps/templates/layouts/app_panels.html
@@ -498,6 +498,7 @@
                 {% endblock maintenance_block %}
             </div>
             <div class="col-xs-12 col-lg-3">
+              {% block geoapp_poc %}
               <div class="panel panel-default" style="margin-top: 5px">
                   <div class="panel-heading">{% trans "Responsible Parties" %}</div>
                   <div class="panel-body">
@@ -505,6 +506,7 @@
                       {{ geoapp_form.poc }}
                   </div>
               </div>
+              {% endblock %}
               <div class="panel panel-default">
                   <div class="panel-heading">{% trans "Responsible and Permissions" %}</div>
                   <div class="panel-body">

From 88658844e734d4bf26a3e6781826941c29e04d0b Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Fri, 15 Sep 2023 18:42:09 +0200
Subject: [PATCH 180/330] Update .env_test (#11495)

---
 .env_test | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.env_test b/.env_test
index 9bb0ed09481..a5d6e909abd 100644
--- a/.env_test
+++ b/.env_test
@@ -43,7 +43,7 @@ ASYNC_SIGNALS=True
 
 SITEURL=http://localhost:8000/
 
-ALLOWED_HOSTS="['django', 'localhost']"
+ALLOWED_HOSTS="['django', 'localhost', '127.0.0.1']"
 
 # Data Uploader
 DEFAULT_BACKEND_UPLOADER=geonode.importer

From 96566be47c75b6932e36bb565b33ae97ddc39d93 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Fri, 15 Sep 2023 18:42:36 +0200
Subject: [PATCH 181/330] [Fixes #11491 abd #11492] Fix alpha blending and
 remote layers in thumbnails (#11493)

* Fix alpha blending and remote layers in thumbs

* fix black formatting
---
 geonode/thumbs/thumbnails.py | 34 +++++++++++++++++++---------------
 geonode/thumbs/utils.py      |  2 +-
 2 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/geonode/thumbs/thumbnails.py b/geonode/thumbs/thumbnails.py
index 45819775408..822815780da 100644
--- a/geonode/thumbs/thumbnails.py
+++ b/geonode/thumbs/thumbnails.py
@@ -25,6 +25,7 @@
 from django.conf import settings
 from django.utils.module_loading import import_string
 
+from geonode.base.enumerations import SOURCE_TYPE_REMOTE
 from geonode.documents.models import Document
 from geonode.geoapps.models import GeoApp
 from geonode.maps.models import Map, MapLayer
@@ -42,7 +43,7 @@ def create_gs_thumbnail_geonode(instance, overwrite=False, check_bbox=False):
     """
     Create a thumbnail with a GeoServer request.
     """
-    wms_version = getattr(ogc_server_settings, "WMS_VERSION") or "1.1.1"
+    wms_version = getattr(ogc_server_settings, "WMS_VERSION") or "1.3.0"
 
     create_thumbnail(
         instance,
@@ -53,7 +54,7 @@ def create_gs_thumbnail_geonode(instance, overwrite=False, check_bbox=False):
 
 def create_thumbnail(
     instance: Union[Dataset, Map],
-    wms_version: str = settings.OGC_SERVER["default"].get("WMS_VERSION", "1.1.1"),
+    wms_version: str = settings.OGC_SERVER["default"].get("WMS_VERSION", "1.3.0"),
     bbox: Optional[Union[List, Tuple]] = None,
     forced_crs: Optional[str] = None,
     styles: Optional[List] = None,
@@ -138,8 +139,10 @@ def create_thumbnail(
     partial_thumbs = []
 
     for ogc_server, datasets, _styles in locations:
-        if isinstance(instance, Map) and len(datasets) == len(_styles):
-            styles = _styles
+        if isinstance(instance, Map):
+            styles = []
+            if len(datasets) == len(_styles):
+                styles = _styles
         try:
             partial_thumbs.append(
                 utils.get_map(
@@ -171,7 +174,8 @@ def create_thumbnail(
                 img = Image.open(content)
                 img.verify()  # verify that it is, in fact an image
                 img = Image.open(BytesIO(image))  # "re-open" the file (required after running verify method)
-                merged_partial_thumbs.paste(img, mask=img.convert("RGBA").split()[-1])
+                # merged_partial_thumbs.paste(img, mask=img.convert("RGBA").split()[-1])
+                merged_partial_thumbs = Image.alpha_composite(merged_partial_thumbs, img.convert("RGBA"))
             except UnidentifiedImageError as e:
                 logger.error(f"Thumbnail generation. Error occurred while fetching dataset image: {image}")
                 logger.exception(e)
@@ -186,12 +190,12 @@ def create_thumbnail(
         background = None
 
     # --- overlay image with background ---
-    thumbnail = Image.new("RGB", (width, height), (250, 250, 250))
+    thumbnail = Image.new("RGBA", (width, height), (250, 250, 250))
 
     if background is not None:
         thumbnail.paste(background, (0, 0))
 
-    thumbnail.paste(merged_partial_thumbs, (0, 0), merged_partial_thumbs)
+    thumbnail = Image.alpha_composite(thumbnail, merged_partial_thumbs)
 
     # convert image to the format required by save_thumbnail
     with BytesIO() as output:
@@ -271,25 +275,25 @@ def _datasets_locations(
             else:
                 bbox = utils.transform_bbox(instance.bbox, target_crs)
     elif isinstance(instance, Map):
-        for map_dataset in instance.maplayers.filter(visibility=True).order_by("order").iterator():
-            if not map_dataset.local and not map_dataset.ows_url:
+        for maplayer in instance.maplayers.filter(visibility=True).order_by("order").iterator():
+            if maplayer.dataset and maplayer.dataset.sourcetype == SOURCE_TYPE_REMOTE and not maplayer.dataset.ows_url:
                 logger.warning(
                     "Incorrectly defined remote dataset encountered (no OWS URL defined)."
                     "Skipping it in the thumbnail generation."
                 )
                 continue
 
-            name = get_dataset_name(map_dataset)
-            store = map_dataset.store
-            workspace = get_dataset_workspace(map_dataset)
-            map_dataset_style = map_dataset.current_style
+            name = get_dataset_name(maplayer)
+            store = maplayer.store
+            workspace = get_dataset_workspace(maplayer)
+            map_dataset_style = maplayer.current_style
 
             if store and Dataset.objects.filter(store=store, workspace=workspace, name=name).exists():
                 dataset = Dataset.objects.filter(store=store, workspace=workspace, name=name).first()
             elif workspace and Dataset.objects.filter(workspace=workspace, name=name).exists():
                 dataset = Dataset.objects.filter(workspace=workspace, name=name).first()
-            elif Dataset.objects.filter(alternate=map_dataset.name).exists():
-                dataset = Dataset.objects.filter(alternate=map_dataset.name).first()
+            elif Dataset.objects.filter(alternate=maplayer.name).exists():
+                dataset = Dataset.objects.filter(alternate=maplayer.name).first()
             else:
                 logger.warning(f"Dataset for MapLayer {name} was not found. Skipping it in the thumbnail.")
                 continue
diff --git a/geonode/thumbs/utils.py b/geonode/thumbs/utils.py
index a33135a4b29..a7463fc037c 100644
--- a/geonode/thumbs/utils.py
+++ b/geonode/thumbs/utils.py
@@ -149,7 +149,7 @@ def get_map(
     ogc_server_location: str,
     layers: List,
     bbox: List,
-    wms_version: str = settings.OGC_SERVER["default"].get("WMS_VERSION", "1.1.1"),
+    wms_version: str = settings.OGC_SERVER["default"].get("WMS_VERSION", "1.3.0"),
     mime_type: str = "image/png",
     styles: List = None,
     width: int = 240,

From 80e2bbfef601ae3c209950f6c659c5976bd1c4f1 Mon Sep 17 00:00:00 2001
From: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Mon, 18 Sep 2023 11:07:13 +0200
Subject: [PATCH 182/330] fix: scripts/docker/nginx/Dockerfile to reduce
 vulnerabilities (#11500)

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
---
 scripts/docker/nginx/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/docker/nginx/Dockerfile b/scripts/docker/nginx/Dockerfile
index 2e3a8fea7cd..5559b30fe74 100644
--- a/scripts/docker/nginx/Dockerfile
+++ b/scripts/docker/nginx/Dockerfile
@@ -1,4 +1,4 @@
-FROM nginx:1.25.1-alpine
+FROM nginx:1.25.2-alpine
 
 RUN apk add --no-cache openssl inotify-tools vim
 

From 24203707877a344bce058a816dd79eeb78b3dd5e Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Thu, 29 Sep 2022 14:22:48 +0200
Subject: [PATCH 183/330] [Fixes #10066][Depencendies] Security audit and
 checks (#10067) (#10072)

* [Fixes #10066][Depencendies] Security audit and checks

* -SNYK security fix

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
---
 setup.cfg | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/setup.cfg b/setup.cfg
index f6d5f90abf2..68e7cfb03fd 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -202,6 +202,11 @@ install_requires =
     certifi>=2022.12.7 # not directly required, pinned by Snyk to avoid a vulnerability
     jwcrypto>=1.4 # not directly required, pinned by Snyk to avoid a vulnerability
 
+    # Security and audit
+    mistune==2.0.3
+    protobuf==4.21.6
+    mako==1.2.3
+
 [options.packages.find]
 exclude = tests
 

From d67189df76853cf5d4958f9be80c07f15ad17893 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Mon, 3 Oct 2022 10:10:12 +0200
Subject: [PATCH 184/330] [Fixes #10055] Modify Metadata form with permissions
 check (#10057) (#10076)

* -[Fixes #10055] Modify Metadata form with permissions check

* - check user in form

* - update tests

* - add tests

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>

Co-authored-by: NAGGINDA MARTHA <marthamareal@gmail.com>
Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 geonode/base/forms.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/geonode/base/forms.py b/geonode/base/forms.py
index c888d816670..b0c91ff7d0f 100644
--- a/geonode/base/forms.py
+++ b/geonode/base/forms.py
@@ -470,6 +470,9 @@ def __init__(self, *args, **kwargs):
             if field in ["poc", "owner"] and not self.can_change_perms:
                 self.fields[field].disabled = True
 
+            if field in ['poc', 'owner'] and not self.can_change_perms:
+                self.fields[field].disabled = True
+
     def disable_keywords_widget_for_non_superuser(self, user):
         if settings.FREETEXT_KEYWORDS_READONLY and not user.is_superuser:
             self["keywords"].field.disabled = True

From 4324f80602a6e8d40e34d9961bf13d0f7c647ce3 Mon Sep 17 00:00:00 2001
From: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Mon, 10 Oct 2022 16:08:20 +0200
Subject: [PATCH 185/330] [Dependencies] Align setup.cfg to requirements.txt
 (#10124) (#10128)

(cherry picked from commit e66dd985393d7728ddce2cd1f33b737cbb2b5f6e)

# Conflicts:
#	requirements.txt
---
 setup.cfg | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/setup.cfg b/setup.cfg
index 68e7cfb03fd..5421d529fdf 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -203,8 +203,9 @@ install_requires =
     jwcrypto>=1.4 # not directly required, pinned by Snyk to avoid a vulnerability
 
     # Security and audit
-    mistune==2.0.3
-    protobuf==4.21.6
+    mistune==2.0.4
+    wandb==0.12.17
+    protobuf==3.20.3
     mako==1.2.3
 
 [options.packages.find]

From e6809ad3656bb0e22e2cab567caaf172eb46d7b9 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed, 12 Oct 2022 09:27:35 +0200
Subject: [PATCH 186/330] [Fixes #7852] Update catalog and background layers
 url configuration in settings.py and related files (#9950) (#10129)

* -[Fixes #7852] Update catalog and background layers url configuration in settings.py and related files

* - update geoid url

Co-authored-by: NAGGINDA MARTHA <marthamareal@gmail.com>
---
 geonode/local_settings.py.geoserver.sample | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/geonode/local_settings.py.geoserver.sample b/geonode/local_settings.py.geoserver.sample
index 733589d6d36..7b45e3d77af 100644
--- a/geonode/local_settings.py.geoserver.sample
+++ b/geonode/local_settings.py.geoserver.sample
@@ -316,14 +316,6 @@ if GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY == 'mapstore':
 
     GEONODE_CATALOGUE_SERVICE = get_geonode_catalogue_service()
 
-    MAPSTORE_CATALOGUE_SERVICES = {}
-
-    MAPSTORE_CATALOGUE_SELECTED_SERVICE = ""
-
-    if GEONODE_CATALOGUE_SERVICE:
-        MAPSTORE_CATALOGUE_SERVICES[list(GEONODE_CATALOGUE_SERVICE.keys())[0]] = GEONODE_CATALOGUE_SERVICE[list(GEONODE_CATALOGUE_SERVICE.keys())[0]]
-        MAPSTORE_CATALOGUE_SELECTED_SERVICE = list(GEONODE_CATALOGUE_SERVICE.keys())[0]
-
     DEFAULT_MS2_BACKGROUNDS = [
         {
             "type": "tileprovider",

From 2dd52654b2e27181aa0bc3dd28b467571451271b Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Mon, 17 Oct 2022 12:54:00 +0200
Subject: [PATCH 187/330] =?UTF-8?q?[Fixes=20#10142]=20storage=5Fmanager=20?=
 =?UTF-8?q?copy=20dont=20assign=20the=20folder/file=20permi=E2=80=A6=20(#1?=
 =?UTF-8?q?0143)=20(#10154)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Fixes #10142] storage_manager copy dont assign the folder/file permissions correcly

* [Fixes #10142] storage_manager copy dont assign the folder/file permissions correcly

* [Fixes #10142] storage_manager copy dont assign the folder/file permissions correcly

* [Fixes #10142] storage_manager copy dont assign the folder/file permissions correcly

* [Fixes #10142] storage_manager copy dont assign the folder/file permissions correcly

Co-authored-by: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
---
 geonode/storage/tests.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/geonode/storage/tests.py b/geonode/storage/tests.py
index 89eea61d4ad..c2e6c93b459 100644
--- a/geonode/storage/tests.py
+++ b/geonode/storage/tests.py
@@ -416,6 +416,22 @@ def test_storage_manager_copy(self):
         os.remove(output.get("files")[0])
         self.assertFalse(os.path.exists(output.get("files")[0]))
 
+    @override_settings(FILE_UPLOAD_DIRECTORY_PERMISSIONS=0o777)
+    @override_settings(FILE_UPLOAD_PERMISSIONS=0o777)
+    def test_storage_manager_copy(self):
+        '''
+        Test that the copy works as expected and the permissions are corerct
+        '''
+        dataset = create_single_dataset(name="test_copy")
+        dataset.files = [os.path.join(f"{self.project_root}", "tests/data/test_sld.sld")]
+        dataset.save()
+        output = self.sut().copy(dataset)
+
+        self.assertTrue(os.path.exists(output.get("files")[0]))
+        self.assertEqual(os.stat(os.path.exists(output.get("files")[0])).st_mode, 8592)
+        os.remove(output.get("files")[0])
+        self.assertFalse(os.path.exists(output.get("files")[0]))
+
 
 class TestDataRetriever(TestCase):
     @classmethod

From 8d7de88c83917c63491a052e15220934d11df9d3 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Tue, 18 Oct 2022 11:44:16 +0200
Subject: [PATCH 188/330] Align requirements.txt comments with 4.x (#10162)
 (#10163)

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
---
 setup.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.cfg b/setup.cfg
index 5421d529fdf..3fc13d93b40 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -204,7 +204,7 @@ install_requires =
 
     # Security and audit
     mistune==2.0.4
-    wandb==0.12.17
+    wandb==0.13.4
     protobuf==3.20.3
     mako==1.2.3
 

From d5ec478b2f5e5cb506ff64c18e42f18f53590ade Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Thu, 27 Oct 2022 15:19:18 +0200
Subject: [PATCH 189/330] [Fixes #10204] restore mapstore catalog settings
 (#10205) (#10206)

Co-authored-by: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
---
 geonode/local_settings.py.geoserver.sample | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/geonode/local_settings.py.geoserver.sample b/geonode/local_settings.py.geoserver.sample
index 7b45e3d77af..733589d6d36 100644
--- a/geonode/local_settings.py.geoserver.sample
+++ b/geonode/local_settings.py.geoserver.sample
@@ -316,6 +316,14 @@ if GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY == 'mapstore':
 
     GEONODE_CATALOGUE_SERVICE = get_geonode_catalogue_service()
 
+    MAPSTORE_CATALOGUE_SERVICES = {}
+
+    MAPSTORE_CATALOGUE_SELECTED_SERVICE = ""
+
+    if GEONODE_CATALOGUE_SERVICE:
+        MAPSTORE_CATALOGUE_SERVICES[list(GEONODE_CATALOGUE_SERVICE.keys())[0]] = GEONODE_CATALOGUE_SERVICE[list(GEONODE_CATALOGUE_SERVICE.keys())[0]]
+        MAPSTORE_CATALOGUE_SELECTED_SERVICE = list(GEONODE_CATALOGUE_SERVICE.keys())[0]
+
     DEFAULT_MS2_BACKGROUNDS = [
         {
             "type": "tileprovider",

From 4c1eb93869f3d156309e62099d9c43a5d392622f Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Fri, 4 Nov 2022 16:55:34 +0100
Subject: [PATCH 190/330] [4.0.x][Fixes #10208] Add a custom hook at the end of
 the permissions assign (#10212)

* [Fixes #10208] Add a custom hook at the end of the permissions assign
---
 geonode/geoserver/signals.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/geonode/geoserver/signals.py b/geonode/geoserver/signals.py
index 70b96060303..591a1e12552 100644
--- a/geonode/geoserver/signals.py
+++ b/geonode/geoserver/signals.py
@@ -42,6 +42,8 @@
 
 geofence_rule_assign = Signal(providing_args=["instance"])
 
+post_set_permissions = Signal(providing_args=['instance'])
+
 
 def geoserver_delete(typename):
     # cascading_delete should only be called if

From fad9b26744c184fcce283802ac6ffdf696806866 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Tue, 8 Nov 2022 10:04:04 +0100
Subject: [PATCH 191/330] Fix broken test (#10266) (#10267)

* Fix broken test build

* Fix broken test build

Co-authored-by: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
---
 geonode/security/tests.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/geonode/security/tests.py b/geonode/security/tests.py
index 52b43a38551..3865528f803 100644
--- a/geonode/security/tests.py
+++ b/geonode/security/tests.py
@@ -1748,6 +1748,15 @@ def test_admin_whitelisted_access_middleware(self):
             middleware.process_request(request)
             self.assertTrue(request.user.is_superuser)
 
+        # Test valid IP in second element
+        with self.settings(ADMIN_IP_WHITELIST=['88.88.88.88', '127.0.0.1']):
+            request = HttpRequest()
+            request.user = admin
+            request.path = reverse('home')
+            request.META['REMOTE_ADDR'] = '127.0.0.1'
+            middleware.process_request(request)
+            self.assertTrue(request.user.is_superuser)
+
 
 class SecurityRulesTests(TestCase):
     """

From e1e17dc06a0a4fbaff03019c922457c03efc5f68 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed, 9 Nov 2022 15:04:09 +0100
Subject: [PATCH 192/330] [Fixes #10251] improve feedback to the user and UI
 experience of batch permisisons assignment (#10281) (#10282)

* [Fixes #10251] improve feedback to the user and UI experience

* [Fixes #10251] improve feedback to the user and UI experience

* [Fixes #10251] improve feedback to the user and UI experience

Co-authored-by: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
---
 geonode/base/views.py | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/geonode/base/views.py b/geonode/base/views.py
index 7d5d08aa692..0a7f6fa8b43 100644
--- a/geonode/base/views.py
+++ b/geonode/base/views.py
@@ -333,6 +333,20 @@ def get_results(self, context):
         ]
 
 
+class DatasetsAutocomplete(SimpleSelect2View):
+    model = Dataset
+    filter_arg = 'title__icontains'
+
+    def get_results(self, context):
+        return [
+            {
+                'id': self.get_result_value(result),
+                'text': self.get_result_label(result.title),
+                'selected_text': self.get_selected_result_label(result.title),
+            } for result in context['object_list']
+        ]
+
+
 class ThesaurusAvailable(autocomplete.Select2QuerySetView):
     def get_queryset(self):
         tid = self.request.GET.get("sysid")

From 41de59aec19ef016cac91d07f8fe0f2fffe4eae7 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed, 9 Nov 2022 17:10:36 +0100
Subject: [PATCH 193/330] [Dependencies] Align setup.cfg to requirements.txt
 (#10284) (#10286)

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
---
 setup.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.cfg b/setup.cfg
index 3fc13d93b40..04c8832e443 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -204,7 +204,7 @@ install_requires =
 
     # Security and audit
     mistune==2.0.4
-    wandb==0.13.4
+    wandb==0.13.5
     protobuf==3.20.3
     mako==1.2.3
 

From ac19068938c8a893e1cdaf411bdac93d9ad94b30 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Mon, 14 Nov 2022 22:05:05 +0100
Subject: [PATCH 194/330] [Fixes #10270] Document creation via API v2 (#10271)
 (#10298)

* [Fixes #10270] Document creation via API v2

* [Fixes #10270] Document creation via API v2

* [Fixes #10270] Document creation via API v2

* [Fixes #10270] Document creation via API v2

* [Fixes #10270] Document creation via API v2

* [Fixes #10270] Document creation via API v2

* [Fixes #10270] Document creation via API v2

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

Co-authored-by: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
---
 geonode/documents/api/tests.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/geonode/documents/api/tests.py b/geonode/documents/api/tests.py
index dbb3b13588b..5ab59dfbbb4 100644
--- a/geonode/documents/api/tests.py
+++ b/geonode/documents/api/tests.py
@@ -16,6 +16,8 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 #########################################################################
+import os
+from django.contrib.auth import get_user_model
 import logging
 
 from django.contrib.auth import get_user_model

From ff264770acf114fd69a8ed59a969ce4cc431f417 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Mon, 21 Nov 2022 17:33:14 +0100
Subject: [PATCH 195/330] [Fixes #10303] automatic periodic TaskResult removal
 (#10306) (#10319)

* [Fixes #10303] automatic periodic TaskResult removal

* [Fixes #10303] automatic periodic TaskResult removal

* [Fixes #10303] automatic periodic TaskResult removal

* [Fixes #10303] fix flake8 formatting

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

Co-authored-by: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
---
 geonode/upload/__init__.py | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/geonode/upload/__init__.py b/geonode/upload/__init__.py
index c50c3f5609f..ec9e9b79a26 100644
--- a/geonode/upload/__init__.py
+++ b/geonode/upload/__init__.py
@@ -63,6 +63,19 @@ def run_setup_hooks(sender, **kwargs):
                 start_time=timezone.now(),
             ),
         )
+        daily_interval, _ = IntervalSchedule.objects.get_or_create(
+            every=1,
+            period="days"
+        )
+        PeriodicTask.objects.update_or_create(
+            name="clean-up-old-task-result",
+            defaults=dict(
+                task="geonode.upload.tasks.cleanup_celery_task_entries",
+                interval=daily_interval,
+                args='',
+                start_time=timezone.now()
+            )
+        )
 
 
 class UploadAppConfig(AppConfig):
@@ -79,6 +92,10 @@ def ready(self):
             "task": "geonode.upload.tasks.cleanup_celery_task_entries",
             "schedule": 86400.0,
         }
+        settings.CELERY_BEAT_SCHEDULE['clean-up-old-task-result'] = {
+            'task': 'geonode.upload.tasks.cleanup_celery_task_entries',
+            'schedule': 86400.0,
+        }
 
 
 default_app_config = "geonode.upload.UploadAppConfig"

From 1803b7866e0fad49c9f118bf20fc569af68bb68e Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed, 23 Nov 2022 12:22:48 +0100
Subject: [PATCH 196/330] [Dependencies] Align setup.cfg with requirements.txt
 (#10339) (#10341) (#10344)

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
---
 setup.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.cfg b/setup.cfg
index 04c8832e443..4fedf52c369 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -206,7 +206,7 @@ install_requires =
     mistune==2.0.4
     wandb==0.13.5
     protobuf==3.20.3
-    mako==1.2.3
+    mako==1.2.4
 
 [options.packages.find]
 exclude = tests

From d4bda0f14339ae3e5185b6f032dd7344ab634dcd Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed, 14 Dec 2022 12:25:33 +0100
Subject: [PATCH 197/330] [Dependencies] Align setup.cfg to requirements.txt
 (#10417) (#10419)

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
---
 setup.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.cfg b/setup.cfg
index 4fedf52c369..9d972a40f7c 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -204,7 +204,7 @@ install_requires =
 
     # Security and audit
     mistune==2.0.4
-    wandb==0.13.5
+    wandb==0.13.6
     protobuf==3.20.3
     mako==1.2.4
 

From bb4e53c3721e2fbe64aa63e0f72bd0e28ab628af Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Tue, 20 Dec 2022 12:15:39 +0100
Subject: [PATCH 198/330] [Dependencies] Align setup.cfg to requirements.txt
 (#10444) (#10445)

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
---
 setup.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.cfg b/setup.cfg
index 9d972a40f7c..91c2bfcedd9 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -204,7 +204,7 @@ install_requires =
 
     # Security and audit
     mistune==2.0.4
-    wandb==0.13.6
+    wandb==0.13.7
     protobuf==3.20.3
     mako==1.2.4
 

From 47035eb9b66b52116bb8e6358e6bb78815ffffc4 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed, 18 Jan 2023 10:27:51 +0100
Subject: [PATCH 199/330] [Dependencies] Align "setup.cfg" to
 "requirements.txt" (#10555) (#10558)

(cherry picked from commit 33d4aa9b4fca04f5cc282b5607ff5d1e72e80e6e)

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
---
 setup.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.cfg b/setup.cfg
index 91c2bfcedd9..3509d6bfae7 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -204,7 +204,7 @@ install_requires =
 
     # Security and audit
     mistune==2.0.4
-    wandb==0.13.7
+    wandb==0.13.9
     protobuf==3.20.3
     mako==1.2.4
 

From 6ebdd0902bf5583510756868d9b59d0225270c6b Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Mon, 23 Jan 2023 11:21:53 +0100
Subject: [PATCH 200/330] [Fixes #10537] Improve rules creation using GeoFence
 batch (#10538) (#10567)

* [Fixes #10537] Improve rules creation using GeoFence batch

* - code improvements accordingly to the PR comments

* - code improvements accordingly to the PR comments

* - Test fixes

Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
(cherry picked from commit d101ead2e2552f3d4f9b6cd355ce1eced3dbaecf)

Co-authored-by: Emanuele Tajariol <etj@geo-solutions.it>
---
 geonode/geoserver/helpers.py |  1 +
 geonode/security/tests.py    | 10 ++++++++++
 2 files changed, 11 insertions(+)

diff --git a/geonode/geoserver/helpers.py b/geonode/geoserver/helpers.py
index e46179532c1..30dc6bffa06 100755
--- a/geonode/geoserver/helpers.py
+++ b/geonode/geoserver/helpers.py
@@ -1874,6 +1874,7 @@ def get_time_info(layer):
     url, _user, _password, retries=ogc_server_settings.MAX_RETRIES, backoff_factor=ogc_server_settings.BACKOFF_FACTOR
 )
 gs_uploader = Client(url, _user, _password)
+gf_client = GeofenceClient(url, _user, _password)
 
 
 def _create_geofence_client():
diff --git a/geonode/security/tests.py b/geonode/security/tests.py
index 3865528f803..4651e1f28d0 100644
--- a/geonode/security/tests.py
+++ b/geonode/security/tests.py
@@ -88,6 +88,16 @@ def _log(msg, *args):
     logger.debug(msg, *args)
 
 
+def get_geofence_rules_count():
+    from geonode.geoserver.helpers import gf_client
+    return gf_client.get_rules_count()
+
+
+def get_geofence_rules():
+    from geonode.geoserver.helpers import gf_client
+    return gf_client.get_rules()
+
+
 class StreamToLogger:
     """
     Fake file-like stream object that redirects writes to a logger instance.

From 554df0b7ada76a0897f48db30034ef0cc1e514cc Mon Sep 17 00:00:00 2001
From: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Tue, 24 Jan 2023 12:06:22 +0100
Subject: [PATCH 201/330] Backport 10575 to 4.1.x (#10579)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Bump oauthlib from 3.2.0 to 3.2.1 (#9998)

Bumps [oauthlib](https://github.com/oauthlib/oauthlib) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/oauthlib/oauthlib/releases)
- [Changelog](https://github.com/oauthlib/oauthlib/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/oauthlib/oauthlib/compare/v3.2.0...v3.2.1)

---
updated-dependencies:
- dependency-name: oauthlib
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump jsonschema from 4.15.0 to 4.16.0 (#9999)

Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.15.0 to 4.16.0.
- [Release notes](https://github.com/python-jsonschema/jsonschema/releases)
- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/python-jsonschema/jsonschema/compare/v4.15.0...v4.16.0)

---
updated-dependencies:
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pytest-splinter from 3.3.1 to 3.3.2 (#10000)

Bumps [pytest-splinter](https://github.com/pytest-dev/pytest-splinter) from 3.3.1 to 3.3.2.
- [Release notes](https://github.com/pytest-dev/pytest-splinter/releases)
- [Changelog](https://github.com/pytest-dev/pytest-splinter/blob/master/CHANGES.rst)
- [Commits](https://github.com/pytest-dev/pytest-splinter/compare/3.3.1...3.3.2)

---
updated-dependencies:
- dependency-name: pytest-splinter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump dropbox from 11.33.0 to 11.34.0 (#10001)

Bumps [dropbox](https://github.com/dropbox/dropbox-sdk-python) from 11.33.0 to 11.34.0.
- [Release notes](https://github.com/dropbox/dropbox-sdk-python/releases)
- [Commits](https://github.com/dropbox/dropbox-sdk-python/compare/v11.33.0...v11.34.0)

---
updated-dependencies:
- dependency-name: dropbox
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump django-select2 from 7.10.0 to 7.10.1 (#10006)

Bumps [django-select2](https://github.com/codingjoe/django-select2) from 7.10.0 to 7.10.1.
- [Release notes](https://github.com/codingjoe/django-select2/releases)
- [Commits](https://github.com/codingjoe/django-select2/compare/7.10.0...7.10.1)

---
updated-dependencies:
- dependency-name: django-select2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update pyproj requirement from <3.3.0 to <3.5.0 (#10002)

Updates the requirements on [pyproj](https://github.com/pyproj4/pyproj) to permit the latest version.
- [Release notes](https://github.com/pyproj4/pyproj/releases)
- [Changelog](https://github.com/pyproj4/pyproj/blob/main/docs/history.rst)
- [Commits](https://github.com/pyproj4/pyproj/compare/v1.9.4rel...3.4.0)

---
updated-dependencies:
- dependency-name: pyproj
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump sqlalchemy from 1.4.40 to 1.4.41 (#10005)

Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.40 to 1.4.41.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

---
updated-dependencies:
- dependency-name: sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump twisted from 22.4.0 to 22.8.0 (#10007)

Bumps [twisted](https://github.com/twisted/twisted) from 22.4.0 to 22.8.0.
- [Release notes](https://github.com/twisted/twisted/releases)
- [Changelog](https://github.com/twisted/twisted/blob/trunk/NEWS.rst)
- [Commits](https://github.com/twisted/twisted/compare/twisted-22.4.0...twisted-22.8.0)

---
updated-dependencies:
- dependency-name: twisted
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump ipython from 8.4.0 to 8.5.0 (#10004)

Bumps [ipython](https://github.com/ipython/ipython) from 8.4.0 to 8.5.0.
- [Release notes](https://github.com/ipython/ipython/releases)
- [Commits](https://github.com/ipython/ipython/compare/8.4.0...8.5.0)

---
updated-dependencies:
- dependency-name: ipython
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump boto3 from 1.24.66 to 1.24.70 (#10003)

Bumps [boto3](https://github.com/boto/boto3) from 1.24.66 to 1.24.70.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.24.66...1.24.70)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [Dependencies] Align setup.cfg to requirements.txt (#10019)

* Bump to version 4.0.1

(cherry picked from commit 43cb8049b488b23bbc4886ca9e28d95f8329cf65)

* Bump to version 4.0.2 dev 0

(cherry picked from commit c4bd604e1aa453cd9c6b718792e156e8bdf86e3b)

# Conflicts:
#	requirements.txt
#	setup.cfg

* Bump boto3 from 1.24.70 to 1.24.75 (#10031)

Bumps [boto3](https://github.com/boto/boto3) from 1.24.70 to 1.24.75.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.24.70...1.24.75)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump smart-open from 6.1.0 to 6.2.0 (#10030)

Bumps [smart-open](https://github.com/piskvorky/smart_open) from 6.1.0 to 6.2.0.
- [Release notes](https://github.com/piskvorky/smart_open/releases)
- [Changelog](https://github.com/RaRe-Technologies/smart_open/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/piskvorky/smart_open/compare/v6.1.0...v6.2.0)

---
updated-dependencies:
- dependency-name: smart-open
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump drf-spectacular from 0.23.1 to 0.24.0 (#10029)

Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.23.1 to 0.24.0.
- [Release notes](https://github.com/tfranzel/drf-spectacular/releases)
- [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tfranzel/drf-spectacular/compare/0.23.1...0.24.0)

---
updated-dependencies:
- dependency-name: drf-spectacular
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update idna requirement from <2.11,>=2.5 to >=2.5,<3.5 (#10028)

Updates the requirements on [idna](https://github.com/kjd/idna) to permit the latest version.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](https://github.com/kjd/idna/compare/v2.5...v3.4)

---
updated-dependencies:
- dependency-name: idna
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pyjwt from 2.4.0 to 2.5.0 (#10027)

Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/jpadilla/pyjwt/compare/2.4.0...2.5.0)

---
updated-dependencies:
- dependency-name: pyjwt
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* [Fixes #10024] Wrong default style when creating layer (#10035)

(cherry picked from commit 40fae5b3240ddf5b033688ce1891d7e7f1cfc304)

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* add installation type to issue template (#10042)

* [Dependencies] Align setup.cfg with requirements.txt (#10038)

* [Fixes #10040] Remove auto-generated thumbnail for documents (#10045)

* -[Fixes #10040] Remove auto-generated thumbnail for documents

* - add migration to clean available thumbs

* - fix migration

* - modify functionality

* Bump drf-spectacular from 0.24.0 to 0.24.1 (#10051)

Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.24.0 to 0.24.1.
- [Release notes](https://github.com/tfranzel/drf-spectacular/releases)
- [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tfranzel/drf-spectacular/compare/0.24.0...0.24.1)

---
updated-dependencies:
- dependency-name: drf-spectacular
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* Update setuptools requirement from <65.4.0,>=59.1.1 to >=59.1.1,<65.5.0 (#10047)

Updates the requirements on [setuptools](https://github.com/pypa/setuptools) to permit the latest version.
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/CHANGES.rst)
- [Commits](https://github.com/pypa/setuptools/compare/v59.1.1...v65.4.0)

---
updated-dependencies:
- dependency-name: setuptools
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump boto3 from 1.24.75 to 1.24.80 (#10050)

Bumps [boto3](https://github.com/boto/boto3) from 1.24.75 to 1.24.80.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.24.75...1.24.80)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pyopenssl from 22.0.0 to 22.1.0 (#10049)

Bumps [pyopenssl](https://github.com/pyca/pyopenssl) from 22.0.0 to 22.1.0.
- [Release notes](https://github.com/pyca/pyopenssl/releases)
- [Changelog](https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/pyopenssl/compare/22.0.0...22.1.0)

---
updated-dependencies:
- dependency-name: pyopenssl
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* Bump djangorestframework from 3.12.0 to 3.14.0 (#10048)

Bumps [djangorestframework](https://github.com/encode/django-rest-framework) from 3.12.0 to 3.14.0.
- [Release notes](https://github.com/encode/django-rest-framework/releases)
- [Commits](https://github.com/encode/django-rest-framework/compare/3.12.0...3.14.0)

---
updated-dependencies:
- dependency-name: djangorestframework
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Revert "Bump djangorestframework from 3.12.0 to 3.14.0 (#10048)" (#10062)

This reverts commit 75566560538b38c59873ed9fb7951acc3ba0edfa.

* [Dependencies] Align setup.cfg with requirements.txt (#10061)

* [Dependencies] Align setup.cfg with requirements.txt

* Revert "Bump djangorestframework from 3.12.0 to 3.14.0"

* [CLA] Add "edsonflavio" to .clabot

* Complete Translate pt_BR (#10056)

Tradução completa da localização para Português Brasileiro.
Complete translate for pt_BR localization.

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* [Fixes #10041] Review the thumbnail scaling process (#10046)

* -[Fixes #10040] Remove auto-generated thumbnail for documents

* - update thumbnail pixels

* - add tests

* - fix-tests

* - fix-tests

* [Fixes #10066][Depencendies] Security audit and checks (#10067)

* [Fixes #10066][Depencendies] Security audit and checks

* -SNYK security fix

* [Fixes #10055] Modify Metadata form with permissions check (#10057)

* -[Fixes #10055] Modify Metadata form with permissions check

* - check user in form

* - update tests

* - add tests

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>

* Bump django-mptt from 0.13.4 to 0.14.0 (#10081)

Bumps [django-mptt](https://github.com/django-mptt/django-mptt) from 0.13.4 to 0.14.0.
- [Release notes](https://github.com/django-mptt/django-mptt/releases)
- [Changelog](https://github.com/django-mptt/django-mptt/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/django-mptt/django-mptt/compare/0.13.4...0.14)

---
updated-dependencies:
- dependency-name: django-mptt
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [Fixes #10070] Let the resource manager handle also raw sld (#10071)

* [Fixes #10070] Let the resource manager handle also raw sld

* [Fixes #10070] Let the resource manager handle also raw sld

* [Fixes #10070] Let the resource manager handle also raw sld

* Update django-invitations requirement from <1.9.4 to <2.0.1 (#10084)

* Update django-invitations requirement from <1.9.4 to <2.0.1

Updates the requirements on [django-invitations](https://github.com/jazzband/django-invitations) to permit the latest version.
- [Release notes](https://github.com/jazzband/django-invitations/releases)
- [Changelog](https://github.com/jazzband/django-invitations/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jazzband/django-invitations/compare/0.1...2.0.0)

---
updated-dependencies:
- dependency-name: django-invitations
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* - fix the adapter

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>

* fix: requirements.txt to reduce vulnerabilities (#10099)

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-3039675

* Bump drf-spectacular from 0.24.1 to 0.24.2 (#10088)

Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.24.1 to 0.24.2.
- [Release notes](https://github.com/tfranzel/drf-spectacular/releases)
- [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tfranzel/drf-spectacular/compare/0.24.1...0.24.2)

---
updated-dependencies:
- dependency-name: drf-spectacular
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* Bump invoke from 1.7.1 to 1.7.3 (#10086)

Bumps [invoke](https://github.com/pyinvoke/invoke) from 1.7.1 to 1.7.3.
- [Release notes](https://github.com/pyinvoke/invoke/releases)
- [Commits](https://github.com/pyinvoke/invoke/compare/1.7.1...1.7.3)

---
updated-dependencies:
- dependency-name: invoke
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump protobuf from 4.21.6 to 4.21.7 (#10085)

Bumps [protobuf](https://github.com/protocolbuffers/protobuf) from 4.21.6 to 4.21.7.
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/generate_changelog.py)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

---
updated-dependencies:
- dependency-name: protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pytz from 2022.2.1 to 2022.4 (#10083)

Bumps [pytz](https://github.com/stub42/pytz) from 2022.2.1 to 2022.4.
- [Release notes](https://github.com/stub42/pytz/releases)
- [Commits](https://github.com/stub42/pytz/commits)

---
updated-dependencies:
- dependency-name: pytz
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* -[Fixes #10073] Unable to view Maps tab in Recent activities (#10074)

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* Bump mistune from 2.0.3 to 2.0.4 (#10082)

Bumps [mistune](https://github.com/lepture/mistune) from 2.0.3 to 2.0.4.
- [Release notes](https://github.com/lepture/mistune/releases)
- [Changelog](https://github.com/lepture/mistune/blob/v2.0.4/docs/changes.rst)
- [Commits](https://github.com/lepture/mistune/compare/v2.0.3...v2.0.4)

---
updated-dependencies:
- dependency-name: mistune
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* [Fixes #10091] improve thumbnails quality (#10092)

* improve thumbnails quality

* force convertion to jpeg

* - update tests

* - fix tests

Co-authored-by: marthamareal <marthamareal@gmail.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* [Fixes #10075] Improvements to the upload time step UI (#10094)

* -[Fixes #10075] Improvements to the upload time step UI

* clarify why user is inside this step

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* Bump coverage from 6.4.4 to 6.5.0 (#10079)

Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.4.4 to 6.5.0.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/6.4.4...6.5.0)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* [Fixes #10113] Data retriver keep kmz files even if is unzipped (#10114)

* [Fixes #10113] Data retriever keeps kmz files even if are unzipped

* Bump sherlock from 0.3.2 to 0.4.0 (#10116)

Bumps [sherlock](https://github.com/py-sherlock/sherlock) from 0.3.2 to 0.4.0.
- [Release notes](https://github.com/py-sherlock/sherlock/releases)
- [Changelog](https://github.com/py-sherlock/sherlock/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/py-sherlock/sherlock/commits/v0.4.0)

---
updated-dependencies:
- dependency-name: sherlock
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* -[Fixes #10104] Sort resource APIs with created date (#10105)

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* Bump requests-toolbelt from 0.9.1 to 0.10.0 (#10118)

Bumps [requests-toolbelt](https://github.com/requests/toolbelt) from 0.9.1 to 0.10.0.
- [Release notes](https://github.com/requests/toolbelt/releases)
- [Changelog](https://github.com/requests/toolbelt/blob/master/HISTORY.rst)
- [Commits](https://github.com/requests/toolbelt/compare/0.9.1...0.10.0)

---
updated-dependencies:
- dependency-name: requests-toolbelt
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* Bump psycopg2 from 2.9.3 to 2.9.4 (#10117)

Bumps [psycopg2](https://github.com/psycopg/psycopg2) from 2.9.3 to 2.9.4.
- [Release notes](https://github.com/psycopg/psycopg2/releases)
- [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS)
- [Commits](https://github.com/psycopg/psycopg2/commits)

---
updated-dependencies:
- dependency-name: psycopg2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump boto3 from 1.24.80 to 1.24.87 (#10107)

Bumps [boto3](https://github.com/boto/boto3) from 1.24.80 to 1.24.87.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.24.80...1.24.87)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* [Dependencies] Align setup.cfg to requirements.txt (#10124)

* [Fixes #10120] Celery autoscale values are too low and wrongly positioned (#10121)

* [Fixes #7852] Update catalog and background layers url configuration in settings.py and related files (#9950)

* -[Fixes #7852] Update catalog and background layers url configuration in settings.py and related files

* - update geoid url

* [Fixes #10130] Data retriever dont assign the folder/file permissions correcly (#10131)

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* [Fixes #10134] New simple renderer to generate thumbnails for PDFs (#10135)

* PDF thumbnail renderer

* - add unit tests

* command to generate thumbnails for docs

* flake fix

* renamed management command

* add requirement to setup.cfg

* make command similar to other sync commands

* removed unused import

* fix flake8

Co-authored-by: marthamareal <marthamareal@gmail.com>

* [Fixes #10138] Render pdf thumbnails from top margin (#10139)

* render pdf thumbnails from top margin

* fix flake

* [Fixes #10142] storage_manager copy dont assign the folder/file permi… (#10143)

* [Fixes #10142] storage_manager copy dont assign the folder/file permissions correcly

* [Fixes #10142] storage_manager copy dont assign the folder/file permissions correcly

* [Fixes #10142] storage_manager copy dont assign the folder/file permissions correcly

* [Fixes #10142] storage_manager copy dont assign the folder/file permissions correcly

* [Fixes #10142] storage_manager copy dont assign the folder/file permissions correcly

* Bump wandb from 0.12.17 to 0.13.4 (#10152)

Bumps [wandb](https://github.com/wandb/wandb) from 0.12.17 to 0.13.4.
- [Release notes](https://github.com/wandb/wandb/releases)
- [Changelog](https://github.com/wandb/wandb/blob/main/CHANGELOG.md)
- [Commits](https://github.com/wandb/wandb/compare/v0.12.17...v0.13.4)

---
updated-dependencies:
- dependency-name: wandb
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* Update setuptools requirement from <65.5.0,>=59.1.1 to >=59.1.1,<65.6.0 (#10150)

Updates the requirements on [setuptools](https://github.com/pypa/setuptools) to permit the latest version.
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/CHANGES.rst)
- [Commits](https://github.com/pypa/setuptools/compare/v59.1.1...v65.5.0)

---
updated-dependencies:
- dependency-name: setuptools
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pip from 22.2.2 to 22.3 (#10149)

Bumps [pip](https://github.com/pypa/pip) from 22.2.2 to 22.3.
- [Release notes](https://github.com/pypa/pip/releases)
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](https://github.com/pypa/pip/compare/22.2.2...22.3)

---
updated-dependencies:
- dependency-name: pip
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump shapely from 1.8.4 to 1.8.5.post1 (#10147)

Bumps [shapely](https://github.com/shapely/shapely) from 1.8.4 to 1.8.5.post1.
- [Release notes](https://github.com/shapely/shapely/releases)
- [Changelog](https://github.com/shapely/shapely/blob/1.8.5.post1/CHANGES.txt)
- [Commits](https://github.com/shapely/shapely/compare/1.8.4...1.8.5.post1)

---
updated-dependencies:
- dependency-name: shapely
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump sqlalchemy from 1.4.41 to 1.4.42 (#10145)

Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.41 to 1.4.42.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

---
updated-dependencies:
- dependency-name: sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump dropbox from 11.34.0 to 11.35.0 (#10146)

Bumps [dropbox](https://github.com/dropbox/dropbox-sdk-python) from 11.34.0 to 11.35.0.
- [Release notes](https://github.com/dropbox/dropbox-sdk-python/releases)
- [Commits](https://github.com/dropbox/dropbox-sdk-python/compare/v11.34.0...v11.35.0)

---
updated-dependencies:
- dependency-name: dropbox
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump boto3 from 1.24.87 to 1.24.91 (#10151)

Bumps [boto3](https://github.com/boto/boto3) from 1.24.87 to 1.24.91.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.24.87...1.24.91)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Align requirements.txt comments with 4.x (#10162)

* [Fixes #10168] Add 'executions' field to concrete instance endpoints (#10169)

* [Fixes #10168] Add 'executions' field to concrete instance endpoints

* [Fixes #10168] Add 'executions' field to concrete instance endpoints

* [Fixes #10171] Dynamic rendering of document_detail view template (#10172)

* add preview mode to document metadata page

* Remove Return to button inside metadata detail page

* [Hardening] Avoid "backup.py" failing while trying to set "w" perms on the GeoServer catalog file

* Fix migrations 4x (#10176)

* - Fixing migrations upg 33x -> 4x

* fix migration

* missing files

* - Fixing migrations upg 33x -> 4x

* - Fixing migrations upg 33x -> 4x

Co-authored-by: mattiagiupponi <mattia.giupponi@gmail.com>

* [Hardening] Make the migration '0074_drop_curated_thumbs' more robust

* [Fixes #10198] uwsgi library update (#10199)

* [Fixes #10195] Backup and restore procedure is not successful (#10196)

* [Fixes #10195] Backup and restore procedure is not successful

* [Fixes #10195] Backup and restore procedure is not successful

* [Fixes #10195] Backup and restore procedure is not successful

* [Fixes #10195] Backup and restore procedure is not successful

* [Fixes #10195] Backup and restore procedure is not successful

* [Fixes #10195] test fix build

* [Fixes #10204] restore mapstore catalog settings (#10205)

* [Fixes #10192] Include source into the ExecutionRequest model (#10193)

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* Bump oauthlib from 3.2.1 to 3.2.2 (#10189)

Bumps [oauthlib](https://github.com/oauthlib/oauthlib) from 3.2.1 to 3.2.2.
- [Release notes](https://github.com/oauthlib/oauthlib/releases)
- [Changelog](https://github.com/oauthlib/oauthlib/blob/v3.2.2/CHANGELOG.rst)
- [Commits](https://github.com/oauthlib/oauthlib/compare/v3.2.1...v3.2.2)

---
updated-dependencies:
- dependency-name: oauthlib
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* fix ip whitelisting (#10218)

* Update httplib2 requirement from <0.20.5 to <0.21.1 (#10227)

Updates the requirements on [httplib2](https://github.com/httplib2/httplib2) to permit the latest version.
- [Release notes](https://github.com/httplib2/httplib2/releases)
- [Changelog](https://github.com/httplib2/httplib2/blob/master/CHANGELOG)
- [Commits](https://github.com/httplib2/httplib2/compare/0.9...v0.21.0)

---
updated-dependencies:
- dependency-name: httplib2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* Bump pillow from 9.1.1 to 9.3.0 (#10229)

Bumps [pillow](https://github.com/python-pillow/Pillow) from 9.1.1 to 9.3.0.
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](https://github.com/python-pillow/Pillow/compare/9.1.1...9.3.0)

---
updated-dependencies:
- dependency-name: pillow
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump twisted from 22.8.0 to 22.10.0 (#10233)

Bumps [twisted](https://github.com/twisted/twisted) from 22.8.0 to 22.10.0.
- [Release notes](https://github.com/twisted/twisted/releases)
- [Changelog](https://github.com/twisted/twisted/blob/trunk/NEWS.rst)
- [Commits](https://github.com/twisted/twisted/compare/twisted-22.8.0...twisted-22.10.0)

---
updated-dependencies:
- dependency-name: twisted
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump boto3 from 1.24.91 to 1.26.0 (#10235)

Bumps [boto3](https://github.com/boto/boto3) from 1.24.91 to 1.26.0.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.24.91...1.26.0)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pytz from 2022.4 to 2022.6 (#10234)

Bumps [pytz](https://github.com/stub42/pytz) from 2022.4 to 2022.6.
- [Release notes](https://github.com/stub42/pytz/releases)
- [Commits](https://github.com/stub42/pytz/compare/release_2022.4...release_2022.6)

---
updated-dependencies:
- dependency-name: pytz
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump ipython from 8.5.0 to 8.6.0 (#10228)

Bumps [ipython](https://github.com/ipython/ipython) from 8.5.0 to 8.6.0.
- [Release notes](https://github.com/ipython/ipython/releases)
- [Commits](https://github.com/ipython/ipython/compare/8.5.0...8.6.0)

---
updated-dependencies:
- dependency-name: ipython
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump requests-toolbelt from 0.10.0 to 0.10.1 (#10225)

Bumps [requests-toolbelt](https://github.com/requests/toolbelt) from 0.10.0 to 0.10.1.
- [Release notes](https://github.com/requests/toolbelt/releases)
- [Changelog](https://github.com/requests/toolbelt/blob/master/HISTORY.rst)
- [Commits](https://github.com/requests/toolbelt/compare/0.10.0...0.10.1)

---
updated-dependencies:
- dependency-name: requests-toolbelt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pytest from 7.1.3 to 7.2.0 (#10224)

Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.1.3 to 7.2.0.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/7.1.3...7.2.0)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump django-select2 from 7.10.1 to 7.11.0 (#10223)

Bumps [django-select2](https://github.com/codingjoe/django-select2) from 7.10.1 to 7.11.0.
- [Release notes](https://github.com/codingjoe/django-select2/releases)
- [Commits](https://github.com/codingjoe/django-select2/compare/7.10.1...7.11.0)

---
updated-dependencies:
- dependency-name: django-select2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump psycopg2 from 2.9.4 to 2.9.5 (#10222)

Bumps [psycopg2](https://github.com/psycopg/psycopg2) from 2.9.4 to 2.9.5.
- [Release notes](https://github.com/psycopg/psycopg2/releases)
- [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS)
- [Commits](https://github.com/psycopg/psycopg2/commits)

---
updated-dependencies:
- dependency-name: psycopg2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pyjwt from 2.5.0 to 2.6.0 (#10186)

Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/jpadilla/pyjwt/commits)

---
updated-dependencies:
- dependency-name: pyjwt
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump psutil from 5.9.2 to 5.9.3 (#10185)

Bumps [psutil](https://github.com/giampaolo/psutil) from 5.9.2 to 5.9.3.
- [Release notes](https://github.com/giampaolo/psutil/releases)
- [Changelog](https://github.com/giampaolo/psutil/blob/master/HISTORY.rst)
- [Commits](https://github.com/giampaolo/psutil/compare/release-5.9.2...release-5.9.3)

---
updated-dependencies:
- dependency-name: psutil
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump webdriver-manager from 3.8.3 to 3.8.4 (#10184)

Bumps [webdriver-manager](https://github.com/SergeyPirogov/webdriver_manager) from 3.8.3 to 3.8.4.
- [Release notes](https://github.com/SergeyPirogov/webdriver_manager/releases)
- [Changelog](https://github.com/SergeyPirogov/webdriver_manager/blob/master/CHANGELOG.md)
- [Commits](https://github.com/SergeyPirogov/webdriver_manager/compare/v3.8.3...v3.8.4)

---
updated-dependencies:
- dependency-name: webdriver-manager
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix: scripts/docker/nginx/Dockerfile to reduce vulnerabilities (#10180)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE316-CURL-3011748
- https://snyk.io/vuln/SNYK-ALPINE316-LIBXML2-3040799
- https://snyk.io/vuln/SNYK-ALPINE316-LIBXML2-3050523
- https://snyk.io/vuln/SNYK-ALPINE316-LIBXML2-3050527
- https://snyk.io/vuln/SNYK-ALPINE316-ZLIB-2976176

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* [Dependencies] Align "setup.cfg" to "requirements.txt" (#10242)

* [Fixes #10251] Review geonode management command set_layers_permissions (#10252)

* [Fixes #10251] Review geonode management command set_layers_permissions

* [Fixes #10251] Review geonode management command set_layers_permissions

* [Fixes #10251] Review geonode management command set_layers_permissions

* [Fixes #10251] Review geonode management command set_layers_permissions

* [Fixes #10251] Review geonode management command set_layers_permissions

* [Fixes #10251] Review geonode management command set_layers_permissions

* [Fixes #10251] Review geonode management command set_layers_permissions

* [Hardening] Prevent migration 0034_maplayer_extra_params_and_current_style to fail abruptly in the case the maplayer has no styles associated with it

* [Fixes #10263] non admin user in fresh instance cannot create resources_ (#10264)

* [Fixes #10208] Add a custom hook at the end of the permissions assign (#10213)

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* Fix broken test (#10266)

* Fix broken test build

* Fix broken test build

* Bump GeoServer to version 2.20.6 (#10164)

* [Fixes #10214] metadata_only filter not working properly (#10215)

* [Fixes #10214] metadata_only filter not working properly

* [Fixes #10214] metadata_only filter not working properly

* [Fixes #10214] metadata_only filter not working properly

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* Bump jsonschema from 4.16.0 to 4.17.0 (#10262)

Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.16.0 to 4.17.0.
- [Release notes](https://github.com/python-jsonschema/jsonschema/releases)
- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/python-jsonschema/jsonschema/compare/v4.16.0...v4.17.0)

---
updated-dependencies:
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* Bump pip from 22.3 to 22.3.1 (#10261)

Bumps [pip](https://github.com/pypa/pip) from 22.3 to 22.3.1.
- [Release notes](https://github.com/pypa/pip/releases)
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](https://github.com/pypa/pip/compare/22.3...22.3.1)

---
updated-dependencies:
- dependency-name: pip
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pytest-bdd from 6.0.1 to 6.1.0 (#10260)

Bumps [pytest-bdd](https://github.com/pytest-dev/pytest-bdd) from 6.0.1 to 6.1.0.
- [Release notes](https://github.com/pytest-dev/pytest-bdd/releases)
- [Changelog](https://github.com/pytest-dev/pytest-bdd/blob/master/CHANGES.rst)
- [Commits](https://github.com/pytest-dev/pytest-bdd/compare/6.0.1...6.1.0)

---
updated-dependencies:
- dependency-name: pytest-bdd
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump django-select2 from 7.11.0 to 8.0.0 (#10259)

Bumps [django-select2](https://github.com/codingjoe/django-select2) from 7.11.0 to 8.0.0.
- [Release notes](https://github.com/codingjoe/django-select2/releases)
- [Commits](https://github.com/codingjoe/django-select2/compare/7.11.0...8.0.0)

---
updated-dependencies:
- dependency-name: django-select2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump sqlalchemy from 1.4.42 to 1.4.43 (#10258)

Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.42 to 1.4.43.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

---
updated-dependencies:
- dependency-name: sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump docker from 6.0.0 to 6.0.1 (#10256)

Bumps [docker](https://github.com/docker/docker-py) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/docker/docker-py/releases)
- [Commits](https://github.com/docker/docker-py/compare/6.0.0...6.0.1)

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump wandb from 0.13.4 to 0.13.5 (#10255)

Bumps [wandb](https://github.com/wandb/wandb) from 0.13.4 to 0.13.5.
- [Release notes](https://github.com/wandb/wandb/releases)
- [Changelog](https://github.com/wandb/wandb/blob/main/CHANGELOG.md)
- [Commits](https://github.com/wandb/wandb/compare/v0.13.4...v0.13.5)

---
updated-dependencies:
- dependency-name: wandb
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [Fixes #10251] improve feedback to the user and UI experience of batch permisisons assignment (#10281)

* [Fixes #10251] improve feedback to the user and UI experience

* [Fixes #10251] improve feedback to the user and UI experience

* [Fixes #10251] improve feedback to the user and UI experience

* Bump boto3 from 1.26.0 to 1.26.4 (#10273)

Bumps [boto3](https://github.com/boto/boto3) from 1.26.0 to 1.26.4.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.26.0...1.26.4)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* [Dependencies] Align setup.cfg to requirements.txt (#10284)

* [Fixes #10287] The "set_layer_permissions" management command does not behave correctly with "AnonyousUser" (#10288)

* [Fixes #10287] The "set_layer_permissions" management command does not behave correctly with "AnonyousUser"

* [Fixes #10270] Document creation via API v2 (#10271)

* [Fixes #10270] Document creation via API v2

* [Fixes #10270] Document creation via API v2

* [Fixes #10270] Document creation via API v2

* [Fixes #10270] Document creation via API v2

* [Fixes #10270] Document creation via API v2

* [Fixes #10270] Document creation via API v2

* [Fixes #10270] Document creation via API v2

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* fix: requirements_tests.txt to reduce vulnerabilities (#10299)

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3113904

* Bump pytest-bdd from 6.1.0 to 6.1.1 (#10297)

Bumps [pytest-bdd](https://github.com/pytest-dev/pytest-bdd) from 6.1.0 to 6.1.1.
- [Release notes](https://github.com/pytest-dev/pytest-bdd/releases)
- [Changelog](https://github.com/pytest-dev/pytest-bdd/blob/master/CHANGES.rst)
- [Commits](https://github.com/pytest-dev/pytest-bdd/compare/6.1.0...6.1.1)

---
updated-dependencies:
- dependency-name: pytest-bdd
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* Bump pymupdf from 1.20.2 to 1.21.0 (#10296)

Bumps [pymupdf](https://github.com/pymupdf/pymupdf) from 1.20.2 to 1.21.0.
- [Release notes](https://github.com/pymupdf/pymupdf/releases)
- [Changelog](https://github.com/pymupdf/PyMuPDF/blob/master/changes.txt)
- [Commits](https://github.com/pymupdf/pymupdf/compare/1.20.2...1.21.0)

---
updated-dependencies:
- dependency-name: pymupdf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump sqlalchemy from 1.4.43 to 1.4.44 (#10294)

Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.43 to 1.4.44.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

---
updated-dependencies:
- dependency-name: sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump psutil from 5.9.3 to 5.9.4 (#10293)

Bumps [psutil](https://github.com/giampaolo/psutil) from 5.9.3 to 5.9.4.
- [Release notes](https://github.com/giampaolo/psutil/releases)
- [Changelog](https://github.com/giampaolo/psutil/blob/master/HISTORY.rst)
- [Commits](https://github.com/giampaolo/psutil/compare/release-5.9.3...release-5.9.4)

---
updated-dependencies:
- dependency-name: psutil
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump dropbox from 11.35.0 to 11.36.0 (#10292)

Bumps [dropbox](https://github.com/dropbox/dropbox-sdk-python) from 11.35.0 to 11.36.0.
- [Release notes](https://github.com/dropbox/dropbox-sdk-python/releases)
- [Commits](https://github.com/dropbox/dropbox-sdk-python/compare/v11.35.0...v11.36.0)

---
updated-dependencies:
- dependency-name: dropbox
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump google-cloud-storage from 2.5.0 to 2.6.0 (#10291)

Bumps [google-cloud-storage](https://github.com/googleapis/python-storage) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/googleapis/python-storage/releases)
- [Changelog](https://github.com/googleapis/python-storage/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/python-storage/compare/v2.5.0...v2.6.0)

---
updated-dependencies:
- dependency-name: google-cloud-storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump boto3 from 1.26.4 to 1.26.11 (#10312)

Bumps [boto3](https://github.com/boto/boto3) from 1.26.4 to 1.26.11.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.26.4...1.26.11)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [Dependencies] Align setup.cfg with requirements.txt (#10315)

* [Fixes #10303] automatic periodic TaskResult removal (#10306)

* [Fixes #10303] automatic periodic TaskResult removal

* [Fixes #10303] automatic periodic TaskResult removal

* [Fixes #10303] automatic periodic TaskResult removal

* [Fixes #10303] fix flake8 formatting

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* [Fixes #10302] Incorrect permissions assigned on cloning a resource (#10309)

* [Fixes #10302] Incorrect permissions assigned on cloning a resource

* [Fixes #10302] Incorrect permissions assigned on cloning a resource

* [Fixes #10302] Incorrect permissions assigned on cloning a resource

* [Fixes #10302] test fix broken tests

* [Fixes #10302] fix flake8 formatting

* [Fixes #10302] test fix broken tests

* [Fixes #10302] fix flake8

* - Fix test case

* [Fixes #10302] fix flake8

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* Create SECURITY.md (#10285)

* Create SECURITY.md

* Update SECURITY.md

fix minor typo

Co-authored-by: Florian Hoedt <gannebamm@gmail.com>

* Update setuptools requirement from <65.6.0,>=59.1.1 to >=59.1.1,<65.7.0 (#10327)

Updates the requirements on [setuptools](https://github.com/pypa/setuptools) to permit the latest version.
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/CHANGES.rst)
- [Commits](https://github.com/pypa/setuptools/compare/v65.5.1...v65.6.0)

---
updated-dependencies:
- dependency-name: setuptools
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump python-slugify from 6.1.2 to 7.0.0 (#10322)

Bumps [python-slugify](https://github.com/un33k/python-slugify) from 6.1.2 to 7.0.0.
- [Release notes](https://github.com/un33k/python-slugify/releases)
- [Changelog](https://github.com/un33k/python-slugify/blob/master/CHANGELOG.md)
- [Commits](https://github.com/un33k/python-slugify/compare/v6.1.2...v7.0.0)

---
updated-dependencies:
- dependency-name: python-slugify
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump boto3 from 1.26.11 to 1.26.14 (#10330)

Bumps [boto3](https://github.com/boto/boto3) from 1.26.11 to 1.26.14.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.26.11...1.26.14)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump mako from 1.2.3 to 1.2.4 (#10325)

Bumps [mako](https://github.com/sqlalchemy/mako) from 1.2.3 to 1.2.4.
- [Release notes](https://github.com/sqlalchemy/mako/releases)
- [Changelog](https://github.com/sqlalchemy/mako/blob/main/CHANGES)
- [Commits](https://github.com/sqlalchemy/mako/commits)

---
updated-dependencies:
- dependency-name: mako
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump selenium-requests from 2.0.0 to 2.0.1 (#10324)

Bumps [selenium-requests]() from 2.0.0 to 2.0.1.

---
updated-dependencies:
- dependency-name: selenium-requests
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump webdriver-manager from 3.8.4 to 3.8.5 (#10323)

Bumps [webdriver-manager](https://github.com/SergeyPirogov/webdriver_manager) from 3.8.4 to 3.8.5.
- [Release notes](https://github.com/SergeyPirogov/webdriver_manager/releases)
- [Changelog](https://github.com/SergeyPirogov/webdriver_manager/blob/master/CHANGELOG.md)
- [Commits](https://github.com/SergeyPirogov/webdriver_manager/compare/v3.8.4...v3.8.5)

---
updated-dependencies:
- dependency-name: webdriver-manager
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [Fixes #9041] Docker NGINX listen on ports 80/443 (#10338)

* [Dependencies] Align setup.cfg with requirements.txt (#10339)

* Bump django-grappelli from 3.0.3 to 3.0.4 (#10351)

Bumps [django-grappelli](https://github.com/sehmaschine/django-grappelli) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/sehmaschine/django-grappelli/releases)
- [Changelog](https://github.com/sehmaschine/django-grappelli/blob/master/docs/changelog.rst)
- [Commits](https://github.com/sehmaschine/django-grappelli/compare/3.0.3...3.0.4)

---
updated-dependencies:
- dependency-name: django-grappelli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix: requirements_dev.txt to reduce vulnerabilities (#10300)

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3113904

Co-authored-by: snyk-bot <snyk-bot@snyk.io>

* changed bbox_polygon and llbox_polygone to read only in serializer  for #10316 (#10317)

Co-authored-by: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Co-authored-by: Giovanni Allegri <giohappy@gmail.com>

* Bump urllib3 from 1.26.12 to 1.26.13 (#10350)

Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.12 to 1.26.13.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/1.26.13/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/1.26.12...1.26.13)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump jsonschema from 4.17.0 to 4.17.1 (#10349)

Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.17.0 to 4.17.1.
- [Release notes](https://github.com/python-jsonschema/jsonschema/releases)
- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/python-jsonschema/jsonschema/compare/v4.17.0...v4.17.1)

---
updated-dependencies:
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump boto3 from 1.26.14 to 1.26.17 (#10354)

Bumps [boto3](https://github.com/boto/boto3) from 1.26.14 to 1.26.17.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.26.14...1.26.17)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump flake8 from 5.0.4 to 6.0.0 (#10348)

Bumps [flake8](https://github.com/pycqa/flake8) from 5.0.4 to 6.0.0.
- [Release notes](https://github.com/pycqa/flake8/releases)
- [Commits](https://github.com/pycqa/flake8/compare/5.0.4...6.0.0)

---
updated-dependencies:
- dependency-name: flake8
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [Dependencies] Align "setup.cfg" to "requirements.txt" (#10363)

* [CLA] Add MalteIwanicki to clabot (#10381)

* Bump jsonschema from 4.17.1 to 4.17.3 (#10372)

Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.17.1 to 4.17.3.
- [Release notes](https://github.com/python-jsonschema/jsonschema/releases)
- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/python-jsonschema/jsonschema/compare/v4.17.1...v4.17.3)

---
updated-dependencies:
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump ipython from 8.6.0 to 8.7.0 (#10371)

Bumps [ipython](https://github.com/ipython/ipython) from 8.6.0 to 8.7.0.
- [Release notes](https://github.com/ipython/ipython/releases)
- [Commits](https://github.com/ipython/ipython/compare/8.6.0...8.7.0)

---
updated-dependencies:
- dependency-name: ipython
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump boto3 from 1.26.17 to 1.26.26 (#10386)

Bumps [boto3](https://github.com/boto/boto3) from 1.26.17 to 1.26.26.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.26.17...1.26.26)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [Fixes #10376] Time serie dataset, missing permissions (#10377)

* fix: requirements_dev.txt to reduce vulnerabilities (#10369)

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-IPYTHON-2348630
- https://snyk.io/vuln/SNYK-PYTHON-PYGMENTS-1086606
- https://snyk.io/vuln/SNYK-PYTHON-PYGMENTS-1088505
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3113904

* fix: upgrade react-hot-loader from 4.13.0 to 4.13.1 (#10370)

Snyk has created this PR to upgrade react-hot-loader from 4.13.0 to 4.13.1.

See this package in npm:
https://www.npmjs.com/package/react-hot-loader

See this project in Snyk:
https://app.snyk.io/org/afabiani/project/4217120c-f173-454b-b620-3b8eaebc4a07?utm_source=github&utm_medium=referral&page=upgrade-pr

* [Dependencies] Align setup.cfg to requirements.txt (#10397)

* Bump sqlalchemy from 1.4.44 to 1.4.45 (#10402)

Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.44 to 1.4.45.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

---
updated-dependencies:
- dependency-name: sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump wandb from 0.13.5 to 0.13.6 (#10399)

Bumps [wandb](https://github.com/wandb/wandb) from 0.13.5 to 0.13.6.
- [Release notes](https://github.com/wandb/wandb/releases)
- [Changelog](https://github.com/wandb/wandb/blob/main/CHANGELOG.md)
- [Commits](https://github.com/wandb/wandb/compare/v0.13.5...v0.13.6)

---
updated-dependencies:
- dependency-name: wandb
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump selenium-requests from 2.0.1 to 2.0.2 (#10401)

Bumps [selenium-requests]() from 2.0.1 to 2.0.2.

---
updated-dependencies:
- dependency-name: selenium-requests
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump google-cloud-storage from 2.6.0 to 2.7.0 (#10398)

Bumps [google-cloud-storage](https://github.com/googleapis/python-storage) from 2.6.0 to 2.7.0.
- [Release notes](https://github.com/googleapis/python-storage/releases)
- [Changelog](https://github.com/googleapis/python-storage/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/python-storage/compare/v2.6.0...v2.7.0)

---
updated-dependencies:
- dependency-name: google-cloud-storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump boto3 from 1.26.26 to 1.26.28 (#10407)

Bumps [boto3](https://github.com/boto/boto3) from 1.26.26 to 1.26.28.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.26.26...1.26.28)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [Dependencies] Align setup.cfg to requirements.txt (#10417)

* [Fixes #10374] UUID resolver endpoint (#10375)

* Bump lxml from 4.9.1 to 4.9.2 (#10433)

Bumps [lxml](https://github.com/lxml/lxml) from 4.9.1 to 4.9.2.
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](https://github.com/lxml/lxml/compare/lxml-4.9.1...lxml-4.9.2)

---
updated-dependencies:
- dependency-name: lxml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pymupdf from 1.21.0 to 1.21.1 (#10432)

Bumps [pymupdf](https://github.com/pymupdf/pymupdf) from 1.21.0 to 1.21.1.
- [Release notes](https://github.com/pymupdf/pymupdf/releases)
- [Changelog](https://github.com/pymupdf/PyMuPDF/blob/1.21.1/changes.txt)
- [Commits](https://github.com/pymupdf/pymupdf/compare/1.21.0...1.21.1)

---
updated-dependencies:
- dependency-name: pymupdf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pytz from 2022.6 to 2022.7 (#10431)

Bumps [pytz](https://github.com/stub42/pytz) from 2022.6 to 2022.7.
- [Release notes](https://github.com/stub42/pytz/releases)
- [Commits](https://github.com/stub42/pytz/compare/release_2022.6...release_2022.7)

---
updated-dependencies:
- dependency-name: pytz
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump wandb from 0.13.6 to 0.13.7 (#10430)

Bumps [wandb](https://github.com/wandb/wandb) from 0.13.6 to 0.13.7.
- [Release notes](https://github.com/wandb/wandb/releases)
- [Changelog](https://github.com/wandb/wandb/blob/main/CHANGELOG.md)
- [Commits](https://github.com/wandb/wandb/compare/v0.13.6...v0.13.7)

---
updated-dependencies:
- dependency-name: wandb
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump coverage from 6.5.0 to 7.0.0 (#10429)

Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.5.0 to 7.0.0.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/6.5.0...7.0.0)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump drf-spectacular from 0.24.2 to 0.25.1 (#10428)

Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.24.2 to 0.25.1.
- [Release notes](https://github.com/tfranzel/drf-spectacular/releases)
- [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tfranzel/drf-spectacular/compare/0.24.2...0.25.1)

---
updated-dependencies:
- dependency-name: drf-spectacular
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update numpy requirement from ==1.23.* to ==1.24.* (#10427)

Updates the requirements on [numpy](https://github.com/numpy/numpy) to permit the latest version.
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](https://github.com/numpy/numpy/compare/v1.23.0rc1...v1.24.0)

---
updated-dependencies:
- dependency-name: numpy
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump dj-database-url from 1.0.0 to 1.2.0 (#10426)

Bumps [dj-database-url](https://github.com/jazzband/dj-database-url) from 1.0.0 to 1.2.0.
- [Release notes](https://github.com/jazzband/dj-database-url/releases)
- [Changelog](https://github.com/jazzband/dj-database-url/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jazzband/dj-database-url/compare/v1.0.0...v1.2.0)

---
updated-dependencies:
- dependency-name: dj-database-url
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump boto3 from 1.26.28 to 1.26.32 (#10425)

Bumps [boto3](https://github.com/boto/boto3) from 1.26.28 to 1.26.32.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.26.28...1.26.32)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump smart-open from 6.2.0 to 6.3.0 (#10424)

Bumps [smart-open](https://github.com/piskvorky/smart_open) from 6.2.0 to 6.3.0.
- [Release notes](https://github.com/piskvorky/smart_open/releases)
- [Changelog](https://github.com/RaRe-Technologies/smart_open/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/piskvorky/smart_open/compare/v6.2.0...v6.3.0)

---
updated-dependencies:
- dependency-name: smart-open
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [Dependencies] Align setup.cfg to requirements.txt (#10444)

* Bump GeoNode to version 4.1.0 dev (#10461)

* Bump GeoNode to version 4.1.0 dev

(cherry picked from commit e6dd1f3e92f070d578a4a9fe29881e0f87abda3b)

# Conflicts:
#	geonode/__init__.py

* Bump GeoNode to version 4.1.0 dev

(cherry picked from commit e6dd1f3e92f070d578a4a9fe29881e0f87abda3b)

# Conflicts:
#	geonode/__init__.py

* [Fixes #10462] GeoNode is vulnerable to an XML External Entity (XXE) injection (#10463)

* [Fixes #10464] Fix code scanning alert - Uncontrolled data used in path expression (#10465)

* [Fixes #10462] GeoNode is vulnerable to an XML External Entity (XXE) injection

* [Fixes #10464] Fix code scanning alert - Uncontrolled data used in path expression

* fix: Dockerfile to reduce vulnerabilities (#10470)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN10-DPKG-2847944
- https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-2807585
- https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-2933515
- https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON37-3090928
- https://snyk.io/vuln/SNYK-DEBIAN10-XZUTILS-2444279

Co-authored-by: snyk-bot <snyk-bot@snyk.io>

* Create codeql.yml

* Create pyre.yml

* Create pysa.yml

* [Fixes #10472] Fix code scanning alert - Polynomial regular expression used on uncontrolled data (#10473)

* [Fixes #10472] Fix code scanning alert - Polynomial regular expression used on uncontrolled data

* - Get rid of pyre and pysa workflows

* Update mock requirement from <5.0.0 to <6.0.0 (#10480)

Updates the requirements on [mock](https://github.com/testing-cabal/mock) to permit the latest version.
- [Release notes](https://github.com/testing-cabal/mock/releases)
- [Changelog](https://github.com/testing-cabal/mock/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/testing-cabal/mock/compare/release-0.5.0...5.0.0)

---
updated-dependencies:
- dependency-name: mock
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump django-storages from 1.13.1 to 1.13.2 (#10477)

Bumps [django-storages](https://github.com/jschneier/django-storages) from 1.13.1 to 1.13.2.
- [Release notes](https://github.com/jschneier/django-storages/releases)
- [Changelog](https://github.com/jschneier/django-storages/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/jschneier/django-storages/compare/1.13.1...1.13.2)

---
updated-dependencies:
- dependency-name: django-storages
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump django-allauth from 0.51.0 to 0.52.0 (#10479)

Bumps [django-allauth](https://github.com/pennersr/django-allauth) from 0.51.0 to 0.52.0.
- [Release notes](https://github.com/pennersr/django-allauth/releases)
- [Changelog](https://github.com/pennersr/django-allauth/blob/master/ChangeLog.rst)
- [Commits](https://github.com/pennersr/django-allauth/compare/0.51.0...0.52.0)

---
updated-dependencies:
- dependency-name: django-allauth
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump whitenoise from 6.2.0 to 6.3.0 (#10496)

Bumps [whitenoise](https://github.com/evansd/whitenoise) from 6.2.0 to 6.3.0.
- [Release notes](https://github.com/evansd/whitenoise/releases)
- [Changelog](https://github.com/evansd/whitenoise/blob/main/docs/changelog.rst)
- [Commits](https://github.com/evansd/whitenoise/compare/6.2.0...6.3.0)

---
updated-dependencies:
- dependency-name: whitenoise
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pyopenssl from 22.1.0 to 23.0.0 (#10489)

Bumps [pyopenssl](https://github.com/pyca/pyopenssl) from 22.1.0 to 23.0.0.
- [Release notes](https://github.com/pyca/pyopenssl/releases)
- [Changelog](https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/pyopenssl/compare/22.1.0...23.0.0)

---
updated-dependencies:
- dependency-name: pyopenssl
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pillow from 9.3.0 to 9.4.0 (#10495)

Bumps [pillow](https://github.com/python-pillow/Pillow) from 9.3.0 to 9.4.0.
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](https://github.com/python-pillow/Pillow/compare/9.3.0...9.4.0)

---
updated-dependencies:
- dependency-name: pillow
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump sqlalchemy from 1.4.45 to 1.4.46 (#10490)

Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.45 to 1.4.46.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

---
updated-dependencies:
- dependency-name: sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump ipython from 8.7.0 to 8.8.0 (#10491)

Bumps [ipython](https://github.com/ipython/ipython) from 8.7.0 to 8.8.0.
- [Release notes](https://github.com/ipython/ipython/releases)
- [Commits](https://github.com/ipython/ipython/compare/8.7.0...8.8.0)

---
updated-dependencies:
- dependency-name: ipython
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump django-treebeard from 4.5.1 to 4.6.0 (#10492)

Bumps [django-treebeard](https://github.com/django-treebeard/django-treebeard) from 4.5.1 to 4.6.0.
- [Release notes](https://github.com/django-treebeard/django-treebeard/releases)
- [Changelog](https://github.com/django-treebeard/django-treebeard/blob/master/CHANGES.md)
- [Commits](https://github.com/django-treebeard/django-treebeard/compare/4.5.1...4.6.0)

---
updated-dependencies:
- dependency-name: django-treebeard
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump coverage from 7.0.0 to 7.0.4 (#10493)

Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.0.0 to 7.0.4.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.0.0...7.0.4)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump boto3 from 1.26.32 to 1.26.45 (#10494)

Bumps [boto3](https://github.com/boto/boto3) from 1.26.32 to 1.26.45.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.26.32...1.26.45)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [Dependencies] Align "setup.cfg" to "requirements.txt" (#10507)

* Update backport.yml

* [Fixes #10509] Configure UTF-8 encoding for shapefiles in Geoserver by default (#10510)

* [CLA] add 52North staff to .clabot (#10512)

* fix: scripts/docker/nginx/Dockerfile to reduce vulnerabilities (#10513)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE316-CURL-3179541
- https://snyk.io/vuln/SNYK-ALPINE316-CURL-3179541
- https://snyk.io/vuln/SNYK-ALPINE316-CURL-3179542
- https://snyk.io/vuln/SNYK-ALPINE316-CURL-3179542

* Update README.md

* [Fixes #7181] fix ISO 19139 metadata validity (#10488)

* Adding "ahmdthr" to .clabot

* Bump requests from 2.28.1 to 2.28.2 (#10528)

Bumps [requests](https://github.com/psf/requests) from 2.28.1 to 2.28.2.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.28.1...v2.28.2)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update setuptools requirement from <65.7.0,>=59.1.1 to >=59.1.1,<66.1.0 (#10542)

Updates the requirements on [setuptools](https://github.com/pypa/setuptools) to permit the latest version.
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/CHANGES.rst)
- [Commits](https://github.com/pypa/setuptools/compare/v65.5.1...v66.0.0)

---
updated-dependencies:
- dependency-name: setuptools
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump urllib3 from 1.26.13 to 1.26.14 (#10531)

Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.13 to 1.26.14.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/1.26.13...1.26.14)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump selenium-requests from 2.0.2 to 2.0.3 (#10536)

Bumps [selenium-requests]() from 2.0.2 to 2.0.3.

---
updated-dependencies:
- dependency-name: selenium-requests
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [Fixes #10524] Resource permissions are not returned in the users/groups endpoint (#10544)

* [Fixes #10524] Resource permissions are not returned in the users/groups endpoint

* [Fixes #10524] Resource permissions are not returned in the users/groups endpoint

* [Fixes #10482] Upload ISO-19115 xml metadata via the API (#10483)

* ISO-19115 xml metadata file can be uploaded via the API

* Small changes for PEP8 compliance

* Added tests for checking permissions for metadata upload

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

* [Fixes #10525] set/unset batch permissions on groups raise an error (#10526)

* [Fixes #10525] set/unset batch permissions on groups raise an error

* [Fixes #10525] set/unset batch permissions on groups raise an error

* Bump pytz from 2022.7 to 2022.7.1 (#10533)

Bumps [pytz](https://github.com/stub42/pytz) from 2022.7 to 2022.7.1.
- [Release notes](https://github.com/stub42/pytz/releases)
- [Commits](https://github.com/stub42/pytz/compare/release_2022.7...release_2022.7.1)

---
updated-dependencies:
- dependency-name: pytz
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump wandb from 0.13.7 to 0.13.9 (#10530)

Bumps [wandb](https://github.com/wandb/wandb) from 0.13.7 to 0.13.9.
- [Release notes](https://github.com/wandb/wandb/releases)
- [Changelog](https://github.com/wandb/wandb/blob/main/CHANGELOG.md)
- [Commits](https://github.com/wandb/wandb/compare/v0.13.7...v0.13.9)

---
updated-dependencies:
- dependency-name: wandb
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump coverage from 7.0.4 to 7.0.5 (#10529)

Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.0.4 to 7.0.5.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.0.4...7.0.5)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pytest from 7.2.0 to 7.2.1 (#10534)

Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.2.0 to 7.2.1.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/7.2.0...7.2.1)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump boto3 from 1.26.45 to 1.26.50 (#10535)

Bumps [boto3](https://github.com/boto/boto3) from 1.26.45 to 1.26.50.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.26.45...1.26.50)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [Dependencies] Align "setup.cfg" to "requirements.txt" (#10555)

* [Fixes #10537] Improve rules creation using GeoFence batch (#10538)

* [Fixes #10537] Improve rules creation using GeoFence batch

* - code improvements accordingly to the PR comments

* - code improvements accordingly to the PR comments

* - Test fixes

Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>

* Update setuptools requirement from <66.1.0,>=59.1.1 to >=59.1.1,<66.2.0 (#10563)

Updates the requirements on [setuptools](https://github.com/pypa/setuptools) to permit the latest version.
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/CHANGES.rst)
- [Commits](https://github.com/pypa/setuptools/compare/v65.5.1...v66.1.1)

---
updated-dependencies:
- dependency-name: setuptools
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump invoke from 1.7.3 to 2.0.0 (#10565)

Bumps [invoke](https://github.com/pyinvoke/invoke) from 1.7.3 to 2.0.0.
- [Release notes](https://github.com/pyinvoke/invoke/releases)
- [Commits](https://github.com/pyinvoke/invoke/compare/1.7.3...2.0.0)

---
updated-dependencies:
- dependency-name: invoke
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump splinter from 0.18.1 to 0.19.0 (#10564)

Bumps [splinter](https://github.com/cobrateam/splinter) from 0.18.1 to 0.19.0.
- [Release notes](https://github.com/cobrateam/splinter/releases)
- [Changelog](https://github.com/cobrateam/splinter/blob/master/docs/news.rst)
- [Commits](https://github.com/cobrateam/splinter/compare/0.18.1...0.19.0)

---
updated-dependencies:
- dependency-name: splinter
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump boto3 from 1.26.50 to 1.26.54 (#10566)

Bumps [boto3](https://github.com/boto/boto3) from 1.26.50 to 1.26.54.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.26.50...1.26.54)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [Dependencies] Align "setup.cfg" to "requirements.txt" (#10572)

* [Fixes #10574] Code formatting with Black (#10575)

* auto reformatting by black

* relax flake8

* Add black to requirements

* Add black to CircleCI

* [Fixes #10574] Code formatting with Black (#10575)

* auto reformatting by black

* relax flake8

* Add black to requirements

* Add black to CircleCI

(cherry picked from commit e0b7ec94ebb97b0f3eb4fbe5cf82c71f11d0a8d3)

# Conflicts:
#	geonode/base/api/serializers.py
#	geonode/catalogue/tests.py
#	geonode/catalogue/urls.py
#	geonode/catalogue/views.py
#	geonode/geoserver/manager.py
#	geonode/geoserver/signals.py

* - Upgrade GeoServer to version 2.20.6

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Emanuele Tajariol <etj@geo-solutions.it>
Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
Co-authored-by: NAGGINDA MARTHA <marthamareal@gmail.com>
Co-authored-by: Edson Flavio de Souza <44442399+edsonflavio@users.noreply.github.com>
Co-authored-by: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Co-authored-by: Snyk bot <snyk-bot@snyk.io>
Co-authored-by: mattiagiupponi <mattia.giupponi@gmail.com>
Co-authored-by: Florian Hoedt <gannebamm@gmail.com>
Co-authored-by: Francesco Frassinelli <francesco.frassinelli@nina.no>
Co-authored-by: Malte Iwanicki <45853662+MalteIwanicki@users.noreply.github.com>
Co-authored-by: Toni <toni.schoenbuchner@csgis.de>
Co-authored-by: Christian Autermann <christian@autermann.org>
Co-authored-by: matthesrieke <m.rieke@52north.org>
Co-authored-by: ahmdthr <116570171+ahmdthr@users.noreply.github.com>
---
 geonode/base/forms.py        |  2 +-
 geonode/base/views.py        | 11 ++++++-----
 geonode/geoserver/signals.py |  2 +-
 geonode/security/tests.py    |  8 +++++---
 geonode/storage/tests.py     |  4 ++--
 geonode/upload/__init__.py   | 13 +++++++------
 6 files changed, 22 insertions(+), 18 deletions(-)

diff --git a/geonode/base/forms.py b/geonode/base/forms.py
index b0c91ff7d0f..b24ad8e935f 100644
--- a/geonode/base/forms.py
+++ b/geonode/base/forms.py
@@ -470,7 +470,7 @@ def __init__(self, *args, **kwargs):
             if field in ["poc", "owner"] and not self.can_change_perms:
                 self.fields[field].disabled = True
 
-            if field in ['poc', 'owner'] and not self.can_change_perms:
+            if field in ["poc", "owner"] and not self.can_change_perms:
                 self.fields[field].disabled = True
 
     def disable_keywords_widget_for_non_superuser(self, user):
diff --git a/geonode/base/views.py b/geonode/base/views.py
index 0a7f6fa8b43..30a55e8bff7 100644
--- a/geonode/base/views.py
+++ b/geonode/base/views.py
@@ -335,15 +335,16 @@ def get_results(self, context):
 
 class DatasetsAutocomplete(SimpleSelect2View):
     model = Dataset
-    filter_arg = 'title__icontains'
+    filter_arg = "title__icontains"
 
     def get_results(self, context):
         return [
             {
-                'id': self.get_result_value(result),
-                'text': self.get_result_label(result.title),
-                'selected_text': self.get_selected_result_label(result.title),
-            } for result in context['object_list']
+                "id": self.get_result_value(result),
+                "text": self.get_result_label(result.title),
+                "selected_text": self.get_selected_result_label(result.title),
+            }
+            for result in context["object_list"]
         ]
 
 
diff --git a/geonode/geoserver/signals.py b/geonode/geoserver/signals.py
index 591a1e12552..cfe1ad6f85b 100644
--- a/geonode/geoserver/signals.py
+++ b/geonode/geoserver/signals.py
@@ -42,7 +42,7 @@
 
 geofence_rule_assign = Signal(providing_args=["instance"])
 
-post_set_permissions = Signal(providing_args=['instance'])
+geofence_rule_assign = Signal(providing_args=["instance"])
 
 
 def geoserver_delete(typename):
diff --git a/geonode/security/tests.py b/geonode/security/tests.py
index 4651e1f28d0..546dbf4ab15 100644
--- a/geonode/security/tests.py
+++ b/geonode/security/tests.py
@@ -90,11 +90,13 @@ def _log(msg, *args):
 
 def get_geofence_rules_count():
     from geonode.geoserver.helpers import gf_client
+
     return gf_client.get_rules_count()
 
 
 def get_geofence_rules():
     from geonode.geoserver.helpers import gf_client
+
     return gf_client.get_rules()
 
 
@@ -1759,11 +1761,11 @@ def test_admin_whitelisted_access_middleware(self):
             self.assertTrue(request.user.is_superuser)
 
         # Test valid IP in second element
-        with self.settings(ADMIN_IP_WHITELIST=['88.88.88.88', '127.0.0.1']):
+        with self.settings(ADMIN_IP_WHITELIST=["88.88.88.88", "127.0.0.1"]):
             request = HttpRequest()
             request.user = admin
-            request.path = reverse('home')
-            request.META['REMOTE_ADDR'] = '127.0.0.1'
+            request.path = reverse("home")
+            request.META["REMOTE_ADDR"] = "127.0.0.1"
             middleware.process_request(request)
             self.assertTrue(request.user.is_superuser)
 
diff --git a/geonode/storage/tests.py b/geonode/storage/tests.py
index c2e6c93b459..c4ba57817df 100644
--- a/geonode/storage/tests.py
+++ b/geonode/storage/tests.py
@@ -419,9 +419,9 @@ def test_storage_manager_copy(self):
     @override_settings(FILE_UPLOAD_DIRECTORY_PERMISSIONS=0o777)
     @override_settings(FILE_UPLOAD_PERMISSIONS=0o777)
     def test_storage_manager_copy(self):
-        '''
+        """
         Test that the copy works as expected and the permissions are corerct
-        '''
+        """
         dataset = create_single_dataset(name="test_copy")
         dataset.files = [os.path.join(f"{self.project_root}", "tests/data/test_sld.sld")]
         dataset.save()
diff --git a/geonode/upload/__init__.py b/geonode/upload/__init__.py
index ec9e9b79a26..f5c5c542718 100644
--- a/geonode/upload/__init__.py
+++ b/geonode/upload/__init__.py
@@ -67,14 +67,15 @@ def run_setup_hooks(sender, **kwargs):
             every=1,
             period="days"
         )
+        daily_interval, _ = IntervalSchedule.objects.get_or_create(every=1, period="days")
         PeriodicTask.objects.update_or_create(
             name="clean-up-old-task-result",
             defaults=dict(
                 task="geonode.upload.tasks.cleanup_celery_task_entries",
                 interval=daily_interval,
-                args='',
-                start_time=timezone.now()
-            )
+                args="",
+                start_time=timezone.now(),
+            ),
         )
 
 
@@ -92,9 +93,9 @@ def ready(self):
             "task": "geonode.upload.tasks.cleanup_celery_task_entries",
             "schedule": 86400.0,
         }
-        settings.CELERY_BEAT_SCHEDULE['clean-up-old-task-result'] = {
-            'task': 'geonode.upload.tasks.cleanup_celery_task_entries',
-            'schedule': 86400.0,
+        settings.CELERY_BEAT_SCHEDULE["clean-up-old-task-result"] = {
+            "task": "geonode.upload.tasks.cleanup_celery_task_entries",
+            "schedule": 86400.0,
         }
 
 

From 8d2908ebf7e821849447cad1e0dab977a495c85b Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Thu, 26 Jan 2023 17:11:04 +0100
Subject: [PATCH 202/330] =?UTF-8?q?[Fixes=20#10537]=20Improve=20rules=20cr?=
 =?UTF-8?q?eation=20using=20GeoFence=20batch=20-=20more=20imp=E2=80=A6=20(?=
 =?UTF-8?q?#10585)=20(#10588)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Code Formatting] Revert formatting on conflicting files

* [Fixes #10537] Improve rules creation using GeoFence batch - more improvements

* [#10574] Align code formatting with black

Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
(cherry picked from commit 36f414d02a054ecd328e3d16358992b0a503cc36)

Co-authored-by: Emanuele Tajariol <etj@geo-solutions.it>
---
 geonode/geoserver/helpers.py | 16 +++++++++++++++-
 geonode/geoserver/manager.py |  1 +
 geonode/security/tests.py    | 12 ------------
 3 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/geonode/geoserver/helpers.py b/geonode/geoserver/helpers.py
index 30dc6bffa06..b3326246867 100755
--- a/geonode/geoserver/helpers.py
+++ b/geonode/geoserver/helpers.py
@@ -1874,7 +1874,21 @@ def get_time_info(layer):
     url, _user, _password, retries=ogc_server_settings.MAX_RETRIES, backoff_factor=ogc_server_settings.BACKOFF_FACTOR
 )
 gs_uploader = Client(url, _user, _password)
-gf_client = GeofenceClient(url, _user, _password)
+
+
+def create_geofence_client():
+    gs_url = settings.OGC_SERVER["default"]["LOCATION"]
+    user = settings.OGC_SERVER["default"]["USER"]
+    passwd = settings.OGC_SERVER["default"]["PASSWORD"]
+
+    gf_rest_url = f'{gs_url.rstrip("/")}/rest/geofence/'
+    client = GeoFenceClient(gf_rest_url, user, passwd)
+    client.set_timeout(settings.OGC_SERVER["default"].get("GEOFENCE_TIMEOUT", 60))
+    return client
+
+
+geofence = create_geofence_client()
+gf_utils = GeoFenceUtils(geofence)
 
 
 def _create_geofence_client():
diff --git a/geonode/geoserver/manager.py b/geonode/geoserver/manager.py
index 18634e06f58..3762b50c89f 100644
--- a/geonode/geoserver/manager.py
+++ b/geonode/geoserver/manager.py
@@ -442,6 +442,7 @@ def set_permissions(
         approval_status_changed: bool = False,
         group_status_changed: bool = False,
     ) -> bool:
+
         _resource = instance or ResourceManager._get_instance(uuid)
 
         try:
diff --git a/geonode/security/tests.py b/geonode/security/tests.py
index 546dbf4ab15..39dcc36a7a6 100644
--- a/geonode/security/tests.py
+++ b/geonode/security/tests.py
@@ -88,18 +88,6 @@ def _log(msg, *args):
     logger.debug(msg, *args)
 
 
-def get_geofence_rules_count():
-    from geonode.geoserver.helpers import gf_client
-
-    return gf_client.get_rules_count()
-
-
-def get_geofence_rules():
-    from geonode.geoserver.helpers import gf_client
-
-    return gf_client.get_rules()
-
-
 class StreamToLogger:
     """
     Fake file-like stream object that redirects writes to a logger instance.

From 1082bc273f4eb80612bf600caa837c85c5ca9c36 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Fri, 27 Jan 2023 09:27:32 +0100
Subject: [PATCH 203/330] [Code Format] Minor refactoring of geofence create
 options (#10589) (#10596)

* [Code Format] Minor refactoring of geofence create options

* - fix test cases

(cherry picked from commit 118b8e7c40fcfc55bdd01f669fecb14ef6974918)

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
---
 geonode/geoserver/helpers.py | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/geonode/geoserver/helpers.py b/geonode/geoserver/helpers.py
index b3326246867..5f0d5a627f5 100755
--- a/geonode/geoserver/helpers.py
+++ b/geonode/geoserver/helpers.py
@@ -1876,18 +1876,14 @@ def get_time_info(layer):
 gs_uploader = Client(url, _user, _password)
 
 
-def create_geofence_client():
-    gs_url = settings.OGC_SERVER["default"]["LOCATION"]
-    user = settings.OGC_SERVER["default"]["USER"]
-    passwd = settings.OGC_SERVER["default"]["PASSWORD"]
-
-    gf_rest_url = f'{gs_url.rstrip("/")}/rest/geofence/'
-    client = GeoFenceClient(gf_rest_url, user, passwd)
-    client.set_timeout(settings.OGC_SERVER["default"].get("GEOFENCE_TIMEOUT", 60))
+def _create_geofence_client():
+    gf_rest_url = f'{url.rstrip("/")}/geofence/'
+    client = GeoFenceClient(gf_rest_url, _user, _password)
+    client.set_timeout(ogc_server_settings.GEOFENCE_TIMEOUT)
     return client
 
 
-geofence = create_geofence_client()
+geofence = _create_geofence_client()
 gf_utils = GeoFenceUtils(geofence)
 
 

From a45666e76088ad1f337fe4559417b1ce217c9289 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed, 1 Feb 2023 09:27:26 +0100
Subject: [PATCH 204/330] [Dependencies] Align "setup.cfg" to
 "requirements.txt" (#10623) (#10624)

(cherry picked from commit cb8d2aac6dae90ab61a266d902b5b1a38f957431)

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
---
 setup.cfg | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/setup.cfg b/setup.cfg
index 3509d6bfae7..12b727c9d08 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -207,6 +207,8 @@ install_requires =
     wandb==0.13.9
     protobuf==3.20.3
     mako==1.2.4
+    certifi>=2022.12.7 # not directly required, pinned by Snyk to avoid a vulnerability
+    jwcrypto>=1.4 # not directly required, pinned by Snyk to avoid a vulnerability
 
 [options.packages.find]
 exclude = tests

From 9324304827c078a5b18bb7dd35af7d3ae8fb99de Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed, 8 Feb 2023 18:34:23 +0100
Subject: [PATCH 205/330] [Dependencies] Align "setup.cfg" to
 "requirements.txt" (#10642) (#10643)

* [Dependencies] Align "setup.cfg" to "requirements.txt"

* - Fix black formatting

(cherry picked from commit b73cc24226568d010bffb862edef6706ff1c98c5)

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
---
 geonode/geoserver/manager.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/geonode/geoserver/manager.py b/geonode/geoserver/manager.py
index 3762b50c89f..18634e06f58 100644
--- a/geonode/geoserver/manager.py
+++ b/geonode/geoserver/manager.py
@@ -442,7 +442,6 @@ def set_permissions(
         approval_status_changed: bool = False,
         group_status_changed: bool = False,
     ) -> bool:
-
         _resource = instance or ResourceManager._get_instance(uuid)
 
         try:

From 29b8e544e8860adb733fc8894c59949b471c0b46 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed, 15 Feb 2023 17:26:02 +0100
Subject: [PATCH 206/330] [Fixes #10521] Make metadata wizard more flexible for
 custom metadata (#10592) (#10653)

* [Fixes: 10521] Make metadata wizard more flexible for custom metadata

* add tests for extrametadata query; pep8 format imports

* fix map test for metadata response

(cherry picked from commit 5ccc0d6a225115ef05c8121cbed6616888f2134c)

Co-authored-by: Toni <toni.schoenbuchner@csgis.de>
---
 geonode/documents/api/tests.py    | 1 -
 geonode/layers/api/serializers.py | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/geonode/documents/api/tests.py b/geonode/documents/api/tests.py
index 5ab59dfbbb4..856e72efd34 100644
--- a/geonode/documents/api/tests.py
+++ b/geonode/documents/api/tests.py
@@ -17,7 +17,6 @@
 #
 #########################################################################
 import os
-from django.contrib.auth import get_user_model
 import logging
 
 from django.contrib.auth import get_user_model
diff --git a/geonode/layers/api/serializers.py b/geonode/layers/api/serializers.py
index 3d39fdefe20..27b1e6a1d6a 100644
--- a/geonode/layers/api/serializers.py
+++ b/geonode/layers/api/serializers.py
@@ -181,6 +181,7 @@ class Meta:
             "subtype",
             "ptype",
             "executions",
+            "metadata",
         )
 
     name = serializers.CharField(read_only=True)

From 2fce14f41c7bb4eecc2a895ef7b9f2ec448b187d Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Thu, 16 Feb 2023 16:57:52 +0100
Subject: [PATCH 207/330] [Dependencies] align "setup.cfg" to
 "requirements.txt" (#10665) (#10666)

(cherry picked from commit 0e89afe806f359a1a0b700c233f292999249af5f)

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
---
 setup.cfg | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/setup.cfg b/setup.cfg
index 12b727c9d08..736f81d85cb 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -203,8 +203,8 @@ install_requires =
     jwcrypto>=1.4 # not directly required, pinned by Snyk to avoid a vulnerability
 
     # Security and audit
-    mistune==2.0.4
-    wandb==0.13.9
+    mistune==2.0.5
+    wandb==0.13.10
     protobuf==3.20.3
     mako==1.2.4
     certifi>=2022.12.7 # not directly required, pinned by Snyk to avoid a vulnerability

From 688528469fd138f01e66b478437c316fb1c071a2 Mon Sep 17 00:00:00 2001
From: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Fri, 17 Mar 2023 11:42:24 +0100
Subject: [PATCH 208/330] [Dependencies] Align setup.cfg to requirements.txt
 (#10788) (#10789)

(cherry picked from commit e7620effb065ca8b4bf9a0e4969adfd454ed36b3)

# Conflicts:
#	setup.cfg
---
 setup.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.cfg b/setup.cfg
index 736f81d85cb..39709bce937 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -204,7 +204,7 @@ install_requires =
 
     # Security and audit
     mistune==2.0.5
-    wandb==0.13.10
+    wandb==0.13.11
     protobuf==3.20.3
     mako==1.2.4
     certifi>=2022.12.7 # not directly required, pinned by Snyk to avoid a vulnerability

From 6e33c12ec0c862f96432f0d9fb1000f7c098c7ee Mon Sep 17 00:00:00 2001
From: Henning Bredel <h.bredel@52north.org>
Date: Tue, 28 Feb 2023 14:17:12 +0100
Subject: [PATCH 209/330] Make sure to keep all unzipped files as file_paths

CSV and JSON are both valid `base_file`s. However, the content of a
ZIP file containing a JSON file along with one or multiple CSV files
will not be stored as `data_retriever` will override all allowed
`base_file`s until just one file remain.
---
 geonode/storage/data_retriever.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/geonode/storage/data_retriever.py b/geonode/storage/data_retriever.py
index 059a3122a74..7d35f93bf29 100644
--- a/geonode/storage/data_retriever.py
+++ b/geonode/storage/data_retriever.py
@@ -211,12 +211,25 @@ def _unzip(self, zip_name: str) -> Mapping:
         not_main_files = ["xml", "sld", "zip", "kmz"]
         base_file_choices = [x for x in available_choices if x not in not_main_files]
         for _file in Path(self.temporary_folder).iterdir():
+            if not zipfile.is_zipfile(str(_file)):
             if any([_file.name.endswith(_ext) for _ext in base_file_choices]):
                 self.file_paths["base_file"] = Path(str(_file))
             elif not zipfile.is_zipfile(str(_file)):
                 ext = _file.name.split(".")[-1]
+                if f"{ext}_file" in self.file_paths:
+                    existing = self.file_paths[f"{ext}_file"]
+                    self.file_paths[f"{ext}_file"] = [ Path(str(_file)), *(existing if type(existing) == list else [existing]) ]
+                else: 
                 self.file_paths[f"{ext}_file"] = Path(str(_file))
 
+        tmp = self.file_paths.copy()
+        for key, value in self.file_paths.items():
+            if type(value) == list:
+                for index, file_path in enumerate(value):
+                    n = f"{key}_{index}" if index > 0 else key
+                    tmp[n] = file_path
+        self.file_paths = tmp
+
         # remiving the zip file
         os.remove(zip_name)
 

From 875398195b6ad042d4090296bb5bf6ab9a8ffc49 Mon Sep 17 00:00:00 2001
From: Henning Bredel <h.bredel@52north.org>
Date: Thu, 23 Mar 2023 16:34:17 +0100
Subject: [PATCH 210/330] Keep all uploaded zip content accessible

iterdir() is platform dependent, that is the order of the returned items
may be different on different platforms. In cases where a zip file
contains multiple base_file candidates it will be overridden by the last
one found (which varies on different platforms).

Also, different files with the same extension (file1.csv, file2.csv) will not
be accessible from file_paths as they get overridden, too.

The fix enumerates all files to make them accessible from file_paths.
---
 geonode/storage/data_retriever.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/geonode/storage/data_retriever.py b/geonode/storage/data_retriever.py
index 7d35f93bf29..9395b4ed827 100644
--- a/geonode/storage/data_retriever.py
+++ b/geonode/storage/data_retriever.py
@@ -213,8 +213,7 @@ def _unzip(self, zip_name: str) -> Mapping:
         for _file in Path(self.temporary_folder).iterdir():
             if not zipfile.is_zipfile(str(_file)):
             if any([_file.name.endswith(_ext) for _ext in base_file_choices]):
-                self.file_paths["base_file"] = Path(str(_file))
-            elif not zipfile.is_zipfile(str(_file)):
+                    self.file_paths['base_file'] = Path(str(_file))
                 ext = _file.name.split(".")[-1]
                 if f"{ext}_file" in self.file_paths:
                     existing = self.file_paths[f"{ext}_file"]

From e53440a396baebda800b1683603bb5dfad624f79 Mon Sep 17 00:00:00 2001
From: Henning Bredel <h.bredel@52north.org>
Date: Mon, 17 Apr 2023 09:03:54 +0200
Subject: [PATCH 211/330] Use context manager during unzip

---
 geonode/storage/data_retriever.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/geonode/storage/data_retriever.py b/geonode/storage/data_retriever.py
index 9395b4ed827..29cf8beb51c 100644
--- a/geonode/storage/data_retriever.py
+++ b/geonode/storage/data_retriever.py
@@ -205,8 +205,9 @@ def _unzip(self, zip_name: str) -> Mapping:
         at the end the zip is deleted
         """
         zip_file = self.file_paths["base_file"]
-        the_zip = zipfile.ZipFile(zip_file, allowZip64=True)
+        with zipfile.ZipFile(zip_file, allowZip64=True) as the_zip:
         the_zip.extractall(self.temporary_folder)
+
         available_choices = get_allowed_extensions()
         not_main_files = ["xml", "sld", "zip", "kmz"]
         base_file_choices = [x for x in available_choices if x not in not_main_files]

From f24457bb2ec86c43d9baa9fd1ee056516e9aeddd Mon Sep 17 00:00:00 2001
From: Henning Bredel <h.bredel@52north.org>
Date: Tue, 18 Apr 2023 19:43:45 +0200
Subject: [PATCH 212/330] Sorts files during unzip

Ensures that related content are unpacked accordingly
in a mixed content case
---
 geonode/storage/data_retriever.py             |   3 +-
 geonode/storage/tests.py                      |  27 ++++++++++++++++++
 .../storage/tests/data/data_collection.zip    | Bin 0 -> 14261 bytes
 3 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 geonode/storage/tests/data/data_collection.zip

diff --git a/geonode/storage/data_retriever.py b/geonode/storage/data_retriever.py
index 29cf8beb51c..b535f948328 100644
--- a/geonode/storage/data_retriever.py
+++ b/geonode/storage/data_retriever.py
@@ -211,7 +211,8 @@ def _unzip(self, zip_name: str) -> Mapping:
         available_choices = get_allowed_extensions()
         not_main_files = ["xml", "sld", "zip", "kmz"]
         base_file_choices = [x for x in available_choices if x not in not_main_files]
-        for _file in Path(self.temporary_folder).iterdir():
+        sorted_files = sorted(Path(self.temporary_folder).iterdir())
+        for _file in sorted_files:
             if not zipfile.is_zipfile(str(_file)):
             if any([_file.name.endswith(_ext) for _ext in base_file_choices]):
                     self.file_paths['base_file'] = Path(str(_file))
diff --git a/geonode/storage/tests.py b/geonode/storage/tests.py
index c4ba57817df..e76c3b6feaa 100644
--- a/geonode/storage/tests.py
+++ b/geonode/storage/tests.py
@@ -624,3 +624,30 @@ def test_zip_file_should_correctly_recognize_main_extension_with_shp(self):
         self.assertIsNotNone(storage_manager.data_retriever.temporary_folder)
         _files = storage_manager.get_retrieved_paths()
         self.assertTrue("single_point.shp" in _files.get("base_file"))
+        
+    def test_zip_file_should_correctly_relate_mixed_content(self):
+        zip_file = os.path.join(f"{self.project_root}", "tests/data/data_collection.zip")
+        storage_manager = self.sut(
+            remote_files={"base_file": zip_file}
+        )
+        storage_manager.clone_remote_files()
+        self.assertIsNotNone(storage_manager.data_retriever.temporary_folder)
+        _files = storage_manager.get_retrieved_paths()
+        base_file = _files.get("base_file")
+        
+        def strip_extension(filename):
+            return filename.split(".")[0] if filename else filename
+
+        base_name = strip_extension(base_file)
+        available_files = [
+            _files.get("shp_file"),
+            _files.get("prj_file"),
+            _files.get("shx_file"),
+            _files.get("dbf_file")
+        ]
+
+        def assert_same_base_name(base_name, file_name):
+            self.assertEqual(base_name, strip_extension(file_name))
+
+        for file in available_files:
+            assert_same_base_name(base_name, file)
diff --git a/geonode/storage/tests/data/data_collection.zip b/geonode/storage/tests/data/data_collection.zip
new file mode 100644
index 0000000000000000000000000000000000000000..0702327be361a2bfda7c9c2a6eb13bd08ca5a9b4
GIT binary patch
literal 14261
zcma)@1yEaUx9@2wZY^4h7He?|#qBMHqD70B;7~lc6I!grU5XVi?he7BcyT8LEt)`(
z1W7LMz4y%bo%fzI_hipAdv@me|1)bnD|?>3lAoq3_9IHHhgkSn4=gqG)H4iEUSMHi
z{q+C~>+${B-Okz8(b^Q~V(09^XJuhyxofj!X=P>xv_eh>lWenb6z%?%KEb@n^j)f2
zE=bG9&nBlA9|ueGKbdY;joOUen`!)4ra(7)r#MrhF9MVUT_cP2ztCcPj75X1Z#kW{
zpG(Wfl5^!n|5*`@VfoeUFTUpu6Ia=_x3O>0#$|g#+%45O*9%*_n8n&@8@xDXOy8^Y
zwhbQm^GbnZ^y4I`CjIP@4r4yn<Al&qSGku_c39IRHom3D#o=`Vgt+mnksDr;>;uXD
z1s{_Ao(Gb8dY+tpx>CeolPq8|<e8-e=d@RziJWX?G&3N+YO&z=$;k(q_02S126m0B
zukHN4ys}}ovOfy7TmTV|b~G$m!T&Ja;{4~x7wftm>Fy&Bz90WjI^913EzLCdEV@bQ
z0Rln-0==zVq)59CEGuFfk@|n6u#G%3nD*Yp@xM0m`M*YE|8CTc|F!l1+F;!;FP~ka
zUSvLpKJLB6qx(T}KiplMtWB-VJ<Rz$d_1`MmA4-Lo8a$y_(^X3G5>zzGi)p@mcIq&
z&Zg$hR&LhrroN^?Hy1BED{E&<J9ATSa}R5`|6L)mwrPoGW@buO@z&kAxAbr2Lg)kk
zQnP*B^X)n8kkI<ePT178FIA+_S(LWBAVNEY0zpZS(2gXn=FtoOeAb^h%ksES^i}n1
zVZ{eH-R!jwIue1B5eZhBL9S(A+%4GmB|6W9&d#{BE_&Ie$+;1~$JzNDKc5;V;?LfX
zZFcg!B*IhLM6KlSWg8!oO%oH0J`lTky%J{2jv`O`-TN2eKO(f6GIJ`vkL>AvasCe?
z{JUIZrHOh4C>1b~R;28{D8_;C*Kgn3>B!5u{?6wk<wFNjFi;wuoS#VIRn_+#hli3n
zFMf&zcE(uVh-=IyTl{&pf@g|(Je*vtW-ie7Fb^v|p4eq*F?4;%Qm%=PzE|nVyWg*&
zPwPs3S&;lQk<7HeSUfsioEV`wh+ChvNzvpO_9~J*9HuK74v&m#+DR*gpPOGkKX?-Z
zB|eXIc=?xW8WWn~6!-rW;@=DZ_d52dNAEusz{2X6{~twpUz%a71h4g0utkI9cMVzG
zL!^?4OGBl&Ec4<yxl(-fSnT3IaLL!JWC&Vu2@xnf5qu|@9I3+jjdJQ{Z7pX3afqq9
z=yH(uUYlILIjZ05oLm~RHZvIOfn#oM(GyqoPoEmVO{HsN<lH-WxkOwL`i@LV1(DHr
z>(3qSw4MloLylD|r7kdmcbMD0U)|lHGfYZqQb+kpL%V{)_sPrb7s)R_$XjVzUBg&n
zI^Hsock*ztG+h&#?i6Y=olMJQ6W1?=|5^?A^@Z(}baxEo1E}CDxf7)O@Us5TD=ttR
zCe^3zX01(ncltFK6e(qr@Ca;gLr`DZyVbcf=<=YCEh8Uc<M{VccA85c>*E^6So3U<
z1R3D8Zl@c7Ogw*1M-JImxEzRrs{kN%axKmgZXcv7HmCd>u+(E}>oZtR-%l{IohH#p
zCHUjO&hbf~@9SQDfbe_)$y+%j+;DQOBXiU`K$Tl2J`3anWO?vCn!TGkGa~=mnm)K|
zGh*2e82?&y#ucf5W1T?<ELfZp&NUm3hr?BYP0cQ=Y!#J{&xHwhr|Hu^Y!_?Zy{(j+
z=*6DVQedo^2${*hGF#Y^<)`gcJW^aw?K`X_t-I+C*|8QRGv|!}&LiL#I!ogu@M*qE
zYft#1Wpl$5?e*lJgq)0op1!UbP%^O{k5>?mbf=BG1!e7Ziik(^eLWVm;nAONXj&a)
zi@NKyIPWTIZpurOZPMpOlRq3ijPm82^=zIjCG4pl*h>itUgCsuBcWdp=?;96FK6jC
z_ceT>1kP`qg%(!=wmD8$tX1(Qd+N&a7L>0`hXUU2!gYS)k=4}-bTh)7NtwPB-R{sS
zqi<TuTgGu-&dxl!VF&l_s1&%U_fSE(V*6FTwMMl=b>FR2b$wm~R8fvUDb&mbC`%!q
z?TYVDl(5R@0SxVhO5zH=JKtWgJGOkuTqYRe545!rjgXTz^K~mDan_RDGr@8Qa;<g>
z<@b4I)QYe3b8UjAs-atX^rcH|4<3itP7<=+Vc<~39G%X<Q&|}JRG&UQRCm|**KFS%
zz3DA-Py1(?b9?@w*-0Bg>)V<S+s-D_L4L312om7aI(+7ZU4}yGle<syG+Cv+-zS`&
z<_!B>JV7c(Dv0faw4M)<@b%mflfI5eYi&CRbx@|ZHBY7#E^IdmM(8BVt$7Wox8epB
zIkWZSwL21jWkwATPZ<;umOHjptKMF(@0k<{lsmxbwE+u<YWs~fVa_8L96ml5;1!3x
zypHOVc9{^xch9n`doA2e8YMPtPVJ6e;Brf|U_LQv%+fCND?-nOieC--HB({XBYSWv
z5LjR{_b|uw_u~>x9k)qckv__VG*Tk=m$RJct?0ra+#}IS^dm@WTp2GbO4ssdO>)0a
zYyPg<fi1+4s?s0sIPg+f5Tj)DDW)nhU-MXX!lV^97dj?ZN}~E5Pb~5D(oLy!C3E6w
ze~@9#2g@HrI0l{K4#yM*E4yR#f@mIRTU%Epou7wSCw^X7^QQ)&>sJB#ooYiQ;H)~u
zG?tLl*LwNw*q6eFwMT*-Q_Pr1oFm}`ZiS4v>klZ2MpBXYYm3grioOgpb7B1Rg|>{L
z)#>Y{B5Ygw7^i*T#nFMA-goIB!Q=ct4?|7ev{<1@wIAXx;0O*`6N(lV-bvo4mt_(Q
zZ#N+j_B;t({g@M!@-zgT0Sz9MBlJu%iho8WGT#u8L2}rdEdMF-I{nyL??GA>lfw&W
z>AWrX4YZ~;VMGGhLO4`57xi*hGDNbkQOPf{Cun6uU@g;F3CXQ-kx&jl#V@ya>qMi*
zsm6h`NwfHFn0Z`)Mvx)l+~pnW&jq}8w6E{btTz5He<!!D!{#9dbF}Gt)a#8Znb_a>
z7N~;oes>G%7uhCid8G8*xo<b4MAVmKyLtN_9B}{gd2B4`%&(X?A5K8a-B*~=yW#%j
z6}UfeCP(t5N4DWgcr3&}_SXX7hvv@#$;mqWK0;gd)V1)=LhU7#xq776vN!VWAnA~u
zMigNTm71yQHs|blsZffnIaC~6?f|9o^_qfg{HFKf#Kj>L?)7S#c(EwwWXAa7=x%!O
zimF3h$1H=>QPklue-DV-Nu?tIu7q_SXlx*E9Mb{4E}mt()V(CpigO{UKRPvRb=N<$
zAMvgJ3NOJSVyNzYe*m?yP0jD%WYp2$IEa`wj)dv}BqJvJP}m3sx()P!-uNfvxVq|v
zolmY0kN2aF=bz%3b6LW^11FSN=)vRyHI5{=13YDj#{qY5&h98`+>y0bOvpYQZiHQn
zjIz-9lM_&}jQ^D&q37_gA&PmR-G#}_L*zElI7WQ6)mo_?`y^1Nap9@DZR_<JZAIYe
z$n*|;-;_d-yT+UOq6({dEnqS4p+@xL3nKrCBi`7qJ!5vPY5=%e7>f^S@~IooHqz>p
z{<98~jYe(Xq%5N+VR*B5R-{d^v=mqJUiVp?_YL~8=4VUV9orGX2|v%XPhzAl<|e7`
zkHKRe)86>0F?Wmy*a%5Q@s7}PFdYYPu&z`RGPmz2bL?<g3k`>T{LTx1C_|KDh0N^w
z<H23Alh$>|#xro>G=q;|Ko)_q!4S{Mw0_$%PBNWfPTPn1%C|;2`Y!1kW37j?ndUL_
z^?w{2;-*fRzxf$}y&7Aj>G^51Ka!X#dmFRkDk9k!ctUddywfWbKw=*#%QcC+I+GB>
z3_*u`d!|^bZ43l0k0#YyEz(Jh=|=nUy7$1Reyd+J{^$ZA4;{EuuK^*M8ephq1h*_D
zYAF83y%3Z5nW?Caj3JbUop8-I#Q&OW@ODFxKPVyYPc`RoJ^ArQza#{k(2RHKRKKa_
zwYN$j_ECmTa}Vxr1=Z{F&#e@WvhhIGklb(-5DQO_ZP9MZ$3QBeQe?M-^A=F)TPYpT
zE$$Nad>FL7^!WWE;Iw~AxKR4~JJV_3UQ@Q)?=Ob^)tSIPx?B38574FZOEquHfHI(2
zVc$bXbDOyuZ@Z*5i)k516>e%z0`2JyO^@_oGgsuskI?!fa^S2{$n~SeQ1_KT^kV#i
zCYNlEGEcWgaSj(Ww~nA`^UayIeW$U~%f0aW`A}{(HrZl9y^wU-PyRcfc^w8Od&_<O
z$(4MZBjA(oYx3kBc<H2A%yv16XiRcGvF_(mWfzHlL2+3?yI=EX$xa9E@*cTkYD-^M
zSddSN5_Fk(mMfBzQc-JieOAorS0C=h6Y4Fl-|*|X$tb+FROTdV+X(OFj_s#6DUJ*3
z4w0;I((AV6$q^y$0gT2`YD0T%!T}uHiaKAdEu`sh&;KmSwb)C!bkPP}lzh0h7t;kb
zm-Ew_#+YWBZuu<<smJ1(*?xZioowTUe~zr|Ls4z1u$2uISZi1du2>*`%mAzg)-Q^;
zDDk?L(E@;b^@rBeLFNl%k<c%(1)cg(Cs&O<w!ZB8F@r6$_dSbYG|-u2eed;Py4Pyo
z3zP$Yy0SefiSt~}4iioT^C|^PN3tH0^%U59#(t|&eb>9fj5JXyQ5HNZ>eH-a0_zAL
z63{XYz(&2>x>flxN^0zPE-{Y9;$tF1`<4<}r3~pmi4ey~Ha8j>K@Oz^RusglQkU?i
z@_6xv<ZxzsT3ZFj5#ZWe^(YAAbtXtVDH>gwCg0<m>U*F8MU0ZUctm8sk7|)LpU<<6
zTj&wj;<%JGM-Q<pSV>En($n;OMU9IL`pk3qv?g^wP1+l~zE&7ux4=5pVX8=5iM&W_
z9}a1cioO!1j@#|I5@oV|j!0OWeRJhk0o!{Q;*pbp8g*a$yaL}y=o@B}9Zk#rLlC?q
zyQ?_Y0~QR?kF3r8DwE?GvOUSuP$rHSt6QCY^f?1N+s^_z=XTZ9^+oq)Yf%U4$^F9i
zBI(-Ta!iylNNBzBgdt1wd=UAVCvl4Pk`aIz2AgBQqMLEv+^hcJ@W{Np(tAX<M|tLr
zIS;%$i(BKX%L-8XHuP>vp`>BO6q=@E+Pu>@$suWzfVzA8!U4cq!5}ny8Zx%GUqTZY
zA?wkQnRsEQSTKSmIlWSGd(JLo=pw>Zf6zVd`uv(6XkmPs{Ho%KNm~@rJi2uYj4jpB
zCmf9jmfh8CqMg6+$AniXT1lD_;4$o&a~$f1H}o;;FK%{krKxUY+c4Op;GTOLbb8(T
z3KVta=3T7&76&ydPBG)|K5Z;RDpWa`{crs*#Ja3D!lgbY&Iejz#liw@WteiTy}j%h
zK6V5)#8#v^@O!6t_KlR6zh9EFJ&?3{JE};X-kISNC@r<(>yt%69siOm2=4{N{5{K#
zuWaqRfalBpu^L;=0|FUfM<t9wpH0a_#XqyMt%Rm~6&VU={QI7pKEfZZZ=-aX04$5G
zI#_pywueL7n*r+)^L<trF?gLWUe1K{xX`1hT7sOS#Jj#q|Bom*&HnE3p_1RCx=rFa
z*em(4hn0G~DhgVXJFQOFBT*85qd1KA*0ryC&hwLT-w6M(Rs(3?lfOtxnQ-~4Oo(~c
z#`mM^gG<2r&f9~TI)Pto_%^9G1Mfy=kX{IG_ZFe6?8s-1)Qlh_ipxd@bpu@0_t_GX
zcznsDa|vOu{Ff5YErBOzqC`qJPHEf>3LvgAGXG|Ln~nkY^+#RC$+DU0vVM++<VSuU
z+l5a%JWY(2l#vAfP6_x~beWAUkJbY_-WpS`S9zDT<5bB^>#8ohPfyhQJ>&aBlg@Hi
zUNu>hc)rk@!;~6-`D}J{2SDIph#*L~o6Inl8XPsJ$vk~Iz0Tuw*SQL(o_SEpd49h?
zOR<$!(g2q)#UI7RqWC>0gQ;S6NfJ<f#^PQ`YN_jV@AT-n@vUgw95}<)AcNKIqbSBd
z`d=tcCS+tE8f$HB&39iV4MCDljS^Z5EZDR7@7VWvZ(ED_4QS?7gR<0ivAe?cVB$4H
zJg44PG8T~MRxG4K13RdA)b@1c*h4+B#PYmvM{%L)O|B|EzC(;lNvKa_-k%p6#-ckf
zwHG11L{DYf<5AJo$LVjF0({z}D<7<L|H*M9;X@DhDP8J2e*2~_0xYb^6;s9-`<N!n
z&@*1w#f9nvseNjCB*pP~BsRXd<(z8xfM>F#U1TyKp<dh6L7!0;1|sMTNO*)c@-b#{
zz}L?T9B5;YjHT17XkElSVKk@|T#7*QsdVuLeU5+?5(S1C>fdg#Tr{tRN#|3ZR0Y&q
z5I6aJST}ftH>-QhvX1GmWK;JmM$@sG7{vA!CGk#K1??Y7y2{`IsI~Idu4lH+U1L>z
zFgB^rIen^US!$(_Noq-)w385;Z>QAVtEZ-qh6Aje%aVNwY$ib8i-^5jP8q*O%!O>y
zB;28#D*s%+G_cxQ<MM0+N+J$&t!`zAQ(xnU(KdO|?Dy7+3Y#AGsLW+eF7%aahpRl=
zkY;$uYIUn<&lVA@Jl>B%>SpZm26!49%AU3!aNZf$tRcrG+3tcji@3)&+6^s;pKbg0
z!dru1Wr+k<Mno^D`oA<h19}?WU~4nBPe#GYdj#!Y*%fx=lg<WF_$(S)$UVL^XOOBU
z%awNR@*t(RVjQm}TEBn93(J*~RkGM3z51#kACJlvRYM=SrLV|}rbbs2=f(K(vrjQH
z4Z05_ErG((L67jFQ&$pDulbr{Z^SBO0bbuKXim8eSl+P%@AMdT64#5)g#54BZ8n)y
z0)PVa6N^1s?>C#H(-x5355XFccwhqMRZ12dF-eB^E1=41kKWZNOD?<d5G5@L7FNLa
zv)<SvH7#WWG47lUiEl*bIg2K)8$|Rbvb-8&3c4e(Lc_J~-SI=nvSx{x0oM{oGDHE(
z-bQ*~r6#Xm8Q@LyA@DA^=}N27l3C5{yW_Joaj~;tb1lNTM0S|WK4{GH0r8~SN@o|n
zl25qlt&#{2lYnc?m}%TjQg+D3%*^`>w$5$5vaWP_+mi);MXEBIJk6nSahdqTG|#}O
z$tM}g{3q*QZUFFiB}>mbfX8mf@>&L6idL+mr4Y>laB-^-*yrx@F*hfKXvfzTzW#jT
z3bflby@W{FC@Jo3|ElOY*#Y8L%bOQ_$-u#w@O3YmJST(SSa-Cn0vapN#5)Z@eAjqX
z)<Z$qUau6m4*5{4K@eNJ2v3|f{oMPhh%jqGradD0h0t+-UlBa8K=@`iaqm#-cqIzj
zo0B+>_=PApGA-kAT(-DKh}OWP0BJl=A92W3oG03{&j^f$Z&{{^#$TY(KZ0i?#3{>q
zhM%MsSp^1Gl`IitR>Zv4VcXgQRC){1`+gbMBv7|bJqRS^K8bc@-4Z_zkT=BshzPjy
zuS4%ce!mYQCc_nLNxG0+2Wu5SB4v^(dNbGzRo*(IgC7XxmJ1JGoAx`olLD-lDdh$&
zJ+bSz8IfPI>B6EHj0UF--WzP@_o>vas}B0Q7-Ai+jQCRwr934%>oe(%<tF|W^cRPz
zzsN8QSKV@xoUW^l^Eu%~Q=;Na!^vu(paeR&Gt)-*3Epfd*q4k*)XALVQdO1OK9oUJ
zEr;WZY}uq~M&*+YT2t82cIt&v-ufpqf*1RWgpgM92lcmxzj(Nu=d1&u;ret0rwQlt
zY$sfnRNaUr1g^E)9iy#bLdh+qy%$XBAt$W-l5yM?nCex&##JZtVw_YXw6ei~zR~;z
z|CEG|!EnVDa|VphzKasjE1R_LW*Xtngn~=00X7t;g_Q5O)^Rd-#@7@tUl^b3st(_r
zc$O6u6iSP*fzl<2Tzva#tl2X__njJ??p9$cI=wz_(*-~A)A6y0<EmWUmi_58hF_ME
zTM9w#9QE%v{P<oC-M58Oy!A&%NeZRgh0i3Qzo$0)GL<o0?k;VQ6puifEjaU!sZ5he
zgaD*DbzzeLMoKA#J^OYwem5Dj4=!u1QAgEQ^VG3Gou81w>e`m1Yb7()!!Nenx*wO`
z?p}$Wns%6V@?MTVunKZ;p*4DtStZseo<5P_sbKdUez?jp^3aDJ^kq!B#Ty>bD?k%g
zw&iAc9KAQ@JD$+Wm~9Ic|8lpvEfsd-Za9x4h;Akc4eKeZZI-W2xL~tJXfkI#bFrq^
zIPfmjYUNrDP-l-Z*gv+UP!MBn=y^#XbEaeoar9y42>e5Rn`(`&S5Y5RB(h`?-1ua<
zm19mi7SXd#o&gWutvdEzs_oJd&+w+99z!H1eJ(i{%^G1vw67zKCmekM$pK55WaXLV
zPcLdWuZJa-x9@VC%0mJk-acDt)7H*W=y^x^bkylo+UII<wluE3Hur;LQECr4|J#r|
z==d{l9ax_n6KTeu?yw#rngn?Cj)rJUty$3eQHk!GgBke?#7AU%+y+bqxwj}0M{h&e
zc&v~t>I*^Mjsvjm#A<F*Em$)koXxD<wouej;Nk#Bi(nPYk=WSGIZ_L|<82cJ$T`O7
zqg_dg{@sTFMiSiYncy|g^(pGSpiMNpY>EzHyG<)vf9@c5{MAF2fS)?!!j;PLv7dZ+
zAt+&dv-$NHu%5Ruqk@Jk<t-9=_s;tAt`KvR`%=WJP;<29?D*Hstg-!-PnVG9Pg^Tk
z(fxkFsXEC;Mk=RG5+!sy02b}0jTPhERNBlu+OF4&i0W|S4`4>Xl2phz$YtwRcZqJr
z;j5#e5VzS(wIWN)LKz+3&M)SDfjCoLW+1jn;!II1HlcU~Schz3^?PbT4&Ng8n96#!
zs^I(Muy(g2>eFt)DI8OpzPt8^a*uxbZm03&RB?(QkfGP?wgVA)TWj8=z1b^Q87jRG
zOw6&%&Etv`5k<qk@9<Rn;!NFUV~NaT5yQT3jrJ<k7Pp$cUlWjNxT1n0LnUET&!Orc
z<|%ayV9DLz72re%S?L2c1Ch}U>_EA#lH-{qw-0GwwlYScvam2{91&6I@XhtF!b!O+
zj_seshV4v;Jz+(XTPaX|4SOHa?uFtD+LE9Vtzn7!jI1~%d7H*=J$2%hruZw^h>lmp
zhU^S?K#Pt;*9DoleT7AQr|d8Y-5OlxDt^G+72_mODtiza77o8HDALK>zLU})Z{mmS
z{4_r4NFs=+Ha*Ul3J%+zMCFEHv*H-c_pxU9j_5-pI<?<*2pk9Knl%mVO}(0({5-8N
z01&dBLFKUUq_Eu`T!!4Tb^7wMZr=)x0k@9Lkin~9bvK#4dU0k+f|Hv+&a(L4nUo%J
zz0V``U>Ny{QN1|6`KP%AvOboIXnzC0DVa%r__IJKkX~{c|IOA%a#{5UlJw~vqO=i1
zgX0e~%|aX_z!3N!yuD1A`7&zPy0}Q;%}?2(MY{2iHDkZtDO1mO6)4JcxJKf0J*@&~
zLx&&0Rv&wE<AeD^QX`n!R!?OJM;Q&q-*;?emdsG4A5n;#M_3O)X3TftPlesUe$TB^
zoe0z<<K6>zm7fLExiDz&eRjzWIGhYY=LHpgB4X;8Y6a^NoH(v3KM5X9Ty|;dsnvBh
zT7}Q16=izocj4fj62%|RIfY0J{LZCYnOLUaSFT&OA=VHG2vR!R%DS_;B4}wt1ij|e
z80hJ)&W6uhbd5U#tD9pw9uJbW7xbc+fPtmXrK~*Q19b!svKeXjnH%`Uxu=;^aGg+f
z@Ni?wx9D(43DneZ_cQcVMG^wOk^b=)6JN`ozKHw;CK4sW5J9mz?SBnr9p=zKG(Y(?
z@aKV>OvMUJh!o_z7kG#B5vT=RCPyd)U9u122^_A8t%Rh<iTSGUC-=TuX8D{8&8|%t
z-o6Pwdt%3HQk(%JG2nuDr1XxCqu%}Ut&G$Fof}KIoV6wi&>>12UHs6wz!!r?C_^C#
zMTeeW=M*EgiKh@sq$7*Hg@YELnYx_x{+fc(!GB}3AS`p(=c}~i$Vd$8HZOWh=&UnT
z>z#kOuo@i`?IoauHQn|M)T|lUC_ay;-dq9PJo7tEIjxyM-C6cWb@AHn2d`-Kzf10B
z^3HHh?(@@`q^u7M;7>@Otq>#Tr)oP*$?77ETIKZ}lt{w7u_L0etB6?AG0fk-i8Xq0
z=oN@``t%Xo^(4;Fsbm9(M>1O3_h|+Dtns4li2v?jL0xVQS=t(!P3)Uuk`wm4DY!=9
z?b+SemWKHsIJaJ|nopHsZC9ZV#95V^r3&;2q2&U45ff)2`RODs{@dS5G|p5$`{!h_
z889t3nQL}TXy7}-)I^x>w9|m;i1{7n%AXn+7x%1)C?$ZVuSVWoHX~|9))Uc`*qO%?
zQT=qx{ct^78I1u)nWJuAjki33X%MuvU;yn_`(Iuuw>j9^;RJMbUq3)&K2CNE5OvkF
z1zJ)s#kb-U@iy|g_XtfdjMm-OL)UIXN5>Q}qj)e#z-<Q8pG`k^`<I9W#8iLBb5S3Y
zX7vW<fb&7E6K;4WlVARJz=s+@`Q-z(cKta8<*ip@<)M2Sk1H~`8jnO*QJ?2>vvS*N
z{lfYBI~SM|1laZ&GP@Roq>t8Ehu+_BYE@aMh+~g;NcQqa4-L`p108Dy^PD)ZYaEA~
zc&$36i`jlO$$Jz#dPxpwODGvC#yEbZp&q&X7>eO#iX4lEkZNn_$`-28KCxj&6@#R6
zobaAz>L=8HY|6h3$3~#bUtD%we4r8$RGGiyfb=c<;nOiBJz=R@2RSz~sHsMIIidJ>
zm%8?+6J_R$-d#RX&!f}5-M9@lC84Nc(9itE*XBPnofa!eF1RnA)C_`Qnz?D?K~A~X
zHQ%Hx>x@krchUxP1dv*+z8rxLB1e_Xcc$Vt7+yTyBL)57BC+1so34FmNqg$0)QLa)
zZL7eo%W_|VsWbj`(VdGQ$i;eG&bwN_7$$n5to4(?B>Ktr+5jvK;hB!!jXHJ#%gMw9
z?iLXhbc%`#iT@IOE{s?&^!tPSV%OF%w)7s7bfvTkGmS~SVti1&liC@9*8venOs{38
zru8UFu7*QFun3--P4Cd{%*)uqLge)=``7ZeEd_jWimzt^uodnLQ*bM0*Z)M`j>s4D
z!+m$k@GL0Oi!pmo$i$Xg7y;h72<v-cvJnHx>DtUwjk*LY>aDxdpwNZ3HQuzokb3h}
zuQqJgh9Y84(c`;hdu|8O;ZYLq@mJVw9pc#+(tm+ne3$QXV#4@fImVA9hHv8SwtjO`
zwXEbEQYz<OqK_cA7^g(pW5x2m#&B-zJ*CNy#$eO*e6+?54q2DdZgJENs5-^NJ}DuG
zvw2RXb)^gl>7M+{xvk-oU2f5bxe7Lzban*cSHvkLx5jnI%20J-4qM<+3Qad=9oCgM
z@<;CM{UIGws{Y8x4>dk(4dG$Qh4*Ac?j7h|W3&s{Vf=-HZNgsPBD=EpldHYrQh-~|
zpqwwTlxltbaw!ry>5kj60yd88uMUa_r3YXTvyHE#W<fRY4so>hGp>tc@QeVTc9<bJ
zk3m(Q1g0d-5>0WF96LFThAoWibN!4O(;${6%fH_GamYr&UX@gQF8CfXK>O#wX?F7h
z=PU?dojL5xKn^~JVsGl%>Pd3%XIx#u;%3WQdP|6HIMrw71~!c5^Ob#^?>nBN$X~_b
z<=X+ZX@T`WdF_VgZ{+$L`w|>T%xc4{P!x<pD5j>Mj)bfizn6VSv3r;;mIJh=r(IDr
z9c4S{rX}E;8)+RkX{V2SA8xsx!|Ls}^kDlTEwJsoPPO?)K`{l(^FJ?9K|jo9*%@}Z
zV7a%rTXyCW@u3S+iLB5DbcMCSru=$I35K}6{Q*E%i%EdEI?Iy0Cbo*dqEO{qWoU+=
zIGZvuVJMo%t!B4Q+=4C82-4b_*qpN+Ap#cp<XXjkp;g3IQTk?&Dx{~fSX*ePU?)zG
ziFYzfL4CT_I9yclNtK_!H<R7u*si}S#Rlkxwe2OI6X=aYX4<O<Rf+hA+?g_J6C&kJ
zVE@vW7hN|*%i<4sqp7_gq^>E{0P_sC$^I^inFA=~FoEqwP^Qv#g9M}%;Wib@7UtKv
zQShX+Z#&b3Zuf2+?+_Be_Q|^}?swSK<{A9s1tnYYR}M^V8=fq;$<5Ssaib`r2t_^S
zas0j=4LNsJ<y*eJ_;l1UK@`d>F8Q=cD_YJvE^_{b?Lv0$)r!wI4D5DpMSFZviRN9D
zq`@{*A1(~~%@X4t+kiwt50ws2G9rq3J?v~hg>T2Zv-wXR?6=p*jqCv2VlOr$?gGR=
zYK#)`-hp6O-pZ&X7lK%VlECduLYxamn)~12oHl2kcux<>WH5{*-$4R|$VQIO|4Ijh
zuh^bR|D|XD7a<D$r5!W49#Zq`r{5^x?;Io@qZpB9!M(WT6DDU3ob)H>G!k3yz4@0r
z8M3b!-Unkknd-VjOi6~XRP&UXghR7G0MTymaNNx?`H(Nb9n^{cMHyzt80iAGbCqV}
z(rtSzx_y3$#|8W<Km88SFANvtGbB93U9f%Hqa9annAW{uoEa8k-hTCNY`Z;0+P9c-
zzvd~bJMG*y<V}(avLm8P0u{Sg5VVpik>0_WTs%tTU#?yzCZ2}iN!KN9Uy77^0hy9I
z5odmici351`l3lqX1{~(gfVd>L-k<X>zGbqE~D<1EK)=!_EzJPbRh}$CB5C~ET^Yd
z4^b5r?=BCy!DH$c9h<}5O>plk4<RDjU|XnVb_2zR1!Zvpb$_-@J#1^Ul<Yhb;Dr3e
zV5?3^&m*I+@@*R=zjPtNvt93fk$c@<R-}o8G0p`wBSATM)XjfJlU&kQ8P_v4E@#yq
z4vG$oz9VgYXs3-pU-|wp{PdPavbQDZ&sy`_j|>EBLaQDN&)A>ppY|E*5$K4(X$np{
z3s>#CKr%Aen0N#a`wsE!^z!!yOv>W7naPOy<7Hu(xe>r?vE{q##yX`Tj5XiGSG?(W
zn>Ie5tVg2p)7?x4@8AF!rIf9U<V;7#Ej>Sv<j}(;OIlLo)GxAmzP7qBuoR!%M6TZE
z=hWmOj-=tc*S9VxO)HsOHzn!LD&t9rMU2RIy5o{0UJa90jM5|t(tWnE8sWZ;nN8Y&
z_~j3*p-tkP9=qnAkm&`<(Oe<J_k?%g;xzmy*U<LG6OXZw`<~<Z^@h$>)v|4GjF%}p
ztQ*BsPBODGu|piY09`5nvY7;p*E3IPhs%gZ#j_bOD|KzLn5^s3rw8~&im`{Ea?mf`
zrMfcR+5@&PjB6Geo%}2IPnvh%<ssfB=GyUolWMEGwv)f0>A4tEA$KxAGjXBiL2qQw
zziL^o<E)N63DU@2Th$nmtOPlj5URx%Jln_)^AF_S03G7#4#v$Xf19n>fI=gk@Y_**
zo$oPuQgeB#rtprrF-U&ApZcxwq)KdcEI#YWet;K)Lx0TN8H7j0o7dg&>yM{d;y#{m
z0h1PEO-Bv#tXXMHhM42JkB1Kbtu144<%}~2F}X2aCri-Sw$Ok!yGF`WCP?FB(r195
zTzDW%*$*Bv#4WO@fx3zgklRHW#3*J?O$tGm)+*5k8F};X@njADl+h=du<&a@OMM))
z^N=Hw(cUpgBQ(x#*fqqiAB}U<>n2?#^>Z+1T{C%WY8E>hTYw9vGo<5%+WVIMEVC#g
z_$WyxM99-R7H=t3flTdM!D^a3U$!DxNhPgZ!*+1gtZ$0ozu8;x?QLk=RaeFDz~Uc2
z6?4K-J?6!r9tVAN{3w4^Oz(q|JWa%YIA54+kc_9vG^~?7N<!rXC2hPNQWvnSyw%(M
zYI&P_1x+U`@^Hft3zg=D#qE@Gh(6@ZG_&bhM!rnfAH0ouQc>Q*)j&TVD>EW5)gbFy
zM^mh~VETNAicpk^=4V35_2dONGt?hjh|?Ze_j?^X-0EW()o^RC58>wQ^E;Ke!+buT
zT1;>|?h!CAaqbEDbO4auFjR*epx581=5v@I>G|lel0(z?+2ol>VJG&rNxdRev<cS&
zp$yuP?T8@=<p13-oEF-(QV92aGG^I)l*krf;FobsC^qadBS?Tu`kIn0b~OK^T#$^<
z;*V7OW3N>aD)F@FJ{@Jnv?<@A!Hc6qD3L~*RRUT{de@*4yXx1~0aYj{k``&$O}NH7
zC07W>J99{lze#bZLnNU^^?$t~moZ{*3dcK{IM6Y{n$!jAY!<7^dV(j-y^yyjcuvpY
zISz^kiyPEcqc??6G1T1KF}TUnv@i>tMP~c4Wp!4fc`X4za#Zk&ZcN|zgD7EYZoXPa
z1WhfzepW<S_W3&aOIH>n_<-2q(*DM4$^-*Unjh9{g9qvgS_lJY7+U|3)u`k<II^!9
z#C`Zk=|%>4Oq0DtcoPxY010!~{k}@E!AuG}kTL+jQG~u$lWuL_B|Wk$<DeoIW%A0*
z#BoPA1h~@1E*+M{<E|)W$p+$1ta<(vVU+2r1OZ4pf(~CLh_#r%pWPJ`o8?Rwf3mwY
zbuo<FbQAEJdCtCACMBd})1}X~AisIX?8@}B>vmAX<*|{jNc`Kgw>dXvc@%h}yM0s=
zc!S`45RS>T>kAYHab*dA<yz3sVvtelx~C&1<!h}*Fy_TEpHBg1vUROb=3A8;`O*9o
zaB7vGM~DuXn@;El#b0L%)1)SOEE?jL0177fLmhG&=GG(9+P~i@_FO7whJG8J%d*dc
za-RP9Oz5L?r7#%-9P^wE+bNV9lJZG`IxOL;kwJUEWs=tcLr@_s<Xs@DE%qRv9rAJ@
zd62Nh#i&*^BxNAkx?k{>VB8AS%NhZhgRj3WS^v-tHY6Ql>Je?KvLyA9a_^ktw=W~5
zw}ThvB&Ugh45E&W)UHE1T4Do)chgF#w7Is?+wHq8ib6YvtzW%2*~U80=0p<#*6U4p
zdNo5P(v@6`0KU$5IOv4Zj@bU(@=>}moWoU_5tV7Cttcc936m;?DBJO=eA~`9{98{R
z(}V`djAJ&rZn}m%Z_N2n@J^LsWSq_Q-d+j6)E>EMO18!k#He-W#qK1PEtS4i@BJMh
z!|(}sJHAzTKhE|cXqY!b1J?nd{DtlX_$&XH@h+Dmjl%Zzz)$D}Rk)R6nI26*tyA+D
zPI`!xnf_!&3J)K#oN&#Ivv6?~d;;bjai-Mrt?LDWMoE)n2d=20pDKXkc+R<5;K@9?
z5DH2;e^DB{RbrOsq&V&pf9c}6=Nci40dW0w<}GRkW6)pp>o+{5=J7+s_q82loF-JI
zNgI<gX1rch>2=`{f5w-O__b6L+hG+bQKRsszuH{&!aSTmTf0=L#69rmzK$UH)1fJG
zfwR!J+-~s}Ppm<=EcsQdPv;f1XiqDIxLfBh--Vq4pir6~Z7FP@VxPkrK3>3Qvs81F
zkox|c0BgkM6miRt8XM~2>V%DSX7s}93)6ZH-SLLp#qD^&<0IA|RVux4T*Q|x<PqWu
zk8iA*0_}-Pa!pH;iDWY!WX#p8_G<At7G^H-e4E*P38Cvm3QXJPCPDRb<RI>do<hnj
z-aH<K>okvJ?<><qP&%ODPHuDNl9iek5u0!dK#Q$a5Td<?MWfCaZWRomj1$phTeWL5
z<7BpjI&^#A!;O%Mx_ai=0p@@1<ZxGAjAtaV1({r`@x^b4ni5g{^`m->FKj9$#nQ$g
zS8Ay%#L#POuh=lFAPv5|KU&xe*O{^?eE!l;wMr2oI3IYsl1?`zMsA+QPRKfoD4(QB
z?`aYo`Pi-4;8yUPlMTFA3OF<9#vcWmjC>1UA`{iE?S96RO2fM0St-0QeEnhfwF3+J
z#K$7Ge&zY*x!f4JjSyoa%Ws^62kuRM5Qk*Fgo{_E<}szOZei%h#_t~7J{*=oygMP~
zt@Do8ZpjgSp_}s^>9I5GmJZVn);2r<-KbS{-HgdXp0n_bn>R1;g|-U2%s#&%Ka(ye
zQUk+gLM~i7nU;w#kOp2p+x6lo4b^tw9#p*!hA0q}X~jZ_Jrk`C#<_5VF&2)hx*YD;
z%K(`Ny1c09pB<u&o~(cJozYL?g9$DK(l<hDrP7S2*<>->S6zw}@AhSH4k0EtGDa2?
z!fm3x#?c*XzWG|XlM>Y%%$nDxt=4Gj6{zOaqH$Zx`ytr6pT^$OHkpT6y)M{|t7bBT
z$2HMQ$lE@e;r8fLU)r0+$V2A=6LR#`I$7NXKS_`Jn@WfE9_}G4DoParStP_1f|pCY
z`Jp~I3cPc0)mvOkIui^0X*<`-*pg-a;DY?)<<9<+zJPBIn3&%c6O^*;eH7nw!e!ul
zK3@7@@g^Eo#RRv2@zpPQSO<0;#!x83h8Do`0E1tr!-wiVqX`H+(DNWYi2DLfp;UE>
zPW#tRX9PLjp-5A5H;;>pcth`!zR=!ak28N+8bz18r^h-TBHZY_x$koTO>0wc(jn;b
zb+2bv@s5Xixo0)|q1l_j;Uv|K_1iRiGU&%O>T0c74P%yiPjQpGsbv)}hbImK0hZRo
zG#2W-dL*JPIxuZD98`NCLjOq8JmJ89vfO+{n%n5Ad&*`fg+yRZ-0bBK9}ZAhG?SoL
zcV0D^G~wEe+K90R7u|d}#U2XhX1V(_9#tF67g`F~!B~7?(`Z!VtQrkjczW&OMR~Un
z7mB`QHA+`@mbDb>Evt7AiQ34Got#+Z{LV>ZoTL>bQIVrx50j}#61qMW>^RZNAHX&!
z=)4=DUG#Z7n4t(nhHiwj!mn(_%avOJ)<sQ6!3?6Z3r-w&8!34+97qM^NUW`g@0}>D
z!K?Go(rk+i;pGiF48C|+RGDu^UEZWUUF8&Z!F19acTzu^<n_VP%wHRu#-5~bzMF4H
z8Fm2uD`oPEaXM^f`IS+ndj&Z<`@FW1vI<|PCICOlJw~pr?WP&58RiZ*RyZ&*(_zY_
z?air-T1H4Sd1f@UFHq(zvT_XT!c9AcFqK!Bu9nv`y_guxRmy6vdvy)6>`(%KWeW1T
zi^!aT^8uZHPh*)Ai8BbMDtSey9<@E2A7%Ul7#2h5B2(j;AJ_6rT9q#K+$F0o_`W??
z(oxf#MHFS7OZXfL0;h$BSyvCmpRa$)9rgTzUAQ$M{O9ET=&0tFS&Mi@?v|uNuam>0
ziJyIeqJsXyyco2JaI1{_WXK$_=X(BafB@#=NS@rZMtIDR5OpJpc{%-2&@<5wzhuye
z@9pANiiX?Imefnkh?tL|yvU)8G!R`G@%xt~z<qyHq+}I8gDh7cpwmSXlmU9KODZFk
z3|_*e?p%W#KbZI6Z}9$Xcjb0HZ`p(=qQy6A@-PVoi0yk8B{a`l*nY)dE5*%;%%Oev
zP^}%K-Ltc4?%~@=yx8n4Y9hu9`gQ+bPl&taWegoGq2pAv)aGMV_s5jk5gyz<Dpf?i
z{s?BW)%9!2q_JUJOM`>7F>7Xod1-xlMA3d#QIU0%Nr59hw5?f!YXEwocA7a21<l;Z
z{%5X0sSTXnaZgXM{m<wL_fP*ps&I6g*_fH(2%bzx@Uwhpa$^>#`T$$jC&BwxjiKo8
zl_OQV&gniy7p7v9-u>$S`uR-__SdTiOMhL+sr}{mFg^#jkRte;pZU0_oB0U0kTv+6
zg?X*Jn>imB8uj{>fPjsFz*lg{9~$iMLyxfvSD4Q%;+Pv+7~*B_=l9^eGPPigU%#JD
z`{?}J1MCobr9d3)5UJlm?{IK&apF;u!LOCN?%&C$?*}Nv-{BAwt5`65Ke#7H9z2xA
z{_kn2`$YWjSK;TsPyb}6{;B>a7WIF$SXhOhb^ocpr%wK<{wG@WFZJJ;)qnczdz#~)
z>VNV?|5B&_ziOZVQ2%!r(ZAG?zt#T^75%&PzXFQ>C4Kzxe}WhN)9;`7&cFQ5{{Mde
zme&6cl=+w6;ynWO|G}UBEz$qs_s=iLzx)JV{}24`Q;+jEu!Ti%f4JXA#3TIo)&Bw$
Cq!$1H

literal 0
HcmV?d00001


From 4cc4bfae9890a603b0e3c96dfd306471d3357273 Mon Sep 17 00:00:00 2001
From: Snyk bot <snyk-bot@snyk.io>
Date: Thu, 11 May 2023 15:21:56 +0200
Subject: [PATCH 213/330] fix: requirements.txt to reduce vulnerabilities
 (#11029)

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5496950

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

From 3d20ed1cbdd029319f214fa3cbe74017400a6e7c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 May 2023 15:40:26 +0200
Subject: [PATCH 214/330] Bump django-autocomplete-light from 3.5.1 to 3.9.7
 (#11056)

* Bump django-autocomplete-light from 3.5.1 to 3.9.7

Bumps [django-autocomplete-light](https://github.com/yourlabs/django-autocomplete-light) from 3.5.1 to 3.9.7.
- [Release notes](https://github.com/yourlabs/django-autocomplete-light/releases)
- [Changelog](https://github.com/yourlabs/django-autocomplete-light/blob/master/CHANGELOG)
- [Commits](https://github.com/yourlabs/django-autocomplete-light/compare/3.5.1...3.9.7)

---
updated-dependencies:
- dependency-name: django-autocomplete-light
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* [Dependencies] Align setup.cfg to requirements.txt (#11048)

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 0470468edb4..9ba2ebd9057 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -70,7 +70,7 @@ dj-pagination==2.5.0
 django-select2==8.1.1
 django-floppyforms<1.10.0
 django-forms-bootstrap<=3.1.0
-django-autocomplete-light==3.5.1
+django-autocomplete-light==3.9.7
 django-invitations<2.0.1
 django-recaptcha==3.0.0
 
diff --git a/setup.cfg b/setup.cfg
index 39709bce937..850b57543f3 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -96,7 +96,7 @@ install_requires =
     django-select2==8.1.1
     django-floppyforms<1.10.0
     django-forms-bootstrap<=3.1.0
-    django-autocomplete-light==3.5.1
+    django-autocomplete-light==3.9.7
     django-invitations<2.0.1
     django-recaptcha==3.0.0
 

From 9c62b014b700e06b255825fa209bce077205f7e6 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Tue, 16 May 2023 13:02:24 +0200
Subject: [PATCH 215/330] revert django-autocomplete-light upgrade (#11073)

---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 9ba2ebd9057..0470468edb4 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -70,7 +70,7 @@ dj-pagination==2.5.0
 django-select2==8.1.1
 django-floppyforms<1.10.0
 django-forms-bootstrap<=3.1.0
-django-autocomplete-light==3.9.7
+django-autocomplete-light==3.5.1
 django-invitations<2.0.1
 django-recaptcha==3.0.0
 
diff --git a/setup.cfg b/setup.cfg
index 850b57543f3..39709bce937 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -96,7 +96,7 @@ install_requires =
     django-select2==8.1.1
     django-floppyforms<1.10.0
     django-forms-bootstrap<=3.1.0
-    django-autocomplete-light==3.9.7
+    django-autocomplete-light==3.5.1
     django-invitations<2.0.1
     django-recaptcha==3.0.0
 

From fd04ce3f33b8b976f274d9ffab66db922b28c430 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Thu, 25 May 2023 09:52:47 +0200
Subject: [PATCH 216/330] [Fixes #11100] Bump to Geoserver 2.23.1 (#11104)
 (#11107)

* Bump to Geoserver 2.23.1

* fixed typo

(cherry picked from commit a5d75529921a14bee833912c6b3c1283aed1f21d)

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 dev_config.yml                      | 4 ++--
 docker-compose-geoserver-server.yml | 4 ++--
 docker-compose-test.yml             | 4 ++--
 docker-compose.yml                  | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/dev_config.yml b/dev_config.yml
index 3fa02cd768e..b6c89644210 100644
--- a/dev_config.yml
+++ b/dev_config.yml
@@ -1,6 +1,6 @@
 ---
-GEOSERVER_URL: "https://artifacts.geonode.org/geoserver/2.23.0/geoserver.war"
-DATA_DIR_URL: "https://artifacts.geonode.org/geoserver/2.23.0/geonode-geoserver-ext-web-app-data.zip"
+GEOSERVER_URL: "https://artifacts.geonode.org/geoserver/2.23.1/geoserver.war"
+DATA_DIR_URL: "https://artifacts.geonode.org/geoserver/2.23.1/geonode-geoserver-ext-web-app-data.zip"
 JETTY_RUNNER_URL: "https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-runner/9.4.31.v20200723/jetty-runner-9.4.31.v20200723.jar"
 WINDOWS:
   py2exe: "http://downloads.sourceforge.net/project/py2exe/py2exe/0.6.9/py2exe-0.6.9.win32-py2.7.exe"
diff --git a/docker-compose-geoserver-server.yml b/docker-compose-geoserver-server.yml
index 10785a5794a..8dfc08b06c0 100644
--- a/docker-compose-geoserver-server.yml
+++ b/docker-compose-geoserver-server.yml
@@ -2,7 +2,7 @@ version: '2.2'
 services:
 
   data-dir-conf:
-    image: geonode/geoserver_data:2.23.0
+    image: geonode/geoserver_data:2.23.1
     restart: on-failure
     container_name: gsconf4${COMPOSE_PROJECT_NAME}
     labels:
@@ -13,7 +13,7 @@ services:
       - geoserver-data-dir:/geoserver_data/data
 
   geoserver:
-    image: geonode/geoserver:2.23.0
+    image: geonode/geoserver:2.23.1
     restart: unless-stopped
     container_name: geoserver4${COMPOSE_PROJECT_NAME}
     stdin_open: true
diff --git a/docker-compose-test.yml b/docker-compose-test.yml
index de398f099a7..9fed05cbb8d 100644
--- a/docker-compose-test.yml
+++ b/docker-compose-test.yml
@@ -89,7 +89,7 @@ services:
 
   # Geoserver backend
   geoserver:
-    image: geonode/geoserver:2.23.0
+    image: geonode/geoserver:2.23.1
     container_name: geoserver4${COMPOSE_PROJECT_NAME}
     healthcheck:
       test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://127.0.0.1:8080/geoserver/ows"
@@ -113,7 +113,7 @@ services:
         condition: service_healthy
 
   data-dir-conf:
-    image: geonode/geoserver_data:2.23.0
+    image: geonode/geoserver_data:2.23.1
     container_name: gsconf4${COMPOSE_PROJECT_NAME}
     entrypoint: sleep infinity
     volumes:
diff --git a/docker-compose.yml b/docker-compose.yml
index a4fc63d9b88..5bf831b1ff5 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -89,7 +89,7 @@ services:
 
   # Geoserver backend
   geoserver:
-    image: geonode/geoserver:2.23.0
+    image: geonode/geoserver:2.23.1
     container_name: geoserver4${COMPOSE_PROJECT_NAME}
     healthcheck:
       test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://127.0.0.1:8080/geoserver/ows"
@@ -113,7 +113,7 @@ services:
         condition: service_healthy
 
   data-dir-conf:
-    image: geonode/geoserver_data:2.23.0
+    image: geonode/geoserver_data:2.23.1
     container_name: gsconf4${COMPOSE_PROJECT_NAME}
     entrypoint: sleep infinity
     volumes:

From cd8746bb713634a5c659b61de8ad3217634597d0 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Thu, 25 May 2023 17:07:05 +0200
Subject: [PATCH 217/330] Remove doc_file and file_path from document
 serializer (#11117) (#11119)

(cherry picked from commit 927a302bb4494a3d7dce5c829d7c6a646247704c)

Co-authored-by: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
---
 geonode/documents/api/tests.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/geonode/documents/api/tests.py b/geonode/documents/api/tests.py
index 856e72efd34..dbb3b13588b 100644
--- a/geonode/documents/api/tests.py
+++ b/geonode/documents/api/tests.py
@@ -16,7 +16,6 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 #########################################################################
-import os
 import logging
 
 from django.contrib.auth import get_user_model

From 0c3653ee00d007e7129e8f2efb9420c978a225bc Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Thu, 1 Jun 2023 15:04:31 +0200
Subject: [PATCH 218/330] Revert "[Fixes #11100] Bump to Geoserver 2.23.1
 (#11104) (#11107)" (#11136)

This reverts commit 91e68714ecf5bfd3afe9262855337e7f959f752c.
---
 dev_config.yml                      | 4 ++--
 docker-compose-geoserver-server.yml | 4 ++--
 docker-compose-test.yml             | 4 ++--
 docker-compose.yml                  | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/dev_config.yml b/dev_config.yml
index b6c89644210..3fa02cd768e 100644
--- a/dev_config.yml
+++ b/dev_config.yml
@@ -1,6 +1,6 @@
 ---
-GEOSERVER_URL: "https://artifacts.geonode.org/geoserver/2.23.1/geoserver.war"
-DATA_DIR_URL: "https://artifacts.geonode.org/geoserver/2.23.1/geonode-geoserver-ext-web-app-data.zip"
+GEOSERVER_URL: "https://artifacts.geonode.org/geoserver/2.23.0/geoserver.war"
+DATA_DIR_URL: "https://artifacts.geonode.org/geoserver/2.23.0/geonode-geoserver-ext-web-app-data.zip"
 JETTY_RUNNER_URL: "https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-runner/9.4.31.v20200723/jetty-runner-9.4.31.v20200723.jar"
 WINDOWS:
   py2exe: "http://downloads.sourceforge.net/project/py2exe/py2exe/0.6.9/py2exe-0.6.9.win32-py2.7.exe"
diff --git a/docker-compose-geoserver-server.yml b/docker-compose-geoserver-server.yml
index 8dfc08b06c0..10785a5794a 100644
--- a/docker-compose-geoserver-server.yml
+++ b/docker-compose-geoserver-server.yml
@@ -2,7 +2,7 @@ version: '2.2'
 services:
 
   data-dir-conf:
-    image: geonode/geoserver_data:2.23.1
+    image: geonode/geoserver_data:2.23.0
     restart: on-failure
     container_name: gsconf4${COMPOSE_PROJECT_NAME}
     labels:
@@ -13,7 +13,7 @@ services:
       - geoserver-data-dir:/geoserver_data/data
 
   geoserver:
-    image: geonode/geoserver:2.23.1
+    image: geonode/geoserver:2.23.0
     restart: unless-stopped
     container_name: geoserver4${COMPOSE_PROJECT_NAME}
     stdin_open: true
diff --git a/docker-compose-test.yml b/docker-compose-test.yml
index 9fed05cbb8d..de398f099a7 100644
--- a/docker-compose-test.yml
+++ b/docker-compose-test.yml
@@ -89,7 +89,7 @@ services:
 
   # Geoserver backend
   geoserver:
-    image: geonode/geoserver:2.23.1
+    image: geonode/geoserver:2.23.0
     container_name: geoserver4${COMPOSE_PROJECT_NAME}
     healthcheck:
       test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://127.0.0.1:8080/geoserver/ows"
@@ -113,7 +113,7 @@ services:
         condition: service_healthy
 
   data-dir-conf:
-    image: geonode/geoserver_data:2.23.1
+    image: geonode/geoserver_data:2.23.0
     container_name: gsconf4${COMPOSE_PROJECT_NAME}
     entrypoint: sleep infinity
     volumes:
diff --git a/docker-compose.yml b/docker-compose.yml
index 5bf831b1ff5..a4fc63d9b88 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -89,7 +89,7 @@ services:
 
   # Geoserver backend
   geoserver:
-    image: geonode/geoserver:2.23.1
+    image: geonode/geoserver:2.23.0
     container_name: geoserver4${COMPOSE_PROJECT_NAME}
     healthcheck:
       test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://127.0.0.1:8080/geoserver/ows"
@@ -113,7 +113,7 @@ services:
         condition: service_healthy
 
   data-dir-conf:
-    image: geonode/geoserver_data:2.23.1
+    image: geonode/geoserver_data:2.23.0
     container_name: gsconf4${COMPOSE_PROJECT_NAME}
     entrypoint: sleep infinity
     volumes:

From 840124a0272a11e1ba6183a43c709e2d2c1e1d67 Mon Sep 17 00:00:00 2001
From: Henning Bredel <h.bredel@52north.org>
Date: Mon, 11 Sep 2023 14:53:45 +0200
Subject: [PATCH 219/330] Add github workflow files

---
 .github/workflows/build-and-push.yaml | 62 +++++++++++++++++++++++++
 .github/workflows/release.yaml        | 66 +++++++++++++++++++++++++++
 2 files changed, 128 insertions(+)
 create mode 100644 .github/workflows/build-and-push.yaml
 create mode 100644 .github/workflows/release.yaml

diff --git a/.github/workflows/build-and-push.yaml b/.github/workflows/build-and-push.yaml
new file mode 100644
index 00000000000..1ca4e975540
--- /dev/null
+++ b/.github/workflows/build-and-push.yaml
@@ -0,0 +1,62 @@
+name: Release GeoNode Docker Images
+
+env:
+  TITLE: "52°North GeoNode Docker Image"
+  VENDOR: "52°North GmbH"
+  AUTHORS: "https://52North.org/"
+  DESCRIPTION: "Builds and publishes the GeoNode Docker development image for Thuenen"
+  LICENSE: "GPL-3.0"
+
+on:
+  push:
+    branches:
+      - "thuenen-dev"
+
+jobs:
+  build_and_push_geonode:
+    runs-on: ubuntu-22.04
+    env:
+      IMAGE: 52north/geonode_thuenen
+      DEVELOPMENT_VERSION: "4.x"
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - 
+        name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.IMAGE }}
+          labels: |
+            "org.opencontainers.image.authors=${{ env.AUTHORS }}"
+            "org.opencontainers.image.vendor=${{ env.VENDOR }}"
+            "org.opencontainers.image.description=${{ env.DESCRIPTION }}"
+            "org.opencontainers.image.title=${{ env.TITLE }}"
+            "org.opencontainers.image.licenses=${{ env.LICENSE }}"
+          tags: |
+            latest
+            ${{ env.DEVELOPMENT_VERSION }}
+      -
+        name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=registry,ref=${{ env.IMAGE }}:buildcache
+          cache-to: type=registry,ref=${{ env.IMAGE }}:buildcache,mode=max
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
new file mode 100644
index 00000000000..0aeac429729
--- /dev/null
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,66 @@
+name: Release GeoNode Docker Images
+
+env:
+  TITLE: "52°North GeoNode Docker Image"
+  VENDOR: "52°North GmbH"
+  AUTHORS: "https://52North.org/"
+  DESCRIPTION: "Builds and publishes the GeoNode Docker image for Thuenen"
+  LICENSE: "GPL-3.0"
+
+on:
+  push:
+    tags: 
+      - "v*"
+
+jobs:
+  build_and_push_geonode:
+    runs-on: ubuntu-22.04
+    env:
+      IMAGE: 52north/geonode_thuenen
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Parse semver string
+        id: semver_parser 
+        uses: booxmedialtd/ws-action-parse-semver@v1
+        with:
+          input_string: "${{github.ref_name}}"
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - 
+        name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.IMAGE }}
+          labels: |
+            "org.opencontainers.image.authors=${{ env.AUTHORS }}"
+            "org.opencontainers.image.vendor=${{ env.VENDOR }}"
+            "org.opencontainers.image.description=${{ env.DESCRIPTION }}"
+            "org.opencontainers.image.title=${{ env.TITLE }}"
+            "org.opencontainers.image.licenses=${{ env.LICENSE }}"
+          tags: |
+            latest
+            ${{ steps.semver_parser.outputs.major }}
+            ${{ steps.semver_parser.outputs.minor }}
+            ${{ steps.semver_parser.outputs.patch }}
+      -
+        name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=registry,ref=${{ env.IMAGE }}:buildcache
+          cache-to: type=registry,ref=${{ env.IMAGE }}:buildcache,mode=max

From 783528c16e8effe8209eabccb267224a8b052adb Mon Sep 17 00:00:00 2001
From: Henning Bredel <h.bredel@52north.org>
Date: Mon, 11 Sep 2023 15:00:26 +0200
Subject: [PATCH 220/330] Update branch to build

---
 .github/workflows/build-and-push.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-and-push.yaml b/.github/workflows/build-and-push.yaml
index 1ca4e975540..49797d7ac29 100644
--- a/.github/workflows/build-and-push.yaml
+++ b/.github/workflows/build-and-push.yaml
@@ -10,7 +10,7 @@ env:
 on:
   push:
     branches:
-      - "thuenen-dev"
+      - "thuenen_4.x"
 
 jobs:
   build_and_push_geonode:

From e286371e1134307726f95020b732cc557b3476a5 Mon Sep 17 00:00:00 2001
From: Henning Bredel <h.bredel@52north.org>
Date: Mon, 11 Sep 2023 15:04:51 +0200
Subject: [PATCH 221/330] Cancels running builds on new push

---
 .github/workflows/build-and-push.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build-and-push.yaml b/.github/workflows/build-and-push.yaml
index 49797d7ac29..d2283a14dfb 100644
--- a/.github/workflows/build-and-push.yaml
+++ b/.github/workflows/build-and-push.yaml
@@ -1,4 +1,8 @@
-name: Release GeoNode Docker Images
+name: Push GeoNode Docker Images
+
+concurrency: 
+  group: "geonode_build"
+  cancel-in-progress: true
 
 env:
   TITLE: "52°North GeoNode Docker Image"

From 4a75e6ecc78130486107d4985ae5e30ad356ca59 Mon Sep 17 00:00:00 2001
From: Henning Bredel <h.bredel@52north.org>
Date: Mon, 11 Sep 2023 15:18:23 +0200
Subject: [PATCH 222/330] Push to 52north/geonode and use different versions

---
 .github/workflows/build-and-push.yaml |  5 ++---
 .github/workflows/release.yaml        | 11 +++++------
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/build-and-push.yaml b/.github/workflows/build-and-push.yaml
index d2283a14dfb..ca75363ac92 100644
--- a/.github/workflows/build-and-push.yaml
+++ b/.github/workflows/build-and-push.yaml
@@ -20,7 +20,7 @@ jobs:
   build_and_push_geonode:
     runs-on: ubuntu-22.04
     env:
-      IMAGE: 52north/geonode_thuenen
+      IMAGE: 52north/geonode
       DEVELOPMENT_VERSION: "4.x"
     steps:
       -
@@ -45,8 +45,7 @@ jobs:
             "org.opencontainers.image.title=${{ env.TITLE }}"
             "org.opencontainers.image.licenses=${{ env.LICENSE }}"
           tags: |
-            latest
-            ${{ env.DEVELOPMENT_VERSION }}
+            ${{ env.DEVELOPMENT_VERSION }}-thuenen
       -
         name: Login to Docker Hub
         uses: docker/login-action@v2
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 0aeac429729..18bb9817a11 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -10,13 +10,13 @@ env:
 on:
   push:
     tags: 
-      - "v*"
+      - "v*-thuenen"
 
 jobs:
   build_and_push_geonode:
     runs-on: ubuntu-22.04
     env:
-      IMAGE: 52north/geonode_thuenen
+      IMAGE: 52north/geonode
     steps:
       -
         name: Checkout
@@ -43,10 +43,9 @@ jobs:
             "org.opencontainers.image.title=${{ env.TITLE }}"
             "org.opencontainers.image.licenses=${{ env.LICENSE }}"
           tags: |
-            latest
-            ${{ steps.semver_parser.outputs.major }}
-            ${{ steps.semver_parser.outputs.minor }}
-            ${{ steps.semver_parser.outputs.patch }}
+            ${{ steps.semver_parser.outputs.major }}-thuenen
+            ${{ steps.semver_parser.outputs.minor }}-thuenen
+            ${{ steps.semver_parser.outputs.patch }}-thuenen
       -
         name: Login to Docker Hub
         uses: docker/login-action@v2

From b3764182a0df17b97e2adf0f4d7c844b4c9bfce8 Mon Sep 17 00:00:00 2001
From: Henning Bredel <h.bredel@52north.org>
Date: Mon, 11 Sep 2023 15:33:12 +0200
Subject: [PATCH 223/330] Use dedicated image repository

---
 .github/workflows/build-and-push.yaml | 9 +++------
 .github/workflows/release.yaml        | 8 ++++----
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/build-and-push.yaml b/.github/workflows/build-and-push.yaml
index ca75363ac92..2785d012047 100644
--- a/.github/workflows/build-and-push.yaml
+++ b/.github/workflows/build-and-push.yaml
@@ -20,15 +20,12 @@ jobs:
   build_and_push_geonode:
     runs-on: ubuntu-22.04
     env:
-      IMAGE: 52north/geonode
+      IMAGE: 52north/geonode_thuenen
       DEVELOPMENT_VERSION: "4.x"
     steps:
       -
         name: Checkout
         uses: actions/checkout@v3
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
@@ -45,7 +42,7 @@ jobs:
             "org.opencontainers.image.title=${{ env.TITLE }}"
             "org.opencontainers.image.licenses=${{ env.LICENSE }}"
           tags: |
-            ${{ env.DEVELOPMENT_VERSION }}-thuenen
+            ${{ env.DEVELOPMENT_VERSION }}
       -
         name: Login to Docker Hub
         uses: docker/login-action@v2
@@ -58,7 +55,7 @@ jobs:
         with:
           context: .
           file: ./Dockerfile
-          push: true
+          push: false
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=registry,ref=${{ env.IMAGE }}:buildcache
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 18bb9817a11..ec4e54cdf9e 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -16,7 +16,7 @@ jobs:
   build_and_push_geonode:
     runs-on: ubuntu-22.04
     env:
-      IMAGE: 52north/geonode
+      IMAGE: 52north/geonode_thuenen
     steps:
       -
         name: Checkout
@@ -43,9 +43,9 @@ jobs:
             "org.opencontainers.image.title=${{ env.TITLE }}"
             "org.opencontainers.image.licenses=${{ env.LICENSE }}"
           tags: |
-            ${{ steps.semver_parser.outputs.major }}-thuenen
-            ${{ steps.semver_parser.outputs.minor }}-thuenen
-            ${{ steps.semver_parser.outputs.patch }}-thuenen
+            ${{ steps.semver_parser.outputs.major }}
+            ${{ steps.semver_parser.outputs.minor }}
+            ${{ steps.semver_parser.outputs.patch }}
       -
         name: Login to Docker Hub
         uses: docker/login-action@v2

From 686f7b33ead53a9e17a5f32192931460c5015caf Mon Sep 17 00:00:00 2001
From: Henning Bredel <h.bredel@52north.org>
Date: Mon, 11 Sep 2023 16:37:25 +0200
Subject: [PATCH 224/330] push to registry after build

---
 .github/workflows/build-and-push.yaml | 2 +-
 .github/workflows/release.yaml        | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-and-push.yaml b/.github/workflows/build-and-push.yaml
index 2785d012047..0cfb52d4174 100644
--- a/.github/workflows/build-and-push.yaml
+++ b/.github/workflows/build-and-push.yaml
@@ -55,7 +55,7 @@ jobs:
         with:
           context: .
           file: ./Dockerfile
-          push: false
+          push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=registry,ref=${{ env.IMAGE }}:buildcache
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index ec4e54cdf9e..bce7da86980 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -44,8 +44,8 @@ jobs:
             "org.opencontainers.image.licenses=${{ env.LICENSE }}"
           tags: |
             ${{ steps.semver_parser.outputs.major }}
-            ${{ steps.semver_parser.outputs.minor }}
-            ${{ steps.semver_parser.outputs.patch }}
+            ${{ steps.semver_parser.outputs.major }}-${{ steps.semver_parser.outputs.minor }}
+            ${{ steps.semver_parser.outputs.major }}-${{ steps.semver_parser.outputs.minor }}-${{ steps.semver_parser.outputs.patch }}
       -
         name: Login to Docker Hub
         uses: docker/login-action@v2

From 8e3ff62b34097bb39dbc68d60285b3671481fa2c Mon Sep 17 00:00:00 2001
From: Henning Bredel <h.bredel@52north.org>
Date: Wed, 13 Sep 2023 11:16:49 +0200
Subject: [PATCH 225/330] Adjust tag management on built images

---
 .../{build-and-push.yaml => 52n-build.yaml}        |  4 ++--
 .../workflows/{release.yaml => 52n-release.yaml}   | 14 +++++++++++---
 2 files changed, 13 insertions(+), 5 deletions(-)
 rename .github/workflows/{build-and-push.yaml => 52n-build.yaml} (93%)
 rename .github/workflows/{release.yaml => 52n-release.yaml} (72%)

diff --git a/.github/workflows/build-and-push.yaml b/.github/workflows/52n-build.yaml
similarity index 93%
rename from .github/workflows/build-and-push.yaml
rename to .github/workflows/52n-build.yaml
index 0cfb52d4174..df1a12d6259 100644
--- a/.github/workflows/build-and-push.yaml
+++ b/.github/workflows/52n-build.yaml
@@ -1,4 +1,4 @@
-name: Push GeoNode Docker Images
+name: Push Thünen Atlas Docker Image(s)
 
 concurrency: 
   group: "geonode_build"
@@ -8,7 +8,7 @@ env:
   TITLE: "52°North GeoNode Docker Image"
   VENDOR: "52°North GmbH"
   AUTHORS: "https://52North.org/"
-  DESCRIPTION: "Builds and publishes the GeoNode Docker development image for Thuenen"
+  DESCRIPTION: "Builds and publishes Thuenen Atlas GeoNode image(s)"
   LICENSE: "GPL-3.0"
 
 on:
diff --git a/.github/workflows/release.yaml b/.github/workflows/52n-release.yaml
similarity index 72%
rename from .github/workflows/release.yaml
rename to .github/workflows/52n-release.yaml
index bce7da86980..c98640c39bd 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/52n-release.yaml
@@ -34,6 +34,10 @@ jobs:
         name: Extract metadata (tags, labels) for Docker
         id: meta
         uses: docker/metadata-action@v4
+        env:
+          MAJOR_VERSION: ${{ steps.semver_parser.outputs.major }}
+          MAJOR_MINOR_VERSION: ${{ steps.semver_parser.outputs.major }}-${{ steps.semver_parser.outputs.minor }}
+          MAJOR_MINOR_PATCH_VERSION: ${{ steps.semver_parser.outputs.major }}-${{ steps.semver_parser.outputs.minor }}-${{ steps.semver_parser.outputs.patch }}
         with:
           images: ${{ env.IMAGE }}
           labels: |
@@ -43,15 +47,19 @@ jobs:
             "org.opencontainers.image.title=${{ env.TITLE }}"
             "org.opencontainers.image.licenses=${{ env.LICENSE }}"
           tags: |
-            ${{ steps.semver_parser.outputs.major }}
-            ${{ steps.semver_parser.outputs.major }}-${{ steps.semver_parser.outputs.minor }}
-            ${{ steps.semver_parser.outputs.major }}-${{ steps.semver_parser.outputs.minor }}-${{ steps.semver_parser.outputs.patch }}
+            latest
+            ${{ env.MAJOR_VERSION }}
+            ${{ env.MAJOR_MINOR_VERSION }}
+            ${{ env.MAJOR_MINOR_PATCH_VERSION }}
       -
         name: Login to Docker Hub
         uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Fail in case fully tagged version already exists
+        run: docker manifest inspect ${{ env.IMAGE }}:${{ steps.meta.env.MAJOR_MINOR_PATCH_VERSION }} > /dev/null ; test $? != 0
       -
         name: Build and push
         uses: docker/build-push-action@v4

From 08ee49339905cd9f052c844c30e1e355fea56cda Mon Sep 17 00:00:00 2001
From: Henning Bredel <h.bredel@52north.org>
Date: Mon, 18 Sep 2023 12:06:12 +0200
Subject: [PATCH 226/330] Align with upstream 4.1.x

---
 geonode/base/forms.py                         |   3 ---
 geonode/base/views.py                         |  15 -------------
 geonode/geoserver/helpers.py                  |  11 ----------
 geonode/geoserver/signals.py                  |   2 --
 geonode/layers/api/serializers.py             |   1 -
 geonode/security/tests.py                     |   9 --------
 geonode/storage/data_retriever.py             |  15 +++++++------
 geonode/storage/tests.py                      |  20 ++----------------
 .../storage/tests/data/data_collection.zip    | Bin 14261 -> 0 bytes
 geonode/upload/__init__.py                    |  18 ----------------
 setup.cfg                                     |   8 -------
 11 files changed, 11 insertions(+), 91 deletions(-)
 delete mode 100644 geonode/storage/tests/data/data_collection.zip

diff --git a/geonode/base/forms.py b/geonode/base/forms.py
index b24ad8e935f..c888d816670 100644
--- a/geonode/base/forms.py
+++ b/geonode/base/forms.py
@@ -470,9 +470,6 @@ def __init__(self, *args, **kwargs):
             if field in ["poc", "owner"] and not self.can_change_perms:
                 self.fields[field].disabled = True
 
-            if field in ["poc", "owner"] and not self.can_change_perms:
-                self.fields[field].disabled = True
-
     def disable_keywords_widget_for_non_superuser(self, user):
         if settings.FREETEXT_KEYWORDS_READONLY and not user.is_superuser:
             self["keywords"].field.disabled = True
diff --git a/geonode/base/views.py b/geonode/base/views.py
index 30a55e8bff7..7d5d08aa692 100644
--- a/geonode/base/views.py
+++ b/geonode/base/views.py
@@ -333,21 +333,6 @@ def get_results(self, context):
         ]
 
 
-class DatasetsAutocomplete(SimpleSelect2View):
-    model = Dataset
-    filter_arg = "title__icontains"
-
-    def get_results(self, context):
-        return [
-            {
-                "id": self.get_result_value(result),
-                "text": self.get_result_label(result.title),
-                "selected_text": self.get_selected_result_label(result.title),
-            }
-            for result in context["object_list"]
-        ]
-
-
 class ThesaurusAvailable(autocomplete.Select2QuerySetView):
     def get_queryset(self):
         tid = self.request.GET.get("sysid")
diff --git a/geonode/geoserver/helpers.py b/geonode/geoserver/helpers.py
index 5f0d5a627f5..e46179532c1 100755
--- a/geonode/geoserver/helpers.py
+++ b/geonode/geoserver/helpers.py
@@ -1876,17 +1876,6 @@ def get_time_info(layer):
 gs_uploader = Client(url, _user, _password)
 
 
-def _create_geofence_client():
-    gf_rest_url = f'{url.rstrip("/")}/geofence/'
-    client = GeoFenceClient(gf_rest_url, _user, _password)
-    client.set_timeout(ogc_server_settings.GEOFENCE_TIMEOUT)
-    return client
-
-
-geofence = _create_geofence_client()
-gf_utils = GeoFenceUtils(geofence)
-
-
 def _create_geofence_client():
     gf_rest_url = f'{url.rstrip("/")}/geofence/'
     client = GeoFenceClient(gf_rest_url, _user, _password)
diff --git a/geonode/geoserver/signals.py b/geonode/geoserver/signals.py
index cfe1ad6f85b..70b96060303 100644
--- a/geonode/geoserver/signals.py
+++ b/geonode/geoserver/signals.py
@@ -42,8 +42,6 @@
 
 geofence_rule_assign = Signal(providing_args=["instance"])
 
-geofence_rule_assign = Signal(providing_args=["instance"])
-
 
 def geoserver_delete(typename):
     # cascading_delete should only be called if
diff --git a/geonode/layers/api/serializers.py b/geonode/layers/api/serializers.py
index 27b1e6a1d6a..3d39fdefe20 100644
--- a/geonode/layers/api/serializers.py
+++ b/geonode/layers/api/serializers.py
@@ -181,7 +181,6 @@ class Meta:
             "subtype",
             "ptype",
             "executions",
-            "metadata",
         )
 
     name = serializers.CharField(read_only=True)
diff --git a/geonode/security/tests.py b/geonode/security/tests.py
index 39dcc36a7a6..52b43a38551 100644
--- a/geonode/security/tests.py
+++ b/geonode/security/tests.py
@@ -1748,15 +1748,6 @@ def test_admin_whitelisted_access_middleware(self):
             middleware.process_request(request)
             self.assertTrue(request.user.is_superuser)
 
-        # Test valid IP in second element
-        with self.settings(ADMIN_IP_WHITELIST=["88.88.88.88", "127.0.0.1"]):
-            request = HttpRequest()
-            request.user = admin
-            request.path = reverse("home")
-            request.META["REMOTE_ADDR"] = "127.0.0.1"
-            middleware.process_request(request)
-            self.assertTrue(request.user.is_superuser)
-
 
 class SecurityRulesTests(TestCase):
     """
diff --git a/geonode/storage/data_retriever.py b/geonode/storage/data_retriever.py
index b535f948328..68a14c2e864 100644
--- a/geonode/storage/data_retriever.py
+++ b/geonode/storage/data_retriever.py
@@ -206,7 +206,7 @@ def _unzip(self, zip_name: str) -> Mapping:
         """
         zip_file = self.file_paths["base_file"]
         with zipfile.ZipFile(zip_file, allowZip64=True) as the_zip:
-        the_zip.extractall(self.temporary_folder)
+            the_zip.extractall(self.temporary_folder)
 
         available_choices = get_allowed_extensions()
         not_main_files = ["xml", "sld", "zip", "kmz"]
@@ -214,14 +214,17 @@ def _unzip(self, zip_name: str) -> Mapping:
         sorted_files = sorted(Path(self.temporary_folder).iterdir())
         for _file in sorted_files:
             if not zipfile.is_zipfile(str(_file)):
-            if any([_file.name.endswith(_ext) for _ext in base_file_choices]):
-                    self.file_paths['base_file'] = Path(str(_file))
+                if any([_file.name.endswith(_ext) for _ext in base_file_choices]):
+                    self.file_paths["base_file"] = Path(str(_file))
                 ext = _file.name.split(".")[-1]
                 if f"{ext}_file" in self.file_paths:
                     existing = self.file_paths[f"{ext}_file"]
-                    self.file_paths[f"{ext}_file"] = [ Path(str(_file)), *(existing if type(existing) == list else [existing]) ]
-                else: 
-                self.file_paths[f"{ext}_file"] = Path(str(_file))
+                    self.file_paths[f"{ext}_file"] = [
+                        Path(str(_file)),
+                        *(existing if type(existing) == list else [existing]),
+                    ]
+                else:
+                    self.file_paths[f"{ext}_file"] = Path(str(_file))
 
         tmp = self.file_paths.copy()
         for key, value in self.file_paths.items():
diff --git a/geonode/storage/tests.py b/geonode/storage/tests.py
index e76c3b6feaa..3d496dba6f7 100644
--- a/geonode/storage/tests.py
+++ b/geonode/storage/tests.py
@@ -416,22 +416,6 @@ def test_storage_manager_copy(self):
         os.remove(output.get("files")[0])
         self.assertFalse(os.path.exists(output.get("files")[0]))
 
-    @override_settings(FILE_UPLOAD_DIRECTORY_PERMISSIONS=0o777)
-    @override_settings(FILE_UPLOAD_PERMISSIONS=0o777)
-    def test_storage_manager_copy(self):
-        """
-        Test that the copy works as expected and the permissions are corerct
-        """
-        dataset = create_single_dataset(name="test_copy")
-        dataset.files = [os.path.join(f"{self.project_root}", "tests/data/test_sld.sld")]
-        dataset.save()
-        output = self.sut().copy(dataset)
-
-        self.assertTrue(os.path.exists(output.get("files")[0]))
-        self.assertEqual(os.stat(os.path.exists(output.get("files")[0])).st_mode, 8592)
-        os.remove(output.get("files")[0])
-        self.assertFalse(os.path.exists(output.get("files")[0]))
-
 
 class TestDataRetriever(TestCase):
     @classmethod
@@ -624,7 +608,7 @@ def test_zip_file_should_correctly_recognize_main_extension_with_shp(self):
         self.assertIsNotNone(storage_manager.data_retriever.temporary_folder)
         _files = storage_manager.get_retrieved_paths()
         self.assertTrue("single_point.shp" in _files.get("base_file"))
-        
+
     def test_zip_file_should_correctly_relate_mixed_content(self):
         zip_file = os.path.join(f"{self.project_root}", "tests/data/data_collection.zip")
         storage_manager = self.sut(
@@ -634,7 +618,7 @@ def test_zip_file_should_correctly_relate_mixed_content(self):
         self.assertIsNotNone(storage_manager.data_retriever.temporary_folder)
         _files = storage_manager.get_retrieved_paths()
         base_file = _files.get("base_file")
-        
+
         def strip_extension(filename):
             return filename.split(".")[0] if filename else filename
 
diff --git a/geonode/storage/tests/data/data_collection.zip b/geonode/storage/tests/data/data_collection.zip
deleted file mode 100644
index 0702327be361a2bfda7c9c2a6eb13bd08ca5a9b4..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 14261
zcma)@1yEaUx9@2wZY^4h7He?|#qBMHqD70B;7~lc6I!grU5XVi?he7BcyT8LEt)`(
z1W7LMz4y%bo%fzI_hipAdv@me|1)bnD|?>3lAoq3_9IHHhgkSn4=gqG)H4iEUSMHi
z{q+C~>+${B-Okz8(b^Q~V(09^XJuhyxofj!X=P>xv_eh>lWenb6z%?%KEb@n^j)f2
zE=bG9&nBlA9|ueGKbdY;joOUen`!)4ra(7)r#MrhF9MVUT_cP2ztCcPj75X1Z#kW{
zpG(Wfl5^!n|5*`@VfoeUFTUpu6Ia=_x3O>0#$|g#+%45O*9%*_n8n&@8@xDXOy8^Y
zwhbQm^GbnZ^y4I`CjIP@4r4yn<Al&qSGku_c39IRHom3D#o=`Vgt+mnksDr;>;uXD
z1s{_Ao(Gb8dY+tpx>CeolPq8|<e8-e=d@RziJWX?G&3N+YO&z=$;k(q_02S126m0B
zukHN4ys}}ovOfy7TmTV|b~G$m!T&Ja;{4~x7wftm>Fy&Bz90WjI^913EzLCdEV@bQ
z0Rln-0==zVq)59CEGuFfk@|n6u#G%3nD*Yp@xM0m`M*YE|8CTc|F!l1+F;!;FP~ka
zUSvLpKJLB6qx(T}KiplMtWB-VJ<Rz$d_1`MmA4-Lo8a$y_(^X3G5>zzGi)p@mcIq&
z&Zg$hR&LhrroN^?Hy1BED{E&<J9ATSa}R5`|6L)mwrPoGW@buO@z&kAxAbr2Lg)kk
zQnP*B^X)n8kkI<ePT178FIA+_S(LWBAVNEY0zpZS(2gXn=FtoOeAb^h%ksES^i}n1
zVZ{eH-R!jwIue1B5eZhBL9S(A+%4GmB|6W9&d#{BE_&Ie$+;1~$JzNDKc5;V;?LfX
zZFcg!B*IhLM6KlSWg8!oO%oH0J`lTky%J{2jv`O`-TN2eKO(f6GIJ`vkL>AvasCe?
z{JUIZrHOh4C>1b~R;28{D8_;C*Kgn3>B!5u{?6wk<wFNjFi;wuoS#VIRn_+#hli3n
zFMf&zcE(uVh-=IyTl{&pf@g|(Je*vtW-ie7Fb^v|p4eq*F?4;%Qm%=PzE|nVyWg*&
zPwPs3S&;lQk<7HeSUfsioEV`wh+ChvNzvpO_9~J*9HuK74v&m#+DR*gpPOGkKX?-Z
zB|eXIc=?xW8WWn~6!-rW;@=DZ_d52dNAEusz{2X6{~twpUz%a71h4g0utkI9cMVzG
zL!^?4OGBl&Ec4<yxl(-fSnT3IaLL!JWC&Vu2@xnf5qu|@9I3+jjdJQ{Z7pX3afqq9
z=yH(uUYlILIjZ05oLm~RHZvIOfn#oM(GyqoPoEmVO{HsN<lH-WxkOwL`i@LV1(DHr
z>(3qSw4MloLylD|r7kdmcbMD0U)|lHGfYZqQb+kpL%V{)_sPrb7s)R_$XjVzUBg&n
zI^Hsock*ztG+h&#?i6Y=olMJQ6W1?=|5^?A^@Z(}baxEo1E}CDxf7)O@Us5TD=ttR
zCe^3zX01(ncltFK6e(qr@Ca;gLr`DZyVbcf=<=YCEh8Uc<M{VccA85c>*E^6So3U<
z1R3D8Zl@c7Ogw*1M-JImxEzRrs{kN%axKmgZXcv7HmCd>u+(E}>oZtR-%l{IohH#p
zCHUjO&hbf~@9SQDfbe_)$y+%j+;DQOBXiU`K$Tl2J`3anWO?vCn!TGkGa~=mnm)K|
zGh*2e82?&y#ucf5W1T?<ELfZp&NUm3hr?BYP0cQ=Y!#J{&xHwhr|Hu^Y!_?Zy{(j+
z=*6DVQedo^2${*hGF#Y^<)`gcJW^aw?K`X_t-I+C*|8QRGv|!}&LiL#I!ogu@M*qE
zYft#1Wpl$5?e*lJgq)0op1!UbP%^O{k5>?mbf=BG1!e7Ziik(^eLWVm;nAONXj&a)
zi@NKyIPWTIZpurOZPMpOlRq3ijPm82^=zIjCG4pl*h>itUgCsuBcWdp=?;96FK6jC
z_ceT>1kP`qg%(!=wmD8$tX1(Qd+N&a7L>0`hXUU2!gYS)k=4}-bTh)7NtwPB-R{sS
zqi<TuTgGu-&dxl!VF&l_s1&%U_fSE(V*6FTwMMl=b>FR2b$wm~R8fvUDb&mbC`%!q
z?TYVDl(5R@0SxVhO5zH=JKtWgJGOkuTqYRe545!rjgXTz^K~mDan_RDGr@8Qa;<g>
z<@b4I)QYe3b8UjAs-atX^rcH|4<3itP7<=+Vc<~39G%X<Q&|}JRG&UQRCm|**KFS%
zz3DA-Py1(?b9?@w*-0Bg>)V<S+s-D_L4L312om7aI(+7ZU4}yGle<syG+Cv+-zS`&
z<_!B>JV7c(Dv0faw4M)<@b%mflfI5eYi&CRbx@|ZHBY7#E^IdmM(8BVt$7Wox8epB
zIkWZSwL21jWkwATPZ<;umOHjptKMF(@0k<{lsmxbwE+u<YWs~fVa_8L96ml5;1!3x
zypHOVc9{^xch9n`doA2e8YMPtPVJ6e;Brf|U_LQv%+fCND?-nOieC--HB({XBYSWv
z5LjR{_b|uw_u~>x9k)qckv__VG*Tk=m$RJct?0ra+#}IS^dm@WTp2GbO4ssdO>)0a
zYyPg<fi1+4s?s0sIPg+f5Tj)DDW)nhU-MXX!lV^97dj?ZN}~E5Pb~5D(oLy!C3E6w
ze~@9#2g@HrI0l{K4#yM*E4yR#f@mIRTU%Epou7wSCw^X7^QQ)&>sJB#ooYiQ;H)~u
zG?tLl*LwNw*q6eFwMT*-Q_Pr1oFm}`ZiS4v>klZ2MpBXYYm3grioOgpb7B1Rg|>{L
z)#>Y{B5Ygw7^i*T#nFMA-goIB!Q=ct4?|7ev{<1@wIAXx;0O*`6N(lV-bvo4mt_(Q
zZ#N+j_B;t({g@M!@-zgT0Sz9MBlJu%iho8WGT#u8L2}rdEdMF-I{nyL??GA>lfw&W
z>AWrX4YZ~;VMGGhLO4`57xi*hGDNbkQOPf{Cun6uU@g;F3CXQ-kx&jl#V@ya>qMi*
zsm6h`NwfHFn0Z`)Mvx)l+~pnW&jq}8w6E{btTz5He<!!D!{#9dbF}Gt)a#8Znb_a>
z7N~;oes>G%7uhCid8G8*xo<b4MAVmKyLtN_9B}{gd2B4`%&(X?A5K8a-B*~=yW#%j
z6}UfeCP(t5N4DWgcr3&}_SXX7hvv@#$;mqWK0;gd)V1)=LhU7#xq776vN!VWAnA~u
zMigNTm71yQHs|blsZffnIaC~6?f|9o^_qfg{HFKf#Kj>L?)7S#c(EwwWXAa7=x%!O
zimF3h$1H=>QPklue-DV-Nu?tIu7q_SXlx*E9Mb{4E}mt()V(CpigO{UKRPvRb=N<$
zAMvgJ3NOJSVyNzYe*m?yP0jD%WYp2$IEa`wj)dv}BqJvJP}m3sx()P!-uNfvxVq|v
zolmY0kN2aF=bz%3b6LW^11FSN=)vRyHI5{=13YDj#{qY5&h98`+>y0bOvpYQZiHQn
zjIz-9lM_&}jQ^D&q37_gA&PmR-G#}_L*zElI7WQ6)mo_?`y^1Nap9@DZR_<JZAIYe
z$n*|;-;_d-yT+UOq6({dEnqS4p+@xL3nKrCBi`7qJ!5vPY5=%e7>f^S@~IooHqz>p
z{<98~jYe(Xq%5N+VR*B5R-{d^v=mqJUiVp?_YL~8=4VUV9orGX2|v%XPhzAl<|e7`
zkHKRe)86>0F?Wmy*a%5Q@s7}PFdYYPu&z`RGPmz2bL?<g3k`>T{LTx1C_|KDh0N^w
z<H23Alh$>|#xro>G=q;|Ko)_q!4S{Mw0_$%PBNWfPTPn1%C|;2`Y!1kW37j?ndUL_
z^?w{2;-*fRzxf$}y&7Aj>G^51Ka!X#dmFRkDk9k!ctUddywfWbKw=*#%QcC+I+GB>
z3_*u`d!|^bZ43l0k0#YyEz(Jh=|=nUy7$1Reyd+J{^$ZA4;{EuuK^*M8ephq1h*_D
zYAF83y%3Z5nW?Caj3JbUop8-I#Q&OW@ODFxKPVyYPc`RoJ^ArQza#{k(2RHKRKKa_
zwYN$j_ECmTa}Vxr1=Z{F&#e@WvhhIGklb(-5DQO_ZP9MZ$3QBeQe?M-^A=F)TPYpT
zE$$Nad>FL7^!WWE;Iw~AxKR4~JJV_3UQ@Q)?=Ob^)tSIPx?B38574FZOEquHfHI(2
zVc$bXbDOyuZ@Z*5i)k516>e%z0`2JyO^@_oGgsuskI?!fa^S2{$n~SeQ1_KT^kV#i
zCYNlEGEcWgaSj(Ww~nA`^UayIeW$U~%f0aW`A}{(HrZl9y^wU-PyRcfc^w8Od&_<O
z$(4MZBjA(oYx3kBc<H2A%yv16XiRcGvF_(mWfzHlL2+3?yI=EX$xa9E@*cTkYD-^M
zSddSN5_Fk(mMfBzQc-JieOAorS0C=h6Y4Fl-|*|X$tb+FROTdV+X(OFj_s#6DUJ*3
z4w0;I((AV6$q^y$0gT2`YD0T%!T}uHiaKAdEu`sh&;KmSwb)C!bkPP}lzh0h7t;kb
zm-Ew_#+YWBZuu<<smJ1(*?xZioowTUe~zr|Ls4z1u$2uISZi1du2>*`%mAzg)-Q^;
zDDk?L(E@;b^@rBeLFNl%k<c%(1)cg(Cs&O<w!ZB8F@r6$_dSbYG|-u2eed;Py4Pyo
z3zP$Yy0SefiSt~}4iioT^C|^PN3tH0^%U59#(t|&eb>9fj5JXyQ5HNZ>eH-a0_zAL
z63{XYz(&2>x>flxN^0zPE-{Y9;$tF1`<4<}r3~pmi4ey~Ha8j>K@Oz^RusglQkU?i
z@_6xv<ZxzsT3ZFj5#ZWe^(YAAbtXtVDH>gwCg0<m>U*F8MU0ZUctm8sk7|)LpU<<6
zTj&wj;<%JGM-Q<pSV>En($n;OMU9IL`pk3qv?g^wP1+l~zE&7ux4=5pVX8=5iM&W_
z9}a1cioO!1j@#|I5@oV|j!0OWeRJhk0o!{Q;*pbp8g*a$yaL}y=o@B}9Zk#rLlC?q
zyQ?_Y0~QR?kF3r8DwE?GvOUSuP$rHSt6QCY^f?1N+s^_z=XTZ9^+oq)Yf%U4$^F9i
zBI(-Ta!iylNNBzBgdt1wd=UAVCvl4Pk`aIz2AgBQqMLEv+^hcJ@W{Np(tAX<M|tLr
zIS;%$i(BKX%L-8XHuP>vp`>BO6q=@E+Pu>@$suWzfVzA8!U4cq!5}ny8Zx%GUqTZY
zA?wkQnRsEQSTKSmIlWSGd(JLo=pw>Zf6zVd`uv(6XkmPs{Ho%KNm~@rJi2uYj4jpB
zCmf9jmfh8CqMg6+$AniXT1lD_;4$o&a~$f1H}o;;FK%{krKxUY+c4Op;GTOLbb8(T
z3KVta=3T7&76&ydPBG)|K5Z;RDpWa`{crs*#Ja3D!lgbY&Iejz#liw@WteiTy}j%h
zK6V5)#8#v^@O!6t_KlR6zh9EFJ&?3{JE};X-kISNC@r<(>yt%69siOm2=4{N{5{K#
zuWaqRfalBpu^L;=0|FUfM<t9wpH0a_#XqyMt%Rm~6&VU={QI7pKEfZZZ=-aX04$5G
zI#_pywueL7n*r+)^L<trF?gLWUe1K{xX`1hT7sOS#Jj#q|Bom*&HnE3p_1RCx=rFa
z*em(4hn0G~DhgVXJFQOFBT*85qd1KA*0ryC&hwLT-w6M(Rs(3?lfOtxnQ-~4Oo(~c
z#`mM^gG<2r&f9~TI)Pto_%^9G1Mfy=kX{IG_ZFe6?8s-1)Qlh_ipxd@bpu@0_t_GX
zcznsDa|vOu{Ff5YErBOzqC`qJPHEf>3LvgAGXG|Ln~nkY^+#RC$+DU0vVM++<VSuU
z+l5a%JWY(2l#vAfP6_x~beWAUkJbY_-WpS`S9zDT<5bB^>#8ohPfyhQJ>&aBlg@Hi
zUNu>hc)rk@!;~6-`D}J{2SDIph#*L~o6Inl8XPsJ$vk~Iz0Tuw*SQL(o_SEpd49h?
zOR<$!(g2q)#UI7RqWC>0gQ;S6NfJ<f#^PQ`YN_jV@AT-n@vUgw95}<)AcNKIqbSBd
z`d=tcCS+tE8f$HB&39iV4MCDljS^Z5EZDR7@7VWvZ(ED_4QS?7gR<0ivAe?cVB$4H
zJg44PG8T~MRxG4K13RdA)b@1c*h4+B#PYmvM{%L)O|B|EzC(;lNvKa_-k%p6#-ckf
zwHG11L{DYf<5AJo$LVjF0({z}D<7<L|H*M9;X@DhDP8J2e*2~_0xYb^6;s9-`<N!n
z&@*1w#f9nvseNjCB*pP~BsRXd<(z8xfM>F#U1TyKp<dh6L7!0;1|sMTNO*)c@-b#{
zz}L?T9B5;YjHT17XkElSVKk@|T#7*QsdVuLeU5+?5(S1C>fdg#Tr{tRN#|3ZR0Y&q
z5I6aJST}ftH>-QhvX1GmWK;JmM$@sG7{vA!CGk#K1??Y7y2{`IsI~Idu4lH+U1L>z
zFgB^rIen^US!$(_Noq-)w385;Z>QAVtEZ-qh6Aje%aVNwY$ib8i-^5jP8q*O%!O>y
zB;28#D*s%+G_cxQ<MM0+N+J$&t!`zAQ(xnU(KdO|?Dy7+3Y#AGsLW+eF7%aahpRl=
zkY;$uYIUn<&lVA@Jl>B%>SpZm26!49%AU3!aNZf$tRcrG+3tcji@3)&+6^s;pKbg0
z!dru1Wr+k<Mno^D`oA<h19}?WU~4nBPe#GYdj#!Y*%fx=lg<WF_$(S)$UVL^XOOBU
z%awNR@*t(RVjQm}TEBn93(J*~RkGM3z51#kACJlvRYM=SrLV|}rbbs2=f(K(vrjQH
z4Z05_ErG((L67jFQ&$pDulbr{Z^SBO0bbuKXim8eSl+P%@AMdT64#5)g#54BZ8n)y
z0)PVa6N^1s?>C#H(-x5355XFccwhqMRZ12dF-eB^E1=41kKWZNOD?<d5G5@L7FNLa
zv)<SvH7#WWG47lUiEl*bIg2K)8$|Rbvb-8&3c4e(Lc_J~-SI=nvSx{x0oM{oGDHE(
z-bQ*~r6#Xm8Q@LyA@DA^=}N27l3C5{yW_Joaj~;tb1lNTM0S|WK4{GH0r8~SN@o|n
zl25qlt&#{2lYnc?m}%TjQg+D3%*^`>w$5$5vaWP_+mi);MXEBIJk6nSahdqTG|#}O
z$tM}g{3q*QZUFFiB}>mbfX8mf@>&L6idL+mr4Y>laB-^-*yrx@F*hfKXvfzTzW#jT
z3bflby@W{FC@Jo3|ElOY*#Y8L%bOQ_$-u#w@O3YmJST(SSa-Cn0vapN#5)Z@eAjqX
z)<Z$qUau6m4*5{4K@eNJ2v3|f{oMPhh%jqGradD0h0t+-UlBa8K=@`iaqm#-cqIzj
zo0B+>_=PApGA-kAT(-DKh}OWP0BJl=A92W3oG03{&j^f$Z&{{^#$TY(KZ0i?#3{>q
zhM%MsSp^1Gl`IitR>Zv4VcXgQRC){1`+gbMBv7|bJqRS^K8bc@-4Z_zkT=BshzPjy
zuS4%ce!mYQCc_nLNxG0+2Wu5SB4v^(dNbGzRo*(IgC7XxmJ1JGoAx`olLD-lDdh$&
zJ+bSz8IfPI>B6EHj0UF--WzP@_o>vas}B0Q7-Ai+jQCRwr934%>oe(%<tF|W^cRPz
zzsN8QSKV@xoUW^l^Eu%~Q=;Na!^vu(paeR&Gt)-*3Epfd*q4k*)XALVQdO1OK9oUJ
zEr;WZY}uq~M&*+YT2t82cIt&v-ufpqf*1RWgpgM92lcmxzj(Nu=d1&u;ret0rwQlt
zY$sfnRNaUr1g^E)9iy#bLdh+qy%$XBAt$W-l5yM?nCex&##JZtVw_YXw6ei~zR~;z
z|CEG|!EnVDa|VphzKasjE1R_LW*Xtngn~=00X7t;g_Q5O)^Rd-#@7@tUl^b3st(_r
zc$O6u6iSP*fzl<2Tzva#tl2X__njJ??p9$cI=wz_(*-~A)A6y0<EmWUmi_58hF_ME
zTM9w#9QE%v{P<oC-M58Oy!A&%NeZRgh0i3Qzo$0)GL<o0?k;VQ6puifEjaU!sZ5he
zgaD*DbzzeLMoKA#J^OYwem5Dj4=!u1QAgEQ^VG3Gou81w>e`m1Yb7()!!Nenx*wO`
z?p}$Wns%6V@?MTVunKZ;p*4DtStZseo<5P_sbKdUez?jp^3aDJ^kq!B#Ty>bD?k%g
zw&iAc9KAQ@JD$+Wm~9Ic|8lpvEfsd-Za9x4h;Akc4eKeZZI-W2xL~tJXfkI#bFrq^
zIPfmjYUNrDP-l-Z*gv+UP!MBn=y^#XbEaeoar9y42>e5Rn`(`&S5Y5RB(h`?-1ua<
zm19mi7SXd#o&gWutvdEzs_oJd&+w+99z!H1eJ(i{%^G1vw67zKCmekM$pK55WaXLV
zPcLdWuZJa-x9@VC%0mJk-acDt)7H*W=y^x^bkylo+UII<wluE3Hur;LQECr4|J#r|
z==d{l9ax_n6KTeu?yw#rngn?Cj)rJUty$3eQHk!GgBke?#7AU%+y+bqxwj}0M{h&e
zc&v~t>I*^Mjsvjm#A<F*Em$)koXxD<wouej;Nk#Bi(nPYk=WSGIZ_L|<82cJ$T`O7
zqg_dg{@sTFMiSiYncy|g^(pGSpiMNpY>EzHyG<)vf9@c5{MAF2fS)?!!j;PLv7dZ+
zAt+&dv-$NHu%5Ruqk@Jk<t-9=_s;tAt`KvR`%=WJP;<29?D*Hstg-!-PnVG9Pg^Tk
z(fxkFsXEC;Mk=RG5+!sy02b}0jTPhERNBlu+OF4&i0W|S4`4>Xl2phz$YtwRcZqJr
z;j5#e5VzS(wIWN)LKz+3&M)SDfjCoLW+1jn;!II1HlcU~Schz3^?PbT4&Ng8n96#!
zs^I(Muy(g2>eFt)DI8OpzPt8^a*uxbZm03&RB?(QkfGP?wgVA)TWj8=z1b^Q87jRG
zOw6&%&Etv`5k<qk@9<Rn;!NFUV~NaT5yQT3jrJ<k7Pp$cUlWjNxT1n0LnUET&!Orc
z<|%ayV9DLz72re%S?L2c1Ch}U>_EA#lH-{qw-0GwwlYScvam2{91&6I@XhtF!b!O+
zj_seshV4v;Jz+(XTPaX|4SOHa?uFtD+LE9Vtzn7!jI1~%d7H*=J$2%hruZw^h>lmp
zhU^S?K#Pt;*9DoleT7AQr|d8Y-5OlxDt^G+72_mODtiza77o8HDALK>zLU})Z{mmS
z{4_r4NFs=+Ha*Ul3J%+zMCFEHv*H-c_pxU9j_5-pI<?<*2pk9Knl%mVO}(0({5-8N
z01&dBLFKUUq_Eu`T!!4Tb^7wMZr=)x0k@9Lkin~9bvK#4dU0k+f|Hv+&a(L4nUo%J
zz0V``U>Ny{QN1|6`KP%AvOboIXnzC0DVa%r__IJKkX~{c|IOA%a#{5UlJw~vqO=i1
zgX0e~%|aX_z!3N!yuD1A`7&zPy0}Q;%}?2(MY{2iHDkZtDO1mO6)4JcxJKf0J*@&~
zLx&&0Rv&wE<AeD^QX`n!R!?OJM;Q&q-*;?emdsG4A5n;#M_3O)X3TftPlesUe$TB^
zoe0z<<K6>zm7fLExiDz&eRjzWIGhYY=LHpgB4X;8Y6a^NoH(v3KM5X9Ty|;dsnvBh
zT7}Q16=izocj4fj62%|RIfY0J{LZCYnOLUaSFT&OA=VHG2vR!R%DS_;B4}wt1ij|e
z80hJ)&W6uhbd5U#tD9pw9uJbW7xbc+fPtmXrK~*Q19b!svKeXjnH%`Uxu=;^aGg+f
z@Ni?wx9D(43DneZ_cQcVMG^wOk^b=)6JN`ozKHw;CK4sW5J9mz?SBnr9p=zKG(Y(?
z@aKV>OvMUJh!o_z7kG#B5vT=RCPyd)U9u122^_A8t%Rh<iTSGUC-=TuX8D{8&8|%t
z-o6Pwdt%3HQk(%JG2nuDr1XxCqu%}Ut&G$Fof}KIoV6wi&>>12UHs6wz!!r?C_^C#
zMTeeW=M*EgiKh@sq$7*Hg@YELnYx_x{+fc(!GB}3AS`p(=c}~i$Vd$8HZOWh=&UnT
z>z#kOuo@i`?IoauHQn|M)T|lUC_ay;-dq9PJo7tEIjxyM-C6cWb@AHn2d`-Kzf10B
z^3HHh?(@@`q^u7M;7>@Otq>#Tr)oP*$?77ETIKZ}lt{w7u_L0etB6?AG0fk-i8Xq0
z=oN@``t%Xo^(4;Fsbm9(M>1O3_h|+Dtns4li2v?jL0xVQS=t(!P3)Uuk`wm4DY!=9
z?b+SemWKHsIJaJ|nopHsZC9ZV#95V^r3&;2q2&U45ff)2`RODs{@dS5G|p5$`{!h_
z889t3nQL}TXy7}-)I^x>w9|m;i1{7n%AXn+7x%1)C?$ZVuSVWoHX~|9))Uc`*qO%?
zQT=qx{ct^78I1u)nWJuAjki33X%MuvU;yn_`(Iuuw>j9^;RJMbUq3)&K2CNE5OvkF
z1zJ)s#kb-U@iy|g_XtfdjMm-OL)UIXN5>Q}qj)e#z-<Q8pG`k^`<I9W#8iLBb5S3Y
zX7vW<fb&7E6K;4WlVARJz=s+@`Q-z(cKta8<*ip@<)M2Sk1H~`8jnO*QJ?2>vvS*N
z{lfYBI~SM|1laZ&GP@Roq>t8Ehu+_BYE@aMh+~g;NcQqa4-L`p108Dy^PD)ZYaEA~
zc&$36i`jlO$$Jz#dPxpwODGvC#yEbZp&q&X7>eO#iX4lEkZNn_$`-28KCxj&6@#R6
zobaAz>L=8HY|6h3$3~#bUtD%we4r8$RGGiyfb=c<;nOiBJz=R@2RSz~sHsMIIidJ>
zm%8?+6J_R$-d#RX&!f}5-M9@lC84Nc(9itE*XBPnofa!eF1RnA)C_`Qnz?D?K~A~X
zHQ%Hx>x@krchUxP1dv*+z8rxLB1e_Xcc$Vt7+yTyBL)57BC+1so34FmNqg$0)QLa)
zZL7eo%W_|VsWbj`(VdGQ$i;eG&bwN_7$$n5to4(?B>Ktr+5jvK;hB!!jXHJ#%gMw9
z?iLXhbc%`#iT@IOE{s?&^!tPSV%OF%w)7s7bfvTkGmS~SVti1&liC@9*8venOs{38
zru8UFu7*QFun3--P4Cd{%*)uqLge)=``7ZeEd_jWimzt^uodnLQ*bM0*Z)M`j>s4D
z!+m$k@GL0Oi!pmo$i$Xg7y;h72<v-cvJnHx>DtUwjk*LY>aDxdpwNZ3HQuzokb3h}
zuQqJgh9Y84(c`;hdu|8O;ZYLq@mJVw9pc#+(tm+ne3$QXV#4@fImVA9hHv8SwtjO`
zwXEbEQYz<OqK_cA7^g(pW5x2m#&B-zJ*CNy#$eO*e6+?54q2DdZgJENs5-^NJ}DuG
zvw2RXb)^gl>7M+{xvk-oU2f5bxe7Lzban*cSHvkLx5jnI%20J-4qM<+3Qad=9oCgM
z@<;CM{UIGws{Y8x4>dk(4dG$Qh4*Ac?j7h|W3&s{Vf=-HZNgsPBD=EpldHYrQh-~|
zpqwwTlxltbaw!ry>5kj60yd88uMUa_r3YXTvyHE#W<fRY4so>hGp>tc@QeVTc9<bJ
zk3m(Q1g0d-5>0WF96LFThAoWibN!4O(;${6%fH_GamYr&UX@gQF8CfXK>O#wX?F7h
z=PU?dojL5xKn^~JVsGl%>Pd3%XIx#u;%3WQdP|6HIMrw71~!c5^Ob#^?>nBN$X~_b
z<=X+ZX@T`WdF_VgZ{+$L`w|>T%xc4{P!x<pD5j>Mj)bfizn6VSv3r;;mIJh=r(IDr
z9c4S{rX}E;8)+RkX{V2SA8xsx!|Ls}^kDlTEwJsoPPO?)K`{l(^FJ?9K|jo9*%@}Z
zV7a%rTXyCW@u3S+iLB5DbcMCSru=$I35K}6{Q*E%i%EdEI?Iy0Cbo*dqEO{qWoU+=
zIGZvuVJMo%t!B4Q+=4C82-4b_*qpN+Ap#cp<XXjkp;g3IQTk?&Dx{~fSX*ePU?)zG
ziFYzfL4CT_I9yclNtK_!H<R7u*si}S#Rlkxwe2OI6X=aYX4<O<Rf+hA+?g_J6C&kJ
zVE@vW7hN|*%i<4sqp7_gq^>E{0P_sC$^I^inFA=~FoEqwP^Qv#g9M}%;Wib@7UtKv
zQShX+Z#&b3Zuf2+?+_Be_Q|^}?swSK<{A9s1tnYYR}M^V8=fq;$<5Ssaib`r2t_^S
zas0j=4LNsJ<y*eJ_;l1UK@`d>F8Q=cD_YJvE^_{b?Lv0$)r!wI4D5DpMSFZviRN9D
zq`@{*A1(~~%@X4t+kiwt50ws2G9rq3J?v~hg>T2Zv-wXR?6=p*jqCv2VlOr$?gGR=
zYK#)`-hp6O-pZ&X7lK%VlECduLYxamn)~12oHl2kcux<>WH5{*-$4R|$VQIO|4Ijh
zuh^bR|D|XD7a<D$r5!W49#Zq`r{5^x?;Io@qZpB9!M(WT6DDU3ob)H>G!k3yz4@0r
z8M3b!-Unkknd-VjOi6~XRP&UXghR7G0MTymaNNx?`H(Nb9n^{cMHyzt80iAGbCqV}
z(rtSzx_y3$#|8W<Km88SFANvtGbB93U9f%Hqa9annAW{uoEa8k-hTCNY`Z;0+P9c-
zzvd~bJMG*y<V}(avLm8P0u{Sg5VVpik>0_WTs%tTU#?yzCZ2}iN!KN9Uy77^0hy9I
z5odmici351`l3lqX1{~(gfVd>L-k<X>zGbqE~D<1EK)=!_EzJPbRh}$CB5C~ET^Yd
z4^b5r?=BCy!DH$c9h<}5O>plk4<RDjU|XnVb_2zR1!Zvpb$_-@J#1^Ul<Yhb;Dr3e
zV5?3^&m*I+@@*R=zjPtNvt93fk$c@<R-}o8G0p`wBSATM)XjfJlU&kQ8P_v4E@#yq
z4vG$oz9VgYXs3-pU-|wp{PdPavbQDZ&sy`_j|>EBLaQDN&)A>ppY|E*5$K4(X$np{
z3s>#CKr%Aen0N#a`wsE!^z!!yOv>W7naPOy<7Hu(xe>r?vE{q##yX`Tj5XiGSG?(W
zn>Ie5tVg2p)7?x4@8AF!rIf9U<V;7#Ej>Sv<j}(;OIlLo)GxAmzP7qBuoR!%M6TZE
z=hWmOj-=tc*S9VxO)HsOHzn!LD&t9rMU2RIy5o{0UJa90jM5|t(tWnE8sWZ;nN8Y&
z_~j3*p-tkP9=qnAkm&`<(Oe<J_k?%g;xzmy*U<LG6OXZw`<~<Z^@h$>)v|4GjF%}p
ztQ*BsPBODGu|piY09`5nvY7;p*E3IPhs%gZ#j_bOD|KzLn5^s3rw8~&im`{Ea?mf`
zrMfcR+5@&PjB6Geo%}2IPnvh%<ssfB=GyUolWMEGwv)f0>A4tEA$KxAGjXBiL2qQw
zziL^o<E)N63DU@2Th$nmtOPlj5URx%Jln_)^AF_S03G7#4#v$Xf19n>fI=gk@Y_**
zo$oPuQgeB#rtprrF-U&ApZcxwq)KdcEI#YWet;K)Lx0TN8H7j0o7dg&>yM{d;y#{m
z0h1PEO-Bv#tXXMHhM42JkB1Kbtu144<%}~2F}X2aCri-Sw$Ok!yGF`WCP?FB(r195
zTzDW%*$*Bv#4WO@fx3zgklRHW#3*J?O$tGm)+*5k8F};X@njADl+h=du<&a@OMM))
z^N=Hw(cUpgBQ(x#*fqqiAB}U<>n2?#^>Z+1T{C%WY8E>hTYw9vGo<5%+WVIMEVC#g
z_$WyxM99-R7H=t3flTdM!D^a3U$!DxNhPgZ!*+1gtZ$0ozu8;x?QLk=RaeFDz~Uc2
z6?4K-J?6!r9tVAN{3w4^Oz(q|JWa%YIA54+kc_9vG^~?7N<!rXC2hPNQWvnSyw%(M
zYI&P_1x+U`@^Hft3zg=D#qE@Gh(6@ZG_&bhM!rnfAH0ouQc>Q*)j&TVD>EW5)gbFy
zM^mh~VETNAicpk^=4V35_2dONGt?hjh|?Ze_j?^X-0EW()o^RC58>wQ^E;Ke!+buT
zT1;>|?h!CAaqbEDbO4auFjR*epx581=5v@I>G|lel0(z?+2ol>VJG&rNxdRev<cS&
zp$yuP?T8@=<p13-oEF-(QV92aGG^I)l*krf;FobsC^qadBS?Tu`kIn0b~OK^T#$^<
z;*V7OW3N>aD)F@FJ{@Jnv?<@A!Hc6qD3L~*RRUT{de@*4yXx1~0aYj{k``&$O}NH7
zC07W>J99{lze#bZLnNU^^?$t~moZ{*3dcK{IM6Y{n$!jAY!<7^dV(j-y^yyjcuvpY
zISz^kiyPEcqc??6G1T1KF}TUnv@i>tMP~c4Wp!4fc`X4za#Zk&ZcN|zgD7EYZoXPa
z1WhfzepW<S_W3&aOIH>n_<-2q(*DM4$^-*Unjh9{g9qvgS_lJY7+U|3)u`k<II^!9
z#C`Zk=|%>4Oq0DtcoPxY010!~{k}@E!AuG}kTL+jQG~u$lWuL_B|Wk$<DeoIW%A0*
z#BoPA1h~@1E*+M{<E|)W$p+$1ta<(vVU+2r1OZ4pf(~CLh_#r%pWPJ`o8?Rwf3mwY
zbuo<FbQAEJdCtCACMBd})1}X~AisIX?8@}B>vmAX<*|{jNc`Kgw>dXvc@%h}yM0s=
zc!S`45RS>T>kAYHab*dA<yz3sVvtelx~C&1<!h}*Fy_TEpHBg1vUROb=3A8;`O*9o
zaB7vGM~DuXn@;El#b0L%)1)SOEE?jL0177fLmhG&=GG(9+P~i@_FO7whJG8J%d*dc
za-RP9Oz5L?r7#%-9P^wE+bNV9lJZG`IxOL;kwJUEWs=tcLr@_s<Xs@DE%qRv9rAJ@
zd62Nh#i&*^BxNAkx?k{>VB8AS%NhZhgRj3WS^v-tHY6Ql>Je?KvLyA9a_^ktw=W~5
zw}ThvB&Ugh45E&W)UHE1T4Do)chgF#w7Is?+wHq8ib6YvtzW%2*~U80=0p<#*6U4p
zdNo5P(v@6`0KU$5IOv4Zj@bU(@=>}moWoU_5tV7Cttcc936m;?DBJO=eA~`9{98{R
z(}V`djAJ&rZn}m%Z_N2n@J^LsWSq_Q-d+j6)E>EMO18!k#He-W#qK1PEtS4i@BJMh
z!|(}sJHAzTKhE|cXqY!b1J?nd{DtlX_$&XH@h+Dmjl%Zzz)$D}Rk)R6nI26*tyA+D
zPI`!xnf_!&3J)K#oN&#Ivv6?~d;;bjai-Mrt?LDWMoE)n2d=20pDKXkc+R<5;K@9?
z5DH2;e^DB{RbrOsq&V&pf9c}6=Nci40dW0w<}GRkW6)pp>o+{5=J7+s_q82loF-JI
zNgI<gX1rch>2=`{f5w-O__b6L+hG+bQKRsszuH{&!aSTmTf0=L#69rmzK$UH)1fJG
zfwR!J+-~s}Ppm<=EcsQdPv;f1XiqDIxLfBh--Vq4pir6~Z7FP@VxPkrK3>3Qvs81F
zkox|c0BgkM6miRt8XM~2>V%DSX7s}93)6ZH-SLLp#qD^&<0IA|RVux4T*Q|x<PqWu
zk8iA*0_}-Pa!pH;iDWY!WX#p8_G<At7G^H-e4E*P38Cvm3QXJPCPDRb<RI>do<hnj
z-aH<K>okvJ?<><qP&%ODPHuDNl9iek5u0!dK#Q$a5Td<?MWfCaZWRomj1$phTeWL5
z<7BpjI&^#A!;O%Mx_ai=0p@@1<ZxGAjAtaV1({r`@x^b4ni5g{^`m->FKj9$#nQ$g
zS8Ay%#L#POuh=lFAPv5|KU&xe*O{^?eE!l;wMr2oI3IYsl1?`zMsA+QPRKfoD4(QB
z?`aYo`Pi-4;8yUPlMTFA3OF<9#vcWmjC>1UA`{iE?S96RO2fM0St-0QeEnhfwF3+J
z#K$7Ge&zY*x!f4JjSyoa%Ws^62kuRM5Qk*Fgo{_E<}szOZei%h#_t~7J{*=oygMP~
zt@Do8ZpjgSp_}s^>9I5GmJZVn);2r<-KbS{-HgdXp0n_bn>R1;g|-U2%s#&%Ka(ye
zQUk+gLM~i7nU;w#kOp2p+x6lo4b^tw9#p*!hA0q}X~jZ_Jrk`C#<_5VF&2)hx*YD;
z%K(`Ny1c09pB<u&o~(cJozYL?g9$DK(l<hDrP7S2*<>->S6zw}@AhSH4k0EtGDa2?
z!fm3x#?c*XzWG|XlM>Y%%$nDxt=4Gj6{zOaqH$Zx`ytr6pT^$OHkpT6y)M{|t7bBT
z$2HMQ$lE@e;r8fLU)r0+$V2A=6LR#`I$7NXKS_`Jn@WfE9_}G4DoParStP_1f|pCY
z`Jp~I3cPc0)mvOkIui^0X*<`-*pg-a;DY?)<<9<+zJPBIn3&%c6O^*;eH7nw!e!ul
zK3@7@@g^Eo#RRv2@zpPQSO<0;#!x83h8Do`0E1tr!-wiVqX`H+(DNWYi2DLfp;UE>
zPW#tRX9PLjp-5A5H;;>pcth`!zR=!ak28N+8bz18r^h-TBHZY_x$koTO>0wc(jn;b
zb+2bv@s5Xixo0)|q1l_j;Uv|K_1iRiGU&%O>T0c74P%yiPjQpGsbv)}hbImK0hZRo
zG#2W-dL*JPIxuZD98`NCLjOq8JmJ89vfO+{n%n5Ad&*`fg+yRZ-0bBK9}ZAhG?SoL
zcV0D^G~wEe+K90R7u|d}#U2XhX1V(_9#tF67g`F~!B~7?(`Z!VtQrkjczW&OMR~Un
z7mB`QHA+`@mbDb>Evt7AiQ34Got#+Z{LV>ZoTL>bQIVrx50j}#61qMW>^RZNAHX&!
z=)4=DUG#Z7n4t(nhHiwj!mn(_%avOJ)<sQ6!3?6Z3r-w&8!34+97qM^NUW`g@0}>D
z!K?Go(rk+i;pGiF48C|+RGDu^UEZWUUF8&Z!F19acTzu^<n_VP%wHRu#-5~bzMF4H
z8Fm2uD`oPEaXM^f`IS+ndj&Z<`@FW1vI<|PCICOlJw~pr?WP&58RiZ*RyZ&*(_zY_
z?air-T1H4Sd1f@UFHq(zvT_XT!c9AcFqK!Bu9nv`y_guxRmy6vdvy)6>`(%KWeW1T
zi^!aT^8uZHPh*)Ai8BbMDtSey9<@E2A7%Ul7#2h5B2(j;AJ_6rT9q#K+$F0o_`W??
z(oxf#MHFS7OZXfL0;h$BSyvCmpRa$)9rgTzUAQ$M{O9ET=&0tFS&Mi@?v|uNuam>0
ziJyIeqJsXyyco2JaI1{_WXK$_=X(BafB@#=NS@rZMtIDR5OpJpc{%-2&@<5wzhuye
z@9pANiiX?Imefnkh?tL|yvU)8G!R`G@%xt~z<qyHq+}I8gDh7cpwmSXlmU9KODZFk
z3|_*e?p%W#KbZI6Z}9$Xcjb0HZ`p(=qQy6A@-PVoi0yk8B{a`l*nY)dE5*%;%%Oev
zP^}%K-Ltc4?%~@=yx8n4Y9hu9`gQ+bPl&taWegoGq2pAv)aGMV_s5jk5gyz<Dpf?i
z{s?BW)%9!2q_JUJOM`>7F>7Xod1-xlMA3d#QIU0%Nr59hw5?f!YXEwocA7a21<l;Z
z{%5X0sSTXnaZgXM{m<wL_fP*ps&I6g*_fH(2%bzx@Uwhpa$^>#`T$$jC&BwxjiKo8
zl_OQV&gniy7p7v9-u>$S`uR-__SdTiOMhL+sr}{mFg^#jkRte;pZU0_oB0U0kTv+6
zg?X*Jn>imB8uj{>fPjsFz*lg{9~$iMLyxfvSD4Q%;+Pv+7~*B_=l9^eGPPigU%#JD
z`{?}J1MCobr9d3)5UJlm?{IK&apF;u!LOCN?%&C$?*}Nv-{BAwt5`65Ke#7H9z2xA
z{_kn2`$YWjSK;TsPyb}6{;B>a7WIF$SXhOhb^ocpr%wK<{wG@WFZJJ;)qnczdz#~)
z>VNV?|5B&_ziOZVQ2%!r(ZAG?zt#T^75%&PzXFQ>C4Kzxe}WhN)9;`7&cFQ5{{Mde
zme&6cl=+w6;ynWO|G}UBEz$qs_s=iLzx)JV{}24`Q;+jEu!Ti%f4JXA#3TIo)&Bw$
Cq!$1H

diff --git a/geonode/upload/__init__.py b/geonode/upload/__init__.py
index f5c5c542718..c50c3f5609f 100644
--- a/geonode/upload/__init__.py
+++ b/geonode/upload/__init__.py
@@ -63,20 +63,6 @@ def run_setup_hooks(sender, **kwargs):
                 start_time=timezone.now(),
             ),
         )
-        daily_interval, _ = IntervalSchedule.objects.get_or_create(
-            every=1,
-            period="days"
-        )
-        daily_interval, _ = IntervalSchedule.objects.get_or_create(every=1, period="days")
-        PeriodicTask.objects.update_or_create(
-            name="clean-up-old-task-result",
-            defaults=dict(
-                task="geonode.upload.tasks.cleanup_celery_task_entries",
-                interval=daily_interval,
-                args="",
-                start_time=timezone.now(),
-            ),
-        )
 
 
 class UploadAppConfig(AppConfig):
@@ -93,10 +79,6 @@ def ready(self):
             "task": "geonode.upload.tasks.cleanup_celery_task_entries",
             "schedule": 86400.0,
         }
-        settings.CELERY_BEAT_SCHEDULE["clean-up-old-task-result"] = {
-            "task": "geonode.upload.tasks.cleanup_celery_task_entries",
-            "schedule": 86400.0,
-        }
 
 
 default_app_config = "geonode.upload.UploadAppConfig"
diff --git a/setup.cfg b/setup.cfg
index 39709bce937..f6d5f90abf2 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -202,14 +202,6 @@ install_requires =
     certifi>=2022.12.7 # not directly required, pinned by Snyk to avoid a vulnerability
     jwcrypto>=1.4 # not directly required, pinned by Snyk to avoid a vulnerability
 
-    # Security and audit
-    mistune==2.0.5
-    wandb==0.13.11
-    protobuf==3.20.3
-    mako==1.2.4
-    certifi>=2022.12.7 # not directly required, pinned by Snyk to avoid a vulnerability
-    jwcrypto>=1.4 # not directly required, pinned by Snyk to avoid a vulnerability
-
 [options.packages.find]
 exclude = tests
 

From 0fe99b9a22bc606f84c3bb1ea2d5eabe3e99d0cc Mon Sep 17 00:00:00 2001
From: Henning Bredel <h.bredel@52north.org>
Date: Mon, 18 Sep 2023 16:35:46 +0200
Subject: [PATCH 227/330] Add docker hub description

---
 .github/workflows/52n-build.yaml              |  3 +++
 .../workflows/52n-dockerhub-description.yaml  | 23 +++++++++++++++++++
 README_thuenen.md                             |  8 +++++++
 3 files changed, 34 insertions(+)
 create mode 100644 .github/workflows/52n-dockerhub-description.yaml
 create mode 100644 README_thuenen.md

diff --git a/.github/workflows/52n-build.yaml b/.github/workflows/52n-build.yaml
index df1a12d6259..b30a7643827 100644
--- a/.github/workflows/52n-build.yaml
+++ b/.github/workflows/52n-build.yaml
@@ -15,6 +15,9 @@ on:
   push:
     branches:
       - "thuenen_4.x"
+    paths:
+      - "!./.github/workflows/52n-dockerhub-description.yaml"
+      - "!./README_thuenen.md"
 
 jobs:
   build_and_push_geonode:
diff --git a/.github/workflows/52n-dockerhub-description.yaml b/.github/workflows/52n-dockerhub-description.yaml
new file mode 100644
index 00000000000..1bd1b5f84f6
--- /dev/null
+++ b/.github/workflows/52n-dockerhub-description.yaml
@@ -0,0 +1,23 @@
+name: Update Docker Hub Description
+on:
+  push:
+    branches:
+      - thuenen_4.x
+    paths:
+      - README_thuenen.md
+      - .github/workflows/52n-dockerhub-description.yaml
+jobs:
+  dockerHubDescription:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Docker Hub Description
+      uses: peter-evans/dockerhub-description@v3
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
+        repository: 52north/geonode
+        short-description: "Geospatial content management system"
+        readme-filepath: ./README_thuenen.md
+        enable-url-completion: true
\ No newline at end of file
diff --git a/README_thuenen.md b/README_thuenen.md
new file mode 100644
index 00000000000..5ebf30dbe77
--- /dev/null
+++ b/README_thuenen.md
@@ -0,0 +1,8 @@
+# Thünen Atlas Fork of GeoNode
+
+This image is built from a fork of [Geonode](https://github.com/geonode/geonode).
+[Thünen Institute](https://thuenen.de) maintains an own fork of GeoNode in order to make necessary adjustments within projects which are not (yet) part of GeoNode core.
+
+However, we are interested to stay as close to upstream as possible, to benefit from ongoing development, but also to contribute features and fixes we develop in [Thünen Atlas project](https://atlas.thuenen.de).
+
+This image (`52north/geonode_thuenen`) is built from the `thuenen_4.x` branch of the [`Thuenen-GeoNode-Development/geonode` repository](https://github.com/Thuenen-GeoNode-Development/geonode/tree/thuenen_4.x).

From b442e94f5d2a9390ff1f9a69c061045d0b99493e Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Mon, 18 Sep 2023 16:37:21 +0200
Subject: [PATCH 228/330] Bump version to version 4.1.3 (#11506)

---
 geonode/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/geonode/__init__.py b/geonode/__init__.py
index 7884b891ac6..3f30a094da9 100644
--- a/geonode/__init__.py
+++ b/geonode/__init__.py
@@ -19,7 +19,7 @@
 
 import os
 
-__version__ = (4, 1, 2, "dev", 0)
+__version__ = (4, 1, 3, "final", 0)
 
 
 default_app_config = "geonode.apps.AppConfig"

From 6d2c174c7b48f8cda0a07b79a114d4ff098e655d Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Tue, 19 Sep 2023 10:30:15 +0200
Subject: [PATCH 229/330] Bump to dev branch (#11510)

---
 geonode/__init__.py | 2 +-
 requirements.txt    | 4 ++--
 setup.cfg           | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/geonode/__init__.py b/geonode/__init__.py
index 3f30a094da9..fd057ed56e3 100644
--- a/geonode/__init__.py
+++ b/geonode/__init__.py
@@ -19,7 +19,7 @@
 
 import os
 
-__version__ = (4, 1, 3, "final", 0)
+__version__ = (4, 1, 3, "dev", 0)
 
 
 default_app_config = "geonode.apps.AppConfig"
diff --git a/requirements.txt b/requirements.txt
index 55df34605f3..0470468edb4 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -88,8 +88,8 @@ pinax-notifications==6.0.0
 pinax-ratings==4.0.0
 
 # GeoNode org maintained apps.
-django-geonode-mapstore-client==4.1.1
-geonode-importer==1.0.5
+-e git+https://github.com/GeoNode/geonode-mapstore-client.git@4.1.x#egg=django_geonode_mapstore_client
+-e git+https://github.com/GeoNode/geonode-importer.git@master#egg=geonode-importer
 geonode-avatar==5.0.8
 geonode-oauth-toolkit==2.2.2
 geonode-user-messages==2.0.2
diff --git a/setup.cfg b/setup.cfg
index 59fb9ad08cb..f6d5f90abf2 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -114,8 +114,8 @@ install_requires =
     pinax-ratings==4.0.0
 
     # GeoNode org maintained apps.
-    django-geonode-mapstore-client==4.1.1
-    geonode-importer==1.0.5
+    django-geonode-mapstore-client>=4.1.1
+    geonode-importer>=1.0.5
     geonode-avatar==5.0.8
     geonode-oauth-toolkit==2.2.2
     geonode-user-messages==2.0.2

From 530a44ed41ec249d8843878300eb45485d313584 Mon Sep 17 00:00:00 2001
From: Emanuele Tajariol <etj@geo-solutions.it>
Date: Fri, 22 Sep 2023 15:52:03 +0200
Subject: [PATCH 230/330] Honor DB username as set in env file (#11522)

---
 tasks.py | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/tasks.py b/tasks.py
index 967c08af386..a37fe622bad 100755
--- a/tasks.py
+++ b/tasks.py
@@ -504,22 +504,26 @@ def _container_exposed_port(component, instname):
 
 
 def _update_db_connstring():
-    user = os.getenv("GEONODE_DATABASE", "geonode")
-    pwd = os.getenv("GEONODE_DATABASE_PASSWORD", "geonode")
-    dbname = os.getenv("GEONODE_DATABASE", "geonode")
-    dbhost = os.getenv("DATABASE_HOST", "db")
-    dbport = os.getenv("DATABASE_PORT", 5432)
-    connstr = f"postgis://{user}:{pwd}@{dbhost}:{dbport}/{dbname}"
+    connstr = os.getenv("DATABASE_URL", None)
+    if not connstr:
+        user = os.getenv("GEONODE_DATABASE_USER", "geonode")
+        pwd = os.getenv("GEONODE_DATABASE_PASSWORD", "geonode")
+        dbname = os.getenv("GEONODE_DATABASE", "geonode")
+        dbhost = os.getenv("DATABASE_HOST", "db")
+        dbport = os.getenv("DATABASE_PORT", 5432)
+        connstr = f"postgis://{user}:{pwd}@{dbhost}:{dbport}/{dbname}"
     return connstr
 
 
 def _update_geodb_connstring():
-    geouser = os.getenv("GEONODE_GEODATABASE", "geonode_data")
-    geopwd = os.getenv("GEONODE_GEODATABASE_PASSWORD", "geonode_data")
-    geodbname = os.getenv("GEONODE_GEODATABASE", "geonode_data")
-    dbhost = os.getenv("DATABASE_HOST", "db")
-    dbport = os.getenv("DATABASE_PORT", 5432)
-    geoconnstr = f"postgis://{geouser}:{geopwd}@{dbhost}:{dbport}/{geodbname}"
+    geoconnstr = os.getenv("GEODATABASE_URL", None)
+    if not geoconnstr:
+        geouser = os.getenv("GEONODE_GEODATABASE_USER", "geonode_data")
+        geopwd = os.getenv("GEONODE_GEODATABASE_PASSWORD", "geonode_data")
+        geodbname = os.getenv("GEONODE_GEODATABASE", "geonode_data")
+        dbhost = os.getenv("DATABASE_HOST", "db")
+        dbport = os.getenv("DATABASE_PORT", 5432)
+        geoconnstr = f"postgis://{geouser}:{geopwd}@{dbhost}:{dbport}/{geodbname}"
     return geoconnstr
 
 

From 20f8ec58b8334a9a01672ab1ddaa9dcf7767b9a7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 25 Sep 2023 09:44:09 +0200
Subject: [PATCH 231/330] Bump django-filter from 23.2 to 23.3 (#11503)

* Bump django-filter from 23.2 to 23.3

Bumps [django-filter](https://github.com/carltongibson/django-filter) from 23.2 to 23.3.
- [Release notes](https://github.com/carltongibson/django-filter/releases)
- [Changelog](https://github.com/carltongibson/django-filter/blob/main/CHANGES.rst)
- [Commits](https://github.com/carltongibson/django-filter/compare/23.2...23.3)

---
updated-dependencies:
- dependency-name: django-filter
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 0ec3426887d..7c714faa1ab 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -32,7 +32,7 @@ pathvalidate==3.1.0
 django-allauth==0.54.0
 django-appconf==1.0.5
 django-celery-results==2.5.1
-django-filter==23.2
+django-filter==23.3
 django-imagekit==4.1.0
 django-taggit==1.5.1
 django-markdownify==0.9.3
diff --git a/setup.cfg b/setup.cfg
index 08de7a9da04..88775b742b1 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -58,7 +58,7 @@ install_requires =
     django-allauth==0.54.0
     django-appconf==1.0.5
     django-celery-results==2.5.1
-    django-filter==23.2
+    django-filter==23.3
     django-imagekit==4.1.0
     django-taggit==1.5.1
     django-markdownify==0.9.3

From 101b89b22ea9342affe5c7549519ecfff21dbd9d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 25 Sep 2023 09:45:10 +0200
Subject: [PATCH 232/330] Bump django-grappelli from 3.0.7 to 3.0.8 (#11529)

* Bump django-grappelli from 3.0.7 to 3.0.8

Bumps [django-grappelli](https://github.com/sehmaschine/django-grappelli) from 3.0.7 to 3.0.8.
- [Changelog](https://github.com/sehmaschine/django-grappelli/blob/master/docs/changelog.rst)
- [Commits](https://github.com/sehmaschine/django-grappelli/compare/3.0.7...3.0.8)

---
updated-dependencies:
- dependency-name: django-grappelli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 7c714faa1ab..b7ebf8f29e7 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -44,7 +44,7 @@ django-downloadview==2.3.0
 django-polymorphic==3.1.0
 django-tastypie<0.15.0
 django-tinymce==3.6.1
-django-grappelli==3.0.7
+django-grappelli==3.0.8
 django-uuid-upload-path==1.0.0
 django-widget-tweaks==1.5.0
 django-sequences==2.8
diff --git a/setup.cfg b/setup.cfg
index 88775b742b1..48f7f529a54 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -70,7 +70,7 @@ install_requires =
     django-polymorphic==3.1.0
     django-tastypie<0.15.0
     django-tinymce==3.6.1
-    django-grappelli==3.0.7
+    django-grappelli==3.0.8
     django-uuid-upload-path==1.0.0
     django-widget-tweaks==1.5.0
     django-sequences==2.8

From 10b936a33b8bfb29a3f53fa52304cbacdbaaeca2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 25 Sep 2023 09:46:57 +0200
Subject: [PATCH 233/330] Bump drf-spectacular from 0.26.4 to 0.26.5 (#11525)

* Bump drf-spectacular from 0.26.4 to 0.26.5

Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.26.4 to 0.26.5.
- [Release notes](https://github.com/tfranzel/drf-spectacular/releases)
- [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tfranzel/drf-spectacular/compare/0.26.4...0.26.5)

---
updated-dependencies:
- dependency-name: drf-spectacular
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump drf-spectacular from 0.26.4 to 0.26.5

Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.26.4 to 0.26.5.
- [Release notes](https://github.com/tfranzel/drf-spectacular/releases)
- [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tfranzel/drf-spectacular/compare/0.26.4...0.26.5)

---
updated-dependencies:
- dependency-name: drf-spectacular
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump drf-spectacular from 0.26.4 to 0.26.5

Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.26.4 to 0.26.5.
- [Release notes](https://github.com/tfranzel/drf-spectacular/releases)
- [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tfranzel/drf-spectacular/compare/0.26.4...0.26.5)

---
updated-dependencies:
- dependency-name: drf-spectacular
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index b7ebf8f29e7..d367a018cdc 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -80,7 +80,7 @@ djangorestframework-gis==1.0
 djangorestframework-guardian==0.3.0
 drf-extensions==0.7.1
 drf-writable-nested==0.7.0
-drf-spectacular==0.26.4
+drf-spectacular==0.26.5
 dynamic-rest==2.1.2
 Markdown==3.4.4
 
diff --git a/setup.cfg b/setup.cfg
index 48f7f529a54..200a6b55b6e 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -106,7 +106,7 @@ install_requires =
     djangorestframework-guardian==0.3.0
     drf-extensions==0.7.1
     drf-writable-nested==0.7.0
-    drf-spectacular==0.26.4
+    drf-spectacular==0.26.5
     dynamic-rest==2.1.2
     Markdown==3.4.4
 

From 7775303342e0943c537160c8eca2b7852c2ce33a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 25 Sep 2023 09:48:27 +0200
Subject: [PATCH 234/330] Bump google-cloud-storage from 2.10.0 to 2.11.0
 (#11524)

* Bump google-cloud-storage from 2.10.0 to 2.11.0

Bumps [google-cloud-storage](https://github.com/googleapis/python-storage) from 2.10.0 to 2.11.0.
- [Release notes](https://github.com/googleapis/python-storage/releases)
- [Changelog](https://github.com/googleapis/python-storage/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/python-storage/compare/v2.10.0...v2.11.0)

---
updated-dependencies:
- dependency-name: google-cloud-storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump google-cloud-storage from 2.10.0 to 2.11.0

Bumps [google-cloud-storage](https://github.com/googleapis/python-storage) from 2.10.0 to 2.11.0.
- [Release notes](https://github.com/googleapis/python-storage/releases)
- [Changelog](https://github.com/googleapis/python-storage/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/python-storage/compare/v2.10.0...v2.11.0)

---
updated-dependencies:
- dependency-name: google-cloud-storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump google-cloud-storage from 2.10.0 to 2.11.0

Bumps [google-cloud-storage](https://github.com/googleapis/python-storage) from 2.10.0 to 2.11.0.
- [Release notes](https://github.com/googleapis/python-storage/releases)
- [Changelog](https://github.com/googleapis/python-storage/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/python-storage/compare/v2.10.0...v2.11.0)

---
updated-dependencies:
- dependency-name: google-cloud-storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index d367a018cdc..4eff0ee1c6b 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -111,7 +111,7 @@ django-bootstrap3-datetimepicker-2==2.8.3
 # storage manager dependencies
 django-storages==1.14
 dropbox==11.36.2
-google-cloud-storage==2.10.0
+google-cloud-storage==2.11.0
 google-cloud-core==2.3.3
 boto3==1.28.46
 
diff --git a/setup.cfg b/setup.cfg
index 200a6b55b6e..66488c28a26 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -136,7 +136,7 @@ install_requires =
     # storage manager dependencies
     django-storages==1.14
     dropbox==11.36.2
-    google-cloud-storage==2.10.0
+    google-cloud-storage==2.11.0
     google-cloud-core==2.3.3
     boto3==1.28.46
 

From 64555c51b78801d8349ee3be1c4bbe050423fa8e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 25 Sep 2023 09:50:53 +0200
Subject: [PATCH 235/330] Bump jsonschema from 4.19.0 to 4.19.1 (#11527)

* Bump jsonschema from 4.19.0 to 4.19.1

Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.19.0 to 4.19.1.
- [Release notes](https://github.com/python-jsonschema/jsonschema/releases)
- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/python-jsonschema/jsonschema/compare/v4.19.0...v4.19.1)

---
updated-dependencies:
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 4eff0ee1c6b..13fb08302a7 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -20,7 +20,7 @@ vine==5.0.0
 tqdm==4.66.1
 Deprecated==1.2.14
 wrapt==1.15.0
-jsonschema==4.19.0
+jsonschema==4.19.1
 zipstream-new==1.1.8
 schema==0.7.5
 rdflib==6.3.2
diff --git a/setup.cfg b/setup.cfg
index 66488c28a26..4909847c20c 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -46,7 +46,7 @@ install_requires =
     tqdm==4.66.1
     Deprecated==1.2.14
     wrapt==1.15.0
-    jsonschema==4.19.0
+    jsonschema==4.19.1
     zipstream-new==1.1.8
     schema==0.7.5
     rdflib==6.3.2

From da1939d7da8a4e468400f511f790767af18ff6d9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 25 Sep 2023 09:52:28 +0200
Subject: [PATCH 236/330] Update numpy requirement from ==1.25.* to ==1.26.*
 (#11501)

* Update numpy requirement from ==1.25.* to ==1.26.*

Updates the requirements on [numpy](https://github.com/numpy/numpy) to permit the latest version.
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](https://github.com/numpy/numpy/compare/v1.25.0.dev0...v1.26.0)

---
updated-dependencies:
- dependency-name: numpy
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 13fb08302a7..65eec1530db 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -60,7 +60,7 @@ SQLAlchemy==2.0.20 # required by PyCSW
 Shapely==1.8.5.post1
 mercantile==1.2.1
 geoip2==4.7.0
-numpy==1.25.*
+numpy==1.26.*
 
 # # Apps with packages provided in GeoNode's PPA on Launchpad.
 
diff --git a/setup.cfg b/setup.cfg
index 4909847c20c..1aa436f6740 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -86,7 +86,7 @@ install_requires =
     Shapely==1.8.5.post1
     mercantile==1.2.1
     geoip2==4.7.0
-    numpy==1.25.*
+    numpy==1.26.*
 
     # # Apps with packages provided in GeoNode's PPA on Launchpad.
 

From b74e96e3c0eb60b194f3adb7e0adb25f23a24fa4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 25 Sep 2023 09:54:08 +0200
Subject: [PATCH 237/330] Bump pathvalidate from 3.1.0 to 3.2.0 (#11504)

* Bump pathvalidate from 3.1.0 to 3.2.0

Bumps [pathvalidate](https://github.com/thombashi/pathvalidate) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/thombashi/pathvalidate/releases)
- [Commits](https://github.com/thombashi/pathvalidate/compare/v3.1.0...v3.2.0)

---
updated-dependencies:
- dependency-name: pathvalidate
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump pathvalidate from 3.1.0 to 3.2.0

Bumps [pathvalidate](https://github.com/thombashi/pathvalidate) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/thombashi/pathvalidate/releases)
- [Commits](https://github.com/thombashi/pathvalidate/compare/v3.1.0...v3.2.0)

---
updated-dependencies:
- dependency-name: pathvalidate
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 65eec1530db..e6bab075ae5 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -26,7 +26,7 @@ schema==0.7.5
 rdflib==6.3.2
 smart_open==6.4.0
 PyMuPDF==1.22.5
-pathvalidate==3.1.0
+pathvalidate==3.2.0
 
 # Django Apps
 django-allauth==0.54.0
diff --git a/setup.cfg b/setup.cfg
index 1aa436f6740..5f02decc6ca 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -52,7 +52,7 @@ install_requires =
     rdflib==6.3.2
     smart_open==6.4.0
     PyMuPDF==1.22.5
-    pathvalidate==3.1.0
+    pathvalidate==3.2.0
 
     # Django Apps
     django-allauth==0.54.0

From c36e976792f96868898a119e51ee46ff3c4f4caf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 25 Sep 2023 09:56:08 +0200
Subject: [PATCH 238/330] Bump webdriver-manager from 4.0.0 to 4.0.1 (#11530)

* Bump webdriver-manager from 4.0.0 to 4.0.1

Bumps [webdriver-manager](https://github.com/SergeyPirogov/webdriver_manager) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/SergeyPirogov/webdriver_manager/releases)
- [Changelog](https://github.com/SergeyPirogov/webdriver_manager/blob/master/CHANGELOG.md)
- [Commits](https://github.com/SergeyPirogov/webdriver_manager/compare/v4.0.0...v4.0.1)

---
updated-dependencies:
- dependency-name: webdriver-manager
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump webdriver-manager from 4.0.0 to 4.0.1

Bumps [webdriver-manager](https://github.com/SergeyPirogov/webdriver_manager) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/SergeyPirogov/webdriver_manager/releases)
- [Changelog](https://github.com/SergeyPirogov/webdriver_manager/blob/master/CHANGELOG.md)
- [Commits](https://github.com/SergeyPirogov/webdriver_manager/compare/v4.0.0...v4.0.1)

---
updated-dependencies:
- dependency-name: webdriver-manager
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index e6bab075ae5..aa5e7a570a9 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -167,7 +167,7 @@ factory-boy==3.3.0
 flaky==3.7.0
 selenium>=4.1.0,<5.0.0
 selenium-requests==2.0.3
-webdriver_manager==4.0.0
+webdriver_manager==4.0.1
 
 # Security and audit
 mistune==3.0.1
diff --git a/setup.cfg b/setup.cfg
index 5f02decc6ca..b2b810ab90c 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -192,7 +192,7 @@ install_requires =
     flaky==3.7.0
     selenium>=4.1.0,<5.0.0
     selenium-requests==2.0.3
-    webdriver_manager==4.0.0
+    webdriver_manager==4.0.1
 
     # Security and audit
     mistune==3.0.1

From 401d4a5ba4c5527b9a04872ccd38cc2edd0dcf8f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 25 Sep 2023 09:57:31 +0200
Subject: [PATCH 239/330] Bump sqlalchemy from 2.0.20 to 2.0.21 (#11526)

* Bump sqlalchemy from 2.0.20 to 2.0.21

Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.20 to 2.0.21.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

---
updated-dependencies:
- dependency-name: sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index aa5e7a570a9..95e9ab0f4d8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -56,7 +56,7 @@ pyjwt==2.8.0
 pyproj<3.7.0
 OWSLib==0.29.2
 pycsw==2.6.1
-SQLAlchemy==2.0.20 # required by PyCSW
+SQLAlchemy==2.0.21 # required by PyCSW
 Shapely==1.8.5.post1
 mercantile==1.2.1
 geoip2==4.7.0
diff --git a/setup.cfg b/setup.cfg
index b2b810ab90c..2d23b57b60f 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -82,7 +82,7 @@ install_requires =
     pyproj<3.7.0
     OWSLib==0.29.2
     pycsw==2.6.1
-    SQLAlchemy==2.0.20 # required by PyCSW
+    SQLAlchemy==2.0.21 # required by PyCSW
     Shapely==1.8.5.post1
     mercantile==1.2.1
     geoip2==4.7.0

From 5422fd3d0e9b581f7bcdae9739d27cbc351d6407 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 25 Sep 2023 10:06:47 +0200
Subject: [PATCH 240/330] Bump pillow from 10.0.0 to 10.0.1 (#11505)

* Bump pillow from 10.0.0 to 10.0.1

Bumps [pillow](https://github.com/python-pillow/Pillow) from 10.0.0 to 10.0.1.
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](https://github.com/python-pillow/Pillow/compare/10.0.0...10.0.1)

---
updated-dependencies:
- dependency-name: pillow
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 95e9ab0f4d8..5c16fc20020 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,5 +1,5 @@
 # native dependencies
-Pillow==10.0.0
+Pillow==10.0.1
 lxml==4.9.3
 psycopg2==2.9.7
 Django==3.2.21
diff --git a/setup.cfg b/setup.cfg
index 2d23b57b60f..b0b687d637d 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -25,7 +25,7 @@ setup_requires =
     setuptools
 install_requires =
     # native dependencies
-    Pillow==10.0.0
+    Pillow==10.0.1
     lxml==4.9.3
     psycopg2==2.9.7
     Django==3.2.21

From ae6a48a87610c2b7ef8846291ff60659c4f1ba79 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 25 Sep 2023 10:08:28 +0200
Subject: [PATCH 241/330] Bump boto3 from 1.28.46 to 1.28.53 (#11528)

* Bump boto3 from 1.28.46 to 1.28.53

Bumps [boto3](https://github.com/boto/boto3) from 1.28.46 to 1.28.53.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.28.46...1.28.53)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump boto3 from 1.28.46 to 1.28.53

Bumps [boto3](https://github.com/boto/boto3) from 1.28.46 to 1.28.53.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.28.46...1.28.53)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 5c16fc20020..62ebeda6b1e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -113,7 +113,7 @@ django-storages==1.14
 dropbox==11.36.2
 google-cloud-storage==2.11.0
 google-cloud-core==2.3.3
-boto3==1.28.46
+boto3==1.28.53
 
 # Django Caches
 python-memcached<=1.59
diff --git a/setup.cfg b/setup.cfg
index b0b687d637d..f2b7b1f19a2 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -138,7 +138,7 @@ install_requires =
     dropbox==11.36.2
     google-cloud-storage==2.11.0
     google-cloud-core==2.3.3
-    boto3==1.28.46
+    boto3==1.28.53
 
     # Django Caches
     python-memcached<=1.59

From a9afe17e6c116c5eb38e244e80374f39697824aa Mon Sep 17 00:00:00 2001
From: Francisco Vicent <franciscovicent@outlook.com>
Date: Mon, 25 Sep 2023 05:54:19 -0300
Subject: [PATCH 242/330] Dehydrate organization field (#11498)

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
---
 geonode/api/api.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/geonode/api/api.py b/geonode/api/api.py
index 4303c0caa4b..c80c699ed48 100644
--- a/geonode/api/api.py
+++ b/geonode/api/api.py
@@ -543,6 +543,7 @@ def dehydrate(self, bundle):
                 documents_count=bundle.data.get("documents_count", 0),
                 maps_count=bundle.data.get("maps_count", 0),
                 layers_count=bundle.data.get("layers_count", 0),
+                organization=bundle.data.get("organization", 0),
             )
         return bundle
 

From 0248da514eb18a5a5f27002912b76c095ecef0e6 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Tue, 26 Sep 2023 09:46:56 +0200
Subject: [PATCH 243/330] Revert to Ubuntu 22.04 LTS (#11531)

---
 Dockerfile                            | 2 +-
 docker-compose-test.yml               | 2 +-
 docker-compose.yml                    | 2 +-
 scripts/docker/base/ubuntu/Dockerfile | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 3fb3fe1df84..1db25a2636e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM geonode/geonode-base:latest-ubuntu-22.10
+FROM geonode/geonode-base:latest-ubuntu-22.04
 LABEL GeoNode development team
 
 # add bower and grunt command
diff --git a/docker-compose-test.yml b/docker-compose-test.yml
index 14a4b999fab..9bd764f8da3 100644
--- a/docker-compose-test.yml
+++ b/docker-compose-test.yml
@@ -3,7 +3,7 @@ version: '3.9'
 # Common Django template for GeoNode and Celery services below
 x-common-django:
   &default-common-django
-  image: geonode/geonode:latest-ubuntu-22.10
+  image: geonode/geonode:latest-ubuntu-22.04
   restart: unless-stopped
   env_file:
     - .env_test
diff --git a/docker-compose.yml b/docker-compose.yml
index 36d6d196fe2..7cc150f129c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,7 +3,7 @@ version: '3.9'
 # Common Django template for GeoNode and Celery services below
 x-common-django:
   &default-common-django
-  image: geonode/geonode:latest-ubuntu-22.10
+  image: geonode/geonode:latest-ubuntu-22.04
   restart: unless-stopped
   env_file:
     - .env
diff --git a/scripts/docker/base/ubuntu/Dockerfile b/scripts/docker/base/ubuntu/Dockerfile
index 8e406212798..0330c518ed2 100644
--- a/scripts/docker/base/ubuntu/Dockerfile
+++ b/scripts/docker/base/ubuntu/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:22.10
+FROM ubuntu:22.04
 
 RUN mkdir -p /usr/src/geonode
 

From 5e8bc63d70de97e835e947c398a2083ee111e823 Mon Sep 17 00:00:00 2001
From: Henning Bredel <h.bredel@52north.org>
Date: Tue, 26 Sep 2023 11:04:10 +0200
Subject: [PATCH 244/330] Fix parsing release version

---
 .github/workflows/52n-release.yaml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/52n-release.yaml b/.github/workflows/52n-release.yaml
index c98640c39bd..3c7aad9527a 100644
--- a/.github/workflows/52n-release.yaml
+++ b/.github/workflows/52n-release.yaml
@@ -27,6 +27,7 @@ jobs:
         uses: booxmedialtd/ws-action-parse-semver@v1
         with:
           input_string: "${{github.ref_name}}"
+          version_extractor_regex: 'v(.*)-thuenen'
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
@@ -37,7 +38,7 @@ jobs:
         env:
           MAJOR_VERSION: ${{ steps.semver_parser.outputs.major }}
           MAJOR_MINOR_VERSION: ${{ steps.semver_parser.outputs.major }}-${{ steps.semver_parser.outputs.minor }}
-          MAJOR_MINOR_PATCH_VERSION: ${{ steps.semver_parser.outputs.major }}-${{ steps.semver_parser.outputs.minor }}-${{ steps.semver_parser.outputs.patch }}
+          MAJOR_MINOR_PATCH_VERSION: ${{ steps.semver_parser.outputs.fullversion }}
         with:
           images: ${{ env.IMAGE }}
           labels: |
@@ -59,7 +60,11 @@ jobs:
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Fail in case fully tagged version already exists
-        run: docker manifest inspect ${{ env.IMAGE }}:${{ steps.meta.env.MAJOR_MINOR_PATCH_VERSION }} > /dev/null ; test $? != 0
+        run: |
+          if docker manifest inspect ${{ env.IMAGE }}:${{ steps.semver_parser.outputs.fullversion }}; then
+            echo "tag version already exists! Will not override."
+            exit 1
+          fi
       -
         name: Build and push
         uses: docker/build-push-action@v4

From 6cd67df5975214b247722388c73319d62146e9a5 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Wed, 27 Sep 2023 16:43:55 +0200
Subject: [PATCH 245/330] [Fixes #11535] Return category description in API
 response (#11536)

* Return category description in API response

* fix formatting
---
 geonode/base/api/serializers.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/geonode/base/api/serializers.py b/geonode/base/api/serializers.py
index 3e18a25138b..74d74e9a236 100644
--- a/geonode/base/api/serializers.py
+++ b/geonode/base/api/serializers.py
@@ -197,7 +197,7 @@ class SimpleTopicCategorySerializer(DynamicModelSerializer):
     class Meta:
         model = TopicCategory
         name = "TopicCategory"
-        fields = ("identifier",)
+        fields = ("identifier", "gn_description")
 
 
 class RestrictionCodeTypeSerializer(DynamicModelSerializer):

From bba8cebca1e566f3e9f9c8615fd7d0c8e4bb88a0 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Thu, 28 Sep 2023 10:02:12 +0200
Subject: [PATCH 246/330] [Fixes #11533] Remote resources created by harvesters
 do not have remote subtype (#11537)

* Set subtype remote for any remote resurce
---
 geonode/harvesting/harvesters/base.py         |   1 +
 .../harvesting/harvesters/geonodeharvester.py |   1 +
 geonode/harvesting/tests/test_integrations.py | 100 ++++++++++++++++++
 geonode/resource/utils.py                     |   7 --
 4 files changed, 102 insertions(+), 7 deletions(-)
 create mode 100644 geonode/harvesting/tests/test_integrations.py

diff --git a/geonode/harvesting/harvesters/base.py b/geonode/harvesting/harvesters/base.py
index 5a2c484e9d0..c10b4c035d5 100644
--- a/geonode/harvesting/harvesters/base.py
+++ b/geonode/harvesting/harvesters/base.py
@@ -247,6 +247,7 @@ def get_geonode_resource_defaults(
         if self.should_copy_resource(harvestable_resource):
             defaults["sourcetype"] = enumerations.SOURCE_TYPE_COPYREMOTE
         else:
+            defaults["subtype"] = "remote"
             defaults["sourcetype"] = enumerations.SOURCE_TYPE_REMOTE
         return {key: value for key, value in defaults.items() if value is not None}
 
diff --git a/geonode/harvesting/harvesters/geonodeharvester.py b/geonode/harvesting/harvesters/geonodeharvester.py
index e7103e9bf1c..ec31b84b1d4 100644
--- a/geonode/harvesting/harvesters/geonodeharvester.py
+++ b/geonode/harvesting/harvesters/geonodeharvester.py
@@ -261,6 +261,7 @@ def get_geonode_resource_defaults(
                         "thumbnail_url": harvested_info.resource_descriptor.distribution.thumbnail_url,
                         "srid": srid,
                         "ptype": GXP_PTYPES["GN_WMS"],
+                        "subtype": "remote",
                     }
                 )
         return defaults
diff --git a/geonode/harvesting/tests/test_integrations.py b/geonode/harvesting/tests/test_integrations.py
new file mode 100644
index 00000000000..37d3cb7aaf6
--- /dev/null
+++ b/geonode/harvesting/tests/test_integrations.py
@@ -0,0 +1,100 @@
+##############################################
+#
+# Copyright (C) 2021 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+import uuid
+import datetime as dt
+from unittest import mock
+
+from django.test.utils import override_settings
+from django.contrib.auth import get_user_model
+from geonode.tests.base import GeoNodeBaseTestSupport
+from geonode.layers.models import Dataset
+
+from geonode.harvesting.resourcedescriptor import (
+    RecordDescriptionContact,
+    RecordDistribution,
+    RecordIdentification,
+    RecordDescription,
+)
+from geonode.harvesting.models import Harvester, HarvestableResource, AsynchronousHarvestingSession
+from geonode.harvesting.harvesters.base import HarvestedResourceInfo
+from geonode.harvesting.harvesters.geonodeharvester import GeonodeUnifiedHarvesterWorker
+
+
+class HarvesterIntegrationsTestCase(GeoNodeBaseTestSupport):
+    unique_identifier = "id"
+    title = "Test"
+    remote_url = "test.com"
+    name = "This is a geonode harvester"
+    user = get_user_model().objects.get(username="AnonymousUser")
+    harvester_type = "geonode.harvesting.harvesters.geonodeharvester.GeonodeLegacyHarvester"
+
+    @override_settings(ASYNC_SIGNALS=False)
+    def setUp(self):
+        super().setUp()
+
+        self.record_description_contact = mock.MagicMock(RecordDescriptionContact)
+        self.record_distribution = mock.MagicMock(RecordDistribution)
+        self.record_distribution.thumbnail_url.return_value = "thumb.png"
+        self.record_distribution.wms_url.return_value = "http://test.com/geoserver"
+        self.record_identification = RecordIdentification(name=self.name, title=self.title, other_keywords=[])
+
+        self.harvester = Harvester.objects.create(
+            remote_url=self.remote_url, name=self.name, default_owner=self.user, harvester_type=self.harvester_type
+        )
+        self.harvestable_resource = HarvestableResource.objects.create(
+            unique_identifier=self.unique_identifier,
+            title=self.title,
+            harvester=self.harvester,
+            last_refreshed=dt.datetime.now(),
+            remote_resource_type="dataset",
+        )
+
+        self.session = AsynchronousHarvestingSession.objects.create(
+            harvester=self.harvester, session_type=AsynchronousHarvestingSession.TYPE_HARVESTING
+        )
+
+        self.record_description = RecordDescription(
+            uuid=uuid.uuid4(),
+            author=self.record_description_contact,
+            date_stamp=dt.datetime.now(),
+            distribution=self.record_distribution,
+            identification=self.record_identification,
+            point_of_contact=self.record_description_contact,
+            reference_systems=["EPSG:3857"],
+            additional_parameters={
+                "alternate": "geonode:test",
+                "workspace": "geonode",
+                "subtype": "vector",
+                "resource_type": "",
+            },
+        )
+
+        self.harvested_info = HarvestedResourceInfo(
+            resource_descriptor=self.record_description, copied_resources=[], additional_information=None
+        )
+
+    @mock.patch(
+        "geonode.harvesting.harvesters.geonodeharvester.GeonodeCurrentHarvester.check_availability",
+        mock.Mock(return_value=True),
+    )
+    def test_remote_subtype_is_set_for_harvested_dataset(self):
+        worker = GeonodeUnifiedHarvesterWorker(remote_url=self.remote_url, harvester_id=self.harvester.id)
+        worker.update_geonode_resource(self.harvested_info, self.harvestable_resource)
+        dataset = Dataset.objects.get(alternate="geonode:test")
+        self.assertEqual(dataset.subtype, "remote")
diff --git a/geonode/resource/utils.py b/geonode/resource/utils.py
index 5490d85cca6..5a557f8ceb9 100644
--- a/geonode/resource/utils.py
+++ b/geonode/resource/utils.py
@@ -233,11 +233,6 @@ def update_resource(
         to_update["ows_url"] = defaults.pop("ows_url", getattr(instance, "ows_url", None)) or _default_ows_url
 
     to_update.update(defaults)
-    try:
-        ResourceBase.objects.filter(id=instance.resourcebase_ptr.id).update(**defaults)
-    except Exception as e:
-        logger.error(f"{e} - {defaults}")
-        raise
     try:
         instance.get_real_concrete_instance_class().objects.filter(id=instance.id).update(**to_update)
     except Exception as e:
@@ -254,8 +249,6 @@ def update_resource(
             _s = Service.objects.filter(harvester=_h).get()
             _to_update = {
                 "remote_typename": _s.name,
-                # "ows_url": _s.service_url,
-                "subtype": "remote",
             }
             if hasattr(instance, "remote_service"):
                 _to_update["remote_service"] = _s

From 8bc6132cf5478ee4a78911ca44916fd67f01fe01 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 28 Sep 2023 10:38:59 +0200
Subject: [PATCH 247/330] Bump pymupdf from 1.22.5 to 1.23.1 (#11412)

* - Align setup.cfg to requirements.txt

* Bump to PyMuPDF 1.23.1

---------

Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 62ebeda6b1e..0ad9aa5ed4e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -25,7 +25,7 @@ zipstream-new==1.1.8
 schema==0.7.5
 rdflib==6.3.2
 smart_open==6.4.0
-PyMuPDF==1.22.5
+PyMuPDF==1.23.1
 pathvalidate==3.2.0
 
 # Django Apps
diff --git a/setup.cfg b/setup.cfg
index f2b7b1f19a2..cde879727ad 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -51,7 +51,7 @@ install_requires =
     schema==0.7.5
     rdflib==6.3.2
     smart_open==6.4.0
-    PyMuPDF==1.22.5
+    PyMuPDF==1.23.1
     pathvalidate==3.2.0
 
     # Django Apps

From 93aa6100e8dc440fc150111d6603ac91caacf4b6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 28 Sep 2023 13:13:51 +0200
Subject: [PATCH 248/330] Bump pymupdf from 1.23.1 to 1.23.4 (#11540)

* Bump pymupdf from 1.23.1 to 1.23.4

Bumps [pymupdf](https://github.com/pymupdf/pymupdf) from 1.23.1 to 1.23.4.
- [Release notes](https://github.com/pymupdf/pymupdf/releases)
- [Changelog](https://github.com/pymupdf/PyMuPDF/blob/main/changes.txt)
- [Commits](https://github.com/pymupdf/pymupdf/compare/1.23.1...1.23.4)

---
updated-dependencies:
- dependency-name: pymupdf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 0ad9aa5ed4e..cca54c41c83 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -25,7 +25,7 @@ zipstream-new==1.1.8
 schema==0.7.5
 rdflib==6.3.2
 smart_open==6.4.0
-PyMuPDF==1.23.1
+PyMuPDF==1.23.4
 pathvalidate==3.2.0
 
 # Django Apps
diff --git a/setup.cfg b/setup.cfg
index cde879727ad..c80c1ab9c53 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -51,7 +51,7 @@ install_requires =
     schema==0.7.5
     rdflib==6.3.2
     smart_open==6.4.0
-    PyMuPDF==1.23.1
+    PyMuPDF==1.23.4
     pathvalidate==3.2.0
 
     # Django Apps

From 616645c34113221530bba9017cc7bcea2c993652 Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Thu, 5 Oct 2023 13:12:49 +0200
Subject: [PATCH 249/330] Test fix CircleCi test (#11560)

* Test fix CircleCi test

* Test fix CircleCi test

* Test fix CircleCi test
---
 geonode/upload/api/tests.py | 80 ++++++++++++++++++++++++++-----------
 1 file changed, 57 insertions(+), 23 deletions(-)

diff --git a/geonode/upload/api/tests.py b/geonode/upload/api/tests.py
index 8f84fec6a92..81cd4a3ea3f 100644
--- a/geonode/upload/api/tests.py
+++ b/geonode/upload/api/tests.py
@@ -17,7 +17,9 @@
 #
 #########################################################################
 
+from geonode.base.models import ResourceBase
 from geonode.resource.models import ExecutionRequest
+from geonode.geoserver.helpers import gs_catalog
 import os
 import shutil
 import logging
@@ -233,35 +235,67 @@ def test_rest_uploads(self):
         """
         Ensure we can access the Local Server Uploads list.
         """
-        # Try to upload a good raster file and check the session IDs
-        fname = os.path.join(GOOD_DATA, "raster", "relief_san_andres.tif")
-        resp, data = rest_upload_by_path(fname, self.client)
-        self.assertEqual(resp.status_code, 201)
-
-        url = reverse("uploads-list")
-        # Anonymous
-        self.client.logout()
-        response = self.client.get(url, format="json")
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(len(response.data), 5)
-        self.assertEqual(response.data["total"], 0)
-        # Pagination
-        self.assertEqual(len(response.data["uploads"]), 0)
-        logger.debug(response.data)
+        resp = None
+        layer_name = "relief_san_andres"
+        try:
+            self._cleanup_layer(layer_name=layer_name)
+            # Try to upload a good raster file and check the session IDs
+            fname = os.path.join(GOOD_DATA, "raster", "relief_san_andres.tif")
+            resp, data = rest_upload_by_path(fname, self.client)
+            self.assertEqual(resp.status_code, 201)
+
+            url = reverse("uploads-list")
+            # Anonymous
+            self.client.logout()
+            response = self.client.get(url, format="json")
+            self.assertEqual(response.status_code, 200)
+            self.assertEqual(len(response.data), 5)
+            self.assertEqual(response.data["total"], 0)
+            # Pagination
+            self.assertEqual(len(response.data["uploads"]), 0)
+            logger.debug(response.data)
+        except Exception:
+            if resp.json().get("errors"):
+                layer_name = resp.json().get("errors")[0].split("for : ")[1].split(",")[0]
+        finally:
+            self._cleanup_layer(layer_name)
 
     @override_settings(CELERY_TASK_ALWAYS_EAGER=True)
     def test_rest_uploads_non_interactive(self):
         """
         Ensure we can access the Local Server Uploads list.
         """
-        # Try to upload a good raster file and check the session IDs
-        fname = os.path.join(GOOD_DATA, "raster", "relief_san_andres.tif")
-        resp, data = rest_upload_by_path(fname, self.client, non_interactive=True)
-        self.assertEqual(resp.status_code, 201)
-
-        exec_id = data.get("execution_id", None)
-        _exec = ExecutionRequest.objects.get(exec_id=exec_id)
-        self.assertEqual(_exec.status, "finished")
+        resp = None
+        layer_name = "relief_san_andres"
+        try:
+            self._cleanup_layer(layer_name=layer_name)
+            # Try to upload a good raster file and check the session IDs
+            fname = os.path.join(GOOD_DATA, "raster", "relief_san_andres.tif")
+            resp, data = rest_upload_by_path(fname, self.client, non_interactive=True)
+            self.assertEqual(resp.status_code, 201)
+            exec_id = data.get("execution_id", None)
+            _exec = ExecutionRequest.objects.get(exec_id=exec_id)
+            self.assertEqual(_exec.status, "finished")
+        except Exception:
+            if resp.json().get("errors"):
+                layer_name = resp.json().get("errors")[0].split("for : ")[1].split(",")[0]
+        finally:
+            self._cleanup_layer(layer_name)
+
+    def _cleanup_layer(self, layer_name):
+        # removing the layer from geonode
+        x = ResourceBase.objects.filter(alternate__icontains=layer_name)
+        if x.exists():
+            for el in x.iterator():
+                el.delete()
+        # removing the layer from geoserver
+        dataset = gs_catalog.get_layer(layer_name)
+        if dataset:
+            gs_catalog.delete(dataset, purge="all", recurse=True)
+        # removing the layer from geoserver
+        store = gs_catalog.get_store(layer_name, workspace="geonode")
+        if store:
+            gs_catalog.delete(store, purge="all", recurse=True)
 
     @mock.patch("geonode.upload.uploadhandler.SimpleUploadedFile")
     def test_rest_uploads_with_size_limit(self, mocked_uploaded_file):

From 2ef2a5094f502dad0e76136f98f7217e9f29b34a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Oct 2023 13:14:26 +0200
Subject: [PATCH 250/330] Bump boto3 from 1.28.53 to 1.28.56 (#11539)

* Bump boto3 from 1.28.53 to 1.28.56

Bumps [boto3](https://github.com/boto/boto3) from 1.28.53 to 1.28.56.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.28.53...1.28.56)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index cca54c41c83..5e9989c8705 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -113,7 +113,7 @@ django-storages==1.14
 dropbox==11.36.2
 google-cloud-storage==2.11.0
 google-cloud-core==2.3.3
-boto3==1.28.53
+boto3==1.28.56
 
 # Django Caches
 python-memcached<=1.59
diff --git a/setup.cfg b/setup.cfg
index c80c1ab9c53..f69ad657dcb 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -138,7 +138,7 @@ install_requires =
     dropbox==11.36.2
     google-cloud-storage==2.11.0
     google-cloud-core==2.3.3
-    boto3==1.28.53
+    boto3==1.28.56
 
     # Django Caches
     python-memcached<=1.59

From 980189c0c8e9d6fb6408447c4ee0cb3730d2c080 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Oct 2023 13:14:46 +0200
Subject: [PATCH 251/330] Bump django-mptt from 0.14.0 to 0.15.0 (#11541)

* Bump django-mptt from 0.14.0 to 0.15.0

Bumps [django-mptt](https://github.com/django-mptt/django-mptt) from 0.14.0 to 0.15.0.
- [Release notes](https://github.com/django-mptt/django-mptt/releases)
- [Changelog](https://github.com/django-mptt/django-mptt/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/django-mptt/django-mptt/compare/0.14...0.15)

---
updated-dependencies:
- dependency-name: django-mptt
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 5e9989c8705..7d1b4a9b914 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -36,7 +36,7 @@ django-filter==23.3
 django-imagekit==4.1.0
 django-taggit==1.5.1
 django-markdownify==0.9.3
-django-mptt==0.14.0
+django-mptt==0.15.0
 django-modeltranslation>=0.11,<0.19.0
 django-treebeard==4.7
 django-guardian<2.4.1
diff --git a/setup.cfg b/setup.cfg
index f69ad657dcb..2b22c939e0f 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -62,7 +62,7 @@ install_requires =
     django-imagekit==4.1.0
     django-taggit==1.5.1
     django-markdownify==0.9.3
-    django-mptt==0.14.0
+    django-mptt==0.15.0
     django-modeltranslation>=0.11,<0.19.0
     django-treebeard==4.7
     django-guardian<2.4.1

From 0438ff3b76a4978d2be1af4e72221d440865ba4c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Oct 2023 13:15:12 +0200
Subject: [PATCH 252/330] Bump django-storages from 1.14 to 1.14.1 (#11547)

Bumps [django-storages](https://github.com/jschneier/django-storages) from 1.14 to 1.14.1.
- [Changelog](https://github.com/jschneier/django-storages/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/jschneier/django-storages/compare/1.14...1.14.1)

---
updated-dependencies:
- dependency-name: django-storages
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 7d1b4a9b914..1e46920c20d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -109,7 +109,7 @@ elasticsearch>=2.0.0,<9.0.0
 django-bootstrap3-datetimepicker-2==2.8.3
 
 # storage manager dependencies
-django-storages==1.14
+django-storages==1.14.1
 dropbox==11.36.2
 google-cloud-storage==2.11.0
 google-cloud-core==2.3.3

From ec0429af74cf4805ef4f21e8839bbe5948406ff4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Oct 2023 13:15:45 +0200
Subject: [PATCH 253/330] Bump psycopg2 from 2.9.7 to 2.9.8 (#11550)

Bumps [psycopg2](https://github.com/psycopg/psycopg2) from 2.9.7 to 2.9.8.
- [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS)
- [Commits](https://github.com/psycopg/psycopg2/compare/2.9.7...2.9.8)

---
updated-dependencies:
- dependency-name: psycopg2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 1e46920c20d..b39fc3d8091 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,7 +1,7 @@
 # native dependencies
 Pillow==10.0.1
 lxml==4.9.3
-psycopg2==2.9.7
+psycopg2==2.9.8
 Django==3.2.21
 
 # Other

From 9f88645458c86a690f8c01572c7a7a88cee0f624 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Oct 2023 13:16:22 +0200
Subject: [PATCH 254/330] Bump mistune from 3.0.1 to 3.0.2 (#11549)

Bumps [mistune](https://github.com/lepture/mistune) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/lepture/mistune/releases)
- [Changelog](https://github.com/lepture/mistune/blob/v3.0.2/docs/changes.rst)
- [Commits](https://github.com/lepture/mistune/compare/v3.0.1...v3.0.2)

---
updated-dependencies:
- dependency-name: mistune
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index b39fc3d8091..10f3976e521 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -170,7 +170,7 @@ selenium-requests==2.0.3
 webdriver_manager==4.0.1
 
 # Security and audit
-mistune==3.0.1
+mistune==3.0.2
 protobuf==3.20.3
 mako==1.2.4
 paramiko==3.3.1 # not directly required, fixes Blowfish deprecation warning

From e65f4a4f9770127aba82c4b25d28f91c206ee8e1 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Thu, 5 Oct 2023 14:13:55 +0200
Subject: [PATCH 255/330] [Fixes #11554] Implement WMTS backgrounds for
 thumbnails (only 3857 tilematricsets) (#11555)

* Implement WMTS backgrounds for thumbnails (only 3857 tilematricsets)

* use fictious WMTS service url

* fix E501
---
 geonode/thumbs/background.py                  | 200 ++++++++++
 .../expected_results/tiles/background.png     | Bin 0 -> 118362 bytes
 .../expected_results/tiles/wmts_7_5_4.png     | Bin 0 -> 27883 bytes
 .../expected_results/tiles/wmts_7_6_4.png     | Bin 0 -> 34620 bytes
 .../expected_results/tiles/wmts_8_5_4.png     | Bin 0 -> 35010 bytes
 .../expected_results/tiles/wmts_8_6_4.png     | Bin 0 -> 35907 bytes
 .../expected_results/tiles/wmts_9_5_4.png     | Bin 0 -> 31143 bytes
 .../expected_results/tiles/wmts_9_6_4.png     | Bin 0 -> 60528 bytes
 geonode/thumbs/tests/test_backgrounds.py      | 371 ++++++++++++++++++
 9 files changed, 571 insertions(+)
 create mode 100644 geonode/thumbs/tests/expected_results/tiles/background.png
 create mode 100644 geonode/thumbs/tests/expected_results/tiles/wmts_7_5_4.png
 create mode 100644 geonode/thumbs/tests/expected_results/tiles/wmts_7_6_4.png
 create mode 100644 geonode/thumbs/tests/expected_results/tiles/wmts_8_5_4.png
 create mode 100644 geonode/thumbs/tests/expected_results/tiles/wmts_8_6_4.png
 create mode 100644 geonode/thumbs/tests/expected_results/tiles/wmts_9_5_4.png
 create mode 100644 geonode/thumbs/tests/expected_results/tiles/wmts_9_6_4.png
 create mode 100644 geonode/thumbs/tests/test_backgrounds.py

diff --git a/geonode/thumbs/background.py b/geonode/thumbs/background.py
index 8896a5353c3..85bceb64159 100644
--- a/geonode/thumbs/background.py
+++ b/geonode/thumbs/background.py
@@ -21,13 +21,16 @@
 import ast
 import typing
 import logging
+import math
 import mercantile
+import requests
 
 from io import BytesIO
 from pyproj import Transformer
 from abc import ABC, abstractmethod
 from math import ceil, floor, copysign
 from PIL import Image, UnidentifiedImageError
+from owslib.wmts import WebMapTileService
 
 from django.conf import settings
 from django.utils.html import strip_tags
@@ -464,3 +467,200 @@ def __init__(
 
         self.url = "https://tile.openstreetmap.org/{z}/{x}/{y}.png"
         self.tile_size = 256
+
+
+WMTS_TILEMATRIXSET_LEVELS = None
+
+
+class GenericWMTSBackground(BaseThumbBackground):
+    def __init__(self, thumbnail_width: int, thumbnail_height: int, max_retries: int = 3, retry_delay: int = 1):
+        super().__init__(thumbnail_width, thumbnail_height, max_retries, retry_delay)
+        self.options = settings.THUMBNAIL_BACKGROUND.get("options", {})
+        self.levels = self.get_levels_for_tilematrix()
+
+        self.thumbnail_width = thumbnail_width
+        self.thumbnail_height = thumbnail_height
+
+    def fetch(self, bbox: typing.List, *args, **kwargs):
+        bbox = [bbox[0], bbox[2], bbox[1], bbox[3]]
+        target_pixelspan = self.get_target_pixelspan(bbox)
+        level = self.get_level_for_targetpixelspan(target_pixelspan)
+
+        tilewidth = level["tilewidth"]
+        tileheight = level["tileheight"]
+        zoom = level["zoom"]
+        pixelspan = level["pixelspan"]
+        tilespanx = level["tilespanx"]
+        tilespany = level["tilespany"]
+
+        pixelspan_ratio = level["pixelspan"] / target_pixelspan
+
+        tile_rowcols = self.get_tiles_coords(level, bbox)
+        tiles_cols_list = set([tile_rowcol[0] for tile_rowcol in tile_rowcols])
+        tiles_mincol = min(tiles_cols_list)
+        tiles_maxcol = max(tiles_cols_list)
+        tiles_minx = level["bounds"][0] + (tiles_mincol * tilespanx)
+        tiles_rows_list = set([tile_rowcol[1] for tile_rowcol in tile_rowcols])
+        tiles_minrow = min(tiles_rows_list)
+        tiles_maxrow = max(tiles_rows_list)
+        tiles_maxy = level["bounds"][3] - (tiles_minrow * tilespany)
+
+        tiles_width = (tiles_maxcol - tiles_mincol + 1) * tilewidth
+        tiles_height = (tiles_maxrow - tiles_minrow + 1) * tileheight
+
+        background = Image.new("RGB", (tiles_width, tiles_height), (250, 250, 250))
+
+        for tile_coord in tile_rowcols:
+            try:
+                im = None
+                imgurl = self.build_request([tile_coord[0], tile_coord[1], zoom])
+                resp = requests.get(imgurl)
+                if resp.status_code > 400:
+                    raise Exception(f"{strip_tags(resp.content)}")
+                im = BytesIO(resp.content)
+                Image.open(im).verify()
+                if im:
+                    offsetx = (tile_coord[0] - tiles_mincol) * tilewidth
+                    offsety = (tile_coord[1] - tiles_minrow) * tileheight
+                    image = Image.open(im)
+                    background.paste(image, (offsetx, offsety))
+            except Exception as e:
+                logger.error(f"Error fetching {imgurl} for thumbnail: {e}")
+
+        left = abs(tiles_minx - bbox[0]) / pixelspan
+        right = left + self.thumbnail_width
+        top = abs(tiles_maxy - bbox[3]) / pixelspan
+        bottom = top + self.thumbnail_height
+        background = background.crop((left, top, right, bottom))
+
+        width = round(self.thumbnail_width * pixelspan_ratio)
+        height = round(self.thumbnail_height * pixelspan_ratio)
+
+        background = background.resize((width, height))
+        background.crop((left, top, right, bottom))
+
+        return background
+
+    def build_kvp_request(self, baseurl, layer, style, xyz):
+        return f"{baseurl}?&Service=WMTS&Request=GetTile&Version=1.0.0&Format=image/png&layer={layer}&style={style} \
+            &tilematrixset={self.options['tilematrixset']}&TileMatrix={xyz[2]}&TileRow={xyz[1]}&TileCol={xyz[0]}"
+
+    def build_request(self, xyz):
+        request_encoding = self.options.get("requestencoding", "KVP")
+        baseurl = self.options["url"]
+        layer = self.options["layer"]
+        style = self.options["style"]
+
+        imgurl = None
+        if request_encoding == "KVP":
+            imgurl = self.build_kvp_request(baseurl, layer, style, xyz)
+
+        return imgurl
+
+    def get_image_bbox_for_level(self, level, bbox):
+        image_width = self.thumbnail_width
+        image_height = self.thumbnail_height
+
+        half_imagespanx = image_width * level["pixelspan"] / 2
+        half_imagespany = image_height * level["pixelspan"] / 2
+
+        (
+            boundsminx,
+            boundsminy,
+            boundsmaxx,
+            boundsmaxy,
+        ) = bbox
+
+        bboxcentrex = boundsminx + ((boundsmaxx - boundsminx) / 2)
+        bboxcentrey = boundsminy + ((boundsmaxy - boundsminy) / 2)
+
+        image_minx = bboxcentrex - half_imagespanx
+        image_maxx = bboxcentrex + half_imagespanx
+        image_miny = bboxcentrey - half_imagespany
+        image_maxy = bboxcentrey + half_imagespany
+
+        return [image_minx, image_miny, image_maxx, image_maxy]
+
+    def get_tiles_coords(self, level, bbox):
+        tile_coords = []
+
+        tilematrixminx = level["bounds"][0]
+        tilematrixmaxy = level["bounds"][3]
+        tilespanx = level["tilespanx"]
+        tilespany = level["tilespany"]
+
+        boundsminx, boundsminy, boundsmaxx, boundsmaxy = bbox
+
+        tile_coord_minx = int(math.floor(boundsminx - tilematrixminx) / tilespanx)
+        # min tile coord corresponds to the maxy coordinate
+        tile_coord_miny = int(math.floor(tilematrixmaxy - boundsmaxy) / tilespany)
+        tile_coord_maxx = int(math.floor(boundsmaxx - tilematrixminx) / tilespanx)
+        # max tile coord corresponds to the miny coordinate
+        tile_coord_maxy = int(math.floor(tilematrixmaxy - boundsminy) / tilespany)
+
+        for x in range(tile_coord_minx, tile_coord_maxx + 1):
+            for y in range(tile_coord_miny, tile_coord_maxy + 1):
+                tile_coords.append([x, y])
+
+        return tile_coords
+
+    def get_level_for_targetpixelspan(self, target_pixelspan):
+        level = None
+        for _level in self.levels:
+            is_level_under_minscaledenominator = False
+            minscaledenominator = self.options.get("minscaledenominator")
+            if minscaledenominator:
+                is_level_under_minscaledenominator = _level["scaledenominator"] < self.options.get(
+                    "minscaledenominator"
+                )
+            if _level["pixelspan"] < target_pixelspan or is_level_under_minscaledenominator:
+                return level
+            level = _level
+
+    def get_target_pixelspan(self, bbox):
+        x_min, y_min, x_max, y_max = bbox
+        return (x_max - x_min) / self.thumbnail_width
+
+    def get_levels_for_tilematrix(self):
+        url = self.options["url"]
+        tilematrixset = self.options["tilematrixset"]
+        global WMTS_TILEMATRIXSET_LEVELS
+        if not WMTS_TILEMATRIXSET_LEVELS:
+            service = WebMapTileService(url=url)
+            tilematrixsset = service.tilematrixsets[tilematrixset]
+
+            levels = []
+            for index, tilematrix in tilematrixsset.tilematrix.items():
+                scaledenominator = tilematrix.scaledenominator * 1  # here we assume 3857
+                matrixheight = tilematrix.matrixheight
+                matrixwidth = tilematrix.matrixwidth
+                tileheight = tilematrix.tileheight
+                tilewidth = tilematrix.tilewidth
+                tilematrixminx = tilematrix.topleftcorner[0]  # here we assume 3857
+                tilematrixmaxy = tilematrix.topleftcorner[1]  # here we assume 3857
+
+                pixelspan = scaledenominator * 0.00028  # OGC standardized rendering pixel size
+                tilespanx = tilewidth * pixelspan
+                tilespany = tileheight * pixelspan
+                tilematrixmaxx = tilematrixminx + tilespanx * matrixwidth
+                tilematrixminy = tilematrixmaxy - tilespany * matrixheight
+
+                levels.append(
+                    {
+                        "zoom": int(index),
+                        "bounds": [
+                            tilematrixminx,
+                            tilematrixminy,
+                            tilematrixmaxx,
+                            tilematrixmaxy,
+                        ],
+                        "scaledenominator": scaledenominator,
+                        "tilewidth": tilewidth,
+                        "tileheight": tileheight,
+                        "pixelspan": pixelspan,
+                        "tilespanx": tilespanx,
+                        "tilespany": tilespany,
+                    }
+                )
+            WMTS_TILEMATRIXSET_LEVELS = levels
+        return WMTS_TILEMATRIXSET_LEVELS
diff --git a/geonode/thumbs/tests/expected_results/tiles/background.png b/geonode/thumbs/tests/expected_results/tiles/background.png
new file mode 100644
index 0000000000000000000000000000000000000000..d345f1ce362a31a6ae5cb0d430ffcf9171d6e9ef
GIT binary patch
literal 118362
zcmWh!Wmp?q5T&?7a4!Uk6^G*P?!iiNcQ0;5g1cLB2wvRXic~1>Qna}H+joD2e848V
z_l}%7XC_KrRSpZC3>^**4og8^S`!Wqo)37xjS3IE-uM<Bz`cQkQ;?R>_RigTwoRZL
z|5k<)U6GyTyxCx>Gv~&}-l2d?E&lS_%OP#Pi~k0XI?8D+-@OB-YV{A)la=+|-`kMx
zj|iBn5%vv6P9jA!F}SMp0iti@BP0DPc5AMwkyP><Y5~&F0O5m@`b!|T{*gK|e|rzh
zn9Yg=7lmt2PIyX(&3@fJ4-S5TrE99Hsku*EwJbVBnCh_*m8M2UMh=@LX<oSh;}cz9
zU7fOOtUa2XoYbD3yi<_Q&(GKP<jpy^%-!7Fq}dbBnUc1k7zI{iBR9y$+k3x5RXV~n
zbIR)W_7>J*$R>~jb!c5KFE1~%1-?gMj|0;xUGwlUuyZv(FE33~dgtbbcTYG=xn<dL
z{dR9}&)>(__u=X))jeOeoT)U|Jy+PtxpUR2b$Qs#H7MxEtP+!&n%dEIhvP?N$JS*L
zVd2TW%hY6;6K~G7Z?_@aTPiA1|GS?ptm}0;RXwLarl%uJ+d4X!OM!n|b(-gy@)zZ6
zEVHG0`&La=)vGfvOGH%k#H%y+(yEbk)RiP6*L~g-bKZe>`PgfIetwYSEHfh`!)m1a
z*h>gxn_YJL2z(2$NioCx@d4|tjzR@LoSpt(L^0toUX{y})y~x4?7dHJ0RhjOgOMcn
z$6gahMm0K<kufnbslQiOKds*~Fff2M6|+>!bEe8tlik;jy>g~@%L@XtmFZPxG8gTd
z&2XuxsItp8Mct=WW>(hMaR%!R*|Zda4gEB)LZ1Sx7RT*RJGrB-JDz8O?eAW?dV9r0
zL@dL$hdFhDCk7s_e1<8(+-jR&R9HASKi|mM_{ZL5i=zOJv)C@{vQ^{3V_>`C+zh`J
z``eS#(<z5`!;2D_Am*T5v!IAb4FjHaeE6XK;bZ=J0@|GCssryf1IRQKYw+ysOkGhx
zKww-TLo*Yz%UDN!xg}*hEQvHCL|=Q|TG5tbbk@$(&23=gG6i-M@OpK{lQR|gd_7-#
zq{!sB4D9phs2q_)x0MnT?ECVH1213}D{E#A8__FLtfX6vbJ*;uKa?}uvK}A(h(L9I
zBoWuX0bX82+dAyZBlr#6S;|W-f0>y|+di_9)g@3KrVLS2Jd^iQb@x9M1|CJYd}JXK
z*h~Fw*UZ&8Y}TK3dU^^RvfZ!meQsjP^~D0?0aPkui6iF>b(sQ{ucwckl^)E@MPLOB
z0w(%mc_NK8o!e;U7`n7y(vbMbSM~+%i3R6VC+m#U+3H0{kA+Gx60KazgnIjBFTp&n
zA)C5l1$<{VX|$jb2Xn5tZ4wMZns0_|_mh)WEA6-sU-Rbz*2P3c^9u^Nb)^xpI+l+C
z`v=TZRaF%@plzpiw$AH-pwFK(-1C3zDJKCQwCIrT-qYD>pB+(o>1Gs-gYo&|?vB6U
z2ju$YC0}8#<#>F2+^P{|j7$^2Z#~0f7~dR+YQD6(vQob^>Z;7-x;%4mb#P!Sn3uii
z+kNubllpDZVW}m+*Vp&;<#}dird+MSs&Vo2dH`RRvNmD({H@4{^z{AB4bgRrLCxIJ
zwTIyI%i}5JdUw~Vb(u9|qUThgH%p~_=D=gA#c{bMAt9k^7Iq}~XMA`VNsdNN`}*qY
zYG()0-m2LkO*8P}pgbps9AatGx?Gc$m!A)K<gnTK*%?Qk>U~sDq$w&|&!U5RAYlEU
z=4<AUTq%fSh8=j#+a#|>g`=2=UoX0KmYrIqC`Ml<3jn*wEWNz%vduQI0dGj}Y;Kxz
zWtlh(k4sHcP2o<vG=a_Xs}8rf&1ZOkyK7x`Z2hR5*y89@d+gP@=#X8e&z51MzP91p
zZB#d(GH$_}L$h>pa?-Y!sMxuBvb(!`ad82>?(A3y=8YIg_2uQ}a)bk0<1e~50qj$o
zHIK^r?d3fMrOw3pwQn5NcY#Pvi$0B%m|-))yxMtt%)A!IECyje5_}ppDSGPSoU(pj
z)Zvl1G)=SNVf^r(&1b;WQ&RAGt~>-S^~_)<GNx+tC?hkor>-Q(yLSJ)=vKDY0asvI
zGC*_{Ao|d<`)jkAXj424M-4cdh0U8AuLeDifh_}cg|T-WF;hSQHJzy^Z`n{fo`{^X
z8YEj^4)>d~@Ehia5+s=wF(b*mD`KYq#;rh4sy1=MHgDXPRmPLWzU1od@1OaO^%=V%
zoWhueXhCO?gIYGpaGRftJATcQ$+FwXd_M{m+<7EuA$YoRa1g~^J%0qmX;oF+Tkvll
zteyc6K^aXGwbE2c+1TwdbmJNwV7q}W^b#`q;nhi4uy}cIh;1pYTzr-;jrca4Z}gvV
z^5<)9Ab4)`tJ0^;+Jz$@Kla#Wk6T;-u^@h%KmPLm>Et9H5}l2yKjXOyY_?USgr0lB
zr+FHWEj-j)R|+Mj^CPd$?(Xj4Yaf6AuC}(jyK{5JsD|Umm(jOD(mlC(c_Jbrt7~f!
zVU!X7?-W;-p^*`<O5^gele2R{em-#b9FyzaexE;owzk5g#Skj}(*l^qaR(5aKkp0t
z5fel%j%^qix4HsO+^hjNX?gjh&cDaoQ=eQ{3Xpr(*D~8STq;&7st6EXE;l#ViXQ(P
z7H2wot@ll|r=e11Gq!illRLmC8r4Ob$}<7Bvym3@kq8fEd^#sO#r#*Ky<5|;beyx9
zAZJqMEO<b3fPcRu-trx|nrYXFWN8750$P+kWmS=zd9%&$wgCj!$w7_{sTkDx;e;W+
zB?n%^syV6BR3JxDQEerbmorR9m`5V++^Dlw_^)`VPK(S(NQy|uB3SqR`N)=G7*o*Z
zzUIl8>`ORb%z7em5!yD`rdVx=N$F#1KjP$CP~DlaWY7M7N|M+Nh2vhgDh;-U)?js1
zHTsuhAXsYm^4_j_02Ko#S!v^uiqw?z?N)dMAvAGkfuqhofZ}s}-?%`+;F(L%I#iyM
zbMaA=eqd6Cz8D%E3pS9JPL76Q(#Jug=<e;CQ={yDk9%CZ@PX_hZy)m&#-&;uW4dX<
zjLd<+({Ac)f325PKi#K`B@1pgC6UCXCB{7g16HBEOsT9cYED_L^PU39lO4-Hs!;CV
z);BmpH<KA2Z-<plug<uXuu>*)^?NIb@_FXhvF0Vrz4;bLPGQ%mpDv~$MFFIII@4B-
zS<3Wpau9WB!Jp<ErV%<!D<}8drC)(;ipUWO<miVUH71%bdL%#;0}?y6q&FH6WOQ|P
zO%f)p;F>hioe`sgJUy=mal|kOgLQ|LHk11Oy?=G-<a-F_nN<plio%ayuq8f<Ter5h
z0!Dms;l`Ck-Rso}WJhxm?rElX^l)zOq6KR7DMv^48>lz^gH_%59t?8Bl_X(+%f3@z
z+bZL`WoP@<=hr_JtUMgj(-sZm`hkGFbKY6IJ=tuSg3fMck*T3cBVRQeeai;UeD#i$
ze=iJ26?YKl12Q50v3x6%&+~a$a+_4clLjn<n34T%9F=agp<UgvdvpHV3jBNXe7FWP
z{`hTZ!O(OegLlH+3X6L!l42~@cgTRI#n4YRm6?q&*Zi}BrV9k^<_K#&vaWb<*Ur`W
z#$nPs(XLr_D*q9wS#;c(M`BRAl%oX{s)NsN#F<zPt#^TM+A)TU%?wnAJ*<1{nc*`&
z(u%R<YB*U@j80h<Q}Ota>X{PJ;F!CeG&phEFIn~2prZ$ir=DDgR1l<;Xi9s5&6BEs
z?+5<a>?PW_HY-a0cI=fbWJEqVG$O7{pK|Rxl`GW~Hl^3uun!lw<kVVS;KIEaXBkT~
z;xfvz=+ue|n(n)h-KRa^xaB9u=ITiKJ8F*$dP>V&scs#&7-$w>ZueyhzvNIF_{z(@
z`vzxV)oq!@po#W<dMEn616Ni(!)3B7>JPN*V1WdcA!rt<Dx6xwsuPfq0p#cYS+oE^
zNRN+?K`)mDOr-z<j)}pb3iBrEi1Yp^u9=&14#ZDP_742;$ddP^xJsyhTm|#s_sm?k
zrKhd9^Yb#G&G8YBK=woc5009lxu#%ZZz^Nv!4;=Zy!$*Hcm7@q<q!#O>@lu+^y4-r
zjjx#`p8BRvRLXe(MY1OP8-j=+*6q74qdI~5wG?|0%g{Hpm=LrG^vc!@W-J8ZA^Zoz
z#|VbMzZqe;ZKmeu1d~{j!OGlQ5O3W<4&1`1=5Zg~V&xZawlYTMx4%Ye@XY=_iq6qT
zUQ!9rC;@*JUE$@<D&KCphGbfer9ZschRhk*kwmys_@pnf@Z*}NA;W&?#5@)k^X6cE
zCW(y1YFb}Z)*3)8P!{C&Asf->(@66sf((z<iu682)5PG~)3o85(fCYu-_sKOGD4st
zb<F)&91yQ9gjZ?5oT@e7Qe->X&hv>okI(HZYC>6craUJ|4hbbiVM)knI6tqlSJ}LB
z%%MT=bZ&VyJ_((0_}>nKj@XO0V=`1;`Kz}z4E^t$MLO_?TNfQ@bC}xVsF8-++Z{Y$
zh@(y}F}btm)XEs8?$F?XtHyGtt^^Ln8q4422U}!G3G4w`l>)mK1I7fF#`wvIiSZ+}
zl_yKttCLa~=>(rJyzj4Y%<$I3!~Ycq>5moGQXriamU9~Tc%8h?8wdRr?GN=f^8Zjl
z<c%<MK=7t@(E-3}zedOOp@bEhR@~DC?T^Na0J@;|24BpmiMa~oZ*6VCJAyJZ1*P8n
ze0qAKIDg{>QjN;WD=08mG&eG-jNSJ3@gZF@5D{LyeFlKj5PlKYBA@UEDl=4wh$iAE
z(Z1)<`*b0E2#isq+JcQ4Jc;YNN7eoXRhCVudAGARN40#A!(`yHc5!_r!J@So!KaUm
zwGTQ%zHsbCOicXMF$B70nBB<_Rpq9&A+Ewx(}g%YJNr}siGxUzVj69G@w_$DVN;3o
zLU~><ssh&&2f1b>g-g0?RQ;YrQy65ui#bI5#(+P18I?UQZ*Xhq1*0o3k96>Bw{);S
z39>L1G7$n<J7^<QTjJbcWt6TOqEutjQOlbBXE+|3t;lW*PPeRU-0lv88~XkC5c7iz
z{Hxg<#iy9^zQzRWO{_T+lWtR$IW}VZNVGvncG&@E@l^IoNy#8bYW0#zj1_3nc>EKl
z2B8KgemEly7%XGq@s9I5)%knratpQBM-1M+35l7ft<{HJyW2Zds&B8eQ-ah&Bp#dx
zS;aILdQFpfp5oL+U;DmYFPX%f*~g%ArSh{T>7~D$Kxp{5j19uX93K3H1c~?vz8V%C
zqDgK%1#FyRKo92{y;@>ed@z%Uh2#pc9+`&Ili}aR1zrY#@XX92DS(JGbC5b}UF~8+
zpQ4aCj%l#m())CQ@jh2RGwYL)5%O@b26$35PZdZlfiL&gSEC++0sj6LJR~;>Z^a@6
z<%qh1UPZ6i+<Y1rg+)XFJX{0{0w8i^BuW=&dSVu9hSHkka!cc4tZ7$!J7?o*@9WE8
zBn~LnVcDzM;M1p10k^B4C;lcAGdnRM*hzTz%ZQ`kqi>zxN6m-qWdGQk#CILW*Yl@t
z-6B)M9=w)cI5YJ5EU*XUw4dMne}pATSq?gGXPLe+p?mY=8+o5|<rt-@>g*gRUEa?O
zejljc8mfCj1wXlt#uKTkSV}rV3JQjPuR3cmk<<xFby#I2ZMX&@179O5-K8LI@h&FF
z3PY7Hg0_cU-n-2e^Yq|=DUke(9wX}~7drJ7BN6%I=oE)8EnS2(ygbg^s`SVGglzjS
zj&^DIBi2sTh@bp7CJNsw^3A&1xE*%1XUR`b_*8Xb;RBcIRJSdrzCVGSwUboQ&Vo-I
z3Oz_aB8Ta1gXCm$75X1*7;dZ@1@u||(7gE?Kjk#9Y#lRkE7O=}+UZ9zOW&TPDP0oP
zctV&gBA4?M0@l<<PBKe|d{fW>r403g^=}nV)F6;?MK-B*53}F)`JcM9ejOj8*(13o
zlu(zE&7{u5EydfSfz|YKO2^PEkK0f&xgH};slBJ)!SyE^3s|>pBYwIQr(5wC5)uMH
zsZ6k}Nqv_|(0%>sI@(Gcs=+sPAI1}`IH2yMJtT^7*-%QvqnQ}_h8RpWdj9-)dzV*{
zK5ha3OxYYZMJ4!eXJ-faB@}I8$0n};D45n?j@O~GE;T@v8yF~>rJR{sAQ}*=)w+C4
za$kGI#?B6uNZZ@A4-pyiC5pLtlKYIA@^>zP*JGmgIJ=Rp`F8gJtE~+;sk2jPQf-In
zAxdh2^b7Vrn!+#7Rk!vq;d=n|0$EMZL;|Z1DOZ{P@;>*?Pz6d>lN5~S3f=#Mzwu3F
zX+jTF+~tS#!J#-ka~4`K3|E&<r;yPVrimVj_)I(*w_3mX)e`w`@(P=WYnl{ifQCcj
zEV)#(wykD&(};==^2U9QAkkbAO>Lf{tE0EqdHDtiiZ3rz!Hfg)rlQI8G~kdAS#poR
zaK)d6LG$6^P!B6%nUYgKO-j819Y@ak%n!@QL>&esZR501&~f}Gyk~I2pgZRsONTnM
z+dlkUayOBXjwSJ*$F3EfoT>U_OA30G{HbryF^<#~s~}w0&$*AAOaSZ$s3|=rpuU7A
z0d)m{>aAo1Eczm425!Hu0K`(Pnxpx-{WNJi2;TwVDQ0F47PHDMz?UQyEqPOFUQ>vl
zZIwT{d;NmyGgS~h<9sgeYG_9!OcKFbmHsxy6IDTnN<j7fdq?@}^M@R}CDD~@oYoY2
z6kLWhD9*VrKvHO_OK)JI+#Z~qVEaFv?VvEB7OaQ9XQ>t5VvuhtTpr@2(EjuMETTXt
zr@Pr<TFj}UuMOPmj#AW2YSt0mVg>Vi;T4GiZh+<CfXB@MelWemt@+B2Jm>1?hjB~e
z^P<Cq<dG!Ie1f$#H#<9feSO{ga@4!FzP`S)VrXcXTTmdyDEE=t7fx@WrK7E_@08~E
zWkS#sf(_4t;f8a-deH0ht>ZFR1n}<ejHcR_5sEp0BlaYIG7sEU0vgA=6Gpj7qJIRI
z_s_TM=6j*eP;+8_k$&n8;mtSD7-yC=prAE+H%$caL}g2{aY6R&BfXnh5@eW4!n=6B
zVETomVP>}t`SHSE?pIppsnr=mQ0rHgj0v)y7-IwpLQt+-6Q%O64bEuPF=jH1nM8rt
z^X*Y+hg=so)RF(^IFtJasP=kEo3b=M?K@6(j$?gdJ*qa0E`3d*udZ(7B%EJSg*O%#
z^%Kv{roRSkACJ~?>b9fHG8Y4N9ttH7G6$GotHhlH&8cnr9c=38;hGXN6t*K9VI<vT
zd#ZcXa%7b<JpvGXqvhrIw_?pXY1rLkZvxmxxcLWhof-&8Q7~P1cB;5InzWTmylZux
zu3g@*ddPR_OqthN1uQEFN@L*E-3zcnaG-+UGGvnFb8gVlbYyI*dy}tqrI(HcZ^^F<
zecIKYEhmG2ic5DHZw;LF+hOo|nPAZtPe~xJ5sA@2Af63+Cfb0R${J9xsZNUR*KmGr
z@Y0Z6DZhh}M1&x2nv%HCpOx05K$?3@U3W2MQ?eS!6S`KNe#r(sF0Z$}0&d<!c_OoZ
z3otzeuTKnjnln6fH<FVR0)P=v+W<VIw^y<tr>6ujG)7vGTljiMf8o>o)ZV39fhcDU
zO>-49K?HTetb$T$>i<CZt*E~qTL$18RkP>_0=fABW(cFD`*-iJy1R0_9+WWi1!FAb
z;v4*x$)M=~(hec+QiwlvOK#QdZ=%0c7{adz0X0Dmbj*T{v3TrH!xZYX@;ErNB;uq#
z+CUxx&c*a(L&SwVm(}pHzCWP^F9FUBpI69l%feiRTj9*io((PrDK;LL{_S0>ZMJ;F
z7F|U}U%WTd*aL7M%6^kf;_WSt858d=S*aK(p4Hd(>%B+Dkg&<$M&bzK@FfgLu>-v3
z>)9ZV)yPg%fwzkAu3I~1BR#K+q-!UGA2Z!i#s@rVtd2N7XrYcht)~TlA08XXR`yyu
zih&T+SVTY9WG=+iPWWY#cPAIk;Y7j3=4a|qHK~_^MW>M?)mwl?^0lGPuM)h^5A}0%
zlT@d!-+xerilkHy_!_fiq%xV1mPIG(+u22xH5`wWaTAWN^2Bv7=w%-?7zsWdk(>)H
zq4I}E<9(}?R!kbP*UXIaaho-6e>eN5Wzeg+qgPEJ(r>7Zg8_U-OPB)jr;_%KhUAMT
zr{*38kHL3sg}E$b&gD!Y3!#dksUaO8d}3vzqcV=;latkO`RhI{?j;|#WQXniN!XaK
zO>ML9jdrM-+2DmpYjh2P*U{g<??P1kgQ}I>%o14+m9N@9A~HS-3k#b#W|0=H2)ovK
z?E++^Sm4v$*_pUW)N^Mo0-qFjf0tQU`|A#;Bek=7_Pzhh$*Ry3bFHM_Um%?C6$Hs*
zZ$0&|ZaD&srn_z-%qQn`ty@bj8VU)nETZPTj5;&TFTR1paoxrh-^8Vbjh$@aL3J??
zD+uw*@Dxn;hnN1y1aQ3!=_@!vAau=?zqJ;l8IWDmGOHfblJPjT5m5@ud?SM6x%N2g
z!CX9o4MK@_Be=%V<b&#i*l^(hNoq<1&^};)4H6(rf)}!KV}o5Iu;EDHLiSACKN2C0
zS-Uvu`T8pma7>1h3<4B#XmP#v^z<~q{ME}y>SZtw3SL;)e<JDsXTpjErmRAc040k^
zCR7KwXTxO&gRp0$A*802xeN;lEDM^^yvIM;FmDZJ2N-O!H6R}x-=5C!PnOSsxp*nR
zIoL436h8b&vEobWe?5YOpf>z<8)t!SKZ8T(5>81OU0V}!stJwc>-U(lFBg=nZ;&T!
zvRVFGmtG-zT*rD)9)B%7ePS33bon`+hiCmz8C7vbRrU}g%-kqJo;Ph>Iz(umdDyq{
zD-!p4OlL@uazQ$xEEP9T;#A@|3Kea(8uG7M{?6neJLQPu`5Q6u<_DDby0Gf;HigOA
z2PKoM`gT3K`X5;*bnE9@7xEu8MK4ea58YZ-X1<cmQs(vP4WWs#Xj|wLq>Tx@K3)C*
zvJl{_VIRli!EwYI@f5;BLgpfu_($9<Hh&fX@FgaOlTJ&jtM~2Ge8AIP(zU_}fEOgf
zpssFip|<Q`o4?*F{n%n+Vvz!rVl=*Omw@+rkVGPeM)$>KA})o#c|${^GlWX}eYr(u
z8}G8Sx3}CkQK#vJc8|XLn%0Uyk*uognxJCj@;<biv{2Er05feQ!#m_0-@%Ux-JzVQ
zZmaTBLy&ryo^;!vLakq35=qpWghuS_g2}b~tZP0@@3{OyUcy2@B+W$M!wX<Pei4$>
zhZmKChrh#;Lw9Ewqu&f2RhA7x2<9&MvH*`xMjOn7I?swM;FBJJimwyteHZDei|w<f
z$7?mReP+imRr@<l`vWubP{;?vrz@9rL*+kcNO*7w%x>>nQ*s+Ci8S61p4|Ah2rI#k
zrdkxTd1~ZlR<%e-3(3ssh+||3=AqY;QEi!h=Xa9|^<ld*gi+%T*n8?Sbbo(0NzG*0
z)mS^6ng{5A;xWEky;11#3k*|))tVQUO5^##=pM6=0&}LcOLKSy%3Yfp=D&AX9KMaC
zOwL;*t)mgbFkD%e%t%~UgrU@-s|53lhk#o8-R0)Y$Cpgg8z8~?zS>`+$PE-Jj%Av|
zYLlbGp@tYY)QR$yZS{o?1FKd`=OKSXY)SDF<@!udJ5B(Ew(~|s8C4OY!7FY(W+RUX
zAWMJ@lIA=KIUxV)wQ~fzAx;7~eg1PAtQcZh1jPX{e30_|%#79!^(IfB)Cm!4%zVg1
zrZ5hHyftr*#wIxNy*kqimNe=x1uWix#8j;>sXsjKDq>4mumZ7*;DU5WA@j}c?4+%g
z`BVTp4T%@BJ6ApXjr78S=>@x8=D{DIbf+8ilr1_wLkp)Usrn*2zW8=TRxC=Qnb_~x
zar1wm0`y>I-I1wWbkJl60IY)~Rvtn)NnAyz@ej~{Zb}k>uf7DMZ^Zr@!5H|Cd5vqv
zqm2|u9*^zq;6fx@hcoVwIv6c_T@-`!0Te73ue>mKnUUqq*&=tuCy-Z?F0eHs(br;N
zx&7_K52yYl+#TbIPvyVkEmJk=-W``Il#)KyVs1Mvq<$lpW&Hw8Oh6?Htse9WGo0}y
z^9(C66%U)$TnFUC9sBvh0LXEf7O5O*<nN}^V?`&GnTGdQv%XvI28WQ_3FT--V+)U=
zx`qI&G(kGXpijtYSvKn)Olhf_WGJk~nUxEAH-yrX{Kz@!?EOaeyAVAhrg!2`JEd<n
z<T$!bNWZE^JDW1?G2hdNHtm+U>`?bc_*g~`gZ1fhiLPh74H|q}y!80`TfnC{R{kR9
ziTdKE@>trmOd}G{8_^P^aEC*FxP0UwM?l#uLHN>Ao;t8T&`N6%k1j{#VT2fFgL24<
z`WIjfU@W%v{2YS-6LymR9xVO^1q5roR(=dt(;|G8>yx<|*&k=?4~wt^7}L(rr!Fw*
zFa`MHgs6~fxDsT6M7{w{hW+6x95<`UI1XdGdru4b!ngs+y1j>?%dZ-*{9Yk3b5?;D
zW~5umAj(Pc;p!@h-Zl!Q;%h@UcPpkP!7EO78$h_(G8d$okQdmRT<{S$TJWL6Bv6Bw
za#W`T6=9XfwZ=Y}&be06Xlf~bA?`A{2&)W3H?<wY9Hrcokya$F#NfB1dHZcXosf^(
zEIi@^nkZ2*iXw$MVRQ-_zK^z?jbpcV!b^4D>A{vo#$}EJ8#jm>g0Eu5%q1YQEFy~e
zTzj;nDSH&DzYG;E7azuN0HpAooE*kv@?DHFqX33$!w+&bX2}_vUI7JrHM=ZKaVolG
zTqr%0(th@ST1xui*9vgK^fEUM75|L0p;0^?IJ;Tj_p#HT#;>m0=8J3{%2l*}*UvN%
z<2N=em~2Bg--a@Y*HC+WFp9#6QaIx%iSiL;r_n!bh|moa4_h5tHVbde@Bhlq#x~jL
zU+)qLL&fK&>ijJ{Pm)HRUlvIe8<aBNgE$Y44I8rUvPtp1N8pMEL=hQ8Q9`_(g9Ee?
z6sz6AL4@j(w?R+mkEgx89Ub8BU@(vXVunMrxAt>@qxMi^`n$U;D~&4r6@Hkrm2oXC
z*OD)1%4K`R6_H!oy#GTahb%-teaNjnc3>0s{Wg|LZL|R>EAg&PPh&C$X{f&F2lH=R
znu>^P_s`gMS;;N8065`sRO|(0M9fBjj@SR`eMG(NpbA3~F10m_w};WxythCGB(2Q@
z3nhwHa@X`;y*rFoLb_&4pHnR{76%7sQVn$QNM$f;*3j174Pn2**DbUFFSTA{+8Z5h
zAPo+9h1B9jVQJ(r`}AWE1t7Z78_86k3w}g=&Fnk;%L`Aw5%yECjggmV5-D~-{f9(5
zZ}~6TYSi~}e92V?*TRp}7zfB<kZt_)I!Ic|z)PQ}j@l(L2wA$zMMJNzpBcR$51;zq
zp9ce1Tabo|xsU+Cc;w88aHRaKwpK5G()mFl--G~X>oRizu|C0l{8ql%3Y-+;p!|ws
z^rDT?AV*p0F?W!%^!#wy6kS@OO*+}nKvD>-H|Qh8zdr-^!~7ZtENNEvTFKnL<X9gN
z?)hA0$Mo*K6w{JwldU5Q6HZEMb?nRm4@py-T$o*A6mFgS^bk$vdC9K4jQ5m)R3)4^
z#uve|>(y1t5@l*<O!umb)`mF^RXx)XI+qsInuL7lPw!uTVW96(`bgJVxY($K0v|JN
zi!WE1Xj}sVu=Ycu$auB;^xNQ1*L(T6@8ZIY<i~()KDrc6A~^|Evw&V&<}DQl^e-3(
z-v51i>PijWk34TSsCjwreZ2*=l&w{8M{Q?MkE~B30vrQXdxG@i{a%4}BdG)}nCAn=
z$RspOf(JTeq=~I@1}LbFi$F_*v5^tHOS7Y2K!8X*t*d97LO+uH^gk1x#K#J2ildDI
zYEJiQ5|n>WFVBx-QJ|z@vyeuTI1PR@t@p|=P<hHIx<8I_2$3Z*E41gnbvl*}LmDeI
zFLK+%VRmxTE90sMCZ2A)CNc<a$-}WX0})D0oXr)o35N6paxA#9z$2+b^oiMq>15Ho
zv;0Pe-$ah7uFIKoZj=(VS;*g06KQg0MQPi6%z^Y<N#23o0{>swy(7Yl2+-55EpTG(
zKcw-t6n;mTnKn(cIov4h3e!1kj(c2dg@cUxEoEitLyNIzqvEvGi74$Tt0ikORPVwh
z;c)9pd1?~-aBy=1e07*<qfF--gT6^bZ7tFTjn7W1fOYn~o!~dlpUT*iX(~B6BQjpQ
zDzx%lp8x%N?erAec`2hNFO%Km{PYV(C-U_ZUD{KI4HKb##451<U9qT?<wQPqEwj-7
z7(|pJQ_kffzAPHp9TET)ZXrm%j%~*;h&~QdMw>A=VW6Ag?4Z_$@&oRK^iiA)8RO>s
z93*);^u8{!Lz+~p1~spg0DTf#CysdHvhedA?5&27u$%9eHj7&>&XSAtQxtb@Ztm0b
zY0%q<5J}9^RG_+i27si6Ay8192R*%gl{3@ub}m6SHa6b=@ump81W1{Icbk!#-^E_e
zaXk9m+H<F@UT<HYg9-`?id)q$$NB;OGyiwPAcx_nPo^Qexl9RvZl7N-dY{-)A6zK_
zj+N1yGk!Zk>;>BSC5o@$2cYu;jVqO<VKYQ0*k<5R*<7qAIbrfQ@^ZNei6Uv`=aRXM
z2J(lS!)8O$%{<juMTQ_$ix%pjq+dxncy7#)&B@FVa|i-?Z|^h#-4Y7(@@+sK2!cJs
zZEP%IbimJ#0g5R)BKaOn9#1c&94KgyOKjori%<I^{0@5u?gnl&Hfi+YiwF%EP!oYH
zN<FBPG*L{WbA$f885?1a=!KOJIv5A-(qTs%r)d@uaIM4rrmu_5fNhBws#5G1e{aj$
zbV@EE5i3m%1%nbJ?!9)zd$l#152Fzv5G^u>OPYWvsk48Ynd!gWXp4@W@*?sUmdU;@
z4Sb>dbM>uwbU8<VCa#@Qi-^jfLVC!J$X)yR79p_c^=OsR%_aYb+TO#wwx=8meacmJ
z>HhPtO6b3+prC#$v*U#r7`7CdA0m#cXRJ*o>)B69upS|iq-01yL;6xn_~+p2I?$o~
z$RF6Bt~Pamk?^Fl!JH7v4z__<k!TPKC@_-z6FRT|d3?+&u3}=dc=T&CkmkCLlO@3B
zgy5w3J2OmP+9mT$a`K~56mi#AW$)?x4CBBzO9POOo*raG)btiuPtfa2<lDfzgx7Pi
zqFhwnF2CDp;e-pIH-+WkuUiz3;#*2&bSGDrRz~^D-q+Jtq2~&K2VL(CDsX@K|C*O$
z=OFS3ptTA|@2410y*RZ3A~+z)0?<`LaU^26A!djv0;pGuF7Yfp5%_8j&vB*u&HHfK
zrf2NC_09r&eC{|lsD<T?z*OYQSH)7ubwU(*aKlN0so;b0Pmm83D!BMjW5zC1fQTZ2
znw;^*Uih)x`;#uHFq+oDSOi7bKlIlnPa!4BPXnbNi8a@-C}sELW&}l<AQxwE=B}i%
zDsv)N1WbM<TJ1m=7v#Fq<Sr``B|QAN)zIzoHJzzRy#f9sq0<its5k+wx6FBltCK(_
zZkmlaMKi=l7+vT#^gT{PP_qC?d;E+7*7@&}OEdl6q)P{0C2<zQiVQjw)|CSrQ-gF2
z%o~??dV=z5zK(0+rE#`a<s79f@|+uJ;i=qN|7~WoJhx_&8ICv@U+@BJdUZ}cuRg8%
z^*%Uv9nZH6W@8w;219C-7ka+FWyPN=QRhIz{CShOVJv&E^^2wz25z4+*Lrwd^}?W!
zCzNF*42$!YWf5>Cw*xvxz~PQUmFT?1VqpG1+9KwY|A2NO(Sk?;1?XR(vm-wZaEWTu
z+Ia79ys3=-9Qd}XaQHH;kfKz)dqJHv6ifXJma}z$s5(QVj*+qx_Y2wJTWdrpPt;M{
z3Qo)Vb<c#S0(iEq?cGsbFS5t|%d;QiP*m$L__#ttstASzglt6`Oj!hC_1wOQ9+uK4
zz#NLt*)Wj^5Y~=?9*+B9G~sw!f$6a}K!s^>^aJ8{4Jl~OyEQzVkJ%z7J?#*Vz%Bv@
z^u-i&7Hx6&*!S}qH7zD_t^mx$WJTJWsfFLLyC_ZP1AVkE9U4!<scYBPWs*j?)~t3n
zxf$4WZm7T!67juDDXWc|C~1r_W6<mi4OB~!XEL@BXg;fFtSlrv=GeMH9kc)YJu=47
z+7Nd)mX6Bln{77G6`-vvtignY@7TGTOdT7bgU!@4@%Q54LGXSgBbXGiu-vF3=b*um
z%{4w|{tT;><TQR6PMIFP&wPt*+dDj3QsE2Xe5&f2)#MXLj*$j}m5jw5C9|TPss!6H
zkL_<)T#aG}*Y9h-3M!t;i`w+o#AWoIHBBkWIXpL-$T#qv^jt-%$9`1l!{9inaeZk)
z(&gc;iBfRjgqNP<O)DeJTD0TXkAXhT;kO@WpU#l9?BYD+!QKNx%VqG5&fLyJFh^i|
zx@5=+zAUDL|9VIK1Ywj`Vs35M5Muf^b2RHuOz0?CyttF{IfpjWXcW)pVe#i4)DZz5
z!^;I{*CG(_h6NXzI%iwqo6qWLF>O2@I>PxYEvyES`;0_yjX)gORnuLQUtvz&A1SRi
zrlzp)Oa=4S*4E6z+{jCmlN1S?yv=Y-66hGBh*KiqCuUq<B~Ug@w^e9P1=&Y$PhVDh
zzj&|u5`xjW{^nMaE0rAr5>;r#C7;TdTNhVXQ1R%a9nAN>E5Or@xY$k=YOOYeJ60k%
zQC0H*qZauBFM3(~J@e9#$D41m_NM-GgfDsi&-YtKN|fSUb#v^H?;7XuH@g8JvhLdz
zo8V>vZYRK&d(Z=8xC~ZLI-By-hgM})Uq!m&E$4YQC4QX;%XC_SZ`{otQ;|BR5+?Nz
zDgi-Pjd(D(2$jAtd;U*z*qCkX!r~(7#G<f}-Eo{+1EC(hA-v@eC!78=ngPA)nW&~v
z>+#KPhMt5+iBI9_T-*zs&3hge-zyG91yg_jRGnI*Q}Lg*(&V|Fl6Ge})K?sqEku|8
zR>HyFloM-Zr^BPv%$QjV8hS@%J9_+4WlHgT=|M@Q#q-<F&n@QFGd-#r!_%(h#bY*)
zn6L)3BI_hD7jzH)^%wcezp{?@-s28c1}*L>rt<Nj5l*||#v7Be5ykXqZQALdSUu{n
zg-IG6_!3E_@F^r+k{M-YZHqmukb#ZiK?GJzJFYGlvzGqM!!9Jy@3-{wM*-uCOmwyp
z`GAm}DxrCbkFb)I`%1KdHh^R@)y0|*djW6+!+!XzgDNG_4?HPGTsM-4H}LOkM2h%v
z`C|Vdj}LvZ*g03KpqBAxWcjRox|PN+4v+RZir8{AlcR3O%gv1|PZelV1WHhKZ*MDr
zd2So_j&z(IVO{eR32>W+a-1Nt3Y~|R*WAuhz{o!DmUN=>+&of=rF<Rd<SY6a0Tnl}
z?P52RE(9Bj`Idchp!xIXJr{J0KfWtQ7g8tikuu$!<2nI~+}!%dJFmRW>6}PM)3&n0
z#!}Tg2E|mFKUztOZZK+7$zu~}tgYh3E#A}JI3Ygm7VvGY-?6pW?N-hrS1vd4!?%kb
zjYO0;!5k^`h0s-gzu#e&Q0Yn$Z%aP+8aS}6`hLD8d`F^2g?PBFbd6Sp+WHZv-Thy^
zQC&`M&VhrCp#73_Xm%DoyY8lZ#y{gHqn(`0=!*E`A>~<Q4OZ~-EIKbWo2}k&7DhTq
zX;jlb4bEl`ZD6mn7Rfu+`^N9#;DiZ>x&kt1jn_TLY!5?`3cJIyYKO`(R^_AMX}P+6
zvYB@fLi-Z4Rg-riFk0!pZ_rsO5olA7IQ;PAoLX0vgR~{>1_6DGuTZd{9NxzS1d01U
z?WVhklA%w#Xob53?17Hi5#Rj0;gmlZzICD!zxekLGZy3W?eZCr+_&sAE2u<uIIbIs
zZ|OFq?`U-Y;tUBrNvfGFa{p02uP7mIIJ&&N1d40lcUNo7EJgZ4r~gn+;TnVcq>d~L
zl6BE-y1hL2%MBR+e7yL*d#GQagG3HZWg)`&s(r=QD;tCF>7D*L75n2X=toRR?wu&b
zeuX7<ZF-Ykh0R(mlb>;>cLiK_JYG$FK95uNnjPzh8iU|(f0-rtiIh%Rjb$u4S2fv0
zs>P?HVn<e`JDMGp`uSp$$%^fTC$OldfLId3M?{Iu6P5%;c=v-Ug!X$i;~G3k0ar57
zH*2P$ZRc(*55}>~*7n0CeD+i+L1!_dZPM*C%|&^LTm*Yet84Vu6?^OR2Q6ktUANmg
zr(XL;be<V&1^@kQf~g|#@2k?(LYt*|84UP<^MCN^YocTZ(b=S)(7=?sOTy*%28Z_i
z1SqYW1<|jTH&3KaBQ}2J-*<jkJZGt>PPg!NV@u6srxjV^u$u%IM}pxAB7W>Y&-7(a
z#r}j(AJ`yNnWU|iUe%x(!}y&r5F)Nu?`FVmA>f-q4=QZSg;EEddnV4yzZd7;kYH0m
z!@r13Zv3rpm6@2?VF+K!@7o^^heIP2vg^L5L6C;mlt>KEJ>)?5BS<jsCFAwNICO0E
z%Z916kswl`hEmDbveb%Jr7;wZ@bOqPjNC{UvS~&Ps-G-R11*kd2{M}5zG$U8lc~3-
z>j;s^x>L*@96359@f6V)9DNO=DC^+hH#`X{U$KW=Bl)qCNLeFmdWw@}^e|n?y^-}Q
zb6aj<YZ9LL#Mzrx=hh!*!)DR()c1yRGF~|nj?Vb6ZT=*%=MxjEe*8#?qXh{K*G}E<
zzH}3<R!kIbu04NftT*DsS0F(}CzT~xiWwMnl`Io%t_E9XP6=yKAqyX<w^;&u%OOj!
z3xNhEE_-Ryd0_sy{%LV}K}^Q8$ZyR|X-CL!<@fYP{_3ML8+Qb1MnpJ_%3Uk#JN0>T
zlaoOA@UD~cRBQi4kK4AU!mRS714T=Y%HnZ)U{!JBW#i>tB&>P6?Nd(Fu2m4sxug3;
z>A9?m0RK9b>4|wHEr=<5ZMjG9*u)HcT!8$HRd#$3j@|u_cRV^h>0$C`bYg7E;E18T
zowqB<E3}afd^Wc+P|2)KkxRwDl7ztTjV+vF1Poq$r59{+PUmw%=TC!*OJZPfnvjMO
z_=s)u4_py~QW1GSL}QU)DUy@bTFLOKNJWZMrAM!(jPE==_#UwukM{t*;ty)C2V%gO
z!Ni18o6(;wB_^4RA)xRYdx%ue=sJHht_RW|o{l>qRJQT>=s3+#7cWl&_hbA2RtCux
zIMRMigasaMZ&EAXJk^kQOurHKuoBgAx;HaEK0k+K-uMc`mb{O1fiA5l*crdi@FoZ7
zAZqA~IPG~i*bC`}l$ks8FDFeg9i=!aI=j!2Q#`E7KOMH}_p$jS&#5-~QmHpq_|hp(
zQUDKsD(E}pyGgfN8(HzZF(YKNr%ml&8lw_w5!}zuo}NhKNDs*F-_9rPc{nFRV6TSp
z@3Oiu*(k&m6_KB6sqQfflE<}ZD>gCvmqtO>&$5!H+Nv-Jduo>9H7n-Fa&Hub^L_gB
z33)>hirCk&(M>QjEWW!EnrSz_`cw5^owmk_*8<1F0v~w$P+_hrHRpPJaNJEH0<7+Z
zI9zDYmA`z<merJUklBkRt?%qd|8UeBuv<UhQ;8(Wugv_r!XoV#T_q1QtHGff!i)CI
z?m64_@~}mb&f&fGa*1Zm8g1j!r1!h}d2pWP8M-;$<>df%@;U4$pR1~HGOA9_UQpt@
z2SBE$#X9nte3DHCy4X~@*yuQ@1sE;p&5~UC({4@p5M3nBsP_+Sv{KJ4xY|2ArP@+D
zx#PEi-T~k4GQBoI(y)C{2$l<jrUyd`njmK2v0d}SX5?GhI%|Ajc7)N^ikFPICgF%0
z++VLb3q<DB-@v8g<7kD>%8|84qJdBH2k3Of?`(?0xFxDxKy6n^A+K3XgA$JjIbI7+
zL!BpJTrJ4Ye&HFmufzWYAOhBUrwhAhIKMR6(<Dj+!!n9{WTITJuu@E~dZ-LE8e~dN
z_Gz$LWm_?NhDOkDk%sYS`xDeftK7nhO}x6L_Pg%5Ap&Dbs<<(zjVykhSwN2m<1)x;
z&VuXy>Of1KWDGUJk-#F3wl2JC^b1F2XdTE&eTBp{$W>+llTIc4A@S(?;o{<3V9kd|
zHa1Erf)C*#Ms^;2-E-tdRgBcMpWGM}F6+(l(lr(NSdWLUehlQSEhtZzRO%ZWFM4@$
z<#`#&zP|~shOQgyt^`wY<@{J4_i$h+&HGn4?0q6u-DotgncM5%LQ&9jr&Z;g@}7ZE
zVeOQ*O4(z5Cxc)^%<_HdF`w;%ekMcRFpV88;}wz1%)!CI_4S94s|s%NUA%T|$7SSb
z5(-Ner<a;i**;WMO1Re3p2u3N0%ElT>MjQ>J@>n}xbNZP=t?Uq6+yJHqF*tBXsqbb
z#R#}<e0+RjPiF{91YJpi5nwkTAA$I7HL>R~3G_%RRHU@a*C(-89PBryhqXu0pB1e&
zF~f%J@(@e9U)2jOr341y*^y-c%kp#d)4WVNBUiZJ%iZ}l2j-uG;ZWK5l0jcyxs3P>
zBR}L)0#5RBjET5t9!tif^2jN#o6XUdbu6`8^Yyy9qhB9&)vZI~8NSTF&}4@)apz2#
zNCLuT^JX;<B;e>FU2;RS0{){=#Cr#j7p*1Cmdx<7LitP8XJ6m%6OOQ=(%fingpeMJ
z$idRfT#_Nb{y}KqXIJw~N^y9NvBBI{c%1Ne?(Xh`+cO7uS62j>6n{}zgs*RuGR-)+
zhiQzp$$(KaUUHMD9Zb!W=;kl$wp60y`Kb{PnBZU^t^yx{sZ_k$HU4;yZ0uy2Sc^$J
z*OHxo|5)~U8xCt=rP{q7*dWk}zRZZ19c;?!)1;=N)N<VMm0J92@3+b{uh!qLbXPH!
z6g5jkF)}4HXE#F5#lxE*BG&Bh76#euki5IN<vqdAPxOvG30C*|@<pK{zhdZ;*c5b_
zS{Srqd(WSGO()vrGpcP4wgW~75HcmbXemxlPEa3n7;b5>lZjEx{}MQ3lJRg{&s~IF
zA@nsw3sOiB`@(%QfNwIj!oL^aMTQdWx}frNcXoE-gS0brn#>6p>NV>VpoDS?7%$R`
zlUCe^4;%EqIihlzc}NeM0E0gbdKJQs%hHI3Z^s3B;*QDF`9ef&hH<5=i;cAun?!bm
z)q5u|yX|uK0FYLK4=wk}DqoCv)lds*HLO_Bg2?<kICuT+v7{0`mdG=uRu;p}Nt(?&
zrS^Sh+v4J1jMmlu;URkekVvNf3=aX(n=jpMZ8lvtg5QPwXAGi;9nV7K)nJF`a35%w
z;6?HFx(cy5cYu*BpujIi>((}k2haeuQ&_>(;qQJA@rh_ugz4_68R$?N#iH&cBQJBJ
zj2z)j*y{-9D4$}!uQEx3zumW`kavKl&yU_M!@}TVa=uR%>C8)x$2{WN)zhN`apMJ3
zm%zTRe479D4_yndhLjttiGpfFBSKsx166*I3^fHFW_SF(SD2zMRp*0ppcbo2qZ+$o
zXU~D6(~BZuY4*dE-K|U2Gh2C+A)C*y#zjo|U;-&nR4k8P44ix{9lmqpBHir4__%98
zx%0p|M(xnA1%Ir_t-sHDf3@TMV8xmLV$|yilYW(C+TcBNf7i@R%Y7Ud#tNWn*}|i#
z_MVFpSRrnBD{YjB9jXaJ)_%q!@@O(rUek?`WUB8SV&Hoglprw)Md}ssiR9TC`;)WZ
zx1XX|1S+8Zpa-Erg)^J%f{+m=PhQ$`G-(9tt?ZYtI^D9rUa-I3jfw$85)+}judkvY
z2=uS2>OHf4BEuVs1d@lhFOjbylKuckCO=*atD-!-FO7im%hgD7JWb_fQU{>!hPS;P
z1vL;lHVLwuIY#<qG;}{jwBNI+@huM@*nZ}0uH^=CG9|OL!W1TzHNUGYH`{H`%%C?#
ze~y!n`{n?URoYi*^hVl9e_)yg{NF7iH9ikSlQ6bTm{PrC|0X_3zm>$9Ebr5|#?c<n
zCKs?{2q8;rg?K+d455XLFQ*~BNzf0Q7=WDB#OShFe>%g;+CcoGuT@CP)Fa+RQj#5J
zlW0UmAqTV-g8hYr4a6nSAfZD^a7JC5EZhE`p5cK5KHyu>ey45r<)u4JUha*hDqhNW
zX7!=cnD7rwPA_<)(ar;R6(|&mv<B3oqM}|im0pd>7yNk%?G3s^X9dlbu*|=!9i*RU
z4lE`Q&JUtkh_Cf*9cjW@@IYWqQw`AWg5P23P9Ov9U1#<yQGfH^Q<Zi6Rt%12z~%7!
zxkJa-thU^7>c{A&;hcaz_17C3NtI61kH9RN$J##~ooJ{@cnF6HHQgz6#@m%QU9RaT
z(lZWOhae?s8Umum7Y3dH91OM{4VNL;9QE`+)12kh!0;+CIXX-05Fa~&j-QmvogHft
zv!l#BFg?Tyl}FNG{Vg_LtT_wdXl^nN*M=x?R#XvM1tR)+p%|)q5{7cx@?SSn^~t1@
zBwcFnsM8}HzvAC9Gr%C}s*|ZW&strWsWgAfS{iN1xOMHYRjG}W;&+4SbR)=Ui_)>j
zei;mnuz7u^O0nEjua1h|EI=%{=bO#uG{GrPLKAGA|8OW*#rNvZq4b(|+H8oO+7A1-
z0nUY4`#^Vs2#l^^d0W_PtOV55Vhf3Hvy}TYhq~2fflR!e_>{6(W;BRVkqK!VZuz|s
z-;b_CyjIYelzKO9WP%LM^xOVvd*ObJdg2}mkmwm?PGg4vxgnG=q-JCaE)hOA)VcWO
zOG!MKJ#zTg&eHvg%AT8;Qdp<*nVrGMKb|hE8>ZFl+C(4M{`e)Uv)55;RYYXzr+sf)
zq4N?ju{qrx5aOF40_u+u@uhHBG!Y%OAOdkJS=QI2`RM*tj~XLaD~CB-M-1IS?lrF=
zMqs3Z-cTPyJ04P%Y&x(RJ?xRiL`$L0c1Wx#>n~RcS9)rMQ}$zCtkk4%wXnCnMjj0u
zX?p)gxE!rWew1q5uNJ$~!O6i(T=u5oNWwY>Bk??+;4L(C3Ik@Z7#74G?cATaxs)H=
zzu-c#$m8Ly0#Ea{`qsw>|K>BSol>wfmrCEGfyM>!JyEF;+2G@X_+J5nBNU|mL!%~>
zx{mEnF>4@tNPM?`d3AV;4uctC-Fiwl0<MCU^QY1sSx9MYnceY_o0i+m?npGHiV=5X
z;5@y`Guw6dU&N2jhtEP~YmFp7Y!BncFHK#0Gth<TE+%NuJ1A|qbJcL`Ih=mZd473!
zy|SF)VCA}+u%vG7Q-OcP5IHq)WZwQp5#CN_U?kKukuweMRvNK4NYgVb`U(y5E;PoL
z5u8dH<x0{W?|mg$D51O}924^kH>v-!vSFpMbr1S`TcQn12I@3Yg5f){FS7Pk49;}(
zc-TMCbFGMY_?_&9QHJJh0!O)Smmqohw4%-OoFbE1a&nq;p6S(18PfrOY}Ke~r&CVZ
z^=AniT>G|5MR>hW{j#Pcq_2Y3s{YA2iymAGr6pXcf4a1>VN7;SO2188Q#3mcsxuX0
z_1Zr4K(L5<@4U~Q{|0sY6Z)P#z8EL_$3Qdb7Qciro6&ztmhE+IsZ09}<Bh`}to4}D
z&{}f*^Mw@lor~69PI`bwo=GBgV;z-0GQG%zSYzmGVA42wD7{4(q$@U6vqb7!?7<iH
zF4Z?KW)?c(wmMz-a%b&YiU2m#pumjM_dn_i#v-sI!YMoehUGbkV(rJ=2##grsZkJE
z!?xw%-fE+iqfb0Q{GP_VpRzL`r?T3EFtddQH3AI&<O}bLIzJ7o>_(ovG>s9n_J%TY
ztzw;><`-13nN)%0O0|x_J0qeVq(JMTdvGTy4$hC}xv~|)l(<`}CFrR+T#cP0TfR9l
z$HvAnQHs{|0Qq~PBnw^7RYIIq6cxC8@`hQCfRe-HNn3&FGjB&NHG2FzVow=HdQ2@O
z!f!R%p}a<Gp^2=D*pB@XA17_IehX78U}IMM#BpZtN*~BqNUc!meb)N$Azt3)f@si2
zol3|5oh;JYPMj=hiif<LkH9#>jc$UDnK5$idqSpNn`F5WIy-Ucl32m3BD)7HbQXV~
z_m+BMD#`M_j@o7N`KI-n53Y2SiIqlOg}OsXrkd2%X47MZAFQmN*iU)qR9Gp?5_7I|
z%B=*=3wW^SoF9){-ujNK%(NsY+mbyx@{X%$X`0pW6=-ao&sdx3*4b71ig|`>!-Sdf
zNriv#E$0sh=HkCb@_tC+ish>IpqTKeJ(ixxKA;8b+4UJtUiUpT5GUh*M<YNYQ=b<{
z$g_TPCPM9PkrTZgIDV-le_^RVkPs>w^B+fN!O&FOfMGyTM7moT-Q6MG4WmQ4ySuwn
zS{gP$y1PN?4hiY*M&vv1_ZPN3XXm-&y357NP+O&0pOc~$NYuoGmMGX+K()RDQL*?$
z>G7-&D&qzG{{NZXK;}1Pjn-j?q95Hxq6BDN0^;u^eBYCZ^hv4Lu8`mPke~H;pW|=P
zSwG}5jpt}0GT8zTtG^PutB@$|xisb+XeOlV$9G=)IYqMuG^q6X<*M%(&^0`zWq6ti
z#TyDbz%=B&Lzq4ptOE@<SFiH?Dtwo%rpx?oYxoZd+)8q{=Ec+w9?L`$>W*t6YBa+Z
zwna@UQLT38A$qqNF6uz<2`U<?L23S8{8?NENM1`qX8fyMEKMc{5#;YgCD2fTl^u4Z
zAp4nFrCE7$a-vO9@ngsYL;G-20F{D=Eyrb2MJ?-CKcO)m?X$4<LOR=JSCGPhHDZOh
zVI^EbUhomF^}L#S!~D(79%llgo15}p`EN&e{GV?B@Cy9tO<p~2j=qhpc>nZfH*izz
zSaFDO&fT}TyEOxU8rk)>#t4dYDPyxbhAHrYdkj$0O<w2DiA$AJg{<<XMH1z??O0W3
z{`lU`Zb7HqqBUW*%J?lMyY6hUvfKmz+6^=zv9_o|1ZkW(XyG5lPONr3gihP-zf?p+
zy`*I^lJjJXXYs64{PI>_?{chX>(U}eM$%@l{ZrD~5_<<l+Jo2oy=ZP%ITbY?-%rz)
ze#MEAkEFdF>14?_N<k&4V7vPmQP)^&qiUDT9<D;>&)bS)Y^&Vm>9y7jL?c>x1#RS_
z(>9)Cs^G<JcU8N6A5f*}j$Yr^10Mjg#yS8103sLyK!+KK@9%s|G6Vn;0)jcC5?NkY
zLr&<4oFg;$P_E}=;X8u<50bXchA4-7!Omz&h#>`iHLD&%>s1f;Gv6eGOZCSq@^MI&
zx0FiL#_XDX{f?<qM<s?+%YNHmxvWFwJ{Ti4ey}Ce#+Q~-_|5TTdB_nLS7r@zQoEQs
z*tVxJLRAWj?R`%+lWa%y(wiyW#7Z-!Jqwl6@Jg~$(T`*e9WB|Xzx2V6?7ldvfWx}G
zx=O~TrN=e`y!t{@_bh1-pr-;rFVtdtRD8!|?~?@+ie>G-(0^x-SVrGwOxYrUdk14;
z>LtlR0`BVU<Yb9dwe_F3bZhw;>FtFqHfrTc*zU8ACBl&_rVu|PUyyEcuQ+itWp6RY
z*n%Z%?fhh@Ax}WFUc$CgoiFw(p+-_m8b{iVXH=azzg@sQfbhZI=rb4`X@E;WGgl-#
zq(K>P%9D5O(G{TEWYC~fqX;jcEh)!VXQ=+OZ5`-scXa$11LQdJrsp^Q@ozrh+`~Ty
z#YJ`ZCQqLq4WIqq`;}czEf=a=gQ=~*>)+XPGfdPrEbQ#esmmSRy0zuxH+IA)g#N00
zB^fD+bCI5&&~Z_vPRG&nlvYr(uZZ6Uj6UstD3W!~PuVK*{{GxHL&`LJ^9k`2GjQxE
zAfHU5&}pjR*K*eVE)GFejBJbX5d@G4ug@nn<2}IX0m3nFJD=aS3Pl6~a)#Dp2WK3R
zocO#2pHeLrF=$d(z@&Z|v^Q-hSkHfQ))Mf>wN^P2alQ*q7^vkHBFT2Jqv1!*=*Cs$
zZn(P}F<(oom(Gnj7z2K5T`%Y2I=NYL8-iz~=UOLR47jhb)W5xw`CBI~EiJLnEP9K(
zut?zE{iHzX@Q5;v{UYmK*2sJtJZ2_#M+VstqZQ<!SR5Vi``9}cr3t27mK?*u2*!<y
zOYpnD#4k_^OGI$8w*aDKZXaQMgJ^r!&PF*!YJki+km#7%{l<mkMK&4+HL3W6XyJ(1
zYa2d<<-{3s4b-8!9wde{$yySx5^J5wa;x%y;C2knpYjYf6XXHxQ5MWPqi5NBZldr%
zK7M|2@3k~#$96g67i_@eW#tD0X8*V}=XqAt2;`~|7dY?Fp07BTxH($?t=!bVbl1F`
zEff_9*QS}Qn{};6uZ;O=E>;4^+e*dTDb41KfwqH$g#3)N3WE*RogN3@qT2Pn&EoNZ
z*7dxRszzaq0%5w8d3MPa%Uog2{R<C+V$Z~@hntDvQ5pZ~yua&ifB_C1{5y(If7lbI
zDAa2LA#OzFNF8()azJs1I|-?_dq(eFq)xnA97v%G<mDE>6f7AMx3L;zG?O<fUG_<p
z7CjIZ0OkOUhQHqepYZ<10j=Ynx7Ulq+O*mKq#N_+Uo1T$#{*w`+S;D(mW<evAR^){
zamC|5i<7;7CHvg%4U*pzecPM)xUdr|O|mN}mQ-au?BIc%5NK`t9B;R@!<q)2WJEkW
z?f6`EB*BH!RrQ@)`Jr;5+Z-?Vh?V4)l|CAFvT7itkXf7#L8M6ozM(iddP+fNo|V>U
z{+}$)i&57o+(BWK2`lRS34%myaj~cK?h<=HRM*$8DFzdx%KEbFbb)8IaBO3W@Y~_@
zb9Nk6%HPW=MDJ@v6$R5^Y{$EKAFLq6qzccV*h|($Aw--9fb>(l0aIt2(FRUy_R^uF
zDjHH;s5;@`sJ*vReFB9rDBL(yL*L;k=SJy3p=v*u8+Y88pTD(fjO6H!b+~&3tlT_A
zHgU_CV<czFk3~;pA`Z6Yl!^W*O9Mm&nmKDH_Jan3`{1Y~8=;&DkF~S13%rX!d>I@Z
zz4dhu#Z)<+FTaZj3~RVwpl%;0%px}hzbxoQY9qX^+<3po;INkY$0bWI+oN*1ZOaW_
zcW5r%WX#t0Ra$i8zt0&Nsl%p)X`+Q)?%M~D2F3#DK~ybT^f^NC=q2Mo-K<0q3g?5F
zl4nHm26L`Y7T?vvFeC%d3xap|@j)8m)*xGkJA}>g(R0ug-sk(<3v_vUasT!JIfeII
z9LNI;3+Yj{lhy_?1I(bexwqRds_3|Xh_Vuo5sAhaMm3+1h9&%TOv{sb)rd+QyQZ~z
zKE%Z+xizUXfaoCUZ1!5OZq_|Rx3bWb6mMEKr=@iVo{4H*Hd#9B><L1S_0zJ{vAYQr
z3Knp^$Mx?8FA7A)eYJ^i9c^tG$zx_AeWI1WPZyLv)HLAy{S<WA>uyANO-@$=sPSqs
zv-o}0Q879*e<i`P1BkNmb675dx=95zB8WgWIvBPO2k>6+?%c<f%Wx%xS1pQIL$Vb0
z<MBy*pyjU-l2%|#tg_Fi_XR`m#A*is97^4P|8(m`)H<K;?1G8qhh*v*XN|)y_Uv|@
zi&R}o2>y_%bu(Pnjg}<HkRRy-Nyt*pYIk+n38Q_PuHOpkz~MvXKV{^Rlz8dhtZL~X
zS;1fgFT#Z;&dx#`XoK4cU1$oX-SaXPSDS4KspGseaDGAUv*+E5p_!aJwe3&5vXEc0
z;Ox{_;s8l`{{YEAl(p^j3kFFXBIbFSFZAg%B~gtaHPOJHlLbh+bIVF*W<`DPbNL9T
zUX+eQHaC@~((N%$i^xYp=@3KbMMf~)(1cV9<@{O_+6E5#U@_k*Q3+I~cL4LFFTGV?
zE_(W~L9#jAX5kIoF3icXA9;q)RYbg~0QCYu>3Ki+_h_y>Z8j3^bClAJM5`4ew9Hzw
zasiOxFaNv?ry*oPOYSs#PqaeQ8j%XcY45Bq>es0GfJ;PBM)j#+IPbV2ob5_2K3t>_
z_v|VdWFl$L`ieq4D>}P><-F>y`r`MQU58n#MT;gD3(H$qh)ZpC%<gJn)1?Ra6C5+e
z8G?8Y-4qQ*?<Zk%Z%}2_?NPa`k!iu&V9YLiw{T=rvVBvN%hUQBhcG4U#pV7fr9g|*
zkoOCwT@Lhu&=Tf49F86|-ybaiU#C%1u7C;?gEa}~Hln7=xxn``%8s6LD0GC(3T!Oj
z6>i~lVDnxvtuoRNW3vVP`uJ51o(ZH4qiY_GeS!Sd&~yJLHLLpWp7XD4h}=oj>_o%f
z_)585T>=Q(9%LiAQFim!TyMrsadtiv8f7ujyq=(xM>RwG4bM6F=Z8QgaP%(?sy7pF
z9zNNh**O|gL?ih2cqyfyBi30b%VNpPQ`B0ti||s?DIrnOouYw%1;1}I{OQ(G_HwgB
zatI%_0)b>pS*8%^K=1E~n9EbfJ^X9v*Uduy{-jrv!m@8?uDpFk7o2ypPK~t8dbLVe
zTwA=`5W?-Y@DekdlpYrhQ_a=ve24@8v2xbn_p36-C;O)U{p0pKPaG}F0BM7F2}lfv
zzggon-j5rakP1%v3DX?EXCI)_t^~w5{7?~X3B{AYChprN_U5(=zbpRnNSL{yB*2JU
zshp#zx8Nc{Ot2*8$iiN3<nQ0tjQgfB>$Yix`)P3Hq;InO%S}$$Wpr+-%K?x9pAG}R
zN9Sd`K{-wP`B_#gf{vs9b_ef(x&R;K4tR84E5t{FA?s<u?pBXP%L8;yl|$~UjaIgk
z7`!bS46lQU_g74Vkb$P3HEcg<YbMD)e4yE<PtM_`XDr+fyY{i8_(S3Vw@=t9onLpw
zZlJJQW;2Z6P7iKt^deeW`|N3G^jVa}aAY*s9XFTyYFO)#dy#$II-(RJN2gY4n3r9G
z1B2give3qc{I1sTgezpodXH^X5p2+~v5k?Bg;uql`MR{BFn>>=q`T@c-gdQU5{2zG
zy6vHz`D+_7RU=raidGS_>tUsf1!myBeVrTdW5-|vpaC-_20s<)=wfAN()MXe(@Z3P
zRqRxl@S{53e|!Ga+$W(i53s$+f~h6VXs4R2Qf=!u2dit<T$Ie-oyI~q<F%91h704&
zt+KmZ3C~8w2A0G$C0L)LS*JP))H;zh$yON*jXP_XQ82K^m_@hEj0ZmsY$Bzx*pNx;
z5MsdYZ1~K1B1>s}QiazPj_%rqq+POX0NkN~041$Q?MCfIzJrE_2A~b4QqbCEMLi+n
zjHWueW!0)eKS~`%TI@+KMvicW>`VYBNk522Z`w8QjA+B;-q;sR3|0DCc>KIznmt}(
z{Y&e81*iKj*OjWW?BQgQ;!GRs)gzapobmwtHII}W55^%)H2xgVn<0k=N0_=B?o8w0
zY-#7ruYZEr$?ov4+lw{DD9coG;l6s@lIFDjV=LZfqP&R5G_<oSyOjGCs}|5?iH_RG
zo1jo$yHK=Dmil2H?>A;*d=@UTMj40zPxT9xw|GB=9Z<DMT-MlQ+SW0t%3K~VJvFE3
zmoeFh&`GMiPI2aDPu`h&zNCo!SNb9F7R3x519Eep!bAEgP{}Z?MRHK>U$yhx7uPju
znV7P9kJV-c)_V3@)qV-){Km*2^N8A6OW%X;Om1-jHZcci#x;NhDC1I<)zKh$)^xw+
zRc6CbEYeXcZmW>tpH*w>xXC)ZameVtizgBBwkz=C^TJiaJ5}tBAY)b0`Y3tF1<?NH
z70a<4rI;DN(v^PZK5?fr7gnaDf~S@5Cl;W#WKA;fuZ=<;JU6Ke3N0|K=%*hQCZ?YJ
z+<m6fM2^-FEAhSJI;hkmARytbZ+k?@rqlU->U(&0IMT*5bWdTEbj*OQzW_x9aPI)q
z1SWbEn-k#R0fp^Q&-h|`LB>89hV6GYIS2&*tRPl&<ov!DBUTo1$e#GJWns#DNf{wd
zK)hZH4Ht^lg}R^qdDa)p`6~aHOzFl;!&yElo_XVttgMmVu31tVO@moRRg}!nv$5;>
z;hA~Lz3xrzwIeh70i_oM!Vh^0#qrW%pGS4$u{F+-zK9EnK{n(W8B3xH$VMhyDd8sN
zHZVh;7I}YvzHWrj>#NvE{Jt|gN7*3xE3+D*8T%!+<;sj&B8p01X!0{}iAIxHg`-;R
zztK1)Fr4^bey_g0GV7?F?V#g7xRvRcD!~d#e5?@N5h}FNvBGaP(4=S+`^BjZ-!IBn
zg5^Hnhd<3MijS!A*EcSIG4y<VWvhL$Rw#aW!_9^GaM*T0P=G`G%9}uG0kcNNT9?wm
zW7r2lxEtfsqg&;q;!0Vwq<+WMsKnyK5gn51aoO{X8rFwFceeXLDcBSKAz)wL|H<{v
zGEbt^aK+KqS6Z%ftR||Yrb5ZqVs5NNR_&+EZ>mFC6-9|K4e3K;_(}qwimrJ(gp(*M
z>8o4W*0x;uG}+EQW_emnG-HtJH?(&Irs}`vK{W3RBjBUYV__1>Lm<*YtRNo@*!#>Y
z05F-nE?Xo%ifwY?R2)rJLC<MUPbt~sJvy?i2y~{&<nTN^H5|ogISoHa>%*fXgaNG`
z2YgLqB~Ugv{ej(!<BpYsuZI}=W7RAHFaC8>VEbh{`!D<&^o-yB+HvR~Q;Q@PernSk
zd!9TUKdPkLOp_^KHA>`gyJKMyL^v-!7|d<G`xA~lfPUMY<hDO%sWFcdOQh3F;RirL
zhFUHIwweoJqEG;AQUwD(Yi#R>xRc>r3{Q0x8ikiS8)W>NnuH4S0%J4he=-~g3nEcb
zhd$T!QY$x=MMUIml=Xy-Hm8^|NV<H;1-r)deDlov^Ew!P+HqH7d;{v$v0oNqF897k
zcTRhG^!D!R^ltekZ`?j>u!YXyr|SQ9x5$-dIsfN^`o`1#N01YxjOm_v*d%lEaRexl
zP8W_j@(BnusJX~x%<_H_qFjrP%8se{#|@2IfyEN?gS24x9pDTeG^UZB7A){Q4?j>(
z>B^aHiq_55Oshf9Jl2ud3^r36jdI@+THy~7mdLT!fG7V6b`zQ=hfQ0Gqa-b(QK5<R
z+SC<@Sv7b7)CEE+T)uUE^yiAHprC#vUq3(O?u((JaNb205U*vBJRrT!)aS*{TCp9o
z|GoMC)=1y-8RG^h65z75kQ=h1aK1SL&3ZrKp4Qf=J39+2lHtfmsue09Ch7}Ybit!-
z#RzmmVxnZ5UWGIV<huZNje$wa<u0{9th~4q*9j78b~zKx28>l_QWMt;6MLMc6BFeg
z#AUIPn-lj2M;ddlV24#_b`}6rG9OcV`}pe%H`)UzB&MGuDvGcsnvJIhM+b_j_$SsD
zTsBA#<y4oHpv8mx4)?bq4X%fi?=!g_wjX0kV~~jqqdDq;NxZ(s9pN!>Sx;K5rJ=>a
zt#8VhXL~#idXHqtJGNtdoK+4Zbrh+4PIDj*Bxh3|bZfeOT5>tGkS&s0C$ug;uU2@V
z+cLRx&arNV<QcsY4yf5SJ@(p$XidbR8x6@^>iS2p-{Z0DxM@;z(7o9|sb#AL1_E-4
zbvEaB7VZAdlZ}pwUXU>G^wMGG;A-taO*vS38mi@ei$L9O$cS0GercT7%TLjK6L85C
z`%-6U`_!k*<qpSG3W}F|(UELgQhOcFEsf{s%P#llYQ~=o%j%noaE$2FhR(uxeRa~C
zK=udZSAx;)4FRj5{4CE8EQaA|Efll)t!x;u+IrQRWM5%d8uX$Pw}<$FM!@H+w<s78
z!E~UsBbr?3yF)aI)o7%z5vjOHoNqvH2+$F7X-trTZou1f%^MV|p=tw7kx|(wd{_HL
zH_3dw)`@8guThr{fjss-0%E_jU1wvbW^0i~7OhOBMtBnd4=t=r8-T}lo{1O&IFia4
z^71P#6i}*`9xj+9joIngbaJlkk+M5eCI03)HXiT8o7yv)8<)V>#K4yp*(IEdgAj(?
z&SEkuQWYG0+^xp6@VKx-6{Wtr#Fj*@LC7U`Xj_1<Z!9FI>vC$QcF-5XSH#v|(l%%x
znfYG)2Loy+anUwO{7|X4+(&)H+y7GbZTcpM=&IuGT#oZAG5*^xD&(#CcP<qzDwook
zYsuWuw?P>sDjzrQ@kOW4SzcVQnYQ73W)_2PIb|PN+7^>@TN<$#uToO>EF8ICt>vH^
zSzn&rfu`!Zpb%=JCuB3eH0q#|tcew)0$&8GkUyzD31Gb9qjv)s=+Mq~WAUD!&ssli
zYrPLh;P&5feFY!p_<X1|N;<zN(^!?y6Ds_7U^S)FTeCUNt1GwY!Ht^v6qY;<KM!lN
z@pYc{93S!cqYvdnuy0aU*uf<ExD2BrlES>=G030YJ6A_S<es&nkR(E-V4oVN5vT{$
zc3?d37^~Z?cHt!sm{zNsz~2yXqM=|6*{jQ8mlukU0D9x~_qUrsDL8;LSS~3V>`V;s
z3;@<vG>PIhZmCt#qoPP!GD-wS3@mCcLI^zw=oT3n6;rD+VdII!7tT1BIEmD0o8BH;
zh*_0;u~5Z1_q&T8$0G8zlW$EI=IA;M{+4}X(qpUpP0BrzG2g5flL?91vs>J~D{fBh
z=y++EGdF-xhUCp0wp}rsl%^fI0SaEve>(pddV$-tr5CP<1;5OZF;cQOGMenqKl3kR
z8|oP0kynj9Z+JMJ{fEhN33x0`3LTdEl@(y44r)Hj-|XOOtVoE3SUV<1JWg0m^i#jG
zNb=+1*iDg@D*k+l*Di%o`6B<F0SRK*lE)%c`%E6eZlkw_wDPNgJeV4z*nVFq+?FJx
z(!+>aGy8{vcg8D8r>g!rk=-yD%1}Y<_ix;UwZVZu4^kRn3tFBdyP2<ADL<S9UQ<8W
zuClcZQSei<D_MLGtf-la;sQWQcP;Z0fwsQhTfb=2x*yG0^qaR)DhT~?>4xq}!ECai
zBK8>M?_dpj?lS#s=Jdi9`}#FFteP%dQEOoU{BlT+eJ=lXF0+djPli~ush6x=Ov}vb
zy<2Lh2&zeVdIYFsktPbA{Kq4ybI>F$_znZ!NBie4LrI$UC89qn<v6ahE)+(>8Vg3b
z{gYUrb`7AXF9BsMRb(RFo0^_~z@dJwIb^+6q@!w&7>NGdnSpmgP#R7O8jPthU;e;C
zG5A>99NhND7_<Y_&sY(X)FrM%7=xw?H*$qbv0sythH}l6BPO5z0JmjD42~XSF|8aD
zr42h%Hu+ag&ge!UT(2`n1q3(MlP%v^R9O0P*uv2tkP+Uccj=+E=T<3G+gugx0FM_?
z{~TKrD}s}L2vV@eF4I=RS5wH1%AoA>K9QW51ZXX7BNSiHilx;lRpxk92OQc!vmr!z
z7)$Kp;n93^AJMm#kW!z_QIe0W2bIf&cP@7F8U$*l+80L0X7|@Ld=ff4$TcQDEXqZb
z4CIJ-6uD4Tfh#u)i&AX?y3{sVAJj2Ff!AB4hu(V>+HEZ?Ri4&U^cA1BJ}jm+=cbJc
zy#3+v7#E{ovA@`}{(REaPwvBzZKko7uco%Iq5Bn!KV7Lj*b~~8@l3CL$<Y1u*Wy~R
z$S)x)2|Vu$9^M(E70)i<4d>6=R%A-APY@>r6tQZ}$`!X+pOemA>y$c~L0OYA*SVtS
z&@5vvO63u8xA(%KSp@Sz+F$n9QE5`g0Djdc9Ifc_K$sTvR$Ba9Tw$ca{sJQ7CP_Gp
zUPj|q1S&k<aF$}j7ohXekHIhSp7HLT<bS!WQVHT%OG=fnx3H*S?A|O}6aHfC-%PHg
z@cfWFpU}R>5>}7R2O#Y)s+piIWEIV?oXv!<4{r*bz|ovZumi-04&IEa+$P6j)_v@1
z*RdXwRUtP=jniNPrQ)KC&A7Ub{CrU(jDQH4)O*)IgcRH!o%3mn!0!5#u7VtChDT7z
zcX^K+Ng2ER?+~#Cbr6J|AoK5)cgx!P=BD(J^Ho^&OpYAuM?O7$41|beY?Sw|lK{nP
z(?EiiMEeu*<XUu9#A7;6<7c(0I+SYJ60BcU2~*K8vI367_kRtAE0YY{Rhqj0*d^b*
zJo^S-`G?uCs#V8e)DGONjQ^+Nn&?6*9P5VK#!>%aFTrm!r)9?dz;|hys#LB7Sre-f
z#P)C*!uKEF-)l-vGBdlivnm$5Zsr$CUJzPE`sXF&@ws026|z@$h=$9(3@a*f{;*u&
zi40ZUgzw=5#S1^2p;%ZrA8?vzjOiSGztNU-IkLawyzNNKA2Y=d!dS;ib|R?|4_BDt
zd-r^CVZ<f2sg@3j{D!0RT+wysL$X;LRJ=t>yr>4gl;4Pk$<fUdA6n0VE*Vwhh<U&d
zq~pVMV-ys52lD-8JvF&2kr{+fLN)M=UPy*x1Rlfxy~M_$d1v1#?1^EoiwvSqeG(Ur
zNTwNLt@%>P@ymIX6)ws`H50~r$=f%U6%H<oymWXRU#+^fthN2?#?KbJ5M54dOq{y3
zF2nkmsQZpR7e0r@#D@nMicUyDqvWyeVQuZlLArItIX468Y3#f~N$2MNn!O3k2c$&4
z!}a8yaY4G$Fi78?*E$zb(N%^8<riaKX_Hn>$>U4S1y?QGpB=5)A4$=NC9Z|FuWGdg
z*UmIM#|2O1>BmTIc(=j`Pvr9th?e5H{$+WVvt)||>{(cN#q-t=F?@CA(-hT+#JHGv
z6r`qKRAOw|?0la>@^iNM`?4G@RL;@=y_5RF`p)a%urqOUhoOEA$BM_Ay&V5{7V6l&
zOhPQ8pM6xv)f(+{ct1J70^Ny$zY3`<zi&_3bd~z}eW*Fzd49jk22KpN`p898+{@vY
zzi+8I>NcHrMKh?wqn$Pr0C%<OeRJWYl9U27p^I>NR;$jdtyy)D_dt)+A}ZoILEyiO
zK=DAwq9?~EB!nPO?oG>^*Q$^BFu7Lgsv9IaNziJNM?l&S2YU+??}`MHU0q#VfG}ya
z>fg&tbWuma&N6Gb3RO${aDA9EieHXK@Iz0!RR;?;=9*=5E4&Fo6^M`^XbMduE=xna
zP!3@Ag9?PI_(Ls*^uONPM0iT{$F$^LycqHj=_v$!$@Oo=QIsvQs-wSi<RsEkUU&2H
zajrA0d0BVJRcgQkVN5MZm!~icBWAkFP0an8KYC|eHu&c-k#?bv5ot5_8>#mk@+V;`
z@H-QpyYnfhs?>va^C|uh-3jOT<Lv;y=<#us3KW=1LMyi1Z0}}b$^#=#HgXxcjeKnW
z&3UlR*nz#@i_0woO30QvkP*tl*50BbuqgRj%7^|;fHI=$7Zujoi|<wF%yC6phapcF
zK3@36T43-Nwa4SLJlfz}g~>g#PM1D`Ik7Ys7r}^0Gm9H0N%%(KgRx7!owAaz^poNH
zrCY9t^QXz%EbjvM!x1)dU*|~{WTT468vT7=Fr?^t+y{NBl0_Mlyc-nx5*u~y-pxn#
z%AlCcj?1tJAdcTzsMffQiis(FbsniV>+W|QI)U1bSG24ZVns%UNnx<~!9<39TjfO2
zGE=m0^e379Ad7)O0r!FwihVS#xv(L2bEQbB3PR5*YwPJjOSk}7$`)>3k!ldI)E2<0
zvkoZ<n$+r~*1PryG#*dbLF7q6_(%kbfGdo~T4}D1b~9LNvZpg|S(g%_+LH6(Z?p%f
z+L5J;Ua~m_pCUv69JrIA$Z%-0;o3EJ2#6yt0vmv>HyL`~s4H$F+tFoHa<$=e3mQ3a
z(lmH9d%X=LCbsY-FNX;Q3z=D1c@k5&Y;6rej$PVz!==m+DL(#A|Mnk$InL0S;V)oM
zSFj{VPxAa}j`01t^}#`W-wTSw93?;n+afg{_dRp%>&&tgx`}ZGW`Mlm5^*M;$M|4J
zN0C0==^)9hGZQlt&iTXf){^ktQn9O@_D6$-K=$sy6ZGaZH8Z2HSyv^&Y9&y!&!!t*
z<h0->3zJQUXQ54xQlE`^HJ3~AiXU4V<xtsYL-kC>Ddy5R>r*^~rJDR<wP9zwoc%w4
zoV~rheXat=+m-|$dApy#I{UKBG)>bUU80_R;1m0lGc`25@$cx;Wkjz|2$OyRy)*Y?
zkgo)))Y^yd%O|DEP$MlbF>uQXO_SR2zpJB<niY@Z!^<PYu^LeR3>a8gI5k93#%W{x
ztpp0uQPGdepCGVPOulDIwAuhlL%h`~Dym>0WeM85ib6<^7lZjdUQ2K%VDz&@SRo(!
zrrFFj86~-Djk3@R?ssIvcPZhISU>a-DL6XX+xxx3T1V}ZGC!8`daIuG!tkvDIh2hB
zJ8yoS+_ZJ2;qDxT_9LL_S;&2vJ8fA)Gsk*#f1lwY0rmM0roQ_fBN=3c$IOD78g)tK
zi8zAE1QcvH9$tN#_zjpnk9b-TpJplLcR1P|A#t(4JlofFdroj^IFc6@XhIlTJCAjw
zx6K=;n>tPQr8@E4h$OL-ec-VnW|^*K?cjr|hwckiOjutN*QnTer`MV7zO9kfEtKK?
zDYHj!fUlpJQ5@q5r$7e`699M8OS~Zi@k%I@bOG~$0@U3~`n0?jTU_y&{B9C8RMvQG
z%vKbld(h=pp5XCs8y79S?pHC&hGE{WGqUL7(4d}sj_eV2M$RT_-`gw`$=EAi52>W5
z;re?lX9$s`PJN6H#zI|QRGD*^x1Ueu)Ir<Xzx&O%hqKd?scJ~ZYi4H=8JdH*gpDNl
zl`dUrcHm2*Mq2dY+jCKmMwkD@VL-t5t_&!8XKUy#c$NU7`F-SMk0P1@`d4RA8NB4l
zgGFR%uRb2r(kpr_s(>^eh7bXd*D^80@g>9yDJI+m<^geqNjO^PtZx|iAn+g;=*EyU
zf4y=hK57yt(RM;c&qVw&-O0>e0f(EYJ?YRwVSI9YOwT`qK}n;F3q>p<DWw`mekKUO
zdH+?W#mW;Nf!G*Hk6+VH&bnbmf<xzYV$3WhTWW2x-CCBZMs-9uI=vhq6)EohiAH1;
z9*_Eu42UfSfINY!zCW!6HYW9@PglY%_z|!WfcI}{7jDCe*VotEj*HT#j1{7()QKv(
zQ0=3f=%^CoZzG1|&+7m@Q5l7_a~SxZ$PRZ@hUHhhD({?$wJH|?Uz;<*R6?MB2^{m2
zllQf{#k~h${daZ(>1}H7a4#H|ll}eoiZ$Q`S~opptw*XIUSMwlNgc>9{81jMkv6SN
zczxe^d9@>5W};wv9}N%L)jRxn6W@l{_G32;HZ*n19DGgu8T4>c`l`A~b5h60Sp0CD
zU(>S*4JMe_P?J+=3$htt#lc`7@8_gjceCPuS)`YvXEMKzOIhd%P?aaK{&ouURg+JS
zUV&4)=2$XQtC`_ECQ74w+xGN?;)D3+wVt60&11n^O-G%_#4(nCz>6G$6n^x{0*+}Y
zfiX+teC5IB#Zh#Zqk#cewWF|-U9J+fh8p?^LjgDZr-J+k;!oru%_l>8BGFp5;WQ*o
zXxr%Y|5SZLGHktcoo2`5ii7mgPa5$@-h%igb%om`0J&$`TqXwQHRi!AhU@d8AQIY}
zlwj7oCnfW2AVo+@jF=_~pkpt;5?(05{fllD9Z=mN8zlB%Yhx5VdVTd@YX<m^b4QJN
z6C(~%*6cStzdGguZ0TaNs!3n&<_@XkfPUYDv6J8PZFDdGHp|Zrh!zHAPh^@6e*uNz
z)%aH#mxCAmA_v`eh`;+nbj@!Ks;qSOY-y70IxQl_hNu<Z`?a&@bLyf9R*Hh-EgZJf
z&Rf9Q)+PV@tLN{h4D}^<ARJCMrTwuq?LT}>$3^$fI>4g@?D7KL%NE*C(LR6&-PYO~
zv?12^I-RTtjuiGn>V#8)&yT_$7~PX&fx;tvqOeIki!8E+Ssqx~!=z<W5W)Rw5EN;8
z#!A&jc=^ugCq3uCYEQG8p&#9dS6za#R?^OuoZzRSBi0;z4Oj0c2cE1k$78$uyOv$y
zk(+~O8iD1Ty*kI&m>+W2ZL=Htm6^95UhChqX0<rgUl01a=|NLe07YNzhzp0x(eG)I
zYg^8l!2P_nHH5&v#)4hL#rNM4RT>_t_8DpS^V4JV#D0S}$GHZ44#s8Jw2^|taavHn
z<iRJ`3_@1UlCr2<le>{;a%RO`YVYsqGNs5LWF$aI#fDZmHB|U#WJ%b#aB5bad$#bi
zsjkxtCsj+ZX0FV{US%5cdCj#Tu~C#Dgtp$AU5rr9_lQqZf&Z|`Fp30!ZvFWKYlUiy
z@tbZiJ}SPAjt)l^f=O}zRctL8p*+?+N8QH<eF2zEa(Bn+Rwa{xwy!$?@(6xO{bYw$
z5ICD-4$xToU#VOxP?w5lVqfV{{KiY7<mB4osCCsyU2|eeoTt?y0$SGXlvtQ)3|dwk
zCQ`8m<w^fO?j*K0kDl+jd^FU;GnL@^zy;_D|8D1$TY1fnMJ9l#ifC&1NG~$^NN?w*
zt%};hr%Tss)@V3Bg-Kzw?eCg?SF8O4bcufUSKZ{s$i{ebI1&m<{$|7)P0aEhySr3V
zXb{h&DVs8%N&^w#1;PKc7GrxUw@}0W$N0OAl^mx<L+d%tn<p`e!EWKqe`_r*%2keU
zj|4bW^`42{Dl5`vwOw=Spk31uOLdI8(7`GSzl%L@BOg^~jZpCi+=xf|%+`k_;`+)9
zM$S|(H)b)v>Ei~h`w<^bv`^GRp<&XABoALr9IbuRt5!o9o0zZ#e!`JohloxRhR%@H
zTPhdeWX2}z!XLp{fu4hl90wVek_p3y`-4rrDJWWTN!Yd!!b##c-(j$IW+0Bm3_KUN
z*pD0bDKl&ddq=SJ9p~Qo7(M&{fMV1dAAFTUmnS<;SY$K|cmcrB00+XGnI`!UAX{3Q
z0w^Y6&<O!KYr=xgx@T=dDZ|u8nuqlJM3>NyO1K7EE^EO0Q{q<E9ImjCzXY-baB4Ft
z7-c$gN5{u8)DJS?K}GF%AQx9xtOb6t;)^<JB3FXp-vO?tLlP2dGxfUFxO0<@7;_qO
zJvxppYfomgjn(;#In6{7{(_jlB7!QsY(al>PM;K#u*J?zo3^+O^!2ys3wuTK`EZ2I
z?{C?OJzFWwbb>yZO<fH0*>--ExxjgV4P!$98HGS3_35>ku(B#!u@zMJnKsr21_t)_
zO1;f^a#IRwBV+&0vO&Mhk1U?6R$Cl@F<LO*KWlo#$rOqzlZMs_b0mgx7e#W-bWiG$
z#2`Mst8S6D$~GG)P;?B0>!|U_KeZ31G%Bw&40y}J!o8@+c8Ku*2V?Y4P4<OlW1&wx
zD@tbW=q6meI0#yL+&THSDG)ja%U>p*$qxagE!8#6++US{Ju&aWm9d&NZKCYq*|##+
zSQu89{YnMwgCUZ<J6U+-tz_tjv12S8MT*f~M+|AUFCNsXAkHApPOJ^~GX3NZXM4>F
zsnt9Az6B4!XX=B78aP2Uh|ahgb?CT<nY0ik9~62O3C&9I6}`%6*_OShLFAi+4>eDZ
zJ~MCv5mm6-jDVCJpc@4NUHPhI3w9D$y|P%gz2dlsM-GJ~kO@R~jyihTfg`7snx;hJ
z!d?!MK<w>Zz9jsOR1_n%vVdt-kT^luHo@<g<wBivPZRcC&D*t{7D@F=YU(j5b-H$C
zBYQQU&W@bC+^BP`b^N*l|DqSq4PwllXgs_lq@W_~4?r8Vm{wfI-j!JZCoJ}%!mM@t
zovMOM1RlQtpWjxPaTm%!uVom^KU~YGeTpVH*2GbZi>)Arnhg?+;`lt(cY=fgL}X?Y
z4PL+6Ah4mu7XvA&;(NE4i|Ur~5tS3_u`&noXHPt0OU{@@wTE7~@~+GHjKW$iHZ?Mh
zj&=T|(=YvXM&ugO7+hnK0U>SppY#0xT^|?58$M~?2T1<ztsD^!6#m<mRe^o6??7G5
zkXiMju;%vYUkPewdD8V<MDLO0^_4U$dHr$TmdMgYg&_-KAz=0OJUeU26;>ZfBuH)i
z^<wg28yWQT2|l;~T(tSVSWzO0BFanbw+y@{-4zi$)#H0~Bn#aM{+%#H#EcJDH?;H^
zxD0n!MXLVzOENt066?y2x0-OeIJN{4f3~+nzP>ksqlunYQW?ka8?v3+^2Ny8=2o$O
zWQIOpUIrx$<^n{kueO3pbIsoTM3%q0mob{}p^1*dKTC709A+I%Wx<U%jmSk58b3^{
z@UgC=l39ZF|DQz_kotJ<9VG?^MvWwyD|Og^fy_To{L6@udkAQtq#J51$)#?Pol6{G
zMfE3$yz|M^Sc7sgIi}K>*R!Ez*$u_Ez~$jwz+M4&T{DU;s9_m{_desjbcGWrHa8gM
zo6y%`kvCRPljq=UcIyd(^y%$HeOx7?TMcTxtLH<}mOo3U@fOR5?m5T7TqEs9|FB<j
zz9sfe-i+P-%y&{7e~Fe5XQxK%F%b{)E29^WHDN3KBL|jCUizRL+xG{@c$Nn({3no{
z!t*cKY{W@5G)sF&C<*hpqqllE^*fte7Nf9i-|B_ldz-Lyrb`XHUhIJ}f|OnnIe6vr
z$O_AA1Ab<8=?kgWVpz6xyHZgNk9Zk}Ne>V}?O6Ay%-+A@gCW6UfS!fZz*fcmBoIQu
z9Tq*9c<BEThUFX((0voJSm-!@(p2&7J0ho%Uo?oB;zLqnX04DohKqqnzf}$;*bz=s
z!vG0OC!=yP@Xza(qa+^}>c<sI2R^aSJj%Kf$9Z{q;kF^a!g0nY1ef^i^nNMQ4Rx-$
zbR`kCjNV=j;b1MKt=jP=X3xu!=19%~JRyI7CQ$9h6(2AFsN$X~0HAR{!ac$D1V@I*
zjWon<pfDWd{#-`xP&HRr=RvbZgZwh@_+AaoAgW8oC(_pb@w07PoRTHrGl5`<(2;Q;
z!tDohul^7W3_;Tv-rd}>c1cxo+7lbZ$C2PFU{)sL0a&b3or2TOf#pPVb>W58NXykU
zs6t%X?rso?`G$gB<AQ08EaN&0m4G*ac9Iy!xDHe7<{F(3(@Hw`w{{WsVL65mk?n{=
zwQ^88$)5wLSk?-`w|K+qR}$CL-DV$Ld|^#lKM7k}z5SS=&#himxNCp;`{!E692Zm1
z?ZR|kDI9$L1m@Bq@xQ#dLh+j^^mUF^Jb^L5u-16L#!$YEs;Fx1R`Vl<A@iGAoTbJL
z#X(_`R4S?0Ohd5(YQE9V`Q8(3BVn4)%kOtkhwr2<C*{<oWxs;mt<viXH~c@4v-@OI
zrs5Z(-|D!1gzrTE+*jTE7^C$0cz!K&k6czY!-~tUMF_*HO{1I-nAz&3AMA^1Od&j1
znWB#V66{=nR}Yu0L+MqII5vW$l;?wq@A0~YF!_|uznC<g6b%d$?tiKn@Y={t&BOr&
zb&e22hfQqH8l%N6A8uy_i7J(9wYlkWH4g4l&IutCY#7a487X`ikiOlamI~cng3<gV
z+4ndJDlij>A6a*}ER~!GWV5Ljvb^kOP0VRYSDaQvS6QD)`HUX(vbb$r0?^9@mLG&x
zW523F)ljEfOE`gd>W@nwyfRw8s{yl$k|^j?rZC3JwMf%WwV&Hm3gA>N#00&@YQ+yA
zM`#+|XcI9vVcvMk<v8o&LJc<jdDr|g<;by!1)IM(^?nS+CfLxqoqORJSBj#7hoqv7
zW<K*KlMSfgn*PB;k0(VqjmR4jii92f7+UsA$ccM93S)V#IGp>RgXeMSVXVsZjPU)o
zueao6;2&M-OR>>|_VScAySME>cPPY_C7at1Lxw*}fp3)uSoujZ`@T!%USd4Ow7BH>
zAR{Ro4%<v0ulZx))2%XUq7Qf{;3+S0$D|Jbne+z`wqL4nW)#E-rj46Ysvs-H9(Tbo
zE<+tae=RC7iVUXfwi}Oy?5IkPP;(Shhw!$cDv>Bw56WUWU$?6}X=fKMwAPhD9V?ac
z2)mYwyevJ>liWbq_})=~*#oeMNAFiwR)9AMAYh6ul>*H%QdtO2oVIc5TPu@2lW335
zBx0f$^8-sLq_k8u^4KLDXjOsKVyN<%yI;-)G#C*M;e18qCGV1EYy-sU$p?@{+%Kil
z@Y`-*5RDtrt>uz`-!`N=#_DB4?*)FXWNW^F+Q18DQdo5JFhQ7%PclQ{M<RDJAhp3Y
z)`jR<@(^HL6QD<CB9Bw;<JjjGv~1x@-<DE4#iag{+y#(yjT-q1)T)k2Y>`T1*i>#|
zDN*bb@pw~0e0+VwAVou=5r+EctYIK26qK}f#{IR|D&*#;jOMG15x*Wwk8zf?O|3>Y
zvH?DV@y;?p$YB4my)YO&q{lei6>dFh?HvuX<tGa@`3o>QY})GPe_pI7<kxCIRA0zr
z0*%xSuG$tq*T|hNwTRnGP!(vcH??TY%R_$jNV<}qReo{2kJcG7<0Oz!Fx#d|*a#uB
z9U|>(q-7c9DL%vK2eD^TrYlJb8isF5-z^hjL!Sa(-smr4-h{Ef*?6AZt)obpRF`I^
zl~fbMp13XKcm?1D5oyl>-VP2{NC~A9Y|PQdgOK~B%nJDnjgQWZPoy9{dWyz^I&in^
z`&H;dmd2EU`#qK8{TMnl9X&4+ecH>H*KC(8^a=h9{eo2t4zNzV(*y-F2juC1U?lJf
z0YXFD@nBTo$3vR5fy~Jgz>sA+!0dEQHQ-8Li@7AwTMyJRoX1ja5VV_h(1UvTZP!y=
z=8nGq^b!Qmb&A%HHe-VSkDn#2I_>)M(#hwk+ifo8nkURWWyRvosx+7Jn<RLI?QYGv
zMG^X#N3G_e7lA1H8UA)AR$=>}6pD@$B`5rzye`WVa1R7}m!lCDhJ_0v2fVI3{-&}y
z1BIIoEee7+F>-drcvbH(Rg`TJAjKXaxu`~GoA6sh1rnHCNdS*7*0B2H1OV_BwoCj<
z2dc@-%vI8NQ29(n(bCF0iK^Cby3l;4u$Yb?#X<5=UEBH%>(S@|!Yw3`&oENg!xpJy
z@Rd=K{oK{5d8WCtvxsQ!4eQK3FWpmlf9oa$gQX3@+&Ft@3#PV5uNgHI-HBb#1GeR_
z+dR^i!q1mkzFsF`Q@THMS-z|aciexHG+<~lTL>!3-G1@6X^gILldT_Bp`3l2Z^A}E
zZ}`OYBUj&XtZ*ZR2Rl8%bgjnxP+oEdl}D1edcS-|AUT#ObGkkYa;lK{PP4;HhYx}@
zd?`dj6G~6JnuO83#>9cYmL<yqvKXdE>5_B`|Ka=>X^Kgctp1&Emj2hnefan2;_;sF
z%}`+!-6VW)(luWO6&~hiWO#%`tWck|v*w1Q#vCT8h2L(AjTxy?*;Wdnpn8TE{aZ?3
z2AVcf_Lf>TZPNRg3``8BSF;Y5Q2EA0Y=bbDov!R!N>+@dJN(COTJ*(X;P*H+3+|$S
ze=&J?dAXc#P`2V+x%j0~XUtq9nY@KQWkmEvkx*LRhMF7MzsJ|h&&(@}BT2O4EA~+3
zwmok7{LVx%JxtO>oJ&-vTuPHTGtY)Z=uw^;+@~RB6G9$CKNjt>ah{Yxwri&$L?=|k
z_3uj<I+|9CWC9X?v6ZIVgK~Wva{2vzJdYFG-Z2_`6-TYQP1eFbz_YsiANwQW70O4O
znQoY4M>+)bM2ul>$%m3Ol@@2d4ZIa=36vrMbM!n3GtP#m>qNXP6gMdGKb?!q{a_>h
zo2$=`kd7(CbK8uGO7fh|#tqbVGO2SmQk;v<gjiyO(=4}hp9(KplRyUgj(W@ICPOWd
zuN#!*g*8ut`qT9!ks?G+ZEWL>)uWE5;ETqzPlId%-xfXWpeXAQa#%O=E@m~#pe;pk
zNo>m;F2<oHz9M`jC<z@BLdKfe%jn3seaKRp?=ol&fu~Q{!gBkgF~*@b<c(!jFB92s
z5LNHBg~rG_2uqq7Ra+Eduh1Lq%5A8s#~|hCyy`s1X+LMTXe)2+d}UbPkdhLkD<`SW
z#`YbXntfRq=3^-qZiOZiV^#b?i}vf=S5iD+^D}$m9>+)O!Z;W)$OUu4Qkq3Nugk?x
zq&1WJ<c<*cqbqL-2kU&v$#dkInQ1<Y(XaeBp`0=e2{k%1klb1VU(LB=2grUdGt-NQ
zF-a&*B@^LKw<)*eprpiqOT+-xsF$`8SWp2rBw}ulFQKBxR&>#~XfWtll;}f<$}u^j
zR&@I?KR8^n`r@qAFLB;=!AAy#sODlNwn{55&VQuVg9$bM0UNx1!EK1I@Vh&1gTQz#
z{4=gCyd~QYs&x1Pr!hWpy>Q<m!<cMf-0Np(&XP)E8+MjWZcKr@fr&jD<M-U#Ks)Y*
z{8aC%CBusEQ&td`+$SoHhgG)CNskxt1Hr}n!~920^;J6_S@nZ}^O;FCouAuH34^{k
zsOE1}PheWoxSYZ$NZhqPj;z5Ct{;Dch@~Tq9-=jm>mKkX=RNM`&8)Mfy5NZ&I>4g9
zV29cSfwSET(IX~uulE7E3N~uApahcm>4&=DT?^w{JVz}I2EkGZy!A9Sw>0HR_JfQN
zf(k>=f?+l?TM1@z)=x1p7s;BzJAa(uq3WITaLL?P3q*Uf4R|atpKNlZ)|yYKQ`Q9Y
z;vsZ}>Epwo;#1!|j9B&$)T}x&H#tRzwe19tzmxX3L{`*R?>eY2jxe2M?_VlGu6mAi
zMH}EO7Y~f?h-5AwSo#pG!uzC5zJmaK7r8UuLkIQM$ux{daoafsiKgiwIkUS<)+~kW
zBL(&2mvxIS)w*XKH^YBiMG;PPA0@JQvN}6D1}04MotWUMrcg1LIZ^W2B(IE<YrnXn
zNg3@JAnkCAg<pJ|^~mY6<W$i3%X*_wyc^Fz7t3sTTzbFH7f6Pl{Ps<Vq3$Yz1cL_k
zQ?a4u-&^2X1(hI>xQ(i3Z#qw-mrW+f?`riu0Q*n?b*hjw^aGe3#~}`vfDHWUI^J(A
z>@{`lk;aFsni5Q1{W5=_>9D&BK)B{EcGCWP3i194#$9-pFUb4%PaJ_04uSAsM+vY&
z(4}Z7o#SGSR{Pq1^FkShBK|bXRM8I&P%ZYP^$z3xsuosqngof#IL=S4&Ju*l-(Npm
z$dX^@#DNV~MdCe9%F}=q<J~k0TzU|IE0LD#3MSIz3zWJDQoEbO@?@O1Zc?=aHL9i+
zR*Lf`s}{cK()n^iysCp|DrLxMbto$cFhn0t@6-=zwX{S<Xm~h!LCXiQ%@U8<{qh*Z
z?<)ZW!Q3_wW+$_N+LUtI=eW*#us0hxv=>2GO5+gVcvLI=|LL#v>=i%77grteIf|ls
zdQA*pGL^2lWxEXLqjc-YAVGAQhh9M6Wc1H@Hiqc;VTv+Zus({M+^tGHPqfpSHm~?J
zda!dT2J)(vihA&<GMUaPQd)NQ8#jnHmZrsMnMfX`JZK6UA>AOX6W6jn9r4c50#ybz
z$f2Ip<fBO)Vk6XR09!!83I(nE=HAqJx?o(2#TvGo$7=`QITTG$^S3MJLBWVF1#@QS
zBd!&B5UEX*hWCiE`aO6P(&|lIH5wVq<Llv}$<m&Nsf<m?jI1K%b-ccwfPR6v-vnlR
zoK|D|wrw7cfUX5w{j_eO<RxENx(nvId9&0j-eEoUP@Ib+YXkAoq?X9e^4_16>!b|N
zI&_><LFDF|X^X_u&Rh5M&!(99qN9+hZBphqVloF)jz={r%rtBJB_t#Xy_qAzHjWiz
z4hZEnV$@ZWnak@o<Hd7U!<>=$^eWF!x7i(tM*!Z{HY5Q8<%8EHAqbR_LdQpR><jwZ
zv<p4ul>c$}&!v_~#gXiki?}d9Dfl!9^hSJ*ljcn*kCA*i)+(p&{`tTHxKYO~pF)b0
zIc+u^#04LmjwkHBwe#o4%Nhu<&+5)1expb#APvLT4b;(xjr;mohn#_v&uAhZ*EIN&
z-tMj|TaN60m^`4Nah8RMC*tIG%BFkCq5OROkH%cD3Qx-(pCsq@PE=O<3c6w!5h{R1
z@Eox8Fc<qvmFT2f2jy;TEIQtlE!m{)tSok@on})h`v-$Xn12j`E2f16ZK#Y3|CcZ2
zgThkpjU|ua4st)*EV_L6xC`pFU(m*U!^9a9DZCkms#9f?(h4{s$~45&G{hp3%JM3x
zR)9=2GKKRzkrcs9KV_~zi6oX{r0MDpY=1ljVK(VH)fA>jvJuMXSpN2I8Qyj$St(e~
zB#<GwsJPS3V?=TGPwh0o)e1fwwcCYFJZ=gN#OC0V-%-h)a{g-={`+*AwkEz!$l@IT
z<>s5q<-`otv9hCkb@R8Ew~uRjv9GqxQlu9x4?GjsRhjnOCz@v5N0h+W4)WSv=b0Rx
zcuzz9QHuaLFV_J7F36Qzw#e)22cmtC`*W}yTn1EE6~iI}TH>rQadI~SZerEqEsTPJ
zfpS{0uL;;=6wt3tnDE#A@D~n!m;v6UgW+*BiHwzTDc%3{O2w34V_1bdkpA)oY(4JE
zEaPO1Z6prXdMcFwXO3-Fo=)vM%D*s869Nbq3yDyO?wrnC`ucD)k&SS4O-rl(HMCyF
z*qP#+FU*Te`ZtL%I~7)f3{Wy3$C^Vk#5#Kj5*<a!!BB?$&nr{x(gyv&3ujOaxwb_t
zy7bv;OBa%mJv<>N8P%&;uAU9Q?G_=p4g1plML=Kx)Ypg>EdLnuQ)p$brv$Eb8eTQK
z#G3HTQ}(6qto!2?+DG~li<~U0ImHb8f7BCp%yfD^4GVJ)4YE)fLvXy4ZW8^(DIk12
zPKX%7UIils;YQS;W9NV6r<|JINdgusdX*m$|Kz_{Bl(MX{TcCt$?t+J5Xaa!=m0Gd
z$wBCQp~2S;V}br>iZ?oB7I0~qfE=E$Nyj?r72YvAHbWGIsF3S@?PPY0>Bom`@z=lD
z)iBy|fEr6YG+<F99sVtXo%-#Y`q0>kZMyTQTKcHJyMsn)ga&GwCcd}klAQaz41*+C
zTF)@cSNi+ukg`#ozw5#seZn=LlVpi^Ysdd6It#X_)+mh9AU$-)fCxx;=g=XY(v38d
z64G4)(%nN#3sOTj(j5}g9g_E4{=o2@=bSJ0e)n2-E1rM79A|cFjvfQrkJ?pZ7H`H`
zwe98gl)x|n?8-+5e(<*}9RSS2r2rmwlU-Z+v?IZ-SwHLCpx1RY=$h>@K65gD`Ir};
zVzOG03c^s*O4e!;3jX0bWHQfnowZUqJPd}A7z;8{Hl=B9;C;~`8k#IN<DV7;d!mrO
z*A6C7L}u!K>8n)7ylygQLNSQ^HK`FRs~I_Ki-F`>-mo;KtSqCfIn#6{bAe3LNyV2n
z&Jka>o*v=x0+cc32sz!o&xe@;7ndXX`bL(PGL9SQvLbFgedd>Fk#9@-@7%t)^Bo1L
zLM<|CCzbH+mLtl_X8MB-<LsSvJUHXExRuZ3>0th`%#Ef{dOEpTKyP^4+u6b7nqBP|
z)Bo=hUS-TJizx0p_yqD$t;clID3~+WK6iRR%knJG9DU97ggDi)>jpr-9|s2q0ed`q
z<eb!sGYEbve*T!`k;WUi6~>~(sm_wqGE7ctYX=}GNd$Qq-TmJcBjk;z+ldEkMUjF`
zB|v-16%mYweG1r4t_2T|q&;PHLEO#EJcLjAfWGK=9gq^7N-DtE>TsFPPgqcxF}V1;
z-P7-=v);>r3EVz`mg&=*;E{$zD{4ZIdYvL8=ITw3tUAQY7&ns0oH<W^lk8z~!}?#R
z6>AI?L<Yb56pf~ju;dPR`yQWeZ-%z`)z#%%cSo;|Y_wA%|4xd(Dif0Kz1J*oTmk-o
zt}WzUCE4TY))p<<>t~|~ZdXsw+@EZ_4vxCYDt#JwD&RuviVXk+Fv^iV#<2GJr@r&U
zxUcIEMh3fPl5kpnN4w=83vQ(=b0>4}C?j}sRM^+~*ZPc8V;<j4)o+}f)=ZW@o@?C1
z6tWIc&%&B{F7&k}xzY5KMMeoC&hhnpDl|NCkr>+q3ZMWBOIG;G6g^7rWvOoS9L}6o
zhH6)UC}ZNG`AfTCT&ZiCSJsIyudR@vD0f5Sis^5uja~yxhvMp=&jYM7`86ruG8vkT
z6jbcmSsRrnl})LTk#FB?Yn_N(&>DQCQc?WNCs(HOTuS-4Qu$tf1!!fb-%85INYF@q
zpKq}orjbqhimMHTbGu8sWh{8|8>cFnq;`Skh)@pB_)Y>rS>*1Wn`RQvEihRUvukJH
zo*plBY<Z=nd|F%Es*Rvjw12xD%t0%Iq=$*+@8<SHj|G5IqS>N2kTfQ3evr$-{{Bx-
zJEZS-Ar|>yFtY_NKyaY~vFM=3>i<Q-6tIXVlQ)*6OLqe>c`q-WXOF<r;`e|yO}laA
zKyU5LNb4aKA}FG2U^W(=-%wP|iL2m7*5S)8Oa3XZ^wU;ySZOh_0#f!O=?&?pJX5Mk
zf%qc6IKCX{;bM$J#@N8#jb(+~UzuOod^b|%chfM18z?dp`-jKyO}{AqfPTrmmH4{B
zG_~T9_YXJRqdS{Buluk60>wl`I97p%IrIVGfOuq9MJ9^UfZ?H$lhDLRnrYpIg|m&o
z1&<T!2FK-aA<+*BAIi#<-pc^JUO)PSrr4tLSgVar#{G`v<IDqx=JZh~!w2KOa5LLw
zPl^~m{dY0-Su|XCA2H|V)*L_m@%x=xpnG>Zd}Z5lXlwd;tf9PaP;`b?%!k_6&8UPq
zbC6D=1|yxV+`j<P+$aj>ODhdvZD@Qbu<7^;)vUv-MOBHxm;d<i?TY}Vgr|%Q!&TvO
zO`alCDbu@pGd)pJ$qRFpZ*7DhfSLlfC=|S`GGbX@WSkT^>|WHcZwj!>j_1r-CtGy;
z^L~Fauz#g;eBElw_4-{+J?bR<^PXf7lpbk{;>?U5ym@g|$O&_w06u<Dx#=rS2q*Uc
zCg!-DStX`#Qfcm|Hf7&0&l(uIP=Z@Dmg{v1$p`B<q9aRXwE>c+McXs`s|gbwGrYT)
z0q6&ZD-e%yM+)Fj%U4|mG9`U#>r@spzm!BHb*{^ZCuuCBf44!8gzDyNj?BA@K4Y{}
z+b4{Kf(T)NT_9JHbXp7lnisPZ_=1N@lw~@Iw12g?(@{@kAJKvZG(xw(-IW$<m_xJ?
z=VH-i1qKNO=@CO$N>3=1uNe&_1vq%jhu{$g0I9PUDvPRe9xxm_+X(yYlqrL>bxryh
zj)z(hXYb=5dOtTaytCLGlQSBVW8&w_dDr<cTDvM%Yi;jxx%*;LRDS*X(DlOZr?<({
zh+Tn`PJWoOv4dngk0O;gVli#XRAKzlxHQF0vCVF5gab3{X7Bo#<s<%P%udG1(T%TI
zmYrgIr*o#YSeC1udA|$1vQ{QTOL8G#L~s0?$*}MGca-CJw~X}G=wdbVIL;G|1yH|%
ziGcCS4*5%)j3Rh8WaG47Fe&dll^Mvoh6GVR=}tjq6_^yt&C;6jH+%lhKe-`VekIx-
zM7hi)>e$7@sT}*3wv@ThKo$g=vwVBfY}HOR$hoT=ZF@^ap)y0WM2FbrxH8LAl7)3*
z$;16&gz8sXtk&v9ZN#JTgT}B@T=9AKVfozj7Bs8<NP)DyIm-0SR}y3~vf4DXa$%k4
zv<xj;|HO}dharu8m_V=DN*S<w5R#_<D#-$TTmfmqHy%WV&^U0Wqxa8;R)4>bENO!K
ztIbx;jcX65d0h;t%_k`A3Nkn*dwgzu%wyX#NHB8oH(WBs@68HjdgurCx3+>V`mQ8)
z6KkWTWx+IIKfWdzI#W>!CEWGX%Wb%z9KYd#j|Qv`2utd+j6cKOV5@IFp)(>BC5}ls
zC748Yk6Uw>pDTy&d^~3ql)a?Luq;~0>6MVY`4+&RqxuO_?46gx_<`5gAlEyZs)oMA
z_`CR%?aA@`{ejNTNm_0lX1{w9qgtD>t*$0TVWGn-q5ZDt@4la2YxP;iH|I+Grwtja
zyBT&ELuuGb68U}I-4QE*1?>fxO(nqiz~uNCaJnRuTam{5b~AHR*&XkDTt+oNd4X!>
zCy2I{2Yl_MwdRUrL_k_rDd{86;vbmNf@h&nyoFO{=b4=&_MMO$86<RlUxGTw$wK53
z4Y*>WQT4;rEtv*H8}4CMmGC_DGzdu)_ohn8f{g1-Nh_6{!_AH=9%CxQIa6WJm0Br7
zxz?l}G;bfO3GtC+HJUU^lcS<c%jcDY@?j@8&`H9>C1PPc+T8?YGx3I57Zc=*gHLA6
z+@s0*R9<|+0VmS21Vz0Q5_^{hMUyNVv8JustDklR@TlG4m1IO1!C+2DU^8c^NGg3s
z=h^mtRK%6;Q%<f>99}z+;T9ieGMtdnc1zwH?eCuw7u6$GFQg#_^^<l)kS6&xI-3^Q
zn(y(^W2A4u8_KlC-`>I_azPh4)i<$6!+$g<(I8uYwSjGqtkc9*eFf^bt6u1ITh4Y(
z-4SN@*9Z6|X!<INzTOm|0v+0t{yz6__Un|1bj<cm1~R27f>GIz2`MY3hpx-o$nKvu
zMfaq;smk9Tk7jtG8?g}09MJCr5xjM{yZC0Cs@mv#sva-7hQGE;skLejU0)s_Oy|x7
z8aljx8tnO9{KR5FiA2XI?m{9KQzQ({dTXrQKSoo>#aiwar3jmnsN~%5MZ;^+Iq!D)
z^R28;?h+|F6!-lVj;?9j#}NUM8<+OGxSVa;rDQ@S2cqYmrCGYlBH|4sjR+=;5ohgr
z<VnM<=qh|I^~**{C%lIEOtwQzWbB^rA8QvtsaSn5MIb2WAgo!I_|%M!#{RAu7(o|S
zSQ;sp?pkpuRoN5UZ&>;)bmG<SO7Y>M&~3iCVHHgT21WV9e<E175im3BP}Xo^w&L6}
zJX3G?Hf)Dd6nU=W4HtSkt8RY)P1~l;)!Qpva)hx424BaPl^g3BRU4rU?SPFlpRq}2
z1?>pR(1+p*$IC=A&{9?I&*4U+TstR+295Xq?{Pp*m=RIh_+LrX6@ou(^T<d4Ny;X!
zZz)ezPI=EE#PDw4QZ%zc8xbiaH{L&LwcB0lEq$$Vf=-M%Ba7%0w~nY4rfa$jk&iy3
z6nZ<2aioVU%^l|6(w!);RbfBoVYbaabJgllw-rf6W@Ozq=aH3h(O`en<*-sWBn+CZ
zt$F%=RDDBvvszNHu%i@p?OrT!vvMPXRI6Pxu-E+A*><JDAbB4X0Uab+o%4~Q{{Cpt
z3&qkj8qRPMs_H+@&*IA-B$ZFhxxsNBLQD`a@VCjZd$$f1vC~4<Jf+@!hNp3V>xGWo
zqG72c@RbUKj2g6ygoZM&>t3E7W1BhjB~DHA)^l&WS+C0e6nZsq)w6*(h^EB-aqd^|
z#Q0)<;Z9Zt7xcTqCj-u;dUl!WY3t(;lN0VMii#C>Ht$9c{G3YUXRuXlm=eGi_2-3R
z4bM8P(9XvA_8lmiQ(k&U^O%-Z(^7E&|0iO{m5F`#Z4GcRM!yyh&IDbxROY<`56ON~
zOiqWG8Ohs@4My@skDTw4gT|UKYdSDp%veV28IIWY>RYDC4@#sMVRP*Y+=lWi@$J>u
zhOT&?<+#=s=?P!p+UyK!pN9~8e`spw#t(~oM_tq0x#IyZ8nhBm5$$i51MU4TNj}`W
zAh27(!Dn9pmPSLQLwSTT4gb04d3AM_M@4#84l>2Y@pmd;5B5aBW|5;NL&D{hK8RYV
zbyg;Q&F1~Dm^p%J)z|A=-O!vcgn!*Dosz@;v6KBRe=?8#RmK9gl-L6vTKAI|OMRM2
z=Wfo^Ja^zlz{~8(C$=??ZE$b#yK}TKf=n*qM3izUFi#93M1xP#2o}b;)afA26eKUZ
zh;=RRmcWf$c#9y>0+lpT3;D5-4@vtUePwLiD<?H?Q`<9!P46uGwdF!;0_+wTNDajF
znh99Lm>_|@J5SaOjNyxan~Y_hm2hZzeeju-@6m=5{zM)kTfp~~zi*`xn3$ZDX;R+5
zY^J?^G-=D2j(E#EGviJ!w<bElPW&yC3p>;ChaNCRw%lA^@%@K$3#jDuW-9ESGWnjA
zV&PewT{kIeu?`VGV3(l8a_*SB+K!C5GW>BOHaK49V~%&Y&+xx)$L`Ma7trA1L2KJz
z)=qVHGn<mXQ=gnz{Z%o4{X5P}BC}q0E;)%V{;dot$(o2*vu-z@EYn=Mxw3j^&4&$U
zIDxcRIO%YmGCCMU1glXMSZyih2k8-?pCO+2E&b24ImBwBEHRP<>Bnvl(Z(T^i+Ol>
z$S@@jjBZAwks1t-J`~6Up^AV11Zh~6cztS+%cN{1l-WxpexRZiOb9{rTgj(BSKCLU
z+{4o$n!jsvHJFn@9LBju*bV({4s4RMj)ze5K1pd*9)uQ%bWzA1UpbW5L`NO|dd~gN
z?ta?U{*8F`Lm=F)ZD(4?&q?FmBd_~C!?^Q6!fmfFUmk%Q=d|z~9)EPzhd$0LVV_K2
z#i)76b~^j}uCqrVtZHqT4=<qb)ebBboTQZ_K}|)4d)+GeF|&<o&KyjfV<GPU08z1G
zc&|i2rOJdnXmu?F0-Wk|Z^7zs5NzU8L&9ThR|VpWIe!?KUi=OzOOZ;WbnvWJ>;phq
z1?j8XJ*-#9iKd>%7?dT}*Y?hVek(=j&HGHTlXHJ#-m<Pa%sN1qcZwfhKKv1=%FW%o
z@>yvdj*VxQv8u9_?s_~89@5R0klgq|qe>6bG}_qkh)MPoY9Q`5ARXPdOd6n4=9l8y
z)7AvVH%8E;1ZP|Q+{@m2p}E9m>$8{@rdMC)bvb~;bek|Q?Kf5{Utbk-9xKhitQ-*-
zdEgv2cPOh;=N=uWXKyb!BUFr!{X;cM)oAybD{1|6ixRXy_9OqQoV``WLOhTdFN?<G
zNj&jXx@8l3(^Y)8y=&kaER`Zh*T^y5CwU1}Fac9wJ;gWT%3@W){*-?Glny2V7WE(c
zezZ2uA7Ih(vYNx~AFXQ@g4m89Uk(osfijTU5Q>ag$u%&3^jtqRxJMw?dSmEp6YGI-
z3nR4iBV<++6{O9V>h)e_)qT^YsX71D2Hhw6zOjP8_qU8a@;FT^`u_4{_--FL`;e8b
zz}e4aBkEV{^Q7}b*R%6$R%9p!SbMZ~0K+{DLKPnL`}>j-9jaJ>hsT_^=pZgCl5W|0
zc(#)HV1c#whWbH_yT+pUaVZdM*Fe7+dFTW*@bKi##><cn1gbra^2%{*eA{jS(Pu5F
zL!v`l!1CR7Rv=Hc3}`j|FIM2V(5nPmy0R3cd~o4RC4lY*FdI5MYbq8?q-rp3DP9S|
z4NFjIC^7@#{IaXgf7Yqqwy(-c1W4xd{wE3Rw`(jFNsAe8$s?j2L4W_5at*ovej-ka
zm~`>DPrL@k>!IUyGiGHf!hDq9_eN2)T!XD!6s-uf-}i?bL)7FAcvT5O4s^<Pn8pIu
zdfOHDYf=@`dcmAW_drtxSYR@~0F8I$4tfpi7_N*!E8D}8J|D+-GhE9U2j8`nx{OQ$
zg?#ST7SF0uAmi1p6puN4aUKn2CNBX$^wQA?@J#E`a1gU#&IH6geQu^G@y2~<H@5(1
z0m}ad!h`6IG@%Y9C|rI-63_F!k~RNghSbO0+116*o`ecuj)*1YivJMovT5G{@l{@I
z1xi-r%kaIg#Z>+tf{tkAb!6&sOmBavjAczn4zi=QNeX1EmdRs&zj}TaU2}0k7xeiI
z02K^YJYu}4AD(<k>5DKlWFS8d%bs8TqWuIVtRe!b3Mri_UlzR8O-S)7n=X~a`iay3
zzHW&>p;kP+|C4V@{kAN$->=^_s!{A?WvQJll->!K*Z8>7+XIE0jz4l3q!#Oo!5ie)
zv4m6%fMKZms<(Hu`;|Z|X3=<_0Lhcm{r$DdwO!b1y&g+BZJYq2l-aUB5UI!B0C*v`
zE1rNZb>RqbTvGModHw}Fb!{a;At+x^@(@VB7i_HnIsF|AATuLb@zZ+OkMC1Eo5#$W
z<;%mTf5&{w#t(*+_nZeOKBwk`K68D~8tO?q<8Qo<tslwoZ^7Uj-l@L#R}~LxcZVuq
zM^)HbTs4*I1pB~}f-B!?rD=X-<Y{}yTka(hQDc9h8<D@$mG?*;n1XM$DHUWVJxxb~
zzQJ!kU5>JoD9{gUC`8`%-_Z;!G<{C4&l<LQ3|`rSKKi>l@Q(6*cby7ITMoCC`>n-8
zI4yEomGXZrE4eM+qHCo-GV*0R1x^+oN+(-XVGTJW!QYl{MYfIq=ZBr&vgR~7Imz@J
z6o8lx^;J&GCm3S>inRXWPaHmMMZya2rpK3~OigA)&NVA?F1i|*!9t4$KTVyY_Y#RC
z)W{E*I7=I7sN;?SEl!OwvZ^Z<SY|>2zC|=Dup`G>-ui~flM~erxhoE@r)7>u@MDfo
ze_5JkK9t|ps(tn0s_0zY4U6_Y`kS_5Bhl}?YvC^|*ZD95go3_pe`)0H86^OTYy;Is
zz;DYTm0Z?bzdxI$+icvbnFHqz{PbDua=B7X3G_WCG4{3^ZVd!Uvwtjq%vF3*e-UCj
zUZ81q&}R<AM*mHt>?M-h><CCSwk6QifpbE`l0&`TamO!mO<Wq+dc7wA53t=+eehWk
zCMs326L&#?6ngOw{OK7`uhxQ&k;NTwf<G`o?Q2mi)&q((#-VCj9xw%u2)izN<%h#M
zG=h`QU1h&G9|Q9OqN{bZz9ftUH3YP<R=z8_o>kg6A+S{*R3EWb!G}n5lSlZUDbve*
z{u){vRz)8hO&hlHAy;M0Y+bA(U%476ky4;pGQ#_m4i+CVto2n9_>2C!8xne<6M3&m
z$*VLnuN-}h5t6y^nQBIBOmz}67|>w6p8`zvEZn(lsgW1i^b>x#GqXY-FTT@Z9}DE6
z&><7i+Y#pI20~i53{2o&+yb=ehwW{Itz7rc_I3+9hZaNoHUurWO1NDa88L}RJ=e&{
z%wF7TGCIXLNr&9Wp%=k@U}K1)du!<2LfK7u?e86h8(z@da9dP`>A`sZtGt4!L{#1z
z7ew~9l9{hOQU3gJ<r*jG8sXVrh5oQ)<E7nWcpvAfnPYSG?fJZ$w?`iPj*^u#Tx78-
z6G(-&fHzWNTT<rRW*@mflo;dS=jruzN=vRtEu&UW1`q+IZR*dEVMKAgWsZ_F#gLCX
zzk?xJV1%LWQeMTOarhh**=)(IaX_P!;<BLF#2<OaZ00*6%MT|iqqz0AAaL3<O}{P}
zjw~Yp`A9wqN;J1cr<paMN{Dv4#_yB?cGq7QiL)EDmm<FMhE}DiiW}v}b~31CLIx<c
z<5OuH&s2mZlbK8v<=+O{+08aoZ1@~n+KqB`_XmqKSlds$1BG)`w8wZ-c_P|O!4-C@
z6O-=Cs2TFjbmo%GY?_=twWzMY-TUNc6;Q`yy@@D<z4c{wm}L4mA(p@FvuZlbJOl7Q
zX+<R!TNYY3`}pax>@o2=IhKFt#4%KA<8icWXJ`@JcfFzaYLVV3%MR*FpG%~X5SHNj
zvG7&y8Sbx<k<s|RyM&1BB`_}9pI`xG&!TaiMZO5VU@=f_=`rgOv6ms~NFFmoHL#5N
zMbZDr`Wxz)5D+JjG(@`4FuiZ}1ta_>q5i?&1DF(MT4Rez;kIOl5g1KrZu9*F!nUNM
z&;)zY>gA_<II+^$N_ejQN5&1+&Ks_@w(#Zbg6sFsR^p|E+3W8nsUOE%*dN?YCR4rJ
zc;y}Et9{fRAziJR2OZPz>I@?dSTH~bzsSR=h<q^nrRNH#6hIAFrX0ts=QZ*iTFxY7
zIyktH8uX#eh?%7fUR;s;Y;MlqK*g5_{XM!j()(|7{UsIK$fcp>0C@koI5{~Pcp*U~
z(#YZHsJzR*#75od^k~6!9CNM|URmQi$K&~0j9I@T2(0$B`+k+!NUtBM%dXf}2xT3Y
z4e1s?&*J~}nzZnc0dCLiR!wU&uwsRZ1I1)Zp{DF=DGKwric+2o`5B^Vt?>P6HP(}2
z{pLRcJb$nkzT2AfFj<et^itG%i{;@9(2_*0G8uC-6|){60)ru#Osny`ZW+sbQ9}Yl
z<n^dNSZ1%H(mK@_4DT-6k0@EJX6Vfo=v(4;YmE2=`G2gW1T1)-%*;?-uka_h9KzQi
z24ME_QK%`ZAy_8);Ju|SSN{U+Wua)XGHRg`*yC+yOPcRONU7nW!<M~a!8bJVbBKv`
z{b?Gh#&nESuC8@huBNaKeKJ$ADU3UIa6Z#gj9e&#tXHq({>D(gxtN5=R+K<!rA75=
za_6|Lx+d?O?xUc5N%lGi+H2oQZQE)~{Ul`PXkw;u9W@pXj~h>y;dtu2Z)=k_v*E6S
z&L?aJS&C763T@?`1fuJ1sD|003)<D!wwPx^A$C)E<z9)W$iF~w?P}t2J{AaO1p=I|
zsJkBkDHGRn+g%+ZPlnjfa17!dQOgFF-&Jv$NeEIA9s+HOOtwfL^#IxN;@4cUR~^N*
zBuH**;sd|ieQ?6}&;a~{e=Gdk#u<SP(8bn(Z^bZ}<4p63!}oz{xB215K%Y8&d&3hp
zSx(NR0%Ct-j8Y#5G6lgXl~TLU=I>M|f$2*LJT@76`TViq%7Nk$!HxCx;GW(F+e{RJ
z|Kr;^cZd!vd=-kM$#J_`444!mUWC^gb56~SlWSy<KINH3)jo*hELXHb{WrIn>}&(^
zrjwBe<H}p>9rgzL0;RqWdf({_G&7s+$b$LR3zKC)$lZ(Sljm>7g;mW~w(5Rd*Ev-j
zQ6EA&s34AKZhU=cqx6YcJ8kd#YQVqvhrXoeZvG1;RJV{k>b@ozRGKoTW%EAc@Gv|B
zQ3QS6NnHUWg$3IXMd?kbIJJLU0h`y3N2iTmX_GxrufCvlJP|twKIvpd)<&<e6zzW*
zTt&xuV@Vo?%i@0VGG71sve$vb@(%Mc-UP-i&CX{W3;Fm<W&{2<_JC>`wBc7yRvOeH
zlNgnC{1cnq{(Ad;QqP3N<vviLy`C#EHTZM$Foqcx`XqIfXxqOd%a)>1Q(H@lO5|?j
z5bS}+^3;4J+raNnVZiX^n(-$DFII(cd%vAJRQeN~%j;Id(H}!rDsA;t*%I|RuK28`
zYHEJ}jm1{q)ggg$s9oj+E$pc0Sr|UnS<xxsY*d*iZf%V3L-N7caa%e&yE?>xouRKv
zBGHUGzvcnTeB{;^i>*BL|H0ntY#l^lb%|+Rp*Io7>x@FXll9GC<tEjA%f*)L?vI5v
zU$ia1f(o~j4tMIBuS%+j0|OBOQU|b-WXn*HIk2b4ZCm{Uj?=X@HRd976%BhncCmaU
zOr9hiC|7-+^ST#Rfh<xJh`!X@=GRCoL*s=<s1JxT<QnoKYsifuJ3-xt`&a+E9=%@U
zpMx$rWRr<Cw&NP8G7wh>fajLpwH<D8&T^RD;DS`Yq~t{3@|J&BCimyPV(jbT*(*@8
zn0UoHD?qt84x{q*5Tppp4@gdH`+(1sJ7CfgaqtrRLeyWB8Cn{dWPV0*qF>45N+$#9
zg<_Q%YjgIQrpbm8-pHP9ow-M$We~lqusFx-;%yim9bJS+<XHYR&+T^TXs@X_b8rph
zJr+M#ae@bcD+9H70AwucF09u<Tu?B`Yl6mf{uuzRJsp(gA^fqHh8dZdxKBjZbCP{i
zBn`hVlu@BszIZ2DO8@&YZFkDhH(>Xc-1xP!{h783hj>cafg+D;eu3I1CVAYKSD)qd
zjQW-+VaSj3L#CoVbg2r)kz!`s(fwq|&lUaM`gi(U%?cX2zPFw*<I>iw(V!k_3lt4^
zq|h=uvXSP_z}HSKUKO|>T6{4nnHksP*K>x^gRe@>A!eKn>d9kiDl@C=s}4FJ1Z}hk
zwx;#aX1U%u%-lVXkB@&A>i_3`cS`Ai9PN4O?^+{X5g@VAG(K`C+4Gh;HVuX*eJv*n
zsn}5Sn8j7E^$hg#y1Tx<Zs~ev?FD3uoM$Lf+|@vv85^lU(w|{+XwS%^SN1Pi1wuVS
zHOkVWh_fy<F(`5>i<LxgTh@I-Uz3?BK}A>N>bq6p9L}v9X8?wbEAHQi-%f$>rI(j{
z#)s8uEtlUww}*oNnrPW^h{;W&qexUW96!~WRkP$GN6!jLKqrW|C&U`?Ij{^U;a6<c
z(LQ#6-v17~hh^&`{4By^5T4$Sh*CkTkYUtRY?G5eg9#h{ca$<YAq}C31f$`~9^8+B
z@D1?$;fOzdjiNNAG}F@oR<E;2_1$cyuIs#)nLzXvta~adzm2<wrPyzoKr^mKV=4KQ
zSNjde1e<uVHFbEubhNJ4QyBbR5=fhQT&ruSg<;#!c$Pn}6;ixh^~b)+P;`gu+T!0m
zfb9Za=8ZedOkZo|W(^pP^?akz;ZNVprI@R;E@z>JZ{hxgZ$xytkn+<}4nArF#xP)M
z2+Cx-Lxrw-tO4!x4)!;Bc$9QLz>M+bXxHoAD^>DPiMB#}b*aOFyJ&CMzuSLa*DPpb
ziu_qQxp{dxckL&@6>Fxkp?~}K0Ud(<fCEP?FHKMs^MlKqdFnRc=|YYut@R5t7-&&f
z<>%8`)n*XvRS4K2+roRHTBLZWSP&S<BJ;@~<0hhL%Q=wf2-V&{J!NYNy7u5<P+tQm
z(5N49!wsoEp%D?NxuS{Pz%t@0KzLD4NmsuxRxY7e_U@`cp6q8u3BLlq+*t{O-s}9X
z&QUsh$8)W~q)CVW>AJCPSuJVa-hxSBSQmLzVzusG?K^7f&9h9>Qw$TX7BHu<XFw;X
z_TGqjJq^;xSPTnrWM4h;EN81c6j8Jyb;X&E`PoV2gda`R0Kx~X;=UAeLj3lrxY1nP
z+(cCA^gJ>{RY(~Yj@$>p5CiZylRkmE%M`<)z-L0mb`0>e6n}*P|249X(|Spw5|4_e
z&il4SahZz|kolwt8aJoty~b)2lvq0P<Ewn*Esm;f{?N1~$7rDf{ux623-H>gDFQJ2
zMF+mK^}sZfO0a)p@zG<&zJIgih(NrIRUUUJov|Ee(aRkNCXlX}{UNPpp2+z&akKx3
zr8`TW>6!X<@bzK~76B-&uI4oqbrf5S&V=e)G6(`)u6O$JfWAlMTaU)Nq}7JeGY!&q
zvoyDcqeoBIAIDzDU)u(d80JFlL4mK28)n(C0s(RH*Xx6s-QBljLKKudSnvxj#xl1|
z@S)fF-DXd;3jd20E+>IteiZB0&f5BVp%K9Cm7|E^AfZe60^v&bowEi-nd-$oEl7nM
zsKFy-aaZGV#ieOzo}qtsbHkI0jgYFA8kvhmCStgR{edYr=6o*NyIdj=GLEh&hh2V2
zd6|NL9E*M|4Deku`4`Ro+R1w0YJuechpMw&%t%@UChppt7I9^RXcDg$sKw3}(WbJU
z2{-qDWf)yS+x5x>+W24&pskXCiGw(^R>BXIdCCm;kCsC}I5sIPnq;yv{t~E3<L-E8
zxW5ID2I+XShzNCB&?KAUuuXdhlErocZkE(IHLZK)Jwk**R}n!$`0IUU(024P5#yKg
zw*t7wW4(LPK3vlsayZ{2|B8{S!D_$R;5t(eKud>+TWUWScMfOkfIue$1tROI0cm^g
z2$;4Q^w?n2_O%IOCBe|M1nZ9B0+JdfKFpBvlwmE63BJ<KG}pS3k#KrSie?S;0bvr*
zCe^s(0iEg)y%0pA2o4^Wv)#zQuux{RFO-AT_DJXGw?X#Hm(l+D`gglX@co^ChnA8P
z5C2Sz_3yJ{g78dP@*W^-+nR6Ne{*x=*$yxwR(<JALI3iAqy*_K50QWn<~S`F4skIv
z|CIMb&>TM|%=gy|P-&J#I$q!i1^|)l;PbogH&Hav-09!;b)sWH^DHm=aqA16@l@9R
z8K^^Z3OufS+SQd3CCrYcs$L4~-*s2Zo9bIm6qPo3P8L-M0fm)pB~OKJuMX<#>+_1C
z`Sag}T0z)!+D-UD#;`?-zfDz(=L^}*zY**Jy<bT26LrKhbyhB~uHWYjIm2#>jdi<j
z-M|?Y&2_oX-8hnt61c=kk=Bw)`66$2f(OX)kwRI)=~^y9_Q=WE&WfMZ=cOH8GScwJ
z*2kvC%2O<IwW$43UC`^_w~=bU<s*V;-gDZ=+BHqPAowGo!4UmUhL!eF=xhc*5-DLR
zy;|&fm34CFGhg)YK~ZXS7QSe5!ocBLx^20By7k;LIsEH{kcFRVsin*f{pNS{2?+_a
zAz!HpAzSpnRZDBv4ac%dF+=t)9Xz7S4Mq%Pe}_X1@Cmh(Wi_)#^Rqna@p4-tA@6B!
zyqP(()>pivhb*}YV&(T8qrr=$v6h_$bh@OE9h^B8ylZ)Ar4;C`X$uu|EhASWI!WqU
zS*mWr-|H3Zgfc`{H%vOe5SLoUdC%CUkTs#%I!u}JLqc)nS@F0@I0L}6Oy(k(WEx?-
z{RV36{9+dY9v8Cr-O)r|UV1EOiHrtj5d_<6THEnCt>2@c{HyH=p~NBBzvc9HwjVIX
zW1rzqD!!*^WKLRp&uPd~ej%)HAx!OGsZhZ(@!p{Sc<p0#o*J#l+;7URg@!!#P4T;E
zIX=fEBe<D8fFX(MPo!$o=Z%g@IwLFa!vH0J5-D-5_&UBZ#?_a=nHt*O2e`|cH#v_n
zIzOW`mOUt&wU4We<H?>3R^#xK#;yN1_karp4F3oqq_{F$v*P995Bz{P!)caEv~o=a
z!<f7&TCGCO=w3kxc>9pi;BQ3{!B9&oXA8@6m-LP}yB$9BF}GaC;R2}OZa{m^*dV<D
z#4VMK5P!{{q4KB(u?4oj>`Jp=X-MafKg#CR%1=7R=nW%BGO;hLs83IkEEW|KaVoVH
zN{8*)C$eioKVmh_>M6F7&a@iV>crWoG-``qP7D9jhy~?d05lZ`zM@uQJ!*H%K%rn`
z5rjEPCC<6RtR~gI%+pH$<yuOZjmcpX<@&=nSB1xIA(l0Ih0E<72QJpGr)&{bAiVuQ
zTn*K{C!1bN`4<Y20H&xL5j<w#zg^;i#8orjO@ur3-(w=FREpJ+kT)fpm~_TM36kHW
z5eO)@VDm9Q@N4nPkVa_@u87>|2=9I|Nb1e?&~NWHEn`flX@GBIrx=a7T>@`iQ?#o5
zxdpel-Ih9cQ+(XN9HH0R51tQ|a5-wzAFZo6TPAEHRn*_xXxmxVS}^L4_e>HnimEN%
zoXl+;Bj?ERW1p&7ZPW;to`IIh#Z;a?8OLPmy`_R(=y|hGmqRsL=sx{=jq?twav838
z=<nzoiaTI)f-6)VyCU!PiT)M>UlAdk-a#X-innZaEymNc55JnPC{#Za*|Tk+-u_+6
zChm@hvy6PpG)#u{fLH{%)ao`A69n82N>_7?6#1iw?P@RR?78>LW$*Y=as$rxniZBE
zbHi^&6niKO7_j(wXEt94SM&JfzOgI>=R-69;gKUqSkLV`{$Sz)U%duSWqr@(ch2nS
z(9VD}$1xfEEJmS=6@#p=zv}yO=w}i<j)}wc&0lqJbp3;?ns~hkrjLvg%4+Ccs(^MJ
z5}8+f&Dqujlv%>oasXc^j2l^+451||qhCa-Kqwb2UWO|`LmSH{rC=1wOskYH46Ljk
zPiE(#HNPBxrYtdWe&SAG6@UHa=C$nD;xQw!`QQnYh3Oz;BY>n>*4CU*%_En6r@ji|
zIL5=1LB5l9dH8>=kmDPrB<LeFTL_*DwheAOyL)VD;m1|Rgu&_2j7{zD+w8awckq1F
zJUgz<IujSpVCAkx4x@Q_Q%T?qk6=QQwuJ4r?g*Zz7u==x^tfnC{$zOdii6XFKI+-6
zOn{E;zVzjmbe(X83k#wU8Eeh|uOv2SQ&xS=wn8E$_U6P|xz=|W_QRz<K0W>8%=lZn
zhfsV59Zcc1F+UdP#GbMBd9ojfM;3MQYMlg$ot~Fju&wil2Sw|6A6jIse0JU+x!8KE
zK%(gVjRa!{68g{W3#<K<-=`UpWxm4HwN>b}a0{oL3b81BE?mo;wacKQeK@3z12vG;
z$)i~F)!u=Alv{mLDep65&51{i?#9vU^Uslmi$phqib{^eV1fNVe_%3jUzs^|q&GB0
zizc&^q-3l{)uT?L2a&C5nfIY~;m=gbksOzCq2@=%DCV*vBwRnf{*tuyT}Q4Yh+=Ei
z9}_9gZugJnoY=E)xZFP>fARO^Cf2`0b?wp+H~H|S(#L?GtnpDSZfx-GE=8jXYKkjB
zVrf~Rz8Gj}#+ktLwIw)GO$1~A4G6)O;A=;as+$B25B|dx>>FYyaXa}Iez)x$wBl>;
z`2g5S;%hgRJ3QHv*5@2AL^7`nqhkh-igGPN+J}+!$youGS>JDh(A-Gen=o59kI^wk
z7D6GrhI<xiK^3q`I^S!^U>-W&i|N+dBj*b~)8{DTKm{+w-52U!igdJ8zwY3ryhgoj
zzYW|u^S8W7cyavlSS5c8NSH&#h;h>nm`ew6@!h4&xxQVJH<ZMlBiu_^kGTcaO5Y$J
z>uB9pFMNW))#><h$C=H2tG5AT$K!(85az))%U&f%Aosw*%U`%hR~`vng_3osF(NE*
z=V;tT^@erWah*lLWx%W5h@<d>2uiRF)e(+t?GhzUP?(g8HL7jBz-rS^UHJv>d)qZ-
zXWzTIz$Mz`${KCq1P{V+wi16u8yx3o!dQNl9EA^SQ*5>C{lxWMTv|=A3&g;mJubdF
zPSy?GRYDi+5-Pr?gQDKN1en~264TABe@Tb&9xXrJ`-$bLzO%F{{d#_YwC_zNl~_(2
z!1ueC2=QMV3>iZD+7U3?9(cKX6hW6<0@Yz>*Y;TUqqzMdQB(g7{#JpB77ts>rcb;9
zL@C%d8_*T84e<B=TB1=gd23nD7h}NZ->h$J1ii>j^<E*vNyvN(!BByl6TpPc%p~Lg
zMC8$1;Ek5pJo~Qho5%2#B^wphnC?mB2OQ3&a<0zb$AEf030F2E3|!gvIYV=sSz8oZ
z(E-<4SD=5O{ivo++v=5P`!DEalX}9!hs-|!^rLH?owl>{zJHGUPCj({Of^oF26x(q
zN3A8HU-0dSzB#V7ErGXnMlC%#p{Jgil<`5G5_WE6w<zrZ#a1!qDKr`R*#&zjH1hAk
z!JE~T)3$~Z@Rt2oPNF~|3T&Wt?jmNYVG*mwx+I^#Tx5(QtiIArLqx}&=3>&SpR3RM
zdN>|j;8wS^N^Slpdaqrt+2X?m90!$=Ou-0h`|k5|PDYpCze@nf3~frh8=`eNZ>4L7
z$DPzW<yaLdC6n^@HE<RaBl4*9_(F{}#IH2=a&tu*lQ*gK%*1`NW#%g*h!mGPATXMt
z(7?P(hUyxItKI8R-x-*8nfLD@i@d1nDb6sE39_xPHX^OtAaKE{uY(v4;)#1F=!XLO
zru}|Ry7)ag9kb3F2PQQ&bxc13vt!qaXcW?$A|z80r|{hm6^y<-$huM|$!!bN0~(P$
zph3@xvYFNua9y~H5i!A}M4@jZR<{#-wI~HPFdJ>f%+Ag((IV9zf%^g+fR_lv7peh3
zkXaXiP4j)ChQ2kxUw5ErEl-g%X{j~o>UG4L7ema=`(KC7VbVvU?(p>-#dyRH<zm@3
z6z$9M?tpz$FU%Vk=S&IW^73(3Ab-rL(ZMqOtICa$?jSQ4&fFh2XI4i3n|Gc|la-7Q
zbo@Cn?x!>2dQd8G3?w*kk6w2dI}j`jgRBLNKKooe3H2GIgFon${@vxQ;(h<-Lypfm
zkv`LTC<wn04t17ZFQw3zIH~5KW`TN>3?>jZi-Jf6y>n%F$Ssig{p>_yVtcqH^WtFy
zbAc81Ac}~J!sCSh3Nk0=Lr}S%?lJH0MTT!<XIY&9Mjk%mgOml?lykFMLKMRtch!;o
z5F-x!#6rXdlT0B<qZrE|gz1ByAep|J0q#FH1zs1%w4paw4L`6me}yFdo*Qe^b$ve-
z6WE|X^Ypj&ZV=})tm~}12nHU7q%w$7KAvjvV;K|$(|_U1;#8TfH|RLqC1v5;W**`G
zsb5jXL?f{vj249akxij^NpabS_w%e5mD~+srOu#GJY8#uyQJT~1nt<PQ;YOMY6>1%
zKbRWv3wA@>ic?->Ard+#;n~fZFjaK!Xj&kN1k1-tav5H?D(kCoo=mS8Dt<LBfH~jw
ze7mwxYXVe}0a_Zd7E-S{%n%Wm#Nr7Mz=7<Bbk^W+LMXAgn0G#_vmk5Y7;MapVRzAk
zY5wA>J+ExM++JS(Fs@x`?%$J&BvJG3)0L1y5hg_8RO7IGvcHEbjCPPg%MC`DM5a(&
zX!0ic%X)0}aq1b6h_@Km{)$Adi2hllsahbe=|Hu|P&P$mB1OZ0rT0@funPAyyC`dl
z!swOqOCR0NX<s7mvt*(pc->NC?zyFF@(>!Wo?Zdv)oL^C(9~x5jjOE3R8}Dns{ixZ
zTI4vBhU+uo46gl!S6J;pDAJti%E$CVrH*Y{_2eQ*k&G^zYSd)CfnZA{&CLns#`+V1
z9!(k9$b2ULm-NU)z64HSU21gbv9mP|nTM-0n<ky1>u1E3{Yw5YJcoCD0fpk4bu%c)
zGGVBG@@8g)M9{`o<4N7$-@{$b5pru`2>mKN*THl>a>M$HJ$tJo8?FQ~O>=!l(j1jm
zUM#mK)Fml5EuqSHLZ_|Lc~3iE@iK7#4xRi-R$Nqdc-2F--J2?5g57E@a5biPvWJ5_
z!#wfN3cmu(p>ws<|7>Fa#Pg_xdrSmxUoY7{Ahg93hL7A!42zGd$|hCPJ>FODQ*5il
z;*KbAqC-7M;E@5>&Zd^ht9N20lhQBgWmnD}0&xI&SZf-bdRTxKu<|uB>408)z@s-p
zjWI}9*&&LXB2@fmCznhEE@Bivui9#Q&H2bHZ{;42CxRIADkk5JH3^Fo`7m=1lnyhU
zcnO0IL`Ca8M!qVAX0xThvxpG<v9MrEQ{pjOKJgSlRo+=|GsNs2)UlQPE_N;;^73!R
zx$7Bd|J#Q(Ch|G1yxi0V%3OYngrn)(q;m+-hdZa_ln&ifvy3uA@xqM_i#(EuNHz5M
zWh}i1Il9#dj~PnQ{3m*u;?kNhNau7|E~8pBuwvlMc8#y&objnm^5MC7vbX=WwW{^m
z5o8^jIYy+6&wmD3)$oX{sZdE#OGT(~;z}=gFrm1Q?iR#&Nv_KB6wNU{+WdnsNiCbJ
z3@t3~1`f(wl|)>abxYRsk8Z@2oYuK@vVO}a+XCwlD7v~9xU{%f8N^5Tmo8)Ji|w`q
zb66y^#f~N2HvtOl&D~HbsW-t#d>~0*qUjJWQzK$Oe-6*Odt3`wTMC*#=8*!-%YI*D
zF`5J*p-vylXJPFU8!2@ZXDlViPQh{Wd<I2TooCLGtmo&ssem{Qf?tCa_vY&ZY{h5e
zXw50jJs=>!m@SQJ^p-g2(wf1J3`^TuUF(K9iBoN-x8eaNeN(`BhcEurrq`E%^XkK(
zF+P46m9BkN=%{d$W)dKobNtUQp0<M}&#BO77nbrthNs#ZJTm`<ihA`AKsqo%?M$KX
zXSRp^ktofEBZ3>k_rcDmHC6V85>|rhnMm;UoK3m{o}ceF)IpfjQN;&9#>%{2fC@Wh
zVCK;al)*|ArAc*Z)-?(EZ2F+3R|P8$?u0gDW)zz3-g=JiXY6ZwggB+c>(BVlJXluP
zH&e2zFp>GphEnyy?x3%!rO?PR>G?0MI4^QDJRH=4ug_lPh0g&d3pYSFa^l};8oQdu
zVgU!I*}b_YqEwV9+K2w2H}T&Q1aP-Vk@&LhFi8xC7}<>>6=0CyBpf6$Ij8-6cmatB
zZNkD$^aEx`p>+1hW^_a(s7un8bDxFQCDK=}Uw<O!<4R^=FL$Y2)JRsB7>~3{+!_g+
zGW}TJN6x6dE6*96H5Rl4m}h$qZyX*LY%}BL>VO9uX5BzKaPiM4r(xb>T#!;sEPfE?
z*0u^vWZw8Hzga1RLVdKGJW@nTr&dL>#j8lRS50boN^kapqVO&?^o)&r;MB2;@ma7*
zdOeIn$W}i+47ftDXw1i#0N9F<(R-R`gn@k9HNgVpB6a+>L%dNpm=PU5r)AT&cSf`0
zH0B*}j^PY44IOm&YJnr#0J6N7SxwRi8N~;M_Z~TnRG}E+i1uBZAxc#SIg%yxjG;01
z<n-Qq|0Y>J^*ep&%$nTCtJIoI35(LM;4i2eSS~BcyOzUv*e6U~_kT(F`z}42INgpR
z`erJxeXUtNXWSY%7C51QmYB#G;?T`AnNRp}<FceT8hEtInlEv^Vf~$xZ%*JVRaB(x
zpU1(G>!<gHNmQFgY-zTws6|+#<WY=IbNUA#OIV38-U=PxdKm3<QhKde^A)B1eC8|r
zY%OMQz3sD--F|wv5eQJPwya-@%zmx3hzDMlReseM#Kq9Xs@SW?vB<0X7Z0UMkh@nH
zi`8Sy$M?1>FHcCoA&Fckg(F8t*2cyT?nf!W38g2X`un@!i&_G*4?^wVmW_bN%Uz6P
zYj#AM5P_h@H+TIiw9?skI@Qbre<<SDkO`BeY3sC&^tU<BN2pkO?93x<GB4iIpU+QD
zlD+?S?h^PtgQRl;f8#Li@qS<}Y>^JN|KrB%)Q48Vyo~py9Jdi`r8Sj*w(^;@!P04i
z1vp@RLI$w`iuO`RL!uz|5-70K8ZFdIT1a$v8L&0%Wpn?m1kO{_|46LA?KD@ziwLIw
zae$Wyefc<F@tm3w47yOh(a=nvJ9l7f=lmeS!!zGWS-@8;T4I|lU%EwuoKK(6I>L0v
z1Ls!OYGA|>_j6d&`rB-zRlTek68vk3GKmg7)e2#3;H|PZv;5L?kZY;Mli!!kAW`(Q
zgg9FP2kB#Fu7ET=*O*_S_5Jv_{(0``l8p0hcHDCJJyP^EG@PzuVV_?b1_Q}CzZsvQ
zGmxc1nD&ZO-pW>$1EY>gg*ESae!NQagGTxFyfbUpI<s(p>E#mDV-HSPgUsV;X#_S)
z=BLR5>?J=;@n9W4L!tlAKN96cn!?Nkdp5uNYK9<66mJV@8+jQmcp0tmNbxwYwA^{M
z)F&zpL$&6Z^JJf#AdA#1tJcCF;PHLw5B&P3%#&m)`N{~)k3YQYKF3Aw0Rw5s$h30W
z0#hz?Io<gOBJcN*ebWQq92AtL3h1owYKldCGg+&E!4}-?dNXVAemdyd16JeJj=w_G
z|7TqsexANCa`BI`Z$dc@lnPWGW_7HE80ly}il0RG`W5wi@C~Mh^fSQB>rduDMpr)@
zppX==8h#|b4jq5qUtxOx^5sidFY|>*?`M5PG@)qg!^yRO^lMD^r|mO#T@j5Gn!!7e
z6Wou6;NH4-pXf2DVF$)$GdtN4X5L={y(ADB>T96ssYIX9x9~FQ@%F0ddsFa0HVy0-
z-EE7TQ+k^nG$nr<PLrb%ls9?(d$#y`1mw@f(&a^X@X9zU78Th_w=5XI?8i6leI!8{
zW=gSf^YbMwxdl|reS$Q~!3elVuKO8?^}$!`nSJeem(n$MbZP}}W%Sz(ir}e<z?Z17
z8h3cqqcI~k2z|aJr!8>ak1sxa%+1K`|B=bcqa~<Q^Fgh5Tv>3&bVFX<`NHJ$lk)7=
zV8l;rD_vT$N&}rw;|EW-!nPj30dDq6aY($QOt<Wk?y-LM0~IFbLW+7@xrVZ~X2cNF
zF3-0^TR<!k8!M`xiW8dOkRz4b8z`0e4EXF^1iIb2Qt&_Lz`E-a8IGbeGKfcax4c8K
zj~<QPbJ>aJ{CXPtseh-w2*;DV-byd{LL0}R`!h^g5ZN$%m(LQBmPb+OIRw#%Mqq?n
zq*%X27AlO3@Y7C}I)62qkEA8MtD3l}KoW8z@RhRb#_*3ZEfRf1;ycebuz3nXVX~}g
zr8fVDKZIZ3hR;J-QwHBu*gEYG)GOsWJOza`&C`MDg}o^XLpehu{$L@_TEKm*S_vHN
zS;!0QaA&n0s1l5&^cdV~6{k$_n1LJPinaJbBwx1)670q``@0!EJ8*XBhG$L+LfhQz
z2*wh-=D_5Q;o*)4C7onzP(74Zv_IFs0XU2<`4~lGMvU@N-i0wSr)Xcm=n00oXJOth
z*`S+C*|ly%ItK)K#(Bv)H*o!4)?4ezjSYXY{gZce+P%T&IXH7FL<cDBNkz2z!u^UM
zkfq#bHnK7hu{;$^(+_?T!g}Q5%yYQJPx322>ock`M_b-{nl^e4yx6xYiDS|Z{BtAJ
zJ(2`l{qpjGbBcmgr0|LpUpx-Gzqlt<ZgNeR6J(@(PNAVF7sm(rrCj|J$(yWf9uMsM
z8qp%r6WY+#-V`=fIQZ;j9%9~342_8#gqCE7To-1ryo6kVmV=x0^xciobkK?x7Igb~
zXu#5Fz$S9ag?EDux}<;qasPJ>Fk#UT22hq1g<8D)4HpsF$ozts3!(`nn{=NHSmW+0
zB($u?r3A5H>F!p9Qnj`JJ9u8v=@E!gahv7Q%=W?LX;r!fpB@};WOFa12#cJr#;rpr
z4<VBd)x?27*UiDDi3?|O$~Y;i0}-x~16>*|pY19e*%E<|y%?Vy2d)M#vLlAL`7<1@
z@mGgcMhnbdTSvw7MDHUr3jIj~-s^H_c0V#5@Gn0d!y4s0w!M`Yf;?w%z^;kXN_>i*
zK>5I|QlK@1)5?~gtf_Jpd^-86CHQkA!$G|NRSJ3^S8yeo7<?>N^;S@Mg_~1X#RHpe
z)2vFBJ!OR7qP@LG3sy{9-QFVe;n%b8UUsPn=<<>8e4Rf==%j_CtRuN?)FR(}uf`3^
zfG6s9lVqjuM7?0tBED9Pou2+|`9KN^BoLCwYbO}eNrpg%ri2(nFyMqp4`)MW+t*Hk
zqmsj}$xt8IA#S{R$w85yTKB3u%zfGVJ+X9QDmn=o!MSxqj~n1S97s-28?{Pj7aZs_
z%a=grjiFY=rxn`PJ&0%6vBB=^q-Ji8*y<GT2s_J*(9n1e^hOuktf#BMq|Ebl6t>C*
zp7O#!2if}H=Moa`K25z)sX|r1_lKW}#Wh(^d*Duq69h!-m^sUQ88QVwl<W$awSDZZ
zJBQ=)WVqC*Yu}Qlv&O)DC&F<*2-#6Fr17C`^Q%uP@zY9`(co6nR{DptoulciA60WS
zz~=6Xf8oc&M1|qY_$csBhb+RCFRLWGAT}v<U=O%!04rGFzflv@?^|7Jcz^v)SOODC
z?g>%wcNC~>+-D3S`Nx`yz&0$wYGxBPl*Vq-ymBJ`1QVz6kNj<f27%nTVk|yRvDIxD
z2}Y@}cQatqcH2l<Q}!s(tJ0)wq9Yc;e<2I^-nc7g>Lk<F)@$U@P%p!QPt`COkhQ*=
z9QhLFsJY^2`96yk_L;w{u=n{g%(Y#$Ca~ADy^28pN<i_jLj2Q&1Jdng*URk*Il8py
zguYOwsX4_U2<xBPc-(*~$3fyJ2p3g3(L1@YFQR#qnj?QMT*Umd#%(@SmNADyqgPta
zYE3%J?N5dFNDj+U?rwA$BM|@N=q#h6?Aj<yGxX41Lx*&OGzf_Fz<_kObaxKj3P?*1
zU4nFjG|~dnB_be7$M?M7&-uk#vkqtOv+rx~%~*CMuFl<WZ*60&m8e3fFv{bNlK?kv
zC3=I_`oo7RK=SaH@dSvTX(?7mx^J|#QroSi;5rO>$_Rw4$ZdVgw<4|48JiU^m_}fg
zz|%pPRDr?@z6<R(t@aM0h}piqrR0-oxpiZy)yK-lj=||-u+R8!nf*&vKy1ggO}Av(
z?5Tvmd_{eOMP*~5On!FITQ;PO#OfL;`^3LXf>mQj^3m%|{kdwlnQs`%J#AsD#;p#0
zamkYM(wkOaFgle5C~%Q34cL)CvF{gRyuz)kbN%cTz?@sZ#cY@{1ZJw3qo-s<W+xq8
zkiB{Yh-SdQFtPu~O$;dzBmDk!O|(JGL!0?Gf60{X?v3pW3Jt6YsBlFo!5?x0e7g{?
zGE!2XYn!pU6t3!>%Of50^h=B0&BZswH3>X5Jaz)iIJJc{b_+yXZ4>)Muu&i{ei%6%
z6oqto`W9G@Pd7%{6HSMPg#7NnCw0)ey&<0TMEb;_V^B>Bshh<t5TmS>!GHUa>z5g?
zSwG1xsv=uZ#PzkWI)pDC%(1e;E+PxUdHW>51Q8XH2pS!>ytugNKkQaih29%(lgy!)
zB0eJ~tktXP)I=vtl41k()pnM-l*+tAzX#vrkyOwAF8WRCBywPGD~#<wDg3@|?d_P>
zfEFq?J?-xI&)!2!VQdXA!ZMLZy_UUAHeZ8A{c`{CjtF^)(M2nCmGkYNpr544KK)l%
zH}De^Oe~_rlNhZ2<x`8raOxLYP{3Bc#Xp8cEMfuj>~~Of%@3%m+tTkus4LmuCFgi5
z7YBlXFUrd0%ZDkY1&Y_RZ(C8!u^&+U+WFmL2e<e4hbNdSk?O5J4o5IyBk*O*2e-qv
zig^uFEOw}~4cgnO6Sp*txDQlSzu&@y_qXi0VzIq$zh@CkS0X>SCdYF9vn%}(3_d2<
z{VwB~$!}9C5y^qYXt|U+l1+SlD3q)x`h8Mvw(2Q41>h)8(#Zm6cs`!J7a)a(>#@H!
zXU7g6Nx$d2$`h#O56r$mPJaiNnb92x58Dqn2F;>1oD6dkNBk31uqkHZP(v4a;fz(~
z=-ECj9qhB$L|-0!bK#Xq-_S=_-Yb>_^<{XyBi|HOjlO}?sGvP`2OKDfyrBfHA$Ts}
zkaJ~Y#S3&(4fMq*V(kK=1uLXypO&R_)j907;~JUzYo22uh_GCtRxhDexF5hs);>q4
zE0Cb=S)YGf(K6`k>gw+H_f_O`jJNO&9<-D#-I`{Dn4|HDZQ;39KMKT5`r(weN3pcH
z)E%l0q_A;vB-yH1AksBbo&4nc4|4GU>fUu&zw(4kMdZ_znpf-3nE+|8V6$Pk=u5hk
zEr-Yu`31~`Rn<@ikGRS@C$!X5kQY5hjP%Yn6lzgZ)J?;hq(bV0t)qXg>;4B&_;UPv
zH+eryaE>&Z>>>J>{uL;S8e#8JD53rE6%ioPyA*E&ulgu$i&Eop?JU4rKeh7wy{SjV
zKG$3b9CY<KNuRWk_a=N$t3+lK^L5`6e>r1niDscJ{3cS3mD_bi7yqK~h^_kB#&(RU
z-4_;A)(c1bFH>}02=)n1fkZVFqvm@?tO>eDp@w?uW3BU~OQ}>N79Wl0f(*T0=XWK`
zc$d1?Da$NC?~X20_BS5QfV&RC{+x9}S{f~+X9Z8s^0ZB3w%q>vdTMt{SNvDSL(dS3
zyWH)*iAy%zk5jnw;R*p)Yt}P*wM24fDx^!dQ7U_c8ino_u|3N43B$>~d6hvqi7u|M
zxL+99V<a11-!zb<($JLT#LkOdeQ`YYOx&CTZFYVP^$Yr~NSO9VY<vZn{coKQPUlmN
zZk`?`L3eNvqX3%HESQKI+j|P^uVN;b))|8&fO70&`}Ai&fi04e9oYA1OVldA@sgq=
zw6n5B`?OW%w?XPt!Y0#j+&2;X>jTx$dhxj;+G1Ai8HN!5Y^3Np`*rZeCLqep_>q$n
z_IZ|ckZ7|*<XhP>mx@zzBct>dRUOS@2<*tBWN(^bk%=`KRR&Zv@<Kn+p;7Nvtvep+
zF}Jt9)JI)F0{D>!U7KfwpOpVej3CcB-_+PNg24(mKU$HBFxuHHRVYLa4(+wC{{Gb?
zr_Belxs2ooKSUEo0yK|9Wt=PxEIoWIJ1%Ka-WywdtC!GKtcy~NrRSg=nFD(vP2wt6
zng;(o+%nOWzaZ%XR|`j-uO*qHRXhg;l@2*liHw~|(8at7St@>#Qa>wl;X;!=3rHwd
zE`bx6r^K~}@Sd_Zfn--bNSdR)Cu6katHgV%5ZLcgC`MK)&AP-$Bz=I|0b7^(Y2BJ8
zy#f;*VmiZmHQle>CV>)-G>e6t3*Og9GY?0vMw1Hs{9bXs^L^}7N{!duaH~;V!G`>b
z^;M4)#a`syQP_*I&hg5LX@vVgh*P;!_Gii_)wG=~7R9cFu3Y9BN}pPcYyhhM`KqlK
z3LVPpfYMn3zH=mtGrZwy#5vp85DgjKuTg;`%+>F{8)C@``)aYeb!%y2&F2Krnf<Ra
zg`hjnjA>@Za(Dhhrfe)yCB@&KH&#}gjag)jFce~NyL3>b8tUjB!o42wp?LWYy4|t^
zHuHCzJ^tNNE#w}In?1poux^4s7k=w!*T6*Uw!H3v`DPQiKne>BkqzUQG%+oRto6^o
zi`!XuncwVuy%-0re;HJ?RcOwNiXZd%5(T@Sg-Fy7#7E1D<!cPiww*fn7&F$t)SD^;
zjp1u8HVz~G%au01aTW2F*yfBkKamk|pUxb)bp6<=OIk`z;;vmW9sV*{x-j(qR1{|9
zM_BraMi6V3MnBph6cQz3v`mUdr!|R9(Ej<!A5Ign6WX@+QbvYJAY8RyamKb8=!!6a
zwi@xgZP9^P=&=44-4rhSoIhNyL9{qF&qTty?jtswd@ajE(u{t(<EP6`C&V`#|92<y
zvkReun`ksVFO~wyj14S5@U=|>?#Oq+2R(PTE_+?)OtV{o;6nyKjmY{Tjeh#(=ge<v
z!u_T~6QhxOCxqhF=*t1wkx~@hp`|%B#jP_?Gvf0b!DQ4a+hUhiSC2|5HPpFd^p~mA
zvN^j6)y!YWY!Dx!??y+1j}oQR%w$p%2=Z%ZqKcf%Meuj2U(bf{QdvQ;{Ye(NZ5li~
z@XauP(@1%g<z!}8Ai+uM?XDKkiqvd92K18xxPE0R<&3Hg%*K`%cj#LZrnyVeU3o)a
z=vPyqP-~-yV80%l*Z8VJ7Ify<Lz@7$1z&xDC7}`0UP<aKy4fElP*`H~YvNx=ieD75
zlM@F3EcvSc4I3%tn*Z}f%p1HTDqO9;*>Go%dxE&P*};l?t4?-ha(TTq1dJs;XW_=7
zp`nFSwm=f8963^-si|ogj1dAN8zVEwS+Q|*yVyQG#cOA7)pz5YVf5s3`XE?an7PH@
zm+o`6^a4YwmwME=W%g2a$V!%y$v&oP2objN%eeb$rxo#Agr57`XP1SVNzSbJ)CQfL
z%<gs^QFU|C46zqCB|VTeQL_CBAulMM9xOY<KSbpjl`LG16_UFe&N4Mgp$bx`?}LF$
zO2|IKwR&QRkq$?c_&}@Jf?!r90bFG|JuGbR*)lRu_aA3p&ej$$8RSM73-QHS@M&O%
zBP5(rqrAh5j@=)|96$0+Im4)0H9q_{9{llF)w>3*r~g~5cU;;4EH!$;ydtXPAWofn
z+Yw1$jB4@SwyeKM9VWBGgfbk~-ovvf3$~^d{v2V(v&ESFZvZDCMn91OmF>o{K==)a
zk+=~a6YuHzGe!|($5^j)lc6=6$7En(Asgq@^EZ^L=b=xDH~!Xnzr5?-$m2UOK)!Kv
z|J*`J@e3*ept8<0T-D`iGEz2kt3#=@dlQsvgXN`3B1_>I6-M?86;5W09zPe`;(T{H
zh3TFG3vanGOM_3IL`xNimm6iu#}aS%Q3<OSX(P~5=2uQdrku$Txe9u5hI=8*A>TgS
zHNUE(`i17K9_t!Of$|-PM9UJd=B4>>J;#-4cJGM9D>rbwZ7QLAeS&kSKSSlZt2GFH
zuW>zZ7$b_vX0T?L44w&xzj`?DgX{X+<I{!7&^ZPclfR5ano}j)QJ@*S?nIPuaM>=Q
zK8eQT#gqMrIjG^lTT4MW$S?loNa9f4Sb)|dNEB5`NN}=kF59vV<0xLBXU9dsUN#+C
z>?HgkI=&v|Bxo)dzYgB?rkji+8kj`ELrx*i=>kV|$|**%S2s@#at&Ys&nZy%-CKn)
zrcvaNxG>yofrjn>j%YEu#0ZXKqmz!>BcCFa_D%}-^iI6g9WevY-OOy?YKT;<11v+2
ztfgdumhFFyED3Y_5f)=MFMp{OMJ`C7AW`l}ORg)|cyE2)Mn#DuK+|^Wc5PhS$QWb|
zXJ9yiYyXyris5g1YN@iv^ZtBw?u>*-W14z2X>QF<G9=N5lyu>c8xv=lm@62^F4(*W
zs{+MlTPlsmu{P7k&pn0()n{Z@{zaXfzcW;0zV9mxdOj~C=)E1>Erv=fQNy$AA1Z1-
zw2Kp_aT1s9@_;=}GSDohCv|zMj)Zj8_NppxJKQVmN;7$A2^VYTN)2YhOzMO9l_uCm
zgFQA_d$z)LY1<tk^J66rdySuj2I8Zp>JVdA+aJxHo1Kl-R@Lqp)(MRmn)A|I-Q{#D
zPCCF=WmMK<#U)_jp}0|dA{hCa_$Hy->?hSPIYpY~x}$>tD)CE{`WMKV3+ZRWFYQ0!
zzEPI4^7xE$E14`JGlnyBTB!KMNZx=uDN9(*JEt;+%TsgO9S=UpR6}B=Xv9?(6>oI}
zutyD>XTa*_=bP|h^C)Z5a<}4CCdN;AQ5UCb6J^MB6nD51L<p*ss9&^R;x)ut*}r`{
zD=OG@ynnkrtX~Wc>NPBSZW5TVjSf0LmKt)zOv<r<ar7luC1~#WhbX-EGU3tkBqKa&
zaUxOdU=Bg<++xW>-?t7YU@NN8ehD;-yYq5B>GA#8G2Is1lQCmIMRNWZxU3$cux__c
z{5UK41)!*hYkT6^^mbN~*n7sh>IQQ?@9QU4heU5$D+X+!L6zo>nm`_AIuLy3D?jL5
z3?^vVw=RgK((ZWs!8urpmMz}PzA5B2dx|#$$8<OcHePr<Kto_xte?r%5U5Z`eK)6J
z{2E1yw138;-w+(89}ySp#YGtnk)?OV*%DMM%6o&fjUL9Ewl(ZD00S|CXgIK#!!5@I
zZcE83E-6;BV$tG`@x$LLf6|D$+OI!~<@||hbV!gvEK^_j#K#exA)7;(4f6!&$om+V
zMr2#lu%vWu)Kyt3#KFrD;v!69&&TQc5l!J-$Fv%clo4j@UNSiWa_s+}{$;TO(_q~6
z6b|del4;0*l>3&73Y3XsZnhczfy+G7e^f)5lVR`Nx06<@3NSVUB`{&HEeDASRW6W!
zQtGDXiI*|R^LxM*D$~@id^_Y`Ja0?g{e5XfRFfOKp-+Cf@3<e6kNFx7;$hPI{wa+<
ze$2KRSu-k-!n6Z_i)>F>4Qsg9WErS~@qde#vZ9cVM2~FG?-8OHH9paEwtVu>wJnlA
zIb3HEC^)^iK#t6>eWc#QLW5TjrSi_`BdIN|d(gZpYJ8nYAHT;((k@m4H-8ZpzzR_b
zvheA9{A>Q6<$@;m^=o@$7RLje_(k{5Id^8;Q)P^6u0#_GYi`Dv`H&fCevZ5b6gT%%
zQ^OFqHas(Xw(Z5CqFV0#6lR5-r&Rt-gGh`8QZQs821f#}8->PsA}6P4vW%RFnK=1h
zaY4t#?nV2m^N4#8ASW^~9Nzu;gK~(4jtW14gtx)C%`t<5g7^e?EFgb?(6J3yLJTjp
z&9B-HYi%hhtIk&s4>a<!z7<%1Ug94P@|Rdn)0Tf<ISk|WeTQ|1D@On^x|T5xME1ir
zdcpmM-IM$GV+cV88r41^U+?du4<hSU{~b>YP{JnJ*2~lh2?{E@!QigLhv&^40%C<(
zPf&kS7-N5=1)KRx|7{XWbXflugRD38TjcP-(LQ8($r!}94rmFpxAq@Txzj^QjvWRe
z0e`jSiuR<3)r(8SK0z~yjOY13yXUMQk6%9pX*c5@E=;bp5S!-Y2(d`ecV4<Li7-ax
zWvSTEWU~*!M6mWc`@dAdyl68Lh}TgVm>vfUyGAkRhFrx3l+YHs%=c4T0@5iE0aAq>
z1D26r_Zu8WMF;8RMVV?;xv5(RLWVNUzjtbj<#a>Thr}nubks=mq4LRZ;<H5Q20eCP
z$xYwy0=wJCw4B0%!qzi*-4RzKv~BIwS>*oaM%E!VmcIzqTo?jEmQz*?Ly_<4!-Xya
z!U}raH826+j>Mj_V?5f}@{;#w#ewiw9b4tcKnKn?FLwAE+VOv2E}CS-+t}_{9EE>{
z49fX!F;mVZPGBmI&@>qAOm9?1uMc{Ezoh}UUmidFZGk}Iq4;S!>0l1FDRKV7PS>UP
z8-!4(A#-&^c2JXvPQ>}@>9t~uF*h01TjICo;Oys9sc8qA9CmwhJr2eAG}yF>uLKP<
z+nYhlMkz3IR3edPBCcZ;xP=>e=X@6+V#eB`Ih1;mvkGFP6%@lR{db0ewmfgSd~AWH
z->|Ci>!8rk*e<0o689z`L-gU{;ql)07p?Gn0jUOZ4~w(Dq3~WIpTqxrJ2gI8aHJr&
zJFGQE+#pUN%mW}8y@vCM*~?>~u&Fi6^B!fLSTU-vt<%*pD@$xWG>Q;`ApZPTxC{;b
z_xx|ud^mtz$sZP*QvH5W(rBL$y_lloi75v>FIqem)lr9D6v#*EJLR(KXSH1R6qrq%
z9*43P8{cR?v1tn2u4c?@lww$XNt%14eDzZ%<RGQqZC5YrgH1_%&d5_kaAD|eR{UiS
zJnC|m{^?(6e^N+5Ktyo9j!~UHclf*t(WAj{_I3~XgepZ6IE0uGFW^g0Y_CfFr>bSP
ztrFe8nrzQARt+{3vyl!T{BpmIF;0`gMtY>Rv-zn4kAcV$bM8ETWi}0^_Im(3>8lzH
zu(9=eqN%O_=Ea+!v^#k9*zNGswnu%6o4QTNajwa9DdoqT@hRLNLPCw?yF(r;XCL(Q
zr19F}h>*v-#d}H!WpZV5<U6ax|ExE@og2Kp4?DRG6rQ6#od7Hm`gmdnJfhOJ<haq4
zG_YfqhEd+19D7A*<Dk)g)ZJn5hSLr?ocpnpx;5fd8`tKVSY^dA^OrL3kru7UI&{n-
zMN-@<okd}?1V^q#J>q?3nlus?A3-=G%FFWD^%Y(gmSE2}eO=F&*mrLOB6gbn)4_2D
z@`@QxmwWHwi5zk~a)DFi3185aHju;00hM8v-o@l~jUrX0+l_i^Mwl>$m58h_BZaaG
zFXK#9R-y;W(Bn`gkre#Y`8&Yu*@ytT{aV|*hQ8c#|Bw)$RJItLT`VMI3U%;w^eD;<
z+B-c`l94(NEfh3UP^qBqG;tf<``p0x%9iLy5G_s%#8qAK=oF2h5y6?cY+*Qg=y|AH
zjAC|ub%miz66WEjF*^yXnx;?Fk-zuHZM*lZ>(lASJ(yGB?zCRuP(-7_r!*aYVV1IG
zL0k0dMl8893Rti*U=L!v<t94~((o2sYNig?!nmQK-_D-<7TuweQ4)BtNGeS(Buf8u
zev@*-#+m3&erFV<x_4IToj7%O8-Ed(6BjLXB=&Btzw$?UUXmlJ6~4s+jxcIYfZJI-
zJsy5oT3QA2j4hh696sLxostkHSN0Qd4lA?)w-))eI`R3pa|Q$>Yg*9w=;^&jD}>3o
zuGX;dOxap)_Gs*cM+yUdM=UIk^F$<UrJdKgZ8HwkOLfn)$2{d+V`L^oPChHm-2F#V
z=HqxZ2ex~wF)e;)xr0Ubml35gG-}N0*g?!LTta;CmM8lk=;Hh_+V=VW1bG|lg(=*W
zfzc#@Q){KH#toHF#%nw-^u8?=^)Ka4dp<7$9NR<8&)Ao4m1SA0h}>5uRQLWhbc*B4
zVN`+w!xld{z5hBDYb=oQ6}kidS(F0B8oH`5ORAOC>T)%*KADT{#IhPosty?)44$Jf
z$>GxbNM{+fh<`>*Cz9C#L&xVFieoQ}3IU?(!e0GGB6~H}@8VIz!EnFgdu}p&NdN*d
zh%>ejstgYNIQ7vI&(;@+NLh45hhE>G^(uTCB<>@Iw5D8&ew?yx_74tL;@Q-G;YJPK
zQ2I7qodOI2By~t-35BSV9mYINIgWCyF)#Me$#Ij@E_oUF;h(z{(FWe|g~bt;Fz6Uk
zJ8*O6iGIXeU~&td%>$$g7#an~iZSeNS~$6=Vcsl$5hY`;aIa(@H)LmTN*W9+s_Yr)
z^UrN@pc?uswI5R(VT;B;!iiReXynYlcDU>$>Il*W-qn)VrmO2A&#yZ6D~Oby{YR6S
zyW;NoB@{te&B=rQy)H{;Akz7PjVHGsJqC!0;Tp%>b#KMLz%f4l91x(!k&hpHwSN-Q
z=49J!t`EEQ84xnE*LV%?)%k{^v#m5M)z7p@ne~gh3tcwrT#ey~B`WO(5y_d;?8L*X
z#Q+f~obpg(jN0%?a7pn4EeZ0i18-}@M5KXrJ8z0Z2K2*+9SZjsdQO>i)W1&l<00Br
zm9F^PTm(Hq`J=@$WvR;e7Sd*7_WDUw7}IJEpQ)bmR1lJhFDSiv(Rhq@3SJ1KEYL$J
zS2h|>l+em9isBd{d|h3=y;hgN1=d<KskCzoT!j8VJKLRXFCA|)f4+xXE!xwG<8fNx
zCdG$Eafi=|EiFt|N(wV)LFs`2Xp%6JN25jTFMNb`9Xe_n<9*O!B1~H|J^8#B>>gz`
zFy^JnyiC|pkObCcO<g6zp!XsAUU!-k5<7^Trm7;cHw`7lz{>;X9E_Q!w%?rQix*XL
z36vDqZv2hTB0x=>e>-bK{8lRCRQPe^b~1lGVmtxm>tqd(P)@NsI*JKGvIt_(V1>YG
zP?)h6QG{3*DAYxbX>tLw-)TW;N-WvD8OU^C1t2W~b|fkKYhsUS-ClO};z03fw#t~D
zF{M}R>uUzqE~n*MO-QX#vf+{e?f8kK9d&j~p}2@LfoUs>kCjCO_hR!zdnm58BlbM#
zR=ppc3v`uud>dg5X{<^dg@>f)eq+b^z(BRxQ}y$|rJcE)&>LFYOXIe`m9?CtxnKXy
zcN3o*w&R`z?mTf=$8q((UP0U}hJGyR_;NNSIz*C<l5rqK<C96Gnq9BIaXT5jjIFKa
z$by#rswmzflK8kr5(=GyTn~`jq>!tiYnR7~#MEXj>^+iLDg6#-9Py?Fb8)=T(jv{~
ze<Cj){2*k(3fbvX%<-u7>k)HqyYyisq#dwq5edd`j5d~)qG7=4lK!<h4znLdc&@)6
zf?zI;r=j%cmL&y~=U7fJv@m@g#_uS|m$4Y#yJ+xdiyY|qh?5Z5YSgc+NJg7gY%hzN
zNZ&%`7R<L@oSx&~Z94eAK51Ht!i**a)E{3&f7M#efBgdv3R!briUC)5nDUSzbGwNz
zP9^>nc^&q}o$eks6Zhp;REcg#W?arsN`uoq%1;kWDb1O*9;X&ByKtIFvxLczr)?-=
zD*hQ+3JTbHK3kx^*-!(*3)sN*wk4SyuSr;0mJnF~xQB{Ne8ql6J4k<wbMuuhoVMFb
zUBCC@I9#uAJ7&0U_NKKy`0TPhG&t;gfChJ3AvWE=y1M#oTK^I$yH*`#oMMZxy~})9
zAq<<#xMm=><_$#Fr;gRF>Cio5jzhK$uvRe7Xwiki3kig2a8u%KPN;=(6__DKhElxP
z+B<9(3=FH=q~Who|6wNye^v6&FuHA|R%DltxmQJ3r4lMJqo=0!L32y}5nR`r+)eT3
zK^3ovsP<Ju;NNMT-4P{`(kkO?LLWEgbZ@cdrs?7a+SF0=sbm5kB?TUagJGg>iNoTp
zn{Xj_%hJ)t+-GGa@6ek|StUls*(Krqg+fgey3Wfl@{0lbDyBm;Lt4;2Lw--X*i~m~
zfkP)529iuZog0NJKO}Nu7RP7Xn#?*e>GKT2JO{M_lB{fwY%=SUJb{-4mwwV|ZYIk)
zR^{xMdDS93nK7oLRquOTaxaft0s_7}ixd>bniw0}X=9e&CM)6gwOQIYfBry{koL&H
zGZW0ayHc18l{`d@6TRaT{g4U0xch65#a~s5{EOGwSvi~49tVk#w(b-%WA)0lOQN3W
zv$$bCORC3j2pZSMKf7}frr{kk)!QU06|u5X?k}!cHiRX6nOQA}Dg^1<bofY!6y2b1
zZ6QTkshY?3b$-k%h56)Neq^Il0$gqUIZgdpyq$>84y`$C_`4*eJsswh7;LXGCG1*k
zceFTkD>A6fmYZcEYQ>0;VD=;l{5LgZ&F?*aPut<<c4BHAhHG<DDlAZav`DZJvCu3s
zNT!O8sL+nFxB)icT|$`LXrGcJ|M)bcGWOd`k<g)@OA(U(Kqtc@Yrw<>r+M(a)Z916
zlB*c7M9l!P)4X(o!-kcHs-f~*8bzsLGt5gTWJV@Q6eu6@JQJh%SOXhO;j&AE#sfo4
ze!1~6RyL*hiCqP&^5G~~s%lua$J=gx!NK0Lgg?-H`(eBP&bfvti_9(@wW`JKikKNB
zyE<^j{Muu5lg|0vrj13Zq*t+&{?6<VypcWosR#M9@OY?F6C0QFT(E2Lt5Ryn3yVV)
z1mH=CL9v3m%e3s^M7LE<P$&CgUNUAuJ;<kV1HH^ZMN7N`jVF0UYxCaU>vT?DkfnoN
z{6)D#2T8^ex<av1{y#6nsoWemOfl={KJk9dDdcdS9^cA0*_-sl=QFG?ark|lehYmP
zOF!4UhKvc4%-EVV1@8hn0hpkvi+Y?V-F*)$-j`y;95{0@=_T_%!%g;)-iEW8!z9P_
zp(5JzSC0N7*6?Qxpn8L@0xl*VP1FRUGY+2}62V=PyT>>hQffzXugy%q_q?GCT;Jez
zu>C%nrDB<Nm#i?0(9g}C-z%mTeU~>9w0`OFC|<Y{%%?}BmZkf%g9q)aq443VWq}Uj
zWZVW=L08N-y5#=*!0YgN5|J*LhMgv0XL&`#X0lX4twV={EI6UUog00$e$ALN<y-)}
z6N=Z-U53u%9(tO4%(i~~-hiaVjEc;@gc@CAh_TMSrKnXVM6vo-=zuembI>JhfXkCU
zwbHtWN>5B)3s#bvXMOH&SD@h5)Hc!#qoWgw0h3vwBTlH0z(|DWlMQ-d-Ds?R-Cy%A
zLwXAjP}fk8u+|B-o6`4SNi66cv=;X5Zz$x9`=R`ZOh7X5_YapT#qjaPnV1;Zct>3`
z_r4bq$)HD?_6A&yS^=8E_Ku!I(<8{4v2RiCp>!k9jz8)#y7SM*>QaG1X(BWhwf~^<
z9w@WD#J$+an?(0qwnJ2|`^fYhgsv6KuE(`9GL+>hz%$vJnaG%n-DbPxL5BM8P6crl
ze#ds0xWUoHdWne9McTezJ$nH}9~F+1Y!VxmR&rxDC<WV;@4bF!jQ?MCQeyNHbDkPa
z5B=H$99F6~T#nOj$jKGNHnoSBE7S6V)#MX{*PDR67e6w8&IZ<#Lz)`og%#?dVXUM|
z7ibhY84S{yDp`vZ5_{6!6^S=9W9hWnl%6z|#6#0v8XHX<X=2$UD99Dn1%7B`*EKZd
zM_W)}{N3>wkFgg1Cl(HuN|9Hr3>>yk9Tpi9LvH9*5f(X}_5CDVgh(<9l$RJ%f!KRy
zz$)`k{#v?u`P0nbdetCuM;R;0zdSAUHy-3cE`5Lsrip#XlD7uOYvUTTKVl6CcofCq
zM8$r<i&O5jCbuKZCFV&g`JLDOn_jCEcyMn^KAi(8d=!DGJP);9cbW1uD+a8?N1vmP
z+aSW~_Kn~A6D*3v)`Y*PVW<q!7^!$6Y(LSE9%J3ZNS?%!PyTfvIK_DE-zTX?g+Bpf
zz2c>LE|U=Y_`5CYjre$e$Q^mjC80->qv9H@8(7KVC}SgQf)@KL9b@BAhr>gh0b>mH
zIkKNQ*nYbSK;EN+e3a`}oyoq)lJ%EI3b0kTj$Av!Vm4f38w8>VTX2v#-S&~R!Y%y*
z0^~!!osJ6VU=^xE3kwR0es*tQ=nMMHnd@akp+KqtFbwV*P%wn@32(9bXiQUTdlaeg
z`~3K(1vN7>bJq}%uw$m)Mh6@ec-qyR21y>wQ!;Vj-X`la3aiI@*NCj1Wt+6kxrQgv
zPi!G>XvJeBIZ^&coflq}cEp3eO#=cjJNuG&nn)NXv>jC08{!`_J!vIpojmBCj`T_M
z3#4o^x``1&ug=MZ;0^U4nxQ5@rR@Lylr!0?v_4s8B0`F}QPmKyxwhzBH&GT7kDwwo
zpQ*1GXJOVQ<P0Mwm?v7J=J?%FN0{nXpo`{{n(R~kKB30NpRbw7VLI6NTjqi0iR))>
zv!HS9i&`9h2mgaSoi-V%+Cl(EptCnk8>LIUjDt5Aruw1sp{=Q5zjr#D+ZV@L8J3+K
zAiAz$ZUS;_)wHd&+K2`k){+mxEZ4(q5th#698IM#;<>4i*}Q5W)5m}GzMDNS$R>ua
z1CL(4O3vC#gIkN(VSRCpQ-P1d*uL$yZGP|Lj|#ZeGx*2O|Az6V#_AP<rUYIo)qZRp
zT-gNTaC^J{?#FRZcB{+u7s*0>O(%qPugv6kk(l-qpGQ8(Gp1bB4_iwiZ3+eF!eL9~
zAY>E+m5*s@2ljIu*u-keJ>)g-k?M&4!05)u^&@}L$?Ul-d;ca2+|y4KMA1F-8_*IO
zNajaTU{o^qw{=-Z{;=ZO1~~H+^`N9J7!cSjN@ZGX#qfU-B%w&Ja5V9-!S?b^O}y45
zAImSwb714T5sW}CQ<pK%=H{m7^jOcp0Ll?~#yvx#yre!BjwA~6VAyGuk(QSF3{Je@
zJxu(`CwdaG_)~tqk4IMc-)&F`aH~bb-X<)j_hE12Jb>>=3B-Apw1o7ss}0^Nu^}78
zPg6VOOvJ=4neV6xZm4Gbxoh)%s5j8FseF7gO{*fs_MM#KPx;vUX!dw3WyUSVGBHUf
zEpNd<hAYTqUodiU{GoT&IV~>BexZu3`x+`g0(#QzS<-xp5~T^wh-maDbb|b{kfjN)
z+&L~R2EqAty<K2%WPECUH4ar3AJInl$`Oqi4NtPP(Ay88tFCSTp?j%&@TFx8C|(0`
z&h5!^y(LY$Yg-oP98}5tvj$2LR#@CPQHw*Y*8IQX<-y^ry!OgHZI5`XGjDA=nb^6Q
z-##mnmFeMV?w=?qUI_CDEv&;qRG@ZiBxc%OKJ-iSgrR{(DntytdOJ@uw)iZ0RCn3?
zNCs`v+GN>fUhkB<uE4{2Vi?9VS19&ZGw-!m(0wpryQAGFE1_RvzdkpYW7#X@2{Mj*
z1oK_4TyI#2hCZdoX?(o4{pCf|(KFgYmooaF6H=#Nl%nqPHt~JKx%Mo#W!oC^BJfLJ
zcLMm*8{Zpsdwbt3hdvsR<jGAjJr7K>zZ<~axfr?&g7ju3$<i#d0U%o>F#yZU;>X5%
zg`rZ~;>kMcxiDG&a(F#v%5a<-6k$v|dU1N{0yHol@0SRz7)bhH3)16bu4q1l0=O3&
z9s0J$0`q_tiUj`MR4|o2zCZ|DwuT~F_fJ<z%gmlm%Q?~?zC{(^o3gHVG%5PQ5yTFC
zHApHifg?n0oLV>EU>O~?B9oeKHajS0=cUlUpbw2U!1zlBpW(10M-gsrbfla6ZJZob
zTXvL2Hh1FU5h_0OX+0#4!1oFHv5g%OTkgQ%7zNQRPW<Sr8tWoWX9=F^mmLYdzd8kw
z)G-ugC&f6V|5`C$ek`+1Q<y|VruDxnm&4IiQO!}F=M$A5zqKyYdiS$O4+!E&JvCYA
zi_#O*vG$9n=hIz@)3qfu5PN=nHk!2E!i?Zk<6va0899KmdNg<s$2(3GVGm~;j;w$@
zX*w?2WePMjTDK(a?<%5<MMdM)aCH0yvg6Vmo%9`JGLi?)n~2bm-F~I^DCwgToTcCy
z64#PLc6j(l09O1FNJV<_v5Dzjl7<Ek=J(HrwS~Hir7K|f;2)>bKM36;CZmOrVgnKz
ztEwHpEDd**`f@<ek{ooV@skG+x&xm@s;h5L>ZQ!y%Ps6Ua;pOu%x8Mu=J!8s;jQs2
zF4?LIYM;;`5-u`7ef0V9I#Y^I?kpYv^RPl^`|2vsxSsGq=AGa^jbhB@anOoP?egkP
z0C?*bn3;E!|NA$Ybwa_xm}AxKM*W49LQ_3VxKKdG2$?jop;_hY-!>>RN6MN8f61=t
zsQWJ;1Ma%sXk1vJpyX=>`4e&^+p<eGr=r@IggN&!Ty7@3Us6$uCPaIh@{VHr&7M6H
zVOUJ^ZxbRyzKH6@ac>L{#8|k(Xwmm$z(IqGm;OoGd{bP~qb0z*vN~O+uogxTpIW<J
zwY=niw_pWYQ372s74F5qNpcc5Dx)g_Qe?rl=;4?plm%kii~j<WMh6|Te}Pek9TP)~
zN{%$xUV3@0`<FmohlWOQarW3^1o%CCIU1p-6_tFzR28UCRYE8naTZWoO+s<WM3wXI
zfItH-(a6Pzz*;j9puVNCF2;GzyrdRB%eYk&*^v57u)N2geay#_QIiKEzYrn~i7xMR
zF09BT)yxaOzV+jgmQ}hHP58k3J>Q(XQ-NS7=hP?Rg_{`7Y<es_tl4e!k;t2kN<Lpf
zX);GFnxZ;@V?cfF)V0+}uH5e}(znTts`y>ljP%>a43?o%L^{UT+g-opLCO^iXQ3Nq
zd=5)4S|yyAQ=j|C`|Do7*J#sC^0xDW*Q_T@ALAQX+YBuMtbvxv1-I9?&`?xFH0I8b
zm-@FXRq^Fn+>e4`+4JmH9}J_!W8qO`wpSQ$Pi~7n>ZjgoUY1j8#@0|_C%iMFn;crF
zCs?OFkdvpaa`5R4zWh5mnU`M5n4erx_x7cXZZ|`@?H9}UlQaf1P;dLp5g$43Or6=G
z$s8r^I(&;v9ou3b#(~{qvBX_x=~ws>li^{(y+*YSB1rVI=~&TtVwh>x+(btdhi4eA
zPRAO>)u(OmHl-*M8i>c40j-DxX`RTx3f744{>S+}Y`exuvi{ON6`8!M#)3lj9%&r+
zQ1j^i36Qr^I||lSM>>%sURuwMaW0-q5KhoKd;~;FyhNk#&Qb<Nu@T7dj@o|#c;70_
zTLObO73eM9Fh4a6iNd01)x)wSe-d<3@w;m}r?TXw6DnuE3D_D;bMF8?0kWoLW1q5z
zQuG%&VjInD^j$30lcLE<zs|>y=f4y3GSRpuKGJ^JM;$ze+ZVevMC26u&-9;rvyS@z
zusxH~E!wr2I}xXb@AbF_yv!$tRME}YO@3lB?tbo2@K~STvc+$fAfF7>(rZjKB;D_p
z@pHngvFlLB7T^A5VlAA#wucRL{814b2bnW9xCyXvn94LHj(nx9$;Xr@0|odE(U+I;
z&N=+e6RSh$R(h3$8l<b7N+qK1yGwuM*IpB1RN3@4S?+H%;`tzjU-{5|US+1qt|uL#
zC!WNSw0rx|Vr1bIh`zn;c60ZS3%-oRtB*>?R1`}TQYmCh7lW)~Q*R>o<|U;&l`$GD
zc3_}1mlz`ex3#9ki|uq8!c9|+AoAL*<BUtQ8g67=6e|Fv^bU*LmL-I$2-lZ$r<{Zj
z!lspArqQCt=}J#dA2Pv0{7y>UU&&P`1D1q{fKaJL^@?|)^&iXYI9c)3n>*5lMz-_h
zGqoByo0HWz_6<oZB@Z$^sqQVbzJV>_X>cXKUVzw4<WE+;7dj}OFxhmlJ^0UR6GvYe
zq{k%AN}ab~0JGTrH*y|eOFJfP8?zSfjn3n5OiTlDHfM2Gu1}LK;i6!CNm#32ZNGQz
zmQPFHkD<WA^nt22At}(KL2(<Sk0|;d0UItFi>dz5k{hK1RaE;q-jCO{8G6&=0WTF@
zq?-Hjn_M-|7r+V%Dtw0Yct<+tUX1MF?-t<vZie+Pe>RTFEckHKy3Z}&+Ec-N&dbh`
z{1*Dzd$-ms#dP}V!yi)=A>8Pn%M%nAV1imw>AS*_0LuPJ4SVr$;JoQ9Ya;Y<k~jX1
zM+K2F_U4|_Lg4fhx#EL#=Ymzm?A5bgtQYOyd95U(dyAva<jGEN0iH2QOvGMZbGklW
zqk6cmu9AvkKR@S3_XpU#nJPQ=*Fe?aOKO&JXFOf((d+FuufHkvB#XIgR7vi;4^0G&
z;oPviQ#%>Rul>IHrJtndEy!xo+V)?L?UEJ;juWk=uzMDf=cdw0N3cYGZinq6yL%$R
z>UJCteiT}{k*+41H_8@~?YM8@?nT4nHecNKUu7rC@80?I&F?KpDb5;hW%(n2QO8+-
zHcgu}ELjpvqnKB50GF&x{}I!n%ZWy?F5@{43Onh}ZQq|w-6`27;PUPTM66^scIfLv
zS(CC5=@6ZGGmZ=q@BFKe7Yzj7pS(RKe5LUDF}`y6+Od>TutdS22*4MWgc{u=Ss1=}
zq*>u_d_Jo?Ew!QUxrtZ7gfsKq@Qt`5es0HQj<CVxq0~j&7myDL#X1viKJ{-<G~?S8
zdW~BZTLC|u0S$A-zqne{0J!`q3AKfmJFfrE#!n?ONjtShk{qoZ_Kz?<6G_<o=f+82
zhMhuKrzlO0YE9?HScV*_e<@z093<ij{r!I_IPXrcJG|tEju@zv75!LM+!k&Toa5P2
zVH8$>m8X-XzA8_od<_#lT$R%Na0_E<Kw^n1Vn(`X*r4%=m?Bsv`YKvvY#s?tgT?U^
zW{EJAqZP+_z3Jy!V#2JFv8~JXuRK(x8)W%?{ZRPF;deCV=3_>ZA!+Dfotok*MWm~J
z&eK}5&Tp9@BvMs`Ax8yC(l)sh;a_4)_M*&hA-!f&y~)HBr<{$VwrWbBpV>ASfGVr>
z`pMTD##6<?qJKq1d6uU@>ugHDG)lzV-Uuc#QE`jolYM8WGC=>c2L7G;syz&DU(<{>
zPR@(`RXl4<J+I=&tU7nGqZNyT7NqDsU{m&fRYD1U5pQ}H>pK258fLKQ-;2qHqor-$
zZdku;&cvi3<zEZBc@h5Cv-vwEj)}MMQt)3diN~k=GoD@~Lhbi@&?oC$D2pR4OG;kJ
zL8<oy$MI|iXO-g;jpciWVuW4SX3)?e&rp1IN6X5Bl!<_*=wVgS+pO%&oJ+A;F(GJ~
zx*>#ExY<XHzS6ZcCqKshSEnH^$05>oHB}Dd-`sNXLIQ~KFgx*Qt`>fHRGwho4v4$Q
z5iKKmY#p(g&2h9BA<G$X8$O@xr=5TJ4ygrs8-IlCP?j|T%FqbyWObs$ONyXLm&E$i
zT8Qq2G$$4NF==U&28C>d%ovA3Fp|F*2?jSn0`*0X^kbJAkAl-=n6abAzSjgc&7X{>
z)xXTwIOk3aiFg*Y=`PZ4>{=O5M3(=@ZY|J}3>ept@Jg~qQPHDF$k#vF?~kiQ_jh(_
zYg6FsA%#ieyw8OfNl+vcl9WzJiu~~6UGw-RBa7I&lJL$Vzal1d<F+oAmy+T1)50l&
zeq??qcFr4jk8h^Kj;040cE9%`=MH0Rm=I)Jk<jcaF)hEN7k|q1=pMU+2>A0>MY`b%
z<nsP@!n%J0wJ@c@#{|-C%qkgpJOIm+szfV{dk*~9UgaeP{IxY#AOz>6Y$mq)uj_>-
z$67I&qhUR<dBEe_tiERSDvzy3Nn&6bFZd8xql1eg4WA2O>^XIi!sZ{9k095?>NW8z
z(TA2OhRc__AKl|mNR}yzXDBA)6(rUl-(IxDwSVX^lKOf~b7xwsnk1<Xs3i)RF7@tF
z{rJv}PWjHIGmiiM6x2lA|GT)@Mo>kxA~;DId$xykSk#DM@+t~Dvd}%4wuTgLkhBi;
zH9Ss?aGBTa(xHAsRo<Gco3ae@PA&SPU%f<}*7vyGtY+CrI8qVvb0(N}@Zt80frM+D
z)L*7$KRFc&v{pVF6>G5j{PcNw^DT{shY=|m3+G_*r!<_x4%e0|4LZo+tXxr`q2uQe
zh3<a{JKNN6cMMjc{v323LfJTblAnabC-v=4^BU?HUXG|>XmYJ~Yttrb7_qFO{@(Y*
z^YZ0}aTTkTZGlIBp|WCUVNn^fi{Cf`U|l3Xw&ijklf3Ccdhali;&(g*I?Fh$>Rg0j
z{o=`wn<UpCiI5`J{DzqCd%!o%+ILLSm7MJNQp&N7k(-hG@``<}lAQFt5jMz}V}h_S
zTm6w<98_Xi&v&jd>#cU^ZmFD{Yr4>RTJX`+`LwdA?R_x#Oj#M|bK;I4U7AX>%$+?^
z(<A=ph}hBOL~y0u5g%^uS-FOU5Zg8e+6%rtpEcl*a<hQtOxZHDqgEZEZ93+L^wxg=
z65~(^`)uCPVpN!X{9DHBE!%3TfkZtCtdMqFqD{~A+_7eXa|M^fK;z{!4a@m_f}>ij
zg3a&*)FdHl&>|&|4+3`VCgoEc<lD>49Zvr#Ldl3ljs$KZS%l^YW{hwq4c`7`gb<5+
zfV9Q-`BjHglyS^#N~DFVpHB;Ij;86)s?M@OoS0vJ1Md4bP-K5h1))s+Trmo)_Ymee
z;5Z&(YSZE>5Nq_EoNzG{MnHJ$>!E`8UTQ)UD+!Lttwc_h;`>40=N-rkO+B39EvB`^
zgziguLhAzWzr0GOI>qUV7RNQAxGR;g-A7u|`g#4<c0ZT-ggYihVbe&^aL)mZ=wG+k
zfrEDDrb4y)n_5i)`|8Ij3^f#MnTD-Vcg1an?2`tZqL88&<`$^CVG9dG2{OrH;<C(u
z_*OatCDlq8r!ar%4*zNLS;t_{#!bNOTvk(z3P}-IMx|O0dYQ{>du#oGyzSiE_c->4
zpxuFSJsk+tlO(Ar6c$2?RdQ-L$t8%+;LG(jzUG_P4?tk^)FZWUm+|MNXgGqAo!`jw
z-a)&nBf%&@#d2FfrvEuk`%-Y#?*Z(gxY#1YwPg_^;MNH2-T7pL#+x~^PJM7R$ju>r
zj06lN)r<DOBE<5hQnF80^S=8xnM%uusUb;_+HDREg(xdA-V@c$G=3%=^51hOvBl$W
zWEbR&Z&KZhy?@+3eTq!}(EbJ+_Xqlt`d*RC!R2+Yfw=!LJ!Kin`wUb~fS@7dKzz`&
z_@Y5H64Xys0l72q*=#>u@P70muqrNt_=}+ko8_~D+64SF{0ntwaVx3J^C$OP_wqtt
z<d#Za-9Ki3`}HqjuO%?l>R=9AY61Snu9;Fxr};D9C3>x?Ib;8=XGP8n=mCsiGhE=R
zQS#vRuxfe7)RYwQJ?Z!uOuU#*H|x^k`SfhFr<YOdnc(@HfbRx)fYhja`6F2pYsU{;
zZkzLw!+&5!B<f-;JwD&iKkxcU_4M>S?aDmu-Ythxe7qe*@z=*2G>q|-3Dv<@<o4g2
z=l6}(5_Pz>l*F$u-{1Rzc2uu?{HON*Kus}Emtxwe?Ql@~-R8&D_2{Yu5XhZD@MRg^
z^0+pVjx{Djd8+Bp4t%K{aH}~F=5PLyo0;c_nXy@hX8g2nquM@j%1!FqA4meSrp0A&
zC)VsOP>~!#(k>`WEQ-z)4T0aOsaW*tE1bEbE)ZbG0{IGO@(qw7<QZ^FX4@-QC~Oko
z1aD8<HfL`^js#KfWoLlJXgd%v9~u<YUP6i*5_lJr(>M~O621lFCIhg-{~skT(`|~z
ze*jY8KaXdsU&|rMy5%Re^TU2FitYU8i%I%f#mPjhzI!G~%qLQA9It7m1ydJB({m)G
zX;M{1IlaWWJ}BWp*ilim{kB-L?wajjniWvdfE^5EI_-p!*(<K#3zT`qefLM?K2)`N
ziqC$~JhSBBnf~2M@{%ac*%I>O9UFk)S+NDTt+`r)bQVp%0Rb)C0_-eDhzP2OgPZ1p
zd3w4Xk13^(!JzW8f!XNB-GQBcOYbiFuD3&IS|ydIkYPt=y34Y}<unq5^>Zl)-q5N)
zw3i!Rshvz$hIC)_NjEiU$Sq3Dg9lW2p_2m!c98HWk$%>?>`V4X)vQ0xszU+aD|YLe
zow+6zR=QN&dC75V-<o!(+OEi2pY0FIkGT2yBOR>!KAwfXHGJ!0sXE1NkTh|ALHq)m
z^R`^;-G*Vx{d%G3+KUJ&dq3KwbFb#rA_>zZR=gNNBCLcH9oM|Uk<KM=+B?avo-V2G
zu5sra#F~KhN2#QH->jm4+@oqr17cCG^@j7#S@L?pd~wsRN|TIu7Bni%uTzEM&nbS+
zoOh)CvFI%B*>xAopOHnW{y8y$b8ej4WgaN+hlheG2Lzjw59OswuAE(~xL7k~zfvcd
zKkaAiqX9U2IA|BO5nlpB<#lN$I7aE8T_R!H3l%;otT2q{znaf`soL$nVTqjvNd3tf
zK>XZJk_ye!p_bUgkYIUgAKfDgO?YC-ymvw2@fG%i1MjPTaIuOwY@RIJ3Gvgt2>>=a
zF>&Aikhh?Sf&a*y1xhuYzZjzk9Etk$V&34X^HH7MDIg7iuEA~Be@vfWG^GDlQ#h^H
z=du?d7(zBqnSqbo1@25_rbn7~rGi;N?L9^=$bBU2FBBg(iVNX5yFvQ2-Npx(3R4L>
z0bQ4`Ref*2tzE3Drin4wisqqWe^KZfwK?@!Q<8iu-J5r{b`j)g*F1P-b@f06&rBLV
zOwpUAM^pyB8L=s^2&&&fCiU~mn0_kH)YX?aLgBdq@(9J_Yz`T8oXsr@o}TZ*J+-Tc
zME(#IzOUPeR%SmgE2}4Qs8uJ)L7CHf=;5y3Y0^kg(dxBHDIUu({7CSLzw1aw_!LsZ
z%qWVJ`yjvXqrLBbeNn9VW<KcoiPjwZu;8n>!GL(mxPe!i^Gm@A$}dtqjv)7^hmL!{
zx7;5T)u0OePw;UZ3234&jRJz1Uu_<&iTh45>d36=Nendn35Ud4%~@fL37$~y0OTa5
zJyXOWC%Py`Iin3dTC@e%aaz7<^#ALY_kKo>*xO{%s_rMh{&;ojD9r$Ll&nLYe`gPu
z*pZ@ACI*3B44G00(o!f#07(ndg%c|;qI7WM97ggyP3xD7^cWy;$*qARI>3yI2uhv)
z&#JhNZ><YHmUpE0qr{YC_=!qFKM>q4%;uDfA^Kl*Q_d{_E`JC4<FSY32^x(JaDy;3
z&A7?dPOm~A>!1Gt%d!O`G2Cu-5;+_Q8XhtZBZo34i9FIavnd*SxwsvP!FHG#G72FD
zL@R3LK-{iU+1bD8J-OSLhNvx2vCk|EpJ5=OP`;%tu0TkLbm1HpHwxkquOV)XFdk+-
zI|H-(`g5R2iq$NNa*52Sd6#yp#{4$I0LwQ{zdbpgQcMT`m9~?D(tBK{X5Ovm5(_5R
zctbX;1$N<3m(oJV8x;c&7_ycX2LQc8^MS8r(BF3t()8EuS(kB=*APuG1XUMTprCX2
zDws@O*We361rhtR(Ny}7VaPZ-K9<LRM_r9seGaY7ICh}?jo-DN4A_X^lbxuH9oH@k
zYol7GfN&C1H0M--<xht^30%1nLPE|TR*5R9woc}r4hvSkQ^SFeH!swZqGv=+s{&Pc
z*0p(!MGO|?WBe0-d=qCqvzW<@+sm~^LzZPZnYF+B=raB0Rg+Njsz>WuP!W4bw<#*N
z-m*714N=~)C<)<dBVg@HG*bJ9oC*>8IHSsv1ai&1K<cI!1@>m4QaohjtT>je*i>8^
zgSYLd75Gw|XwKa#^U<tBWXvSz@s^2d{hWj^w@>+hVEql0Hh|{;uHxj!A<|QFvS1~$
zSRAszEg3JvfnvNE7w)U60+t@17N(pZYuXz7j<Y`AN;w|nZE!_5L@X$`#KUQR9@wLU
z*{!UN)%&;HkkMn20&x0y8bjFK@XdD!2E!iAY);9RPlN|l#)9>h<Uz;kig65q&1uJr
zOO_=k66YqZF82U<-zV~o-836r?hbGZtR}28MllA({6~PB4lUqA?3mvJ+YOqJ8V6B~
z##pUUY=ll<6%~```c!uQ5rSiW49GOfZ&eJ?dr#v)hqGhB<wlU1lq&B|My@Qt^*jsw
zk+3391FRbG6H2T52aD{mUnr9t)c0W(FhZH(;YdPt*`#8$jYeumSrRF>hd0g`t@vDY
ze+^L2EdDy3yinHf!VQeNh=5ovRu0`S8q@u}O_!%LdGV<8`eIR3h=s4cJSgNoWF=T{
z^4sScx$IZ(<Je|z3fzY}^vl%8y<azuJ0#{}b`B5SyV2gWcNgCCJ}(q67e1OWRISQ~
z8o<TKusx({{~YuAnCPQBQd0UgCaYPqEJ6f8<8Afpy2779G9fe_UjGB8L0P^QCAM^3
zDZfhMiEw8Qlmd>fhcg#S4i3#&D8ftZQLUiOX=)3f%<iHjGG8q6*zflTSkOS~#~7QY
zrP(~i8js1>4|(GblHO7`DF>OaQW|9FC(qq8$M=J#%0!j-pkeOMr?Kzr7-9(LaRPTB
zvQin<8N?hg!4Tz;+6Y&8j3ij8J}Od?<OhVkta90Ix8r8>@|VBzY+g|N`U4_29y1Z5
z$C*ekX28{AxIw<Ks#Xmxo~pj15I?axl{L3ar^8XZQ&UZ)IE1n@dsD{(;7yURfGqB<
zCt=exsD~5dkB3}RRT$rp;EoG}n!&{#CE>Agj5a9T96s$JHQWmehOCMPk`vZ87YIYK
z`d>^RR1wqzZVf#FdCLZI@;Svt&gV0jBLENaY+1JEu~53m;P~Ceh-fh~Fk&#Ruwb5_
zpW#}7KvJ!p2iy<$VWzfTZ9B0xleNT!p1>vWph)d{=no+>JOMnOU@W;@RCq<};e-i;
z!37({A$ch!U`4#!v=%T5cQaAC0j*XUtFCLK+M0xF(fr0k|7?ZB9<;@KVGDUn<`k;*
zSqn8^*K`G!pdU!g>(3sP2qL7KPlw~%?_=LBo?pPSEIEm$^XVu|RaH@lZVRWZQv*;{
z;=ob#?zT>X@Pp_1_i3pgABFtA$ZH~sX(Y`ol0?Xs2QwqW?w&3}7Ki=5TCABT?%|tA
z&QBgvs21c4Z;}?JbQ|wS@b0)$PE35&%j32st9o^gYmq`1^3`QIgdi-wnBir{7=wf{
zgk%)VWQ2s5hu7&faTm7?{Q8NQVnY%Nu;ix)i%5;kKS@qHcKLkL7_^;Bj3E=YBxG?}
z>7uHL-y#@@eWZr?4b~0TgFGI$@O=siI1GInM>-#<ZYW&&I$D0b<{`Y&Qd67C2d}CU
zdA5wrjEM5*+d@f0kVDr6p8N(R*S~!EvfuBKlS4cce{yk`t+Oo=RYgl&cuttm(b}#8
z|Au$RUO@K!bUJ<c@`Z>7>o)|U?1>_GCLEdpO_Qw)Anr~kdolhHm1JeM!CE6BzsN=l
z4%l;9Y2XNT1foL-$jCqgxe9PigVBIO0$>lGjL$v{7qTwH@J$_|jg{clUGA}!cttj5
ziU~lE=|Q{|X)(xms9fm(T=YML8t^j_L-ag3!idRejWEQ}z)-pHqA+mdI0B;qg93wv
z2)L8xs?jjRSHpN=VflO{;~2#2Nm23zUy=*vX)FkgDT|D;{=<!3M%DgM%z2>CaB<8`
z{pk=j>*-j<=x7`w>JEo$MtV9Blkg%-C<Bj$TcE;}i@!Y#Jl;DB{OC{r5xwPsJ~iS7
zDqwHpep?G^T?fk!E|*KM=Y>8R$B~IrN@LEIv9euh_oALxE%A`<p8Nid@*^db&BtP*
z{*!mV@u-w2dd|rJ6chcDxibEE9u@SbEuZw_Xi7+#5LbD6dUE`gh!BCffFb>~c>VI(
z{1#BgPWU^Go@(akF2~J--Ms9`M*l$C1gYvUa-<O3DvXD590u1nWR-;w7HTkMkK`c4
z<n|?^e9&{afz!UY5s6$*e?GVKfkM2oc>Es|<I&wK_<(#;c&|!SghuWsoRvATwDb9J
z*pbOlyv}B`IUEk>u50SLGC2!$pI3|_0|fmI@kNFgP-FFW+Zw?=wpOkfM!0Jb?sQGo
z15=*NTN=j^q7u#-5xHo^1VQ~EP3Th2q31;O{rh+DB6^SzDSVF~CgVNm``)utZk>?f
z=0XVQ1qBdbj1j&v6rM8?`@(PpfP*hQ2AHigs{1(zDI+F_p>W&;#xvq?uE&BA+jz+y
zR5#HCq5~%&p2oF0R2Kk_DJ3ss#uFn}fM*ixVGKtShbOl@d>O5$I~R0kuJ$}Q32lU$
zd9pUf?(kyfu;pA(A||V<ERthIe?&8JWuDuP`7BN1_MJ&{)p1~!)7!UsC2ifbFE7~h
z`0x3A4ngKIFmt9$QeiR`weXgd)M+WMLpeXtI{)d8)I_aan6X^^?Xcfb+o;tuV9}RQ
zF+vC1oU6K?wKHW-s_FVUOGhMI>-zLaB{NN6mLI=oDefPBc?lw^y(1GDDSIdsQZja0
zk3hNah3ib6-R+-n$ViD;vhf-t)DCm9u4_`wJV>Z?nq{7{MLzq`i}0=x9cAlFLdB{m
zM&ie)eX_`HlBiO#3{q8EHz}vMSdA%l-5DDbMlq^zLI_{Jd;uwdBd1`hWAj3I4c6;{
znGc5pdW?~!4**8kZnwwdv3VM#X?60Bt{=77VD6-<^WSq3>${7tfAZe9$IuORT@yM@
zq*OP}d^Y>`{aaHvtHokApI3FwM99`7F#*Bt(Jd}Wp%DB8OdmdqJ40CiP$zJ?K&I!{
zfo~1p$Xf>xO-M0BO}QYOn4;ywa5x+Q4FgOLX<$T~5SxWfP}=bh?qDmocbSaRRor?u
zo57;;N`sG&5BSs34#cGpNOT_nZ-D^m)6)~WYB(?(uNIAcLklb@{)^#qw+{%8aUA(y
z{^eh^=z>V*&-wxQAUvvJ7=Q`HnhVxF8U_^lqd49J&KcT#tk-M&5J5lY>qTYtV$fa~
zQ?bSz)4H=6z5kw!Z_x21Y;ag`z`VY`)<u^DA`)f_p`WiGr*LVq=E!h;)Av90s3uXx
zRx2v3!*Jfd&8v#WK|}%!pVJ8;W(<p}G7-lr)oqG3o@e5iFo%gvR5{0MQtEW#yZh|;
zW4G_8)mT|C1(_HML*6Kz`0(4mHcYdokq~mh?)Cou4gyWY8K$E55asE0WKMZ{S;(46
zB<UqUSEeFvzR^N9YvDeY0iye=vYQvbk#WGMpz|-LGMR|P^(#vwGF`=;VgbGgB?AHz
zGlw+xo40PiYuXky&JZG9*D=vzwF*^D#6#7jP~FEZeI2rU>L#F_)?M|%DCOcC{~(4X
z5vB9)opYK$Jr7b5X-NJ4x4(Di6B5I)(=mNORD+4;<Kv_6dzADd3<wSaPqYN%j7BcR
zvs^?pj^lp6uNTX>e4<#B#Rke*bLE6xz=i$itFf#!U=s!RvgO8E$1hI5|E(4xQzXaZ
zakY9PrZJ@$Le<WMNYju~c4-cOC>sR<TVp^Zq7a@!pbyI)5JBWMoRkQ4s8v<LrgsEC
zt`n@niA;`V<3J$e(T~;%9m#uC*8+~QTrOeR<0l^<AJ8`l%mS^3FjX+phWUJsG^EoB
z;il*`3siat;qC3sdCA2ZE90?8qqJu$%vvlKo6QDp85wdN>UOi)fDfLmDWJQ6m^&20
z!iK}6o=&GpX}e~Efe-0f&N|G5r>7@0z#WDmS_=$RQRJLa1OT2S<OvbE#tA^Ml#0+N
z16A($s}`lf<;hq~h$sRIf-T|afacu+mvG47?Lt11DKjD>5e*M8yIK^flz;rQP6-pS
zD#ti~{Ur_^cLeIp^LC@dFmW<j<M1GoLQM8NYGP4K;j6?<si^yTwD<np)BY(n=EeL<
zmju2?qWp`TQ_53p(yc$(E@bgotna32Mq}~OYms{MZ1>KPfAiR*y*u-v@2hv`O#f6G
znaGNYlCfbW(+y*uO2?ds0*9|00Z|j`u_hl#GfQmR+?}x+K?#EnIO90(_WQ42zs9Nx
znz^PNtDAycW)iE_!z=_`xk#Qp^0aS<!XK4vAyvzDOhZnIq#`2DdG+$L>=#7psuWQg
zFuQxyJy>HQgq1EPpzSim_QA0Yk%}M^JgVdIsN)zHD{g0G5PZF#TsPF{5?d~(b+VB}
z&hOtjg!buKujym%R|V%$hhCaGR8`KoYTMWKi-@EU!M$|&cxx$BN}J6FxfbvV0NsF)
zCYE<f39T522!c2iyaCQRr$&7D^6~<y2pNkiQYZu0e}}^X-~w0)9(i-rG+SGu_xE@F
z6);PW9O6KP3DGiaJ(PuL(cc{Tu+r8ClpJ?Q5=T{0V&$j}HLfqdCh>vd*>1Ne|H7l9
zd&X=wdwY9h=FMh<RRQ<{+%+=&=RPao8_3{ZLNRLnt(~&Szr<tt%Y6Ix?d#XC(7G57
zyw7&Kg{}h31IewruE86K$AVG?tGrqTD7xl|6|UcSOSlU{4fv~TW7sd}^ZEJt`Q_!s
zQ}p;rWxZ8OHB3aptjzfiG@)KkT7LO?%KZ}c;ww0KDRzl?tePkxg+MYj$Z`F;-EQZz
zna&nkH)NrYQLmEc7hwuvRD?Kg6xGlBMmKM9@3Q!d@b#%T_H6m(;r(q<$2{oU+Z${b
zB66z@U`tq(RaJ?zpOwQ{4&dFemwzq4`C)a??HIBZfhN6uQ$IoN&C?yhhd&rAMVW+V
z!!**A{qhPbXHgQKT=UEl+IcmO-Nzf2_hz$kuo9x~DJACa^!@w#%WIggMhe+p&t0f&
zH$pg+m2%<Na`DPPuww|?mx+jC2;<OEcdla0N@LZ8l=`73RTQ5b4hN`G6#5{v<&0&_
z43Xr(rRjmqB0)|XF(~X%&%k$Gr~6&={Mx?$0@dQiN@*V9%W%z2b>j_d&hz!N5|t|I
z-lv={rFp)7i7{{p6hh{Zi0!6)*u2jukLOcw2nYwMdL0i8Vu)8bkvV6inow+jp+lLl
z=ju?Xvs^CU-rgV&OGDiK7^HkaD}^9d2m!Gum%31a=%@}453w~j(}@Va3lI~Svc+Nn
zcgpnvN@%fLLkM8li`GE{G!xmVV{<{o8jR`?7jcdypgMETcz5VRfEb`wVY7}!yDVk~
z_<)($>-FJq00-cDy*{7M-@bi|pz$cZOCs8CxA>=b2t~vUYWd5TFVR|qc=V8npl^@I
zBdV|bp;Z<6IyIyR_}JYgWM(hYg3kz72|gBdUW^g#t^qU>!<^tcYV1#VRYYmM0L_u;
zT6l;#T%ph1LAmUKKhjTJ{DTYh*PSuTDO5^CS)0XDVqnV5jN%nx&M{^VlOv@U6hOZ5
zW^i%6Y&j`}(U0AQA0MTDy0Oa3b6mvp^}FNHvELl_{rMDP#1{4NIzk8Nn+*GonYC(^
zI53SwbRD`Bx<pwYKCM3bH$dk%juF|5h?nB(6%8vDqj#mPt%Cc(12B=&m`Rbf5+b5x
z{w}T)jQUR<Rj-;Qa@#g_h5R-;1ZJyngfggNTrTE^_xE<p)#_>Bm{g?@vQy6NPF_D$
zx;NuQHn|r!g-KPZX+l+L8u$CdZ2d|iA;vroA{QhW6zbdC8#-}dV}i$;%$$W1a^RNN
zR?>B63VaEB`LN&jyKU3XdA3l^Y6MX}h4_~cNlqkkU)Ok9w|uFyEBBz%)zm6clBn}#
zB4t%2A(k|b=fiIC^uof+AUr0ns;r72CtDjJ=mxM+Km;EShnJTZ6sv+Bscl<lPXOS8
zh@9C7tbm}KLg<f(yw?P<?}#6Ie#-#`fOk)QUT6Zs5lzj?k&yyG13t$4`+H^G2{050
z-jb;qC?Qw3VjVhmyWQK{8_MSP`@NS>kr^L8<G8H%y@WPung+$W$io3@fIu;7YQ0bz
zzGgBKDYsxyT}MP1kmzuGHgG-iLr8pKJF(G_6H&0Xj~G60#=%BXj&en3Y=j0vARajh
zCqwe;FsNeBsv&xSd2OsGY0eqRI$!r}$vWsik41Ri4?o14U)HoLi7=6<reY_Q;Wd0J
ztvRBy5aof1de0<wvx}yWRjnb8nprh=$K}(SnwfGS)smgB++g<-hiR&<`s6O3e)HLJ
z>q%V8Ye>f6@|UK3%*|^q7K`)P#~^T^JvdH8Fk%3K#R90Cde+X>LRdHM)DJv>d+Qi+
z$fUPcMXAgXse`n_!}Fau<DyRMX4s*|khf>0ifII{T`3Wb_=%bp_gs`tPMaTDDTKP3
zFAkdx5MM}6z_j!VDpjqkDzH+{6l_L{0HAYHBm+=fh*z)2POpbl?^h<AMHUrdmU_Nm
zCXMy+_$`vQ^T<54ZC$U|Nb-jeu%jWQu=_wARM$0fFu7=@%|=yFM#=X3{c<s%EuXk<
zQg<E?+bTwml|Q6EXC`8nCJ#b7@HDVj6ZD7$3cEFXdD+FmW0bGSIE;s_<Q&>LH!~HP
z&E_HXr}vHa=enxkRk%t(!4Omtyk2;d5LU=V;U{3v*=#n?&(Dykh)w~zj1nRj&`$OW
zDT=Zory<8>LDR>~ICB~n%lvuF4Mur3#v?Kj4=>P>^pM_|8eA<{J1Fm{j@v;*1B<cS
z?La)}u|Z_H0DORUz<u$|Kr(v-5)YY;APp`AR1XXwxQ}=qm)M@}itt*X$B^Mftl105
zLqV@gM3@@~vyax2gskx{Xgo^a9}k35Y8Vtym^cSnStxn@6MqE|j?5Ux_1U<T)bNgE
z9ugQXg0cKY<GgY=(MOY+DQE7_)Gp~K51m3=pNY|XDd6&s=%U_~SS1n@lct=ct+E7V
z&PwC8B)W)WT<2OVTrOMO<==PQJ0A~YiRHWB{0T=@RdKO6pH80Lg$ah(cMM^<Sd8Pi
zKOD}d(|oZ=9MU6b!@b10d9a&rU>~GnOxVm0y?z&u4LT>&mAU<iD8D(O4iuPjzQ{@^
z%JupxB=+w|Oi5LQt0s*jDlXV+Gax}gIhu2>>RLqd-Foncl!EXOg198jD*cTc&zP^T
zM!1NQG6_r7w5qBS!h8{#C5jFMo(;2!uIGeWf^me63{0;JDSYqcB5tohPUVz1gt}?9
zU2xMjvqkPsJoMb1xT;AhvQBM3nTR<LiTVT0XPFr#gr!a6bBeHPIge#w8RUqL!+1V5
zb$!@v+Ze()kY*YyZW`tgt166LrDI~gX}09-0T6MJ<FLSnVQ`voa7RH#19S2I{!T=2
zzeL0ZcQXDqjEtkS9qH~p`LdN>`Oi_r0`cqpy-@Fg7zQSSt)Cy92eED-5VM{tBO(uC
zVJQO72?ANjbBr+jB*#sN6&~R3Y9t-CHOrk8jIq{%?g%kVGU&u$6wFA5A;<}6JBA1^
z5}jki7nA#U9ujrHyBY)&4ii~Ejf}>_3)8YyDNS2Nbv~a%dEnm38b^Y>5+jRfwd*IS
zeMe{F0m$?vE?X)g#QJa@44+SYu%4CEBdKy40o9;8@pK~!Rj)*|Tnn;NbCjP;0Mbni
zBd46wSXB+l<VB5iX@hhxh;M}H?T!EQj@uV6yq5fkyW#RInpG!O5o|)3(o<hCVyYUh
zVi@|W?{iK~)Apg#GFxazF8+IU3;S;=uelIOm(UQRI>oR@xym@+k1)P0F`N&FJrmVD
zc~SQR6|NTmT`!5tP)W$DA0HpUP$2ppjI`9Ta7@IS**ZdV@jy5FMvHjhPcDjkeLp47
zNQ36g(ym{an8rR2L*I8z(~7kqf~|?DS8bhPvGsy6&VZ8w?=@I!Zz%v>%k|S(&l3v~
z$Ewc9UBCTk<_pafnG#Xrpv+1dQa>DbX|ceYyYW#D_06=p?Q%ODIcs;)vCD_8&KK2u
zp?TCiQr}6{Bvq2wE?24R`t8<V4ewH0iwZa>P$8;{Fc&0@L%^c-qGe`K{y?=55z42M
z^}P#4YxZE3wzw&rY$ygFUb5ooGI<XxKNhqUVr&|I5!{H(K|!*{!%^V0br7SM?vP=i
z!169u{DeIY03jwC_r-_-2#RNRjR>9RPwt^R<l&&_a6Vv%sM7#ceFCk+J;IM&6Cf5B
zjT{g*6pRR{O-!BxD_~`Sw+f?)>p)wQ^`^uHv$dH=Gyr;DL>7z1$Hxci-7qxpyPdv|
z3u<;hJnjjYjRRDMVE{>>{}y*7W+94s9ISb~M^UCde6x?QNe4`DOq4cSn6X-j4;Kec
zpUN;Ta~}Jys%nLb(jUoCKlGv0yCxIz4g6=lt8#~zkHO~8sr{oI1Tz-0jDrL@jZ=jn
z83iyix3hWs{E{RLBrLHdX=n3n<K+WhKL6wDD1)dx^msg5cHw2PG*#d$ndM}RuGQ%J
zg7^^ms)tB9IHO*HFD`#A_>&NEk~=~pTqMT${{H^UFTb$$RD+a3jfV#Sl$2G)8q9lX
z#LWS>BbSc85<j}{<pW<l53<#pnKDt-%*+b6Fjh&bVN8p~Wb8X)!YNasibf;GJe^Kp
zNp}|kEJ0%RQbZJD%qhv(YplkUQ`T`vIcu9n$;v^5MN*$Rh%kvN!d$AbPs^P}cZQwU
z^Z9=9nUxr;*=#%=>!zt@^Au|ylu}3CNknpN6A?$EF}Jf>8poWoGt_yMjIB%x5)ASR
zq6UlsPexH+Rn=eq@)x2h*aL-qJRV<OUc``ch#ZRb8AmlIEIju<A@M<h!A79Umdhui
zuImtuM4sOH6QCO5JS1a_U}HRR*C!WkD#?gq-P6j(5P>WjmMc^aIy)nc<b#7Zf-5pu
zlMyU$R7PX0@U%DqZWB}t1h^RTe$rBK?mRc>Ru2yE@kJK8+3j}g^%|H|NB!Xh{1!UD
zBtrtCUql?qI*w!4bpU&8HXHQL8m$8{8;%2zm>44p8obimT{PFJfVhC{0BdC`2Qv=f
zn^<Q~iA7kiOm@D`Oq84ZPCpToQcjYSFsD#)k?_Akg<U>b;3<aC%;)f*dM*0h6+gMS
zc-I%woA0lWt6<2dXFdMaLmipTOCSrd<g%uch*UWzX6jR3te<)4(>Nq!1KVsi^<tT%
zg3p>`L!qj2LYVAE&_k>|gia{kDr1l5l*${*%ukL?gOXV1Un=Q5c=}vwCclI5bbh+a
zb@fVv-ky((AWP&_xeup6i9~|;njzb3ut2jB8IY<}l}aQQ1}s2t#V(X$)~n~Z7)g2w
zewN2&g%n^Df4D?6NVH+mOcIu>=c=ON%p#D#*wm0sr_%{}l$<jVQV>0Acw)%hGW67S
z-RtXX+qOK8JX?<EQ+GJjO|$&<ACkn7Qw|}M(D_4%q@8nB&tsE_BqxN&Zx_b(+uhiR
z<w7N9YG#r7@cnxua@cNSPHh#LNmHVr#578jrm6B6gj1UQgOn1u#zVng=pHZ{9wJ5u
zN#(&O4~Sv7yw_jp_dvu$mPTuFj>HOzoFK<Mg6dFmSDDEBB8-Hk1vdbYX*HA?YH|Qt
z0jk3DCV*@JtBLF5?V`1DZ>#|^v<p&YP`%j>wQjU(zzS#0FVXohVxTgR;KYJ)@lHgz
zi+6O4%#5lCK*LdqR>H)|GzY9>TnI&EaAu)(w%aXMFyMpmVG(2ltP8<M#8UBap5;SO
z(gSz1*$kj_BpdxP5Kuy|7tebk{D{Ko?RNY2_U7A$Edl5=4Ui=?c2(CmP;{*6OG|Qo
z@K>ISHdxYde*aEGKVLs{D+=P&M`0r0HZI(id8D93LxJd{yZuIL<fGTpBx~V<JknVA
zQnIutf1tfS6RaR88u{|gCA!6|p&E%!|N8$4uV3oAIh{_&!;Xk!jL*-{6v8C)2+iv_
z1LpV$Ypw=Hc=&8w{KGvY2a7|axF3eAMLVsm5oS|YeD}hBi<_w-yG2U3%4xFGi_%)M
z(qKeNOWHkU)(~R|XneO`uYohdZpV(8V(jC{G7yWhT=JT@xYfE|w7X7zq*_rOn~#P6
zmfq^+W$!$ytTYgXOVze23pKM4gqU+qI`qOEj8F$$tIi_;P=E(}-{0R~US7Q1XBdX}
z_jdrmAd45uv&FJrtcWG4avH}Fp{Z&1bb;(K5s^gv>B_b!EyA+(*Ntb4BNHcy(k_?(
z^tAi?zohetW9T$jRM$1pa7y)zn0K4)B5>O@r_&jxJv#WIR1`9hnL(}c_VzZ8BUs`<
zB8=1y+y%shhzRjR2VX$1z$tNAk609t;$A@o+Zw?`&uc)k!8C{aCB|t`q7~3M5Rob@
zEu8%P{9J~kvO&P{!`*HN=f19Mv|l+MkKSU2h(M5!9|GDw6{j-;B?k?PQm||t((#%|
z-0XHcXnN101*7yu^%%I3yyA%e$N%^rs)|PJ0O~-e;U%4i4GQ1GILL7wk4N~SFcZ+`
z4#*bURGM>!`vqTTKA%Gg!#rW@UhF3W@{dPH<pJK1u4|PscGwTl-XP=gDFprkD+w7t
zz$;)%e0+SU>R<ly7p>>HZf*>;T#&+DJR7UnCn8Bh=+86`M669S)(avn6HB-H#y&Vr
zKqeY=5`{KaCOGWmQnHl0?ja71ij&J*|G=)lf5IQ11F|BhhfvTT;E4Sxg&2sqKj*$1
zK_C)By?PpBqr_!YQ+OiI!0UKgB@^|Zu!NS(b^Z<ARI1$}(ftXpS^&Ecr%Pave9VpR
zUFo)7>gIW*xO)lE$0#ApTV4N2hyp904<CR3w<^Z5fY(CSBeI=RQq9uNQ#~Kd8W{`x
zXD<9g*XwLeDY=l>e8rP~>z{jJgZdyFr1NqGRUZ2g!YGk7QC6Xxj)(qu0R9-b>S#T2
z5LrT=LkwVs3^8I;u<Mu0<*DnNr)LgvIPMo!AdzwLoa{Bx#=3l3k7SBwAsShdUghNE
zdeZ6IwW4Aph$`ny{YkqMGf6W~RYM`N$lL$>|FvGs+4?_0yg*N|H5>G>HsU>Q6H}ol
zP?SnWzJL@Cbhh^d@febW@nVc%>+nY8P<s&lND6{C5A0KrnIeMbe+Z0${Q!E%dD+pf
z53warfA|AKXd_>xR=v~rec$&lFE7vt05Kvnhl(H|fSjKfp5lJLPbopih!q0D1;Xp2
zqr4OMu>lkvN#V4yBJ%X~#DDwS->6^}Leml40D(&neL{iZexMzMp74I{4w@h$ysF15
z9fILH235M47(}r>FGuEGf%C&jL>zGF*(o^JSof~UhzRNyNJTahV&||@EB<JkhJ%dF
zQey=@>5DsEizl`XFGS38_}l-Q#n3F5xoVSCYL%O6lB=YpDdhr0JY;c#=)4ojHyMQ+
zlTfc7^Rce_fwH+jenx?*iGU!Jq3z<V(7~!O;`+0UgXWaSk=uE$XD|ZP9zNMk#XcnK
z!J70o$W}gv*ywTD^xf4w{)=!NPoLRXi*R30-gvY2T&O6I_qv)HKhaWL@cWTo^ib(t
zIiZwXYbj=8)zBS79zWjSA<b1ahQJ~+o2#mF;GA--QmB(of$4nRsrJeXciIaZnMs=8
zIomh>_l=ffdqS~GO{Z%PX$T?g-rvG<-BuN!_Wk(;Y0@;!-~ax11ci_b2_by_`n8ni
zDJ9LBm?gw<=&KN_<<stXjLdZmIu0qNtlF$!hggrqUf*^V0Dxa8GVZr}I?P|b3=-X~
zyn5i`S8f-wSwi?5wmfTQCSqpm@1@-_NQjzq-;F~LFc*X&A~C^;0sx(GUMO!4DI$OW
z``>}xS0m>|<<Qg9lULMun|TodG9Vf;IVy9YkYKfYQU;+gC>8fE0LjY+#UvsS%L2Yc
zL<rM)^QT~Zr^S+H{8x?M3GpyEeDJi;N(!n7`pNS|+wB$^BA4V&G`!tz$D*V9X0rid
zp1Xj6BcO>eJRgTIK-5oUg2?5N!4S6FEw1R4eeSa0XIOTgor1c?(BnGJ@<au;hb%}6
z+&MC_;Ihm)JK_`0CV-FNYxk>_YM%`y;zoq3f;@?=LJdO?ZVNPvWFzk(qI1`^Z98n<
zdXi?jj7@uG8k@^f>}eR<+CIMyhkedm#TtGfb^{j}q=%wbl?I~0N~0b-L)T8#gX`R9
z6#fIpkFQg@Vi!%R6Y{K#CQY=VN?O$*_#w?|i3BZ#h5u9d0vpjHfKy7D8&5P`6TD`+
zlDStuuz||gQW$4>`In;`E^*XC*onO+e2c+OsF{e2N0BeWy$nXtoxwq-)rj~s40_x*
z)-5oEpb~Rkr%)>?q(vsqR!CQR_T-^IzC5-R4%W@$;p^X`q2)bH5u=9>00k)#3kx%+
z#NGLDJRbMEdCoeUb*H1_yTIEC02F+S=jUgHfB<P*E|;@e%b`lKR^~7c9AX-}Svw<A
z9s871-*plr_b0BKpiHV|;GOC6CaM~%S~Tl8N)!_DT<OieyP6C8>vWD;Rm2f1*XK%_
zITM}F$L@HPG{&kz+9?|KDh_1ay}%|~-wJ3ZcPJg_26PO<fJoPYD-U`F$sx67du+50
zkY?T>1LdS-?Us;>a-=&__+rh1o#q?Q0B`^l9v%ZgGutdvK+k;uPrRwMRdTlbU<Fcd
zZ*Ne>AbdhuF*1};z*SXwn=XXn5O|A4LnWXsFrIL{FdA$Cg$QpHPmeq&2+@fMAu`7%
zmi{ae!JSfL_4ijTeM#5PXc>twgHinA8|Tdh?8Ip!kel@kB;Z4sGqe+RAFHyK#>kUV
zp(ELlukf0Q2<ro?6eD#$9;>#khK`shHe}fJ&&0Q?hS@?Tkc51-{U2=pn`1Pgd6SO1
zlV*?Zd$$k&vlP|O+?wbjzubY#G&M!MI+;b;dq`aUum7+NmuV3RWYZj%+9tm>o0)$n
zUM~U&`umy(RxM$3VJ)(UFFjN#pqRLCwA@m%N>b=Hp~->?MZ|A%n3!5pB0ZC+-nHqQ
z{)dUEKb<O~-EKFV%@)fgRZXgzEFkA&rHM&F=~FzRU-M=eWa}4<aj2xI`7NE2M@KGR
zGZP7M8iwI~oCVRLuc}C@+IKmM>Xa?_pgndIU|`?Bf6vw_oTg?45-Un6g;)iqT|d+z
zhNjI#d8|1OjYLfYs}7s@da<Oc$x52DS%A}oW+GM%F^bGIB^u7u%%zw|_ik?%$^B|E
z14XHTdNK<MosTCT`nHNHoK+z=oznqt<mE~bjF89(EajZn>$O7<l2MWaH2}z%cbbQp
zl2Y=9>267T{s~}0l%^5URN!HFZeTIQDzT#V96|jkB&x&Npm-3+a=ERB(8g3E1P326
z7&V{MHTjvqVn8)G>jYUKEm+Gj{A$17BijUZ4sZaHM0hq=1kgutv+$-<36z(cp$vko
zDHKWpTmxga01-i?6-v($AW*-E0}v4cyYP!qN{wkyqgEs$pDJ7v*hI3nzc?R3Z7;os
zCx<ryt%%zTjy%E8tF>W-gNWI}-4BNYs#S=&4nfkOqe!T8Q9<?aK%gMj4dp~>REZ`<
zANx=4G-SF&kn+!Irt&&JqmzD8;r%=Ag)c{)Bt8`m4PDoeU7XA72fMtuPBPtTe(-;(
z@LHVz+pm8gyvm=HRk25|h)AwdM@ppDu^uEwK{F9&=42{oa_^K#E--{#s5dF@b;CJw
z6LInY;1p6K5>n3N`Fx(m(4YHp9CJ!altVR!iZowBaOT<Ecu`j)kZ;{4A51o9Jw94&
z<vMY@LCgCp5mOLO$L{?0y?uSrc3#D5(f4ED55pK^B@%oKBTxg$FrUx2+bv9K2%wZw
z*Yzpo1OZ1hC|8SR<}-&VRjpMMnugBD;e6_k$4Gh}KcsGEt92sIlh>nx6n0V~RtdzS
zX)G-d{p9WF(O;(p42#OlqVBMxG<2uaJW3GhOuKjkAP97{<z27W5N-~qc9J%TP4E0v
zRv=YXH8uCMb{-&70*slgU>1rH?iBP*u+lVmY0wr#<WkNx9K0y6pG8#J)ApD(_ulXm
zzZxzG-GjtG*oZvpNal?oQU_{Q_X5fMJcRh*6dn!-s4*nB@Hz-80?J6HDNEeE`!kWy
z@<$bh0MIFH91tFNMx+iP1t@mcmSiXqZ-wI6L})cA9#1>rfE$GT5Gsqk-rJG!&}VS4
zP(p|Zuiw;F4#ta$qBb8*+z8`1S}PPa{5qzPn6pHRRcV7g5Z2{h&zW;3Cep0e?$^CQ
z@zhAB3u@r;Eqq56C03t4&nL&vpZRA`PUiZM%LNM!X@L#FaU&p7Aszg$o@;RvnD6{i
zwnUMGyvslNEBI&OtMrT(>JTcH&6$G`7uIBWGA-DKk{SrG$T&_-<u8e^%MeCZAsUIH
zJErNw?U>Wh>o9~o=+NhJWZ~UzH`U@~73Q2Lz6Dn*`Z;!kiivn=QjmF;DHF@>pUMf+
z@^9w7IftY$Mc^^o#hBA<xjJq)*}B0(n8NCZM274GwH*RM0H8Z#VMPQkl6>5eNHw2x
z0NE>tb}{xn6Q$$fxZPCkybU2sB$1THSXEh~y*OuLV&W>Q<?SA>J-z;ud8oxpr%^O(
zh%mr%ccSy5QVP{<7)RupysZ=hYskt#rol7dqSurMzTiVZb6{BDh|K46@1v2X{>4-A
z20~L})t^8s)OC$+*N7R~>`$)%-GlgQW3497=QAJ=kfJzW3O*n}<lI#t3vu~nJ<X4H
zBq%C?d`?El;6ss&O5=Duf{qf}8sZ)5maK9MpWVLkhPR$<LrBakaZ^hCx4-@E<Kv@b
z$%Xp*`1r^<qYPNAmAlvL;WcnF7GI1Jty9P_EvkwTY8lD(dMq+>5jNgQ7!JXDS;6|i
zJmFUe_pw3ve4pG*8=13=ld+7@Tmau7c!=T;%w=rnG+X3QQBgs410N!jIOS##Rn|00
zEF)U?JA^F`GwOuMDs8=+YhL!xb=TVR__6#d@BZ0QO7@@EQe;mX3LsfD6?Lhf^`X$|
zMasd1V}u4yxqy$eok<tdcDh#toS}T$!oRs0bBAJjlP4~mxpGKz0k1%<uAkt_8)3##
zNtjZmN{ES4PD~^cl$276F(#!MC1M^(2D^^u^Mgpg-wfLi?M|8K<@sf^-A)bFmdn-4
zD=(gUsiurRT@*iE|Cg@6QOkqg{I#@!RH>3{%wBP3xw^DS&M8qXR0&mS4E<S&xNen*
zRfqkC(g^Di1|<Y8Y(57R;Gb1h{r1~$bzLKGK}65b&(WGCs%o6grm%!kYUUcN@!Q`;
zQ%bq-yPQ(2Vyv6gcgxqWLp@iK(um2|Z*;Ssr@F=|eacx?(-=gEMNKZzVV6%kYL{WL
zQlgm0IGi;l2nr{yCn6-?yv<T&ogbjRyz16j{vct*=zo^WrFXm|BJ>17O2xY@dhCv^
zWg^O$5DIcA8DupmZh@Hagnc&ta_4X=6_1B!%hWzyhHJ9v{hw4cv-cWd)PzB+K{*i-
zJSt2&@>0j+5v>2v@qm~+AOij$lq-lL9j}OCgo=VIHqk(kb(VtYU$57I`MtltV;q4>
z@RSvF65KB`t@Hf+j7bIF!_~f<Az)erj1o}-waz6-M6p$60WQK;wCwaGZnGeK2~&k^
z!9ia-AkYJqcnriUkpl#1l9)xLp3TQ*o;i@-N`5I<JUuuvGjY7vBDbf}1Q@$#Rk%5>
zf)zT&e8^m@8$8<&F7o5!GrjmT$K(SMiQDq#<z#z$f6hsWcnr;MpGz;w`lH`Gwir6j
z%XdE0tgfprQA8ts5W2Vp)5!+*!(2#dUYK+*v5WYw7E&b@s8Y$tEir}FvkrZ~eQ#dB
z5_9Ho$>Cp91*V*v#j0gW$5_=hpx7`rv*w(0#T*Rl;cxL%GjV4Xm4C;J_nB&@D3=+r
zdAMrmRqDLy6>?^x+|HFlV3jmd2>Y&&IjxrqHtceY@%8l;G%>I>i714yTrN?#f+P)G
zhraLs@gM&YmT2Gi{o#<#=MX}uY9gha+t)8VbUco7;N$Vw_rvLQUaeM29CS=-0gwBt
z1Amd?o1j_7AxTVCold9j<J)RJrx2xXG*m3or?mP0ru_cb|HuDxjP)p$Qino|zVF}P
z-v?_}emb50_y7HW_qOAn<AJLL*9wUVcWVIJf=>f$8v!8*Vq|)b$0OwX*RNmEIUYI*
zX?XPJK&l?WH!lrhW(Y|&RGt%}S5<{el^&8iQjU@!Q(f6uhvd3z66O)^@@zIkx)HHT
zfD%4FK9Emxl3WDj7K_F4c--xFr_%|Y4^gT`MDOqKP}ra@!mxm5*IU{HzYffZh(r|U
zve5{tAq)NGbIxGt&sGxv$e{Ns#;f895OYNN8&o=(!hqTY^E_;d^?HrEC6B{G@u1=g
zqpSw`gY$$cx##C+W=5eI6)Fm02WW5TXQU8C<mKfBxjrPWa?UYUGGD0DP@!JxfmrYz
zJMDQxIqUV7D24L9)KKF<x=DkV5yEo6T|Gx3L#c4We&7TBjAP{Y{Zrw-^5<-(H!7c^
z<)X7*1}B@dQWok$h>vA6_);Yp9|Q|kMcX7QhDfhRY%1xsE1<{*KN;-_ClOqDR7gQN
z4HEnwsLW81Yp}f(cqJlHBQ$8Pmru-;HA{$#m#@e7@AKu;Sk)f7L@if&B;wf2W<ve>
z{QK{}gOG)Y>Z*=0l3~o`F4=Z7*H>Qq-Q?XbFf}whDUC|K5)n0G@WtYn<!Z!0WtKG6
z6ziZQ5{dZf%P*lnQ5wnQ_{+=7;c$Q~MtUDC1|J_EPft(C2V>vub~|LzQ6Ez>>rhU-
z--P8_$8oG@Jnrf$@?zn|!rO1ZEx-QCZKXagB|fDvEBvDnv4m8Iti-By4E3zlzB`>a
z%P+q~;W1OaSib(lU;F(o9k#rDCL#@ya#qcVSbCVt2}s==@OTo+RFVHCBIL;N)|<@+
z$vME=JSym6CyWC`^Lo7w*0XBA--CS>Vi^}f9PICZ|NHO1|Nhs%{?+v*ay(@He1H4x
zH?JQp6;;j|J{jV5m&sQ}RjV4S1zpFw$UGKkK?mP^YbRuwkoUo(;sM~Cc#}-FqNvqs
z1%x^hX6yADLOxhuM5L4OJQF7_Mi4H`H0jnB$UQG9DvEDj#u+QJH7$mc#K6Jhajk}{
zfk_tH9=F5#M$s7&p-KQ%&9KP6e*KD^B=S;heWXenC#d56eh*NJQ_$y}aj$?BXsq*W
zVdCI{Ur|bm(mInnmbo%uLN^~wprrhm_2<XOja69Q<ugy{=T*+XTSej49voAp%rp{3
zodR4#LDWrj0WbJ{6I~IuMj~=-z3G@>1xfc>dCK$OM_=vC%Z%vNqxxyM{srS_b;_BE
zn4$ss^!nlPvGby1n_Oa^J--IcS=CUj(;Y8CHm1Ndo{q=OTek8+B5K>Vs%s%7Yn4ld
zqWWxhN`NRpkNz%~*SGOxt3s=o$Pgl3rodFmrQG61MNJpa8uJkHkVBPXor#z<R5i15
zcOs&yojpAz*u`Pu3m0J#%Tg23^Yim;HY1TSD^gb9zkf$H72;#r`u?3xr{Vp5u~@XT
zd0^U~&*!e6&05VGQMj42=82<AnA9p6JWE&}D2BU?m8yiu%QYVlbUrgt3e{=9k0R}A
z9qT%TIE2WgN-;4fB^7Dwp89jj83`&70yzG@uIt0$;4cD!<B=Y4@;X>f>~NFX)A@(P
z;memVP<Z?O9sp)f%!Ckt1@)Z8>+5UI`P;W|<2ZsI0-_k2BgXjaufIB00x&l?A#hea
z+=sjj{1um?u6q5mpAQrUJc0Rq4h0M~3A7%T0pxRC*WT&TaS$N{v?s*7Z#Eld{>xwf
zg3kyrAb#cu5k|d~(-dMTQ9KM3gFh<~A)5!)0&F6l1`SkH6_HlV6EHA{7UJh94k)>P
z{pqoq%dTHgfguFEJi>Yoq6cZka=9$)dGRZB-$Jg>?HwY5jUy7Gu*R618L|8bHhvxM
zzcJ*AO4IFP)jEo7k|uPi*ZG;_UMGEa{LBS!E~3{mogba!-#mPPd)0_{hm_3M2z9mA
zM;9!BUBr_gWaw>%)-fJDE|>$U__-s<snALA63Uq>hn<Tbx*{Z^Koprqr63o07-E?D
z5s;k<Pw{pTl#)p7dx~OO&qj=eH8T;5blVT<PHo$6w%e}j(CxZHi-3BTs``;@bQ!m+
zi6|Zh5lbl$B2;`Rl~AXbu38`})I5oJSL&C=%oIo~RuLZh@wC~rzy5DT#3^wM-MQnw
zYZnV8sh3anIOsU!oMTm0^F^rJEF8vhb~;iT>#B+&(0sLO7U{65=Zo`p^S8hK4cZIg
zDI$v2B0Y$3PUCD5zswhD6k*C)iJqQRLdc}dEDlGs_49DKUQjcBj)YiGofws9KARD9
zH;(;wLrSZ!zq0UQf9U(Z3EWnZh*Hj{(+SA}gf!tZsVejYa`u4gLCB)7pp%G`!S>i7
z<|q<{m{Qf(*H-}Q5Hke-09XOx1AyrjI0dMIuIs*h`2sNaa=Ao=4Z*-*#Z1tM@KFG%
zZ~{Gu-(-Z~S`a4T8wA|^8}L>jlZ3)ngw5QeK%A4U@&~_y6Xw_uMD_q^M3B?F<6>+P
zHmj_)6UJ&7hUf_%Xm!Vmi1p)eF9*y^WYtIxUWd}d2T!KKutH!F`pKb?u9*-YSS%KR
zwUi~?fFwd+veg;vb~`{JKxhjW+tCwH^(Yy`qVXDD$F~Tx#yZulO887g-RyJ!ukVCx
zK7`)=>PB4R{~nSl{P=hv3jgF4esI}`(ZVu-S?Y%Jho8A|u-ri(mkPCwl3TT3BBV71
z`rK72sOZJZW3O-ILfIeHp9H@x(SzPbGMBh;rf5DKp&2|;)=Rpp9FWV)>g9Gfi1XVK
z$dp3m8(k+Ir{n&knJp+*91t*6vR-!c`8<XYnnvq3g*vn3e6=EPOqPq0VKre7Cxz|F
zON;8}B8bEeG{slL_3Y!yk+~ku+8;aS7(%sJaZW0MM6yz-Y7%syW{SkI0&Xs7PF;7{
zd{9*_o}N?PavIU!S!3N)BL|XZhIsz@d>)6PZknc<g79e4Eh5AmavFv{=Ty(<xoR|z
z$B%9nB3F$R8QRN}>($GWy<IsFESysAciX8@@^s4GxeX#Yb;n~6;j!Ouw@qE2j{9Ry
zGM`r#bV9BuTH_%ye44|ik&l3kuB;90+uIviBOwTJBEq`^kB*iZ;PgR;!YhA>sIpeJ
z&<Y_0bglw!g_$8**-~6?-+LN`jIzhAf1(LAfu~g?5^`SxauqLyzQbhjJTdN`{eBM^
zA(?yN&P<8I1KShyI^qWoi3A?PyBm6N58ty9M*ss7!FmaOo2^F(s2}{D#mFN{YAMVX
zY=LZ@SJ+xFJE@m{hPom%E6AYa06RKq2eMO$7DE5SIm7wDvpU8PugzAihU%_t+_KQS
z;IyBHQgfD|*S+L#CC(ja>LN9+kyqt8r8Va&?Xye$-*Rx_*6`iK-+Z`nyzYN;bEpYE
z$OSF`@aRd{925^yxqiBd<4v;F6b3ySdG95E`4f^BOk`c&0ZK%Xs4K!L*33*fv*t{a
zir2Y%!D}Hn=>|~bi7?Sf%&JB##3`rlu<Jj*&+5AGyYuNN{h67@oSlOp%w`&!6skl-
z`2yWhYi9r0AfQ_n^@qpJq`RWZG$sFTFU8bwu0@Ao7{{SnEURXg4Oy>5T-T&Ecz0Pf
zM<JA;=CptN{_WrXZMlA0G>z14Zf39;I4et#c9BEi`Reu8zi1jyCxmcP&KKx28Ybv&
zN6ZrAn3KjTwyn+<nv!PKz*o#-1#wjQE@~Ld3y((5aqKk>RbA&0nN)%ZsZgFZ4KZuq
zMd3X3k%>ZJQ!Os*VE%fN0?9TQ@sKuvXrs^*xd}K8o-u)}Lr4iJ9OoZF5(IZdAQX8!
zB=g`E<)RfYAPinA3NQlE1c*R{48DO|?d~%<-478#O0!{J%J?C~JJcAWvXH>IzW4qh
zbI!<+bVLMK5;EVjS@1j2Tn!cpLS>GJ2qECHp%=iG8@*FhFfP~8nq~P5yRYi5iEAb?
z)+Rh3OamwzF^*a!w_svGvHR8F^EzvjTIWi4>^u?*z39#(E`p*n3=<$ms4eggW*#b?
zo}A;TG!8?o>WBOJVcfv~bnhpXf4#Ym{v=ZCzwx-2dgY;aoBU55>f8-C<gIq^vf@=-
zQJF{O=idw|R8;B9-dF?hz{cWxM`qr*K}=LJk!r{~iU^aCN*dERa?Y`eV{BAuiV<HQ
z4-pMQOq#~iiHPc^VF|1%{h5YdQ{vMRiKcG*(QQAxqGLXrHBA%iW~^odha1y}?v~As
zx>8fvOczE(Ek2Z^cXRmQ<8|US4F?rhs5OOHY18JR?~VsaDXd<cL`bK2C=;oqk(hF#
zF^%K-cs?G+G>%<29Cy;4bhaF_N>x*gSz-cpiB!$=mypLW>x4BjjpLYy9wt09Z?{`?
zZCI^VY3L*k660+B5_a$7&=WIBU<jfzQ1yA7KyB<Ib6l>7d6ZaJft#AsNMpa?(D&yY
ztJ!?{@!P-ERTZnM3|=ww)6)|;ipuIwkP_hgU|kBGL$+;O$S!C&_ZZL;)|CoC3J~SU
zwUdc^T#A`NL<BCn%82JztJP++QB`lY4&bN<^q}>DCP(zleF;1g+`jTxu5Tc0LAHQL
z1x5o+Eucyvx-n2thrt-Xpll$_T~i|GbT}MdUS8lqB7d2T70=-qj-E&<MJIRgSMu&7
zu47>=05Xm{!7lLhl6!ex)`!)GQN!rKSYTtD&DO`0h>*T2xshOufJ4`_Tq5EO6z;3x
zAw77=)+m#RfGv@N)Fij<pp;UoYSt@j?6O548tiVNYY|H+gDp2Ft1%<|AoEq8e{+$0
zb@GR<%+GxJ1D*PV>-@~0E^)JKH-`%iRFX%?9roeIjVp&@^3U#+AJgqzK;enqf-Isq
zK{=RZ9Hl>pAgP%#amb0!$HV3$3b!w>IYb&$sH%z6Vaj8{*HU|OCQ@c*)sPc)r(w4_
zcirsQU%6^T^LhJm*u0B`#d6uayrfv`*tboMI8O*+wOmRF+RjD}7xi%C3l?uj*BVHR
zWyiJ}`O#?HOkBCfaAsu6O1%|0lePa4B4*A^v28UChy5YsW8Jjc&TrNxXAMJ_&Pkft
zu;2FkU0?=R_indmqS^U$Ja_eCRj-~X*2Jt5lyr!7%At9l3z4QVANI%XCP-+SMwnd+
zBUlovYHG1nHPRh(>Jx{oRMm}Eb-4|1ms5eQU?OEnbt5rmVq#WIs#IJDQRbZU{Am=X
zP*qVR1e6PV{>D@FZl<G+I2$OMOtrurbm}<BLujeCZNGp2zFx1{@Ybk$R@LX{XGDn*
zwL%OK$s0HQ5!Qo&4wy7qw^(>oAbNn5MlCSHl@PFqC?c}8*=*d?5Nq8#j-&UTf*?hV
zQB^%T=a)i4$LWOdF8B;50iGhB4OPj=u>rR3AaDTLA?oobk0L^SMtDCMZr~TZI0;Ik
z^q=s-lZ0w4gwdMKqewOz&AI;yD#T0VqBQ{n+#EhKGkfju@4x>JXBLIZPU#3b4c9$*
zRK$yc$9IgP8uHTpw&VFMv90IJ(p=8Alzne|mFQ<!K9A;6Vb0&XSy}%;MY%Y>54h3w
z_w+}e&BGr)6i@$khu`<gF}g-|m%8dkEtTcKWW0HoZ<Oeoe~1memTe-4E<zS30aiX4
z7McUe&>fH4_xb9%svA|}u^+qB`LM6*dNmF*4CCp%{Q8&7jLu#;tLDVSQ8*I^Cd!GK
zSef!jr(-@JTcO=ymv>E!kwv=WVShN*b=}P8O}oevm}N`}nS&5QCJG_;QeCK+9%+}G
zQJwy2CzmZ8apYp4ZWIy~|0Mg84UMVB`xl66v6^TJi6{pN%jab??~Vt}>Go+zIgdIH
z``vD}Owyefvl&^Y9ajJGbUK|*^6{~LdRjd_#o1h&`52-qW#*wf6EjQ5N@LQxngU-h
zbqzTVAr-1R)iWZ}s@DEY-TAcN^~3nf|Mri$Zj$QFo3aIC%RwXiGI6-rG}GUinpvo-
zq?$5u(~@Xl8O8y!6-B$N)e5BGstV*iGlTfYNpOg!tk3Cmf);TMT1pA1dhdSc`4psu
za?YF01}J3@tic-toDF3>s66}l_&|&bSb6l$a9|pe`rp5Q2e8>=bj#(^1A5L63(*ZH
z2KB}05e1%gC!Rpt5vU>}f(igpEIcP9T+qgah#YW$=w($^A0Hn`L4E!D6(C6v@&Rw+
zRC#4k5$hr1C7oV~j6AVav+#A2^$2-=eT8B}$400MDM*QKvV}y1JR5u|uxQNZ^N)`Y
zOg~g;-}l~S5uPmSyioJx9+Hz&0b#jVEP$xN$~c`)fZmhECp|(~&E^`T(nWi?uak={
zUB-59@aSZrr<?c>^6={DvO;eD;3$Rly*+p@TwJB;-Dx*2;FWXpdGP1{rk_3Y&B=QA
zsE_q4Uw#60b%jAF+8CBE!=Gz+T%;84WLAaT1j>|%Cl{*HF-vva?W(bFgT%H?-7!)=
zcD;6|{&Wg40_@Ao+V^tWQa#gHv4nKoowgq##`SuwEGl9D@iwbsB<=gY@47K1BC6~9
za6Dq!!{A%5*Y#|14mA-a7M3uZMT9G=s?uPB@)H&1<1AMJE26u2U@iiuH~*zi*39)J
zTs$x&!=gZ`Q)Xgj4Us~u+xY{^L{-U&K}?fUtSUBa7<%q}e0-ptDZ)M>#yJsp=XSO3
zV%v`0w}1KnLZlMW>+?Fsm?cPzhts*1fOg4MRgvb<pHtmxh(`)dtd^_QFeGAjz~{~S
zr0d`_U2mw;IKZD06G_BNEmx~7VNl}!tmmT_;X=f{zrVvb+H5wENKS^}I5PNBPft(C
zLP5GBYt?n#$H&Kdy++UsXmxNSV61T9nyUKt_6BDKMZO5Ec^V!-w)gk<WbJezu8BxQ
zpy`8kf+U?|bewG$g<~{nY@3apG`2ZO<Hn7R#<tDIn%Iq##<tCgZGQ8vZ~o4jKleQA
ze$LtF?0t129wpFg;646rCom@I%F~%(|I(d32&sIOjD$9jw1r72mghg;SK~hkRwBXn
z+H2nc5s$>)YcYhZi9uD`@DC=OC~(sS&g8!JOLTPdXhUWx(bPLPNbVM=dwO|m!9!<r
zqv$38`jaDkM?Mkme&QdZY`*?)OQT2ZyCb{>8uUp#_S=`P{r|*A6^z&%RK2z4JUm1S
z6TvZnI{ST$B+lv*qpopl^iqo0zCoyGYv`pZi{pES_;G+zK|9%CXVP5|hoASGh|T*p
ztuSwJc+FIg3|!$nW0E)zzpc}sU!HwV9`Y@S2KK*`<6T-vuE^sTGd($_l_>{K-mW|4
z#MPJV%F)qJu0(=nAK$?dZMx_qH_v8A0&o{}2Y7vJYyZijulW{-?{;DOF?!`7y*jSU
zl5z_Uol1cSiFssN{&Oy~Z<vY0ryz-$c7l(dL^9lRZ+c{qG*ajUW83rLPMGnNeN~2J
z9#Dot38n6tW>AJoOg8Ry?vTksGB6<At)1A)19A)uTl{J5P&$aE16Xjn$2yFny1x3*
zAI!J4s<w(u360En*zz+RH&>jq;mOJus9Cbc!C#{mQ3evE^U^BHN^&M;Hyd%2R%E16
z0i6r73_!+AJ6vNQscI<nhHGlTN}c<miM7X30vhxgFd@dvE66W88u5@=2oo!Ur_ogg
z0ZI}rpY__Y-nzWBv=p4;o>$&Gea-;?mC7U<EXc&ec;Gs?)E4z#MQL_`|M+|dv}OpF
z<P2^N9LQ3Lr7sFv9*X-<5eSeC@4j&wNWMsasCbpZ*07*7#8L*`mR)c#idmBm`36Er
z47UP!cj1>+v>Eh9$)GX}Jj#rii)`$61%jIl<Q2Ra^qjx#+1H{GZyMAbz5+;W`9gHA
zwt|Ony(QPY0I>ojTi(2+yzK2q@=8PlWZFLvWrO$BcOA6Qb(l(}nEYX>R1{bRgON}F
ze!J{Bm?9ND39FNTzc?6HBs$z|e|g^Hz&$Z~12t^<(u9t3+`sI9wgp9v&ry#)%A{?+
zIP(bNI>e?Sia*ZX9RSATS+?j@X-HsAeX)X3hs00X_*va>N6$8RLtKv=hm&?{_!eEa
z9=Ciy!QA`LIpOy?Z=tpGW<C)3^bm~KiDm6sK;vL~j#2Y>`TivLI@?3lV0L9h_5+7G
z*r%O-eIm+N=MjbcLz`z1qmQ592G7F;s-8nWqNxmKLRcuL)7J4WVmKuFu{-H(ZWaT^
zj8p4(B9!>_D_SxNvLb)dP)`37;3<DhP`2{F4jbJnO+L+0vHpId(A%41*@|YQy3Du~
zG|^@iDU6^D4s>}9L<xmN?Om`4oew-&K;o&gdT_|y{0fCzq)mb~@*sFfqpOXN$<~08
zf0q;<=<2LrrFo@)Wyn)_E#Bx60=AGDv6+G`TJb99Xw6r_Jq~mf2+8CJ0WyVz$`UY)
zel2UAot?xeVSX>Ae*bzfW{m6n!$XC`NX3MI*BzU=mWv6A5Ae_NtnkXuups8jBS6(6
zfw!BwsVSDN003KVLf*{qrGRBLRmG!juur#M_4MCxP;=;`cJrjaG<HH}pGog4<f%Y2
z^9#JOGR3QOXgKQPIlA1xsQJ7$dnp)JcnQ{PQ{L?}0X)>WgCq?DnC_b<3OEbg!U6|d
zew`?^8YB~n6cKk$nF9l+QwkPGf9qqvDTCWfp$lmAI~k=7QXZ>g_^zdQVqxcj4|S9U
zq^;mn+UCuDT&3mR2c8T1t?y+%_YUDtI&jZCzE126SKr9L_VL~^s57kLQzi(y(vqk_
z*O@uEA7lf{ZP&o+W@=3f)zx+{m`&*C2PR~KZ)h+qVNKGI3*~XR-={3EjE$x!^TIz0
zbvOI4P}$xzacS#)@aAgAtgAlB4rj3Mx_`l{0s1C*+hWx6`<e2VUsg@r`5ecPP71Ij
z;$OmzH}|bMESds2jEM6Ncm5u!3!xje#Di}OU}BuSQ87CojTg-_k_!-nff+Rz3M?w>
zV}(H^I<e-6ijdL1u~Bv3c&`0=-eI*yX!yoWVdb696D1wd(?c+1Kuv{XW*qXKL{Cda
zMl@A5_zY9`Tm1nklzZOCm}r@wyY)geKgH{(Oi525d<y9o;BpTEnP`X&Oz2OcTri(u
zNG0C2#a~LIi}aMJpu5>lZG}Ku<d#pTmx)^#l4}3}2$1<l`GZ%&v{kQQ9fz>D-9iFp
z1h5k?GAX{@V*C1OeW{#AJ(TcG^ob6Fxp{p;kfOc>*#7dKTP`WpRb4(A8SU`czB~#$
z{p^Uqg=hKLCT*(OG(0?{a9wLX2n!>sA4fv%FcTO_1khh{F-P|6HJt|Q!BQhaf=g#P
z%eI70GuQ`n-bwA%9Jfh-a4s|O2N)hJO?8kU>H_EA6sGHlBB8@u(UH=ia)hGbXMgU<
z9=*-_<}Zjuq60<DcWeeFVe%sZRrP3lNJ!k+H)0luZv*uoUd>qq2ko&lid?sKP7J8e
zUW4D&op?;5Ge?HcXS+Bby4|10GVV{HI6l?vVnu0r#N-L|AVdP^D*#EM{^dx>X_$!i
zYUa6=6R3rl-d<m4_MB3vlX@iJZn<_|zLUg#o`Unr{N9)RHtbre?V7YD^#WulnfZ(M
zgXk)}YrX5KWqd@dBePJ8Rcv@VK?ej4y<}cx^J*wED(Ik!5^ekGTya08>CL5TD>PvG
z;C3ge6l0C)Q*v8m4Qm#I%uL%qik~oKU`V0>sosX(^69G*P)AY^&}*+wwC^&FrCe$<
zS4~6mVr&QQ`@*CV0^QZnq|^br#>yoFtP`e)UAXArR{p#gn|P162y4}KVg4%Rh3upw
zSEnNkO@?|@M<X@IX#%ZJ@`zaU>o_@EoMh*K-L>h;Awk1tD0o#CMoYck@{ou^CvKyZ
z3OXI1@%8Q))9h>^6Mg6I<^<-ej@sx${#tzGAVp@YV=MFq_MQ;DieXFJK^X+Ai)>1t
zU@Kl`3H|TScmaLYLTkH2v8I1n{3LO?!hR)Pc{p!x&$qC9AZJGURe_%5kX;irbn7qw
zyh=F6KoTj|d<^0)S5%4ZP=qe~7Z=R?=N{iz&(vG4L(7wnnXYG(zv+RAICv2ICp%*K
z0pea0=IRn^WoZB4edEoy|6Z5+pandC+K<`tnFLn2%;%<$7xOL-q>YK&9oZ}ZEuj-n
z!EKLBE(t`8`d%}6FEXydsN^YD`*4iga%_Opq5_?c&Nx2ICACK3Z6>EaV?=Rm_wd0$
z&PT)qg^r(bikw|HI}UBcmr@4<z4py{z-o6uO$x;qjSexk=+gy;a*Vri+*~n#E+&X0
zcs#c#mT!-xdhPq)xcDF(!}FoYHhbZDF9%7`O3_8OTsM2eSlQ%RRW(}f-%W^K>Mr#+
zGMx;W$B4$VP7v35`2*U}u*oH_3smm(%NWkp(v(ibL?Xq9er`N_m!ydMg}Y0e|4nZv
zqoADOBZL{KlL*_r1J7hM#pLijGk6NBrpOqk>=*uG9i{#OX+$CP0Yf8Ng#6$X_JAdo
zlkUPfEA`x1DdVjw@C^?CzW@9na6Y9*&o4a7=8y?F9IbkNeVs5Dzf7{z9wn47Tz(2<
zNyrFQFqWO!2#h_{SU~DgNgVc(8`UkClNLf?Y-lQCi@@bm+4I@1^UjX0rl@di_nzat
z`_L2J==F;^&Qb3R#(cH_FKwmqUM8)9i?`==E^4#hC<cEcq7J0p4pSJbR`Zw>MJA|Q
z=wK;7on&wCW_K|mp02kG2qA=<?Zvg%y*25j18*HEIp+SgK!q3m_!8aF?L&Y$bFz;m
z>lecAhWE;47n-a@8eFO(6+ngCmm$=Q0H$IIP}aA3iFK!9wtkBme64b$D19jmzn8m+
zL)9_{?9zD7IJ-&L#P>>WjuySmD0l}S-f9rYX`U&~+Kv0w2EI+9n~=j-4OVprQaNWI
z=;_SEpPLQ3m4Q+uC~Q_d*af5C-P&_{D<M@*b=k891!Q}J9*vsnvHVNQ9D`BWQ3$Nc
zb+LIwo8u*@78pw{0f3R#W#Udu5O?7%Ff+94izp@<u<ml^(E!46w}V;iE%B4MP5r=o
z>#-^bmAphFN+V9W5Y_G|^YELi56R$%x63t_g!DoQ5CY9WImUYUn8mPb8qGpbVU82L
z+S1Rj_5&T>2m&5QYzA0@>F4e~q+LKq^NB_o3H~-$$VaD2^V?6@c&AIjJwdXLtj)NY
zcUJ$B)}fAl9PN(a;`-4TgPa+_6&#<9d0hBuLr%<Wpj^Un#oY1T@m%Rtt}w@<nIdsj
z1rnRxU|O$MM9bhE=4Vm2<YBBx`u7cG0|lqwnfdoeD|JFq1`IjubMf;c5aB>7kKABV
zh^J<CjyVO09z*@Z(x1bLnn98p&tzP<6yRK(xkhBk)wA1FjFco=;U<0%#=Zl;eRi4(
zK0e(S61AM(sXL7KPcqnhcVL+sQ_8N#A>B89cx|Ga(xHc-$djSV#^gUv_(cUh;&k;C
zY(EzS*a0}X#V|(lA2h<>5(qi8vn2{^=J_tEf^}eb#m{{r>n__EEYw!a|4obIFm1mM
zT1j8VXj<|MzRoL@1+*!thjm8SqCS6&)uo6MM1`Cn^CkK<ku997Sp30n<%Tt<)fO7c
z@UrqBF`&JJ;Y!s)piJ$`01p3fEjkhZMIwCfSUD&Z+euxNpbEDiCnMQiAluadD<wzX
zkXM}va0wdJc;;+Vfdc`k0Ja#lFirs2Qn{CBEE9L$M)$R&9I?!M&8eYAKWFmc7iK=c
z^5jtqN<PcSbNL4CxT&q#(y5t{<?~Ce^KC5|`ez;8(#cm(*KVEHI(NrpEc&SNaSM$I
z!}=H;HhZjh7nRDe5HmBS(mA^pN+Z5G>VARR;7~O6FUmimLb6nqSR&=ZQPk%+h2QTm
z8B>o`6OaS&gypuABLc+C6X(X46292*L*VG6%SuNIW8OgEfr{LFD@xa$gIQoZag}bs
z#kDZHazAU9(Jr3WKEChAv&AF{Xl}lBOhL5=W?G(pq^A2L@{HG7Dv7dPWz(yGP!_Sb
zm17DWf+N^FKwG@$3|)|y-?7rj)7SU#01Tjm{4OMfktGwNe9!{ktzSo9_WFEyFrQ>U
zH>~yzqQt1;jiv0pIJd%H)Q!iBnE_mj4vC5xSs(7RLMRCSNPrE1>il2}-rQ>SA@lh-
zZOQ2Uxb`rAMPSZz=4P#w(2u6JE-+x^(9bqI6kB1@QPM~~)cM{NA+F!W6P78FKM7qn
zXwXh+Ocg?cxdiUVrK*er(7QlVq$*vMIII~iy6v-`uBp?w%+Ez-xKVO7-R*L(xRFfy
z;!<e|owNJ(IgQf>X>-hQwd?&FCcer0FGx=0@021l2fGZAv(JBD&zDx)Y1Dl%KqdGo
zcD*SjmP@%p&``9q?ktAB%0TzE3D%Os9obAApERHjOF&OW>la6jgnjQnKN5_0CHe<M
zUzw|#W#{Jq0{t(Mwg*4n9_ritL^dEUy!nA86XuvT<{426dIS|8!JKB);1unzSnhs)
zQ-heOsHj*$518chY*Nh;^*|c-!H>AlYhj4#mb_01lCYs6X{g>~Npg@OT|M}Aen&+I
zv!2$#pZ}aqG*9y35R_BVllVdHs`)y|B60#ET!Vkt&eQ$OmcND&K#P#jfHP>B(~&~-
zjIB$p)=~}FPjipL5*{}qr##eyW7X}+;lo;g@}_rPf|L6w{=*v9rzS=VfqN$K3ENm<
zu=kOG!Ro;8h5Hm;Xi!m4;X<GaYa((9Ms})Sc)xSk^kOsUa!@J{osPhl4{4mVnjI^w
z^y>h_Sy@>)Hq~MM<|Zl(f<EpXS+`C?tzc(IBpXk<h*6_&$Gb_N&*xA}@z9_mj-Rjh
zUh*#k6~uq;O_Do6-!p<#lXO7>p>+f*ZsnJ~ECecQ9=F*?dUshKc}$4guX^@2fIi%&
zk*eaaewDyoaU0Ff3b=*3>52y4KUi|b--i2UWifhy>9^18_ur4swldP(`l_-?b?wm0
zOo5d1ZzWIbQ{}E@rk-)}?YRntPHMzklkF|`Q&Zo%@&l%R;_eJ5ce540D(7x&VD`&K
z9>tam6dQ?LVC&jnnsl<e%jGc-%)rJjMr6C&Luk4`N>Q+&Wuqcs16RM#IcyH8SpL$W
ziOcEs5Dmm9PaATqYmrcT<+&8^TqTRK<CS-Z`$_Wze!qqpfoYJ&;o&bqP2=P+6`2%t
z^V^3w2`0nVc%k54m@?Z;C9>CaHzNXqli>@7a`-U#H?oqwvvkH+>GL2a^yr}^*1(Bc
z%)KAq?j>=ygJq^I8QB*4tvxOg$vDF)v-;<}euH(j-@kYEy1Kh*Z4>V~iY#QM(IB#1
z$S9E^e_X{kXaN?$V)tZxUV>gN?J!Iy8A9Tbl+=!zoJ()|SBkd?l2eTU&em-RkuD)m
zjY_v70$O-1zQQA!%tvulL<leGS%`di^KkSrDV_S0FNS}RN=>3C%nNsEv5WEUfTv`*
zyT#=a1~q9X8@iWQUTdFe8d!EAahq$UcTVOwZKj{)IKiY@WQXJd*0j5xj6UsV;fY%w
z>j=s3+a+JHOYc3;_Kwd9**VxxRsXs~kg$i-QxbA!$py{xwPd$z7fp86RoQekxfoTI
z$VGm3R}|2k`U&M+hP;lV9-u_`OXZN1K?Ma)K!$mz$BdrDa9WnFc?t@F2^3?Vr$xzh
zZs7UUhPirFbUcjf=7^`jgLoupqBJ*8wm-&IcmAI!`OI%ZYqdt(J#_`gc|8nxQ5ni@
zO3L89Y0`(RdmW#UxA;4`Q+4lyR_wpg8)>}2+X>IU5fYQ{mk;^E_I@wL=kSzIY^&DL
zmyUq=AE4vo2>PkM9kSLX0WYfAMGI-<NOmAw?g$`4E|0``$?4zcGIZ)}I*pL(1{f!L
zV8QRKA=&SYsVQ}`3C@n8X^EF)hVP-HaMoHocWYTw9m1;(BoE%Z9xk~Y*Z9ALVCeUr
zk{T9X>m>luXULj{<y3>2i%5E8|AS;m3`?UWIvX=k7i1S1u#e(;aafUYPs|r?L#*iW
z707n0An*Sj7ui;!utb<74tyQ0ou?)!230r_r@_m?dENPZ-k)kMHch7)Pe8_*#ZPCx
zaog%vwU{)h4&)g}(iYPvO|@u^!t~5Sy$7v*4y~7?HXqoIR^^UIIXTVHU1l5IG*AuB
z?brf%e(Cs>Qkor4T{kS~Yahuvl+V5NRwd8OS!$i8d`6M-<A-hdf{9~`r(DpQm4(Lk
zmu%`nn0<qZ&R$#^5|Y^nmU44qQ9tnybiJAFr*|Ric?r)RqEHORnuk5DQPR3{d=LW3
zE2Og4xKFppuACxLtrJi&$pA5K7KV3^b)0`D)_7y}x59vKeS84LKxY}(IkLZ43;}0`
zT~$0XfWpZP&DbSLDyW{;s7R<hg0-*gY{9&SH7z4vdPMcl;Br$0QkK5R@eZ!}&zlM8
z&8orG7U>fFEW|PdrjNO5%b#?%XoTQ27L(u7t3W$qgJG^<i@Y)2H?n;v%JAe_Ff8q)
z?c?paq4i!$IN)p@6LPp{zOPR_IzbwrApCpn_sGp?*p_gHTAPe;@N3oy{6=K{{j7Ir
zSjr4WQ~P*%3FIgRkEv!P2&RfQ0m0<Ge$b>gLtk{Fz^9tu+$!aO^|&oz#2%ySZf~uB
zsI&x%A&>$8uw3S7&GT|4X4(!qgEq8IRH@~DmF&wOj=(cl^k(U}L}(`YPY?Z2&+>6Z
zBU(Q)+F!FHP>2AVMM^yk;yJ8o==jLH``Nbs`?Zg-X4JE3zbDN$md`7W)7`9tCev%$
z&wD5OU?)C`eHEC$hn1kSOU|}rs$xzTlwVxWyamFvq$Ty%Ab{&b&mm-nQ+#EF>YR_C
z16=Y%m_`R`Ma(=nG^goS^saU-sci5{iMk^k7**VbgKD$7$moqno}cD0knYvVlrraZ
z6LVgE*HWEoSJ!N@G_%_{7M`1FkTD@Oqgt#0dNL+uxk|6a4jc<Y2etL}-V<l}sc)-U
zHBiG0aPHl1dL6%>+!_|RtCUyBb&yhp_tdoTA3R45OS72=0Fl)HQN^CTxinlPdf}kc
z!(=j4%5w-Z%$>en?(0XuZ^P8-HBGjfQ%|ez6U|gFrX=wq3rS7rzorY6?io7>eW||p
zRHW<QaUg?B?B&_JDE!D%D9w^=&z^>6@LGg|#?*zO<`9sIM1Y=|H^7?T7c8g{(UeWI
zF2(!KSx-Hpe_nOWN4^rRpyRA#`Y@l2fp7A=GW_jsP8p6M&tk-*FocvT&6Iy&*>Gt6
zTYP2&^Sp02_)~M5X;OCja({n6>xmKKRBx>^frqgLggIFkVmx3D*YoBq#KSlk8^6*Y
z&XGh`QG(C7R+Q3@sSaINS^vtHVut^XK@4y|*$RxzkFA#DXHkA0ioE}X3gKLnn|VWR
zP0QfopA*D&q)D197m1HJqC25Vq2k$dXkDqsnJ};*r%(Ec=2#~kome2Rs_wM6-HEzM
zO*`^C4I@;jWPWJ5a<LrvIW3qbVe9v+un_|i5@WZ6^R!K0)*ZQ&L*mD$FiPLX#s;2=
z_8Mx>rfC-#!0O>i3OJ}XnH=N$+%~YWIbip_yfQ1himOhYg_4QtNMmu!v%shncr_Eo
zpOnsikl8Df%b}t`CT$%@=|dJSE`qq9j<}Vj`f{!)J6)?o+k-WxkfY3V^uFwFiI=(X
z^744Y!VjnxAQ1;dJT~?KzCH*Gv`T<lBeShAvXsigBgN&)PDm`zl&}-oLfHFE$<U?#
zK(KyD)IxOcWKZ84d4>!MzTYskD6=<<82A4jthC0+LH=TJ!iOV|E<Z9&YVzw2b9pJS
zE#RgBnZwHN*!oIRP78Az4y8a*Dqy{ti8AsV$94>BK@YHAjW(rB%npXyslelsLM)mG
z+EN1g;?b+YDNyizHlI8?k(P^>(h+SwTjM(%6xd5YNU`I@113#Ux9_m=U@R77Mx&mA
z_dScuLCLBaj!q^QmE+^&w1K$iZIiEL`F{#Ystp&j>OU?MUN490KOjN#))9smc}t`Y
zr(NduKY!0JtiV8Ihv$|kG5s0Ll@g&L3g#ta;0JuUi+4@Y|FxL4_c93Mn4G-skjksT
zT?M=~K)`gZCN&8cFE)u(edz^|GkIzlJe#gC!!ZZ*{7r2pwHdp2*g=HRFb%#1w0nBX
z^~E2-H&&qrutim0<~$b2C5S3VC45E0feqkA)pzryhoqFh9BTgiiv}?R!2(p^;YK;o
zP5P^8<@+}a>6`u+1sY?wXmf<wg)0bT!9ic5p=5j%$>4oi1y)_w+<adM_Pc7k!Y72%
zf+S;E{%8IH<Z<qRpG2-lwJRr8B6V{xPJDl2-`5(t{qBqeV+%`$A4)?|+GhWLp>kw@
z*kxqO=18M3)@zwqJC$EQClJ-CD!coY$1zU>!G_W?fwu?7ZxmA`DIi;+<DxkY8H^~P
zeWNXaXTg^jE6nw`zx^3)JBtieqH)xjV4Q`{qIFfT)}xlBO0M{I>f!=<#b`iyzQ)@s
zd3Il-lw~+m%pmg^&y@Z=l0kQSR?$7v7X3mTRv9_G_W<8lqB@~zF;-OHAJ``$V+K&s
z)Sh6x7OVtDlD+I*%LL-@!;3E;1e*<~dkXo3`AFw!hQ5}W<}GWEBpDb)9E=zZ&ZcVQ
zD2Ynxj$~{u^5T65;9y}d+|>y|b(OTherssVfm}bGnm5pI)iM8ZNu)zu*AkOa!i>&B
zc_!C;Ya9`jD;4}OGPFzZH6Ly;9}S%yM1>twzz{#^HG7%LS&xhDQ6*&~-?#mmMCb*P
z`HpJN$wD)8!4z4cSph^@II(lM5Tq2-2q;q9&o_<SNiTW7rY-)xoLSti)KW78Ti$8!
zvfc^#!~QbwWREU$_qZq|a#uhBy0+RH@WiX>h^KGM?v|R+#`muku{ceT#qY#yDo(jR
zyZeCWySTRXcU_Z<7wD=0Dm*8}{GNFBHvO8dhZ<9^!cUkZ^LFe6@PWkSlUs+f#_q8q
zgXZ$>mL^-N(y)s{4jkoK)Qzk+IMu?~Vi@v&UBE%IKG>a6&!esQJ!j4Bt6`DFfaec@
zjcI%4ORdOK%z@YBZH#Vgy2O_RAI^fyDJ9lHytttStNW+pxgCe;<ZNe9bwx#Foj_sE
zsgsFE!JtM;TQFCLLeKivmOA`2Bsjd0I*41cdPjyH_4%t0md@>PzsQ|@TQ#^$Q=F?!
zXW5@rgVW6e4MBX{gRCR~$9$(lTj4t0Ww6LRDzRU-t6sFNNBleBf3!5d#Xg5bANqCB
zfTKi75p<?9w3qOw%rx2nZ}HLhtXP;*k~UCbYwRDo7&e0G&vR_)aU1fWoBoa@-S{+4
z`?SoYRxX1$cd^?fI>cQvNVE-WU*_D5`&g5S)%W+#ou#EUftJ>&`0$AK+g)KMgV8m{
zkI%cq>d)+BhF*zuApa7~di^^h6GP9hNOK)fg>&2ZH<CO>_cMcTnxC$p>8pySB(QS|
z04Vfchs6BL7oo^Cq3_7dzi=)}%7m78SzTBRFHYo^Q8|`4(C7xjr#+i=*zClSm}AQ~
zH-&OaSRe4h>Q>5}apOcAsu{BUI~tB%@nQ`1_gw=9R1(m4FLH@k)#ysuqTdfM>^>jh
z7TPR-VBB3@U4g}gnhFRYB2-cIdTYs1a|s@YGQvPxPU~0$i+qUt94(__Zn35=fy0A!
zqp!YG2F?ZR$=#(ByI{OVi@Uox;NU8jm-M6N^8?I%+WPR@^g0~OShLOyr8x#q22O>w
z0QXPo!KE=f{s~%BI@5{HY3=GFE-oY|*zs5k8IIISg>I$Qm#ahARbMUzv(>@sbcLH4
z!zfYH${QUgHzBSUKD^_kr5wGLdnkh1>iojdh6X{g4p)WC$sgYr%kc6}ud>e5DQSMj
zGo*o@xG7=}?LIW;HAlDXzun!X-@QFO3;sd$5Dz+1)et+-Q>BfQ%RXF#+vqvWGGL@}
z#&|7OH=J^zlQC6vU``(D;JWw4)sSB~nJm{B7*uxn@!{LOb@}Mke8<7<;K_2hmVs+_
zk!MLSMHWF-#6Vu1Q*E*J2-fr6S|w|oFFrp0&?2hDbcvnzIb1xp8xfUfXADzh#*gry
z{BGyYz&u{AkD>;!u^quIHB9Z8H;`K=K|&p`)NQAsm>>jT_VVVN0gpesz`aIC2Wzza
zRWwAkr3qk$qi4Tr3r_CmHTx&&N-AXA7$Kdy!77Z(N}48zL-kpNg>b%t`94l{L@Kx}
zGF}hGhxM%KyP&4QMn}#;YSKjUFEai50>PIXOCD>Bz02#yvh{DzV$z-_{c~H1%MEn9
z7IiAnZ2-AlU~v?bN13XA_VC)?-p+fEQ5ie*4%DtYd9YHy_n|cjvw=5M+itvehBM<{
zBmE9#@|T6W>(F1<T)!<_Er&Go{uyiuTQrE*phrOo>r)nfml(k|!Gf3+xV?%b*hdXD
z?VE-=ER8AzQ#PYmYBUF$yc+Ln&&_F9pLS;p|8a;?rwO(Wtmkbg$qUdUdTMc1*uvsZ
z(ZZ_m=y$@oc)6o4>>W#7bH-Bogxq_+gPj(!AZI*j4WZ*kJ)i1DhIc}}IKP{3k}gC_
zEQX|{B!fUzN8cmZlhr2cRZ*zGt<8;cRI<57HF5onhW?TpB(TjCGPF0QbJ5mDbCR!0
zx6vA(KSX1iK&DG>vV7O*6(SEE5%j*ZwqydA43_xbF`Wn`C0@ELR=#Dt)5#!mlAWW4
zkT?y7PjhGz*G)-k<0~rD72koqsv(b0PclOx2>$QB_NJpaM;s2@U>D2W++6yay7qfb
z0=!yC{5Uup`+R37V7ecC(%`KId}&7LplJIPhRE0D?(CTMc7Z>moR9zM2B|u5a7I4@
zW4}J<?h8+1ss<_h;I(~t3%R`mzYuMCc5<^<qd~2)V9-oTwc%_vPypFl=(x|nZf}9N
zn0b%KIoWrlI!L!{HC2+r-MY6vr#_#B@u~ExG}k6dEOluy)OSrhe*a$iF7$FP?nGWL
z)#>t$$i<*c`1Q)LHpMBprg1@14MFOs0&YW2J71v%wuaK=R##;U*tO9gvfwE>+qfS{
z7`6}XpFWab_>{~fkrY8M%E1Kz*-w!So%nKF>$L(i)hG%8m_&c!MRzpN%%ZdVd}Au#
zT*!Zbl97w3t8ye-%Jo$Oi2F}C2*tE7DH5-HRsh>Ks%@8qViE@tt8*B8M>hUF;Ta-V
z!-sYsGv1zuAY|U-F@#*1Q&De$A%_sy2^tG^RwIf(oxJCt$JZ)T*Txa(EQ#fweV<Fh
zDOOSLfBSj-CK*gXN^hR$jooau>YOph)-Rq`b?mVF_ox2Lx8iP`-Ay>YwKML67edpp
zLOrhr=rm?~zCUW6vO>BmbBRh;Xc8jzR<x%ur-BUduneM6`;$W-wd$bNFy+n~EQfYb
z-zk#Uu(q--1bs1h%Ov?E_hYvOm7Y4y5T~TeCQ@$ILt9BquBv|q5XA@Wj|NXHji6SR
zSb@a=G~$(ZL~w1BAiAOMM<F6l>~Brhi@dUPfka}Lg7l8OXcQ(veSaP&>oxBzsZtKP
zzPS+tm=^!tAI*pEp`$zYNaqI=A*k}NHs@NNj!SbpvNXNiG)v4Rar@0O;o!25a?mJk
z$($h8&bfnourkdlBG90)r~ca->hkmPq3(|zqTo=uIzLo~IB7Gt8hlAqk>BwCf@4pK
zIpo%vx*(;&_27sXJA}#DrX~l*?R}nQGxFKeOGS4|6;@E?+0A=hI(_9Z$;(^|jz5hc
zml>gxDk;}+ZQme(%Wa!L4)c3X^D{!rg&XL57nBwu9phW#j)7u}b=BXpZTUR!e&-?B
zaMjncCDgPA>ElVw6!n-lI03SLCMT<ld^0dfmyi4CHgDjWSgd1g#Og*3q)N;d;R4oU
zcTz$iUa4&5#(^Kj%+(y!1=hi2gIqt-P~Y|yqA3ty?qRRiN~@1o%(Tf$ysSx^)=}J;
z$cNn{rzfH!rwwnXL;2d9mp4WzChXnr_UYF?WB+4ZU#*UPXkV9pl~y7dh7(8>qz3`B
zI&WQC812NH6L`e$VQa0bSXvnVo%8<UJnNB!KBql4#q;z&^QZR9w5cDsa0CZiXcb{j
z@hyZv6j@<|Cfl`mP^yv~i7FVbV4IYF(s723*){%h0?Mw_VIK6%o;nY}52PscSI%md
zq7L&bOQ>+2n`5>yW0OCXSZ2#qTHTY=5MxtlVZGuuY0xpNtIC_TzI}HF+JqIyO){O#
zuaCVYw&F}hT5$7Gq`8Mpu)u}jN(?~IsXz)r2Ew=?^1GToGJ<A#QQ|dk6st%Vg+#JN
zEN$RHWKRz-1VDzELQ?qLqi)5&LJ9P{@I97Jz{1;uccl_>IRL@Xbaeb|R`!Lw1Ypap
zePSc$38Dv4O$|RxgR3yIT~jq}NRg6714Slm<N6?q;ll3&=_H;^A%aG1iCAOK_pw>j
zrUJNO6MC!N|GeP2-l_Unn;KqpJpOn3`DX}=WqZavOixSDHQWoDi-;tQV#RI(MSlzx
zwOFDfOyd{P>;@~Xl3u(v)^s9qD;W61;(z{@5N*{adv1e|m1tQ8VUUX>v`{@>-77W-
zv(=}g4G!n2xLk@h)tR$cJf}^%wu3;~c(kB2XYV!DQty|$5k89;RS#91B}3jtiS^$^
zK0KADJxYX)u*(}!T+c=3^_x-SVyZc;i?V5MZGvEgaYs`7xj7!(!v4E(h1DAO<m)!o
z#zq8Y%!n5Dc`zD-;|&-*=@;>LyR(A8c6DDI!%?U$-|O|o?Dn`}u}Wz!AtXu(o8*A-
z^|7K%yK#Tdhi;fTAk!w|byo`{0k*2#w{C2fx?#>9!6d2)BRdkEZc`1q>cd_F76gvl
zQ5@H+mr@>W5i$$<mviHkvLA*1Or3ZNqbN3r{o)KW3&bTJx_(jvKxXP8Y+So|dsS69
zw5(LFras|HWt3(Et@O1fBYpw#4OA9vX39>U*MAFFccL0B6(~uB<x?Iv(acJs`uGvS
zNmZ!JjmIi^?~upWApdQ=-`Cl%!6ZzVxe*<R$h)45iA<I#SrA^VddWkYFiF%Iux?4?
zeYxMDQ@V#r?!NAUKz~xpz_zmNLO00gf7xDiR|E`o&G7>N34n5f9vuwGzvSd^b7B%l
z+|zzz)`-;lrdfmarDWY12Q7=3aUkHwWKWfNe9mhIP2nx4<hK&pE(sP74~-(Mq$ew9
z+&mculrIvO755v*En8v)&1+Tj6U&tl`jRk3oUtgfLy##vGzebqE|E}j!#}^|N||wT
zQOl}A;J)r7Ny|w{>`p%p^?7<})$okKo4e~1c}F5FkX`JmsnezyRQ}^TMrq&HI~Tkl
zfisNhg4_3AwkBeYRS+*yrwuHz3>;j}k<@GQ34YwwQxPOV0U$)bSMq=rO?t@_avCA9
zRqvk+*>C^!&cYdRroi}=M6mn2iY=*h_@gKp@=XQ9k?5kQua`a_3<#lz5(Fz)8WslM
zhUQXx#-O>tkYRgq3!0LW6s;EM`ZM04;&?+$B~oIW)n=#H5SgzAdgE>5jRxJeUP@%&
zza9MWL8!Ka2zNGFpmO{Yk)KdWubnt<LzIuGKs!^=Nn!t}LLBByP*H-8j>E+MZ0^S6
zkI|6sq$S<v>tcBd)Tz?Cw-PKj0dZ<D(>VV1Lo0$&JPBO#=w2l&rbGGj^|oZ)x^Sde
zb)Xn1+hrUo09Q)!aY4>)%{%ni|AJF;%Gq~z|2ntEj^<*v$n?>;nTN*fXt2%6w}S-g
zDDn6n9oE7>z?!XpwXwrm@<S^>@ULSs0<Je;2~5hxx=@_+6b7EK##Y?FIPmr-D}kKn
zIAfeM)f^@VcHTUJLhq8D(qb5hD!5+9u|DvZf*o^?WgVD5@ubm@+hVELzSYnar5MKU
z4c}rS{VccVe+A9S0<>%eQ2IU`wh4Y(_JS8-#lsUTcw4Dt7%N*7;Y8#{P8KX**owzn
z?w)QsRyV);ly2~e_#g=NEf&_)A$*f@Bh@a>@}{O3PRSo;4yg)5O5(@#c)sRSLEWJ7
z6hSFtpnCo?*{8*fQUIKUj^tEx5)g$5#n;r0JX&X>vTDt)otEX0mb)?TWBSS|aIS#l
zTYFrvb2D&0#^pR*PAT0exk=72|602VBr`A0O^n^Fy14Xl4|P`KGARRqEfxFT{C||I
zft{#YdkdD;KVI|rY~+JB%G>JP_Yf{Q=MO&>z&DwAq#{5xuT;FLOL<(noUT7gd6z3q
z;ks)6R5l?(M@vHDbdaYiQknjKs8g8K<t!nw0xCNU)xV@Vt%N^YsS4GoNpUw|f7R80
zz5p~g!nd@!!N^L4nwc0f+*bX1zht;VHw*NShgPL823MC|-xw16sV96#&GM2^DbM-&
z9c6m&)fz!$c*+vt5z~4?3Y;(|aW23gudv(K*9kqsQY?s+bnTI7(Op(qC6>i@#v3#s
zfW&}+WBH;8Aq6g3IS><n&`|_<d4ZJ}Z22|h@9ncfC~n_`YRK(!JfUH-_ks?<wesJw
zM`c#%`Wen$5w~$5gSn0?1kCmf(c(I)5O1j+lj~`AkQGJ*91D(&S~ajtR)d;4IPyL3
z%vK?DcDnDCm+!U1sH|eObV^*K@1$tg(5w9;;3YyAzg&4q6oZ+>!jYSCBM!{QQ?uo^
z4hbKg&Y}L=b(vVQU=F=t^thU<M1f&iT(olUd&Ymr_tzgU;*enXg&SyM@yA!rXK7%`
z{`{fZZD-xRZ<;GJ`=tC7FJIA;Vx&dK@};+<`k6nhk39G%)=Q#xyf$*cII-O{@ryzc
zHme8&c2>-EyzpHvf;jskj;XtC=4P^kP}}HhmvGM1$SVLr35J4xT}8D)x&&Bm2QvYy
zt?^y)mX#S1ZZDb<W^n>f=eV5?Z6M!D4?u3|f&#`jXX#LgLYpuB14wwbc9yoCEv;Dm
z_Jdzv-8pPVrb-oFaTzj($C!jeI#sj}yA|1!C~YC{&XQfb*UV$1&t57+BrrQUr0tRd
zfTeBJfDpH&R_)0spx8X$-}r1wH#rTqhuw~%aI75r%zN|i#DF=f(R>FXvDtg*Jm+uI
z8Xa>$f>l6Z^ezkon^Q|kc~kWO;>p5MkTWx|s9GQ=mcVMhDl*=XbQgHfUCfJIcdc}~
z`1{gi{vE}CpF*=xD^C{WTsnbAdFr5PO9*68(Sl^tnzq1{!*+<Q)nPQ9r*lYDf!09I
zTpN_T*ylVnw{*#(;xU4E;LllRNf?dbALq^0t2U(`&$rak00391NJhKnF~q5b=FbVl
z-Gzv=7?S9KViE(=^t%KUN~{mW0y^ln(gj)&`)>J;-zY*@iZk`5-S(28eqzLRx_ou`
zH^S5#GCl?l4!raEvg0kpV;ck{@rEVkw7BKUs^LhIC3i5Gqk`1Kxub+}&7xd*zE=_9
zlx!*}`+hYxcF6v48r1T>SA|@g7as6ep*;^xnlNCM&XVXQx<nn7*Ri*~PJr0pPtM~=
zd5smVFYoytZ}4c#xtv6(<JpUEv}311miSyVQ*R+vVSRxr5OYz)0euc;?+sJl^Xa9X
z@U=w0^!>tR*%dG$Ero@)H_usFCJ$y+G{qb3e}$k77{;1ZaQC{D1zY4azfU<iR=aX5
z*ENa4M;+;2NOh0$I)UpVeMm)8PmT4(EJdQwHp{_r+OLCO-a1y@KhEkIWVGMYH4fBW
zB=O?~%|?uJ+0~6+&i1I2w|^x`UzaT<Z59?_c!(<eMt*J_h8A(W$r$?xh`Yb`VE(;&
zV=P=!t>TgG^vn!D#G3FV*~wdog6r!78|$EoUay!@|COh|tPia}>Q<Eta<>Ag&*MWn
zhu6OOta5nui|q%pX4L346@_{`{f{aRjSb$ir8Y|le6rn+$`<<9ISJI5=NW%g{cYnL
zODvElNCiuehL`SpqI$^S%+kaI3cZ*&MgXvXrZ`=!b9IySPj@w`aA9>=wlCUG4Mm5Y
z582uH{((xz5hWL)+!dst?fP^=&Hq@3zoNh%lY39WJD<7gj>o#`MYy}pMqDlIG7-H6
zPtv#LFh_?C?d-w^qjPQuUJ#wBX2pVAd(&V<B2q9UnwhjFt=J{Pe#Ht6P`^-L68(PR
z-V+NOzu#J<v~=}1<h&?$zFo0ZOpK(&F7Gcn@vV^UOHvZ83T!S;XBfbRqe9|SMYti9
z3Qx?ViF-kq1O%)_JoO?LkLk0ScQcTI6j*)P|2$Mm8_ck1eNPhl`b}YYOi;h8^+TzY
z3|V7ri&M9Y?`Mu->AGhSO;XC^<Yrx5%gUIgSu~cBIfO_4LOf@&TwxJR3SQVwEyzEt
zZYi1j^lM;TX_EY&`2vye=i1(05U@JuG|#?WP@Rj4wfIps>tJW6mroi+{GUywL%`;E
z8jB&A{i-k*uYNjLsw}a^cZvG?KK(e^%67bVdt0iUi<d}~Vm!>WdemH)hfWw8ke8>N
zD}=9%+q(+`d+r8SDrird6Y<BAPv74Kzi=BZ&Z67(5gPUJREzC~{BW|+G#FJd-h5?~
z!ljh2Oeaw%6>=zIRx_Ys3yUtxJ~yEgn8;;nI*!_~fh=O2J1LN<?%r#wTi#5*u!0TB
z^GXvps`lD{xsCg_k+qmkzn#UrWCPJW#a>o6@E$3GrNnxoAyAB8`^TjoA}<XwZbg<@
ztxdOv>nk+=QOZX&N;NRE*~@EywOKjW*tg9*HIvY)7%PLypt$D|S_Ra&@ntSx&L1$K
zdiMA1RyzmoM+$jhT~czRU79mprbJThbU4${_Fn?XzXj%A@5iP4**Kd&M>WFOsIgi6
z%VK4f`_MEb_rY=ZTc7V+?bRlvUmqUc-<~-Lf7`UIffbzU(?5m=z!KL@<=9H&o(|LE
z#sH!`W*PNXR*lWqg*KqIsvr@{e_^`e^dQ2~yj}2NLrg;yhlMGSi(WB(JsNFB12(5D
zm?Lvl^B#{X4uma~8X6N&4bTObwqry9>F?W@T)t-;7-Fd-#m*h~>%dAORbk-wbd=YY
zm4II~lc?_QSmF`}_$Rp$VPJXezZ4s<?#}ikG?k`JFICBCHjSdci<PdUTGwF)9lOLL
z+$(zKJQg^(OF$WzLIYM`;a?sG)gHFrZ(zw-S<KphaE3TaY>|I`-5}YF6ZiX`^P^ol
z>)`JebXn)6QiLhdSyc+w&|ZJx0NoW>++yi|6T8X+63BLhC(qM>mn_#oU@eqCi0JmN
z?&%v|%0ZpC)SdY+wc6>NO@7KT<`w}Xy;wHg*+B5{9*)QZ?l$ZA^vcUk!Q2r4Val95
z8J!%O)jQ_C(VRNyIV5-otcYrBWmTWb<o)I)!h?s8*T{J!58i*n>jKGO2fE7f{hS3P
zo#&e2v_K&9c?`sGRW)Tz4lW2(7_=1^+u5tL&x-D@FEa>FX>6axn(NZ1+j;6IjwL<!
zVQlfL$J{y?3Ke-1kD5&A?R^a9CS$2OiMk{_L+3HjOQsd{tPsl83)yO(Dq}B)_VFO<
zq<&A!WIrq%uM?Ll+}HALV`?{xp!BYNZCj6m&}any8&7TDre~(TW(GzDCeIpmd;PFa
zL~Wir>gW;pX__=;%0-qGX>1Aet^^r)JEDaK5=<9o6BAZDXEV9k`h4}XKt%~X@cTF}
z1>a=JWAIJMk)9bu`z*&gzsuU<Gnph9Ktu0qo}K??#oSzeeq45cyi_<(5~ye+rloMC
zYA7h6v)$};)||B2T3NQRX-umfuP<w;W1(Kw{a8>T%I%i%!#R4mnB3*Jp)PK<C5QHy
z+j~0YGpI66;6&ayZ5aZX<kUPNSte1bcMUm8Y~*Q6@@Tn660YvTW5ZQL)i{gWdr}<;
z{6w`^Dt?D|Svbov_3p8d9u<i2aesT!ZSk@_0gL7zF8plFLr(C6mFdP{!a+aTbl7>@
z1$e$@gblUVapnUK4F>0K#dwYeb|=xY#r8XJ7^g-GAt(f^HK7H_&WUo|<1kJkXZ1*`
z9H68l|D8D~%>*Mpo}V*jjB@Euw0pr*3z4|ByewowCuJwSy6X5?o$>Y84s-^M6MLx#
z8P4asI|*ia5YZUwv5Yn%-+h_0Qnos&8bF%#(DGuSuL-+gNf=F&$3TG7jsXI~pY0L2
zElcF2zG^%%(HTiP4fui_X_B40CG<`DV*_(iDA{jSKJ2>;7EA0m9KOgj>kn~sBSvC@
zlkPgI*@-G~2^Eml7KTPfJGVTCo4;E=wM-8Z%&sIcS*C_7S`F-{=Wq8h!p9YxPCiRc
zPI02VOmFNcmFo0or%pZ*kx{ff-iF#69u#(zIs-{0hFe-%pia#D$9a=MjZb?l110Mb
z)-kos5MrS7buD=FryH>O{&vgq-%SE>WkzKY{P^*><>%++^}6Kut~I($zqQra)~W@X
zvOI|o8<!|tN;y{Zc32rknT%oSK7CHs==OPi0E_4K=oH0}bA9{#1^FZXR54nb5x=T8
z?_DV;7yuK={jGIYzP|*7{O}*`d-)7PWWzS>q>-}BejxWuC#_vR-gHknK95@ZopgOD
zRq~0eMW1D`6a!DhfvZOqj7|kMH_Km_CzgRPPqyE_Dy$je*w^D|?Hs6Ir!uo#_exIu
zb6T<7`v=Vai`9AJ!2b}|DNPWz<H0ZZeO&;=#3B0`bP_2`@Mmf@r!J~4Uul^(rh{<s
zr*d>Q9~;f-3PkdHEO0asZr2%sm0B!dg|Z|8jHI??hEx~K2}esET^JN4Xb!s@eEUPf
zVN{7TQ1a1GH&B2`9~5@C!%L2Q`n6A_|9NABI4f(xRk1H7JFAFmNAKD;x)mD=kOvgg
ztJE6Nx-2Vw?#pSXk<<?CoYJFGVpcVtlLF#7|BiS4V5+*jY2y3{iIWCcl^=Xuw#r>@
zY&*fXAK*Xu^SEM@(9JJ+rKOjMm73J-+WYVS@SN8Z*T2xiQi1OQk#r^X@*K0C17`cr
z88=RE-+?F-k+900V(bLB?0^0tOI~~XG;?f<7xIdtx%%*g(un=H^QsmJ=#%(&#@p2d
z$uH&~mCCRf0nYX*4i1kMU+=bUUIWJ&4Yk>>_m$#hs=6v1-OcvaJF08@6w6MAU3)B7
zYrSq<d_F(=S;!q+U)Nb?g2MnXj^4+*-{jSoT=hv~hpGjHeP8ISn`fSd6z2?9any=-
z<b#ALvB~4Dcv~;PLuTSwY4qn)!%w+0z#M1vdD4%#VQ3K1gdPNile>G1)!Ks9L5Dl=
z{e(Hxitkvss7zv(_m5$Bm4v&!J@|S$?dyXsC**8t<eAhPn<z~NXHG!b&A7-dR9}z^
zCYBKx!X}+ZOWQ7;&Q~X)W;Q5uTn=%+Hn{i;wWYl+%I1gd-V12{*%vf9k*+qgKy$kq
zyG(JOM4YUdB4l~pSX)MQ#nvbS5-z#+?88j&C#>T;wKXC@EM8ngf-$n}XY!5;-mN}A
z6Q}VC%f~&Oobc38wJ-PVx4LqaXnm)~RJ#b@0@_&3nSZyrL{}vMLiYCk%Z>TW7w5F2
z6zV18(YIpjRj4|de==-Qs#6IzSD)f>{;ZFYJTujWtlhdiT^A#SK#Xb?E{)pmJ9mp}
zjuA4|etNg1Ngl~<Z)8)CmD4{feWQoS6dz6eEy7Iu-g~bxXmqzL!(^-6>3iH&QDEom
zcdNxg=%<qPZ(cqBO8#`(jgjpoF+`wYAk>HW7EyJ)4}xyLKoPL!7IJ~0SgrjPA(b+|
z@-vn9HHwwq-_PlEr_4C`Nu@Np7Y&`)QHBk=ttPk%N(8HptlM0jcM3WH52_3oW`@^g
zs0EZV2hd$oB+QA66fK>HMs>;P8bj2`HrxmS`g(n=##I_EHS4RQJ^Fl(O@ZgOuz<$X
zA1zI{LK@<7yWaSj>`0phIS1p*HE%=`>I<F;fM|+Y)c@vucW-aV+dDfu&(FV!q`fZF
zaevA`bzO#aJ#N0X#bkNm4h1M~BlD)EUB<nrsY}DYzr0?u6@zO@I45KmU$8p^B95y+
zZ^hHy9oO92aaCg7-0SUS4QLtWcr}@kZM*j1{k`OMXupEf6)j`1!`s$8cWk>4J~OnP
zdYnn+^+RytuCDKHQ?>E_pN7+^o?PFD>sk93*=^`;V0jB3W|qR0%1eXyf>~xI#;L3f
z)bGaTwR7+)87U&B*jcR@pcj*%JYpamQK`;=<t(Ot#pZ~K?WpuOCCZTJubT@z;UZi~
zD|u^wD1RJGS*E6=g@2|c$AtW{cT?g2SWWrfB@eTaaqNGf&ML4jn0`t3Z3QM$g=TP%
z=nDksm80|{q3xpDIK2-ks4{7_<BTadjbM3gw~6%|S|(q1rX@wIOXNAptjO#B+1~T=
zn%dTt+kZqcEKqb|dyAr&WG?LdHU<$&?EE{*HE|&IYEA)81_x1HqsL56avG+zR8?AL
z!~D!s(^XRb*@@NDTIOvKTYz;i3u~0Ua757s4SqmPa)PMI$@eQ>fxnpdS&s7+;G})$
zuRYj7<qELg0LLs5JXc25DKfR=(YR9NJFbN-EVrCCl~A$8ij#^pwYKYSZSa9!VXD?<
zyg;2bI*O|J&(p0#Z@tdaZVibP{D}EC6)B`Id#8-ny5L4=&v&p@ZbV%R0MJs>1BBE8
zxAlJ1sFz8DMs$BjX&3)cI0$TI!-G(9tX|z5yIlgHpv-tsy95T1W)5%$e*Mj>OuvG&
z(`X=_cwYKLk&DN&NvF7Ep#%_aPH};%W?77A$zISHm!@9T@N4rPR4ms}dIJwjAkq_U
zLP~rM#B0CsAlfou2t&X>0hily4m8i@I?)Sj(`&=NaBB>hR3?_+Ul?h6CtmYs3l9D@
zrqXjqKK1SNOyd)?0L<>D&`vbMqUW`>vs30F)wwH1O&3xpc4Jsm268LgQjhi2C3PC*
z)B%ftt3|y{JR&%<R%ZfXw4uK`Rp5NmnuBc0wNy!Bd{UOCd8;O4@8eK~_qy}W5QhVM
zeHO9T5ol-#lSalVy1>U9lPDxhw~2SIc?a&vxTyz9%&QCFr@H#%X2#g#k~XDH#ynrc
zzs$ZvdT~{Xl33Q_0ak47sJ|uTx<j*;n0gM3TF@AI;Zg>kV<QU)w8~}SO@rPcH)3h^
zFbu2SdFJklt_(<wMO9>j^SS6l&9*tbj=pz*ei$B>OR<I~V$A+JZls07$zpVs{_y;Y
zP$MRcOzu$6;D1`O5rbDkyr{&0p|fN^4JMD%70D2J{zzv4V?~`lF>z1g4iHE}`ab}j
zL1Mlhk|wg)h!0(NuG^J&PBl5_{YEq;)D2XVyxUKwd`)Ne#NrJWsaKDmewH+nCzd8D
z#m@PBW{tBI_-k&TNK$v}taG(B509#-LnXsG^*sQMF@;b+Jf)Zt`xDI6`|<{6EB)p^
z`GZ^^Qr`JYMcsS>OBZ-{IIi6(3MmIP4#F@u;L{jS2R$8vplMh8{a%XNRr)THyI~P8
zKy<@yw*&C>^rX4mnySd<M$UAes3BNTP5NQFI96=S91qox0c^(HWRHZ3?8RcKAiE-f
zl-qY&fDV9_<r3*fZ-$qq_rnVz_Y!4*xWo`L9LI~&F|y>A!OdBgNZriu36AH#)LV=#
zunvRP8~_gN0_Mqn9>8u=e^yQ9ZMOPKr^*#CQn|kcvXWKmOio>rl;CeLF5TV)PBC1Y
zpXI2&tDmq~!%L&>1Iz5a^S?W%@4P#<vnzhntga^_%IjW~WL0P2i%|;6*{qPcIn-CO
z+5)O@3Uyf-#QbQMg0CD;sf~mWD+i!73yUSh5k=JzbsNW)iYQ{r!yuSGT$mnp@U;{8
zI3h-<it`eJRP`vHfxegl^foG^9YAijsWFi?-+AYK@U5z9mk=c=5Tj=0s==WWVIXma
zlKB3XHS|=_=0e!qKZc;=DE?dU-ii3CR_`Is2~gE_(+2VwK_NlBcY+v`Jq6W;Lt=Jb
z9@Z`8RIV(o?;mj7F$^P_9iweq!m=o2EIve&J(Ope-M=!=Ax`R*bCny;@FDu3!x&vy
z`cGHyl3sno&!SM78hx5kVAjyZ)5_^<&5~jk<>Ptg-q<^@>r6RuV-wO!re+o*qT?`}
z_R^g<b?sKGaU59ybT}L&lUY%kzrMb@+|HP@$;=HMCYlChqhfxN<*wu^W}q*n#P(f`
z0h&IrA|&!6N@ky=7NpBX6+%;pzDQY?>vE?6WYq<Luuel*P%*r|zLJEVW($2dp7Y`1
zf#g_*@KII5!~w7rml~S$K%5d$f(#NG0~mcWVnBGOj2u!6uGed}%GS)?B6$PgG$vL3
z0U!D1Bfk3kT2Dw8NfTK7dij(u7}p-HeV39Sy69HvrtrJ9(c~HzQODUnQhd0fhZdjh
z%-_HK_eN@7$j5Wcfw8LB!Xc$`DaMJ1NizlDoG$ORW~OtFymm;cJ)A2_t)ofy>*gSr
zX(?{!qO>S03XHqmijmZ&jEkG;HqF-RBxeedVk<;*n%oHzsg^<&LluW1Y__RcN9RW5
zN|@q<T`Oj_U17SGPby%uY*AnoiB3~e#pPH4W5UR8J2P2VOvdcFUFik|WQsQPMV8gp
zLGFSdPp42-QnzEM5rRTvg4P%=9)cnzYB<y1AFYw%w=z>Bg(JfWiJ^w#_2s4Ox~6Su
z$CE^jpe?I1rc5}W&+_l5INjSj_}W5&2?Q}A6>FxnaW3!qI|$KolY9?j5rg(qwcR8~
z%F?K-#aB#RInEz?b+dkAE-H^k&M#m4*JlSf@2Q_;qRA2fecuz&w_2@?$&u|ftEwVe
zk2!y)mjJL{m0ING<%LB~^vS4QSn*0WduDMYx3;9(pn9PCp?kzqaQZ;Tn#^ROrJAhF
zc3PL&JE1xOz%V0mhNhW#IT2yug695SRGids^pir-?yOWQbQx9E2=b|M0Z>C5pwZ~h
z8RcWbjB#q4b5#}RhI*am_3b~j&E$KTI^{Dr8>^(8!L7xNqN>!z=tV~e#N9U3i}NI)
zOAyMM{LOfg0$1BRhUe{Xe&qeaHFa$1fBeXHsXDqIhWQ7jyWoopl`<WeG;}4CLBKOt
zf{mNZd^%o~W!82_ifbE8z%7PUJ}I+wXAiFY>|`#oB>T#W3#SH)GGlgqYPqN@-j`Q(
z-ATHmTdn(gJ!a4ZAGBd0VGu!?FpvR&AmD24m@QsPbIpgpXQN56n3q4z{-*O9GQy?G
zpc<VBovr}-ay`X*9mZT<aXG?5WlS^7FWpoouV4Sy|6OTnn;IgNEw8Vy>?Ud!w#ful
zowU^Dq>CP%wiHYO)Z;mZ#;OqPssAA@HD64*4It09EHTkMWic;YnO)kJX>n>>4OVpL
z1x=}+01-Lucf;#*<FHz<8NvJf`7=XXs%j~shlhvP*H;2J=`c|x&?D)(j&(v*GgNF8
z%`Y!6>_TD{MK3Qe0N9j^yhm2wDtXW*wYeEJ10UhxaCm!rWBl;z*RMbS{Iew+iRPrP
zEk*y~a6oRz!f#$)UhePjjhn>a^27v|@kXjNpZf#ZI5`jO)XY*ab_HW)6@VBc@#qZe
zu}++b5^5tt&t1VQAtJA@uWj4Z>us#s=)ya%>W?lk$!j29i?*l;GS%oT9haFb<2x3*
z<KgYquh!M}UT;f@%dw1*(AetI#6MdKqYn;$@8$myJB-^*OI=K|_YR<EX+2P`vjF9I
zu1cZJ&sa#+N{|$%G+BfOA8#D$sZY%$1R2|4XluG$0ZA{%u-sDNd@P|=rJrYar`LB!
zD}<#80D@d_dK4GD1iuHQN<$cX1%_rbs19k`d8(9J6mCiuZXAz&PS+WIdjU#ipv6z+
zmp`haa>*JB#n$9+;zCd_FMZQ~D%X<jCi!XVVzF@_4~XjS_y3UYREK~}$1b^!rSJR4
z$43KySzbf_pVL)UuaU<TqZT12V;o%^^?U?WS9htZrgld5&f5(Bz>8$N1na$&Et+yJ
zWU+tBJ~av>*L0QMs!gG&uLNGikAv@y5=Y;z#%80c;^pxBZ(;0KQ;)02k|4s(S(M5;
zS!6SxU~vE}3}XAymzNio+#(k|0bn%GN}A{@St80<=NUlb`OTdwwG@xC_#1%VfB)U0
zaD?Qksxg;yA0pbvaeR1qVCfrau2?t6W^24zt_+@>KDcCfI)U%(hk1X0&u-96VlgDh
z0$u>*jG+0$1L>AAddU`3!!SHPKGK&b{?Ldo%S;;^dNxfxhE;4<z~a^a<C|I-2dEsn
zH2Lu)+*_{Onc#EmCpnxk^a5zz#HxL7R2OZeP~e=<r3?CNwk^f+@@%pQ9(=q>5j4ZK
z)VO*(3KvHUtFz=El469@oRnQWbi&kG$<*xq?Ghr;I@B_m1#6E{FK<218AN>?J6Cav
zXt3TyQO#z?Y+_yPCWYu1TvQZgbn7NbB6+ArG&3rCMO0KsD~!?CW5LAc0a9Z}kyDz~
zl2J~u=kIJ1sHm#kZH`kNivgEmPvrVDTa&ldbMXLY_QZV4G8VYhU)yxOr|@Po`N5Zx
z?T^ulXXR>O3aE;v7<bQU_u`zZs|tY81u(=yOtMLX%Vt{Y;^-Bl_9?m8_vdqpBbys(
zO5VG)x{IN@*pfw1u6)}stNeNeUrM`WdihZ-{mY%(9ol&?xl>W6sfS*@kQUn3yeKP?
zfTZ4ws;J_8lJ4l8KxB73-90`bMICw(aUz!Hv49vg3Uw6|{zltc(&N9rzCJ!a@_XyB
zMYMv?8+T^$5FIkc(Coo*2Na%4=}RH&9&Scu#FH?#W-QB$A5vw0`}XbUpMS11Sdr*(
zsuu3X0T=|s24D)6)mm&NK$Hi7uIq+jU{`gvALVJO<cK`vnV+AZSF06WQs%VGTw*Pu
z&pk|;$Kpj#r&C+k^?KV2#w20APDv$3b>E4$U8ZaCfoo6lYVWcX6kO^_%WY;J27x1{
zLrL@eF62tHf6uMcNlT6T-VyJQzc2*9yOj#B)B*2mshdZl&|bJP*%s=ca+;ycXV^SO
zz?cJ8pcbq>2E~{V1eLpBB|Nl;AkVhT{X2k*>t?2djd6NLw-^J=1-XQX6vzp-DTt?&
zjgpE~!sG#q)M;$Sb80t3nk27vG);<u&YvJ9L`>nnlqI!dI>a7<FC0pn)MT13TLzP$
z%Y{~Ah|0ybcwCn$T5d*1;$^P9e{hp`J}{h{%u#tamZnX2z-d49Lsi!zLYUuAKmA0I
zvo&X+{Gt3j91hn=^t`(BAjGG^$D!{|8snI%)A6__We(IpHM4tIj*rhQ&A!QUL5dYN
zv)$yKm(vw9uDMQLGM1DFPx4)(kMaEaZ5ZSB;UNe#j%>IoK<k|wdjVV(x~?B$q$sEO
z2EZyaLZ!Q|V|BFT`dmUJh;*RPx8PN&Y`C$KiDY+Hv}DDtH<eQv{VSa+eju|5FU@cG
znOfFhog%`*2mq|a;z<ZbXR((-!&y9GxIq!2qr=bi_BchBFk_ot&D>vX%wgqL3~5>i
z9cnLIf<`%LsV{<1h~2NMYD{U|zlEx5swTxjT?Oyne+}Q=u4H#13o5~=NVIKpeg(w^
z=H`*+>QKQuYxBmnZC|;yqzeb8_*DV<Gv1?Kf0pZirMR4Zdo`Pji+)%3X#u5+i@i0w
z1ypPv6XrYWgrXA7d{lr+Zm)cqun8tr7TcDCF+t%B%~1pZ-Swc&;FyAP)L8jMERCA7
zZaOg$dnBi+S46-SE@sM1Q7$LZ_1b@$Z0PI4Tl@bc!3vOt&7sSCbL#xmBjWaYm>DI@
zZK;7Y;~~X>j_)77yw>F}5vWQU;k;g_uiia_!h7%QMj&0^Q$~63*)50>7Z&qS?2x#<
zX_}&{R{*^{b#5+>k`h#f6|deq=VDCNI3!;saplatr&O@?#AOQfmrhtY3-;t>5$KTX
zolDRv??M1^E)9L^P66q3IOsS8sO!(p`>s2uq{PlOZR-SGH+9mYh_|kfqz$$p7&X>v
zwGt7+A}Fkhjx&(Dk-7p`o{(uTO6p}y&veo(&{zIs=j8XiXvi&<4XrMjbC!dNMeArb
zZ>GyaUP0cGU4lx2`!g@aa;uPAXHumZNd0_1pH3&zNieX<dS`Orl8w-suyOq6(Q~S`
z=%s13T>Ob;Y9WN-e5{>_ACn8}!h6eXw#}4H`K4Lwfov24O_yBk@;s6~2306j3TyPe
zOKWkV>AHILj%cBmas$?4z<<!|`mU6@y-yL<_@l>4Q8;Cp4+i9~rZG2`OxY_cYM3Ai
z<{OvVMUzSzMI^a^iG`Nb6}RWb1a8TsGkcl}Btc4Zi}_M1r57!gMC5!Lhf~<z83`nd
zcC-*mE+;82;{Mv!F_7C#qfl6>UL@GeF=9T6ro7M5qotzK;$M8Y48;C3dqCGucPYlN
zB(sQ!q;ZI+(`waDQ+iD)e)A*{5vYp;fKXL$yB!<7-rwI#remjy(%jI5TUAxpzEtsm
zrz>hw_5)TWmW+(0{qZ2aa<xy_<0)@`CK|4!!>lgv{YjY}`_Wb`lQ{I_aqs#woaoTE
zt5wRnR&|0Q*xu*!*{W6<BI7->-j=w2`Uh225p_)vIj7Q)->h9FSkB^mc|>BEh4TB$
z*fXYFimF)dPY;7}Jlnq{WU^ciBWa9MGLc4gbv~a-!o&gv5iw9A?_z4pD*}Ls4}w8R
zOTnO=W)fKDrRe=w?2c(FLNH2vJR_xaF-_ld-V8TkGr+qb$byf68l7kJDatrV-Hzh_
zK#-!?W@eCPSzvE(yk5Ywtu#FK#}os1Rf1O?G+p{xEZ^$?f=%E3<Bx6j@|OA=1tHM#
zs=UDj3<+mJEpU3tWY1<^pdyf%M4&!MQaBg7b8<fUsR~%%xdT@`noBY!?;jQ>zc~R`
zjGXfYBIAJmto{jE%n@>IT7=s7ihg&Ya%{S0vQe@mME+0?j0@ZqH&R~WPj6-fe6Y^n
zJ(e%<(8qDqaqww$XrgmJxQ;}V8+#YWt{*gagJQiVfam9DMwrOCV|i=B%`RGMIcOIL
zRYjJ<6n~SAd_Gt5R&C*`W)>qBTr49kmT!5X=|wH5x{3vwkwTeBG0#!9IzMpQWSY%*
zKDyz&sw)K^9v_L&tEwtyo843k-OLg@Kv52WB=$xjL7&6e=jbKS?U0NkAgr9ZC==F<
zs<D-=C3}$lA$mO4-YJAYu5{`l?ny002>VjQar`V}D%BgkrPtTjloEON+O}nV()oNQ
zP>``W-X;nZhSl7Ohy@jmGQ(wNTdFteKNg2k1v2$@I-QuZVs9F1zL@)OQk9lS4W67T
zki@m*WFm6C9|rIJpA)V;JFVB00|zNDLfdYFtS(<ovpofi6qDoroeNV-Ws>!nf!Yd0
znUZ8Y|3?e^dz<^=1EqLXZ;#(h)xvTwUr#N9c>H}9SflN4hYK#8iU3B%VVnYOat&Cw
zgw1e1L0knmQ5Of7RMq+Zq;)%ZZz?ST_CRcqGbN$fo1rifwisTZ8!TnO0eFEE4NYBX
zrH5Tu-3>(&PKu)7s{rG|ACf}2mDYC3@DS^DLXUH{U5QZM@4}suo6GgRt>6*9j8N>y
z`G@HUx{u>fsrLJ~;e2dYtM=h(kdV|G+%Cpc+=YlpiY|@{VbqG<h)l|n?m$%;<}rhQ
z;*gu2{OZr{B$}M}{pmzT_mtA}^D{el9bTR{DYcKE#!$0@inHvBhk@DsTLAic^_N=8
ziYKN!%s*&x^HLm({6<~QquK_K(We|$OSwzd@pvTLE^!cAbi1Ip!9<Z2tCI7ouItn3
z#H3WpJqc&pf*j-|EVub(NR8#XY&Aw+KE`1UR=!@Z%X89v;B(@h+wGPX$4wQ5tnlm`
zdV8$@WuX!;&3NF{*!OUFczCd5Pp1=Up9t$<s}bki+uIuzIZ0qi@y=;sfR1P2IElre
zvUJX|WQqwnj*UB@@CBIy<lU7jma5BC8fWtU{vIj*p||p~X>zJ?F6Eq(%L`2N3Y)B}
zqHx4sH*=mQy<)=U)=(~HepW&htd&f7<*7V2rw24w2VNfUJK>%8Hu)nvn>xH1v@C_`
z&8jK;)ydp7)ST_NQB7B*WXLaRQXJBRr<nK=a_zGRymQ0bD~4X0#@E4%s0%KR+N?$w
zP<TrY&=kEB6g0WG7Lp=Y50p36$dp1W2al{@gNIMase~$|u{s`)?dHCVI$=R`fp7u_
zQ+t4BU8{L+O@*7ha#^{$JT`uqvlbX~q!^y{fka-V<^CVP5;ILH@Ay(TjU-J`0OzFN
zzf{h<IIP-L^Z2QQGr2PxJdhW5{y|m6dB57Am-`2wVkG#BK7)unK0YGLqS9uinI1j}
zukT-9x0@AwU<imco50j)DpXZ)a6=bF2Br$+@>-%$9#{9A*9%33FXwlfJM}4!F5I>&
zulYmEt6ZLhrtW+m_Iu*-*@_U^Yhl*p<>lq>?vAboWjgJBir4*q|Mc|q`ufWDhOE+M
zoa*)Um2<~<6qU_obh!@KF2|@V@o$#eF;WIXT$li}{<${E=6D&q1g~NYNyV(H0ol#n
zsj7<YoeVq2v+=I29LnWJ%ya=+^~I1NlT0kvC4HZ1R^zdyUS|S~L!vI{Af0p6cE(pr
ztz+J~wFt2r;lD(wu)vFBAgKM%$Elnz8o2_C7u)bSu}pH5I}`_+wWI}J%S4{3C_BbV
zvRwWg^5wX52}<UYE|tVGicpGIXNa|Tre`U_>{PQ8mfK8%FI_$QAC`qG)n2)q;sT<Z
z&MW{hCP3ib1>)N$2(T7(eZL8=Kc5c!alKx%+t4q+{CwEGH9!4RwYk@nAd<$Rd--;E
zcLyH?NScy(IFFRz{Y30jC`bS<$8QYhRu;gJQlRzj@cPY%P_NgnU9UF}V}8du&yt~l
zA*-vDISi*|Q-b65Vs@8dCjc>FyrnZLH|ad&!)^YZW$|yZ!OfrGOfY72qO)}VH1pE}
zS-cUF#-V$AkrcOW+Xj!S_ILMD{D4UgD{e12GYCq*A_7{ktFceRp2VI;I?52A728lg
z5KTQr{BGZ2irek>uzzcsmcT7y2PoZW0#{X)(%$u*U*DywNm}Tr>jYi8HbNQV6uDa2
zBCbCj#?#^M@zbplT_#{TU`l8x9Mbvac{uDfrBGF?)r#EPrd<G#HJl{n%<WSF)B9l|
z6laj4mNlv@PGSc?`Vc(fOf&I3GZn)AesoIgSli!Jkx6#O=onEn?}uk2-x9}9#DsZo
zQgBsJ>C$gYDc#-Ok>P?GXusd@cDqlXK2ZU)-V4CDZ{Jk4ZCln?8IuK1)%X3=(-SZB
z`ud8DF(JB-eX0zD&S)oTb8XJKC;hy~$48gD9rB!<<oo-3Moo=8iM|w_KlS0yI8wLQ
z(fkFwRtn#D*=&a!`_B$m0PsK~7z&waID!Dwf>TcH&o3=NfpfcjZQ4t&f(^6VDgV?$
zY+(V@EpLA|{N;|5j$G_7i@D_peKu10t9L-IY!%w4Z0?Z8O<hSG&t3QS_V(q=7ovXZ
zx)O2y%d?9qgn+U4n!Fc19a7TQx7Rv^_2ZLoH|iv%=mB*>MZ(xaRh>`HL8eA6K91^x
z@ef*B$N@U^+wC?w-#d>?!&nzUF}>nU%6M_W$y6^jyZ168X+Igy#caYWH*r70JoxJ-
z9W(3Uz0DqUS&eXQ+>1|RzkfR(_P%aJ<o@YXOi+>Ye&-$9DvZa2q*#Tjk^~>ds)-Vi
zo5_DX1}XkS)d;5X#0BqJzDc!Y5)#=2KOT<^fYHjIIxb&Fl0;KHef@pgRGZC~XJM>n
zx7)qGzLKP1y<U?Gr>Se*?bnY_Zu_X1a^NUq!6INEgcL=5e>$eVTirh@TU|2F192Kx
zqR~5~5x&N)7vuJHh(PuD?e~Ya+3$9JcdqNIYBvCwRU(ueIgW(v4zf8q)ipWjNCLZF
zufKi!#wPBR(L4jO04&9&&jEmiL^cvL1o*)KZ003Uf3OZ<yWKJ_N2i2BoE=sGkQjoF
zthrMr#8XPFi=xrMyp+qW3s0vLt8w|TNTfsp5^_UuYulDFJ>zpCX)GNq@&^Lwy6*Au
zkviU@qa0XSL~KbuDk@|SBoQG5pYuQ$lbI*)Jv&Yjn8P3;nFcL=Xr<EtWazwV42`-E
zq5wa-Ng;nrO(Vsh<<85k#9?3UU+M&0&M4WjxXAr%><iF3oYHNT;BJX03mD#%TuVhM
z%QIh(f97D#?rT0RC8y4<0W7y!#9GOU6fXfT1)TR)6#(6=*8-f+r&ZgYPN#3*o@0zZ
z|NOJ2s7c$l@y;Djr{8}2?enKk$Kx^F-+N8t?q#>%iMYGFt#8`h%ggz&U$58er_X4&
z&_oN-)%9`r7KgrCtwOsN)sO?2qw|1IkXX24)7Z>8HaA7!3$McdKh={J@kuS%N-YDY
zSy$P^>f)8^LZRnoPw?X~?{xCAo;L?+bsCtexTa~UI3z$d#kZGX909l(eeghSMfXE{
z2PX+GQjX0ow7m57pZ0Jm8F%{~<4LT!EE(x+GmP7QzrXEEiF2E#GB1pqMa(EGzkdB{
zRNqzQPOs1Flzd&IZq$X82NdIYe0^KBtxK`;t{Y?Ox=N!SUe7~Jp;~P=r`@iu>e!#-
z=}^~o8hUCeT)hBgy6S4EDaP~bbE64yZ0o8&pW+yUpOA8FI6}xZ31O|(ENy>g{w<C-
zjw9*v`~<td^cdXjc8md%kIsM?DHFm{?J-0~=pdtH#AMT-Fz0|&Ozbr1a~CMOEX*O%
zTP*{944sACA=je1MAo_7+n1Lh#*c(a>|M#;?aU!DfTpUXcd{TMy>BwFQ_nHr#)4&r
zNvYCG93wH1yzb#}V4&3oZ|64?f&M=Kw1!wLmZAZ~i86jd@@1ryL>2no!i+z#-S8N0
zp$0zKEKy;v;s?^&#5&LHFfpr|EDLg>U$N7elp#sa@+6WmV3u0Dd4rdGwBL00)on#}
z(=AIyie<Um&Fiv+$g){>9?oGkc~=_N_aX>D^*C-+LyUKiPfn1M1}DyW31YSOA%t(w
z&&2FBO;d$Xky!bBlCJOeJMUdxRYFG!F2p{K!})ZoRNJ~vp-QTPDTEbuva8j226UqG
zll(}mVnM7}iZ`McGC)31pZB>aq&yqt^roDXbMl?WF!P16c-*+wUZvGFDO%?$#3UX-
ze?FwcE@-+mM(|EV5WHlAS40qkdOxcPySn1_@aALA>y`HiA5`^pIEZtsq5;4vej~4;
z70wUCFf95@iD-=d=}-+r-*rq*Fm%J%SJO0%_Aow1YqzfJ^XasEef{O1{z=bA=c`aR
zF{NP`D(~vCbLVtE9na9JZYm%SeSbc6!x)-o7<(T_kH~&s09;BF9%~AVK{UD)lQ<Xx
zd-|Uar{n4M#iy}q8@ey7g<{Z&RNSgcPl$?^?Q!q!?)ZUyZ(00I+!`Zh0Ely=*6F&A
zZv`_e^t~wAce|a*UjXOx*}!sC9z>`!mqTS!Cc~&~Ed66R1!FzuW?I(BmZ;T;j{v5i
znPrI#vk*ccmXCuZwP0P>U%q_VY&LD%a(MK6TyD&`-|sma0Qmj`VABoWI}fq(@LDN%
zy5h4SbcbW(bXki<qo3eOY_2p@s=LgNOdZTi!?_e{bsxUUe`LGiG`!Pj1BL8fieM~M
z%k1DX*y4&3lPmv5poK3rH%N1vaBES|%#h1DjH~k$*7s~I*Kv~@!+1~G%tqz1h?H9c
zE|0SI>RRBnv`E+SK=LQ`31ev0i5CSR;*jEYy#)j2;{Zr-qTT6y*gKKWpFSOP#hwu&
zGmrk|%dY^|>$M0(1VcaW-}<4igCCE_s;<LkGloiY9hPJy`joKA`eV$7h}|!fUYS01
zn#Pi^_J--d_-eV#?9w;<=7NN9cDCi2MJ`^xO!y8-fQP!{t7z)GzFBYT6wl*0q)1bq
zNexCysvL)h>gjNBp;hreZXW7v5$CB>==pRShe(mf7n~Ulqnx0$p`rq?*=%lhK~y*P
zmc=4)uoOd0)3CLo6%5gY@B04hmoMARX6SqI!FkvBeN$Dc+G`qyA%v=}YlWW9XP)+<
z4(N_mReRMTB_ZD(wA;M`LSrp>UpwbTlX&%BV}wW_W9)|}I2n5Mr@Cn%V$IP_M4r#*
z&1S>FpU-E;vgihxWMtZ@<m+R&%w@U+0Hm4PY&I#Ah?{7pzeN?Is=P10D&@Qza=|2i
z+qQ%nB1b0e9ixWe*$gR8w~v$)yhnDrqP8#*&*+(EQu7!i;S3xAFG_U?z-%aEg<yb`
zm!rc(=ZtFAIcFNt=2?pRFq$#|2z)U2u|)51AB#_(&u116OQv$yOxMd;s1*YMQ0J9x
z=D!<V`s3R&cJcA|<!1iJ(m7iSqsjEPZ*&3~Py9W3w=(4;MU|nI8A-19d{2D*LndkI
zSMg8t;bwPz^9<#X-a~AY0dJ(yowS;SY>Fb{E9WZ!s9FFK>O!b|C7J@T+4fdtZ>ji+
zIL7-pj^i+d?yO@R-k!z#F;z%Wor~h^acIF2DrvF+%-gGq+*KLYb9v-rLFhgUMlS<m
z%lVPTEd4_^4kl<4=m?3YBMz@)((!z*5kuY7Rp|S~WV~jwP}<W>U8I!G$HR8B)oP_T
z(DGMfUK(n)HVip39QWhcui7?U_sQcEq^m%!X@kk^vo=Sn9%$+c!J80~+%}1FpA^>w
zF4Oa1SE0JD-`?J;s$zDB;;cKLEgPY#V~muoIx!<m!7F4AJyq?_=ksA7WAfg^`Ows;
zs)1+=ajEZJU7wGqH1xi%eO0whL$$o$@2zhWPfI%;0FzIWn{E-zMi0ZhsJ3nUz9%M|
zDy?anVHm7XcePsaPR-=!oY8xuPebR7ZjEX2kbCm7EQ$Vv`8pzUKA#DZrx9ThFltAO
zOj?yOH37?yEU-oe!~7Nim$@x87v%CN>fo;HSeON1y<XFiB9TPfwtRe5Rgp%P_tkYB
z8Mmmaxr}%h1e+N320c7;_$1e#F-l{~o8|(`&h1HAgp>I>bAq?qZ30rrrOjrkePG7_
z!1hO-vJdtrqKQWLG#tzNTzgIv50GAX&$z`*7sQ@G6Wv#a9r<h{yZk4R@zB@9k~~md
zG&sH5Q5lrDvCS0E%+0#`si^9GZ*q(y@dB&Us|UydyIdsefm$Z7E0gAFcE}XK2sl?)
z+r|O$xW_=#YS5&rI;vK64d;IP<(HIFT{pgIQ;N{!)^|<Yq!=qFvf9E2>tIKs_c06F
zl)YX~qjOiGGj^<Z2}$4tF--^hJPUHIiD#QEzPtp@7U8?uhuP=%wu?I@;$n1hNHLDb
z{TS0Q4C4K9e>lmJl7Vk4vj7&0^4=>%MXIXyagflc^EbOrU#zY&RaxA>W_TnN5+hAs
z02BoPVvLlWWCk$PoH&4B3wpX<N@?g3W6H)a`z)AkPSmoI$hpkgz#^ONcKiJNY^ZKZ
zXQOC)d3m9_KA+Fq?Uq0??m*E@zvOT@h&V-RS1Vq07{{*bQj7|Sh#v;+`?hVxdwMXG
zr&Pu4$TtiF!Ee@6%eadO)u%p-F}}UMF?COsP9y?78vyh<NC;%Unr2prnEP}9U=GlN
zU=-g>XuZ9?-QVBStK}mBu;1_5@PczvRTc9_900GvaGZI8d`5lWQ*98umlvfFAZI!t
zFM0*=@bEwjV7J?`go|}xL<}-9c0Qkv$0H9nfH;>6N6wj~i-W9v8L{M$==pJ~EiYxP
z@U&)9N-W7@AauQ6)7jNr>}=UkTVsT-B-PZc#!z2rq*8qTBkWJfFV*a9KcWh?5bcvR
zw<LK{v*~j39NCK!BNEIFEGBlG?5s=<N6zSk%$?H{y)8HHUh;pmP(@{Ej(58B{H_jP
zd~YW)!+GgC+}JWPw4L#Wn6(I%<~|8B0ry3qswxtT)>bKdPN(iX9uC{}y6Xov670wE
zX?y?l&kxgtdmkZC4I*$MLLFp1cD)NdL{+I8#{|a?BbgIjfEG}_WC~GCpaQ)DirN7M
zAD~V0(zm{zlJCt~R**1VE<dE7F6X!Xozrf>>9DG*E=_#UY>(%hYnq1GD;D4z(iq++
z7a-V#ki<z!A{Q3Ta=n#>z2(}N{>*=HwL9o)vmug;x`Ptt?(WW_e2n2Sq$DEpzt8b9
zts+C$4TrbKI&cwC*iivkTZ-R*|DCX7#$m`CM7?)B9)J7ox4N$Brck&OSwPtbfL?`}
z{Ddk{2dFBeYSbtM9S}{x1U`VxX2TvCbc}c#9HC}-m}GDrTNkS8<KrV~qo@gxiS^#z
z-i$<?E)<2MVe060am+02EtZjxe5k}sb2B%Bnv4hXevJ>1o*xlz$lwS&1Ci*Gi5}Q_
z1vxZ_YgdVBn@^uUHBCdW(Q2D`73wPD3F+!_FkGhQ-SSa-?`^<539|B#oPIO!jXs&p
z758BTn5yyZ?d|dLksuCal3W7(tW=qkOdujFrKG_3+nn~zTK&x!_2RwxJGOU&?>hVM
zwV=6GDXG^&ZMF^R(tXNK$lYo;k>ZSL%2jAt=p$2<sY`Q-upIA9_mncU)KVXdR4h(%
z6)3x@A&X(%cGs@Mh?mnUf}nO&NfT?5B#!EX>eNq?5jF=j4s9Btk$ovu5yi#H<X8Hm
zlG_2RT;yr%Feum>$_nY6pb-p;lTN;DEvOv^otgw`rb{pTFS~0ZyAP(W$k8l(siLjd
z61f*m3tl@?ddrQTJx4Fn>gY~~@wj8miRpH>B{KYTjPc>&!P4ZRs#4t!q2>AP{?a16
zY}mz{H!ej_951Lu>+^9uAE7$t+FoO^AyE#4Si}Lalt})1F8fP~OJnGcX&mU^NbXMs
zfNVFEi9{ush$LLCuIsN~zlIRLeEC9sa5x<9@9!BmGx|FgT>-Ee+3j}pW|&}Sa-wM(
zwg)tB2<P0_uU{$h$^a4FFTxW{ZW4G+eTiI?%b*rPZj_;JK}1B!o>DTugff(1XcN%a
z&q?zFx@ak6MM542`>E?X%4<%Yk-d^3iGGIppvFDHsow2&Bse$Bo?#-WM`@e*+&unt
zI<dmZE?0hb86VG>o8->C$iPk%p=xs?sq9Pep(&LzzDMO}19sOu@jN-Fmk))*Hb2r8
zKyywgLe)3x%a<tus?J{Ce}I-+M%8cZvGl5D{?p=wADvTkN&}PMqu1iwQXoJ9jT68S
zXz!eO=3QA}O=ja1;F_23y;IG!6pHEMuUC@VF8_YKvAok6WIz>OP&)+VKC@|Xng(Bw
z5bB9uuiD#Jq*@11xT^H?YKNc^KoW1Hw=VO2L}Ta6V9TTz)n$lto{%MOF<m{EA5rZe
z@Akp=?nAldK*JP65rcICFH)x=oOY+ffs*jcmoG$eF^@n2g)Ec3cM|GYx4ndvCyIS6
zQ(mi=HSnR9n)%$dLp^rsbWCvoWWV3D^wyN+Znv|(4TOD-;~1`{K$FA~adf#69{{G@
zExSc2!&)Ea-s!=Rqk)ZIfBNYs(w@@aqMJg|NlDao-KS5VI4_JJQX*3~0C3JdKR<H}
zRH^{Rab!U&WibGzlz2<TbTF(*pfl^7IE>wHSE?ckO8R6L5-nkoM%F+_jqyX%G>a7@
z<!2MwOqEf)Y&M$^0$rBPW<%BqqQL3rvhs-&%kywgJ_S+)k>idPU6k)3w@;*pghFL9
z?s{{;DEuK5DuEF;I#Q;tXj>Rpy5T2X?z4I2@npm~@8#*~$y`RR7S?95eU}|;Add3h
zZB$M~fq2nd;>N)Zoq8Xe@CT@Y%9Z}ZU*6p5rg$m^%6sqa@+3TwV6LJ{XT`qPLN4I?
za=89xc}2}XU%&F-L89C={AWL@Rpy$a(&DDx@uil|+~p@`G7`qzJR$m!7%9w|zhK!r
zf$G!;*)Hy~)9I!_lSghWGEFAcGn>a}P(%<6xuLTwBAJ?R(~6BqXLVVTi(C7y0{g+O
zJVVKPss-~QFy;AzgA{as#h5jSbD?gk9wJHgy1Y`Ho7i0)AWaiP4HuI0suwQZK{00J
zi_^<mx*2=W{L^xwM(2X}f~1PoYQ><AwO>fNmpA1$S#sn*&X)#bK8;~GBaU=X=;bhK
zX9hK;7<odCEgQh$a4?G-0QDAC2s<!+{rZ(ac1D({x&W}WGv=-tROYnV30<>Lm}c%D
za~Igt-8pA8dWXY-dWAj9xetAjx3@RuR|o`0E}LaC#$>2viI62PRTuLp=GNR^QbnlB
zf@1(E_p97{Nkr)AFf_*l`@UzzHH(>$m7it)I1h9p*`S@e%2b7Ei}K&n<GET!#VyQy
zENXGhWyqS-m;k<h{YvHMb4JiYpswgOjO>J2#?e@1c{?dLNOaf5xfa7TMdd`)`=M&#
zy~2q`06vZoiM~?1sXygN={ujVzFJC}Qb`nY|3_66fT9*h3(Q{9+gj@K?*i{$epqVF
z%jX<Tnt4?3>4}?v+FdWBRb`7fQ&d+8e|)qp9Z(Lqa;O9jsAN)IW11xIFzd=K1?f?N
z*O2SyGP$jp&?qs4n7eg^+-1t)(rnD`JuN2xJtD+gp7u0R@7Yuz{4|>x+?s#$clndG
zf#si`P7I<OdW`*eK8ZNh1c-Cag@B4I3KE@Ys39&vtQ+LGa0;zwBd(KDHcq*I3nW*A
z1%W`D(;jI|I<>@OG>*>G>+36Jj;RAxEjZBy<M|Z3L({bT{hoL*x+7LSN1wyE-H4=M
z5YM>&=oJwG$e<rBda6x|Dhe+XMno-JQ$A+eDS`=eCwk5L9syuFhvC6t7`}e}%2P3U
zM(~1V@_~u;f%=JQe4bD<83Ysi^g7FOR1}OA{MB0A=6RbmlZDjGr67cwP8jckUI_7o
z%-JyI#$JNvQkbkqb}Rr;zw)Mdo1_4iVnd;g-cwOabv65yD<c)e?JoC;C)9$7L=hpv
zlgb;pdY30L5QGu^Nzs*<)`J1@OV6nsyZ}mVWT1(pDlYk;&MDlVbEGa;;nm+$D(_3y
z%P;RlWNt=d>=28h;93=4Ok;kzEbpC>cow&?)Ra;lyBOq6t@fVAD#tJr!KLP#UF*Gx
z{UME&>0F6>i~!Qbt`Bk{LbP&bE+AKU8`h#CWv?P;;~-|w)imoQ=rh-mZ9b!Ew0KzW
z%{GctE${S$)oSHX-=CRV$HMMHrq4DQWEDF)@9WluN?dT7)CCbm-;HptnR=flh~`t+
z{W@Ho6NPhsbDisAe{Mb-b;of;*Tpz8FK+3Z<MBvpZ>E+2OcB57{zZoKQM!{$iS;X#
z64t$fLWe*GayOKnEVy%7r%9p4+D|epl!c{C|Cku1{-6}5-#~Rpw}UBt@?4~XXq7$?
zl>q?}6zFAfF1;dh%^CQOF4x`N9mR2#+a1lsJwfLd3FIwn#yZ-K5X5P1HAIA?HACQV
zI523IGF1}Ge(6wBfzdJLyxG;u*e3Op>G+a+;+>`YolT1HV5y}_N06WCj8l<Y5rUZ=
zv`Z`_rMdcQT9<jiY-G#;tjiS+ZQBxXXn<6^S&Bb(F8O9cpY!c^4&ri<;qOvWSF`aC
zJl79wGc)tM=C&?IIFo}jm2*>K{{5RQ1kg-wUK<)0#0P$049i<^86ZAj!axqJ{>h!)
zB?BPKGu$-lQT%HNh?MF0%B+|dNI{K3CqS<+^!IG(mIwBp)BfYzO&g-TC|$+~5m$xA
zCr#?S2t*u`MsbrHpO<E-l8w0i<I9!))6HSnmt9OXAOOJxCRACCLq~$n27fAisiCX9
z_^Ro;o;iFYYhccUlGJQr#)S+Y!f#l<v)OD|HD&F_DevgwP*l;`0wB2nmZFNPg&N4j
zy%o(cFv#;Ts0e@xEarajAvdTs1YilDqe?T}xd}%b%rqM!WhxFC(GP&pPM4b#QvH~t
zz%f&6QkT#`0AN5*!u$-aH_P$x(#PYGc7S<=7BS<T@Yi>jEtf@cgYWG;`+l~6sXXW!
z^6Dh8pp#@!J;~*0b}EbhS!)u4Xjlv7GE?8o=W`+|lAPC2r%;tXlZt!yCHS-3GTik2
z1FrYG>6g5B{xZ8@Te|h;m&%|l0bVMJnQ8y=_Ky4aL)(>qR-Q0J-k1CTX%Q?L;HQ`n
zeZKIG2B6Ab!nA+cKv^fpG~!C-AWPDO`7{#sPADMk8zYr?U;o{_wb?`0>#N_~(~5%s
zu5D@J<iRIE6cAMr=Yl|?a8>J6$6MS-(^TjF6}Qekzw&$DGcGQ&NQx3;N>Knp$!PM@
zsTy;0aEf}$*sP_-u?<0@ia3&F5ZIP-=S1oT%iaT^hOoez!5^pq2nT4}mO%4w-@Z{6
z8*O$~RSXjmQ^1ojAQp2A33?%xv}f#+;@hMfPs_qvCXhHJ12QryXmXI;5G9W|vV^^w
zQxQh$I3C^<CzPto{IK<U{r2{DI2?$fC-)sEibc@gd-|=0Am^|2q6pz5BGZ@`jO>FG
zYbxA;3Fds1O2sbmo@QDqs!|EPcOVrKIV`?@{mN;vLI>(sJKXFHONyfKajD*DC_Ozr
zF#~6KmWxN_ocb`-D~Jcu9Q5{|vt7yGKQ38+d|VeRm64S~Hd!FWK3tB{%i*`jTzr$R
z#p3Mha{YJNg1tOR`KKAkA56)6Cesfp#pOPfl9D@Oh=Cn+>aG&<PZRo~NXBT9Mk1_Z
zvh?#A#$1#p`Q&ULRSui6#KgL&Vo2`|`-4?uifS1>!?hRk5AoPgtS&8P!ypv_%9nNo
z1Y$H-?%ImFDC75Ca=jk^?ZHfZ%9{G2PNSYr&$~Afd3}9l@lV+~fw%`c9+TYQNqp+Z
z?mP|yZFVBaiNa!s2>K`lqZ2In`1nYo9pn0=bx&PF;odY2;RXaLFh*pMYdT5JITp7v
z7D-oQv)Md9KhsH~>?4|fv)K^EXSAxc<xNl$@nOL<Lgv^hiqSSpZq4lXr39z!rkbJp
zVdiYN+i5P$Vpl`%PbE#1gx#Zo)(8|dc0LZ~>FJ671R*3m52ZX&cGLkDtK`P+h2<c5
z5+m7LM(}3$#jVsXvlH6)=5f*k=D*BD(j{VU$r4vgUIJh`(@1#fh;xP1b^Y_tKik;o
zSrViJ!uhHuh6cc#SoS|nMcL-EESpE=@_$X(U550b7=F*tp5*?r%R~NtwzDkSM_F}n
z+0d`N3p=NMQWIW<3^HZLZ{CYXE&sfs%*yWDlC$^M1z|t9mHI%f)1bl??U#B*aDZI8
zMxjtz$RA>w;OtZUkV&ZwJumMoD!iLWr!+J8mBU_sDCcl_clJQtLKWSdRg0}H)!~nC
z@8-8MVQ$pPLn<G=%Pf)8NUmKdonck-Eu>=Q*!MSv1VBWGq5t-qZ|c+OXq-&OxW>MB
z3^Fn7#M;X3b}RpJj*?<MoKO3=uIo)?Q$>{_BkM`UB4HZTr_+h#ax~;M<NYXG>5Um{
zD*M&aV~|V=Ne#q7(+8q=LgdBk>nmLo764J-5DG%6XJXV+EUZ@JuK-y8WX#{CM1D^{
zaWjacxrU_KrG7=m?@7iza>fV+q$(vNh7?o|(`w1N9}bD-V!W4>x&9<~3~_n0{p~8`
zdT_bZ<K5kz0X<MSh%<kY3xdoSH&$|n_LYAwHv(#?9W`Sw%Mc%Tvtn}R99IR2ecA4r
z<pE^D5CGn%x*dJ}f#LRFuzg?^meAzOhwnKHrA=C5;c#7OqJ=mpt2K?nM{zYWBBm&I
zu^57RKl1~xTRB_~%*3f-aWADr#<c(~UmY8>;R)^gQk#Cfm2$JZipv=tn>{O*3T{F}
zTq1sQHMc`TaPXK==6&Y#4cGX_j6lnf#SC(pk-q;?<xwgsEb?3B{gz*rtK!dPo|jT>
z_PEQnq}j0W1#-m3X4PZgahGm<%+XYlO2^P0)9Lv9{QUdxzq7)%s;Z}_Cx%sCUS5vJ
z<7TrV5gh>56g@mV1c<ny(-_;PZJL(IF-pDdc1t{)WrI|e0(ZCDF>YoFCyvPicj=n<
znsG*BuJgIo5G!7JxKZSdd25>H@$u2*W?k1m{qz(6q?iMym>BVL7A~VB_5A$Im{M6(
zn;+pv`l-|h><GYo60ggdp$CAha_F%=JUs08dt*3c%Ifa!j<-pq01X7Y1og4GjCOSc
z&6irL+=q_KcDo&h;pOG!;o+gw5N2Cg<k0SpSErBr`ua)|KZ4+mm$uaUH>ZfXC;$Y|
z8({>k1XgsF!v?^W<D8>DmK;-^^tVU~)fk%plL~5K>e`FS_gLp|Hw52lwNScEsSvU}
zkPYs9<~660>xvp9g*ED%0xy@d=|@bjbIaXMS9CtScCn#34fC!!d^yKQ@_K2@o3+l!
z(yVFnd?eTNFIh~x>pL>HBW03u&ABVO3&`S?q*F-%!H}jRDpx#6z2s~%ePVW7-C{`P
z!uWVg*Egbt%2_UP`^FW|^iQa$%dv&6V2{JeWhkZhW0xa|A{CXfqWmEs?ajyPHC1sO
zkNcOGR{%}ZeEs^B7Ak$1-+udzloJ4~*@B3y*Xx&;7x}+``zFWzW<61hQa7;p^x@%w
znSUD2L_agtM2*4-9&=Y(G+|;?$7TKnx^k54gu|IbV9Y}l=+td&2TZ-l65y0O{xO1=
zayvdE16iuY!dtp!RaFt=XIYb(KQa4;W`0>1%WB;9dd+Aj>yGJyY`0q)0+z6mjIAfP
z5NY=q6O)|6;lJdH4Y||2Q7~|jrXHwWEaB&Jd9^|2$UQ;d%jha*cgORS&4H~zOtqM6
zYb+AX6)_)4<HPp6thsA9R5GZ<V0*|uH?j-MuqQ*Zyd9P&11PI{p-A43_3DaC;y-h{
zDT_al9m~z$?c0n>*B8+2583B(uZz)|cUY3p+=N%yNajCft(LC$w@V8qrwWC{2QERd
zrP@F-&Ko<Fd<WMzUVbCDs*Y}7E+>ub8%sf{)jW}rJ!`3ii3m|Mb*yogyG)YA$x7LE
zKxXotnEDE7zVskbO!aKQGX+*Y{Mo~D*8$0kM!5#`%k^x3aOof4ZZ2lYQ!#tEoR)G<
zmaFdO-%BkeBHEqh@G9NufB*HbAq3;4BhZ?;o84~r_V)Jk&p)%i768F|-un>GhgIcI
z$75_7!-6xj0)Se_XG*=cZC_qq>bhpu#Cy-4<-{m6=TFJbV^613UDxEtvqH`p@XTt2
zX~i?HXp{%UXY<TfZ0mB13Uj>JBZ{t@@iMq;R-W<$H^$9~7~~k}1R(ngR(hqXZ*Olz
zp|ApsFhx$6!A9sm5lo5903-!uyyX8jB}9)60ArygZo*{}KdbKIj7esx*8=%%-cPBk
z81|($qW?##S%OOJc4nkgCC1MbmHBF_%ETK>&G>M+(eoz2lp554{?ysTK$3mg&?u|6
z3Ds8L@!S40Ho1QPm)nh3dZu{3dx7Gk>6lqrF88v!dd{>dvzZ}ma%4H+%k5mt6cc%R
z{SBp0GFy8-<d1IX@}caux0sHb26$Oyv%H<WYOmzxOlz7Pw~R=VizDc>8so)%4sTwh
ze=z``uXU+QU63&@ErahGH!~f4h40}1ug|5~({;BFFCWd#F}&ydE;o6fCjvSlN3Is<
zkGoLst0(}fXsVFB``g#AtdbOwySqC=*vMYp_x;Pu3)Az?IVO@QqmIX8Sb1O9RiEv5
z$_{IJM}wV0mX%M&V^Nmu81s_m;wqQhKma%%k1;nSbea9yglXUR94<|A%fqw6hF3Sv
zKz<{+%8C-4j*e+QYp8LVuLT^A8yS^|&Es|Hw{doO3&f;RA)U`>Hdd!VC%T%VpAKj!
zTGunfWPz{q`AnJ4lXC|fk}vu*nPOvdi@MXej!3S-KMiMJ-r($(IaEGSS1>BM+zj44
zImuPJgeg+@@LsHXmlyS!BAtZ?#6Faa63F%77AcjYHkmO-S|oJDMcm(4p8IDulh-p5
zfQ8(-98mmMm%F_u?6dB<E#I%NsM*H9ay8^q;k$HemY1D<bKCbK97EyclJdcVz4WsG
zch#6hCX16uzDlVMxw!@RJU>o)MduS<;v>q*r-#Htcwf%`T`0LS3P+e93T`?(<mR2e
zXU)u%N4cn^813w|v$IJtu-THBSyVIa{+{ik*9YF*%0trP(f<M0ZE^Xln-xhh#=hq(
zPbtJ`KluTurRd?Xyp@gz32p#{rmm2Q)Tm=vQA<7X^z<YJ^*AeAX%w^Sh&DbUgOsWS
zg(C}JiwK3Hs}SLTly{n|pjZ(_s5$_bc_K`Rt7=JDfLv)r8G191B8zv<v?B>*iE*HT
zpEA)OLw5Yr5DFBmoE*zAu~(B#0s!h!yH<%QU;!+_Z!!0U;$WyS+%>*~PlQT>#Yr4w
z$uU@7%kFN>EpF|uO-GjTJw`a`k0N`h$n7F|vo6<JBbyN=R)WimB?r7T_vGwRzgnrX
zxqWuC99z>gAyi3|`^WZ*|KaV=>BsMi0Nc_c^7iqi#dOu58y0|Dtuf@50L33M#%J3P
z5+&T6sG0J>_a<|xXlJ_9m&!n{POjGna$`cv7dzZ^P(IesdOfA@`8qR=BDaVW&E<M8
z5w-N{-rEdj`QHAs0Pn3@sej}qf}!t+^NB)?YK7W}5HKn#!s3QuU?zfH9T*Lo&<)fa
z02m_VkpL*FsFtV?s8J}OS>_@lOb(F{zOHL>F)<=X1Dv|Y<t9T^d&aS3Z39b(g9^_T
z<v50c<~YqoNVj;(^8`ux!DVXKlnaNM17l!~T9&ze-aCNP>9k(2+21zgF1nm0yLT$u
zs%XtZA#NEs5n(oqTE`k5T1*mI!SGaMyCCnM&u!f~b!9`T@>pY?r@<n*;F@<~3=yU<
zIPGKZ5ll^EMQKdM5um|{E43ppNAeCnMDiulKjzhq5QOVtS-oosNDE0rAevknQ@F(*
zt13_xx&40s*=-qAdH39Am&*G>y(C)ACqyRdp7pj+y^?ElL8kK|-DIPfeX#S)_F2kk
z8)qrVN>O{$Du3_R-^)mu^W-vQZhC+U<ovwdCSi3~3Z^*KO%>%bx5dRxksJHZ#(cR=
zz1&f$)n>xozLaZk7>n7KoN}|!nHG=0EzY_0uF4TE6`ovQak<aZd3w(Va`}FF<Ck>l
zEl>KU>b-UaZe8Z`qgK!%#W;@09S5lzD2+*EBe}4bl|Ll~D}agPj@3NK_WSX8Br?s6
zYlisPx{8hqeWNiqu0I?O#N$z=@q{8mh_)7trQDcWrwwk}$a~K`ik-(KK1Ca4bd1s5
zAUo%KipqYXpk(%*z8$B4>eixX07#T>aWKsrQ&U6)9FIo>))NOv80E~TDOHg{A{kCJ
zJ!d17%-%$>`+mPS!g$R{!kafpFOy&s+7On+;ts}fuDR<9`)m=7GN}rHkP3g@hcM+H
z&D6(?I?`OA#bEv%6&}Cr`<~C8@xvjP;%V;tb$55SUazUSQ%VA$?^P;Ua6XA9KlaIc
zbpgoq6My$6*Dv;WA|!>#FG&_YI79*5YOXQYKmZKcWs-ei-p;Ib`*JC~X1gr~iXjGP
znB(OLKe+VOS>GwpQ4{XD{1!RT=L*L3axhdjrbx<h==IGyAPIa?x_h(u`=%PeH9q3K
zJ!grca@px(megF6;)K@0GF|Vf*B?;c)Z(;QEVG$<(_(UN-iU2viFHNJPv3uhe`uTO
zFgt(H0oDO2{?x=Vb*G{0kPDpX?O1$;?4T5ho6UyFY$}~e7*hVGOclWp7E?9c=th`~
z<F?=LNk*Wmgg>xkieVh)9_Tmx^2;v<&SqKeX0u^F>GS8$bQf5nON=t_lRB@AfKf9s
z=Vbk;P^9$j-^*lO7psy-oY6De*_0f=BzBRrLm^vk)FN!WOTgjba9FR`)cnMP+s-H=
zc&3oZsX_R_%+KSHy!VD&Ck%w&&+cV*cYM+;KiX_I^sLKYsiDm?W<{DQVC&4nyRiN3
zB-H5KnG<e(TaY7x%rDX@r|)G}4r96Yt1;~|gE~P0*XuO&-Qn2&{7=^}jR@e==*J#F
z5;wLRb?)zRs&1OAGt>CJ1E)ju>YJOMjftn5=PeJEr7$uXnl5r==Ibm6d^ryR<$86e
zm%-=qBijD8AV}fx-O3^19mD_ft6c4ASJ8t070YRttEpR#b2b26kHO_L=xl$re{O90
z;f-K%r>3h)9k6s?%oi*lr7uc!XX{O_A0@8O|K8wlT1Dl6XLDHY;{fk6tpB<}6l6l3
ze6Z=wHDI>It-(|dK}FA<hx!n{e*H>mDI(v#eKUDwxevm)EEs4a=>G+M4LaW<DB^Yi
O0000<MNUMnLSTZFw~Oik

literal 0
HcmV?d00001

diff --git a/geonode/thumbs/tests/expected_results/tiles/wmts_7_5_4.png b/geonode/thumbs/tests/expected_results/tiles/wmts_7_5_4.png
new file mode 100644
index 0000000000000000000000000000000000000000..3ee80d90d4bfcafca4e303244ea33380d48c7cd8
GIT binary patch
literal 27883
zcmWLBcQhPb6aetqVy(VJ@0}o82%@bnf)Kq65;a;xFRP0ZC4`9Hqf68vR`iGu(fbm;
zcS|gv-<fmgo%h$A^Jd<=^X_}6qpe0lNKXg=0Lc?|<>vqZx@&>}IOOi;TxqNi0AN`i
zO?{Puf`Tt!zEoCLR#jD1S6A28*4EY4ef|3N+qZA^_4N%64ULVBO-)VB&CM+>E#JR?
zZ*6UDYinz7Z~yV*N5`E59Qw{(Jj8Y0ImG?EbBOD@bBOD{bBOD?bBOD`a~F?reRqy<
z{dbOV19y&azwR922Jal<e&4x^$GD+8$GHFQ+{F{z@SPLf$ek11=$#YXpF1bGu{(G1
z6gPh76gP3_6gPS26gPF}6gPcmeqs6)H*;rUac24N%o%R>&f?PS%IfUe=Ir+V>=|zE
z&Jt$s@7mn@*4)P3wLQ1JKX=!Ej+?)OS)Tv9Hov+)zp*{Pxjlc5Te!2lvaq_ou(q*q
zj$6F5@^^84bMYLvbm#Bt()!lY#@5m~4s&O94RhDHz%Adoz^&XlI$OEG{k^lZ_jmv3
z?*(r4&gRzY?*8fpZtc$2_S#(oi(9|5y|aFCy^h6g+}YXPI5^rkJl;4t+qmnw#BJW$
z-P=4o-aI_nJUQPyyWBj#+`PEnyu@wY+1uYbI@vlp-8w$qI>T<AUv6Qqx9{xjZ|@&$
zADwI;pKc$YZJ(TNpI&UAVYkmOw=Z!!cMcABj!$<^&UVf(ckdh??Vg<No}TZXU+&#G
zI^N&k$G!{L2LLC>C&~)?zF9r(aY_t+IXoqH9|G()T<yKN+o#4BGJ35|sK4s4K^5Uo
z@|q04tIt4(TwNo$y?OCh^PaM*x^LQW@iwMRa)Z_=vcAl;f3EOtk`59iqpY}hHFq3z
zU9L|74tV9iQ9eg|GJbLL?}wHA9JRc3>*4O+-oESJzRT;68lTP9dAv8@oI3uMl9Z8=
zlMD9q^gP~Php@={`L)H#bL9@(FFz^$p!7_JSz=MEbj;*v^(fS;&Br~^^D1;>X36E^
z@dkGB!?{(5wCsZ1g6meMA#ZA2Y&F&Fp60g&S04JRkAJp#V;6TE7mnlyqQnTVLc13h
zvMs`In84OF^2)iFl7M!`4J5)N9HgEILZi@Nq#;ln;C_7tInA}YZZq2lo@{LNtPJ1Q
zSY_o{dK)m^A8wE?FY!t>FIo7_SS2xw{80eHwOd|XQv;a(goiNL^z7_B%18v;kD&wH
zC7A*4o3*25=4-|R`2c<#jEtD0R`>2DmX^6h0KUh!f0wdA3(sZ`h8fO?u*jOFu?Fu_
zy?zibTeD<wzn)=8Tg_k&4YYq<oMR?K|Azv3`z)_MEhZ^pxxZGpM8^+;q6grYJcmbJ
zG|C}c)h8V!C@rjP9}5WG66_rna$AY}7N>n8+vYR5cj3=Rv0x}##STaNf5W@3arA#S
zHYlq#*TFmtg0-LtinRhKxa_XmA)Kkgw6eD}(O^Ik(_O?=7Cj~(SQq`gzOGK><Be}1
zC5r9pU5i{8D86+1yJUN;V+4UaYSy(Wb4asdp_0ex-&=G+VOqm`)BZ1COU`;XK@5m?
zj&2rTmSXA|_X~v80Ndd)EdYhUsfAfELB6DjCz3Y_33Y_RIc-!x#1Ah(er2^H5g)l{
zo^vzS==tuTW5S>+&yL>x@SVRc(<VNtLz=kO15U%whemG1MAI5Y+sn&Ss1O8DbZhN?
zZ3t*yh2m+#--llGG@-8MSQF&l-(X2dYlV@H_6OLBike`Ot7idj3gm4eaaVh7ruQqH
zN@pCnC(X{rw}UIw92(NTKHshX+z|DAvSE=Hcr=4a`|5aP14p%o(?kad34m(@lmM9G
zVahObe~3a<YSEGo(3Ev+ObUQ}FR#vOly09PfZ+coVhtVM&Q^K1)@3@0RV<%z#~}0d
zc<UJw{PjkET}{kr0e?<2O6aV#bBcdz{8+ojCq@cbBZSKE6HI^ElK@ea$Uy9q_v}eR
zdtjVT^6f4S^;1<VINyKRk$YM~^=4=5x=){g+OrL-X4D&`KY2?}Rzi3jR9*_;$G7E)
zaafBGm*Jg9QKA8qZNaTh(zCvfhEFtdLvTp98wgzsDFZ3oF5w{$aFLfc@|RM<YeL^k
zEFluS_}3l&;||oK=%YP<=}{N)%%QW#k5!yX;Xlxy=Rm?%q&BD<_+yl`BEG2rS{Q&#
z^1ON17ea(<5&=L-szfN}kqVL1jxLFGE1z2mVpEk%f}q{w+{0-6;g)&F2GdWknEDMG
z9=Xf(E6U#65i=7x#1Fkkm^uG%y$d+xS9}U+*1jEsE&?dACFXxRTm>Njx^HBd5oomc
zxp+jjd0jBqe)YLY1J;Z+Ivn21DQ^!sj?1sPG^tA>Z2H-vU0%iO$xz86sc3yq8bkau
zq^GeUOv!zWczUy8UXqd$vP`zWPz^T5Ms5~v*n4arl-%~#46cKAyF7>wPgfkDbqHQG
z)VwsfoS6CCbij|9-in>SnmjgmHiB1HV?>3msOp4h>*nLR)`q>;)g1_p7FYtKU)R9J
zIunF9VUVPyZ?+zR-)639f!+}}1Mn&YwHGA5j;$G-2%F^BueWlFY_hi>zF+^PU*l=r
z)ww4q)x1^L%{lhZeTN|Tn`K!8etv`a7=5JTM1cP-H=ygga(El#@#~cWp?5s;@DU7i
zf=~9R$TI2HSrjlv|5@K(lqB19w0clKn%%yC&NsEN=TuyE#%EA9;&SU2UUT)0vCOZ^
zIQrofmBB=L5b{YMD+0`kz{3`S>6JUSh-N1X)@_4K0Q9;fj1~`r+LRcO*t~_qYG)PB
z<*erIP^EK0RST|R*li;~v6$En0NM+x>&-&s5GbPfOEC+r(30>PgZc{u?J27q_`*2!
zP<=ulTR-1=AJPbycTRr6t!|GGu9fBlq63ewsc|<cPukP2rL{1^_^i{1t)z*4!syRC
zv4m{x??o3vYG{Z|TOgrKaKF;3>$D?-D+weE;5G4F!Q8)HacAe7gqz?qGXpq;jRN3e
z-SMPT-hdIY0{I99R$mM$Knh1GHC{(cYz}Wk16TlJED2Boc%c$o^0KX{6KEYQk(uls
zDMbWJgh_=HX4#S+Fh8@i!^*kGa97Bhw8{jH?Llx<EhcU?N?zlFC<lOS0RXHNDcOuU
zpas4BgRb*QD4OU(vJv^B%VXPc)Y0kZYMMZgtw~Pw%O<df79R8d7FCSXW6TVOZYPa>
z8h63oec*)Kk1RL(p59RoNG@3A<YZe|U7&(3ocASmM7#(Miti>mn^l_W<ImD&m+HI}
z77%9RxJ;l(;*lC)4WgBy#HI?Yx)Hw*QHLzPLuS?wQA>9I-IQ;Kg{Kdcy_B?Snb$Q%
z>^fyEjrhM*xnI_9b)0Tt9va|2v15_*w)F}xDdfDQ#t8Kq2@(5Qhcm5O1kCab#9nhU
z*1k?<^}-`n?~Mkjn@U;xq~1U{4hNSMZ`B~c63OWSb9@8P^XM?RWCprMTF%7DqHo1B
zl^l?_DsCXecQs6scc@j2FRB2|$$oud=N_E;{<-Uv(^I4zwkx*Ud5xSJkY|lGwSMr#
z-}*Ix3?56Nz6V3I-U2r*(S9`~A3%?eo3d}KPWvLk0(%Q95Jk?pKfm(YM41edUw&Oj
zrbNLkYWg$1UodanOWix+SGu2-W8h_A;)WvAH@sMLsxoyB<Bt#+ZDqV-%7ZF(S|gNE
zr^s$XR3{D$C`ij)FEix>Cm-#9U*64c^w+sV3*qg5JrqV}ZcEdaEG@RCM6W#YgxwGe
z)cX3~-z^P(eY%+QKe(F#jY{331|A2@jm2e~R%Po^RY3r;9TG2?m&E~Dg@PF(7a>~-
zCxMPgh<E2o0k>_!Vg=;bg^`=WjSw1O>zXtoy|1svl>{ubWRW8`Mp#bhuQRG!f(Hb(
zjDYYwdQRuD=k_n*A)W{-NEhYjG}FS!EgN_=AI|Bl=7EC=V68{n1k_68c^~u;c^s-{
z0t-touD*2$;_`0Z-F%n>p*C8yd5l!u)b-x*UHY;@FbJo1i3N{O+QRWp6$=iP^<8_!
zn~AT2+Mg6arVaR63EZ@_&;SAku|o1HfRWvo0fsC0qwQewO5;nsVe{3XP~6ji=sq6g
z&5rb+JS#~1VMjbUDfS=j*p>k+q>WzV&7#*qvInbS|HL`N8IHppl&V;e;}j-`x1$SM
z8@W$eUm?K_go1!k2B6KC%?{-fDtT2kG^C|@osfS!C3Sl}ISKl6yFDp3-8$w>jQd5|
zpDNM}vR6Mi`xjKjqvu<iov?ut#QvIynsp7MtT%gyoAA${QLv{E*3Mr5e|}C4Kr!S%
zCEW}1cF*|#P&YI}nkA+7_R;*RuK@Rr%Ow@L<`4{y?XqbD)ba6+6Vbe7o~f!^(>zFq
z4^D`cUh}M(X>SDA$|Ck%pJ`2ui_#|i_J3&ZJgz{HhtCDMtTJR!-l~BCtWYRY#-9hs
zkXaOojVeywyqzlUh|pLs&bwQDdWyMzweLC|etm-iJcSOCMC~(#-=W{D*D2fOSLdxv
z^em04z_h_6j9agoEo&xrs@}&ouL&!FC-o;P0VtRi)U`a)JGl%1ipY^4EiItMu_*DI
zc9m;4A~5Tf5(8vkXy6t=?Zu7RqYE<$-!Dwu2KoCfwyWM+r9BB5Aap=l<5gAu!cc~~
zLbF|8ph_dpYhbtA4FH#W&@a<gI&HB|X6uhdQ;=3vn?A2+%lP^Q5py#EN}R@NTP_Jl
z;vFC$g7|Q&dqpM}|77Y9ca)(}^p<@4zWfrtC4N*#py^h7dH@aP#1KUwN~a&;fNxg|
z#lthVh5MiGudSiK;T&5QZknhc==?Cu?ezKLZ_{pRR>MPqmP?asp5%Li2;5Eq9o{8g
zY(UvR4F(R?VF0s!M0ABe@KJJo<_{MJm)$N)9722}0r>i~XxTX-`a7aeT=}pXao<T}
zHA~VHipjK8v^T$O`v>*c+!A1HFE?h^%-RFaYW$sQ7F-krbezR>lK>DrP9ed@*98x-
zv!+E|^8y7Jsq*u01z_Qifuuq`WJ4T~H3^9$9+o^1WB%>+^>L+@N+FrhH+C9P!U&Ws
ziA=L5QGYK&T?TPx#e4Q%6pFre%zPBQc$$-)oqfKl(XvoJ^||4(V`p$jShQ9Cb!c!8
zfQ<$aP+EYIl-9aSv2l%VD8ytlQMGe!fcu02b9kIM2WGurY8~4_fZl5LS#YHa%OcD{
zjF7w{wWB@B&3vEP0bWG5D7BF7?WL8FNj0QTapd37U4OPIFjsr0fShm%7msAoY+?UY
z-iwncZB$tWl!28{5Y9bs>rZvst;mr?PT&fRXu<IKFXfI+mB+L0=hD%A(Lz>)`z$55
zr>F7(vyu1kxu$E*h4(=0WRuJbtTN)*3gX6^7y-}XHdzMmTQ@mI$|m}EkGzTNSxb~H
zW)F=1$)?F}vjH)9DU5}s$)%moBtYmkq1;;%ZfnO{jrRMvBZtRAo;yPE<}1sCA8eiY
zXaVasOex~Bt+khisG8aE>}4LqFmndAgDS2D^-|5kvR&?AvGRBxiXom4HLO5=EGld)
zGlCYeWFWa-m4N{{Jy;T6O1LSLic$#<vX`!9-^XUnjr`kXn)@G1S)V?==e3T+z|NG!
zR`f>h&dXCD|5zBzl1FMnB<<ZinG=h#(pr&KN5Hq=QtLC5744eeMmozqLIb#1X@B0L
zzq9gZF#xmzNsQwaQjB){OFz4tiqn>(phap`%u*8r6n_$<<>#NCTs7dK@{O+dZi$vz
z+8<My%es5p$pn-~uu_}06nyFKn@VR1MbDf)k{miDY4L8&)_Z)~uI@us1pF+Jb0Gih
zMjn9z&?sR+ja7BMoD847n1Da)_Pr2cNgst^nbwwX_R0Z&b8B1yAf)<!S~M|PY0cJZ
zdmcx;C$PwxQ&4Ht8x3@w=30i=qPUaOY)VF5#}ZlZ!Jidt>SWCX%CXd;mJ$JF5mj+!
zO#<?ZdpKM1ynOH<NV`OtNFL9T!c{aNdF$8oZ<VGUmP|~DNM(s~M~W`%jt=;q35zo7
zZ83L&%1%NZV>QYr9PYm)jk(OvC=Ypk;`a#;h!l^He(->S!7R+b{-i0{Z5180X>VZ6
zx5o^3zMU`%!?e-?VYjj6AKxZuQJK0JhNQ)6Y70Y<8(0zc!*$$=+(@pol5mzD_VYh+
z&NjY9{nwVc!vHHq0<kf`t3<@@k5gS;GKDer0Y49B79MU%<hIfRKbPXPmH6w~`a|(E
zfG%tOu*3HNa_Z<IvR@4}axmrZ)LO;K3XaIo*dibWm`3`1ZZ>`lJ%!g2vjVyr<Hve@
zX}zs-MMO~_tnJPUbgKnX3IOcq$KelCU8f;$@p0(~+CsS%uZv4Uk6-oS->o_T(_=nm
z(HIBvzPEu30LHI@umn1<uHr25*jn)y)p{Tk2zBuz7$5K@M*(%ntdy{LAWEjGIk=E)
z?Aa>O)rWzh?1Zkr={2x;IYRW%$?ewpH~ZK{L#oMu)Jq#rIta-F&<}nNj`_)dkGlbb
z>-)4)j(gqyB_s-z(+W(LNTP9$$60f5lu=nHl2;=Q#5YB%7U(l}H>A;^{xFgtk3do7
zO)Wsx@<@Wlp8*UAhtY0w+|!|q_pUAYsr$=;aRkOHI5lN!W>p1b6*P=V1r%_;7v|7;
zMK@yR02|$C1Y^jm>*$_lez}?Ry5+s}U|&?P;2ubX;bDJitZRXqk5XE({+$pc!;lQx
zjc*l?1JaM|m{(A34)*ywrv?J#5xTo?lAD9|-S{1JrU}spygQ;0jQB*};Y$+g<_Rpx
z-LqD{<NIcf(ki;`-rfp4ybir_UArQ*tm896KC8q3eOZ&^Dr2B0;2HrwXguR5GRn$+
zZT0O>1v{{33K3vyPS1GWlbA1Uye|S+=EFEV_`!cc>Uu_c&+Dh^@M#lb`2v)Mk=}76
zsK{T5)_^<odwYc|OKK2{B{vMjcZ96@I;?>n2}8H0OW1<2KW}?kZ(ROeYZXuJSrn3i
zUf3x(ib)S?<BM>)(F*T7G6m71lIYs*0W+(TS8l!Sy+>-iU&5qvpT8TEh48s$qU&7#
zoqDzgBs}VPro~KqFILRqB^pmQCdJ>V5HR;XD#|s_%CWG((aZ%Iv_g+N{Ir4cwMQRm
zMOgQfbj}C>v_8Np@IshfQR)@QSNa#YP+PuSj#I`?9hDC<24F%5g|q<w=c(aPBEjzq
z5>uG&WJ(8hxwg43O^_qnv-LxZBOdF=sG4oLCl+gB4W(Z+XcDsD@26HaPKwaX!>s5T
z?5FP`p-><Xe}JNZBUQ}Ax-8uy$!*QY<B+ZJD>r~fX3FNxK{1A~TDc|tfS+WP%d8JO
zU{|#xQsw-GX~DbHz3f-p$%|1yGyW*ctB+#J&y400UfsL<TS0C_5J@RQfCxkcF|e{F
zupu?Z(Kp;<7j8|2g8*Oq0ilCGfDdq3Q+ByG@RG(Vr`%l#WtsMNHx<m0XCtHIFzNK^
zc*reyDyXD-P|cJ(4dCuieXD(YYF9kgc_qmm!G=yXL630kegd$xC^(Oo&U=%t(&(+k
z>PW>`BCl6P0Dy%yFz<sd$ssufYIyAt+(%(7Hm}rkvjqi(Y|v1Q^F;<Hl<=P6UYRj`
zAm8GvGHuVVr$19|op*o`S&KHX(@+&JIQh)R8m_y~!lTN$0ZY+{PMz^_*UHsTcz>eW
z<5a^G3N!2ga>iu<j9DdR@Z|x3&aH<SePJkl!&x5Tcp7D!Z>m)cJT9`=pX5dghO&=*
z#qrUJ##1XMn1ZCrNF_41W!1Y><*!nvhBxw{V$<~upB=S`2nhe!xXk$`Z1gN)h_Vy4
zMnEb8F$=ZxwzaiKKuG}BKUP8Ugp#F*=2?Cl^X}?gRSS0&B(jE*C|koqclGm+!w!cE
zrl58cxA7gO;;Q;VS_NAYt-|Uj2F0llp<n}V1bWgGWbGy_ie$Y{p-g?Hlq!4tdEit8
zSe0lxe;*AJrbVmc2LY%-=U?%IgpH5FU=`pwXDWe&w_<PtgW`m}+wBgf%f>yP{)Gdg
zPyWpdu2YFfjU*5hNYzxm)~PT=v#pdl04N__M3iH4JrxjsCBDmj^m!O@FGGVhr=-zM
z_lz>tbhAU3nDInr0(1644501z*At>K_yu*4Qc<8AVYSmAA4Or!r&`_q({Au*s7HPi
zocjErob$yix{gwT-vl>2{22})gXyn#UkICMr>Xg2$e$5h<#jmqRUd$cC(&U4JU_p5
ziU|h&wg6=MGMRfT+QAV~-z|TS9;KaWvlYJhf|^zNUfKnh`NzNrmzvtnK2u%UEPDs}
zAPPeHiSd=8Xh5~UM88I82f=V`fU*uPyeeN@!UdIfgUaoS3Pr@bqkX_ggGoxJ>%1T;
zOV9idkeRA*6P>pPTbrV_sOS5<g~W%qZPHzbo4Y~Z7No#epPAB*pJXVyIQ+hqEn(Q%
zO*L^M0b!W3_`aVG6ur1sKUY#%O;pLHxgn<bB2kYv6>E8chdE;<V(s05hqeOfOL^Z<
z&uSFrmu1DQ=+CdesI>ptI_2es?YN7de;(HExLLYK;O=jltw={@P4-5EzRhfex2c*h
zLr*}@qAcVdP^hhLQdJKEu)&%gEC!Lo{C^xI?2y7}L5Uy6fHj1*mxvB!MvndNlkju4
zy=^g=^nL8&@0X(V4nIWwebjY8pNmfyr`xbITQeOl63AN#^oDLdso|9RT`HX6uwGfN
zS~a#xObo(2RFS65uguBEEnmM2T*5r<`wD=Q1on2BFv`mSYD(!eH*5YrWNr$9XYSLw
z;H<giYz;%_Y~|HIW=hDSmmMp3KJXei_k1n+DhX9mPTlF^knxN&g(?;9LO<0!roLxV
zg&GD>d@mtpaCKH3>@o%Gl>CGVX`P`!8UgE(KdA%UqlvwQp55-)59gefU57JiiN*@3
zx5v-Av-n9A>t<dz{<6NP`K7@<#@<xA5Kl!}2`^w!XasyiXOQcb6(D@<?_FW4Cs2TK
z2YkzL`t%QiEF*U06!P_RtI%Dtl_AouN06n*uN-QVu_y<ZcL@1p*<zW@Z>o)Nh1^*v
z0Au|09LFn$K0XKbzVJR!8MyDSrp5zrRk0({M1HE|;HIjquAPFSKG+^{5_RZ=Xv)g=
zrvDQVum&g1&#&3^!@)I`z<enBk?I#uDYf}u)D`hK1q|L7m3n9vO<NjBd&%L`+uG2U
zUVn%{emQj}pQ5p$!V$;4RFy;!U#98AHhu;b#WGp%2lhiHAP{ne&zccyZ4FC?^g`T4
z3DL&TYX1qoS3ysf^Lv~sT3#_E(20if@yn)(b{W|>jpO~7Gmx!ZmFzINlVGTN-`bh$
znsvLe#I&MhB92O1=;FMSkT@fg*HlcBfxj4oO$iJ?W696`G0=w~9sqoQ!hj}G^q%73
z*qGiaiYPNIQ<I<nCH$|`Td%msYF`)eiASXN9T(;v79c(N%@d0=tGJ;$PN4TpOyE?|
zYN)6R6&Mvv20HYWQBM*Rh8FHKj~*N~ABEO<cZF~h#(_aFR{GNYsV-fh+lJ)t(BOw<
zF9P}7owYT(k5NR~h6+z!h?{|EP=lSac#?Dlv^e@8Kit*i_mK~ZYK|`$M_g-~gm2V%
zP}}bwW7A~~UgahoE2qg_f++sHM0Cq7!U5|muB-A++rW0WQFdq<n3pAx0T6m-dHj$R
zwLdyBESPgGbq;=8+ec<4qkTommg>g$%m2gdyr92@fZt*i8ZXc}KiEs(O-U0f$LWjI
z&{Ya5FYt-frHYRDx+z_I84ij9w9|@N-NQlG?l*!*XqpwXR}2G(c`6kz#bR-3(<UJ<
zAoR45!iPzrg!~huE=Bj?FMn%&%sPd2UcY&0WwL~iSC*%ucQ2K3$LejU*7t?F9bxU;
zukc1It#RA4k138*4>J_e3J>G?5$&;H8=!#I_AgtoSBHI^O)P{md&!xCk`@o3MeorE
ztJA^|aDZLcRao2%S#`=_d)|AV%qD(VbNk8v?b*$WnM>*z+M9o~dRr7x^o@p04x`c(
z;O7@yadpdbGbnE$&3e|N`fw6z#2Pu&$@ehOYL#lOK-E=vnr76~IqrD|LqZhTQmHbb
zENS!NAy6#>WNf=b0pCh?Ym*uq00}1s9ggMRdv<F?r2$Uq{k29(k~Ctl8_jzmH%@s%
zsm16kE5%6X+DHGOSZ_b?1hw9gr~)(T$q69g;Qu9TYh5|V+mP^jB{^w|!;cu6<oSUt
z3UDW5bq^r!A-Cp&CnFu5oeS&Vc-{jPaQQ8$wFwfX!`$mS;`c6<1?l(B48N(|y%Q=f
z#M_QN7e2bTG#f^eFr8ikn}#Z?ZEHyC%40rl!BXoGJ0fU7KO-myq1ub08zSWZ044Qf
z1R&SdA+mLm$%o$ZlEybjpW6Zeedtg^;1<>pAjJo=;<4Zjqc!iR&OC%)VAZmll<Fi7
zoDd_UkT*v6-T&ER&cPQxk0otOKYD2E=sq_vX8?^G2I%8$k2HhQKfV=cDCp`04vW+|
zF>gP^p;FhyaAOKSG(mlUIrS@RW@H1oSlDtPa|UJ&4%C}%O*1yzK`lujho^HDVL5}m
zOa`Mwl1t%2?d<gQ`z{25{`t25k!?7MX$Jh#D46-LKFtua0rql@FGpEEcy6QVMIS03
z5%PDO_UuG)7e6>LJ<)4a867Q{rviCQ0IQ(INC;d-66T312D?Q-Do<Hrj^@&TgCNlV
zmMjej=`8+DJZzx)OCaR_qM>5{?ZNiGA!>h(s#s2}y!e+Vw_yd3Q-l6fM_W2&{H_8c
z_j%2U*m2fD+FE;urzL;Q@lj<G6sM*UfGkp81qo}{wgat%hsv>XAJPjT7x4VH!$aPN
zgSy8*VM29*yYz3@@5pH3b+I0CIKH0#fbEB~xQaM3iEy2>QbH#ZV+DM1IA5NJ{%{hZ
z&iL!BS{p0lvF6?gCEsy3Tgb-*z0Gvkl>F+&&*aQTi*BTANj7tISE#Tt5+KG(yPuPO
zE<7>&4XUXmKKx@|uXy5v-&f!%S_J*Em*dl*x`CVXR2@^MYCGPm(*Ha>Wi+mMcwT<D
zLp!Y%PoF>LGC9}IyxG$<6=bnoDGUpJDHhE)Dl{l-_J|;Yp;NvaM=|<M@-Vc`4xFWw
z*h$<A$w__ct{`I~O2J+eMT?4l-2>+<Nl;4z<c3p!&vp1-5vNjR3TcJhu5y@$YCr4n
zyQws4LH{?+uW@<*9c=dJ$FQi|6+bIOgZ+o8U$$r!mD0AR0vfUO+C;IU>QI0+am3yo
zhzy0@k^!{rxy)pj5M%S-iejgK)NcsxS?|;5vw3xbcqG^h_^E!*@9|^ws$%F5S6+d<
zuE!#Ua9ecZy)Qyc@-6yI>fTR=-wxOH#=K+ug#XL|9=GzsB-|RVo$%eX1zxKfg_cHI
zd*~j2e?Wn{m4?L&uQG%_R+fs<d+j^I=q!vf)>ILwRWr5jzK7l7;{8_|qV+p5K_R_~
zTh>)h)gCTLF1ZtiND{Kxx~T5RzwacF=#Zfs)sHY+3t%K=2Rad2;_l>}%%)I#YXIN^
z&kO2Z69AA{a`=1^F(iMJ8shHB00e+h=@J(CV`FYj4Hp*kA=r~do14*%<As@-Et3X;
zF?HRGuL0-G5`-fjO2&C9pD5$eK+^43ZbW~I5T>yfhzLUvv}oN^S4H2yk<#q=Ob%B?
zpg>?AFi;W_ZG!1pK4OCi$083_hD<Jo<-`aNLpO$~U_-e5nVHW!d}IvE!VR$n=oVJu
z$Whs{+2)om$}l@SUG~s*DX{!HSf&Vsx!&{shdE5}5eUw&jW!!+bH+n84ecJyGY!4S
zd%#G9_Bk~N-c3zEi0?rX^G|#&k0E3b&)S@qnfT@r7cL^6qutv{$|}LI@FDnlSpO|)
zu#y|oPi9ht`)5Eo1qSd?!}8uflx}OMTvP#iKZPFbO0`~J&a{qI1SkHH&w%!omVIow
zOy%M6r%LdNNg^mE9q<y}w5P_zv-q~G!qHpOs0}7XstiqQ!UzH+Z|ahiB;%|&@1#I%
zr;_D()JM!JgzM|lRZGN(>C1!CFuF(a-wX;D=&wsWTO5c~kOZQD0IUcv3GbSgPyqG;
zBnBZZSn`U}e5rmw`sQvU!lW~u`brm)5gy%KOw4mchQhn?21&L;1@YhLl+3)D$dG~*
z$E4Y`gbz)XL6^ss*uD)&(4SH~AV$fj!VZ$~7T1snb0vB-)H)BsepJN(FveIox3#-R
zKk^0xJWE`F3qkJn%AUMy(+y3Q?83gcSrBs)-@Qu*k~L402PyZ6t5wNl6o_rg2DmgD
zft;kNHCX4yb(tIa5NdGi2)vvJSq{Nh5AWiGR^rnFEQW?39AL0HZmX5d38tLy;s~^3
zWd{kVWVCOsft#3_l!c-HI1&C;M;SFLu(G@$WFR*0XQVB|RZZ5Yc~^42ujr3P^+n+g
zFvcw&CJg56vA5qI;1brUH3hN6A_Ehr_6gxg@VR&6qtI&#87PR&-PiNt3ca-1vY#eG
z4OTNYn43mu5pe$(k#ZYOWy9E7Ea#~c26BGO(zm`s&hk%e91nAH6_|owpSy61g3+Uw
z+dydcbCY5pJb)Oajuxz*<+#EFuOgTd7g(@nvP<p+ZB<^g^!7J(J^j3JkMYX;`j$VL
z72(lJZPLi`i%}lp2j4AH`pMpip`?~Ut!B+3v>*toVRL=4y3X%{>w)PaMR&S@45}+)
z=?jHqkYQkj9>)u*=)rGrfc_IY^Ko>#*M0%$Qzrbi>dUEJk9ReAoax;;I!WJbb_t~f
z^joK~3BF(ivA~rhLcX<CV){Ew4ydMEk7mPEEd&Umlzu2dgP-e2V~$b7M#%JMTRKuq
zuPq~0UA;y_wYCB0!ZeLxYT;u)7<5z;!kY5afoS@kFepiwe5D>5LrsTiLvlXZJ6`|Q
zVnHuI)6W3UC_lv5HmZl5>Xoq4oWwMHe<|Ztu@HZ?=jGJCV^EXuf)Y-OmKdqz7gO%C
z7sI@;n*L4vMjQ2s<>t7Vx~j7devg-)vlGOu&aFj_WN~+{b;M_zM$qo=FVrD7Bzzsd
zGsekJGmaI;HW%FId!4^+;0}YZqXutIB;@hV`vl_$<1XrvY%$(Q--vu`PK+ubNhvJa
z<v<uYhmUNIRB|x}`F9Z*C<66cqzAb@V*UGu-VSpVp5S+&vp<18rWk@pVZ5scA07W_
z?l_9>aUevOb}W3B%yWK(BDN^-<BmSN@NS0cjJV??U{JI)7<Cv001~B80f6?B9EKk3
zIjgd;y_}EBz7__$@!)7u!_glPxen6_MMB;;mb@rTzBZy+x;g%;$kh}4w)NlOw{Lr{
zkxlP245$%zqmFP*W(8z6;n)Xhpg#~nN}#Fx3LO)tDS}Fj<?CcOd^hQSS2*bsz!=U>
zo4gK1kx$P_W2*y0-^`bP+0h7KlHe+{Sm0&x4lp_p0e4>r37sxZNINGG46%ZdlF$~M
zEP6D_?<S6t;=96yuC8)XB%>j-HSzqbVgWd*h!H{Od>V{nh8m6}!%(;U{czAtBe`^A
z68-VzeY*Ly{EF~)r&8?VWzSMfNE_3CUuSDU0;rHMJ5mHFK6pOGsQKqOVR!?ZMBU>g
zCy6gjtgIB_<~&Dwg>*eZX06f;s>9;{nVD`bL49Jlor43Q{|TWh@?Cwk963j>aet0y
zTL17razU}{#XOQnw&0Rju%AQ=<Hl(kH#w}-n*r~qhG;nquuSAp91|ELK0nglP}lHD
zt2g>%|2OLCyzJ~$mYY3Lb1D@fwvMgVps(R6OM?|A)eESV{3_rMxVs^2!%$0m6uSbm
ztZhFDGZu5BPf->{F!RZn5n;T;!mpQNn}LNJ?zG_9xi+<S$_`oJ+38mY&I%N@&e~#M
z$p;Xi;g6YCLI7xESnEpdV^$9cO4-C_1z=Ba35KGUE8!BBU1Szd*<oEk5k9ah3UtWg
z%XCE~F7jJh;CkLhM(>8)EFahaWy=rHZ;`sxJtgin{hpb3dv}Z&R(~e#iig&(V6x#q
z$jei^Kd_IbtoQzNF+BvH0B8C)laDb3-m-Git=*t72_vI}fZ2bEX(&AgDo6`VovoIv
z8z@z5i}D$UJ}E%<_9YfmJcoW9M-@Lt;|$|?P3=r3yPZB384#puaDtZ<EO(vx3QRIA
zf3(LPas#QqANgA!QN;<e35i4KEQA46pB5g47mQQ;!&e0Hd_EgB=H?4)k181DJ8MJu
zsGsnM<PACv%o3Q>*0&Y5I3e^vCggIjj}Ul=D%M5JEICjW!TV*N)%dXD3pT>TuE?Km
zHU`Ee_OSk}nvx7du8$aN1B~v6a~kN}vV#Cm6NZOs|LOo#t`enC$~rhC>2vtq)}iPX
zirxz*E9mVT!7r&!MuHF)iw*@I)8)rx@G@f+S;3zLKpoj6zBPa4mVde3Kt_neC?c9D
z2gAh~BRVa;@!KFkk|&Lc@+sg7#?%9>nfp5Bit~Z4*sd&^=~XKJ4lba3m+DfYhBKK3
zfqo=4z<>-T5%7Ei9eLKBF|>*yeWLyya>kMtvs(ycG`i=(o6{d@U%R;j0iBw+gXuNF
z522M0lvrM$_JJ^DNi3AcscqJ`Gc@oKwT!!uI59ei&57@=6!ws5m*TxO8V)z$CD5Y9
zln)}I*!@^pT{*uqhGOO5!R@<hFrj6jT!*#Uy973WRgk>6vL7tIwx7V}7(ls7TO-Y_
zX-sTDp#dW@-7-j$i1pWx{l2#V-+s1P@3amR-}(cnoqYyom^E9TEBT~z%H0tupjLhr
zVTuH-lOatL_f=K;AES$MUBA-1(Ejrw26|gk`dlc)XV;VQ!#JUWFNh-KF`mbvf33Vr
zmYhhL{u`}D?{vL$F>UEyPaMvrkF`3!9_i2nYRPAhZ4x>`BGSuD-mcU%T%-gMx8a!p
z9jYCi%*ddK;uHXP|9$+Q0vzol&KP3tzup?4^YX{-#O2nOl{||s^CNjbKjy@@u3`F9
z?3ef{6YXcC9g(oS5n8QK)K9_ZB^&@Ncr@^SYfDc<sFrOPvnYB{1ot(>d3e|WM+ojs
z)*645mtv~$gi1#oJ?x(}(aFw%VN0a@F|MQwd_i(s2zM;JkkHEi0)x8$KzhD$9-CJG
z{aSHcK(hMTw%bvD#gkKAQe$QOzMV7Q7Q|-hDcN@@`(s3AQZE5@i&a0{JTh7b91*cF
zD`8Dd2z8EhuPZt`o}?)-JN5Yq6oi)Zr`H*u4!P&W5K)a@wTxbIEMv(2>CkDIvqsAc
zCLeQg+|QT(P03JTt?)uj0P%)aE<{+ixp%CsIueAP<G#(s4N8DP^Sbi~7twuHE|#Mt
zadbM?hPg{wh@#pN9f;tI`xqf>F#9AICF;qo&P*Tx8ZZb{66?GE59Dk6-?ZGAW4^=1
z>HJq$f<lFw`b`fGobP%ZsEg~+Q?pjx^I0KOvFd3S$=4WE5GqXkncymF+@80ib31Y0
zNf^K~Io%z~DEU)!deJ&u(Y|rJ*EHuQ947Nkq>A|oEksf{nZPz0QOIrwx{esErA!%g
zWVwjH>V`pG^&^hNs;0%tZWkc#{^u~Ff(PbBD$>3FQ}PRwufyt+9YhdO_dQ&$!~pav
zB3+Rr1X<u4vx`~~-zHsvqE7SVDW2UGW%VFD9S;G)+~u`E`*h=bHD^6xH_Wb#Dn`=>
zcZpu?1Bvxe9UQ)jCAw*|m|H~5OK`jJt)71WrEsY`sMml%lN31uCU4Vu;ck{7_2@(z
zgt17kW{|BpJ@h1`D~<O1MEW0T;p~U`C?P1^*If-*k18|xIIAqXdn0{+`L7ok?#c#3
zLj*+$ILJfamZP<L3d9!5n(Rr552yPNbnr3OZ&j)>6jDFjOQ#MD>K+sSKs*68%YrC9
z$ljq=&uvn7RbEFeel;79M7fu8{#lJdsV9EpW>mCBfu=BcV4?W0N6g-7x7tdew$CPo
zp@C^lF{f9}=1ekH8vZ|}B1b3-*u6f`rz?N1RVNA%=7><+JNBI?Mk(3h&3pINQZp)|
zqMu&gh`t%b5^X197q&q4kl}#(jJlX_8Pl?6UuFXlK=RyQk0-${3B6wtJFe+-T#LmH
zGY{;n7{4u3WWHaHVQcFIha#5Bdk~DfdoMh&*wwY8<^b-FfLX@@jCj^fa*0Eaw%TY~
zL4lD=oXhl~$CEgH#$@xK^ww~oyi=)!(Sl<Dei2`U%D+)IM6ri`Cb2^+raC}nV<cJ+
z{;bLRDm^?;JFt0rWVF=6IimVW7xCYsp`FXUaeY&P30-j&fc1CYs;y-$srrY<tSrVW
z%XE^qwh>_}OKdk1TFY7hs`VO*hFJ);KBY<9TQL~xlNKU-W|^H8oIdotR5CWu-{Y<L
zcZW4%qkBz68g%v)j*qOq5$t;hIBEky?2iNVL6pQPPl-K3Grn&81oD-=L;te2(lOKf
zTQ^%rIa!Nf5=*{ax;Va}5%1hr4d$_&4f3e{<`bwX`=O?9KI4o*{+R>Ga*z6^4~#f(
zh2&%Ni$aSsDoVUJVJS4Yw*b1epGsI`yJf!F2+E`=07s}}P52_%sa=z4?;%ERwbQv+
zYp=ko#8{4GyN^P%fL3j?mfG0i1$71#5t*Jx*ztK9JG3=+a$+xQF_n3&{sUY2wAn$U
zbwMXpTU*z_HavnXpj+X3U{jBjxQcx*hPBt{%_lg3Zdw)jKux)vBpK4=+|NcIpNdX@
z8tkI-L{Yz+W^uzqNzJhW`rEy>q2=E;w&KH-G4H?Ev+Iqy9WynjKZ30G=>|8q6o1s*
z#={16$Su$7lEubgT+{oz8-%f1sdz!bHAK@$itSuE4ZzpW2Mqu;>jNHf5rg8qh-7lF
z$L9a#6MtDI3{dYKsUz+wynKKG&70;}5=DMBW4O!I0*VDJWk8QS4knJ=NYQ$Xc*!0(
zURSamhjM|xK__lG`qhFt;d4H34IB*|`M(&#6ad6*OZ-q=ESYpzo8UfN<&QA~HsLwo
zAslG_8=*%%0ciw(0tUP#IXz(n1p9e(MQRKCq4K*#5$p^An)_AnS8^b)K6#P%b#Ig9
z?vLpnk%I7=U|TJneDP~ZhSGEojqiB{T^Bc{ZZBsCpEgxs5G{s+)N@X{Jx9M@5h(*I
z^Ic9kWgId{8jTFR(r|BvcJ^N42OdBt2K;RLrH?=UdQx+zqnNgFD)4=_Ik!xCO2F;)
z`czn_@0V1qS0@7$jbkkPd&~#HXWJ5vpDraNnG~JVU%J1E#VdZNSxt55eSh|M^~Jdd
zkN5#62S?c#U!%8us_WTRvK^XkKqa%b#*1kVXvP9y>l;6TQht&AAyawRGMV!mtk?E5
zFM=VnR`F|HOY5h^0v}_r1(4}s&reVe94tu(;wIcU@#cIPhI)p@il=`P@g;YpnJYZ7
zi3^NmC{EyF_kF`-X=U19PXz(q`Go5<-5nzPL_7>pUL|4}d*c96_w#QPbfx>CX@yo#
z(&_Er%@#qR_ZEyf=BH(Ox$4L`QkK-!4j;X*lEmU|Vb?n=raIm|bwA&CtnoZLEidKR
zYgT_S<@(k=J=IiDuj4d0^1vAY9(RL$ci@={sc$8cHYn1N9f=lJl0J<wVGtSBSp3_)
zl}0)Y5KT^$AlY3+qxukXIOc~AhI~oT5r35ZESh~F@P6iRwG<53e(d>{6+`5=vB8sv
zZAknnIEJc+^=~9NacHnPKDLC*T}bQmI?se6!*nPGJM-a0dl*PY?l<B?TdT-*AKBA_
zr!nvEt+BY!zt`27tL$==45cOzKBQ%??tb+A`yej^p~|;Q-eN}f%Ro^|XeV4H?DDzg
z$gO|UeXIkgApfvCk^QHVaGn2%m>4<n6Vv0_ak>@tc@fN9W4eQn#)HLhchl13$&;TP
z-TCgPxc*q%q~C)NWx(XbaEoxtmO-h0L?+i?a#>75K>MiOBk(U_%J|;G>5L5$>l0;8
z+DLhYw)qXrgb@!bjHfT~-o^rhuNp$Ky*o1eyJ3&DT0RqFbI^yTs66JfKNHz1i=1Kn
z8t)*;6FM2fz*@N4P;95xOC<>KaA4q7=%c4CSy4Q8=|yb7Z_ZI(AlX-x^T~WRQyx9>
zdm7GBHNptRqmg}PWf+DWr4<<Y3o}*8BsbPTx~LNu{JvnbcSWr3<7b-sbjNaF`~`V9
zTh4nQhIM-3q{GBy2o1ZnNN5SS`@2;5hI*N#9W7W1%E-Zvh^<vPvo^93reqC?L&T_E
zPuH}5EbX)v#xJ&@e-IROd~Ev<|G%c(5tXdWD7D14VKcCUz2>L%<FPBaZ5Uyb<}Y5b
zAo)JUJN5hjLQ?u32!Ntvt2+sqg5%Wz4nQuL!^EXmxhqPC@a`W%hP^J-7aiSi6Rsil
zDPG6zC8b3e#q7K5-u*=pY;-is4wIFo)r-Bj^Aak9MQ(vHc1H^%Ux&Qs<hFV?&pJws
zTwI+(OY^496TsXECbj`_3}EMzZtvv*E`>T2{CV+(G)ZX_^Zq;egUv$dXEnupv_+a(
zt0%T@exjt{<-Q^UtV+I%@b`~euCMpfn$u1>s6f4sr(|<Jk2?BBl)Q9*+-t01ZEnc%
zmp8KVV9r-Rb9<$?k(2zQg`^i>V4jin9zap5f#AtvTJElO&cKVe`SO%q@GwJ=^T$1u
z+lFjBZGc`0a9x<Rbb!Z%jB8)fb*KGWTs7pvT)JbK6L^-)5oPgLj@13yOI3kO0$Ipl
zh8@3Le<h-717O5673e^}0QxX8o~Y6UJLymGE3hW1q;D?D0t%*PW(Ca0b$3J!Yx6&a
zN|0kg#6SZ#mWC$u?C<nPD(E9Pm|`?Zh_ZB0w)4gGV@bJdV|>5X5ZwCE?Rdbmw`3$T
zwrPTVkIq#_UaE-VTG<6XzO~HYB)a4#-6{OSQZNKpgIk_);ioY!$$eZ!jM*Vm2>h7q
zS_0rDqD&QhfWMH+eHJI~%^TdQ&beupdd-$AL<xLCw+f=URsS%2miCf<*!_g13+%RN
zjs3UIpo8xf0u}r-(IcyJN<F29*s3=t^$Htuz+cP$q}cfZ!f7&Ddbku%YM+$!AWL!7
zHUwoS5-K<eR@9Bv$d7&t1dk+!pq#u#V?g0RG?~oH?LVEO;-nANCKdg@SAp$^<@|r8
zGHiaIn!@cde~OH%6Aa%sO``hoO|c?_5vkvDUt*IYS^i0Tox*@a@EfyLNXJiFCQnH&
z4sx3_NLKG+WT#zrxBPSLv_hxHc(@9GMYG$~ZZ-IIZRb-pQg0utYk$YFlQF%5=4W9w
zPC*S*52=(Rd$|MB$_W6eAm0^c&mc*>SJeom$W0H8d7h_AAY#-YEz6;Xs+faTBE!3}
z&PBGwsfUP%_W-hq73D>f6@6tCz2?}A)~~#M7lop0T~T2GvwPaM)NymLxMh%&(fuzD
zwaZsCRr;OvJKiI`13%uyw?Zk{xW_S$7o$>ns>bH!N=(9G5QkFK(-h^oR4!Vv$4?l;
zhlsS(U-Bdy_uIs#*_q5~w6<^k;BVWKG>Lu1rn4vo2whHT&|CiS^BM9<Lp2)(sH&t^
z?{1xm&%SU4&?@E<RH5dA9ErBc04QQ=a6HM3QyH+}UdGZgTCc;R`Bel5{?eNctbPTo
z8?Aj0ua8P#IrWjObOK7={4I5Fua7aSXM5=riE;;r$84tKzkIf>O`2^wK@S}ip*mZk
z@-a@qUI8VS&zx1dc@s1CZ&0Su>ZxXOqMEgDPCb%e9I2Z}A6X+;Jpa-BJrc9>{ip?_
zZqG-GJ)c!cb0_9oo_g{rYqaNsK|GXiWs)w3sZTsE4`RHbE3TX(Q=P2l`2=#@*XGse
zZT^rF50p<D#ab8GCwXO|I;rc$Yi-OuIzlBk;EQ<BWh0jRK%uhsZQEO{?w2v=7v$BK
zB^ELP^I73E@4u>S8dPKsg>MgQ{Scy)FLmaO`}-XNl+yAw6?HLnku{{5foN~_jA0J|
zjN3VW!T3w&d`rt*8X>$P`@+li-Np6g&gdS@c36dNKQOltY-OxC|6Hqu%`?$u^R!jU
zL+IVl=qF8clED!0--paf(iv~`-q$6LQO1&|sL6@)y<QQw4kP`5H~$T;z@Z%P5hBJs
zGd(l+SmxT7ZPPo~sG|RHBKU(~?UZ|k@ZMH~u5*%^*D*08+c3!s^wd_eB$X!YLyJx7
zx<Va#^FH&l+f976kZcg>!sSmvqfUR^>wr!qr~Yi1G5K{@c;auC9NdLhyI~dCE5r(`
z$p<QO#+m+O(FO-Vhr%M2ou-(K<`N`8n?-}738#WeOb|TS&Y1w_V1)Qz;-+6@HQ7d7
z>+1J%pdZF<rq+3^Q&s2dc)uZ<_}ixrmOH5KdD$v!%B`?dEJgp-uVwq`70XzjB&Sx#
zyX*@Pq*>CQ?}(Np$W;KpIXjD~@ptN{)$dW{SXMIkV++ZbuEDw)%7n^w|79f}>;_fJ
zN=g@+QI9hH<Zt)uV)yTz7ZmclZoZEnr2p&fad#!B3p*FY&nu@kr7iUCXtV-JJ6(VH
zm>4iGV?#X{$w>0z5p$@5z6S0~L}S^EUi>;f5y7Y}ujOMIDO?5<qy3z{TlLmQtrXDj
zG};S6kHVtpF0tRfm;<WdFVTOIe6fFdd<kS}{yWs`-BEpEjrYsqVfcVk^r)7^NUm+h
zE8o?AFAWRVLRPjE@9W8(bJ%q<>#JugX3^5ELLFDu(F1oCsQpIEDnk**%FUORaWA$R
zYpm<u(W)0n<~EP7nRL^M$OI0kZD?-@wMeRW);&p#GkPMKjn&PpJxx(iPP6{4Prs)$
zZ@5cw{+bb>hGu<iBz|XGwA`?mLc3ms5d9>`w9m{EVoa7LySC=HdcFKg0b3J4w}S^j
zg>Dk>0jaDetKwmn<JWfk2qy1z$%mZg^c;?>3Zp(NnrYLuFZ5x?()6XyPl^-O(D%8|
zIBk)g8%(-Hf}>3k8-~NaldbmlzlqcRZ|_&v^;As1{FN4Wm6u@1695D9Y@a?AZ=Yt^
z^dJYWXBjDBba;xYo&0wAKXhEoyoe3sryraW6nhf^O23esk8^3QnO?V2?n&FRvis(C
zE*}jX;hW^e-PHv@j+{B`GZ#&iKeD8LrOxZ;DyU1y&A-8DN@tf9HipfZaxCa938{TG
zJp0g&F=v&Im~s9+kdF#72+kF$mvdt7f7=_x<y@Sd9o|m1Td<YG22KmI0Zauf^ivfT
zdV<2nsejGz5j3=9Hz$41H&5NIi+jw|L5!{Pji;qE+pvX0$2RL=wVx{<{XR+WCj7{N
zAXd>Vk(>{Vn)ede4mZ-DonMfi54cpgKV40GiEv5leyx`w*QEOpxG%Hn*OcDGb(v*j
z3u6_vCGJAoa}{c#0%2X!AJK0;g}F)f8EsOX@`$tmtYTuFjIiSNgLsjz18Kkb5RX^_
zHGjGw2#z(x`Eq7BA6^bt_S6`&XKPoH9(Hj44xbXLp7UsJxA~Z5hd)uY@T3I#qrYL(
zi%bn4mK(Es(x=|}I^~5Y_`^Xl>^JA)A@+reuf_7qGpbPFz9NG(z01y)`kp{*(b*xZ
zJ!9{>Se7951KVBV6bSSOWKR#1B~&svqWC!KS~j%0?tS-b>NMB<TkSpTFti_Mi14Q+
z0D3N024@pkeTiGKd^6vwU;n_S0mh(Yp4H6>n5T}}W<Rp^%;tQ=_pXJ2p7F&&vRG7f
z1sA0lAnF=?c}@;czl%19s4c^a3+vXZ0QX>K9`dh#yV5uAgL_<&(7=C>kNyubEX~sa
zSb-qYPo6ftMy_uX3eJHGM?RrsY!##VIT|4IkQ+$$Q%sjqQ-L=CpOT#RL5Y-%ER9c@
zYpHG(f?Gsmj5;7i2w__wlFaYyyf{AjAOZwIt5wCT274N|64>YtCD988>@4z{4lx`H
zjuCl27#Vqu7cb$Bi<BG$Iz2)Y(71ubsReJq<5`qUJ!W)@@TyvIX^V3xZS;ZXPEFu;
z`-A?-<_<1v{%~M$_U6sCPJvM$grJCifKQTmE*yT?v>nVVzcQCtq)je3K*Rtn(sU&b
zl1tbkhurU5q&zu?Ef`8sEaCSWeWaql+{MjCVp7}f{#fE~aKdQpfR8ttEMX`9;RgWd
zZofI(rb!V>604eO!&Mm)Z4C5~5}?oq85C0j7zaA(wHtGU@YTFv%F8QdIDX(jS~9~H
z_AZCA1(Z7Un4JdW?SS>Ui#@CYLG*j0G@H3`_#rVk>w*w8`&GJP2V6syIz<tHMM+wu
zB#-1|?w3fZBMm4Tq;QGzi2-=OpabumaWZ9O<b*wS)BeGcxQF5)qtxK};Bi~JEN<fk
z69M@3{zx{zSt{-Ae%L8K!@Df0IIs^|&}I~5golG3rjtydo122sz|)64V!WKk$h{u1
zQU^^T1;=QWJtCHueB=_~E?Spmy54lDr4O9{m{yxRAmFriJR1$AOWCat*n&&Y0w@A#
z1uB}R)5Hi@<#0s^?Tg?|;y{MOOM*<=QS8VPOLu&d@D$Mi_#_&pa*1Xe@}-ggJq~Mq
z$lzUvbG!wxp8ar<aV!kOx)3xFZbOT#WlMW^N5}v4`m}r9r}dh+bBpgB6%i<?ZsBZ`
z>c;TSO*L=sAY)I~>?JUMxzhm_kF<ctST$>?eToaMGj;UlqjdkE+2B@XFvJ45y)EGN
zg@VzY-NU;OxU8OibB)OX+`9&Gk&WycaKR!?OwgfvU3MM}7Vr;B7h<m%r4R<cpUO#o
zuX{j02hQZ}44hhrF<N4!^A_4~JRf8M^oW2BqWR>D<K4S#!8gDF;0jf#cNPKgfm!A|
zg+1&Iq3iGSvLoztJB@%Cs|4gSdMJk`wyaa*2&xMBkW<9PhW}(n{zez+otpg)>OTO1
z;bsE;LGX){`Q1D9!1nt-)(SPce@n9kFdx9zs!ALa;46=VJd;l>IW0w8?imEX2_1fO
zlb*+HB@ujYdcVSKJ2*q^yg`JqcfiUEw<BQY7!C66Rs_hz2BXPrGMYc!yTcfsbD>m}
z2Q^TF0bCnEyR^_Hz`0<M0&r$<KF}qSVIowd2#j+_%-@(r_OTb?;c~gTaMctCLDelM
zZZL;~t-GkDeGmrXvSAiLuQ(J5L`plQy@T5UIO}qGfRcp$3h00U-Jgq$Kpvi(ESN-F
zWRU^f)au4X0uFgu*>mCm_>O&BkK_|aE*46N%Bh1(B(58l&p^a5Cqk^u0j#^8aWY_J
zkt6x7QoeNj@^%EyuL%N;8mMi?>RbQ--YinA<Hd{=C4Yg{J={jlNkgidF*nd}_DD1e
zgsbOp^%l7Wc2N_=?or?)uqF=tapO%t4j=e%X-yy$^hwls<PkynUE~jjbX}H*ZUu;B
zlcnUw9X|2d_UX0JHl>3S3<P|5%O+M|{g@1vXfW95l@VlfFF8@{;h{=+l^!?MY(ev2
zGd;z}lFK0`Mv(j6UcZ}sNuEX=Dxfn90H@)IawLvdywml*R1NbuEz=jHKEX(;mFkrS
z2jE7ykUtrWm$q&-hHv`coN+%PHcQ$l_2>`r0uj1S0uLV#hKfSu7kNBh?g(*<ZA;WR
zivN&&w2zl2uE~$K^MWPH@Q0#aVfd)m)HTHUB4h4#FVYpq$z(JX4DcEwx6^T_78pXn
zJ;-Qrq6Yl+crcJn?%jsKIbJ~26-{%pjjxgk`FVE|0U#j&)XD|Q5Kqoy{0izQWk;Wi
zL6Srbk3OEBpq^ndM2P-w$nO*rrEEzC>dpWF9Bvo5a8U*zu;>-r8HSGiZXG~T3O6u{
z8$*4Ip+F!M&)(({o<k_u?Na9y<^zoFfdu|yQ1q%v90nu3Zdx4S;_46wy5uuc0g()-
zk88M+i~EN-C2AQay+!q-5y7e>R(R;PzYqr7E~hbq`jHSA!z;!LP`)=e5X|1@4j};j
zH+_*91ORx8rigMV*z*}Jq8R%)1pr1~jC<%jq%8UTF$xemQWDov(O8Wz+BX0&P@%4L
z58Y*et1N@Kv0>5e8g9ED3XJSC;}EcxRS5y0CX#+}ax&f@I`88xTxbWXIx0a_0;v7z
za3!3VK~2a*BtA;tQPVgD@kZAtj+VFu0Dh4{Mz)uHArPhj3Nx)@Fq~h`UQz1+Cf5;F
z^cetkY&L|SPs@6p5_uyo=WPNo#2XexU@-^gUgO~A;qLf8`=<av4`hJu@b1}oPY7l(
ze6&&uIe=yc;0QSdPK@QEI04lev8|iR^#A}6DtUy_!n{m05{V-(6EC^#TrrjW(MUWL
zjnWeH&{{MUqI3e7RL3x{<5f1|HlOhb44fpZCAGRk0)cokyLY%Xwtr;1TJ7~)U9FGT
zZ}e>B1mf$3H*^3JO8{`ck>_;r;v7yC7>(nkbQZldY|f_J=?W#&@koe!S}>7HuNA#0
zKm|X8H#pEW*8wl*1dYdP_Z>G)fWxRHjM&6s2m}BW6!-%1((c~I!N%U+-s=&+_&MeR
z`qx+7G-VT435gAASSR$8S;Z)sillBQ#6Kv{5_ZdbTpa39Zyb*pONI^dqcV?2(Jdmd
zn0|PC{z!=LYYFfgd$b$m^kF%c5U_40x*-6fSYh4W<hUsV0~X)~xk-o%;#u5pKU_9@
z4snpUYp!3Z5C8$cu}RT~sWD;kuwmSXsUIGWa$?9YaacnVjF!&NK@>PM@HVuzhPO3=
z2+-8I*s((3828oq`2s)WHJa9SxwxUmL4Mq=oPSd%40j@0bbz4-X`e9<Ddx9^GKJTD
zZWXR#W(@rRp|DsBE@CbeZ(gM|u~*C!(vUQEj&Y{fC6ZxIn)X0N5eT9e&i69}X*IFO
z?Q_xLaX~~})qu{1j|_+h;q*yvr;#_uFT2wN9sywN`HSXzFYh&{TX3=Ec*hC=)kL&j
zl^VuD1OmV=v?u_LzK_bE$OdFvMWcvI`~s(`g&bH6L{}F>K{qa>^~a+?J9T=a`t+a^
zh0@^xc@$Sw@QOyRy>kl|fX3k`N3?F&N7H`;0OR~k1_;ttP+aGk%x+n8rG4Hc)#pij
z004LBK|m<7-4gFnk#L!W*XI*uQ;c)bVxh2#l|eIhatv{sfZI=-^nrf22R_d9P(_WD
zL<pe)^%tTYyJU7H+SDjXzF=_C>k>B^ejpAWL0}jFp#TS0ha=>4nd(|Ro!{Kr9k>DA
zYYc>_S)ixOwjcsPM}xKi{Q;z%^Y<Q7a2~8<frawWa1_XbeP#y8oN==M2b>(l>vr+h
zW`JmFdUA@jpBu4oc+pz`%>cG<EfNvenFRStZwx>K@O$icM}K$GKV$)nWyXtsF2P~0
zJin35;}S2E1<vsvPLU45Xb?2Ap`Rk$k_!O1y<Tn#^>WP@ex;L40fvWk{0=nxURpv1
znu0cukrQa2oS2xLnx1jYOwUZ)r=}f~(@t6`==B2t(KWycrBm$e;~<OfGIcmV?El_P
zzX^a?g&B;evE3YJ^IsgFn4!_Ts~$DWpbEfF(Eu-04`CpL%5YKQnL)4EsDK8Yeklm6
zU8qCa9%J|TLyOcj7Z4jL(e&9T7yw}AsTup^)FiwGnE<5-AOu3x_K6t;$%E}LWF<Wx
zP4@>Fz}V@{u3!Mi?s%2$&hFtr3!dvZKA@8q1d?D2!oh^dHe=zBvco>fBWfi+3Nh)-
z#l#FZ&e)AsBHFXyN8{<HF+%$!bHFry@$}T><m8mwjv`|>b65`3@1eJ@k5+s)0dQJ1
z0QxRCWn}CJ_NO<+EuTAhwc!8&yo;W;O7t`tL?9lIM`(;QfX09(mjc8^STprfzMm7C
z9+z3#vCmND1N~(<|3zPbGZOI1CJBJaNh&Bzku2B|0Bo~y@q5MtT+e@xrBGy8$3_K%
z)4y3J<pq|=$$@Bghp&3Z8$bsDJQdpn^-7QK98D*2Zk=>ffVakY1Gqwfhqwp;Bp8nh
zexC<Bp+Ns}aU5sLDR$y`++m+a`T>C%mvee%hUj-P)y9h-0069TD*(pL7L;PJk9tBk
zqJSX)a03E5H2zR>b9c|U>UsdcHWh_{dbv^2%bE@RMMMA%6=ntKq7|=4Tsq=$@qFkE
zkHwHZbkge+Jm;0@f_e@WXQpQO{Nd$JP1&c(U0`2#h67omcgD&FV;^uV<G5-BO}Won
zW)(>W>%|_!c|n@|2X@ANum}LJaec9OIPe3W_cWki!+uemtheFX?_?CL7<vu_0IEOs
zaLHB^1>%}1w}Y1_@^1@p!^fg=^~TiH)Fk$l0gclv@(>5IcgMuej4;7%D0qWwpux7X
z@htqG<mo!e3FaC!jn8F{rwr3iZOwQs0K_Cwyxk;%N`N=l9av^;u4$pDtT*UhJ^&z|
z+yDg7j|&J_$V)4Pc$gIL7vlkOa#rjNKVwa|(P8Y*gC-6TfGH#$2%WZ1Pg7RJE215{
z0N@7o;}CFo0@<AxhkM7zhj?XgI_eEV9G%?UDP@z<Ku8jaC$onV$)?L*qnKFohSF(F
zRK>G{1(p^iKx-6aSy#%6rT_pDaF)}hjeI&D3NQyqUb6^_K>-;)YLjq^J*sx@m_WmU
zy2H0fJ%d0$@c;A#%IM7W^wboFfnF*vI1KWIJ@_C5E`O4?4!^<~xmPcb_YMzB8!t{?
zzC7H@;&eU9MIf?<k!K{D-#vVZ*A=`x+$(Kv#J$mM79={J%y01(*93sc0X@zH;j$^<
z0LA78cL@;K%E$3~5wSgrofJ?cI6mPNi7j#f>{vMUP{&v(ATDJJ&~9pSfhH!V$V;Ar
z|8TMfKSiTQWc>yT?E^9(1=A(m8}QnAzB)Z25)OB9xkMf}(0Bv!&7Cb=OSQ{)-JhHs
z?v_d$X(T8VfOFm0+}Sm^c$-$RPkS^}nxofL6$d9HdHCv`d@>^J0FsZ<oSzo#fDOQ;
zklo39GAJER8xp~A2FZay|HkW>o<ajKF+-IgJZ>jfjliCwmUM8*-G$!Io#zkOdVRs<
z)*f9?|C;V+AH?&oPhaCDp1WJoY%-nSIeh){@L-Q`_B?z6=m2~8lUX=S)NLhWgXi%;
z0=6qn-XVZ{H8hO?2t_=A0DdnOiP@7BUL|J2z}xjW(Gp_b&cU1J{8$h1Q&k>UK~Td4
znn1g8{R(J>MJb4@x)<rEu?BGp<3B>b0Rbpje{d}hI(dVx;JI!2`s){aTQ7EZkN1x8
zcKc%*FF(K?jirsOKfVC~M8JyRT^@9m3I3#k5va)G0$$vwQnqnBzCQ%tkc`k?7s(jm
zrp*x;{g9JG9TOnYxO<H5Scl+`E>)wO`oPgeFK}{(I>*pMnR59ttO7Ce`ivWjoWc}3
z#-6_u!VrH1Bsdw*A^>+R-#>Y=b@KXDeDd|l$xFQ2b!T$}jCv?u0&!l8XN}7&UeFF}
z<L6xCt~s2g<|QI!o47<G0ID;}wFy3Z8e4I@`QCX}xM0yRy8!^;`4a#b&aH*WkM_=h
z3`~;Gj7HNw>G1ND6(!C*G<W2fo<@pi#sh$z&mo+d&H_K~?vW0-rMU6>#M%~#TZayJ
z>1xwxG!oq`#UT#H<&}8TJ+AS^9nOXdFjh$*2b6Wq76=7g)Z!K;r`S}2ylUFT`|?l`
zlB*}?i7<fTul4!yZYIzMZU=ZllM^%CS?YE{I3U_*-Q0l%>J(z-Y5RB~px`3N8La%q
z7H(cW9_$VIllM>bum8;u1YaFk2PeOJeR6!T1*RYi^l$BMZD2A8ltdB)Ve190aW-|J
zj;TOgp;5*=s%_ci8gYQ+4MN}?519yHxs&@nPy(jO0pnT`#2k^x8qiJe2S9fQeSXlD
z6O%ulkeuw3I3}l@v~-$M%c4Jc2Et<^czPTHF4WvOE4*o5%`V7$Th}}7_v+8ihaosU
z{m%#gdIkF8)yZBG*RC9&>}`M+-9<=tUTkh{(M|XCW!rsj7su`xbOSUSh)L4#at8^4
zQa)`|C@C}Mb#sab+!}g`zyJ{X;L;cJo4BkP!e{`jJ?Ow6W6T7o`CK!TlP=yW=oW4j
zsQ;O%$?38569V1<`XtHxCS6y1d~6*5`A?K~F40ieTk^0RoNxEOHo#zY@Ot+Uh(>Nd
z#H-!$-g^M!;P~Jr-tmk=^SsKH@hbL;7tjoX_Q=NLzF-8TJ^(%uaW-E&L5))qxo<!}
zm;q!8|01aWI9|;vlH4Hz49K3G`0?ZnSH|4{zyt;Zc3M8@p&P0&I-UYoae6HMGcGUH
ziQ{+$7uaocf7G|Ss<w}6M~SeeJbQojOndvbeD$Y4>HPV7+?n+J*~Pc!>e!brUxCSF
zeP_V;`s5WZqdI;~9B{5{m<a{$=ZOiWU;|^ZkpxdOo?LXh14#gYu9aA%OIQ4ohn-Hq
z081lu1qYQkLUdIt<sGrZ5WEG)<izKAxK390lhaew6y&5q1W=zy|1=1}_~QpRKADb&
zLeVW=xIHNA{Ym#1v3k8G=k@`CjNWRk7i&%BXuqY!T18E5b~Nq!;`01-uy*b*zJB`G
zmGM_`J)_k!74QRT*_P7j*dW@-=i^|={XnfhnWWMVWv#h^Qlc(6FV5?s`?u&1hB$rT
z<NPKr9R?*25`b>t<n%Pg4RG9c=M2|~X^_tDoW|sc5dtI8C@OA<+g!MQ0s)BPMN}ow
z+QT>Te%&oJkJgXmqP)^vS8|Efqqf{Qs_u7E?Ltw>G!m^wO-Z!gUR~178DIbDGyS@v
zsoj5p5M2D@!nTF}Z8HAg0;xoQr`>Mb=oYkmG(bb-z~Nv$g46@Z6O4YUn9|*Y9w&-M
za4o`3byP?Sh^;4XhhuWmj-fF5x~`ci&;W=5JRk{ElpLBwZ<0B{NjJ399zFO`lr;<l
zBhhreL@nPe(YXEKN%wuLRj*f%YPJ2PYO}rnFjLJvt`+7Qt!78bq%!qZ16SuY_GfFY
zvZfbRx_w>g6x*GjU0iFuj^2LH)c@%fZcr*f6fDCR6hN@rsZ`EJ%?S`-MEo=hvl!3k
zqtv6pg)a$LCwh5c)+zbvW^Sh6>*Jd_`Li>a2f>60r-C6A;MDmHL`9S0nE|6fr|<9t
z@g`!h+sRUVE#&9+W4x<5UE1B*6;8_&{q4nDbXqg9mDQso5QEy$YVq+(y_l*T9hFy>
zSL%&=^C-7kSZb7K6AO>)wN|s80*%?(ueX|s`cXmYX$866X}|r|6Yzc8N=s{W>WZor
z3q{;F*l9NtHcXwvt4V?Z#6}BGAe{zJ(htWCFUgN*zQ{AvSTZLEFofBCuUE1JPM{+|
zz^5E2&eK4ra|(HVKsr5B7!jeC1jbKqY=E`TXOl??Ln9z<c=Ii`%H%gU_c(BQ^0Ttm
z$u!$#HM1_)_Uk}xtt^)-tGQUNTFs?$vFb{-Chsp4zRczB|D8`BJ}AysDo533t<hds
z%`}^_OsCaS)!Z^@45ih{wQKE0SgvOPkW8o0ZleG+>&O9oBWNT<)j&V`koh=JIOCj|
z__0F@_|2udnApV){21h+mcaZQty}^g2kD>TU>STta`z^OAI=I)+g%?28bs>g>y+>s
zUc{d3rXdJ#;f0j;Ueocbg?1;?Xf|7^aBcOdR&T_PRx8VMkE?PxSIsTVEfvD6Rk>JL
zPo?IU!(aaWd$FUHmAU0YrB<&M=V#}NwR*eNZYzyktQBila<%=+ezU%E)XLRXJM{(-
zpJ-+32ms%U3_cJky&$@x>3G07`A78pczVW7vz0Uw!S|5+eN+#j;udAc?33i+a=eRt
zKRt5#!2i=^{(*k)S~h=x+1h+IolWCKtZN)n;l1DSbe=N!&)Usgs!?lXT1{a6<^7e~
z(b3Ane5PDnO~oE%!r!0&!H*uV<YFtCFCIObeK33f%LlR9+2z^rx|}ONUR_>KmDl&1
zpgrnx4TLA$Xf7A!+R=Vxekoi|)EkXexmev_uCChF=r%~)^&6!)5ZtjeAQEsg{r~YF
z{n0-XGa_gVu)OE>lIr8tc-&X%n4IDDah&b|T1V*z4*=EQG}hBV&0xBE6MgqIA`qvH
z4g#<Sp#TE#XIiFJZ`Rt)7O?VqZJ}CQt%vt3bLE9fdG?dk^2)tWzxd?gXR#lC`UijS
z?>~C*X#T;&&p!PJKYaMv!b&EQNTmve;#?t@Yu0m#N~IC2WLooe5d7Tw!v`ygm2h$P
z(Zkr|@ccq--WI`fO_CJS8kINbg)Dj<6Q6@rPksLR#E&Q3i<l?o!Yg`pL29dZ^9()h
zQ9xIbI;T<g;r*Kc00Qs;2l%2`u7xlSg7-XM!kCPPc**EmG+oMLA@k3)77`CUoM|@d
z)n$3LTH8Nb$<38(v#IdvCl6*HJbF0y<%5T_v)`MYo1cBW^ap?VhhNUkeeyUKO96`%
zDspkPn3Lz>oGXuVspU#+y;zYenM^EpZ{_h1KmBY8{(dn3*#jGuw3B=>a){a;MDNq0
z<dDd-w>x;<Hui;iy&*{o&>b^WHK)ohn!qVL^-{Z;{iz~y0|NY@-H)qr^1Hjc5YqDv
zyr2rBYuG-57jx!$9l-zb^LDe@P?T1y)oi5d`;`?`gDY~bRu0br%RhMh@E?5g#r&g3
zbC2#nUViY&_vdFHJ$k&nG`AEBf0>CDQgS5+9PqF(S6SJI_j3>g%T>8jeEjf1IPt~m
z+&_H0{QbZ8AAS18ye)(ewy!`al*QH!Vr<;-8H{H!>%(PIiI;c)IAF1<eNx28;OkA>
zCuSyT!2;Gy*zn!Z0YVeFBWs~GkO9oqy(rNIw1_}F8sT<^{N^5~@7}jS3VOMA2UK|j
zxPQM<udf!0a^j0e3rpdphkxh6?Bm(_`^)nyOX~|O^UJgU@X@2Ca4Z&%-OptTtC?Iy
z&Xna`Zgpj)x-^>rw#n^-KPfMyRx&GJJowSyeenGs{T<uC|2<of5TJFY8~JQxEg6cC
zx&s;<ekqQZuSy)y(S20l7WsWHml&7e7O*MD#N><v<9-Cde(Uk0DZn<VU~nyt)tck2
z%}vw=r98FP(9N{j(k=t=_EIe*APgudjr#r)I6<p&Z6%d>`0xkwE4lT@_aFVk$4jd#
zU#u?QTMe(SuiRT&UR_xYuP0)$%>CHI_4Qo2T1_mMtL0)2WCDz4rU+kGS*gmoLMpMc
z{2zS(4}SC?{@(9>&lW=FL&rW8p<+Zfz7|Bi#xGa`+Z^zUo(UjP@&!ED_sr+dm#PrC
zPCMp~B<IYu^LFy#%Y3{_IJ=99N?a+wvjf@?&0&&n=H1vm<T&6@Yigm=RuYXywOTCh
z*UJkF<$FtCtb}95TqYI{uguS{hF8|tzf7#I-w)qg0rJDK@Pm6X)B@pHIgv>e!F^n)
z7C{(_32+%|07qtdzx+6ty7yq|i{JmjAO3sa|9unzEDKUMMKqo*C8I&UU5p`c_=D6v
z>Z8V%007{^VkvJFAe--n001jBz!Y|H035DcsfWkKQ&$_il%qJ@#XI<Rwl+``#>LX{
z9pMQ5Lb<9ao%;U5(Z0M;sD-PwqdA~#wUCqLa3K?3SzQk&!ZFbK>#6lb7|D;t60y}-
zcpaYD@`79j$*-hxnWCI3uP%q{jb%CasIr_27t4j%>gwzlbDw_kd%yu}5x>Z7u7P2W
zN2zf<fMF2$_D%=@Jg64wVoJZq#eGe7Zf8TgE=|rL0+=-f*J)<zE(VyyzI*h1<CLm?
zxwo^6T(G$Tj$xd<<BihhF15Np?Oi_Adbwh?yabl7QdwPTG~~?E@+S$13l<(fx{m^%
ziY0QHN2!PKPB;eapUR|CsYDFuFBHKJf>U&~pDRKfwO<2Iswr2C@=*=&lq=<2D!dZ=
za`};sa$5n6>`?9HF(pI|(U|4Hs*cl(W%spoh>p&U(r;vN9S$&fllI9;Du;pV2L=G6
z0W1;S1^^ZCByWT&HV2}9jd~!PWPdE5-{P^a%ToyIT8YZST(vkSS8L5wt(JSd5G(H2
zmgiR&=2v1wZ!VWhq!JlCe6as;-kHq(FJq}kvD9qgaTOe>daVwD#8INzY}St|`}>tu
zdG>zs!I$Bc)XMDAf;lkZ=TKMNFemoRdR<%wb4N;Xuef8xY1B7nW?bO?PE1fS$Ufsl
zG!PE^^sQ1b!=)^DGzz3|(*3JjbPxGfX(P=tfSFuc5B2Vyp3;l8BG3*&P^}t+vuixc
z6)M$7^Iv{{b`{9a0J*uxvj9V876d<qAIZ%=On_M6pWNg5%2IW|c2sLL;r#3H-)gNU
z=N=|L%M}W_RAKqk*_h35^so7hJBN9c)Qf5{vPk!l!uye+m-noQYepfi!wwjy8_PjJ
z{fq;&zjI>3J~{1}vfm;E6fO_~k<DzDZlFHc+t_0OvPqJG&8@u`2ec34^75_Pj>&~Y
z8zO>4dAYWfDpwbZ@`Kgzr}ySo!igL|vj_u%faK>gxrZnQ;rsW#e6SvVRIV-o%Y=^_
z;7~R3Y3vt~W#sZ~I2F79$&yV_Z=s*vJ@`0;XFi`l=#~7~LdPBRe9JPZd*`$Z==V}F
z$T8yvU!Sx*sLmNv2~6-`_5lP_(^xrjEkev0&t~xwW~^;NT!eukNkD0H=RmB(=>GBB
zLZVoxsGXG3C?_6%nJBKzF3hdmd%XPkiv{2SIL2Jz@gpF6CCB9BKNFcpiNyN)%BT01
z)|XOpc)5@($kj$G(MmOA^~MoIP{qQ2YIS~TVQKkO1i-gwa=;?ydZHi+G(&}%f1V;T
z*T2vlDf+yWD3n~EPf@FjN6<Rsz(2R^fJxMsPB4a;xyRKP=nv=N_|s_y0QabFiKRII
z`r?nl8J?@Qn@5d$rE+iehf9SA;f2rc&&@9^EQEo@3*hs^nFHB$_Q2Q$kcC-Pg!gBE
z@Vy5=y7!~h<9n<3!z;O39lc86fc09fx=`M)Rx+v8<>fHlH|WQL2yuXqHa^3tQ}?Lo
zAQksdQE`CQWdRKk?1KY12^s(tz%)cd6MW$46*C9iA_h~_G(!~+MUq+J2WB_u_y+(S
z5&-Ycf70ow>-$ITMtyZfURqgrG@D8M;r$<da{s}-xn<x0U=Ij-fc(O2j*lOl9E2j3
zSpRJ9!TtNc|7hul;ZMH!H2m;!r3w)+dDe}3Z6EYXty(RY<sx>A<Ay%3xOY6TM&lD=
zMp`_)Uc*Vf&7z$R;(zDV#Kh;A>9$+g9nYAEztt9!5a5o~BnJX;_@!Y0jN#vBcsWF~
zlUfBsR;<hwmX;S%>+|>T&9AP4JCp%Z3q|}77y-{7+?_{Y1!h4QQV+fehnJRqIKS|N
z2lIb8JG*pmJ(H^?n(b7q0c_9!t5ApddLIl5^$LsYwz=p-t@Gl2WDL4%i-RKSk3tK8
z0zWf_X|Nd)`AlINoLPTrYKZ#L#0c^Lc6<0EX$l3A_t^#}X_IgslmOSU8XZlSwPtDs
zg8QY)LSY`%*3ut7{t|qh*aINHScL!Q=H?3XhyeVfkjNBfGr%Vx0^#+0OW(Wy;LG3t
z{vX_*Uz!htPq5wu2B<aKu{zoWcmvKs4ZFpCBFE<)d3+mLzt2a?kSBtTnH4nmbm9(7
zfHCt=Ok(9n&^%$G*FHo%17LRnst|po1px6lWo6*sC9n-UV)C`w>m_oHhq3iSIhUKC
zFW129K@V;njD9KuB-4Xz@EAp5E`t$&3XH(R)Wa{s%lE@e^Y?!E<tO)MAN|263o*d3
z(QHGI-ELGXb&v!Ep;5QtVm_Xm9iblFf@}oEA(GF=adkTQdQ<jk$BbiY3d=x9DEh*7
z>WhMZPdP>Mck(VJ$N*r@H9*Uwvv~^uN!ld5DFD#RO1-weTCOf<K&cg~N5$OyqgY}E
zv>jM|IPLjjc^)8`FJy|v$B#3a!rUV;@`+UJVQh8fv+&CDkLDlE&n+x1%|8x5OclyU
z^+dY^Vz2}@VZGJ_eb8LDK>!S-iUv6xn=t?Y(vv~Fi8`8%1gTke#y$zo9|rv31~35A
z)D<8Ib_pSv`Vas!48R)19+(bc`r}FVguoJt>F-{<b5vJATg6sBU5ypX`*X!|F;PgB
z=YY|{@yk30>dWQ%xw&EyB|kTpn|*{X5InK<@XBW^OG}_SS0GNBUk=|(6)Ow1R;JSi
z>2IbQwL02`x{XqNixv*x85;Bp{XuTI4v<fbr9CixlUUlKgPx|2K<o^fqJqH0w2LV>
zBmqsrZ2<T%#f+AKWPkv`>?DN)1_%77O$EZ?)cXDT)Rz$DRvUB0io5{6AczET!NW|k
zJXfAa9+;bZ1oRgn%!BhsM+kz1*!t=UAn@tZayYySk#qP53q^<xn!p3~M!VSnzY>gW
z)5boJ0KjNx=O>5_lu@4JLSCN+FBiNV5CD(`P<j)eW0vppiK(dxLSw={M(U?c*|z{N
zV-I*27ei6d0(qt%FB6DzJPsVd04Q2T4X@X$slvm=gGbeMum&spg;=gIUnyiT;ZrEi
zm&;|KAMgPB;Unk*fO>qCNj*d+fRJ%zd1ZAqyt)d}!<Q>L`KW={u(dj^dbI-j5HDL}
z0Q`m*U`#gv4%jrb7NMb6)PPjm1A-=y7wl6L)D=84`C|wMNC^TbOq&2$q+rw_A_utO
z=ZE;fNd;g+h!7w{u**ZA-AY^OXw6!<IJ=%I)+#x<-mF#bX9{wqkb9H^wGZSk%meM<
z2F!vjcuXb`g<&=W0K~q$AHD}i5ApGr_rfcmEQB+KeeekJ2BJ2m8msk0g8>jFai2dF
zp}?49!*ty56<v@J>xmS}Bpvhwy)*Io#N>}ZpWyZ|a*7RtC+w5AKEwfZ?HXmH(|G=C
z5fcHxWQP}{y^$5QCoA=OE|IJ3uPo<|TA9`PVnJSB1~q_AP!T*Cdf?Q{=n>3<9mHTD
z_7FnD#QoU)_1OBoRd|E)5KEP1umqs~GK$h^<r=l4#yZ|P>i01KVDgjMXi&^Ig&;Qe
zdvSNZi~5{hc&woBJ_icnuxFU$NkU<ILj3EFRDeY)006hdl^~!u8Ugy_X-bMl<LM2&
zmX;SF=vqa~v^%m4AzflVR%o<a;1XAsSC-4<0u{<KCP%;ypfW6jB6tKb(ZdJ#f%JQr
zDgiFIzYZS37vc5Q@Otb%M%9UWwGnQ%feBI&9@2%2KH&p_1SCsqV(5wdl#nD^<N*M%
z?&SW!;ZA%Ggd*V+0LKKn!&n%en4Gvl>No}<U(ii`RyfduHSx7*K7><VYin2^-N^6q
zgv;}?R%k2rqy2UbLjR(?+(^~tWQdM2D8z#=%L_7qfPzpgFU@5z`<F`Hzqh=+9=mrx
z4F1A>fB<abIws1%M_8%VVypF9Wfc%m0f9`*xOCM^q7d24M`(V6Dpeq#VjLQ~p9MW2
z0d)8z20#A%b1I73>FlRPGMF8M+if8@0xs8L5U)|eE7owhE1Sj}H6kJGZo?}mci0YA
zG!0mwvfq)H!PPwiyH(588nt<OUM@dIPiU?<_qbR<L+}{h!zciZKn(OAoctFnpDnMf
zgjeo`*CBKU006JKs$AROm&>(!v!iyJiA2+eB|kUKi}{j~$Ob0JNd&OdG?@(W{%||i
z_puX_6#k?D02JVl@%+)-oyOsqnHe+}HyL3R0L+U7@q)2vFb=YY07N1IY`nl5r?63`
z^n$fuPtP>l^=7>QZj8LrN>p1Qw!r`L0z?2{24-{M3>3f{W>xU`F*yR59bNrwd46Gj
zVP*BRFIMlxFmA||%ge?433+K@p$uLSXu=Hk2T-6Zd40h}ERf{mYir#6lHA-%2blr5
z#R1)4pn2l+A5WkpAR-f=e@^khBv!`3Poj|u+#~S;0H&!UDi~S|;fP8Q?^}#g#|dhK
zP&B@^wa2{?nx?ecnO1H-SFe^U)#asH=BTy5AXira0PuQH<iY$E=7{<N(*F=c;q}<c
zkG}t4_R$ZPmOonpM<{__0&t5wn@D8lb49s&)WC~5RdL~>+Z#yIXm1qVk|3FYWI7q~
ziHoLbyCMkr6!?B1`rr|gKAa!{_#BY|7uh+3!Lk$x#3TM20ni8s*zKSL{egIrJg-nR
zk5R{>FF?a}$*nCB4V_nHCDm@KOT}V)b-CFFZP+>5uY%?)LMT+ATo_nAv<DayB15De
zg8ln4eDBlmeev-7vkR*$_tuw}S7MLgqu@@Y3g{%I3dQPv9sGe@M=VwK_<;W+sD{(|
zEH(+@1;HU~&*z~|4uCMQqmFP829kmwLnMqGFf~2x1hKZe-42&8fD-~AkOAx!l>(BK
z4EcCnKBxeiSR>Vw+}bf#pj_x>t*x~7>y1LY*{ouruyV8@&(G%`V>$$L0C2X2%;Q1|
z6+i+6AoC!6@80qc|L&)c@6SJ;TV7cQjrhf<s0{AM*6*is53q7j0A)~bHdEje*tikK
zPb&;i@5O0y#2<*#VgOEm!s&t+h#G(*A8>|I&Oe{PdH}eC)7bin(-Dgh=enGZ586Vk
zlVeRa>JQOcRGKHIO`UiU$)q{w+0}HV1O9C#S1Zd$OUrO>m7}9&;CCXvP)LCbG{>1i
zh=Vd2hy%m-KKbMi9?n0WUtU@OALz^QXP<t$^uxKOPnW?V{4|#M^0U=g2H>jhgICy0
z@tvdS0#JQEpN!B}DZdo(`CZ0HHzh!kW^nu_9n;wRF!PVl2ewl@08a7bwA0~nId~di
z^3Kx0Bq2zRmjQ1)=yBsrA#eeeo`VsLhxUvXscndMo2^{oUP_*omomkrCb;i)(BcKm
z0bvd-htA(DP!GYtL-c;`hnK(i#h2mmqsQR;VBsJPwqR*)e(95?WpD~tQsIU9l~kr!
g4Hv7mM(XJQ2U&t%ES;~(VE_OC07*qoM6N<$g4<{Z{r~^~

literal 0
HcmV?d00001

diff --git a/geonode/thumbs/tests/expected_results/tiles/wmts_7_6_4.png b/geonode/thumbs/tests/expected_results/tiles/wmts_7_6_4.png
new file mode 100644
index 0000000000000000000000000000000000000000..de1b9c8d700161e07939d6a6d6bfba462b76beed
GIT binary patch
literal 34620
zcmW*SWmuEn-vID!Fk&Fx_@lc!B&EASx+E0=L69y<=?>|XE<w6$q=1xkcZ`k={(GL!
zi?ef`SNFDaU-vi89i^qA_zFS+0RRB6l$GRk001Cz3It%FAU{4<8R`K5pg&q_dh(Hx
zkufnbadB}82?>dbi76>5si~=HX=&-{=@}UrnVFecSy?}R{K(GE&dJHi&CSir%gfKt
zFDNJ|EG#T4Dk?56E-5J~EiEl8EBpELXL)&fMMXtrWo1=WRdscBO-)U0ZEam$U44Ch
zLqkJjW8<%1znYqwnwy({|Nh<5($d=6+Sb<A-rnBP(b3u2+11t6jdYIaK{`kDB3&T*
zkS-AYNEe6!qzl9#(gk7&2|2<L!$>g12-4X22n+#5f+0qcV2Cj!7-Ad=IbI?rkS-CE
zNXYRDF@?0SG<AjegEag1&lO@C=?XD}bcL8jLXOvnzeo#<f3Fd9NK60bt`YM{*N6qA
z<&}kN#3Itl>f+}1;x%FkX?1OBb9-rLf9VGC4{2@v-`38*8^kiw`o{A1?(*K@^8V5C
z(b+O`@fNXyw6?yovAMFdx3asxvVXL4i&#b4+*;k;Up+Wpy+y1cZEdgJBG!?%ch>g~
z*Y^+C502Jv5gSMcM;pk=9byyd=ydZAv4wPSv~_sAb%)qS+S}j0L+l_O9PXT)?c5=D
zkq!=b507?FFLtjVc9ARhh&`mE<Gs`Ky{o&u>xaFY`@K8(-aTR;>F9X>_+<a=V*mPn
z|N3Dcx%hxMKsr7-I5|ByyEr(99b8-<TwEPo-5y-u9o#$|+&&!KJsmtC4v|hy4^Phy
zFD?&ZSBJ3c!^@k)tJ}ltyThCN!`p`=q_guQ*wxYH_0i?c(bdh-&HWK_{Q+@|bbfJs
zd3}6!b9{4ueEV>MbOAfLx;eSNJ-K~2MS@+PUf-Ubot>Yb>&N#r0sx`R%5rb@ys}df
zQL^-h&CHQj@#%+WnE?`r$J<qxQ&s06ZzB1m6YL~B5N!gZDn@WP&)bZ;C@Mm#EstfI
zyBryP1=1z{kyO4cS|-6s*X2xDN9u~R`)>1aZbvhGWxK><`OZvgPLFh#V)VLu<4SCu
z)HtYWA+Ca9Nq66GA3k}`v3_^Mv1L@qoMyPZ^3T{reZZRi8sFd9YW_TL&)&_=XZ*#+
z+R5n=nha%5zV_ULZol+xLzke#$(mH#jk5tS@a()U7dPt@sKs?mth$<-nug}^9zo^R
z)&20hG}3+2bn9yhq2^m0jqVn_Df<cIL9SFaGh7zC$zN`sZH63%OI5@ID3bku{DD4S
zJ}Labbdda{qRp>cu81h`GF7%8B37TZAJXlI+VD}}gcU)(_>z^&bT^e$cqi)cxfTz-
zG@Tqjf6la!wRX4vD3Pc%V6gB$`s(T`dMp=Ccx`{e3zZOp?LZZ;AC<?U!`BHt&r!^T
zv+>lLQxg-Mlj<58aj_EK<1!6D<MX~e&y@flmyBLkW>&;IgG$04M0Eg;QuWQ9-M){e
zY#Z%kK7)K!rULe4!6Pw7YGn<r)<QO6G6nfoWRiI<Ll_QOZ%Q11pV(5h6%^5_?$0K$
zS+WwR)hsALxWma%uXRfSiuf{}(R(e1Och6dNzN2bBU+uF8G?^AB+D!2CT5I>>1liW
z%DJLG+j)#j_R8ij$-}b=N3iSd`laD`DW=0P%RkV8ZRY!c$1W)5BPvvK(<1vvhI!_b
zBqa?Y&8zVV&V;>-T28KMEJG8M^|dvLWJpU#gUUl>Nt(OSSVMyyZ|3B#oA+3;BJRB(
zL(368N`{L4K_@IRac89Hx%WBommNixo#Bv|ai+>EM#Us(L9drML0nmC;`4~K8$%8S
z`IO;<O@2hR#E@iNbEctL>>vrLqXgXj>MEc+aPpj4$_vygl@&S=KTI`CX#f!52^UVb
zp>w~&ioPJ8hb|6m{qyX5=``<w(7f7M4}!bzxJPw%PTbr~RG-pYfoi)tKeV)+9qsBA
zXpI;x$uQ*MMr;D`XL$rXOtn4uUSN9S5=kn!ujC68&GWb`#vRg1j_s7ROJ^!dS*9JR
z{TV4BiZi3qG~yK4p&<o76KB;eaIv~&>@p0^Of&~BsG!{~B2r@N$KBG9jH~!qe>EM6
zOuKU0%VFv(vE-@<XsdF^qoFm<nv6xbWEzP@`{OD_Mi`C~_^Mux<FjiW@_EqM^rT1D
z!@O=LT&=^D!j;Omt0$1kbl5LCMi+sRv^vG25^f;HpF|aTd#ezhgtDnf9g}qTF)MW}
zOF@XI#!jdB=a*mS+9IzZY7!6zeyFPe1&(6j;TInjYRv{v5Q^%@UvO7+FDW1)$3IQ1
z_7-trVO|AQjmn!HUM$JmP;j7l6fTu!{HECcp)lU-joC(b24e46*TmsI74u{8A0Sa(
z3+QTneRXYZdDWMR=;G5RTb@UuX!};N?x0!)o&X2Gjh(wFJ5Q0_%=glYfA_8eudn3`
zVGe;jcwPb}j*xN|YKT!HxtXfH-{EIa@0wz7kc+?uR@rRlw2h19(A|h|euBsKfD&@+
z{g<3p$J5>OQ*KCVGY_?a^AWR7lBqlQwJ)ELsMuQw8GV5y6Ik3zF@uRElw5O5_VIG-
zh#<HW-9M^ip%+kYsq+X#h($HsG)<i5<d}U2afg8dQl~7;-UL@vvNsnME4*6enaIzK
zHMC-skXBNV<jIX;pzp$1>M7FlW0B4K>-f<4;KW7!cN{x-vn6Yu4|dU6KE26m!IMcI
z6SsmTehpTTRhC!2Nq}*2bI(vma!zNgF~YB+Nrk0^)!A=gikgyzH)Wb22-%@jX}t0d
zb0Z-kYHFi9*83RD>(th{R?KI~M+a;ETVoocdTBr}sPAHLZ+`MD_)Ac9^f7!+fAw<=
zg=7Bf@9g~HR^iy+BNYB<C6)Uv+867Nj*JxDp+}&V(H*8Z_dHgca;aumIkwe|hkp4^
z!e8!{=kmqR%S-(Af9gXK=ZS(HVv-b8ua)nrIAD*pJ&($8(Zzl`Q9w_iPZo`<Gu6iJ
zv?8@cz~!{!uLhfgS;G%*k;8-o5G5x+cB>`SD7w1DJY{@lCW~lL4wJM7=`sWA%A%zI
zW_^$*<YC2j)?vOf+!zPUXVA-s@iY!l7O)ve2Gb{eFIJFo!HpYNlNZb@wB@8HWrkhB
z9JomT3Yzh&sn&zq2;v_V6vKzVZQ8Kq#EpyJU*vRIS@0B5NMJ?w*V`HgaEKWyhp1Tw
zIL~W3V}m)yQ6@3(VSAYJKGrh%QjOG7w5`LX_IYXqW;Au#xs37N<Jt|JjK0ug>HHFa
z&eayd=b)yWo9%sW2{8O9iRjNy!Q=2;4aSHf16Es9dp!=PAv%o&!7{2_g@}+Y-)&vp
zZCs3J*=bY0+-RFC9)OHWKOIQ{OIt<pqy5k@6ikJ-{XOYgo(dTuqUwa3AJG0_hTy&5
zFMHRUhDVQ;L0`_44}?VZ9Sje_pLrh{wj?)uP^SwHMf<)n&vHohF;)wGri@46iFvIa
zsXmy997OC_<6)Ud1>VkF1!>m0rF&QYt6I3W;Y;8<mEo27t1(T~|9w9?)p~7V{|9E=
z$~komE~7hCT)WhbH+O3P@<HZrgG?!TFv+iSY#3mDy#G!~n>OUdRe(6JmGoNv#=65k
z7bGHq>dC-53w(3{;_<K(NoU{~jqK+2EF#{!?|>4nF(c{7heBiapX-OO&#bMfM&i#)
z98^v+MXtA(O|`0C2155yLPJpH>IbM;rHy+kSLWtCx{Rvzb2>_Ql06GjIQAgBPF;G<
z(Vpcx%JL}voh}g}%1xI44*mXcr0G7G0wFAW^i~kGg3KUp{vtI-Ot9~HY&^OmJ*@n%
znhvyh3#P_rQSVEl3>;8|KJDAvJN`!_1^z5mTtuwEf!ap@OiS9c4}6sKhdxGuU<4X{
zXd_ydSnlpgSWoFf%_K|+ljGUi#=yua5*oE2jHRRf{ZFL#XGf1mGtPh6VJ*&!gL)Nu
z^`A^w(_b^|R{ZqT!3t$PNM%n|VbaBBeMrh-OSsvG7<7>d$`1U%E*xQ#hcNQvWkc>m
zf}cKrx}SDn;g_YIsk@x}fV(8gDZ*+=C8N7&VQPqmZX;T@PfLz^f4?0s83LPSXAHxW
z<{0Ny(Rj2U#-kaw<k4iZw<kq3a=dIWd5m)Gl|n1bw*jAE@(c`M1{@7B(|m9L)XIgN
z?8GsJQ&WQ?EeFyujS^!Iw$zHsv_=(P-On(qRz0>9ryu0+3$(^{M^nZ~>5TXS!^ox*
z3J0G067jUdiWA$`_f=WhK8JOf&|~EXraO5Ad=6GV6o&`f<c2x@nw$lo^hmM-xPNej
zNNRFe1zXNYsYc_t^*rGB(gu552gpQ<s5`j@CzTo{lBlnM0ol0Y&09UAkJHel*0LZ?
zWWLg%A(+Ko674DeuAaR@w(yOH{@2R38vRkZgbIdklh16Kh1H8YfI(~4)Nvx+2PX#V
zW*MORoS;hN2&527OQ%}ULIOcQ2hTW~O|{?bF?#iMNTG4l+#6@xqi?|N-K;}SEHU9E
zwa-QIl6J~L5Qcx^e}9R<ywbk#za__GM7@4rJa(AYtLy4zW+yHrG=B>m!qs7V+jBMv
zJA5GJ#C9^L5L|7}NlKhr%Gz$JP~CcWT~RuRJ;=mP6IXm32hm^jERowvzg%)_1puT+
z<vMyu^@-)xnUifWQKoH-GozSMbR8d4m)x$7+U!5uVs0?cbTj^ZACNduMk*}v)~-|T
zLQ)x$k@hgPi29j?i#8z-k0^v7CKh%{2fonM>`<^15133EW*Ytn!E+7@^aFC$dAj=S
zv2GkyBr@W<nw5|Vt2(FJ)XsnLk!9Kt+0_{=pHm{OIZiOaV=Lw(zeF9S)ETsvRAg<m
zHAXvBT!`dO1}Q}JQt-1riV!PPc#FNOG7DVh#~m=qCS_eJv<z<i^~DBY1AYegxsmbq
z<pYGJ95Dow<=tX=(*m;?-WoEv=XuRE9e|!BsH6{hyS_S|q=78ORL9us4XvL>wtH(w
zfFFEvP?=xt{P*tbhgbcsuTo#<%j{{QZC30&$L-;Xuy~edaHQ}<9Ry@B-Lv6&Tb3i&
z<rGH1x4Q>C!NEz;V!kZ=Vul``(+c;8Re4<5E~UWzx`qJ^j6J4drl@rdjbt&cPzL`V
zGg<~(djIu*dq@9feyM#`3fdi5LG2QnPHU4zc|XH$ASBGPOaFJrzTrQ#UOMSe0$<7>
zz7foQsL#%~Y#-;M(B>;WGyPV}`vEa*oZSlN4i!ZPENm%bj+X(_fkc~9*79nQz(kB)
z6uA&JvpinEiW=P`Iq%+>QYL+R)!tuvT#74?H|#n9uXE6e4-f))Me{q4Aqyoy47Vk(
zXyJ`=sg&rDC~kQS-~NOsszk%SqpQL|5A$s9l;)R@mL4W}g{|tNqKNm&(Qq;NY*kPc
zW?V3;bp62N+S&6av^54eQEE^vOrhVn)uP{MhfiOl|1sQLo4BchU`PLiFN$EwJ{ek=
z`YIw8Z?|LTK8<+X&Rr==CPnmMDCPrMn@sCfi$b>6l$z}rahZATn~8HSE*}!DM58S9
z2N?HvKMZUPaHZ%LIAF*JCn6f-nTRVr5zfu69uv$OSxC+}LPP_%?saj^9oB@aUY!81
z*rgXsQs-iung$3AhgRSW=pYqoMDf$W?ejDg`hZ37vb*r^rtK6@Ex9Q9?uT8cg55@2
z+p(57&DB>HhJ@LD*<X{b4u3LcQdlP-8jkz}FOAnbZktt(c=YogD)b)e^qZXOg4g3-
zzjQtd{77HuW&(3ea&mC+KXUVs(z@mm9m~uVFezAlCnFHyO&n?kqjAXj4%93eS>3#s
z!%&t-W<hIx{(JH6k#*7RQDm@*5@MA{f}O8K>Lhle7>}7TgpW=x=V$*(_&$VKZu}^<
zWmmbnoT*qiR+#vUc_|3-(nm>p_d0CtA8LFF$L@<=9G{&3h#LEL3NVu;&z6-jGJ#Ty
zBOjYBA54ZTo1$c-pwx&5tQ`Ra0RyxGX~ag|e;sK7cHag`%lY$w49i(o5>7@4Fitxw
zhBG4E36nLQizQ}=;il)-qle70->VaWRXj`A{ZJ+1x{k&9c>`;YSiOtEtLW%j3M2I6
zKo9Rsc2k*v*o!#poamnOAc7gn(MYUTEB1FIsSp@OlwDSE;x7_x8DJ~Mr8N=ZL_V%#
zF@D`8lcc?&(c|j7g+Mg$_~2f?@As3}81N7vUU9rS4Ji$Q+~%hw^Fr#T;0JF8MGj%_
z7Y5ml9kO))gxBug#V9ZM)UZa?D6;H;tOk~s88*(Zpfr;0Bz8x8AQ*PjiRjO%&e=x!
zixT*-YFiYr)WKmc+~~n)bBR(-u>ZPeo@kg+-6rLWsM*LNs&|R?ck4jf*EB&`M-?AX
zK@7~wkpDspP`+6g;t%{LxrAlglB^hSUp@+J^~_{j2D-_YzI7=zLa_l7VPZUE)KM1+
z@<1~I5cA~Xbl!%qT#-Q#ndf2mEqZg`M_MUnG?vzy!8F23tN=YVZArBO0+aiF1}rAf
zudXK5gFv^(t&*SN&tKh8gVWzlRLXQM@le`zn$vf^8zFI$lbS%g8CyKG?&V5R{=yfb
zBT5|Ka~<_?AemQ4x#U2l5-AO&9rJY?)MHAYNN2x!+`ajI0&*{88Y>4F^~@Agv*K*=
zF9`r|2vdX{-eO{lVu8F8o#6+Bu35sbl6nSvm`&OKdyksA`}c#@XTkcmuJ0l2mVr*5
zaab<(9(-@)0v#-!S$iQO$bG28BvU(b(a0cG9auE|Q~2m6+%W-7CC&uMt2LHN@L7_j
zP-Zizr%;Q<)}6^Vgyd~d4f~RxfD8>@ecu2kIZ+Un(TswC4qca_=fQ7_2CV!2F!!m6
zhcNU%N7HR;)=k=H^a|q;FY#06_ze1zKct85*Mi0l-6y!>&JQn(0|Wuotd^fYdyA5o
zn3)+FTdXg}aQ@+rPpo&Rv<t?<aRR!tQ;PZeMktoqPj%n-=}J#l?7P_j(zSs2GL?G-
zq)d|1YJcoNmg!EZN_g_$uq8(b@OEOIXzh&#Lfr-;4hn9{Hppz2f+5!llHXgUyS7Zt
z%`5_6fiFg<+(|>p0rp<S=s!`zxGw$mB!))%?1M208?WRD6M-=jFikhx>`)S7_lCen
z!JUohD^oQSV?$7TT=l0<HPtnEP-8k1!%a7=t&oe5lDX5)Z$(A3$g3=dldhZEQa)5x
z%4}XXEd9z7%y=6sLk+Y{&F%%i){)LfFDMv?(o~D0zA{<zlhoX!22w&ILV~4fShnf#
zixYU?+q^0=tloYXI0nf;2j)kfE7EESfUI&xa72`PF^Bdr#+f#8M-uWQhOZxncZi(e
zKk=iIfRPd#0l5LB?+jSGs;Zo8YKIIK$Pfm~5>;Qi^H8Q%`gE*)&oAzGuCK1JYKdGu
zl&vkyNNe0$?b7t5AwPrB|5oTjz6+Yw9%c1IetvLNoLDT;5htMa;-41zuAmHNkhGP<
zM$an!XhkM1R6G$=s--`%+yqaZ4FW}iFrM!CnKbz^vvzu3;YbIKba<U%j&5Ff6kfd_
z@y>r`{D27ne74c18%_ev1wX7%UldJd8LBeOD`Coc8Ubm{>f#MUE)saGlMAJI^UJs;
za2<pue9qcjl?_}yz}!D|1%}-gJ`@9HtMp?lOp5dpCCe&^@Mpl6p9=d?eQXd9rc_%I
z-+*7@XH<+!deUP<zwv)yD<ZR#9$WfQR9=?V-7fv!#>)JsWtt-<?MoH4Jnt<8E+wVj
z)q^=LP%HFyMO+0S?Q1hh2p4qzp`Pr_QfaP2Q;;R6pV~#9n%ksq(8E>^dY)>2D?0b@
z4b^wVlUDFMOs_efqnpaH<FU$0aib6O&Ialk?Yc}T4k^b@;5iBc*;JN-qvA$zigbgv
z@qP#3#VfS1tY%_7h8`0nDj?fd%915SXwan9YW%5XZf~xVN~Jf=V2^~*eI(L86J?xl
zo6!znqS#CFQ(C!}$DLtR2{)JLUB(6x0J^=H!9v;JzMsCwY~w%^O?!*Qde<y0JTH{^
z2{KMBUpKI~H?((4f>7k4k=U3mT^@fabydgwT!Tqervx1MX4)Q}U|5^zkV52;LR(3M
z&e#0jUMDOB$Uc<_N4;$$r=2hRm{|^kVgI8a!2?MW<Q*i~66=VTsr*^uxX$P9ijn`u
ztVVyYKEBOJ;Qj;UU^7)CpIkCLZezHRPeaWzCMGb;*NTiZLr&96ZG*Pu^m^z0Ir)#=
zvJp+y&Q|4v?(wd02$`{Kan|AyQw%-H@|!neVx*s}(nGF=yPt2_0#oT>lmnraKEZC5
z#(`T+f(`!al?K@{x}{a6GJT}{EMYsB`BM0J@3ngJ%h5|CU)vwV7iy5d!6l#(Wm31*
z1?xtc$S12>tD-La#C!`Jc(S~6xYf>5jP4{e$t4*-gAF@?VOdYiOn->2UeHmp12`&n
zsb_yrgj`C%c9<)at^*nCyO4c}n7O=Ec`dv3$jGQBvRw?-sGR=QqQ-qo84GiB^8m!n
zji8rnqqCkz{(rQAsn)^0fA%Y~&h&Ir-I#P$(zi@GIZ3t*dgwHT-9%B80meT+*a;+)
zQ+-!VMh#CP&K!6>VY)I7CT=9-nQ)8W=vA88BjMfTmFVp{&r@8D&-Q1m9}%}y%eW@P
zc;?uJNO#7U<+%nXcmq_53Y}2-2@rTz_@?%>*Cr_AU-aHW$M8ZPh!b+EKh@^t=1RWj
zy8lsGTYHrb21)mH?=}3rF)pfU#R&tDhH5FN>v*!t$3zxSEkUg%H4lSQC&<xC6jCss
z{P>L(v{ANE3S1dVj+pl4Q<w;8amvX*iRYC6(*a&vgbd^|5Rv`B<IN%n0`Cma_-M-6
zx~uI74}?d~CI6yU7r*rtbZ4>LigKWioyPU&z?eb3bhtL14sjlvQqvX>P{!ON*|(-d
zFPp*YqPyx2#})XXpE})*hW=B`c#vuNU24qx^kmyhxG7X4byVJZU@1tMCPR<~ltqgQ
zSk1_szJdMZP8$E20@=A7NXCvXl&4L=vh!%yd5JT%v<mj6S2f+sAt^Bqke7?z#~jbx
zwBm38?Ya<&A>KPcB%crH-=cKxky>89*OHBi^5gjMGnoh@3Rec|?!F4SSR)*@v{ZA-
z%a-)-&4E>(2(O#%*RqfTj^>VPv`g?D^w>SKbpTt>o+WCPdE7+0j9a}#U>*6bp0?B?
zn_-NM&>)4GG78%FB1BQ~aUTq5EjWnXU`n)kv};vq+197*kZ;j=RP^}nuUpGnNkrau
z<eAT&T*FULOC(ZG)ZAflpC|<)N$=@hGL10D!>9wrp&~r2U2;;GgcgO1xMx2MGo4v2
z+n(@C>rh{1TZngh-IjGDUf_?*>v)(gAA~R-XvO5E`B0iNIQDdetf<-mgEG9z5LTkC
zav5>+5jOJFt(=-t!B}ibX(}t$Oqj3Z#E2~x)Gf2Co2=oFfqTUSci;pRZ-;bDb|vOn
zhABup$VlZoJQ@QPBV4n`e}vsGlQke_?&ToflAMg<2csOGp)}SDY*_pm2HRGKOGGs@
zzY`O={)#EVnkU5Zhkfylh@_|w*Vg8Za4~Q+`fU*Oxi><6f(!2~{rjNT_oS@XPzx5h
z$j3c;?a=^t(OK+a&gedKp}a8y&PgNw0@_q-%MMev<fT8FiCB6c27n2#ERdPKDQTLt
z`ZO6cD?;gbe}A}ipTyx5k>E<f*x~4$qvncv5}ym7rdH=+OS1A4r%j`t1Q2We<8H^8
zbr6vSVud(Ot`T&X04Jd&@9vtv#%oB~>#Q)Kw6uNL!@FNK&T#{&pt4|UrCPH=C1{dz
z+ocU8HP<vvnMq@JX1p(NY<QJdq;_>>I^TX0=aGCpl8Px=;mM@ptXnS3WfY*(10sWh
z(!oLC<oAs~w?ZzZa!oIbnD{u`<dPdr2~D%J?Ov##isI$blxo+%`Jth3Klg)~L|@da
z20BnJZ=3JUzb1TXPg-1KU>13U49H-YyMw~5V+w@ISeP2)6CeVDC)Kjix@WIuEta%V
z2B-RzsTm6+4pCMHBNjr1l&vKvUIG3$_be2pD?HiFE#-Qg#F3Ih%JsFOppi%I6O(Ih
zSB(wkS@7$8L6LBoi-BLJ`JyryQdvJ|9f<s{r<0|UfUY4#Z!cc(an%YB=`njaWHvYw
zgKUd?R!Mq7G{1NQ&`Q$gJ#jUWo#M&KDg0Mb)o<aIru+*I2_y-G6bw?qUWp0$dgH_x
zFJoaKWfc*n`Fx@)&sH7j%pixiteH)Gy=#^m+Flo%(tl|>ZNFobrr4WVyzF%|64wcI
zw-M1lF$-th>CV$fJ^sogut@OlllWtr617<ZM}Pmm7{$fd*(b^OTj7ZMGcV`IP$JE}
zmd#+`>$4WD2WIAuGAxu9<=n-8Vv-VKfg1H2`p5`2YDvhgR31_%0@h;ptRRE#U7ND%
zj><dKvzJ(}u@R4IER}xg)gJq>)?^k&FyKdfWeNY5nOQ!anW;C#QJhqw(`58X$N>>J
zxYg}9EnDl9IRoI+sXE*8bMgjb;!TV0_&Ru63Vn#FT)@NC9~Wf`pzd8b3?xAC`V`Mv
zuYD887#WEo==zUeX^j0N<tMP~gtk!lzgKSemewA=UwzYwrK6_pTi<Y!)EjTT#G-Xp
zXDKkLA87imHz>VnPhqBa%~nfFYu|aJuaW%05+^e<k+Zl6R_@z>{%Qgh1Wh5ypVIqM
zq`bH8VE%$@^t?Z%O(3i3z$zs5djLWEXqnl!xploLAPi&KDca-(h9B=|V;14X4~GIH
z6Q_p>G13W5xr%HcoWv?<@?S{5jV${*fnGl|IsY0mL<vZVPavhr&h~pg5q&p=33OwD
z1Y-$Afwf6CDuhG<upk-o>23hP)szpVU5Amhd|seT#R*?ucUgl}!8Zb35?di@I;HUN
zpBL?R!jnB~J_f3nXTT(5{b1PcV)jT>V!5_P4+=`7IBWPMiTNqKPhjvcbs#$<gY4<x
zy(kxy;SX+|<$vl$@@&jia;=HEb8=2={Xxo`z|&hEJ?XTD@2sLaJ=2GoT0P(_($?3E
z-xw&~25Hw4c(W7JwRWg`Yb_a!?Rw#`$Ljz;V6>?!hg2G*#Hbg{#IbK?PP+;uQAIKF
zXIT|j$CwH0r)vQ?gQK}~lfn5*nsSTh#9)Lw7S`;nDj9C^oWl0s_=^bT#KRKeFLCfj
zvK071QT$F1k0?Z0Y^VgNFm81AFg2<|&%r_K4L}bT0)6QT3goSCZmw@qh0x%7aS<g<
znd|VNqf82YRF|ox0P|5|ysJ29HgmN3LtT}mE6jZ;#v<lfnPp9SswQ4|XhTz;$oge4
zSr*!2N04RM+Gg~#aP`8zDu|R@35e(WIl$8qGj+4okw>;WgOqVrzI7W@QL2iq4LzeE
z54;ba-lt&EB+w2RQ15eWcEetrq+d57NF|>33WAR`GdX_*u<~<Q`rd6Mv}|A*^i;BQ
z_%)hO2~mWGT!2KpI*;)1nOcgjTPj37AjC_i{rTLP`ejFpgZXK=azn{!iF|aUDK$S;
z-bnH#F<p|mDQAYVzgvIKBEHaJ1C-!V#YtPGi0zC=k!TZU14h*QM+TjQAIao$?0ciN
zX-jtZJbO7R@{?Dz`%`%3^$GH3{GUt6WQ<LTJT{;|AVD~ARrbo`<6;0&xJF(-C=%05
zsIkeXziLxH8O!EJnzHf85%Ih7mW_xM4uZmcb^{4jH7J9oD}Q-kj3bM&jd-=ju3v@Y
zhizzL1i!I}-cP-z58sM5eg|@KY_$FgD)E*=qbJ$f!!!UH%g;8tjce~TH5x90)!eOW
zJl8ar=pY;J=27;}&Tfff%+_1>nIH4(8J{o3Asn@df!2N9b-z?D&(C;q#RG3&7wObS
zg6AuPZj4t!uWi)7N8hv^Q)JU5F@#n6#eJD&xUOv1pJTd;KQ6FIL6;H0`sUsyL;zu$
z{ccBWCU&+VtP}U(JMuDkbww%>a4nbK!mn}LR!3%H7R|{qTKB5u30YeoaJpVZWn#_G
zw@nJb-!5VQNjdGye)9UN3X7vVJ3zCl#-+;Tj0>~h3MHdM7g(&=2T+6X6Z)x8AS1F!
zw6|*&+P}y5Z2x;5UKd9M8gK7to814A&XTo&$@H<!gd?=-3#)bLBVXd*k&#H}@K^jI
zlCR@Sx5y_r+7D$A%e5B%{;)h(Y~*)6xvo-FJD5n;66fz~>p}y&7DeJeVTRj?Zl`kr
zIP1M-aR*!t2r!Kg$#AoL{?ltg@D=>qldRrX4w34g=v^S|8DLNuJ~lB~{&D<6kvWeL
zS30-_vwWIxp~9o_-*_rztg4|z_5H5?bA@!2PVA*EB+01qt)os!@ebW*vk8XO7@6p^
zALQhE_6mKl6ouEVP9L3bUa+Pj?x&_SG&JLGaeVgn3|NfJXz7Sh>`k_Zc0n%WZ;K3L
zBJd@cK9iD<*|x~71@&^(+zc3cuPASZ@QK1lkM?fo*Pzp9w`&diG)m3q^F76635FJC
zW+wJvOUrx0jE|k>`gr?lGCo8~tWpew%~|hm_5>3xA;}w<2IUGt4#VyhlF8%?sl}x@
zrFynJ;;-eE^`_EQ<IMQG9@5~?p}DhD@o_kJx1P<veZAzBLy7qgY_AUqk3V9j5rf(P
ztVCh<VWgbRr<2IHI(ep%5^h_&cdX0Pye?HD@qW?|AxWMO2>kjnI$)VEJzHcucW3_T
z6KTfal$AoHHPA<{D#(SSTCed)kXiQQz6_87Ay}$-*cyVKK%VbyryUnWMgDof(%{E;
zUB2u~a8d;URp5JZ@$4CQut~K(Wq0TO7JTQx@@ssZoy*ts*EkSEbDHvZ1U7>MhVK{o
z<XP}cz}Q??Y8kV7dM<>R7vO7ECT}4$LMo@L3?7EmdtU93344=eWFT=ueRAsTf~<bj
zMs1>>^k;VRqtd+ZS)Akh8rO`AiQ;8=5nultEB+9qPVv(ssVA)R_?+eKmcYZK@rVn)
z^nr6hNZM!2er*LV0xIm#Lf98R@ik!{@oOsJdwg|3!;`F!(U#T2Z(j$Pb!Gi7*#<@C
zM<?4?CVM1^X!rVwLGS7P9XW7)9KhfBOIMjPzk9N@c!M`l3mo35)$>S#xRiyfF8}Ef
zDwlS8o6$K4L<MmbhK)X!<*hN2($Gm$C4~L_^_OhFJaOUWXxXLv`LUh5)$Gdzt`Taa
z&P4goa<$eJwv1MgZU2Lpxq9bIG|Y=3H*P%UF$sc<9Oo7+vh#A1c9T!=@^;tHXwic<
zXB)?x3Kr=I=`wB}eL&;Xx0CMmuA7d}-@19&Pf2HOO%JRJ_wz_8daB0G&Zemly69pi
zl$czY59guMk7WkX_w(=GDFJ(e5JmhxTwDR(-Z!gXE!_00?1XB&Qa=?Tt5mSnV^tN@
znyd6Bw8VlGGvxx*gx^(f`?2N6FUH4vx-WaDs9#MCsLPHaJCiEvh*#u2)4@E?tDiK1
z?pNmiRM8Aa3%n;(L~k<l2xq0;uL7vhh&*aAe?2}RyNcFz_t1<Uv_O#Wi_q`p+pk}7
zapE-oTrDpf_nXp|vbabM1iyn?Z?KMp&kNt-#7}8xYH~}qKBf_-y(8^@ID0&5muh#A
zLf%3Dml0c-7dfA`r6!rhq@SoT{fEQWRlKJwXz{}R{D`~Ou`ac8uDYk1YEz(B|FW}n
zIK2t<?TP#STpVO1^}B8p!OkJ@@2ia8Wtcowl68Zk&BBx@-w=>B(Yx=PTtE$@b!E^`
zVvbLzH8s`ME+DXypU%VKZ0G5XzD%F!%YSGac^2|$E$vbNeH`Q63t?uCP~0cYnOew$
zw>@otgaj`*0WgwbG9AVL2DL`W{!@=F=7&a>`d{=G^%8~mag<T0P-t|*PRFiv4W*ai
zMnH#6ZmUL?=1)V#j7o1>{y1mQ2Us1pqVuuZb&C+Vno;|aN!E3=ArCOcbp|>-<mFOR
zQzv4coI2IK&1`hNr@Z7&oTC0uyTx!gZFO;y3i0}l+*Gc`7b%MlhuG<&4*>}FySBw~
zoeBrVRO=D7RHq*ed8SKLIPwa8ka`7Mm5Gm1)R-SU8;w6^A%Cf8dreKv65tn>AbG~g
z$v$o_D328LP<Wk((si_4rM>kQjO-_^+c%@cM_5o;UKx;N;gD2!!-N@c5j{;pOk9NF
zu#WMoVEvb6(4O^i`>>{z)Y|fz4cIl$%l9}kQtLO!Tv9gRqEJvd5cVHU-L!zR2H5|_
zvcvFqPD;4}yZ2479g!@oIEhPd23m;dembJu`db_Mh&&DYYhzuvr;sdB=Bu1j#xA7u
zV6F~$zZ(irC}kd!q`Hy{pfk253mcx4`KtxT*a38#^}%oEILR(qOPU6nFt8o`7la6T
z>+wHYTYKsdY(1djoi8m-pOIwk*OLVRm;NBn98Q^c_yzAX=I-OYw5HR+u9gIu(A{E7
ze^A8Q(94p{WZTU(AE(bfcJISG!?#nO6<^lYpOPPU8UI|FT-}j!=Ox3@g?E_ohzR={
zC_>U$aHDxPH~)HIZ%+`e#kDXm3PPXI@?6_(K!V&C{b9s>@SE6bb+jO}alaf%#MVjV
zi=YnREtZoFz6lGQj@xu`ZB0tF{eCOuzHbi=O$kF>m{1H^k>0-+FB*P&GExQ0pmZ}S
zxTdzZefVo;>nFfNsQe~&>}2k%#mj6U{5aae0=^x+4u6&+ae%$rdD+@}fnPp6%$5!F
z40Ao;gIT<4X)fsVVOl#?i=c1L6QN{*BvZo<xMKwmMkj>B(!Bzn=0(58`{QiDKRzz|
z$~EHRLSK+u&jn_R;VGX45fXlvzPM1Q{rPkQ{vaxEC(|>he~Fhc(IhytO)?dot-~QM
z73gy&kqZf>^g~pBv<a~@<1Ql49w%WpZk-f;Ru#(LpUTULeunsm2OK;+EX^ht_4{vi
z3v*annV(SHjCq~C!u-59WYW7kDXfWQzMAJB=w|J#eTkO))vzePxzpD#gheUHvm;fB
zXCxu?<BtKU=3Y#ejq0TKyafH+*G|>7x*cY{*++DP>x?#GCIbbYxRa9ycM0^$zFyCT
zvuFWVX3v*=CbI9uQyVUw*PH`bLm8(_U|Jf=M_xF%Z6ad6j}NRyyVGlv>ev_2Z|6m+
z)@_rx+3zwO6}R7SeIDM<M43{)Pzp<@qRqBM=iBqgm2Mts`1(Esb&8u#`sDQd)VaEv
zYtTSQ=qrxq6t}tL>Uu$w#fD^S-d9epLOvO}4}`F7n{-3q#~>RKQZ1Uqi?4ZR_@oX7
zSE)Xn8$#WW!`&|`DPDEgYqIOF=;^V%G`8{rp06FwNzlflm1{~wc{}EhRxIW8utD+O
z^jg*kDH4}IoO`e28*W9VrhIXt<eUgmL{@AUEKE$&ZtK;egu)a;d`G(5COqP=W>I8b
zTETl-J>~*s1}xP73@zwUKt+-w-afY}><m+eG@&8f4A@DSre>lzw81t}!UGYn67Exs
z@!`mNUpCLHv$&9DiNZ8NVdm0;&Kf~WV;qF|W+z<(Iu81M#xaTmc@V~B4`rJwRuzD6
z%gk7aZ!@Q;^Jb3hUE2MZ(8YfwTbpm*q7@*RL?2m2NB<o)5LpmS^Qv}sX#@pxVp{%v
ziZE=uBBkQW^)1*CW(ef6`2F$SI}0;E-~#h(#0}w!_Y}GEv*<<!RY-9^$tx#E%d+8P
zRUe2$Qw<Lsu>;%wu_v{68kx6|MytGccg4`M=+V~Eg^AOlDG9$$SUgSQ0XP77q!~Vc
zcBZW#(mPBzp`F$N{0=X*hw5VxXj3jOg4jjgypb$`8v=l7*O~jM>(-0<wUn*w=1(=L
zE{;K{QlgT5)JYb0A!2574#sNz?&P@t{lQcNyO;Z%z*eV<17pxbtQeAiS&PF)Jc3eF
zO9tj|H);8Bbb7cbgQ{Y5zlTY*VZPRsQRW^RIxteN`n9uf{V2}YH<wCmqnD!eU&1xB
zxtz$|AFay*&2FgK+;RHD3#uB>B5ms70gF2{1kRU{aDDyy<lOT|&zaR!ao*VFL45wL
zW}T!2^YjZW<G^!W3y?=n7tuEjC;El2jg4M+LcNi<{2p5=@=a!TfA(#(x)D}~><=}+
z|MpYA#A1(csgC)5fA!EaKhMP)l)If=ro)%kJwed@VLoTCHt?#DQR=f<NSk{oi1sDX
zOUbK40*_{6sb})+aF!}G&?#%v8&=}oYSAY}Yac=-)zy!;W6t7~+^^Z!l{l(XrRj9K
z1*XPpG%70Asp{T0Dm?wgLZz2xThPKO1uF;FjBvve-{hzH%9Y0Vvhm98JLbzrbw4*e
zm(_+=*}p!}FhX(S%1gc+@y`7|CzUVf8W<Sp^1CEBXSKhKyZfMb?T?Z6Vdfqt4g-fc
z_zml%QszN8NEGG5ChKd$1NpNR;%5myF+;Zm@;_ZHaQIC()cq!cPL9;n6>WTMjVxvJ
zvUPF%l-1HcUi~{bS>&RM7{VPCJ|+654ipNn`ZhI1BgtEkUQE)`dpHf0$OYYt_KF+e
zGP~_OW#1;i=pV1hPBM4^P#>nS4dkgLZ<i5{_`j}QJX3JSV55-<^(`I~u_xw8PfTa@
z)s(=0V*EB|Y4@|20>tHj6m((0HzyD(IM3Id1_}UwOFuY6ERo9L<-P@SJ_J)<Bd*m4
z0`vO#;*?^CcTlQ;dZ>4|18<2X+$=xpOmbZOi}yCkYr_tVu}3|0PcD?1#6<b}2d~vS
zMMrn>U+JPepsqJnU)!{swd`--Nwwxk)|+JjX`0aQM5=QvaJFPB-Z0C>C00U5I%#dd
zyV`EL%O`j%AgCF{W9`b-MUC^h<@eVRLupel7nhfd3;08z){_EDP+pYsQZst<Rd$33
zYw_&avPp1V-lz#D*)bbY0*$AyG$cPg*0@fX^viFM^O0<flJbjT5B!Xc9Z=~3AhQpY
zEZVgJYt<-0?h)yELKRJ8@6^1e3IKkjD|zrRFQ#LxzmXg}Cp(9%0k<b`<m91}o68)b
ze8qRSY8$`)(UAX!obq__VkKOv_-zQ0_bdPD$1-#j9zzbC)po_@ACy1Zm!+lO0-r^R
zc{qE6ck}j(hzx8U@h|&PgHSY~zrh$hl#gd@?-nX2Tr$Dh&CF_f>VUsSkuNeVLDSoV
zs?#0_MI!{|iOL6ai@SU8c#H%KFR5(lpM`V8DI`72ENU7f#3)bEumGNNz-WlW&F>3K
z#C!G-lzVyQQ|@M<8t&8;ea!dFjY;P*K&WL*C>41}*QiC?#8J}-aB|8RB25$8bn$b7
zG+UO}tHW{-(NMbFv{$lJg=~%bl**g<Cf%W7T^Gqw|F9k^##iE`If{=Gcl2o{o^DA6
z%{Snrq2sNrnC>5CEk<k@Nt=M5596$OVe+K~?y6g4m0+Ai>7Hg#T-beHAQua*ZKzgH
zWu;x`p}Ejyce^E#<xsqrH(Ih3;U&G;(CZ%lf}nJ6?q|==HK#o;?!(&3F+bcXcT1)0
z-oThK>bl^l`CNN^{D%YPi|$s;O@QiEp?0?A`&GJLVMoO8DB!0gHayh5T}#8^$0uzs
z1^R;Br`f_sIwnU0>#+eGIaHcYTfa{sbUo}(dOFsb1cBZjwu^DbtOqYUAh+*+<YA4Z
zN}x?v(riXAQ5e=*>U@>O7Box$x3)VA<&I!xa%=74>WiG*+jES3US2f*Uc=3t0HO1+
zWBrhxoKMaEK25%2?S?JYO=K=|n>wFWQ9>!O*!`5^?^wCBA~QpY*Yw$5OYg|k0d9kf
zw%;!{hXM?wpN|@hS!`5{H!n@*gR1iJrL89lqH0^^Xas0>15>B=vzDsDuArl=MfO>h
zx{dBVJyE<<54^;KCe}83JD>16zPhzF4LZNYGcZ1j<%CwnYiQu!-8JK3{`QooS|mSD
zPlNJUvlspwH3P5J{aUP$Ls1_IzF%knd3r)IGln3{cyBkr>>K+03soO>L&$|b?Ngi8
zWsF3DW$L~^d#VDrdNuvCnvRyT(k9ZKB+P!^sEze<=H6S9otWP8@}lqyar&)Gtx~{y
zk2R#>f;jK4*Ka3#$$d0^UBmnP1=r%(|DBBcr=@9e5B_2JXlE7N&?m?>SVSptK24p^
zmb4lB$_muZ6D(U0G*trTK@0fTQ6>D^L&SlEKJED&OF7uBmMeg@RJ!|<AGmGt|Fc8z
z*w;BwoGI&|dox=@FH~9k`E|dY_94WLv^Y;prVw?F_kJKkgE167ViINS@`*aQJTHd;
zQgi;_*>KuGn&~`oRHw?N)2B!P?c@dWr6Z<T4xj0G=4-DaD-ea@a!(HcMEm(3<<~DT
zn%4u*P-Nv`N0w(q;bD^1%kAAY^kp{?5eR3tc)rX2R~EQW4L=RE(SPPP8@!3`Hfwis
z*ex_;DOM@hku<Kdv5~OUxvpk5!qogXB_M<r8~Zs}8ZD69SQV`Wcp&TZmaFb-h;a{9
z9+r0<Q#;3%pMk!$M>0Hwg|7PHjkq5&z8_dLG|6>AOoBJDqN8I%TtWG4u9npLw^Q;$
zG{hIm1+E@podZxE9|p^Ede7d6S*e;gadtvj;Yr+9H77^HFU*D^Jdx`!>CsJN-*wr_
z+#Yn;EFx3*GWo6mN)h#zXswQGM4=4`GMA7cu6pG)CCSySmkg7Hc7MQ&&C?U0_fypc
zQ=(<kXOEB3k-Z;eMDDg`j)u;9H(^)Yx4#WK`LE(M<5<L2O+S4_h7`)cl|mB}SsEG%
zd=H5vm>COz>SAK<#-nRb4_k~-YtBYMLWe?`Sr_`#xP~021uYjGrx-eUHaI;x`Z1LE
zOleoN^|!jsoU7D5%<HwuFhqU}NEm>;BVLL|c$wnl6EEXq>xGPY$0%_(Wksxt#oF7S
zma8y)+Ity-m>DjpT!>0t%vPDiB*i5{;Td6Xim_ip`I1ftbe79VBpzDLCY*zMdHH}g
zp+P}7C|+TmbLp`P{l89&b9HBAVbbCi1A?;TwJ{OVIL%~#8%wwJek_V=&95fylC^y+
zI5HLbup8qlX%cxo?jy0xTL5YaBD0al#%s*Zv6pI|C9XMr3tvTao^npV;O&Y#qgn!N
zC3?k5lz}Fp`(no*>xol_wJ#;53LNU2+8X}SzBJgQh_m&YOKU|Mdi4kfYhb{4AcXu&
zrQ1WQjH{EB9}YUTEetcWE)St!YD^~=8Qe?eY3P5NlqR$8UkSyfvOBaY@mQ)Gl{)Xz
z1yhZFV{MKuq4K38zc7p@0FvWjB-8}`#vEdMb7Z|PC6V&10~uhzyZnaEWbhkVHN2e%
z<7t&*gpAZh_DLC2oA7~tg?uMtNZfzj2*Sf6vyzi>b?f6$`m=GKwLk=p2|w0@h^RBx
z;AkLL?lv6;NMY*a3I%$TdTwdDj&{d2N&mfbZ~pY|myOpKt^YDr%3iHvkN=@;M32=x
ziFQs5)C8`P9iV;<lMsql4hBEarN3jfQ1nq={2gY5mlWu)PbN**ET7QXIvT`HB7kp#
z#~wS=JHJPOW1eGzcc$smG4y2&GXqB_a>@D)D(Qz<O&F`JxV)kJippsDo81jHCcN+1
zH}VmE1(~$fTH~pzpO-%iHb&ChRDtlRlf?c}p8SV1JeOHsKCSI9PJFWYh%1XIPVoEp
zUUueb>AADOQ<R;J)bSJ6kATflh8MI=Y68$9C~9EyVJXd_h5HKoUtb9J*Piy&!B(Ni
zsj=qoi`@*vf?*&bA=I`rH`~yWjZ79a|F8c3QT`=2Xa!k&L^-CD<44dxYE1szM9LJ%
z=C^&C(}MO@c;eVDbTu0K)0U$Az>-BYNiUpkTFs6@bY|PTO9{mrHAooZ>gW(M<>%LD
z8vG@=AYmRAPLSYipVx9uGT8ZQFBH!#qvvS;47zlf6#=A?=L~j{ys{?cM95@fH+4$8
zZk?KGd>;W}pj*@diE6OY7Zwe(s)awyWf`+Bg;}#C;U1PN38bo(r8=$DReB7wl5XLz
zX?!yN*Yn5HM}Qz!F)7hiK#(9xVO!#T$CR$u3)#09G8~l+_aavo9G--`ztN5kt-HDx
z^B$K$h}F|3!KpLvhEQQ>ZOu8Agv9rz9SgrsIDvjA{wg?NVA|MklxZsAJo*<|6c^D&
z<#7mEQroB?g@}8Du_qLIQ@$Cjq^CWj+a=xQ)GqSvr|HNrXMf!niy2Z(Ib`d{23e1f
zWlBaVa1dYW&v{|)+aETDyZB^Hc@tn>E*7usZ0~Zfs1G#Tr&M_gdzTI+OERsbr!+RT
zqa>!Kzt8zbTDuUGt!oJb4~<q}Y>jUQS4G3D+-sHY$5gFl#Cg7EdVHL#D1SHBDx*aC
zUk+b2xjt)YPKB8^1X@Sj@atz9R8DqVx4?@{lt_~)8RjLGDU(Fh1Kx1#^|2x7NpXnz
z@lA7}nddLy-*UTGPws}_H<mwZI8UOX=0@f!RnerA#C>z9iet!EONAEK3nIKX!PTO%
zVc?o*`dM@O|LFe^5L&ZgGhv|I4|!~Y7Q+0VD;$qrHR`xKeMifb5lY7-GZuND#ujH%
z^V3tj`0%KOFDaLT3MZmJ@m`DXjnd0BibSzb$N2Eri^zYuc;ZUMA@7qr5dBhzsm}0A
zVnW=-HFGmUgE&!LN!swKrM|^&Pc;USF?Ll>+?H9Ky=BNoGK999%-Bp`1p_7MzJa$7
zElA?qy9E(9{&bgl3iU=6uXocYRk>qFt`B_B+BCkB6ymdZ_VQp?KbqX)mo3;^x1@_8
zBB|7~Lx_J>sDaG5+(lGIbT;v_rPuL66$d(ZA;s1wZo|tJf5-Az-{?Zy#UtF#p=U;H
z6+-DEV7F~5WwBB?PAd(Y5}r$Kch?7NrIhD>@ut-3A0i)Wve-x<-fNmB&BVjnGv%go
z3tP}%g*G#+J~Oi4P!I)O!5Cwj)Mc|0YootUf-v*TVwLNu74(3EE!n0o-fQ@qgQsbW
zAgCcLRz^N4cK7nyxip|WI1DVg<O^Ko&t)@OUtDFz@fy0KU1OEa%jfpX95W+6Ht7Fk
z<I&IBD!3(9q5@@=znnHrOj=c8%8A+MoWPzKcaT(v#uP_Hp!FqoX^~wHhr!7mf$=76
zmYiOcL#5u`Gz)L*(*J#QbZyz=*vA3akzN=MbU1zC>`*x4f<3g8+8BKSZXaVh2`#Qj
z6#m-GE^*0eGMW;?ysx%1s641S`n&RhN#Emx{;GN=tA!HEF{_OVvfxf}`HCGzgp<uo
zPX-C6-&B&Tks6@Jy^Fk66vo^+qHgS|=l$$iwepX{SlE2N;jb-V>=HK&{j<g$U4Q25
zg!_GM0K;8Oume*s%j=B;cPbA@=9})10+cu5M%Co6hHLE9#_HIcjr%hz2O~+czgHNs
zzhf!8O4NFjOs*2Xl@G2+qKZ@8r9Y7>iizt1bu{Kv{U+w2U8f<I!8C0CRE$uaRvs1l
zXtXs!Xq~(>`uzeJ47qY&z5n{|b;h|tAIL@6e02-K-vR$mK6V`@*_UNLchh#*Qj_DJ
z;#P0TJ}4tzSt7If%PPFek2UGl?M<vk7^pbtF9uP9%tb%_26qnmf68S(a@&g6!6xQ3
zl&IF*t|r%M@I}bj#=O<@uM0dXipZ!g2abBekM_PV*+MkffQk7Df2Ts{3E7eTM$={^
zVGniv|C(y-Mi2GGHUFgJ60X0}D4`0c`y6JIU2u`!DkZsn^-u`a6R);$t@&^aq=}1(
z`|~4rIQbJs#x+M!i{;afyQY`XD|{j_{pU~MgcaVZ4$EgMk`oCjGmBWn3%i6O@H@Bl
zde7A)(1_q=HrrOn;lXk4RBb{deQR1t#0Kn7-rta7^M;?FpoKafyWEKLr0DNGzWlSz
z2a#0ru-P&loku-CGU`%R(t|fBpR4?LxH&A{+#1Z#F6}n&=NRwBZ-qXR#_xctvP%~K
zEe&4X{11LWfxqSNmHloAU|O}af6RNQx@vl#=CW2@Z)&x&Vpl4zo{r~mdh%3y$QKNy
ze3~yk_~71Kql5P%x$IOj6bOXE!rw{M6tGZ%66pWo)G&QGoE{+sJn4S88_?R>+cJRp
z1s(?#qYJEnrI!7##9A6yUTFn`<<*mCd$C&#;1&ejT7SY7N;7%XxLf`|%V%q*p;b-A
z!Fk$>T?&Om!Qf1CAQ&7S56(n&<-z!)zxwclw+1cCRFi$dP%t70PdW)6K#?#xLVsn_
z!z6!dcrZPZ>UnbWY42?ANPy>fbwquS<xj+xJn!cWKx6_agtj~&v9+DJbJgd&KD<K#
zOK31WJ$wGV!~9=;_RD6oX^`<d6}^lDMRNs9(S0K$k?^Cb;rFIyMgvA_@ZnE?`tYqc
zLRQE(8jS=H@}Yp?k;w3Hau{o$P7f#3Bg3iW@bFN7Dn4{e0W$xA{dd;EiOMpoS>&xv
zT+CUN-K>PDT?iAvCzd4tUv5Q!4ucmb_j#jJ^IZy<lMuL%si<!E|15_MlEijgN8{s!
zGlhuaGn5oTT=3q=JA;Go4f{qS_XdCX=DR<Bkg|eGIvx(;HW`3^bO^rh8%oB91PBbJ
zhK49LNDd9&wg8U{%3bZPLimCdIKf9mCZw&4q#Xrd?6~kgDbSGbDY$9xlIyhAzS{zD
zjKgArHx72l|LU`Rju^jHuj`ePijGFMWM^kmnei#Obu>KuR{!vO_aF4mObxyF=A+(_
z8uDd^`U8(bePKlXArdq>g8QbDL-f$w<UkU6aeOFzw*oi<O!6k!cD5#qTM4fFiA-PA
zZn+e)%9oU3;d%4Pvb?gSOL(uE#w2-Oq`eEB1PHm{V&dSei~4-_X+GO*n6*-s9H7d_
zNQZK%Xiy_&lhSo1Jvi9gH#Gj<8z1zKPQCl#hyBsC5uA$m69zt_ATSz@hX><Pq(Php
z55XWJQCLERn9-dI7;6OpuM;A~Ujjkp6Yy4ff6WRK_O<QJ&5ezXHTD7QB;{<Fd|>gW
z{IdPk$)IHh<SBsUUs_%};nH`D_+DnSR@JPTrb`N_ICeRj4TZ9rg@f~>>5Llp_5WgE
z<gNP;``;NJ93Fhbm)4BH_)sYHFfbJ)8|bIhFFFv7L?eSj3q$b`^bx15c%c7vE+9_B
z;B#XHqhDr<li(3YjP|d{iq+=&Ha22yuWcn51Hj?24^#Anyhtat*rH9hG~h8H%7Hfb
z&d<F|23~zb2|u46V%Bj!Hi%C)8`86J)0Y_?>>nOaXZren{^+d-KY71*aQMTSfzja<
z$*+wL_6CRq1$~_R4Ge`tlmZNpLktcMQii~Mm{R12cUiy~4+@DIusBM8aoLM?m<3tq
z{vH>;a4pQn&cXAG;~hRQ)6)xY36Q|%DZn#;TaTy$@b@mE+qAt)0YDxtdBwX#Y4K|{
z!_XW%WfvosrDgL4J)>v<w|KO-@8KIi`|#a|kA~kHB|4B)G~dkBNaW$Y@tK)GAlOT>
zGTavq^@hVZXf--85DCzGNQtBU;SL3iwdF?&FeWa8TlBC_1iy8z?~D4MsM@1-b$app
zlXbEE7B0Z>FejJQ1GzbgBApL*O0Kk0N1iud!+x_<FaG`R3L68PR;^Zbb<Hjj=PiT+
zx*5p@vteVjFPMQt5B1*r>5m?~IWqeG_=9LNqt47sjgN#MjE{~^&5Za0!Em@Y7<~AU
z{_dl6IMUx22=|9Vef@-x$+iN#wt%3(lX83Hf=qL~TIc%u7Ei!%v0|P3K|7SN{rScD
zro5@qYwrlSU+6%%j+Dv!r7)IduAK-=i($LP!LfJS-mBteF59pu{Ns2WC0U4uvp6+h
z5BdzE#N$a#NoIUg?>_p`4<8JTOnor&{&;jy(K6$s!-HYp_y;57AC6DW1bc%I1HSt+
zL9&BB(n6SkAryWX?(-on?5qg26)-IjKqP)xC+^dr^1TTKh-Y)_NOW%Z_RbHFcrI+E
z!>C1hv!w+R5eF)*$a95TI*p0>fJK~Off4EL?e^KC-&|%X^}+EeI2EQC&u1;u3gM{G
zaV=!dXt+QmGCuV1;ZJ%;rfA(iAd%8jnJFSZ1CM+o!-MaS-yijb9{FZw?vo|ZJHh@C
z%%S(uqv7zoq2z<^l9)$<C&jKAu759ieVtW))(G**@!|XHTYLZE(b4ho;nDsMx`4zC
zVlA&;5Y-JX@`_3)7``BkD@&b9jR_MFy2D1A-Q!a!|8FlT@oQSyMx&~#nNop>KaL2;
zl>xXo!wBlSLAE|VMeaZ4n+b+y!pTfBGcr6hIPeG;OAU^b=z-9qd*k<f!Qi8CxIYqn
z^yp!b-hV&R_YSh-NKeb~+Z0$DfK)(CQeA$zkeuTndH?Z$sQvMO|I>ePetNQtmblz^
zxVYq@IusyFM*zRw4gM7g^h!F6N&w~}Z=5Cr*xfrkk{<BeraV*FH0zp^Dd8Bn9L`SW
zbF$5>X=;Y4Y0;^f{=t!{`?SJAB6!gx>Oc=3eDJ~O`=cakU#M@!H$(D=0zkdc!|}i)
zdjEbjlpKi;OhvnkqOH@NWD+zla-9_s+r_cKXjSk8)A7^)X(kiQ{nM{6_BPhMMmQV4
zL_V*?zla*z=JOM7oUV#(xvUIsqe%;p2Mq5X9(^w4|FVg$k7ZTshFz-?_fMCSg*=}d
ziwEbXTG{d8sPEq3@bLK5J)dtp7#WQ8MMAwn^8feVdl0197bYSQ3X%fCeIa53eLixD
zP!Kn;4)mwv14*?51icc_<U~6Q7W*JT?ZNV5D+2$;V9f5`@jv+c|L}kP?Cj!bYc;mg
z4)3k3rlkRTRxmgwgJh@tk~I?lS>p(BbRuqB{FK69)@tCc9H;CUS;sCFi{ct3@x%-H
z$iTzFfrtG=@4Ywt!RY7*qxaq$9Q8dIzjyE6(C}NMfpA}RkT5S43<O7@fDlDQWXNHk
zFB0z^ev}+ZX0)D;^`DT-?-_t!j%^6gZUrxCzStsua(;eteDwTmdo8gd#a~$J$m`}k
z!s`)$mF1WhL-|?tKw)tSQDuAg;Dm>`UwzrkX7hC%9b$t1Ihw2BjJ#s0R4SLt^fr}@
zjQ2fwv$wbZop%NXhTi&F?~nh+PapjJ(VM*w`rdxnJ3>Yu9Zbf<!Du)h!o9mQ1A$;9
z5{`tUkAkFvU?@EvQ8b|do&{?kZq`<SI4q@$v@Eo00;>dBI|qBadr!aJT}#|t{&sTP
zh5@b^$7DQVI9U~?6_ijCn_Jjuc*?DxZ|kIhI$xDk)t!o(v2|Q3V#}voPNfRNGyMYt
z@AN(R@V(yNH-7M+`Qe)%_V?3!y&rzq*EjgyOm7&xKaRUaMJ<TPFHm405)MyIO{LRX
zTG3{V9xwZy?oxnv6Kb2fEz1_?ym#IJkdZV%RN&~(_qGzPFW=HY%L}9$Vp0L?t!auF
zwwtUbw)XaqPETL31>`Pqpm^1FH6@+Nl*-~Pd7LB7N9$)&$xyQQ!KiO)@WI0m{^n2r
z@JIjBTLb-rqi;MKdb4+gkUvPQH=a%pMdB!bLkWYF8utg{!9m|}@=-9|pVp_QRH=Zm
zZU<-?fNX8G<@d50nHtB|aO%$b?(>s1zC)xdvui7$CAxHjgk1l1&kINks~aeS?;pyG
zwtmU@U#I-XCG;zoingPX1;7gUEbVeC=zDK!YJ7OK_x&Hf`PSd~!}sq~D4ZD`9Rd4A
z9UvYb8i)@>=<QGn*Dt60r+kq}Fq%$1@(m?3194r&sq>@&F&Xe=LgHU*AdqKaI$B<Q
zBcn|0q)f{gd0S1a@2>Ol8w<CWUnT%8M`8|;kOm+L6_d(UOu}sM9m)GfU*!=05%4t?
zm&ldMwo}RAwl!5zlu{-gdN>%m|3>c*2PxkD;m>~BKQ#E>&`j__Fz9;_3`HJ>xDb{Z
z2qr<6Gnvdtl!8QmG#(uq2nBH6phhW^uBgC(iLq|?Z!2J~lfJjJTh8m*5%}zt72X=~
z8u456G{TQKS&;LUtO22hO-d%WclHPZ&pZWWv!+pTG`p--G8vqm2g9!@l}f2xh$h2B
zQ>mE`fBgO%Z@>LlfB4saaPPtWA&P_}!M^+B!H0c=s1#G~lNnZ^ugvJka3s<f2nH!I
zB<VA_q+Bx$A8|=i0K6ac@1_DEYJ2Ir8$2wo=m*7Q=|ki@Jo9=>0sI?e-E>*F0MC>0
z+4|7J*6#Kua*6|w1%68OM^kKDCAcpM@ktFf{Y`kTDXD-u`0!_M{`@ch`0cmfc<a5N
zz4QLP@kf0R2R?W-J}?ph7YapC23J&alhKTlN%ub>_ZSa>D(fURP8kp2<^`P;Fv(*;
zlU?$Qfw=ir5V%p?ZLh5){=zKgJ1Sg@^PS&>aT0N}dyLQ660#$=+}zy45X?R;|KaKJ
ziM(^WSvM3rt!kArKQ^Y`GU;-<m<)$=%J9R;(7<5-J8!-D){p+hH~;$E{ewRn@xA}E
zM+4(iQ%H3O`vXxDUd1JAnT)E8E2E^hU?dnxrWIVxYv@F%4WCAT^~hZSI3CA4-L$oX
zXKCImU$m-Q?Hb|yf(Hen^3i(c7I1@QO95;tWcJ&8TdU%jl7y6hV_j}B+1%PWJldrQ
za4OGE`6g>RnWT*rs0<6RZEgT1OR2bN1jhSk-kIv1`S7Rr-u^2;_|Y4G@OJ;`VDP=E
z5lRK(-1kYRGc3M7W8jVjm8?FU8F_$1wIH*m1vFgY3^hOjZ2yw~3G;6qdd>=vry}~r
zbu2f{V1bFhtom~8nC)O;z0&|N>adNygrLmJt1bCA#egZ9|H0wG=g-gOme5~bHXOcE
z#&y(kvY0BBk`@}CI7C`W(_+5gH~!Q2`v2uOe)glk@|S<|i$`z$d}J#05D_m!cpo6+
zAI*%bDwdhV#5H5%DJ2P=;8Q{9fD~W_450wtFx7R$@3gmtZ9&-hytss@)g9~7fOqyt
ztIadl;Rpf&VzITg4GfZ!xhGauxRSE5A$FKx0tQ8u!;{uci~o_O<604|TB}kLRLqnF
z1un#+`E1r0Pxap)?)}-1-gxu}f9WUh{mmb~^ZpO-|9pHPPGS$oQ{!m<q({;tDO&9y
zZk|K_$l0T!23c;6#HYu!3@E5)tmA0Ywg%cm(Za+1-gB$WEv&x%QHL)q2)=;3hEPYK
z{ORQE5aUC<#ZrimarndiUE~1X(K)ZO6}{y0A+oh<6@eezH&4ihHrRNyZ|dhC{`e37
z^Z(f&{pBCM_0EsqdGNvT&@kG6LzsR_^R;>@?*B8?TUO8q4ftlpl>mt!B4q#r=_^4P
zh;)H2>8GdLyZC_j9rE8&L5K9ME>F9}%Va^$`ViAO`+R4E;wJBh!n4gop!-MIZN5($
z5QUJ-nnSTpbB&r=CF`xI2>eA_|42|99T*6I@ZLLvfBi>)=|A-cfB5G8H-7Q(=f4R0
z;zKZgih0TLaYY#)5%Ul5c+(07RK9+E*uW)3C@A;>_=Lfil6n@<5dvmAoWSoPUt9c}
zD(IO1YpY<MOF`bWTY|4ur(EakK+KY_N%^<st}sfd4vvmb1qXO#)hi{Nc)z3RxK^*C
zl+x*9Djv0bnauq+?+^99^WbNH@RMJ>`-eaK+5Nxrv%ZJ@VQzZ@^XZ|Wm&OP{N>RsY
zvCS+jT{i+sn%pNeLk1Dj*#Jy&`B;xP4%!U?9t?_2zW!N%mkr!>gbr(HJHJN&co#H}
z5#xv{roL;Na+8r51ji)&5iZ;n6u>fc%KU5)KgA|4K#5-=oecZbbnjGf^ufbF{3~z&
z=l+HN^bh`}H-B>f-M1h59z_ZEGowms91w>_Ns8N{X^odT%QubbqpF(ChGyUq2Kzq2
zLs%+ctow-XwhCGjcgueZ2wLmkHh@<4$90}Hj1kKR=jn)D#$x^VkB-p^!%-g$0e^Pc
zs4C?0Wjj?yN0$=+Tr?Mn_(u9hM}OY?Xz;;b`@v8C>R<cWoA-MA-|8K?7ox0(;@;>`
zI;ARx5e&=_2xO1|W)SYl=Ch$}*3z_WE^N`VM@$x<?_|UUTs=Gy-7Wo170lkHfcXw)
z+>MBf?E*l1=zYE8Sz8r5!gvA_25`oworoYv6u_;d5cBdy%3)Kvkd@N|h8h`s(A)ci
zzx3CC_WnCR_`xsUefJmrZx4-3`5w#=yGag3B9VA9Gex2W$p~gLqo4u`Awa-1`SMBJ
zy+ht$hT!?a_;DdYF4xmp1?g5mYvo&~%Fo?x0rTAoSXgK+KcApP5r2D2YJkuWn`&Ac
zqYn;`gaTSeBz<NnYQA9U;|Ah>G;9WpP;@vl@YWlTe*QP_fAIE?AH4ncyMz62^p1=Z
z%YA3Kf8f1P&^JTOFN3>uO<b|5r&)egGc8;^nWN}wTBL>S4Bxk8$=l~}-%P%Tvw(?P
z@_Rtw?{tMZf9vMWF4vd$a*5`qCq9Qij(9u!M>|`>2{yM6cyBFNm4yP1r2<}vcIcOS
zvX~8Il$37q><3x45q|LVcl-a9H$S-F*L#0psBd_5W^`)C=lk&8_uu?Q|68MxOe&dH
zQ76XQlACJ~AE;=ddRQprBe@VPAR9IT{uZv}@~+?WEMR(ix?2Uat@~f@^ngy}Yh^;M
zIcL<qc-EV3{pjN2czXkGfWrm0#U@kE0CvR)_~&QsV<G;lb}=8)lHouyG&<sYXK?V{
zcSavP`o)j_<saYg?d=~PLdVY+^aX<t?hStM?gu}9FgO!daB{jC2(SWR<cg4A&*q}I
zj-E7NnYfMH4B<LzDLO8uBL#?oz}preZky$|H(~IW{m*x%M<Pk&!lBpzy?glb>|_TW
zWa9idJQ45*48(Sz{R44KPHQ({&Qw$3;dms_cW-3s%@03(^WMX$`+x9Pdw%e!uYYvP
zht3WPouR1@-}=!YWkf$2oQf-oflD=Mbwfsof;~Bb${8PS79s`Y@)2A=%8nm~^TRI`
zdPDZn;}OB>$y+ASHiGX70j*Joh0fBSx8sG`9%0??Hs7hXdwTrzIcb19O7yucK?8U<
zl$?b9`+7QWsmZ<v;Ro-3_}0VTU%dJ7!=L@NH{bsoAM}mPkoer!jf8v02m5*hQ#0ek
zQ(<LlG)?gy0T1}j_skj`>`hWYAyq8o^I5{e5boUM8+qyDJYUNgrzjvi;0_QF;xh=$
zzFq;ComyP*X1zt(OO}4+257n9#D#VbUpzfH-WR8MPy)=8&^!sx<B;4E{fAD`GS&E$
zFZu2d-+%YVKYrukqepMOH~7vwANHZr8zzz$i9C9EfAnGR6lo(c6IY1k>jv(aBH9-W
zS_pSRCIKeyp&%0|qMsnHpS6SoaBHEEj}{6&6YWgk4h)n)_&qE@^1hC;muT{E7iq&I
z{M*|i?GX>a?~r#{w@%17<wJ5v0sng<0a>ljr;PYM{K;D%_73(2KYVB4oxh2=KThr+
zjt&Gu5AKb=-9O`#%wIQVG|S>^b}8r~+c5%y?2xq=3IqeN0ltB*g?%J@G+&4(Spj#-
z->HG`aRE6z)+&1~FSqvmdHZU;t>ycNZTS!QV6UBRzENTS;Naxw`0#{#Vt>n3^IC8;
zIg@<noxb5{G?NaG4!u3v`_@}O9T*-R9t~2=^M%vVN8w;H9L=axFm>Gw6VIXlXw7v!
zAh{mL`aHK%a32wOm3a411UEA=ItmMz_7rfN4Bj?@TkGH2<^|-((~@6gd>-rFJAdI>
zz&>^X;(XT~&Ib?-_IHmyhy1S^RXa}Ejs7S)nvAN1VtGrS8J>FM&7XYOH~c=qpf4~!
z5>^I>)S+aQ7(e=hdPrQUYUXoc5C_Wn1>3=LllY}1u4IZz@udf33oQlA-3bA0>D!d(
zb~fDZ``|Q{nC$zBqMwvslD_@(b9ssp8vra|4`=)FInR5$$0y7LzxrR5t;~#Kgv|mi
zSfNlV74urMcd+l?+aL4|jn2&6n;IRDMko%DD-0-VM8VDC7T+~V+R7Tz_szDu!vcs`
zf(;<<<swnR4n&`==S~{fZ2+%@fDY2nLsN-%-wX1Kc)!ItKV`c|;z(P_e|Xe7(?|>$
z&}R-#&v;ARZ=I5vb6ni6i#x_smJvuNqrQ7Xy+h+OGa=thIE+?zQqkf`N_~=Pa)A)q
z#sM;hoW)75<hs1%khPd24~XY^={v+ni?Qc!2<XzlYvk`_y#n|=@ww);(W!ugqo;@R
z7%K)qKG;hh>U3~`!#DRxDS`|erAnPA;%mB^o=Hd2!T7-a`)~KXH8?eMFOm#}9uNx%
zhLR}j`Sh?FoifP%Lqr9QG{r!1)3n)^KOZk(wt#`3w1AI0daS|%rn_?C?@_><{|@{2
zvK};hR|Wj9i+Z2b!0y56>GPvqVeIVxSpU|;hkPB80X$;`e0$lvyriIB)s<8>kPHR~
z;txjN8+@yOczkB6FPMskBfX@7a5P2OZ={AbRkOkfe2n_!3qg_VNw~*yqo@{-M^RM7
z-f`T_C&W*B3b=~_+*ZI%|8Ma=mY-|<tD@1f(UKo=aPQ>g;7Bb0KF$pwdvD9Xe}qG1
zIU|t!!mqL2-KrXy;EWPa5A=mY_wV(;`KWjB!_g0ezGP}N8Vvb*qe;~O^@%Gc7k3P?
z=J_1a-In-5{$eRrD0p7a)x|g=Bc+<9QpvM`n>6rF1h^Rhyx=F+f9qgxYfUzNHnEu+
z2P<vx(K;vlhkSk=PEo*#UVN~fxBR4!LmUzF^h_w=mwDW;S2yhJ_(-yE@PTi1c&NAU
z;n2YF$Y>x1+MfzXBH_3qL>^Zd@o4#lxJdKDZSgq_mhwejdtv&8WD=Lu;z<bw+)RZ2
zc@)sm^bpe>TYKlna)1hZzV~);ve3qcB*WVr3Xad7ot>T>AGQ^+e}FS$aAF?v0dY7A
zS#iBWp-UeOPfd-E^bfq*`|#n=cw`_Rri_=e9W^qPQ4BT6Ca<YxHblNJLO!i@G?x?W
zZ{}sNFBZ#W?DB#1sI-?#X$%{@CJOw83YhOO0G=Nwo_}$&wb8PG(*vYG!Wq2!*AdQg
zIz0gb9IyuVi37m`j>WN=!U8TYn>D=@35*X!LhrxR|6n*cN~wP^oKaIoD4>zR#*m_E
zBMJ&&8s_D)Ey{yO%UK-n0s6e`Byg#mDtbCd7Wt~$5{1}wx!f};Q^C7j;AR@wrGbSu
z`$OWp_vfd(TVBK0tA4erAWV1;u=)Rs7iXRVSbT)UqvK=V8Ou@NldD{_k<R%>M|vL&
z4-UUO6OAGXB+6rPcO*}tKdq>ljG`LZJaO8bxLTg%Pl_QL4tM+~kN982=SyWFb*YdN
zvX}TErL?es>6=CI?+<|UEeMp{pAlexZ^M%xDp*?=f33BQU}u+6?j;m(z~@^+{KM8+
zac5#c_K&Zc4Wpnu9Eu0028Tz7rqb#Af&S!h#tP?kh*QX`Ib1nOg2Tj3L2-d~xP+01
zhhX~{qzWbD@jPTDCn%S?o^pY^j_IDef`BLe^xYberN6cTh}4&R{bF{0t>Y0Uz)3L_
z@Wr!JoNp_h!$VI2I6GJvK=ZQDQ0>r2xGyw17#yAnr;<t}6ik~WWHDX}C$l^zlrFJ7
z;|^h3^1R@CFmR;*><#qRLej(E&QHl(d@McvvF(iAGcoZx7U;iw{kwa^t&z{wu4k>S
zhIKw681f&U;JC9BKH*p@;K-Bz^D}Yl_Qh|rb*oV=s2>ar``#T4j?UZ<`cyrg377#3
zV8*XMU1S6+$-yzs>|p>!=>*<|tc5~2k}sgUS}v7syPSsor;DQFj9DX_6!4ln__g9Q
z{&&oMti(JLxGFb~w3N__2{-}*T<_%g`1n|!a(l?$FYW*HvvaXQ;P0cRsTT|_IUXMF
zAM_>rqNxlRZX`#xEW{|6ifOr?Yy<@uJPVu@oQIL0RY2JR?w*CT<r03Be-h1h9=M?Y
zd+z86_`gp9vLoD<e>oOw)8Is+!x%g#*x2C056gRe)OzH{Z2o8GVmk2eR&-shmQv|>
zCi%hO;NW;#H4Lp#NI`V0TE-R=GwF0WRVpM2+lzT&0tLQ&8b%;!F8*dU6ey`uF<xL-
zY;W!HYciyUirv#C|Loo7-{JlpJN=~xtlW@)^_BuC=|4C=Iz2t=dX5SE0sqIRZ2v6(
zC$3UaQpK_{&_CEaGCJ;~R3{r|r?+v#yke(tlVrJ^%<zSqg3^+VT=}8!RxEiOUswPL
zPobF4+vOrC0fsEZ+LtpVJ)WBu@V(jJTvy>!43EWb8Ndx2z!BL;r{`xc$opIC4_Dw*
z5<B1z^)NS;wE~6GaOhDm5R4|%s-os|5iD9o;XkB{42eQwX{mTNf{G8tx}2!}0w7YJ
z0!qYq2oiGO!Nn3ZP{OpCTz;FycO0kZt^oL&)o*uwT9Z@DD=V>^Cct3OHUV6ma`OMa
z_~Pa1iKl^<@Zx-|Gw-PE-&L#8U?7za3<MqpBavZMF^T7fN?0t6$0-UeoI=u*yIZon
z1@Grb5N8GCi<0HyFE#|&hKz&dl2Z}bSCQi1t$@4CUl#tmr1#3-w?Uvo0XQ9-=bz7U
z;%Udq%i~YaJol%ku2d`^_OgXS;cz^y=&Ei-fO~kY^mnEd&xP`(l$DLN@|}D;$$`vC
zPXW+D3Agd$E%BgoDox-)zbM1PmxcIHKsN&3a{dnf(-Hc;ogZEmC~?yUg#7gX7A{hG
z`Sr!cv(pZ_TPMUm|DttL`m6tjqn0cq9gilX>2xwpbl)nl&DxHw^2!yF>B!oym+iJ|
z8+p0to(AkV`M;z+X&y1-4ac~(RT1)QuG7;|3J_KBo6GO-Qb2pB@XE5RfZhcHiB=@s
z+C4dcaq(aI$LF7)cC7nTapvu_7Z>fP>cqoV(aM>YW}3uvH6x$p_{A?)rDe<Dj%nH0
z%eIrf7Vf2hc({dI3{;ox0w;Wo3@kou$#pSriO0p$GkwDWUITw^@+*X84e&;SJH__~
zqKN_=p1%Ayzp7ox1FwbCi?d<7?^62XrkVm}FXcsZgLp13Sf*D@|7DVjf(^4ofU{O4
z+$#2T$S;>2rwOF<f-6$!C?ey5{Hy>4&Qx_ZmS1(N)oSgQ0=}mJ%nFF{*(Pgp-@~2a
zdnSNWF}L<k{wJ1O|MIza^7~V9D&+Z#moK{H|BvdXS#vXmVkT)tBSF=d!?B;?3Yn?q
zU>Ru*Gj_U^&x=}bq0lLR7tIIom3XF{{2i+g55S-yt|a7@C*d6)zc$RC*UNub0f+}4
zcjeKTua}+`u(r8H9C+{P|E5;|<^u9RW$~YRec-O=msYJ_M<G;AQ3e;9(hE6Sv9t|4
zRcuGe*u?Tl7K(C(a4wQVaL;?*-<jh;0V&FUCF3EHfq}#YDe!YJQCR~OS0MwSf3wR1
zroX2JAP|5u-*rBv9p~pKTARsM6Rp$4yoc-`$87E&eE!vc{QTlfF8<lABQb>dmzaw)
zbf;Wai<IAoEz_dcuF@;5lFNesW|G|80M&))aaq|+wnc~Ei~q4h0P<&815U9VFP9*G
zSpoQ|DtsTeb=PWU<CX=yrv4%CeprgFZXW#){<XsS-nKY8Q+WE?nmkFf!vcr^>}>Dw
z_%k2;ekPB_?miQP#V=&7dX16*wU{HoPv(jitv~M3u2yy1RqZ0Z{1iv@LQWL-yuxlu
zX8Ft&y`(Q)F3S1hvcfiii^xI$2?G>W1^AO<bzLV5=yrkWI~6eBX26*9-9G-eBgwB1
zcQ)39@Thk1A=qm-c)-T?&fd|%t6zTm{Oqap{nkBE9nY()x{2f999>OD3l%#PF~U~4
z!i$74u}lZf=i4E_+wUQ@?P<WqN9i`*bD;#sX6~yn22`t#tJANq8AeY#37D2c0k7e}
zJoUJoSl>SRU*z-8j`p_XoCnW39UPpWY<AcH9Ah2lV4QqveR+QNIV|8c-v14Zzg~3}
zGVW+99Z6b6N2^xF1`&!`U4gFkl!`6UWx6l-(omX&chY?QJjAc4d52v;Q>5^(a`e{;
zY^tPznycT$fDRkDsQ?awiM74s&;MQH`4O%N<ccp2)ja*L{Tu&}^Q{&PNDi>QcXD?A
zcinGr?mb2Tp1-(l{uhlVt`x1hnXs9UMhlT*+_K3#jY?H_b=`F{rIrFpH=c6W<LxIZ
z*_L>x!ty&dyxvhY$MrsRtKL(ys<*>nOaAT(knDgb*0%PJ{_p>XBOY(q!8Sh>^ZvEs
zKY4kywYJ(ygXFE7r)Pi1tbNNjKCl9AiGPvLHm`EodaahBl`NDZ<w`}XQamtpS|VN3
z%1)&_&UXo)&J?@F&y;L0(<kwjvLyU){Ho@vlK-^iuj$U~70@MrYxXIDlXQ<x_HmN*
z-u}S>rFqZ(Z~w*Q|MmQEPn<02m4Wtl_jV7@FSKgoTR;E~!@GHlCh#wBUN!2qX0utT
z+r_fu;-Ym!6N{u5i)mr*LVT~R)n0TddTaHu{t&**F%RUCciE^+dt65c{7VJsPypdz
z&&^cm&MdIwpij)b?4IrI>|l%A$;tn-@UIRBhW@t~XNP-y*CtPcuCK%TkM<AG|BhL2
zykZ65HtAdP|1RIG=PXlqR70)ekOZ6(;=nz1dby?Ug%`5QCnM_`8Bg+xc-Q-wGRF)k
ze?=9`j`L*+{0%6eZ2*SuVSqOgbw?YlOMY?r#~OP2$l+d`o&P(dKY2g++h?cyJ6oGu
z`}_Ob2N(l8e0lMVXz#_JHm-ilB<S?%ZTUa@<(1i}TeWJbOaTeQ@fCJZ%(goeux=u~
z-L=qi2ch>)rY$|`g8ZKVk1=0B0L4P0ln5;de^tz(ll)Z=1ZQt4;3ocecR?}Xc7E~i
z{vR*Cc>0y{&}YATdQ6~jbpGn)$$#?<P2c_Vi|5Z@o`3QU&NV;fqSs9a_~q4Q{jyfK
z>PA|1>$Maxn^=Ff;%c;LHZq?ZPS1XA-*_N&IiuJew!rDW!V!QxK%xNtCmZ0U*D;7s
z^0N!bqXJqs@I4BUC2(<e!tVM1ES>-Ai<1|>HOk+dogD4%?7X=6Tctnw>Lm_MKRh};
zyZHUT{^g5jWcpCR(`Prt&t-EBw{exNSCwkDt`^EAP(O-Ms;es4DAQ&9!s2aj+a&&E
znB0nwIvjyzhX*KL$wLGJ*ReVKgYz3Ke-$UvReL(n@AU}K?t+Qomko;X$LIgS|Lgqp
z@Zj|FtLI1iXmVcs>*JB!Ke;%=1##$cJpZ46;g!9fb{N2C-~L;LT!UhtQE%ob0MZL`
z5YBC_V$&*-;Sz=wJ667B=8z5C4%Gn#bv>(7_>A!VN*Uh;RVfP0UxI*RtI`L^?n!(+
z1&XshuYrIr1+>dxy!QcD$!u-y9G#xx@~*?Drw6#n^zivbF&&84MCk{F2X{Qmw%3{1
z5&GFT-{tdHI263zsMo9Y%WRFTpQxH#U|2G$-kid>qg`786-Qw=5Q2-{be;adz(*Q@
z5qQhbdk;7T&_ohYHDCmF;6T;wwtzeGfG!0r<Fwq}gX3KubS1IDgpNQ8ws!W;FWkIY
zx+L^FIy`y)^4S?K_u|4o(LnZqUtM44FR!kOuzZs|u-2@*R=rAo4~Wlz#3zx^bu53;
z^L<&xQ!BiOz_b2N3>1FPULqktuDuEvbZr+DK%jtO;Ou>(0eYdw!@%jggTVX^3s~EJ
zdir1br+cCgj?U-S)-FZ?);BhG&tBDQfBN;sbF}{tjt=%k=abLH=W~I6gTtV&3x#^~
z(sXGRIPf*hs)OTk>~{Z_b9%A*MPUHaow5HdL$X_?_OdJdZdpjKu;D9Z#Q_E=0{kQq
z5+yK=QJ^M5E=-{10yjHCcPd~xw!Zt1^#AtR?&g|ge7F&gBLBwb+UEB07q1BOUz{AY
zhChIYYyd!j-xaR^*+2Vdg?yI&bwjVJE*PKX)M~1$kd$dOt%~_#vBUYL15{M@Wk_H0
zcy8H4L)%+-R+7yc&}>H$9Dvc^h5a)LBn=?U65C=0kTTi|xZ4E0HmKJJUEMx<`cH}T
zNZ!vn5M8kKy`!fupW}8zZyIio=fN-w&BH&G$Nw|T=QVhwUqeNTRH30tX`^IU>Z<8_
z%P(reB#EtN+F*yZwmBqJ?3Vb%qRTBesG#=gXtvA)R818yASfUq02H8iSis#F(AfqR
zG>CG6r#l_Vf6Efqw<-6-C>X~7qylhPATIuc0en)p%3tPk&8$Uam#B_gWzw%ZjO&!d
zvG_%aeq7XJ9pI}<B~!_Gh=(R0ksMW+Jk(QhauwcJUlu;Ve^l~=GE9Kbp9lt&pn?p7
z2N*RN0KJS(3wWIZI$I$)J#BsK@MiHtl!dl=02+^&jNILmmnA;s-B7>EUpu(rD$CA?
zb)clL?(#B{brba6W&Z*JGwo<kA5=t}M7+&<XzvKIh5SSY6`Z<ApMd`p|E;*}0wU9{
zVg2dp-~l%j(2~FV;9P8iSlv9jqX3FCmUs+)TU=+#8-k<-2o7+`N55cVyN+|w^a2#n
zsOutB*{LErouyPNUCKxWq`gKaI(ed@TVWMA3N1Msz2JLTX5>8;wX8@@iCowV1SGsx
z0TU#LLm>oF&=fw<)2fHujewoKAe@>@OmIt_1k)|Q%z!Z%D@THM<WQ_sz$e$uCJdly
znRV0EHKO~PTW{335{gaIXyCM)I?@3U>%jsoMYun+WtPhpVNU!H|5sG#qvS=#VuqYU
z@qz%*-*I%03hRzAfm*e#fayCGu+X*q%kAS+Z+FDya8zqNS||YZ0#?AUa2k3p+ialt
zS9K}nbtnO}$|kDQu4<#*Ehd<x0>BK?Bs$`rgue<mGvLTFwTEyJvJ8(<K%_EY6W)mf
zO1UD)ApMMHsFDbZOt9W);BJa)cQVwifSdl`5<hXH7uIS8iwV(fxhYg`2jOc$UR__2
z0gwkYI0h0Xqbf}SfzvYAa0uEmUX52AmXj`}1qh^t?W+}5fRjURPmEcty~>V2akPR`
zKnB~#)2WhI5@h))7!U+fAkZq<NW&&zkOJtb-5mv52GI6@KKX9FWBp&RfX&vfSd2wt
z{13NdHgP0;w%M$)=W!6^Q-YY0As|=D5lG%biRV}(0%ppR<Z;APWH|?0WGko}tJqpw
zDG~Ew+#{fX^eL}MD(WHhU7QAKA{(x{A`;duQb1k5O93qwxX>kk*K-R5y=J&j!M3<g
zi|@tZMnD0_;b)sU%W7cJ-KxZ4J}IciNjkjLDN7tcbsuY3QtgZf_$)s;4}T*FKG}p)
zBHqK~m@*`u0ZJi}lmR4Ta~8l9nEzn$vHn%cL8@#5T?)7f0j&##&=Fm^A^$BC=#pQK
z$a5v|3tS11&t-8V$Yt)bQFq~h!Uj#VW<VeG>WI8KN(PPna%b(s_R<>B*g?X~t}m%?
znYnNVB@#1DK9ed53*d303M+tJrox#Ji(jd7I>@h}erGat69I0l|IJ=_D-f==#^g!<
zox>9`0L>)es*!D65(+kPH$XGnz$t-NLl^;qB4~<Iw9`D;Ae%aPQ!3dVfu3#JCBs)M
zZSv2Nf?{XUO0}i|Jq>dH<a&=zCQyM6s;mIhBn@;a;0_2B!vKGQ_$>v9xlrC9v$w~W
z;>g1>`Dn~bQbL(DV3Ok#6|*dp#jhDSE|)-xWJ&9VVyW0s;zk4@K4+^sDX5&O0Mm&0
z36_t&^_UvL_ooT?#ECOf0g^Eb8UXtz4j{vzX>viJ{u%{zksy%+N}G?hj>5YwzGnfr
z9SvjQ2Ztx0x8(mckM+hb2sVC$6Eflh#Dy);LWfMC;^wqUipj7XWTFt*ssnMEhyQ~_
zIS5Y~V407V;vxbo0EJ@UKv~Q}S+>Xs838qR1A-b%;h`X4kov7!rvkcoVCO94EunAf
zpsj!narG*q|B2iWe(~y8`9>~lQryMi&}P;kk!dZ^58}j7uZZ0-gl1`kz*M`;j{yPD
zU0d<89FgBM{$YKA{d~esnd3j~MHJ6%Q7>TysJ!@4fk+0pDkk%R4h4A9O9gan23&c4
z7yJeUU?y~DkB<a6JC$dG{PHTtDFAsskpQy}^`k#sLtUa~;04hN*~oYKw2%VNL!wba
zvQY{Q7q>)>LtsG;I-q=*3%?aP0*O3HV29`u+A>*mkPL|spz#SxTotB-*aZx_^`2V>
z(3u9_7zO=4`6Uy?UQi7GKlRQ7_}w=c=D^{|qyQ21dFCO54ka-{Q3S70P@`y8%B1rG
z#1!uNwXuNA1A|RWe{&-95xI}Bl-Bg4Z3{anc~vAi3ZuEABIvZ60;q~qI~8z4106ZA
zRKTj3hJBp@tfN-EBe>t$xwsnl%X|YnfO32|DxVOIs7J3vwMG8}$E1)@l<y*m5g5*A
zC$)-!8E$wLr8Krv=Fl!OUmUPvi?7S?<+_3w0Yn*z5<v~zo3dgU8v-F0hGBtKqvwVP
zw2q2e=;A=){L|H2V-Rf(U>*v$?@{{Cd%?L6`dLHV2vlh{^A^rWtmA;h3OOXfS()Mz
z=>p4HB*V3eAip>3pmsUq<#&SDq0*%y@8P<)P@FBRgE0Dx_g)JyU;+4ts)7UZ8=cz%
zhHQ^_tUt@|pYM>rwH0`E?Zz0$YPbBjOLS}R`1I-Nxx5$VRla$d!(C{$I2|xsC+M#c
z;=2`9qtr!3dQQTS;3`A7Cp(yYTLtX}<>=4d9*FOVf=K(jgwVxut30ZDsh}qNfjSc*
zoh#!8SH@8l?sNd}u(0{1wWY3UaEQ3K)|vztZtn#^aYyd<{=xB~I1NIy!GD|2HLk8N
zn~i3c%)fyn;$5(Q=5c^`o#-nn{Tc9AkGymi!8=<)?DG}j`{XkUr9*-SdYnlrKu$&Q
z8<8_==sn;pVx$pOVE{TUKjmOGSb*Fi&l*@*5+E?Yw7a?FWr5xqusA+=wex9@#;<Q~
zU>xF<Z$|LO06uLrgau@?m$un#;EeQYMYCPOV{KG<kpyD!*=v5bo{TM)vE0!O6Wo`z
zK(rZi9~tkfo&r=+BY|H@{>UVtDgZ~cg++4^k5RRHyj!&V^7u3uKWQMgzu5_a4Dts%
z-u!o$@LUkw+S@(kOHm=d9D^YAzsgerL?%E1Fk7pl_+g?#2WC&ps49qA9`tp{UlAqG
zimZ0GTA>*Z{^CDLjxj!n$?rDmad`j=(7ZyhC<Rvq31%0dWT*-okRvj){;m*!iJ-*s
zb_W88-N4%&r(kwII1+Me|LEwnTmDzM94$VM$A<$nvcv$m7sI(Z*{-50Jm8Wpx5clt
zi@X)bksYp%hG<FH23tTYJ!qT0;w`%>x<N#OHDu3#zN!d1A{iD4U=$5Uf?#(wba8%u
z^=P{b0=+F@QUNU;@cTGt{P6fxn15>w=F40ThvQmJTntJOK)h2#VOLXOvWQ^a6E2m`
z$KjlZ1QpT=@tN*WTqr4m641A0)y|)?Q8IJA^vRLIUl_kwe^CuE2n1Ym0bPbce=7=l
zG-xRn^Y%k{+rir>A>DY^x3~5VPB`;#-wF3wu9+hPK+a1PutuDp>+q;ZxNaI0O{OuO
zhA(D0MT>*!L8aoYv!?-W3zsr-=8?@n5kDk;*2Msn+tvU<fFZ<oC<zh{V2TjXDvRH&
z1~Uy@+FEIofY&NOSjP7L-tp5;^QY&(o4aK6w-5vx=!W2q5PAj3%^0DTjCDhPN8~yk
zkB4Y&GqCN}&?lj2PIHv*pO95QH_ziR4&uKifM3kT=nfNMVgiO!EmVaI_`BBMJ2`l-
z<2(@F{kOq;L8SuLy<_%?0AM7Z$Y0kGSPs6=@W=0D(GG(An$1i`Rc*!FyU}K?9gpni
z$!K0_t3dvcG?H6C=Ln+9d=s@p*Oih}B$S>&IY_l8<6*Y~y364kA`#x)W_kGxM4SY<
z-u>WkBm%(m=P$eD|BU!A<6on0;g$@{LPP1gMp%`}BCnVH&X!@@x&2gByT#``9c1j5
z0?_oYaMy<{-)$=Z^;QO4lo`ka7z9KX1Q3Aq0u>6fDtvn^#LEP6XUy)?UCwj7r%MC8
zD|C+muxkd8SYVFit}_T&q6$E?gOYJawbKM-6=w0Gu_bX^__QnL`1yTrV-J7DZh?MV
z0XZ;3@nh2Qx#m$51rNxHT8J0?t0Ed0o_2I^KHz3C)Y}`uENJ`1%OkJYC#?Wxz#F5v
z2)?^V0r1(45$I1i{^5jt9BEOng9cLefy_^3sw)~^-nx5be%F<`o6BJgk)oogl~xzP
z@u-1J^U9)Bj+Msgo3ir7YYdR9vz(d?f!=f+G$3<Ar^^M}9<Z>mwkVGSjjbJ=?{ckg
zW3%H~=cBQ>0J?X0dUk6D`qL~sKFd!Euagy+bs~bAtEwr{;A@jL5w}=&S-tftzn$2S
z6HOrx6dkdPL=?*5=T%3JKXApFHBh&7A*M_NqzY<W9A`kT_Oxk02LLQACSr?TF>GyX
zO`M5@iho-H-XS@=2Vg+YZVUnc-6lc+?4S6LP72@xxK8X0xw{mD0bCAl0JAw~5$}^<
ztE!}WLRGrj3h;sesABe2lPg=RwcdgCgXY!P8zc#=w&ce>)vk;RdQTS*@(ci%UUsmc
zw)}i3#wM$QkBP;E3>SZIP65|p{+E;pnT@O=n*cC8-nW)%1D=@N62m*LYg7rY1b1;g
z8&FXBQzfx;*;!;`Otgy7@fRj-aAfEAoLUXDaJ1AlA;0bjE$D4Mh^OaPHMBJrEam~^
zj)3-|AX~x`WD{@)w<6<Qgl_pS{viMW_abvAj7L()7b>pZGW}Mux+)B^HNZ*HN`6Ip
zfmht6HCH>nA{_v*uh%*sEO8C#U#-RdbqN9@67olmc;`+9EOr(HZ=VX&IvqwFkb~m)
ztugT5!UL`vITP#)3b4ckH1QOSE65d>)I>^d>RcY=8hKkz4wQCl=2sN=U<KGs=kPBx
zM5D>5%h4ZrgJHCOxo&uiFIQi0t-r8<TM*c}FIZkGb%z3Y41jZhn<0RnKL!GDFC0~W
z6kts;l0wosZo5m{WsZQW0^@ee4N&~y`lpxtAmWSuu<Zps!F=i{w-|<5!%5PV?HRo0
zW~beIe|f4PD{y;mcSLW<FUtKb1laOUgv23WJA5Ma+3kHGuMh>f214}5smie|^dmYY
zhroK(5%IZ`uFB5|8>k4f#I0aQY<Q6=HF&Qu`f9yu)EW0E!{Nn8uc0IIkt$#YhWNKU
z2Ov$~vVgV%R;2vvk_ENQzI7(>E|-As@_^q{2o!hZ@VVYN@r}!{2E7h0O!A`XZEbW|
zfp~>z9k2pm0-_k=h+a3wU8-&Q8D61aqYmlG?;U}AE^F27_|3YITmV8r$N0R~bLUXN
zQtMbq+3xWa&=w!vUoivo`PuWE9`Fh0K@F2d=GQ{mC#{lcv|mn*3$r&Kr}Nb^C6G8M
zCu5ir14nq`r|R{X5%!Im$qe6-S+C3Fz|lK=UwqB&_!qQWF3=u|^Nt1W0suMtu_NX`
z!~n?C+Y0yw3a}b*${Ge!TsfQvE3Ju&jEC4=OMl~|sv|ft27*+O2h6^)<Tm<UtVReA
zMUw&?DPqkvX>m0Ty--JvW9hC4{Vg~kORVNKEq~huI_|_scn2ePDPU)(JqIYx1HCZ`
z|JhYOdx`te>BYH*BYHAoERc}e;9O0x6{&=($6{KHRW2j;`C{Br<V;T4*1TQcs>*&;
zLvsy7e}<4ullCo|0Q?(uVOL0kgnd;c;#7HP>ZS{{TcXQt1#EOGphNzB?^NV&`SVvu
z1eyI?V)8*_`sUWenfd&PkR|F8s7`i(p9ci|qhtZ)ipYAo7eMPTI1vB@4K9=9avV|c
zmZ`5Jw#M*#)fNY!Zxg)0<lKnTk_uZucP*gne54i&@D$(;Kkf1$>^@IGb?pD==Xd$5
zD<;7vHs$auV*W;NYLuMR4bN{)^hUuBYJhDRh28-Qtd9aWPP|k|ZKuWzgrd}m??s6P
zGNA-$f>*NnW34$4s0vrZYbkhXAtL~NXOBEXzAFf{%E2-017B;M4cMOkV*EQe>KK9O
zu>Z@P)uad@_T)f*t&B`Z%%(})hIxqgET_rREDX;jBxHdXsqIuy<N>xwoA`^aFdI#_
ze>K4>UAZ~NX(`hXgrKFdsvOGEqyjomiCO4qh{%qBr-2Rwz&!X7&w)R`vHs1=E5g4<
znMYA!r#u$yR+UP%X2D_W^^(cFK)ON)iS-nqx6}X^&^j|_@&+V*D0FeYfEp9`eL1Dj
znDwC-$T=eC0;UcZ^AaMd05}8vctv7BM=7YS0I31N1Y1#Xr#%JCBOqO8AY8o4lLO#@
zUmkzrpybMuw4!=JtLh5Lt1Nrzru-zkDK_-Dyqa!Hbk2fg6vKo8%vuwCMl^scJP0M;
z=uC!~`q1xnI^ac;AQ%8gfv!>z-wnFH?8)yng*+8_^M5!NpXb249pHC)Qov=_s`L08
zZ^|(o$?CMK!$O-5#{f78uRh+G;;*(Zc%FdM4m5%KNS{FbTghAjVpc1>_%0_04i|+<
zHIC+?2xq_EZ*x6#5ssPHm<aiADPZ?(+Z&8ZcnXjj*!DEAkCPE81U~EZfUon-e4cV(
zvo8K4SkrjZCICq1!5oT<M$L<ZLIdm-sG7JCzsN01Rs~zJ1Odp8aYs~mb%-a&J@`Bf
zwe2G)D&T*Eb1hSZKmPrm<w$0PpRcrtPzMI$^7pg7HUuPAI~CA&f+KMNROfcsKmT<;
z-?*%k0hqWTrEa>G;PdRDI`37gd)u}QU6(q*#sy-`u3>n7z@sDdPJv&jBZh;?z#VpT
z@&k<eP$1BR(6%=+?6y?Edt+p_>2jLr;@@{T4~A=0=%?M=79grYOWRAGcMVGoc=rOy
zn=uaMneZL{|C`V9jYckuF#s1CfN7A5HOzN8D9yTp|Cz2VN-_U&>7~Ii41oYH96@Np
z6?W?t$K;+jSB}2BqTnkUL9It~TZy*orJVfhv$PuEg~&B^7CfJKd2FcXu6lT@AlhL9
ztpPyK1rPzBbsE6eziwg}2;*l}-Vstm0S9Aksu)w?YL(;7C<xl;n!@vu#IX+Q(*C92
zg3EaFYl7WyDj+5+I*KX+Xc!hKBx<c4Vmc7Dk*%4!+vWXa0GwENE1>JJq~%T!SigaS
z2S>-;3h#u#Z!ivCYY+fhdWFykr8lp%>22CZJkq=rg>3*mI>83{f2-aR4|S0e$$B9V
zItugFdEyZ(ShcI%@zjO2hzQ5(@<7ipF`Q@ekpZj{Z(<5j<Bl-cN`~YqNi79<N5%8q
zC}Iq{YeW2JgaBe3-l|oJtBWOs1-BL8ivF-Bs`W-ydVL%GY5D7|Ov&&J79HM-Py?5f
zD&F9i+y{wDA`cNutcQZ|FPQWnf+~vAU<aZGqRE*l?QRU{*desso(@^-P{0nxfR8x~
z>NJ4g=5m;WZJ0cY<yI*_2TiF66yweXmfUegrteAvfX@T?+-i{>p(?z;#srx`%oTwi
z0O07dZ=$uGzA7ic<gRm>O>t)A%4ldX``}-cujDH{I7}SiHU`Yy*do%w1lHwV0BHe7
zVi3GT0l&M-<+9BhcEm^rt{EbsYZrhavd3Gb2e`caDC44E!KP4e8AO$>UUqkg+attb
zr->^D;N85ya--T36@Qr?<7wF(ST|O_n)kHEbEA0YdqA)&6t*@)@Zp$zDZ&i}e0oU=
zKpUXWGth>qOBe9Ec0velO1Ltcm!VJifbL?|TO>iYFNGIq_(8#VE6fdr24#8Bl?bRy
zuXo!OzzR&BXTk)I=2`4KqoiizEU~*4&^aL1rb6B+$&7&rgB=inB$&4Z*0}<VO^Jpf
zK>&lW90m%4nzARi#`O#o@`MUR2oxlsqj;q8nLo^ZWb6YW5@1&qc&B+z(GCi3J2H^=
z41NWg6raLCUgI8hkAL<~1uS+eV6_7TT3cbnhFD1g3Rlf+0qzA6`WEF0xBxRdX0kda
z^zt&2AwA>lMGo&V7xL`g#i9cOq*cgDmdja-IPCxxVOdnyIUBAD6*$!n>01Ef$|RU)
zr1VxOt>k6yq^dbqK$iuqc5ahvM}hW!AWs1&d@5Gk0)GAXE_2O>Nb#Tmul2+^iIx`%
zsJNmv!3`eSvnFOB4M4AY+uFHApkrqPFQjOGYGU3?lf6SnWWJ6ovn~3Tiim!;NQXF|
z0_MQz^%j?40?fOI1jUvLkhf*cFWopTq1y#`Uz~`7f(Erc;Mbq#DFDdTr#w*fI5_Qw
zzi~?gnHy77O|*7f4Qu29Oj!U|MQIYc*UZpFZAg<I;PUJT=X#jBmh`63>J55zKm@?5
z<dPbf66M%D!$^f3iSz89o4L@f+mbpJAVENk!*^!FpO6Qj3Pi%A;=_KcivwG934=^U
zMO#Bty^>}tJJY=>POLu4L$36GE{|75CIkn7C6G;v9dMecfqA3~2H0}`8XwJoHk&Ss
z%WWSa3lM2U?t2v=QsQ<(+*SbggFZd)I2Prze69hyfkqH9p}Nq#<KeTTc{LoYf@pAx
zQ3cm42I^I>BwBMFiHTLG((V>x)T8yTc(?{AB0p=<s5hhzq%jbw5}ns-n>aHA;_M35
zHv6^$I?hd9ZYf~3!vc1ALjXZw2L`%Vmv!t1sd5+t268#Wt$JKm>VmR%MYK6JooR7Z
z)V|zSLA++U91p#UnASFZ`SLmT2`*4=M}N^EH8GJ^_j~~ah-slywYiQ61_TV`4aFFp
zx#<FPEd_LpiN?GrAeq1pEP(HZYC}LipXC?`B)7OT&w|^+0IFVYMxV3`wj(D2xLoS>
zE5-Lo7NggMW$Qw8Mn27MtsiGIUVbS1AXVObK?cyoOg0BiZkbjE`4)XuO+cwDb{t_6
z@wN+eog2J-BMb-&@G#(crw3#y6|Ra3U!};~pir)nOT-DBv{cdI<x(NHD_|Gw0HU-l
z&bh0~Iynk}8jpH)#yCml1qt@d0F^(=dvGolCX#9#9k?|`CLs4v3mT=lswO5$b21A2
zMG8oC?+S$mjyubtuL{@@C3nHq4N-lo)!OEX_%Dxek~ZCH0myGboxfGFZ9i?V<zz@?
zuv&*YDxM8E%pZ8gDfeq)S1d&xgQqj)#Fd-lx)OOmpD!iM;4fByR~T+3LtGBPU|b6W
zKe^23nstjbU^dtdILkHUkxd-o<sm+dWST44jffMR8+q})RpAvLBEDeYg&XbsN8~=5
z$O^qpK+LBB!pudnCz9L%8x*RVjQPwy#F-lH<5j*l3Upe)`i3ls?8uvPPQ8A}tBdcN
zSJ`I0VKN3ABEu&x%(+i1v6slDJA8J8$jvHU1kS7N@*+$7V0G|ot~jml5SHLd#YvkH
zB}Icvj5U#vkRO?DP4^}URasqB`BV}2H45lHF=457b(&y7$c4EdLKq-h;(vC1eSOtv
z@}4j}lFo55%c)&aED=|3nFKRH)2kq(*8t3_<C&x?r`sW$E#*f95s<}8uDLDQy+5L#
zE>bCxOx8VTbZg9*TFoVTFUN{tG6^SmtpYj{LaBfaITW;ye!x?COEAvH!6~QBIzYf`
za2m&a*pNH3T5;JGqLBO*!_*wfXjQMEtBOO<?26><27g0E_7!b${)3=HU38$rIkz|*
zg(m=!03#=(KRVvmJNqg)j781mY@t+JSioGj3v?yKd}=^~4~c~afB>ilwPV0{*O&P#
zYzt}HHBx|>3Pj&ej6|4Zl7{YO!7kUx>1BDx-05-;Y^7zN9ynpQBTKBdiry;cGOj3S
zyCM))m`_2qY-OA_8mtEV({)$UP)`A_v@~1%8!`-jj{-VsLTm!!{7~K)DHT8t;54s@
z2k=Y`SKxUf$mM1SFoEr|YKR?T=#tZmw53m~p5SUln1DPNLsi?RVY5mwDd>7J!22Um
z231BmXlHswF`ajYnxK{V7i{_4T#kLVDt|v2$Nvv5194bw@<N>e0000<MNUMnLSTY7
C`?wqc

literal 0
HcmV?d00001

diff --git a/geonode/thumbs/tests/expected_results/tiles/wmts_8_5_4.png b/geonode/thumbs/tests/expected_results/tiles/wmts_8_5_4.png
new file mode 100644
index 0000000000000000000000000000000000000000..f6f4a57d281dde2800eca14b003f8fc048d0ab51
GIT binary patch
literal 35010
zcmWjIbx@T}7Xa{ET)HpaDczly2Bk{`M7lwwL6l2(cc*{|g1{>&T)I;_FWrrV5+C1h
z&dhUW|JiwVXU>`3jndXs!NsD)0ssKGYO0F5008hg1p+X@&mX5MBYgk>6sE1NuM`y(
z6&o8H7Z(>FAD@_*n4FxPl9G~|nwplDmY$xTk&%&^nVFT9m7SfPlarI1o12%Hm!F?s
zP*6}<SXfk4R9swKQc_Y{TKeV7m$I_5^78VEii)pazgAXOe*5;Vs;a8Gy88R~?=>|w
zwY9ZBe*CDbtE;cCZ)j-v@4x?k{`}e4*x1z6)ZE<M($dn}+S=CE_UqTL_V)IUjt(Re
z+1c6I)z#JA-QCmE)7#tI*VotI-#;)gFgQ3kG&D3kJUlWoGCDdsHa0dsK0YxqF*!Lo
zH8u77_wVWH>6vF&53|qK)@QFC=AK<W%s*RRncqK|zj|1Bwz9f_+F1DWu=s3aYjJaX
zaeHrZXMgd}!_u=g)Y8V*(&qNk&i>ND$<p)S^~3Tr)cW$)&hqZT^4`Jn;py`A!^*Su
zjg{@)mFtJqXB(TVJA13w4{Oghx7K#{*LL^Ut{+g(wzg5v$<4$1v#ss*n}>~O`-dCn
ze>QF&HlOY8ZJwNO-aKqQ+uPqdI@!8;*nYORzrBC3{hZ%E>^$2)*f}`dIXT<8yxF;Z
z*nM_*w0nBKd+}%Y>UQ_fbKLDdkKaA)Jv%(wJ38JwJ>NUK*t@*m`*XYZ=Wg%%Ztv#b
z-tGO~-NXK~qvQSKll{~4{j-bxv&;SS=eXLxyxzaM+5dC9e|@)qd%u78aPaKp^x*vR
z;Nt4w;?Ke5pM$IGgR7f^Keq?h&vAEf_i*^^<n-|L?C|31@bb^$pWDOhyQ61k=SLS;
zN0)z&uC9-+?~b3HU!0troSvTY)l$&_0AaUkigNnCxxXG_LRM_k=^|G&>VEXoj$f&3
zX*JSv>%i8mNe&;Hyw-g2rtF!6nVg9_2jfFs#P7pF8LIM%ijkoM1P+V}jIEsWA9Ta!
zTTRl)^L_1nye%tQvpnUwG{`c){_?uK*~+~HHbxV%{3l%v9NefjxmoS<X}`S9+nrl@
z5aAuaT;BIQXwhr@e$Zm8=Ogit*XQYdL~HBE*4BUHH-R6{elIv5(9n#X1<%nUTjQMq
z^g9jG4L)5R{$jc3c0Ja=-+a}2dH8UfQS*?st7TzPd&JJQme(%kf4*Ul&%=m3StWd&
z2<aHNjiCEjpCu~Ub3-$Va1`{#UfsTYcPh<LRPJS<pSG#5loj|5(iGK!+XP6L4IA}Y
zxFRojY<jp`XW;qG`PLezaNOBj|5O?XLYW|39K)G!|I`5p3oAJ{f~I&n3_#T5u6~_3
zq=Fr7R?BxeD*sxw_DPT+Jsu_`Ykf(`=ECFZs)ldO;VhiQJg4&Wxzn%m?gdz&&09un
z1Wte?1kM@}*x#>0%LQG?tyz<9#~iM)Ajb3gV0D9ct7UpGp|CE75be5AMGPqo2GLPJ
zO1wWln{|fL8PDc|E8oX~BOwtg<2o2_5$6(*>=%&lUfynE3evSI_nm<fO#cB+vxSdz
zf8!tQKh|8f<Efq|YJ#xD)`~F_%a$Z1r1JkBN1LZ4$h`odQ_J4HOO^l#?-}??MoF^l
z!@v8wU--Apz2gKQozl2@fd7VNqD*Fhs)&$ZF9e0ch3oDnPxMe7lwqLAAYQQxQ+h;9
zu8ia(%P;guMMKmrFPu3(J|VE$$J6N)$&{~1iacCm0lWk*N+^P5*jh@;kpu(t_UCY@
zH-5qgQQJ}1kBY?Rc_H1KCBNQphsWQ@l&wj>9$pgwnv0{;eXPdI9rJ#wd6L-&H&&MS
zM^Iyqu%kxfeVX^&GS9e8>A-&PXH-GDHML}G66jKBgqbs=v~+Yd)J6P?&|FQ2q}8e*
zR^+A1yXq5}=PhV1P@sn&uj7s`caY)%pklroqXXZINTlXh{&~pv(|^(n==@!>*=@ph
zC2ZVT^H@msr~Vz79+U|Dmo#>3FwQal@G}jyngZ5tZTPEPKzB?7<beL?)8^CEsx|W2
z%~MMHbIXkvL=0Mks=<kVPg@8<4mqU)<rSa*W&%eFSiR}a0{__L;}&ytcI6w`ULH}%
zYWwcnwHc!K@3+57|JVSkfCN?4WLdxx<hJ{hu0*N#^CaW0ohe!cw6vq~?~gwPApRw&
zpTSlNLdxGM1bwQd-Qsv8;W2)q_0e{0VVQugi2zX<pxN`ixnG&IbPt2)gpPeHFY0BN
z6)cY!Fj3f5rvy?#HR~549mO`wFGL%D(R}~->wO+rdyl~1&mLo9wbKxc{k&l46*Hed
zU!H9$oMFdb<KcIbN!<(oYrmK9f4rZ4)Jnj|o4~kOIv1nN{&Z-2c00JbTHm6nmw=oY
zeXg%$Duq{gH+cBA=&cwp0i2KP{j2Ba>qm3Zep=r@Wt89q?f?nnrKX<hIlewgxB;qM
zYoM*0MJt~^Uk(yFGRCG-2Y<t;!-w)oO9Xfa;PBoGn|C}sJiOLUBG8h~`Oif55(JT_
zWjK4E1*q`JpSJgaqc4L3&)f>&wD#>LZ~$MVa8y4xJSedD&zh9`eo4DCM|`<;n4Mm7
zK!O{=h1I_1@cSHq7Jj}IkktMd;BNUbWE=>ip`N>sx9zX*==%Hq@t;b6{ws2-^J%j4
zt#jwkesS_Unqr`f_Y@d3)a_#OzlJg4ROc6(bW%*#p9Aidh;P2310T=);-tbY=CGtS
z+>mCEr6DFLz5L?N*u*!z>-&xBfC*p+Ji>Rj7Ri-4W@g55e>Mn21!ojI+>+$plgw!t
zwMPuN4!yh;&68em+He{5YPjh)zdvJHWjC~csDDp`Rl*`wA-=6c;`eUD%Qf#EBfxhw
zqLuE6L;dVr10Sr(gHPMMXW2IYDJoD##vX~!Gq>w1dLAfH-R{MP!})Jhx;9irc(Nb@
zs7Y+z;Wsn<8M&HLQb0>HE&EiK@WhV!->ZYR{1(k^nD?6w->CF|=pXwV%k*eJzqeF}
zg?}*(`*)14h@@HlczqOE51^FfGq|Lay=*5qT__h@T<xr1I8S+xgSG;iEswjg>@)3q
z*%Vz|^^Os_zB)Q&!*eW>4f2%IA#28gDUY_V)QTlw9RCzRa1kJ0crLr|t*$%&t*aW(
zr=eMa%pr5~GGl65K1T!XOtIO3;X#jewb=B?S5Xio741YB2M4Vs8rJPrjsQB?GXBy<
zB^2eaEBozNAB>0?aO5W!?H_o$XA}2ulYr++OY5t3{W$MoS6^cn^uYR2{s&tBS9fEX
zs*Y@8uP6LTNOLNblN`)n1aRKoczj)DJJXm(Cf1yo=Om;@jhONZO}bl<VU0I4jQmGV
z0M%^vB3^a#^bDB)+{Y>7`?NFi2XhqU#c62hZLu8|20>O_PCnfSdK0Tpj1~k3!>`?j
zraIYRA7V`e)p1C|T>f970P}tq5M<$;F~j&KCjQMV8H|y9v?MxZPrPZES^AwCq9mI!
zr<PfnBEE7Yx@~}KnB$OLMRK)sRSP-a%JPj3U?%C6k`II!%?L-v+B^so0KAN|yUITP
zp~hQ(%hxvf`|rVK)?6kQL2~)B->1JEpyf8d7*BusbbM07bvjcGoh?5dji@D5<BI!G
zwqoc^7?^9VidKvW18QoKbJwVfkd<Ws0E^fY>FKfbr6?c}u`n!InKmUV(Jw1GI#-o%
z?;Jq)AP-JK+SiIQ&})?kyAtSt8U_L&9R3SsVDQGH44o7%fSBlRjD-L~yT&>+Ku13z
z0Os2*iUo`JFZ(k4J6FEW{S6c?SP6c6Ghz6j`F|~5ZkJ7AAs(P*DdmtcJrn!Bb<23G
zG?4|_d(dkG;(59FoH5b7^@AWRo&g}IuNOS%{jF0is0ZA{mNB1G9<s~O^)~hoGS2_r
zmOb>u0M4a&+F$O{qj91~aH#E$jggp<7B>9T?M?&)G~J%w{!AAQGX7}!H<D;WZ;Jw*
zPY;tC5PiAC3PATmAJ0!>qAe8NBc$(qcyD&`1Qj~f`-$AvjzePUY|hHPVmAGSFU!WB
z7O!Y+{*T&Jj4yC7<Nfb3!`R<RoTkgZ+J76KjNCvt8wBjR9pP9>;+RcK3F=5E+gr1>
zzs>0F4Cxrt!hZG!t&ibaNEmHf;Wk~!U=>F1W=xr?;<S~G8q9unJOjTgo*Ka$EQ@B0
z0VCBXKVw7>qbmS&?roi+mY4xH18P~)4vEMB2gu8W1dBM)_p8ih%G=1i)D$w1y%dyx
z{vW0VI#L-oJEwRF+qP;X2rzKlBxdbkOdg5!>?3yb@^U8(Q&pvWd4AeqfQJIPsWXd7
zxV|x0ZswoD3@9ky>h<6H){ILGp%z@u{w0<#{jaTE4U&Cf5cC#ZY~0a!>?_H6OqKL!
z@`_J=Z)hkAIwHx@SkQXV3*0(Juf%Sgu3bkD?6e4QPegh66EqnlJ$iTDUxZDA|HkZn
zQ*S2vN4!-~@*;EUdaCD37ooCGg5!!D1v1X(Rzj^=5)C9{o`D4v$nYM+xW$@E`O?i9
ziUI#537MA_>uSQW0}OQ|4E^16lNCbmqm*={nAb)3oL>&$>8aN8>eXefa^2pW*E}Td
z*a-6;SL{mRSPz)o`846Vtx%{)Ud8H(kNOW@ZJGekGSIprDi7|nhtIrkWcm_C2Od*G
z!1@66NT7uv5J%=?->bedsQ{h3YPe_<0voYAqt7$B*KJb&qC$Z$TuoC-fm+L-&O-Kp
ze|cua6|J>v3g1^$fh@`}@Fi~I7kd|kg5~7hjFnc$&;dSP=Tjh*%yl}2m3aF<S9;*>
zo0zacg%=*LF99p5C?s`F<9X}C`6ZJl{hnnH03)DDci2S9O&$=7<rhm*4Q0kvy9W*P
z4u$i=4dF~;26m_WqBV!FO{BO;H{YqyRtB`;&bPkEBn5b4R~7iLPI4z;1A}gxUjq^z
z*m*Imyh4(HC{|r#Odz-b_g@Ig(1){=@hY^_l3wNz7p@1I1|Be;g$2?-RUEqukeq=G
zZF6<c;*RM>JwLzwLavVrpQ~q`z^w}K)Ryh8<Z4fXCv7rCkNq^T;)zhy%Q&JeY@lR^
zpL5SEa8O^^nv&|40!TGy<4Rvw>nIE=V@zX65SoYopye7<N<c3RUb#^H#vc=0$R~9q
zwf5A~a9`8*_r=H2Kc(Mu&a^%q?x89^d#kUZ`k1C_e*J{^mwXXTes`G+zgS6x>Klz<
zBJ#C_H;aQ09jhgFUCZ5@ESzTOt2?sO2Y@(%`B{)u7kNxPQIh+*vk!JVpIj`uL`~5@
z240-6$x7Ly#!?DSKzm@@f}~Tu?#n-d?`biEx5rG~XT*TUE@IU$&Dg>Zu=D1y;-sDF
zb2iNaWbv)ftCd&q@r%Q0sP*?r>d@x^drxUn2Rb%No1F8w_u~AR;)L|le?_ZRTQF7A
z(jOr;c3#GF=;)c=+2sZ6gLW<=W#_?;881`K)iAq+%_{Xo{+X1}PYgLVjkk0vDGFt*
zj_t60U-^K8CL%d>xQe0?UI0KqaI#h|_hMjR#79fMW()xNov6vvDlp-VlwVgMe;@t9
z3-rc#-5TH{1aJ^eE^~}ZMf`QvEb^<?eFZQRf3=K#O^p_)ym}<Go=&6>U$8_Nl8m^}
zR2TF_C<49c-{2I=S)j4JyQUVAU{;~wntT*pdMa<Yw`&@>2Bml*)BplL<QUa@-+Phw
zA$WzR`cZcbisH=d)!YCT5-_Q7BR*{}ms(~Lt)NiG9u@)G!SBLyiBIe8<Kz?oW;#SK
zrBzS`h+o^XacOM|@2)~H?=ffF=4n`uBjK8&12FwBCB&``2bX&d_T=-{jD25swD#4x
z!?I?Eey?+1eYVCcrMLfa0nEwhpc)hw#F(hqF0lbQ9*YmJVzJiw2@vOG=F3am1bB?V
zqqeGOVxz5*1$0c*ImdQjb&SF^c<g6=`u?QpOeFY>*TJpfoqqB(qgh{XgI5%l!QM|s
zxH^*0S&6z=TP^V#uK98&x$7_>3XtnsJJAw)<2LmlU6=&jf3#e5;_K5>%^YaOMHnNC
zc=0KRIRoeCDdJ${#zDi6_byy`U|lJq)vc#p2?AFRS8*CDc3TgEBY%=!*8$L3T1#71
z(~f_a(=^Jog|iDc?&O=60}&6XYG?hd&f0tMAzb+lBOH|vH}FP<Cp4{H*K`BwW!DQM
zU;q^-J;*sV(BDjAQ+x?ZB>cwjrCCdZ0`rY9uQ95vvx%^0g_AN<pGb(6r|1TlmE7E3
zG=SciOM)*zT<Gc-${+DD=*w?JnI1z*a!%*a2SRk}^ONwvygz|blJhQNfQ;PPRjEVZ
zXD7V~(akXa(ci-2^{(}zJSUF5*#u`JPJ}>S2AA*QnyL(iB!j}fw_e0sOmPW{A6`v;
z<`3j;tcdklO7#eO&nS1Vv!d9`0i}kMRDMJcd>Y4p5>|Ed<%{^#wv&jCqFj;v_9+>B
z6kIegT@@7A1eLG&?I3r6h)~(FVEoRKU1KjGtxwkLe8M)872)wW)j+)ezEp6(MBLZB
zN{9IPZyu>sF-f&wKkSFxZh6xU@4&-V`MBA=V;BV;UCCT)zf-{N_i<a2$~MnM+o})$
zR>FVz31#HU8iO~*X+XZTgn-jl&vKV1)ffssUnCz|xNYM5R;oF#S6}N~XWlLh$S4Q-
zCK#`r+_Osv;b`kr^e{jc{K5&pvFgVa+;PrSK79BTTj?>bVB7QSyGh2}=Ht@f?j+dk
zg(~5%Xg|GJ2ZJ^>&;%eWL}bG&IOdkAj!yq(!r8wYT!?Er#n!adB0p(wuj9_JLBs#z
zm5(N2k;EOv9%5l~U8BaPb>ZrDu#(Y|z8>LL%I55yQz(so(Oi?S5g4B_dT`zlLseZZ
zZ0>h+Rd)&O4Zut%pR0h(=u&L5K}IPnysnzj{@!ffK;(%uP)$dI_w-Z!bzk^TE$^mp
z3#+3?uLp*ifab%$U${{0RdxQvecWEwTtC$NxS);P9;#*lyk7dgYt=xl*Y{i8$0P2I
zJD_Jti$YD~Z2^FB12>!tDF=IG39tAeTwAfD>8@1NQ|HM1Wy6)>4uos8+tE|beXopl
zq?dZS5X)#5d5gqzld-Sba5jq;_+q4@mpxe(%8U>Y(aXqi)n7h#khdX+Z9$2pf{96@
z7N);uOrJ!#1;JC7k6FgcH`0q4a9fBkKiPSOfL_7-xfrKls$pZXf6;yGJ`BCW3`7GZ
z=E=&eBWBkXAkze%eM^uX=aY-Qcf^Z3%LmDUh*iGR9Eo2dl^+YG3Piv0*$ANRcK+G%
zM+2|ja+I&zGs^3TKq|`bgMJH0*3mF_q_cXd8&B<@<z7|oPcelB98!It=V%8Dgk{b-
zA+?;)n=J}vPX;Z`idHDwrnZi#HZ#;s<|DF0G8exjY)OW=km_~lU{v5NG{FDsADX3L
zd!qnQBz^ScInkWyvg1ncjCJRv$;<wBM*JqvZ%q}k+cc@=dwhq9`lC6Ika(B0u>0!$
zAIopcWy=GES2hg~_ck7*>$=x;xU6B?7^=eW?V5g(I1vWc_o992n5SkJks+LepwJmb
zst#BkjU{gzutN{&U2AeeKYl~+hypa)XK8G7u)Z!F>`hMhS^9I{fc{@h)5%~5v{rL7
zoM`zthidd-+6o5-;^)r{O#=vPWeXXRPtZ9n($PeizO{Qyff5(8iMiMoGTRJdMyxGr
zb^|qz`Lq^&A4Op=jxEc{pkkeuT2ZH9%fP>d4#Zd9;yH#*t<zFt|Gk~!Q}C*jQB+pq
ze9*WnmL<!mjDlHyM|daK<L2-tw|=fJ4e{r0qSM~CzNp}-aQ$Q6J1Ha%gx~_Hy$4Kk
z$l{Y}Z&_Jx`CV_%i7Wr9T5Owd^Eb(D(`g)cH57rkmiyUwT>^S33RziB-EBtmWE&-_
zc^1(<Y=GB67Xk5c5*@BBLrbH!UQ+$yqbb~=;IzI!%aV>t;LtMqc(z1<X_!{I$4TyJ
z`&Z!zW)!J%lauGiw;V4wRukqb`PP(PnF{-o`b@cOtmO*a%lLf~>_0uh6xi_MhLa?8
z<bQ@|jj^7r-L_WIvl)p}0H^-IIJ5d62SsL=D}U+&4-;y0$BNqgBTgjUOwNLU#qW)t
z9%D1;2te1qSP^!TdhL%r8UfR5HYFkZk9ol)uq$*CG;l)msIpf9+popE{8^#~@5UJx
z;UB`Ed6H|cDv96vxED$N$OxiKfaSNPr=>FXsQO1jkeRUXNk8uWtJjH$%{L}@!&aGF
zzuo8x9h6E=o`$~d7QHkyY&IbE6Yj66)gn!B-CRj3KeANYz4|h|t)u^4g|b5LgL?xi
z&^Yj}QWN&>6}dlx0W?MS^DVt@UxTjQfdP5h*X+`1&ufipNxJc!Pv~0!AuesEd6u6p
zD6P1CvXe~7(kKA|xmXXLWgD}?<F28xuS*bjYF+>DlDi+LnCx-vTw7ywW=geg|K>Cj
zee5@a8aBqA;~qCxLM*tWgs!9r5SGl%xQu)`b$$MBH%B?K^t_&Dj<oxEMGEr>I>$ve
z!aC9LL_1zboL7?K(1!I_c!9amp2iFMUK80)IEO);b68fr1}b{Xi<w~8&g@$Jry*aN
z4?OrJ@^5!?nXyb((No?KVT(&iDJlanv~`HWV%D6ovhR21h*3>ZpMH{MR!li%2FKF*
z+)!0@PueBrh$HledSGF1=??{Y3T;Z5CaS+AqE$xPF1T3Jdp8|UlN;Ij>#~RZ!|q7_
z*nLZf{1_2|j<~*(-K6|I_?0Jk3*bucnLSmBXYW{>H~OOM<Z}q7Sl8Lw)3{SKEnDU2
z!>0xe$TT_rtZ>wO^(El;aT{MAWlW2}{1r&=KM{d`shsXnd9wxT-%KHAo(wfdTXdr(
zUzSr*Eq+_|V^Q5s-`#1-D|f;twg>h49YT<q^xtWMgKAkw35pbi-fyV)_peRlH3yFT
z3Dij9tqE&41zzBIk1FNQ7BuN6#;H{>Hcr*C)z$HNR2?X@#4d2)8I>=O&9u3d^E>0Z
zZm<n(C&6h?+|)$*BG`~(R7GdwOo6fG*l)2u@8IqKYEvtkGh)UbzsUWu;;>cV0T63?
z*ZQQDGoyRkdj2tz$W=n+P->^&tLc@lwso!fZ_vJ|9x+)B`I~%O@-NkSRrwdm1R4GO
zIfcT6g$y`%iuzQ#R?ZziVyfJ!9*f@kPzEAS1znqu&84WX^5VvU_@q*z@z-Q2J5qM5
zUzd){8MkHc7x(yXKXV@xWPJ8`A4v`tEh}t*&H>U?kkuUZFeCb5j^P0h;#>H20K57~
zv32TpE^%z-nsK*`3P$c)GuC?)lb?c%Wo(9gUg<A(e6zx2&Z@3D7i{8g@6K2I&CDa;
zI3{o|7+$mWtL)E>@y)N~NPl!cdm)_hnN}IqE=wUt4@h^tZ0-BYyW?h$H7hbmgFR2L
zj{HmNM~VIDi|k@6=LTvZaf6on<f(kenf7x*dXDFEbcuOeiIHu137<$`sEvm+98Gs^
zeBfaGUQsqsw#8>iG1+LN2{GTY7>`eQZ2LO?h(&pH{OSIvFkjkf_T6Q!D%E~AKI=N9
zB2#4@=jCgIpZPZQ=-EU${P#Oj*cR`W;qe|LZ-Wm?H0T$6=2N#?obSn!aWe><t$Iz;
z)Qa4&yw*wFG5aaaZz&B3xwD8i(|d0y+1K3}z~#aDkV>z`y{&4KeksX|w8H|Lk6L*7
zGvo1}qj702_t5{7SKoaw5(0nAR{1b_G+&m#gN#zkW_DONGNk?YeHYyV#{5-hiw)9N
z3{C=*JD>b8r)m2g+V*BenLo-&EJc40m7#xT?Dj746<p3hu)^o7KXua@k4HYu=22(1
zA|bn+yZlS{({|f`KaT$FuO{6bp#~>or`AUQO6UJ&Vnr^K{XNFas$tF84DK8)uHqA{
z8WpUY8d{%a6hC{QkDO*6hSR-{`^A$ZP!nCtKIbrh)_F;(;fOs+94LJUCZWR$Z&;W8
zPa%NJjoKa&j_%e>;ggVCmR)Iqs3dlK03&G+X)4-p(hi?`M`iuOSKfJ<+>C(NrAVo@
z*^o|(h-LFd@rVUOSL-*))_(cMSy|gQ(LT1U4(Xvf<eg9AWNXUbqb@0&!dktY&f}}g
zcp|-XhXDzm!o0EWaJe+48MvW?-V=shaPWbHOC_)P+t-J%Wtx22@%VTLWY23Xz|Y&V
z@#_Rv;kI|<zC50NE9+VPPH)O!S79b#+|5PgeRw`|HuNx}l~3rm>Ljxf>(R%2yEg<O
z+5nZ*wvrI0l|C02%dCMp>V?H+Bq7sM=A|NwLbE<2A+i+|DD~RE*8AIJ(0wrgBO6`}
z<V3uwtlP9C`8%4EN^w5~W0x8ieHdKTa_A^`Im!VINwr3$;oILOF?k>##E(7|_p4F&
zk$MYlHyc{3Sx{tEbFwEv%)p{*ojH|X12+gql67f>9bCqK_%<4?A0=)po@^VF&T2&k
z)*YXvV0gC1L6EeJ?N2tBX;;jvrcpBF0rYLF`}7<4CHv={qq`s9Ia=iL2IAZ0NqsGN
z*r1@0x);sMa4(*@q@4T0b@m-Ql+HH)MKs8ir=N09hDmS~wnaaVcwxR4gbwE~1S$N>
zEf|}f#~`3!<e1$#b8}L2>O82}`@zM@!(&g?*#z3_4u+pyQf@25R2{b2(7ltowFvO)
zsN0dlO_a5gBOXCv1ZZ@tZGN7Yw`pT%K>K#Pf9P6MA>BDrcm2YTRqXz`!sljWPVNL&
zB+voh$`?8?Xk9U)QZSjBcdB$?N<St=D0YL~nTY@?cWk7@jfNp9$qZ7(pW7ktFG>r7
zZAM(`%c9UL$@&@TjhO6TJAGd|=k-qdKuT|cc!yupeVtt9Of(JQjK*8+-k%O%c{NFM
z@BV9Ib=5=hNrPMa5Hy<I<wFZlQFv+Q7-lFl=fSO0r}&#m7=!gY?7-jBUe3Z!$I(^|
z2C~=?dL<`}pajK3+CLZ(xAbP0MdwIY9&<mRP<FX>nhG1tb*QeoE_ii);EFNBl6?}9
z%Hm%EF{@~aY=Q)jznumO=S_tq3Z?nfUZ=t0z9w|Afj?@+JKP!?H?k18FlM6PE$>TZ
z0oNpI@x{4tu8m%ovf(L?pTp<+`OOiGzl+&^6mz{4pdp9A;A-@f?7o+vUVFHJ?|U%t
zI(Ig7UD8;oGoy#wKO|ssBttQX^dzypzPi$$ry;!1UGUMY3vwkh(WeyA25?^y|0`pI
zjzPBUT!?pSkCGpMU}$7NbzGVkql3MPm8Vs~JZd<oPonDiP+U%br9`Rp67rD{%wrFP
z10}6&ru!mSYc()vsSOV7IouoQNN4Y|;0V|f$fLnUgjKldGm6JNycjqZHY!{&>bF)p
z!?d720atT%52goB*rQ@3NVK%pU5hovSL!<=HfavLuY%{Q0!|<r&E4^D-c~*`a2sWW
z;pNbvw<kO5lJoC`omB^KMQn!>{tZ&g-E<)-9nrSMa{g3SsWq>Bn`C22!%NTyNCQ6B
zTbS4j!;?UB)>%>B(w>@sK(IE<3CDHbPhlPGq*#)0@j}@E7-e1`pM>fvH70T=jK%BW
z-V^Tm{{2&6(yW(BpNH<U_!oh~H#sYAR83=auWJjZ;gKaAlRbY}X(L-H`^=xrk1-=Z
zS9Nv>ac3L$Q_sab>0l$!UWM9#)cGtDkcpJ^G7@bHq9|~zDLM;iSnh!2=P0nYo3k$p
zMExjy)<3e2zqo*-Auxd)Fd@>PcXaID#6!23cKxTzx3xdIX;t~R#Jl>gPixl;pdbDF
zb_!OtZuTi`16o11C7X&o{?n~EN2E3w0y-<ilZ_%K&I{%OTA+u<VhgT6V$?A*s3+ph
z^Y}uyFjooLDHk=s(=VJYtEkQ>EXKGcksW2e`Th(qhl9|%c7?kNi2D)GFU85>>A_m^
zL=f-id)40%8YGjLpc(IAO^(J}*&^v0%=^Ylq|+1v5<oE*%+ex5D;<$9>ii#3|Bs_6
zd4eF}P$j!&AQw;+oZ$8e040P`odp>0QJ}0tBhwv_dbZi1NnP+dY>0RfhmSI=xHp^T
zg>Dt779QmKD}?xo);Tm!lnBrO2NB%zdD64&F=|pB{Pa94_p_UYl|5YD8n)gSB<6i9
z*O>X&;9!v>a-IL8vK;nRxv`)~CH!S-`3LQqpfK=g2Adf{AH#PcjS(&!B(&5V1J_6e
z%LyW3Z%)9-lYdL%IxB=DZ9ps>ug@(k=U*=rFAvLNHs}n*T7O|d4oVh^Azc#Y(k_ld
zyo1sO%Z{e7(wcAFAf*Sqq3m5aFt9`nk|D1Qw0ReG*E(4CnNP!SMv@;Ob>_F2vP-~8
zd*4-KR2l9TDnP2g7jp+N)xnCvz2|#rb^G8}1XZu&8$&Xx(q=<_1)f*2R+Yeg-p?%u
z`97FR2|zIbufZS(%An&o+Ex@<Q<f34@)IyJa$4GiMp84%YxWWNEh{=2iyzCl1&w<F
zKKsUE2)#f10N@prAjk0&CkXAV3g%5Lzi_y*a~TRg|4z#Bxs!l}YYmhWWB9eqm!<_+
zh$)Da!)p3PNr{pYj%ABJBdzNh)=fZT;QL9c(gf>9DD5J*ZSyOCKyeuV742f?Go!iZ
zk~8>^6{@Oh%&C`g6cZP}hznIZi~uF-fgz1IX9?*}g;)cVkDXRTQcNrsrK}&BNu_2M
zr2lRd_K_K7zL|0HAv>KpD|6ZUuKXG;XM+DFu?05~U~*X?+c1{BF9&f5{|MgrjQ|TM
zS|GD93xV2pUyIq_z{EztW8oT_0>pXXdy8z4dAtE~{QI6?Nz!O8JqP10!L1*Pou?k%
zDY;e<8tkh}-u*I$k!vxZy)ybmTEUyhUw^o6bjl*x)nPb=f>^Y5aHU)R(e`Dr=7c{3
zXkpvsaXS%DoQ*qws@f>1BDE7!lGkCNc{6Ugk#NGVl*hsYaF~DLmG+4`6Tfa8w#*R%
z{hMKT)c$RH+#+r>)pI8XG5f>TT|d^z+A4H=%V7wJt8oV~Neu>!PxMFcqqh$$qHj?u
zQjREX0=Deu5Ko<ilk0lKw_&x9Bg!CHE~mg0p;BjV8?*gI^q9`bR+q7FZ|bgr(dlq6
zt;YhnTgl%|>U)mb9+5MPVkMaqp*C(X0Lzh@6vt=)J7~w>Hc0Iih(+#WW@ynNdPTpK
z$I(k;=A3Mzp)>W|P=0bLidqj8Rz4r~{QPNY|L0Wl+G+9%Quh4a%xpq)1E>diBsyxi
z>X?3)7-lXDuSnb%(ia>Epa=Av*51LPIaUtwsqf?vWxLrNWb9A<57an$Gd3YoAGUAN
za<n}Z^dR_#iL6lMV)08tub!6}!7tBgu}Okqx3x=Zj1lsvUbRyHcxg|xcK}Pkc!YcD
z*QST0VaViv$LnmG*nDr@K@$=hQE5}EnBd!adYCCch#xVIj_bIX>Bd-7gwlcPcCpU=
zYdDIX*46Y+8ed$O(;N0j1DdHzkJP7DV1lW8CauRfxrWP{B>qwY<~!dEy43P!Z~3*8
zgRV08yL#PgjgTYo#8fVU`5Txo>9v@KLFa#RPeGD<5hGdiC=RvY8b~dhc4TKy4!~on
zq`jAs-U>D~o1`{4VdzW9p>_5{P8&%JWq0|o+9dVUhT))5Z4J2KslkLrFc&iOUYg0V
zcq@LBQw;E8RdDrf&rTSY3!y<A)ws0dged(xo9~A_-Ln(O40A&NRHQco*{Q+Q)6GY}
zn9Jq4%?F8LH8P~;)WOMN$K@WjC8xheqnk|#KAn%p%ts6|&M%6oVr<xH0Kz~xNbYu6
z#Lz$jLUyX{4*@o<=XRfvLPJ~yaT5;<4?M+Q6eu4ZmuQmv%knd_Gxo)|AB_!_i@Ain
z5J1l>pfH~_Y1OErC%za979^t?;SYG~ashI1OkAZ_;B}tMjWczdpuc6{??;D|2JygY
zy_chg;a~sJ7M3Duuf447OjbSwhi10!-wk_3=Vki`ivh(jl~m7AN<~CO)T$S`t)v6n
z;t^&Pz-aOyNCo7ct!d46BQ(y;>h6Gn<Kq^!mX<*+>I!RQ)FO+<*M)q4RJ@K4E4Un)
z{9Ne?7|2wzYz*QF?Zi<o6V7V!n!FWT5E^TOQ-b%no|IU!1NFPj^m6UI(Bw^{mZE(q
zws5@1L{L|SoTmFo4a9<<Z6<0Io*Y1$GWbHY9F>GrUbB!Q#UOFOP`DJKOeFqid?gXf
z^!!5bF_6weYjSJl!22G?y2)0G7aYFuh{cvz+(G#@D43DG1%wcV+29BKHwAeEsa9AD
zOOg<Z6JOR~3nj;v_ll&h4BDjj<>5o%*Y?*3(IBrvnnPF^Im+DJHw8*mazE%t8K&?5
z%t6+m=@l}D09cW!;DMF}lneodh5`TI<Yb6Yr$Fih!kVGhOjvPyB1eZ)kOVeulT&1k
z=l6{*iF}&pOc@FKTI)SEQX5s8y@erEVCYV({(IsTAH<|MhL{Rdo4#y2#9Lkz{jskd
zsU6}Q>-T*)fPf?+EUM_Rkdr9cY?vqejMUf@<mIrDlU{<Q9EeUJhhoYvBM`h-LM>?n
z?s>zm>~fg7*nirSQ21nDyxv2U*cqj%9A}9eIw!LBRK1N7r}ccDm`~coF3yE1LU5g@
zO0P`&SCZeC5_6FOC)8diQICay0B_m{%EJilc6*9~oRI;Dxt2&weQ-tyIDmY?Xc!pg
z?xF2O66Y??!-^;1S%7_-a=vi%GOo$tKj|e*RiX=65q%w=<0Fnai6d?BQ*H|C@xwBC
zHY?-n3mZZ)6z-$cl(xuBIeGCY|C+i;x(t?;6X0})8A=si_691Cys&~;en>5G?V;iF
zov#$aB<)7aq??w5a!4uIB9Z)T!2V0=vs}=}BP=WJiXUactq|ihMs(kL(p^As1FI4>
z+%0oQU{Jg22N_kWGXs};IR1(&1hfo2!@%N5OO<E6Qh($Syj7Y19447BI>}na%}G^2
zC7!h5PCtdTiwcFM6Aly-W!S_*f`{U}>47#ZFU};hts~O*ErOfSAjA-{_4qfINiXpg
zmk6ca)up;gxtZVP?{VsuGU8f!l4|D=5Mm5vvJWCa$~{((J%-l9H}E+^-~bup+KU&h
zgOggFE;hu5Ut)nW7M~o_=Rg0>67*VV+YCk0Azmzle}|KhL&c1;%R<KRw<quw(BcH6
zJ)(VzpydC00?dhj$PZ&KN4;8a;_9y;<&c}8W5^Eq5%rA}q(+%3;`@evn#eXmCx&Tx
z6e(g|@sT}a3x%cUYlmzrg85Q$6xxLqg8Vm_arhS$a3EW6s3=*%7RAEqILHK)aOpc{
zBrl(QbW4JxNj9k47L=f{pv=rMZ!k}B=1R~BjXaz1QrQccS5Yy-cVwu^?5%H1ZT%@=
zjV)kXmge!qr@=fyg97m_c}<`J1X1)r0Aa+yV^T0qa>xrbR?<}QY!IJc8D=hZPf@h^
zb&r7aj)t{14+V6#iB~-vVHtt(6u0~%dx8n!Rm;sEM*e$?1$4i$JAPOeTxyGpp~wmM
ziU=@A^Z$vO++(kMVehGJoVmf!mbPA<%@w0?yPBdG``g4Q7T&p5sme!N+HDz$rY*W%
zC{IY#M`-TQuS_=n;Zr>4xq>AM2!K!qv)$sED>#CVJ1aw?RQ_N~fW=1XG^BvkRSlhg
zS>JU8rNdR;!LBqr<K$m1cEUSgB7nv!uL#-4K{|^|$Jk^%396#n7%lBiX$@OI4nP@^
z%W-DDUhSqr|5ST}WhC;dpWY73aV8_wNQV)37!Gs-V$<*SBw`p@$EZlk2`0IBvt<z#
zVFGt2GD-oaV9zU5mwh7SPz68AS-CX0sTYxKKFPrMu6W%km7M-PY9Ssw7LtflNNdDy
z+#2r2Ie7&miz$V-0_s9%#TimlizRj-x0nXJf{uLS?0sf_RT~c(dX=k%%iJt_+GXx=
zF*g%9@JfS7UIZHcxlWZZfcCopp@*eT6|Q=O=L;a<Fr+Xp7<}eFL7N0Ip%~&pVgP-`
z6W#vQDo<Q6+~YE0WhgS}V$J6FF!IS5#cE@HLJ=yCAcem31}S7|*UkWNih{^+dmxEe
zCZRtS8RS7a#SjZ3#3A_%-v=bG{Qzy+xKY~5ZH)f0NX=M32QFn7W-(fDcQhj!FG+}~
z^;f}IX@CPt1`WTI!~#>5w#<<{WX8!4$5;A8tp3~&&u(~Re$WJCPWMTP6<`s;fPOnb
zLg=4@V&YHaGpa8R>O^ypn;>D!N7qc@eU(&UIUqc)hxlCxSHKdpBISru)+EOwbxr_G
z487nmH%u3#EuP1)5_AIsO~3DceFWSUSd|Sq7*FgEH#kUulm>nfu=gYaWU`H6&Tfl}
zh%&h<j+P)PXe5x6++ExH4a5?BAg<hBibRqvN1_Q~fX+(3Bof3#(vl$9>mF;}0tGy!
z;OXR;nDSvwXcJ`^m0iI9cDuTgwY#-t*_g)ByK)*D)foR;oi$q1>jSb4AlyN*Y39+&
z<CY<c%nV#W$ZeBajluGui$}G0FQ?8cK&KQ~S5$D}rJ@c-YjrF=P15qfmAoE!URH^v
z0l#5TgVNb%Tc;|_KlUtQxI}JSS0Wt1gt?AiO?M>G1Z&4O#V5c>KNN%x;fm0DR1sQo
zZxLI=tkd|DI53bX5)@^SWRzwBmMBB8t{2J-REGc274SDGD^~3TRxAm!nt6}?uyAyf
zD^{X)d~r;GLmr8#AXJbX9%u1~^grPYjcRcNW5(p3CaX>zagcGXY*dk|Of+R8WeDMb
z<9x4yA!}tcLA6zOccoWtDI$ariz<n5vy3P;v@u4;qjLp4kUm{b05vOj1U4s_i-CAH
zegbmWM6B~^r_-b4L)o>STj@d(KsqL$cp;wY&5kzVNYbvP;T%97B!adHYU+$jGtx)|
z!=pT}zrw%~F0-i?oVj{liqq@+mj6l2o{xqVJL-+Gvdu7;!M`bW0r1p=XX9@<M}2dG
z;|s}&ftW#PZj<JB7?gV2%b2=2_jH7h=<f#d0bGEYU}a6n3ksh+dDi5Z+0G1dD83Xh
zgssp8LS~gj?h!IRM&!Wt<Ht-RWX&?4_2B3J{La9vK0I3hZWq+XBbzK|Mc)H>{iXh+
zdO5!Nd_smcNx3ce3`veVS7fjFbmg&Fd<=}<SM4P_%~;zA@NJRsgl8OBW?GcR&!Bb{
zlI9mZqiZCjs7W8m$OpECBJ8Z-nzgoP*l)F>tT9E%su)d)x}2>E@onB*yl_QfqGVpV
z()&^-a!u@Os`tFeCX#?sy>aEE#jDP@2=b#A+yPi<bPC<KW6o1l3`XKqxNKI``&{1b
z{-)qc(v>O2tc+b0b4-9XBoiV=d2`w6CSDDY>-|Ui60{>!`<Hps44qH5f(87lTVHrx
zD%JK!PIAQ_=It(4B*VHCq&pjAsTCa0&WlezZ5Y6JP!y^avY(*O=Vs4hz7mWsAq^j=
z3Jh0A8zD%k$)u=+u@y_w25rDt)A6)drf4$a5a4ho0&-hl;t>A1-a<50!U`w4BaPi%
zeMcddThZ#FvPGgxkQDjG&T(OJ@;FnuE*{)l|E^!JlU-@ky<}iBmB=hAnu}KVE<?|T
zd`OiEU{P2!=+gz~V^l6oVSGiuyr<%5jXmid^fiSQ6cF+VkjKTp>aY_$%lZ`s??N%W
zvS5aK%Jz17t)&Pf65}lrT(qt-zfi`D(3+H49JGv5cmMc>v@I$}EEPthRBp}ohVruM
zKEzrhS9WyhWrEUU=?aj2R1>#bXc@+1wXEz;UB~)3cvwKIA}C9X5K5VatHL6@Xf931
zUsrVEgtPE=k`GK=sDQQ<WyZo9WCIEk=#7w4lP~AM3$ih9Rd{!0Dsql|izlU<jiDF}
zA6Ea3!N-MhQo$UnK8(h~!M8Ns_;2K-vT`wux5Xg=ZB2094zp}`gCN)KqrkZ&-WVlM
z4$;fTD<+OFUl8OPF2(%IZx$NdwM+1ES<&hXjG<_x0IEgX@HDClSS=oKi*VXGxK}fi
z&4WO}>OU?i8l~*mCdgCokN9uOZzKE#pv0i>LA!V~^{2k=7(LqhXJjx6Vvreqlfs-;
zN}?iT&rv0%1s>610ivZyiwLg(0<!v=ekgJ9cjM1DlaO!V-xO2|J6WG3u_o<-idU>Z
zkLUA<#9A7DjC3jM@#RS(h0eZ97m^Qu>uhx(FQT8D7|5>WHU#9L@U&xTf5`k*Voyit
z+WgcrpQOLFuq^{Lyk?9tL_E@-@J33ywvwi#sl+#CwNz7nm(E5oVoYL!FoRwP4MW<K
zW3uE*VKZxtPY%YZ#z=SjJ9fUJ(8=q8E2$EvcwSc=9v&`rF5AH+Kx<omMxg>^mh*yo
zr9nb3M|e}5lTwV&i_+;-;<q0S535;qaxf;f0E6@hPPg7XPV&wkO5_I_!U)A{sa=(s
zQI}<VLf#y%D$~~^T1YWJttuzJK1Ay#&lUr$v_taNF&vN{IMa;)!dHZ2TO&bV-!q`n
zpfGXtBXnP$-eur`CLh)nv-P_6Wk`}!2sebdA|AbXpHE>{Lj``72{Y=!*ctY5sSYu5
zy|mm&7A<Vm4;tEy*C~0U7hv=s8b#YwHqj)za(I0#da*8+B^4nf(+K9pv~-^XzflGY
zLs1c;HLwRzr{$#b3n%|AGge_11-ZhgPVe{9ED>-7l_0zb_vd6cJSagJot$HEVu6>f
zGSNJC7J-j(-=iAvVfjDUdlPTzPK$V(Bjk`u$s@AiuV!Rfgf5<aP<Padg^>^T683G~
z#>*VUc)(8zINY?xz``-gxON3Z%xM#ZltfqVufVnk|K{VvL31wb>|mS8c9h}Vj`vlL
z0&E3bJ)&wNzH0g&4F>g}2NnaMkW_4U*O+3A+F6Qbb4G)xVpk-<h_P6aoJSqkG|<sp
z&DB*$!t@G=8<9VtE|{pYaiG1j3TypjkY-RzKVM{CI2kDwO<%$ZZk+l+U71t&a=0ut
zE9BVQ;L{ZHFoitjYiEOiMuo!r!8*CDt?>L^2{cDOqj=GjFATP<U)8Wz9n5E(Pjskh
zAQV5OZf+FDGl21c=`iWu5p#LD4Mpgch;6z|lEGWyP6Q?)>NOlfWDoE!Pp~P2?bo@7
zFuoPpK&X-1lyPaQPq@?-)_hHGs%;itH8##rr0~UzJc<Sx<zwFXVvmB0efYLqFES+y
zG)~X@7;&&$$g$mCW?N!AHDDcxf8$)L>>{egzn~M4>kF|F*F~zc3w8H?sbD)ObS$N9
zfCLB(L3P3f6BV&oH}iw>m@CvtAnp8JBE)(t{63!DAA+@e$zBE%umOG2JJUw|D1>GL
zNW!57)Ye%zrUE@jitkc?ZY4FaR6BD_$p@PJ?nA+2J6D+<P?obidg@R-&vJP)5q6+K
z`tdS%Ds=gwcn926yRzsoH*KWh>`yNo8ss0FmPHRW3=U#7AKj_PniycK=l6G1qtvk_
zn}6=^nHnrF&8@|tKk<a)Q~|Rq&=I@g7S|yt{TpW<AQP`Y8)u>1jM%1)yOBM5V_GFr
zOD@<l4?-GANNlhoqQ2CfP2^?-n>nEzfx2QzNoyH}Cd!UY!G|O=x4Pggyv-XD@t|gw
z?)sc2CiwQv^m}Jf;%4flu6eMQbjqEeN9&-;KAKjiB!CRupOe^#O-{)5iCPsW?=wDE
z5Ue3mY!c}S-qC@<Tt{92VK}D!rh-+#J$^VMoIq7Z0<PFFT}o*`<O!xi#3bliDDj+a
zG7nmgPkPd47skPhUMBNo<$pWf%b)RTV~!}uC|w)w(Uc(HUT60<rVhXGMaL7~J(n&I
zHl)^_YM^Vu>j#pXgR!(7vZI96$Z1{*OB{ybm@}*6zzdpm5!^=d)bnFTSE^YI1RykY
ze-i^F$HnuN>jw}?n}w3Kl}WwxFc3pZz{RMI?G{vB(2dVo<f6a?<{`~wWB`bfQnfJQ
z;LxZCS6`0?xtb)c12=)nv3$|lc5+iq{<hZMdv3|gs4rHz=m;V|qm3(cS_&V(bIdOz
z!`>1;YGK&5mNc_?^2iW#)KMi-I2(qHNtrM;LYHiED~J>45X&_DGdXM01TToWw2z|;
zNbxCDY%-EX2#%eUV1e@+B85$>fln=Iw;^udXXW^FK;2oXG`GnB@p*7aDwfcdlF|1m
zKdmR9;iiFR=UU3BF(dRRE<J{jNTx<5P6GB4mPDI(dU={EvEgX#wFvEw{wU03wMdDd
zA=fbOOCG%^g|ZQ@Sy*tNL7K9hZPJtZx7whe*u{7O-yCW=P@kdZ(ET7Wwq$;Ux&ui7
zUOP}%TZ&6=4r#|UE@-iNRP;S4A;iHGpv+D#iREn-O~l<0rpBR-9u>@frhdHeff5ao
zAmveNO#l8vZXX~iBy-BbhCESPMcc$W4|1H=>%mi|w%EFLKw#C$bA$I)AwuiK;f18+
z{J&ygN4e@l>WeeEw3rbMj}uv&AlJId9x{b1Kr&(hdQ@__c@1s~nVAZi$goxvjaC;g
z!-#S2lnj3_y>ydhBj#KPMB}o9j3pB2I<PA>cLvz77_wM$e}2O{FPNxgZX(#LkRX^E
zF@k4`wOlEeY}7Dl2rCJ9l1P;-U5u{duI&@ph{k8!RgG*cVdCMS_%`%YkuD4BXV8g~
z{8GZkP#tEab=`yu*gFh{W+J+}DX}^!veQSg)nJ&?2vvF6er)kqh5i|Y3>@T-5N+l-
z`EWFacz*9rR>vIzp<+7b$p4UNn|b!r9H~8~R3MQ~?IC6?m$jI1tA6m97LjmBwbp<;
zAS2yBI4E%SO9TYDQH-<ns=5!B{^GaFVITdJI)UA4Rcy#U@SlY@nBZNhz4?|DC_o2w
zTSjAr8|=bjK7?e!1_@();s41G21?PTN8Nd9Ll}mj6e11LsK;Sb3C8F&Me;uwL1^$8
z!1q%s>2A+lHm4R~(}d+8wP5MNHgxD9qc7$jmZ<evD>3L-=4-U+S!+@yzD$G3s}e&R
z#|GB-k%{?n8m}~{D1~<{ti0-v#hTM^c!GC?`8vM#kuS#*!+YI^NoSklS$6F7BMGR8
zd{2>pAm*r_!avtRaI77i+2f)^twO#A`z0G@HPxOZ7938{92=^IHIohFlaKR$wu8kb
z@T*MgmN8W*;i^``*^y8KQjJl`EK==eLW`X$(}TNTkXD>6D;WBcpZfj8SI5;?F%bJ`
zO)bV?18MF<qC=L72DXwt{%iYfsQAo>s{NP6ENwk+BC0*Q)ezN*ewdZ~k*3;zgLef{
zkHA_0lWNEUoi9R+4LMN2HGIa4;z_1X9-ZbphU{UK(j5L`Ji|x$17jXS|Dgb#elM)Q
zqG_ztNgPGS!leNh(O^DuinMNBG`nzi+*VI6ZH7ypnU=jXLdXCl(^Ta&p}=5Dy@=tI
zjA>n;7EX`(Z&ID6foL9PkifsHrGy03mTF^WR?&m4*|P;cf{Y9N%7C-;eX1fSf%GrQ
z7sJroBb$`NrBl!RrUE%w^M6P&hn^PyoaR@P4?IfpF6W>~lx}}xL&4%gPW7tr2M%oE
zw<;*nKen%E5Hg)?l>(Xl*4vcdqH*J855;u%!Vc#wFG98@5bhSBKG<S}`+9;OP_S1u
zKO&WSsZ*doP4IvX*Xrpy6!8aWRyDGo^VXJ`Em07H9>iJh?ng#aIaS)f-R+$0^vuDi
z2zw}rK`);XeMn3wcSg&1t0+}yBId7`m0)!Pf|KBoDO1@`wt$%@23*~IJ^-&N8k$Qp
zz}S!KP1+^Jv~U6U(g(H&6ALdZ?9gaZ!Z{%yOniafNOVfI)vZt)N&81eu9L8TUyfX;
zLkbrkxJ4PIEWQ*~0W;C5?fwT-K&-#Q|CR%g-V;RMYc4<p0(dUW7cnLviUM*6g@FMT
zC^BF^>bIlRD8^kekAyV^dKyQH5=0tSIAQ09b^4yEZJG?Z4!#?vam^&M2!u&VP7F+w
zc4(Xt>~MrSpyp>*mc_{dB#o`BX>L&of`RQNWH7171Q-&7!MdU%kOLHoA<Z!Gm<4W^
z9fPUGrd7q#m9A-n*Pxq-XFU;}fC>DM=3J2Au}8TI5x-)%n}J&JFh&*%j50s57OR*>
z(UZhP66hM>CLcZrP!sPYJf*WZ4GKOYso({@SPi04dF9adQc`R*iiGzZ;~G1p4hx5-
zkC*e|yPOg@*M)jEF<VAzfhrdbGd9t=#q35LE2*I?u|_tluS=lktsIMy^oeE2V7$Sv
zwH=FLOdEdYFaUJ$V1n%!<B2;N!~cRX0izfJ+V{l(HdqE`L2y8b0JB6w6et)v5GDZ=
znE;m6OB(F{^8TX$(?01bN&<MQAOxuXFb<U=ns4VxIXu}@VOSh|eiSFPst#*<^tt83
z$QVDwuIBjP#3W$G>)}-_k%%MS=n{t#_}flb-*yuV-85ZN`XJBd&>``6Vc}!od&hC$
z0kcL}kpK@zpxiAs!B7X)8iFDK{Dh2xk|9f8B#5f#xL6(!q_qaFt=j{vibHQmE8Bo}
zdw7WBl1bObF_p%qYGEL9zz|hdG-E1o>^@~eX`mw2K+^0PK7hw*Env%6<Ol(9z(Xyu
z8K=NfXzYs86pVfIP$=jnAGXrgJ>8=+tW?oeS=DsQ9@@6UXnq`kAYtr)hcgC9Xb-_O
zIzDIt*8)NS2S^z2V{QOgRvZa7W0q&Lf$!Ku&j$!SFo(LSZsSY>+Y=&cj458)`-XQB
z$0YP~tP#=~lT=<3*9>VW>FAAumjV|Z9R0#uvFAC__IN(txo(qnMVw(_8DeH(|6alp
zbm3KAZoo@;L2xb23jDk<!8`L5MU++3Vjz65m*521uAl$`m@~4mAlx<q7-4OwI~ood
z3$REe2*7Ltw<5(xy{@HLhBodG*^X=X2bLnLTZ-Pd44`R*F}Si_KgH^Ca!NZy2M=J)
z(gM7)EKdBSB-Pl?7Ne0H1s~c3B2Z6H*4_M1!Q6^7iEUHsb?IR16Ndai7i%Q{<hNmA
z9MvvnX(XAZ3H~;=tQodyYYGs+@oZ38p^rX~=SyS8M!*vetlt^{YY2dDfHc4-UMLLu
zZco!y@MBD)-y7P}L<fh~8jG4_%iE?t5>-_eR`ii!2NV=OIWY$QMNu;=3#fvcx@p7a
z)#0?Rx@7=5ag_^?)1i@@CsQaJI<z@*-nHJA8s-2eFycY(8UR%tyMW*cWPt?ZI3cyO
z!4rw-GF1iR=LOgwrXa4tbPgy!$KEzZJ0>!LVY2Z^P#xKnb-}TPktxWMF<uLpB!Q&t
z47bNyebd%O-PN^`zAkIq<I&1Mlo?pZz{mjG6fFUG`yjBtX@HX~0XZtG%uoE9lhJbI
z;1v$RNFabqBTG+&h)=93X;uXd+p-Gkx&u;VSb&vN&6W~kYKG*W7bEH^M&uMKh6G0y
zP;t;R92e_|L!0VgC=Tk24l{NP8vue~8S0M1?7^zJtW1WY<XW03PsFVi&GMDeK-5*K
z*IQIB4K@aX?!Y&K)EB#=JeHBEL{E;gvYHQ(YT73&M@9RPWN5jX;YxK~w*v#4nY!rg
zl;pJM9e#clHm_Gr7^GDycE)EBP#a=~_+Cc<2pCt56*;0JE9yqVWB@2xU5z;;L?VQ7
zY<qwXFyN1wkU)$uEfNU!Kvw}E$UuR~sv`6RP?a0vcqGc+M35&FeN!;5I=U{7C;GN5
zY<9cA4cik*U+#4`hhtHd^!15u3yvEn9GW;q%lXLHHr4NF*h$|sN7e1zP5N4v?4_BT
z9iIJ|^FMGv%=ib|9Q<OyjDkicb!6r`&u~!VXU=_WkJ|Ct!UqtJgr=upz8eGCDu_S$
zz9<B7Z)B=#hA^It^x^h$*WBLR*bw?cPZ3RhIJ8zbh0&I<xVSb_N8PQfg1)U9!?D!g
z>MzLKf~<FefRoX11Onp6Sv!G;92QJi;&=^2A!U;C%GUBU?>DCqymT~=(`lYTpAZ2e
z&0pu_u=9+X+Owug7b%e$6xzdvusAd9ly|658!*-Y8JL(9gDBEa=Y@V8dI~sy6VZ18
z21mdajBN}D>c+UYBd(4m)!6LqjC$MGuWR0Tdti=r@!jFtTU*j#Yh&k)D=Rw^sJ;oP
z{=wG54j2`~87pITQ^H&y`Z{^ho-~Wo21rj?8hVM~AOKS*yxMKPen#{7*r|Cf4&s1z
z2z4{Nhx>sJ4j!f8BbLo!4io^Oh8zyYAAIc~<b!bFw;E^*Q*c04%-)27<9GmNd|^aM
zJgn_t_GscdqrM&nT_%ew>XqKsWNEn5J9l}o`Od~hcciQ0SRXD4SFT^*P`Yn)ZCMzs
z^dxm>Fx=>$>-9iVhW3`>?tqtIXeJiP`Pc+I?;oeeSwLwG1k9;Wn?^6yjqB4&LCl)L
zTxjJjaEF_Diasxnpy_TjuN$>rO1;)rW|#<nQqp~K5`jw>#!VA4IE9!NS7Y$~4S+Rp
zp;KU*F1mCPx;o;>G)G2HP`pTAH<!12qu%=Z*4py+`IYTK|H9&0Z%0|!+`e{seQD!L
zU+ORJtnExT#pTJ>3%%aX`bM|6w0eHHX|bJ6dvjfOw7!cagM!o$z^1#kD7%rTO`L=>
zTyx{!OjYI+SNV`Xr*c8bXB~d#1D6f{@{;jfNCDQ2f)5sTa9O4rVTo!IMsk2vfINnX
z(O@iPRV2@K1Os%OJ?QNi%%|F>AacWT;F?1Vq<jk=cQ?kDudZKTSvddJ#<HYq!<7x#
z`kkfW_4C)yZuh&}19do(HYekqt&P={#nttd<)!ZG`g(V$+Ui($c62N)_i-po#5usG
z*&8-CXn>6Z9Y_0)bHrVT&)k}`c=KP$qk+^u2uKj8fD(mJHcF@FjiW$2vuL_QfCCHz
zCp$zwfHl=uv0woSVA8}wY;aUShdb89+}TF_zoFvt1K;uO*kgc!JV#L{OQI|aS9?3>
zmp89=uU%eRR~BABD=KWKe|_=l)|HiQdExTq%`4j%yK9$wgDY!`Z!f-a?aK02e`8e|
z%jWocSJs&^wmqCmLU9s|;GnI?*@0<-b~eo$t8k+1%KGG@rQ>llG>H=dquF7E0vxAm
zt%K9pR16jKG%$`J!K7Cjq8~;m$P3X%Qsy7a&lO*oI0LZm%7)hK+nDnYz_s(h5=LWZ
z>_^e^%5py#Z7}`n)wh>^`1%jdZ(d(sz4|*>HkOo&7v5Odyt;CE@!f?hi<=iOUF$EM
z?_XcKy1cQovDKT%>!Wp0dZWpLXbe2v38?m&YCS2PMajy{&?3MEyvxNYn<@M4Xyuao
zKxG}bwZE)HxC?t~cleA_lo%=vIX!Ew;u8r<YX3&C7kNzbF=z!cz?143=7T^rh+|`D
zcDq}f8=@M>ZXmHS)^d7*6zS^rWLq)~Z6IjpH%4pyi*GG0uIx-U*1o&_+ZSG2TkgMo
z{_^763+FDs{X6F_zWX<quCFdHEH5prZuNGqcZZXSxDBs0Hii=TM^qfu>^~2S^OPl6
zet-pe$>*rHtFByL*$Vp|w_1?S<RE=tSWXcN9e!NPw8cL(^p_vfP3LssJjSA+dW0+m
zpInL)70W)`J``-q2l)>iZAVkob$J_wUkv==KpWVWFZ;T_Iaps_SlR4q+WPf{>%!*3
z`E!@fzP5P%(zT6qzjxuS)!w_`xpMW|*|X<fd-JW83qLr2;oP-%&Yk<-^{t)mVt-))
zG1Brt-sn*|9d?|CNjmQ(!?|5Jd?#11{JLt2eMtB7@v;2ik%s+CnoNlks2T5o%#sey
z^Tg1911HLMa9@r`wdOQ#!zzrXq+;yGsSbW%$k$JG0cIMCqao9DO<EU_K_$nV3|U{2
z28QfOjxii=beE;&x3*<_YxDZ$!Q#0KZ+!P$_rhzJ&Ypkmjmy_oubesiyYH^O_12lQ
zYrVy@-`_fS@!G<h>sQv^U0PY|ZA^s8`tpuE>MFJqV}lWL0D0gAO-jOyfQ1!WamH8A
z&)7Oq0(|Gu{>P0yfNwAw0um6Xo%VRowpG^2%BEt-Mupl8=HaQo&<ztEY+D=`G^Y&*
zby$WnVZ%Ys*qBJb`${N_o<Fg6ELGVYjs$B{Te#A{GI@9D((CKSio9{*((;w>zO%S+
z?r**Q{nwX%`}Ip(=gz<T!wZ883va#k?uBdD-u$hNiyQr|vzLV4`NfsR?r3>k?aB)S
zQ<;czgg`{4DG*t1@qTc-!bV{1SDK$ES~%4g3D818##w<hpqZ$m+u`tspH0^YK1LMy
z#I2GV&8RLqcW?w&l3{5xwZ-#XTAnHb8=6LMdtDyuff7ls2j;*5M;54Jk9L+8)U7jT
z&s{x#?(7+J>H6l@ch9`}#>Fd_&i>$yf9veI%kQoXCvToxTDo}k%#|Np`u>|+>kGZL
z<u`ib;<&$ZW^JXfC`R8lFN|yra1j*~kPgrhee!NV;`@1pGuE@V0Js@5N-M9Lt*?;}
zN(}GdygzB&VKft@9oWhvUl`Wrvzcfpr^Txgz$E~m4;#evv}orw<r;u8!`SI=im3ZS
z$#oo~=envaUG0t6FOM!Q>WjboTfe`sFcjB?oz)BPT>0VKXV>0czWDZk>u>$ruV3!2
zFRcJ991J#guAEuAa_(AB8=bpw_4>fH$Gz@OZ?dg#+k(9%1^T6lonSIH!GRJqN5|qr
zft(Bn*JIe9=E-1jV@WMQ{79?T2V^G-pp0plT4^O-r`>)&QVab{o6lq|`GC4+BtyXm
z86-IMCRMW{Y$`Oe!1r8hXREuh9^j0RF&lxxVr+Y<+nb0Nm)?By!sN_5@2(BU-O*(2
z_g`DO^!9~?l{enGa`v^?Uw`fO?~89PUs=`%8>@qz?$Y(`ZD5VTxZ9tI*Ce(nY!78i
zHGOwDQUkU=u(64*DaRxvo;S59uo!@~c@x*JQ5JaQ<HQ*(PrwlBLShZDVo@ir_^f+A
zx|PBTm~!W|wSY^Sp-hPRbex5S%~)B(|KJ`=u;v|kbFyhilQA0tVqYC!9@uOkch6l?
zE}eaI{f$dt*UpUISTnXSt)4&gTUXDXeeKParE_mxxpt|yeeL>{Wozk7A3)#Q*5dWG
z&7JOKX+;!zt126)Bi&_!WP7ITha=I!xdAu~sVP}&T3e{735SI@)M&<~GoH;ptpb{1
z%v|7Y<`;R~X`J9w#-Gk#K=qFN50Kv=mmj{M_Du~?LSf#FEVIlwkVdAqzATBZ?+#dB
z8&0}w8^S7hH`{B!we;@qURwSB)ul7%mo6_{7_DF0xcr+JU%PPW+@<sK%EqEJ5R{ef
zbzNAyw6%EU%GJfS<)y1<FOD=*RL8@Sh*Md?tcKK=FBzgaWIhkW@Q^qq26BoCIP+v_
z)yBWd_Uw_mF#vN+3}O%i#j+r?(oS0%#?7D$;*S6qH3Uv#%XsT<K_!4x?`UXh2Efpy
zd3Z(S1z_prRbj#Of)OB9!CJc7U%R-mwDQA+3*UM3%9(55f9I|5T>#tuy{qqD+W6tQ
zv#<T`g$wWg@Y1!VmG#%xCVo%e*zPWzUw>!u!rR*`gZ|oNrN7qg_6OkfXrd6<6KRCy
zah~ORfhc%<U;=TwSri-%R~A()Q0}IvS`~;Yps41nj!TXJ%edw)aS<^$H9Jin07K&#
zTemUrt7kOOENzP6Q-h`x@yHPBAaIPyNh&lz{9|ofn+#;|&jWj?_r;B^?&j64txH$G
z^V{EfWAW12<;^Qsch3CIwI7_jes<~mKRk2h%^#e*`1U*JUi<yC8|S*V(KoIvUU_Tj
z%F_AO>%)ze9YGaWH;0lSNWIO~i8*#Wt!wP8YqlSBcT8&%WTgKoDU{R5M1FD{mw<w&
zcUtE@nwR?UU_jgs^anzesWtEo5&^~&9}dn~%Q5N~YglrZWSE3DH0(^nC^W@{aqv;3
zrQ8IBq3m0_zCKhL4a4#6?r`b)N^kk<!f(9wZ~fryrSHG<g9}URec|%kOW(P6>Fl}h
zT>in^Z~dJsD_8&a_kQz@%a?m%Kar&?=g(YP+`QJiytCe0+3DF6V>H%Aqt)K>qAZSp
zCssE%N3yQ^&f3yM3z~AIoCj>_6!NkeC`bXal7rpadFh;uxf{@&xPm+bm@VwI%#U$$
z%={VH?*Mo|!os#fL!=*3RSNb(V7Ubbz9J4ofdIZ}IUA!%fPpZDh1!+w#jOiV-+lM>
zt8cvi#`dMxE}dD%fX2#|tFLW-_srQh-uk`QFMj9j)i=NYH!fXW>FWAgv@*Q7_SX5;
z-s;*&-&!9HY>!QtJ?yOt7YA!A3KNydWV|j-CM<AF)A7@MuK##LGv#h@Fa+hZ3TpL$
z^_ER~>qPcB62Pt(R#P=t5i+mCLqNRh1q8~#KKu-D1|~j|oMyyCn4QkBLmCT#!55Cx
z%qD~w1(U$*O$0YmV`->eSq(?mufFlt)vKG=t}QGLFP}TNc&P`@&FY2gtJg+bTbF<P
z^*4Th>*CVJYk&KljmvARwlY#j%hxVmS=i|<3mfa}Yu$k?E1@^(i(Okjzr2V|QlhxB
zp)m{F%LHn7rP(}9UeInvM`HoELvs>KI#-oB&OF0ArvQaS9gY}EoXwJ?9g2NaG*`;P
z!Hzl>zF;jopxRhhW2($GQ32vW4=upjbtxnil%~M<-p=X@27mk=MHmf~aCG(ThQx*|
zJ0gI;^IK;&H;wiFvb8lh<1Al&^Nn}c{?5j^!E5Ih&s|*G*svsTX(W%%zkOj{8n1~x
zRk@}I+g1{ps;p~U8#=QlI`-5lYTsj6=N@Z*7#nFaCxFGvn&wkB3O?Jfo*%M%Vg#F0
zYw@H-oInh^40K$FCy7agfC9)gO8MYGSS-&_um^)WGSgI7Vrr3>1!0^Z3bJs7gfK7^
zO;G|#-58FyS4Q^r>zX6JvwZfq`)99Q8L4Ya-JvC|Ioj3rZU6Gt<ttm4t{AIZt8cyY
z+O@N9n9P(fzVpM)rQWJIxC|erDQ4g$Sog#n*U~47tTHc-W69N75b`mM1{y*vZ^of`
z?a7%)0EduilGE6NQ<Xm42_hRnX%ASkp2c~h_^Il4@Dr%~-=g?#s$ujV+Zt3A%lZY;
z4e%H0aU_YD6aeV&2GpjH6T;Zo7;J`$G6`*^+gn(E=hC_+ytDJ>wb!q{`PR9!>)t|d
zvJ)raWMSI~V~N@J$kNB#()a%6>(?hgSX<Jq<sUA;eSM^?ZCZ|Ck2dU>4g@F)H}+iM
zdqZ<@0(%l+tArH$k;Y9?0Hzo#fSQQDLruRpcowJkl^ohNCrvcW&!c|LndO-xVQf<f
z{7%`7WJQP11dXqO%=<!s#ib(1+}M>OCDBrNwPRtQNicF;6{m(`3vx2<$*SiIL*4VV
zp*&f9cVjeOeDj^fH-BsCZ(RDpq8Rm-l!+qPLbn_0BWbv_y0-ZCnKyfD@4mS{SXk3i
zXY$Ty^XmADV5ISotxqyu-vD=M0;~Ih?F!5T8N@+7%$I#3Y_oKHG=@2k-JtuLCmbU2
zx#LZ$s|kg25`e3~s%E5WmPB!cR=`H+XIVxJA|_)87q)SMg?D{SQsc-fu!!*c^#IFa
zJlDe!xo8$LZK$he==rAEH#hY4t815+R<_sQ{QhtJH-7uIzjfwpPt%6Iu@%WdPd5{3
zXLW7m+NGt1rSs~_wR1b$jz7vxK^qy0-HUbKQ6#CDo2|-DJkth0zzG!aKD;D!7-pK#
z1k>Q;c6=UTzn0-CiQOD3$p-?QN({B9GnPEziwV74$AAdtP%yhmlUb1a0e1?rAdV*v
zcAdId1dxcjrC55Rg~2F{3!Fh<q&dJ~OV+%=apckFdG+$Oh2J>4{Cj8q_V<4K2d{T7
zt!^$Fp*zmgAhvc`4$`6x7Pq&18`5NDX>EN=mj<fT-&)+1Jlim~!>r1uCs$o2#@O_1
zhI6=aMj6&5au{qEsh%|Uub|_r_)_Tvy{cvUMg#DJ%~}Fr5)eDSavZIO<C^iDA<84-
z<ST52*5XL?7#69pk>hw1+i<BwX<{jkBSn(r_(_tNyg^KMb#Ft8gK#($ddpUCeerkC
zo&C+<|K7W2{_Vf<-#oXpu_owo!Gf`(>Ize~2Lo|ydtDHNjm5>u;CecVtbx|+b;slN
z$VrQGIzPFOlK`}}&iqNx$0#&lv#^<%R)Qe#A|6!VIoI_L1px9B?9&k7bXu5aJ{{g|
zVPXMM)}el23VvesUFxPW`1DlMF}6m|*tWYajr$at>A0a93APvER4jDKti-hAK#9D*
zu(GzgeSP?M{?=Q+bN<ZLi)WVJ{=MG?o34NxpJmkdzRe;<RrJY77vqJMjV*I=)A53(
z{>T*9EJ@Fh`P-A~`TS}dw!1J4%g2%!Y!b+l0-i|9DoIWb)u|loBm>BJu}dpOCrGeW
zg1ksPZ_b^;E$@(Kw5i4ci~j)utC9d-m~9O~H<*UG>0lLT9GmLU3$z4yI#B7H5T{79
z0Mp{3Kel^ogN5~r-#K^j!o`*C%h#{2y#4OtXiM$Kt_jLgjkN%z$8s%eY$cMkJYo|u
z7)YMn+woQ1#tyrpp1wqY*$eDTc3h9Sw&mc6c38bMbc3w5@Z12R0kG-JS&I9SrfUQr
zef%Z@P_~+&Y<UCgeKT3?)Yvj^(&$Z^1);@i;4|AWO)TWm^ueYTCUN8`OqNVghg#rC
z49kyAY7p^^B#QdxilJ=}mwxbD@4nMp8R+uXns{dU+V;S};%=H13?3B@e2HXFO9fMR
z28M2Lx!tbGB0QFmBGc36<gU6t*gu@z+WX5iQaxAfI?MoN7+J9<*Z{+lg6}IHn?hC1
z&DmwRRu3Ite!e!Xv}_mMfFP=gqre~zMoT27QH2O1h$N!YXY6P99I(F@mbdj4xXd7S
z?EviDXomp-M8WnGl%E2RPb$*b4@X;rq2J$r=Z&l1`>o6UtLNVO!4iAD+Z}Wz*tRrp
zrbp38vpkM<$7JEyDu=4t8z|VkFm1;+@~id^_xA9li=QWG{DzyBs_Cv|IYE|1O~`}C
z{BqvgQSuhDW`T3>r!HFsP&Nrcel9fzO3+o#B14xuF0V1mGYt4AnB5OT*BR(03W2GQ
z2a4%MZZO7jr?DLa2M8lCCH;Y&Iyu+?Nu4Z4%lfq|o1^77zWds1*WY~e`dGcZ&HQG(
z)d@_+iuOG6CSg`GKelugIJ$mm`E`Bks6F!Ss0zkHFkF{ZW7`faBL%cVc8sV1JBoE;
z@W>4Ow4j4ITJeARB+{B^h3YcqCsP(xfs-*asc*6l!D$=oi$T+=)VLJ+L)`#9Xgj*n
zA8ujEsyNtE!70%LO>+lcf>YYzb(#kLLFmN;mIfQ@JL<yug}?dzAN;p}^Yz86*ZT@<
z6UgPMjx_4NF#$?X!5d8iH%O~`zWn<57qi*PjQd~Qs<2hgpNu36Tg_Z7edeE%^EzIF
zOdtWV?|8sst@@iMLr*kcQy_?85k$#+J2dPZt>^&6f}oA2C7K$=fZR+AkA7#SIvK6Y
zRuD}LSr)V{*~M8e0BopGR${K?Mc$T?D!TWUATON%;kn=Z{%?Not+zHddPWwe?MY`}
zzMAK-inFd*yZcX`otkp}$H(wv#j(K)7DoyIV(`OwNr*E~f8lwK;MbY4uXrA4lb1@N
zxEi2WF;as#2A&^FiJmW3x1<UXprXin!MngP4x)mSi^><(Z+BA^z-Nm*guIfj+G9}=
z*iKwzDo%F=*L^IjeQmftSzI4<um9HT-~0VH-&`CBh7;jb`{MNKPv0BSpppHuZ1(@?
z==2dc`%^p73*Uy-F<Bh2iR&g9t)o*^?76jbz>Nt+pXOvGEeecF*82bafId3MD{jIe
zSp7i*_lnG=h>(LPfFe4|Xu47u#-i)_z;l6Ps^Um6-7vKDuC3^r>AC}TU5!hc3W}q_
zU3J;ASKneQOF#VmH{W{w2fzJ;#jTAIqhkc->pz7?rp;k-4xd#{dY_R9eDQpjDQ57q
zKnZdq)J<(i@xu&DA9;^2mM_(GmS1Z4PU9Za2&@yXC+%OxC-$$U08aeKVmUU<)lTi<
z3^8z!3nBq%^*ByMZxZ-oU|W54eIQs9VD!GKbU|kb1FYH$aA-&DivXMYgHf_}ez7;c
zc;PpHWAW^zH{V{ou3#Z21ukFS{OOmj2J_JAl~49wKJWBq1s{>*`hT^104%G@iWw!?
zDr{+3<Y%QBkMH3y`z%w9tg<o_!$JJiE{BR?n(`QrAK+C26Hu(AFkt7Tfon|U4h0V?
zKAfAX!mt?(8@eT%8ImYXM8zE0o?vgw+K$5<Q`?li*v!*V7TnNSPt0_1_T1aO@$l@K
zt1IVz<9lZp2YN_e*$D%D#roT0dx#I}XZv3mZd%b$Mi0pHi_{b)!D0zDKxKtv=7y#s
z2%Za6QR2uzt_A2^>oy?FUop3kB_6j}zz0bT{5Xc^3jhu2>@swSvHUidgGd%Z37XsD
zc(^93`i|zgV_DmF!97#ArJe(zOvizrac{xT-HR*NE?m5@c47VeJ8yNbt}JhfG~K8?
zU7^Yk(RRPI`V-?1|Gq$g8l&=+xx2r6bo6)Gw&L1Rj1|CzW#btpxn<yyw(Uaa=wQBR
z%L1$lm>sp?l&l|*jo`qnO!s?&&c-qoN|rUv#xil#aAp|*TVtGZYa65fNLExymPg)5
z(M@}(sd`tH?SSIMSq?5^5N+?MKYabnTjyRsbMfz7+SE<Y_Y*2A#RB!>ga9<8y**R@
zrNy_$*SstO`)+9f`v22^=lM_nUb*{AOJlYhMZ86me|B2XNmL~8IJIjY0OzNZax;@r
zNpUj*34x-MXH{vqjvyNTj?%$VIgCyz!u8{^E_qIeV|dKc<Z*WdoG(kFZLe#9<K<Nu
zv_6Xs6d1!WM+>3d{h`=hUOM;oyI0mX&n;cQBr=?t8lfwbH#~`_hdT4qy_<6jnsuji
zYEg<u_kH1{hocH~lD@n9v*%U$AMgHeb;q@B9IBXUsgVHkL0=&P*PuYf1`x>szPIa_
zP|(Xd2oq(fBS44vBU{(q$kaPNHbs`abF}2+lFJO&@40NK2x9?6zz{~twk~S6xw#_h
zh=^2hC789N^#-1}cJ_St%<qE_c<sBFubo{P_U(w5&{MV!KzHqybfgQ-Xraq}Y2%R!
zH9yb(Wgd7A@BhaKyFdGPfAP=r=YM8<-pF!CSSXIulhCQn%49rA3f{_!UH^H(F<&G2
zWh?(=33)q74Fs#KppWevNu=@u35SnM!Z|VcxqvMNCJL_I*Azv=dFMa}U66ZQlm4b{
zj~I&peN5E8ytE3OwE4p`m*4sBn~O`ARxg~nykZA5($u%G&jPhF;%*!e7^il{4<mBP
z=i$c|H|IAZInpl>;OVq_2BNV4`R?v7f4Q%E0R!*Mjmc}%v4k5dxRW?5dAAFV6L>ic
zeqw#e_|h`zq{Z0u6O9GhxWf-jsVS*UHDLufIeF+}Kw#*Yc<N18R)vu$D}pMoE^b+-
z3qoEMAQ{T!^2jmF<*hg0e(QTHmoHvD_r`aAusOu}J~&CEplJ&zo;Yg}a0RB7?Xt1|
z&C#9pDNaa_zHspOt?6ID*WxdM3jg%)Noo*!hU$3Oq=g<Pcv?UKI$#3y7u7}^ae~QV
zR)Al~>T0eO@PzUy&zHluHjcPWRZ%lyumU(spF?Uq$g(uSNzwrO0ur)q*EUpTb5l~b
zhC^7sAc*7fCeRMnZz;^M^bNt*hTGlCYgf-+9iG4V&ZX~fZa74MOh?ROQENtF#DS=r
zvZMq!c#bq8sr}{@Yfg>&*^?(PuYdRH5t_!&fdDUd|D>yom=E&Uw++Q~)ldRhfa6g?
zQD$~#=AiUTGm7%Ei3&AH*lmbV)y;Xu82=6B*mun?7D&`hvjm-(fKwuI;#rIX-dx8K
zCi>=BoCsU;cyW0{6~>dv(6-z-2M0P)1?Kh!6Y2V<y#9M{zICa)cxC0gm#!?ybZ(A;
zGk$S+v5hrs;t;HuyfZQ<L2S~@emt|po09;b%B=pXbH9)N<?im`=l}4k0FckpHC<s~
zjNBb21Q>2qW1VJLrN9MN8b_(ABstXzo;Hdl4#tS-Ksa(Ey%_e`cC(_xrj4qwsW3FB
zlW?#QN0%g~IEFafSe?l7YHu_V<$-L6VPyGP73+x;?D)gY<=*D@@@VVY;@g)eYZuPG
z@tYeO0&Se~Vk%fo1pgZvIM}i)0I)P8qwvhKa%+By4cP)b&?}vJU)=xZI{dR56~Xff
z&YxyI-5iYrM|UOJ_9DZV{3wVtRipD(uy!joaL`=F=iyZ}2Vv?loC{y^W3B1%c|82p
z2$L#CAms8sqJj?M(RdX~YGgROX4u!qqtU7?tuBq0M;qc$^Wx0M#;`nQs%7fJ@XFx&
z)@b4Ni<jiZ*Ur54)}<?3R>&(EgFvH+PipA7x~TM4DaacGbigyU>Z#AqEp4!X_r>#$
z<^=d9I!R9t|JM^8^hn=w<;gIxJX;lXFxQraE!6>5&jW-FSyEuo3UowX6(*0J@<VWQ
z8Uw>(EE)iS5oVd|84(a*%IbEAAkM<!@%|jZb)0y9<k{MIC|TQzEDR>HV)<a=v=lT3
z+>CC>0Fop?Lw!{g#D&Y}zW>JWF0brp42OXv+QgUR*bii8hpw(zf-vqHs_!a}r()uj
zA5P}-P^g#I-tnsmuzN_9sa|-Srsvs)Wldbq>5pw4evty^T(YddGg)MW7<vQ>q_HQ5
z8N#5P&q=GP`GNb2)CG#O_wpbCW!jm}@XRQFq68jcjtww0pbTd_V`sB#s+MKwnlO=d
z*gt^c8rVuh4geb(o04p9^h{IKSFf&pZ}IZErQSf2T|8tnkr^7=Xgm<T!XFvx_GsPp
z-JKn6YltoMC?~|9bea!xz^$(!!0tY}$u~bga#YU~nAI0`+cPKHwrrcBWtgF4Z84dJ
zuAgN}h@<rqIY`R{94DjT>#uQO7M9Y22`DTJRB;>tmX4CDQ)1^NYRIYrEs~qCSkusP
zsHq5eSP&*I8x41KMHpNk7`Xn@jPn|Y3R{l7qkxYlXpX203mc1<*DqaoV_{*Sdx44v
zs{+F+LZEv;`@GD=$oEuJ>+AMpLp8@^FNg%-S}U<ZH2E2x-t4Q+{U##(i(kC>KiRU1
z^Fa+&4f>{beIjb1w8Q+-&W@^WI<lYONslqkb_C_41!|5VNs6IT-W+i=v%!Mlgx$cy
za=W@yaX$rvt0^4|g5yxNL=6SO$KjlgWA*eMQ!{mOD0&e!P83u4JUsl(8mbcLBV{;Q
z>aHy>oIUsMwJQtj6AMQp_<=MAyO;kn)NTLi|1-->;50!?t?S}Cu#&4YSMf2&sh3Sc
zz&rTr^`jU(dGUE5PR3r(G3eJ$1Zmy1WcVOUnT$rN6^(;2U<Dx({V>WxMn}vf;3QWz
zjmjePh{uFTV(8I<7kK1m>EQWj=m%L876J>7g<t|>Bj%cYT_5yyb6eRqMb(XHz<q($
z#f1?%F5Jk@!1XMtyV1LH{@SIp3m4XUn~G}brrGbggOQ(u4gc&htl+=c{aNfqt{G%Z
zU0Lm!s_eLd9VJSVnw3KbS-y1O>C4wsq|MRM;n6>F#W7<$)I@3bR+g-R<!nz>adKH+
zXZ^lDQbX1BN1m@Fq38HC#2#HHoN8YbRg+H)JlFBvEJ*SkD@3L=A<3c112z>t(5a~b
zbHVI_pxfXTZK%4=!Z^-Bg<xG~1z1luRaG{&J%4+&IU05^uAM!1{=yqqE?yhR>;22v
z9BFv@{^N%a@85s;2#D~XBylc9RpO0>jWtk+f#E5D4iufR5yphRMg$H45*@v$|GgKf
zXBj<bovA|+);(5Crf8}Rh}90Q-nMMGx^6Mw^R*yM0>(m>#)Rdd)A0<NvIgUTIMTHR
z1pp16JIsBQnsO}EfCCO;rt^USy`E}1KGVC3XyG&_oYYkEQw76t(;R~m)Gcoe7*F23
zdU5&M!b<=97p`2pe&Nm6SI0fmwSNYyzklz}{d+)!-Q9ndCRJufHq!>H-Sr_(NZYY}
zUk3ACPm|df-NBcxKRnt$ntJt%7kOHEfvM}dI2r&p8_3q!*<QCq-wz#I6lFuvHdH5)
ze0ZIq+OB}*PB_gHTc0qUoCUEXx+8ChNtTXX(QFu;q=AkL2Ha5*sMs9nVS&N~P&Fz5
zQ;f8P9PE;gXok;`Oii5hN2X_JgTea7;x%z+b@;~Og|`<+ivw}uMSr^c@ZQ}|@7($1
z&YgP?9z59H|L4WD4#tyyY;^mRp~|*xJs5hS92q#TbT<16EQHtd{iFRC;KzL)f*|5B
zePKfxNSZJhh%2_c*%bvDRBKO@HK#Ajq9KhvA+fg<%kJ8a8>#jrz;P;=KTiTh?pb)=
zVOC;LlmewRTnR(Qt_?^CN5uu6GGU<@u))BwR<W%c;T83fll{&Udk0Xtj)x-HvOMf|
z*T-8|2P*&wmo~Sztstz9Kf8bT&h6Wue0uNR{Ra;pK773U%iZTM5_Ky`M$87O0<YWZ
zPR0VbbaWoY*YUvfqvwY}fkKbd9B>XB^e6T}5qrZ)U-r5J2q9zscxOY=O;r@dF-V0R
z`402pX%F)~acqKkgX@?Enx@*Y{KPan*f@`UCXRzgi&3orSWFz27~7GgMuIP3M$`83
z%-ANxTLP%8SSmWY%-A@H9E&OHWJQp+Wp&gaZf`1BKN|(*?xXvk-no6_quU?{4<9^y
z^oUk+tPLlTWZPa~VT>y<4NFkb&BrX+*HGY>Pk-?oPj;pw1#&T%>^RDf+8YX!k#4Pb
z$GR<uLC;uIySg$F4SC0N6VDxbKEv^aLXajopkE+B?3s#*hd35R)`_S{s3Jd@x6JcH
zkb(JC1&9B7F1Gpu6PXFMqg6J5hM8NrXk!3|hM@ugbyXe<%j;dh5T3cY?Q0X2rN#5z
zhxhN^{^)~`?vV}v0(^$&S?^A>!~%>|)K#8D8JH8@ksUt`wZsIC{Nk$!u>Ty`=a|mQ
zG$Y;f{h?q_Bw=T;G8PSWqc=7fo3QRs9Ki;Q;J<8dGht{4p#Uad4`Tyoo#a+&oBjY)
zCRoPO$U4|O7x79<-gHn}R%PSpe8tD1{jrAwh=+i+O>n$fi7}1TolRZlptqxV0muq7
z2O~l037h7?1&*^>5(L@L_IDpWeDLY}AHIM49$xn!J$m%`Gh$|bKrb*-o#B{WO|(El
zg8&?D0Lbjc{#Q}p<HM(i$H0Prnx~nkMTQ7iQ0htJad)!5vNKt?#<1OrI#3it-*jws
zq?_O>BvFV#Oe4%ZH_9~(e0z4FCtw)0tmD{p&N+HW{4jLNIv19iMj{*HB-;rd;W5VJ
zOL5qAjqw~jhLz!=U~UkA?*T7SBwZ25<B161Cb6T>|H;4lrvLyRKDhV6`ybr6efQq|
zyLazDeB2P=U^aE8-n7aq*DZ5%XfRpTB{s%!A7xrj-LIm+QxK5D7t<G2u7`=Kf|k;U
zeMu6A6Pu~>q;HstJ)B6Yu2~~d3@u&N9UCbSVP#*K`7Fx(!pRaBr}M_C8K;;Vv<U)~
zuxczj$Br>P|2CFAml=J{8H54A0wbk_<aEX`b^&k_Lnz?rf=!Ji$&<iMp8#;SS(Y3B
zcf8rh4`J7DeDL1;@7=wB=g#dr_W%q$di<Dn(yOx^-C+-GP;4n?7z{Mc?x9qrIL+!S
zDX{-^_v!A<<1zyqADB)WOaNC)>Q4W<>M=vvSlE{Pi#yu(R^QQWm${m(;7Ch92>lEP
zd$2eLO=D&v0BSdIGZB-cSYSs;5ND+Gl2Jf}Rt6ubZ)sfvG$<Yxg5f<nf|#Nh;6dXV
z=oVon$#+yu@2TLV!TvpYy8G|}82?Xhy#F3tKYs7S8@F%V_~iB-(gL&&F9jyTL1pmU
z!qVMvq8_sWP$+l?1G+3<<r>5F@zK+#e`I4k7|?uTj;+4d6R+;{olp+Omv$!V)?l=)
zdsyV4+L|DNE5|%GWRa%j1)gJR6&OcJ0@wAefOV=SZI73o^CLzq%4;V+vn;)9dU%q+
z)JZCy$>ZT$Ja@y+;~39Qj)M@afg4bWt~z*p4^;o%58tQdzxU%G|M<Q4Kltdz?K^iL
zpd}<3pwnFG{6@H!GGn@8x{)<tfsiIaf>E^DAN~9*xnOtq&kQ`o8yp{vnO0BL#-nTN
z)@U?T#hu<jSTRgja8yJ0*+7xkyRzjvn!>t)i^WBF+-_-#j%mAz;o2Q)4$Lj;5KQ^0
z<axjc(D^ptttbg2aHytE0qZ|H#P~JQ0Nd`1JW)Ilkdy`hVv|Af{K;S3yL|^%{{de=
zQsBM!KKSs)oqP9i{RoM7_nwum!|Ec%qd9G}%##F1V7fMw13a&)uq)T8|MZp1{|qVk
zOW4G}d|tW?OO{MimjM6y@<z{{41}Grg40-KQCrsso~}s~!PIS0k^)80Je<P{`p`~%
zyKg6{XmqG9)#RtJWmL?7)jw9IO+ZWdzUsvl9W((vkEIL8&z@1Xks_HkI$1g$umC;;
z&LRH0ySw-Ae{$o4_nZAk20#LQ^a()0`;Sly;3}S5bqGQQo<-(IKGxxD4xWxPW`T-_
zc9JYkU%7tH1pn&!)4x30|K}kXQ_%Z@ri_M4Xbr@1-`ZT2x5t*MiUK%_0+U5~qH0}r
z(+ZsH8VfT6xCeGBjeKc52?rgJ2%Ba@WO>S`RTGJDK(}F-SjSS*spGTyq;%s+ee39G
zR{Mn!Xo^oKI%b$~IDY;V^xcgQKl<SG`cVWx4ctQ@^ytyQpilVuR8b1-^(>Mk2(>tq
zT_@ChfsIX^6Q+X0;Z?8D1D}1?JUIM!Q9}0rFaLqA2ubRi-pF8<BCd|KYa3k=oWh+Q
z*!!_K7Dv+RXmcV?^a)cWCrmV^+i_TAf{&veybcaVHz|snWJ!SoNQnPa9Q+etNhHk~
zpUs|~idGyvd3Lb-;`5)qD2!AQnT$s~)u2BPQTN>jiT~)sh6H^5@4wFp@bGb?12Fjy
zh(piv2xl_~S)RzS4jjAeS#i>j0)!l2W`WP<1VCi`dG@ED@Bbs!!h_i3G|VlK_`z_p
zzHMxq>e2`d^GNr)V47Fgx5i7ls1Jsg7yF*2dm!X##D;yx?PLZX0jc4{eXL8Qb`+e|
z%1iI@l=T@3|M9D$HHXu(#L1sZTBu4^9q&E{2KexOT=ADV;O_lh5CAR$ySq1QJc2OO
zW30EsY2;v{qcm{C$QUQKA7S0wmtpa#^&<%sP?-Bamjg4x=J6s@Mm>2j9t*vVEn$0W
zpvuBn-(Hx=;$(G8u!6zXNVTnyw}2Fe6GUJjI%bkZ*dde9fekn<9Wa2Nm4%CkEKmW{
z^!O`6HT%#00Z=QPWR-116=2xM_ioJB{sjWuxeM+v5TKRfX__dJ7Hg=Ks7WP^fa826
zU_BNG6v%R(e~ADu|N5s?Qu7a46xUcaVA-;!O~mnNV@cW>3JW7q8Y<@X(PTrECCg!+
zEOu=RwoAk8wUAhTqy!y2GBgPAbdLmOFHHe5>tHhRHI9Xe^;!K@25I+S?Edm*l^X^4
zM#blcPd~eV`^I}G=C8ew0N@V+0UkFv04@Mb;TZjsj2RlX!sT%iW?Ibrp&dI2Qyr)N
zy7fOj{`|jR{%8N$|L`B}{vZDj5e7Zelo_fzxu#0p<?YLtyF+OO*k9l315BSNwx^DV
zqPSy#))kxp2qt)dqTEhE2lwE(BQ3!*YBfBGD~YwjDwGTdQcP!uyI*-d#JxN^dhulc
zaQFV5Pd?)N|Kl%Q@4ffoM|VI303Eh#*tg0u_5C=;lUcCZj*cS*q{5g?=O-mNn)VAU
za7qR6J-PYxAHlW1`yT>Kn^r|^Il4Gh)$SGT!gBZOHK8|DHA5UsRwdQ6w>594FRCnH
z%!@KT4_$Y{?2fE!W1KoK<Lp8@?f?u?toUi>iy^2-Hhrb|!(tvkc(i*L9{elVjlJFd
z|K9Gyd%ys%T>ty;e{_$8|Iz=XUBDD>IKvZPfX<+CGXtCR@HA-0R0Li0BRn|dU%tHm
z4FS-Q<n#F9;eYfWfpwnFDwgS<X<ORnMCu8{o$aj)!=0XCTjFpqM*m=4cFc90(mnvo
zg$1k<4*Kq_ZHRqk#Txat`=%$_*1!uUQWyd%r7>uE{wixkoB!zUy*u|l`|RH1`}cN{
zNdV^D`DniWAN}Y@{J#bW-QE3<pYMJ)mw*??$NUIGz}}i4dx?gJ2BeXdnfh1}x-5{u
zNLF8DfH?#4|DOKQFaP0x_|N~p|KK0*J4K=<o~J7Y6GxMkowdoZx3;mMN;_6}&>hMe
zY_#ea;@D;rLt&_PO<fi(v$OKXJ3X<xY%Y&BZPDo|LxJ@yHk^c^WV^DbN9C77l_<=g
zJ$`uSF4+9rx9{G#ap(T--Me=_{IC`NADzBX2Ym9$jXMwjyMMYnHv$+HII=;#6qTho
z5?B)S)r&02ik@Nah->;dh`=>I(Y~L3(FV}&|MK&{{7?U1hr56N^MB{_95A^psJbUl
z)+VyjA8z*6Ha9jm*3GTOp|myH5iQ5nWyduv$EWi=d`&Ra&O2u>^#|*NOB*XY!wo|p
zZEV_G-Az?D#v>F&^Ce^SnD*h}{oRN6@7=w7`^HBfzRykG`|qDp`#*Y_0KfpZ?|gdu
zp;Uk!<SelNpX?$WtY*{7Elg93VumNsCOMWqX?=BZOCBd^3ftfP*=L`9dHJWW|KcCJ
zDULS+b7W|uEIX6#%5XFuu61Q|I9ltS-`tTk2T-Hq4s;vTZ!~r!P#Ei-YwxbEZ*DC2
zmakp7v>>i74!0)yXkj48+op>r2TxCh>A;8q4IV$b59<dH_x9}%-havJ&6)r71t{qD
z-G>i%@Bi=qSG$kE8Q9(RtNIyy+Ap7>Z&{=Qv%?f59uz_jxL7u|p4?YmHdadK#Vgo<
zexV$EeE1Z;zIgtRz$pHYU63UgFd@c*jp543U7r9TT)%o@V@-B^-(fhVd}Q?;*J6Wp
z(^CfhozA7-yYl+EGgp=_Zf?B0a^c*Ch4ZVc<I(j&Z*gMd!Rb@4CBS2l^3NXJfBfj~
z{d@O5{q)X_8z0^H@WU@s;0w$D5jex(2Y>dH&yVu|3giYTvAg?Ece!@kpUs>^Ndr1*
zD8o3H5d@Z~nd_75V{Ibm<@A&cypjX<|0)0fFP{H=_y6%TJP|qY6;<A`ds@F6>D|j?
z@yhx_cPGFj&c}`^isp`Ls@Arvv&a|>hn<USy~{s1v-swfE7z{}E-#;b^W1CKR^EJb
z>D^_~i;bc_;edyaAK!n7tG^F;4`aO?@xK2u1ALJH@85p#+3wAoEUeO_-Nz5-SeVQ3
zlm^upu<>9B3NKEW?X0L`Ulrb#EzpXmHSpJpK=XP3APTL`ElZWuMC|p(!sU&X^U~J!
zWtD~yjNGyBnVQBx%_w>x%7ejnr#lpO7Kc~Pu3mWi;@0|w#dpsveD~Vfiz}-`Wn$TJ
zIgitR1~(5||KRrRPvOt)Pj1|x<-Y`azqI@x{rH1BkN54|2nT^Q-6t9NpPstop99ha
zFc~Xp5@eur033uvZBvq#))bbdiB)`EuH+ThKN0%FKG;GfDhyRvTUi(mq)Q9^As95#
z8@eOk9qNYV3zlRns?b~RcSL)1wkt1gEMNMaGfTq4#l_zDe&^c7w^uio2bWgWumq3y
zC-}*aVE68U>brgC6O{f>aQ{zffFFMa0p9!Q@yChPHND7AfRv9OK6uE<*~s+q41;1R
z&d|;)1CRiV)P;er38Vh?FvPxsugRFUtkGQb&A$hZ{Qq7bXm(x4VSi_5qqlnD%926n
zv$_TzS)p6DFWNz1YrWAx=@^azO0u^yS-9}_XlZSE>)N^Vi-VO*-~0V*OFhsUi5FS$
zxeqYIckj;KPjBG$$tSl#{6F|20lu_+;DAr={*O|&F7#7rl5zr&L3{j|;-iPp=zKd2
zN9ajhI9aI2(m)xhlkV!$1tH4HdiIq-oU4V;K6?awg`dZ1@XODw=dq@<xORpzTYTr*
zLigN&g;4?sz%;=Qn6BvKF<+a@qlJ;$F<sj*MuUaTVXrG~tchx`HyE#7zH;fpYELmO
z?9uth_-h{Ay$5z5oV^<#eS{=v2=EQ-|IvH5|8qUFmNwMLVeSzI3m+f>9%F<YR`xHS
z?;jpx0bgP3R+QI8IFvoMBTO7w-M+l7B}Hw2O?(iR42%g*IKO}n@ZnE?{ydpDQ8t|>
zY-gc&acwn_Xa<!Rcw4sTc|JJZ0h`#0(Ccq@G&WLo0VqC@Wodn&sms0Y_B%^kgY}VY
zm|zF6sp^-z55V+cmg~mtk3Rh9Bc#DcAAX|(1O|Bj&M*H1XV{a6hADc_DOw6Q{;wX<
zy*7J$h(|tJp%-IF)}44vUV^=1ieT$$$*iLKN+|#WJi-`6d)<HVhy<aq`ss8ws}ke-
zXrxTiA)cz0CR(sMalAmZ4d3^AiY`vZa>p=zW2A4ZgB9Ie=nsGr%c~=CGQ#P#UNlJn
z2ps>t{~CVRJwU#9K=pm_!3Q6H_+euK-ak!%S24f`H~#bgj<>#Wq2~v#{{ji{khu0C
z-z^>=`o+{KtT>{+?=13rOdpOm$CfS_nXTi5+^>`ZL}f&PyLbTw?h^(6KZh*Em|bqk
zQr~gG74!$Dr+G_5W!tm1rEOn`990JIQ0dq<aD%C1E?-~jYesi@<I2wFNYr)Fl_?&6
zOex#X9^QlH0|C(Ee;;Y^s}KN;z)$eRr|qr~CDkz?2_gWj{{h_f+^`+FMgg8^0XnZt
zzzFL4_R99y)Ps<TL7LaqS0#%;1lsj~`st@Yg8L6R*#0wL!tkwQI*zDoK@{%@p`!N&
z=eCTUkz|Kq92hRM<>ij(MIORq%MLwN+?2;XN$6QSKoQY)JtTlj&cNe`_dopv<iFW@
zAi<X~z$*yw!H0MLH-8$dPPZpG>GT#T!TS#%BOG|}>76@Go(Kt0#W~J~$-t?NG|TR4
zpo%ueBV*FLreu|4Re#wo`RNx(@R&$R>jw$|4>aD!FB2C-8Jf%jQE(K|7*FKh)vMbM
z6RlOIBuO+5wpV*=oiK_F6MWE#&br$+vu#b5P0zATZzS7_mt#QmzvcwEefz_9<B<Yi
z;(%9B;QbG7KYIKk2!@-Ih58&h039jBQg<Ic#*29NdBrEA)vO9l#wIdwq$#VuG(K+x
zN|IaktAi4#1Rnqk@bx1F?zdEZZU)tK>L`L|YnJNAlGwYp1(N6lN#I6t?0MsDc_4I>
zSo4{M(bz2ml%v<jlbR*R9R?EC#8yQ~SP)q4-t7-hpbt{u8<+p1_ujv8`@t`xf@#+$
z4x&1=0uLXdMFoX&2Vv3UM-OSwj_BxP(72W|wg-L5Vr*x;Wo>p1D~!U7)z7{ZAR`Jq
zrYuy$0Z4#HEoRQJ4!caeb+%!wFa;c+H&*<}4wEF$H7yA6@DI`KBw3<hnZm?(@H`)8
z*lyrOzH0{)!Ssp>kD7h<S;GLQxW3_o6AHZdDkJbA0O7y;oT=N|fE9qI&|*D+Eqibq
zFvVTC^9K(>a}xy)r_@zaGXV3#WLuYe`tq>5+3%afA-JW5;~pRW`Tp+y&HX?B$xoiO
zh5^*c1F`~~1Rw(sS{8UV^IXt_f$C5CJ-fHIx_D_4j&`h}m*%D%!~h07Kj`3r@JSTm
zQSOnVC>{X|2=w<GdU(jIz2n)29nirOfB6>}&j#oJ^pfBEA_0E<qgUX-4?npFH(9ve
z&c;qb3_#c2`?o*6bNlZ7Pw%7Re!%^MBb*xG)>gy<O<xuDaj&~_skbPvZtAY8q*(Df
zJ3js+r>re0nHz>j4;wq!YJrDy&9Z;=^Kyo#pV&ibym5W?hZn72N$V@aew6xNl7vy3
z$Q?X}fm$YMI&dI~qp_c)>ezI*Wk0EEt9SvQb?=kgcW!*}{(Gk*zF%+zUTp;L+<SEI
ze-LEC=ETWR1@i0OefYQ=AOv{lkAVWj1F&PRqhhQgu=G)%ZEbIDEz8?uFvlz~5;_&5
zHe^Q&*eGrZ@c3ba1IP@J5@>@ia2-s8B=@(kT^HAXxVp6M^sedpU?4JpMX8~udT-Lf
zcyfVb!%XbJ2`3aW%%rj7>9Bt06hEVo;QdcO{P4z05%2fDasL4ZeF&_+`}wobwr#(d
zGXUJ~?T4R$M{x(gdGPq&17d>X*|aQxF~J&yp#?BRxVkCssEQggJCeN!QQ@?j7}nSh
ze>PVF4G`c2KrnD(Tu=@&*-ExI<ValTcZa6h)4J=6Lp8vTyi{X7se@@ClMZ4r6HW0a
zj?047wB-nhV(LyC5q<m+w(P@~De$rle1#|Y9u`O3fBa~dW%5q;VorcNcOKqBp1OVS
zKJ3{2$5cXv`}G3z#f6>(1$cr+6xmy%>22#{FBp!)sK5cRQyk`y&#mHaV+Du+caZ|1
zR!%6eKQo2Ga<}^a@cdx&D)`5`y|cDsV_$0;#U67zcv7K>O((gbYtmR?01*V(d>SkN
zFXtgC@C0waWcZN<-aAPFoL=}Jz@L@^AAWTE?*F++6D64*asr?Uy!-I>9k}P)pW>av
zGsp>)HlAVTH30JCkzvA6*iyl3ld#I(3zIOXDHGG`#pyUTm=UxBcS#N6|M&0DDX_m^
z7n)$i8*73)kS@MEGPlLaWW?-53Cb+R6ET1QdRbJqWg5C7jcwbJq9`rXymE|Z2mv3G
zwS9CK{J)c+|4ZBdr8v+Z%-0WQ@RK|Dcb|Wr#np?av|DHdKE3k*D@JJb$iR2+e0uLb
zxyetcsSFdusD9O=XUA?A02z3%Njy%9rq})@O9;la#lj69Zaf08EVWnKvX?B6guoI9
z>qAGo?uwQ!DxO=Eb^<84gX0}4r!X`{!9$XmJq~b~kzJLX%>Z2kTA^aE(<z^q1>n6`
zX#gU?N1*2(KHfi?7S9`-#Vbc|-^SX(yF`Gyqz$<ueEtG!531Y=vD4p;L(>{hOwk#P
zh8n;Us#5)8JtY@{Qv|r*2A}tVT#+Yvy)9wDw%0|~c6JoowbT)#<DkYi>!etAXXsHF
zh+Y_bzU?Ks2^?5)==ItCJDAnJ|LNUR4Db>Oz5s&$0I$XfU_#{fy?gjMe@0M_>V`3(
z`rtN(RqlWpd;shJ^zLm$1hj2?PmTe<WIh;btDah3ZfwcJO=gYk(DAao<aH`9^%*~U
zaQ_qwP(2za!2UC@a!Xek$fM!9EUrp|x-uLwmuZ6MCvkx1p?8WRG0h~71n|BLu!Nor
zb|JEO;qv20k8j@ttc?`D{o#8rr@h|$@hb^%S_IyI|HC^iI)B=#EZp(?AR4Fx@1XQ!
z(EQT}yARrM;n8%KR<pRLmPv|JGjf#~p=&ZnSF(({?%dhz=!6818h4;s{s{qgXH%!D
z7%=~6w7$MG6vsVn6OZaLWlOQVq2xqW$FV^Dmt`s&Ot-0h8g@T>j@1yKJ$!Tze89VR
zZlCD?FXX&_{NtB{fq!s{0U8QCYy}b(DhUC`RX+LzoXbyf?dWCSy>sK<BQRjiil#?L
z2QM=3pViYO0_|Mq38-f95iAxNg-zq~Tz7gr$3l%qe6Lymz55Rv0_@SO6lvYCwsx-T
z>P~kg8K&cncTCmwjG?~mRvl_a&uTCVb{u2#-1HeQ1pznZ0c`!JH!uM7(T5+NR6Ov6
z*XiqJ0ca@z$N|=N@6H4KxEIeUf)5nHqPcqj0&d&@(}j=jpoT>~&|(;pzWu}9Co@n_
zNo-F`yNHrV0|5=OF|5QcD7!i#!Q=a<q9Ug_;9zQ*X~-PYV_R!FaL{Ob)0SP=vR!$z
zCoT;9qGM*J9tT!cC~;9u>ldwldHetv3w+i)pM3KEM<2EoAE!0`E7nikKPSLPcR;m2
zCY!YX3%jb054p<1)dQ-yaT^TxZH%yEr0LFW00sbJPNSIJqY|sJTzBZ@Slc!k*fDy|
z;2$S=z)w}bIBKQfbX;i80e>{Bvp5073u51wEo)U2Rm=3;9<w&aYg?PDTXt;CP{Hm^
zO)m$|YnkdX%GKRFJOo0H-w6YpQuD741veCU@5bHTpJ5si4BY2<+F||TDG`7|Yj7bT
zyp8#_59!;FKKkVL-N%$WnqSyVGzFj<0C0<Ae~d}QA_L5V6VCDYxM{-%WM1YJXbEtP
zIcTtV19ii+b<64E@JGvIvb{6u>!ROt^bVMPInByEh+ptGfrH5%49b3dc;lt;@5{@5
zWf&AzPk;a5y*m$o(yYVQ<Ty9;&nbya%f9{o`*-f$_ylahM<2fb!6zSmbmNncK7?;E
z`c8MxIpG&GEYV?sBqyQ9e5P5x9A#mW;+eA8hKq&%+)oCF?LiwJZGpfOZ&p`DZFr+a
tO^_|KtLqoGOwZHJ@zqIQ1!F1w{{!WXftJ9mP~-pr002ovPDHLkV1kgDx(WaQ

literal 0
HcmV?d00001

diff --git a/geonode/thumbs/tests/expected_results/tiles/wmts_8_6_4.png b/geonode/thumbs/tests/expected_results/tiles/wmts_8_6_4.png
new file mode 100644
index 0000000000000000000000000000000000000000..778ae94ceafa6dd68b5ad3076bf1268d1d2311f9
GIT binary patch
literal 35907
zcmWjKbySnz8vyW)?v_qTMM6M2l@tm6DoRL8clRizLr_2(K~QPw7$XG)oQQPyMl%K*
zWAWSXbMAR}&)$FDbMAfbdG2$cH^to4fS!h%1^@ui8yV_80|0=;E)YOPO8oJxd-WUu
zAgMEd@?5W=prEp{vZ|`8rl#iW*RS8df3K~rt*fi6udi=xY;0<3YHn`+@#9BJOG|5O
zYg=1edwY9FM@MI8XIEEOcXxMBPfu@eFBlB&>+6F+ApQOQ0|NttgM&juL&L+vBO@a}
ziOz7NMCZ6MqI29h(K+rH(K&8{=o~jmM7$z!Q$z^dZzAIL0tY3!!2Kb*z)cff;QkU_
z;AV*C=4a*?W{7<x?jI2nH%qj-K8wW75iKpxt!>P$Z_Ocb^F+%l^Xr@QJNxrU+yc?Y
z*1|4q0f}2AT3uUQTVLGRTHM@TJUCgr#4Qo6tuJluEFGLIUE-FB);E^7cbB*KmUs4+
z_u$L>2g?U1%fwq(xD}%Hjg^hfm7Tqn{ezW*la(vnD$(ZF>hAvP6>g1aYkO@EwswVE
zC)(aw--EC3!`H8H8$>(18^jI@w@I|KyLocHiNb9WA+NVkxNV}7^KBGvhX@AWIXc-v
z;dY5&@Ll-9?&0z7(aG-d=`Qkmm-s&#w?}kvxOaTIcXGCOf!ae78+s3Uy?2S;L*w>|
z4v+Rv&iBtR_7Ru+Nc2APdjIlzpLpvU2O~N>f*l>hPR?Mb=diO27y=1HT*5A{U`Q0~
z@)~w^4MSsL*El%Q(J}n^1b%uBKSRLJFW~1$ID*(N;Ybwx5)Hq)hNH3YYuo|R@yWr-
z>B0HM!8!5(L2Q=?7ncW@=!2{4gKOL&(dpSC0(p3Gd3cFFyt+OjIy*nQxI98$9bH`?
z6P+WDkyj@tC#R>UAUjLqgid*8q^t8hthgSR0ul+&6Q@#XI`WZ^eqrI_%-hY>=i%#H
zhD6?Dq@|@LeLGHNoegwIOE*@`s4M!UBiGJt>G~?eOIv?TJCjaDGU@HdsQk+JO7~_S
zmpR&Nk7E>P=x0bxAAGd@&o(!gpHIRZC)|4)sTFt!0Xu+F-V1um5DGd)WuB_l=Wtny
zXJoh`D{1?F|2ECaWI!=6qEIN?-i6gw;+QWDx9QAZ>>om45$`%&k^a$v1f)2kpfS>N
zTIvX1Ym9-y&+%((__V1h+|Y4J0(f<5>bRbxXIX7|xu-|%=EjwSBcEfxM!d#V+!a0J
z91&ddgcj^s?JiGKsXm!;`+!}qa8EB(miOvr=q1N)aKP~VIh>1tny3v@rLKG`<KY&p
z@wMH%Cc?nD?F!o{wZCm-&|>g$!FUk+>)1r*+6?wBD~o~g>M8{fejQ=7Y;Bzy;nHsx
zM?MVfo-6Yeu*CuxG0SUyHqOCLvL=0KUl!6#*!!$@C8bbQN*50ga-k^Fdbvl<eq`_D
zd}PE7YU;;VR%~k%74o3>v6$t{7H&!ZoKVC)=%C0%5AL(Xr0KK(olU6hcK>y=--a&d
z*<M7Ut%<tRhTCl39*<;$JfZYc75z=mgG$bfoVBkk<dT6SFJ!NuX^@<soo(!{rGdd3
zssujOf+>1YAe8W!7jVuLm$5pNrfjr6T>0BgHhsnxN;_I6M|zdTpw!VGdesrCR5p{q
zLfYOD($SH8=dh?JGD%$A)xdzGM%-XjoFl(1h7j=FhQ6oT^<JA=+?ynCB_T{C*tWyE
z;5FuXkikp4yxV>OQA4q2GYTc9tdLpBI*0|>RV}Uk&8i($PM*7`rE5@d^n-78_uTM)
z5z)97=&Z0d8lG+|0bE$SCnH4Q@Z0#*JvXnEDJ?CYD?+0hB6FBAXqwkOG|wSklXNpG
zzHA+dOkR%UIfN>8C@P{l3>oK?h^y6H8M7KgN@`l#c4aOEms|GNxH~FW_pPNuu?u9=
zx#AS#eji5v_R2O(w_-l4rg7bI0Iot7`_EObnBhm0?P~=S;(|B(<!34%Sxm9?rPzGX
ziy-;m@1|#iFxTR#K*}5CXw?{p{&x~_&l2oJfTE<O-bc*zjSb1bm`$>{+S#p!=^I?y
zMavNGqUCrMd`zE%rceI0H^-o%`kuJTcXzjUH@CI*m?as0f3hEDdP?|Kg{IV^Npes~
z9}My7iOCL1+jNs{iUbdo&j^`tW{Uf=(f(dwDo&=*C5@Dw%xlZ@{8v}#Fuz={Z^F0~
zv5kAhxj|7f;D#2~)8sr0DEk5`;?f>%#j#T=;#27sR8%48<;FFU&GKcQ^xny|ZDpzk
zX;Ua8N+vS|btQy>F538<Z)-*(juw{=a%-|m|1h?PGBRetj$ttD&Q=lu26`lO6ruVl
zo#J&)ti8(Bj4edz6I~>3+*zF$IS^aBW0kC&KvkSgRW<)IAx35rylVkoi&<|j@`-$7
z)YxUz<Gtp~*!avbRsi)b7d}$M;d>u2?0XzftJXwnJs58{377_TD_&Dc_tBO3yhp8A
z2xnl2A3s$6k_)cP-=S<Th(d6BQIs||YFJuFcVp1gl`nG0wp5#A8!m<j7oyIa*sTY5
zjz}91M^EB+6?wvSqWH`V$5P~H&cj$tYF<93C?{(o0bPv*vmk}Rxo&f~k-QlXX{no#
zBWwQ^4~zVv^WePah2bED8G-IhMqPj)UQJEyF>`yn%kK@21waMJNkFW)fk2!zY^HN#
z84|x7BXzGZ*~I|=kVpeg{TxWMUhk{OAKj0AhhxQ|{c$B=+@s+4k6BgV|4t*U_FhTJ
zC=`3i@-mLTeCewx?wbEZY&f;H)>DX#Mf>0aBrYt=$(SR{@T|tfqiNw^iL6gi=&DGF
z=S1c%d5q{`h|l$O+J&%VEKDn^zZB!)>3Ksz8%0ZrR(=aSbRNqrAO-yu2)U?Zj<Dd(
z_&Ecw;i!p}$uxxlLqmVr*{%yZY5yfSACI>fWbtdn^wL}kDqZJ{?{AC5#b{6^MBNGH
zxV-7!C)ZGoQ6-qc#eEwZw%nuM9-52;{>EwDoUi|)OmLVEbXvD-D!vA}>xmaSK^s(K
zj^OmmaQeH)I_rcq9*SZ<33Bs$*=By!!wJVyyVQ7=OAZdh{m`*@XaSDW*#?!@2w<i>
ze@=($LZp9~KUGSEW*{dIk68*{JgZcFuuXrb(bqdyUR7OLSzS{@RejJn^1&J6pDdj`
z^|7oBMO9aB?R+BFZ)sad*KMF-j;^v`!x?gmaMrB#7aL`MO0fedrd;oetod@2A>y^H
zQ|Yr?|5fXI(7RkMNJZI`{tSS`7W{Z*4bMNZrCBoDLEE1}yRfttNi84be;&#!{2NoL
zlSh2n)*+qBOTr;10w>vq8g?(~1cjTrF$J80ykWiFS4S#vf%_Y<Seva)p+tDVKc10^
zdKXR=X0CrHV`9yqi}94P(VDUtj41U(xp#a_6uc$9C-0tG_=-m?n7oF@bj*6?P`Ziu
z4>8V|P8S#(%sd7m_t<eY1~Th8fM6^c9V1n7X$fE1(Q)=DW@0?aRhZsIGVJ`uw04Gv
zOiyF--mw5*855J(SPL%a$>VER<Y7@(nYzn$zGue9fb<_2F=k|L1!N&Pz>+VaELv86
z`zsc6!uO2P`(#?|D}hFI$&Hx!JwvZdQ~ZizPs1u__Ks_JUmdiFaZ<IpaV;~o?{e+2
zZ0~ov>arEb{^`xWA8|6AG`;=g7)D03-`Bd(t9HmB@XIgJb7-kXO+Mtp(av@@Yo=AL
zfX)lzvFxB@8UZRxziTd|YlNHThU2ykJVkM}BCNvz^<(_NL_%e*(?V>TS>GS(zP*N7
zg}Tm}(;8vb<NpThb?*@d4@EwOSd#SvSQc{AKun`nf1r8GQ~z3SM|U|av>BT5HRekz
zEp;!}BMDpW00}m-3QEqUZO<}oYK7x1M2n2jkXjMcIG4~iB$E}yW5JYjL&`#MV5Xd4
zJmK+2XjN#fFOxPcbiR*mt1&B8kHK;d%FxC7zgk}l*ZJIefv^|AMEyJ>IA-I}u1`;{
z9hQyidI{9A>q4JWhge?~Pe}fyiH#5hwwJl?=O<XzYfKJ(v}ov}Jq6DM#VeR_JCjW*
zV87VSNZPG^7T}B}k7eYui;udm6NYhDxW*aZcBo~Gb6wZf<QZ7yVB)56X=rS$&b1Xs
z9CXhX;R9vuL7}vr5xIn@<3;%e$Y@qs)0I5!T$!exLR<6Y)`;RTpy`Y=`)mtJkm2AU
zw5*^W)xhT?qhUwP{QhMzro4t!EZ8U4Kz-(Yj(rY-%erZI9&2I-WxIv-G^y0%ZROw+
z)4eI4j}yyCfuqyf+$8+*cAS|Eeih1=tBK!wp?+O3>>PUG-KZr`fQqoim>OpClYPG#
z35qD8>$Tlct<E>=Q`f2xU(loK6#Cop6X~nv!ec1G#QREEm+obY&eyOsTS{`Xq#7#b
z#lbSV!;&lTTS}kD&9~l~7*Iw%cC8|}V-iFo-T~`4ILa~%EIR~w+XGMoq{nLA%XBl2
z<KJua)?T&W?V#_ED^{HW^=qQHw(KMuGzsvdmwnj9Tht5qy}c(lkh>(mD7@Y?D-V8(
zM!2ZnzW2w_d)ee?ej+I<!~sBNt^>4q`BF*Ih`f~P*zC%}h>?o1z9CKrI>LVR{)4c3
z^%>RIv$Q6MC6Qkmsq6i*LkS$_|CtIr5$|v1o#E%lzeGQ<!%IwKKO5d#uC{lJ8L`Tg
zt3M$p6HN&6O9L8w26$cA@$&|lUyC0%fi4MmK%{hU-|;nZMO_^&D*#+d(qlX01Vk|X
z$9qp<Z^6_Ww2O07eD9wBq9E=98**<&VZ*$Gy}bqK!ssacT*x8%`#_<E^~f%n_iKk0
zb{!ET=&2DduYPLFlhwa_F$i*9tHoHYav9L+jU9Gvw!dw=iM6QDu2x3H#a1Nl!F<M8
z7THJNau6d^dO>u|xfZlFCL;I}(?Q^j|MEo02%y)jq<Z#1jf%p{`}Cv*6%iOc%g0DX
zwaX0WE1~~E*JI5iFWlKj!9+%(&Z1Ectzz@^^n}hUj=xeD&x!y9_VyV2D>O{RwCV9<
zF_^7%n~VG4vwSjXhOFPNl)-md{KC#p!KGLD5*Z9wN4$g5T~**_$#DXDV=3;}Q;Fa4
zP;~-qN__!lgHo#Tx!`lRoXl-_@`c`hm5)J^t82}Typ{wqhLjXW&euex`x36enM)Od
zXhjPxe&UGDUxv=x(U2<6l|7?7LpOH<gPBPUDcZ|e%0Jh9e%ad5Ldy-eF@>7S(A3Kp
zq&M^fe&9ubA|%Vs6sBfu*W&kpl$5$dgun>@Yw~6-uFEBV_7%v>+BvYZ!X%<k<1-+h
z%P%A%CZ>u-XfW=P>OmHvNvpe1|EX^EN1)gu6$?E}7udI7%hv%IkZ^N@ybWuNaSaQ8
zz@G(fkRQVkw$mzc9J;?w6p_~HW8Ct9drX3pQTAL5VUOPd?&Pf2d)o&LzD>W8#*4t{
zD(zuewqT4f13m?K6hg&N%z8O0E<OnO@h~4^*12)<=gu?n%Z&CGgpbqoZEKYiv!9jD
zgDirG0KYSK(uHH(NDVx8L81HhM8I#&`1I}b%@d_92#-ab?``(-c^&aHH4Vp$Amszs
zA)V9Nk>)BZMOP5`ij7VpIM%7+8O7Y3;vGXV`zIt{(r2bORg7?N@+XZtnCDe11zwjL
zu>>Xso$L<WFZxyKWC*Aj%Qq0O$tR>sTravg?|0=UR&<rmpH?SwRL}T>c=c{oxmQTb
zphhlou?fIY4#zV`%xoAPtzQ+(8!|IJl2XtuK)#}XbaWskCYAHbH{+R8Q1Aoll6wN_
zcJEp3le_$fbi(4qMOkjMp`UC4bK+)ep#AKat;LfyxX`4a!$S!?htB=`o-S&WYCsLK
zD%8l_9((VmkTK!CBcNn{gm5-7ktPrv!KXGW-_i0){?JO9gtR($I_!Deh=@X$ovjS~
zbc{T2W54WaHXo@}*=>D*?&tNzMM1|h5ILp#e?H8<L5@kueA3b}^FB2RwYBc*UOUmU
z&-{K$36tD<6^Td;*A_%m_ik2-Hzod3V8W5n8hW&co;RgacEcs6TO*cD^oQdrooF_x
zULT+E@$yqqx!fxMFFM@sYCIowxCOldKP_ziaicf%oonY-Pf&vhsW2oU)9p}nyOb3F
zh`oH9b@vk19TRMHbt-B=Rh242y3E6~&PK92jEd}u+>zb5-zU*sd7k)Zqe+k&%R3;Z
z8-9gyCY_uA6qVicxIE1J*1fRaYMY@0ryoGSw4HlOu=MN85`2o*pY>YE@}HUCFxO=J
z4UsX_$?bQV_f-0W_((EsREM6*oLns>s5kS~Rwr#6DR7zm+@^5{sA-4bMvq)g&Hjn<
z3R3!I-W@;r{acz#I09$=<_Y$}v8yvOD#4bL8i2=|iJwad31{1w^c;WdeI8N&kU){f
zG%{#b%EZAxgi4WUVo+xXhGCEFQCz(wZw;-LoqB&6D?Q+ukgWG;)WR%Y3kj~QNte)q
z)j#U%D2I*7P5s3}aO16ZPxQz8-8-IvZBc2{i4B^-iVG+I*jUYSJQhp$HI0j&8(+I4
z$^h3pJ(4Ab4bf7+fn<_=q+*KSg?%bT2|zL_aeWW^@YtCNtrJsw!}5nDA|FLp7B(Q^
zriN}sUYZ8_wOMEW8R1PK$f%Ec&S_Z%wxaj@?H*75d_2Wt($F9S%{1~3wL4<!1W;am
zq~aYPKM^R#1&-Yg2ZyQO<JPa5Ukfd+n=jI}wAJDM6knd74a%&A6u;p3MPLot{3pvt
zP;7WT66^a1*rnKROQQhBZp|p=8p$-<0^PAYX|$Q`p{QS4c1fMuh1r6(px(Yd@OiPL
zld6v<MhcJhN~#wz0>ssnfQ9p7ZL=4rKI(-k6fy~_lk&zi_vnp<d*=IN<EVhND|n$a
zgcdhzNMXpf%TY(s&tiuizLt$w8%K!_tdjUL-TuSTFQNl?N>9J_qOaP2W!`=h%t|*U
zvZ*hk7!t~e_LbS1_x&t*5*_EN(x?2!>@gjiQvAR5lePAyi)+=1K@5ht+Y>Bi+u|w$
zGTcgu8BQv?kzs%ZmlkJP&-Tw9&bg`fb*rl+cpUrsYSwH3<Gyk#*id=}Fqle9$YQrH
zi{QbHZ>qao!z|Q1T*6CfnN;)0X!J~H#wGIrqI$^siv+%^NAT!0Q&27(q^U+&hG$!o
zG#k-vRKYm%8*7Gq1dLL1D_b7LR74&?;hiv@P?hEG-{F5ul*tikX5)f&ny*P|m<-OI
zd`{T!u~w4-%1X!ZR>kmgT<>@&;B$iFy^ypK-eLc|7u>f1EwK-+ek|W4CEp@s+1W-t
z{@TRB(e2A^`#k7kfmI^v+1$+FxhG&KH*ojK9h&w0F+G~ZRA7hl89jHbpo=Typ1Eyr
z!~^{OArn*E_e$$IkQhAgi1`;=o{jrCL(t^82bt*>^GanOL(Ufe`;+w&I7XXzIr2go
zmLb-tB|f6ctlIG@H+e**M2w$LE36sRukr<IM>yp01;iIQ^voWya&j`<6#$Lj20%k2
z&Iz4ZbiCw__RGoG%GLS|gd@8)k4sxzBiBF<DKr%2!i)ZvDq@yhp`u!qyETmXd6B^(
zgR%#Qsu;9)jc~`h6}o+41-0w!WN)#`hh!^hgWY(j5=1tT*ljo2><Bdt*+}*rhGKf$
z8bi@T1SOqMXtuSgND+2dq@9Aa@nvVjQ*bS%&LaVvmtx6*zZbVk?w$pPgox3VGxqe@
z&~`ci?hNi(H~&#;iJiOz9;mb&B0prSYcMkRb_qRM)h*~D#M>S-^ci6EC_*mC-B+Y1
z2V3@+Wl&Us1B(5R%@c9EX;O%QojOx!48)DjcEEudDRl0d{iAK<N0<J?R>|y`veoUm
zxwV1mabJQT@|V;*ci(JS%oO@^ZUszvQZBc{_ShXEBmLglTz|75`zA2wTgE=rnAx2C
zv$fcn<lQFQn675}<-nK#R&Rkmbqy_m?c%~BJ7y908KZmhCT-_~?co*sbM(4uIIvFV
zAiclHoBT)(@hy^ar<MRqTj%33+LzCCw9Wgta!fzQK6EI)Ts*hDye}uydI&>m;ZZWu
zlrbO${=KQ5)5AS%@3+X3Uy?E5U;By;Dd1%@4k<j!pBFB#Rry<-V?EfrzR|6G#(RGA
zk1*Pyhd$l-GAcG2r29~NpRr{W8Q9-$=Fi~4Nc97-aUS<C3Y6x3a)safO+jLqvkwLZ
z=p(a9iU}dk3|Nbv3$De3g#0&mB3%v67F*gL(8xa5EMu(=>rTieJ`*V5+DR2(`xF`y
z|8CB!JGAi4!^9`8@jmIaBK1*0RFe&yXEwU_+j-QzCWMQ|J7g*MN}BCal}^h2+fHNK
zwDxoK&-)i|SV(RAAKZrP@rp-ux>Gc;M=feBtS_z;pvR|#eQ2h+MHIE~rR#{_^G+8m
z`7^s4c?z#u-PtAX5BAm`s(<Jr26%2jLE+~!GK6uEqrw-Mi`8&_h?<Xja$642u%o1u
z1W$`oE>3v8TfXSLy=0!!-B=Xs8~b({>hNQ{mw19=xvr(6J8(<23rE8J^L}l_HRYH$
zKa=Tg>-K9B3;P6SdVg1fV_DEH+7}0m-g&+{zF73_MO*y|hnw)`1_@29ZY5R!fARl#
zmX~YI6ua6p))Fqkxq&+$37b0}M|AQ1-^9AuA!SLof??0hc0BX=7J6O)?ij~I$%hD{
zrcGEaHB1REHy8Zq7Ladno9_rLSQ%CKgMBn9Cn_=f$XF<TihT?8!$;!Z<5b7fjUyJ<
zfaLDeH!NKfK5|idbjph_#h60g8tKJm@D3^JeK=J6WA!i}dWGMZ%^L5<A!lccV&-_9
zjhL647jJk5WB;4Jc2dM9IlJlLujuVxL*6G^uS<;EMk-FEeT;9ieOR(uxvjy1Smlrj
zxw0+a%b=)x#Gq>WY0)|Id_?GPM9>~t2P*4|Q}!4v!Y5+Wn4>^R$UZ+lhr<_7pF}_O
zCw=E7{zfX$`VX4|p!1yiha^-P)!E$FjyYn)9|_=;enX`}m;|LV5Z*%pJp|RlA+snG
z&dE9bVt$r9RYnb2+S)U^*Fvy`_c!1fY?Hc`!>Ry@Wmwxo&Nj0Xs;3-dT0P2|@7RlZ
zh3SMA4Hg2rd!qf~vpI6WSqg7sEje{m`Be$0cBLh^gojQ|?2PHN$pNK_y8#LE_juJb
zVzAi-O^?NBef+VZ1RP;T6y9&9`Q<P-4T=L@UbL7=YXV6-<xdPB4qBSh-9NSaNDSe3
z&l@3A)CCz*K*lkVBgoEY(WhCxqP0A~lsKFxjkFlxHTwol3?giViCo;@tiU{)v8$b(
ziHTD+!aN~hnKof<=f9_O(TYK`ak{<Az=|^I#MvfVs6`pRvCoi#@O#mcYuyg()u4jr
zvdm_sNrIY+Hjf1`uE%+x(=0EOj9!<Oz@-ide~rIo1e7V`qS>RVG+cR2zkGtj$fy@d
zgUH^GDyv;bmhthw#-D{Y{APU0xvG`TwmU6=oyX7QyAnE-@4W-<T%Z2Cm_B5c-WmM!
zUzkxlgBx}EF4sOAlcrE}Q*$@NyE?*Rey%L;$;wKR(y&1-p8=S#1&MqfhtqP=aH`R9
zq1gxzb-hr$+~u&l73V9H`GGEsL3CwLu!NkzwlCuW?aKe}Ig0I=Bla_Bd%Y^V&dtO&
znm}^zA(h@b&g+jSqd{eeFn((|^xznIu+`-CX7N$!rzpOMp2Ht<oSx5bCou|WE-tNU
zLD1u6_)vTSm!FDB^|b66PhnSG@ZB7ZXC@UZlr7{4$X|-5e{Bo9f?q5YKP6biIlsom
zQ}yq$XA+oho3-+mlurGBetgXPQ#tfsdA5v<W+`2d7B<G2+(;bFoN|C7v<VP)5I0)f
z!GnJoayq&3S(%ym+5XUo#@}%4rx-aPU1(g%I1M6h1}-T^Ov%7Dho%x9r5G0g%k1bW
zR!d(8=dFdK`Yd&52aSK0zv1D0w7OqpR{>F<E&6xrt%0_3*L}_72mp+94Q$cXKuelx
z3{M9+vn{n$M9t3#n&P|IfuMgp$W;+f=hy3mq0W3{hECpG{!&{tJPf{p*w`?m7~0&J
znaRI-BTT89p)~FNGX}#oqvZt5=M80iaUlT)<^8PmY1GS7f-HQUmo!*mYyHL@S5{lN
z+Q9|3W?M7I(SK_0;EXMNd%MiESaU4DhBtITuoy@oNKddcs}ZghV8DPCj-0RkHb6>-
zuMd5q_2j2yrE+A()Q;>13*N7X`Oi#_2%cTbH`yP5Ly&k;PlqGV?thN2)WY2CC`#im
z4}(~)H4ISc=7Gx*<QkIS&705jKKAHcDKQc95TFcFCAtM|8t>DyI(6T<$i4oq;gXtB
zaYq(EZ3u@+5?Du;yR*40B(=TzQ{ic0+-}4swy{mMF_S@b%*pHWp<K|in)O(fy0zVQ
zevg<@$e+GndL0IgWsn6?7;atu?>tA1U0+w`yFUK8I*IyECLIAmi7^WhD@HViepUWG
zx}C%y{s2IB1$<;?Od(69%z=SgN|>I1f&@QE8C;X~Lws@J=JKD)8v2vW^OQwAR8kT=
zA$(^&us$e>v*|7R!#$4uzx{EpD?Z(Ktpq=x!8Q-@4CHyEpub>z{O1{&pWA|rst$WU
zO_b{T-~0Hidt9USm(~YEmBh|#A!otNVSUYyV2t*(Z=Ybd(~4qK9II?iKPVOlj@rqI
zNix;APcdAy=KgH9NHgTbG_*NqNb8=4o-rE8l&mbnIwk96<veN~Nq5pl525_Wr<&I5
zn(EgVGUErOF;N;|M9<Ja_o>5DOCdT;{#P(}Y(YxDR1MnX@A<6*e{aFuDfWU9+hMy;
z&iH3-I^X3c4~fV9<4u;jmP7EWZ|tEzT46yqB~O`MKv4mm9bl<`j%%aYv8?LlXIm0X
zQQhBvjG@!7Cfa7F=u<N#xP^_>)Vn*Q0v{AUQC-5hNO@$F9r?znUAJ7|^dJFgj2+<}
zcwXs^qi3RpzZXg5y7rlXAHGm07w2_JbZd%=J<%VETRlW}gMFUvJe}r4ify0Uqet$D
zGljmoFm5ELIBU_#nD1P`keMWXAxqYYLc_-Q_V`tbaQR3q;oa(C2y6W@I_AxxMZ|XF
z<Nc0i_qhiF7ur0_H?B(m?ktNN4PFE`zjZa>u<OEuK?o1IL4_wW(C!dU74QK1zyq_l
z<riwL|EgWtsa)<wGH{-ZLYUoUrUu4Ap>7k2K8qC4w2E#wct6B{XLUrRuG@07rP5-T
zz>z~>G5w(J=6Q;(-MM4iMAoEO96gi;T0cbf<XIw9P5G;brgshw3b~p_uJ2#X71s}P
zV4tVrXCE}<h&dknk)cZi0nG>`kQ(?ze6ufiKH*<hx6#fE$#vusf#9#Pk1sve80_5N
z7iE<u{LXUq{<OdUnWAGC@_`P69Fc%=STvr#XA4q)7FS!VR91ZYt@QY>T4P{`XlnYy
zs722+ShMoOZw-wa5$J)W^~(HK%CWSS6>`qyapBRZA|Ny-t{voA+l$raqvdcT9y*$j
zs5q95eu%z;!g%e#-B=@|Z*m#LQ)gfKjd+Ovb;Q;cMyIhq?88fB^#JVPaxK%be{xCF
z&VT~8I8)=+YJQtw2+O~6!o-SIF$!o{gZe^4+Oz7G7EzQ5;|r*%u^xy17P~ME4^+v;
zsKWYagN9>bi`^17RX>y~+-fM)ucq(0&Q%7hg$K!X^<j!_q7f}-KJU}6JFPw9MGmM@
z(K$mW83~*A3P&6z3Wv;$hLnmgEV_eKYW;4^UK$^CO;@u4zR3iR&K@{D7h=q0e#py@
zvz1As%>B-DwFSwc4{ONzy!$78aB3`bD~-OY1l8$u!Ni(mX!}`b$JxTY6TO}#o;$wb
z5rMl~Y6H2(*0XA<sewo00>2rb+1d7)f{+KP4?A>ZP=mc@_s=qmL5ubs?N?|D<Xt!j
zX&#aOicqGWsPf7>@(0cHUzRG4{Tx28(i^$)B|fOe!B|W8WXDYJ2inbD*S+ef4En(c
zg6wIO|LrPlf<O#mq9r$XIRJO=CdW;W8-J0?l~nd|JqAZZmP@trgVgoSq<PFCVoHG<
zY3;6dXtG}H9awku0Vnkyy1Q+;A)cYn*wwYs9Cdg;G<rtzRX*p7_VJs*(^xP2`vo?H
zui@gnI1&o=mvVh6e|RK#!_}ViX7{dbydOLUgL4xqZ;w~!7hLytq6fkjz`eb*@sZd5
zQNa(yd^MAQoZSVR&O$YNy1TOzSK#B5rlo-ke$VtNJMqgqtWK3hw<_m3delAIEX1}g
zx|*xhy=Pr6&8^bWeCuIoPA6r<RbO>+@`z?o5GG<lc+cSY<7UTwfUfT;Sbb?dx^Dou
zIx*Ce1wwSl5a9bDWDN+3%EZ?{`n~Go+q<CEhu+!Qy2<_Rw<M6+*NI&{%^l?rZjrg(
zup^+i1sEGBO6)gKy*ir3nX*)p@{h~jD@6UyeubEJeN58%{LUTuTk=m5)F&ucg>Z}a
zB{%MhZ_c@NF~aLbx&{7TCWn_N#vTtGY`-v^py*0-T~_1iQ8OR}6%$6T7a@GD2w#_e
z3Y3mus+Q>2ZnMk_7`nwx;YieKuPR1{6MKe;5=dFmP`!l4pnmZ%s1BtNLuVI<AlI<V
zy-@)>JG=L*7nG(x!Nm=)*(wD)yB~}HH>rp_sZ#nVB(8d~y{&~w5Pl+(Oxvrhsjky?
z^-A=qZ5A~PL-orY3dZw;(n<@w*YT%=dn~S~#45f~dWtB+=UUI=2f~uih`BwpxfBDQ
z<-|h8Oz{D`Vu2DYDMZPs|HAqw-vim5n)4$&eXU;f(Pa@~&RLZ&gA(ue4_etIp_))u
zQes{}P#WE?9p<L5d@s-4wG9tbFR^)TS99kb%gp!-UUI7(m({hV!!Dn)mFu90Xp^u|
zRUy-8tBAqvT)Y5pudWXnA9XVQi|QQXO%A(0?)S9Of&R^ecx#DLji(lNRz}*@RS+~%
zKodh%NI)C8Q$Lloel$;yJ5zbbTuMM`-CRIA1@js|(3#Jrd)h;vCa)~7Zc`wkTjx8f
zCe==eA`6f@1MaEYgY78g6lodLOnhq@8`!6G@8r)3#gLmEjls5&?pM)_#ubT!taP86
zF||jo8;trmcV36OebtDMVng53!{TgB@f9J%TtA$i(3h2!<W*{+zkm>!nfaFmDmDrD
z#$U-LB2mvtkSQJtA{c=fq@kq_HMML`3dl^87`-LcW|cNH9OM6sm>kMCAoS?GmEx<B
zzF*Odaug_urF5;~5Foh1qhdH_!i?m&m7`r3_*lO9uen<%Y<A|Wfw02jCgT;#!Qxa%
z<wK-_&t|YerK4==6Y#XX?2&s(?<vcL{?N2U!SIYkm4QgUc2t3_-EU66kUG@|jG1QH
zUp`#>zi2Gv`Y*k;X-#r9KP&a$j~T>f5*b!t3RYtmfeA9H+dHUa)WU8I83;t3ot@7K
zg&%PwL5g0K)=nOu;AsW(2_phHFyvYZgbIz>PkIF6G^?4pSCQ|*QQx~RtRfvC`HjM=
z@$0TT3=`hTxnMQ)t@~W?s#0XO+uf!U+%U&QuK$5s|AX`DfS+7SRIOGa+0b~H@~2FS
z%9F&{u_6}Q6gof3MWM~s1dSl_me=Y}A2qccI{Q8<IiRQY;nYqdoNXGcCx}Mb{EX8E
zO5}fzx!jqCAOvt3>(~t?fd<X>Xky7o8!DIJ^Y%qdV5lz&219^wz66f$%vocnsUu6A
zVBt^yowf)E?j(PQ@DjiChK9yg7A=~g1%HispC0{!pwyU-Q<d<!)UAHAG=5;dgO>MY
zx4VKMLBRBL|F3S`c`RGvf-F@kUb)aVTGc5w=!>77fW#ghPSXG?LN@9vw2LcQ?%cP)
zTdVVPo^7Hu9VtGLv#?x0Am=H=N<yv$ZZ;CuF&pQqP6x*zi|2lL*s+!hp>LD^kvN>G
zLdSa~l>6=U1@h)HJDH|Mg1$}Jk8gQm$X2PDWc}(TNyl3IU~7{+6oxG9zBOF$@oyZS
zyn4?vwYN7P)g$cteCL}}dIZivTfN{(^>*#cMq~9!x{VKu*Y{}$fZYEjld|avdSVr;
zRc$yv*+nDRX+Mw%9^uZ0PNPpNJi6>|-3r4z-zu&l&ee?s2!4}t-8zyctmATPr{z~*
z0O}@bKfes8Ij+R_#Ue4Bec#eKQ9~S+D_Y}%(dU1s^TFlaYoxloyhq_KMRl~9QnA$(
z{iFHd<BziRd=UQkt)10Aus--Zf3|i+gC~d2GtPvH_0uf<gwJYEg&X7<iv52cB}&4R
zMr~v@qMD)Fv1x{O4%+T3F1NCCqT~QUDGVRDfYi6D3Y#%IL&V{31f6X@il9>{?^RZB
z^a2kzjibc%OM}3+>j!KJLi!hxdLGV32TAQb?L1xl22&O}qRngWQi}~WMR^sg^H$X}
zRsr`$>3f@Qb$C>9(8~mQjfSokOg<c9r0w`aGujkks?QLItX}8Q|AJoUjH4C1L~}-S
zJ*#=yh3p`{QtdVItCqhnQasu?t_kMSd9gV${5tWCk?ojl;;1KqaGQ_fN1<~aV<#{F
z{6YIGa9>8`$%}BXr@u?^kvTwV%-?CvYjOLl^7CnB-?Q4co2hL%Rg#6r-Fe$mp9&j_
z-gRxDW0<<z$}R2uZ6JHnzb#)Zqp;lq!$$L0Gp&aOuX}Pm^hS^942H&McVBY)Nz3^K
z1W8Dx>0UBZS3BqWKHtE8*qSnU(^T1Dpo9cfahjW!oW14!l-$2Px<jsst|x|uG02_G
z1MWKni(TYa%Q^$bCr*zo*InTti??Q8DQ%_s88}yA<;_fOxMcS?nQ+s34~+XpYw%2)
z_YcavH!8@t2D(Xok4AlDFj6v28q1bf7QGUtYOC=IzYGI4B$xb4tyYD|-@Tk)9|r7V
zGNEh?n##&sa=(u4xmZ2lNM2ea7!i<{e+e26+T(FAuE?rLh?N>xSR+Uqax?uX-J?-+
zeX+sDCi7<{zI^|RYKUA%Nv2K=G41euw$dW4b=m(Q&xw<MqIIQ9W!|n>o^MpaJ1NGQ
z^~*#<$5zfPGJ5r5<=r-=&QvgbLSmM+#WQEEs%t)7Eqo_5vXWUw1AVmR%|OMw(LEq!
z4v3)q0}l^4cWv|`>@BXfh;N;~rR=DJuz_9yMMcVS@N^)XUgPKIR2=8%=_O1OF*oq4
z-Ugc?D}sCs6FKiWDR&hqoTpoA3)xvR_K{~Gt?`htY~M#$J6U-LR?N18Kfak!fK#%!
z=yV*tnLxardMy?%h}ux|F&r)14Sz3IubjbJziXh+f{M^o<g>9`SBzJB2N0F}6CDxo
z>`Jn%%q}Lp2q<IgRj0u^OmI_lzr2OfiW<8UH*1}*{E$X~Kl*et2|baec{>_?2KU%S
z4Nm_l5;2nV*N>4&Ybz93l;%5&GJ!M}NrgJt&hI^up&DoY({s9L(TUXtnRy=mCV>OT
z$K=3~6EWT+ZFQo7U#u=y1XE!f8Ky3+gPpS?qKKl3|ANx)`$iawH9}HIJ!0I=^w~3~
z8z0HSTp^(Fq1fC?@Tz#$^FK9Dw5kY^0x=mtB}My;O7Z)oY<HuPut@ur7IDZq%xE`M
zVi^8Zn>8GVZz|&&NQKYWb<ee1iM?m0EPef8MNsg+g5hEDfTXya69fYBxXqiV3J}=-
z!kZ~NL-pTCIqHjO?cV(DfTBe58Ige6hFUe9S?J&2fI-C)7COvb(hr}sRPpfXwTWDL
zSpWUP_AD9vBGh(OHuj&h(~C@O1x9ygU6YtrVH6dWt>ia{-J#6(99E~Ha#lYa_r?B<
zARmj$vB^k^hQPiQo{nrjZ2D|n{b=w>Y@?p?Smj0fw!)Mgiw7qAU7y3j(xA<RTgU0E
z_SeGl+NA?Y>e(pSeJ`zKtiEJsQQsWGM#d(@FzSaopGhOjk<8<UH7t)7xYL{FMFk-E
z2QJ#{zpcAl)AiwFv;)TC%TSjOwATXBK}As*sDTn4fWc9-PL7?pIfOmhnyXA|64_xB
zc+v15&3W~9{~aoH@WV(^ME*;!(TlN+Yx*OPWGb|N5c*C~cY-AJzj$SzmT#+`@It5g
zeVd#JxtkXfiTgQSNK!4?!;EfH_69O$oboSKu(Rw)Lz=s~NyK~^2r>SWv)n^;|AsQs
zBZ^YvK}S50;X?;8?AkXa^r5D$2SLV^ox3rYaBkP%rFZ246xt6p0nfwGXG);ToS(qW
zmapsM52WBCMjKs{A}yLFnk8D(CcOO|RY3Q`y^{Dw(^4i`2K9;ad^#My$2$_<2al)h
z>v<OJJyE|TA|^@3S($C~txOqsJ<NZF)23+nfxg?-hyO0bl$5NF`1bJ8idzIN?a<RB
zO#^!Z^LtZQ!u0Y7klzH=hw<zj;L0RLi;h+d+8SE~xh(n!FVC-L>v?6xV!#L1*Rh=y
zhMMg&{@6}@)9;~ZNfpo|(H#^=E<(X}-Z+WFU>!aCR{xFzJ0(jyp1oG2n=fpsjWY_X
z*ppUyF=5O~k{3=X82e@;HE{!T;F*^_K~hJ#yTPuSDq<{62Y7TPYi4LFK<K-E=ChGP
z)z3|`_2L$*B;?%sPhu8vjZO7^TKpdq)7X;3hgNQ21()h$#6fV*nuJfA^;GrC#(537
z1aA_>gDnSp1XpPOy5;m?+l}{-LVn)3z|zm?RomM!VWkyQxr&pP?baDW>Z@yloEJaK
z$ns>byX8glYaAbujg1~Lbam}TxsaNfF^<!C-4-dY#D1qyk6NZzx6C!>PVVySx-$Io
z+aI?_c}vn%uCghj-TUX|&tIR9mC0ZlvCChLey!7ec4+}-o86sG?gzL$OtLK3%XF}c
zI4tS1s;pnF?`Ts~-5l1dU!4n<OJ&z!izA=Uu(F*#L`4d-QN^mUoNap2G09D<_{UUO
zQR^|F)do2+O$P7peOJgDqhVsSC)aX3M4dg-8G551E3)xTcH`4yYHivu^VerXNw?%Y
z-<9fy7qsRSWb?i5SF{JH#QaFm4XLzfqgt)YcHYr*2<>Tq9n{_XPqwbH(|B%62A8x>
z_-JQm6GbTLs`i=W2}A{fqibS9ebz+!y4tz)eJqeiC*@{H@mE(YW@6_`-(tT41BS#$
zN0oRt0tT)v7u{QB_`GFG``LaNVEHeA0-IC?Krhl#%@=Y_)j1@dp5JYUxjrO)yf=U7
zqoIgh2rRzkI&Rg(waQxlg(*ux=qqL0cVfiM$eth}B<aR&k@V0NbJtth<+*1}$5lz!
z$KBI=?MuP0<xd`*9u#V#VoDOry<f$^mf2XpQ~{zp<{2wU&fQo{sAz4Xuj+ZT_dfCP
z7k@kaU_F&-d-VC#)%T`3Y;bgi39Z4NY|T>cRqjj{M>ZE`8Rz_-jTG^`Rtn?JqWe3(
z#ZAgBZEvvnB&_ZG_FHFWb<i8G<o-HVwLw`Ud5t(V5l?&O$&{Hn@U3H9DEI8hQb6uM
zhjV;MH-4i}bH3Vq+ReSYYa>@^O0^1@IWsC7q2TxkV2Hg|lGo;Tb9rapx?zK<D*&oX
z_Ox_BO!l%<UXv^Ke@dfLkE-hJ|BpK16+oBHLSXfAWh_u%@{BKF&NlFUUC2#e3}o?-
zA-k8%*Llz3BvH!buNJSX1)=p6^ehSYyhXzun3hiWn%~Ux6keBDT;SOCjD{JV))e+(
z@43Cx!t5Q31kWcAE_+JWnDl-yZ*DrPipe4sSvp05$qD2P#;&;KUgZH8_2U<6h6Gkp
zi}AkyvI$-#=W&S%S^P$dhDLp@EpgOYWs`E$0#UE-4~8s!CE1?0iANpl*RFNWh|TMH
zY|I|L(dHR#lxj1%?MW@?9qzv*mObB`>iFlBT`IR~$Mi+xtcmZpV91=UTf^jXwb8J3
zG8fKj*5p}EEPsEyxJ$N4|LmbzGU@uy#2M@8H&G>JEUwCS4AdL!6|RT9Z!;d=9PjI%
zVGI~w*!SP=S1hMXaKZIKOEn8e49)m0KFhue;o$AqgLTi%wX%nUU25OtEU@z5)-~Mt
zd65?sXxnkmsbN(i!)itB)$)C~vcZr;<JiRkB31J=Y#ht7*ngEERuTK<Ejdk5{_6MB
zTvE|+_>wbu@0z_jkWvhwTVB@aYmv~>*rd%OTr6Di%0G)ouU)CM-sw3Bc&n!<YvN4%
zi{34U&e`6!3U<`gR#ob8V?njcE4F3ngHHa|6vl3NEHLrVLxlE43$>-Ktb!B6l^{_4
zZ=`Tpl?vzOjq}chx+$)@@{=*!V{SHs&USC9&3tO=pGK0BN4@(yqz@l5djVYaG;zjU
z=2jZgx61NT-Uq^!)YOK4k+n|n^4d#HV=!~Sf8TrTyxwnd2G2k_G58sbn<O^1Tli}{
zvI{HEt&{%L9cN70EYfXz%blJi#CZ6<O8vJEq{>7^r;HbxjZ06jQH>iNR4`1@dY=xV
zN&Sd@R4AOOEME8_YaG;p>>h<moKOA}Z8<u9VcS?VMJos+MVH;Ay%^mbz5mzN0v{W-
znaS-GeMM*d@|WOK^06(7(%+o@Q!>4f<bAm^Ih^N5(b_LsZXWNt+zQC{{*lX?*XPhY
zU;RR!>!^u~tL}KPWqd1J;s6<uuvre>OP5(Qyw62X{F<X^Bx2)*32l4spEreV0i+2_
zuPG<ke#*u>A*sz}k>mSXH{7JZU7t>8P#H!#grmPF*b6wxt;mQhv-3Z8D1XBEec10C
zNk;@<sgq{@m@BoQ-Kv*+p-(oXaN2i~U0l^Gsmk#j_&$b!*T6EIk7Rxp8wpORcqLz@
z1Y;4iAG%X<;3MA1Txz4k9tRUIGs=n6;!4-W!3Eehwr0%iK)HZPnAVH3$0A|=LwS`6
zI1V{xv`zPr#TRAt*)%=r0^{0eLil2T)~#w!oBI(KLM5(QCa|9h`JW<aPcvJbWu&Ag
zr`ncJJBm<a3J2)+V<xt-OA=(3E0TcS7iAPACv6g(DRg*F`<_F1az#pxhRhHR&#E5m
zfR5uq7;g;77@$j0^`E^MC+C1JRQ4TjrwJ27-^$q4E6cdQRCVClo-{sEIm$^MDanU;
zY_GeN<rsoHjh2kE?hTC-I|s+f{5r(ixBXPnP#+oYoRCtbetKn0K}8vZ4|ExL&|<HS
zpfIiI*!nP@#Y}b?A@&d$$_W6P%wlGI+X%iTm!EzBzg%zc2<1<QIToVAwaH2+?|$Ju
zHVlS&Q=AzNyj!9Wd?Zvw@@i(>5u(ec#Gd|^+>z?~>}~iX&j%io8K|NuN+j)4LLOZI
z&b8JL*MtF>K3R-(eiI<#&uQUUX%*jXO(-=GsaidESVT&b@Doj|qrGmb8K`}Et8A5X
zAP2ZF7u++7+cJ;0d{1`9=q<EGS^7cMy#3|_UAD$J6n=B-4SMX2)PwrB<Uhg!F9HJ#
zb!=oOyKYQq5~*jbGrbj;r6`dcf@LCtoD$4}6gIE#@F$BFq}Tm9D)gr;;Tvf3{bVG}
zFW(`-&`qrOk`axrrbzWki8rQbO4$+W(0CYct)ASl=RC&sfj&oGqAAtyECkBhf%Wn}
z6aT^gF()QqBaN0@5IBVH>iS8Fsk<*G%aMIE7xYkp>qed?_s=~!{(L%gxCKodf@=6(
zy!mbTuP~~n=Rqa5vZZ3<oQGM2yGZC!zuuz!XK5N%)38hCtS4T-oJB&@y?oT4^8Ltq
zFM%z!8g0GW(Z`ofumjfIvlJUIQw_CJ2qfWg<Z={&j7z9CN)-2H&r~EESGM$mF~fl4
z5Hg-q4M+V~b(k~<NbQjf)Kz?yeTU)eVFU|v+D}dLfo!gvv^(NJyxc5APwRIP<sIp@
zfV353zc6iHWo5N39cRS^szCCsSkf%z7giQjA8G6vW2pdv^kwael4(yg^#-cnJQLKa
z>9DR3xj8AZYFjIp;a8XS{_nF>*|D8IZxh_k?mnPPLlskdw2!<q@lh>S1z^|I>?!M)
z!KNW>G>JgKWj^;-5!e^MJatx4et)U_Bl=-s()^2M5zTTtPM-~7(`@0}Rz?2hHslpM
zv6>cCO*x@0c~tP<9s5Yi!1|t3VqKzj{ewd90PKZHRS&LkKk%D@62eqR$DG4+HR(2R
zUJLpPc($1;wb|Ar(ql?}>*`L`38MtvZAMukIvg#Rxy3KG>zdszsIIoRrZb{LuXx^7
zp2t&8C9Uq;&bwq%QPRg-vtGO)5s^;AyezWV%(Bn17KbM#n8?e6XE>jtFh|9E`2Y=S
zfY8!&<2L2ff~Mow%s@fRVVNZDm`$hY4DvwrkgorI&}1fasZKA5&F(esA%&mZhSay0
zbxgMQ@1@N?Ag)i(LQ(>nth>d5smVZM%2P=1C*z`OUcLFQ>W4+^5gV&N`zC**E9*7f
z*1TCsJtSxEdO;lii)!sWqHy38)XDs7UdUCvDpF&bDVzAlYyj{omf^l2xX-jvkMyrX
zS9j@WNokXhZ#sV>4t>WHR`X(uShYs99AeXpnQ^;eD1Moctz*fKyl%q@brJ1Uk=rD<
zfxdSDLdo8a0KNJ||BP#uj18a4@Wwub&*kdDWAJMwroSqNS(VbmTwCn^f-mUK-o<>q
zT4tqe7^8CjuH{F=ZzIZF<@9*H;`9<O5HR56sBOu1gPrkhdE22}?o#*r*WdH;6f4}_
ziDT!B=&pZT*L1gN*`IaY|M#wJoF?%Z=FLAU!rcq*xYh9JleoD)0=`85`1h~J;5Dy*
zMJBXx2MB+;bYd;FricxKy!9}Wzer~bfC1^KrmsI|;Ca#yN=9g=kX)6Dzw}rC#AJ<c
z$iCjgU}lw?HoPlkt^ps}H;_z?_~rkU2KwK1lpNDjJc53tGhEAR{v-S>F4#GijP7^H
zz}dCam6va$-1=V$?(ge821}41<{(s08%6^`@`5INnr3KxQ<mm7&EccxzjC~)Nk~Ux
zYdu-6YK?wvm3@W*-OXO~NNhi%0c|PM=;yxLvcHYYRk*f#<K{x<i?pM+F8!L?wUpKV
z@&pnyu=v#0JMo=XGwCGB2^o3~rMa>?l4sSN&@m4@&og!Gx48j67Dz;&u7$h4`C<`W
zQw^`rGtC6T?{yd2*7H-C$hej3>fg10<~MUV#R*_G6#KCflT+UK3>p2M4lt=B$HxdB
z@Kcv~s5{uG2}UE+pb$&SVM0m1@+*W8He^x~%3zyEBFNF~a5GoJ==?^*Gj8~8&rMM+
z@e>i2ukRL2+Bh>frk*2jP|L?+uTLQztu~E~lP`-<Yx$kf-8Bw~z6VocnCmUWk5tJ5
z!}U^Q?K)(z9U<7bE~j9`KzFw77pk0ie{FO)rz0S>YJ0{k=5)40egmsdX*wI76xNk%
z<@-#oyx6wje(ZkIKNzQyIWZq;1H$^XJxTHYz@Dw5&GN^m{dCoP4czlA@)R6ud41TH
zmx4*QzUckFFDUv-Seh*EE=wA-;4RJ^GTmnf!oYkrUXk0>QKH{CNjeiaef(JH!Gmzd
z#Q+vTtPUb$M8_PIM!G}(?*rJ1TgD;w%>JdK;T;BvCgGvL@BamDpV{YTZ|=2pd;ri1
zGGvprE~5^V309R)eHE-TEWmSOm!b9~wbI{Lzh<HzYV~V>Zy^Ive7LKvkhSf9PY(j0
zm69#Kx;bJ=22Lj)jg199sZ@HXkH%0Am&icg<K?eN_C0=KEJ~0tm!XU!v1lRduRbS$
zmgf5{B(=}j7u1!9EmEdxJmuNHPK8BLex%`w?Fl^vgKCVZI;Z;#;s~UyTV{k}9!!F^
z3Tda#NbGb0OduXOGyeRw2vx5C9iTlOGj&BLv6R<H7jz#MqFTb7#B^sdSq36>Px<B3
z{%ffvGt*z9S-pqbUvwY#YEXvWS?=qiXL40@8AC5(<~C2*^OUx)9*iYu*uFT=hV}c9
zTl%G57ftC~m-S@*fo>d>Oa7C`0UKl`z#IPqQb4W0i~)#y#}eblOun#yj(0L+!8Ly*
z4>*mIa5VCIUDFthBa}vn1#g%G-;@(PzwHK<4VZ1r#k$lNvN!-kw72dDhmC)7$z<U!
z?gb!DfonyNSJzgbsR1zTh1;yO?>31CTDwii&uAGG7A)Fm5D^9_>960Me<t+z3NRoh
zGe~4#jfDZF7%)$S{;M%+p<oTEKo|`Ce$UDc&LoWCDnI$;r(X{a&u<$-#RBdbDmPtX
zgPPn2YnyjmsyjjP2$Nj9SY1qn@_M0lfkxO$xv{z?gNEzt^!sEzD%ItBtF0Li>c|R`
z;v*sKIG}rW`e6{FMvS&EbP08e!s)RDP^_y`0z@EFIlJWiGj0U9A|^#-0mC5};B>5_
zKjQl$fdg;ey#6LVC^>O<c8h$)fddEttG{Bv=35stgcoaJo{v*zGF*f^m#nRCY;Ukn
z+~oZ;WCJMb*P7-%!y*Pa0KX#mOuX2>MuVInAOL50JA#AY1X1GUCDk!7-h@kD(~=J{
zq=F$N>R?eAj>o}p=zDI@>hy-fH-V1VZ$AB&0BIHkV3TUe0X~1Vf^0`kl4JKAu>F>T
zxg-J54EnJe^8+?mr$5==72C1L8=}dURP<K!o}pW43qalj=k5XjxTWbQ2Gr3Z*dp?g
z;w1s-aaCYA>T^zvNsgHp2>NEWU=pW9JWfA~NK{5aFd7BJLC+~TrwlttrUHS|bvk|X
zZ7evGr7JV)g#qOTwUPnYc?<f50a$>`*RHH0Bd5VTEO+;LCzFh2$T-e%Wqz(^n5N@!
zV+fl&-*=dHUz#Msuo(&nO7kqE<3~22Pabe2PH-$IE)p=|dw$WC(7D4ilDUhb5gg!<
z9(pwN`i@f=gPuPc0}xFUM2;zZ<+oJIMF?(t0k!gJc0;gjz6I2ltQ1h|Z?|{YLGH<B
zQS6(-wu#*XF(Ah$fA8}A>;(1K^UA_qbGhnPm$}>154=XhSC)@WKLmiSK*SD^3_!2T
z8ZZhtEvy873>}}87acqEWQy-btp4Nx>HG(Sf!ixABgaMn$VyUXkBAFzW?h4qA7B67
z*SC3aepa?iyv2b%@q^3&@`gL5K~RUkt8UgMb^}%ebASk`|1|LbGe7)8=STmqKf9>h
z*OonZ$>B1%S5qROWM5rm0w@YdC=4>7|BfUB0ug|C%yEv=fXPU)K*@xVKOTn!f`eht
zACMa?%)Dz`y)i^(tQe58Ado@)y?^|7zW4!$lUJ`VKfb)p10J6_E|I|gObe9V-`SaM
zme}UgXW5rs>B@NSAInJc_XEdF+Hot*i$AQ`OYVw*K97xGSe|^Ou2zHN!8m3MsNz5l
zgoZ2tAdm<h&(5D%F&24<@nyvH69Yy*nZUk74A6UaU+l+(T;{ca=!^mepvHu+D>zsB
z{N{gfIa7sGr3kVyxzvIkUYfY0uGtFgXS-^#IQQ2GwmQG~_`gKfC+O#S)N0b1l15j^
z;<3j^=8yeeC;>20%x@9LfQSN!0VYR5!h+#2U@s88CH*rd%)T`a!GIy@|FG|SpdW>W
zAvy*V?h?387%^~6fteKXAQ6|*k#c%{OAl@sP~H-$T%{!Ten<AJAXT&rbB9&zC$sVV
z&wkgl`;bAS)gX1}9CwB6y?2B8P|pq|12nsCH_9RzSTcYMeF%rZ1=aL$L;gs(5>3MK
zFoeGN{*WSKa)O1#5o6&JPv)@*klE}KVvZw{3zEFR_l8il$)udG<c$*&6spzvH}?h=
zV6X0u#~(4vFALMv#K~vh9~1+}?%G+_VzZv4B+wN&d#{Xm$n4KRKbmB@RWy?SlLzP&
z%m5_-oD;p#{MnI%c&3f{F(d~F4e*H?60yE*<vBZ%@i-C_!No#^Q<&1jcUbcVZolZF
z_&}k>4_=pga3MTULE*u^?9+sQ=k2`Z9U^z-4tZ<=OZq<!-QK`43aevkkZh!OimY4l
z$mq?;7t@EJ@8(M5h(Dvs`<4d42#zMjq*Q@OojqBEq5N;m@;`<E5CrnkQP8u@1R?+i
z@HH8;CuP8dKOe`TI1PuN%~Lt2H?LpIL_YURo+xKf-XNBj|Fb!`xknyub;S&jPU9bp
z>FgYXw7%$M=?$c>pex#+1$@f(fdTYODSvFmVN9PiVnEL4e<J{_>E+Q6C&_Iiz~6%Y
zQwS8%9}K(!K`h6nmtb>Bomdc##bb<_{E=AQ5SXdor`Ox<3=nZd6K*OaKk<2K5aAFc
zKc+GRZ{Hyh_W}U}WMMWezz>pM-*wD3N_$1lhgopjRs~?^E%Mp;B^>t<r?f2N7%)v|
z5+F_h0uZs&D<XCFqg(W|h8KLsqak|$Z$K>QJJ^j>I0NB;a-Q)J3NxAzSc16pZEw(H
zyveG<h9c%coBj<tk_4fm|279WOZY<W6363bXSf6NByeok&Y}!TjH(9uc7f+Bn1%6!
z8U4!evC&I(9l=j57!blE77%~u6R;ce%O`n{Bq&g(U^HVvIOYfdJw$yH{{jA#fRtsL
z1(bl*fHg>Q5VIM>sE0e1cMZupk(h=2sLX(J*6Lh1aFZKS`!LIG(z1t>Z^nVL+9y9q
zA~FE3<)-<KALlEm!10B*j-N*apaEK%={zBlKm-yV6|mG_OF9gOeiVg7D&B9aLn2=g
z{UOs&Hh@gPAm|Ge?BqqyMT;3UBpOEYr^J8(`G~&Jij7oHjRFP85uD9LmEot?v;8y5
z6dt_1;ehOy+>_nJ`!B%&wWjQ|B&KI43z&CAenkM0(HT|P^ha;epC}8U=_CTF#&ZJD
zfUbaG#Xh(;l3U1l6pn9Tpb!HHG$w<_^pga@3&08x^LjR!p@PDxK9pk|#>9sKuo9hr
z){L#dkDK(8v<^MpKvf_oV`0EedpYj{78$tNhFf0PjLhSge51<CG>PchT(oNR<>*EH
za6}amf8u_moF8bXcM<@SfHcGBEHz*=xguC7`u%_ir$}eah8_lgeB%wqq!)01BUnHP
zK!9h3AtXKM^(dq?I%MJLadL);WFERnVKp(FLJAqyT@QCfMbIS`Sk;Pi{e!PDK(+yY
zg$4U^%OEvt^D~l2f6%uJ1hI;Cyyi(k=T|A!Kfba3>VgeqSD+brnwy9NyQTj4P#@f;
z2R0iI7T#EYivEYuc*y>5JQn)VQi^1N=faHGU8|ED1;z-ye&6X7E}7aWQ3Fa|(12x*
z(OT0N0f@?Otn_x2c%p*C0|@;7ZSwg>GqQbyD=-w5jt0G+EA%V!k)aub0TS^<V);@%
z^RkRB0MoB&V1<z-su)oEKzgKM3^&GhE@T}DCpT7r<pL~_D}V^}`kqT}z@cc$rih3h
zUyma#ZPRlK=;97kRHC`Pj_s8+Axt=IPH!Bc#0In2@ZexpFOqG{`?7?bfAdprT0!%g
zxSp_N0Dr2K^hc3mfS#F|&LeVQ0l(**2<vt`w;8}-jt_Y}EP?R2WI?EKPADdTVqx}!
zumI$K9H-kQOPD2zc%7u(o*ADwChCKTkOxKHgR%`pWsk1Y>06lsu9n=yhd0*&2LTcT
zd@B8W^eXyF@dbcHF{HFolFt@EL()fRzjYxEmh-TbBR-JS8K+8rUJOecK=^IU9)WLQ
zMGi1x3{YNv2?V^ZOZ1a3%ndzG6Cs;ez<hw|NeHAzQA!r8fR$hcg9T&`q_^8Eq;0xP
z7atrP+>p<=ODo6jDZ(Tmr7}2tR2`DpVZ@?PxiSB7td2c{_0RBbupP`*CR}NNM;1U7
zDP$=kZqftO$2b(f9w{lKD^L<Jf)D884ku36=~`A{QD~Xz0=Q5-PI2}qJ7p>VC(R30
zeF?aTFiCK4@if1FJ5hqkqMIODX@a`L&e5?NHhV(?kn+JRA1x;)nox<No7gWAu?PH<
zi?mbEay`A32?7T2eZjFX{UYlldAOkxeU1P^2ml-a+rR)iNWoAqw@CjxmTB;FB_wqk
zm(Sarb*Ja%z%!fGU%3s3gXAlW8s1Kw$&lgcsmhy5-H>mZb$H7NUc6QfoSc9_hL%-z
zEU`+ZM1Jf5Vg4Y73;|08$a6iPp+H!GY={JB$jblKi-KR4{u>ZT@1ev(xLl~eiDibl
zOyLp_VsSR?gP?%;kz}6PXa$(EiIgEo)3<w!&Pzt9y+emL7p$P%clUb2{hLz1iX*|@
zV=OZv31F0$@&}keVE}_by5cM+1YmF~ytwfJ{>+yS!}7$#uX2KZf#EJp58NjEPr~31
zfKYB4xv(JBjELQh&`+14`=~td@gwgx0v13u4F$z(lICyiDo_E!4FlB3sp{dK_Ebmr
z<R*q6R}2I?8XrN%_D=&l<nRH76MB_&Aa<|J1l$0r(g_Ihw>dzkA1VVFuolo^vH*|~
z?e)-RMl8q;XhFu$oz1XEmZKRLtLJe3f$#T51DP-&FpzK+o?_!~W5MZ-5O5?U4EUT|
zc#(reoo1H8D)6DwR^+FQ{PG#)fPXBEuz=QEi2%GXCVV8yAIA7kEDBNbfwLeZNrwBr
za)QDDvVs&@<Q)<MCYcznXX+&oS9EDWAY+SNF8#j3?Mi|rC`#YF{_^tjt)+d!g7OAA
zD($bVKziL{4q#w&8r|e>hzFHK0w1<~%mCJZQ)$1*DPE9WhEW7mMqz)XEZ;1#0joF!
z`QjJ{Fo1me0V@ETK*fNbZCRvMBmz2~)zsQal8O4m|7hHTK|XNkO8_|t*j`T)kRPL{
zI=#M1$H^6vX>VS?&4f}9WD(oU3?@iAqL7V=%`#z$&y^eatK$Ip>`56Q_YhK80Qdk>
zfie>?0IUhv4X}l0F3`t-O`l>+P&&X63J?ru8sHKG$PSVtG)z*zgt$%~KmZp2SgN(c
zC`GmctH>yd_B>9Y%BUfq;x&;2vv$RW_sP|pH~;u84#*a^*)l%5zDQXBxQQcHvadK$
znL&Rjyq>TpOpH_=zLDd$gdLt3pT*HWIwQhcC})KIP%Qody)pbJ>?=QzP<S}#u@4{t
zpa8%kBtTYB*EFSmZGzmPfPk2BNy^XW4+jdsDia=aatLiWS5k8(l45-4&6i)}0B@jB
z40uC6W*SQy&rKDJRe=}~^Xbn7pKQOf(4Zd{pi@}gUbjR+3I_AR4>;SyhaGZ!-C?#2
zg#}DMD}axL7`?fD@+G8AU90HmhOVb7^aKpxE=;YZa7oARxgMl#h-YC8L&{4pJ>d*$
zJSp2TCL^K@q`mpQ+iJk~YR9Z0bl@_*P85>3x?RVc2m`cq27YzXd_$2AONBR%18;I+
zgFZWV@^VmcCYT+*2z_3LKfx>t8uo{ZehQ~46mkl}Lb-uwW(lAV?F8Ej^jK1oank8=
z1$M;sR3t^BNy>GYF++kFMOfTFnlthd0M7L4^-b4V*;^u5@Xhsgh7x8XlT9dBbI%gq
zE24bL<cZxgOko1=%P7pEP^l1A5ej_40VsATq%(V$<L9%F;Jku?$^$41=(@d*Ba`<A
zG+q<(NeJ4vOA%QoBX7wa`NVEEG$H5CroeD0n#5)5MY3^GG@ed+$?wk+Cg-ZL77X|p
zeR^tdLvl5JtB(N^faouO>#}lKK+sR99ppPR6vU~3Te>f%z6|=+SNtww(Pxd}zob~0
zeE<*M7kQa(&=>?oadJaHSt6t@!R>)N7=(Tq#tf&NY#L97<EY?LG+$$81&hI398j~C
z)9Y!<9bDY9GHYfMK2-Eu{!SUblqA9AZ7H%agwv=c3LyG1FBl90A-%Nr!Hg*p3xV(g
z_HQ^$>G*qa>8|S#5-i9D!rv(On<y)Aivi>a0hxI=QMewUjzVu!1ep;Bn@B>0BjyM4
z5?p2BHJzU*OrZ8oyt(eD346dvIpL^!81SK@$Tv!#uk0R0D_Oyl0Z4>V2v=qUONAem
zM(!<fm~mnN>%dtcI)Be273hNgK0OYOzsOUG1hmo#wc9u6pKvRl#d$+_(CyP-`y<X^
z&?ygM_PpZ~iZSjSv4(KV-m9;Gqu1AII!z>_kPv>j%>!mY&fcCrkjpc$A}6EMhX7bI
z8iB)iq&r$Fg0RbiaR#^OzAXg<F^NPxW556gVBor<0#1)G02x7x<Sb(Yz|JtaeGx-C
zoeV4h=ewj0+>=To5KrW3#M>y;6^0UwaNzuvy%ev}s44y1iL@e=98fBd-x7e1TxQm>
z>;mU+2?Fdnd07$ihozAl%#Qm;30Nft?E6&O2oBIw7>GoGIbe4klaYp@m*=lZJQ~gD
zr;q>&2#ujP;(MQyIg{ZeL^h6ufYd?^5TUMcq!N=5f$7!fGa>l+2j#HBwKOqfuniz8
z1~5!-7y#<c&W+-e86-Ki1OQ>`8DmmqHi!;32$Tm5*vWCzD7*q6K8b$F-oHOoA%IKr
z-(?B#C>)f4nBo9kIRQ+fBvISB5ddJ(6adT>|2r%*10)6fjDzuTP#R+jm<5sp6im^o
zuhQoqzex!;OExW4%_tpd=TELwJ0}=`e1{3*>D^+w)f=4v0|2BkApyz?Lavb&VI}ub
zB!XBB2FeZMCop{~13&`MFOQ%2psHigHKaue`D^6(QyhM~okUT>3!74D#}E_TBlQ`$
zsz5*vk>NO!oJh`#+@TG71R##yZS<(W`N8YgXgm2iFc1izOw@>HD$aoE&xiq5XD0bX
zvQttn3Lrkv>53s>Bsf5om${Jn!7%fcr29;@uQ)OUPf!d+4#@4#F1J@mI7keD&0+Mf
z#ci^HZDv3lj1be9rQDLosd#u#9#ljsV?02K1)(B+2vxw%k`VSW!!o(z4*hFs*S?li
zVw!;gKhJ)iO|OM~)zn>KvA0T(r~F=lWjXS--K99l1}@_qg~w$<K4gCY>(-aA+1v{+
zdc&cLeH8lPi&e-W5Y$(d5hF8@aD@HGMX$$6A_qK>qzr<>jKeTe1J8jC9*!ci0OLr7
z<r0_-gK!Y}r4-00Uvdr7do1%;+^wIY59PX?Y-F|Qu@qEp+`XJTwBF`TNvNcY7nm`?
z_ev}zm99bH4SHl0ga`O`2&2GO-xL1y#rw+xK>vFX0g8nX3nLCO(stC=IU2w_#{`<-
zbGA%~9=fjG^I!_d;F0u`DM`s5lW>*5tly^?EbwK2b;MCKMpsA)rm33XnhFE1Stzc?
zOg)K0<(p{7Cp$zUsE}$hmVflPk&vhoDVQB`St#<^8lwI&7?eMB+4mFWq&{rX9c0!x
zDW*^W{;}lK)s7$q&;$<9G~ocjP|LQNZT%r5fboE|vhSnLS|%s}PsTyd_b60lv^<$!
zPt?>7PiLfR%00_4!2m~)NIx?e&=FCek<Y85EC2*ZfM<&#01zPA3nZ@V3A`V4In_Hr
ziwS%Le&qEP`7_PO2M<iO9c)tR+4PVE0W^(B#fi7u(OWP8X;N*L9knfVW;jR_!w@3Z
z24KRxRSAlK3=W$`AhnT7`(jZO#+l2ZH4+0%x2EL~A1uLy8Bp#=<Fi%_uq=QBFhHV#
zo}+Bp?UU!G4-WvzLkp1imRNvrQhWh`Bn7tER1!2Bk1lCI&WDo(zy?ID1j#H#r7${q
zBFrf95*k(39-)7N)v`AbyX?6ll_VG3Qz0pzDNl3`uBEERLw!Hb(42g0!ntCLtM75r
zkFNr&!bkwf3J0ZCWQN0hVQ}0Nmk15S^9McF3hx&61b+L4I(pYFdY)T2#7UEc4e1ra
zfm)g=_($T;wm)hsJAjXpA=ITJ!>_=y*c_qXlyI?ot6zzAuFoc^kJ!nVa;lV+%e@BW
zb@Lz9(O>D7l&jB<ZFf5a1ywdw*+}jwK{AK%3~4rWn?8A-GI#9pO0nRuzq|&3|NTzS
zq2QuJB1Ml#5R1HD+~#DwNB|QaMT+_|Nhcxzp(zSP5Rd|JU_hc~vvlTNq|Oj<lZO#L
zkQ@ez16)zd%EQM*uWHLBlQ2y=i$X}STN-HoKu<!Ude<^6Nd>`QcT`!h+jF@~7F-|}
zcy7O>IUR^uAg|Elyq8-#e{3Zt>&exy4ky@5iZl&FyngC1?d$`|6}07Rcm!?60N!6o
zFTjQ&>UIat0QW8Mdlb9Sw*gU5L8jLMFWv96B^r*nJPlLGHAR@iYe|R56d&ndGLbZC
zrKfPlj1Q1FL)8QGjxq#YH~~k(A`jJFmqejIvvzC>l|1zEDue-Dx8T1aJDy3F3CM?y
zpHMCWKyhHJ6}MtLR28a7sQ>~qQ{Z413;fuEb`g&Ij$tHOM}oCM&>_P}M3DXEVKxFP
z;tC?hf2t7^Mz433Nn7$YFSU%B0eH>Mi~&x^Hp+Yu$HuI*-Cp6$j0ADQ=VRtt-++xE
zlTW6o&(_)PDd0!HOVN~Vb<#W`=%*9<6|(8PTd0aB5m6p92k1lGW?vX925@|;pc(l?
z%d+t7E@BMadn(VZj^(g#!19`2PqOHeMMNDC9Sae!txE*__Yx^H%P3cjai2<mF!E;%
zU?1I8*+A3eLIotjvN$U2&<Cd=DL`Ih05yOI902Bl{et>S<jb)?K`3k>&!y;$w7*84
zudUJ_tppR<F&YtD(jWmosCWoa2vs=~UZBAGLY~zTr5_fkspKYoM^#YK0)o;lwza9<
z9=I)xgviqy{GadyJK+MJ<cXsS>60rj+q0Fr8m#`EjM1pF1#lHMk|VajLTHW)N6<&k
zhG_43CGO*Qmykoj!otBH9loCG1|Cw=Q2&l&jfm#sZ>jTVmc&uX08s+OD8v8@w!pF>
z2%RoDyWs#iHH@z)*9Z|nu)-1$PWbkG6akL0!}RLsv5fNct`z=Bda~7&grq_?#aC!O
z2VJ&AMulbOG51RdHvp6hB=fo!2Sy|ZpuWo_4^sDS-~%Nnn430dGz!oU<%jymZ0Ut^
zoIj7{%R7HV(eENC&SgpuM__Yy+G2{m?yxTonj6pA>W>71dfZ$(jk$afUjY+c{ro!S
zcHC)PW=44+fxbr!7!7Byoabh24vW!JZ0MTuM3NdRa0?1R#!gRZjO#%9ImV@k1vr5S
zC&VOn0w$VXuY*F6iFUhGgW==dYEc}AqWYR0$89<Mma+w?6vavhQaBEj(TD|x)gvoV
zTHZll;Q&nW$G9aY{mAD&D5)XE6Rx97i2*;q5*dhNl^SCV#FJi?VC3<Mp>w5Y*;ZE^
zKS2S5Ub3Dk6<`LSvxBjscm!gAfPFjw7@^oge8I63;bc2{BDp#TeMEjF#L9cvYK1M;
zpkXT=C?$Z5g@zs#7D3KY7rD)A8QlRVS-rC7ap(?$$&?tt0n-Q!NRU3AL~7kxI!R*E
z3Y7+fF;v-6@)MPD0AS}5vP7bS(3+4-&xl+_s*4eTC$NBFh!JE1x`G>=67i4`EFks3
z2@Dt|{sVfm$eLOmj(U@*)e88KBUXB8i(@TdZj=JRE)uzNlnix^UqFt!m1L<nMMROH
zj}@f@f52u4eai!x<$>Kp+x9pbgd>U^)cg)|#<5gXR3yj~-4zOGApmx#*R^m9EkgvL
zlhZ3;M2?)PX|NqYXNRniL7o^PSr30p7O%%b;q;L8aoO;}0n+1`$bQnR*V;rJdwcwg
z6eF4}1##4DhBtjWWjK(uwK(IVrBu=hL$%SeORj-|sj5{F3Qvgv6O>S3m<S1u!2ozc
zbaKTLHNGU(P;Sf@V1O<6lZsEy%jL!uvb2_EvdMwS#af%6UC)FEWC8>okrjXlz!EqN
z3LVb%_C5N40cAk-&q45GnI;xA=CMxhAHv>jHiKr|3Q+=t?~6nT&?elxJ)@A6ty5qC
z0cWy>^qsgBL^8ZcuhifeRV)H&M2Jm(Y!<qh>W<L|fmywA*%>zLWsbxYk|y-n3y}L7
z_y_=S{%|-Hsba5WqM>a~qB2+_;sEGpVAhp>5o}aK@YL%|EP;$k&*91!fi|HYBFx<n
zZ8~p~bS9R*lBR5K%1`5RHA9pdWhB6@Q_`pj0Yc`Ie!bDaj(6!}Fib=T$|8)o-)F#m
zhy#cK9d0-oql^(q(Ljwi;h$6qlO8t?RXm=P2GlIdbYKVBN)0B9Ux2jDli*>El3{iv
zS6sN3KvN`2$mk*2*LN8EAl$V&g<-_H4*y4<Uu%=SYqq1P8DUL(BrWM})fSY9&xhTU
zVl{V8F(4%Rkvjs8N*O$<Muv<z07V1-8w>{|@?#Z_BOs2a5vNWN9Qrb!G#l=cW|>49
zhAN(PZrN5|sMHvY9UL}7bUFw<OEhep%t<}?D9jF<cVdI(KnlC8{A?8q8{+`**{Rf8
zm~~lh!TvQv(~26UveSc8M3|_|SB};oG^Lm2Lhyhf1I5VFvXUZw%Kd~=%T04j&k+o%
zn%!s|g~51O)-A~chCFlTA#_B8!AP393y1)j|K1chf!siapnSheD!{FvqzNPic?!tZ
zZaaKJS}acrLy$ooQ?sxf`mNl)9Z6CQL4S?2CkD`Oa<h+~NmPLlfFxWBpsmu>rR`Yb
zra<XMFZd<oIBiWeEQYl(k+6{1sB5<?`5Y-q*@kUD62$(9H<pf2F`S@LWyC$4Wk17M
zHS#kDq+1|{1hCnHm+yAax?ox8-2l6>Tffbrsix}Zfb$5^84)3K#FZQLz7g*-R6TP#
zebW96wh#6+H@MkG=Vll!f^7%n=P)o;k)NK6bCLWjxnG&l%XRb(x73ky89_LaXJQsQ
zh052nTO4vj9?CUg;G<I~7>xsRjzsoAwYHXRA&InCpveR_fZQ0$RfS}N3J!wkaFRA0
zGsSG07$Z6;s3G@FJAxLvokGr^cma#Rr38!4uG2ACm&`QfqMMn?`H@&fko!d0H;MaY
zD}~v~EZc?y()l|SL6Nfv;+d96`+{-PyuuDiq|oKu7>2)xL4a~3&#G~w-FPydi9lFR
zHpbnUgJF09zyQZ)5y%m@<Mt^UmTX5YiBW)G>Fm(T#-{~jEdH>N_Bk+)-bpNS+cYJE
zLH}&7v`XobnTX<#w8X^9*lAK1gJy9%re)b^l%(%~LXsHYS5`mwJ8xC7Ap)l43E+|(
zpi%e$j9>U3nS^kpS`?5)l>ry-W>XDfYQ}#&t#~QY_Fb0!0-lTPHZ!2bz@^Dr%gOpE
zWf;PQr<v4Jx*YF95|QiXZ=e?#b;it04LLdkT1|o!m$|+))>KJQ_@OLJPM`^_6$vm1
zJcS-JAe&WgZ?!RGxw_#Ay#{C2z<{nI0*C0%9SsItG#Zcd;ah_etO#8ue>$xU2)$9{
zid!ZizW~dfanM4_7Y9w;U?+;TR*ckjTkf(#k}jk492(fRQ<Rkxhr54JV>E6z8bNW(
zeh_8e<Ug9U2;rLsyI7OXKw1@H^pa)(=#ysU?QMhy9nLKo1dd>2Op8?y=nNY?IZr<D
zebkdjvI8LKygezSSil4R%m8F<pu|$KGg9$^Ic}hV4n}&5C}stgP2~K|OqPjQTutGd
zP0*Vy9#p-|j>s#z3@wAZV#S@I6AfpKe%w?E0-E!4$wC;YndzAavq5UY?IK(uF*-LF
z;4pnlx_Ids3KMY}hu)kQ?xS2aR6WhAWXm5q!T|w9(j`$Dcrat+!g8|YaP_1C#Ct>?
z1}{znm$SG52!nxp(4QM*3zF18m`s|}&AFOj7u-<<`45m$;&#|h#w|A{lHh<7%7JAP
zYG=B1<q}%rjzo4F3~~%^Thvm_5a^-;R>6siPM)ZV1~3vx%P_c%Dp@O{9*I#*HTZtn
zxFC)D+~XhKXu)(kPT~pzHwWd~E>hMOqChgvn2{^WKp02vr>!tdI5Uvr7CShyj4Zar
z?z`YSuLzFnlx+qblV2G9vJMi;YG1~AHs(UE8dG%!O=!t1l&#M#QJW-6XBxoFMOr<V
zc7CFskzvA#E6y89?S#vwT)*^#vUMYj%LZrm1W{QzAPJDNRS#gu;YX*FYO8XD*ceb{
z=2{ruFr<^kIHrPNp_NJP2w<8e0QBc3eacK`fWbpIMQOwgX~`j3Go&{sOO>|pWLn7q
z{;bdX*XVCU0qT$rRvP3NIhBOn2DxF2QAU3$7|>%D%ou=1-m<M(O}tL90Bu}>7i4EH
zQ@tGtU5c(8Xf8EFOT@2(Z*)u*FOa)8p??_?Nb2@W90U}cRx?EqEYVj8OV&}nNFX+w
zIW+#lFgf6|xO2i_3j$?VCS_K?E!b1>JSQQvcAFyU5O+kwf)ij93lX_gsXV0wfwZj6
zrW(R<INNkEVkqozZpSHL3JaL;Ok<SI4Ps*7m3Uix_$J#0(@5DO7dPIhBSs+aWQurJ
z22)OykNGyBfzlh95`N(X0z5o6dbK*}Qd0nVR=(tX4OB`KOWkTV8*JyX@m4Ar($I@a
z72CmC6O$V32yZ(A$U&vY8Ga5b2#2wS%Q7xNP_(O3pi(piPzZ^lfM_BnWF--KsVZH5
z#hs3wqS4A!T!7Xq66u#y`5WoRX42Jz;J*;AyewB2@GI!il~>>t7&eqgWLHWIh~s9X
zUR!Z7{2NP?y<H9mlNIQ5Lst;U&Yv(GprQXZ9)uuNTsPsQmb9^V5#(eTSp-V}`Fg5m
zpk#n>zG^69Fa~SX5#6W1g$N>@D(zModqaAcLO=8Xo=b>L!HZmVrDsYpPzK^$L$@qd
za*`Pl2P)P@F18h2wj5+9QONhfalMiQoGXF=^jHRNdKv@KgmFh10X48r5}=ZL6v{eW
zxF?w|xDW=2i6m^l-<@&5BI8UV-GKosWjh!2OALS#W_X1r6osg<N<hF#6*32%w8XLs
zBk5#wp&f!4VKU0HFDE~_!4|pd4l*{DIYSs4=LM3GVqp3O7k5C4)v8MfG}o%6tvyHQ
ze!#7*+`!ADUY(m9QKc;A$aD5A39z`<!`aS3pHut{`7QQwuvi9#%z3HhT)txA$GsHT
z{PD(i$N=%nmpJYgisc+1WM8EDh97M3GA{Vhc|iK5x@Jq11rF0=8&;;13B*l3aW^pB
z9L|?vTV8YIx@ESQ+xO79!fl)45ymq(IKrZr5fUO?-RO6v@+;vb7n!8Z!G{F$ZL$#T
zvux*FwId7Wv&9xGjXEBjai<XP$9}L=dObCaB>31YVImI?3Z|2WRb}&02<wXFvx)o;
z2bz|YYf)wA215c#E#A2xJFp_Yp<P+Cf*Pn!O&~((fVA<6FJJ*cpK(-~b#cz}+tLrm
z7ip3!F@Kk0ezL)c@C-x3QDkZjdhNVjreKn++%g&dSuhhh#{|&#OsP6>ABl-$Ahu>U
znldPs8>(YhSik_Y;7KLv+XE0Z8SaH-gi_@N;uZxf!T}#!ab&&~k>Q}P`nr4Ewpg}Q
z28sj2P-(!37!a_gK@m_Q<NStdaAap9JpqHF=W?@5(aFn~s*clu8?d-kXIL@chA>A+
z0c&l}d_BS!AYlTo9gaEa>@8vk2SN;Mt(krh<5YwLw`##INUH)X2)lteMxHUjk|W{(
zBp^~M(4Dn(&YBkeq1+Hj4B~8foDE?}!4O$Y>1Q7d`l{wX<OWZ#M;~NX%9Gv^K4H^j
z>goBgSpauf!mA{TlB@{P2a(Ra9w=AJ&*%lwppI<>28UBRhX`draAPIdjo8Y&FdNKN
zEFgV1X9tAJQG{_@D1k2;AV#ok>gAr+p&#}G;Xv8Rt>$`p$1BM~WgvY<GSoDXR!E-M
z^Q7CMrzSoz@W@tBsFQ4Nf|PM9#7p$kTu%xz=^Z)o%$P~Fhzp8C8tPq!goBt+;;eft
zW6GJrOVF*9LuwN)SHe$dK-MY440ge)!5kc@`F=QKfJi`3tl&Ud0k(i@m}fTY8iu2A
zSYg~O{f}xofkH{*3=jG#f#6OD-~vIa95B!;CK#S&aT<qY7CYSho_3-}2G6E~-x>Ki
z&je;^tHl)$NeReDT~kq^P9`ELb*miNg*GspP!iA)-zq6Ww3oy%gkinezRdua50o1h
zGilwunQ~zc47tM|$gnbI;5<}rLo(~Ar=ZtYEle3W=yl2%DdBYx7j!*oQ*=nwdr{4g
z0YSKwVfuL(bx1BW$?wAlB%qEyXnIoSL~_LdY^q@?NW@2!gG*_C%O;9l=m@mP#27GJ
z^>WZ8ih@X%o~za|ced(<yqHXF-D>J5^0D9xgWh3S8KImoLXmvHdjW=nl3l@&+r4?@
zqw5Vi+~}(CdE9P=iKh91Z~La}M+kQCYH~kIoQ}%>pt6M9Q)QB4kaZj~m~4PSnhedT
z)WD4uPy-x!f;JcqIdJls>Srf~2t*AG89tY8lO!z};P7YzG+0z%Ht1Kng5gXB#$iwy
zt7HLB=y9tFeWx$Kine%eO6J``IkunJ?4C06z%J1j_?BxeF1W}Pbka0TQqRzQ?kz(7
zMr8msRp^4nM`Z)1KjuC_Oisok3_3@}d71dj7;lztk>jgO;I#_4XZgV_ZA-y~vp2o6
zX+XjO^zbkj`op(W0Mq?~jw>T+za4v=I4^gL2&V!T9}ih3QUixazR)Ak!O|I*uvZi~
zjy~t7*!j{iu>~SR=Rc9iHH1u;hHy>xB($XqKE1W7CP4{OD|>MSBBm(K8fG>lzYu7N
z^AAkb!;PS^lb0SLoh|#j!7yyjdTi6g65eFT%5g6Q2^IQ~Lmm84nI}Pyomv6wBfTbw
z978i`^G3{TWoaXEiBf;DRwWl4k?~J*GpC~nlC+tUd0;Px^fKqd*j#ZvAW@qFP;il6
zQ9zo~TIw+7s!5W`_t7H6v85pFK&rFwjX5T;O|gd3O(ZwIkhT9KVSp!XykFG<nR;T2
zP{AN1dd#`ch<k0Y83$9**e!|`U<?ZS*aFBipYTet=40nYvbZ#FYJlQd>c{j_l0^5D
zR+>1DAGh17j#fC_wTA#pv(Z2+OdFO#=HxV00#}VVhF)&-nUQbG`FFl@F-&AsZknlh
zpS07tz2;}oj|9k|iO-V(2DSP{08yxz00sziCSx^$$xE<CA^k24K*rXD;E>x%(Xeb$
zkZzgnYV4r8*VgV@X7houWRo!XSh||VOHN%&Tyw#%p${kukg#br!bVUFQ5tM<8>sY1
ziY#amyVRtConCRdzMG|=S8bGeh4Lde>Y#_ml=*frAWPM%J8qgIYd#qH3}pvB0XgCd
zeMt_fcanUT03WkGK1xYL6(XaxB4GU=$k-3bmCF@Dt4lGh8Q1J+nY;Wf&#Nxm?Y8UC
z?-Rvo+_KE2cB?w4E#dAob=UJ;&kcOSDmBh>hb@#xG(&{HjlwhUEaauex6hv&HA^8t
zQc}{2^ko1o5IhZUK^_H;Rn-Xv#rGvM>h<JZ`S`vX>X!HzQ*ZQE!E6_SKdk*4hspv>
zxVn<c4#d9TKr2ttt=ugPEpT<$iP|jzVP3UOp^xnauG^^9{J`-2m5|(?ZaU8LlCx+p
zIeyi1Tv8f}U7`>|fQAWHg(M|ai5;Tf<)v=2$8S~%lG8T}^Cl@M=?2r50cV}t?%TZT
z&E`TO`gHpW+IYR24sJm?YNLZ1ZO4a-FCH_Hl>ivKVqp+`4Ep<p+wVFKIp5swQZU|X
z)NO0Y=N`v8z3LS#rCq>sYSUU;SoCps7RzqkZMEiYb74U@=S>?otBYCzDMBMeGmNVK
zqjRp^jzaA7_k2SM0Bb-Bz=t)a;`A91BO#g>DcM2*EY6H`?i^4u=M)+eNnW4R8D%fs
z4Fmja$n)+24;(W2`Oqf@2x^oO?T{D6j{LsN0H|o7j{wz=(xPi6u^;>X@&kbHNMJa|
z73_K4s+x4{ZRb9PJ@*^>ow{z$J<!dTrdy6~8BPluy0N^Fjv4-+$3iqTPBg%Pn*2mL
zfJ`~SSp+D75%3luAsHJ$Xr0qSDW@6m3%2Ni4EYUut~;1D@k@dT$}aP5K!{L&ztT@r
zVOCi_<OP@#9C17Z<KOM%?aa=z!fdR#&2YKhSmyPUfoIsh>#cZITh~lFXWMAE?>3uv
z-*3O$Aa*p{bFG%S<ZGJQ4jVPUUaR3=J#Douiq7AT{hE&(I`9HHlsVE^V~UdO?NK(A
z95{hW+K+Y`;3%wmRRAJ0I_UF~1|A6rWLS5`1LX?Tcw3)EBI{Q?uN0AhSAoR5^oji^
z7o4F4j%9bV%rnsH6ZloTd1nRp-$G8_!$SV5>n@x1HfiRfefLhQzH+B#w3~D7#{13I
z-L_qIJ$>0DRJO7rh7SHPX>r4R&<aVVIjaW+XrmIXv;di-P99346$L31Sp;70nCcQs
zwPP;6AtwVE)Zrd4)GE8uvB`4_>;~Y<*s9-*H_8ZTMTR|iTRtx?8${*w5%aI>k~(w=
z(dChcJFQ27t>14}8xB^Hh7G@3b*i`@i)-I$wA;p<y|7?t`hq^+ZdV)i=H2=o-M4MO
z;nr68wmo#pxNn(s3Sm^B)o|o)_ry>7554omj4p)}v@Dp&59DgzLOPFtqi`2^1VEg0
zf>V@SKGuG6<DT>^b8bY&S<uo?I+*d{GXwn0_bN*M%W<TjhoNuogYT<3A;;+w-z_t2
zw!&0vm=EeJOD&66?>7RcZ7(h0o)k-lsWtDn^absHv)z2Z(QF$l)!KVak2qxFZpAL{
zX6~!~d0r5UAcRrF_tYJ&qNs_Vhj5O_ALNEn`T`r}lH5-f{XAdFDFozXkz6Z*P!HME
zf=3nlPS-_X=yFegubl1?mB0-EdAPTt@Zvyf$${G1f!?tJ_q@7}V`VYCQiEc@AXr(t
zv#|JX)A4Iqx*sg-^GkZ$cI>4kbXPZVzlz4)dhJf_y|#9*s+snJg&P_#+B|ls7!Zdg
zC*r8ice$3^_%wW;9N=I9%j|IIh=dKce7WJJnSrv9_(~3ckc`W@cHHA_Uux`ud)1wu
zkHMC1X$ZU<cq}l9K2&<;qziJVDq0wpnNmno(K9<Sq%cdGbkN#^dUd63+T;Km<kwu>
zuDZQoFA_AJ*IKwuZEfW{)#}Q3tMz)bP2q4;pPM6lXo;_r34x@#0wo|&)N10Mo?w7q
zS9^V1F>1oR(T$bBK;oT1AGeJls}i?3q}F)`t6<a6DV)M~q>SarKSu&%3^zdv$^pMV
zPd32GA>-!_DxR`}Lwq4>F!UrT-Wy;KX|HQ(cnTwk{UsB3sBbrMYj!f}eo)uxhq!0?
z;(}q$>)QR6wp^_)FXQdrO6|RRqgf|Ja2L0*!AY+)f)<*N>cqZwGYYiGH%)N@kby>1
z24|#4)lg}46iGWU{d`|^^lhcGgiI1<9bPqn=76s4$c%>iAn}_N|2&oDEwg`~%y~cp
z`kop9bJ1>xVgj~+^AeLT5AJq52z0EFoE-q@oT*!UWb|J59Nn0I&?Yg!je0fm>dkt!
zS|h@jmsZ|eUar@P3HQhwXgFzNT+oc8cIa_63!@UDZ;1-91T^`3gfQBiI!dHnpJ5><
zmneFU+H$iS;!rL*bJeZHlb>#{=(?ySbTO>d6I3uWhme9E<{l*x3eQyWq*r#pzcK(Y
z9$+ZPV;Qh{m{jG$<0`=!Qs@U_wF&X!mIO<4+I;J-4tPpNpw+&2zkRpfq|deLcNTwr
zVR_{}`d6<v?h*^g7A$)KA*itCcyjBmI3Rcc^T;<dYeb?0p)?G~k}JgwAG$4|{#v`$
zkm!*^U<%JVQcLBrUo^>d(CNa(`d(=h`i{dRe6Ct;Eb`9+(B(!+mj@hGBCS6}Z@~aV
z!eC%mGNI&j;xP1<ZOby2aXXrZ564DskQBe!#(l}ng(V&Bb$6S!Ci(xB#b3F1f4;g>
zt-e$J?#fE7R>!Yd%O26)aB*vT#sp!*mYaLj*{vX0P>WPz$rN#hkTej@I|QD|ZwN|A
zl?F(IGX*I&PxWBfA7O#hlh~l(K`4|yMFx=D7^tl_^kuIy=qJn?ZnX1M5{0o6i3^6b
z2xgn81?oxY`viFSru1H|x}sIx1p>ij0p`Gfg$3w`KG&|(dDk0v-uabZx;M92UtV5b
zTwMIl5*da1-S(Vex)e3~ON+KkCk`Ck@L8guPox6PX2hL&i4MG+&YEpaFo3=j`}MY<
zq;kbX&J9vbK2KNj=yQQ(HQdQ6wRJF|(_=A!Q*cQUWV+3*sJa+=3l|eeE;Pwy9?<WY
zT`MiJtVod8Z^v{}Rd?B`(dQL9x2iE`c@*YYMr$6$&;<fPhTeR)*0@u@^POLM|K5Y8
zTC2WXU0Gb5f3UDPzf5|dn<N3TwP4v*5FE#i+A?eaZfl5pI?0OH+2j-l1}RD<Dfch7
zgL;$-M$)B)3B{u>@-%i~qt6M=>bC0G5q8+Kp~#}>i8XL#w$<$?-AcEM^(HJHu1wEb
zMdpxwAkGvS;ZU?fWSoNzDXh24Tapk<m#q~YU8W{nVI3bA=8gLe+_Ln&+Tzmk(o&ri
zzuBrcYK^6ZUzuN8dAHs&Typix6d;k|$1OZVgJK9*-PJ1;762u+wL~(=5*ni*i6;6e
zXaNBj<wz$|LtSpGkmeleSHpyQw-X|IXMN~`FOo2KWwg^LsD#ySPKDRIbkQW?F_VY`
zX3-HK;8=y;Ni`Hf(Z3poHP5M$?ITcEb*<$ktFAf30Bd2M<6e@0c^$WIYm;CTA6Ayz
z$cj^l*lN~S>WlM>)mo!%2T`-7OGz7Dn4v{Dpz3+$P3<Hv#;!0`J2s&K^a^6+5V86;
zPPtdIGs_Qhk|>q7k^(J{9oYav0U~!f5f5DMW@Wd4k$&Fk0D>z-KRAH8s7yn3>D<u?
z4<wOtvtP~w3u#OWD#0%S+bUtdMe|o1OJowP_B~^P+#oYRzu!Xd4!yOSD;gSrhy`<6
ztNDI?;a8VyWC*=5c(8~Yx(fOYYc4&Uy02Y>WuU3dV7ca!GypAQgnu>00EEkU@n%OA
z4;}s}76FIfK~dS^K2FJ><ve^ZLeO<E-6bPV^tsYcU<8Rjyxpa1qR@%1K^y-~J37iW
z8YdoOV1KXfQt<20@f-HyT)k;Ds?|juH>swJpb%ldrnDM2wR<bN!JQKG;7haBSe{?5
zw{<IMXmciEX(l#mI4iR|`vtHIVZgqyv;o{DXz&77Ee^Q=Vu%gQ*aIpWOLxG<bzWJi
z>Z+Ff61~~Xg4j_b4!j_&sPLF8c>)H~oo>(MVRgdRU9<#KL~8ixoP_MPA}>G=thVUd
z%S6|bKKJW$hC}dh&d`_z^W+5xD(Z72`NRYICV59|aX}}H)NVbf&(BvI`hp!a>5n~+
zh^>chf7!8@nE~}$EeJg3KnuaLHe-OnyY~zYuYu>-%5g#|6{_|nYc}&D;6>UgI&2**
zWiD;8hRg&Ec-R%Oh+Xa#q`1!k3wstvAbA(FYDpLp>S}Tw)_3YCMnegVHpM>Luhw<P
zzTa-^I-T;oHcz;pRNw(2Uz0on=qJWo_?jXHUH|pD#g(RJ)m+P>aH<~Cfk*WP+~QDS
zp}JVXnD1;Oi$u7w)ZhY8z!^id9`i7rAr(VToEBv_fu$THCy)y6=Q2@MQVg=$5)=+Q
z3o;c}MJ7M{t`qY(C<dOHfgSEaF7kZEp3ivDgKtF92q_@+-6e}+|MtE1JIjV`;YRgy
zMDF4|Zs6T&-+j=gvj@#4g+LaJ#e%6>`n=J&KfhdSo22oMvFz1|n_)X3H()QRo14Ne
z5EzPEq1rmG1OUCYX(LYCJb+=OZLTF5ovd5|W-1L3y+_TYK(H(s1XWpO0dcsq-{#>U
zg3?w+Kmfd2!Sk>rKbG_)VrJWHWoZz^Dbe46!6F8D4)72vBJK9OOaGE)naxJ4t<&in
zb94HGd$54oeO;YCt|dBRl6i_3^_2(nD|a=+CHP>0<REOiy2+8E?eQIs!$zaL*G1_C
zxS`UJz94kS65?(pT6VjF%vEFfK`YD)shSiWMo~uDhiGz-E7nj5X6i~0N(IQs?W&Gx
zG{be%9IZJHH)Uq+Jo6eZPr1do@0i~J8mJ;BnA4kgmL9Y%<9@qER*z!dHVOaTyLB=G
zM89Dw`W-_C>6VsEO<!IlPtY=#Y%-z_Gr)(X;JZ9C9)<=q1qsbcWI5-DP)-LVPxW>a
zi{SOy_(<6|Q4}GOY4OA+cM)()j*i}T-bTU^1H2;aTY--3j#-gSADDbq%j;wU#4fA^
z5m=m9b#o3`s&-R@iw?OnZFv!(Z>hF?r)@51EkrtVb8`>c_iOc)Mw4%65A$#H4NM&y
zoo+~(T86&7L>$m8$5=Go>I!*+mbXMAP+fKf3waVEyv+bZX0LQ5{tyvvqL<Q$DxxW;
zz}CRzetnHsR%7(iknMcDl80VK2ScJ3y4B1|(w8M)j#?7JmQXg|qU$ej0Rp1DiQCVI
zkrnx&!Ev!^>dp6-3EGiQe$Z@c4<0;d*O!*>)bHOVquAET_30+l?JOgFu$M7TYqTjQ
zXtqt)HcWv6VO<BO1Pj&cB@lX>0kC^Ich&1@9LWu!Gs&1J7R*`*NCMEyitYg}zH7Kc
zh@o2lxewD)o|7Il$p{CiWna8K01dfJz1Y;k$fc*>NVy{kcY$e=yK)f#81q_liI5Fx
zKJtKVt=W2iX>nzxQ6~}5H1da}-InR_O`IVL^fcDO+`VS4)h3FW0l@!25f=FY-0D>B
zZ~Zm{M2B^(6*3JXs@aeN0x3aKN`c}4MwPfplZ01qr!mieyBb?e9{d*6m|Hy2juzd#
zf?izS_Eqo<Xk3tQ=m>tm>eGbF6lmqp63*5%g1Sv6z#<u#f6yerOIGjx{Z_R}pIh%e
zc(7c%QwJ7o-*4TUmoyMsIT1S4kY7YjiHrn2z#@2qd)jL{-|M=%LJaUEDRPSehV;?N
za9P$SfY6v#Q0TI5guql8)La;VE;7tLqBBM3R+B<XtN6La<pp~53Q%ytt-^v1fg`ys
z7!Rhpcn$9M02GRw!~jg&TkvvZjq2~!nvG`t&bv!={&(t2_ZL^*t5P)3Zr*D)ISb@e
zt1fP8>2NIRIMAIIZto4Um!SlKE_|w~c<3t<V4@W*AxFgBAT5$aW`GN%eA9`QF$biN
zfLw6LND>ORBN<anQ{2x0l@^DCd-Sj|w#s1yDL#r71mG2tHm@&33r0|OI%aa)0q8&j
zcjqHzrUNty3N+qZdH3DM-KF~ve)YZig@s@F<)v!#-TM2D=G{h<q=2jdQ|@_f{<uOA
zicEp75oZ>N3l>*|R&;R#-^hSWdW^`T8Mzr^pfiCDP`3pj|B%l5iaH7tpma#?yA>dB
z%XjY)*uW!i-0O;_Rs31e0TL8!h)gn>0FEa`Rk$*j`}}C=Pfrq^7*MB!a@{2|YS4lA
zSC-#-XJw`O%lGd8>ipco!XjC?cD-@;{r3qC5S?b56Fwg9=_-*FE*rXGwa8UgeLrl5
zrrht{`w9bMHgqKWJXcQAt|LaEc%Z57hQ^g~8AM7|e-*YZ&@0yHH>0Lst0B>j;Wst$
z$vI@ymGXp_lXNNxr%PhI^RA@G76|}K>L4MWb0wDdzmk>%3D#iFC>UNqkoVr=JHI;r
zD}U|Y`}ZEqFD|WA2?c14#!91s8+s!Y;G5Wc>PFta-*%9SvjLM#-E^1Ts!uc<7KMj=
z+uzwe?_|0b#3Mo6ZnHf?X&Gr_WX8*7L#(7+M8JHSfsSP(YjLDqr>CXBf`>14)n7u+
zG!_1GS*6lv(dVq0q>sb}N@Qh-1Cr6-s2#-(h5;TDL-yi)`(EQtb@AT&@4xpi{EK()
z%`Yy0r+x>D-`2=Ew8#q*`Xd#fP-n&SS0voSJ-t0L2@ASq*UA4auh2Iejw!ieKe){R
zj4vV$#<TWVKi3M&dde(iBvXaBA5QK|6L+Se6O}@jB=l-kV6BiFw_q7FuCL@sHzZP1
ztn}shIiFte_K&X2KS5m3xrt#~?&oWVtq7q?;MYjzoh4mwHmdLb`Y(U?-FLtH-g|fc
zBXf(@`*iN))HEGmphp2U3(EAuS|l92#QMFWQXan7;CRY1<}GuH;z|d1dUe5oTQ&et
zQ2MGcZ;f>-BnfdClqpjR3nSS(s0I<s>7$H*a*|;twH3#W6^v3ubq=C=%%PKFk{!Ez
z+8GREr$Y48*%!R`3H$P}`@E}wK*vjAEOnA54JB<X|0f+F9N@Xcfcx(+&;RN#-}&x$
z-+AwS(tx?er3Mrq*}(_x7O}usFs%jyec=Am$P))4noFiJPnH1Y4?%$YHUpSSodf_g
z0g>9P)2f3UhRJ+eOnlobXX~ZS*g%XLr>#^27egc(11*$tb0#xd8cK5s!U<LZSrez;
zSP5iMt}EFE`U^|;KWo^2)MO~^K>!x@yYKwkzx>|6_|AXm*WP*WJ+c7HD=QQS5el~0
z*^@5J8OW4cwknKzH#fAVpt?HG0i&_tP+SPoksH6Q1K2l1QDKYk`VAb?Y<OIik2T&u
z63gPrL?UJ$-~hJcifb#@u%HMdWuysls_>){({F@IhGb7yrK}^WO#ld$<>EH|W~Lfa
z(VowCB?<|!dXBSX&9@eQ`Cs@C{?dQom%sDfJNNDq1IYfjISRBblgwrFzBbohSTL86
z^mX~}w(Rs8pfLytA=}F&0t<_x{B@r=;BZP{#(*$rH5;)E-6wIQ<}Ld{1NAe^cFPT#
zVgX3xEfP%L>v{q%w)7UXwGq^OdeP;`DtS|a71&;qCJvfgDMYSt2EdVJC@cdVP9>`>
z69J0UK$Ek^NRZA1;ZTjh&62s$y7Sk*`zycl>+jyX|NetTlmj)2yvVv6_TqxxZXhVq
zO`VmScN^3o1R?+&QBeqNScDBNvIO+1t7IxmGZ?q*Rtx3wMuWs4#pVg3zv|c!qDc1d
z@D2(!gPs8vgAFMGK;#xZPTvtz!;q*&(14a?t|plRY!q&&^g0ZI1Pqfgu%*DlF*Sey
zk1=ybL>jX_$d$)HsNI;q_s)0Udw+4B96-HUZ)nJmQ{+oXS#LJ)qFul=oig8tTRi(K
zfrONGVh7;?GLViz;WAL5hm=4W4G@M4)J@Nc0a$4g1&AnABLNf~FG<>NrC6%-y1p!>
z^9cjHPKKuDJ1!QN$a+$B=QIv2eCa@;w~FkElsu^<is<~YCkAUJEll@GC6-_bi$EMU
zNEGR%FB%V;@66r5cYl7dN^xzY)ocObBL_e)bnZTZ;nsbk&G8&Q{{Z!0Kd1#vAGs2L
z1yK_DNLCWxZ#c*e*TI2+Y%NJp;5Wj!Nfs+5*Bbd`cuX>s23rZaL!>NbEkPk~n$eP=
z3PmO8vEti4xq>i}l_dOg*-lmtY<A!UgarlCrQI3*c46pJk<8_`aNOF+z4`R|YSm>h
z;O=`%zx=E7i!1Ne>-A<!({#>%ApE!P>nNmC+;6!m)dlUZL)F8ujUd=3;77{gR!OkQ
z75MHFkbs6FDXI$eBsC<BF%H4EAPFINrY)Jn2DXot8#vosM42sQXw$PTg&tunpHwS~
z{g9hUWSL(IjKKGkQaVs^X59o%%vBVkAu5m$A(+4!wK&eC<2hyL6M?%d0rwlVrRDj>
zMFjX1`f8@hu+Je-x4d9-Qdl5<t+f6P$Ur1n72NLGbzvFJW#q?vxXYE56^gdWKKO2J
z1u0W3p7Ig<wwobK*9snvvqpB4#5)wopl(>hE1TMJ;F_LqTJDnR1hLvZ#fyB<TEJ@x
zr9HjFZqRWgNlfQ2tALO(!U7m%7;-v!o_5pN;I^>?Gip#sv$SN+wVL(XcM1O1n@t_s
z4m9U^%OucM)1D*aA@rB-y|jKrRnVjlE^9?dgfA>vj^i!aOUtYaWDsf;H%a}x#kYwk
z=|fAJWw66&)EkWu8>w1YNyi)L*dw4NpPY3Rgd|tw^lZZ=>>MTBZh{VFxwU1Qs=G*{
z_oSkRW+hGD5gX7g2Xxd-Yo_iA2a$^iS^6#og7ZiQH15<EaQ>#Lp&Qh$`h=1JlaMkp
z(EjFmV*8O%h5E3SCp^Jl(@Sl^9hkOVt=ZB=L!^83`m5477l$qw02B~-o@GknjP!`C
z1aTnb{cPNH!Y>a^M-;QSJY!xXFKkKuF=ZUxhC2zH0dHLpJ3v;jqIL(s6?VV@{DT8P
zM#NAX4`2l3ra&^NM&8BZJXouBw_dBa+xHD}W-g%v)^~JV*Z>0@-=O&eW(x^5@*okP
zYlI{-F(UBe0B7!0ZBH2BB7I<kiviZIkqS%ClorvmI<~t4OIfRvogi3DK&go|G9#O|
zY^7|4p&K}J+Fg=MSD1(_I&Ngt(&EUE6#cn4L`Xo)YeYb~XaFbH9Uf5<cVX~gA3L15
z1u*D)Wa!N~vT`jt0pzrn7|D7#pc=j)qehR$Ezp7TY<vYO<AqkKCgdrMaj)g2C5z$#
z&YM*^e3r&R<TGOK8cb6X6*83c&%-k`LZnh!;9|WVqH%)2fgce^;wEZ0_WjmMgET<;
zuiJ!$A{3n)46@4d8m<c02q_3aTMg{L+J%CBE*)u3<2lEY0SQu)Krv+NxFG^Dk8T?1
zbMgX)JM7GT20C2rKnpoKi?Ka2Y)TglFVRA_hWs3w&b=i*tdP?MIR6?7r8O^*djZ3L
z5q*JMbr#62`Vv_~r5b$S^vI{5HX<&qHpAMAyJEMi)w_mApcpIrL2`mf3hETAg?x$u
zQYk_zti!1Q&Y9Ac^U4xTD)X)rT^T~)L3-Z0>$Q>Q=GFkx;002Ez#~}?YAe7hbuw<t
zo?zTSEFYuWAfC0r5VVWa1mRt?88%6M&`KR~_W@#u6{6DhBrTvvB!NkjVudO>S+}~v
zLJ+_Xgswb1j7!}i+ZcHC;s~c}?^K)UMTkkt)PhC|3whfHVP-8e)a-Air&@_%03%p|
zkQ3`6Pr_p=$3R6QPcjt|VZBtuE(|XQ7eao=ULrypp1*7}-lvORB3`9`>%PV|34W7>
zQnm>K&!b6%&W*qWA{{>_fLLP|*tH-Q2gl`UBaKO>(3pWrBI!tto(@t{hnEcqH`Z+W
z9%*M-_XvsBmzEnO0kN!ZYYUQV@|pp)l1=hx73rv?2ml%oMUn|X9g$eTj?l<eaRzI_
zaX$p&Km#1`(EZEn4e){;58$R=X0@83=j&nV0EK?;0&U4H&Ut`}Lu~TpO|#+hV2R^4
zV)WyCepGX3_d?I)wp0X#h`+>uMVqYzDfo)k;BK|5OD54L$yljZow{!?wCBFFu-G)+
zfS*%k4lv{zK>$=D8A8Ae;C<Sh2_gxIEKDuS06UpMqmxO4u8BYc?g%4Lk%TtnuROk7
zq&uK~A<uol;zKt{RXE25hh@ti;h4jDH8aOs-V?sZBAE|2h{$ZzSn88TLV~OFZ^))G
z62hcWCEC5(qJ{SC6@t|sTJ=5Bcmzp-PtG$~u>lwEw-<i-{*sBA>L5~rq+z3BxtdRm
zAjQNLX&{33a~#x(EOnb5nOZW<jKV>g&yZKmPy-^)V`XxQuO~rl2GZWZ;SA|$V;0}D
zJ%*>YquJbGre-Va^oTwf5W)m-lVtfDncM&rt%5OZq{l%M3hLwqYOtBhfKMxK-SF#9
zmHaRvOKYzA;8*|U_ZKw}`7oJ7Ni=D>;qy<`XuFqal`;>AfAE7=uBz<36pLH*u_OU$
z2U8PU0trA=4+rOg^W5hetUzhY`&jeZRAv-2fY3^rhe+aElas<$G=C#`LvA2&-LMtk
zreF3>WZa{~NfjUIG_nLM;01kNASdi1pmyD*1sC~N{r&p=2k+lmL<Xs$kU%2E6fHH?
fwom9bJ?Q@z<^N$+IFBfI00000NkvXXu0mjf<rK+i

literal 0
HcmV?d00001

diff --git a/geonode/thumbs/tests/expected_results/tiles/wmts_9_5_4.png b/geonode/thumbs/tests/expected_results/tiles/wmts_9_5_4.png
new file mode 100644
index 0000000000000000000000000000000000000000..5ce6c42cc4239f8028ec439e92f8883a0f9a5c76
GIT binary patch
literal 31143
zcmV)QK(xP!P)<h;3K|Lk000e1NJLTq00961009690{{R3YphsQ0006gP)t-sdU|?-
zf`WvEgo%lXii(Phi;IkmjE#+rj*gCykdTp)k&=><larH_l$4c~m6n#4mzS5An3$QF
znVOoKo12@QoSdDVot~bapP!$gprE0lp`xOqqobpwq@<;#rKYB)r>Cc=sHmx_sj8}~
ztE;Q5tgNlAt*)-FudlDLu&}YQv9hwVv$M0bw6wLgwYIjlx3{;rxVX8wxw^W#ySux*
zyu7`=y}rJ_zrVl0z`()5!NS7A!^6YG#KgtL#m2_Q$H&LW$jHgb$;!&g%gf8m%*@Tr
z&Cbrw&(F`$(9qG*(bCe=)6>(`)YR40)z;S5*VotB*x1?G+1cIR+4cR}+S=OQ-`e8j
z+V%b0+uPgU;M?Qn+vMik<mcPx>f81G+xGq3+}zyY;oRir+~?}t_Wj-6-QD5h-R0-q
z_Wj=8-rnNl-uC_9-{0Tk<lpxF;Nalk<mKS@{owcg;o;%o_x<AH;^OJ+;`jaI<KyG^
z{p952<m~R`_x<JN<>l$><?Zn0_x<Jg{pRN8=IZO_?eFIJ{paWB=kN08@$~2P_~-Tc
z=lK2S`TgkV=;-Y2=<xIC@$~5R`RMlf==b~R`TgnX>FMq6>GAXF@$~8P^y%{T>Gb#M
z_W9}g{p#xK>hACA@$>5P^y>2U>htyL_4w-f{p;)N>+kUE^7QNS_3QKX>-6^P_4w=d
z`RwfM?C|mI^Y!fX_U-NM?eX&M^!D!V?(gsKfzVW`004J7Nkl<Zc$}5J34<J2avoL|
zEy|Y6rFks5$L!pLnZY?Y8$jPzb=^m5)7(ed9;8U*4swx3c~B@Lr`#n2Nh2)^NZNp%
zYgwX`+#NYb8hLVrf}4NO5nsg1s>WQa1kmWNt|KE}9A6wSUM<fHugHpmzIsJbmSr%X
z2f>`b^Xbu|#N(dHO<rVP&R0?7{2P9pzXbT9$n%V!M3+fjH_LK<1%A%*)a3LC{l!1}
z>cnZ9CP~Uywz%9ZO`SC5CwV4wU3v~bOdpwh89t-P<zw;H3j*9+QC%kY@D(?h7bTHV
z`1pLivOJ-?^z*{a3VO?|sO9q3h3D~0OTQ%gOJYIp3j>roUnmEO@)3E&uSzW=3J{Nf
zS(f6iP0Bx;oWIXwVv6f3okSRu?t*^$%fHJqdSOQ7o78fHe#HCGKl<NfSSYYMuRc|8
z(DSM#!Cm6pfL5_AmM>mGH}f)KYesKdBbMb0Hqr~`bBF*Wpq$c6ST+LT9xo|Bz|8RM
zTIBklaGgIOOI?qN&QrR3BT|rpEeXDY@YvzSrWGHh3jxTOF%CcA=B~kQf^7+Yn+v@j
zGdsnadAS#PdLNmkGRt%2i$_G1Dlz&}kyLuuoGHnP0rKQjWC{!*@`>QmvQG#mDI!{w
z&KyK9L@(1fm-m;8J|zJcSR{l3H?=D(qMquSXDP&9ei6@-G_F{ZCRTBvRn<z`zlHBr
zx~RYLWPM~oeUO3sGqRTS0^hI<iSpJ+y|e0l3((I>;4|-vkY13N9t)uBiV|SKAq~Wh
zsFJMe#(1?^a!rP%=PxX2nVV!R=WgN(H8F`gae*1Ys-H1)Sm~W4NrshSpih-=5|Ka%
zo~501*Lamt;0GeR$a$t5VKPb<8Cql9jXo8xGQ_JI#LCyZ_mu(jLO91y;tym=<d3J1
zw6v<^1PcYEkKq6FR2EzopZ|bzSzmXgLf}FKR1j$WM=qNJC_y|-(oBC~&I<=%Uied0
z_E`E0H3gMn#Ep<>=MzXmRzd|zm~B>0GD|GR^0XXEP^;FS<hWE5FbDZQG=PnNiqAJ>
z)G9qwY0Itb1%=g&9QUmD5c)5q!=|zE!;g+*9YC7I@z8Nt`}sL!ABT_(y>cu4e82pD
z)@Lnl!mGYjR$y_UAEocHCm=#H2&Z0#tUB)0<h4>R_7_EE0gB23crg4a-#}71OZ$N;
zhoIfM43DUGb6GGLL6|_7|1lv>k~(bU!~#MT#2dmddSHN?uxw-tL!dTAbjk{GRH=S$
z@5Y*ej2D6xn;n^V?033EMpiDLxHYW!9P&;slLa6s=Cb}`Kb2`kZf#Ju5W&o_gjD9I
zu>2P`TN}vyGZT>lM_qra|2u9>3`p4F6KC+-VUjEafJMZu%z*(@`Ey9(jGu|F^8?Y6
z7_eD`ViXG>C~U~&26;V*oh%hat(=d*0a<hSz)A&jHFwY!!(y;7wJ9ka3x~_>T$T$z
zSJYuLfdTwC&Ed{m@%yy$SbzRMA%fW&CU6D(+eCE36(6`H1q>-*28r#EO)QC5txL7m
zUI7<J7N5Rkh57~3eztmyW(20Nc`9lw@nZFfWFdd<6E}*vueJgtz`a4TV1oHOvGcS-
zkb%sq1wS<v)CC3^!wiS(rPWQ-F%~`*O(18$W<O=)z`s`{VDX{J)MkPsa^F5&aaIJm
z6=cs^g33O6V%HS~@!cCNh@TiA!~l2E+va&qkS~-VfCUIb6#%fa!go16KVLv#I2(FP
zU_RhMHOch$0e_jeDcl;%F26E|{#X7@4S=dbr5CISsr-(KW~nn)5L|U83dQN(vdR)!
zM-b@)7S_oUCaQ@LA%9G-TNu_F+&)WwE)1|v0Gw8XL6?t@&qefdjt#`R8+g2Q$r<Mb
zVus8DK9OLS1(xxIWStN}>;eQNu4+B#2Tl@voG1v)$V}zd73LXGQSN7jwQ^r`Eh(e;
zaRUeeiUo^91`=i{eWOMYS0FxcPMW|d2*jufV6`Fn%-Nbx=nbIgxEn7MTen2NXC<B)
zr1)R(pcnv!yczBRTJKoVU^XXKN<`;fqc4^ZbY(S<6VIX$RMeL$7UG!j^ek6AX3Yt|
znahT-7Um&TU{2JN;s;DVA_1$?@BoFr(#<5~W7!qDc$HvJ)B>ryH5DXgSQNYb>8^x9
zf(cwkfHBigNFa$t>LE6cqaVh%%sQ2c24x&vu}T1C6^Q1J@xeQWi4n*a)+rSl3$o_B
z7GJP%kPV=iQjI?|!KZk*4De#mLrxv4u)z2xA@Y)HjevTW>`?~0Axe;wPp3a%l21%?
zT!&z?E56MY8Bv$0p<?bXU@#*$H)UJn5|B15H#s<&RcOHXmKorwbt+j$DX_s$u+&E4
z*j(+22gAhQo7#M)3Xl`|<(zmCk`wSN7?fqX%5*NER+c~%Gyz73gjE`udzRxyjF*A&
zaMdOtCd}d66GVmr3U$qiz+)JIe-iGC&5_7BgC|^az6-lo;V}azkh8^tbh6PbBsi};
zE8j#-*B(}|3}6NTf-|-tp15>ad^U(oil~y@2bRc1z^)iUJ_g)k<ZKli9Czc&3#6_>
z;w%CEu{>*`H~LKuhN<0WESQN$5i@Loc?E|xsiU^Ymt@YuLU|Go<m%L*mbDTVKpdg(
zlL8dMNRvTcCLlusVE7%<L&iSzPwtRBjJlIFlK?9dT{Gf&MQPZKs|~aSvh8yb2l97g
z%P52RU)~^t`A?Zy^xova70`Od8rmurQB4q7PAiuI1F{4ZRep$5HewB7LoHsd1(gKA
z^syii>omY;-lgmb7~goQyo%S{Mro<Z1Sqg1;O4*&<3izt+$0xOU{VCou?a*XsA32`
zKDO>6Ph&XVT-P60k!Va{z}14?Pn92#+btwxL>}A<f-oQlIw%>!@$#e+*`^BJL<P#g
zMg();pM&-iXc8DWcN4~TMIgeH@L%Ir{*9rqm?p-?3RzgbtS68pQI^1bs~Hl9xX1^(
z$|Jmg2EENiJ_NB8iV4Mfu;c-yv!+AlZ6IQ;7Yj$}S5Crbw=TB4kfkB9;zjj@0sN-~
z12}`=0o}V*j*Fk4N=8sbAQ6k?sz>E)k!1zaUas7>*Z?CLs8q~5!~@@t)F7}?1~=1+
zSrSagWC7u9Op-8mODp3b3S7YfkPJIWe2N&vk@2HA0HojvFL?_QNn{4HS|Nsy8Bhv-
zrWio{2CSb-9hO93VFqw2K0ytDo2x01Wt0F8Ho&kmg9{S^(h0vTNnL~j;u_?uh5hoL
zSst+RBY(o)GG~lTPk{!ItuSLr5CQ&_)3VBoDTLE>P{FxFwhD-Xt(`P#XqY4lhJ4Ng
zArHvjA3-7LGaAw$JHdt*8BQYz7)T2FEM90=5SmD`B_#E%6|^CpCI&6w#}hrlLL*6q
zW>&3o&JEyQ2t3HTr;8{NhBed7AFF(Y+X|}!g=9EI0K}C_)Wq)0i2UY->((G0HUpF+
z6X*-zC;OMOywh4Gj%36vnBcYca8DegapbQ~oKt_PQxOfjP76MEQ&~BU3_yz`9LYHE
znIc2TK91zU#Nt#q2cuw#*33ZyT@h$Pfh;4O!bj{e5vwnYUQRumsupozw*c3f3rOL>
z7#<y2Vb62ZTv9;3q=qDaj9Xx4NsN|e)_>wlg4{a8*;q7Ev=i7~V%JQ;Vuk!&Q)PD(
zP~xQe%*4io36|DkVsbae^-?vRnaY6RBqoOOw<!`%lxbGTFKi}LF)}-LNef}&I8iOp
zDvZd4t#^%-l#3C>MqjgI#^#F(Pb244HJIaSD2FerpC!PAM(M|GrndM|2|htRM>W|#
zhSy3ql;Z)%p$GtyCNE7Y#3g<Np@ZWNS#wlwT+(h|@(~snv->VIlcx@{Wa}Ug5Hajz
zGA6Z91!j4xAtXntgPtTwL|gShEGdcz<eIAGB?H3u7^kexF5Eh9*e<_KW-QghUb-Lw
zGbdi8g{4N4iVn$h+=B6AA{Npn(VSR=GQ(jh@-bOOE$VqbFP)T*JWD#6h9J|xFb@RM
z@ruwr*JwQ*3g-<Q2w&t#gL^^1D(S@iVIqMq)?BPzk}d=w6$fu|Kz@vJf&K}K1Hu3b
zfmy9NCB)QMWkOpQb5X%^GfkSv6KDLteu6k8aYDxP;J!E^SBjql5vAZG{@-Lkk0^q0
z(Xz<Iz|{Di!O<eOiX;vt%_Ibo`(^3m{B4}Y?AZCHhO&|fSMg^7>s%@H>GCgR-&GDt
zAVBnJmed6^99V|TzJ`o2f*}!%oXc%#jL%@?3|K2TUrL2cY#>CZ5-vda4Kfs-tUkTQ
zCtWvU(ZS)GRc{IV)vE{$E?|spe6obvID?tQL;E_lFB<YI;kka3+wglK5#vQ5EX;+s
zBXdCXC1OM1`so%qQ#eGOiEqSIDN<Ks8k?|S0Khj-<dzEJ5hF<cN|TrZR9FJY@Or7-
zZ%y72?~)qNa2X|Ijv2rNvk(J%wg;z{GUdh@B#G32QY4vykP+l(l~WKCZ<hFncan0S
zg$s@f1&76stTv>;OH+v&NIP<74-uX6Yf~#`MoX`m!adUU+!HT`XjGw)<SHZJ7#2;>
z<m#aLswwm;7I0ch4hV3uy8J<&VqQtuvBD-pPVd1drs^B5u()}p101@$mF$p~R8rzr
z%5J}5Bj{?zEJY3qE0(12gMf-lStiTm+=jap5rG#a--fN+Y25@ok=Vo}YzhRB@RwSK
z9JXgsq9~Ckk)RaRvV1`xocAyR4|uUO!|odejfsFlx6%Oy!|6*pkRM|}HWD|RW@F6;
zifMI40?0oq63!gFv4t0smJvEVjRq~!FDixRTBUFRDN)UAdxk;RkXc)+%1u?7+0)!V
z-odqTGrB#1#M2~^D!!9i?IBH>SVhTmbpxr;S}87D6ju^NS!N*}hsai@GaDw#o1_SN
z3I0n0N>fF=0w%LD2Mn9au1$*A)e>SD^(ij0Wk#-xXPTZ(YEYKEsH&XuR$6B*GDMu#
z&WOE>dHqQjM^$*nqUR&skX7-Vn=3Q&Or2j|c}DnxIF$;RdIlRq2##<)m_c#$!Vyym
zzPtFVVH%gpq=yEu-{_i_A`p-ODb%NoTMEu<7n!7EYDI4H<zza@mpW6nNGAz@I1(aL
zJ)9*&t?VmLElfsaU^`yG1d}OH8fUgXs<y#ZB)sr0Ru1?L6KK4fTSqGKGBU~O!ZnEo
z=3XEL5H$U;0p|dn3CKhuXocx3S$LFa3Y(!qF|t;{Mun4FTw@R@-eie2TudYQ8$$=w
zh(P5%4HGIA&nuo-oRsGktko~6B|(r)oLYHe17KV+d93_47;rO9kYrW1iE|NZ2t1Vg
zamP|d)=U`(wUQ0hJdF$AWDRyrt7(<N^i&`6yefreRzO(D-I)DfqSji~mRyvvB#KF3
zd_+(8T{WWum3WbW@5J@95-(LNq_4u~M<HAV9(9mo$y8ssuC5u8R7!4=^F!qqj*F{Q
z2o$|Si{tDN;X^qck!uu7EHDhfYF?F4MWum$LgSYdI+T7RCWW)<S)%oPmSQw?Nfay%
zF}bb6(4C}eJWVWqgnwadqZnj56>Gm}A5#qEuy3S?3M>^eCMX!Ccp|W(B${DURZFFe
zY0^n*lbMW*(YOFExvo5)7{JzB%MYnrv&0Krtl)qVKZ1@Nlu@l2&D4H_Y5_r-7PptA
zgn>molNp;f_H)*3cNs0FBJxH(Kq3KSYOAU!sB-)Vw+)+-y7K!4AW#<;KtYZ4(HIK@
z*d7#`+SJlxR-h3nbB03z@tR#|&3zYH1mK9b@}vjS(DR^L#X^gP6APMiTShk87g9)O
z9N~v`qc%{=^#2&CQ_ofCELw%AN<>T^OC(idze-u1>y(0+v}(Z1XV9_W8B^tpdFiEI
zKe0DmDDTmRGE0~N?DqM2jQC8kP<O>rCKZGZFQ9AhE|ag7XJeFRNxO(-6ge_$2JV>y
zJbiVnp4_)<nY-G+=qfA{C+8*_E5m3@<S5Q0cdflGI0_Qjsvle!4Qm+vA{AilJ4<Sh
z?n!NmHc5FoVh`@@Q_WY^;_9SHhC`bbw5D7@RkgsGh+Sp;b7@zkA1A^Qkxm;X<<|GH
zZ`SljW-(q`xd)2^IAg<AMF!&Hf3&hkevNF6r_fd8uh8(NKx7ZF%np&n4T+B|ALpE9
z0IDUgT`Q{2Kk=@`5-9M{e?sePGXc4lgOO4d(`KX>EKQf1uyT{++L;E1aD`PpT$1IA
zZx)0vMGlz&VZjJ!z)7{YOwcEyXXeBr^_1D>Wow1m`EbgRi=;wUfx3mmuRy;=3Y6s}
zq=Ipc(IVesF5pd5r|^J2#m?e3!8_0{6{|e2LSZa1Y)@Jx4Kp=@Dhq`*jlf3G2x~>z
zhe#%EVOXrJCa$ns;xA&rP_mOLM~j}|0SW8SpJySksZ^0GLq-|I4B#kM?2yemxttY-
z#TNzg(;QudxdqmoJHib~QZ!p29KpXC)IYb@pb+XMM3(?5MOtZc%u|@9?g2NovSA;v
zeu6<a^Cv-5wIcxteBdH+RJalm6)KBDg)2hF1f;(BU?fG;#1<daj&LcuR@y*;NO9d<
z`o9-?fEybdae6AR!h=jnLURD$g<lb<1_X>POp+hJj4%Li3508MtsZ7$DF6s3G7qf;
zoOl#17z!egq!Ef+h4!Sf4y0BBrI!xLl0s^%QsL)vjO{~6P;#YzrY31Ko7pj*_*JgG
zDFYVxout5J&y_6ELZ3DP!~J~GA;_LMg*b?FPLAOOm7tg0>2fY5TX;)h650PL(uVl9
z`b}1d5x|0p7;+U^KSF{T1fzT(45?x+v!vX7Mv<IEv%-MFE!2&Bt{72zb1zl<sm5uM
z$jCJf2*UuzPvDQO8`O4!9DVz#nn`0Fgh9)Pg+y#k#?lMTWG9)$1DRBf@G!b((M&4A
zvnw})tO;>9EmYhH{Z@RICJBie5Y}or7GGwPgH7QEJ&E-Y(M#qZVZ3D13OBE6U7Q!C
zk4|kIf`0g_jcy_OZ~)quU)UArJZvQ(oIDfTpQ|<F0*uB7uDUvOl4uFV;o^ervRg<c
zVKiP)wpk<qzI2n=et<x71lWI3wd_j+Qf7NqQo#YtI^EZx`eRTyW7Z`$yLtRlTC#;u
z>*80DlRN<iF<mM&=QejH=1ak!(clU&$yu}sp(KU8d}<?*%$FA$sT^pM#}iAads;j}
z@n{#d9X)FO=sj2~_%nDF@|sxt2wJS2J=)wOomo)@)s}pfU3PPfe4AKT1R)`ml}G96
zFtp$t>)YfJ*QmH#EkUjVOQhvxn0kf*u=@`2zyV_<tyCdF=}breEdB98vynt7+Ubq%
zU;+8L>xhR<CAGjnylR&>`9ff2eGF@uTW~as-4Y_JM%tpFFAD>26n$AFt=mj;;e(=b
z<(bjy2*W9<qobuZcP$83FTe;vw-g~FAVZ)SJd<FVRlv(Kl>h<ZhAW>726#wo<4Fp-
z<oz7`F-VALFqCWOjO5GhPdN%{S^(9C!<_4ivgjTg!4x(xU2>oK;w!opq=y!^u?hx(
zA$T2-uSUUdabqHKTr=dr80sHaJtb_u3DMG9vpZAyk_a#lj7osfxGY<kEP<H3V@<`3
z?xluw!II-Qxg}Qe-L7v7;t&N@dSi0SF}3?kovR+&m28$BiV)cV)#Nt)>De?|eyoka
zHcZAMDX9eSwtmcsxJ=@q%r%AhIEe)j0&*5B6$T{Ygj0AHhG&^=b|iPGeHq9J7R4f;
zircOF;H+&=78x!zX%crE1-#lzwv?b2FwJGiT(i|;9@4x@8k2}~tl}mDtP$f2I&k3a
zs-6hlUB{x}C>BP-gv|lI<|4!%EO6o5e3<5_T(Mc11u4pCjRjK&;c$Ttv?ZJ7R-2S6
zO<4R=^<5;ut3=+jDYR-o9dAnFT$N2MrMi#ORTtpN4*-&!sAZeSKA>_nx~s$%k0m0m
zTFH@3$|@hAbq#Bc2qgoXTKV^o3Pp=3@>+<<Q<VT-dql%|o>oh3gB>En*qxV|wAyiM
zq%wC^Mv?zywtKTmvS4|Tae!GA_F5e?VhYhA;%X2?<{mo*U7NZW@|{$ADow>7Fwn3G
z@NLVyRRtI)HrTdVmBm;CA$@g{OIEukj$5T#Q9W5FPg7Y{SZ8zxBoNL**(;^DKQ3)I
z<qoE$?ku_CT>I<fJsDWLg}B4a9XaBuQ5j`HcO2=A5ntd4LK>?zE;zWB7JggEf&{o~
zosCUXXOauo4~Fd6(jY~HnV(DUTp~wHZROqy#k4l%lY`q)v3%Kz(h|Lqwp`eH6SCB~
zS*!qni;t#I57}l`>ol>wQdlfcp^KBCt2C8l0e(j@Rsm$<YVi|+Ckp_#A>_8dSri@1
z26A1Atz>b5xoTA)gC=m3F1X-fpDg`qQmIAa<<gxh-C16R`<9Dy%Zw4G*hDR=a~eqC
zp73ejA~;T^I%*az1tw0b%!dVt^z6WJup$Av$`@P_Dq$HE7u_w20fNf=${R>d0!fw{
zJd<wlw2_@9*qZlzk>xBZTkmB8_&hcGp0-wawjf=7)zX8frL!ta%AX7fBlWOq6OAC9
z1mU^{F!uJ<VUj?n3UXN_J?SE5jmwN~v4lU@mIaEH^VkO9tX>rKx<)oJ)~x5VMqi+g
zIDrb-Rlg~0M=r6$D;A|QPdC$5n;Ny3J*o^OQVS_!*397lYL~k>Guc@uI|>uA^s$r0
z3IH_wBRHfm>ZsXu+8uMYt0|LgE<`R7Z4xz3Dkhp-ay)EfY64jm;GmMcNZwQhW5qDR
zB-hdzHjVni8{Nd8+h<~}7l1(i^CauB6g>zwtRzh0AiIkyj=4A{d+Tfvl-sJ9g3=<-
zs`R&dp={9_LCTP_n`F9S5hW*&f{~G2G|DgP1{29jWJsZtj(C*<(AsiWabl_+le)~1
zIopZA+m;pZ@QP?ceYrtb*erEA$yp^uQSGgeun?<mX|DbQXt6b*Jl8Hd?h6LG<D!T<
z0{%$J0U30LYZ^<qoB@4sOp+kCDK%SVfVTNp$Tlw&>VST||H`b}g^iY%c(GwEx8fj|
zS}7ZC8&5L{$iLcDiOrO21t7EjaB2I9NNLq{lu92zK2tOm^<eB$G_ZnVbXn}=<Hx88
z*siurAxVwpB{LEXNkm;Onfkv4thZ(IV+&h->)EynJYB0wg<TulrI%Ox*krGHE_XcU
zh~IS`TQcLFRw@9l1c64(K-GnjFPJN+jBYf=d)uat6j1=WLo^A=V&h@q-Ap1}3{XJx
zTp;8v0X&t>v`Vo`4XMICS;dlLmmQ{{-v{!Zl|PZbE+Y+lg?L_*dK#))H<x5%+dt=4
z4{EDCtVN>R84z{}17yO9&Aef6i+V}V=Alznwx!f#&4zZoPHAPt?J8SLU_pOmDXc~(
z_{CB@@RE3lM6gLT8gl}oVxia@iK&)N#Z_LMlN>HDlT=E*G?5aD)&Vj^&a`}!%&6QM
z-eBqh1$v7LrO_C}TST};puR9gCmK3)YgSwqeIi+P@5+jFNzgsdc3nkF&*g_BW!`a-
zkmOXJFO*Aw4@1}t$Xx+?u3nzdp@jt+2sk!$a~CBwl?G2!P3QrUqM+^7K$%`D$DSs6
z7yu|9P6S$WQq+PH8%|lzmvK3%C~W(HJ{sBYqinI{@}PQOb~B!*WyPgBqvT7xLM)+_
z?7RtL0I3BEHm`P~NcxWN)LB#tIF3T@6s%Ay4Wd0sgP<O>l&FJ_c-DO&Kctf!=*x`J
zMh(tCuYj8r8a-*S@dWfpK)a|GRRU5KQGDqq5G)c|Zb`|q%9*JA=#^!%c6LgLTY(!0
zzw6qxt+pdny@%{Us_8<K2v8R$VO@$$Q&Bb2@~D~ISaf3~p|0)Mj<m^{+$OUT)Tfo`
zSa$~6ISU8kknQm*Zr}roir*CnD^1GbN7P=Y3Gd>U>O#TlYjnbfinz&S43XVUIabr?
zVuJ>ep62%1ZZ6=5$x0<1l#2!kZ;FcVX6c7q_Rgk`krGpl!B3G%5|izz-6tcBWtD}C
zfcte8g$DhRha?EWq0~Cw+?s^r7|0q1Tf;Y^0fm$nl>q?6#ziQU8p(P&X`E;V%qqxI
zb4bo(TPPaIv?N(%HgL%;Ym@<Ee6SSgQqsXaoEFce84SryyHgasR~Rki*;yST61gsU
zwen(yghZQMT*69fNOPMb^{R?_uEq)S=q^Y~rRc+}Kf}Jssvi@EB3XJqYMz*oLo20a
zEbtiFLAAUHlI>U2XVfCv+<Ps}K}co;KKzw&EwE*|C!wC)Jh2b<0bxL5q(kS}Chi3c
zuyJZ}>_Vne(3uC#bmK*&D!bGX9XhgS)UioyaTYdnE;|CCY!dn#F$Z35Roc@E>Ea&f
zcb+FOz)h>#OAXdj>)T#cze7a9A`v03%Vjv1DO3XjiG-yJ<$1^R0FlT<ZetU@2{oA5
zgKRRu2kbk7Ni*UJfeeKoyvs_<_<FZ?bD@ixWLD%h;p)ka8)P*qlcq`MiUGMuc&1fO
z?Y2v6#nOBoeT}*iEw_3;G#x_XS@rg;Nb|SGj(4&ukXZw$^&$}pbRYwDrAAGlZ5)|E
z<)yZyU`QiUB#A+^wveHEAkvbmbK-UoK^k7AUt$H77s8N&3y5k{Gig<%U)Q|Kf=kv*
z`j71-INU8$F~M&WOCxsJ7`=hqdeG&pm}hOC{NP!8P<8HMO+c*H@Ld=(z5{Md!S-Ak
zJ0XD~_LDH}78~cO?1jvWKq(N&V{IO%LGp#z6_WZB!ROs4gs`x46rrE7+a$5>saOzW
z7K}kckY4VI$mgnkMoh3Zj^0A$_@CUE<$z_(LR8dcaUj429uhNbvghKlt6)XSIg4s(
znrc^dE*dGu*%xsYb7YJTy%Rp;IVzI6@09o}xh7&T&l2Mf7FQcTmdl<-`qA|#e9QSg
zG5^KHOVN&#St>nAPgh1SQw*?Bjb#paayLwgq)L<ATk1nhGP~D2^|VD;p3bdeSZ0!=
zQiX1j$wyx+!dg#LE<W393F1-<iDla<e^;1VYP0p$0m{a8-4U&e4|ZT<MG8TxbVTC$
ziK)aTKSr#r7pFSsEwaC4vUOabR>q_pU2PRj-K<IksR(G}20DBSm<->ubJ5VPXY>;>
zK!cQ)nN(^@E0apSvAdXQ$<YSm))v-Jn;lHm1(fG@j3D}e80}bd!}5R!6<1lqX)3h?
znG0s<ZVsDIV@b(1eQJ!hAGuz>5CQqh{S3L5%sFi!MRQcrbKlkN@t)=@fegiY2}~yO
zE9E2eTucAb{sAtyU_vcZ(MRQ;3siPfd=*s6k2(~B&G-cCEee_#*4LP`3x!O&s<I{?
zZ@^lPtpy`{skih{VNz{u%_1&eX}f5uqa#@5Z9UKPl04UdP!PR+TZ`Ejb|%kD$>|H2
z0U@@V1)D*oJ%iS$=1P`4AB%F>WI<kyg5$^XT$>_NUV0s*qwUuUDGM!-FL}f28^BNg
zCX;^(tNltHIL@@FfpJiEvAcE+2gr~Gu@_aHAX`LTDq~Rgl2xGeWGit|Oa<Us1^1+Z
zHq$oinp7u|J3uyki37Q0a>Y~ej^QMw)vqS;WD7}M=>D-wEMR7*j*2%_4G8SiAtZBo
z1fRrVlJZWaLlp1_1srUrqg(a#^Q4-59A;wb4`d+)ZYy~(K<S6Rg*q}5!FHs<<P<f~
zYio#LL~2WywoqWb0=`ac{x(6G)sFu`F4`-UDugK0GAJ~d%9bK+{2!_AR#-LD?on3@
zMtXTJH%M@owB0q1$hfLx6n46s$di3XY@^hD)UpTylnN~xiXCM2@@m@n;wmtb5?Tfa
zxNwZA1!nv{t~RMz36M70YUmWQp;&TQ;0%SE3^8;ykx`P?mG9vKr>8wguJk5m;$b*J
zY;@baz$JBB0)~si?h5gI9j8@IP%6vmG_yP4BoZ>3lN0(qs89_JL$0=HY5icy6j#(+
z4pbFa7ag~fUdR_I2M;{QIG0?O+S)-$7JGsf7PRN-L=w<CU_d&X(%je}m`nK*y>dE{
zx29B<6|*wY6b*AvE}f|&B6)H`hRGQU-L(x49i_Q1rElJolGox?gRN>8koaPe>;wc?
zTZ}|TQnu8xO;%MQv)#s-eh9=m7lR~p+hW<0W%NuXVuqcv`kNHpTe-CI3h|DukfJkE
zx)=)trNDW<VzAW109?-8WEh8`wDWT&;?s*<@&p3F=<RAw5~j06n&zCPbg_Q1l_=Lb
z!+g=v<LbO)5tO_VlR|>%a;fJU$%@Kp71Biqd?8Rv68Gq#kiGZBgxH{AL>fw@qX)5)
z8<R@KIR@O8o^Y9GC$Q|fsSGnI@(91RH=xBC$^04*LsW<X^l>%23)W6Iu3$)NbI}!3
z;DU^0$+63?=BOe<4j2INe*UsbBZ@5yyegn137Lr4xK_ssEexZ0ftXRG(sof!axbnN
z52pwvjm2Wd$^c(47Cx0W)pF6XqEodrjui=T>GicFRuz~rE0&3Jv*jOc!)O{Wa#E7h
z_EZ>T6M1Es#Re>U>Y~srpm3_NSOYeV2Xt1kfSbtf83&NBiUTrjuW_YP${PYQ<W@W$
z|IDt`Sb^o;-m;_qxPvx!LF88y3?)NRFP`Q+t7O|v>|$7z$lXdFDxHvP(T4~5=b^S4
z+v41Z5O`Ha)cT{`$_kSCaGAEHIaLZ=>6a4^1t0<o056CNU#9KIt`>3WtIM&f2#4HZ
z;Mqw^i}|vZ84`^&Zmk+(n=XP*{aI(B+r9!Dq*x}ns{gJv5Da5{2>?AA>Q{Q!4_oce
z^QyfLIj!7y*0I1%>yE%hv#?IlLqQil(v^k>33O#I0Qo+jIaGLPEjIR+xn)DzI0~6B
zViS~7o5PL41|%}Q;u!r#e|BZuEo6M59PWaA?mG13Rs{&K@+E@D=@WyhhAgENU4Plr
zoE23S3kl1`r>8QPg^ZmiO|uy`dm@Q8#)_lfA+LbG@qqzSE>bfkK3Q_5o>GsLQ;uB$
zE@tu(12Dm4no5hdYuhMT9>yx@>>?yK%WNm7ni^(}7H(YWpOljrBva|z(;1ec0;_z1
zWUIsr>Rf7WToI$FO{u&?gF?QlSdbxO5@$N@Ad|_c#2_M%XeXDz+a2^~$u`Ig5djRP
zt?79R_cUEm!<bLrkt6$ooz%7MWT{T<(cVNyMIr?-Q2}u5NHDbnwp*PTkXS!lSt3tD
zWQC)8F9lM8j2DR<%qh%WX;_2P$+@)65++fQG=+Hb8c{vo6kPb2`>tDCU3dWopRABT
z#er}0acV)BYX(D9;9rw?HcWV^do|t}l^LT=xsLSe3!P4){z0dsN<)_xt5PYE$ZpP;
zPIsuRU?J%$Os#|W^LV;ZKFMU*Uy8l%JU<kxE2H`nblPJlhuTSQdt#Y`yfA6Lhrksu
zD3i%mC5PUnP8h_1p+d4kVmp{kGDL+r5Gw;5$DmcmsWuo(`<f%e4YX#fQsQQ|wHG?a
zH?8GaN!To|rCcemD$2Ri&um9TLc}wP4!zv&r_OPT08j7ayDoG@4|f=AP*m{5I-Uf^
z+rIb-5+q>HM<CYE_oZea(&<W0OyNLHGcTA5AXd<+TmlLa>?P2qjQx6cs|oXidsh>k
zf+Q-Cu~Z?I3`Z{#;FUHjY~8O^GDI3AhgEp4b&M!U8z57RJ{Ii}z=7=noI&7LFWxH@
z7;K1QnoE#IR-oXZh!Gn`>fof1Ks}Ho93*<rF;OfR2^eRv0_now>8_%Tbpw-slVL0p
zBGI`cBC;43&nh9K)`4Ytzp3EByj=FdxeZML$_%>fB`WZ8o8R!bX%mi5jJfBtoO2?_
zz=l_|;f!n(mtpca2!r80vyY*W%$3!#l3E_{w1C3TlCZm`QcX%Qus{%+o!VJPIQW3O
zRTFL0NNxAFw(u|T1EdSuQ1C6Q5h!)IX(a+?(ONI!%E>NIntpTcsW-;cQaCUmo}yDK
zG1wJbSv315DHI7eQo$fLZ|3qKx$-y?%vBn>u!wuE<%+p@Fp#vV!nzuP<ScfKhMXa(
zNLCHLOEA|<EG7SxRh~eakI=zp8Q|Lycj^pEA>PxHifAVQ0j~>@@3SWoA%{Qk)N-K<
zv_Oljt9f0-K``}_Z9uOB=VlC|9fR?TnlaHEVwZ`%;_PaRyjIm-k~m%r##lnSGX6X!
z$UMT91uQv6;#XrKQ^7@^MlL4NmUW^%*VK$xeC4Wqq*R^J>?c_g^h{vZ54xz3EFQZ8
zad?H1&Poy1`r_;*$SDJ6BJci{*`D->PDz)Tn7*IN$szDJn3>HC;PF%xbtf|@!5H2L
zv(tDz9iA97n-Oz{!x<Y2Csxp)%O5)<+s!NgG@=pvCX_GD`78kadG?>)xJ34#&68PQ
zq!H*MpP(Dm6%U~uZ`=bTd18c4m7@8D3{pm&k{1_#!w*ux(NaH~=gsTcF-EaS&F-a2
z;vt{#<EZwh6&_^sH)8=%x>G;~vHtwu5PmR;Z7>nryo!{R^#GHXFabvmY7-G1qd!fK
z!_h`2xOmJ0D5AXTFb8T3;QZMfxQPXN_+pr}5`2VZ@cAhzFE}^x6otjZh@26o<Yi5k
zOBQp+lvZ{f4-E%I`!IG1CD4BfTf?DnBEf_~wg8EP0r?V8WOnepq*XIH=_ioczn%@p
zbDi{xP#%bIqJ<5w&~9aHH^X2H9@jn*--T?am0pJQu9QF!Vn}w(NA^qO0)DU3SN~Jy
zffkY^HNq_MYn9rwG|y(j0VlN&4CtX@pQV15gw9Z@hY0XSh8Q3~heGOHIG#8-&h%6X
z;9^g#)v=UVDLDfc5uWf%zzrPXEF5~L65*6oO?2(~Z8E!?kKYe2B6kZ3K^b|#<6v$G
zBSBc)ISYcPA1MXMSb7mSX;tIF<^Vio)8hUhwj$uh$*eae^82&tOw=BPvo;Ke)(o(7
zR4$~cOlI^d^Qj{~I8~q9?3{?JM}acmQz?lP%;7Sn?kUioKHY!qGi?FJeHpR%xulfo
zb%y<biyWdW{?_-h67%G+fr;OW%pm<Oj8zl{z-UBbj93JDEoS!y|2A|P4GIHb`;!?j
zKX@?EWgo_IJQy&Wpam)qK#|rZSi&_^C>WU;z;-HvRVZ}GQz=ZqjxNJc&S377*in<(
zo}+-`1n%153|lVqEEQED8LwMZy@0b3DT8A13Q(OamwDkBvFmZ3#-4oxe@M|F`*&CH
z4M-s~Ada4_;*2E#7m-XBAQ`GG$bT~u1(z)YxrQO{aIbc^Na|iv#Il*UKz2ynKZY1*
zg*D%@4G9A;q%lP{q82csd6`OYm15#l1E^eb3)5TzJTEOKCPnLlUxX}Ut|$)%O9yg@
zpr2c=p>h=9Gip<}&ttwFo@>iXNp>I|I>TYqpAz}gXg2FX3YatGCSu`4%qM~!yM~Eu
zZ4~+!breZRRE|If;QJh&5EDpDHD2IZnBar2Q(z>Zu}%5{n@iq=59R;|l1uY)8I~Kv
z?UoYaWc2=pI0_&P`ibcG5ft%9a4v#wh=(tc7l@`aS^FfJf{?f$ljV!2MEG<TVg36v
zSVtlrv?n3)z=<o$^-^SLv!uC7J_>-D9_Xd+80WvhALoda00~QON%gSF)&i+g^ZnY-
zU801>`!N&n$d^t#w*RiozmbqMFKqxKjHmS{&X(HB!#&}t2qZnT){SQAaETNqHR?~2
zXj+ku|9R!(cnTZPk0B3<<=e1gfhLwxY574p9^NT0%LNuF?d4UL2@a0Ox&yRI<%@{)
zB#}dI+{h$-iJ@@BP|6GtG$6T?46{1;=p1{@AO_}RZa$x+Wnr<z5c3jYI7z@LVwz(1
zbE4lQ=d*soq*o>&W)*;b!~>QCG73U9yTgSV2!N>S*Bleb{9n#l`N{&F-;U!f)FhV3
zYnPr3eLyP<=F9=*X%t~&AMJs~BU~8EGu`_lBRvZ7_~09TfEVzQS#oxQR?8(a132Y3
zt&K*LXi8*3sY7N!KVd?9O!ic`060MO4?+C^&sG6Q*#NRzbSwijDwLiM!6~`YoZE5l
zrIk?*S9SP5&V|%11QZAG=&>9HkJ2{&K;;dO3DNF5T3#RkoMgszL+m4Ey~$-$Zl>j|
zg3pf&<R~@9%U(GzB}6J~;dne6O=p!zV?jw6rcsX=FjW`8c!<59tUsv(hfesSuNcZ}
z9Sp;ljA5)HL5?T{tBqBI2xxeKQ(+4niD*xTkSc<XhVXJx5+74A128kx*@=L7%nF9}
zk~-q%ioDRd5s0cJjp#ucNDKU&Pg4@d0D<&L0@~pynoRo<7%&{dBo1K=2Ga@TU#L#v
z!7z?UT|hijJQ!LOpeO;8ZW3*3%$A0@Vxvf5Ik03AIA4u!WX8)Ls-5f!WL~gfJ{Ded
zGm=Cnq6MDhI!R~HyP0`NvALWL<nVEV+!7BPVZX?uru>n|ETFrXvpBL(@O>2UYU9ug
zgRvQPN%Uj!>9VBpY)GzvgkP3Dh9J<NncBi3A_rF&UKk;%0XZ{IgX&y5*78En{{%(K
z0ST2kYzB3Lm_0~3YM;67GAl~Ma_$MFK)j!0Y`!95)**u}ofw<U<97-H2r@y3U&`W7
z)*q)z1%4_%*DGtIFz|yGabZMjEr2g|VGrYJ0u6xL$H~l+K4ZWfC;dLO0HRO-xsU@4
z`*AWoPgDxK6x<<CtZ|{B18b+%2$mWfd1&o1NL{I|LvD`;fpcol&1D-tJvEt6(XP(x
zT6($N$%Enn#NPvM%5B?tUZPP&PE*sEkbbNY`5_;(;Rp5clxP~LC7?AWSI~ziOjPq(
z3+T%fBGHcq>^<0SI+gVp+F|)Ite~gIENJjz#QdsYTVH^qL46Jm%0dPZ@bYnu1*tP5
zAp`itm6yB}LE%83^B=GwSnd)Y0PQA5cO*a+APtH3A{X{N9ci{cstxxKe9v!qo*(*S
zSbJD`&H^PC2LSpqKvL@urBK@dU>sNG6B%Mjl=E3ax?LX`ILQLT8z={gQV(|oE7W^y
z0?Qz8C2kM7%>r%PK$ZOBBAv4+1X(sJQUv~)Gzr)?!Awsc5jheTU@#ReJGv^sjk4Ao
z4vc9A!@Zrxc+z8c(4Vmd;Jq4gq%c6p=Gwsk)^Iv?1Q>D@<fs{x1VUnq2}!EM@NM0&
zkm(Ly#esS0^T{@4v5*G*C|F1lFo1JmBL^0wAeZQRUdpT_QXXv6(q1&9^FUlq4`HEm
z$vCh=vZu(|d9ua@oH45zr{8zI1Nu4)M<ICwW`bCBUR#TVYz%~mfc+nd|4fVkM4ywU
zOmNDnLr2PJ#zux{TQPRmFeEl8{L&uoSg>0TIArs4JtJ4r!@9>rnu=VM8cWd5_YYOT
zrpdWCh3xB4F%F3|4$%YWkOM%)jX9L@2m6Xg!kQTe?ym9o2Sd;72cvN};_#nH9`e!-
zmdNK^fW|_IhV*iinMeQ|L|3NX$=MTj@j1PP6t7$8W)T^EPj+W6g$o?=$f1gWW6d6+
zrH41J7!<|z^eomCA2xo@xxHe7WAfk)GievfRQW9e^SM1tHxCjMQ=BQsOeR}!RGW_7
zM&GGBL*tnKo)>h80aJ<uV`n%>Ogv$;P~}57Z>YB4W$svZfN=RARW(=3W&DY{&w<M(
z86P5+nQD7Q?%|wEV0M-T?Pe*`08vmTiLJDdBQmpGtOjXNKu=A~T$AFY)6i-XGap@Z
zC`udI*)C^?0+*u^lRqwy!-$A)M@O|$^I+fU8^<xu{#M`k;W(N`6d^frN>PrJEHI+D
zycwY(3;%6AG}OKB!!Xskr|b-7!hoeNE4TyR?v@~h2iY!h+&3Tg<@<{I3)yUAq>n+M
z0P2UF-SLp_n8QDoI72H(WbI>oVs)w(C)v>^Joj`vn;26+2u6XgS#-Kc0w&I2(DU8i
zp6d*DdamCja6FmLkobxj5U|<9JZWBKTJbP(5*tBRIYOzb***V`ZhTL)D;M3ywtS*l
z0;5|yNSEcn)5w+&B**C$a$F)tV@a9M=R8_Th>r{?KXJ|wAMIELPEJcR1OKK;Vzdk+
z2M!j(uJEbqHY%EzAxS_ShHXP=Xy~}ZL3?Mj=b3g0JAefq!RjjmMoc&PLPxyhu#yCD
zLhHzqAGHCY4l9-3L=@2zSDK{7GoXB31orf6&HDm1WJNVA82Lb+6^n)#<eFLWnR5(i
zIp^m|beyv}m`g0kIuQ6`28B-^W8h5dh2;^^PYg(B(a3LvzDtgvw{g(!nSF8w5j#IZ
z1WcR}2ag%YLT!kYFyK<G0fg3wBqXfL=fLKfJ$N9q?LfwMOEKj2O(9_#gBw!nxdw`K
zljtMSR%eW7#RORwn_bus@<F+z6i9CIb_~Or7j`kwFA6F7_-HN0m8>^%r0^WQb!-7*
zvH|0$H;w#3+xL1-yL+Y6>!~5&EQpQsDZ*hzPcmB`(V_|e)j$wId8#uZQ{CPS?RRx&
zbe1iTkg@vCRXs1ahhCCw2Xh5P5+(EII!@$bYpR?3ILTKwY|e8|cCjc(>%EZ|%voCk
z&n92sJvli}!4}I*&Zo=Mi~sKE=<kk3wPZZm^JbHt;{^NNZo7HVIoRBGN8>T4g!-|D
zdNSK5mBtV#b8ZWzLooztY7Y<7!JXI)=2^=1kO@xN+hgxiI|H1ZACeaH89^gG|58%N
zc_}F}Bo+#J2Y_2wQw61*nCYVpK_CLl1hT+V3;<W@DXjkm^H;+#BA>3LmS?l^G?{r#
z$Mbugc4NP>yEfQ&f=Lw3RKKf)x1_34O#S4>9Zad^GO=ZW(wgZp&5!~&)BT=_boOv2
zUy{HRnRa0S{KOTqF`PmGn2a1eVDeogjd>mxbccIoQC?#d$leq>4gY80-n~WTjox!a
z;ezlK-X@@TrkFFF|J~n>Mzx}d^RYkbO`E-N&}lZVcN*P|UdQ)a<C&bN1KN`5G{IqG
ztOR8L49D4$Om|=)lbLMl%NL^{;CpmNo-jcITvuB(@}jEnz)J;yXug!lh#j8fw&2il
zUQb>~%2;wPdVT=&a?T0fIhxHT#XKt)<xoxp`4Ukv+6v`RT|}Q`0*?M}j&XYZscYi#
zUfp=TjceU@zkSd)Lw`K!&m4(uvJ|dR#vAc^&v@Rv?VR_-BrXOOX>*5gz<73=r3`=6
zvIG~oJWrb<#2xT$a$6xk>dnMeX(E?FB(mIS401+%QW<|&%H|-FY+n8n1&{!634N4W
zgAhPm%;9Z(u1c{29q|>`5G$s$aT59ALBG)(G#dx)c5ArPZ?&Q*wt|foI&GH4!FZ|{
z*o%yk0zb+l;IN@g>suIY?`lM#Ego`ejkd6g3Glo{3$KUb6}+`n^0Dd(`loUna+YPo
zSX=tpm$IkukoYCq>D2*aB~*jN_y-bgatv4i0-~FOYy}t)*U&CQZ{Lll<9ch*GMy{U
z{&3K5w>>|I2ndrWbOwu2?yjB`h|VEQuVfxLLnqOZH<_K)h8`ERqCtzb$r}rtNyWp%
z92A8q921El({WUSi>2o>!?BheQc2#9VpR%O65daeAlK%j0ysxUpj6=$RWa}{N%WZ;
zr2lLjGEchaju;5kWKU1x9HhhU*!PA9t;Tk5cfHrXM&VI7i|FbNr?M?Z_H|{tngD-5
zEaapU$F_<I12U*}rt>Ydp-^jDuI}AH0<e^}FiC#0oa(k0Z81Y~(9;R*v7XtJaaD%I
zV8CPly&xm<IUz=-pg?>Oco^+gSSL`zz7{xJ7w?(DRFVLc%m7Iwaa1=An&Gh5+Z!BQ
zYqbVl#~Fno#Rb#pgmjLxQCP$R#8*XNQx?)=lwe1Cwant?B{#==mDMN|Qt{FRmee*x
zM<pwU1LCxDj<;Yq<KZBVMEsEJBI?TEo)K;0;A4t*1232KKQ`y1H$e^)p2G{yLtoNi
zp5)Z$A_36BEbkhUs#!Ggok43*-@nir4jjjG7!!4;Q-a2hq&THhOG6vb%V$)YY94k1
z;xbzd_vBbi))}P8#fuq4`hI3f&m=_yiS>QBdUkPWJI3i8*p|cN)iMVYo)K*)4j1!y
zAGov)VZo<aF<1Q02s0Oe6|e!2Xxi8Gqt7Zp5+IPQNTZldeKa0>6cqG(o4ft4v+r~*
zF6P7-Mp0u1pdD<LON>pBOwON#1u%A}MIi^bCDlF%EzW6|9LhGr0Np}~I*}*g8|SyG
z+7PORCc$WU41G)WEM^Bj8P#c54i4p|F0Dx|kpo7s#S*}4E$t$uNB~1&kRSP3OcZ7u
z{I>j^?x0bxcUz8eSDkHt#7e-`GL7W0wa<u3Lj*X<!rdx%i-kttsO4}%8-1a=Pfm^j
z&0)4s6=GjrO6*f;3@7F<lc>lmb>j#3Kc=dK{5iv{ly1MFh94rHoLu511{Nsi)x{Dp
z7a3q>ON9aDxQ20gk(bZXXk<76Jl)+}xwgB%UvCZ9oPMY4cw<6^oGi2>B{J!D&16SC
zdi%3NZKIV7adB|vp3bnbryhvMw@GnMgUqWGe>u0+K))#L_BiP&m7P@l0lr32Knf~v
zEQp@i%>ec%P<GDwOlivi{uaqc9>O?R8=zx=NzcZPaiZBIaGS0D#@_ywcB|9x_sxE5
z!dW8Dm*+aKsWhlw>O_f5kDfGHoSMwDlD@QaIxiOep+%|M&MPH{9nXPaz>}G8eW0hs
zGc*pNSJ1Uq1e7VJvPlMrj1LXKN6tAI5c4PW7f1!^*~$Qh>;|9$IG^5RNu#^o4Q7+k
z*m0ff^}Wk0tId9|KNy$;W&no<(zBFtZ%ZPs3}ZXcM9h<TszhKV232Q{@FUQUwyH+X
zz?8jrfIx-swX~b=5e}v@H4ZZ_gic;-q)!6@)4GQY#dtP*Yy$X=8Ai=LWk6BLS0I3b
zLq+Bd7+~{oUa#f)U1v0jCSh~1+1hCDUO8xVHr9K+o;M;6Ff8P@JdV#xUWPoC2Gpzo
zBtfZ~>v1-RVaYEmr_PEw_l0_x0O0}4W~u9gU_d=!)dz%`IHCY<A({TUng-ozq`f#C
z3(k+`Sa{yKJSsptYlP<9eC?S=Mn!ReCugi>QFr7FhX(;%Iito-7=<I_^mq1l>vf8b
z2hL#Np<QAM(~Iz9ZjgfswBEugKy3?Rzi4~l0c;qTmp*zGu`;E-0+a}Y5?U&xBPJ~2
ztTiL98(p~R%|+l~<WOag<9mh?5(8?#8CS`O0Yu#q=STUYC3gnamQ@K_S7y$!fQLzh
zj5Fgjj&?S?>;9-28h6;;-62c3*6g^0o|&)_n8j(Lj;t)@Tn{zrStcW~Jl7sTBvu&K
zjA`_t`B?J2Ja#QCHHU5UBcz8pb5(8nlrBh_sn0Ax-xFTOjYa|6&@$KTP=@!Rw+RD%
zV=TX4Xm3CX6rlYGb1(p(L*WI^UKx%_)!JLT!_CHK{qkPDS#R|^eb05s7fQcyY9ybb
ztVDvIxSYu$FW8N%!+WgM6Xu><oe$XHgX}<yL7WIUVvMSkLqvR9UoIL#ywPST`2=i3
zK`&6r0U)n&888H%d(2~>K8Mws2#fKRL>wsqP8CDYI3dX5l2<mM6ctFPO#jRsPJ>C%
zYY&|6-rD}^`oWb}yWeyBUeFpveMSmtFHYg#3iRI5-ANV?O-k7FjoMG435uzh+as7d
zPIn111ve0xvpA3<(qHi7i2rhd0BJ6pGRR^*?cEhuNx%1z_9&}_4~v<oQ&<Axhsbz_
z93J2U^J2=$MqcgGhsgyL4#@_vgXR4&?l9>!!)dSM(_gPuAGG&+JA0kZN_RLo*lz*}
z%+h{5Ezod{%&Jp(L5?&%?^+X&rH$gHBx8kK;(%l$)!cD{KIfaYC*DhjR{essG-Lb%
zSc=IGDNfd7z#xK5FA0>TbMSaBNlv0Vrr#VP)C<|VfHhEEBuG(yG(N)u$p=VJgPZod
zg!rOqr#%Y&k<%TxX1CdFwN~q^tsU1i#)OBbaWacymG3#XCF|J%?7@ia(35S6x$2ne
zz`WE2E~OS&a#7UADY(0^fK5KqJ|1XKTFBrhJ<w7jE4D2B7A#O9J5V2iaF7R9@@e%0
zkpz0*kq^HB_UE#teU5a9#0_wR1n^{+9Ct$uCZnbwHiB{Bg#PYe&>eJoy_Ifvdtm%A
zA_9sRaseW9?1@iO3??B0vTR;x$P5kv;v@KA^K&HB9!YNwTdG`{Au1B^y856^x(K;5
z4ihwa0Cpl1V^Vga){o4O{Q08ej_p~9zc2!GD_X4iEbueQIp-{b3a{ujTpG){t%(E6
zB%KYX5k*7eaWokRBWJtU?e$vS#(uZm>J6Q6G>zjZoy~AB`3%Xmw5kG2XEp*j5r6{1
zYR%uAtsLuuu6>|38HKSBKht0F5L_kaJe~xRnvNCpL=xf$$nFs@=X1n5ocx)WR_$T@
z!XxMfk<R36Fc1I}1!{c3fDjBA&UiOS>I^!wUNjw%AUM&u9SnDS?e%N>{r&a5VYAmY
zhD0EVW6nzWp@0i=yBva~;t1L0<T@osl9J`pQk3Cb`_!t79-PX8=J+}E%LO*#b(48t
z8a;Y!Mac*-Y2-ADaQ^Jclg~<+xj8R=3?Tpq=CFVxMn95f4<r{#OEN1xt&FJz#1u-V
z!vU>+FPinFSu&2=leTfX&8r(Lm-k!kb+^;qHGb418$eN5rjZO&oQZViCDfqA&6c?q
zvI|jIAyU>ksJuR{Odxe(U_w9e1tyRRkZMc6i{=$eY!jGEVuv|JIy!&x{K=CipN2<V
z;N!Pp0SNJ97{Vm7+k+rz^%>?^Do~hvJ(qBJ#LL=`xD$fmUP5MW8k02~_3Hck+h^8y
znvK?8cjyd;rq8Kyu8UyUCSa}SWRMBC#v^vbf`R6R<-kZeAci^!ED5tE{Ik&HIfnm0
zusxX{W`oM2RQ|m<dj9;`^Dmy@`jlx1!+AL4Umb}W@R!kO4#x{@!7X_6K-;lkV{>tX
zYy`P0q{r$#h{ym$(|$DJ?$B<yb+FgEer2oGY&Prd!GSl}4JVOop5$~?UL+~YRgsYl
zX)Ip=!)9{3g_x+h{Uha``O6pCY7}m)assplb1O{}H^EYT`Q+JOKY8+u{w%I%M-1rm
z`Mj(QDw5q{AW3D&9(!XLjzC0LcIMb%D4y((4!B#E3_!Oxi~G|FaiABC914Z|>zzJh
zq4w?|?2!&coHc>ToTV;D2DD^yJgD?4FzU*&NreSgB`#3%`Quaojw($6(Xi1$F5kmi
zkX;K?1(LY=`7HQrrFlXAM?ZfdW{+KBSqjV!@Iki1ibN@NY%U$@@XiP{ePKYa+a7u2
zsNe5RIPuftz&GkeolY1wh6h8(bbIT)-B#0h6euzr&iJ(6bcj+x!Vm~qDv{H<2$%#Q
z>Yf&AFJzMzurm<xKT@l}LLjzcZf%w{Psy+5!SffNK6&Z-NQLTXj5lC^>r0w}RO|>X
zRJ<nW%Jp^I2!9)v+P=&-psXGEO%n!Dhn(MdGKpsqF<{ywF&K9an%f6$$89%z&7r&7
z3<9)=vIJm%KE|+dCqB;=#!iqq$KQg0plpF~fR=Ab=10~J1oQd4atp!IGeYHwu036!
zfBNKQ`k#Gt#8MNGs)^^P_#!B!UjnEATI8cAnT5Xe(OUo+<9usgh|Q?&?rm<Gu;GW}
z$#^`CxH){<<s8^_6mB=_^}ZR@8%<}wchC(wNirB@yhkv`UVmZ*ueO^l=0-vwEkgCh
z$g}<9)&Fy*b72Jn4qT6sFF*0UFMejk%J%-r<0a~UaRim(XGrTS96TVD%1y}c;&TTP
zSI=zHIg@=79G%-}sJ7qe?DhAZJu~LSSARI2G8!NT^d_MhbXsjf#EomcW_Q?hgBjsP
zE=zDHWzHMznE@qQlr@W?v>-}R>iA}#)4wl2w|Iv{e-2w6EYmNNAxh2Qh<-~?dH%(V
zU%V{*PhN;eI8w(DSa|}lV5AMH2u7tnFCq7&F_J|y_pFOXINaXf-QVbT`g@IW%jXn0
zt$mNa&bpm;Z+&mKXH37o*K8a#)}0{YrjVR>5~ndme}q#M5p#>K2EBa$fhOH71HzAZ
zjXtdwRuIe4vfNwqSO}O6q;&VGn7zl#%m1&Rv-KA<G7|cO049WWKq4^J3%gO&&+T6I
zLOW4WQ-%aI)^-loRvVp8&ky}Dk{trGC?a>*@(0cRX5VpIy_I%zr`2{RvwqBnyiIXj
zQ^8{_=5s#T4UK3l`($-O$Yxnu6{qET@zL`aU;g~bmrw?{srk`3K3Z1&KsY0AjIQU;
zo;`aZ7XL9Wu;Pm^{`?o=(TguWijRbY5SyUN_U4N5Mv8~$iUkUpg~}r&JwD~c!=@Q9
zpzj{+HFhswzItGSkw4|`;3-3*s5>4}RJhq7Bsg?ddi{fL#|h~7Bmqf0%i>v5P#m4l
z15@ZGeh>16Z1Y?L6xQFzPoDlix_Hl@|01*$9+eARD3CQMkk8<?e=acR$$|m$E$a>5
zwj2@s1?XXMVPnY%Dnt)uDG9%MsGo%_VIfIe<QI8F93TR{RV~_R)tmLLa~H2U&5+^1
zv_I=l2@a4cBskn34A&a&UT3{A81(ufImtMmVT0KqNee~-zHRGDrL~>+bg&-|NFu(h
zg!iKtFP`ywe#%jcMC$;@tnEc50usd^9lcn1{Kt=%=zsFjQK|7Bi$0jhPBjqw!FxjZ
z)E&5e;DJ#nEEQlSGdpY#a)GDRI$MoiueW=7r|-J;F<Rrpc)-n~TqZO9p?hu5F}>@p
zt~c~r{Xu_P%(yp<1C<ixg))^v7?N#;c>y|Sq8?Y*7tfxBFOGgO{|F&#SXdJngkt=U
z<}qh9j$Y91K3~%K#XCSIj;cj1#8d`sQRi&%d`4lpVrp`bzIYn?ys@Aq)KPNXq$vRF
zsH}Ac`|W`<Bp!rapW?j%J3`(x*&9sSf#(>fwKep5t!AgaJ06F#ew5+(PcD>k8xm=*
zksd@aS2KZ}<Ki1!x_y%8=dAq*+XL~`oU;K+;5!t7eevRG8S5@F033M!;)Q@+dRZYJ
zMztuASdwtYXvFD-98$pV9G8j|5Cs@5QU|I6F)eFnxbN<)IsFlD6P<FOY_HcPSTGuU
zVYol+biJKHtJUj|rok+kBn75vU=ny<9O-#$x!u(O2zLY<c=X)f`_spdpMCmiI6jK4
z?^0nuijR(6zj*fPvxVBzzn2*BMA)dhe+)lqrok8Zj6_jDA+e^~m}O)uFo8=dEFyTd
zB=S9PZ`kkj2hKS5IsH#U(Cv=f<0zVhBjdZ>wShnAbla`n(KJbC(_9ZtE_qng5kL@H
zmbpW(ENq&FJ^$k7pFSZ5sQ8Mu!_QSFG1RZicK;alj~7trIRf7RPGC;>FRc6sl5M_#
zQfpU6^5&s9&O*Y}T=V3_01AJ`BeS#F?rwRrlsAkFBru*#CSAW727yap*dMxE>-&Rn
zOfYyFV;_=N7$?V;4{T>BWLHpO13*%Nqc4uF9?|w<d9lkS`mO7uXOY)GM)>jN=j*c)
z_MZtXIjmk_>#~&D9N4A_6bbt{!>57c;uU=fUPwvE3-o8bPGe}=ogpnRK^!uE(+Nd`
z?N&JUM?tIMg>Gke%NcZ=I|t2PZ|0=AG(hl-Z*IKj41mwA+H(myN)7&=Klus`&n&Gk
zUVQQ2!{i-lyB6OfoB88v|FsM#%Q$3jpxPwqBqDa?OS*KfL6m?18;8JoN?)a4N<x62
zQVWAo&kcNU<d36d5cfI#KZzzmyE*3FRO3-S9EE1s9~_v$?zY<w#(k1}4686M0l^^8
z(z)+xm(RSc0-U4rYbbg0#fulupA(+>f|&9A=nK;4GAxnBp;i5qfWkL0U>OGs(-?1r
z<In~UoJZhfA}U1eABfgbQ6-UJl1eTZ;U`Iuvz4roqDNCR4m~G~DG=bR$M%mTU=;GU
z(xB5gFx$g`%wf0F9dXE%mMLLQq(bK<8u?55Px@A?>*(3nt|a8(nW*}6;(?j~&TCcf
z@9SSEOnCm$LXSd3!gEmqf<cl5@@04qb`r=c`=TCmYk;s*DP?<AmbD%^{XySElX2q2
zqz)7dj3;4d+#WT9R+H%6ABDS)<Ax)D(C7`rF`0*qB!EPpNBGW<82gYM<VXqH_~t11
zCi*LC#IL{55)O3qxfr@{e$A67UzDF6l{W2DQ6FGuFe5-;N>I#-P+_sATHyA_;(mit
ztM+A3!-*^XFiO)wm$%1sqi$<Np>caO9(Ko*X5EbI!_f0bt-W5mHyDk$MqFa91*ZbZ
z3&8E0LM^~tBGrWl{6=CP3qoWDaAK40_vl*%05AGy`fPP5bBzY(TxEb3c-$#1sK>*!
z3U+?BR5{OQdWVvWr6<*<<3^YJ;hnhMrii%LBK@C?JL7R{!hWE$=ZphyG#ZUtgT4KO
zjW8Pf36dSY42C$$w2D<~{`KfLq8}pg?9-5AgOIRsiGQDdCj(IVDq%5L2m%{_gZtcZ
zg6dyk1s(gggVH9~G&4!D5(zN!R%OlEHx%T~261zLXm*C)h>gNz5=BvW)FDS0kR1re
zt!Asy*}Jgcua76>2F1b_MMTCXm&%xZ_c?p}^3(66|M9aYAL&Yl0s@H-zk2)~I#78L
z&IK1N3yK1D&9NI>Y5=~URh>tfFu=DNCQZTegSE}B2?t4k>XV!6t~WbgIF2U0uG1ck
zIxT`5^mBXE_6ZWVukY6noMv-6gGpr$n1Z_zU`$|n8G1e?W&ZSAR?%KBq$)mUEFWmh
zQhtXBJbQ7ZvT}sL;Ycz}0g_K4vR{SI31R7%lJ+}4mwi>GY|r*pVq}|sS?fCfsFy@R
z=V0Y(i<?4v?l@{Uc6+_`!N$g>A?w#_k{NWn>sR+1?Y1GjTuMHQvy4YvVaSC69F-is
zczpEYJM14{A4v!wRB155x1W9+{ZF393TEQ5)PO=&0A#<hTSn@U5%%6-#5#xmT(6d`
zGkGPcr4$@U1qR+|I@@=LjWe6u7fznu+p0VD^~-BlFP&dm-(MNH!H(M*ZVU%It=7d(
zbKsAYxDW>L%!iQsF^VI^-<-w@Up)TeyO;kd<hIbl1vg1qyY_7ycm@DKq{p`WZ!;ou
zG@4;HkB;-!EtpcVFQkDfw>^>?IWT;m*Ze^^=}m)v|6u3j?$-6|=eDjmPUFh@mGf(>
zn>(%g{(g6*(LZRk);eqbVaMT!QELhey^ltWeqi}Eo%5S4|1Sa=Z89&?LZB13h_G0f
z-=YK0*!rQNg1lyFlWKt^UbQM924B(>80(BZDLh|9o7Ls8?78>?`tX|WmJB=HUVCe8
zb!+GRM!VVD+`W8ebL;B*rB;8hS>M{P?_BG+U60m(5^*Y6QWta3uGUq;o3ecJogDa_
z2OH({5DuJIaHLq3m-YFA0Z;z?e_wvtlV_#ig;+j`B%wlG7#&$kV4CX@h_Yvx8~BZD
zo4Dm*y}VFhNK01h?wnuSz1-?K?(WL^=H}k8-RrgdcD=cGu(7k(Yt%0^clP(UdyV0s
z>5>zqNGVf#<0B<|uKhM4?(aK1z*8Ts0~EK@U2_hr)L=#e0<nXSe?gds$olU-|KiC<
zUm~a?02xXLh(G|g2T*`uUTrgzqOA#V)RfQF3xaSs(7lLdls~$i**R*iAgo>8*gAFb
zdc8e#`tPk=-PrC7P1xS+wKm%QR-4v;{Y-1CbFJCib^J-Q+vZL5fB{SKtOQ!2e*0Yv
z_;pbJhvzSz|Bq;u5F4OD+nm9WaNueA;v-<%FTZ^D=RXf#JbjExa7ba0G(iv=;8qxZ
zon(Z$0P2UBA%%dSduVwN^Kixk5_2?}C9VwaS3@94(NotiudOvVuI<%ZJKJk}t7{tv
z9W!vYeP_@0+@0O6-B#0S^}GXuhwWLC#z|%?eWm0lv2LNJ9q86R`z{suYhKTzh4i8y
zpqSgrX8Gwy6!FgmT5*8<>8JDZ1!3l+nCw45KnQCPYGU2bGtPZrJ{Lw*=Waq`KO794
zK{ANqI3@=0s4w36io<qg7ZpCRwtMQ@?u9E25`4FD(CXCp+Z`wDHNwyYe#7<KZD-SS
zoNzQ5amI9(nq0FDkVE>L8{{ctwE;)vZ(s%K`cyOEXpQl?_1Q-=Gi(d*A7extaM1YC
z=fHjF|0zq!BgBjbjzj?{4#B7}G5S20Il&MgPVi#`EN|E=FbafE(ujGsjC36H9*WxK
zo&K<CT8<f0pfd`5!V%%PKjM7Ygt+R}0~3Z#E|*NB?#xMxDwm?3sNgfSVGClw`riZu
z@%6=v=bx4YoqQ~s9E@BwcdKC~W<J+yuc*F&AohZ+3ydO!2ORwQa)gm7TsKZ<-1*iU
zPk2hG!xJ0(Nvtz&bXx;=owFO<>N}nx-xen`-ZnoDxm7Ht@3>eP2E>VRIGId&$R5{?
z7m(M6q&e~;d1;N<XTKo>_<A0W<_ynVZ#c~56giGspTC$R+g<t;Qhf3G3x+-+r+)<n
zL(v!vA}5IQg3O97WVU;bt&Y=VI2lLdn3R?WBhR#@J(rg5LO0aU2?=_WDfYk(W^r%A
zJrc8YFzrx$Jn6K_?02K-gvcMJS)67I`scANJ4i5~j_^Be;PH#Bo@Wx5$J1pADcCg4
z=P&pdzc`w6>O`LP^otj)E17S(UTQ4Jd<vvI=;yw;Jt7m6P}5}SkEZ=3nZ(1y#V|Au
zWVy*3y9?wfpm}ZE8&4BFG$gutfF2JDVd0rfDJYtvO`2uL(NRFh1%O;}&V3U8Tw%a(
zXae;5o4}($H0ej({;b=JdYz~!J_pTDk3aEK;*{%>oN;A{4PdAO$5o*KxghR&&2{j7
zJewxYEDXC*zt7X|9BldEt$su7?I`U0`+3cbMiDc>A@1k|xzw3PC>2L`oT!XxlOC4R
zR`f&zI3<>GlXDqLHuyh^0iVykBu=7fBlKEfBbZX8`3=u}PHrJi@>0w}DIHN#eDK3u
zCh_qOEjg2@Pk^OQD%%-HoruTcOld`Ba5PTy68UFyUTX&v9*Mz@B9q}jGvWki#^k32
z$E`@<Af2~}CKnti$jA}|;rJ3P_>V9FB<Xx=bJXpH!_9sa4Knwe=zsj&3+6FT428h6
zn+O(FabFIFHN3Un8FJ@0FIzMjjaw5A?~?)OM~7D~MFAVY^E|;sHhd*HW@hp<d6}N0
zqmi_X!01V1Y55{JsLb6#D*dqKr=N0F<6G!`aQNWS^3Q)Bcy5x+M&yRZ>EHf`|M$tS
zKmW$p^2FUZ!6<1AO9BRxhHI?7!C_HEKkug;#+U%o2uHmckAEAs$Gw@H3?REVRhH*L
zZJf-=z9kNCbtmJ2v4UAOEikifnoAjvd1VB+HE~|D7hrY#>^ssqj~+Zcynp!c;ll+F
zp3aMW*zHC^*ZbSQKK|^7%Rd~_zhA}V@Bd;t<Ndh_rXzvvJcJ9oBwZP5O5_jXn8bg`
zer+_Ka<@kuk0NgG(Z)NT&&}I+ApsOBNbegx>|hf(SxTLZC7pVU-7oW{rk+9|OOAF%
zu7iA=>_2)$bRXWo|H=JN4i6tJIPkReJhHo^?LLY~ho2CK9zA~a@X>?A!^4UN{8D1U
z)4%y;@$@eS6DN*FF`qJ!@=Pd?cW}7|<6C&@O)}{BXXM8Fo!)Ffwvc<?W=SWCdTIk)
z91AIcm>ED2RF*pBliIiikQUS)ACOgZ(4^pYTmVStLmA+c&%Xr#GVOfbzem@{ckdoP
ze54$B`l6tl8&B%1&eO;D@7%pZ*FApPefmPYddM#(UVL)@-rf86@S=ZRB%SUoiV_@H
zos!uv%FOW05*c+xA<eYk>&+(ZaXTV2&VD_b4KNQQPB1bX+n2K?2Fyw9hiJ-8^`zIL
zI%CR`?=5>kWHaVRgu*y6hXzSffNxxWCjUNP_dfpk?#D#pp%sCj7l9c?9n&5B?c)cx
z<)SCtzH|5P$9IVZhs?T9z_@$Fo7?or<1hX+n@xDyW5SURIp@O7hP<6=HtP>a@MqCr
z((O`g-yTQ9s5P398;C~S{29yn0a$w>j47&dCw(e1P!zf$xX2dtFV_Dh8z3c4PA&Pt
zw?zPt9uW;p#9gc~(Rk<1eHHJ2{n>0b8m#@*uO5GL@Agf;Zr#3pi=P2m_~Z~T#ZPx`
zAKtos>(0H$PqSG*#PH{cb(IJ9k+0`%&(n~+eV-g(yA?*G5f^s}%o2{}Brn-Q3<5`2
zC$@SSVE_}x6XB#UyU;lo3LA?`{a+?uco2uBc7=X3{v#O%19<W8=rZ5Db&rVS-~L4}
zH2=e2K0ds6=hn>|bSV><2X{pk?(&Pkms>Y)5nCSpiqA82@*<9=4hcd|%pi9?nKj1a
zU_6~t6w?R}D3BSACY@$0JecrCka48Jke!4g4gO_WLpnKwa&W7g9Ai-Ui@ksT*Dyfp
z(j35}95Vk(9rQQ@L;w~HxOMC1&D;0xK@9%y$NvX?J-mO1DF5)o8#fmm_!y$kD#6dc
zg%{oV_|D<uC;#TNFVixkNS8Nxu<s_lANR&1u5Wf5qrh{T;lvBa<0uFlCTzDUmWfyh
zFc8F!Gt#7}OqO$XTS94fd|A_93Bd8Sm*#>aEkXq^zM1|<R*mmi`fq`jn>WcAESPlX
z78vlM@IYmNq~I>g%i^M+?tj7-<k^>nmrUBT!6+O~X1#8+(XJo(JOzv*IM?+?;}Ao^
z0<-6bBW`k@Mc530J>RZ6cMl9GF>O^_(@Wd-dz^g#7zd7|K3k$Sfq(Jh8|i=iNUZom
z04)7<RSdXy=QdIP;m_!z|A_@8?ZO0p!A&TKD#&dzh4=5%Yd$Ty(=eU*%^>J^8(Tx)
z8T1@~6pX?H-vrH|>HDGI4g+ozVNZaGpmMY(FE`G{Bimk+{kj#k^J2jPyWK?ufVbai
z-3zIJ03bl>f%9(;03IGLOh6_7dfgXq@aWzhTKu2M^`US;RN*F`eB;K4A{#fL39zE%
zBER^XEH>dJ7<9csZ*^b}T0@`K+cXFLJ=gdyedjiP&kwlNIq7tx-gJg>hi+O;GvG5u
zg2K}dDsAy8svTctwa?R67=TPPQ#?8<f@)XDax>IdEdWfw-HHJ>7Yw-l@gd8{z1tuD
zOz8h97{F?9qk7U!C117U23rD_f(L|-2c2lpuaEZ{>w9j`?QIz2_!~pl=?wiHXJ_b`
zy6X@x{J;x+cN)#?=uhk6DfX<zS-y~NsjdjdECSu|P|D^ev?L(#ETtp9)T1@o2!4wK
zR31PzU_sc84{u^QZ{Jk%=^_q53vPU9#eP9Qvw(j`JR}#vFsUG;-|N%|SKnN3bvqZg
zyIse1+t(Vs!OqTZZ?ENcn(f}^*1$1-i1E>w99%H~gOxd!tq>lLsxG8~O1I=;7mId%
z2G{}Y>vRWf94{od`&AWqsPcaZPj+YF0hIciAd<e4l-uQJ2K<!O;5gMER?4Arz-%M`
z@aXZ=U-qNncB{Si!G3>#bN$NNN^7;<YxVZ7)qAVm_5NV1x!2u4Xtf8s#tTQ2?o<Xs
z=`alLq^>z>e$2khHf+$X$`2Befz$$QA%i02h!gI_|0W~I%YV%NRR-XOFhEyzK|hPY
z60OVh^MmpW_7Vga@30^JKckUpcFu2XU)WiFedYAd&Q`tA9CTZ)?fUSFvvP2ye!bCd
z4?69>>jeZ0qc~P2kb^9U0gfxx^id!cn#$*~B22Npmt`MGH%um_Kq|3^T~2VaOYpVb
z0P6nletdhe__vgNFyJK;e`+tw086!{-+m*`;Lh#)jHUi+JnHQa>KkWHzxU?V6PGux
zZf-W3*IS$2t)1>*Z*~3b*7?hO*H^Dx>+nRJ$<(GrDkC`Kv1FKOTl!U~FKB0hf69Qj
z^7CPWI6VO4GF=(!k1YAuIsvHvLiUeo{|%_~*V8XjP|<6z#m^tY8xSJ6&u*lcj=ffW
zZRh>B-oJQ$@BK^l_qQ7LR=c&@T5Da~yngZO`lXe%t^Gz5CBW(Ir69K!%a)%~#u;Ju
zKq(tPcte7;;T(}t7@U2V;G{hVMHULj98MG#{`~1z$$$9xlTSWT919?~Z2WG#EZ$#b
zz_(rE5!nuq3_SCO<H1I2rM`9U-Lr3>T>Hs8tJltKU92|_R$4ootC!!na`y6-wcSR)
zzlZ(5z{5Cz1R%H8naq+bx1)VHy5;#s9tnM!&87Ac%rn`<SRE(Az}e9QnRp`6*U7(H
zzvY!z-B;3&k-tp;cXB{c0de5&$A^zU&*O00-`?I>KXvB(`&;k7|K6)7&YZh`>dfhS
zeP`qS58ga~Y3=%%okn+UU_#*GrO~cl%^#020X7$p1}x0G&F5Z;iVHU1^W;2?(8oa|
z@ob3MfgD1K4jhw!N96oy@nHe(-C2fyHx`Tk6{3Fn()EqRS1ce0!nTkwA#otwZeHJ6
zKl$$Ozq@tz?Kj`KaQ@QO(-$wFKec)4oj1;%yZqk8Ydeir-+1FGqd^y^NAkwMtj0TH
zXNe8~lcC<&V26Y3xFeD`0&>Q1m_$w*PkTLXrR4LvM?-9FW(F*b;DZN;ihb{}{i6^V
zVcbIXUnc%#!jE&{t9+<T<A-7j?vf$=4{;i7H8)Sccj@fuSI(XL;L7#$=iYw(<kp)f
zuC86a^4gj6r_a27{@P||ug@Ex84mLKdC{ajp3G{kLD2BWT=U>bG?;HV$B5cYT268n
z0iu79&62o3n02{Q(C2}Qd^(*lAg~hf;PEGt`he^I_!#(E0yW=7ze1v~A>S^)%D_!n
zg2#`4ou%W=54J9>oVtAB?CDqEIQ{+Ked~=6F8t{2Qy0#i{r-C=|LEN_mp0bUt<`tJ
z3ERPx^ZyJA;#qCDeZ6ByG4ffiIrD-~q44sA`-vbFg&$|bexK)R&Jt{})?)|;X_5Z&
zZ@(;UD)*tJy@Y&?W$t{H{tqjQ{*^@+x&;z_69X#xC1|*P_wM1N7xTn@`&{?@-bVMz
z$=Bcgowr~6y&qos<3ISxPcFaz#&7@ll^?$T&f4nf^;5e8!pfs5598~N>fVT=gW90p
z*sXJ)q|3D-UeS_|rFS{oFAac2>GF7KhiqV$@{39DXB1Ej;=Yr8xvc#UnevZ6zVoqN
z_*=q+W%;iJ;2VTq1plX&6W?G46hcXWc<<hW!+-HBvtRFCUOnAAvwrRD8*jb#%G<BK
z^6I-kdh_ic)PC!CfBepcSKqtz?&-~T*J=7B1986@hT(WL8rS@ty$xqH;dG)CaXuY8
zB8SOfhKU_K8@q7%0F7BP>~k<Z!%3KY1|*4rvy1>99o}Vt#{X{HF#Z-q;MTF2=DQj2
z({E+K&z4{@+kv~tpgu6+=H<OBjmGxHAD+2*`iCF9^WOL0e)W~t{@{Cm@S}HL{RjWa
zKYZu4x3?MtXK2iL5=K!p8Tr9vT8o@PbMLwnO{ctRuoJ~7f+l^U-zD6L9050*r17lJ
zzvNLu>`7#l>Azhf|Ka_6HiWNWk3g1NH@}7fU**6{mf@R?K*azEz%AnU-Fx>BzjWj2
zsN43POINRb@aC0QfA7^dU;E)7{osc`{PA1w{L$b0{Z~)Fed)EW^-aRWjc^k6x*ZaL
zz|^9!)oX2SQ0&;>3`w~uUUuAMHi+G1Jc%gc)(p{rtRGjIV)76}?3Cql+(P;f+2!5R
zWKKoDX8HK*jqf1;YZ&k?fMAJ!eBRyrpZxpJ|7M=&PA^z(Z(Y4g=HSfAsW)Fc^Ly|9
z-XDMO2jBZo-}(n9-hTV)`Fdw)f-yJ3wp*?6z^yeSGaPjGFYfdxUg}L_GVlX8?vJ8`
zk6IW`kw)_Jj7#V32@hDvOV`Epq@wt8A^rF7SfRgV9lx5r8xq7GxBuVh_^RLX@_!p5
zQZIndyUiKYPYxeHfAQsCgwtSm*xtR=>NXB8e*eq|Ke_bg2R}adqu>5}-~Zk}I&t#!
z2fO{28@9*oQL7n{M$~qKkzaSZ?dGsIa9We7(clr9Q84a}Mze%`MW19LH*wSn4@Nw8
zvNxqzs1%I+|5XBT|E@4VvzkkOU%$NM0l&ff+28%_yCh(dI)c=Z<+=Zf<k~+kidir=
zgZ72BpPV?ic5-!Xb8Y41yT9{Wzx~@k{NC^W;MLbJHg|jGzyt>e_5ES5)^{Dx40p*k
zY^~9nkHent?~TSGcS;cOn?%#zupiCHY>XP?e!DyE#)BDg#7&BziUJ=UlKd;ouW~t{
z`DZ`7u~6BUWc(Wi;Ag^%pME<gu9Sdd!@KuwwdLV6---NQYxmrb-hFMOe);r;w=TZ>
z%7qiZ`@KK<;Sc`d4}W~+>e&mco12}jUXMh-U26{pzGqx#u<i7F;kX@+=*Ry0eser&
zHv6+^+-^-;lj*b-jqC2d>xIOmBnx6h5EcNi0#vy>UTwSl%No0+|KG-dpIR2-dEdzZ
z0Yi80*;?Y^;o-k8JhIiZ_RiIn&FdeW{DW72^u{aiojh^k%~$@j|KiQlXU@KN;_UXN
zz4iLum1|e_YTaIc%lO=6<_vl*uVqYUI2g41W^XSDn@-pY!tnutMd!dZPB`J2`^F^E
zY|tGP76Ow6APG30#W}X%FFo*e<p1<LRQ~H3@S&}xP-I9lfDF{(zv4b-&ztPLxq12Y
z8$bTw`g<!EHdlXg^7P45ufP6-SAXZ#s~Z$7UEkQacJACpZF`4z4DN@c@yPG@y6bDr
zi<dSp?d;b(?LlL;vE}r(UB5SIIA+)JM$shZUa6S;z?`6xO2ETU?sI1E=GTTf8r^?~
z{2#Z0%hCV0k-ww_H%SS&ihTe6;Y02znipArZ^K_XasAy7KG?r@>g?*uyQfcGz4q3B
z{`bFs^~4W;{N_LU$>o!mE}X5knmxx1hkiI3jY7XkHqy9*gKjW9w|;r+T6f^KI!@>W
z{n36v+A$l>xCN((r)e?&{BQq_)d0A_uL*S)x4X=eueE>2m;b|`eFqaNIa8ZMGQbI#
zPwt_p%58{6+$4d$cJ17$Q>VHsJMX>y_U8Gwu3!K058gQU${+ui-}|lKy72m|e{`bO
z>GpS>{b6?yj7F`{bNs;VUOVWx(ZucTj>%z;hi((+3#NK#lAELyC1%A7yD#z~Cq8c7
z{JL20tJgOyzg2)mwEG=zv|xbBz^!|q+$C>#mum)O54n9Ur_jBArM|I#;0$)R*S8wi
zSNC53-S>Wc>YYFQ(HsBh_fP%c4_`l7>-G0sXUExo@4)Rkdpp~vzS=$L9JB+97h4#s
zLFm8Fqn4zx%Hwksxn2Cr3I#v<WJv&CzVBlQ_q(FspH-T@{8nGji)9YL5^C^y=N{@U
zFOGu3bJA?sT)BGA9hgC<x!3P(T)F<*kALUQlc#?0qxa7I@u}Z`<xFk8N8s2SZ0_td
z`<sJd-wQn7_YJLm+}#_J+K)T!(S%27^6?IsZHxW!%jLksdmj@BIL?5VjQY1N{xSm=
zG~KA)>}wgYWNdF#h>(*HcRs$yZ6?n{-WbJ654Y9YYW23-gPp4zYx^75e{|xtD?fVw
z@4x!JH~;XJlP79@BHeE}!&ax!aU9?A{a`#AqnjXNtH6g2anNsMrZ0bwO3E*uFLnlh
z!Z1ih;461pap0Rszad6onJghm{ODI)%Gc8`dD5G<aQ5ie=w0B`BgSsnAGxi~=H=_x
zuU|QP<@$S<-~au0Uq7{S>B7p%wHhJdUf=8wTD@++H{{XE<8UgeLmrjEGeyuiz@4m|
z8AP|}{D{YcR(YU@htPp<(A$NFKW6jf;h+BO&b>P~Dzc8nxsZa2So!@|$gfo3rUG!{
z0L6wd0yu!E$de=rCr)!~v%lTnySDazee>d(3-5h!;^O++%4)4+#>NeN-)lBH9dZUk
zK6!Gc{b6Z3W!=vUIj@fE$J`U<l{uHjzO;!T!T}%OzWEIjaEuiTi>JVsqWQy5?tOfR
zu+!Z;H-Ba`zV^CxJb7;U@Zr~TK*DcEMchmCYtHCuu``}_LOw@l)O7YXw)VDnR#(rh
zuU)=!Y3Ew4GYEKE%E86$-OHO-uY19Cxp*dn>}Bu<5}-Ur${l8Cs9BUmi2-+RTbcb1
z@>L{0yh-c+;q80(A3Q_{8Qt@PL$YBXYVAvUB5vQgacjvcF8J^g{S^zCe(6JcYTJpq
z#OusB{%@My-a)f_t<^cVb!K&AW$)U>%eB?*j_3L9D`(EU@z#&txUgr!WKlaTs#)n?
z&T}*Pz=)I^bh!06TMS4b9r*ap*D&DtkCpi2SGVunymRYT)iI?={_xIEQ8blaq1zvm
zYX`nsmV}oCU|9mH?wb3bJeBTx%+4SwNHW5?&Q`y}rhZtzvbVi=zS-DauWi<ORNQ!L
z=giq3oxZ%Xw%@A9!=cm;?cijdD9>|8*%dfxe=sA{0MW3qz@vxvKb9UBtE!8;UC_T|
z4?g4uk$d;=-a9<jIm#UP`1TzMZ#c7Z_uhlU+f|5h<2Pjh@$K-j-Nu8ex8d`YLWf+P
zGjxq{I*t0ZgZ06Fz1C~@2OYobY+rx#!nOL&Zr$m%$J4ae=d>RMzH$<9nI+SHpZn($
zf&{#&Aa>K-E307O9y)m{30S_rC4o>wcjGpZ&rP#0Q~&eNIkLW|{+xX4?R%d*ynp-V
zhidD;5^gM1z;fW0O2C81zb*q7*ld`&&Sch%;)vjV&o!R!QoPq|v^s;qm8&)9z&PD-
z=62t`wBNeCQ}6XQ4>q^=TkT%RCrLUuT_rD_I2s2@&bun66f?KS;~5`)qh{dI19F6S
ztRp;jZ^8oka^nVlbMwPnw?F3gpg;L%zx<nj^OsMbKK)BJru^@tfIZ8D!}|}(9NfA0
z39*7y<iWk0h_b(p0k)w6jWu`f-o3|NmOMAlOUK@@vD0-3?US?LbUj-Cx^JA}o-tjg
z(X54L-L(DC8*U#AdiBk{{hgiq`R4l8R@-TfXPs`G@~Iw0?j|$ts-E%gi6{(YpiWsn
zt<W$n*sYiE(0X%K;+wa*o^|IgLA8JRx5+p#jmcyjji%kd`mfCFuYUPUFZZ9RN|8~y
ze@Jr0!2a;=O<Dh&H@?b&8^;9z^m9D$;PCN_QQ-~3-f(T>;wo9ci+g*G)_!xXvDfJB
z20`GDLa$Y?5kzn(5SZ+4^>zlAx3<@=tX*I2v^Lu9?PlNe#+aapO)+kq<etli(GIu+
zwKs|4(&E8~?8_JpF7>l$a>Ql{Br|yP&i#9j|ME}%Bx(BuKYIgbbESP?Mtfd&Hu1XC
z^jG%%4!M&M-I5O<+`m)h7Qf1X55K~IkIA$gK6w227jw70xw*1->7CPSSFc`rZEd4@
zdF$lX^{p!x8vULLL%-3zQrqqIJL}sUt<F0udmFv2^{v%&8{3V>T77rD-EsCt(<z3U
zXL773qsxp7BN6+~VP0V&j>K+@C%mz=F67bVuEn)6O8ZxT8u!BqLGC?wtFgwXyEQI%
zwh4=qDjr0sjj$gdl2qNl$L8$egO6|BT!6!Gu>isVf>sQN4}YG7m#@5j>hz^I&tAHA
z{@T^8`lY?CwX2ukJH4^HzrIglZe)73dc8Aj@3d#`sh^y!Q#5pLXJd1vQ{UMBV0)w4
zI|wFIVnKg8NVqk<@MVg8Ml2YTDI6BRt{fpV;MPs)>bhZbf*h#dgaNz3qIv)BKmU_{
z<aT<)e!t!BbXo^j_v=^p*0;BJ>h0BbZ!id=ztnep`uKj;G<|qSvyI=O0%8JKZVnIc
z{|jd@*t@)QW#z)=#Vb3j8waaf7uPOaJaO^-*()ow=6g*u37nd<+3BtAb(2p0-P3!f
zx3{;mw{!K{_T}}R?Ru{rV%%yxOtV2IBO(fTMpBFEtV?Ea0R_0*n>-l#f+Zx!OLEiZ
z?Z~42Z+Y&t58MMj<F()EG+M3e%|>IT)fx;s_5FIQ<+{;d5eq(g9v(eEM28&#B(j6I
zCH?sg45&WsmcjsH+M|Ek+$BSQxq0!#^{sln+3BoZJooDR=g(fdetm6ib+1uhYr2z3
zZRQNGH#>t#YIZia+);0{)u``YUSHX2(WCorI2%M$r{7Ix3HJDsYr()<Y|WTuo?lhQ
zxiWB<{F^p*iZI-^B_eWYckbW+v?%Apaok)V^qgk5wcfto+E~5X?6`j2cY|)H-E0#m
z?`7DUdj!QIOYra^xml3+k`cJ^68#GX5Z8`|yMD9L?YGWfdh>&gCU;C+yl{Ty?1>8-
z>s#yVYx~{dFc{Bj(JXB3tq=S>4u*UC;n*M6ceZxcw+=czr@n8-GqM8RX4sv{C|<vm
zlY-DNL4m=rSo8)UH%`Jzh=3Wv@sajM-@Zl4fA{|~f#(%*I_Y(Loz6j<OwB>7Rqr_a
z;Z~zTK4%>E8(ptk52t(xXZY+fiNN852M>9_#eHU??HOH&zBM&V3}7I1?~{K)ZfgC~
znbp;u)8|f}Up;qv_008)SFfM^@#{aiu(E!6wchAC{@5Sae8RP)kK-bX$E_Bj0>9I`
z*zK>b9&Gn}o;!&<lZ1R#G{rW%BWW6xZel)MWR~Ph9a4vP$#LBxJ-AESdq@It8`VN?
z^8V!4*(5DWlZ>N|x7X=*RvV4p_P}wC>j(92t3B|eXzcjS)@rlAKO^YI7~>&R|L8IO
zeR%t(6drEev{WDCfsF?l2;IGN@A02{v#xXf-3w>lzw*i(*RQOc`pK)8cGp)gfB)?d
zPOoh56C(0Lo|IA>cM}3RGvgLneXrdQhT+I`hCyp*uhVt{l93T3pMIJU>X}!Ae@i*f
z*BCcVm--_J!rUi(d+&~P0pF*{RJT4H{*xpcyQMdnjO$zbTRjqi{bs$f-rL>X-R||9
z&CceY$NL<c>#b&c&oBDZ=rdwKg%uw@xM|y_m!)1D?Qx@X8}xgvl{4qwI=OM~>W@#o
z_U_4d-aK*s+NtYT-aGxqTjvSz_V#&#>MX8B<H71dqucDK4ZqPdeq+mT@`$Sb<(3J;
z=A_>qjmKty`njjQ(Y#?~CZ}Q2<plE=%Z-AEc3ac~Rz^1EkDmTd!^y~>Wo|zlT|d9m
z>vq<+uGbsa8wc&pL8rNYaQ;fO<%}m`D{wY~QPlHi;qD-2m-vfcNbd3QKFQIoV+}`N
zdocs<|5?1(^rP;zH_u%<ID75lo9~`E_ulL0PhNlj+I#0ec;&4VYdeizYj@y`XR}&5
zjFOlDUR=x$njL><(AxBUlSP9riO6*9w@q{GkDQ1*N_9*)Z@uU9j(Mjp`i*#)>6b6>
z^&|nfbN|5uY=indPopS^(_zz)(I0rj&S2Q<_cz<EPG`Nbcjd|^Ey{M!?d%O^L72qD
zeo%M(srmBpuX+9|v-cAcr+chUVpCueD{kDrxhPDMx&4!#-`ieqdn?yB8|(GG>)(I>
z!o?5XzjEfpJC`q?c=Ns2PONOLT&{Ol2b1uimZf<z=BXg_q&K+MN}|B;c+-O*>qkM*
zNnJmhb;D8E9!xXdqshY=3e0@Y<ybiM2;tCM|L0$R_PpW(efQ`-Z;j!C&7T(eAn?-A
z>m}2J-mD#t0z&4Sz5d!kYvt1J?$+6JXSa5C$E^+1O$OcZR?q3z54>4B!<3~X-jDK-
zQ@)3XV&llb-hszw+S%TId<X7^9)0lN{Nvf~?pp`1?fDzct@_1FZ@+i;m5VFyUbwdM
z&RcJtJ^#kZH{ZBOesJT`%En%}TbpM|HjP>lt!g}Oth1BLop95c_<qJakoo+SbmWHP
zlt-mt!yTWjV2@5Oc%<kNT8X~Iz~cF5pS}2Z&p-OreE#C|rw@b~f97XV;6xL@HyF42
zohjF$*7vqIE?!*Oy7=De`HhV&*B`jy#>)1f+3w7y{w~=>LhB@dC8kmT;`!4<v_(E-
zl{&mHaE}nu{ReDq@7%HN==aks_PeXse)r0yD_idVVC(HOZ=b$;<=v|%u3Wl!@sD49
z>(tqEfBf2o)y?(Q_b>1DwpVLRaU4%Z8BgTMrUB2)r+XQXGCL_{KF^(I7|#mcDeUuk
z623H=^7xA{KmY8@;>(DKDShej0eIYKNN_QbZKf|i|95}(b1!kj=4K;u4hHU^yVD9N
z*lhI%2leyo=dYi*vVN`S(i;!WZhiM)wb|<N9tb|w#H)M$D9Og|bm}<yXHP%*$A7_X
zXpbJ<2iPOs`j?M?{XhQ-9jW)RyXM|M|I^7N=<S^Uz4zWeecidb(b_rv`pGLR@0`DM
z_DAP0UV8WS(-%It@ZPKE*S5}GKG$xoU)`#eL2lB1b384MWQ#hFNlnIK!QJuC<rE~B
zPgcm$Fzk7$9GjY#pFjUnyQKf^KOw95{8#KJ`3&wpF#w~bgQ1golUXtuIfJH&yk2L2
zWoLh|*JxhfBFlGh;mVcW)s2=LZe85i_glX2JL_8;7h3!7&>c9tL)RS#vvIu{^3=zv
z_rLc0{}i@`f`m^V{MkSGWfBcWqv*5$`oDdEEtmhxUuDx~cYE{72k*Xh{e!p2y_`RF
z_N{l`I&t>w2j|~>>krRfIPuDfH_u(TaPs8&Ya2V;`)gO%FaQ7SQ<cF&T`TVZ0000<
KMNUMnLSTZiu=(r&

literal 0
HcmV?d00001

diff --git a/geonode/thumbs/tests/expected_results/tiles/wmts_9_6_4.png b/geonode/thumbs/tests/expected_results/tiles/wmts_9_6_4.png
new file mode 100644
index 0000000000000000000000000000000000000000..7c46fbcc0ea9059b904543ce2c5c1d9c1314d114
GIT binary patch
literal 60528
zcmW(+1yq#X7Nw*lhLDmRhDHQLx=TQ$hi(CB>Fy4ZQW{C=?vN6YlJ0Kl?tb@wu4SMy
z^Ub{{_TFcoa3zIz*qCIP2nYz+vNDn?2ndMakBA89NZ_||hzJJ)!ak3zq?nppTFt|!
zYFgR2yzrvr=D>J~KvNS_xW>`p;)~>)ClMnP6X6n><(<ZH_@the7%rl{U3>T<F0Op^
zZ-0XCi`9E^_~FRB96YM0%x`&;<xd5va6->+yaXvV;1}oTT;w?8Tpz}3CN254V3cP!
zzZfG9T;}&K{;Z#Pv>aaD$@(_TA9y^vDaefRTP4b-sQ)Zx(fFRls|K&tE{(`0!3mX(
z3xbSsIS<)8Zt3bx)1csC(C}`Z3KGXQm6ey3T`$$onYtFx;-S9CwQp#`l4Ta_!g$KN
zJJ`R|IBE&Q3hgW^B8u$3xNz2+hOV`2*=uNM-1B7&7Z>ebcnl8@gD+DD=?ALx%QXm}
zwSfoHFYn0>m#LqBH8AFB0G~ABw5ZiiS6~>Z%FoaDX%op9ewPz_rB79(U;g>?=lKJd
zIGB_&p%e#YbmD+1x>2R(@u!r$7X9+^9r^t6)YMd$=9c+`R-XqCS67XMP4EKbIE%K4
zpEy=V&Aay9kK$oW17m!Nc^38aiw7=J%B+b4t9A{u)@9}8$^NVZzpkohOBQYGwO>7Y
zd3ZE=UinnM4#`nYH-X1=_1({JH8(eJ4f~!g;i3k1uG;aE6GciTnBG0KE+0woX(gC0
zE_v0qHZ}2^=xv$YJ)9Lxd%L-z(_o<n4rhqqhIWRAh87nW_w@91t}4MN=j%VGJ3jdM
zHtN#Ls=!|yX-+$9CC~)9G{1t%#<?9uW*a6GMFu;TF-DA<PgvIWSFuJQWt*ZlD5Co}
zrYPjMJv|(OBgh}$xw;GOG^(GkowvC<KS!|_g}~tlS9gNL?qlFBl8J}#Vm~jp219Ni
ze6$iYT(97tyRNhvUE!p0H8S&`)R=6WFP)#+Gh~G%mX(!dhJ$lbETOCEb@-hi8`ogl
zCNm#u2lIKY5{ZKMdJQTNMj);A>_lNI(u<3XZj<J^%O(Nbw6jpg@IckCmX=8l_AJ>r
zR-(ugx4(`&se`uldoIm?Tf^FKz}=@SglbvV&$sA*uGMztr`TGk|GeC^$o721vNjHu
zEKe^_h&5cqyH&*+D6LaEb#=7-E@#x5yScTstjLl(b#ZagxmnLFZ_@I@qot|r>Q3k*
zNp#N;UyBj?>guZh$-=@yu7x&y(xusSHE-Mkef99rwo-G#*_)SKyOd~S?7(GuuhtPq
z-S_VDz@=FV2F|N1K0Ri~2{Znzzj!ht)aU;C<nHRo6-17P#@)jY0qULpD&10b=-AN}
z_$W^NuLc~N7hU+%XRW!D<z1Q=Lvg8gn+~1$+wK;R9&e}H9y>+uJFU3~&b-)3YP3tc
zjYoH!9uJlu4-V$*Av9xl{OLHM5?c$acINf-CCYHPl0|}P$;GOjOk9vi@<CCNWG)C*
zQ>|&|B4aoHbbUR&N$0`4Y7#j7g%qB6l01EVeSN9=K>ghG^z`4VE0BnA*y-S7%tcgC
z-Mg5PoxSAm1RCF`hc?}XDWiMVE9D+m?UJ_mIz>%FAe2;8M@y}aT6aoRM+g_wV&bq{
zzXn`<=*MqjRUHjPh2wQ$Ch0%s%QT87!H-qDf<69W$0fR;c7%o-<4V8I<c6Z6F|PFC
zEoVKD94Iq}>?ByI=?b6Pmh&z8b#YOVVKHHX!ovCn2BDBD)^!y6o6Ad=O3h5gqN3Z!
z2LTjsZ|{~x+jtmhl(a<(Cx(>r`JMOHf*tQZxC!O`tGg;zfpmp9m^_}iWs5#-b=~|c
z)&BBDTi51AN}N!x4_T-M;MHKVNXupFEL~z+35;}_VOvB}$_YQi+Q*#r%GHYp&8nA=
z+#imX+g$n6K^2&_7WTe9|2LQllfAt2PA~;;1Fp;#q(1oWs6n%F%UbZYM+<oU`GY#v
zfeynMSl`9Pg>Ah~srrLY+w#$CqDW9sK)N<J3uq=zf;^Kq%pdnxB$OlX&U7q6GX7a+
z^<phuVQV~J5!8VB1Mv-8&ScR~(BBTfw@tPFxi9TqxE*kP(3y7qsW{$LQg4-L2G7q&
z?>ef#^O_^m3s!jI#7(2vaUqRBhW*xD4Z86H-*N53oeI(yyr=J78Kw&9>}#m=w+H<$
zDM>XcGec`pnj@HF+?44HSZ*OoUw=y&!f=x6^&nrpE?dV(tpvn*TU*<eWC&6m@+u06
zn~zUxW1|t$UegbGdQ+{-yN6lpsU4@o!^3uN^i%cXw;98qZEYc)@+DW4h`8CJ{q(Y&
z8N;ESG<L=F2O*HUd7A`Nc92jlt*z3Gw)LR;Mk>k21#O1P*3BPm4QCV=1<>p@`M9|?
zG&Ul(W##=@=P<dtz9ta|UxR!GWk-k{2SjUzu(t=uI<sp3P!X@|3SBnh$Zp&Evn6nC
zxKzTtTL>Qwb0;l-vOe6LeWF%J2gU3aQ6zZOy$kKqsfPy;$A;{Rii*^$pkQS4Nd>(V
z6cVCY|5QC|&gJ3bLy3jTIImv(({4MAFpU7usn<(bBT9|%nPZYEsoXWALEiXIWG)UO
zAL7dnlBK(*GQBBg{=n%1zNfv6rp2-W?b*T9<z56(67Ou#5rq&gj(Le*48Ea^*6BQ<
zv6+UJv9?UCdF`koUh>BFqSl55(RRPPO_b}>_(?oFlwZay-EvsRsBxy%w*0w%UVi-S
z?9EKm^3k+2HiOsGV>)65>eba1D=xEhrKUA#I<}#eHM7>@=%B=m?|chZwq1>aWT5Y?
z+J&|2uqEb<q6>Y+bQr4Del_8dV7hV*TE?o~cFVGDz2M%zf2ejyjjxHG|9QIDn@&xA
z={C&g>gX6~=Pxm}_qLipV;JO6N?u^c%IYej_tJrj)@?SUsP3XI&j4ph=Ac<%k|tXs
zXgFMCC%5t-(fiNH$tbW;XFN@{K<VQcJ_D5%R4S3jlj!AE?|Iw$y9Y{&;FWhoUbp8K
zEg-cG4D|H8Z%#K44?$A`{m;`g71r0;i5xNoVgd1C$rI}h<0E=$JPIQVR5ZQMWX!hy
zrnYPkM2!#2z$tiqo1Op4;fI~_ee4I@YCSehGj-^&BX6FoqlQ^}<i!3S=hNfG?q!+f
zl@Bd4Od)PjTheS`a?*`;h%Z)RP9d#?vK6N}JtntxvW`fqr62EeH%n(sFDiS-?m&5<
z!n|kOtTk$&7&>AK2sRyMLU6|D|EgHG&Tc?ikL}k=u&D=eQoCrI<(9eP(yYgp2r6pv
zWYMIhKgzZ0C|M*XL@sXQ<OHwbciZ?*&GcSYSgigriAz`&wn~&I(u)-;$fZMLkc$*b
z1sinfZqp(BI8`A(vU~0Fk_Z`<&8Ak{BBgA4@5T$~{g(UV<AbN4I(pXpfzRVTX$rtU
zH#aw(p}3h}L2=P#!%MbE5f&1904)QVd@aq>!y{m>f@YkH0w=T}?7u4jwTd(Oui2YF
z1__&!lP~Cnxsks-JltLV_iqnARO80=^Pmsvmv5y>@PL|CQU#Os3tsa4#^6GGiF@z&
z+awv(d;kpere_2#QnCx17H#8TpnZJEAMbZhtc@snC8m9MVN@+lj^qAgd3m{b8CiaT
z(qK9tR)&A|RQU0YJ9(|j^uZfSA@xYFnWIpcGn@%ZBRgEKH%$MqH?M8-CiQ%m)_ADO
zx>0v&d09fVfS8)8D-;>@u#eqHI%34p(a}6SJkEM7&%Gb-Zw?P}Xsz3piKYB6d!oAr
zwL-W)T-`lb)&?N5i=;VL&tj1{`uYxUevzBxY054tI&r(dz7C_<Z&^NYG1U@3mocu1
z3KJ9&$r(Z98-WUj-}qlt>9P%gpNX3O5L-ArumfQjjX~GI0HEP)#<>F*IJ_Oz3?Y*7
z!#HRouC9rBJ5KxuPW<4hq?Ft5MTL(^9C0K83|yd*#h;KuU)|X$oV3J7MXp&`U#EqE
zLj3RS29z70o6SVQ;SPFm(u=k^E^a5?#`e7A{Z-^q(f}s{D1F2b-?wT9aC3%;FKQPk
zu^GOPd>_U^?ZXc3RLBopDc+kC5)qj`u>I~VnOpl~*z8S-QNcSXKXI&28&%oi%L&|Y
zk2CDh&4@{Bha}-B>72_{+{xs1e9;WGO@~{r@jaPlPhPr*8nzC>y;&0{N1eY6o3<c2
zj+R=U5SiZ>WiQxNv$D9(4?6hgU?4qPrIuT6^DY0;Wm})R)p$j@h9CeHc#$57-i|tl
z^sPD}hQ6R_{$R~<W8=n)4GLbQ)40<fMQbl+Vh_my98hGpc*fUsB{=-YmPHEmUE|A3
z3_=6KZp+%=13|uTg8Y`vxX7Y<*1?BgKEf+j8XF%ckU>VyTRtkEw(4S-+O@5hc;$Bu
za<19+2z1w5h^u)1c!yDY5IeIIMc8xhklT|!(L>M_uE%3Ic^T&qF3q|4$#Fn=|L<9T
z8-*le;vpt0=BrxMP(z@oM^jGxAL3BPv*!;$l+ng1{TkTB$Nu-@$B$$72pRQ5(|WO2
zoN_T#3RYXX{3LMU4{4&YVz40E(jsOhb6Zl{!iWRtk?!);2~Y4ow95U_XL2abv21?$
z?3b@It>INC_wd=tfnMN9{2(+4g1Qco?1y5*k1<@O-xMU+!5e*iwri_49b{z?8_~&o
z*1u|a)@t)@tq`c8l$oYgg92mN(`|eLQoS8RUnY&Oz#2AUTaWAlLL1PR6F02FtVBRt
zqEF(@Q4w@1i^RmRFm6%j#Fw`TN+vrD*~y}g$3T~OxV=ruptkiRJrq!)lKk=t{T>hp
zNbI8R^o|o`UWsH4p|ZcJe%|IjXncoIAb<HNuteDRQIIkk5V8?#68uv2=gZH<(ONnR
z0Gvi7m_h9g5?r$8K5)4Mg^x<uYy0XBwBTKUDi#%N)JbHs<AUn1?pi|BM{2f7b<27)
zU7A6o22=uIY=C?YTxQt81s&ep%$k-;+-<kWrooE&BBC3R**?j>S>AyUnRd4>*bt{4
zTwk_YI~yXre;ATVKwn#Uj;kh?{qn5au`OA#OtoH<RXQhjK>Nny&0qX4-p-@^Tj;MD
zAGHSQbJUAEaC#>cuxAV_XQ!NBnfh}ZluvJ))6rkNT(LGKwX3iL%_#T^6%8lg9pdf!
zdJb9S2uoK)ap+N{?kIyHO<8wmV1b#SImQ|)FT{or|D|`M?i#eSVCLuw@C;L}-+kLC
zFpW6a0x9tUXi$Dro{HD9l7I#n36qxqQoLwO@NdtFpH&FitY$@8kk3s9;2?zLuDcPD
z3TW#(pmwQ)sDX&QNN8W1$PqU)iPw<9U!<ufY<jf(xd^g}$zzIaSUy^A@eCbX|L3fC
zb?3bnE&mz?%P3PNiIlCcYX9WKzESsU&qtng1>AI>V}=<1()X@2jYU`owv0FzMn_fZ
zlP@Qs`d!mMaaT{ueH)){u1t$ng9+ZZ3)n-QWB4uosEI~pjL#+3Oip%|(;RbnjsV#l
zrn=x&d6)Bfw}`<Kbw&N?l`)A1md}f_wT&I8qB3Lpuwn#eO>N!hs0d#y7x1u<8GWA~
zy_E@r#)N(D(T#r$nt_JL+pWCW%N>TGH#}%R<F9Y`CJ1sovodDn&ZQg7z0y6-l`c=;
z(Bj!biF&J?I8|$mOxY2%LPB>Lnm%Zr9D3sRg`lLUsHqGOJBB!m&TlQ1=W|T$-UXRf
zdrgkK+cW8};b}08xZv7A9rV4mTS7d)g~7o=fDga{19*7-xU<7FzzL-+Ro`1(H4>x@
zd@qpxRWc1jrN0X6q(_GRr5)sr9=`~)w2=k%tXcI9NG&+rmOuUQZv89`iDPAc(p2Sp
z7LHVNq&acy!P!;W^PLOto$)!{O{rh;oa7(jg*2{PCTHgl9=zzXML0jFJSer(y()W)
zkO(k2{&J)%WVvO(A`4XA-CCSTEP8bNUMNS`+YLc-r)ts1WkUa<RjTf{v$topP!6&O
zKmqFay1(WRn4i_m9~`(mw=XsgAzNkQMbmm&B746qLz}I~tH1im7CQRJ&kijR5j8`*
zey9=r$Bd6}R&)W^ojEtvT5D-(YeTa_>@j+EBveU5uAWq<d8U=nfoe$OwsLa=nnk%m
zTU<55vRn<%3QCmOc0{JpwPTC^UNMJX=c;H7+BY{|atP)O18Aoa?4u&`kCwGfjg2Qu
z>rE8VJ#O(v2n#Q?5(>A)>XD0ALYvAyRg)@q;MQrEF2D>JA1%mBAIMhhH*zO`E!fO!
z@PyX95>1&^ZChTh^+@pk+J~+SjSCAC*bOyFAI``C62SfOuKBdE$d~!#&$WA<KUk6F
ziSlsWF)#`7)C6mW=H}7ab|kvufSh5@RaCS)koa0F;o{EQ9A_-Zm|6?+jDrkYQ@ju%
zw{ta9S<#wi3SO9;Z#6+a{0{^Q`g$a~CKdlj_=*seUDK0nICNW#5cGake|J9|^x>>?
z*&RHBcEr}b8au}&!t75qNkxFMq0lUBNGS^n3VPjN<9*$%L;svBpihx2d=z=@w~&#M
zq5MPc!H`e)x?&CVqP$PVlWRlOv-^XoJm3b)eIHl|_l?Pk84!Oz7w_?rG65hwno4Ai
zlfFEtklqIgmzw-LXCsj-^PKRo;}vhZg|OnfOk}#q{^djQdPb;TWB)i;sdT;b1hSYy
zObbuqM_jJ-+{0(MjYaY}^F=(mzK_ND*_dvG{4=q=Uisr<W(9l4Zd6<1U+TnL0h+gz
z*pIEd2o<?UocfK5)Qevyi6kc7ZmjD(zN41)Y`kgKI+KL0XGsZ{9*5|j8&r1&tgaw6
z`cR~K95ynXP!dP7mg)UKKn6>6{4SjMON(~xc*D?19kdcw5rU~m7?6;vs8iAV4f{YR
zppOr~qI6Q5eoKlbgYAYo7qIg0j4$WaK->nST2L7E4~^m%PKw(A?Z%!3BB<=N!_Ke+
zyDrq=@ci+c%Y#(M!=%&|@=Tl;LB{SrK7aa(88gBpwGxt4AXnyG;vr2*ayeKl#+i9V
z%*Fw3H4BNa4XRe*lTGB>a*5+Hxz5cR421-JF2zdZMN0*8W00>}JRUI3cCoa0r#9!I
zN!i`vF;7<-iLZCln_j02isZ7N{Sv_Ef(lTh#YsCY&;+?2ExnM+()y{(0`0ni_(S+p
zh#7cnAr3V5s}!&HAzXV_)w7w5euy)%AQ(hMLLmT}5nr6-$i~RBS{6^H$kPKXvDoaI
zbb+Z2S;~C&pS&Q+{*g5BLLePSR>0(ldY(O$t6i%H`Eg?ioHPp(>Iw=w<&u2w1Yam(
zziOC<oo_fliZj}Q@f^LZgR5)(to3o0_rvWA7E;4MD}6YUqUN_)3P=k%)C7chfix+_
z6XCA-2OUBu0-!a^AXPp9(lJGtaRE?cn0BUOnj^^921(}wU3s2=Vnxj|pXO}q4}I^W
zpX_~o%d`CQe!0Y{na<egPC*}2)TNS5zGwMRJzX4bzRVC|kX@@v2qWizaC{lqu5Q()
zu8PVi`!&T8$G_)OJEOxKADVQJ;-qbTWkL*gueIQL0glP59n`MjYF1i$%xW<fCFB(#
zjrx6M52jJy-hX`jQK0o>tKIw`aSsxuVoY?TJ!24Kf%LdWtM8M-%9rstSO)@~ho4L*
zk;+M<E*plnJ;sSZk`aG;T+Cni5FZytbx?OW{>R-FqnN<oSO^&MNH=STCe~iKLrepw
zJ3Ha5s5Rt95j#$D3AGU>-&-*$-fr5nlTeRR8#|ZVW6XwLvrFgTMQ*3jdTh4zpwo9a
zHtKT5JL|Q1UX=k*UATg{k>gw-ie>J3wK<U3RHl<te5*nf$j{YrLPOrsa`E8!k@(G+
zojrYIA5aRpUM{sTJp>n&hQUJ9MXcYl2E5WqptD0i$y;hEDgq(@=I0*JOQ-f~ySRi0
z8^rMdZxs;{0l(7vP4B(MXlmF1Qe|_qL~9l07fi&!H#(-$6po%Fqh~jQAI5<mVF+9C
z^q*_!8y_FPxOi)%f!9%Uywv9Vw3O-v^b_^zi-Ut#Uj_rY7(xlS^v!DdxLIh7ym-Gr
z45FqO3bL^5kFn2-Jmg<#)EZStjG(#&iJ7D1G72L6JhqIOwNvwJTji;V;IDGyM`ini
zRR!pZ<8D))AEK<76bjNdph>&$x{mqd`%ogkl1C`yI|70qSvS3>Y>X$~(9!}&E#A95
zIjLN<1v<bLVCy$tt=gr+kB_*VzidYe);y)|r}B5!_;$1`Q^5I@hBb%z>gwe=f8T1{
z=e8Uus!sO$4iw(G9PF4L(6r4vnvCDX?o3+NqJLEV5|9fE&ndH#Ow9YTeg*2}G4k&j
z&|i{N5W}@R$SsxB;m^?hkvT{T4uG(vj`B;FE&PQjkrIPG-Z8%WzipQA5HjU_2vR1F
zgGQKQ4Gy*c4sJZ{Z-9TZ3`1z3x&s+XG*_|P1s#-03i-V0X^sH%CoKl;!aU}^zF2}p
zy8wau4d}FYJL3#kfq+LfmRWfr7<#;I70b6AGE%ZwNOA6Ak$Z(Fhmo*iE2%w!O*c9L
zbPmAj01{^eibR+&5cz-r@}IV@5c-$VIF@mDYip~iY!S4E)>WUjqn`TRGd}wzG(6YY
z-O@l9*#W<)Uz?}NrqAug8%pmapi=zX*|DgeWp~;lCzv?8s%)W_yO7FWXTMPMi&esi
z=ysqMJAHhl6!e3mO(AWd#0T%D<=CQY8?|=vYL5P6=Itm^<6C_(`o%mULX(6HaDLL|
zOKa|Rlhz)@;L7KVR+6|_5b^fM5EOfsLflXc*af=BCi9xyuAs6np=A`j-8E?5?=>mz
z`187xB|xbjAC6Z$!Nc>P0sUkU;|Wqge{~J+y_Z-f`ODC(HIcaAXZt7Gx9!Rc?>fU6
zB}|Cyh4iO(C6*#r%9<3DY|N7EHhk|sKOL<1fVSuJ3n+QkvLz3vNjT^$xooeM+R_?q
zS+5JF?tQ=AO68VCe>cUvZuPoB5(Y{wqa?ZeUz`MjjA~X1O32d|j^*pMTr|Q}P7t)P
zW|lAhiRdqxM04?<L6E*z;FGEJp523DaLQ<o#N9587z|Y5U54*AT<>JCB?mc=IoSWB
z^xXla;`o^OYLdUMehFV<B-@~H*%f>&FvI~GMi<&<01drgOgF?hgd8n^v>4+ZggU6P
z+j4EXs7U6qv84qZ1~Nh%BG3&%>o~R1l>4HGfKQ2zM~a0ShH)yk+azt>X)QR!hqeZN
zA1ugMfxzUE%Rn=bl<d;{!ID}!APmUzK+{#oN4^Ef_yK@<HWez2kf2m~dZ;+0+0%I)
z?IYiZ(^#23J1GkNv{YGE9=>6FUXh_Q>H25`0gC`RDdTYTxaLJFB{t+%lM-iE62IIA
z3?>7~e$5@Au&GIh$GeNas`}F=jzvSOFap~Z_vf^GlHez)8X@m%0XjqpIXA|t$3|41
zkmu1P()wu1th6NQYhg+uhi+=)4*>`>?J%;-v2$l$g1#b4%*rTB;|MpdK*e#VTJ2y+
zuNly+LOcBfk{|?BZdT!VU+(Viz}t3*b0okp+^s`9SNEpNn->qC?nRyy5B+{Ufxa#W
z-yqH@+Dp*@8gPR_WvyMxtHk$*irA1{nc5mj@8|d-3zY+66@C%}^Aie&&eq&7{~~{Y
z3i5~j$jG>n<W`wFpbNB@d9#W5;^v!HaMFGzDYmv>_Ks+A{!!qaYdO34uOeoRW#QFl
zxHQ+cBC>JJvU{)>v4dyp&h;O%!E~*igFjhbwDK=Hp0gUts&s8`mP2imT0Hca>lu|A
zH8ipt$UURxLH&P1R6RMmSTV$-1@&xDg%Dp#8&7B%M~FD}DZNGgiw5I|s_La}Y5$nS
zq|p=)t-5;<uI`esQGu*Mm^YXm^bpmyu^F)(RgEDjS^)%p5?zdiY}ASW007(ra~hdn
z5}(1Cf#>tmxrY$>2WP!?0hJ!S(Pa=utQTN9_jKsm7Ei+W=h*G)km9UF%#YvY{Rk(9
zJ~;t-S&m$Y;WL%!?egeV5kJ%*jcModX^FXrFd#CfM$b-yQtd$g@aX&e&+(*#{)^R}
z!j)+QJ{o5gGV~W~<=i%Gr4hFkisM``3t6gAw~|ls_8#XonN$el1xPEj*+`=SKTM4P
zGiBmO2=6fTvzKO~xC}{9Ll&nNIAzIt2|;HlKKjWmrLUG|$Hy8pPE=1(7@PZ|9pUWe
z{_s%2m|TP4rI;=pF2>>f*HU_2tTjk%;#8Ufad*PvPcfJu&8^pqxg#-$L1?RG1va}$
zlQ{jtAZY-JpkSZ8r3vwQxR_SRKfAyG8yWB6?&|vP=ZhCjT`0%I79J&%pOoWZAeev*
z;Hg+B`~!oPylRcza#Ya#y>qMt>R;sN$_aE9UZz@c5KLEDls>y>mMH3o%}a}mSuu<G
ziWy0^;foM;Fi=|bcJNl5bSG8dOp}7)_3d)PECLZXu#n!`U^wSX`^d;U4_I=O>Mlpf
z)TON6QddM&d^1lI5*7|<O!g)hHlY~T4SK6ts(#>-YEGsi21E{ZnapRM=J?;WI|+9h
zNo18Lg5)}uhi~i%HG{wZlMlmP{<f4%2UC35-NnSpsf)6t^k%zcl*XCDkuj^(EU+Hu
zk|&}>LAQj8%j@dyq&6J634+`JGCkR%1Ui63lvgYXe^%`>zr|Ke06D~(yY2q;xt9VG
zlYFpI;CGb-)8a{}+puFY(PR@GE+iz>QL}zRVyleLfEvKsF8%HV|6gc*xZpOnEJ4>F
zP+5SK!n<ror_4r+2Z<9(frWpH-6h%HS#E7~KdYNNx_8-3cVif$D4YtHiQ$)F_!b_o
z{pE>a%oV*yaD<=RmfB<GBWGH5gmK%eyl5ki4|^(-e|YM(8kc<@zHib94lR^UTUDSX
zhbysH7;%xUiqM1&)NTZPl$^uIL}{zL^>+!MKSN&-4kNEkI1g+>!b_gOqSlI^@j;%*
z-DU|wAht)dw#92~ZT+K;+M=XTRzP76Lp2CTXGaw&cT^}YNP>E8K!6c|M0|m2VkrFv
zOxc!~mdvy+4;PzZ|Lnme22Z7HOXiBEo#yjkI+)n{-YPy})bmRjX?J{?@FP0GSsnVL
zs7Kfh=DDj>xyYNx-)ITeq;l4N%~^9dklK9<g%nJ8TyFkLqFeIhS^}-k-81SOI|@?+
z?hJ4;Wf&xY_Q!&4y?1e`GlNAXi^lUtpTK*z-yB5hXiWLhfz3R|*&pAn@kl#T)FQ5~
zGTugGjO}fODwhj*du3*W+L9~6TK%=SpG(cQjqX>p_4_!KT1Kb^tNv;=kulJ1EM4pi
zh^0<IO9i-n4Y{?snKm>5Cb>aQlDI<lk8CIgCR>0QGsB7=jd{WKiz0^XQ|v9z2|Ql!
z%R()Vs;2mIfV`7AN79N{988-^wWkZwvWi28B_3m75ht`0eCEC$`bW&xp2@I^m1oLv
zO~*wxk|@O(t_<p=L1A0@(|g``mr<@=;gZVFnQZ;yo63NS;PVN)#VRefov0PDT_t~<
zCLzs~l*p38@zx#Ev<)6~=1@{xhGz^DJFTeQkgLzQa@(bO_qRe^kT^Q#n~+W#)8u2U
zf7y4Zo6kpno0jrhSxvZ{>}8ZMKS{!hU0UU;m}S(72WD$ruhg-=oQzsc$Y9ISdQQ}7
z%EM+^BM#_;Ms_cC>tF9l!QmFZGDTAAhs788BE)Xe&V<X1*DM1nEcTT+s}K|BvD>q)
zVH8u_&!6o%S5TQE#LpOCxW6eC4p|EOQ6Pp@YCZ*_@s`mom48vGL{g@x+tiaywKZ|M
zGHQ~Aq?{STI<NvMp_qhOK8dbL`o@lH5_YKqI*;dHWGC*_5|0-AsQgBIykJ7?uZ&De
z#_-mEE(SYUuAmV*`eQqZHEvTa&d<3P?R`PQ*WnP9ubdOavrp_89<M*B_D9yP&0?nW
zC%_4%#B{QN6boSeN`4+P!kZ8c$fq_J6{!0VD#~KU<2eJ?SM}meor9uDJ%tR3|Hg9g
z;?yZqnK9<DRFTGx8Bc>}G~K1AOoRtHo)al3;lDJIu{)^?-`6h>{h<6T?3FgW_0aXx
zg4rT39k<%Spo|D^z4k00$!wS8lA+oVsFHd{Mh&`n=oo!}U-!Wyj{KAGQ@6~Q@OshQ
z0&CPmqs5<vn+EN2UvLD3z(d~?zs?UysE}OcXEQ<U*EIS9qvigV$Mk_^Vym+}%!N{;
z8#xb}pxfg`d67Zs?4ZXoeyV~$zaK<$hrF3n*qek&!<zX1uP)S-CU5WehO?eT4?^ya
z)9t^(m$~5{$A)!VTc3>4?eK6=33;cOaeP!{j*V%GB!e!xH~iw=**v62DO!aGlc?iO
z!5EvHmqzJ`jQaif#6#lKsR26QD5uT+KfUiJ+FCjc78F05qVa{oaup(OySdxdeP~Wd
z2&-FtTe!Q<vnJ~mvv^lp_oM!N=WQw~$)GB0w$WoJivttH@h2=7hEn3!XpkYkcakx;
z{8J>wVI&MLMNN`4!j{7}WJt!7-MI@evjp1jS<K%D@%7S5&;lZ?=seg<A6ATiJd+PY
z?1w8g-UeK23~X?m&=Cn{;`aF&1{t#drNkjj#BMDzc&^@6FF+Z6(jL<o)EZ3S(o7L7
z)*HZ__X<iOj-LB<%sZD6Qyxivrl;p!gu`*Rv0og!xE;kzV9Kk3Q;=NFSYo@o1p&X$
zP!~TE2yB_VXUqC$W-0>x9H>v;10Q6VdW=mD7&|&J9iA@Q9yJiG^2bSWLL&z+Zx=(m
zt@;1rZ|U;=Dl|sYwZv-+3;KAeqn`Lvalj7g;Vq9sp@EP%nfj$#`DcwR-rRKCWM|l*
zq{->l)5+nYz^*|oS7>KPvO4=O5(`1o5?`r2aW2^WH`8!AsaGl{GG8?)B9pHD##J8#
zwRfM9;o%`Aw|fw?yh;8r*?9el+BU#I?j)k|CK2lm7A|Jfqy=)N3WKOHIX6NbqK{$-
zCO)-2g1Oi|`qgtcJ<@Px4tx(i3%(c6zx_dV?(*w1mKi5RnlvNY;4P#=`ugm?{iQbf
zyXmgGJ5ODG=;>-_XrBp^=o-%Xld><KqKUWGVQ46trJ!gXBjUYACa3MQ@zbg~tFT6?
zk~i$<XU3J8C}?+s-cOH<KS87VX|d}W2;4BA>%H_&LKcfty{Afz%i82l)}PXNV+XH>
zHR@fZrbd0z!v*|>qImr-xxe+k3HMZf4qY1vyjmi@Gj3iTd`p(eAsC@OaUwn^Up{>|
zzx)_NF0NGQUNL`AP>{KWHVXMhZSl&|UZp-OPIH_OkNaBMVqo2P0M$e#tXs~H>z~Ho
ztRElHm1!mC4-$gj=_Xf{1+Yx;Ga>hjLw{efqfQCheqip$h~Qu^G3rW_Q)N{{Efh^Q
zX!CghU<nZ)!bM8XOh3X-69nR>zlTwk2#=7nreJiFi|CVBBr8;3fD4sp+DwNgXksIt
ze@oN}E4obQKVy()K$DOEk_?wZyZ7(iOp;_oub$msr>!Dbi(=frFawJn>M8W}&@#TQ
zCW*ejD|I}Lqav2oDsBnry}m3fveNjTE0v4AT=1(M7LF?MchCE#j|{_kt|;KIh7}j*
z8>xTM{c26OE3{~JNc}Wc?OfkD$fDH#s{(6sPVZE%g0n3}k$3=tfg<hixHNOgff-Pc
zTc)xb?rM`RTVHxmA~l|uON6f>{##3qSL`V1j+m9ltb<@gNzBS+8%z)`UI8ND7z2kf
zN$`WJ=(8)BuHR1@yzj~{zir((@xxhkjc4|N<|axkF7=HLF~O{wlu{=Gy7bFEzFQa>
zP;f#C?6h$7$v@N%D1wK)>6j`szpg-yz2(Q0RQ_JzL0)xyKP>XJ@RcI#`?&-<upQ)Z
z`?boG-~;K5m2nA4*DL6+S#|Q=`3^zNTLHDs6S$0uE`O<mMroo&%8<t1XsRn(Vg!wP
z0ad-3N+Q0v_ssO7zoaVz);hLc#+Gu14!TE4-Z0O>x9`X&wA=wZw54YSnM&F4u3czj
zY&y^%xS;AC(#IqjA#a`~Fk+u0%yshB>z7x4%lvrMqTXfsyP^(NS@k7VvByjMR85=A
zKd4bTZ%?rW5Ot(Bz-aBijx@5@G-XVUm#mPl_QCuX;=GJ9knXsRl5$|kNI=zorx5zA
zgnq5ZGRs&y*8-DreJF(?z#<lg5$MnM;%iZs)IHu4eS#<)ejR)~Ci7R54`24LIw4+M
zcBTE~S2^R$GGof{S2^E@neGh@E%x6@D$|v2fsmAIy8xQTf9-2Q!inX0=~JhDY@JnX
z37hLME-xA-C8f`e$Yc3$F0sC}k$(r<YfkUpDH$^ghl?Rdi8<^t3n~845%!5+{NpJ?
zf+eFDB65KewY#n*LDD%z_8E<bO2=2KSFJ}KuNRdp+Ttg0sk#67%>A-o*G=7qdvxS(
zc<T%hsS2za$K8yJyf*<&ug7P?dpZ4<+F0M~{*>L{{Yz(A8IInLtnp$8^_ESPm~{n2
z5uUr78#Ox`WhV=J#_-NocQBV{=lHNBFqD|`lK;lic0;ik^ZxL@QjgUFEh!v5x8!y4
zTSh?C#%R8LXeV)f_Cv{mDu&Y}x;d!;Ys;ED6*RNCx_*{W59$eucVp%hp5JdZeM5;O
z>m1#*_nKUu&J~{|oms2K`KBp>DJ_?^NSz0^^LUpJlU0gcx^wZhn<=^DaSc@;?uH_A
z4EBGoGT3Ob^05%%#mf+RpZ`u)TYEpw7&kH=YyIOb0tepd672VfFWMe#YLy-_-3TMo
zm5g`+q5-FfD?ug35wm;#`Wao(P6?#QVm#eylCg9i%$tADKHe~Nsn5T@r!wM5s28{K
zG1Zd_`ixVl!#U^zyG4W3Xc7}>EsXg8W95)>BA$pQM@*|R-g^DJAouf1ZI=Sw&M`22
z5dOBRz{o+`6eSYIFq<nzi;#>9cqIK^w=6y;c1yy5|7NMx`!4UIto#IlLYzrlwEY8p
zJWRG?h=!yahu4x+vwT{>xGKZv7UQC3`Dkx;gE4AO4{xW<{RpSowx0UP`0N~gNoKD~
zPGw6{fSkKv8R<s}o1PZAwjQ3AkQc>8ldzSn%YI|r*3IeJR>srSlj3*h{t{Z#*xt%;
zVmuDK*`uqc>*yy&=v<dzm!8VVzY4~+m>1B7&b6#`DU=6={Rg0y<;LbQ&8>iu3|rm9
z=$HkTs_r!uiM*#LAZ1Lv$k4&<Je;O(E9CYSF7<OhfQbS3YxTTh3lgm&i>1XUu=|Cd
zpwCJKh&FmCT3-*RGI`1hLDf_JeCbqk?CQF)^4q!ZhD5pHn7==Kee9TRcdKxnyc(XT
zz(LE!a4+1uXd2%!PiUhjwiJ%k27>by@atKm;0wR2k3qvTE~aycTCm6|{<GSmp?Ct^
zTNMA4>i#0PB4V@WFo&P>Z3%w0I}jGlye_CsJgZ@o&>~7lB#qqAFw;s9@wuYGVGQY<
z;H~TCaFe2w9dJn;mu>+A-n~9mmBb#_%=)A9^77)z-|(Ns{V`_DNImN(2L}hh&I3{H
zwhSvm(+cbU!$V>s`3Poq7&yJS*d=4EoU-^O&yOAk2eIQYI#ae$^xJ%I5`8f$gD~Gh
zp*0tGj}OhL)f1xc#;%jT9T{ua(!X_6^$l!;%HkiqEykqSqUU`1B6OrX>>bf{5@R%-
z-!bhj4_TCql0@523%PEO{BifQf4~HkMK3f^1=4t=B-jg4Ko69%hnua8zK@+B^Pm=-
z$tBZPlCPy^v=SDVmcST$gb>d(tw=Tw7;Kgo7Gl0}gSxTbAy#-BFB#HQW?}cfm7r{C
zx=Tdi*<bI13=|mTgUBIQXQ`$^7nC>;4zFZDTav(2c0Dqyp8Y`o&XZ1dMo_VotI#Tp
z-5!5o6cN(|9rfSGm*%S5bKz9_&4Vg+I(SUpO+P*Wru#7Od8C`1t04Y87plTwQ9NmJ
zRIe#T$V<yKT1~iOG&aicZk#-mM6$3;wB&YF(nL6;dh3}C88h(vNKV-mQ3vs-4;}eF
z-2rFlM^Tn&F&8d#Wy^oz@|nSk?J(?SX51hWDuk5zedRgKtnKSRp17A*_4Df|ngWs3
zjf}~L?74HuGBvAAh_oO2y0jz@$)<p&CHhfG46`+V`w{d$bPL^|$D)A!mF=wOp#{A~
z;BMHZBjUFldyAYm^t=JcjKGVXIIs!kpVS7YGrz8=36rRj)3<JX+CDiV)4fTGSwWR`
zkQ{L<1duAF*)Nuh@--AVG4!l>mtOz#1xN=Z_`GGU=ttQ&KWI!?_wj8L4`D1<kdnqa
z<F)-N!7KHi0->}*`cC??oMvo%(&!%3m<wxds!JX!Vbn#|%Jg8a(%lpaIau8T;+Q;r
zJeb}uvV9lccnOpmyh@F@u?mqO8A*3=ZpFA}$T$WwfB5nbep~cKq2KJ}XB@LdOVbjT
zz1aBmJhz>13e|kuHdt1@s8VdrxYBND6!|?1x8DvMk)nf65GgDmT4nJ@Htzm(;Ptl9
zSZ;0Evna`rRIDi3QX4nz{u_eGFU3nFO{-h_OioYM->sE52=sM-DuC&&xyh`nM>)%P
zj1(DA)j!3WQ+zj-jpn~aCbxIfQ^k$q2$YSos(sPizf)z5@|#A=TDi!=Jy#<};awzG
zQSqwKGNm5ffx_Kw0)5ano>|ZwIc3JHPsKe)eLgH};&BSZ1Gg3R`U)4vYO7rc)U+vM
ztB|kxujq#jmnWeHf<iS@XSWr^u}b8pp`UZqwOJkek0EXlL~X3)g~dgRQ_Xp-xRAaZ
zKhjTgfvW=9nRq+}Q}PzEygz?7DEYAv^2hnhZ{UAEH)L-=S0hj*hF3H3wI8N*6h{Qa
z*EYoVa?F_Vr;pJVd}Z<`BlS)`NNNkh=|Weo4Cv^Gm(IM_mh7ECTh37|pvR^$&wAr1
zK19#g$ffdld%?1nk@a|gHq6ctKt35H7X3NVz6u)l1@t{kK~1FG+AzPjkWU+(P~F~6
zTEY(v-nH7wkOj{4z`Z83tN2Za8(^kIip1YLpA8!CAxHX+)5Y^uHa?>cz6L{)bzw2k
zI1{9Dnqw|b;?2%VVI65~Vj6R)N+Qf@4ynNXLy;?(DJ#hs;nG;l!*b-!_Y03fR_of>
zfa<cx#k}<L{sx05*x5&UDEos&O%>537zNq4ue&n5;ST?x!sG-iAUF0D%G1{w`MX|M
zii?Z8<e7^{D9W6K`Tja+HZ-ngHh!!o8vg5{AtRb(ue<vjb~uI%2?H!9t82I6r=KLn
zn(=cCEG)9sdgHcD2-1AGF`Yz7*T8n$F`!8Y=v2nv-|W5j{Q;(9K(U-)3jd%sUs=if
zp^Ex-Uge8Bhc&**u}=q!nYaDj@;YJo?0v;q{x9TK>)WAVqz=q+4EpbF2tMW&k{)7?
zn6Vt%)Gi;jdEK0jD~eQFV9$|o-GP%UqSm&j-O91MpRbFPsj|?!<+^|?6K?*yL3Ab%
z2jeebn*@U4vH92`VY*nA);H6grU&g`VFjC(6zM~ZXcx&I3>NT-p~*ZWb?tqe$i_DB
zL|!eQM;1OL?(3hQ#NAm%BD->fAa+ZI(P?WKyP36Nsag_@DwF;M5EVlLMSAoYQ5D$R
z(2ZOCS!G|kje!}2@wuLcGOLRdf=?@4z3C$Mb1@YNq3d3`HHw3}8(d7wxiD&58s3O5
zDk>`Q88iOavZ3Sx2Q?UljcdvbvYJ*#Qm!Bl`r##Qx#LF)c4((J<WSNbQ=81O`Ej4j
zo8QJa1-2COjF^WzDpadk<3va6IgipTdCu|D-hu6yHt)N-S!*v=Fid`Eh6Vu1{G%7a
ze*SS_?u)cili$^?KqGz6a;W9z?VWB`oV<sPD~t_A%cv`MIC_)OG?=wr`!(DjSkc;J
zphe<~^5)J9KKerpz^rxTbIX{Mx;sI&i!~al{YODESH23;7#u%P60g6g4mFJ#IfQB-
zldo3=Npig;+F$(`KTS*glSvPZ6+d%0u@|xT?rItb6h`1kT^^4E(bg;c)VRMr-4SpJ
ziH&$MgvJ<$z~u9bJ&n|xlEvpOS0;fpS;_{vE~-YzSf&Wq?tZ1c;!WPGd0hgM&vAz&
zLlKf^-2MUB71Umt>I)nOUIG^T({Wu70*n{Ghu<#+MdC5);v6H(TL0oy?JBlF;}vG1
znD=eDYDhYpX<SN1rlgh53;qV&Vm(|xi%j<)fOY$=!n*<bFV=HwP$h_q`+_@JpH#K;
z3d>h*q;_xs_)*0*3pR^B(-a0r<6xuW_H@s{pTB-xIl;76F^)^Gl&90B`77U4pOHo_
zzw?~-GvCRbmCVe4OFZIwCSOA0D-tDBH6stxW$aWKNVmS&+CI-{DmqW4i`Dz<E7vl2
z!0iMPr;bVf6Ox+Q2S&eb-zM<_jD}5gt<}8V?9g0({H^Kb=7!)gIw~s3csJ&gPUv*T
z>dfJvE@SEX$vgb*jtbS*N2@@{9fcD=1^Md=?6LHFkvMlQ>vx<~QgFA{=0!Hy0UG-4
za&;CjU5k{lF9odcXOf%{@PH`ddoy5A5iR0#&p4{{>?2s_$j@g`Lz`^kJ?*PNP@%#>
zQ(+Z*oq}0LrqiO&X8Zo96b{+eRFOjVZ<-)5*y1E={%J1|2Jz%t^#|Kn9#4-#J|a$@
z#goR(^T2xzS*5_>TPKv>$l{kN+;wR_%y_y1lggJ-(z3pqO(qZbBZFhPlL;j+#uDNy
zJbX5~f3$i_<$qhu;*NQr7PJOQ!xg*t_;HS!8w@>lezJ^B#Qx}n`}3AHFhzt6uWiaF
zUGay%#IH`^bD8-QYRGPkzXP9sYsSGGkRl|`ZZ5j;ZSJ2Z7a4%6+zzSW`sE~p>Nw_R
zb!}eX&fI7!Mc1cJLNklk^Y<xqVR(Nlb{ozbF_*2vqBI$I701uPnC?7uO|OC&>_fDx
z+M&dL{QK1qg;B=7cwOO2?L<`)n2dV`41LhgVwsWb$E7jOYxT=9(tlg*(sa?}sFR}N
z8pDlnh1|&!q9bjz?XFd}5Q>z0rj08_w`hNf{jggEVs;HiTG+?{vPl6P)7lk`)n&Wd
zBMa=qp)M5N74}c3ub%>R5Ny_}h)5ytl$7_|8KBVWcV0MIi!C#Ug0rmXi?v5fOt`&;
zrmP%VDHN#8fdSu42#=}m6w1$($VXD)3;D4dbc3aEk-uKT@6>X*sO^gyIS?v5CJX<<
z#@=SWXpU@3;zYsME1&MVd^!#lVT>#L*haR9s<`I!X3k47x{7sHTl_5G+sNB^#j7o~
z?Jw>UgGH9%pt67kp8s6#E&7Tq7RO&`o>lC_Ep+wtVtEvp_Y59S6T!4_AHm<e?#0)X
z6E`m~R1MQPH?3q~I!$uz>V`qPNNw))iBrk!Ww=mTaTz;fibUz`^`_M@kUioXX3@f>
zOANIVfM-DD;haF(?wV9}_3=?($7jSax=V4*_!xmhcmV-O1Cq$mD>PkyUJf-L+D(vR
z6{}wbpG!&Rnme~lgmwzs>kpAohpDxUW-_XuY29`4o#W$%VDC~d=@rn>$Fi}wepj6R
zy3(tW_4s)I<@Hz(7P?P=)fbOS)&X;rsFKMM)~Gz?y&B?rJav^<z2reQV+}fQf3hb*
z0pMO-1Pl&%j@Me}@JW0v#aAqZS`|uU{;q$0A$RNI00hlL86-tn)?ZjOBa11CKZ%e!
zLZ)$Z0u~T|7gIamBVvwZ{P<y~B_8(RlQDu{CJLpLjS~$6@Hd}d|2air;8~^Pw_Vvm
z2{ToCqz%)Ba$*81%a7Sam9lR+5XW+hXEwf>bOB;OJ;#J4`hIWe&o&)q4?;YcqZ(M)
zgN>nC>9E1=Q2V23V5|U^0^|N1)Yyv^I6D2SwXaUQQ=*IH#qGPC``mC}m>7Sc(F<5<
zzL-gEFIvtCAMW+Z0izWi94|Y0FAZQZ3ds`DA#t<Rp3g!Wi8SOmp`(MP@2l5a&n%=*
zL&6ZQ!CDJxTS~aIqoV{p`3JvBA^_!qB`3B@a9F1_A>lr}_rEaLMkv76iXoTw^=GY{
zmP+PV^~pMXKA}wHX}-HxKqaAr8qOsCDcL{k)p(*DuC=KoZxl+c?f~Drg~WN|Ks+Kt
z7&Jg(L?K7m<vmypd}Sv?tGZHPTkq-V8R@9HjtkAUkXeG!+-*yu3NwZIdj0nU)+=K!
zepZz!lg+aK(7SH8NL|sMoV3Fm5Vq%!fOm=Tro?23#y9p(l{I9ZP(X>oIEZYP6RXbu
zMfAfv4&+}~Zl1ZUFdGIq-q_zyrTtF5m<MI$#rAD_;U#AAC+2EW+9Ic-&8e>)v~|M;
zP}|5ZVuVvrOk)m>2>4r|y@QKDg!gINIjom$ev>*Jxl^-csso2$U%WF3kLf%E*k$4E
zHDca46CxtYlShk>hes7YdNm;L!+_(NMk<axd&LTj0-c?mcD%4))X!vmN#Bea-%ikD
zQ!qW375gMiA7NCa9c<_9{JrP#pEi0z+Tk}caq6v_uigA6OkgQazx?XI-4<TksHQSt
zMe=HUyk&8edf5qT^7R%MAx;3qt#gP&Yav=9`CYQo`;08lY&seu1P(z-2Bd&*{Se%4
zXAcMwxb1z00ELF8CJ!$!)^&R1<G)~Ltn@BP^FPD76aR!S|CV_`-SW}V;bCv8d95}I
zzXbZqGv0%L|3Xl(37N7&2F)bi|N2(0DahIeM#D7%wK9wYe;c8Dnzv=zdW*Cllju|^
zgCESe8_A;jVb5jx$)g5ts;`81qIY4F9`5w`o~~!drW1QZRIOK!*KMzfZa%PdG;7y;
zvf038=h{3|37d1vbm3DRuMIwCK(L2i-#f7~KkA|D>Fisvr{x9A(ZpDYUl#Mi{z+Yu
zbiAdW0$iaacvXk+nGs3}9xU7J2t~DW^#euDEsB=&ozRw5zLi%=CMS|6SQy&M@EtO)
zz6QIeOq~kbY;$LUJ?OL*IRRZblQbw$rHU(F+o4P!Sz=E(`-?f~*i=5at%hdG(*j0J
zheNu5ydBvH9$kW@U;{JMw=$B1ZxppmitfM3wc<8o-LIcn$d~*RPph41Q|N!%5hE68
zVs(mx!?2VNq6Y1BDfSzgt)@$d4irVkvFQmzPgfnG_;Fl(`&{L!99YMTt{(6OjXYm(
z9eNI;gxuK+y_CF(#G7h`rdDRK-*g`8`ZWIpznchG`jD4+Cgy4*o*Y+(+>kbC<|poe
zRT;6OUnAoF*8NA|^BrAaE7dXfw=7dO`S4v99Sjk0D-g|)?Ufe5HaZDPp=_O{SN&kZ
zAJ*?Fy|+T@MB=dnr5u^+Z)HLrxrJ>t<X;T{&ys~k@7_8wbRR)Ck2!_WKc#UF8vJVA
z;wB+)$4!u)8eKz)s~~~Jx}@6{8h|FB%Be(>+#|7u6E&BuncX(f9c4#IWn4_2$a@%(
z_{SUn8qD*narrQEU2H{sALUIhaec3mJw8{@{_?!~`U3$f-o61G&2Tv0bkCmDSEu^<
z?r5%L`OCYOyYY-iHNx)e%c1DcbafVtt~%jns#Z>>A69eO-e*|)A359#{%RB`bY3Xy
zQgUq4Q@3C-vDv%Jug<=eRm2RIk~E1Q_E@*VlZ{B9w}IKtR?S*(UpxzH-x|E5PCa?~
ztx^CUCJ^Rl?AlBrC(1*OsGxN8zMp3;;y$6M2rRNnJ}}myRUjfFzZ$DX=qkiB$jy_S
zMtlGDPU|hQh150nS;IR5pB7M&!CK({-Tb^xYhzPWKnaG%*&*-0?g<J14xCVA&q%PM
zn`a>>h%Sn>G9{$>rrMnsv&Uo75IKBj);L?wd7meX%?0kwj~{LX*+ZQiKNn-Bp9qIR
zH*%w-X*u6A4oI_)a#t_fsw#ke@9;l<_!8((x8+ZAYYbLVsYzkXPap(;{5<Dn(_X@;
z{bfORoAclUsJU~w?Oe`3)VQ80d$DZ-;J<;vjRt2+nAMg(pK6&qi%${7L&O5kM<vLj
z0*PNJe}^JnMD`lj>a!)5&3_v11oh@@Smce^2*HxjUtLa3t?CD#r-OMO{9j6mG$?Bb
zcF%wTIF05f^)i5$*tNzgIdIuP8ah<8XSZMx6Kq0*-3aG%=BLvJ0z55Uw!^?b*Zw-!
zrT@QwVymP7U?ZS^*{SHUFQHIPE0XPvtKwqjsQKSno8c)&XJRH1frzirt=~f2V<f5Q
z5I@J+aJ9h;y@WHi+`p=wRz`?~n|3h|6&8mmsv%D0zgn?x(R^ZB7c+?6^#A#l;4^n>
z3y3WeL2E@HyyW*_OAM@GG^held_C~GZ3UH%XMcA$qJff0v2%6g;p*vex#ep8gm(u!
z!X?9oX53iAj3NUTxz#gju4baQrfP{<tiixi$1DF*%7{2Rk#$t{HDuO7tMT<%U9nuS
z=y71VTw-3;GSNKttwNT_X=-+EQ4vDz5MSI+y@i>Zot>SlwkM&+qfDm38nBWG?0WR*
z2)N-VoF$gKg}%2t4CX-m0#?lLCQdU5sb4aMTwr*r7m=Zw$Pn?&Nz!dn6>1AgTwF1>
z{y{Hm8wBp+y%cqH%eXvyV%m!t8EbE>BA^EY@RUX%-oA%~r`q$8qI^oSgW7(GX6~&D
zu&qvxZ2hRU5dI|eOZaeBGl8yH;w!;ashOswtK0^XZhs=%VQ>eAlixS<!M(s^4kZ+E
zQm|*>;pWy(2_DS4>Ebm2uE5854_uL}b_j&Qkfj#S`bArB3WCGL;pp&qW*He3*|C`1
z?+r_f^F@>0HU`0o?FnOS6N-w2@5jq2iqKfgM^sZ*wExG^IXKk$_F=rO)~aPJ+dOI6
zSoSiPT_@YNTefYlWvyDaZM#$N^Lzh-@SJl$_x-)E&*yR&6(yCbP%F7T>MYgn11}#1
zWTP=tz$VZOJ5dEeapk#AyL1$_5u38y7Fzp}E062^;3J7B>S}9q2Q~>EJ<&r(JPkWE
zLH20tCYt%a_PhzY(CMKl;S1#fS`1%<;>ugW>}q%eDScb0x8f+C3Ah$MvG#kiEKA?e
zD^f;40qj!O<oQ9T3xCbz`u5djdg6Es6>y<M)NQ<pBlk!Rv0I8n+$tgiX8sBOw@uZ0
z27<wI!D#uvk(^O!MH=jeo{?dpS5t$8OS_CE?M0L@PYGiayl(c9s@r-DE_2>*d<WYd
zC$@?P;sM4irYb?I?W&{6>Y;*UqU0l4#G+1yfFy+z<?KM;!qf_iVDZb|u7#Ut4d15W
zTPzFoS@8#Pth1vXN>y&0=#r;ZQ0zF%R01gsTsm{aIfCp?Ip5^P#RUtLB)Fr!{i8Ii
zcOm@d=O8?|ab``5C7y$b#Sg*BefvNjr4!naXPEks2rP5*!RyBI+ENQ2QHYx%FXX>T
z=Z(_)h~-v0WvP^D_4B4`UF%FK8x|uB<)*T1G0%Cvgcz=HWDUG(%Aki#QnH#UFoZru
zKr*tD6_qnCQh&)4?*IB+0avq4WlnLXW!?|J4)d!`v|{dgFI9iE^(XVU-;Y-YkHA9M
zS!cK2skA5BfLQtQ^>gWJl8L~6#E(6t#g|+0{Llj4_uefrF<`)P(mpG53y>d<)lMVV
zSK3rPsznq>md|{xZHcAdF{Lf$G%hWgb)_GIKh!%Ai<D9hd*mU5c$(2MNQ#2)zE5sT
z^*6xAFc=9khi612_yEL?&qK!sB^cifYY@ExSu7|(=r0udz;NS|Er1*&TwtJaGOAP>
zp(8`d$|#gp1N6dhC*3(2-gfcE1h>Qak=sNZsxux7DjI{cjF-_&L;51_SGZbKPL>FH
zF@sKa7ZXRSdj_&yExJ}^mc0EkvCrW?GbA42!BYi`qp6e9qaGOFv`%gA1Qa{Ph_wj6
zQ2Qx+DU^R<gAWt0N%$jE&(4DcA7+Cg@(8@voIE{G-tJqvN&Rd6ecm?SVs+=8>q06J
zL2_Td6-k6|j47Fiw#s#iWK^!&nI%q~;REP;O^y_*<#|te+O&=daOLM-I-{nQ>I~=8
zkaS2RRvaN|#tdu-3iMp{)vDxM_F`0`W&%IjC?cH`9^-GN0hfWqt_0+4QN}pUr()m^
zjfJ5`GPOhsVClg8WoT~8fq(z^W*sAeJjBmES`a^~e+||D7Y(AU?wc4J;FAD`(m==w
z%}`^QhbEb||CCf{G?7E3@+5sX4ItQoT@U(qhO%VvI~KN#<8b(&GC$?(I)?B55&bx6
zk-RlW52LWpHT=h|H4P9|u>8*7!7uGN1*Nj78h@>RWiFEG8BP1Ud9z9!Rsq@%V4n;G
z($??*crEv>p5gyDu9k5C`ve5LeBXzB8A3UGtPk_m?7a6YZ{zjEjoI8=@nRz@cf=C<
zCW^``q_y5Uo>a`83pszJx6I}|?+_vsU`{)qXI6L=^oO5vOdqxNF+KJ#r~-K-sjBbN
zsVWW}i4>&JVAeF|@Z|sv?I;7@d?_flvsNW#IRAB41jjkS;a=47JVmT!$nB9z3SbVx
z;73J!ZLo#|U}Q;f&kO>af&TPYe`HEab5`_grmhE=BmCK#S)*wA=a#ZoAnvITpOyy&
zI3Dyc6Z$AbBKv_^x<NsNHljPm>L&UZc^WrYmZXZlhVnl=P!qU)zvI0LA#A^PzhJ-g
z2cg3G#qEA<Bp(Iz55sptd)s3lAFgAZGJt0d>_i)Tcc|R$al-Onu259nenL5Lq=k<v
zdXckJk)0`~6c5Y97Sa`#_e&)^lU$$HR%NDE>ZYkTOXsSlQc`|UJ(_O(k<p)dTEV)+
zPzpsC@zHXoc!+C25ze@?PCiWAC7xs_;tcISrw2e&kp}sp$Ei5~%~@PJ#K@e1nXCJ7
z`5sr0M-Xtc3nch~+~>tHpY1P+wSsDo?EivepX@f*)K_zURl(zZMuTSebMmOBqh$ho
zCXY!zz*`T^UtAo9ve>Co>>>)go}D+U6{qQ+<1Mh2f<@y@@_UY)7+E7qsc>%IWAOiR
z!We(G+v4v(l0q5&O$vRK8;4OYtYNW9ozNCI3Y`Er^Eo0lnZZ&%O}(Ld31PhXFCH-1
zpsJm(pGJcqHB7Q&5lgd#86t|rB9ncvv(iBq=BoVZDpYsw_^a@1nJ$``&McJT`~B64
zPj|P^gD{T;R)Hy=fHu>0JPNQyaQ1i^;KS9W{uzSBix+)3<K*ofeSjAGON0=KiA;pK
zxC!3W+%-@^M^{xKkF6PWPbL!VfQOGgGY8#GiW-^JQO|%zNhU%=G;|1o@Y5}3AV>TI
z;=`v{BxFv#Q}W3*@dCI0!8}B<vE0WNyfVuADNt+(W@v8qXzs-AN`BK7-l%u2&eohY
zFcIuFidBT!J_Y&-;41hAk7e;-gQeUn`o0ERm0kXi0sHKabc%VUCd|9Q5Bg-H;R>TS
z&2I9vI%BPOA3~OJ%JF*<;0OxWXgzkYg)Zbz4Jvm@66VFTj4gDfH4$FQOR8X@f$#<h
z$@Rm-OZ3U@{oNHzRP=EY20C@d$j;^Q^1__J$>r+!DR)wE&FIMs=bY_{sIK#~rtZ1g
z7%&)K>6(?&O|DpSit|WVq&tW_gH?=_d^^#92l6~iR(Q-p*2Lyw^xeRuqjBAbA&@=V
z0}X9SmZ*k@ahLcByRaiS_ghv<y85&(oSidI)&}I<b@LivQ-Db_<8P(U`TfZHtpd6&
z`o=bBBN1Jv9Ad^zZ#c?uQlrHP%_0RJZ}(3(2evITBgjn#Zb}C?Z5#sRb4zLI-jGUI
z9@voQ{Q-@Z6w%v%jb`C`>Mp%vvKnts9Yd?ud?t3;LvJ!LzHm1d)2)ux3^K=?hb!VP
z<ZVRgoPmJt1US!2C-n0(EvU|y1vEzJE>;5uu(#`>c7e0IqZs$stzg2SxU`k3M2a%4
ztmTq<F+I7Qnwn}IT|y2k&h{xjIM;OC^h~90$8B*hcfTxiin=U?=RCf4;pz>0s*E#0
zRnYzP*g+-&0`(*h0PjB>#A6pw)!4|wWIwOw_4~{FTennc|CP8uj<_~EwD-#vwXd^!
zh>_bw43jkTNQ8HjUV<^22w)nSwMqrc45Er?rU2i+fi+sPM$29%P(;9)O#%e~7&d$J
zN}dA#1?LX!G(=4GR14jwKKX88R3O!}zLv46AQGzoe&9QKLtup0f4aTicUg`#9dUar
zlkw;83fg(oZuR#u?$H*`1&Lw$O^JM3yZ5FI{Z5ojA^w&~DcmSjGqfow;sX9*?Ctq}
zGbb4u{g)(ug9x?IDCqfDidqwnuofXc3X3&j>@4B4ncP;dEMO~x7b}zV)nesABF+ac
z;VIQa@_bUS;;h|m$(L3Vt58zQUPdc*LhAi_KH6?=?dADdj&XZT6cq@rGXbWc93S;d
z1mR;66Z_D@Iqw@`tt>hznS&X2N{CgLUd2)p1^iEJk24HsvNF=2_)_t#l7wR0>oq2E
zWRhrw<t90eeVgTTCo1xOs0gMVNp$D4QqeKRMDev^a3Q8q$5lH=S@I=o#Iscx$Jp_k
zGh{Zz%aA8aZwjXaF=IDrh(|4L+=CBK*7kaysd5zKiR|ak;Wk<f{P7?Iw)|w&pYU>q
zs;C2U)^$xL@O%8qhhazgOEl{F`Kc6Nu<6537GspTZ7?5R`&_7Zay|f~R@y&+oM*v`
zb&DBOR8|*wN}Hnk)JI^mRFcrj43nkpu^K5|IvC|G-C!eh-(w0enegbNN!Yupl-9#g
z4|VXpcNh_VF7g12u~<u|v3$aKZ}77Y*JHWtF>9I3W9>by4u!C}%rOPx`G%?~b_0oW
z1VI2nK$1md(J}#oF;t$8Is4>|FJ!@2w@U4BW@Tjs@U8({#^QtyRbhmN18^9z^xKWa
z6roy|QimYU+UkF|q`;w|kP{v!B%O5>p2qmfbjA_=>+m+r`OdlZ!)I}`f5YAN=p`@v
zqH{;U>?3cch6fU|@RQA5$NNQ$xRCuTf5&2eQf>Mi)cWiN`2`F6ND*NgZ0x-~3t}a0
zT`f|g6m5Y`wpq@vp>ru<cG0~`bN(~%O!yn~4(UEQnPsB+??mrLxvII(@i?)3({6(H
z*e#15T>w>Ze$!01^ZUDAp(=JBL#E@9xnJiWqJb;A&cN@`yM@pZVkik1U{y^E+t}vN
zFd>8@r6FDJ(>==o5cX5+LQTRCUssk>`%Wt{HLTx19wo%YwB)I}-zcjhfMqMm<msfQ
z`y+vc0Ko5=(+C--)`zd3c_%yHZ?&H3d#KG6Y%+rr`j;d*pM1I;CLqrzHBK=GdvIej
zf$>~~KR-tx!BLRsT@B9f%s5Q@PS*MONJj8ap;!8*KcT*pRmf6a@tvEPUKpHd5wl^g
zS{Q)@e$+AOHb4yU<uY#SkTssfE^;Y_jenZ!g@|~COMjo7EzKkhG%Q?plB+Zf{ZNVd
zy0ZxFChv|)REQezveI1scTn#%=-{~CzHIGmThbC1gFZp3Ky#I=7Gt_R4z;|oNMnOT
zx{lft{*L8h+fDR5ZmtM3w0^B%EPqXnf%o)lq?f&;c3UGlHw>*6yhEct26b8DK#i}9
z>VI=4g5PdE{>#8!GXTaAzh4p4nhu12g;gh&YH?=JM3yj}sT!{&-7VOZ%pxEX@Vv12
z7ur)&#@ikXJK$se`h74zVzP0jYK7l0IAzXvr!I{zrQ#DB*#I?g)hV(4#x&t%_2a_^
zGpBA8KkaZctRJNznIikY<ij@NEZfw<CX3U*CeELzRsJBmV54nsFIx<zRbGE@jYd&D
z&G@L-yOT5+Z376@&cl}NBB_bUALy1(NKTF%D^@=PUuJ3f;pOQHcnyeoUd(EODO#Q6
zcA>6yIC0L?pF$TVXJKEiY0bDmnMfCfIpmgQc_Qrr+c(HqYu2Zn6ySPPlu<lRG|tA`
zDVZmpQ}CVjcboHs(v_s@f;sy~r)_Wv^yf0&XUxr%?LHon9-d`<FU@{mUUg0i?AQO)
zLrb(UAnHW;=+#`P_OoJ(XW;GDd`PxLpPYNn${X6fry(flq)QXA4M^-Z>K7l;(oI7z
z`6j>Feqzy#Xvx*=t~AU^aKtQJQ@q4WH1`|qV;oa8wj%%ZYLOfz_CxeHV;U{9RQCoo
z2<})N8`qLLD0j(+Sr+|^G$n^g4?G}oJlc~Mz|kX-{U|M~gnd4l5%F+CR#kpkp~-_o
zI6Xo7(e*yGktsK_B7gYpRee-n>_J>Efi8d~nE%-JngzZlp`i2ON)%N}Oc^xtlk@5N
zXt64HX07R^Lo4E0GSb}d2gTjALqeDvbw(&iT<OP4)<bs0QQy`jkcgK))oQU5r{K0m
z2@NFPP!mSp`XtxI&gF47kky!3D6iEq_p<@^*~lBP&b&WO`W8oG*nTz-@Ug2>tKcMP
zyRuO`kE~=&x5fDs^<pEPt2NR6{%rS$@vL}Qn5@KB<O6uO4mv?vB{C1IYxA$_DVi)@
z#&YW_Ah#p#L%X8p#+sX7gew^ulg*x}AK*Km)oVFGon81r(|e5Gfw}Vufs`4gP%y48
zK+oa5z03(~CDf)%udojce7En=0!qMX6>!iDu>bC+K{Jm%_{~bNo4Hku-}ERy61@p%
zWdh7Sh2A>1b?Ki~0Uw(uqp|dIPCBpls-m#cuCF7RZt;H!&z$|F9Tw-%MU;N50NTm5
zo_|feWS}bx_=H)L<U&>8^K@zjaYZ?Zp<N}Uw$Ke3zkWGTSbqU@6d<1a9CG8pYe35L
z3g`>I+ig_zQUBrwJLFSON=z&EW`KMt<?vL{F=}I?(PQ$qC5?|28reT{d#KFl3{i<A
zy%sdO$tOJ*b(MoLl(WUe5~c9LEHAB&kOEI^4V^-iqM3NT>L;TKZk<0t*sA1h?`_rS
z)Qp`M^7ZAV{i<~dy79K6_vD><M&k*Jo3`rm10`(C&s?B*jqvLPU(%_ifP=an1vMV<
zc1wk27oTZX3-5|rH(Y%cWf&$}!&7MoD|H$+b;6($rRtWL7oa&zszMGYdaOsMwxJe}
z^Y;Gx@iqG6qsG4-$^kA-SyAwx!1zHVgiJ@N4&bm=u@d-wv~mV6a52d7MW^V48I0Uc
zrc-wrM+L*!@JnzEK(Cy%7rSjFlogBS5Hrmen;)C>J<k^Oz}BqE36^&Gx2@K8gY;Gm
z_`>(4MeP=cd0HiH&>fJZm`Sw|QKx089~3I+&_+6MAxf_#lTLwd{k2p<-*F)##7OI<
zJ8w|Wat;Kgl3`EcUKlFptkmL+MZ#ja$EbxFVv}WwJd$JKuJx}g`hdejr-j(7-Uavk
ziM3OaG1N7IdnA)W{`k^x&-3-y7T1qlWYF~Wwm7nLBI;e$-mPZ?qC|>Oki1w*gG0;N
zod>Y9)XM75Dx6;?|0U&l_U0h{Fp-(3lg>cJj@{Grsn@g!>ko~2*^a5An}wKIv?P6O
zAnp2G%2yD1H;hbrpTO8J^TpMzWWF}X<CfH*8FtbE$yFUItfUX-5apqiPweehO<LzU
zDal+G+_-LN@yZm@sC%f}^B{0B+Ch&slr`<nqa6&h$6-RpFB2R0!Q!lAc{W8~)T75m
zDW>!(Db-Pj6qj~!Grtk-c?Xgd^=>{i#Qn7^XLNTZF*4<$>L?!OIp>4Or9YncFEgJo
zoGiko(8DJY;@|Zt9%vU6x%|gH_3FdtOjSzZhrQm$-cL<wao;KaeDq0D6hhAZh)#eB
zZ?21@+#N%Ce>KNs?za;+q0BWo`5L_t(evC)sT3H@-Zt!`a2PGX1VzNB+m8!B>ByZ%
ztEx))LJo;lRSkD~1@9@xvsUYyAPT#tVB5dR&nw!V9+vd#k$nkvQ}7u`l@6CU)-$$W
zAhyfkp$(uQt8zFfuRlaY7Dm29>mum=@_yLUd?ybeGP^<N$!t}oGZ%NCPBw%f0mMsP
z_A)DkPtEZsQ*J4|kP)99`5~1ohp_ejne3gdNI`<cK1|msD%l55RVk@*6l5{7vYpnc
z?J)!S#Cx69e?mvsnO>^r?T43n4~+O{r3<Qr!pC<lJ*MA`&r*?y6vsvRG`bnKWAr!_
z;C<s`ZH^DcCDtPxCm=KR(wVo3<nB^VbtUrC<%=(fB7gIr=u?dg#VUjp%xfdQ`36c=
z9=a{fffUPQ`rA>IXSXvE%XNXU@Fm&3)6JQjH-ie5jc{^^z-+jiFS}g=PRR@_op1V1
z^dEsKw|&Kj6K?or(K@o$i8S1oI>sw#SR)a8doVdKBCO7SVr}LOK3TtBoAEdD*9i!-
zRy^WB(9Eh`4C=?WJAssIMK4!dEXAKjXCHp~!zepXR^Wtuwk}*+my>gOnQ7~?t=U6!
zlWc<aG>UVxgHMacUOc(;viJ(GqAZ3^ur4)d22vI$wWKcdkMbut82aMoOnsm(JU=(J
zw4J|Sws+{?^8s(sR1v>Sf|Y+3y;tTFWQqhVQGX9-MD2e{SkDoqqKfIkEwwgf1v4)V
z`BYM(x91}{O4_M$DgHycdmzJDJcQR<%`nqqNTUCiV$Q9=Cr6fdniPmsQIWajhq-D^
zQ=klSOX!HKu#hM^He{v6z9@&ZHbiQDabCR(WOHX)lzRB&$g(VyDNK0ZbX2pvS;Tjq
zeuHN@{Y8J3YXS`4)h=?XS-eg<D5@m*4QKi19)RpFu*|E>p^G6;eQ?MOc&r%^46pOv
zo0a7Yh#sbcf8UCn&FU4Cj`#MKUGCY@6JehsRe^;U*3tbKN@qlzy7`6^kgT$h=a}$V
z&_!R;pWZK{clnDu)FBuqLzwB(j}qd@VIRN8C1M;BNq4mkj(PJ|ZRa8t6cB-vIvp9X
zZMLpJGgQDFpB6qx$Gt1Ql$(fa|A@t3TFG4F#ZL4Ghie(!t2MK<K0m;rvHMXIt=hWp
z&xChbJ7Am<m}0TV`<p@$9`f3n4BK!eumI*Q-ibM(BUAyAfdqOCZhiJC%SKOY=S<|c
z6|kLK63JO8r;u{e-&r3Fks}Bo%x=tJ@02@m#R#M?HJ`U~JI!7kS1-YS6AAe?wwwgg
z@N?m}dAN$E%(~cd)SmslZFg{bmXdHeCmwd@Ogq~GPyE`AXveBMXghuQ#;doB_Z|rl
z^fsG0eHlDEGZMW){Wy_>`f_RCX1ZtvjBiJlp@9(er{0|9o46G!DMKVH%8kKpv0{9J
zUZ|v1=g-1~(08Xi``<5xi9_ef(tcbZK4Z@eiL1nVq0(B8j1{y@4G=)Q-O_HiYf&ud
zNV(z*>AEDXzMWz6Vh_Bwwca_9fnsgr*igc=p{8a_bQVrr5+NbOS{6DfJ=WaT7Nw+l
zT~D0-LfNr+BW;Nl*2RIpBYE*lG6fE=xAd~<uLPp4){0oDRolFM7Wut?|HezzEOD}E
zh<!Z@j4hsZ3FgFz@^o~BUd#od=1--mg`&fI)M=PY6EuqR1P+hb{ziY`Zem~ofDMIm
z#N5&>oyHJ>I+9Q-nNeu>)%OcNwwfNvgOCrQtRZj41q93#j4C6^n_e79mr_oNpb8@j
zEXvv%6BXi~k^3j`!{q>>%aKF+*N%A)rYya=V-njeVcxQz;r%%26I}-LTK&97j|GXp
z_w-OB!`$MVQ-#TNsk3_Qxihw7r49ci`#zX625!15qSJ!D(S>2K6T}-5W&WF<QcI!P
zoGF!^aNqpAy@6l<{hj9CvBo|ovY|0Y;CXG7xEYXMzf=NlwH}a18!xUhT*4hJla;X0
zFo$#w&F7gERcV5r#{Ic7zDGm@65)4~peyvd#h_MP+{aLxRQnb{MaY6r8J;%_`%Sb!
zi=h}#O6C1*<e+7`7urm#cag1$N?76K&SQf6V^ZQs(1_H|Co-~7t$vxW{oG|%OAFg#
z9(usI^vq2x49uN|DSibgiA~;29y<if6*pvwLi_S4Xy=uOmz9$f3MDqgQNy=B5ewT`
zdQojw{|$GXzDf}EAzoW|zj(P2D5p;`_!={SS!}3pTf}@4f*?UBaZkUM()6QRDv}Ts
zdg+k-t5%3n!syw=p~!s^E|ASMBsMcQ`(Fs}aJcmWAcyX=Et#1poH;|PMs^@L5wE<<
zm+!j*Hx1{lO(uAEX({%8%=-fy;hxaS&y2|yp{*tz#E)JF<Dh#HNI1fsz9Tg)sM&ZN
z2M_Mfgx%WCpDH%Eryf&(j>h5Da8wtCi;j?1wMu_I$WK&9l%0Mg6r946Mhf}iy)H~~
zCxM#Kuj(pa-%jAP%q}!>lS!tY&$u#F(>1l299&c3vt53NZghBjT>h=y1+aKi^3MlK
zdMpN0AW3O;7;$?kCzH-8f8V)bimX`a2vqozYRK658V@7d7~*~UBlY_>eQzYcJw=|R
z?fk{<wN>H3-!UeF@dT3XUig7`jolN`RoaOus{tv8MaCRr?+Qk;oeXXCX3m=<bM{Kk
z3R_hG=8%r7be4?eZ#*Fum`!_kN9(cKL|@Hv&)z{)Rj!c3H#;P1pCV*xq>RVwPnW9#
z*P-?Tfo~+~cNn~O$y0O#mKL0?D%-SW>(a_@2Qx<ae|XURD%uJSD}k&izP)xmr&5&x
z`q9=!J|YHugrI*OUGfUI7PmEK=X)6xRK?TgF;%F{Pk`};4f5Ou*nWcE0TU8%#s@ej
z;6}e?<L~duOYTQC&-+`+`y!pS$Z6^HYBP+BLPuwOF;>@8VW-P9u|#Zkbh2|4rD!4h
z5sO`6q=(diee-`E8lpQ<4x5awb27inafko`Cq&Dx(@hi%YQhM6MHQFIDqQIMAm7KD
zGo4w$NY)WujBw#;)V6zRQM>V!Lk5zwy5=i^;A``8D7K0rsHl^NFVS)3Ax@B{ty4Wm
zhCL9~1Cz4=40fe9(rZc&`GL)pItxj<x{rVn)M_h|hlyKd%mioGJ(`d6^BvmxzaKG!
z+=#II>Z#cJ#Tq#r(-bVlD_0UD>AGt&=`JU%o)3;{SPORR!R46ohAo5}t0DEd6tBPq
zdDa&|;|wHh7-IltzfCVO@mC`+C9G}Tmw}&cI(m2Q)5K@J@lhhO<}&$yz81yk3bmJI
ziUt@+Q55J*Ug%Nc6|!VkYEn)Mo%?2dM`Fgdr5lTaU1;m!i7qrKOi04>H)Sh!bH8Wz
zEv1Rgho6;|;t5}$(0XNjRp~4?KWGV4Nr{Bw5LeutEDjKt#D#4lBppf&&E&sAbqXJU
z<BM%qLeF1F5zu<_j@g{Un<AhH@65B{6Czanhcdknbvp`h6I_BS`6d^J{-t4vu+R@1
zUscDt{6g84;V)BXnZ!)dv+&ckM5_!cnC>IpbqVbI=IZo`6#y@)_5JM0-TB2u#k%>!
zZ50hd`s}?2f1A6CxCr@2MOv>|mL2xd3nO+;$+1X`r3Eti(P#7D+6+voK}Daa={E1^
zJb&Aolu>uO1pQ)=3}^e`Ea(YGTB%k6z$irwz=O5-0jPm+yPY!kY}XAh8t-RlUti|f
z#Nmk1-SEUUFXahpcEg|g=FjE4Gp49}1-~TnK59tv=doiK;0Ar#;4!dbZk_q{Llh;`
zx8SoL30{iiu24pbS;zPiK8J0ET}d^yQ^5MDKoXCUgAi<B51?|@W|5eNW#|gyx~e-}
zi@f!A0=LqX6xcI*rRc4h$tUzxdvi6@s&eEK(FF+&(P+vx(bqdpJiu~zHX<s|Du+{S
z9SUywJ(QbIDeJ_BhD!TU^p;1G<XtTt^RW0yAXaq)y$f;A;&)In#gM_0syXWfOiyKd
z*NP&?m}+gN6gw+XQ{CRi#o!5&&U~0kAA5)E5OYb;P_%eVb~Mm=F@<=szyEzqe-`=t
z;l&9SN>qg;fIZkSBL5F2&_TdOkf2)pEjk+0>s|Vx+L0HC<NwlEp|EZsZ$enLu+iEH
zIp8bq`R0_>H9ug!21K|<ioHwwD=O$86vmEkX+fL6J|_z=%k#Vy)fdKOe5c!L&Z3Z4
zn>ny#2~1v^yL^L$77{)@jcTc)g7PF;N%0g<?=3zr`t4xVi^dQII6+vh=M?k~b1`XS
zoBF1&>&s$U7kONIX^&38Ka~}V>%;AR#<nnTxQ>!K`nDHEu|pAcEkxmfcq|i#hWeeP
z0{uM<yrwo=4X|Ks9A>u6b<z?EJZRxUzAIJnEu=AxKhlW8B}Hwb2APv6#(5`DEX(%}
z>G3aXV{^o*lo)3ptb00_XU~-4RODV2iQV>=9ws|v!<RheQ6Ekf3emrlY~Ha~`Rp4z
zYzEACKz!9fh?n)R-_t`#7=8OigwVbsY9W%nJRf#m%m&XUKZ>DFOWi9g<%a*8qQ((x
z*K@g(BI*V*7xg8j>J(T<RLVivgB9Wti;Xh!{889aD&b`x{QKix+WfV3mzxDLzkY9L
z<FMie{#3FY5#<-i`Tz||R@<V4QVZT?)qUQY`ly=GAkkK(yikt3d9ai@_ek@YLkkj+
zG5uWL?M_onag9Ht_GKEpYXn;h!6f3d$J6=n_S244d~!1}5+2i69m`%Ls1J@sd{(*s
zvDQBrk4DnFHKjmgwW~NUxHfP}5|-uct-}P0Texe&%fg+c;tTPy=rWU(c(p!{Bri21
zwFyJ5^0tiFvYwYNY|i`?;Stv4a3tmf+SZT3ff4U|4Qj=lgu7r|!Iw+?*vRs}tfGL(
z{GQ8e>JiK?h-KC!SWG}bVA_u*NC=x6Esp{umGJNUJkbRU%i!zFR3uyF3lB8Rj=znk
zMe>VBL+`@v?QQ=$+-ZoM4Fz_<Z*w?5Ibg|W6G4-RHl5`<FgF!;s~`=ma#Oom$Z~%7
zie|Z9JWwn^I;d9mbl*8juPw|#p*ch$Ej4QS*;2}uTV9^nEG@5R+D*z(L1LogoN7D~
zmkV1`i}wI-gA+7i!PNQ;&ot*Xf(os%K9a|?|6F|j>(_1+q8hH0SS2%-<v93_fAFy*
zv`g{i*W6cilxY^gG+k_k+D4IJ+Fr3RJ|5j~PJexU$bNbsNr5DQw8d3NR*y0@$|_!X
zU<wY~Sm8t>D^jR$E%=%wtzaz|2eVxOGn_<aCeQ!X5*QU7W%;;FOv$$joPp`5x&>mq
z)nWqqZg4}@M}Ir{%ql)j9cMx!<V;kOGr>pY-KzSi=4KfD>AH6lWjWA8E-O;F3uO_{
zc(U7j;^bD@#cP-J{d+<El#+z~65VEDvHwKeyfw{y<~;S{X6985lmE~&y%M+HbK_|`
zX;tm-5Y^nvc<aPB&-~m*?lA075{!CSclPL1KEg=HRm&Tx{wrF5oyd>pCY2B6K-N=&
zutcg^PNr$mYzed7kVC*O+#b~Lgtz7*zFoYO-dA}&H)`-!c#HtELE@CLR70{}AL=My
zfP{^-(e3$%8>Hgo;fPk(!4^IxKLibT>nd&<W^sOuQ)DN-U5M}6YJN(zNiHw98X5Zv
zXO|z_&B3W4*IqyIb6;=zWbFvzY%ovo>T2QFJq9iKTTLFVAoD)Yz%j6VZe$eV({;V0
zZR3vqSG&Sfq5+E0$118?;3c8gH>lV2`VfV;ofw)<4CZr8elFm`m5bR#R(q8x6zPme
zpPoVOI=IqeX*@R+b0O%+Um1gFVtg*0;Rz5~RWADpb(mx6qtRrPvTxjo<ZS$oNZRVF
z_pM84XhScxp5#rsa4%+wH=F?DnOg&8JV>cDf?G)pmWB-9e9Q1y52iDcLnzFK=ZyK(
zjR88dTZF4B@CoH|WP?8mSEn*KE)4SVt-77Tdl}A|_9pPoH}m#FjHwz!99h%YPZ%&8
zKyGdvTULrx1fDD}{qhUAPO&4fMOB|qto+2h#YQ=f%^JZKj;I@PJqKsFcV1tX@Lgw6
z5H(!GtPC0k^IFLM-Ea4GJ%%`hbHVuo%=-dyLva~-!+>GB5<z2?R#>aP*eaTU#f{v=
zZ0E#|98Sw{wSZ~)NSdFQdzTC}GK<sZ4pP%ZPnz8uHcHVO>K%TQz|eWV@F<CAYRZ=Q
zApNZS2ob+svRTYC)-krqNhX2I&kmqE1CZtch!%SfX8e?Sp)PM5jJAr!aN63%HJ_P;
z)nAEiZk&0fo-$`<yqlgh48tJ>mN#7Pv5N!Yf~jHKxu1O_>+HJ;#NXZLdfrEm*{jUP
zX#-F|PV>LL$i3a;8DLG=sLN7C8DF$mLECz){Nm}v$InIQDGoiT+R2BrYQpFs3t5<D
z{Cta7`oYg+X0tUk+$=fxoBord`0pPcmxL58$z*;w6<twvl;X^o%f4`tP&Ekbo!Ku3
zp1u;EaRM9oK=};Fza=$QvD{5y8mvCZcWwzjuWE6jFfD>T5)*4EXv-W$httKdv)8xm
zhP8?nvC*QUnv$=5%AVk6)@DA!k}g<(0X}41$pd!or`a!oCiQ=P&oiERPtN5J){5s9
zRq}1!kmTp$KOSpr6*<&>U0RTUqrk%rql6(%NJ{@z#E$YXdaxkh0Aq|KF`n{8NnC^E
z4L|n#tSr4?*Hh&y?(V?#mRnh80og2$WRa~5kzV$+hOsVQx4vt`?bX#4V0+}q_|H_r
zJ=9zd;8<gO2{z~_ix3^%e6swBxAtn57)qCwezW`xSk&JD%%b&{&x??#Pr~9loZ&+^
zs-7NSt|#*=F^+96L#vVj_M>LTofkZN#xg??@4Gd3)m4`(`04DmeW8kl7`UQtHJ_CF
zd(cxAUMM&V%%s8f6$8B7K}PSH&A#rVV|(C{svpfT5ZBn}sCfvbE&P?B*&F1{Lx>oS
zA=(n&i=C_TE#6#s4h=+@FYdIo;_IPf{HCTm>M}loU8NRDwaLW-cuJY-jJUL+MOrOg
z6Yzk|BR~RZ!&^ill87w{g=LwKkoesuX91!PLydTp&?<@WL`R2Kjp1JTeKJ-Y#7cft
z!+hU@{=W%a?ikTxU4z`u<BRNg4#$j;ROg}|7a7jzvIU0~RFmegAMtvkuc!Gh#NsuO
z5-)aAuT#YUOliYnT|#-f4Get51PpGE7?<6on6n3h^)Q$GPE}Me2vtXFW8#nRU&Y^&
zBV7H~18I?if!S-QLe!yFK1bU&kxMESi;y!rU+CRhVM^XSYAMz<SwJBNI6`DO?YDcX
z)MUt*b0zXQc<Ww@r2Cnp^Kq*R>)voz;Cs=D#bg^lz|J@}4#P4O;-c!9bMC4PO}TUc
zod)x8)kb|ek<b1hfI;)=R&O-**N5v_F;&(gC}=n}?5$PVwL~qSBWll=FT^?%k*}Q)
zR)XYW7S~F|=-tEKjg>Vv4{;YSuq7{B#!u%)lACm-KB!)*<Rn~h)4qR&IHHw>E-q32
z0+*jY@=m{F9Urt3ApscX(pR9S0q9Ht!qfNpIt*XO_O1a10_s1YcgVJ7_c?MHI6-Ps
z48HFeimQfkb0EZpTq%}|CmKwIpt6Uc=D(;uD2ZEymC3=^aR&>OR$C#Ai`@EK7S*6L
zF?!=kcsD06f>R7FQ5ior!YpNPW;(tL?!Y=vNhY^Sq6f2B>h2X0ss1>mcEZrxtkFTA
zL|5-Z9^%1a$wqy#6Qy0^o!!sIGplXiE@BuAyLraM4sPJIj9VUv&xt+D3|m|JtW@?s
zx}yiVZj@{ExtEW)$U)AytLc7=Ae4&O+p=G@ZCNI*ojFqU5a|LfO>7c7WM_>W&VIxW
zXQt}s2c3pBCJd&1g!;m~s`(QNrmF5E<`?|l<r}Gf^VLy2SPxO-cQ9S&f}9nTW#C|5
z8~z*RW;t=b)pU-spoCG{2afaGjQ(#Uhh$u3<Sq{9Cef1$D*Q9KKA!Krw^>ccy=jw%
z8rzvHyVIfe$5kz|O#2y*PgS`r;DqObJ|X!t(=JuFENF#8$SWFI`n2eZC!gTyT9*dH
zV!5o$A9gf9O!y0kIeV{2?G#JCDV%dvev)L2*Zj0}hFBF$xpiNTmaf!a4HS-8<!!al
z;_~=?di?nW6`xYM6>iAj+fr?^`@9?9J-V=bJ|*Z}1HSqxLt@D~<TiguE<B2JyadnX
zK>X0q)AhNb$))74L9!0HIi75{*zcO{#fdA~z~ZhcigT>=W<DbYw`i`eOs;@e%AWTN
z9;S$QHQoDi{yW&lAgI+upM^6QAm<$Ri4QLtun#L(LMyJQT@kU}7&f%jGmxr$^AbH>
zOdJx8g8RH;J`v30wa86i#M5u1n=(durv0NrV=bQ;ugB<1#Xkz98^3~|@QbW0bK(bA
zFb{SasX>PHnE3RN<th81(3u>jd~K|eEi5W->dG55y0Zv^NTZ}@(cKTe9zWgoHg5W|
z^qi-@-KL*Dkd?*$t}mUR{jfY-Cg5wU^4iVHNC^5(w`TcUg8?YrTRw7H#C-s~{w*uq
z2Y_T?ztWaRFiT#yQg$H(ZHPBV+;_73spo_0(_)~U4ZPVa8&uWzv6Vzuek81lc%(Kq
z2jfnv=xY-Cqo%{Fp@OF0R5b~wWN~|s{^9$G+4d!k*MWz{?eA5acDeD1CBH6gyclt=
zKvXqUVZ%qJ7%6&Z-8KHiyt9!K(6vkCEV%v%U3$E?0@Sm1#kXER<SAe@WwVDZ0dN~C
z<NqyTgwH?s+_OzI|Le8tXuK5SXdq;L9D4R*$m0|!HBh?(eNUp}&tt-inMJK&@>fO3
zyw$y)F%>{4`oUJZW_<;L|CFQk$2V2?$mQ9gO(!7FFl-P(mtW5ai(6O5EK|^7lytqa
z%cM61vvS;b;uW8XB}$MIBQp2&@^s4Y4hj6S)8>@=Rx}y4cWm@Q5%c}PZrT3#Q3)~s
znv@{;=80ga(-A0`siQpxR1m<b1<<cyl46&ytLy8)m9*7$1FszCrg@{r&hU7%OQ9<L
zr-fqDOu1IY<vsg}_@!b&+Hxi3ecFTFmvoj~PIwkK#P$v@pGFwO${B~wxo+EXM+$rS
zbJQ}dIZ$_&5B`Kt<3|mdpJMV9b)6#iDgPM56!bo*BZ-6240Xi>y2US73OVs}k*?6~
zWNF8s4$>yCjrtx=3$Vz-6Z^dCa|D3$NC4dY4-#jP@z}QI$N)Oq%3V5;X5s7RVO|T$
ztXKbun88VAJv+23eL{Agm<2VthvWTAueG>}Vh!=ZHS}uvVDZ<Qc+#4{<EiMA<=5>)
zrJ)pNHP2mlpPzY?NWvvnHNM%Pc+WPD&hM=(tOhwnoSifoy0iH6Bz5z@$C(?j-!{9L
z9D*}_+;I^?Qc;*fB%Fen?m_jPKk+*_=LZ6EB8^(Zd>3P;30(jI6`<c=`C?!K{4a|w
zfLrWRxI{^zWj$%JA2>IO&jfe)ln~f9pz;A|yC6b!AMwN=s9G1T?5vwD6KUT{(PT=E
z9Qe3yj#{MW#`Dzk<~e~Q2qoyA?b+a5Nwjmd2r+R~M!AHxc4SSL(a%~57L-&*a0t(m
zzaW+mY>mdyxfRxB_%hFKouLe7dRaSS?xi<AST%W>qotThke}hnaHZ(2x@5?Fy|~p&
zwOxNKI-}%2O^MwoZ8X*eZkWYkR2DsJ)}9C8WSHB<Mwb014ytj`%E}`cRd?AxX*p)&
zV}<Kf$HQcD;BkK+)FzHW{w}xz)sPwC`_`E1D8MK;X?n9aJlV|A5W0Z)6Vd`^uZx3F
z0kvlBUG`fWI~1<_j7>bDzGJBenZu7fnYBYozj@*t1RyoEUp)hOA*;sd57#w>*@MI2
z`x3AWa@Jqzm?pcoTP^B+sr~qa4NW5ZI>KM{D8^Mtp`!O6J-xhu#<(h-ON-?zE0K(V
zuh<Z_b9Q)5*^)h=C#zfyJr&Naa)<coztuSk?^k?A`^z%BASRj|c9q;DH$RhdIntNK
zK|9i~>^IbQL8R-gCCg9;oUZSVx?K!UlxzB&Q8J!tTyGc?zC7;!HwSuLN$is+*|$M#
zkvn^D2-B}eHRn+^coz;=lOd0Sf<sw8cFBL?abEH^ZiXbtu`e~El#)kGdtfEt?trSb
zJqLG3N1zzc{*(X|n`Zo4h9?wdoNP|I81ysvbe`{D;#~u*$^eja$(B4$?WZuu3@g*=
zel#;GMM}&C$NV-TXU)}ZnfNfRL<^a`3)YJKUX;@r^3pf*4pJ`3WbxybDX<$h8sHOP
z4QzH5P{$?>YyHxl&36^*8<BV9sK$-`dLZ~M>AN!z8eT!1j1FWO9OG;5Tc5@^pMf=!
z0aFDW2|%{aww9XqePoE>2QC@WCrv@Qpi%^RZu0T(I`G%Z+c)4A%1BkNQ`=~@104o3
zD=)_h_~;o5hsrl6TU4v-RT;uej;RH`7rZX)c+{9BfhHHnI5shd_8-`PZ2Bpf0)iaN
zJ#h2EU*^$7>Ag8+F}vo(d)uSTn6mD7WSG{UKi6z#N}^)BZr4)37H8xr2`+~$)S$fN
z)7-xRH8ZIEXk_RiStAD{Hw2%*ytI~fTz<pb9^P@mYE<ZS3jhv9D)&pa<gwpON-!K|
ziPo(}K_R|O0T}#vRNpjZNsG&t9j$v<CV^sBpr=Sa5Jyd>wcD1CUf5aM`hNS%)c|3{
zZgTLef6z;vu(cq&!Qa@ZIQ5V#?cbeYE=)RD`u8S2e@}8IGrA52IN$s^xQG)XjSL2~
z=JNFZ-oNmVeCpDRg{&LEqD?j1P<#wt#8_>A-9qSZD8`|IA#0^_Xw0U)bC^ml<1qJW
zpQDu~iM4T>)NW0C>V)#d+vs-r?I^!e&f(MKZ>AhY6FIXpS2)#e6RVet>g|r6!Aw8M
zHP8M%7&XV+r-hgh`{vIn|1n#;(qQ7u#a<}i<x1K6MZ#~9o<!@;VJM#EG2y@l@Nz*o
zItWRsY-0fN=4@x7&s0u-3+R#pEF^%RyIoD#M*5KStEF&%+{D~mvN#D@K5i2F7d+8b
zrPxWe^y{8cCA_F*qIM*YCN!PaskC0qaAwG>NCN`(2IsHid^#(V97hEuBHl8$i?tTQ
zn26M1M5V=reaA3Fp`KLEF(d5L`oEsR2(!mcRAS!JFe%UY^8o^l;Mebe9Yri_8bnm+
zx)Yj?LAuj8<*y+ZAXcbvSY*@7HDhbQv#BR%cNYN40U7PKK%YWM_ZyFz<4WPQ^Q+y8
zr{+hs`UntwQpQYb78<;5RFAD#8v+Q3q9vMy4?%X8%egrfVUcv=7Z;f-MmyhFe0@qk
zT{u@)O>TMNo)S-_#CGa6KD(kM$8RNl?titou%7H@ZkE}21u1tExx}42MRb0!KF~Pa
z#<}(Md>gP3>~`tWbLAndPdf5D$sDVfbq&Ri=bQ9L=-Y}jCXKMAT<+0Y2%xOu?Q~om
z$5Bl?tTFytOIYqxHph%vyvLHK1^s8;6Q6wNX#NMu59*Sz4dlSdh@~V?{Op-Q#mSN^
z45!QW)N#5DVwGS0MZJ7g1*TkrkJn9zk2eUFgEN!y3S7h+Cqv>o>$!9f5sX&h88a~}
z*?Q8j7R(1Iu#WNkdicj<aAh^6qt-16_5WIHsB)x&-U!+^$bU#?{jqJCi82WnL&O(K
zHykb!R$iUw;r}4n-WNQm$=w)45<6#1n&M4cIbB;9eWBI#5ALrfMaodNW^^L{_IuMK
zcEs2aKa7{g9;>G;M`R%#Q*}xM(u!eMB$dN_U8|>lw_>Lpt{bk&>jT+`_s218BIe!u
zi{vJ1V#K2pPwvFr(a+p#J4z^aOkS$mZ(TjFYke7fk#l4lHR_eP;p6D)N}f37PN_5l
zOHU_HPibPl^xjLg&=yD<^*y?gEFy4X{fd}$r@E&e`N%V{9#h*O=QWL%1pc&4xDz~&
zvwz4s*x}k;ndo=lcWhJWV~{pjo=*A%DzA+jhFvNenX(9a&SmoRdGp}Up7QW}sOv(v
zSX?}ns5`IKkZ^tDr6z0?JzxFG(_g))?sUC+27S*fQI(!{n_k{sP#?A3R1w*oor{8e
zTwRCEfO=}64W?lYdXEZeDUAXib?GB18qnf&iXvn?$$hEF5P#6-!ibIbtqEXWnumaH
z(5Wx9GW}Y|m9hyil2q~iSnpg1ho67iBt(XeQ_qQB>=>y?xIu+l?;uBK@IHUE*osXG
zP73BdjoBq?;Y~dxacF<B`|H>oe(_pDm~4%#;FeX%c(+ijbMpEajkX6{`_^Nz9`}X|
z$yu$+L-&q~>843xYkuu09@tR&6rFu)B1}tut+7*P=`nHO7%`u<^eLGyc-*v)yIp0G
zhUoTNU90A&lGqgh)I6nzTJhVr=(g?CNN26;UpQPV3vm|hLv1pr`1>u!V3dK<1-E{k
zE+PM<bq?yQh$#G`PIv)YWqnZJ0v1M%A9XlZY#Cc2Xvi&1@C1I3?BGYL-y3)9!X%TA
zfKOQXckCTo?03HRSCP^4VA)Bj_t$0hw4U(N(A!&a`7nV_p4!1peNRQ^OpbG6PIs!4
z1{ws$C!-qr&bPR%kUx)J0Cp1ow+UP-0af5qj`h^Yti&|kPinLGC)F~FXoE{YiCb|O
zW+^hh=XsS+4RNJE`$kBZ>x^vK0QRKr&Xkz?rJv_Mciwt_%l`42kKZz<wS6gRTtdG!
zR*r9`foHQHC(;~I{$EgY>eibdQb5==gnKU2`^Jdds_gx>B}CB`?fFHWrk=&a{KwPi
zkhS80e05#a!NmQc&l%kPYk7ZrQHx{Ef{Gy!X9I9l>rc6Id{{E5E%nHXMd-|~eM@#A
z%o(iwpH=1LCSF<_II_#D?wFbvxq&F8K>VGw<m}IcS;5ci@;k%Npm?ckb@cK{tD#xP
zf0c*`QkL2;H%c><nPsoF??ud_)=t@CHo3VpI=$kCeC61v)4sQEq~|K03pwb9fvfoM
zwCb&;8+u%;StL0jwZ3)wSz%(P98o`!qHf|NJ#jO_D!;aEn@TURSc(TBWdN-PPiT!o
zV)8(}OPByl=yZikkqsYz<~b+nci0LHjQ)J8;^Pkxzq<9X??-EuzXYjW>G$uDcNRs@
z^DD}?Xz?=mw<m4z`G1hQnJxDQq3WnMyPQNy-6K8w5l@$XjXBFQ3aRxNQi7wv44zR_
z?2&}L-|f`@5qQ5&vIGTWVk{ic+qmmt9H@C7BI@|@q`E<Q&HWQx=tBMjO#`&EdvxuW
z0C9ZOkHRcf5G=G_(Sj*SUdr-{*#Vqd)<5Fh<;<{}6{A6pkMKK-#XL8{U3COcnuICW
z4Fl?e_wQkFjMaa2xV`mFv<Cc<h6_^<wT*TO5<^dSPTEuI&CeDz+stm{(56s856bX(
z_}y)->VDOkHl?M$boGLtAKv|UhSWK|vb>brTi$uh-gwR63uu@ODOe81mYT3(ixb`|
zLlfA#9d;AVf;2T#fF}2Hx^#jF$%;9Thx0W9=G;5z4#oPxuTPgXE}~c99r6ko2A6;k
zYhQ(`4~jfXXD&fqB2G6a+KY=efv7hcANMEjMdsGRKyn&v(tcAlz8tbP5Iw;eh5~S}
z8=ni1G>;xy4Egiw?)Ai;$WE`@Tf8gCWr+sw0GHn(mV(B<0-O6@*Eij$@o-3q^bd17
zez}von{;zB_Ir9Da`#qkt9b*vyxZN_V+I@f?G)6o3;n9o=^HE1nQm)at6~v|C9-(t
z0`&DA!`cL8TFwZ|jW7k(E?F;1N!?)Uth&bpDeADJD~*rUPKv0H$}mxZ7EeQ7@AUH1
z$1QRH;Po5?RUDWLY4Of|YmDy7SeF<-U$Z>`Dq$H54hco!IPMfkvmSmQBEB)91T7lY
zaZS>)4kR+o%R)Bo&-ZpyK_GAP1N+y;nu1@BtF)f%AXn^j(~a{zeYVHv(*%PotyJ6T
zN9!h}QOB1@=h+hgfYGaw*f!Hl0ZbekpqILO__hb1h9yaMCPtBe4A7CzPegPNCF4qf
zfm<}Er2i*{qUY1c404-c+@_=8*Ri*)=jfsrN5iIfy18ZiWt3&E(!3=+BXa`kJ$u7m
zVsof7PoTf{TN@qVB}zNX{%z8ss&&edICQq4uYKZf)eXzQy+%X3?@$E(T=-XJOlFMu
zA#h|{4cb9#9FCiPw+r%`5chDA=L5nHTOW(W9+LpgyZ;?S-h3^GeQn?r{J>GdS(l?w
z9qqfh{F&b9rQW|RENW<{$Kc<Y3rZ+-z6TcpfLpV3aQVZ?TESFY4#v%0VAX|5W*^`Q
zTcKi1E4q&V)7EX|a-2y>@%=`K6+o3Zo6wr=?xQi~L&S0kPQ^nWYh-U|Jv6^|U#(ux
z!eWrQ#d5m<x-~}bl~r*g`f_KG2YSw0>Q@L<<Rbd^w`8pNTR4@dX|IC*N{tadU|aRU
z>nY3hmuPefZyYpkD~v1?k!Cx3Y2TDMZ)zy)`EI&xeP(mu#;-~~zt`e^XB#BeRki)f
zUHJDIFnt2m*yA=pBW}l<Ud_Tpn@_j?fG9n9i?|7af~hggV77fG(6Q2nuEYQ@!RB9h
zrpx0LNJ-^jgZIFRH{b^6QhY(K4^BzBvRwMYdMXQ&dd6dukb^v8bjmw}d8E^}TerGs
zDN1H(tT`p_+^}SjKI_bQUX(ExnMd%@C~btv9qCh;6x~XWrbF=@8Or;D`Wb}o$Qje%
z=rK1?@>)X-BIS6RlJmV}7$eneBSwUE;{YV7fQD6xF(m{Gc#kW#ecjZ8x9pzHneb-C
z;~g`~5oH1U-N^5eQ9CS~vT7>;#S2b&<8n-EU|7R<Ebbe~Nml%!@rjO;A9|fy`YeMw
z_g+5g82YWZ{&nyhaKd7%H^|4i|G-fu$>_0i-2P$W@b7Uug!P1GRe_1o4XdMc0lb0f
zvQ$f?VQ=qUcGAzi*>*XTHg_W5C1h#!)(zf7{MTW1sj*SC1+C&-xGlI+B^G2IoKFLM
zKmm?2z<&m#x2UhRU$w<K_TEu<q4_QArevlpEN(wni7kBJzpJXqM^3t-(HVJlZ`N<t
z_htsucdYSwX?h*d!g4Pn;R|I%)8$%5?QX}NZY6^zZR}mOIs@%~O*UIK`%J>**&4T?
zLBlf<fplk$K2^1#HJS_3m^{w->L2d24{h;{Z^1kbkEA`1zvD{;cIXYd^B8yw%RtBy
zzILqMVgsd4r#3$=*vIPSOB!^T82!q|Ih<Fear+W<i8|OF1wNQo>|QyHp1|x*w9{ti
zINCOA9WQKU^<{r|>q+}6>b{yRY8MtVYj@k{E|9tIKdEOp1madTj&>zVBjjaTmy|Eq
zAcd*?=__5CF=C{4ZWAONmA4wvv!6=PA<4q==pix+?$xIf$hWr|UQWz<y2-b+Bmk7e
ze2CX8C?;BzU|x#4ZoK1zJh*+-ULg83Zo11%pS*KhI34lbinN%i0{2f|)UNE~*Cn9t
z{@dg%6|K-}bP`t)0wb+0+!`@K#O9>;J(7~mnfi;<H>@A~%W8!O!_=`zpj&Ej0T2r>
zTAr7N|8G48v&~8{JDClVAQ(>%uiBa_7Wi$g_`8oAja$GkHqF{w-=t5bRf`<acU#@{
z#-#8D3e^LJ+5Sh;ImXBFe}6k@Z0EZ%8{3W5*c+P-8{4*R+cp~8cGB2RgZ4ka``*W!
zea(Z(XU@FOIoG8avwCC(o6@R)GIxv+ljL`67jLK+Iks#+w^0{?%r)Zx_Q>USx#J=6
z*DOo&Qg+)~`5CuK*kH5d7qTdTU-7rMrw3+@<sU}{PSS4zxu&DeS~9KwVOoHX3YKUW
zU2ytmT^qOrXcs9|kc5E;Jv{AvPi+ml9wf?oKU)S^P>AazhbzUyKLF1|Y2P>M5XXpg
z{RJkw%Sb~~3|+-8p0~5r*(>>-o!{$LuG_X<pXyQR$#`N8@KxTxA^mb&(xOwcX{LU?
z*m)V;cvEswLbNPe8lxl51|vmxruahH61Y1lo4g_YAmmlNSyDAwyk>SJNb4GO$MXu%
zfj)px_e#_ue%t*0m9s`xBaO#zQRxrmr&~e!2q`nFr0s5J?fYl19c8C>jlI^nLMgC#
z456~C?LI&_fiTl9viyz^NN$MyQ2wfVzNCA!r8bo<>qEtJ5nrG;%PT~)zUBiBnv+tn
zOe?CSV?3Nv+-zP;D6dqu){mZdWI#!h8tT#i>D_wPx}B_;GU(24-o<8391gE*^iXrB
zSQV5yKCFg!s9sq~haL7-Kl^p|;l^OwD%UP;-L54^KCyG^yz!9Ai5UZ$M4(c7NH%lW
zgP0Kg;Uwzr7ID1Q)w*wYg{-|%ihFX!_X=&3e^xmW=+#)w83=gGa|5ameYZ^)_*%Lq
z<A4A1sTzDf=*$|lYjm59A2d}Lc(5MtfmPo^8X8O`cf-55;epP<uAMEfxT`8sI&qCK
ziT&Sn-wrz+>Y9!1{IjD{%TY3ny#Mth8^VGX^f3CY7&*n4za-MYfCygK-MkB)Mn1Uo
z<w|1J3ButAM5)}aa%#k!8$46WfCtc2yJ07&!jj}*CICK5iLjO}?@Aq5Y?5wRG;jMz
z%dHF<%0z)Z*i_^C`Fe7c9c~0XASsuYuu6t~Ir9J*wnj=P`~JRty=j9klUU-4U{2ji
z7G1GWzvw^Wo$}+^Ltiwg8u{-xz%rpOljZHtBUF0rR4P!=O~O`og_nCsds~+ZZxzHG
z9>yN}?6O#!?b6o`Mz3WZ#DL=l#<<>C%)(rI;ws=~Zp`p_OOoI@Y=?vEE9{bz32DD-
zIcXnjROjKu+*({r8rl*bPCGG_Z9#T#n8y(m|6bPvm~!{?^XVr&E+AX!m)<v@R=S9A
zY**+OTvLi!0+=WHq-)ye%J(Ej3$x8dE*f&>?KaLl<mOYos?wsD5){fzqUyvFQ>9xq
znd(Lk*`#&4o(dNG($^cbe;?kx!g-L48?{BRa79%bxvQ7O3YY=PVbMkY*>z0!7H!sg
zyS58?fFf1Tz5VtSbR|ur?5Ymt%#dSo()w{#C4ogIi!77&>;<EJl7VqzGH29&`qtgq
zxqyv~B)JrDaiA{y+!Qr@FVl&aSN<~pjpSdOcFm<d!Dt6rVXL2*EiD8NaD7Rm8-*J-
zRE1<Pwt|FmsUC+BqXv_|>K;}cH+Je=(F_{5*$_$?CB}Z7(;PJacpx;*Q~76ppMJS=
z!hF#qG;&{vP^<vGGnTc@s|Pj@yK3LXOK7GOOSB{DEp@T<&KvcsgZ-p)EJJGfbYb_{
z@_FAp|06O%K4eT^ZV)945A)kY0qIA?fqmQN*~|^ON@|HK49wLjhp~hvzOb}ubkI>G
z4N!EBIGE_kVoK3JRdHDLg05#Cat>xswBAi4)?<bH9LfY&>{Cysf;b9oid13-d)v>&
zU_DGB2uixfp!o#7GNXD;1>h`=wu^Aj`w`Upxf!^+aGLl$E1>yvRS5woIy@QubJu#)
z?oWGis<3UYygzHd0iTYbdNW70oZlL!T56{V#1Q$yn!@*k`v<0T1gXiMD*E-GX^Ln$
z8~})3zDgy#y>lwkr&Y&nnAlurmKr#-J9lkJ`mXc(ZhHUPzCW#2DNJ$^T4c~Vd<o7c
z9v^N@4`$)_GM!_P8ccqCLWAYryd;{0CPbv{?*vBKu(T9u=x6W^Sze1F*_nu+EKlH{
zl+TA`n(32&F6$=Kgo-|vEZhcqdWXCkpXzi-$eBe$5tg)3d`XlABe|MB6UyG9$aXt)
zaLy8Z%{CbBJczNQ(c+zSvn@_^;yLN3bn&Fr)l0&Q&`r~7KpQ3-Vp3o!ex6ti6Wx{i
ze7MsgH65*R7ZwkF`T1$Inl6WwTtL}qjSg(grr=J%uEpB`?*VIn%U3V%P8%5jF}q#c
zU;y-=Kw;tB#k0q^w+%@vW@9qm7Tp}DOG29-R(}+n64!ugi{~xp=5%qi1SE7SZd%Eh
z)Oo(>hwoC(<jbWmZ@lP;)Y89)43%K#klY6!MtPbd^7Py%-*8bwn|8KP<|<5CBfWSo
zUd|m`nqBU;lhLnU$fVJ(db5eL#*2h5MYj@U&h+D8M^dC3`Cx^^!!KXFHZbpd%peBD
zQ3oV;S-Y=#!d%6ip$<~e=9Nd}vEMFGyEtA<Cocd-<C`X`A|p_!6-zgL&^?F;cm8ML
z{ekPmZNAV;&5=K`&SVU4#FaHr3-B$tL~RITz6<ZB!d+%^F+d_M61>>p6HIMdJ39s(
zP>7mXD&!`7$E&+)ndY<^qflnr0Iw!3=NaY|U+hQ2P45^H(tmw)aQzQtvdB4y7Guem
ztB!jme?1u_<7?k4bZIk1cs3l+_B|yIR;=1OMC%%GDyv7K88dvLQ@5Nc`oyNhbcQcr
zm;`oQB>}t!$GSR6!B?>_Hcs+d6x|lmrW_z(|MSUHzDmii%13CKym>M&>+{^%(}l|&
z=@(QoHhVWLKWuND$yN7|cgx6pzl6+Zw>fmRbuae;!m=BNR*d504#CoFfm&s;F>^wD
znF#!TuxD~ZvUoBI&@Uwc>6H!7UAXh_+`OQaMY7{2X7)K|au?JUABb2QduNKSX|l7X
zY`Eh5$-Z2<a_N14ZhNM7d$(nAO^k|V5OA-<JMn)}0-%p8tj(LYIJd^)rGZotlA^@c
z`j8VF&1JD&4fMnHQ|)6ThYi=X#U0ZU%E9R67ZNz(WA;41z33<dq|^Jf%c?+Yi1(7$
z{)n7J>=n9XsZ06be&uV1uPPo>e6TZUdg@ah4v*B_?hqcq@J)nfSJIpAveAV|^E1kH
zEybc}SFm@46ay<Yo9@LSe9s<rS6Tf*w(Y`w8h5k_RFdXD`<+m62fa{=)~z4}ctscS
zC_x9QDESt|VRw~CEJE9}N}r(~Q;5pYQ4hd5JuLM~a?ihe^McD9A&vVRnx7>{!J#`C
zy>zjn7e-ga8jDeQ+N9Q7Z#8VtsB2q$UhEyPeU)|AF88ReJ{dRc5gGBPa3bnC?<}<d
z+L4Y28oMYCP|REy3R(HTbK?Tn*9FjeC*t!gpR18laJ6+MtTj)Ssm4Wkl@#KV9#T3z
z3TWdt51$$kjG_$GRC!Oq_Jr?K@=<|G-cjIUvsLOrk|>+XbqAu8D<?~J7F_UEkS#&u
zjtNq7=gcHIS6s2y5*<?Wu|BCx_Jbp~;q(!nq(d<Wl%oI8eK^l8g5iD)19E6!`YFP7
z-dk`qUgC=7RlklqLv9bt_9Fi_^v4u1sIA5Yte{lGjFi&t0Nq7RJ!yX%l%%sS_bb4=
zHl3p^ekCqLtVV%XZ#W8Ljq`4Jasb&NtxQ8^HqzDSa>zvA`5((It&s4~#U1wGy)~mI
z5q-?{`Cg$w@fT42+ki@+IR9$B+iZlU9K!u@(6)Rvql4Y_+B>%#y;pEM4j}%kT8_-%
z<8IQ&`hplRgJEcb9Ih{?bIIN-l4?EE!>)ivU=v6_*;st|b=N}cxCg*ps}0u21JVr!
zS*1wHYixngH8F{q1NoKfW|a3?3ubNw)KjuqCzPqPC@hlXroU5Gb~4c!T)8g9P)RhV
zN6se!PT#Q(+k6+ICfyWRP`XZGtm0yX;8K>-G1A8+qn1^cETWA^k?3!pvSCT0EEj8=
z_M#Dp<rovcMe&~g`r#X;&PZRBM8Xx9<t4L}wPoti=~vFwlnwJrDN6dO+L9-zcZ2qH
zD5*vR<)EaVdE%j!`g@mxh|>?NA68v?w>yv(Pe7xd)!ZN7`mdQ@k6XizhMal2f`&<9
za_?2w=CE<9rfvw~%4-69K%q&~+hU-Xk8{xCkg3P*&_nZIbc)a!O81L8lq8MlKTIRb
zwB*;!00f)oO^FI{cEl9~JLV2<yZ58{qSO`3ajFH&P~>1Q&s=k)#V>~A?|n)B5!P{f
zXG=qKL^EV7M(#Le&fdbkB=0I%CWptwOk8s|L`S>S4BWcwVQwUi0A0d98AobPKuf@%
ziqRZSrPt#jGz+ktUb)J8!EfH3>zdz{HC|Y?sHoZV5Y}5=Ql3tVUej%N;HY9N2o$4)
z|9~vk^X%#StRRac@XMX;CMq5ZRP3@xd0K9-NvX`fod33RaUj1PkD_kCzqRi0w`ylg
z^xud8qtc|}JIs$jyHqo+RG{%cZJtDl@Fy;6IM7#d$E*I{vxnL?y`&{R$nB203IiJ3
zQ-Z%Lph`9G<PXsC;5yj6!u?ZlXZgM|K|m*Oln&?&LY%;0l(0b{r#L{bh#tN)HfN)z
zZj3;N`8&kfylzuH_H(Ku`})61Sz#e(1=Z&!E`KJtg|NS~m^cY51E)>^GSdK{!-3dj
zmyl&J)n%ZHIpv|}chGOu-8svthCm1r#>(@N+s}%H+hatPmB!0F9lJMGf{z`Ry7N2?
z76$wxXcti5xN)BxFKFt0h=*@!R28kRfhlDtI}T8Z<^S|~F~{}6hiln@9DBM+X>*kq
zE{rDSR)EP5e86;_Ni!eTUu`r~xg(}>uXIn5Z|IZF#|<7|c*dzR;md)_N$I^ieQ&p=
zQ4vb#_qzGCY6&c{RYyY>=1yKs4bo7eo-*kPi{ep@-enLko8x_6gbB2JTvp5EIk{xv
zD8OefX7{0aBrJ6%H2D)5Gi(|?L1kLNpI@&fZE#aZE?xIa^`yr_N_UbcF74k%-(Ty&
z=jAkwu5(?{-y?WS!fcw6Cl-+v#dd_iCew619k@_h!(ijj6dRg&DY^n&DdaIfb;Cxq
z=wm7BlvkaDdv-LkWD?d>1d2hH6($i&OrBaBdfl-7QYdPtd1WksF^c;1;~-G;;RFO-
zQ)m%+K(?+n%AM((JIVG4G_*EvUS7i)h;%;Z@^9`e{iREM!xbneSx`J(8a5;qLQKMa
zjwz2-wZE<9Ko&&pt>+r%FlnpJwP)oZzQ>}E%Sxoncv^tIRAl_{b1^sQb+E}hEo83V
z|7xk!{p&ke(fBqlM<(TEg=pQKs-+VAtQm)oS&|T1(_5d!^<6n5(YZn(^*=_X^ajf%
zgs?{*t|fo(nvpiAMok9LdP1d>zks-~Ll&D*KcxU%@kMsl>`BzHao2XIhRPg+)A>dM
zU7468Ylk*-!|y`l!hH|5!j4n>!(%~e&(peAEL>3TFX*S(-*-R8)(r{MVpf-gv|t1;
zFm;DW9chW|`H8(s$Sx)bNB8`FEm=Ezvm6r<FGuP;#d;!2WuvEw5o5m5hbBnXt+>1Y
z*ExQdnH58Zt;^Z$P1F`Lh!6xPnKvfpBH;Yo5#Li0F|!a$n3ywdPNQ|AtCgzOe>TZR
z_FCGUV@r$$$?+DnjxKj8I-toS$i(0~BSN;;zryQGhFW95wJ^E#t=KWg0ajILn8^9~
zq5W$`q(p?UsAcF(SWJ!zc(OvVZa={6Zw=`RSnvdqwLqYR)y0Gl3wKVVo`a!Gcm!ZS
z>0JMmI{HvarsMuY*&Q*=g@R9k@#lBi2IQI-Cc%O<Z<v51b=Bj>fMGtX8d6C)`l`pg
za>yz5=xz(ocJYc}Y(AJ`Z73vLH7l4)mmAo-Bu`Y#HR9zusWhn!Obi(zcecd&zQ5--
zF9=v_bT{qVxU;4`dulH{*)mME0KWvF5?wxMdujU#dDl=^&yHF(Y%JnSjMp1lRDC%s
zf8X;26KDLE*@Mts<ICc<!M*y)vaXE$At)r2{ZzXw>zH&{PO(ZFq;fd_Su`NQgg+|w
zkH3uT2_qnD(2@riqUIxMG-n9>bEQn0BD)9;>d-Sur;u);H*Nx<nj24VDfKO-5xjXi
zc2;*|EGOI|E_Pjc3*R7$2A%VoLx-X+Af4#im1CxLl_b^`SBQrp+Q&ERq}q32Tv)!7
zcd~G<Wc;|n3)k`O1n{pZ!2n0&rmZnlqy>Yv60MXmuxYpuEh%7uods1eSACoyt1ZE_
zPkyom95YvKwR6LvY)2dsQZsxCn;G*qTr1iVWmL|?`xH&qbj*&ic%YxfFL#;hWJ3IE
z0u|F`FDmAHPJO#SX{dSS-Bi~rXl{WGxl9erM=*ze_Txz2zRe*=#5fenQ%N*g!<P6w
z>R`~Tl%`Uc%HW1ko0wA9&~v6>>yBcgcoXb}I$R;(2Lv3&l<XIvIOFv+No4qdn4&bj
zS@A%9Jv}OEK#Ixjoi?<TNV%^#35|J%%#Cdj_^IYAYl?O$>d49w{o_IwL_eJ8{83Ci
zT!}Q?HgS@@t_efr{|#mJRO~-A3vE*)S{(y%4c+-zl^ls*C<pVCz#)h^xQiRc`GbiY
z75AsgY|dE~(5KxF`+k!_5LXEjPPMPAtzAO7Q81Y@S+vxbNH$NAZkBH_V2tNkt?8#k
zvLzE2$5>sk(B)1=n)j&gz2blVVQ3Dy2#R*v_DyJ&D3;p9r<(%~B%uEX%zY4lH9jz#
zsKpec(%knZ5zU`topn+HDZ`x0N?fg_nA>QUfV@V$SFbxR*;z8=(j}`+sgnPc5b7Lh
z4s#VPUTu#$_(^R+Zy0VTCQ&^)b$+?`XmWF7aVhBZcFbI<{1^|W(bDGY9)l%60F&zd
z#ykp(8iCmH^zt=1p)FyINjd#=!Wt5U%Q+EwLbsO5zvPFVCBrz1Z&=@x523Nbpsg}u
zaOpYB()d#*yfPXCUNR^?O+s>57PCh$2~Yle`e+Z1h;PydkY<_zf#rP9mJ7&St!`x~
zovm)qJ3;~iEt^;4rlPQE>?uqj6#nafmp&AU(@21Bb=I6c+T}nUn0EvENS2xATBZE6
zVvHHTygJbj7lQ$4XXF?<g}PIcV^-FwU>Ke7<(E{nPll1QQ8wCC)mo&|N>zpTM2>Dh
z#}Vkc+_q1cM<bb1PuD{yq9oLrj$avD(RUSfBMPYtRe$NyIM8<MiRU`cJ%i&DOJno2
zDD3IywHGY*XA{cF)viO)0V>IwCH*AZlSz3`Iqz)c5jbB||NrT;Vf?oEC@Cu@waFWG
znVJ|V%FAYyULk8rI3dojlv7F=l1nZ7cKiDJm?MpO2wl7MCicnPU<_Lq`{IVz<%n<+
z`3Cu7JbPz4;<~OX71hDPn5hd9PO<+f(FMmY4<d0UB`=fuM3DQLo*#pHMLwsZE&HI}
zlXB<K4?Ln*^u%AkAIiUzYsVM8fDB}yXG|=<4EdXP_vd@}vFM;^dWQ(xde{9L5#?sh
z{dOY|sA|iAyk#hC)VJG~j;6Qej+BDvtyqpv8uee9ios!H>L_LDJfKGeq`QxgOJ~l2
zf5*51Fz_|4Ge{>|J*yal64jP5Xw3MD#Ttv+H|_LRS>iAe55uOV!mgh@pZ2T_mR<C)
zKA<qj#xQ#Ra^Oi7wiCsT`t#XOdT6lG7Yu0zagi{HPvU3R%Fk&Vwe@ht)hb5pxOs7Z
zE<@Ewp6V3@IL`2lAlk}D<E$4g{%v<Wm(a_`<&{ZZ0xa$wz1UVMi{Y2UH^Z;q_lva*
zp4x*aCc|Y!6CFpl8v{Z10ddBY`kV+1NOyk`#W*?4{|!a91gf@y(#k!K8y=9MvgCYd
zq&Iy7Ds!BA^y|J6{`pHoSy467yas;P(_6K%Q3eCqA(UzedSs#fJi(-BBUZgQ+@v#~
z&&##mzv=fH*`%|V(a}+0EVLDP!38jCrw7q+NeNYz;_~~gfnB<C%)_pVi_HnCQzz(9
zIoB>TR3l?FEXK?Ay{C#+If+k}HDeO+fH=*b=Zj>n8`sZlLQy~q&z1d)s)bg}Z#t*O
zFL(F3L|A9kS-}bAws@a1qKit_IdRQxv0zP1A)yL&Qjk1OOW@hg)o|)*ELm5Yf%oXk
z6Ew|Cfadpx^l$^lrwd*i)}ej5uU=6yEm~5CjQKalUD6jS;-ZN%nGx`%EGu*?1=<hZ
zq)&ajH>#1t<>^T?hMKP&6*7c>fb5$lQopXu#ebj}yg|VY6P&)ivWs@|LrDcA0VYYC
zxZ;H{ONI#_VK(J$I`9tZTawDa(GbmlDdeUh(kL*sXlA$WYJetgi=!-lQ4rROoEt)g
zC**HSMAciU*fHV7i31vyPd$5w*+6<aCK1f@y3BQEU7^8w{Uv6orjv<f6)T;O(^C&y
zVuN%VN}1#u4|Tu>onV9mO;@>VsoK2*!j9r_V|&wwrPXwU?WXUfd}MRY1WG4!WFZY=
zG@N_rtF|)sYd*FiK$Qau-ZPX5(i)}6G2gx$XTHbHrd%(J#zp7QfJ}E;OCg#D^XV)O
z6<Ns%=$JQ2m&r=CK%tWcl8A+%q5ONGZ8PebkN#O;^N6J0U_EhI?NePm)zn|RSDtW2
zLcywLJZ@qKLK-{6DD<fteCCUdG8>DYTG7he#Rh>!Lyb0kvJAG@3zB;E>li=c(>sos
zss2S55vZ*qR3DhMX7}`^2jea)N6K)1ldzOHDrBcgEtxRMn?`SPkZh1=c#ejJ1SBB<
zag=74x2$Jr^19yfdxUKLlvmt8j6sN(AGs%6LPO@ETN#kx_icNgsYV;N3`4kYiwq6D
z$!k~&IbL*ecUmXZG#GLgvVWT)LTQG^inmzQ!ZCM+s`6n~Sm2tkO#m`!j8=W+VO|!d
zk-gB@wZK_^yV&1yDm9qJx#mBsf(x2^beRmKrXx)y7Sx%JS-(kz)m9E6D!fBs4$!p7
zeiWB9Z@3B5s)X&pe>tDNLpLxmpnn3+YX00#{(TN3gp9Pj>x&iiRO78=K7?SC?C~UM
zN$WXiZW@P+eS02!<OPnB1Mw-0#HFXuop<2*wr<n9X$xT6fq%2UU5k(Y$H9I7NDcK%
zXTI(IA2$odbY*eCv;vxCCh#@>j^8j^e5&Mg(m?PcG@6B4v(i7z(;A?8H9Hz4I(5+e
zSnTTU3#8Jq|H%)ws|H}o5f@#`n5d)KKQuDbO!wE!1jHo%U~#u3)}b5EP?btsljH(y
ztH968xYF@2rH?)6>a0~(0;g8->iKC<1Lv^#Gy{^Qc9hEVYjai_zGP$Ci3Kqo4t~e@
z+g!;qSm@<T9tpn>SC&zF=i-RU8x!bVO(TC|5}?*EHcxm4;11HeL_|tyr!@+iJ1k5G
zSn?C1KK#jUg^9%E&Wdrm28`WTcTY@LHpfZZhi&Rr{}a^EMt28&`rh=6{;Y~vfp6r8
z?Z&C7f>vfU4A*HPVK$2>h^19Tya4O{2*PCzR8g3gr-Bt2MU(-n#xN7OHGvP+4W&6c
z%fsvpH8zbDn6%c^^$4f^-<ol9Gij}yza2WP{&r-|6q&J#BKW9b32lK?Y=Zcs#Z_(P
zTHV8!`r+tbX1ilNc&z@fDEoMT3pItr-_a$PP9a3aC6zZ>r~9Qw9SNd-+pek-pt<hY
zwMi%!KS|e>FO)@z0c`N7!qb=cLrq=a$>A?)g?p&vI<rsVNUl#A3=}3CSI^tqIj~0P
zQy_u(v1gA<(q9Linz&`WPR0iggf4p4nO`4f&sh|v=J=oGDU{|Q23LYpXyQPvB`s)T
zQ;ycU*7HIQlXP~$ps9g8!I9`I#dOFw0NG1hLdd*yqlk0^ehOY(If2(Ri;fC&nz2K#
zI$Z2WWMxPW_3Whr>69-?TqeZip+^3ewLa3!Ny^$f8!!}Ri;jxG!9z1+p$XCel90>6
z5`7A!?8gUh!LKG3eY=X(Nr%0Y^Qf(Gk%6VHWB22xzaaA2Ge5%N|HBHQ6!~p6ccMfO
zl`j#*=T^ZYtO44$h%!%hew34+-rIiq;!@wge}3GmUVU!SQ}6`C8QW0t6*ov_DIwp2
zPEJ(5V%kc&!^q~eMW*&SNMIoM1{iR`IpAh$3Jdx2Muo?eCJPRKW_|Wy+A&aU-849V
zkumD9JRzSye<{r{_tpO3<hu5AQLttiLml5y-F9U<rl6IYH0i_Qth`?gzOAg}%R#lA
z1%Q%&|N3%(%(RXh)#p7NlqkdWTJ%Y4q6*ysqj8EYF}DUaYK$o`s{mA4XPbFZq*Vt0
zI6Pi`{rnV(hdg_LXC1JFFZc{Bc~D|V1c%S#OtXd2EDRXd12Z!XkX0pp>o(?pbj!+X
zFF54qAt2(EZT6@vDtB^91x_potn*9?q8>w48t<rhY=3YK&#@bHIoUZD4DXQ$x^qT8
z5sjo3_8q#1kC9(vJiFP(h8j1fW}u47A&V$8ux@;Cd=n!Y5xo9k{Jl1C(Ml5Rho>CR
z)C63wd`7H7c%g+rc&O<0r!UE&ON({@GA(7@h4#d+>ncDshhId~Nhu8+8Ne#+>Z&^A
z3hV3?uSUd|1n+xqFRv;DP^8cU|5v}2&V8{<zRIAy(a#E{#Qp-l)TwVxCTTORJB)D&
zh;l~ia|+aIMhGMSz4)<6J9-9M{p6LWZ#7o<SrsU`U9nM@A6ub|@-H#!?)_tF7+c|P
zR{75ueMjEO@50s(;GGGXoHym|<m=|5B<qVT?|?+y_uP~7DI;=h5Up7hyz<~k&ed;G
z@|ZN_`9o~ujh@6_@mlNGa7s_crMt=$g9pvR5NpN4PvMIIhRG!(mDQGQgXLwa-hY5P
z67V}w9&$pG^+!`m+wY)_Xt=~zGXdsA#aZb+!sEsjIpcUWb9y>f{7_Qi@V`ItRNV;3
zJ$y6cY78n3L?SGSlUSV&H~-55z$<V_;?-Och!}WDTB6QO)3Xzsywz1!EcjC=PJSy6
zN>jx0GW--t5?>png#RIzhSdMGw-;L?JDVjrGp63MzTGeu|5VX&(*6x9Bv42~60J7;
z^+q^+4`Ce8*}3n0B0q&ttw~&#nuKp|vhPthY;4p+_+}O3rcCywhmNXZSTw;@E44@y
zN5ZD6_Ckp;87@$<iNWM{+b*pavuXWu)xeLcmq4_C8m*Go8FmK1y#&YW)ZpHKn`E<%
zD47>%ksP}9kE#e`z+$iNNPX*#eA84~rZidPTBMWAiGOQm&*TKxu<LiwWWNaybG#~@
z+k~5Z>bG=e^LF7xSHRb=c!$$oc#1^@Dm=r%moa`YgP<`P&8IW|BTy{qt`(T+(`d1-
zL&1m*TMJiY{Nf1Mw$SZ<)eUH#qa;zM>r<c{?M>OKB2q2i&Vd7{?-vCatW?K<7|GIG
zbPDqi3XM?f%Ngp#DW;y!+v>i3dMPdAPXNE~%%{hcW~K!!LIpK#UOjgi{H>qvbcru!
zN*W#-j$RtvS6bx+CwS!U?(Pl_e){_L=oe{HCc4<M<u6f1!W3RnI(Ih18ZfuDHwToZ
zaHN>e1o%_$(|K?__l+H<ilXf8u;4wYj{d-TX-Z0uEtqQMxoX<Q{}@KoKT!DQs4ZTo
zNF`cb8aPzXYrL80B9_q&8*_hJg+TqT7_n@%fNt&4@+yV$EhZ(_7+O1r%`|%ZzhS{1
zR!%G8eYS-gTN4J7te>HpzW#3Ekx(<;9UTB)87RfGuG{E+uJ=y-_F$SAE?m2SXf3#H
z&x%8=Zk1j~4+DYx{Uq$nS*DWKQ&^9$T|DC%-3@Y36ikyiYRk~P-pAg9A`x6wEng>Q
z+aGEOny!Sf`$0?}0e<GbWMyU5_S>*fkM80ZdJ?z~5T<iRt8h;mVr8r7b(H*k{@PQ3
zxA-)U87a7#N_##~d;#`!WckbdEhPp?k0ILTwlhi|?zllUQ+)8BF3g3jXjf%y?Llpu
zhaBcg8YtsHS%AZ2suDi2*4Yu#WFt>2N@3)Xwda(S85_P2h-OUi`_ETE3ZvY*xn}Dm
ze{bP#1ahZ=!*AVYf#VA0J9zKPbj@}bu-@(LK)D=0`~ifEl10jGn?M34Xs4D*IZo56
zF`%D0djbT<IF)30rjgI3sHMti5y+XRWES~be=|l?S3R7gbe1<re_W6@<X!P`RU3W!
zwry(R)QGM`;!|;1SSkO;hR&m?DsmR1oTLw9@;f|OooN%F1)q@WL|ZNX^tQ3aF=o&!
z<oUVwdP4DAY;d;7_RSeLv@9q1il@eKk&`$^@^Mb}>|pBpy#Bvo2&U^in3zBdDI4`K
zN6(wZJjZUyf{bC@WYScQ7_A~;u)EiS9dr1X1V=%PglY4jHQB`9*Vos;@-LuCXfO&p
zr5>mhl`!QYEZnT&GHl-9OS~(;Y{yS&b6i@WQIqPou=8Avk%v2irE3k;P1{td-x05<
zZ9s_=6cw@#6|u|i%e*eA@{8^Nb6mn4-xB0!h<#j|+~Dw~sU@0N`^u`Ue}`nhcqBgR
zOtM2-V8Y~B{V)P$Q%s%&r410(vMQQ<JS$SAjWpqwQc<Ovu{^oE=v5^TCjo#{W$euD
z|3sytl46FarVZ19{KT#ea9@nY0P>x+X^|l!SIf*;U|N|hc-szc?qz4u0F+T9NS@sa
z;&huCpnK4)O3uPwMbB{r_Ul5*XM!TVb4W_Qx(L3t3-nYv`v{GsW-&H?cc2JqkgjUo
zo3O$+Bcq?W!gnswpS<UT8*%lC!$&SRWR25qTNzXxb+vnga&*lWV~U0Sc9zBBz%}FM
z3nuQ7TtT+tH@4wp`qMsm#$S44m0AT3Pd%}9^64qdtxn};uv!k6L_2=qt(Zs8BaiuC
zb$n(2%igpL&m>=JbK%V6X8nDhw{7=kk;AONMT$2MnD`EHT{UC85g_poSMp9Z1GY!1
zKZh;9!#YECtYG$J13P^q9UST5NHYhH^fzEqu3xw0joLM8sd-7kQP)LLedm<i?o&)k
z;p4@|+JWaa=}vm6vScwoL5M@=taYu`ohLY3I-^P4@-q5fSX5DlQ>A|_{{&8>HSqf=
zTgJ*I5LlP80hCRzUi`^89gKklS-Hs!l%2(-ghtT)kebqJWbV)P-dF+GA%CWrC?YYF
zE}SDaOb-Z^-mb19yzrMDuo?M6Uq?-oYeFm9)!$xjCOsAN93OBHz^z>yN*^9D6;W-H
zOoZ9-(W$A-=<sl!3_ev?$3K&EY!6ij?I@n;)~%YT<G}Z%`tZbEmAf}{Pow;101srE
zzLf<29zmqDWIdL!0l5jnzL)qu8&`4>*bfuaMG(00hjD<~?TY<20<>3FSLdFrf6wtH
z6^z4!ci@sxO;0jeIr4LS{P1KuMoY1k6k5K#Q^hL!;JpRfvtiCRX5T~4tMeCd?T&*>
zHW^e~;2IScu1&R8ZeD<gaGWUo)wLCu^n@{MRwSX@H&kg*VlyXU()S$7al5u6Jnyo_
z`AdIvsN&s=CxB&uRCYypu~=M3fiYBb0=^c->_ngH0Q-=OJ_Qb~{OXk4Z_cHU%kV%P
z*F`S4jd>1I>hRb}A0y5TEBkGVAcv>N+z0RWB>QqA^iOLB5yEQGMoW$${K3hwDQD={
zqy7vtr|1;mA6G^IDQr@5&a4X62)2+=E|mB%VJiF?$f&V8;`plG7BJW4(zX5R8>c}T
zXC&Jr?j#&Y+XI|ppT2p=XZ#8XGh9S>4T3%Rx))VuNBXV=m63}IZV68klrD*q2%1sB
zq!Cyc4&aO{^>$_<pSNc18bR+@pmAr&jxk@%myFf`W540pp$1=ku4bu#wb$$rP{MKz
zk-1=Cog{7(x7ynrQ2OxjAgi^wb6MpUTl)Ar<m}XYKHP=%xpJk?={gt^6js9GGI_hm
za*gfkd%r872H&w(aqiv7KzN`uqg-rF)waxz*~Bv}ZiJmCTdd$(*mA?k#fnGm!vQ*5
ziN&;rS#E7DZ6zm(IVgZ^-zvQnGo>8ghsXSiNm(Q72B7-%sE9~T28sOmuidiw9Kf^+
z3!RDErL`BMqu=F>D(@S*C4$j{M{Ylmr%PA<R)-9E2zIc~3lmr_D1AyGpd^jatDPEq
zs}>%W@{JDn=zuJ3?GJh9=299TZG|p)Q!DNtI%&uU=){jW?!-cvu1#gBP@d;3JI4@C
zm`Ov!uVl*gt%s(9)<Hv|VKoYH!&*7%qYT&t$g3HMWy|<ru;m>z`P^~*X}_9k*pGex
zCb7o>+5)jO_`iT@)tVFo@;A2DW(pO*5)1-)MOrZ(cOuu9z)$)Ia*;r(s;${RKdNs<
zm6bqx#UWpjnI}gLl=?tp+)h1dd}#Dpe}|9>7mKcd{)`)*p4-y4vrd%d9rZ0;uk3J1
zs%A!q!kold$40iOlWB$QLVo?7SMEo7)GA0!s`ziI=e&^3K|(fB>f0Z4o7VjOr`Lz<
zx1ffjt8Io7uAKovs0;a3f2^gRnpbe4zDk%Sk@bT&gPF=k%euy!xLKmZ7P_$0&1F|P
zgL0;!c}>{R#C&Hh;C}_x7od{yUW&(-Q#$|@*cKbzq_?Ym@k(vXuQSpKt$;Tx38<fT
zc7T)^OZo5ijW0Jo@=mYMH+<x`PeCvGhJcuJ`U~imPPH^KJeVu81|>b)b=V2OIbYuc
zTA|zHG_U(HJxc8XF~eu)T1U}L^4o@;N|uX>I&|401se0Hu_xO_=nOGolp_6uFiMQ$
zw$?yfah~^V^G}P3idDJ1ZLmIPY_7WOBi|2x0(WSaV44?7>1Lxo@Rnz}tXfaT)MZD<
z!kP0u|IN$$oAal};m4cG3hPO>>IM3xNJ148S&<BC7u^NT7Zsu8DC)ZOp9-aFzm-Ol
z7N&UJfR_`UBgmHudeVi<>`fc4&Vm500{D4WPQDt#u&}5?C0f<2o)ORvmmV;jUc$0G
z*OS696~u=F?1ycV$=cZ98%HGK2R8f(A1EH+MAnVy{%QdyYjTI?_ATOToWdr}SO%AW
znYF4|4JqV|s*nnC(~rj-#(^`VBwEny#4I_)ezQp=CX=O5u}!)DN>@dFLX$7L=V@N$
zqUe-V%Tix>jm|Ko@;NWiFBfH8z#UQ=0TfeEng$>CJn@9e<Nx{^f7;q@N_AdC_E%Ag
zHkw&9f&cvb_qB_pm5!vbCGBggnKWS}=Fk4A_x*Y_G+4)0eYFE}GIac@$Hyn<Hm%k(
z%eaIR{x#^sl<KKOtqF7Uirn-=QgpiOlAjAe77O^<70U1xpPwIvgP>mHslou#x07Aw
z@rVvRscqglD;_s0yCpb`HSQ-aDBysI#l@Xz3cvVoK%g`WSEAIh7qfc{d=5#a#Yfwm
zhcgQXV`95y;7O5qgmRJ&drKgnm`F}B0v1dKdi8L@&3M?k(KW(R(`|BRt@2cSEzUzA
z6m>KikGn`-ZQh@`J+3@E;^#}lblUc&jJhdh5hUX^k?H8Ju5a4qq`jTBgGP8NaK=Ik
z$GFi@7o#%qR814r+!swb)J^s6qWq^oMFju_%Tzo6H0@=Op`?45m`m-6vljlwk#GDa
z>>$b8BLjV_43+oVJ79~P;(i>UdF)#C93G~wzvkSbiyN&nfD!Wdp@@@+Bn0`Zn|_V@
z$uGmo^#_X@e~<h6>%rFwWE=~PCpp*3p06}df+mICPtT=*o7SIa#JPzJKjjjiLd}%}
zmAp2IIZwi8YC%-Mi;>YODB$OSCR$}~zpq4rld+ux3DL;L!^JcbmJz>u0wBWid4H~X
zaiyg#p?;!#&SuOCF{Cx16n_5q%9&2JOUA3ioneAz!$m+jUEfN`Z?05_5i9(+x5IP<
z7#3ksRuf9zJ!3NqAaF3NxJ~CkGC6?sg}GK3gvcP!)KU_PXv~N6rE>d+<wzoiXd_i_
zT}KzV?Gh2;&%rsT_u)%OZBhz@h6Arw?mY2GbKMHU&HDO10#(yLK-QsJJUVk042I+`
zrTDt3w6BElTr2#aLtyzg<>Pz@r216pNP?h8vLY@OxwOBy$bYY|6{eNgk;1l}|AAD}
za!!M^;BPdcJcIYcRN1Rao6txE_h`3f%L7(9rhWUqYm0)x@T#O@ot1Rd*OV1*leEU!
zuOB>jigW55H&FpBTwhUYSwN1qo4*{PeZ)=xyu#Su@#y5q&O;H9*oRYU-tf@D>YXBo
z+~fT{CV&}{F`AbBZ!L4$yjnTL<Y>5mspjrlWEWQtE(D?=SX%5g2W9bhQU1rCxdJV)
z{z9tP=Kv}4%~Wd1Ud^YmfP>IFM%TQ5Bk=oNW17jhW4e^k#tLZ*gJCf+HwJiSfcIv?
z-VtN)=*4E~jcY-Guix?8dcTLrQ8X;}1_rrV*Ux{e`i%P!O4E=aR1lP0nd%gsD-1`;
z;T`;Vze;gRk<bzb!uPL(AyQRv%%hSMyhU|A9k=7W6w-P7%2UMG(4jCXDOLH3LpAB<
z;(d(FN_k$`H-9w`PyRzJhfF+b+w~nRCf$!GIMutCUm#S-83-vTa=>~n1-oGZ<6G9)
zROSKJ9MIbH+DYT$SPA%}9v&VdUMUANA!AI`RI*#PM`rPxM%B=zT;$d8>vR@$?P@ds
zH3vo&rOg1aF=4N(i;D|D)GT11Y4GA=Vy@@99XiO><eiG(dD}QqEv=XIZoiiB_;AaU
zqcD1i(aL6vzhnkg0;QTv#W09q2?GnK7vj<}?I1$-rI=8T8p{TGrX~=Y#&VrALz&&_
zP$mslpC?kOm6jG)`RX$8fV0|sut#LGM>HFWzYeq?lgwruT~}8ZZ`SPK5x^(8d@BJX
zsRWTzLvRD75{?JH$M$AZ0<sD#2O-mOC&pi_Z%oSe9o_64%CQD6>8Fr_J;c&+!=T$b
zD{s}J@^1GZ(HLu-=3JtJOLmBHXyuY8eqlRg-KK087spFe_cj<N;*}cl{&>BGf#}%<
z!25I!9t$V)I#NSEB%2SXoL~o;o5T^gdOwTl7E;6$Jy+o?_1u2gz(o`e`?wN>I3jxt
zB4ej;0reT3O1!GW?OzM#xe;px9E}SN{d!%dJ43pOSKj&k!;^hQ`*M2TMAD@{CU(Kq
zVJ^e3tN12IjEs$@M@IWitAaGHY(Fw>GZA<H+g7ik6fi&A3|TD;jZEGR%$WnHbbDbU
z3iP}8SGL(A8K75#kE22cnI83KppS_2FdinZUz!VS?RTKpkr~H*-!lF*PRKVv&K27<
zXd2>cS#>AaNqzFMJHsUep<g48M~^~|>CHi;NY^l{pS}$%IS53d(U6(3QWqd3iO$he
zeynYWQOGPB<8SQ)HyXiVk}Z5RD}q|WwHSQ0ZzZ0^fOzzGC7ULW%jt%M1NAr1z$Y@x
zvAh0NWXg$tKDK*myzL#6GSp4w?^DktzXu%QiO04=8l?*XNA0kX#CpSWapocfbF^$~
z7Q7TUb)fWJc5cnm&&Z)L-WNED`;%uw136`L;Af|w%j0MYlOFs}MF!Y`yShSwKw%dv
zcn0*veIG~6G&<8zjK^bDqFx+d848hY$K2#wlcbF$Q;kVH|GWD6H@H|=dQ9ReL&hHW
z(fUj#1AgBs*q8HeH@kq;g!@M_vi2`W?KmI~4)RXXJfzXW>eH@K=T@=T+(un53gwc+
zJo>h$&cGZykC|9vLLH4usGUNCini(mR!_WxH)u!5Q<A5RQp}vJNGhEwyiZ)c%{Kn;
zt@pbjWG%jCp8L=P5Gzzm4(wh23tY6|jkut1D(Z^=br8w1(aM-lNF#=J4P^W4vuHY?
zJ4n-7z-92&-bJeS_%5IYTRbXI?zqw@hDTOhC7m?N<Mw!+Oc)zg7vppan@GkGTV|M=
zW4*TXXOV`-uXv`J?1nUIcN|!{sI8%Pe<?SD&JXzox#cp!`d%uA{F1g5a22D@nkx%q
zqZco)!o4A7CM{?B91R{V8rWOLDiQ{ZHKkh<glJgNQYQNG{EYi%9X}P8mWHQ9Y!ykC
z>)+$aPYetOh)4;+#|h=lp7_}|!$k{CxmuYUIhZv{XbB<BG}K<qIT83)0-zQlOV<~?
ziu%MQ_k4vBNYx~JNVMmw;f7~N;*>p8dCao@)pMh!_q~v^S8N`SKiI>LZMh-HPO$`o
zlHV4;JUI#edAeAoF%-^bBut}pa8%k-V2s;KsUF94ewfP>qq5-2D(Lqle*U2XqFODe
ziy10@$2H2|Bla{F4batqRboK^_p`w2)?wv@;XBiGC2!N%)h<r_fEC9T2+c>xFLHpK
z|3(%(ZtS70tJ9intE8rlQ(%J&n>z<}uBL(e#-uTA+NbB|Cu}Sj7F@RK@_BpPzvmE*
zai_sRm9V`2^zNGOILtc=x6z)mq#do&l*<+B8OF1J3w75zd>$W&^w;<XM*wZms@St(
zC$&?~91QO?q3$DwLv|$;G&O$;x6J&(>G9!xM1{_+-xLecvTPOdpGX^_3{#8P0n0xr
zE#)IU8xMyIc-#=1Tj=&QT$ud>*2dJ~=3fd;WGAGMkZuTSaUD&&{CHvZ25c-dF89X^
zLzG!*WV}LE-{ckGoMw;xm4s1Tj~}cESbq4=`mi}uo>Ds@vO3bQc>^G#JtbkX{5&9R
z-aFZw5YHiRM&x#oB`p>vYJX~7Lq~Nsx36UxJ8~Sim$|(kgxRO_!Sf6GHWu26`y<*v
zXi|54)+02pBCbNlppoyKjAz}`(i;bZz9MIqwT9{>FA`<u3#9C@Q4S8xL_XS9l7xBr
zKN<m;n**tjo=;NG>7@+Hbz39N=bWhK#AfDbeyNcE5c$wOWg;Y|ib!p>>%JM!VE?!@
zM~lVOH=pTW15I_R7HrapH{X*w7|l39Ly(%9)9Pq&av3b>2$KU)Ie@?jgw_|Ub>hc{
z2)I!&zl_MfeECldzJ4{RYgH|aZPq6sAgn^{ogLqu<|rfTk^W^kfpW^@%a!nQU_LFx
zK_yplN98&qRNYe|IiHa7xrq3vOlzPsszI;!{My<Y{jU`DUtmkkY+W=gEvcx=9~kxH
z^Ctx*#+Z?T-N%v}H!oe=sI@qRAU6tHcDYoTxyhbNTv^vLbyhd(0)HN7Ic19w+%KI4
zL=kReVn;xM(bLm2fUwwF^XqlWhA$^{c)1~?#GA}Vpj`m*Cv7lnOql7)mn_#X`!$hA
z4Bo&5fIpmn$HKp43|Wm%FR>HAAv?zrq;3d_{FX@W^%EZ;TEN+9irW{R6qUQqqzv;c
z_e~A6RZzkm&_cnR0C5oYKq3O}5c+>`d!hLTKaX<UQl^s_Ucuu~I(<(x2uJS#unJRk
z$W9^Av^({eXZFO(!+gJcc@H6K*zc0>hCdtfVC3IpG_+Loe+i7RIw^2Um2r&v6n2xk
zD`8!txKbu>?=jBiuPc@<#^6x_V`0q9%=UwAf&H?m_g+A=()%5XQkUvc{=7_H?tFGo
zFG25zbA4zDK8ragkNX3lsE&Q8y-1G`)l_(l^jti{CJ0gu$lYnivcXTA=7nYvO>&dV
z&mIwF6Fx+wfPsA)4irb0D%2HUwz1Vb6}|!!1!dH%UaZ@=LaOD%>ZL|=CNivk^B`ig
zgQ&y;u4J$1OZME_s-5v^Ar9dYZckQ6Z*)XI0+di`S`r(gm;X4zaU>x;s15}l!b|mg
zSnPeidM1$&vX90x9WrOQ`D`<$Q>x+#!ozM5UXjF?<a`JfA@AF9FZb=Ot$J;7&MgRY
z=!W>FrvnTbv2lL^`)oaB5?NZvaSQXP;lhi~Jl{8jdFf;we&V>To*z9J-R1(~L&go|
zgg69S0+B>8@f9N+DQ~=#mnc|8wT^qu3nd+5f#T8Lp;qp<c9d_%@*XOdU}~1#ogIa;
z#oJL5zguZ~+MEbdJh5~_vt*hDZ5jGQ5V?2b??V-s6V0eQ7`G-mjlHbq#HGpgvVQPC
zWDDKhG2N^QRHnkCPjcJqK_!^Nq1nJTFFXer7n+gq((|NoN>u1@dqa&}*&+OJUbQbB
zD7+`7mX&8VLf^cIlIslQjOJaLuuXy}NP}&-1iD8?Z|DQop_1TiV>T&*ff3dOby#Rp
zX+Cn*as0`5z%C3110|qNj@+$1Pc=VWOFV>bJ83wF+S$R=@X)!o>CLSnxun|bDO?F*
zuClt>HNUr~XC-No@`YwZq9>{|nY|m^@SY^ujA3NZp>|Q2`2)>~^-&2yQ@&v1st#-s
zCmziDAZiQtJ=cq+I9&N13fR;1W)H}#`Ro0Qp_0t=j~!L>qNEMyDBN=ePtr~t1PE!5
zYaNOW$k0cAfm7TntG?I-?Hdu_pYhzFiIf|h>9mmA!9F2n<XtvCtt(7df4Y<K(~nK{
z%R9hM5a6JRhlpGV(<^_FpR?sCSTwDl%;rUy4F3$eh;MP5J?7Y`x98A6Z;JUqiIrb%
zd+k?Y8qV_-|J0>O*&l|O8GOAzLK=nZlfR#MSufx`o+BD!llB{r5=!(*)Rp5vbV0!>
zM0BqEddRZWFCUVt{#Kd2xF-ya^{nKfsJjzfw17mNG!CS9Ux`*q(?aRH#hlj|uWVpF
z$2F#qQB#3f3Anvzr8p=&o`NqYD3kf7gu&o`kox3>7`uiQ^|0!`N0{QobHCZp_oXrc
z%v+OaVPo}N#Griq5wzG|U8ZT|XW$QjAq>sOQp>qg%z}e;o0S&<QcbBtz8r;%r_Aw~
zC2%qa5<(rNj#4Y8H8Tq2BNUcg@D82FaAiuHdc+O5f^RfU?wO{-<LG<xrQ?qVkw)@*
zW}S$XISR>9?}A(VQy%HYV@U2F@hj5lNS-g!6C#BvUzXF0m4rQ&NY_|mpeJUH8^T%1
zdC?;w-LP{Tx9y6O6@M>s4<0)K*HusGk0F`?tCun{fWZ-Sd!V=4Fud2%xoO0G6K3Xo
z*ZbFi;_CyA4@1Xh^62v)+V&?!3wU>-MVTOq93@Ahgn-IQz<~gK#NdVfi!@L=iB@;K
z5ef+&&`rF3eM`lV;i$eY3)$1Bl+*Fq6r08(=+)>u=3VOB?0i4!n4qF7!O?Y`3q&Ld
zmoC6SMwMOjyo`vLg~>+6oBO_k_=_BoaJD<C>2C_G*vx+q_*76Taz6-DH96Sdp5A)l
zBnmy0Q_11g239XPmy~$uo4U%T=Kn)y08L1tvKpd4o}HZmOJv=`kHG%E3|;+Dd~DJI
z_CLEeomWkNmELM4x6bO?6gV3C$-LRf_*tbDe9_&6Cqw)pC@^vFFtH{BZh33h?#;Mv
zexJxmM_=D4Y=0_*1x#@5lRJi7HAk?hJp@5TOSyB!?@9J-RvbM3!L1^<3O|9$Tv0c|
z-oVOfhL1y%e|r)W3yn*{B@*R=dSBdhn4>BZqp-)*!UTx6kT<$l)xNgVPFeAXSQWD-
z%lw*6#tFxN^g*kkMmkq;VfRrr)i!<EIvoC*BrS8czhCe~NZPXM(l@`+P;eQ_3~!L&
zH`eh>fNZ6xZFof7mWu#e8jWnJ>5q}G{4H8dAmr0KWU~1EM#LlOaz&FNcz3xXE^b#R
zPLCYZ&Bq5APKq6+pyRuK@ls+Z6$8qZAU|*KV#L^S@ohY9fA^dn*~Kf@Z}6tmk0{r#
zg;pCJC>ADN+m*huIZdE~uaES)6zP)PvYV}^>?%BlG%i{qPmL<nYmjCd>p5CW#mmT4
z|4G34R<B-c+kIDtKQLz>Uq<JiJWWLDQR`P;&|SI1&Pv(}6z)`?`v91lh5m*w|KAbc
z6Oq9w|8RHs9b3)h7Y}qf5bT8SWQWR8$<*uq2ad+bRD=&$Vd>7!zfWGUYde&+Ee>ZD
z6!z4$iCc7V+*pKH&svitUa&D=rxS^${t_B=)Ol9+aQI>M^oO}v!e2#%Do@Zyn*mqt
z$Ovzs2&UBD&u`ZKS+bMdbe>M6(WFEOsTjK!8xwl)TT0tMva=+`#V!GJKC<ApHts3L
z1IE`2$By48zdoh7`S6%Zu>ZauqN(7oQpiN{)HX~|EciT&lffoxkKY%&4z;P2&WysK
zc@`B0=wo#wX%l+3lz%s?=nA&1=`PWDoKSChVKCmt9>KellrpHUti0gEx97ERmndA4
z0GIx9GZjb6x>_t#954!8mwn1p__~$)v$(R};}UJjU*80nTY0kS&C=V9e@uC~I0+^^
zFrvOAchlQ8d<pKYLhGW-=`nKeO2+(6JdS;)ZAi6w)k?GiC%ivjR@S6E0AaTK0*sE#
z9gq%aHc-3&r%uWjMeGH9=k_+<QEd;;kM76RRv?NHQ?HIRjEK{2PJskwfyCCL#Fv0k
z^Cl5CP7xj$PWn@npHd-lGER>5Y6SzcCr&Nhe~bq{qq8{=8VbLZJ!<kkc3XnJ_~+|+
zzdc4c2*iH(8|xXGR?J1QM{>K@zBj*>EcZ0DI}iB9)39#KOe3@h8W^D15>3x@GRRnT
zaNS7yj6-{h418<StE^Nr@3JrbTY58fIcG4})y$yWj8p_e1R$KrR>m=D4X;?R|KJXR
zj9HYore$2of`P@oq0o--cvzmKP|i?|Dx5$67i%Px+ZRV0rCAnhE79`AXh~*k!M9V}
zDHfWf9{%{_4_=|-hLj3Z2|THANEL#D#sK41YE`Q#Hr}I25E@|QxC1K@Y(_;-Is0T4
zyWI|v<}qA0I;!V*JOW+F0|9><N;$;IZ3u!Y#Ic${;8?_y!Kg(=0~;m*QtlPO=HwYd
za7JTPVQ~eQD82sYHyX->;L1-G?3mBcpkP)7tIQ_BLh5QWJM3~j35T~30&v>E`F#KW
z{r2`24aGoAOjzSPW{+0@iW0r~<aWD--4Czs<KrW?Jx%8@gdt#MbrFlt%JO-VVs^9H
zz*xsD5m~d5GUI$i7;0i<HzdfM^B{$pq`&scQ=oM`i~-c>aAk!kg%B_x=*@7#P%l?Z
zwNgK&L68!})M~QVRv`H*#VG#N%#drl@eY&PH%_-GqB)E!BO8M=z<q^M`Zlb7rxa|S
zS+?>VPV6o`bi3Wcx`;8tWaNR6V(=IfgP@fZoP%F7p|zf<H1ve>3_n!CLa+nkU-@hX
zblFbXPT5k`<i6{cH~s9~aUO0f#BuAo{{H>@Y&N^TzV5mXZ;^9G#{)QO$pYXi<$^*x
zf=e`|ba!`$oM{bj(Rw6b)5#=tD)sAEE)6II+)5St5W<bOz=0WQ!u5-EE7HtaxKUBT
z_Cl^CH`9yvcGuD17V1}_GSdo@IlBuiNM0uNMcT?6ufV#NR)_YU%;Hn%=BEyWE8+IR
zO|U$wcwjlPMG^2{EEbE!LIGHLh?b*-)eH2iiGqaTJwHD~K&$5zp+oL)0uwkn(S6Vu
zFnBP$>Cey4&1tWDK#wr`TAS73jDx7mKx;knY$kIvvutTPSF(6}dqce{L_)H3=z*%U
z*=(Mkp2&lfrwa$~n-oN?3a(s@**PO2I)P&lg#OjsWKx#{Kd7xtQ?1~V9588y+XFX0
zo5_q`k?Z58ER?JJL<fh1uo=n_ldJ{ub-uGEjs-WTu>DklD-MhVlL$V_sexY)qG=^X
zouF&NO@>#v@m45BiFQ5k?(pQ$%W*gycriCB6f@S!Bup3Ng0hMrZq5>2C7KL{8#1m0
zE26Gz2!TA**$QdE7s&7ZsWL;mjeP#!PLo-lEf~YbhJ^V68y8?W$b3|m#>U8A#Pja%
zZoA#$;({I+J>VXI+n|;%W_ta*Ukh@l(;V$CX(FyxD^}^tuC^4+S`Veei$F^bXTW!G
zP((>dzSM|#_w3!6_0}M@ySqCEBZ@7Nhrwn7OZk#`CH1B1a82|y{G76nl_0pq`9`Rd
zrE?0##&DR41f!qMyy`Mkpq%r3J|`EiJOh=#C9sSuoxQv%{@r-Fp<>}N5}G%(3qh9%
z%uR9^g6W!;`j4Ech^7t}g0a~Q3#*uerE%ajkt)e#NObvzMuboxas!Y;fQr)$bgb8F
ztT>YFp!(CurhUbok5T-H(^0l_X=o55D$n`J?m`9Qc-Q%(wsIjE&P%C6pU1{q#;USm
z?jfbh!IR+Jd<K>rbVKYkf2hww%qzR`4rO39?B}kMCwfv(@SgH`T=amH>S>tbjhEBl
zR>Z=Sm*|V*Bu3S?ttzb13xMKfIV6R6B*#v2!w0u0!YHzXVZbw(rJ@le2K-28uhC&Q
zIql8kTzM1-GiUz;3qdaGrKmctz`OU-(30-RoHHQP<_T-Z<MGRvFNec{p&@uV86Q9l
z0Y(wGmZ~>FdW;8g>*=y`ErORUun}dN83NV#jH-KdtNe)fYh;=y;V-$wQ~7%eYnZd#
z3?>K`@>ftNG$qDI0G%+`BeOWI*6TIwV>5$y48Hm33F+K&S+InyV>7Aealfes$$7-2
zVDBL~Umzf&#Nc!>vO9Abs$)?%SU&0$qJ4~KDM{(gF_{JADW!yM%nIz4r_?}6BQO*H
z)~T<m3)n#yS#9ERlz@NDW+9xnkeRJMoSO!ulpY@+k=KR|e|>!o?hb9o%wRt4_j|k@
zP@Ht~FxLXO5);Hg5DPfSQG|Gl`OmIG;{%>f+F&0I&_EJICKZ-~4Q0W!b5_s6A3Rta
z#HyNsgJ;GH7AWJzyM!~>gaHe@s>YJ2Ai=>(d{Gd%wQknzZX%_>b_j0*rl=L*U6$ko
zdPQltbBaw&G?);|a$1Mek$j=?NAI`8y-h@?&ZNo#a=z@Ib-oVj_R#rl&W~Vvp4akp
zWRcJ?By=VHv6__S`p(m6%xv@Y7-K|`1gi#0MGoZgcx;*mk}$^j>C-1D#&8gUwb$Mm
z06Q7GC5u-uIE0oo!`J5?;0n?m!lhYz(E!bTxxT)JmYzNKub;CwT_uT<cvOq2JXgsO
z2*WSeenbZ#M9=uv9jq)_UjTzZ*K%{MhRm4MW6p6oAU-#HtpW2aE#<W|acr2R#`RuH
zSu3#om3Mc{0zjguSxYY+Zf{aQ61AY62XTE;;KJ=4B{m5anY+t|056V&J{I%370N-t
zZoqdJi$#(wi%E9~-cw8^K*8yQluju$B_|5oefvMY@9pjF&p-bhz2M>Tcs!j>7~b98
z-DEQP^yw2aD3A|{%y+W<>{>2h(!^zvtx!4PP9Qm%C&Xeh3%?>%P_-nvSnKr~3j`C3
zVfB@FInY%IQY2g{_UwILdGqJ&7-rr=E9>%JgpsVhJQ!mT-~<~lnU77@wk=|)BvU*K
za-i~l7DaHN9riO@J9Iv~Thrb<V6$?*cn9*=?4B;VZhmwyGMc=axhg*~M%Xzf8I^Ti
zZ-xyM3VjqdA_NGYPH{oDr%D1Mamn)sZ2uPe?tKT@Fh*u>0S|<Oh=SFJj}+zruC;B8
z+(=YO`TY5F@Up&0cD=v9zqz?#2V%VD-QC@OzpuRdFLOZ|BZmsTkxo+@q9UH9^>`5}
z74uBK0B;^MNV7zIv->21<Z5&BnTe|NtVj6IfBqAPc;;5JSO%B+xEbLpZW^Q()y4~>
z(=Ta`za@bpERw}j#G!Azyis&GS{QbZ)KO(IE~C42DXGorwJ@rb4+Sq>Xr9x!TCJ#S
z2JwIAKdr!uzrtTc#sdisULFM;m4^if$eGOTex?hC5Y7ts;;O6aTs2xI5r?8g^H4<C
z&>srW#H2gq-7D1w95F`3M&N;^^7Hicgko}EzkdDj;RA~Mf`y@iIo^(|pFEA-hRLN=
z0`=YVP-{|3Gm(nsMTi+lA-4@7XkluqEg(W_|J?IQGHfrEp&0laQ<x4Ydv@k{xY@lu
zW_ERT#b~iP+$9S%2#I!464JBii>-v;IaAopt;31OV^g>}_*Qnm6Gsw9DFh@|<}PBU
zQ1q&R7LHd4pJ6J5p?OEi7Q{79-B+yzYKcJ(^IVYHyH|w64yCWEP||o9{aYN#JMb|Y
zP<!{ZobzNdna}6<_xFelK0ZEv|Nb4S4ovgubP8h><i7SssNlY^CEx*9R;5!NT<0-2
z8+fQsf@G$5AZgJh8r)0;^@riXn-F!Y{2H%tzWLw({&#A$5LjwMgiuZ<$&^B1Exlub
zD>gIYZHhR5?;WzVykT(WK_a8}0?Snsq6^wJNfpq^;(b~#XHD&BymiA6MabI%6AwI6
zbj**vSA&2q3qb1g2+Pjd3t|ex%+L$gQjo^XkSxF1Y=|%D7B{(WF4Qb?pm2|>ZNLu`
z`CcFP^=VIs37uWYd~e(K;o;%upMS2Z>Toz<K@p?_oWz`MVV8mcis(=nN=qAwyEudu
zR|35Wj`vg<!k-5bCc2usre?O;Y~Z3DZx2IIk}IbSJC9T)wUt+1>KW9)y8E}cw+NT=
zhD^(1<O2Ufm82lk0gwpD?8nqrsLphrQ1Ag`L(OL+eM(HEjSa!#$|oqMa?YUsTkmzJ
zBQZe)R#k<P3hVXy`}glz%I?w=5XDh@rbAyXt)S2HcyP!dkvFCE{QNxGZw)X9ZyjJi
zVEGrC!(y8Sv!3ySZ2fF*&ABiwR00$ksHzIdUw{4UUu&-whmAd%OaNKu21X1%=bTcy
zy1Jsx3LcNihw2hNyH%-++*X%H>)&M8A=lE|+(s(Hn7Fh1Lot~3FjXHHuh;8~7pP$T
zI?5>JPU*?XlC#2^3-B94M1nUcNttWXm_!`oh#(j(r;>xNye<;+dN_9!K_+F~X-OBT
zAw6i+qC&Fr7;`U;dG<5!ufJV+=CzLh{{G&aHAJtDijCcS*)PV7s$s!X-fiV+mMDe?
zj8oTjlkIazU69N#QuTNz;EjVD2`C|&lBH~xE!RyLwUg22vz6C)MB21=!pkn2IAaQu
zGpR<StESr{xNAt`2BdG$1}j&STBtVLuwop}=pJDCKnjp?MC>d93X+oPJHH#6K$%Du
z-Y5-=_N=@&s7W9!gm80nb9HqEGGY;~?2?z(I*GpZ#NwuD-rn9Al;u&d@Iry1DX)72
zYM3U|kkAnp;Vidpi&REfgmmv{R74*KS=W2l+u)Jo;D|9Bh8;{?$>yL##vCcc%<S>;
z5eUt<w>QYrobz=53c9A!Ul_g@;6pGI;~4)Y?1XHmX4cQI4$HQm&S|1R98rqmHmr3A
zQh_h%#`_Uwx6ml5Aj6~A?&h-6jSiWh_GB38+qbv3^ZA^SQ)OqxuV_U;<G{~pJK4yk
zN&jB>{rBJ1)32^v6Mi41_6eoQ&CLyv9`qW4$)%JY9v-j_piKh6jkM7q&85dOXCvvt
zl^2cCE3@c)=8e$E1`dbAY&MG{*hO|TAP6L#3lJsUj1#(CF4ezQRTUCMsPk|zTo`N>
zGyC}QqaxI^D7zdFG+ll*VSDr(0Eh+_^WXpe_m^LOL4~&Mc6<AmzaE-dFblzYw<EM(
zw2}P}i>hO{RIDH24Z6{}zB=x0C@mR{?z-;j=?P_Yk&Xzy2Hw&4J+gsouMEli1UJUk
z(p086*kqE=RU%Z!BTYUIl5>ml!{mKff+S^ru*xLz&1Q3<Fv7VwbY)R+=j#pzr{`B(
z#udH3zP`D+d3t)nLOwn|f^{)57s7#N0Qdn-g@PZD4`I^vD-8f#596!|ESRfF!Cfnq
z5`4SOW`oVipMaW!`!16=0xNFIMdF`Wq7=Ih5H6*4I2>80TVZ+T>J~mUO*5a*kpl9|
zFTZfc+P2NR*ZJW!W&1%;#763#4BPhrF2jYVW_GA&085i3k|&;nhCY7$`1bbJG|h6k
z#1g}OjLKQ?8Zl5n9S`rqrl>ab0%HQPXH+#Zuj7KZW+t7AZrlnJ&i#`;Hpgpdf0{&s
zaX$R|>#q<}<jOiz$;+p3@xrkAZtzmiLGbS684P=w_udH}LA<-WL#7CfOJ%E^qYwfz
zHs~E9`!|;r1>443VAIoqFxFV~t4aX94`>udUctQI{TyS2LR>lU-F$~=xPC2VLezhi
z#WF5j5tvL=XE+=VNVPfhsk%8eb97lXkpRK9pkQXfa`qs=k6opRF(<RiY<hSN{iRvh
ze!rhir>GT2l*DegLjev@$acF$qzr4Vkr{kY^`Vt`Wg6D*R*8{4$b~;4x0oA1MFGJw
zO36`@d&z2b-Ctf_Di*imZwT##zXi1(OiKEg%Ln{qH3V;(*B%T~yaloXFM~p`Z*Om4
zs|Ei9{siO0#!wR17Z|PJ#T|s0tCH9FR}^&oy74MnD~D=>b1U_8Y?NAb1K?TosBof?
zPQ{f_21b}FB@$6zbOdLQ(x5s6JhM4xYbM95TQi$@Pnok~lh2<oN4|if)n*u8Vkujn
z&tl;?yXq!0stU8&47?ej=;!C>`FuW`&8E{SO9yDh5nWc=as<49oks^j*w7JzA3~A`
zj~#*V)WSA5qJkH}rZ<xFsWD(m6<xlYo0~!M*xC{HT%_!vIX*H9gqSRuEDgdW#)v#o
z-dU}0Y*REYhaN@o#AFNHt&$FWx=H?I8?+wCV=51?RKcRtVN&9b#u?^Ou?f%z_|@F=
z+j^RgMt^Wbch177<>w%kLb7M`&=bN};9C=jiZe{SG_%wE`q<2x>g?p{J=|;D29ih+
zTt4KH1i+u_aH*)(P3CE~;6gx9BaQC*`WmI)q2gw*eFnQ3kz;59AaQs|b#*r0T~`bK
z;bmW6U$FtW;<w%i!-U60X<QP$p1ZEHjrhG9wB}poET=YJe_XlUjkf{hepnCN_nNnx
z<dfEpX{#JKp52>H6C$Mq^_RF`umNgjl~<4@85I(S^D;g;CUpKuZxY^Xhe1BHlJ+}m
z$)RSZKUFmy+l@3m;7`oG!#I;X8PYs_mOSf)58|-t#@4$P@wFt{P8N3%sXXU%orr;P
z?8;JcoOe;SK3g{HC-bhE(Kl7sHIQ)dM{x;Y1`vG++a1^noYX)NC!Y)`4|4<1O$?Jj
zrHGNA<ltvDy6|((m4aJ~gVWA=u5>_^_sqhBi;8Gqka^fHW#!!{vK&boa%8Wr5r#+@
zGkbb^0=DU9*b+H=bsB!vZ8_%p<D*~$WF9v3l<5x14)LHQH37O6tOZgod86hm%6c9p
zj_RK<V-z?9EMXE<MuWV#inz(k%L{t%<?Q7Xvn988sdxoVgFHX|@~=td&{7d{vmtmd
zroL{}VnHr7g27GGU|qg_`^KC}NJT={Qc7Ld!5xBY=$pqqVXcw%kcdJ3jE!P)@I&Pk
zS<p9B9Dv2*^6^=WBk59JLYu8L#o(FfO#`yScvJ<Vl81c{WtWV3Hk$!Si$`EmOc<?d
z#tI4mWk8aqVeJqVYBoB?Ckr8fGh@*a9eu6Oq8?RARuCNktVP4;rj&pf!}z%kK;MLa
zG8VD+`UTW&itQ8~QOlcvv+no%GtwlSotRZ+bvUzpmd<7FOFl2w<@2R-Xfa*x6yjD%
zb<<7G`IFd?Ip@CbnfD0xjD9nehlD7bBRUlki27Nr<ZO@(a4{$Z1ig_$<=Nfws+yXV
zfug^G3k~(M;9q)NiZxK&s1Sg<M#_LPstF2FierLM7$yuMyuH1_R04;)_5L|(^b~{3
zUcSM6C$M;OalM|gVP$rlq}=40Vj~5QL~0~K8HQpX^i5lDOlx9wX}Oz9694fCXnIWR
z=Bndm`R>Wnm$Nu7pb(;h3&MgarCdvu=v?-e#DQHwZ71767aA)<v<=jcl&U68=TRy;
zP9_tSmVtfv%P+rNUtgm#O6x^HILVY_FE1}p>bTF9(kLD=rM;JkEQ;WA-b}Q4m6<3+
zfD1O84Zu_d87Lclr!J7{8_@y1e58poz42am5EN@qYhWl1`=_d^<#GwLrr`a-m0c4h
zfs{c4RmNN#O8x4mvQf>`JVZ@%%6LJL2!oBX4me=0Xwx*nKN3!(yM@~iG=W?N44`!!
z1U@6JB)CU`B9|#_jM2jTd5#bEgHjRZU131GL`hV^8bXFfO(tz51k_GA?~}SoDP!=h
zL=rK!&!0cD8Vcjboa##Q0igR)HwJmo>!lps+^J9I!eb)|x&`rYK}jk_n7I-(F1Kj-
z_rL!g#Rp%g=~xv6af_X&bHVfG8oa7{98ll)-@bi=*-&5#z~0o~&!WnB4Gq)})=zl3
z>TktY1au1H3CCu$K|m*n`?(l7A7sJ>m^{SW65`5>UtV6WuCCZDno-`3G_>UU(K`V(
z161|&^rZDhK^%SG&t|hcTb!Di(k`uGrDKz5m)ZM)VVx0vPDI`H-SqH^X+#}GmV`j@
ztk>69bj4I{Rt*?sVY}T9nS%wfsePZkD7UhIJ;-xcs}%|h6s$cD0lCy-bjj+vJ|kd3
zwQ(4*Bz+{$4CLMMJZQ1&^%|O%4J-5LYvaSq%gg7_pKauz)wl`wE4ZD$*x1z-+}5!X
zL|HR{Ik{u%H<t`i>YV_YvzDC67$bX8263V4qhVXqca+`#t8c1azXF)0x5{245%U1N
z4QtI}V_aT<x_%y?d*^$fOGSwPhT#vfB*`q-4Kyx38Y4s&{C2y2eSPHuttFKYvx=>|
z@q|GrPRXm4QQOf20@L2pcyZvbK>OZ!R|kEljrbP^fOtRcneeZF{p%bNa3WB&1|FZi
z8j3muI1W}^D}tKfaEKt1;`_e;{{1_@QkQ_jou$EG@eYu)*m8do-YU+Jw(yh9Fz208
zB8<!fJvfr!VejbWa=8QP@#IdfB<q5`r$Fv&X)dU~W<DBw3E8LX_4?DNPp8v~(J1g2
zOw@6HWp-{5uSo()w0U!@H@K8ICY#q~ssKNaE#oR!ecU(QIYkaDj@OAXqQ)o)>-+cb
z;O>;zMTQBs2a%x=7hzaS%gj)w8$U_I&c2*pXeAV?te6HZC^*)uSagjshY-#iz=SKS
z(4po)WS<Q;mN|FFi(yBuhE+?s*w`%y@-c@R8f`r+8L5hmiT=&=m*x4fJ1D*fuh7eo
z=|a#%EBWu7zBDWeh+PW8-EOzN*9~tak2Iyk;+`gjxs&G&67PhmOAeSNkn8&T`uX|!
z<HwKK_LY~<z>Kk=X9yup=cfsBQ_lYWFtTg;Au}>ycFHyv!+Fg3hx2KbS+jfDuAj4`
zU9j}Mx9fzT<LlS2(1p}43f??-JuFiNM<0sp*26xC1%cU!sr7vi?L(=nlJ-;CySQcn
z|Clqfi%`M_AfXWa^FN7<l5XWWxcI8+Jgl3*ai^3{rxOQ+c~QuxQfhGZkqVW%7m9%?
zJ0Fi0$7YyStPGnJsVL53_eO~cn!q;m5WR;Dkh~=x{Y9!25v}y}^u!21@6dG}a%)KX
ze8hUaM$5YM$eYP=c4fl;;n+C?-Q?X1>-U(f4i|us{yUyNcvL6dp*rsAXUyKi3P#l9
z<KuF<e0_aIF*(9Q$EFwMM(|b%l^^6aMZE9w7Nh1BYV46txNuwo+?<4cfeiiaZ-1i-
z3(h^ZJofuNT87w=t(rii!?5&9_WB<yuT()$IBJON;4)g|$`t6o(G$CZgm2&F=zRL|
zc!VJ41;x+R+ryJEVPlMyC+`!>ZtgF_dau0TikZO!Xd}5qGp^WXTseFI%ors&b)S<R
zWN{E>&%Qvwp{gow06mhKW$VrA_aeUhdPd8Ias%L~#4tGTlfJ8uyE-R2UI6gSIe+=`
z1xnG^uU{97#qoHAq+;<bU2gJ9q9iCQ@()r;xnwYTu}lmtn+;^Xt^)p5zKQjP10%+G
zF;$hU3(g7;rjFahPKQ#?VmtUN<iKiJ%9QyN^l(F(hfxqpk9Jsw?SCFsRl&?smfW^2
z8LdX#Fl>+-Ht_B3Eh2isD|OP}r8}zigS~PY5$7;4S2V6nq&aQ~?@-e;$R!BFbaHcs
zhfRXdp!<sly*tg`q79Eab?|=n_QNBa1+@}}hw4!@m%FO5*@Ev5{2Bb7_xJY?4-co)
z365{dL#`<~!g^R$lJcLE#tEc5!NfUfo~EZBQbtaIIiLrE|3X898v~b_8Cn}wgdrr)
zc)~>-CG>cX2HxD{HL@Yg@NO7ZCHU140wSjH0HT4Ju5J(uxKM1~)pLq7?`{}9qQlWl
zylkut9vwu*i>a7_`njKj=j@sraQq?HTMd=uEhNAK=={N*@hs4NRaM}Z1@!}TnH_Up
zIV}EgI3Sj!`~tZw=gCPOY~ns&!ov&;TrTskon6Ys*~leoZZ>4II@qadAOmBJ(OY^#
zT7LZa5w#&Sd0MwY5S(B1{9webxM8B;3}~2{<3Q;%#nVk(l=umw2L&0dJna!ln_05b
z&x#T5%Tl##>G`#hc5al>%;4sj7!kvM(4WKL0K28RbDr*;N&S@g|C6l$=LI$jWAQ7C
zNQ3>v7*YR6Cyw)#9iGtlJ%~6tLfBlkw!<brSf1C{SLG~xDLz6Mi7jw6(FyB{t}Wo2
z2qYszk}q|B=wSyxeMnud8<21lE|$Q%&^PmRu<)LmG&tiCv|t8^D4`AbceB|bEC_i>
zrgr}ID0D;eU`b%kJgdWV^K++>NI-ZSDTV*8G8~47dGTW~8aNfgKmYm9ELLXWIpK#W
z1t6lAsLoPuBzgslwrw9DA3uEffI(o-y*tY6b~<&$V!r-F6ug_k!@(DNB(-qrh;-!J
zFqt?@poB|;U9EbgJ~T-WKYcY5Ql_rRapHzhZ1mCmm2Pr~6yPg!&gkOEb*-fri<#xR
zIZb96z46Q}*eP9@dSMm^6bv=1(PQR4Q+VJY3T9@rw-_DD3X>NgfIt5DW53^HZ_q7M
zn0Co~5oj#PL~;fxziBR(3)j37D$A>x8MI1fSrj+dbzxfU#p$jNN6KPl$!c@tq23(4
z&%*8P?aRvx8jLc(#N6D;p1x2GLt4c^;}FF6?lBf~?>hB)TN@g_<|y;l696#p7%;Xm
z*h~oF=H>=$NuOoTfI-$U%cA7zKR-Wjyjm8$7SuB_$nAEk*a0${Y8XSsiomQyd46si
zPAremcaxJen$P^l%mzCFjK2zJ{M;$O<Np~PzB#&PrV-rQi%6q#ZS8$GY#7E00&G#(
zU+^LTG#42gF~I_*VM-U*x|W71z#|pQWRi5MoC1@4kt`H91)*Sk3J`+yQKn_m>t?lD
z9S(=qyBMsbNCfE;Pt<Kd$4i#l=*2MJ{miK;JUj&l)mbyCO2BLQ-0avV?uy{CCyurq
zR<7i*35cTEog4sL_*;1&)D~xwe(T`V%Bxj}5EyFQY&NW?WM;3guNX7K5$7Tz-HChP
zlrPR4^A81s&vwoQ;}$PfpwZXOdj<1$yB(DEx~_F+nv)<cB8BwOTS&f8c_I|}3muwa
zs0)z4a7Bo$?!84Fu3vj5nz`bNw$N2og<pUDl?&5K5w#*PL{~1^QgE+a<)tC%sN!Eq
zpjbkNb@VlGC8{|jDd@>(g^|`#e9ptDMR9QC*&`sTAn6ZvfAUQ95O^_+<jwG~&)1%l
z8obI~j4^pMm-DXP3=XdV1(EY{41h(M7xM@qEEbFCh3WZ-$z;M+ud0ejp*~yhZcP@0
zu%SQnl+A)QBSlCL;;Sd!!MamE9nJOl&X2dZH#D6GK$;LQ%66UV!l`W@rnMn3q@ca=
zdhzpGa?n*t4i0HENAhwt&*_K^1*q7C;e`iqtXv^gm#eCJetw2C+r(x7Oo(qa=IeZI
zgb!^9l6m*y@tYT}L!D*nMH{d0z}-dre(iaQye*kJj<IrYW~hU}satt=ADt3VqM$or
zS1T`6of9iWe#SH_fQMs@+wGQ%8bX*%CMhMP=R(ND7++pqppK&eM@os7ab2BrWh(hs
zCpUykaTI!le#lXRrIfepXY#U~^W)>AIZE&A*RKrT6^$xZs}(y26|+i4!@suD?LjZI
zkvc>U2;>-12!$2^A!Dw)Vj(WQi}6UxDf+n!Ld>23iWh5|hU<;es(2XE-j#Y(df-jE
zu3Jmh{~#sGel+=dL~$n<U%5q5BPe>yc%4ex?nM))?4f>Y8ew>V;95zWPL6@&tC4pg
zVvqY2K!BCxzjL-BH_VGFBk0q5${(Vqr_%|bS_p@=w~Ng=qf`l~u<N>XJWTdm%T@<#
zgreyf<x$%iHT|x+jDsz>x9g`Y<;dXzs=Nk0Di?*JS2qpwV@#+S2N70e5QQI4*_rxm
zxF~un{v>+>AlHSSEBssOlSu1h6O&8G%L-Oq*Y$Kd#ee|ipU>y5=hK*z5t9kCn>%<q
z6kOh|`T;D2NAzYh91mU_`JkYrmzS6Me9o*c{;-%Swu0qOSg+TNYAK=H2&Rieb=K?>
zm6iY>4ZDcz!L;$<h=4Rg-Bw;2y6d{lW&?w7y<Vdn13)GCp}DnYW@uw^W^$+FWWPnA
zKxZ`D(B~7(Tv?(4kVk@oH^2<v-rnBb-L-9t^Z;1rEANv1@#DuI@iH<RUC=CTMCkmH
zr-x$NgCzICa6<dA;Qgj_mANk1x3rqhZqQ<Uq}nVNA>TZB8bB8HqaBv-%3>sNxaP!K
z*EK4E@ft$^l-KGHi~TU(9>tkBY;+KY2?Gjbf|jBebCKS)L!O_XDP&A|IVO#FNZu(G
z1~lR!1st0DT-70toGZuPGv?y^>FH@Un=O~ix~^YeUy+ppQGi<hSRKGC&QF;yPt7cA
z)kKWMsr(3kQMO6teI{j}01s!uLf5@LehYm^U(Is4<Oir>DJ7Ik!6Pa`mvNbNw!^TA
zOY7x*z-~z8V@lw>ML|Zay?Z&!rrXe@gmlgDy#4<B?_=soQr(~+3mys@<4~ZIe);m{
z)2B~rpB0ZN44N#C5l-3ohyP!D07%dAG?~<sQIk{+l^}^e90_<Waz5$mX8uu<B4?Nu
z(l`B^Nn(~{6Ice=&BPR8JF(RWtV~`8@_K%L{^_Tm7<j^OQF93e3_(K|q|Ias>~zXj
za6GW6Q?@Rj!)LXqL)ZqjZ-BS&->T!D+a7fG^z?+<Zzy}bUayzSrTS-ehhufnq!AaR
zpxDNXc)v?9_5)VP`6LByyxDu9O%%Kp+u;8Jq34j}bvH(~00000NkvXXu0mjfXNI4H

literal 0
HcmV?d00001

diff --git a/geonode/thumbs/tests/test_backgrounds.py b/geonode/thumbs/tests/test_backgrounds.py
new file mode 100644
index 00000000000..896ef0685dc
--- /dev/null
+++ b/geonode/thumbs/tests/test_backgrounds.py
@@ -0,0 +1,371 @@
+#########################################################################
+#
+# Copyright (C) 2023 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+import os
+import logging
+from unittest.mock import patch
+
+from pixelmatch.contrib.PIL import pixelmatch
+from PIL import Image
+
+from django.test import override_settings
+
+from geonode.tests.base import GeoNodeBaseTestSupport
+from geonode.thumbs.background import GenericWMTSBackground
+
+logger = logging.getLogger(__name__)
+
+WMTS_TILEMATRIX_LEVELS = [
+    {
+        "zoom": 0,
+        "bounds": [-20037508.342787, -60112525.02833891, 20037508.342775952, 20037508.342787],
+        "scaledenominator": 559082264.028501,
+        "tilewidth": 256,
+        "tileheight": 256,
+        "pixelspan": 156543.0339279803,
+        "tilespanx": 40075016.68556295,
+        "tilespany": 40075016.68556295,
+    },
+    {
+        "zoom": 1,
+        "bounds": [-20037508.342787, -40075016.68555735, 20037508.3427759, 20037508.342787],
+        "scaledenominator": 279541132.01425016,
+        "tilewidth": 256,
+        "tileheight": 256,
+        "pixelspan": 78271.51696399004,
+        "tilespanx": 20037508.34278145,
+        "tilespany": 20037508.34278145,
+    },
+    {
+        "zoom": 2,
+        "bounds": [-20037508.342787, -40075016.685557604, 20037508.342776064, 20037508.342787],
+        "scaledenominator": 139770566.00712565,
+        "tilewidth": 256,
+        "tileheight": 256,
+        "pixelspan": 39135.75848199518,
+        "tilespanx": 10018754.171390766,
+        "tilespany": 10018754.171390766,
+    },
+    {
+        "zoom": 3,
+        "bounds": [-20037508.342787, -35065639.599861786, 20037508.34277575, 20037508.342787],
+        "scaledenominator": 69885283.00356229,
+        "tilewidth": 256,
+        "tileheight": 256,
+        "pixelspan": 19567.879240997438,
+        "tilespanx": 5009377.085695344,
+        "tilespany": 5009377.085695344,
+    },
+    {
+        "zoom": 4,
+        "bounds": [-20037508.342787, -32560951.057014164, 20037508.34277579, 20037508.342787],
+        "scaledenominator": 34942641.50178117,
+        "tilewidth": 256,
+        "tileheight": 256,
+        "pixelspan": 9783.939620498728,
+        "tilespanx": 2504688.5428476743,
+        "tilespany": 2504688.5428476743,
+    },
+    {
+        "zoom": 5,
+        "bounds": [-20037508.342787, -31308606.785590325, 20037508.34277579, 20037508.342787],
+        "scaledenominator": 17471320.750890587,
+        "tilewidth": 256,
+        "tileheight": 256,
+        "pixelspan": 4891.969810249364,
+        "tilespanx": 1252344.2714238372,
+        "tilespany": 1252344.2714238372,
+    },
+    {
+        "zoom": 6,
+        "bounds": [-20037508.342787, -30682434.6498784, 20037508.34277579, 20037508.342787],
+        "scaledenominator": 8735660.375445293,
+        "tilewidth": 256,
+        "tileheight": 256,
+        "pixelspan": 2445.984905124682,
+        "tilespanx": 626172.1357119186,
+        "tilespany": 626172.1357119186,
+    },
+    {
+        "zoom": 7,
+        "bounds": [-20037508.342787, -30369348.58202224, 20037508.342775624, 20037508.342787],
+        "scaledenominator": 4367830.187722629,
+        "tilewidth": 256,
+        "tileheight": 256,
+        "pixelspan": 1222.992452562336,
+        "tilespanx": 313086.067855958,
+        "tilespany": 313086.067855958,
+    },
+    {
+        "zoom": 8,
+        "bounds": [-20037508.342787, -30369348.58203337, 20037508.342784476, 20037508.342787],
+        "scaledenominator": 2183915.093861797,
+        "tilewidth": 256,
+        "tileheight": 256,
+        "pixelspan": 611.496226281303,
+        "tilespanx": 156543.03392801358,
+        "tilespany": 156543.03392801358,
+    },
+    {
+        "zoom": 9,
+        "bounds": [-20037508.342787, -30291077.06504764, 20037508.342767175, 20037508.342787],
+        "scaledenominator": 1091957.546930427,
+        "tilewidth": 256,
+        "tileheight": 256,
+        "pixelspan": 305.74811314051954,
+        "tilespanx": 78271.516963973,
+        "tilespany": 78271.516963973,
+    },
+    {
+        "zoom": 10,
+        "bounds": [-20037508.342787, -30251941.306609083, 20037508.342801783, 20037508.342787],
+        "scaledenominator": 545978.773465685,
+        "tilewidth": 256,
+        "tileheight": 256,
+        "pixelspan": 152.8740565703918,
+        "tilespanx": 39135.7584820203,
+        "tilespany": 39135.7584820203,
+    },
+    {
+        "zoom": 11,
+        "bounds": [-20037508.342787, -30251941.30652203, 20037508.34273241, 20037508.342787],
+        "scaledenominator": 272989.38673236995,
+        "tilewidth": 256,
+        "tileheight": 256,
+        "pixelspan": 76.43702828506358,
+        "tilespanx": 19567.879240976275,
+        "tilespany": 19567.879240976275,
+    },
+    {
+        "zoom": 12,
+        "bounds": [-20037508.342787, -30242157.366901536, 20037508.34273241, 20037508.342787],
+        "scaledenominator": 136494.69336618498,
+        "tilewidth": 256,
+        "tileheight": 256,
+        "pixelspan": 38.21851414253179,
+        "tilespanx": 9783.939620488138,
+        "tilespany": 9783.939620488138,
+    },
+    {
+        "zoom": 13,
+        "bounds": [-20037508.342787, -30242157.366901536, 20037508.34273241, 20037508.342787],
+        "scaledenominator": 68247.34668309249,
+        "tilewidth": 256,
+        "tileheight": 256,
+        "pixelspan": 19.109257071265894,
+        "tilespanx": 4891.969810244069,
+        "tilespany": 4891.969810244069,
+    },
+    {
+        "zoom": 14,
+        "bounds": [-20037508.342787, -30242157.366901536, 20037508.34273241, 20037508.342787],
+        "scaledenominator": 34123.673341546244,
+        "tilewidth": 256,
+        "tileheight": 256,
+        "pixelspan": 9.554628535632947,
+        "tilespanx": 2445.9849051220344,
+        "tilespany": 2445.9849051220344,
+    },
+    {
+        "zoom": 15,
+        "bounds": [-20037508.342787, -30242157.3682939, 20037508.343842182, 20037508.342787],
+        "scaledenominator": 17061.836671245605,
+        "tilewidth": 256,
+        "tileheight": 256,
+        "pixelspan": 4.777314267948769,
+        "tilespanx": 1222.9924525948848,
+        "tilespany": 1222.9924525948848,
+    },
+    {
+        "zoom": 16,
+        "bounds": [-20037508.342787, -30241545.8720675, 20037508.3438421, 20037508.342787],
+        "scaledenominator": 8530.918335622784,
+        "tilewidth": 256,
+        "tileheight": 256,
+        "pixelspan": 2.3886571339743794,
+        "tilespanx": 611.4962262974411,
+        "tilespany": 611.4962262974411,
+    },
+    {
+        "zoom": 17,
+        "bounds": [-20037508.342787, -30241240.11838522, 20037508.339403186, 20037508.342787],
+        "scaledenominator": 4265.459167338928,
+        "tilewidth": 256,
+        "tileheight": 256,
+        "pixelspan": 1.1943285668548997,
+        "tilespanx": 305.74811311485433,
+        "tilespany": 305.74811311485433,
+    },
+    {
+        "zoom": 18,
+        "bounds": [-20037508.342787, -30241087.25546706, 20037508.34828115, 20037508.342787],
+        "scaledenominator": 2132.7295841419354,
+        "tilewidth": 256,
+        "tileheight": 256,
+        "pixelspan": 0.5971642835597418,
+        "tilespanx": 152.8740565912939,
+        "tilespany": 152.8740565912939,
+    },
+    {
+        "zoom": 19,
+        "bounds": [-20037508.342787, -30241010.79616208, 20037508.330525283, 20037508.342787],
+        "scaledenominator": 1066.364791598498,
+        "tilewidth": 256,
+        "tileheight": 256,
+        "pixelspan": 0.2985821416475794,
+        "tilespanx": 76.43702826178033,
+        "tilespany": 76.43702826178033,
+    },
+    {
+        "zoom": 20,
+        "bounds": [-20037508.342787, -30240972.57764789, 20037508.330525238, 20037508.342787],
+        "scaledenominator": 533.1823957992484,
+        "tilewidth": 256,
+        "tileheight": 256,
+        "pixelspan": 0.14929107082378953,
+        "tilespanx": 38.21851413089012,
+        "tilespany": 38.21851413089012,
+    },
+    {
+        "zoom": 21,
+        "bounds": [-20037508.342787, -30240972.57764789, 20037508.330525238, 20037508.342787],
+        "scaledenominator": 266.5911978996242,
+        "tilewidth": 256,
+        "tileheight": 256,
+        "pixelspan": 0.07464553541189477,
+        "tilespanx": 19.10925706544506,
+        "tilespany": 19.10925706544506,
+    },
+    {
+        "zoom": 22,
+        "bounds": [-20037508.342787, -30240972.57764789, 20037508.330525238, 20037508.342787],
+        "scaledenominator": 133.2955989498121,
+        "tilewidth": 256,
+        "tileheight": 256,
+        "pixelspan": 0.037322767705947384,
+        "tilespanx": 9.55462853272253,
+        "tilespany": 9.55462853272253,
+    },
+    {
+        "zoom": 23,
+        "bounds": [-20037508.342787, -30240972.57764789, 20037508.330525238, 20037508.342787],
+        "scaledenominator": 66.64779947490605,
+        "tilewidth": 256,
+        "tileheight": 256,
+        "pixelspan": 0.018661383852973692,
+        "tilespanx": 4.777314266361265,
+        "tilespany": 4.777314266361265,
+    },
+]
+
+THUMBNAIL_BACKGROUND = {
+    "class": "geonode.thumbs.background.GenericWMTSBackground",
+    "options": {
+        "url": "myserver.com/WMTS",
+        "layer": "Hosted_basemap_inforac_3857",
+        "style": "default",
+        "tilematrixset": "default028mm",
+        "minscaledenominator": 272989.38673236995,
+    },
+}
+
+EXPECTED_RESULTS_DIR = "geonode/thumbs/tests/expected_results/"
+
+base_request_url = "https://myserver.com/WMTS?&Service=WMTS&Request=GetTile&Version=1.0.0&Format=image/png&layer=Hosted_basemap_inforac_3857&style=default&tilematrixset=default028mm&"
+mocked_requests = {
+    base_request_url + "TileMatrix=4&TileRow=5&TileCol=7": f"{EXPECTED_RESULTS_DIR}/tiles/wmts_7_5_4.png",
+    base_request_url + "TileMatrix=4&TileRow=6&TileCol=7": f"{EXPECTED_RESULTS_DIR}/tiles/wmts_7_6_4.png",
+    base_request_url + "TileMatrix=4&TileRow=5&TileCol=8": f"{EXPECTED_RESULTS_DIR}/tiles/wmts_8_5_4.png",
+    base_request_url + "TileMatrix=4&TileRow=6&TileCol=8": f"{EXPECTED_RESULTS_DIR}/tiles/wmts_8_6_4.png",
+    base_request_url + "TileMatrix=4&TileRow=5&TileCol=9": f"{EXPECTED_RESULTS_DIR}/tiles/wmts_9_5_4.png",
+    base_request_url + "TileMatrix=4&TileRow=6&TileCol=9": f"{EXPECTED_RESULTS_DIR}/tiles/wmts_9_6_4.png",
+}
+
+
+class Response:
+    def __init__(self, status_code=200, content=None) -> None:
+        self.status_code = status_code
+        self.content = content
+
+
+def get_mock(*args):
+    file_path = mocked_requests.get(args[0])
+    if file_path and os.path.exists(file_path):
+        with open(file_path, "rb") as fin:
+            return Response(200, fin.read())
+
+
+class GeoNodeThumbnailWMTSBackground(GeoNodeBaseTestSupport):
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+
+    @override_settings(THUMBNAIL_BACKGROUND=THUMBNAIL_BACKGROUND)
+    @patch("geonode.thumbs.background.WMTS_TILEMATRIXSET_LEVELS", WMTS_TILEMATRIX_LEVELS)
+    def test_get_target_pixelspan(self, *args):
+        bbox = [-757689.8225283397, 4231175.960993547, 3557041.3914652625, 5957068.446590988]
+        expected_target_pixelspan = 8629.462427987204
+        background = GenericWMTSBackground(thumbnail_width=500, thumbnail_height=200)
+        target_pixelspan = background.get_target_pixelspan(bbox)
+        self.assertAlmostEqual(expected_target_pixelspan, target_pixelspan)
+
+    @override_settings(THUMBNAIL_BACKGROUND=THUMBNAIL_BACKGROUND)
+    @patch("geonode.thumbs.background.WMTS_TILEMATRIXSET_LEVELS", WMTS_TILEMATRIX_LEVELS)
+    def test_get_level_for_targetpixelspan(self, *args):
+        target_pixelspan = 8629.462427987204
+        background = GenericWMTSBackground(thumbnail_width=500, thumbnail_height=200)
+        level = background.get_level_for_targetpixelspan(target_pixelspan)
+        self.assertDictEqual(level, WMTS_TILEMATRIX_LEVELS[4])
+
+    @override_settings(THUMBNAIL_BACKGROUND=THUMBNAIL_BACKGROUND)
+    @patch("geonode.thumbs.background.WMTS_TILEMATRIXSET_LEVELS", WMTS_TILEMATRIX_LEVELS)
+    def test_get_tiles_coords(self, *args):
+        bbox = [-757689.8225283397, 4231175.960993547, 3557041.3914652625, 5957068.446590988]
+        level = WMTS_TILEMATRIX_LEVELS[4]
+        expected_tile_rowcols = [[7, 5], [7, 6], [8, 5], [8, 6], [9, 5], [9, 6]]
+        background = GenericWMTSBackground(thumbnail_width=500, thumbnail_height=200)
+        tile_rowcols = background.get_tiles_coords(level, bbox)
+        self.assertListEqual(expected_tile_rowcols, tile_rowcols)
+
+    @override_settings(THUMBNAIL_BACKGROUND=THUMBNAIL_BACKGROUND)
+    @patch("geonode.thumbs.background.WMTS_TILEMATRIXSET_LEVELS", WMTS_TILEMATRIX_LEVELS)
+    def test_build_request(self, *args):
+        expected_imgurl = "https://myserver.com/WMTS?&Service=WMTS&Request=GetTile&Version=1.0.0&Format=image/png& \
+            layer=Hosted_basemap_inforac_3857&style=default&tilematrixset=default028mm&TileMatrix=4&TileRow=5&TileCol=7"
+        background = GenericWMTSBackground(thumbnail_width=500, thumbnail_height=200)
+        imgurl = background.build_request((7, 5, 4))
+        self.assertEqual(expected_imgurl, imgurl)
+
+    @override_settings(THUMBNAIL_BACKGROUND=THUMBNAIL_BACKGROUND)
+    @patch("geonode.thumbs.background.WMTS_TILEMATRIXSET_LEVELS", WMTS_TILEMATRIX_LEVELS)
+    @patch("geonode.thumbs.background.requests.get", get_mock)
+    def test_tile_request(self, *args):
+        bbox = [-757689.8225283397, 3557041.3914652625, 4231175.960993547, 5957068.446590988, "EPSG:3857"]
+        background = GenericWMTSBackground(thumbnail_width=500, thumbnail_height=200)
+        image = background.fetch(bbox)
+        expected_image = Image.open(f"{EXPECTED_RESULTS_DIR}/tiles/background.png")
+        diff = Image.new("RGB", image.size)
+
+        mismatch = pixelmatch(image, expected_image, diff)
+        if mismatch >= expected_image.size[0] * expected_image.size[1] * 0.01:
+            logger.warn("Mismatch, it was not possible to bump the bg!")
+        else:
+            self.assertTrue(
+                mismatch < expected_image.size[0] * expected_image.size[1] * 0.01,
+                "Expected test and pre-generated backgrounds to differ up to 1%",
+            )

From 8fbad2c0a4f164c61bed89eb52f12a393cdd6757 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Oct 2023 14:14:33 +0200
Subject: [PATCH 256/330] Bump ipython from 8.15.0 to 8.16.1 (#11561)

Bumps [ipython](https://github.com/ipython/ipython) from 8.15.0 to 8.16.1.
- [Release notes](https://github.com/ipython/ipython/releases)
- [Commits](https://github.com/ipython/ipython/commits)

---
updated-dependencies:
- dependency-name: ipython
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 10f3976e521..399f9b596af 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -145,7 +145,7 @@ pycountry
 # production
 uWSGI==2.0.22
 gunicorn==21.2.0
-ipython==8.15.0
+ipython==8.16.1
 docker==6.1.3
 invoke==2.2.0
 

From dd66c76518ca4d096f3b4fe8dd7125f02080b928 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Oct 2023 14:15:02 +0200
Subject: [PATCH 257/330] Bump psycopg2 from 2.9.7 to 2.9.9 (#11562)

Bumps [psycopg2](https://github.com/psycopg/psycopg2) from 2.9.7 to 2.9.9.
- [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS)
- [Commits](https://github.com/psycopg/psycopg2/compare/2.9.7...2.9.9)

---
updated-dependencies:
- dependency-name: psycopg2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 399f9b596af..96d9277889b 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,7 +1,7 @@
 # native dependencies
 Pillow==10.0.1
 lxml==4.9.3
-psycopg2==2.9.8
+psycopg2==2.9.9
 Django==3.2.21
 
 # Other

From 38c2c3942f77d344e75867455ad594325a582b09 Mon Sep 17 00:00:00 2001
From: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Thu, 5 Oct 2023 14:16:49 +0200
Subject: [PATCH 258/330] fix: requirements.txt to reduce vulnerabilities
 (#11558)

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 96d9277889b..55007ddc19b 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -10,7 +10,7 @@ beautifulsoup4==4.12.2
 httplib2<0.22.1
 hyperlink==21.0.0
 idna>=2.5,<3.5
-urllib3==1.26.15
+urllib3==1.26.17
 Paver==1.3.4
 python-slugify==8.0.1
 decorator==5.1.1

From 24d34cde04d31211c9109d673787792b34bcdd79 Mon Sep 17 00:00:00 2001
From: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Thu, 5 Oct 2023 14:21:30 +0200
Subject: [PATCH 259/330] [Snyk] Security upgrade django from 3.2.21 to 3.2.22
 (#11563)

* fix: requirements.txt to reduce vulnerabilities


The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5932095

* - Align setup.cfg to requirements.txt

* upgrade spsycopg2 etup.cfg

* - Align setup.cfg to requirements.txt

---------

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 requirements.txt |  2 +-
 setup.cfg        | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 55007ddc19b..39864fb3294 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,7 +2,7 @@
 Pillow==10.0.1
 lxml==4.9.3
 psycopg2==2.9.9
-Django==3.2.21
+Django==3.2.22
 
 # Other
 amqp==5.1.1
diff --git a/setup.cfg b/setup.cfg
index 2b22c939e0f..3c2147edf46 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -27,8 +27,8 @@ install_requires =
     # native dependencies
     Pillow==10.0.1
     lxml==4.9.3
-    psycopg2==2.9.7
-    Django==3.2.21
+    psycopg2==2.9.9
+    Django==3.2.22
 
     # Other
     amqp==5.1.1
@@ -36,7 +36,7 @@ install_requires =
     httplib2<0.22.1
     hyperlink==21.0.0
     idna>=2.5,<3.5
-    urllib3==1.26.15
+    urllib3==1.26.17
     Paver==1.3.4
     python-slugify==8.0.1
     decorator==5.1.1
@@ -134,7 +134,7 @@ install_requires =
     django-bootstrap3-datetimepicker-2==2.8.3
 
     # storage manager dependencies
-    django-storages==1.14
+    django-storages==1.14.1
     dropbox==11.36.2
     google-cloud-storage==2.11.0
     google-cloud-core==2.3.3
@@ -170,7 +170,7 @@ install_requires =
     # production
     uWSGI==2.0.22
     gunicorn==21.2.0
-    ipython==8.15.0
+    ipython==8.16.1
     docker==6.1.3
     invoke==2.2.0
 
@@ -195,7 +195,7 @@ install_requires =
     webdriver_manager==4.0.1
 
     # Security and audit
-    mistune==3.0.1
+    mistune==3.0.2
     protobuf==3.20.3
     mako==1.2.4
     paramiko==3.3.1 # not directly required, fixes Blowfish deprecation warning

From 0f26dd32cfbd550c0df967652910dda5f1e3123a Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Thu, 5 Oct 2023 14:26:36 +0200
Subject: [PATCH 260/330] adding hostname to celery state db (#11557)

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 celery-cmd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/celery-cmd b/celery-cmd
index a1c7fbd98fc..a600163fc77 100644
--- a/celery-cmd
+++ b/celery-cmd
@@ -3,7 +3,7 @@
 # Luca Pasquali <luca.pasquali@geosolutionsgroup.com>
 CELERY_BIN=${CELERY_BIN:-"$(which celery||echo celery)"}
 CELERY_APP=${CELERY_APP:-"geonode.celery_app:app"}
-CELERY__STATE_DB=${CELERY__STATE_DB:-"/mnt/volumes/statics/worker.state"}
+CELERY__STATE_DB=${CELERY__STATE_DB:-"/mnt/volumes/statics/worker@%h.state"}
 # expressed in KB
 CELERY__MAX_MEMORY_PER_CHILD=${CELERY__MAX_MEMORY_PER_CHILD:-"200000"}
 CELERY__AUTOSCALE_VALUES=${CELERY__AUTOSCALE_VALUES:-"15,10"}

From 10c39c577065abb371258d146a1386bdbe9e9c41 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Thu, 5 Oct 2023 16:25:37 +0200
Subject: [PATCH 261/330] Fix requires bucket name for AWS tests (#11564)

* Fix requires bucket name for AWS tests

* Fix requires bucket name for AWS tests

---------

Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 geonode/storage/tests.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/geonode/storage/tests.py b/geonode/storage/tests.py
index 89eea61d4ad..48d1f3ebfe2 100644
--- a/geonode/storage/tests.py
+++ b/geonode/storage/tests.py
@@ -197,6 +197,7 @@ def test_google_size(self, gcs):
         gcs.assert_called_once_with("name")
 
 
+@override_settings(AWS_STORAGE_BUCKET_NAME="my-bucket-name")
 class TestAwsStorageManager(SimpleTestCase):
     def setUp(self):
         self.sut = AwsStorageManager

From 8913d8e653819704984f5bf3dd9076e151322a24 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcel=20Wallschl=C3=A4ger?= <marcel.wallschlaeger@zalf.de>
Date: Fri, 6 Oct 2023 12:35:21 +0200
Subject: [PATCH 262/330] 
 issue#11566_pre-commit_hook_black_isnt_working_on_Ubuntu_22_04_3 (#11567)

---
 .pre-commit-config.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 4527a569c31..f6a72993d13 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -9,6 +9,6 @@ repos:
     -   id: check-yaml
     -   id: check-added-large-files
 -   repo: https://github.com/psf/black
-    rev: 19.10b0
+    rev: 23.9.1
     hooks:
     -   id: black

From e0c62a853279129f37ee8549427e40f3df2d6413 Mon Sep 17 00:00:00 2001
From: Snyk bot <snyk-bot@snyk.io>
Date: Thu, 11 May 2023 15:21:56 +0200
Subject: [PATCH 263/330] fix: requirements.txt to reduce vulnerabilities
 (#11029)

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5496950

Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>

From 80580b0ced4033db73293a7557da79cde5727156 Mon Sep 17 00:00:00 2001
From: Henning Bredel <h.bredel@52north.org>
Date: Tue, 19 Sep 2023 17:23:17 +0200
Subject: [PATCH 264/330] Fix target image for docker README

---
 .github/workflows/52n-dockerhub-description.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/52n-dockerhub-description.yaml b/.github/workflows/52n-dockerhub-description.yaml
index 1bd1b5f84f6..6d9a0352a54 100644
--- a/.github/workflows/52n-dockerhub-description.yaml
+++ b/.github/workflows/52n-dockerhub-description.yaml
@@ -17,7 +17,7 @@ jobs:
       with:
         username: ${{ secrets.DOCKERHUB_USERNAME }}
         password: ${{ secrets.DOCKERHUB_TOKEN }}
-        repository: 52north/geonode
+        repository: 52north/geonode_thuenen
         short-description: "Geospatial content management system"
         readme-filepath: ./README_thuenen.md
         enable-url-completion: true
\ No newline at end of file

From 104270d020ca9f72dce65a1c51e4dc4111845ec8 Mon Sep 17 00:00:00 2001
From: Henning Bredel <h.bredel@52north.org>
Date: Wed, 20 Sep 2023 14:46:18 +0200
Subject: [PATCH 265/330] Remove example test

Test example is available still from the PR https://github.com/GeoNode/geonode/pull/10842
---
 geonode/storage/tests.py | 27 ---------------------------
 1 file changed, 27 deletions(-)

diff --git a/geonode/storage/tests.py b/geonode/storage/tests.py
index 3d496dba6f7..89eea61d4ad 100644
--- a/geonode/storage/tests.py
+++ b/geonode/storage/tests.py
@@ -608,30 +608,3 @@ def test_zip_file_should_correctly_recognize_main_extension_with_shp(self):
         self.assertIsNotNone(storage_manager.data_retriever.temporary_folder)
         _files = storage_manager.get_retrieved_paths()
         self.assertTrue("single_point.shp" in _files.get("base_file"))
-
-    def test_zip_file_should_correctly_relate_mixed_content(self):
-        zip_file = os.path.join(f"{self.project_root}", "tests/data/data_collection.zip")
-        storage_manager = self.sut(
-            remote_files={"base_file": zip_file}
-        )
-        storage_manager.clone_remote_files()
-        self.assertIsNotNone(storage_manager.data_retriever.temporary_folder)
-        _files = storage_manager.get_retrieved_paths()
-        base_file = _files.get("base_file")
-
-        def strip_extension(filename):
-            return filename.split(".")[0] if filename else filename
-
-        base_name = strip_extension(base_file)
-        available_files = [
-            _files.get("shp_file"),
-            _files.get("prj_file"),
-            _files.get("shx_file"),
-            _files.get("dbf_file")
-        ]
-
-        def assert_same_base_name(base_name, file_name):
-            self.assertEqual(base_name, strip_extension(file_name))
-
-        for file in available_files:
-            assert_same_base_name(base_name, file)

From f661f59f54d63eeb66bc049a48e1cc80819f8ded Mon Sep 17 00:00:00 2001
From: Henning Bredel <h.bredel@52north.org>
Date: Wed, 20 Sep 2023 14:51:31 +0200
Subject: [PATCH 266/330] Reconfigure pipeline regarding ignored paths

---
 .github/workflows/52n-build.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/52n-build.yaml b/.github/workflows/52n-build.yaml
index b30a7643827..18a9b21175f 100644
--- a/.github/workflows/52n-build.yaml
+++ b/.github/workflows/52n-build.yaml
@@ -15,9 +15,9 @@ on:
   push:
     branches:
       - "thuenen_4.x"
-    paths:
-      - "!./.github/workflows/52n-dockerhub-description.yaml"
-      - "!./README_thuenen.md"
+    paths-ignore: 
+      - "./.github/workflows/52n-dockerhub-description.yaml"
+      - "./README_thuenen.md"
 
 jobs:
   build_and_push_geonode:

From fbee36cb4515c39b4d117333980011e56f7ffffb Mon Sep 17 00:00:00 2001
From: Emanuele Tajariol <etj@geo-solutions.it>
Date: Tue, 10 Oct 2023 17:52:46 +0200
Subject: [PATCH 267/330] [Fixes #11494] Implement relations between resources
 (#11565)

* [Fixes #11494] Implement relations between resources

* [Fixes #11494] Implement relations between resources - tests and improvs

* [Fixes #11494] Implement relations between resources - fix formatting

* [Fixes #11494] Implement relations between resources - fix flake

* [Fixes #11494] Implement relations between resources

* [Fixes #11494] Implement relations between resources - fix formatting

* [Fixes #11494] Implement relations between resources - fix flake

* [Fixes #11494] Implement relations between resources - more tests and fixes

* [Fixes #11494] Implement relations between resources - test fixings

* [Fixes #11494] Implement relations between resources - test fixings

* [Fixes #11494] Implement relations between resources - test fixings

* [Fixes #11494] Implement relations between resources - minor fix
---
 geonode/base/api/serializers.py               |  38 ++
 geonode/base/api/tests.py                     | 386 +++++++-----------
 geonode/base/api/views.py                     |  98 ++---
 geonode/base/forms.py                         |  35 +-
 .../base/migrations/0086_linkedresource.py    |  23 ++
 geonode/base/models.py                        |  53 +++
 geonode/documents/api/views.py                |  20 +-
 geonode/documents/forms.py                    |  56 +--
 .../0037_delete_documentresourcelink.py       |  20 +
 geonode/documents/models.py                   |  37 --
 .../documents/document_metadata.html          |   4 +-
 .../templates/layouts/doc_panels.html         |   8 +-
 geonode/documents/tests.py                    |  50 +--
 geonode/documents/views.py                    |   2 +-
 .../geoapps/templates/apps/app_metadata.html  |  16 +
 .../geoapps/templates/layouts/app_panels.html |   7 +
 geonode/geoapps/views.py                      |   3 +
 geonode/layers/models.py                      |  17 +-
 .../templates/datasets/dataset_metadata.html  |  16 +
 geonode/layers/templates/layouts/panels.html  |   6 +
 geonode/layers/views.py                       |   2 +
 geonode/maps/models.py                        |  20 +-
 .../maps/templates/layouts/map_panels.html    |   6 +
 geonode/maps/templates/maps/map_metadata.html |  16 +
 geonode/maps/views.py                         |   2 +
 geonode/resource/manager.py                   |  19 +-
 geonode/resource/utils.py                     |  20 -
 27 files changed, 513 insertions(+), 467 deletions(-)
 create mode 100644 geonode/base/migrations/0086_linkedresource.py
 create mode 100644 geonode/documents/migrations/0037_delete_documentresourcelink.py

diff --git a/geonode/base/api/serializers.py b/geonode/base/api/serializers.py
index 74d74e9a236..077c605361b 100644
--- a/geonode/base/api/serializers.py
+++ b/geonode/base/api/serializers.py
@@ -20,6 +20,7 @@
 from slugify import slugify
 from urllib.parse import urljoin
 import json
+import warnings
 
 from django.db.models import Q
 from django.conf import settings
@@ -54,6 +55,7 @@
     ThesaurusKeyword,
     ThesaurusKeywordLabel,
     ExtraMetadata,
+    LinkedResource,
 )
 from geonode.documents.models import Document
 from geonode.geoapps.models import GeoApp
@@ -787,7 +789,43 @@ class Meta:
 
 
 class SimpleResourceSerializer(DynamicModelSerializer):
+    warnings.warn("SimpleResourceSerializer is deprecated", DeprecationWarning, stacklevel=2)
+
     class Meta:
         name = "linked_resources"
         model = ResourceBase
         fields = ("pk", "title", "resource_type", "detail_url", "thumbnail_url")
+
+    def to_representation(self, instance: LinkedResource):
+        return {
+            "pk": instance.pk,
+            "title": f"{'>>>' if instance.is_target else '<<<'} {instance.title}",
+            "resource_type": instance.resource_type,
+            "detail_url": instance.detail_url,
+            "thumbnail_url": instance.thumbnail_url,
+        }
+
+
+class LinkedResourceSerializer(DynamicModelSerializer):
+    def __init__(self, *kargs, serialize_source: bool = False, **kwargs):
+        super().__init__(*kargs, **kwargs)
+        self.serialize_target = not serialize_source
+
+    class Meta:
+        name = "linked_resources"
+        model = LinkedResource
+        fields = ("internal",)
+
+    def to_representation(self, instance: LinkedResource):
+        data = super().to_representation(instance)
+        item: ResourceBase = instance.target if self.serialize_target else instance.source
+        data.update(
+            {
+                "pk": item.pk,
+                "title": item.title,
+                "resource_type": item.resource_type,
+                "detail_url": item.detail_url,
+                "thumbnail_url": item.thumbnail_url,
+            }
+        )
+        return data
diff --git a/geonode/base/api/tests.py b/geonode/base/api/tests.py
index 677c7e06d8a..4833a955484 100644
--- a/geonode/base/api/tests.py
+++ b/geonode/base/api/tests.py
@@ -22,7 +22,8 @@
 import sys
 import json
 import logging
-from django.contrib.contenttypes.models import ContentType
+from typing import Iterable
+
 from django.test import RequestFactory, override_settings
 import gisdata
 
@@ -62,11 +63,12 @@
     RestrictionCodeType,
     License,
     Group,
+    LinkedResource,
 )
 
 from geonode.layers.models import Dataset
 from geonode.favorite.models import Favorite
-from geonode.documents.models import Document, DocumentResourceLink
+from geonode.documents.models import Document
 from geonode.geoapps.models import GeoApp
 from geonode.utils import build_absolute_uri
 from geonode.resource.api.tasks import ExecutionRequest
@@ -2607,53 +2609,12 @@ def test_only_get_method_is_available(self):
         response = self.client.put(url)
         self.assertEqual(response.status_code, 403)
 
-    def test_linked_resource_raise_error_for_geoapps(self):
-        geo_app = GeoApp.objects.create(
-            title="Test GeoApp",
-            owner=get_user_model().objects.first(),
-            resource_type="geostory",
-            blob='{"test_data": {"test": ["test_1","test_2","test_3"]}}',
-        )
-        geo_app.set_default_permissions()
-        url = reverse("base-resources-linked_resources", args=[geo_app.id])
-
-        response = self.client.get(url)
-
-        self.assertEqual(response.status_code, 501)
-
-    def test_linked_resource_for_document_should_return_the_expected_ouput(self):
+    def test_linked_resource_for_document(self):
+        _d = []
         try:
             # data preparation
-            ctype = ContentType.objects.get_for_model(self.map)
-            ctype_dataset = ContentType.objects.get_for_model(self.dataset)
-            _d = DocumentResourceLink.objects.create(document_id=self.doc.id, content_type=ctype, object_id=self.map.id)
-            _d = DocumentResourceLink.objects.create(
-                document_id=self.doc.id, content_type=ctype_dataset, object_id=self.dataset.id
-            )
-
-            # expected output from api
-            expected_payload = {
-                "links": {"next": None, "previous": None},
-                "total": 2,
-                "page": 1,
-                "page_size": 10,
-                "resources": [
-                    {
-                        "detail_url": self.map.detail_url,
-                        "pk": self.map.id,
-                        "resource_type": self.map.resource_type,
-                        "thumbnail_url": self.map.thumbnail_url,
-                        "title": self.map.title,
-                    },
-                    {
-                        "detail_url": self.dataset.detail_url,
-                        "pk": self.dataset.id,
-                        "resource_type": self.dataset.resource_type,
-                        "thumbnail_url": self.dataset.thumbnail_url,
-                        "title": self.dataset.title,
-                    },
-                ],
-            }
+            _d.append(LinkedResource.objects.create(source_id=self.doc.id, target_id=self.map.id))
+            _d.append(LinkedResource.objects.create(source_id=self.doc.id, target_id=self.dataset.id))
 
             # call the API
             url = reverse("base-resources-linked_resources", args=[self.doc.id])
@@ -2661,50 +2622,59 @@ def test_linked_resource_for_document_should_return_the_expected_ouput(self):
 
             # validation
             self.assertEqual(response.status_code, 200)
-            self.assertDictEqual(expected_payload, response.json())
+            payload = response.json()
+            self.assert_linkedres_size(payload, "resources", 2)
+            self.assert_linkedres_contains(
+                payload,
+                "resources",
+                (
+                    {"pk": self.map.id, "title": ">>> " + self.map.title},
+                    {"pk": self.dataset.id, "title": ">>> " + self.dataset.title},
+                ),
+            )
+            self.assert_linkedres_size(payload, "linked_to", 2)
+            self.assert_linkedres_contains(
+                payload,
+                "linked_to",
+                ({"pk": self.map.id, "title": self.map.title}, {"pk": self.dataset.id, "title": self.dataset.title}),
+            )
+            self.assert_linkedres_size(payload, "linked_by", 0)
         finally:
-            if _d:
-                _d.delete()
-
-    def test_linked_resource_for_maps_with_mixed_resources(self):
+            for d in _d:
+                d.delete()
+
+    def assert_linkedres_size(self, payload, element: str, expected_size: int):
+        self.assertEqual(expected_size, len(payload[element]), f"Mismatching payload size of {element}")
+
+    def assert_linkedres_contains(self, payload, element: str, expected_elements: Iterable):
+        res_list = payload[element]
+        for dikt in expected_elements:
+            found = False
+            for res in res_list:
+                try:
+                    if dikt.items() <= res.items():
+                        found = True
+                        break
+                except AttributeError:
+                    self.fail(f"\nError while comparing \n EXPECTED: {dikt}\n FOUND: {res}")
+
+            if not found:
+                self.fail(f"Elements {dikt} could not be found in output: {payload}")
+
+    def test_linked_resource_for_maps_mixed(self):
+        _d = []
         try:
             # data preparation
-            ctype_dataset = ContentType.objects.get_for_model(self.dataset)
-            _d = DocumentResourceLink.objects.create(
-                document_id=self.doc.id, content_type=ctype_dataset, object_id=self.map.id
+            _d.append(LinkedResource.objects.create(source_id=self.doc.id, target_id=self.map.id))
+            _d.append(
+                MapLayer.objects.create(
+                    map=self.map,
+                    dataset=self.dataset,
+                    name=self.dataset.name,
+                    current_style="test_style",
+                    ows_url="https://maps.geosolutionsgroup.com/geoserver/wms",
+                )
             )
-            # data preparation
-            MapLayer(
-                map=self.map,
-                dataset=self.dataset,
-                name=self.dataset.name,
-                current_style="test_style",
-                ows_url="https://maps.geosolutionsgroup.com/geoserver/wms",
-            ).save()
-
-            # expected output from api
-            expected_payload = {
-                "links": {"next": None, "previous": None},
-                "total": 2,
-                "page": 1,
-                "page_size": 10,
-                "resources": [
-                    {
-                        "detail_url": self.doc.detail_url,
-                        "pk": self.doc.id,
-                        "resource_type": self.doc.resource_type,
-                        "thumbnail_url": self.doc.thumbnail_url,
-                        "title": self.doc.title,
-                    },
-                    {
-                        "detail_url": self.dataset.detail_url,
-                        "pk": self.dataset.id,
-                        "resource_type": self.dataset.resource_type,
-                        "thumbnail_url": self.dataset.thumbnail_url,
-                        "title": self.dataset.title,
-                    },
-                ],
-            }
 
             # call the API
             url = reverse("base-resources-linked_resources", args=[self.map.id])
@@ -2712,71 +2682,38 @@ def test_linked_resource_for_maps_with_mixed_resources(self):
 
             # validation
             self.assertEqual(response.status_code, 200)
-            self.assertDictEqual(expected_payload, response.json())
-        finally:
-            if _d:
-                _d.delete()
 
-    def test_linked_resource_should_return_the_paginated_result(self):
-        try:
-            # data preparation
-            ctype = ContentType.objects.get_for_model(self.map)
-            ctype_dataset = ContentType.objects.get_for_model(self.dataset)
-            _d = DocumentResourceLink.objects.create(document_id=self.doc.id, content_type=ctype, object_id=self.map.id)
-            _d = DocumentResourceLink.objects.create(
-                document_id=self.doc.id, content_type=ctype_dataset, object_id=self.dataset.id
+            payload = response.json()
+            self.assert_linkedres_size(payload, "resources", 2)
+            self.assert_linkedres_contains(
+                payload,
+                "resources",
+                (
+                    {"pk": self.doc.id, "title": "<<< " + self.doc.title},
+                    {"pk": self.dataset.id, "title": ">>> " + self.dataset.title},
+                ),
             )
-            # call the API
-            url = reverse("base-resources-linked_resources", args=[self.doc.id])
-            response = self.client.get(f"{url}?page_size=1")
-
-            # validation
-            self.assertEqual(response.status_code, 200)
-            next_url = response.json().get("links", {}).get("next", None)
-            self.assertIsNotNone(next_url)
-            self.assertTrue("page=2" in next_url)
-            # calling next_page to be sure that the url works
-            response = self.client.get(next_url)
-            # verify that now it has a prev_page
-            prev_url = response.json().get("links", {}).get("previous", None)
-            self.assertIsNotNone(prev_url)
-
-            # verify that it works
-            # calling next_page to be sure that the url works
-            response = self.client.get(prev_url)
-            self.assertEqual(response.status_code, 200)
+            self.assert_linkedres_size(payload, "linked_to", 1)
+            self.assert_linkedres_contains(
+                payload, "linked_to", ({"pk": self.dataset.id, "title": self.dataset.title},)
+            )
+            self.assert_linkedres_size(payload, "linked_by", 1)
+            self.assert_linkedres_contains(payload, "linked_by", ({"pk": self.doc.id, "title": self.doc.title},))
 
         finally:
-            if _d:
-                _d.delete()
+            for d in _d:
+                d.delete()
 
-    def test_linked_resources_maps_should_return_the_expected_ouput(self):
+    def test_linked_resources_for_maps(self):
         try:
             # data preparation
-            _m = MapLayer(
+            _m = MapLayer.objects.create(
                 map=self.map,
                 dataset=self.dataset,
                 name=self.dataset.name,
                 current_style="test_style",
                 ows_url="https://maps.geosolutionsgroup.com/geoserver/wms",
-            ).save()
-
-            # expected output from api
-            expected_payload = {
-                "links": {"next": None, "previous": None},
-                "total": 1,
-                "page": 1,
-                "page_size": 10,
-                "resources": [
-                    {
-                        "detail_url": self.dataset.detail_url,
-                        "pk": self.dataset.id,
-                        "resource_type": self.dataset.resource_type,
-                        "thumbnail_url": self.dataset.thumbnail_url,
-                        "title": self.dataset.title,
-                    }
-                ],
-            }
+            )
 
             # call the API
             url = reverse("base-resources-linked_resources", args=[self.map.id])
@@ -2784,38 +2721,33 @@ def test_linked_resources_maps_should_return_the_expected_ouput(self):
 
             # validation
             self.assertEqual(response.status_code, 200)
-            self.assertDictEqual(expected_payload, response.json())
+
+            payload = response.json()
+            self.assert_linkedres_size(payload, "resources", 1)
+            self.assert_linkedres_contains(
+                payload, "resources", ({"pk": self.dataset.id, "title": ">>> " + self.dataset.title},)
+            )
+            self.assert_linkedres_size(payload, "linked_to", 1)
+            self.assert_linkedres_contains(
+                payload, "linked_to", ({"pk": self.dataset.id, "title": self.dataset.title},)
+            )
+            self.assert_linkedres_size(payload, "linked_by", 0)
+
         finally:
             if _m:
                 _m.delete()
 
-    def test_linked_resource_dataset_should_return_the_expected_ouput(self):
+    def test_linked_resource_for_dataset(self):
+        _m = None
         try:
             # data preparation
-            _m = MapLayer(
+            _m = MapLayer.objects.create(
                 map=self.map,
                 dataset=self.dataset,
                 name=self.dataset.name,
                 current_style="test_style",
                 ows_url="https://maps.geosolutionsgroup.com/geoserver/wms",
-            ).save()
-
-            # expected output from api
-            expected_payload = {
-                "links": {"next": None, "previous": None},
-                "total": 1,
-                "page": 1,
-                "page_size": 10,
-                "resources": [
-                    {
-                        "detail_url": self.map.detail_url,
-                        "pk": self.map.id,
-                        "resource_type": self.map.resource_type,
-                        "thumbnail_url": self.map.thumbnail_url,
-                        "title": self.map.title,
-                    }
-                ],
-            }
+            )
 
             # call the API
             url = reverse("base-resources-linked_resources", args=[self.dataset.id])
@@ -2823,50 +2755,34 @@ def test_linked_resource_dataset_should_return_the_expected_ouput(self):
 
             # validation
             self.assertEqual(response.status_code, 200)
-            self.assertDictEqual(expected_payload, response.json())
+
+            payload = response.json()
+            self.assert_linkedres_size(payload, "resources", 1)
+            self.assert_linkedres_contains(
+                payload, "resources", ({"pk": self.map.id, "title": "<<< " + self.map.title},)
+            )
+            self.assert_linkedres_size(payload, "linked_to", 0)
+            self.assert_linkedres_size(payload, "linked_by", 1)
+            self.assert_linkedres_contains(payload, "linked_by", ({"pk": self.map.id, "title": self.map.title},))
+
         finally:
             if _m:
                 _m.delete()
 
-    def test_linked_resource_for_datasets_with_mixed_resources(self):
+    def test_linked_resource_for_datasets_mixed(self):
+        _d = []
         try:
             # data preparation
-            ctype = ContentType.objects.get_for_model(self.dataset)
-            _d = DocumentResourceLink.objects.create(
-                document_id=self.doc.id, content_type=ctype, object_id=self.dataset.id
+            _d.append(LinkedResource.objects.create(source_id=self.doc.id, target_id=self.dataset.id))
+            _d.append(
+                MapLayer.objects.create(
+                    map=self.map,
+                    dataset=self.dataset,
+                    name=self.dataset.name,
+                    current_style="test_style",
+                    ows_url="https://maps.geosolutionsgroup.com/geoserver/wms",
+                )
             )
-            # data preparation
-            MapLayer(
-                map=self.map,
-                dataset=self.dataset,
-                name=self.dataset.name,
-                current_style="test_style",
-                ows_url="https://maps.geosolutionsgroup.com/geoserver/wms",
-            ).save()
-
-            # expected output from api
-            expected_payload = {
-                "links": {"next": None, "previous": None},
-                "total": 2,
-                "page": 1,
-                "page_size": 10,
-                "resources": [
-                    {
-                        "detail_url": self.doc.detail_url,
-                        "pk": self.doc.id,
-                        "resource_type": self.doc.resource_type,
-                        "thumbnail_url": self.doc.thumbnail_url,
-                        "title": self.doc.title,
-                    },
-                    {
-                        "detail_url": self.map.detail_url,
-                        "pk": self.map.id,
-                        "resource_type": self.map.resource_type,
-                        "thumbnail_url": self.map.thumbnail_url,
-                        "title": self.map.title,
-                    },
-                ],
-            }
 
             # call the API
             url = reverse("base-resources-linked_resources", args=[self.dataset.id])
@@ -2874,51 +2790,63 @@ def test_linked_resource_for_datasets_with_mixed_resources(self):
 
             # validation
             self.assertEqual(response.status_code, 200)
-            self.assertDictEqual(expected_payload, response.json())
+            payload = response.json()
+            self.assert_linkedres_size(payload, "resources", 2)
+            self.assert_linkedres_contains(
+                payload,
+                "resources",
+                (
+                    {"pk": self.doc.id, "title": "<<< " + self.doc.title},
+                    {"pk": self.map.id, "title": "<<< " + self.map.title},
+                ),
+            )
+            self.assert_linkedres_size(payload, "linked_to", 0)
+            self.assert_linkedres_size(payload, "linked_by", 2)
+            self.assert_linkedres_contains(
+                payload,
+                "linked_by",
+                (
+                    {"pk": self.map.id, "title": self.map.title},
+                    {"pk": self.doc.id, "title": self.doc.title},
+                ),
+            )
+
         finally:
-            if _d:
-                _d.delete()
+            for d in _d:
+                d.delete()
 
-    def test_linked_resource_filter_should_work(self):
+    def test_linked_resource_deprecated_pagination(self):
+        _d = []
         try:
             # data preparation
-            ctype = ContentType.objects.get_for_model(self.map)
-            ctype_dataset = ContentType.objects.get_for_model(self.dataset)
-            _d = DocumentResourceLink.objects.create(document_id=self.doc.id, content_type=ctype, object_id=self.map.id)
-            _d = DocumentResourceLink.objects.create(
-                document_id=self.doc.id, content_type=ctype_dataset, object_id=self.dataset.id
-            )
+            _d.append(LinkedResource.objects.create(source_id=self.doc.id, target_id=self.dataset.id))
+            _d.append(LinkedResource.objects.create(source_id=self.doc.id, target_id=self.map.id))
 
-            # call the API
+            # call the API w/ pagination
             url = reverse("base-resources-linked_resources", args=[self.doc.id])
-            response = self.client.get(url)
-            # validation
-            self.assertEqual(response.status_code, 200, msg="no_filter_validation")
-            self.assertEqual(2, response.json().get("total", 0), msg="no_filter_validation")
+            response = self.client.get(f"{url}?page_size=1")
 
-            response = self.client.get(url + "?resource_type=map")
             # validation
-            self.assertEqual(response.status_code, 200, msg="map_filter_validation")
-            self.assertEqual(1, response.json().get("total", 0), msg="map_filter_validation")
+            self.assertEqual(response.status_code, 200)
+            payload = response.json()
 
-            response = self.client.get(url + "?title=single_layer")
-            # validation
-            self.assertEqual(response.status_code, 200, msg="dataset_filter_validation")
-            self.assertEqual(1, response.json().get("total", 0), msg="dataset_filter_validation")
+            self.assertIn("WARNINGS", payload, "Missing WARNINGS element")
+            self.assertIn("PAGINATION", payload["WARNINGS"], "Missing PAGINATION element")
 
-            response = self.client.get(url + "?resource_type=geoapp")
-            # validation
-            self.assertEqual(response.status_code, 200, msg="geoapp_filter_validation")
-            self.assertEqual(0, response.json().get("total", 0), msg="geoapp_filter_validation")
+            # call the API w/o pagination
+            url = reverse("base-resources-linked_resources", args=[self.doc.id])
+            response = self.client.get(url)
 
-            response = self.client.get(url + "?invalid_filter=invalid")
             # validation
-            self.assertEqual(response.status_code, 500, msg="invalid_filter_validation")
-            self.assertEqual(0, response.json().get("total", 0), msg="invalid_filter_validation")
+            self.assertEqual(response.status_code, 200)
+            payload = response.json()
+
+            self.assertIn("WARNINGS", payload, "Missing WARNINGS element")
+            self.assertNotIn("PAGINATION", payload["WARNINGS"], "Unexpected PAGINATION element")
 
         finally:
-            if _d:
-                _d.delete()
+            for d in _d:
+                d.delete()
 
 
 class TestApiAdditionalBBoxCalculation(GeoNodeBaseTestSupport):
diff --git a/geonode/base/api/views.py b/geonode/base/api/views.py
index fbbd2faec29..2721fd7c195 100644
--- a/geonode/base/api/views.py
+++ b/geonode/base/api/views.py
@@ -17,7 +17,6 @@
 #
 #########################################################################
 import ast
-from geonode.geoapps.models import GeoApp
 import json
 import re
 
@@ -110,6 +109,7 @@
     RegionSerializer,
     ThesaurusKeywordSerializer,
     ExtraMetadataSerializer,
+    LinkedResourceSerializer,
 )
 from .pagination import GeoNodeApiPagination
 from geonode.base.utils import validate_extra_metadata
@@ -1489,48 +1489,54 @@ def _get_request_params(self, request, encode=False):
         url_name="linked_resources",
     )
     def linked_resources(self, request, pk, *args, **kwargs):
-        try:
-            """
-            To let the API be able to filter the linked result, we cannot rely on the DynamicFilterBackend
-            works on the resource and not on the linked one.
-            So if we want to filter the linked resource by "resource_type"
-            we have to search in the query params like in the following code:
-            _filters = {
-                x: y
-                for x, y
-                in request.query_params.items()
-                if x not in ["page_size", "page"]
-            }
-            We have to exclude the paging code or will raise the:
-            "Cannot resolve keyword into the field..."
-            """
-            _obj = self.get_object().get_real_instance()
-            if issubclass(_obj.get_real_concrete_instance_class(), GeoApp):
-                raise NotImplementedError("Not implemented: this endpoint is not available for GeoApps")
-            # getting the resource dynamically list based on the above mapping
-            resources = _obj.linked_resources
-
-            if request.query_params:
-                _filters = {x: y for x, y in request.query_params.items() if x not in ["page_size", "page"]}
-                if _filters:
-                    resources = resources.filter(**_filters)
-
-            resources = get_visible_resources(
-                resources,
-                user=request.user,
-                admin_approval_required=settings.ADMIN_MODERATE_UPLOADS,
-                unpublished_not_visible=settings.RESOURCE_PUBLISHING,
-                private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES,
-            ).order_by("-pk")
-
-            paginator = GeoNodeApiPagination()
-            paginator.page_size = request.GET.get("page_size", 10)
-            result_page = paginator.paginate_queryset(resources, request)
-            serializer = SimpleResourceSerializer(result_page, embed=True, many=True)
-            return paginator.get_paginated_response({"resources": serializer.data})
-        except NotImplementedError as e:
-            logger.error(e)
-            return Response(data={"message": e.args[0], "success": False}, status=501, exception=True)
-        except Exception as e:
-            logger.error(e)
-            return Response(data={"message": e.args[0], "success": False}, status=500, exception=True)
+        return base_linked_resources(self.get_object().get_real_instance(), request.user, request.GET)
+
+
+def base_linked_resources(instance, user, params):
+    try:
+        visibile_resources = get_visible_resources(
+            ResourceBase.objects,
+            user=user,
+            admin_approval_required=settings.ADMIN_MODERATE_UPLOADS,
+            unpublished_not_visible=settings.RESOURCE_PUBLISHING,
+            private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES,
+        ).order_by("-pk")
+        visible_ids = [res.id for res in visibile_resources]
+
+        linked_resources = [lres for lres in instance.get_linked_resources() if lres.target.id in visible_ids]
+        linked_by = [lres for lres in instance.get_linked_resources(as_target=True) if lres.source.id in visible_ids]
+
+        warnings = {
+            "DEPRECATION": "'resources' field is deprecated, please use 'linked_to'",
+        }
+
+        if "page_size" in params or "page" in params:
+            warnings["PAGINATION"] = "Pagination is not supported on this call"
+
+        # "resources" will be deprecated, so next block is temporary
+        # "resources" at the moment it's the only element rendered, so we want to add there both the linked_resources and the linked_by
+        # we want to tell them apart, so we're adding an attr to store this info, that will be used in the SimpleResourceSerializer
+        resources = []
+        for lres in linked_resources:
+            res = lres.target
+            setattr(res, "is_target", True)
+            resources.append(res)
+        for lres in linked_by:
+            res = lres.source
+            setattr(res, "is_target", False)
+            resources.append(res)
+
+        ret = {
+            "WARNINGS": warnings,
+            "resources": SimpleResourceSerializer(resources, embed=True, many=True).data,  # deprecated
+            "linked_to": LinkedResourceSerializer(linked_resources, embed=True, many=True).data,
+            "linked_by": LinkedResourceSerializer(
+                instance=linked_by, serialize_source=True, embed=True, many=True
+            ).data,
+        }
+
+        return Response(ret)
+
+    except Exception as e:
+        logger.exception(e)
+        return Response(data={"message": e.args[0], "success": False}, status=500, exception=True)
diff --git a/geonode/base/forms.py b/geonode/base/forms.py
index c888d816670..69da9e6bf50 100644
--- a/geonode/base/forms.py
+++ b/geonode/base/forms.py
@@ -46,6 +46,7 @@
 from geonode.base.models import (
     HierarchicalKeyword,
     License,
+    LinkedResource,
     Region,
     ResourceBase,
     Thesaurus,
@@ -345,6 +346,38 @@ def _get_thesauro_title_label(item, lang):
         return tname.first()
 
 
+class LinkedResourceForm(forms.ModelForm):
+    linked_resources = forms.MultipleChoiceField(label=_("Link to"), required=False)
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.fields["linked_resources"].choices = self.generate_link_choices()
+        self.fields["linked_resources"].initial = LinkedResource.get_target_ids(self.instance)
+
+    class Meta:
+        model = ResourceBase
+        fields = ["linked_resources"]
+
+    def generate_link_choices(self, resources=None):
+        if resources is None:
+            resources = ResourceBase.objects.exclude(pk=self.instance.id).order_by("title")
+
+        return [[obj.id, f"{obj.title} ({obj.polymorphic_ctype.model})"] for obj in resources]
+
+    def save_linked_resources(self, links_field="linked_resources"):
+        # create and fetch desired links
+        target_ids = []
+        for res_id in self.cleaned_data[links_field]:
+            linked, _ = LinkedResource.objects.get_or_create(source=self.instance, target_id=res_id, internal=False)
+            target_ids.append(res_id)
+
+        # delete remaining links
+        # DocumentResourceLink.objects.filter(document_id=self.instance.id).exclude(
+        #     pk__in=[i.pk for i in instances]
+        # ).delete()
+        (LinkedResource.objects.filter(source_id=self.instance.id).exclude(target_id__in=target_ids).delete())
+
+
 class ResourceBaseDateTimePicker(DateTimePicker):
     def build_attrs(self, base_attrs=None, extra_attrs=None, **kwargs):
         "Helper function for building an attribute dictionary."
@@ -355,7 +388,7 @@ def build_attrs(self, base_attrs=None, extra_attrs=None, **kwargs):
         # return base_attrs
 
 
-class ResourceBaseForm(TranslationModelForm):
+class ResourceBaseForm(TranslationModelForm, LinkedResourceForm):
 
     """Base form for metadata, should be inherited by childres classes of ResourceBase"""
 
diff --git a/geonode/base/migrations/0086_linkedresource.py b/geonode/base/migrations/0086_linkedresource.py
new file mode 100644
index 00000000000..cc5929e788d
--- /dev/null
+++ b/geonode/base/migrations/0086_linkedresource.py
@@ -0,0 +1,23 @@
+# Generated by Django 3.2.21 on 2023-10-05 14:29
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('base', '0085_alter_resourcebase_uuid'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='LinkedResource',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('source', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='linked_to', to='base.resourcebase')),
+                ('target', models.ForeignKey(blank=True, on_delete=django.db.models.deletion.CASCADE, related_name='linked_by', to='base.resourcebase')),
+                ('internal', models.BooleanField(default=False)),
+            ],
+        ),
+    ]
diff --git a/geonode/base/models.py b/geonode/base/models.py
index 1a2c8a38abd..b5907a902ba 100644
--- a/geonode/base/models.py
+++ b/geonode/base/models.py
@@ -1726,6 +1726,18 @@ def add_missing_metadata_author_or_poc(self):
 
     metadata_author = property(_get_metadata_author, _set_metadata_author)
 
+    def get_linked_resources(self, as_target: bool = False):
+        """
+        Get all the linked resources to this ResourceBase instance.
+        This is implemented as a method so that derived classes can override it (for instance, Maps may add
+        related datasets)
+        """
+        return (
+            LinkedResource.get_linked_resources(target=self)
+            if as_target
+            else LinkedResource.get_linked_resources(source=self)
+        )
+
 
 class LinkManager(models.Manager):
     """Helper class to access links grouped by type"""
@@ -1749,6 +1761,47 @@ def ows(self):
         return self.get_queryset().filter(link_type__in=["OGC:WMS", "OGC:WFS", "OGC:WCS"])
 
 
+class LinkedResource(models.Model):
+    source = models.ForeignKey(
+        ResourceBase, related_name="linked_to", blank=False, null=False, on_delete=models.CASCADE
+    )
+    target = models.ForeignKey(ResourceBase, related_name="linked_by", blank=True, null=False, on_delete=models.CASCADE)
+    internal = models.BooleanField(null=False, default=False)
+
+    @classmethod
+    def get_linked_resources(cls, source: ResourceBase = None, target: ResourceBase = None, is_internal: bool = None):
+        if source is None and target is None:
+            raise ValueError("Both source and target filters missing")
+
+        qs = LinkedResource.objects
+        if source:
+            qs = qs.filter(source=source).select_related("target")
+        if target:
+            qs = qs.filter(target=target).select_related("source")
+        if is_internal is not None:
+            qs = qs.filter(internal=is_internal)
+        return qs
+
+    @classmethod
+    def get_target_ids(cls, source: ResourceBase, is_internal: bool = None):
+        sub = LinkedResource.objects.filter(source=source).values_list("target_id", flat=True)
+        if is_internal is not None:
+            sub = sub.filter(internal=is_internal)
+        return sub
+
+    @classmethod
+    def get_targets(cls, source: ResourceBase, is_internal: bool = None):
+        return ResourceBase.objects.filter(id__in=cls.get_target_ids(source, is_internal))
+
+    @classmethod
+    def resolve_targets(cls, linked_resources):
+        return (lr.target for lr in linked_resources)
+
+    @classmethod
+    def resolve_sources(cls, linked_resources):
+        return (lr.source for lr in linked_resources)
+
+
 class Link(models.Model):
     """Auxiliary model for storing links for resources.
 
diff --git a/geonode/documents/api/views.py b/geonode/documents/api/views.py
index dd15a23e363..1e00ca5c12a 100644
--- a/geonode/documents/api/views.py
+++ b/geonode/documents/api/views.py
@@ -31,11 +31,11 @@
 from geonode.base.api.filters import DynamicSearchFilter, ExtentFilter
 from geonode.base.api.pagination import GeoNodeApiPagination
 from geonode.base.api.permissions import UserHasPerms
+from geonode.base.api.views import base_linked_resources
 from geonode.base import enumerations
 from geonode.documents.api.exceptions import DocumentException
 from geonode.documents.models import Document
 
-from geonode.base.models import ResourceBase
 from geonode.base.api.serializers import ResourceBaseSerializer
 from geonode.resource.utils import resourcebase_post_save
 from geonode.storage.manager import StorageManager
@@ -142,22 +142,8 @@ def perform_create(self, serializer):
     @extend_schema(
         methods=["get"],
         responses={200: ResourceBaseSerializer(many=True)},
-        description="API endpoint allowing to retrieve the DocumentResourceLink(s).",
+        description="API endpoint allowing to retrieve linked resources",
     )
     @action(detail=True, methods=["get"])
     def linked_resources(self, request, pk=None, *args, **kwargs):
-        document = self.get_object()
-        resources_id = document.links.all().values("object_id")
-        resources = ResourceBase.objects.filter(id__in=resources_id)
-        exclude = []
-        for resource in resources:
-            if not request.user.is_superuser and not request.user.has_perm(
-                "view_resourcebase", resource.get_self_resource()
-            ):
-                exclude.append(resource.id)
-        resources = resources.exclude(id__in=exclude)
-        paginator = GeoNodeApiPagination()
-        paginator.page_size = request.GET.get("page_size", 10)
-        result_page = paginator.paginate_queryset(resources, request)
-        serializer = ResourceBaseSerializer(result_page, embed=True, many=True)
-        return paginator.get_paginated_response({"resources": serializer.data})
+        return base_linked_resources(self.get_object().get_real_instance(), request.user, request.GET)
diff --git a/geonode/documents/forms.py b/geonode/documents/forms.py
index 8da41217463..286f98e0a6b 100644
--- a/geonode/documents/forms.py
+++ b/geonode/documents/forms.py
@@ -18,7 +18,6 @@
 #########################################################################
 
 import os
-import re
 import json
 import logging
 
@@ -28,14 +27,10 @@
 from django.conf import settings
 from django.forms import HiddenInput
 from django.utils.translation import ugettext as _
-from django.contrib.contenttypes.models import ContentType
 from django.template.defaultfilters import filesizeformat
 
-from geonode.maps.models import Map
-from geonode.layers.models import Dataset
 from geonode.base.forms import ResourceBaseForm, get_tree_data
-from geonode.resource.utils import get_related_resources
-from geonode.documents.models import Document, DocumentResourceLink
+from geonode.documents.models import Document
 from geonode.upload.models import UploadSizeLimit
 from geonode.upload.api.exceptions import FileUploadLimitException
 
@@ -82,54 +77,12 @@ def _get_max_size(self):
         return max_size_db_obj.max_size
 
 
-class DocumentFormMixin:
-    def generate_link_choices(self, resources=None):
-        if resources is None:
-            resources = list(Dataset.objects.all())
-            resources += list(Map.objects.all())
-            resources.sort(key=lambda x: x.title)
-
-        choices = []
-        for obj in resources:
-            type_id = ContentType.objects.get_for_model(obj.__class__).id
-            choices.append([f"type:{type_id}-id:{obj.id}", f"{obj.title} ({obj.polymorphic_ctype.model})"])
-
-        return choices
-
-    def generate_link_values(self, resources=None):
-        choices = self.generate_link_choices(resources=resources)
-        return [choice[0] for choice in choices]
-
-    def save_many2many(self, links_field="links"):
-        # create and fetch desired links
-        instances = []
-        for link in self.cleaned_data[links_field]:
-            matches = re.match(r"type:(\d+)-id:(\d+)", link)
-            if matches:
-                content_type = ContentType.objects.get(id=matches.group(1))
-                instance, _ = DocumentResourceLink.objects.get_or_create(
-                    document=self.instance,
-                    content_type=content_type,
-                    object_id=matches.group(2),
-                )
-                instances.append(instance)
-
-        # delete remaining links
-        DocumentResourceLink.objects.filter(document_id=self.instance.id).exclude(
-            pk__in=[i.pk for i in instances]
-        ).delete()
-
-
-class DocumentForm(ResourceBaseForm, DocumentFormMixin):
+class DocumentForm(ResourceBaseForm):
     title = forms.CharField(required=False)
 
-    links = forms.MultipleChoiceField(label=_("Link to"), required=False)
-
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
         self.fields["regions"].choices = get_tree_data()
-        self.fields["links"].choices = self.generate_link_choices()
-        self.fields["links"].initial = self.generate_link_values(resources=get_related_resources(self.instance))
         for field in self.fields:
             help_text = self.fields[field].help_text
             self.fields[field].help_text = None
@@ -163,7 +116,7 @@ class DocumentDescriptionForm(forms.Form):
     keywords = forms.CharField(max_length=500, required=False)
 
 
-class DocumentCreateForm(TranslationModelForm, DocumentFormMixin):
+class DocumentCreateForm(TranslationModelForm):
 
     """
     The document upload form.
@@ -173,8 +126,6 @@ class DocumentCreateForm(TranslationModelForm, DocumentFormMixin):
         widget=HiddenInput(attrs={"name": "permissions", "id": "permissions"}), required=False
     )
 
-    links = forms.MultipleChoiceField(label=_("Link to"), required=False)
-
     doc_file = SizeRestrictedFileField(label=_("File"), required=False, field_slug="document_upload_size")
 
     class Meta:
@@ -186,7 +137,6 @@ class Meta:
 
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
-        self.fields["links"].choices = self.generate_link_choices()
 
     def clean_permissions(self):
         """
diff --git a/geonode/documents/migrations/0037_delete_documentresourcelink.py b/geonode/documents/migrations/0037_delete_documentresourcelink.py
new file mode 100644
index 00000000000..a03389fd6b6
--- /dev/null
+++ b/geonode/documents/migrations/0037_delete_documentresourcelink.py
@@ -0,0 +1,20 @@
+# Generated by Django 3.2.21 on 2023-10-05 15:16
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('documents', '0036_clean_document_thumbnails'),
+        ('base', '0086_linkedresource'),
+    ]
+
+    operations = [
+        migrations.RunSQL("INSERT INTO base_linkedresource(source_id, target_id, internal)"
+                          "SELECT document_id, object_id, false as internal "
+                          "FROM documents_documentresourcelink;"),
+        migrations.DeleteModel(
+            name='DocumentResourceLink',
+        ),
+    ]
diff --git a/geonode/documents/models.py b/geonode/documents/models.py
index 5f5f41ab218..78292dfc8c9 100644
--- a/geonode/documents/models.py
+++ b/geonode/documents/models.py
@@ -25,14 +25,9 @@
 from django.urls import reverse
 from django.utils.functional import classproperty
 from django.utils.translation import ugettext_lazy as _
-from django.contrib.contenttypes.models import ContentType
-from django.contrib.contenttypes.fields import GenericForeignKey
 
 from geonode.client.hooks import hookset
-from geonode.maps.models import Map
-from geonode.layers.models import Dataset
 from geonode.base.models import ResourceBase
-from geonode.maps.signals import map_changed_signal
 from geonode.groups.conf import settings as groups_settings
 from geonode.documents.enumerations import DOCUMENT_TYPE_MAP, DOCUMENT_MIMETYPE_MAP
 from geonode.security.permissions import VIEW_PERMISSIONS, OWNER_PERMISSIONS, DOWNLOAD_PERMISSIONS
@@ -150,37 +145,5 @@ def download_url(self):
             return self.link_set.filter(resource=self.get_self_resource(), link_type="original").first().url
         return build_absolute_uri(reverse("document_download", args=(self.id,)))
 
-    @property
-    def linked_resources(self):
-        return ResourceBase.objects.filter(id__in=self.links.values_list("object_id", flat=True))
-
     class Meta(ResourceBase.Meta):
         pass
-
-
-class DocumentResourceLink(models.Model):
-    # relation to the document model
-    document = models.ForeignKey(Document, null=True, blank=True, related_name="links", on_delete=models.CASCADE)
-
-    # relation to the resource model
-    content_type = models.ForeignKey(ContentType, null=True, blank=True, on_delete=models.CASCADE)
-    object_id = models.PositiveIntegerField()
-    resource = GenericForeignKey("content_type", "object_id")
-
-
-def get_related_documents(resource):
-    if isinstance(resource, Dataset) or isinstance(resource, Map):
-        content_type = ContentType.objects.get_for_model(resource)
-        return Document.objects.filter(links__content_type=content_type, links__object_id=resource.pk)
-    else:
-        return None
-
-
-def update_documents_extent(sender, **kwargs):
-    documents = get_related_documents(sender)
-    if documents:
-        for document in documents:
-            document.save()
-
-
-map_changed_signal.connect(update_documents_extent)
diff --git a/geonode/documents/templates/documents/document_metadata.html b/geonode/documents/templates/documents/document_metadata.html
index 2f4361c9be8..a04a7323b50 100644
--- a/geonode/documents/templates/documents/document_metadata.html
+++ b/geonode/documents/templates/documents/document_metadata.html
@@ -88,13 +88,13 @@ <h2>{% trans "Metadata Provider" %}</h2>
 {% block extra_script %}
 {{ block.super }}
 <script type="text/javascript">
-    $("#id_resource-links").select2({
+    $("#id_resource-linked_resources").select2({
         placeholder: "{% trans "Select an option" %}",
         allowClear: true
     });
 </script>
 <style>
-  #s2id_id_resource-links {
+  #s2id_id_resource-linked_resources {
     width: 600px;
     height: 100%;
   }
diff --git a/geonode/documents/templates/layouts/doc_panels.html b/geonode/documents/templates/layouts/doc_panels.html
index 2a3a7b08004..0cbef86d490 100644
--- a/geonode/documents/templates/layouts/doc_panels.html
+++ b/geonode/documents/templates/layouts/doc_panels.html
@@ -313,12 +313,12 @@
                                       {{ document_form.title }}
                                     </div>
                                 {% endblock doc_title %}
-                                {% block doc_links %}
+                                {% block doc_linked_resources %}
                                     <div id="req_item">                                  
-                                      <span><label for="{{ document_form.title|id }}">{{ document_form.links.label }}</label></span>
-                                      {{ document_form.links }}
+                                      <span><label for="{{ document_form.linked_resources|id }}">{{ document_form.linked_resources.label }}</label></span>
+                                      {{ document_form.linked_resources }}
                                     </div>
-                                {% endblock doc_links %}
+                                {% endblock doc_linked_resources %}
                                 {% block doc_abstract %}
                                     <div id="req_item">
                                         <span><label for="{{ document_form.abstract|id }}">{{ document_form.abstract.label }}</label></span>
diff --git a/geonode/documents/tests.py b/geonode/documents/tests.py
index f58a71f4734..5f09441c3f9 100644
--- a/geonode/documents/tests.py
+++ b/geonode/documents/tests.py
@@ -46,20 +46,20 @@
 from geonode.maps.models import Map
 from geonode.layers.models import Dataset
 from geonode.compat import ensure_string
-from geonode.base.models import License, Region
+from geonode.base.models import License, Region, LinkedResource
 from geonode.base.enumerations import SOURCE_TYPE_REMOTE
 from geonode.documents import DocumentsAppConfig
 from geonode.resource.manager import resource_manager
-from geonode.documents.forms import DocumentFormMixin
 from geonode.tests.base import GeoNodeBaseTestSupport
 from geonode.tests.utils import NotificationsTestsHelper
 from geonode.documents.enumerations import DOCUMENT_TYPE_MAP
-from geonode.documents.models import Document, DocumentResourceLink
+from geonode.documents.models import Document
 
 from geonode.base.populate_test_data import all_public, create_models, create_single_doc, remove_models
 from geonode.upload.api.exceptions import FileUploadLimitException
 
 from .forms import DocumentCreateForm
+from ..base.forms import LinkedResourceForm
 
 
 class DocumentsTest(GeoNodeBaseTestSupport):
@@ -121,23 +121,6 @@ def test_create_document_with_no_rel(self, thumb):
         c.set_default_permissions()
         self.assertEqual(Document.objects.get(pk=c.id).title, "theimg")
 
-    @patch("geonode.documents.tasks.create_document_thumbnail")
-    def test_create_document_with_rel(self, thumb):
-        """Tests the creation of a document with no a map related"""
-        thumb.return_value = True
-        f = [f"{settings.MEDIA_ROOT}/img.gif"]
-
-        superuser = get_user_model().objects.get(pk=2)
-
-        c = Document.objects.create(files=f, owner=superuser, title="theimg")
-
-        m = Map.objects.first()
-        ctype = ContentType.objects.get_for_model(m)
-        _d = DocumentResourceLink.objects.create(document_id=c.id, content_type=ctype, object_id=m.id)
-
-        self.assertEqual(Document.objects.get(pk=c.id).title, "theimg")
-        self.assertEqual(DocumentResourceLink.objects.get(pk=_d.id).object_id, m.id)
-
     def test_remote_document_is_marked_remote(self):
         """Tests creating an external document set its sourcetype to REMOTE."""
         self.client.login(username="admin", password="admin")
@@ -670,36 +653,33 @@ def test_create_document_with_links(self):
 
         # create document links
 
-        mixin1 = DocumentFormMixin()
+        mixin1 = LinkedResourceForm()
         mixin1.instance = d
         mixin1.cleaned_data = dict(
-            links=mixin1.generate_link_values(resources=resources),
+            linked_resources=[r.id for r in resources],
         )
-        mixin1.save_many2many()
+        mixin1.save_linked_resources()
 
         for resource in resources:
-            ct = ContentType.objects.get_for_model(resource)
-            _d = DocumentResourceLink.objects.get(document_id=d.id, content_type=ct.id, object_id=resource.id)
-            self.assertEqual(_d.object_id, resource.id)
+            _d = LinkedResource.objects.get(source_id=d.id, target_id=resource.id)
+            self.assertEqual(_d.target_id, resource.id)
 
         # update document links
 
-        mixin2 = DocumentFormMixin()
+        mixin2 = LinkedResourceForm()
         mixin2.instance = d
         mixin2.cleaned_data = dict(
-            links=mixin2.generate_link_values(resources=layers),
+            linked_resources=[r.id for r in layers],
         )
-        mixin2.save_many2many()
+        mixin2.save_linked_resources()
 
         for resource in layers:
-            ct = ContentType.objects.get_for_model(resource)
-            _d = DocumentResourceLink.objects.get(document_id=d.id, content_type=ct.id, object_id=resource.id)
-            self.assertEqual(_d.object_id, resource.id)
+            _d = LinkedResource.objects.get(source_id=d.id, target_id=resource.id)
+            self.assertEqual(_d.target_id, resource.id)
 
         for resource in maps:
-            ct = ContentType.objects.get_for_model(resource)
-            with self.assertRaises(DocumentResourceLink.DoesNotExist):
-                DocumentResourceLink.objects.get(document_id=d.id, content_type=ct.id, object_id=resource.id)
+            with self.assertRaises(LinkedResource.DoesNotExist):
+                LinkedResource.objects.get(source_id=d.id, target_id=resource.id)
 
 
 class DocumentViewTestCase(GeoNodeBaseTestSupport):
diff --git a/geonode/documents/views.py b/geonode/documents/views.py
index ed4355fcee2..8a57d9ff887 100644
--- a/geonode/documents/views.py
+++ b/geonode/documents/views.py
@@ -435,7 +435,7 @@ def document_metadata(
         )
 
         resource_manager.set_thumbnail(document.uuid, instance=document, overwrite=False)
-        document_form.save_many2many()
+        document_form.save_linked_resources()
 
         register_event(request, EventType.EVENT_CHANGE_METADATA, document)
         url = hookset.document_detail_url(document)
diff --git a/geonode/geoapps/templates/apps/app_metadata.html b/geonode/geoapps/templates/apps/app_metadata.html
index 17b2de35a97..18769664be2 100644
--- a/geonode/geoapps/templates/apps/app_metadata.html
+++ b/geonode/geoapps/templates/apps/app_metadata.html
@@ -85,3 +85,19 @@ <h2>{% trans "Metadata Provider" %}</h2>
 
 {{ block.super }}
 {% endblock body_outer %}
+
+{% block extra_script %}
+{{ block.super }}
+<script type="text/javascript">
+    $("#id_resource-linked_resources").select2({
+        placeholder: "{% trans "Select an option" %}",
+        allowClear: true
+    });
+</script>
+<style>
+  #s2id_id_resource-linked_resources {
+    width: 600px;
+    height: 100%;
+  }
+</style>
+{% endblock extra_script %}
\ No newline at end of file
diff --git a/geonode/geoapps/templates/layouts/app_panels.html b/geonode/geoapps/templates/layouts/app_panels.html
index e5ea2378882..4763d7a1257 100644
--- a/geonode/geoapps/templates/layouts/app_panels.html
+++ b/geonode/geoapps/templates/layouts/app_panels.html
@@ -297,6 +297,13 @@
                                         <!--<p class="xxs-font-size">(Name by which the cited resource is known)</p>-->
                                         {{ geoapp_form.title }}
                                     {% endblock %}
+                                    {% block geoapp_linked_resources %}
+                                        <div id="req_item">
+                                          <span><label for="{{ geoapp_form.linked_resources|id }}">{{ geoapp_form.linked_resources.label }}</label></span>
+                                          {{ geoapp_form.linked_resources }}
+                                        </div>
+                                    {% endblock geoapp_linked_resources %}
+
                                     <div>
                                         <span><label for="{{ geoapp_form.abstract|id }}">{{ geoapp_form.abstract.label }}</label></span>
                                         <!--<p class="xxs-font-size">(Brief narrative summary of the content of the resource/s)</p>-->
diff --git a/geonode/geoapps/views.py b/geonode/geoapps/views.py
index eb23dee862a..788dcaccbe1 100644
--- a/geonode/geoapps/views.py
+++ b/geonode/geoapps/views.py
@@ -323,6 +323,9 @@ def geoapp_metadata(
         geoapp_form.cleaned_data.pop("metadata")
         extra_metadata = geoapp_form.cleaned_data.pop("extra_metadata")
 
+        geoapp_form.save_linked_resources()
+        geoapp_form.cleaned_data.pop("linked_resources")
+
         geoapp_obj = geoapp_form.instance
 
         _vals = dict(**geoapp_form.cleaned_data, **additional_vals)
diff --git a/geonode/layers/models.py b/geonode/layers/models.py
index 05df8956868..22eb2eff0cd 100644
--- a/geonode/layers/models.py
+++ b/geonode/layers/models.py
@@ -16,6 +16,7 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 #########################################################################
+import itertools
 import re
 import logging
 
@@ -38,7 +39,7 @@
     DOWNLOAD_PERMISSIONS,
     DATASET_ADMIN_PERMISSIONS,
 )
-from geonode.base.models import ResourceBase, ResourceBaseManager
+from geonode.base.models import ResourceBase, ResourceBaseManager, LinkedResource
 
 logger = logging.getLogger("geonode.layers.models")
 
@@ -317,13 +318,15 @@ def maps(self):
         map_ids = list(self.maplayers.values_list("map__id", flat=True))
         return Map.objects.filter(id__in=map_ids)
 
-    @property
-    def linked_resources(self):
-        from geonode.documents.models import DocumentResourceLink
+    def get_linked_resources(self, as_target: bool = False):
+        ret = super().get_linked_resources(as_target)
+
+        if as_target:
+            # create LinkedResources on the fly to report MapLayer relationship
+            res = (LinkedResource(source=map, target=self, internal=True) for map in self.maps)
+            ret = itertools.chain(ret, res)
 
-        _map_ids = list(self.maplayers.values_list("map__id", flat=True))
-        _doc_ids = list(DocumentResourceLink.objects.filter(object_id=self.pk).values_list("document__pk", flat=True))
-        return ResourceBase.objects.filter(id__in=list(set(_map_ids + _doc_ids)))
+        return ret
 
     @property
     def download_url(self):
diff --git a/geonode/layers/templates/datasets/dataset_metadata.html b/geonode/layers/templates/datasets/dataset_metadata.html
index cfb423709ac..c01955351ff 100644
--- a/geonode/layers/templates/datasets/dataset_metadata.html
+++ b/geonode/layers/templates/datasets/dataset_metadata.html
@@ -109,3 +109,19 @@ <h2>{% trans "Metadata Provider" %}</h2>
 
 {{ block.super }}
 {% endblock body_outer %}
+
+{% block extra_script %}
+{{ block.super }}
+<script type="text/javascript">
+    $("#id_resource-linked_resources").select2({
+        placeholder: "{% trans "Select an option" %}",
+        allowClear: true
+    });
+</script>
+<style>
+  #s2id_id_resource-linked_resources {
+    width: 600px;
+    height: 100%;
+  }
+</style>
+{% endblock extra_script %}
\ No newline at end of file
diff --git a/geonode/layers/templates/layouts/panels.html b/geonode/layers/templates/layouts/panels.html
index 579b5f46ea6..d49f35726b2 100644
--- a/geonode/layers/templates/layouts/panels.html
+++ b/geonode/layers/templates/layouts/panels.html
@@ -331,6 +331,12 @@
                                       {{ dataset_form.title }}
                                     </div>
                                     {% endblock dataset_title %}
+                                    {% block dataset_linked_resources %}
+                                        <div id="req_item">
+                                          <span><label for="{{ dataset_form.linked_resources|id }}">{{ dataset_form.linked_resources.label }}</label></span>
+                                          {{ dataset_form.linked_resources }}
+                                        </div>
+                                    {% endblock dataset_linked_resources %}
                                     {% block dataset_abstract %}
                                     <div id="req_item">
                                         <span><label for="{{ dataset_form.abstract|id }}">{{ dataset_form.abstract.label }}</label></span>
diff --git a/geonode/layers/views.py b/geonode/layers/views.py
index 3aa3bb91ff8..e4a7f21fb7b 100644
--- a/geonode/layers/views.py
+++ b/geonode/layers/views.py
@@ -612,6 +612,8 @@ def dataset_metadata(
         if up_sessions.exists() and up_sessions[0].user != layer.owner:
             up_sessions.update(user=layer.owner)
 
+        dataset_form.save_linked_resources()
+
         register_event(request, EventType.EVENT_CHANGE_METADATA, layer)
         if not ajax:
             return HttpResponseRedirect(layer.get_absolute_url())
diff --git a/geonode/maps/models.py b/geonode/maps/models.py
index 90b18bc98ab..6cee9d21f64 100644
--- a/geonode/maps/models.py
+++ b/geonode/maps/models.py
@@ -19,6 +19,8 @@
 import json
 import logging
 
+import itertools
+
 from deprecated import deprecated
 from django.db import models
 from django.template.defaultfilters import slugify
@@ -26,7 +28,7 @@
 from django.utils.translation import ugettext_lazy as _
 
 from geonode import geoserver  # noqa
-from geonode.base.models import ResourceBase
+from geonode.base.models import ResourceBase, LinkedResource
 from geonode.client.hooks import hookset
 from geonode.layers.models import Dataset, Style
 from geonode.utils import check_ogc_backend
@@ -59,13 +61,17 @@ def datasets(self):
         dataset_names = MapLayer.objects.filter(map__id=self.id).values("name")
         return Dataset.objects.filter(alternate__in=dataset_names) | Dataset.objects.filter(name__in=dataset_names)
 
-    @property
-    def linked_resources(self):
-        from geonode.documents.models import DocumentResourceLink
+    def get_linked_resources(self, as_target: bool = False):
+        ret = super().get_linked_resources(as_target)
+
+        if not as_target:
+            dataset_ids = MapLayer.objects.filter(map__id=self.id).values("dataset_id")
+            datasets = ResourceBase.objects.filter(id__in=dataset_ids)
+            # create LinkedResources on the fly to report MapLayer relationship
+            res = (LinkedResource(source=self, target=d, internal=True) for d in datasets)
+            ret = itertools.chain(ret, res)
 
-        _dataset_id = list(self.datasets.values_list("pk", flat=True))
-        _doc_ids = list(DocumentResourceLink.objects.filter(object_id=self.pk).values_list("document__pk", flat=True))
-        return ResourceBase.objects.filter(id__in=list(set(_dataset_id + _doc_ids)))
+        return ret
 
     def json(self, dataset_filter):
         """
diff --git a/geonode/maps/templates/layouts/map_panels.html b/geonode/maps/templates/layouts/map_panels.html
index dce48088967..96b3892117c 100644
--- a/geonode/maps/templates/layouts/map_panels.html
+++ b/geonode/maps/templates/layouts/map_panels.html
@@ -317,6 +317,12 @@
                                           {{ map_form.title }}
                                     </div>
                                   {% endblock map_title %}
+                                  {% block map_linked_resources %}
+                                    <div id="req_item">
+                                      <span><label for="{{ map_form.linked_resources|id }}">{{ map_form.linked_resources.label }}</label></span>
+                                      {{ map_form.linked_resources }}
+                                    </div>
+                                  {% endblock map_linked_resources %}
                                   {% block map_abstract %}
                                     <div id="req_item">
                                         <span><label for="{{ map_form.abstract|id }}">{{ map_form.abstract.label }}</label></span>
diff --git a/geonode/maps/templates/maps/map_metadata.html b/geonode/maps/templates/maps/map_metadata.html
index dcc99f734e7..0fece0b382f 100644
--- a/geonode/maps/templates/maps/map_metadata.html
+++ b/geonode/maps/templates/maps/map_metadata.html
@@ -87,3 +87,19 @@ <h2>{% trans "Metadata Provider" %}</h2>
 
 {{ block.super }}
 {% endblock body_outer %}
+
+{% block extra_script %}
+{{ block.super }}
+<script type="text/javascript">
+    $("#id_resource-linked_resources").select2({
+        placeholder: "{% trans "Select an option" %}",
+        allowClear: true
+    });
+</script>
+<style>
+  #s2id_id_resource-linked_resources {
+    width: 600px;
+    height: 100%;
+  }
+</style>
+{% endblock extra_script %}
diff --git a/geonode/maps/views.py b/geonode/maps/views.py
index 00c25225a62..c79c1986f40 100644
--- a/geonode/maps/views.py
+++ b/geonode/maps/views.py
@@ -211,6 +211,8 @@ def map_metadata(
             new_m = ExtraMetadata.objects.create(resource=map_obj, metadata=_m)
             map_obj.metadata.add(new_m)
 
+        map_form.save_linked_resources()
+
         register_event(request, EventType.EVENT_CHANGE_METADATA, map_obj)
         if not ajax:
             return HttpResponseRedirect(hookset.map_detail_url(map_obj))
diff --git a/geonode/resource/manager.py b/geonode/resource/manager.py
index 245350d6cbf..6b2cead54ca 100644
--- a/geonode/resource/manager.py
+++ b/geonode/resource/manager.py
@@ -47,10 +47,10 @@
 from .utils import update_resource, resourcebase_post_save
 
 from ..base import enumerations
-from ..base.models import ResourceBase
+from ..base.models import ResourceBase, LinkedResource
 from ..security.utils import AdvancedSecurityWorkflowManager
 from ..layers.metadata import parse_metadata
-from ..documents.models import Document, DocumentResourceLink
+from ..documents.models import Document
 from ..layers.models import Dataset, Attribute
 from ..maps.models import Map
 from ..storage.manager import storage_manager
@@ -512,12 +512,15 @@ def copy(
                         if "name" in defaults:
                             defaults.pop("name")
                     _resource.save()
-                    if isinstance(instance.get_real_instance(), Document):
-                        for resource_link in DocumentResourceLink.objects.filter(document=instance.get_real_instance()):
-                            _resource_link = copy.copy(resource_link)
-                            _resource_link.pk = _resource_link.id = None
-                            _resource_link.document = _resource.get_real_instance()
-                            _resource_link.save()
+                    for lr in LinkedResource.get_linked_resources(source=instance.pk, is_internal=False):
+                        LinkedResource.object.get_or_create(
+                            source_id=_resource.pk, target_id=lr.target.pk, internal=False
+                        )
+                    for lr in LinkedResource.get_linked_resources(target=instance.pk, is_internal=False):
+                        LinkedResource.object.get_or_create(
+                            source_id=lr.source.pk, target_id=_resource.pk, internal=False
+                        )
+
                     if isinstance(instance.get_real_instance(), Dataset):
                         for attribute in Attribute.objects.filter(dataset=instance.get_real_instance()):
                             _attribute = copy.copy(attribute)
diff --git a/geonode/resource/utils.py b/geonode/resource/utils.py
index 5a557f8ceb9..aa0b7f36f3c 100644
--- a/geonode/resource/utils.py
+++ b/geonode/resource/utils.py
@@ -29,7 +29,6 @@
 from django.utils import timezone
 from django.core.exceptions import FieldDoesNotExist
 from django.utils.translation import ugettext_lazy as _
-from django.contrib.gis.geos import MultiPolygon
 from geonode.utils import OGC_Servers_Handler
 from django.utils.module_loading import import_string
 
@@ -316,16 +315,6 @@ def get_alternate_name(instance):
     return instance.alternate
 
 
-def get_related_resources(document):
-    if document.links:
-        try:
-            return [link.content_type.get_object_for_this_type(id=link.object_id) for link in document.links.all()]
-        except Exception:
-            return []
-    else:
-        return []
-
-
 def document_post_save(instance, *args, **kwargs):
     instance.csw_type = "document"
 
@@ -375,15 +364,6 @@ def document_post_save(instance, *args, **kwargs):
             ),
         )
 
-    resources = get_related_resources(instance)
-
-    # if there are (new) linked resources update the bbox computed by their bboxes
-    if resources:
-        bbox = MultiPolygon([r.bbox_polygon for r in resources])
-        instance.set_bbox_polygon(bbox.extent, instance.srid)
-    elif not instance.bbox_polygon:
-        instance.set_bbox_polygon((-180, -90, 180, 90), "EPSG:4326")
-
 
 def dataset_post_save(instance, *args, **kwargs):
     base_file, info = instance.get_base_file()

From ac26caa81f5ffc7cbfdf5edd675b0f4013592f14 Mon Sep 17 00:00:00 2001
From: Emanuele Tajariol <etj@geo-solutions.it>
Date: Thu, 12 Oct 2023 16:32:11 +0200
Subject: [PATCH 268/330] [Fixes #11579] Use autocomplete API for editing
 linked resources (#11584)

---
 geonode/base/forms.py                         |  44 ++++++----
 geonode/base/tests.py                         |  79 +++++++++++++-----
 geonode/base/urls.py                          |   6 ++
 geonode/base/views.py                         |  22 +++++
 .../documents/document_metadata.html          |  16 ----
 .../templates/layouts/doc_panels.html         |   2 +-
 geonode/documents/tests.py                    |  12 +--
 .../geoapps/templates/apps/app_metadata.html  |  16 ----
 .../geoapps/templates/layouts/app_panels.html |   2 +-
 .../templates/datasets/dataset_metadata.html  |  16 ----
 geonode/layers/templates/layouts/panels.html  |   2 +-
 geonode/locale/it/LC_MESSAGES/django.mo       | Bin 161121 -> 161218 bytes
 geonode/locale/it/LC_MESSAGES/django.po       |  10 ++-
 .../maps/templates/layouts/map_panels.html    |   2 +-
 geonode/maps/templates/maps/map_metadata.html |  16 ----
 15 files changed, 135 insertions(+), 110 deletions(-)

diff --git a/geonode/base/forms.py b/geonode/base/forms.py
index 69da9e6bf50..1c720aac2d0 100644
--- a/geonode/base/forms.py
+++ b/geonode/base/forms.py
@@ -20,9 +20,11 @@
 import html
 import json
 import logging
+
 from django.db.models.query import QuerySet
 from bootstrap3_datetime.widgets import DateTimePicker
 from dal import autocomplete
+import dal.forward
 from django import forms
 from django.conf import settings
 from django.contrib.auth import get_user_model
@@ -347,35 +349,45 @@ def _get_thesauro_title_label(item, lang):
 
 
 class LinkedResourceForm(forms.ModelForm):
-    linked_resources = forms.MultipleChoiceField(label=_("Link to"), required=False)
+    linked_resources = forms.ModelMultipleChoiceField(
+        label=_("Related resources"),
+        required=False,
+        queryset=None,
+        widget=autocomplete.ModelSelect2Multiple(url="autocomplete_linked_resource"),
+    )
 
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
-        self.fields["linked_resources"].choices = self.generate_link_choices()
-        self.fields["linked_resources"].initial = LinkedResource.get_target_ids(self.instance)
+
+        # this is used to automatically validate the POSTed back values
+        self.fields["linked_resources"].queryset = ResourceBase.objects.exclude(pk=self.instance.id)
+        # these are the LinkedResource already linked to this resource
+        self.fields["linked_resources"].initial = LinkedResource.get_target_ids(self.instance).all()
+        # this is used by the autocomplete view to exclude current resource
+        self.fields["linked_resources"].widget.forward.append(
+            dal.forward.Const(
+                self.instance.id,
+                "exclude",
+            )
+        )
 
     class Meta:
         model = ResourceBase
         fields = ["linked_resources"]
 
-    def generate_link_choices(self, resources=None):
-        if resources is None:
-            resources = ResourceBase.objects.exclude(pk=self.instance.id).order_by("title")
-
-        return [[obj.id, f"{obj.title} ({obj.polymorphic_ctype.model})"] for obj in resources]
-
     def save_linked_resources(self, links_field="linked_resources"):
         # create and fetch desired links
         target_ids = []
-        for res_id in self.cleaned_data[links_field]:
-            linked, _ = LinkedResource.objects.get_or_create(source=self.instance, target_id=res_id, internal=False)
-            target_ids.append(res_id)
+        for res in self.cleaned_data[links_field]:
+            LinkedResource.objects.get_or_create(source=self.instance, target=res, internal=False)
+            target_ids.append(res.pk)
 
         # delete remaining links
-        # DocumentResourceLink.objects.filter(document_id=self.instance.id).exclude(
-        #     pk__in=[i.pk for i in instances]
-        # ).delete()
-        (LinkedResource.objects.filter(source_id=self.instance.id).exclude(target_id__in=target_ids).delete())
+        (
+            LinkedResource.objects.filter(source_id=self.instance.id, internal=False)
+            .exclude(target_id__in=target_ids)
+            .delete()
+        )
 
 
 class ResourceBaseDateTimePicker(DateTimePicker):
diff --git a/geonode/base/tests.py b/geonode/base/tests.py
index 4c11e59ee58..a217d78a0f4 100644
--- a/geonode/base/tests.py
+++ b/geonode/base/tests.py
@@ -17,20 +17,31 @@
 #
 #########################################################################
 
+import json
 import logging
 import os
-from django.db.utils import IntegrityError, OperationalError
 import requests
-
+from PIL import Image
+from io import BytesIO
 from uuid import uuid4
 from unittest.mock import patch, Mock
+from guardian.shortcuts import assign_perm
+
+from django.db.utils import IntegrityError, OperationalError
 from django.core.exceptions import ObjectDoesNotExist
+from django.conf import settings
+from django.contrib.gis.geos import Polygon, GEOSGeometry
+from django.template import Template, Context
+from django.contrib.auth import get_user_model
+from geonode.storage.manager import storage_manager
+from django.test import Client, TestCase, override_settings, SimpleTestCase
+from django.shortcuts import reverse
+from django.utils import translation
+from django.core.files import File
+from django.core.management import call_command
+from django.core.management.base import CommandError
 
-from PIL import Image
-from io import BytesIO
-from guardian.shortcuts import assign_perm
 from geonode.base.populate_test_data import create_single_dataset
-
 from geonode.maps.models import Map
 from geonode.resource.utils import KeywordHandler
 from geonode.thumbs import utils as thumb_utils
@@ -54,15 +65,6 @@
     ThesaurusKeyword,
     generate_thesaurus_reference,
 )
-from django.conf import settings
-from django.contrib.gis.geos import Polygon, GEOSGeometry
-from django.template import Template, Context
-from django.contrib.auth import get_user_model
-from geonode.storage.manager import storage_manager
-from django.test import Client, TestCase, override_settings, SimpleTestCase
-from django.shortcuts import reverse
-from django.utils import translation
-
 from geonode.base.middleware import ReadOnlyMiddleware, MaintenanceMiddleware
 from geonode.base.templatetags.base_tags import get_visibile_resources, facets
 from geonode.base.templatetags.thesaurus import (
@@ -76,10 +78,6 @@
 from geonode.base.templatetags.user_messages import show_notification
 from geonode import geoserver
 from geonode.decorators import on_ogc_backend
-
-from django.core.files import File
-from django.core.management import call_command
-from django.core.management.base import CommandError
 from geonode.base.forms import ThesaurusAvailableForm, THESAURUS_RESULT_LIST_SEPERATOR
 from geonode.resource.manager import resource_manager
 
@@ -1174,3 +1172,46 @@ def test_regions_are_assigned_if_handler_is_used(self):
         self.assertTrue(dataset.regions.exists())
         self.assertEqual(1, dataset.regions.count())
         self.assertEqual("Global", dataset.regions.first().name)
+
+
+class LinkedResourcesTest(GeoNodeBaseTestSupport):
+    def test_autocomplete_linked_resource(self):
+        d = []
+        try:
+            user, _ = get_user_model().objects.get_or_create(username="admin")
+
+            for t in ("dataset1", "dataset2", "other"):
+                d.append(ResourceBase.objects.create(title=t, owner=user, is_approved=True, is_published=True))
+
+            web_client = Client()
+            web_client.force_login(user)
+            url_name = "autocomplete_linked_resource"
+
+            # get all resources
+            response = web_client.get(reverse(url_name))
+            rjson = response.json()
+
+            self.assertEqual(response.status_code, 200, "Can not get autocomplete API")
+            self.assertIn("results", rjson, "Can not find results")
+            self.assertEqual(len(rjson["results"]), 3, "Unexpected results count")
+
+            # filter by title
+            response = web_client.get(
+                reverse(url_name),
+                data={
+                    "q": "dataset",
+                },
+            )
+            rjson = response.json()
+            self.assertEqual(len(rjson["results"]), 2, "Unexpected results count")
+
+            # filter by title, exclude
+            response = web_client.get(
+                reverse(url_name), data={"q": "dataset", "forward": json.dumps({"exclude": d[0].id})}
+            )
+            rjson = response.json()
+            self.assertEqual(len(rjson["results"]), 1, "Unexpected results count")
+
+        finally:
+            for _ in d:
+                _.delete()
diff --git a/geonode/base/urls.py b/geonode/base/urls.py
index 76a22d6138a..77e3d226b4e 100644
--- a/geonode/base/urls.py
+++ b/geonode/base/urls.py
@@ -27,6 +27,7 @@
     ResourceBaseAutocomplete,
     HierarchicalKeywordAutocomplete,
     ThesaurusKeywordLabelAutocomplete,
+    LinkedResourcesAutocomplete,
 )
 
 
@@ -36,6 +37,11 @@
         ResourceBaseAutocomplete.as_view(),
         name="autocomplete_base",
     ),
+    url(
+        r"^autocomplete_linked_resource/$",
+        LinkedResourcesAutocomplete.as_view(),
+        name="autocomplete_linked_resource",
+    ),
     url(
         r"^autocomplete_region/$",
         RegionAutocomplete.as_view(),
diff --git a/geonode/base/views.py b/geonode/base/views.py
index 7d5d08aa692..ab7359c8b3b 100644
--- a/geonode/base/views.py
+++ b/geonode/base/views.py
@@ -282,6 +282,28 @@ def get_queryset(self):
         )[:100]
 
 
+class LinkedResourcesAutocomplete(autocomplete.Select2QuerySetView):
+    def get_queryset(self):
+        qs = ResourceBase.objects.order_by("title")
+
+        if self.q:
+            qs = qs.filter(title__icontains=self.q)
+
+        if self.forwarded and "exclude" in self.forwarded:
+            qs = qs.exclude(pk=self.forwarded["exclude"])
+
+        return get_visible_resources(
+            qs,
+            self.request.user if self.request else None,
+            admin_approval_required=settings.ADMIN_MODERATE_UPLOADS,
+            unpublished_not_visible=settings.RESOURCE_PUBLISHING,
+            private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES,
+        )
+
+    def get_result_label(self, result):
+        return f"{result.title} [{_(result.polymorphic_ctype.model)}]"
+
+
 class RegionAutocomplete(SimpleSelect2View):
     model = Region
     filter_arg = "name__icontains"
diff --git a/geonode/documents/templates/documents/document_metadata.html b/geonode/documents/templates/documents/document_metadata.html
index a04a7323b50..80b553f9c35 100644
--- a/geonode/documents/templates/documents/document_metadata.html
+++ b/geonode/documents/templates/documents/document_metadata.html
@@ -84,19 +84,3 @@ <h2>{% trans "Metadata Provider" %}</h2>
   </div>
 </div>
 {% endblock body_outer %}
-
-{% block extra_script %}
-{{ block.super }}
-<script type="text/javascript">
-    $("#id_resource-linked_resources").select2({
-        placeholder: "{% trans "Select an option" %}",
-        allowClear: true
-    });
-</script>
-<style>
-  #s2id_id_resource-linked_resources {
-    width: 600px;
-    height: 100%;
-  }
-</style>
-{% endblock extra_script %}
diff --git a/geonode/documents/templates/layouts/doc_panels.html b/geonode/documents/templates/layouts/doc_panels.html
index 0cbef86d490..0c7c10667ba 100644
--- a/geonode/documents/templates/layouts/doc_panels.html
+++ b/geonode/documents/templates/layouts/doc_panels.html
@@ -315,7 +315,7 @@
                                 {% endblock doc_title %}
                                 {% block doc_linked_resources %}
                                     <div id="req_item">                                  
-                                      <span><label for="{{ document_form.linked_resources|id }}">{{ document_form.linked_resources.label }}</label></span>
+                                      <span><label for="{{ document_form.linked_resources|id }}">{% trans "Related resources" %}</label></span>
                                       {{ document_form.linked_resources }}
                                     </div>
                                 {% endblock doc_linked_resources %}
diff --git a/geonode/documents/tests.py b/geonode/documents/tests.py
index 5f09441c3f9..164abe7d519 100644
--- a/geonode/documents/tests.py
+++ b/geonode/documents/tests.py
@@ -655,9 +655,9 @@ def test_create_document_with_links(self):
 
         mixin1 = LinkedResourceForm()
         mixin1.instance = d
-        mixin1.cleaned_data = dict(
-            linked_resources=[r.id for r in resources],
-        )
+        mixin1.cleaned_data = {
+            "linked_resources": resources,
+        }
         mixin1.save_linked_resources()
 
         for resource in resources:
@@ -668,9 +668,9 @@ def test_create_document_with_links(self):
 
         mixin2 = LinkedResourceForm()
         mixin2.instance = d
-        mixin2.cleaned_data = dict(
-            linked_resources=[r.id for r in layers],
-        )
+        mixin2.cleaned_data = {
+            "linked_resources": layers,
+        }
         mixin2.save_linked_resources()
 
         for resource in layers:
diff --git a/geonode/geoapps/templates/apps/app_metadata.html b/geonode/geoapps/templates/apps/app_metadata.html
index 18769664be2..17b2de35a97 100644
--- a/geonode/geoapps/templates/apps/app_metadata.html
+++ b/geonode/geoapps/templates/apps/app_metadata.html
@@ -85,19 +85,3 @@ <h2>{% trans "Metadata Provider" %}</h2>
 
 {{ block.super }}
 {% endblock body_outer %}
-
-{% block extra_script %}
-{{ block.super }}
-<script type="text/javascript">
-    $("#id_resource-linked_resources").select2({
-        placeholder: "{% trans "Select an option" %}",
-        allowClear: true
-    });
-</script>
-<style>
-  #s2id_id_resource-linked_resources {
-    width: 600px;
-    height: 100%;
-  }
-</style>
-{% endblock extra_script %}
\ No newline at end of file
diff --git a/geonode/geoapps/templates/layouts/app_panels.html b/geonode/geoapps/templates/layouts/app_panels.html
index 4763d7a1257..855c10b1429 100644
--- a/geonode/geoapps/templates/layouts/app_panels.html
+++ b/geonode/geoapps/templates/layouts/app_panels.html
@@ -299,7 +299,7 @@
                                     {% endblock %}
                                     {% block geoapp_linked_resources %}
                                         <div id="req_item">
-                                          <span><label for="{{ geoapp_form.linked_resources|id }}">{{ geoapp_form.linked_resources.label }}</label></span>
+                                          <span><label for="{{ geoapp_form.linked_resources|id }}">{% trans "Related resources" %}</label></span>
                                           {{ geoapp_form.linked_resources }}
                                         </div>
                                     {% endblock geoapp_linked_resources %}
diff --git a/geonode/layers/templates/datasets/dataset_metadata.html b/geonode/layers/templates/datasets/dataset_metadata.html
index c01955351ff..cfb423709ac 100644
--- a/geonode/layers/templates/datasets/dataset_metadata.html
+++ b/geonode/layers/templates/datasets/dataset_metadata.html
@@ -109,19 +109,3 @@ <h2>{% trans "Metadata Provider" %}</h2>
 
 {{ block.super }}
 {% endblock body_outer %}
-
-{% block extra_script %}
-{{ block.super }}
-<script type="text/javascript">
-    $("#id_resource-linked_resources").select2({
-        placeholder: "{% trans "Select an option" %}",
-        allowClear: true
-    });
-</script>
-<style>
-  #s2id_id_resource-linked_resources {
-    width: 600px;
-    height: 100%;
-  }
-</style>
-{% endblock extra_script %}
\ No newline at end of file
diff --git a/geonode/layers/templates/layouts/panels.html b/geonode/layers/templates/layouts/panels.html
index d49f35726b2..dfd9d14e40a 100644
--- a/geonode/layers/templates/layouts/panels.html
+++ b/geonode/layers/templates/layouts/panels.html
@@ -333,7 +333,7 @@
                                     {% endblock dataset_title %}
                                     {% block dataset_linked_resources %}
                                         <div id="req_item">
-                                          <span><label for="{{ dataset_form.linked_resources|id }}">{{ dataset_form.linked_resources.label }}</label></span>
+                                          <span><label for="{{ dataset_form.linked_resources|id }}">{% trans "Related resources" %}</label></span>
                                           {{ dataset_form.linked_resources }}
                                         </div>
                                     {% endblock dataset_linked_resources %}
diff --git a/geonode/locale/it/LC_MESSAGES/django.mo b/geonode/locale/it/LC_MESSAGES/django.mo
index ca8e5e1987454996ec2d980155ea22c053d2d976..1b322e2d5ac2449ce20b34988a68104c7eb05a20 100644
GIT binary patch
delta 34171
zcmZAA1$0$c{`T>c;O=h02|<GgcX#*T?ga`3F76J+okDS^SaEk+C@o$nQrudK^Z!0~
z|1vM@J!_r$Y&+Zcxi=v*bNf+@Lyu$lZYGTUy~mX|s^_J~AM$!$>FA!9qm5EMFV9HN
ziylZmrVa4Cu+g43i}c20Jg)=kFR&fyjmCRk9Nag-^Xid*W}@en$MlmtuL<cLunh4-
zlRd8wMw#My-8|3d4It2oga@dM+EYDmIv&NE*k~FzuEKU0KxQfIfDe_9LvZ>G&&!7i
zX3|+KkLqZD{08GPOpR#-*2f39Ilj;Hic_i}3C~x0UTn<rqvz$ve3%M5ViFvQF>xLy
zz!jJlcVJe$jG6H>#=}gjTu1U_3F7UMN%mG?bX<oqY2Vwf03N^?cp9VOZ&(>`U@6SH
z+VhHFN6e1Pa2%e+!`N_*=Y7FcYdvp|T<3X}@ONy6LF<`z9E|C31o||R<pkt*OoYcR
zeho7be~Oxkgd03BDdsZEV{+onEZ!H>6Q78xXM=eNHG`Ke{sh$lZzJokhJ!Y`4uql}
zENAgXn2mU6)YQ(vjJOLm12<4pAAOU{&x7;XYz;6c>901sO&zqw4WKxtA-yrC!2Vm9
ze~oM!3EKVZF$<nDUs}QBTir-QF(vs`Q8Urr(g&NfFfr*HF&Q2~mAh`fM$K5vZLVBK
z9|098Y}Q2eusw$0NL0r*VGy3R{AZ|+$KLMpv!O;@9yMcqP|q*G=6C`>Mq+S3xsGMr
z?Pktblz=ux8;paUFgo@}?be~@7}TbmjEQg-#>X|N5$!=O<t0?P`xqCWq3Zo)`LWoU
zil@O?I{zUAwEGKTLM(%-sJ_KJpgJ@VHKij^$8<ibqE#3Vf5HrS4ArrRsCwU9ew3fx
zK$D;bkP73_zL%ST9w?5gs0L~ev_NLe8-;3c9BOK3p_XhvszaBt7(T;l7_!$b#kZ(>
zS7I96fvV>>^A5(LeeXGeApC@CIPE?+h2>F8P#sfYJuHPiQ59`QrqJ7Go<hyYWsBc6
zU!Z36qvgll?`AYL`ZR*f1d?EJ48^*rb37W;;VLYIComYj1D^LCWJi@>iJH<Ys3m-g
zG0;2c>Wzuo3qfXX)Y6nV$oy+cE0ds+^hRyQA*f9?($W{ArgAlEbL~b|cnCG(Ur_Id
zTc~nT4!NaCih5t<LUpJPHpgbD=XW3Sxt^RPK|Q*J>cB1Y9%}PFw)}rkQ~w3ES7IM_
z9Y~FV#IvKG&xz_tK8%FrEM5sU(8j3e+xZBn;lAcjRD%;x4b4Ptwxy`Ou+#GQqt^5U
z>iMgdeh;;j&rszfA8{|NSg1Xe1=VmF(^tm|w8pe#3`VWt0?dFLQEU4vYOmb4{LiRY
zXo90O6u_>>G{i%XxzG7ps1D3P4P+i_Mt;P?xYNab-b(^%Fz~qRKoV3B^J8QzhnmvL
zsETT0CTxbia2S@r*H{KaPk3HQ?2Bb_JL-78Lv^^|NzWUOwJ?Lu|3w07;Enka)o|b`
zw|SzWHcJR<Cc;o7sbT3YF*@<?s1Ei=|K`PL#22ELaE0anjOxfqOiugWUj$U}BdVdu
zr`?(+LZzq0#FzzDaZyx-^-xRH1smXG)EeJIor-`nE<YZI5D!J|nHHEId!nxhffWRb
z<1N%wra9|oq#3FMtuZQgM$JGkR7Xc)Y@CVObW1TN?y&qr7XQWK*UiVMz4ZPp^REgL
zo^yL39cl!j=$~RtN4%xw`!FT(>6X79H3R!l72d{J_zu<aDCb>A<6s=(sZo0?J8D2-
z=b8UV1WJ>jH7}3qP!-ghtsySN@wks&p6!C0`Uk(b4u3|CJi)JSQ)WdyUk%k@V~mR(
zQ1$mib?`e(h+}*Nv?lW~9<D<@@H6Jc)2QA43Dx5a7u{Y6M$J$O)blk_4Y$IC*d5ie
zVW>Sb8&z%-YO@}~Jm@=3Kn;FGH4y8P>tRAv18Grfnj2$anB|wl0>o=!5ROKT_(xPn
zwxjmeA=GaFi0W9<-&{w6k@|gJQ5W#4p$as&cu&;Y4?{J)6g5L@EqxE_g>wxxweL{J
z_%mvRkuST3;-ChS&f<Ac^_0QbI{$SnqoqHA-HlqKA*h1mu^`UFr1%SJrv64%{2bLm
z?{}9U(@c-*P+^S3-YJ3Flx6;K9j<~2Xy2<zKvUNW6JZb3DHws8k;SMb*n%3_UR1-!
zP|y8t@q4JLe}hRd(iJxYDNr2@LFE@fJy!;OYOodo^{g$bU{}=0`=LfK8uh?L?1=MF
z6-B!0(&M9^Piyfks8f|6D>L%Kn40+TYrK4LG1kY=*O-4zb-n9MD~6*Q486f;HWtQY
z*unH+apJQv4gQ8I{~Fctcc^!Lq?>MvOQD`GkE*XZhT=q2hxgxP{xy>0Bxp)6p^nKt
zOpgDdPDlJ(u3S1)JO`>=QM0<`w?xfcS5$q2EPawW&-~Hc<|ClZbP!eH3DhRLiW<>N
z)CfPIdK~bli^o9ig?OlP$x%y`0X6k`ES?`#t_-UFs;G`NN2U9^6BtdPKi0s{sN+=q
zHfJ8|U@#8H#JCRi$~}l0>0L|z2i3tCcU%V(n8|P|>1j{{-GJ)wcBjwVPe5yV5;Ncf
zR8M36<z^x^DxMFuSIVPCP#e{O)~KcGjp=X#mcq5D)AIy1Gha|0jC0p@APGj+`A<hc
z$14-6KyI@T>KK;96xbBCG<{KfW+G~4=3+)XjM^IyQ03m3aqhAC0;nI=p}O~7etRrV
z``%yznvy-J4jjcGJd5i2Gwh5XQ61^<z>R#EISqA;m!f}aQA@So@-LwVc-P|3Q62q)
zK5c@yf4g^eGK@mJHfo9+njJAK@c|eWm!g(p6{f^(sD{s@D!zg`c7I!3zo$`tJk;|k
za4QBqWd4<KiG)6Q4NqdtNBr!LDIUAc82gFa)d?^%=}Axxr9^c!81rBls=h9$H(+lJ
z#IdOI6HqfV4>f>|PniGA1on_H6K`WX?Dy2o#C6o>yo0LPd*&L9hT3$=EuI&(8Oxwv
zFm<pHjzZ1oUW|r^Q3E)Q>c9mb0Zrj`%)=)64<`}N_QI|GPk4y<5!5Ld^U_r`7d67A
z7z1};Fdjthk;i5frcv>9m;;MoY;14(`Vi1AA8H8;P@82n7Q}712p^+*KK`|H3aZ>p
zjE;*@YrYEAp#!L?K82crTc~pPFb+P$4Ep^4Xc_7LaXrh1aVby$Rj`~{2Q|gv7Vn8F
zHv|*oB-9cuLp8V>tKvpW|A3nEz<*tST#TmkpV$&oqY7m3XK-dwBQA*9uqbB1wwMkl
zU=XfFE#Vo<e}H-}?i<&^M5vBuKuvupYUWB}6rKMn1T;0ZFbOtBjid)^O8cQ2oQ&Fx
z8&I3+465Qws0Qz%rv4$Sp4XNh<3HDMT<l7EDpdVr(U*|G6atBH8EVRRpc*)e>eyLS
z#g|cg<xflhh#FCpw{GSVnrTrZ%#NzBfTfp3y+>-II^6#)^RI$~NJxfbP(5F4@$KeW
z)SBMIFno-AG0QtQlDnu5K1L1XUrUeq-VG!HrYAiGs^Oxjj+J`P{A&a?NYL6h#rW6(
zgYa9_49qo`p{9JTxd&CzX-t4uFgrfR<e2n>`{t7ywS?6$C3Z!%H^xU`2!R=x6BB-P
z9V&(DX?4`d>tIrBgz8`qRKr72BcF^K$Q)F~D=dFAs{DT3h8Ixvj{4*}>KjiWEeYFE
z1uvo2{vL+lQ`7?~KD+d^s8?zh)XW5<raaWFh&q<dP)phc8{r7l%w5O2_{8P=yi#A>
zF9aH)Mluak<9tkoJ24GjLXGSdX2Q>?8Oi7c_~T)yC1{Dcu@@%7rKk>VM-A)<YUa*h
zQl0;+1XS@$R0lqxrZQT9E11~KfSQRsI06gcKe!7g;D*2ej|1U_@nxU4uNN9Qz`vO@
zMR6SqLp59tHG@qsD(!pC3Dm;2SOd44k@>xfI#w4o;+Ez})G=C(nei8k|A%>qr;Fwq
zs)bsj7G?+3jP^v$)I{`Yq>C(JEo!svMNQdZOaB#95WkDs)t^!2l0^^j{~{p`Mj~DZ
zwTBv5yaTG9E~xj+Kvah&q4vV8=m9=|ft4hvBik+G5T+&mE2@H*s5h1u!}UBG>b;S|
z;+aqt7DUZh1x$x^Q0Klk@?qo6L@mJ%)G<67!{-|MlLUQ-`+}O9j4=cJKQI))uEg77
zA^Zikdt<~3@TOpMtb$K591F*G^~}Y>#P{Mde1lDKF8@SU1pmcinA;aO!2iPNikiCF
zsFAKhP1Q!!NOxNNF#2~djwJmmYQ!z$xpG}lZ_s|I-98aj&rFLiM4hG;s2TPhwv0Qd
zkv_uq*f4&8Hy-z)j#=dduHkT0#obX2_d_)>95r(jEPo+tKr1i^e?krHchvjhreyzl
zuL-DN^hB=W6sTjE9<}x%s2K>e{PL*HR~@xy>Y^$PM;*_;sOJZwW@;p=W7AQa@CQ`A
zJ1~*X|1kpUz*Wn5j2hv4)aD7Kn`$5vuEHXyk=#Me%tO@X^O88@qdFXfdOiemV|7%=
z2czmAfzfsTClF8rGf^E`jcQ;ws^<q$Q+*ND^INEqKSMSA0kxZBC3Vkb!C>M!QTYu~
z<vXA{_6_Pi;6tBAFrR=n%@$MxCs618cT`VbqSp8ws)K>aoQY87Godz9K2(S6px*s$
zEq#!s&qvL`dW&yO#`)K~{wN7*;0|hcK1Pi=MsinS64Y8|H4C7QYgyEqc0hGxAZp~}
zP<vo2s=mFb4qijm`yTb#5H$toUsI7Xg*)#BQB&2<?2YQN4^`nPa|&vtb5R{wi<+5z
zs3|{>>hLYBgikGAFs0k1<xm}~?6ZUpW>?fmdZ8*BirNcPEqyksp_S$i)DoRQ&EN&h
zg;!8-!04%5$Frg82}O;(i0P|tfmW!B`=X|HG-_|GL5=(%YV({%&Cq4@FH{F!U}k)a
znwhkzUAa7{DKC!NQ<YKmv_U%P^STqz+Du0EY&~YhgQyWbwD>EGL_B30S8-a@424*{
zDC)RXLUp7w7Qm^ffgD5Ce*;zTON_++^WGEC8h_@`8`QJN>D-#eLw#suz>ZiRi{b{%
zgOAKqK>_|>)mB4wXb5UkPev`lS}c#JQ3Fko-W~Tmn4b2%@&t7JI-sU<usI5~7baPJ
z0cz@hu=r++@4|AVA49EitPF012~izMg{rqOR>D%K85xJZZ~{vR=)r)DjEt`)(Xo91
zn<TUAz>+NPbAKahZ=67#nkN{7(X+ZYTz*ss+oDcIFVu)fqGotGYCx+|FRYzenSW(m
zv;tR9o9z~=Lk}(f!t&o+x|hw3C>p9<JXFO=Ej=^pi%L$j0%|5&Vh$XH`m9);&F9v9
z0}1m;*oE3;^@816HbPb05%oZSRL=*YcJ*uw#^o4_XE7&w*#rFl2$c(U8oFa%9E#a-
z3s%J&J_5xE1cwCpf81`5m5DDzP4xrRCXAKCeFw~iir2+b*blXLc3=>mMQyrgsM8QP
zr;F#o%*1P<mZTr*1?2nQ3T(B6i`bfsm#7b=dbt9;IoJvH4Ja_T`_31J8hH<MF4iZ0
z7<If-@Y@VEm;r}jCDi#pg_^0m$T9bM$@01{93?R~87ol*F5^&)5gOqC1?6~Dj}zo`
zGmslKg>_IfwFt-JAzX-6^Sc>%h??P81>D}MgnBjCLI3an!U<?Mw?m!(VW<&IL~YLR
zQO9&X7Q|Eq-DawT8gUOCk4I6Pw^kvygiTQO{D9g6>oIvCKZ>E=AAb~~epMVJ%x$uG
zs7;pE%!sNW8)~!VMQzUFsPkOf@++g(x(;e@e1jUuY}DykhWa>OjXItOQJeZ4`n1M3
z2xt?%LOl?@sC5W+Y|^6Et|+Q}ebk$-vpEnogX7Wv;e_h&4%EmGqssqg`S(z#<V{h|
zzg`rXiUoLsu@I_<+ff}lgnDQHfvV^U`hNgHtzoj_u6$<H8!Z&Ihbp7Keh)y+#1>Qs
z_FDWbs-u4t=lrV!4@t;|A5jfwE)n4Mz@n%nSc}>V+fY-v8};0;mVOV_(Z}W&R0k84
zbRA5Osy7#E2Fs!9ZR{hU7fNf?6c0vC-E0iP<rY6;UNEntX6kR$p840}?@<*;E9E*6
zAGKG~q6Uz~;yF+=>dS8l6;Kb>Kpnq^cnrs*j#KT@0sOfZ|JsEsadDXd{~wiADC@p(
zEJsc8uc#@%gR1W->V@<MHS(n8+;I&--VZ*nCV}c?^hK@7VN_2q;aR+j+LWuxyW_PH
zOA_COYVaMZffyBBgTbhgg`$6|QKzOcYS%YMElpR<sDnL_Kn)TWVJ3Wv>UqM7?&the
zsL%bysF}HD#;xSuaHTOj=^ZRS9rF_3i8=8R>P?xvvitBUgG%p#!L;u!w2b4ZSL{Dl
zAV(Fqi<_Vxn1Q+Rp!pK>6Hi~&b)W%;5Fdv1aXpsBNY&iuenr%)eJbir`Wk(zI6-w+
zK}pO;yfX&j4Ai@S8&<;VH3GcFI14qRf;C;o!Z8=|$*A<bSOg!S29&;*o4Ll=nD|80
z(%i4b`B#rWkPwDhYX|s$#oF2&hnmVwsE*x1z2Rcjap}2GrzafsO8pM?`MwTy+^(QT
z`W(w+oVqSv7qbxWRoCY>+Z+<~Vp)XRgga0llPAmvs0O0eb0a8(+9T6Yn{Xa#ldUl~
zm|HL(=|7>$JwkQty~X4E>bqSTWah@E6exi@xARc1;AN;O-H&{Rc<)f}iI1p`L~r0s
zfNCfu>Xn=wHPsbRFQ}%d7grDb4t>K3^d#^Z^+1n?Zp|j3j@4n*ar_H4)ekK_awFHl
zOsE%E4%FILz>L@vHKQ|8&#gx--3e5^k6k+d{@d8?@+_!Nv6iR;!%*+^rKp+MiF(r=
zz!-QGwIt_J9nfDHt6WOdDanAEi8>euTcc*GCu&Isp#S&(>j`Lt+x-drTM%l~97gTx
z+o+DjZ|WMzihA|tM$K3;)ShXCYN!*czW%7^2BW5aChEns3hUr*?Cv8Fr<r@h4MIIQ
z0`;O9hvE1$>Xf8u?tb}H8C7l}YQ~nEM{ywW2dHD+x`kWoshC;iP#<0=QK#uP`YIBL
z+0u=;4*I7EHFX0}U!BHT`Y{Y5ejYW_7pR%|jA|fOxEpa^)W>fn)NUV!s&_W(O}PYh
zT26;^{<XW$lb~Jw1of_ej+)vxSP~Pqau3u&m2ZIB3w=<V?pxI9ScZCqU$^{#)~?>D
zs67({wG@d^9mv|+=L&?7piP$xwMI2in<*UCv5u&Yb+Po`mOc=hl0FzU!Yh`42i3tx
zI2xa$I^M5MfP1r|+S}$M(2&3-)C(s^TX#&VqTb=%F$j;KX5=2$#ejCM!TP9=+ZO2G
ze5j81N9_?GYH3DcR$PlZEf-Ns=X**(FNF7~wTaW-jkK^?5|v*8HNwWI23n(DK%G$y
z_d|7XB$mM?*c|^teY%$J5a9pQjj5>T&mqtIyvqdCz#Y_X{uebh$vV0b6he)#IBE$h
zq1LV@>IG95)nHePZ$veG0vlkKPHxQyqc-C-)Uo~%3+wa$G68+a#Ov%fTWQp}9fsO0
zb5MI?9cn7~p*GW9)aHAJ`jkuF#cje`sHq>1n$fAKJ+#Nt_n~I)2&Sfe?*f4!e2SWy
zxLsX?Nl{at4K*WqQJbhX24Qzp`6;Lu)@;;FZAU$K05#H+mi`vCDI;}r^+ZSCk0fL!
zFf)K39x)kRZQX;ZAwIAd>Ev(i&9`CFEA<KR*r(pkz5)7&a4&WL0RMm2Bi6U><24*-
zk-rkPB*g~?`2R$6D0U(K3Oitn?*jb)+<)vl&i@P&!Unlbat<32Pcztkx$K7(h+o9W
zRGe~1fY+ONI*x4toQ_5D1gfKvhq|95=3+16$%eUl#^Gk((f6?|>2s#Ly>nd^<Rjr<
z64GPv47W+DqNcJHYVEtCmS6~KuPj3Cg$t-X@&@$+ipex;<mFI%U<_(0CZYDsEOUva
zukjJkIoyg(@Bo&?RNuRAL`^YN590TD5^rEj=J^a3pB>=;Z_mV><3{!kYKnKF);ege
zJNKDUo4Pvc{I^AYEc=F7U@q!IV;ctH9n64{=DCq)L8Vtfy<$6H2u?&*v=g-nFQQ&#
zFU|P#-6_b8YPbn%6Muu0_j%J?z}tx0t!Gik=A)T)flIH0IY=Ld%HM!X*b`S!OE_?m
z>*xma90rm84Ar4{i(NbyDqa(Vb^f~($U?##)Cl&QH&6vXpn9B=))X&fHb9NMFDid3
zYJ}@8ejHWbUDTT~aH)%@HH%>e+V`3e(8va35UxR0d>S>y_faEGxXg95IO>Jd7PH|3
zEQm*O9Dc-6EdJ=_uEVicxpE<>7f(IZUI<73-~aR{pclzdbF4WPwY%q_UeW6?J?=++
z<GGDGC9g0pellaPcI8u<xlpI5H0parUDQmqS<U%ZU@!@Km(R8Wn^2qV0IH#Ts1CeA
zy~AUyaWj$*6|aKoXgI3;H>ie2S^D>=4y?BPJ?5D;KKCW^1_?T^ao4(niBVIY1^usF
z)RJ_^S~w2F@hTR<qU&4-`(jq&V^PO?6KZDnnnzIsK8xCO4}1jl@fml$dr_oDWn{(%
zSPhlG95vOOE&elV%1@bBP;2`)Y9{_ceeaLH!F41J>bqZd)Qpuu9d}<N0@|IUQM+{+
zYEvCRz40F66pXRaeXX90Dt8h!BM(q-w!lqpredQy7Hk$q<yXYqSQ|An!;l&Gd6Nm~
zMKcpMf*q)}I_wH~zghemY6MSFuihw|-IRx*j%5kdk~K%|fw9;J=UP0@7FRwkY6kLR
z6rKNy1fr5q9o5r%s5NVWD%c)X;UIGo1`=O{+A~X0o9#!`7n2>R@_SGNI%D~NpqB7&
z^ELYa{qHjYO-Zz^Zpss*I*{KihFZ&Vs17zZ+n{Eo8|p)56l!TEqn2(RY9`O1I(QRx
ze4m-|w{iY;>_Q2sU{%!SX>RdesD?+NPQe^Z6~Gq^)C=pE?EzjX{EX^Y$)DWXS4KV8
z2+LzPRQ+2~?HxrO@0&ky{x!vscDN--ff{)b>Va$+jA1wn+hRTZfK{>9PWP+U1z4B(
zeN=kbF1IH}<0RrMFeB#M?Ut+|YRQ}L=KL$rmIUqkE~wo*6V<WhsI}aM>d-0FR9{D}
z?LE}ydui$M_qfxP0=3o!P$MpdIxUS+&wqoef3S~$3eG@H;Ud%$tU|5j&#2>h6|>?S
z)Hk5CKfCxe)SGb^>b-FWL+~}~9iMKmdqEY%FycM27OusT==(@O4Hw(zroIC5+2Ped
zZOXc4IBLY*P$L?E>iBfjj4ibII@EJJP#rjenxSi`a_>=lBgTIJ9`Jc-2`HhgOYj<@
ze`-(<&anI~sQ1Ki%YTGw$UEScFb-;|5~G$Xv&9Rc8m@#oo()k0Y>EkV{=*5BBB3`P
z#jO~R13uuOYjE6Q*P(T&B{_uJlz*ZcjCsT@K`PWS%Y|y71ge8&Q5~pd@s_9oc18c+
z{|_gSkA#_+2T!0*!8_E<1RQlA8c9*-JrDXvgsP~a*$sn;kFfX;sB*heYkd;6bTN*(
zrObdnt!XX-YA6iV<C>_oZH8)~18UO@MlH!X)D%BOb?6Hg#AL_an%6*W;&$c$)J#pX
z_##w$TaI)7wR?|~kR7k0He-|%u7P-{7e#v1+E+lmayy}pZ4cB;^+R=J2x<vtp&D3e
z?m>0nf_WP?z*qXgK_mP`f_j|jr2By)D{A+)K{YfGHS%Go2bZ9xa;<p;Rqh4`@`k*N
zI_D2gIbWbU@D4TLn5W&6rtuNb$O@reu}x3~`=i!wEUII(QB%GaHL|_tuNXx90cr-K
zpK;$8f>8D3LX|Ix8fZOK$2y}1;_E{|4Gcj|?R3->&cPYD3RO|Dvu<gsn+;JFw?ggq
ze%OMMe}{R9Up?o3!5Hhj`+;N(s^RB&1K%Pu#?Sv3+)pkyFb5gwe{p-E2G%4#0JXVJ
zqB`jP>ZUp>>Z?~AR0k@ej%PK@kDakJE=KK<+o;X`5H-Lz=s*8aFS@l%j+*kksIOe5
zEM5aO_07#5mOl(Nb5l^yEw}V7<^l7Zc^x(7k5C=>7gO>6@uFOEZ>IF95oSgm%MjG2
zDug-}CCo~w4%R`v(ZW$3XlwRCZQkLiO*$9V;1*nshftp(U4P^JYwB(h&<o-&X2VRE
z-I`ZNeQdTsH832t=F?CeTZ!uMdQ<~jaUmYI^j5#SsqcVV`yQAXzeTmP=y%S)ruH}q
z>hTo}!WXFY1b?_)n-SG;5!5NEfvTtrYK^C%j@3ofbN5ke{uVWJ-W9h;Vxscnq4LvT
z;ruHQOoBdU^P;|=S4VwbcR=m_;i!+*8K~pBA2s4TsPeB+$1nEP0IwpaAQPq|-u0SG
zpNQ({52y~^N45LHM?e+4MfEJ<^#HFQW<rg0KB}ResE(XKEyWeol>Uv{gfCI$qTF!#
zNl^7=G7F*_tc0Oh3$=v45d<`~<53MPwgQ{1z+b3i^9Xgk{zEmK<fdylEo$jPQ5~y{
z8et<;1Fi80c0zR^*R23=3>L&kI{*6!#AM1=|LHc<w%hK(-KfoZ5LNLpR0n^<TzDVV
zK$1IdkEBLEwY^Z(OcX#ZX?fK1tuPPvM7`LSVi$e>7x>GKXesIiw8rAUqbm9nwG=Nb
z9_Ox0PlM%1&xsANx22y%9p5XcnY(Ac!t}(yU}*-N{$7B$LFd2CeRrM{J_zt05D!AF
zUG%?QdP>y0I~(c+QUY^hWmLxopf=kqi~oed#4n=W6Q5Ae#d_#wBq?f%Lec;EUyML0
z5-Q<d9EV!tijUk9)Ix2t`lt#!p-xACR7KNKduV~hH=~wj4{8PvVL|*A)sYyFU3%ij
zcK$PwpfxIp8hLrtd2VQSw*0}U%{CFWnU<p(T8mY1i=}@;O?{Lnu3SPhCF+Hh0X3j(
zPdNW-xR_;BMNMsO%!$J=6K+K9jY}AW0Z-j8ATyvw)CkqFHs(Oov7Ux{FRVp%^e}2>
zPocg~T=Wr8k6xh~c#GLF^D}2H)G7E5H8VpkJ{`5mW}_Njj`}RvjheZA*a?3@HCXhy
z+e770OV<Q7a9>{nn#z&pMAX#HL~X96sD}2T*7B6)U$yuH)Kvb5I-ap!I8$Q*;yF<R
zY=i#2gBp2%q<)__i$D+wTP@=fs>iRf8h*rmSox*vX!KXEL-A1!r$$X}9<vZ?_m@D;
zTu0P<pc|^*aTcGB33dKA5KxZ}T7f^!ho}Z#p^jhF*KP(<qoz0qYFC#;t#v=t8*(ZJ
z;Re(Uo=45-6Z{U}p+3C&{zLsb|MLmx7;Qu?#V*w6_CeH?UPV>#7}b%tsHu$muS-vj
zDi@5(55x0V3pE2lZ`>ZqjQa2@hI+mw`p<ti0@`!~P*e1S6<CjYrS7r#KFmh^461|w
zq8g0*pNnV0_QZ>$-UmNmE!>5giI{KQKXzqBwc~rs`PWp8B|&en4XCv`huUn9Fg?CU
z?b_7uTn7rF8V<*N*blWNYf#VaMa|?{)Xe>cI)-;F{vNfdqrK<+E0E~DE0_*dK@QZ^
z6~iT18iN9;0M`(Y^pTDc-+;04!Y4NaH$J<ic!OHfXkXk6CO~b{#8@9wVLj~Sv%oRb
zW=q9{hhT2Zf=w|O4o6M>X3URQEj?a9pnok(pc<@ZHb8CaaMaBBQ0IL*YU!4uj-_w6
z6*z#}6c??)ZPb#yM@?bMz(D`sfMi9zXnLY{{Wlh$jB02)YN=MB*7yMG#dXs1uc0>U
zGnel3z7WtFCx{g2-!%D9Q&kDI6g5#x)Y9TzP;b2NPz_AS+&CYz;%SS&MwQDL*$pHN
zGZAlsIt4!T|M!2E5l{uYa1cI3o$K~d0{x%s3$Y*Zf3OL5i5lqtCzfNV7fr5cf&PEl
zY=nD=&q9@}!~bkrUR;l5@D{3_3^Ck{)ItB>|FtEck#t6lw2#Go=2#p@`ZUxUrivNp
z|Io>fIt2w#YhTsU>!a!mN4=0bq4vTU)TvmBlW_z3h7u?qE71RIvVEw{Q7yK!9qNH0
zsE&<BH8dU7@B&mrTTpAd2X&m!So$l}9{GSnIVDNrxaVfYb<eGf8|eP~f7?mW<~x8|
zvva71?x8+jpQA?p9<{k*@cS9<-b|>DWJjHzQWmd=I`5q=J{;ANIjDNJpf>fvcs@6>
zb0p*<;i?sk5kJuTiFiiTX1t2(*lpBqerv`|;5wQbgGkSUp;!^s!GWk59EuvqSkwS!
zm>Yan;3TTzUr;0e3-t<piaG^>30=<<qK;*HRK=xH9j}af{#(=t$D?L+E(YO`sOL_g
zX5w%3zZU`%x#N%owZ?_ba;T}TWwtj5q1Jdhs==M8<9iB&@CmBpaT2>V&VXt#1XZp)
zs^c9nm{aKWAfTz4i<;seP;0XXHG&hUA3`sqX5u}nftX1G{qO#Cs0!<%-i%E#D^5k#
zvlBJaqo~vH2kJB9jX&MT=1J;CUK~|XWwW-~7`3}wp&IUu+H7MieLkvzb*OW{AGHK2
z`KNU4fnd~!T5i;5N>xj*g-K}NYoGvjwT$7Y3dW+Qc(%D3)xkaHVJt@cG=^Yw{<>I8
zm>;!=N}(FAf_me%N6qj!)IgS?PZeypj8~`!W2A5$NQ9d53}z@QzYOZbsT!)HKByTQ
zi<<Jes5M`S8pr|E+MmaQ_!9M=$(EAypOZl8lx}1_uq^TZ7T<%a_%N#Hmn{Ama}ocD
zsxTy#J9e#6Uo^f)Ey)(t3+gB)2;jYf8o-~aosUv;{?(IzNXUV4((tCjFx1TK!J_yU
zvt$0WuA!Ew4oyeR#A?(CFJN_ih3a6bbgn}^Q1wqlb!->vy>iA!K)e4UYOQZt#tTdT
z57pzqAXhFnRw16u;;m6r-VJq12BJp12pi*%sE!7t5A@n%a@3|AjJ(76`JcdOre<bF
zx2scSb}x$D7)rsKsF4lFlK2Cb$GfPt&z{9SR}!-kuZtSlAk;`lpq`(FYIvu)4;h%x
zJ3>Ia`kYJfE?a>=&HJbkJ+b(|s7>|3(qm?I@A^cjS8E7r>MLLo?29^f8&Su08?M3=
z7)js%du4MY>5JO!<54}GhdMq>P%omNQJeJ?s^Yh(5r+l``hQW`6xG05EROq8d*%~X
z!fe^ybG=aC2i9U0o&RS9R8f%-XKM^5J^}S6+m2y)12v_|bGS_xV%9;G8(=QQOvF!`
z&&)(Q-K)E>*#dptDL9gVDt?W>W7J&k7~aI(#53e}FPJ*!5Nt#G8jOx{^SGHwhP{ZF
zN4;uyV1E1!^J2`r?i*Dx)aja$m-AnWzy%U!V1m#<|Nq#;3d~HrTs}9F&RCB46x7UI
z!ln2b7vPfoZqpVo;HJ7c>eQ@6Ey*U-k{&^A##5-Jep0~aUYQ?B(5{VMFwmQi@lY?K
zwU`f|V=K&9D3Gt<{8KBcfkK4?{eJ~t8ujX3ggVA+unEWOXVfW5R@BvB1@&BQ)TV6e
zvp_g%D%+uUcXy10gHcN}3{~+=)Y`5@?U~c4^8cWok5tTk*Nct%1{8vNgO)`tNj=ml
z>5Uq&ZxR7jFcUN2a?}(bL%kVaSbmJ+uA=0qDGauFRn*9vp<Xl{QB&(feW*>rT(|<&
zkxQs0yN5jI^M;pjJ)MjyuoBgw9jFc+Lyi0)>P`0nwKt-dbek&|mLT2+bxfC`I<g5h
zfa9o+{E6BNZ?FKyETuie`71?WItk&ZDSVBZnvbXlBb9a!ra-0V#B`Y7tcM!$H>jl=
ziJIcss19sFz2Z+}7QBoh_z7d_{0EnDU!4k|rm}(A+U$-R`9M@fV=O)$HDilW9p7Z`
zLT#=?sPe~Auj*ed{s8sHeTBY41l|)kg`s5wz2*1`H{#NAf!>c;yL_M*j_)uxHmP85
zN>qpEp&D9=*>N+f!Rx3u=1a_j=_&?#1F#lqNl#Ve{OdSeC*d{Tw~VWm+%b8A<w<{o
z8fmf0Zg*ElO?g*TMT1ZcPDW0hx7_kqqMrK+b!v`dGkjw4%2j-BD!Nw*^#9lC`(Zf>
ze87TOs;YaJ_eZ@4wxix?4>2#Mt>)IU7HXt}P$OM~nyG83a<QtrQ&1e0-xalK7y1b3
z1#ulqVZ0jdi$X2b7mvYM7<ZvM^a@ozxTfn!GptK|8kWX;*c`Lg3iMjyDAZ=WhpNY`
z?Vc-Q`nnUyNcwWzi^s7dj;a&r?Z&gHclFr1ZucHVy?CCWrZh>tK>wd?hM|^f1{TLF
z*bbA`cS|rBRemy-#I49N<iGz<K<7EQfg52>)bSXN>ev?4)L+Kb7_*_9>a3_2RejW(
z&WAxb8%yC%)cfNdY6(&|a-RV;Q16#|m|W+-4FUalJP5Uh^HC!?iJdWCV|Tm;qBhwG
z)FzvQQE)zL6E8(A&05r^yNP;#JV(6;qVR#BhSQ=pZBFc@^IwvHDq4+tM{h*Eq0XWj
ziqzB{v#6+Zp3qE%swfi%VL{ZJuc4)PH;3Xl(x>AhOx?`wi9P7krn*c(YZIrr>qsc-
z9bXvr4X6p~&DRe#lEJ9WGz)ba&ZCwvatpU)*->9eYM{RL_OtZmsQ1lr)J%VA!THw<
zBWFvuR*g_^rtdH^jzGQn#$qY_9<`e<qo({NYNkG*raEu9`wXav%CC>wY%NhUw-_~$
zRhGXo+~+pYE)q1NzfkY!)UDiFl|{`!9n@y(j#}GksI^>%>hNaN)bGMXcmcIEcd-q=
z!9m!hwJZO-dCNyYyYm6|#T0Ga@tT6Ii0?%8IAvS+p_3jp)unMNc0m7^QPitAw4K{S
zB~Y8X8ER90hmCOqYR03tcQfV7M?h0o8pE(5s=?`~Juw$Gl6|Oh7f==6M~yT^2e+0v
zQ8UmK)sfz)7uXPtgu5{v?n7<ro5;-hyxRn{sUD(Uje#BA1Nl%RD1_Pz4N&iardR=|
zpl0GS#>9`PilcRMYaJ8S!9=JIWJTqNpx!IF(Eq>xU59|yFdQ}Vj%E+krs;<P=);CM
z47Dk*pq{&rdhQvH!GBT5cyMRueALKyVGF#18d%{joHCvNh6HNj094OTqGseNHo>S}
z-3VKmT`?i){ZYGoJgTEJF&i#Ky+My*Fup=9N$PHHDYK!DWf=PO;^{y@c0;{N`=BbE
zfEwXUR0RuA4X;AIANHV**A487X}Y_ge#c{F;(wr?%h1D_3$-L+sJ&IA2j@SCKpzs+
zftje|HP7N}&CRIIwF7J6In;X~T~GHR6NZ(DFF{T1Lkz;`z1-;vMs>6)>ceb4mcl=J
zasIWdQ}lK{%Z=LYWicz(M~z@GYAVN}j@wq$?tY3|``|wA6y!nel@_S<aMbf1P<x^e
z>diL|wQ2YJ2<SuQlqK9kHT($mX_xRDH-g-#C257Ks57eKv8X*T6V<UrsEYqUotnQ;
z_56)LW0bzGgTr+cxB`~V$op*~-=75UP(BTveo9tjR^tN$iAP!}@%_Y`>J)L^B0T}|
z_!^*H8PpcnK<=Fu=0nAQ{pIlXSo$BN^Y1xcFRSl&{uRobr{(9`K%oFKnpx&5d*}gq
zT7dD~TS-ev{sbz?#dFsQ2Xg<!y^b_pLrC9@If)Oad>-<2m80<igqx7|k~==(+59V%
zmyL`M-1S^J|No~+A$v$kg{UyKb#ev|>N-c||Ke3Er~eO?YyKQQ)G4da)`)AoJv)_W
zSOc#$@gSb-p$_XUFu@A^P2wBklP#_aVv<(+tGITIt~^xq_0^loGLn{w#7A^eZv$QV
zNxw;aEO#&BeW>dk;f374ar@F(<y&!&dSsVgOS6bSB0Y?Px_Fy-2^i^HjQQ0bXia_&
z%GIGvV!}lU^Uq@ZLk)w$MU<bzeT8@h;xGKQ@jEg7uP{6$Qjt552dDGkMQf}q1<zQx
zEiRypPI_0;r%+kM^(~c#arY$s3F&9P%G=Cy6|Iii)E$$%xaB9~nccjF_-7~%n~mlP
zh5sS`oI5&UzFl~Ax%ockzv58AObhd^)LTU*x}uXlhwu(M!Jj&Ksfhnbez-O6|NL=9
zy-4IWu;={iuk@`v6ig?ck&yv=lNL(Bh^vb|u+3~k`2Z^4Pa}MR@GeqNe}0sOdj`*~
z#pC#e^kRgAd9EGtXx!n%zv1RzFg@Q!>tRYF5myQ-OvT-g!u%7s|24v26Zk*<^|qcz
zI6u#&wP*gN^5vwDvARx^-iovr)RB?Fq$NC(@NcA_rpzkB-;l=Vw)Q_CkUTt?TUR9t
ztR{Sl!qF*|nZgm*UDB(OHiNtl*w`B6tBrSww8vJ*k*}VqL)u*ObTud3&+^6+Ul%d|
zEh+FV8RxkVSS4Et|6~v91v`Ys)?0(BEHWLK%w3oAkCedG#o@KK=YAlbTr*&eD*FO?
zJ$Y^w&sFjf&~=2!FbbW)8#J;Ibrr$e+!wy8pbp{1+<N=#x=1*M3wo(}_A(9Z<4$g!
zSVzA8TR}Uhr@y6TCH$FZ_*Y=gA(2583ZbVFS1TSUOIkMaw~_cex4y#^Bz}*)AFbfe
z3?PWOu4>eCja%11p4C-~_<i#AUAh`+O$k3E9G!ZK==_(l2eOlSK#g%1)013TD7?uk
zaw&X(QhqA;J`&oI-^6AxBL9xXlTs!s1G*Z~5z20`w(1i;OSv(6|K}kR-!i6CxC$NE
zO6Dulb?IwK#1+XZe~Kl!`6}$Cqx@!WT|eM2)b*C|Bzt~7Wr9fm4u|v1XVOCmPsRWr
z0bRe45t|41*+bcgkFc=vA6U66gd3B$nL9G&H(^Ec2GKwoE1%Sskw5zON|E1<TUQ*)
zRVHl{&n+dK3H|4<smu40S|j>NZ7i8bc<>#SULf9?@LuxEV@xX1m4du|_6*-Lyffr|
zA@4QMMqJfNOH3YrJm_V%j?Mpn`93eVMK0h+3$Lc)hCCQ?W#r+D<i+65!(EsPmvaYN
zd6m--WxIIhF83kAr>NsPWgg&vR@Xn)@u%cx=UM#}>W!wrOd@NzCzHWXBOZUK=Oy{7
z@_dxx%f0`{juKW$G}5*ZK1F&#!oP6W`>NB6?fI1CpCCM%JD4&Lxg)Og{=dQ{Hk{1W
zmf8u!Eu736TTlKAZvAu+akU_>D;5pt8b|yRHsG0;7>CaEBrP50C2bQ8M<u+(>P$!6
zx1UHg3Rj{ae`n>Dqd+EZUFmJT0!SZ2BjZT_=(4;lme+?geeKLn{F*(tp0cs1Z@tAY
z5iet5J>HUVH5wnH?|-_Ean~ks2@e&pf<I7TC3hKaeg7RnUc~he;eFhFY$Qt0LL)i2
zcar|j%2vie>uAKYGC%1(DeK?=JE`O<jZCnH>tiu8laThn(mE5?bp&TpJ_YGd2|uNx
ze@LIe%@23~yUJLI9}>KiR!0d-J4V{~+&}T`9p6_YQ2tqq7bCL*@n+ng2$!I-gyf~7
zvOlad>8)b^*o!}5;lyB7(n?Ty0^+B6PS*m`8xjA{;<4?y$LL$B!j_<)ZI^LRBJBs#
zVsY0d+}iTXt2VB9#5-VIruLveg%^scpOX)B59V%1xgInen>utwqWmYqRp<!6-SCF!
z^FJTG)78cNjm#kK;@ml@U=X*i-o!_8>q<sNaS2bSa{btPS(Oq_N!lSRbByN-kp3<4
z?$n(bA9DXj+8CbUj|;uDk=cLuNr<>^S!2z~jLN;82X0gG<A?${hB8@5|M=B&TPSmr
zcwh4G;XAA6E$M$zHaB(k#{t9}5w45zDK|;$pO=WPwIrltWV(JQjURQr`&87|^4n8E
zY0`AHBz)W&QG5sC<zL176252goj8j!`g1j1{94q16+zz(i|9v7T{G1)3O?bEL-;Of
z8SxwqHsr2M`J%*iEu-SZboeakhpn+RR-f_*kzSX2Zd=1jD@wW9r0Y5u@%^uf6*y1g
z-(<$6f%K%Mrm}0?y@(IyPD_4F;-v|<prW>4Rh*pk!q$m;)Nzu$4W#MHOL}+Gl2}~r
zHzl0k-ap>Yr2Ni3(F*vV`szR85WdeHiAvj8x_%$>4bSwlPCVmT{fZ*unn~ckTC!^r
z;YoC4Eak59%pe9)Oz;1_Bwn#fA_`w8{vUTe3ZJ*UE0+15iso=HB0W24*Qi5R3YOwW
z>Y7G)9`Z{huM%bc#6#Rgxg)M~gkzECOF>0bsUQ{iaLav8_&u3R@DLT{q)a)&@vtWM
zzl4ih*_POhvbxGrwjdREB))}kckacMJ^59`4=wzKdbr&C|0M<UbMGM~IS*uGBrz!X
zjIgeD4*eH^{MRkguXE?K%5IY0gbE`QPsOu8lb3;#8%aBb)2aLazuuDet=b<*U?TTp
ztIYq~6G~^MlBHB|oAgQcbo7Wa7Qa9lU9TwjfjT;IAErz$()26KmE0S+JCYu8RkcC%
zBO!s#e+%w)RMeV;&xA*CXX0K;T0$PILFEI9$Ky`I=x&mhoxE=-e<Y$-97}!;8eeW{
zCn=+=J$G{Jz+TF1_our5NRyNVU3qzM9uEZKL`#c5V`;}kzG0*`=YB{PvGD`l@p1p>
z9`yg`3=1EmOh@waao-~?k=3N^O4OW>{I2Q>cT(zVM4GN>=0fG!bpluDCxmeX22!DZ
zbD4pH(Qt=7FoFjL+e3vZGlpANe@lBuxlYyz{=nY*iAJN6mWKRN_yvcP{vG#wtMhl#
zif~_|uEzR?sA~fW@vH#9L-cA8KWG&<vqoo`Du0VIt0{8_&*LI)U8z~XK%QG-@yB%N
z51tF-9z}j)tWMhZl*y|0tbMOL;i}xfa_h=$jd$V!{YJDtg}+rA_W;sbS-#57Rz+MZ
zN!x7U*mPtr4dtRERVhCkgZ!oVB(ly$Cf~Qp5-(#n9v(m?eaPsHJxF`P!x7g|!Wnq@
z9$vy8-2JV=4m_jl5_aS+&GWi;a(~ZVm$GZPvypd}JA|9TyYUa8lG;2liUJYWUltA~
z?=1HdG9J+IEFRPq#hgmHEZm29{ub#6l*zTpIxv}M@3<sy8fi6nZX9<g&lJ};1YNn9
zt^n>uWJJNwJd}&V+pUp}l=+hfZqb1i<PGIMMOeS{?aF<UaK!b+p4n{)6?jh9Zql<;
zXCa>b-=+2|TY*=E|EACaDr?I9hI>1O2UzI@gv*jPR6Xb3LHZTS|3kRFH9809bN@o#
z49eHES?EIAEaJadyadlop)TJ60`)Ah8=m0KO4<?%|7n#zB7D_4@rk_Sq)#QSI(KK%
z&r?xa?l#=IR#4_6WqM=8Ro?Oxk4t)Uo(<Jc2>OSEC`9hj@EbC6@?a+7#fjhGp{m3W
zbL(12dQ!@4!8j~aR+sGmAG$k8nZ-P#OFws4CjK+=jfBT@e|?pvj`Y+$QokY4m52h%
zD16i!s$e$5U&-5G6|c2X+@=Cu@#sWC@^2F!WqIG@M1L+Xah@MS_zd?^%m0q>A<{>x
z4z<6OKrDPqflc^}^)`g`ZKVCly_ydEPWoW(6_hD!9VF;&B(Ec8B5kg9>}TS=iASS@
z`w8c?Itl*onoY=;nukB~(0qK)1If4-6A!UszgdO#$qyqfJr!-HL+QBl62H#<7tiRb
zK;Bl&%rl9&OZrp!X@m4e#7}WAv9xN`$K~e#E)^W6!g^Mba<&m(L0Sdw7d%*wwBtOK
zk??n<=^Dgcj&Nu0>fDLR`}+FHM%{<Rw&W+{K458cNgJm1k3~brsQA-YjlUo~hXO%N
z-)Sn1%R}KjT#I`i;Wd;mM*3fb(-2;0twttXlC)ji6S(^kA8GaGA|8Xdu0Jsfbw&2k
zKsO3ppt2Gq==zVik9aqWpCc^}4`d*Imr8UU)qn78QJ79%cb*xH6Yw(S#`65%<c;8d
zZuPw3*<iv~xYH3XOrEa*51rxujmR)E3UGI#k{eW@D-n(SLAWGk^7GJcOIO}8%IT`e
zGaa~-5`N8{i}a0Ft{d?o7G6vGMe5O&#NpPzF_EiOkQ;xr0?JQBS}kj2ixRlnlYh<1
zjKVPP(>5!$$uCNLoW;vv0iI7!`ak%Y`U;WXoDLNrEj$wKr?&<^llY0mycCMKqLSC0
zN~(}|g0KcMP5)t60A>Fm+<?5DluJThN@nae;gO^#B!4yGm89>d%yJsfO}?)BYR8SA
zcK{hfiI=BP3c_=^uUkj568@KPHtxrSzokrR%I+opAC>FcOIj8e^rlcIgnK3V8Sn&U
zwxh08W)3<LgJ*o)-a!2aS8^U`Lr-fEPL1DlcO|bC74*c{JY3dal4YW-u8NfTK;AII
z>j=NGx(X5w<GFQK?m6*V#GCt{;_Dvq(;EMN0xfyy9hE<$a4UPj%6TWqk8V@elrnwE
zZ@|5c%I0#vr{HtaFH-I(cXh%c<bOw<vxvvw*#(6AP<9!&zLSsUPDENx{r~i=r2<Vu
zK^`hYhOTnvXdcj2lYCuqNiS@94Tv`;{4385C4WAR9k#sjglqEb5#lSj3y~kHGCZ?~
zJYAQGFOFFMwj>rNLDvWFUR0Wc2iH(Z3(~t1e@~e`_`n(&hjmDchPg2rW#92^65=BW
z*WtP2#M=@c#l4>J6UyyEqW;Tw5>irdv?ct63n+Aj61%7<6Vq3f@I2B>QmzAO$BDnP
z8nRPXR}|96bHCx%H56k+<e5tUfdS~6$~}b%_lA9y>CfRm_K}vG#-<YvrlMm!l$MU9
zBYu|qZ_*xe=b%hh|Bo?kNsYLoeO2Qt3*WS6Ri+kCMkT(N@NT?`H7WNawH>u#soWy+
z7E)GMIO)^K*A)p9xS;<(d+2{|Di7UzZH@g(f$`i`cxb&<u!eYDikByiqFxQs50KV|
zJ0lHcBrP|2Q;0vJo=AjmkQRiaiEp7yd8;cXWpw>vaUCP?XA0`NL&3geG$Ndpmhxa8
z;`h1ha4(?TOzUVV@@7+6JnUy_{jBn3ID@prJhL7D!tY6|Oj%uvxLa`-A^n^_uDa0h
zzf|6ya1)i_dTE`ShJSO%($Kj|@lZl4Ys53Ju|K!2+PDUv`(rE>b?qSSGB#8>OOId`
z^-LizXf74iC-op!$Cvmk8GC4SIS<ZAFgoSd3?m0ji`TW)H|^R6^={XvN8jFU+V$Bn
zCrQBZDp7lS-CFhRv!hvfz_)Q?<;{~bZ{DE1dBgG-+HtE}z~<%g`t<1Cr(IB+9=&_F
c)AKtfB?z2aKPHd#Y^4W#?nu=kutMDb1BJKNtpET3

delta 34120
zcmY-21$Y(L-nQ{caCavVG$B}UC%6`u;_gt~DQqYdDelFK6)EneSaGMgyK75v|L$k6
zKj-Z?*ERhupQW=mA)K@Oag3XfV)(8lj6Buj${E%3Qsb0do);0_^J2GDs^>)?#vSN+
zF)&Sl=OrBOdDBSGHNx}Sl70|dlOFz)=f%Nkqdl)S`HRMQURivH4M>j|>v^S!&m8A@
zJ@6`i=XpM_#(2+bPr^=AMwSVlHwoupH4LBVdG&BGw#JKC0wXB&Q0X`bJ52VxJope9
zgBLW#b+j7xBz_MyriKi+4(`OY@qM0`gyG~T;lQtq8b4!RjJ3q`Qeg>9f{idHcE<!b
z5Yymz48c{H3D03X{D|sE?4_Pp9E&59><vUF*c*m1dA>JR0sI+b;6jXsE3qPO#1i-g
z3t@?6o)?DwaTG4bJ(zPjW$*?5A%F9{3b=X&oyWHr1?#NzytLR5eHzIC0&*-S!g&^7
zj~R*YL(Rk^Oo~xgIfF1c@w^tVg6W92LbWs8oQayjRTkfi>cE9ntiK-omIN7dwX2vK
z6%WTyEQOldj+g-_qGn(thTsj$kG{t9X0h3FV0O|EuXUUHEouNs*0C=z7pA~!>zIFK
zv?oEk|3}P>3(P}S@E_DjW3KnSl$ZfE6U9;Kb<EC~nD_`xhO<%SHke0H<!_<NeehXE
z{0**P2&#w0F)KDgb!;RC<6_I-kLvgx%l9_A5eK1WtTL*8Pi&08;KxX8ZdAuU{O)GX
zmuRco6h$x&86`0~RzvO9dS+A9rfh?WurtQTA5bHjj9Ri4sB$|nF78LQd)D%ATl^Kq
z()o|{hui(}Fd+p~q8iF>@d#9hYNC4H5Oqv@pc)>G@o*fb$GNDE{fRO0l;vMV?f$2z
z0ldICJl~79%~eQ(YA7>m59CK?%xjE#U~|;ec1Eq~bX12{VNu+V-(aNeZYipxIx+}@
za6GD=mF8BA!}GlZ1cLD_>cOv3Qy8?vEkPzsMLZjpzzV2_Mj=z^O*0puW@MGcx0we~
zGkV7I@1bV&CHgdiPXv-+lAWHH8?&O$aT837gRubqf?4na4#2=&uKXa>l&(cB;XaIk
z7f|iqLhXgOX0$)u(j@(p`PY=DBS9mngj%Dzs7=+#(tDw%atLZ>CZQUfi5l@T)cavG
zs@zr7z@DMr7g2Y+4uxT3;(1Z^C++sRp3Emfn`H&61Dnn5sHxgx`A1Pxe;&10?w~sG
z5(6=CkE<UA)sa{j2~%4<7&XvbsQSfx1oYr4W<AscTcRG+3ANe!p^oDO%b$)~(_c{a
z*ID{@)RgZ>mA`^1@iuA?eMUVv<zA;RjDQLh#xz(5wT3-0J&r)F?Q+zV?y&rGs8{Gi
zj2gfw_qkmjbHDqX4@GsLBWfVsQ8VJhf;hp&ecmAgdf+8g2cDvO82f<dMaI;qB}s>B
zC<HTNUhIbTu{a*VQW*0f-wm(|md3HD<9QO*;kbu*X<;a)*ZKdAfF5w%JcD}hCCq@=
zQJW>wVK);AQ6tHWN-u!Xu^g&{)zH6rF&gn+s3ja|`BP9GnUBeNzV`<K6+DA#@CwGn
z$CmyY6BGZ8YB<pm*I+i(5|zff*ao%6+fkeHqUGPmti)p;b$cd1<|SSMeT4`NBv1@D
zqo(o|YDV%Na~&&;QHhsA?S+b{jyA^F*a@}i`k^{L-tuQ!e3`{Jn0rur>C`diUkyAW
zL3`j0Y6LNl+Z1D3;ssFo-=a2a2h0BvH3QR74gQX?@FZ$RuVP%hi*fKJYHtOea05zs
zg87d`LJAVJ=0T_qrN`Wu6X#$H+`%sQ{&G{l^Q7z0In>A>qBi9hRQ-&n+yir=IuL<s
zzbdMOwJ;$z^$|!wpgYFHVW<jIFc&UFHGCGe1n*IMA>g!|p`@t#A*crz!h~23)v@}h
zJ<|nMZX{~6&ctx^EhL}^o<Tj}HmZk@P`ms!YE7e^aj(#XsQlEJ4?{5+o1muHhw8{!
z)ZUtj+U;jh9ealANWfWt`#vv`3wRk(1@c+E0&4B+V+`zvnxUbVJ{g0EuSZSoNz|r2
zhZ^A()PwG#2J*(@(a*VdQeteK|1bh7Siqma?naHUF6x0TFh6$3q__+<Q@c<NA3$~R
z0w%><<~vk};-6=av3HW9Hf72SuEXgu0nhhB2x#gGVInM#It2|;GtvjO1V5ohHWl^Y
zxu|-pExsK!^~W&@UPcY<IjVz^F1q|UsCp^Urw4`-P|u2@3YI~Qyeeu0O;8nDVLR-O
zdeCJ{e}Jn0+Tx#4rz-X(W|NV}$JE3dT&6ATgLUxSW#(T~o$U(ihXqj&jCqys@E9L;
zt|QEEu^90#7=$ZP<&U5`eiHSrzl_=w$*;NkL8$ifVQy@N>hSby%)dr5j|5HW3e=Qs
z$K-edbvhoP%Du68<m;|nA~O>zzW{3H%Ane-ZRxGe?xxQiqkuNk4Ag^vL2aUSs1Y4P
zjqo(8#}_Sr6SWuaqssk*TB7%;sgHic#bcw&r9`!#0oAd5sB~XB0>cSZ!>V`=HFcS8
z^7g|p%z_OtF%Cn$a%Z4My3Nv$qB?jJ)!~Qc-#CHzE7U-T-*O!u>-2fk2?UWbAJgMb
zR8McAX5yvAW8HSgG6*$-ET|3?MlDq(Op7hC1P(==p1r7<Igje#UDS*{#mGAUZwTmk
zeY676?zn>SP{%MCrocR?4pl*|bt}}&bi)id3$<5vqRJgN?_!Ps+DCOL>phoW9E<UM
zuMPqAXfmpYb1)beqk6s{JKz~qM<VXKk=HldqmFSuR6Ao)OEul{SD*&C&Ef}89X*de
zZGw9Q3gO?VwafCrO>s`M1cs1a1EXR;)Uh3m`Zykgdhild!)sB;c9+F3SpI!f{pYwI
z-#%dem9XNW``OQWJVZR?k>~xZf*2X^Ja)VKAu9e9^`L)Idm-S7`!q|4YOgfv4Oj^S
zu^Fm-OVrGC$5=Sx3G<(cz+@7p;P2QPt3Guzu>rL?x1t)pfO_C{)TaB#;xV4NB}s|7
zNe{yU*cdgVQ!yIOLJeRcssl@X1T=*kFq}<t0>={f{&8zR4tEosjXD)gpSy;-p+?vb
zHTB~$3(i38kv-;B^9^PrJpt1i8;hI1$^^8_>sdli)Mgoi`Ed-+#XYE=w|L=fiz?R%
zqhlY`nh!>G=x5YaFF?(}W>mTD7zg)bdiI}p#xmZZdgi@!YZV7oFtr(mI`0K7UIF70
zuZxMXHEN0aqaHW}E8_@DKaHC5OO}5Rqv`xVv4oda;JrVC#$LIR#>G%7Cc?~E6w_i$
z4920TC0u0rJ5e)r57oiPsE)r!4KU_wH*?7_iq3y}0-BmoOoF*kBPoxX(yFKjwn1&i
z;i%2D2-WZk)C0Gnrv6V<J4Y=2ChEcWuoJ#OwcqRw^PiAFTLOu(KWfUyqaH8^)v?8>
zhF78X$`(sMgKGFHYHA;uuTgs=@U3ev4k|wt>OB&I>TtEU%)biOCLtL%MfJRo#mAb9
zQER##3*#Q#j-OE@+4jzLa1UxA$583FPy>00>F_z~!HM3xjwOH3{A&c6Nl*{-pw4#$
z24i*940JR5qo#bQIT<x$3o!w%#W381$?+NLn@_Y4ZV5ADO5$Zu&ui)<Fo-}$%#M#x
z9ZLSu^)wS|<YAZ;!%-b9k9u%D)Y7y;)$59Cc%bEvLY1G68*nLV1{!~I9rd*!kcNb@
zsDdj{Q??zm;yzS`=a&8&^-BGWnwfylZpvetX;HgAFKS6kV?At$nz;>F3-`KwpO^fL
z`+-0>Y9#G3HTJ+%I01uj1!`o6F(aNs&BzCfC-egROHcrFl3o!LVLw!d#-au`8#Qx_
zFsaV}Is$6=5UK-bQB!#xRq%=V9yJru0|LCE7zcS(coT6n4i60Q*!W&TzU=e1^<qX2
z@NedisJ)Reifb<;Y6f#-RG#nUBTyZSVpSY#UO{y%D?eY+hzppFP{(KpX2N9_KY`)I
z-=I1k8ZE%TMET7K)Qna@b*L5kG}7LdFch`frlO{7mZdMp6vVfocJ(<_xxX<lzQRZt
z7CpefhjO6e5vX=bquw($QG2E}YA<w-9^msA7({|PGS)I?VjAMhQ4JhIo#zXvo?l13
zH=bMkBdWo;G2D!$!L-D~Q0Kl9@?qn3Le0#0)G?eB!{;8fg#>+vJCAz62h4$SVg~qM
znMJVx@nxvpdlScFzE}ZXCESP2Fn(;;PB$z_d@3%$<Jb_p@mFMp@E8`wXuh}s{uf3W
z)bZ<r8tGuvRE<E5bb`fap?~+{Fw)nd_DF$vu3Tx<8?-8Fx3@yI)5+q!P^W1iYKDEY
zEMqHnB4IbS!JP2}yq|Cy>X@ZV;2vBM)o?k~gR7z*&;T`aEiJznYCr=q7{{Rowi@+{
z-Xz(7-Vp*Scq5@}_&MqrzC*2jq(p9H2~iIYLT$cGs6CSv)nGx?@vMTXUlTP`jZhuy
zfZBxLquL#hiFE$w5>N-$S;ijJgHE9~&n46YKH^eLK({rLt*Dv#6Ses+m=91(_7+t?
zQWEz<%7p589aQ@bF}luwO9Fa8Csap<pdK&@HN`VfJzk6&@dnfb|3vNLlc@4fFblr0
z{Gg<+e0Efa3Zu?{SyacHqfeWqF9AJZ9O|6ULG^GmYHfF-I(E>!h${aGwTa%LrZ{=B
z0RKBb43%CAmEIgR@*WoNhkC`2PR9Ay1D2AYUAY!D;uBWzGHMN<njcWdG)8i_mf2Aq
zDS;Y!HPqVoL$x;))sgwAc6XsZ6ON*0;zn}Le+~j4N$_u`6wZRE9+yQmSlO(D8c|c!
zX6lBTnPI3UnTqQ0VyuAcE&dU;Ib)`D9gByGXZKkkH)<pWPz{wst!Z6LZ;X0SCvzZb
ziN>L3a2jeL^H6WT<EV~5L$&i3HS#ZJqEs&K3n8F}i=d|V8`S3LifUj4YV%A)&CqOf
z8L9)DFca=T&CDIke~p^*NU7bPiic_^3#x;8k)`o@wF#(aJun1EphmRX;#)8h@f)ZP
z+(FIIbBhNAxnmX=)sb+_hjmc{8G~wnA*$WYs2|7e!YDfbd-=5n_3SWeP0yk}EFNGx
zjFmRPD}p^S9M_mPF&FWK!LCDPP`kP|YJ}aeEKWpi!t<zO{u=dOh?S04HP8356VOza
zHY=m{LM@B8K#jbE#rs&?hh<0~gIeR0s1aU3b>t?h-OpG7qo#K=QVp9CZ-YKnJU}3v
zuO!E@4O8<aqw7GM%<l8P7iw>eLmiuSm=%v>PJEB*U|5Ko!2+leS3;el_NW1MLA|gB
zS^A6+&c6!GBSD*OF{(qWExySL?y~g#s1Y5r_*qoLS1kQ8>I=#XGj^z(iA<P{^irr}
z*9EoYJwtr~-b?~M612%uW^rqo2Gwv5RE1)wo|i)H>c*G_+hcB=jM;HNM&L`-X~-Mq
z_DDGlBi<J)<3iNu|KC0W`3Ypp8sPt3kCv#ZUWwX-Cov<ww0Mea0bU8>MNzNrff$UF
zQJZc9YIB{j_-oXuNSfU(Nm10Bu_3Cwub(B%z!oHIM(xs+IRd<&F(>Mq&q2(KUQRdi
zd}dRuL-Hup=DUu1-~$|jarvo+K2s*3W@<U=m|w*<I{#5}xlPmwRbVy_#uGRktLJt-
zK98D_SEwmWp2y8pD;!CDB+kJEdEE@GMosZa)ZU7l&%K(Hqn0!?rqcP(N<f>TJZc0r
zQJb<MlI=A|EzwQXu}YrbjW{3vM0_;r0Z9wEB@9Nj(*d;ydSLQEezyem{+L_HwSNNR
z>H%j7s7H6qho}agp*Gta)aHy-*zNvksQh@SwN8$jnZl@nG)A4GcBnssbwM4^5vWZ)
z1+~Nr(f|3sg@7s?w*qHTBfW!KyMQ9DLMqg&H{2|NdLL9r|A!N*!vj$xAB8GE%kqCi
zosw;+H|?V$od1CYK9Qgv4k+q&^+?n^doHS>b*OW_7xnRa6;=K*>K*?U^&*N_%zf>S
zK+Qy7R0oDyd@`z|b5R{wU5xV|N?<n$I!=$V3kDQ-Q``-;7y6^7axkjm&zAlhs-tVo
zeW(szM0M~!s@<2UDUTW9+D(gkpM?4dXo^dtrmistV|$DLWKJ^|pc-C<+B1Jxd>3j@
z97A>B9O_MZ2Q`2v7XKGDqwg*5i(SH1OpH2yLAW2QqmEOuk^$ao+=#zo>rw&!UnYxP
z+I`_@kDB72QB%GY)sgk67tA))$giMYY|l~eha_bJyec~XMF?n3MxlB-6OZ99s7=|q
ztUF%4FoL)b^}wB|2b@4X@Nd+}-lBi1%ehmN7Pad$pk^jFsv{+^st$N70vSnIk80=w
z4#k_O&;8cr-OS84&!9#St%7@}XGg{BVJ;km*>Mf(GvXR%!{`-VdOlQoOU%aey|D!J
zirs1j{zd)aF}RYeP#<#=A7O6Byu|Ng7^bf5K90+yUd27IG#<hV80Q=JYOjlW_y3OS
z;Cb|^fhbknDG0}4;`LGQ{{E;25>*ZG=3ygL&p)CX$Xw0sf!e6_p;!o4q6TyywWrcn
z5Af<^P1Mq?z^wRZb<Tfb0#8ZEjG;B0)lgH}8$)p^>J4|&(qE#EPv)BLm0A)t#obZI
zZ60c*8?h{&ws?wKuKfb2z1F0b&%Ib$k)TaD5cSPvoVgOii62Fc;1g<(d|TUX!e$tW
zcvrKh*%$MW{yl25u0eHdm&MPaHsw8^1zur85+c`e=e8N@72FOrr9UE{A>K~Zdtx`L
zBgf72s0ZCZy^{YyO?B+L?gf<&_2SBh1F!;iMc-Zms*vwnw`Mg^$7&R6ik6|KdbOn=
zM!i@bVG8^gwf3>=xnq?d^{Q@ws@DUxbmLI%uC?@&$R_uBPYCE!EK_|~pgiiG-WK(s
zL8v#~aEyVYQA;uv)q(w}ayL+?<N<0Xk~eVYJrp%l`B6&}fhykv{onrwSi%t0rWu7f
za0#j-=Pdsz>ec%SHDiGd-JVH<da>k0%~&y1z0#=9h6bn?Q)jG+gRwK7M*q+MN;Ps7
zE254|HEf1IppMCHtcCF!yK*g2GuGZ5js1zQL><e}CT^|kVkVVCeRz#Wou(yN9{)n0
zMx4B<O%ZD9B2ZtQs#*FN3?@DmHPTI}nb?bZz)94I-=JPxahti_ULN&+X^c80BT<`r
z3~DnkYsUH4JAMTTn$q<cfhSNE;x%^_5~21$IBK)yL!FAIs8{z4%in=&cn@l?>_;uZ
zU#Rx(SpEalW_;Y-=hh}x3%4nPPz_{4bu84<b6R=<Y)E=x)TWwd`SVa6T!O=K1!|;u
zS_b%Mt~%<0-SAtSh<eXF^byeUh~CP*yR%|2@gb-gS%6ym9jFH;Z0$Z~Q=yh3Gio>I
zMQy&Ks3j?dA=nOeN+zI|Y&q&Zuo<;9zQY7G(pTn3D-fxTdtg%31Ja^iJRztD=RtL_
zB$mR)*cgAos`wd;VU@P7{%BPF$*2y@LpHI`TSq`sa|ShnmlzY@qdFF)om;!us259o
z)C03vyc6odKVn_Hjau`<?cFA<iaO4%P@8iy>a*o2M(FeZGXd@1;vHPYI;iv79yOH%
zP@8E!YV-Yu`gA*s+JtdBx{jAeO=%U>9_nl915hI$g4z>fF&LL)G@kDrA)p7IMy>H(
z)QmhsRfyZkRmh53if>TIwl->}x})k1M2&Q~rEf%S%3Y{-_Tdt|g;N6feWLF;|H<fT
z+Ad5D2?e^5L4mH_`4&uilpX;d`_t>yE5Lh3`o-P>{(swXu#fv#4eA@<O(VZ0YDwPr
z3-JF+X0iSOUPt1qu`Q+=5a9o(9Yb+4@i(YFGWvVYe?0=1zIR_L^9&5|$`PM{k!kom
zb|-#iko%cVHI8c$;y<D~`X>&=x`W+=&tN0s<%R_CZ#(!C4wfcfXOi1HGcXVFb(jwC
zO`-vPE=Qm2rZNp`DYBrJpa^QSG(_!%v8c_p9<}xdP$LguKDBwvpq8Q%YR}X%8(Vr?
z)G_Re4RD~3Km>scSQwK}b)NyXa4PZPcokDK&qwh+w#Nh0-N<tN?54OEYOSwg2;M?%
z>X<X!`A>)XI4)w=MSWKIx)BH_Fb~t?F4V|xTY99K?iHI6vyxsB)le_gCY*qJldUq3
zp-#aQ)QczCEVub`p~_b^J0Y9Z=lw)L6@EAGxC}4eZ1<h6I4Zv*{=%M^hFZe{b6rO}
znxiq8^xse&I%@I97LPs89p9{&nfy8!r1Ss1KfoV6P!+eJj>~zAzcdr^bd5YWD!&S9
zgdHqC3^l^}s5j$Ii(fY1p=LPQd^fPd7|ip%wglAhNYoTBM2+|as;BQ!FPwA>+~;?F
z%uoCW9EHE*k1T%ag>C?cmbh{cP%oYYOWj@wLT%2xsP{-Q^eIr*5~`qfcOBF_x;^Tc
ze2<(aZ!X5f)fgAInuk#3FPM)}r|2{4`$YU@Zl;3G!l+ky?PZ*Q75I*Xj5rYWparM~
z*Q1W-e$<Ryv3RuQuA@Py^0`p$l(O`is1CHT{J!QW3@3di>bM?R?sElClAs6NMy+k!
z-`tX9#p=Y%VKbbLI`?l;9n8JL9k;TmbNwA^M*EvTp!Ud5sHI$l`t&@4T8fK4%eaO5
z^op_46=;T<>dqGLhnn&c<}}pWE=DccTGaRbeW;FHLVf4EkD9?RsPmp=mD`-9QJdA*
zlt3tffv9u;D~`wgm=o)+b_Iu{Ht8bNn{6j*rVgPxcF%le`H|PS`f*VmDvp}+%BWLN
z0~vtN>q$UsHP{MFviQ%a5iCc&dUvCy`~m8ien2f*%C&9}l*Jyz>stIUs{Cct3_L@1
zAo4o*y&@*Y(D_e5Kx>u?RWJi;Qx!5RVIc8_s0Ny#Hd`yym&%@~@_kWDGRpF&qLy&6
zxdyf7f1qY$FQ(P`KS@9xcy7K!t!2P^H`PhaVAPC+p&BZMTEohyrE8Cx$x)~d&O#mE
z-^^pEWA`_zT=Wf`e{G(W1eA~i_23eywXK7xc;$A-Y{bWH4Dd?eAE-U>5w-SFH@SLA
zuq^Q~RC`@f5Bvdjyl0_ico#;+bDKE-8u?WcRN*dW!8bS!(`|NNIJRJA;&HaPAF<ZQ
zTErKk(%+!=MCsoH{J%Zd0y7Z*2eo90x4H+WG}ECredt!szeZ4l1of;LYAt)CIy3?`
z)iY3Qy8!i|RhE7X^{zjMTI+vNBmRUsElK}y^>d-xFN`Wz9W{dueFU@wtx;>)57ppw
z48ir-9WPtF>NdBld!t?`qcAJ3L4Dp|LA{_}U}4O@-MzrtVFdBtQ4fBHnt5NO9qx-m
zEYz-yZw8@89EKWEepJt^p=PXs#oMFm^+a`G2x^9YMwQ!)+Ee>cd*HIgy`BEJkAHM#
zQ-i8l9aW(V>P0ck@|U0<v>mm14x^UpBx<Q{S^OpH!BKX(<Cz%waP*R+$^~Hw%!&JS
z{<{*0#{tj(r+Z+zJ+4FT(f^7>ZOS>Q2OdDZST3NB*<;iLKA<}2?R6c9gNmm{t$h|$
z2O=;J*1&L`{~rlxEjFP>z6154aT;~rpQ3+6`&>hb%`glmzl6n`qssL`t@Uu!((Okr
z<#qEh>N#)F|NB3&_q(-Cf$C{Std50IOEMbO^W~@xZNvO{2DRp~4!BL6-pr4hsY(`a
zi2fx-&D<~y!|4Y&|JseaNzen1qBhAj)Y?Zn=+19u)S72Q%~T##M~a}9pcd)@EzQ2D
z4vaPDqBiep)Bv}lPTgMzeeMqwcSz7kf)BX|6+n%=II3b})Ks=JhoCw%69aie&PTl`
z79Do3M0H>jYQzUnOL_@4u$QPeY%<>wS1>PX?aHEhRvR@V?NB4@Z;r=c;)_r-un+Zx
z;wtKak5T16qDGqFsOwM&Y9QgL_KTq2jJ|3FG=+6=GPXuF^bWN&F^@SDqZ&?w+U<F;
z2_r9v;l!sOcRyG>h;50NIpH3>0<RL^h?=p<f4M)n%*1T^{J%y(n<3W80RO-D&yU(%
z!%;olj;go^^=3Pa>OkaE?s&$)yu?GWBsN0rk-4bj_bY0E>rpeh2ep)EF|N-4GXk2z
zPyPfta@rM4X=X#^7e`IqH>jm*X6aqbf#zs)25QQepgOP)^=jXZ`rdF2{lEWvi-6AO
z1Jp=gqNe_X8Rd-YKs;2%AXEp^nc=9-8-W^GUDN}+;4<`~K0~scbu%{`^?sO-K79<{
zB%n2qdCq-orb0a+0=4E<Q5|cET9OW^2Xw_bIM~wDoOe^75p^1}VJ6IndQL;s5)4Ci
zc-nc+e=vcSmT?@lYj2<){2FykVqI_zg`(EDD(YBGKsC4!wdNa9Gq)YJM-Ev2QOmz(
z-a{?LvkRPmoy(XP-RE^i)J#O6K31!v&g=K65zj-FUyV9`hp;@S;3lRep5?MjuZZes
zb5w^GqB^(|RevL@<0pIsdK0*b8fm>N?m@j!9r+Qp6w^>sx)`+ySD`wz+wxDL8oX(~
zKs_+ZRrm9RIH)BoftuO!sP=u0tiX3x;1|@fS%UiX+kkrTDb#~6qt@<kRL7!Tb0bWG
zdO%v-i<wa!c#I?P1wO(7*Eto;SeqOEz2x({-E<ZEpw?^<s^Oui9!|m>xDfS#Q>Z<1
z5&6{i{zlEjzo<10yyfbr!EoZ)Q7^V8*iq$B18Q<xFCfl;TLMa$f@)|EYAIG){IGcm
z%aHyE>tfD3uKaM+@tua6xdrBGOh<ehmSn`&a24_3d+s=&!23MkyGlT7x9`5oIFB0P
zUDONY1Lnl24_wFcqc&SDi}%1R#3!I$R9jK?4x(n{G-?z6jq2z-EP+uTa{jjyC`Uju
z5c!c?f;gzPPKatSGwR!HUQ|QXP@AZ}#XF;xrY~v+eV8A|qdKzR(odp)lcJXR#UswY
z5&|E)^PJcWK@}*B+H4h3o2eP<LG7>-cCqxWsHxv=@e}5G)C=o6YCv~U?Y^`0=ubHR
zn%cNe+#ipNV@BegFdI(9VBCTE@H%QlNuIin1)Bv>=ejEDz0eNT(ZQ&h9fA5jF#*+~
z)u{G2`Ur#(xMjw9=9Zu!YG#UAyc%llYNKYP8S1m359&=g0Ndj@)C1q5_E5mzZt0St
zMxGlrlO;`GMFN_-8mL|01ofZ+sI?qn`O_`F2sM=(P{;G2c@Z^3k5D5F{>SzXYUFuQ
z?bpI!?CR2e-b4cG@f!RFf5#md^||ZmK2(Q}p&on@HMLL8m#E$U0rmdK^sn3XVW@V?
zS-cu*raGcJG{~RN`J3Yp@I?XjfYqp}+k={ci>QhZQM>vhYOV9UaBs*e7)-n)YJ_7@
zGr9~1;3m|kVD6W${d%ZV)Cv7R|L;vepWA~_Q#u{hz*1C4HlmK<5lg>_DtFKF-{1-2
zabCF@xQf~%w@@Em?@;wqzjiYjhT3!a(f{xNniEig4yadZUyBdGP~xLd9bAX%&=HH@
z#5Tm=quvM2-?%?F^hV9Z0sI#4pq8TOTQ?JBQ7^ELZ#n;ZLyaauQ@sS!;bzne=OU^D
zFHsK;dguP=ln1pWZBh05qjvRAsF|CDI)?Ksz8STL_L_fL`jvN_e>L!s1Z|#o_zQl<
z-~bwUAK)z~zUu=WBi`{N55TdX+>Ffp?3Q9ZYEAc|X7D&_lb*yncmZo;jxWxksJ(W<
zM<6SKCzu(NQ#}Vpphn&q^Wt<%KZ;ta52y#m2yiAs?dl-Z%oIhP_iCu6Yl1qKeJp<<
zsvX}1D=-(eCYw=HcpfX@9n^~^dtjh{*XKgTE2AD%4YgD)P-{F8_2L?C`9GsJ>u;96
z4YkC_kv-${{vn{LiV`W%zZ9`iYn9sKp{U(l5cPm+m=o(^2#&P)8dSL(sDZpey~>kC
z4)k;iilXwHqU!g?@AdirD}nqZWQY>z|6Ff?y@{{I1{fMO(Elfzp{N(lV=RVAq6PZ@
zXSQmg%EjY<CM_3sz*0CH^`Psh8HpFeEkQceKteDU&-cPDp{Q9FN0D9?wT2f^A3FC@
zr{G`I+DDJ+(i5T@3_^Wn%Z%C!Wl*Q0C62?6I2hmKSR4>5(DP|?#E9)SNqSU;BB&)O
zje1Zu)Pw7z9@GW3rhQRwwo#V88uez}f`d6Fr%?53#dY=CqXyC)wfP3d4fOffWHbqS
z&;l#40yXl@sLiz>wR>-(8oZA>KA$X}fS=#!yoaFjBTyZwgKDP>YEutF4Qw>#!0GXP
zuHb$WHj!`xwHc?!cbjD{YV9_f2T&coh{1Rpb7SNLu7d?oGgu5Y(z2)lR5v?X{%}+~
z<9r14>iik?B3g;+@pjZMK8kAa39830Q60*V(3Q)Fn#wX5j5Sg9dZ1=tGU}MFM4f_N
zs2R9z`u--MDf?h1NaW%nsI@JIdSFY`x$T9)I33mTEvP+l4E4ZssB-_HI-W4GJ2fd$
zGg1b1467ka;`7=N&<J{91{{K#iN&Y~Y{Wcx7}els%!^Tzxbt5GwYDu$BkhVh1w&Ew
z=3Dw%)W{#8+Ii`h^Y_sbA}4jbIyUOTL8wiZ+tSOS9`G&dymvq?)jrhbJcIf$yM+2I
zd2Q(*P%|9BU$x6*sPfs-|NFmr2xy8+nYB?pY-4uDqQrY+R$Px7$#v8wdW?GTE7Te%
z;J1x6#d%Q!sf?=M%+lwe>TN)uMzDi`ru>+B)e1aCeJH&_HIycWo1r|YDKCRs^BSmj
zI-=ITKjz2TsQ1fh%#Ke`1524Q(Er!+=~Ht4{UaqoFO<%xp8G654Yli+pc*`fI&N`N
z1^T~Wlt3*>W7H<>iU|VvDLQI|qf<MlqB=4Uv*8vTjCWIW{xvmif&%@&Sg;Voh+juN
zC}tYhp<<|+sEr!o0IY&@P#t`X`o@zot$RQLRL5GO-Y0!fyMGXBsYhA*ET3g8K=pW~
z#W!Om;=3&#C)iDSa?~lwgc@;0tdBKOGq(a;;U3f`3r)w&2J*!Nhchz~8QiAcpV7T1
ze3uAlr0-E9%bqFF|HGkbSeE#B)Y_j#orXskil0#<3(4$8ngdn8B<jH}&Gx8)bwMq4
zKZ_4>`95#73wRSzBbsjUUr?LsS4-cBddKfTy;9Girv5n=!r%~h>>8jt+7y>!57ZZy
z)S+%5!Klri5B<OYSC)W|Pi54Ls4Z%@_Chth5H;efSPi3QaSy1A`X0~$wP%)M1w4(a
zmpaUS52%Y;${DD3?wE11@@CZMe|`cX*bEEfNYv)pgW7cG%ulFt8M8UR!HmRvnlsED
zn2Ge;W{m8C{$DuEiE4K)p2xN5D@|Zj4);yv80rP{$;^^7(EmS~S_h+({yS=Bc4IgE
z2lc9L5$;~egE1HJjaV1&qfS@xT!CH*9DtK?8_vb*xjFyp>EF5CNRs3U^#6#ZFlHg$
zhx2h6&c@1l-L8Frn(FBJ+~%r*TJwge&DRCB8GE7DdOGTjxdgRo*W)bQn$PFnM0NAK
z4~v=DoQ&hR7Q+j;2i(F&#GjxVs#wsS<2u-Y<JA^*igp)v4|s*z^&e561yPGQW1(g;
zK5BEP@Db4N3`MO?Hq;9u0=2d^P@ASVs=_=}1FKNq@iwDQ#W~a)^ciYNzMxJ?P*K;R
zf~fitsLzP1=%3+k1oUd0Wd$~%8rp-J!ZQ|sjT(8hV(vwg2sO1~s86-RsN+~2Ro{nN
zvI(eq*^9f57DDCMKsw~}S`bi=x}ios1@+<bD{617$GmtEi(}jfcTB6G-gpgB1L%(G
z$Y|7Fn2-5zBkCK`W1NJsO1K%Ei&6Fce+dCqT!pH**Pp@HZdAqV<`>k6)0T8gl@m3^
zrBEGcjC#lSMjhKBm=%|zX5b74;|+@klp<Z{KaK*J0yXkXsD^S|yclZADxucCq1g(x
zxxPb{?~Zy^5489s)GK!m7Qn@L7_Z_&Tw0p*znZ`|Wdi-b82AyJ5noi+y$_<4vsWdm
zgJn?<s)1qH2=%}bsQ1Eb49COR4?m!mv{!j|8b;s?;uBHnKUU!U>zGWh;67~Tqeglk
zwY%S<raW0iS0M!Tz(UBW^QxlqYoO{iN1dAPsN*`_;xAD%k)l$d|6k3g!!pEwt>klG
zEFP1fcX|5C?mf^9wdtl{E<A)<%MYlLhJ52jS_g9yAC4-w33Un{Sbnl9Zqrsky&pzk
z3EYbMBJ#mUpa_A`s)7FBPHlzyrZWds;S8!H(W(Xdf8(JjmLxs_8{;W#is9AWW}JWp
ziT{SGcgIXo!+me4irY!=j^)u8UNg|!N}w+m#XPm#?(K?t@k~ce=`O5?cd;xMukB`R
z7`7(98?^+XbzJ#E7(u)V>KM*N9p^Ks0lr6O)aT`@>w4B0^N=wFQ{zU|RG&h<sl0F9
z3nUDKiI&0=*b?>rScF=F0~iJ0q2733P{%WFJ-4SqQ0<n(vO51g33MP~E9!V<s_!;g
z4%8+qjcTwQYO{WWTAI435syN>KW3sHv<CIyL#SPT0o&svR6Di#z|bqY0p`>B?@K@r
zT7^1hYf&B9Zth1lbOM9%ChE->*wCe?Ftg$)(u<)!UJsyNP;DByDIbDb$}OmlTt#0x
z0=Eh18&H(S?!zJ-Y9ygp5KE#qQ-92at1$zfMSUT8huY2Qn%E{oy>Pmtrg}N*eQ^P`
zRFRsx<CwWA=RYzDIY`i(FAtW$5~!XJK~4E=)F%2BHPu%z4*qNTUNg7ZVxnfQ66$ll
z7OH*&%z~{@0~&{VMIUJ9b8GdC1kJ!FR1Z@$cWYY|wU$*-FOWv4sc(h)tQde=n(^2Y
z=i~PnrG+d1gZUF`b56ouxEFQ03j12RFB~mVJ>G|D@hEDlpWp;c*vh_)qV~vD)Fyg}
zdQ(Pg?KWj*tWUf?YRcE6X6hPh=AK|-3~b|`=PO1)o1zSAB<)cJ2cUNOMD%|uqSo>P
zY6haVbuX?Uj6}RXs^g7On|UB=#s;JI(nt))`Ka=zkdFJja|E;pUZKwadn|`J+PN9%
zg)xcGLN)v=YK@nnI<^kg;C{<Lj2Va@Lyi17sv}=eGaRkGGcHEg`A<S1fQ&TwEe4}D
zV_#IoA5j&@;s~6An)=iooP|*%uZK;rFKS87qfXartcJ-ux{kF&&Bz#R!1KMu1T;dg
zlQR}3B$^bpd$XWMoCmdOilRP@TBCOLMAV-61GR()P{;8i>YPXY&KVo^T`?i5y)g9u
z{%;-vYM=<}!R1jsZ-5c_J$AxvSOv3m4)p(H^**S2f11ZoOL7slr=DUkChX!mkO%d~
zEM)OYT{!>hVRaI;sp?{N{0?>gcVKJ0h!rrRtDD-97)*Q#>R25_b@V;zL#%MOK>vHB
z4{9@SL3QjnYKCrM2)^vb`PT?icXv}6iu$u#P1MKo7}VMyMD6|)7=WKF{R^so)E;gx
zBt(@9M=fa+OpNU<J_z;TQK%2OwLStG!Ew}@cs*T1F;ESMp!Pr>RL6>;8t#KSH9w#l
z8iCtz5vqeVxOE-lexNDlD!?(ROQkqEMqG0#=o?2QjU~8bzFb(K7!}kxK5x8|G;)J@
zPi|fLsr;wa(+h{c6!ZU~QhASgNK)?K)kCh1)`1a}FG2W6+TgwB-DdxJxd<Gk@<9rY
zvw|}TXCi!w1}3Wou23q?CO(9+>2M46LI{5%Zw7Z!(yChhEyPn=M+tgAQEn3DXIfff
zEJ2#yKi;=g`h`qBp8dZ@Ul{vX!Ll^U-t%99xRLl67xhAkw;}u!Wuwu?aI4dwv^2yM
zS!YIK2X6if$$zaST$50G>QC^|U|#}r@n6){!QoA`26M0j+fa$`C*E?(ZQ<6n%E~Kz
z(b8gRw{rbT-NQWaM|<c}EM)EVva&Z(?;md-nfrJ^G46acTAF(inPaIigK%uZ1-TE{
z16xohI}eIX`Pba~23(8$uh$=hcM{RtayR#{l+ndsf_X8h_nkW8%KM-1HMIi%Qv7EY
z1;4chTM+(w{Z1gGl?}Ghe9gN?V5W6YX+KlHvenf`?ik8{L*4y^_2opT%Rm0#tigH|
zo=gMniI3%e!5xoAbbfWMqJeTajXTupEF>+JJ@lTXh2u%m3fjYW66ddgz2T_u61r}1
zA0Tb9&qk4rNO2N(6CX(B9)w$3UU6$!@AN+?SDw3*<&osS^p}#l(p&oX)+wc>WDxam
z5P3h5{*d;jQ@%Q3|NQSHu$hE!RGQ14=QXq?2q0lAW$NQ|8mUB?K>W-dpY<$E-7ehw
zDZfFLNn1mnJ~MP}C4DpZc-jafZz1Z6%HKcx1KlZ{ga&k7CH#;(hzgl0$cLkskN8R&
zuEE`ma+7hHEACyv?Zk6XuB<hjj(B1ol#jB*2%n_>ZQ6T*!KB~EUDPY7=f|T`cJ34u
z%s`=C)<|y(?I8a3%0svUX}b8^TJIC#&ZHgVPEVsNi4UZW&)m9xAic8-dXH!`3UOV#
zOn+o@oFAh3Qd46C(Ew{*IcY82$6D)03m2?s{E7vCvCDxb-UfTqVo}0zDO--XuGxee
zxu6%B{FQ_wk;k8=yv^3m_oScJJNWArKmoqNdY!C`qX@sU4rH>1?~;~<;ie=#C*`u>
zM$7Am-&we*IhZm{8B9+evY50;#FJt|8{knrzb~2kwwc5ptPW-1j-cRRE4YCNFXdt5
ziKivpQibf=LAkA@&*z@at?Pnyd?b0pD1V4_ez(Mbeedvw5s#~P@BkA2{m;XnQ(*)Z
zGSf&h3O&YZq@^XCjB=yMTVdr(lU9*iSADEa-YR>z(#jIo)x_L^KhxIN%Xg4U`rftd
zKZ&<!d=hDk$cxT&_qT_2CEkkkRoq2+NLL&|S|n>c9%aKUOqTy@Wu5tArl+m>|JOmE
zH^mwcq2f1$_tD@doJxn<6OKuvq1IS);-#tFfU+kE>rWFUv8d(0{J)01bA<JMPS-!&
zxBVf0TuOQr+8j;$m-rnJFBOp)G}4xP5BGhWiPqM!YBr)i#CLP2q0DdGy7XN<1>ujX
zWA$DUTtRpf_h_qo-SWutUsLJCRYHff{twA)L_$^?x=Va1cPj4vq*o%HU$OCD(Fy-b
z`Z<eF#`whZlK#jZq=JV@>thf6j2B&XuRLX%Q}!t?L|wka6ga_shlD@Ks6e<mmL>By
zoX*X!%z2Gzv>#>aqrOGXCHxy@ClS|GfHHX~JC|?>>4UA4TPc^8w5F76L3j+euI-dr
z63NbgQzC0g<c9{{7z%zN?4w{aYdo0ry2R_!Xmj#zkRFFSIqABV@!*-{jU=rx<*E>`
zMcxzc%iQBhn@XClYLv-no%4SN9VAm%XS{3~k0~7NPvys9R48SYOVC&b%B3bRBm1TZ
zd0($wl=+9eA1RZSJY9FVBS=e3T1=d1<rDIpNGikr<M(LTJ7jDke8f7yS91ULC;!b$
z!%r=~lz1iUOk5h+K)qNr{4Mq3yDDBq@)r;eB!3+FCkg*cndjV<)IRE}NS-ey3B#>%
zm&`{T8M;o8H;ueZ+?T9UO&X8j9!i-x<ew*8RgH3u!#_#C<f8sR$y(5RN8qhR9#AHs
zI<L>*Fe+&lCRiu<p@Mgtw2`E}qaZ&Y@-p%eT~oM|(~<k!(FnIhouE_P{K?oG%3YJX
z`~spkinJQIh%%F?pOWx&!l&^s;%_N?(f>Q}G_;?L?zozaj5tpfP}k2?sEm~NUy;8C
zh~?uU-;=)tdy^iOdaH@2;{JuSsNAPXdxE-#IlT4OMmisXQxq7={q+i_GrETA!K8Pk
zaw)>P-jO%W!Y+jwqRiO;bm~v?&k$coy+qvYDVUk*u4H9K(MEOZ=>L<=7uy~di-@lN
z6iP|qcEo?8@@mU}L*BPmCN1e>xplRnd=Ao+QKung`6V^)I(a{k-q$+175^qJxz$m<
z8ieEc{|=N$UG6<JlAB6{$mmUlM^^YdbAWZ^HswlEu8pM!qkhEkH~HPTZ*q4hEsb?H
z+{#s<&A8m_DBFy@GKBp*ZytQHLP`pv@y2+FhH`NSQZNDWErcU+Zza5z22xTk2_E3?
zNd0%j7f?1SGqHnmx_))|{}&D`l3$Oq$*`6G;k*~Lds~qhLE<|s!kwD558P2{<Qxr*
zp>S*(T}@gG?yuKW(vx%Fq>ipEw6ULXaci8PfOu)CcM)~vChv-c^J5t8`&wJ&B2=1A
zVlEy~)zacoU@`YCDqkRNCgE+|1BoBvK26z}*5GU6y7mz7Ph0(5^nd@IPucn8btI(=
zZN#F?KYITkA)zCY6C~>TlLuY54(O*1iO4Hqqdr7f*ITowl~dYq?#Dc!8+oy;ywdX%
zPQxtJplm_ngO$ithV<6_49I)RgCmHXvXLk=wuKX6YARMyBG<p%n<>8<Us9(G;S%I0
zpj?;=aFw!woF%OsVSc;Xo6kLucv8yt<Nn{JH(v!Zf5I4Kyrj@0!hJ~li}2Sg+yX=J
zJJK)zr;(n-C-R`&+<%cj$m$iucvf$Yb!s~CxmGt0&+tXDh<<9QD<hRMSlU`fScN+d
z(>DWG(8ztPO}Sqww}Nt|usZ33NIOS(5gx;8q-CJqY#vg8I<YBRgY+rZk<XOl()ihM
zWavu4UB@5dGaHvtSU)vvg6nByD&gO)ffK~PUQ>9;CLWN0w6%oqT1H{Y=HuST{TH{c
zz1$xOf8v>s_5JTPl?srM-=9rqh$pph7aHZ~djH=Q%BT*LGK4y7c-R~Avr%pX_t&ex
zJxuZGwD<M8OPPJ#FGy%f-S2(>sWgl5GkaJI+(vx2H8ca;)6j3+e{nzKK1i8cq!*&0
z3dD7_<L*Vg7G}4)$F0paw0FnCoh;AS#46^X(gO-)Ctk)1Wg?!+3g)B1{KR!dC%*&b
zzO{1vb(+_U`z&RPk$wzAX-`)JY;X0xBfgP4K53;%d#e8roM=?IPQn)MOiZn=!lVTd
zPDfgCtK1dqa|e-Lo%FG;sQ;Hil2}LPU`^^SB(FH?%1PPMn1gs#Y)cz42*)9OOY5(z
z1BvCS+?c|f=zUJ^I;73QqxcKAuBDWjNST4e8=<aA_zUIQVPfvwG~SH#^Mt!mu7L`1
z-QzyP9oYuCmvZs-`9Ft3>nN;i5Dn?NfmJN*Qrv$RkQS9Xb*Zxe$J59Q?kiUI2yP~C
zBe$-dv^&Z2E|Ru|yNJc}QqNb}B0pjV8Z1Sn*AyB{#RU`y<<3dEuJ_oOTR#-O&;29!
z9`aK&qA;95oiHog+6J_P_&xF_;@`AehB~_L5$59mgOQBnH1I94eH2XRGQ4;+@Rs;I
zZe4pR7n!tn7XNH2Z=HoxP^KaAXq2l&+74xMMW@Xh<n>~ZKM?=P1|2t&t$*hKH1@q^
zrm&8vfj-<dX`m!&vv4GL9?JE!di+Yh|H?~xItKHR*bu@WEkA*^Ig#{%q)oB5&-$pC
zm&8IOo*=OY@$-aRao^$AHNsRl3JpD>%pcgC^uKw?KGKg^gGor=N&0Nk=5VL6y6Y%c
zf%tOD9pfHNxe4goM1f8;*o3<r2_Gm_kIcoW>lxu;lnG%}>j>-0N?gCtR~nbou&xp0
z{X*J1Ze1;Cs}O1NFgIzZNsCVTKm57>`;X86n*bLnu+bX&!|X`KZWazAtm~!2|KBb&
zc9I9&pl&)+vQaj~IyltIC8yqU^8b5vqTCfrs}q^^PfsL>iZkpXNhz?H#z$MB3%H*9
zFlBzGrTEyGvP=m7Fo3ULl>ePO0pVXr+eTPd0t(c!He3p2E&iT1ijcTg=U-PN9+-#*
z22h|c>iUcDK<+EVpK#ZvjII*?|MG=}yzgj8*Anh<;;CuxE@@2(m!Zxme=eUR#J^sJ
zNzX#$J^J^59m}jm#h%=?Y2-C&^C`5PyV!p!e<1H570+60&8!2hiMQo0Yw_8Xdq{`Z
za4(>|{y*NYTOD!Ag?-)uDkP&o6)JqaLa6kdhZeE4UkL|WC$>{o*8}dhl#4?=tCc%v
zdCGrFyJyJnj_tUYlJ^Ark*2FPVgLB+_yZgzqQ5DP>w`6PnQ(sc6Y%i1JY*%6dsqXT
zNXtR~Rno5#R+W0><s`7eI-AzoK1uoj(z{Tm0Oc>>5&Y)s=l?h|OIpKvC+Ip%+CkC^
zxu{o*_)G2=RJ?>gbN~1Hhq7-it+!=lvo<qg1v-;~w#RdKpp9#!`7&97C?xK+-e#wf
z3#2C{9)p6<tg-djgS=~$y+``jOPhE!k#g47*YqE#zl*ZpkUxOCBJluhK)ET%<@1WW
zfcFgrRlf&?K5<77&T6BHkK3&A@;KANYT+jLQQCNqnQ22;5;j{ZTxRjf)Xz*j66Ln3
z09Rgr9{ayM4?9bN=Ojj>Vm9LM$y`a{$fWNguIm<IU4uyvC)}6xn%sL_vX_JKY3?<|
zwXA;<9!EGCe!cqA@ro81O!{d3`A^qz9@vn(I`KDT93X8B4?08I&(^>(!b1s1rIWfw
z@{pL6KT6se!c9qwiMrNUoq~9s`!03AUgv2y54SGg88Tm4CzNoW_&JMDv&NLZiUxLD
zr6q)~See9>|A+K_+)KC<(YaaVWv1>U@^t00haV??nY%alRhP&7+jWhE+7!HF4^2(@
zI1L4o{)95y38y0Op_T7O{9oc(iPxsgalA@e2kN~deHZs~(qnL^pi@K0yGGg`;&bWf
zG~(^_=f7A)QV{uieIcHOcoGsS6V|npiUa;rCOc^fi9f|R<gJi4$}G5^v}fF%xf^nK
zR~ir2HJo~1NIRvt#{XEUT!Sc-p2SiV=xL3)96n&EpeqYzV>BztpXHLgXmoNl_XO%*
zrtSms9&!i$r;Q&7AE)jj$~~|_bw}Tw{}hTsLQ5K0#T}i-w~=>*aA%xH<HM{I3yE(g
zzZ~T=VcGw*F^zIlsdJP&n#yx8Bm4s{A@6s}CPZD?zy2NEb|QNz@XC62n*vQpORrK~
z%`81GCL+E_4Rf8P;SZD@MWe;6jLUKV?M1mal(|M;Wqgg7tXy)69MI?gUMe@Bk?1yx
z_Y}NG_&#?Y3I!0qMWy~U)&#Rsc0YMt(X%?Q%*EEYdpw)g($`Tp58>yurE3l4ieW;%
zUQZAh5@~&oVN)k=KAR+9Z>7x(ng#TV6Dzzx_T1sYxpEcGlW%kS&H-x|ZoZo!aBQ9F
QO`8Sg-n^!5V8Xcn55+gi!vFvP

diff --git a/geonode/locale/it/LC_MESSAGES/django.po b/geonode/locale/it/LC_MESSAGES/django.po
index 8791b1cfec4..7b4f071266c 100644
--- a/geonode/locale/it/LC_MESSAGES/django.po
+++ b/geonode/locale/it/LC_MESSAGES/django.po
@@ -39,7 +39,7 @@ msgstr ""
 "Project-Id-Version: GeoNode\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2021-07-08 09:02+0300\n"
-"PO-Revision-Date: 2023-07-20 11:35+0200\n"
+"PO-Revision-Date: 2023-10-11 11:47+0200\n"
 "Last-Translator: Julien Collaer <julien.collaer@opengeode.be>\n"
 "Language-Team: Italian (http://www.transifex.com/geonode/geonode/language/it/)\n"
 "Language: it\n"
@@ -947,6 +947,9 @@ msgstr "Classifica velocità"
 msgid "Link to"
 msgstr "Collegamento a"
 
+msgid "Related resources"
+msgstr "Risorse correlate"
+
 msgid "File"
 msgstr "File"
 
@@ -3283,6 +3286,11 @@ msgid_plural "Maps"
 msgstr[0] "Mappa"
 msgstr[1] "Mappe"
 
+msgid "map"
+msgid_plural "maps"
+msgstr[0] "mappa"
+msgstr[1] "mappe"
+
 msgid "Map Layers"
 msgstr "Livelli della mappa"
 
diff --git a/geonode/maps/templates/layouts/map_panels.html b/geonode/maps/templates/layouts/map_panels.html
index 96b3892117c..1dc3deb8ff6 100644
--- a/geonode/maps/templates/layouts/map_panels.html
+++ b/geonode/maps/templates/layouts/map_panels.html
@@ -319,7 +319,7 @@
                                   {% endblock map_title %}
                                   {% block map_linked_resources %}
                                     <div id="req_item">
-                                      <span><label for="{{ map_form.linked_resources|id }}">{{ map_form.linked_resources.label }}</label></span>
+                                      <span><label for="{{ map_form.linked_resources|id }}">{% trans "Related resources" %}</label></span>
                                       {{ map_form.linked_resources }}
                                     </div>
                                   {% endblock map_linked_resources %}
diff --git a/geonode/maps/templates/maps/map_metadata.html b/geonode/maps/templates/maps/map_metadata.html
index 0fece0b382f..dcc99f734e7 100644
--- a/geonode/maps/templates/maps/map_metadata.html
+++ b/geonode/maps/templates/maps/map_metadata.html
@@ -87,19 +87,3 @@ <h2>{% trans "Metadata Provider" %}</h2>
 
 {{ block.super }}
 {% endblock body_outer %}
-
-{% block extra_script %}
-{{ block.super }}
-<script type="text/javascript">
-    $("#id_resource-linked_resources").select2({
-        placeholder: "{% trans "Select an option" %}",
-        allowClear: true
-    });
-</script>
-<style>
-  #s2id_id_resource-linked_resources {
-    width: 600px;
-    height: 100%;
-  }
-</style>
-{% endblock extra_script %}

From 43188af8a18a21879a4c8ba2d8e4d3c6abcf5eae Mon Sep 17 00:00:00 2001
From: Emanuele Tajariol <etj@geo-solutions.it>
Date: Fri, 13 Oct 2023 10:26:58 +0200
Subject: [PATCH 269/330] [Fixes #11585] Move linked resources widget to the
 "optional metadata" tab (#11586)

---
 .../templates/layouts/doc_panels.html         |  12 ++++++------
 .../geoapps/templates/layouts/app_panels.html |  14 +++++++-------
 geonode/layers/templates/layouts/panels.html  |  12 ++++++------
 geonode/locale/it/LC_MESSAGES/django.mo       | Bin 161218 -> 161218 bytes
 geonode/locale/it/LC_MESSAGES/django.po       |   3 ++-
 .../maps/templates/layouts/map_panels.html    |  13 +++++++------
 6 files changed, 28 insertions(+), 26 deletions(-)

diff --git a/geonode/documents/templates/layouts/doc_panels.html b/geonode/documents/templates/layouts/doc_panels.html
index 0c7c10667ba..e2dffb26eea 100644
--- a/geonode/documents/templates/layouts/doc_panels.html
+++ b/geonode/documents/templates/layouts/doc_panels.html
@@ -313,12 +313,6 @@
                                       {{ document_form.title }}
                                     </div>
                                 {% endblock doc_title %}
-                                {% block doc_linked_resources %}
-                                    <div id="req_item">                                  
-                                      <span><label for="{{ document_form.linked_resources|id }}">{% trans "Related resources" %}</label></span>
-                                      {{ document_form.linked_resources }}
-                                    </div>
-                                {% endblock doc_linked_resources %}
                                 {% block doc_abstract %}
                                     <div id="req_item">
                                         <span><label for="{{ document_form.abstract|id }}">{{ document_form.abstract.label }}</label></span>
@@ -555,6 +549,12 @@
                         {{ document_form.extra_metadata }}
                     </div>
                     {% endblock doc_extra_metadata %}
+                    {% block doc_linked_resources %}
+                        <div id="linked_resources">
+                          <span><label for="{{ document_form.linked_resources|id }}">{% trans "Related resources" %}</label></span>
+                          {{ document_form.linked_resources }}
+                        </div>
+                    {% endblock doc_linked_resources %}
                 </div>
             </div>
             <div class="col-xs-12 col-lg-3">
diff --git a/geonode/geoapps/templates/layouts/app_panels.html b/geonode/geoapps/templates/layouts/app_panels.html
index 855c10b1429..ddedc0eb6bf 100644
--- a/geonode/geoapps/templates/layouts/app_panels.html
+++ b/geonode/geoapps/templates/layouts/app_panels.html
@@ -297,13 +297,6 @@
                                         <!--<p class="xxs-font-size">(Name by which the cited resource is known)</p>-->
                                         {{ geoapp_form.title }}
                                     {% endblock %}
-                                    {% block geoapp_linked_resources %}
-                                        <div id="req_item">
-                                          <span><label for="{{ geoapp_form.linked_resources|id }}">{% trans "Related resources" %}</label></span>
-                                          {{ geoapp_form.linked_resources }}
-                                        </div>
-                                    {% endblock geoapp_linked_resources %}
-
                                     <div>
                                         <span><label for="{{ geoapp_form.abstract|id }}">{{ geoapp_form.abstract.label }}</label></span>
                                         <!--<p class="xxs-font-size">(Brief narrative summary of the content of the resource/s)</p>-->
@@ -501,6 +494,13 @@
                         {{ geoapp_form.extra_metadata }}
                     </div>
                     {% endblock geoapp_extra_metadata %}
+                    {% block geoapp_linked_resources %}
+                        <div id="linked_resources">
+                          <span><label for="{{ geoapp_form.linked_resources|id }}">{% trans "Related resources" %}</label></span>
+                          {{ geoapp_form.linked_resources }}
+                        </div>
+                    {% endblock geoapp_linked_resources %}
+
                 </div>
                 {% endblock maintenance_block %}
             </div>
diff --git a/geonode/layers/templates/layouts/panels.html b/geonode/layers/templates/layouts/panels.html
index dfd9d14e40a..4ee805635e8 100644
--- a/geonode/layers/templates/layouts/panels.html
+++ b/geonode/layers/templates/layouts/panels.html
@@ -331,12 +331,6 @@
                                       {{ dataset_form.title }}
                                     </div>
                                     {% endblock dataset_title %}
-                                    {% block dataset_linked_resources %}
-                                        <div id="req_item">
-                                          <span><label for="{{ dataset_form.linked_resources|id }}">{% trans "Related resources" %}</label></span>
-                                          {{ dataset_form.linked_resources }}
-                                        </div>
-                                    {% endblock dataset_linked_resources %}
                                     {% block dataset_abstract %}
                                     <div id="req_item">
                                         <span><label for="{{ dataset_form.abstract|id }}">{{ dataset_form.abstract.label }}</label></span>
@@ -563,6 +557,12 @@
                       {{ dataset_form.extra_metadata }}
                     </div>
                     {% endblock layer_extra_metadata %}
+                    {% block dataset_linked_resources %}
+                        <div id="linked_resources">
+                          <span><label for="{{ dataset_form.linked_resources|id }}">{% trans "Related resources" %}</label></span>
+                          {{ dataset_form.linked_resources }}
+                        </div>
+                    {% endblock dataset_linked_resources %}
                 </div>
             </div>
             <div class="col-xs-12 col-lg-3">
diff --git a/geonode/locale/it/LC_MESSAGES/django.mo b/geonode/locale/it/LC_MESSAGES/django.mo
index 1b322e2d5ac2449ce20b34988a68104c7eb05a20..431f7fffb9b3ea4379b6793efad59a8fcaffacb6 100644
GIT binary patch
delta 24
gcmX@~n)A?W&W0AoEljrsS#okx)3@IjWO|$o0F1;6s{jB1

delta 24
gcmX@~n)A?W&W0AoEljrsS&E8MbGF|XWO|$o0F7A+yZ`_I

diff --git a/geonode/locale/it/LC_MESSAGES/django.po b/geonode/locale/it/LC_MESSAGES/django.po
index 7b4f071266c..6826098fc12 100644
--- a/geonode/locale/it/LC_MESSAGES/django.po
+++ b/geonode/locale/it/LC_MESSAGES/django.po
@@ -948,7 +948,8 @@ msgid "Link to"
 msgstr "Collegamento a"
 
 msgid "Related resources"
-msgstr "Risorse correlate"
+msgstr "Risorse collegate"
+#msgstr "Risorse correlate"
 
 msgid "File"
 msgstr "File"
diff --git a/geonode/maps/templates/layouts/map_panels.html b/geonode/maps/templates/layouts/map_panels.html
index 1dc3deb8ff6..eb163abdf2d 100644
--- a/geonode/maps/templates/layouts/map_panels.html
+++ b/geonode/maps/templates/layouts/map_panels.html
@@ -317,12 +317,6 @@
                                           {{ map_form.title }}
                                     </div>
                                   {% endblock map_title %}
-                                  {% block map_linked_resources %}
-                                    <div id="req_item">
-                                      <span><label for="{{ map_form.linked_resources|id }}">{% trans "Related resources" %}</label></span>
-                                      {{ map_form.linked_resources }}
-                                    </div>
-                                  {% endblock map_linked_resources %}
                                   {% block map_abstract %}
                                     <div id="req_item">
                                         <span><label for="{{ map_form.abstract|id }}">{{ map_form.abstract.label }}</label></span>
@@ -550,6 +544,13 @@
                         {{ map_form.extra_metadata }}
                     </div>
                     {% endblock map_extra_metadata %}
+                    {% block map_linked_resources %}
+                    <div id="linked_resources">
+                      <span><label for="{{ map_form.linked_resources|id }}">{% trans "Related resources" %}</label></span>
+                      {{ map_form.linked_resources }}
+                    </div>
+                    {% endblock map_linked_resources %}
+
                 </div>
                 {% endblock maintenance_block %}
             </div>

From 0501d041fff04815ff2671f7704350ce37f40044 Mon Sep 17 00:00:00 2001
From: Henning Bredel <h.bredel@52north.org>
Date: Fri, 13 Oct 2023 12:09:37 +0200
Subject: [PATCH 270/330] Rename workflow build

---
 .github/workflows/52n-build.yaml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/52n-build.yaml b/.github/workflows/52n-build.yaml
index 18a9b21175f..cf82d61d0ee 100644
--- a/.github/workflows/52n-build.yaml
+++ b/.github/workflows/52n-build.yaml
@@ -1,7 +1,7 @@
-name: Push Thünen Atlas Docker Image(s)
+name: "[thuenen_4.x -> 4.x] Push Thünen Atlas Docker Image(s)"
 
-concurrency: 
-  group: "geonode_build"
+concurrency:
+  group: "geonode_build_thuenen_4.x"
   cancel-in-progress: true
 
 env:
@@ -15,7 +15,7 @@ on:
   push:
     branches:
       - "thuenen_4.x"
-    paths-ignore: 
+    paths-ignore:
       - "./.github/workflows/52n-dockerhub-description.yaml"
       - "./README_thuenen.md"
 
@@ -32,7 +32,7 @@ jobs:
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
-      - 
+      -
         name: Extract metadata (tags, labels) for Docker
         id: meta
         uses: docker/metadata-action@v4

From bba1840ca4e41c473d76d78d41b834faf96d9a35 Mon Sep 17 00:00:00 2001
From: Henning Bredel <h.bredel@52north.org>
Date: Fri, 13 Oct 2023 12:24:05 +0200
Subject: [PATCH 271/330] Rename workflow file

---
 .github/workflows/{52n-build.yaml => 52n-build-4.x.yaml} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename .github/workflows/{52n-build.yaml => 52n-build-4.x.yaml} (100%)

diff --git a/.github/workflows/52n-build.yaml b/.github/workflows/52n-build-4.x.yaml
similarity index 100%
rename from .github/workflows/52n-build.yaml
rename to .github/workflows/52n-build-4.x.yaml

From c3da6186e07365f148d6b5de8196048011bf050e Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Mon, 16 Oct 2023 12:54:40 +0200
Subject: [PATCH 272/330] fix image template src reference (#11604)

---
 geonode/layers/api/serializers.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/geonode/layers/api/serializers.py b/geonode/layers/api/serializers.py
index 3d39fdefe20..d5733663a56 100644
--- a/geonode/layers/api/serializers.py
+++ b/geonode/layers/api/serializers.py
@@ -101,7 +101,7 @@ def get_attribute(self, instance):
                     elif _field.featureinfo_type == Attribute.TYPE_IMAGE:
                         _template += (
                             '<div class="col-xs-12" align="center" style="font-weight: bold; word-wrap: break-word;"> \
-                            <a href="${properties[\'%s\']}" target="_new"><img width="100%%" height="auto" src="${propertiess[\'%s\']}" title="%s" alt="%s"/></a></div>'
+                            <a href="${properties[\'%s\']}" target="_new"><img width="100%%" height="auto" src="${properties[\'%s\']}" title="%s" alt="%s"/></a></div>'
                             % (_field.attribute, _field.attribute, _label, _label)
                         )
                     elif _field.featureinfo_type in (
@@ -242,4 +242,4 @@ class DatasetMetadataSerializer(serializers.Serializer):
     metadata_file = MetadataFileField(required=True)
 
     class Meta:
-        fields = "metadata_file"
+        fields = "metadata_file"
\ No newline at end of file

From cf67edae004be5fbf8fcfcbea408d3dd9c569416 Mon Sep 17 00:00:00 2001
From: Emanuele Tajariol <etj@geo-solutions.it>
Date: Mon, 16 Oct 2023 12:55:54 +0200
Subject: [PATCH 273/330] [Fixes #11574] Fix CircleCI black tests (#11580)

* [Fixes #11574] Fix CircleCI black tests

* [Fixes #11574] Fix CircleCI black tests

* [Fixes #11574] Fix CircleCI black tests

* [Fixes #11574] Fix CircleCI black tests

* Adding black

* Try some failing changes

* Try some failing changes

* Try some failing changes

* Fix forced error

* Update api.py

* Run flake action on master and any 4.x branch

---------

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 .circleci/config.yml                  |  2 -
 .github/workflows/codeql-analysis.yml | 72 ---------------------------
 .github/workflows/flake8.yml          | 40 +++++++++++++++
 3 files changed, 40 insertions(+), 74 deletions(-)
 delete mode 100644 .github/workflows/codeql-analysis.yml
 create mode 100644 .github/workflows/flake8.yml

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 9babc1a6978..22de58db724 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -90,8 +90,6 @@ jobs:
             - run:
                 name: Run code quality checks
                 command: |
-                  docker-compose --env-file .env_test -f docker-compose-test.yml exec django bash -c 'black --check geonode'
-                  docker-compose --env-file .env_test -f docker-compose-test.yml exec django bash -c 'flake8 geonode'
                   docker-compose --env-file .env_test -f docker-compose-test.yml exec django bash -c 'codecov; bash <(curl -s https://codecov.io/bash) -t 2c0e7780-1640-45f0-93a3-e103b057d8c8'
                 working_directory: ./
 
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
deleted file mode 100644
index a75fd07bd10..00000000000
--- a/.github/workflows/codeql-analysis.yml
+++ /dev/null
@@ -1,72 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL"
-
-on:
-  push:
-    branches: [ "master", 4.0.x, 4.1.x ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ "master", 4.0.x, 4.1.x ]
-  schedule:
-    - cron: '38 4 * * 5'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'javascript', 'python' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
-        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        
-        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
-
-        
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-
-    #   If the Autobuild fails above, remove it and uncomment the following three lines. 
-    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
-
-    # - run: |
-    #   echo "Run, Build Application using script"
-    #   ./location_of_script_within_repo/buildscript.sh
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/flake8.yml b/.github/workflows/flake8.yml
new file mode 100644
index 00000000000..a8304f8a1ac
--- /dev/null
+++ b/.github/workflows/flake8.yml
@@ -0,0 +1,40 @@
+name: "Code formatting"
+
+on:
+  push:
+    branches: [ master, 4.* ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master, 4.* ]
+
+jobs:
+  validate:
+
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: [ '3.10', '3.11']
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Set up Python ${{matrix.python-version}}
+      uses: actions/setup-python@v2
+      with:
+        python-version: ${{matrix.python-version}}
+
+    - name: Install flake8 & black
+      run: pip install flake8 black
+
+    - name: "Check: flake8"
+      run: |
+        # stop the build if there are Python syntax errors or undefined names
+        flake8 geonode --count --select=E9,F63,F7,F82 --show-source --statistics
+        # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
+        flake8 geonode --count --statistics
+
+    - name: "Check: black"
+      run: black --check geonode

From 47a9aa6f86575d07a70ecf19573fccde7687cc42 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Mon, 16 Oct 2023 13:06:04 +0200
Subject: [PATCH 274/330] fix black formatting (#11605)

---
 geonode/layers/api/serializers.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/geonode/layers/api/serializers.py b/geonode/layers/api/serializers.py
index d5733663a56..304e89467c5 100644
--- a/geonode/layers/api/serializers.py
+++ b/geonode/layers/api/serializers.py
@@ -242,4 +242,4 @@ class DatasetMetadataSerializer(serializers.Serializer):
     metadata_file = MetadataFileField(required=True)
 
     class Meta:
-        fields = "metadata_file"
\ No newline at end of file
+        fields = "metadata_file"

From 9ca2f13a083e9ca37cd368106864f32e33176499 Mon Sep 17 00:00:00 2001
From: Henning Bredel <881756+ridoo@users.noreply.github.com>
Date: Tue, 17 Oct 2023 10:32:45 +0200
Subject: [PATCH 275/330] Enumerate unzipped files (#10842)

* Keep all uploaded zip content accessible

iterdir() is platform dependent, that is the order of the returned items
may be different on different platforms. In cases where a zip file
contains multiple base_file candidates it will be overridden by the last
one found (which varies on different platforms).

Also, different files with the same extension (file1.csv, file2.csv) will not
be accessible from file_paths as they get overridden, too.

The fix enumerates all files to make them accessible from file_paths.

* Sorts files during unzip

Ensures that unpacked content is sorted before getting handled

* Resolve minor issues

* Ensure index on extensions found multiple times
---
 geonode/storage/data_retriever.py      |  31 +++++++++++++++++++------
 geonode/storage/tests.py               |  16 ++++++++++++-
 geonode/storage/tests/data/example.zip | Bin 140 -> 324 bytes
 3 files changed, 39 insertions(+), 8 deletions(-)

diff --git a/geonode/storage/data_retriever.py b/geonode/storage/data_retriever.py
index 059a3122a74..bc23997a8a2 100644
--- a/geonode/storage/data_retriever.py
+++ b/geonode/storage/data_retriever.py
@@ -205,17 +205,34 @@ def _unzip(self, zip_name: str) -> Mapping:
         at the end the zip is deleted
         """
         zip_file = self.file_paths["base_file"]
-        the_zip = zipfile.ZipFile(zip_file, allowZip64=True)
-        the_zip.extractall(self.temporary_folder)
+        with zipfile.ZipFile(zip_file, allowZip64=True) as the_zip:
+            the_zip.extractall(self.temporary_folder)
+
         available_choices = get_allowed_extensions()
         not_main_files = ["xml", "sld", "zip", "kmz"]
         base_file_choices = [x for x in available_choices if x not in not_main_files]
-        for _file in Path(self.temporary_folder).iterdir():
-            if any([_file.name.endswith(_ext) for _ext in base_file_choices]):
-                self.file_paths["base_file"] = Path(str(_file))
-            elif not zipfile.is_zipfile(str(_file)):
+        sorted_files = sorted(Path(self.temporary_folder).iterdir())
+        for _file in sorted_files:
+            if not zipfile.is_zipfile(str(_file)):
+                if any([_file.name.endswith(_ext) for _ext in base_file_choices]):
+                    self.file_paths["base_file"] = Path(str(_file))
                 ext = _file.name.split(".")[-1]
-                self.file_paths[f"{ext}_file"] = Path(str(_file))
+                if f"{ext}_file" in self.file_paths:
+                    existing = self.file_paths[f"{ext}_file"]
+                    self.file_paths[f"{ext}_file"] = [
+                        Path(str(_file)),
+                        *(existing if isinstance(existing, list) else [existing]),
+                    ]
+                else:
+                    self.file_paths[f"{ext}_file"] = Path(str(_file))
+
+        tmp = self.file_paths.copy()
+        for key, value in self.file_paths.items():
+            if isinstance(value, list):
+                for index, file_path in enumerate(value):
+                    n = f"{key}_{index}" if index > 0 else key
+                    tmp[n] = file_path
+        self.file_paths = tmp
 
         # remiving the zip file
         os.remove(zip_name)
diff --git a/geonode/storage/tests.py b/geonode/storage/tests.py
index 48d1f3ebfe2..9a96186ab3e 100644
--- a/geonode/storage/tests.py
+++ b/geonode/storage/tests.py
@@ -573,7 +573,21 @@ def test_zip_file_should_correctly_recognize_main_extension_with_csv(self):
 
         self.assertIsNotNone(storage_manager.data_retriever.temporary_folder)
         _files = storage_manager.get_retrieved_paths()
-        self.assertTrue("example.csv" in _files.get("base_file"))
+        # Selected base_file is not defined in case of multiple csv files
+        self.assertTrue(_files.get("base_file").endswith(".csv"))
+
+    def test_zip_file_should_correctly_index_file_extensions(self):
+        # reinitiate the storage manager with the zip file
+        storage_manager = self.sut(
+            remote_files={"base_file": os.path.join(f"{self.project_root}", "tests/data/example.zip")}
+        )
+        storage_manager.clone_remote_files()
+
+        self.assertIsNotNone(storage_manager.data_retriever.temporary_folder)
+        _files = storage_manager.get_retrieved_paths()
+        self.assertIsNotNone(_files.get("csv_file"))
+        # extensions found more than once get indexed
+        self.assertIsNotNone(_files.get("csv_file_1"))
 
     @override_settings(
         SUPPORTED_DATASET_FILE_TYPES=[
diff --git a/geonode/storage/tests/data/example.zip b/geonode/storage/tests/data/example.zip
index 099888b8ef30952a98553b0ffe978c41fdd87b58..bb54c689f548c71a5455a78973833b76f8feecb9 100644
GIT binary patch
literal 324
zcmWIWW@Zs#W?<l82#J>neK-5V1YrgS22mj92IAC;#N2|MRK4WlveO>EK89P^Cc4F>
zc3QSwb2!Ao5P(xJCs1#GNk(cBPMwTQ_RP5KRRQV-0fmMojUXDy6<iDoAQ1*e1_=g+
z4j!=u+ix&7q+aUKWVi*V1H5q?&dGpmxDC)GxHIt?%`oYDgci_>0B=?{ko8PJxC2O+
HfjA5RA1F*t

literal 140
zcmWIWW@Zs#U|`^22#J>neK-5V1Q1UYh`E6{wIVUMASYEXxw!1Khp&&}mU9e~++tEY
rE!(a+9O7UI@MdHZVZf~&XaWNxhyVj5!vefn*+629Kxhf1ZNUlv5U3nd


From 9d6a4ca0105db2f4bedab5b844fb7bf33b720dda Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Wed, 18 Oct 2023 10:42:01 +0200
Subject: [PATCH 276/330] [Fixes #11610] Make thumbs backgrounds tests run
 (#11611)

* make thumbs bagrounds run

* Fix thumbs backgrounds tests
---
 geonode/thumbs/background.py             | 4 ++--
 geonode/thumbs/tests/__init__.py         | 1 +
 geonode/thumbs/tests/test_backgrounds.py | 6 +++---
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/geonode/thumbs/background.py b/geonode/thumbs/background.py
index 85bceb64159..1df55fc0dbc 100644
--- a/geonode/thumbs/background.py
+++ b/geonode/thumbs/background.py
@@ -542,8 +542,8 @@ def fetch(self, bbox: typing.List, *args, **kwargs):
         return background
 
     def build_kvp_request(self, baseurl, layer, style, xyz):
-        return f"{baseurl}?&Service=WMTS&Request=GetTile&Version=1.0.0&Format=image/png&layer={layer}&style={style} \
-            &tilematrixset={self.options['tilematrixset']}&TileMatrix={xyz[2]}&TileRow={xyz[1]}&TileCol={xyz[0]}"
+        return f"{baseurl}?&Service=WMTS&Request=GetTile&Version=1.0.0&Format=image/png&layer={layer}&style={style}\
+&tilematrixset={self.options['tilematrixset']}&TileMatrix={xyz[2]}&TileRow={xyz[1]}&TileCol={xyz[0]}"
 
     def build_request(self, xyz):
         request_encoding = self.options.get("requestencoding", "KVP")
diff --git a/geonode/thumbs/tests/__init__.py b/geonode/thumbs/tests/__init__.py
index dee8ede78da..0bc5c5d5525 100644
--- a/geonode/thumbs/tests/__init__.py
+++ b/geonode/thumbs/tests/__init__.py
@@ -19,3 +19,4 @@
 
 from .test_unit import *  # noqa: F401, F403
 from .test_integration import *  # noqa: F401, F403
+from .test_backgrounds import *  # noqa: F401, F403
diff --git a/geonode/thumbs/tests/test_backgrounds.py b/geonode/thumbs/tests/test_backgrounds.py
index 896ef0685dc..d99adf680ce 100644
--- a/geonode/thumbs/tests/test_backgrounds.py
+++ b/geonode/thumbs/tests/test_backgrounds.py
@@ -276,7 +276,7 @@
 THUMBNAIL_BACKGROUND = {
     "class": "geonode.thumbs.background.GenericWMTSBackground",
     "options": {
-        "url": "myserver.com/WMTS",
+        "url": "https://myserver.com/WMTS",
         "layer": "Hosted_basemap_inforac_3857",
         "style": "default",
         "tilematrixset": "default028mm",
@@ -345,8 +345,8 @@ def test_get_tiles_coords(self, *args):
     @override_settings(THUMBNAIL_BACKGROUND=THUMBNAIL_BACKGROUND)
     @patch("geonode.thumbs.background.WMTS_TILEMATRIXSET_LEVELS", WMTS_TILEMATRIX_LEVELS)
     def test_build_request(self, *args):
-        expected_imgurl = "https://myserver.com/WMTS?&Service=WMTS&Request=GetTile&Version=1.0.0&Format=image/png& \
-            layer=Hosted_basemap_inforac_3857&style=default&tilematrixset=default028mm&TileMatrix=4&TileRow=5&TileCol=7"
+        expected_imgurl = "https://myserver.com/WMTS?&Service=WMTS&Request=GetTile&Version=1.0.0&Format=image/png&\
+layer=Hosted_basemap_inforac_3857&style=default&tilematrixset=default028mm&TileMatrix=4&TileRow=5&TileCol=7"
         background = GenericWMTSBackground(thumbnail_width=500, thumbnail_height=200)
         imgurl = background.build_request((7, 5, 4))
         self.assertEqual(expected_imgurl, imgurl)

From 5f99756d4ce2c2d555a17899dde3e3dbd505c66c Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Thu, 19 Oct 2023 12:57:59 +0200
Subject: [PATCH 277/330] [Fixes #11617] Introduce icons for thesauri keywords
 (#11618)

* Introduce icons for thesauri keywords

* fix black
---
 .../migrations/0087_thesauruskeyword_icon.py   | 18 ++++++++++++++++++
 geonode/base/models.py                         |  4 ++++
 geonode/facets/providers/thesaurus.py          |  3 ++-
 3 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 geonode/base/migrations/0087_thesauruskeyword_icon.py

diff --git a/geonode/base/migrations/0087_thesauruskeyword_icon.py b/geonode/base/migrations/0087_thesauruskeyword_icon.py
new file mode 100644
index 00000000000..87dd7e45f96
--- /dev/null
+++ b/geonode/base/migrations/0087_thesauruskeyword_icon.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.22 on 2023-10-18 14:53
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('base', '0086_linkedresource'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='thesauruskeyword',
+            name='icon',
+            field=models.CharField(blank=True, max_length=512, null=True, help_text='It can be a fa-class name or a URL to an image'),
+        ),
+    ]
diff --git a/geonode/base/models.py b/geonode/base/models.py
index b5907a902ba..a2708f3b644 100644
--- a/geonode/base/models.py
+++ b/geonode/base/models.py
@@ -545,6 +545,10 @@ class ThesaurusKeyword(models.Model):
 
     thesaurus = models.ForeignKey("Thesaurus", related_name="thesaurus", on_delete=models.CASCADE)
 
+    icon = models.CharField(
+        max_length=512, help_text="It can be a fa-class name or a URL to an image", null=True, blank=True
+    )
+
     def __str__(self):
         return str(self.alt_label)
 
diff --git a/geonode/facets/providers/thesaurus.py b/geonode/facets/providers/thesaurus.py
index f8014728c9d..7594c009716 100644
--- a/geonode/facets/providers/thesaurus.py
+++ b/geonode/facets/providers/thesaurus.py
@@ -79,7 +79,7 @@ def get_facet_items(
 
         q = (
             queryset.filter(**filter)
-            .values("tkeywords", "tkeywords__alt_label")
+            .values("tkeywords", "tkeywords__alt_label", "tkeywords__icon")
             .annotate(count=Count("tkeywords"))
             .annotate(
                 localized_label=Subquery(
@@ -102,6 +102,7 @@ def get_facet_items(
                 "label": r["localized_label"] or r["tkeywords__alt_label"],
                 "is_localized": r["localized_label"] is not None,
                 "count": r["count"],
+                "icon": r["tkeywords__icon"],
             }
             for r in q[start:end].all()
         ]

From 0868e34013404bdf99b52689a5a1db3cb7a454be Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 19 Oct 2023 13:03:02 +0200
Subject: [PATCH 278/330] Bump markdown from 3.4.4 to 3.5 (#11572)

* Bump markdown from 3.4.4 to 3.5

Bumps [markdown](https://github.com/Python-Markdown/markdown) from 3.4.4 to 3.5.
- [Changelog](https://github.com/Python-Markdown/markdown/blob/master/docs/changelog.md)
- [Commits](https://github.com/Python-Markdown/markdown/compare/3.4.4...3.5)

---
updated-dependencies:
- dependency-name: markdown
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update setup.cfg

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 39864fb3294..d4c591ceeb0 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -82,7 +82,7 @@ drf-extensions==0.7.1
 drf-writable-nested==0.7.0
 drf-spectacular==0.26.5
 dynamic-rest==2.1.2
-Markdown==3.4.4
+Markdown==3.5
 
 pinax-notifications==6.0.0
 pinax-ratings==4.0.0
diff --git a/setup.cfg b/setup.cfg
index 3c2147edf46..789f545d99a 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -108,7 +108,7 @@ install_requires =
     drf-writable-nested==0.7.0
     drf-spectacular==0.26.5
     dynamic-rest==2.1.2
-    Markdown==3.4.4
+    Markdown==3.5
 
     pinax-notifications==6.0.0
     pinax-ratings==4.0.0

From 31ea8c8ddefded4bda913704716dcde4d583b8da Mon Sep 17 00:00:00 2001
From: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Thu, 19 Oct 2023 14:35:12 +0200
Subject: [PATCH 279/330] [Snyk] Security upgrade urllib3 from 1.26.17 to
 1.26.18 (#11619)

* fix: requirements.txt to reduce vulnerabilities


The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459

* Update setup.cfg

---------

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index d4c591ceeb0..3d5dada6563 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -10,7 +10,7 @@ beautifulsoup4==4.12.2
 httplib2<0.22.1
 hyperlink==21.0.0
 idna>=2.5,<3.5
-urllib3==1.26.17
+urllib3==1.26.18
 Paver==1.3.4
 python-slugify==8.0.1
 decorator==5.1.1
diff --git a/setup.cfg b/setup.cfg
index 789f545d99a..42ff67cbaeb 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -36,7 +36,7 @@ install_requires =
     httplib2<0.22.1
     hyperlink==21.0.0
     idna>=2.5,<3.5
-    urllib3==1.26.17
+    urllib3==1.26.18
     Paver==1.3.4
     python-slugify==8.0.1
     decorator==5.1.1

From 90dc8ef511bfb3257819a35b122878f01ba5a385 Mon Sep 17 00:00:00 2001
From: Emanuele Tajariol <etj@geo-solutions.it>
Date: Thu, 19 Oct 2023 14:35:47 +0200
Subject: [PATCH 280/330] [Fixes #11603] Improve codecov integration (#11607)

* [Fixes #11603] Improve codecov integration

* [Fixes #11603] Improve codecov integration

* [Fixes #11603] Improve codecov integration

* [Fixes #11603] Improve codecov integration

* [Fixes #11603] Improve codecov integration
---
 .circleci/config.yml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 22de58db724..782732b6ff3 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -11,6 +11,8 @@ jobs:
         type: boolean
       save_docker_cache:
         type: boolean
+      codecov_name:
+        type: string        
       test_suite:
         type: string
         default: ""
@@ -90,7 +92,7 @@ jobs:
             - run:
                 name: Run code quality checks
                 command: |
-                  docker-compose --env-file .env_test -f docker-compose-test.yml exec django bash -c 'codecov; bash <(curl -s https://codecov.io/bash) -t 2c0e7780-1640-45f0-93a3-e103b057d8c8'
+                  docker-compose --env-file .env_test -f docker-compose-test.yml exec django bash -c ' bash <(curl -s https://codecov.io/bash) -t 2c0e7780-1640-45f0-93a3-e103b057d8c8 -F <<parameters.codecov_name>>'
                 working_directory: ./
 
 workflows:
@@ -99,31 +101,37 @@ workflows:
     jobs:
       - build:
           name: geonode_test_suite_smoke
+          codecov_name: smoke_tests
           load_docker_cache: false
           save_docker_cache: false
           test_suite: ./test.sh geonode.tests.smoke geonode.tests.test_message_notifications geonode.tests.test_rest_api geonode.tests.test_search geonode.tests.test_utils geonode.tests.test_headers
       - build:
           name: geonode_test_suite
+          codecov_name: main_tests
           load_docker_cache: false
           save_docker_cache: false
           test_suite: ./test.sh $(python -c "import sys;from geonode import settings;sys.stdout.write('\'' '\''.join([a+'\''.tests'\'' for a in settings.GEONODE_APPS if '\''security'\'' not in a and '\''geoserver'\'' not in a]))") geonode.thumbs.tests geonode.people.tests geonode.people.socialaccount.providers.geonode_openid_connect.tests
       - build:
           name: geonode_test_security
+          codecov_name: security_tests
           load_docker_cache: false
           save_docker_cache: false
           test_suite: ./test.sh $(python -c "import sys;from geonode import settings;sys.stdout.write('\'' '\''.join([a+'\''.tests'\'' for a in settings.GEONODE_APPS if '\''security'\'' in a]))")
       - build:
           name: geonode_test_gis_backend
+          codecov_name: gis
           load_docker_cache: false
           save_docker_cache: false
           test_suite: ./test.sh $(python -c "import sys;from geonode import settings;sys.stdout.write('\'' '\''.join([a+'\''.tests'\'' for a in settings.GEONODE_APPS if '\''geoserver'\'' in a]))")
       - build:
           name: geonode_test_rest_apis
+          codecov_name: api
           load_docker_cache: false
           save_docker_cache: false
           test_suite: ./test.sh geonode.base.api.tests geonode.layers.api.tests geonode.maps.api.tests geonode.documents.api.tests geonode.geoapps.api.tests geonode.upload.api.tests
       - build:
           name: geonode_test_csw
+          codecov_name: csw
           load_docker_cache: false
           save_docker_cache: false
           test_suite: ./test.sh geonode.tests.csw geonode.catalogue.backends.tests

From c437a0a69054217976fa519b245e82966543dbe5 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Thu, 19 Oct 2023 17:39:13 +0200
Subject: [PATCH 281/330] [Fixes #11622] Rename icon filed to image field for
 thesaurus keywords (#11623)

* Rename icon filed to image field for thesaurus keywords

* add migration

* fix formatting
---
 .../migrations/0088_auto_20231019_1244.py     | 22 +++++++++++++++++++
 geonode/base/models.py                        |  4 +---
 geonode/facets/providers/thesaurus.py         |  4 ++--
 3 files changed, 25 insertions(+), 5 deletions(-)
 create mode 100644 geonode/base/migrations/0088_auto_20231019_1244.py

diff --git a/geonode/base/migrations/0088_auto_20231019_1244.py b/geonode/base/migrations/0088_auto_20231019_1244.py
new file mode 100644
index 00000000000..c96c97f6a2d
--- /dev/null
+++ b/geonode/base/migrations/0088_auto_20231019_1244.py
@@ -0,0 +1,22 @@
+# Generated by Django 3.2.22 on 2023-10-19 12:44
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('base', '0087_thesauruskeyword_icon'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='thesauruskeyword',
+            name='icon',
+        ),
+        migrations.AddField(
+            model_name='thesauruskeyword',
+            name='image',
+            field=models.CharField(blank=True, help_text='A URL to an image', max_length=512, null=True),
+        ),
+    ]
diff --git a/geonode/base/models.py b/geonode/base/models.py
index a2708f3b644..b316ae4a33b 100644
--- a/geonode/base/models.py
+++ b/geonode/base/models.py
@@ -545,9 +545,7 @@ class ThesaurusKeyword(models.Model):
 
     thesaurus = models.ForeignKey("Thesaurus", related_name="thesaurus", on_delete=models.CASCADE)
 
-    icon = models.CharField(
-        max_length=512, help_text="It can be a fa-class name or a URL to an image", null=True, blank=True
-    )
+    image = models.CharField(max_length=512, help_text="A URL to an image", null=True, blank=True)
 
     def __str__(self):
         return str(self.alt_label)
diff --git a/geonode/facets/providers/thesaurus.py b/geonode/facets/providers/thesaurus.py
index 7594c009716..047ac9b82ea 100644
--- a/geonode/facets/providers/thesaurus.py
+++ b/geonode/facets/providers/thesaurus.py
@@ -79,7 +79,7 @@ def get_facet_items(
 
         q = (
             queryset.filter(**filter)
-            .values("tkeywords", "tkeywords__alt_label", "tkeywords__icon")
+            .values("tkeywords", "tkeywords__alt_label", "tkeywords__image")
             .annotate(count=Count("tkeywords"))
             .annotate(
                 localized_label=Subquery(
@@ -102,7 +102,7 @@ def get_facet_items(
                 "label": r["localized_label"] or r["tkeywords__alt_label"],
                 "is_localized": r["localized_label"] is not None,
                 "count": r["count"],
-                "icon": r["tkeywords__icon"],
+                "image": r["tkeywords__image"],
             }
             for r in q[start:end].all()
         ]

From da856b5f1f674201005db2a5132b6d8c1776d7a0 Mon Sep 17 00:00:00 2001
From: Emanuele Tajariol <etj@geo-solutions.it>
Date: Mon, 23 Oct 2023 12:00:38 +0200
Subject: [PATCH 282/330] [Fixes #11620] Facets: refact view as a class
 (#11625)

Co-authored-by: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
---
 geonode/facets/tests.py |  52 +++---
 geonode/facets/urls.py  |   7 +-
 geonode/facets/views.py | 351 +++++++++++++++++++---------------------
 3 files changed, 190 insertions(+), 220 deletions(-)

diff --git a/geonode/facets/tests.py b/geonode/facets/tests.py
index 3245fe72d9a..8b4812a110f 100644
--- a/geonode/facets/tests.py
+++ b/geonode/facets/tests.py
@@ -42,8 +42,8 @@
 from geonode.facets.providers.category import CategoryFacetProvider
 from geonode.facets.providers.keyword import KeywordFacetProvider
 from geonode.facets.providers.region import RegionFacetProvider
+from geonode.facets.views import ListFacetsView, GetFacetView
 from geonode.tests.base import GeoNodeBaseTestSupport
-import geonode.facets.views as views
 
 
 logger = logging.getLogger(__name__)
@@ -85,7 +85,7 @@ def _create_thesauri(cls):
         for tn in range(2):
             t = Thesaurus.objects.create(identifier=f"t_{tn}", title=f"Thesaurus {tn}", order=100 + tn * 10)
             cls.thesauri[tn] = t
-            for tl in (
+            for tl in (  # fmt: skip
                 "en",
                 "it",
             ):
@@ -94,7 +94,7 @@ def _create_thesauri(cls):
             for tkn in range(10):
                 tk = ThesaurusKeyword.objects.create(thesaurus=t, alt_label=f"T{tn}_K{tkn}_ALT")
                 cls.thesauri_k[f"{tn}_{tkn}"] = tk
-                for tkl in (
+                for tkl in (  # fmt: skip
                     "en",
                     "it",
                 ):
@@ -104,7 +104,7 @@ def _create_thesauri(cls):
     def _create_regions(cls):
         cls.regions = {}
 
-        for code, name in (
+        for code, name in (  # fmt: skip
             ("R0", "Region0"),
             ("R1", "Region1"),
             ("R2", "Region2"),
@@ -115,7 +115,7 @@ def _create_regions(cls):
     def _create_categories(cls):
         cls.cats = {}
 
-        for code, name in (
+        for code, name in (  # fmt: skip
             ("C0", "Cat0"),
             ("C1", "Cat1"),
             ("C2", "Cat2"),
@@ -126,7 +126,7 @@ def _create_categories(cls):
     def _create_keywords(cls):
         cls.kw = {}
 
-        for code, name in (
+        for code, name in (  # fmt: skip
             ("K0", "Keyword0"),
             ("K1", "Keyword1"),
             ("K2", "Keyword2"),
@@ -186,14 +186,14 @@ def _create_resources(self):
             if (x % 6) in (0, 1, 2):
                 d.featured = True
 
-            for reg, idx in (
+            for reg, idx in (  # fmt: skip
                 ("R0", (0, 1)),
                 ("R1", (0, 2, 8, 13)),
             ):
                 if x in idx:
                     d.regions.add(self.regions[reg])
 
-            for kw, idx in (
+            for kw, idx in (  # fmt: skip
                 ("K0", (0, 3, 4, 5)),
                 ("K1", [1, 4]),
                 ("K2", [2, 5]),
@@ -201,7 +201,7 @@ def _create_resources(self):
                 if x in idx:
                     d.keywords.add(self.kw[kw])
 
-            for cat, idx in (
+            for cat, idx in (  # fmt: skip
                 ("C0", [0, 2, 4]),
                 ("C1", [5, 15, 16]),
                 ("C2", [18, 19]),
@@ -218,7 +218,7 @@ def _facets_to_map(facets):
 
     def test_facets_base(self):
         req = self.rf.get(reverse("list_facets"), data={"lang": "en"})
-        res: JsonResponse = views.list_facets(req)
+        res: JsonResponse = ListFacetsView.as_view()(req)
         obj = json.loads(res.content)
         self.assertIn("facets", obj)
         facets_list = obj["facets"]
@@ -238,13 +238,13 @@ def test_facets_rich(self):
 
         # run the request
         req = self.rf.get(reverse("list_facets"), data={"include_topics": 1, "lang": "en"})
-        res: JsonResponse = views.list_facets(req)
+        res: JsonResponse = ListFacetsView.as_view()(req)
         obj = json.loads(res.content)
 
         facets_list = obj["facets"]
         self.assertEqual(8, len(facets_list))
         fmap = self._facets_to_map(facets_list)
-        for expected in (
+        for expected in (  # fmt: skip
             {
                 "name": "category",
                 "topics": {
@@ -356,7 +356,7 @@ def test_bad_lang(self):
 
         # run the request with a valid language
         req = self.rf.get(reverse("get_facet", args=["t_0"]), data={"lang": "en"})
-        res: JsonResponse = views.get_facet(req, "t_0")
+        res: JsonResponse = GetFacetView.as_view()(req, "t_0")
         obj = json.loads(res.content)
 
         self.assertEqual(2, obj["topics"]["total"])
@@ -366,7 +366,7 @@ def test_bad_lang(self):
 
         # run the request with an INVALID language
         req = self.rf.get(reverse("get_facet", args=["t_0"]), data={"lang": "ZZ"})
-        res: JsonResponse = views.get_facet(req, "t_0")
+        res: JsonResponse = GetFacetView.as_view()(req, "t_0")
         obj = json.loads(res.content)
 
         self.assertEqual(2, obj["topics"]["total"])
@@ -374,18 +374,6 @@ def test_bad_lang(self):
         self.assertEqual("T0_K0_ALT", obj["topics"]["items"][0]["label"])  # check for the alternate label
         self.assertFalse(obj["topics"]["items"][0]["is_localized"])  # check for the localization flag
 
-    def test_topics(self):
-        for facet, keys, exp in (
-            ("t_0", [self.thesauri_k["0_0"].id, self.thesauri_k["0_1"].id, -999], 2),
-            ("category", ["C1", "C2", "nomatch"], 2),
-            ("owner", [self.user.id, -100], 1),
-            ("region", ["R0", "R1", "nomatch"], 2),
-        ):
-            req = self.rf.get(reverse("get_facet_topics", args=[facet]), data={"lang": "en", "key": keys})
-            res: JsonResponse = views.get_facet_topics(req, facet)
-            obj = json.loads(res.content)
-            self.assertEqual(exp, len(obj["topics"]["items"]), f"Unexpected topic count {exp} for facet {facet}")
-
     def test_prefiltering(self):
         reginfo = RegionFacetProvider().get_info()
         regfilter = reginfo["filter"]
@@ -403,7 +391,7 @@ def test_prefiltering(self):
             (reginfo["name"], {t1filter: self.thesauri_k["1_0"].id}, 2, 3),
         ):
             req = self.rf.get(reverse("get_facet", args=[facet]), data=filters)
-            res: JsonResponse = views.get_facet(req, facet)
+            res: JsonResponse = GetFacetView.as_view()(req, facet)
             obj = json.loads(res.content)
             self.assertEqual(totals, obj["topics"]["total"], f"Bad totals for facet '{facet} and filter {filters}")
             self.assertEqual(count0, obj["topics"]["items"][0]["count"], f"Bad count0 for facet '{facet}")
@@ -423,7 +411,7 @@ def test_prefiltering_tkeywords(self):
             (featname, {t1filter: tkey_1_1}, expected_feat),
         ):
             req = self.rf.get(reverse("get_facet", args=[facet]), data=params)
-            res: JsonResponse = views.get_facet(req, facet)
+            res: JsonResponse = GetFacetView.as_view()(req, facet)
             obj = json.loads(res.content)
 
             self.assertEqual(
@@ -439,13 +427,13 @@ def test_prefiltering_tkeywords(self):
 
         # Run the single request
         req = self.rf.get(reverse("list_facets"), data={"include_topics": 1, t1filter: tkey_1_1})
-        res: JsonResponse = views.list_facets(req)
+        res: JsonResponse = ListFacetsView.as_view()(req)
         obj = json.loads(res.content)
 
         facets_list = obj["facets"]
         fmap = self._facets_to_map(facets_list)
 
-        for name, items in (
+        for name, items in (  # fmt: skip
             (regname, expected_region),
             (featname, expected_feat),
         ):
@@ -466,7 +454,7 @@ def test_config(self):
             ("owner", "select", 8),
         ):
             req = self.rf.get(reverse("get_facet", args=[facet]), data={"include_config": True})
-            res: JsonResponse = views.get_facet(req, facet)
+            res: JsonResponse = GetFacetView.as_view()(req, facet)
             obj = json.loads(res.content)
             self.assertIn("config", obj, "Config info not found in payload")
             conf = obj["config"]
@@ -525,7 +513,7 @@ def t(tk):
             (kwname, {t0filter: t("0_0"), regfilter: "R0", "key": ["K0"]}, {"K0": None}),
         ):
             req = self.rf.get(reverse("get_facet", args=[facet]), data=params)
-            res: JsonResponse = views.get_facet(req, facet)
+            res: JsonResponse = GetFacetView.as_view()(req, facet)
             obj = json.loads(res.content)
             # self.assertEqual(totals, obj["topics"]["total"], f"Bad totals for facet '{facet} and params {params}")
 
diff --git a/geonode/facets/urls.py b/geonode/facets/urls.py
index 42bf08de85b..8d96976e53c 100644
--- a/geonode/facets/urls.py
+++ b/geonode/facets/urls.py
@@ -18,10 +18,9 @@
 #########################################################################
 
 from django.urls import path
-from . import views
+from .views import ListFacetsView, GetFacetView
 
 urlpatterns = [
-    path("facets", views.list_facets, name="list_facets"),
-    path("facets/<facet>", views.get_facet, name="get_facet"),
-    path("facets/<facet>/topics", views.get_facet_topics, name="get_facet_topics"),
+    path("facets", ListFacetsView.as_view(), name="list_facets"),
+    path("facets/<facet>", GetFacetView.as_view(), name="get_facet"),
 ]
diff --git a/geonode/facets/views.py b/geonode/facets/views.py
index a02c8aa961f..5bd186b7045 100644
--- a/geonode/facets/views.py
+++ b/geonode/facets/views.py
@@ -21,11 +21,10 @@
 from urllib.parse import urlencode
 
 from rest_framework.authentication import SessionAuthentication, BasicAuthentication
-from rest_framework.decorators import api_view, authentication_classes
+from rest_framework.views import APIView
 
-from django.http import HttpResponseNotFound, JsonResponse, HttpResponseBadRequest
+from django.http import HttpResponseNotFound, JsonResponse
 from django.urls import reverse
-
 from django.conf import settings
 
 from geonode.base.api.views import ResourceBaseViewSet
@@ -44,188 +43,172 @@
 logger = logging.getLogger(__name__)
 
 
-@api_view(["GET"])
-@authentication_classes([SessionAuthentication, BasicAuthentication])
-def list_facets(request, **kwargs):
-    lang, lang_requested = _resolve_language(request)
-    add_links = _resolve_boolean(request, PARAM_ADD_LINKS, False)
-    include_topics = _resolve_boolean(request, PARAM_INCLUDE_TOPICS, False)
-    include_config = _resolve_boolean(request, PARAM_INCLUDE_CONFIG, False)
-
-    facets = []
-    prefiltered = None
-
-    for provider in facet_registry.get_providers():
-        logger.debug("Fetching data from provider %r", provider)
-        info = provider.get_info(lang=lang)
+class BaseFacetingView(APIView):
+    authentication_classes = [SessionAuthentication, BasicAuthentication]
+
+    @classmethod
+    def _get_topics(
+        cls,
+        provider,
+        queryset,
+        page: int = 0,
+        page_size: int = DEFAULT_FACET_PAGE_SIZE,
+        lang: str = "en",
+        topic_contains: str = None,
+        keys: set = {},
+        **kwargs,
+    ):
+        start = page * page_size
+        end = start + page_size
+
+        cnt, items = provider.get_facet_items(
+            queryset, start=start, end=end, lang=lang, topic_contains=topic_contains, keys=keys
+        )
 
+        if keys:
+            keys.difference_update({str(t["key"]) for t in items})
+            if keys:
+                ext = provider.get_topics(keys, lang)
+                items.extend(ext)
+                cnt += len(ext)
+                logger.debug("Extending facets to %d for %s", cnt, provider.name)
+
+        return {"page": page, "page_size": page_size, "start": start, "total": cnt, "items": items}
+
+    @classmethod
+    def _prefilter_topics(cls, request):
+        """
+        Perform some prefiltering on resources, such as
+          - auth visibility
+          - filtering by other facets already applied
+        :param request:
+        :return: a QuerySet on ResourceBase
+        """
+        logger.debug("Filtering by user '%s'", request.user)
+        filters = {k: vlist for k, vlist in request.query_params.lists() if k.startswith("filter{")}
+        logger.warning(f"FILTERING BY {filters}")
+
+        if filters:
+            viewset = ResourceBaseViewSet(request=request, format_kwarg={}, kwargs=filters)
+            viewset.initial(request)
+            return get_visible_resources(queryset=viewset.filter_queryset(viewset.get_queryset()), user=request.user)
+        else:
+            # return ResourceBase.objects
+            return get_visible_resources(ResourceBase.objects, request.user)
+
+    @classmethod
+    def _resolve_language(cls, request) -> (str, bool):
+        """
+        :return: the resolved language, a boolean telling if the language was requested
+        """
+        # first try with an explicit request using params
+        if lang := request.GET.get(PARAM_LANG, None):
+            return lang, True
+        # 2nd try: use LANGUAGE_CODE
+        try:
+            return request.LANGUAGE_CODE.split("-")[0], False
+        except AttributeError:
+            return settings.LANGUAGE_CODE, False
+
+    @classmethod
+    def _resolve_boolean(cls, request, name, fallback=None):
+        """
+        Parse boolean query params
+        """
+        val = request.GET.get(name, None)
+        if val is None:
+            return fallback
+
+        val = val.lower()
+        if val.startswith("t") or val.startswith("y") or val == "1":
+            return True
+        elif val.startswith("f") or val.startswith("n") or val == "0":
+            return False
+        else:
+            return fallback
+
+
+class ListFacetsView(BaseFacetingView):
+    def get(self, request, *args, **kwargs):
+        lang, lang_requested = self._resolve_language(request)
+        add_links = self._resolve_boolean(request, PARAM_ADD_LINKS, False)
+        include_topics = self._resolve_boolean(request, PARAM_INCLUDE_TOPICS, False)
+        include_config = self._resolve_boolean(request, PARAM_INCLUDE_CONFIG, False)
+
+        facets = []
+        prefiltered = None
+
+        for provider in facet_registry.get_providers():
+            logger.debug("Fetching data from provider %r", provider)
+            info = provider.get_info(lang=lang)
+
+            if include_config:
+                info["config"] = provider.config
+
+            if add_links:
+                link_args = {PARAM_ADD_LINKS: True}
+                if lang_requested:  # only add lang param if specified in current call
+                    link_args[PARAM_LANG] = lang
+                info["link"] = f"{reverse('get_facet', args=[info['name']])}?{urlencode(link_args)}"
+
+            if include_topics:
+                prefiltered = prefiltered or self._prefilter_topics(request)
+                info["topics"] = self._get_topics(provider, queryset=prefiltered, lang=lang)
+
+            facets.append(info)
+
+        logger.debug("Returning facets %r", facets)
+        return JsonResponse({"facets": facets})
+
+
+class GetFacetView(BaseFacetingView):
+    def get(self, request, facet):
+        logger.debug("get_facet -> %r for user '%r'", facet, request.user.username)
+
+        # retrieve provider for the requested facet
+        provider: FacetProvider = facet_registry.get_provider(facet)
+        if not provider:
+            return HttpResponseNotFound()
+
+        # parse some query params
+        lang, lang_requested = self._resolve_language(request)
+        add_link = self._resolve_boolean(request, PARAM_ADD_LINKS, False)
+        include_config = self._resolve_boolean(request, PARAM_INCLUDE_CONFIG, False)
+
+        topic_contains = request.GET.get(PARAM_TOPIC_CONTAINS, None)
+        keys = set(request.query_params.getlist("key"))
+
+        page = int(request.GET.get(PARAM_PAGE, 0))
+        page_size = int(request.GET.get(PARAM_PAGE_SIZE, DEFAULT_FACET_PAGE_SIZE))
+
+        info = provider.get_info(lang)
         if include_config:
             info["config"] = provider.config
 
-        if add_links:
-            link_args = {PARAM_ADD_LINKS: True}
-            if lang_requested:  # only add lang param if specified in current call
-                link_args[PARAM_LANG] = lang
-            info["link"] = f"{reverse('get_facet', args=[info['name']])}?{urlencode(link_args)}"
-
-        if include_topics:
-            prefiltered = prefiltered or _prefilter_topics(request)
-            info["topics"] = _get_topics(provider, queryset=prefiltered, lang=lang)
-
-        facets.append(info)
-
-    logger.debug("Returning facets %r", facets)
-    return JsonResponse({"facets": facets})
-
-
-@api_view(["GET"])
-@authentication_classes([SessionAuthentication, BasicAuthentication])
-def get_facet(request, facet):
-    logger.debug("get_facet -> %r for user '%r'", facet, request.user.username)
-
-    # retrieve provider for the requested facet
-    provider: FacetProvider = facet_registry.get_provider(facet)
-    if not provider:
-        return HttpResponseNotFound()
-
-    # parse some query params
-    lang, lang_requested = _resolve_language(request)
-    add_link = _resolve_boolean(request, PARAM_ADD_LINKS, False)
-    include_config = _resolve_boolean(request, PARAM_INCLUDE_CONFIG, False)
-
-    topic_contains = request.GET.get(PARAM_TOPIC_CONTAINS, None)
-    keys = set(request.query_params.getlist("key"))
-
-    page = int(request.GET.get(PARAM_PAGE, 0))
-    page_size = int(request.GET.get(PARAM_PAGE_SIZE, DEFAULT_FACET_PAGE_SIZE))
-
-    info = provider.get_info(lang)
-    if include_config:
-        info["config"] = provider.config
-
-    qs = _prefilter_topics(request)
-    topics = _get_topics(
-        provider, queryset=qs, page=page, page_size=page_size, lang=lang, topic_contains=topic_contains, keys=keys
-    )
-
-    if add_link:
-        exist_prev = page > 0
-        exist_next = topics["total"] > (page + 1) * page_size
-        link = reverse("get_facet", args=[info["name"]])
-        for exist, link_name, p in (
-            (exist_prev, "prev", page - 1),
-            (exist_next, "next", page + 1),
-        ):
-            link_param = {PARAM_PAGE: p, PARAM_PAGE_SIZE: page_size, PARAM_LANG: lang, PARAM_ADD_LINKS: True}
-            if lang_requested:  # only add lang param if specified in current call
-                link_param[PARAM_LANG] = lang
-            if topic_contains:
-                link_param[PARAM_TOPIC_CONTAINS] = topic_contains
-            info[link_name] = f"{link}?{urlencode(link_param)}" if exist else None
-
-    if topic_contains:
-        # in the payload let's rmb this is a filtered output
-        info["topic_contains"] = topic_contains
-
-    info["topics"] = topics
-
-    return JsonResponse(info)
-
-
-@api_view(["GET"])
-def get_facet_topics(request, facet):
-    logger.debug("get_facet_topics -> %r", facet)
-
-    # retrieve provider for the requested facet
-    provider: FacetProvider = facet_registry.get_provider(facet)
-    if not provider:
-        return HttpResponseNotFound("Facet not found")
-
-    # parse some query params
-    lang, lang_requested = _resolve_language(request)
-    keys = request.query_params.getlist("key")
-    if not keys:
-        return HttpResponseBadRequest("Missing key parameter")
-
-    ret = {"topics": {"items": provider.get_topics(keys, lang=lang)}}
-    return JsonResponse(ret)
-
-
-def _get_topics(
-    provider,
-    queryset,
-    page: int = 0,
-    page_size: int = DEFAULT_FACET_PAGE_SIZE,
-    lang: str = "en",
-    topic_contains: str = None,
-    keys: set = {},
-    **kwargs,
-):
-    start = page * page_size
-    end = start + page_size
-
-    cnt, items = provider.get_facet_items(
-        queryset, start=start, end=end, lang=lang, topic_contains=topic_contains, keys=keys
-    )
-
-    if keys:
-        keys.difference_update({str(t["key"]) for t in items})
-        if keys:
-            ext = provider.get_topics(keys, lang)
-            items.extend(ext)
-            cnt += len(ext)
-            logger.debug("Extending facets to %d for %s", cnt, provider.name)
-
-    return {"page": page, "page_size": page_size, "start": start, "total": cnt, "items": items}
-
-
-def _prefilter_topics(request):
-    """
-    Perform some prefiltering on resources, such as
-      - auth visibility
-      - filtering by other facets already applied
-    :param request:
-    :return: a QuerySet on ResourceBase
-    """
-    logger.debug("Filtering by user '%s'", request.user)
-    filters = {k: vlist for k, vlist in request.query_params.lists() if k.startswith("filter{")}
-    logger.warning(f"FILTERING BY {filters}")
-
-    if filters:
-        viewset = ResourceBaseViewSet(request=request, format_kwarg={}, kwargs=filters)
-        viewset.initial(request)
-        return get_visible_resources(queryset=viewset.filter_queryset(viewset.get_queryset()), user=request.user)
-    else:
-        # return ResourceBase.objects
-        return get_visible_resources(ResourceBase.objects, request.user)
-
-
-def _resolve_language(request) -> (str, bool):
-    """
-    :return: the resolved language, a boolean telling if the language was requested
-    """
-    # first try with an explicit request using params
-    if lang := request.GET.get(PARAM_LANG, None):
-        return lang, True
-    # 2nd try: use LANGUAGE_CODE
-    try:
-        return request.LANGUAGE_CODE.split("-")[0], False
-    except AttributeError:
-        return settings.LANGUAGE_CODE, False
-
-
-def _resolve_boolean(request, name, fallback=None):
-    """
-    Parse boolean query params
-    """
-    val = request.GET.get(name, None)
-    if val is None:
-        return fallback
-
-    val = val.lower()
-    if val.startswith("t") or val.startswith("y") or val == "1":
-        return True
-    elif val.startswith("f") or val.startswith("n") or val == "0":
-        return False
-    else:
-        return fallback
+        qs = self._prefilter_topics(request)
+        topics = self._get_topics(
+            provider, queryset=qs, page=page, page_size=page_size, lang=lang, topic_contains=topic_contains, keys=keys
+        )
+
+        if add_link:
+            exist_prev = page > 0
+            exist_next = topics["total"] > (page + 1) * page_size
+            link = reverse("get_facet", args=[info["name"]])
+            for exist, link_name, p in (
+                (exist_prev, "prev", page - 1),
+                (exist_next, "next", page + 1),
+            ):
+                link_param = {PARAM_PAGE: p, PARAM_PAGE_SIZE: page_size, PARAM_LANG: lang, PARAM_ADD_LINKS: True}
+                if lang_requested:  # only add lang param if specified in current call
+                    link_param[PARAM_LANG] = lang
+                if topic_contains:
+                    link_param[PARAM_TOPIC_CONTAINS] = topic_contains
+                info[link_name] = f"{link}?{urlencode(link_param)}" if exist else None
+
+        if topic_contains:
+            # in the payload let's rmb this is a filtered output
+            info["topic_contains"] = topic_contains
+
+        info["topics"] = topics
+
+        return JsonResponse(info)

From f1a905b0070fe11e6f232fa97f432721038f8ebe Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Mon, 23 Oct 2023 14:16:44 +0200
Subject: [PATCH 283/330] Makes more clear the is_enable function in themes
 (#11631)

* Makes more clear the is_enable function in themes

* Update models.py

* Update 0015_alter_geonodethemecustomization_is_enabled.py

* fix format
---
 ...ter_geonodethemecustomization_is_enabled.py | 18 ++++++++++++++++++
 geonode/themes/models.py                       |  3 ++-
 2 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 geonode/themes/migrations/0015_alter_geonodethemecustomization_is_enabled.py

diff --git a/geonode/themes/migrations/0015_alter_geonodethemecustomization_is_enabled.py b/geonode/themes/migrations/0015_alter_geonodethemecustomization_is_enabled.py
new file mode 100644
index 00000000000..fcd18f8ee3c
--- /dev/null
+++ b/geonode/themes/migrations/0015_alter_geonodethemecustomization_is_enabled.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.21 on 2023-10-23 10:20
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('geonode_themes', '0014_auto_20220214_0910'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='geonodethemecustomization',
+            name='is_enabled',
+            field=models.BooleanField(default=False, help_text='Set this theme as the current global theme for GeoNode. This will disable the current theme (if any)'),
+        ),
+    ]
diff --git a/geonode/themes/models.py b/geonode/themes/models.py
index 40f49478a1f..b94f9c6dd3c 100644
--- a/geonode/themes/models.py
+++ b/geonode/themes/models.py
@@ -54,7 +54,8 @@ class GeoNodeThemeCustomization(models.Model):
     name = models.CharField(max_length=100, help_text="This will not appear anywhere.")
     description = models.TextField(null=True, blank=True, help_text="This will not appear anywhere.")
     is_enabled = models.BooleanField(
-        default=False, help_text="Enabling this theme will disable the current enabled theme (if any)"
+        default=False,
+        help_text="Set this theme as the current global theme for GeoNode. This will disable the current theme (if any)",
     )
     logo = models.ImageField(upload_to="img/%Y/%m", null=True, blank=True)
     extra_css = models.TextField(

From b30312136a1c903d9e4b6ee568f23a56e573dc6c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcel=20Wallschl=C3=A4ger?= <marcel.wallschlaeger@zalf.de>
Date: Mon, 23 Oct 2023 15:08:10 +0200
Subject: [PATCH 284/330] [Fixes #10290] complete ISO contact roles per
 ressource base with multiplicity (#10367)

* issue#10290_complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* issue#10290_complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* issue#10290_complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* issue#10290_complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* fixed typo

* created a centralized enum with the roles. added contacts to geonode_metadata_full.html. refactored

* multiple poc are displayed in _resourcebase_info_panel

* Fixes #10290 complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* Fixes #10290 complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* Fixes #10290 complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* Fixes #10290 complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* Fixes #10290 complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* Fixes #10290 complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* Fixes #10290 complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* Fixes #10290 complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* Fixes #10290 complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* Fixes #10290 complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* Fixes #10290 complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* Updates for PATCH for multiple contacts along with tests for each role.

* Fixes #10290 complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* Fixes GeoNode#10290 complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* Fixed default contact roles for new resource and added tests

* black

* black

* Fixed AttributeError with TaggitProfileSelect2Custom

* Fixes #10290 complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* issue#10290_complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* issue#10290_complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* issue#10290_complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* - Fix formatting

* issue#10290_complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* issue#10290_complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* issue#10290_complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* issue#10290_complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* issue#10290_complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* issue#10290_complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* issue#10290_complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* [Fixes #10290] complete ISO contact roles per ressource base with multiplicity

* [Fixes #10290] complete ISO contact roles per ressource base with multiplicity

* Revert "[Fixes #10290] complete ISO contact roles per ressource base with multiplicity"

This reverts commit 44b294b26a0ed0491ca30171c7612bee44c7b944.

* issue#10290_complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* issue#10290_complete_ISO_contact_roles_per_ressource_base_with_multiplicity

* revert unintended changes from recent commit

* revert unintended changes from recent commit

* revert unintended changes from recent commit

* revert unintended changes from recent commit

---------

Co-authored-by: Malte Iwanicki <malteiwa@gmail.com>
Co-authored-by: Malte Iwanicki <45853662+MalteIwanicki@users.noreply.github.com>
Co-authored-by: ahmdthr <ahmad.tahir@pixida.de>
Co-authored-by: Florian Hoedt <gannebamm@gmail.com>
Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
Co-authored-by: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
Co-authored-by: Marcel Wallschlaeger <mwarcel.wallschlaeger@zalf.de>
---
 geonode/base/api/serializers.py               |  67 ++-
 geonode/base/forms.py                         |  93 ++-
 .../base/migrations/0086_linkedresource.py    |  26 +-
 geonode/base/models.py                        | 332 ++++++++---
 .../base/_resourcebase_info_panel.html        |   6 +-
 geonode/base/templatetags/base_tags.py        |   6 +
 geonode/base/tests.py                         | 106 +++-
 geonode/base/widgets.py                       |  18 +
 .../backends/pycsw_local_mappings.py          |   1 +
 .../templates/catalogue/full_metadata.xml     | 131 +----
 .../templates/geonode_metadata_full.html      |  12 +-
 geonode/catalogue/views.py                    |  33 +-
 geonode/documents/api/tests.py                | 302 ++++++++++
 .../0037_delete_documentresourcelink.py       |  15 +-
 .../documents/document_metadata.html          |   8 +-
 .../documents/document_metadata_advanced.html |   8 +-
 .../templates/layouts/doc_panels.html         |  46 +-
 geonode/documents/views.py                    |  62 +-
 .../geoapps/templates/apps/app_metadata.html  |   2 +-
 .../templates/apps/app_metadata_advanced.html |   2 +-
 .../geoapps/templates/layouts/app_panels.html |  30 +-
 geonode/geoapps/views.py                      |  65 +-
 geonode/geoserver/helpers.py                  |   8 +-
 .../harvesting/harvesters/geonodeharvester.py |   1 +
 geonode/layers/api/tests.py                   | 298 ++++++++++
 .../templates/datasets/dataset_metadata.html  |   8 +-
 .../datasets/dataset_metadata_advanced.html   |   8 +-
 geonode/layers/templates/layouts/panels.html  |  56 +-
 geonode/layers/templatetags/contact_roles.py  |  43 ++
 geonode/layers/tests.py                       |  41 ++
 geonode/layers/views.py                       |  72 +--
 geonode/locale/de/LC_MESSAGES/django.mo       | Bin 156640 -> 156832 bytes
 geonode/locale/de/LC_MESSAGES/django.po       |   6 +
 geonode/locale/en/LC_MESSAGES/django.mo       | Bin 143908 -> 144085 bytes
 geonode/locale/en/LC_MESSAGES/django.po       |   6 +
 geonode/locale/fr/LC_MESSAGES/django.mo       | Bin 161109 -> 161262 bytes
 geonode/locale/fr/LC_MESSAGES/django.po       |   6 +
 geonode/locale/it/LC_MESSAGES/django.mo       | Bin 161218 -> 20525 bytes
 geonode/locale/it/LC_MESSAGES/django.po       |   6 +
 geonode/maps/api/tests.py                     |   1 -
 geonode/maps/models.py                        |   2 +-
 .../maps/templates/layouts/map_panels.html    |  52 +-
 geonode/maps/templates/maps/map_metadata.html |   2 +-
 .../templates/maps/map_metadata_advanced.html |   2 +-
 geonode/maps/views.py                         |  51 +-
 geonode/people/__init__.py                    |  63 ++
 geonode/people/forms.py                       |   1 +
 geonode/resource/utils.py                     |  17 +-
 geonode/settings.py                           |   7 +
 geonode/templates/metadata_detail.html        | 555 ++++++++++++++++--
 50 files changed, 2106 insertions(+), 577 deletions(-)
 create mode 100644 geonode/layers/templatetags/contact_roles.py

diff --git a/geonode/base/api/serializers.py b/geonode/base/api/serializers.py
index 077c605361b..01887f4fe4e 100644
--- a/geonode/base/api/serializers.py
+++ b/geonode/base/api/serializers.py
@@ -28,12 +28,14 @@
 from django.forms.models import model_to_dict
 from django.contrib.auth import get_user_model
 from django.db.models.query import QuerySet
+from geonode.people import Roles
 from django.http import QueryDict
 
 from deprecated import deprecated
 from rest_framework import serializers
 from rest_framework_gis import fields
 from rest_framework.reverse import reverse, NoReverseMatch
+from rest_framework.exceptions import ParseError
 
 from dynamic_rest.serializers import DynamicEphemeralSerializer, DynamicModelSerializer
 from dynamic_rest.fields.fields import DynamicRelationField, DynamicComputedField
@@ -379,15 +381,44 @@ def to_representation(self, instance):
 
 
 class ContactRoleField(DynamicComputedField):
-    def __init__(self, contat_type, **kwargs):
-        self.contat_type = contat_type
+    default_error_messages = {
+        "required": ("ContactRoleField This field is required."),
+    }
+
+    def __init__(self, contact_type, **kwargs):
+        self.contact_type = contact_type
         super().__init__(**kwargs)
 
     def get_attribute(self, instance):
-        return getattr(instance, self.contat_type)
+        return getattr(instance, self.contact_type)
 
     def to_representation(self, value):
-        return UserSerializer(embed=True, many=False).to_representation(value)
+        return [UserSerializer(embed=True, many=False).to_representation(v) for v in value]
+
+    def get_pks_of_users_to_set(self, value):
+        pks_of_users_to_set = []
+        for val in value:
+            # make it possible to set contact roles via username or pk through API
+            if "username" in val and "pk" in val:
+                pk = val["pk"]
+                username = val["username"]
+                pk_user = get_user_model().objects.get(pk=pk)
+                username_user = get_user_model().objects.get(username=username)
+                if pk_user.pk != username_user.pk:
+                    raise ParseError(
+                        detail=f"user with pk: {pk} and username: {username} is not the same ... ", code=403
+                    )
+                pks_of_users_to_set.append(pk)
+            elif "username" in val:
+                username = val["username"]
+                username_user = get_user_model().objects.get(username=[username])
+                pks_of_users_to_set.append(username_user.pk)
+            elif "pk" in val:
+                pks_of_users_to_set.append(val["pk"])
+        return pks_of_users_to_set
+
+    def to_internal_value(self, value):
+        return get_user_model().objects.filter(pk__in=self.get_pks_of_users_to_set(value))
 
 
 class ExtentBboxField(DynamicComputedField):
@@ -479,16 +510,22 @@ def __init__(self, *args, **kwargs):
         self.fields["uuid"] = serializers.CharField(read_only=True)
         self.fields["resource_type"] = serializers.CharField(required=False)
         self.fields["polymorphic_ctype_id"] = serializers.CharField(read_only=True)
-        self.fields["owner"] = DynamicRelationField(
-            UserSerializer, embed=True, many=False, read_only=True, required=False
-        )
-        self.fields["poc"] = ContactRoleField("poc", read_only=True)
-        self.fields["metadata_author"] = ContactRoleField("metadata_author", read_only=True)
-        self.fields["title"] = serializers.CharField()
+        self.fields["owner"] = DynamicRelationField(UserSerializer, embed=True, many=False, read_only=True)
+        self.fields["metadata_author"] = ContactRoleField(Roles.METADATA_AUTHOR.name, required=False)
+        self.fields["processor"] = ContactRoleField(Roles.PROCESSOR.name, required=False)
+        self.fields["publisher"] = ContactRoleField(Roles.PUBLISHER.name, required=False)
+        self.fields["custodian"] = ContactRoleField(Roles.CUSTODIAN.name, required=False)
+        self.fields["poc"] = ContactRoleField(Roles.POC.name, required=False)
+        self.fields["distributor"] = ContactRoleField(Roles.DISTRIBUTOR.name, required=False)
+        self.fields["resource_user"] = ContactRoleField(Roles.RESOURCE_USER.name, required=False)
+        self.fields["resource_provider"] = ContactRoleField(Roles.RESOURCE_PROVIDER.name, required=False)
+        self.fields["originator"] = ContactRoleField(Roles.ORIGINATOR.name, required=False)
+        self.fields["principal_investigator"] = ContactRoleField(Roles.PRINCIPAL_INVESTIGATOR.name, required=False)
+        self.fields["title"] = serializers.CharField(required=False)
         self.fields["abstract"] = serializers.CharField(required=False)
         self.fields["attribution"] = serializers.CharField(required=False)
         self.fields["doi"] = serializers.CharField(required=False)
-        self.fields["alternate"] = serializers.CharField(read_only=True)
+        self.fields["alternate"] = serializers.CharField(read_only=True, required=False)
         self.fields["date"] = serializers.DateTimeField(required=False)
         self.fields["date_type"] = serializers.CharField(required=False)
         self.fields["temporal_extent_start"] = serializers.DateTimeField(required=False)
@@ -559,6 +596,14 @@ class Meta:
             "owner",
             "poc",
             "metadata_author",
+            "processor",
+            "publisher",
+            "custodian",
+            "distributor",
+            "resource_user",
+            "resource_provider",
+            "originator",
+            "principal_investigator",
             "keywords",
             "tkeywords",
             "regions",
diff --git a/geonode/base/forms.py b/geonode/base/forms.py
index 1c720aac2d0..8c6bd6bd816 100644
--- a/geonode/base/forms.py
+++ b/geonode/base/forms.py
@@ -57,11 +57,12 @@
     ThesaurusLabel,
     TopicCategory,
 )
-from geonode.base.widgets import TaggitSelect2Custom
+from geonode.base.widgets import TaggitSelect2Custom, TaggitProfileSelect2Custom
 from geonode.base.fields import MultiThesauriField
 from geonode.documents.models import Document
 from geonode.layers.models import Dataset
 from geonode.base.utils import validate_extra_metadata, remove_country_from_languagecode
+from geonode.people import Roles
 
 logger = logging.getLogger(__name__)
 
@@ -348,6 +349,16 @@ def _get_thesauro_title_label(item, lang):
         return tname.first()
 
 
+class ContactRoleMultipleChoiceField(forms.ModelMultipleChoiceField):
+    def clean(self, value) -> QuerySet:
+        try:
+            users = get_user_model().objects.filter(username__in=value)
+        except TypeError:
+            # value of not supported type ...
+            raise forms.ValidationError(_("Something went wrong in finding the profile(s) in a contact role form ..."))
+        return users
+
+
 class LinkedResourceForm(forms.ModelForm):
     linked_resources = forms.ModelMultipleChoiceField(
         label=_("Related resources"),
@@ -418,8 +429,8 @@ class ResourceBaseForm(TranslationModelForm, LinkedResourceForm):
     data_quality_statement = forms.CharField(label=_("Data quality statement"), required=False, widget=TinyMCE())
 
     owner = forms.ModelChoiceField(
-        empty_label=_("Owner"),
-        label=_("Owner"),
+        empty_label=_(Roles.OWNER.label),
+        label=_(Roles.OWNER.label),
         required=True,
         queryset=get_user_model().objects.exclude(username="AnonymousUser"),
         widget=autocomplete.ModelSelect2(url="autocomplete_profile"),
@@ -448,20 +459,74 @@ class ResourceBaseForm(TranslationModelForm, LinkedResourceForm):
         widget=ResourceBaseDateTimePicker(options={"format": "YYYY-MM-DD HH:mm a"}),
     )
 
-    poc = forms.ModelChoiceField(
-        empty_label=_("Person outside GeoNode (fill form)"),
-        label=_("Point of Contact"),
-        required=False,
+    metadata_author = ContactRoleMultipleChoiceField(
+        label=_(Roles.METADATA_AUTHOR.label),
+        required=Roles.METADATA_AUTHOR.is_required,
         queryset=get_user_model().objects.exclude(username="AnonymousUser"),
-        widget=autocomplete.ModelSelect2(url="autocomplete_profile"),
+        widget=TaggitProfileSelect2Custom(url="autocomplete_profile"),
     )
 
-    metadata_author = forms.ModelChoiceField(
-        empty_label=_("Person outside GeoNode (fill form)"),
-        label=_("Metadata Author"),
-        required=False,
+    processor = ContactRoleMultipleChoiceField(
+        label=_(Roles.PROCESSOR.label),
+        required=Roles.PROCESSOR.is_required,
         queryset=get_user_model().objects.exclude(username="AnonymousUser"),
-        widget=autocomplete.ModelSelect2(url="autocomplete_profile"),
+        widget=TaggitProfileSelect2Custom(url="autocomplete_profile"),
+    )
+
+    publisher = ContactRoleMultipleChoiceField(
+        label=_(Roles.PUBLISHER.label),
+        required=Roles.PUBLISHER.is_required,
+        queryset=get_user_model().objects.exclude(username="AnonymousUser"),
+        widget=TaggitProfileSelect2Custom(url="autocomplete_profile"),
+    )
+
+    custodian = ContactRoleMultipleChoiceField(
+        label=_(Roles.CUSTODIAN.label),
+        required=Roles.CUSTODIAN.is_required,
+        queryset=get_user_model().objects.exclude(username="AnonymousUser"),
+        widget=TaggitProfileSelect2Custom(url="autocomplete_profile"),
+    )
+
+    poc = ContactRoleMultipleChoiceField(
+        label=_(Roles.POC.label),
+        required=Roles.POC.is_required,
+        queryset=get_user_model().objects.exclude(username="AnonymousUser"),
+        widget=TaggitProfileSelect2Custom(url="autocomplete_profile"),
+    )
+
+    distributor = ContactRoleMultipleChoiceField(
+        label=_(Roles.DISTRIBUTOR.label),
+        required=Roles.DISTRIBUTOR.is_required,
+        queryset=get_user_model().objects.exclude(username="AnonymousUser"),
+        widget=TaggitProfileSelect2Custom(url="autocomplete_profile"),
+    )
+
+    resource_user = ContactRoleMultipleChoiceField(
+        label=_(Roles.RESOURCE_USER.label),
+        required=Roles.RESOURCE_USER.is_required,
+        queryset=get_user_model().objects.exclude(username="AnonymousUser"),
+        widget=TaggitProfileSelect2Custom(url="autocomplete_profile"),
+    )
+
+    resource_provider = ContactRoleMultipleChoiceField(
+        label=_(Roles.RESOURCE_PROVIDER.label),
+        required=Roles.RESOURCE_PROVIDER.is_required,
+        queryset=get_user_model().objects.exclude(username="AnonymousUser"),
+        widget=TaggitProfileSelect2Custom(url="autocomplete_profile"),
+    )
+
+    originator = ContactRoleMultipleChoiceField(
+        label=_(Roles.ORIGINATOR.label),
+        required=Roles.ORIGINATOR.is_required,
+        queryset=get_user_model().objects.exclude(username="AnonymousUser"),
+        widget=TaggitProfileSelect2Custom(url="autocomplete_profile"),
+    )
+
+    principal_investigator = ContactRoleMultipleChoiceField(
+        label=_(Roles.PRINCIPAL_INVESTIGATOR.label),
+        required=Roles.PRINCIPAL_INVESTIGATOR.is_required,
+        queryset=get_user_model().objects.exclude(username="AnonymousUser"),
+        widget=TaggitProfileSelect2Custom(url="autocomplete_profile"),
     )
 
     keywords = TagField(
@@ -512,7 +577,7 @@ def __init__(self, *args, **kwargs):
                     }
                 )
 
-            if field in ["poc", "owner"] and not self.can_change_perms:
+            if field in ["owner"] and not self.can_change_perms:
                 self.fields[field].disabled = True
 
     def disable_keywords_widget_for_non_superuser(self, user):
diff --git a/geonode/base/migrations/0086_linkedresource.py b/geonode/base/migrations/0086_linkedresource.py
index cc5929e788d..e5b5f42d435 100644
--- a/geonode/base/migrations/0086_linkedresource.py
+++ b/geonode/base/migrations/0086_linkedresource.py
@@ -5,19 +5,31 @@
 
 
 class Migration(migrations.Migration):
-
     dependencies = [
-        ('base', '0085_alter_resourcebase_uuid'),
+        ("base", "0085_alter_resourcebase_uuid"),
     ]
 
     operations = [
         migrations.CreateModel(
-            name='LinkedResource',
+            name="LinkedResource",
             fields=[
-                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('source', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='linked_to', to='base.resourcebase')),
-                ('target', models.ForeignKey(blank=True, on_delete=django.db.models.deletion.CASCADE, related_name='linked_by', to='base.resourcebase')),
-                ('internal', models.BooleanField(default=False)),
+                ("id", models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name="ID")),
+                (
+                    "source",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE, related_name="linked_to", to="base.resourcebase"
+                    ),
+                ),
+                (
+                    "target",
+                    models.ForeignKey(
+                        blank=True,
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="linked_by",
+                        to="base.resourcebase",
+                    ),
+                ),
+                ("internal", models.BooleanField(default=False)),
             ],
         ),
     ]
diff --git a/geonode/base/models.py b/geonode/base/models.py
index b316ae4a33b..5768df93281 100644
--- a/geonode/base/models.py
+++ b/geonode/base/models.py
@@ -24,6 +24,7 @@
 import uuid
 import logging
 import traceback
+from typing import List, Optional, Union, Tuple
 from sequences.models import Sequence
 
 from sequences import get_next_value
@@ -39,6 +40,7 @@
 from django.contrib.auth.models import Group
 from django.core.files.base import ContentFile
 from django.contrib.auth import get_user_model
+from django.db.models.query import QuerySet
 from django.db.models.fields.json import JSONField
 from django.utils.functional import cached_property, classproperty
 from django.contrib.gis.geos import GEOSGeometry, Polygon, Point
@@ -81,6 +83,7 @@
 from geonode.security.permissions import VIEW_PERMISSIONS, OWNER_PERMISSIONS
 
 from geonode.notifications_helper import send_notification, get_notification_recipients
+from geonode.people import Roles
 from geonode.people.enumerations import ROLE_VALUES
 
 from urllib.parse import urlsplit, urljoin
@@ -101,37 +104,6 @@ class ContactRole(models.Model):
         choices=ROLE_VALUES, max_length=255, help_text=_("function performed by the responsible " "party")
     )
 
-    def clean(self):
-        """
-        Make sure there is only one poc and author per resource
-        """
-
-        if not hasattr(self, "resource"):
-            # The ModelForm will already raise a Validation error for a missing resource.
-            # Re-raising an empty error here ensures the rest of this method isn't
-            # executed.
-            raise ValidationError("")
-
-        if (self.role == self.resource.poc) or (self.role == self.resource.metadata_author):
-            contacts = self.resource.contacts.filter(contactrole__role=self.role)
-            if contacts.count() == 1:
-                # only allow this if we are updating the same contact
-                if self.contact != contacts.get():
-                    raise ValidationError(f"There can be only one {self.role} for a given resource")
-        if self.contact is None:
-            # verify that any unbound contact is only associated to one
-            # resource
-            bounds = ContactRole.objects.filter(contact=self.contact).count()
-            if bounds > 1:
-                raise ValidationError("There can be one and only one resource linked to an unbound contact" % self.role)
-            elif bounds == 1:
-                # verify that if there was one already, it corresponds to this
-                # instance
-                if ContactRole.objects.filter(contact=self.contact).get().id != self.id:
-                    raise ValidationError(
-                        "There can be one and only one resource linked to an unbound contact" % self.role
-                    )
-
     class Meta:
         unique_together = (("contact", "resource", "role"),)
 
@@ -1141,14 +1113,6 @@ def organizationname(self):
     def restriction_code(self):
         return self.restriction_code_type.gn_description if self.restriction_code_type else None
 
-    @property
-    def publisher(self):
-        return self.poc.get_full_name() or self.poc.username
-
-    @property
-    def contributor(self):
-        return self.metadata_author.get_full_name() or self.metadata_author.username
-
     @property
     def topiccategory(self):
         return self.category.identifier if self.category else None
@@ -1666,10 +1630,10 @@ def set_missing_info(self):
                 pass
 
         if user:
-            if self.poc is None:
-                self.poc = user
-            if self.metadata_author is None:
-                self.metadata_author = user
+            if len(self.poc) == 0:
+                self.poc = [user]
+            if len(self.metadata_author) == 0:
+                self.metadata_author = [user]
 
         from guardian.models import UserObjectPermission
 
@@ -1689,45 +1653,273 @@ def maintenance_frequency_title(self):
     def language_title(self):
         return [v for v in enumerations.ALL_LANGUAGES if v[0] == self.language][0][1].title()
 
-    def _set_poc(self, poc):
-        # reset any poc assignation to this resource
-        ContactRole.objects.filter(role="pointOfContact", resource=self).delete()
-        # create the new assignation
-        ContactRole.objects.create(role="pointOfContact", resource=self, contact=poc)
+    # Contact Roles
+    def add_missing_metadata_author_or_poc(self):
+        """
+        Set metadata_author and/or point of contact (poc) to a resource when any of them is missing
+        """
+        if len(self.metadata_author) == 0:
+            self.metadata_author = [self.owner]
+        if len(self.poc) == 0:
+            self.poc = [self.owner]
+
+    @staticmethod
+    def get_multivalue_role_property_names() -> List[str]:
+        """returns list of property names for all contact roles able to
+            handle multiple profile_users
 
-    def _get_poc(self):
-        try:
-            the_poc = ContactRole.objects.get(role="pointOfContact", resource=self).contact
-        except ContactRole.DoesNotExist:
-            the_poc = None
-        return the_poc
+        Returns:
+            _type_: List(str)
+            _description: list of names
+        """
+        return [role.name for role in Roles.get_multivalue_ones()]
 
-    poc = property(_get_poc, _set_poc)
+    @staticmethod
+    def get_multivalue_required_role_property_names() -> List[str]:
+        """returns list of property names for all contact roles that are required
 
-    def _set_metadata_author(self, metadata_author):
-        # reset any metadata_author assignation to this resource
-        ContactRole.objects.filter(role="author", resource=self).delete()
-        # create the new assignation
-        ContactRole.objects.create(role="author", resource=self, contact=metadata_author)
+        Returns:
+            _type_: List(str)
+            _description: list of names
+        """
+        return [role.name for role in (set(Roles.get_multivalue_ones()) & set(Roles.get_required_ones()))]
 
-    def _get_metadata_author(self):
+    @staticmethod
+    def get_ui_toggled_role_property_names() -> List[str]:
+        """returns list of property names for all contact roles that are toggled of in metadata_editor
+
+        Returns:
+            _type_: List(str)
+            _description: list of names
+        """
+        return [role.name for role in (set(Roles.get_toggled_ones()) & set(Roles.get_toggled_ones()))]
+
+    # typing not possible due to: from geonode.base.forms import ResourceBaseForm; unable due to circular ...
+    def set_contact_roles_from_metadata_edit(self, resource_base_form) -> bool:
+        """gets a ResourceBaseForm and extracts the Contact Role elements from it
+
+        Args:
+            resource_base_form (ResourceBaseForm): ResourceBaseForm with contact roles set
+
+        Returns:
+            bool: true if all contact roles could be set, else false
+        """
+        failed = False
+        for role in self.get_multivalue_role_property_names():
+            try:
+                if resource_base_form.cleaned_data[role].exists():
+                    self.__setattr__(role, resource_base_form.cleaned_data[role])
+            except AttributeError:
+                logger.warning(f"unable to set contact role {role} for {self} ...")
+                failed = True
+        return failed
+
+    def __get_contact_role_elements__(self, role: str) -> Optional[List[settings.AUTH_USER_MODEL]]:
+        """general getter of for all contact roles except owner
+
+        Args:
+            role (str): string coresponding to ROLE_VALUES in geonode/people/enumarations, defining which propery is requested
+        Returns:
+            Optional[List[settings.AUTH_USER_MODEL]]: returns the requested contact role from the database
+        """
         try:
-            the_ma = ContactRole.objects.get(role="author", resource=self).contact
+            contact_role = ContactRole.objects.filter(role=role, resource=self)
+            contacts = [cr.contact for cr in contact_role]
         except ContactRole.DoesNotExist:
-            the_ma = None
-        return the_ma
+            contacts = None
+        return contacts
 
-    def add_missing_metadata_author_or_poc(self):
+    # types allowed as input for Contact role properties
+    CONTACT_ROLE_USER_PROFILES_ALLOWED_TYPES = Union[settings.AUTH_USER_MODEL, QuerySet, List[settings.AUTH_USER_MODEL]]
+
+    def __set_contact_role_element__(self, user_profile: CONTACT_ROLE_USER_PROFILES_ALLOWED_TYPES, role: str):
+        """general setter for all contact roles except owner in resource base
+
+        Args:
+            user_profile (CONTACT_ROLE_USER_PROFILES_ALLOWED_TYPES): _description_
+            role (str): tring coresponding to ROLE_VALUES in geonode/people/enumarations, defining which propery is to set
         """
-        Set metadata_author and/or point of contact (poc) to a resource when any of them is missing
+
+        def __create_role__(
+            resource, role: str, user_profile: settings.AUTH_USER_MODEL
+        ) -> List[settings.AUTH_USER_MODEL]:
+            return ContactRole.objects.create(role=role, resource=resource, contact=user_profile)
+
+        if isinstance(user_profile, QuerySet):
+            ContactRole.objects.filter(role=role, resource=self).delete()
+            return [__create_role__(self, role, user) for user in user_profile]
+
+        elif isinstance(user_profile, get_user_model()):
+            ContactRole.objects.filter(role=role, resource=self).delete()
+            return __create_role__(self, role, user_profile)
+
+        elif isinstance(user_profile, list) and all(isinstance(x, get_user_model()) for x in user_profile):
+            ContactRole.objects.filter(role=role, resource=self).delete()
+            return [__create_role__(self, role, profile) for profile in user_profile]
+
+        elif user_profile is None:
+            ContactRole.objects.filter(role=role, resource=self).delete()
+        else:
+            logger.error(f"Bad profile format for role: {role} ...")
+
+    def get_defined_multivalue_contact_roles(self) -> List[Tuple[List[settings.AUTH_USER_MODEL], str]]:
+        """Returns all set contact roles of the ressource with additional ROLE_VALUES from geonode.people.enumarations.ROLE_VALUES. Mainly used to generate output xml more easy.
+
+        Returns:
+              _type_: List[Tuple[List[people object], roles_label_name]]
+              _description: list tuples including two elements: 1. list of people have a certain role. 2. role label
+        """
+        return {
+            role.label: self.__getattribute__(role.name)
+            for role in Roles.get_multivalue_ones()
+            if self.__getattribute__(role.name)
+        }
+
+    def get_first_contact_of_role(self, role: str) -> Optional[ContactRole]:
+        """
+        Get the first contact from the specified role.
+
+        Parameters:
+            role (str): The role of the contact.
+
+        Returns:
+            ContactRole or None: The first contact with the specified role, or None if not found.
         """
-        if not self.metadata_author:
-            self.metadata_author = self.owner
-        if not self.poc:
-            self.poc = self.owner
+        if contact := self.__get_contact_role_elements__(role):
+            return contact[0]
+        else:
+            return None
+
+    # Contact Role: POC (pointOfContact)
+    def __get_poc__(self) -> List[settings.AUTH_USER_MODEL]:
+        return self.__get_contact_role_elements__(role="pointOfContact")
+
+    def __set_poc__(self, user_profile):
+        return self.__set_contact_role_element__(user_profile=user_profile, role="pointOfContact")
+
+    poc = property(__get_poc__, __set_poc__)
+
+    @property
+    def poc_csv(self):
+        return ",".join(p.get_full_name() or p.username for p in self.poc)
+
+    # Contact Role: metadata_author
+    def _get_metadata_author(self):
+        return self.__get_contact_role_elements__(role="author")
+
+    def _set_metadata_author(self, user_profile):
+        return self.__set_contact_role_element__(user_profile=user_profile, role="author")
 
     metadata_author = property(_get_metadata_author, _set_metadata_author)
 
+    @property
+    def metadata_author_csv(self):
+        return ",".join(p.get_full_name() or p.username for p in self.metadata_author)
+
+    # Contact Role: PROCESSOR
+    def _get_processor(self):
+        return self.__get_contact_role_elements__(role=Roles.PROCESSOR.name)
+
+    def _set_processor(self, user_profile):
+        return self.__set_contact_role_element__(user_profile=user_profile, role=Roles.PROCESSOR.name)
+
+    processor = property(_get_processor, _set_processor)
+
+    @property
+    def processor_csv(self):
+        return ",".join(p.get_full_name() or p.username for p in self.processor)
+
+    # Contact Role: PUBLISHER
+    def _get_publisher(self):
+        return self.__get_contact_role_elements__(role=Roles.PUBLISHER.name)
+
+    def _set_publisher(self, user_profile):
+        return self.__set_contact_role_element__(user_profile=user_profile, role=Roles.PUBLISHER.name)
+
+    publisher = property(_get_publisher, _set_publisher)
+
+    @property
+    def publisher_csv(self):
+        return ",".join(p.get_full_name() or p.username for p in self.publisher)
+
+    # Contact Role: CUSTODIAN
+    def _get_custodian(self):
+        return self.__get_contact_role_elements__(role=Roles.CUSTODIAN.name)
+
+    def _set_custodian(self, user_profile):
+        return self.__set_contact_role_element__(user_profile=user_profile, role=Roles.CUSTODIAN.name)
+
+    custodian = property(_get_custodian, _set_custodian)
+
+    @property
+    def custodian_csv(self):
+        return ",".join(p.get_full_name() or p.username for p in self.custodian)
+
+    # Contact Role: DISTRIBUTOR
+    def _get_distributor(self):
+        return self.__get_contact_role_elements__(role=Roles.DISTRIBUTOR.name)
+
+    def _set_distributor(self, user_profile):
+        return self.__set_contact_role_element__(user_profile=user_profile, role=Roles.DISTRIBUTOR.name)
+
+    distributor = property(_get_distributor, _set_distributor)
+
+    @property
+    def distributor_csv(self):
+        return ",".join(p.get_full_name() or p.username for p in self.distributor)
+
+    # Contact Role: RESOURCE_USER
+    def _get_resource_user(self):
+        return self.__get_contact_role_elements__(role=Roles.RESOURCE_USER.name)
+
+    def _set_resource_user(self, user_profile):
+        return self.__set_contact_role_element__(user_profile=user_profile, role=Roles.RESOURCE_USER.name)
+
+    resource_user = property(_get_resource_user, _set_resource_user)
+
+    @property
+    def resource_user_csv(self):
+        return ",".join(p.get_full_name() or p.username for p in self.resource_user)
+
+    # Contact Role: RESOURCE_PROVIDER
+    def _get_resource_provider(self):
+        return self.__get_contact_role_elements__(role=Roles.RESOURCE_PROVIDER.name)
+
+    def _set_resource_provider(self, user_profile):
+        return self.__set_contact_role_element__(user_profile=user_profile, role=Roles.RESOURCE_PROVIDER.name)
+
+    resource_provider = property(_get_resource_provider, _set_resource_provider)
+
+    @property
+    def resource_provider_csv(self):
+        return ",".join(p.get_full_name() or p.username for p in self.resource_provider)
+
+    # Contact Role: ORIGINATOR
+    def _get_originator(self):
+        return self.__get_contact_role_elements__(role=Roles.ORIGINATOR.name)
+
+    def _set_originator(self, user_profile):
+        return self.__set_contact_role_element__(user_profile=user_profile, role=Roles.ORIGINATOR.name)
+
+    originator = property(_get_originator, _set_originator)
+
+    @property
+    def originator_csv(self):
+        return ",".join(p.get_full_name() or p.username for p in self.originator)
+
+    # Contact Role: PRINCIPAL_INVESTIGATOR
+    def _get_principal_investigator(self):
+        return self.__get_contact_role_elements__(role=Roles.PRINCIPAL_INVESTIGATOR.name)
+
+    def _set_principal_investigator(self, user_profile):
+        return self.__set_contact_role_element__(user_profile=user_profile, role=Roles.PRINCIPAL_INVESTIGATOR.name)
+
+    principal_investigator = property(_get_principal_investigator, _set_principal_investigator)
+
+    @property
+    def principal_investigator_csv(self):
+        return ",".join(p.get_full_name() or p.username for p in self.principal_investigator)
+
     def get_linked_resources(self, as_target: bool = False):
         """
         Get all the linked resources to this ResourceBase instance.
diff --git a/geonode/base/templates/base/_resourcebase_info_panel.html b/geonode/base/templates/base/_resourcebase_info_panel.html
index a5f6110b6d6..4d9c5a80a04 100644
--- a/geonode/base/templates/base/_resourcebase_info_panel.html
+++ b/geonode/base/templates/base/_resourcebase_info_panel.html
@@ -108,9 +108,11 @@
     <dd><a itemprop="author" href="{{ resource.owner.get_absolute_url }}">{{ resource.owner.username }}</a></dd>
     {% endif %}
 
-    {% if resource.poc.user %}
+    {% if resource.poc %}
     <dt>{% trans "Point of Contact" %}</dt>
-    <dd><a href="{{ resource.poc.user.get_absolute_url }}">{{ resource.poc.user.username }}</a></dd>
+    {% for user in resource.poc  %}
+    <dd><a href="{{ user.get_absolute_url }}">{{ user.username }}</a></dd>
+    {% endfor%}
     {% endif %}
 
     {% if resource.group %}
diff --git a/geonode/base/templatetags/base_tags.py b/geonode/base/templatetags/base_tags.py
index 2306f411d2c..23960e0eeaa 100644
--- a/geonode/base/templatetags/base_tags.py
+++ b/geonode/base/templatetags/base_tags.py
@@ -58,6 +58,12 @@ def template_trans(text):
         return text
 
 
+@register.filter(name="get_item")
+def get_item(dictionary, key):
+    """Get a element for a dict by name"""
+    return dictionary.get(key)
+
+
 @register.simple_tag
 def num_ratings(obj):
     ct = ContentType.objects.get_for_model(obj)
diff --git a/geonode/base/tests.py b/geonode/base/tests.py
index a217d78a0f4..d61b021ad66 100644
--- a/geonode/base/tests.py
+++ b/geonode/base/tests.py
@@ -157,11 +157,111 @@ def test_add_missing_metadata_author_or_poc(self):
         Test that calling add_missing_metadata_author_or_poc resource method sets
         a missing metadata_author and/or point of contact (poc) to resource owner
         """
-        user = get_user_model().objects.create(username="zlatan_i")
+        user, _ = get_user_model().objects.get_or_create(username="zlatan_i")
+
         self.rb.owner = user
         self.rb.add_missing_metadata_author_or_poc()
-        self.assertEqual(self.rb.metadata_author.username, "zlatan_i")
-        self.assertEqual(self.rb.poc.username, "zlatan_i")
+        self.assertTrue("zlatan_i" in [author.username for author in self.rb.metadata_author])
+        self.assertTrue("zlatan_i" in [author.username for author in self.rb.poc])
+
+
+class TestCreationOfContactRolesByDifferentInputTypes(ThumbnailTests):
+
+    """
+    Test that contact roles can be set as people profile
+    """
+
+    def test_set_contact_role_as_people_profile(self):
+        user, _ = get_user_model().objects.get_or_create(username="zlatan_i")
+
+        self.rb.owner = user
+        self.rb.metadata_author = user
+        self.rb.poc = user
+        self.rb.publisher = user
+        self.rb.custodian = user
+        self.rb.distributor = user
+        self.rb.resource_user = user
+        self.rb.resource_provider = user
+        self.rb.originator = user
+        self.rb.principal_investigator = user
+        self.rb.processor = user
+
+        self.assertTrue("zlatan_i" in [cr.username for cr in self.rb.metadata_author])
+        self.assertTrue("zlatan_i" in [cr.username for cr in self.rb.poc])
+        self.assertTrue("zlatan_i" in [cr.username for cr in self.rb.publisher])
+        self.assertTrue("zlatan_i" in [cr.username for cr in self.rb.custodian])
+        self.assertTrue("zlatan_i" in [cr.username for cr in self.rb.distributor])
+        self.assertTrue("zlatan_i" in [cr.username for cr in self.rb.resource_user])
+        self.assertTrue("zlatan_i" in [cr.username for cr in self.rb.resource_provider])
+        self.assertTrue("zlatan_i" in [cr.username for cr in self.rb.originator])
+        self.assertTrue("zlatan_i" in [cr.username for cr in self.rb.principal_investigator])
+        self.assertTrue("zlatan_i" in [cr.username for cr in self.rb.processor])
+
+    """
+    Test that contact roles can be set as list of people profiles
+    """
+
+    def test_set_contact_role_as_list_of_people(self):
+        user, _ = get_user_model().objects.get_or_create(username="zlatan_i")
+        user2, _ = get_user_model().objects.get_or_create(username="sven_z")
+
+        profile_list = [user, user2]
+
+        self.rb.owner = user
+        self.rb.metadata_author = profile_list
+        self.rb.poc = profile_list
+        self.rb.publisher = profile_list
+        self.rb.custodian = profile_list
+        self.rb.distributor = profile_list
+        self.rb.resource_user = profile_list
+        self.rb.resource_provider = profile_list
+        self.rb.originator = profile_list
+        self.rb.principal_investigator = profile_list
+        self.rb.processor = profile_list
+
+        self.assertTrue("zlatan_i" and "sven_z" in [cr.username for cr in self.rb.metadata_author])
+        self.assertTrue("zlatan_i" and "sven_z" in [cr.username for cr in self.rb.poc])
+        self.assertTrue("zlatan_i" and "sven_z" in [cr.username for cr in self.rb.publisher])
+        self.assertTrue("zlatan_i" and "sven_z" in [cr.username for cr in self.rb.custodian])
+        self.assertTrue("zlatan_i" and "sven_z" in [cr.username for cr in self.rb.distributor])
+        self.assertTrue("zlatan_i" and "sven_z" in [cr.username for cr in self.rb.resource_user])
+        self.assertTrue("zlatan_i" and "sven_z" in [cr.username for cr in self.rb.resource_provider])
+        self.assertTrue("zlatan_i" and "sven_z" in [cr.username for cr in self.rb.originator])
+        self.assertTrue("zlatan_i" and "sven_z" in [cr.username for cr in self.rb.principal_investigator])
+        self.assertTrue("zlatan_i" and "sven_z" in [cr.username for cr in self.rb.processor])
+
+    """
+    Test that contact roles can be set as queryset
+    """
+
+    def test_set_contact_role_as_queryset(self):
+        user, _ = get_user_model().objects.get_or_create(username="zlatan_i")
+        user2, _ = get_user_model().objects.get_or_create(username="sven_z")
+
+        query = get_user_model().objects.filter(username__in=["zlatan_i", "sven_z"])
+
+        self.rb.owner = user
+        self.rb.metadata_author = query
+        self.rb.poc = query
+        self.rb.publisher = query
+        self.rb.custodian = query
+        self.rb.distributor = query
+        self.rb.resource_user = query
+        self.rb.resource_provider = query
+        self.rb.originator = query
+        self.rb.principal_investigator = query
+        self.rb.processor = query
+
+        self.assertTrue("zlatan_i" and "sven_z" in [cr.username for cr in self.rb.metadata_author])
+        self.assertTrue("zlatan_i" and "sven_z" in [cr.username for cr in self.rb.poc])
+        self.assertTrue("zlatan_i" and "sven_z" in [cr.username for cr in self.rb.publisher])
+        self.assertTrue("zlatan_i" and "sven_z" in [cr.username for cr in self.rb.custodian])
+        self.assertTrue("zlatan_i" and "sven_z" in [cr.username for cr in self.rb.distributor])
+        self.assertTrue("zlatan_i" and "sven_z" in [cr.username for cr in self.rb.resource_user])
+        self.assertTrue("zlatan_i" and "sven_z" in [cr.username for cr in self.rb.resource_provider])
+        self.assertTrue("zlatan_i" and "sven_z" in [cr.username for cr in self.rb.originator])
+        self.assertTrue("zlatan_i" and "sven_z" in [cr.username for cr in self.rb.principal_investigator])
+        self.assertTrue("zlatan_i" and "sven_z" in [cr.username for cr in self.rb.processor])
 
 
 class RenderMenuTagTest(GeoNodeBaseTestSupport):
diff --git a/geonode/base/widgets.py b/geonode/base/widgets.py
index a10395ab485..b1281de7dd7 100644
--- a/geonode/base/widgets.py
+++ b/geonode/base/widgets.py
@@ -1,3 +1,5 @@
+from typing import List
+
 from dal_select2_taggit.widgets import TaggitSelect2
 
 
@@ -20,3 +22,19 @@ def value_from_datadict(self, data, files, name):
             return value
         except TypeError:
             return ""
+
+
+class TaggitProfileSelect2Custom(TaggitSelect2):
+    """Overriding Select2 tag widget for ContactRoleField."""
+
+    def value_from_datadict(self, data, files, name) -> List[str]:
+        """Handle multi-profiles.
+
+        returns list of selected elements
+        """
+        try:
+            ret_list = data[name]
+        except KeyError:
+            ret_list = []
+        finally:
+            return ret_list
diff --git a/geonode/catalogue/backends/pycsw_local_mappings.py b/geonode/catalogue/backends/pycsw_local_mappings.py
index 4ba4f7902ff..4bbb8648b88 100644
--- a/geonode/catalogue/backends/pycsw_local_mappings.py
+++ b/geonode/catalogue/backends/pycsw_local_mappings.py
@@ -17,6 +17,7 @@
 #
 #########################################################################
 
+# based on https://github.com/geopython/pycsw/blob/master/pycsw/core/config.py
 MD_CORE_MODEL = {
     "typename": "pycsw:CoreMetadata",
     "outputschema": "http://pycsw.org/metadata",
diff --git a/geonode/catalogue/templates/catalogue/full_metadata.xml b/geonode/catalogue/templates/catalogue/full_metadata.xml
index 955f81c3e55..10e66e24c08 100644
--- a/geonode/catalogue/templates/catalogue/full_metadata.xml
+++ b/geonode/catalogue/templates/catalogue/full_metadata.xml
@@ -12,58 +12,57 @@
    <gmd:hierarchyLevel>
     <gmd:MD_ScopeCode codeSpace="ISOTC211/19115" codeList="http://www.isotc211.org/2005/resources/Codelist/gmxCodelists.xml#MD_ScopeCode" codeListValue="dataset">dataset</gmd:MD_ScopeCode>
    </gmd:hierarchyLevel>
-
-   {% with layer.poc as poc %}
+   {% for contact_roles, label in layer.get_defined_contact_roles %}
+   {% for contact_role in contact_roles %}
    <gmd:contact>
      <gmd:CI_ResponsibleParty>
-       <gmd:individualName {% if not poc.name %}gco:nilReason="missing"{% endif %}>
-         {% if poc.name %} <gco:CharacterString>{{ poc.name }}</gco:CharacterString> {% endif %}
+      <gmd:individualName {% if not contact_role.first_name or not contact_role.last_name  %}gco:nilReason="missing">{% else %}>
+         <gco:CharacterString>{{ contact_role.first_name }} {{ contact_role.last_name}}</gco:CharacterString>{% endif %}
        </gmd:individualName>
-       <gmd:organisationName {% if not poc.organization %}gco:nilReason="missing"{% endif %}>
-         {% if poc.organization %} <gco:CharacterString>{{ poc.organization }}</gco:CharacterString> {% endif %}
+       <gmd:organisationName {% if not contact_role.organization %}gco:nilReason="missing"{% endif %}>
+         {% if contact_role.organization %} <gco:CharacterString>{{ contact_role.organization }}</gco:CharacterString> {% endif %}
        </gmd:organisationName>
-       <gmd:positionName {% if not poc.position %}gco:nilReason="missing"{%endif%}>
-         {% if poc.position %}<gco:CharacterString>{{ poc.position }}</gco:CharacterString> {% endif %}
+       <gmd:positionName {% if not contact_role.position %}gco:nilReason="missing"{%endif%}>
+         {% if contact_role.position %}<gco:CharacterString>{{ contact_role.position }}</gco:CharacterString> {% endif %}
        </gmd:positionName>
        <gmd:contactInfo>
          <gmd:CI_Contact>
            <gmd:phone>
              <gmd:CI_Telephone>
-               <gmd:voice {% if not poc.voice %}gco:nilReason="missing"{% endif %}>
-                 {% if poc.voice %}<gco:CharacterString>{{ poc.voice }}</gco:CharacterString>{% endif %}
+               <gmd:voice {% if not contact_role.voice %}gco:nilReason="missing"{% endif %}>
+                 {% if contact_role.voice %}<gco:CharacterString>{{ contact_role.voice }}</gco:CharacterString>{% endif %}
                </gmd:voice>
-               <gmd:facsimile {% if not poc.fax %}gco:nilReason="missing"{% endif %}>
-                 {% if poc.fax %}<gco:CharacterString>{{ poc.fax }}</gco:CharacterString> {%endif %}
+               <gmd:facsimile {% if not contact_role.fax %}gco:nilReason="missing"{% endif %}>
+                 {% if contact_role.fax %}<gco:CharacterString>{{ contact_role.fax }}</gco:CharacterString> {%endif %}
                </gmd:facsimile>
              </gmd:CI_Telephone>
            </gmd:phone>
            <gmd:address>
              <gmd:CI_Address>
-               <gmd:deliveryPoint {% if not poc.delivery %}gco:nilReason="missing"{% endif %}>
-                 {% if poc.delivery %}<gco:CharacterString>{{ poc.delivery }}</gco:CharacterString>{% endif %}
+               <gmd:deliveryPoint {% if not contact_role.delivery %}gco:nilReason="missing"{% endif %}>
+                 {% if contact_role.delivery %}<gco:CharacterString>{{ contact_role.delivery }}</gco:CharacterString>{% endif %}
                </gmd:deliveryPoint>
-               <gmd:city {% if not poc.city %}gco:nilReason="missing"{% endif %}>
-                 {% if poc.city %}<gco:CharacterString>{{ poc.city }}</gco:CharacterString>{% endif %}
+               <gmd:city {% if not contact_role.city %}gco:nilReason="missing"{% endif %}>
+                 {% if contact_role.city %}<gco:CharacterString>{{ contact_role.city }}</gco:CharacterString>{% endif %}
                </gmd:city>
-               <gmd:administrativeArea {%if not poc.area %}gco:nilReason="missing"{% endif %}>
-                 {% if poc.area %}<gco:CharacterString>{{ poc.area }}</gco:CharacterString>{% endif %}
+               <gmd:administrativeArea {%if not contact_role.area %}gco:nilReason="missing"{% endif %}>
+                 {% if contact_role.area %}<gco:CharacterString>{{ contact_role.area }}</gco:CharacterString>{% endif %}
                </gmd:administrativeArea>
-               <gmd:postalCode {%if not poc.zipcode %}gco:nilReason="missing"{% endif %}>
-                 {% if poc.zipcode %}<gco:CharacterString>{{ poc.zipcode }}</gco:CharacterString>{% endif %}
+               <gmd:postalCode {%if not contact_role.zipcode %}gco:nilReason="missing"{% endif %}>
+                 {% if contact_role.zipcode %}<gco:CharacterString>{{ contact_role.zipcode }}</gco:CharacterString>{% endif %}
                </gmd:postalCode>
-               <gmd:country {% if not poc.country %}gco:nilReason="missing"{% endif %}>
-                 {% if poc.country %}<gco:CharacterString>{{ poc.country }}</gco:CharacterString>{% endif %}
+               <gmd:country {% if not contact_role.country %}gco:nilReason="missing"{% endif %}>
+                 {% if contact_role.country %}<gco:CharacterString>{{ contact_role.country }}</gco:CharacterString>{% endif %}
                </gmd:country>
-               <gmd:electronicMailAddress {% if not poc.email %}gco:nilReason="missing"{% endif %}>
-                 {% if poc.email %}<gco:CharacterString>{{ poc.email }}</gco:CharacterString>{% endif %}
+               <gmd:electronicMailAddress {% if not contact_role.email %}gco:nilReason="missing"{% endif %}>
+                 {% if contact_role.email %}<gco:CharacterString>{{ contact_role.email }}</gco:CharacterString>{% endif %}
                </gmd:electronicMailAddress>
              </gmd:CI_Address>
            </gmd:address>
-           {% if poc.user %}
            <gmd:onlineResource>
                 <gmd:CI_OnlineResource>
                     <gmd:linkage>
-                        <gmd:URL>{{ SITEURL }}{{ layer.poc.get_absolute_url }}</gmd:URL>
+                        <gmd:URL>{{ SITEURL }}{{ contact_role.get_absolute_url }}</gmd:URL>
                     </gmd:linkage>
                     <gmd:protocol>
                         <gco:CharacterString>WWW:LINK-1.0-http--link</gco:CharacterString>
@@ -73,87 +72,15 @@
                     </gmd:description>
                 </gmd:CI_OnlineResource>
            </gmd:onlineResource>
-           {% endif %}
          </gmd:CI_Contact>
        </gmd:contactInfo>
        <gmd:role>
-         <gmd:CI_RoleCode codeSpace="ISOTC211/19115" codeList="http://www.isotc211.org/2005/resources/Codelist/gmxCodelists.xml#CI_RoleCode" codeListValue="pointOfContact">pointOfContact</gmd:CI_RoleCode>
+         <gmd:CI_RoleCode codeSpace="ISOTC211/19115" codeList="http://www.isotc211.org/2005/resources/Codelist/gmxCodelists.xml#CI_RoleCode" codeListValue="{{ label }}">{{ label }}</gmd:CI_RoleCode>
        </gmd:role>
      </gmd:CI_ResponsibleParty>
    </gmd:contact>
-   {% endwith %}
-
-   {% with layer.metadata_author as metadata_author %}
-   <gmd:contact>
-     <gmd:CI_ResponsibleParty>
-       <gmd:individualName {% if not metadata_author.name %}gco:nilReason="missing"{% endif %}>
-         {% if metadata_author.name %} <gco:CharacterString>{{ metadata_author.name }}</gco:CharacterString> {% endif %}
-       </gmd:individualName>
-       <gmd:organisationName {% if not metadata_author.organization %}gco:nilReason="missing"{% endif %}>
-         {% if metadata_author.organization %} <gco:CharacterString>{{ metadata_author.organization }}</gco:CharacterString> {% endif %}
-       </gmd:organisationName>
-       <gmd:positionName {% if not metadata_author.position %}gco:nilReason="missing"{%endif%}>
-         {% if metadata_author.position %}<gco:CharacterString>{{ metadata_author.position }}</gco:CharacterString> {% endif %}
-       </gmd:positionName>
-       <gmd:contactInfo>
-         <gmd:CI_Contact>
-           <gmd:phone>
-             <gmd:CI_Telephone>
-               <gmd:voice {% if not metadata_author.voice %}gco:nilReason="missing"{% endif %}>
-                 {% if metadata_author.voice %}<gco:CharacterString>{{ metadata_author.voice }}</gco:CharacterString>{% endif %}
-               </gmd:voice>
-               <gmd:facsimile {% if not metadata_author.fax %}gco:nilReason="missing"{% endif %}>
-                 {% if metadata_author.fax %}<gco:CharacterString>{{ metadata_author.fax }}</gco:CharacterString> {%endif %}
-               </gmd:facsimile>
-             </gmd:CI_Telephone>
-           </gmd:phone>
-           <gmd:address>
-             <gmd:CI_Address>
-               <gmd:deliveryPoint {% if not metadata_author.delivery %}gco:nilReason="missing"{% endif %}>
-                 {% if metadata_author.delivery %}<gco:CharacterString>{{ metadata_author.delivery }}</gco:CharacterString>{% endif %}
-               </gmd:deliveryPoint>
-               <gmd:city {% if not metadata_author.city %}gco:nilReason="missing"{% endif %}>
-                 {% if metadata_author.city %}<gco:CharacterString>{{ metadata_author.city }}</gco:CharacterString>{% endif %}
-               </gmd:city>
-               <gmd:administrativeArea {%if not metadata_author.area %}gco:nilReason="missing"{% endif %}>
-                 {% if metadata_author.area %}<gco:CharacterString>{{ metadata_author.area }}</gco:CharacterString>{% endif %}
-               </gmd:administrativeArea>
-               <gmd:postalCode {%if not metadata_author.zipcode %}gco:nilReason="missing"{% endif %}>
-                 {% if metadata_author.zipcode %}<gco:CharacterString>{{ metadata_author.zipcode }}</gco:CharacterString>{% endif %}
-               </gmd:postalCode>
-               <gmd:country {% if not metadata_author.country %}gco:nilReason="missing"{% endif %}>
-                 {% if metadata_author.country %}<gco:CharacterString>{{ metadata_author.country }}</gco:CharacterString>{% endif %}
-               </gmd:country>
-               <gmd:electronicMailAddress {% if not metadata_author.email %}gco:nilReason="missing"{% endif %}>
-                 {% if metadata_author.email %}<gco:CharacterString>{{ metadata_author.email }}</gco:CharacterString>{% endif %}
-               </gmd:electronicMailAddress>
-             </gmd:CI_Address>
-           </gmd:address>
-           {% if metadata_author.user %}
-           <gmd:onlineResource>
-                <gmd:CI_OnlineResource>
-                    <gmd:linkage>
-                        <gmd:URL>{{ SITEURL }}{{ layer.metadata_author.get_absolute_url }}</gmd:URL>
-                    </gmd:linkage>
-                    <gmd:protocol>
-                        <gco:CharacterString>WWW:LINK-1.0-http--link</gco:CharacterString>
-                    </gmd:protocol>
-                    <gmd:description>
-                        <gco:CharacterString>GeoNode profile page</gco:CharacterString>
-                    </gmd:description>
-                </gmd:CI_OnlineResource>
-           </gmd:onlineResource>
-           {% endif %}
-         </gmd:CI_Contact>
-       </gmd:contactInfo>
-       <gmd:role>
-         <gmd:CI_RoleCode codeSpace="ISOTC211/19115" codeList="http://www.isotc211.org/2005/resources/Codelist/gmxCodelists.xml#CI_RoleCode" codeListValue="author">author</gmd:CI_RoleCode>
-       </gmd:role>
-     </gmd:CI_ResponsibleParty>
-   </gmd:contact>
-   {% endwith %}
-
-
+   {% endfor %}
+   {% endfor %}
    <gmd:dateStamp>
      <gco:DateTime>{{layer.csw_insert_date|date:"Y-m-d\TH:i:s\Z"}}</gco:DateTime>
    </gmd:dateStamp>
@@ -295,7 +222,7 @@
              </gmd:CI_Contact>
            </gmd:contactInfo>
            <gmd:role>
-             <gmd:CI_RoleCode codeSpace="ISOTC211/19115" codeList="http://www.isotc211.org/2005/resources/Codelist/gmxCodelists.xml#CI_RoleCode" codeListValue="originator">originator</gmd:CI_RoleCode>
+             <gmd:CI_RoleCode codeSpace="ISOTC211/19115" codeList="http://www.isotc211.org/2005/resources/Codelist/gmxCodelists.xml#CI_RoleCode" codeListValue="owner">owner</gmd:CI_RoleCode>
            </gmd:role>
          </gmd:CI_ResponsibleParty>
        </gmd:pointOfContact>
diff --git a/geonode/catalogue/templates/geonode_metadata_full.html b/geonode/catalogue/templates/geonode_metadata_full.html
index adcddf43918..47413188a32 100644
--- a/geonode/catalogue/templates/geonode_metadata_full.html
+++ b/geonode/catalogue/templates/geonode_metadata_full.html
@@ -72,10 +72,14 @@ <h2 class="page-title">{{ resource.title }}</h2>
 						<dt>{% trans "Responsible" %}</dt>
 							<dd>{{resource.owner}}</dd>
 
-						<dt>{% trans "Point of Contact" %}</dt>
-							<dd>{{extra_res_md.poc_last_name}}</dd>
-							<dd><a href="mailto:{{extra_res_md.poc_email}}"><i class="fa fa-envelope"></i>{{extra_res_md.poc_email}}</a></dd>
-
+						{% for role in extra_res_md.roles %}
+						<dt>{% trans role.label %}</dt>
+
+							{% for user in  role.users %}
+								<dd>{{user.last_name}}</dd>
+								<dd><a href="mailto:{{ user.email}}"><i class="fa fa-envelope"></i>{{ user.email}}</a></dd>
+							{% endfor %}
+						{% endfor %}
 
 						<dt>{% trans "Purpose" %}</dt>
 								{% if resource.purpose %}
diff --git a/geonode/catalogue/views.py b/geonode/catalogue/views.py
index eb79f6f90af..8e64559f8c1 100644
--- a/geonode/catalogue/views.py
+++ b/geonode/catalogue/views.py
@@ -29,11 +29,12 @@
 from geonode.base.models import ResourceBase
 from geonode.layers.models import Dataset
 from geonode.base.auth import get_or_create_token
-from geonode.base.models import ContactRole, SpatialRepresentationType
+from geonode.base.models import SpatialRepresentationType
 from geonode.groups.models import GroupProfile
 from geonode.utils import resolve_object
 from django.db import connection
 from django.core.exceptions import ObjectDoesNotExist
+from geonode.people import Roles
 
 
 @csrf_exempt
@@ -286,11 +287,18 @@ def csw_render_extra_format_txt(request, layeruuid, resname):
             content += fst(attr.attribute_label) + s
             content += fst(attr.description) + sc
 
-    pocr = ContactRole.objects.get(resource_id=resource.id, role="pointOfContact")
-    pocp = get_user_model().objects.get(id=pocr.contact_id)
-    content += f"Point of Contact{sc}"
-    content += f"name{s}{fst(pocp.last_name)}{sc}"
-    content += f"e-mail{s}{fst(pocp.email)}{sc}"
+    @staticmethod
+    def __append_contact_role__(content, cr_attr_name, title_in_txt):
+        cr = resource.__getattribute__(cr_attr_name)
+        if cr is not None or (isinstance(list, cr) and len(0)):
+            content += f"{title_in_txt}{sc}"
+            for user in cr:
+                content += f"name{s}{fst(user.last_name)}{sc}"
+                content += f"e-mail{s}{fst(user.email)}{sc}"
+        return content
+
+    for role in set(Roles).difference([Roles.OWNER]):
+        content = __append_contact_role__(content, role.name, role.label)
 
     logger = logging.getLogger(__name__)
     logger.error(content)
@@ -319,10 +327,15 @@ def csw_render_extra_format_html(request, layeruuid, resname):
             s = f"<tr><td>{attr.attribute}</td><td>{attr.attribute_label}</td><td>{attr.description}</td></tr>"
             extra_res_md["atrributes"] += s
 
-    pocr = ContactRole.objects.get(resource_id=resource.id, role="pointOfContact")
-    pocp = get_user_model().objects.get(id=pocr.contact_id)
-    extra_res_md["poc_last_name"] = pocp.last_name
-    extra_res_md["poc_email"] = pocp.email
+    extra_res_md["roles"] = []
+    for role in Roles:
+        cr = resource.__getattribute__(role.name)
+        if not isinstance(cr, list):
+            cr = [cr]
+        users = [{"pk": user.id, "last_name": user.last_name, "email": user.email} for user in cr]
+        if users:
+            extra_res_md["roles"].append({"label": role.label, "users": users})
+
     return render(request, "geonode_metadata_full.html", context={"resource": resource, "extra_res_md": extra_res_md})
 
 
diff --git a/geonode/documents/api/tests.py b/geonode/documents/api/tests.py
index 9a08fbd8671..3f6b4d6bf2e 100644
--- a/geonode/documents/api/tests.py
+++ b/geonode/documents/api/tests.py
@@ -143,6 +143,308 @@ def test_creation_should_create_the_doc(self):
         self.assertEqual("xml", extension)
         self.assertTrue(Document.objects.filter(title="New document for testing").exists())
 
+    def test_patch_point_of_contact(self):
+        document = Document.objects.first()
+        url = urljoin(f"{reverse('documents-list')}/", f"{document.id}")
+        self.client.login(username="admin", password="admin")
+        get_user_model().objects.get_or_create(username="ninja")
+        get_user_model().objects.get_or_create(username="turtle")
+        users = get_user_model().objects.exclude(pk=-1)
+        user_ids = [user.pk for user in users]
+        patch_data = {"poc": [{"pk": uid} for uid in user_ids]}
+        response = self.client.patch(url, data=patch_data, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id in [poc.get("pk") for poc in response.json().get("document").get("poc")] for user_id in user_ids
+            )
+        )
+        # Resetting all point of contact
+        response = self.client.patch(url, data={"poc": []}, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id not in [poc.get("pk") for poc in response.json().get("document").get("poc")]
+                for user_id in user_ids
+            )
+        )
+
+    def test_patch_metadata_author(self):
+        layer = Document.objects.first()
+        url = urljoin(f"{reverse('documents-list')}/", f"{layer.id}")
+        self.client.login(username="admin", password="admin")
+        get_user_model().objects.get_or_create(username="ninja")
+        get_user_model().objects.get_or_create(username="turtle")
+        users = get_user_model().objects.exclude(pk=-1)
+        user_ids = [user.pk for user in users]
+        patch_data = {"metadata_author": [{"pk": uid} for uid in user_ids]}
+        response = self.client.patch(url, data=patch_data, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id
+                in [
+                    metadata_author.get("pk")
+                    for metadata_author in response.json().get("document").get("metadata_author")
+                ]
+                for user_id in user_ids
+            )
+        )
+        # Resetting all metadata authors
+        response = self.client.patch(url, data={"metadata_author": []}, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id
+                not in [
+                    metadata_author.get("pk")
+                    for metadata_author in response.json().get("document").get("metadata_author")
+                ]
+                for user_id in user_ids
+            )
+        )
+
+    def test_patch_processor(self):
+        layer = Document.objects.first()
+        url = urljoin(f"{reverse('documents-list')}/", f"{layer.id}")
+        self.client.login(username="admin", password="admin")
+        get_user_model().objects.get_or_create(username="ninja")
+        get_user_model().objects.get_or_create(username="turtle")
+        users = get_user_model().objects.exclude(pk=-1)
+        user_ids = [user.pk for user in users]
+        patch_data = {"processor": [{"pk": uid} for uid in user_ids]}
+        response = self.client.patch(url, data=patch_data, format="json")
+        self.assertEqual(200, response.status_code)
+        # check if all set processors are in the return json
+        self.assertTrue(
+            all(
+                user_id in [processor.get("pk") for processor in response.json().get("document").get("processor")]
+                for user_id in user_ids
+            )
+        )
+        # Resetting all processors
+        response = self.client.patch(url, data={"processor": []}, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id not in [processor.get("pk") for processor in response.json().get("document").get("processor")]
+                for user_id in user_ids
+            )
+        )
+
+    def test_patch_publisher(self):
+        layer = Document.objects.first()
+        url = urljoin(f"{reverse('documents-list')}/", f"{layer.id}")
+        self.client.login(username="admin", password="admin")
+        get_user_model().objects.get_or_create(username="ninja")
+        get_user_model().objects.get_or_create(username="turtle")
+        users = get_user_model().objects.exclude(pk=-1)
+        user_ids = [user.pk for user in users]
+        patch_data = {"publisher": [{"pk": uid} for uid in user_ids]}
+        response = self.client.patch(url, data=patch_data, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id in [publisher.get("pk") for publisher in response.json().get("document").get("publisher")]
+                for user_id in user_ids
+            )
+        )
+        # Resetting all publishers
+        response = self.client.patch(url, data={"publisher": []}, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id not in [publisher.get("pk") for publisher in response.json().get("document").get("publisher")]
+                for user_id in user_ids
+            )
+        )
+
+    def test_patch_custodian(self):
+        layer = Document.objects.first()
+        url = urljoin(f"{reverse('documents-list')}/", f"{layer.id}")
+        self.client.login(username="admin", password="admin")
+        get_user_model().objects.get_or_create(username="ninja")
+        get_user_model().objects.get_or_create(username="turtle")
+        users = get_user_model().objects.exclude(pk=-1)
+        user_ids = [user.pk for user in users]
+        patch_data = {"custodian": [{"pk": uid} for uid in user_ids]}
+        response = self.client.patch(url, data=patch_data, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id in [custodian.get("pk") for custodian in response.json().get("document").get("custodian")]
+                for user_id in user_ids
+            )
+        )
+        # Resetting all custodians
+        response = self.client.patch(url, data={"custodian": []}, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id not in [custodian.get("pk") for custodian in response.json().get("document").get("custodian")]
+                for user_id in user_ids
+            )
+        )
+
+    def test_patch_distributor(self):
+        layer = Document.objects.first()
+        url = urljoin(f"{reverse('documents-list')}/", f"{layer.id}")
+        self.client.login(username="admin", password="admin")
+        get_user_model().objects.get_or_create(username="ninja")
+        get_user_model().objects.get_or_create(username="turtle")
+        users = get_user_model().objects.exclude(pk=-1)
+        user_ids = [user.pk for user in users]
+        patch_data = {"distributor": [{"pk": uid} for uid in user_ids]}
+        response = self.client.patch(url, data=patch_data, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id in [distributor.get("pk") for distributor in response.json().get("document").get("distributor")]
+                for user_id in user_ids
+            )
+        )
+        # Resetting all distributers
+        response = self.client.patch(url, data={"distributor": []}, format="json")
+
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id
+                not in [distributor.get("pk") for distributor in response.json().get("document").get("distributor")]
+                for user_id in user_ids
+            )
+        )
+
+    def test_patch_resource_user(self):
+        layer = Document.objects.first()
+        url = urljoin(f"{reverse('documents-list')}/", f"{layer.id}")
+        self.client.login(username="admin", password="admin")
+        get_user_model().objects.get_or_create(username="ninja")
+        get_user_model().objects.get_or_create(username="turtle")
+        users = get_user_model().objects.exclude(pk=-1)
+        user_ids = [user.pk for user in users]
+        patch_data = {"resource_user": [{"pk": uid} for uid in user_ids]}
+        response = self.client.patch(url, data=patch_data, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id
+                in [resource_user.get("pk") for resource_user in response.json().get("document").get("resource_user")]
+                for user_id in user_ids
+            )
+        )
+        # Resetting all resource users
+        response = self.client.patch(url, data={"resource_user": []}, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id
+                not in [
+                    resource_user.get("pk") for resource_user in response.json().get("document").get("resource_user")
+                ]
+                for user_id in user_ids
+            )
+        )
+
+    def test_patch_resource_provider(self):
+        layer = Document.objects.first()
+        url = urljoin(f"{reverse('documents-list')}/", f"{layer.id}")
+        self.client.login(username="admin", password="admin")
+        get_user_model().objects.get_or_create(username="ninja")
+        get_user_model().objects.get_or_create(username="turtle")
+        users = get_user_model().objects.exclude(pk=-1)
+        user_ids = [user.pk for user in users]
+        patch_data = {"resource_provider": [{"pk": uid} for uid in user_ids]}
+        response = self.client.patch(url, data=patch_data, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id
+                in [
+                    resource_provider.get("pk")
+                    for resource_provider in response.json().get("document").get("resource_provider")
+                ]
+                for user_id in user_ids
+            )
+        )
+        # Resetting all principal investigator
+        response = self.client.patch(url, data={"resource_provider": []}, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id
+                not in [
+                    resource_provider.get("pk")
+                    for resource_provider in response.json().get("document").get("resource_provider")
+                ]
+                for user_id in user_ids
+            )
+        )
+
+    def test_patch_originator(self):
+        layer = Document.objects.first()
+        url = urljoin(f"{reverse('documents-list')}/", f"{layer.id}")
+        self.client.login(username="admin", password="admin")
+
+        get_user_model().objects.get_or_create(username="ninja")
+        get_user_model().objects.get_or_create(username="turtle")
+        users = get_user_model().objects.exclude(pk=-1)
+        user_ids = [user.pk for user in users]
+        patch_data = {"originator": [{"pk": uid} for uid in user_ids]}
+        response = self.client.patch(url, data=patch_data, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id in [originator.get("pk") for originator in response.json().get("document").get("originator")]
+                for user_id in user_ids
+            )
+        )
+        # Resetting all originators
+        response = self.client.patch(url, data={"originator": []}, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id
+                not in [originator.get("pk") for originator in response.json().get("document").get("originator")]
+                for user_id in user_ids
+            )
+        )
+
+    def test_patch_principal_investigator(self):
+        layer = Document.objects.first()
+        url = urljoin(f"{reverse('documents-list')}/", f"{layer.id}")
+        self.client.login(username="admin", password="admin")
+        get_user_model().objects.get_or_create(username="ninja")
+        get_user_model().objects.get_or_create(username="turtle")
+        users = get_user_model().objects.exclude(pk=-1)
+        user_ids = [user.pk for user in users]
+        patch_data = {"principal_investigator": [{"pk": uid} for uid in user_ids]}
+        response = self.client.patch(url, data=patch_data, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id
+                in [
+                    principal_investigator.get("pk")
+                    for principal_investigator in response.json().get("document").get("principal_investigator")
+                ]
+                for user_id in user_ids
+            )
+        )
+        # Resetting all principal investigator
+        response = self.client.patch(url, data={"principal_investigator": []}, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id
+                not in [
+                    principal_investigator.get("pk")
+                    for principal_investigator in response.json().get("document").get("principal_investigator")
+                ]
+                for user_id in user_ids
+            )
+        )
+
     def test_creation_should_create_the_doc_and_update_the_bbox(self):
         """
         If file_path is not available, should raise error
diff --git a/geonode/documents/migrations/0037_delete_documentresourcelink.py b/geonode/documents/migrations/0037_delete_documentresourcelink.py
index a03389fd6b6..72e49c51ae4 100644
--- a/geonode/documents/migrations/0037_delete_documentresourcelink.py
+++ b/geonode/documents/migrations/0037_delete_documentresourcelink.py
@@ -4,17 +4,18 @@
 
 
 class Migration(migrations.Migration):
-
     dependencies = [
-        ('documents', '0036_clean_document_thumbnails'),
-        ('base', '0086_linkedresource'),
+        ("documents", "0036_clean_document_thumbnails"),
+        ("base", "0086_linkedresource"),
     ]
 
     operations = [
-        migrations.RunSQL("INSERT INTO base_linkedresource(source_id, target_id, internal)"
-                          "SELECT document_id, object_id, false as internal "
-                          "FROM documents_documentresourcelink;"),
+        migrations.RunSQL(
+            "INSERT INTO base_linkedresource(source_id, target_id, internal)"
+            "SELECT document_id, object_id, false as internal "
+            "FROM documents_documentresourcelink;"
+        ),
         migrations.DeleteModel(
-            name='DocumentResourceLink',
+            name="DocumentResourceLink",
         ),
     ]
diff --git a/geonode/documents/templates/documents/document_metadata.html b/geonode/documents/templates/documents/document_metadata.html
index 80b553f9c35..5e2a1669995 100644
--- a/geonode/documents/templates/documents/document_metadata.html
+++ b/geonode/documents/templates/documents/document_metadata.html
@@ -31,12 +31,12 @@ <h2 class="page-title">{% trans "Metadata" %}&nbsp;{% blocktrans with document.t
 </div>
 
     <form id="metadata_update" class="form-horizontal" action="{% url "document_metadata" document.id %}" method="POST">
-      {% if document_form.errors or category_form.errors or author_form.errors or poc.errors %}
+      {% if document_form.errors or category_form.errors or metadata_author_form.errors or poc.errors %}
         <p class="bg-danger">{% blocktrans %}Error updating metadata.  Please check the following fields: {% endblocktrans %}</p>
         <ul class="bg-danger">
-        {% if author_form.errors %}
+        {% if metadata_author_form.errors %}
           <li>{% trans "Metadata Author" %}</li>
-          {{ author_form.errors }}
+          {{ metadata_author_form.errors }}
         {% endif %}
         {% if poc_form.errors %}
           <li>{% trans "Point of Contact" %}</li>
@@ -69,7 +69,7 @@ <h2>{% trans "Point of Contact" %}</h2>
               </fieldset>
               <fieldset class="form-controls modal-forms modal hide fade" id="metadata_form">
                 <h2>{% trans "Metadata Provider" %}</h2>
-                  {{ author_form|as_bootstrap }}
+                  {{ metadata_author_form|as_bootstrap }}
                 <button type='button' class="modal-cloose-btn btn btn-primary">{% trans "Done" %}</button>
               </fieldset>
 
diff --git a/geonode/documents/templates/documents/document_metadata_advanced.html b/geonode/documents/templates/documents/document_metadata_advanced.html
index ddb70a929ac..f7f8dc083a9 100644
--- a/geonode/documents/templates/documents/document_metadata_advanced.html
+++ b/geonode/documents/templates/documents/document_metadata_advanced.html
@@ -37,12 +37,12 @@ <h2 class="page-title">{% trans "Edit Metadata" %}</h2>
     </p>
 
     <form id="metadata_update" class="form-horizontal" action="{% url "document_metadata" document.id %}" method="POST">
-      {% if document_form.errors or category_form.errors or author_form.errors or poc.errors %}
+      {% if document_form.errors or category_form.errors or metadata_author_form.errors or poc.errors %}
         <p class="bg-danger">{% blocktrans %}Error updating metadata.  Please check the following fields: {% endblocktrans %}</p>
         <ul class="bg-danger">
-        {% if author_form.errors %}
+        {% if metadata_author_form.errors %}
           <li>{% trans "Metadata Author" %}</li>
-          {{ author_form.errors }}
+          {{ metadata_author_form.errors }}
         {% endif %}
         {% if poc_form.errors %}
           <li>{% trans "Point of Contact" %}</li>
@@ -132,7 +132,7 @@ <h2>{% trans "Point of Contact" %}</h2>
               </fieldset>
               <fieldset class="form-controls modal-forms modal hide fade" id="metadata_form">
                 <h2>{% trans "Metadata Provider" %}</h2>
-                  {{ author_form|as_bootstrap }}
+                  {{ metadata_author_form|as_bootstrap }}
                 <button type='button' class="modal-cloose-btn btn btn-primary">{% trans "Done" %}</button>
               </fieldset>
               <div class="form-actions">
diff --git a/geonode/documents/templates/layouts/doc_panels.html b/geonode/documents/templates/layouts/doc_panels.html
index e2dffb26eea..d354531d314 100644
--- a/geonode/documents/templates/layouts/doc_panels.html
+++ b/geonode/documents/templates/layouts/doc_panels.html
@@ -1,6 +1,8 @@
 {% load i18n %}
 {% load static %}
 {% load floppyforms %}
+{% load base_tags %}
+{% load contact_roles %}
 
 <!-- Required to make select2 fields work for autocomplete -->
 <link href="{% static "vendor/select2/dist/css/select2.css" %}" type="text/css" media="screen" rel="stylesheet" />
@@ -460,7 +462,7 @@
                                         <span><label for="{{ document_form.constraints_other|id }}">{{ document_form.constraints_other.label }}</label></span>
                                         <!--<p class="xxs-font-size">(Other restrictions and legal prerequisites for accessing or use data and metadata)</p>-->
                                         {{ document_form.constraints_other }}
-                                    </div> 
+                                    </div>
                                     {% endblock doc_constraints_other %}
                                 </div>
                             </div>
@@ -558,15 +560,42 @@
                 </div>
             </div>
             <div class="col-xs-12 col-lg-3">
-              {% block document_poc %}
               <div class="panel panel-default" style="margin-top: 5px">
                 <div class="panel-heading">{% trans "Responsible Parties" %}</div>
-                <div class="panel-body">
-                  <span><label for="{{ document_form.poc|id }}">{{ document_form.poc.label }}</label></span>
-                  {{ document_form.poc }}
+                  {% block document_poc %}
+                  <div class="panel-body check-select">
+                      <span><label for="{{ document_form.poc|id }}">{{ document_form.poc.label }}</label></span>
+                      {{ document_form.poc }}
+                  </div>
+                  {% endblock document_poc %}
+            </div>
+              <div class="panel panel-default">
+                  <div class="panel-heading">{% trans "Responsible and Permissions" %}</div>
+                  <div class="panel-body">
+                    {% block document_owner %}
+                      <div>
+                          <span><label for="{{ document_form.owner|id }}">{{ document_form.owner.label }}</label></span>
+                          {{ document_form.owner }}
+                      </div>
+                    {% endblock document_owner %}
+                  </div>
+                </div>
+              <a href="#id-more-metadata-panel" data-toggle="collapse">{% trans "toggle more Contact Roles" %}</a>
+              {% block document_more_contact_roles %}
+              <div class="panel panel-default panel-collapse collapse" collapsed id='id-more-metadata-panel'>
+                <div class="panel-heading">{% trans "more metadata contact roles" %}</div>
+                  {% for contact_role in UI_ROLES_IN_TOGGLE_VIEW %}
+                    {% getattribute document_form contact_role as cr %}
+                    <div class="panel-body">
+                      <div>
+                        <span><label for="{{cr|id}}">{{cr.label}}</label></span>
+                        {{ cr}}
+                      </div>
+                    </div>
+                  {% endfor %}
                 </div>
               </div>
-              {% endblock %}
+              {% endblock document_more_contact_roles %}
 
               <div class="panel panel-default">
                 <div class="panel-heading">{% trans "Responsible and Permissions" %}</div>
@@ -583,12 +612,13 @@
                     </div>
                 </div>
             </div>
+            <!--End Contact Roles -->
           </div>
         </div>
-      </div></div></div>
+      </div>
     </div>
     {% block extra_metadata_content %}
-    {% endblock %}
+    {% endblock extra_metadata_content %}
   </div>
   {% endblock ownership %}
 
diff --git a/geonode/documents/views.py b/geonode/documents/views.py
index 8a57d9ff887..66b8df09bb7 100644
--- a/geonode/documents/views.py
+++ b/geonode/documents/views.py
@@ -23,12 +23,10 @@
 import warnings
 import traceback
 
-
 from django.urls import reverse
 from django.conf import settings
 from django.contrib import messages
 from django.shortcuts import render, get_object_or_404
-from django.forms.utils import ErrorList
 from django.utils.translation import ugettext as _
 from django.contrib.auth.decorators import login_required
 from django.template import loader
@@ -317,8 +315,7 @@ def document_metadata(
 
     # Add metadata_author or poc if missing
     document.add_missing_metadata_author_or_poc()
-    poc = document.poc
-    metadata_author = document.metadata_author
+
     topic_category = document.category
     current_keywords = [keyword.name for keyword in document.keywords.all()]
 
@@ -380,8 +377,6 @@ def document_metadata(
                 tkeywords_form.fields[tid].initial = values
 
     if request.method == "POST" and document_form.is_valid() and category_form.is_valid() and tkeywords_form.is_valid():
-        new_poc = document_form.cleaned_data["poc"]
-        new_author = document_form.cleaned_data["metadata_author"]
         new_keywords = current_keywords if request.keyword_readonly else document_form.cleaned_data["keywords"]
         new_regions = document_form.cleaned_data["regions"]
 
@@ -393,31 +388,9 @@ def document_metadata(
         ):
             new_category = TopicCategory.objects.get(id=int(category_form.cleaned_data["category_choice_field"]))
 
-        if new_poc is None:
-            if poc is None:
-                poc_form = ProfileForm(request.POST, prefix="poc", instance=poc)
-            else:
-                poc_form = ProfileForm(request.POST, prefix="poc")
-            if poc_form.is_valid():
-                if len(poc_form.cleaned_data["profile"]) == 0:
-                    # FIXME use form.add_error in django > 1.7
-                    errors = poc_form._errors.setdefault("profile", ErrorList())
-                    errors.append(_("You must set a point of contact for this resource"))
-            if poc_form.has_changed and poc_form.is_valid():
-                new_poc = poc_form.save()
-
-        if new_author is None:
-            if metadata_author is None:
-                author_form = ProfileForm(request.POST, prefix="author", instance=metadata_author)
-            else:
-                author_form = ProfileForm(request.POST, prefix="author")
-            if author_form.is_valid():
-                if len(author_form.cleaned_data["profile"]) == 0:
-                    # FIXME use form.add_error in django > 1.7
-                    errors = author_form._errors.setdefault("profile", ErrorList())
-                    errors.append(_("You must set an author for this resource"))
-            if author_form.has_changed and author_form.is_valid():
-                new_author = author_form.save()
+        # update contact roles
+        document.set_contact_roles_from_metadata_edit(document_form)
+        document.save()
 
         document = document_form.instance
         resource_manager.update(
@@ -425,11 +398,7 @@ def document_metadata(
             instance=document,
             keywords=new_keywords,
             regions=new_regions,
-            vals=dict(
-                poc=new_poc or document.poc,
-                metadata_author=new_author or document.metadata_author,
-                category=new_category,
-            ),
+            vals=dict(category=new_category),
             notify=True,
             extra_metadata=json.loads(document_form.cleaned_data["extra_metadata"]),
         )
@@ -490,18 +459,15 @@ def document_metadata(
     # - POST Request Ends here -
 
     # Request.GET
-    if poc is not None:
-        document_form.fields["poc"].initial = poc.id
-        poc_form = ProfileForm(prefix="poc")
-        poc_form.hidden = True
-
-    if metadata_author is not None:
-        document_form.fields["metadata_author"].initial = metadata_author.id
-        author_form = ProfileForm(prefix="author")
-        author_form.hidden = True
+    # define contact role forms
+    contact_role_forms_context = {}
+    for role in document.get_multivalue_role_property_names():
+        document_form.fields[role].initial = [p.username for p in document.__getattribute__(role)]
+        role_form = ProfileForm(prefix=role)
+        role_form.hidden = True
+        contact_role_forms_context[f"{role}_form"] = role_form
 
     metadata_author_groups = get_user_visible_groups(request.user)
-
     if not AdvancedSecurityWorkflowManager.is_allowed_to_publish(request.user, document):
         document_form.fields["is_published"].widget.attrs.update({"disabled": "true"})
     if not AdvancedSecurityWorkflowManager.is_allowed_to_approve(request.user, document):
@@ -517,8 +483,6 @@ def document_metadata(
             "panel_template": panel_template,
             "custom_metadata": custom_metadata,
             "document_form": document_form,
-            "poc_form": poc_form,
-            "author_form": author_form,
             "category_form": category_form,
             "tkeywords_form": tkeywords_form,
             "metadata_author_groups": metadata_author_groups,
@@ -528,6 +492,8 @@ def document_metadata(
                 set(getattr(settings, "UI_DEFAULT_MANDATORY_FIELDS", []))
                 | set(getattr(settings, "UI_REQUIRED_FIELDS", []))
             ),
+            **contact_role_forms_context,
+            "UI_ROLES_IN_TOGGLE_VIEW": document.get_ui_toggled_role_property_names(),
         },
     )
 
diff --git a/geonode/geoapps/templates/apps/app_metadata.html b/geonode/geoapps/templates/apps/app_metadata.html
index 17b2de35a97..c195b43958d 100644
--- a/geonode/geoapps/templates/apps/app_metadata.html
+++ b/geonode/geoapps/templates/apps/app_metadata.html
@@ -68,7 +68,7 @@ <h2>{% trans "Point of Contact" %}</h2>
               </fieldset>
               <fieldset class="form-controls modal-forms modal hide fade" id="metadata_form">
                 <h2>{% trans "Metadata Provider" %}</h2>
-                {{ author_form|as_bootstrap }}
+                {{ metadata_author_form|as_bootstrap }}
                 <button type='button' class="modal-cloose-btn btn btn-primary">{% trans "Done" %}</button>
               </fieldset>
 
diff --git a/geonode/geoapps/templates/apps/app_metadata_advanced.html b/geonode/geoapps/templates/apps/app_metadata_advanced.html
index 21d45962dc8..ee0440f4a53 100644
--- a/geonode/geoapps/templates/apps/app_metadata_advanced.html
+++ b/geonode/geoapps/templates/apps/app_metadata_advanced.html
@@ -130,7 +130,7 @@ <h2>{% trans "Point of Contact" %}</h2>
               </fieldset>
               <fieldset class="form-controls modal-forms modal hide fade" id="metadata_form">
                 <h2>{% trans "Metadata Provider" %}</h2>
-                {{ author_form|as_bootstrap }}
+                {{ metadata_author_form|as_bootstrap }}
                 <button type='button' class="modal-cloose-btn btn btn-primary">{% trans "Done" %}</button>
               </fieldset>
 
diff --git a/geonode/geoapps/templates/layouts/app_panels.html b/geonode/geoapps/templates/layouts/app_panels.html
index ddedc0eb6bf..b255bbe6ecd 100644
--- a/geonode/geoapps/templates/layouts/app_panels.html
+++ b/geonode/geoapps/templates/layouts/app_panels.html
@@ -1,6 +1,7 @@
 {% load i18n %}
 {% load static %}
 {% load floppyforms %}
+{% load contact_roles %}
 
 <!-- Required to make select2 fields work for autocomplete -->
 <link href="{% static "vendor/select2/dist/css/select2.css" %}" type="text/css" media="screen" rel="stylesheet" />
@@ -516,22 +517,35 @@
               {% endblock %}
               <div class="panel panel-default">
                   <div class="panel-heading">{% trans "Responsible and Permissions" %}</div>
+                  {% block geoapp_owner %}
                   <div class="panel-body">
                       <div>
                         <span><label for="{{ geoapp_form.owner|id }}">{{ geoapp_form.owner.label }}</label></span>
-                        <!--<p class="xxs-font-size">(Responsible of the cited resource)</p>-->
                         {{ geoapp_form.owner }}
-                      </div>
-                      <div>
-                          <span><label for="{{ geoapp_form.metadata_author|id }}">{{ geoapp_form.metadata_author.label }}</label></span>
-                          <!--<p class="xxs-font-size">(Author of the metadata)</p>-->
-                          {{ geoapp_form.metadata_author }}
-                      </div>
+                    </div>
+                  {% endblock geoapp_owner %}
+                </div>
+              </div>
+            <a href="#id-more-metadata-panel" data-toggle="collapse">{% trans "toggle more Contact Roles" %}</a>
+            {% block geoapp_more_contact_roles %}
+            <div class="panel panel-default panel-collapse collapse" collapsed id='id-more-metadata-panel'>
+              <div class="panel-heading">{% trans "more metadata contact roles" %}</div>
+                {% for contact_role in UI_ROLES_IN_TOGGLE_VIEW %}
+                  {% getattribute geoapp_form contact_role as cr %}
+                  <div class="panel-body">
+                    <div>
+                      <span><label for="{{cr|id}}">{{cr.label}}</label></span>
+                      {{ cr}}
+                    </div>
                   </div>
+                {% endfor %}
               </div>
             </div>
+            {% endblock geoapp_more_contact_roles %}
+          </div>
+          <!--End Contact Roles -->
         </div>
-      </div></div></div>
+      </div>
     </div>
     {% block extra_metadata_content %}
     {% endblock %}
diff --git a/geonode/geoapps/views.py b/geonode/geoapps/views.py
index 788dcaccbe1..6a2dd3b3344 100644
--- a/geonode/geoapps/views.py
+++ b/geonode/geoapps/views.py
@@ -24,7 +24,6 @@
 
 from django.conf import settings
 from django.shortcuts import render
-from django.forms.utils import ErrorList
 from django.utils.translation import ugettext as _
 from django.contrib.auth.decorators import login_required
 from django.http import HttpResponse, HttpResponseRedirect, Http404
@@ -207,8 +206,6 @@ def geoapp_metadata(
     # Add metadata_author or poc if missing
     geoapp_obj.add_missing_metadata_author_or_poc()
     resource_type = geoapp_obj.resource_type
-    poc = geoapp_obj.poc
-    metadata_author = geoapp_obj.metadata_author
     topic_category = geoapp_obj.category
     current_keywords = [keyword.name for keyword in geoapp_obj.keywords.all()]
 
@@ -271,8 +268,6 @@ def geoapp_metadata(
                 tkeywords_form.fields[tid].initial = values
 
     if request.method == "POST" and geoapp_form.is_valid() and category_form.is_valid() and tkeywords_form.is_valid():
-        new_poc = geoapp_form.cleaned_data.pop("poc")
-        new_author = geoapp_form.cleaned_data.pop("metadata_author")
         new_keywords = current_keywords if request.keyword_readonly else geoapp_form.cleaned_data.pop("keywords")
         new_regions = geoapp_form.cleaned_data.pop("regions")
 
@@ -283,42 +278,13 @@ def geoapp_metadata(
             and category_form.cleaned_data["category_choice_field"]
         ):
             new_category = TopicCategory.objects.get(id=int(category_form.cleaned_data["category_choice_field"]))
-
-        if new_poc is None:
-            if poc is None:
-                poc_form = ProfileForm(request.POST, prefix="poc", instance=poc)
-            else:
-                poc_form = ProfileForm(request.POST, prefix="poc")
-            if poc_form.is_valid():
-                if len(poc_form.cleaned_data["profile"]) == 0:
-                    # FIXME use form.add_error in django > 1.7
-                    errors = poc_form._errors.setdefault("profile", ErrorList())
-                    errors.append(_("You must set a point of contact for this resource"))
-                    poc = None
-            if poc_form.has_changed and poc_form.is_valid():
-                new_poc = poc_form.save()
-
-        if new_author is None:
-            if metadata_author is None:
-                author_form = ProfileForm(request.POST, prefix="author", instance=metadata_author)
-            else:
-                author_form = ProfileForm(request.POST, prefix="author")
-            if author_form.is_valid():
-                if len(author_form.cleaned_data["profile"]) == 0:
-                    # FIXME use form.add_error in django > 1.7
-                    errors = author_form._errors.setdefault("profile", ErrorList())
-                    errors.append(_("You must set an author for this resource"))
-                    metadata_author = None
-            if author_form.has_changed and author_form.is_valid():
-                new_author = author_form.save()
-
         geoapp_form.cleaned_data.pop("ptype")
 
-        additional_vals = dict(
-            poc=new_poc or geoapp_obj.poc,
-            metadata_author=new_author or geoapp_obj.metadata_author,
-            category=new_category,
-        )
+        # update contact roles
+        geoapp_obj.set_contact_roles_from_metadata_edit(geoapp_form)
+        geoapp_obj.save()
+
+        additional_vals = dict(category=new_category)
 
         geoapp_form.cleaned_data.pop("metadata")
         extra_metadata = geoapp_form.cleaned_data.pop("extra_metadata")
@@ -388,16 +354,13 @@ def geoapp_metadata(
         return HttpResponse(json.dumps(out), content_type="application/json", status=400)
     # - POST Request Ends here -
 
-    # Request.GET
-    if poc is not None:
-        geoapp_form.fields["poc"].initial = poc.id
-        poc_form = ProfileForm(prefix="poc")
-        poc_form.hidden = True
-
-    if metadata_author is not None:
-        geoapp_form.fields["metadata_author"].initial = metadata_author.id
-        author_form = ProfileForm(prefix="author")
-        author_form.hidden = True
+    # define contact role forms
+    contact_role_forms_context = {}
+    for role in geoapp_obj.get_multivalue_role_property_names():
+        geoapp_form.fields[role].initial = [p.username for p in geoapp_obj.__getattribute__(role)]
+        role_form = ProfileForm(prefix=role)
+        role_form.hidden = True
+        contact_role_forms_context[f"{role}_form"] = role_form
 
     metadata_author_groups = get_user_visible_groups(request.user)
 
@@ -416,8 +379,6 @@ def geoapp_metadata(
             "panel_template": panel_template,
             "custom_metadata": custom_metadata,
             "geoapp_form": geoapp_form,
-            "poc_form": poc_form,
-            "author_form": author_form,
             "category_form": category_form,
             "tkeywords_form": tkeywords_form,
             "metadata_author_groups": metadata_author_groups,
@@ -427,6 +388,8 @@ def geoapp_metadata(
                 set(getattr(settings, "UI_DEFAULT_MANDATORY_FIELDS", []))
                 | set(getattr(settings, "UI_REQUIRED_FIELDS", []))
             ),
+            **contact_role_forms_context,
+            "UI_ROLES_IN_TOGGLE_VIEW": geoapp_obj.get_ui_toggled_role_property_names(),
         },
     )
 
diff --git a/geonode/geoserver/helpers.py b/geonode/geoserver/helpers.py
index cc9135d243f..8067f272adb 100755
--- a/geonode/geoserver/helpers.py
+++ b/geonode/geoserver/helpers.py
@@ -2081,19 +2081,19 @@ def sync_instance_with_geoserver(instance_id, *args, **kwargs):
 
                 if updatemetadata:
                     gs_resource.metadata_links = metadata_links
-
+                    default_poc = instance.get_first_contact_of_role(role="poc")
                     # Update Attribution link
-                    if instance.poc:
+                    if default_poc:
                         # gsconfig now utilizes an attribution dictionary
                         gs_resource.attribution = {
-                            "title": str(instance.poc),
+                            "title": str(instance.poc_csv),
                             "width": None,
                             "height": None,
                             "href": None,
                             "url": None,
                             "type": None,
                         }
-                        profile = get_user_model().objects.get(username=instance.poc.username)
+                        profile = get_user_model().objects.get(username=default_poc.username)
                         site_url = (
                             settings.SITEURL.rstrip("/") if settings.SITEURL.startswith("http") else settings.SITEURL
                         )
diff --git a/geonode/harvesting/harvesters/geonodeharvester.py b/geonode/harvesting/harvesters/geonodeharvester.py
index ec31b84b1d4..0f9de873476 100644
--- a/geonode/harvesting/harvesters/geonodeharvester.py
+++ b/geonode/harvesting/harvesters/geonodeharvester.py
@@ -364,6 +364,7 @@ def _get_resource_descriptor(
             # these work for both datasets and documents
             uuid=resource["uuid"],
             language=resource["language"],
+            # TODO issue#10290
             point_of_contact=self._get_contact_descriptor("pointOfContact", resource["poc"]),
             author=self._get_contact_descriptor("author", resource["metadata_author"]),
             date_stamp=resource_datestamp,
diff --git a/geonode/layers/api/tests.py b/geonode/layers/api/tests.py
index 88ba047ed03..79b4330977b 100644
--- a/geonode/layers/api/tests.py
+++ b/geonode/layers/api/tests.py
@@ -324,6 +324,304 @@ def test_layer_replace_should_work(self, _validate_input_source):
         # evaluate that the number of available layer is not changed
         self.assertEqual(Dataset.objects.count(), cnt)
 
+    def test_patch_point_of_contact(self):
+        layer = Dataset.objects.first()
+        url = urljoin(f"{reverse('datasets-list')}/", f"{layer.id}")
+        self.client.login(username="admin", password="admin")
+        get_user_model().objects.get_or_create(username="ninja")
+        get_user_model().objects.get_or_create(username="turtle")
+        users = get_user_model().objects.exclude(pk=-1)
+        user_ids = [user.pk for user in users]
+        patch_data = {"poc": [{"pk": uid} for uid in user_ids]}
+        response = self.client.patch(url, data=patch_data, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(user_id in [poc.get("pk") for poc in response.json().get("dataset").get("poc")] for user_id in user_ids)
+        )
+        # Resetting all point of contact
+        response = self.client.patch(url, data={"poc": []}, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id not in [poc.get("pk") for poc in response.json().get("dataset").get("poc")]
+                for user_id in user_ids
+            )
+        )
+
+    def test_patch_metadata_author(self):
+        layer = Dataset.objects.first()
+        url = urljoin(f"{reverse('datasets-list')}/", f"{layer.id}")
+        self.client.login(username="admin", password="admin")
+        get_user_model().objects.get_or_create(username="ninja")
+        get_user_model().objects.get_or_create(username="turtle")
+        users = get_user_model().objects.exclude(pk=-1)
+        user_ids = [user.pk for user in users]
+        patch_data = {"metadata_author": [{"pk": uid} for uid in user_ids]}
+        response = self.client.patch(url, data=patch_data, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id
+                in [
+                    metadata_author.get("pk")
+                    for metadata_author in response.json().get("dataset").get("metadata_author")
+                ]
+                for user_id in user_ids
+            )
+        )
+        # Resetting all metadata authors
+        response = self.client.patch(url, data={"metadata_author": []}, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id
+                not in [
+                    metadata_author.get("pk")
+                    for metadata_author in response.json().get("dataset").get("metadata_author")
+                ]
+                for user_id in user_ids
+            )
+        )
+
+    def test_patch_processor(self):
+        layer = Dataset.objects.first()
+        url = urljoin(f"{reverse('datasets-list')}/", f"{layer.id}")
+        self.client.login(username="admin", password="admin")
+        get_user_model().objects.get_or_create(username="ninja")
+        get_user_model().objects.get_or_create(username="turtle")
+        users = get_user_model().objects.exclude(pk=-1)
+        user_ids = [user.pk for user in users]
+        patch_data = {"processor": [{"pk": uid} for uid in user_ids]}
+        response = self.client.patch(url, data=patch_data, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id in [processor.get("pk") for processor in response.json().get("dataset").get("processor")]
+                for user_id in user_ids
+            )
+        )
+        # Resetting all processors
+        response = self.client.patch(url, data={"processor": []}, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id not in [processor.get("pk") for processor in response.json().get("dataset").get("processor")]
+                for user_id in user_ids
+            )
+        )
+
+    def test_patch_publisher(self):
+        layer = Dataset.objects.first()
+        url = urljoin(f"{reverse('datasets-list')}/", f"{layer.id}")
+        self.client.login(username="admin", password="admin")
+        get_user_model().objects.get_or_create(username="ninja")
+        get_user_model().objects.get_or_create(username="turtle")
+        users = get_user_model().objects.exclude(pk=-1)
+        user_ids = [user.pk for user in users]
+        patch_data = {"publisher": [{"pk": uid} for uid in user_ids]}
+        response = self.client.patch(url, data=patch_data, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id in [publisher.get("pk") for publisher in response.json().get("dataset").get("publisher")]
+                for user_id in user_ids
+            )
+        )
+        # Resetting all publishers
+        response = self.client.patch(url, data={"publisher": []}, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id not in [publisher.get("pk") for publisher in response.json().get("dataset").get("publisher")]
+                for user_id in user_ids
+            )
+        )
+
+    def test_patch_custodian(self):
+        layer = Dataset.objects.first()
+        url = urljoin(f"{reverse('datasets-list')}/", f"{layer.id}")
+        self.client.login(username="admin", password="admin")
+        get_user_model().objects.get_or_create(username="ninja")
+        get_user_model().objects.get_or_create(username="turtle")
+        users = get_user_model().objects.exclude(pk=-1)
+        user_ids = [user.pk for user in users]
+        patch_data = {"custodian": [{"pk": uid} for uid in user_ids]}
+        response = self.client.patch(url, data=patch_data, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id in [custodian.get("pk") for custodian in response.json().get("dataset").get("custodian")]
+                for user_id in user_ids
+            )
+        )
+        # Resetting all custodians
+        response = self.client.patch(url, data={"custodian": []}, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id not in [custodian.get("pk") for custodian in response.json().get("dataset").get("custodian")]
+                for user_id in user_ids
+            )
+        )
+
+    def test_patch_distributor(self):
+        layer = Dataset.objects.first()
+        url = urljoin(f"{reverse('datasets-list')}/", f"{layer.id}")
+        self.client.login(username="admin", password="admin")
+        get_user_model().objects.get_or_create(username="ninja")
+        get_user_model().objects.get_or_create(username="turtle")
+        users = get_user_model().objects.exclude(pk=-1)
+        user_ids = [user.pk for user in users]
+        patch_data = {"distributor": [{"pk": uid} for uid in user_ids]}
+        response = self.client.patch(url, data=patch_data, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id in [distributor.get("pk") for distributor in response.json().get("dataset").get("distributor")]
+                for user_id in user_ids
+            )
+        )
+        # Resetting all distributers
+        response = self.client.patch(url, data={"distributor": []}, format="json")
+
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id
+                not in [distributor.get("pk") for distributor in response.json().get("dataset").get("distributor")]
+                for user_id in user_ids
+            )
+        )
+
+    def test_patch_resource_user(self):
+        layer = Dataset.objects.first()
+        url = urljoin(f"{reverse('datasets-list')}/", f"{layer.id}")
+        self.client.login(username="admin", password="admin")
+        get_user_model().objects.get_or_create(username="ninja")
+        get_user_model().objects.get_or_create(username="turtle")
+        users = get_user_model().objects.exclude(pk=-1)
+        user_ids = [user.pk for user in users]
+        patch_data = {"resource_user": [{"pk": uid} for uid in user_ids]}
+        response = self.client.patch(url, data=patch_data, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id
+                in [resource_user.get("pk") for resource_user in response.json().get("dataset").get("resource_user")]
+                for user_id in user_ids
+            )
+        )
+        # Resetting all resource users
+        response = self.client.patch(url, data={"resource_user": []}, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id
+                not in [
+                    resource_user.get("pk") for resource_user in response.json().get("dataset").get("resource_user")
+                ]
+                for user_id in user_ids
+            )
+        )
+
+    def test_patch_resource_provider(self):
+        layer = Dataset.objects.first()
+        url = urljoin(f"{reverse('datasets-list')}/", f"{layer.id}")
+        self.client.login(username="admin", password="admin")
+        get_user_model().objects.get_or_create(username="ninja")
+        get_user_model().objects.get_or_create(username="turtle")
+        users = get_user_model().objects.exclude(pk=-1)
+        user_ids = [user.pk for user in users]
+        patch_data = {"resource_provider": [{"pk": uid} for uid in user_ids]}
+        response = self.client.patch(url, data=patch_data, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id
+                in [
+                    resource_provider.get("pk")
+                    for resource_provider in response.json().get("dataset").get("resource_provider")
+                ]
+                for user_id in user_ids
+            )
+        )
+        # Resetting all principal investigator
+        response = self.client.patch(url, data={"resource_provider": []}, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id
+                not in [
+                    resource_provider.get("pk")
+                    for resource_provider in response.json().get("dataset").get("resource_provider")
+                ]
+                for user_id in user_ids
+            )
+        )
+
+    def test_patch_originator(self):
+        layer = Dataset.objects.first()
+        url = urljoin(f"{reverse('datasets-list')}/", f"{layer.id}")
+        self.client.login(username="admin", password="admin")
+
+        get_user_model().objects.get_or_create(username="ninja")
+        get_user_model().objects.get_or_create(username="turtle")
+        users = get_user_model().objects.exclude(pk=-1)
+        user_ids = [user.pk for user in users]
+        patch_data = {"originator": [{"pk": uid} for uid in user_ids]}
+        response = self.client.patch(url, data=patch_data, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id in [originator.get("pk") for originator in response.json().get("dataset").get("originator")]
+                for user_id in user_ids
+            )
+        )
+        # Resetting all originators
+        response = self.client.patch(url, data={"originator": []}, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id not in [originator.get("pk") for originator in response.json().get("dataset").get("originator")]
+                for user_id in user_ids
+            )
+        )
+
+    def test_patch_principal_investigator(self):
+        layer = Dataset.objects.first()
+        url = urljoin(f"{reverse('datasets-list')}/", f"{layer.id}")
+        self.client.login(username="admin", password="admin")
+        get_user_model().objects.get_or_create(username="ninja")
+        get_user_model().objects.get_or_create(username="turtle")
+        users = get_user_model().objects.exclude(pk=-1)
+        user_ids = [user.pk for user in users]
+        patch_data = {"principal_investigator": [{"pk": uid} for uid in user_ids]}
+        response = self.client.patch(url, data=patch_data, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id
+                in [
+                    principal_investigator.get("pk")
+                    for principal_investigator in response.json().get("dataset").get("principal_investigator")
+                ]
+                for user_id in user_ids
+            )
+        )
+        # Resetting all principal investigator
+        response = self.client.patch(url, data={"principal_investigator": []}, format="json")
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(
+            all(
+                user_id
+                not in [
+                    principal_investigator.get("pk")
+                    for principal_investigator in response.json().get("dataset").get("principal_investigator")
+                ]
+                for user_id in user_ids
+            )
+        )
+
     def test_metadata_update_for_not_supported_method(self):
         layer = Dataset.objects.first()
         url = reverse("datasets-replace-metadata", args=(layer.id,))
diff --git a/geonode/layers/templates/datasets/dataset_metadata.html b/geonode/layers/templates/datasets/dataset_metadata.html
index cfb423709ac..69fe111eca2 100644
--- a/geonode/layers/templates/datasets/dataset_metadata.html
+++ b/geonode/layers/templates/datasets/dataset_metadata.html
@@ -43,12 +43,12 @@ <h2 class="page-title">{% trans "Metadata" %}&nbsp;{% blocktrans with dataset.ti
           Some of your original metadata may have been lost.{% endblocktrans %}</p>
       {% endif %}
 
-      {% if dataset_form.errors or attribute_form.errors or category_form.errors or author_form.errors or poc.errors or tkeywords_form.errors %}
+      {% if dataset_form.errors or attribute_form.errors or category_form.errors or metadata_author_form.errors or poc.errors or tkeywords_form.errors %}
     	  <p class="bg-danger">{% blocktrans %}Error updating metadata.  Please check the following fields: {% endblocktrans %}</p>
           <ul class="bg-danger">
-          {% if author_form.errors %}
+          {% if metadata_author_form.errors %}
             <li>{% trans "Metadata Author" %}</li>
-            {{ author_form.errors }}
+            {{ metadata_author_form.errors }}
           {% endif %}
           {% if poc_form.errors %}
             <li>{% trans "Point of Contact" %}</li>
@@ -91,7 +91,7 @@ <h2>{% trans "Point of Contact" %}</h2>
             </fieldset>
             <fieldset class="form-controls modal-forms modal hide fade" id="metadata_form">
               <h2>{% trans "Metadata Provider" %}</h2>
-                {{ author_form|as_bootstrap }}
+                {{ metadata_author_form|as_bootstrap }}
               <button type='button' class="modal-cloose-btn btn btn-primary">{% trans "Done" %}</button>
             </fieldset>
 
diff --git a/geonode/layers/templates/datasets/dataset_metadata_advanced.html b/geonode/layers/templates/datasets/dataset_metadata_advanced.html
index fff3b8aef0f..c7169f960cb 100644
--- a/geonode/layers/templates/datasets/dataset_metadata_advanced.html
+++ b/geonode/layers/templates/datasets/dataset_metadata_advanced.html
@@ -52,12 +52,12 @@ <h2 class="page-title">{% trans "Edit Metadata" %}</h2>
       {% endblock metadata_uploaded_check %}
 
       {% block dataset_form_errors %}
-      {% if dataset_form.errors or attribute_form.errors or category_form.errors or author_form.errors or poc.errors %}
+      {% if dataset_form.errors or attribute_form.errors or category_form.errors or metadata_author_form.errors or poc.errors %}
     	    <p class="bg-danger">{% blocktrans %}Error updating metadata.  Please check the following fields: {% endblocktrans %}</p>
           <ul class="bg-danger">
-          {% if author_form.errors %}
+          {% if metadata_author_form.errors %}
             <li>{% trans "Metadata Author" %}</li>
-            {{ author_form.errors }}
+            {{ metadata_author_form.errors }}
           {% endif %}
           {% if poc_form.errors %}
             <li>{% trans "Point of Contact" %}</li>
@@ -210,7 +210,7 @@ <h2>{% trans "Point of Contact" %}</h2>
             {% block metadata_provider %}
             <fieldset class="form-controls modal-forms modal hide fade" id="metadata_form">
               <h2>{% trans "Metadata Provider" %}</h2>
-                {{ author_form|as_bootstrap }}
+                {{ metadata_author_form|as_bootstrap }}
               <button type='button' class="modal-cloose-btn btn btn-primary">{% trans "Done" %}</button>
             </fieldset>
             {% endblock metadata_provider %}
diff --git a/geonode/layers/templates/layouts/panels.html b/geonode/layers/templates/layouts/panels.html
index 4ee805635e8..40a9c3e4321 100644
--- a/geonode/layers/templates/layouts/panels.html
+++ b/geonode/layers/templates/layouts/panels.html
@@ -1,6 +1,8 @@
 {% load i18n %}
 {% load static %}
 {% load floppyforms %}
+{% load contact_roles %}
+
 <script type="text/javascript">
     // this is used by thumbnail.js to POST to the thumbnail update view
     window.thumbnailUpdateUrl = '{% url 'base-resources-set-thumb-from-bbox' resource.id %}';
@@ -259,7 +261,7 @@
         {% trans "Optional" %}
       </div>
   {% endif %}
-  
+
 </div>
 {% endblock edit_progress %}
  {% block breadcrumbs %}
@@ -474,7 +476,6 @@
                                 {% endblock dataset_constraints %}
                             </div>
                             <div class="row">
-
                             </div>
                         </div>
                     </div>
@@ -565,38 +566,49 @@
                     {% endblock dataset_linked_resources %}
                 </div>
             </div>
-            <div class="col-xs-12 col-lg-3">
-              {% block dataset_poc %}
-              <div class="panel panel-default" style="margin-top: 5px">
-                  <div class="panel-heading">{% trans "Responsible Parties" %}</div>
-                    <div class="panel-body check-select">
-                        <span><label for="{{ dataset_form.poc|id }}">{{ dataset_form.poc.label }}</label></span>
-                        {{ dataset_form.poc }}
-                    </div>
-              </div>
-              {% endblock dataset_poc %}              
+            <!-- Contact Roles -->
+            <div class="col-xs-12 col-lg-3" >
+              <div class="panel panel-default" class="collapse" style="margin-top: 5px">
+                <div class="panel-heading">{% trans "Responsible Parties" %}</div>
+                  {% block dataset_poc %}
+                  <div class="panel-body check-select">
+                      <span><label for="{{ dataset_form.poc|id }}">{{ dataset_form.poc.label }}</label></span>
+                      {{ dataset_form.poc }}
+                  </div>
+                  {% endblock dataset_poc %}
+            </div>
               <div class="panel panel-default">
                   <div class="panel-heading">{% trans "Responsible and Permissions" %}</div>
                   <div class="panel-body">
                     {% block dataset_owner %}
                       <div>
                           <span><label for="{{ dataset_form.owner|id }}">{{ dataset_form.owner.label }}</label></span>
-                          <!--<p class="xxs-font-size">(Responsible of the cited resource)</p>-->
                           {{ dataset_form.owner }}
                       </div>
                     {% endblock dataset_owner %}
-                    {% block dataset_metadata_author %}
+                  </div>
+                </div>
+              <a href="#id-more-metadata-panel" data-toggle="collapse">{% trans "toggle more Contact Roles" %}</a>
+              {% block dataset_more_contact_roles %}
+              <div class="panel panel-default panel-collapse collapse" collapsed id='id-more-metadata-panel'>
+                <div class="panel-heading">{% trans "more metadata contact roles" %}</div>
+                  {% for contact_role in UI_ROLES_IN_TOGGLE_VIEW %}
+                    {% getattribute dataset_form contact_role as cr %}
+                    <div class="panel-body">
                       <div>
-                          <span><label for="{{ dataset_form.metadata_author|id }}">{{ dataset_form.metadata_author.label }}</label></span>
-                          <!--<p class="xxs-font-size">(Author of the metadata)</p>-->
-                          {{ dataset_form.metadata_author }}
+                        <span><label for="{{cr|id}}">{{cr.label}}</label></span>
+                        {{ cr}}
                       </div>
-                    {% endblock dataset_metadata_author %}
-                  </div>
+                    </div>
+                  {% endfor %}
+                </div>
               </div>
+              {% endblock dataset_more_contact_roles %}
             </div>
+            <!--End Contact Roles -->
+          </div>
         </div>
-      </div></div></div>
+      </div>
     </div>
     {% endblock %}
     {% block dataset %}
@@ -750,7 +762,7 @@
                     </div>
                     <span><label for="dataset_presentation">Presentation</label></span>
                       {{timeseries_form.presentation}}
-                      <div id='precision_value'>                      
+                      <div id='precision_value'>
                       <span><label for="dataset_precision_value">Precision Value</label></span><br>
                       {{timeseries_form.precision_value}}<br>
                       <span><label for="dataset_precision_step">Precision Step</label></span>
@@ -811,4 +823,4 @@ <h4>{% trans "Selecting an Attribute" %}</h4>
       </div>
     </div>
   </div>
-</div>
\ No newline at end of file
+</div>
diff --git a/geonode/layers/templatetags/contact_roles.py b/geonode/layers/templatetags/contact_roles.py
new file mode 100644
index 00000000000..240d63d7805
--- /dev/null
+++ b/geonode/layers/templatetags/contact_roles.py
@@ -0,0 +1,43 @@
+#########################################################################
+#
+# Copyright (C) 2016 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+
+from django import template
+
+register = template.Library()
+
+
+@register.filter(is_safe=True)
+def get_contact_role_id(form, contact):
+    return id(form.fields[contact])
+
+
+@register.filter(is_safe=True)
+def get_contact_role_label(form, contact):
+    return form.fields[contact].label
+
+
+@register.filter(is_safe=True)
+def get_contact_role_value(form, contact):
+    return form[contact]
+
+
+@register.simple_tag
+def getattribute(form, contact):
+    """Gets an attribute of an object dynamically from a string name"""
+    return form[contact]
diff --git a/geonode/layers/tests.py b/geonode/layers/tests.py
index ec08069bac6..c4d0bf88f0b 100644
--- a/geonode/layers/tests.py
+++ b/geonode/layers/tests.py
@@ -59,6 +59,7 @@
 from geonode.layers.views import _resolve_dataset
 from geonode import GeoNodeException, geoserver
 from geonode.people.utils import get_valid_user
+from geonode.people import Roles
 from guardian.shortcuts import get_anonymous_user
 from geonode.tests.base import GeoNodeBaseTestSupport
 from geonode.resource.manager import resource_manager
@@ -1821,6 +1822,8 @@ def test_give_single_file_should_return_False(self):
 class TestDatasetForm(GeoNodeBaseTestSupport):
     def setUp(self) -> None:
         self.user = get_user_model().objects.get(username="admin")
+        self.user2 = get_user_model().objects.get_or_create(username="svenzwei")
+
         self.dataset = create_single_dataset("my_single_layer", owner=self.user)
         self.sut = DatasetForm
         self.time_form = DatasetTimeSerieForm
@@ -2040,6 +2043,44 @@ def test_dataset_time_form_should_raise_error_if_invalid_payload(self):
             form.errors["presentation"][0],
         )
 
+    def test_resource_form_is_valid_single_user_contact_role(self):
+        """test if passing a single user to a contact role form is working"""
+        users = get_user_model().objects.filter(username="svenzwei")
+        cr = Roles.get_multivalue_ones()[0]
+        form = self.sut(
+            instance=self.dataset,
+            data={
+                "owner": self.dataset.owner.id,
+                cr.name: [u.username for u in users],
+                "title": "layer_title",
+                "date": "2022-01-24 16:38 pm",
+                "date_type": "creation",
+                "language": "eng",
+                "extra_metadata": '[{"id": 1, "filter_header": "object", "field_name": "object", "field_label": "object", "field_value": "object"}]',
+            },
+        )
+        self.assertTrue(form.is_valid())
+        self.assertEqual(list(form.cleaned_data[cr.name]), list(users))
+
+    def test_resource_form_is_valid_multiple_user_contact_role_as_queryset(self):
+        """test if passing a multiple user to a contact role form is working"""
+        users = get_user_model().objects.filter(username__in=["svenzwei", "admin"])
+        for cr in Roles.get_multivalue_ones():
+            form = self.sut(
+                instance=self.dataset,
+                data={
+                    "owner": self.dataset.owner.id,
+                    cr.name: [u.username for u in users],
+                    "title": "layer_title",
+                    "date": "2022-01-24 16:38 pm",
+                    "date_type": "creation",
+                    "language": "eng",
+                    "extra_metadata": '[{"id": 1, "filter_header": "object", "field_name": "object", "field_label": "object", "field_value": "object"}]',
+                },
+            )
+            self.assertTrue(form.is_valid())
+            self.assertEqual(list(form.cleaned_data[cr.name]), list(users))
+
     def test_resource_form_is_invalid_with_incompleted_timeserie_data(self):
         self.client.login(username="admin", password="admin")
         url = reverse("dataset_metadata", args=(self.dataset.alternate,))
diff --git a/geonode/layers/views.py b/geonode/layers/views.py
index e4a7f21fb7b..f7729d2ce09 100644
--- a/geonode/layers/views.py
+++ b/geonode/layers/views.py
@@ -33,7 +33,6 @@
 from django.contrib import messages
 from django.shortcuts import render
 from django.utils.html import escape
-from django.forms.utils import ErrorList
 from django.contrib.auth import get_user_model
 from django.utils.translation import ugettext as _
 from django.core.exceptions import PermissionDenied
@@ -350,7 +349,6 @@ def dataset_metadata(
         raise Http404(Exception(_("Not found"), e))
     if not layer:
         raise Http404(_("Not found"))
-
     dataset_attribute_set = inlineformset_factory(
         Dataset,
         Attribute,
@@ -361,12 +359,10 @@ def dataset_metadata(
     topic_category = layer.category
 
     topic_thesaurus = layer.tkeywords.all()
+
     # Add metadata_author or poc if missing
     layer.add_missing_metadata_author_or_poc()
 
-    poc = layer.poc
-    metadata_author = layer.metadata_author
-
     # assert False, str(dataset_bbox)
     config = layer.attribute_config()
 
@@ -532,7 +528,6 @@ def dataset_metadata(
                 values = []
                 values = [keyword.id for keyword in topic_thesaurus if int(tid) == keyword.thesaurus.id]
                 tkeywords_form.fields[tid].initial = values
-
     if (
         request.method == "POST"
         and dataset_form.is_valid()
@@ -541,37 +536,6 @@ def dataset_metadata(
         and tkeywords_form.is_valid()
         and timeseries_form.is_valid()
     ):
-        new_poc = dataset_form.cleaned_data["poc"]
-        new_author = dataset_form.cleaned_data["metadata_author"]
-
-        if new_poc is None:
-            if poc is None:
-                poc_form = ProfileForm(request.POST, prefix="poc", instance=poc)
-            else:
-                poc_form = ProfileForm(request.POST, prefix="poc")
-            if poc_form.is_valid():
-                if len(poc_form.cleaned_data["profile"]) == 0:
-                    # FIXME use form.add_error in django > 1.7
-                    errors = poc_form._errors.setdefault("profile", ErrorList())
-                    errors.append(_("You must set a point of contact for this resource"))
-                    poc = None
-            if poc_form.has_changed and poc_form.is_valid():
-                new_poc = poc_form.save()
-
-        if new_author is None:
-            if metadata_author is None:
-                author_form = ProfileForm(request.POST, prefix="author", instance=metadata_author)
-            else:
-                author_form = ProfileForm(request.POST, prefix="author")
-            if author_form.is_valid():
-                if len(author_form.cleaned_data["profile"]) == 0:
-                    # FIXME use form.add_error in django > 1.7
-                    errors = author_form._errors.setdefault("profile", ErrorList())
-                    errors.append(_("You must set an author for this resource"))
-                    metadata_author = None
-            if author_form.has_changed and author_form.is_valid():
-                new_author = author_form.save()
-
         new_category = None
         if (
             category_form
@@ -589,11 +553,9 @@ def dataset_metadata(
             la.featureinfo_type = form["featureinfo_type"]
             la.save()
 
-        if new_poc is not None or new_author is not None:
-            if new_poc is not None:
-                layer.poc = new_poc
-            if new_author is not None:
-                layer.metadata_author = new_author
+        # update contact roles
+        layer.set_contact_roles_from_metadata_edit(dataset_form)
+        layer.save()
 
         new_keywords = current_keywords if request.keyword_readonly else dataset_form.cleaned_data["keywords"]
         new_regions = [x.strip() for x in dataset_form.cleaned_data["regions"]]
@@ -683,21 +645,13 @@ def dataset_metadata(
     if not AdvancedSecurityWorkflowManager.is_allowed_to_approve(request.user, layer):
         dataset_form.fields["is_approved"].widget.attrs.update({"disabled": "true"})
 
-    if poc is not None:
-        dataset_form.fields["poc"].initial = poc.id
-        poc_form = ProfileForm(prefix="poc")
-        poc_form.hidden = True
-    else:
-        poc_form = ProfileForm(prefix="poc")
-        poc_form.hidden = False
-
-    if metadata_author is not None:
-        dataset_form.fields["metadata_author"].initial = metadata_author.id
-        author_form = ProfileForm(prefix="author")
-        author_form.hidden = True
-    else:
-        author_form = ProfileForm(prefix="author")
-        author_form.hidden = False
+    # define contact role forms
+    contact_role_forms_context = {}
+    for role in layer.get_multivalue_role_property_names():
+        dataset_form.fields[role].initial = [p.username for p in layer.__getattribute__(role)]
+        role_form = ProfileForm(prefix=role)
+        role_form.hidden = True
+        contact_role_forms_context[f"{role}_form"] = role_form
 
     metadata_author_groups = get_user_visible_groups(request.user)
 
@@ -711,8 +665,6 @@ def dataset_metadata(
             "panel_template": panel_template,
             "custom_metadata": custom_metadata,
             "dataset_form": dataset_form,
-            "poc_form": poc_form,
-            "author_form": author_form,
             "attribute_form": attribute_form,
             "timeseries_form": timeseries_form,
             "category_form": category_form,
@@ -728,6 +680,8 @@ def dataset_metadata(
                 set(getattr(settings, "UI_DEFAULT_MANDATORY_FIELDS", []))
                 | set(getattr(settings, "UI_REQUIRED_FIELDS", []))
             ),
+            **contact_role_forms_context,
+            "UI_ROLES_IN_TOGGLE_VIEW": layer.get_ui_toggled_role_property_names(),
         },
     )
 
diff --git a/geonode/locale/de/LC_MESSAGES/django.mo b/geonode/locale/de/LC_MESSAGES/django.mo
index 2034684e2c89f29e0300b7aa74d4415f38757a97..95e04cff54c2ac0d3874ac73c5d7f354f7ee4379 100644
GIT binary patch
delta 32923
zcmZwQ1&|e2ySCw;!QI^k9o*e*a2<lXLvVLC5ZnnG+%32h+#P}w++Bhb2;tn%UN7}i
zU;SOxxt3e6)q4*!=R3ELM4EprlJ92huv0y*ci}uQDelbXc^@NqUW3L;^}PH(&x;u7
zc?B?efajGQ?0M5jZ#u;DT9f_>Taw;nnCC^q!^1uAC-N_h@VpSrFw*ntk=_YQ5<fo5
z^SWWQ(Vo}A^L*Z50&Pinh03Tq#`Au~Q&<(7jP<-axDH!lq;Z~C96R9?rQ<-HIo|Vf
zVWJ71mjf%K2I|A^7=NPYHODbn6JO!_n9M3<lIP_m;o}0&i;7tndR}fUgh{Y7#>24~
z85d$KT#d<b4+i5+OpD<cd0q_6j2cK`EQ%d5Jg&xwxCtZEzqd;PJc^O<Jn{s*8(1D6
zU~$a0n8$#fF(a<TQFsv#VB;m8_YG4o^}HQ&ndg<mTi5{8FZaA~I1E$Z81!i-zY~zV
zFb<xv_&rQR{5@(V60cwxF|Sz}6B2J>@d22U_!Lw-Tg>CA6})Njcc=kGT*>oS$LUwP
z0Te`4tYq;fn4Wl7)Y8tv)VL2b;seyu$Nb&p=f^C>8=*GySk%B*U@|;}iSVAKfBl{H
zSHVQ9JTD#QH5;M|4n@syE+)pUs1-P8=}*kS)t(oZ^dy)7v!lwDGaIAY>4_>g!O|D|
zEU*JL!gH7j|3(cg=^D=q!UCxLdZ-!oM&(bzEVv%EQnyg`Bd+zlhL{`w4a12-4Q#?j
zw_?jsd%<^xKr{juF(TeW?b7GwThwO!jBzk<6U&Y9Q8NlgJ;LIsa-kR<>!I3hYx%t_
zJ_@6dJ{=?L{4XL9n}ju}hW1(fJZeA>Q6qnaYB0iPcf8`E29g$O$jfW#B~UY~jv8=n
zRK0en@_kUpb2O%-e{UuMR><3jQSlIJDbJyv;TO~ZVsGIrV@9lmtuYI3LN$CB^@!f0
z+KIK*nH)8MOc;a(P<yQ&MxcLhFaa(3DAco^h{bUgs-YLCCHriK-{u;OjY<zPGh2Fo
z)XJ5?1Xva0VQb8Z15n3w9r|<*&k@LnZ!iO9-0pe(@F!G-KT%5=<`4I%5?~~iLp7Wm
z^~@`nby1I`4QeI3p$0k|^=Ou3LR|9)>#vL>BxniGqc+ifRD;h^OZNqJ{v+*h<+7n>
zRvh&{sDm0%f7GrYj;enjHITRFf2aXO+Ubn3ll9k9#UnullcSbA18S4xMGc?~2I5bs
z25O@Q+z_>QI$FFdYC^xD>Q6wmJI`E+>TffupWQwJ@d=zj?SZ>i;0fw9yg@Y(c9*Ld
z1GVG{QRTB@63m0@u)5h46BF-(`j8rnI%U6OD%_2Fq`o@@w3P3yK(yWN%@>5>13a%F
zCL_PZ9{2g(7}fDY)C^XjR$>e0$0HW^_PP#Zp$3o!HNa9B7Hc3Y>GSFkP(zJSA2#i<
z3r@t67`V^#ieU&A#$l*e^L`wH*HJTSyx%>VA*c>UqV~o()LvMRn(<!LfG_ydeSC-z
z&@*|58pv1F?u>lEZN}87N0bSbUlKKds;F{pQJZ!Ms-w}UNA{bgFUGjUSE0)9L$!Am
zQ_;Wonm{d#d(b`0cBoA^0#o5s%!J!ed*VLk#t&EkGad50BG?j(;v!^ey}PJ^Jw`pU
zzfmjj5jBx0hgpCBW+I>wXGP7RfW^yMyoT8fwO6{J8W@GzRMSwKa0O~<4_W#p)Fyml
z>0yt!3B^O5lKe+_{u*Iv64Y@e)XeLnHcML!k9{x<4#KcF6#WB0y`ZMy96W}*19;ON
zbxWM?xEo**RK04bj%!+a)8nkamb5zw>Toz}Ak$DCFG2saL(Oa-s{A?B0Pdq!;5BL`
z!=7-@I5DbRF4W!%!R%NC)xHna{&)qV5SWVUU;#$P4X8KTE{uXlFb|%`AdGa<tyD(T
zK=PyZLI`Se`cMP=4K<KesP=c8XDr`$+Y;Vl3JQch<vLD-T9K@%^rEQuKqJ&r_Q!BI
z7&XHYsE#I@3sLnqVN^V5>1Qo|51E+H`<s9Y{)>4r>S_1vN}-mh9%|%GQ7h8b^81^U
zQ3F|tVR-iIFaq&SXWT${q6W4Pqv3hfDY%14=-+!!KuZ<tPq*}GP&3Mg>Nr2DVtI?#
zM$M=V>Y4XIbub1sz&Vz`3{`Ivs>A)Lfn7qCyNNOA-+N3zGx&t6@E^9psApYAJy7XG
zPz_A9_zcvkSc>JD`ASSm{M|Vo6UI94e$wfT+CzttBHlSve~T}${yNVq3CR7Z7s*xB
zvrc%?70inoabeUexD09!{DP`C60_ob%!y}E0}Z_7Rwgp)&6gCTV;<BBmcGRLE1|j-
zY+@N*F$U>AjENI0eZINc{KGtg+A9|@7GA^n_yRTXu$SFLqN4^D*WyVpv;KP4sYp=4
zOsJ*KgId~B7B7n`R}<AiBh<h;Tl!!ePJA?0!B|(^3N^uO#9LwpoQiRA59-x^!AC$d
z{b(5x{&FKsih4$Aa3W?z&2R^5p!>~}s7G}P)!;kS025qwE06&dFOJ#+p{Rj3LjMYP
zB9M>-AL^XXz~Z<Kbt?Wrtw_{sZeWQ~14xD11DR1TtQ?kK*es1nNUwy6unp>w3_(5n
z-;fpYc}ods5BzBbZkZo2E4w<{bvKa0H(Uc%u?Xc`p$4)T^-R}b5N<&Y_%i;C4^RWB
zcGJ!HXR|NH(fJ=uKn=}BJ)7lLU>9m;r!0O2HPFYXz3>qWpm)nXs)DGcEpArFVB*bC
zk8U*T5lq6wI0qy72y7#e0QaLhxT*|%f~xoyH{xfDuet61rDQW6BR#_%z9-^a)FXL#
z*KOWssQ4>XyYEl~40F$Y7{x`OItU>U4=Z6HHbYftiCU5FsF9Dtv^W)~;0|nw)$Y3$
z*n-K3??knG71iM#)E;|d@hA`6qe%LI_16m{GYR>yF^0qGsAoC{!{QRu09K-wZVP5-
zZ=A((!~-9>XFd`46Q7IP^-UkUiFHG*=qSv9lTmwO*JGaxT(*SQn3;?yPuwoeZ-!tJ
z(nBrY5w$n^VO|`Lb8#1Hzzv={o1)6K!id-f^{D$|B>dG!KubIu!{K^V!L6uWycbj9
zX-j{NIzFFKk0`=3S1!Jp26e7;TD&BxTs2fbjZu%LJE}ilKLQmA47Q9@7=`!+RDs*5
zNAb|oUt0V#YNmnD-OqRtFdgyim;!5~9#t<({}ok!J8D3?k%9WWQv{-ta04UbQ&h+A
zQ7iEUwK>DSa3fEQTEdj5jtZbQU0u{bd!hf$hU#zvYN@B7+L>$Vn=q=*|8@fH$vBK!
znp`j43#TAz$tq(sY=-KfGiqSHQ4J49?Ts;(z6_%hUx!g}mw5~|!HcN&ZY!Psy_W=n
z@iS_~sb0B)!Ke}EM9sLI*#xyhy|Ew;#9g=@HGy7#yMYZvO<*J{eGX~@i!mjxLZ3Q3
zO+X_$j~e+M)W~0AO#F;N80EE_d1f;Y#vr|@Sq0TjBaDUZF(VE{o&Oc6FDUy_kM7oM
z)?b_C8wu(#F|V<Km=3ex64ZdsqXv2#HS-6k50hu80S3Nx9mhdEl9Z@=nNaQKxBSwm
z@}am1o4;lK)o{XhZluXDIq`C+f~`?Y)*Cb7AXNEPmcAbK#@vqD6FV_39x|_DbmFg2
zkMKXNgYn<HmFwgqP=f@i0_QP5K10nU%?Gz+Sy7v;B5Jp{M$K#(rol-VAGcWi6viU{
z2D4$<kM2uoZq$Ivp(f_5O+e4AF{*(MsD_841~3t|lrvG~mYJJTD{%msly?-z;I2=6
zGGh6E_^Aj>e0G~S*B3XS@~C#|BP-|g+7i(2Y>(Bj8&<)CW}JWBfSRFZ+R>bhIyKuc
zE#9_x_^<BMEi3vbhI%v|%$}HpxDR9L{Ldnw8Lsvxc-|kVO?DEsROc-H4(dbWEowJM
z`_Gk2hq;Mo#xU3vwRc)tyeF!iz8D)vp$0S?{ontWSb@!`fgDr@p2g&N2i1W7abGJH
z1NCg<qh2WKEuITiF9h`nYhns)iaPIuQJ*D?P%Cp7eL8*@2&ki1m>Q#d0sanhVpig%
zu|0M}ZPwd30dofgcopy<Ho+Ky0si`(QJZ)QF2qw<A3O8&nZ7Zd#KIUpY=F=If+!U>
zz`tZ2Q8V(PmS{9;q?2(dE<nvJT{u@RC&nXQ1ht!Mpz77PcneHMygh1yqb+>}YC`M7
z`2xIF1d{VlU88Xrs>7HOT!YEc-yy2uoT#NQWcig*&$=cCVJp-l8i8?fybNH;QRTKp
zbnPBPovyP!0(!RBP&0pO1>U1J;aAk22ouRQ7!!5u(xMv3h#GKi)aELQYOf~7!4{~F
zdt3S_)Jn}j?Frv}0vhRlT#lDfGZ+*(!2doNf!b7a%{8cj?nX6m471@g)PR#jaUG;Y
ztyl(B`#DhqDT`{q4zjX7uQ36QxE*SyeNi2bKyA+Hs0te}18%qcd#LhnQ3LX#2Kdi)
z6x53>7_~QwqT2rnb$pwnR$u@|)cGGqKqDJ(&O=pLhuSoIP|y4(CcwWfJtDvERC+LK
z<^?QX43iSCj#`0^s6Eun@_#`+vZ<2(y+s6c?AD{6;YHK{9;0Ub5%sK7Mt8e86KY`P
zQ4P02J?rkMH`_?eii=Szbl$v;8t4mDdvDRFz*hq5I6@4!^oda;%!uVMzr_cmHs1u)
zv6^D>4dzzVz;~h^;R)2EyJqQkQ7ir042;S7*RzNd(=AmJ)X39d3ao(|U^i4l15h&^
zYR)iMp&H(cTFJAhJ@6h?KWZ$uN8+PaB&C@(7Uy3BC`3Y9EQNZeZLL5*)Dn+GZJsHp
z&9(+L!0o6<@fT`fpD-As#&#3Rjfxk+FxV0`fVQX=>gltD;i%&@88wj2m<O++W)dro
z>mWU9Qx!)2YgY*BnU?1*qk&aLz2oa)8ytXz@F8Z$RPmfOFb8qpPy!ms7SygijGEa!
z48bt*ZL^`yaU0Y?2cVAEJk$zqHg}=+z#)rYK+X8N#h+OGHI~--|Bry4ZK(uqW))Ba
zsex*^Ginp|My<p?Y=T!%^$H|pMtqYfj;&acE{WX$t|STYe@s6@?FlcbI~{2-8`0wE
z|Nh^ZfOh`?)U%w3TGF+snQTVAhz?r%E!3uZV7{{Se^3MZh8lSIWG)^Z)lNKAdK%RC
zhs;vvKZJm0+z2ycKh!Z>j(Vo6aVBm<ZK4|d9flrRZB)apQRRE02HFp`X{TWZT!=aG
zBxb>HSPZkI;QVX1cOc;3449GldaQ`ou`s3&3h@7w+Y-wYpN(45hp5dKIc0$Vt63IQ
zJQRy#57Zvnf<br^wYOfN_E5A`oPQ-`OXYTbRn#Nsf&Lc^Du08;&tWs-f1@^Ijno0&
z3~Yn>Fd&VaaRIYA)+Bu#>eSprov!CN7-OgP*||>ZmS_zIlX1u5k<tZtgNPT#;kXMm
zu+qV9rp-_*H4L>PXK^IH$2mAKy_;#$3~nWhqV`Td)Ejn~kAR-tWYoKR2I`q_LXCJ2
zYBL^1AD+g%SS6#|Gs93bT!^Fb6RLw>GPy@J4%N<O)T6$Q2?P1L0QElbMak+qD2&=n
zB~b&aZq`CIP#?9aTA(&zXVh-)Zu$LD&vY1S4=h7X<T&b7Ttt0(UPrwT-XZ<@ynt-(
zS;j<dmb9n}g;2Y^Bx+?sQSbPUsDb!UGa7>`H^=f<qjvdj)Uke!1MnNF;{n-SKcmtA
z?|<_NsG&`$b9or`Y;K_{yg<EpKBHb7v2wU?w<S<B?28(}FpEz`4Rk(g0P8V59z;#>
z1!_gZ<YeXbOrsLe(!@qp$fyh~g8EP?W!6RwtQ~4#eNYV!N1cY*sD{_0-UEN2KC~{P
zR_ql9;TMZ1&BdNlMtTA=H>%;{s69{_)nF*9<NBy)-WD~$E*9^FT0x)1C!y;7hI;WV
z#KU+Ibt-1(4)E4u!91M*r39Yl3Gn}g(xklZ^ZzAkNt5MsOPmGOV1Cs5pag2hO|dfe
zL@oJ2)W9y{DZGZ-ODpobQ?U+<5&r|#{^$Ihe>E7nfa@S5Y9_f*9fY8Edp*?YXoOmc
z4yg0q53ArjOoJ~`1C3KK!21Q0qCS4-qgLX&8KaPU5tZ~2$Vf&TOPGu~h;PR%_zd+9
zPgK~&OQGUjEIteMqt-Et2NrRgG`raZbCW+2GvOiB`{Fg0LSNaU?&Ea~>eYGy^@ht=
z%yn23HNammJ+8qZyo`GFe!_A%sd#`l53iyI*tdjz2}Q-vqki`Lidu<$B?G*=I{!Zt
z&{7{njqoolh~Y{F`2Rt%xY-)DGUHJL*^7G7JhAksrQNPCih8rv#mqPwbxO9PCUy!#
z@R>jE<2M%}uA{1`&C?V09_WwSR8vtON=wZ{s1EKUGw|Y-anHOHYE$(_?U|A0SaTxg
zB7F*~+)<22|K1f#c!}C%|C!Osx*wa9qK;i})c1rzsHL2Pyvn`HsN;JTwfP>JuTUL*
zLcKvFmUAne2K8PkfIhu&Dii33O|UawM^&g?-hHgLMV*obs1@3WdchpA^t-4523Bw{
zoXDtWo(6SFs-RZ1E2`cY)T3Kk!9M?wS;iC8ZVp?~eV7zMb=(;B3ihEonudBo&BaK#
z2=z!-V<NnXD)$Mqp;yVRM0V8iEsk2LDwTZhnbamh6~>@uIN9RAp*GC|%!+$Z19@rr
z;VQc~W;E1_B}VO;yr_=KqS~v8s#hPi^j%T!nc+SHp#)}NM|_5QW7VtTDmFzOm)6(>
zXQEEY7p#H7Rb9D$sE^;l<|6D%{1ECrQoNe`Z0U$;RSxx;<6A~R$7v6i#mA@_XRmHc
zgxW;4QQrkyTl!)QBEA|m)6=NWj_arno}gwNBh)?8bf{z481+8sft(VbH=lrZ^<va+
z-iKO&gQz7vfyM9<>R1KWaOE?h^2?$2LJQQUYl}J^lTokaQ<nb*)&57+p81Ua&;PJL
zxrP&>3M55sx)i8qR1CE@s#|_t)Bqb;dUH!}hxJMCh}vAoE&n`ffY)$1-bPKhbxl^#
zM_?!cb+`m;;~~@wCs{3bObVmk*^My>H=|~L3AG2_pgJs5+kIMAMLm*wsDZaZZNko|
zN7EC7aW?vNTn-Y@v%86UA3Q@nqyJDd%}~dg9hILC)nNrx2Q^SHp!%qeTcZZp154s0
zY={?7pO!i62Kax4JGid>{J)0;HE;yg!Fkkfeu!F`i1pkI(qm-eSy2NkfZ7wqQ7@R%
zs16%id_Jn<?N|#F)OW|PBWg1asn7Y>xt>9SUOY!oA2MD8x9M`Cc5zqKxgCYt6LU~Y
zxfZpVE}}NyEzF0J8oEtb0=4x0P%AnZwZ~SWR(`F|3LHbNz!}u$xQ0Ra3AMzD8o7>B
zqLw}vYGn$e$~V9u?1L&l6LpLiqE>7#s@@6IgfCdSFHB>%JENl-ii68AJ01++!wG9M
z<T*_P{QsW+zPbC1c+?`mTS0!EmV63gU~4+W25kcTfB)aNt^1fggX2k$_p^&HZs)!k
zJ;k9q{~g;0c%A6*E%wCb9Rj=scolV=`ge3cVqL+;#M5+g@ARQ~mG~y?hZ8!xC6Cg@
zEp-TvCA~9_!LQg1M|BPG>fv+D6W7N(x|@6U14g)Ky#*^#;1ucwl6a)sEX7buSrfGf
znxK}rD+c34)SlRe+A}w?D89!cn0u6a1YOO3=>Plwp$br70%|kOwD@8yOnfb>f#;|<
zTgK7uGob~}AwC@+V4gAV5hNMwzWo*$7vPm4Jp${m6|REXjJr{vmIu+N8N4T;7fzfB
zZpJw=CGpy*f_*H$5_PUmqV~#TOoibly3Lp#RlXc*clSYk-cQCLT!ZTG3}(g`6FL7X
zn0S&am>YwLS49=<j2hT@)aUqWRL3_g{WGe=M8CR$RlpL&TcOG=HxHo(dKWc;aFgAD
zQ%?4|4oZ-q4w_&goQN9vN%Ii~5f7Z=W|kT?z#^!Q>YKe$^`@dGw$9?mQ7@<mmi`~A
zenQ_=*FauONkR?Gi#;s93N_->sL%1IsPmg}n%e_qu_W=nsPtW^2|UM9n0|VIx0+9%
z4XA-OneAS115kUxx0Zn3*_$y29zeY)&ZAx=*HH!UqjvpMRQZ1~Ek>T>W||%Sp9!dT
zYM{zDN4;u$puTX7vG^k7Rqyk*6YwuJYNn4Y9%iolwwfH%lb#FJPy<x?uBas)XX#5(
z1KWuj@Nv{<$)Bjxbr1Cle~B?MaGqA2^B;$RD&#?Z3Kl}W%gdoU?217+61CJTus%M=
zJXmhND>o4J9+-mBaVM(16BfUMLBt<nPK>yK0n@)%h=2xA9#dmg48?A!5g$g)<f_GA
zpf*>)LieIcf?D#NsGp=tqTVC5QA^$wHIY781Sg<=COn0{Tm%9axeoK9GDhJr+>OdF
zz1TI-8#SQus16pQ-gK)_Gd*DbY56x$oAMEAZ^U2XCYl1Z`_nGr{HuXdBxtkLLp9VM
zwHNxJW-t|X&R3&maue0SJ4}JGm%0_oiCu|@pxWJrYWECkZ`?tx^eglIQlHx#Ur5ky
z55LTH5FNEi(x4j1gZiRT7S%vSORsL}%`M&<wL*Q&aj4C=z+8puXDezzdwc}6yHBB(
z^aJX9fVbQ|)2OHhlA`j1Q7e)I)lhlVhg5acv+s!-_!!g*%*G(xh+4S|m;;}p%KMV8
zum(}bsXS_Fn_-3ke%O@6SFUuQ-xp9FC;r_HFcoTZ=EQ;+f?9z=s8{Y348pCba#v6*
z_zc+-KJPUFjrcRB#VD)X=F5Q<iEqWS7-qHm7tM;8k@!?RgnLmdHhhg+sb7&7o;L^8
z-a^!h9Yw9cZPWli_~raXUh66*M-3zc>Q!0L(rcq$IL%O-a{%i2jYbV*F=|E5pw9he
zi$6qtNqvc`{~lE@<~nCasq<f&Kqxk{jP<C7PN0s@Rm_Z$*1Hd@yr>sZO)QNwunyk9
znwWQk>v$|`B_^Ye-wf2ASb&=7HuUM39V4I@$OF{UyhjZn(ne=O)X0M|2uq;KH$yFH
zSJWmPiF(GXQJZTo>JePD_!rcQ#oXiuP-v5V|F1-X8vMyJTA&8f19kjHp^o1y42Sbj
z16+cIaT6}b*BCXBZ%~`vBV4xCwQ~?v?+WS>-n8^*TRHz)if<(NpUpPca7NUU6+kUn
zNz{PqqGr|sb$*ASPR&HrCR>3)xDT~5cTs!e6Y5cV+uZ=Nq1rF(vxE@TKtfUHy*cW<
zcSJp+-dGB!U?#kRTI#TWxbg|GIPp}d^375CKJ!=9N-nYZR@A_K#|dbp_b?d$L3NyR
zhif1c>iieQbl3*9t0$mlHVw5Bb5R|yLao?Q)G4}!TDgBwD-?658%TO&C4F8&0;*6I
z3t%hM3ur#7qur<u4xv`)JgWSC)T8)<Di?DX9q__RfLg(9yPXA59fzO>(hxP!E`B+G
z;|S>4uRwKhz`TGuw+~Pqd3#&~@lZ>d0o70;i`PbV+}7gVQ7bzfHQ?E(72AlK&<^yU
z|6>HSJMW=(^%HE5pHKs8xz|<biF!0cQKw}*Y7@=Hl+1h?>QNor$GOJ0*b%$!cPn%k
zcN2eN@#P07r!O393CQzU9Y3O8IOPwzf%Qan)E{-+hM`_8`%#<d2<E}tsLz1-hg|vU
zs7+W8^+-Edd<<#=a}RO;RbY)}?6Zsus3pE{=^s!l6X~!sp&4xEMJ;Uzs=dmn4x6Cf
z8v{{$WC*IAQK%K4aoFc7&Lu%hyVMG-Lsi^^YVZK+nO#EdiTkL{^bNH#agGFdBQPoI
zRlFG0!B;GcVUD_ETM<(b?}b|N={^E_#ye2E^dxGe_fZWz!+H4H(kC5r9nL_NTYy2h
z9Mj=3)PVm+wHM~N%TI!e7e)>IC)B3&wIPsF0Sv+g7=rszGmUt{txRgv5@)e^9@HKv
zhT8R|Ex)Q+8+AGwqfS>pi%&(Z<a%VY`n)}s@C3D)KB8t2^Q8NIernV}MxS!Wa0!+s
z{s-!jeM1c_(rNciDi-P;Ul2QBS=3(IjB57?>XBW=_&O)|2&kdYsPh{3j4PNJ^~E9!
zs(}KQUJ+Hk5$f5tK|P9fsHNSCDt`iV;tkXQWB%#dONiQ>X)vPBX-NWl1Qk&u?10*(
zgHTI50sq9As6El{Y=AciyWksqgGmE;QJr)7ffw9>BBJWYK(&_`wbwFWJ}ij-zyI$_
zKqK#ie0qB0P|s+hrO!p3*A1xm!hZY%U!h)9D=)gekl>P=VN%qJq(^PCY^WKRv3LvA
zK>A(c{8u3`mV|<M4K>5~m)*#dqBdDD>QQ7yHIyIgGUHmfiTJuJZh$TS3h-_c?}2({
z|8&*uskW$<7=qbx9IBn&S2_Rs2ZrmG@CCCHPjt;a!*ZyVsfTK?BWiQ~f*R07%!{*e
zHJ(S!eDHNQ@R6vQjzjH<xv2iuq4v-j9|1M|7i#7&QJdu*s=~jR0i)k=4d+J<pcpE@
z66#SkLOr7Ps7>4-wU>THm0N;3|65T5JcAm5?-GG(1a6}`&T-RO05zZzs0w9KGp>T_
zsGjBjj9Svpm;)DJFrLRC{DNAcq_^CP)Iim*gRG3tYePUY=z|)-2vo-tQ0H_iY6<6B
zd@bf8z76%E^BncaQr&hls*YNL`l!9r1vP=5s7E;fHS<XrUFUxmflef>w2Z`e+^$W7
z{?B*R@u`g(U@NmDYT!Ll-*kqe9?b&O4A-FQ?Y8(S%fEpd;8TpP^Y7htUyI|QMp_ir
zKnSW}P1Lh%hwA7T)QZeUeH^dHllT%<f5$yH!~LlGCs8YT7j+7rq4v}V^l7Ps?z?B3
z4s~90TD&}J6V*h0TD3vVa4c#Ge?!f15o*92%>AeVp2JLd4>f@p58SZ}#vtM$4><pN
zx3?len`<y?MaH4tP|+T`4nt4_4K?ea2HFTUz#gbaF%mW7X{h#Ap&r>bRJpyV({>)W
z;^T)tw@Kzda+_%hrYGYX>ez&R?3OG(W+t8zwUkv*9n?k*tT}3B+M+t@i79Xt>O*Y>
z>V>l(d*f}?iq!Qz3Gn}~-*iE3wrf}wKcb#h*{5!Agrb&m0IH!Cs3kvQ>6cL-vtgdO
zAH|ZPR-z>8XT>_Gna@H^Y#nMMzWoHWbSE$f|3W>x&!}e`<+<xHG3w2gAJuVf)XZCB
z4qn9_a0T&sFW6kf%fEE#-CntROa69y<{)Z?P9vW+KK_qQ+^)Tkn)x&AjD=o1SD}_V
z*&DY48BmX?CT78bm=RZ@UO<;IH%5BvCRP-+Su3GtTnn}58l(UBe|-t)*^Ngn*(}sC
zT8~<?ZK!8;3U&M*U`h;p=LVJr)p2&zcgAL@7fmaR_eHfc5Y_Qy)Iipt{`ZHxtpv22
zkD9ko&*%ec6GeRQ^3$U#7DF{y4z)53QA^qu^~n00V^AwI6Vu`$)XF?V4J7CTr!9y;
zAp)|2IRJHR=AvG;OHsS_Dt5#gAKfpP_hSR%MLq@i{|}C5qK@r9s25X?e*(Pq*b(Po
z&}aAOI=itb@u*)o|2YX%{Nf(LKywUgrZZ40u>eQnM$0e!ubXjs)UI!UIxRg>&w4Ow
z0%K4wuF04Nx1t{Hb?k}v{^k5DQ17ez-RxP^64v?86>N=K;*MrtR7b;61Du39wlh(u
zV+-nZTtq#(2N=X@2=~oRBprKR?d3<cQ`$#Bo24r1*fmETtL~^x+1DI_+9Oj?9sh3W
zn^5)lp<Xl>QJeLp89u<}Cr9m(oTveWp!SBZIst8l{<sjQTY-XsuAwrh4jQ2v=!zQo
zFbu|ts6Da`HSp)C0lq;^;0vn#h+&+mQTauY_IzGh7x3z#Ds(_Sg1)FF9ff+P%Tb$a
z18N{oQ7iTpwdB#m2KwKS$x$m&!EBBy*B{g2IMe_(VI+Op>>{8|b_7-MFVuVBDW*p+
zoQr2bJ=0>Sh8m-e;c(O&bQWqatU$dd4xt8q*YcmE9?fTq#}3a#>E8<?kP5S5W(-Bm
z$cGxh1k{pmLoN9M)C`}Y1{yYkGcl^2?5K8XSo$E;#HOL1{W8=e-H1Ld`4Iw|$pzF(
zJTbpuCF0TeAAr*%sfT*TZBfUm6Y4A06x2+ALp8hz)!tUraXX2c(0Nq*_fRYLK4PHH
z|182pat%bqf@H);?au1xe|D%97>7FVGf*qA!90OF9rv*ienD-ze31kF?}1SCPXN_k
zThu`MM)tXm$C99>orc<6yHPVbi|Y6qs)L89CH#uooROjg`aguyqn>Ro)ZXZbdI3$v
z{5S`-5|>cz-#|UOzkLL>G~xMY%bXY=wF2d_1P(=Qro*V2-$O0kSIo+bB}z2caKY%#
z5~%M7<*)~~!WwuTHIVEv0{!2b+oD#=H;;gp<Qitc=cpOPj~VFyTkj&6iTDWAl5a$<
z)JfEg-=U6E)L8EL#zW046)HWySpv196;KoY2`lLQw;-TRxYjauVhHh*mL5B{8+i)U
z%<Et;Y=v6Vn^>A}5)ZHeE0Qsu8^DP8ZoqTQEvVyr2Fv0rOs4anFM)d|HBklHpq}|i
z)TWt?TKa{k8SO;vfkPHQi#i2YQK#b;>e)ZA{1>Pd`GBeymA}8%N+y&#|2YU~GgZL6
z*cR2`d{l=^a1pLSeZdG#<kD-Qma;Lbd?(Zdx}!Rpf@*I*>e*k$tQa$~+gruZ7evBf
z0xGx=v*TY_4I?KB^h#oV%!6~W7GA)#m?^2VI%<#f!t}TZwTVw+e2kFHy_k}lB~ayB
zB;)+6p>ZT=(`~c@SIw_hFetg}s66(eTqo4#dxA$XAVr}6Z^VwHW*9lhSpb_6Z-d%n
zCs3#C3a-T{DLMaowmVX~1}<U&;_*_scvYN5d;)I5OsNC?-~Dc58sdRz0{#Eq7mQkg
zL3kQhVJP-X>mJEz)FXI_It9V$+-A<<BcNwj4E4q;joKWIQO~|NYEuoyZ8!qUWAR}3
zjvtL}iEqV~m@>WFv?sAX@oT8#oiBsigynEOr=$@UBi$D>lk1=w>Uh;c4X6cbv$aKy
zxC82y*~`*Lq2BT1EPWwnCcX(X;vGwmn%T9R9QCL(qw0k^eO_w<DM{#$+P!m89qvZG
zDvzS}#x>N3OJEi^!}zF%(xS>2M6FzD)E;Pvsy7yA;6~I0DrI#x!q__hoeAiC{(^ed
z{)SqKE#^Vg$j_k~{Dc)TMK;$^JJdi1pqBbq)Mi_R+WqTLD{}<1;5*c#O_d$#-^)Zm
z-%@j<D%3&$dB!BfyQB8TMAQs^M|H3Zb^ec|>Rm;h``4)N0bfy@G$@Bl4?*=)-Qqpa
z|M&lcEnyt0;oneiu%)P#Sc973PSnWHqL%zBs@#3l3O=`ZU`|&qGV14mIQRss;XW*w
zE71Rc5Abg;&i^734&)B>{|#5`Jg&k$)XakNx@VmoHM3%<JyH?1XWC&89EVz|F!|hP
zLJHhXJRNGF4=_5u!t(eZs{L~LIsfSi)XDEgJQ%gaqfs-SjeNFv>rtC=lX(QS%dcVs
z3|GMIjb^A78in)mSJay@S3&n)>4<uhE=TQ&n?3@02}CL622v9B3T}sbq0Baqq8fUK
z!I-VE`!-w~D-oZ78qjsr=8RCpeah89J%U;06>Lg8UQzdo_w^#sn1rL)1=AM`^#3K)
zOw338IOf8@;?BINUHmg{#~G;4iqH~){=XSngt>`lDCz1qLQQBI7Q!Q_H*A<vfnGa(
z{ud#jXSV`%%no5?e1;l%fzs~P+0$H$TCvBN0aJvycY1l$tGqwz{7*9vp-#s;)HkCj
zWdi+wWt#z0>iiETpb;;^aCilE3T~oaIL}ZY&)-nzKY7_e|F2?0ur={fsB`}s)lpzM
z_vTE5YA+dT6Q)M(wJfO3SPPTu{I?{a%{CPM#}BpJmtub0VCm0L4SYgvo|NTXM^#Xp
zGZb|kTbdnE1M7jB`EXP}i&2|=JNi`M1c4!V9j9aC3a-LO3?Uw`qU*3es)Lc}e<7hB
z-S4Pfe*|?b|1{sA9%<Z4?uAqk^#W>$+Qfq^asIVyS6Idc)aLkvTI!sY-6^PxdbbZl
zE#+L)(k{378q7v~8|qO#w)6;9+$M~LnrL~{O4UORxI-1rzm7{!5;U{@7#@$K9>rPI
zZog?pt?FK>1ySW2V`OZN+KgRMFP7P;`m0dowxjmOKGdGNf_enceFSv;{zEN&qiSvd
zA5bIwih7rauO8_CUq;D**@-X57Wfxxz(qsd(uSb+Mq3<!(@>`+ZVmVBE20L{1Xa%0
zi-30jV(g87p*C6QPj1Qjp_YCumcb>c89hfe@D4STlr`PVbD@r3DO5*Yu?UVr&HM=J
zSYN|1I{yi4xp#U}B*80;no)7o<|>QTu({=L!W6`}p_cp#>eDi?wi`eMtV%oqro+~#
zl^l;MHy!n%HXHrF|655wn`s|v07p<2PoU1}8`O*g>bU$!r~yVpZN|8$hLdA2OpPi(
z%UpzN|96~#>rtnqL|xSRZ%#lR4#W1i%HoOYxo2M-E2$i6Gp<7&qnp?S1M9niG)Ha5
z4yfJU8`beB)Cx>MJ<1uFAJ?NV4S}ZwR3SzK_soJ&$0;9brmay8bws^Dx}zE#g_`NF
zs2A2uR69#ik7z6ERel+(W7>x9OKC6EsXO10^RI?dG;*6LJ?eZGM9r`=>dn;!{WCx<
z`3%&67MjaZn{5r2!9%E-Ms4g)S6bAE&oI<y#6Hvu>{?@=J4PQ!s6s;hCa&O0EJgew
z>YGi*rfy)x%^H}U^j4^uPsdES2(_YTFfG1A4K#5xcPfG~4DqU%0BiUNs6abZLtRjt
zV*m!@JdBD*P&2%MD)$W4(MMGIq|MziE{b|2-B2sp4^@9WYUO5O4qSrTE56GFw0rMj
zQhbE7Fl>uJF93D5)(C&N_-9}Km5i@ds>t<CQ{sBbSEUZ5{cLeQp}kGqH@GL!#&Yg7
zgimufpiEKrpO=xqN-9^hN<9e&&`3cF|A#@OXRy2v<lV7OHJi$mImdmK{0caqyk6YL
z=-`T#JAm2?^T;1S_-DdV2v4U@eSQ89CqduIbbTT59EED*V{Tpg_LGMhXScZ02GBvA
zAL0)QSEbR})ICV}EBW8APNeVQ)^*L{#id*v()#N6Z~ApfE)ptGaT?+1gmtwf?7v8l
zK!ee_i;=d$8oNa}4dL>X?@5{M+<8fROxg|7c#{6>qQn2+_m<Y3{HLV&&XCZP3jJ^f
z4W!|oL&jDsSi?G-K!tVO+qre+xBOSCXK8$W@S;+Ffh*$OFzcE6Jy8w9$G9(3c6lKG
zml#>C1C^O$4Jmw`fn?)ONu?A&l-W%@HTSPpHap>>l-I{@Gs^LcGyhTieR7EwaeSF+
zfsa=Im5;C*`bNAXrS@ZS;xTDyi<KEp_$}d!6dXjEr_}lJ%0gOQ?%w1lq3jCs%Mosd
zLCAUc77`xEeI*RrYY~C(*GR(miFBaQeQrJi{nu&!+nKz*#COn04DRDJo}P{hlg=lc
z*Os*T+@-nC5wDIvS=(Kx--+_NvY7j++ck_nUbxnic*{C#NCtl%;T@s!85+sUot|6Y
zy9$xUuSUHggi}(U--dX3tdq>vFn=N8wIppP@es<rq3(FX^-1eW-p_=uk)~^)_3w?L
zv0-G!Ci9UEB)v5}oitsOh_|B5K<);_o6yJr!f_~nmAKwceJLA-_zCVbgpZOIi!!>7
zP<|<QapHRQ>9f{Xl7jrw$oq@NYhYUL%w)u)GQWfM4q+wSguN(Rk8<s}S90rWPx=({
zm(lP|+`!FehX2}t>9`}2rt30gauMFleT(p5z1}v_&|ehd7foJCHEM<Z|HFGkyU{^?
zOY2R!2~^BTJTdnT8$>bWx0>E6E2qvT5`KeOsq_8nVS!9mk6v9$0~*ye-~V5}pi|&K
zDvqO(3zpa48tPA+-{pD}DRY+lS8J>r&ZW!=+R$gGuEwNQvq9+#LkT9MD*<if<9@8A
znnj@nL^6@tn!;zff2Ghfe^GWg>GMcyMLa&`zF$K~OHQ0$Ci?%VXBZimXs-nA<)cm`
z)YXb`V(ygOy7H19pSvKp?<p0kk@1l`3U?0TBWO@pAdTm-4*A019V7gi^lseuD4U+N
zxs)xY!d#<>FXrYuf%glIA0cfv_rJssP%a7edlKG@xm>&adXt1Q)?pDUO(P=}jXxrM
zo;+Q(NV{ldN)S#-UMbQ~Qm!ZI&qzy5*%;j8x%q=K?@#V)l$+sifq&kjjIOfg8h?!E
z|BrRD(=z<&{AUGsLpsnE9s?}@l%*-1@Ae))_43O;UO=Sl%iU(m&BRK`pI>=#$qPeX
zQ^I?=f4sKp<4qTT4B&O6V0Xf5e>ryw;v<+rSniU<M{=j*{z`l<e!qUVKv>#XK^<Lz
zxDmrp_T3KyZcLf3^w}2&psyC0W4T{YupTBN;|{m3Of<59dnD<ftl@Hmw^>+aN>eX3
zcTE~w!hM(U_iHPGHrzXD?>^~KxwBIyHFri=$mi`O@h%A`v4YinK_|LGNc(<mp^UE1
z++{4i8Rh;UJ(A_^Ccet@)-cF*gb&(acaXQk-va#+j>n*0h2{C5rSc34y`pdl3arP*
zIGzIf4bpzXYBLX&x)4Z9`Aay1JYCJXUy?V7v<!s#dk(J(;Uu&<hq8RP_dbz+mNJXT
zOG5bj6-np+w2l5Wm6}^v1$J`JBW)RFc2IE~c{#bylYYTEe@vr?$q%Mn55i|u9=~60
z$V+9Bp``C7eE)|&m_NIl#(pL7cM6ZO%wZIMLtGbs&*A@{ut;ZlJ4k<Fc`ryCMSgo+
zOXs@uJv<Td)Rd`3I3eNH%HRsL!F5re`eUY~R2oHr?^kl-&B)X>5=Y}L(jrqa3l08)
zb*%h&e<?O3{>iN$0$*^y;?}j6a;0cvfpyx|CHwzdj`W-Sc;y|Y@!u(+rD(<-kxtrC
zF#+i}N&l1hQo^06P#i~*wu1b8#HSGsCcK@yB;n)a>xxNyAom^a?9}gP=^I?O_l|f*
z^0w(yPgiUr1t_?V_&wrfX-wB$(h_m6C!CG6gyc^ouAe}nTirx7Hi-CWtCJD;TZfw|
zt7|D~MJT_BekNHtrB5EyKhorh{dErff4QQx2A02yx?8D}pE}>K2c-Q>e53WfjDD&R
zFJuK~k$;i;lgO`$zY$Mo?KQPBhp5xm#&?#qdF1=@lMsu$E)_OlLF-^LnX%}gDIO$k
zDfb2PD|74mgF77g`=}R<GLy-#$^Dw}LvCICW106iY5Gz7HvWcdsKY-Ud25KT*7wli
z1ln_dqS9d1;wnI)qjZ$Q8gi+;=m<0=Jvvsm#G;ht&v?9_a4p`pI_Jpe$9b;`@dDJT
zN?uO<4=0oNh<knj>)(pR>lBJc;lX6;Iz?DlcYII2uDG~`{1%iQV`)k+MA~7}_HwVL
zd^prUx9D0+SU)YlVsL+RZ=v2Z?v13+<@Wyr(f|_1awnmotQdv6GnwnCP?)q!g!9^f
z)aXOPQ@DGOcNLpsHtxmLTRnMPs|5Pr?)2ht=OOovy5VX|Sl2LG{qd?!EnP1yJvQ|g
zQZ|yMM<6{d;pvuNkg~C8a~F3)%3ZVeOAub`Z^^#gU9=7_k(if4OSpSjqbhgF8mvW!
zx=xr1Po?f}lwV+JA(X98+8)w!au1}PQr5o84<UaKJ|%C64i$f)#$Wa*i}yJN!x2Bv
zJ=HqRV7{e71nw)YsMnQnF>81iX}!5`(#`~H>vyZy(c-CWfK8~UYcuI7bg28%$Qly!
z60WR{33s&0L(SEsjU{iRb$E=*^DVrWdUd%ITUml$OACj!GS5j{%H5B4_H%!~d=DrX
zV1?G$NY9(CDL98tx09cb8r=wgBdr^C(h#3c{Ju5zjd%y{h!($2oqgp0LfRJYnbgUT
z_h@^D4epG4qw{A4ByP5f`>-x|A?~s?aKHwW7|U6hcD!6ags;$GS>hwD;YBtfk2Ycx
zuE;%;wsdVEO&5P`%Cpw`%O4t>@VzqW-!uSBLjG~W2dVsC6}a9yygL|!ysG#w_iMuc
zQobm66T+oQ8%Vv^v^&c>??bw-M%KUAkixSmaD{t0;YU_58S$~Mthb1?9?Y;9cWcsh
z6~tWJooTR$&0gslNju41pR@$lSw+$hTbX#|{YChD|6Xk(e_N;9FbnZzR5(fHWW+lt
zpSb?%aU7Lzk@gQ^T{o<Q!x+FFnF;*H9i6){Wp$mQ{0Q#v*9F4K^~2?G3gsYDo{D3v
zp?|DkV=7lCEi3Wt)XYb`kTqE6drLTvw5qgoiaV{<olbgR?mDEs<}Ph*U-+S3Cw;ll
zb<Y~TOy%N)cT?dIGuGA5DxO09mf;y?Dq1HGiT_4=af{C;oXqN}?)U3Y^1l)Z!KB<-
z2sgqfKK^r@NCG-7k5P$#<~~HY3Tb~3F2!A&aA6u=OjuV;;w6c<Cfo(fGvEuPMZiqN
zlQNK9IGOlV?mOJCDa)@~{MQ!R8AHfF|Gi{pb?M$Z3XHJu9KyG`{~^CHX%%VoKKGAT
zF&a8V+Dyu{u)I*}RHIN%;thT%A52+(9p^RUzDW7*`cOYdKv!)te<5Qc;c?vEtzu--
zdXkr#wD5$tS@|~PA7_RE#8aYvOe;xR8=Oe_gjOypbyldp#c9UdWNnA){hy3TN)o48
zf#k%4sWi(9J-`&?O(QK14fP^^9@kN)J@;%n)OCma)TFmSU1u>Yc}=MM6i4AM%L}57
zag;rzA1=CZr=>zN?m;B#ib;WNR`@GvnTdBIeJ{pPL)^o-7ZQ(7<Ja&%@?UbVBA(mY
z$&b&u`;-3%?akzVKp9<&xc$$6B#H58thPUyk6Q{)CM^f?h1QU=iV$v1xdNE|hjgpv
z<)_{gBCEb9U?1+B+y@!d5bD;UjDG*}negOr^#3y*>54|iKI}t5T}ergOq#BuboK`o
zrl@mEn{M?Qlb4D*EB|LeD=q)3r4OK;WB*fTh|Yf{8f{169C*(fFHOO}NelX)3jF@v
zJ8EeyDE~X<U!tx9<eg_AwTK@l{0reH+*>XGk+uCVZgy3?dfK)1NVtj9Eb$W+Mic+Z
zDzv1rf9doz@ebTK$g51+TgsKi<kSnYx?&({->*%S{eJbP{6dQ?CcO`B`o>bYsCBf2
za8wEm`k{gFR^cNKC4DQE+ERWfcX%4{(dbcZY2~&N-p5^m{F9{pf<JSQ=GN6qlcSvv
z+|hLYQ;~4j<$1qRu@rIrKXU%@3PWLCt#FTpuM<CKjV54FWw^6YSJ|2Q&lGHr^+{jO
z9ggs2(saF{+--k|=ii7%j#xt<Db$xtT_^r$5K22uLmep-O!<EQpZq1%twLUB$_(d@
zKzP2jSA_b15Z`U}o|ErCf8(t{A{rk{W^yb-=6VXpqs(*CT9USda$$bx^aN?SDHDY<
zQ!IT2@vDSmk@n-Yl=jl9L#{I9N9115?R##W_oiZPZe1(M=t$#(@cT9Ehww8RYHszE
z--fcf=8%?ya;La6SXz71dK0cf{@@?#j3F(P{&8U!oz}6Dg<2;yD0qeRKBT|L;g%ks
za7`NejJk4D?l$)mtFN^9G@Jn2S(*356LKFV9*6X0mcAUL`PZMsGTh&<@^n^~$Pp^7
zrQy}YbK~DO`eW8WQX5o7v!><Gq+TH5>z00ywys;9|Ex?p%s`uAQ&L#h5-XtacJ2?P
zcc4(0u#*S(kE6GACt_1bjYhK}l+LW?f0#Eh|NonYUZjsA{Ls4pi8`aH8-_ZuC_hgH
zxw?}diM+Ttf;$TN@5o<_AGqs~m!5JH$@4v-fn?m1{8j(oe_D{K>oIp!Dox=2e(j@t
zV>M2rLka78#~qKfzpw;lQ*ehT?>1>)RDf%twRxCu59$W#TVfgt&Lv|oqxzM^!Gu>4
z*43Ht2^yKreT2M5#Mh&)bkw^?ypol5sr(E?S}H4}v>Jr7kye><i;0KYfSVA`{r#te
zY9#LAu4|bUDExr%R0=iZK1l<*Cec`AY|Gu;I_^(+6ZcQtbE#9!%6=igKk-|nx8T;b
zoBEH)FV6j%yRJSZbbbC|#1V<dCq5Lb)5u2}DP-ji;9Ktgr1vBL1*;Iq{o~b+yp@*r
z%&bb<_p7P3rMNGY{~V>Wc9uJy%z{?92DYK|^w^a$r>u;KNxH5W<h7#C0*ha>i9{wX
z0{Pn+Kt0k*5${8phN$bV8(0c&BZ*UqgxW~|q`+m;%K01G_;O(E3rRY3>e@1>L(A?>
zTQu$7G^lx}j@_F!?;g~(Q~Q?Pwtfo@s1i9r>(=clp<<;hH`Je7p<zJGe=_uH*|vL2
z@+vB?UH2gJ+PCZ&)at;_u0bu@whXH5nr_)~Yu#Fbp-~ciFK^|VcI?}-ZEJE@HVw=h
F_<sgmedquH

delta 32704
zcmZAA1$Y(LqptDU!3hvNc!Gok0wG8U!QI{6y*Nb+3{c#QdvT`}EACdbcyV|4;@tP!
zYjF<u%yXx|<u+^0-U&JXJMVCu8;9b!*Ahpc;&8o+;W%k<RSw5_8q0ACHc_hMycpm(
zv3(rpC8qN@&c}g{GnMp|gB_<0>3?D?(o+m|ocK6knB&wWf6Q>lDTOz&KIy?D9H%((
z!6O}~J08G}j^jE}qa3Fl2}@BKiAFolL>!7$FvS?hsf%r~74E^J7(CW-9x5Ffn^S$9
z<K)Ium=j}+Hv^5tpNXHq7Fc3}<J7{XxHh5dI9~|lC1K5c$BBpcFb}@Q)EKhBagt$4
zjEnU#5w^l~*b9SkDhA<B^us%-fxN-On0cY&#Kcw@8#`cJ`geLLfCDiOjz*q<GX=}x
z94w0WF$zN#IZjq=jw5j_?nD2@j`IyK<2Jd(amwPfrH<1OZ(s~8w9Ih=umrlANecq9
z2PVPcHa-h85nqj3iPM-IpIKup=kX9vgG!IU^jHzqPABVN)Cx|u@l~h+>|W0ESI0L<
zkgsfk=qpS-1%{BG6}7ZAFeCQCtT+d?^nauBUto4jzS3;wlBj_<!?f5RQ{pU}zHue%
zuU&tNgv|KNnrxLRSP(VC+L#JEqh>nFrq8!-#iXR4L4SOJD(9>=`lH$jLzOFI(;K=r
z&>c0xQ5cHLPy;)Qf%wwqC;r3CC>)hv5wl}E)Jjc5)!&Vc@Ckm7<~Zfon1Pj9Z&s`c
zYA?9M3B)Hb7GvWq)Gl3QU5VO^>o5s!#e{eQHKXgONB168F75`$Nq~t_?WRZN=dkf&
z=u5l`#?|?6Kp-&*tx*O0*!XDFfaao>bSbLAU8v)A95s-uNJGvuoBjbcvp5^gfc;SQ
zGNQ`oMAa{jnd#rDPJk71`d~clk6Ox6sAsqyHGm^n5N}~c4EW0|eFs#-Gf|IlC90jn
z*7K+V+{QqBiP~$4H?d;$??e&Mk{3hm*0NX>TcR3Tj9RjF)}5#ZkJ$JH>m8f^0=05q
z(H~=NHpedja}kd~9n-ex>Ku+D5Q!@=3*N$CFy0nZVFV^2z76%L{=qmZhsp2>>Y4j&
zH6}tml0ei-hN31=6ZL4CVhU`%mGxJKOM;egG-?ygMm4wyHPiK|^SuXE?mlW}?@{lA
zgxk!3@}PEoVO0IusDZ4s{)HOA9_yiPtiP7(xGiuVwd6NZo8%d40AJAu<83z$_@M@p
z47GPM+jv&ggbJYQmq87nj<q?ezmBMWdb$LX6ZjRi2WHv=^HHZ^1*(DVHvJH4$xoun
z-^0}S6xCsz9mbTHig*^(hg3<_qicZ~uqWz~x-$r9DOcM92QVe^3mDVGD;d)g|FF}1
ze*5n-9oI+Apc!f<I$=I^ZG1DT!^5ZnTtN-+6Glhh-QJaSorDC`P;%6VO-AgBWwAJJ
z#Ul6x3u2)?W`KQhF!9N#8Ts!uk0w8=gQBRtQ3|ye+M#CL8#UlD-gK7_5dwN9t55^k
zh}xZdQJe8H>Ji<x`5#d$6l<R;mmXCvKdPhRs7F@KrZ>c-#9N};?SpD>B4(g}XE}k|
zcntL{GwwH=t_WrzUI|073u;fy#yt23M&WHNglP|$FB%O{yL={UVDnIWWf^J()}SW3
z4_)tOBA^l9L(Sl&jXMWT+}D~4wO6vB8YqT(#+6Y6Z-!dh{x*FaY7@@4>Dy5gI*vLe
zFAj44HNwv%sN?8|%*>OZHcNVpi8(PE=ELY%5WNGyT*NEm92|r@*|Y(Fn<c(>*bMM3
zs$T3PrsMdifu}se`fEwEk)RF>qXtqL)o~;AK0DOR`k=~>LJeRxs-fkmmE4Yc#-~x`
z9;5cw7YxUkM@{>YsP;>{1hf>DP#x66xY!=`itT~EsB#fF8Ut|;>cw;mHINsmz3>IK
zIU|pmfmK5dq$R5Tp4Q<u-<@s~R$>4Jwxc?}f?AP#HvJvyJ&^pkS;{;ZgLo8bhDA^v
zm9^GK)$f4uu%AsIY2&ldmw7qM2&mu&%!~U`$Kw-fi4vbMBTtDMSXNYi9%}{EK$>GT
zo_$-4MZCj5W}rW#2G$4T<7m_=n1QMF`M;Wgp5bBC(qBQ%=ss%6UZ5&^PMWwMYDR&m
zXPzC^K?&3VYuWrJsCpex9ri^HY#gfGRP@vNpGQD5_!Cv(FKmnZQ5|JJWzzGb8YpYy
zRZ*v+F_vTI%`pw}Ri{bA!&nPL&X_$k04d^(LiN}1EbFiH+?;^yi+YhvL_O=1sDjT>
zBYuN=1%E{yrvm3py`mUKye{U#;i!Rb#YDIlbt=wc0(^>^*ynSszY^k{Hw9CmGP0r{
zMq)xNW7F$eTUonVUDRF~gX(Y+Cdb97fp14m<REHb$87xUdDdUg`jRbp8}$gDqL%iP
zjekRxi~q0bAUSGaA*l2y9EQcQG9E^)P>KtD^To871uJ1v?1g$0j&TWSrfY1*F4PFm
zqDFiLC*UpA47*=6GwN#{f_hZrPz|m^t-wE+9B<nAd*rw|aW9#HCr9<`1`|j@AQE-{
zt71{?f;tszQ7f_^HL%mDCB1~2;T_bed1&+BSU;ma6QW->FQh=!fbydraW!N`T&FPs
z?ST=tz%=V07{;zXfEvh~E2e>1SIs6(hZ;yj)WBL}Aa+6xcs#bpIhYb-Uo$h#V9kX|
zbpDGIP(!s*&!(v@&;vEIp*B7NHPCseXTAoba5L&ry+ZAY_trSq&5v5CP>-%S>JgN~
zR9Fk+xCFWo@W;NW4kjuC=c6jF#Pzt&##`SozbWa6he^MQuW;o}^GN32GMjfH>JcqP
zwYv&6z-<_g$Iw*=UkD__=(o+c+*GIvX;CYZ4K?y&7=)E@GIqyS82gS{flio~_|K?z
zC!#u>f!bp$Y<wST^PRoJ`s;;phlEJ<ziS$*f_kR4Fgi9u4WKz{={jLJdt)SyCBF5Z
zdFEyB^Rgjc8+8g&J}?stMXhKt%z_nAd!ok!*96AfgyooxjD4tG`oj7JQxlK-(4=QZ
z?Ty@+7YpND?136^(nrRWsB-BrHfBLR>RcEH%ew@$#5FMnwnG){jM~M$F#`^>>B~_A
zTZei?yHMp$Sg)X#_K}T$M3syE*!1I%dNkQk{kgdbR3H##Glrrs@iC|Z(@~FNu1#NJ
z<Lgi}-HIW&3p3*b3_!mp=27K9rI$yQ?}{2wPh_C3Gn7C)5~g5WT!89$HEJc+qc-Pu
z)W}bxmhd8~qnD^nm*}Y(Xb#j0M4~z@gIel}sCH`G^bQzL=f5j~4rB~Kb?_MV!g+;y
zG%=o;B~FD}i4fGl!ch%Jq4q`zo8AQD5pRpW*uy#qHNmkMAEzsw{+%TRf^i*c#FtP7
zucJo%2sLBpxiJN5g~BmE=EWV@6*YkzFU-L5q9#xjm0k-qfrgkKTcWEDhY`?-Mx#bP
z12ys`m=M=tAnrrW{Eqc0`VoI;jrr2FlN@#YGGSKCi#q?!P+w5`q8{C}m#n|e^ClA1
z;b|Oz*DyOa;<cs$jYbW0I%?)~P#-1>F(Gb6P2ec%kz7R8yNzo1h0XtrDj)YX-#0P!
zYt~;4pCmyeJ%{Pgd1DF&pq4BgLopw!d`p|&4t<DsMXk)wm=yb4Ct?EPOHq&TFRY6v
zP%9VgzU8-?1R_xdMq@r)h?>b2)RNspZL(<Z%x(`r&8!e+!g81#JK6Y9OhkMI=D_Wk
z1fQS=<ostQ=K2xP()nX@3_>+r5H*0ZsHLoqD%Zr?5w#M(Ad_(h;%Myg-rKh0`M}X6
z{sEKW<Bw)Qo=>KoB*@CSPI>~`otdyIhGJ#xXFZA<P^!;nrkSl3P^YE~2H|uY--+SG
z@1b{MU(BNkvW8)5@*^>k&VLO8nqez%g5z{UZL%S#r5a_^XP`bbR-$(E0aUqbm<R7*
zG)(!`?47izco?dkT$mV(q4r8m^nU+uWD9ge4Wyqka3rR~8K?#}qgLt=>e-$^y(ezi
z_+wPPFQ^rZ|IHk;l&JF_h59UMfLfUW=<4{5A&?H2Vn#fO>fjNE;b-iCp^nG9S*PQ8
z;!m(V_Vak0rg#WdKg7r5-NY4f0r8>OK<WH^7KKBwAnuIjalOax6A3z(nWKBWGm1nl
zQE}8rE8q~Uhnm?n)XX2DHrHF!G4+jM>Lo$N(_mW6gqmP+o8AmHp>{D`kJFmKc@jop
zA%5kh4*y0qa2~xKq6YK`wKA`5evDXV;PEk#^mM34R0NY^Y3X6fQ4{PE+q63fb-G5n
z1oUhtp=Pwe7FdniTpLk)VjHT#zfs5TDyo57r~yAgZLW`~_TtC!c+YzpRL9|{^kS%q
zRYmOyw=MxS+!vSOc+?E?#r1gK2Sreus<yQ?YM?z)4Gh8@xDYkqGpG(OqE_rCs{Kc(
zfqX-?pU~I4vaaJ#KqJeDnrSXnhec4EvkIz0d(47eZT>7&`IV>vZAP8zeW(}Nb=2N?
zhiX4wJdgMIrbZ1g0%Pm^7b2jMmA2MFRcMRaG`&#Id@B0mGMm2Jre8<R{H2ZmhiQn%
z;h#gb0+~^JC<m&Y0;oq;Nz%X5fPjuoJJd5AiyFW@)Qs1lp7ll4ZoZ8gm?wd0I1u%2
z&xTroq8Nq^Q7bgsIvq98#i;gHqN~700_u1dYUxj-MtBR$;tLy(@-v&S3~C@1ZM?m;
zGiu;JquTiu_2?$q^qHuYUT)p$$NAT@I7)(+>I`b+S1<s56Pl5Rq8f@o&9tDks<kDm
z;ohi~9EsWkt5Fl&kJ=+AP%CoLdM_d8UjukeLJ)pJJ)`uAOu^i!XIB*U?yrbys5NSU
zT~UwXH`KuX#9-Wyn$Qy)e~ZzGr%i0yO^;fkFxMs&MjfXLsDX6E2%LnP$zfCnH&6|~
zLH)Mt3+kDAc*|&Du~6^$#Ml-iumH}*aJ*#oP3H0b<Fs3lfJV{@wQC2UW;P2;;WqSc
zw&dm<2ciZVfjVAwP%GHc+5@!*`rG&z)RIrO@%c8s982o+|1Sc1wx3Wl^YJ$W@kKQp
zf@LurwGw@>DNaDudx_zElX#D<S&=NM%m5~&_IN+0e@E?!&8X9H1#{qg^nU*jNn>_@
z1Zt*bQA^qeHIt607g0Z(J`J_0=2(~7^tGq~Z9)xvr;Q&(wR7C2UqO9;xFdD`zYx&U
zCr|6~{_vR_^^R|fdZw*#CU!w>B47RvLyyc4)o=i+d>Cq=xlx<8GG@X0m<xwscHD$T
z@Gg4){XZzcY=%h8N=7@ZfRj<5(>E|LrVaFX{~)0zYDwp!Hrrmzgm-N`ZhDVXlz4X3
z9_fUEI0Ut~7Nhpif%KezCEO=LyFOM1^9Zt|_XUH>Z*SwHusQK%s1Ft2j2>q?24W;`
zLCyH3HFYMB_cx%WP<v|@s-HzT2#;iP?YRyzOVk>5erMSD9vn#g4GzN|na#jHqh_8e
z*sN3`)QXJ65x5%XVBQcj)3d0Re23aQxwDuzY$2C`o?Qjh?yQP><{eNY?uFWn1JT7{
zs7DbqtJyP!uom(9I12wnbx<JGJgQQtcE+P#Y|}A?4?h>6-Usf!?52Y^sLk{dHJ~_Q
z#ssJalAtzK8q_8XLGAKvHa`#QnHEB=OcT^Z2BS{JSk$NIWYqg$71E#UY$4$NW`o)+
zS5XySqjvd6)XK!oVczkXQ3HuY&8P&bTrHd53bo67qCV6XVSn6&>Nq0Y^iv$YzyGUC
zKn-<3oy!5JPrqrX3X4%Mo^_}f$6?HeA5b&QmD3EM5Gq~?^<h*OHGp;)g8fhvT#Q=L
zZ5Tt(bUy(t%@I_ETgt$<sCWJ+t6wfNu#BjI<wP}D7`1{mQ4P04y$8CXKD5T7R%|H-
z;(8lDi>@+m*n}sjhTo(1K#bg`!MLauNrHOj=}`mBV&gebD;R0x<xm5uhI;YT$AdT)
zbt-D+@i=SnRUXd&5&{b%Jl?-hDwo%M{x3m2({rdLy^Ct_1?qk90X5^4kshZKhM|_c
zA8KG@@i<OG?WJb<%&BOLMTmDpwZASO=U)x(B|#nBLe1ncs)H}6-JUqgoQ~wEl?Xze
z_uN<+>tH5af@<d|{)%T&AHQ|;o0XVsJ%mA|e{>0CB@kG^Bvinh#Jgg4T!?z3owD&y
zHlC%R$*+OhjDu`^D{7NIu%;;F@&0gH7DGwzk9uD$#}ep%BT$w=iNfa9ItKOXeU2JH
z{32$61u%qoYYfEks8{cwsQTrKdYs>JB5J_7irFursQ75q&wd+Gd*V6P)A`R(+$?oJ
z)ChmW{I~-%<9lmB39~Y#Q3L6XdeO|c>HAT;{vGPgmZ+rpG%b!gC7n?d8;YfHp*QaG
zFBb&VQLIvC^Ms+^19?!JsuJpZL1SxwR0p$>892u=HU^hAn<^Z&XNp=&TFYW?(kr4i
z-#|=8|IP%PumtrA{>yp*8xTK>I(Fe@%sW3HYAI_WuX1NR>KIQ%4P>r$DXODCQE$-Q
zs7-wZ^<H_2u3k7X%6hzi?~?+%5TA^y5Tl&=SWS;QCG}9ps}E|aU7J1=HNdTy68EB>
z`4!YDiCNyPXjW9c5~xSlxV-)RA7nG;qjvLl)Q8DiRLA}m%qut&)lp^C3#vB8!3L;D
z(h4<zsi<;)qE5qR)Ji-+9pCq;m5N!>HP6JaqNz{<HNy%vUJbQr>R}l6LVXr2vH3et
zZ_ERz6+4aEGtW>ReM7Yuzmln!1hw>8QSX_;E`jO<s$wTxh<alsu52o%L>-p^Y>L%U
zr(`|W!0V_Ea#t}c7G-UKeM#?+I>zr&k2-Tz^PY)9edf4L2<SNV!ZJ7yHRA{9U7~7c
z>HJXNU;<F-4KWZ~p=LS^wGxvt2<M|#>JaLYUPB#2|LW#_k{vlEu2YwQzWp{t?dCqH
z73har(qFL%{*F3U*HPtfqxOJP!)&$~s8f*x^(t<M${&YncM@u^Ohr9{c^FOKsW#XG
zn^Bu>8|v9yMs1>}HvcVZVDD}EH=7=-ra7i@Q7h9LRj)H@0KIS+_CpOkS}n73ffzvl
zPB8*?uo>z_vjufLE}-7kpD+-s)ix{A4fX8Dp*p;U`jmW(dKB+a1BhP7?2UM+N0JzW
zF(2xbG(}g>tS<p=j^U^eqnW6g9<Uy>`Daia-a~cp9QES)57lwBx@LfhusHGT*a*9z
zJ|$0JAxvA()NfFa^REV4ke~r{MxFb?s7J8~wY&GDW_ScOuyd%ra0T_MzJcoSgN+xg
zZ#u4pwMk!(dggH(m`#`tb)54w;QVWMwje<tyR)$fo<Qy11Px8aAk?0SLM>$l)Mo06
zdei-ak+>MO39q6C?%&9)Xj;@JEQ?C7fSPzUmw+}!BMij8sHL5S>Tn@y$v2`_WGAZp
zH4Ma0sPbtVn`4^^wNk}V^(vueTHB@%MQzFnsCL{b1eOw5hx<KzS8Kv%WT*knJl@~m
z_iAB26WX=(ILpbugsieNq%|GlwKg8_-}`@VYd%)1wevXRNS}tKXgBju=9^Fl976mB
zcE%nZJWfxY|GNa{lhClEIYwWx0`dBtJWdl_f_jI??CfzaVP5<N6Lm35Jr=cT58)Vm
zg`?5!YQE6;cJny(iFd*XKK>4)9{IOndc-crVYtWp_q<gw6B)BnZ>l}0rTiE5C~l$N
zjBhX)6OS-^AwO!bG{wT$3$@GtLOp^v)-R~`VvaN>Lhrx-r?Cl{u^<I<q8jLg+DxlZ
zp8@x94yGLCaqi+K)FYTP+I-vHHpb(WCVk{sv&1J+o2@9%L!XYNQ4{Eede2NjS2Nx~
zAU$4075rr5*~XjmTp6`l+G7SBj@pbXQ00%HUMQbXpYO>gn9UiE>aZGS!_KI3vr*;#
zn!x!FByh?We1#fW!r#m@&w=W=2`arGs>4~R&xT`I3?HD%Wu0g&gBoZ{RJq}(0WU<g
zvk$eWZcXI;7a)*$k{MBDYdZ`ieF$pAi%~P#h3e?4^&@H~{*z6)T&Q?O)QhQ&O&^G=
zKND4dGit@pxdieO_|GPUO)(>`iu&B{fI7c3QG4Jp7RS#vy~tEEflfG*^cA?81D<D^
z>FCxh^J4pk+6y^nn^$!t>Kl<;ihy=$E!2yoF{)r|)UNM<dbbb2ARL2Qk#(qg$50KO
zLzTaaIz9iPzF@?kW8y)mS9}4~3ROlPjq9|t2}4oePUm3=ZbUV7&E~&BEvesJlOBQ^
zSYgzFE2286jyh(oQ1ARMm=K4cmV64T{3i7N{%;2Xy~B^7I(&nH825Lx)S=jbcqfd&
zBdBuDJo6q%jtPhsMtz!Avhn&DNW2~D(Tze4cn4|#M=>MsALkT->i8Bl;<EG2Od6u%
zol#5vE9ylv2esrIP%E|{^<i`owdA)^1N?-AFwp|@Ghh|WO?(Kdzs>08A>g~v;|#^3
zr~(I34SYlmAmJj@K_=7y!ca3UWvy=Wo1ivpJJjBoj+*Iw)b3x3s(%2rSFSAL{Hvj7
zB<P%eLe0Q`u{q~CPy=a-YM>|T98X3)>kZfq51|^)zr-|L4YkxQPy^^{?S<MK{ZX5J
z#1hwZFo6VZk|n5-Z9;v)IE-rGxJ^G})9>2&L(~d=vidDG9b~kIp*o5}4X7Aub5}t<
zvfeHMeGwRpdZy!0Bb;jsEJv-#dQ?M4QLpSXsAvBkHSqY$%nGE#K;jXom8*?8u>-37
zT=cewI!*3T0$SQTn8m}d-<O-ykZpze{H~4acs6Q)i_p9Dn4kC|)C%~lG_Ty`7)U${
zRjxj21v{elM0eDH`(cpI|5yS;Nm!5i+>csieh?Xo<%l20tmwbm;~c=^s1=L-hgqql
z$P3R2KpJ#1p=MYfwF1pi1MF=bgIeKvm{6bpD+%bGyxnG8M7^Qzpf=|>)bWeA#tbAg
zYDKD{&V4-_Z;SeJ+67g=7pmSw>niI(tWNq3#dZF3|7jYkggQPAF&mCXeOhfsz4QOY
zl9+0($NNVlO|X{oQ5`2(XI3H^YN=D9PDMu4lIKUAvI?k2*#=!LO)mnP$!P0L)X0}(
zAnrp|xPw~KH>gb*cfEPWIZ&IcIO-A9vGM+>M>i2QfE}onJArEN{Cdv6GVYO}f&7O$
ze!d&b@k@&_h^I#lFc=GBUR;LVF`f_Kem9y&m}Qe`r!=ZwebggtYSTNS`WuAaN3)6Z
zuZCBVpe5UeTC)A90bNGT>^bWEM&E3XO=8q03&lVzfm)fCs2TP}J<7qT0jx!}zthGK
zp$2l+C7|7S7xhATfqF(Cu>>aHVt(GQk2+4nP~~S}QCx&7f7j-FwwiKDQ7aj2<58&d
zUJ*6WRv3)#F9g)_LR1H<F$?a-%=iekxe{$NGfRP5i9l4xVW<@=k2*!oP%Ae8wL%k7
z16hGu$?d4}r!Y$A{{aELfHG`19Ti1&PzJR`wNMpWqZ;Us8qh@a=Y=%`wIXYG7`LN3
zK7<;`b<{v#Tm5#LXCI2*^Iysv;8lq_w{1`z4MsIE4K;(6sD^gf_(fF5k8S)NYH4Hd
zG6PPB+6xh=2^B(Zx(cYx*$NZr{QpFt1NKGD_&%z_d(@+ex!W9<gs4pvi0PSm7SyAv
zu!nPuJ+KqLMXgZFy&h*L{)CEW-DiFsm(yAc-D+g?A)pt|QPjxZqdNMEI&QJ{n-@z-
z)Fvv25!f8{8897H{tRjlT|qt4=QbYyfSEubDnHy>;sEDgFM`@6Xo*|fjNYhYIodkY
zy4<=MwX}y&4gQ1b@D}Q0+c{`v939n;FKS|`Q1t>)D;sjqH3f2!po+y%4VFSZg1V?Z
z(HgZE2BBs;1&8BYtc#fsnGRemLwqQP;&BYX510{C{%sy{A=D<V>=MwkX^k3TNBkYT
z+w>%dO^2ya<uYO*X2r}{0X5)ms0N4H{5dwh6E*Pjs8jR^)1&8zX~)e-pcDxuQ8OKd
zTAIbErCMX-n@}IKdr-Unpv^yJy@)y;H&MI%i;epqH7l7LwONbV_)o}Qa-BW|G=quQ
znq9pZHIR76%`pr{ed-lN4Qvo<V52bvC!t=k+p!}aM(w4@6Q<pAs7KZiwF0eB?exQB
zIyb`zXaKWOUo6(38rWvjkE1HwKt0<>s7I0OAG5SksPdIC7dAl+a3ZR`nW)XV1T~QT
zs7G)d6YJbQC!k&GbJ8qrB0Nbv4Qfw3#ew)5U*XTEc-68}ZBCo~A!p2hMxh?fZ>aWW
zquwVgF%q|<2L1-MCqALer>En0);y!csEk0=vCM;dFO<Zs*cJ7n%687|g&C+B&P6r6
z0=2|zQ8WJA#_yp9@&zkng7fCR(dazqUo)Ief<`_UwaJ#F8vX;-&{nL+j4$8@;<+xE
z0p7=J#Q#IRvd>>MFQ~_;_M%@hKS%hX+9`_qM%CEH`(NVxhmkOg1U<tes1>+^YVZYW
zbH%u929y}{5>JP#u@-9P(XN<*$3@N557k~Es>58UJyZ?VZUfZBySN0jS$d)>48SZn
z0oCwU)ByI_{1d1b(+$)kdWQPY`HI@aNw1oAf>G~-C{#PuPy?uoRk1m$Uw6F?Y(tG`
zAF9G()FU{F>gbBie}dt}Utvznc+Gr~sD**V`=eH9F6vR9L)E{8TA4?v34B5Z;5u=x
zn~oEqj)y<0V4#iX#N5R5qds&xp&r>H)QrxcR^TeC!`G+@yhlCCZ>VxfZkSV%7CRHq
zhH-TMXA{t_U4q`vchvE@h+3it))%Oezej!3iFwmJnvAF!hNJ2gwec!8zX@u99Z-*G
zFlNOm7*pqeHvu(p2vzW3)U$hv>L|u7vmzN#AIG`z7<NI;w9suc!;+}_l~F6%5_JkX
zqV`m8)FWPidbG>X)yy~8grlet{)_swdW7113GSE<Qln-Vgc@)jYf022tBIl53N?Y>
zP{(dL2I3*qtNj6L0MYJp{<Q*rcg-7WJgUP(sF9wvUP2A@25Nx+p&mutduGNdPz{Em
z9$9`=x#FnfRtq;_d(<AuaNq2u;QOxm5NSk$j^8lUl1;~KxDd6JCs7?-L=EgNYM_r%
z9lgf@^nGAnK%uCam&D%K9JL~su^qlf?X^bkLyz}=<)#m+<HM-UaTc|d-%t&OJ~B&Q
z4wYUH^)WjXGvV*3XTKlyv*IPx%+o$L6U&8~NJ-SnRl-1Y8xYX5>xX)_V^JN>M!mVV
zqMr3d)XX1ZPF}^&aXInyPuX0=kD}7wJ~Q=#Uzj~p8nr@IQJ*y}P@A?jR?+$INT3S|
zJFH<Z%~Jo4n(0am!GAG3I<L$Mg`r+R^)L^PM$K$D>b##o&G-Up)7?b94?d$FUBcH|
zF?L^C0vb_n)RN^#J*z6H<JSh$;}FyySc2+!9qK#d9aO^)Z2U8-9p{bdI2mdn;i#34
zLT%>qQoFwy0d2nCs7*A=7FdC*xChnX5!3*#qn7kB>XCi5#(!&8CJhFWUIw)?9Z@T=
z00VJ{^%}ZL_(nj-Ch(nk)rO#UZA0vY=ddr9{LlQE&Ms_BJk5J^Y=1$$nAYQ3e1UUt
z!3Xo_IYmF3e;FBvxkx{bdIZiV&c6cjKbe`PLajtb9Dxz2{GF&7A4To@YpB!m9`&rF
zeKr$_k9u(>L!F8!)T3>TJ+YPb3JxP);|u3sOL*yvDfkez#4oI$Q60tpY6h4Db#Bw3
zPDeh}>8OKxbZsz@Q!pGgk!9aZds|WM97OGvQ>eXg*Cn81^$s=D&(=5`7HyK`s6CJ!
zm7f>YKndjQGyiVv<K3)XtRrmxJk*M9Kuzcn>b-IXwHLnP0(4V)Oo8pFUH><#gBz#@
z-k?Sv%g4w3s~6@bo*y;vPN)I?j2d8nR0pH1i*5dHRC|Z5SCI0q^PGSl!DrNx`bP8d
zKGUoiNjwj#Vh7Zcxu_+dfT1`KwGzjycTwfOVrKM<ZU&eawO5Lu9!)v){`}v7fcNtm
zL&z9x<110mbPuYbo2X+LJBE+<MUxh_7eZ0*i881TTH5?hs1@yJ<C9SnU4R*IEoRgC
zKTAL}^29U)NQ7GQ{1}X-P&4d^8t5?VY*a(*FdLq;={~W{3Zy_i`z)wO8i9I5<xmr;
zjo!ci{fU5<q(4@~@u-nrK|SNgsN?h!_3@dU|3Ns-G&QQ>AXI}<sN+@{HKAIlc3Yud
z&Am{2WhkotxY$0f`2_+A-rb4bXNOt=zc@bL^PUQ|0(q>JP^Y6c7Qp_fO}7R0B0G!T
z38310j2g&iRL2S8nw3ovm!E&Mxr&mYj2ftp8=*RAi&{b#wK+$lK7>}Fp6vzH-gtrP
z*x%R3`;W^3sFkRTYQG8U(RD+u%m~bd(_I4j2^_^@7?WRTYBQBZz3Ez^md?d6UMyo#
z4R4Qc+=u$OK7u{)0oK6A3Cuv&VFdBVsFh0ZXI7*UW+Co&BA^*e$8xv}b*$nfG)o?V
z+Ju!+Gwz9chT~A1X&P!~i){K<>ps+q9z)IeJeJ3MsCqdQdDC5|Fo9AeR7Pb?#(X#*
zHS<f@3m>3n-ZZg~Q<85IZLlFLvMQ+=K%C@ezya2LsN-7=%V1a3N^L<sl7GGVoWDl|
z^vvV>n@y7pwe*=#GcAnT17&Qy2I>?vM4gUisAu2C=66P|NN-fVaj4BZ)4CqDmyTgx
zo&U!K)L;hwFk2l4<3bEaeZe?u(=VWw@+PYMOVkYCp*l*Qk_IsYY6a_I7*0g(tvwis
z(NdXmna~X<p#g!aI0lR3Rn(>lOzq?S^O@QhM0~aN3~G;jzz_^dV>WSR)TtSXdNIwj
z?n9Nkhib<!t=V%CX*vHY*pLM2q6#iR6+DW4@Fi;V{glqf`5S-5B3LoN%y5i#8#X8X
z5o#}03N**8KCU4?7WHTgr8o8Kq<4M1e_}DsCY-`q6iAf8$NP(h)tH`m^Ni*VI0Wkw
zUyfP<pG-c^2@J#P_yzSyss@=y&;@l0mZLWFdeo!agL+{dbO~s4+{D=U5w)qJW%hA4
zV;t16+>6;TUa*h%2Z$(KL3|<VO;<U@$NP`ejZkmAEvQX+1lMv(ZlG3dVph}sY4pBV
zE)dX&?x8l@W7LSBqh6UGY`Sl#dB^*q(len3lozvN3!6R;)$lyjBm4vP*>KkS5VfLT
zk(F|tz-*?&qNsCO9`!<Mg!*t9f|}uUR6|Qq1Kf^Uxr3-(ejQaWL3SVSA0|hj271DJ
z1J(X3)XKyN)0@`iQ;dK{oX=VsHS(IM2K!<KoR4boDQY0!P)nUOhuLgFsNJ6nwKC-}
zJN869+C|pYs4uC1q4)d$B?8{_jQT?H4z)QFhno(wqjqx<)cLQ7>Zl>=+;>Os>A_6I
z7ufVesE*Fq_<z=DIZZu3^#1){Y65zLg`id<95utjsFBw|EqOy!xz?y9>}2CZQ02y;
zeh!#|5Aiha!R@(xynp{cAh&t3mCEDe{S&T-c{u;7&?>^rYys+7uS3mj59&A_M{Sy?
z*aQ9Ynw1)g`b?OQJ8>Cmplu>eJ6*9H@qwt7JAxs22{qto`8fZ2rt$Kb8K*-Z;<-_q
zC9ky{YL_>}hBzFxH}0Ss@{RIw=3!FQ$N5H#!WS5US@WAc(G>NH9*Y{tewTn=!B0^y
zlyn7*<xvgw#9&;Dk$4d+Vxod(K#ftGb0n6*bEp+fTgX@+n-QOedc}XhCRo0(kN1CN
z&s{+v2MKA4m<}ppZsJ3%n^C*?32wnuMNLCzaVYViVm{s<GFPGocmp+|6vfRKj&i7#
z7>YmPF4QIuE#W<7u2Y6UB@#NKM!pU6;d^UNKJ2w*?J*0^$6R<6^)CO4I{zt38Oxwf
zM^Dt}{aCDnD^YtWT4^)jAdI2&U!Q=ES5wprrz7g~c@XLu&%+XU2-~1<8FTKtqdFRb
zdUMXg82CGC6D~$Q<29&FeF4?(ebniSS(bk3-$_kCyFCOo^E}GHj;IFuVm4fe>gXhD
zbDl*V$NSdjs29?IsF}wuXFAG^+T;aL`IT@mHb!?Eftv(Wp-*}9Rcson!>gzc;#ROP
zB-FFZj@tF*P)l0f`ZMayITiIn+KzewUB_UIR?%$QP*i&DikyFKj=m&lsW+fb!DZCD
zJys>Nl!2(F&1&P}s7;$6wWRHB`bg9!oP?U`QPfIZK@Iph>a@H^O{`>P*StU~RyIps
z1GU?mTF0SYsoPN%Zlb;`K16NCH>ej&x+<oA7^++W)ZQq8+EevWkDwFk_zgs@{0*0Y
z-eA3}ni0CFr5k|*a3$(EWv%Apw8RFe^1D$>cnI~V9%Fw@QQe%Dsi;kM95s+zsB#}L
z4`#06<NXzn+kk*J*;&+*eL*dKf|@?wKPC-E&8QQqfu5+DEJV$GBkK4aKy~y63!!f<
zGxKt&W8Da~d1qn(&NXq@*-1b%+Kbv;hp{T&H3gi!wM~Wms87lIsE(Up73_@KJG)TN
z_#Ud<bJT~~8`Qvj>X<#05;c$j^#1SvW+b5VSspdhdbU6_)WBMy&T|J;!#%MV{(>t1
z+WHB#Nu$;E@&2!4#6g{o8P;v6fnLQ97`+~Go&T-`^vtJYMcjtkgt6<JXPg(C60eUM
z$Trj_Jb-#+Cs7^WM6JMm)FXU>dY{B;U^a1aRQWcj73qy`4g%u|Xr{YR4IM;no@1y6
zZ=z=U2=$_Rg=*+4>RI|VG_UX+SdDmpY=Hluj$3FW(@rnc-WiBGmJ=Is{<Vu2lb{#S
zVO#J%YNjtx1Nvxn8k>>F#L}dvMa{G&>R9#10(cem*^sh{d2!`Nou0~A8P}uA`80LS
zyS;Ez^NnUOYGl)`D>0n-PSnhwV<>*YOc>nEyzwfc2HFjE8hWEP*;1Rn5><aKYESII
zV7%@Uh({n+b2GD~sDh!W4kA$%8luka0Mw&cj~eJURQ(gE6}yZ%@h)nQ__r{dHUp+1
z9*ncFBzn+&!Z2^Jtsih7WeRLg?=@M&=jw!4Nk2$>EowZo=_Z%ol9Tp`w71m%gEI9g
zyAV&}5z;3SzDQV?mi{B<zF%3R^Z6Tt0>!y?mcL)oY$qkD*q9EsYp7f$D5q<t&F7zU
z{=Z9mL0?QmY$sPKH<7zB?F_{8b|9*B-P;D|uOf*aZ-nn-bilt4I5UV3C)}2Tmk2K=
zEt>6|H>ktkBzmtf!b#|C4{fwkJ;FQ4*<;H-!KSwDj+9wQI5B1Z!26W@>Qd<m8HI`H
zxqrWE*noDau73^Q|8}R&M(RwX@sl(bY&*Mx&$u_xIKQ!XTH16~I?UaevdKu-wcQTN
zjY(jzjhHO`YLzb$6#jnAr?W^ZK1E#-gol`*_jfu9{zh7J>Z~N(&UUijwws&u^3)wj
z`U2Z-XQS)1r_gmqdXr53LsB9##*ns=u>QWQ2zir;AEbdp#Is`-$_(coOE{dgWrRCn
zfSvJ12C;xVT?NQ{Lf&jUm=_pKTvuA}|NS+AXe6ws@*Ug2APQ9@Ex9eYk8~dzEKhs{
z;pUi$cn=)Hy^~IK-Jzb|aD2aT(vd%h@GR0^5kH7uxs%(0seD}h@2_npQ&&N&!e=P7
zkXtXGJXGSJ0i9p*p6zHE@p;5`<sclF@G;x)Na7`l7qVq<+H!MAFU>uHTUS-m-EsV9
zi%lp?_@!+mC6)P3;k_<fHxQd=!}`P=Nq8zwr0jlg$^ZRNF4{^(yLCt!LO37o#;1G`
z9>KQc#pd6ioR1WUL*maQ#G@epuIOyHoqTWZF9M(GWH5QbsOu#6Xznhg>AJ(+n)>&-
zb#<f7zTBg1TQ5oPN!`_y-)rk!<KLg0R%CRg!U9{-TigC;9qRvQl+iSj6aBbn*#Uen
z_kp}X(sjKc9B#vdD0hT3e=NuSE1j<XKYe6#zgMI{X~O(_llMABxE6P7($i3BuSs_1
z6P`wyMz*2Pq_3n*QJWvzwwH#q&V*A??t)EQN?KZOT?0wm$zWYy5)yE?CE*qpCQ(;R
z!i`ZMGLOkyOuP$?)#px5n1Akd264|Pycz$cOgr)_5gtyR0mOR~*Ods{Q0@)keyD37
z_hdc)@7Glu;BOAR*KitmPAD6d^KzFUUX{w}xp&#J840K3?oFLs*p9(3B7EECPodr<
z(vxv_u@gH@{&emaw3kg^Q<@Q&%{`7v@459AY!wy1;dO3Z+o;SJV`qVhdjC6vM!sKd
zsIO}z_0HpUIxIS=V<-PffgPf|{P^SK<?cl4G1S$7@L=wrsd16Cs<gJ3a7){2amp;?
z&O^%|NzX}H4|gBpD~SJ&V<~%%y4Q$zCfuB~XWT{A4t^#tyFO!e6(FLEpIE$qGi74@
zY((KG3a_JqtmJjD1K=Mboy??rFVY{=`CRUs+`4*^{|EOW;tOqB1m*P0gBzsp<mO8V
z*QB1E61W41mQ>7MiD`NgVSN!TXscha_9kzO?fMATv0;b&W85XE)0U<)Fm(RT!F%b4
zrT&y_P5M&q1*BJ?>~ii%tw9S4oFfvQLI=42q|kA0T|FtRZ%w+g5ne_5TbsAacK(67
z-AFq`r*F8|5x;NC^rOyW!o!h2=JQ_FDWh*}{k$=rL5MBfhm7SE+Dyhl8qt-B`y%20
zNUuOX|Id4kw~Yl5tIM5(HhPk|)nt4Bo0)piZG}CQzsrDIkhc7LBb4f*&zbH&R61z~
z6J)hGGi;eK%EzLC40Zs8iNCjn77^A}pS+CRWk|nmJA02=i2uc{@0mC3>bbjZKo$9Q
zgENKrXIm)&jr>i#F82iT_0|3R6++r{?uwM1LcJV>b94WArKSFH?v|8kNJatNMA;$?
z^cH1%@^g;&e<LahkxRDnVJhf)Nuk=9nF{yG`<r+a;l<p#4&w&O)+aojhV=u}FQkni
zoQbmk;GedwHCT@PYqay8ycT$ivVZ7%##mJ*@plS*zs{2B%l#h-9@|I*OhLI3-1>UR
z&oa(Ad`DbYQyN`rg3buiPjS!V?#lfSdB4!lDeeK(`<Jv)gp1I>vxS88+^-0)!G~nb
zC%lfZE`D-%Lb;36i0#W{@ZZul;R5+{$WKVax;AlVrk&2-7~fBDiOnmFb-2fn<|d$G
zLMmoJT|21s{c1#^K19ygygEPh-jTE|w%`&xZR^dnW&2@1(w9(YH0}RNxFqcbVjG-o
z%DK)gGJl~^UlOb1B-C|<@F_e=yaHw7aUUg3|F-zM?L_7B5%#s6Z&W^aDsEj*a1`ao
z64uYL=ZWiIYd;V!fXttN#wW2aLH$_9AHe8;x4`?m;Q(&|@-ZHFHOh^rqaxhj=(Ia`
zLeidcZ{?1yL6NtIa2J9;)LBco8J6V^Brkw_1$li@*JzhObME8J?#C;x8nag;@~Uuu
zvz3(GnDB2l9zZ7(Ned!AlsgOIQ0_9M>wC;p)D=ZuJi;$c)capI35nq(J|o(TPJbml
zk8n!D&l&YC@{<z3MEYIg>xi$X(I2m;lugRLn8b0EIlvu_^160Xwlj716MxM;gK`lz
zk8GDeRN+IILhFf5#k1VH{v};kHSQKPxSjNRG*p*xT<(ITkEP6B?$(6A+VWE=GlmX!
z5l>IK2e!SEq_rXK6J-yPmIVKa&h!77fIqjc^xTgq_!9+|(vYqv+~cUo?>d~NG^pz?
z_hHJE<vvaL&Hv8GNk+Mj#K+sTER^|$GVSrl>jjbLdj1y)G$Aw0c9?<iBGN+WEGKt2
z()o3ybCtUo=`n3X@5$RqUQE)8+0N40Hp&zK*M`aF&wzNO)EmZ~obdO{oj}3i6l}s>
z*)}rIc97Jn!gHvUjt&=cFR~3M#A!CHUw-(J*M&OExp&#N##xh*reB1FP(F%sw+PSG
z`~NNtpXOdlfd^zPAbglYiHPs#*2N#vIZd%CjYTSfYYO*6$_^#%1nRm(xl}j?S8%r_
zub9pA$3X6hr01mlUbG!UAKn?M;A2PmCmEZ#zhC7Dw<7N@cS$PW<~~m5cH#-hTf<$E
z1~=kr^3G!-eC?T(s6!IH+&j?CLF~jGpYU2rXW~vlDg7EW7hzo+$eTv1g@_l$Ux^Q;
z%qYU2XjNAV)g>*9jVrA-@vjPST_F8$;)AK%pK!V|1pXs%9d&uI5?-dESpPG`YgEZg
z>MKfi;C6|ZRdIV=We5?ZPba+^>WWD?2I;zrkrs>a--OT7@*d(xY+eC+96<ab@eSPF
zyfyfVz>diMi3*pA^dRFJ1@dqYBdt2|zX(6H6~55nWa5F`#kq@6MpsRP(~C}S*l;B6
zHM8OG{7wFP?*7ybAU`ebb<qABL?kbXqio6I6lzN589MO6D|mu@T`P#kC!P>>&F1b#
zUK4MO0aJGs;rZl$A$=cZ=Wu_&p3|4EB{+$DsD94<@tR9wM%(x?GAdAc1Ze|Fd&k|D
z4({8*sNQAnTncbaq}&9`WFUNtdW8so#y7Z)yl2#FMtxm=cmh-E{ZrbT#5W`gkD_1(
z3eL4@*-6tinR^%wr6&HAI$yXua_c&VekSN#CBG*1n_xTAI?>)^yg`|ng!|G)DdJsi
zUH1|R`H7sc9r<E<;(I9c?T49Gr}AscF5@mvnPtS|5Wd09pR@A!k?eo&y0+oM<WJzv
zO*{_i?PzN+_eky#+SZlO`}t3x2nE-2C!w+26fR4l#l(l9u3V&Fv<)A?-ZuRd`f&%_
zJe6Hf{R&uuv`w_3EBuH2`jo$C)4l!wNkT0O)uWRYgd;HymdDvN_LRJeDnlb1Nz?Tk
zab2rv=<E-T-?aHX$Ukh$sN7GK*+5=H?liP{#@1P@=dY_X8UA)umx%ASmCt%}nF;Yh
zlu7zM9s3ZU{690{1Cq3qG`<6OQ}5jm18YURGVxTDpGBF}#2;|G`AHaP8*NWU4Z@?j
z`xD;8eUwg0ardV1LhhV|Uy!bAB==G7-Nd)qHk9s9M`I{Ap72kkkD-sdb};pb?<D;^
zbp~twqg0UsH=z{rk2B5{!b7<;+DiE;vy}?bRn}gm$va2+W2DC>ttVk!tuZzCOv1})
zD+c-3xpjGn|3Y3&;?eN9zJIhLaWZ#o8vF@$<sf{YLctVDz+H@citRiFVO=Nf;0_U9
zMA{&nNc}A~JwNd}gfDCGw%szse<wb}w!!?(b$|jzxpz_E6c)0LD7UIDBc@Y%A9?j?
zU@v!S!Y8<YvSqT`nJT*0cKV2L8p_tBTvGC{*v{V){@%Z{nT9)(@PI<oD6oz287fxC
z)wq(h1DJ|Nqm%X@PDNdPtW9WRyGe4A(#{&{v?qRuvj5;d;<_qP?hbXbdjEIENEk}S
zK@wVXx2N#;Q_+g_aki4TCjWU%!<o3_aQ{a9C@$u{W6PB%e9ji`N?VnP*B~z)X@&4M
zolm#<yQA6p4<REJ1;1aXiASgMEbfjZ7A7yN&Fn{>uAA21$=gA=m|cYi)cJmOrL+Au
zy{t_Swe?Pu*WKkmQ*A~$oAHV?T`O%xA3BI{2e-qfRi^Aw!oPFp<^ID|aqii+G_S4H
z38UOLtYg!c5bi-*2lAVd=KArUzI3>fjMv<kxxZg6$lFEX9vEah{+=hx*vM_lWVYdM
zw%l*j$w>PDz4p=9YVPjzQ&7+U0wpR@@GtIPs9cYG;19K)5ua}x%}2#tl>3>xA@@r<
zNzFZg^i|yB2`9D__<-4o=i%1XhIl{jDwJzt)4cnCCJ7^HOxH`>QC8x;Db&&=J8!A@
z$>vohJu$Z)-T%F!NZ3tYDRoXbu5I^U%6=ifne-JlO?B^Sr|+WSd^p8+kQsx?oI_dz
z?(bIv0w<`PpAM3fUW0ox@!FKHM_wXZzX55XbXXhX+d-bQ?UbNQEz+uycL3|n<3G!(
zJeWqGbJwO|dNR`x_FlHpN8jT%`3&{esUz|WVhQ3^s5_ppu6N!q;LS+Q#@(NkAnvqw
z7%{LH>0zX8!SB}y0vBnq^bftoBK!wsvfH{XZTUVw)ayasN6OVDts?$K8;Q;T5f0xX
z$Q(lA5L;mx@%$7>!rhAwSCSW-yfxf!iTlR*{=-8ICR2t|uSp$^%~4lD!m}y;i942^
za2wM9<X%tO_p1ZpbhKWX@@q+KPdpw55^u;TLb-MI<laF!T@kd`lzi`-={N;`vmN|Q
z<*hc{9SfQA&Roj;Nqi9vq#<nyCbJEzNYD=hIzq#>e~5Rb-ZtBgh@{>l(rW5oAih#C
z9~E>}B~e#R>omeGY$xaG@PQq@%48!v4Che4KjB}wYjHm(o`?3<kk?2Bx&9$t*G$sy
z{4lV1KKueaH3?(6b5p1&9Y5rrRBTYH_0`>XXEwF0;i(jN)6qtr_#Za$M=aHRH~rMy
IC&K6d0Ykkrvj6}9

diff --git a/geonode/locale/de/LC_MESSAGES/django.po b/geonode/locale/de/LC_MESSAGES/django.po
index 854efdbe448..dd8cfaf6914 100644
--- a/geonode/locale/de/LC_MESSAGES/django.po
+++ b/geonode/locale/de/LC_MESSAGES/django.po
@@ -1231,6 +1231,12 @@ msgstr "Andere, optionale, Metadaten"
 msgid "Responsible Parties"
 msgstr "Verantworliche Person"
 
+msgid "toggle more Contact Roles"
+msgstr "weitere Rollen anzeigen"
+
+msgid "more metadata contact roles"
+msgstr "weitere Kontakt Rollen für die Metadaten"
+
 msgid "Responsible and Permissions"
 msgstr "Verantwortliche und Berechtigungen"
 
diff --git a/geonode/locale/en/LC_MESSAGES/django.mo b/geonode/locale/en/LC_MESSAGES/django.mo
index b7be4680ab464698552a6af0a9b8ec4582b4602f..f8139b550fcd67f01b9c200874e1f8afb2a6c370 100644
GIT binary patch
delta 32066
zcmbu|b(9sypZD>e!QDN;;Dfun28Uolg1c)7!5Vi97TjHey9IZG1a}Co3BdzA@6WC8
z>~i+sr_brU%B#Ah@10@xw~PLYeEwc!|3=*KQ#`Jd5j^i39FooR_DAx(r#~pw^WOFG
zyvV_x_a0LOd0udT&znkmD&O;3lfD&Ok{&Y1^J3tz!Jb!({K-Q+uPi>o`lM$c>UpJz
zj~eEA-SH%L^gQ1yIo$KwlCTDqkz|DDO~kQS4MRqHUR~^hE%7Lp!0e-FT<OS|y!xX(
zFE?JsoET$_8)$LtLHq(X$4X;8uQsm1b+H+JgmIpikAy9AJTE#v$2|BElVOgzo|gbC
zV^nO0aj+w%Kp!*U988CYFcv;V4dg#8hS}zMUPSDOk+BCx^$GM-07qaHoP?}^HybP9
zVl06#ups7`?|GT99Woi-6x@#~7kJ(myo)>JLeDFYa~FA@R`Vf7z_N=ei<QvVle8xw
z`(ZpBZ}EkgmiQ*rOkBZ)_{NN}#PbppPm4+~im9*`s-2$ZDAWwjvG_*R0FEqS{nhb9
z666Of5PhkOhhQk_xiB3zz%)1zH3N$=1D;0Zzr(DUVwu~_l~Dt4i^*{)Cc%Z4zH1rt
zuU&tcg!K5vOupO|EQ5N&Mwk?TLOtn3OJ8p8!}z3M#YFfLRW9-hXG&B%`B3GmS$YfK
z0)0>;oQRomEoxxbFa+OQe$tihi3*_dYoVUFD~94+%#25{A^wa1h4Z``tK7h<t#vcj
z8Y7VJk0%g=z!Z#(3o#<DGB;o(;@eScx({RH1=JHgKrNlO&XtRcF^MKcwVM&+V1A2N
zz-Yw3$EZ60%?ZRMp%cczffk>H8qgBdl&(QFco=oO&Z7o$4{6AIW9dQb-IK*Z4LA|1
zUS?GJf~fixF+Kfz^$9RT-ayp(ABvjFiKsQ)ff~SBtc;H_E9T$e8f=MLx}K=|lg;_4
zj(@`t+=<#_*HJSXej_tY|6X(g+NJTZ1ZGDy)CDzF{mhZ52B%njp~csrW@;B|podV$
z?FQz;e^JLW!zOp^Dqu$9ZPD*TU=jfpjJ4TKSt*Q5ybeZDK}>+%QENNWoQ9hErKlNO
zj~eh*)aH7C+9S^_J>nKOV{uV4kY)?>uLd)dpeHMYI>+U$U?)sO+((`JUr__vfgyMh
zwaf3L+9|Wu4XCEs2sMzlW@pq){b>39_35Rl9!Y{W#Z=TlmS8Y$L^ZGlwRv`-_R1-X
zpG7_KT~z%Ss2TZUM&0H*On~Yq1t!GIs8d$Tw*nO~4hc0-4YaWI&Zw#Hg{m+PwO6K~
zI$US&MZKWTpgxqIqLwh)cF#+VDKH+E#6(ydmG5^Xkc7Yhj2Ps3Gf=yE{towfy$98C
z@J{yxQBX6H5DQ=ii#I_v*cCN^A*cZ^#PGNQHIrLWGqD@_Z1KJ01iF&&5=&vTU7lAQ
z7h@5;hZ<n&-JUlHi=Z0XgKGF7YHu7v?Sbd0C;fyPXq-JRJvD0WbD{=N2ovl4e@j5S
zu?cEz+Mo*fsE)^AVqAhMw+GeHVboGxu=Lv)pZFtG`Om2K68-L$ARE>p{vB!wmthQ_
zzyShUqqCS9U!(Rys=e-uNNy}hybTt`1y~Gkp=KiGJ~yy*sHMt^nt?p12Pu!*L$y%@
zZjX9^p6DxKs3lA==b|>rZ>R<iq1N^sYUKA(QyaYBrN_gh#M7hFOJZuQfjS*OqB<Oi
zI$aY`dt=Ui=3gWJjf8Nx3ALu%P#y2aTzDL3<7eC*<ax6WxT$S$$PJ(ys@_mkhodZg
zDrzQ|qdMGy8pv^sh*u6V|5~%#BxvMsP!%E_b^}O)dh+zBDJ+P}uZG%8O)&?yLp3}T
z)$j_`K-Qt!-G!RzQ>Yi%Wy`<o6Ua-#3k<<@N8A*ZL(M=f)Y>;iZN{0X0c}DJ<Or&R
zE9Mi+|IgyFj=Fb#2&&@}sF|o}>3)3z$w}yqn!;(QO*I=M<3dzNtIXY~22P^}c+1kC
zS^Nv?$)g{0<q~5);-RS1&=@sCJ&}R?UOxg+NEl}YrkQI{1384@So0GYiTLT`ZlIS?
z1G|peR4*`a?opdG&IvbDSurZ{5~v5NgqpEh7(?g3r6qL7=wu8*t@SUc4wj+@xDBJ@
zepH92Q61hu4eTFOxeurr3V+f)KzvmBq}T>SF*^Q&k#zp&5Qu?GFdS~g3Ow;v{Dye&
zAAAADlvo@4V>J8|&)_Z8Oszld-Va+*OZo<t9-l%QSW?syr$rs_jOb@0P?CV2pbN&q
zUZ^+NDAcZAh#K*Fi|@fW#7|lJEsRC{8ER@jS$fQ~u3j=T)Xa<81EtO~|8WRZAVHg>
z0cxb(P$Tb)8rUF<k3y~C1XQ`{sF_=cnz?lr--If+AJzT|)WB|7`U@OJ{M}jRzbXO$
zoST|cn4S1Jtc&6Pbnk~BP;a!Zs3)Cl>5EVU+=d$PUYvl3QBPR+yc=j^vn{Hf?x=xH
z^$F<7ms!Fd)Y_gwjrcmM!{-?IP{EYM6J20OV}6W_y-+hT8a1Hls2Q4%TJx2tQ?S<Z
zcbNWu0y-|oQ7@PWm=J?5y0uG;+5_oO>3Pgbn2k-^3^jmXF1h?gs1K<fr~$l34Jh1Y
z_kxRt8fX@5r}JNkfSz!%xe0Zw4x$>kjPdcV<-bEcN#rZ8UOdzQ)1cNo7Z$|As3rLk
zHIseJF_?k)Y>cS$e~^Ht`~)V&OQ?=tVIus5>L9^Ym!1~2w%Kq4=C$}E>`we89>o^d
zcqgdbb+-hmZn#aF9<?NyFs9Cbb^;n<G0cJ0P#p}w1UMXnaW-lo^H4Lg1~u>lI2li4
zOKf@5J^67|J7-YsU&6%r$l}4bn14-uJOa5e4d%x>sHq!=TD!@p5zj((I3G1rt1$<A
z;0TT-{{FUG+u?WI?w*30$)%VC*O|x7dv}=sEM$BkK`)prcbx?>8S!!!Z-!d)&X^B-
z;~ZRv8d&weoVBqy@%pGuI0IGh66(0!MeUK-sHOe<m+wZH@SdB}5Y&_BMHMWJ+O1_U
zHP*27A5jDDk6Mz^sB$yRWvH3mZ1F>=a(|+h<Ss_Q$3B5d1YTN3k^63nOQQ-@LoGpV
zOK)iLwiurDt{93vF+I-3lz0fWME5N{=z%LAiW*2()Byb=1oR}8QBze9)o}~d475XS
z!tNLmN1~=~0;;2Bs1KVX7zyvA8h(x%;Ahkx2=~yn69bi=2I<%LLJ4#rAup<f1*jLw
za?~#0iJICos19yoWPE^X_$6wue6aL{kK6;LL~YhAW&zX#mO-^wEs)OoHzbgOgtn-W
z{emhu74_uvQBS<Z`~x*Z53mqE!(ABq*ge2~jG}bZ1H85L=ug}O#KTmiC&Tdc?-eDW
z5tTwMMRkmZ4N>Q|Erwuk)RWIN7onzlwYdw`&Pmj6zlxdg8S308e(JtY<U}o9RrIw<
zIuVG5Be6eD!K@hnnHx|k)XY>vJ$WtEXF+|`0J~xg9E5uE2^bw`pxRxEF>nK_{9fFM
zXP>eDYIyi__e0|tRDqSKwcd%D@c^paOG|%^!NfnIX2g5praFq50%MY#8?|($urAie
zShxXe;{F%RzX~LJ>3*8cj(UPNsIOk#P@8K!YL~A>J<(B2i|0`@@xkJ8{&wFV@?kvE
zTcHNh8}&dVQ8V!is@`0mfEwJ4>UbY&>Q0~vUN#?~X5cmciyv?_zTgw)E%tfkc_ew=
z$<(H8`P%J)KB#uaqGoI+>XgmF>gX>fP?f+Nv+Nr;pvkBwoM#?Hos!3x4&&0R;sr1V
zHo?G?p_XK>xePUf>o5+UL_Oe57x%rV1hlC>qoykSJ6A9s>O&(PCdT5Za&<8eHo|Z?
z31j207GH*HXBFx_vI8}sQ>eASX!#E?I{VLiV;SMzyG<Am)j%%PRFy=HygWw5`WA1A
zYVar25)MZlt4XNyy#e)^aUL}@?@*^L;s@7HDojKFUI_x(umyI&NmvoRk4!66!Zf%F
z3*c#7fKmSA8?(}}AV&V=&U-1;jC4c|xIbzJMxq8X5#!@L^oJ1GL_kka=(DR(4igan
z4z+7rqZ;UJ@m`pm_yA0Sb1Z!q>H!X7E6nwUpCNEMs^hd?P@uhB80gOna^L^USw>yd
z$eUmYc1110MAV3<%OHMVfGW2?$Tj#U>hxSgE!}<8lfSlnFE}W$cOs)UUrbbc$%6f$
zz_H3ff*Qz+8fkIV=Ba{eunFoscSdzQ*wQDXW@sU5%~zrtK8efl4(b6$^Al`BoQT>p
z%gt>*0gd!1s)0W-JHA2f_VnRh2U$={kO$R4QPe<cpgL%dn$mWt0rx~b=}=UM6EP_+
zK$YKx8PPvr1)ifSd`1l@T7;m$xlM=~c`nqRsDSFAF($!Is2Lc68sG%fz^0okP~~@^
z_R2BTX?lc-=->Nj8S(h-qn<bysz3qME4U)6;nt`p>|*(SQA;%rbvkCDmh5*_hv!gB
zdIz;xpP~j3HIi#5BgWJD&r2W~85J-awnWXuWOF`hV85Xn+=%LEH)?9npayaq%i{}+
z7l`ckRyouFDp|a(*$D&R|GN`VLxV7|+m%6lI%+DHncGlPeGD}tXHf&biYYN_6gR+3
zsCM$8Hf>?En%NxH?oa4z>P8UI8m~e<;eON}IEk8xOXfY)0RF*r_yM(4AyHkqT&N`~
zj@lcQQ0=rt4X_Jp2_~Qhwk9g)Ur(~1gba8B!{NWEj^CkXCPFk9Pk=flsZj$cgL$zX
z>H+4V8s36x_c(HpygyM(cqzIY&<)h9`B8Mve;WeP`KRl`_#@`Pb><z+NjzRmH;}TZ
zO<5cDMBT6~PDDM~CDieJiyCP3SnkwhL(N<nvodOlYx$PY9QDNQE#AxG1F#I~V^M2*
z7WHJ8Q3JVyYWNFk1|r1{;_b<68CBlL9DMK(!&c11mbk9t6ud?gD?cj%?SXQrQ_v2x
z<1o~KHlud?e$*3QKuzUq)DwI}y;!0qaOvq#dnmJ+*V2ol22>U`;L0xUd$kCtp$3-G
z4mGlF=4jNDF2XFh7xhi(Icjsg!WsA(wRff`bW1fG)$VFk`JJeN?nQ0VYnV~z{~>`~
zB*aY=6!_L#7K;<_j@sQDFcTic3iuK=V}%mCP1Fd}5+7*sC0K&^QPdkVYLXx?1Vd1J
zrX*@_G*z7by}<;un-`*{_$cay@lXXYVp11RkIjgeL2a_7sDbZ9ZPFJw4O1lx3j7$q
z9WxUD$Nc6Sw|B~+`m2WiKmtD!(0P4}YA{Z6cO1*0;vH}R&P5F@gg*q)@hOItuqkRr
zR^tdfgR`-IO82Diun6&_A#QJck9uP^4dMK2Z90>n&DR69rV~)Rd?sqMEke!I3T%m)
zQUwKm4=@3>Hx6TM{0m26q13LUgQz9@1Jz!VG;T>#V`5H4o-~|)o%br~Tu1$}KJg)_
z&2tkqz~|;GR73Ajn<yx~+jKEdyE+aAIzp{+YSaUjLGAu($furH2X(qS`2^HaAJm$T
zLT#G4s0y1<Z@`_X89IS_cRxf8;5}-SM#$jGB|_zAz_?fd`(Y(iheuKEUqHPn{ig)f
zfEVft#6`VGQlj1i`A}avTcMt0E^0t4EWRDp;Xzb~7cdkbp*o72(alIGYAJJ~%H?-)
z->XPKBdKn-Ky8j*s1XlCH8cq|L(5T9yc>0%52H5k9n_5chang_lZ$6G^O_}5?N-6?
z+Ew)lsKLglj@zKtvL|Z9{VhHOHB)0OJ_l8A3F?%r!9#clwfmQ64)WIEw^@R`CHNM9
zz&Tmn$M#2zrCpsVo15A~s0PcT&V5zX6L-QYI2bk6XHWyXgD3GJYOie0?soky)Dj&=
zwQ~{G?pq8jbq?2VT=ezI%s@b!Ff(cf3Zc$(d8~>ZP;a;$sD^IgV0?u7)a;nk&A@W=
z8m1#XRxbDE%!`UQ!JIe@v*OlVoPWKc?ps3a-0qE43{{{FYV%FC_#dcE`N_<hCn)f<
zU_;DI`b4aayRkIJ&+ERD)ivj%-k^_BFS086IREOXeLgqR=@?4<0EXZ*)GIY+e%H`a
zoJ;&AYTy$JxV7Alia)}F7_Xq4kt$e^_yE*WUO^4?1s1|&exabi@9pZC{ZLc12sMxk
zs8{V5OHW<c?fP1ngY?dr1?Qno$w}0c-NmvPRK&IaEo#qn!o=7EwU_*{1oWXZ$J~V)
z@ikNj`HH%DYt-8BMQyHQsJ(N=ykXwK+@#+}l}lR84J;EXUIMk(syltJF@XjobV41w
zW2krfS=3a%Kwi~e#^UZgXF(05fLRjNa7EM`vOa36d!pVeqfsxMx!4ESV;9U;LghJs
za|z@pVFzl8UZGwr?@`Amen~g5JeY)d5!71OL7kETs3~29s<#WZWS3C&KU#XSQf@Qn
zLwz=M#=z(QF9h_;U5A>1Bd8CZ(-;NMqn6?(Y5=iIyK<Q@JMmno8EA$&zTHqWGyt^}
zBT?<{LOtL?iyuc{o8=q<4d8Ffh+M|KB4eYbG&yRs6hw7U5!Fy#RJ}&1ss0i5f*FZ5
za3*%b=cpG{!?Lbk3)CC4U0Ke569ThI(6RW8H8E2;SFk^7s)m?Lus87|sAF6DTer4d
zF`dexK3-R#PR~C47N4LVG<SJ7GvA?RtbTdleKToi8A~yQjJ2pIJ%jqNxQXiEDe8&i
zR&Z;X5q0dEVJ7T_Iu#31n|LW|^BzFWz+u#kp2Fhz*e9S0nJT&p*-!;4q4q#))Mo2|
zIt^1%uj12|{~Fc72h?8qgj$M7m0Y{YQ28lQn=v(NiAtgNgkQ@F{D2x^W6Nk|>7B3v
z>0MEq>ZIjgKn?H)4#T^sCvI2S&ERlUhs*GLJc4@9gj8{-qd4-a_Pu5VLde*Pdh*Mt
zJ@6XUVTG#h)3F9>NgAR?-X66HyQ7xoXUu?eQK#fEYUysH&i`}N5(QOr51J*Q&!!-t
z0)<c=RzY=82la)b5vt>Mr~&rEQaBkK;ziV_WZvpQfq!%wf~vm{RsR^O{R^ng{0KEO
z(Z1sW=-<msKwqtLqL!ctYEP6#y;#0Qb=bt>3sD{K#5$O?hFkNlsLePOv*AoEfX7gu
zDdB3mO_vw7iGM_2n`I0EZHjrQsa%iROqWob?+)q>8NHU<gk?}u-yb!lLr|M+4QlGw
zTmA{u44g&njT@+$`H1Q-Ty6XLKS6CbB`Ht^i(v>hKvn3AI=@3uGqnJ<RI5=>y4lk2
zp*H19T#B!8auDyAI+SOGx$3eBi5IRP6!;_d`VBb$`YZOo8}Ne#8TA^m*0`r}P~flF
zPd0HMqp6$na{=jXP)o7DSy15LdLuRu(qFNAy|FDm#O_$5MG(KV<e%ZN8rGxny0{!$
zVsI<>Gh!Q`z$0Z~f1K3Xy|d%Cacfo%r;^?adtj`#L4m(wAA%eo?;)<^-CV4l`-$jf
zZ@23+^l{&e@}M?tTMX<C)C|r<ErGv;fX?Ms%zzhBd*BP|6`8KD8%SO(M!Yp@lP<x)
z5}+E~Z0<$vofD{~yMPt&2A06ker^x7MfQ&GEhI3Kj8nKD>-G-{{1y8*EX@w$-wbeH
zy)NMo#8VBl&4)ThLr_n$$lQ$D)JH6S4fV!+j+%*hgWT@V9+2}_j)0C?L(Axisfdq7
zHMGXukD9`Z7Jr5sK+s?}fK+B~RK2nmuZN+;+oNW7GN!@pm`UgV1_4cdlp(G_PRvUD
zd(>$diW>O>)G64FI%d}_{SB&I+@bEfUUst%s$4(R1OAHog0dEM{*R-tj5}7~BkHSD
z{9*26G$X2DNwY4hd}ma-5tcsN+=v?Ban#58Bh<hW3=i@`Fc&JnChCE@4(I%<z*rLW
z#4Au!bqUo#&<OXY%ZmCd_R*-%_Yq^<jLk#6h>oCM(Wg+G@)~NB-ZP(~HsdSQ(tJdH
zp@}t?O{OOb8SB=tAgW*`jEOZ-4L7s=E*2kzdb3SH?fzM)cl=V+X54P^6Q}{*L=F5Q
zsy%O<J6$n-0vbsQR72S<qY&!JDxyYQ9aXUfs(d%p@f?ilaT4k?V>{|oZ#QZtkE53G
zU(^7ijSmX^5qlcUO5E>4Kn>18t<4%#11HTZsE!|C2);&jm~eudsiLT<E{j^z%2)#1
zpxRlEnyJm^K2&?BT-^7rS;9lqRJ}os^b6{^CHlpES<H$$mQ7H{ZV+a~1=t5qU@j~_
z(al&N)RK%xy^t25+FONM+I;~ze`g42>TjW@><Mbb@h7<@2tggA^r-X_s2Qt_+A9rF
z4You*Sr61XAA~Bm4D~?UQ0M*(YCx|sMCbntfrc2uN0l1tj~dWea~f(dEHsy+W@?S)
zZ$(Y@e$<{gjT*=;<g?9tj;jARYCvyMdnNJ|&c70(6VQ_-M>UWUHGqO<8B~YWP#x7p
zZK{^2weM^BgHgMG466PdOJ9zf`t_*tM^Jm^k13pgb@+q?`4RPoiZ<1KD5XcOVOdO#
zby26G4{A!sTmDki5^cwbLHxcSwVAK}>OQXDqdG1!%{@SA)Pq-_#`!Nmps6LyKy|nh
z^{KcUHL&ZbFBZ>GQ~3{SCf=bwTp~;l3j7g!CM-pK78b{wSOinfa0C1S2NCayYUjOA
zKn;IEZI19W-5v-<J!yW_NGn<T52&SRj~YM^)C+7NYBSD2EzJVU--eo*L#T4MQ03mE
z_L?6w%dJ&xR7Nt?yFCr6LIG5R-=UVE4c5WYs5QKU+H9XKKl*I<>dubZ3k@(2cEp0X
z0E^-^<oks0C7t7@q8@4hjZtgW8Z`r*P)|AtwTZ@~HrHa*6RfrP9*Z9{FQfLzLsWfl
zu3Op|sDX!IZ2I?#SVk4p=4%qjV3VPqcns=vtU-0S1NFqmP<!JNYQPUs$La-YNnc@L
zkDy*m5$3ty3l_lLY|;yuQ0ITj0ynZ%sET_~9Uids)2OMui|X(-Y9J97x{l+cmMj@+
zujD|LFNqpJP1L4tf||kZmOm1GZKjz7a^NCV!{<>?^cQL%Pf!iNMNNI=MeYq24+HNF
z%u9Mk48g{z85)2Zz&O;}&qQs;^QZy6Sj73)NP`!<4&s~XPzCZ?yaJ{qULW=9?2Vd<
zA(lQFb>26kX7DWPcwIz2;B{0#_sw^x`caqoZiGpfxB?kaBQA(~vT~?`H83AGL!E}{
zs2N&|nwc%AfgQ2@v*shzK)j{w4c0s&YLiD@<^~$qC!mofLQPpl44iw^F0F)`iPos8
z?~Qt*p{S0>q3X@G_-fPx>_)Biaa8-aQ3HHs`JYhr{HV)ahlx=m%YrJH2leE|P)|@5
zRiPHP!DgtAj-%>bviw`9Q}7%s@WlV1zTy>G85H;<_Ig;G_*P_w`M>{K6%_a@_N1te
zo}yk5|De`1$7&k@YGAccYupHRzMEq<?1LJ}3e*#?N4>xfpf>e&)PSE_{5{6e`H%dY
z%SeiP;tZ&%&2Q=D&Dv%&vomTB^hI?z7_~R1pa!}M^+20Z1KVlw1E?iDhEa6>&k@kn
zUPn#c6N|q<75s$iAmSP~u*9hJj5rK)VO89QnwiLJ-R}isU|r%xQSXPTs2AEw)PtTv
zUl}(DXoRm&BmRgJFle27!ilISnr<#cHMANvu+yj~zhm+DsM8Z|y&G^MREMD$_)I|^
z=kL~Y{!0+(N`iLzdelrDL=EU1s^hDuC%cC_1&=NNwfPBkS|V(4FPK!Q0To8Ac@5Ma
zXl&`7%%K}N|Jm53vq;bYj&F1oZ=g2eYt#U8Z*l`FiXp_yq6XRu+hGsX6W%mmppNku
zRQ-6H-4Y~6mCJ>CkW#)SR6&ifA!=<qpkA3jqLyS0YEy194`Bx47g3w=3u?+EZgC%C
zaZw#-MV*rTsP?N_dLvXlzYT#61Ug$nnyv0P7@6=W>2vTOY_rWRL4)mXlQuyuNefiN
zZBYa4g*k8}s)OyQ7tvk}#*3)(SCGBudyfcc<ezaeM&03lMKTxl<PmndhN7W5h>O}p
zX)Im@HKkQB7dFKFI004v2x>2#LJjx=s=uq4ROkNzfgJ3C;9Wt1zhckLhqKmpFKT!H
zftt$Os86paW`sR1o)WW=UJ$j}TAAHZn{t4~XQ9@7Ip)KSI7jFI2?334)bGymSe*D|
z)F%8BRWa^fH=yLGJ(3-@wgpfFtd2U)^-)jW8CC8_)C2WL9osRMz6O1bcq;*|$w5@X
zKg~O+seNg2Z=Wj{6ScO<Q5~hlN|?#gd!nYepXHB4Ex~w8|JC9P_i_I9<SR)C#kH6o
zFQZ-%{DEKKD_ICCy)deLGt_`vqXyU$^&rDgGc^e{usNt1ScKYyt5E~rkD9q-`+e8Z
z9TN0m6MVppGz8UfD5}E(s3|UrYUo=_Z;0x+8Fs+Vs1B~7-Y0iaOY#Oav(XN^_LHCn
zmdYofhBKiyOCHOpj%v6bYARcq-B3^1AJyPUOaB%1K3Iqv@NrbR)2IPoMLqG~W|Tv2
zhWu0n3XzckcVRQs6NDUg1IvJVf}E)Ia;UYef~l}Js>7d91L}(!_$buCe?=YJg&2Yx
zQBQu}>3cT_XsREWZ&3|JI^uSF0?b4_1M1w@Kz*TTkJ=+6P+!}Zp*q};{qYaXidB!g
z0rf=<bR=qTjKhRF|C0%5gey@U??f%hG1Qa%iE8+^<v&A}|A-qg`Z3q=UewQwhfw+V
zP&4%gGvjB}05TnS>De)u{=NJJG$n;lQ(fAui`wNKQES&1^?5!SHDk}PCVsN~?@qWM
zX4|43U;%2TR-yLRQPd{ChkBrJCprIV3B)3xkIOu$cqPn^T~ME5^H2lXh<c*^sF^yB
zs&^UH;7e4;|Dk3s;we`yo|y_Y1KIIk%yWwKKbk<sKY{{(#l8vuCcgT#+qHAgxIM55
z)!|{(hsb%<X1s*e@g`Qq9A}+AYCxw@4|K)+f;uH>&$(aGR6fV~S3)-ua^MUMJQ-?9
zE}M5yQ}_h+nGoqu_k>AM@${%oRRA?p#VoxF>NBG;YV-b#DmM}H;546rzVn?#ZJIL{
zzk_P%KI%pC8a1HE=iS=JLFK1HO?3`SFN)fPRV=>)YNq<22094!UYKlge=Y%Srgf+(
z+lx9@CsF778R|nL)&(~+xlqTg1gfJ3m<D@eHk^YU@FZ5mLKlO)CO8yT?mia4sF#BD
zN9?{=nm_|(puX{xy6nz-U(}2&MU8kXY6kYBmgofPv|Pa<_yY9+J+8R&15j_i(Wp&3
zA60+3#n)qUo&W6w^dy%o<1Ok5zF;ftaMk@$**R3ljjp){J7Azg)YJ~J^ogi}&%h8|
ziCTgar~#joLHxb|^}j#leY)-%jCsQypM<Ej4M9D5cGMFTLT#Q>s5LK-YOpryShYhP
zzs{(E{*2l?!%^+cKpp4hr~&RmUm2$esDtaMHNS^yIMPk`SM1-Qp5P$ryq`ernY-pI
z)Ih`Ca`j`P-XA$o18#z9zZGf;I-%PC=@#c-BN;=2I+%@`(nY9&twlZQ9#n@XP@C@>
zs{C8bh@UM#^tLNs05zbpsAF3lHSi9oJuw*7{`A|vJD<x)&<OXTMtBT0uyf{Ls0y!9
zdnNoGx8`Y3ujafMICiKf?qK=dP_N)2sCMV09&m-_Z}tgjt&X6M#|6}yeL!^><E~rN
zZ&2^<^r()?pc-n9TGP&`CmoF0aIWQ_Le1b6)W9B~_Q*3-KmJ<+n%by;xq&3b^29?e
z-W9dEeAEDjSbTxG6gALQsCIUsmgcynpGD2&ZSx=0OozJ{m=WKLMnEHuk9zTxMvbsJ
zs-cdkC+uO4FlV6}UW=N!y{I+5hpPV{Y7a!b?`9y5nF2L{%$QE+KQ{rL-+ES{J!)!u
zq2Ap?Pz}vN4RASX367!$_7JtU|6vA<@W8#&v!bRxCu(MjS-dLhlr_L~I{*C$<i&*;
z_&7y1{1Vl0_=hye3nK<<4dXm=14@K?HK)clSQZQ8Z<qrgo5>!#f5NSd8c2WCrW}X9
zo@gb3vUnWzWO1Ij^O*xR(z2*y(;78({mh}LwI6HoS*RyoWbt(t--cyKKZIJ+XiwdP
z#eK^8*GQ6)poR;eW}pN%!S7KOwxa%ueGj%`CSE>w9e@AQeXO=Z?ExQk3Kn8^+=Cj>
z3)F7^5A}et{&q8&?QhP%o*)kida;zYj7F$U)WYm!>Ag?`>W>=mP>YX6wKLh$7otAz
zSDFV<4|*N5;0M&H%HaRw)-nsuAR#}7!?UQhx`1l<KB~fN)IdL=Hfe%a?hTj<a}lqE
zS+PGB$5p7!{S-6dXRLr3|Fs$GPC%RJS4@lBEq)VA5D$Ls*1j}`5U+>YGrduJV}`|d
zVmjj2P*WWI#=S36p~@Gxcw=lvydUxz;Cr_SXymUkCx*Ute{xwL^AmrC88P!aXKmD}
z@KGI(z=8N1>bT~3@7k+~I*$D;z8D7(zl3^`)%&0a_xTheP>F;Ys7-VqM_|;C?)UYR
zP*0lkKlg7rHBozG0_xR01GO~EP@8Wx>V0t(HPAm%$M!nXop%>oV)IY@9zY34321Y8
zpWUxUljA6&-BBHVMy*-oFRsBFs5NbX`YZO1sPjH7C^*p37OYQv7i#Y$4i0vk&CG%t
zSWfh{i3$<WrYncq)fKHk4b+o2Ks`}E)b1aF`qUebI$ldr9c@H?uJ1>^FD{|VKSyom
z*Qgna5H2|I>P{7opMNxfTqNj;ilGWtw*pO2=e8^M!y%{+gTuQHVxiuY=}`3xqVg-D
z-XnEU?}5&!FP(Ey4{{0B&)x98OL#?sK1@ENI*b(|IPeRJ)Tk$^gqpIZsI_c|D%Zv0
zgHZz+Y0gINjdiF2?LoD30yRT-Q0=|-3Ftg~5rYG}HyLV1@?r><w0JYKli3^9@G#Wo
zn}lj`8mi;@sHI$k8t@j2??TPgL5uqr38>;t)G>UBhcH>B;J{z8-@!G+2k`e(OE5>2
z;J}~ZT*Pd|^F(!1*&H>s-BIoJN1glOs3%^ERd6S2rlUp+49xeE5jaUgD%56qf!g(N
zP;2BxcMZixHJk$jYmI8S5^D1{L2beos2S*vI?e;JDlSI7;QmFmlO#qkf5guDOHDu@
zn@dnLaK}s#GdS>qDUX>*?_}}mn3MP(%!+?wMobyY#VerVKUsV}YV-YJ@yM~=rpzaG
z{#y~qgHtgx9>?1F7E5E5IKhFhWWShKP_NK5af1VIvSFx!EJ6+REQaDI48ipAf&+iV
z{w<a#ehcSf#`v6njr1r1t>r6JJavNLz>i{;Q8O|O>)|%kl*dcx1{#Wmh}XjOINsch
znxX5cfy7D_%&V4<cT{=<)TSSsi1V*E*D?~a;APY?iO6eB@91x^EEYm_FaWiim!dvi
zSEDx5A=HP?Me_}6zzLEB2iot9iqAu>{Rh<E3YV1gugw!LsWXw840Ds75>>D!YGBPR
z{xfQ`jWnlW1L8|j$1Ys5;J_<A8WtoTioB`4W~k%c5;c&nz6E-tIvR|6MNUFZ^%~TR
z<pAo1a|!$46YPwwzj5U+V&KyfHA9(`yD83zI);@|1M7fEum@_X{c!|zOtzw?^crey
zUZd75b_&-(Zd7_r)NbyC`fONg`A1Q&+()R6yp-<66d9usje%O~M5qCjN6PW{zXY<A
z&<-^NGf?Mu1!{`6qLyMWs^QnDC;Vjba3OB5L_-ZABdS~p)ElxqYDR0L_DWY&`-3oo
z&i@1gsyG!j)vHl2n7vp7&tWG_pUS<Url1Be3w1gcU=uu#I==Z*2M2yF*9=u|Gis)G
znm4dFaW4(WR_DJD0j=$FOouyBAFp>%$L9lni)qrjCvA_KnUSa&n}|hlfu-NX5aJI}
zPZ}kin~6lI_S2#sxFY&m%ccahyJw(YAZt;l;wtKk$xYPm{SWnu{(_p)i0Oj^Uoump
z$~QxmZ-vSqjQVhzi`s09P^aM(>Qx*$1Lt1_vSx4{<U(zhyr`upj%v83<$sUb&Gk`B
z)El+dV=R9%YJk65`W#DNf(=Mtj+(g$p{`!cP~VL(Aqm6CNQQcX1sH;RP#xaF@6pTX
zUNm)4r{gEot9k~8;7in#$I0aOKvq<T15uxjqfkpS1vT)6J^^i#m8i8@hZ*o9>X>{%
z?cyYv-5yDgTB3reCv9Q2xBPCX4u_&T7>9b{Oht9P05!n1SPK0U1R4^EmBoEbcEqB@
zccL2jfNCH(s~bQ})NW3Nnwiq52WXCZ!nUY^^*}9MAJlurM|C*O;#ZM=eeYiab;ziZ
z&8_)z)Mng;`cOKD+N8nR-G@hEEKa;5Y8S7@z#9^^CoZ98@-b>J#m?b2UsBW?vJ7ey
z_Qk;Y-%LPLx)Zg_AE2iGai9P{e&=*E5EZpI5~5}%H>$(Js41_4nvpuFay>BwC!xx3
zM1833M9tI{jO-J*M?g>d+%l5qa+@*~my(_pgD|q@ldCJEoJBZ<qoXI`=LzqEjuBT=
z?v8}VlCQU>t}}WnyNZ(@p8PdhGcLavm8(-=Kp;vbGAeL)<?c?w)>g19`QK7@4-MQW
z{p+g@kv^8T78?;Si<*ToSRQ|&uC8gcx4{OqCY;{Cc6}nTh;=rNFyBQ2*FOH+fljB8
z_brWGqoE9>l_cDf@C#SWOGufouLR`Rq|Pc_&aLYQ%51iB`2+3K|0XhSS^*VGL#0GC
zypyzVY}EUaFF#&oDj&phxK4$+(on7@t|U#Lkhk$6WqMMlGo~g@8~i)c3tB%{aRB-0
zeCyx`96(|>3XUWEFNOaiyqH^?WhxELA?+HTC$8%O@j_Ue0qdHIDY+|BKO=c5t?e3w
zb#0=quJ!bjfpYDL`y79-qh*|+LKDKhDD)GR_H*Z<V0&vol}~W<d#J$GnDnWH&ePxo
z!VRok6YA*N#of=sEh)3r!pEsUkZ>gZ-{0n-(m6794aXA1+hRrHml;eP?mDC$vC910
zk+*`h1jKKUo}PF%!VL)z3beup6ZMyo7S8HKr%XQXnB4p@?eQysz!jU%AMYK73z3kT
z`ySy`Wa*spEjjRG_aGYnh4>Zn!xPpu#2QYD14-BQf%_fz4cZ91(vn}Cct$Ie1MAbS
zuAi_GpFdts3Z=FNtJA@D(lQZWZ3SI%{w-H=(mPRR9gVIhT$ONa>yTfL1+HnN>96I(
zuAd1Ur0i2m8%{eXN!v#~f0A{=&kBL-JcafXen{rOq(mV68{sn6_+2X(*?eZ5-zI-L
z;RDp~LO7T^GxtZ@$ZlnZ6F<yA+EAtj;UfBl$d5F1)%6|tufFxJCbP3u;-&aM*MFqF
z;66-#F-t9jQ)qB7Y2CP6QGP$2%p=^LyfT#M*M))WhN(y}=^ONae-%V!T~$b!hh2&H
z#R@cZmo!~5@C505UDT^W-gIt$jpwz;v6zSairmHMoPW^?d=^;o0Jmsk24#;?<^$g1
z-s+RMiojkaQYjJf@q~ACho_-F+&^;{BChK&j>TcrX^cg<dlFv6U6Z^bk~U&->-rZ9
zkY1Cv_i~3_2MHhI_J1d(bXcmXZ$e?0Pvr&{iAduU8B99vXQb^Wz7m_zkiNi1qU=v}
zc#QZ_EK2+cWp<#hi=?&U{)IGM7xex=MM5PCTqp53_ckhL=MKAS(Ag^@{9qIKqOyYW
z1xf2conI+;jXZuu7`XVI<^Np#{NhoRUuIFByEt_QQ-?3b-X+TA!D-<O^8^HRWhF6$
zLb^6`FQN7d+(P~-?tiF!z&e;q`pZcJd&l!jP~)<trl7<Za%PbBjvABHKi3}e<C0g4
z@HNsd1XBO^KhMbjLV62ajI+5XQ=gw=y<>#=3g&&!U7C9mZTF!qyL>MK1-`zr(Z~;$
zFqyEfHQeK@+%m$QXe1SPWg4u5+qef4))kLBE%7(*{G`vfdgHCF)8;4g1K*!IP^dbQ
zuxlHmJ5HsyHp+(N_b09&zH}`jy(#f4xR1uZBR}lo2aCYPFOj`Plqtp?cC{w&Jn4(M
zdy!sSWjViI5*qj$D_hCC_#K&tD0GB-3vqpgO-seu_zN8uApKYBjo}U<ts?O#<R2ow
ziTqr|&(cOHX}U6)3Qy<$ll;%*`)l~mIx6Xki$knn5(*S2oSF1^gsXB7CA`tf=Ax6E
z+zBnN`q_vF(cW<U`udr)_@woxy?TVdx_th(&iDu-F*XI#(#dP?ag=yQ+B(wolccWg
zHZT|C3CQbcX+sEyU2{ph@KxFRWF)7}m0zW)>^j=tqxqj~PY^b+wKR5v0(ZDyQZcqw
z{MO2aqu^Fc%SqW~+`m{}t*>UIs5MxUv>xh_>u1W&CcOb^8;Cd4`?EEHS0wJ>&O`hY
zH$P!|zoM=-giCR^rE)LsD1?9K4!fSH4brEOHp>Q<mUtmL`NPWPq40VOZzep8`)|tl
zz5dU%lp-<gT5bXUS<Raj*5Ustub-8wlD36=HQ|p8rVDM9q4S@JPaxircuV5@aP(L0
zlkEro)`@`Ej0Q?mDC~M17Qjpvj)$cz+?etUY5Y&(6|G)We9S=qAf10a4EzAc@9+Zu
zI;m>Q2$y64F;LeGt^Yg{5>jE|SDj}iT$Hrq<o#$PPC<N?s~7n1uQU>sw7zr{lQJK;
zR}%l%8dsqMgbR{ipS<nlWue{LgqM=0EAan6;Rh1y5=lwMeeMmG8J!AOX`m|kbqI%D
zqpgGdmKKZh=SX`_0sdLdD;HJ}+fn8l>d)h@Ox_lpVeL;r|1urw`ar?bghMR89cOd%
zvzzy~byx$pk~W7%4pAqs4Pb=TX^B_4zvVtaUVH9k+~KL$8e>qe5A}MW=i2nW@5tcS
z8vGCIk;pZZQR&Cg?cBwz;a6rW^6C=qM4jv8r^6@2t66?`EKOS2wbymx-J;$C^3Gx@
z>t_SycI$t?HXWt2a_j$t*sm1I&Ar$P^`p>4@<x5tXbC+H4fUj425w#YHI}Xi<h7@6
zQ|<?p(KVlY6XD-UdrEjLrnh>zb^c3}S<n(xAur+1+|SAT28WUV6L$&j9o)KRk=K@R
z92|o)Y4m&ijREB5-pH+M3-#|4zCt;E<r?@+gwi|eKV16!30$#gpdFzJIFW|<OSZt3
zjQ9^!=HK`N7ykqv__ak%8Y@rwDB_3cWIVZjQP*p%M*23&WS~qg+6cR%5$87>-X3l)
z-y2Hcd#kvfO8L2uaxWye*;f_2P*K+?N8neGMahps`ZUU~!8Eirk^4IBeNQ|B>D#RQ
zBhtE%*PL5dF+8T{e?Y;M+{0*WIQJzAmZ#z~OiKDU++SazUqvcVChXcwxzsc|($b<5
z?n!1tyh~a{+D=4xtyNe{AA$MbM8&pb>Pn$Ru6o=r2oEA}7kT%nsOuvQ)gwL;%UN1k
z;*o8T6R1<0dx_<(B`>?H>dhzpKf?DcUW+#T@)USU#t|Y7@jJ^LiTWprOWc(ybD9pC
zldr23#^CNx9bKWO!f_}Yi_XV!Pbd8i^-h!iE%#-@ak-b<;7Cf!&5_}b&V9x@;GfdH
zIDxOHeF)v6nMPDw&Apkb3+Q4TX<51JlQxZ-Iq+|8{T}KjcXsl0C8z#k!tY(wn@zkk
z_ax#KP}eWiON^OlJ1J!c6Q55wroJBjLBbU>N0N}2JM1b)<wWEq!%!*=Vo*O5USW-X
zXR7=@t5?s`R#UGeX$gqmwg!vPMq9!y$QwfVJ^8%?|MMCo=HzZhMn5VHCVZK@6op1(
z7Va73r6(SbK}6x!HJA8u%Ku3CmJ+x|kX8Z<P-X(|#muDT!+}_hv<1|uf)Bah=*Ro}
z1j>=wo$wICFX=2Yh0c(si{Ed0$w^B>+ET(}xGP!SCK_%=nO>xgCd{uSy?&HUiX}-O
zM4bf02NF(gb-pL8s|RKLh9rg((AAWJx~@{G1}@<Ki?oAE<f=k?0m?4m-bZJ(h!-Lp
zOqnI*kGBp2h5650?s1e$Lw+Xm=1{%`<x>$)%+0&m=YQCieN3U1++_)eU3Dn@^;MYo
zKQywyI%#V8uW4{2^%`R$+R#;(aALyKDYF~rlE0hu<%FwSnVF<r(XV&rP<S(mnYsTY
zoS%Y63D^H>0L@7&Oj-zO8yUb&%5^5K3XPmWT~P>+!Jg!2r>w5^r2R(tAZhD~cM7EP
z<kZ*IL0`zvxp3gWljvX|m6j6Q!5yD?v`N3TO5}eg^$4+exZRqsWHqDH++u68mE|d`
z1Lec6tpr|Bw=nm3%Kk>)SgVtm@JH^L#P5)=s|mM$Jzj$mMhyEs>?jIkB_TZ-$>}I1
z@gCMm7Mx7_TheAy<}6`dSqRU>x0uk%W~7X+RkSgK^lsestYeqMqFI@k<joJqLaneT
z3&yD=>dHa*gr$F>@k>_ePr_wrFdcVh?j_vSt<H}&h&{x26JEm|&eGK82FiwAF$sL8
z+-d!q<DF$Jq?55E_NL=*q>Zux{7(2a6;gfGSYOJuCtevFkssa4HX!XG@p+_Ap-xo7
zJFVVh!sobi5+91Xcz)hrbezc&PLlbY_-Gnv%zc1{M_A*XNZ(9;S?(^>8$+EYR!{BZ
z<32?^9QATjM%NkQqX~DWjVj!SXrl$`T}ex({+|#DA+Ze!KKE+tY!~53q*uaSG!l#Z
z2xW_4*p-*Oe<-7?s-)w|U*!)azLxY)q!lJym-0b4n?8<Hd~)Fb4}xmj6~ihoqTnRL
z5x7&>fO=v#8hgq8p7dcf^z}7|co_|X>qo+WU?l4NW^KkMJePYX@q4r%fpB2{s}UH?
zoy-cVfxl>=IcX6o7<SbrFn|tn;9>6D)>%_rMY)Tl<-)31jrzyc0oMcWT-<MHKM7^K
zs%^q22^XwD<ft`N3EL3wZxx4ADGLS9l9tB?GLmo`@^=P4=D)X+jm+`*BX=umhO@_c
zN{u?!!wF1EOItBA<wjbo?JyN-L%17IUe`8E#$A%UllY3;r%n>uZH$BTPoWt})YXYX
z=eWz$Kw09&@iBRQ124HtR;nH@<<3fO*fo_}Pc7b!W<8p(W#z-l+@;JC?jDw&)-s}!
zrfZlz>Iw4iSeX?6+lTufn~YCJ3w6MCop50aq_GB+*88h)bQ=7bGI2;dj6YaoM=4i=
zcyHpnuqgR`X)~j>t9J5{evSG~a0KP%>)Xg3YoI#?KN8+!71~ko0G000P$TXj()(E1
zMONl7(tFd`G7P&W5)ZpJk{)bzo|s{IH;C`hs^z1j!$dk*&Q8Mrao47yH({kQnsvGp
z3xAcq-#UDc&uJ?zou0&{l)HzShzHpKM-gvF`f@BlTHq!3g@~?DGA7XR6dGDZS_i^^
zan~iiJn=20N3w>N62Hhji#%Q3N&gjRQeM|QoP+;xk07tP4N`f%sh0qE@y8C{1q$XT
zLDyaiox(~q8jZBn+>wa)qs$^~LH<zk@)5tt-O)N<XM>^$e_+U|q+U*(ifKrTPr2VI
z^UlgeGh69Ht^p0{`W8o8gNm0UT>YztchF!_(qCBlTITPhXXB1TXQ?pkI!1nfD^r}r
z5!|1-TUy!x%7@o$y<b=jJWu9L(r$m%kg~flnEE!jyf}b+s15FmHP{TRaW5oY>-xyr
zSV2bzxqq_ykF0zW%IKG9UV6)TWex5pZ3$_Q@FHo6X{ZqQLK-Pc<w<+{CEarV`=G~#
zHtgJ7ZBnw1ox8OR>DaPI(-uv8G!1Fqxl@m(&3lA&>)fGb_bpK?233uksCDZOlu)tK
hmRlo`Tf0_Jl%X5ye~J)wOQX9%D@y(UHFY-V{{bmoLcRb1

delta 31949
zcmY-11(+7q`~UITWm&o#1(sM?V(IRdmhSFGN}7>wX#}LZyHgqoDFFdRq)WODe(%q7
zZoYs2b6w->oco+PbLPZ6&#tQ%??hj6JGy^8VaRlk<78CN`y6{^_q^TFJnvLvMLloF
z0MCma?0Gveb&%&B9OQX3i2pIz^V$*b>w8`s;x~qPUK}hx%=2nfUVFIbmBW?TkoZ$9
zO}^4d&+Ca3u#4yUUeGAd>p-9zs^AJv!K$M@?@PRa^)crdZiHj7BtFFlijVa?`r@S=
z=XrT>7Usg!sE&TbUN~dC=e5FE6FjdDcEgSF>HQHB`3dxy=XtSl9p=T|_!&OKBp7?X
z=f%Wym;fU&HI~3k*c8KYB*w!vsE+Kx;`jtZF>(PTig_`nPokI-SOH^TEsTauup+j>
zlDHlV;WNyFSr#%HSO*W`@AwfHFQW5uF>PYAC7!3*T!GB87j>!UrNLO}>q)Ybki{?&
zerfqun1Ot6)JV+6q`1vIjmgR1w){VsmVDx6uATg5CDaHuwR|sB2SzVr{&nLO1mrHO
zaLV#GFoO6C49CxwdtQ1hg&Ki2m<cDL%6DKSUPmqF*ehJeGh-_9<uC=dviP7CjK3<*
zB9IZcnZH@Zkd^KUQ)5cX3!p}zro}s$LoqS&?=cx}K-D{L{*D@{H>i5?R=M&Fz9ovF
zdRP;);#a7S&A~9-Y2{Z@Q}NEq6R&npoC_m}H$z=N8k^u2{5y*0C0ye=7H@+au}m11
za{o&baY)p`=-3KFv9s9|qml2AS{p+#KF&Zr(Q?$({eY@>9^>LwRJ#wX{H^6<Y-HgP
zPlhqI|I?F5NFX~Vz*3g4h3ZgS)R1;VH8={jy{2P)T#7X0ZL|0R)RUb<b@(#sx<{z`
z?@`ys+@vXI{!@}*guGIy{a+3>lr>RvH~`gwDOd$pVI;mqH5k6xO<jJ}^|j3ws2g|1
zFdT?lV{=g>br?grzjum+=JW!V#HXl+a&B=$Rm`l2YOs#wTUovvYNQ6CIyw@y-R5C#
z+=AMc_fXp|##YbEjG56NK%y22RXl@<FnF7rlB5_z6)_3sLCtMNvp#C*+o49R2WoD=
zM@_+U)EZf9@uR2_JC7QHTiY0aHTZ~tp6ml^A4lKrDrQGLQ3=$(uZQZ;01U$ss8zlU
z)lSF`*P%paYE(xun>kP;mCwqH?_m5j)D;P6QPf3sq%8(xFH{44P(2@nS}WgLehTV|
z7o)CUj~bEv<_XjdFQV>q9h2fC)GiD5ce)BOFad#ts0K1vJO^s%3!*NlhFU9iP&e#u
z4ne)3CZj%-)?h+BiRth<YHEXaxe-l*D)%Evq##ieLxcFNM!kqy>~^2mKI+B?QBUwA
zY9uaULA+=AusyE9T&NC|MRl+hhG0+BNcKgwGZ^`7@x5^*x)a!dr7_)J<{R5!QCy1Z
z;7uHgf1?`m_qm2gpw`A%)EZcadeXh9j-IplP1IC8M|I!>CfELtw%@JBFx1>cpemF=
z-M9)S$F`_d>!WTo3N=+TEWQvElV6FdzYo>kWz-Zr!Md2>2RDW7F^*4QI0;plf?07Z
zYAyVMdGRF{!iWQWL}N=VjtfvD@jI$xcTiLHCu#&<p&lgqLAQpIpgNot^#J+NSD>5)
zs+-L)8S$>D21cS5%T)Xfm!XFCpv5m>O7eFt9(2e(P(sx1$cMUNDb((&j#?W{4>A7g
zaaRISus3S4^h4cvFzUrL4(H-N+!w^RnZs^qKRfC=mK$|lIn)g+S-dW4Bs-vPH~`g=
zaTtoTk23z6vxNloMB7jo97A>B3hK%4qPF3CE01@~EvB@XlXw<X!;LT$JEA($9o6n2
z)JT7edV$Td^2I)hd<52G7~Vk*QRs2kfyAh}Pm5ZNjZhuxjq2!V)D32vtF3&G<<DRm
z%5R`<?EUCQA|@*CrzDYzL}Anr)<-R>CKw%Cp>EXK9E=*uNvIK8VDYt<-;a9oQ>c2s
zV1B%h+6`$=xDm>ablmrfk%&P-HB^QAW;awvMq(7^d^|=YKk20F=uA|{=AuSyJqGqY
zYLT8pjntnQ6TMUJfnuRXEHTE>{tvf69*j*vS=3zDK;57ns)PM7HV#AGa1!c<^H3ez
zgsQg-_2h?95AZXp{#9&`_c1osIL&q3-)l-j720AH?1dG1;=cGf`GY@E2Y<&pSp19|
z;%Rt}`~uXCdYpCdhrXyO-G+e<pgMLHHO044+xr3f*+~S^ik=`R>WK@Y-e8qbtGX4c
z$2~0XV*>KuT6_WOiPvI$+-vcl%xmU-^EGOh1fOU86Of2;-u5%9r@2u*FN*3|Y0Fna
zEz0VsdJRw`*9tXq-7Vi6Rc{!o{qd-d&9nG=97%r1dB(pQi4qsw(0q$I$WO)kcnI}=
z`21)0M$3hI(%PtaYg7mOp*lPSC*dg66DGgtI-17JjOmEyL3OOIPeQA{y#<tyMSe1>
z$8%9PT!(=V71X}Hj3x0cCd7i5+(=YLb*KSqgj%5Hyc22{d}ZYWOn(>&ZI^MV7tC@@
ziU&}0{tIdi+_Cs8GuCCkva?9jp*m3G7k6E2)Q8jnR0npVI&=ub@FZ%=9%D!C{|_Ye
zgl(=kdt)N<BTx;@!o;}P%6Fii<hbQ8pgMR9HRms|5dMXll6+U)NER`xU?$>CFjV`0
z1PKlKcua{iQ8(U<+9rEZH@Il=+o-vHf}8QR<yT&FzrfglKN8RIE1gk2)D-;jn_HxJ
zQTc}$SNs1d3C;Dtm=oh&cQ+`BNyvYJ!Po@Vk>;oo>4xg~aGZvdunmU)?w))cs-u%p
z?a##IxYF_m(bv#lAdwqyVF65f!!=M1HFvd9J#LJ;VGB%&T`(tWU^Gr3zw-|_w_n_J
ztGf<rB->#M>~4-Tm)>Ojvr(|0fEL?h^F3-&hTd}Vbf`Jcf%&m8&cp7gj>W(2OoAoI
zr^I5|5Ov*5)OK5pS|eLgQ@iiB?|OKNfQIx2YSFy5ihrS2Ysek@MuTb~AF9K}QBzVG
zRj;Ah9yPLGTYe;}-Za#dEXJs~$|q5o#0D$)8#TmH?z#%`P*acu6;EaP%osvG7e-)y
z%!th}4UR-j(K3r4K-IsG>d2p{4*GwS(38Zz=Y}c;s%IHcPnrd_2=iblRzwY5b<~a8
zV=5et(Qp~6;dQ7R?nAACL#TF6Tl^MsU*Ee=qB8}rQ8#FL-@Q;epr&LXYG@~8G@Oso
zaXG5t4XCxU%i@<%5A-`~#2%aPP-`LNfom@w#?t;zMIsXgnNdBifvQ*+)#DbZC+=fT
zM2*mLER1V$FWyHzz_N#~V{1_lupJdYg?fMsm=>>L2>18?A)zM>e&l){9|LoZ+P9f8
z3=3m)Y-F}Z4RsfD5UQOCsMY>GX2G?neg6yU`^0n9)Wv<w_-m15ClL!P;$W<Uk@z#l
z#^68Q$izcEd16e8DN!BFg>kSn#=z>R>l&ikZHIBNC#wDs+=5g7Wc)ScUp#R?G*&@X
z=!6=oftVGCqv~z2_*M)izZW$kKcI&CNAo(yCI1pNb-_>F$9YQBi1ox;IP59ouL_q5
z6vU^fCy03FhAKB|aeawe<(*JZGzK%^bks=fviv#BLH-TuLoDNS*O9`g2dan~i5jTu
zn)xKu;Mb@d4@C{#cvQt%=5o{sY{gf&3&-JlK4IQsk(bOX=AlrFHvF|)14U5nR7H(g
zBh+GSiq+9?L!ugqZD!Oru0yp^PuScXf!ZajFdWZY{vGBdA4V?%PllS3W@dZT2zJK=
zI05y5^IhKe){xMm+J~C6!>+))fcnt5gIc{GQT39)b3YZQ#wg@#VSKD-`Sz%GI-|ar
z3_x}0Ta1U_S^08|t^L2v3JzgvDqOG%FHl1j^xpM6I>scQ((>V`1`D93@C($os)gF$
zJuw|lM~%!5)NVV9y3Ze&p8NBw2(}<(z|L3;E8!2=9Ao|Ee#6lj3zDCNi||Kmgq{C(
z-*}Fr_IvO@ZbTwc9WIU<fr_Y()I{x;=I9S6(VK*x-~;M{(0|<`N`P9mnNSVnuzW#G
zMZP4a#-<h@gnEDx*cM;lSZwgo-S{@Dy%!j`-$%w@iz3tu3KS$q&1D#dVJ_4Z)I{~T
zfehmJ1*m$%g4}h}P`hUiYVMbz9%QSP|A1OM$5D&#Cscdag8ZPswt7ZD4ZKDT(MQzc
zi4*J^3`6bb9H<+Yv3PCN6SYFkc_&oE6L1ACLOnobeu7PkHBoD(gW1m~p`MOGH82hJ
z0@;S@@m<sn9;2q<73v26pgNK;#N8l0YDlx7Mj$`xNz0*bSQArXOH_vjVP^D)TZMI~
z3-+NpbP_+qOQ@c|z$6$Ws=GlNOhG<7s)H3!9juP(SOc>oszU=XHI7A1`ASU2{k`2*
zZ~^tiFRa2l)TdQUek-YlGohX^C#r#>sHv)k>9H|t%DzF}a4Kp_7oisG8dL{PpxSwW
ziM0P;lhBjKh!zyshT*7@sBN}Db*w9@!Ct5v4Mq*^WK>5MVg+1p`FE&Sc4&0hfmo<~
zW-~hmzW?VTp@vFhV704&d;`=_wm18shI%Y&M5bVN{2tTb2~-CkqS|?dTC{(e@nX1q
zdQ`gw(AUsaAfY+#jA~#QY7I<4jl@iIDXIgTFdTQGrs9T`zd#M`N7UMg71Om7j_P1e
z)D%=lb*x*=AV2UV!w6&|Fdp?z--5dF4%EmTvHV5UF1d;7KuD~hz;Dm8pdO$(s^LDU
z5gLbV6mJ@83TMW49h!%FHLr}#{%=p>6oDd`kAH=o6T6#>Fc<j?sE$O9>lS4a)Dz{#
za#$1fWHV9Qb33Y|r%=1*32Nj*;yGiZrZ};0f%K>+&T9FBmM@8AiC0C<=@itH%|h*t
zMW}}NqekEuHplCz`X%D?Kz#6*$F___pM>tl*AoQ=K2`lcNoWm(@?O<0$bvbrJgP%q
zqgMMc)DzA?4dqtU6YNI4SWZ~{4r&cOGGAN#BdSADlh_C#dEZM+LJfUp1z9jT`P^n@
z)RVTxY&Zn9jn<(S>1Ldb`%r7AK~gtWO;GK2LDe6K>gW*EBAtVowf|R;$W7opMq<=t
zL4hA4^PpCDPt1ZNup(|ijo1g&B1)Y+DDX|G6e`~qOX3*R+@HWOyn$LXK`GqYNQ-H>
zzgLEYR&y)V5RXB<u~w)89<}^kY)L*OrCVg}P#qtLTBPf7CjNm1u>WW79ly!^6}5Ik
zKX><whyD-(`ABHLZbvnE4z(RaQn`FK{DyopRL5?hp7dX=jA{A95RFI|9F3E4E~ZT5
zo^%HmC4UvQHj;(8H)h%}_P^#P2LUa<yr?;?j_PS6)M9Im8mW%h1|MR6te)1bjZs*K
z{1P0CA5b?Mk<LxoL{xiMP*ZvnlLzyLOvnD$evcFGZd4o_k}r!|Jo7QI*v!qShIXJ9
z(E-$=JB`|g=dAn+YX9FvJy1wSxBBBDpL$+W)b7gelhBQdpk5r6P>ZG+YP<ACy?6$q
zMrb_h-Ms?Uft{!)I)bWq*~;&sw(UC{gt0QY8;(J>KLhoq^w*G313y@W^Qafe@2K~{
z8`PK1j1lfhnxSsg(enLK9U6hU;S7wxm8ct?M~&Eh)Kor4)qCsmz85pI>q&ew1M1_n
zAZm!pqZ+D(8leuT1_z_|^C;BfU4$BuJs5_^E&srLZ3bm=?Z&|nt*VqH)L<IajU!NV
znIF~T;+8Lq8mTIlZ;HCEEo#?v!=tzewfZ|`4f57wv}{4%GTe@hv1z3H*xrrtw5lJH
z&?5POYA|Ycx9{Vko;W*J#WJX&o{Z|)B0P;NP;2Gu9B$PQLQT;q)cfN*RJ+?TFx9Ab
z&!ex^dyj+`;Um-td_e8z==^f88fL=`H~`hq0vv`bQJ<QTx!eeJFy~-6@iUkOUt2yb
zw|h~Q$4KIRbF=?5lUQbfv#9*PmXFBe7GGV|1rt$=a<BO(<|UshZ&2X(1U0b^`N3EQ
zf5r-!JfE`#>J7RI^&*RtpZ%|fv*vd_ZGaKvhhrG7MZHpgLN(N`K#(^dH=sINy`Y=R
z{;2#)EQA+OYa&jeAbx1!CneO7&&I5{9t-0&pF~CyNeerRVJ`BmQ5~6qde!c?_)XNR
zPh7;kxN@LA6`P}W$pqAsEyi+q0M&l9qHfJ(M}4~HMXe>jDhYk)G&KjIdOQbn;v36n
zD(2>X2x@VSMXjCL<~(x|<{`ceRqraQV-GFw6?bbbzSH;8kZ44O?5J%w7WH{Q1vQlG
zkyo|%0JXm#V|09H29<C(iivtdrbG>Oe$*STGU|oX3<qEj{0g7oXWIYGO1h8B0jO=Y
z88yT^QQPNdRL5Rn3j7;2*GWscT~ZP?q^(ic4MI)XOw{$eEq)F4CVhkYY{*fXa_;Zd
zAfZ=ochrqWqds&dVGNv(nu__T4xB~Rdx+W%FHl3Bu8iBhxltoj5;YYSQS}F*9&m)^
z$DyyqGL?inu+a*Rqh7sdQA7G0YO%aWy&qzhbqys)U6&d))cH^^n2J~v8(~*mhk8M!
zD(9}tfZ82d%CY~OlW0Of+hQNq!iQF|czHKeWzDwOpYqYDZ5!naH@CS^FPyTdkJpZ<
z-7^%wz}2V+eTf>G1QpzfrL5q)Zzfp?sGuE&;a8|9os1fZ`KTMLK|S$#)LcG5t?qOc
z-TR{;YFD&EE#h{l#XB4|0;5nP`Yo2gRXzz_@DO#u6V%+ts^k_~eAF%|jCuw4LY2=#
zH9QZsMi!!`U^S|}{Z@VmwFr-*rsghcExfaG->d9;76nxh6V-4+Y=lWrBh%f=`=dHA
z6i4DHRLA31aU+)%b;BxH4?CmYFNaaP;uh)^9a=R|-}f4m(2xv5&HXIY4gW-aD!xHY
zMNl=@!FZ@uoD4N3sW20kLG6xCs3{wP+V@jXA3{q}Q*hS294Kf1T_>R%K1Yqf2h@uu
z_)B-=xTp?(j-|06Ho*a?Psb}*3?r($>)WEP?~3X`f7E`TfEt<gs0TQMfxrK~NJ2fk
zfttH}s29p3)D1&wxcnEW8#l+gxDPewNou-9m>IK^FM(Q|T~VJU%drGrK`q`CwcK?%
zG4S`lWl3l#>!KFZK-3#<B<cr=4X8zUAJy}8wcU_Lpw>z)RJ<<g$s42AM0?bTjzBHG
z38;~tj~a;;wb}owc$`2O-a%auTF33zxTrOd4Rv7w)DxDpcsJBy?2pUQ$7w<QuBa~c
z>DiuoEI#r_8UzLY7W{U@puiuk4`{^C5yWpbVgJV=QL$N2;IG!}HFqDIYmmC$3)B=;
zZ5b5!<Mc_`g?vb>puiuk_rRXyf5j<Sy>(FFkJfKtee!v@OB)=ICGiD5P`qtW;NP^Q
z^4qz0^c>V&oy8d#+&(DqSL?H|75TUw+_vd~8+jKW$Na?m_jjv(BkG&bKGb4;iFz@`
z8{kGT95n?wQQNUJW<tLO3C;Z&)Q8A=R7dt>aeR(ioH+;D6riT0q*)oYX6mA*t~pl3
z_E-`(q1Mhz)HaM96cqTQ_4;^-`+GM@e57F6;Gn=?tuJFrDv)pajr+R18nw8h4{?ho
zF6v3Ln<Y`Zpr+;9qTZB!Q6n)Iwd!}8XHmQBULfz28tV3EGE_r_%&Mp%Y+?C6s8u@-
z)q&OKUMoLi`CAx4`D@h3rXJ?LCzM5vKzr2CPsMQEe>Vwzn*D*=4e^G%o@YaSYE?kJ
z+1gtC8&thHm=SlHH&FGWjc`wx7WIXsFlq$qSiG}20)2f|nnyw(o10M;PntJTL-ih2
zFX2d6p2;kZ>R=tz$9GRu$L3=g?y>UUP*d@jl_wkJ9ysqP_P>UzB>^=s4)uoHj{2+h
zB%@u&5{`F6mIbvIYN9?9>Z9HZZBdJ~oB1_rF%Cja=?K&pm|3U?T7{azL*rR&s(6t=
zT>K5y@MEj+!Sb;uxHnr$)auWOdbj67HB{E}bx|GafEv*rsP@L9cGpZ)M^>QP+38!s
zVbqiTjOy`K)P+w_7yONCAkMdL&Qqa2E6Soi?JA%~vJPqr2ctSL9joA4jKmM9_97;_
zsq+hwPy_YM)~FkI$1wC!i);aEq>iD6`V4ALFJVc1fodnuBsWqe%_^w&>RZ08<$E9_
z<$K?dP*2C8w%bC?joUFTK16N1*puCdQZ^hwzAmcXdDMtSo#Lh>1?q*A4b@(L)YMin
z8=;22BSz@^e{T}{)S8Eyf>o$(w87#hP(yYJH3Iig4L(IZ*}tfL9($^*mmBp!WiUN9
zLUqW;FdTzg<f}07`~T>CWT{8V%yg)ZM4EX}i>i>7mqrbBRn(eji0Vj34932w>j$7Z
zJ_NN^rdWOk>VcPI;O~DnlTZf^nLnX!cm;K%o2W(g6gBsu(_MKS)ap-)x<10<c~C=N
z6ji?_YOORtb-1@VVmkX@Z>Z@6^r^G~wXM!zI=qR2xt-yLGzA8>9cqfoVrURQyrN!2
zZN76K*TYaZK8kvP)2NZSiUskJ<ulA=|Es}#GhGKNpnBL2^~ItOYA6Sy8XAiFaG8kR
zaSN8ljI-QVtPWU|{7O^@@8VGOX1jKVq1qjTS{vW`B(#_|p`P>rs;3t%eit<ruTdTN
z7xe~<^}Sn+8BkM`4OLzSb>r%&dL2=Vb{OhD<4{vI+v5IG5_-3<MO|<Z)!;SM6uiK?
zm}HKd!_KJ1HX2nv1NG|OiCPPHP+vseVj;{n*L^!~i~2sX1T~_!kdFD@0}`66=co~Q
zhkBCO^V}jzf$DJ%)Dsl8d_~LGHd|rfm5aK5ENW`MLoL2lsF6Kt@ynP}`~RU8M4j)R
zC@E@t6hhsw9O{W{qt-@CREK+@wpBmWoDM?Wcqrz^i8vPz;yxB>^962X(=2iw%a4J-
z|EWkqH>_p_4N*hc1$9Fo)scy)8_z>c*;3RK?LyT*iR!>_s3(7j+J^sFd7{N`ErnxF
z;@Qzx!_7#j;jXBT^hPy21U2+iP;aogR=ynbk>8AA_y9FRF_*XwBuCACIBGFALv^Sh
zs-xpk?ay1n{#RnXRrtXQE}-7|w^26^S?We2E-IcHwcm@QhQ2XsQMEwrmUgHcePs?s
zjpQ`c2raSr#-+Xs93r46KWi0##r)(Sqjp33Wp0EDqdHs))v=nW^2TOQR7b{Q6y|&q
zYWq!F?m9XL)v<-B5!>vO2<&^*D!qsrs^_So4_V=!C?4v@$x#<(wtNB96IDRXbsf|V
zI-xo^$jV2duA7Fs-y&4U{B0yuaUW`kj-#I77t{sUu{}OU-Kfq=cVSCZc}LVP=!+G3
z;(@5|fJava1^#IL7S<tOdbJzjnRt%;668L<_w^e0f*6RJ(_I+o0IFlxQFDABwZH$w
z>=<>e>quVI6Bk9jz^b7Zbvsmtzqb4^RJ|z{UxM+p|2LA*&>paY^XBj7WAi;~mxQi!
z4aGsteHv6p^P@Um5;e5tEnf|_C~KqYH9?JBJB-5pz1|k+hpIRV)ze9+jxDnIW*kX=
z4_3o6>)psq!5rkj!}@p(^?nH3;9h9?P*YnU6>pE~;2`wX;}Ik#;W*S2e!kK5G`$&#
zde;{~b*v%k$vazq7;5)SM|F51>V}&z@R@?zw%4#E{)JlPMK`hkH56ZNay@E-8lpC+
zIq!zr1--1?H%Fm%%S6-*W;LoqM^JPAD{2iqu=qPO-e%Sgi!>vu19i5r|8-&eEp8F|
zs1EE!4bd?S!!xLkKEsaqFX{<9Y<2cSZL2Y;>*u0|dbySFK|RPR%U?!y@SaaXbN&YP
z%KV6$l0w_uP?j*OV<zG)P*XGpHRO{}-=OB8ZoD0}OAerJaK+;HQP;h|&G_E({@U&C
zHyB&+M+zc#1O@(T{RL_Y?(B5?`ynd-1l90M)LaMeavvs%P&X)xdJ$E|U~GY^-x@U{
zJy9JWjnlOMr;%twAoFhb<P%X1O-J2e4r&ptwfs@k&|k*fcn=F;%02G-ny9I(kLqx9
z)D7F9MyfmJWDShR3EKaA_qw^Q%!jmAcLUT=c0w(#-sVJeC1xXj2({Rrng5^`Wz799
zo)I<Yc`!c~$9dQr)v?4sp!R<X5+yJ-7Q?2f3+JFZv>dfYcB1C?AgY5`QA2tgwPxO<
z>U~5l*60W93k@n>2-V@zs44jpeN}8qLUu+CZGX#;MOB=Mnv&(H8?D32xW(e$K{v$F
zQ00kGQ;@>qX)Pa#dh&c2frSsU|1*+kML;izv8Xv(g^C|RUGNyyk>{umdWYPT#7B)(
zD%6c5P*0j2wFnEKI$jkua<x(S>5TfU8Gp!kJzYgW4R1o-@E~f4kD(emXYqTeA$*LT
z@jdDWZ4bK_N*C0We1jU%>8O!djOy5GRJ&VHYh|Br1y@lG-$Jd{XXf9iCyai?HJAuh
zo)+~!h(vX`4ys;5REOK3o_K&c6*WSuu`q7Lz34wCp(j{%)b(s5>IrtE;%8A$a2eC$
z@2DFF9djKDMRhze20Dh?wviZy#Zgb*%xsSu>F!S78$v=uH5s+q=VKP!h}!qRqP|eP
zM$KKq<8F=QM%}O~4#ox;iNBya6#Ap<Xd={;Cr7>NQ=>YV4+H=GUwIOmliH{Yo1z--
z6sW+@fT#;b;1-;L8iC3u+|P{FQRUrGBlQht#nGsGTP(g4^+r5^8j-`8*e7vX3A~9~
z<!@1Q7kbito~K3)Ss$#0qfq77upqufJwUcoZlv;~7FR9QD({ARpb3}(XQ4)7ANmSh
zB#{F@pgzU2oOT^4j(Vc1s41$0y08_h!TzWlk3@~!Bvie*=4#Xk?8H~N569u=pMnB^
zv|i#2`~NwC0%zT-&3w+SffA^OYM_R!8EP@M#Ol}qtKlv)#(CGF`lttLZH__hl64r4
zmn{D`<|Lot0{cJkWEb3=v@$!RhOjqkQBFoZ;bO~gKrO0+s3|*c@yn>sj0dR28|7zL
z?{mycJ{{`Yay`_VY2;g=GpeDlP~S`x*CLsMn)~mqd^M^gyDWYT^_!E+R{jPxQc*9u
zj>ks57gAe3GpfBJs44U-lhC%RhuYtLFdfc9jm#d@EBOTKMt4xZxd^%BzJ^C&XY%#1
z5+26p81J&H_Z4c9PQyib8XMtPzXZPU_}(cJ+V7!P+>qo#^|&-@1ge^KQM;rW4#!@o
zCwPylAN8tRL-A3IHY4i#?3OQp+6^U857HzMXa5Z(p(hxQZSgsd#roIW2;4$7_#6W_
zM6HRazq)ub)Lf>)FwBXXf*Pm}*Ox*3IFG6~^f!0iRE(kh|2+xK{ZiDEY_SUaQH$&t
zYR*ri8oY|yR!>pe?-gpQ{za{w*w<ZqX;9laJL<-zEnW-tKrPYNoOdLlhR5RyT!?yt
zO251PUIVpg+M9h*9UYCjek$tyu@%+fJE$8xLQTO-RQrFUI+EaqYd_r$_P>TSGXaf2
zKGc(zMcuFlYVox|b!Z@F#$i^z7FB;QszWDG+x8;rMfDu@X&C(v*M4f$_KZYz@QXiu
z*TXLfsAu)f4yX?GM=h2ys5xJOdiCzI_<7V5KezI?s1K_cH(k3KQ4g2{b$t=kR8>Xo
zqDDT6z<x*Fa0+Tp7ot|{YE%b)L^X6DHK(soPa6G}+lCoX<+V^F(hSwH&Zzc!pzbpe
zHL?>?9r5Rrs6b+^1>T?*SIBMGff%TKCNmqVqq$HGl|)TVb&J<SjbvN14{E4Kqt?PC
z%#O2=_m1x!C!rqRM>X^U^@Q)uICoq=Evn&ssG%#5n&XbB>xZD$z&O+h%rF<DI<Nu5
zaR+KDt_RB5f6qv0=>9=1ju>}cL+Ozodf8D^Pz}|wE~qCNf|+nEM!`*}8*f96%puEP
zK<$zns15|*bH6={z@*y$O-ZQX-l&GhU=&^$Q&4j_<G$<A9Mr3MIkv|WSOoJtaGz$~
z%mtW>_&HQZqC9kqG7;*5a$-5Gj=r931_|xYt*D-!Ky91HsG$pf<cx`$`-GNHi+bYB
zmd|hb;#ih=Wz>{TLOs}bsNJyu)$ZO$?0?PS5dzKeSJVZ?9`i(e@R!B5j70Az?#919
zbswvbP-`IMncD>sn1g&-REK(@R{Idt15QJY<Yv?Z>_oj+jz44ntKb#^EushJOH}+H
zREMHGw-G?)6QUYQVetsm=Y3AIBI-$7Vm9<qyJ!t+k#5A<xJLzAJoR3<xoU)JxD)Dv
z{-~b%s6{#(GvhMMjb||uqr7xKL*_!Q?(UcchharrhZ?bWs5SKYEB8&wFF`_q)>slp
zq2~TLhT(P8qWOqg8);s<d?^ek-vTwnqfjrbWmbOJ^0%=i@!&UZjkQ5_yg#x?eQzy^
znFM~v0@(Mhd%_LoRn+1MdFO5z2ZxZ)gW9fJQ4O9!ZO7pEE}sRzA>RbmvFoS@{TnM|
znhzQg_FpFwqX|sJxtRPf_oUmfDEVJdYa_|u?v<GaH8qi_S8#6BoK{11v;k`Ev_x(1
z_SgpRV}7jmk6Rlfu#PG$A~6=<p>8znUpHqHPz_#2&FKx)U#-8uoaAE#1qW_a6dRH+
zjaoZ%F|gRoji`3Eq1MoT)S5eqzV_i6t8f`L$2U+<6dW8JSnY98pL&T=+bbLDMukxC
zjS8qW(*(6UdZJ!D{ZS({7WL|0hU&m})B_y~4)y~TFIt5=sD1ke2VsmT?uMgKH<*Tc
zQ?5cau+PfRqTVCFq22?pP+vMTgt!N3g6dFv%lAcfXjq8vZa9rV1cBwK8=XZB*<I9J
zK1FrxwdJEnbsdRorbB(4=0}ZCSyVeUP$Se1)!snVb{>IRybF918j@WYhDR-b&wOcq
zL^T{M)Xi;jRD-EdH_nKf%Dku!7qxt8)JRpbd}Gvgtx>zi??U1zi3O<D-!58k;IG!B
z^7m8A$Zy5Q*f>UT;B$K?YAElc*2p_lgHd7z2i_C0QBRx=t70kCP)|g4YyqCeWyo6b
zy<V|`1FL=js^Jl+7tVB4!&@;h*QkciqE_!6)FOO<8i9AHH(Y4!;K0v@Sug|neyDcl
z;V@i|`qa!CM<c-gYZplHYQ=C0PGc5)Y5CM~g99I@WigWY*Qi(U63hQ&`M)inF`ip|
zwNdpapcdtB^AYAH|5^NCFRS){brN-OAeO=NSOJqJa5h7|LRX;PWU&&uhBKo&S`Q;|
zD2Cx`)Eo5_s+~58f&+iFz7Ey#YKh%c_C;TT<s=H>In<(vl_WUuH{iulLp~F;;#w?>
zS1=<cPU<XzxyZLfbz~aqRlC>XH&ClSVY1-Biz^cKsn|3b`(N8+905JqLM(^-Q8$Rn
z>rRU%8|vdVH)=6eMt$fsHV0q>^0P4~zOsCH3ODyYYHf{1t(}?XoD}ST1r`v<gG;R9
zFQ|^)xBS1T#TGZEGZi)>pAEI`Mx#FOC!t1iE%K)J?xD8#LyV4Z%#WxJMfX2*ugK)6
zq0WnX!&OARaGKx%{0h6_W7I3P@#n$r(-Jj88&E^M4YhmDp*r>)^`d!?n(9QU+%74G
z8d1Lm30>G9HD}XN4eYS^FQ`}POVnpWw$!e?8tRqX6?LN#s1Kb97z3xEreY4N1E*2-
z?xA+WQ)C4A`~Ng<|K>mqQ8Cn1lt*3AAN7PoEk7EyRwki3u+HK~P;bc7s1dq~S}Si*
z?}un%uAL;P>psK4fB&1CgkCV^u_o5XuDBX`LwPCFx(m~yc1I>`jtx<}VmH>pd#H{U
zN#{nYl-UaV6CZ(kA9(5A)Mm%P-~W{&p^w*gsO{t97q|lTq|Z<z6E}lfG|5n3OfsS3
ztuYL{pq}(w)JV+1a9oLc;xnkJyo*}gX~Nn6dV%C4p<U1%wTfG#R__qh2n<IJ={PKb
z%Te|3q3S<E&3*KYZjr@7?ScZRS8#V!`3zLM-=o&Zyo~IBt@afJ)ZiYg@B?ZQ9zspc
zE!0|gZRP)<I_70^@o1=q<6$FAh#Hx$R^A8I0Ut-=a8$=*Mfh&$A|l)kD`GtgI-p)K
z2T;4>2I>_ZC9|vF05u~0QFA{7b;F0KPsNw0srVPw@z`11+DMF=l9ZSUOZp_VJ=&w@
zY$$5qPee`4BGi+fHh;GAYp5GOLEYdj>P7Prb>moBT?bQOY4Z873HHTmcnOQ4AD+!M
z&<fQ+CsYUep!WM%)KsiNt?pB(Cp?ep*l(z*yN!CG+(+FoDAMK2qHf#->*8+Ilqbv{
zScLrh9}?LK6h*DhPN)x)C8))A3AK8Y=5QBAqSizy)KJz!Ev9~`H{3AP&k<`;i|`Jr
z<7slb5e-MJmFgH(pZ~Q;=*b(P7DXG>kPb!NXe?@|=b%PnDXQKP48xnK`cZP($1`e#
zGNZ1`i+aFf7VnH&jD2u9_xA>p2*M(Cvl5BLoHa>rq}ET2?LP9qldgz-gnNBSKc>D8
zeiZQ9k-yD3hO}<95kDPINgN?x$^tv6r{gMTA=>tvk>GoR_gG`Xv4dbvZeAZXe0+3!
zB}wZ@OuR6sjsr9l%i=}J7w7y)zKq@cKIPl3&CJA4S^8((Mx7_rFR$^hZUuVv_NDQ-
zmfuDL4~XfwLwcDtT!M1FcGn|o&8tgUf3Eu#2U?v3*0FHnB{^r1pM$TdbIi)}k>~mO
zS7`+J#iaL@6-1@dr(?e*S`!;@@o>9I85&5dlR7E6HVw9?P9JMWm%jf`x}shGoKENG
zoUT0g|NoAD6zrnlfJHNquE0$ea8oU+Plw)eO{u$rvR9<<lI~8rKJ|Yft>Xn&r30lb
zuUL2TS*SCN^Gnixd=imdm;gIb@z4MC_&4&&xbYlfxj37XZ$;hz9x=(sCf=0bD$+?g
zk8;ghVw<qHRpvLb-fY^KL;gBxe$(T%(htb#xN&(ZU!dT7&W3hDD=P1#?7v5QV&jM<
z<NTEdCX!FbnaesgmiQLhI!>$+P9r}Rb^Ks;(sP~O7w)j}KTf5FT=d_g3Yp|~QF$x-
zj(XQ=^wW`!#^!M9XlHd=SiU#*u$!xVpj|f;^U&@|Or`(+_6V7gR6a?iD_k(nZW@=e
zY{X)bk4t$$^0ztpIuJOz5(~9-bK?0q|9k8pqZbvwNcGBcv-Ws^whmKIA3nRu`%CPK
z(liv6!ZK9Uv6eF?>2>%A7kpujkLIGwoQcTCP+hJ|!*xAL^7~5ue=u~KvP0GmZ{NUw
zWL$^X7|wK*x1+9(M<IOJHnu0wEASSljv<`cseFVpzs0JP{y_XB`L;B&hx{<o>u|Cz
z;uzuJKi!$yy>%kZZANP9;8&$yAG%Zw=X0(gy#zCGKB9#|)ayrD#{hcNko+3rzgX`I
zklssqQQ|rAXX^1KB5=f~EEef5l<mURID+>5<@_V7HL98yIVV|u4P~E>n#4Ym*O$N>
zs1Iho;dt9==+n`ZI{CO!bKJ?<kAl>c7o^@Y;yMQ4dSbh2qnG~M_E;p&aq8GaVHPfY
zYI(($Q8^p=_M{J!-awtTG?<TkYU-9H-<$k6)X~ixLD>fC$H&*i3Q*@f?Nq=4uBz8B
zD&w#Jh@%aGnG|%Q!X5Jbp3mFP`I7i18VTdn2fhw|uj`HC{B-C$Sg1P8b+f6*k4@ev
z(w~k6#1fJ}#JPj(wo$I50@pMO{I~67J`h~U*@E*i1xK-3pqhSD#1qrV5aNxAou;e`
z>3*DF(O@m|pN_Pa?#DHMla9~1leCU04)4CzS<Cf)Yl6{fWF(n-RQ#2~F`O&8p^k4z
zzv0|O`JXNn_-B3o`LE@xQl6js-_uSDd`bRC&fS#fq0J7&^@Z;{%64$3B(GyU_xJvx
zVla*Kn@#UImAARFz!$P^lzq<`g|gbz*-v>&$`6vRN~|-DwX*v9K`se-9aFI-<#X{N
z*L*rgljfJ%UKHBYu{;X%{{z8xRGdm+A%*oxH{u35j!;qG7<I&?-cHIoP?m<1pHRGs
z)aQrJz%j|LsZ1RmHO$X&vZcSUy8MJ3I4=5jQ8gMr$2pBt#}FF+1!viXEl8iD?p4aC
zat^Tu22fs{{64$xA$9mUz>7w_8f`qWxY|rcEP~htyH>HO16s$J`c3P=-*{ajzJgdm
z>U=uNa!p3s_?mY4IV5ltC0&JdVa{Tl`N&tIPHob+IDfJ0FA^KiIn){prLDrGw-Q@J
zdM0k>+LdbiD1n;<dQf2jwj%iHI7fqpIJa7?3^)07jI*2N!2MRfg6o5+6G5AwjxZ7<
ziEqbwl>JOvM-8q!toKk)g5}8!qLD0IIFWoW&ST^=Q1Kb*a>N^OVO7i>xSTac`DetA
z|L0~_<Sn91$0FLj!}Sxe8}(w_&1;)4wGPKqIEPB#x@!Xe>_JS&PU1B=H*#?~-Ow8T
zj`FWLOLImc#*cDdeCmYKa6<Cc-R0gOyOCuBKQmnUl)-7A=C&9YMG%-zBNu73I}Pgi
z7PnAVi`YHoDL=@`zd7;V1ZuEONPjx`_Xyq$>NnuLz<GrZ=!et1xRi4_*T$nxBaBL3
zpM!y8DK~mSsx$?aNVic3NDrryjufQp5<6x2n=~Fmei`Q<)`7xSruuz}e`E2d#KSDD
zvN2q%qev9)-<HHs8gIu1#VPpkpGGEI`Y7?AC{OU8M($E}j2Qn0=6^>oQZxRS<KJ{s
z*2VIxNr#g@$#s?SH_j*gj)DL09zVx%E~OJX>QS+&r4w`GxSX@N(Pip9<BUOBNBo+)
zX{p<vb1<>oszcqZl*J*P0?!3nWK>Ca=1fn$q!wE(HU5J+f2NU7M;MLl;rx=y^>DZq
zWFp;!dh=-LPdrP0HfJyDeQDS4<HkP{%T1jLoI0jsd16aRpGF;#reBl`OA}aU4XnjX
zT+omTDJ+(mbbn&{iB(5g&OeB~;w(j-Dx5<(9}>Sw2X5n6l<nr4wwxiP2hz#z)CnW6
zgMWMLHP+8~dAXnt=RX8XP%$MH?~$)gh2N+=kysMapN{+_;t?BWfj_AG1$q93wl|;p
zxv?&7=y+#0t7Q3asrN7S4|2ML@z2Z!aVR+azaX6<uj4yM;GdT%FJlcVkefQqt>Gg7
z>7dFAQa1EI?fq%(eb4p5oT1d;f*tfd<g%{dm_wx;H26EQ8sz73W+p$J%AZ?fORy91
zoYZ|lx&W>suj3eJdaiw8oykIeJ>_Mo2Z5ss?M))ZZ|S`s2>NlTe1MCpl38H2{<6wq
zIv0#0KA#KzCf|noNvW@+0A<-JOGnuZ()`Xg@SE^z#Ex2>Kt=n<SnBn+bW4n*{r}&i
z4UOC-@TCQZ>jF+4U()DA%5@xfc>Hq2yGw^M5syjwEjPWyxtO}s$$xI0*kNs4p>A|y
zo5}Z}PH}w?T}EPzH5}cnOvP_VH=}YR(tGTNqlw)jy@+@Ni~UHf9Qj+c(}lV^PMEPt
z_ogg0=XKH(Rmd@zx;l31`SVcukX_J+{2<O~Tre6RP_a2@RC|JU)YGrlbZn!}Uz{B&
z`)JqCq%)l<+sieZDcft;^(21HZW_3le@r0eC+EVrB<>IxPvwJF`a2#X|1%d2q#+%R
zsr!>ldgra-y_6-P&H?gMC?8>URjnfJ>bOPhIdzI*V$S!(Hgir1{6Drx93+_6o`7uN
zh)I4l7eyl%i}WI#!cCrG7R(c<#Y=|tUT(A;8`Dl})bWTjJJ)>`$hm*~3I&M8#~|t@
z<Zn#8j@%>{!6%&Et#W<RhphJs&E}lT1&J(n&FXz(EA@3`rL6{5hrgx>{A-&P*wGbx
zS?J*Bly{+?j%AvE9sDBG%WJ_dqzhRii%9F(L%yV?zoXu4yP+%P9YJ|ByZ)V77&lPw
zFS|~4f29Kz$xpWH{TNnQmjeBYw4)VV;o`1V7L8bG@*An6V;J#Cq~8#mPyP#TzMoh)
z=PKgioD1w))nCauoi_4Q|2xWVaQ5OHq~GyOrea$P>QX5-4ZSBln95hJBj<^~rcMRy
zPuaTvG)%~&9WOTV6C~!6PDLAMsWY5dB(bdIo8Vd6>q$(<8OrMrAFKDzj}(@)o2f7!
z1sSd4Yw`^!yJ0sCp{%(oaa<%;#OgJ{6yz^ax4bJ3{4+Ui=e7Jk>a3!CGi`i2Qt0Q9
zL0tF(n^O5GB`a|?`ANk2RXl%!!B7*^@s@Kx4ICuan>xuUKY_K$w<ld9P|N+}A^9-Q
z$6Wh8b##>E9LU+3xDJ0ejpd}mF<i%4oQ6)gGOq)bl8|0#7cVsr6Z?(yEG%Iii{!db
zM?S7ANLxCzz?+c&(aM+ONy=studMffED~E)0iV(6cDqR;JV(3$aUEaVjrv%_FDWnM
zio80c#}hwo`L3h~Q@<1ER;#~+I@f9M(@~JbpZfl%qbLPWs8EW^W5|yRMEMLb&rr6|
z8cIXmc|1iq&Jb>JgtGROjV7Low2nUZw8_bDAwPwB4Jf~WI%beA!8L*3Lv^Fl3kp6`
zu!P`U@}F4)+sNM}p2_kPC>urW)A51)JkH+4Qq!o8d8Ff!u0flF@gJ;79UX~jXBO!u
z)ak$(c>d!AHc+t`f!dtaNdHA_F}C8=al$N20~<;I;llhsn_c1*@o2=qu=q5KTh?n~
z9cXPMa2`|W{++mR2$_V`ykxa+5{t^IW362<jeHu?Noi=i#Z>-|_!=ebC}m}n=)mWc
zb>rN_Ih1%XMp#Eqlb)i_e;w7SoR7dPDlO!!MWu>LQ+Ac7T1r_h()WmMpe#DELYzAK
z;31dvW>W7g=^r>p60i23QTT>yYjAC1;#;VvW4-Qwje>^OSRl$jbX^YOeXXM6n@K06
z;4JZ9I2RLJf|Y1A8}U)Ju~ij022eMW{44x{GYR#+q26j@MM>*uLq72Q|4>24dQ<5P
zRGLbKwp@?{dr}r1pOXJ{Odzq#uE|B&b*`yQ`7>e@@EvCav5|Bx8BVAEPn4bKOv+hV
zpa0dlFeeq)5b!x;aQ;N>)3J%NRKy|)?4zNt$X~Vcs>FhcrMG+t^-7XnOiag0^1qNj
z$u&BPa6TkfkMe<m7|%bO#2I?mm$NCAUs>fSRMP8tEEnh)LHr*1Go;^IYz?s-<YRDc
zJxoOWJ?C=LIuck%N^xCl(zz{viTq-&`CK>9QGtw(bewxR6VUJl8frnjj@_&tu^`g_
zTHSE2y+b}FcIW)o;z!hw9VfV9D$+re7vcKG_!Tjd-cZth1~S7qb(F9hDZP(#F8Ozu
z4Nob^k&G+L>1vK4T(^>RS{l;vrNz6Eo=@y+%C}hCBd{~Ea+KZY^vTb1e+0?fjzAad
zJxQ;ub)*@U9uUuq@o=OHImU6LjV>AZ=QZlzCRUuY7wPmwSCNj!4QrELL0ZRt%Kj!+
ziF6*EruF}pL`QBg)owbB8!e#1Wa2$Zf6c`~l(!_UqrMuWOveGP=|S12V*v3RWFFZK
z_h1{l?zvU!YIfqfae;pq@h?|>K}+8gSx5RkSN+aem)H!>IK*p^uR=?6t+lqq*IW7+
z>EoO_I&glZ?x!O)?On5cA<{bTbKN4^Y{|*t^MC&5JCrq`$S%%RR(ZAEq!#YtjKbN&
zVx76BtEIbAf0t`eO?cl@R*QT_(ue=kc56%jhArt>njmU4Baw&mG>!G;f{L6$q&MLP
z&I(lCo~wRPNRjVS{Sg#nbJXqSr*5C0F}P~X?LXBH3LWv?$ty%x{PQ-(_A9r7R+avL
IWoLr^5Bw0_djJ3c

diff --git a/geonode/locale/en/LC_MESSAGES/django.po b/geonode/locale/en/LC_MESSAGES/django.po
index d6ce030a65a..1e094b47828 100644
--- a/geonode/locale/en/LC_MESSAGES/django.po
+++ b/geonode/locale/en/LC_MESSAGES/django.po
@@ -1215,6 +1215,12 @@ msgstr "Other, Optional, Metadata"
 msgid "Responsible Parties"
 msgstr "Responsible Parties"
 
+msgid "toggle more Contact Roles"
+msgstr "toggle more Contact Roles"
+
+msgid "more metadata contact roles"
+msgstr "more metadata contact roles"
+
 msgid "Responsible and Permissions"
 msgstr "Responsible and Permissions"
 
diff --git a/geonode/locale/fr/LC_MESSAGES/django.mo b/geonode/locale/fr/LC_MESSAGES/django.mo
index 1103341e8455f922d9b813bfdc46aa9d53af6328..7c80f5526614605724deda336f4a9f4385b791cb 100644
GIT binary patch
delta 25409
zcmY-1b$As=+sE<U6D+s|2tk5|5Hv_|cZwG)Rx~&?NYO4<toSJo1&V8-Sh3;`h2oUr
zRve17Sb4v{GxPlM_PTgJJF|O6?zw07gr?8=hrv%D1$)<0$D8i(&x81mlL<Q%bex+B
z9cN8z)jCe0ZyYC)&v6Q47T0k~4Rf3s)HfgQII+|}$BxuD8|663@Yio0=X36#80|P!
zG20l&`GWdbtVDU=SjXvu@y9t%56AJGfn0Q<;y&s|gYk|t4G&^HZ1x?0a0PZmcY@<o
zz*u~sdSq<Qw26*W1XE37uvir}(66yCCZFs$?QtYF#{0M-rRO+hr#Mb=DxNKLoTQk0
zk>eD_A{d69F$70pVw{7ia4BZNtr&q9Fc<!ZDKO`cW*|ke9OX`!0GDDST!V?}-`T7S
z+=Ib*99aS9Jl4dkSOFszJ5EXLjCt`#Bxue_+>cF{IL;>wTk1GF<TA&pffunQhA$`V
zI25zuNc1$5#azhEm<A8q@)gWU`3Wi#saH5oIxJwViWw-kwB>%7jq(IkJL|0bP!YUf
z%a2h5a8|PZ>NtF*89+4ZgH>#~8Rntf6%|@P=D=;J2wcSoOti|}FNFCiH$f%yDAd3g
zVP@Qgp?JmCzg|WB^<b*itUDI4Hby--1U17Mm=S+MMc|mNziEAkX{k@M#&ObP9@KLc
ztW8nv^h7;3#@5gC?8QdZ2#;YD{)HM?+O<Rn3#0BgM9ru->iz`Gk1J7;x`_I`v(9l^
zK|cHt<T&F|0~_<RiP!>EE_jEzNXErUOoUfZS$fC%2oqBN8?`j=FeN76Xl9fZwS*;5
z&(*@@*bvojTYJBkEf2>e)KA95+W&L8NKM5uR72Zr`8aAo*H9zBk81D}YI`NyWCoHM
zX~-#nsxOI}SxroX^-!N{j~e(_sOLstZu)noaY2NfZI~2yp+b2KwT3TI14z8taX!QB
zm>+wg8k~<>nsunppRis=b$k!Q@f9k^LbjMlmB9q`?^NMJYg!vCU@WSk6{t{cw(dnW
zc+!@y*z$c;q+X*2`X7d1x~+~Ajrma9vJGn64aZ1agx+8-j&q?0tN&s`HVCyOlQ38h
zq8eO{THC$W)2Ps2M@8%*YQSl>nI*`I87SvM)t5s>tQIO)T5Kc!YOp;OnpqrbpAWMS
zF2nScx1#p_Db#>oVmN+8WqFqEW?(~51NzQ71C<Mltjkf6T5Iob*-rcw>b+DbDSkr@
z<Qn?$F{*)QsFA-$<w}AbrkofxvoO@>BTxf~u~tHLSO?Wl6HJHgQM+uAXCD}j%Kq`F
z2IkrN<*3lFM}6QBhT%z6hYzf8F(c*Ro#v&K6SahuF*`Ov?S_G<h)%Tky`@})Qt=BW
za2@9iDw{9wGVkkuP#u^0)y$wGDiU?E1h%o|S*Q+IViw$q8sHU-hmTN^e2$958|2;M
zIYGPGlT_rvN;n70<5et!nfI6het{z>_eIU<A5?=G_nHpEQ8|(el~XlQGj4_&aCcij
z6tyH1Fsb(cbS{*oKccd72WpM>2Oe;oKTr|6k9yACXP(Q5>L@#E$qL*0GMJWf71Z<1
zQSHTHb{vOIa1DmhzZ10IBwbe21Nkuu>!WgF2o}XjSQ7VRS^S9Qu=D{Fi9x6d3_~s1
zSX2Ziqe8wI1G$76@FDaxgWqk%4OID&^&Ki%f)APovZ2<v0ES^jRA^h-`ktsH9B%99
zp(eBzwM$N;+W!-^%N`vh{z{U!RA|J(hs^d$iSa0>MU6ZZqcJzm$L9E}OAeqyyXA-(
z*h$pqZlF56YwKU2A{p<fNy>Dnf#g0){1b3dj0&w;8Ptp#pgzzJHGsaTnGZ*W@OyiI
z6(*v*6AR%%RKssj?Z!W529gxjZU$87BQY3@dR%Cv<**pm!f+gh3eh6e0DeNP{Z3Re
zzCjHr<#9969H<V8S*xM$H?`%in3eKiRL65sk@uF`8=EmR73WbQe2MY#U(^i$Lq#Ov
z31cX#fhg1fOWXPyw)_Pqp*|M%TpuisBT-AX9f^?V{LY0&ehD?Q2lj!N*2E{xK(b*F
zYaW5h@~Gd;K#QOTRst2VS{T^(s3h%<io{q<jB`;FT81gL|9|2_AKVkD;2nTTDPKpe
z^<z{AzEfs^X;JsHpgtFc>aZkgV0BOvX^bhb4JwkoP|x?n&Nvd2YX3jxLLYo<A8=2b
zU62B6GUGIuiTka7cbwKZ2pi*NREP_nVGCnvR7c6qn)4wIYDpVlU;wCr^+PSOho1KL
zC@u=%Jk&srV=6q0I>GK@a{Lc9^JM2tIV0-1NK}1kOo25}OWMrVcd_=jj<ilWNBp%-
z=2M}DmSA8%qeglXHS&w7fnBxbyQnpMgnI53DzyJ$5GFlu$|+ILWkIzcff`szTVLxu
z@gGe^BP#0RAE?koULdSk03)$AHp8))7H^_Xwl}C5hh8-Gk*I-|Lk+wdPQlMm6TONW
z@Ez+@j|;8Qzo-V&T{0sriRmcUw&ixHweE|W!7x<EQ!xWBLhbMESONb)WqsIX6Nv(-
zft5iGpb7?Zpe`5M7LDu!t*xC<+ovan;&{}6mY~*p2P!g0P`UB9z3={Ep38s*NZx{|
zfwaD2>c7IWl*b|i@ti|kXk@1`9512P@-247gnya=#Gz(9!8#AqP+o(Y(H_*&9JBYY
zqbByumfxWUn)s^8iBK%5{hyr+tyN1@Xxmx)U<Bn+sI^;zT7r$Jx7==2$A4gYyo2iC
zgRM_;&3rBdH&UO;mQQ0J$`?`ZAE)+p!iOO@%$g*+X|gyOYK>B%8cv5AU@k0##Zd!`
z#SrX?J{*O5ehexiGf)Fxjk$0uevent>&QjiEfaxDn3?i5RKp)o9R}StNtPB>&W~D(
zau|(uF$RaDBDoE<q`OfQIE)&=2~^}RVIh}y%x&U7k&2vm&6@v=`zY^0?bng_%*>{v
zLcJOzaWjVEb?aMen*02;Lw$Z!l73;0#W2c!ZFveRH|F0b{>8aiLB$Vv9W~-_{xXil
z@|4G7Sv-RJV1fr`fT=JM<s7IS$cMpL1r_?bsED*jJ=X=5+;Ny4hk5qKV$_J&pw@01
z>cJz{3#gFavE^5&=X?)MN2xFY<=m(a^J8r+V(UHB5{$O@r(r_M-Yk1#p{-bhiohn!
zgWE7S-omUH{K%|fB&xm&>iKS{0rf@=)I&{ZGA71(sDUj<MPe<Iw4Sqt3yu5)DuicI
z9X&!NW0J>aq>-qG3!^%$h{0G5mHqW?eJ4yxxf^!J0jT!xq7I_RsHORY$+Z8|J~16+
zM~y5ms^KE2q$z9bn`2VS?Jx=UvJOVga118HX|{eLMo?aZ8t^&PbC*#AzJuxM-+8AC
zO#Re^C@+?xTnKkzH`ELwpP7LbLd~EQs=gj-Et_CAY>n!07$(DSQ3Lm*2EGurjn|+T
z&c!Y+H1liL`<R0AbF1^*G?WsxEwf-=EQEUbw7^W*7qxU#QTu!Ys>2ib4PL_h*z|=N
z(6=v$zeYNZ3MI!()JtYQro>IC85~3{$ywA)uA&-#Xz#y4Js*!_bQ6Z4+C7FE=qb#C
z?@-T$zBCcb`;z!aQ4vjrKG53UXpcV1-B6L~i3<7G)(M!L@*>pIt;c3~1Qoe#uXv+k
zVbuL^u>{UXP2>V9VmCZ4lw==K*&h1Z%q#|TQm%}ONM~F2Fcsw`SP-{h8oY-Z&^uHv
z1ivwnONIJ;R#e1_qXtk36-n<iE)?SC)>u>|`XOU-2H|(u>mPpH!uR|S(RN<`YqI$6
zTQi{dsCJUQGm#5JC1)0_kGZfe_O~8H2IM(u-<z3+TdShBO;^l?(`@+{EJXPRs-sjN
z%+h4F=D{%P3!@@b2Q|Ysw%i?+W8a`6H7Zcg`un-i%Va4kn|Grgyo5#Z8U|sSk0yE2
zqsn<u4duhsSQ?cpbx}Fc)ZULp4Wz%VABjpvzwT@Q|ICF#wHGz=BdCMo4_m&AYVaS_
z8YcYDY_l||{ayt1GHHy8%mB=YqcICE!W_5<)&3nUfN#+2&PA?I{Mdxk@Jqak`an6y
z4P<RQ{E_lpY@vGB4g4@V2erM<p|;g0)WB2v+(0D4Py@<|X)zi{VRh6*PWW6e@PSKI
zgivuCmA!9Kp>+9yPvyjz8B=2xEM)8Jp(fB2JK+Hwk5TbV$6HXJKY)P_Q4zRg>mSDR
z%*g+yBAgpR@!h~u<V1})O7cym0&0eh`71It*a@|bdZKb*0BYuA?EPt|9GZh#`-Q0X
z)}nUTKGf$Adt4|)zoU}qI;z3HQTy6WXgUr-)#pYHpcrcH%c2@?gDbEvDwi@Ras&H5
zCn|SJTWg~R+5+`?uM-zKNXDW@{0pjsUr|eN2-U$UR0QszI(Ur==?B!n5(S%?rbl&{
z6P1KTQP0=INNi&74?`m3Ia9dMh~}gA?+Q$Z2T(b21=Ya|)HZbzn*nA-4KO=uU{TgG
zsORgTa-}6|%?G27;)%9?X`r6{cYq7c{6e6Dzn#KNl%JwHNRq_NG%c#3aMY4TTPvV;
zOI_3w#-RrAEo#Q!qt^OYR1zOS4eTB!p?@cSQnS{nP!Y(51+XG2d3sxiq6Ru1)!-CV
zhjUONUyB;pF06saZ8<IfURFt$9W{UmTds<pZq(vJBd&*Ps5NTMdfNJas1T2`PDka)
zGE{`tp$5Dav*JC}023rP?W9B{b9!r(wS02+zZz~tg+kZ?wf19C4J<(A#!6HqHd*(g
z2Jjo^!V9RS`C#uSPhplU43#qxsCFu%2KX6j3A(3X|7&F5Q4xU)P%}Dg%cn7j^1rA7
zd_YAgIHf6vqP9_P)Ie%rG3<$&$P!fhJ5cSOLe41X5^5>`^ir9T-9nw=Pp~tlOzk?Q
zaUd4L&DMKZm~#3wW*{|D$=Vz>v;J5WXP{>ICu;k?M-4P3r<rzDG%A8#4SP`^l>^Oe
zITkhJUbZ~MmPcU~>ZhV|<N|7DS5X7GhiW(|#3W%7R3tvfFR>fyb0@HnkNtm^i%x_j
zUIsIOZlP}AH9QEF6ModL*op=5ENWmu8BO-5M9nk@Dx{TA6RCkZfSTI+I8;szu#O1S
zv;QV=p%G0(jeNE(FG4l6!q#ua!1n{|CDe>xU_MM9X0};rRI*jTIanK&L-$a*^AOeU
zJB&yFPH-kO(&VTkH4-DS7)E0o%#YKsJnlhdyOY_xep6#@ie<4TjzdN6EGnn|!JL?p
z-``NVJXXMV=qVW%a}kc)P)YO$Dp}sya;B^%yUU<L-41n-3`ae`z?OGoJIYs4Nmn7<
zOrS9;X~*I$+>SBWC>#4<GyN``nek>+GF?Y)r@wGGCeLp6@f1`<R-v}*Ra=gq!*zyH
zE`b`@Hq=Znq9XGS6_IK=U1uzI#rgO$r)Oq5HJ2OsmrWZ{N%9<Zl)giqkco1eBus`{
z+ep+vi=vXQENUq$V@KSN#W6C%<j9xUnDS5@k7rT+wD$6tHS3IO@MqN8?!XK_{st7a
z|L^5B9i@+Qoi8Y7MkUbz)Bwj=C!pGyipr%qsN`FQO72zm{?Di-_I7ZgP+djM%*khV
zLlV^MGBs+u<wbQEgIe2asN89R+C5*PvU>n(yN*R2?MqMt*^HXlUet4E&3(_g&4sf2
z73yu4J-_P=#bT(AH=;V)gE~qtpc;B;?|(oYFu?`P`4EmJDAz|#XdJ4;?`?SrYG6NM
zYAxCxF7i-u7S+)QR0vZSG$9W|MIsw&fF*7HXQ%-+w01(}%plaj$D-Psj*8f7RJ(gn
z2h&juRnpwyLLvGO!!dCoQ;xF6SSzC%u7_IlmZ%2XqB`!1TH^tzq#S0;qfrr?WXlUt
zpId>Rw$lbK4&fctwpd-*b$-H{(XO)$-(pK#Sj4>NKcYgKuc!%e8B~MSQRhK@)Qo#$
z9sCv*^0TOc-NBRiuqgXq$@5DwvmJJ0dCEso9RwFQ4ThpRD2bX$B~%BWqq4gTDmi<g
zA~6KD-^XKJT!%UFBdVS3F|IQbqhi?qdd>bsg(C6Dnx%v}fEr+4>c6(-AF(jyBbXoG
zp$@P-B~7^@syxh=SD}*ek}anyWs<bKwU@_5Q65-;QFsm;qf^>-Dnk>jfpe_4QAcdP
zGUlY4j2g&V)IhIb9!yZy<WfP@ky{_t&I4S4(dEoQy)#@CpyGqAh$?S>wrh-v$YgAe
z`%odzRKX0iFqWd+3UlKu>uywp?x6;fp`tloDx&H;pt64ka<F;M1}^eZaSOFwQdBZC
z%Y{`bS4MR(4wXFXF#~QvCDkd^OX-I76KcR&Dw~sY0IIwa6JbyllUqqKNc%ri;KFgj
ztvRs>59UE7VN2A&y4&&yRI*L8F2WX+*Q2&y(yHdnPm3if7e-EUryFXU_e2e3kfeWS
zBp2#v0_y0ThYIyCr~~FC>fpJFgYgyi#@^M;^EXki(~p=Hi&Zy~YK#hX3sil7)BtB-
zDE@$+vh^1(v|VnYLYtt5`CwMmyP*`SfmXJDC@QOGp<W`t+xst3M{$~(rlY*5gDM*J
zwu?d5+^L8fKwM4szeY5Hih}q(DiQ}!`}iCxRJTw|@(A^O)>>wU5vX#0)O)`eDw!Lh
z1~S6lpN%>>7oj4&4wXB{YI&xkD^w`C9-uz>3>EqWwatN(5gSs@hdt3l9b8XQpL>nk
zE${J5Eby7xC6loc<sGQ!Qq(aK3$ey{TnyqybJRXQhgxf2U2_11pk6+uQQN5zR>vWz
z86Utvgiw)tgk|u(tuIl}4ZKq-q9WQ36^Y)M3%#LSXvT|CYq}kk?JrRWN^pI1#1=(;
z+bx00=EkT9G(&~74VK5j7=$}e&+oSP|3u}&zo?x1i0lr}iD+QX=C-H@Mx#3T4wW>M
zP)jij)$kg7e?2NGH=^DNXHmIu*WQ1E8sKwV|BtQzge|D|HB{t0zJqb055}Sf&<jUn
zU(^iVV>o7LWI8N~O({1=9XuOQyW}+L=zfXeSo3oenXafD7>!!0KTuyxZeud~cb;;g
z0enCuNxa5pZ4zSy<wB_K(hRkBai|>eP)jroHPc<z1NQ!LREO74?cYZoK+jOQ@E$#_
zU2qdO@T*t3uodObSQigrSqy1v8fb)Spap6Gv8eq&2(=XRP!rgRn&Cdwz)qr;?i}iT
zxrCMQMN{^_DvCBU9oNAolvktH+}GSBV>;Bn&WB3U7O0oW_gEeep^`Yk7v^)BQ8`f<
zmF1ODxzq)fe0@+S=KL?%|74+ao(hdTMGF(s5L6OYK!v_C>V7L!1lpr=qZfwb1XPIE
zqB`D;3jJYJWKN@=e~#gptfhIrfX9XQadA}0K1Y494Qj@nZT(DCa{h>FXgMy&1IXB&
z?yX#B3?n|=+I85uPQA9~htCD=TxT5hrP{mBUg{5Y<ogDWj&%dSrtj_OY+kb|ySUCi
zZZyHlG#uK^ylh%wcgmNo)w;V*9OaET19SH<C*v;Ewo2L4{8emstU>uKrlZ|Vz1+aR
z>MhdS4gAvDUaX+~?|kJtzw%&3oP<uC`I&DrwxpP<kLy(9b=VV?l$*zxms7m4CW*3Q
zIQ8vN2iHhcBxj?RVhJkAx1e^@8B|WZ!!+tYe4NShqNo|fq1N&@)KXkPHF(|n5S2`?
zt)H+R<>2w=N4f4;jq(=MSG$k+BSwGc2L6ME^B6%yc297f+w||;pJ=`&AD?7?cnqCv
zlFh>+-2WDpMB6YsUdC|zfH^Vq6!TiGgvzBpsQ3O<TV8{Tz%f)i_fW6l1XJ1ndN76y
zeXt=axq71>oQQfUtwrsEE2s`%qdu2$nmGZBp_27;R68S4?JPol{#T5`$CwW@_|3QO
zs($vrJ}{gLxd1iNU8n{wqXzQE)~Ea43?Le{mQ7Kg^Q`kxpWlJ{{6*B~U)lR<r<=${
zqwY7F&i>cTdfSTesF^KCHM9?P#$Us1_!0A9)*0q~UjwxygHa9sfV#f}HPbs-3{%Z?
zod#GPb@0r_viQ5lg<du(W)Uh*m>H;<9hh%JhDx>!KbY@?*-=RuW37NXVryFKqrN*f
z#pKu>!*Q@J&qF2mYFqX;a-pw6`%oV|i#mG$LLI3eP}?ZY0uzB;sBKmq6`5A3=Z2uZ
zsQB&u)u;&WMYVU;`U2HY{Dpx5dQL_z^gtwPAZ1Y<)<wN!zC>kfAJhrB#NJ<tg(>eq
z<-ilvQY2aAI&H83R>w)Gb}nEJe1LlUCHqm4@c5U8TqvYDP$SNVTB91aei-Tl<4{X8
z6I<eL)XXz2HWMg<DpyC%ur=!C)(4ei6HrUJ3>B&M7()Nf5iW}3HPm(qSz<z48I^SH
za1@S0B~9>BGvn&0NOeR_;A_;9472qMtQ$}r??;^{Cs8jkcNzO%Z?$AxXkVv6&7cIT
z;d-cKX^Z;e(FHZ2{-~^;g?j!sRL6HwSs!n?iCAIOgv#Sr*aMY2*HKIIdO7=F6^T}u
z6E6#@!<?uY<+J5tsF0OKJ>M7=;%=xf7Q;{z8HF17cw0XY)zL!Kj5ne_x7(J_t?<m*
zeuD~i_z3ki`W1#_yp?7^xlr$b{HO*>*m50fGgR)hN44XjUNU1*=gB(M1dd{Eyoq@*
zk+;euNnun-YoQL3VW^PKM|HT<mVd`8E?*>2p)R(@{0(P2RFbYkCEHHauDF0T@RhAE
zyVjg5O)-*sZzLD$Xe}y)C#+{sBfo@N!<RS*v#sL`2JXcAnDi&}?Y0%Foej7FPos9r
zi1p@xT7}xa8?Y2^K?dkKFSyW}rr2Oco(r{R<xxr35Vdw~P$BJx%I2x4WSomy^IfR@
ze+sqj{zm0elAq1}G^i6X7plG}rq%v0!-YQBz}goTnwdBh_o8M}exn&!ENUAKLPcgB
zYKi_teK~!BwK4A|^L?N{s=No)anj8u5@|8;-~WVip&5sxPQW6V6|2~C2h<GvS;yG=
z+16F4=Xcoh6;uQsqmnHC78BV5s3om|TB`QwDOpBvp$N=Fb+j8bkl$_j76x{Ot&g|W
zY`YLtwuhpYFgsSk5_kuPVh<k&*e@ocr?;D3^$wK_VLRCW>M(qV$=+zxHmiUdSZ&mr
zbwsUsUsOlmpw|9-%!yl2*?$FfAU!}m=j=2`b2`-L^I}mfii&ubo$P-l*$^s}WaCf`
zOh+}i2KB-1sDT~8ns^HHV(2atu_~yDHNjdKiwgD6sE$rrZ=fRi(w2j~U(E;8p^_*9
zl~iR=9d|{|q%UfT#$#Z+qC$8AwQYY#4frBz?eC%@_@6byZZolH)VWX-HDE863q3f%
zIt|NGUSrD-Q4xu^$DCkcs5LKwsxN~YU?bEQkuI2-1FAP_0+aTdte=I7#6s&vWC{8G
zUoHx9<1f_vIdq>HSy@zW)J0|Ym#B~qL(O0=>U+aB)VXjH6~ULNZI)=i=`ba#ogAph
z6hqywi-Dj2n{c6{v<+$o6Hqzf$MLuj6{@HMX69v3_p72_J`HgQGj4)Wl+PYCpZkOZ
zD33p6mL}-1>$p6Z3e``VBmC&b`Qv2dLLcmhTFXVK&@D%;@dnh)w_pYQ9km3hkD4V2
zL*+&^DgupBk?D$hDSd;Q`5arn5%n@UjDi3D=Q<af(NpVtYocSOJ_OZac2p>%P&rc;
z6@jLxfwn;HqAyVs>5iId94h1kQT+@@eQwe*_P<6t%|5UU!zr&r&G-~5^bc_kzQ_JJ
z<G5)s*$ML<F9ai~Z-rg(TU5KxFgFIBH08Xg2$e$(sL@H!jI;$6v#Dr{3jKT3jN|`i
z_I+|xl7*rUobsqhbU^Kb{-`CGh=K2Rs9kXc6{%~e=l(^tlj4+l3l{UZP{?|tJ~#w5
zvhPs?nTHDPGE@Vr?fre$W2iMggX-uh>ia{Y(<aopups4V)P&k$ICeul?@i#M3t71g
zwLepyF$2kgwJDcI4P*>zU{f&?XQLvpA1C8^)WOv8tO@Zb)PQH(@_JM|2T_qZW$Hct
z;}Wwy-kAy~(K$1+%%~B^;OAHYl}yu7Yd8<p&<51`aoFDf7ZuS@s2oai-n5e&6`6vl
zNPmWb|Nf@~7izd49>5`}nO3}D{)VF_KB0UA8xg7BE}A9De%Uk}fqK3W>Sa{|m9*8d
z8a6|<zX0>#GW6jo4E+Az87>s6o2c#aFX|+W|A+Z16^ZRBUqNlF@>k4(RTb569BM`b
zQAs$}mN%i6=mgfpYp6)(`O`#jD0&+CG%ggfIo4&U0sM>unehcYLb?7m(_rXz*LhDl
z3YB~jH_Vb%Mzzxl3t$&iPRzn=xD~Z@m$5uPy}|z1$yDH`30-w8O}Pmw64Ov?yZ|fX
zX55Z%QM+Q(E#o$<LitzJb3wPwey@&-Knv9Cy9cVj0jOl0dYk>P4(8g54XBXrKrP8W
zEQOa*$(Z(z8E9ry!})BvoGsTuz2DoQ4xnDB_D7<YXf`V18?4(rE}B!Z7u7-7U9%f<
zq6QL;`anrrUlBF(dZ=7zj{3gP1|xAIDhIZr-kN`46uv`!F84iCUkLS_SDy=wxDV<J
z#7I=bQ>`;mA)Aj{k}aq#-jBubG3LbV_f0$1QRhfg)Dm??b=(Ve;0#19g&)}^p7R42
zeW>^eHRBwAnULj0?biyZP`5%QS1;5+2HWyjRC0Z9>$jk`-+t7D&e`%U)RMeJZPSDg
zG*I5Z>9{CKMI>qf?E^O$IVyxhQM+M2Dr9?61Gt0wuJ;1}#WD}g5*B-8W?T-n_BBxL
zwni;wM^wamVBq(Erg5QdF%uQ)HK-6CM9tt5YKHevIg;qH89*x3^I1@#jX`zT02R4d
z)NUGun!p}Zj@-d~nEVO*U&&LN3w6{5N8{I61ph;YD*CBe%ZjKOR6`B8E^3#wN3HQ7
zRAfe>LOm6=bW2g~Y(;(U5MIP9Puc%LTx@)1zI1LyHTW8}hDo2>cL8dNVo(G43YA0y
zQK21$>i9cUXlJ1grd=2~a8MI{ipsT2FHApEUa<c=P_di}y)2UcZORd-?45uL-Bjyl
zR0uDlW)}3)gfay6`AV1<TcMV4ELOp}sHM4qiu4=QMB;g`Ohr=E%rn|@VN|x4x7M~c
zMTN3GYJhRrz-7sBKjovZ`P(nb6W^HnC;ym8lz(d?(E>Gq-snT`8!j}G;n)(#VQ0LD
z-Lc*~^MReHnIE&hLM2g__vQ;mZLC0fFc!s~sE%Hsa^n+f$$~$aU6dAynCHZBp|xv>
z3Q-%>0n`r_!ok)_7*2T+YFq9@b#M!7;&W6kmHKGfDTgY5j#{c_sGl3UqWT+)8MXhX
zbD{0E9+fO-0yp?;dDPnb{xkP;qh?YA^;|>L62+nh-UpTS<4^;ekBZQ0jKE76gZ!F&
zV7r#U-1P4><U*kxhy`%5ec%l0N3q8^0`szBLvSsAsj}+}{D#DLsONsi!<fS7bK2lV
ztd223zCgzwYFBMVEyWS^bfBE&LLvDRm4pv)COYwaff>$1&1eZK^gpAL@Ql5G6BU^!
zsB_~V)O$ZFzAvynYvBUQ4R9j9z#q^{;PV0<W=UusEQT6c8Pq_k+j47Eh`XRd>7fR`
z9CakG$MIzSS=17=4)z6-I?g%>HQ*7bC7X)+{QO|g7f7~cR4CcjppMersO@zbHS=qz
zh99HW-bw5W9I+v&_j<IombD!!i3gz~G7NPfZNklX+TI`SB{2<8Kn-A_bt7s?4q+iY
zi<K~5QWM(hs2OxZMXZ;tAB2kBY)pvjQSJVM+6Bi^uluX0iFi-A2<O6=%&cJ!EKfN<
zD&##-Gard+XeMe2R-tm?42I+1s0Py{_XYNU9#l@WLJcq$)m|Lx<uulmJ!dHwxvAKJ
z8u=~MwtI_tFmno1Ukw$~R;agLd(^fag6il8)BsnY_W2Ifj4#{zN2uNPA1Y_^r__Kv
zzSVM3jEYXEk<P<#T#lOQ5!B3{TjQrP_cNmQb7|C4^|1~^wKLI{XQ3jv6g9zZsDYlw
z=JfB}=0YPao7&8<9_l=3j7mZem9?WV7fwM%Yzry}uA)AF4;A8nQ5_{uWA5j&7C^m>
zVo(zvf`Q-v{h13T%Mny)PouK+0ctnIPiwL~E9%>D45~g3HPZ>G2+c&zY>jody?+Mt
zQhyb-TM~tsBn%H>|7%|sqC&}39yQZ87>?ag2gwA~j8<b5?nBM|DVD>3Y`J(kGlBA`
z*Kspj?t}R$Prx#`-TF^D_P>&$XnHfUrl<k*!U&g_52~ZZ{4TCsgPO@^oP{^AHVzE+
z1%B{2h_xsOXJl>hb5t^~!-9AQi=r>g7x*>a7>^5$Xc{VOPhm7ZLCqjMlgaMVs8Cl$
zB~yJ{-@%r9qLOd~YJX2gCFcUv=Psfqb_<n5Pf@$ZOPkq@BnxT)1F<L0M18eNkj3ZB
z_VMqCa0d}t9&VDYeRh+C{ZKQThv9evbx=J)<w&6%W&pKNk!XzScp#Dso->jQt?69U
z{yvO)OPxeLc+J-Tg&NRPTYim7+V`lW4a#ZCnNYcu6E&eKsI_m06>$oxpEDS&{eOvz
zwN%_fZMP}8Oo*qWvU(-z1HWQ6Jb()EJyb5dK}8^2Zes)dobqtgZn%KjZV#|7W{vO#
zet)PZ=F<K@qzinE3Q_7j=HMxg)hV||W&bkNbGxj!QO^fQn&<Od8)HuDhgyF`CHZ00
zx$zLS#HsSK|FzGDaZwWIp|be`Uc~HC=D>J|1t^!#XWnK#QE$Z`QQ5p6m*HL1Kqurk
z?~ui)rM-=ME=2*Kvl^?Q2J*ZB`(Ig}zMwDgi$~F@kWRtHxC4L2HigWIn7XiOxC|;c
zhM?AZG-|1qp_XU|>O{PX$?+L#3ID_87%$ov_^rD&(d_@mR74apFPov*i}EtmH<WZm
z&9>Q$%_#3hC1=KBW~Ncthuu*LOHjWh#&q-y^;PXPYM^l?OmYrE<=7}pg5x}UF&%@b
zScKZIOHm_Vj|$yxRAgSELZ7vy+3)#LIZz6<3tC&hMy>f2RD?F7K6e(iEpK83dhfZ=
zOCv`qlf5M|59KbX4@^TX(L$_+J5V{3ptR4KirG>3H=*9^r%)X{#{8I|jM+^^Q3I-h
zI`Fz7$?Z8SxX{R-qZ$q_YeJg~wSUW?2KWUk0=-ddJQo$hUDl(h4$h-;;a}8wk*u7F
zP+DsV)DpJDz|a3ZxKKyKP%oPwP;0gewcQTe`X{I(Hfed&Q7Ech##+<b1QogVsI~se
zmiwc2$0*dhWG)8&`@bbzsKfQBNNl&|v#4CSik0y%{15Y0FxxY#qR%-^IjE93z|LVD
z<q?(5+5Z}KQ01>;23i)?UM<wb8e?Gp59Xpd6*EyM)(cFC@v52*lA`LbqPEp@Y=pjQ
zCe%$Zl5#iH%%-EB`@y;%mE8MKp+AIriCwJ5{?`W|QPBlMs@tqYt?hE0f*Y|8R;gi*
z&}mqM@=Yv_d25>F?SwjNXP}bo1V&?UE%U{t466J!YFDkQ<(Z1>R4BVs*EZ!=NOn3?
zP%n*3SQ9gT<}<&=j#VkoKrPLm*crp?n8=L7Hk7Yo1uR?FoDbhvw_2ZjT;$_{$a+5K
zI5xq0n7ux)TZ}^;%>^2mldm%tp}YbWkw38%=56Q;{LAW&s9kg$)$S+MftIh4`TRUo
zdw-%L<fZ%Egsu_lAQ_3paXBg(uc12l2lc_|#%4Qq$0*7pumi3`ec?#c#GHV&QJ-&s
zq1Y955RJmZxCHxX|6kxjYgVhNFYy0vH4K$R*HKCG7iu4WKy9a>X69r}gcT^KM<rV`
z40MF*c$BT5kJ<%4p_XVjD!KDC*Ma5n4TTFOLmgC>jzBdy8a0qv)<wuS7H1XeoY;rj
z=QmON`Wb4#3BE8t<z~d0lvkh*tO_kmgxX;q%5yLw{X6@)2*=~7qx3Oq#tB=RnIy+*
zlp|2D;htC!=VN|6iOPxhs3j=a%B+1XmZ$tZ>T~C?5C*k2`@bl9Ix4^5LZR)2I??)~
z)_gc>KszxQFQSs>CTgZx+L%a1qasxWwH@o&@;KB)rlAg=*{Db@!4kNm4f|iAd_{%U
zB+Zv*ZNpF@%ZoZNK0|%573w|S7qt|FP!pJjI-r(gC)|!BF<V<RfTgJR*Ptf03BST;
zZ9Vf+Y1_`{#8NQ<HR4yOBl11!-H@$4--59`R>I4uq{`I6WOY7N(tU<H&^qE5I2pC8
z9-<<UyrUUtDAuK%&*MTJ4o2<Q5vZB|glg~*YE7@BB9gw7Igm<XCdz}c9L_=|??u#r
zuh{Zi)Y5!JoeK$K%~78n^}IKPi@@6t^HTAHy>S%7DW62m<SFLFnw?E3d!icXkIJ1v
zs17{TOy{Bxm!TrE5|uM&?fv`6=RN0dE;Pb7)=#JpChFqT|3SEu1ocg5AZiWAqB@*{
z{ct)eGD*6c0p~|;ue#U{zee5v1GD1?Y=&98sm%Txz(qI}bFn?{M7?~%yPKKhLybHJ
zHRIZ-0oOxCtQl6rk*E{#7-|>2L47W$hgsV6sLxeFO{5M6e*dpA7y3XqROkkvW;_y=
z1Jf`ZS7UuVfh{m|Pm}EfQ7@+(s1EY>GP|Y-Y9duoyQRLhGinzNLr)!#=0Zv6w>RdX
z)^Z^>$DODgN!QyK`1SmvsF%-om=!OhLi-kVlxO<N{DovgEJ1k+>TP)x6_FHiW*6j$
zWB==@Elx#Ytbq#6Ak;n`fhBPl>freYHS(f-=hl&33Y9CpP&14}-5-yd`4rT^=b<LF
z-PT{Q^|$(vY&yf8zUG1Cn2};$)R9>gHK4wzgK7w>;kl?#FGme<J!<J5qLTA9YJ0xJ
z3z)v2e|+n2+#CMjHcj0>{cYQ9bjSNczKlw?k>L*E0sV8+U+2r2A&03MN*f3GGm(7T
z%$<Gyw_irNxBR)<7R>es_y6MFb^graUJL=)rAhP8G`#HZ*EVbB4Yo$L|MDjXPhF?A
zLAc7lp>5X4A9$iVf40%iYyQmPn*Z#=xq_7xRQ}OlfsFLOZClx$?l0SJraRStzTIH=
zq`yJ?BJLgkx9tbVpU2Zn{P8<nbiems?NHkt<&W$bk!lCE|NAFDZC&%X?Ksl?%YV1y
z+|Uc$d&Wp~ZvXEez63d!{Ife{b$|44<9}!QFL#P^5BTH94h~*t+gj)!7rQ^%ca#?J
zY5skUv&P@NbBw#iKecn1yVt*#|J~$2+S%`}_P6R%+nwoO*`;3SaQo?8|LY1}W;@!S
zs%wOM&|k7^W%rDKXjji&?*G^|%Kg<J*)2ByHa<1MKfPOoyVJj`+gx|Czj^n{@fT1#
z+rOxL8h4m~bNA}*BLBzk<=vzHvOU_nxBZLw-=F;PdzKFN^V}51IN4vbr{_-cAMLr=
zUGMMFYjCo_Z`(40U5wzK|8=kG?p1%;-hJF-{tdm;xVtwV?7iQ0&-us2)pkd0JRcY4
zx)1y>`cw{{LW`OB%-xM;`<``!$57NiC;XxPqujOrs{K88yZ>PS93l6)^U*F|HHI*k
zF#YEL*#EoCXSq{=JN2oV#GMtoOWhsnPWhL9UEQ7UfAV#hyUZUvptL)7W7PrGU3aB_
z;=ru#&;GRoTcldS!~6M@iVyPd@15iR&_N^J8UFc$b|<?|{XqVl;NDh$m%%yQL;i__
ziv<5do&NdOe{^t|JI;T1a8`GsKmHIe_`JPy(LZsB=kD<*8`{D>;_osvEdEmNoc50!
z8sq-%-#fIRyLsb_p~ugJ_2?DXF}z2|zHK|S?b|lIeXpK<+qUl;9@ndT$39#6Z_Vl^
zP9GcFohS5IWqY@w?v6>&!rhvng|AZ5yuG{k>l5CgV|d*DP2AAc|JvcQ$NrTx-m7QN
i{VQp*daQ3%lJspmb?VZ-bH}*w|NqIY&*OX@eg6k7sxdGC

delta 25258
zcmXxs1$-4pyT|d}gM<J9f(H!}B#_`P!Gp9|aSakQIHkq9P>O4NioeAQMT)0*vEo)r
zu|m;Opn;a6#o_+`XXf&`eZM=idq$plX7&WR5AFw_zZdLX%b0w&!>_w3948mHDB(Ca
zgB)jCC)GMmhR+-)mCtcPF^}swImS579O^5Lb)25m|AO(<SNy_pLU7S|+Ti}$364`2
z-HDFVj`~=vMS0mI#~FgRv7h63PTR?j)0>JTs2ioGIL=qN0-IpPsgBbICt*C^#2Oeo
z&2f@ckBrS3Jl%21;3F)B5i`s{TjNm553n0{o9Q?$@d$3p;5kn2S&mbliqlIRCoQI2
z>NsUF6XwMFm<79IY8-)~I3DxhTr7-RF#@k)dQ85|3?wsFr(6$H;&@Dj(=avtJF|6x
zOE4I}M^?buf(>vt*1(`|2|L!uNc<cLnzIfMV1?z5^B!O0F1dndaocx}(*d28j*|j9
zVqWZqo@O$R3ppDz;YwTHg#{^}LPg>+X2o=?j1icfa#dSyiTNlepxT*XU51L_R$D%a
z8o-TJtiL*TR+|B2M18QJEmy=MlpCT#I|K{hd{hK>V`2Qu-p{bcaiS=fM<sK2)WFAL
zZu|zraF?w=zlQkh!ADdS!gSvo%b_0ZfSTbj%z-me5m;mE_ggPxX6m0{HcYkFJQr@Q
zfNG~P>bah_ew1e~{HPJG!D4t6HL#}`j-l(!{nDrzHAUS|z$l!IiqtmL=Wk#~OuOE3
z-XwFJKB$59+-xG|p>n}n$wdek>o67WLS^Ye>j?~^{3~i{E@K9KfSS>J)DmV-G|xq1
zI?AO{?bbxyZ(_?`Fb(Aam|FXPBo`T}n1Fh4zAb-`8qglp$d8~JypGyl|DXo)7HP;y
z_k*bqL(QxxX2KGv&(%gf-wgHnu2_ivoxxlXA!k0O#cxodT!UKcv#0^w!w=B6#e}>G
zs=?8yrJI5J{95Y{RL6%g9M7S0>=`PexwaB%`gaO)p*1arH82*{&?Ho-W?Pq{8eC_~
zyKMOgDpKcB1HFb>@INe#X}6he8H3t(U9c#QMQ<b*-*ce{3vV|eYlm8r{urzWQ4LN-
zt?g3lMpWqcq9S%2HQ*<xC3uh7F~ts3p9dAONK^!>>>&PXur?K%S##7rkFyU>z-*M~
zqW1j;)PT-nI9^3%`8!lQ9d?=l^|cN|4P>l!A}UhT?fp4BiN8X<lnN!qdelJnpbt-?
z8aRy_`FT{X+_B|*s2RUTeLiTH89+8`epH81sD8?0R;-QMW$irsKo?Z@_d$hpl&znL
z3jHk92fo9cxDM6fG3zDFK{*NaQcC`#S;7LCpK^KBZfJ{&Xg_=38_z`;74tBq>o}WH
z*}P-7d0$^db(~|5nL$2OB%-k*#@O<wsGOOMdGLRz0q(-&cmfs4Ur>>_fV^8g=N1=(
zs7STfbT|TIDDTFq_!c$5%KLcZVGGoZE}|NIh3dfBZ*n9BDi?~PW?T_9;16tlN7Rxe
zU|Q|}kGW8mevZn@g{U?9Ht>Ms>_iRV2<o|;sOMgxI`aKwmMjzl`x-M-Ul8?tB~*LO
zF+cXkRyYlF(!X<y3nkrq%#R@l%o$!1l@lGXEcVAr_$^k$t5_X#9yF0?hZ;Z}YRP(`
zA}|0I@^Ki*B~*@mhn{Az$yV$`l}}hNqmm^F)qs1*tZ_QbNjV=XwAE~VV^k7$vGt=+
z6Pk|NB^y!g|A?CKi9^I+Npgt_jW`LD;X_Q0Pf;DeL>*8m4|6<YCEVkZ1E|o>Icf&B
z4)wWxs16U=`ZK6V{)y`EKh!`{9wYwhILk4!X1P!^Duwz$Ez|&7pt8FQDuhGr{VAA=
z^8c_Tu0S<>0oCqp)Ik15wfh1U`rzZ{Aj|A=p$GC{IgG?`j6;QJENTEVQEUG{R5D&b
z4d@|ipvg{{4zgGaq3&0(<%XD-a(fKMk*G*`<L!;vn45|%s1TmT6!;rzhSyLX-L<|%
zHIU|{8DLJ-{UWwp8PiaXMLqWsmd9?WC0l?*$a6Mvq0nqcjqI3x;H>o?Y9Q_@X33fd
zp|U*9&t{;RP#tGSMJy5n`yQ2~AD|-93sd7r)PyEr2JQcuT<C*K0u{UiFfHZ1sI@+c
z>fjI50H50X?@*shbJ}zmh8kED>bY{59%E1wXo7maCHBH@m{$A$Bp3SNCHufl)GqiJ
z8!+Q1n2U0?Gmg^<+hI%GfeLZ@Umb@_Cnu_-e^BSc6V#HHI%@}j8dyuz5_d*V`@1_A
z(Kre<knb@R6HzDFAxwwYP?7n^mS3Ts3qEIa0Mk=0f?Cpww!VS2m9?97;5p*2Z8Dk)
zHS`4r_A_dv>rgY=h8oyzTRwzZ!xO0I&Y?nk4Hdb+ZTTVUxp%1cgU*|Qg`w&r&lCR%
zT$G`rG44c#Cinth95Edh#p>7wdtqkWk2={dpl1Bi)(2lS1I>dPcp;pH#ZeR8jT-Pl
z>(3q+TBF}k4gQB3Y1nTj62(yETBx;dfeLLLs^dYJ9mk^f_X4beJ24}^MnxvwB{Q&G
zr~wp2P1K9#LffK@eW1Fv9%}nE#xU%IS@8>04lG1PW)&(oezo^+T3=u^$(#PN8A$ct
z&F7n;lCu{w5YPFJ3$5)&49D%L5nsYSco)O4`4uzc1nVfwMEx|>jFzC5W{thS7d5fd
zwtN{i(0i!0e~Fc}|9w}@T2)1bwwCoHEKIpOYVD?>mcWmC%PmHAyc4tGK~x7<Z2f)I
z=bm9AzOm(v*UWEpY(u?&oMPAc(OM6p*5t1nCX4?;l^>xR{tq?46gSPwCM&9gSj>Wr
z(TCkp&-X+{WEg7TQ!xVP;@7wvy?8E~|6wAq9dlFOgKGE+s>55D9iQ5A$St!Jd9XC~
z(O3bypt62GYDpKPCa@AUfVHT|ZO4)>@0eS}e>xS(Z<{s$3V))!1eNvO?wFZ<j0*Ks
zEQ+&HIkDGz$@&C~Qy+5IBxz-9Eas%Xg)I+6<;Li{#J@Zjlc-pPdr>3q^p~+4#!&8s
z)o>N+gLhB^e1xemS(3?tw5Wj=M1?*Y6_MJg=Nh1ryE*2^IM3b~huT)tP-{0I_24S&
zR@8n!Xv^nN&;5bw=n<yGl=n=BA=rp=CRBZA)DrZt_XlGTW$#maV~nkshKj(~SOn)|
zA^ZvRViIZ%gYTRAf~e;kp$60xHPFte2@Sy1I0_YsiKs|SN0Qca=5V1Au0?I5L{vv7
zP|0{7HPYa}O~aw64)b9!7D8ozNn2kJ(^77P3D^eJ{vp(fcoG${>lmW_|C9@L;QPmn
zEH$d(OsJ&EZR;yxTFSLB4K}g1N6oM&hTvdZKL!g^o`xFm52)vMpay&pv(dkESr_;i
z6{6G+_-O|-;BIV$nnCctW?&gmGsuCeFM*msdCZ5^Q60u%2*#rZJ_I%JF{o`l4ZUzK
zzTrY^vd4M^(^LM%dIQzaLsZtk!${2V(3}fZFc;+(sHGc(%8@To9j?XCa63j}g-2#U
z@sEhVMmm@Z&HNM8OJ+1?z^_pquRtwHB5EePQ4Jrr_b;HH{}X?}XQ+19aI9*e8!!)E
zMm_fu6|vM$h<`CIGCnaMsE)c(8-3Ua6`97Ukhiubpt5}|YUyTS8(f9y(S6D{UJOOu
zkH?BQ8a0uvsEF<JxKNT^MP>U-)XcIy3;cNO6hK9!zAbmgP|9Cm37mtO@GxpXmr)Z)
zLPhQo>hteW?PmSY3?M%$l3sBx^k5}xEGl#@k+C@Ka4I%=?l}CP^E>}Tbe*#=Ocoz{
zX$JH=s-1sOk$a6w&Ue@pQ@k?Yuv%GHAOrH8r(6`|0q3<b0t-`Yh!Hs0mgiwf%KI=d
zGt|<&x2AeyA{mN`P!wv0F}C~xD#tpZBGo-m&-xGHB8-ahsJGl=)PvixEbhT%_ym<a
z&uux?ThmZl%t(Ds)PSN<IZ(mgk3|inm96iFO2#3&ul@fO7Yfx<)W}z%4vL+&d<fOx
zMbsMJMQyVusQsSloq3s*Lq(<y=D;492ghOoT!L!<AV%W_^b)v8@t$zwV2s1vs1M|E
z+(6dW!ex|4VtduQZs3Q}5vc9;11d7tQ3HR7io|QwfRg*%!0yS2Ur;WLn#fw8>jgfr
zor)|}96)97B~$}9ZTTMNru-Q5U<Q5=)N>_J6R3baa5+xFG|5fJb5PGM$3Tau2yD0Y
z$CG<z<iAo8&W&5BrAVH_j5v+tn@TuphUNGzGBsEawT~O4lBo@9<~{BG!KfS>fm-`9
zm>H*|cGoi0=T~}MC`6l3NwgQ$;IF8CeG}F3Gh3fB$P6G0YVC8Q8jitL*a9_yx0n@^
zr*Z?ilhaxZHP9-k&wKT_&_U7*HR5@w87@LC!FQ+*HlPM_5Y@qXR7kI&2K*Olrq5By
znmpJIBw=RM^Chq-mPg%>L!S4Xfm~=rqcJB=LXCVmDkpZKIyi&crZ-Rne1#gIFSQw1
z8fz}p^HHc=sft?j_Nb${pRFGssQ2iI3(b6Mpn~6>!d#SpMs;u>HPff|zLUl*Sw?F(
zYPUqAmasW$0P(094@Ir@B2*HuLJjONrlEi5HWym!N2my-Nb3gnXFgO&n_4@f2HFSJ
z;6PM|BTyloj>@HPus(io%TG~B=i|?3HGm*gIRZUhL~@}Kmq0aC9kphSZGB7B+IP2p
zj9P*Ts0hu#Xq=0A@i1zDcTnv-L{0FyHBCBG&YO<?uZGJ|p%B(Vt$i<410E_jCZi(p
zwRI_K0P8UVx1!egioO2;wPdeRITMuLw381tz~ZPS_#i#|UnA>FMPc+%Gg@iO8!;K>
z-%ta%f{IX*Ex$x<qm&uUK#E{F%8gMI`2yAcLR7mOkTc5Jj#|ney-+i<pHM##oWfrC
z5UXI@jBenqH`{s`OHuzEHISm2OtMx&&8!vH#bKx!{)pPXzoQ2F5Vfl^a;hnUUJ-jy
z5|slLZ8;V-<0iJ;!IryY9qI?6)^;muX1h_l<}j+^TUa0Oqasl@i|fQ;Bh=^CVo4wS
zKaq<bgyhd`W&n-C+`wzN9V#b=pmxPvEP;urf!#u7|3lPFljSfW&5xQ$5!73-f~{|k
z%BeQiu7P^?Uji2z(O}fbhuiX4R6~<&{ag%uKd^2`&G-x!#|Nn0lryJU(r{crxfm*k
z4x^UrII7*tn4JEdBrY`42dJzK&SegcELfUy3`XH#jKL+SY`=k#_!t{u?%ZzR?+f%s
zMJ^GQQx~xyzOv=K{5_5ulxv}<WEjUqIL=2U(N0vdT(;#msBM-juL*T6)Irh(^}J`x
zi?J)^-KeAs4>uDihf3OBI1d+K1uT<~{a=)ezWL0IXQPs7FRH_%I2IqE_VK{{rokzw
z?Yi5RZ{rxs*$bF~%}33A8!9rFQ4uLr&~+wZL;MEM7WB+a2SvDnKWy@&lH?cEQF<A*
zrhlQ5@E_EH6kNy*G&5=+=SD4M0gT6QvAmuuY;vRqwxrw<r(hzgpXy!_vu5>CGye*;
zwhJ-4kKX~sl9UfenvR}hJIZfSNz|s88DLLq0;-)ss9YL>O1=rG<ep;he}!6NZy^^7
z)o#?xZlHF<ebnpnF>1S|E^a!^hFaS~sNAW7dcGMdyW5~5)eCjBe}NjvY}CY-qMl1M
z_dVwT7s~E)sQv7Va-Gqb1=X=1)zK2vQMwh?&~bbJ3hIDKLY)u#UB`-05;dXTs1AqP
z@)xLq&BTmav?W{=p&}90(G^q(AEVaxH7XKr2{XVjRDE&OfJ$5Ip>n1jYT&(4?R|`j
z*i=-zOHkW=HHIl^4sxLoUBhs^XUl0yn)+<k0;q;dppvpGs==D5jvJ!ZxD9H6akkt8
z6|w%dJO=f-N$BZ-`I3vnco4NMrj~M@4Oq0a>wJfoumg@MW8U*uQ6WuR)`U10s=>mj
z^PnVZ#!c}<j7Nn$5jC)bcnXh~W&bOA=9M$sVKK%~UXAJ?3Dw|BR0m<@%}ny6Iw*_E
z?gpsc@F6M^9Z>td4>rabs1xuisvTbi*BOUtDzN|cnw?37B5}g{4kIX+s%Vbb)~NF5
zSPEBR6kbLhV5usZa%ogK&X%X3l5x8&Kf)4}^Hw%C@wg~Ug)D|YU`xD#wXu8^^BNst
zJ%Bo5(^fSn-2l`;reh@T!XkJF!!dm|bL5u9`jn61V$4|G4Ak4qMKl#xY(<(F^Rrz!
zR73_~TU>?;`5V+gLu<H!-=wOBg(!b&U5tv*Vbnlgpw5?kHBEgTRQ3-;4mQvEl8fS0
z{Dj&r|Ds+lDQcN-G6hf_^hPDmEYxdw4l1cOpx*!ctk+Qkeus46w5e^%lTmAb3zb`c
zV>0dkH-QUk>X>9oj%6sOLOoa&HLwqCxhpE!23yBsd&;v=+wX7G_kyQb2}A3;=J%3N
z+q^MqAnhdmJKeZYM+vB-a}+An^H2xOI@HOyA4lRj9EeTpndkSTUZ+=4yCqAkiBvgM
zsH>prTcHLx4D~ks3_WG*JTA0denN%z4(fyNQEQi@zG<Kus=gyCt3O4(L^j#`XHiG-
z6I4g38<>MCBkFCJ4YefsPy=Y*fc>ur6R6O(7>bI-a@0Ql0TrsBP)l+G_56EOE(A3+
z<q%ZPWI-i!8Pq_!+WW&%C+ApHglC{~XH7%TbhL{KHFym5!PBVF-$5Onudq3$ZR9%r
zu`}x6`Wf}P^QhhOJH}zU56mtZfFDs_h<ff{RK%WHvw0u7&Il?hq4x0)sI~qBBlIBZ
z<&(3q*-m9JmU0KwjF)2|La4}{z^eGWt<T=X4V(k{P!X+#ibPXX`(8&bG~;ooHC=$p
z_Oqx1B?*&Z=B6gAv!jo4IaCBHqCy&jG1wmU{6f?&Sd4mE{fNr7{it1WA32geC!(2o
zpdqT^Ca7d-j#`2as0Ihx`$JLL{0VAl=Av?9wY|RyHLxFS{VrR70NYc47!|Sn&Gk8t
z@8?`-gk^97Rz!__FNWh4REKY|HRk@v95^4NcE{JKBYPW$V@L}Vk!aM~H$-)~2=#?z
zC2A=)V-Wp2`?yeY97V0k&sZ3rqP9t{mS)Y$qjIA*YH3=bW;)h7$=;ud>Tnq<GT);P
zo<vl~dr?bv3cXrfByrIZi?=eb%PClm@+DLQ*;<<h@}dS%43)*zQIUy5O<)Xah7(W&
z`x3Qu^HAr?|4{vHvE>)7+5hS|w2d41D^UYbYknA&gqKnK`5`Jf^R_iFkv14Zc?v3d
zkE1?!6O|LsP>~F3XL2bDm3$RYCuJ8@63%bO{@2LQQlXGuLM37H_NG1v6}k{qPK04N
zmPbXVHLAnTsE`jrMPvl(`2`q`+fdK{hT66_P?37)aiI?ecQ7-}h`Lb|m6RW#8fu0s
zu|G0KCu>L7naD^7b#fhcsPi(;{IJ=etLsdr{!iRbegAmAUtr0eZs4!w$M-UC)t&eg
z^`6t)e9<`2$GlvE`kLQT9cO)rgXy?qf*bgI|G!{!%02s;?X(knP|n)le8CuvS!wt%
zPN)9r05|ZL)cOu|of?$a;2yk>Gt~c@LFQ+?N`uXp%w1TI*I)J_CK)?VG%ua?Sc?xH
z!*EPH$>c~BDq^)!OVJpW-EmkLN1<|IIVwkvqmug?w%7j8HQB7qr>LbEgKBWH^=s6D
zwAi{DyHZZX2AFjU1I9SiSGkqA46k4kdQ%w)5$Qe6b#77qa=Q6e{P7HaR-}LD02fNa
zqBG4~t^_KHx?z4ChvE1ga%A!^7tCw)Z&Whno@L+jsB$Y*1csv8nT2}oZbZGlZ=#-i
zgPxKr$Cu{83K&JXHR|9QkLqwS>VpSSU$w5Iw&goiLs4IuByEKHd@s~@#5oxFYKK)Q
z|BHIQnBUmI&;Hj)ds3l+j6;oh395b{Y5-SIYw3P%K3LQmi+U~|_4%==&o8p~_h2~X
zEB5|d)WmYkHqV!x&HmTSno*&K5>PXog!ynK7Qtg!8Xu#UBw~(fpg!t;JZh#hupI8f
zX7~to;MAULl5QkUpu7X4So0d*JTtTY-`J3$lI<tdcfgaVq`YaphdNrHSYM%@a~GK}
zrCBkYa)d3{LmfOVZMh@rn@<AjbKYn!v@O0u9i`u)w$W}>1Wu!l;zy{+1T8kt6+(S6
zsfN1W5*5L|sP-mW7os}afa&m{tv`zl#B=U)p$=c5UM{JZm~73BIsqG_?tg@(Fdmge
zb5TpN1v}$!7>gB`ns&xu0m^>VTW=dG5{FO`J%u^7|1WT%HF|7sL@qNQD1%D6n%Dt*
zqat(|HN&g6{0KF}RNtDnTy9j7l}9aQQ&gndp&~UH%i|=BqJL*E7Ygk^sF0^!ZvL1o
z8mm!GM9ugSDiY~em>J|leJ&DJ-@w`))p0*8gP)*YV&9|AnQf?DwHrOn=npQ`z)Mt!
z(tKyWaAZOaC>)j5wNTH0it2bKD(lyyLi{^w|0m%f%(l|Zcrt2f7u)h?)Ig4|wBP@K
zrb26S0X2Z@sF2-7h3q{l#93CEFBFle2BJ{|FKg@Tp*m`ansG<e=X%@nXQ-on3aY=^
zt330yc@Y)iRIEo0;Iw`4BC3HuZ27s>x7uWT2&$o?7=fix=SdsX1cqQCoQg$oGwPer
z@2H4A^|;W<6}iTQG#1ri4_h9IbzHtkphA89d-FS*Y1f*Nw?QRa4^)nf!TPw!*55@P
z#qK)u4JZn=bgfYl^oH4sQK*rBj#|TSZ~>mcCfH-W8~Ahlt@sh;pbe&>_PB}i2-I#V
zzR?^|El}IHJyymz)BqQvmUIU)aL+l-h1M(y)8ZS{+68YiA<cry<|?RUtczOno~Zpl
z90Ol2QA@YQ-rtQna8BF$YpBTHL4EFZK=xmr%_cN8aWpsjqGpnW8dzwe*+vCXk!gc!
zXaed>=|XIT=db~W|6s~}Py^bEio_n&(R~2b?s3$=KXk5gkryAR0@H0VGt6r(g{rS@
zZGn0|-j>IsA}|M)WE)U9@f&JMAEVYhWUHw!j*37%4E+1Q-dw1Ik*Ls4L;Wzh$kwk%
zeUIOZ%Ju`OH9U!R@DKbG3vY9sem)Mc?IxllcA8za92J2>sP>Pe&WkHM+5g&)_o&c_
zpP|+){VucSc~Bh{L9KmtEQoQa2F9ZfBtPo8HK?O`A1Y_gVOhL}3VEg<O^y{p<ye^?
z+5c)Fh6**<3iZM6sDbrIt?6)#!~>`qJU~Uv+3g1Y=0qqe)E!VAePW%0isU!8ybkrb
zeW)Bd<8h&+x`XOC^ByykJg7A)i-G-$3gIx+z8#4g@L1H^&qPIVmGvjo#IB&W-4j&D
zp?l49`K?}6E~;^(m96+1^}+S16YLOb&9B<}JE%~<MP+lQeRRM9l>;?_iu+C0*Fr_2
zp|vAw2?t_H{0ezJ^ZWl?Xk>R$p?!hM?$ke-kVc|rP#3kf-B3sEC#Vp9gW6`BQ626?
zwQ~v;nd|oc3)DoM1Lh<R#*}*hm*+wUPc@u^4N(I+kNUtJd;ee5E_j2Zn6Y!v9Ic}d
zna{1pPpK|@*euODba`$UDpI?Tm_NEXh&qz<9%U)%-)Y2!Le~tn#_dtb6o)l%Bx)c(
zqL$_mDmSj6BJds+nasz`OQ{HI=5<i@9Z^d;2(`N=qb58LJzcD@6`QSlQ5~K{h4MTq
zx$dGO;2t*vO@Z1*sZmLp6*bdbs3j?YYQGrja}`kos%q~yJ<k3Qr=krNn(=T{=)cAV
zxB`b^jT5H9Z5T^=FBZn2ldjVnOQ0H_kA-lZEuTY0=r7cO-l7JY;*{&m$26xr6Z#cY
zXvP~*`+hqr$qt|noFr5v(*10fARM&>6;PpVhuRf`QIVR2TB>EJc6MN8ypD=kj??CI
zg*+}avg)WDsE5jdrl<y5+WQICp{TFfqfi~qLw$ePj0*K>EP+>06H5Dw8;Ecg)br)B
zH%ZwPwOhQMXUs@WVIwMTqXtsyS2M6GSd?;YR0R6rO!QC(Q~I+e#L=h$*S6($sCEXR
zA~W39&qN(u%T3vHHglno9YKxwCbqzPsAP&cXF8~dYN$Qx02ze3zYG=9)u<fWf@<d%
zRAerpmgqlJZlybKK9?5{YX2AFLQ8NT=in3k2d7-%n+~D+^rBgklfRjU&!C>ajM`3r
zpc;OJ_0V_8bkG2cP;QDo9FBT^6e?0vG4StymT|#R=xo4Ecow_i_{%0+ldw4De^E2e
z^}Cr-0aOxJvE@#vB^rhea1tt#zoK?Q;VWj~RZ$VEgPty$a-jiqz~Rhz3?8NY>Z)n*
zz%^HYJJUIjO1?AK&653t`h3t0^ZNmrP&rWx^I;cM$Kx;t=b;X!-%ycwbc6k0g$w7V
z$=<4{HEw{lu`}+(Z&ACV(;voeSch^i)N|`l`~MLt0x52pZJZ6&VSZFHRzbC2*OuGg
zV*e|o@l<F{5>Wee94d+SphkKG)$j#d{>zr1qu%eqf0_Y=p*n~{C0%V)uC%vy!?u+B
zqS`;?aiQ(-Gio4LP#?Hu>+hpR{t|U^CA)3DF9c&z$`w#K&;|427g!9JqdxbGt-p+V
z?iFglx$l^My(li!a20D!RLEjc2TB|&i~C_YoP#<MPof%nggQvvyJl%JqdE>lZR-N4
z6SW#@m(<50*cO?v=bYj~Av=fKulG=)4*JU^R~Tv_5w=_!m0Z<reH^OceyB)(X3Nu1
zIq?l@2{)kzx(_SiSq!}YLz2vm%%~6+M(u`JRLJ_G1~3B~;zE3ZcTj71{hpceU#N*Z
zMlEHk`(`QAqav0KmBdw1yP_s$=lpS6aiNh7K+WKD)C^~#I@pXFz%JC%97TopCaS~N
zsK|x>ZGM|A8a07Fs2rJr#c?}E;cZkunf_t_Pv9aS7iDl2DpXfcBfXDG#)qg8zd-Gh
zkOyYQ1yKWwMuoZxYU!Gw+UbJ&+(5jD<1ra_{MUTv?D8-BUkxs%LTk7cHM1kAHM)r!
zK+cCIi3*@X8;$C?94fT6PzO^_3>-M9na)Ec+hJ5cl^?lIcWj1wS8RR6{#V5rDm3Hr
zk4@;RSUaOaI1V+lb*ND8MK$m@Mq<ztvxKFw4&}P2rI~^X^%B%X*4y${)PN3pw&Hix
zQJQ3ZW_6#MP==rem<yY6MCZc;l!rXycfTlC_|MeOeQqL=^uk0U#Y;1Q9O&cuBB+5B
z!w%?`;i4B8voHZ)qDI`~m6`ca>mt<5k75aYhBYwawfPaN2kLVRQTu;2YTqZKcF`VG
z#BQRN?hO(l&k25G4xqfKT@Ycdh~bnQp|)iLs)K3R02iQ==}%Os|FY$GsHO6~H9t3G
zMs-*kHGmk@?rMjb_5L4aZ+wZ`Hf!wzzo2IF7?o6SP)ij0&UBa?mGxy%1B*pPs3jK0
z&#?loK_&GcSP0*sa;m_4-kRF~A9A4wMxlNbn}eU@IUI$pS-Cisu`ZT#eSzmj;t|R_
zurrSJ`2ydLZ=yObn#>p2Rb5a^F&K58j7CLd0tSBn&(FnND%PN8SSz_NFr&t((04%X
z=TWHpQ&Ewbi#j)!qTc)GQQPw=F2>h59T%qX1^#ti(UiVG)*nSZcRi)g{QQ5%-gtx>
zX{sP!U`;cjLRl0w@@A-HYKK$E`q8K*NEPf0WOXiULDYbYqXt|B_4!!T%dROZ*IEU8
zzCh@EQ=#oO4z-q(Pz}#Pt^FF*5xW<&;T7vsYuePN;ex1$M4}F)PPhd}*!v~Zn0Cvf
z2GG#67adV+G7wARXsm_nQK5Z=nn8xNCPHDT`huu~q&8|_w?j4D6}1aKM!lvdq9!sI
z!*MNY3B6NX#BgyDwT-fcm=Q*y8mfs}f)=P;7=_{ZKU9Oeu`K?IYA`6B8DJ=?y<Dis
zmA2(3s9g|`4BT_3aiMMZEf&Ee=7#eSwN^pteSx=L2x{LJLUmLhHNfVm-yeua&3K%x
zpN-L!SD|v|B5FXdupDN{pn-b)$i+oC70pmH9gLdU0_z5Q{~&5x-9{}{?oeYSDrqa&
zaxGNuG(jy*H`G8!U|XDy8t7dN{QUoti=tG#M<rp=j3#TNF@kbsRLJ5`IWQ5`z%0~^
zmZ3V@ZttJA{)T!P-9*i}P$u(y2UM;MMo(WTMsT5Q^`j1=4X7+XhL!QAt<RO&%(Ofz
zLN!q{Yh~?i?~lSr>L;Sw*^ElU<EU+U8I?;(nc4r^pTSwo5@bPTb$Qf`T4FIwK+Sv}
zR>!5bd;>LsB-GjN%WBHGF^Y0|tcu;OOHsLS4K*+~8~a}a2+PLWyS#i*9ev2(y_Ky{
zGwF=;a0)iU0%5+u4;}-sA>~BW+P*_2bDJE#z*}+@YIm%~c6bvtpsG1d(hm2yC{4v&
z)C`WJvimkFss2SJ(<@t_E|)21M<ro#RA?)qlCuHob7N5xn}*7vd8l^xpayajwQIZr
zxqX4Z(Nq(4CU3;~KK_shcM*|h;U?Ka@|z^gi+cap!*CpiI;iHNa_2H?08deoc#rD1
zKmil-DAbbHMYgx+4B|rH{XRiGILX{_zCsOXo-Hp%W$g;ony<6v!>DBX88xE^sI^a9
z(C5^|%BXW>6srBtaUD*><l6t0BTPtRP+9#E>I1znANEIucos(D5>y0ESYKlc%Ebzq
z-7p5V-Tc@Xk6~-fUf3+fK<gYVK>yB<T<GArfw7pXh{^t@sI}{9osJ4=BI@~z*7sPD
za^a%J4^UY?2z73Jjs0;KYMVz!`U2ms>!GJ?9>c{&Jc&9mmKQTeXA<gdmc6)nD}I2=
z=63iU&O~j~@=@j;@*!$%r=y<Rf#2f;)Ib(Qn<U?l9VuUlX8$Xsl}q@XZ!sP>V{l1x
zBL0Xml<%O{u23nn)+JF()fBZv@u(AVBI<ydk6OZ2xDwan2y9i_7x=4MXRrw6!e!Y1
z1Gs2f#(YEBhiNExF6#^Yd)~gN<UEL)>3JN&?)V!kQjV)&I+~B8C@)40G*?BFtc6fV
zdNiutGS(POM!Av4g|<r*)X3YRLf0D=nMJ5CB*#$u{URy{{zUD9RF#bRP-|WpwHrF3
zJ~tY*EvKS#W(De<aSD~h-YqT^icFQw2dbhDqK4QI<55Yo5x>Nf_I{@-=Dj`~)xjLp
zw%dq0u&$v7^cZ#GWvObCyE$s$3y^mC_di@Hw5L(~_YP`=$*Y+N<Up-)T~r8rT8E%I
z@KCw140T>?Lq%wh^$*k%rmSwZXEsznk(fvOzdjdQv!1B!HYjj|6Acyet*DL;*zz6g
z6RQ(rA{T;M>zuY6j+$6B>RnP7HG#&c{@P*S=l|}uVl*ljCSq;;3g6)c)b>1I!{_{h
z>uQ=4?6X?Fz+cTOUfZ1gi%|#FMbyCWqS||kn%H~PQbyD<FRPm9>HWQsiy&N&>R>CX
zeqvp-trp-%l-Hs{?bI{dGYe{FF{tfV-`Wn9-3h4B4@Bj}SS*UOu{Z9m$NpDV7L7Hb
zX@;{Xcf=3z0qO{?THhD=Q|+l(h4ML6_GV~cj@lZiBpZf$n<ipqykpDx8k$|z0(E~f
zD!G4b=$VS3MkYHeqh1=HV*@;hr7+zG=0~p@sHK^Jz3@0HGG#tAKY~rf8kFy%&W9q6
zja{q@usHQ+@dP?v6JOwu*H7Xu%DI}Fv-vmF$(OO2If9#`A~FFrvvW8a(>FJ3Ivv&U
zYSe*t0rmNMADQ+hpdz#n6}h*lUE)Qx@CE)hN;A~HoP_FNDOSQOsO^}wr8(P+V|U7J
zP+vH9qmJ5VsL#Jfod=m)nS&@A6~V?h1jnG>j!&_Z_J3q+lSGqIN%9qHAAg71PU}!7
z<7TXZ`%%f}Yhyb?bsUYVk45c*wx}iQjY{rcF&AD&ov_a_@b~|Vw>2LuiOS|$)<&3(
zatqX#(gf6zIu*6A=c5L^5vSupoQuudnFH${Dne=7n-jJUY9ReE96!b!oIlPSE;Qp!
zsF`fXdUyt-F?$EIX0aGW`4cRID^ML=LalvhN3-VDQJ?z^OX51z{=bIWzR5e8$cACy
z&;Rmpp*1gtIj{%ngc^%VnyILn9z})t3Mx_$P}}jjEtlzRCQ=o3@YF^{sxel?cvK`8
zp(3%nGy7j_dx#31@#jzn#($^}2F01=%7a>pf~Xl(MIBJhum^U>ad-k1$tGP)2dz*O
z>x6@FK1O1iu0E$HmhbAB4=kcWAzFcYIh?@xn1r=(TsM<chcPeZ3#g^~4|SrY?{2<U
zS3+&8uTc@$jvD9zY>XFB1B{3_OIF<DLNjfPYH%QGO(&xwvLAII-9lw=L=W>5P%TVG
zc`Rzc<8Ap{)Y7a(o%I{BEuOUZ3-z>bKh)>F`dox_@d38OepnEXqSoji)Pv7Z+wmo;
z;diJR=IG^fd>Da>L=jZ3G)LX<f%^O))WANreujL`b0%`pj~i1^x$pwjaZqp5VS4<S
za%NOSreHX(#UgkLyW)TLe%n6gbv+W>P`}8QpJO=X9DRL(KV7SWY4rYI%!Nk!J!<4z
zQ6oN%8u8B<i5F4Z(wAUP!Um|<?8m6jeU93Ob5Nf<fSSlj)CqbH_53|lf6p=S|Nq0+
z&#ZkYhI1nln_?qukN-nu`3uxbsdInR!D`fQ*^K&PaR9YTPFwGyj^_8Mj#CUU$(IpT
zABLXRGA|cOk}9ZVnvJb65kJJ#15MVq!TgjzMV;Xbu^OI1?eFx1%v-WPDk3vb*}n{R
zZfwC)cmx%hmxI{<+Mn)V^RlUmI&g-eMwo~?t9PK1?18O+gqrbl)PR!>F-e&ZRbLHN
z-vC3fr@j9%>VW$abwaKkQs0c^cPex;-9k0s8)`zF4l7a4hFY^`s9n$jwH>?Q1^jHN
ze@&;)+-v@#om;z?{bM^Px|99o;);cAW*Vb-K)<g0`^C-8a+sRYv~iICrjut|xU=6M
z)}@$x!(X>ciG06t|1a)c=f8Q}tH8v6R51AUC0_K;?vgk6Mq8uW7yMU%r>@i52wd$y
z(<N`wZ+Ie>|8~&MGya>;bsLwr1=dn9`K90T_}m}XwYK}Uzhl?A?kxYat|Q%({z2W!
zxPSOpbQ_ssAy0qnkLZ5U_50s;Z{&{iH;6ABx|7=f{}n}BSNvn+$GLa>DS9jnQ~ke;
zMCbJX|7y%L7yLVV<aL+&FY&)~{V#hIa}W3<dX5ZUXWLrrU)}RS$P`M8`80nX<9zQQ
z-m8MU#lNXnPIsUG6#tv(PwM4&*Z4>GZsgAKAM4#DY>fSM#Q%4NF0&o)FV&~8d(hvu
zPi^;%|C>IZ`<*{`-(v1=e}ld~Q*7r`Q~g`|7It^}ul8N&F7pphsGVXFwe$S@6EeA;
z|9nEMyTqTnUyOUy-?3je_ojb8|GVBF(Z5RYS3Eb1G0yP!?(ezN{Ym}5bvO8@4;ZOb
z3;f#62>$eE85ryS?(aBoh<nU`W?&|FPvY%?2VD28fA!!-?%2d<gLAs>U4Q7%+QBnv
zF&Ce?mDq9USvPnBMg2PAuQaTfyVf5+%yW16Zx1Vw<u-TT+QqBK5Ec@qQ~unaOwIi(
zccQt|l$sgbS;c<~sQZ(;pZ$kEiFN<y5BW5wyTV`e(<<)7#Q0BRU3Zm#-SE8bCjY77
z?L$}c@K5{~$_M%LdFQyl(ui^HZ2#^Ndqb{LKb-$ga&N1D^2h@2A^*COWrDX+r(a+A
zlSbxrC;3y1%Ii+^M~w1<&)GZY{p&_~?p}Y?==Sar|K!m*Q!MAsY5(fc72IF^H%FIn
qe@G1d?8L9zUNm(-Og)i*N3*SSdtXf2ZO3~0R;SrEWr(l4@BaWJ;rS>4

diff --git a/geonode/locale/fr/LC_MESSAGES/django.po b/geonode/locale/fr/LC_MESSAGES/django.po
index d470d6f59aa..2dd120c69d2 100644
--- a/geonode/locale/fr/LC_MESSAGES/django.po
+++ b/geonode/locale/fr/LC_MESSAGES/django.po
@@ -1252,6 +1252,12 @@ msgstr "Autre, facultatif, métadonnées"
 msgid "Responsible Parties"
 msgstr "Parties responsables"
 
+msgid "toggle more Contact Roles"
+msgstr "afficher plus de rôles"
+
+msgid "more metadata contact roles"
+msgstr "plus de rôles de contact de métadonnées"
+
 msgid "Responsible and Permissions"
 msgstr "Responsabilité et autorisations"
 
diff --git a/geonode/locale/it/LC_MESSAGES/django.mo b/geonode/locale/it/LC_MESSAGES/django.mo
index 431f7fffb9b3ea4379b6793efad59a8fcaffacb6..e76a048452590e26ad196fe83e0625f9356e8fdf 100644
GIT binary patch
literal 20525
zcmeI3dyHgRUB{2g3icwn3(6v{oMBmd2c~<vXJ>YHd)dX_nVz9{yJvc*dsbM{^;Xrb
z?z>Y}xAxwu?&-k?f>9G85yb?2g2opnlB|*_k)WCQk0u)bFe(}&ihpP#(ICEJ#LxG4
z&b?LDFBVi{3^#N8TlaMyzxVl_-~7ex&-+ow@ea;!;5_|2=YADjc>#Yo?zq*tkAp7<
zuY&&s{w(<D3!VFB@KfLo@WNL+_bm9^U<wXi<lHv+aqtho$6xH+GI;E3ocm$$8u&fn
ze}caczU?;WJ_BC9-MN1NmtGQ{-}h45;`-M?jbr9(!}Aw>9p7^OZ{UxE|N1gc@I7}p
z_Y>f|Uhdq<FLUm-U+>&|xqk8$yvy~c!PkO+e`gr)9j|om+j;(b;4R<@@7!7N6v%7t
zX%LdQ4tNZF27D{{BOp_EFXrYP_zfUabgQ7+`BrcWY=R<X57hfRAYHrf1sR(A8Sopy
zkAklP|2#hbEXa`Do!r#(hrq7{-vU~@;8$_o1NGi@@HOCjK}h622CAPw0`>i;<Mr)#
zIR}f}90+UN!|{3*R6E}Ss-L%l>gVm?SAg#VpAWt};`=~Y=RN@54L%#M{{$4h{ub1{
zKLyT${{pJt*Sy*}{<+iq(fv1rh?M(*c>g`%S8)9spyu;Y(1V`@Pl314nZ|cNsPVl4
zRJ)JH>o<XjglmHQb2s>N9(+Ie9`J9#ck4clKM1~XI?UsZAR_4A42qA}K(+tYc>nvr
zALRPI;E#c?z9+QzF|g0|#&Kj8{2lNX@YdIcdEEwzPj`aP2d6>N<z#$*f5h{k=CKCq
z{ci&`jxBHsydJOL0g7Hf0;->%j`(w+zWZfx3jA=y-vZU{@5Sps1;w{d#_P|3qNjUZ
z7~k{3FXQsX@%pxS{qlJI3h+I=a2I$7`0FPaBk%v=jB_6W7htOB@fq-)VEbgy|4)M{
z*Ei?Tb@2GSbDsb|2tEqF6XyOj_{ZS8z@2-M9q^XZ(2joo3A_!w{XXY@i2JWbNlWm<
z;NOGC@8?~fzw80${+a7L7o7V|@TD;MmE8YB@VB`B$Jaae7}w7}<lN75{htq`17Ggk
z&%J?paQ~BwVZ5v7&@G<diSUTd?*tzMe;DL7_ZQ&vz`q0`h5H-u`@!3m0)5{H(xm$!
zC_erjcnkRN;1uXC1Ua}BlwEi!D1AK!$}YSCl-@oGqPlK3KK}_&dis(0{NvzPa{X_h
zwR<th!L6X)`&#fd;297VbZ-IG&)Yz?|5Ne$qoCyE&%oQkzXhca{}G?R=#8PD6X1)u
ze=jIKeFS_ycp>5?5Yz3R0PhB$1|@Gl1d3iC0AB$9JP7OEhd{OW2~hL=2XGdA$#RhM
zN5EHeeF;>5C5R}w9q<+4FMx=Oy9sI>{{o5*p9M9aDTGVccYv}BcY!nD0{A$%1<Edb
z1bjDm879jvd;-+`?_3G=I0@?d5pW9J0AC6|1^yH`0A&|mvKrd^6;OI`?o#lZzXoc2
zQ<nq3ZwJ4M>sNxhe;j-PI1k<mE=0Tl%AQ{V_5K$4Vz2-;j<?6_cY*ruCqc>CFGc(i
zsP8@u>iv&J{9RD=`J;IK*P!_Hsd)WaP;xc37RGlQD7k-mynaQzzAIke9j|%Cp<-@F
zKR6(R9q))Z2cjx=NKX2k8rQdT=A7%CsIc)AaEbnKT;$x~e3>pd#EUDOlBp*-QR9h2
zGNa=f=QO8eMf8>Ie-Gz%PNrzI$K*&Ijm|v~(Xm(vaEN1lNS^PBSG%C}N{8e{$J+xq
z%!$i5&v9b5?074GrB~JQ7Jf)SA)9M+9^-r+=QnYRFD2)roQRDb-@@NbPT7<*oYI9E
z&c`?jbzF;c{CFx}AeJUC-wl2zXBzL{6|o6!abi{-p;LWq^XmqubW-*RGwa^QDOnnD
zR>zz9@ok)#Ups~oPlAuf-&esGaeha<UI0&UN=|jmb3Vj5%jr3FJQBcS%!1$2wd!c_
z<F%YioX>Dd?j@@_WYgYczlgyiJ`H{ir}Y1Y@!s)>9q_w27dgA}-V;JU<4@1c`A3qL
zzmh&POv}NnUr&qewD8TO*UJY!FZ@o{>3IF_7kM)+OF!63eGy*wtzqg1xi9l>I@rp3
zn><VgJ}Z4cEt+YzowoG2k^00pJ6YNr__Qc!^qzEfbM}PqCY^R(ba|_4u-xqplItgY
z*4s`x+30?ko|Dbgw~M4pKPNP@R@zMa13Ia{F7n}kr^jc*)aL!wUNRhP<wbTQZOvAb
z^gBsuGb%NpooujWb7Fps+Uo=EXU$}g<vrgl(v~ihP8nOh*I&qsM%Lo?tl!vTvi#dj
zdufq$I=hUelMKSVX|9`<rJ5;*owW4)*v*H9FOA5v{#?#%n*-~<+${%b*C#FJmz9Ge
z88Aht<GXp0LJtut45>&rlcE)<P1k{<kw9^br~M^3b|D}3nD*r&+st~gQ=9y-moz%5
zXgKVNzt&dn+gT5O8GB2H*{lf*@d8E9_*EF4x2*ZaPAA_HT_-zWNXbsZnDcgQ%tXtW
z9GX4h8^bW^itQ2~S{;_W#rG1oa@g<Z1(b|k-xvC9isu@=*cnF|zeu)|tYZ^H1~m=%
zu8EsWCatZsfCY$SFWt;xsIhk|O<HLoq2`+%-tf>#vYtU4lTyE(C4PF*`kgtql@vUm
z_6d}#ZmuM~%^|`$?PF_|{GIiSlfon|%Md8ZO<HM03o*9|r#1D%TYE*ZmefeKNSOO;
zx!%aSDH;%3kCP9g=BrK$bVeE@@-*{qzmpDXE+b@q$Mko=vtF4QWfCMhDf1vP1A2(v
zJ|O9Bcd};euVQ7@Q{8$aZ6+{Q;(!&1-;C6*IV=k4VL3o;Mlusv%T#vzsG<~WE9v*s
zo+(k{*RF2VTE8RC`tGnZ$e2$gD?-T4WPna#BV?I!pSH57Ye`qLj(wPD&(Habc@L=)
zXR1e47eOke&Pk84G8ofqTAh%zK$-b@zmoPgu__~Wp9{vXqD?DB)dCZyWdmq)CVVqJ
zqJU|QZ{)3AF-8olgjK?axi!NhvP+~izq~O>;;YpR;*d`HH8`L5Ab_mV1r$Y67>zxa
zER$;3%wxBaY2jYfv$lPvp1LVYqGxrRr7!zwGizrIrLh~H*`(tL?)7WQZYRgpY~;CL
zNs3L=;P$XgI#~6*YoA1ErH6yOO(jX{xF1_H8(x1OoeZSusE2|^lR&%J@=jK61!5(p
z(KQXW@Cj-+M_Lf}j%L~H<j8HDW-o2(Nu17UfAz|8m`dK;lr1`BCekOhpx5Ph2F$+0
zCu$$R7^f*_;8lEjJ&{i0|4dne)G(VdIZph=r7_u;_hO2}-mn~+nporNEol$r&ivZt
z^^FsZfo7WdumgKiY+Ty&j3(h13YZP>TUmL{%v$14&!5Jj4Jxlz+u->#IMmuM;|f}s
zMilh9b22!wO2#YIkG#Z@pcFd^(vy3P4_>#uYeQ;h*TV$xrbHY&)iijoljjUO(74tm
zjR{REe0^uB*UaTIYa7kPF*;FOg4q1k+um1J8Xwtw)-PR0tT9dFY9sX-1_w71*jgo`
zMs{g`Tq$B#)1kp?95pG7)%!<q>H!n7)ugvunfa2qAqa+K)}|q$!Za!PF!jYUM5(WJ
zGU*Zw5YXY1vEd%+&tnXcn|y|eglRv3Z4W)1GYya(v*7R&?(}-4=uMf)K7K-0pk;9&
z@q^+fI7A3#&0-&-;$Xi^M34KXR(q@jUtp5PMxrpF94PjTDk2-6LD4ux1&`NsFLEG;
zG)M##X-TkQ+E60T&>BhenoaEt;qEf_wvdLehfsG(5vlAxJ%(7Snnnx@q`t8i%^^jU
zASFJBZlrmsi3nG<F^sL{XkgFhP2{``B;kF$7*4Z_<bt)0(Kd?N9(LMHn#N*it<J|k
zX{4GoJ+-q<WRP%);ow1=@=BQY(O~0*=PhnpmRXTVhT!9<slIVzV+{ju0hvkHggM_A
zo>kU93Q!#pck@!>CJLDUuNfXm874xwBAIL<G_!u$mJW$$0fH#Ye+PcZ-;D>@=JCdu
zvy(O|20_AMU#*3(@yy&QTi#sc4u)lt%O&w<u$ht8SvRZ!pyU{Vxp#dxwvX;@z>s!U
zFgfD&z7$QqwzDm^i1@)oL109&*+~=mpeiVtMjn&qRtTZa%-w4um=R~QPN{;|i7}4L
z&WN+(!ARcma4l4)R{c1c#4Gg4AtQ1DMa}nO6366ff)mx-nPxAwZ-vzd5d}O<dd(Oc
zeJ&NT^<v(mmGKtgODo?A-t)}dX&)Kl>yY(gnqQKt(sLbIRF=a6UtU-b3d<zUKT^%Z
zLdxnznKlc6&&BW+4p)4^J`$r#1z>KMtCq0{p0mo304B#22%ecc<4pseU|AreuZ7fl
zy%rfa6NfOTP$&>q8qrsp1X!cU(jaf<L>Gz+YKwSC=%j)6hgg~@6PO7(?@4v4o75U2
zDAlOBTAn9$xN7%7WAQ}L(L<uc(i@pE0`!L627$!>!A1jfpMN4LvIM#=cFNpeimR*C
zbmb^R6UC2LH1v9?Bh`Bj3uKfmsGocXEt&Skft|(Fm&0~DYg*=Eodq=#Fri<ETYB1x
zwy9mDtS(ZP;g$X1nOV0^b}f~h6M4(VA86u@(R>g%6O~lHA|zM{*>dxk(r(09X$}-N
zCIhM{-XygcD&H_Z-)L+U+*KY53&Ro>@1ba}ODNS#>5LIdZm>o@uCx#%Rv5}N$NpM*
za~J{^UbP7i`yuf#YOU-iO+}{o;6RPN?c)d0s<dUv8CF{AzC^zu(by=M(;%^R{r^__
z<ILOx82w&rCu<QLuVh`uvUI%(A@(@Gy$al@KkC>=vJJ9>QF#u`(9~+dDjCZjm-c4=
z6tyaWGZIW0ZV0@SFd{;TOm+a17dlgDqufIb-P*a*E9UHX;hgD0$r?8>`><ruc%CR}
zNP?55+@;#FL{dG+pd>7NW#E>sW8;q^50)p@J7y7Bjo4f@7frxSTNG_gQR+NeCPeCu
zob+K*OloXGq=F+4^9>0z=Pg)6a9V*N|MS_iWfE=f?t99#a~uoM_IKaY><#$I4Pvac
zb>y>Y_xeWhu>Da|wIT^JaP`WHk)>@ZIeTLbbyV!Ul{T-1v|ukC?BvBY1s~C)5fdqV
z3fYsDWEVSpwQruB=og*WDrDpsAw5Q-Ctf4Tit&{n4dG&JkR+ytc(r$}XYP2h^3okl
z1{T2hE5*fLB&0aac9;NL@3U@k{oFDOUxdM5AYylm4cw<&Ed6@cP##e~o5b=hw^&6q
z{_fJ9TReZ|;>^WP-XQS4lx%04Ap%xHZ4jS6itr!yC?^W>m&w4`XQjVbB>k<d8NaL_
z9Nzc_c~&Ko{94w@2lxR$-t|V_&o@Jp7z|dSt4ZI_&&@p+J2>$989m<0F%c0w)?7b{
znr+U+`PZZ)O?ydCxvj-&u4u}!#tP31oC`TQJ?GW%_1J5QR)`e)36qB*Pb8foJ(4ym
zFcI8X?rJ)ZASE;N%Fm|7VNd6dd~C^GK3=+VesSGeg%WOQom|2?$v1LV@Ow!)G&)HX
zF*%7q$h2YpNK`Rd1P3v|$fvDidamJI$XIV>HzXbxmoGRZ_R;mrmxLS37r4&zO(NJO
zL}AN6wz{(KM#vVD`5?jHYh6|}o9ym=>q+<M+R{b)b82pG&INVRpox}EY2=!!=t63N
zrLC36ty+BO*9W_N;8vBlmmY~@YU6}fsLd^zH>tH!Zf><$Up_yxs>I`rMIr1y5HYT&
zNtZUt$e8mGssVGHy%_9>yJT{VI2!Zt_!~viE34fCQbFYU-P)y#ZY?d8G|^a$ilY(B
zeX<B-#A$#0wR%dEF9d5d=6ZO~B5qQVAt^RNn!z!5#l$j#$@coj<ts~1U0plBxUqEJ
zt(!?)VY9*+)yV3}K%Gy^W|8%Yw%i8JfoONwMIYuZ{Y9!b(S8qta`!2ZDLVPEy(JQh
z)R5QK)Fby{PX;7(PI#8E&@q}~-pg@5?2+*4ERFCf|AIrcrKhjgRJ1(n-yGdb)JE-D
z$+HKBh`xN<t-Nm|zm6p1fX$NfL}?4uHNNLxg_@(OuOiD_@KOWIt<;8k$A*)&y-xgl
z;Gk*^AB`yL|9^8tfnA?#L=ciWn&XCAnkK&?A!=$Xw8IJLu8uMt=7z^_*sAcDi_WRG
z5Ak|^<-B{->Pl@l5M@k>7@|e~px8CC=21;00m^E`-3i4+IAXCGk6f4=m8sMcE<wsz
z-dfI9kuO%%QcSjju`IyU)P$c^JZ599Q)JSvV>TB1yz=uJgj`16J7FTA;6yL<rWM$-
zP*n)sWbKWqQ{F`@iS4XKK7o;@omLRIX{N`*ropb%uB9q9QH?=@auGQh4hDRTVV5M=
z$?A2Rh&`J<dT8268y{N9m#q*@RD*-R`v&KCQ?_j?%9tOz{Fo#`-<x1gL*XiFFVY#}
z3LA4E$=INVz0hUV+axKp<6=8<6-}1gHe59~Mqp;3t;oriERldWQAQwiSdAyFZ`p*|
zyEBSGC#xw+;&dzd35}Zr5G@Pup3M4wu^>v>P9595EDPbHYiwewFj@_GgrDg<A{*L@
zH|@8rC|pK#R-D5tE5qwD(i~<Q>{lxvvNt)pE`!&@a4Gv-f5he-ADa(wq4#nt-&t@(
zTFq-ce1{uk1I(KC;Ns5#A(vxYxS87MHj{q1vVrMmrtquoK^|&5Q#j|O44VK~jE%C8
z>tu7-6nDFBH~v~H@}~)JXO>$tG4HV;M<f3*btP4XWM;M8%vv*#3^&V}jeNmRtzDkE
z5__1z#ia}W)ZD50nYq(5b7%ehnT5HtubaaUPpu^7V8*;#N7}mJ9~~;UjC1OA5?J;6
zr|o(cI_vtI*o2203h*20!+ag~R%bSFstaTYnG1q*&(>hjUpRSkXJ==YsS~!g)9W<R
zJ;|p%KCZD78#tK_P9CqDTVNSGwYt2zG@9=G?A(-sD)=&^{euM}<LiTy{SFDR2c_xS
z_<iW=#)X;tNAIcYc3R9-+Y1Z+{st|tu|1G<W-ee_$_3x++hzICsRwakdh*acJ%8*W
zKY#qesW;7Bw9)}1&020-l&5A-&z_nJJMMeRGnP9s6Nwq@`Tp?cvz~ebBvpo#t!-|G
z>$JG}em23_)<Mp-<R+9+;wT}`_s?LanmNB&e6YXG07Ah=KMRUO5|wt87gyH6vM2Yj
zo?&^~?PvK3R`m!k0TLw`Fm0?4^&f1nN;v4Ig=u5PyqJ+SPz}c>Uu6e=!uVqW2j6az
zA4#`!q5}0ndNa-=tv1*97I&=d9mmaIv^{`?#@ND#0K_+*mO@3x4JtZpBp3i#&eGrp
zx?;I@>Ojb6k&q4?n5g%7TpJ;|r)_MF<)jtikbjqOD@IZxcGHHPY5yKYzi}fr&FVce
zFDABFMnmAvbkZHG`C!5s1XeLfBCdGC%T(nE8C}X*S!=v9gpD?simti73|xytpC|(v
ziO%Iv7a?XvBFRN~7C<dhStdmFeG*9|K{Pk~biQo^7NyI)Kz=H&B(cMT>qGYSOzXyu
zylkeu8<LJ7Mtd679*-wU!e&Iy$R@;wP@5IS4N<+CM@Z6gCk|$R#fZsB=p=q*)9Ymo
zg`aS58ZxuT1y4~7Rfc4YFtAl=aMVarVsfJ@5`-v7jb)0gfB`!8Rb*k?mwrrZARnbm
z?2Sz{RMn823-)E&r~AuFDv3X$oCFF-J=MInDw$_{bb60`*BlG#u%Cqol#`732Ma0+
z#g1q%-A2wQZ4H)~U>%)<97rjdETbqIXjLVN?2By=5c+IN@1*IGZR3R{hbwi}!=z!O
zS*>C^8DUkJAR!HW(S?<n1andgu;o{x8e`5_SW>~zv|+QsG7@jAH(@T#VdneU&EKe~
zP21GTF%|4#FNkQDeP*>G&DJiYj9#TLVTN_7$(T5f*n)1L^#r%H8FuUx>5?u+bjBn!
zHg!O)$v#=IY7<%ZdN;hPH9_x0m_E9-*N~ghoe<TuvNw#d${c4DYG9&r%4~><Y{t<v
z#PJ<ccrubG)F_#h9U5$I-Tb9+b3$2*Y*;o4C@~&o-a>WTMrB!GqVJ%Yaqq)&>Mert
zpcZj72N$8hE(vf8bF0L(Xi+&?8PwXn!p;$!s!?WaP{&e~;AhlO)ve5{i3_Hc^r|cv
zK2fVLK8xEQtu&~_Hq#<uXFdV3te>OIn5BNOGwp;hNpT}@i}3jNAy&!=4-phON}J+z
z_Z6ueF;f}5&a~=A$g#=PQ+?+<!`^1#Fb%7lNDNG@UmTAIEMSNhNU=t(5R+P@$`ytw
z?N?7(kBw9KsX&_Et+N)HI6V(lE78OC^Ffg|SPR5q5XzcLvx4VU8R@MkiBh?Yy_gi&
zfGrKNP1rl;3tpzSB~s^zVwNN5G$9di(LA!G2cfA1p|Ulz?CY{f!7hkbv7#lI1_d<Q
zH5O5;NwQ94kDdu2)tYQHoa(Vu)oT>?38k!6I+nbQbi4{lry;ZAA8jv925YAM7TraP
z99-=}Vhn8}HX{;1JP%P6;ycTWl~kD36(R_#^*TK^W*l5q0<+iX>>bd-#V@Evl(aEF
zX97DGC8}FdJ&S=ua5f|3U;&S^a@f==D6??y(ApRF9JEspH$(_RA{Z5_Ynr(ag)zou
zD}gbtnnyq&#}u=Qw-k9}%!qtOwnAFKcO%Q7E}%WJeWiDDG2>R~1T@F4==SI{i$z%K
zDWoyh(<p*ZAxs=U?Zz1Ch;o?6Lu?rr0b!rieE6s%$S>7XB3kkxRp%lYV!Ec7LhHjp
zLbRLRd=|YN`Bx}cvR5o)$k->11Qd=1FTv(1&<G2iV1p{tkEI-~X-u@~-Kt_@P{!C5
z_Djm9Ct4f}#KV^V0W~s5%|FJYw(WI*(T|~JOks*N;&L$ekrw!cNCI1vg;zSLNjhNJ
zCOxQLU(XacYOc@)Hb#bYaRaDiQc%^ZAS=c&!9S^tVp=P$oH{3oRWMJ{;e2!2Fn!-w
z8#6g&hB#`sm0OI5$cGXPa$3~H)bvKpdDkqRCU5o+OJQz|wNw`a$Z|25!I9lVl9U@W
zn@3Z&<}tk`*lCKP2(Hv8k#E{#8xAd=nViJ9%tc`v$#3M7W@#%Q2&{bz5+_<FR<0fk
zF<LmofHL1E2}69Bq4#E1@a?JAP4#<07^UD^`quB5DAp9jBM{eV@o8c{>sO|aQZ}3d
zlEGLfC7F!XSO?}vBXf_au|aV$Rq$hvae@hB+Y7m>Z0b3g@WuKXi6ZaT(T0kP(R+=~
z_(((&Rj@N1*J+YKeZ-V`v7)pV+-5Yb2uJ)TqnkaaI-Jjg&x+}XL4hirq^BT#R*eG<
zO_wWsUa73s7%IQ1g2-UU#%<A<_WCwj8kRYeO-sx|95UX1)R7qbm>Zbv?LpR`V;PsU
zavdyaqT2~Z*HfR9Vg{fo(S(J6wj#DPOjrt^nLDCJXOfTy8v3Xx@HUuNO;gJ$tWuCT
z?KI(3o>MyGK>d$0dsxNJp<_gVtrmqk<dM-7r3fwS${!NiH-7-@B#Rl6@p6qaD$Pm1
zv=zd0^GK5(qcR3bm24O{8m!8w;i;^KRxB1KR5_e_trTRvGff(;IgCobhIAcBkrRGz
z&|9~|EJ&FK5oQsD8B)@MQIC;;#ms>H19XyIolx6DD261~t(f9<GD^ENbX%oR;lr?$
zSsHKl$dOP1td$Mbg&07k2iZ%At5$Mo+XS9G`r@R!jxPI|6rltBf?Tp?3dl%oW>n``
zOl7q>#!mf*f-PHCplPb2Axoh8Al^fJk4WOlvJZR8DiH7oz8meI2@zK90vP}*q<9W~
zNIEeivHKGFF48K=r2oN044hG=3CTByT0OCugCy-q5NcGa{?R6cOf3U9KJTB(2{YVe
z8cmE3Pe=wm-B&d9If*;$A@$5Hm?y;oO-so_xba1`S>b4HDpM`PU58Iz!HZ4x^H-WG
zAPR~T<16R)mlQoWJN5;pWv#yGfzz$CY5U&$T4zqD_s=KoR(jvu+1CB-*8HjYvu95=
zp6Yj=nsd+Pt$F_EZ(VbArOx%|vEV3X<3o<r^0$io^?@w5>PL*>c=?e#mzZGN5vgVT
zIsf%bH!R+Xv1G@#`IY}?q0P1kPmxx(i`GMMC~3t$j?5e(YDjI2hYeX6$2vWe2F5`%
zu&XQ~>M|rYhC=}}#(Lc6M)g$iA62NsMjkf!OT|e|Ul%WZk&2VFkuTxVu8+1T%21|+
z*P)C*E7%E1TqSD%>!nII7=+bwGG2vCZZ&3OwTGaRrHoo6$y0&&V-2yHT6J02kA>V@
zuoQQ04lG)tPDzR}Uc0onB5CCds#~gN5!5Uw-XJpz9l|eL?vF+4?xI#L=n$nqY>KFo
z31`DnrLC#nUGgdViF>J{nEZ=UxwKS=Im&|f84X2XCM@HN^xAAlOvWFGwv|b7ixZBK
z`&PM>G#Z#1)i22jn{f#(5OW-JOLCsQ#D%&T<<8ybTfej-!^nTA!z@w16e9#VtX{6B
zaZT8{x{hgCr5{Fdy$b#L|EM-DyDPU=`!x1YC422;TU)HEIgy7prX?NhvNd#Y{m_?+
zn)a7j{Wpr5mclM~ovq5<zB|X<Ij#0#_Q;CFJ1T6d^tG}uo=PVQ;t~=!L}r%Yl5AQN
zFk2}EDw?=uVo?`5RXeW=+bsbRa{g?%H7Km5To&_+sNgLvPBldeTkW{&sVVYA<lERw
zq2X#9i{3Wb<hHbeC1RDL8A>;(g9+7AUn+O{zgh0Yg0)_$!SHIuFZnsR9DooRLufI6
xwKdAiEFps6Sr*Ve!Ey!T;zIEgOFb%~zK{wi6?krIv8?qa-Kq8L|3@X%e*s@bue$&M

literal 161218
zcmce<2Yggj*S9?hB27R*MEcMZ2nije_aaq#5n+-H$v~0`nIs5`g4n<g2x3PRK@=24
zKokptfMP`y>;(`N6i`$|{I37mYm%UH-_Q4a@B5wKbGXi4d+)W^UVH6w&cyrqtl~L$
z`M8>&>+{usk2LrBx|Q_#5>h1f`I=ql^OcMxAJ&TT`P$#$^DRO?=0=|{4f#(nh<x-s
zpRX+3e6!CtocuR$@%eheI=A|KW09x9?xbJ6&F722;<x*JnQ%G`!GlopOYiXc=EJRU
zFdTg+H(UXOFow*oFby7(99|9QFYx(V!U_wq750L%a~jNr<>;llGzX4=2jSD_`+S`!
z)Q0qr%YDA{V8h3JzE-d$tPay*Wq2Jd4ex;!;G?h>Tn`(;J+J{h4a>v&E1VszU}w^k
zATIVj3QNK#p!BUXz6?u|egl?(AHaU_Q`i+YTIus$4AWs__%NIccfl=i)Z;$iU$FWr
zpKp`+gwNL(eh4pv{wMJ{oC#~gIZ*vrW?Tm=k$&CMAH({j4@3E(;%cAoLYQdm1ur6f
znWgh!9n!Zz=~-=j70Q2mEd2vi`@S`<eZR2<RK1>-9u4D2PlodA0$2}jgzEpNP<}7@
zl*?}h?<LMg!luZNJ?-Mzzt-8`3D!hD23CdBOnxU++&>8$!kxyWP~|Rq#`UuWtVX&&
zlpiLUe5P>`ya4$cSOvZYRqhkxaVUS4e%6(%2bJH>I2g*lNw5jL4$7{lpdaqC{3B4~
zao#$Y9|zUnUQqsuK-Iqwj)&Xfsbci)IcHbB=bhg=K*d7}EDJ-hB%B5nr?ZSVLdD~4
zuo7GZnKr)1q5884DvowTl{)~-!6Q(5|Frxv1f|k7VHwy2D*oHTim*GBo)MN#gR*A^
zlt1S{&Ch$G^sIp8;d8Jq+y-UWAt=2kEx-5+uAh~m?5_@0KMAUQCn!CGpvM1lh`W5(
zL$x;-%CC!{#_J_0d-lMN@CY0Lo4n}8;R-0d%VABp9!k###;>5-{}KA(pHS`A+U)$-
z3(EfkVRbkhc7@qcdY*>z-)7@ZD1Cb@{f+S_D1V-^{Bkcjf7XDqzX7ZaJHZxk7}Wf|
z0oH~qU|YBy#zWuBKHrs~F;w~GQ2yKtHGYR-Dd>B}=`9Tv2YzD`)VOqp@@GG&e&j&K
z;nh&_be+lXhw|e}sJMC_O5dwc{e2f|UHBZTT=7?3zb=GYClaCT84Ab4%b@B%4`s&=
z<8G+-KR51&io5SE|7R$_{{<B%=WTKA*MPC48$;D^3S~!2SPb^GbYG}`j)AHlgla#}
zI18%1o1xlS2o+~bq2geJ<-Y_qp4*}7?=$&+sBt_3RsNjU+&WbTDt;P5wcFh|)bf*I
zE#xzy#_v8@7p{RC*Y}{}<bdU$hFT9RY^9wT;vLo`-C~>D*M~s0zW}Nq_dxmMG1v}n
zu=G)=_F`Xm?N^4fuN6E8_Js0hKPWweVSRWRoC;^d&hR+w4qI&Z`MSV7*aNPEnwP&r
z+1qA^&vz{x0@c6wq4b|Ho`PyOcBhM*5>Ro{1j-NXq53h%<P%^?(pgaUO@m(C!V;wK
zhZ?^}E&l~5J9a>o`x>g;DX4bNdBcroB`A3<cmZq(RlWn1zTr^zPk|%hZBXO8A8J0t
zyy^1G!zQF#K*h`DuocXP7sE$kC-^y(A8YP%{<sXP{bYD9oD9|fsZe%a56^=Oq2g^R
zEDhIN{;QUL*V3ODzlVyWlTh_5zU9WhHkAD>pyyv$oAd<BzXnz#J>T-5gzEohD1BeT
zGVpgOyNkc=>?{k*lCA+2SB;_i(;gOs-Jr(17nD7hK&@w^;QeqO+)RAOz2p3T@Lgx`
zX{dfzc+bUSBdGcVpxPS)%fU1#{rOP#T?s3~8==PI9#|ee0agA5*c`qA73Y6K*<1I0
z7YFfB{^<-=e=t<L0ay`cLD@AMDqa>tm3s;*PG5!1;2Tiwor2O|X1BAiB9#7GP~({d
zOTqS*-xIbbJp}sU4N(1k49bpmP;vDtRGgoJvg^VRoE`B{`a2j0K;@6ObT-tu&xUGu
zDU^R!nS2w}I`c7<Uw?<1zo()4cg`NyPFbjSYFoM)l%DQTb`CZ91WQka8lS77%FTmq
z;63m{_%4*6zJ=2JBb0r<4_$s~V;v}a+QDMPO=qZh?EaCn_Y&xh8<gJyuo4VI#s3^A
ze>@1~|Fuy4dJ(GKZBX?-wDf+c{+xi7VX?hVe^n^^nn2~ZhN{;cs=XmlcBMj<%Yf>4
zK9v18K$X7*ro(%n^c36Y<mW@xuVv|mQ1hu3>_@-b!5XBm{g^ceJ_tv^(@=gM{s}&X
z6QSB`@hN*WYzM2rG~+d}6Y0gUCj0=Z{BbC|e}`J%i+$$&+ZC#QFDQNEVGDQ*l)W!O
z_2YFYf9{4FkNxl>_$$=BIRA53t~OLU0jgXF<3P)w0Ohv~D1BF%{8r;V#>b4$LdDT5
zQ2Mq*#n(Ql{v3ts-ycx+#(d$@rJ&-VJXE=hpvI>zl;4|Kx)oHp?oj&sL)kSRN}dI8
zfYab0cp7RR4g8Y14u`^ccrCmDJ^{7Pz5><HZ%qC(lzpYXa`sg)R)KdQuL;%9)ll}X
zGrj~hjyqsoco53Y(qB72)PPF2go=}1Q1)L6)qXP6IOV|F@MhQ*u7a93KS25AFDU!U
ze&gD&4AsxtQ1hxjRDP1NE!6z$0;|GtP~(yZ6)(3y`DF>L2e&}Q#X+cYCyZtH6L&G_
zhq7nb0hd1sb|O6!${(Ac+TRNOa2J%_N8n_53d)YOgRbARjdw!L-=)y=E7Ul>Wcj<H
z`uB~ce}uC0FR1Y^_pMu>tH9!<FNN~&C}TQoM0z?r7cPYwhZV3Id={$Rx1sdzg_>{Q
zT3R1rlwTgIepUDk^jms2jFA2q?tp{8<K0~4zIWqu-VZLGE5LJ*SB7e*8kC*!uo-L*
zrGE<4x|aiE;Z0EGZ-(;AJy7<qfeqj$xDb8`gE0TF^TQ`larqULUf&VdUJ0mpyU5bb
zq2jPR)VeYhwuRS2`SV3s0&an_{|%`2-+}VqC$Jgu@hiNQblgvF+@FK5l70;;{%<_$
z^elnu-%?l#u7~mP6{z_5-dG$bDqR~Uz>DE|aFQ_s72mTgeIHbutb}dgv+x1<J(S(^
zjyv8CRc;|H2_J+S?-fw?ybR^%olyP%9ID)YSQZ|Eb>S(K*Z$er6$i^9Zw*zhr*SBh
ze<xZx8>-yZ@B(-%)c8CM)!s_jAFeU^A5i{|{l(>%gBp(uEL{UCzplv>q59hf#=#D-
zAxwqd`U3r=S3!;6o0fkNs$RJh&b~@ecGrdSdkZMPb%C<;5-7h6ftBGHsD6Z@{Fx8c
z-fd8ExEjjtH=*?IhHCE{D8C<q(sSJ8rG9nomV+6{t3&C(308!+!wcZUQ2t&IrGG1w
zUAv(4?tzMvFHC+4sz1elbAGF6tOeD-#!&iNo4f~XM0zlkz0;t|T?MPa8=>re(9-LS
zyP*8EAGU|z!xv%0-(5exfwJ#=sDAun^3o?=KPtdF$g4uN+X2e1u2A+5f*SX6@O+pC
z{qPE?{x2~;4CU`t#!XOq-hdV0Uf39Z4=;ij{^8C!Nl@cA09Jz;Q0?6auZ9a?Q&{no
zv!^SRodcozJrrIDM?={chH7^fRKIV7>c`zsdLOm?r=iNf1fPZPK<T~yPiN;mSc~*J
zsB*iZ#(h6*0uMu#uX@_aYeB7}4WaxJ59RL`#y(K<@iM6KoB~I~IZ%H41P+5gSbo>P
z-247$sD9iDYruP9b+`f6gu9{obqv;rr=k2&&llsR+e7((0!)HaVI{Z}%AR#l{dx_`
zZ*M}?-v_1lC{+7@Liw>oj4OA6u`ZM!n!!1+HT)TFgg3+0u`xcTg0DS?dX`*Yi*sVU
zIIdsZ+0`DZ-2qVk8w)l6#={{n6%K;yjOXytM0O2>>hA>Obx`wXC2RoSwe+vB8R^<3
zTsuRc#^-Wl8k9e?q5O0UR6ifE^eU)0dlAZCTTK2QtV;SDsCYgNRjx|O81FklO<0Wd
zP^kDBY3Vd5JyW38ml;s@+zJ&3i!6URlpX6#{wl0R`aR1(3gstXDQ9;HsP&?%rRziK
zYXjx4-mo?t3N_zzp!S!AQ2t*JHUG9kwetnkdF?MKztk%o<GmNOh8d(&VO#hvRNR&-
z6XUxbj)#}P!*C*Ocb?O;1hymnB77L0faBm2e(bs!{sKF~q;fIdI*|e8x5ZHXTmj{$
zHBkNBVCgN;i(7ad@_kVKolxGDn*z0N=0nB#El_$ETKayddGsh$zqgqDE2w^c2PeT%
z=g0Ww!Oc+fqhAHr?nEfPSy1ifL+QU3%5OJY{{2w>c@+BLb5Q;I5Ne(HOpIY)f+|<C
zlG9riYW~%Mikl`-{cmsiy`bW5AXK~zgVHw<YF_3+)t>?7r|Y2XnhzC!k3i{N54A3A
zgKB@D$-jr{-$|&riN#3iuMbzii=q1Q6_j5NLB*Y~vg7$s_WGgfH-SlTAe7xRq4dvz
z^4rZ&`WHgku@XxE^H6rb0_ErTq3r$~s^3ST+WiA6j>}x=>NSM%q?<zJkAf<n24z<+
z)cn5&%Km$y;$<zA{_Rln{6i=^k3!k`JCuE~RU9ipm9GyKM=hc39SXJHr<(jKliv%~
z|0gZ|4AlC*6-xhCP;vP^RDVld<n&dB8plS))==}b2h@0`LD?|_s^4>=#{U^8eJ?`U
z_c4^-lThP+ZdK=pYA}&>8z?^ojX6;EUIV4?dgJX-{agao{wgTHY=-jp+fep?4*SBx
zmTptc#b-|_yZTu=&6okzkEu|4W<kZl9VTB4)y{I`dZ_W)4&}dhp!%^FYTYYY-Ps)n
zrKbf{zb`fpGzOsb=0W-O2B^4r9ID^1K*h})Q2yCt{2HqLpI`&{8<bya)o|sSLHWBA
zR6O;A(vt#ZUl!E3+y-UWldutd1*$)XEPV_XBVDbg(_0J5KTRy%0cxK0g|cHZYz^;#
z>c=)H{hvbVJqq=`?IhIrp5~7eWY;;h-FTLV+9&G5bl3}afU99M_?@x3KgRq1IsnR^
ztD)lgHmLrsg1z7yQ2ne>$IbI*Q1<qMns;eXew=B%9x4uQwe)>Zet*Q$Pg{B;?1_9E
z)cBUE>-tv_%8u$#dfUOiuq%{5=E8~aA*gyW_2?G|k&<u{ez~}TYyY8!Zl7NR6&Kr~
z){P%v6Iim5Ti04a*_R46AErX}_c|#5E`#dNN~m>egUR1F?uCl8&!Ox&Wa*zQ|D?%%
zajrilpvskp(tDxF8$g{)ni_jU`C$S~fLB574=bU@do{cVZiI@j;qh)9M?>jNhblh}
z%I>S6;(0NQhs$6KxC=IgzQ!@$?@5VJ^B@a0hqGW~xEA(@pTdqXzDbPtK0OKcBYi)V
zpASOCUzr4V-b;i^4})D{K2+SShkm#VD&CGj#Z|ecF5L`jJ`8~xk9??g=Pt{C#?tS@
zWaLMo_Mzd4F}}ND2<p5Oo8-=S?V<V|HZFl9NN<6fS5^5~q4w&+*|0Cvyx$4sr*EL<
zca`Sue9;9akzNj!zX#5OrCP*z-yP>c*;}Ed>wglI|As>O=>d2Xd==gg`?qraKLq99
zGOb-)^@UoGheD0#M5s6pLdC&sDEn`Lir2f~HSk{823Bw5;%F#Tf5UJd+zJ)9L)yCW
z8w;i95vcKh5?&O``xex?@zKRjf2sB^zRE+{Q_ENns(u_)oHd7v%T7@9xSQqogBs_d
zP;rq9)sMwc^WtHs{dXnQynF>Jp5KBR-%p|9=NMG^k{!$*sQFS0YTP<Nl^+4MzD+jH
zfb!ow=<P>P_O6HO_ZFz~A6Wi=sQGaMYJI5RF~&C&wuQ299h5z<LaoyuLFxGcdhZ!f
z<5#7VE8hTW9cuv<KmDN2+0&u?uokNQ7cIRD%Fd6V+CK#2;3=qf8+4BGg<%IM|F43I
zgJ+@q_&ij-_e{PY%FgeNe?i$-sf)9(4wT+RDF5|@(mMuf9Z81r?@TDaErx!$%+jwJ
z-!Xmy<)?3<;^h}hpM=s|qN{8Fe5g371!aFjOD912vz4WLL)9AuHSb2jZEzmcJi4@7
zjQ+&R_aj^mAM76E{T*2E9`1ax49dUnLHYYDD1C>a)}a$n{l2iLo2N~n)`h`vAk2dr
zk1bGk?uNVIKB#zH(aX)NHLwfmjZp3V4yC_TZ`WQtRKHq4&(BcvWeiljkB1tU45;;D
z1{?$*fc4>FD7!26aqscfq4xO)q5Sf(v0Ptge>d0|d77o?!{($nz^3p!sP*xper~_%
z4kZsm$?rG$>rm_J&z7HXiHqN{P~{iEB>0N)C~QT#PJh?_NZ5q*Y&Zfw346d|1Kd8}
z2WmaP18V&|4yCukKv%yDj3Yf6`r!ho_5NAd7Y-a0<9iS;g0j2KU{`-4OeB39l>9|_
zF+2#>pE^UF-^Rc(q;G*5mjh7t{sG&=MwiBT-%XQ^bD{kB6qH?GL9J_LhB|p7)V!Gp
zwT@m1wVyu$HP7}!_47yA3zi+`(!*dw(o>=0>~5&_<N>JoTMxA_ZZ{r;(tqx7XMbC$
z__z}){_cT_ug8t6jcZ{`<j+Bs`wq&kla@Yzgo{VNF$s<%zcbW)y$5RDeHhB0FG02q
z-|tZC!zm~`N{)1_0M$-4sCBq8l%IP;txMye)~hhQ5?%|l;c2My;Zbh9ZibpqTcG^&
zHI$zZnf#p5&c6Ck>s12Oxc7#dPuWoZTnJU~NvLt#4yE^dlb0Fe;=3W#zBK_Ve>T)Q
zz7)z28=%&=mtiTm6>2=*hH77b46Jh1pyo$iC_fB^WnnUupR%FGV>(p%C!zYc&eEHp
z;$;g|Jbwvg$NA%2`9@IdZ4#8fIzq+EXsC8VQ2M4p)td?B_k~dF(F!;eJ`b~C*~{Fz
zb`?~;IZ*4%TsRTF05v~qj(6Xc`azYuAIe|Lj9cLh(g&gDbMobGobP}QR1Rvt+5t6>
zzJz^X=?SjCL!sv%D8EgIIw#FF`8Mb${WerTe}eMEX(;_=Cc6GMhuUxZLdE%PD7}lJ
z*2jmS=E)mSas4(_JpTZ-zW)g2*AuV{tQc_RheDMf2^9wssCc^qYF<1HwQhf6`7y~(
z@3~O%QVMDuDnYg1$nu*&#aklO_zZ%Ii;0$>4rSLAljoRx1{{ZcCRG3STK-p1_I(F$
zfImXnou3lp)>EkVo`s{}Zm4x8A=S-~{!r_77WBi{p!~5P4udg4*WL)I{q=I_#T}I0
z)1czx8mMu(9yWrjpytW@P~&zOY8^NUH7;c*xqh}Yc7e+84b{IfQ2LXh)}6^v?dC(-
zcOC2wAA;lI*HHUux3n1V_v$;K>c0h5e-D)Yub|@i7bw3}Nq6?Qh3a1?DF63`8n?kv
z>&h^w_A)HJ2CCida3pLPa^pP{Dh}_2n$M3x#pfQVeWm<l7iZm|=Id;zIJp}t9-e^m
z<7TKh`UWcQjzH~e7fo^THw4P>^Pv2B2UJ{dGWlkxe!m745AQ%fJPhTRav83@3!(fS
z2j!3EP~|U$ewYPS{&uK!YB7|b)<M;K8LFQ<O#T~GJQmAzdP>5_NH>5BV|YJ=RWLL;
zj9*C4n2MbIXL30ABJUfC@e!iF4S6y8Dce_LT8#JKVU)ST?WYsrBJ!6*jYp>$G2Y)(
z&Vo}&AA@P|@+)J!-|M%*1*F?w<>KQlIGS|LneH5!4||h-AD)BWYFEeja!A*{#(lS$
z4?B?F4rS*#v)uc_5;&D~mDx_uT&VvJ;{fb|{O<WKZa#r6N&f=t!1x6&KKeuXF#t90
z8BqSe8Y)g6fQo~6pyJ~M)Vfm|C#v5)p~nA4sByRzDqa>DA2RvlQ1kB@I2OJPyTIyq
zx%1CB*h2N-U2q5d6i&d&Z^BNCW4!;arS#pdU%62J-2gSt{v~d{H-L)gfl%{46>1;8
z+PDO2pLiDf;a9LOEOw9UcS9(7Z>V)O4K{(dK<U{46@TwTtzSot=ilq%KMAVcu~6}w
z3swG3;~J<q-32vYP8l2B=j20S0`l2V`K#eW#KT^w@tg60vvalaE$Byn1j?TB54v<B
zRC+Mfyv>3Q;oVU7ykz_os@xw?_Ew`YrP~@uLiIZjD*q0s{yk~w*P--%1GOH;E_LZz
z#*R?_9Sha3na~d(htm57lz$IE^|#`~&dyFy>r5()gZIHUa4Vb(Pr>UM_#2ivd(T_p
z$~A#nZ-zs~!9=LIoCdXi%rf3&yaOt(?}l2JpMZ7XOHk*VFQMkgF<1`%X*_SGD_`B1
z2sMAYL7gLpLHQ}gI1_69UTpbKLB-e0Q0?r8YX1b(x?SpV=a1S@=}VyOoCsAu7pk4>
zO@0?t`ztMflkrX14Ed)}^R(P5SMCBRe>a5QItw)(S#SuP3n#*T@M75E31?p(Y()Ad
zsQLU9lwV&oZiVXiE~t1r2(@39d(w?V4Jdg7I1&zk%3lWM=cg_G0+hdZ8uvnt>$gyT
z_!;VaUvjmxqbAfjuQ8Orx<k$L(NJ-D15}(o3>8l=L#=a%;O(%~8h3tP0#$AYls^ta
zt!J@MIX|5TWmmkh9aMfFm;^6{^2=-}f8Pcb{|lk)Uk^1-TP*(rOMeVy|6!>0w)oS|
z-%X(AV`r%G8V@!8H^B&8V(GGLUHMv2{cjG{ejj))90+CSaH#RR9ID(TD1BEMZ-ud>
zAAqXA6e`XhgF1(-hbq4bsy}a9{zp*b_pR|b)Vw<l<&P52IDcON)qX2uN2qb^31#0H
zV+xc%GNJTb4>c~gL5<rJP=0(9%D&H_=Is&V`Omuf)&i<rf2g<_Z|SK}?aqOU|GQ!J
z7|s(=>(smJVtifUX(+q8Jm<!}A5^{3uoujP(*F$9{N4&RuRnwGZ?W~x|5c&-?T0EK
z2jgLTxCo}g;qVXG9}d~zzMtL)hmk%2C2zmc#lsEoR??5cda&j5ZoEc8jrVwCDpb5r
zfr{IOP<AbY8pn-L_Uwf6^CwW_x*sa;j+*@ZO>Q1lg&OD9Q2p%+HBZJs)z5{}KNG6l
z0x17I0OkJ`P~-Rl)V$mW8^IG$=bc(Fxb&S+>)}SI_2Ny~1RjT4*K5D%)}=PEJ?U&X
z1g?TQSDb=sx8r8#_ui20!Z!#i9)}qxLiINjsz1}A?4A$hulp_i1XR8CQ0>14<)4qC
z%AJIYi&8JS@vjAy?qTWC(DMsay#<!P7HWNX-SWSKYRC7o8^^Lx<8%SkI5n_zTc~#X
zLe0xjQ2iSRRc<2e3UlCA_zW!1#Gd|&Yj5rrXU`K*<MAp~JbnSyUg_7I|EojIuS6*Q
zouTaO0oDExOHY96Uj|hB*TR-?A#4V>L&g8^P=1No>h_5Xq2_rr==BFm&nROi^pl=r
z=|`Z-Jr6a`JD|p`)HXMcb&ZKo?X-uocQDkrUIwK<4Juw{LXF2;P<9`Nvga?@23C39
zjrSm^_zfDTL;2}eOFsbB-dd=*eH}K2`=H{m_;#niJk<J72Ws4VL#?wRsCgTP@>4#P
z9als7e-V`a<;G1=?Z0FE5~_d4p!)YGl)aU9xc7!eP;r|A)y@p4e$R%g_YjmHR~cV}
zD)%XjWnKIRYJMNw>G%^=`@ci=xAYrsJZnPrt1Z;JIu@$jG^laA3Cga;Q2t&8)vp(g
z??FH5gHZi1`KCJ`_@VS9LY40V)z9Hjc1?!rM+8d$)lhz&59PnR;R3h<N>9gKZd?W$
zM?vWgK*f1Jyqtbt37e7L_m=x^Smtf_-f<&TyFbED;crm>+VhTkKlv0UkgoHti-SRM
zFzM+~akT@=KHqz;-nmfctg=w;_ko(117IsS8FqsYLdD0IP;q?-s(&Y-{CV#CZX7Ry
z@^^En^Ho<%4}vN;-Waz0*-(DF9je|kldm<tY<$c336#ITgKGa5sP(+~ZnqxQf$Coa
zsP(l8lz-Yn&4<p$zEJiJg<8iZLbac2j6lWhwNUZ71ggEYa3y>dYTwBC!1?WSsCD5R
z7zgX`apOG@YM;CuO8>P`<9#QTUCW{DeG*FlGw^=6#pHnxo!`@-#yt!hz$>8Ic>v0<
zuS40p7y98(Ca>_3i`RNk?OqHuKL$bRnF2MwcS6ml_o4J1fEw@Lp#0|B>-t$5D!)8b
zejQ^x)HpPUI)@L0+Mm;);{IBweRKiTJbekOzh6O>KL$1L&fCX#QsTcp)Ojo8V<*1_
z%Faii>^T6{{!dW#e}l5C;wLe_d{`f<pZ7wwvjNJE?NH;e7s{XCLdD-vsB*<Wb@`Q{
z^wl@EfoiWWYypQrjo%z7zs`fw|DfeRW%*x2&6n?>=GCuI?N<KGwOb2n+*&}{)eowF
zqoMRC!`EO4s{O>zV|+KlHt;*R8J5OhE5C4Y^z4_e-t$oN`4uR=+o0_G04Bl%Q2Hx>
z<>I3TWSjQ2fbv6YsPXItRX+fm!EC7YY$==qTYv5PvlMFGdEC+;Lh1PeY8-yDblGp5
zye904yeS+Bb4<PiYToXJ^4osnF<6K6U$7hft+PMIx0-ay0XL5;9*prFB<+V9x02sF
zc{Ql@Iu2^x=nRu!KPbDVL&e!5OFswWNxu)ZKKuz)ugoFmj|-v3rv;Rq9bs447rqGR
zLXB^q@0|aKK*iSxD19NQc`*%2&wQx(xzEy1LygNODF3|*+ramr>?rlUlV1S6_=Fmt
zHkR%MHIGLbCtLnZs5rX?Dvp*xwX+Id0@s@SPbj|^|G|~3XsiacPSu6#PaIUc9ZlXJ
z%CDEgrf@c_57$7&#ct?_F^AoE#kx@a84YDuig5<ie7+NEJy->0=N2fx?u0r&ybop1
zF)01N!N#z`5yv4=@qZ<hpJrKlKGe7^hH7^i)cXHCl;1YP5PTP^y$(OR_~{8XZeyYP
zod@N|>x{QR`E4OoTrGuaXEW3|?zH@UmOcpO$6ul5WtpEGYrxi|n?m(31$uD<)$eIg
z`WHbze8%Lvq3k^l2f$NsGwgTN*;(?Kv*&!Mc56WSwVAOkRNQxl@>@F8{Lh5aJJ-_l
zq5QNO%AQv&{|n<GDE-Hv=H0o+UH@x9)k}bi=Ppp=oDa1w-U0n^HB|rJhVthR@JjeQ
z)P9xsv(tYs)cjckH4Yo0_UTuk{J9UR{`XLJ{08O6a=$ov4XASQQ2FiQ+i(a}|NSRi
zd^CXCuR222p8z$knNaaI9m+qCSpJhx>*yv+Z-#NC--NR77pV5i{p!;7;Uv<Xpw@v$
z;1IYG$`7S~bH7_Pf@<d)C_mf;wQjA38mG6Q;_N$E2cCqA*BZaO_S-_WI}x^o`B3BW
zI8?nCq5QZD%5NV)&A+cKeG;nQB~Ch4f+|-Vs(u2L-#WsFU^nQGp+0<^bg@&|MS3+n
z55DuK>;I>x-8h_p8qX4cIsa9Fiq8w+2v{8shf|H)pyI4L-fjYuU_&?#Cc<l>{Qfj-
z1^1b}d`zr2j-8>}8(<s>70(l){BjM{Jf9CWZcCx&<MWpPGE_XgZ~0$BjmJqSzf_Bj
z_5OaN5!CvU4HfUXmc9+Do%vAX^eEK$z6`Zq?Xdihq2lz2$^U{H-wMTIy?AK}<)^+-
z<1iR%oF-U$3e-AxC6xa8FbUoZ8^Jd$eH^M>y>nbY+Qa&!$3n&bHBk8vL)G61uY!l5
z=JTZDvEDv@Kg=inGaL)2oEz)?Ua}2peMu}4>-|1C8g3%J2&&vr{>RCh!zW>P_&HQN
zbxS#a42AN4DpWrvL-jLa>1&KP!MVuqgc`r<rDMH)rZH6fw}u+`{w5y*rEenCIuwG6
zgBzjd!*X~VTn%TzPGw@f?_Zmt;$pygjzOsMS3}u#15`Wnq1wF<s-3k^<GBfH9=~bw
zV^Hz&2b{(Hs9e_7TU5@~dje{|Tn80*FGG#TTTt!nxBMTW`h5~Au1fLoMSiOfWk+ME
zdDGR>!=dK+WJ_NQWyjr6de%b4^D9vOdJ87PeNg2}ogeFa4%UN;!+lV8eF+uEzZpwc
zaCX*!e&h{d3)lzBz8O&dn+4U+o1pApU|enaJD~Kw3)Szhq1MgAQ1KsI(b-)QYChJ1
z(%TKn?tW19uYl^`JScxIfqwWHRK4v`{reVbp2k*k^Pn=6AKDpvLiu%wagy;WsPUZ-
z)!qiEdAk$(;SW%Dm%YG^Z(XSNnn0E71!Z>{jE7+;zbt|B?;}v-vI)xm?NINTd!YPq
z5=wvR%CX*hUmHr_FsSu#9Bc&dfYP%8s-Ih-=D|l$`@{*8H@?vIyAzb2e#T3UW1!+X
z0M%{|RGi&t@_V85KLIu0UxM;~HGT}&_{T%-V@Xi^NPm+Lf%5N2V}{AEg{prOlz$f+
zS3=ph$+!h}B>e_#0!#8oz#6|+Q1R0hs@+SV*11Vg{+$cekB6Y@uQT~EsCuQUy7ntU
z`Ma*M1yp`_sQqXFl%5Ebe{O>E_Y$b_UJlidm!Zb}ZP*4Lg<4<Ys>OQe>26T{3d0_7
znx!{E>D>Zl_ijsn4--kBg3{Ndx|?swQ0I!fpvGe@)Vj14R)}GKL)rgD4ae`G?D!cb
zz_K;nI@lh{FPmTo_#12tTh(&yOn|ayK9nC;LiO(*I1nC#vaf4xXHOVP|1D5<ZG>7+
z-h_(#_o2r5Gn4;h@?W9sjrF^7=fO)zSFv<5l)p2f=En@E{yqT5z{jBMjHwgrONAFf
z#p6uK(&d{2Z@@1L>$!NY-oUL7Nw5Xw21E7hTG$0X0(-%4pvJv%Lszd0j3Ye^s$W+@
z^>YqX{Y6miZZK|!>ep*f<NlVV_gMZH#sg6O`N7h^K*iG^CNJH{t?!kf*3%|Xe(w!0
zhIvr)Z4K0XeHN~O+o8@aQ{!Ae@}S~;9+aK;K+T(npw^!kU{kmgO7Cw_{cRB+>wSM5
z2c>@%>;zweikClOUl`Ze)td^n|F41?$0JaBE^gwO4C6`P3>(39us!?~%AXe{xOi(~
z912x#x^XG2PkM*(h_O;rw_dk1UJkP;cO8`8<M2axZlaripTQ*3b(7q>GSqlAOhNuQ
zED6gsbAG7;r;_dkwZ5*0t>6c+IV|1Wou4{F&8r2lD|`nofE8NAdjC5QkHQ9|d$x4_
zm<)T8z8%UhyWvuJ8r}yVYUSd!Q)}nv@lbKK9BMqCf*Q})pyF^R)HweDwN9Rbir12D
zVtx0*@=)u~D%cYK2m`QQ+gQ%p{9X#Bziqo%@9)&RLFst_YW_YB$1<;8fSNy5Iyn88
zK-IexDjvrfCqnr#2o={^P;ogEYFuVR>0JmluFIj~<qfFvKSR|o*3q5o&VxGdG=W+-
zdq9oHaH#o_1J&PKq3SP$b>T87|89d?4}Y@!Qk|Thi=g}$Z|VL}{k{xpeMyJ%>orjO
z+3he9J_=>WZm99v4^{8l&d$!;pz@bP*|Q$Xo^4S5J_NPC{Q(shCA+w|N`#$Br$Eim
zhoS6v3d;W1q3rkqDh^J-*06L}7cX7me9{x4{C6D6FQ=gD73=2eRfUo_g*rF2G7g98
zZ!Xk0T?ggg#Zc|9g<99&fDPdu*aZFw)&KbJ?wr&bDm~JeY|Mh{_Y5dKH(Gi=l)oN?
zvim9HMyR-Y6{`H}Q0w!1mOcoz&K`qp;Yqj?w&)S-TL%AxYv9tJvEJYFUD_+wH<9%3
zFbR(BZR;bHz4t)1vm7>tPeZl$3Di1y6gGpk`^5UD!y!=Pxf5z0d;*Wd118_s*U5i?
zy^x=P>SxD(F0Kbc`8xwj&s9+E-3FO%zGarb9ID=PQ1j(=cp3b`()})Re#nB?A<u_B
z;UBOK?AqV0-_xMx|2n93>=0}YYYlMYI0UMnS3&jjaVS513{|eoKo|d=pz<@I;`M&0
zb>S1(6_y|5&ILoD&KWadJGc?bo?}qu;|DuCE`!5J-wC_H{ct>NG$fY)4GPvLs5smY
zrN?)vt9P+63)Vxt4890ohkfAnLt}l<!(CA8^G(BC+-`+hZ+?LCXXW9s-rrZYhZ?5^
zuoK)1gRsg7=l_{d<!^&JH#`G1|Bge=<M@%Te}kds#SKt)t%dUY9#{jG9_9Sp2x@&A
z0kyte1O0F@><TwPtsB2X`M<_!x9$&uT33cc&C3+1_us3a#_wLJe(ZpgVfis`Ud@1t
zuQ^chbvG;y?}durrBLIt3M$?{gIYI!gleZan}FJ_1r@JNVF-4C(z6n3U0ws_mt9cp
z6dUK}*SS#hyP~l=l%D#~58FVkccV<6Wt;`)BA*W*fHf|2@vsRhp7ubEOWE<xjuues
zdON7|&RD4RE+48NGoj*W5!5_*8*2Q{x!jFcW2p1TAgJ?gzR8zCtuwDf`S~xXb)xA6
zH%_CW)}t%oIdBftdUq4-3h#o7<2_LRJ__ZhKcM{Fe4<<T`#|N7fQqvTP=0$5svj#X
ze+`T$y%DNEUqh|SH3Dv&dO-DmC{!F}L5=I3P~-S8l)X<w`F$g-1mA%gmv3MSJOQtQ
zW0PI^4~?Hg#pOYm2dk#Id38Gsklp}gZ?#mn&(wkPb2oSgOoQIJ6Kef!5p?m>87iJH
zgNny1;TX6Y%HJg?IX|_8@>@699*%-)Z$4B!EP?9BW~g%SK<PUG)z7MFZXBCJ^?w|c
z9XU|z*43~Wd>(3_+zb`ZpF#QUOQ?7{1hpQ<rn~Yjq3mx96$c}s=Kna@8{Q7(hdr<~
zJO!n<M97VEX(;<DLABoqD!&QTdXfms!l6)hOoZxpx-kqDFZnPAUIRzL*--Jg7pmR?
zsCq}>jqn$!`8#v6<GoP*-Uu&;d!hQ(Zi<^<qu^lD)1mCz0p*Xwa4bAG!}Tv<%zzb<
zPlJl@c~EvPgmLhGsC9E2R9qi}8jl*8ZXDyF=3{%P^(M`j3AKJkp!D4g)xU*M_3wjf
zcLmhCunB5jeF`&R%`EqRI}i3F{Sj2Xx?#sesPSkI6<33xA4Z_;SO_(*?y>YL<I_-a
zwH^+EZ$Zuf+SzVjX%G97ehA91hoB#poa*LPJd~Z|p!TnOVORJOR6JMBadss^#d#0d
z2#$cVe<qY4=R(c1XQ1NxFx0rmM_l|jgNl>Oq2v>x>Zd`)Lj-EQyAvv2UxM04c3S##
zsCK`D+TSYXI{TBL#v=fwXEK!Do1n&jA(UMYK<WJmYQB68rRQ7t0xX{A?7LQzfa_s7
z{cqP7q`#taO*(Lxa$_j-2c0U9tOe<pNRQKG;`$tU1=8oMvv$>0!(21CH`p`Vig$hO
z;M-*KkC5|Ijc=;y`;g~*%%;_pi9vpu<*l$f2hpLin8*DLvTEetOua<veZq4r_jBA&
zAk%d<@~2@_($`YH8F{*T()M(o$09q*eLl~NDHDhM5ANZvnD_q|q^;GFs4e<xn2igl
zr|T{1{Q~z{IsN}3`Pj>0Pp7Q**620Q>fS*ehQpUk+E2YOX<av4{<p|ZkiN~*$}5em
zTamP4M^`iS6uolLRS#Kxgx_JK)&yOxkbg${Chn=EBj|dI=li)o;I3)9pMjgq9@W#@
zw21U~$lFs+7fXt-0{#3AmM${>$>b+cZYX6g;JE|O{M^NFF!TjJK>545_mb{S`X^5t
z-@Yh&i03}su{_VG-uqBj56Zo1&#CY}WSZ|8$Ztni^tu9_?YXm&|A73>B6&|!uaD`t
z6y2q{J6V1e>O9Z$U)&X~FF#QBXVO1%m*knFg>M))M=|dzOZ|oR%yHDW0v)<aBEOsG
z_1M6lE%>UFevJHy*0#3+xuU*e<c+j?Ch|Q)op@|Gg1j!wA)^K5qSq8F|Ew{E@-gUs
zi8eSs_}-_W{)VU__X6szg0I8Bkay%co_ayjCAcS&&gJH3N#7c?uNu$Mt19}cbLUf*
zpR~QTgg*`N_I@qc_wd|`dbO<1FX&!|{6^FD2J!&1pU_c{zSQFRI-Wm3{sv`M@SKZ`
zZQHvxQg<e|uD;~2<asA$OH!tRl~LX|$Oj->KwcUgW9@OQ@$E+Tz3F(ZNS&d`mXN1w
zJkR--cN6I+JSk&L{uRjI=6>09Jj3&IR!?i})wK1bwWn(5(Ee@Q!zllq>6v0owtA0{
zzDWJIHkJJjdD+xkLA}0E*K0h_rp%l0Q`)#6>be+y$^A}|`a^kskX!4&uJ?Ja>K=VH
zsJjRKo4GGC8=fFv|Lx9t^h`5ZBc4xF=Xuh%@O%|znqX)23Q)cWvN-aeMff4N&M$39
z?<emuEBFHT`$_8>fS!-Jb<LozuCAmHkgqfJ0A%BMKEiWJ^jyqycPrnRyqDD$cSlv^
zYDoT5rpHOxKPi6)_htk^^2eJ0qWNE0`a;T_OMmu7?V#*xYik70yC`=fZ8hWhe3Q?o
z>?O#aA@3M+T{@FQuVSYAFzmw35!hFo@=tT?dIY|UuHSgR)#~3%89(wX;kDE`jl2oZ
zx4{^w>s{pMQE#)=i6cG7o|S*l%3Z?q81kOxK8Ny8!9L_&h5njW{z4l={!H7~mHbR@
zU1cfP57|@HTgr2NsB4^q??P)s?`AiV_ZsznN9Q}FC-eLw`MqFibm*!|-e#-A5yST;
zdHiXD@3`qznSsbIAdf%&^EEKL?k$p^WY6!wQ}(<Py`!iXz3Nf-eez0iH{))HzGd98
zR$k@w9=4G>-*CUm^G<YpLYaf`SJU;g*?pM&#?<At({}^;3weH=`!?jfg829|J747@
zx?56)Bfa;o(b;sAK(?0Woygnp{4V$KA~rv0^{bJ;o#z|4<0*59J9@os&)1T-(u5&6
z(VnYVTThbz6Sv+8qSxi5b(KNCuDPUl!;#cE3d>?kHnQ5VIkKl{>s+26GM%+azr^zZ
z%J!uke=6ncNq&89U3F}%VvyfR8*`DLa#_BHmKQ;$^JZhxA6vaADO(18Pg;66>F)Nd
z>JxY#K-*WF9ovvyitHikw6=1OkiVR}JGaigbI6NcKl8kqJ7V=EZ%7*n+#8VpZe{zy
zShF))S8Rnmo3gq#pkp6x+-&WRfE~%JjO?JvCiAT8HMo%SRgoX&`7nBZMt(CluX6=g
zcYEU1z_-J6bT-*GWOs2tN8PWA*sttemhMPiZ_<}>|H*S_+Nwxib##4Xw$w4b{J9o?
zi^5!i{gHJ>cLmaKP*2x=$VZd@)zar#z3<_2m9_MFlzo`{R%DMLE5m&$&&ihGOUk&)
zlTL%>@arp{gmuKI_u?(wGr5D53)Aj-=+IS+@_+Jt33l))!*?}zOKj6M#rOeve(p}(
zO{sqsx2_!0*KzBrf}V0b&quf3Q};+G&()B<YGt-juQl>3NN1tD0X)S00kRvZ!=DEF
zYEkC^>FD*jwKbl+bGg@1{!7YyA1wfHq)bEPr;5~DOPS9|=aIi3{%(4HL;f{olh8E{
zPA5H@=V9=C%H7IybDnjrB3+w)>G}{EueQDe=*hGEN!0I#OxFaSU$-`tUeEKgBI!Jy
z_gi`cTtpfDy_qgPeR|i$@Kbx%yQHp#vWs#*aF^xz8)Wt1TeLTdyC3B{kk<7udN07<
zUC6gsTQyCe@~=WZ3_V|3yOMRF++yUqUa_)cE&pv~-;!4j{dJJlApc|TsibFe*CM|(
z>25q<j-J#adM`rW&TJTtjveH!My9Jd@+@SPEv@Fq@!ZPG<u^D4A9CMf`6e!az6%}T
zE{4t&lj_??E_J4w4M(V}?-9{!ArA-CkX^U(d@FX`M7e#`xr#n?<bDy^UeggR`w8h^
zxrbBsZOhwhnJ3Y6H}?a`8zcJ|9lEMA4v(ShPM+_9d@l0!rOX%bRqhVl(d#Xq%aB(U
zJ$F#QI`_4f`6JIK$$JRCik_yF>B)0>IGFnvo;z9D3Ggz?>gqw+Ht0<!y_V-J?guHm
zqe#1l?D;SBM6aWiYsI|@!9|phqaURxcZ6qMK?nV3I^Oj;@=v&1ny$}~k44`(q^nc+
z1@h`rat*Sba6Y>Ke*K2*3WPJ@E!^LmF7HDL@&@QwO8qa9-)fahM$1_G9m?oBM!7%G
z5#ruLnM7pzF1eh0HFrAl=+)o)kdL4O&zEyQfu3a2r+J>kU7vd?vWnCjgzg!n%X3$z
zZ=WG+OkOVKUyCY*H<3SxwwIY~2W50k;=ah*e~~ilJgNKVLejdLQ|}(i$HH4ocD~hj
zCEUNWk&Wj*gue6OAJ}#c_pe0?EwJZTD3eZJOYZ&1Dw$qo_obbd<Y&k(?hDa18kw#V
z#`~3L*LL_QW#+;e=u3cgDOUonxAJo+Khx^8qs)!mx~7@zcgls#2L3$W_Z<4pMOKsi
zuJA8-E%Gb5PnymTkzLHa8(sWV<6Wysm$zp=7y1T~e#P`&W^FDqs>0`#SxK3%;M?#4
zZe2AP%UJ3?Wa;m*=OgO1=f0l&3*bOxcTuL1wWoSn-2J)VQ-Z63wH>0ozJZRQ>=lx6
zPe&H8e3e~ndX^)5+MdtDjwQ5{h#mbYzZm*em}`~Ub`JR~oXEEaW>R-LIwHs?!!WWR
zs2jaz@m!a>`{8aF=ALHlrBO%MZkW#9jrzJaaNor}jIxh&$C0;-y9xI-D!?@z9hXx6
zdh(;!*Y+Gw-Y)JR$T&#5i>RloxbY6kHROJk`ky0zS(#i<S^Kw9_bVsz-HB`v_2zQ7
zpiU>#k%+HixE~;09G<35B4yWE{u=6kLHW;V|55U0aqr|=-*_{)ckmp&{<1pHo1i!K
zbUlx}F*@5)x9HW+@{b|>mNNIDYaI6p?sb%%ZiOrG+ymJx+0DHk`CiKZ%=08`^KN)A
z_q*gRp!{I-!4zbRNWW|8&eXXbT`$AoCd-7|xf>ySh_YXp&hL2MXEyvv-s{NkKsJzj
zGV-_4Q;R!=Ti2tMIYpTq7`=K~p3>!zkEd=6+R|?X#d+S(^9kflsaKzLC(@r%r$6Z}
z+`8^Zej#Pn!m^A}BPaI$cjjK9%!Aa?bq)FbNWVaO4bStqi(cK(Q3u`ES@}xjKg{!1
zYp1vIGWZ^OtF7EB>%*7S*Hs=HDw6*t&(~YtUGNq!mvx-_SM&TP_g2fllIK^EUuQa&
z!ZOHyBmXJ*uG!iI`LoEr;9g1lA0nU0{U~L6n0-9@){vJD>myrYI$t22L%Ia^y~J}<
z)5&AOwV0<G)ICL=d*MmSSK)q;bQ3G}f$1ATetTqf(DO9*)aGtZ`V;Q2siUhmdC$NG
z)TzYX#gp=mfqXRSo!k$ZYykSA*EiJPg1+IVNAhQReiT`6?w_dF6WQz3smJq`$aG!B
z-IM3Z+yl8UAg}24ob@?^FqQl&+%KDK39{MfD?>Zm;Gad>{)y+i$@k;CH_%y*Iuofo
zg!>+zAE$gr<X`h#ljr-b(Q|n2f@~xA&D{B<uQR=gq)U<3^#v@Bu5-|zN&Y+N>P%YK
zucWUbooVT}kd>u;UDDs6L)TXQL){KwK6zQxnF()(dnk7k^}i)=4)>3y=LB`*dEU!i
zo9A}qwWiLS+#m2f8+mK)5IR1kzOG8N@e$8mDAS5M&zoF%+bE~24|USGFXZ_+cOvpN
zRxXqD)%Ls!`TOY6RoTJ&cMSjTqka;6%<`2{3E2>9W32>SlgR(r%3KfIbH8Cexs?14
zq~}_?J8Vt;I>>*9r_tAz{PEb+8reix$Mm1(`A=lcDHFZUB`*sdmyoxeXW+Y2|JW5n
z*^hW0N!|v^RVJ?*{yNU{b;v7{zmn(W$X}w&GTKfeU)P8t?JPw;3t2D9ROR_@?oTYg
z5zoKy9LN1V&sR{U8)aW4{VTe4y@;%#d-UB-nI_!J$*&8yQ)V61Ro$3?4W+2V|M_O<
zAFhiipMsr(c&-8O;?5v1K>ciZoVq={l8g~$b@idlALPyE`3as+n65TFx2N6{R_;gA
zLr9PJYH_wB{RYo3!3os)9o<JL8?f?L%(tEVlIE{*l*uE1B=@uETEcyjf<GdEpK@Ed
z2lCv6{43G9h;%9H-p6x<vJZ1#L;elim5?<hZx!{g;kgZUx+B-s(|7~rbqyw8S2^VE
zEN>*~F+9IVy;<bnOIuqkZywKssrwq~N4eXQ-$G@mvxz)idq_X%9(}3E+L6}v2lrHT
zCQ$EjbX<-+gY-$tY=Q@^jk$0rvJx-}R-x?g)U8Z<4$niW_d4lRp0DSAlII^Nw-J)`
zt{wbajdC|w`Z;(XW%g2FBYNuNpZ+}GgS-pn(vZDQ`j{zbOj%vUk<a5k!L4f+EEUZ&
zO8yA;>$-#ccJA3l@+8-_8Ceo-&F48DJ=>^L3p;9)-o^bbvP0Ynlxf8M_bauCphOY<
z$L#qtvq8m%pyyoDFY^36{0t7J++*n7YJF6>2gtjhvbrWBzth?+1}iwR_ivbT&9L>j
zwe=qP^SCde&XZREani#m-3u8-eS?s{j4Xw_9`)-XOCs-f(%+${7|)*~^TQiRucb^c
z(^Z->x<0bBo?oDxuCFMUhkP{8jcBMDY)1M3_fYQpD7Vn;>`LBZbd`tsCd)V755on>
zE}+gj_%*x>SwG6^dVo8?eKGR4$e%*Hzo2^(&tp}9>!{guC;XPXj5^NMl{yvCHJUod
z;WTbtm%_*4k6wy#Lf3j^d*CRQGkFv%&~rO^OVBd{;VW<;JPO}KzKJ%MNq1@gS*~vW
zVcCJ)P$0uUG&m`k6U<5p`iD)A<OVbS{ZfNjxuHp+V2(d-*wB7G<NcwCKj6>H3Qf%m
z`tt)B{F@gEruuWk2m_hPp|rekUL<3>Kjdmo_h;vXCkIn<gQ*FWC`_Eynm|^nKO>xi
zH4(EaB^=I44P^y#gZ_v!D>XPNloiSig|i}w{^9AtNYMX}LJ|L@a89N_H$CW24+e5_
z{ozUeKt_hYPrqUQKz4RUD1|;tLFu!aGBT8tn@64LUd7D7<Zw=bQTf5F)NoG3pB~7k
z@th#m;f3^ID90b3mgSeT{GrV3j9?}n^jh*$J4X(dvvSkJ7%h{s{DC}DIicL?31_t=
zl9!V14@A7)^vcT#X9uY_B$%5M&IsmZ`iJG^<Oiqw`{ac4vi)(rh79WypLkYXXAgwl
zSeP5UBG(_t&CLlV=j8??3I1>v{iC%=b}%J030L@2@*=t6OwYZ6Tz?#9Wt)HH?7H1j
z^8<uXs()~{=is{W>N!#3S>Gr*7|Hdg<pm>=MjD5laDc8&OAqPa5aW}ZGaUz=)q0#2
z&cvSt2;-8Q6Ud5WC^Du6GcuY^$&&ALf+^v&tk4WhAcAs(Iav{ZC<~_(uOS90lo@2y
z&oUYOXLnCu=7vAOojWZ|yk%yFv;HmYriF6TEfO>mE)?8UnH0{*2v5VVWK8#BMP~b*
z+46k*|AkroG&bJ+#Ua70Kyn5Rqy};W$$>~P;*X2QPQUI0{XM(4Nbu{SUzTP^=!yjY
zz)(s~I1-+e>mPRM0RONck(7gUI;jNz;G958M$kXBXZL}_68yu1IRPn7@DB+`a=nR^
zm3mf-rLJ4n^l9n1Ek40>18WEFD_k(NiWFTd6hHqmk)sv7X|EC)d6|qUvnRSl$SOry
zC@VFTA4+A?p4F^qm2k3_B}E1y9Ths&{<zd&HuF1_l}7k`VH+)Q=9G?4EYhvq>Dd;Q
zfk-5r67p6AFBk$|bh=?at6kp2iyPH{c)UNt?4#+zRZd;~SKnw=9^Py8@C1J#Ih-HF
zp58f3O_d#`$m;J+h~b*kqe4?c*}>FMfJu=SJgXUJ4}Wh-^WvCc{96yB?(xP!t3`6*
zFsHD{GEebyv=qx%j$3^FU(H&mg@jRv<Z9JO__snR%nIj9ClwX9!LvtQaxiyVFj%B5
z8)k1HQbUtif8|?s#vA)cI5WDfXt84f%n7BXu}J?T4&7p-=FRrAHAPRuj6lx+YLRh<
zd8-VAn4J^K46q<hVRe_AG_ZpSO@E(YIO@$F_&1!B8)6@b8{DS{;p0|=32ZhK*f9N>
z!CY_J`dJc~%uzkVyjVVKAoONS%gbQ_QF(7^@HPP3HWU0K>7e#cfAhrV>|&{qwZ$#u
z91`4IP1UC5R=vpoW^EfWd|-lqthS)$Z3iXz2X*V&qOBJ*UNE+3*5cx`+JE*y9@S@9
zyH<r-TD5G^=6|SVNJfw~mC#^IPs#O959j4*BnE|3*%(qYIg=>Tb8%Q4BQ@Qh8JO-4
z2y98gP(JH2QzMue2xVx~FS3t?y!ky{nkR9D%AsT^S4SrTK4bddHuHXy)Uw-&h=)js
z?eC1%6Koq`5R&uK{FyS3?Jp8^TQH`xK>C9@IT)&un-sc2&5@cEB0#V)6p3)MBak}=
z{OQC|r@HC6x!LWLlG51R@{$wT{gSNXNom1w7A+)sbs}{;o4gUz%hQ5KQl<oRIwl1=
zpW)^+2WWUYL6hbkV0h?=AH!K`og2gjQc^f7#78<NnW*T_T~tLkb{4rMg7>_KX@RU<
zbvq}R$<kQZlLm3A;gmcb%M#Oqxf24(5%!bZ;Do%KjCjm1%$|@N%FPI>=|JZ$1*ZQm
z+sp_|59XYuK`-zBXlt2)?6b5*&i~PtSRt4NDZ#Te7tQ|v-ew<;dU-@=gSa&JG$E84
z?;QfPC=Luq0-=<mgZ%%4!_}}Cvh6*qIDALD`S0N}BriE56iH`tPtq>kF_~b?cCra<
ze>u5|wdBqU+B5PvinyG!#r|*%(XQ^reNK>56>o1G0>dod+Bt()urMY1d1J^)4`fFQ
zmXExM_Cn@+I4_s2n<~lS@Dz5ODbWrTjrK9N=tv`{Z|@+BskSGxH!*Pww)Uv0g$g=m
z`%^MFICQET$O!U2=Kb4rS|BG2BkG>HHgseU<8bYY7Ze#3&JD5-kk$Fj%|w=^hP|$O
z?_&W!hgiL~rbbuW)Knso_ouM!Q1l_h!s5NzaIT1GH7FWA-Xa}c61t_P>NQB~0BuZ*
zcFphan3P>;cVSN{@4cMr6(zyjvzc{n*WjEZ0h@>ypOK<(KJqKJr1B1v5e}plIpn0W
z7-M=Qn3AXWM3yub!%&L%dKL9VVe`Gzx_5reWv6i)c!Rhz78zU3{#%_Qi^V@`^yZEH
z|5X2ygDC-fLF5IK_1g=ve606QEU6*(&s<&<ylLabnQbzE?|es&|Ix7d*C^`|&dW&k
z)bj;FGsOAYYsN;zosWoREuwyfmJYOOVSh6Fn1;dsH(z+~h1z;lE~?S{WS|AYw0b9a
zr<4E)<eCn3mQMkidfuA`C9G>M%AzAQFp#DB-L1eU!*Zu**x{^TkG}Fs*P7ziKXaz`
zvNJ}#U<-CyJ7#y*!eQ;{w85(rI^CA5o_fdmNRYQA9TNibh@V#oFS?3+LvgD?L@#!H
z5usjkPIww2?kzitMCv&eIyt#73z`M)TS=lfi#&gHOmD@9qfT|b`c!Nx1L}6}E_Ko~
zK$|FQWO^$%?W_ky9YEJ7xK5i9@<X&9^OrMl)Lac&p|M_H^RnH{le}o0IUDuKfF`@~
zV&#>#7oF&kGlt&FWPTtg6l9h%<irwh3%pn;s1)JRcY`xOLH*MMslohUh8EMNZZzt4
z?irQ%yLm^V|LTPT6<#R#3+j8zn73OHY>LqAi~wK!WMM%SZxlHl@hZx;q<tYTl;OP(
z7a4YjG>z9fKIceFG;IC-a_MDCMxH`RxjA`mp;Cam4M)YN1(R9Na`LqbC-^f$SyQ|=
zmE{f;td|^H?ZwxW^O{Q>hP-bV-b<KXd-GiTIE%MF?<^Ai=IBMF_ifUBpyQDHpMp(M
zS|r#8lKh90qm#wk|B6JsH6ZgM>6+AD$a^oHdV2}5pz%g{Mi>pJtACGN)tXQwaGebn
zwhULmpT;&ljn@hSl)_9gBG$c3%fAJK;JyRs(~Gy+D^jCp>Ih#$`PioM_GWa!$yzS}
z(L&MwsF8vK(bqfgJDulm4cEW+AuBk|3p+aC?-9<-=4+?-22jKU>8(5W35U}-()A+7
z(mBGVvc)2GO9AsNOK(uw{`^o--^`dgYK|{?d_5qfIMaI`U_HWcn~S{T@b;4BZ`sqm
z_C!C%`Oj!7J0mYGl*OlG_EbvX4cr;65(#Fo+qjr6YF}DLnB6%eoECO_I^PM>b2C}H
znH;&fIA05RIGa11ksQcL^xJz{(SwOP@Gq8NF%vCAAMUg$dH&Vc4o->LntfPjCH_5x
zz0uNo8EA@2>UQp-@6lQ?1AYeJ%pm5|rT4X(JPndu$lgW^XC2ET@yNFZTfbAK*?To|
zODch%!Z&p`$p01+);t|`pUSboTavT}6bTP)PDH%>CLEaJ;`l$AdA5*41<@5?`;MNv
z7(^Yf&TK5qJGA?58r`z(v{A6MSqC-D^f4_*p++P{qT{b$Exfgom3x|3#@mQk*VuEc
zRz{Eyt?Aw}!Co6(-Xi!UsCX>su{XN{em>U`a4e4zH=OJ|YTNV%3Qhy2Jv#jh&ZXKQ
zUB{xPgcV^q-mn)2dZxFort=NJ8$El|*0DFbbDGGyn&=;uPUrO_jQ2XDp!L3Wpdq?~
z^z=^5(RvJAN``*&Py^O0d7;R$N;$-W8x=bawC+4K$d5nno1MxJ)yw=DM}fliq6dEE
zjO1E~u&c2Jt8UcG<^nmha5?cdat#ol<RkhbHr=0^6G&ru(2EfP!8e#}B~Z(Gh2OaN
z@j$;hnQmK^G>xLuHZL2cZr1YY#1@kP?-vXOpVaid*)xSNB>AC8C^?j&GktgxpR=6-
zd08pxL8ekD*KK$>&pu+{U;QALqp#*Re28Rcbnx`)h!0T(QTaD_4hwkRi^jki>+N9u
z@W;3Cypa1)$iYvpGq<Uc8DU;qGjtFkhKYO4fJxyzazeTEM!&3RC5h-aG3<(j?L(-y
zI_vWj8?fKsqhOuDnxKVL)213XZ+duZYKWs^bkY=ARpk(VSJPP-)7**F=67l+GNox#
zn+dAICmz0%VH{tzGW3e;g@*T0#}o7AN8hHrPO9<02cJ8Ovcu}@YT@E)Z}DD${9}2I
z?pgm_JFuH2J(!ssOl9pUdLXpJf%}lhR+h|^_kzW~4Y+Q$FPzljjObfu$Ba<tVTJou
zL92>!IfyRtPVN>g{bI!rw+b~k|GhJy{6pun3IeE+^-pyhMdy3RBpR|;7PZ+UJ*>&>
zg%RgG0+I*}YD4rqJ1vyTlB*Mj{7OnkNt-FtLNfw6T6_PdF`VuFCg$%ueBc0oBrBAi
zO&xnDDcJm7WyM&4!+}@S>jf=^dgm}Vn?~}oZM-}``Z;;%&=+m2V^Y+4-n&C|gUKd1
z6j(*h7G`xMJv>cA?UuM~^}_45&acs?HDJ+(?1KQ>2l2In{__*5obdnZl*Ahfb4OE*
zZOa`l=yEh1qOt0~gdbuRRNg1g=)ALB<oKU6g!{gvF1U}($aFqU@fJ(wtPE7=yw9cX
zcMES02ZNko7y<icrIOlsXi?KURbN>2{XfBbnJ&n)vzld|vG};@#6lLjqR4DwLHE-1
zbl~5PD$%)AxXtO1r<Vr0AlG;=C+b;tn31y+tsQDy)7~3fbi{diBMb)XJt68Oi%D88
zIHeW|7FR*rpk|3J!O`W=eMQR%O$q*^#t_UbSS}ftbS6fIH#yWU-siW<NiNv<kn@k~
z(H*qkz#)T&4(~Q-I8#5mkB;#67SDcfA!9wXRV<<4X9>L@dF|&0(ik>v9?@NhFDvfM
z_m4)srP$n3B=d~<GN#Dc)cazhm}6D<CPefw$?v`16d|YJJ%hcVU}^f-iBRN-$ygK|
zD>208lh0rDqnhTb`}rcA!Y47JF_jNv1cG*R@0`c4)_g9`_VEk0f3l_t2Mr$|XLu(a
zG<Y~`n-2Y2L)_m4^cyy~X}dPfn)`dQb2lBXeGHGIv5rrxWzmz8UgtO~fcCxyaeaCX
z9yGXTuL<3T3>h|IP`81-;v-0T+vB~~dyIYnPvqxeC&>*@(1#N59~~#+BW#^4bo%YZ
z7dLD`Pk&Rt_jSh|zIbuxco@poOHT8|W(oSeE#4P5npLu?AG;I$z5Dd+!B0NPL;LY#
zSx?Q^ETWko-F^IyJt>fvq1Sl67RCD-`+J9ieE&)f@@Z9W<FgVj3-b%3`-=qs!02y<
z!#ILu27FEJ&ugM*o0LE#MQ3Lskl$+3(%sm*zt>6QH%af$2MBGZCZ`Esb3Sh6<p3Q?
za!EI{r--j*;bZFpVaJaC?tEqQv3y2nK`;GGRX72>0hj6g(#WeLe=VYMClFKF23c@9
z0{aJqGDEo$Z^Qf#n*Of9JGE#Apn{)FbEel(^c7W5sC#;$LHv1zexaI_r@u#WMx_3u
z=Adwa*20?J$*G`dwAF$GbWz2HmAu8*t7K<;{*=kvI5XWUuA@#?Py?hBw_eED{-eI^
z<`s75WF}d3QE^+0H`&zP!ncrUJ-$O_2C_JLW)$hTt%v3@b9&)C@7di`_<zMpl=k#q
zWZbSrSD8O4^twxQ$O`+wZ+|&Cde@SnEEfEIo8|-aBeh7dL=Q>-m#o%O!&jTAN1}cm
z)otjYeuMfHS>HXodHJ(XI&66Q6wV%>!>L<e;-W+UKkom(50g2<z3uQfQ+7t=%onw>
zA42c#NsGMP<vFl$3j8zNqP<dx76un?*Xw1`?*B*IEhrnrg|hPbWjkkrTO$h<dY{2E
zb&xK2vvYr8poPHuIW8^|-`*FsM#r!s4%Sh}J4WPcrW9;O4dTxD#mAkF+~OAGn~Hw0
zcRwNNQ$?b$8*A@a{$)ZDf}BP4hip0(v5e{<qmT7DMe^M@kJKU(TPcc2q9?7QrR-Ib
zQa$ZA>;Kr?8HIG-C)P14ob`7Fh4!3LrO>D|#6>MTBcsr~0s1okA8jivQP_B)tgz)m
zS<z+-rG;(k)b^j8AI&dpFDfZ)Eh;J6R#aBllDV?*rB`niIM#hbO|_xH$^W@vhMe?Y
zOJxSK|4SLIWdFlPRrG(-tjf8Db%fHJzc)$T%M<~m&mG?1J$mo>g?}IFedXjN&fLp5
z`yZ7Rl-HjRbNJzJfxSLhQwVw6kFZE<QP#$#Kd|8xBU>oR8wy3-NsVXMm^<`)f5Ro4
zJVW@yOnXVy!T-#wzy@Y3i&>!+{Hhw}cwdmuQk%`Gjj7|_dHD6+eQR(Aur`OnseWE}
z^||D%-8icq|FwH5tn=!;YpAe;1VwbvH8|QAydS%hd1+(Ou|M6>&vg6-rX{MNbiucp
z=rZ-MnT3<$pB0NvkALQ}Sp~If{WGU<3jJH2`wUA(_jf;m4Bm`V`5RXKwSvC<(l2lD
zwF9U_|D{-julg$H#e3mgEz;?~<rMb#Zy80q`?suUU;id9?5NAoy7adNxG*F7D<ift
z=l<2wGvtK}*cswN^Zy_2-fpR`E6ev>*LsR&bvOmx0@=>Y`XHV5!GL5cg+vNum-9r0
zVgp;SQ^2O!APGAhQJ4Jyec2sRmwj%}E99Hhll1TZA7jq7*5*TUR^_>9hs9nWbIs2&
z$M+a>@VMXk!Hd%M!NacOdVE8-CD&aWY+X6Ml{Di)be<=j30WIN9%_vB^wKoDZZFa6
zQG11$$V)Li+^YkJn091J;bnoETMM{nx4vaax4k<R?bgfimN6<XhTP~_k=)!Tp#zr=
z3nLO+Dcmhz9X<tdQUN=FGX(^rrP&x4c`JpBW)6?eckoxUUs86teVH2cR8EOC3+<o9
z>u-tEkjyPNWF#XrI8nP}J5U0EUWKzVhyvH)9lPfDJYBCBT2mpjTwSpxiP#yXaeK^y
z(C_*95FHV{VJ2ih<0@Mh{?!_X(WE^bPjTxyi>@=*_!vmf?uop)`{7_}HBdUHYBSx6
zcGVkrH2Hj6YXzLy_nu#rz^5}v`Mh6mcni~+;!(?RhI2>{cQQ!j+AC3+J9|?+WK;6S
zbr+}#r`+~+INugmj4+$`LLB5Q9=3thcXm)%J=B?Bs-8)1xWgS@^CDsW0Hy3K7q(jr
zB>6fqxpH@oSxke473L{vdHR?|7=#q8aK?87O?VGz6FPoEegK_6an9DJG_`~T1$3>Z
zJ34nF)z8JQL$#l<xZCH`gG)&29nRRA0yLcfdBnKLZ4CO0Zl(SFA3y*6^OY|?`|R%}
zD<*{YCk6lYc?eL)>1DTF@Ncj_w<2b=mv=%2pwO-s<HXL;?Rs}gltKH&$~C~d)~q)F
zkXtiPw<lEmktkcv70s$$EEvAroVi0l!)VgT3*{_+W?-@Xee6KK)i3&|)6>{$^<BGp
z8fN=a7<a^ou>cbzJ&lg*3zrL~B78@9V}t+W$uaA`61OsCJVxjr-U*YFB>bRVEkR7a
zTMKE(*Bh4TdY3KbLHBf(@1EERdCLN3JV8e-UH(qEtGEz|I9eICzdk=`xA9=OYU?CW
zOR~{XK_O#tXH99Z`aTaSs)ue<9FP{&1dQ5v{CM<ML1N>mg9lq8Zq?JU{dRn;dlYT)
zml{M<(Uq^lR`D#Ovg94u-DQkc_h83b+h)}+nh@?w?=kVjSiu6N5cedP3;IVf77aOC
z47(U+-xR``!EuGHv$YWH<a$)l4y0vjTIomm-gNl}J_L<=fPg_)1Sz@2&ZTH5sJ9P(
zvPl2)16A777I(@+SpG2%7Mf^NB8<LRWMN5UA$JImbZH0`=Wm3G1=wsVEssFo$VTdC
zRVao?^@PMSEdf$dIv107>>r$<P9xwe`XuH&wb-hBbbR%rOlB8H+?>+nz9R?+H=3sI
z)vT5Ku>^ur7{&7{;sM@2-A1>qgpPKq5=Kd}tM>W#JNiY&%O9Zbs{J!26}WFE+FZA~
zrXqePBTw(0OjH<K#oWz~CYZ>u3=;q<^-TcJ^z`_O3ec6rPS=*@X3c&malLNsZCr1s
z$tmt$hBaMZND^B|BrMk~nr@L+^#om3YBqIebxgB*zOOK~7aKdf?WU~8+QZtpz31$s
z`ZT;uu7wZ;ryWD?PxRMRbjv3)34%TEC=rUe+iR$bJLVITh%1m4+#x*NRqtikw}La&
zT!#y=(2Ut-_6`#XYN@`a#UqjlO(G?ql}l^{F6z)ULH0wwvL7mS;S5m&i&S4PB&_V|
z8H+xfO%CPpAfy*&ItaAod-+&}*HQLrPkuAt_V^@PB4m~jS3N5cb+OBV@D9C~D=19m
zR=W4?GsMT<t)$8BwpY>Y(GCDRYhR3CgTmydzthw0e^S3;<2S392a_p(8NuQBRO(ua
z6B=`}cZ#ymFP09lM~F~XFCAN9Xiyy4A$^G7_655HTq?tdW@PhpZ~DI8$=x;(5+H3E
zzsHi*QU&GK2aqSZR$`E_4>->cFqiLcw{%&-#y`f+WD7b@8~$Y3Wp<};#;05%X9z%+
z+l}`l0p4r{*kP6TrA|kCGd-)^kjgy_pNw<d-9bWf+Yj%1duoXP0XqdUa62<tm||(7
zG1=lwmcCJJ@Ds%bH{VS7p!o*z;7$DX6oKMkR1poDZ*(b)`;8`R=pfwPv$rXF#s4Cl
z{wuu-T(NXM&Dzd){QJHo>QWMjtv-H$zFI)<Ym8Y6S1|Tg;aOP5d<mhz%B4$@uX<q+
zTO+VpK!KS`jy|LI`>oxbm1a$bv15M1kj4d`e^UaYD}TY0@gZwOkMr`XUI@8L&XmW+
zaufJ2e+n*Cl*b97SAZ!Mgiq9Z(H`IMt}aBD-DdS9nwD>SpNP2@O}OKg*^;d3gy{dd
z%F2DlWdIcb3T|`SQ~6aX0#&OG&0~&I)|49m0KAk3k4hbA>CRaeJaXY4P~5>)?K@^j
z=tMr+hG{IMigfG)J2ZvZFX_(>y|Q+mO<5)YToU$ZoHt{H3-_KqL2z`2eINrJPsXqL
z6f6dI2#gzX^E^C&pDeOOpjF}<L=2e)BxD3fcmm^8u{;)qiHj8iJXTHth9YdsF3J93
z9>!p;4`k|Q+v5u`KAqtM*25Ko7CDuLVOJfaX<2>=lQ~8Y5pPZL!%>9FPS7n9hv&!#
zu>rIYzE_3$G9qV#IBft`$SWv+Ff{}C<tFr#%ggG8U585WY_M-PHl+d0h}cJCffG*o
z(Co;pSCc5qdf2&38SASfWV-S@y)VQ<Mh%D%%^I!(K#%^a&wxqZh+qb1(0VTy=npDN
zp|q}!pl?GQ&%CowP%^`_;LkOEFT5_K2q^@eo9wZXP4`eCScL<s2>KvnlKPT$h)s4K
zOkH)HOQ#@HOxG<Lfd&OlQr^1-=B?BWj=t-20J?Zi(&2(U>Uax1|4&pAL%m}Jg^DJt
zK!@$H+l9sC(C+HPI|AH24Z^ug`y=pg9mB8#Q>n{YX_xk^(lu$+w8O0sgeIWKv;IlV
z7v_kig2C+=Y_|0D{BT6d32))pyJn>JGa>=pvYw$vAtJE2MeCxL6eQx2abe6N@`&ea
zT(8Q_{47w}vH0{gxzaXklE>FbDIs@t_b;7n0Ifp*#d=f5mOvSK;f(vYg)a1;J++mp
z_YFj}yk|crA9^Yxy;j1N0q#~_GfV6j(=EL?KZyclVF`)5En+s`Njnf?PTmOq1I4AN
z<?5|O2>C3B<b5pr5UdrSIuLtX{$DQd+m~?(@^%SaPsm9FU&Vr>W$;V5n2YvVD5Muw
zXYCIx`l3qvg%c)p3}$%@7aLy~WwJrFt3!cZig+3PSgIG6_~Z;3OngdRZi<W_Sus;J
z;RYM&NavEP&>;wMq`rYGP5teTli={q9+NCKn}xd)*v9m+HbMc#&S2mGylRpCod1d@
zf?342_UVGdpoe91u1f=soP$GZ-<%xV>?ArP>s{i!Fb?qc$6ht{qp+e0SYWgd$M3z-
zgu60?S3IuvLhbC_mt{k$+>P!2IO)%ZzYeW~UDgVx+{r{`s|-hP*g@bwXZu)A&7XF)
zCuo;v>w$L5tu;u48wiMbx>8wiNv@ZjKATA#h-TVn<9Fo}-K9oZZbzY-n!CMLwH+zD
zLew|^U43-Jw|eIdADs&i>!M=;)&$@ZxU;t**d+!npPW)hxP;|a9+oz^W?89qtXL6p
z`gB2-qICGE-=J?nNrP|Iuw`mtC%YP0RsCw0^#%_!Wp}=2EuDUfN^i~ii<<T4n~fIE
zf7(Bi5<%R6o)FhYbO(`Es)Ai^w82G+4dm2Gzq*z7?><|MPnepH2>_!<3?yBGVJx+&
zf8uFy##3L}eU<8IG#Lw=I&?dF!7J8iU|2v!mXXv*`jLIq9kc>C<EN<fTB@$(XflJt
zj7sg|0fjIvc9CLJVuBUVCzotKO3iNQ0K6MDWcX86y6=f)8sPl30C2SFAt<5FS_B0#
zX!4Ty!9_!O%W7%Xw7JvjQ^xk8fe;Ht2u+8{G?b#9-?vgrW{4mcX)A%9!WTCbUMVUk
z+a1);&_R!-6csu)5~YM&(t??PiXcl*l=T$hG7m|ED>wf;*5HUOxe(RXoWCCJD}aO9
z3iLOF`|hSYX6au8xUBbprUz3J+?qcsOHlkKLqWn_E?@Z`8iK}BbWN)&Mz0d7S$&ke
zaQKkcr{8bwu+kT6qqC6%PBf&#*VRInTT9jUFD|cyE@A(5JNBRUvALGG-owm?5HNbp
zR#}Nh=;{<8!Ytt@yDolqXL9~%YjiL=dB}aZrLMF}zEW><z2{g^VC5}P4lq{SUB6&+
zz{IgqHy4t^jI!37_3`%C<slOvj*HhGFrV?=uA=qJ%@5KHqtKDOneWYWb;|jCdQD+h
zid(=60^y>-V!Sd?rq)I~3lG-5POXkz{10EE*hh9V<HN1&6a0juuw>~P?JJ{%Shf0q
zOK30jTBS&EcLkt$Q71D9q<Y~lhTvtl-y@Osz6*CxC|jS*tP(O9cL-3Z0`L_4P9hTP
zxqJ!h-LAAH=>`afk?ZVSx)vjiBEAeY`>fv3`7?R>3EI}m(3T5^TXY{)D_oxx@=+he
z>H+5En@$&99~FgkeQ=Ut80mupDzO7jdEfP*ZlbJRsvIy$;BL=)5YqbPwf7>O3as;=
zPxu?@3+hE%*z@j5Zs*>EY`uH(7?mY@;!>OGe|MAkzI)Bm)Ek2@x{>4qEu*Z%cS@%t
zgc#gukcue=b?gEWsA0_w-G`c;D>|52x&r;680;&|(3geikUvF&p!mkqjqg@>H=jRi
zY$cX3L^d=l<ghjGEcPGoj?NW<6pvrLc>bc<fCZkaHCvTZ#lo}D;IQ-9fv_FN(<`Cd
zzGev8g3d>*0b%P3KSv!Z=iJjvsa-^CPzj<BJv{&{q!7KJ$Yd5FmZ%-`)+qr*yeaWo
zQIwLKY6a5t07tXSy%{<ydu<%Sj56Ce`u9S<-A&zBQ_JfPOY%9i3dszcpnL!%rlw{5
zaKzS(Ik;-9dexsHZ|f%o6kRAyqm`F+3FETLNVe;#aPGYuJPPU3Z?^#ExCq;kc#rZR
zGM2?%vccVJgiI;7<89t_`eavWL|yo2KM_ibFOoa(jqu&BIHG!&8uQwk@Z<(DkLCuu
zE2bIYrP+{gaQrQ>nRoDD=E(pm3#HacA>m;ywF;|P%wX$snZ#?uO3))Y2~~E_R!nIa
zWOocjjVoXQ6--E&xdPv~5tFRe#2;)#9?1ChAVK=v9q?~_E;Z&mHfWf4@VR2IR)z@3
z7Z?*N7@AFM5zi^3L=H->C7?^8X`nMbx*}NCC>xFxUizVQ>L3fW8^_XL7IV_+rJ{3W
zVU_mW>R6djx=w)-s#e&o5!xAH=iYTQ5+D%&Nv=j|K6q5hfJf9)uM2(yuoH6JuR*Xd
z93<ORpY_MhwjN>Ri9K0oqZov>e<T^CTdEhS_=rn>jhDu9gLm#x1ZJ4TUG5R9Qo<}r
z`*hwu`pUp79$x$yN)kXuQGTqe7*6WEqk5|ZgX?@Ze!!P}7Fh*QQ)W-Z@(L!XNfp9c
zfE)?UrPFUG=zGm!_O3xjmHl`qFDlu!%De+{0tRo7KAs$Rb@4sQbCRri`4ZgFJ!=&O
zOt`9zF4QP%H~8wBvK!XAIv>oH1;@T27|}@!JtT3BLeVgy`=c{_;WiXW6o1?2#c&@{
zKq%Cdh00vai_B=Y(*895Ig2w$=jBtG#9+>z*MBaR4&=(u?NzD5MOsqwEr1@g8cIpo
z`H+dKY8nC{75qv&|8<`eURh{1@H+t66z_xXDjWzT8^&;OHnh%3t*~55>qD$p5^|Gj
zX5;<jwf=;oiS;p6nBX~HM`BDM9gj{%?*-+U<%ASN!YTt#tXPUm9#UQ<^Dz#VKfn(|
zVEpp~iGm;m0SlZUEs(ebloY>GOoD^+CV7_LgTgV@A_KA`m1FtVFS=WZOn0+Ao?^?a
zMTG{$rFI1luC*h<TpvUXc<L86-h*T{r<IiGfmrJH{b!V}H=p-zuKI7T@(q}p(rk1k
z-wuS>JxL@Rv)Mcz?UNrs`k=?qa{Wb9kM!`EQ5^F(+=J@Hth+KTdpvsIWKK`$3rMHj
z9n_1q&U+Sgl8^S~i>IXsm9kZ3EDJn_*fnoh8=+SS+Oh}3N5KWi7TJKb8z!eVBK!4>
zWVM}f`2rASxAMbGyd!|fybwf(+ny0itQK~)Wx64wu@=zbo)*H=dk_5p{_o1ZA|Dtv
zTeg5KZy|X8^m9e4qSMV|Pb+_lXFd2<DL53VfHw?x-L{1rV_=$il^^EV180m%K1p@#
zmGpN%yQDR;R8*9*dZ@7llZ-*y7}ZYiO28+*kBW%IJc)#dOn%&Bd>9p<hw_kL%<f10
zosL*qB?ZzFJz~Q$<kOK_GIC@>dq}pw1`wKq<H>87*SGLCVXlAJ?oDKbuuJg_n<>U?
zmIg{0#!!6&_#$CK;SuEg`MdFj(e6XU@;z~;tQYtn8(#cieakCPqhA?3P;LNNuo%U}
zy+S$hJ@!Fp?|&!9BL>n>p>uy&1fBHU6B+U!y)TbX6v-xtqPy&&DI7?wt*#G=sn|}7
z_1ERW%Ou2k&)!adjDA7vHc~^3fb$D<pNH)NEk11jJe!^_@}VrJWj9ky&H`vVtx|cV
zn?<Y8F9?57E$Bgm!_9ZiW1xP?UO0a!ZsU)MH?7pAd9wAi{bKnu|NeTJ2;t_*pEkFf
zs@|CC@}G7PmiV<FXa2SeaPvd|gT+#&UHG0P2O!XPC%V(U!4fHM<mqG&hx4oYfqf85
z&08I%1~2~P?XZ9G{=Yv^zPkti@^f21E0|Btx>8mM7Uru?zr<4cE>VTxmibb>G`Jw+
z+JKa^rafuQgL<)yIIY>6Nt{Qrzc5ana!<rg6tq`L+)AilP587}heI17hzE8~&XL;i
zY$NzzYUmi}$gLvevK06pKKS(oIWA4ABPTiF!dGHZAu5vpBCQ7e!`0HobP1FN2!k2W
zJ;Fg1cJ6damGTy58!Gv|I7nli$Vet+8CYBFR@PwgH+_BTbafep%OgC~1q%rWh9*JL
z++%OuP6?FO$UdV3DVeRPQq=?(z}4>N<H!1?{;;y|f-*DlP%EJZckEA809Fc(m;G$G
zQ_A5Oy0j>VnkDf+b<E7w1g%nF+xbQEG$>7<?1Gi%3$vuVyeMYaWNFH1&weTc2Q$6#
zC|XJX7wTfMO^J?jkH#U>=l$w@^skrG-!)Grhoe3FBGs$DKhhH?;wq$^Y0jLto9p#*
z8(jlfu-?lz`R%ye>JuXyxoN?KrMpIr_h*E~XxF23q1rX$<nQs*gc^n8Nj^xKUyN38
zURLZB7ZPm?RQu3d2`V<%uw?S1o;6O=64Tjyiz=5mgSIzSWe4k(wY)B*t4Ov~ZiN$I
zJ3?fX4)j~3Iz+Y*Jihj=IB>2YLwL`|4<yL91^Ys#aMF_~R4ADGJ{!Hp8K_SSkr&Oa
z>n(IT2proDsRdj@7I`L!9!2HUd36XvgmOw_<J1S_<p37p9smtUt`W!46^?J*)USqJ
zV@yt=lRuHtUvhuAdC;NAz0~g~L&Zn?fQI%)7e^?otWY|bkf&ROzRZu4;Yk5BQ&LIs
zLFXut&A&>S1w#euK8AT$UgCin?vs1>5Jw-FCM$=zMs2lT>SRmmR&6}K)Xys>PuaI1
zYI1Ila4uv`%^d$T_k)OPiJ%}lI|P6&@heS}ASbiz`juP>qEVo3e~QEPKBD5GH;Xca
z1FImk$ku!BKRpsj#Z0;m29VBX46p5R)bK9Rh@|}%h%~g2ifYH90mak>Xn}|D{DJWR
zmLhli0q2ltw`86D8UgY#3dhdZ2aV911c557yUEfCFWy=6?c`zeEuH2MUX%;$F`?+i
z?ly3)9=r=Yhi<`EcI{b<t%<Rj<$+_~=HnM+Hfa<PQzVGWH8h(C{11><jm_L`_+8hB
z;{9OFQ6>R~MYRzU0@D+Gyd7{<N=p$5o$)rn6Ai<scta-0yKgWH($j>d4V(@)Rzv%x
zRJ)k2e7dmv?Zy_FTGrN{zkIg)YVG;6-PN_-R~uWan@=P0`<(?M@W0<FEuihAbX-1Q
zX~@1B1DpV|k^>5dWT;Q=kG9t#xoJvvX?ulTMh-+EorFM*UDe|+B+uTsl4CPb=9-Xu
zyk#yOP*H`)`ap{<2jIe6)fW|s=BLV%4{HEo-z4KU{q?MauwjND2B)h{ZB-P25nEh$
zi(m~t0a3%Wi>b9rLuAv7^ZHoXhnOSHjt(dBq)<Ja4&TYgc@sA0J<``E?708vWASZz
zkk{T}J>ymX73vX1N*g6jTcC!3;Uc5-k>nv_f5E-4`|>M-q4-TnG?WR6rc;)es=$_T
zRN%dgNJe0AMpHX`f>H;HQT%olMw0W9eZq--{|${uM-}=`^%bk`8#VoQdJMAYY!N6<
zEk4QhQ9U~+XCJCv2`xD(G>RslcTy0I*fdfXTm4#xG3FstsU@nP2}xzr0tHBLxQO^b
z;ZOKXPxR|cGpdv;BT!HJb7=uy@1+=dNJc<Uf83B6NNQpT4-pg`NX2^>N0epT6B?r4
z_{sM)EJV=L2b7pcJ|Y1lK2InI`#R|$4Jg3-8i#(*MA6dI_K=Lm#KKY)3Ss22nCH++
zpoJ{H3S#w7)!yiYznKz+tJlZV=>fm-K^ou71V@yr@~54PZf>56<u3kr&<&nA#?imW
zr2Vq>X3IVTh)Q}JUTB-A;R=P&lToS5nemBjW*<yIj_})0_$Er?QDx;F04WWucTT+N
z6ottm)Nk;Hy8caCi*OU{1vo$xKn0MP2bm0o#8j#VmmI|%Yq<!gtg$)VyhMeE#99@L
z%1QMY7*#>UU=wEcI-~LF3}5TgyhFi3p*#l`67zQ+mKgPs`w^z6=X~biOq5>A@+5Rg
zdHM<2!sL2Pu$;(3=aZp)5mlz@rL-1BMi+qQPHJQuBWa{MyL8#CNv%AFc~2#TI5>&t
zLU1rAvRUGxYYV6L4IqHpqWP!ojVH}NDQGJA=qjj}i=b`0coU2+&o5`qA11^@TNJ2Q
zeNo`)2(GVrieK&}JAn&mIvJ83RuOj*x!>CQEK<aDOr?yWpQBTX1Y^jBl8*TAEPkYG
zjqoTxZHpB=?urRK?z;7k`(peqcj4=o^%k#ihc9Mh{ESiO@%IqC;LXn(I-!|oucrgV
zMgU3`gDh^jFUl)RsKgqFek`jl7Lgy^9Cfk|!q-zd?le!KcvvI&g<;p<H|_INP`95b
zxQ1sl3iC(!t&{w2w8O7_L_rW=SFFVJ&o6apPgoKhTv=#I<nS_G1!Z3p5rZ9GzU^N1
zD@b*<YS0{OH^TR|PJlLd%Y5kd&bQl3QVr>bj!2Svs?!$z*Th%1)<tR+az^#B)VKMg
z-8aJJJd9|bf4|P>j}8z#z#3JMRU7);@3je80L?<OOn$3SV@gqI%@H#4NZ_6&;~*f*
zIL+2boAp$$$#1U24X688Jbg3vAJj)gCxBzOMyE&^=m(@fDf#F7q@rZA2gkF0I6+b9
z{|IX&yA$+pG0*0Bve#+3gfDRY6(WG798E>}F65Wb?x!(r(D=dsqKkXZM<Fj4=fixs
z<Kr9htMl?Z(*;mLSVnhc^sOLImaZki-#3qWccy<T-ixW!P1(!3E<0J*-mg)<+tPYb
zHngsfg(}eW+~q1pIagDBS#*B`Ow%)hW^4Qbavw^kgX>Q(PwR6q7kd&VHpDdjn<$T(
zpT7i9Aloa2FU(9zl#+E}nljI62r#UTyp%zOun<!0Z;=L4GAFP)!68jw0~GKk0zarG
z`dPo0p8QZ$zYivyO(`~DG{Hj!V*iK>S&_B+;%1x{8ll9;WL{jd@M6hMIoZodEI0%y
z)5&T9fuaR8985{%ya4-AHEi0o59s<a$>IcCP(X0`7PvD=MZM~iiU2K2IRdx*-Vuqr
zg|iC9>~`D+D_-tI=<6%-=;ej*tW*Z&fdU#VDHOjg^U`GCD+Pd(;yF|<GWf8*NN17m
ze%m{#*ePL*WVuv-@&LPAVwcR13*)GFSrl!FqBs<HM|j@KjW3?BZZ2(aeS6DGG_;{~
z?!7O@8%#<_q42n>S5PQ{s3}aIBUc0@MKTZ&RgGF7!Z;@Yc2=SRY;#C5hgRV61XCY;
znpB?3Pa+63T9#{3$I*9A5I_qRoNx-DwhCJy&p|{XWlVW7km*^SsZ4EX$vneo3iJdT
z+Ed&A3Wp%#(G@e-e>_rdfc^s{wyk1T;ff7>Ha%1HaNHz`-co{us#fgoh(J>khiA`s
zH&)tJi$^5f_^sv1xdT+$swkp3f(hvZQouhrL9AgCJ<V8`j39TW*I2!tE#z0jTp>D0
zaeFb3)fJ}rl>+)L@9Az0H<1as1IEoWExZ1piWVZ1lqM<57)N6IJEd$;(B@;?Y@e}&
zFf(xVz-)=909#oD`$;3``@Wy5AAn)~i@if}0_J$M6V;TRimWFQ+ovAPC`;g~{<L3x
z)jXT>f3l=pJnw}mF=L3`Jj7xNh#|v>D`dm57CcO;5N(ETrCWjgRecAKm-SpM%$(!<
zfWu#|ZV#!PAy-_S;oRfzz>NGa_b2B~bj329CXMOcN5Zo%?Y!{$jqP>Xpqm?Xo&Al}
zAN#TRL)HzwMxkI`>ZN!B_J%IYYa@9cSBMvh@;)*zCnAdi)*iQJ^6HlaoK8><L8PST
zrl3qXG4EPYz@_sI@$djCS6jG1)l#lA&Bh?T20=-&K0;D3#eExzzAcf4U08kUHfXwb
z(+=PRpinmwa0}2Dr3f<Dz|TqZfn+^BeIP-~Cotl2@C-SnM4)@T7fwH+$J+`#WK#+H
zF52%#I;t6sW29wfo&C6*C~*RENLS(B+I2VTfHF7f)M`vfx?`*IXC)venQu&3sJe8P
zS+%Aj_mhy>7)+9>n1_Pyjcp>DNQeNCE%ZjRuV9wM{dRgS&k;IL=?Bv#X;wkoy*{9=
zL6rP(7nDxJdcNBlt@sY^KMixWXYnPXz7yjEY&KFL-@<J%!6kpRhS^IV-Hi-h-kfiD
z?A;DpW_@k_Ybd<>(^pSDHAoVwXi%&ZZ}|G~n1A84*BNMk$pU<2Up{{RTghL4`xR&j
ze)-R=0qE(&EAa87{$DcYzi!0UEP?UbifIUBFX=$*NQC~AS@Zl4&GUW94UJDkkr5)f
zUo#qzLK&n&MlQ!ERHK!Uw|PBjwX8q4B?ugV^E(w<4zLr7GQ9_tGrmdMiy;pw=TsB~
z(MS6|%V6FPl*eEDC7dh|sw)VHFfyU9zpgszN|5<a-%vGHD-ok=FGgBw(HwYyNw01$
zBsHaGVZKmMJCDcW%Wak6u5dQis9j15%=y~DWn*+`BArs|rBA4en=?i~5d9Zl=#!!|
zZdXK3LZqHQ5O2BiK&YMbk3VUi!|wyf+v2m2bw{8WR3{Q-`H7Sw;JJ;{gE%3e`e4;U
zZ4p13KBG0bY0WY|rw7!nza3o0E#M_~4E7fIQ-OzV>BGZb{gt=$L}6A;rQ37q+8h6!
zvsyBu8rhHjCN-d=%11QY>yMl5jc4m*ByTy-;KlRrR-ZQ8&z>|A%Ubpb%3YD%ZRB9+
zB5Hz1-#_Nx+76F0XGpnd*X*fYU&syxCs|*!8M_-KW%#D~d(84Z?euc@TA~+Uhc9RR
zm`JC?!L|Z05Drvh9WtWkskngN6Yu=)e%5=3#yVqqLcK1}DLPPVn^T;JCKfLhN}y0s
z-Y17cCt7S5SfgWY+mppC0vL(;Y_^p`!emtbep05o*a)5AHa3j$QD}6v<8dpvxSTDe
z6!3x9OZZ-1sm!U(Giza(VM5XeIZ)V;V>4bE*#75>8`)JmCL&naRn7N>1vM{yo|`u9
zHCw+%VlHytRe<S@zM;TXkb&FMK21KY6Q+d?v`JvnC6QeF4gpaD*|1bK-FdqRrHeVo
zSwa|=-SAV$J9fDH`FdZ3d^H|yNtkqDoj{C-eU~KVki7LjkLACjKjHFF82>nb$hxga
zE#m1aaCFv#R?vfn{Ej%IGF^CSqoqPN#baDiLe-ztq8{kSNRsF@t6sgoB;CYaFSn(n
zP_;`cB`;N-yJPEeS?=PU<vPygpi;|(EamTU8$;P4`w)}t&RRZpOfTyb8s+XoXHq#0
z;e*9U?yvBqRl$t#gu4;$@YqjN*^GwoIXJa~@g3&)tW_{O8hXW)$~>k>>!QS`NO9V@
z_8bDr`Kp{k0Jg=3o(JRhjx+K2wx&OVAV%$D@apU7`-jE9b&ae;;_{#oqu1Cz>hMAS
z3Z<)aC0J&@4?`&c`PYi1ql~v(`4Z)}P?27D5@txcsYi8aiZ%s!4ALlHvoa(UTF3(E
z2?YJafB|hG)SwrjKp(}#Lac?r9}hsT)8nf{b}biD4cXFAbSgXx<w_98a+gT5uv!B2
zBF^@8Xc!{c5ygm)X;kXC$l8b&4NQUKhyqYVQL&gKj!-dnYlPx{mAn$hHS$39N+(p#
zIaao%>Su2EK&c`===~}sZsEK1)J}Q+#bm&Putf0tcC>%h{_21G?AQPBJ8GN0kxM+2
zF~M?i=Ucj<j}cn8!%HD_Etn(dWOa3yu8)qAWn|$8{#)AGT3TOkzx{S)Ying^Cy5E3
z_V}&9g7(-#>)B^lr~B+7AOiUmfJHhTG^UWl<Nt!jq_MlPnOp;M+YpV3Wk*t_fRk{b
z%y`pZX-<&5tSRW;;mBd`2#AGO#=WF|1OTw?h}*I-0s>J$CVSWn)){Voa+WsmI%2{6
zi*zuQRV*ih$9X5pp{J%G^i$WQi6DA}i?rakJCU1(Cl1NxR~j`d{DekS)DLQAV^iH7
zyEQ64wXt<(KY!Xh1Z7G258xe~_yHv;-cSXr0+yzy;)4Z)hG{47Ok?_fCh#P*?5n6?
zSnJB2wP`V=k>(`y*4)0+dS;`+eXFr$*B<b?!ZgnL<E9csXN4(mObM}6^lUKWZbF*v
z5-D<0(}{kd;hdC^#@4-E!bKroD2-!x<x`Q%Ei22VgO8gRW<Xz99T&DT9@z)g3QlM5
zTO$~mRE=Z*0ZK`Or(0jOTPSI}yX0B=PfE}=g#>8=2F&m(QEqFfZSUDr8}EA$vK_vm
zbxu3fvhReB&vh#GN`c}ifu+3tPV_?Lo(;igkP;zy!WA$WpqCcR$N;u4y<|Al>Mi&X
zl-b{aqeE;Rku8tK;#j4~k;2x)Nv6K=cW#T##}<{HnOz5-3XGe+wcJ!c+I_r{;-wNB
zaNN-Tn`LzrZaRNFIzeN)O!8P<elaOrm3zzHO5{@WC21O*(6g5;!@Fch1{G%n{BVgt
zOz?1_9R<P({uP{yq!oCt7p)Zexh&no?t!oc&mn{CBv43rHS;9E9^#_w-nodnMRi#~
zGj6gzweOd+gae{|N;*2f!b+tQ5Um9fJToS@BraVnB|Bh@FD+Y@mj=Rk&gJY8+YUz@
zxegDD+3SaAoW!S8fZ2)cZ8sb4+T3l?yIYa|Nc)M;O`ywfTQ7Qj#U%jlyyPyRL_A0V
zv)oD(TXtQUeS$B`YdGgfpIM)jLP<jEb1|lc-|h+0s>mX8RR^#o5n27W?Pta0$u#0(
z4PY|dRZd*R4H)$Tr(oEY`Lwj9Si8C2mF%}1#Kq!nEvsmpuCzp(v|sIwH8W@F7<n)#
z!(?89PHQDL5OlXcoo9z%O%8sRxO7`x0)>Qmpi%AF$Wh#J^!AK><$#zH4`ibzvc`!&
z)@ylvm7?|l+lI|ofI@!mX9D=1+}?lp5H<{+P!pfLYNuZ*mg-(ru2;5Ra}`vCAQOMd
zmA$7c9qo*ZQN1eRl>H}_43y&17n=~&2Z{6Ree5>X?wN{|$r;xI>*uqHLlk6sz9a;N
zoK*+EzrTNaasR8|a%>t8zKVReGr_oyoQAh&&oX<;t-Q0b_VUH%?hif~^M{SycISs@
zYu~<j{%rG48|#hKXU&d0xb#Q8P4A-N?W_q~dH%>KD=EBpdv0V|9*F)4Z7lOZyqdnx
zndO4`e+0G{!W!)=vW;|4JMgN?r)x=`ZU|wF&p*+3{o)Zrlo(%;Lpv}X;*ivWq?i0b
zHtTU+@rq}=HB(3}hr3@9j(g9hP5@sXh%kX<&e`P>*N_02s|+^HGFm*AW_7MEQRE%b
zXrZ^OxGXvzKR*u~rZ@7=<To6<GgF_{61jIZ#bR36qoq{cX!VKlKzXgu-f~?}iAtaL
zmHGxwrxfa%7-;8u@5Pb`N%fU?^>v>#l`4Ol#fX*#Fh5&qX~R*7{B<bmgOeI-!~|qJ
z19F?fb|@Q0hv+S|;#%Y`k~3~Pb%^iJipEkU`??ZArqR)PLBI1Q*gcgzl|t%W=ING;
zs-(pdC)~c=eZ2G!58H1hhrf-#OW*!sXKkmITv5L&{Sm{YZFBKx&EiT8HPJIsEw}Xl
zx7@_-21wu+<l|{}*lbLb{@UKxyR2w;heYQxK8uUg?%Tr=i;dQ2A}Jy-4798vT_Xk~
z9SR^>z%I+*sZ7~oaykcFKp>W5c?(Rr`}_r3^H=MuyQ{Bucb`^a_uO34!6MyrLrGW7
ze&TNJAfU>bLxl5CqJGQuTe#vgX=NNE(m&8*uB-Kf0TfHZA02=(VR`ugQgI~R(iv*<
zuS@T)eQ;L1y|cqkeGS?57o?Re!~mEiLvu`#_D@w$kRS<{qFY{;z4M{>>TD@%1?}(a
zoi)9*hyoyLvFipD-3^DoABJ$K_V9H)%Wju%O0BnlmY9m~q<`E5bL;ozS@{)%Ca*(3
z##=UjO|#;LBdPuHlC#!y#z+4~dbOSzTk2#+V(Y-23QbqyijfeE(IYY9vpl*4FIr~s
zG3t60>y5G|670w?%O75ox1Ont$`qXI9aBBuBK<vy4zN-!j2C~7iX5CyE81M>I<c4S
z5T{2Z3vmFlM_Tzb1%Jy`AGSHv2>nn4j_~#y)zH&TqS({%Chq7W$s|5qxNy8YP#(;2
zN5$i~C?^7gM4Z6-*^}0=TT|`EXyhj*3avf8lR@ECU`!=W=kL&0>`T$1e{%~JMRx7_
zk*1^lsZcpYyV@SuF9JLtI<9Og3$XK#5CYLwl{CM`0pj5D1noua9u6F2<7;LPyC7qA
z9whWvbTgHK)i*|1<%Y^xJLueNuVJx=F{|XV#57z(isAJ1En%hSn(n`%JJolvXnI*a
z5T#ww;JsWuiRdqoFWC=jOjt`;LD%=^&Oo{kW)4pB=B^~%NZIyZ4KV3>a@+df2r>n>
z{x+~t^uE7fsqgIN$Advrw$+9rZotmB?6O;5w3``KIzI1}F?GhcD<Ld=H+JmdMgB<J
zvCQe)DZt85Xi?g^Mcb%H-e4b9R*DCehgOFAtwCL+2o$`ekfGdx?oko9ITqS}7)g;N
zov9FPNW^JsEWRyj1B-OV8fuPlfuObF<F8O1S3YWspUA()gDZ(`5katXxo2$>zsl(o
zKM1tW_|9!)|J=d(E8MuSX~^$0w;Ba{FM9rvjl``1Up%2kywORM2JHwJ&XiM7NEfY~
zP<u{zp{C95=GI2jldHPR;r<JWYDDUu0UBjRbqIiBs9$qrBc>hhY36*q1d`C$jRyKC
z)T*c+U7+*`0t7l1iM<&uXdgDaFe|&HFCcjiejWk1^&WX;GUhejwffUZa+akX_y!l^
zSILq1+D1C5X<@)%a>aqg065vW7;l<gczrtpSj`zak%1}xlY4o4FqP}`;;jG44MF?Y
zOXKmfC*>F?&CF&Gf<vX%1L!f7M2dN)*+MO2x3)zIGNb_p>(ZKKe|ffH=o{gCluwuy
zhLqsl_Cz$fFv%&r(?#kF*pq_9i@Hba3YP%VXI7mGD=L5aa&sL`2FODWoTM?*Fj++J
zu)5*+tf;Oa2-0nuF7P<~jH9l(j05#(I7^%5dvQBwS{&0~#XbIlkHh`e(UMrvG}MlX
zk&q$=D4a=zqQtk7?=AV7+2ZVXE`TXBU_-;SO=Pa7I%ndka2<t8!fp;*8<Z(R^c_Vi
zlYdt|>Ebe1WH_yGG#V*_wfIj>q&XimuxWf>nXABKBqPkQd)Bd=ZM<cOU4fg&*S)`O
za9xR;N9OlPV`&==AKGhE4UM>~o8|S*oh)x}>tcC-a|eqD_YD(nG0p>6#tqA-?cnn(
zav{8Fx~TmY>=OjlPiSo(Y)wmJZO&3#A~_5_2X2CIJaE`}IcnRiF5dnMEVn=MF4XDd
z-QM)};5o76MQ4+WEjdYyT4EPo|Nj1`3vTG(m76IE5@gdFb|7*w2xtnGQCKcGLQQ79
zv5_kE?}{4Ossd*{xM=kFfUh=b_|cW=!Dco>xfD}VKPs&Tz=xW903tV(>_Qg?B~y`G
z6a#4~HLZvP{}jy@Q+mO8tGBhS&|tZn(X5tE;{-a4Da21Bd7a=T;;>KfDBp^W?w7(_
z%V|I&i6mN2W%4nHQqB@dUo|GB26jlEvEt1sYN2q>b}MQ!jPL-<YXGGqD#*bsN|kDI
zp9n%^0B3v{__xNs-1gqck09QeT#2f(IAyJrwyIQS{xIx|A@OzC7)Uq9q3RT&tV6}&
z-N%z7VvuJ?cGtkb;lpdjH?%n(M)|T5C1Wy{3eqplFVSdBT#l_2rbR(mCK_O~XhW#?
zGK#BPrF>cm)GvL|i%u>jtz~w&W{fy7F|*qFCVQ8TLsP2q)Rz0TE?#fv*>$gMIqY9Z
z<8iphO;zU}EBla|4Ugi@Sg`I;TKDJh63I~fI@m{<GaMT%SQx^7?UY@RicFd(UGXU`
zgy)hPw}y34d(4BoA-1{9UGYLTki{YiNq8Ml4Vv5wh^9IB3`JdwSQbiE?OgQU(;K^>
zqNGl7ZjG(D)#!{cI7>VafI(Y?SZU0ntmrtL4v{<@;`{pYn02Zwx{{~hB_aJ9lR$Ou
zAL62TvE}v${Q9&H$_qK35>;pvO~X^nFmGk1H|~E|o$HkKg_k;rHV1wtDJA7=CxFXo
zR&=k5!sQj8vwQN-6RCf96fvNj_&D)l7<=^SaZ#XWW_R*vgw>ukqwnF~cQ30m+V-ij
zRn;{}4z&zZu4!U;24JmQx0TrqF!WKvq#CawJ2~xflmYJRG!g-LTGHHh#VivP@e@8S
zhj!L0B@k_PVb1-hGyk;PqDv`##yjjGI0C4wJj%F0GvDkYZ^-%GD^<LXL^suqLOZ-R
zjOISpKeKW7IXW}aH=sf*;X_5sEPNV6Nuf)htGb|j+!$7`+M~&d+K*NZHCn6^zt9J0
zIm3mkVz`y+vjalI&~@kYV(eiC?tIxN;Gx(ncw`{Mv@dL*3S^L|gS0(PVt$b_Fs>wd
zlwG&Vq+7+~?UaCPrce_R2Pu-{P#P*x6m(Cr{I&}umLQubm{+-_4la)5e=<2dx>)QE
zlQTOSh>BVBT@VgV<B_8ik`<E>!BU=K%R-pd&U%ypS2Zg#SpW`ef3>sm;=7F(t<?WJ
zm;yFZkWx(oTvd5^2>X?LQ8qt6snUP&3v3+2%}m|W0v7~_=LYXsyhVD%ZV*9nF0~NU
zXoAuIF6bbyYZfQ(3Fl2Q_d$)(kR+UH)VxLEL*WCZ)amBn04T@oPEw&;KDkpj+DaFd
zXsaUU)CPllz-yvyiGbiLr62_fy7|gZ)lLJ^I(+E-jbcDzm~m<%-9BQ)$-8qD`z;xc
z*<ab||Fz0V=^&<O_%E)3u{i@4rN_J`yW<cu&*Clz<$|sTLE_wAf`_C&(jS}RUq0J@
z`OVYKoo}(~%S!O_bkC>jzJ%5YTk#;lo~d02!oESh>?I(idqfQQCxa4|(kf5-a$=>Q
zDPqj7Sc{iFxjTP!YR&|!47(sTSMfSshVq8RQoZqwc1Mx(Wh-?VJ*<d2o{FdCrK2a*
zZ*b<^ElrNkNT31!kdNiCY`!$UzxGC&w&BBBy)V8T<$c~0SXVnZU$%Y>kvu6c*%aYZ
zQQwwPmlAR(+dL7so^4e<OJ;^Lc1V4THGZ<QuwF4Kqw5_SIh4z52$CsT)IbXxIDE9&
zRU-n+j>94|iq#UCGM8eEGHRF4&i`z_FA!tI`c_1fs#bkmqxegQ)NUOt{4X`zleSw=
zpBG*<8Ratxg26nMCwyoNRbeYD9LyXolf{4;*DM^9!~-Q3j3}Gz>*l3VPnVQN_@2*k
zsqU~%3d_Q~DnHMn2~YJBP2p99<ORtvb6;3BeR%Fa3|;KZs-zq|(KHphe{#v}#^q*J
zd*!>18bTVPOw7dH*;-t0ClE`+g}<_&{&Y#3oy$d0NDp+r3PntO6Q3Fz7Y?Q}?3do?
zy)Q+$GCt?{3NXx;d_nWdz-D?aHFZ5%qxnv%gkj7#kHBO8TSKy(OmOa*Lof1~67|U7
z`yHxb*5#>PX!B-HnVU~dPVM9ScxQ$0<SYyR^2L=n?DP2pO!JkwhY%HDTbP$w^BrqA
zZ5Muhc(z!ssbKeVZ~W*x6yeXY5SZgZ(N_z+K7L!TPtJZ*uVEVM^}F#N(PQ5!^{@U^
zCkNkbVLXV7<QusQ|G4j_Iw<G+)fdn3PiU0cXDtpM&w2TNWVf;=e^;9C*(31jv#{O@
z0JMW=vU6jz7IP7&DZ*akjxU9dJ}LQ3BQYJze|&jDVx7=^+w%d91^^e?2UR0`?}o^t
zj!16@YieTBi*yO}@=mN#G{MgFD(uhRh78)*x0e<xzj8;*8is2Zhc5;x<z5&H8W0@}
znI+w*EAS7bRg2u%ZUF)Y&um2{rSLuDS}YcbROmxgFC4dIn!=#VT#jFWbONMBA<qdq
z5&~;H$-~|${7yV#b}r<z+PTLj=~_FF-Tg}ZZR-iAbg<jtpv&sAxQR?lXSIo~%jtL4
zwS7c~hqI|h2HGH$1Qu8bWnl=Z<&A|b>YjNu@|SyG)x3mXKHB@LlBV(jvt881L6FQA
zmWg#T^-eb;L1-Th(_qmxm386ooQ98HGcrlO5$wE^;gF#c0wE4YEv3<2REPp659!Mw
z+dlWl&^2c6qFjE`e2>H}aX;m|Dkq8p>HNF$zM}K~L-{?2?4aURl7L_8K6IH>F5g}X
zHvpU9FTQRU0{i12C8ZbPHQBYEPaOhfI1)X&Jk2XQyI4E>RtU`<mCV+B&j#pvM>JgM
zIzp3~5`(Q+cg8N(Jzp&BH)9;2y!u{5?0pKqK)=9+j-(4h#?xJ^w{i)<pD?GrOu=-f
zNkA9}qn;l$-%roq;EF3`?36$d3j!$w5@Lold#^`&@MPop=Ju=Y)!lF9VpDv~x~D($
zJ#m=uvU&Jb-uI@vx?h1}ku((-wzajsUN0W(J~%o$Ie}P}SM|w*KRsxEfFI%C!*;VB
zogfKgjE>s}-Q9{De3>E8vlYbkWNcJxI!aq#%$G5h)o$<Xp5Q_42Dq)TtW)I1qp_np
zTa&auOZq^u>`SZFq4o!DUsj+g7a3m^S~Iqs5|k$rJkL{xt9F@=p#>D5H!Y@CF-Igh
zR!%A%?WoxQPy<v5>FF{%22GoJrS?I%GIfwz?CYB&g<P;#;j3=@w%RfR(;;V+?Z5mn
zpP-HWm`}VJjT^wGw^rPhDopxE6r~4qr7p?GaPGq@n45~T+<KXf;THyTWeMs{ri;U3
zD$&s$r2{_&V!1Z7LB0Kwf?5fb1*Wu~w-+uV;YXFeHXVa{`>XxIPTWwqx7N3Je(>D~
zJAYH@k7}kGPJrAGFVsxV^AISLqMIRcFjLpd-#xR}%YOu{^#J}u5Ya0-KcyJUgzy0N
z%Mi^^6mkbX5s}kLC{kucj*?Nj3p~JQnJnq&NZUov`M@-z1NFe7U`7lDLZQ%}^XWS#
zI*1pOE~xF4JK*jrlnPSCP^3mP#XL$R?V*Z@pRm5scDcg2n4_bdz3mKRs>q^(@#v7B
zE1j%5z7As+2Mh>`PJz(oz9DWuaH^Vst#`KqVGG}iM=B#xfJ;a%1vLSq5po*V7MVqF
zC~bNA<BA3<y{%47c7LlB==vlYt@2Z{{$}f?`%Hl&B}pv+P_o==T(fW=$6zJjOR31U
zWCKeHBAeMtO;BNa=}EO;LD1<4bzX@O7ULC1d0p%WBz1zFdxT-xejLXon7)uoXWuC6
zBqM~#QJj4c72z6+{1X`3seDCQA+03?u-dnUDL?|diPXOCRweCOA=DSGv6~1xHW_R#
z$oE@K6qZ?{t)4B@fKhA^36NoM&}8=K-H60tB}LmD#5G3}!kOpe#*&GcKelwDgO4m;
zu~<*D*6&5fPK0wuW!DYK1~$Hw9|ri80Q<{B_-bNyFOF=`Q#7_VcLC4bBmT~x^j(^S
zvWgM_et2NliQyEW8I?pH5OhlfRgmf}P!xI<+)!DlM2WzI)(V`3X;SM|YEB(9+-Z53
za4vk&_qP(*BU#EeU&|^FVKe}=utlN=&XZUiQo8oLwu{57AeavWubF@p!sHe{P>hxA
zifIoLn_prNi<DhgudK)17j)U&(#`y$4(JiyVPUNKd^J11JX~aB+Cpl~)1@e@2J0d(
zQ;e~ROcehL&wTgA;GH_gp+reys^d)GW~OuSFztoQY1Vb;2U0A9OGda%xb|YKjb$P@
z*G~)9Dt!(3K?UWvxqkF@3=M_)6|JzCiK~Q}$VWLtM;JJCbk0$B;TM{<q_WcU{FCrh
z1g6cst#fGgUtl2GSZ@A=hHtfzzMNLW=`?eW$d1|kNoLH0PQ%{(_fHpcu&>nE;_P2o
z!~}KRJbA6hDX#oWyFKv4YDVq)^UW}TIlxDF7vjBofa0ilqgdqLw=lTO2hb8M{YY+(
z15JaQWE}}~(%K4B+u@dXi1f-(N?L2I<i4<xdWJBJeNJF=bfxSaXsAjW*#`2Y$<_2L
zabz<(oHo#{23XX;oRoSB0LbaOyMs1#;d-lpjmDADH{E@$12MOI8bL?hy{%u}t(~f4
zFDc5DReF7SY92<eizqskw+}fMj7Lm2F{oq<I+o>H3IsY!AvCzh#I^{($+g0sPwKI<
z`7ja8E!vUt8)xTs+tz7g8;%GZlapmc{%6+;L}JdY%#pBy^pLqc1t%=b78|nAu)=B%
zKIptr76btJpUcG$O_4DZQgq)tGeuQOx9B4Y8=cc#8o?SE8iOvWG`RQt0NvHN={>`v
zMWDl@6Eg1=H>P)}QRtrM6OIh+qSU>;r)Nhb0354`)v`=)EFW;I!Ekb#ow<v;M!yTz
zn5as%HCmdDu@sBJ{TsD?YkP}o@C;2XoRe%-C`Ra%a=+_viT&xB;Yg?IdImkmJw*j&
z*(O2;5GK?J)9~4M3TPoDj<Znoj3y$TQSc3(Q7;L2;_uBs<N_Vg)I*MnF(M;*oBW+4
zlcGx6W5TAyN7)%l+$Ecud>J}j;X;dR<IX`XnfKZu2V)Xe5W`3&4pLJS4qs|3WyT{P
z(tFDbfCp{gwQtxx0&k8yg^Q-d?6x9U0p5+rZ*F^kB|X%9?O;V)=WsAc^Mo`;m!~?y
zQPlk)ebuggh_-g*=9rSb5oq#SiHmn)Iy~gA={!70DlROJ!iMS*EP#H;{u4)9>K1(_
zz34ENK8ge-v`jahv#G8JX)Al_&xIi(lSC727c17CvtocOiZWrgVvb?RMTyi@|BiG$
z&tv?6bft(d!W0)^{%6m3alg<R%);o*X5VtR&R8NvCNY9glTR9n@<JIVmi!%`!%a2e
zZAy1Rt4>MNmsiSLg8L;oIQ=myQExxMZJDE07ak;?d_WjtR0eCN;&mT21<~biOm^Og
z?9AJP%LjgEQek|JG!{sYT%q(_%-W|5WlCN-5eCFM9-IB1d&XWHJP{PoOIT?(-}T*Q
zS*>ISDQHpvE3VdClcZuG@&E=md?&`Wo2rzUbY8W@8ANv@;yaKb<7Dv}uF`=HI^?|k
z=n|BqEI8Vr<H50A*x~TB_lb475xQlOISp9BS{RT48}5L9pXdVUY7#tsqu0X6a%GqM
zDMxb%H*=h&)~8T(<Rx{MQ76r0pOoYw2*Kn9Yy$amSSE+hW7e>zYLZ<yla-#M8j!mr
z=h6^-*rl$*v^Iv?dxyDS+T8XeYs4dlMU?hCbq5t<#UQ!-ic8F!=e0dGMzfxcoSBw5
z#*<@14#%QAXT-V1_$kCHDA}3VqAKW{ap9i%V0Wt~_eR@7s67wH5EoEAa^`Dh2rzW8
z<h^4ZHNe16dH#w|y=_bEa06P6*|#K*736ipx+p_>ajRBWx><0i#LrO5PJ`;8xO9fE
zlw!9%R|s&ABVJr?ICd$PQle~KTtOeq8FGN}N8h2AS%AON!KZq~M^FlmnaSgux|kz%
zzcNMTaHmo%QtE@#N`mB2-GvhlJ39_%c;eGMo`c`O3I=0IX;l^10C91^SGkBiscn&q
zCm0k+8TrQ^0l<x8G-{5nYa-nU8^Io7nm}pD%$jvka1AL3;nNMMT8Ub3<yyp=ImHq=
zqL@a5PU-`hOIH~_{Q7jc8Eo}}lz4ike>46-9V8=sm^z${-c$U&4=;g~;CUXX!~2>u
z78*Qp9ejA2KR0tj5VE7G^IKW>R71Y|8>cU63@4ZY0d)Mky&D!JEGdCZ0%>U`;i1{z
zBEXy=Wyf>jiPOd<wa+Ty1s`NMH*ME6*GkcI!J*w=5_pSo{Zh5}VVaW)NZIzIaa41v
zNW{}A{{y5xcR~k%&uwMizH5lzQ#aCm9<mPHD{K<;S<K{2@6}k{o+~_gE!5Tk;XsnF
zFkdRO8d<SJuBB@=A(C;6#GzxbFw6=r`r4(TRSPI87%0?!IkuQH;H$DB@@N*iZct$>
zUa)bPig7i4gkq|;Gv$&CrQ>K%?nJ@2*2#)T0}3SM#|FTjIjb^;6(DDE4(7gyj0*Ju
zJLiRO+)?_XRI=^{{S1nH(@X7e6bm;Nkk@?3pNz9V4OzS1ON$GSmdYWM4{2i*_@HT=
zCq&GjUoz#;%l778yWWg>xTRUa#`y%VpWAybq6P&M%b(phl?0%DfQzEANc|%Ne%j5;
z^dL(rB^VrT#bPm=>Q@bdyKO>1Kl77Wj&$|H+8w5-&S|;Zp8ZWDsZE)WQ8$ssfR$Fj
zS~ts$qv4dml@UrB70=2gT!dC#?z9=y(1aLD)EclZW`{{AXlouLG#!Oc`gXIWlX3xN
z^5FLJ*GMtm)Saec^(K@l4PNgcc7)TCNVkK4N)Q=@(kUjfLv<j>Lw<Zru!SNHzSE;)
zpi;O+7m9??F9ggof8w|#JOy!8R2$rrC#s|zu&0y2twV!p&0ywJ!~l?hpX4``+f=?0
z^dt{&xw8tUAMu15ihF<$oX7hg0Rb9_rR(BxC_6UA?iat$<zDUTorN6rA^_(<)7f{>
zA$9@FAzClGS-np0=nM%ipzDZyWP}fii|cfYs0jzIKbj|%k{M+lk*}`cG6A8oF{VE>
zqi9gmv+(t4&_C(l&6IUcIVE6$GZbUq<KO!zMXZDjHpMBHf!&s9fP@0$vm+US@{oo~
zTf2=K8v<|`=@8F?A}VCxzQdbqwKE^cL8JW{Y!6d#f`$Uxma}*}wbg2N{h``S5}=TE
z)O5h$wP&mZ*&mDswe6LBz3{e5^7Tk|v%&;3BpAiRqhDB@&!|MseS8SoA@himaNZ2@
ztv5z07Gdx8g;BS*Yk`vv?iaMmoMuJVZ?KIbYG5rO(n{)s&2Z7*SAGGb+P)9SoO>Lm
zC^gj;6^qCdQCt4OzDVu@xyvYSG+KH_sX9C@7Hd#24%$MPV)c5S;W1YOuA9IL?kfTe
z)R3~@oKjVTS0xLq9>Wng^vk~U3hPS+efh6C)J>r_z+}egt^&b52}ibuEPfXb+K7|=
zm<9Ag_(7v`OMYyAS6`l*r9{{zhSyshRS3O*v+SFno1zuUUtyfoz89kxMHC@HPll^e
z7w(q#v4X;4cW6z%ZVG|O-vUoV-nfx%KG?OmR4OrT4zpgF#jrEAF@M*OiMZmwrIVAT
zgM;SBDF!~A<c?o2&yYryH1cPA&GA6E?dRq{{_X!>ZNLA+Zo;sq6$?o6+a2}JGwFt!
z7U1LZ#9*%o_s&l+GfO<Y<_TEYN-lztv{P*|5@kwC>!Adm{l~xkKg%V9_|oRV(sw~=
zSJ=i5@x1q9tg|1Nwq}QugQagS4`)le)0Ot#_VcBZ%yVfSoWIh3@!1!@Ui$pArO!Wa
zKmUB?H-G<se8xG7_nwYs7fX%~!hSJ5Uupm862_EMcJUDA_|f*uKl^@J3V!bY8_W*E
zgknqg#$WMu$frxYB>h-vHwiT&CrG<+ba8RE^61gKckh-B#FN+K_f&E6h)+-Xxc(No
z_R-|x(PFJ`1xUWPg+F{Z+|QRkySElrkELBO634WGTpzJ}Ca1rX-<*<b{@%G1yK)M8
zf&*LHIK{XIl3Hp1VUL=($#gb4UV4n?2RFpiGvCgB|Hbb>HG1>=h12$v-?yJH{_fsC
zFFgt6yQXG)YM-NDFMqcD`Mu`e%gU2TEv3M2WkYQjb`pN(Glun27A>}a`F~L>Ydh;Z
zHuu}<J_yc-&m+Kr^qBij!$KK&4;W*mMw9SFaS1l_3E?^rLmdqMmJ)dKBcyo3HU5e4
z?<j>pI|Fz<8~uoUIk7V1c(UC7k>I+ENtWizLFs*BXmQP-VB-Tf<7B>n>6rFOdvOVm
zqGl1B&?Zo++I_OQvwZK~w(MB@Y&xih3r^YzTnIeK<V;N?ik<2-cUmpIK}SLZwoM?y
zViJeZMii5-H**!Kft+-?AK<*eVrR!jE$EV1Pxb!t^Z^1Dm0$ej-*4ZRfG53wuyHAd
z9w6R^n87#0^z2-c#0IA*#ecR73Rha}A`!YNkE`a^eZS3;9@3*i0o*qoi$O>&-~e-O
z?1ySE7+Xu6010!0w!|O-ht6#MXb4$whb1Fvp^usO`_Io}&QaZ+Qf7P~ds_u6VCeXP
zCEERctnc@`bU*jmKd=WJj0D;J%fB;aw~m2D2a{eXR$EhQ1!Jx%>&eIn8bb9o5pc}*
zCjhhn*JRsPfV<Kw-P-6MFM&WHLjb2VfC0wW0aL+305;oFhbW&Dlpfm)5U4R`C^!!<
zvBS})ECl{vxwYx$-m@_c!3s$8f?ije13=mPlj%I!16i^Fu^5}*Y;geh7x+eVA$fu$
zwK%V3YeL-dZ2Fq;!aqK3cbpQ5r&ru@dKbo5*6zjnH(NUo+g%KOYE9XvXBX_9_Vz8V
z%2rRW(7K+F7a>G|*3QN{ve+pnsdVd}oxKs66vT7eX0He-1|0Z=wTBwW8Bd#w-u5=F
z_94w5-wr|Ylp!^0x6gqO^8RL(roO^P%0|yxv6=_072y3~e%~je80+{F58UuUZPwVc
zR^=RDxSh+>TUS_Qq+I|A7JKN@BMZjXttZIMW6p)07rPt(ybBKuY8ugzb+l+;suAvN
zqxSpBn+eVwpe&~88))hur1xWq-(TF?o95nTKrL%2V$vJL{8S5HXq}~LVM*qeO5)v=
zGnS2zrJ+c4T+pi`>G>2v1zf;v-%teJo7l@?D}15tb30H%?%QiitUc-Bpjr|CBAhTf
z-q&_5dl{V<P(e;H$ODc5#(5tiTsOAmsu4-<!q88&Ria0pLe>m9PkwMv82l_)GST1T
z2hZVl#Az{WR>7_z)WU5|APNga_AeG*k&HyIU%@46rBhQGJ7#ix>ry|yJk<cf=a8jn
zPtflJY4^!HD&)Yzc)~<TKVSa59rG9T68jLeV-lbx8Q+D%=1Ek!f4RH$u>F&0=;wd`
z>|y(Cb^VLKZ~x=p{;!xB_{D#`wez=Ax$mFs{KId$T7L8EFaGW$YuRDS$SIMVOnEdA
zkxjHXPy1A=$KbM<<79r@g|o}Q{7)=ZEEY6p{8r~yK<$g`>l}pwfgcIc5V_-|GjJEg
zF@lYPg3S^29S9A$Ur2t~ycsDG?FzBL54>5fq;TSR@A8mTS~IkWqShXTEzo!XaH@$Q
zosCPMvC7kVxI5{^ZTDmQFof<-e47KYPr0Z*lF49m;M&pUo;mBBlFC^-N6+m3SIipp
zzRp~>LLcia%AInsM8m~3H>m6vN_tUGEc<jJwDyZL&Jci6Iz9ZVzvKE<>@bTn4u*js
z)971xDy`PZrKRs~NS(o4#`{<Ji^;-0F7BV*>tZQazrU^>|4@s#5wMI}iaLp(E?9cK
zr8&R*>)N_;bm%p1X^A%<(GF>u#riOhUc5Wzu_%gfX|BBfm^Q_j-rgoqi^-YeTc$|j
zaW&?2k40(rP@g+51R&GpZ~L3iw|gW&RrW-y&&nt}NNM|^vVFO?Ct(G|0i)q4(lj=_
z3jGc6z4w*T^WdeFLVk4{)IY6!0GR0rWjZ{k2rB9S5yHrG_jszTCJ@6yxwY-V<)R2U
z!{P<T1{hyVOUL`Yenv$?P9fHWJRo{*+;S-(NBU8Vm8@6ByQ}8Qvv3Xg{e9Rid_Mhm
z33ooF!@oa732|_UJqdn)zZQ9hnktVF8PXs3Phcv8yO}A*CIu<cTt9;OA~XTa7j6l1
zrQC<fw{-MYTA+EpLoNW2;N?Cr*;}ZfhgCudE>BTN(%j|gw7Q5_{P5+Yvu;Q+37e<W
z<BN0D;lkfYMy3s99-s<OAIKkmMM9+HqZ_y(4zpl!>6cp(%MfgrH>kJGn6-(i>E?Y4
zU4)L?Vv|66G-iF7$f$s8_WQ=KsJ{OtFpo=cheOJc%OK?l_Fp*0{UdOKCL`oAFR`_D
zEO$ptwVOPN(?YC=)9@v%;GN*-oUuhBhQOFLEbEaIFKNt^m(cD-TyDikh%Z3oH^Lva
z?c8)qq8y6cv65^YX)&anh^9=k`n3xbvNDe!)-VLZ+2!1L12L2Zd?J+!60u>NOFACA
zBc@IeQ1RqXKLL?s7!+)`KmUB6$o6Z*$bE>)zdZYD7x*kZk!?GuDs2c?dVXOxPyzZe
zo?*Z?useK?eO{C`HVh-Z$f}MuS4XYl252Y#E~1wCjVj=wV6kNgmb!R?HR~OR{Aq`|
zUtb>m2IbZ7@B4ciSyBh?fAx*3Q=3mUI<V)_Z(>X42>KJi&|k%%vlE(!@*UwH2;_2E
zP<PX6n&mv!PFXE;5LSYmoam$YUz%LS<H4oVoLbDTp^cYg3O3O2e-0H4e(qe@WQUXy
zP7bN-vbpPq87LO6^QB;y?tevka1MgidapX&$_HnmR$)+3dhz()D9-r-8K0E)cFu7R
z>nC1CxG5P0oLGAAa&jz9Xn)yRQk{&0LzrqQGleo2jI9F~0VTavesSa#@;xiWPIag_
ziAR7eTZx$-*_zy@UZpYE`PtIWn3cmi1BZQQo6cd5sS#?iuMD6p?YJQl!$fKW;g&CM
znCc2_g3=zaZE<^TlFMe9hxl-XcK2|=0Ua3RZN?NK%RJ!&Fxq9P^N_2rUiAPs`jBAD
za*gDBHhzbH0fVBjy$eYz?p?_I)<y7<ls@#wU@k~4X9lOIo*>dYy7J*Ngq1>NJZhvC
zAp4!O;X4C{=UdBl;~11vNjr}LC~G|0fHB7tkG|^7z|n8NdNQ3Vf87Q!cGN=Nh|uC`
zpaS+8F2EY20$*cqsX4n8WVTk%06xHUJoh5eXJQ!IU$0BD0?ZI}0zCUop{_^MvfS>X
zcA|vbN~ZOb$h2_%qr>AVt_7Hpkl@r2Lf(#ap6o>nKD%J@`Cn)0Tui6Oq{?)Np-@ae
zE>PbM1|2=|J^`c{W!QAVFti02lPOoGHL35}iafp%guPnAmm?UYv-@AI$sNbLRVRoJ
zfw*plNW-crj6{vMu4NA%(PJe3K2Xi<kAhO!myxpO)@lk!Bxo^EqyK;~su2$8frp3_
z5N}vhY-T~%AFQ8#4L~knVB}PdK_6K}SuBT*!AlbVYP@dxA^+*j3|}_=ASVx*#Q-(d
z5AUN`e>+34TF%g65Xp)}a|9eL{_z-XuJYr<zyqF%-pDUWWx!({v3Hj=8cGw*)Ij-#
zd;tL0VmjFKw9VSf_OCpv2xJVbbR~0BYS}wLC(xN59c6rT!2zqxN1>c4s^?Ib+wT=p
zAS01Z!u8U~=}9$|uh+qQ6>|uJo!80T&rzvOKyOd3DZJOf=vJ&svID>U>c!YzD;_=N
zb;_q*@k_^g_+rg@a<c{7$HU{L%yLeFCX+scB-El8TnmITALk7Y%OgMKDB_CM!2_&1
zXKJ0o@GG+a5<R@jm({f=J076Qwk^hT#)Nv$N1MxC!|2ARIc6egJij}`HJyB2I)In?
z(U?h@Tm->$MLy0{&bYY9khxir^sbsm{l#+vOR_r^sGOV5od{&`=3}x4`1ZLRd*JtE
z=1@MI^n}Q1QzNpB1H$qeuU>cd)~BnC#=Z`8)`6__i_md1JLzXLHUVxq&1#|*XA0@f
zI6-P@Ne{d|j8kO^Dx0Q<RW%`4@<zooUT|z2ue~yRv&50su34X8G*sdxeB_nlxts|d
z4i$P_A`1(A%mZKWqWJGibK4<TB!55%_a64+HS}6&)^*%Lzk!XCq^-{omP173*eV)K
z{>(!IODYtCOs{mCdU{+W(l3uEU+n}OX!>faf^iLtA(`*eOLV?6bcr#=EtYvR52%UY
zE$6neU@G<?$EP9>%6|Xy5e<1y!U1!c`Tq?@@Oc0v=));-J>gE0>mjPfbehWz_s)rn
z0L!@=73`+cb|)%nc~d5-yEQ%*worVKi+U7{X!01Rb&jr<5+||;X&$8y5Yty0`|?ql
zJj)J+zz~CHz``Vl+S8Gf*=w8%-)X5umo;gO!lM@dTAJ=Rl*$5XN68^6C*4(l5tjs_
zXYXi>LAHXpFysObnkBljjLU_X4>l^!$C?xGyL`)YI6QcW4q78sKF`FTMl`1c06M6_
zy;JV)+^(u?jIL>u*q1!3PbJx(czw8;>bgk?FW!jtUGi#ad>9~~*iPhZ@d4C@RRN**
z4x}EiDrGNq0VQJcBs9oKCrl;bM2izq@4?ZE&Cu-Jwq2e}PAHR<FuBFT7B001ECK5x
zgW4sTZKj~ZkRKhI+ksbnu}wGih0!H*Im{f)?4w`fa2f#{(*3mt3kBWW+J63GclFsW
zTfflXmz^t{5gGV!k9WYVT!|vFp5!C9kCMnjRY!%;M%C#lTO#^wRGib&>(OAp{2(yN
zqe~)Dwc#W-L{^N5!2AlJdU6J+rJ|-AH$soaWGyON*)3v&S=>rDDL&D_^i+Uo2-8HO
zC`%dDQOlj-eS|sK`ec!K$3L{s=@cX$i%&R|ut?eqjnz`J=~yWRUnbs|vkEZAGPyul
zMw^Uk8qrT0RHQg<i%K4kZI2`3Um8T~mH1t0K3yQc+Oy~D8?RQkw|8DWTix0qnD5gC
zHVi%RWl^aw%UO~q+fGz$<q;<mPG3o*;y>a$c)zgobe%*1>kh$0=%9T}BT@@-0aY%_
zC%m2>%J8??Ea>2{CH4DZ`}oQF8eW!rFE+8?t!rb;UkfLIhV%}q0yA2g2&aq9|4vR%
z1UDLxjZ-!>RLgvW1d2<HltZXd+Bmn7#ybOMvs65RSS413IiVr4hokW%zc^tlGQ5G{
zu+6iD@i>vUrS~<qQyi3Vd;A<CHR3O(7mRVu=by#Zr1^Ed`fYji<(FRq9S7)K&ZiBC
zx9pz{ojSt21XOf;2)(DgYmtyJrZIhK;n5;$7Nx=?;u?*c1LM%RPE32RSKU=98{2Gj
ztQ;k<j?{|w*Q1hW>tytakWv4881?q4T7e@7`_cuf=d#Jg`s6vs(`%nTOTeUeQF-^B
zwVfATYqSzYDpQ_)6sqVx8#KlIZKGpK^^{;*TH6f8W@N8TJlI0?5W8Y_ne8_7)>{o1
zE(zb#RUeJn!da%w!RBdEc$Tjz42aZ%*XLi`Jpc&{ncSV2U<n^G{Krm~S5DdI#u|Uy
zaZvkrms8Zmida#cz}IDTe+>JHy(Xl}dW%!Sz7pQcL8^jQ@utvjz}6dM@Z#wB8h~m2
zn`J>VV58Nj%~;090)W!EOx}h)E9&H7>EI)Mo729!ySwr1Pn*x5ZS=^<u$Qdx1benN
zrL@Z93Uk9^#X9-HfxwB&93^L+OZEZO_-s^$bK|sSS3ku$T<4>eEQ)ndf<e%{Vm@UI
zmR(rB3(QrRmnSPt8LmuAy@B!}eDCEcs(71*Jibn4m8oBgF({!{AP#PtGdo#*)vUHl
ze<B;b9OBd~@Rx9!&)U!x)(bki<vgb6&0qe{EMT37Ug^7QpBEHB67ac-;l9Gkc>R?T
z4R#8p4#!h2{p6>mQ*Z#;DPd~QUUq8ZfjcE91}9PxVyDlwhNdeZHIiSRVsxjT(nwdN
zbbYRh9JqPb7{FYCu8pvS-Pj7_Dg-U3`ueC2;h@0snuBX)J?qmOU)6r!__j{_%^%mP
z*Xv>e{2(ygP&B~erb<fxw7Az=sNK8qZS9=_BNw>`7ibdY(_R>rn^sj-kR!y4QY(<@
z0XQ-L+X29>MT>1z6I|=4%Q)x+1o;Ngy0vDC=TiT|ZiqlgsbM2u3X0n6;@W_2P=uHh
znWu0{&QKgo$2jyb?(k2XrVw0Qp}ODlsgJ^wF}eC=bJ8(AmdZ|>6VfZypZO_q>~a%_
z?GU!Kr>mXZ(ixJT3de~cxIgX-{rq4jCT=s_AlWlHD)do83i#r|{fJAJg;yL9!((*`
zZL#a?<NysfzT)7&+j@R$2LvRyj!H=j@N6|@i1uvoj-d%oDinm#{PHj1qXiv>m8X;T
zXOc~wYeINAyQBY21+I$uZh2oe*R&w$+ws)R4X{v`Abw+quFqZj;sJ%4Z!3`If4@%u
zsBrHf2LjZU34{*@OT+3ZRp1HPpXkUfB_VB~z*d>rT<jVe98AZxw;!C0ve)RrwU7G~
zaqXoxa5oLtUU%e2gL_)`hbStvDait_uA#p&o*S{>-vp)RFmG(Ij`GI0b&y8JK}N67
zL^oKX6-8+=kV}xo>##Thv5Rf?<yY|-0a`wjg2`e>40iSd30=+8Ycn?(N8E(elb|d9
zMeGa#x^=O=0v{-w4VCSb)m*Z4{SSNmPdBdcm`%S7@m+d_uk378I2j^0?8Gx_UZg{m
zG7}(pde+1`gS&;p>X*&NF~QS*N|=LUnA1xau}nf2CRFi6X2ON}-%iePJ=Y3Rt-?t3
zkQqR-cQxfJYGgz%Y_vJ3e7Sv@7@tvq@Kb*%gxIMF)UG5$7+%zR2&S6r(J?9TaFm25
z5J`c9kGF9z<|g7(Vx%cK;O5SeLk`mrX{zBl{h|^=rS`>8A)L!6Yx;z>W^6Zqb1PmK
zohzT{{5JU?qpZd&WxA)Uj@nuOA==?!c&#WhE>uj;%2lF9E^OKKrAC&o-|;%ekn(1j
zCA7MhBRWs#JNt^nG_hI+N{G)9zDNIK-ai~Q1aM=aCp%(lbW=wZDG+_Vtq2kcKJ|BY
zsc2RV0uQ>~%>0m7$SS08=`K1dYY`scE?#H%6awwQAI2m{Vgp(-GJOuOMmlM0)KT8q
zyWa59zalV0T{0U`L#C7b;1Kc;&r3*My>J6ThCJT}V*(x%m02k|wIliM5my365UV&D
zd0Z(*4+klS>J+^|O!8`ka>Phn^{EAOL9C=mpyWX6_3(`496*o-o1fH1qgxMlQ{!zb
z0jId!Gs)<;(6F_i|KsO`ND?0T_Zh{L!4q{7kBC3K3BXiA1PTqeED`rb0tE5PEU1Cs
z&i|=vJEdPJ$$@cP1$CI<!*&%U7dYgLmG*^0-sVtBFmH)20t<Dlqq($Tog;Dtba^A4
z!ts5MQmtyDF~o>!^{$1rQBmo@(PlNZ*o~Z<=(2xVJ^eae;hN%x(EKQ(f%^R{-<esY
zqp0&ram^=BNJyqel3_3y)Dr$cEE)!Z40356Pw?wBzf4^#&124;RW&+J>o5O4cPl*C
ztXfby>|*oiL3y+m;&tyyxUY64<~0o68*4hKResVkXmxLP<TJ%cT3Nz1pQX8A8Opt6
z3U*b_lqLbzn{#;-_BSboKxQEk^&X^%-zy`IM9N)sFTJOd*;1S`yHL<`@Ubv2U7aIs
zG-WhFU)OsoI%t&MtP=0Xta~J}iZyZ~*Gwjp)%s9szh<j=!)DOph=o*XW-X%_#V-(>
z$d~b8)a(#|nwmL*1w9~#n{-J~GjW~LB9a_Z4n^wCwAlqaOyaK*jl?xbou8Pp1+OAS
zAH0K^ck!>_WhWNos@a{KnP_x!0_?pcFwMrizGuiTCKni>Eu<SQ6k024&{tD2Bw0I0
z;#-jT7zbm2@RQx0e}2H=Mf#z4#djL`m@}NPr~}P7;A0U4G-6$~x3;#PNE2fwKBVSx
zU!HHk?B19fyoSlqtIq~Ii@Do$msmxnAz8)_dO$AOIR^|oCKT>$ZVb!Ks@&djmIg1L
zHYopO^~v9H`IS$<IAZ)NZ1};DLiHo>^^Vha#Iv9P_DsQQ+9-cSIg9K`v(LZZY1WR=
ziXd*)i$I6?5}iA+wdl2D&o0ju8-(?w&=w^hvJY$wK~Wr&#X_-^C9IdANojno9OXdi
zRaB3i45YghdURRDIWQ=9m3qXjfjV@C!kuCbAjSPXSvIx4R(ONBx2nt6LpfAmOczFr
z&FcBS;!Iy`?Ci!Vl0r?wiM{6-^YZCU!93YlP?e`caSmR;ubZ1nUjhRt+HZVURMTVj
zd<hWBDej92ift5cL~z87)kKt{`S)fU#+@{)k}mM{BQ}EBD&F1Lj65+Tl5TegN#(u{
z(ICk-b!m#_c6<r8(TB#x4&IjTa-zV4&UPl2uBt&mQNh3vz|g?U2u}&Chm1&bpc=s|
z-LmvNBiWA-0JvqPl=ooBH!T>V<v3yMyxC0UHXVwXirP}MTC_zJ!lZtZJk0FUQ5Ho(
z#@+&T(!TX&)A`#{3BXmpc(g-zkyK<AGP1XBK<ryDmhO{MJ`ukXzBgNJO_FB7uV+SM
z#HL}0UbD*mQY6J}b|i-}SjCXoOTO7sG;Q;pwKlQAocFKURTtRrfi}f6U;>7Vcp(a)
zH>OdA&<N*UT%s!qBW?LwWm04<k7&IFS{P9#&2H9YUxn2NWoa>L6i)Q%+uhx5Aw8(Z
zGBv%yj;?SCL})Z}4O@wPI(#KQak<6pLkR8)vj-pIxpDXSoFf^8P*fT(DCPFFAr6fo
zxvp`0m2NPvTz@akC%`N`c@ay#%)DJFs@$FZhGsjW%UmUAvMr2oZ9Tr3P)qX-*4+K_
z1L|+q6hnDBX*Lj8QG?3hT6ts8HqL37+UqV;ai#2%j@AQe)+fz3SFm;dEA}W=oXy(K
zcl`U_Nm-~-X3r}>z)#3o$Mn)lXCGAu3g<p-*Krwn`1I6i#>$24?#&w6oS1q923yGm
z^l8EVeruPbJy%Z&WkY}9GcXzU8jO+rg#Ae}Y<j4pmnW(&u3XU1@CWHE>oDGhx1lJB
z0yHBmvXT-Duqxwq%iHy8r76|a(Bkq%$@X6x8iJzNJJ4tOqTho_LDyQ79wR1xP7%<c
z66I&_Dz8s+IOX2i$ZIDHKC4Z}ZiAZx0J_R(1tzYxLSH6)Avp&soY;j)qL}!TvD6M)
zJIhtT5-uCv<`F=E86*a=E5Mr)Q&_nPc@(6J8J8O>KEL!X#my!*F}sVD3#Qj>P<9+>
zf|iu#<no03*f%igu>n=Ta*w0WvvW2+Oh%s}TRiM3%Dl!-Tfmqg{N}RQnJ@>^orjKq
zeKW!POWY3Id5EV;t)k6k;SMH5F561NBT4`l2G;09o2Q0W80-lsGPy&_5@V=N7-bmm
z5L++q?a!o=pNhK_#}z?u=6kJ|fU2f9On22HRgHVM5HRWSb#(I1{urVnS%tZzx#VoM
zaqL?%-(oBzi=Q@(AQDkaT7uiI-lUThE~=Mo(AuN`iE2llhVan)TI9~$;ly>WO)ew^
zZsS-4BLc|5OvbE+)L7m~gBb`TI3J<xWJOZ(+dS4<$eCPRos3T`q%;zhV#!TQ5RA`^
ze?^&&fd#ODSOW0@)KCNEvR<r1rhHZ12;weDJv!!-hq5P~lNM}*bF(C6D9Q}JvfnMj
z%8N@!$5kLcsskZ$YSsEep!#cs0OTYLD4nmIePJUhSu1460@Z?TRi}NUs76)SLvwY~
zs@(KnP*<6#5BDk<4f-U-qxh{dIOYm`q=m~xWuLQ37a!5Pj@@OdwBk$qL0IZo=liGm
zVXv?`VzLVW<)rF0Re@40<^pI&I?%t=pfaIFeWZ65c?wYLbP=ch{V^Fl<<etAmrtak
z-3jK|OXI2m7PEvD6Q7Cq9H->a8|4`?-fUqR@Yv6rRmI03_(SQ)`@&xYr~~#6OU{X<
zFQlEw{qNd|Tb2x7W_DKDrgT&QLqKu(Jp2~K3Rmdpp4Le!#R_1SBI<yp00r4{ooOAw
zXI2J4qQlxsMlXmpuc5tBP8Uo@VV)I`yv2FRR#q|lAjGO(O5s@P&vclJ+AInzcCHwg
z(BlZ<@XDNgv&vFSFphZV)RC6gWJ&g=G!RpGbLbtcAxMg5aT*dC?2;^{IyKS@iKknv
zZ#$-4s438P?@K0CL;|~G9C&UF!9!J2>li=;FXj0UKybMIKsf<yvS58=ttPc&9-(2W
zAQaY?04yT~v?<Uzho_@e_$cEBT|0yM@TM$!rA@`1r4TJuh8(pdEg9GXv?W>fi!qm{
zu<r7N>aP+C1OiLZ8_bo}vH=l;$IwQ{9E-@c%Hqx<;Y>uGV0x$y&wfm8h}N;!$6xg2
zu;1lVXU7RUd9|X10CBAw?%$6Sv<JwgsN`?%OHpu5LZMY7r$OiigzMx0MR2y#n>`CH
zn*<(qj<k0v+Q-d$;LNy5Il`srMl!^}N&iK#nl2NEbEuW5SO(L$EP|Pyhe$;&KxeNa
z06-Z1)^@6$DQe{75Vo&Z5k%q6ih6XTR9DEzCGL_iQ$re33T2xWkue<iJD&?}N(Yy&
zvYv%GGUb}$n^GEzH8|m*Hm2<;ub8)&(kH7nJ`8b7H{G*tZnS>d$@^uZn@u@6Dgd4h
zq2x7EpY(Sz$B8w3HMK^~wm|I!n(kpTb_d@d5?FUwmJgAOGS(G_q&FdTPsh)#w14;6
zVzU`#tb*-$C^HixkEfO@lX-`N^c#T3758<8Cp1w6kkd-{Jps0?3y1U!Sm8noKb{6?
zpG^*D3?mQAT<EQsZ`ntyy;+r4ixCrSTGz3d%gqxoxugsWBbo_ohl)#b&H}pwNyqb%
zmJ?xrX_M7M23uDIDiVdgQ2HDZrHJ!nhpIV-G%?Z($w#w&e#o_ef%e^`SjA$cwcAwK
ze$=W*47yGZV{XL3+-2va9qr6Q9y*FFshVjm%~d#BJ)O6N(u<*zS<7TH&FWeUliZAi
zDax8u&~wp5^9Yv6j$v=jVg^p=PZ*2;c5>_lMe&gWq>vbyJQP4u1y402P!{mK36!Da
zHMCgy{5-58v=GHE1r@x!7R}5tO@Wvt%EW<9)GRH6XIAfQOfausJ>hd%mr-@dX(23A
zmcM#c<jz?wsx^}pYSlir`U^npcFEvv)ef}ZZ|z`yyI32YMRr0RE0CMg^;p5zf3S;I
zObl9VT$fo-++p$qlcW3Qaps*=hy27=C&n;ZiCa`aOzn!qb{2r6@o?aL6u+Z~#6T2z
z4fU4NfLXbx1Te{{3O4gtdvm~%4@*gLh`fI*J_NH1YAJHE0q_o0=)R!$EK}<1x(`P9
zj99#GHvFTNtwihV@-nt_PiG}nq4dqy9J}im#_%Y-qIStaQXyiIl2W5QJs6nC@+n;i
z${ZM>>aM%Wl6oX<+CiWiM>A5jWi3euwT+YG1T-}X-K<IaQ>HIKRzf{^TTJOd`RmP*
zOzI1n$%C0{A`r!Gm<gt)vZFxl*b8@Jd&SMVbQ0G3p)M9jNn;2l;uykP4o^#|xF(2L
zvhfve4iybZ*xvqfOw<ZHB7p65ig!Jzh;;_Mw6X(k6Fno@scFM|&Qz{PAeNi&Di%Z-
z!b!%~I+LLxejGP;TR#}R#lRtZK(R6O&2Onl@1$Rh4E{_wnZ<;cuq?;px(VwQTc@b)
zs%>Z5d!{;|m0h7+>A|ytiU$un?hdR`+fb&DngKE$EA8`Sx60B?*DC}CTYmaathmQ+
z3ehf%Okr7S1%fA{m3xH>bN-k$o}zQ$?<eSG%!8I+LA?FbWvkJ+^Sv-<;J7Gn1w<KB
zDHI>SmT1)b63_@9vQ$-wVfl=@%4O70Hbb+k5DqkN3=+y~=DJxYQ;f`G35~9rja8Hx
zw8rP?3M_B1<E3*08_AWRS-(Q7jPge+0EK{)@pB6;@`epD?7JfUvFXAv(X;0^8&5aB
zTXi@G5|6~_@OxR<iOeT*3LC!I9dRfg8D#Zh<Hd{TFE(Ui3AJOZJgHOqawPqtNP2Js
za4!4%m-d7^?Ws#4xd%lHdOUiIn2!q*6b{s(&!M>IWC)f%@&Mf=aZe9HcA(l55EDtp
z_NRFV?=(5)d=LWqFzVprLO2^gXhT3lwIVs`crVT_q2DqX{74~=;?j-|v<A9(Ek`<Q
za9y^DD<+l-5JUMO?d+UyPqPsN@3hyQg1Ja4RWV(6O;@I4`xE(gg^S_mBZ`QU&VOHa
zP_1ywO7<t>D}ciE!w?tJ^`?Sy{U{|N7ptH4M7HkRYI+2L_J~BUz|iPbn_w$Wx>DI7
z%tw!dRn~JjwyspQimCe>0c~R_)%a~JX!C-jA>NCB1LVuIjT5O@%C-QMd>^}|svA<7
z$f~AD?tEFvVp3na_=Cpe(ZMeEyaO2KCY1s&Q`&}*19u0fsVI6N&igX92V?;lG@^`!
zQ(pmItTZT4H$~8hJ||4{wSv*5E-{aXn@%Qx#-&7o1^O&#T+q(PqCKJMVC(=bTNa--
zw$cHzxwu&Ijq==p+qA+ToRmJK;x&`Dt6ByG6B}97dwVx@dsH_KY!Z7ORUvwbL;&#R
zU}0)Iy(F`=E~(C)(M~=X6Yg5~9c0v&-`I!ZC-C}W({aM21Ws&r>J^7aN;4#69xR8-
zz<7`q;}VoHR|$>TafJbg)dnv-FHkogPlF&2%tGP*Sa~FS4Csesa_)NnEf&>H@RKw<
zVsq|7u^EP;<z!mD>5^+J-z5w(LMib>yNyi*8H_Ps?%^s!6yDx>`{=99*gOj3l_ilF
zQH22_@+fIhYGk4>@J+>U@4}!|+73<mtvv_{iaM|~0p$<8JGAfhF9w{mVN+u8wZ#C3
zS3xEshmV!hHRLKD1kyYQItr#`YYEB%0{SL2MT#T>t{+Q0zL4!#ydCo-8d0%yACl2c
z5lPX5BJ@mR3A%nzRo^8`fF$-E;b>ThXLJwXwWok_{s{j+bzr&Ka47J+hf+9s52A!E
zLrYiPb*V}VoB_hwA5m3_Dt7szL9XAFK#7kkeEa~60r`)9$nYZ_g<0aVbt;lZNZw{?
zUyJz4)|jR}$-X5Z(iT2Wwx93kwMr!d3_K7f?aD&4@gB2Qehif?-di=ap3nkdBMs43
zA%Y|d0g`b*-g8X&`^oF#$^rb@c~q1*)0iUo%N;|Gx6tTEoYE-99qdY3!7lt0gNt;_
zF{|OHCE-w|Lc3s=RQtIGgaIAmXB2va=bOOt=La@-$tEK3fb0YVQGUg3&+1L#FN@qz
z`Pf>bkadK>@XRblgP_!M;s_yaDSreZs<%}fsZR=zA=iiyS!xAjGYRpbaIlEBOg!5P
zo(K=wjn0?i{bz%_&--^*gLhZ`ce(jN*;EChYMwfMX)s?^YV<pC?C<$UeiGcqpiRNU
zHBaHwv6iqr_Vb+9D>Q+{_tV^nK7Xnp40Jt+G??STvn)Pw-BPn)V^|L!Ukr5r@vxM_
zzm$9j|AV!m@qhkaSbA8(L`0MtJ|M_zN52%sPx~C+G$Vx}_)wd~L@PA-IyIoU-pCdN
zc9QrhN~v4u-@q8}Lr)+%50M3MEfVpeVTmU2)o?p7*^2rw2n+TsF<=2hR@49sNtj}a
z1GC8)$XRA{n?a}%dGQ?>pNp&%(+jZAjsUX?N3gAm^}GG)XL&d?;UzOT750^SBRZq7
z0+>0u^i*F_xu|(ZhNX7!eRynw8b>AXw#M*Em?2t2W=lN=OTC8SZ9-KkHqDA}C>>$?
z-YAo1IANnnbAsqexfND`Fhq1_Jmej!y`$!t3{~PV_OU}UyvG*#$B&e(K<pfVl!U2L
zhdyKEGDz*HWMG>#n=oI2|Dj^IkeuQ-4Sy&5rUfO~j`R@;S_AIoV^Fp}Mk}bHfPx;9
z|AmRe8RUTVKSId{Yl_c<d`si6#8abf)HRzO28Xc`;s>WosoV1mTCr1N;Z*N`*J&>p
zVn40m{b9jBY(1TO;xmxmpB%?y++tvKgpB*ZtC_H|w&*Z{IvpU>Y@;xegAYLOeu5H5
zUpFtoujX;Or_<(JS=(wUYp4tF@pY#sgrYN{+CwAE!xwG4K-V6&e`frPNZ$Y>AT9JQ
z@l?ewCa}<-E;#krt4N)KHt9!}=P&<5Rt^>2ALpCqG23*>$94Q+e5H=hnk`mXY^1nl
z=@=%>6Vjx7vHY2Tf4xlVl;+8wCTD@Fq>C?ZJPiukf7*HeOuvp?$X|l1m<EOcf4dXy
zFP1VK6GFBquvPcwDXF@dbGC*~&9c6|R2bgym}|;|t)54Ec_;^jpS;udFW&$62S<1v
zJ@}WOTl$;zW_XMIx6Pb&p%yRFU7%Dy_yj`TmFzt3g9eu`^7ncqS=D~4b#W)5;6Cge
z5*~uuP}0rm)4>S!Q=^)q$x4pO^wO(P92=I~7x-es1`5MX*|6R&uP;b3j@F=;3Kq`<
zCBBFC2D{2HH27&aWg~Pn`Jr<FHPc<nS+_4`HOXpK8CzaMk&OjX&{=GZj*Xy4VX97<
z!*&r{nhjul9O^&Qb2b=T&5|GZzs%z;2Sqf3nuH~v5K`uUv%Td_V2qxMQ`YXv85Z#c
z=U{45#jrzM?QTAP4As;?#ayQ^vCM%$^d}7g4Bm8yC7Vp`H#pf6#$Z|$9f)kG&Baa)
zJss2NX%)JF)=7;wSWTu~Nt3I7QizDJ=^u<HXh+9INgng1U?RR2ZoZIZ=V+`xY1>03
z&}?$<;rd(?d~NLUtMk#nUQU14Ji*g+57*Fo5$1kY8f5$((`Hq22CZ<Qj%FrE5{wU{
z@PRM&308n<z-lS;B*|Bt)ZXgM3MQ68g;fVCA=8=}X!!_;wugpw)I7<MpQ@#cwjBoq
zk_j);!hS-_qr7%wk5)+PQl)+RZVT@xQ9r~p%{0oQ2ckx_1Ep&k^URuWCS>kF0K|dU
zo;nbT@bWgdl%^ISD8%FtRS?1?Maq8g?Wo<TN}R8CYasx~dx?B#JNyHM6|(#hFy#nx
zS!+<ZBz=W+B5Y{u>hKCV>-2dq*ffsT;Vm@Zmn7NdS5!=p3?)OyfXWaO3VMO9qftzB
z4<?6Vp>%~yKIRI5bY`ddAN8=5M5IBJ1oH>vBJGGT&`uh574ex#krPq=QWNJnp&zP3
zd#dvcK4K8N5lA(10l8CO_5fCPk~O9$gu}_J=YWpV1Mea@f)u=^$%NmuDip+bfYyN$
zP!e%3coI!UjA%5p^nY^io^U=!s${!Tqs8_$!3@!gZ=7vR*aJvioGJR8jq2%>$1SAN
zMvQ_+JayL;)E3`ZKzTi}?O{aeCYuFeJ=_*_s2{sj;$6B^X}R1php^gUz&gqw*V)<R
zEJf#>mJ#TWTs`;xx}jcNvN+NWbA}Wfo*k!ABF6Zj4e0~e_JzF>%W12%y)9yvmhWv}
z{^frnC;<yrYY-1aMm&>PMk`ZhFe~1CN8pjJa)9f6EI%4ZQ4%&*x@&N`O}{>6)<Qyf
zLr(>qQirH7^<!G@e-`m`+E8!D51VgUCjOA8ae>V&7G<%!-7$(>loy7Sav&=-CL(it
z%1xS@kjkD*6E4@xX7llj)vb+2A+CAobz8ZeX7hmm6A{O_q-s;7fyE-Y-$2skUA+$j
z;kf+{?p^ya`Cj7jL!Jo{Oz^B(Vjkt?2*=El3FhqrK%QC{7CW?-sU6Oa6o{b{Mvclr
zE#*v^6O_sq)0IybcE8=&B17NW+Vhvsc3-VMf3~~2w)<*hYjyMKBI)2iP#}^*rEsQx
zrBO5Nb&}%}>;Y%|06-2<G-NWLR+RzSwNLWTIXt~QE9t0$#=zvTz0sscTV-xDAS7>%
zCcYUVu;K@&gBAf~;gM0h%Ve^Gu_6=uo1svU3Qd@L{@#cx@mx5B^$SB(0rKz!lM3e<
zBn%&Ay9nwW7B5W4?t?Q!|A|fp)B!ih=a8wuG!hmTIWT$~&}K^t9&4Z#h<A_eZ-E&E
z9V|fEHTdHI#@c3Z3CyKz(ME_&Z73Q+p3SzlnM!0#&nDIFr%z#@lNhiSgBx!;F?{JG
zLW@|m``@x9p*`>^T3j|#3X3uEFnZ@biZ!o<Fykur+`Np5473j>D`m_7ueh`8t?Rhb
z^uEroIMN_Z5s;`J^kfh)Jq~C|mN_;hwMZos4;sRecqDT|@(4VlY{&3FnycK+wg1>W
z@4MEjUHkBmlAXqkk%;8}sH$DHYJI%xqekCVH7h>J)8U#!tVK7nU~rC`p&(7uDImef
zXk!yX2Y~Lpr@&U+v4ZY_$qk}P{`n%=#9Xv$YWV%b<tgP>E%|U}NJ=46`*bi7ml%ki
zreiY9cput3n^WskjuSZ>#_wU1+x5Su$2HJ``G642B-lktG=%&`Z@SDrlB|Ani8AjG
zk1?MEjErcE^P~9IEsJ$XQ)7a&gyzk6Vvqj~zmC4-*qKle@3H(Sh*_f^^yq{UX0~-e
zT!VZT3IAL{m$V4s`tW*eLE}QrS$gIKMOf^Ku8%P<3Jix0xWEl_E&qZO;>Pd5#ltJW
zi$wp(HeqC^bN&cqO5+42bDI@-6dkAg1+^iZxk>~JUlA&8Osj$?_*6Mp#$iKq&JZ&g
zR#q+mE@q>di1cVJLBTAZh=|%lO(9+ms^ZLh>28AZ_#}`g1prnBjs&jg_?YdmC()+E
zk#v5=dH7B!OLA*?4r1g@ojUQ~EJ0~Y$!{GXDGKwhF&yUGAZe4A71TQ3Wl-Xt>dtlt
z@&L+UGbmVv1nH~+xV_qnCo3|IgpNAmi}1$T3!ig7OXOfaQ(aZ5&?<W4UE^v}#JkS{
zMgNF|Wt$b7?P}T3yT1w3N{SkUZC?;V%iahSU9lO`TxpgtDO8kZ;fmvFB~tlVH>9aF
zU%}4e6zhyjRH(CLZ6U)kGNuuxEMqnDmog7SjMc$|>YEN%%VV^{H`eE1d1xgH#&O)5
z2d8bLEvtwKTW63@U|7rHzdw8QIHE(n2q<%jn?LI-^MEN4Cnsaur)er4idw|0Ii~yY
z6<D_{wUyEb;@93*d*uCtcL^fVq2j{}`5Xb^GOuL#dJB9@@bc8FA_D27VBVel{D06q
zUNZz~wp33l{k*6ze{w4cc(2l-+m#H{sRuF!3(TypbTn0$YFK*8X}n=G^C!05X?7Jb
ztMmWIVJIwx2s;-8_Pm2uzn#luKsho~KgVHI3{o05xtGM0uvx>Y+yM`07(1Z&?B`>G
zBJiTH(4>(e<a3<-<Zo;prg<SG*D8LPeamwJ+S6-#kR2dOa1kX&m61AvhSq|DFf!sp
z@q>NJ^XUrdpPm$BVrz92R83kAhBVL)Q4IEa2=>^bA5JYPxIfzqdDI3tdBE){`wDBY
zYqVmMc3~|Lm5(`-2w|h}#rA?!nEvE4TQ!d}ugeNxIQ$lb-t2J)7MFKo1<-St)QH^s
zI!Y+xU6^ym7<g@|2eR&i*-Jf$_2hdL!81I{BLMA81L;PyV&{uCeL9{kKU59(R{1W|
zC+=rRni*D>`+yN#X;=Jr)QjO}l9KQnL=G7)d&QU|r&gPSOj`aq#~ik~EIb#93@M7G
z*&nEgTbxoS!*j@2t}!@LoDeUflui`(mWrRi<8(~)xG&(px&{Zt{^f^lK^Wqj`70`(
zu&`)F!tTAp?2L{WZ3;^P#r%yoVAz}+3<MQ1I`NCJ|FnZOX&}sbyFz%RWF#+aw`c&-
zsXvhc`SWCWIwl9>e?!#uK+o=MXZ7v7yR)6+S8r?+uzlgh<ZAOTUYz7naTP0GfrRx(
z1re6VPn<()o%TpQQ&4PssqrgVPto@^!Ne_-`%1epJXz2}_v^3gb|priN*{Egl}s%r
zg~CPbL)mmw3_cz>AeYxt)x!vJAUp$5mu6ei>u`kWqGLkN6fiD-Bs)N}A!LRPTi!T{
zZU_t+qwy-kQt-7R%@EL-u@P%<05BvyZtlbE)s&1O!gh2#g(QrcM+jqg<Ee7!+(?ts
zN#!+~qc!_Di~H=25BQ+ChI)xsEFTlt&lwkB`JBUf!f!|pZk^-R54vrJfx7#!khd25
z!5I<tuzDC@0Fq%rPQa#JGJ(l~Z=E4j43!?_FTMCZa82gng|;xVf;je1D`IkhYk*E*
zsjwK&#+toW_de+%nT~OcGo%9ZTst)wV<O9Rx7PS2TtE?BF6euVV?d^&P)LKCTzw{^
z!SrC~kq}hZ3Su>?u?IKiS5KM~2}gV@d@I0>Sq;ijq0}JQ-F)Zi-u}I32VY)y7l`nX
z_^sF9;xJV59U3|4WsNa0d71CpLtGYh4}b?e6N)@MO-xf23PpqkM33~T#AMWP5s~uA
zp)L;3f@>-24MQH5*a*FB0|-}8h$6#yytgGOcHx*f><#TYUPXIPT)#ARv;#;{$%^K~
z3|r@ByCB8f7L9@o;a$|p=)GnCG}|Lw<p;I{KEJr3z&_r*cwZOH&)}AhxtWe^cqXOr
zor(gm-QusN7BL2?y)`+~*3M8J-%N{!J$ZVxw<~9YWDlZIC8j74_d6EE9{Q|XclaD1
zL->37d`uPg6T8^h*Osj+e9eft`Ss_*tM=Oif?pIcttq~+P2}}}4HYYh1qw#EhY^4<
z4B41~+O_rYba4H%ZPScC)sPNYj&uLf7O=UEC6x(c#?JS`^f2!fl|^BdTNsfFEvOLN
z_$#E1eit7MjxcU$NCkC4M!z&Vq}Q=bOEc)<Fw8hwo_+QiLj#b~sU0O&>!^f|*g#N-
znIPh-OMS+z5w8)#0P(%n`IV5jRHwa2QBdVMnOiYc^*92=tAsHxp}O3u8%E7XFI*T=
zM!1_n2-cghBy%KfXe@4~s124czymoGxXmu6n9WKaOn7q+*P37m(6R6Sq6OHm?6-Om
zgw|jmoFQg;lxm3?TcnxSi)Jc&+Hs12ixL9n4<)-}GPK!JuN0TfX3(LYAhczPWe2H>
zw9pm+4CzK?E%<To8VhqIkiZJ<S%t^qn~Gs7ctC#nd^v!~)<fv{^+|1o3dv2lQ?(58
zqs36|OKh&rB0M@$P=71iBz$3g#4&M<6l|*E<*Ma`NM#<4C(&dBqua$Ho|-B&P^PQY
zZg`(&uZ8qMzWQ5*%k=YE;3n+S!>9Lt|6l+4Kl|mtS41d&h@aYl@n({iZ^XLC_53{+
zYgCGK6HShP=DWSP2^bPCEvn9sVTT|=bV3|E8=kIZGneI;bhiuPg&QZ>Os*{3z{D-!
zg_cU3?acm7G%;TAcZ~oCt7U0nPlkMC8wMz`-i=S{+!7Ud<M2LVM6J*&>QIb-WU)1D
zeFEl~{4=m5pIK%!$nGBa&j~R=dZxBU|H<QNK1^13j?Z|c{GJ?KOn9f$Bpj^od`JBj
zd3=B&S!~TuE`j{*8z)FWaz8_D2X36AU%G;AzGlB-Evcxw--x06$dT9zL)k=Z8&<QU
zErERFq}FOqr}c()ym=Yt{nFia{n*7!M>LH+cFX7-qDDO9p1Qi033JN2xM?v>UEYqx
zWHDfB7lHtO!p1wOD5@!y|3?ruQ2_n)2sdsN-EH-nhsEsKMw%8SQYRQa7dprDAXiCR
z^4d_+L+s$J7?*YdCZRh7mOTAxc=~z)<nAh!AFRNpu>po-Gt!RiP^qjAHjT=z0VnI<
zmETKDDGs2ielYUEdA0kREU>bJ?I|f{e#entpbk=+z^zAq8QeM2(fG<HF%W_~A8!=G
z{>6=Mg8UeL6TN29PVV-&71ja~#zzRR`h;gGjd9asA=N+9s<K58Dh(^s7}Wit1TK1&
zLT)W+#RvliuLJ`)A<`R{Vi8Hcgt{9srlF=AdqT10LHu@j5w=u&dUxxVY6+ji)t@P5
z`!p&G8_9{%v@%%sGKO_Idvtz$Pl$s;qeN9wkegLHt2aP@)^t@FZFb+RDY3+$aQ>P8
z4Igd$23^A1Py#XFQv5Y?64$+gxAUoWR#g%e&g33;M(ehJ3`@w+G~25EJ&mG}21JdT
zE@fM5P=LH9xoKI$vxi>{`%h+joKkhTH+#50<E*^rPb<ao*^|e(25fbU{DbBRx51F)
zR9-0v%3{Ai`|}t6_rYNcPL)0Az1`wD00+gVn3nNUGKBHM)wf!-YmJ}xA^9>)(Y)Ie
zEkFaTECG@D0W))u7A7Py3|Ppx;Ru#bWlK0B3}7fGG?}~h7~sm4X~lmbhLA!W1xb;q
zk-x;a_NHqP1}=t}#d90~EsX=d0wnARe+7P*Vxsaviq{rJVcnAbc}gLn{m~#`3&qQ#
zA5<0TIUFmKk!AR|$c+=aaIx6sK46>XKY%qg$iO`+@nSQ<^@nuva&<2rT-<xLJpKVI
z9A+%89ZD6*9=bk-OU8hr)2&Wfj_f^#ISq<xs2|@Z7_S9kw7?Ln*%1PgzbXI&yUcpp
z*aKq^s^a_E+@K6#h3ZfB>{#o?mB=cV20<WKA0pblvmpv_aoh%We=5jMh($$HJ6B#~
z4sC~POs|*ul!%iX=E3?hx)9B4D5wU827Xj9)$-f{(m!1tjhgGtS07Mk?(V>AJ{bKN
z4&wObU*9cs2k&zx(+5S)2zlm6U3;A;&J|T*M}7+eHo=J;!l(@D3XB7G1q7v|m7qnQ
z%OD%<R{}po!ghWOu*oBym?$RYt#%L`t2-xy4^&u3xEt8J<b##-fxSx4VmwqF-Q?Yn
z->e0|s>T9r@&mSGKccdQH7J?CQR32spzn&0U_VAN2Z9DCZ-b&mB`Ym7$Vh6>$10^*
z(MH-(*uPcqJ^8p)gBgJCT=D)!WC&7dgufnrG>JRPPDIv1D<YI{x}%t=HZ;1I$&Hb_
z3nvV>m|m<?`r^D-%LGO;Ir<Xmc7Rt!#P9`x*_-9}R9Ie8CyvmjZ>7nBh#bywMx*8s
zITk#g{*nno<;LMPIc)>l--xRKUcI;ok^{O-_*FWAvoKiHfHMQ!r%kEStP!#HE#wzI
z*3nkKl6>AM+>K}wSF(V;`Xn`46TLxwIOKGy7j8MiC*T(RB7D)@4Bl#zM!=50n4Rjj
zY~utUw7{<aRAo^*hgPvBP+X_NvRO&IPLF`P*2@}<OVebUidh&0)OrxO5V0$#mrLSL
zRHn}L2I5KlZGnEX8%C75sTJs#W0<t=J4g$7;F%mJ(jfTd!~FFRvw!+e|NJk%{{wK?
z@~^5uqgi<klfUUM%jkgDCBE4CD}w4+quiB(SLGFf<57&Rz=`FIToFZ)FK2uFckkff
z-s8u!FTdP9IM_WrB&90@_#(Ti-r{lPz)W+iT&6T43^=6iwb*?YreT|28BSEX`A3HI
z(ZMLD5UP?!p?Sg4A?AoysZ7X)K>(Q{Rf(~~@LT2R^GnPc0#~pIRK1a{0q5Z_XrwAa
z)cZk2Y!k{7i|s;4dRFlSil8C|3zxHL8G^~tB;=gFbj60}JcR%U-)*jI-au}NI3mRn
zLe=k-1QRF~3G((Iylc@#y6+M^L6DGw@MbZpb^&Qfv3p!BQ7c3D#&Q`I=A&&H@jkOV
zHe%TIQE`8}?ksn~C+a|el<ke%qt#sg{CCvsm13-*2}UAl_e3(@DnmGXdCc7qx<-!p
zXPo0CyJYNamc#hPo$-~?1LUkGB@R4D`7{W=k<eoA+JuxhLTkk!a~Lp2huFP~owYlA
zJigw(Q5G}!Y&JrAn6RU&sL+Z#D113a5=@rG)2@+EnO@IjJ^jKVDw`vgJ(nn$Wi42(
zkCf=T##R?&>YryCg3|Dz3(X=94mOJ@1O$cVGR~!-<NXlxX>uY|9If%^2UKb~LK_i>
zh8H6w?Z~Mlc4am5d*GZ2tW2(HSXS-Uua+x4ugBgHse0xnR~0!>!8A%%agT{|)t_f}
z;m1A8j^X*qJ?Cx*X+kY2O484b-xv=}s|v;EsWOeOdH>4M9l{n1QjvP0bg@Cv#!10|
z<>1DaAq!iN!E;Zsid3_2F-Y?<Wtb>TFpI48hm%p&BlLPygwcDbf^b*C6z8Pr;%tO|
zn0aCRAi9zD5z0I7y<;VsCg(EWJj6%75;n|WRa8AJZ2zzYEi2T~9@uM$?yQLu4nAAz
zlPiiY0qKE!<7^wmpE+-8lL$_2F?thfv}bSP^$$n{Cl+1{_guA4=)+&_pYlebDCm-Y
zl>(*pfLo*o;>KHOMo=Ql9)%s4BUhrO?k@NUr&*kh<y+Xra&HCA9FFb{pD>hvqf016
z7z?d=KXlt1p)(fX?NLXKlqk^?P2Zt)dxTKw<l}XL1|tObGHim=MB;Izc-secC0I#&
zAO<<MuD=&R09MMeI46&*d#shn#nPH%#5zDTo74UFL3yIm*mT|L9**9c+J{jVJ%gUG
z^6!a^B!;Per}6f?_(cD0Nq3?HWj&uR@oTa$&O<S)E4X3v)keQsT>LHhl(t-;3XUnD
zHMI|5nqUYcVi7_Ti!{_<JkbpG{(*x6c)P?h!p@@dImB0ZiWjznRYY^A8FNMRvKSid
z<t#9|_P~jFtkDP{)egdvRs9Y9MAlTG?yUj;c)iqyB^YevSjJD<w^17560F5VxYoL9
z=QJ_oP?+fMia+ouTy*NA4N?u|C}uw**WAU+ljEN>dc@0{xvWt5Q|P53rs9QP7dV)q
z5o=AV3qI7ExVk-Cu^6L=SkbgFNyb-BV=<BThxC#O#x%Wq7Y)P}dq#_e!{dY{`O`|p
zzorw6>k>E2E$4JS4-0rW3VvBXkzgqY$HP`88-)JEJ~jEkQG3+=&K6owEKPS0CG$c=
z=*uJ468~!lD!_Vl^oqa2R#wU|nT$(J(|2=#ljHw(`}O(z+n@c8!{@mG-a|SfYVa&{
zkmo8tf>?r!D!E`d+<)-m`J->X*_%B9c{|*H^5FT?C;R+;v^NMWc2*WiOUliPh)=A|
z3hmU@j05eiK5&|o|Fs$`HGUZXlrrZ2Gh|3UKJh+4f*2`3V+FouYY?FrAKY>%&9K9d
zFxoGP2{O^*d5eo%>~dj8xxqHH($K{DEzEG{Csa*3zj^=!`=9c2BHHlRbf-Z;Q{!Dl
z5TTjHu4xTT*vHsDm$%~3hG}zFY@ATf8pC$bT0jg=9V<<5<L#^=I%#p_Q|+?ij-(0I
ze#<`_cG+&1CgI2FiP*VL$I1fY;uB^+T1LzFC1e~DTH<L{lD)v-cER;P>TXG<Vwx3#
zLY(o~1~>VNCatSK>A(&|mIlYyO<phyX4^<VMp2X&jnZ$WWBOWaSQbGq|NHiS^yptN
zc3g>P9Bjp%vVUTH;;Sneu8N10ARsXZ<z;8qgDr~;C1!3rwe$pjpm=2@M4<cia|HDZ
z<zHiZU*Nl$(^w^Z){9(X&rBcoPE2nplpvw|(Z^{d9u=liM`A#%Rp(2RR(7ed?AeQ>
zFYf*R?(FlEx4(;j?|u2z;e$isda;)e>M7n(DsGJ!6_Tp|HpbOhU1nAlzW7$jYM*$(
z&Eohn0d;IPm5fo*6LijBe!vYgH>%R@up59Bn<?f@qA64do<o)W$BwrV<d#~xxZg)>
zS;|eI!qp^rZ1}BI@)Av-6J0JQIL5SUk4g<j2`|N<_C4*1+(l8rk&TCFDv`x^QdKf<
z(~T_3gX*T^y6OcveIo}&b3}xU>L;#t4v;BFPoM8UdHnJrlI7*m(bop1bS48dhEBUW
zp}J=S!x({hmNp7wwIBQD5y+_nr)+WZ@@*;>Gh&%P_HJ3(^f%oiP7xyGR;Vq=K3Po<
zySlS$&%P`8Mcc-?zKVAHBgAjxM`i^R*@S0aw%RW<S+(zMdqMgQ_#=ot-foZO=Dqqv
zErFYA3g7sgzNLA#<Og|~P2H1#u0N_jXEQtR#VTrzETZ4os%TMsWE&prVSG65VMNxK
zD>Hh$T|C9uz}V8GdPa0(rk`mVsD9;;h(xTQLC6-Xte(N6Dk07m8k4p1o-dAV=ualQ
z+zyI5)qf7pRGr)M4bU1Cb=3pW4@WZ1QV&J06|8d;!uwF(l07i@?<w5#SFEWx(n}yb
zVxk}k_y}4=5^I&JLonFq6`QqhRd^fPjRN@RS_QlmvmYU{JB#g~=mKJOwICF0lF(#3
z;mbb+%5XkZ1l>tSVXT0iXzz(oz2#h~t;;9`_<KEPnzft3H>6hE*Ps(gJzUBx-1+UD
zC}Fe>U@3__Vv~Vag1cKNc1D=0dvr&uSgTPQ4WC3$;52AG0np@r5f@7ex8ny#(1!m6
zNb3LnE}i-nD`*)_QDpkV3>UFWXUnaO-F6?x85F`4G8{@W&9{A!8XQ;fqqdO3{urY-
zB%X=d&o_=I;rR{=r>U!Luq4tU?((g$ZGM$`5AN$a`b<4Q64<QO9{N`pFnfqa6bQQE
zznTpa3Ykt+SC+W*#aM?PH6MSSg|Kokc+&5L3N6tbK@8>wQTFU)cKh)qIkA~!1)0uo
zZyd+}D}wm9h^_4>Z@Tz5$DV^VYK~abU|<Nn|1jFP&OZY_a6K7xVTD&$xBtpdBN6h`
z;3uJ?)~@PZ5}S5iR~bWOmdx(PjXIR(-|g?<*kh+ngAA8;qWle)?_Cg3{fPa9#O*ZD
zU-f?Cgb%Q(;#>{*Fuq9R>2QupDA4}b0b#>Ip-6RQcCQIi1@qQrbP!<&!`=tkTT+;a
zqVlKLCBfc-l?6kUo3BtyapU1ovmF2W7|%nbEa_QX$!r#WgID`s;dF0RIZRMKJ;uK{
zA~VU60%L%707H{_7pc|qp*kO>=LW>^Mld`g1+r+aL00{$HE}{8oN5pyaS`<JDjU@L
ztPK3$odrCnPvmN?qDTlXle))nw14mjpuxuV#C$$#W#6Ylqzg97$Z2V^BfHF^0upWE
z1+(Zm$A2qhiTsv}lY4f)p=QOWb(<V!)(J143$I{<i{%*7y1o+uxF|O}?kvNDa-7RF
zoSejV#A=iNSg}P+176LD<=_*9;MF~)2@y`Ee;riO*T6!1L2FR>Jv@4J6;l)oQVaEL
z&I2vufafO1Cf)i?{&~D4Qs|r`!SYSM{UZ;4y|snf$lzGb6TEYf>XrrpJRM;<ZyB+2
zgrFCdLqlDFxtYI3IS-OSGFne!O_uxn#r#Z<AdVGDP6l^pM{~X3MB>cS4EZ?O>}W8K
zF&!n?LT{H!*05>|Z5Me_SP&yrzy=*{jfH*8+FrZ>p`8SrYj4v_mm#FDH4lQgLS1n~
zSY(P7M5&2jt#)R;!V3Mm0!tt`76Uy`wvA#r7(#oKZw)jQRk;OW-Tu*mTR+`y!(cOc
z;q4BkiTzN=G|`$9i*y;0fo5qLC_lk5G^wqvwpV}fgUJP~qNc;axCdD#XmBHrsg9#h
zycAA#h1p04y8git8~MnCWiN?;-P~lD-g>TjmMRmI4ptqL?r)c4lZ-H?Lva)wRFm2~
zxYGElKbRtdeXkW`zxjLXZu{=`*ygXT=i6h`Z>`%`n==ztXw&3d<9TJkMzmM%3Y=Nq
zF1Z#4kZZxv%39(y55>Lp{#u9@yyu3N+Ti`vbxpOQBXGvKh9TfuU0<8pL^%<_WIjk&
zW*OurV+3wAi9|s2hFwCNvg;8j79t+XWD|rY;iXM~VOSAqYqkK_P)MScLY<1Mc+Y@o
zK<}@Vuon6@Ex6bmOWNEo?B<LOV>{0#SRZDYTvJlu<(ce))ZE?iOPm{v_f;s%a3Em!
z1Z0_xE{kUg*yzHRC&F|Z#0*C%nJbn&id@KE(nfa72<wF(G{dE3<|r%`TvBXmBMca8
zD&Byx5ULKQ-!FM~UvOvIo)yc+NKgEUQQd}b=p7xk20Y^E&_Ltm5xG_%WC-i<V5{v#
zIIxx$Wry$pf2nNfn4>UrhDTefQl)wn8|-pL=aR~9S>db}nS!e4Y6b~bkBDYkP<!ZU
zEiV%9T6|x0&j(qK>_oYp#;)pnXa%J1%3VGsqo#!8A@nbQ{`(laDAYlCgv}xNK+yX9
zgGy`%1kENRiBzbrSqFq7AM|bwqNsyz&YT@D3C*{Jps;l+8$I0PU=fO0i+e`htnMXW
zyf__4U(M!P@zNQVmLP?37ir(SxM8v^Hn+%uy)qR`*@hu~EOsW25L;!~6sv0qUiDF~
zM<{yAFzXT<A`64{RI09N4-T*f-eVM^I>dI){o1>`yB%(!U0Zvtzu3lUshWsGHAPR4
zS+?7_KR6&oHP*E;{7>2`lS+*3+-j(eWg}JHI@*<vf@QIzYsv%?YEUuEP`UUVtwp0R
z)nN4TgIW=^oya5>wFL7>B4n1~K$SIAbFTr_{4ld}*zr{3$66XTQjVuqwulAHxzTS5
z$fV$gR$$&liRB6I!568fMQnoZ$o5eS#eobESRIKcF-%9Fh+YdQc|~D9Wl%vCVnH#x
z#(jAMEm0-H^hvyM0`)?~E8?hgLL5paG3LEGBe+6LG%8LODi~Ap8)|-1*M+8}Oe+cl
zmB-M~&TMZ6lV*KX-7X~#u|nDH<!`!%G_NT*s(M;!P^Gr+%xd8+MT4n&ieZz=A5WGd
zi`<8~PvqmOW#25sXarGOkdLkcF-8}4Bc}ME!f1vU7l@;f=Ixq;kGo8xW>d|c1uICa
z8c>(hmfGFn3l+{&I4wqaL_a8AS|nzgWj>jP5{fu2B!I#SY|>GIj3VXRIP62;y)7ZZ
z`sUN(rmO)A0z+^a4H&R1Tn2OCa@oQxP0hJ2Pf<v10T`plR-<WSLt%G)J8{@{c!>wl
zTp{?PRKQFkYcK_90K{P5g_guDDdz%>@Y4=jhi{@hwdG!W=i29brNt&omabJzQMzBe
zi~^W5R>2)v&IEtctb-uLVNwi}-M~bL7D}kxm^?2@PGn+;0S296u1!((wnBRhZ?4aA
z;L=FQcldCk@cjN=R`-J9fw+C?BMKXDGYm)2a6x-C-emu%@E_Q|<iCaGo}#Q^WX^Dc
z2qK}Gp-Wt2Ram<nNzLhy9jIVIZ5^U~`m?8xAG|z#^!!hcp3mg-I>i6=h_JdAl{y@O
z-Y}*(-dE`?7=+P|XY&4azl&p@ylrP$F>9V)Hk@ro!E{OSva<DiJkIqyDp0{$>hXpx
zb3FjsjbROXz~kOcf6%mLt7$r86Iz2HcnY4@6h|7BmQy&!HISt!pKJ;zBd`U1qCx<X
zZS!tKj%N-r7LE;onixR|X-3$9hjRBbnq*bpp~!I|y6U~hTH4?hAFl<`)^LF(c8yfh
z(Kk8TAaHTD13W0-vVD`<Y}O+;J0r%y|NjQyXEU7aQFq;y96LvhfEn?-9%6FkeCp;?
z2mu)Dh?rHEa8kC4`06|U`GGu9qK^gz4Ly7D`R8BnKiE5ZIsm>5hf<U*rCtH5O0n)P
zX=9^(I2P%1Oc3{7yA6@7DL!+A<H=aKzv&<2gF4D;Cpay~v^?PhO4gzH?q%$1`z2~g
z+7cbnA~H$yxe)5meyB3-x|Wx|#|D#4!TSpmR&Yb#%yQNwn{GXT@8cwmA7yo|{dw2?
z1rMI>A-E)HXg-qtg|W6fdni7)wr#4hw3=aOsb<%W^*>v9Y7R;gu>`O6kp`Sq3lH-Z
zMQZ4CW`Zf}_jRv!K2ox=9s@6y1BvxkJT}lMyDYUG4k9IX)P!KYTNPsnqH-BMJ0=y&
z<$l{Z>jL<WY2%yyXJT`X&Bq)Sir`X%Z-pd0B8&}H9@)Q~>A_M8gOS0!+{Dhii~m)e
zrQ_?(V+UtJ5_Ab1&pRLG9Xy<sox$m)F<Ld7zsEYlun<;J;xM1NGS{idDko&41zg%c
zRDNhE@U=U02SZeN#a|%Ody&XQFlf{a>!a+iCQaW{<#qa0W8)*PEKw<Nn`teN<<y^G
zE!q24oV2er%_^qW3p;2zxf+?8iyv%4nYdZfw-b)xSq#oyinx6v`;JFZ$Ps@Q&Y5kN
zx^4C07Z&#`pnz(t@wt<_`iKt`Bv}@9|3{rR5OHBV3Zc!X>B{hvj7g5=7uryab`&ct
z4?8fuAyHIGS#44!Yz|#%77!cqmVl3SA#SoxE~+WT@!%6F9&{&Zg0@%LoUm@SWXiRW
zzX==Lq7nt5^Q5@YfI$9h?l%{4HpAYg3Lvrh!`E5#^#hWCMUoU@Oz0O!s*`4G=}+UW
zhk|R{qx=d?Pd@x^%Z`ND5j_!R#wHZ3+mzWjO%?MWjxs)`SsfK#sWn%?b<WN{UXWM!
zFK^#%*YAH>ULIY(THOB=PN}Cj`2ar_l!ZHP54<`3(0)IA_g~uYXmaiM?-sAl^hc#p
zF?RarBN2D+yX)!qD@md|W_QD%*!sgB^#q>8G08QXK4uxU-boE?8>t}*q?NmIMV{)R
zO~2I`=K;kr3uEjT_B1=ZMG!;)jmqVqz`asFoSb7>#2R~dc@Do85!&Yiv12GkNJ86?
zR?lSuce%!NI;I<sezRIZmWJt=Bd+;{npV}3G;wp{*Q*cND=P}AN1sixys0zhuziUv
z76C&Ft7<9q%_5#+J0#;W5b`#KixK6_$rXyOF#lo%j5iIKXlcjnF4Ay+Be}z@Qms&U
zgts_?hHaqpN?>%%+PkG}ccd5dw!@)F;3W7fWs(x7ngq;9e^_2hIE|VNtGk1+1xNT!
zfjpi94-UOVYUnYATV?#qI09ynTJGZ)q_;?V?985V3@(H67%2;Pxtg84aX-fq{)9;h
zLA_qEUuT?K_T9<*Z;?_IKv;Yi<6W#c`8P<TCe&pmC$Of$L5`M(3OzIFd0<X+x26+j
zQdaC=UtvZXDcfHC>-|@sg@_iL^=T!M$yz=P^mNZCNK4-t3&W?mdJVbMH>~~6jJvXo
ziKKzb<Gt&ajTF+23l~}@UT<1Z1wLEZ&LM<<2~Y)Mf#lxLSwyl=efrhGcxKx0`2x?a
ziy~62GJmI{-~(vG+II&9bl`$SU|3>*93QP@ms3Re=J!$itb?Z!ms;TFr!BZsJ1(p5
z>I>oArN`Nw(s)%|vw&WH?LOd&I7G|M@JPtwK6LM+ANgIgHc4`1am35fqiSM2$NJQ-
z%f46aYm78(STgLh6j@@1c8)jmP<5o~DuP8=p)2(h8h0u0{*=p%{EUypK^?S|>mP!N
z=2KpG;RGeC9j+exw>r>IEv@E$9FZB`Xr6inZ8ACaU%OhtfniF6i~gCALV{`#7l#zB
zRWve+1jXXT_rS5lPKDNUisUJW5<Y(PbpP4QXM0CqDq2uRnnH8OtAq}6bS?(S>Xr7m
zfY%E3hP4RsV!*PwSRjy3R5<0L9~_X0PB9xDg!&i$J2-gwaO-I6+i%a#R;#O5w!Yay
zQ1L&&DslIybUPgW{J*bU*wyAnP9W%_dS2ErGG4Jq<gnhFJ`~h|b|6q<OrtM(rFNuk
ziLKbBkiHSHDM$K<F^KT*v$<R26MSRlf=5j!9*zQ=<$DBGdqt}=(RO2JzrB+@`=U@Y
zExvS0y9nnMlo61c^gu@(7w%*x&ss|TZ{=(nNXEXSuFb9mIlG=Mz{Dj=f8(a~cvG}h
zK#sWFwJmgfiK)srnaxllbb1aPKdHoQwqpq!-%Sth)lLy6V;cI{5i&Z~EP50!-qdc0
ze$8oI%&%<TYlpe1w`+%1%(uasrM-IruARFa40@D{Z^l@rPd8rLP3_tjZ<yn?x0v_T
zH8rcB^nA^aKj7nUB#_(9X05qdL{D<H0ymH7W-9sU2X(Jke;@mz?v)L6Nsp5TrmIw*
z&s=}uuGcRq=k__HVnY~Xf8q#{Pg<?mz5NEd>HX^|^oC9+#JXXvuWp5p&i}?&+5{$R
zlu-?rr7@H?gBCDI2XG;}b%Li9Vva;8Kt|@<;`_w~z)TznwpeXNIMb3$!S~VwIsPI9
zLsjEh>Imlrd_bc3JQ&%C8L}@*P1vEZf<pa??g&3hv+u3=CjyWjA38y!x70yW%i}JG
zkmA&Af9ZqvTJ_^F$)fef-6x?)&94}PXF_0N$;%m1>c2D!c+#>D9C89z7rIU4QursM
zN^z!-IU<#uJ>OzQ^1F~p5xLFF%F;pXTY;D7u@O1!2ET`9WW$S$q~6k4Wgo@yN5AAH
zrpwgoo<!;I)LXX;y>S~5a*G-b+zsHQ7Sd`>u8DZP&p;f30LFR6$hVm%$A!-aJjO<m
z6+0jOPf**~LfVOF4-8CHZ_8IcbBsCJtDOg~#p+1RYm(zgX&wIg8c29LdTq0AVIyS>
zDsoPUgteCy>6Pp&pVb+pn*7%?toXc6X)ZX5SzuJ8en^vIQcC&gY0EJx)qSZhxGaD~
zvp@J7+KXPVB$TNu(e|Vj6=^M9q=OR|E7E~3tj&ZAP>YPF7<jwXNBQ5HtkyOOVUY`u
z60u3rO$AF1H|5*4@~0jv7IgE26KVFb5jSW!kdKalVG)VJH-B7ilu@c;f`WBY#X=zj
z8IWup%oYyja@%QI?wpxY%zQ3H>;c7(YPr}i<>W<j1Y}X6s1qM;%zzLI>D;zCs7^h<
z5REtW!JDPIkGoZ#``MSTzn!1IZ9d?}!!OUZ;Bvc<^ISe~6R@|B;w{WGGgz_w;EbTn
z4~V?1>S#HrF}eoGfbO!?Ufc$n63p*j6|-+dDZ`sCH8&$i7tNL!9jQ&3d;!o1{Mqn~
z`Bgl{=8&Y|IX1|<_2L44d2O-W_~bQ{esr|<EH;E#oOD?hjfK5jy<DAMz9qFPotd|U
zz;@BB732v8RFndzu<5GiFNBmMr`FyX?^c5)IX!@MdNXx6l7si^JbUDAcE9myVLbD<
zNDkoC_9SCKeP_d)bSUrf^~fV@^lZG$>`-lbx`>sHj;(UV@giefRxl}*B&2eM*P_*B
zYdtHO5jKdn5tIF+LKPx^n*zv*wpkd)lopDgx|h1pkpTh^8PzwSz<Zz#cJElcfMv_0
z)SYF8t)>A1KmX6)-k~U_YF)lmuiLACXGPOXNuWKqbvZ4-f1kDbBdJGNt0+k_Kxz-4
z?%NejJWa?f=-PQ-6Znnq>|$akV9E}yU=u0IP~J8j2nE&a3nj=sRZN9F39trO7;H!J
z=LkE}1P$k7bha`C+;w?(9hMeFaGYZ;BmrQvPM;W3z8a}RZSsN+Z{~vwZ4E+U07h0P
zgEA{%dVNk>q$*3xQqU=<;awnzp|CP(UY{ap`H+e?82a4i@oJ^3`a9tS?Qwtd_-949
zjaNcKDFO#*^)e9lD&F~CaV5u~QwpIo{lR{zd?>%vUC41uV>=_VQ|=&QVgw?6;2l<y
z>2{4=TIFOWc*)M-1eziJF8U+DQ!@wDP0If*2P*VA-9oFyLP6EyqmrdfRZ>icF0>%s
z?E#i*Dv4b%DC-mb;D6LFe;I1uHMM1sl8u8VBacKhZPk%#xUfki^39;pI*@H>N8)gt
z`ms)C99k8Gx-}5$#w3Zf6rKe^TtbR>R@=;lI?CGyO`~SRJn!-n!9gsy9xlxWK__M%
z>u#+K@>pde6i=!)i9$J73mTRnK*W7GxlkFA8VNJzP8Zub8c`@rL#N~MW)7%(ieiK@
z4rqd3PPQZcD@I!{-Z&}`MoO6|P0kNyq75~M#~i~*ShEZEvyQntV=NaO=cSVg3Gc!y
z##YerILR)&zv{zFuhR!ONrzQi4%U`4#5zh<NnIV|=t&G&(KeQu|6M2`B3yx;a#qCn
zZVu&});iak&;4Bv5%!rsCW1c1D4LA`=}KULg)iU+M389WHN8F&k6<8Q5Cc*591<MX
zUL5bB9@+c@_l#Z9G%7xO+FSS1@-1qo8~^B2@a@INS`z=_xtoUR9_8pV;(9h`F+Vaq
z6-Bt=nW*O@fE!YQeJFkjnIlF-;@<Ub0|>v;W~y<>D|`LZ8nMm_2y$USNI<6{H{vsz
zo;*SG%_9gF`8f4+DAwvf^bZ4`>5OeSm4qzbYg!aNZGyn{fMs5iK~|g4ZZ6)J^|^-B
zU)BG#&PB)fd95)JmQ0ZhEkdOWMiZOO7$Aa>RI$#f;ftYJ%7YXoha9RJ6>05b+&RxH
zRWmS(xsJn#Q)<i?`2KrnU$+MMyk~F-V{<^yf#_ie!`1A6lp7oujp3Kdy#6GPN_o|j
zFM#cveV~x+kQ{nvEA@{pN&{pU4tf+s<Qgj_PsZq)HP)|{l%Z!9zIN}8^?-$BxU@N>
zgQXZ|Mnr6~Dkg;PxluxdjME7Oq8`oDZ|~Ghzr>|{iUyUJPj#^D+BG=K<Vq5=h$_8@
z#YXr<qS%Ya$d}lacQetTZdls1gE@mLvjK6XlawCRSb)V^9^6?M1fnuPyg2w5XKNg;
z&?Hv~_)c=+MT`XAPHr)WX7UrswLMroYBn8|ycnjVg`6o303*!Z34OEWA}0_EgL39W
zem@YKwBOu`sR=M;OaLydERCmT(Df=ez1TJ!k?=iu!ZFdt6%63bERl80xsED4p6aMi
z8X1}nwThERV*esyX$7UZ>bs#gygNZdit&f2Vmu-!k9WE9*}b~pt~lCHajt^S{Gq+B
zNLA`Qs$41ux)*dVwv;>DaXlI3&|o))uZ*0N+3v78?q>vNgtP1nRzw|=5<^CGG2sNq
z(Wgg5vMMs1I3@m;ZO(cYa3)G8jk&N#^p^`nl%kI<5SdxcqReKF{nXoxesjB;KLw4T
zPGWvRq>7758W4a`04XD)RhE$-Kpc<+Du^G}#!FuqMuON;rTj3pZF)So6SlIwTn+|z
z)7IXq5bvhjg-__s%b7}rbQaL|j`kFUAju+yzoUm-`cfkG`4dB-qmAP#)M#SKY0KSO
zO^YdvGZcDfQ({9I%tzzJZcI_F&IYm_mT4vPMGjZ_iX>resLVxn(~nWx&X1om$MCHI
zYe~m?#}8|n%5mz#OQ7kZQ5>}@TT}|VRtGH>Sw*OuXulvO%plTSNg|jjST`6;@fr4o
zZMn6Qb--%|*wsvR7p%qvBW9)`hK4K(LXpB=du*rUAgsoCZgFUM`gidw#G{51qVa70
zeKUu!q%;rODHDT;kYn3T9PFAuH$C&-@GWB$JOa}~zl}{%6(~HHISE)|C+DqWEZI%{
z%5LQ2fEGFh-aK?P#8hhmHHR$(J;1PBz1HuDjg3Yqw`qrMMrd4=sFOc|jaeuD+}FrL
zSBpxE*|nRQ9-1@RGeZ^|#YMqby%wU%f##grMzz}HNy`CcWFQ5fg{<<|wnWXW9FxzE
zLqn6?>-`hE!}84=ng4^(UbL1xIekeKg6n52)2e6Mp;^s3ARD8^S-{Sh_U8lMwXh?p
zNy!XSE9H*zbVynC-1IcoQdL2zzm1n;`Q1vH{_Kvo#6M}1C?(B)9}P^&mtvtKLve&@
z@YS`88cOnPPP1UQ@y$pZy{{8af*DW5t3fx+Wv#Z>q>+Hf5rH6JMI3>Lg1GT6(mWE=
zy1OBs{0WGl%%kh>>l?G}%b)*V($~ftpUY5cPCeC42m~#9=VN_Rq?&ceo7W8eBfX0*
z6hKpxRQU9C{8>PjHOaXxuZnUC{E_3QA(HT>`5PMJo2R(0`6yV62FDk>`Bsgp?#AfU
z2?Lc?bgUVfe-ew>Op4&@&rpTj#FAZGj{sAxpV&QWv^+m;no$EA=E$$hlW+nybB9X_
zqzn<6hlM2Og0TxT*T$A8L-rznrB;^qowG<HpyolMbfSmw&UIl2Lx9AM2*rRB#SF86
zE(2K~x=nd?n+_K$2+K6^=@SZpuB6ZRy9q$TMP8Yk6Rb#Cq9`<M8VQ$jhYzb$A`}<j
zzxOYf7pMLy>;tZ#rAxU+F-jCZ!imacyq0aFB;pK{jzcHnABF4DFZx5S)##39c4g`@
zw+@OrnZ7T*i_juIffJS2SajcBYQ2K499Q(+$uWl2?8_r0zf7sJdmb;|e-Y-;KIYI)
z*O_STSlJJ1!BXQN96CB&NqZIyIx-r$c_88oojtZQv}0Ew$S8egLLB(!E2WP%T)Qf8
zMQu?pL1(ndPBdp}bTm-M24t{_LPVWXL%EFRI;=p5=kf1`rbhr2wxK_4;yCUzW^$x^
z06U(Ejf9cr?W>`o4&ii@b`6b9lt{$}j5Uukyi6hywDyg5e_Jp65@?a1$rzyDh|*_C
zKf+5oF~lsyL418Ln3MDGlYQUFlqL-+>o>?&HEpis1)<2m=5KgFDzV(1z*p=6S*~%?
z2OAjv7u@_lmP-RHha2DE(GBmE_J+#v*MSWuJ{oYHw~yGxCsJ)O2P-pcyY-F;<L!kK
zU;~69t*@%MadGkf_0G0>PkV-GE7!2DmRVMJ2jqx#+V;Fvsq&rz#G=zk*cPscd<Y>o
zq^=rY%aZ5}T&Nwxc-ft$$|o>crHdg^U_q&|hUx{{OV}fehj)LRF-?{Ph^)aoTK(-`
z^=1&pHr!SxIOmU`laZfJcqpR#afH_nNT$dN1RO(|_OWiEJImCTv8#!hsO;trNr&ZD
z^idbqkX5;oPx|YQcj`~}9U1dOkxcZ3hM9$QBh^KC*Tw}c>Bru6kP*+-FSAW+U2Ifq
zIMN~?(XmXz;pOcz%Js(~1=ynf;%^(-P)cw`(m1?G@;`p37A&&4s~%GYp{3L`yUW%A
z)wU6%FBLt33Aw%68GhiuduM0&j*o}GEth8l5xl2wc2){ZIeGuXPY&tjf)kR4+b@vU
z1xWt+t0S)p(`Zj05zK2UNM{yBCcEaMd$tQ{p1$dQ2K%^sC4jn*bG8yZ>Poq}0{9I8
N4DBXs%HQ4@{x9D!J-q+`

diff --git a/geonode/locale/it/LC_MESSAGES/django.po b/geonode/locale/it/LC_MESSAGES/django.po
index 6826098fc12..14684b2a601 100644
--- a/geonode/locale/it/LC_MESSAGES/django.po
+++ b/geonode/locale/it/LC_MESSAGES/django.po
@@ -1209,6 +1209,12 @@ msgstr "Altri metadati opzionali"
 msgid "Responsible Parties"
 msgstr "Parti responsabili"
 
+msgid "toggle more Contact Roles"
+msgstr "mostrare più ruoli"
+
+msgid "more metadata contact roles"
+msgstr "più ruoli di contatto dei metadati"
+
 msgid "Responsible and Permissions"
 msgstr "Responsabile e autorizzazioni"
 
diff --git a/geonode/maps/api/tests.py b/geonode/maps/api/tests.py
index 8d21f79bc2b..b754c60f669 100644
--- a/geonode/maps/api/tests.py
+++ b/geonode/maps/api/tests.py
@@ -227,7 +227,6 @@ def test_create_map(self):
         }
         self.client.login(username="admin", password="admin")
         response = self.client.post(f"{url}?include[]=data", data=data, format="json")
-
         self.assertEqual(response.status_code, 201)
         self.assertTrue(len(response.data) > 0)
         self.assertTrue("data" in response.data["map"])
diff --git a/geonode/maps/models.py b/geonode/maps/models.py
index 6cee9d21f64..546b71fb8ce 100644
--- a/geonode/maps/models.py
+++ b/geonode/maps/models.py
@@ -91,7 +91,7 @@ def json(self, dataset_filter):
             layers = [lyr for lyr in layers if dataset_filter(lyr)]
 
         # the readme text will appear in a README file in the zip
-        readme = f"Title: {self.title}\nAuthor: {self.poc}\nAbstract: {self.abstract}\n"
+        readme = f"Title: {self.title}\nAuthor: {self.poc_csv()}\nAbstract: {self.abstract}\n"
         if self.license:
             readme += f"License: {self.license}"
             if self.license.url:
diff --git a/geonode/maps/templates/layouts/map_panels.html b/geonode/maps/templates/layouts/map_panels.html
index eb163abdf2d..b6cbea5ceec 100644
--- a/geonode/maps/templates/layouts/map_panels.html
+++ b/geonode/maps/templates/layouts/map_panels.html
@@ -1,6 +1,7 @@
 {% load i18n %}
 {% load static %}
 {% load floppyforms %}
+{% load contact_roles %}
 <script type="text/javascript">
     // this is used by thumbnail.js to POST to the thumbnail update view
     window.thumbnailUpdateUrl = '{% url 'base-resources-set-thumb-from-bbox' resource.id %}';
@@ -461,13 +462,11 @@
                                         <span><label for="{{ map_form.constraints_other|id }}">{{ map_form.constraints_other.label }}</label></span>
                                         <!--<p class="xxs-font-size">(Other restrictions and legal prerequisites for accessing or use data and metadata)</p>-->
                                         {{ map_form.constraints_other }}
-                                    </div> 
+                                    </div>
                                     {% endblock map_constraints_other %}
                                 </div>
                             </div>
-                            <div class="row">
-
-                            </div>
+                            <div class="row"></div>
                         </div>
                     </div>
                 </div>
@@ -554,34 +553,49 @@
                 </div>
                 {% endblock maintenance_block %}
             </div>
-            <div class="col-xs-12 col-lg-3">
-              {% block map_poc %}
-              <div class="panel panel-default" style="margin-top: 5px">
-                  <div class="panel-heading">{% trans "Responsible Parties" %}</div>
-                  <div class="panel-body">
+            <!-- Contact Roles -->
+            <div class="col-xs-12 col-lg-3" >
+              <div class="panel panel-default" class="collapse" style="margin-top: 5px">
+                <div class="panel-heading">{% trans "Responsible Parties" %}</div>
+                  {% block map_poc %}
+                  <div class="panel-body check-select">
                       <span><label for="{{ map_form.poc|id }}">{{ map_form.poc.label }}</label></span>
                       {{ map_form.poc }}
                   </div>
-              </div>
-              {% endblock %}
+                  {% endblock map_poc %}
+            </div>
               <div class="panel panel-default">
                   <div class="panel-heading">{% trans "Responsible and Permissions" %}</div>
                   <div class="panel-body">
+                    {% block map_owner %}
                       <div>
-                        <span><label for="{{ map_form.owner|id }}">{{ map_form.owner.label }}</label></span>
-                        <!--<p class="xxs-font-size">(Responsible of the cited resource)</p>-->
-                        {{ map_form.owner }}
+                          <span><label for="{{ map_form.owner|id }}">{{ map_form.owner.label }}</label></span>
+                          {{ map_form.owner }}
                       </div>
+                    {% endblock map_owner %}
+                  </div>
+                </div>
+              <a href="#id-more-metadata-panel" data-toggle="collapse">{% trans "toggle more Contact Roles" %}</a>
+              {% block map_more_contact_roles %}
+              <div class="panel panel-default panel-collapse collapse" collapsed id='id-more-metadata-panel'>
+                <div class="panel-heading">{% trans "more metadata contact roles" %}</div>
+                  {% for contact_role in UI_ROLES_IN_TOGGLE_VIEW %}
+                    {% getattribute map_form contact_role as cr %}
+                    <div class="panel-body">
                       <div>
-                          <span><label for="{{ map_form.metadata_author|id }}">{{ map_form.metadata_author.label }}</label></span>
-                          <!--<p class="xxs-font-size">(Author of the metadata)</p>-->
-                          {{ map_form.metadata_author }}
+                        <span><label for="{{cr|id}}">{{cr.label}}</label></span>
+                        {{ cr}}
                       </div>
-                  </div>
+                    </div>
+                  {% endfor %}
+                </div>
               </div>
+              {% endblock map_more_contact_roles %}
             </div>
+            <!--End Contact Roles -->
+          </div>
         </div>
-      </div></div></div>
+      </div>
     </div>
     {% block extra_metadata_content %}
     {% endblock %}
diff --git a/geonode/maps/templates/maps/map_metadata.html b/geonode/maps/templates/maps/map_metadata.html
index dcc99f734e7..61214afb5e6 100644
--- a/geonode/maps/templates/maps/map_metadata.html
+++ b/geonode/maps/templates/maps/map_metadata.html
@@ -70,7 +70,7 @@ <h2>{% trans "Point of Contact" %}</h2>
               </fieldset>
               <fieldset class="form-controls modal-forms modal hide fade" id="metadata_form">
                 <h2>{% trans "Metadata Provider" %}</h2>
-                {{ author_form|as_bootstrap }}
+                {{ metadata_author_form|as_bootstrap }}
                 <button type='button' class="modal-cloose-btn btn btn-primary">{% trans "Done" %}</button>
               </fieldset>
 
diff --git a/geonode/maps/templates/maps/map_metadata_advanced.html b/geonode/maps/templates/maps/map_metadata_advanced.html
index 6b3bbc1d8dd..81d0a4b59c3 100644
--- a/geonode/maps/templates/maps/map_metadata_advanced.html
+++ b/geonode/maps/templates/maps/map_metadata_advanced.html
@@ -132,7 +132,7 @@ <h2>{% trans "Point of Contact" %}</h2>
               </fieldset>
               <fieldset class="form-controls modal-forms modal hide fade" id="metadata_form">
                 <h2>{% trans "Metadata Provider" %}</h2>
-                {{ author_form|as_bootstrap }}
+                {{ metadata_author_form|as_bootstrap }}
                 <button type='button' class="modal-cloose-btn btn btn-primary">{% trans "Done" %}</button>
               </fieldset>
 
diff --git a/geonode/maps/views.py b/geonode/maps/views.py
index c79c1986f40..bc4271b8799 100644
--- a/geonode/maps/views.py
+++ b/geonode/maps/views.py
@@ -96,10 +96,9 @@ def map_metadata(
 
     # Add metadata_author or poc if missing
     map_obj.add_missing_metadata_author_or_poc()
+
     current_keywords = [keyword.name for keyword in map_obj.keywords.all()]
-    poc = map_obj.poc
     topic_thesaurus = map_obj.tkeywords.all()
-    metadata_author = map_obj.metadata_author
 
     topic_category = map_obj.category
 
@@ -162,8 +161,6 @@ def map_metadata(
                 tkeywords_form.fields[tid].initial = values
 
     if request.method == "POST" and map_form.is_valid() and category_form.is_valid() and tkeywords_form.is_valid():
-        new_poc = map_form.cleaned_data["poc"]
-        new_author = map_form.cleaned_data["metadata_author"]
         new_keywords = current_keywords if request.keyword_readonly else map_form.cleaned_data["keywords"]
         new_regions = map_form.cleaned_data["regions"]
         new_title = map_form.cleaned_data["title"]
@@ -177,25 +174,10 @@ def map_metadata(
         ):
             new_category = TopicCategory.objects.get(id=int(category_form.cleaned_data["category_choice_field"]))
 
-        if new_poc is None:
-            if poc is None:
-                poc_form = ProfileForm(request.POST, prefix="poc", instance=poc)
-            else:
-                poc_form = ProfileForm(request.POST, prefix="poc")
-            if poc_form.has_changed and poc_form.is_valid():
-                new_poc = poc_form.save()
-
-        if new_author is None:
-            if metadata_author is None:
-                author_form = ProfileForm(request.POST, prefix="author", instance=metadata_author)
-            else:
-                author_form = ProfileForm(request.POST, prefix="author")
-            if author_form.has_changed and author_form.is_valid():
-                new_author = author_form.save()
+        # update contact roles
+        map_obj.set_contact_roles_from_metadata_edit(map_form)
+        map_obj.save()
 
-        if new_poc is not None and new_author is not None:
-            map_obj.poc = new_poc
-            map_obj.metadata_author = new_author
         map_obj.title = new_title
         map_obj.abstract = new_abstract
         map_obj.keywords.clear()
@@ -262,22 +244,15 @@ def map_metadata(
     # - POST Request Ends here -
 
     # Request.GET
-    if poc is None:
-        poc_form = ProfileForm(request.POST, prefix="poc")
-    else:
-        map_form.fields["poc"].initial = poc.id
-        poc_form = ProfileForm(prefix="poc")
-        poc_form.hidden = True
-
-    if metadata_author is None:
-        author_form = ProfileForm(request.POST, prefix="author")
-    else:
-        map_form.fields["metadata_author"].initial = metadata_author.id
-        author_form = ProfileForm(prefix="author")
-        author_form.hidden = True
+    # define contact role forms
+    contact_role_forms_context = {}
+    for role in map_obj.get_multivalue_role_property_names():
+        map_form.fields[role].initial = [p.username for p in map_obj.__getattribute__(role)]
+        role_form = ProfileForm(prefix=role)
+        role_form.hidden = True
+        contact_role_forms_context[f"{role}_form"] = role_form
 
     layers = MapLayer.objects.filter(map=map_obj.id)
-
     metadata_author_groups = get_user_visible_groups(request.user)
 
     if not AdvancedSecurityWorkflowManager.is_allowed_to_publish(request.user, map_obj):
@@ -296,8 +271,6 @@ def map_metadata(
             "panel_template": panel_template,
             "custom_metadata": custom_metadata,
             "map_form": map_form,
-            "poc_form": poc_form,
-            "author_form": author_form,
             "category_form": category_form,
             "tkeywords_form": tkeywords_form,
             "layers": layers,
@@ -310,6 +283,8 @@ def map_metadata(
                 set(getattr(settings, "UI_DEFAULT_MANDATORY_FIELDS", []))
                 | set(getattr(settings, "UI_REQUIRED_FIELDS", []))
             ),
+            **contact_role_forms_context,
+            "UI_ROLES_IN_TOGGLE_VIEW": map_obj.get_ui_toggled_role_property_names(),
         },
     )
 
diff --git a/geonode/people/__init__.py b/geonode/people/__init__.py
index a6661efcc66..da3265a4740 100644
--- a/geonode/people/__init__.py
+++ b/geonode/people/__init__.py
@@ -18,6 +18,7 @@
 #########################################################################
 from django.utils.translation import ugettext_noop as _
 from geonode.notifications_helper import NotificationsAppConfigBase
+import enum
 
 
 class PeopleAppConfig(NotificationsAppConfigBase):
@@ -45,3 +46,65 @@ def ready(self):
 
 
 default_app_config = "geonode.people.PeopleAppConfig"
+
+
+class Role:
+    def __init__(self, label, is_required, is_multivalue, is_toggled_in_metadata_editor):
+        self.label = label
+        self.is_required = is_required
+        self.is_multivalue = is_multivalue
+        self.is_toggled_in_metadata_editor = is_toggled_in_metadata_editor
+
+    def __repr__(self):
+        return self.label
+
+
+class Roles(enum.Enum):
+    """Roles with their `label`, `is_required`, `is_multivalue`, `is_toggled_in_metadata_editor"""
+
+    OWNER = Role("Owner", True, False, False)
+    METADATA_AUTHOR = Role("Metadata Author", True, True, True)
+    PROCESSOR = Role("Processor", False, True, True)
+    PUBLISHER = Role("Publisher", False, True, True)
+    CUSTODIAN = Role("Custodian", False, True, True)
+    POC = Role("Point of Contact", True, True, False)
+    DISTRIBUTOR = Role("Distributor", False, True, True)
+    RESOURCE_USER = Role("Resource User", False, True, True)
+    RESOURCE_PROVIDER = Role("Resource Provider", False, True, True)
+    ORIGINATOR = Role("Originator", False, True, True)
+    PRINCIPAL_INVESTIGATOR = Role("Principal Investigator", False, True, True)
+
+    @property
+    def name(self):
+        return super().name.lower()
+
+    @property
+    def label(self):
+        return self.value.label
+
+    @property
+    def is_required(self):
+        return self.value.is_required
+
+    @property
+    def is_multivalue(self):
+        return self.value.is_multivalue
+
+    @property
+    def is_toggled_in_metadata_editor(self):
+        return self.value.is_toggled_in_metadata_editor
+
+    def __repr__(self):
+        return self.name
+
+    @classmethod
+    def get_required_ones(cls):
+        return [role for role in cls if role.is_required]
+
+    @classmethod
+    def get_multivalue_ones(cls):
+        return [role for role in cls if role.is_multivalue]
+
+    @classmethod
+    def get_toggled_ones(cls):
+        return [role for role in cls if role.is_toggled_in_metadata_editor]
diff --git a/geonode/people/forms.py b/geonode/people/forms.py
index abebe9c41a7..07c851b85d1 100644
--- a/geonode/people/forms.py
+++ b/geonode/people/forms.py
@@ -72,4 +72,5 @@ class Meta:
             "is_superuser",
             "is_active",
             "date_joined",
+            "language",
         )
diff --git a/geonode/resource/utils.py b/geonode/resource/utils.py
index aa0b7f36f3c..2b647e66e15 100644
--- a/geonode/resource/utils.py
+++ b/geonode/resource/utils.py
@@ -48,6 +48,7 @@
 from ..documents.models import Document
 from ..documents.enumerations import DOCUMENT_TYPE_MAP, DOCUMENT_MIMETYPE_MAP
 from ..people.utils import get_valid_user
+from geonode.people import Roles
 from ..layers.utils import resolve_regions
 from ..layers.metadata import convert_keyword
 
@@ -174,8 +175,10 @@ def update_resource(
             else:
                 defaults[key] = value
 
-    poc = defaults.pop("poc", None)
-    metadata_author = defaults.pop("metadata_author", None)
+    contact_roles = {
+        contact_role.name: defaults.pop(contact_role.name, getattr(instance, contact_role.name))
+        for contact_role in Roles.get_multivalue_ones()
+    }
 
     to_update = {}
     for _key in ("name",):
@@ -231,6 +234,12 @@ def update_resource(
         _default_ows_url = urljoin(ogc_settings.PUBLIC_LOCATION, "ows")
         to_update["ows_url"] = defaults.pop("ows_url", getattr(instance, "ows_url", None)) or _default_ows_url
 
+    # update contact roles in instance
+    [
+        instance.__setattr__(contact_role_name, contact_role_value)
+        for contact_role_name, contact_role_value in contact_roles.items()
+    ]
+
     to_update.update(defaults)
     try:
         instance.get_real_concrete_instance_class().objects.filter(id=instance.id).update(**to_update)
@@ -255,10 +264,6 @@ def update_resource(
 
     # Refresh from DB
     instance.refresh_from_db()
-    if poc:
-        instance.poc = poc
-    if metadata_author:
-        instance.metadata_author = metadata_author
 
     if extra_metadata:
         instance.metadata.all().delete()
diff --git a/geonode/settings.py b/geonode/settings.py
index eae71d843fa..db383d7e8b4 100644
--- a/geonode/settings.py
+++ b/geonode/settings.py
@@ -795,6 +795,13 @@
     },
 ]
 
+OPTIONS = {
+    "libraries": {
+        "contact_roles": "geonode.layers.templatetags.contact_roles",
+    },
+}
+
+
 MIDDLEWARE = (
     "corsheaders.middleware.CorsMiddleware",
     "django.middleware.common.CommonMiddleware",
diff --git a/geonode/templates/metadata_detail.html b/geonode/templates/metadata_detail.html
index c04a19e39db..ff852b321e9 100644
--- a/geonode/templates/metadata_detail.html
+++ b/geonode/templates/metadata_detail.html
@@ -363,58 +363,54 @@ <h2 class="page-title">{% trans "Metadata" %} : {{ resource.title }}</h2>
     {% if resource.poc %}
     <span class="subtitle">{% trans "Contact Points" %}</span>
     <div class="sep_title"><hr></div>
-
+    {% for poc in resource.poc%}
     <dl class="dl-horizontal">
-
         {% block poc_name_long %}
         <dt>{% trans "Name" %}</dt>
-        <dd>{{ resource.poc.name_long }}</dd>
+        <dd>{{ poc.name_long }}</dd>
         {% endblock poc_name_long %}
 
         {% block poc_email %}
         <dt>{% trans "email" %}</dt>
-        <dd>{{ resource.poc.email }}</dd>
+        <dd>{{ poc.email }}</dd>
         {% endblock poc_email %}
 
         {% block poc_position %}
         <dt>{% trans "Position" %}</dt>
-        <dd>{{ resource.poc.position }}</dd>
+        <dd>{{ poc.position }}</dd>
         {% endblock poc_position %}
 
         {% block poc_organization %}
         <dt>{% trans "Organization" %}</dt>
-        <dd>{{ resource.poc.organization }}</dd>
+        <dd>{{ poc.organization }}</dd>
         {% endblock poc_organization %}
 
         {% block poc_location %}
         <dt>{% trans "Location" %}</dt>
-        <dd>{{ resource.poc.location }}</dd>
+        <dd>{{ poc.location }}</dd>
         {% endblock poc_location %}
 
         {% block poc_voice %}
         <dt>{% trans "Voice" %}</dt>
-        <dd>{{ resource.poc.voice }}</dd>
+        <dd>{{ poc.voice }}</dd>
         {% endblock poc_voice %}
 
         {% block poc_fax %}
         <dt>{% trans "Fax" %}</dt>
-        <dd>{{ resource.poc.fax }}</dd>
+        <dd>{{ poc.fax }}</dd>
         {% endblock poc_fax %}
 
         {% block poc_keyword %}
         {% if poc.keyword_list %}
         <dt>{% trans "Keywords" %}</dt>
-        <dd>{% for keyword in resource.poc.keyword_list %}
+        <dd>{% for keyword in poc.keyword_list %}
             {{ keyword }}
             {% endfor %}</dd>
         {% endif %}
         {% endblock poc_keyword %}
         <hr>
-
     </dl>
-
-
-
+    {% endfor %}
     {% endif %}
 
     <span class="subtitle">{% trans "References" %}</span>
@@ -438,19 +434,14 @@ <h2 class="page-title">{% trans "Metadata" %} : {{ resource.title }}</h2>
         <dd><a href="{{ resource.get_absolute_url }}/download">{{ resource.get_absolute_url }}/download</a></dd>
         {% endif %}
         {% endblock doc_file %}
-
         <hr>
 
         {% if "download_resourcebase" in perms_list %}
-
-
             {% for link in resource.link_set.download %}
             <dt>{{link.name}}</dt>
             <dd><a href="{{link.url}}">{{resource.title}}.{{link.extension}}</a></dd>
             {% endfor %}
-
             <hr>
-
         {% endif %}
 
         {% for link in resource.link_set.ows %}
@@ -460,64 +451,504 @@ <h2 class="page-title">{% trans "Metadata" %} : {{ resource.title }}</h2>
 
     </dl>
 
+    {% comment %} Contact Role: Metadata Author {% endcomment %}
     {% if resource.metadata_author %}
+
     <span class="subtitle">{% trans "Metadata Author" %}</span>
     <div class="sep_title"><hr></div>
 
+    {% for metadata_author in resource.metadata_author %}
     <dl class="dl-horizontal">
+          {% block metadata_author_doc_file %}
+          <dt>{% trans "Name" %}</dt>
+          <dd>{{ metadata_author.name_long }}</dd>
+          {% endblock metadata_author_doc_file %}
+
+          {% block metadata_author_email %}
+          <dt>{% trans "email" %}</dt>
+          <dd>{{ metadata_author.email }}</dd>
+          {% endblock metadata_author_email %}
+
+          {% block metadata_author_position %}
+          <dt>{% trans "Position" %}</dt>
+          <dd>{{ metadata_author.position }}</dd>
+          {% endblock metadata_author_position %}
+
+          {% block metadata_author_organization %}
+          <dt>{% trans "Organization" %}</dt>
+          <dd>{{ metadata_author.organization }}</dd>
+          {% endblock metadata_author_organization %}
+
+          {% block metadata_author_location %}
+          <dt>{% trans "Location" %}</dt>
+          <dd>{{ metadata_author.location }}</dd>
+          {% endblock metadata_author_location %}
+
+          {% block metadata_author_voice %}
+          <dt>{% trans "Voice" %}</dt>
+          <dd>{{ metadata_author.voice }}</dd>
+          {% endblock metadata_author_voice %}
+
+          {% block metadata_author_fax %}
+          <dt>{% trans "Fax" %}</dt>
+          <dd>{{ metadata_author.fax }}</dd>
+          {% endblock metadata_author_fax %}
+
+          {% block metadata_author_keyword_list %}
+          {% if metadata_author.keyword_list %}
+          <dt>{% trans "Keywords" %}</dt>
+          <dd>{% for keyword in metadata_author.keyword_list %}
+              {{ keyword }}
+              {% endfor %}</dd>
+          {% endif %}
+          {% endblock metadata_author_keyword_list %}
+    </dl>
+    {% endfor%}
+    {% endif %}
 
-        {% with resource.metadata_author as poc %}
-
-        {% block metadata_author_doc_file %}
-        <dt>{% trans "Name" %}</dt>
-        <dd>{{ poc.name_long }}</dd>
-        {% endblock metadata_author_doc_file %}
-
-        {% block metadata_author_email %}
-        <dt>{% trans "email" %}</dt>
-        <dd>{{ poc.email }}</dd>
-        {% endblock metadata_author_email %}
-
-        {% block metadata_author_position %}
-        <dt>{% trans "Position" %}</dt>
-        <dd>{{ poc.position }}</dd>
-        {% endblock metadata_author_position %}
 
-        {% block metadata_author_organization %}
-        <dt>{% trans "Organization" %}</dt>
-        <dd>{{ poc.organization }}</dd>
-        {% endblock metadata_author_organization %}
+    {% comment %} Contact Role: Processor {% endcomment %}
+    {% if resource.processor %}
 
-        {% block metadata_author_location %}
-        <dt>{% trans "Location" %}</dt>
-        <dd>{{ poc.location }}</dd>
-        {% endblock metadata_author_location %}
+    <span class="subtitle">{% trans "Processor" %}</span>
+    <div class="sep_title"><hr></div>
 
-        {% block metadata_author_voice %}
-        <dt>{% trans "Voice" %}</dt>
-        <dd>{{ poc.voice }}</dd>
-        {% endblock metadata_author_voice %}
+    {% for processor in resource.processor %}
+    <dl class="dl-horizontal">
+          {% block processor_doc_file %}
+          <dt>{% trans "Name" %}</dt>
+          <dd>{{ processor.name_long }}</dd>
+          {% endblock processor_doc_file %}
+
+          {% block processor_email %}
+          <dt>{% trans "email" %}</dt>
+          <dd>{{ processor.email }}</dd>
+          {% endblock processor_email %}
+
+          {% block processor_position %}
+          <dt>{% trans "Position" %}</dt>
+          <dd>{{ processor.position }}</dd>
+          {% endblock processor_position %}
+
+          {% block processor_organization %}
+          <dt>{% trans "Organization" %}</dt>
+          <dd>{{ processor.organization }}</dd>
+          {% endblock processor_organization %}
+
+          {% block processor_location %}
+          <dt>{% trans "Location" %}</dt>
+          <dd>{{ processor.location }}</dd>
+          {% endblock processor_location %}
+
+          {% block processor_voice %}
+          <dt>{% trans "Voice" %}</dt>
+          <dd>{{ processor.voice }}</dd>
+          {% endblock processor_voice %}
+
+          {% block processor_fax %}
+          <dt>{% trans "Fax" %}</dt>
+          <dd>{{ processor.fax }}</dd>
+          {% endblock processor_fax %}
+
+          {% block processor_keyword_list %}
+          {% if processor.keyword_list %}
+          <dt>{% trans "Keywords" %}</dt>
+          <dd>{% for keyword in processor.keyword_list %}
+              {{ keyword }}
+              {% endfor %}</dd>
+          {% endif %}
+          {% endblock processor_keyword_list %}
+    </dl>
+    {% endfor%}
+    {% endif %}
 
-        {% block metadata_author_fax %}
-        <dt>{% trans "Fax" %}</dt>
-        <dd>{{ poc.fax }}</dd>
-        {% endblock metadata_author_fax %}
+    {% comment %} Contact Role: Publisher {% endcomment %}
+    {% if resource.publisher %}
 
-        {% block metadata_author_keyword_list %}
-        {% if poc.keyword_list %}
-        <dt>{% trans "Keywords" %}</dt>
-        <dd>{% for keyword in poc.keyword_list %}
-            {{ keyword }}
-            {% endfor %}</dd>
-        {% endif %}
-        {% endblock metadata_author_keyword_list %}
-        {% endwith %}
+    <span class="subtitle">{% trans "Publisher" %}</span>
+    <div class="sep_title"><hr></div>
 
+    {% for publisher in resource.publisher %}
+    <dl class="dl-horizontal">
+          {% block publisher_doc_file %}
+          <dt>{% trans "Name" %}</dt>
+          <dd>{{ publisher.name_long }}</dd>
+          {% endblock publisher_doc_file %}
+
+          {% block publisher_email %}
+          <dt>{% trans "email" %}</dt>
+          <dd>{{ publisher.email }}</dd>
+          {% endblock publisher_email %}
+
+          {% block publisher_position %}
+          <dt>{% trans "Position" %}</dt>
+          <dd>{{ publisher.position }}</dd>
+          {% endblock publisher_position %}
+
+          {% block publisher_organization %}
+          <dt>{% trans "Organization" %}</dt>
+          <dd>{{ publisher.organization }}</dd>
+          {% endblock publisher_organization %}
+
+          {% block publisher_location %}
+          <dt>{% trans "Location" %}</dt>
+          <dd>{{ publisher.location }}</dd>
+          {% endblock publisher_location %}
+
+          {% block publisher_voice %}
+          <dt>{% trans "Voice" %}</dt>
+          <dd>{{ publisher.voice }}</dd>
+          {% endblock publisher_voice %}
+
+          {% block publisher_fax %}
+          <dt>{% trans "Fax" %}</dt>
+          <dd>{{ publisher.fax }}</dd>
+          {% endblock publisher_fax %}
+
+          {% block publisher_keyword_list %}
+          {% if publisher.keyword_list %}
+          <dt>{% trans "Keywords" %}</dt>
+          <dd>{% for keyword in publisher.keyword_list %}
+              {{ keyword }}
+              {% endfor %}</dd>
+          {% endif %}
+          {% endblock publisher_keyword_list %}
     </dl>
+    {% endfor%}
     {% endif %}
 
+   {% comment %} Contact Role: Custodian {% endcomment %}
+   {% if resource.custodian %}
+
+   <span class="subtitle">{% trans "Custodian" %}</span>
+   <div class="sep_title"><hr></div>
+
+   {% for custodian in resource.custodian %}
+   <dl class="dl-horizontal">
+         {% block custodian_doc_file %}
+         <dt>{% trans "Name" %}</dt>
+         <dd>{{ custodian.name_long }}</dd>
+         {% endblock custodian_doc_file %}
+
+         {% block custodian_email %}
+         <dt>{% trans "email" %}</dt>
+         <dd>{{ custodian.email }}</dd>
+         {% endblock custodian_email %}
+
+         {% block custodian_position %}
+         <dt>{% trans "Position" %}</dt>
+         <dd>{{ custodian.position }}</dd>
+         {% endblock custodian_position %}
+
+         {% block custodian_organization %}
+         <dt>{% trans "Organization" %}</dt>
+         <dd>{{ custodian.organization }}</dd>
+         {% endblock custodian_organization %}
+
+         {% block custodian_location %}
+         <dt>{% trans "Location" %}</dt>
+         <dd>{{ custodian.location }}</dd>
+         {% endblock custodian_location %}
+
+         {% block custodian_voice %}
+         <dt>{% trans "Voice" %}</dt>
+         <dd>{{ custodian.voice }}</dd>
+         {% endblock custodian_voice %}
+
+         {% block custodian_fax %}
+         <dt>{% trans "Fax" %}</dt>
+         <dd>{{ custodian.fax }}</dd>
+         {% endblock custodian_fax %}
+
+         {% block custodian_keyword_list %}
+         {% if custodian.keyword_list %}
+         <dt>{% trans "Keywords" %}</dt>
+         <dd>{% for keyword in custodian.keyword_list %}
+             {{ keyword }}
+             {% endfor %}</dd>
+         {% endif %}
+         {% endblock custodian_keyword_list %}
+   </dl>
+   {% endfor%}
+   {% endif %}
+
+   {% comment %} Contact Role: Distributor {% endcomment %}
+   {% if resource.distributor %}
+
+   <span class="subtitle">{% trans "Distributor" %}</span>
+   <div class="sep_title"><hr></div>
+
+   {% for distributor in resource.distributor %}
+   <dl class="dl-horizontal">
+         {% block distributor_doc_file %}
+         <dt>{% trans "Name" %}</dt>
+         <dd>{{ distributor.name_long }}</dd>
+         {% endblock distributor_doc_file %}
+
+         {% block distributor_email %}
+         <dt>{% trans "email" %}</dt>
+         <dd>{{ distributor.email }}</dd>
+         {% endblock distributor_email %}
+
+         {% block distributor_position %}
+         <dt>{% trans "Position" %}</dt>
+         <dd>{{ distributor.position }}</dd>
+         {% endblock distributor_position %}
+
+         {% block distributor_organization %}
+         <dt>{% trans "Organization" %}</dt>
+         <dd>{{ distributor.organization }}</dd>
+         {% endblock distributor_organization %}
+
+         {% block distributor_location %}
+         <dt>{% trans "Location" %}</dt>
+         <dd>{{ distributor.location }}</dd>
+         {% endblock distributor_location %}
+
+         {% block distributor_voice %}
+         <dt>{% trans "Voice" %}</dt>
+         <dd>{{ distributor.voice }}</dd>
+         {% endblock distributor_voice %}
+
+         {% block distributor_fax %}
+         <dt>{% trans "Fax" %}</dt>
+         <dd>{{ distributor.fax }}</dd>
+         {% endblock distributor_fax %}
+
+         {% block distributor_keyword_list %}
+         {% if distributor.keyword_list %}
+         <dt>{% trans "Keywords" %}</dt>
+         <dd>{% for keyword in distributor.keyword_list %}
+             {{ keyword }}
+             {% endfor %}</dd>
+         {% endif %}
+         {% endblock distributor_keyword_list %}
+   </dl>
+   {% endfor%}
+   {% endif %}
+
+
+   {% comment %} Contact Role: User {% endcomment %}
+   {% if resource.resource_user %}
+
+   <span class="subtitle">{% trans "User" %}</span>
+   <div class="sep_title"><hr></div>
+
+   {% for resource_user in resource.resource_user %}
+   <dl class="dl-horizontal">
+         {% block resource_user_doc_file %}
+         <dt>{% trans "Name" %}</dt>
+         <dd>{{ resource_user.name_long }}</dd>
+         {% endblock resource_user_doc_file %}
+
+         {% block resource_user_email %}
+         <dt>{% trans "email" %}</dt>
+         <dd>{{ resource_user.email }}</dd>
+         {% endblock resource_user_email %}
+
+         {% block resource_user_position %}
+         <dt>{% trans "Position" %}</dt>
+         <dd>{{ resource_user.position }}</dd>
+         {% endblock resource_user_position %}
+
+         {% block resource_user_organization %}
+         <dt>{% trans "Organization" %}</dt>
+         <dd>{{ resource_user.organization }}</dd>
+         {% endblock resource_user_organization %}
+
+         {% block resource_user_location %}
+         <dt>{% trans "Location" %}</dt>
+         <dd>{{ resource_user.location }}</dd>
+         {% endblock resource_user_location %}
+
+         {% block resource_user_voice %}
+         <dt>{% trans "Voice" %}</dt>
+         <dd>{{ resource_user.voice }}</dd>
+         {% endblock resource_user_voice %}
+
+         {% block resource_user_fax %}
+         <dt>{% trans "Fax" %}</dt>
+         <dd>{{ resource_user.fax }}</dd>
+         {% endblock resource_user_fax %}
+
+         {% block resource_user_keyword_list %}
+         {% if resource_user.keyword_list %}
+         <dt>{% trans "Keywords" %}</dt>
+         <dd>{% for keyword in resource_user.keyword_list %}
+             {{ keyword }}
+             {% endfor %}</dd>
+         {% endif %}
+         {% endblock resource_user_keyword_list %}
+   </dl>
+   {% endfor%}
+   {% endif %}
+
+   {% comment %} Contact Role: Resource Provider {% endcomment %}
+   {% if resource.resource_provider %}
+
+   <span class="subtitle">{% trans "Resource Provider" %}</span>
+   <div class="sep_title"><hr></div>
+
+   {% for resource_provider in resource.resource_provider %}
+   <dl class="dl-horizontal">
+         {% block resource_provider_doc_file %}
+         <dt>{% trans "Name" %}</dt>
+         <dd>{{ resource_provider.name_long }}</dd>
+         {% endblock resource_provider_doc_file %}
+
+         {% block resource_provider_email %}
+         <dt>{% trans "email" %}</dt>
+         <dd>{{ resource_provider.email }}</dd>
+         {% endblock resource_provider_email %}
+
+         {% block resource_provider_position %}
+         <dt>{% trans "Position" %}</dt>
+         <dd>{{ resource_provider.position }}</dd>
+         {% endblock resource_provider_position %}
+
+         {% block resource_provider_organization %}
+         <dt>{% trans "Organization" %}</dt>
+         <dd>{{ resource_provider.organization }}</dd>
+         {% endblock resource_provider_organization %}
+
+         {% block resource_provider_location %}
+         <dt>{% trans "Location" %}</dt>
+         <dd>{{ resource_provider.location }}</dd>
+         {% endblock resource_provider_location %}
+
+         {% block resource_provider_voice %}
+         <dt>{% trans "Voice" %}</dt>
+         <dd>{{ resource_provider.voice }}</dd>
+         {% endblock resource_provider_voice %}
+
+         {% block resource_provider_fax %}
+         <dt>{% trans "Fax" %}</dt>
+         <dd>{{ resource_provider.fax }}</dd>
+         {% endblock resource_provider_fax %}
+
+         {% block resource_provider_keyword_list %}
+         {% if resource_provider.keyword_list %}
+         <dt>{% trans "Keywords" %}</dt>
+         <dd>{% for keyword in resource_provider.keyword_list %}
+             {{ keyword }}
+             {% endfor %}</dd>
+         {% endif %}
+         {% endblock resource_provider_keyword_list %}
+   </dl>
+   {% endfor%}
+   {% endif %}
+
+
+   {% comment %} Contact Role: Originator {% endcomment %}
+   {% if resource.originator %}
+
+   <span class="subtitle">{% trans "Resource Provider" %}</span>
+   <div class="sep_title"><hr></div>
+
+   {% for originator in resource.originator %}
+   <dl class="dl-horizontal">
+         {% block originator_doc_file %}
+         <dt>{% trans "Name" %}</dt>
+         <dd>{{ originator.name_long }}</dd>
+         {% endblock originator_doc_file %}
+
+         {% block originator_email %}
+         <dt>{% trans "email" %}</dt>
+         <dd>{{ originator.email }}</dd>
+         {% endblock originator_email %}
+
+         {% block originator_position %}
+         <dt>{% trans "Position" %}</dt>
+         <dd>{{ originator.position }}</dd>
+         {% endblock originator_position %}
+
+         {% block originator_organization %}
+         <dt>{% trans "Organization" %}</dt>
+         <dd>{{ originator.organization }}</dd>
+         {% endblock originator_organization %}
+
+         {% block originator_location %}
+         <dt>{% trans "Location" %}</dt>
+         <dd>{{ originator.location }}</dd>
+         {% endblock originator_location %}
+
+         {% block originator_voice %}
+         <dt>{% trans "Voice" %}</dt>
+         <dd>{{ originator.voice }}</dd>
+         {% endblock originator_voice %}
+
+         {% block originator_fax %}
+         <dt>{% trans "Fax" %}</dt>
+         <dd>{{ originator.fax }}</dd>
+         {% endblock originator_fax %}
+
+         {% block originator_keyword_list %}
+         {% if originator.keyword_list %}
+         <dt>{% trans "Keywords" %}</dt>
+         <dd>{% for keyword in originator.keyword_list %}
+             {{ keyword }}
+             {% endfor %}</dd>
+         {% endif %}
+         {% endblock originator_keyword_list %}
+   </dl>
+   {% endfor%}
+   {% endif %}
+
+
+   {% comment %} Contact Role: Resource Provider {% endcomment %}
+   {% if resource.principal_investigator %}
+
+   <span class="subtitle">{% trans "Principal Investigator" %}</span>
+   <div class="sep_title"><hr></div>
+
+   {% for principal_investigator in resource.principal_investigator %}
+   <dl class="dl-horizontal">
+         {% block principal_investigator_doc_file %}
+         <dt>{% trans "Name" %}</dt>
+         <dd>{{ principal_investigator.name_long }}</dd>
+         {% endblock principal_investigator_doc_file %}
+
+         {% block principal_investigator_email %}
+         <dt>{% trans "email" %}</dt>
+         <dd>{{ principal_investigator.email }}</dd>
+         {% endblock principal_investigator_email %}
+
+         {% block principal_investigator_position %}
+         <dt>{% trans "Position" %}</dt>
+         <dd>{{ principal_investigator.position }}</dd>
+         {% endblock principal_investigator_position %}
+
+         {% block principal_investigator_organization %}
+         <dt>{% trans "Organization" %}</dt>
+         <dd>{{ principal_investigator.organization }}</dd>
+         {% endblock principal_investigator_organization %}
+
+         {% block principal_investigator_location %}
+         <dt>{% trans "Location" %}</dt>
+         <dd>{{ principal_investigator.location }}</dd>
+         {% endblock principal_investigator_location %}
+
+         {% block principal_investigator_voice %}
+         <dt>{% trans "Voice" %}</dt>
+         <dd>{{ principal_investigator.voice }}</dd>
+         {% endblock principal_investigator_voice %}
+
+         {% block principal_investigator_fax %}
+         <dt>{% trans "Fax" %}</dt>
+         <dd>{{ principal_investigator.fax }}</dd>
+         {% endblock principal_investigator_fax %}
+
+         {% block principal_investigator_keyword_list %}
+         {% if principal_investigator.keyword_list %}
+         <dt>{% trans "Keywords" %}</dt>
+         <dd>{% for keyword in principal_investigator.keyword_list %}
+             {{ keyword }}
+             {% endfor %}</dd>
+         {% endif %}
+         {% endblock principal_investigator_keyword_list %}
+   </dl>
+   {% endfor%}
+   {% endif %}
 
 </article>
-
-
 {% endblock %}

From 75d8fda8f9f9555d2a9a77026f1977189111e05a Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Wed, 25 Oct 2023 10:55:07 +0200
Subject: [PATCH 285/330] Fixes #11578: align geoapp metadata update to other
 resources (#11624)

* Fixes #11578: align geoapp metadata update to other resources

* Fixes #11578: align geoapp metadata update to other resources

* Fixes #11578: align geoapp metadata update to other resources

* Fixes #11578: fix broken tests

* fix black format
---
 geonode/geoapps/views.py | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/geonode/geoapps/views.py b/geonode/geoapps/views.py
index 6a2dd3b3344..f83457ae67e 100644
--- a/geonode/geoapps/views.py
+++ b/geonode/geoapps/views.py
@@ -280,11 +280,11 @@ def geoapp_metadata(
             new_category = TopicCategory.objects.get(id=int(category_form.cleaned_data["category_choice_field"]))
         geoapp_form.cleaned_data.pop("ptype")
 
+        geoapp_obj = geoapp_form.instance
         # update contact roles
         geoapp_obj.set_contact_roles_from_metadata_edit(geoapp_form)
-        geoapp_obj.save()
 
-        additional_vals = dict(category=new_category)
+        vals = dict(category=new_category)
 
         geoapp_form.cleaned_data.pop("metadata")
         extra_metadata = geoapp_form.cleaned_data.pop("extra_metadata")
@@ -292,21 +292,7 @@ def geoapp_metadata(
         geoapp_form.save_linked_resources()
         geoapp_form.cleaned_data.pop("linked_resources")
 
-        geoapp_obj = geoapp_form.instance
-
-        _vals = dict(**geoapp_form.cleaned_data, **additional_vals)
-        _vals.update({"resource_type": resource_type, "sourcetype": SOURCE_TYPE_LOCAL})
-
-        resource_manager.update(
-            geoapp_obj.uuid,
-            instance=geoapp_obj,
-            keywords=new_keywords,
-            regions=new_regions,
-            vals=_vals,
-            notify=True,
-            extra_metadata=json.loads(extra_metadata),
-        )
-        resource_manager.set_thumbnail(geoapp_obj.uuid, instance=geoapp_obj, overwrite=False)
+        vals.update({"resource_type": resource_type, "sourcetype": SOURCE_TYPE_LOCAL})
 
         register_event(request, EventType.EVENT_CHANGE_METADATA, geoapp_obj)
         if not ajax:
@@ -333,13 +319,27 @@ def geoapp_metadata(
             tb = traceback.format_exc()
             logger.error(tb)
 
-        vals = {}
         if "group" in geoapp_form.changed_data:
             vals["group"] = geoapp_form.cleaned_data.get("group")
         if any([x in geoapp_form.changed_data for x in ["is_approved", "is_published"]]):
             vals["is_approved"] = geoapp_form.cleaned_data.get("is_approved", geoapp_obj.is_approved)
             vals["is_published"] = geoapp_form.cleaned_data.get("is_published", geoapp_obj.is_published)
-        resource_manager.update(geoapp_obj.uuid, instance=geoapp_obj, notify=True, vals=vals)
+        else:
+            vals.pop("is_approved", None)
+            vals.pop("is_published", None)
+
+        resource_manager.update(
+            geoapp_obj.uuid,
+            instance=geoapp_obj,
+            keywords=new_keywords,
+            regions=new_regions,
+            notify=True,
+            vals=vals,
+            extra_metadata=json.loads(extra_metadata),
+        )
+
+        resource_manager.set_thumbnail(geoapp_obj.uuid, instance=geoapp_obj, overwrite=False)
+
         return HttpResponse(json.dumps({"message": message}))
     elif request.method == "POST" and (
         not geoapp_form.is_valid() or not category_form.is_valid() or not tkeywords_form.is_valid()

From ec457bcd4b04247a4639857d829be91c2b99e6b6 Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Thu, 26 Oct 2023 16:44:33 +0200
Subject: [PATCH 286/330] Add missing init for facets module (#11638)

---
 geonode/facets/providers/__init__.py | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 geonode/facets/providers/__init__.py

diff --git a/geonode/facets/providers/__init__.py b/geonode/facets/providers/__init__.py
new file mode 100644
index 00000000000..e69de29bb2d

From 8325e6e8dc66db88fe389f58280a535f659e3160 Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Thu, 5 Oct 2023 13:12:49 +0200
Subject: [PATCH 287/330] Test fix CircleCi test (#11560)

* Test fix CircleCi test

* Test fix CircleCi test

* Test fix CircleCi test
---
 geonode/upload/api/tests.py | 80 ++++++++++++++++++++++++++-----------
 1 file changed, 57 insertions(+), 23 deletions(-)

diff --git a/geonode/upload/api/tests.py b/geonode/upload/api/tests.py
index 8f84fec6a92..81cd4a3ea3f 100644
--- a/geonode/upload/api/tests.py
+++ b/geonode/upload/api/tests.py
@@ -17,7 +17,9 @@
 #
 #########################################################################
 
+from geonode.base.models import ResourceBase
 from geonode.resource.models import ExecutionRequest
+from geonode.geoserver.helpers import gs_catalog
 import os
 import shutil
 import logging
@@ -233,35 +235,67 @@ def test_rest_uploads(self):
         """
         Ensure we can access the Local Server Uploads list.
         """
-        # Try to upload a good raster file and check the session IDs
-        fname = os.path.join(GOOD_DATA, "raster", "relief_san_andres.tif")
-        resp, data = rest_upload_by_path(fname, self.client)
-        self.assertEqual(resp.status_code, 201)
-
-        url = reverse("uploads-list")
-        # Anonymous
-        self.client.logout()
-        response = self.client.get(url, format="json")
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(len(response.data), 5)
-        self.assertEqual(response.data["total"], 0)
-        # Pagination
-        self.assertEqual(len(response.data["uploads"]), 0)
-        logger.debug(response.data)
+        resp = None
+        layer_name = "relief_san_andres"
+        try:
+            self._cleanup_layer(layer_name=layer_name)
+            # Try to upload a good raster file and check the session IDs
+            fname = os.path.join(GOOD_DATA, "raster", "relief_san_andres.tif")
+            resp, data = rest_upload_by_path(fname, self.client)
+            self.assertEqual(resp.status_code, 201)
+
+            url = reverse("uploads-list")
+            # Anonymous
+            self.client.logout()
+            response = self.client.get(url, format="json")
+            self.assertEqual(response.status_code, 200)
+            self.assertEqual(len(response.data), 5)
+            self.assertEqual(response.data["total"], 0)
+            # Pagination
+            self.assertEqual(len(response.data["uploads"]), 0)
+            logger.debug(response.data)
+        except Exception:
+            if resp.json().get("errors"):
+                layer_name = resp.json().get("errors")[0].split("for : ")[1].split(",")[0]
+        finally:
+            self._cleanup_layer(layer_name)
 
     @override_settings(CELERY_TASK_ALWAYS_EAGER=True)
     def test_rest_uploads_non_interactive(self):
         """
         Ensure we can access the Local Server Uploads list.
         """
-        # Try to upload a good raster file and check the session IDs
-        fname = os.path.join(GOOD_DATA, "raster", "relief_san_andres.tif")
-        resp, data = rest_upload_by_path(fname, self.client, non_interactive=True)
-        self.assertEqual(resp.status_code, 201)
-
-        exec_id = data.get("execution_id", None)
-        _exec = ExecutionRequest.objects.get(exec_id=exec_id)
-        self.assertEqual(_exec.status, "finished")
+        resp = None
+        layer_name = "relief_san_andres"
+        try:
+            self._cleanup_layer(layer_name=layer_name)
+            # Try to upload a good raster file and check the session IDs
+            fname = os.path.join(GOOD_DATA, "raster", "relief_san_andres.tif")
+            resp, data = rest_upload_by_path(fname, self.client, non_interactive=True)
+            self.assertEqual(resp.status_code, 201)
+            exec_id = data.get("execution_id", None)
+            _exec = ExecutionRequest.objects.get(exec_id=exec_id)
+            self.assertEqual(_exec.status, "finished")
+        except Exception:
+            if resp.json().get("errors"):
+                layer_name = resp.json().get("errors")[0].split("for : ")[1].split(",")[0]
+        finally:
+            self._cleanup_layer(layer_name)
+
+    def _cleanup_layer(self, layer_name):
+        # removing the layer from geonode
+        x = ResourceBase.objects.filter(alternate__icontains=layer_name)
+        if x.exists():
+            for el in x.iterator():
+                el.delete()
+        # removing the layer from geoserver
+        dataset = gs_catalog.get_layer(layer_name)
+        if dataset:
+            gs_catalog.delete(dataset, purge="all", recurse=True)
+        # removing the layer from geoserver
+        store = gs_catalog.get_store(layer_name, workspace="geonode")
+        if store:
+            gs_catalog.delete(store, purge="all", recurse=True)
 
     @mock.patch("geonode.upload.uploadhandler.SimpleUploadedFile")
     def test_rest_uploads_with_size_limit(self, mocked_uploaded_file):

From 6a8a202565759ec3a07401271ac5cafb37854cf8 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Mon, 30 Oct 2023 10:05:08 +0100
Subject: [PATCH 288/330] thesaurus topics should only return its own keys
 (#11644)

---
 geonode/facets/providers/thesaurus.py | 2 +-
 geonode/facets/tests.py               | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/geonode/facets/providers/thesaurus.py b/geonode/facets/providers/thesaurus.py
index 047ac9b82ea..cec04f7ad16 100644
--- a/geonode/facets/providers/thesaurus.py
+++ b/geonode/facets/providers/thesaurus.py
@@ -111,7 +111,7 @@ def get_facet_items(
 
     def get_topics(self, keys: list, lang="en", **kwargs) -> list:
         q = (
-            ThesaurusKeyword.objects.filter(id__in=keys)
+            ThesaurusKeyword.objects.filter(id__in=keys, thesaurus__identifier=self.name)
             .values("id", "alt_label")
             .annotate(
                 localized_label=Subquery(
diff --git a/geonode/facets/tests.py b/geonode/facets/tests.py
index 8b4812a110f..22a9e18e929 100644
--- a/geonode/facets/tests.py
+++ b/geonode/facets/tests.py
@@ -498,6 +498,7 @@ def t(tk):
                 {regfilter: "R0", t0filter: t("0_1"), "key": [t("1_1"), t("1_0")]},
                 {t("1_0"): None, t("1_1"): None},
             ),
+            ("t_1", {"key": [t("0_1")]}, {}),
             # regions
             (regname, {t1filter: t("1_1")}, {"R1": 1}),
             (regname, {t1filter: t("1_1"), "key": ["R0", "R1"]}, {"R1": 1, "R0": None}),

From c937f5e42ead119bdfcd709a4ea23d3db37f5e7b Mon Sep 17 00:00:00 2001
From: Emanuele Tajariol <etj@geo-solutions.it>
Date: Mon, 6 Nov 2023 10:21:09 +0100
Subject: [PATCH 289/330] [Fixes #11652] Facets: wrong count on multiple
 tkeywords filtering (#11655)

* [Fixes #11652] Facets: wrong count on multiple tkeywords filtering - tkeywords

* [Fixes #11652] Facets: wrong count on multiple tkeywords filtering - category

* [Fixes #11652] Facets: wrong count on multiple tkeywords filtering - region

* [Fixes #11652] Facets: wrong count on multiple tkeywords filtering - keywords
---
 geonode/facets/providers/category.py  |  24 ++---
 geonode/facets/providers/keyword.py   |  16 ++--
 geonode/facets/providers/region.py    |  18 ++--
 geonode/facets/providers/thesaurus.py |  28 +++---
 geonode/facets/tests.py               | 124 ++++++++++++++++----------
 5 files changed, 120 insertions(+), 90 deletions(-)

diff --git a/geonode/facets/providers/category.py b/geonode/facets/providers/category.py
index 6b7dc331768..488d5ab2e41 100644
--- a/geonode/facets/providers/category.py
+++ b/geonode/facets/providers/category.py
@@ -39,14 +39,14 @@ def name(self) -> str:
     def get_info(self, lang="en", **kwargs) -> dict:
         return {
             "name": self.name,
-            "filter": "filter{category.identifier}",
+            "filter": "filter{category.identifier.in}",
             "label": "Category",
             "type": FACET_TYPE_CATEGORY,
         }
 
     def get_facet_items(
         self,
-        queryset=None,
+        queryset,
         start: int = 0,
         end: int = DEFAULT_FACET_PAGE_SIZE,
         lang="en",
@@ -56,22 +56,26 @@ def get_facet_items(
     ) -> (int, list):
         logger.debug("Retrieving facets for %s", self.name)
 
-        filters = {"category__isnull": False}
+        filters = {"resourcebase__in": queryset}
 
         if topic_contains:
-            filters["category__gn_description"] = topic_contains
+            filters["gn_description__icontains"] = topic_contains
 
         if keys:
             logger.debug("Filtering by keys %r", keys)
-            filters["category__identifier__in"] = keys
+            filters["identifier__in"] = keys
 
         q = (
-            queryset.values("category__identifier", "category__gn_description", "category__fa_class")
+            TopicCategory.objects.values("identifier", "gn_description", "fa_class")
             .filter(**filters)
-            .annotate(count=Count("owner"))
+            .annotate(count=Count("resourcebase"))
             .order_by("-count")
         )
 
+        logger.debug(" PREFILTERED QUERY  ---> %s\n\n", queryset.query)
+        logger.debug(" ADDITIONAL FILTERS ---> %s\n\n", filters)
+        logger.debug(" FINAL QUERY        ---> %s\n\n", q.query)
+
         cnt = q.count()
 
         logger.info("Found %d facets for %s", cnt, self.name)
@@ -80,10 +84,10 @@ def get_facet_items(
 
         topics = [
             {
-                "key": r["category__identifier"],
-                "label": r["category__gn_description"],
+                "key": r["identifier"],
+                "label": r["gn_description"],
                 "count": r["count"],
-                "fa_class": r["category__fa_class"],
+                "fa_class": r["fa_class"],
             }
             for r in q[start:end].all()
         ]
diff --git a/geonode/facets/providers/keyword.py b/geonode/facets/providers/keyword.py
index 41c4a470cfa..476031f9e31 100644
--- a/geonode/facets/providers/keyword.py
+++ b/geonode/facets/providers/keyword.py
@@ -56,18 +56,18 @@ def get_facet_items(
     ) -> (int, list):
         logger.debug("Retrieving facets for %s", self.name)
 
-        filters = {"keywords__isnull": False}
+        filters = {"resourcebase__in": queryset}
         if topic_contains:
-            filters["keywords__name__icontains"] = topic_contains
+            filters["name__icontains"] = topic_contains
 
         if keys:
             logger.debug("Filtering by keys %r", keys)
-            filters["keywords__slug__in"] = keys
+            filters["slug__in"] = keys
 
         q = (
-            queryset.filter(**filters)
-            .values("keywords__slug", "keywords__name")
-            .annotate(count=Count("keywords__slug"))
+            HierarchicalKeyword.objects.filter(**filters)
+            .values("slug", "name")
+            .annotate(count=Count("resourcebase"))
             .order_by("-count")
         )
 
@@ -79,8 +79,8 @@ def get_facet_items(
 
         topics = [
             {
-                "key": r["keywords__slug"],
-                "label": r["keywords__name"],
+                "key": r["slug"],
+                "label": r["name"],
                 "count": r["count"],
             }
             for r in q[start:end].all()
diff --git a/geonode/facets/providers/region.py b/geonode/facets/providers/region.py
index bd912ab8693..73a7e578d37 100644
--- a/geonode/facets/providers/region.py
+++ b/geonode/facets/providers/region.py
@@ -46,7 +46,7 @@ def get_info(self, lang="en", **kwargs) -> dict:
 
     def get_facet_items(
         self,
-        queryset=None,
+        queryset,
         start: int = 0,
         end: int = DEFAULT_FACET_PAGE_SIZE,
         lang="en",
@@ -56,19 +56,19 @@ def get_facet_items(
     ) -> (int, list):
         logger.debug("Retrieving facets for %s", self.name)
 
-        filters = {"regions__isnull": False}
+        filters = {"resourcebase__in": queryset}
 
         if topic_contains:
-            filters["regions__name"] = topic_contains
+            filters["name__icontains"] = topic_contains
 
         if keys:
             logger.debug("Filtering by keys %r", keys)
-            filters["regions__code__in"] = keys
+            filters["code__in"] = keys
 
         q = (
-            queryset.filter(**filters)
-            .values("regions__code", "regions__name")
-            .annotate(count=Count("regions__code"))
+            Region.objects.filter(**filters)
+            .values("code", "name")
+            .annotate(count=Count("resourcebase"))
             .order_by("-count")
         )
 
@@ -80,8 +80,8 @@ def get_facet_items(
 
         topics = [
             {
-                "key": r["regions__code"],
-                "label": r["regions__name"],
+                "key": r["code"],
+                "label": r["name"],
                 "count": r["count"],
             }
             for r in q[start:end].all()
diff --git a/geonode/facets/providers/thesaurus.py b/geonode/facets/providers/thesaurus.py
index cec04f7ad16..92621340394 100644
--- a/geonode/facets/providers/thesaurus.py
+++ b/geonode/facets/providers/thesaurus.py
@@ -56,7 +56,7 @@ def get_info(self, lang="en", **kwargs) -> dict:
 
     def get_facet_items(
         self,
-        queryset=None,
+        queryset,
         start: int = 0,
         end: int = DEFAULT_FACET_PAGE_SIZE,
         lang="en",
@@ -66,30 +66,30 @@ def get_facet_items(
     ) -> (int, list):
         logger.debug("Retrieving facets for %s", self._name)
 
-        filter = {
-            "tkeywords__thesaurus__identifier": self._name,
-        }
+        filter = {"thesaurus__identifier": self._name, "resourcebase__in": queryset}
 
         if topic_contains:
-            filter["tkeywords__keyword__label__icontains"] = topic_contains
+            filter["label__icontains"] = topic_contains
 
         if keys:
             logger.debug("Filtering by keys %r\n", keys)
-            filter["tkeywords__in"] = keys
+            filter["id__in"] = keys
 
         q = (
-            queryset.filter(**filter)
-            .values("tkeywords", "tkeywords__alt_label", "tkeywords__image")
-            .annotate(count=Count("tkeywords"))
+            ThesaurusKeyword.objects.filter(**filter)
+            .values("id", "alt_label", "image")
+            .annotate(count=Count("resourcebase"))
             .annotate(
                 localized_label=Subquery(
-                    ThesaurusKeywordLabel.objects.filter(keyword=OuterRef("tkeywords"), lang=lang).values("label")
+                    ThesaurusKeywordLabel.objects.filter(keyword=OuterRef("id"), lang=lang).values("label")
                 )
             )
             .order_by("-count")
         )
 
-        logger.debug(" ---> %s\n\n", q.query)
+        logger.debug(" PREFILTERED QUERY ---> %s\n\n", queryset.query)
+        logger.debug(" ADDITIONAL FILTERS ---> %s\n\n", filter)
+        logger.debug(" FINAL QUERY       ---> %s\n\n", q.query)
 
         cnt = q.count()
 
@@ -98,11 +98,11 @@ def get_facet_items(
 
         topics = [
             {
-                "key": r["tkeywords"],
-                "label": r["localized_label"] or r["tkeywords__alt_label"],
+                "key": r["id"],
+                "label": r["localized_label"] or r["alt_label"],
                 "is_localized": r["localized_label"] is not None,
                 "count": r["count"],
-                "image": r["tkeywords__image"],
+                "image": r["image"],
             }
             for r in q[start:end].all()
         ]
diff --git a/geonode/facets/tests.py b/geonode/facets/tests.py
index 22a9e18e929..c227b152e35 100644
--- a/geonode/facets/tests.py
+++ b/geonode/facets/tests.py
@@ -119,6 +119,7 @@ def _create_categories(cls):
             ("C0", "Cat0"),
             ("C1", "Cat1"),
             ("C2", "Cat2"),
+            ("C3", "Cat3"),
         ):
             cls.cats[code] = TopicCategory.objects.create(identifier=code, description=name, gn_description=name)
 
@@ -130,6 +131,7 @@ def _create_keywords(cls):
             ("K0", "Keyword0"),
             ("K1", "Keyword1"),
             ("K2", "Keyword2"),
+            ("K3", "Keyword3"),
         ):
             cls.kw[code] = HierarchicalKeyword.objects.create(slug=code, name=name)
 
@@ -150,26 +152,26 @@ def _create_resources(self):
 
             # These are the assigned keywords to the Resources
 
-            # RB00 ->            T1K0          R0,R1   FEAT  K0      C0
-            # RB01 ->  T0K0      T1K0          R0      FEAT  K1
-            # RB02 ->            T1K0          R1      FEAT  K2      C0
-            # RB03 ->  T0K0      T1K0                        K0
-            # RB04 ->            T1K0                        K0,K1   C0
-            # RB05 ->  T0K0      T1K0                        K0,K2   C1
-            # RB06 ->            T1K0                  FEAT
-            # RB07 ->  T0K0      T1K0                  FEAT
-            # RB08 ->            T1K0 T1K1     R1      FEAT
-            # RB09 ->  T0K0      T1K0 T1K1
-            # RB10 ->                 T1K1
-            # RB11 ->  T0K0 T0K1      T1K1
-            # RB12 ->                 T1K1             FEAT
-            # RB13 ->  T0K0 T0K1               R1      FEAT
-            # RB14 ->                                  FEAT
-            # RB15 ->  T0K0 T0K1                                     C1
-            # RB16 ->                                                C1
-            # RB17 ->  T0K0 T0K1
-            # RB18 ->                                  FEAT          C2
-            # RB19 ->  T0K0 T0K1                       FEAT          C2
+            # RB00 ->           T1K0      R0,R1    FEAT  K0      C0
+            # RB01 -> T0K0      T1K0      R0       FEAT    K1
+            # RB02 ->           T1K0         R1    FEAT      K2  C0
+            # RB03 -> T0K0      T1K0                     K0
+            # RB04 ->           T1K0                     K0K1    C0
+            # RB05 -> T0K0      T1K0                     K0  K2  C1
+            # RB06 ->           T1K0               FEAT
+            # RB07 -> T0K0      T1K0            R2 FEAT      K3  C3
+            # RB08 ->           T1K0 T1K1    R1,R2 FEAT      K3  C3
+            # RB09 -> T0K0      T1K0 T1K1       R2           K3  C3
+            # RB10 ->                T1K1       R2           K3  C3
+            # RB11 -> T0K0 T0K1      T1K1
+            # RB12 ->                T1K1          FEAT
+            # RB13 -> T0K0 T0K1              R1    FEAT
+            # RB14 ->                              FEAT
+            # RB15 -> T0K0 T0K1                                  C1
+            # RB16 ->                                            C1
+            # RB17 -> T0K0 T0K1
+            # RB18 ->                              FEAT          C2
+            # RB19 -> T0K0 T0K1                    FEAT          C2
 
             if x % 2 == 1:
                 logger.debug(f"ADDING KEYWORDS {self.thesauri_k['0_0']} to RB {d}")
@@ -189,6 +191,7 @@ def _create_resources(self):
             for reg, idx in (  # fmt: skip
                 ("R0", (0, 1)),
                 ("R1", (0, 2, 8, 13)),
+                ("R2", (7, 8, 9, 10)),
             ):
                 if x in idx:
                     d.regions.add(self.regions[reg])
@@ -197,6 +200,7 @@ def _create_resources(self):
                 ("K0", (0, 3, 4, 5)),
                 ("K1", [1, 4]),
                 ("K2", [2, 5]),
+                ("K3", [7, 8, 9, 10]),
             ):
                 if x in idx:
                     d.keywords.add(self.kw[kw])
@@ -205,6 +209,7 @@ def _create_resources(self):
                 ("C0", [0, 2, 4]),
                 ("C1", [5, 15, 16]),
                 ("C2", [18, 19]),
+                ("C3", [7, 8, 9, 10]),
             ):
                 if x in idx:
                     d.category = self.cats[cat]
@@ -248,10 +253,11 @@ def test_facets_rich(self):
             {
                 "name": "category",
                 "topics": {
-                    "total": 3,
+                    "total": 4,
                     "items": [
                         {"label": "Cat0", "count": 3},
                         {"label": "Cat1", "count": 3},
+                        {"label": "Cat3", "count": 4},
                         {"label": "Cat2", "count": 2},
                     ],
                 },
@@ -259,11 +265,12 @@ def test_facets_rich(self):
             {
                 "name": "keyword",
                 "topics": {
-                    "total": 3,
+                    "total": 4,
                     "items": [
                         {"label": "Keyword0", "count": 4},
                         {"label": "Keyword1", "count": 2},
                         {"label": "Keyword2", "count": 2},
+                        {"label": "Keyword3", "count": 4},
                     ],
                 },
             },
@@ -295,10 +302,11 @@ def test_facets_rich(self):
             {
                 "name": "region",
                 "topics": {
-                    "total": 2,
+                    "total": 3,
                     "items": [
                         {"label": "Region0", "key": "R0", "count": 2},
                         {"label": "Region1", "key": "R1", "count": 4},
+                        {"label": "Region2", "key": "R2", "count": 4},
                     ],
                 },
             },
@@ -386,15 +394,21 @@ def test_prefiltering(self):
             ("t_1", {}, 2, 10),
             ("t_1", {regfilter: "R0"}, 1, 2),
             ("t_1", {regfilter: "R1"}, 2, 3),
-            (reginfo["name"], {}, 2, 4),
-            (reginfo["name"], {t0filter: self.thesauri_k["0_0"].id}, 2, 1),
-            (reginfo["name"], {t1filter: self.thesauri_k["1_0"].id}, 2, 3),
+            (reginfo["name"], {}, 3, 4),
+            (reginfo["name"], {t0filter: self.thesauri_k["0_0"].id}, 3, 2),
+            (reginfo["name"], {t1filter: self.thesauri_k["1_0"].id}, 3, 3),
         ):
             req = self.rf.get(reverse("get_facet", args=[facet]), data=filters)
             res: JsonResponse = GetFacetView.as_view()(req, facet)
             obj = json.loads(res.content)
-            self.assertEqual(totals, obj["topics"]["total"], f"Bad totals for facet '{facet} and filter {filters}")
-            self.assertEqual(count0, obj["topics"]["items"][0]["count"], f"Bad count0 for facet '{facet}")
+            self.assertEqual(
+                totals,
+                obj["topics"]["total"],
+                f"Bad totals for facet '{facet} and filter {filters}\nRESPONSE: {obj}",
+            )
+            self.assertEqual(
+                count0, obj["topics"]["items"][0]["count"], f"Bad count0 for facet '{facet}\nRESPONSE: {obj}"
+            )
 
     def test_prefiltering_tkeywords(self):
         regname = RegionFacetProvider().name
@@ -402,7 +416,7 @@ def test_prefiltering_tkeywords(self):
         t1filter = facet_registry.get_provider("t_1").get_info()["filter"]
         tkey_1_1 = self.thesauri_k["1_1"].id
 
-        expected_region = {"R1": 1}
+        expected_region = {"R1": 1, "R2": 3}
         expected_feat = {True: 2, False: 3}
 
         # Run the single requests
@@ -471,49 +485,61 @@ def test_config(self):
 
     def test_count0(self):
         reginfo = RegionFacetProvider().get_info()
-        regfilter = reginfo["filter"]
+        regflt = reginfo["filter"]
         regname = reginfo["name"]
 
         catinfo = CategoryFacetProvider().get_info()
+        catflt = catinfo["filter"]
         catname = catinfo["name"]
 
         kwinfo = KeywordFacetProvider().get_info()
-        kwfilter = kwinfo["filter"]
+        kwflt = kwinfo["filter"]
         kwname = kwinfo["name"]
 
-        t0filter = facet_registry.get_provider("t_0").get_info()["filter"]
-        t1filter = facet_registry.get_provider("t_1").get_info()["filter"]
+        t0flt = facet_registry.get_provider("t_0").get_info()["filter"]
+        t1flt = facet_registry.get_provider("t_1").get_info()["filter"]
 
         def t(tk):
             return self.thesauri_k[tk].id
 
-        for facet, params, items in (
+        for facet, params, items in (  # fmt: skip
             # thesauri
-            ("t_1", {regfilter: "R0"}, {t("1_0"): 2}),
-            ("t_1", {regfilter: "R0", "key": [t("1_0")]}, {t("1_0"): 2}),
-            ("t_1", {regfilter: "R0", t0filter: t("0_1")}, {}),
-            ("t_1", {regfilter: "R0", t0filter: t("0_1"), "key": [t("1_0")]}, {t("1_0"): None}),
+            ("t_1", {regflt: "R0"}, {t("1_0"): 2}),
+            ("t_1", {regflt: "R0", "key": [t("1_0")]}, {t("1_0"): 2}),
+            ("t_1", {regflt: "R0", t0flt: t("0_1")}, {}),
+            ("t_1", {regflt: "R0", t0flt: t("0_1"), "key": [t("1_0")]}, {t("1_0"): None}),
             (
                 "t_1",
-                {regfilter: "R0", t0filter: t("0_1"), "key": [t("1_1"), t("1_0")]},
+                {regflt: "R0", t0flt: t("0_1"), "key": [t("1_1"), t("1_0")]},
                 {t("1_0"): None, t("1_1"): None},
             ),
             ("t_1", {"key": [t("0_1")]}, {}),
+            ("t_1", {t0flt: t("0_0")}, {t("1_0"): 5, t("1_1"): 2}),
+            ("t_1", {t0flt: t("0_1")}, {t("1_1"): 1}),
+            ("t_1", {t0flt: [t("0_1"), t("0_0")]}, {t("1_0"): 5, t("1_1"): 2}),
+            ("t_1", {catflt: ["C0"]}, {t("1_0"): 3}),
+            ("t_1", {catflt: ["C0", "C1"]}, {t("1_0"): 4}),
             # regions
-            (regname, {t1filter: t("1_1")}, {"R1": 1}),
-            (regname, {t1filter: t("1_1"), "key": ["R0", "R1"]}, {"R1": 1, "R0": None}),
-            (regname, {t1filter: t("1_1"), "key": ["R0"]}, {"R0": None}),
+            (regname, {t1flt: t("1_0")}, {"R0": 2, "R1": 3, "R2": 3}),
+            (regname, {t1flt: t("1_1")}, {"R1": 1, "R2": 3}),
+            (regname, {t1flt: [t("1_1"), t("1_0")]}, {"R0": 2, "R1": 3, "R2": 4}),
+            (regname, {t1flt: t("1_1"), "key": ["R0", "R1"]}, {"R1": 1, "R0": None}),
+            (regname, {t1flt: t("1_1"), "key": ["R0"]}, {"R0": None}),
             # category
-            (catname, {t1filter: t("1_0")}, {"C0": 3, "C1": 1}),
-            (catname, {t1filter: t("1_0"), "key": ["C0", "C2"]}, {"C0": 3, "C2": None}),
-            (catname, {kwfilter: "K1"}, {"C0": 1}),
-            (catname, {kwfilter: "K1", "key": ["C0", "C2"]}, {"C0": 1, "C2": None}),
+            (catname, {t1flt: t("1_0")}, {"C0": 3, "C1": 1, "C3": 3}),
+            (catname, {t1flt: t("1_0"), "key": ["C0", "C2"]}, {"C0": 3, "C2": None}),
+            (catname, {t1flt: [t("1_0"), t("1_1")]}, {"C0": 3, "C1": 1, "C3": 4}),
+            (catname, {kwflt: "K1"}, {"C0": 1}),
+            (catname, {kwflt: "K1", "key": ["C0", "C2"]}, {"C0": 1, "C2": None}),
             # keyword
-            (kwname, {t0filter: t("0_0")}, {"K0": 2, "K1": 1, "K2": 1}),
-            (kwname, {t0filter: t("0_0"), regfilter: "R0"}, {"K1": 1}),
-            (kwname, {t0filter: t("0_0"), regfilter: "R0", "key": ["K0"]}, {"K0": None}),
+            (kwname, {t0flt: t("0_0")}, {"K0": 2, "K1": 1, "K2": 1, "K3": 2}),
+            (kwname, {t0flt: t("1_0")}, {"K0": 4, "K1": 2, "K2": 2, "K3": 3}),
+            (kwname, {t0flt: [t("1_0"), t("1_1")]}, {"K0": 4, "K1": 2, "K2": 2, "K3": 4}),
+            (kwname, {t0flt: t("0_0"), regflt: "R0"}, {"K1": 1}),
+            (kwname, {t0flt: t("0_0"), regflt: "R0", "key": ["K0"]}, {"K0": None}),
         ):
             req = self.rf.get(reverse("get_facet", args=[facet]), data=params)
+            req.user = self.admin
             res: JsonResponse = GetFacetView.as_view()(req, facet)
             obj = json.loads(res.content)
             # self.assertEqual(totals, obj["topics"]["total"], f"Bad totals for facet '{facet} and params {params}")

From 96d72df6fa3f216e9f40ed33472e82048db8b06a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 Nov 2023 08:58:52 +0100
Subject: [PATCH 290/330] Bump black from 23.9.1 to 23.10.1 (#11648)

* Bump black from 23.9.1 to 23.10.1

Bumps [black](https://github.com/psf/black) from 23.9.1 to 23.10.1.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/23.9.1...23.10.1)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 3d5dada6563..483c2f95d0f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -153,7 +153,7 @@ invoke==2.2.0
 coverage==7.3.1
 requests-toolbelt==1.0.0
 flake8==6.1.0
-black==23.9.1
+black==23.10.1
 pytest==7.4.2
 pytest-bdd==6.1.1
 splinter==0.19.0
diff --git a/setup.cfg b/setup.cfg
index 42ff67cbaeb..05bcab54342 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -178,7 +178,7 @@ install_requires =
     coverage==7.3.1
     requests-toolbelt==1.0.0
     flake8==6.1.0
-    black==23.9.1
+    black==23.10.1
     pytest==7.4.2
     pytest-bdd==6.1.1
     splinter==0.19.0

From cf73b3f8aa1af6505539cc703c4a2033ccd00cc2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Nov 2023 15:21:52 +0100
Subject: [PATCH 291/330] Bump django from 3.2.22 to 3.2.23 (#11654)

* Bump django from 3.2.22 to 3.2.23

Bumps [django](https://github.com/django/django) from 3.2.22 to 3.2.23.
- [Commits](https://github.com/django/django/compare/3.2.22...3.2.23)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 483c2f95d0f..ba3e83410f2 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,7 +2,7 @@
 Pillow==10.0.1
 lxml==4.9.3
 psycopg2==2.9.9
-Django==3.2.22
+Django==3.2.23
 
 # Other
 amqp==5.1.1
diff --git a/setup.cfg b/setup.cfg
index 05bcab54342..151e17e7890 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -28,7 +28,7 @@ install_requires =
     Pillow==10.0.1
     lxml==4.9.3
     psycopg2==2.9.9
-    Django==3.2.22
+    Django==3.2.23
 
     # Other
     amqp==5.1.1

From a7e3db3b92df28666f4146683e09be03ec48567d Mon Sep 17 00:00:00 2001
From: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Thu, 9 Nov 2023 09:35:51 -0500
Subject: [PATCH 292/330] fix: requirements.txt to reduce vulnerabilities
 (#11656)

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-6041515
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6043904

Co-authored-by: snyk-bot <snyk-bot@snyk.io>

From e7b53a5c8c81a99104dd2aec5f0eab396c760c86 Mon Sep 17 00:00:00 2001
From: Emanuele Tajariol <etj@geo-solutions.it>
Date: Thu, 9 Nov 2023 18:22:33 +0100
Subject: [PATCH 293/330] [Fixes #11447, #11668] Various fixes in GeoFence
 permissions (#11669)

* [Fixes #11447] Bad role name in creating GeoFence rules

* [Fixes #11668] Bad ordering of GeoFence rules

---------

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 geonode/geoserver/geofence.py |  2 +-
 geonode/geoserver/manager.py  | 14 ++++++++++++--
 geonode/geoserver/security.py |  2 +-
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/geonode/geoserver/geofence.py b/geonode/geoserver/geofence.py
index c31c6eb8c3c..9e7717569bd 100644
--- a/geonode/geoserver/geofence.py
+++ b/geonode/geoserver/geofence.py
@@ -83,7 +83,7 @@ def __init__(
         for field, value in (
             ("priority", priority),
             ("userName", user),
-            ("roleName", group),
+            ("roleName", f"ROLE_{group.upper()}" if group is not None and group != "*" else group),
             ("service", service),
             ("request", request),
             ("subfield", subfield),
diff --git a/geonode/geoserver/manager.py b/geonode/geoserver/manager.py
index 18634e06f58..a88b641b71f 100644
--- a/geonode/geoserver/manager.py
+++ b/geonode/geoserver/manager.py
@@ -475,6 +475,8 @@ def set_permissions(
                                 create_geofence_rules(_resource, perms, _owner, None, batch)
                                 exist_geolimits = exist_geolimits or has_geolimits(_resource, _owner, None)
 
+                                deferred_anon_perms = []
+
                                 # All the other users
                                 if "users" in permissions and len(permissions["users"]) > 0:
                                     for user, user_perms in permissions["users"].items():
@@ -482,7 +484,9 @@ def set_permissions(
                                         if _user != _owner:
                                             if user == "AnonymousUser":
                                                 _user = None
-                                            create_geofence_rules(_resource, user_perms, _user, None, batch)
+                                                deferred_anon_perms.append(user_perms)
+                                            else:
+                                                create_geofence_rules(_resource, user_perms, _user, None, batch)
                                             exist_geolimits = exist_geolimits or has_geolimits(_resource, _user, None)
 
                                 # All the other groups
@@ -491,8 +495,14 @@ def set_permissions(
                                         _group = Group.objects.get(name=group)
                                         if _group and _group.name and _group.name == "anonymous":
                                             _group = None
-                                        create_geofence_rules(_resource, perms, None, _group, batch)
+                                            deferred_anon_perms.append(perms)
+                                        else:
+                                            create_geofence_rules(_resource, perms, None, _group, batch)
                                         exist_geolimits = exist_geolimits or has_geolimits(_resource, None, _group)
+
+                                for perm in deferred_anon_perms:
+                                    create_geofence_rules(_resource, perm, None, None, batch)
+
                             else:
                                 # Owner & Managers
                                 perms = (
diff --git a/geonode/geoserver/security.py b/geonode/geoserver/security.py
index 1d7fd2a8f1f..4cb244e67e3 100644
--- a/geonode/geoserver/security.py
+++ b/geonode/geoserver/security.py
@@ -284,8 +284,8 @@ def create_geofence_rules(layer, perms, user=None, group=None, batch: Batch = No
     # Anon limits should go at the end, but it's responsibility of the caller to create first user/group rules
     for limits, scope, u, g in (
         (users_geolimits, "USER", username, None),
-        (anonymous_geolimits, "ANON", None, None),
         (groups_geolimits, "GROUP", None, groupname),
+        (anonymous_geolimits, "ANON", None, None),
     ):
         if limits and limits.exists():
             logger.debug(f"Adding GeoFence {scope} GeoLimit rule: U:{u} G:{g} L:{layer} ")

From e705eaffa1b2a9e85a1d69fb1d76328e6682719e Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Fri, 10 Nov 2023 18:12:39 +0100
Subject: [PATCH 294/330] Update default avatar image (#11676)

* Update default avatar image

* Change to default avatar

* Reduce avatar dim
---
 geonode/static/geonode/img/avatar.png | Bin 162510 -> 2195 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 mode change 100644 => 100755 geonode/static/geonode/img/avatar.png

diff --git a/geonode/static/geonode/img/avatar.png b/geonode/static/geonode/img/avatar.png
old mode 100644
new mode 100755
index 6882d9784b4ba3979ccfcd9dfcea102375738f83..8a0797b13e31f76c2588feb9b8cab9102cc80d6a
GIT binary patch
literal 2195
zcmZ{lS5VW57RLY5t0BmxuOJ8*X-SAQ!A1gs08$dfKoCL`l#*-&DH<t;03k{dDG?W?
zNJ3LOUUq3x6-9az2ueo*5h<(O_;Tmohn+L$d^6vf-+XhPPNIXom86)W7ytm0)@Y;?
zPaS@>h!Afw!JB0~QT0YU*#SVLCIH-t2Y@}Eb!QO(Za@KG*%JUvvj9LYl-1~H##;yx
zF;+<6;8*?8RGiLpL_^V+e+K~ZBft6(ki(ManZgunJCyK(xR|K80HQMN1<&!YMxMvs
z9ABGsV?4tBt9fJE)cI;crkaCI{<+E)kyz1wz#!wALlP`dz;w@(P6zXKT$NgqIhJId
zoG40^SU<-gGQxxq9qmdvA}Bv85d?&IAET{79*~XMGBoH-_<|LJJn9`=U_n?^G8|+u
zHf?&a+Pk;y5w-X(-y$JgufH$h`xfXKO1_tsf@<w=Nqx`fMI~mwE^E(ZL?2cv@UJwH
zSHe$?1XIi8MqiR811mwhf6Dk{7VdY7i(63AYew2I$TanC>M~!#-IuZZK4!ueoQHq?
z5ZvAdwO(gwx-&q9?()PQQo$sc``jmG%OLe)+d6xAyC+j*m0)sC46Mb~ey<h3t1)ih
zQP3IZw(d=?60zXm2h?-*DvPNO?{qh%xhIu}GK32sDg2aL8pkuu5cpi*dO_)2&GnBJ
zpk+mjtLj{CJu+)*FeLr>MWHKpyO@um>2f(myad>ZYu2U`MyPhdWo;`=S2XN$j0&+d
zTRNFq@}0UQJm^%Zx|2s2&)r~|OOxpIFUWR(N@3mue!D2_hQ49=2ea%(1A@N0R8Y^U
zIDY33o`^n4T;G^PlGy5!3IZdg2i`ClKwq?x=0ayDx?!=-E~Sv43?g4tg@*++XZO$&
z``t%D@3eShSo_F@RX5Iq$JR+TSv86QhszmPo!IcH(H)AP-qXJw^wfCA{*klTI;M7J
zc>dC=5qMRFD;98DhFL~$j&!I}|4Lk)jzp!4!r!XC?L!xr*H^h#`O-pFS*qO9+OBN(
z`%{q2-mFuyPha7KTs=b$?jU=7jSEs}nr%z2PUIxWJAR9T&t1k<w>&hJN?x^C7Zm>R
zrIF_N)Dz9zjccc3HJLa$dszm=fT1Lpb-tsY+yR;<D9hm*aq%=kznVMBx|BLxua9Ul
z>b3s2w86^ebACt1gY}(ffS&8~t)(<Kw9T4c9gStz(C@U2E9aQQi!27y@Unqr8O>{J
z?_oG6re^^*Dg`u)ZqM9?WE1O&+8)|N9&?;f+RSA!4VO0yS8g_7y#;BZJ+F(M{~Wi3
zIE#kIZ6#eu_l!Yk#*a!Vyse#h6OVmA?E8^^K?tL(rq4~SMQ1Czk*LQDmje|a^J{n^
zc5n4<ML^B+W@mM7Vh1XlXNPY2i0u}4MZYME-9~CIjli#*XwV|8+WPcu2PthN59ekp
zE97A!5*(_7i|EbyL$_-Cvg7K_2L{&C5QoA=R&0#$TdWF>%l@^l3Ft6fH~pA7WNsM!
zw6J$NNmSWm$lvF>ZPEmMYJhAVa=zy`wGf%3L6-ZdC{N3zF1h#>r{KVpC+6+WKjhK3
zk+K*<hckBO2WO9+)M>I`E?Isoxe0EUa6cR~g02|Op<oHoN`V7Sam;0Nm0>Nn!a{KW
zCj6c)D84>pCkpp`oF!dXv^p1rKfOpF$kaM2Q!7v`wSUTaRH^IV!ViU3P>33*nt&To
zZJd3iylAjB36giBCb2;{%;v0yp7iht;?hw&y=Z0pkX6U%JGS^2TfJtWp~m{&1f7HO
z&?I}$>rjJRh7vNdhja<BtJQ4$quglsj!$5Fry_yRf=df(Axy?M>)OpeG^Y1i<eo56
zAY0hCz2Vr|yGM!nkQCY^O^ZJL>~msi8~U`~M0MfevhU;PP12sQ$IogGlq|M92g`P6
zX_E~d)vf4dA7ul)U)Z}QCs>$W^s90iRnT5PSh{TDN@!30N*rkjTFmU%AfMjAyO@0H
zg^kx(Fccc|%`d$)r7W)35-nfH%q<a2jL*~(R0da!SE2;U8f}fiWlf*=8d-|-UWa67
z9h6Jiq2_3uzxkyHTAxk-R%tmrl)t0BW8}f6=2cKV*ayKG!{}gkGpY4(Gx(-Hvy<c+
z+qR*Hdwy{Q!R>A=4Pv)#Qn?T_n$?Dpnezd`(Bdj7=0*U)l>y>P;Fxs+!o<hiY2tT=
zr-9*&e!UWi9nW+qN{|J+K6G*Z_F{nKK^S)&twXhH615CVe16(%Q209(!6rd5bF>9z
z7UPpEEnM5NdeGf+12lQ}yhMqdvK?+dLy&pINM&J0ja8V_yKU*w(o|0vGB7fTNKKbD
zwx7Js&I=Q?$5oD3y}91WU$5|2E5}xc?8MipD`CC^Kl8-K-~;n|n+oY^V4m_=db_!p
z^2mzpZ1PTQHdU!aCKq=ApRpY3X`1-3lgYQT$>-0F)EQdl?5}BUNR>Okxfg<e9v<}!
z`*0+sH#Gg^?jusgEnQV?_s<A+-`B3x;_qvt)nV(B)b+C+l4EfjlF@nOy2x#E7+1@+
zBytW`9k{!~*V%nqc^dZ{U(*0>6?yzN2M@}7awfjB+pQGeakfM~BwXM_+!1WU+<ZA{
zQ<l4bGU7}7ZtzJR#~{XJ9p~YjS9PJcU#d?e8_U%VW1H5<(JsXcc6SxexVKr63bU)O
zy)XiwDs@>C3C|Kbg-e_C%300fKW&?CUp}JxTa4s;@aX@@=9PmI+wx%v6<gl()u5nU
zDL!5lUsG?gFHZnC6mFmkgXzMcSg4693}y;NXhWf<P$<Fi*z*4YK_NZ?ei8o+=tyL{
k@PHHlO`rq>`TkDv3JU#aCQ6|`k;eemD0^i21<%<30H2obT>t<8

literal 162510
zcmV(+K;6HIP)<h;3K|Lk000e1NJLTq00E=`00E>31^@s6eoRp{001BWNkl<Zc-myW
zNt+~DawI0I&pdLgy|ED_Z*$`R{}H_LIER_T5X9D9=&H&!7PqIugRT}0d_V)486IwC
z&vX$L5taYv|Neie1ONd5oMJEmw$vX%OrTH*2mwKC5P+Bh6o>%=ff0ZZs(^wp5NCe0
z!2d0Qg8~X*Y5)kvzcmxU6yhHXHGxn8Z2u}G0Ah*6PXV9;^nYt&*b6vi!vweyPzuz)
z7Q}!J#R<T~fAh`!KkNHJpfmu0DPTgs2SUFL3IxD50Vtq}f3Of(et$p#;`1p21F-xL
zKoSswLWl{3;@^dU7$G8n2u>kP0Kh;agzEPw?xg@&Bo={1_1~q$reagDK!^|ug8|q=
z82uNC8bkm&1qQ{bie-R8AjY_M1J%DPwtvq>LIp4oP=I3CSTG8f`Da2{*G(l5_Z{Zf
zMZe8h=GS{S@p~kM61V|zCj37E|9jH!x5d3%*btb1z6c<M0igK5t3yZsq%8&tp<ECU
zhZuwcrC`(V1O1R;;RPZJLLed_{EQKR0Z<{7=J!jOkK6B4y)<#?Oh5w&#a6>Uwx2No
z58J=%HpP|`JWebK6#gFg7m8<~=xf~y6XHB}9y`CU>c3bBsL{_V)&C9vWc$6&a~NM!
z2^=)2C|+z~!|#=;U<+}BV8P#~yq_nC6M0_a_s30I07!$zJ<WKsMQ}j;U5zLFh7#`|
zA@N1y_45-T<4fir5Llux^K%Alh~^IvezWqw1SGNGKO-=IG~&;aBvj)0#_fgyO2wk!
z`N(@gi1@V~TOsDL!6agr3d{s+dwhdh918KcsRB?z0*ud+`hEh6c@*6J-KAo%`4z>>
zqkgPBJ~7T80U_%%As%B%LgSg)$}<u7Upzh{;!4Fj_-Faw0VkHn4FMMY{u%u2s`<f`
zd_HmM0PuYCcYhJ_P$TyFPx!S%>c$@+4(oTegRuH9Gy*Grd}BlNQO8S70aW}j$X*Z%
zwi330gY+PqZ<6Jg@ZeBq#}sA&mw6(K)3VLLx(WWDTTwSu;xKKPe<_jia`{75p$7=U
zgK;FXC4wVfN&@v#c?dFyMnH|<VG;+3gkr_R-5>>~3KfHj#dpe+<cEj#4zb@Wi334}
zQ7g!bS_G2?(d~aG0;tqW1TjC@<|kA{K-qq;#gn<1K|#Mi5vVP~pdcSMVd_tGF$;~1
zCK5?c0TOn2$)M)fr(1zdK-7y0=^)I=J)TI#PYgSO65`KW3|xfBQO|%R?(quy=lS<q
zG(Q+w$XFay@qi~n54N^ob^zkZacu#0gR*gm!iXpW;$|wqd<nTBDlmG|f_cz^3Mj;0
z^nwc#m&<tJ{i|*eI1FkE&1y~r%%X-K*fJ;?1v_6$5r_(?I?g1sMv6iv<88i6@Mj%C
zPbt98g23Y5Eyz|-PrpAAs6{N!WR#fJh1;P9(6Hm(S?0+|1h_|FTvY!%z>9(kj;L!?
zF8>bF`GjQrJUw{Ez0Ln#B2n<nWF&ERN3e~A=RwztWu+HhphSWupk2Ti3DNofWrUC0
zCVu@8fQJElL$cBk`a2H6qWZJ+`XfHyf1fSjFpYp8sYoJ$#)I6FMJgc%s7QrpB3_p&
zS~W^CFMPaU1=jWi1QVR`9adymtrQraLxNu7_!*B1k*0nY<F{|=grE1C6+5C4$XGdw
znSA~k=1Iej>R@LhfouvY8`N3!Fu0@mT{yCO%9xT-MWB&c^Owu0IV1ugK&n@#>UTpW
zKSML7RKQ0B$^JWn^h4-3$g8+)0Yt{-2%_R<bPWFY7Pl{dg#bAGF2Wu*Od<ecTnmX6
z*+U{ja~x1x=ne)76+{B|m%!*16Cl|1;Ge-V6Pb68exLHdcEyJHa{}r?42+Hf@IMpa
z7%!(mL7Klf^o~nqK>?T_Z;%Qhal|7q0)~~b7YF@XvfAHqU6C8TbII-y3RLGCuLUKl
z(!LhU&RQctMi)W&i<!aGA6VUD@4z(^wO<qA0V=!KmECPb3Xehlthwxx0EH|6AvOd{
z{3V70ri|~c(8I6SERwTC@fC?uHG>H{Aw+@33}|^yAX%`-3*?EAD)mBHys#3<Rin!@
zWi<RAoK*-h^)6ok)$yL2zs!sTD(Zi(*%^y}uPo9sNdbW9jshzY4a6PyU}%y2xV-CG
zrrt4#f3NCQ>7Akp0rieOyD%^ka(t#Ro)IM8RmOQ`7oG9_6ao{$j)F%h{=MSGkqTx}
z3Pv2WfC?0-GhI<C{ukr_^q*5$d<TnXmK}g)Q4>kllc^`TmEE5x#G>6B6}(iz6$Pg<
zTUk#$n!TgcbxT}VzDEll2Lbi>Vs@VKZ;bw?Yu=YQPoi-j8Hp?6%C4f=;~gYW9RW<F
z60opRUKG;=%?l=t?`)&#ujd@+#unqJ<9gAB$chI*K@@t4l66rhnbe~-K2VTT_lOdO
za(&UrqC%-ant`$YE`LE~Q$Oq(T%b{zLi+Gf(XU4yA&01-8f~uh(J}#PFfp$PIBsMH
zdPHX?glVESbpq>BnGi_ALjGn(trqZFbX|*)_(TD<c)_#}vPs<7xF3NtWO9-W;L!zS
ze9k+ZdB~_y-ABhH{vu|?5mU(4YJG+I?KNKq5WBh?iQ1?DtaxCNuN(W*S1*`|Lw)nb
zWdv^V7fGx4C3f5oF~r~HO^)X#)}0frDsBcms-oV}NhfcztGzA#{1U>kx?)eBX9g}I
z79zkOks2v5Di}br2O%A24&8~5jutE400Wi=v=l$TMY~8#jKZ(n6F?O>#1(a7Kw6Pd
zSZ`3|Y%S<JV!wBlQJ_hl<BYb_L73HXdFL(BkwjUAGpgGq8WmB*_v{X$GOw;JyRfLB
z)Z+WDNT@o4x_2oDyErsP5j6m`Dum(!0$0Ex-q|>)7SAC*JM+6>bf!xSUo)~GDvZ%V
zpAo5KwM<|d1yMp^=;ZIuiP%wG&M#jjt!gFeF4X<mBou~tPcTrL4C*Vo+)Wl5Q!ycs
zj!X3xg^RyK@jgVXszhWS3oRiracHy)>A3bd^DDEs$!Kuc-6^H+oymaEGHhf4jxJV-
z!VUpZ91&|Aj%;{N>fc1X2*iU*972UkJkU50o|PSAKd4c)`V4{+t$KDBfz#(<pm>9w
z6(XZr7^O?aK^c!U620S<k{Q?!r;VE+B3O|qAre)ze})$@3g||rN5q_fnOXx{Qw;1o
z4)Z4C)$QZfVOqWVAS;RG=SX%$eeV2_O(;7+U_HBAl7fu<$z|oF0cq~IFIzoHsR-7o
z*m|v62!X1%$c$>}$iV2hQzYdKz7m04up{6d1P%~8F!$_Ukn^BCLy<@zK0gy~Eb*6E
zA_XP{qX`X4cTEthM31PP5ieR+vsv|LkUcBHWkU4eB~f)T{tQ)h6~5)OFFX44@?1t&
zp(X*hdVqxhckvsnk?K*2&k=zbA65qk(@N3_WoK`(nAh5KC2!n({^zhS3)(^619su$
zMN4#4Ii1a}h*BU;zH8pq3q(CYD*Zh%WxWSpTr%#X6g;-OQi?wp2zGT6S*+#UZs(y8
zi39D=L=zeen7yIggrEIvo#L~^gMQ&z!(?S&HLQ%E7Z1RwnYPbiw8Ea${7<6WkeVlY
z0Voj+nF$Y_n6g4KVHAWOG%3W^gwmwXn71X7oU=3KC=e2LieijX*GX}7K?AAKfRrte
z70qJ75_TW$yQiQAwgeTK))+mS_&a&PVdAsqegdj^fo+U;>s2BaM^?xU5rf6Ew*34+
zyEq$??D(;qZxC}Ozc&BDtyzS{%##8$^>K?<cM+{;yyO~PjKm;ZqqW*1^^#}}P80r!
z8A}ccv-0Ek!qV9uF+jcGsOTGM)!6$(7USsJSck4AR9cY-i#w{0#By0xmsnk}A53)^
zOafB8CM5Q}CORcnq8bBAq5_gcXBJ3iWspnJ#k_`yLWYKdvSNzB$4q`}zC2xhCnm1a
zNV`gna4V2Wz#m!JF9^icXK!#q2oaD>J=2Ct91`@`;5@v-Qc-M<8DkFCa}Jb5kigFw
z)mpahMkkvr@c}I53f&=tx@ck0N7bg@k=<15WytJvr$d@6@5`w4n9y6yVdQdNrC?|3
z=}Dc^oiDsVTS3_H<fM>sfaPyabP`6SO5q)|oUN!SpCpVI&>t1m>108{fGxK;!mZta
zN8w5TOzo=MyP$x&bGE6;$C+JL0T@w8n9ofx=Cp+dY0Vup;K~GC64Hl^cW&H|HKG4H
zD~RNb3k-%a@AA*~*_O}f9OBDiKSr8TDZICnQhoC*biJA<I^awFonntUUQS_68se8R
zF3>Ui=#Dcxrzk$eVd1P-8AOS^@ftJIewLjeb<EZrva>j={ZP7d&d+Eh>(n?q<KM1;
z)ivO11Z9m2I0G?QQJQ75Lc!ns*Cd^3eCA$OB%>p`eG|WbXON0+aXl7@(jjWt?5y5x
ztjtl6W2kXJEZ~^V$Wf`$F<Mpz60EK*(I81Oq9PfHb+;5xpJS*EISNi-uvs`dg!)o3
zlR?d+Ixu@4)WRz>rR?euEvnf#_zBrX(lFtGNIJo-YMaMbNJwfBesajTsC5sJm8y&(
z`(P4vlB*J=8C{j!#&k;54^~2a$nFruBC?TVS0sd`0C!aM@IaWIkP!nKLv_g6`ACpK
zwhDI69HW!<z?#3GSeEP{cGsEsaSqy(_#jS@VH{*lKrHU-V$c5a^9_+qajW|!k??iA
ztQ;MSXv2wF{V!uBEH)Hhq0TGns1_G+=I;uo;DJuU2}4R&d?s~4+0hiKER$T^>&6(o
zD(|rX3v#VsDVea@uvpC#doHHhg%2RbPAkd)XVqjK>^Kr%{$6PqQrKvL#sw59C+?qG
zcVLNj9B_D^V=luaR4|jjjPRd<+Ui}zE0PHVc3jes8WTbuq#_Zo@NJY0&a;xbo`k>>
zV)RqnB+40(tLQGcZp?NDZ7@e18uM_dz>>IQF<aF^Ac%H32OI@})o0I<hg5QHZjd8C
z)H%sUzaLpt4`{Slvgr4P!Fbk@`8w=M&B};tVGVX1$zn$n*^&`oRdA@rvCB3*TV49R
zhE4^E<R`(D=*pQzS<W}zs!JI4RtMI+Sk9rKTxpu(Sz4nqw0fx%66tPbFt%f^<*<_}
z;^@o{H}Ly}%Zkn7gaESVW_<wqfKkjlMv)o@g4#2hs^~7H#$wvZ2!?_|0~L<8H<C2F
z1DG{;mrbm;dCsFU_?mPz?Hx!CfUgI<UiC`eU1}F$WWID@5Xqy;6$SxLDu_#-hXJ*a
za0Xgo`&yKDiw@Q4!Nme8Xz&;et13d-l`}x7d9`fHW=yC#qb<n?P2Q{Txi+fem4KgA
zl3`>4!^FHWX|-&cv-J}Wf<U7KoZYjGjwOTnULk+r7-Ww(m(C9Bf+MK)IT$u+y0To#
zoO<;{URAN^nT5tLqIQm2CRGr)tUwxe!U*_<%JVV{U3p5BgLdDYJd-II?`uulq~B#t
zxReR8vT}*an8_k%rCA`&E;!~#891}UP1aq&{c|=oZ&VH9^V+1@Vk|OE5(;82vIePy
zjby0cLT|>LFiJ{bl1&@;Bq}Hi+O`V7Eh9ced>aHHT%K<qv`PBVK(8<pZ4zu$>NzR~
zbXOz%fa989*YM^_;tPscF^eTG9}gs`zt~;imM*l9Ov-`_&A*1J7d=2xuAQPipCjW7
z=e!iu>VWc%Q4N-ziFadS$VXmKXbiwCLZ2W0z~|!%MeNcYF$cZqV5}1QsKiSd^P}j3
zl1AKPFn<Y!J^Rt1ruJMwDqdK1s8Wo!9Cjt$vhd<cQWCf@s&nxsD(Jpy@gj5uQqV_r
z2@!7#)(gf>4!<+eriO-I$(y2}ucQ=Dj3(4J&gQd#XagEcYO9tONJocep&^(dPl_N@
z(v_kB3*KZ0C2$Rp=%sC0luM$mxdS7xIKMG8ApX6M)X8PwA#hJT+|as^JnToK0jWm<
zH*`5tu;W>3FbxsU21yoRYiyL`jG>W(t`xl>kR>>R-~o})I)!GZx{Y||#co3-Zwg?m
z&tNg224tMc=%9?wT(ZfTVYd<{qYFwMQRhz$_;x@?+F8Be^%TrVc4rKhoK^=7V<7<4
z3EoM~SgPiF1qCf@2}PbEQ;FHmAU%!FAUjkUGop-9K4zHY4GuIQ=0)1@lm}_8*~pfD
zcPC7X_*uzWA1xTWW7gkawF*^JiRb9EU`A`j$%u^j1djRlpo7|&U(ZQHjxnmJ3{)p&
zBdIGi)kYF7DLp9qr9TL$lrnUJ&axJ0HFSBtv}SgG6U1_?(9n^LBI6)5s-TABj5dbK
zIv|1QJObxk+3>O6CeMG;L)n^FMAzd<U58cz#b`@fPYTcy3X?%kOd@9vzEk7jt$&C#
zhkzD=gQF@Jc7>b#*@Ph!m>GZ}_SCpW8<2;D7Avc_gq*5slb)5ikS~YG*@{@tB#41$
zC*!Nxhy}ZigO(kaGp@Q$bP=r7jOGYP(&v8~36Mp3_WB?oQ%S8)m)0wwsY=K}olQA&
z3Sq_ck~|W2sd0PGyo)kT;D~`L2c!md{Sp-_J35cnb7{{0bOrM$uHOQLRSy^jr}ig&
zs=+2I{g%q0Ge^RX!axVyVMmf9qVmh6-RTx<RP5Dl<>#=6@rdu95bRb~D0PiX3IkJ=
z9naZZ-@*t|8!Xs{C4iJ>a}9Xb;IqM=5u=jlgx<Q(VaXvVt(C&)Fg0Q3AdnQTLY%g|
zb7rC$ko-OKV!|$S;+5}~Tsu03kh2+IQUywqa8RP!40chl6`M~g&}mYv2O87lpiYQI
z#gAllj_;~5L$gTIH?}@7wR9Fl53wlmjNq8RmTVy4{Oo45n7sjKn{;uT9abda#w|SQ
zfdG#v?Ne%k9=j9+kzGxDw=LM3P+X&fkcJdfQ{~{y!Wqvm8PipK#SB`liBmN@lq{M<
zZlhi-Vh;o?uIMndxGo=r7GuLNZow<Ae$dV;D&d%VP&tD3Sc-W`?TFJGbHJVnCv%Jq
z5!^~B$|ajVpv`Ps)bt>SGD4L|IX3iQpY{JY&Mf`CGMFVZDD@&;mVzs~m3T-gxC@y=
zR4FXHI1g@DRnjv6L%e>Tj4da?p*?U7riQ+xXKgi)veZ9G&Es^iLN7yA2{(Z;-xHI<
z%9;9{#EfIGw2?57lvW|1zp}MBf?fEvQ($*Px>YDhFz;C15q4-yO07MsZ&q@kYEk+p
zn373NjDV%S%JN7QYbOt}1i&qr$$?F@nU#Jx2>=4!j%ROa>bX)TlGae&prD&(2Pas@
zR#LD^sG6T30(OnSldYABu$YOSEKl9#BEb4LTA!LT42^`gHQ+vJSA>3MO*6N6Ryk0Y
z)c;Yi#at|$f?MgIQ+h|5a0@PTU1@5&qQuck4BjG(S`J}zkxHYI$U_%1fZ(>9ft!@_
zeE%{b>tGz(fZ$V@I~l*-n0L`<^diHrqqT%KgfJ>&Zp4Nk8ULAZRBCT_LiW-cq~g_#
zuE_>du{3SC&dalKUg=b0957cSEBSwyQ-hBAP*KO_0wK=!Ew4o_31PVK1^{Bw<27}P
zms8u=pQXj-?DxPHaca9qD1akbR?c>dFQ2T3i4#T;B!CyuVtr`_%@on;>}Dn(KZoII
zvl4BndcxW{;EMT7vVn>UG_Z0;K-5`Ig|J998A%eAzf6$5AR3DfNwaiB&|8CQX)(m(
z954?mv?PUAr3ThIhS)R#PJu)Z-_T+6@v}NwnzNlA3Ug>Kk_nhxxf&8nyK9hc1+<9L
z`4sjZt>&6ckf@r<$_b4rt7NbX+oPaoGlFjuD_nb`Trh3H?_?B}be27%Ns7F1(0ru@
zeyCZEKhsk;mUi%E!l{vXrQ}Ybg-UT^hzSvMCBZ}rc%4C^S$0^`MU{1JQ*>ovvnwN@
z8?B*K=IpNN*b~0P^7C~onA%U-M!SNz+d(Jd-73e6r%u9_GOs~^Q(jS~2Sq%qEJ^DA
zVCePRZq3%x@ma~#sTiTn*o${(MG<IhTC_%TKXVp%Md}kA?3k)vAf=#EN{<M4wCG1w
zof0Q(mFzdlMT%i^#k0f)3o*`(4pF{Rn!Y_SfJ}spf-XBUSV$R0QICt9i6xwt(ao0f
zh^RSzcIC-7&Utpn)o$NP3MV5%480dG^F)RNiC~>liNdw1!EP1l?_-@*sH4Csng@$c
zgzSMsFQxQnWFsGBQI<^F1ww3tR2*w~89_KIoS^oGHsLJnH59l3-3Xh8T~&(u2{jNq
z{OVFjD+3>YU2SlR)grPd>xY^F4n<=`;L)6nG`4tCinf-1X}|$jn41hXkVayx{>4kj
zV@u7myxQsel=ZShXF8%*)6z^CaGAhtfduZ$`kKjl8I#rKzJb|kN<a-9FVf(Em<$>*
zz$2j;KbYkxp+U9Y2o_gp&VuDbx^AUh1r^w<D{hIPa@2gx@8woPPPfY8;Q?%`2RXHd
zXY|4{Y9^1uJ^QlK&3~277&`{Gx@K_kAbdYq<Qo*T(4`4Wobl&&FX(yCg#p#Gn(QT0
z|D{;in=K0$|1KLn$6M@Le?f33aF3#74H4@`vo&i@7aomCQaE1?PPAqY=@IDI{He}n
z<X*1biDJgZ@k4xl$??Rc*EFBWFl>!v*!vK~UQ&b^4OGB1z{yZlbC84*sJ%-wrV{?v
zJs|fXwnff(tE;hq$6Gs;bI_bY%%aW$HMy`*F&LL&8M2enHI#$NOuhIdPA8V^cC+A$
zpI=#)vWX<7F~cm9NVCjV2=kdXTyusOH|>afX(L(aa8Hp}j9OzdOji+yIO)X0{UH;R
z!>0XjIN!8@m6;L(=@~wy{SMC+wC&9nYAZ|Dg6NK{^nEcdFpc@Bw03WI5uKu3h6BWM
zNl7bgC26;k>RObzu?BEq2_ZBnHmGh+nIs1*g|$<xZS6=z&Dq}&@Q|A8jM}H#ZsCeR
z9F7aqXNhAt8mje^%l+15*Z~dPxY#`au(YaDSFQ)yzyc)fh*<~C1UTU{87ZwxGN-I*
z->JlgGfVOqZj~S;%jJch3hhiVHV66EkF2n%=(?<KL_0BTxPIV3U%MH@EH`I(*@d`|
zi!B!Rd@dPXd$JJG6<t}mgzugh^w0srbutzcD31vAY<3}<MR$rtr`kbF)ipbm9dvOo
zNOqA~2$iFRfz&YZO;IehoFtUQLBU;91L2?P&#}v*9i61AVx1b@vJES!S$q5M$r*%(
zSXK?ViQp*1&4yW|=&!*nJc7E-$=>iYa>o0pYB)@5Hn1p=-E`k%w;pIRMbBw5pqtjC
zC{k|{-zSQnbA>a9_`SIerc=HT5}HK~h)A@>;A^nD(g7?x^Mv8TWh^M!Qd+E%0|x@J
zEbNjr^@>*W7A>RVrZ-Fc9@#07Z!$%a7ZM^)I=m*?A`*?oyjy155_2XQrlXAWIGrTY
zeo4WCeeYsW6&z9gZb)?<IWM)rsB^eC{T|&HZ<obT8yXA3OEQwlIY~z~<0|%e6kt(o
z+bC*-5pj<*obS&O@c!CyPT_?eW3;d}J1B)1qr36gwKa;iU>;|JciT%TyE7P}rx!h2
zJ5g>Sj{7nkr}hDkvO^>Io6zSM&~k}RxT$VvIa4<~O4DK2Bph{7IQ}vX?zt80q1N0U
zZ{?zss5u;)5}c%g_<W^TFct&ZsEe@@=*Wj6X(?g_vx#`{I_M%94$Rr|WeDi+U_)pH
zQI=gvvK>$rfgkb}9WtA_#IQ$7^EdJDsf)!>^Z?S15lhq!Vxv;koRL@zCBv2BKn5s{
zsxv9pEiy$6G=;cOC0kEM+{(&FAV;`5#0z<#wNyKk92b<t14lQJ&{k@bOfM#^pg@n%
zjF`rmF&88fWi91qknNtVDrE^R!=fs+O<5i0_s#BPg=B!j@E}aflVC+Mj8Ua$6Nwb;
zWS?3jGVvG6hG=sIc_d!r7%VrX-;1|YN7R5}%mSM&$(Sn<<|K{73gf!59mRGs{UA-r
zHy7$65{7FAS%G(>|9^pZ?y?0d#u1~(0th_ZgAs|gw4%%+F@q0asyK33U7fg;^$nt{
z$hm4-^&IBiSq8iER15exJ5_L^G3d}c+|O9ko(ObF)M(ATpRe2|Fj%MlXOW!MD#7j{
zV9VJbC)-X1B8DTJ7S1eOgC)4w-X&t0Xc=xaQybRqC@lqJ&CsS0_8iI|LE9%u!lsh}
z&CqBTnxwGJ(i$B>CEp=pl@YTg?%gEXFysO+IR@Dg^R<m#6Vgm4|KOhuxHAeBT5NC-
z90G#Nihq74Glzq9lWOAXVs;oO#&lm>H`A(bX=p1j(1iSwqMg-ylHEMO?J#KU(GWRt
zTMyt>C5Dd~hWK%MEcwHbi^r@?;VK%2v@tUi4vkHZN$aSugb-+@>p+2R?AZtsFOK9}
z)DRSDfEtoF8@6)7dZ<;Nmb%&_M?qK`g0-0S2v!ZWr#KTOUe@p$!v!A~72LwedtwC&
zLd=F|9-7&ujj^MwnwmCOEqreZ8T3>}WsTMh#q&xpwl<LL&OKpUjjDe~b(I$UIWRV~
zwhr7a+8vd=3#kKI#quDcBRT7U87WAHdY(zOCgr4?`A+>uGNlF_?iN%Qwnfb{#bBv5
zLp6|wSZ|Q5DYX{NV!Y&nsls<c(bmh=*1RnR%FA49MdtjY9X8V6@l+f1VpfuImj|}e
zK8R5^$Tm5bsQeY~=MwPCI=jHlIndU2I8Ru$oUzNbBz}$>9TLY>g9Sly#4|@|tWLal
zuq>M*8>=*mIz@~QS;_zyf>NPr%;jXvr;@-inGZ5z5=6?;B4=5vW@K&54ECsmDnrvK
zA%6*o)G|@`NFeW5>e<?RwB6D(Atd=CS4FruK9gb>eMuOz5`RmfRhAY&`D>T2Ajxym
zGf$RLwj2IBI~r;@T+|iWTz2abUhj5+Y|Kh_001BWNkl<ZjR2Z{MXBabWplHmdZB?8
ztE~(oQLcOL%4|h6s<D0Z<^?MIqFmQ#0n58Ax*}4BdqL<Rq7gx1vuql$hMf(0vDzcs
zDS`zkNV}U4W>^UqMTUNUco_%FE9vy5lL%T7jWt+qnA!#lYgIMe)t{E2vDETxk^^#8
z1W-GT<l+kx&t&!eWCZR#OghT|mmc-xqF?b&#R!}*JOuQ)(bTeO9P3(zovi{)B5@0c
z9*j-#mysyp)ODF~qcn`BIcplA(GuV#;Jc09)07i)8EmdfQRx7mq?TB3!He5Q^JBe>
zRczfcYt(B|rcy)k9rLUe+By!AZw2Vo@+7ebZLnG$K<*OC9X@0ei+~7BEn-c2xDKa<
zWY(E*FcVn?0V9g1d9e2QX>_9@GM6@NR1VkisCW`Ot=UXaf7e7ogW+gV$XPL96C#Xa
z#wuI7>qo#IZ4TPDJwz9ZDs2^&_CFH7o3*t-rbA55H>7rMX%eA^+d(sv+3T+&v8lXb
zt!b|fv1w9@_GJ`GxkMz9Y1dq}bqCW0q|WV<_MMy}d$K(}ZMf{99saXIk%IW7NK{PN
z@-nAm5rlI7wKiV)NrrcNQQf<nBnFv=?J^DkhgLQ1@Ks&NLM#?rEji<G834Szi7K_y
zms}TV<=t(%C5vX9b~g~Ktg4u*;<O8Dc~I&=w6u;g1cYg;;joojQlPCDLtP+yDUofn
za(J;XlA2jaVeW{4;SYbcpPWpalI}85&JubtW!;h#^7!mEcd-qtq9h=w1T~xG8&>x9
zdB?)-Ahja3@2gtJLAj2Xb8UalHpF_~agE@gRQW*{ZTE~=4Io!0lID7)`27dk3$844
zL@xRzFML>?%4jt`m`}!ABt*oHo|%w9;6Y+(p@vP8p`&|3so}zaT3TkM`!d9A%LtQQ
zWP^lo>Nf`4D@Bodv7(WpcBI<}rb9gh%3brD(l?c*%5cZGB=l(AhjxVzuwo4AGkD%|
zrxAKt9<AZ-H1mXHw+Y<GfL(?^n@~zOh6-+Sp`9x^JlC2Lne=%Z-~D3Al{>NGAKb>=
zvQEgbf0D82j?&|Xj8SXQxFH@jRvBM$;*M>~8p%<IMU|j80hH4|nzdN)b2(MCRZ+2H
z>F+M*Ob#+uMqtPiP~T@-J7p1kSJt1GRT(gl8o+i#(O}!}7K9f?sYar&GnBC^mVC~_
zoEI|-ZC=%oEEv<opf^OQImO$gO{B~DeN-k&;7};c*W3+LOx8n4+~1+M9UQ=;wxkNK
zk*H|V+r?0pt?ht1Oxqp=ff=XL_^_rvay7%L7<^-?SV_Ct`#FjP%UsA&Moi;i^}{*F
zPML%zrP3jrofFSiLxsLG78P{YK2;FA&_ffu*THy_>D#5XQ=x58YX;@t^-RAu5v<(A
zTBUnb_3A^%9c~A1>CsxBi=v@0^xg@xiOc$d9CgT0$jim!sDX&Amd;6SPnasjds*;E
zC&TIvi}VtSaka_iDyyZSib8_%m+Ey7bZ18FVKAF8227zmoL-6^CO8ztVdJvGA=`z1
zM{Gzw<LoXgs|_y<MnHfxHqe6LgjSbNZ<dAgK&%tFxDk$IRuD(8Rp9agaY_~H&x4eq
zXw6Tt;)ZkfMlarUc9-DBKnTcbmViA3rfVeGm9UO9svyjJ5oDAkt;8zZJ-V3u1v?kL
z%)h&E<3l%-o^KgcbABof{^lId-2$W*I8QdNB36i02R3{F*-rC&z=mm!DP{6Ic1=xU
zWW7V()$g*+l450M2RK=7mcDg1Y|L_fL~a9~Mkcr{ziJ{&GyvKg@alJEWAL(uS0<LT
z=r*f^OX5p%kgV&im_ebOxfibt$MH&a0TrygH8<GGwR@}05YcfQUT^8x0@#ArYHQO3
zBC8m)>waNs`Eg}?wpZ>!;#J>JHn$w29Su{~t`M?~r*Jq(w*llF$d`*i%p{BplfGuv
z4GgF7OeWcuWL0iSnvjOh1`RWBo~&1PAVbVrRL@AfzRA%p^OIU#F*;6a+oX$xs@Z%{
zZR%L;vX~QSd$L(#^DC&B^chzLJsG-^0V9ayTJ)=iBiEwIIC$lX4l7HhT0NaiAL43w
znt1cD<u4B~8$N`SaVXtiaB^N_5h8=3CA>(>K(V+ED>$wKO?r2!062<mb|KFtJTg~A
zq+Une@wiq(FyYPI5{s$`+d2s~Q}M?YD;$EnAz_$mvGPO1)HN?^Lx#klJ-^C<;<A0S
z8BT>hs1-DK1_7f;MMLLS5aH-BgunyE-Jugwl4hx<i%1Xmhr3A$LtFEc@x+9~?E)pb
z&cZAq@HN~5+Pf_<!_Xk51cMhT0c){mLBFwjLv%UfBYSuoHZdv<KoLy0xr2z)n{7C9
z<Y+C|fpDz5*la5%i{!tEGS4mPgaG$g$cadRMKKdx7`;glTD9$(mzi!ZFa4X2GPlQ$
z_diL-iQ~?lTKNv=>@Yq5rd<(vbt4}uj^epXJ(q+pH;3s!kGEpcBf?pxXqnQh0%Z9A
z4sW$I1kEjxB5kOLSv6I+f?5&R9!|Nw7-j1}=Ky7SA~S$%-PkmC<pra)i*J`)cDzK_
z!(O1q;hn_4Sw6)sD#Wd1Y$~&H-FON1PLit)Mhk{zbdYEE$2DKkF@W`rnv%Blg6eQI
zWbdWRk}(&FXLgA8Y_5jC)<G+`iw?nZ=HPVN;9Q=_rfH;wi_P6Da>cWmjs^pYsqMJ~
z!{=Plkh8a_42{!!x+MWAxk}%^uF9;nenBXyJuCTd^IpZqR~fKU&P@H@$EH&0(YU1=
zW|Z1lXlb0ETg)3?(u+jK70B>7LutHgo2W5H<Cl3$naRX@dS1knjRr_VUsbiU7f_--
z6VsKWHq?%dtunf@sT(?`BDm~_VosO_x_T7^*(yrmg$Y@!GjQEISLZMx2-{e)5-$uC
zWvs`Udz41EP2_H#E|OND9~RY~6q+Jq+d#ABEa7p(D>t`@bICxIUT#-~<oJ#kToKb5
zB;vyOxm=I4Um4))5CSW%X2N1kez<f-SC_)pXUepN!ga%N@<92@T(+F)r&(~%`VFu4
zV{mBa;+vlfW!J?l_%UwX6k3_z+as~q3X;Qyq^g|=&OTpRj$a1*<NTYwFIIXG4d&2X
zugpO&XGv;^S0)0nNicRT4aU~=iEpPgsWY;3HSbu)R(m|kSvIV95&}#=w(8Cj_S3O=
zEc~xx5SqYmCceCf4Ub8yvM~&=25oBv1hI!&eH0h93{J*UUmdFF=@*wQy(vXZFi0_0
ziVQj?%YH&H&eXFg!6*P^Z1m))L@(OBi=#nkE6R>aYVF1Kb4Mj7QqWgo1}1IZmsMXC
zLTEuHa9MsEkzxnrG0k~dYY=qMezVxw0hK`%i)lXNiD4(nA()}gj?yT6SVQ)LOVr}r
zH@w<&xDmUhnQjwqQF<q~Wn)o$rcs?(YXs}Q4VMcYiP3Uiz+M|xGvQ<@#<IaZe2>a%
z#-?c|E<2Re+PqXoV!Xtx=}c}csxJtq;qT~fRV%=!F2qSOQD~@?qlE+;P^LgOsO4Mw
z9<8~lI`gQ>rTD>cZK-J<d4b=B?fT9^(Vw5uUVm4AK8qx>LkeSKDc{A_c6_#6TvFTc
zZ*F}ih$EfJ*~!+Vh1*haq_hRs#XllP0%IM!wKT+{*qGKp(^)pV<T5u-6X!_e8Z5*!
zh3Puxt#LMm#39ml^nMpNl9S2U(;#IR9@TH&iW+3eFj&mQ7Kw>g&IyV2S5ka6m@P;l
z+?10nak8t}gv^x9+i(@LURXP2yHgfGIVZBo4G+<6x-qb-E{x9L7|X;M?4;rzrw`ZQ
z2Wq%f*s!Bf$WYDC8BA+jmZUP=Y95u%fMTq)kf9}*Ewb!-J#z08l?Csl;i@aldpm3<
z{Zk0t5)f62OcP<1%bdePO|QXZwAc&@T`i{$>T#Mzp5iX?iHk#kWAoxw*Sa3`;I>F7
zt1U;6gV}aKXg*gk*-T<b&@LOOeCc+PpR61`j$)3+eb#;T+Dn1+)ZheVS<4+en*%L&
zmW2OfL1fvTuroyZd8Jc)+ikJcHpyZO7mn0vt*}sHtXDx;^jO@BBbK=tuVe=iU~h#|
zv7+L!&`RyJ<w<(AH9gtMl4E&eBp8cem?F_4L5*ErwVvL*h)9~dZI^%?$KgaF_To*8
zLetl9qbl&R2V`=;ip_SGn@-%vC=5IqG)W_C#Xi@`T9vYF@-4O2OQ6Fq&;`ul);}O?
z8SX1qMAGQy7B562F%4}XuX~o*<d)faNyQlnBU|-dWb_V0NB6}R2n?8dxXfI-)#3Cp
zDDfpiHsDC-i-}NO*0S`5?^z7(NKB?zd$_g3-6b{)A5~391x<CwgS3w4+L_wh-5`eE
zTNJX1H@GG;pIuxRgGmlua(7KYgs1w1=awbAwl2W!f}|GNEt?kTyl_tx7;fD?X!D|T
z*UUx-Lx!;lx9l{iW1}r0vLiz3#TQ?O;4v!=4$7zv8g;`UAu6`kXHlIfe4|_wGqrrt
zrtelQAX~G|?foMnu}Rg^8&I&h%C(un7Oa);#Sv78hSX1tBwd`S)$O@S(v5MQ2(y*$
z8~`o0nj6xN>T(Tly81IKdy$&S>0Br_XtBaemDt{cD58Xh=oQ(miVtk}+73mUdVo$q
z8!r3>=hi9#W9zN2Zs@h~*#)!k@NgtYTkc%^%B&sYMTX8LY@Bo?9}TfBh7j5^84E$v
ztQ^a+T*E^!3nZkAwy~`KE&cJ96Jf-BzM!Fxs;)8Dgv7IOQ`QL5=Ch5}5fw6+lgt6h
z*i5`k;=ZwLo=kVi8hQtr2mFJ?-8S~#xM}X9vSR3^eOXB})RSz^u@V-y*T$c6WgsT>
zP(|!yr_G1QX||j0?SdmMwK#;G@R`;wmLsnO<I#<AY}{M}x=L6$i^j`rEs6(QEFu?~
z9ZyoVbH5O)94jdYwUc2ukgK@U#;%#zWDi~@5%D|emSeFtensL;SNk+w_Lbx;R6y8{
z5}UD=*VsjW&6uQ@oC<JA=y$+r45<|iOniV(i>lNVKB^F3Z>*sc$dR+;R?pQ-#VFTp
zo$5Q)xAIC10Gug93G1Mor&y^6Sj)e(m|4MVDR<mKz`1NeEDRG04Od+nYp08hL7>F7
zn6||S(QfF41J_n+ZN^zbX^}wn;s)MEiD}ZQSYd6{)29rwXAUG6%GwFTFH0i<)jZsW
zc`1fPKL8$D45PVzR?B%<E{ns`^?9m=D=A`ZzRUuq>`g{XACyoba2s1mrP4H`3(sKJ
zlP{C)_n)~qtdmhm4S1coXflG(>*Vh;_7z)N*JyRdPWhGrfp}-dT1YnSBsEq=3|zh3
z+IyDM!W1nSSZaSyBoVgmOwwy_hmWN4;wL7eA%Bp9I5j%K9m7i<o{p)@>Eyn~EMW>g
zyK70>?@{}A6lM*>XJNLLBk-lhP>NQb=gDLgTCpfj+BVxQi?H!{zXxC8!Oz^#&TSFA
z#9ZgNxV7`TS$8gi99EAR<nIB!E{36U_-I^QL(->_xDqCCUC?Cg&PS6S_v$><I*GYA
zDHC48|C(pknU^lkRm^@*1IG1dq`ikoIQF1<H>lF^-1HCZA|7o+RF2%uEKDL0hOl_Z
zBS+5e7?S9YXXVj>&1OXXO*@7sV(yeWhhf5A#F1-r`{3AcL_mqiYQM$Uu$aDYr?vpH
z)$vmu6BUkh8=J#ri<yYSNY?vHh7ve!3)Ax7?bdW?Qdq<X8QFfNkz;C$au}EDby29P
z`)SE`BUp+3Et&qL>Bkaglad=*2iLx-d#Tmu*k;)=eY=9JcSQ~TNe|~o7ne>5)<lea
zS*qI$pD2e}JK+&h;^kDB@6uY0y;Qp6XUDX&AWMrm*c7(KWX`S|)r5j$x7H=CnHZGg
zqb!G;Bv3Bs<Ju5<BOSqA^0V?aNnbBx>2hSS?$U*#^iHWwiA|v>{nFf*B?U{DPAwNj
zhHJvjq*iF>wp$E+Tm~~O3ZV`tL~*7lJE1391$arHIW~hbhstFUnlMrrT0-N+4^7@K
z#%P-dBYgbQp}V>^>v^tS7>%)L53ANUI1Ja;Gdm%|h_+jLy*m+w4>@LBk+iasSK=gb
ze=^)(HXh#GN|cE-S7lSb$*~Prx)9``Cl@2mhE8aVZWEzs2$9ugiuC)QJBv7qs>}DX
zD`mO5NdR2hbn=uITqLqGG=?lUip^%L7R@|iVe5BDgt(D?J`xE@*lx_PA-ERjt3~I~
z>mIDv3#sc~D-pJlVapaERFHct3ZzB32-e+?ZwR}K!PjincFXCa;Mi&|7OUMt9RU0X
zmmicc%S^^sGRHPup>E-&X2GWDn-(uZ2olAqV+CnYEnJx++jDufhc*gK_Dr&*bnf_&
zQ9Z=aPI=j69F@G5BeaE<$l<30ZKytW*vMQAHdi0yQa0^jt}0HL-vjiD-?_`ODkm8r
zceLR>IE*eS<~~<3P0w*wowTtxD4xk(8>h|1fjQ)!<|^e}A<5p8QvRnAKzEo@n@d}9
zAC*sR-?Vr!<Zm~@RlvaM!Ci(HgSp=+V8>(`a!|1(T}m(8Mx^G44U0;zC9ytxM`}5Y
zmqmuoyfcVttx{QGtVpA~a_g8cqP@)+;$t0eRvD)*bA1&Bi!B{6Nq2f5+~-E&gUzy(
z0aYSbi|0CcTj5UM1c3t@MF6X~;}~S;GDU%RicT+&Ih1nHaQ$2#u~^Qe$t$!u0iCKk
zcZLvY<_*P4{J7KYddwKGdp3K&Z`{9btfhEZ($-(*)=@iFYA>^J!FP9&o!wDU<(jpd
z-I~(jzzTLdS)6uRzhdbMB0CIBc_G=zT=QyUWdxfHVV3J1(*3%6%F=f+X3;AXX6}9i
za4!h)Dvd})r;_IA;HP%Y8Jbq^<pswX#%5f=b`-I5!|?DEsukpTHSd&WO()EjF-2>8
zvDSXNY(UQV#XII^ghTuql5*s3xv^g4Sa2H`4Ff!jit?D4_%M~D5V9RkJ2fzOm<uAy
zSvDXFiH(V+yTEnxY3h4S!?M5Omh2~8t79RWve*=w8i|A(LVuDr=Yel&&W;8H&!T!O
z!{c=h@2XXui<^0__NppJV7s!*XaIL?C)JCpx?Lc$Q?T+o<A6&t@|*DDT(A&uk-WCC
z?<Iy(lvc0wMLnU(=<r|~fg^Mbz{OiGtw1rDa7wL}+|X%x()3qn_T=h@Xu+kopLU%k
zIO)PXg_fu_>CClAF@&nG1$1k(UhowGnz2$s%0-Q@nEQe=+=~w&%xoKhyyxam1#UvD
zeccpGQCMK`&0Tb0FNgEB<7apxYI*mC%ezF;z>OOOx>I^U2zNd1omVnez+`u`6j-*y
zZCN3*acFP9_3GWKyGuwU`~0;%nA-~XWsP()b`3!X-9N7PHWsJ#dhj48p;ygV3Myi5
zk;i^TRevwW-&xB!v4NMzJDzFy?#){t6GUq(VJTKVleq<zET{5KV4KCJ0jJg9!r=2%
z1nNO7uA+I{+*dpFb+`y<<swkt);Or9(}WE3)6goEOG<p;VR8wbd$C}W6?0s?I6|S3
z6qW#|PMe)chHBfYvxr>Xg_UtIt{aZCXwz89lI!dxyGV=ue&LWV=!K(BJZXezmuw=?
z5pqz$cZsc2QN6TT$D6rPLCScW!Q4B8ad<P}sI8h;O4Cp!r-jgXS;AN2D0QaAE>ysH
zbVY9+q$TD<=?0ln)uIt&h}onWOTBZbElk)GtC%TCbpYwYT&p1l(<5QOHWhVnI>nP)
zWNd%b3q4xK#>-kvA_5$4mU#$ZTmwrsY~4_<fZK+R2`>ETTJXgISLStFQC0PV^)HTp
zx9lSJ)!OO8re6+7LU?7>AgG!;hPB=~3|k{i)=hZXL19axVr>WUq_Zwc{h5Y^lLxC7
z<oYk|waARBSF_R!cu2GJ4dx(6w<5LXeYhh;XS8yx8TWRp)L=M+ETdC09P#2FekNB8
zaf7~33eIH4G1#V}G2~Bium{H@x}SS=%_~g5&P)Wwp!3t5iD4Iv<0tpFTSR^F`%6YE
z8(d{PXBC5<aTe5Tb4kIcNHGp&K-wI-q$GD}6rra!Ng$W*O`EBlwWUpr45r^U0^3)9
z*kTbP&KKh4W#f3bLDm9gmA+|3ad|`C>i(a5binF*3E4YglbUUuras@M;HGXN)C=xf
zJ6FSXYp+X2)n{yNqZE~&ZN<d_V`V}=SjEa&t{oxHj)HI}%t{yjS?qh4C8Zt1+$&@n
z+W`8V=5&EDxh@VI>o$@FEptyB2DP0*nV0Kk<sBmOTZsDav4UfbXKp24j%^QV2oR(z
zGPVxLkQks%5mM&F*ukVQ7#9w29apg&>b1@Rnpnd|@xj~Dx!TIjTX}8g5+_dke-@@2
z{&C^#x8@$5VG!!nU9GHIoOi)1Bh<D#O4YURPm!1}xEuChX~%cAAQiM3>>6GLdKu&q
z*%WKplW4EN=BlbO`Tq$Mwj-{UdR;;sjJmAazZygIrqrHMC>+W7OEw_UKQBFlz&I2+
z9AFGfDrp6rm2=43?t*bk&yh5s5034uWj3l;A)v}|S4g3CIVtB3o38hC?gJk-LkSN~
zwq3z&12*PZ5u)sQA<)$AWG>}a*FF4YBMpRwm5pt`Y07I@+Ja~cf=R6w54)U0b~^d>
zXU7YhKrcmNfGuOorfc+aM-O7h7=~A3U2_`J+K?EP0NWvNvWZ0L^3W?c?7~1BuTm9C
zIRsY5_RnBT(uh-6B^+olV>xzr#q-u!V{is+W*qN7%^@Qtj2kb{&a`}Y10G_D981I-
z7(%#unwrOCb1f32p<=w;@xl#RKA)3dy%B^gVq=E^Y^*%j38>?;-oBQqa0Gu2tFM|<
z#R)QnnG;KN>BSjAMlpz3u$Y0KI~jFWD=0KJxK0NWm*ni)RVM`jHhe&~y;-guA4`Ed
zK8Rc#)N2*tk|Idp)e7?<P?m;EXhZPbzLIke#V7=O&)wDGLhy?GQ37uTmf(=49hA*U
zTE|?hnxx&HZFPen1Gd3jFBdDYk=8?Ws}w;RlBTg_>`oDu3$jShAw-5qQ)(Gv-2@$!
z+|+UitiE7fi8L!nC$lCj`={uZ!i#ISWx9(ko6I@I!2Df(Y{S-x!*`0MFefKFaQHr@
zdtTV%r!`NXrFIU-*wZ4@khUC|Wei<ow~Xwrf@Lh|W6vKbuk1xI3xUQ6RfYmS$sQr7
zT!Z42K74i&DSLmEx~>4hd}m6oPN<d1QcO)7gc)DE9^YN}MSUsLV@p~H3r#&pT1lbE
zI$E~rnQ-jtrfj{6WR)4I#GqNQVOYAxAe+5BZWg6r>6OH^mL^VHCqX8rbfji{XUp}o
zZ4?ktm}z?+CS%lfSj4`&K_tii_Ek$%^r8>ST|dTfT(HR&4VqH0aAiVVV@|$Eyl4m@
z4dqy#2F^yoz7ywt<8~Z4ZjQnWSq>$qwD(G-jjDb&OqQQF+qj=E`26)7L>Jz?y<x2d
z;J`XG2rW^Z3bBnfn^sA3)L@Vn1Q+n0<`6y#%E3LeC@Rz6@`%FuR9;L@`O4m`W_E5$
z;qhXPxeP8FD<-I4vz8r1A!T<NW@8PZYOJhpZDe*rwWVOJMVTU58}OxxVUp!7eFBHz
zIAin_0>h>ecEZzI`9aYmARVKNE#ezv%hn<$VZ01_f{7&@4k3+$YcOD%Wfu|Dv^J#{
zS>jcyOgnuURO3+H)t9FA;ybXTm1ZXpZMNmkN*T0Pwb41?va_cs%mXu?LcjS%TTE(Y
z+%RkHVRTVI(#5D+W_r^W?hcr($8=>569vNfhB7Fo!Mr0!bu{<242vPDMRwA((Of#F
z!zn_fy53?ajip={nQHz%8P6_)R?eFD5V>NCdf7&m>y^KjjCBvW0hA(F8yAtP!Z@s|
zPz&LLxuioE5?z#`9Ue4wO-UFjlY_CMzUZ=P@00gQagU&~SJ?5)e;e=6D#A*`VksU4
zyNgCTfk$G|SkoY;6&zIqPGbu(+lELkmN2p$E<1O;Pe&+{114{4Bo=y+=gNhi7S#i>
zPJ<ar8z<B3HvW5wg&<rC&I5NK`ps%PjkuqNJAm79^YevVr;es5b7)rB!gt|rqgWyC
z*!cAE6Yeh??|*!c+nYDItsCCHdk5+YIB4!|YS#wiELPjh*v(&keTC|4v*ln4(mOpz
zpx0RJ*=7M%{7nXJ1PU8O92G5t=8NBDY^QbU39r%|ymCPwRQuP4zgE^$yjYNy4cQd{
ztCu|qLpC=Wr$Mc-W&U#AtCpLTrDBzo_RHNK!g-%^u{1hNaHzD$lUJ>)6F{P%>@ArD
z!@gwfm0=9<>6)6PI#$4q1~vKSn%#mBJaX754doP;ou;6X=M&OMyHwGOTf<bNkYiSY
z*A(Md2AD-2H;j#GP1+`6A)j3WOG6$~5Qaz(PS+T)-z(_1FTW1Q<96ChO1oV3G{Z`>
zW=)E=Flja5_;$1F8_OATlVySDtgdWLEmF>Fgs*(hcv<>KiU;Lk;glo=%*4T7@?|#G
z1+=lwCCPBfMGJCp?2-w$iFr<Qk4r|xBrO=*Q!rPW>=5i_)j6wt==IO@o@!M679z<*
z7tX!GQy@z&^wkPDsTYxeed*2-t|7U3k{kP$P6*6U6}d9mY|T=YfQ*h9?3)m$Y7rTF
z?~>t;6F7kfc>_7zb$>&ny5BVb*Rl!f$~Bj_A=ZSON>#mDOxW%28*ql(J)95{rZw9z
zGlzdq;KdBv2zgM*8>vFcYUO<BZenTT3cCLZ;2zaHVU9*{W1qnD*BAWyAHQP#@*dy)
z{2kuEeTyHL;k~{uy8Hs6x@s=K*-a}3deMl-iiL#|)cSHw5l{A(FJZuKI{=J8bH8qm
zrW=8bE-xW3wpAHY4@WK0IYkkt<^TX707*naR9}&ESVXNB*Y3rZheY%j-D8f!fW9V?
zj5tlOYB>~Z^TG6(D;oP)7I?J{yE;2$0k{(0Oxq+j+^IvCxaX>$v1ch;pJRBzj4gSc
zLWR@%#t$fAxescX@#Ua<6=B;|-WpZ5R3f_K6D{PcAePNt2vdnwrie1__{(_FY9>S^
z!9hv`l3PZv3bpAqCD%3HlO7!&P?8nvwS5Y9O=9*^H`|vMgpXSaDN70(n=aAIy&RKn
zjL2lgvNh+H>BWpP0-7l<+fqiCfFT^U0Y7Oew9OxW(mlsZBGX{8hQMQ|)ntO@Zm^40
z!7Cvhx|-L^PhNex@_4MOw9=)zE4PKYl?+8ex4~%2In%9}U+AtfOCNUP$eDnOB*Ixv
z>|+H^l|sJ2G8X{~aE58B_B_mJzSbH8$Dj0c-|JiNR6#+svV*#hl@>boc9|GR!)Y5Y
z_Y?OWi)4-!+koAMXK%yi=^Z{#NSI);*lZpIv_^OySgR1C_6qIjzD(whu%2C7x`E`)
zjsSJuH_rPD4qYKH*#I|gw;PTX>#d_WTNW-OJI={^g<q**(<%AfhJD|7*&AYpFCTx$
z)5|A(JAcM^-+hO5+;FT1EG%~!K<lJZKwmD{bJM{H{Fa4MsBN==I+Mr{+m{z}-XnD`
zm*5p_hs#D;mp?SlEb@w&ko(M<epS1%m~pw*lDE=nCAB}@&<imLt!Rw`<igIVLbGhR
zIFOJwNM8B-r;RI7NEz_jFd)X0in5O*db@XRSqSLwpqSry6({y*)m!G1t6_**<iPS2
zE3c*DV4drBYsX}&;=_gEGAQKKk97A_);rUJgIZSa2`gDFF)NiZ$JSbri@QKllc#T9
z8OYbbe6pBw74PT}vWij;%|M9gV%3A9hqHNqx(e5!>lu3(r4wVpe%cl_8t&&s7?|Uo
zG}SEY|8^&K>b!djR{L4TuoF8SmL6lpdJ++Ibdd?IDN&HmoZ(#1aA6Hch12TjN_np{
z!9i{ShqJo$i&*@nPBc@<jab}<>G)*U>h$SjX`Vcs2(zG6Pt?<en7Q(KF1KZiy{Xuz
z!ER?@oa(Obhk`2tt_^^_CTTg}8e|$eAimR;S?pqN>l9kwVD_>%zJ7bgx3AAI-0|?R
z@Kzsi=mC`j8+Y9C<Q{-3(7oDbCd9ef7D}znv9gJ>ofL1Ik2AsXU>435_EEJfVP*l(
zoj6}!AbJG7`Gmr7$l(Y<RNxHyw%IN}Lq)z%tWL`eIQNM=4csRv#JlewAZz2}U;n_%
z{lxPRcf32^;=4ERu-4mNQGXh4OFQh=I`tuLm+Zh=3p8A<aKiOzb_#BySgK<`70cu{
zO=k6Kh1)FEh|1H-><aC-o5i%bVfam!K1tiebeh^S_p3=$z|#tdxE5KJEWo)wX&^To
z83vcw-EJeO4q9fK8|#E-4kViqJRRT<wG}IvJ@D#S-yl%|7)IbxA7Ec>o(Bw<kW%5E
z(%VC8CBPcHap!y??L44ijL7k`VP~R>Q(1ms1p&s!TUf3#*IH%V1GQe8>#QE@1BCW%
zGqFy#nf&Yug;|jan%Y^0&e3u%bmgOi>L~K+vm%*jxuJJb74>zV<xm_x5H$xwCtJB#
z&4hWT1{NRpr8ZJZLs3#If>GXq6pL$?@{{A0Q`627<2vzby+rD%<_6VPz4vG1Qm}cD
z%3eFY%qE;Fwdb=T+jPPvax<&8<x?<)E!kPI2f~r&jS~jmfwk0UNILev#86vn4^iX&
z76F)c;%+bCUfActvu)rM+-|__rns%uK7v_MYp&nAI$^-(mepR(;j0S_cle?{YPihf
z1)o3vf&2XhY6lKE@Mb-D@uqj^yLWi|;RD`@;C38%5XFrv)<-aAP)&QLc;F>Bgo4{}
zXOSFsQ(f<*K4ZA;hGczVAc6Y}_VW|YZ%@EFz=sEH8rHG!04;bJp<mf0cK0IIQk%B7
zQ^#$)V0mxc)c`fDcL(16@*Up&{5|gf^;f+7`d8S~#^<+hasTOiynXW!%-GoHw%UKN
zWF#pFt+Uah>lx;9e!FwdtJ2*T8>SPf%^T$wQr&IH0yG3!qVlSZ$^ri*J`JC^v2cef
zCGpU*H_I*;wE<v7>^v8%c++AR202GrR$;Y{CH+5ZBf{7Q5GHwBIYtF+zCgvuwh(dx
zniZp1Yh{rZKj6@Dv&x4}oDQ3Bhe+=sDeISZA{$G%wAP55nq#tPpSL5}OLp0~I7Y0b
zPh%^~$ACTe0MW_Wi^~P7;R9#v`A^~T<XA6(Q6+H9Ifl3`W?zWJjCvrsH(tsoi(^{V
zLf7H$V7-fpY_^moH*M@-N(woGg;+sJ2b`zHP3gJKt76JVSBK#%u`X6S;X09v2NmVO
zUY>qHdCQF}D_^p7xXyOSX9)n7g-RSXLjb2nf-pRUy_@wOD#~?L{EC@^6ep#X^~y49
zPdA78;&>on>Dp=sPwXB-3KA_H5X@=Lwy}-i9XR*Kp$gt&$)qVn6gL6Z0?uP&#q5+M
zHq8aw%aMk=-SPbLgr~>T-5A~~9^TyW=HUSk3cLYeWyyS$o3*o1UFv|tm7mExP3luZ
ze|KzbF}$dO?-i<Va9bb1$A$fP;_>kte*gVH@a5AZ&L;)FdyjWN{e(aL!w>lBr|<FI
zn;Rb1;YPertaZ4iFbrEy8t!IzIZvoAm>f`9PFV@uM$HKecKZE(4kq0x25bel0rxu|
z?=SfF_y{{U-o1SXy&ZV>;e9-dD;dV+BtFMB8U%On^xpwHvFKVAo`60O$L;WY^7ajW
z`iGzK;a~m}|Mi#OU@v$4@Y8#Idj2~+@B<9)aB(OdCQZ-FgxR%y1*c_HGRibaRLcaq
z2|dHlKm(=~t$B>nid0iG>p5D;ZeFEV%LJEeF8Y+$1=>K9E~v_YzeJj#B*kErHYLcV
zfa=I;()48(*KGFPj%2dX7ECOI?Pd&KnYr!LxrX86^vF|4ID$xc_gT@W4^x(S6}9Uo
zm=&wH6ea{_;kV^O$Dn90wuMa6CnctPCWZa0+yJ_JY|TnsDh5o7vPr<lk;2$4G`|>@
z@6|T<%`@4K6$fqFH4Aq2Xv)<EiDfeP;pDo3TxF~QRb^%Fer~j;BJb$D#8wUd(~3uy
z4Z=h&bn`%6o=<39j4Em!cfxNhOQeKCS9ER$*s86W>Go@LCA4S>`<6*<lx^y2&vSHq
zzgiO?>@L?%S;GbH&(K`4fGFBmaExSiY-CN+2eWg;D>mR@>J7}gR~!UfEWKZf)`MO_
zuel}+W-Kye@BZl}Zk9GNjB5MbIL%d;=RWcDc=PJ@0G1r#av;DF^yS0NaL;W{YIuGD
zX}ELae&2Y0dcpnM-OrI7*m#5IZ8+C~m!&ue+^9a|$|N4&F-wvi%lp&}wl}u<ykwsz
zKEG@{zua*@PmmjXpZN0mE53dChWq{Q@5uWHytygx<q6-ue!}Cwea0XE^#(uv{3Cw)
z<p+HK{r7nD<_+H76mQ=gIMxA@czJxmw{MU5^!W?EJ>PM>eT!e-zQf!1Z=vrVpsKhX
z2W}8-+jyj5ldxx>&z<%Rd+}Du@Phlx6TUos!Pk#pal-@N{q#M4dV9kIPoH;jh3i19
z#|Ud3*2-_6)4jPJSo_5Dlfh`v<q^V8!@i$*|NaAh{NX43<==kAr}HEJ`1CtIe*6RP
ze)taW9}Z}UbRC)X3ctKHRSUxAFa#wSYZKa@3q~y45LN#<m4QmJn7?}=+;0Z9V7RcX
zYA+UfAp_-N#VacbqdV#`LyG<1u(!B!ES~bM3{HGmjLpaAb%TJEJ9x8CG2_!!S>^9Q
zTQr8uMvA|=Ulqf}POPFjDD`vNENQk7ds;XsuLv=h6zuLdKljYQl3c(t<S1*As4$kl
zy*2Y_x^a0jhv6fytS<E0<MbEviW+4cs%RLnnOdtn_Do!5pF83;chAe*nbR|`T0NZe
zm~s%zB&@aNwggKmj<M?*Nu=bCjiYM2iT7@pNV+9>OocWFz=R8c={e$FGhPcPiQY_R
zy~bJczO7pOjaY7$(1ddORrMT-V|K`@BBdBr2q*0_KN7&ynPZ3<m(CrE!ZH=jmR!cJ
z<BOxP3}@<#yGF2;%axlwY(|^7ZVm>b!Uc<2{VD@uAnd+<Fdp~pq~Y9WZQVQ+z<J{N
z@pK{VO|WhY`{r|?!vwe;FcSBdjc?zc@$JhazI^`b?6d`(e8G8cJRA@B{`L;H7e|~<
zo_M0-wtzQ>;(jdXTG)sBjAsef3gQLLmzup0FHg_-_~jcuef*4%e|*Gme|*E&FW+D^
zynFu!-~adyb^x0v9`-Z7efo+&J{gX8ino7yz(4){FL-}@gY(M^K7aa%Uw`|A|9Uv^
z{>Kma`N!|@;lo>;T=@Lu8-D-KKk(`IkNEWKM|^#L#M^go@ykE_h=2M&{sBM#(=Yhp
zyAP1t12z_(?;BrUp7HhZ5sx4LfIZ(KFDK6X>F~MUu=gF0-#+8%<2S6Ag?In>h=&hv
z@WZ<Ub`$8ioF!-*+zQ)n6(wQ%D+*xwYLl1q#1l4nb89c2z|)sUeEH*d?57u>pJCzi
z*Dv_;`)7Rn<0D>v{uv+MzQ+nu2~EPPEZB_NWz;RPHVM%*HFRdZ*J%gYW~~&myHA^h
z2yny6EM@3&t++y{p9P@wyu0SPHYKDbzRwN8CCUy9pKJgQP7?;{O$qp0E3OncLz{)S
z*;1aB7D*VRf|S_^uEW_u^h)ic$_nDiF1F<<EyOpbR08Gam~s0!=-oxunmTRx%Vvb0
zWz)t7a)JCO11x!VWwDHAG36R*gOxjR4!>%w6tI93AiVuuQQdAGZnc@M1O7Q|<szE0
zh0z*T1&E{FDP>w)V_kV4pVeD(awkdJ+hih(VYCTxP|Ic|)%Cq^ddv(U5Z>b3>?S5$
z#EDXrcPo`MaT%eg6)8dnom^%mHQZc#jdNqiQkopOtS7F8FG*t_D{MIuw#jt`1$9LU
zXf;P#K|I;9l3rv-2b$GfuWoKfhjfO<Wxm+!GWuSyHe|+{lx^T?*k(BGbofid!)tq|
zf%KBYhQV-hV=phI9!zjM77l&FDKEIgu(x380SyCMdl68c@qC_me0;>y;}iDRM|}I^
zGroP?c)34<a^ilw;locqL6_iIiU->eEZj};0>h&!9`t~&1$}$N+cyixO|foX+8H<Y
zx$*7uiQoV734i_bC;at4{(_Ic{ejPqU-0zwg!B0X@24+n`|gJKfA<0Z{Ldfo;lmpo
ze|*Ak|Nap_+dtsp!_PQC=uhwP_dmYJ{mVD}_WMWt`CtExfBo+pdLDSb3%-7P#><zl
zfEbp#uiEp|6TUsZ;LFz+{N3ko_{ab47ySI=2k2gS{&vUbuTS{;?Hl&}8EWPmc6nmk
z9Zz3ReEIklUq61q<EKa19eDrw2dsyMx9=9@!Dm?{aNY^N+#x5S2e57d|8FNWJaJ>&
z2|I|rPw>kNKK}L<fBu)h;<qoq;@!Igcz(pgQrw>nzy10dzy9Y(y#L`3y#M|K-oA5m
z24^I=6^;&7z)5sv@h&BlNWd&Msrpg?@9b0y(a_p?)mB-hy-G&su=2@dlv*w=@=t6~
zAV<lZ`-ad$*6r{91I0Tyg!|1v7>vEuw}t7Es8-nuMB>*jrNtSV#C1hSPsV%mbPCG_
z4V7CmFQr$vYs|P!rk1eXXj1>GP#mt{U$v73I3VUU(~`XfPM^_p3w;k#smTM_WBY?C
zY_Q29R_l%#k6gNi^!D<>dJ188Rp}b!2aSY=9GZ@YwsPfqvdSt5jyVV>ncyNq@XwyA
zY#nZJ!8DUxU`IktVLLEaRdCv{Bz-;xc60cy0TY@w7Hs8avBR)aS_7QhJuA5;+-f1G
z&%H(CVWZvH%dIzD1t^Lm#DZ(DnD=co;ck!~vdEa?IRYyN;rH_DH^+o2mqtDB^bv{e
ztR!mXf8*O+a|<Yoc~;1BI&lz#Xu{BZgej_RyzCb|-#4C~?s$5-<9;{X>BhX=Cycus
zx<La22IC^ugPZZboDWbFJn$*t-tC)ApYJ$qVJ*e;X?T7<@$zi=dOqTXckFe?Cw<26
zkAL9(?E#C1kAMD(Prp4vc;fg!6~}iESUB)r-$8CSe{ml-o}QlY@~C)z^MLp7-gscu
zjgu!H?=SfM<r_Y}e8S`NSA74T_~qR@-1mX=<puZW7rcCa!Q&rK`1EDt+aJH-fBf5j
z;?1Al;rqY)4)=ZH*Z=t!ytjqZUhv!FiJ$-UBmVUF-{Il=_jvgB761DG{Rck&`&aOV
zI35<>|MNTi<Ny8(e*C-lc=!H$m;v^UIJd#ReZ}MNf;a04_m_pQUp7qdxV=~W<9C0;
z`?qhf)T!p@{f;jmKjY8;e&WmHZ}|B12R{GyjN8XQ@a@YpK0Q6-zx`kT4Zr;9j>QE$
z6Z;u>b9)PY0M;#LAoT8O?-RBS=kqhZe)@v{`j=1mU;pEO;mgObc=++a`sF)(|4#AU
z_YYXV3O@bz3IG1@f5F=yKj6Dxe!#oidmOs3ZA0v6Xv<hZHI0*Z$T%Q^+ZiV|*@tHB
zIY(aXf~ZaMi6yYL18kb$XGAa_H9O5w2~49{XQ4Bv4m0J8X^P=y?Y6@7;Ecti>7f1p
z)Ae4>k|bBQ-skQSk?M$&Eg=S&xtx2+7e4U+{{@<nW*4{^sP5`6d1R^(E;b)rX2EDM
zh%VI0%o7>m?tAaGzSU+ip|Z#!2XX4!GE<UvT;2HcLMhsUs*u{R75S~{_Y%OCHa7{)
z;XkERD=9NBqhcA*Whi8=ctYyG>oQO?$*8HtCv{Mc3zxDO=hjfwjU`coio0;EPP+K}
zHa*mkeycpRFVO_jr%E6N*yW3rhDkwZLPT{)tI`6@sfG<iGO1gn@ZUnBM)%nYo?as)
zM|TVfEP-ETS8e2w38NDdN(apa#aq&eN2`XyAfeDMbVFc>Rbe{4`%pX%T!1vIcSM?2
zX-PiSO-UXJhcT^FVv?**gV!L2kfY*tjLlF~DSDP%3pIW`_qDSVTT&arG|-Cb!}68A
zbwSxM1-k08@mJNMXK|dD2=DlNb~$$|^S}^#uL(hL;<3&$j|=DH#NqM8@pxi9Px!MX
z1dH<vR>k(5gaxc;Ed$-qp|*z5^#t8vB*ueX^}>3$V%T)h`^ZC^4K7Kw&vs_N%q)kQ
z=P%FP-R*gNd}O#0y0>o-ADB-^?0L`Mo)4VvPyFsbzUSt}Eqx!@^*vXs9(AQyEtb<^
zVmzNYk0br2V_2mbjdhr1;pJ}N)gOC0e-jtDRl2`|5S+(b&v+jB^y!X&{^JY3e)!C%
z&!4#3-7+6Q-u;!gZ@0{!Er0scU%B3H8Fm{!K0dR*KVh`y>ZM`WX!<vv7r(pZ```VB
z>+MyV7lB_E?D@<TJP)TcpWg3TCgJwQz^hj`I2~Aw;Df@sxPg6|J-<#9_cF5YCJr1~
z9%9Szr_cA?eR$%(|DWIS=EW-p)zPo7VH4YrP7`Nzi({D<oSX4}VgK~Z&wu@epa1WB
ztUvSJZ(s1;@859y>I&wW<Nm;IHE_6l=F=}<xVqZ%=EVzMUf-}@ZBRZPxbZO#T~)uO
zNvgh(LCq=Bg0xvlh-yle4Ym?elC>^~CrOfd<150cs=b9qi&imH1^g_CxHJP!&!ZMh
zXuNo7-3gKyh&mrc6P;iAcyP{@NnXcmhD{kK1e(@iK_MmULF5rtQc6|_rdS3c6u_!(
zO!`Qa{AU>SMXIvaMS^HbOogf{X$_qUx+x*0X3wXSu?Z=fx^*0v(|2AFO}r4z$v78`
znKg&butZgZnM5j*BL|D=I^5G@P|c2;)heabRLw4}vTrCsOd(Y~nSR}H#nNm;844e)
z&;|5`FSz9Ulr$WjgQnta!WVFpYO0e)vYF>Yq21GRimWOsMk(oXQEg{b&7CRqspQjA
zVv^_}-N-sznt4^snUdm7qQXxyj4?lmiYC&%IV_|Id!(Z3Y5YD>wVEjLNtsdgH@b!l
z=B-UPp>ssYrnD7M(<CVU^OW-G8`hhoxCbQ;=RGGoGo2>R4`&Wf2gc(W?-zu?>Pm2n
zXAp%RG}`od=@1{#i^m1exGX&HpP7TAbDE(u$VynoHN$pIcip3V15WTZ3Jn%-S;ix$
z=Oc&vNA5p8@%Z#ee{%TI;^ydix!!J2GI9U@SFCefy*#kKz2fET7rc0J&F$5|uv&3F
zbgZuy=F`adJac?J)1euLxJgJ)WV305XieYc_Mu~Pmc>{Y46nBx!&cJ|C;sQ3_x$qt
zJyvy0C|<n%9lMu3U+zXeynAAC!hW*!Yxw@(-th1L`CDGSx?%sk=cjkS@N6|d{^mPg
zzj?{cYD2dgSnqn&Y3A?$^9%p@^UusPT-~mC@$!l{uU~MryNV}YKXE=Cc=zFvFJJCC
z@1I%DXW-04V45bT4->tz==Bl%Z@=gD%a^RzE0mh>PJsm%;zsDFiFulMynp1E|N6+^
z{`^mj(fszmea9dE$B$gSc|pJGQOAj!`zK!Pwmjb-IqzrgKRojJ?H#w@zvRtk6-6jw
zSc#!mnIV%Y=v`@bX#wLhRYZ#1yznKZF62@YqHD^q6X>+6xSk+2MEPG#;iT-WO2#f=
z+9v0#EGeqBi;yy)YG`OSzz59*6~7@Hr3Qt%Kn5u^nHW_AJSl2GN#heODy1+B7g-&N
znU@xPwDM*2QzPUvKT;LdX!(R8M3$XN_|P0T9_h5I8BA9=D78?aNfT?*2WtSYO1T^4
ztdrvTsi^bH5UdrJw6bWC=;#qCGV@GoD4)3zO{k`ISQIY0Ra&RsrLMRhRSnNc;E<GV
z+E;W;<HbN_*R(0Zk9y|G`Av0e&T1Z|RO369YA8s{ut~7Y+-6isKvGPg$xWvcvP7wT
zJ!)F6G~5w&F#}2+VAbG}O4?)f2W9n3`yFfDcuZ8CL1oTg8+|~bAkc&<hcY{A{X^M;
zBMsD1zVaCr5M*kxND#yY#(7~J&m7MurqjguG%}vgaU<Fo`hGxfHCkWC&t)VQXhHDK
zBa6jN3&UxmUn!==vP=uXdgimoxsmh1AP+smW=%f~kqx(aX1B1PP8^?3+&w+<G~VHi
zWjRfpkCw1>+`iuN>eXx3*K6Do*zXT~{BTFV+49|Qzv0^--g10(!|m-An{7|O9_Tvg
zlxBZ_U_6~!MANS|UEigSfX6Nii;dN<A7{qJGC9ZW9M;abAgJ{k)xrMs$QfZ=6tCaB
z<mL4(0vw-?9LI^#1a@YH)*7>3;k4mubxVJ}#XX()c>X8z<AM3jciddBS$B?yyJ!CS
zm-qboj}Od~Wjz=kt~T7i+OWO8LRLL;8X2Dte13>(y~Um|YN6{Etbwuf7(es$EPVVJ
z@5}K#ay@&lCd+Q<=#(M^hg&SudE(*oGynYSul)L#&qxsd@PEDH5C8qQyng$VVOXKH
zA`HTMyJ2&^VRt<+KAqS<Kk()AXI?+N=EcjG^h)8qCWJn9cWQSin~_OEsNBI25xiH#
z#zjh;)+v4^RHkQvtxBzkYFe(89HffTl48XO;_I_f=Erg&5Xy+Bno*U_@2Z+(sd-#2
zO(Cy`TIuR4RaHHx)2Kl*q%{Y1s^o>tcqeJru>AA6I~0=OO2_TeL}zze?@RW0+^n=*
z;D<uuc6K?6JiGK;goUKKuZ@nl2$^qGB2dfNmJC$r4Jc5qs;)9=x~-=qe;UfvC#N{Z
zg-(BEF>X^;rG(W<miS(Lp;cj5N)=Vn0@4szRWT8n`ntttN!e^^&@OTFZE)ntT-#P~
zIX^_DSyd@zbLUE_h7_)g*)CJDORRc&|Ih@yt8}BfRP<@>n>JguHHtO~9UlrP@e=z`
zVWdUrmLngU$m8NGkl1?km9SFZD}UzHsx0ZViLMd7Mp8D#LM<rj&QRNiA~@&qsf9D1
z&zw&O=J_0xN3qC|Oqauo-WZ&*Xsx5KD1k^aGAHOjx8BkZTlx^#+66zJn8!12f5dx>
zpFPuY#69g%ok43&uz}<8#PjhGXCeC&;wCnoL9FKP`M_~jtab`z0%4`-cPmyKVgB{N
z)2BUt8FAyn_U_2-%NuTAUvYiAVHh;54gJf3Sw{BzJ%knAdW|)pmIXVG$fTIhBd4b)
zj`oZ-o?tuXv*Ua?aCm;=d4Iy&1?<Fp)cpLXckExCdHQnTJf4{Rg4Mz_8J->{K7Ki}
zojser=he*>-{^to!+{U~>+gJd_r!NUyrml~fB(xn{`p_OaQ|?J$KmaOo%Wp0hMQL}
zSYPkZvu7U9cz4Fx19myF$b#xUo(>aWumL?SJU`x{ykmSiFuZ$Yv$<urS+nX5ri%=`
z)ANaUfB(e$pT7{o!vFSv{E>hAZ@=T_)h(;lhK=b_L6~)*UvKEHS8Q%KY|bO|eB$x(
z3m<=Z#dmLi;CkER@c1DRI#blTI-l;Fq|}oA6e0&s(8*d-=eCkOhmw4QS+bsee<G5U
zsg%sPthTG&?!Z^DY<v<^=o~|l<}8Z%%t)!ELh1h)at2uw^U!!MixFAH07PlbjH;-L
z>o_H^INjF~P$8K=RD&CkP?>wVk_)=D<+~h5Ax#%VRWd|GPx)w!Rc)nH@=MYLK+6U1
zC<8=mQe~`MLf&K&@HA_glnP{55v>A4nWCqUYR9h13Ug~yn@So_$){DjB9~-<R354e
zXS6g+c*EpNOs2ZoHIhhGcd#mr_BDqnpL}%1g{VTZj@QX&<VkbEwU5#4Qann!wDEj#
zpA=7XsX}~e8tb4gT;CCRo3k9N^t`YyvbRAsvEwCvAb~zhsjW-yRhL?Kp-8~x!bnc?
zXa!=Zo&A59e*gd=07*naRBrLajb}n9b88lIkb=K5@<~Z34`*wtD;}(z+adw1$2u3e
zZKGwGX3o=z#Vw!}-MV8tXuR|&rCHI%A*m7uV_2mq0_Ot33m(m)G7!h0wTp7?-eHuE
zKA&mf<SZw*V1r|DQNec}El<yT_U9v>C`I0>fC-9uaxC-6=snMmn)~-ptR=9$*>Jt;
zxp}$abbsXW(?^VVTpdq5efmhhHr%{^!PUzbtgcrW6HT~2I3E9YVho;R=dts|`EVrM
zElkG~<6+Oqo^hRL?N%_u*^iv<nUfr_VL`bCCmkO?e&+rC0r3k)ouP}~Hn%wLKR=__
zAGv*Vi&}R)4`*KY8?^RVJMr_M|H9pePtXfL|Lq-jzuq&+8MTH*3ri3V$C*jZ{IL0f
z+m~Cq>kS^uGJ3?%%ywa3;=Rx>8sp&A)eSz3xYL=#tXQTq&S?hUqeE1{(rJ$K%=6t7
z-Z{Si&lkM?w;QzS8D|H*qw7}mT16_w&|!81*RO9_&Jz!ZXU3-k@85mkyYGIW`(a?E
zU~mo@I;tQpZ3QX0Kv3Ak8x$@0bg!#MxmsG{Vi503E>#w6iBzg}96On!V9xZGkQ0cr
z{5sSYI$lajuGSF{5QPq^Y(^oZF$1-u6$M$kfkdZmLpK0jrT7|<QX(c47i0)sh#qyV
z%)}9)je4nc6V=!eiyfx*W@d+bO3KaC{;or(IPi>=(8;%>id3=4eZP($FDZ?_T+y7T
zRA(|3&q0X@Z+K!#C2>F{;%0<J!C32x;Hc=YBn8jakCvw8(=yVUT%86(lu<o289ABV
zue_9>t#H2LUQ7$AZ&(tIsx8a3RRtK<3Q|YHayf-%C%7)5SxPk_g_%QzqRX2=mS&dO
zkVZ1MJEuODL{C*>rekU;7pRmV4f#AvP!p@qlt=_$;wMalrI&;-DwOdgV<$(7sESJ}
zC#J&p(xr7<u`9V+OcC6vwdS0IX~rgy=rYeN%Z%U|Rz2FRYc7{oC}S{MVU(s*rrae<
z@?=SfL)Xp+>|}Ar8S56Toj9FlPUFPW6gZ!jIO|v@>@u^JfbnpAIP>}bjy;xsFeoMT
zPUBEKjZcj8g!jUD>iGQW6IcGk{9?y+vtg|V)*Hp?>BN_ROw8kv-R%|jdFKA}d$bx@
zdeDR6^?FO^G{64s3y=E)6Q0q{9LE#>Z0QW#+-USFqIITej~gv#H!_8VQCpl_P{9*)
zz=s(-O>_t=Gt<!{Ug5&T`T3c{&zg-@n6>Z(932E72tM%ebmYUkUs>>+_6O`Z<CKG-
zu#1h<{SeK-E47O6(`nS==$)re=3@zI9w>0ycvioCfl(`*gJBq0-Sp8^`MfYak32q}
zc-oH~mOvLA+f9#~ulW4S9ZLw@zI?%UTv)Cau6G*{hbPc=J#XH=q!-Kli)DYB@pt#U
zd-sm@cE#K7Evvc14+h;Cg3|G@q`3$eEnromYAs@eGD$wgGKL6tR*mPVL}vI<*qA!`
znS#`8tpedl=5q;x50ryi=_qKG5@qAv>=LmgxXP6DLP=L9t*IH4WmFT76PhYUHGtU*
z43}<l;i6wFx8r?|Iw`ZZ?ETDY-caS{I!Awmj2OL$k|})82JISi&Q#@nNpk2`)6-=f
zMQg>^(xm;hoX#vKY?8int162W%4|wf4>fb9q=5=HblS>DmW%dbky@)RUL0wr5M^ku
z3*)U)B=bd1JyacvS}rRLs~DisxM)xH^XjkQ<yn1Ky~--kq=PnfrsPE3+zQM^H^t~m
z!`D+J_+*p7sLCdNDf=!}r>fk}41QG2rlVDI$2Y9F+^Q|rU7imX|5j>GWJP6Ypp>OG
z$;A*hgB>$#PU{-KRt!h!a1cbI``$&VueX*kTbzsY1h>qHcbHCLj7dqInht~R4XV>6
z@GL6vd{W~n=HOYDfOU=#7X0Fv-NZbNoKI(t`y-E!PaO9n<2>SmW1OP`Zg8GX6w7hu
z{Itj734@~RHT%#pjT6&!!q1A%^|--vwj<_Q@bk<(?s#!~jakR<`}nZuY)4-EH}o$I
z;wI+f%;VF@JUZUF7^i-iPK@({^PW*=EYYyrtrX*==(Hg$4m-!wvcuw)$9azpf`o*!
zAw-{+5?m7F1n*+2#R>Dlz{?#kzuB?fuJOS$ojm)eBS9_fk53$y5v;@b2zRx<&IYss
zuN_bN4mTcI4?WDn={$3Ej>-GTO9MoAxOL#9EiZ<3%q2&7@p{eXdWC-+x%;?qurv02
zB6x$<j!`UM-rr+K$L{Wd@4tV`>$fjCUGF&D>{#_3hw}-$EZkhLdHuULoI>FI_fH&;
zC+_a<dGY!MyUmV4_4KO_WmXkTnWWMoiHfrF4Dpzh!YUHIQ7VM=2Z5l|p&HP}RGUPI
z6_3_UP#={(A_+gG)5al5$yUbld3c)-&RLc&ATFT2#EmM2xGBwrNFulV11UIDz6v`~
zm%yJ~P~`OIP%_c7@x9KkR1?H01zcA*LzTRQA-CwHMyIF-R$Ip~@$Yq7foUj1k~H*G
z*l|h-tvjkNh}Tf^hk~>bn-$@%E`DX*px7(mvnV;*_quqwO0z8y1Gz{`eXo!n3`30~
zsLZ7tHy(;STIIM3F_(!v5=ymGMc0W{Wu&UdlJs3Qm6*Di^RzR$3M^FkN*PZP?d23D
z5xe0FVpcUNu2MGGLgURjRb@z7uXooNn1e*AcO7NL>#2j`tLVE}u>>iHkaF`hXnmU8
zrh-(--&=!Gsb*h&8SdA3$9$USX%Soqgb?t-;=LtU7r~n1BiY$5cpuwz#u$`<w+@0q
z=^^cHfi4{(oKJbQ-Xn`+9w!dt!Z^=ZH({rR(|+V>|IFcd;C$F~IvugkM;5VIag5`_
zvRHI*C@+LXn5T(gJ=O?xiW#u8MZ17;h9P*uv@oA0u7km!9mkVHEkeIBIOCc1M1Nek
z`{zve%^Iyc#0!VR$aq?Ko)*MKkCTLe3xO#(76QS*Y=vnrbU~p)z=gONnnY0UMF>7H
zi$wBxs-6R2Q_O=37BE;Z9F_wg?-jiHfj8G%R@WPLHwxKl<}fl&ih1-nAFETJ0I&H5
z>C*GCKMB^2ton}N499um6daz^($cZ5-}}J*!xQVbFWIaH`o+>Op0(G^PUB9F<>XPu
zuz9^kf{pn|E6wwC;Pj7~`SHy0?IXLlFWA1=vDywy=aK#Ci0a__<rUw3{|)Dd13y1K
z@pOOB<Chn_*j>|!!3>7ZXiO&<Wg_RTX)|Z<TafzCIY-Nffbyy0Po#~mt8i6(s>bsi
zxOIPLc4SWEEgg;YY$ncL_F(C(MovoBm<$;rnXP!CLh3x|Mod)0Awe)o*Unn{Z{LWk
za-%P|CUXvH&~-qP*FUdnUQ+Q!1?p#SR(;j9@-Jiv(t>5<+Sb*fgDRxw0=+CqbsZI8
zLen?RAU;)Q57nTR+D;)wM&$NPc37!~9jtRadVasAHP)!tP?0TGV4N+jy=_OSY~Ydv
z!PJdG>#H&@4-=CJO{d*X=~k_mg&mh^t7R)zstzx+XCYNO>LMX9TrBP?V@Fa%_XXdd
z%S@{Hdzs{LXvxb>Wm9}Rx~5lUz+xG0hD(zi&39O+-uhCO+8(RYe;KN@Q<B776+T9!
zAn08D$iG;T@k%xAOkYTR`6yx1Ni&#~%(C|M&eHjwmEXqdCsn6D1ZL-BBtdZaDbS;1
z<q#s!(%PBB@xbAH;w+YVwv78T&tIN-{(R)|@W|uwk>_d8yv&$+D(#xdIa~<I-w|o@
zR#_A-0#L1BLz3SskJb^m%H$az;V?V8uII#=yXOO|+coEDVy}*Tr&ic`BK&+n_mLcM
zXDy=y`oUwm*jiLN`eyVJ&=!n%g7<WxLj8=^1Z#2WKJya8@kE8#CQgShf{&rhlAa9(
zq61z$$CL2uy8$nTo7dN9>3M#fS)4<H!+4KFu*yb4fYPa@ALBB-z`+KrOsrgwb2`e>
zagn}|c{<9`jUM-O=CIx{-0nF05&aa=LHkc9?mnM6J;U~9$IbT}#4l(ac=P?YOtWME
z?#$ug5%>9szqx1qddKy*JNn+>PG^iUtae+rn-#BLZMlDXX1;sk{>>dXH`ff^fEf&?
z>sW79QmtwvNC}S9t=nCvc9aO-1>9m|B)T#5+R!N-Z6--&7DTYYN6(T{C`Y0NQ#%@I
ze(ys{heaV>w(3Mq;^G{g))-?jN=IX^cXTQOXeD_IjaF!_FJ`{Ek)&0Qx=&P!#JS9A
zLv4I|Yo#d`4{ArKE@`0&n6IhVS&bV?90n<Nq}qW(CdQ|ElTOh+qJ_?-zJBZ%`toHc
zf4K;0B@J__M(-BpcY+=%U7L84cFG9%s|l)-iPE)FEXLXzRiKl%Db%#Vq|L7K=;}<?
zO<;^}@{&}G?5J_E2`gj}<Jz-+l2nJ%jtUp@?FbhQ&C6-2&BP{ht<-~Mf5~J9>1(wa
zWsXhSYZFwcaud%KRgOxg(~y~hUj>UP(NVx($QhL`t`$vlRh7PYW~OHWLzgg0Av@WT
zrtOz1J*}JUqGa@y{D2U<>sfX#74x5unbLwX61)-(S{sa4=@cDfCtL{hv&ZO;jb2wO
zMu-osbq;(yJ#Q3X7xX-{oKNfzGf&S4j^o5hX3k5*;G7;#Jpc5_!>31%`y&e{ydDX&
zrI(PduZldpM9)C!ND2@aJzho<jl?sAxB$&s@Y=GVFs{cPMwVj~5X_xII)i%dQw6y2
zPW5zJgOBYt9|E>lgx)ZxIQeaGtk(){X0SebK!S}pn?mh~JPaQ~lV=o9^HEe3H+@fR
zKSeF3MpRF)I@W4nJ*?4Y;COc2ecDHs-N~_k9+~Z!=26j%=~R3NCB7_D#K#D$X8d9}
zxe%*6?Nh6Eg_g)IFdnw7x#5ak@c6?CJ1?9bERVy?c%FHBK4SWg-~9N7*FSbVKAkw7
zW~RmR$AAAL_WO}ffB(przkcHM>6!7q<NRUA=4OrR1LB0P-*CIzuzUH2n|{ydFAse9
z`7;~6qn8yX^sHFXE5l$68iflM-9@l-d2SPdJ}z^PFj?HVL^}1hkBhMZZ<1Kb25bVF
zb~+kARWl;U{yLR_uTH?2R9WPK(CG2j#%BK3MA)wn7#Arg!8>&B6c~-6i4#f3Rg=?-
zbrTidhV8XcnI$zqHFNP~sR?yw%0jg2BTDPMv~0?ZGm?g09@h*PQ~`G*mB=CpK{TBb
zgC>C-Rl_#Ztx_$Npa`8>K(QaFFVYZI1Kv~NlG{{xPpV3KAtNkQir6OgYgM)A<O`y7
z1pZ0vf18{uLnaagbW!*vg-ddIiS}t;p^F+$DSeq7i*7I*s+c%UfS^pN{PLV6_d=tb
zIPQWv`?d07t}FK16f;{FZ^-=ft?nkzcnVRwjmAr+UrBAX>^&;7^tcfzsmjKnq>Q<W
z9KG==#G6*<9E$Y*K7nXeiJoumb3r0pQVa2fUUOqpYgE#ZSJlcblQN32nF}sr3FwPR
zi7GkLf-x}&4b>%xYF%i9QYatd?-N3d$9B+(!RZcVW`Y);PiOA#@A>@sj;GI0oF5N_
z<ILh07Cj@zp>&`hQsdXaVm;nf;4VJ<$U<TLD-X(P#!gtgu%s5K)&bvH2(H3oy#gon
zvyPG9A#hHv{MerHgaDm47$>+cRxPvF$PyJ&qxU%Rkv*wl@Ft0nOx!#}z^NGE7h`NG
zGf5GLsQ70U7MeDc6v=Iu8Ea?0>>tryGmFED10UyxOBX+*k`66P#6G3>QPP#zfe;kp
z;`}PoSTy1Vg2#xala79?xOuhV#g83o5>6i`#?yhr!#&Rn1f%)(#~WV%+Y44ZL7yDc
zH1qV~fa&k};msA_{N^>vpZW0jiTONnd|Y^X67-ekXcv6fqt<WPyuRl8n_E77x#RPP
z6RY71U2hn4$ExcwYv|T0RvpgKb*VBB8rMaXkSIY1!F$hXT3BY!cH2cGwZxf{7EMUA
zC8c4|9lc73Xx*j`*8`=9q)jCXK7w^P7no*C2%gP$h(0ud;L_a6MIlA}IWV1SLMl~C
zP?i*%QJWmnq=AQvNM|X^*uFuI6{D=uF*+ku*g|MFF)8p^De1HZnvPqV%Li2i9ll|I
z=GnE<&~+;6#arl4Gf`>ejkVjR3*tPMxikP!N%G;spKGMqf+K6~%G^kQg`SZ}u+`cZ
z2&&Q-gOhYxi5rzp<#eo`bc|-mSoQqkQY)ZJOs%}7Om@ghLf!gyk|@HI>?3Kk5e>PZ
z5lR#XwW^g)E)s$csi;s*<hrSTrt0lZ(&yIP8(A7UZGe){IyrSR_IqOsPI)QZK>4bt
z+?wSIT0aRld<oEMR5q%jgmt6H6ID0ykXTi^<RB%qiK?;gx~;gS>LImKsVAM#jmZG0
z6OKi7By(a&{re=Dl?X>&#51{tWt#DeL%ipFI&uH$iI2a0=GUJ-a{uWwr^A8S#*N77
znBk;!B-3m0biIo0k)R2BW-%5cUG!RYQAKE7#}YhVJSLdvE%6>~Vm}&%jh0Cy#{R{7
zFT}-XHeiB@!FN8&q`ZmujE@-!1n&?V2j)H)=2=k6BTf<ragNzbk^>xVnkQEyvRA$d
zVswpRxrs_aF^gq!9_=Qy#8#+R3a>PdxcM0!`xYuh+)m~YM(&_b6<IbGB=6uw=9x!_
zIM)Il+ft%&E+C>9hJk)F;|`9)vd6OK<*S$c_~T1<+ZCtt#P|%S&%!Z`O#5GW*j=;R
zu2|+C-}Us{G)uFVX%Wtk4;(reSB`JKdClhKn$=Cm@or@Q{u2+{bJMTrdd;#G!nWrs
z^r@94c$G-wsr@b?R<YAG^L*UXbpv{}MN&JpOI?FbX|$;#ARPpHiBQ<knr~C2z0#;o
zg9$k2n5Ko(c*X|L^=?Z)^eC-x&f%R!LL5bOoxy3HDlna9@3}*yO2?!P()5kbF{_$&
z)=w#^U|1UCd?G-|*MWulBJ#A*Ds<EA_qxe0lN{!q5}k7ZX*#@SXh4@;FIh$`$|p&*
zDj78@RWi91CIxY$iVr7b)m&bTb&`;$IfXBb^th2IrRftLHY5dxE@|$9Ys{W?xbI7h
zxVmU=#s{?+T61;|^|PzS+9m0PP$bBb!@@!nt4$1#k~+xC^-OMWm6ThhS~yRMHc$-~
z$F!39CQ-3vb~l1Gst4M~??6ng+){F#N>ci&RIAd;h#Jx*)>s;aVZH&;g7`{w2p30)
zx_Fg#VovBSs>)PBNrEkA`MuO2k**aqWI$}rHOihhLh5Tv19eP`I8m)5ArKZDAL<YY
zJ}U1PyWqXU+J*6W=5&nNJMVw_z~{ey;_ky|ro#!V7F@9ODqsf1+-bnj2ZK@pt$J2N
ztjL1ZEJ_%H!k!i4;yg?1K&QdSkO7Q>E>*kU1#G7akdpN0#@9;POB!-Zbg>5=N!^1r
zbjnA1JRLSf50d1#gnZ&ji&$*FMMa(R`XT_W_&aj*Sk#4zN|LWGS~YwTGkM9g#~3GK
zNhA<)NnJ&m$EswkR=E)vBu#8XYzeCP&F5#V3#z35S}l0x(0=0M{XO08hTUe(jAIhv
zWId~^z}1U^ZaZ*1O?>|4nJ=H7nCy)1En+?Ee#c5{<|E7@&|PUdH0n4bZi!Lm4~otS
z;mLB-EevZg8_VPaUmgs4{SMy=Qy)-+VSaVZcD2U%xE2JX;=C<*0uFrOcswx8Be$D1
zs_O_!F$^Zk+_f$OSw$TkNUm(sKW9ozFUf2z(eOP_BcDFrqm|<J<rUlY2GtpyjSAD?
z;<XJ!jB_wrqm)T`a|xLyUmqlEVnZO5&5BU{lWngkiz|Yzs5MojT~g`-9WHGy*@G#~
z+*>yid8OkstVE-HZTBH<=#HYRvBR|$5sDf*B<@-qfEKiQT2Ms!)FO&Eq)4nJ@@dUT
zRanIT)u&9Q98r+B!}>RZs_diOrwmOFM@b#h()gR=v_-zUKv~ZpzN&mw-Qd&Uy-7Ay
zH5;g)erkiX3=!iD%_q|=#Y06iKg%i<A=1GW*~^nr9Hz_xO5KvA-6qSkjZ3PXY)JNH
z!!Ot(^{>(4Ms+3ZEQjeK9<5br@5P5Mlt^kLI%Q6UB*MsEE!D(6OWFA4t3ha`JTykL
zES*iH#4KN>WHZ^=7;K0oK2+1PAh8uUJKW@0>=X|%Auvx1^Lb*NW}f#4o*y5%|MZE6
zkDs{v{DsGlN32~?1pFqR%(Us~wPBs)L`ua<!%336hQKOVwCNbMFztG5NJ1ASD2b-q
zWprreBaX;wly+DX=tR*6l|Z>J`7neao?ZkAnxH+F=(jQgU5J5h79VBr$*+^W9+GAa
zLHQIdpFzSd3KhgOIaNMMbbXmg#(8OMu*Ejag$**&&(rs5Ra6g&nB<wu2L)Yv8`S~m
zi%OL|fec+k{&4wjL{PXC7vpf8!UOL4jQp2lv+V)LVLzd)K}pBqdFI1Uj|2~o_Xoi9
z>g|f_>suUwtM6|3kKg}>W&g-O{xoy<;U3l<!@6ggMmpz^NyE@#Pp}WfYt;*OnmIl`
zqaCP4bDS*Gvha5PhTs4AJA!vHU#buEq9VXoJZce+#~FoUy&0erq!XmmX|5{iSpuc|
zq(t;c@QK`CXDNjo69NRwa-RA5AHU#5@!hxIaC5bzGX}qSrg_GDPp?dz?<&C<9l-&r
z8L_DLVA6(GW&^4!M%3Jq@{J)qcXhJxNayuXYF8+(#WgU!cDJ&yA-2-BQgptqNg+;5
zDw!oEHUwQw@O@BpTInRcZB9}tgo<(+R%Ogk%kU)iRZ=Ln<zLwt)+EiwzGDWWrtrT8
zlByd3pjP#@;)3f-TdB+@s0+SovVP<u<FEo)OPqGoxr(Q}Ko;;{kk?d$2hwf0RXQz%
z7DW`}ByvitP8TcWbksB_P%8FO<M2OLn7Tkrv%ji@FhmNsGVw0ZRV}VBexKH4tK(dt
z&8gQqwGbO|L6dK!qjWJPMTQ0&luXPyF}9J>OKE{hIbW5KMyUkzOm5EsU%p9rZRd<i
z$N6CNSxCvB3O?YSWAPS0Tim=b&J(j;u-<b%oUn%@r_;pU!-40!M?Sv$l`r=nIge+i
zU@!!>gJ!)}Y_GTUw;Pn{2n)y(P!<*w6JZAvACw#ASe)lPTPC9XTcI#U$M=0YF{%@%
z#j+?xP!6F-Yg_33+C^qsuDY|TP?MBe#Ge6}mBZn&_~OebXP|<fF(uNx%N4!olJY4z
zO}Hh%r~51<FP+KOYSE3du}p?jf^$f-hET`_sQhI4l&7U*Mo$Kq70Q7Dh9s$|xnw~J
zwj?0Oy=(~+UM%*k(N7Ak0)vN}?UwaQA<LP^Ul*L!sBX>c*E?Rn+OgYhu+B3s9%U5Y
z{`+s(m=*u;{{P{_;{glk&_}OS2-xEpSq}``71Ow&tl($IjN@4g_LJptK64%?w0K^w
zw=BCItJOfyfR$JYYwws(mg#w-zwV&(ct2sf9w!4n*eKizlnJmXg%yhgPcItfqEJP5
z8f6SlIV1$mrz1cA{XN0Lx4-{}n^#wuPP16cn27b=&>@|P6`AQV+R&*)-!4ZB)xcK6
zSE+U2v@T?>3;`(dKzY6Mp=dcS5Jag{kt1qyq=YnP4oNLYa<@gY*}m!tLMk>wlWQkh
z6<ku+z?B;SrX&J_YGvYu5?yKpU)2}#m7_%|3gq-6b3Fk)3#q8VILE=3T;}|yzHE?o
zC!w4Sa(`4^^sH;ZU~6cSwg;+Of<mQ;Q(ABhsiK6!RYYLWm4r}Of4Qhlnn^=#vt_?d
zP>C3j&2blAt!!e9gmoXo*=q|`Wx!$T%jOV8W$N%yRikM}g~Y8{7i@hMP?%ETX4!X!
zKxLIt%q_{KSV%@*Q%+$;dfv+Ri=1ASO-Yj3Sv6se#>7*TwBW5Q1N9Z8D$d2WiFbtH
zq9@7CcsFvGPkegV^V83FJbn1c`1r&U7L?JfhK|i@#f$3|>#G&RW`$X;<Do!1y0v0G
z4CqZyx9(wBVXdRr6U%94{dnYIJmKt=BDMuF!uqPGmlbvo-YV#Xl?+G#r)>-d@u{}Z
zQ5LO3+}yqLn4sxGY~2KsQB}ogZk47n`8mn0mZIKFq8`b!+tSzw_4$+LI*VZNWws+1
z&Jg)Z;@|l9itaaQ_EOt8AXr?oAhe5KHXDTIm2_Df0)a(^>XQ?Lb_&ZeJtxuJ?u=l1
zonk{qoa*V;1A5!hZ3mPwi1jSbNA5m8AiZIIeTBXrSROofaTu-9UU1HF7I0toEU&h4
zW_1#j1*-zfd}h)MBMzlKD-(;l;r1o#^_tyw%kJ95X5`s%c-V8eKd@#)xQF%7G4um{
z*C#KgqSqaL*Q0_Vq*<Ppz)CAjH=vE7^Fo&v`P1RR`=5Rxc*WcAzUB62N2fJ@woK!Q
z4W548qx*O*jfuHj#^@9pS%Is$WuK6ZQ5+_9w2?5DNhFrKNTM!-J=>m^)Ot8~p1O<N
zHFcSc5b8Z!qJ^r%B&q-tlFX}W@Xrbfr-e@PTtP*Jj!9*oX?8|wayylZ7@KAviw4C;
zEKs&Ftr99D>#*Vl40)hmV4LY=E%o$|DwB#N)Js|INii4-kvdg2sZW-BxKeUFTE2Rk
zDuu?Kd*P6w;nFtL@iK#=aGq2PEp0ZqVwBDFgGNEux`MT?WM9drg+$%e&3MpUY*&<Y
zNiJd<a-o(LewRD1%9P$9MXO%NZ*oy()rv;SYkSo&`&5ey$}>kP^as^6A+=O7iljJ=
zIJye;zEBN=E4Ld$h?(E%-{PZ!Oc}xSag!Tu;O;c>{{0ib{PckjzkJ4?pXk)Wsxu6$
z6=pNAyV<b4S~KWAwj+aLy<TzsD*gF-Ky^LnxH~S(!n7RFOiX7_I8Qhig=QO1761Ss
z07*naRMH^`+Uv+A)S6BY=n!+ihOVO%%gHLvKBV-_RDlyEz@Y@N$H&|$8#k8}3!*~1
zP1Lq%4K++ysB|!q!isF;ZsZ~*xv@>BcmG#<Sw)9@y+P?lDl7nZK#0HDM%geZeVT33
z%q(m<ya`=t%V)J;3p3SdM2C_BJR|Jg#A;k6G)_R2!`qSh)N|CD^Dr|`GvnRDG`(m4
zY`NZcOzA%Jeu+v@30NG#dM0Z*yP5T{;%eK|i^iW%oSnr@nhD|2KxYK+g{$k4>#H4d
zbA`R`kRU84$MJa|GsK<)NAK~gfn^v_TH_oj-_!R4{m|3JjB|n!2BQ(9(Sv4K8&oeK
zj%h#f{+IVG-tztTKXQ9}gXudKYncus)-7=}GCCfxR7a=d+{q*&M27e4cAS#u<e`ZO
zSCxe+x&ou)52_17e^%=?0@>1?@u?F<QdpPQ3iY$7CWTrWGJ{CLpvM+?sO!E-Yfe{^
zt8-L$6PT7$Vv8b9F8hhP<jvL9Rwbf!F3&|b1o2S8eN7Eg_)uBjUXV4yMVn1Y{dx1%
zNv{aHvfn3sMV@VVd4(`5s*tj!aHh(4)MN=s^TpK4Ni~~-sH*E18gYTN+g&Yfi*>6Z
zlB=eY%<#f&>Gi5YW~-?*8(>4pR?5|B21cqhkIML-jAByBOCr@-P*Y)*y4-*@O|?l<
z7FE$kyC4=nR~_i3g$lGXrA3<WqtXeM+Me=0;Jqh=C~sEEAj-w`U<}h?;@4mA_~$>~
z@#&u*c>MCfJRRw~D3e|H8`hgO>s`mN8t6=iRvqi@md$R>?rO{SYD>RbMY*#LEVF~j
zGM~;&W5fk{7g!Gi^D;B}fb*bdhb#+XQ{AF1-unn=l_(N1K6&qS-U8w>?(xmZB+e!H
zm)Lnq%dDIssKI8$m}dwYuR@algeKghH8e|;uFSu59!PV7+?s2f5Eo`KX_c9w;CXYb
zT)gL9Y~MD|SDZ^5kfDslwdevbjk7>XmXB8syPV;vqZ36J0=g4$XZ8|<LWf<4T`YDA
z%=2@^CB42zbWhj!D6^y)slzgZjh&n<%6j|9ms}~~{K@m>(Q&d4YtGD8G0O(sd)6!A
zdS`h1`ikv~4Z(WO`i$~3>+P0TuU@iRuju=pt}}Q%%WUyWe6IQ)hAtj1MF~a;eL~_G
z15P~q<B`Xo?^(R%?eD(h_U49F-!X;2;WRQ&3melhh(QNUuRB({t273wk?SItM+};d
zR!E0hCD6Ipk?>kB{P)tL{4Xlw6kI4#l3j}K9FdXE_Bv}3vuLAW%D%!BNnNXpx=$)f
zO^c$_We%Z=9J_i<n-A86x@8ck{wg#oGSDi)TB(L@mY}7P$)<|BqsU@&t&`J8bNi_g
zD(L2ymS$sY(-TSzx1q^fYPN%NT8{%|)eMKsSJGrr?HQE|>`e}q3l}l!s!`8Xr?VtK
zK$cZzT5mS&O2fs=Q4^-_ttB_5R%q%g(s?5x=WA9~?b8;Iahc7jIv*&J;_Zx3HPKCy
zJWq1rEy|~%EQ41nCs!u#Sxs{)k?W|G%am>;RSeX^k}C$K5TnanE(AC)mgl=YKmGL=
z{@0)W&X@O}SdIsjST<|e?KWKPHgv;=)n>!)dWBI2qYUfaj@`{Qo7I3(G52LTSe9{O
zoFhcljh5+r#x6FtR#%#x*<hCiJ37wuf;-LFdBIu7B95R1-8sYumc%XGcJYfJb9!cu
zd`=Hd&XuZo#fFJRGY86H*E!0h%oxoDBe2{!nWB8LG=;Xye_4OY*Heai(r$s5HLo=P
zvn`#2@(EOvN0$CoNh`5EY=S8VkW@ETHCIyP2JbnZ4)kbxtyqPD9))!lrvvK&)~f+O
z&5ZMe>KFP>*sglEn|1tdoR4$76c^Dc!}ZMy-7EC%mRGM{F!YMY$>ZlE&RNtvaXw7g
zX{LV_Rfv;y><Fw@J#*KwzS{8O+gH4O{hIA+Mb~wRhFN*s;_yrKP#V**@(JDK;-OFX
z2DMf=HF5uZ;_mZ3!xH%IAAiI4^%Xsa;5_60j2-9L`qLdf9ep=oOovtp|0U5M6g_3}
z;9{lvKUI_9&<2X<4w9DU8*O)urVwcJCQ4r11&&CigG9b{V_~7&kfXYTmBV~iXq%#@
zt!nKM6kYEAWE@NmN^9paS~c^6VuXsm3Ei4AFHZQ<I;Uz|OGPTPh$=|YOc6-l)p9z!
zh!>Iu7gXjaT==7;i9knHXz2wKsrizcaZ72EshWdZ+i)qaLN$i6Q1tt%hIy%aafNE0
zrC9)U$v%o3O=vLix!+rRxLJ0e+Lx+gSf#vn4Z6x3c*s*p33V}Pdc8H;LYED*&fqGY
zSQ-ID)Q3o_=%h%DB~K2L`M6c!Ns~m`O7b!ZqEM2H4n?E!Wx);-u-0OyiNkr~*ZW6)
z{;!|-`ENh*@#8Nn^Mp15V>))*o|~I3H#b|Zx7TboTl8+A?^hTM{jiD3xdiZai^Go&
zHClAAC^sY4GISa`g$tS`1WvPK@t~YSX3sJ$%+t&?&&<w6X|S2_A#k=D6+E31YzQf<
zMvBr<Qx$aec9bYY5q)uzkc$MGR7vWHTL~f0G;4KRL+3*y-c=Wesm2wEx;SpOd7G--
zBT_aYbGgAOUrt-O5vipwQ7Bn(Q((bKre3O|7(yRwN8{*3(}{^n!l<jnC1a|%^s}Af
z@%fq2_Vh!K$6{s1PCfH!jdLMZB1SNsr`Lus4FtW=bpbCko6R+kU!Hii*`YQ&)M`ag
zr-%S@f;(H5;~1s-PVscN$4zIp+a0Ha!)ylD+ZElaryF{V)}W(jOVQCAMc3)b+?xX-
zcwFys&O>LgHgNZF&-=#*x}oETKYYjT^({&Ze)f#}6U%;LJq&b1in3o1=+%H2g-=yX
zmt-oURC9O?RdJivp&}q|a?X@MpKm{%#Rpt;!|Dtmy}D6N!7WWPcD=g-wVR`x46|G~
z<W_NL+E%KGvye2e?l3u6F3Y!7Ywg7}Lurv5MbSik=V4af32P!<K>~@W2GGgn!=f%9
z!qA#mo9aW+2A!(L{MtyirS<wq1NZx?Y-p*sxw;B+Q3bVP3*CqXf^H&&$gu}f)Opz;
zmVZUvD6HZzujSdrO)L53YuVeD)NS%@Gq);c;RZug`LMCZlJp@n>b}i<DpZZU8LLol
z>ZX+zB-4r|eb33Yt#c-nE_b^6s`Z%LcA3y1St6e*(a8Ri(!%W0yupT8aad=W?813J
z^6r;U{PiEd^8V+)b9jEh^p=%TcxUK`ft#1Nynb`btC!c@Zf+R5fqu88@4ATo4?5i@
zak1{#hJK^5qb5v(9|N7y4679<Ju@C>ru!r3>CE%#$T*HMx;!i#-I<dgaZB8gmwt(@
z#>Jq5Pq_VfJ$2|HNaD)H#@%IB7o|s_8fr(#YRfbuGD)Qv2o0UXHTk=g*ms(Ds1w)b
zaPrmGry3rIq*(7xOhXw|7qN>XwL#R7)4r<1+G(OBp_J5=V{uU+<70{JiPHF-vnCR&
z<H-j`@u+d8lZmUtn!f9!>C$_q(Q}v<j4?1TC=~?+HblC4P(tVw=Y2F;DD%ua5!R~}
zi}JY6<M2^>J)d}Zc;NG^xBTJNOS&O2ooCL6i6t0rcQ>dm%C57lLy{+@SAArDs)&;c
z3dCrPN!EgC=EM6(9v=7f*B#$~^Bpf<-J*g+X2-Z6IX|B;X22LtKNwcq0ki5+CIg~%
zMPR3|Hk)7LT;{8F?yHKYJ&5FX8^Yz<-0npwUZ}0JGUX-TRc$hlDxxLbgte-)<~8ih
zBARQ2W-7K8JCqPi3GGhFfps_4p_*UwZ=sD8fTKqUMoRmu5U?{UqfyjR@^GqoOPY2R
zT++Ssp|NcrUQh&DPHMXls>b}8s+&?#l?<ZGG!4~y4|Uzp@_S3#_Csn-nuHJ1Ej}X;
zphI)9MU|NDmQ=1n%>=0oM^%leGzS4{&i&UtewEAJ;^q|$Cejb2sWMZg8AN^6wrNKS
z>SDQ)CigyGgDl<7m7FP6S)T9FoSdX6e`+jyrIJ@?IU#c65Q%he=ka!7c9z39@&4y~
z{_D?w=gX&0O!k@8t>%hr#`A=9n%(u5?|*pBx8Hul_0<(CR&3TAy4`?y=uMv{ErDJI
zw255AWw9I&C+t&{7T7*kMaLy@Jk9J6BhOC<o}QkVrv>L1=IO+7Idf)-gbW8u2Dpc)
zsES1Q^!tQ>gy=boBz<4Z$|bn0`OiQ*M{13WO{=v0tx)J=)xO;XY39((0z?kQvqw__
zU3kh8SvnLkMDjM#qy@LxIhF1H)fQL(UtKCWDV-AXb{C?eR75Zm=rSN!g(M&LNt|F%
zVaA3to#}9Ns1Oat!{L#BFwk{$D6T|<_Y8iCfVm`CdHQl>we2_`AL#~7kP+8;7N-bH
zL?<20flr?vxPE=jx4(VM6&;UHdk$VR_%)-q?3|0B*v_D}p~u8{iuAoZv8k0MEWtC5
zXWswxEBALtUcLT?AAa+O+ZR_TD~$8RGEN*H_w=TtUmMJ(qu&j5>kgx{=TVheq7we~
z0HE6qqa7huQ?lgbJgv&y&ZIV*mdj37RYz9XK|Z(>;!H`a*2Ezf2?RyWnc)eI!8QO^
z*I+_Z5@>xi#)_edDQ}c@DksJ!gI%6kMmtUJBxl2ZZGl~+2WDkQW8w@^%_ogeJh!g8
zh8}xyftrW42r63AY<7i98$4G_QJQI3p4TdAVlSH0LWu^KI>##PxAfYkGSo|h#N?j2
z=Kn{iAeWm;x>iP{@}-({tZE~48?llES_Ey0n<!;?+63eLGo;GKB$G2GOiY*8Fh&1W
zAd1bdsv6-&l`g~uI8(+8eD~s)m!!hU()cc+pF)X%j%l~)`i21B;aPAhVpQJ$@{vFP
z>93sk4_prm>u+B$8i)OOrl)7K+w$toE#Lk28@_$<4cci|>kaGO2Gv2QdwR2q!*>m)
zi!G+J^@MQ7_=zsj!SDAA506hgolZP`dE|Ka%yD{7L4A?F9Koo0vx&p40r27rb}Qs|
zt$a0b7K8FD1e+9UzEL$rDQwA?NwXj=xiOcW&>`mte<e|ni+j8_U0oyp(Old}rNL5L
zenxso5`}u)a~GY4i?)u?m>*gzgi23yYhDaVq@fxJY)WFy0wW>~T%qVfZ28&jTMU7P
z2^Tb7=yBq(O7KpYN5wK2wCOmrVy8QH!9;6{67(uk7VN%9Nx&G;YlYH1#wo<5P)KDt
ze|g~U-Ih(iVST-0y<KCU&m5<T$J2?9j&1K4Rx8%46~P1uaV{Dp#K1=vbG`NtNB;Tq
zJI>R@cfb3dZ@z!a)y)oo<#=X1oj5+75Cfatmi5h+^>&L{cc68>e^fo#+H^TPA2%7T
z6;7ux(p>rIv}TviMoO(ED(+08ZRa&98dfzbBwc9oKAMZDbyaY0Ef6{%Y*nb^n><%4
zbM$cO1<i>H1ck|P5eYF5NrwiPlRofQ!iW^slnD*$qSR7_odkUuVn*ej(`jzvW4kLP
zSFx`Xid2=vN23e1dd!cWlonStQ|UB_$tStOj7x1br{jiVRK$N|scE{etIRo_I9dg`
zk%oVl4PB}F>(ccwideSSgo?CGC)`ex#;B{=C>lgn&YWsmjm`N}t2)5b>GNhaUM5o%
z!9bDdYh1IrDv1DE<GXS}3qwoAa$2YFvShYMgm@NQnfN5#?$Y+<OFTrZ?6Sd9mwAS2
z{RO46)pb+T)%~5BUm*m%jt{ff@poA!$NevleEH`cJA_x?-tzYQH=J4Xm%qK^=q$VS
zmN&OAc=hrPx7%-+U0}2A*}l9%cO9GE2HkQDlh(~G3*LId67bG4&7Ln0C%)X>@%iH&
z55GRKe?Bsu7f>f$n6X~4637tzRfsu5q123_+?%liPBi)Q=bpA18c&`kooYkj1%|Te
zgcQzUGJe0Da8&YxRgb-Dr6?71rPM|9u3Dgdvn{1+DG4XQ5yUqQH@Og5lt5}RY3mIa
zsW+iy7z-f+z=&J6pwv?EGnt2n4yCJNi5rX}BvOe>b461WzD~shg;z`3LgRg-y+SXM
z!*|d<i&`_v8ZUw-0#m(MoL?egMI8FPMX3S2M~9f7W!1#_%M)MF4Bnvr<6B<6dc_L{
z+<D>t^F8{?5w_P{@1jXLtbJVkU5KXLX<|N)eED?Gmk$SaH!J?ffBu1+?_Qz$n54T*
z3;V;K=`gWo;QH-#%ye39Fs6&oOejfxQ32en)2ivZlyE$)a3P7Hbo{>aT0n@{CQS_V
zQxZX{A<<BrCYk*+iKo6%CzZ;OJ36J68=}eeazBu=i7LR9zf(;_#wQw24o{7XGM&;j
zRWt`Dme4rK{YF(nnhcbO(nu=>zX&KQEj6PB9aLS;(k4<Kp)!E0RYGa+q{Sqpzo#?i
zNK>;ml7~Z7t=hb*UY#=YQU%{uP8xYLqe)9IRY>F*m(3=>zA2+z)v9On0We{Gnn9mb
z1)mgEVTv6_Y8Fug-t{#}qa?lhrnPCB4J*q#eNw6E(8$lFo@#^on(?D?snj(2vCp1>
z93qCg{Mq~@ghXOUDU$KVGMDT$QDwNUnsnQe0-WYKlF&|}i~KAbU_J%*cW2HI2X0p@
zzWd)_^7_qdyafLImtV0{K(7p|)tb%vitVsQrit6v*S!Ar6<V)Sm7)^%Dk+jeU|Is_
z$@6$R^ZD~V@BZ<Q&+k8Qe0t_Q?Rk27;^B0_xf!iIK6n=InbnL_zL>ismMLLzl)Gqc
zQFw2@0%Q}UMKu8{CT&cfOS$(&3~`1AOIy{1be0Ll4_DJ>8myCqEbU8;v%YM~x@o;e
zC1ZXXd~Ib*$vq}ZD5O!|6?WrARiugqS1Fe$@S*uEswlC9oOasAlEfR@15=q#WDZ|y
zg*F<*Izy8R1a$_l93xAyn^=k8rJ!)BFR#Ol);7lIXpPl9Cl>5{M4kiNFR;4l=_CdD
ziDG$LIJtoF9zwich8`V+Fni`vc(~tl_vtg|@x<F7U-IK`e&FWn3TBT#S<Z9dbR2m;
zPYkP$>+f&5d3hCS45>~uO2rV+)RxjodaV$8sV!5jGUistaSHX>iYmu+Q0;O`Z9Z1y
z%sG`jbCO62;s0aqy_y_Lk}S=mW|x3DoCGV<H6zmd|NqF!KJ1G0tn75x6wS=Y$Z!gJ
ziJ9p>7*o3d+&!ziXC_*zE6T$i4qRNAnW~=iouneRDs+grRNTe)isRqodq<(73v5#9
zi{tS7t00cDoT02x@x51GWyeW=9L#N$N3NPFVI(4)F?L%#n<xh91!YumI`$|HMJ%T3
zxvGd8g+f+wkxF`stN|hkFqI}Qpb*LiRa_OKfa83MgQ3eMsddaH;jAhPX_1aR7AU?x
zK@Uos5hoC8RtrRvm|XL<%Nt)*+$rhjN!49=d`5b%aSO2FcT_C>P0`;PN!yg#m9bJ(
zk(41q6XT<5mY$<L_X6v%h@c2xQ(-`vL>HPvR#1ripe(i!`Rci=lmC*rgB(6YA(o<M
zAAZLUu)Tq@7N2exnEmz!?ME-t`1bV?4G2qB12;>|!)elK#_DE)&%gPIwyiPt{=Rf<
z;6NCRLC*vFalr9tasT}pfBoB!xc}it9KYYA>yOwScX--w@Uq!rJ9M5u2IJ}CFn&2_
zz%YD#wY6b0P)Vr5VgdDJ`y}gug@xwa>Ww*JoYG*Tgntr?!h8}l&4P!B6PZG2F|bZ&
z2<7rTiN$l`bRcwDSsVT$DfafH{t^V2q@>Hykg;{iNp0tn7$Sm^L!;gw%3^L8Bm*&4
z=^XAAq1|ME_^P0MXdQgF!lgyP!8zljRmdeGfzRCWF%jBTP~@Q4LRAi=D~yUTu<;aa
zbHx4Q1De$>hU19O|NH?p)iAprkHdi8IrK0%P>*J;yh`q+$Kk%i{^0;#0{`^S{{_q6
zETC$Qq3eLbtLa`g9S+AHv)K$EK7W8(wEhk=4$uy@t^lnP6$i||L*-HwE3EZXQ4K<^
zD-SeKnO_Ii0@}<Fq@F;G@#|t84hJ^;Z%diA5y>jfahi#-ic#*N%aKwGIOEXb?+`<K
z&GF#NDJv<z)j5&8lDQa4+;mQu+tRQ*Yz$V$iwEOEl8Ylm@Y+&vz%lw<<w3cWx2Ca^
z%BOQz1{s2izeM@B|NK=!vS>NaNMf{jytz3I--B5cgvxP#OqCawgnLSxCZ#aGv`(n7
zVW8ZwQ~N>%T61L8g`Jjz@<e60eI``I>?##2LH}=ccx^@$D$+-ip92-fv*@H&6i!(#
zPYhfLQ>3&IQd$u6y%b@rqOHg-RGB(_JEzTs5}_gy7yUeovpOph(>(y!E2^TRvnGYb
zyh8JN4TT%bW(@{)z<zgx(iJoqx2rj>Kdb>&<9KW^TVLbzm)~HyT*KHA#trED9>>99
zckHn1dUU48ZnwqDFVA@T_8s>51sFQCw#Q)@@cg*N^YI1!Fo4DpaDcNwuPh8PYU|Cs
zzACbTm<>2qxeiQiRaXcMs8~*IuFR3mflPA6P=N~<lyoTpFJ3)qE6<C2vVatp3nc^)
zcH&LR{tyac1{ErtXc@>$lS)5J#fHRUM(Sm|1}ap2W`ZS>^9VN)XFzEE0{2l!goCCn
z)beq*8IOo2v`)j-X6GX}I9nyGAd+YR6}cp~Fsg!XYkzPy3?>U>2keiGAAY{a&2fO$
z7K>&MH#o1%>yGHQOQ^bqLyhjxV>pgLKjO=WJKX*spRoF{MpG$h2WV%}cOy2BTXc5B
zYPG`k)e?)g1~~!`F-aL1D+^SNid5)A`FGc_ubO7s&y0OsxX)5bv~5Cp=dlnJkjzh`
zROt{A>X0>;Wcdo&LPA-v#2hO&7O0}o*_r~L#U_<HTAZ1sF3e3+aG?z>yCjfSc@Cmn
zj*)OVuQX8);*&`!)lQ_rGN6@2_{af2Cx)G4B)Kpt2{+|{4&u-r4JZCW$WUr}D1id~
z#pDo^3m{b&S*(yx@j9FgqT(c)I$3Uh;Z)#44o{5drm#`Oozf{zGp{higANjIO}-Vz
z>`!wbO3Jz1Va%l6oKVD2nxKupDJl*NI%m_Wl4oV&BJxQTWPT|VtiWty3%^H+B_T~F
zb*lQJj65Yt#z4M6?S+uDr>FzbR#ot#1{2?jpsb6Vm#%8e6foBWELspM9|dh4SX)@G
zK&r;w?Je%U%rH2>JQ=J%USoNC4OLa(&cG^PeH^yW`1<u8KR>)+_p-ruyTS3Wfg1-@
z#$Y`5*gn4CWxL0Ae?ZSiF98muY+@fO$K+s?53?cm!|PO4Bz=BJkPY=fJRRmxw9r9_
zy?CMP&n!X|AX|cn|A^HMONW<E?OIG-bYh<6Qj0xrcubLyk~anxB8OA4#3`(kGKv^2
z6bu~3!mJ_k%VJv&=G1T>H@!rQpm4CvuZ}6pz#J4RG%1E7ne16dAW>3?d0&)6!&OQ)
zR-}A{NadBI+$c1&3NuG=*7;}!O*o7O{P=(d2HV+)PPG^g7CjB9A6gjKz&VXd)o7~*
zH}g3@{oxkB`KKFPuUDwZ&rdWf><%5Co}WOPu)1DizL=p|wWyaBs>)A$oMkV<unsi(
z1WeKdRcVm&VSGNnO9i-q&m3|oE-2(7CG;^8xH@;6M5`=7PL*6!WrTTnr^k?ltD-<8
z>JCChmF(}F$3M|-;!>9;BaR|afmD8OnHL`yLzSi2N=TIr$!Z~2DXzF}Ihj|}CLwmr
zB==L9YvlZ#%@5w9@F9r>yeNS}i$jI0WH{3rG|KYHsyxe*rvMUUa7{UwibY$1#hFr3
zDM5E)U>kXPsjuxM)glve9m{MZPC9>wAZXxnqll*z<>H$Z<+qu|Y_*VjGjf(|G&NJU
zMKWYNGndMc^otm)6c-jME3IU@W1$|TIF||)ld`Fl%hZV+^pzGzj)Af+arKmouueZf
z=U|p5C{SH_b&GZ2(STe7HXSNzFl&~W*A3=ZHK^;cY6c&i$Ur}i=thHaWE_tJ#=*c2
z2dLp0m3hXD_ZX<dp+8{1IbyfnVt;sn?Hru-@f?6dr+O&XAg9s?)J5Tj5@0XN=vopH
z4vApFRBGWED0v#Hw8TS@L(;}VDML)?Mo;Xs5b@O6_rQg&KSEMj##VEY^aaUp_OF@~
zorMDHn}rHCnzl`913IDFD_;v|_C)5haAr4V!*C_sRX(_)>=rT%n{WVd;aRHi8L%1l
zn`{Q&<D^6MgJZA$)Y>y8J@6Q)xx&CBMsl#waF$`lEqKp3+z+5516zZ!HmH^j+Ug2T
zJx8-%V!5g@Unx*+;p!l~u<Uc0_6OLm!|ZAS-Grptwn4j?p`A6*;Q&Kb*h-WqE>WeS
zwDzbV<>xDuBs3%@cN7lvF2~-)ZiQ@}CyNOODR|zDJS2qEjL*ilZJ1xhP*I8m`LJIY
z72aKkB4+^rl;z+tqcjV5%CFB*nRS_f)S7&LnqrAlEb%$gr<#ZgG3_sMuoTkpOG)}Y
z=Uq%9Yodv&ij)S<i){Mu*v1o^qe5wxMTpwwGD#}O_MTD2PBQWe6H=T3D2IeVq5vt3
zD}3axX%RVIaHPa0YLOZ4iD^e!j+vBrK?GsbDIy3;SS&IsYv42RQY>ej2aqg$04~Ih
zD*?HRH>f2_2oj-rEUQEE>K?_JA{$SuP8h)w**&F1qNG58LdEL)(wg!;!x1w?(Q>E2
z&P%MF%EnpEgnC}1nm3?%gGwt@JH~#y$NuF25MvxVbVq~z^A_KJ{sqSLxc=Cnxw=O8
zeZ=!&hhMfY7`J<j{Q;dlCLf1m3ukR8+(ddUa!_6(oqI=lAf$Ut44|OchYi}o=Of`&
z3M>)&C;T`%-ELU6wJ>RfOJC6Rk4u~~3Uk3?1C-#i^gLN);ADnLT+09eAOJ~3K~&f)
zM>uCleP(gCjWlmj$HfpElsK~-TVlb21fe9=FicLRJzG++vMfH&Iw*u<a8kK)3drzT
zZc&u41U$3~0B3D1s?mUz0#^)Utycv*!iW*wegGX0s4by&3K|U*S7@&r+<m;lr;pdT
zTCUJGbGVtt<9>soZc(WUx-%ehSl!Oh&gU2h1Ga!x8ne1VqiaC<E{;~A5>i<;hZJ<G
z(#+T>60>O~dRL)!Cq!l>=8Y-kT5+JuP#%wjgN$Y|a$rv8e<zZoNr>OL^yG_!EG2D%
z61Q>On3AubNx&3<N+t$U2Ggb3*))H^Bv(kZ%H++GR=$YG;XL!GOzu(TnM>x<iD-5|
zoD;1x5*=+igNjTFG~t6v4rXy+EI_PGnG6wkZb4<>i7yC(c2Kd1ot7=LID}S$N}g>c
zfm~iv%#%haSWTiEI-cebDC`i20SI$3CSEHEg(XZ#<de<VO?GXPhGEVw6)ISHlwvhF
z#B->^%$d<M5!TA_{fufWilP}6-h-%!%nhQnAqJy@a|*Nh9P>qk`J%#n(PG>gJU?&n
z%g^_iEh;cZygVQ9<BvbV;eeYjAFv-9ygYr!k3a74^z8}V^A7HK#ApW$mcb^p6rBZ}
z_4iO}7v)6U6e1a0Lb5H#NCFKVd|mP9%ZpmJD44|u1au-Ci2ZO%;s-8>gJnG|K6tT*
z!NU7iumw*yq9mOV_c`RD2tx3XpsEU7SYw^2(u)sXQuet*oDPWE@;r(B<a5sH&}9k2
z!dsFe;*3=#fqEpC2VuIa0x{dcD2AK+;l3G1P*6x#)WaEqa|E<Cs-?!FU17bx!|fmL
z@admE;=}q1Gu>cD4OCm9w<De&Hkj89KFwP!mkZQw?Y&CY`nFSwC-H1gkOJunnv~~)
z5)1JX31wWaO4EiB>>mykKnCG`a?x8VIz{n-LL90cJ(<ymb}3Cw^PJjlaTXAHpo$5V
zXdL+FwXdFNLfeT(c^kC`B}xyK4lK6V4|mAq0HW{<3oT9Nv?&T^*|@M{g0F~lZgDYE
z3VWQ*h|WbOd}lO83g9dH&1G1f?7kCcypQJWUrIn$5g#t+Q97#T(kv$r2vwLnDb6T=
zR;ArAodT51I4U(5AmPZNA{8Ug+9*FM7N-@>a)6yHMpv{2^KzraQpJ-sPPSGRkzfGk
ziZP0lHJ4?0qIQJ#suP<gP1eW+cuWU2RruQy$s%oDF0=uC%R(`Qfo<@@IYQgiSj=0r
zZH2n7(XWp9`qLiYe)*2|?GlG>hli&}ShD!?PoJ>cTKw^k_xQ`d{sq7M^bOtq1!LcV
z#}S5od&fBw+Q^(hg&uC};Mfbcp}pG6#s9<?>GGSWl6Q!LT$(eDS<u%@Q)&r&locff
zypp6U$j<@`a(J$rRRLEemZ~@_-$_x+luEw*d*fzQO_Fll1j@xl!_L9UPsNF!iBniQ
z!HA8ltp9idIO5`Q(j6KYfgb9s((G1%j>PlH^XZs~?O1`CU`IeV3eEy{9N~BX!v^+d
z1yw85s|L+_fki#X`g(!u+iTq1-C{YPqp}LEtuYRM!)YyWwP<j)TA<Q3Y!4VW`pSD$
z81_Aen-R@y=HDYtuoWeBa8fxU2HKIJ#{@;AqjVq?x0qk2Sgh8;Ur1rCrkF_-+au!O
z&n^pYsDvDb#wZn)u@dMZ70j_#<#oiy12s#kec3i90lBUyQmBP!fJrLjkX02i=SMUO
zTr3}5^eKt+8<j)%=ntYWPl1w(wva3c-)FRxeNIWtps2Vl(}v{ATR*n>m1GJ{&_*QM
zXVI%*V+VXvAr%Ws_}ZvT%6~#4ac;fEP(BW3T?$h01Tzp-C}Nw0@{@`ukR%YIOva81
z(A>%tki<C83Z-`3{9GI`%bXJmXGV)Os{<m#5b4E{xbfnLK4Oqm@|NWLr!ZwQC6J9{
z?Nd=j0xlwSHZ*=5jE|jHgvu$XfuW2=OBSvsv^7v$1z6+fg3P%8;Tv8aTXeR^;;O=@
z-+aLjKR)CC`M>@fzWw<D$HO!Feuu#xVeA0QA+|yJ7MlXYR>2-H)PAuF(E*AWqY83-
z>raY)rfWl}qDtr{8${kyadez3<;kQgG<exfCZ{hFni{X661hrJ_U%yGU`foO+@wv%
zD3Q)5fn9<UE*nDfu_fWbg|KodxNxGHldl8ChFeKLVDT)(;frJhMtq%Cpp_~Rt8_R^
zn-^IhH_3rT5@Of`>I5dta~&&?v7k-lb$WBK1EZ;zV69Q#%y9SN8tdg8t*TKk6;u`E
z&7;H6JB&vkX}-F?0%>5mm}6w1>qfw7RGOfvg4Tq-??KxRO|w8#X;hU?hke6As1Og;
z1>A{K8h4rth0abi=W_~EmDP#zn}3{RI)u+*=4P@?5a2Q!i$KsWdsE|@?4<fO@=jyr
z7cDnIO)C$*Dux8A!1@epe>Fw;C~*U@%ifvPrxx)C(a+7~g$X*$R^p<lITN@&3(apv
zF-A9?m%_zY0?z8f_o;xHC~sOShVR}3IGG_K2MlTf7*sNsujt(eCETQXi8l!%U4e4z
zz?Z$@WGjd{@oZ@+zJWd+HREpcu(8aC;zYiP^ma9ErzJXi)ba}%t`H&+u`nU}3n`mD
zalS{P-3CR02od%~C+AbLBNRLxoP{llD81KCS^%Q3MIN=13TTQ}k|JhGG8_l5a&g^=
zmK2VPF_Ht01IA&%&>Lt+c=_==xY4-#?PpYaj{oof{WJdi|NR$y`}z(2v4=G~zz!j9
z+=XS`rDb0;gKMA1R5=|wa2Ce-Ih%D16XM}n&R0U>Zhjxi^FGVh&%){u_$!&^E#=%S
zbYfG#QDT!!wg@^?XM{!%TiIwW7MfgZ(WGjVf&?S#?y!)hfx1h6Ii9ouQIPuNs|aSy
zAYX`cC6_)0d{Tj>>XKBNPo>3CwEl7%TeKrXOaq1Zc>m2BCd>)*CM`2{y~nA67Zj*U
zqiTHqkzt3U9YEVXP`Bus9t~<-)l1ymt?}{G2OPVjKe!%x41+~8o1>n$o=s;M$3uti
z<$&4p3bc%Ig(@48Ip@%6QDkPxhyx^!H@+;VlF?PmYMA|@A&(&(ltOCja+qCEV2e58
zNs0{%V{E=voj{Q>vH&6G8%342aJ8g4d8~Dn5LQ*0>Y7j1({fEl)=H^&1a+!#($SOK
zJytN$;jLBjtrcTT2+~4Ekq22Kc{y_Q<HR-~3xx(z2{Mk=ij@i@$}t<1!lgp6UO1tn
z0Htzju{mS{L!2{JDXEq)O`s{RT~Gu%%5SPXWGeBwrvM{#=|DgygY04~%~?s9JU%K1
z4a!X+md#m#l!LJ<B7t=hfEz}c1*P(0tBP3q+#5XAjl~u!`}T<PCR>upyiv&o7Z4&r
zMo$V>DHsNNW8s+4I|s)W1CQwX4)^!Z_~qdNBlqa{jPCD0<N4oq`1#w<P@4l99x<pM
zT3a|bf}9bt@Id7lCO~KvF&afc<7YsFwHU`h!3d^GN_m`8@nnh#22FHu6soCcb<U%i
za$`BA)0Lloo>WU2%)~{sgrGhaQ`bqH<(YSi&PdP8sqF+RHVv=1&~|g8x*;L%aLLCf
z>E|TS{lxiT%b-L8i4^qcn{puzg{b63vbZYoK8vzwhe(O3(t8tshYoXPr5q|ERKo~5
zjsO~1GU#xCy|3YV1-@J3pMJN-Y%vGTYS64j1xCN$!}bG=bx`o}>sl+%JtW|`+u?Xv
zqFE`_PJygXrzM1iIkdD{35Y4@_7|yKk;FB?hJ$IE_aszPNNE<S);_BXDBzxOX;VoB
z2#2<Oe4ku|2$a5(xId(DQ72fZB1Z|#B5ftSzA)>rSW{9yMeR5^Z#p)RVc7~ikjrxy
zEl9C3sno^DhQP&(?%o*k=QL*}nQV!Lwg@9uWh|;73M!Lu+GmftNE;1@8%=PPsub10
z!4?>1E-rtJbck1wA`V$yv66nDJU@v$7z=YNb1B@bLv^P@8Oh3Te%bUIsxcR<Ey@Gs
zfR~R+sxkEy;_Q4nr;=WvAp0yTM@pwEMWq$d1p`}6B`_C|>9ds7H40@?Y?OVw&_~wk
zhUP?mV37r-oeT-f*rNz{jNymY`3Qo8F<=*<q$8mp48DJRz}K(e(U}pn(AfU{5u1mv
z*zyKWIkc?<DTkUgtWg-PLuH+BFS|fx3lZdz9-^xXqXkA|VNLWM<qbIm_xj~D%@mzT
zNtFTsIbxqyBoNf~^BTG7pHf!BV)`Np+fKU9(p)j#)QmFWxiqcvL|V?p2FrzWh$n%6
z?quFm+F?<&A0aHaWqgI)jGZ{PP_fBS;k98f`-~<}sCPlVMQ5ThIEfobh(-XF2qrGH
zT^#^J3Q8#`YhVrsjHuDhG-|dWH-gxpQb60*K*bo9L$4SO6uQx(QsnKy%G(O!216AA
z#{rwoGujVx%xw)~&;FyT%HV+FjKFEU5d}hVbIEA}F8N2(2|p5a5<MrRy2fiOGue_5
zOdPRd>xwxjg2jB2W0ypN!lH_o^ED<>VI?DNjw6Y!{fgtjiSnWwCBbfLPKnNa<pm8o
z%@nfP&k_p4Z$wX$NKcKe9ZqbyY!a=*;#8;=CMcRrEaCL?nsX*o61#E!@aqWmw9-JD
zO;#@co6E$8WEMyEPtinSMw}yim9&63q?iFH3VgUkkS|hhQ}jCHMDdbdi_QM81X7`C
zghU8N3{cs44LIy_PE7<Lu|+AqSc^?aiZkN!W3wm`m6VzbL{t8`sC*=GZ{_wvT41A$
zoL%yWcysCqH+C5M(dP~E09E_+(EFbr@NoYKt1LP@;M?~HJa3<1(4%e#s9Iq(8rQ2i
z?g;qlrw-#tfYW|Ppe@)sj{$<;xCaxgrN<tY!#qbRIC8-x>oPS!W%Z0k_J?uu>bOF|
z#^T<=q=w3XQefg<Lz&J+#d7WMga~ovlS+$%Q7+q)Nz8fNNo7-_U&{@%tchG|*l`kY
zOt&PSR8|TKbuhD@gsJDpr_#F>nUYe}K+ygGnNI&QZo?~%7*j76O*TvhISmaBQvPUU
zm7N^%7=tswsKG~q;{nYb<F}u#QG<Y4i+0vv?i9M`1MF&!b|j4L9&^^f(dQx5bq(Ft
zFv<%X26jNJ(e#A<Zi{vI3APScqbkFY<C+_js7>@^MkTNd#R6xHm?z<6fPtdySM*D_
zH!f(-s5eGF#4DHEsXE7Xi?F}Qtm9HSr^0*ef`>_Eb#_LEWgn>%icl%as#FB!#S^om
z^g=WXG?wC^rehIq$4P;g!ra29rAVs1{N@znDympkM*orrOAGlt1;F5BUs5V<bg}oC
z@`!X+m}EFH7jJB0?g{NR2agX2*%)a`vz!92PjVhMi2_$N70zZ+g}@}`+B%SRdE#S?
zW?*T)RT&ZFy+$gJc4dm5keq9o3#CE@7B*T-S&6L0qN9k430)P;aW>5mQDl;GNl(jC
zb`mc&E=9td<|WjGKJ=;Mtjuzp$Jnq*1pEsu+}NYi4rA@0sKVDDzvBDXzhN<7Ve@^&
z*FXM<ZnwdFuF=&RY#JyBtm_7|c7?BBA21vZRG<m?(}@Xmir~cV9h_lU3?Oa8YxZG;
zI<!x1P-GDZ${BG@w4XgCf*qCZGLlu3SUA)69;5W+WNWI*J1>An5>cp0O`^nRLX*wG
zP84}4W?y{jW)kq!5&#tITnjoqL7tJ9pR4-{Vq}bQk4d^kRhB<nx|l4{B!OvyHWD(@
zq~vv84amf(f`Gw>@?SZhY7DAy<Q@i$Mtfh;tZr~MTlq@6YEf&2iXDc{7WO!xS+C)$
zBSt8gZh&fPG>aB$Q3IqfbRC?rnCTi^F?QP>tQkWbhk_!Vx=OKXaH)Oi4?tE~kPe4>
zi`2qYN(o9zgr-8|8_9VxCe|2{^qh(WN^`5EZ=wiO<}}puLJ;LECdWQuHg-N7r|d5V
zc@-^jdMyc}K;AW0Dae%8yc4QGl8t)vn9~wr&xM><A+<7Msi&s`o)no7l)d6YS<W<i
zt>WyT1%@IE3$pMl%%qr3?(bB_D^Aj4o(2P|@|3Q4(sdRlJc-nZq6>1OH4)`+;?&04
z1$w%qpJ#_`g4#~tEXiCPOXis7o5BjSyV^xhSA?UgXmsPOnq(9lLY;S_m?2kczf>6u
z;yqV>=Zuv1T1Yjmpqev9qJ-GYodDg0)A|^ceNOp+JLZsuM49;P$?n?s+J^(ECYWKw
zw;#UYPyhB;XfxpJpYQSghi4oPdo1r3SghyR9d<Z89YG^dFB^P+dc;e2$Pp!BQmlfq
z3C2S*opR6yp8Om}^eSu_%oLD95g_W)!3)qnnj{5LBu;!XX`a?Lu5fEX@VH%JQ9oC4
zOeG9_W?_#UISyvn;42hO6(zWM0lWh~*-Tt9$&$u{>FkIg6U!h>2~tDo0GV2P;(!ww
zU(DxC!YAk=l@C?o?**bdJ~wglD_To|AWlZsgn)A+lu@t>=xT-5%rG1Yn~g=Q2s34&
z8UsfI24kVQ!sra1_D}fU`?<*Nvi9vc=c|7>28I!+y_)XW57=+_;OiTZQvQ&xGr^rj
zGId&H*@I+LdVmU5A<G1APBxdMjE;cWsJ;_3<w#cH1V2Clv!--?^Zw58YXXOEjE(^2
z<S&(v5e03&b#H{HiG=~Na@sFKX%-Zoyb3SQ#md9wV#6h6K(<iC!8xgtiok+|kme2n
zM65++MqIX^sQ7tdZY_u?VHgiioGwR#9w4RJBm@vb%|@;q{7d&MCoUZ4C}1%Uij%_>
zQg<nRH9p@^Wu_`t2~{qr$Pyt)29*$=q;4n&ns`>QL`7S?@gTTSu??AXi$zc&#bqgQ
z{ep=VLg6Dfu8O&k&~s8r1%y*jI#RL<#OxHL>I)1w>tBNn5^JVF5r+ZD!5D|*almHx
z0x<ByU%uk|kH28t?eOsMh{I-&aqzTeC}0>ySj%YU3TEi>?Rk&Q?tmjK7y}d;R6!(D
z*EN(<=*<WV2dflpJ%RwtLVULg6`W(2X&~X0sL5|z77!5-*@?qNORQuVWF=R|0a=l(
zgfl`1aeftn3oNQ7E+h;Ry(3XsIC<18p*~gD@rjQpODf8&SP~jOH~D!!Yh~v%o2ffv
z*u~^pmfLRWP~sDnU*Wi)c)nsxitPH36xcAqk>5sPfz6)qr@#Dwr=Ry&&sX^Pxy9}0
z6_&L_rRLCf#D0H(u{8`cnnnZF2xogx7gTT7!CHfZ^*K;VH#qKnI&#%$XiYg^F4$2N
zm85e{$q3{Pd(o7wa_!CR6{E>A64a4?HX9BG0)m}`_Bg5GtQb{DHfU`BJLHaw7GkO5
z>dPh-bIN#9p_Rp=BL-$vq=QsD;K5yN&xy*0CZnV}E>PiE>|<iGIg(DWTb$H&;@PF|
z(@rw-IAMyCl-beA5Q*ZhuY!x-$}WLR@Y2Gc=TK(G3k(BGPG*b*4;2k*$_S3q=p!iJ
zD6*6y&n@BHf~}nNgg!=8E)Stx&yh!*%WzRKW<?S*9wy~7IUh4D`|%{=<w3<u$@xV2
zB}Rj$AC-iAz-3cj4o#E?hbW4ngqunCka$dX400A^ZC2{2Oo6t>Vl+K=`vabSdBEnE
z9X2n|c=+*WjAM`eeuG250cu98HLR;(dV^u?K{Ze{gx&6l$L#@3gwfal#U*cWtTkpc
z4P#uIS1CByO2Ih`YZV3<458BT=%5%*sGvw;WFN0>IhzGtF(;C<G@j50RN>XZ8GRaw
zWxmw8;-U<q+~{=CK0e<z;|t9|c}Kc8+H77-WYb+S6(>wvC3N9;vuF_VM6<^i+m*?x
zl0@<hnjC54Vau@-ZA#$-BTNh>d{WU8kFbWZH60H7J?^Uo9<~eIzTDuZ`+yJEz_Mnr
z8Ub2>wME4<9L5p7JEE>VIMo@8!TMJ8Vy4l~EA(B5eRo8&s8Fk5^bO!*g-onY^e*-`
z8w%C069*OP3yKF?m%N@~lS1z1q<c+e(UXK?=lPO!*5|uKAuEZaM=>S{D4t9pDGN<B
zi{n|El>rq^y4o?OA?nMu3#WELgID2{7$2M!Qg~F>ds8yfkc@zhvjTC_kFP31`;yTz
zDj#%?z>S+*B-i?<;4{%<8Y!T_#(#|j(k7<loktHz*H%`L<UU;nlR^dGlZY`VOppvh
zYEA+p!4)T;Q6fr*Yeh;()MLLks#_r9e>wZNIH8h!DX!!amY{n=HOCW?h@(s$)09LX
zIu}w&=n|{SbiLT69(5cdR{*T?vnO(1C=#ozF;rhJ1oIIpIOSm3`pv-_*kM55bvPb(
zc-cK;`}m0M{T2`3zGFOg*l+h3Ha!-qM!Tp$6`>m)c1P!_;B0a14mfljX0FCy9n|3C
zu!#xWYSe9onf5aS;|RvW!&J#(aE!ruz~&g=GjbqSDf!n|PcGb(0Amco8ZDMYU4+TW
zHl3_@(xFGxIj2iGPc(ZxX|Jh?3?Oc@6lQ_0ShOZ7Vkg3eY}7c%&MP?)1SMK~<u<9#
z)_Em2Q5Dr33SSi$hT3v7b)oaDQ*#m%JFWb?i%r(7OC*Ry<NP^K&m-uPecFIS?ZOBH
z1VbCR@c?>mFzlZ3^7M@3mpgp8xk9^MVzXMHofDSJ6}Ha?ZQEeEnq!6<V{g#g0gf%O
zUO-nZl(XnI2lP#iM%Cb|0+CLl0;2-^FNkX9stW6^%b2t<b0b#<ho*TVGb|Zj%{x&!
z2+w7l701~VNtU`86~J+TS^ExCJV<+Wt>ES{7YtAki{uE131@<gp^A~z#hgbD!bqB7
zCnpu<rLP>TEXnIqEN7nngR2D|fTe6B&S@yTAhFgffHnDQtf-Xoz@G)(z{Q0y<e-RJ
zT$t6x3D4y>js%T4xBD`MIc*fKZ2Ji}YKp*s5Kyoa6%~~q9EmV1d`z<25RI-%a=KWg
zgig+*nnLTe<O-Iap<KnLean?Izc@(B*M&0Yh_cv2;?ts9Qcuw13FG3zAXIs&wXqK4
zU|_}`&KlTpz}O!#^amJo1k;FPzsKQt!2aog-gLOSS)rZ#UZ-^iW*nhw1HIK4wj<2G
z_wmz4!5Rw<Ph+UHLbYzOm^WCmg0T(`N7&xNxxo*VVG_`_a)4DXq;L8tZHBL+N(56>
z9r4MG=<+GQtQz=C1(jz$ayBw0DnJ0FPFrFmco6(bRfID$n%BRN61gs-P2FVMQ73|K
zcj9#_Crt&PLA2_4qDn*zmMBCG6BKLOrsGz5GH#B{w`eO7#FLC{8-h}`N~$qOe%jZw
z!(c~jwjFx2#qs$D^W_rr#T@h76|PnT7FCa{>m}wj!M23a^{{=9aUAi)4vUors~+{!
z23jj9rBOFENLQ#yqXv0(UW{nbDye3poL8Ok{3UfBNo12qG*Edas06Xbr8EK(N#0pC
z9L=ySPPNfCqA3V3(wgRysyKF-oT7Ail}$dM?o6nvNt-os-NaB_-iHz|6I*n0{8~`(
z)hT-}QKeLJ*A|?+TuO!~5(m*lV9n)&VKQ_Qv;(Lx=aJZ(Db1Q8!~%YUl~D|yqc`cn
zv)Isx%cp{p=N9|7tn)u6Y<~fi6+qXt!BE+r2s4%m{nY;sCmMJ}1-6OgNL+@MOz7V<
zamEyF8Aj1^Ba!H+7-f<$1npbIt1~k&dL+FfV1R=e4aRYRH3O6z0JdNlR28GH2%0p;
z-s185Gj`iOoEvfbyET@#3yh<~VZR3tUfj}Z!0iqC&Vr0LGmh}+pN4&vGh59tzgu9n
zT3}tbIBZ88dP1#67#NJsCWEr(XsqxRfQIv%6|~pVahW&dIQN8eb`KSf9-P!8oXp2K
z;|(fXaU_hYe74Ot-IN$n*~*jp!d}>jri=fn!4zlOaXjfT&>4xtrHwfwkaExabVhcH
zQRehY&diI%_Y{_35%<o;$AHAP?q$)I#A%RY)O<G5YbeiyBMSou9sp;6dEa5xEiga!
z=od#^FORUM11g8BwSjX6jx2QR<0e>JST(|Ghk-4|t_K{Ws@ZoBL><btZ_^oeUMLaT
zaB>ou*dFqbO)-B>2P=z&TW21n?~FOn<Z3F)G8G$V%<-_z<-yw1eZt{HlZVAhl_PRj
zC(%vPx=5%<RuCjk=V399yP@OEc%y<yg;G((=gr^ogDb6c1to%nh#;L{1o0XZAaYc}
z5ueo<CBILxhw<s`R{mrWmmof5ic9o&G`F!(l9XWMEU43E$0J>DB}BQCs1Gh$_o0<X
zg5u5j1|a$AQYZ#uBt;Oeq*)Z<eI)mFD%>#4C|vU>s-^sMI?avp=h!Jf&N2)*>)?hF
za26``1KExsH=@!GsDdX=0T>mm1GY~c{_?Ls;r{Cj9D02D!vbIa>+dkw5zqGr*b#ss
zRIH%}8!8<KReRivvpsk)AZG!sP|s&rEmrt&cZ*rwz}XFEw8yA4ER#1fI{zV4A^P32
zZ(vdk?hE$nbbw%qteL35NQhX@w3FOqfyZQGL?;^(F47VB0(F7koY}nn)#zYy#qkCg
zHbtCB%F9_6O|HhNxMBMEbjD_Is$7)vb}q!}=O_|fyx1UQpbS`4oa;PakZ72o)~O`V
zEsQG+TO8~F8W?p2Xi_*>hTQ|Z-4Xl!0UthJLpKVhCal(LEE@%-0HqmKO{iuXN-5Mz
zqfrW4sU%{63z8XUV1qQAv>%Q5JSq;eStJ?t>3tQf4DtVz^I2x$MvggdO0>`%hpts*
zSR%`{Be^?52&lkb`O`jy3@XJjymC@CXWo#ftFw$KDA3%TR&-8-ztW*w$SQ?(pM+Wu
zMH`AI>@q$*j8BIAX;GKwqtXnNhsQkK1k3hDB2`cBOr|oIhKrj0bOTG!RbsL0QLc1S
zJFINeA>`^zW7vx}_Jo3)+u3yHL!ZD<K^CUDkLLgYAOJ~3K~yi=pz>(r2y}XJ5(&af
zzyst^38<`-s!0~eoBUc?apBjJRikAes^|>hj04*dDiR^IhEf`%^5JPw7h|2prZf2Q
zr$_wpU;c#u@h^XZbpx(GEO7g~JAf-3pO5G_12BZ@kQuf!aArW&0;uP()_{(ke}0w5
zTvu4?1~b>7;TDx{pml{xhk>^PMi^Lap+;e7jq=twv}ac=iY!c~=i1uSilscj<$HjD
z$uJ&;^!gOlQ&s?&Kxe=FRD>^_F6D2x>)z%>ToM@Ij035B-R|t;a1n|k+i_DW<oQPD
zYg;OxkTPg8W8>5HA-x?sjUWuU)Y6L;5(Q42g$8MjN<|Nj|F`+P!E8APoW`zqsGob-
z?H;?QEiiAORuw*cA&jdE%Q<5<Yv9HK${A=@J{Z!eWKMV5x8arZW=@8Ku?EmOFx!Is
zI$*$*&;(FvCr;|y)S8P?<jG_lQU*i;V&(f)j9GFvQX<JX_Mxt^OBJ=5l<{no7m_qe
zh>usX4s9P&NpdXvPU_qlO`*&gf>6Y1D%0wOr$9!B1E<|Lsh(p2*Hb5LCb_5!1sBno
zV;hOkG0I7bkXHu@N0ddhXC9BwX?(J{pa=(5lML}mRU$Iih1xEg;aHU3X#goyfRGA3
zC1I%%&yzh^-ft+K>w-@g2lJ{Nh9YGh(aAZU#fLey1e_Q@J6}<z4r?^*&RRez7!^48
z(6G#K)|=%F6JE9>{`%LS@!$UCU-8o)|BPBOmUj)7w@VCzL$}#u|I$IR#ns%yF8jgY
zcpR{pE6}_`XB9RZ>s#2aMyqRFt!pfoEif>44|~)zgZ?m}=N^00;b<)evM^*(2l|L*
zz>zH+J0zesc~jAOrbht1S$FW+s0cnQwc(4Kz=WW9W*d?|BRbQnd*2^-c6+_7fa8lM
z*y*;-LactS4apaDd-TfI%8-CsIh&daEGBW6X`W<}g+uA<%6rr(DBKVNFer$TG!!ZT
zRbAoZZ@-{fU&D+J$^!1tVc2c4+wNdC1pQE<e=s=Q4w$WGSl-N`l)_9msIMB#XAZq?
zpxX-6_<68Wo`dI^ybf$FFffb_&}XHfwFWDdK+2rL^zsyv1MiZBeT4;H%7=L>ko8r6
zGW`d}rgowc6V$il*#AeqJ1P7#N0nG%*w49VEKCK?x9l9I1Z+N8oC;473#MCAyU`?5
zr+lcg!it`m)8y9lJ(Lj`MfCGzk-u;+3h_b?h|3$E_+XLDn1Col>CCZK8tu3gmrD7!
zSgeS1)j(3zF9jFH<5AJN%TXZt`Ja3&Cu#_uRFK*2Ol8k5`Jsd=P$ZwlxDR%jL023m
zT$Hy{QKhD4hoT_k45lzKleAXBScAb?jLu?kBlf!vKmP3-{{Gj$qTfH^_R|6ibFAkz
z&{Wvk0TnT>S97%U1s3xbJUZNef5c25&|a-kSA@;Z;P7<xl=m8#EoWHW&Co7t80)Y(
zKBL<Z`mx7Lzs1(>(W?Q>1_TF7RZ<9L4VldgEm4M;rfBa8Du>Hx36_G8*j$pKcPEUv
z^Ya`&xzW!HqEBnHQ=BTj!cX}3S5lYjnDY&}WHd-Z=J(9GPFtDu$~Ks*wY1sM>9mYt
zV4}!@Vu*(E*d5lWLdz_w0UR@wX6VXbwrX(w;Rdr$*H9od#^JErVY?$V`vKj4K-Z1f
z?Orer2K3Ni_PB-{4PZtLpA1%4YqX06<}^dAYgD>UsyeL{xT?cv)PZb3g|UTV6?@3O
zs-jHI0etIR&UxX22tuJ;1EB)LlhZn#3y09Y4Vzdb`{yxv=I@bk(MI!Z6ksbB4#xPL
zoc0@%lCy-=MdCuf%tD!>`IVb^dSIjTo;$|*-7C%}n9E-hs|Hf#z(sBZX(O3bT=KuC
zAKOg)%;s305X+~V!Rh0jZh8<h?euq^Rv5ywgmUwh>OeWOiJK_NHA|t8!^?OMOgG-}
znxkAaGFX_nH~^fTZBSM$P$8Nsef(3RImfEmhJLdnjLu-N14if2_ZElU9#0Ps*xvsP
z%^iOCyK7HKbA;dj_7lGUa*y%*6XtW^`f7#w$15-?eE<4{-aVjh8_X6<=!!77JxFWV
z#&3f2yE)b$mYBDdk2mi+9J)Prhdp-t4!s-Es{z)8zBvV<G{tylSEzwFv^>fhg3o$%
zl9W4`3YjQvR&+*>cD@oJ(8+{_&$i6yVg>a+{oH@VAA0BSqC&y|;i)-YKKPx#x2(6O
zl=M@@9>jsMn0du0@ML|k&_Vj|3ld6V78Byd+ghV;8dSQ)qS8<fSaJnR71W0t=#Pwk
zf5fo0A;N>Pc{t+uw-H}ATiE9v9{zB|-Iq^Tf4alkEpf$jT<Ha>Dqzi2Aeb<qNJG^c
zng|*u;D-=G2Sv0w315;x`>~oFhbe0ILhx$vh3Zg*s3cr+aFjPJ73n=L&`nf`nMt#5
zDw3<?+*JysR3JrEpi=+i*p=o!VStn;cbcj=`Lu1uq9RH1%A{sHzl)tL)|2*GYLRiK
zi5HavOHl&7`hm$s9-nM*)BnzEd0CYdzxPb#CZEr_*HrwQP@R<G3Oaer{J}Y`t_lYU
zoqznIF+zM=g=x;4G|NpZ`=dA!G{i77*l);|a(k(zvd&>}V_?}aY(K*72Q(nu+$=F$
z5lAz}-eP@qgRA8l-@b35XpYsVB|dz)L$zwLdD-LG`P1z3!y2nu12zWx+IWdJYs}gT
zH_HV+-F*bXVdx%ER|<{NaEB4@Xkd+jWgFr?C?vvWJ{uD!8i~44R}f9c?M30ulQvY8
zD#u)8d*M!<!fjt;#g(J$M8uN}C`^-rF6-(3J(~`{`BSG&H(~fVk$~{Kr0TLQN0Y{(
z3cSBq%Tf{I5lbbe@+6gJCQzV|9Bc_NWCASK^9@ZzcR3A=3T`Cq4oCF+Bes2wqv>$-
zn_H~cOSo%;$|>BfuhD9UzyJ9we)u0x=sJsUe|y6I$zuC)hvxSieEQ8DK7YEwXe`#N
z1r}|EwyHqNXEjx%{k^HYd0oY*4(H*Jk%#G#LOx_e)}o1C<3b)7d|;kRB<^qoN-RwX
z@eYe*h#VAe(*cX1CVBx%(GwiP0)+x9ya&|@Q9ESOv*MG*u&4k6;kD?-POAo-sZJ=j
z-I76eB7c^f!Sv_OS3D>-g^QcWG-Lb1=JVR)oO|5YzE5tR48FKYGV>Wh#`)Jbjbq0|
zwtaH#7{$l5+`K0uS)R1>VihH2@0?@k69UPJXm;fi)RmnlGq8!#6rR#BCxu#7=$!#+
z4O%V$vZ&_@pbzM}4$ZB?_4OJrzwF>f2i-QnVhLPbffUdmo?&{6yW2agZd#b3!*Do&
zMur{;b6a7lTddbB5G%Yqy?_l+qeizi==KI?uwds;fi>q7Zw&FXB=V)W>=qzh9!d;s
z&Lh^6kPuIcg5i{sJ}0);>C#QYZp&vkkJESsns#9>Y!q~H>O-$?E$`d5_@aO5^!H2;
z!hE42d0EOZO_xfvVz}gkna+^pBP)r|=TfRW!h{e}hH)CK8dS!^P%B4hSfd_mR7&CS
zZHwL5VeAGhj}-=XXs)l(-qld^29>RG^V{Fy_NGO(SfH){4owY?hY_3aBX-}P@bdJ4
zpZ|7+&!0czcmL%Re)HuHH>)`o^A^jSHR`tYXe$RORiSdu$L+*;@G#RQO)0=E=EFG(
z{Jxm7kSdp8T8{{^P!TmIn88)(j*yRKK~SV>0LuEnKhk-A?E(oulIFm^>)=9elSdm_
zPk&*5T&PNc0E)H^U7FR1%?szM4Wct*%hOX;HkF=V#4r7xOB=*nn?oTv$K}oK+}Gc;
z`MkPmO+^ws+2G%?$)0Nw7PGd=A)x%33(xWFp}U-KWwBF9x`<eD;>p~~sTAcw*3YAK
z6aXj!Q4NI#jypgT>b6F2M$E1jsOD>Q#~!+wp=mXYW9+wk%$qre!2uQ+2Zv!aczM}@
z8sN)^TU;$09EJ`*{?y^nb#S9aW8vNL&mEo*9UL5vN5;?Jp7FSS!GU`ml>u7^?Fd%+
z=#x?2!%o;P31G6xm>6HOoebJJxXBnXn6I2e(#dFFw*Kfu5hf%gCoRHBSouHHo^uzr
zssHE(UkNhG=GC$?I+@N26(gVBoLI2I%39yZsDRK7AOVF8$k5;|s^I~pV+!vy=^65b
z_eU6Em4zkirQ5_%q~YcUPk6%d?;9L;9Ug}YdeNf&aE<k+E5H#(>)UEd%>dP4`SAuH
z{^>KC)eNey@%*&G_wP@5yx(E}%QyV#`vabDZ}IsLclhw-7VG1P<@FMJK0{qqXoyj(
z;FYpjaF#~afsnuv#7sV3h#9DzOC1mA!mA8?P!0ip%p*o?(HjFZ`h%1vh9ZyAQc9s}
zYG_q?+5;=!MhxqM0iz1DR>NU4RFlI=h&-=~A@#YF{hPCr$)bN@Gb&E_;^(HDfczdW
zKfK%udu?Mn_dS@j$W8@$<!hc^kLkvA@fy5w9pAf&$!j&;U|wwzitm-x*~$ASTT3Xz
z35(G<3-0X1OOoX8m>k8ULYl*=iR0`r`jcX`g~Dhp)S|*_v4CTP(Yg>{4(yLR*fnrn
ztzmxX;ran?)8Q}<FvjBg`U*F<*QjeBsiqy!^#ew>a1~&*Lk9zP3j6Mer^jc!9G)@S
z4$he%JkxOGFcQHy6S7c3wG-&V3>P#ZN)YH+G$<k?oP`c=asVk#-<OB~G6bEASP7h+
z3GtaN=)GGB|BA2vXZ&#|8{cK3#VMFbf|TfN6YtVYPF{BzX$azwx|#?49-ga%m@DA9
zEMNk%49>z5VbB(J?QlOlWApfeemj818Y{I%?<{Io(7l0k4!g}WW(s(^e}O$Rm@72(
z675xs#fJrMe!s@c;|BNN9`X2XgXjHs?EY<oU%ox!=JQ9~eZIxbmo@IzYgBFqZWWZ)
zKt;*iYXFQSlnjQGRNHe%qoUWh(MK0@zARuygZ|KA=z7?3z~L}pw>_di_;$EnG+3_Z
zSg%{mmoqpJ8h9KSB`C4@)uC8%LK7ext$s9Z%MIyLrEvBne(r=G)pu_!uICo?*B15H
z7Js~>(z#T9ytTMr`r5hY`C64T{h8M`l5_w5+D87`^-P<OD9NX7P}v4N5s<{wdYVH>
zsr)%fJf-AVhTn)#g|AydQCAcQ--K~A&|0IJ&!B3B!2wmR;jF>X8FXEb<;QCrAGi4U
z;Tq468`$j;mPa(T#?9w7=2r`heUH%*c0tN*8w+PG1{fIA!S)u%{Sn)jJr4UG!#IGQ
zg$83(3Vo2BIto%=k)j;Y|CvG&uS>8BveeM$KG|6iYE<9xsXu1YaX)EgUDDP4=WHbZ
z@tYFA*}gj`XQ0AnQ9@Yp>J{M=Jz*eTpKFj(_S+;ZJxBLW5Hf@lykniBV#pCR4X|Xf
zWryA4GsYK%!(j(!9F%I%Q-j|x8Z19tfx8{tXkp9&j}HzH506;33k(~FqqC?#_E42V
zqiU?zSJ1V_&D|RPe#G{1kLRaH+&^t`_3a*C9zWsm`_K6J=@#y~MN>CG1wV(0)NBN(
zs||2rO+E$LF_;~U@-4L9Sd7B})Ai_HI&8mh@O1x-r^jdPh5_R^fD|xqX1Kk+#qFnC
z=ve~=hE@s{Db!G?gVEM61D;tqb^D~aobW{@x@Fa+)B430+B+81OPktR2{!Ya8^!d*
zf35<$RKZ<pd0pCc&pqzBub=z-dtT35-#5L^=U(?~@5x)w@jdOplgB^tU!D8@Tumj@
zZQRQo2g*4D?~b9Y1I7{13iGCgYHK+5+_16IzFHYaXjWLL1-Kf}-mGxg^*HVa?A-|6
z)|j;|taa$S5zmi1JUnbM>Jhdz;DOP*0o0Fhox}cVhi==!9xYTL3+tJ$Y|Q8YJETp;
zr748Vb<Y%~HLY$~Zq_k#M-aW4Ue%A4V(zjTcUge&Kd+j>fASVp3ery%i*Ntz`QM=m
zD6I@}r;~au&7L^U`CO1fxRmW{V`aw<aHG%lf<@03ZfjuxI6DBOLAu7!4|sfj!uIhI
zO9gOUV>1reZ;yD`9YDIp?qv@e6{u}6o3~(6AZW~*8QQ8vb*=H`v%z+=!OP<j+ovOb
z`R_mC<);nqzkI^yKV0Mb_6oD*9E-ZaysAN!O1Q8@2DA=f3r7m0u{ib?$9;#F`wgDI
zJz?|HBc309yRq*K92}Z!h2?62#e9z2n-xBPzQ*m{3RgE*m@gM-niixhXwr#1!{Klj
zEhO=fs$<ra%I{5_&4H9a2fa~kytNTss(#L$?k`m?ugytb+d$;cpPS3Pr@eOWIltE0
zyR;Es+Hfyz%x``D)j8fP^7C^W)}@)%n}Upq!ttCK1k!k`gGw*3q9{x?iNa}Z1e_hA
zU@>oNRBa1aDfFWQsD`c#7)QWZEb0b0j%c(7-7IkH2%A6sh~vRvrd#x#1+&4^{RUru
z{u%q@22?rJa}8*36R<}{w;OQW4d{Cd$MBEWR_M5g?FK08z)pwwYa_``UQb2-L@9Tq
z%m=Q*MIOsYk;2Fw<{<LRD(BT)5`32@eSXIR{GT!X`NyV3ziv~aGu!edjUBxz(>TW|
zr?UoJO8iWj63wA9^0kHw5%wWVh+RnX3m_c!VirdP<`HDPNJc4(TFuas#%v_;AAiRG
z`O`BhU88N5P*n><4Q5S+)^>2_1>0i>tyWmB7pNKy1z=XyShO{oN}<+-)y)cbe;9Fm
z>9P4~hsSSQ{PJ&q#{EwXu0O1C^YIE->lGG@8D?#Ry4E1=QiNeQjM(=By53^9J7V+m
z9xwMV*xbM1u-#%DjsO_CuFx!6+<v^lhc9z{`gDhz^%ASA8(gigF<-W5+8OGqMb2`g
zgj0&*CxqnhD1M6R*G|kvT{4)bPtx11taA(JrN#2C4d>iK`PyvhlIrcf&*!bG=&dU1
zwT1n)&Frli+`B%mXIgQuy;qkuvr84-uUclNvnjePS%*juPVFWI-@3D&yj#^ZYUO3D
zW1s~yDj(ZyEXXmMwgR-pVm=Q*$qLJd7SH<wy8eil4KQ>EJbwF*?aLF03}#IQEapIK
z(eFnL`w_!ofEhf8uB{a2bp@*&_QwO1Vbm@HQoWQH5g<vSjhCZ{%XS<gWFk!!aiMj|
zr)0X=0<xlQdTxQGe|R$Vzgy+=>nBU^+w?B|&hsE!I#X#zN*@QJK}ImyTuX@*bS10+
z{xhLd<bz?CJ_n7iuxJ}JTA{57G+69y2XK#t8qw4(jB25mGrWLtJZw?V8?^lzi>no?
zMU6&RxL&T&+$yw<hOR0otpHtPHlO2axy1F|43FQR@bIw1w;!JH^f1HXdWFS$iL3bx
zjaD$@fNp<8zgIXO2OPTr!*M`=7;x-540eRmjQOm_-KRS&t{bdx7r45+#rk@U#bSZ0
zt2tJy25obNx^AH>kN%4MKTT0}9pk@MQgFt0oI{QZaUl(YVmfx%tg5#*p-YSEYi+u>
zs)ut6+iR_=OVz}CL<N^NptlzE*B16mRn4WxKUala+8i!jvvaTc(j4tlg?jF}zjZAy
zwfoKrP$0<-GB$V;Wat8hrS<?xXCn<FeB2G-#=yU-6q>n4(=@Pb(Nl-(^#a@H1HRwi
z<NM(W-EoiOZi}%ypj8U9d5cx6(RYk)`+$Bp;&|*}twU7<b*14P<8bWJk6w?iIWL3`
zfDZE19I>47Qw}+ySFy-6ozSRcTaCDEN4fC-h^Fw-Q<4Hr=12T1mg)c1_0Rhsjo)}h
zeD;6S8FJn!0$RSaxr&nik}3YkG2S7rK6-Hq+ifI6Lj^K?bUOJt>Vg)yYF22M4HRmO
zgM~c|P)ea|M_4zY3Wpw315G_g+g8xy5r>B(?01by*XZYa?4GZ1b$f-Ys~MWM0@cb_
zR#y#f=XYptT3~*UpMUs@{quKhpMF6-Yq6Lup_RsX9I<;jpx-!H<L6_oCbVsh<r=tM
z&ak>!;O6EUH#av}tX7yW7HH>l)NPG=-lA=5v`r1I8ovoEl;(X3IcV@i|7e(vZO+(E
zh?H=MhP323R<CU!ug#O*bGm*_t#)o9e{WmtJ%WqZsyz9#Z*3O8ri!?9jozc)d(VRZ
zYb(Il9{<<0YTs(Fo;<gy*GvTXQSe4oth`4;6C7Kx<$&!OF`CiaM(YaD3aYN4>dNC)
z6r*Y?%;y?*=<xjf3}Z$NeFu!ddUb`WbvX7%bo&m&U~w3F^mc?(gu3-fuls($Vd#B4
zxtBA9L72;Ul|VaAaq!4#x|VzxnQz;uv+baK+UK(iuud((9DdG|S>048#;-K3{%34P
z|M7L&`?HtcZr7cwwWj2T)89R{tusf|7YD9gPH1+-g~+7H1#mvMjo_fTfuaVwonhA2
zXh(ys88CDs2Fp;oLsJ2^F>uxax<cJBmU9bj0K4sRcp0%D?}4u?%&%{7wVq?Km|;F|
zF`H>LGk<sW{eY*#5u;*Q-DBAI*gZYr9)MCc^w7Ze4s}IXUa!!uTijhOu)bP>t~Ba-
zi`jCH`FxJme2I3kLNi;Ut}8T64YV3sS3WOHsgUT+d2SrA4-{w)N-!8apg8-(A}^Jh
zQUZf)n^tcv@~>?Muc^LXs}$bT*84Srhxcw=ug$?;d)&9$eXms;uc{I+JcsvIRqw4<
zUz_8-S5E%gV_#lM#AEp!5ntQ4fHGmwseMJHVEvM8Er=c3x<Os3kXPkn$OmIFSjN5^
zu-R?BH)Lek!+@F{W_5!_+rqHHVY|WR`v%+19*4g7gk}XewiwKa&Kitt;Fw`Ubytb{
z#YIF=Y(qHdaEXNE4D?SqG+egf&c%6`;GlCR(5cYjbi3nUF;)3T{-}30&i>c514$eW
z{&74KpN+s!<q;qlP2-^<R{xZ8#A0=<LQtdM0*&p__Z84<Sgk-c!Oa137Hae;{DC^4
zvv7|FU1#y|aKNGlmTij#RUjx>MHr7y*zaHP{8NQxJ;S<cp&No#21muPngHs-&SE_J
zsC9M<HGr8`P&19{s>N^q`3ArLuYbU7weUGbs)DW;sM{8^d5gAb(6$YzuEC^HD~(EP
zu+l-At)SuAcsh_4oSf3J?-(dKf8`u*$|CI{E(htzWeH5~RAqOmig|00|JLID-kHT~
zkNcMV`L%`qt%dt6g6NG|&|B@iOV9ICoANb5$7}NW*XC-k2_@coUtVi%zSYvZXjra-
zSys$rG#GFW)-l-nmRhv{99J042-7<_Saf}d?c)JYKX35zxPciRs;WkNy~28}VV%X{
zaKy{Y0Z-pw@bdi`W*9*VXtjnj2Cg5$W&~SrUiAq_ob+@c@5zX|q!`2(aVjdNTZV<o
zP2fIp*5oD@&~r{Ai&IQ0y*U;6wYZ-D9jc&zZ&U9aD3;%W6rxEBk8uhuE0cQ*!2{ET
z?U0{OY(Kd$E%EoeOE!z69bpa!Xc~Y+1EXv3*rNquRn5^*jj9gB@X=uGI~@BS>>8MQ
zgjv*RW(}&gLA4~<@d&$j=!P10tieaXvc;eXR9CPx0M0>KLZch3)(d>NS>fY{HJVuq
zYb}~)hO5~cvucK&F<{-Gy}82bYK2u(qpmb`6;%lp8uIx}HVT#$A+k@&sgkQf3=0KI
zl+|<0VWXY~(}m3{Q1x?bz!TFi&S~DNkY1Y^y{9epYt(L+p3i&QZ~utM;61aZ_f{D1
zk)8jVYxCZA;9DYzbC3Dn%JnU^WAVMQ9!N16DC{0Y-X(5~@50wr1=b#o?*@x**TGtg
zm!}=R|9FpwpB`}79APkGe$(Ra^9`=<S{!#h_?KrqJ`LDCcj&D_-Oey`8qSRv#sSti
znBaX?>|2K%pq?^))MHds;TIwitF4N~jRYFX1(MvUK!MJv=IG+TyuDHUXR7J=fBL5L
z`fHxj&iP%B!6#MbX`<4(CMXw`QYnJqq8;eHNt^@c$=^=~7RDYydj@qiScM2XRbfyH
zq%436hHBW6z!<<vL1}*|(iU)rF>idP*pWLZ1z2TqFb3l=0<1wZpw>0mDJWfGaW%uu
z?KSQ`-r~#0JAAyoMmulOAA9Wn`husQ9zoPX-OO<F+bhf$Gt_MjR27u2P$$HL3Wu}+
zWKnrd@M$xVcH>ezn?oB~bB;=Pfqs%q<V?A{5ZQYae>TjJUYqY+It9PgQhV>b<JT;7
zuWbPDX@k8sA3OKGmo~unR0NlV8gD5E-?|R3{rp>kiA!_4w|>XD`{0~M?Ck5oWVRH4
zr{mxjC$Lg5TEkikr7BRJH>X)M!`5uDdD`Op*C+h+<5#>qKf=Obc{RtE-+#b|&v$;a
z`~TT{&nHKYEX((I-9td7EJe}m>5)CN&+G}a_y2!?X8UP(W@ma@vB@HfRh1GlguCDO
z!94&ZDgi_m+0*1UL8CF52@wb&{Q5oT+;iNVw!P!(_MUm$Q2z1+Z4IlpQ`)wQQ5PyS
zsx;zbphWUhG|6N(XuxPPw2_SuoxyI*BjvFe^6ezd4T$$JbnkIrh3%XrIZzz_5`58r
zB@p-VfA0ra>fWyFvB&C8)Q4=@IO&6!6`!0DOvfy#!5f!++5~ZlTQLR|kJpw~EZ!FQ
z#t>YI<T-=!5HUHv^(<S(w*lX@R8+LukOzx5S+X30yb!X&GRO^*4H%Rqm#1f(KRe^>
z#Tk>y873bgVkt{YbK<#wca60$&^&fA9%w_%L$fKCaGgmP-@Z>-P~FxmB<ms27$_*4
z4$^Khpxsb?FknKbQhW$$2T5UpCYJc@sZiXpZmExr&pvU%K2B#Jl=m1Eb_lvV#^d}D
zFyk>;tB)l6F(uq%oKGJiMjw9e5PaB2nRs{+_%QTPRgunm*rnGqF)G4XiPrgQXsa66
zwB%xNjpLiwZ<$Z01n(G*3tqgEk>kez03ZNKL_t(|#`)z1!*a}WR&oE`J>UNE8{SWE
zc=`9Q7+jS6?q7dLTQ6u`jSm4wpzUP4$=orMxEE|S0dOYy9!WQ_7qeva!A@Bo*~51c
z&AUtA?jvL`v95bTs~-oDCj1!1=f^_(9+P_?nr_<uG_tk9(8Jj6jYQn9|C-0=F@}KK
za4q<#z!QUt(30Ua;CytI53ZqXEwn4tPLk_^aF;ef-Uc*-VvsQ$lw3|SvLdH8EjVxl
z&PvPki*rV&Cm@!3?pTHjpDP2G;p&EYwPJjE#^l)<!MCiIQ%oLtq0+=~Kc5$AjBXQ<
zy55vY<j7L~#>Tv5%j2>O^6NyUVJne*EvD}h01Wu8(6=C4qK0EU(LO%u*kd2#a1KFa
zeT50f22S@ub$z7aPkG+QAiQHkulwHnu1Mn8aO+d}zo&W=9_pr!ZA>2hF0372(#|O;
z>J{3!dm0+BSw<T?RohV24Zf+s1@5m~e*5o#VmX^*jd1e(oZ-ZhS*2Z6TrC{G`TaNi
z;WxkG?&gY<%Q5HA&-fqz`a7=QPr)^K=hvZNMmAkd5JN2v5s#6`Ln#iyVnPDnBy<B4
zJ82Fnnj#rRnoz9q^RUG!>4WYG_WRNGbtU-A6$Sml%G&<Sra$kI>46UGvHSVQfz{5r
zT{|@<abR{!F&6h*v9nfbqP|-)e5M2u8cCr;OM?jzOiLSXF?kgJ1S~-_tTEWkuxeXo
zb<14^gCb*?WsHX{GEod?ET;=xT~TBMG#ithfQ$mm(vS^vMuRcq$%NC3XO!a%r;g0$
z<TfX0p!JS`kXf5T{gO$rv1uqcdd-O%jF*R4>Xv!1O_4^bDQ>MxpEeJ-4JLF>;BhXm
zHMXDZ`xvCwH@NQDj=m49wYzKIH$-~~4t%O8;ZUcrPp#HRP;tzjsn78od#zr1O+AX*
zp#pl$onrksrSraz>$^_|Vj?McQEBRmx>?}0#bdd?x#K_n=O38e-7z{bynOzO$)v>V
zg5VUbTdv-`=jwM~!=mD}8~`O>{@d5w-QHk=$GGU-<$SaZl8`c9RLMkfYC*E~ywo<q
zwK0v6jggOuOp$1J;dRTE?_87CDz)$zSnhus0NtPez4q_slwH64eI1qTI^nI|!?z2p
z$0SxIL|f6gh^xV<MO%Y4Fw9y+QbdM{-F0IU(XWanCsQF)M;-tti1VCOIW}u3hl0@|
z-sZSTOF5cwb~2_YN=#N_t&nBHWH`j+8Ka`)^z@WLo?(g%8I%-~BM43E*wlF>gfv%_
zfq^V#La9c$Zp|*O=ZtoOL3V?zy8-#+_}!u5LBJWXx(Sod`ocDkEq2F52ggiVj}@>!
z98w=X>ky20=sEiw@39WDk4mwx$l_3Ew67yN1Y7p`{Pt})4%rXwI*PAzuR^+@leI`U
z!QFKaK|Ml?EevfdT)ms|n}7S7`@0)XPlkN<x6e2|J0S#5QxBNl&3SWk!ymqS&7xUg
z2LqP#Ikz|8FkjA58XRpx`8NUC2EhdI9l6@&!~_GuV#IB6V3C~d6je%6fOk9O55POc
z@u641V=6h}X-c}EZ%<>5^ob?%@Xc(X*&TQL$SFSDdboskStYq4Mu9*}z^CX2OMw+(
zU=5O4T<~}=SQ8yWL>1K2hCmAmK2$>8kQYKN0qYI(+R#+DEM}f(=QStK&N=;L%=y`v
zVV0pz(KaAw1ybawF*Gh<ogvS`T0?=-hCpyFsu?Oajzf4)ri#sq$oJZa2!swMl{7T0
z>ulr=z$_1od?yxC*$mDb-OMLtyMwX&7N>o1+A&DzV}>se{r%V?xUU;IRscSx(Cp)m
z4n6K;a*z6Qdwn^+W9RRf2;`Uu<Ae9U?K5DuM9|$e?UfL~`GD8xp(Rb=_Wgpd|Kl5G
zZ|)hL3%~xCzvuk&gw}axvl*_<xVl>K^;d7Xoh_)1XEj|hy}swZy{GXt;=s2tBPL6p
zbQlQg@Ycm(K7?EYqOcMr7$r-yB)U^JB<*x1*`UZe{Ec;}**a(Akx8M)G;|wb@?nLY
z94KUe?F`b#mN41VBRzbN;e&fi8v17IQ|kr?9-Jj51<zT$WN8uhc(qa0nL8$fl9POZ
z5pdq1?dESH8Qz;1a2XWZI2%`sLt4YoTfAurHgGe8)wE?ctvC(v$>lkhHsd5K2&xoi
zK~|KIWwfbvHx9f>Zt^j>80Vu(G|y}*f7@q7(Ga_&2p`CUsjx1%Z^IcSX}lOriZ|DF
zOcCpZ+qK*l^SGDYQ-bUE2?hGh#~hM+A5?DjNOwIXE;#g@ec`f0$9s%t>jRS=`Wy~*
zE=PBQM~?Sc=hlapdUOM@`?SgZ+c)4EM+gmtfu>bv*Gs<q&u{qd^=k%2#y|f*f6u3%
zeL`I~)Ymm(<#>O6!#Cf3$L;-;detzyoiUr<Q&&p@p5PVN2E31Wy%!~@CTE6(jf;;;
zC{c`R^yAtZeC=R2)lK}sCR=LTQbr%-0m}o^pNE5&j}NzMZ-ztuqNU--Q;hTnE>!Y}
z%;Dj1@K(?!vfkN)#Ew`x_l@`+$wbmTTN()MDp^vKsVH6o&So&lxja2Vyk|O%o{O0s
zVX~Yc1|J09IP$8-2BkJ}F)t*;<{36KgiI+i#UvN)EVG!hfIO$jh4ExUmX}y-Fgcja
z#(x!piy@WH2b@peeQU{b8|RLUNnOn*W~jS<ySHQ{p&%O1jS)jIAu3sk{85L7+jRLq
z;8?qu^+QIchdO~{B=%E`SNlS9`xfhcFySG!-Y&0otPu7g@DF+JJ$7uzgaS|T=R4N5
z^tB=C^P0QwtzV(qer)$#8dY{7b}vB#xA!xC|L=d~?H|9zj#~ca*T3N9tIu&&;Qq~&
zt2bA?e}BzaSMPZJ^?PR5Gpfas#cWE|E@-5|w;pu?bs_G`Y`~#}5NLgrdnf1A6sl*^
zhR&_yl;d2|X2`FbKr&nI0IJ(YKM}SO*%UO`B%=BQu-rCbek}P_doHoMXCLs_3kB{I
zhU`Bh;e-BoyW8DNDs87V36P19g$yf-$HmY;jbqSVUY=kvO*9d1T}^9G7!1ao4nT7y
z&j;AD#0(08GvHvL0c{(m%bIFYV}qd>mW)nEl&1so!GNM1QH*mk8}O~84whmxAj>Sa
zby2mN=VX%{iAkAj<(w5mrm=(st9T2>*a$xw^Wb|b>%>l34>(xqobk6ZC`FP7<o47@
z8nuwf!-g(;-Gt2?(xG9}eT(qNc+eeN{Q7i6eLA*d9mP`?*vIa3EHmoZIqPHK`cy}X
zeZ#JY=85`>8~O-ecAxu@h((<u4H%=4DOFu_cQ@zvzx|eP{`eJzI-Y<231{bL%-=1T
z-QDx<^|!ovbH#UW-}CP7mb=?q>cxVlsc6EIMq6r)87@wJ6i=jNj6jr?rXT3MUp4vA
z1>NkBgM_uMN$1C4wtEw0hc(*%Ss$S04`twMN3Ta606vB%IR;SueEa^8<hBR6d;sRj
z11>2cU#LioH1AAWJ3|5`hCNF9W(7~RSaGNKoSwkxd4|m`r5Q3l8*}#RoV*wlydX`W
zt!mC@3ue<Li)n=qimx*YGEN3V@=<|UFsmi=yBTff5EIQ82IPdsQ<@A7Fgh7SDTriP
zD|oNCWbb9HA(LpP6;k4!$o8z&hnZDt1^7A!sjEa9q3%tvT2k$$wSZ*P1rMDXjx9dB
zzw4WPdJH=2tJpf$eRTIbR2+^)jrS$)j|no4b(4Jte-9PuW1U)eze7dzSkdTn{C#8F
zHzI*3`4-nf#{pH(YPIB>FJJTR@7_=VmoH8kjK|zw-&5b#+}>XC?)^7h-`p~t&RDFL
zG;U5E7C5c(TG6Vb37T9MlJyTtrct;c0gN|@*Cg=U6q~g)^?_(AY^7g5gx)%7_wG2W
zti#}TQ+*!alkXEh%SVbF9>)6peEYs!n0~-J$p@Q`?NNY^Jv0)MaxTMkqdT3O!#aUj
z@B*t)!)lHgp*%ZbRFqha6n~ZvxO{oZXfz@hp{;6G(>aSp&F#&C+v^!^?Wyl;v<j5N
zjPi8MObXl*#*-7&cxvBrc{;>qhBgQ$w6y9lWMtOF87cLsLS`)SpHw-_CUVlGJfro#
zY)j)2)pWXLr`0`9(l}EmW{90p$Gd8pG#8aP82i`&=2J{I``QHcCDadfIem)eF)_l&
za4vnhu)Yg>-)`wC$JW>S=`kLxZ<ln;8ROXC?>ZC(z$&5jG_~XX`x#%oevQp*zWCKA
zj3$O<-EjB*hTCr!+{|vcTTE$Og-SF<bsn0K1`NGJLx>)AQJamC7E#4|gU>*N!>7eS
z#3OhN$(ccPJ<!(~rf$eu*~k<+=i)Rl>$l+=Wov4Edw_O7=(aCX;$vXC|J`K?Kb)-L
zm@(6#uz20tnrv9bhwgex5EtXUHD8l0LWTu``1N-qHtm6ht7#j-EDUXkkeOQv_HM=a
zq~+u^V{kfPY$lw4a)$STXVW=1Z*QoUHOuernchyhznNhdHH&%R<V8#Vd4>*4yb)Hp
zQrI$aLXOr|n0i2HBd6Lrm%0`k3r|R$oJq{6nn$D_`a$H1ro>4bIvb+xMoQL2YCW50
zHnu|9Q#qhRoWaMycE?_`ujBZkzxV9`k43N_>vW#-zMncT)VBbCtT5&K7U^D(4<x8g
zkUSEdRnze1-8+8&$3M}UmVf+zf5nUEm(<G@+|C)#8>WMMCbpoJlB%hwTuZfF($o!2
zBeY(lWZVVH7Mxmq03TvXEk<z?XiT8aLLyg9OrX}z8mP0x-&p>1es!Uf?xwewtx4JS
z#L|W@(#<uP`oEoh^@mVgAK$uT5T5odJb%q{^8SfSy64<IoJk718Z_Msr3f)u)@oeT
zeT++83myPkZBU7(zAb^e^3?A<li`Y!a=@rsF$-<9x^nRH^Jfgk1Kb?E1VULd{_LEh
zsW=%FlqV(Ew{xcRhUxV^xATg{v}X0<p2=iDKCuk)A!ox=Cg(%WFVD%&PO&xzCph(F
z!yIcIxkN>(Bw4qr5Q0f2!=OfzQclw#Me={_Hf(0AlS*?;^1$PM6ZO);o!UWmeLIt5
z>b7I4tH*MRp2B$?ddx8=>U~9^kD=@_hlgF*@ToaceZ?YAji=bxHT6{o9y@0ryzcHw
zpg;}kBaEi4;F^~E_xHT{>NTOA@elv_OP+oDf@aw;pEt}GD}ptgeQ^o5Q?93XES4)~
zvlUfa(}o7`Tf7gn*vR{6Lh;2jw+;zPCWat^CMaH`jCN!8Xp_%(H|VG9Je=JntBYTb
zc}OX`daKF=>7?P(<&d%+B)9v?`zHvw<%tXL&m7X>0xcg=xE||nWk*Kd{cBP_kYB@C
zVO^|Lv($x05sVX1wP;ZM3Krg>5^aBU?r@Fc?rO^Q`&UfHC+I9NT`rir8cJnyGGc&d
zRXdhmX@dtJsHcu^Z&zG@^)16uN%6ek?BtwbF=RZR@a)+$&R<?IIXgj$82mTRN0I*t
zo<VD4fTrDe*JWxj3f@}88pH^hSZpwa07(2@_a*FXkao{~SVQ0OF;R7>`<)t|3e6nr
z68hTx>??f7j<1jF_CD9_W5wsGvgoJsExj(N1IKab_>URE_8mm-HOIA;y18D9gCb7Q
zRtdFYGEm#ny1;6=<mT$0YSnQ0$pvSZmo$sOe7eASM}9J3I54bk9m^27o7c=|4b9TA
zY+D))coS1F)sga9z~k}i);ljRF&046%v03Wx%HAFX@WfYFQl$#v->qs6P5m!rr2dG
z1(&VQm5s7a*Y-h@6j}P9UkV5Kq(4_T@H11i|NO`Uz1-vX{?OuScbX||byKp2dDokr
z<ai($jM()x)7{&L=qe%z1F?*;SoPfBU$a^)Fp}Xbp=txIkHU0o1ygtixiGX)7KY+H
z16L4QgNQ?nXZEh<_VsJ5HH?Z=MuWGEhG&e<#tfbnj4wu<TuvAcM@)u8##w<yC~`~4
zp{4;B$R#5$ONuf&g_rq&k^-zjvY0z2B19942*s&k<CVXyxRV5RrqPS+*h2MG72Pox
zhJ77bAGd|R9ZO#+_p#&oKHbeeZ@XjNN#A*@eO>3VZs#cimP6d#-tR|{HBTfiY&avQ
z7!xPdeJeQEGGEPjfAtn?4d-VU_*F%yJ>#;(4>Imo3zqj4vu|g-{oOmR{&dalbiur-
z@u9`2j|QnefD0H6h=DdJP9fK9{q1+&qu#D*XRCprao_4?Gu#J)6G+p4>kFrgD&G{D
zUD>waFk3>0j%C<|_T<rJPUtrj`}6JNin2cWQ4d4p_o?qb{3LgwSy^+A!NhCE5*2G+
zyGbX(21&e%0|(P7tQLW*vSm~>;5@eV7-MJ)OF5d5pPrD5WmuLBhe}~#RAdatC0SuH
zE<@YsqVIj6s2p_@Ff?Scq^g$8?rxAbg2|vL1{C=SGZs#s4S9ZXhDg9zAs-INCqphy
zPPsh4WHcO7T1#$na>)>DV_~!;j@Do#LVTf1jZVTLj6{J^n(yn>i7MuCbJfSl_CA7#
zV=e>7I)jf%JUs?29x9@Tyyp7MTJ<T)hZgd_+}a_L$RR%LDg51&F7(Ha-)pqQ4knIY
z=b)LyFg^h?3#znDgR7UUTF30J=5BV+<+DqC9mobbqq6~3U9*_4nBUzo{qBmd|NR@j
z{oQMp*Y`MIqd_TbftQ9_YCLV6qX=<8uTEZd)@2wQ@HmWD@|Z{6O--cGfaEupR6rev
zAZC}u4RizTB-aN;*RY&Cun5{f6k)4Z+Ri{S4~o~*xTK$Nf35<y`IO972NWI*#cqnx
z1DArWq3LxeASvueHg;8UJLA`ouL4+uH8y%I0;or8!P~&9sj18oBQXKC$PD8mCdU@J
z^74yQPR~X#bBsnqE?+(4*~@2~oQ%kAhA~m!SJxGb`#WymT~XamX%>d63iwhPj7qAe
zrn;+PHm8|6ZrXcR(<SH6F8K79=X~<Tr;IMfOokH%#gIH3Fc=Q8d69f5<HZq?5*z1{
zwjJ`*g(D`N7aQUAkghvXL$JC@j6Jj{_s!lp#v%3LmHP51#{%UJL3MpQq(jHmSBTN)
z{O;@g_8sTG_p^_C>nl4y)=3`h)KdJZW&ts=MVAhf%0L^(s&-V%IZZX^{(i-O{^qx2
z)=}h2k;Ta7o11%9%Zk}_&h^_{zWwGMUw-{1H_ItYZD=!x%>-=?ZDk0xMO;SkO~Ss3
z1F=Cdc7=$I6X+ojM6ue^g;EFEEIK|la-my{RHKta`q`|{!M0mNT81<{AZFL#obK+g
zH-GheW{`d^K7aYHYCBt2_e%A3Yu0Q7%|4he(+zeVVC!BH%8s2xyiX8IFtIT=3V8@*
z;wf@PCE&fms>Q0sdqXv?D4HdA-r+7L42n^-B)XsD5$f5BAkoZdR2qh5&bZ7dK6%A*
za=~)3WU*LM)rweQIJ6AUM!4ExEM&Q$p+v3c?P7_)y5qSR8fzGr!f8IlT0taWi9C_9
zX44gFD$83rN(Km9&L*)=304K;HE~W)u&_C_sO_60I%MK`XmRh$T^w83kMUcF<mmg3
z_t^9FapvCVXwXOO(Z`te*u2&;5yi1{{=svZ&2~}Qz;uM@#-NR(suwI*D;Cp+x3Axk
zwZi2m7hGISKpo9uL0eU{)rxvK=k~iRzWu{D+}F3X)L=ZNC}m#YjNn!+>ILs1r0B`u
z0>L=EI@DMY#i_@OC#a`f$B*mURUxEZa8wY*fVHl#=`N>EEhN%~vn6bNYquPBVYW0|
zu{()m=xk}^1BmD6g7o9K?K;@W))!sZe|?xZYaZlbZF7g)n~jjZaY7yp7(?(~n4M*q
z_?3{n-84XMVUQ_BFwq6VK^6j%d5S8ddDF5O&Y`F<(<LY6J!kol+#2%SG8|+Kh9zMb
zH*A=K!O(Jkeop2L)ygqlI#x}M3@q8GARA_g<_wCGiyT6=VET1Svphpy34^neQVo;^
zCd&}3YcWG~EJ@ye3I<D%IQu8-7?&6k-(5@C=r@^t42*L~4Dd0<;i-^OU#PFouK#0=
zUJrF>eFO&w#Q}Suy{EWvAL}N6h;#ek^OnsNHV&jpWUlFKdKBxy*Dce#TdHQk@HA&Q
z9;Dr<AuBQp49m)Lb35moH*c7)rWhN@tbk+`Bg0@^Fux0E8%-yJQ9=&ZrPuU|_>Mq!
zh<Df!9VI*8Z=;&R_riLVuPYDD)(Y~Nzgagr(UlUPaPr6bp@$^6*_v^B%-%=#ijIH2
z{Z|Pg)*glriq9@k_i&zRz3<=3+KOGXJ|dXdO2*QVW=~rrII=7{y%{Mm0>*&FP$Y3d
zW-Miv5lqfX1TzxGCj-t&vE!;xEtoE57?Y9bB~?~pWD)tRJfj$o;WWpWA^PA2L4(1y
zfuKIlN(Hc9a6Z7W#N@DQ7c9Q5S-xK~e=*~e&tGxz?40p%h!vA!Wa57VfkFi%vHNMI
zb4uSJ4H2p%a%-Y74(4MP_>Y0{`tU4=q|;9kJnSn*ee#w1@LPw}etkj&`xenYg|%;?
zd<qo%lymdo|I@qy2FSa334=D#Ofoc{rdk0tmoHDr%ZxIM<fpHpbwaxm-o3u&tKWXb
zY<7?07#9WBMVM=Jo?)`U{kw+XJz_jYHCh09CAbKOm_Uq1i!}!yNSsiF=e+28L@#zm
zNg$C#4BdO_ipK+)>ek|9NLDdy?1+%ZL<zdiN@ATM^UzOR{|aRcKcuqohb%~XFoE_F
zrv{RYUxnQ$M%n6~*!uj}&lF;4Nhi56MzEPD!%&JLH(3-2<R-#m#Q;^sQ`4G)^5TL|
zPA)Mjc<=Cy!#9C|0g3uhS36{`v{qR)E0)V8VgkWK2#WWL*ML~VeA<wYa!$$-rOo-S
zT9TJSF*FoD(5~)y+g7Zqn)#~c)ywBxo=q4Ou^Up8p=x8&Z8|R@bS@}%EtfZ`K52sP
z40<@A@2RBuK4|GN$m@_#+dk)jr-&>LCA0Q{-i~EM9fBbb8N2TDc{|3vJ@)+Hr@$UN
z=3`FgAKX`na|w~tjL@A5v=E$9SB|Dyk{Nh@c}h7RBG!`Gh;2=$j``J;FTc9sH^2Ek
z)A=13hs_mn8Aah3oR(ZXKjrP)H!PYJP8{H|2<kJuZ*j?zMI>4xtB*NHDoNv}q#~0N
zJxwf5z8h*>zppNa%p+U%p)*M}(hbsXyE}B;(WWxltwOXdbl8NR@7nzQb#+JjBRn3@
zMzX)pL1SlI_Q>F~AX{B_=)(NEPhABh+Ez)hYcXmvaX^EoG{Qg(GO&<E2+b)h@)m+(
zRVgY@-e!!(r{uZCYfEq*?<Dy&#(vMYElsw>En7?*$g-HO6lzP`MmW0=13{^78yZ@c
zgE_V|_$)9S<eW@OPDUd#W6*g+)3(fJ3+}FN_|>mI=jDs%jD{uFC^p5lyCeqcnl~j5
zrkiBCx(V(B8_b7ZcE>uOKC$0@6m*AFY)>&*Jyg7Q7y3R!w1*_*j}_vlI7IYGust?-
ze5iQtx@PnhK0H<A@o0hXX5qGmN5z5G0k>+XmlYZulhKf}I3dpsCbOsrb={(E&F$3<
zU;W`rX46~5v}C2A#!?5z=xoB|WJ22nrZ+83(?maRiLnvE1zL4@lazjdvjL~k>DwU$
z5sD;1jRT4)1P#IIhAR@?%n^0fsEcRoID(D0WVfq}F@Ul7Y^;XNHk`Bm=ivf(%#lHU
z!lmk`cI^5=|D%sc9%N@IR^dUnWVS-jH=>5k)0p+Vnxt<`AVfY%EE)vU7*s4`Em|5d
zmMkj}V`$5U#yRQ`DBBiOE0@nsdH(VlHWS*`p$J)CL`$Hip<30<UcYBHoAdnTD~7{p
zsH&}{sau-5!MPUKdaBB^s#>aQLDf{$&atdL?Y!nbuRw%ho^f(AVqCBAiz&_hl<6-%
z=d)k_g0qW3jJeQZ?1W4}v2iBR1dIq-IyZ6TB3@s%lYM`mgwtaJgJZKchtzC+i^egy
z>DX}}a)s#YCeg=}u1~zh#}u?<PU44nzCOva#~%N|^QcA%Ypb|bL$h2U>KKeh6lET9
zWgK~t(*(zSx#YXI@A&eMzh^Of&*>zm4W3o2afcN=ql+_C4Da8(V|u>?@3Fxn5(os;
zx3s~5hA1{rvo+kh(}O7MkTFTK5Sc1L!UOq%>EZ&`kju8v`$NK8BS^xw6>DI>+391u
zZ?m)e_CN8y>8IQ8^%vpqswichj<qRq+d~0Sy%{$xF@ga^EMhZ?yhv@DB?P5$9;u>I
zs2Ny_QOVfm6e={PMQX>@+jq>bzu>c%FPTh6ac-#0v3W`BmDQ?cIbULy0XrJ;$v^!K
z=cgm`++a1siXh(MgU729oKmeCR=0P&fBT*{?{ApT7gTjiy=-Y3M{AUNv0^b^GAIic
zcT?_W3#L`g-~7WXE}xw<$cv;-O|JQ3;<Ycbw&hA&!zdP#M*{ku!Y>>px)1EA_Yw2^
zAhAQ8&r_YLkIA<WaaP9`^gf2B#|q~mRo-q_c&IZyRJ4vA)1mjW_xGL4VrQA%I;b0r
z1P0@Ryci?afbj%h;{_I#=k4_^fBf=~+)uA~{$hl+mYcgfmTka$OI{Ahivc$`_uSpj
zXxkPv8KVZp1y2Z$Akn!&1*{Ql3gqjeq(wIchAn-Z5U>eb@vN=AlQdN}vE|+V_(4V5
z%&EwOE~@LA9`*`mhcnt8h?SlD1b$ZD{UuA%z79|J{B84d*n)ApnDb5wk-k@n)VC->
zBD^*j4Jq>?LU)ZrnwBaw_{LB-kS#sssU<HA17krP_wy_M_5b@1tQLIs&!2K}d4g%<
z>`~n))zUMc*W9csis2A5IAJgvGt4uxJR{FCvTjBw6RZfhKwT~Q#q2Xae|OEhH}AN+
zo-&_Ttd=Y3jw>Jl03ZNKL_t)VRYTi)mNzw1U6GA42Fn$9%Ng_Klz;l?f8f<~C<Z0Q
zSaM^dg9EW3h0c^!6P}m4$ZX$&cWgmD7Bbf-pXV4Ee~80*%CPRSF6<bTwQuo$iqv~w
zC)PI`>9GRyG3mL-1Rs6GBYR(WJ&U2xDjHhs5KK0~<QbwFWCqEA*05a6`0CsD{Ks$p
z!0pw0o<Be1@^ZrU)s&_Q)U^_V<@571L=D%o70sf;d2l8=EvQ#ol*R;FC5GyW#~Ooa
zV>{&5zH`xq!N^9a5R!MD5GUxB=q(0OJ(nj4GCUxtJ6&M+Jd&a;WDf|()-ttO=qw*b
zRA}N7%+Y81`SzFWmGluv^<hNGW(c|~Pn%-a8T#7fix?806sVR%2InKj7b6M;(>kX0
zibd0)l~64mRpThjjJ&V_g+O}048)=8c>DG}|NX!JD=+S^`TUDlJi8c!W}rD}$$U|9
zvt01YmzRi*M`OeylA{_S#>^N@mb~Z+g)%2UJz@Ofk{6%7U~zrVbT(zNT(X$0m`_*S
z-&Ne-EtxM`+G;^Nt*EXln)fx$fBPjbKYhu`#RO9fFm~e(t{qe-nha(Q(s|kSg}pvD
zwC@lc)i;8nugk+zL=XF9(}$j;@0`%FETUttaY%G=tSdYA9DTU2Lr(5{VY^Ng&?vt0
zaRPlZ!dSbeiMwz<8b@<K<MnTT$MX7`SD!uO?EI8^)v#E+C-}$>ou5qjyDz@r%dcKD
zpH}#$MS{nRp%sG*9_JMA4Wa>?E_6c7cL_molHBDa;L{=6b$*NMROz@irY(tt-EclZ
zx}9y8IVNjyg5Bbc!p_dwYzY~*eWZ20ht@6)`T<0@OPoJdclYy5(+|gg9Xr1paL#N&
zblvx1ORcBfY?4ijaxz_&j@JyhcENHX6r+-hm(MtvjCj$stnL=9ZW`*UWu{Al3Dg9P
z7YfZ-NyXQ1zTwT?jIV$Hj?2pvPEUrMo}E$*PFb#MMw5asUcKV^`5D8qpvZHC*bx<`
zz~lzaY@8L6n2V$e`C!0cFy!=P!f1NJ-E_v8iyOkWt*P!Srf=@KzrJHRU(zfp{`had
z<?iZ^zy0+W{LR1ol2<QYFc=Jw++dAaN4>KJsAz=FwO65e3P-eWci%@8aHtdL!*}iD
zcaC*ihak(oaqfMcu=|K84hcs3DhLlbq#uJPk4eNIRW&N$6>VJ%_bPM91(n3Y1O?||
z<!Bc*S8r}v+)g<^JLBYHg2iw@y(3f&r5FZz#`(nw_WXq9m&$a$qE?TyidTu`uNN{e
z7~iSh(xPC%XMxZr)5Z|UG`bcC4X_pAmqKI#6K9jQ-s>*+6SNEL3lH3#x24^Opq$+?
zSz$NyE#B;-?AKodck|;ZK951FkDp(C<dfZXF5GCG{R1&X<SNn5@u9_4E81y|KLa^0
z8C{%k^6~<GyP&$Ca}$Khw=8@^ra74u6s@6kfi}#UU$>a~3jcgWa5X1+McX)@fBFxc
z4u|Afgr*%(8bfAtf-ztOBU@f0CVl_JB6&$ZhOx1<7}}NKoM$);yn2!0ezD~K-3`<C
zcg${T?rx_n@2~k^|MQ;Pdd@%o`tSJc^G_I_4k>Msth>6<zpz&7X2+~+`nm}m;~bv)
zoPBwjeTAhD)O6@MzR%$9A^CWpW9?g{554v==<U!Z<f-#gAKb^r$Yhh7WaX94d5DIq
zuBy4en)BV)*A#ii$>{`Rgr<&xdShE6v}9$*q!@9%YWVWqcP#t@XFXm6Ssl~yT9hE5
z)<TFyCKHbk@K)1IQnC_aBf$+K1l^=tZiiIc^-Ph_3SAHN0F;SBh)q|cA1qP&NZ!%r
zcabNGgO~mhdzy{ajQ->n_Mc)g-0o(#Hv-!0UG0NvWy^?H<5ZjIRtb}JrzA<H>J3Qn
ztY&lW-rrJ=#!Q}FaCR{ypPVpze~q1%%$hm0Q;N1=l*cq#=L0L}Fe2DY2?f-_Ba10#
zlL;5k$6y>y6DPZUfUF!vH%A{Z-jKC%vQ7yEyV))gJQhnf95K{@5r?Tgt!ru3Fn;-*
zvzM3D^Eu0_8SlS)$KCZE^Hs~;*Wd8(izW49#izgejPuJgq$tUZU3W=w&|D5XHT0d8
z>ASEVT4?v}=#M#A?}M2h`~73^)FH^R@9=IPNbHaZ<0<m<J`m)gPUtBDj(wYmN1vyS
z-BHA_ESd>eSqE@+a9-;Jx2q*rH@CEPOL18;I3FagMv$x^A7o4}hP--y&h2c*@Bi0-
zGQGOO*$NFF4FNG8l@@Q5Rs|O_#5i*CWGHB$_VJZHhD>~P{U*dB)*1Myq9(FQUgI29
zwgzBy?KRe|BBExkwDV~yKWy8UZF$^nFK3T&LYtts4;S<85QCrE0{>H$sfPpQs?X=}
zaBH)puG1~pH+4(8wHSAgaNc3W(6%dPH`knw$K;<sV<497Yy_ns^A&@3Om;6c-+2aM
zKzT95WQKgTpmGh_2yA9(niiFe=NG3m87!&=r=i5!8fkOpi#m2I65}wuWLOiAv&KgV
z*=FQ6j_tPUX@lUrtYa))t2E0%HZGZ54mdqM=i-xR+`YSEdNXA?TQQqE-u&ll+GW7~
z4Lo~w%6KwBGK1B09f~|2Kk<DWxeqOxhq{PkyZ@)Sh94@deY&JW!=fK!blL}IeCj#v
z^K+kWv2TaA_wU^z+~HnUV<9rTxyB04(XJ}qeRsuju|O<5|J5f<#uLmkpxk4N8Eu*2
z3S~ISSk5Z$-dz!v4S8z_!Q;J0HPA{R7)?o)NiL9ZdJO_jFdD<doC&n}WS}a^)yP2b
zDMN{5BcxQxskob*->B|LYP{Ir1VSXFyM?H8ciu6Wc}%#lyZ^RZMJw>33QxWVeD{|Y
z0Q~O`_30J>D_f%P-Os)2H@eH=fdx_ePQ_vEK+u}DQruTxqXzy(f6dwDh|mVcCqrJ8
z=bV=Vu9nvnl)U`xB^crMCg=U_9ikaoG-_ZtIzfsOT^h_u#%Nej<k6|SwHa8!=1QJf
zax7M2s;vnI=K^A5WP~TAwDAE=2-HnWwW<lVl7$@8K$c|`WlmX?OhywH&*m(rGnTWO
zdg;+s!|L5Nl~o2tFq0f42NAsShh^V~;I*g1T2DzS-3KA<6F}?>-s>yS*vD7(2^2i`
z^HaH`L(=ZYy1hdMZ{IoW^E!RFwFg^E0dl~YWHG;4p*pzEHG%iv-Y|PRW4^fK<oSfp
zUVVlrRP~(TQy_!)5IocCTkfuIm@en2!~)|CG#VhZapuSe@&w1VCPZc^M206*p;1lN
zBsMMdsT-1*g%qWz0jq2!8Ohc@w<{X4TtrW<u(9sbwLMo%tcA6C=61KRPrkkF;?UAR
z-u&m=kE76j$Sr*sC$c+eyDbghszvF$lM%#_E7ac8R15h18(0c|`|D3Qe>TAfMJ=43
zpJPAExPO1ox3_n^eD#uYG(c_)^V^1UB>de!{Vl)v#V;w#A(OJi+ML!5D2fr1XABEV
zR>rhgD`pLy1rfwpObA#XIoZs1`CvjR%GhhPDXIfBN{dHwgA|Zwme4ks(SYIQDHp4T
zcG2LS#TEl>k<m0Q(pYR35MwYwHnQ)1P|_jjtuGIBC??`qQG0CRJm%HbCm`@xTI{|K
zsZV!u40`O_K|YluJH!w5bx%Jei+}X^yPaPCI5VuO(15F2Zr@&U_wGHV8mhsNlb0_j
zf~Bczym#xVosb3cJf~T<%x@Ret17xDh@vil7bHa6dMgkl=B)(nD#QjRi-OW*XcuBQ
zlaX%BH6+J{C~XMIXUl3-%~=F1(GM@IY3g0q?oCpzVPgwq9zZxBTCHwRLhW)+j}<NX
zS+MXEV96fyZQqXZ(?>%`q}$L*XE&sH5!6H@qeZjen|E*UdCSYy3r<f@siuz6q{Nmb
zIw`n+SJAGnvBBXg2$g5}e8}nLDd*=SF3&HxI6EaPN+ipWOrpd)%Mg>1VaSL@$<sxz
zM~8?YN)Sb?Axm=Y?)u7$9JL-_v{<#MHDuOcte~02=Q$b%Fbae-j|<>}L_=2-aREuj
zteNMb?7Odvz#(X=k4*f~EYUvx<(RkHv0=|XE)a(b%&{W+luqkdAwI<6^%0Cb6+(SV
zM$!l8TecjHcRvFUp$W8$nrgOSwYXz2%1|rOtII-YS~3&2UmnHzmSR{?j7sJ=S1j&U
z_$owCI#p;5Qro0VaxsfY0ha(1V+rD;gR+e|P1Z-~f>fXc@WJ3xLDCdA(LrV=NxMzr
zjJly&r(5m|Nvawi>1I0hkZf59eP{=?NzVyekK5zV`e-rg%P;*b0q@6oJ+<I>n-0JC
zuOB*uY+g*Zz6a6uTO^Jxh_Q&6wD5b7hGjkD>u;5-`<lt=GsfeB(ZDbsXZX<2G%ama
zV^RpEEfkX_<I)gtZA%-V$a9K8L0)7S6R%@IFg_Z$8cT944{2`~?Y&G2t?aV)w#|`5
z3}OYNX+&J2F;FgsU@akIt?SkRty3BwBPv9M4&4`#{)4fH5@q`c7Wx#ozR?WFx`mI8
z@b0rXKXnN9SoHX@q1L{V^}ZHAhtBy^B1ax{U+fWZ_<&ng)Qbh)H59`fYYdA}F~l&)
z0;Oa)RjRgSRo67jn!#jDmgmgxmn^3h&M8d@G{K=RkOcv2;w~=DaKz}Ngy9E=h~kV8
zeEN=ROlh@*n45$|s7ynYkgvxSQ`~g&zcUd&-zpjp#R?lZPIovT*^z{Q*zL#z1|r_<
z4#X!v5MT3SEJ{D7W9lCtuaA}<wgOD};2YB2&un$rx}Lv@*7$376Qcnuu{)0u-%(r;
zRtxG?!|i>=cvvtV<h=TP%<1`n(X$*&MyLeWG>G$9Ybc76d{9sa$Nh9cP&m~wHp?(Y
zjxmY33Q61}ozgUEzSYHaV;e*F3?_!`bq307cGIq}APpv&ZN*u{7%dT>H&ek{MMA)b
z5VOZZL^@2TvO5O5JyxvxLS7$3^7rY84skV)IYT_wP3-Ha`l#6YIvw;;DjquLhvv8T
zaY~0^x<f_v*e2l6>p%D}g0>#FT%k>cm4GcWL<TJDCBX=z(S*TZfHqLADzs@Sj3plw
zAi{FC;O^$0YSp0X2;QL~V5~!o(uyavV1hw4U@{PIp;dAW8a%a00@jp>Au4z>LP~6n
zmM$S>v#@rXFl;hyOezmP1&l$Awvesl*pO6rW@`}(>5`N!@%GL)im+9bb}fVUEr0zN
z&YuRv_hTta`&=;&9b0$+y|S|{(GNhpbue90+xhM>NdX%B_b435LX01`MsPOe1+^Xt
z0o96nm80#5@-|Qo3Z8v(!EiXhH4XD?&+=ATP8Tfi7KE39Y+w;-SuJK*A9rvz%Ndk$
z_D(`{##fVgU<}3vyz_XUzRf8iHdB*=Cp(nHJoG!a@%Jt{{%cau#m%B1){tAl2D?Tg
zKu{x_!PsNsg6|XZc4#NxmmAq<=6T3Ir%%UrOmJ|lqdU~m^o?Zi1FIe4v<|_YeI409
zCM#*L^STd&s)gE-iG?iSoX7jP&<_gB$#{$?)WK1=4Wdw%CAPFIn-y0#*WBIR)3^o=
zEut}6FIbJ2tq%}DoQ)}%SxCWPF>WFjn0TS9@t_F+ku4RQcDaHZd9ESi*xN+(I@wjj
zT0dpkSPE^;oUaQDJEDkf0LSo9X=k<;xI>F$U+C$l0MGrHj#a<sdjO8ki)q@rn01P*
ztg|aSaYIyU#_w<oSWTNHW7lDQMu>2n4T!0^znjz4hO4_3lgW_DupkQogU8)3x&Fhq
zoRm2)UOi_tIb$@)2%)8^SLCaVf&oQdkaG1lPURAX4Vu}weUpGuzxEaB=B9*=;75ps
z$8Y)diE5N}ue}^2K4%joxqjaWL3A@1+h^B&i2pgX>;FDd<US4ueR-078AXqYCi))Z
zvF@XfLhqRMPoE*-J^_e*xvjnyN007yy`pss-jU@61SN!kszXEk(vBwsiaf_V2R1?l
zAv84gingj~s*3A(S4@{v+R!4d#duGlf+OPMCYU(bDj}(qOnk09(D;tu31A`wf;aKF
zO$-L}X=i3M%D3q(gD{ay)(z-ywA=IvJ{h#Gvyaf2$FwsDyA9y%<9&AHtpoe~(H?)i
zJi=eej}V?a?sV|u?4}OAULRYhhf#g;7hxR?DeIU%Ny(~$5Cnn>twvKTt3u%*Gg<23
zi8Dji#GR7~I8(8@_q4N$sw^0nmRud$D(}92M_aetemdpl7r)~3FLH{J!@7ogwM4}-
zu?6EoFvg%_I?vz;!->RvGZY^}<crddD)K%_niD!><&CIFyNnhQjBbX6J2SiJ@VzCO
zm+)a8(y`9qDY-?*cIo>%m%c%KyRHO>LjR5(dtX!1W3ur+#riSGuW#YncmDeDYR5j$
zV^HGJ=M9RuxIdCXiFhGYj-ZCN@!&j}F${)-7@ns}vv9O^P0$td#Vyrx#cH|a{^pjd
zUC|Joy;TF5%0^TWQld(pd=AtgAz(ytCg6i#!*2$OX_ylCcYbFEBr1x8yi1f7zaHe>
z2pnW9rhH>76jI8iq+M-Sfb33@I5tD1J;-)?6fFG#$od~k2l7J*I{vHQn;hf*G)bzr
zxF>^Pv5BAAGL@1D>;*4qP=bx_32LGZmkDq_DtPt$8K=b%QKfMWu62aQ(t4$;SJbs<
zHS;(>rl~!X7bBjZjk!2KW0I8&N254aVWLBc5!q6R8ocQWO%xZ2CTDPx%Y+0lvi5%L
zW+5aMqcvceir6|>cm4P{zOKrC4yg~R|CC|XJ`41|wAnro*|EU6r?_1|#l4_!ltZ5m
z<&YBa7=PC181@zFzTN22V;9iOAlAkmlXD=R);G~a63=K*G7yUs#fjj2jVTOm4a?xT
z^A)q%l+|=W-8yRTh(VT$mE^G<d?Hu{qglk{eVjkSr?Es;LK`z!2tK-TOH>W{kh&SM
z5Xb!@Evs>U$ZZvrpxxs-SMa3QNR~fJbQ{;L%p~AJB*peZ6%G^%c><)RPgs=ycU0Kv
zU-&f+^K~1KLjT~N=D~wiHi^Sd1I8LkN<?B2@X2$r4H7$g6QXb+q}U3DyoD1x<i%&_
zj8BGSxuvQa?(P=cy`8bRt7&}8w3@@~uW-KN7x^y<lM{xMQ%)u$%EBT>*C;_(CXGbv
zufiteBgBngbe#w!wKj;Z<0QJACsfwZbxMAUTf>yyVsvx=uG8}Dn5%wF*j*oZr_W-%
z&mQO4;|~?oK3q-T2#8}H*1iI{ub>>`jt;5*jup&fE*O1WGL9LzesF$5l$T<*@`kM7
zB;eD<rh|-fG{ifHiZGuq$#a8KLohi`GZyoj+3k{g;Zdg;BN(571jIsvPz6D9AEC8C
z3<FHZ<pHmP7lWEOa2F)b7<nJ?s+}PU2=RU)5HuDRR1u%-_|?Za3pHEOd%6YI$qw)H
z5Tw~RJM>r*tn7i{eh7Z!=i84#Bq34rY!U+_n<(=j8yMJ1hP63mkw*onZ*k5=S9|Y}
z;0f)3+!(|twY0o{d(FuwXPg#eY;Gy+fDx8Z!$?Zh!(=>Re0j?FJm<wPCX8R4U?u}H
z)5*0BtOY&Ya76qrXCaH-nu(o|_c4XpLgI%u<A{P_G{WO%-4vQ+d>lI>!=|tqNuq|J
zs7V~sF}|TMq}LZ>+l^@02VwQiJ~}oOduYIQck%55_Z{lE`VPwOgXfMxZin0|_C42A
z3gNN$x=&0JoJ&F>6MOSa2tjF`BM4O9adLV}R_27Z;`VlmFDwI-Go3G4-q)<&ui)BI
zUDZ_cK<xvqC~e^o4~2)R2`sE<5Wwapa#T)nL1RcC0k0&XL$}Chh`JQS7r;ldSOZ9!
zw@4H#K{UEHXe>cdT^CZAnvlof^klf&Nn}Z#Qh0PxlAep!hn~?N&u{#kr}UR)$#iSG
z@j)2+1FznV_n`)XOelvr#V8}kLNj2stXMV`wZsrgLyN%^)Ud3D_WG9ge|*E+-!B<5
z#0&yv;yBAkT%4VNSI#cZ`Skz(g12vP`R<!*hLbV)20}q_9#0yUwHr4uzlIjmnu7%!
z=ZCr^*sun^W&H*-?YgWGyFiKEVE0~w5|w?)&o8JZn9w|)hjd7h^%RGJz9yxI_@KT{
z-^bvk$GU<(P*k5|IL5afi^Mp_v-NRYc#2_apAPTIf)kraQ8Y?Iz2a6Cp{Z%xhT&+y
zBr72VoGNu)QI5tGHfKIv@b=5sy#3SH++5#sJG*1)E4=r32{ffA4+d@GCR4;>OdDMk
z5<#Ot2(iP-G`iD;biqqEM`V;d1o8yGrLjX=)iiIU31*RGF9bp2+=Z--hxnii>ed&t
zM`W-s9d;Me<4BRwo=f86zIi|2{#*iy$DeECY}b{e01(n5FS7Qt>%NBpPf3lKoWXF&
zAj_dva#eB-tVD1`sI0IS6CmJdy<__B9gUfDGPva8#f0;V2^XI}V{(3iR?xPN7cXD&
z>1V&-Pk;QHKmFzplu|JGyCPZ$X+XV4#io2F-+7!Q0Yc=o#3-3`K93LiBJJE%x^t2s
zNd&|MM71k#Y3f|oNxI#vVD{J!`l-<f$BNHWCDX^cr9;lu#|rDQ5WGGG_>eu&u|j&R
zgE=JjIL7fE;<}DOvQI6vAAEK;L0Zu`4!3G)stWHNrLm0jL3}T^V19jv@ybbA(5&G0
zddki19rJ2N<)^f|L`+M8$A&;2;>Cx0PMu-s65nHD5o%F_ku;SKWiaFcg0%5s4{=r~
zUi9&N+SCnsfg&V6DqVneB4a(VTQVu8qI38Ty5WN4k#6TP=&qA}A1f+mhi5u8AS(x;
zz3^vPfPYL<?eB9eKeQ5YpX6J2j<j<(h|NTZ%!*h<?Ut#Kqg}1=W`IA<ak-F<GfwgW
zS(8z>EjAbOJSP*u2MA7?7&v`aa{h}GPA*P)`RXNS&(FBHydV!5Uw`!tZ>Kf?$3K6@
z`Q?y5{M$Et_q%V&a?2;5zoa-7imW6PLof=)#5C9R#qOdiqq~Ax3wlIN;&P*eD5&C1
zKvl`e(rz(Cw-Yw1yS3|BlEX(O-cDj{-v#Tb4h+Y3*?l7z4s}F_c&9^9WM7+}rxb;K
zu-a3*$V2D64=2^f5#rdOY@f$$eC;$!*lGvW3T+h)meDvTD>D#bet$=Ozu@HT3<-w+
z__u%M>g_wKMHRDEq(;SIB#@avhGC!v=N)Y)zqX3=CV76v;Z{qF(}0FR9s)Q|5R)Ro
z1#dG9LM0wg#PS0HC*eV)c^uFS5CYkHcvcB(lhzc!thy5$p<9cceqa|A_AH8F2d>-x
zn_)MX=lFvB=k&b$F?Cz|Js+zdSpbhJCS{9IS${7!B`|F5Vm5=*9&chtAu2fUxvN){
zmBkJV#<^jbm5^C<rG#KHWDLgxG`F-aFffMV#4tIt{Oa#t@#^!>7>-WKvXVlfsh;uv
z{fxVpb3Xgxod5Ix8u8U{|H$;+Et%x;SkEoPGDomvYLlx;>~MStXd10R6hbs&r4u#;
zvv%6I+WDRP)FEbcb4qmb@HBoQf%VX=Sx3J-LB#OX`y3+0kIAqPaYTon|Byi9n1Zj5
z2;o>K@sz~fV_jsQLcfnA>my}<ilxvY6Wh+w8yB5_ZIhGXD8>cFpg_H&trpB@Q$lHI
zoagnoZ@GGZgZG-!GKGwcoH&OO^NC^*UvN>?=7ZvW4CGUdW~<^A>kTTN)&{HwtPxb>
z+)%Uu3U~t6N8he4rn$q%Rb^}B&u*~uw1cyeca0rV5>GsK=4@JILQiqRp`Cg-vZx-~
z>F<LF^@#A{uNmU&({+X3k9)+MBXtEPNvo|YCb@}7g0?&bUctEvT?%7kD2F+jI=m6`
zEXP#=>cDU^pg5aQ1&6E}oLKHxHSebjUi@;%$>{}F1>+qTmuFPVd;GGZo;fCy0iXWk
zFM0p^p5<)D?M;T{C7R`wnN5~OL{ZVUU6#t)cTTrN?vX3f2={Hdn1HP3ku(*e2b;Du
za?wHIS)XpD&tleRhUZX6@YLr$2K)7a)eZ?S`YzVTp6?Ls*0+l}2F3k3xuboY-(xG8
z21U}$gc2x+B~n_@fOjpk&@gXX+@eM7ip6q{4}qqsajs@C$Z>ASLhsiea&dPiIMtYc
zBmpc~lf_&lQ8fKtlCsBJ!5awP;9Z;0`B)@Oh|}Y$f|$<tU)FvJ5mJde**3*HkuE~p
zfeZ@Umz>{{BW(0aJaGNqCt%nu6uVHJ_FP1FZ~H_I+jBBz=e7RYZ~Bpc+dk*r9m6A!
z-u{fOLQWLcgwzYi#v@q^sl&O3rfO(&i_I(;AusL!&)%CnJFaADe!p|v0g`u$=}q~v
zva7SY%erOVWm@Q8*Frn(w2>BVCNm8!b*m~X-y9J);tm`DxF0Rt9RL|50mgfkW!+Mk
zWxhL*ydVhp@$;Q;AcjEb0?(U{YA0MRS5SMzDXkgr?w|Sb$46eh{F0mN8a2mK;OcHe
zwQzK8Bp_Vf-SN#g%7^<$y5}wHkI&T08Ydq08M4zPYSsQdCI(&1vm>=cK`(CiV)V9L
z{T-s&RmDcW=h=tSG6$-#RQ;T}$2r~2oP^Y4UCX(d%P|td_<3_7uS*N$rLQv;@HbV+
zPmwIn&6CcZzf(nIZlRl7P(OK11nIy!BgBqCgS!!&s~`s2X3K83Vb`|ob{nvk5QN4W
zR3f|06J5JO1lnDoZ9{fH1~h4Vf(k7u_)p9dJ1!qfYsM}YrYfevY_P<Ri`jKSOmL>C
zCCYaoG4v8GJk5ua!6W$We`mQ9A`AAU-yzy33;B4L+?^=|$H)#g16n%P-JBD}hBL+L
z|Btfxt-Gp$jdqS%DS3jQuB+?{lHD14rD^|wbUlZ#qv<NDYKhb(>bpj^4YV!KAJ?qn
zBbus|001BWNkl<Z4Y$h`^{PUy7D$NP|L~T#U%aBa{vFF@jW}3buc%iwRqc|Cy{ozV
z;stI|@$_*^+-?b*9k@EV6}y7T<?FtL-Hx)pddCuty@BcgVOwUe+Wz~?NWuVR7sj3r
z)<NfX!KZfKb6IC|EppCLw=Y>#=M<J-ll627dE*qE_c?IqoQ~yEt<)R_<=Gik8LVu8
zHWIZ%YDH?r+DO~BG`ohjjWqYq?AB}iwb1U8olt1Dte>A)w+%5EkB`sn=m@nSU4@z9
zq@xmL7d&DiUAiH|X-0<kEQ@bb0V>qeBymuj8H6tR;pM$vM2MC|hanfDWQU(T$6|!e
zMukICYG#+`N5kT?UmC{6CY*uh?8MLJP`_;kq-SS}&wnWiwEv~_R^_vviVrDDwt!%!
zJ;5PSYP9dNB1()2S?IbB%&5I5nBkT_IhQoB-8Hnj<@$PsU#(bOEvaOIY&N|A{ugfV
zZdv~BCDn4t?TZ(zRx56=R;W+j5N=s<Q`NX?!}If&w#kXibcncKch|oslippSr+w!L
znvjdG^}n+`Ba^)=Tl-Ec`{dj3T7HU-JZE7#H>WwZtDc&5OnIkWk_&Wh&T<Kf<5B_Z
z6x4O@STBL<rW_bfozJP_IHybNH+2G0Bf6|mudr<h?T!$dWH}N85BHBmG1{Dk(l$GO
zxxeROy<xLyX?8od-IiFB(keF)nhs}?T3~6B%<N7S1WTB;6L3T<lC12pRDdiZmWqzX
z{27X17KzCNB`*lp+XEFnQqmnM-m))q-nhp6mYofSC_?|g5=Gu|oPI55Ahc73OD4z*
zbLLUM1w-z?_FSdUd4D$JGa5O#4L)&Jx(dr0@-#oGG)<I(DVPwt<PGT-0l!?}6v8%u
zSDaQXf)buvw%dkfv&03@_3bM0i`otA`+M5!1-Ey%xa%97clcGs!c}?mCOGGDx7Vnv
z*mXwNMJ$J47FzZm@F>H(kHy$-Z(Ak@|IHzqQrLJy5wbWK$~xkHhcvbOKezDB8IsQx
zf=(5;b4BzV#e7a-m|I}ZiFGd_E*yg-r_5JBr+A%nKtEM<XQ#+Ifh$n+q&vn4ZDOj`
zwbF^>@o~%Z`jP5-0lHxKwBh}`kNot@dp6q^3CShgsjyIw5e5Q*6<@j7+vGQzJm_N2
z(#gBF9J?$;Ok*w(iM>Qokej7$$O^4Bo2ZsMEoZdY7@WxO)%DZa0j>!nNAE)__&M0@
zkhXoSGm?n{bnNxcbzY|y&T|y<OBU-(3*SF?k((;^zb<oXSg1#L?g+Xo?(z9i5)oga
z7_M0L1hB0UD?@J6+;d^jm|+XgjaI~6OMKeV)eUwN@vkakZAhK&(QexzD_GSPokey^
zA}-{>JOFi$tLp{6Z4==qCfGn!2$_YdlIY-j_eCzaCdq_&uux5ATG{*rQR&HtW$r2?
zwub;t;?N<@5tLp6^~|y7IkgzhiK;kNV5ZDa&&`4^?aDrv@NmiBxrA*vM|U*$XLI1Y
zz2CbeSOxm@Ry4&VhtAkEJ1kWXx}EXE-~YsS|L6BK_iL&k_+?G#w$#q!4Z5~vXC*eG
zT;7gAO!-6Q!j{213lYRg3fwbEp<-gF2Gm@-!D439m0hY0zIB!eeW(=_Job^&GFnXJ
z0HWECs-P!Ooa&5DE!vkZ%wtl*u^_-p3dq!R<{sPUb{PMB^Pf+T#kf2+{xlq0;4ON$
zkD==r6igvUH@GOd2qe{<S|oHG>+Kf*>{wkdkxaUAPFcNJfO(on$8OW|{Ji6)3oPyy
zNL>*`2|)=RTwOV0YqX6K6kN6+DzPl$gr!d#x1>SJfqbNmVnGv1+&URq7*A7Ez@TR5
zavOR3^(P^BOv9C``JNN_v_radF`q*on4%ERO>3RoiOq$_E@2X0QaCP!?mlORH1#=L
zY6*1i^SNX$RW3Rwf(4Il1MMd8c>m0@uGxLu@b2vgzWa~=neD>^FRvCfov@S0R$$>h
zF$y$+Mp}?C*pHAIcOfzGO!6ei42=#K)6LR|6140)yQDBDGkU}bYHTIhJ2)egyz_QZ
zg*MZE1c;Wj7zL7R^FwvSsvCDEakR*siieo86q>u3jtkKoy;3~W75#tB`%aF)r8Y6&
zo9vBFRP<~@FzS^C7FuF-4r|Odbc0E+7>>xZ?r1I2Z6YsfSZPJ=g(^mZ8r98`8&|X4
zG(0`6S=>MH)vK?l#ACY@ZrO$w>WW$`v<U<k2z8nfiDpW=3C=uD1t&4(iK*aqNI~vr
zW-?+9T1@<hd@2e&o^Hp?vKs~ZrE76GXCeu;h=&p8Q*)G45Yg0*|C|HD93Q=7Kc73}
zIY(%iJDZu)<xCZXQyy^VeD=;!*U!EGbF;E@tjZ~Spjp0rG1I>h;;y4@8lFEsvVC}B
zx83sHKYY*oKfj}s4PXE9HCJ~p_|t#-d$zxPq>4gyRk7`aT@a*8hN{*&0)e23ITth)
zl~^FRDEN@!vuL;&aY*X4ObOX{ODyK5Nc*JM#3D-bq_S!2%1$qq#98ZSLWNmW2osul
zMM>*4KzFC0w{wsfX9~nIJ<*(^Hn$rS{_C|Gk{Rdy*L7_6$&<?h-k;Obb&n24a}b_c
zGAh-W?19t-)zrFo0zm^?XLOwsHlA0tuu_i@*)<KGE3RMG)C=f#f$hU1>yLN5)H{?G
ztijm9Zpn+=TPzw~*Ahh0DyDoT(PSbV6&z@-sFTz|*`N-RvNI%NDnquD<gJ*c?yb0b
z1IcVv*h|w@8Bm011%<HV@e}7dfMfHGDTrxK_i&EJJh$taQ(Vu*PMi|O&P}DA3NJhd
zg<et&=EPOZAvMf_4ljv{CxSH{Y<AeLA%u>{=O^C1|G@pnC%*sr9Y6o{GuKz1zy8}l
zvbwGK@yC0DHyS$pm1D82iO*}?CM&!x5;Pe}Hn>!XfG&Cepq(Kx;3ec(=yGhSFscqa
zvyk;imLUm5h-$s15R!ei%KMVUcItY*&=4z8tWW}D>gqrn51fvgm?}O~3*_AFBu;cr
z#}?=~6YBe|XFh+48PeQB^xGbX?)R=@gKyjDdel6Z6iMNDm4S=dD^3%%mXeT_5MjG+
zXo6C&u81CD8|XGW+AlrJ>l%CRXk&-1ci5@{spxhM7&O6XgK>Mcq-z7AZLoYL``p1;
ziZvqzU1;udVnzg{w?7IcG1l@7$+EkhmhT6<p*|Z4>!CU81N+LoCW+K=$qZx;Nnj3?
zH#Z#bbB<$9mvc(bb6Av4otrrk6>}lBQw4HP!TKE9_!N{nMMgPxJmcrat|RO=#I9kp
z+4Au4z=yXFy!-w=AAWkr(pUW3zx!KmU*GZe!#mnt12M8xk6$jR?kYMW&yP<yC)rsz
zX@p#ih{YUm=993_8xj=>N@pEn0gq(jgToYpCcrIPz~^AVSkhm6e=aL7DKv$BmpiJG
z?ULn-$=SQ?_>3X-(#W0Cryb0=yE-P4{WUY2W6;|v=uS>N?~}iK3V!+vbTGeFk-B6i
zX1~>&$S>CWv>o_C^<6?S{x!j)B)7Me#;R&LYbd7`o8UyKG%?YhqtJzp)k?W`72PiI
z__T%VE0)UzK7hqQCk>%q&~$;O$r~`BGhtCL=wd?~Q}Kvms2Z-yOw$g6M4Z#1n2>C`
zGR{_l$MeipGlSKJITIsYQXiAtpPWMvbTIw2Ak7J=n>$N5$IiN>D9xcHe=f=3T!ESc
zd(G_v=R%`%x~(a=^Wq)k49fr1rh<$m$F^e^8yefD?&!yNy#L2v*!=Q{uOff=o4?}C
zAKoO_<9k8Y5!>##{&K<VFW%5}9Zl2Vmmb+DIKj0Mvw$b0U1b!k8>~qpLU4kFw8M-V
zh-Ubh1hO%vxQLFF)|qJES!td*>z;ynlM7aY?)2!eJ4qUY^v3(eB;}KCLk{K@;Wu1t
zIWhY<MtqRb_wmU5#O1HMa{Ts}>0s<gvHV<$y3B;?E+s5{UK?h|<0gcWHm6jnbd@;-
zi#4V~l#n%Xnowm`f+^+~XqD1n*$T@=Hn@7|lEmW1Q!iI^0{7bu+^o13Xxlc;RlOsM
zr5KBaq9Mh^#B6YC3W_5}LxSO*CdZVR=c<|yx45I0`kDu2k|SZ$w<Uo#C*hhAHTFW=
zqU}rYWjb4DJES>juv75UrIhKpUD3G&)wzrFT;c89wA;CG<hh@ni;*}rcbYTLI|aR+
z`>YQO|0(B;v<e5TZLqM$Eb#F0i9h}QpLqMHpV{0$v+#~@|M)xp^}qYqEN)l){L9;P
zp|1nCtC#%lzxe~JyA?nE@*{lwh`JhOo8llA$pke72#JM23`Xn%+NGq}1j7}9UZ$#Q
zM03(?m*-kV)aOYvD9PF*5zXX=1evseD;kT^NsSnJtuTt49%cfEMytQ|uK!q(i4%i*
zW#1}jY->~;D2jl0k-u*L2|J=wYq=Y30OExmjLd{EkAZ6B_xxK5h5PGZJXgx?lIj@l
zmOQi66fWr^rjBL3LPZEMP@AH`5miz3d~vhHNln~2h#k=@^=gGGXfQOSqS7{j=cgUJ
z+m;w3-8P^%f_ENOLDVHTlP(M`OiWB4=Mr`o187wu%4O66hMq~AAh#4(K@J*JNU<$e
zuDu9qJ?Td?CN8nq4++tAr_EK5&4|t|pi{}Fr)Ev3XxwuP+PN-gF5%%695tt7oAS~-
z2bG<g!=17*I`x@c3dv2;!lxj*qvyqvJwj|FAHRRccmMZ4aR0+E#LbSEx1Qhs;jj4J
zzyAZP>sx+&`yNzT-CiRS`R2<n`Sy$7V@`N*&)5#60T+aYDQnju&OjXEEOkqo<0EpA
zo(rU+V|g?hlAt!><7v4IC?ai+oe*3E%@#yS8={F-hf6x8yhtLc!;&1{7Z~8Z6yldQ
zj4K;v1c5<oG470htKI)$k@MwPM++?Z*qjZ;2=*Czj!z>rT<(;9D@aQ&C@6<idEva{
zgr0yP4_`wMig)>)KPc#Pef>^Bpab*K4!S_eA>NtvBdKT<=*ww>zgle&an!+6<?bX}
zMgdHSyGZm4{?*_75e*&p@9$|g4bE5K9W4P34b|4+Jj8Cz)AJ*@x3}!p9icUxSG;;G
z8npz(B3)}(42fZ9A!VCIK?6jmDZfceA&Di<X!Jp3PrJSwidc&MLxYxp*aT0;(V9`L
z$1+;s&+Y2xbWd}jopU~M=OCjgvcoBY#Z<n~l$*onbRfq%hq;fNTL6w7|Ec0T_5RL%
z)`#=7Q^z@eer$~OFAv=R=|_I~@kg4cHA@^fH#dCoFJAI5|IHs++`Q!J=?SlnuU@?7
zPahts?iRfI_6-Y!7&?|+pe}z;45@@=tPyKd7?}k`4ML)W@4O^kQUD2wej3FkcAQTR
z<l2Fkbi=!tsN?-YF#@<_A2Xr3fTYey^Kdo-Ekf7lAxX9yO6<b2xOM$vIdn{cPjivx
zIDwx-hQ`p7KT%vX7pE}lK>WdiZX=`EW04oXwo95*jE>Eb+(B{WMCWv_fGPXoiE{AY
z?gCQBrOCfz=Ym0RlN{rVn6xw*Cc_mX1}+9_6})<)cXUzcBwc~KHC)}k<gfnvHSfQB
z&-ee&cWm!>bWVx4E_MB;xXz(n$8No5x7iW8mR;M>+7*=+9g*O@N3xBNYDNR1fobx9
z44}^XuuDixZe)lhF9LHV^v#xL>^J7b<syL99K$h&vo%Lr_)`P*&z(oi*^yu3a4^+n
zoFgsF%{)5RrJXZ(os)n&)$L3b<8v|VmoOAhz1Ez<ey(#JzeWs^hqoX2<sZMN{rEs#
zdseqAma7G?UcKbi@896Bt_dCZs^;c;Nw<S;W4!*uH@y7%HP<L@8(G$#s#+kv&aMxN
zh6;_5%3>b=TBet0q5~;ZEQOt=!r>isIl(rFB>r6?DP*E{6zC+`3KcC<p{J@H?0|bu
zJKNh$11vHtDii<uU&;u68h<^<8feY}f6PGDG1wTD??bj5bT)JaWf6Ay731jm;%5}1
zUkgbdqshk!0><I<!a?VvM~+R7j&=55U77X?occO4*6oyYtE0r>p)|%ESSJD+T`pY?
z^%Yt>qA4+?IgJQxwmW|M<t=~n@Bf;={o6Yhq2tH@{Fdj<hIZ4T(jw}R?FR3KRyM33
z9tdw<vE4q?Hdl1s;hYjJ&7ibO5S`1>7{&D-i)hpyo+~h<W{puSqokO{55<9X)Is&`
zA;mR3`%LcnS7dUKzjPoz*Z1t)bIvW0r*`F2jI+7NIrrG6psgubZi*~0hd6SM&~XVf
zamwLgZq|~FudrN*HqUFe>kaRJ_zsi6)fcz4O-tj2yVrNTe)9?^X>VS=@KjP^Pw?|E
zKeB0B-hA;DtHm|dLTI0!@vEA}DkWEXO)#5TnxtxRYlzvZ-;yJ88u}W+ryC<!?CIG9
zMLfZBT~3K@%lnFDF-}RaiRh5+Tr#D#q+`a6oJV0u%mjSyluD`VZ`O&Ox6EAlj=3p}
z;i0mC>Sz`c<<qE%V+pt2!J^-NW?}iY#pqn2v6&s?)c5)s&pAcFm{XnY;2FiAUadrw
zq|FpjdRCo;e4Tqo<(AY{jrR&M&}?^DFk)=^;fJ62@%xW_@i)Kc^|xQ3L3sD}Blpi+
z+HFLAhjxOk*K|=>E*7jGUb0#)*gQ8Zsv5V@6v1Lii<IKWQ}-r03#lh>=Q#2*2a9<Y
zTS6@zLx82qu*pgHQK9_g*q0J*UN(9%xIg$)3+E+<qEmB*xxRCAV8W>whI7Y0Cj@X#
zg6*X?M|0lOC57|S_x8E-utONM-yB4vS+}h3A9=ceM`(83-qhUQenDsg@7}%Vt5<it
z{`yTyc#V;2u|OA&*mhWa;^FBLsT|9tXSJ%RmlYudmWwNveu)!@I0uzdQ4^Xj4Pm2U
zF{AQgcoRAz(WfD4%wz?_u&6`{blTx!a*qf~E-cA`p|T->ta#p;bQHJZ67W}sv5~=A
zzc!%~Av$Fn1~rnifoD}z={EZQx9BVmVXDL7d^PHJynPyvacY=<iJ12<MRs5&d+uCO
z^Nig!j>p6w!hXhQ(!=f8Is6pZ>w!`;T(-2bJgcNKs;ipY7cX!NN7HqzpSCpX9koIC
z@XUYuKmNq4*LUdc6<`0c=Edumy#M)ux9{)Sg@CBi#g6Ufk>>}`<HIXf*H`S;8^W?i
zGznrYTVt8#YbF;E@segoxqw(MHcI+=?49$|y`_E8Pwi3Yo2B&L-3ZIHW5c*{V(hsz
z&~xz5RM#}uJ^XV6{yry`;uJ|>ZZho@ls7dqI`$fu6s2=8;8fRistBIjNDNFmqiZ|1
z4{O%<55$Kx-be1<+;R8SD=bDfAD;R0+pk&Py};L=7#dJe=V8-gTjTMUC*FT}&llf(
z&8s)pTwkqFUm?55s&Q22K^%yp-g9%cBz7%Lm*d7Qrk!0(v0yG24QC)Rpr(Xiv{pjD
zG(mRB!7<UiGoD@Lg<;q|TOT=5{;vf8!2nal+!-x!>`X9;C7BtQT^qtdmt=gtRnIw7
zROydw#2(A`M>d+r#3S9(;J<fyTsnW@;&sY&_E_hl2aj=NW+lVIU;edu#&-zWea`zR
ze>WT)wd{#x(<VjA+MNZbK0<U6r-_2&Dp<Z)a&@&JhQQrw#rpA??s?5FcKrOq5B%eI
zulee)zT~Tyx4ik{HD7-7l9xYR@zam*3DO}R#2le*cz$}~`SFSM(}vx0Nv)2m@@f6k
ztSyS8?%9mWC2f?9*mFa>nI2CO$7VgA%T(?{$`eT$W;y~`204ZG_YHQ!sbNk+>r}Tg
zH<J9^f_QAsGX+7-)leM{?Wbltb3*%0!CX`H^>fhY95TdI;W~Hz&O?i(BZ^oT=$>|L
zAD#%?9ZNM9U*E#*it73r@g55u3s>WPg*cxEww2F5Szy-j{PCIh|M(UO@Vjrn=F1m1
zL`y}W@`3AW$*NvZd51T_X-)ld#cs19ZabO~5Ob+0i6NR`1Q&%40afVI45*SsO^s2L
zDXSTsMuHhw^6?79)WsFlz`)`1(vg6$ATeuS^X@fkpR9jG><JB}18Ep(dVUT3!?YW9
zr06*E&^W)Jcu;)Gg5r)0-(^O3@XuL{=9~{bIQBz!T|78vHY&!4;f7rF-Ut7MLssAZ
zylQ_tlD1Qd&+Z_he2!*>CbE6r(QZ2GS9hp~&Ic;*c?6nu%kKG^U;g|ftGa@}eM9}?
zhPy9cuzGomU(~#N{|>`&S_4Y=-17Y4nft2;s@h?da3u?B@9{X)xui3SgHwrR_FF1S
zvDZ(PgjhG8;aP@?^Zdw0;@|SNWqjpZX{Lss`Adq%l#}+Qp?R0OXP<)y=luRuAwA`e
zFlTX}d+ui4XcG*-DHh<|^E)N#-G>#xb~|jnLDwC1h=iLZtCzRP!h`dO=2!<`qpr^6
zfFa~tM6eL)qVeIwM>g9HU%md4*Eg@Zy1B(-V7GfFR<L-r;`YTAS5?JA6mgEla>e%Q
ziso^b*heDCpDWt{?Zjv#5Il4-IeHTvjvP@zi^WK^*i*K(?CkQnjEr?hxg2Fxd2u{0
z4iB-M87X!_X_(s<Z$0RJ?KrczUlQ{$<#AUQhw+@maoo8&9()}Jx1?WX8}yfi^^DU_
z<zoWLSliT%2psXqd7Vr5KE<dT7rVn}9TFVK(5}nu&pt&qChBw(Vg1<fbid}sn-|<(
zT~h(I*02+-d1ABexc})ruU@~Q^NzTzaaT33uCEity7KIvcj+EfWx4Py7fKVJcz#wE
z3&G-&uvoBKELo`Fo$KeO;))wX&V^O&FJ_HHCmuz5R%!-P5E-Z;lFe9ChpvO@y59k1
z%DBpYL7EbA&KcIvS(Hz)+U9g&bD3Y~oFL|~(&lC@9edB0x;C8CbWIh_IWw=RuJ7~=
zF8{3ds4QSn;ZSV3K%LtYB1qq+kCqB4W{ieeq-!_0I`Z<13RWw0xj?R#NC>#yGi_`M
zcQwoF6)Sc4s-n7D@Z$9=x=lm#?uoGLXbUP`LIKS(%LlyV1vbx!B>UI3K!{L9MJ?%%
zEaT-#mt=H#HMhtxfF(hMmRWfr7g;BU%Qsikr`CQx)bnc>^|Gt?qs?b8rngV$ByPOB
zwewxiKP92zw=7B=nFEbI1?>pjcdV0%XQ0Xxn8aRJW+%>2-+dNG11agM$t%v`=tOV|
zl}3=rX1(U)yN_J0mfS6FsOlSDYR%6f@UHpD)8mGBzkFo7-r`=rg6OHMiZ8$UmP%{Z
z4^K4RmJkAQSF>6!sIMwi;Q8s97!!(6X+`A>@1?&mO3H-O!O32-*<C6yHW<iiy2vC`
z+08=k$op++_P8rjilLvB5j^fsE%K+jpmTGabBo)l1@zcFWKK5I6v<+$K%9F1CEj*Z
zdZ$aeqNyTs?ETDjOg~m=&&|I+dAxd9cw{*OD6Efe-7oeBOGKe)s|l4~P+c$i`rrJ4
zxE6dU&r?DJyLECPwhF9{JXV3*S1Z2y;}_6v+5P!Ft>0j=Nn12AIyziqROT|yt+Z+>
zLc*noRh_1}l0j!7Q&p2)ifLvE<>77$0?htiW=V`_idte435Kdmi@gagktRcqV>qmM
zw8kTy%oH3Z69j`Xj6ZZnl4A=-Lww8nq#Up|7W0lfh(qSxDPvgp%e#Wlg#(XuI)}DT
zjLsDq9+ONuiF<RU5esahGv%N|Jq7`e?}<L$OC)J;5U}KzG0a@j#Uxdl@;6;zy9-<`
zpjuSCdG$52@&sqZ$Cl082mbya-f?^LB`XvBo#*cLYp$=adHC?icGnW4vAN%2Kt;u(
zuDN+}!}awoi^T%xGRw~L-!4IWz1xEJ_C5vUwvymna*;%Obi@j|Cr6tXLs=*Lj^R?e
zM@c(De~Ohg#aNrO_?_FuU+Szd*Scs<meJJw>YVxN)a>Zg3~8#XJX;W8R<_byAHqvX
zESDzW9$i%wbm4jV&9_uHE8;JY3Eoo&F%YH2dqp=5&8{U@6{ym*E$eLnS5wssqJ!uR
zsx-&hQ6;gg88I3mW>`)vd4k1cNvvX+M$i=QmtZ~Z89_1AwF?`lvz+<T(^SjCBmDrj
z#b}9rVr&>?C8_Apr5)_V=X4{da*hrM^~0b!!zPyS{=MbZ##n!*?H)w0%LJorZjj%l
zFyC)ch~}i~%0b6ShR6n(&Cbrwrj8+u=2C+^Vkn22-3WR&p_nee^f?wWwxTf-)zRQs
z))mXUCH1mKv-;X3;O~}vef=#VHrRLfG`oiH|NIl*eDyo->IL;OIe*{Wy`ZWVJnkBT
zK~-(&Ld)`I#q#=!<zh+Y6t9}*zN$o(Y-XHFkRbg`Xh1+Ld(iENv@2y+Y@k9^A;#p9
zS2R?`yF@J&yf8u~ROGmI&{UlDrNY^{47|Borq4NsDW=&RQ`mC}xW}9g&UH(3Y>cKd
zmrfBJeob!Fobz@Ge3@49bld6m^{_DCt_YS=E3trj$JMKAx+>!8irO!^a|>K2+<*5o
z>>{@Cn9J#w>QaLr4d-^mdP@kACPYH8RJ5#^MjFuxL9-)qOv{JM_;u%uPK~P7J`+jA
zKmrbjnI?B{Gkm@&Ta7d^bw)B?8kLb4S9&PIn2tfXbn0k(oy;(ZPUl?-7(0wbE=W!e
z=-#%!kdAlv#~6X<I-_&5uS<)PT-b@pL?P>6Zv<VAqUMg!-hWjp(&!J%-YZ&h|F)rC
zNrs&h)MZ$7$!%K<Z9A@;$c+f*1Qs4@$5nmB&Gib}4Vd!t5AW#K4|L6%jkR1`%&@ak
zU0?BXxgd0rP3H-*V{x@$d9|Wi)VPI1GxL-vs470YNA%*@m@_Hzaha6$z_QDP48fEm
zm+ul!!H8T#?$%>Q7_7v(OQh2i1?ksnYvvZFbCm6Ki~qT<Wv<!k$N=Al001BWNkl<Z
zTyMKe=S8P}f3Az0(m2i0UY#>UJ*Qtfm!x~H2!0NMV*E2*E>dBz7Gg*39DaF6vlFUn
zm32#=+ZVU!!xO%)@mE6iURlJ7Hpe(ejl?b@F@P#DI-+)%8ZK&bDTqdAk*ESeQ!5j4
z3X(>upm<XXh|p#ZQG&R9?s`HoJSHM^F)K4nde|Y3i^85=wj5C)eY%((>w>1p4SE0r
zY7dp9MWmAb1wM|64U#lUW#DgTW-aIbDf8@sE-5abQ;gz?8Idxkhs(+E#4_#pHIU@k
z$Id=+wL8_eNsj&oG$Jk%wWEs-U1*czcSwYXg|Dd8alN?0UVnuP6*Q4|o#T1^NGm&9
zUD3qI5}_7{TUH3dqH}a~=+fgC70!9YE9x9RWHIdM7-KG~(vx1Khr1<fkwh{g(Qm#+
zNw8KZ-+5kk=!~DAQhf2uI37Q7s(74(us+urVX9EfiBCV5!aB!<^wMH9<@I*S>(4nK
zr#_>p&t^_M#U-)qQ^#~kI<1Hda9!JCQYDP~sb%3kFJIqscfaJ#%{A+FOS?^utEyQO
zBmj&+bH5Q4sPn{R7Z*tb6eBUVXtC~(AzR?5*a;T}ivm`Gboq5M${$lyMdJlRO1d0E
z#B9h+GE1hBNRNq^Le<m5kv&$P91Ood^*h_&NuKg(J2pe|BNkVJ6g5F4NKeq{?}I+Y
zQ!)`EeP89d)AmSrQ?XyP4vVABEKpN=CK=6Q#x4>}Kym)y@$Lv=L3^&)zUE2}&O1jQ
zb7@IRCZg$D341>++P8EpT|U7v=N|d&SRgT=9jJB4F5ufh6&hUIu+&?2p(D`o;?*@*
z;&JPi__U?juGy?N$eY(WLd5VWDh}@*?oEoJAUmEoOS4rkf>#-sFy$W27h$P0Ld*uL
zBl>pM^SMIOD1|+i0-Gw1mFuyvQ#H>xizSz(2m3h?*qnLJT$pI8ke#DjpM$jK9K*T7
zd5T4N>gy?3?p&uamkctsxX+pEotkqUJ74GGJkDv%&dsEz&V`60I8Ue}+BHbmad%zw
z*MIdTPjBB+i6g$g<^InfXr6X>D!fa1N3p2fO%Ze1{4r9AV$ldO3;HCa$Ye93k0}H#
zw>u^&7!51-mk}Sw^Ob}<c(ZI*l%g5h(Ojv_Wa}K?Y$ki!lZwGXdmP?Z7S1qQ2oG{b
zKglr~FP=jOU{qz2WEpPhC*;;^rrfBs4Fra~>$OoVz(G+AqrZFD(H(YPa6E767_@e*
z82f{6?^ppF7a>MO5@BC-8S{H~CyuQ=D;^Dqzs#k449k_}x>z}l<IIm0yu#>=Xfins
zpi$ATBRs5WU$0UB5*4LwIxIxCyB&*HOK$I$@bwGg-4&Z?#C3!3U?E939?j5Tm>RmM
zsVk3l$!b?s@i<(}Zr-rhA(l;!<XD%&NZq$X(vc;Q<@%FIL25~x6ey1K(pz@*c0y8I
zQW(7KricP_I-N_6QRn3RocsEe<H20*)SQm#RE+u5JnGo7&M6>M<b!jr-*Y;ga}eyM
zo02Km^_*^N?|X4*RU-~!(^AzHFTZ@n>eY%LzkkR5`v>YTUr|4P#NOSbz5?IkLXB9!
ztU*Zy$K^ogKsJbs0VAZuSWVDfVG)^?ptRw5q9&{V${fLBA0bf|ddYT0={;yFD3)%?
znDrWBgPG|Vl^Hu7hl7Q55VsDC<}p|AQk48bH&Je8$v%9E(mo`8);$BzMp5hoY!^o6
zs^fyt9kA_=&6eB=V#Jh|N>4EN!UUnAyytrKcOxTL0Q=OrVu+QHPkI^4-P0l6TaJ7N
zHiJ}Az`Ann*xrOuhFI?dV6Tv6tUuw7h_Y>4-akEay=}Ssq9RsG7mQ8QQAeR#)?9t{
zn%{3bHf_LrkL%K=%&VeKaV}jKF}fsGP?ro{)gkJJt|*7^^`CM6vE%|{GWeD|D_Xpa
z0%&5VidiDS_P@(#+OmnPjo-C_^qv(MhM%HopMz}X#uLohMNf4_=L*!EnaZh|)VU65
zs`EIvu%C*Qm`kLX!+g605}k4*pTqDw2LaBpUOHOP5XAYkd}_n>-7S@?SvPCG`sN!x
zet5>Jn(NyaJm`|>9gTFf><Hv8C`OzFh)N8ZxS-%-6063ZPMajIW|nU*$=y}D9s(h`
zKUiWI^`$}5a|_Pz5NgrUz&4ewkdrfY)P+RGo?q<2MsfgRonyP%iP=b@dy8axcc$8!
zWZO&2zAt7yL{}0^%Y;Km3%axYU3`J_;8TksIZ-^P%t^<E#||LAa0c4bd@Sw|I+QXb
zFAM0WSx;loG@h6tl`<hGiX{_lL^*oww%=_qczySe6YD=CiH0}`8i}F=0^xCo`{@Jq
z%?;Jn6>ZnB+X=hp1<maptJinjHCwK_i1;OoMTL2Xd55biywg!9pR9mN5ihL6^!ZEg
zMOXamiUh)P=Tn%1du3K)HfGJ6D;>5aDK$1x+QkM&Xy2vlz(zC#KNnh=(-}?8QKoj;
zrxx$2o&Bld`8nunF2wg+&4;F7x^pCssqSaau}$ff<`k7v`ATzVV<!uF1Pg*x3#vCS
zakj;8E57;qYkvCE5B&V@0k?}Rt0gfAjjOR32oVAm9bKkarveisIV-d(baBMy8F6l-
z=I$sAmO)kC5_S@MckpDJA_yS`t7)RdMiC@hR<--=JZ^pV&@jLqPoak0_!u^eOlJ=r
zTH)*s?8V_M_PUlxvPeoVrgWy6!k$=BK4(0YqBM3gXxY~)*+G|d*ac0wP0VrD4rgGn
zW8{RCIVF1}0?lNwzIfZQ?$XZs3fj!iVGbeV^zS8$t9$?Je#2CRr%sgMA|e4q*tIS1
z-aX>|FF08szl+?ev3y>@t!H_4i>{V5O-r>{vAVm))joAc-X$MNi)dyKn2>_^3@nCZ
zs+!#u3K0Qgf96<@-wrpoqajo7q&hj>MKU6gh$I7KBfEzqr>%qLicIIgLUYIp$7W4)
z7X7*At5ZAuWANA|MQdti^*P5dM{Inm7|(S;Kld5TAzhp+baM)J0jbRiwyF^IXzN*c
z&sYEAYkq(KEkFHF{~OX8cduVjKR+R{!5&(6p{4PWojKYDL?Yr+N@W)#qJ}z2HYZWg
zC_N@p7D83Yf?jYTFT+kCBtfq$p8BRlF*=Do?oD<+#wjs$X$MKc+Vh^z_HWE?G@l4(
zmbYWnXJecSJJ1-?I-&hy8%FcB%F@t0=7<2WlmUh0ZYYnMWypZqgTffx!Sx8K;h)l#
z;@B0`C*kfvUDA6AhS9S%A7ShZS<1aS^pzX*Lup~|KKuQgS5Mg(6%ausX7T|<OHLq;
z3W*@W5Dkbx7q&Dz&*r}3V_j3Pgr+sTzvA1vW?5B8bc6uaYQ^$u#Z_HVyNcR*)NAhY
zrN8>TDqR<nPAGT%IuZmU+QW;!bU!ATT3_&s!$JujEc2rh%QDoeIGWYvKu<~cq%-Ne
zTvN_l2Yn86?%V+V6r?qWurOzSGDUQ_#Qx}#S=71Xnd8E6syiB=pDFtGCD7Wb_c|4W
zJ{2!AcNRHzb?D!x(*f3S0=01c%^UuPf6EX5`_KIN^N+Z@TkhU0@z*WgpE{oJ*H~;p
zjo?zRq5`o~+AiG@syR41<{65m1zW@h&`Q(IqT>Oy<m~U5AP4EA3$%x}oTcBjF(gNX
zI6SUnaCA2I^(}|qa))ymIkQ0TyDLbF5I{4-N%H(EA~9Ji6{cXBv6U2_Vi21H-xCy>
z;l?;3sfWEnB!iIi$V_R<S%Nbil^mHdjf;#iPWVmC!XAdQ@v#-X%TR1W-eXvq1NNmu
z`q^D6407ar&*Rn&GbuY;VG}Io)q!&mx(p*)&jyqj@m>0C#e<J6E^LslA~aXD&l`4l
z*2^7jn>ri~f=0!Q!>gyNDk@*$ye7v7ap^jVDVY@o^+t%&!@k;!rlp6|EGH;iv|f@_
zU`93R?-w^xVGD!cH|CD86rDkfG>C_DnCz#t@3{-pCDh+JB!@X2)SQL&lHX5tUzb3S
zbGoXz1cOrqk2z$7OQF)azdzT#%^^peJ-(PRWG6_m?@@<U3$(6y_4@^X^WXj}9{=YD
zy7i8$uWpbR!s7;bdcv(8ULuvxpoayzXmn99)s&wk8KWpW<fyckN{eX1ydx2F8Kw)G
zm_?d*y%C&6yo`2{$py1tU`o)K0#)8E21)S6NU(pf;K?USl|$NhWIxV(V5136B-46z
zSbQ}F4OWpn2P=@4^$W3@=3`6jK}QefQ!&7PpAr>vyg<o{I#F06$Aj@WK^BlB^A|l}
z()G{HB1~6?5|S3oZsa2^Hk{}(D~Tg0D#|{EUGl<ssOh>?TXh<$+y9&eLA~M^729nj
zhHg0CEXWa4e7+XdMUa*zwye7?S8>Ztb&G`^Z}0E9ef^3n^O&R*SXD(NnI5BQb5$I*
zr8t_#fD=$(1gs;&B}r^m&F8y_t;-%Q%}dku=JUtkj6Q9-=!<&N5ZbfzwC|kK6N9t-
znM(heU&Nf7yRgrJ`=(|bQ$zK+$+2^fZ*E+}+zw%?gPQW7n;WHZNnxB*jOLI^J_l+&
z`fof@?|-KKKG`kc+yCxg@-ckmyZ`Wi(S#0HUBUGgaZ#h&3QtSa7Gl~Br_KO~X?9d>
zN=&nj5QYm$D`Bpryei@hVnjolvP3lD;?Y1lL<Ns0#E@VIg=mA)BudQCh2Rj{d>nQF
zCmjyRhXrfQy4v?-TQDTSRwij75SPTjnsi54>WU;6TbDZumpf5U32z@FswKlQgTVLG
z;;5fMPS&&g!jZ*$oM1a<2Ojg7lLPkLKE1urrw1@B=Hm?cefd!rS|HG*>#?-pmZ*eG
z_$UO3&_^HSPFmQ5Fk3FuAsr(&9M0nUf-9-qI|t4Qu^Sgb%WzrR{8VHpS_4gtJgj%r
z>nFbW;tQ%}&GXZS`?nui+}tJCgly51axs&gmYVLtiHc#GW=3(3ooGGXAUWbEsLz}Y
zMaj~pEo$H3^i$IE-a9LuV!D5{2xCVg@o}fc$kD{lUF>GHtutH~=FCwpg_`EfWIm@0
zm}0|SA`m_mig%6ycsNIzTkz*n_NPb}bD+wp!g#hQ3i}ZipFCbbJg;tE@pu33@A$%&
z{4f9Ef937Z@7etFk-CG0R1i8;v&(`xoQ33;Y%MO671k(iviDAlz9z@+g+*v{;qhRm
z8LAj5$Xx{IQr1g|{og8lsVYN4F*DkFZBZ_?0i(&8N#lr!NJ_i45tFSfguY+U)9j}n
zoi?Aj<kCC1h6Eqx4ySjHumS}p5T?#cMq8jNlYVkAZdePjRAqp2%#5>xg?7xkiwE6B
zb%Z&m2L;NXU=R*FY#~dg`}0C})9}E;BwIjPW`pJTmMQREDdKTBzY^0mQJQlbG57+O
z2^01S^mxwO@9=BKrw$pCF)J~WQ^+n*$JFVzF<lQ%3@=bg!~vD~oMfDIc5T}bKkl$~
zOZBDj(p9*JXM$7e>nobgj^=sCm0ut(--~$zl~R;J#o@9l&9b*+q1$Cu1ZFyl)Rmt2
zQ{H1`qXc9ba*)!8T!xW@r}x05qfg0|3_~PXIo&n>lCI#A0r}i4o>Q&^a~W%wbY^oR
z)=za<bBtr>LTgjDN5{IOO9=^6n}JI<2A8;upJU%m`T89_C+hGozUI}<8|s&@sb0V0
zfBf(N2flAMNNlOH%}>`=1POH7q#&_u)`-Lu!bjRI=Fo|>BbOn?5+ij@mOC^HsKh*9
zf+&hbdY5k`bz)dYbO{F25VJr~^Pt%JATz^(#H8Ra3$}od`#bAOpfyQ@bpdZeg;3?e
zuw*8nie?|c<i_A6{oRP=U4KZhTTHL)aqMuZP!&j~#IyI}d_irPG?hX1Vb+h0XuIWK
zcd&3rQb?hr2y*uqZI@rgjf$BZK$iQEpX`wuinByDiX{(Oq^VhxWu>S_89LRG6^@KF
zLCRPe^eH5#CpxB2XMX8f;eZi2W}78;r{S6o6(vv+B@o3}V$_<VO*HMtxUN^!z9MM)
z*`^D07&kZ9{EI(+!^(Sznq5O8+vhdgD&-q3d`eXIBDA8Y4znVYq`6CToFo{>AjAW*
ze6hY7h3}1tHPNh$r3xRSFLn}BJiEs1pkEL}O)#P48K<+<@%wX5+jAC>xp3JzIOh~J
zG}j<>u7T+sOQ9(`^V}}*)N9Y3Kh1^KrrgP=W`pMvYEN~T=V<<y!mfvpIT@~~N_~4n
zwYsK7*#fOs+FIyZlDAyUH<eRDCp6|0KouimEkZ~)V^0B6f_a=KSj4p{!lIKDkuH*w
zX;q9UaTvaq0kDs0!H<cmD-t2LI3fX|6$qx;TE#|vk!0i7a$bgDGc)PCD9P-xO0@4|
zOrWxqrdwIW6gp?9RDkC6-PE_FLR02P#ofB7;-%N_j9r_<Fq_6DvisgbJT4}s5RE&Y
zeZ9@N&&g0xX1nPDX+lSHspOMZ&OzQ)XK2wEXh%qvH!%_{lQ|@223LYGD^lm^@`fVX
z;Pz>~zD9bBAKRnBOHUQ&pcvT+n)euT9mKh|*K3tIi8Dh3h;ww}QEdp;<#Uk#swB~>
zU)0>*-LlX+u}813SkyJ0z*dZxZ(eXyIjl9hZHk51v}@QI>Qa{_-c!4g*>AaT)#boF
z=>sceGz%&wsePEGjv{5o@7gRSE4xIlpr_^=AqP39rYX-Mb6kw%PAg`gB0p7NrXZX-
z!~09SpgFHUXLo;z9nV}C>QctqTmr>Z?87-q_nhwZQti|!R^zF2@j0Q1=OEEfpBKOd
zo;O>bpBp+6s65uTX`#upkx05})F&%{vE&Hexx_}2P#8)1e)KU7eo0XksRPkGR}xIq
zk}RfsCeEf1RS2fIR<RJ$5~i-_vAH;8!=$&8GG)r&4g*s1N!)}VFJ9Sqp_5b~d`{_%
z;)oK7k~C212G<-FmAXR7etMS8Xp6lP{R~J((9)RpTRiWyOcnOJmN@E`^nfW?=1gOw
zqBw%#j>V{#*X#>X>9mABM+29yMb}e|l}<($J(4~*wc>L)6u~qD6oQS*MS)HkmC)hu
zyAyM=V<d)gUlI4Xm9|IjNcuK%@M9oU5e<fqi7cSvh$?s!d`KIT>(v#vFRp1rhb~_b
z)*ZGpx>i_kB3Cyx*DqGMR%x~!UDpw|TcT5fLZ_Ph;{?-M)~JOXo{31m2|{9`z~>}b
z7b2nsTDKx^ONGpa`$0xp05j`@{fcs;FW}b4nWay?Cv@25Zr^iv?dN>WE@8M$(YHT`
z>@Y_=GxwOM2n?qP29w64XIO1>JJTtvqjTxG=RE1=xUEmkqt5%=9e;mK*Kq&STXr9w
zLBTCOY;%@P4{|4>sdGkjX))+rAgJ|@42)fkGmaplnToEckNx~5+1y3MT!I%u(u|lU
zLWG$>m)J}(c4;Rrii;tev05)fjS|vw+{1n8=5DiQ#^(h&^kd?*G>2>j6r~K44G~8h
zUB>!T$RW9-lWbWK%yPkqdvx~VYbTaGCORE0B8B>!1`zvQ-KgjUY|ne|Q@fr0tf8T#
zd^#%{7W`CjtGvPJWUwz%DFKNwvlWv#xii>i*l_{Lb1+6+CNf(OVIK1R=sVRi?`aPT
zjgFwm%LK6{DAD$8jD}fT>KX(iN?=!{(~@!@OeHhZpiu)?vAn+J#aDMMmK7RTyn6iw
z+6K1kXY9?Z6kFkHR;wk~cSg6{vD*c<>n+W;Wp!oLD@WxLB7kZi`+yADUs^h$zH1qB
zq$J0!OBV1J+IK7z@2I19JivTKG+VY@WjtKS4cfCK4iaOhOg86+%}vcbrbq%)E(CMu
zSD)i#J%^%x2?1lOgP1#WyM(nk$KBy`&&8?tI;V@BLxVqgUZSvl`@}DQ{*K*tO;s%r
zb9A~UiX#N0F-rkv9@;LZ9dy3<eHU>=A`VnC<0@g_#MDVFLX9G9e9U6LK;b)SRLqi#
zg8;4-Tuk{$W8*I^k?pDki(rGNT!F!mWNB2O9G7Pz6-Fn8tUZLIA&#6gNFCE$!89)>
zxl_<=5Nmlblf3v!)VuUPe=%=sV`fW<kUKWZv!>Yp-H;chK1RW;pR<f%Ez8Hwh~8Wv
z!qMcbhwKXJqw86J>2+QHyD>l3<-!wWoLiKVR;^IAOX7A<){;CI%#XK0pA@iO3*&}4
zJFf3YC6gM4qN@jF4^DPP<IX9L)K2^4h*-qa2z9kU)uW9Oq@}Yq8OK^Gt~E*(1#1H_
zMASRJ_~t9FudaD<_Zp?5u9W4%vs$jGeU0;;N|aSqvs?w*5a~iXid{apl|YrDIT7~k
zfCR$=eaF;)+L`?!<P5WXZ3M}mUcS*v_lH1;W%CpVCaDdOY1$ZC&vta<fWA3y-g6+H
zOBT9IW+vx$*XL$3pUadxbu4pSyid(WraG>vS<)Om)EqL%xpO^7a65;kH|456#UA`*
zQ`AOwKYirs{R1Y-^>W2#`^?5c?UZgObkQMUff8}CNsv}gPH@>}IPcsv3-z4hoZ_P9
z`2?63Bnx6)sF2<nJUvg7Bk9N%C~Geyd68)p+9;Sgw5RgMUJI07C-zip4>`^Poatz}
zxBPvkE?ZvI%_qy1;=-JFnHFPmi?)*0MF00gzbY0%a$y4QlL;u);k=}(qy^f{hR)Ik
z7^dx6Ws)7w$BXsY&+qsG9(&ge`y@_%f3RNkL}ey5P|vH}Sr$j>F_}JyrPm$>!<Df}
z%$Q&p`S%(7Q6X?T{^QiK?mL~!z$_d&C7?pJT(Ybd_@@m!i?o(VF^Xc|6Gdn(@L~JR
z^5aKt9<Fd!@#giHy#C@1>J$qeYXahuZ=F-$GwPgoh(aBN7$TN6N>0=DU6PHl0x}Qc
z)xN*90a9k@k1_@wKk;3Xo<=xqfO@J(w&E(?ko6|S)<>TEIr@`1?6ZsYCl}I{=N7up
z?V^r#fpca%=islo@ZcqJ?T6=SF8%tF?&n-#m@_*&MXH!`CqMaln?W0Bp0=!aTXgC9
z^5qRb{J2edKcWOlBn1~;w##=!)x=(MWS(78NSdWBqvizJ3c+c_d`$SZxV+nQpfS^?
zGmMjUQ{r+5P&65q74VjfCZ)&Y18NbM<0}SxmZAqrGppWK#Zp*c>3&LN^oZDmk3~<T
ziEN>HKBR(#!^uoClue68$em8=702Dn7$hv6QM5kUX$Wi^QGeaY9<VF=DUsensTwiv
zx~%QtfcT(&l)8K(G7aoIq5F}rxY0znuWU@zNQ^JX5EUNO=<?@*2#usd<}5K71qk`Q
z1`1qipTt;P8f!kzKhmDXC%w<10UJ8%YJtCUbX}xr16@o`3*u|U3D!2WG4i<HaR0R7
z!}FGJqT}YpORB31Z!UGZF%b>QM$591sy9hmyM)uBqM3zQ^hz?2bTrek^F0?wCaR$n
z^AcQX^i-4t1s6Tv7%|8b$~d@cgx)f|SJDo-e$kFQHOwIjd`<y6x7(g#!(Cb+=N!Yi
z4r>lk<Ct;lIj4s?#r9MOcL{y^9C75_JZS2@UUD8Uxn|B9_5v0H#K1Om>~>pJ;qLmH
zpQ1t|#9+kA(3qSDVh#oBGXAZaeYg@on`GY=`_#*V8CWiARiQph%8@Y<G|>B?73@7^
zH)D<2A}^)|JarT??++tU;?SLBUp&prtn68T_Re%Ai#(ra>s`o;>fJ07O|r0l{Mh1p
zT^5|dMAhe|uoMQB!mulo=-4ap?Z~x|Co;W$r_ir$#LgQ#OjPVA+IAztLjnI5xd?Ql
zeq^jeG8qUGj)9);Mix!w_i5H-qb@4HJq3x$1;pntJeOnL^Bx7u#E6oNS|}_XpXb*n
z2c>BohFEktao5l~hx#NbNS}#PIpyZsQM-zEBZSTqI%B(Qd3@T?bOBe@+}z!;AnBB9
zU+oL5rC3`j=F;_prSpTN&R5H9C*#2byH3v9AC+@tG6rwc^`ZTK$o6~%dsmJAMe=QD
zc~iv^bJeLu{SuG6Dd+H0u@zHs+m}RT%ss|)u^CfE^YA&B%y*_{OQ-1gm%@H?$Q9>Y
z($DFN&QadyYNt+hode1gXxl9h_wRY$Zt#nmRyvxnBZhRdxjMmRgj6g<BGQ4Ah-t)!
z#IiE;bO=GZJbxKXd2|#<9#EoM&mQt2>-~Ze%;-uAZPt_w-fxLa5Q^ebhW;i6_YKRf
z?h%A@kesB#P%Kv@1O0|%164sZW`_vNK4STN^>NsO3xmn4=E7&WFiH+c>#cY!X_I0<
zgc?M*QX&NMLNkyW3N<{<amH~A9s8kv<K)@UcO2FeEi?;%ivziix`>h~(RVAB^<$YL
zAF~~fm0>x9xu+l5I%y6~tj)6Xdzs|K-q|3Di7i_r?MH6UDL}*j<dgV`y-JY@BuxlB
zH7ylBiFGAyhALIAZ);YID>mxcJsLhZs$D=gTec4ytchIJ3u^VryUy2C-cdOj1gH6P
zi;}IdO4XA@iZRnZm@%QsxkzPurolZuePWsmP#m!^Ei*YCF^579o1?NZz()31CFL@X
zX)?oS>*vy~r>MSjcJouShjZ++OKgHJrG(FkgE%!Wn`62<HzoHR6gt<cXzDq0=7opH
zKc_>QbFG~F`qSqREI4sS^Z3O3|M-t|k8584?rVOzf5&?FOmH1eg~~gcAjBwGOqoY2
zIW){GmfgEmA~>+(eNtqCMequU8=@RUQgnm)q;pb>NU)wMXEDMk0Z9vtlwFUl4ApJ0
z>nVd`%^gg6Om_W(JSY}PkpY4dvTj2&ER}R1*`-@k7$Gs!d1G35JCaVN%Eqb92>k1N
zo!nhT8Q?iF=?fNFGh-uH?2y|q9VSwH7CFP*#72Ae;x^76@u4_1)V&62KRc>uoMhB@
zq|+ZqPHED2dVNlmB!WwU=fpzJyc%Lbf{gS*HUuAz;yM~N>Hq*B07*naRO9+tN}K`N
zeUi3Yt|1$_WA~z6VVC0?5aGsE_^4nGZ;ord;?2!Vc0BX3+2Td1W2AfD&^)erzJDbA
z{%ck@3o5TT6z|e}C_%tu_&7zVxKeB^C%uX$_*&Rw#)+hvXJil)YczbBOPb|#$DY9|
zIaRjM=p?CMvm{|;OVm?I(zWhvaGv+47PzTgq{GLYbacKj`h0G*`4m%aO1Cq2-ZS-g
z=REdY7xcN_f#<S`F6rv#vgj_E30}(lJ6?o`K;;-(KE8X$hacY&H!ao%-hFsvy=zei
zH>)LHJRiCZZ8W4!H)UB;w21FQq+S@_DWQ#om>EJ+^h;^zt1cv=V93y0%BD!rTaXNy
zF(`NP%@idJ-I0uE5Lu`J*&!iY_DIOT&+ywQGP>+SZ6r=C8l7lE`5O8w?FZ0l-EcjX
zy2X-aD!M-QAf<pRT^{<EuEF&b@sTzNkP{>Qvb!#yR*Abd8)j2()ID|-XXjy7Gmg6$
zYn1v@){_-7>?h-LG(b~isIsu|BGQY3QR(L(>3R$Kv!~CniZ(7R)>E|S7_II{z1to^
zqW1{2u|<+(akH|hDz4O_+Opj`LR7l0##bw<yGXl^#NcS^inVjJvE%9andiqfFK(99
zJ_k*vEY}>5(&L-MG%Lfg>H5h%pcZL@>~*vucZ*hLp_U4n>uEeg<auNqIyl_7Dq|=#
z&!;SNGjs78kdVQ7eo{9w#e}+4+&V>wn8OB}VwD|>IG<v}or0UriA1MTb<gQ}rdV`y
z;jby@@HuemrQPP7`1VW5Ec?e*?x#p>pZNIhCmtUk={&5ZWw&dvE^<{@yu7=`nk~=U
z4LjdKXMJ|Kk_l~=!u6KR6<RCd`H^iCungl#bT|d?wO`P>SQPV#m1J4b6D2L51%k88
zoQs;~N}&|1l9v=yVM&|U>@ybw`}RBeCbzy%>5GfYnvs6Ep2PQwcV0ga(o}Q{A)+i4
zF`LR(oga$443ysV>)6wA<JipNAdW&av?!x_)xc>>B<`_ugB}d{3wfd%Nn^+H7G3{5
z+gt24&(aFL#9Q)!E8^d=@lPQs6eorRU0JWE30g$2sT=Gp8G;r!f^q?li4}7pyK#u1
zj8sU))j);@q5!;9CS0u+;0$XMG#f}9ncJ%?nvJnt8$mrmD>mB=>&=Fz=VvzCTdKOI
z7B_58j1<O~qr)){919D-v1rrsdoN`rrp_m1h`0D3mjFQ-@n(jk*pW|1hMWt_LQDqA
zemP50;9JSppMC1~{W&CnOLxuZcJZecwsVg=HG`VUOPXSW%}K&NmufrLLHiO7(j3_A
zR66cdCv>i$&-s3?IqOtn?kA8PLbnaPfB&ARuq9pzTWPQua86j>ELf}-G+mcjUY2%=
zG2QUaX`1m^M4eDqHCk0DTeM5Db<QRDtP;t_rH&Y5j%mokRCQ@#&an<ogjTGiHsr<2
z_h7_egcI|OMUtVb3u)1dkv8UNi}D<^-j=6yZ6(fAHF<2u!UD9M{Ui`1#a)*Pj#?zd
zG~7?HP0Ww8%$O<>=LupI1{!w}L%OoWW~LxLM3dNa<@>-$HzYD*(Md0eEuBWlMW8CF
zy`yBJ0+%(piwRlN((lM+AU%jC2ZLd8w|+d43bkeP*(5qPltnI)AwzyW^;?p2h9|{^
z*vMd1MqSSw+V@zqG{A{@3n0mm)MaKSBnJf_;A-Q!y1S-P0eQkL7Dy%3*9-2xSmAWZ
z!@D)lxroHrvR*&Z?6$N`OXv)$ERHT^r4T#H=S%Euo_Y(XOqWxW-l8c;=qVinDF-RL
zlSc~tmg7!r=!&sHQxx;y)$*sF#-N^PI)o*Tv}EHm>E{%OIX|0~eFKwD3sW7*6nr)1
zr*`i3&n>Q}I>k9AuX7-^xzOkwE!NyFYfenXB~I<fHW728H%`sw`n!FTDBsVarK%S^
z{PKa#Zb!AMsP7bW9lKo%ZA8+b1TTt@&~=eu#?I*J$UX+7b=0j(_Wn+Ys#M+(jdado
zq1fgKAqHYLR`nWlEPC=%i!l;iqTQ+$4NnGcViIu*20qi9O(CR6fV#LajA*ggu#*%W
z*muzs@p&<hE_D{s2r6K%$NeED`fN-$e^=<W!7yq2#c|M$^!oWMk4X!194l&Mq_4?c
zQCYGiJ3_=!*qvA@jj~5-(9HZQSy8%|50wSTnFSa!Wg9Enth5;RP7E1->O|-?g}~Lp
z5|P1Dhq04^Z5Q&Upy_RUEYZGu#|)!2MjhH9l#QIT3EGD@_xq*nVvwUUs>}{dq>zX?
zk5&$?BJHjvwt`!Ds0H<&YO&z@`i?qWQ}Il-Yq(uh+`YUaSWDA1Y?~cT*RfSc<uv7F
z9TrQ8z1@Q44N{-w)e~33a6!a$?MF)@<6h9Mi6L5~7Coe#!ymOL1m*J~r9(5yL~5{2
zEVD=JnV>q>A$<-@Z4Rt9=lN5M|6IE8)Q<eru6)k?<dp7b&i7Lb_#7|6bI}!3?8QrG
zRdYJ2OEQ)&u~6DCYzgk#-aqj6?K?sYpcPFQu+Xqt)~u=p4u^#fx|rzMW^~peu0vwL
zMOf6105r{xc5Uc3EzV74)Opt)d;kYsNa8|u1B>ndrR}|zB}bAh!J}#hIJ-PpR#kTQ
z%=F62{{NTk!@TS)o0%q6l`PmL?tq!<KA0K-t`pp7*%S$hj0nH(a1c||qlbvtkYNN!
z9K;Ef0tf*VjZp1|wB(30mxAnLmx2QUg{Tytyr@!GP8k{-DR)d6>ZpTZF9Z$1h=2}+
zUL3??_@Y+wvrxp4K`%{xjAj~mW~>=3;|&Unlsw^tTDD#d^verJw1p<<e6*hm8JRvP
z56HEF8jGF?HGikig~dJtu)HS=6+|J&Q&T9bA8di#>>R~>oSecDeT*ra%2I(N30N3i
zw5%Zz1}K8oXmdf0ZC^_HR!p<4riCg+eh@pbrlQ)zBgPf_bqBfu26;i05zZ5s3B3k{
z#{*>VaC^PO)oP2Y!yW>G_k^zN@b&u>?!G@^x4Xi+>*2X(LV46pLj>9NPP)5jv&(eP
ziOqIkY|fmftVvL=$$31T{DcUJx#+uw=AEejX(s2(nwKtg>O#{o6w_Twg^@L<%BK6*
zFX>cHK|)J*^XGQfOJ+-NNlm>p%US{@F6|VS?)uLa!%LsJ#J=c9LJH3@@80@;r;7Iy
z2aikf6@&mC57__x3%>pK2VyU{+VyyR7IZG6?-;Aq4Ysbsqx%AJX~98YP^7di2B(EU
zA|NC5aDYaEa!6F?oNc7ZIE|IyB*(>Obve*yof6a({#;miY(rnqscRv%c@DB7J<+sD
z2~K)M5(J|icmw3sXxE}1MxwPjjo9o&0SRDoDL=*@b_UQ%YBvHk5>uNaW&0bK7kpdP
zRjd9f8?i#Q8BR+XT$46zw9+Bf6<eEWm};Hnc%VdE2Lkq5J@ERL5}qBo(O3bsL4i6o
zJ5^&4I!dg>m8PA3g%tr7MQ>UgR$z#X07dW9hNZJUG}iI{WTq9%8JNn9aglAOHB?Zk
zNCN~wbQUEZ1x^_~G46L)`1J7s9W%cC{yWAmFW7B*+-z6CIN<sF3vM<YuHJRn#tvV;
zf5#XAPab$a;PLA>+&|nW7NIg6x$1_HS$&e}+R-wPnh4_zb2c4a)vck>GxB2^%=Mnk
z5{tD?$)utEm+NL^oS2b<d|0H_v7r=4N_j{>k_!745#*)C=p6O?(js<FOZ1k7{T!5c
zt^>JbFnfvEumrMO66tX1{g(v&y@jo}v~&K^)Y|lvjF9~kzWw?cFOSbqR;<@sc<SI?
z2X-EQy~b{}O}lDMk>1f05EOLaDq3YTM2!wXl1m*l!UYs(V_^rVLqFJR%ZUlZmJuUj
zDY1pE#Zd7@R7m6#q~$8nfGi3k`DP}1tLiMyAZwK<Lnt<tQH4XaMLs>Su28BIR42s9
z%^Ng1jH599s4(6H)VLZ%L~?1qVgqm1*YVxiZM$WLCHlHlA#AI(Z=kC@R}#|$r5Fe?
zxQfamq*}R%1uAPA<Om?J7L6DyLm)Vq6U4EAzhdy2S%;jQv>5;gt;V_bJ>tZffl3k2
zhO2E+x)fR7zK&>$;B`dU`3@Z+MWU=3*YB?J@Y8$rA%YGs`2OV3`z>zn?%-UH{kIo<
zU3XYrJ>dFwl_EAG;GM_jYJ)LEygVHcZUR>7k_150h9mhMYMJO|vH@$&gbHYg97afC
zVB&KpS|jaa*3glZoTRd0$(yg-VN1OltSyAt++SwCNF`Qe!Orz9+Mu`C4!wm2z0{rh
zM;6Uvvx`$qw71yaEQyy`^7>2E_)9FiAMqEwR5+G+)-8>lIC}g5R2*akzW(|JGNhE4
zmzO7u<A{Fcv33rdfxuBPj(~^*QG|<tS593?ki?MV2x3i+*gkbn5&_3a@v0QT+NF7g
z4RUiNxI~589I4W?6)Fsg1V*BttM~+en6o%TlZ8=^gs}6%5Of-=BZ6sxs63{zV(ya8
zqld2?Xp6XxnX+pSe)j51&`gt3itLnN{$)z$hF!&}Rfm$gH?h^6YtPj<Nf@-HjZd9c
zk^^RoJDTKIXE{x*Iig!85LumTB`RF7qLF7;J!*=sYJ%uQ)6~S9*{W(oB+lKac?p&<
z(@g0u`AC2YHSrn8hzggPc5PX#(g3n<j*?xKXGn}#bspWigI{%6Ylp3FvF{n(YJ<)8
z8mn%F;d#LG_W|F(j972ixVpZ^^JCH%U0v_ccPkv8o^W{CV&yw@<kS5@*^R{30L%5F
z>cd?j#!TWM25Bsj5zz_<s}?bIc8f=zFSXqNa%VIyD^15tjn-*I8*h@Jc_umT_PxYT
z=0_H{b36GZ#b?Rf=va5Mgu;C)sdfI|mmDb072mfcvtBAnm)>_NiQ!UQ#;M}GWMi^q
zZgdjbg+ld!r{~}C?fDznJNUul@%Qh*Uhw|@7M&+J9q|18f>B3Xv>Yf1y2uzcRw<@%
zTJ(E?>k{0smw-S3xd`?I=N!}luIDs3*O(S|S9gHfUdF{rboDj}79g3jN{XTu)nZ^8
z)g~|$3*#(%d@+*ot7LL)15p(LqTwIJ*2zJkKEjIw52@=D5P}5-s_H~Tqltf42FoQv
z04|4Pm`a}!5iwG;98)f&T9o^O*AeDi7>3%|!{!jbX)>!CHJh7xP&R-isqj&84A;~p
z!G`C3c0xDCMTN<-Em}2A%AH;mF>xr01I01z5gIZ>cLuJT6B~HaDN*sTD}L`x2%Sgo
z9W)ZOb5QT`G74OD7?iR7w8O)P54gR*hl{{Q7;e*nHDLe!1y@&B&~QK;0uTf4?(PuB
zfT!<I=(`@yF}(Lh4@Fv8kE~klPQ~((xJ_-+B4fywN?FdtCP{!57%ogjGlI&_@kMiF
zn*yqHC!w06Tu76MY4hjOed#Z;;od@DehU?R$>*HQ-nqoUdrO4HIepQoRMb<D*%C*F
zOC8s#0<eTAa4Ew4Qir;fY;uXteGa-?8bvQU;`#Y2Mt#O=?XVdgzK#dLJ8W(qz!czE
zaX37KI{|kL8q+XbR3Y7%Z0$!yjA^k|PJUtBF?2s5N>aCTo^Qlh#FY}w<wVm0CpJ(?
z9(PhBxW&}%oE9CE7#WmikGXl<rGPUV_S+8AYb8jlauX3=gY;Bw@o)ro4l1!yo++dv
zkRvs09z>jDBvQ6er_#t7b2bv27KF?Gl~qh7H0_M4IF*X7rnT2;#i6e0tSHA`G@V9<
zv<{#GIjT*_l`9P7nt6oJ0fWdLo=jjvrdFCslR`rp;i$rhv0|k)*_LwQuE#iPOWSx2
z*U>9pU8Re+N-8EruYwH$oo5W1@|=dK2m%~b5xm3gyKDTH|MfrN&p&;F?j!#A_un8p
z4}aAoJRdL)5iE@T%K>AIa7@_l)`+SY4+DnYCnhFyu|z^sxYK=U?&n5aQL535s#Lt}
zxcQ=FKLe$PWvNB$MO3NWmE{*o|E;KghN)w#XRz2-%}EVQhz)NUfL{u4JGCgCqhg<0
z(3cj1OK}%V0tQbNqDujSmpt>%owG|sf>T6=Q(f0Fz0y+Q@TpD1(k}DdMxwlj0y-%6
zj|1GAado}H{xIUH1H^mueU~&mhGl#1(7O>Dfzd^TpdfZB1v=XCv4WhK|Bfa92+#?`
z2Szj|Rv{)>`mCscBEc1mO^jv7RyGnH8%-=*+GQr=NJz?J%C2A~AE@B?T40b2X#{&j
zou)#{1Tg#5<@rR~U^qYnghIjTbL>Pk!E4U1O*5i6iB=HO=6DGaQfzIwSztqs6VM#)
zSEo%pqeaKbEM@9(z$VCzs8&D+Xn~BJkU2@%t~@ikO4pcn*<#sAutiXcivUfE9u*tc
zIu~(L>QE8s0@X`RXj*I(copHUCuT;~;z&#J7PEtLs^}Hyg2MR(Dfh%!Gtl=6#1Y~G
z+-il7fBrN6^799f0R5)J*Zm%Dy+WWD$QVJ)I1B^eJ(LN4)nVlv9H$MHMlI1K**G{A
zrX=1XHK>xL+5FUQD5n^6Cgo_RYgdZ4PHdo>dY6d|s5U{`0KH7rE?yfNxEkxyFQH7o
z#YgQ@;X1Y0z9pXF(i~+e&HGpp`HzTzFLf4giS@n&;k|`auw+iO<apj<&2))eamh-E
zRDq`v@^z1^s~a4iN9?~p<7M6BB?fc|a2=szhrRdk+`+R$^dW_rje>4Wb~=Fs!f7tz
z*nylkimHGSz`}4QDr8bPu_102VZ_8lV@(>-wDojmeFCGwCKvIfN2-+NMBY=I_f!}w
zCzU2jFq+3!j6$mg<nrv`odbD>ScgZRpfMs^M-^e#M%qLs6xc-Uvy5D!&MbG5dxdJ-
zwWv7-L^v@Lg@)N2B@el^bOPf<QB+ezvj&K=yEdq(^10bR`!b5)<QhSku-=piVHTO8
zrg@pz`xt=(q^SM?1TTq|7wz1}Bk-Fuk_XY0F}L{nZ#n^wY4E#OAc*2+jOa<w_Z_ZR
zYizv7+B1{_SVp+f;dXnAtE+1Z!UHx>FDbuj)#2so8Q)|CIlxl{SirqU-}i9r601+e
z=m|ASg4=Jy*$RkChEbl;<&KKAp~)3#Z9`%y?90ZjA$#^^_xU0i&ump~{2YtNRbp8x
zPYco|vFfqKe@WcIxv1+)RN}V?PnSZ4OZ7MB3}2VB`_2`Bi<IYuMfNS<`_gq-`o3?u
z9&aU7q+`&un~MTJMBLon;pycWcYKfVSBC%kh_z>|w>_8y`|l2G=P@{kD3lV#S>YIF
z^An(k36U~1C^U>viHHP@l!yqhZUins;4lJkqkv<|P)h5&v)O~~>?zHsVn|CgOE&6E
zAiS8ueYBL;Wa_HLe3eR<VVOpXNi?_zq2m-HNRHqf!D))7OI=iA`i+Q%*;bcQGIxdy
z&9K2~RFgU-E#RS@)d0mC4(2#sOjTPLhblA~P<OaI)8>d)IL~W#;a1dMtj2|B^HV4g
z*`nReqfREf_Ljz$?k$%;v!Pn&bv3(wAE<VBnIvC#`daAc+K?Y;VKH*e%qvVFy(A-0
z5Q0RkB;aOqg%9_)*gA*J0EAJ|E1}~az3b8Y4(t@yw^z8izX1^t_Xm9c_8siLAZmbj
z0Za<-JlJ>e-j}Q+Q?J?vq}tmi4>_rpLR4o+Xo^z4wpkvK;#Beks&<ySqs;eSx-M*=
zP1SWpW7$MxUpsC#5wJ*ff60yD)C}X&g1(gUyafI`M|SuT@$R`<*d^HQM|DG&3i5xX
zcrIbRErDAvQPnSXS8t)Npa1)0cS9^#-(A6n4tpAK<!+&Sg?kRT-rnK*-3`R;aX1X<
zfBlAyte`p~j*Q5ui-?*!3O6PyY#aha1Q-JtF^N2FF61=9Qh_XlEGFg^34_Tc%D36a
zd9yqbO=hklz{pyNa8YxtLw&fb6R9>zpJp&@4|pE-J0w`A<CK|0N?>s&e@#AUM1ol4
zkj9R)Au~uzcS0agVrQh->8vHn02<r1m+Co};=G%HyByC!Q{&Lo;pnTuKF^>$E#H}%
zxr~?rEVcQ&<|a|$G_ow8fM(G|c0tII8W}2$Wg!(6fD|D^MC!_nB&Xn#)?*XoSPOk~
z4wB3$^ED0w2+Y_xhn08eddB8zh3khcHk%DdfG`SNze0cA109ucy}tM0E*&JVR@n4C
zqIx{PJYl!lVb!nUU7~wCCOCHaa@x#{i;rD_C7ZmbTn}myPB1f}x&yN0qC%w`s<~bD
z92Wi%(*5P6ZeYqhE9>3VMB1t~0^^)8_8hFXB%fz#H2GUQh$Rc_B^}MB?qmsJVF_jZ
z6pVLCNA;Gu*juRPOV9U@+7P{kzJC^uG;b}p^0@u^6Nay!;dUO+GT`(7@e6QwgLi-W
z6K+4=V)T#LhXKF-?JJ^F1PbWG2#o?71PBB#RFH=#Qj9kv0fC~WktW;F1g$$j)6QHy
zC%Da}SPP0$+@+%vL<xy@oEQgXct1id&DH)UQZXy7P*qKZCCxLS^lPy0Xl)Ve&@7y7
z3@ojS)J#ve1)dEq%L%AlW-wC9U$ljVj2@g_8mMs{k2X7CwHOcU7qlFGDo&(T57a*K
zW79b>rt#o1(O{+5uFW|j+M>m?d?U`W>)_(_K#k$2SP>Pmc?Bq?+O|akIUTkNV_Ir=
zEQ+WpX<@nBcV3{WF(9=pCOGU|4|WV<fO`+O?$SJ`^H|XpKE1!grgL!AC9;jvRA{_|
z?>*eA$9(`c+Z8t3E3DQ%*r$xB{MpROYmu_cJ!@eaiUK07=`B}__}t~R8BVHY)1vK3
zkt!Fc)<E`|1?H>yOL?oovoo6uTt3f!sb*$L*YTEw({tf&m*!fRI<HFvfpeYDIc?IC
zgxDnz<E5F{rB3dgt<pI$?>XxAj~wfg*DkdQD(4#&jHWGPv%N+qk661kFb?3G9UivV
z`0(>P^j9k!&|`c1jP3oe=r%s}4le<+7l;>gH&8@RVCPemc8my-;9S+qBseTDd`4=B
z1odgVDPrt7p(bZ0qN5Sd-XRLWVncU>mx7?M<<u;Im}8>+RyB`3?lm<vcN**n&T|SD
zj0B;8C}SGwE8sOiRLU=HV3eAPizeGBmfdh(bUXX^EY=+WdoOzR8fu}w+RIKBZEY6!
z&_IuFHe<=JKQM|9ple(basd+SZdfsa*0M;K8%<HBe~&~^%kRneR9;&pyRetAL7M2X
za_Xrp&>JbH!F*_j{W)DYi-bp2jFPqsju<ftob&K~5A?vAdQf!u_|qqBuD0;&)b)7B
z=(`Tg4z72guEX7^7~>9`%?{nFOY_8HA}A$=IJ4f^hzZF=wRPgqCSF{NGf1PPvdxQS
z1ykY=G8s9+pthVY%-K~un<a9!&lQVD$<8Op&LlRs%%A6%b|sf)B}?GEB?IzvMPte0
zyM!Hg3Oc$};La7CrEcF#W@P7z(_6BPPO<7vb!exG;gX{Dmg7FF1p^Wr4g_!ykpXhG
z#cI1l|I4qqUUyh?kNbCbDa+@;Sn(FOn|HufghavjKfZ%q@|0taKrdL`Y~j``ynJSi
zk1r5qM0N<ApezTMcH|j*aL(-ZBUne%5CJ23ATl^cD_}XH(_9EN{gRwD!+CK{FosAC
zW5~s5%nzkjNg>%dE4b7RX(U7%AvzYL*V5^!7RP~L@8F8zrLp}~D!Waq#wnlkkebOt
zRA5vMRo)|ana@EAHRon+Tn+TdOl2Nlp1=9p{`5lG-%d-XG&V)K9kgdY2{-g?w)2<^
z$VjOmG20w1N7mc$JiAhefu2H*&CZN97g4jBjuoUi<(tr2@FZOqQKB^u4*0%O^fw;c
zewF5U-a4ceK{a60ZE^FbcUa$UvDx%kJBJlHXxF7{<p{kxtagM^330UoI}hi&6vbh4
zv_fD|vsV(^bVM!Pi?A`=#GXGZXi^$2DslFS_(BC1%^to~Hj!0>#Ae_MvbmzxSd!%N
z%b*Ffu5Mbud|ViN3BG%aq3N;3>YQu#lI~#%w04Q*w=|IO()(T#;x6f)=8N;W=<v5f
zh?kgpOU~sIG4N8N#5wAHxklL(hB`0{x`!P!9I&EaaQASB7zmq>_lN@E_a|KO7yRSH
zCv<lVcF%bH^;g9G9{c!`^g6+V$z!$JAo_qkC03CrA%--(7m5%EbnM}RPud=SK_HI+
zh6o`<U}S)Nf|CvifC>Ueh_hu^IoTFvcp@h7NF}kKTv6vlgmNAX<L4Z8qzLAs?c#{2
z0Wkyw2u1*%4TQ&;IzB6mqB&Q01bE51m}K3fX119_`EnN&8}b2R>P#@$!W>NNloDA}
zfz86$7P8C5!8eP0cJTIQ`7>m~K(bfE0AMgYCzI^ViO^`uM)Jt4MI@iRwA)U!kkKL$
zNVUwCQZcHGuTYp?WbW)TJ8o*Yah25208p=Ngt#I6vk6dPI<G|UPabnU5jrSVU5CE&
zPznfP0I`E3huhmb+<&^m`g(=+YK=|bVdWjb4p9_Q1ThM9v%{JR-gj`G0b=xQBHYL(
za7%6@#HquMAOvUMtTittnbR-QJ)&A2-&MdyQ~;7UUa`8e%@|A7ndLp5*d~k3DA?O`
zmqPnYM`v9l0T2$$Xy0$4E}vWQmUJ}7j5*KEFwTi=&n@0dG)8X;)w@IpS$clYeV4a*
z;a!3+mqK!voW_q8<V#T+=d@PSpE05+tpFOa-EQ#V-8(#gd%@ZR{na(r-3E_e|3JSL
z++N=RG2qMp_=@K*FYsXx2@c8$Cegt{yvY{UNXaSOCayjTJOq%KW<Sh`$_UDEA;QPB
z;~phoP)V--!cb=nBITrOLh_Q6Ch8fQoF6<X4#*A+YBP>1@XTrtFF80bB0w=f5VD1f
zR@dx|MP=uM>?Gmsb!iqQH4aa!GD(?}O8@{M07*naRHPl;(@aMcnguxTVsma&S4Sli
zz0!Q9qDSUR1&*{ouNxY1i<3>YKs8c5y9c;3Ypb8&OF>TOV4T5fs8ZVU-oE+hu{kF+
zgBXuEEn<GyZ8SSK#oLRZXU2{_cI>fTcj(tE43V%>kBwV{$>aY11MW9hxZ7S~)%EDS
zhjR{KPBMsu3#WqX(!aSZfHk^YboDt();?10qo^@ARqMP>0+2l#ToXN_km7}xT;!=`
zfj6}6?C;Q$MF>u9=GfR~36(3FeDBzh0R<p&>eO(Kx_yfByyWke__Cebu`hxDmY9Z~
zgPJZCnx#6OC9&vB7<5ZDPUk4&OOtRf5mn9=@^kvKbDM<AP-K43gk6zafo|?``{{sH
z_Zhx(;8lk>2<W!Q)$KiQR=1!4{PwSZ#qYoTJ3bE%+C{*nqBOijjC(>Hlh+qmKoS9U
z$x21j0697bVSze^jJ7*=7B(gk&e(ZL<>>$}GFA{LJcAVw(c<OhRhwXftmn`pmNVJx
zGvRWnuuad~zFADYqKN>Q5()&<fVnmXVm`|W_G>&*M5KYRB9f<E*Sw!c8`+MDKV2?B
zvH7gLuJxFTO6S=^S|G&w*)r?KxXdM{vnz*c!!(@>RfmSTcU^n@=ZsX((SBN1TM0iT
zzz4!AI(TAiwmsI{4(nBiP8_z^SNQnT2i#m;Vdayij@g;G+a+<eq`9K1By9k4K#ji|
z*vKYS?vdP)k!2N$kv~B79%57hEa_Bp6*KdZrrv_m_KnRAqD`<?c6!J@h(Zm8g{CKs
zkZp+a2MM5jJ~8%ETIeMj^IMWb+n;$0W%|;>xI_zeX<<Isy_~b}SrVslO1OKhtGpDm
zu>|h?|C^eADN**4KI-*3vlqJ#aM$SH2lT5Bv|0n|q2U=G9(Pw;Ty1vf0Q|#WKH-1-
zw+;U7={r<MxSd1qHrRg~K!d;y4n7ciL4rac5GDjq5Ej4@lo^37?t6@ey+tq*qs^PG
zP&5)io*U$)NGL^NP(eks7@THkEW3$I){1C_-6WfrQnDYCS&_*wn76_(pX0=4VU4pn
zj?NbUU=Uiw`Bc=lsL_!^H(PVcG12T;@_%kt#O6hz*b%j~;)Wm*XGM#ORnfdt(=x}1
z#b0h}b%Z0tjB}(0I?*9juMV2PeuEN10Ax((+pSmFTy1c@yTT4@?B3nu?)@G5zE7Ge
zPKC?arc5aXHmV4iT=AF7OhuTLQVqSMl6NGQqMISaI+s%;KIp`8L0b>RB6QUw{i4m7
z$V!&h4qU0#t5KCBv@FX!UouN8lA=SJ%=OOdf8I*pUP4Y-x_iD9+;<7KT3UcEkrpm_
z(Je_}y+orvHdlI!cid8a&|A99B~a=TD*2^g!Q<D+L9qc{G1RT0T@wEB0oX>5-R2to
zW(_97ho3&;=JpEf&tD)hpra0(O^=QpUcLfRUeFtkFi=fC6-mzCjtBFBa|sIL2pZD^
z6iwL2lFE;me$)}*H5Mg%&O*vG+ES{t@pw}zP7YiF%CgWzn}OhH=P>Oy+)Vd_rU+Pw
z?xaBY2KG`M>msJG6}=kX+rm04IH4&Tb7o!J1#weU+roHkhSkD?u6b=cze$!v+R!G{
zeA6n)q%G7yE8x{h;XYT0^a2e$JDg|p)*?KmL{Qnw2>&$TK|HqW4K}+qdh)oxzs23|
z%8HN!vzY;F<-4Vg43}6AkP#=$VZ_EcnbSF0)3f`07U&{FpiK$R&{=*g#hyKu{Jd&8
z7H;}_h1jM{jpE+Sqo~RnTHZJ{v#d-I6bO9&kOGffjH7y+Rm>9h+$Gb^b57k$hxC`A
zvmX(gE{Qz<Q3KL*@Z~B0xgRMumteee$F<ZI{?zB4yGE}IlaX>AfUQf@|1hHOI&5#R
z;2&;4?BPMU`S1bP5ASgG@4q2FAF!egcB?gl8xXojI3LmT8i*coI6x%1EvOD4NzE8V
zi_=yh1_Gi_Ga(+JtZ+^c)uo@!=SqUXXW3CYF_NMgX_lyO%0zITP_>nSUJ?^53qz%W
z_1sMJ5-!Yb=Fk(p(#%ZfL-T?pXF7)Vz1w1_ueycTM1VOt04KVY(nU4V7CBa9m=!5E
zDHM&{bkj{uT*Xo6AaVA6jxh$0G3<`bms&Zk02rE-USWZ7#5e@RLE*&%L%`;GgPV1-
z5$edpvrDe-l$ejm3^`5yjKT^?GzOcIayZFdi_o{BC+1uta|5j81WLpZ%|oT;0@iK`
zP!eQY@S<JInIn{g9h;y_Z7fxd?MN1ADb0*6`(>zBRKO#XJWbI|lab@{Inol}wWa=P
zmlpZAyx%!f(xrZRm)M4H$tgP5-TjDQ_|kcQYjEMEV8TnC&!x{=Vn=n}ErV0Vu&GDC
z?f|}qZq|Tf5CYb>ci7#%$HxB)9`OW?K*t?o91v*)?;Nfl-a|%#{Od2!AwZ)Q7y@D^
zN#!23F+5H0O`7wQ(jp<|<e;P&64y9AjK!+I!W7lLO(p;zW%qB*NkA#W+d^#1BEd(x
zAf9y)^Ui6$xMMa;a<jkZnU?5SN8o0iPFs-XY`ga7dG<4O0v<e-L8M01kah=8HI>#i
zb0pE%^B*lnutk-1G^YIAp9!zUvgLSNsEJzoyTXeCGy)t!kuW?C`2O_~yVV+ZH@CRI
zxy8EgQf5@KST`1=F$JC30x{)KJ#DOatRyJCI%uV86_k!w%4=9_=Uz4%SrBcm9eHy^
znpt|&yr=9<H#wVRP_}T9!<G))G*L=wy1ja?yoCXqEq+_^`Ax={Z<*bk+I=rISv@9T
zJy#&#x}Yzy;W@`FTiT^9wfi|&crIloy~W1o(mDSTL*2J#U|lZob#JO9plye4+X1eJ
zItBF%S}|_k-QjAz!58ju*ay5k4;V%PB4M+=!tFo)jLtE<Dt`avcRW82=I5q>kHznY
zMBxifTH!>JIVWZ78k+-|28hYo0%8v@*#j%>FgJPNW$!PdCclSjo=}(bWQ=7tFC;XB
zw2sYx_y{cL&dfkCgV*@T&-P6bo4>{#nE}y>U+uBG1~RK8iZ=hX>9BOV;A<1Bo&~--
zf#&p8_c-+ntR31V*seW}SKD^2kYPSAog}KdBLT+%iUFH`g-&~57_eEbasTiE_wVkp
zyV{`h+&Fm{Jv}koi)pM=2AGSZMHwWOFRhhKQ6@{daI0A<s-+$`_a$soL<ER5PU!U-
zINM}R9l%kHfdw^bR<l#MW<NbamHO$VP0o}buT&ziY-cyG{g>gnC5!A5i0ZBI;3dMq
zl0veydpXxBUFs;7&X+FDlrD8EOGydmNDZgx`fn|w=id7**W&bl$-_-Lg74NKUW0T@
zDYJ<9^z%pDUti((uE*hJ#N*>WJ(S|H<_$is?s5C+4%gci{`-IZKk@nBenT801`U%)
z0<VCIMH~o0#eg=B7UD-BiiohZOHF}$ff!MxL`S39mFK0>y~@($;*UV(i6kq0rX^9C
z6bL;*vF6DWJS{ZG2J`cdKxVXPYC53)2&sWibW+@qEXLVf3Mb}Ob)C{zU12U>(sYMy
z{JJy+iKx0t<k*WTd`V3V#c{~+*s=O1YGDpFmLk;@&1^>$1E4{1eZR%c!x~q+6+V7^
zhllqcaCLKy&2|mvJc#VfHO-dGO}A;#%Alt?@j1dFk6|K`m!me*vYhf7?7oxilAt*w
zt2%a<&P6cua>pcT7dZ&f%x`&8#-!kXq?J)o+{Jb3Z0Jk1$}b?Xq^$hK=pqYiY0SjZ
zWYtSh(4~agB}}+E^K8kSYiV&^!Yn&AAG_q5a0#|NbuQ0!Y?r#;Q-bAl8l<Jg>5>5X
zv{e%U+?ln{2EZD?0pI|)?(yzVAMokZ2mI~tzu<X{I1CZWfO-Y3fUBz={^93;z`OT1
zxTOyN)BiWf|NIT#o)s^#K5*m#jR6#s>-FG#qTm`_r%H%EErI=*+{Kf_wvBxyIX#1-
zVfK|tH!_NuClyjd+8^h+iRPT8LYAPCgIejh$EnJg6^piW$T}uJ>u|IoJj@G)%pk%k
z1CPovbj^+$M>>+0B{w#IpT)Cuh8R&6Xsz}_G%HqZamoe3&{unX+K)%HM2O>s5wpoU
z16aEhmmVTvKq94J5{B16r&Ko<Lv(l^7^4bSyA^)=`Oo;LfBw(7`*4rl)fRo<fw;<v
zCovd}#RfGdxY;MKY;7pta^||w%+r(-%aAN&Pbr}cHBQ3VdFJw+gZo}j5*rDFP9+D$
zX+*O<lNPi=Q3-U~-f^1T_BrMaP#zjnemLswrcK9mDGL0pnwxV}=W{~SrLf>7$mr5M
z>>L!egjT&|X0xQbI@e`ga${eT_PS(dwWJ8YHG<^S=Pq#wA?o0%gJ+|~Dxk!mu1D8h
zV|UGXcz=tV+by2<1IEL5j4@zb4WPb5=oIhn@9}ZpWA~2$kHD8Nit+m|IK;fuOP<$4
z0%jm)7jj{6=pdBBC4_v+pfNAI$T=OBCW}+?3e(E6EAWhA864T7x^4cX8SXQ<h5;{B
zGJUGn#Kf@8FFL|f!x7l5U68vOVM342pvVfDP6*CjE+F=1gH9p4ZdO#d>6+T2N=?Dc
zl=hao9!|`lFk=Do>|BtxMN}u<*fHV<j&wc%&=I49B$xR1J!$&$oEK(JYidx!poFKx
zfNrzFKm7B5!QJ}@Y<Fw;&VzEEQF{bb3w_R%qGl7K6LE88!Kv!>yK1GRXJSY+|HE3?
zsdP4yKf$6b(lbc2v)1?|>Xc?bg@J1qR(%DVqqa6P=Gc~^G0v<F)EtY7+g~1rUmAWd
zH6*<x-aI!9KUWA(btjjK&k|wm5}ngq1NxQ_DK62yFLf+G;;e8E{ySInF3tbWvF)bs
zRgwQTP>sj~v<CIpaO!aX@eU8~Zt?WA$00l;4u`a8bPVYP{;tRM?h5+h8sXgy{`%K1
z`26?Z;UwE`szpu^#HmG&6Vwq#m-3Q=1|WK%c)P{qN-cF^$oBe)T~~L^P-(`!EnKEx
z#1s~oXG>soc`jwkMQjG!{={5}XC2DC^NF)LPg@w=taC`6Q=&3Mr%~ZKUVzO&Q>_B1
z&WQ!n*^6%qh&xg&^+fS>vtxx704_x2*Q`06QQhZVBp+e_;RvfvZ3hr3d;C@UK23ex
zllwLVUR_GG6~g`?P+nnolia#{=irFVFm}42PbWAEH5~vE!x0e52#Jb+U0V<{u|}J;
zVrzj4<4!5Lzo(*Cw;83p<atp88&1smk^K$rST!FvH#4g_2T_~ex*QUG`YUH0QuZrq
zx+S_i@V->6F715ZG6P!Dv7G9(-g-Q5P02k4GromZy+mw!j-YYwcuzrZmk1C`3-Gz3
zc4^*qX})#*IB5cF0Lj-&w*sO8AAbH5KK{$U<N50zhcKipqr(9m9Q1I&Fuq{@aD(;T
z1_66)K5U^k0QM1xDV9Q6lCv?{>Jx0o>J>o=AtYi1g8&y&+G*KerYT5*P(m6c17H!0
zY$&#qB|K0}RGSx%m7<wHrOzITO6+-I<ei{t>k-x*H^pfV^98&PrE_Lz>Wz|~Vg77?
zq}phQ8YIWrv2g>>i9uyK{-DRyU7<rOT1}nc;Rqd@iko&jRIkL3cml=@m|7R9>6Bo_
zQE*%=+iIvrQS)O<P6;bGqx8q7fHmB*9QVKqrHBv@cz*td=che1s#*Btd|=CZRkpbH
zIv-LcM6oqR)LgQSDv()nT8jv2k^yTI!bhfZYvl=|TH@?;oJZo4Yl#`pcXfv1ih{{5
zc#gPGsWg3UJnbjYV-37Yh(lvl<VjmY_oh=KOcMW=vbWAHAeTCWON-EwIEzc&#3kd`
zAI<k!O2l|exZo1^^>g#Rx3Kr#^52pIc?pVKa{iX;yJjaiG40gj`p=*6&;Q&10yzi{
zh!`Zzf}A?g;~x88|A71X0oOOz_{|0QT@Tvz=;RqR3P?1$lUnq*ilhZW@{U^2IatV8
zT0X^?MoMThQPV>njT)To_9ep=L>6#oj^PAEI6#5E_}pcBtt85?=4gr36%0)*cS~M4
zHV0{46Btv?5YIZ0LJw|6)okA*cN~sd54Z~J#5S@Wtp#j48a@J*wM9{9g_b78h$apL
zDFn}cHoMtO1po7CNKVG3#(%DYR`Cc7m<y&irvy(5-*?z<dOW?nAPkHU)0yZ1bV}$o
znVY7_20^D0-C@Af-+#y7|N0w#{>#r;_bU*4Fnfq=@`3Cc7cnm(vFmIO=C#pX<uoR(
zU2`;d^ITXccj?9Dq4u~WtvI2!S*4_CEr1FtmRLo$kcV{If`|r|W-OC!Gb37As9eWF
z)-k6fmfSq6(qcx{QWxhX#cIhSb}2D-2^(;Nf70|(xFkfq<Th{)a$MRaoU&88M6|d>
zi(gs@E<u3j3el1Xj<<H$Z<*&+_@D#&HQdz-cR#(u&rkmeqYQ}qN4#`9(5eR<@UOr8
z757hn#@%23gx$M$cz=6~YwqwIR~Rv1pa>T|SOBkrl?uQSgGgFzv(Pn@4x(j76k3w?
z16r9&)Br<{%n2f=+-U@>qEkX=G;i1f5;Hy4p3js@K^Bny+Jc9Uu*6*Rd+W5ocnz!h
z=FgE+%4{bFsh~P)*TR~GkW&-X3>9U%ctGPM(9CxjucOcB^DjnnTaQqvXdyjJguvBW
zt;tHNP7U)J5xpALA15}rrmI}{3h#ieI&81D@I9eN#Me0BMHJCyJ)P_Du)2dF;t-$H
z%#%Fyh4A@rkNDsJ>;HrIAOD2i+QB=9W3o9C;7QUZK$C5dWcMD*P6@UJAfC=+vgMS)
ze-N?FQL?f^4woc>I)yWL`IfXtC1p5C7)tk~uc5X=SD*;e<mye0uN{@CV=6{sg(%PS
z(jgJlij^<Va~4)ny#+2oZ|Bte$Ka|<i{@K)_)A5t)9=xY-86s3Wh(R~<Jn8G5N{E)
zo{P%3)LEUI(=A~$zBLa1(t9t3T`v{nrG+wM>xvx+J$UsUyN6rc4I|!v|BTPS{R+Vr
zH}BsexDo0VPk;Lz-yh!L`uZ9_eY(fZ&g0k59W(|bG^A-T34?{<RZ75J9xz8`#2DdC
zv`JHJsl-2%8apf>D@(!ug9u#1R1;%A5v7=k1E(&^<%ifhs!S!96NCjiLJ5y&sNg*N
zod6t~n2C|nLYHGCPR$E)H`qFgcSfU+O&25$dEpgxdd6<!^4+H}WXrs3Y2T{HHATk?
zcUv6WVm6PVP-3{QgZBWb!*1Q<YUj}rFuX*_7!fo<oU7j9_Tv_aBMwg^9BskW144Kj
z_W1o@e#5`~zyF4hAFr_8?XX6lB2}0ZTuE9IRkLkE8`-5a{gT><RhcSThAj10vi?m|
zkrJ_p3aw2H6=w%BVvd51d97fx7fMiDnZc>1c#6g{$Xfpbqh|e`HcY`}I%_?bmVmyg
z_WP7^&{F-$TUd4HsJ}}G{>v7Btu>dX^52%)er&P6RH%MrX0n7laLWDS+)U>ZEO@Nz
zd+QwV)OTMxV_QngKR5fk1W!`#1-ccwt1TY>@_?t`?(x%~egd$@?fZAo74W!!LVSsM
z`tpK@j~{S<bAzkv9-ay8$g*@4%#?~wK5wcZ5fG&u7>Piqj82lwT$l@0n+r)hhnX>m
zxOr6b%Hm2=Yu=7(4kTAWXK@C3mst#4bvm3sXAT;Vu<GKh0Of9`bzJaTz0cH!`FSo>
zz2&5Mk`<zfPU+tX=1PTQE<oiYB!)Q|qqR1YBgG1O+8)Urfib5dS(?o~rk|IO$*~9g
z7UF@mSKQuR;eN9N#?ScfM+A-_jc{OiBJ^92yY&@DM_^uq{RZFn1A>fr`TPxk`<H*m
z-~RIle0X?=-FgG|4kSk1Ms+hUDNPEnuw945z$8txP80}Iz^s!DBalIOcK(z8NQ%pa
zlzY2gH$|-R6Ipz0Ctg__(^@KpP;;cbRzgNe>!s}PXwPiR2DCz#3X%rv8d8UJiCwnT
zukJrG>v?M-Iz3lG!x(IuO*(dK(wmF$k}hs3MSiIh!a38`rJIE%;@G#$r{0paw6sfG
zqH8*S{tY_ochIe%BjD!U1AhMJka`Tqkj|kSJce<P{g+4VX$Mx|`sNya{|$o>927b-
zBv@Ju5rP+tDhQ@Q0!c#YY*-&iF=~pP$W+=4g9MW#rQ8{|*nn(iLn)|CP0daTsu^v@
z>orAvI}i?5%EA$QoMS_IoahpcG1;UkRD#wmyMeW|25AhF0#{?ZOI$dnIwOzQjuEZV
zsvIdwp(&g)>t_7yxT%=~>4eQk_8G5Xxz^Zrz9R6X=n=ZUL%&*souca%{br5LdW}uL
zMaTPO%qz*1C=$?LZSd2lKjWD@9706D-N8K{@cr8};^7(J{`ic~fB%B-e|g5u^)*&q
z=3q<dit2flS??&e_}9EBhJq-<<*vhuN20-VnTNV;wklQ_Y-6rsQSzEXBC{0}iGU@$
zVF(bj6NHx6XtpB}ZMdXjx^M+Gj<4Bkk6^Y&Ah-Z{3u8wG33E|e&X~FkmHpV_yEI_$
zd`w3BbD0lcA-s0zIf>SNg9XmHE^i4%{#+{TCDOoKNf4I=vTr4+oGZTPNFYmyA*Un(
z$6(K+g}>_n*@DIq_dk8Y&D{+Y0mFX4I4}<53!e6$K_nRC6M%@_W{vfx$38eXVF+S^
zBve3-ATA}xf(W7>5elafN`gaYnjuLKe1o(Uy^do^ap?dg=9!nINOiLcVyg7n5@#V(
zfoqOih~{dIBM{axQUgvDqPZVlYhF5W-d0Rlec4HTJu7DOIgr>kI~Fh~{r#$$XN4J?
zZSDpUaom1rXb2kIxGuyQqj3IRTB<is&SBL8N$HeQMEGvK#)l8La3qjJM2|IGPk>Le
zz!8MVjFmX_++nxd;NjB;I8nssXY3yC@xTtBfB6I7e?I_YfW8cP{QMoyx3^e(2kl%U
z`cw6qYpEGU8!B}c<5X&lxOLNsy_cQ~hm`M^*SGAHAohMrskpJQk>ISTm}G%OL4goi
zjksg1IyMJ!>)OmN6-4RTaheizqj~Z*3RjC;v3tq7eqWd|rpm3tSWKX-rEI5jSwKI+
z@LDniKfmze6;Lsq9W^7gS9{3wzG|mnueWwAOQ_p#^`~3X(JqN`ubKnBI5#^7$sU^t
zE$y~XIcr>`pu<7E1FbuBpWdZ8g+y$|0Wu20u*dcH4GzN|<bj);HLi9WtTtP?{S%z9
z<$7n;djxCReL9PjAP~R;(QHy23rvyyy_5)|&iw0;2GNDKYuLJdMsaV`Dx?)DV2CXg
z8FMFFsC80M=DHm{vgqoO-(L^>r!Ef1q9^iu9tzc&GT*EG+lcHnSAz-I<{UgJbf@(}
zb3KxrpsLRU4}mtioL({K2&bLK+XChQbWFJ4t?=jj8-(G2=P+W^t<bF%>{BP6W@HYX
zc35GBRky|U-F-T5U%ue|`**m%yT<j+27l|nLNvk=15vSme8I5l!01y_Y-+uY^;X@u
z2?1bR!wf<ePEizz=wkOx{=SmMuNIl243XN&P80W1K3K?*9TaR<^uhRtB~C?iWJNTl
zX{P?CE)ANpm>6~EuMO2jl_0{UmsJ&b*vC+Ap{&oNW-`0P&3ftlXDRfx)PiP7cpfnA
zd{j>rA*r2{JvOgQG0rTmOW1jrW-xD=KfTrYVM)h1{r_n($_%e_h3GBR`K2bgOS|+I
znoXk_2e=;CY}2@u7|;lk5v+T3VF$mx!sh8S<nV;y_7>Oo57_O#;M?ODjDaz*8Y~f#
zd!8AoDmC{7C)zBDR^cINA_F918z|f0-Ar0b$X@}+@_m`$yo9l*_Z>+f1UR9I0-kU@
z<rOF9G;(6dPe)!)M@R;9+ITyQYV(Htkped<j*1%bZi{}KiR4anM03IGoP<C}3d*rU
zMH8q|XWf~;g7vn(!^f)|yxVN?JsdE4LbrD4w*=oYRz~wy0X#e$dU&_NcDF<CQqu6p
zcei-=(;Zf8#kdFJA!6HYaJ5;15fH}+aVc?FIs3k8lkRGpnj}cdjS`d+%*MjWBax&~
z^Qk6LBv@HZ5G!>Sl$mfPN}>=K6dYaAg+XSPMwS=P1~s$7GQv!kC1%*#xS(f3jwm6D
z6kZ0Az=HxBvP_DL&b$a+t{3`IEz1%Y>m?o8Y2t)VbR6xYk;T6yLbuhjXtj-0okD+0
z{N$#P;Jl~-)xI4k;l>})2rVgE=jL0l3#}gAm@ExjTuKRFdQMNz-)5ax32*U$y8_f)
z+b96e04X0qzDL(N#NP@1_66Jf8{FJp<BvajjDv@eVw4f$1d#**5#l*<p)+h^V!%id
zMc0=tVAxq6PSUOjq@-#_F-HN*M|uSpnUgrv>!Q-qw<BIVYx9Xt2uHe~{9bcAo>MO3
zEoorxk}!AjRveGC$e$mY&xteEpF48win-})rH90(o0&tDQ_4bn4(i6Cg;u4R8wnJi
z2)oS|yX|#ybXP*xIZFgiriA3Fbiu?CZ~?tztR2H|H&_es>HYx^@2;?Rg7Di2P>=f$
z54gVBV7qf55`-84c8T5AT#?*is<<3TRKoTmg|u0*lm@4QXkmHIb~&OoF4B_opd=|Z
zwm6jwRPFn4Og|^ooX1KAtI4wIJ)II*vNe#DDD&h%)Wr6QTEVl#TCMA(*Q}Gs{6Ni*
z1~)n#oxyjfXD!EWU7d;4PUYg9n;)G2oT-IOJ+>BltClM@`7kY5WQyU;eVhgmr#B+d
ziDGl%^GihV+;=$-_4w7#pPJKL@(VmiMw!}uv>sejeO5k>dMx!1g{4?DF*?0HUR~$o
zNyMiM%@k0o9qnaO$aM3h&F8za-=>K*a!dwxokFj-Pz_i;J>vaO@9^;PH~j7IJ@$tV
zjzcj$RW_!OBv%uWPzMq*jO73TAOJ~3K~(q5U^qm}OUe(gXmXDLGVI3?4TvI>b1rQ$
zZWh>R3tXX#>uVbxk9pie{hjeT%G}QucSenr2$P>JThrIZt%OOAjy4uXEtJ+W*<ACy
z=9mH-Eldh6H?ZJbQ#Ava8b^c*yU7uj9OG01uFmN3Iw4TxpIbYRo9k;(-{En;$0!OW
zhq#Y;{$oIViEuvA&{R@)&~=RU3UCy$?mVvFy~q29ceuIo=qVulDWKoo;Qi0{*j=x&
z?#ZCdn37+at0qY6H&jU??X2fPhSxZG;5z{zoMhTr=axwk+NRJFG)f_Qmd-z~xq?EN
zD0Zlg&tm>LRk6$^>yTozo=CG5QBAWZZQ#PD7=jd@AZ37+T#2iVdFyF6S%@vEB-x~6
z(v3_PW;!yDp|c&*rS2&2F6%$$!V+w0aFf<B_pC+XQ5H$5ba1r4TicqpB8j4_ZW2F5
zrC@8(U=YpNNYqgACq*h3Ms2JN^Eu%ed#+ic&Olk`lV)eLz-;0YLu$8)q0WQY8zje7
zIbAxr?CmC*w$pUrR5cPhRkNs8IE3)JSkH_2>!LWFVZHvIuYI*@XAeMqndZ=h*~0+k
zU8aB>;5RF5?r-s@fBFaf`TzPA|NZ~&@%Y?>_anHohe#Y$85$xS0=g6fnk-=ejN)ye
zD-~iPJ8ztP!eUHVd}v~}18O#nvvW0)krkARlQx&RQVKY8B`$lq@KXXPUj^O`nCA_>
zCN$*RrFz6EHuf03v^G0hV+>jXK|CQFncEg+ig@ml22>lLHeNkuLWI7KxsW3SjXAtH
z=g;~h`l8r$Mz3k}DG%#vyT;x7TXa_*`~5RwjL=c=GCtyw0)`+^jDQye6?k&!HVo$n
z5C+`ce8lZ-a`oP<6`le8r!_V=x46Drp<8ue$Hi7Br48o=z3Jc-aAJ3l#uRa{R-mjS
ziqgz`C~2oEX^pBBK@`gNOqCK)O?$IKrb93ZL%M=uaV%-0ZgWz^WY(Jf3$xXh7&RR+
z6|U0f89UH?0COSq3bFYS*JQv39iE%3zU~BcvKuDS*&^D`YqWXYGP1+#MXA|EQw0tb
z!MN>Q&pn(iK(Pt*qT+6zptx9yT3)=>)OU3j(Wa)<hray3#!7mn%&jLVxdx+_nPO6#
z_hD53z_z190~cPVLQnplvJkDA1!4r^0lI%ee0)aO$D}*it<YWVK&ur%n|jVP#e~za
zhe`nA2#o=VY|I=2d!H;pgp%<iF|_Z1)e7Xh<iK5SLQ7Q5$4bqhlbT)ctXRD+TskZ8
z)7O>8_|*oeg*lw5EbV)W!efPZ4?p3jt1a&P9$&@dK!9@uihzz0h^D1+0*!X}iA$Rv
zXU`JyTc#nuWUC)dx{wILXqP2GF%+?&EyPrv4m@DP|0*ElCdiMhFjX_1X+(JLT6jj~
zW=!pYs5$phv(~7(A!I#F%o{JAYJ=w8&|K@JvpLWBN_&(R(Kt_lZRqW7XX6^0xXd6-
z93gMS89dioD78=bocQ5E=pAEwyTkSU4!#=^UPd^_kQgxx5s?XdRea}w*b%${%np9l
z!*?BA-(mM~jk||ytk)}e=g@UKbSuSXyTfX=fd{9AR%&`kNx$b<2xu+hg{l$Lw+ToD
z0<jqu5myokr5F>X2quCM8^f(ME;eUUIEf&07%#=jND*YrJr*Dsj-3CFB$oHE1AvMZ
zJx#exP%3k=Le9^6C`$LTr?N0)GD9wvMs`T7^tu#NyW@yQx+gTRrG`#TO;Nh+P%!NP
z=ABozM$b8&F)>f_dlZ;tI;zzoQfx70Ew&c<iccMd>U&HZ9#@$!G*vI81vPgGT%|E3
zd!#9CI#cvDkm9sR)5W3$<j=61m0EP)^k%~g^y>?Tug`dXj*u9z+IZmp1^wL)xQb~7
zlnA_xkk8N9fB%MY9HBv>K_MeSV%mMVE{RAL43U`5<;tVqt+2XT!C$R`^$uX4_L{kX
zP_!Ge0aLX8Keb*a$|t(@y3b9;M(S*iso4xr^SO3SY3fy=B%r8R^;h`Q-2?7c8*D&$
z78G2ZNzvs6f*2hq_vJ$(NtJ-IOqDHh*=CKRQaf<A!bHu0zXf%(@oEoFoe`y>a%h-&
zF+b2slZCZ~=L%*(wZqaGG}d-Yl4IAK*A8u`p=k1L>g=f&CNd|BS|H>EC4D~U%0<pK
zMRZy?>e0I+h4)y7k(<GrdZJLykB>`~Jka|NSMRRT?|MjhNgGsF1R6lB*y##E39h5$
zVaFbh6}P($ZZ@~L-d*APc7yHB8eP}H2?5SyqaN(K^n4mwhK$uoN)S%EwoYJ?BvS5s
z5dmUE3_ys$!HY$nC-F5a!-L?>uoXfGPV7;NrJEw*DuyMs;+LK?XX0*%Ggh22`KZdI
zpbF0R7*gwis1>HhNL4g3MnNgmQZ0(z+m6No@I+HOUcs3tTbH|HQKIw4nBs&kn10UL
zRUfUY`w7!%o(q|oTdx;cZDtU$Kw{;aQys#!(TZf6kn~?S?PWA)(No!#m+~~(g2(9&
zOL<0!AgBh^jH+DF^ZOW_r{=_2?Fy5tvk7xE#eP!o=kpXA?Tq>9V0Y$EqsSe=0YoD(
zL_i{>V-WYr-%STVMlck;V~jqg9Vrxe8Pc`mkc>dT1?;~baQJq>^Ya127%*lLn*veN
zHDO9{Wn@m!o-LlvJz={dY_~nuw;OD3w&0sS9rEJ=I2_XduQ+vPLXh48n-z%rniZ-9
zB4@r`t)Fw99FRs}7=Wi2;N<`ccBfo1c((<04$9u{O<zn(lN)lrzf$F){T}^xn^I__
z2Z;ld1JMBI0w^YHnCLheOiF}{fJ#jMU|CB9E}I;u0v9-?&LY{kcvT4J;$*wiEWyax
zHKd8IY$ln^#!j-r7PX|`*tSd?=Y;8k?RC1qw{+()S&a47jA|@JD_xcOdtovknu=FX
z5h5~~VOu4hw)L&YHqHu(H2=OoN?JJ1IOG$QcGvvGoZ8+Y>8%1WR+}~M);)R^#1P@e
zi1B5__#yx~xGiD3+T!-xBZw7=Pp9a*4R)&ycH1lTs~tMuqjPC}6iRbPkRnQeQnTSy
zg%cB$G9W@2MN$u`F-Zgj2t&jn06{5PO%WiDz>eWLb>ysU1)$l2vpuJpOo-J8G-`!}
zBxQ0DSBu+hiYk=c8z5XWkRzq5m+5jG>)1$40AQQ6kQf$VlQKj}_X3$1*SGP?lojp<
z^^na`%3@bEN@KmGTIV>_EaqisP7T9fD{7qspI*(KsNT|Ax}dx@8;?l(j2fFiC#!z}
zKt~k6ld|Q@-BXw?Y^TP+Rf#|?4~e>&exvQYq^S7QmkU;yZD(L6gcU?Q=6T#edW5Nx
zq6BMkGu9O-HQ&j@HWOq^$&gY@w+dwj^^DacK?0%gk|VLoGvx0M&-(+O4<lq0+d5n4
z9DyK$Q3N3bFeyAS95F(XNkp?VAq)gOx;@-4Pw*=bT6uV4kab%?3P54+&^eE8#n{|!
z(ZAmTn`YXeY!F6FLc(CCH91Xn0OB79yga=i#H0u5JCE_Zg6I+5x(D|J+N=QQ&0QhS
zP6dbu(909>e1JS3@FWL}ssMEmXTD-02$Gm~$^>!=0P-<HB;C&m2FY&BHeF1I4~+@R
zjT#G7F=}EPweW8{T}*S6Os6Fi(yA2^orUOWDMa&}qrra7vyix%0bwRWZJ{rJq@&{5
z&xBVX*>QtZ%&6m`z=v82Rf}J=GpBC$`E7#jT#qy*ebB^UHB*TMQ>!31>D;W#BgM)w
z_+^imU%nyk1^aIUAPm+X)H9;%F${ZP@1Zmx_5q%*u-)F`_U;zz?G8#Ef;v!0TpGlL
z8Y^j9BTMd;lwwRVJx7s}JBY-H5F=s`gdhk}A<;B&n$}Yx1~bDuMqq-cgkX?kI8ivC
z+IgSPd5M3hq<4yGqoy$;`Kub#o-7-zE0<Su-y*10AZjcQ3@R4#XD9=ZP={o*m7qjH
zY!YM9;`uF~Op2Rf_1J2u%n^lZQJDPg4y)O_*nqdfGlUi!)20}yK`_~eF4a7-g}pA<
zR0_~^@1v$#R(qJWbt7z<gW7O`bk->qwu!+(>Y(Ip_COXl04v~Bnj_VjHIa2pwc~8|
zVGUcYx=OU1B|Dc|_nSHRtTN=tAWcb-TnIoIQ}K@xh#iy#<kPv2LqL2SF?`+Q+xHh7
zh7rsi92?vtK!_v6aT59wfjz+q;6xE5B90Lu1QR_*bj~Ga4-_F^H}jB31l-7p96-+C
zDJi2+*nGsZL+1#a-(Rr(?HT>XgPoBQh5@4}hNu`r>JZ2lc8DTI!r`DsmnC=)ICelx
z^P9+rvV(MpAcM>@J(Y9>$p9TcgCO`K4&Nmr@Q46G7!;%)J`z+ydWh2g8G(>GO;Ot~
zCFkRO|3@W=5=IZiF&5jMYLclF$Vgw2lhdCL4HVaImvClIgc<!>PH1{$M*p7w{CLFC
zVLSqnxfA*)IiZira3D7rf}#>TDl4u|A*FOM6&l15=LKrGm26uwonauch2dw6&}{g+
zBZr;ufq@{-0n}slZU^T)cpuWe+&Qo)p3I;q#u3g5b~jtB@3-hTU5e-kia`My)BUFu
z;W)*Z#K>lrZji4g#E2!G>oKNhE=I)|l9{i@6s(t==Z)otWMwrvhG)P#g45LTbi&ZU
z;9k=l$;eo2#2bl<XzUut31&`JSze)N*(Rt^!L?csB{M#?HBrG763yFUOtevXI%xq{
z$%(OO5MVY~tL}jc<AP{fm`YKgW>L>O`mAMd7y4$XoYOZE8#6ze%m&DWS!vFd7F-gA
z1_6n6Y{Y4&OtC_Swks{O7_<I|WL#6zcVq{0ltgBSVA!y+rp!RI?lWy`<8!C8LUGQb
zTwq;g+trh1$4O<Fo;m!rE0o#(vElrf;<=v7L|HBoZjy)xItIjpAbj6LzP})bn08O(
z(<$M!UmOns`+dOvFybXd#3*1H8^|+tm`rN+G0Bfvg%Cv%qd-C`cA^4iLQqN2fPEJ&
z&IYz~<rIPJB_gA?OxY;Z7AB7HL^uqDr~LuGXLP=UcODuALx>mz2$o7oB8gcP6;TyI
z6(S0z1T`=dD3U44837SdVrc<bxTwQbM}%-dIDCb~1HL}(@wk7+IPMeYArdH1x=aR3
zs-?mPaR@wOlmM^3m{FDmUegY7Y?x@;%noVRi_i5x@rZ`!n2D<3b%H8pu-dWo)j0_u
z9w{h<X~YAa&^76if~F^2AaG=E^U7Jf%&2rSCsItk>f-Esh{2|1rZ?SUH}s_Av#ktV
zDiKy2hldY$xVyW;W|iE!-DYL1$%s|w(Q}7Ce*FV4e|*JvB!`9VYJ<DmTdX&0IG-SV
ziJ`eb1PX?Gkj-H%Qz#+*l;$uwnO4(AOjGuFg3q8f^P@=*n2837eoj^b7?BhZfgb^N
z0%e951`{kkA}7Wg^jw7S4KYfad#}|h8v4XGa>&sns>Z=IEr~<48E>VPC+j{3b=1lR
z?Dn_(^aPVsW5}9AOO1%Oosw!9a-r!?GKHGvw{d|5TLv5oQcSItVu9flkO&G97&N(6
z<~YU-8jwrd8_!TD#sC8}C@2UZ0p`OFbRJlx7M8|5fD<5&kTD>R>B4(PDqN0$jseGj
zdr6{8IG|^cw^8hbRhB8njk<ySwEM~5xf#ln?IsY@P6JVaFhIhP@=dIm#R!B$K->=q
z&jW_%fc;CrcnF9#<4QB0nv)VG;kGfxg851?n|n%xezKN2eZIk_M2IXYU2?Q;gftb{
zdUcW@PBJ^tLcNs$n=!E@PcZXaM0V#PG5vO63_-2-3)qd&Q6Q%1j#iM=;4YCGR}E1c
zx>^UO)BvCLJyco@9Eb=AF=GFXFdPJ5Umh`p#Q0K*U=Cm!K?q<;=O6+Ifs(GmcWH6p
zw0tISI=ixk$dDe`V8^ZHv9ARwoGD0pWCnsGHal`j?{%g);KJXZ>v-la+?U>yPB=x(
zqc2)0O<pnMUVlb`xpjIDdG6@YEJt&v@Jec6+}~{Q>HRG}Uf;m4d-&Blu}6_Ik$T?&
zLGbvM(7Du|h$CFx?r?W^i_LnSK05?xNX)Yon3v{AF{VCE%e*D&ez;{gJDYvmM8#Ry
zos`&kTd5^)eiO3ch^#PBLmO9UB-6_!F)J}8vI7WgBJHYiVrVo0uu26}^CsHn>k0bP
zMzh%H6&pfLt`TMyk>;Y&WHUtYS_)7@vz;*LXhtR0hP_Nv@n}0w(pdPnl~HCi><Mu~
z8_)WDL&S2&6x~j~!5o2BNJXLD7LG|VuVP7`QGh-b(YP0c=L0Y#nlB-BLSTY-F2$(D
zl<4RP7>9^)7!jkzFEhb$P0Wm{AV(nY;GBowInb(ub}qfIcOd8NJ6K_l0f=c=Le3{!
zo0h;41sEe_KOpP}gkeMsiA5tpA^QM1jG$n{aE7(-^8YdSrcIJ0$CcnyHFJ;1tM0yl
z1_*+}+2L~c<Np62up%of%N=qkBo2bO`l#-@GBYCFOm#n~s+qZ0WK{!$SrU*&H@Z6`
zBRt$qRiC~COQ{CMm5M5YDpmm5RoY79fj~p|9*ak9QO4>FGEs$AamHBn`PsDw+O6>6
z*(u=IZ+JnH?u0GAr5CImM2ucKbb{=QdJ+XyU@43JymU1;Iip9L`k@Dbsfy_@DDFr9
z9IlTr789D`BsoL^R6qpFv7#Im%i#d9LT7~>D>PT5y^DgY!7nxLg=DZTb3#f+yA@@J
z0>k*2-0LfJ8oCmFZYLc%vz*_0&gn-A#m9;geqiDFQ~&d){5)-TKIu$R8p#c#J4D9&
z9(&^!cq~54@UD1xqq2cJb#R?XU}T-~<oX6TmlwFcyuf_52k$aejTtw4sNVhI9Zq-e
z04|uPj8qlRUOdIk;~S*3M_CB>?tvIzunJK8{;XOZ24*m-L2YF3fe2u+LIH-Q&$>21
z$#qrH^tb?<y%@!&Ae=s04S^YrwDedpCvIXZhT;ekd0vtx+l7+LBM25*PHv<S1xUr%
zd|ns(dG2~84&9Qwn8Z24$!dW3&Z{%p(A7|Dmj>zL4(iM}9p)ZtEGXTqC5N&_r3)z=
zY&D9uwitk}DCO;<b6z_!ssc-f76DG;a1MYw#d0io_qO8h?Gg3p2kM~G-WNYi6OboD
zPV5XA!88-**);6OMQ}I@>d}^qpn{wecJqvj6CqztwlHTvXBS>B0#rNL%gIJ)a0N}-
zpg~tns||iQ9xCqN-Q#d;1xZCv$cO~~E5W53Q+4RV1$5#9OL00d8N?-IFh*7&gF%Um
z;iG^^g>()llAy6`B3`(PqEs>8DVRbt5yidekXh~T!P$&$V^*mxLDijqg`Hdx){!kB
ztQzH62)?TYsWd=2xf)zOQMD@h!c<$K5f<zEydr4TCfH+#QAL~N-KHmpB1HsM7J#++
ztg(`(cbd<bQe+xc5Gzszpb5+srJ6A%du(cuP{J~(Is{V&v&oIw#aT}}JOGh>?C*W3
zXz&jxQgmh)g)?v*{TapV+@5J<)#<hnQ3qp!kTDWF(wWaB@pHPqO55Bd9c12N!IScY
z{mnI|{fvCM!^Oo8nHkC%dA<OMaJ)O<&Fg!-dUc0I6sQ@GrYn5*#izKuxrWw+!@XEe
z5?MJls<llt<K)9^hjV7eOl$?(8#Q&7n=f9#Y8hO{nj12S$c3gsN^6lw#`GjNoC}@Y
z66Zaun+BU?McP9t;AsIfugEhHcafkW6G;Xs4G|Liq$J!LP7<#jtPrjJ9$*3m7po5^
zvQhRAdXVt}8f{~+am-$E6=+S%USo6ZcaF5Y)hIqVDbPlcidJd;=9;X?Q59$v=&|DP
zuHyFgh_|-|_xB6xNlZW%s&@r;ZemDTkWvPbEdzHmfI>)OnDF6H@%HY7<xnA|BBg>U
zCzQG1bY!G=3!uq9jXxE7vO`*{qSUa6@rl%L9J>SrsfuN(I4uiGsX#UMi-oW$D#t{k
zTOP{$BeKB${kANoo}kI<os!>_B7=QLkSio$?mi9qZiF4V1d-+Y_=F|wWCmT+XthvV
z<i~3%S*V>>D<s5DgO9FGfTZen`D7GW*gvo2+cR+}eMJ4kIx8RnRIv6WQT0VO1!G9v
z0+Iw31)Kpa6{q_nN)aqeg%m-eY(8~Vpe%;xBOz(^j?%*WguR;;H^B5=q$)M`oJGm#
z%F$q(VET~n95!|~*jNT_AvAgbsyi3C0G#)X!<mUiAK1M-B#b>*=+3?Vc0Z<D$WF)e
zr=LBf4^N3PmFvJ~CD6(|RW>@U3BaBSPaj|6(W6J$U0j0qd!%WH9Wi*GkaiiTrQ+^*
zk8j?-!n@^!`^s2Of=@sH6ra5K4EwwT7c)>DBzA5*V9#0xBNHPt8?lH9iP(0a9#zi1
z#|c=PSekaJI^lqo{Q8VRl^#Rk7c5}zfXB6wLOim=#n9>uxiF%p;>D5`n!1~KB1WPX
zKe+<U7-AtSPWNUV?{8fbc&P8&b1y==^2wsn7AC4pV2VS^UsuCw`^zwCZE=RH8&u!N
zvUOmNH8Oy#;KMca*R|F0#b_<Ssh}PN%U#9c-4U<f9C3el!tuVMoZKjo8Zo`ymO_eJ
zP2)ktND8E+m?mJC3zB9Wi{Nmqki{pREZ|hZsaV2jV7N`0Z={IWtu%f_gjbQ7ae~~2
zL!7_R7%aN7FHn{t4%(+9cYTidUyN(LfTe)JqJwOY;v!b~4yF-5{KX`U5z*gsibW)>
zdlYBZh)*igAlgCfEC#VjbZlZBk%VY93bgCC6cKFaF2>=^uF|e)_2QT$ytKNbvHH$P
zqzj(g?ZWoEs#-x#)uCgG7-vDwgcAwsX#ti3I{6ZsjTX;DNb1ul_o!x7K_=6SsB*LL
zk0w*yY^(1#^n=ma=kkh1SSxR6+vNjO&bidnb3%u0aoZL!Iy1T8%>GC=uZ<6gS8--v
zbnd;#8O>4g^N98ReOv6kX#=!u9lf#9w6hB(c0{<ECVc+<IUZj>#gt~`oRD+EoHHnA
zlq$Hty~E3IzrnZPe~XhU7A54}4xfMVIi5XziYX;WKkT02M!F67%{C7c+nzf4NW{K7
zl96Sr9rYM#)T9o#DS3{T_|LnmLZA)e6NzGw%fxx@!c`(?RBCeqF<w=&Gl{(U3X3a_
z;CgCBokBSz=2jn0<Uy`z)2h;7<rR~ZBCA_HM7;8f0*x`Ro!5q==nJ@&(PoG~TN($S
z?UQKqnQI1p@o9XQ;rkxd;$c%B>LhW(JFBh&a=+mC<{o!%3SQqHad%j7Iu(?Y@g`No
zspHfkA~wjU>p!gcEiP0fRwP=G-HyX<EdTdaKnq%s79sWoktC{3a27a#igs!&nZ7`L
zsll$A4gq33P%Ks{jNc$`Gmm!4idfEx6~cbCQxqvSJXoAHBf_oVk*qsW_GwMEKk4nJ
za`BxRhLS7Ab*P!4Fdsy~G6<U;QdnCN8gxfe8yOVBEs6n6Q$xM*dDZ1u46_qJgxpFW
zE5Ab#iz2szRhuGSJZ71zf7e!3QLE9~sS;8#1`sk?s9tq9W4~bHg~wQ3?72l)J-AG@
zab=?W+S0Dah;BUt-)#%S+!Sc!<a2$GzC9+MmNP|Z`@Qp-J(g|?#+Hf4c;B@<;k;Y7
zoGDo63ST-Sa@`uD+A5~&_g1e>=QjX&fcicXCz2<r&Y1D&@*2;dKEaM>BuPljn6gO`
zmQ%s)+grT){Y$+5_pfohJ-Bm;;_36p`0PiY;_A^g(v+Hxj=*42pFpgEojvrADTo2q
z?2$LELXLJhBn^KKc@Pt`YHMT@6GpyrZ-CsRl8V94s_hvIX}H;1$*PdYah^y(+;{zr
zBq46=6g&Vgv`I2lffJTyTG-gz6np?r3v->L6>N3upcTAID|SQBSg8qEwM8}%hA!Ie
zcXSB*Yi<Oz7Vpu((rbAy-f2>}k5>T>3s3~Q7-d(AKo^D{31zWWCr#GD-X8_;Uftt(
zD>y7ilv;5rwV5S|<M^aKkPyy`CncoPi%0b_mwZWIQJdo~1#Y{zZ=2IYO*keE5D-#S
zlGQq_i($LKQHJ7UBv7>AH`0#LR`p&a=qcjBnshVVL_LS6nMp@M@+bonf({4En4XJn
zHLs~c*}F6i;hQ#yF@$pFO5iL;rj;|aHV-u4J4RgcI4j3g*zgx>uET9w(7~%MdL}n`
zEdJNzw7nqrSwm6b7Tq=psw>hlbeYxNJ(db7in3U8=05K*r;JPhWyUV=kVHXc!BQ3+
zshGA&jn=NDs1DsN+S5F>0UF*ho`IvbMS-w37j1{na8P8dt&w=lQ^MNF^t2Jb@);eI
zZU_Nem~dpPrGZ?Kuy)4In_bXY2+9ZGM0sFGwGHUwCc@D7Qe?MmxpUK+oSE82NH9~z
zlrC`f=n;086R;>|nlNbwRmT0{gjX-W$IIWp#P|R961Q*fk@g7_6Q;`<KmF^U;?pl)
z;PP_DG$+i7k*WK!*lxvku)*_O$S2<**+hd5W4W4Us9!XpIG4kmfWTCTh==BH&|)Tt
z2r{Wd*oH!=L(A$mKN@Mpjf{mpDfv!R{rr)LFZc7E2G?$JsY6g{?F_3(%+@r9NiY&r
z6xH#B1VL8XEKX?@o)XBJam~oGyO8=DpjA}CI%7yN`dN2_OKn=G_L>qrX0xu*MS;5l
z+%330oUqi2rCNOSvH;7$!mKKrRghLPXMtk&9$Ks8m$r)#Kg=i&T(8Phb%0)|6(ZGm
zV2zTU+?67zk1jKH7Mc!D*G@@}U5AqviWfT`{GKeJt&`m0<9G;edz5f!)_rOj7;&u5
zXoC#lgMsq~F~EY|7VQPObx_2;Ac^&voEWtl-8>8!Y21y~?mQgDu!;wMkq!@z(d(%i
z6NreCu4n)NAOJ~3K~yCy>#8&FZ7SEHeOIcjNeL>dO`V}16JsRRpqRVJRr;<`VzFDg
zcsr)Nc2BB!17xgBtp(x}?3@yAZf@}A@)7QjM@(rl+JDJ7>YWXb)$Od3yDn=*g4h(>
zw{|N&*_ce4Hq`DdG*{XqyM?%7j<?q@gK(7}pn`AR61M5Dy0P>D&Zo|ftTdbv)P|UJ
z+5CRmOjhS!d$beU!i#dI5Y{uIU*7!xbI{>*R^LU<j*Ajwf3wHUqib*l4&{iWEYK71
z_Wppk-@U=hKYWevzkY?|J9}1k(}dk_!s8$R2tWVX&++2P4X$^4>?Si(WrD$54xJ|s
zJ-s$kgEd%Yy4$=pwI>4f(M3_SAM$hp)ofmK*-TM6g!!v;phuNQjpEpwfep&`;u8B#
zfi$bA>T*cyf2+T)PhuJ(7j4geWha$Y8X9>M;Fc6JAP4%C5JdB&icC5f7^rkZ)b=F}
z0$4rA_R*CEj&2w%G-#8$i?bt&I{f>pprrtJNAD#VS`_uTU^&>dQ;K3)6sIa!7Na>A
zG4@vt3bP8hYCA2t8A7_E*#&dt6N|)x-xC*;y48!fB0*Q|8`W0$$8Cw*WvtiBG=%f1
z1KZ+7jlFm?br)yj3HySQZEwOgijZJ!L*LUPNyKk(agB~GM<e)cgfj@*m}(J1s3fb*
z9xbNdf(8ufH0qUVauCW5>94fHhP@&12{QYnlO-aMwK;)^&!dKu`;9U{g5rQT2|(4f
zO@>Xo?LI50_;+gILEz$+L&>|fDh=^w?T3KW0;$CriHu#|BVA=&?!UvUl%R>hb3!hY
zb<5?13s%&mI8k+2g#dU!hrfJrtIn#6eXFzrA_K&v@3}e#oq25lJo(?l%6CpzFcq)t
zr`Cn24E8`HF@Zm@*U?R(tQ%-e&M@otn__}9@L1ZseiVqh5%!*Qlfb5c=HWGu+v^xR
z+%rUsdRFjj_e%z0KTmk{<Qg}RA0zK}`0oCI?|%D7Xd*1P1*h8u_3#dv7#E-3V0W>D
za>3=JEBy3tzQh-wJ;Sq`Yg}cUnu4%HF)6tC9$q{`fS>(Yss=lBQnPz}@(>4vY6VV-
zY$rNw+uF`pdI5{37=^uPbk9ZcW>Lt93{o8)cc{J+nbS)Jxb{^<yrb9w85ktqFvb~W
z4(6$HGgX!3NL2(_Qfi@wAZOXphW(}kjMEpe1Cc<-xp3_bKZ>6S9Y!Int#mYq@u3K-
z0?1-aCNaSwxPW#QmofpOSW3m|Sa3WE793HuponW(yt{1ygFdA+=u6;`mNssG%i{3m
zI1e3(Sxo7WjihY?X`B)w7diHkf25SQ#-{Ck%*F#k-YvN<#iyRy7zxgpQQKLCy+^z3
z;#6@8_NY5yR~iT^+Fg9zLZv#nAb1Syi%qoL9*5?fY8_Tb8umsp4U?e%8mo%QM|BxB
z^x`3J?Q@Cm)p{2g2e!tTEoO((96G!}o0VP=9>h%^eF_WK9E`52E+`I*E3IQXZ*9Wk
zAUVJfG4s|+$oUGYN9=AcK;O?O0_=7(L>1}c0A4(fLOn}~6N*UFu$VZvI@P?J29MBJ
z1+eq)MTdoZ@u!0~yQSj0wCXVp>w{WX%(=C<TtB$$ndxbJV3!9R79Mg}p!ZmIoxv7`
zFl}JSbGxc>mds~7^|pm`8m6)ye?g5JPHjtZp5nb`9NKfar;JDY3w-kY2A@5<#^cK?
z+#Zj3_3AC|-xc89g3HRdeDM@lPj;B638!*GnXd8Wmp{f&e)1_EUteN>F=5Kd3{D4z
z1r3paafUG5i<JGjjGa1lCT)c0MN^r=u#|@e*EI^2tl><q0}RxmlRIqOA>yWo5^u~@
z-F-}4nh{Ok<UVsXwO|PN^A|9?IwGQKzKxcWY@`ZK12b~eG5L3tL&!UM^VPaFjeUl!
z*mJ$bmsVs}!|;YRL^||dLu|rY{3_-LcM{-k0d6bwXq0L@$QeaXD9Z_S5=^4FaB6MM
z=3nOYE*Ek7K}WS)iBx0FB#+R|@J^cJgIm!uT}%%RYfcFyecseC`s{RJZOpEX`*!P;
zyLYmn>t2#)<Ag|3RR<l8y$&}Birb;A)ED-RvD4mPpPJeO>`XM190?}jw#(@2qfTB~
z*{KK(CMwj;T71#Uumyj0T$u_rwRNM3yYMg6+NYq7tFhJWVXLkcVUQ5G`X0)Ek9`f*
z?S2|0Zmd3dW6^xI)^Q$73LC(1Z&2i7L>%SDbg=J%37Qy{87b{hA($Us;Nt2UZ{NJL
zLu*b*I|fbGK~zmxD!T&+K_$EJS{jsAtPQq9L}_JPQ(G~i_ojp#aES{$7k|CT^%=eI
z^~@Af&%jlL^U1OpU^bj70DPwKY$v3p!ETBP=M7b{**WP0zgHfBAGdHJ-rI}mCSGQ}
z%N%!Gc_^UjiO^F@xVpT=lP6E`=-CZkym*W+X~zBCEpFeu#oh4)Ng2~jD9aItyNZk5
z4W51e3BLUCkMZQu6)tvr<jJHW%7m=WZgpDqXc<<>n#-i*%_KpzG`%Hv3Yy*b{^cHh
zn&X1*m>|@5#=gT*SH+Un?rs)9XmyRGxPPTsAwjj`1TQF7q|DtR0H8P{iH$4Y2oDm&
zhC_L-Ei#13jz4xJ21&roAT{dvln9i~q|EmS-F3JHn~l~D%}rrQ^c)4V!$i<-1F2A{
z?eVa6R9NizV?$l<BBanP9pe{8ni6sn><G9jg2$Dx)P%cZ!rgJg>10#WNh@kql$s6y
zRDeYszYS@>AS)v&gR*_urP>!JVvH{l0au&+h&$^<V=3M;cRBz<&QeT6qHQd+W8`R5
zY>C6iJ9Sq}hn9fcTv4=}%W3tlh)rS5jltL>M+n+>dKQEw&i}WYv$BgqrPGcZ+%`^5
z(3MV%2AvtZ%Z5bE#9+Tu+=d?FJwFeLys2v**yELT2t%~uX&=z)Otq=98njV|Nh#pK
z6uKtQ1wv9}@f$zxziP!etV%%CoEn_b(U!PW1$!6mEf+I#AzWNN#f#@hoZh{|{pkpv
z8EH!35EcgnDAxGY<bI2~7y&|oiKH1zj>es1@mSu=C|z3#>1Haa138E`h2|V3`&<P0
zLuRM>0bP`y*+Jn9du|(Vv4!mPf&CI5C?MmM*eOHZ->z=2kLr7xCVJrggcWpB#h!tS
z33&483eTQB#fuj&@bt+e%qY0LWL#cnyuCZ(?cE87;|YQZH#bl4;^{Md{^?`f+}t4V
zc9?QT;^d@-E=#aC7lpy>W2rdP)EiG}o|R5gQMPj?+2J3@7!7IILD5!rXB~e=3U}Fv
ziEjHj#ud$es|cZp+iH<9D-6X^bCXdIzTr5I%=<3n63p;CG&h*mh)gH*&`ib?NSeAt
zCw9xJPxtI+P*w*5R?u5i(ROHH6(~pG?%u6Bn1lKOEPxz<)9YK*y9HDiaAKs#jC^$g
zWNDL%wM`W?scSq2hM%j0Wf5pG4?9-HJ^}M3;c6xvOTzsTxJAa@-KmRn+44prRZ~^L
zl#sLeqtax@LAn<#LdMar20Nj2EOsQYqpkA1<Bh$5vkJ+b#$!^U;pa4Nj?rC#);l(B
z?sr2LlpC1Fjm^UZrcMcOe5>vO-wO`uN>D7$<T3nt6xhm!Yug{;q@DDyAS5p+;U%YA
zz$PY3t==6`gAJwHK`qHfe3C96C8`eZxs`}G79LF?j3zIEW1xQr!3Jz<@JO#L9kx;R
z_=vVMbzA+|PpKejLdk-h7*{t>QSMLp{@a)M{@r(&E+$Y0XcB0#2Wf^01_f61rMP#W
z6H?4Z$m!wE;M6ly2o0W)oj-S8vm<AU%7;AUVq$qHpNKZZg6)(dXIO87ZQ|>BTDc5t
zyltU)NIW}6t4CqZZ939TLFqK-t?iPWVKa_Kwj&0h0QPytC(obZix)5O{N^z(@&u_2
z)CxK#&@my^3Hxcr#nlC#Jif-WCy(&>;tIQY=V5!c8!A%>Q)LkFQa>|PF%5h!aqn?q
zacXvQIKQ~Y(f863Xy=)5EkryZbwMj=5_%^vPzfCL@i?#4l8@np3l(Gk(aLMgT)(TX
zlOUM76%aACa6b#4^c`99T{5TUM+!Ciw-PsIZTqfRkz33Iv<qH|2BB<Uvcj!yd?8{T
zB8_2tws(=E;PyM<+dsa;@le51Ffrr$6>xE_nD-3c5qR%Z;QIyjzM`J0L2*iE;8_;a
zg;aAc;G)PRm=jRI=Kc)JqFabf*W-sZ6JeVASSVG%B$!e{HnS+h{ad$T)L}~pm6fP6
zm}H2H?>C*eD>i#!Ztz`u45U%#$0v?jbZ;kv&`{7tqjT^)dLAH81-98sVgF78*<qw^
zNigx$?A{{-g<6^;y>Ay4@G1*3CCtp=6gR(R1D!nfqU&#9H=)0uwsmxf55gWT;sc8G
zX|ideNImA*?k{z16ZzCEZ18Fl?S&nlOcHye(aAfGD~?zb9W+q{)#RKadyIt`#HKsh
zUlQt*CwTVhXE^@qfV<asIL;M|)99HDVl<YgIi8F3FmWA(&ApLW8>SL%#hc#nJm7OT
zk_^r{HqaS(u52jPbfzH60~3XwDH`>R4;`;2xbuz;jQ5?*=}b|>8S5a~FbPi&ctGf8
zSEgsE-dh$Q5s;X0d3lL1KK~5QpWfi|Vu#GhV!_h{nRmG1jB6rHS9@GsU*h6ohyA?6
zjwj@lR#&evjblg5YP4<{gzb#(4LX7oq#NtyV5#Ylz&ZphZ!TJ(E^+QO0#vL62<^`)
zbutnw+j?W`hE54p?YWCgycEPVrxGA!8a8G@m5_!jFY#<sA4EF1#{M2FGHNwycL+x%
zPGNB|X^a~L((GGGKRp%)23sYx7I3+%`0iW5ci$aRPHqo_iZ^cs`|ku7nUMAjzA#Z(
zJyo2JVj7TQ6UnhE>gfciVy0pSh+@P8CPh&bWff8^A~-GyrBoM++Lx8sI|Vnb4n`Vl
z@F)bQ7+0lxle8ti3^0KDp-S2_j?@phI80eq<lN}e$@e8@TG-QJTk&Y*2aj$bYAnEZ
zifP+XI!k69+ZpRp2|=zXI5O-4Hq?=f90#+m2IHos@}?w#ak&SsE*R5nfA3fm4o8B#
zBOJB1MkZxKcH>8>geq=)Pl}WXRJGyt6^>i$nj|ek&EbPY+V|FMjQo3{!8<9gZ`e2s
z%20GXUDYtZ_I=ntOirS(LdV{WCAE~;-OQlt8+`KVr;xjX-~aBnc>CsndN8a#`Sep9
zRut_76>Z`>CyUU~Pi#8#bBU(%K;hVC`tSoT4O?be-JD%?=FrEPf_BbQ2xmmKx+#Km
z=6940Wt%?Y-zN_gmDC`f2FR@b-H#c)j>RZJu>;|P8JCw=c>c)?TwYxw=NS_xfD_U*
zfp7M>1~5@Zo@eA~LQZD+!!-FArY(+!Jy0NN*S!TfhXyU8k{f1A5L~#y(%MXNhMAD8
zUD06RQO|uM-;slQ#Lt+mRvAt9A;C;d)S}~?QL?{Da-nPjo0ygX^*uC)^;vt5y;d|K
zOLa!I7v*^Nqv#UC%FJwKZFhR`uT$LNb5WoO%A#0KX3NhhgL4LHftF%a!CFxcf?6y`
zh*@o!#|ig`itk=7c=zsLdKQOem=#PX6QgEodmQn22vkL?)rq+T@x<3F2qq#-Zgoy%
zQ-p}(B#M(%93?!)+`ZSca}u#lGw!gkKyf0IWh;PEq^tWySL5p1H?OPk+1<9SVX#BZ
zE^6(7!s=;ulR}cVkcs`94iirkxN4_(wi|e`*$6ReJkH_`0>QF?1Oi<=0Lv#5B?U?9
z?z^F(ar4tk9ZIl=)v`@?#JJuk+*~p8oJ>e~B-GOhQr%^O6%zwF+Z0ucVd9j0zs5jH
zW`*BK84?E>yPLP0kNS5Z8qN=BOtoN7vKQ}OlXR55HG;JYH~r75ZSQo&&T`cF4hclr
zn-4;s_t5LdNIwNQGs-Un_pk5#0W*hUnHY;Gikj1U?2OdA(&kF;(<%*gXVr(Ngprje
zXB-vIE%!fk5bFcJbA<ExN9U%Bhm2R#1~TI_(^B0KCG>$pf(PKd5mH={cRm6|@|n-q
zixOcX!ki{tUS1;ac90BkChYPArU^=leKPMh_D{yd7XHVK$_YY(l)Q1(O`{QzuseG6
z$-_6&5m7%J)<ND0lYumhQOebe$lx^^cRCMZ)&>X5z<?e`_CbT#9BYXzO+bC`(|T|h
zz^2eDd38(D%vL43gn_zFWKK59+UVXuH&z%~yQDy-Q|X-LTAWcKs7J-|u;5rN3nsIv
zYLCYg?he55e!+4i6t~PsWESNh#;Gda91BjT0;ys&Zgo@6(abP8U(BZyb}DkWWz|Mg
zoQN?)kw}o(1L2}0F0Pi3$;bBu)m8XeIy5Du#`Y?Haio9IvE<K6@3o6DD5gY6iEZaa
z35;xN>MB@}`(!olSI8nPoP2GQ8&g~4)nZ<HRfn6dg&n#DeRLHGZDC68sit|bjC2bR
zN*)C#W-U|M*lH|>{W5dA;em=2c}Q$GNfP(jnh5ihk&``y%c3ZE!0EO?YQ>!Gv*bxF
z5hOD3Vj3Z1OfpPc1$VztrKTot-EOrnu%eSZ?NsabQUM<eb)1j}er#hkid(6M{zDu`
z_dOq+^dStevay_;PD{j|BO{QUvD@!$0h_H!dV73>+qVbfG%%THmIPXpS;)8mnL&ey
zF!mwzo-0Frz}?{7bR-`r9C(0qfDe!w9tz^anfJ7f2ImLhHTpo2z?t3GL(>=VaKdel
z$!{=P<p(I@`W~@^Rs~-{NI7G=m{Fw|#UK;%1f(>B0PNkBqcw_=HI@=;(pDf0!bkVn
z91{?fR+uQGJ1|ht;JCIz88kEYT~yG&sWqzPK9CL@6Z%hvM<j-6J>(kHc>>gI6R7zv
zHdpmZE%g=6Nj#!wxbLkA5auCn$am&s1c)^F+=-(|f%Y_F6~bJ#EDjw>qt~J+WD(S*
zpp*g?#X*3jDDLl1czaYVC8*cZ%m8bx7I7`cUK3CCgwo1-CStg2@ptM=Xo10jJlKb;
zS^-h-W@j=7T<hfR@L(e3DjmCx+yobebz?4VdK>aXLp687TI<9;|6PqCLfrF0G9_eY
z?DiG=DPflxk|z{$M{g0ZnBZ(VDeB1_0EmoPxL`qoV9JD?6I2PO6XA3$SgPk4#lsc5
z3U}yc2J*z1QnI*&#XSg<-<qy_$l2)0D!{T3j<vKfuO@V60TV+f3*O7#0Y#TXl}uee
z*|jfX7EZ@Q!Tqg8a9qx6sk<=&6tzFJ2MrF5n6GWsLIT4qQn_=v#{<Z*auI`j;~ohd
z8XmDBD?*1364B0H#0U!dzO*q4g)9$7Je-iy%9$L*$h#Su6jyYKXP-R6_3!rh`fUPA
zaVQd)sxN+}!zJ2@#jEJ@>U8G`4?Ae%j01t3Ib0t)_<307%SWaN`bgp6kL-E2x+U6>
zD8_##Kd@No2MQN9V%lwGrVmVZ?cV6lonTF1OrT8Q#F#l_Vz!B&Lzv2K%8?P2RI~gc
zgtpLE7k<-+M<(e?)^1a!@Q`dB1%n5cYuIfGN+ia*$7Uo3Fe!-rYLB~ahsvonXVwa~
zfF$kvXY;N^hx#zs1rfFEul8IAgK)6-R@PzK^1XN-)(y=LO)>P{EwUnZCAprC(BdhE
zA`l_erQ+>7#k<=D$7R8>R2(WS3~mvRg7z>q_k*(}?drM|pSYZ9rGDs0bMWTA6j4I2
z>kgYaJ5GJaP(5LaM3Grn8!=W>IY;b3x0^S1SaWM=LNgthIvySD6vil;ec3EXY~E8g
zvJx@@a{{jSgsY2$-7W(=i{Dl4>=&&BIa$D)oN9X_UoVVuIwCV6PYEJGqGUMjVZl+#
zFde}=^@x7(DHM!a1&f&QEEW4_iO525Cm<uC6agwj-L%!iuS{4;03~-fX9KbAUQHe+
z(cLAM1<lQ1SuFD>v0`Qg$bQdKLiLT7{nOwZmkJb)rlC)<6k<8|93*l51B{^tx0}*I
zlR*QaQwIa!_FP9pf#IJI(^XKL)S(0wZI0;n{%SMkx0^G8@`NNi%=-(>^B#$krSgh`
zkAhqPO5Pm{w^UiUg;a64GM$0Rc-Zss1JKyWQmbd!b^O30f1G409!`v<2jH%Ao_6#D
zb~6vfN&Jx9B|I?6og-YdbMqrbPT!j<qg~(zt0o3^Ot@smOysT#i*Gct?M;SH8ahC3
z0(}4bI%Kq}wDEv~<m6ixK%vDM$3$IZsyzW&tD=ZK>mnvb<z%afiO5l#)R@jhhM=^@
zErRnJ>&TkX0R2sPAHH+cbMeA1h}?QCbgF@R`12&rn&Ke7a%fqpB~XjfI@>OSHsfTA
zT{{%{?Kel9YC$cEvM5e!h39w=91ayrsW{e(gDR?H<Xoj`ZmL>VJ5@1;9d*ebiMuj8
zlfop))O8}w7Qngy6Qr_D86;q^g{t`!MrzCBf-!}#B9mevYFeRSow5H8rcltko`@Am
z4HFJ{Or2J2mg+saojsp~JYr%JQ`ldyVz*0{Vje`0V7;-8GikPpqB8--v`({<d*=gE
z1+`ctIElfLD;)@h`-F|{qKc&oj@8^MR1EgZRgl^A0%^)lf;5qFt=bY-V=ohT5Bcj7
zu{)WY4UUMh6@@Hb*tXI3KC6gNeBoIouK$wmZ|8}zk=z=N!XksytPV7rN}b9c<{!=N
zJzNHQlzmJvJU}p`w!(H};<}}<dy2ouL*t>XSN1?oFWAyZEaFsFqv2-IZin5)HD;Ny
zl*Q=W3J5aT?f#`TLVa3`94FrFSJFo4s(3#Em9S1Wl?`-tZZC9>8lKJ&CvZkkOJ{6`
z#%Zf=DCk>5)-vvT&Om(+!D=6a_s&6)j1T89Jp>2#*NQx3#auFG$);y3p&vat6l`>5
zI}_p?bLVO`*o?IAax@YT8l#mvdrlPMx}ze3x;Ps+F$jxoPeR;U6ekrdQho32yLMts
zo}-l6#%(4G*`pKzs<rKNM7n!LBcD@bAoZdUu{I_p?D^w%PqBTTfZGP6p4RL;l7sN+
zb4_A%Q(1+K2a07MtFR*f;@9u6zz&*4D;8B00i?jQ*Uc-gRXLBgmcf02L>hgOhFm34
ztXW+#QnimxT^JPyjlb!NKFX$IwA>|jBo(O6AZw$gN;~M3Y)>FzTsTfmB<5LXToup#
zk+!2z$2@JAh{KQFq|}#_MR9i!V5$(VSdPHyq$oACET$czWDCNo265F|a5_bBp4rh`
zAt<eT0V}9zPgsq`pQ+JMPQa;3+m8{{BF;UXaZy5L!UBU^s|EwiDEW;9kZf^lut2hu
zR22)LE7kC0hgXlO+7&7hC+_l0u9h4b;bG`eBr>SSm1&q%I%y)hL33eHhuLa7xDsf9
z8^(||dp`jqG(~&Zz=ZoZ55nI@0p~UylRGG||9+*~yvI<C(#<VeC81D8-tBPp=mwY5
z9*6roBQkhcp`Z(?#T_Ujr)COg^4=G&0?T+1j*ic*cuY0x`<6R+Kx2cAr4Bs+&G8vG
zhH(mu*WH~lfgMG@yb-;o2izb2)KpnI!wfw4+7HFM6CRG77@f=t6N+nfNEoFGjwNDf
z9DU1+AO5Kc$%BXkmu3(MVHDYzaDln#7)i&j;X{+PC|RSrz@a%$6=>(r;HHzRPdUNn
z1c9}BcxE`$(24~dOivoDc~r%Uj#J1b5*Nf7xz%Aus&EynJA?Z(C4PDj`h`)Vq5<})
zf;2U!l8Dx5P`elLiiG^~_Gpo{BCX<A@q-e!Ux3(y8!-UEkR}?u<2)uiuD$A@yKph%
z6b76@9dk>b*5QP6G|0+q)#h9fZ@ju^lBh5DeZRx8l-F>rR(GrQQQAl5pbp!|5lc4o
zgvLa16UZ>ScJ-(@)UzxV_jiP%3n~}XgYCnLs_k~dP6s^+Rei!iwcL_K4$_3k%{81N
z&Cc6DuN60_U=hWlFgmqRH&t}f$g&7dvY@gN8O+VRrP90T*l!6o8a79axBqcWb`S94
z&;tRL7QcaFV(pWS_yRNW;5<9foZ;Vxx~VH%m(;k1VKwC3SArtPa#T&xUa4Cf5ox==
z(h7?-L13KN6uTU;2TUU>WKhD}Ey&FZ%INeAr3A{px70pMkt$NkxVX5)G*74u-0R}g
zEn}|0;+}z`jKv!t==;Qk?M{VoK1grY?tqq^++yNGZN*21&yyY?9&DL=*g$%G#^Q&E
zqBAn-$^ieR4e5a&V7KW<XxRFZ9hN-6%KK9aoSvJuLT;BBlxGMrj<rHd0ZWAvgPAc^
zGM9Q5i+UJb@)!!uCNl|D2#1ec)8rW=Etr;71J<r?wrq6oopkAdB-<gYPdTgvrex#^
zr)t|uL6E9ZB+OmL_M$2bWd^8NVnO&_YHCSC608u$kSa?q*KlWvDxkz3rWwdqb;ewF
zuq{}xHid}@bn4%Zy1R?=;ASq}!Ns(a6}cWPzF7w)zewcb#Ns(<tkUw1+C)SH+%h;j
z^oE!QDzmOQ)ao!>vmwHuz#k~sHSm8XpJo)PqQ&QCe_)Fe79}kH+DUu@quP=s8_r8Z
z-cZCsaL0&ULgok;c|lTCt;VD(jN`4(1x{ut9to}*rloA}m5rgrEpI@2vZ+`RHNDN~
zi-(rTTML}h?%5`dbkV7t0^m>pkpj=!YRQb;j7qtk6gK2|d_#?C*1AIw);jp=Dsze;
zM`<u8q1PcIcD<EfM<)w_<L9Ugew%wnld<=JHUDmU?6bBT9b!76aBgUXnK9SeY59;b
zYf7Ef=VS|s1JrC*N)Rj%#<C&F7<W{JDKTy?FL1rzgOfp>xr*)KG(%ajpf(5Y(;#|{
z<#0W-q~CV%Q#dTN+^zxbAXDE@Eni8`>VBlbfoOsReqcAVWu&E{*zm@oVI6;TP|<Dx
z03ZNKL_t*jepV6&GuQe73il78sc-*W|3oqbpZRPwyw?n1r@+jFe32mRA&s^81V4KN
zRD4CiV0KF~cPmgz#_r8%IY-2ipqvJ8Nh2``;C5J+XU3F}Id)Mtfz{-nx5cLPvYpsS
z7TNzgIqXj1vFTE85jH(w&@jj-=~?<DU$lC9ZI~1js+&_03pkPOo=b&Li8U9%6^yjf
z0>+V5f-h9UJlT|oW(dtIKU2V2*d|LyJ}mc5qZ7hOM235tXvC<x9?`76xXKYr5Vxww
zWA~g|YASmSQ<XM$N5DE_dnhQ9l+KU$58CX?V_yZu<V7l};r%JRk)*R|V$YPA)(`xu
zC8HKwLB;<0!V#BITZYNF8xs*M>V9U9qe>B!>Y_Gh0kT$~ywYIxW8QR9VIEQ%<PCD#
zw>sIt%?yX7J6x|oK8ka5UiaOJXcNW>d8Vj_&eRTR31<%JuIBJ1JfKJ=ly;>RomAOE
z4*e8wF(L@D8$hM{a@2}&<?ie|_UxqO1<?Jhe8Q^Up|N&vd1dXpK*zS#9mp|!ej&r3
zqX;LDix%#?D&DvzB)9{+)6tm#b|we0?bFDUG9z;-5#s_A9_=si{OJ|`_<DzTcXudK
zL9AFHD5N;CG+U*`$ql6Em-`Rtgy2vShn6E;pBuY0{0DWlOQONFR4}p|*W?7=?4xS$
z3tFy`Y~U^#sMe(R?~Kz}+Dw2C(Zc`KsYZT)M(Kx4MB_A8+g^^5gfSx_&5D!UVJQim
ztf7=do=wL{L6fNl#Rp8sU~rN~oH53$J9&^NJG)eY-1klTSO9WJyURPciMk^UL5C}0
zj9dFTb{2579OS!O``O}z3{RZ)32qT-_HP2|9+?VcXRoU7&)J(;B601d-+Ni1skRsi
zY7z%&=#H^--6ER$FaUSyUlBiik(BR_)%?OV4)B1-xM^C{vHq&n4`kbafQ!9Bp;jry
zm**_LM{&)GDq*4C*~hfN)pCepe-f_DJ*!7ODgr(h+TwfhFVGGa+bd0+tb3_sx}IbY
za|-NIwZVnt(}omnC#*#GQpFd94p9uT=k16s0!;>OiV~!T0jnR<>aU@Uv{ZxHR9uV2
zMiC$EJXF;o0%xFv%dZ!AL2@WEb_&$2iXwSeFzkrn0dz#e1If;K6UT^YfUCUtv_?TY
ziz#9pSXTz{<oqyI1=lpV4+K4w2lgAaeTg}BCu8ws>De#?{S$C9i}hA*#1D2}3igiQ
z*x6x*AX0>@xRUL~T1sZpzL2ftVr&@n>z}i#xXi$V9^8E*0mx~_)$R(<KYfm8ufE6I
z!#%!@W`wLDEu;qDj-hBDIgqyw+|gz3Jytt|QB?=Voci91JX=cMJFxiyW?nkCr=gFF
zUzvJ@{NyXosutTZL08civJt}mImPIQ2!81Y{ETj(zg~<9CwF~0E`sl0-{E(^{~F7i
zH@LjH#{P1T>EaSoO4zx?BqKpm@{T_FuGu4VAZ|s)$lg?v5D3Nhv(6D{kquT*BB{9|
z*>0B<xyJRQhPlUjGc{&1y6~IGWfuONkrRZ7FnI)%H0aQGu_1X-Uw!$+6%=k}H{Iq6
z=G2^TObX+UDslvfoe|5<UUesaCoF^=CAX<4oE=8XG&|e#u?)1u@NygY?4hSHl8B>)
z*&_oY*GH%&p^D><>{P<y%Xk^~K&p<7sy6#~R%x%%eDvJo$ChmDOEYb-N9htQQ!Piq
z;m9r;4qWsd1f)AftJsc$7;g0G7n01vhr1o3YZeRy$>OX&>M&4;cBI`X)v0BbdhUHy
zF*jZb`lAyUQXhMpVY-jG;%>f4*gK*jc+16j<ZvFth$%L`RL|a{7Ksrq-R${94fr0O
z?nVbiU!JPxG;s^qayV(En4-H)gf%|LcN0t9o?+izxWm$(v_~&HOxn0Xk-X_{>(t)A
zf4-=c$(7<--FAou*YX~{p==K&h24rDB0Rvy!d-}{YF*>y)r{w#KgAcXKEdtxcX(3@
z4stToz;}_B&}(1m$@iJ{%rvAQawgD#N(qA0V#-@uF!iZqj7rBq8ww&q9-wI29P!zt
zhpXvEf@3o<0AqS0|L4Vb_|xjMbZ^Fy&i<D!L_d_BH#$j-&Jp5MasqJT1>YUt;_W~F
z3;yw+e}$_lW53(s^6~;t_D^tqbA_i*AK{bdkMQE@4X&PEV|OuQPcyRT62Y08jf@nO
zQqdl1lc}*&5;3O4;AHH*L~Q$@m^!j~!HHY)u+S>ayWKI(N`al8ZHC4vG!?24P3EIV
zK2!{67WrC%eFq$Ha3d}Npp=YhjLwXUvpd2!Q3r#nFoKrBHKHYTix<@m*OSO$$Z7{+
z99H5uVsohtKDon9Om6t;85hw7rWS4|eKFRIntSX)z=6uWBi1k~RUp?snWY*BcI1Az
ziD>P1FGUQJ%PfuB&19m`*mZQ)2Mr7+9&|(0en0sl+K3R+I&DcogzI**>$F@NXrR8R
zqt2#Mj{`4Gyr?0V4E78Af?hfsUfqzCRa+<<lC%kg*=>>B#e=yYP1&bD)~?}^78j&L
zA>=NaRUK?uVy|PxmB_AcYTmly-CoZW>S-I=R_!z%Xl{B6)&^mbQqv>Z9!S~}f25Q~
zx-55@UcbglqjPPGedh)yQ~Pe)ediYVI&+%>gUk}o36J4<>g=jS*zYDheR72_zj%(r
z_pkB#5BK=)Zh<0!L_w6WV1bfg8dh8Kk<Ompb10y2<wJE}LDjm7pJ>@W1QeyVv3SUz
zjs{Dt4^1yRp!_trJdaZ|HJ5uhkpsi?pdTeO{7|Od|7bCzGa}z8(%H+?q6?Pt4!0-Z
z^{sgZ5Hc$L5h-QNneoZv$N2e=zQo`B?dSN(Uww+to?K&|CuEtd>0?@1QiaVJhb0&%
zC^MLWlo@k2w;G0dbf)Mqh77t$KcLhhuBz^~Prl1)sakCNa%bCNFc|a4&I%}cxTkwP
z*n14a0*^G;7Uapki?<-lwnrQjzXyk4a<omjI<mxmZVoBagEh3en+ueXvxs$u$^#?I
zRqnA!j+9hV!$E5&Gf?b|f;#Azpn6xCsvCX|ltWQ%!r6fc8PSNt%9Ok-^$X?6tMM?X
zOJrDqT~TN<zf4wb+MODcP+YSb7to<537l73XdJ7#7!dksEb*4z5{F}75%grgX4)2m
zKxvetpjT3hN+4Dfy>dUyhX@mcVi?G-{URE2jE0b}R%WS#Vlm#UXcMJcN-bIgpfE#G
zIMa+gSgtRvJqjH?V3Awr+nHl2B04<Rh=`jGBZ!m{2x#G9F|GBu3-+B>IC+x}CbzI_
zFbW}~!{cZUbqJ1R^_>Y}FdlFBu}JI#sj1{69iAdUuz5^|W+0*Zg9v71&d|#XeD>Kh
zobK=NT8=2cd55C}%QW6R+r;YCcXZw+ydS4M!gm#;^EV+66arm2E!wjqL=7@;hS0h#
zbb7W3#rpzv8h6|);Wwy51Ev_$0M-(ZhoUO}M~cc{VzPS3&0_WW*z$d3saQ%u5u0uU
zo_=-v2H$-927mnOEBxIbe~SO@@4vub{pdL^rb{HsU`_^Q!GrOb++38KUmcMZB+i6s
zvWYwNfQ*7VXnV-@PvR!0%tN7q6}#k3Uv<ZF<KQ_Y?Uf?xWEO|ohI>dXz0;%;Si2}l
zta1iBGb>2iRt4>~JQ%S5w<}pl*Hig=h9CU?0OU+|Xp@Muj5_w%J(ILK21HO=qcX-K
zIx)J;sMBjl{cAH1^$*f0uK^Kir}rk&A&pAg5}kTFU<+rfK9PlYDQmZ_sV>$Hr`_h?
z<`*C-fvbs9qZlVvXR^?sC2(P9D3K{FG{^;XirMMZ%D|%9ix<=!6BH;U?Ql#mCkEy5
zh+uOB57vz@^~0Ey#oYzkWZ+klXw?sn$r4diS}byq5lH*)A>dAQ`}(j$3Dq~pzvpr8
zv3FGE^<+UE@@ay((0h?#&0U8uvIU)v(wxq{=(|W)0&)y6-qm&#6BoxdkJR04-=}{j
zB#U@v7wf4<o^R7u;f@$AH1b{=3$P+V=L<Y~4E*RP6>qEH-J4hV`qdj0sn!Va;5n#-
zb)dlcLz*_CRUJB8Y9ZF+qiw~PXk=prB=SBfp+4Z4pl2+H)|B*q@DSGV1Y7^Qij67p
zU$ChBxl>h#=-w9|heeo0Q3Ht$p(*4h#a-HrJE=GwPPqN;Exvj61}|TIi~r+)|6Bb1
zPd~-8=Z~<P1UY4!PBMX*o3EWZ)tdc(hzTj%bIqao)7aM!Y~#@OP)Jv_M?DZBx#T4W
z2_YT}rZ%OKH}YA@Q(n>1UuCow(tysAi+XvL(<Va!QU9M<r9{I*L(~p6)gM-7v9|gc
zo4<ZI<=NRu;^9yckd~UckspZCv)vJ*FQsP9qt14d&}@V+lQ=cNN6hY17Pc~-%g?@l
zNg$-6h?Mex-5UJE0~994SSiULCUM2GS8OJOyTalqj0|ImJts6Jb#&UC2${nv+vBZ$
zsjU8G*GA7~5LHZBu_HnzJLDE+EJ4ChWA3#s)0cnbx*Nstg|ardMm<VcQ@7LUynbr%
zVertz*<|6GZOc<`>g<?6Vp@t65ebhf5K2>6OY3y{Ml86a-9{v2Q{1c`eZLW8m6(MZ
zb=jJMlI&;Gn9JZ&0@oIHe>;EBN^=00M$vAaco;;6ka5VA%AT<#=sQ2wu*K)LLW}oO
zgB6te(VAQ{QQUPQ^Mw6{;?c9m_(=j@-M_+{U;YN)y?hA?|3+s!R;{Z&%DG~sXGNac
ztSSX#QKLo)9xao$MQ;?%o+D6f?Tbcw`3Q9dL>PzqmVqb3uBZ&;hWY?Q?tkWg9!kgE
zrtZe%wuF*K1xvN$VCIC087vi*3Pk#qD>&hGEqM3(9^d`H@9@pHcX;_XpX0y$m!IJC
z&#&?H`6FE2Tw<PKXNU%3AVz}lhzKG@O5zMY+eb^gIoJ(~Lyw0+&qys{HIX7EMP@60
z)CLLL$54t!u==x*+U~a&XOBkeKxm)50wql?H%&+fQF*K@q&X}ou@Q{?b2+?*NCr;>
zOIev)SYZ%l)ODg_1u1y(XwX`t^r{_VOvb*buG0|@c~eOaUAbs5wn%|xMRtuRuu)^;
z@nAOTbngM@2N?}mqjC?+F=iK?jo7xvdrF8{YWuQ)iOmj)L@{ebB$yD6379ydvoi>b
zMg1~coCdpjCL3Ez1SrLb3gYN90AyB73C28P1JsK|Do;kK1*c-#gCZ6IUWrUFs_V$`
z5pU@@t>e<(*|0BA$E=jqVdR~ZI`ufNQ$Uj%J13=8{6W7%&_W2=;e>T(?L}G#mt$1x
zsFDj|B@QNTS{Y4-?XalpzWT0Ygh4rezjud{j3%GM2r?LKV<QvknL@4jWUda&P_wxV
z2juo>4P0qzP%n4C*C=4pspvMD3r<>aFDD$Nf-iQ^d5;4V7FA@wr&lom8wiVW-tBrz
zSr&}YQII1#e$Rd#%u9ZViyx+$bG~;p*ah+MJy1Ks^gV;uZ2{6vVbU{D<bMQQ_t3O8
z+D+9aw2wV<0;wVkVFDv3!qI&}M8<+Is5s%(@eTf;-yHDuH(%jLzx*A3^yw4))tArl
z)1Q2XAAf$0Cy#G%x!)n@jFgg5!I?c%XfOzl96HesXwl%8*G_}*&-1-`g8ji{es;dE
zam3I~S6%bxj8%m3fks0UCIKBtqk+r@FMLYzBy|#51h_^a;~t4^(~~=$us5!isQ;eU
zfYRU%sK`??F=<RXohB-SX|{RSnV~BAqTKZjjd3xIo76`#qYRqWP(lx+<H3upi9EeS
z7Ph@pi&zM!U6%HRG~Csf&#C$fmaTYZHmoQ6<itgB0l{u&B##S7i7;nZ^;?^75!K8<
z26(c}CgScxB}E{MnI1-K!8u#uQtu8HLN1;4R14u`OmQqkSj6pSirpOCD9assQ>|9q
zB<zp4!A?9(NqtM`)2G-XG_gUMwTYOm1L0UiHnYXC(okn@X#{t5AG~mBC)ZY#@Cfvs
z5H*`VZI<~_EW|BZItz~)eU%(WYu#<wkPx~Qfm~z8?f~wjiV!xF!vIV}G9~q*8fBGz
zvSKer+HzTZSt~=}BD$n5Z1=Sis#M(Gzr`QE`4+$X;~(+w-@L@{e*Z`O@y#vX7Qq6+
zOu$SuqzJDs^$$6y8=+zo=2wTG+`cCJ0aMR7K%6s2U2~n*NudSn2=a_|K9g*UoSxDC
z=zl=b0nP^vt|zA++0rbZ#pD6AFC8l>CTmZOVy~kbNFg}koi6yr-4Vb2w_9BP?kjxq
z&sX^3`7`|Wmyhw~k3YlbpFP5-FCOE`%_T0bW=y*YDP_x3inLhmE(e|Qs!c8v-6w}u
ziPUJ=i7X^AC3ABbCTk*XD-H1?#MQ;A5=E+u&na<VMR+Qvu)~7F5F%8vT{E|~Zh+DU
zNsqR@ZR$I2?)uOzPN3YGqIsSHT{@0P>bSa{@J@xcYNrC^_+oT$)#CLd)H-YOf)t%t
zD@McafHn_^9}uZ|xDBsOU3eRlROELQ5J&{G<90+g${Jq=pls3Sb7o8q!4U(y%ufCj
zV3&X$13Q9F0L>FHnUgnp@D(o=I2GU+&e80hzPB7jp+`bGiv2Yzn9Ma?s^U;);Iz06
zJ7J9bu5Ah9B0DlnJIp!zjBK&&jcV;yCM582!Z7blg9BW!%tnNat1m6N>z8CqHr3{s
zO+zGi(q7BD0|I#w=#InTHOP%kV;*{x2&tM>pixWP?uQ0XMDM~Xnw>q99ULf5FLg}H
z^k^X<wJFdHdLtOn#fYJaQd<^_>(<PR%J+>FV(cMjD%lNOWx<<Qukp)Y{~G`FtAEF@
z{_qvPdiNS{PPcdqGiEL5?g}yaPs20<oR3t%1Nx-V`!2L%;_w(&lh&HqHo|Hj+Z&D1
z;$vZxGqyeFia^~I0R1!Veg2Y#iOyIt<*jRjcBCa(gK(JwYmeK`ZgUkyNmrY^1t+bL
z<%Ij!clg8G*Z9{z?D6=Y{vFR>T;s1ke~zDh{v1F4@l!m1evRwLm$=yPuuln@vkUy$
ztjj3itM0Z>J=w@}#O(hiBIJ~im?7?j0O=$#aU`L-Fm~|>7j{dql<ipr6F5;bjU_Qb
zjYLzp5K8R?7i!(%AkYuoPqiB$_Y<w#Z%L1-knors3>osHE5^Gc;dC;3a0VkO9G(+E
zDi#5%m}y^9bDu@?2GbQCG#=qp!|L3-uEEBIN6;W5Zo?L*T`*~*pRiY7Vc!*uVSX`0
zb6Y|xtEE0VO*tunGJ}&vCgfyWUrGd|1eyTs2)F?BA^{f}m<hTEFlQh!l#~1GRp9;r
z-1#o3nutTI07XEj3L<kkpz3X=W~0(qF%hO}-_b-j-(*O>HSp0kb8Wk%mT(#ZP#3f|
zCW|<7?@TvKYm~;1Y8FtfD7iBMx@KYJQySmqu(Rv=ChC-PgA$3YVVOa`gk5I<#X}Mg
zTtbIotvJ%aHXrD5u6>cvb5LYMn@~{`nj9fTWOTCEo^mqch<BPbJn+=+=PDttWoI2$
zFL(ptqa+9{5wxJ-_3iig=U@C1|JOhK694q=AMm^77E3+0RM`0Q8~}(qv&wzI1P=%3
zozo)GX6Hoc5UOkz_84?WW4w7fBNUYliDA265}XeQ+!h)BK+*Zn0@cw5o(xnx;9hpI
zYKX9l1M&<-6@!^Vhu4BU-)kHMC!D}oaFhdX?{D#k`|pvzyTU*G<||xZ?eMctp5Sl3
z{0x8n<7fEMXV38L$u+L8F0soKb{Uuw0lS1m3B;)p8Ir`A;rF#~qmrW#5P^izt6HNi
z{)}Z0oz%oQW@+cEg?%z+R-|NpedheZ(Ci4A8uVVmH?j>PZc0r(-leg#-CY8s#Z=QM
zdehjvDz$6p+`}(_c9C$E6HaqQO2GAAa50&Q-y(#&6Y%Cv@b(T^sy)o}GNF`e4>jCM
zNc%4Z$V~lQ^-iRqq{zx(<reX4uv}enU)Wh2;*@i8fg>|JFW;+jJJj6x)a_>$n94ah
z+l>jB2}qK_l7QK>PtpRunt&$+>}KfYY!lgjMtQ2BO9puHz_yH#S<{KFa$KE&WX6Ix
z0XPY$ET%9#GU$$=?*QCY$Wc*_)v3`ZOk{>n2|?~5chB&ZCG}YKpki`Y4LhV+8+9e9
z4apR{2+LE|ARX8-m=(>@A+%mVf>v%Z$8Z;7xaAX(K-v89xXcD^W!sJ=VTY5b36iyG
zhS1)d#g6#<Ypgu&9Vx{YQF<fdyDqp;wZ$|D_b@bPGvo~HCdRx|q*TFV+nem&rKsh6
zX|*n~ia{8)FiJ_NNsMWVY*Iuz+OaRdkqeIXh}&|&_pjdJ7yt4*{Gb2ukNEH3ev8+~
zTP#}4Rtx7GsFSl1YnwKCfWq_xq=qdVw{;w#&7a4DGVXNJa44V7z*l9X%XxoNS|{3W
z-=lnlT=1W*An9<yliwpLM6ya);KO%FQIMRnAM|E(lXqSF8U2<vKY9SD^@!sw<JDcp
zH!ok~zx~VCc)p+U`O_!(*|X<({`3i+zj%aapJY6Jc7exFFR<HB*zXc{yFGH=dt*t+
zY{||0SuxECoZM9e=CPQFY(GxPJolu4RZujch=RpQ;$lTNiV8Vd!bJSi;%XXSz|kZ?
z-AYwFemxTI9I-)lk-U+t5-$$-Q`dt=e5_D6pLViCQXo$WxM4u22}FX+S+PrmtVTcH
z?-^MHNeIj7Xq9csI2;LYPlQvIE?|s+C-)7E6|$0^F<0!IdQxsm`jo`GWism+Rfw4L
zw>lj=B}ESCDE!H|f{9U;vA7v%+6$D}+`|b_JCTs8V1KHZP71y|fTs+eGjz(p)gI}j
zz-0m^uV`9~oKXOr+>>sffJ+AE1=uIh9Gl)5DA&+y1wF1nQ6yyWBEazkdV3FjTTtIt
zl#?gRR`M`62f>IyS}dQ)Zx(6eurIDx#0SS}Q*GCgBz6u4O~se4zI$`wjYFU2C1@{M
z43BP^UOvh@D@esye}IB=!6Z3^;vlxYl88cUF)^uT_l^*!)B~WCvlV$YDUQ}o&4Gfc
zi2_?lA%NKh(bL4(T`=}H6Y_;ydIs+3_YDdIg`ta}3ZWFWqLdX!0ZKLd7%IS06^EtZ
z{{Do!`+IzUcaQJhzQfBmM|}OwEq?WjZ}F?I-ryx}aYX5Y<@Y8LYmkz*lHG4s{o%0F
zxybTzhD}yCyCe*MzkWoMb1vp#Br?<=c<6sD8vQ@27;WD}d`}a?k5d~;5F{Q#cnC&d
zr#APDw7I?ySrv_CTlIuPU2v3lczv4i+c&T9i+}qXGbdbL&iL%{9xonW<MF2#c=GfH
z&tBZ%v(KL6`ST}u{%D6M*E{TH#cnr&rv#piw3U#+lrixM*#)L8@wgCbHN)g0Zt%?R
z`k;*J?AjtSq&AR~BD6)sP$Ro3l92l;2r3B0_us_g&N$R|+r;dMM90#q@5We@Po}jC
zswpAYQn1SfG9@fZczY7Og&^mODH%?=n-n*@3QD%yxvPpQ1uV(%`N3VFA#u(OqtqiH
z8Y_-R^DJM8sl##HdG^`uCnN<mTpFj|gHxO1?$j7p+VX2KI4Y0}A&t<&II<l?^MR2M
zFu$o>L9Z9k_khj}nz}8B<50lj%f~A-8l!v!C>zN^wcYLpu?jRL-<vS7pMaABbwOr9
zE@pE-7xJH{E<aT<>l^PV>ODiG8c{*8l1VBmTFj(-KUI&UNJ0=zMjZ~8BMlA{JwmmK
zS({g`Pbt~iEyR5Z8II|ugJ9%rJIAaEwGxT|C0P~EP777x=A>bVfY|gzQG_wb>YQSi
z+(6RPbMvH_cL{mV$a6y8Wu(gqbd`cbYDLJ#Ap7gZCRiMSv;e6XDMcz_s=#RhZtoYo
zeRGRHeDw`}^VJ)C|Lq%m|MCtm@803{@g8r=g4c%=zI%7VD|v@|Dp>p>=GEk4|DDOg
z9P<#vAyIfYaMwAv1Uj<|d1yj;$R}=_n?z?0O~U(zqw)cI`u|^AqW@XK*v5<nA$wAQ
z`F{{jk!jUpbQs0ail&v*2CDxV#nxQID+&%c;9I;k<mQ&~)gdE)L*ReA#?^j@PxgB}
zd2)?UK7ES+`tuj~U;g$B{Pbtf@ci-y*E!i9mUE|n=RlKExbQ-SQBMjH4<6-$#L0#J
zZkQaQooXSdiOeR5DGxq-ZW9C>1hW6Ut;`7}n0mt2tk<v;Vn5Pq3v5gpZY|Q?ZW`l9
zkiS2iu-hp(&!}L?VnJ?~`-*AGxSBGsBh-DxvM`oXaeJpIR6!Y-oQfpfR@uevI-HSa
zaYLzESFD{#9BwixrYK?0H*&!vD<&BZE3eq(5uc`31}1l0NKX3(1X+y0U@(qPZ^<Tu
z<W9=748k){+ENivX}%fIiJ_MhaFwBw0VGtK{V?6xjv*;_r&}bc7TdlM=%}ER5gov8
zoa(XmxL`{@%eKr!N&si0`GJgSqW(2j1zs!kuvjGe!RTz-kWSAUsbX0*1Zc5%bZSYl
zb`xpXypSdDsu~48dxm&8U|Up^d%2-2wzX+0oIK4w#FHQ~FndhKqzu($H+kwn5~;zm
zjUdR$n+#KtQwErmU5{)zGc=jS5vK&+Dbm#px}JbtHs0%Gh0ESI0ZZ7a+k}b&;2@xR
z0hS6a0xE)3tXRFiKj2?~^DF$ffBp);_~mc$>(?i|eSM3&!-DU%;0|WAx=6vDR2*r+
zqWaz;S3!pD6S=#BV%B&LjIA|mz;?QV#?DO`^g!25AMC~-W}N8{oWjoSx9C4<(fJ|&
z;Rl4WbtNOWZr^3=y}2F853zGv{sPdXLY>NQUUm0%F%9J+cy|vR6Y%xRJ%07;ukf$`
z{RaQ{kNzG1_3u8x-~F$Dg}?v#r}*T>Q(!NclciZx8O{QkuZoZW03ZNKL_t(0vlyG$
z1O3>W%>vPC2#eberI_7WK$IG5HmObcqAuKZp>5?b8YqTB)zpLf+;r85aK1`mZGv5U
zEwtg_|6}jXnj|@rJI|k*xqC!pW?eWM4R(`FHk;fbS7cUXU-r}P+kA~#*$1w0m&4)F
zZ1#owD%72KM7X<|>OPp6yG2xFp@0U^0J;JKsjAGX$jk_LRnx!zkK)HE#gEUFrtLhP
zSA3hG7(tOy>73Dt(KZojTWsO+gTuD40?fB8dPl!iLZ7-YdACzLXKUrj<jd&bi<?3u
zI+xQa^U_+IWUk|~t|{hRj(qy|d4a8YJZ)VT>$#AbC+P}on#AxEr!)>4Z!}(zHZAxP
zt=^?f50^(R2Fxk64r_fPG%P(F3wC#jog5)@kF-`?OqaC~aW;Z(W}6&y*-iQi8P_Q+
zCBhIpXh9YozHPD*Xvm#PtLl-bmOLpXW*_)%#9t|F6ncYRVLQT@bYZPVEXH)#govR@
zV^$)OP4ah~c2Sapzr@-sbj`ad-z1h!`937uwr1v0IT$!i>vL(9rtvi5a4LA({Bt^F
z6_C~vt;ZxY0So6kT@TWbSdObMO_Sb16Vr&%`gvpGQWMYkL^0r+mE&rd`V`DJMr>3V
zHEnkn0z-mr86&m{Ts(QkZ~pB){@;K6J^%X2V;){zaHfGij`XHniLw>VE)l5(jAqa6
zPKs+-iEa={xm+a~SVSlHa$z<t-509z71(KZpfDbq4*U&`>`=4QFKBMx^@s3$n(qG3
z9Ljx=Pe&fZOXb3srw_4R_TXeLK&9FIgC@CLzzvk1wWVg&#*vPm^Ua0_&n|iQlgIpz
zf4k3r{l#7W?(craFaGvT-n{o(V(fL$whfId2XjTu=Zv_V)*4+#N_0Z4n#o0>IN6jm
zrIeTexrt;bpt!w<5_?{}G7FOzQhbh2lymPAJFzR8N|z@#o5KKTK$pKzMBKzQZdxxa
zozGDL4(%d-<yf@PbU>3%zcFL}i>BpXj2v6Trtz%1$YxZ=F{Pyza)aQrV?n0+W#{1J
zkR9hGb(2-RS;XliEw-IxgI1qaz}dy1unW_Y&sep>vT+;{5Z8irL><$c(kZPMI&b*a
z;g$^?HE`sydmcGiAWgQ>2nIuwc2y@0ESJzO)4s&T$!rleU|WPuzVc&!f{3|I<<XYe
z6e1wEFcyHv*%F*bq|Np{im?R-gnqJ1vdL~Iv%QW&f&eolB|(u*OsRa^HZlCnr$op;
zz*X8=S%~;D6~wH!(k$xrV}=)H4(uUE6%(`VlVF;sAfK5qWNj7>X|f8hJ;{2lbe%}+
z;g*LJpQgb!|6e5GLM<pu2EVO9lXjOTW$7uiHmg9PJGS+bbracIM-_>gun{wUuOWp_
z#u@00W9007%|HLg2mHf7{*vFn^O#Sz8?JTaoRL6eL>Y}KzOta3x>tURWUz>HrJxor
zEzRc~twg#B`540uFrB<aL$Vuwl`kL|$N}2<O->Fkvyb^MHza?<&t8DlCcAx?oVL=8
z)JhC!;m<MIGimWmDeTrSfK9)Ab4sorsxXkIbH_+CZh3UJ<>Tu$A3i+epMU$5zyIl7
ze*QOa^A|sRn;-q;gj**omaW6PNFymS!bywKrRgV2b)3tDo4n^tM2B+k&K{yO7M*5A
zKlwlw*q+H2Wn#|ddg3OF`9y>;^XZVTl^<SNQA{dyrSX}7AY%@d^G4TrTAvs~qdLME
z2}4%-24##X@1=7}vlNb&!X`HKeLzRekp$`6Yc)?fSu|RNQsv;=ir~aC;uxbMO(HV1
zlCfQdYfYYXmZUw2A>%bMN-TYi&MAH=G|NN>b~=Dh!dBO$$%v&xjs-h$$Z-QJAz>&b
zXm62Tv?eCo7#Xrlq2&oBpSH(<#1fYs5-lgDiErXO`dnPw4!RayjreYn3bhq>NuSD-
z4T$6zwaJc%>I9v$g(e=aLZ^wAt`T&cGL90}P~pm8-NPp0`Z2**L#7a^pDrfLw<Z!H
zj_GqI6Q$gW*w;C10dx*oximdCd0I(sk@KF-k($rSVT&v$Pok=wz5dLyVPg5&6s#y!
zrFE0J@0533M64PACI)01u&bW1?itn_hN~^Z`N;N6*_@xUy}BZ5OB{^N#fHxxUhq%<
z@d3a6=o23GJ<lvKplox{-k1%4r*J*78;iWp!rX>pNL;2NKMSa3rtj9qlKx8;w67A!
zAP2NUH|d^k`aAZLjo`b`tZIje{hi$$&0&+FtUUMn&-0LC(^_O&2v!a`@-;Q1=U;2f
ze7#7}fFB3?u;IENd2)WugZpRv`$vy?>+R3@>5q=NcYDR1Wy@;eSS&rOTSu%;PB>aF
zS#%voEi4udUF+%E7T@^9GL%#^{giE|Nfwh+XuY^eNUm9WqRvkts7VVMCV$X`3J6ZZ
zRMV`O4o_|qni;t=X_KNrGe#wZ!fq0LP{v?1eOkniW@w05uw<Z$qA`uJ3yU;Og2Tim
z4O7ULKSgV#Wv-nR!ii4Vh|oBn{oiIECBtZeRkFe+gviy{aJ@A)1B5YO4?cODtz%;P
zZ5mk0$gu=gU1Fd}>r%mNJ<>@su4{7sP0{4|%o_9gG8N4X|8g7;sqeSBa%etzhbAq}
zM-OAR9XFRw>mmJbF%>k`6pieiV(lgsUzAKT-O;{FbqiTGW_#X7BqXT7d(3B$$ZVc!
z08RuMJLnY)F@3K??&wxf^)3SyUHU$BoSK!C!mnw!M4OrsoyS&f-rLv&cTPDfg#aS+
zbTdsm1zN+X6-t8banyDMPjmAs(yO#VO|NxKQ{wRWlJ&<=xcc}JPaizv^vNkt&Np0~
z_FSC{SL+M5!<IoEV-VI`<?Ld^!>enaj$6(d*xF3j)$DR16MdZ>k>B$LI9<0*)vVkk
z5o8Vx%x|pi{Jn495&PQ`s(zOyC)?Z6?Z02O;KWyVp=C#t1{jLVd*v)ceaB`K;cx!u
zE?T2N(8vH>gqDx{mgU1IocM-i>p1FQ)jF14!}6$Ob+Y32@rsk9759!7+`e<do!cvJ
z9j`b(Ip)sEF(<c<SRJ>l7A;*96N@?5WkIk`CX?bOQxQg2q!&dqs%hsWl7m_Ef!B2E
z+*XZUlav0GO_$z@=6Vd7;g;yW&Pgt`Sw)*+HX-7?n{4^L2r=81ciB;(YaPLjgqUgH
zIi<58Sb>Ntw1x6Fc`+rZ&N*mYvchPaT<pwo99p&;VY61oJ`w};VhkC+QWJVyl6#E#
za%(+ZPVz|8PwxDMfnwQ%r}dcIJ=dA+cmeMeSG?x>pFd{}VtM$th*?BpNRtyla~E+Z
zG%}{eAsd*4s>}SmX~iuTCbZwA0&dM^NVQnJyIhqk8%)`Y{FE;3S(dYFb|Oh=vF6NB
zVdgVhX^2J8X@!zFG54(O+NQKSd5*7D+$W?uk4~9KJB?_DD5Qu}i~dOFToq(CWSyM8
zav+!t0X@Cq>a$Zm`sK%b^s5i}?8C?0e{#*U^EFSemGv;N8I?W^j22RCJdVMHZ3y(H
zj6`~~D(ZVSg%zt@670o=F9WwZ(xzC_=oAHD6FJ9rUb$~_Kl6Rr`FvYUJAZ)YUU;~k
zVy-(M5sGt<E2N&vF1+x6)V|H1#ei+{H`Jb?cU<>ZTu=nQX>a2ihj&ea&!wex4aeR%
zS}wSKbj0n|f;%V2ym9XhUVHrxcV1ud#=Rrnd~L<+caM4P&Wc;Bj<#(G3uw&c{3thD
ziixJ@&*|8L%P}UJ1+gv>9(3;5(X5KsNag{t5U$M8gb-+~N$d$UXQ<C6e)R@VvwvGl
zVq`=S!U#<eT$_wc3*Hzd>2<8&>k2J`IG;$C&S+cD(L!jN<eDH3nkK1~#rY}lssp;{
zxg87}Jvu-?3d3j&y=NFAqosxrozUlaZWoOv=0fj1(xv?bO_N+C#u3h};_PO&mXDbC
z`R{cIU1d>jbHI+Z;JQ4awDVcF?K9BkfECCBY|Mdy^S;hlq)|^|_Q%Ol$CN*7hVNvu
zhL@tJD)~`DZYWETqx>;JSf=vt=G!mrsCtYoB0UL%n;V;yiLkggOp39}>6>bkn^h`O
zFk-14+hP{Lx`{7q<@+_JpGhR|tR^M8&(0JnMx2V4j^$kEL5bIq&HZPb{>$(A?Z3Rk
zKmEsNeEiu{o?i4k3(7h~He;gL1__Mnl2b#rR*7O$4p5{tqd6j8cN&oG1`XaY2?Qx(
z=4_jl-#@1KjET5Oli6Bzs%ve&`fW}u_5*7|a$p~~cf_o4h#4AAUWnPLhV0g_S(Kd*
z7`2sBg{psRuc1Bnr*!oWHK>p;Y(Guu>35GMB;ArVEP$0urmu}}=$0*aj#s?>+FgG9
z<9q!1PhRKeKe@$Ee)=PR^y6FHIyzz1bu4qdhGxxU@ih&S;J!x5HfL#@U^*vBC(UHc
z=v3wKP#hghXo@h>EQvHtY8ALtE5JFEXj-;MApjev_#v^c!rthcEM(G|vyrODSyImH
z05J-#HJpbS(=#~VCF*Z^g=dpAWGO6{p2cW{wqd&t^kWig6;}Wgn>0P?4RVQ!J-Wog
z$`>0~hKq$N3Fc>r&lV(Jdt;MDx>za1OH4eHu{;q!h04J)7u7Mp)SHQwlm32zsm9cd
zD6zn<vhES)HDUd+G)>4f$)!DoNi*e?BzK1~_s%#!r-k(KoL4K-?x59^v5f#bdAM3Z
zh~<heo6R}WqfXAvZn%>x!+yZES<GU?IU0F3lawji#55w~fDIAd26QvBy;$?)-KTu|
zpC9qT|NMyG{PttsdvMO#X2V(o7v9*KGDgiam?nX!T9zEhlr~$MQm9<9Yj3tHrD}&l
zY<mnhVHPe=PUR)_*Ug`&V%UWW{&8QD)bQ%@;$~DwXw;_BGQq_2iyTF!$PrI*#b;uU
zxt)>9c5<rB{<xlfFCx0=bQdRHtyywtFaleID@{~$86CcN+`qWw-AAV^-ur|*$18q%
zZ^6%g`WFA?=Wp_tKl=%P@sl6%<{L+x9C!FuXq=<7Hp?>=XQ?TvFHSR=u%I>}9gdP~
zmSAzoyIGMGan#rp9yZ4qqz08?mpm;^hL@EamSp=0bx9N@QHVKHsR&_9NLzyA!n7bu
zr&VP=xO_TEhJG&F&pJ0|3ZkS$TbB&ulT(nJc<UN9(G#_{NzpVJ_%b1Y1cgn>k``pp
zw4g8BN|*I4U5j<gWDDdh^N~A58j>icl##Mjax*=9D!9!~s99mo?KYYm+dJ`eszNMt
zT%1(X$!zuM_NcywSdYo3iV60U70~n!OU+ZYIY?(>tofbhF^3E7x5nZqF_V|Y=6KSQ
z(L^?_HRHKbE16z8Da5lpAnAqz8U}2;MK7<2pPw;2J?HYtC8y_Go;<za!w*jR;Dbke
z{OKhRpPlh+STn{zKv|RETs6t(M@21*a|>_E<{f}dmP!>3m*<T_UzD{I^Skadje+c>
z95eIIO>WHvvXH7t?+R02L2ZB7!@Z!fAIwRTVr3>%Ru&{*#DdKQnbTA!Vkon7#veO!
z!@iIlvHQ`ITwPo#f(h7=bf9Cy)6F%XoeIDD>?yze^@<<A{Tjdc#ZUQP|K>;h;;-K3
zjn|gkI$m+q9nmxm=I78rCHvW#&hhGn%wzfYmJH6Ko42Q4lqOlu*=+gmstgsG0+R71
z?UO<c)JeyZZ8PTxfRa38&`1ifbIw?KqiYh~p&yM+5H`^mf+g`)6eMN{N3vZHiS_1N
zaBfUCL+Yng&+<ciA4_&zZlFpmmN#Zdbg5+cLTbn;TW9nBA{$hh3s|FQYdF^-a+IOB
z4st?@Fy_-%QxOhynpmjvMJBwtkmx2&%M=GW??<RKH&&8ivjw5lwAK2&HoFv;B0v8f
z-GwYfriL(mA303Xq|h+QrnkkHu1sdd(aTRR`P26;u__1kp3C;8zU+@joc30Ua1qgq
zp5gOT^!`JJ(+jSjuDN=0!NX4?Pft&IbaBnojd8XfdAMHl?Ba^kt2I}{mTSgza~bqn
zSW(Jo##ZKCP@U&fk~t3vPxmu~UPKBg%_QzLZJAzcXKBwGCDFc<7Hqfq*msz*_I-OC
zVhUQtuya(=BH85Ai<{yfrpOitjmoq?G)r<5+2i7Ue<4uYYg+k`m>I8QbZoYP%OUX2
z#WnwS{|W#2tK0njFaCo6?XO?suYdLyfA-^h+`V&~)pAMW(k`jE^gFG`9LaG-OetPc
zHN;{+)-0xs^{lc@InQ&lYF=KMi}?+8H06}<Q@)H?N+<L_2knXAEM}o<YFfT&ShXJ4
zdT@#x47W8T8l4IjJsMs5mE=KJ@{<HfRuewu{4`!^T|<*iG$m6pMXF#q=a9ybCWpo~
z4J=!9DX<b`X|V9v$uco3ykV{bw*pxr;_=b|OW-)~X&kUffR6-nMn&FoxoRum!FrI(
zX%dm0#Mk28<_mRig2hVqiP@aiVj_E3wM`R?6ws$w@stK=ad*P1ew{K(n0G-5+B3|W
zYD$_i>6r&L$<SY>i%;NeoSAebjkU0FEL0?n{5(ZFblnp^zR%Ua{f5uqeaJ^2Uh(Mk
zjI+(i_8K<pz{R;|6MC*~&34<cT}PgUHJjKo*p?xy-d#<>&DJkW)Piyg%&%d&Sz-mt
z)vnf#-TWU8>?8JVe5U<^WO4&Oxra|IEt~k19wwmlRpa^k2po1`U*z^?QmH0kkKnDM
z;)@WaK&c6~TV&v?Sm4C`etzGf)q|9E%ll~}s>;S9LlDO8!1_txlMmMX=l@vnS3i4$
zzxkWD`1@b{Ie+uBx48HEF{_oQOKgFZgI3*NDF8O+vXXRBo(e*5BF$^Z3%n-2xcZbY
zZ!rr*GrSRi;2K=^hwCV8js{OoOFaUA<ZzwCHBEwyaz0Sv3%bPCYFu_HfTN{w)HSK-
z#SDc>o0IG`QI>}R8&f2i>m0HWSUOnUfo7RO_z2<Iyl2w93~%owVnR~}4@)#@zsL)9
z0bb9|rs!x&q;)yP2jCJ|BCIf8OM4)TAbn=4UFAPlrAzX(GqL0PYQkaO)tIFQ2*8*d
zL(Ei4o6D#~%CKT3hM_bV%P!gZ)Snu2CD3KI@|YDqRf<lINJvjS?y!#vL$2%%1*VLa
z`TK~O2}cg_OAzL~^D0eGVH}b5ns65ApImbGkN?g)zj~kleE)(^A71k0eBe56=`9kX
zXAH*JH;i#Z^gT8@#!<PjfnX6w$m;Pd2g^T?SxKr%`=Pw)V<0bGi!(?ymr|vz?#DE|
zEId+P-!kWV6z7w3c#6WF$>1e(xTKWmtDf=)HKLoGE@H+p9L4cGhaOfwgCY}$D(^UV
z-{~DMz$!y2T|4%*>yW;!NBpAc$po>qpWoO(Bog$R2M-sVonG-D@80JhfAk^$^>2U1
z-~HX&{PoY@;H|rNIXOC_ZAub=%j=J1k{~5ZPkfTZNa{Tzj^^z*9TwY!<*fuqhee+h
zwNVKg3DIQ(RS)Lz(GZPOOnBo#?l|nVCHlI@j=Lm+jFRkanq<cV5s8|#yG@I=ZC)H|
z4w;iYam)aeF@g?xalc9>QTEjZE%5fVFqbN>x|D{=-lF_IyJ)9^tB8!#q$A?yQX!R@
ziVO&+c@bYo9)?MizVBQFMM7?58Q#lN;!Fz3dls`PLow}KeBO;^%D2QS%3+RxpPP@H
zL}t^CQ*wNY6$o>%pX?*aR)4&Fb76wsCK%5W<4vkfidDf$6A?iyuj(~32Q3{I`Ur!f
zXV+YR_JpfnKj6W;5BcQXPx#HFYd(K+&g1h9>vhl2M+WPYsik_N3R`PXB2gm7h+1GU
zmy;?BF~Q}+URXVn*SF~g(5l&BwsZA3>S*xVxb|@2;{~6WY}n~Ctcj3}TyyFs67iMW
z!=L)@=&Qn#@+F^p*daDB`DRiz8AT^}+LiZFT#k6Ckcq54@)Kp?hdJTeL}-!;&>Kna
z+$ueOY>|tOhgTau`2320`_E7KU;g69{O!-*;IIDb&v^Uoq;Xm-lckY&f-iD$OSuI|
zl3^tK9YgfD|EFc2{4{yAUC!|)9qD4s$)uY0`8n^0V#DI{?xj`i*c0!y$g;~P?mVp&
zRzrE7F`cB%XLs5v4q;l}=OStpoWEoRxgC^$ciDW%rgCO(F<D*~8z7&Xnak&#vVNX}
z)vS`&P1+ihdD(9ydh*U1T#<=!mw}urig=<um$SIJJr+-PeL!<`hh<h;nTSfCEYv-%
zsMz}wPOWGZ>~Y6xV58U+g*-XB2|6t4koDbL_9OF2YD_TPHj=X0BevNxo}RP)>@gSj
zpK$-9H4i?0%Kc9-x&LU(v$LMZ!<y^uhRv{M7<x3u%!(_gSjV6(k&szJkzh)kV&83A
zEGI4Re0Cjo;IQI)A$!RAVdKp&%XBN-#0H^7Qiz%)RKSVgVu}HYc@Gy%r)Y?g-S~)C
zk1yYx_T9`61s&F;ho%sP@-Ekt6dzK^I%e5CUXpeu*Cb`8@0a-V0sE7hZZqvHi(&;_
zgZPeH9C6zp@z%WsZ@>LIKmGABKl}4H`N><ic<uFL?%ln`$+BV9HY}S4@6sVQNP|j)
zI7RG}|7NCw6v3y<u?^Xy%+%65<;b@FX&Wdx#A%u!TujJU*QSvvd7RI@$eiveMt0IJ
zl9^mCrP2eDtZE=ub}ceBjM98;=W=vAsit$mEaljNb*UkV&tlU8t`tkmnqgMx)l%Wk
zwGoMDR}x7DsZ|Yj`WE(bKZ{V8Djiko$)%Le(pW-uQ{@v|(Tin=hRLxU%@lG?Sx!~+
zn%^?3HYGl<<f~oQp5L?;y1OL0dhs1d@L0rs@Bn>$%KE`M*UzrFI=|xd?3#<SD^8!B
z^6cq3pIySm<%Y|v!1*Sy?gM=v8N<M!TLOU~mQG++*iXWkCnQW01ZOF~$o5Dhr6Fm>
zelm8w=U&v7?S_x>C7V)<qmdMt=Ckjj<P&%lMbwCD)5dXED)H*^RU6Warl><!PstsI
zoRXb|v6V1;f5GDNwH8R%XqdLY_9yth6|L$lly|Ph({dyotFGg<Zpqy{OYYrW@zz_n
z`SU;j5pTbF#9MEi@Yda9?w%a6=o-W~i1XRH=%fE;C8pZE&V@aTTqRq-q*_#<ugt(I
z;>d|6Q8^oA_TEf;tD2Y1t^$)wg6tLz$(cDObrp3}D>5r0QMcE89M7u}H0$TPYKqEc
ze{|W)t;>^)&bV5>M5&o(nT57HA=HeuLQ1H9rb-aHd*|35K%^YX2%UCBrn5lzx%t|5
z8l07|yXx#_70Yj${LEF9be$rJcXmc~%w~q+Y&)Q*mxOme<MQMCeE7~OPwzkF$-@n&
zS8L8UYp%A+W{j-ENFM@MQRz1WaZo}CjB#YEDK2?5&8N@g01~JrxgI4Y?)H|<ILr<a
z6jFf*)v~&1jCjE=s2nrG3*exa^>K6g>n<c^B4yf5(z-ZhkVvaZp&lkT2iw^rz1k)H
z;qcx5#~Kc2Ly0(c1sTkqzeNO3k$@-aPSKkgbBu`niN5O7H9sxk94#GQ94qfwh-2wI
zi{*mVtrf?&J6^ke!cXqp<HtX`%a7hV;`P^#xpRBPakrvjEJ10tAybKm&aTPDo6O~D
z$+AhN=A!G0KT&n=RLlDZhxlrNKTSIo<mBf4`=sWVYQmVjI<lZus^PJutWH`V$F7p3
z;@DW+@l~64{zV>X`T1=B>a5`_c2n#ssLo^_jHpZv$^yMouI@A-v$7YO)~)lelXcB*
z<C7gKxmArSm-Rxgw93gl3!rzjMkQ{d*zV7k+A~Rl4Bc*f^z4$&XJ@QGeZ=|u5Bcc5
zr#$%dluw^ta(c1mViVbff!+d9g>h7dI5Nh-5REVfG`p6YDZyN(LqjanP2RB-jgaP$
z@CfvIAJ9(lCKF3X4nPZjuhs8QJ~xHpy{ORH7oODT$bxb$yR30(N?)gvSLFM_P1Z%P
zn$lNkMsna|zB+Im3??+2qP&|->z<x3UylW<E9I-n?^RJA#y`oq)^-}Xm?i5rB0&b!
z38M<F2@4#mTWouYoHcY!%aOm&t<{p(PmXx=))8;sJ>iYJw`juY79GL0mLi}RmC>ln
z!K*G8HlM#RZnA_B$ze-V7{*lJrr{|;eTF%iPUupi&GRH>l^0vBqE4iP+}KKtaJhZU
zQonMPn3!KyHHZUe*x7BloKbbM^g(t@);tlpc>`h9G?-lnWa@A>YltdRM2&FPgx}I2
zO3e2}M8GQ4Z*mpQ>>%0OvsDvO$tbDVafKK$>yj!sPAY-sq)#d_;1Mpa=^veP@yQcT
zKlq$a-h0Y}_dn<2QP2IeHK*5G&c`+DeqbAgk(lV6(Gf=_#6S#@7(G$bj;I_8G~4<I
zj9A=%bBif<Er~s6xoMS2$ewE|wl^Q^)ShpKc3#ww4%q~Kk<+$SM1?RFudK_k)JPRc
z)<re!c%Znxg75yYJx6VH8+qPr)vA@fvmzNOqHWoMd&@DlwHd@O-i3dv?~_$5QLFA4
zvyhS<)EE%fMce2=#ug`A&Kz`?4G$hKSb5J;({O9q(tP&uhOsw}8s+3xM|V5WEWkIC
zq7t&Jvp7liJ1zksHla}&?n8^aAL69S%b0IdQ8#4(<>2;dYLe3Qw2rjRen+lY>o89j
zQ&x~oaRur3I(>d;A5x7J)AS_d^R};cN6ln|vpdgK&pq{>$~?+;j>NmHwgQV4M&CqS
zDE2?kH>YVYRa(bhgy@U_S`Nu7?79kbI3VGiXdt#*My-ZTElosn*%LlL<?-)6;{NYH
z=7SHO@cCz_Jbf5=_Uw|&?a0;8vk4=;_C&Mf8E0d9P1F%X)<kK_yVA+}zcwUQg4u+}
zGv#(>!h$8}ZCn2&vIiwjZC`eP+VV9HX-4F0GSB~R001BWNkl<ZF8p=D8>g#GruVrH
zb1N<px*x~!J*E)<v0=JHlWk4$so~k_d8Bsnem;C6=6l^Ihvxjg$uu$9tHZ+{0%0{Y
zl&43f2)mNIk0Uw=j12T#;PK))SqsgtANKfBSUKa)1)Q7?94%qF6qZLVi&cYL`pk&-
zh%4Nn;>)IaLUNPWTxv|34N{r$xB?})WbGrFU6v#(`Iao<ZO(S9Pc?z1|6{S?%}h6$
z2?4bXZpV<ivgt|r4cY9}Bc{{%VzpbsUh$izh)fokc3C?(bY>V<zHnqKpQ)eLO><)H
z<y*k4BIV7ESPI*43eYPJG0yv|iNVJnp`sSv7CLyW1h=V0NEEo*pbt;Ec;_+q|K|t%
z>u)~fqX(xvd%ES~qGz*?Y{r3g+|tLGnn@fGCn<$fHNkA=bMS3(&(=v48uPBmL{TeE
zN{I(DX2uD--^~${1JIW4-WC&Vvu^=(Xj1yByQ7<?B$e8|p%}Kh68SbY%sLXmRVVsa
zkC&f@o_p={gz7311MCw==4Mo=QZe7~i9BpM!%C)&hE>yfB@X$Mf7na@4a?|@sicS(
zQXW&l5e%BEt+F&jTBD7M4-GDOY-12dx|mE<WdLh!24(A@F|p+JCa!P=D8V(BjZqUE
z7E<=mBvj2%+*EzjB_h+m&!s2&oTF5(Fe|AHsm{B(p{2<y#gdyF=QESdBCXm#PUxnc
zOHrc;iyers(9Lb4pU*g;NWK56rWUC^-^#S7^L}p9?B}U*V#SdecJpg82}_H`&!kBz
z`k=To85KK}xpZfNuM}S?ohbOJ8YV@B>41JdaQ2_?@ZewG<DK6<;CCOK^4aHSoL_EP
z4<kd2#1M!vGHOhVUQMQrSk_h*O>apT%D!>Et6j9q^fSY-<*4JTJxYPMutYzpm;SbQ
z@-3h9+-&J`=%oCjozPb~`A#`IRz$c3>`ni9E8p+)es<IC^=gmw!fEKx?yi1sW$$%t
z_uk9MuDiODc1T4q+vS5qTlOPma&@v3Y5wXx`ijlVW?(#8#GwR*rd=2-2X~i_yGuA(
z!m1ToCwQL=cwrS=CO^1h!W!}}C<*>dG$p4_=vZcl73<^tZ)MDPWNt`Q5SqAp_mM9*
zjTwQeK38N*nRp?EE-uNM$h<(S`Rlj|PMp71E}-J3yq(lo+obC^mzpdkDnhD#(6j~1
zMSWhFm9jJcNQEpCCztMdUsT<0CAvULv~O)_J3BDUO;9QlhdzJemomlXec9v+p?Siq
zAkV1KNA&8NhyTyV{OTY6ncu(vm`@*H@c4Ai`Q;VcA<_r31}I>vxG|-wDxfa!L}HG3
z&ZLA`-Ml$49hc22i<j8s1!v3=$rZ+L)yAt7pRfm!9rB~o8(=yPEVsW*0etC6DYLPh
z7)>Ur%=@fe*XjN5@fES*<`ejfrrSDNLiZX_{c9om#y$A192KpENea_7s1@&1?dyvz
z|5JaIU9UHx@y*B*&(d{t;t_R3m29Az7*0|S)KQcDk9UZ3Q{ha_MyF;mIZI2vtt3wv
z&UU%$z6e9-sb{XbZi1LhwX(Y@5T%ragBiLjQ-#kC<*lR>O{<u9NRyny&DEu7%oEZa
zO^~2P$#z11ibyE=J@fvo7=_L;)g~39TET!KwfIysoj#K(teB4G31-KmB+L+&$@BUu
zoA+78^G+(t_RdN_v+Rn-$uuI{5uRNU?q6~C?#KN1|Narb``xFUo?UUV*>KtSY{s4;
zDj{dw_IcaWWs*q|4u%XBYt}5q3X)22tmPQw;s;iu?&s+;R`}>dO4x(&lwEba+uH}(
zfnsGZn3`@PHGEyzy4t?yU7FT|)Q#&fOYplAZSY-hR*~JQWq-G`56Mok62%KN+fGSN
zij7%5;3rf>=EJ1z9%NoYc3&6NCp1Ivxx@&;xLyms33QFIY9mJr&(X3;o<t!MVn7^p
z3+TEA=WN>NPc&_xV7o+wNE4E{<c1(FO$nyiz|)h?x*0Z_45dm%_Nf6TE<xqJJkg#7
zG&?LvmF44NVhTo=2p7SS)?+czoTSbACz0eZAPFq7J!Okb-gcD}_B08(Dhs8=b~B;Z
zGb6Axj*xdoaYrvCR>5u5ZWB5~m{Mz;cEz|-Say<SnG&;zcBYft4qr%9qHRCI(>3v<
z$DF<Mh~NL_As>D4h+n?<n5U-~totqNII@l-IvN%f)g)F8qKHe5+Q~RnkeFVbNSsqS
ztu~}gA$VBrk-nR@SsIYbw|@?juPj`5Bd3+;)mwUCPxPWw?2D$Suj3IW0>7K$T1+Gf
zf7xYy$$>`us@Q$;^lCRuy@y25zCNbetX`?Vz*z1RlPO@-+rHJ4>@YZAJ-&`f$!H{a
z28<AtD;bDBO%<*4EE-|i8qST0ITaL#aN<UeS4);npbx?}q?KWU_=W^gc;m=L?sm}K
zzJ+VS+=#ep1?g>0xhli9_{`i(O;98`e@oE^Wty^-B~o36WG=dsrBQ+EngFdKZ3kVO
zno=v^LWTn4Y%FS)rxu^O7j1U8nkS*sl#nK)U-jy`Dl1ZLHcT_jnWN69m<pZkjcn$I
ziD-gJ$!x}|DcQV&%|$+i@=X~=w#(i#RTvGsS`*&;l+ABG=E3it@!kjbdH?Y>PabZ#
zI2(A{Z@3<|TwA0MG5N2V%e3wM+Pi!sx|vteOc?ttPb<czQ{Io{wx2&Y>=c=qVWzox
zl{0DBD=@m(gt+1NhiKF<YC6W(>m@f$eqyNTbY)EYQL9eq_Pk}$tEuS4&FDq1)lCda
zIgoW#PfXJ;&t`#0{UkF?XFC(@tH;-IzZi{Lz^M==FUzCL_Un#~GX@`W3iB+8y=**w
z2(%&?o~V|iDpEleQ#{7XN3IruyTP+u_zVNOiQJnCnm|-6rYXa<L(=rPL_KdhkF=Ji
zC9w&YpMV-?$wO_-(^-?3_IYYBFNim21c?opPqsR$$#ZQHkjAH}CZD~HFq^&70!JC1
z%p{E5v~2ow<*io<PZN@+(*`9?abqsALyA+MHYFJ(5cW1EZf=5vOzkdBjmb}H+Qbyf
zy5zi}5a4=4c=(9xUp?mhx1aOTyPxyH$B+5+N#NP}C0BjVdfYO^k=~492yE1$dEcZO
z2o?!$cGI4+O)}J44Az~NpYHh+s}u(YnRiCb1bd{{Yf;_!#f#1#XhOna#@tN}3cgrV
zWM6YLnx-EUqPc1_X1M^miPSMoNO@<mR|juwl=dgmd=5>sWm1mSB)RX^Qty;x+DY1t
z2Nsv_c&wHsr1zyZl_}Hgs|o4reKZ=4p&WHfkePxbrL>L~vlrLQ`YI>ZzC`nt!dPi{
z8iY|jeQ-RBBW*Y0GSe+B*5_iKzI2NdM`xOVF$W8$9Ca=2QG;tePAr3Fmb}6cY?0it
zWs{rE!lU^_Z_(o##V-|Ec&ro9fQ5*S0*e;06?6{kVkR*x5RSl(fFn{KQdedDK$S+l
z6Dcth4`iZ)OXV><sbVtaoGF8-{JT22B{vi~N!lp7)YS48C;h+1Y(ONI_^TOIFp$eF
z`pyGR-}!{ke*GTr{`Lu<eR|I6(`(MJdM^6NX4?~Dq?f>8BZH(g-)J$pRNHKyf~$BK
z3L0l0ufl8_Wp25JxnD<hhq6=2fpydFDE}RQprPy&7+eKu-Lwz-s=Jr3yD8O*vfbTS
zab~dWI`Mpiy=nLL>Qv4SJ^qk6F4grkzpir(=0R)W*{TzGURGdxjp&v4;5X5bf+PBv
z(qL_l?VUp5Vrm|RBt2oS0$v4QOh7HcMCMX688z(=M(^-z!>=J`3nB9Xhhx^q3f?Ks
z6mN5ZZbWFdfo>CU8R~1yXb~3P;~mh3M64UKps5j}^Jp|I8eU-0D86wiw9lu>%P*I>
zqa#>)SdDOdM2~^4%qI<EtK@Yj)fsDt=3Tou%q69Wb<O6$uc?}gO)#EJ)ay`1L3qr%
z`549#QxwE>`xP2@%xAta$3BenneM4^`p>`SqknjZ_uu=34?cU!qemMqFMGDzfiT8I
zREU9~Mv#D7Ot-M6DL1X|440F1RZBCme67ed-PBEIIyvTw8kkvj6OYLf%WmK1rJ*)P
zm1(bZsKFdEL#^3q_7W%TZ@QpNP5>1{YdW;$X53UKac9r(k~naZ|5JqPUbG`Bu3Y<*
zW!yWs$N}N8uXaPpQKPakmfZ<ocoi@IjW#5SX(u2SXOp}N+n&t4GtfFsL1u_Gv(hs!
z6C9S_P)!p-%p%QbU@ANM7s2I=CE+|%x}c_Ee9TR%kF(dCn8V|7KH!`pqv9O+*re~j
zPXf#$T=Ne4pfqAMl77Cn5muWmTn9K_qxV+WQG-~A*%IV6;8xll$u67CY_<d1p@CZ!
z<~7BHXJph2WXPBNCYReB#<%BLkS54&HHvI<5gV(2*XR7E!efhIV@j!A4-B7w&f|YN
z<yZgr|Htotf6jv^&p5rhWU~>5UeknVmK_p8b`^*yAw`U!M6n50vz$2;bzTCO((2iD
z^(*!`zM6=_4aFq)xt-}p59|l@hKZpr4*De<&9_<969hMF-AXW^<o9@}ilqA%o8|YR
z`M_b1Iz0f_R%(kIp}+kpx-@^;f%fK^O0y-HSG#e4`RegCHYA^SGtMeA%8Hs>Y`y1G
zgW>W!D5UHhFC=d}DOQm(``BfZRmEsDq*x?Xd;`u4P9n|{>}C-n%@o0{*-9-+B}he6
z3TKu#HKXC2;22W?lqAL%cxWm%9)dGR<CDh9xlDr4CDz`<ngzHw5V?);T7t-m-Afgd
zA(bOU-H>*tq#2+x#@vkhOyRyxzcS`MRl3a6&L`|L>7?GKmd}-ViE?U)pd(!O#0QsL
z{{B86{*Pbs%l~-9haY{))3bqfKe7#xad0^%UQtnoCNfxHG(&R;S&+2Hig~{mWBwBP
zW6^3VvrQW3a<c|*CKv3w`aNHSH1D43zo&ae$Q>v+H5njs^C|X^Q9x=UMp={>0*qBK
z=gdlczA%3oos|6mo6}8=1rF=a4(%0hYVx|*0-a29cIG{Bf|sYS`>GRtgAGY6HH0ae
zu1rL!k<^kMmzzSN<>C|5#5<RxD<VE-Vx>=vJkdGmt|8DkXuWadm7~_tw33`*BaA^A
zLejO2F<Z(A3_0w%#OY3b5>QF<f9Eqe;smE2uZ~s&i`H>;%hN4#AXFo`Rf8NGcn@cS
zTs%c&L6nHQJtFQ1W0~E>+p^|7*odD0c!AJ*kZZ6_o_P8kPu^E?=XrX{39Ck^dXUZG
zhP6MGRkW-yBI^zM^pwl@Kj;2$?(@NKAM)XQkND{EIp>#a*4xM!ln@fNUqd9Q5=7}u
z87If_<ghR_lhe<%*o{(baPmA??a_)8V7&m=J*>Z`V(UvxG%v#F_ah_h2B_}41gn&3
z5J_gTE+6G>XRC3T9mp5_O!ktE>WA2*zKF^%H$b%eQ|SKn`rOBD_jzh}hgXlUyCG>-
zNVt@NG@UMF_Him!#Yuyj%}gchjBxmB-gP-4(@T~k0iKwkG7oJdESzxMIF34xJ4#@>
znkPnMP+^S5W((V~Cz!D{Aw)3sh$VeWak}<mG~TiD&@>KfgeC|s7_AyzCoErE(B3&h
zB*#yz7O=_%e%)f1&+y}#(HnBKgzobMMoEis2jfRGi(BL%D3kO+3O0bOK`z0bCCJTk
z69R~RZa|WA=JWF!h(?HEHt4Pi1yU_&;)o3c`s9+UPag5?od<mI&d0p>;S)Z8c+T0y
zmb1&qc8F}%2vLdA(zL0@C`v$y!HBkNtsgCi0c)mVh!ACl-fE*#t)`-~GcwzC-o9z?
zb5o(YX@4RIAR7)qe1}fZ-<2X-QiSKF`Cf2fW!bpjgbw-e*;gpm-<KxyMP7q1Yp?W0
ztjqoP;koP7=47;e%J?fs_HUpeb*<r|5E~<SqfwB&BuLFBPQl(T8>pJIL=KRE$0aBt
zJ93Lt8W9%a=$xfgbf+|4=vt#`8@z9DZG&rDWMOH$n<K<mq?5XCJVPG|M8+WLbRRR@
z&onXg95ha8JuJEwSvYjzaIuB$NVqoI)@Xwv*F6mDgqAgJ<`)Zc-r-}4XP5IU<oFqO
z>k+gK_*?nHdowp9_uQ0}e&45wh)Yb?z%|$!(F@Q%;f~g%Vlxa$B%3>SqIvr?Ne&7_
z4;C;FDvFbKCRL0IgJGKu<HM&s{>^8+|Lc!=@54(TJv`;~*#%eIbFTX}+jYwrmEKEo
z+zt>e=H`?0h-99EtcpjHe3z@t7C$j-hl=ac{!M;}NKnUe*K*!N5S!=ucmRFDN!DIa
zu<ScHG3bG#wzHd?$cqZy%h(EipNge?K|_7f$6n^OyXm=hSdcO|xmeo*i5%Qty=p|?
zP(ylcmAv9oe6->Qk48|7IA@7AEsoZ8xTe85!6Z2mG-5OejVUhM=s2f%FDzUlupK$W
z6$fx}SR4`~uK{ze3ad*AvEn154%Z3IvYRTE;pWU?Q;1{wRg;YoOTiX`oH#f>!uo;c
zk>Fi}Gz|;`T=fZKiesXP=bwenV~d6^1bFrg6%WUEV7bV`SY80pm9p9c7r<qnib92V
z<sDFIq&am}g3FW9kST0rR%0S&#29E1Bx>?y9Thf#?dR8g@-Of6@4xzhk3N0O#c9vw
z#U|~FqOuu`5PO2cs0}d~M3?>Lbe@WEl~qcz)t78z6C~#l&GMNYXN7t)nyA|LJb{6|
ziDwpv<_mCd+S>P~vkaKNOe*J10!jOhG^CP!ST37la^LdeW%<7LD*k}?NA?o1WNj5B
zH@xRJP0BT7xBo>{p0{g~9Vd}FjrdhV`i2_PQHVGh82ZR|qpU9jo9)Pk0d<k4QC3~Y
zo#he7x0WoIp4KNfY9A#R(jmD3sAlL7a4`!Y74aSsIH%?6?3{6}EEk@WTPu$4tY{V<
z=TftCE+D=ITOf;wbPjiHNF$Tq9I?SPo1!*gOOM`-$Z`R`MZ6-%4(IPAmxso%s|Zb#
z);XgfZJSfP6g>jF=WyK$e1jf&Tz41bFA?r$%Jtlco^MJg2uGORLZl}p_l(et&}@M%
z#wL>*vPXgR`FIv7@j;U(aU5}%hMaBCvrFQ|CDsp&{Xl=c<<s{r_~pO8%X<$VbGF{F
z?YH#f$f(LNDq(bl5Rzkph7@#Xu`+bcjUwy8)Y4+Tc2y_@a*Y{w)eJS+j2sSCvGse6
zg*|BRrX}>DxP^Gb^z|aB<a;#@)bU&#_N?;<;L8^k-tX(AB!6Jzk}o-J9lT~__wUaW
z=)B|839x(BjK0x^^ug~Q5?jal#mM<(;QV}GGXyq%NK1aN95*emwJYAZ-SYaa1-I`A
zjc*vY%6d?)Lu7lcjH41XX?0q!v<_N~MiN=#k%O~~OU7O}!noTt+_}AEwQOlyhj-Ar
zfcGu<C97`W<W|QU_Z+L+$GD>f?r4Q{-Ry<85;zv<d@AaL!MI6N(AXst*iC>TK-Z=z
zDv6WQL}rF9KwtB)Tq16P$Zg<tgnMAiob<Y@FWTKDWnVf;B3d{~${Y=8T4If8mu3nx
zuq|fSu-(EYVB3hUw{WqA^%`BT*<M7hPq&;u3yjxm!gfQ91MAHd?|*v5ho3y-{A$fM
z_H1m!7)C5=4tY(n5UQYRlPyi$YZ@^_aWTJap>8a7{!_)Ns3)UC(~SFqsbw!z{<$Ks
zf9kaZlY_owLHn*1j-5%zX4}R>6gfmme(q=d3LWPAwpWsufZGmTU-FVodH?TMi8j;!
zBm0a;dj-{f8x86I`j-b>Ef#FAw~X7sFly49cuSE2jnXi%&<(de-0m7y#}4n?97$ko
zGD9w^5ydbEzDqRMMkN;?V*oTLO@@gYCv@EvZIgaKBYTMld+bMUuUh_W(Qy0r5sO=%
z+qah7J6>>Wb<A?nAgdnf053#MP76f|Bho{*1!5eNcB=K*!Xw9$(r_EY6LIHP=$&ii
z_ATsI2R?JX>TteF>{^Rnrz9V}M(h%c50POFL&Qcy*IVS`6BssdrNs5f*hiY{Eq1l$
zdaG=%disl=VY6Yg?YRh!^HI3$9m6mpI^bI6`uZskK0oK_=@osyWz?SFwuG4SL}J#p
zgyN25yY6~ZTI&=Y4ui}^J`|dJH3>~t{Wd?({`6xUX2$6a1;DYpn2vkX!XW~~O-udn
zQ<0cif%6VB-q6tZf9^koQD@(i#&pw!BYe3y`J14=L(Dt&vOg!LouoR2eSgU!-@AtN
z>-$40XhhT*!6&+P+o#eHn}`Hsp`K@6aBgIE?hx59il$g<P4(N0%h^K)O~gl`2@O#~
zGNP80Yvdy|!O^P6nt*E)i^ZAXY0yTAi;$H2F7R>dSav;K>sd9zNh_Rm9jngMHV*F{
zt`VFU+ODB>4bC~1uF1NBm}NblRRc$zaB^ZC9XH5Q;m9Mm1-ae9y<_<CCEV$;#StQJ
z<caC|rZhi32YrA%dLQn8hCDch^EGlkLhq1`a=pEv-wtg1hJG7auZ?ktjKj#a1h!^u
zBW$-u-#Z3iFe8pe7zeuLmJmmtJ$}N|(^EEm&tQ>Y5e<<TAqHU-=q;HHl^mq9q}{Q7
zwV6oZNeuVWyb3$A7^0TxDDF)$zIp|Q8wx;uif!2U7Mr2LaSy)JFK9UaK+*obJPN_V
zN(R^tldHT2yB>G?HB5l^M{Y1*_WQUg7DQe!eYzJ+SoO8%_P)zGrz{_ia`^ScKIIk7
z`&(&9kHQ7gWasJN8C_Z$Y*ce@Pjc}Ne#GGsgN+3u!nN}>jnHaxd~2d*s<IG*r%|B`
zinxGiq;U{ciJ@a{$(KQT@Pn|_MCbOhMH;XnG5K%-Q=xHz*84OKEfm4iIAP(8&Iv~*
z_(h9}!_?9EmW3#b#<6OIl{Zd2+;I-`o<*mOix$_kxTPUo4@Zg|d;IGi@vZlXKmR?=
z+y6Uu^nW1IW?fP(j!mxJrk|n@{t5rjpCBJ!ppOSOX9H&&W77w=VdO$1>oIVpOZo_X
zfH)2*l7N)Nx>aGsF&M;<XxR{H8bkDov$IQ{oSt$yUNO4JV3s6JV_Ho~Og2BQBz@Kp
zY=@l|*>%}&*iAVXpvz5ZQ(GV$7)y%14|~v3z3(Yh@k6f6<AI4PRL{8&aqSnP@2j=W
zPLnm;DToQStR|*<I<KC<zG6|gKT<QYmxSizz+vNMwOMilgtwoWMRhQ%Y2US{T?ysW
z>V2?RqtUn1kb)>G;B~~yfL9MO<&c|8O8wCygO4~dOpQjB)_GP##HrF+$`=}ul+zaz
zQQX7`&XNm(q_8<flWVRQw8?P=q|JI0VUdNj$tpr|O)8+lj6N!ENPc%7k2=8`Av8j8
zh72JE@u|bdky{}-m@hJwDYkG;%5T3`Vc~naB`g=hsvT(;O0)7bkHJ5>#y>e@{L2mc
zUwXRRzkue=+>{DTcM9A`p8l5R-S^=B1>wn>>+_M*>&W9RtjDAU8iQjqL{7OP28WJ5
zC9hgUO&OJ>w=zv8K?7(Ix+WlvFzU$l^%ebkAc!XSI!kLRm#cV*elVTF!>1x&Y<vnf
zZf<r(D7&G3FR+sK>Z+<z-^^7))j{{={asJ28dUkbul}9v6`=TnQ}qwQ{o3t8M9-c0
z?W;p{-=*gJWhbCrQ`(nk>@R3``#a7<Q`QcwEY<Y%Djo6LZ%BgCjwM1Y;-X8*p56#z
zL^X&;6MPm<C=z^%POt=D#l~<s9d*QEYS}G38HYMcNwlJx-)zY{44VdJb&=pfqoc)W
z)tAajY#f?(POU;aND|vRhlJ$L5F5jLFsE2dfK#7+{2McdK{#(LJ4FafakS=G^nrGS
zBM--m$nn^4JHRq3O$@l<_sDPtfA%ii`w<)+VT%r$9`qcxpTX%FoS!1sTWq~0^noxM
zItp=&#3=M*WEdmSDHc41>1_xqju;ZPTLsjoP`6;lVhA`9HgVwUy64)At-%<RfK`f>
z9f_uG)sj34taI1!doWuqVAcF@WBxbg@3{(Nui?I%PTRHzx7GTh`tz{w9rpZ*R{y|a
z_kAkXI$6%j&K}La#pdu`+9Bze*q6P`<mV1dPuwtl?F*1~Z&H2r_=X#j4L;@BIAs**
zB<YAk6NoO^2Q|^Lh{<R$IHj@FT)a7=z<|(-B`s1&gnsogF9sD64+=4K`3lLJBS~+)
zn$kw0ae{NXnhH4AAZDn<<kW2`xNR(Bv=}ivlIILp4CqYh5Moe*gKIB1pZxO{4mu1~
zp~X-i8Bl_Em?)|d*Bf?ato%qr5B(`Tybt$|v3pCndjfY!uGrf|R3K{B76sg>Fe<7J
zRU@b|V2o%=t&PbvHhX@f8d0-kgXFTKxHF_R8jU!F%Zot2RmP|UjHro{?QA9+jQOS0
ztRX7Xk*h?QkYnF-uFL)n*UM~>TE~kk&nKDIaS*lLkKAxFJ>)s&_KJ|c#J=E%@UT7D
zsC-mj@LK5)__dHPXr3=}aQLDI{8Cm@a`=6D1=W4qkeye&8<WRdHc5?Si=A>(mP81U
zWOq&DQ^1&HwSS2UXe1k#S_!T*a6UbUQ=DtFZMG)OQ6rc+yrvwaHcHAkA_+33_^kMx
zog+Ey452Z>8%PrnQCe+r;)!C26TEZTL0pK=fmd9U6KcgU@!&k2kF<@aYtp<Jy<=zt
z4I|CQAv)r>z<GcNm&j2ACo6bkl~{TVNN-p_U{Q$CSjWIdjRBvHVKt?5IKc-;B%n@H
zZj-_2BEbm}P4H#OeR4UXAdd9cTjDq(I^xvudu|DlL`v9?@^<$8-a+?o(h8bu_jVPv
zV^L`yBhNc-2W}R0asWPwdw<q1_;)|lLTr1`-HXJrFI$Yi?-Sz}HJ3l+wSM9AlrVz5
z*Zfsa`W72f+r}vdqLUWQh_h~%001BWNkl<ZJjYhkF?u9559vTu5|q}&e0oTc)-;j`
z5H98RILUr<t)Y$3ShA#PODuy+7?QQ%#+--bn+!X-oI<Kt%)=DLu0J&>O|gJrhKk`l
z_?%ShG)G#fW)4DX0?xVg{f3zAjhd0pE3Fec=U7N)fr$`J=tq!I7_Za!?Ya@)1zab%
z<p|GuIBAgOkkT{;P0*n?dJ%do5jaRjrcuD!tb58I3sDGB7@Z@OKypiFx2;RNvPOjK
zt4p@yHEIDdO}?yo6tTU%PGQg$n4;r=Rlm)4Day>QD~!8Z6SEI%+%)m*)3*1U(7sRI
zi}H=WDm3$beboMd?uJ7{Z6f<ab_x)_e2n{7rDX3+Wf?I*o@a=@dVGrwY2hL+=Nfq@
zs84jOE+p=WH96`amVH86=!;L0<3fti_TG}qf+j;&=aU{uyi16hGg`A$P+f_z7Mc>X
zAbtWS1jA`IAhi@H;as*9ur%dpNiU5qr?@KENMnx9S{gM>QbvX5<G$A!g7Q%lt+UI%
zr%}*ogb4JG(Ft2iU)T8*bJ1>L>7eT(i}4h9ZviI(p~(^KKx>$D1d9wB88jQ2A}M3Y
zfvRBUiQ>|qEd?T4hAX{7BTDBZ)<>?-FWHP+MvaV?8pv2pM7jrc?NhVsW+2t{GdXxy
zrl>WGt}d8*!{oBhSlZXp)XmEuC^-8DtY2gu^JR+7_l*i}`we}M-Sr~dpdZrf@pUu<
zx#?#=fDPVc74+)yM`%c5Dc?w%^tQR2vt#)<CQgwkcnirs-=|%XbB4A#h*{^8eM3ml
zU&857Nz)UWvUbE7j*xaIQHYk3G_{-o)g>KFjsQm$HyX~z*$^}nDzH?%y@2!JMDfn>
z*5adJOHI(23NC^l!8M6<rkWUp+rbem?V_AF{0P>#v}bYP8^tw&PCT7KAB4_~+vi&r
zX1Hxcyrmy_(3Ej1o`ABkNFP&r?&t!e8qs_fo2LCzoMp9ytlVz|yo)&Nxw^b&d(~t8
zm^dCbPcZwD4>hTvWp^*LZ?W&I#uTeU826ftI{@{u*Zg9h#P(12H?f;MhiTg_U2|Mz
z-`kB7Cu6d0o0Hwmwym3+Y}=Y@vTnAUJT*7llWVfy=KKEc|L1d_z4uxV&t3bDh8?}T
z9BnZos&V(3zbu{v%Kbj#g+Smk1C=jwkfD2)q?zpKi^|#%g5zrBJ^G}XYU1o17!xyT
zNg$%Kq?$Y<J2f-p%Qa^Tb#D2m4Jt1s*cd5wv0QY2(c)jR#L~slk{KT}?wx0@V^x9_
zlL$F-mc$oLefP+HY6_`cLcpALcQH4{)NZi}PW|M$U9tEoCV@o^%>(7Uf?C>WYY_Dz
zCg0)Z+%H}8Z67HI6?8D6+1(l+B6QV+gresLRUinLl9`kqKaI5yEo@dg7>|r!A<Y`P
zG9E3C*2ZVfW|%4xHvEhWH^Z()PcgQO4#!kWP4(2T%zdFNw*J_Sg2Qe4Ow54`p(vi9
zj;8v_lIYPi`VP0^^uG6v1Zwyv5|DXwv`kYuJ_6v<8%O>=8h+OE$M;)OT@hiXu+fc&
zp=9#62z&q`xuu>2><@8$*rvEhpfwsN^}M1p;<SY?a1eGd0vt*hoXu*E?{z3!Q9@l_
zvZhQE3<`aYn~H={CLkh@et=h8xr)S_6<BEOhjVU^;=}MeRQ#jQv5gmXN@~4p(@lzh
zb@TFm*6rj*FgkboSapu4l6-cUyH0Tb{H;5V;Ql;+G+n~9tkc#=ovX}>wS@LPiMEp=
zxJ4$o4<eO6Nkb<qbEY%9|AZeQUGR+)+w4;rRxOOA_Q~XnN+t`dk)IZQ6#I{HNlo=s
z@~C8gRWDfv5)Qx2u!0S`47}8FHFWK;3eCTje*oIil5>>}*`~U)JB$rBHS6D@%9>og
zY1Pr+u2<_`3iihj38MwO-$#9J(m!fEM609Bxz|ZGIQa3`V%wSgCuq`wri^&DUqG)(
zjt}pzblDuge#gTXX#_QQgYA~q8#6U^@t8M(`!=0B6`}O?QOci2lztf7nX)X?|Br2n
zuDEESNk&1UZi8tmWziP<MShXK>2qUbQTmSYZ)aT<z&LRVlUz+&^}L=Vgrw>kk)JL|
zT6}NZmd-Vk9*?k(K9V;5`>jQ-G3J!8R<gJ*wd)i(;uxu|?Q1Bd1-l7-l)hO@>f~8M
zv}s2$Vxxi#J0+8T%2SY2evPix*S`|^p_2ohaJ#*>`-35g-o`aix(3Ch9e{~(-7pPI
zJB@q=Gsp@6C-=2ReIxt)<Y4E(ko4QN`Acts@O48qV@Kk+1Jj9;q5qn5U5m(1A2KoM
z?-a&FW@OVS&EIbXK&ayaD+t}GX*XObQ13$vdEKm9Np&yFy_jg-2Q7cGzqLxmoX0@|
zWRa4?xY{!e8m+%AM~5;Q;5gN!9gk}J!&P;BF-ew)ZaOpH05S|~C(CEhFiab>G8zrW
zf;|&hzsmsIL6td`Wyj><>?X^J)#hrOzhvGXWJTSi7!MR1D+Z(6b3&QYxbWo2t%`K1
zY$VOa720fzB<Qu$L$!;rEU2zHS@sweh8(f+$Kk@D@Jh`y-M3#;8q*mTJr4ZkNQX-g
zO(VTXH*_(PMgT|}m}zpu@6`tm0-E*Yd&}j`mq#x9S2m@>1`Vb>to-2{w<M!$MGHQ9
zS50L-ionzep2TdWl`qnF?stwtE_Ly9Rw&?a>`O2Cck_-q>UU%V?@fz4T$4xg4m+w&
zS!9Y;Gtw%y^a|Tz8ACsNK8F<5hRX-Amcf?U3rhW3g^|gprAu-I#T?Uy6)o?6Q>!r!
zmKj0T1gBYT_ZNUe-Wn+t7*c3;CN%<rI}@x#E|c~wYm=;Uq9@LeDH)G_rLtmijKmd}
z6ZgJpRN>pv%Y^T>iUUd)(i#!*EE*@xqttWGOoz>>zMJ2o4N5ZDL8XZsq~2~v+2oTM
z$=H}?$K|f6EEH!@-~BoF7}Itr!wF6rFb~rRmBj1~U}PkT>w21AyzR615hw)VXg$9r
z>&IzPoNw`h&%#g_@chd#Ap~O5d85CKbJU<d62Z+tRBy6aymfXt{)ICV!28x3z$mI)
z5Id&HNKiq`5H`OhE-sP#`ipX;D4gLfj1e3C*IvGh?wSxJ2Q!0$IpwHHY1)zM`n<0z
zNoRJdBvLlJn}lBqqFVk>-6VZKMc`NuCBKHJS^bCT`WUW_BrRQv1v&P%u8`&HU<%oM
z0>HbD^v!K+dRN`7XWF_FY-2GDOHdtFLCu`3e`X~<rOeviZ?B7;5?ia)SfhVUBiw@-
zKz>C^l8Meq=MB)BOdC&*wS&2-ptg5e{jQFoi7X2%EC_HtSbV=2KQtntvumFUc}hrg
za0I^(PT2R&i<%sX4c_rdD8|t|2v#f+YsWhx`rFkBL-VsRc@l@AMfG|<9T~aut{Oe_
zcXMf8N#mFlOeo`%hw~uI$kt&g_K=i}r-H?#LB7>ta?_g@ox_UUMuuta$(1o=#P(#k
z-=i58nJG8rF|@jLAaW}SA~a$0DCXLE_2|nK=83RMMn1EM({ISk(J#S7vNOp6?t^ZB
zBHb_MFePawrp_kkrI{P`rOh~oQ6jk0N7CPl;3~IHF-$O)(1|hY54T0PJ_EEFvP2ic
z7^46fC31AiC5^7$>H$iZZiWvQPjP%xf|F4N0X|!;c44I|=?qmCO^CXfe=x&Iy~#@l
zQtR|HCP$45v}+k`rO>sf%-(zgWoVc>iA(TvvfMYP?fOcI{^&22ERA=o>!H54Jzq9*
z$hLOx7<3Yyn}HX*e}9`gx%2JYFW7oxee3Bq5uJMp{j;YqBw9^Qi|6TF4o^KDCn(8T
z)JVSkb8NRkP0pH^f)<-{tyK~&B$=KIiOwKUf?K<^p7L`J8I^og;bqLIgPmm48uAKw
z?VFP6;2dj)2`<I*c&^xAScVj7mzd-shcI(MV>=xK9fnyAe-+Y9w>lD*Cz3K|<io2T
zyZhZM&4k2Ihe`G?C<_;!aBnDED%|}+<&k}w%niktm%^75|LsL6<=b(!$H27tFv2mW
z3`^{?Jv29eeeHq)`~<~DgASnXCbNL<<xOGH%ndj}JS?pH$Y!Q6o~b?HhpZCHq#5a^
zi<s)@_GJX>B1=|W{2~yHiX>C+)k&+XbMVHMiG^I0os(_pmZFYJ@i10=Y#c@_uVn4v
zVTd8N8+c2Jz#}xZBkYM&(^Jhh$Yuth(4!hlL46V`imD8^_OMGZpKW2)T1?6{$*g)G
z!l({#KVbbLxfaGrSItkBBLCCBK)QTqqFR>To2~I_$1$FS3pp>ApTVORWyus?jj?5*
zvYwe0+e~v8H%vZUutq`f@3rJ3ow6Tu+RP#YzJMIymESEmm-={D;ZfW8wp}L%&&g$H
zR6qTDo9L4GWjeI8`JH$~KG}Y)$B!98AJ>8Kc)A>EQGU%G@6|$8BO~dk*92aXCm}|q
zhaNuV?{9M9CBU3(FF^@~Uf3CCImd>Ssr@yE#OPI6nI#0OsJQ7%8xHiLu3-%fw#m`{
z$<I+Th^Wa<s{O^-5+VM9rBPH?^ifE|I@;{XZ7F#}_M-%`u$Arpy<b3jLBD|(s#jmv
z>C5owddRaO7#M6^jpt%iOHDx!cB(no;vTqX$1?^)zap?F94@THqc2Ma4rzAXf^BY5
z%NVW&whvK1G#3_Wsu?pannInSZ@shC)91C*eZGcmC<=fQV(V)?JYz^MM7OCStyo5d
z`T3hl7lyiPW|HWLR$aqh8yz|q{wfHZ%ZtN3i|06j-#pEXcr)J->b4)AuXvzK=uK*N
zv*2X@J|KYCJ5unHVM|9`t)RbHagj^O5ohEjd*su|RiK!<@dizl2$!&oy{;gOG*dA1
zHt*WYRh#zYq+);`Z|C>IYsDq!_B6$h4V`s{za0Rw<V*)}b!!k?4E>C3HQ_|uE&*I6
zPa+obQh8X+#93k~zVcyvII@5}%f2>Xk5_SYR=wtSbbaxQ-gX8|Mm^NirSSCx%Yb>7
zYgkqLno!CEn%tn#`~$qcqCWLB&THaXfD0Fiu4mfwWKn=g^9<+ledKhq5g$Z`t5fcZ
z-g+((#weBY?gd`cJr2sw;hoC{KkYKlQ<ka-JSmf|>JX%uu_ms#m0+|!`0#5sxm5L0
zh|?A3*w@DaLZ&3YUYQ~+s*1!$XgNUtPjyQPhOtWDLn^1BvkfVl%t?Lgq8+5>q-85g
zz~9~Z%(X^%&#yn{y`m}FGg)5vmFW3!Gh=OG8?ez$d@!mtF`^BlMV!e8;KJmjsNmRn
z894QwX3K-Jim@xHg`pC(v<r*_LLZ^<c4=OR-rL~cX}S;J+XHrVKWk`h&o8Y%y~sZJ
zaUqUq44jYN$yarI6~PsLUwe8;XsO5L>DoJ37vR4Em1lf9@i8{8bC~Fsy5(G9|8`nW
z!iM-g;EO2xZK)b&%vQ^BL@y=h0Y@wNmv$hR26a@Ec4+Z*p#(CnsTFHc<HisiHbvTH
zKF7?{7$u{$W};@bPg5w3{KFWFt-eQaDy=T7q6$cUU|27fyl`2J9oI}&MN&s06OGwa
zK}S|y-57h&mWpQE00YdfX;t#zk>)x5Q0^F2lI^EFfmjxgR?+sepSqQ~lDc}#;_nec
z{@bda-){jgxStkedOP3n{Q>~QRjLdMxc!vZP4vnMBLEY{dKgkgmw}AWKb(x!QA7*j
zSlP}Uf^PZ({^$Zn`BYGSa+@~dh3#hcNxJX0{OF>9U~8MWCmM)k$#j**OI;4zibM|b
zBqyxt)c_nCY8R*GnVn*&-_fdT%aB^-NmyJ3xHSijE*xEHQW7fW+Q}@V2i)NRF%4P-
zOSZ-@w%!7alI6)i(=#JqdMJB_=$Vb`iZj9Wgggf}x6o}~$2At;cg{LJ*vm0>Hd1~=
z2OIyU$Szz!h^a56AK1xLfM9l5#-;_eV#?p?=v7>P$O~g}f?@w+>Z85oZHc5@=}E|x
z@TvZu-0iq5Noy|c4qxlE5{sIWB_rzF|LLCkd|EW#9op%%e2b25GziRhv+#;P^HW^4
z0Yj9jzSD}j(m=DV{g|diX^|Vr)M!ZkwM@<}=7%~;&ww4r7z!?C7?Q-mCw2j(v`(+N
zfr+{)B1h>NEv?x-BUsBdU+^g<WBIiIj>_7~RBG3rlR7pCacp-Bx<I%e<&5fPTDLJ$
zM&o-Zg0op=dsOsdka(#}r`yVlMf<f=Ky~&iDIWqG`o>e}i)3tW+2T8n<5r|v51U$T
z3i((9b!{9^os;`UQTOwiIGZs~)lnWEJYn$Q+j;uc;?ZYrBAPQkq56zBv~ilkxpxs4
z7X3u67N2Q#539d_S%PNEKQ1IutaL!<MnU9A2rO4Ac1V|Hu0Y{nnous+EJ5VRH&92S
z42^jhIA%vE?XdTii$eHHW2Gs%tnOmT7I8K813M!s<+Y(1u`-6E1WFC3u?@yxz<`i~
zd_X9`za<oFciYW0T>>W|q*?##PR-Kks52}jL%Ik+O)93S>iNzFqYa)tB%+Fj9aGoQ
zCd?Z6_|(+#yB`o{r}RaNS+0HHhi6m)4V9IdKkeRxz=jb0-Ksd9lun*T*w<uf&|-JC
zgK*PPw%J#b_g@^@&1QgZz{L{q1QyAvQ*Nd-H2|SJV20Iyl20n`DFPbM=zlU|7SZB&
z8te?Yu^3&~OwVq$P#l*Eam=<KIU@+RSXZOnWu+Qcs4Q>y<ExH5P+6^bK+kegDnkFI
zC3G&H96Ge*$jw{K9C)25?9{KJnv4&6V4SF&83jy}g7k=O2uH{8ia68nDZy0@wxz~k
z`=4@qL^@5ZZa3Y2klJ8zZEJJ4vGyGfkn%y#H}kNnt8D`)-#vr;M`K5oDtJvTRC03>
zI9p9opSg7Twn6a=5-pTKiqqYOgjtN&L(Kc@GGUt*EAGF@NCNDfd?se>eb(S|)fq@Y
z%G<&pcLxx8jF)Q$m+}|-aZa%oRLWSquTz7&m0##birXYr%zqmpCsQi0YZ`Q^Bo7Pt
zv`4{MBBf}$Y>8oVBgp@)J48b+45r?+!-zr??axr0l0^E1rTSA!Njym*AH$qSM{*qz
zUJWjpoY<)0i(LhCJBlhK_Fv4B>XPcE(&U3IS<DnM!!?o_*FAQ;C5%AeRqBc-9n_~%
z(-ij7ta}~pgD4*^^DA5<WnC95(WZLXbBnDY|J(=FVt-)4ZOQsV-(j;0+F#guZ>2&~
zWRZpsROUed(CrL3v_ghWT0e!1C3!c|D!^w}t;0(d9(aGX?bjaw=njG6sk6`!?nC)Q
z@Ho<j{gf!u*RTX#GbY*Tkn~@)HDEO?G%U~)_hvVPFEH5<=*AW{7>EmL%D~=`Db6=Q
z-@+L9l#cOQ$-+8HdIb42emZ%Ch|_v@8H{}2<H}y0i7Eco$>qXQH1hKL)S*gjS*iT3
z;t^?%YW#N5gK=NzZozs%>?ZtS?%&{*=B4;aX<pPLyL@*hE+F4a@iXl5?n^n3dJWC#
zLHph6EZ|S`>ERzn*5k8zJ*#Rn;zu6Xl3lbeqS&6$j_%TYiZw8us7dj#;85qqUPR+4
zB|=4W|D;SxKg<Q10_^XlI`peQQJ3y|kP~=C>;(BLAHum#qu5a@qR>@QmG!z*QyU8$
zx9deE%u@9o<kSk96bn%5>~36urZZxf!wb_iJGC~&0QQ+2$gowyeTe*OEbKB$B{r>$
zpsFt?rl~t;!isJ1J(j|P8grB{i%xP%=QZ~x7{ZdP9}1N2?rOXv3JPnZ(l-?iw=jZp
zkb%733VbH=Gm@bssC9K|ehDFaXX$Y#1h+yEM^RtLtz6M_rA}%`3SS{bW24FVL4_rR
z#ZYXxC~a{eA*ocjG%{pS@{Jj%coIGG<_eStoTHGP!FUYfb3^W23(F)kLyn~3+LO`7
zQ{r)0%f<6LDV_(8H0_xrXLuLVwe1gXk(j-n;{k}Gfa}rhWdXaYARO(gRsuKn1GxKQ
zkj1mkgc9HHW6{UZzp`;J%WZyv69QgdsBUtC5TN#AHc%9f+^9YMCEajWHFQkavuMw*
zi01wymG-{jN}kfW+0uOiKG$&$MDlXa+1vpJ)lv}Wa>GvtF>bx9kB_>;X7?Pb>>G)I
zWa63KL2$NMQSDd*SiVvi7<^>D+9U@8Li9_O@Zp-c3RoEQX}Jb44NTv-ap5V<9Jlbr
zyA77~|2`Wsxf4W$EJP}Z@muJ2@k;SJj|P@eJ1s7g3t|~PDNbRkKrIdG6szxE@6_#E
zgnNQSrc03MkE5DtmA`1+#Uq}5i0EzBK90`Uc6-|A5D{Vd^ot(^RNO9=`P$T3cL@-2
z*@BIrWI&O65Mph{zMXcqqbcZx4MblN`mlbt{Gf>JNby8u>6Ea**)CpQCz>pG6`RaF
z5l?rPOvG3a40Yov&*u27Dv=sH(~c9g99r@4rc8YxaIgp=yc^})L9{lPS3>MYd^Vbo
z4xh?ct*D<wsLiUZ<Rsg6pu8SusFArKQ7gwyQ8lWe-NaK9Tq+@ZnfY11L8Xed&MVfN
z{eV%Qe=FqqvLnm)q(B(Cj?cdpFWLS6`%Iw5rmjHnZ<31sLa8|X+fE3&RbVVU0c~V1
ziD73q7D%ts-frFju2)5(jk*;{u8o!4Y)@qwFTmOEVJJ+8XDrrpp0<J04$qcrh+gey
z&uahCwkyt}P3<{mZ;QLNd}(4dk0cpPRa8OJo*RXgSAA&MI+fUhLiBRV?4)r!9YpC=
zO>r{~o4gw;QYO@6t@5StqZwH^)@}%1FNDY_R}Im1(5qlYZhe8fF$)s{&fT4;)p3h(
z_D(EYPg%H($%iNYhDb^`9Zsnahe+USeb&*FH_Aji?O0f{aG(;k(8S?E4H&vl!jNi)
z#q>0x<=uJ^PwoieWsTZM7p)5aVFNK}4vcA{WjoBCLJj!*!v#AEdPQ53*0NeGrO}>=
zOY5NhQk4CV1VlW``GRwDIg}&@3G+y9EZy8`a$96kS+uQ`V*Roscm%5{8}t=D|MJ-f
zuB#Wu>`LE@7$yJ*u7vtXxG`<x^u`(%%u!L6nzJ;TK$6#y;DRBI_C%5I{{7#k3qX#2
z2CSa`#5TZC#eAlq9?%mSCx8pVFEl%7m#N`0A7JVkn2dPl6NsEY2GL;02vS5e<`m@h
zsd;{x?ubI7UZ$LFpK2ST4gKCm$sVp-T9#Ns(>WVCw)QGenkgJ6&o@7%Vqi&J!#@B?
zP7u>B$71j@l))uI(kx$xoyce+Vh)~PjkWCw?1Vradl(CyvCJo;MQO8frTU(#xa6!4
z@K;JVKs{?WyrqT{6^JHzTD@~Cze!^}x^KGu6c~rkWeX?M^K7cW6f5vb)N~fS@uV|I
zKmBn(CF(-Y;Y0(*`S!-#oSwY$@Zr~*uUf<2>5<Tyl8(M2I{bY$Ohe3U&5&B3TbgJm
z8`L|?GQXEo=-4(zN<<eT;Yxaygkc#O*PL}Y7iwb&Dmb(4x&;jnnAQGP%6S@=xhq{-
zIB#N2FrW%#wp2s9)Y<C&D#r{1?H6bhq|dEaIM+}(5^#fLJd30rkJv?#vlAMXXMsCr
z1VIWN`?2jFa57nY<J_^gBaZqwdC(=<5%>>=igDcQs>QjH%d(RxYi#{352yI8Y;hJV
zdb|!_>PEVTyP73EBb5%Wix22c`Ue=5<he|wWXh^xE29|BZ3DG182Ms!K<)72VYjw9
zh7^4zpNM`h3C!&%l$U=Kfg{&$`_|dO7@uC{0Lo6Rya!d&56p*drZXk`k6auk`}er3
zwj%371wLO2nK+%enahoI%O%tfd!{;*1X%?Re<Y1P1f-A41X<!^hit{p{f;#au-e0V
zwyl~(&+wr`2MV88#cT~i#jmI2d7NX`iy?Y2BJS;b?$wtrc4_;89bdgGnJ@AsGi}Ay
z(HN!|_{S3`yLaR?5uMS=qFgGXU@gWR*Ro-V>sPzzv^HtxlpwVR<2o(d<R~}8zZIZu
z_{<vGBRhQ#>@oE-gwYFKj+Kw+F6r|PDzJJ`*{Vd5Njqy;9aU{v2j#B4PREaTa9j;8
zk38#4&!RELe)x74ILa7c9=!Sxo-_|6uCY=uwaCj4B}l`i8M5Q;^=In77J(l}0ZZo;
z#3mRI)<84K3V}cb9Il45?HlMsdu+v#?_Qm3`eBZXx*saZE4I-|jWfyAC8|6|)dt0J
zKQNdP8%_y+G!8-44BM;|fAx6R<$P?8jG><ND>$K#(n!0HnTdA|_YR+c6;`;cV_;0^
zVQF?2x#wFIVb2vC2+&Mb&P0Ptl#M75Fp~}8`at!E!6nh1#4@%_yjNlY<>!s?6=!=}
zY?vEmc8@YHGOOO4zyU{ikEnEQn<LPAQP!{{oDl-;DcoPo14s0;K&P{g6{2)YuuQIo
zaolg-?HOe=HqDgQ{l+27`gZyDq2cvD4u?hc9}q>(g<NBMwhC;#l|>l#D2Vj=s9$Pj
zC;L)i#-gxGE5otX)-<;P+d`L4E{l;=5Jz8-Tqc=qXTF^+?Xl&~DCv6T)>pf`c9MyH
z`G`QRHp`NFw3xy!>z#+@(}b=bqJa|VVrp03F<ijwu4?Tli)Bj6o0b=w7Nb*erlNr(
zTs?Ft+1?V}xQj`ZgFTh!B7>zuIf#tpu&tbI#T2jLeN7i|_G~-*3Db%gk{X}pTcfdp
zjhSw?*@etnp@u|T_-}FO67|*=^Y~@8@i!llPl2JMRh_`P^Sw*A;CF_v6_+HPo)_n4
zWP1?2mtBx2==#&?CNqrTJ)C;@fgc8!i@+uBsATZ^Em|v=u3A>F>qAs-&2G9N-nvD8
zVt<BKAP=4Cx9gXLT14ZST%V~W!z-v3K-TMI)c#E&Y&1R;4+yl$^oR3pRJ2AH^K_3j
zk-PF+eN$aymdq^7zTlH(r5((QR_9Ss3_?x-WQixC1%Rr_{C-(u)7RVb*vS*yHGJ`l
zPA{hKg8lI{0|9~8AS)rJUX?>NoBDG79xYV+j@>sO@z-Te*X~&&?Kx}a?0!`EZ9De!
zGRNdmDZVl1zZJkHIx?|d<0XFz({TVD>cG|>9P{q13(wZtDI9wJ9QI*EaJ&1?^rE~|
z50o^39;&!b6p*qxAv)P<0jV#co^lBq)<`Bmmo`yqW_;%%Wh2el6Zks6K2+6ryVLhT
zMqCf`rInk4Ztu5Z2h$iRV<?jzJ*daX+@Iv?3l-IZg`_*u<}-vJYevMOG_HHo;q|vs
zhk*S6widYJRgcE|s@>3i_-Ab-JW-AhTU#My(k>fM7(*GcfOI}QT$ypLH=!jB3}DK!
zM!Hj7Bu7vWdNN+SSZY5;-y-zb5b=`FHgv@54PEIO(VH4vHB*VxIRs;t@hlFbb4rL-
zvoqs`YvF>ik%RJ2{t9muag73+DFjQ^Mg%Pk`~~q*nJB8j*ycv!lC=Vttmhe*sj1XE
zq02fiN0R00=zQn|!xxohX~iXo?2pQ$+e38RKHn}MqjM_s&xXtI<~a#&?vhh8`g6Do
zAanwdkXxi<7r7*1RoK_lNEu~it{If<a3^&Sh4k+9*|&rn69d7i%h(s^On@w3ZL$GS
z{%&kHJ9h4l%f5WyRI-up1bvF1E?sbZu)CNq4V{a6YW0;)^yn*u`nE80v60ujl_;X2
zVae+pvh`%-zo_h>3*_nLw_+M?ABd~q)X@KnlRFa@8_Ei;brr(By75&p*rg`#rjw-O
ze#=u(B_ZVD&AA5dQ*#RUY7bSKO?Z{wYE6(VBCG8{e2%!&;>O>*(q&6OdIN4%P!bw-
zGHo)lhG%)^5K|DVC%I9_i9P$-=)<>*KkHq8HXuc|9lFB&)%gsnrt=|_L?|eo0{^uP
zdJsst?h=(Y5bpbC`zUQ>n!YY4@|S^8JWMX?4vY_L*Xj$9h;TX6eABd{+uF?}&%WPp
z*)1Bk6xb*>2~`dL>IwRB7V(M`*ffNEwiFPeXu!K@tOH=9Bip@fGl(Oq<6Fpew5%C-
z2w3RV>}{9=A3S98r#ID~QQbm?A3{*%1@h7KntAbMn|@?n|BOlFW-*N!ZW$Cy?+9TZ
z4Z7%Yovx%GF~<mO@ZM_gPDmQ^450>fc4xj_?cue6q1W-WiJ9Dd!qb;q7tRUcp|qJJ
zfZ9%~sh#OdF7XyaYY63y0Q6|Nz-IXYE93026VpAV$OiX1r?>@!9HQHqE64{P0yp1d
z(Q3FKAWc2tCaHwUL)wcLNU4t`>Zu3W=HeR=XubY7X3wiW<^n0})D-!J+mSXKz!<;K
z{e7@u9qhLr>T4AoP`DYQL?X5Uw|KkdZf|spvK(ij=pNv<CSZJT8V3}j5)Fem!k^xt
z)-wb|3zbm?n$J%0Hb)WRKmY!EQaje{)^sL3dS6R3`3G4v9^zTwarVlC;GZYEK$Lkx
z)*D+7QifTc!kJzm3;s!lQ{Dh`;w_7QlY#77{xIOu3{<E{(2}wD<(9^ok0FZRi6CxT
z;rcPSm@uQZpS$neMl3{lE(D>jkFi;)ZRZqj{k>iMi(uu|>{`$^PSi&Ch8@I|>w{2N
zf{1c|YBqx}AH+U-;Y{YAjN{U!zaJ!ud!i0>7X)MEP^qvZNMUZJz^I8Swt8OTxFC(8
zS{&I2SIPuNUOYzHSJX%&<-Vy@ulIYUyZhvF?Z+#g5+a$~_1?;Nb@os`|GfOZMebp5
z>shlCNZFqVI5a$W5HE^uFmD@i1n6a+E$cxq&oytYAXfyPP@>3O1kSYJx_33T`FxTZ
zocH|zh!aL)e1s-BA!3I@G5!Mo)F-RYB%Nh26Y%5*5p|KRSC`rsNXF^EDzP|}ZO?L%
zZy-Xgf+Gx@NZ}SJ?Lo;S@hh*joGmT>O!u*)ccSXcGn0SL)s_g-HvImYUdRsK3c$ig
zhwZRF3;%AGTKn|Oo8WHjhUkZAd86jnbTRW#JLd!kyvZFn=lg{x`p-%8AjpjF|3+4z
zZdG539SzPfR&=}oA&}VyCTO~x<eBf8>#r~;c5r;1_!Mopd1fqJxu_dcgI7@-vAX^R
z`uVbNTxhqF=$QC>N3&hnEfn-p)uv+-Zp)NATCe|vjV)b=KMc%OhZle6l{o<^F|KyP
z+%2{91N;j{LY6Mr`=wXwt$QfG=iubOe1BaJ*p2Ui(;fxq7x6RXnh{5$3J*6$(UJ)r
zbE8Gh!%cy8T|t?uk6}0|liaAHrkWUa4}+=FJ|{!ZOi~eL9Tan0(wqT=Xn+hP>H&^2
zo14ioq4T_$I0Xg5pw;BgI3?RlH7ox71$Rp%34i9@Z1+OA_~5qIG8Mmp^uj>CF?9}$
z(jB?WCD%UN^AET=P$hA)Kc~#jsjsADY!!CcEuBmr#ZSct6v%eQ^#~^2uYKI8%>_iS
zVAWeO`RTW^SE~7F6v#J@&3eD@(sRSLeat9!w}hd~0~Wv_kX~rGNAmgfrwZ@MyK5p)
zH@$<c(W+_M0N21d)Omgk+Jz)mT+KX0$z7++!OSa7kkO=Ag{Kqmb(Jql;MT2a#Q#9d
z>GqTI7{hRi5k<4Txmto$zBoHc(ErbY<F84fD(=fA81!F~lJ<~N0%O3s)0hXU-tc;z
zHW+zyn;pni{gJ7lDyrrd_tgMkDhiX(XX;PBCVgN~`1g=@xh@po^@W{$EnzT{6ToE^
zTKpn>*3#g!wJ$><hC?S^U<;o>m)fShZFE<{T25^bc!c1n?&H*aK!IRgDGa!#thL4<
z1wo7E5%lw#s>>eG;pSs!M2-V>6|h$t>|4K{>OfX@*{&=uSuX38;Ejni6d`#rWe&{`
z`s`EkHN_0;p+<ww*E8aK`3^NUYUnXjxKFb_1`y?dPB$a$*}v9s=yI;wYPcp$c=WZ$
zEGNo;L}%_WWnuLqi|Jpb1@?rcEJ%AWQAX;C@q7=SN%#Y_niRyWaC*F15IZ|j+_4vf
zOSbprw`viM!<KDT(ft*vk+8Smo_qAuL6}Q=)wyGqWHUrOmT<77GUxcbh1ZTi`|i~I
zkP>~SsGXlMj}bpnw=JIsNNrzHhkF<NNucTI^jC-7V*Qp|@j|vd5$UUz-^DfLmitRL
z@rN}D@G=gLb0l7IE}1%qa8`N@<MButdB`=;c^iFALg9qErrqYgNc$%js~q8gQx=^~
za*7qpI3k2hcx!Q1SAaw)pRO;GFC5Gf1eb^X4};A(q9bBnJw3-!etT44cgRqZP`(c3
z?L@E8gm<(EPsseef$xQp%Vq&e0tHKb5t-?~ls5;q<Y#(_3Rsp<<BT=`w4QY$t2=T1
zi&zw<w<W=))^ZG7erEx&{sfXxk2|Hg`n!_pItT7lJtakj(|(8kO5K#XyrKi+q&?{T
zC<y)BjA$;X{YK%)@ou;!b~T2^xEIsIzV3D=3*{l*SnOi=n%esv?f!XlcEOk5Tgd45
zI6;rcKX_n%e9~VE8E3+|2pNU*#ihRX^tVjH#gOmf1+bp`M^KorRTxJF`>AK(x!_rg
zx<~RU>SIOoBTT5Vlw$t+ivQd~VKPe{&h1Hjds?%$i`{kcE0m*=|8q6f$${f`>r#Fa
z(Jn{4fSMJzti#*Ffy`%j>bvAS)T^r~Gy9Pf+yByo4H!~vkY3vc^XN~M+D`_0<&B#;
zK}=0`L~GK@{3wPlt^T>pr*$HD6U&`15XB>o_}6lZFl6HK{^gXx3i+p%)L22u_SX{Z
zGAWlSEt&-(&PWv1`0~BBo?ENXw$LDO)-<(10{q34&J2crLNHRtsv)$qk7@`o_J}Ni
zB<<N^^*`#8LD+Ol{&M(XBCvI~x9-PpBcOwdljrhhYQ6t_-U2w6ezJ}}zFl}8)L769
ze%L$6i!dI0*RQv}h+;V>pVeI53sSr+42tEcSCB%8p=@S~1L7`{UOhM@X_iiqHmWVc
z?@xsP5Tb2vUo~3<oE{pSu~Bo=IDZ)k|9JarU?3PnSudxu`QmgBBCH#+no#%a98<;y
zmN}3lRtvR;;T`n6y{>D2dggKZi{8Fw80eaDTG`o>YWK;_1E~btlOO|)M!`QceC+dO
zrM-N6=4krn%gsPl?Q8D1;a<IiqzA;eC&6A6M%^mVRFW=rN~5Gl)53b#Arb9I%E)y*
z1r1;~io_nm1e|RUobyWaNpalNbQr?_`gXBwG5Lu$vy<HYeAQ=e#ddP51%d!s+EozM
zja!}VKB-eDfS_#0K_H0HRZT~`{F<|tDokTgkqb9=RuTilp<9JiGw~14lUu97spJgf
zwqc&9rq!e3nN?j|JN<0W#QN*|5VsY6O~=1o@CpPkLr$I6SnGzWe&dz@afx$BT}s&Z
zhdXDs8~k`+O1heSlKmQVU@R-ZO=%D-amvxnQ;?%=-J|9*BdFHNRKeW1{9x=0Yl8lD
z$csd|ego{&(^`UqCws+vcBK|6ls}pGhE>2r#$0aA)STA+r#K&C+Rb<fArN=^I&Y&P
zia~hjuwZ%Sk{4q2-=M2oR@8^m)z99^^Y;a8fA?Iq*8J_<fk97_L!o(#r@8fyzf7+h
zXE^7J<}hx77HU=dmYu&4&}<QZssBX(Zpf;Mc~EaeJBNU_BhFCUWmk(;iPI^+1Ns5c
ziC|@D$D5Ctz%cLsjxVDdsL2I4`2<VK8=UO7-BQ2l(6PgQxq(ABx=6e<v-RoAzXOVZ
zpadyqc?jM-4b~H{xH37ewV^JrG6et!DNZObI}+Oi3Vt-iE^{w?=g9Aa1DV7c9k|VH
zMvqr!cq|)3F-+$abDa?uKdHgWW{Qcm9FmLUoQSUI`7W+rFG(QP%=3)m`W$g}O%L73
zYl;kXum8d)>3)8M6KvdBc}0Qy&jL7`Wg>gmHe6QiMgEiC&A^Yp*pF=RJu^CXzOGGk
zkNU9|*w_8FEApJmm!7l|wUp8**tmIf?f#6~0vR?WJU{SBfmo_s=C7z2)`2tG4>u8~
z>Uvu{i<K$tF4^uJHE-{r?Uz|whq;!V)T?DxU&YPg!-Ab>ix(o2f9@Jerd}(M2vzZH
zMa=XN1-jnzi?!$i%Semo^{CF=S&#ku^t+F-p<+WuL!?Jyz0WOyE+)Bz&xu0-=7#I2
zP$jVhyQ`Z!8flJ)y@aFVes@?R&^S+N=~uy7z^_fG0@SqKX4~`6YJmVZ7upcAfBP+M
zDsu}H8xLm>UE0&F#g~A2u_`|bJ#WZso#wxl>t0Ci0wvE#p#uxnNzOjg4PwebXnB-#
zf?_yjincB1%>L@RaE`xHJwceMJLG!~p(Jn_z^wT)15<X_!Mzn=igal=^GMFR8kzks
z5TL@yl;)h}5(W5UpW|x!QhPLg(nT#GF&j@%MU^H!UDh(=JeP445DQu%hR=Dlv!l9u
zl<=>*yz^>7zyx?kRt;6tZeN|+o1*Nv_;yl0G}3O*R4(A#J8mH{TUtkVBIWFy+j$oJ
z$Ma5z<b1+hs|cIz4a%EpjQe&G>9G9V`ik9MqTkADR^yf15MXKEHDWz(Ak4iB29tl<
z`HF5wO<0NFAwC&Xa>#mYWdoPLiPJHa^E)UL&~GK_=BK~&E;0-q;1dq{F$wtyYtSVW
zReVp2w{XvFhNh-YWlw8R)%k(?sDf5>W!+F0yl%(4vjj3skWvoubD5d>f{so?U_Ffa
z>Erm3bo*YXW;+X@f<g})($RbZ6K2J5E02l~E=gE7=EKKm{XbIj3*=1?9P8RKxUry%
zth^B7#pkh72nC|j+%Ja!)Y6IkH=b6jgjlk9r(5Dr75J%vv8&~TIEttO8sih7>|Q8{
zc(+!<k8-9zGpJx$*Vp6!gAgZaLu;iC2mt}4%GQYhq1$<4?`2fr4fm}jS4Y{=(=y{b
z4f42BUpR_jQ_ROjkHWwO_O)hG0rz8$L?4fQR}yS8xUHA;`Bo`hZkIvmRl%dfc(M7b
zd;fnW1zw^be7?RIH51u_qO3-Xw=61g6w5@85&k)eTl~kR>*fls5YT*qGUmtt^B6QI
z&o;fELadDhIgLUmTd_7C*L2?7*}alPM)wCBzbHSVr{k{Bsv!Wg^rJm#3)ZW?LGh9q
zNhRB#;&F@~n#a)w6V~QTc+7Abx_J>B5blKv<u%{s$Mji)ihtkb=0c2dBn%^PoRGNv
zPysz3f+0@zS_k8=yScv1r8zvd4xQWtUQj6_<2`)%zzx=~KBVh+4z=#pkyF7xIH`2j
zehoNJD}5QTL)p&&TQl`*EbpzpzB(1dMr9>AY%PSM6e%Rulkm$mK0ga$>hEEGQb%pg
z*u3g`w+%eD*kTgA!Y~Gheh#7fFX})66wiYkhTBL{WazZTzoZlA;p#Fg`%wM7>GMeS
z`Ve`*ub;FR4<6d6{pptZLX!ZLF!gn|n>*zgh4O|hxsz%PkoONN?Sd7pv<H=Z+eYk6
z&$>Zk_R(HGkaa>(k^Xpxtu9RK2>LZ`<U`llR#S>CVtumtwEn3Dn$P*KR7}x7R;o3x
zRE@H=&--fY>u<vFGkVrQyZLUgCfG{!nzrK?vrhsGYw3l7vWtV_`74KB3@4oE?K$Cp
z<&Y&r#ZW_PN+OnEY(H%|L6)4S`41UJ#X=u;GjA%|{`S6Y<gQR(o+}R4w(i}F&&FyQ
z5knKEh;7P1q2O{MXmO`u*dhaI5LPw{;}Ngtf2DY<dMija`)d%F3I-#ihvTFehE`G@
z=70{tDOdG2V~eS$2=L<JGIzBPFOu_SISjeyZ^xUA`p|vtUA9m|vnFf-RrlzjENX1|
z^*^eJg;Sn2p@hs)N`0uqCp*eEFq5mGS1wl|4P>0U^|-ec$ab2D{PvF8r_8<_z{}08
z&wUd%JYl=n)p^!~Dw(-@wBmN^ELg_L!OjRyXj%V<2V~M9t7q`f`>bKJE}GTg!<WQs
zO=4Sh0VlQB*}*e-!kIJLydc2AhJ%=qixJEGy*BU_bZp(VavGZ5R}@7OzT^0h51$eh
z-1WkTX$=4;4)5^gUeqB0{dg}k5T%Db8v~D9Ys*D&&5Mm(-usIIO}0Skg5_AP9HKes
zjUGFDoBEP}OG6L^to+)PX&I}mI)k)<L%H)X{;LI+pQ!nE<MW0B=e{cc6gLIm`r6Ah
z!EN&j@xNy}qTnWRWj$-5<Klh_g*-4vEFqaje`9~>8cNm;+@x4#99yyv%O-dFuTLaE
zO2y&YS_dLTInGfbeezmqp4`K;{L2;O{x=Q61xMq`YW;o_I~AwJD|+MZ2s&r#m$B>z
zE}q_yqY`~q4-O2JQLb=KrZ_e)#J23dfbHfT{nJ%1NTlI%orSfYek=wv9B+Wm$hguu
z*)0D(=)(|b?px5}0}&-WS({<@t)}Z)zVHUW#f<~*b6w{~Sl4jcd)DHur>Sg0-{^xs
zcNzG!klAb1aY*gol%f-AZhS+s6ZlOyJC+-{{FH(=p7Fp=7svwntAX<+v?PI!<j*yI
zpVLGmhp*8<3#;BI(ti~6g`N{=32YS(MA5g*3(lJCFQI2?o!k=id9nMFl)LtWpkh3o
zX!-zoBjD%Fer(w$QZ&mMYqy8sX<c&x71xm`2*;Lri~mjWp9#K@0Jk$GB2p?*0Ee!_
z`AWStuk-3-=OuA$b>}9_6wUOU@pD$v-OY(PD*YI>Q2<J80E-<+i}1$CtzZ*>GQM5b
z!32n)LZ10ylEtzZ{|A3>4InD+qgUB51qjXQOzCdk`h2IS54oU1z6aSFHCve+;Ovrb
zD_X5K)2({=(?RXdKv3+Cre^WrJ<zo10CIY{Xd+JjJA8j-(c|wV822t{3k^RwF1?lB
zUUg}l{Xdng+_R&IGu@fqe-UZyo#A0V5v|}0Ql9B*_!pVWoeX4s(#Z_Y6A8%&xd{9B
z_5WP@qBQ2fi|2bH;41Z4t<GFQWybNtm2Mo?c9YqVr*A_E|LdrYB+5y<=)y?O*t0Vs
zis!~fCQ80?&+yW8jga2nSuI1$yTw~yEODs(9*HfHo{MKY3aWX<ySRI=jTKua#9win
zY$IrEY!^Uo`PTw+LX=tHh|lM*fR<G2nCET6kWvcHYG^F&s9hU1y`DVu-1b~pXQo{L
zk^FZ<pUaWe<KpRglF~%N{To7Rtv&ttNFp=x<NXJFdoW3fAio1AX+5qm-Qm(dnW3-u
z?NV8~^Lr+LR(BMkcxLU!N!fsy*fV5WjJRG#N_h8On%=}7dg`WJg8A$pI+{uI4>LK?
zfMb+f5R6uXbwyMXKEDUIxWj_^od=w+nPw;DQY1kybX~|!ot1kU%S`=9zt41{Tz$!C
zJl*YeNkhv27Bo62=<(5*aE=?pV$%#Y50?$>=jasky+H`~fXF$#3(MCyTqZVti+p)X
zSlA2_`zUM&4(t|BL*plA{`0+yP=IfZa*Na_5QtB_(Qzx8UE=c#&0B^rIpvGgnE_6$
z51r=J&7{3{_b0Xs;{U_Ipxm6!h0MX9MYsHMA9IO1-n=tZR{ZA>5s~BlMd0u%uwZFs
z@4q}LhrI-xsq_~W&GyG(%b>uakRGDuE#SQp>9OkT-JPXag$4N(ky|jC<A1X&n3B~Z
zigM!WppM@^i}PsU#&Z3)o8+XCpJJ3-afMDsj-JSAo3m7ND7dx<y~h6a=$Ve+;l9P(
V%31}cB13%qWF?g(YQ>F%{||Dt5k>$2


From ee776ca3081fc7f6ec8362e93ccc3ad8e9e5f98b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Nov 2023 10:07:48 +0100
Subject: [PATCH 295/330] Bump vine from 5.0.0 to 5.1.0 (#11662)

* Bump vine from 5.0.0 to 5.1.0

Bumps [vine](https://github.com/celery/vine) from 5.0.0 to 5.1.0.
- [Release notes](https://github.com/celery/vine/releases)
- [Changelog](https://github.com/celery/vine/blob/master/Changelog)
- [Commits](https://github.com/celery/vine/compare/v5.0.0...v5.1.0)

---
updated-dependencies:
- dependency-name: vine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index ba3e83410f2..89c2aff6b40 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -16,7 +16,7 @@ python-slugify==8.0.1
 decorator==5.1.1
 celery==5.3.4
 kombu==5.3.2
-vine==5.0.0
+vine==5.1.0
 tqdm==4.66.1
 Deprecated==1.2.14
 wrapt==1.15.0
diff --git a/setup.cfg b/setup.cfg
index 151e17e7890..56a2d540c55 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -42,7 +42,7 @@ install_requires =
     decorator==5.1.1
     celery==5.3.4
     kombu==5.3.2
-    vine==5.0.0
+    vine==5.1.0
     tqdm==4.66.1
     Deprecated==1.2.14
     wrapt==1.15.0

From 3439e272d482bc9876be1cb041ab27db6623aadd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Nov 2023 12:17:59 +0100
Subject: [PATCH 296/330] Bump celery from 5.3.4 to 5.3.5 (#11690)

* Bump celery from 5.3.4 to 5.3.5

Bumps [celery](https://github.com/celery/celery) from 5.3.4 to 5.3.5.
- [Release notes](https://github.com/celery/celery/releases)
- [Changelog](https://github.com/celery/celery/blob/main/Changelog.rst)
- [Commits](https://github.com/celery/celery/compare/v5.3.4...v5.3.5)

---
updated-dependencies:
- dependency-name: celery
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 4 ++--
 setup.cfg        | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 89c2aff6b40..89e8d16ce97 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -14,8 +14,8 @@ urllib3==1.26.18
 Paver==1.3.4
 python-slugify==8.0.1
 decorator==5.1.1
-celery==5.3.4
-kombu==5.3.2
+celery==5.3.5
+kombu==5.3.3
 vine==5.1.0
 tqdm==4.66.1
 Deprecated==1.2.14
diff --git a/setup.cfg b/setup.cfg
index 56a2d540c55..f0a1e2ae11e 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -40,8 +40,8 @@ install_requires =
     Paver==1.3.4
     python-slugify==8.0.1
     decorator==5.1.1
-    celery==5.3.4
-    kombu==5.3.2
+    celery==5.3.5
+    kombu==5.3.3
     vine==5.1.0
     tqdm==4.66.1
     Deprecated==1.2.14

From bc45eafb98c629944be3e44fcb73cc71ef06d133 Mon Sep 17 00:00:00 2001
From: Alessio Fabiani <alessio.fabiani@geosolutionsgroup.com>
Date: Mon, 13 Nov 2023 12:36:44 +0100
Subject: [PATCH 297/330] fix: scripts/docker/nginx/Dockerfile to reduce
 vulnerabilities (#11637)

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 scripts/docker/nginx/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/docker/nginx/Dockerfile b/scripts/docker/nginx/Dockerfile
index 5559b30fe74..9b0fe5b4f30 100644
--- a/scripts/docker/nginx/Dockerfile
+++ b/scripts/docker/nginx/Dockerfile
@@ -1,4 +1,4 @@
-FROM nginx:1.25.2-alpine
+FROM nginx:1.25.3-alpine
 
 RUN apk add --no-cache openssl inotify-tools vim
 

From 980e4d24ea5d9b2c9ca96413807a5bdf84ba986e Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Wed, 15 Nov 2023 17:01:45 +0100
Subject: [PATCH 298/330] =?UTF-8?q?[Fixes#11651]=20Implement=20the=20optio?=
 =?UTF-8?q?n=20to=20register=20users=20without=20automatic=20assignment=20?=
 =?UTF-8?q?o=E2=80=A6=20(#11695)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Implement the option to register users without automatic assignment of contributor role #11651

* Fixes #11651: configuration rename

* Fixes #11651: configuration rename
---
 .env.sample               |  1 +
 .env_dev                  |  1 +
 .env_local                |  1 +
 .env_test                 |  1 +
 geonode/people/signals.py |  9 ++++++---
 geonode/people/tests.py   | 16 ++++++++++++++++
 geonode/settings.py       |  4 ++++
 7 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/.env.sample b/.env.sample
index 47ed2e0c24e..f43b64a7823 100644
--- a/.env.sample
+++ b/.env.sample
@@ -151,6 +151,7 @@ ACCOUNT_EMAIL_CONFIRMATION_EMAIL=False
 ACCOUNT_EMAIL_CONFIRMATION_REQUIRED=False
 ACCOUNT_AUTHENTICATION_METHOD=username_email
 AUTO_ASSIGN_REGISTERED_MEMBERS_TO_REGISTERED_MEMBERS_GROUP_NAME=True
+AUTO_ASSIGN_REGISTERED_MEMBERS_TO_CONTRIBUTORS=True
 
 # OAuth2
 OAUTH2_API_KEY=
diff --git a/.env_dev b/.env_dev
index 93b0c0e2f5c..029bd5c9de7 100644
--- a/.env_dev
+++ b/.env_dev
@@ -151,6 +151,7 @@ ACCOUNT_EMAIL_CONFIRMATION_EMAIL=False
 ACCOUNT_EMAIL_CONFIRMATION_REQUIRED=False
 ACCOUNT_AUTHENTICATION_METHOD=username_email
 AUTO_ASSIGN_REGISTERED_MEMBERS_TO_REGISTERED_MEMBERS_GROUP_NAME=True
+AUTO_ASSIGN_REGISTERED_MEMBERS_TO_CONTRIBUTORS=True
 
 # OAuth2
 OAUTH2_API_KEY=
diff --git a/.env_local b/.env_local
index 5083046741d..7fe89de6cae 100644
--- a/.env_local
+++ b/.env_local
@@ -151,6 +151,7 @@ ACCOUNT_EMAIL_CONFIRMATION_EMAIL=False
 ACCOUNT_EMAIL_CONFIRMATION_REQUIRED=False
 ACCOUNT_AUTHENTICATION_METHOD=username_email
 AUTO_ASSIGN_REGISTERED_MEMBERS_TO_REGISTERED_MEMBERS_GROUP_NAME=True
+AUTO_ASSIGN_REGISTERED_MEMBERS_TO_CONTRIBUTORS=True
 
 # OAuth2
 OAUTH2_API_KEY=
diff --git a/.env_test b/.env_test
index a5d6e909abd..b2fd6ebb6a0 100644
--- a/.env_test
+++ b/.env_test
@@ -157,6 +157,7 @@ ACCOUNT_EMAIL_CONFIRMATION_EMAIL=False
 ACCOUNT_EMAIL_CONFIRMATION_REQUIRED=False
 ACCOUNT_AUTHENTICATION_METHOD=username_email
 AUTO_ASSIGN_REGISTERED_MEMBERS_TO_REGISTERED_MEMBERS_GROUP_NAME=True
+AUTO_ASSIGN_REGISTERED_MEMBERS_TO_CONTRIBUTORS=True
 
 # OAuth2
 OAUTH2_API_KEY=
diff --git a/geonode/people/signals.py b/geonode/people/signals.py
index 1282a51ceda..9eaeaa47b0f 100644
--- a/geonode/people/signals.py
+++ b/geonode/people/signals.py
@@ -111,9 +111,12 @@ def profile_post_save(instance, sender, **kwargs):
         is_anonymous = instance.username == "AnonymousUser"
 
         if not is_anonymous:
-            if Group.objects.filter(name="contributors").count() and not (instance.is_staff or instance.is_superuser):
-                cont_group = Group.objects.get(name="contributors")
-                instance.groups.add(cont_group)
+            if settings.AUTO_ASSIGN_REGISTERED_MEMBERS_TO_CONTRIBUTORS:
+                if Group.objects.filter(name="contributors").count() and not (
+                    instance.is_staff or instance.is_superuser
+                ):
+                    cont_group = Group.objects.get(name="contributors")
+                    instance.groups.add(cont_group)
             if Group.objects.filter(name=groups_settings.REGISTERED_MEMBERS_GROUP_NAME).count():
                 registeredmembers_group = Group.objects.get(name=groups_settings.REGISTERED_MEMBERS_GROUP_NAME)
                 instance.groups.add(registeredmembers_group)
diff --git a/geonode/people/tests.py b/geonode/people/tests.py
index 58cbe579c07..f3636c975c1 100644
--- a/geonode/people/tests.py
+++ b/geonode/people/tests.py
@@ -455,3 +455,19 @@ def test_password_validators(self):
         }
         form = SignupForm(data, email_required=True)
         self.assertTrue(form.is_valid())
+
+    def test_new_user_is_assigned_automatically_to_contributors(self):
+        """
+        By default the contributors group is assigned to each new user
+        """
+        new_user = get_user_model().objects.create(username="random_username")
+        self.assertTrue("contributors" in [x.name for x in new_user.groups.iterator()])
+
+    @override_settings(AUTO_ASSIGN_REGISTERED_MEMBERS_TO_CONTRIBUTORS=False)
+    def test_new_user_is_no_assigned_automatically_to_contributors_if_disabled(self):
+        """
+        If AUTO_ASSIGN_REGISTERED_MEMBERS_TO_CONTRIBUTORS is false, each new user is not automatically
+        assinged to the contributors group
+        """
+        new_user = get_user_model().objects.create(username="random_username")
+        self.assertFalse("contributors" in [x.name for x in new_user.groups.iterator()])
diff --git a/geonode/settings.py b/geonode/settings.py
index db383d7e8b4..2224bce108f 100644
--- a/geonode/settings.py
+++ b/geonode/settings.py
@@ -2368,3 +2368,7 @@ def get_geonode_catalogue_service():
 DEFAULT_DATASET_DOWNLOAD_HANDLER = "geonode.layers.download_handler.DatasetDownloadHandler"
 
 DATASET_DOWNLOAD_HANDLERS = ast.literal_eval(os.getenv("DATASET_DOWNLOAD_HANDLERS", "[]"))
+
+AUTO_ASSIGN_REGISTERED_MEMBERS_TO_CONTRIBUTORS = ast.literal_eval(
+    os.getenv("AUTO_ASSIGN_REGISTERED_MEMBERS_TO_CONTRIBUTORS", "True")
+)

From 5eba04acd43c783178c1e4ec4f834b0163b318a7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 16 Nov 2023 09:11:06 +0100
Subject: [PATCH 299/330] Bump owslib from 0.29.2 to 0.29.3 (#11686)

* Bump owslib from 0.29.2 to 0.29.3

Bumps [owslib](https://github.com/geopython/OWSLib) from 0.29.2 to 0.29.3.
- [Release notes](https://github.com/geopython/OWSLib/releases)
- [Commits](https://github.com/geopython/OWSLib/compare/0.29.2...0.29.3)

---
updated-dependencies:
- dependency-name: owslib
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 89e8d16ce97..6d014b23a82 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -54,7 +54,7 @@ pyjwt==2.8.0
 
 # geopython dependencies
 pyproj<3.7.0
-OWSLib==0.29.2
+OWSLib==0.29.3
 pycsw==2.6.1
 SQLAlchemy==2.0.21 # required by PyCSW
 Shapely==1.8.5.post1
diff --git a/setup.cfg b/setup.cfg
index f0a1e2ae11e..4d9d9f70ba1 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -80,7 +80,7 @@ install_requires =
 
     # geopython dependencies
     pyproj<3.7.0
-    OWSLib==0.29.2
+    OWSLib==0.29.3
     pycsw==2.6.1
     SQLAlchemy==2.0.21 # required by PyCSW
     Shapely==1.8.5.post1

From 5abfa5edb38df9b9334219ce0b44d6e50a5fe44e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 16 Nov 2023 10:34:17 +0100
Subject: [PATCH 300/330] Bump black from 23.10.1 to 23.11.0 (#11685)

* Bump black from 23.10.1 to 23.11.0

Bumps [black](https://github.com/psf/black) from 23.10.1 to 23.11.0.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/23.10.1...23.11.0)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 6d014b23a82..0be1fad8588 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -153,7 +153,7 @@ invoke==2.2.0
 coverage==7.3.1
 requests-toolbelt==1.0.0
 flake8==6.1.0
-black==23.10.1
+black==23.11.0
 pytest==7.4.2
 pytest-bdd==6.1.1
 splinter==0.19.0
diff --git a/setup.cfg b/setup.cfg
index 4d9d9f70ba1..615f210196c 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -178,7 +178,7 @@ install_requires =
     coverage==7.3.1
     requests-toolbelt==1.0.0
     flake8==6.1.0
-    black==23.10.1
+    black==23.11.0
     pytest==7.4.2
     pytest-bdd==6.1.1
     splinter==0.19.0

From 82eeca1a7181afec27ebafdb6eae57d2f80a9643 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 16 Nov 2023 12:11:14 +0100
Subject: [PATCH 301/330] Bump twisted from 23.8.0 to 23.10.0 (#11664)

* Bump twisted from 23.8.0 to 23.10.0

Bumps [twisted](https://github.com/twisted/twisted) from 23.8.0 to 23.10.0.
- [Release notes](https://github.com/twisted/twisted/releases)
- [Changelog](https://github.com/twisted/twisted/blob/trunk/NEWS.rst)
- [Commits](https://github.com/twisted/twisted/compare/twisted-23.8.0...twisted-23.10.0)

---
updated-dependencies:
- dependency-name: twisted
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 0be1fad8588..dafc116d199 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -161,7 +161,7 @@ pytest-splinter==3.3.2
 pytest-django==4.5.2
 setuptools>=59.1.1,<68.3.0
 pip==23.2.1
-Twisted==23.8.0
+Twisted==23.10.0
 pixelmatch==0.3.0
 factory-boy==3.3.0
 flaky==3.7.0
diff --git a/setup.cfg b/setup.cfg
index 615f210196c..71743233c82 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -186,7 +186,7 @@ install_requires =
     pytest-django==4.5.2
     setuptools>=59.1.1,<68.3.0
     pip==23.2.1
-    Twisted==23.8.0
+    Twisted==23.10.0
     pixelmatch==0.3.0
     factory-boy==3.3.0
     flaky==3.7.0

From ae45e105af3df4a0f66d2102d01016b7e6068839 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 16 Nov 2023 14:51:30 +0100
Subject: [PATCH 302/330] Bump amqp from 5.1.1 to 5.2.0 (#11688)

* Bump amqp from 5.1.1 to 5.2.0

Bumps [amqp](https://github.com/celery/py-amqp) from 5.1.1 to 5.2.0.
- [Release notes](https://github.com/celery/py-amqp/releases)
- [Changelog](https://github.com/celery/py-amqp/blob/main/Changelog)
- [Commits](https://github.com/celery/py-amqp/compare/v5.1.1...v5.2.0)

---
updated-dependencies:
- dependency-name: amqp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index dafc116d199..97cd13a34b6 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -5,7 +5,7 @@ psycopg2==2.9.9
 Django==3.2.23
 
 # Other
-amqp==5.1.1
+amqp==5.2.0
 beautifulsoup4==4.12.2
 httplib2<0.22.1
 hyperlink==21.0.0
diff --git a/setup.cfg b/setup.cfg
index 71743233c82..b80f4177d0c 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -31,7 +31,7 @@ install_requires =
     Django==3.2.23
 
     # Other
-    amqp==5.1.1
+    amqp==5.2.0
     beautifulsoup4==4.12.2
     httplib2<0.22.1
     hyperlink==21.0.0

From a76480fed90746e49e1278fc33fec8f080fb3702 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 16 Nov 2023 14:52:13 +0100
Subject: [PATCH 303/330] Bump jsonschema from 4.19.1 to 4.19.2 (#11661)

* Bump jsonschema from 4.19.1 to 4.19.2

Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.19.1 to 4.19.2.
- [Release notes](https://github.com/python-jsonschema/jsonschema/releases)
- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/python-jsonschema/jsonschema/compare/v4.19.1...v4.19.2)

---
updated-dependencies:
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* - Align setup.cfg to requirements.txt

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afabiani <alessio.fabiani@geosolutionsgroup.com>
---
 requirements.txt | 2 +-
 setup.cfg        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 97cd13a34b6..81a794a4559 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -20,7 +20,7 @@ vine==5.1.0
 tqdm==4.66.1
 Deprecated==1.2.14
 wrapt==1.15.0
-jsonschema==4.19.1
+jsonschema==4.19.2
 zipstream-new==1.1.8
 schema==0.7.5
 rdflib==6.3.2
diff --git a/setup.cfg b/setup.cfg
index b80f4177d0c..37e8ae01318 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -46,7 +46,7 @@ install_requires =
     tqdm==4.66.1
     Deprecated==1.2.14
     wrapt==1.15.0
-    jsonschema==4.19.1
+    jsonschema==4.19.2
     zipstream-new==1.1.8
     schema==0.7.5
     rdflib==6.3.2

From a655d8db27ce631e69fa74c70c08e0fb688caa77 Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Tue, 21 Nov 2023 12:46:15 +0100
Subject: [PATCH 304/330] Control read only mode with environmental variable
 #11710 (#11711)

* Add env-var to override the readonly mode

* Fix flake8 issue

* Add test coverage

* Add test coverage

* Add test coverage

* Fix broken test
---
 .env.sample           |  2 ++
 geonode/base/tests.py | 11 +++++++++++
 geonode/singleton.py  |  5 +++++
 3 files changed, 18 insertions(+)

diff --git a/.env.sample b/.env.sample
index f43b64a7823..962f5a82258 100644
--- a/.env.sample
+++ b/.env.sample
@@ -253,3 +253,5 @@ RESTART_POLICY_WINDOW=120s
 
 DEFAULT_MAX_UPLOAD_SIZE=5368709120
 DEFAULT_MAX_PARALLEL_UPLOADS_PER_USER=5
+
+# FORCE_READ_ONLY_MODE=False Override the read-only value saved in the configuration
\ No newline at end of file
diff --git a/geonode/base/tests.py b/geonode/base/tests.py
index d61b021ad66..f3741425074 100644
--- a/geonode/base/tests.py
+++ b/geonode/base/tests.py
@@ -666,6 +666,17 @@ def test_maintenance_true(self):
 
         self.assertEqual(response.status_code, 503, "User is allowed to get index page")
 
+    @patch.dict(os.environ, {"FORCE_READ_ONLY_MODE": "True"})
+    def test_readonly_overwrite_by_env(self):
+        config = Configuration.load()
+        self.assertTrue(config.read_only)
+
+    @patch.dict(os.environ, {"FORCE_READ_ONLY_MODE": "False"})
+    def test_readonly_is_not_overwrite_by_env(self):
+        # will take the value from the db
+        config = Configuration.load()
+        self.assertFalse(config.read_only)
+
 
 class TestOwnerRightsRequestUtils(TestCase):
     def setUp(self):
diff --git a/geonode/singleton.py b/geonode/singleton.py
index def45c9a430..d6607475716 100644
--- a/geonode/singleton.py
+++ b/geonode/singleton.py
@@ -20,6 +20,8 @@
 
 # Geonode functionality
 
+import os
+import ast
 from django.db import models
 
 
@@ -38,6 +40,9 @@ class Meta:
     @classmethod
     def load(cls):
         obj, _ = cls.objects.get_or_create(pk=1)
+        val = os.getenv("FORCE_READ_ONLY_MODE", None)
+        if val is not None:
+            setattr(obj, "read_only", ast.literal_eval(val))
         return obj
 
     def save(self, *args, **kwargs):

From 7cac111e745430fb54ee4142410d7bb756d7d720 Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Thu, 23 Nov 2023 18:35:53 +0100
Subject: [PATCH 305/330] [Fixes #11716] extension for remote document is not
 saved (#11717)

* [Fixes #11716] extension for remote document is not saved

* [Fixes #11716] fix formatting
---
 geonode/documents/forms.py | 6 +++++-
 geonode/documents/views.py | 2 ++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/geonode/documents/forms.py b/geonode/documents/forms.py
index 286f98e0a6b..42671e98172 100644
--- a/geonode/documents/forms.py
+++ b/geonode/documents/forms.py
@@ -130,7 +130,7 @@ class DocumentCreateForm(TranslationModelForm):
 
     class Meta:
         model = Document
-        fields = ["title", "doc_file", "doc_url"]
+        fields = ["title", "doc_file", "doc_url", "extension"]
         widgets = {
             "name": HiddenInput(attrs={"cols": 80, "rows": 20}),
         }
@@ -159,6 +159,7 @@ def clean(self):
         cleaned_data = super().clean()
         doc_file = self.cleaned_data.get("doc_file")
         doc_url = self.cleaned_data.get("doc_url")
+        extension = self.cleaned_data.get("extension")
 
         if not doc_file and not doc_url and "doc_file" not in self.errors and "doc_url" not in self.errors:
             logger.error("Document must be a file or url.")
@@ -168,6 +169,9 @@ def clean(self):
             logger.error("A document cannot have both a file and a url.")
             raise forms.ValidationError(_("A document cannot have both a file and a url."))
 
+        if extension:
+            cleaned_data["extension"] = extension.replace(".", "")
+
         return cleaned_data
 
     def clean_doc_file(self):
diff --git a/geonode/documents/views.py b/geonode/documents/views.py
index 66b8df09bb7..127b287fd26 100644
--- a/geonode/documents/views.py
+++ b/geonode/documents/views.py
@@ -173,6 +173,7 @@ def form_valid(self, form):
                     owner=self.request.user,
                     doc_url=doc_form.pop("doc_url", None),
                     title=doc_form.pop("title", file.name),
+                    extension=doc_form.pop("extension", None),
                     files=[storage_path],
                 ),
             )
@@ -186,6 +187,7 @@ def form_valid(self, form):
                     owner=self.request.user,
                     doc_url=doc_form.pop("doc_url", None),
                     title=doc_form.pop("title", None),
+                    extension=doc_form.pop("extension", None),
                     sourcetype=enumerations.SOURCE_TYPE_REMOTE,
                 ),
             )

From 628e5f1e76b430349f4e671d4557af344c7df572 Mon Sep 17 00:00:00 2001
From: Gleb Kilichenko <hlib.kilichenko@pixida.de>
Date: Thu, 23 Nov 2023 20:53:28 +0100
Subject: [PATCH 306/330] overriding update method in dataset serializer class

---
 geonode/layers/api/serializers.py | 33 ++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/geonode/layers/api/serializers.py b/geonode/layers/api/serializers.py
index 3d39fdefe20..864e2af1c73 100644
--- a/geonode/layers/api/serializers.py
+++ b/geonode/layers/api/serializers.py
@@ -17,7 +17,7 @@
 #
 #########################################################################
 from rest_framework import serializers
-
+from rest_framework.exceptions import ValidationError, ParseError
 from urllib.parse import urlparse
 
 from django.conf import settings
@@ -195,6 +195,37 @@ class Meta:
 
     featureinfo_custom_template = FeatureInfoTemplateField()
 
+    def update(self, instance, validated_data):
+        super().update(instance, validated_data)
+
+        # Handle updates to attribute_set
+        allowed_fields = ["pk", "description", "attribute_label", "visible", "display_order"]
+        if "blob" in validated_data and "attribute_set" in validated_data["blob"]:
+            attributes = validated_data["blob"]["attribute_set"]
+
+            for attribute in attributes:
+                for field, _ in attribute.items():
+                    if field not in allowed_fields:
+                        raise ValidationError(
+                            f"{field} is not one of the fields that could be edited directly. \
+                                            Only {str(allowed_fields)} are allowed"
+                        )
+
+            for attribute in attributes:
+                try:
+                    if "pk" in attribute:
+                        attribute_instance = Attribute.objects.get(pk=attribute["pk"], dataset=instance)
+                        for field, value in attribute.items():
+                            setattr(attribute_instance, field, value)
+                        attribute_instance.save()
+                    else:
+                        raise Exception("Primary key of the attribute to be patched not specified")
+                except Exception as e:
+                    logger.error(e)
+                    raise ParseError(str(e))
+
+        return instance
+
 
 class DatasetListSerializer(DatasetSerializer):
     class Meta(DatasetSerializer.Meta):

From f7f0cac8a5c2cfff77777fefe279161523aabd42 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Tue, 5 Dec 2023 12:36:56 +0100
Subject: [PATCH 307/330] Increased doc_url (#11748)

---
 .../migrations/0038_alter_document_doc_url.py  | 18 ++++++++++++++++++
 geonode/documents/models.py                    |  2 +-
 2 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 geonode/documents/migrations/0038_alter_document_doc_url.py

diff --git a/geonode/documents/migrations/0038_alter_document_doc_url.py b/geonode/documents/migrations/0038_alter_document_doc_url.py
new file mode 100644
index 00000000000..8b29c3b31da
--- /dev/null
+++ b/geonode/documents/migrations/0038_alter_document_doc_url.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.22 on 2023-12-05 10:13
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('documents', '0037_delete_documentresourcelink'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='document',
+            name='doc_url',
+            field=models.URLField(blank=True, help_text='The URL of the document if it is external.', max_length=512, null=True, verbose_name='URL'),
+        ),
+    ]
diff --git a/geonode/documents/models.py b/geonode/documents/models.py
index 78292dfc8c9..d7650f5b0ae 100644
--- a/geonode/documents/models.py
+++ b/geonode/documents/models.py
@@ -47,7 +47,7 @@ class Document(ResourceBase):
     doc_url = models.URLField(
         blank=True,
         null=True,
-        max_length=255,
+        max_length=512,
         help_text=_("The URL of the document if it is external."),
         verbose_name=_("URL"),
     )

From 849265c2af11623410170e1756aa828abf70af31 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Wed, 6 Dec 2023 12:05:24 +0100
Subject: [PATCH 308/330] [Fixes #11752] Render remote docs with document embed
 template (#11753)

* render remote docs with document embed template

* removed unused import

* revert removed unused import

* removed unused import
---
 geonode/documents/views.py | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/geonode/documents/views.py b/geonode/documents/views.py
index 127b287fd26..ca72be2f6a4 100644
--- a/geonode/documents/views.py
+++ b/geonode/documents/views.py
@@ -85,8 +85,6 @@ def document_link(request, docid):
 
 
 def document_embed(request, docid):
-    from django.http.response import HttpResponseRedirect
-
     document = get_object_or_404(Document, pk=docid)
 
     if not request.user.has_perm("base.download_resourcebase", obj=document.get_self_resource()):
@@ -106,8 +104,6 @@ def document_embed(request, docid):
             "resource": document.get_self_resource(),
         }
         return render(request, "documents/document_embed.html", context_dict)
-    if document.doc_url:
-        return HttpResponseRedirect(document.doc_url)
     else:
         context_dict = {
             "document_link": reverse("document_link", args=(document.id,)),

From a24490800b20ca225632d50a9c9e214ff1623177 Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Wed, 6 Dec 2023 16:43:26 +0100
Subject: [PATCH 309/330] Harvester error during keyword creation #11755
 (#11756)

* Add test suite

* Fixes #11755: Harvester error during keyword creation

* Fixes #11755: remove unwanted commit
---
 geonode/harvesting/harvesters/base.py | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/geonode/harvesting/harvesters/base.py b/geonode/harvesting/harvesters/base.py
index c10b4c035d5..8c616046eea 100644
--- a/geonode/harvesting/harvesters/base.py
+++ b/geonode/harvesting/harvesters/base.py
@@ -36,7 +36,6 @@
 
 from .. import (
     config,
-    models,
     resourcedescriptor,
 )
 
@@ -377,16 +376,9 @@ def _get_file_name(
     return sanitized
 
 
-def _generate_harvester_keyword(harvester_id):
-    harvester = models.Harvester.objects.get(pk=harvester_id)
-    return harvester.name.lower().replace("harvester ", "").replace("harvester_", "").replace("harvester", "").strip()
-
-
 def _consolidate_resource_keywords(
     resource_descriptor: resourcedescriptor.RecordDescription, geonode_resource, harvester_id: int
 ) -> typing.List[str]:
     geonode_keywords = geonode_resource.keyword_list() if geonode_resource else []
     keywords = list(resource_descriptor.identification.other_keywords) + geonode_keywords
-    harvester_keyword = _generate_harvester_keyword(harvester_id)
-    keywords.append(harvester_keyword)
     return list(set(keywords))

From ea71bcf303c07f918531755a4f5f639df0b23f37 Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Wed, 6 Dec 2023 16:45:26 +0100
Subject: [PATCH 310/330] [Fixes #11750] Do not send notifications in Celery
 tasks if notifications are disabled (#11751)

* Add test suite

* [Fixes #11750] Do not send notifications in Celery tasks if notifications are disabled

* [Fixes #11750] Do not send notifications in Celery tasks if notifications are disabled

* [Fixes #11750] Do not send notifications in Celery tasks if notifications are disabled

* [Fixes #11750] Do not send notifications in Celery tasks if notifications are disabled

* [Fixes #11750] Do not send notifications in Celery tasks if notifications are disabled

* [Fixes #11750] Do not send notifications in Celery tasks if notifications are disabled

* [Fixes #11750] Do not send notifications in Celery tasks if notifications are disabled

* [Fixes #11750] Do not send notifications in Celery tasks if notifications are disabled

---------

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 geonode/notifications_helper.py |  2 +-
 geonode/tasks/tasks.py          | 11 ++++++-----
 geonode/tasks/tests.py          | 16 ++++++----------
 3 files changed, 13 insertions(+), 16 deletions(-)

diff --git a/geonode/notifications_helper.py b/geonode/notifications_helper.py
index 7f2220f19e9..da265a7f3b3 100644
--- a/geonode/notifications_helper.py
+++ b/geonode/notifications_helper.py
@@ -69,7 +69,7 @@ def ready(self):
 def call_celery(func):
     def wrap(*args, **kwargs):
         ret = func(*args, **kwargs)
-        if settings.PINAX_NOTIFICATIONS_QUEUE_ALL:
+        if has_notifications and settings.PINAX_NOTIFICATIONS_QUEUE_ALL:
             send_queued_notifications.apply_async(args=(), expiration=30)
         return ret
 
diff --git a/geonode/tasks/tasks.py b/geonode/tasks/tasks.py
index bdd611fea14..1a7763d359d 100644
--- a/geonode/tasks/tasks.py
+++ b/geonode/tasks/tasks.py
@@ -25,6 +25,7 @@
 from django.db import connections, transaction
 
 from geonode.celery_app import app
+from importlib import import_module
 
 try:
     import pylibmc
@@ -168,13 +169,13 @@ def send_queued_notifications(self, *args):
     advantage of this.
 
     """
-    from importlib import import_module
+    from geonode.notifications_helper import has_notifications
 
-    notifications = getattr(settings, "NOTIFICATIONS_MODULE", None)
+    if has_notifications:
+        from geonode.notifications_helper import notifications
 
-    if notifications:
-        engine = import_module(f"{notifications}.engine")
-        send_all = getattr(engine, "send_all")
+        # for some unkown reason, notification.engine is not directly accessible
+        send_all = getattr(import_module(f"{notifications.__package__}.engine"), "send_all")
         # Make sure application can write to location where lock files are stored
         if not args and getattr(settings, "NOTIFICATION_LOCK_LOCATION", None):
             send_all(settings.NOTIFICATION_LOCK_LOCATION)
diff --git a/geonode/tasks/tests.py b/geonode/tasks/tests.py
index c3722fca9f8..13ef5151c97 100644
--- a/geonode/tasks/tests.py
+++ b/geonode/tasks/tests.py
@@ -18,16 +18,12 @@
 #########################################################################
 
 from geonode.tests.base import GeoNodeBaseTestSupport
+from unittest.mock import patch
+from geonode.tasks.tasks import send_queued_notifications
 
 
 class TasksTest(GeoNodeBaseTestSupport):
-
-    """
-    Tests geonode.messaging
-    """
-
-    def setUp(self):
-        super().setUp()
-
-        self.adm_un = "admin"
-        self.adm_pw = "admin"
+    @patch("geonode.notifications_helper.has_notifications", False)
+    def test_send_queued_notifications_is_not_called_if_notification_is_off(self):
+        actual = send_queued_notifications()
+        self.assertIsNone(actual)

From a42f9f2426de444d51ab12046452893679d5803f Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Wed, 6 Dec 2023 17:59:38 +0100
Subject: [PATCH 311/330] Fix german translation (#11760)

* Add test suite

* Fix german translation

* Fix german translation
---
 geonode/locale/de/LC_MESSAGES/django.mo | Bin 156832 -> 156837 bytes
 geonode/locale/de/LC_MESSAGES/django.po |   2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/geonode/locale/de/LC_MESSAGES/django.mo b/geonode/locale/de/LC_MESSAGES/django.mo
index 95e04cff54c2ac0d3874ac73c5d7f354f7ee4379..6f83b9fc2f3647e48b3f7da1d9d518596386b16a 100644
GIT binary patch
delta 12332
zcmXZid4P}A{=o6)I|wCFNm(*ttYa+MN=&j{6Qac~g>Ga?h(di^wJ0$um4rl6NcKW?
zE6N>Px7$Uwl0s#<Eq+qB-}^o1{PjBLS<dn~pL3q?s5zgNoc~$Lx7XEAZ%if0&i<*S
zM@Ev&zBQGcOp@f(z*I64j|@sBZ*af&ZK<Re7QH={RK}YJr;;1FKXFJZX@@&-3fIfu
z5$X$urjm!b{v$quBZsAuJMmW>i?<C=C3A7l@KieKL*f1rspMMRjs3C4ovEZgPQu-|
z3Mb&Sk*VYgJom0tQU^QWQ#cAI<6k%cCyz=cz3~_}xiCpOj!q@bsiz-HB^Tiu?1bAM
zOQ(|R6e>NQO3GntJR5spSsZ|saSYbPe9Xdk(S{CSD?EiQvFQ`3qy&zM-iNj~DLM^H
zQhzzt7o;g%#f4>P1IN%AW<Qxq8sXn@7QTpwu-W9W1eKpkC0nSscsiA|$CAX~5O>95
z_yIP+jpzhU;iXvanK0qTSe1IZ7X=@j5HGxi6{&B<N_Z46!{Sp@NfoSvKA(q|-~_CI
z&tWFMjdr*Lv++3kT%~E@xu%#&y&LjeIvGX5kxfO{d@0)T{&@Wlw8M(|VPKuGHTA*h
zbBm&z(1Cu7PN4X+VZhbU_S>NC55N|fj}_=Y*;-g2+cA?HMW=@mXQ4C6MLX&j9gog<
z20F8MV!Z$_rv81ro;(-cuYkVa9IN6@*c8WEr~hOL1xLIc>*0@>gB6|+InWWWp*|74
z{ysW`WB3HtnUP8s7fq5CXh#EHP9+U7jpo8KJQr8vdH4yMr2ocraSHn=_~3VF*8hmU
z@ITDLQnSKL8=)_DLL0gXef~Cd_l(2x_;jq#$MdPbhem8GI?*GsUhEb2Kif0Od?l6C
z!X{`#H={3%K|}gXyuJ_}*amdK1!xDKqucBdUVtaC3>KXoLS7Diz8RLnmRK9}W~W1k
zW4MsXg(uNazlnYD7&gJYIpMhn&~xB<ER7q`2DileZp@^91l_)8&kX}^i4NdetcKn2
zdb~SL!4ZFo&SX!lA4ij`$gAO?sf>oaF&eS9=t0s84f#Mcaucv6PQ%8y4KK%{^FoKs
z(d(1(QA~e8!3WyE78)3j4rnUc!E5MAw*;N(C(+O2{rzZC9>H_);`w2w)zRHk2Yvr<
zXs+}}+qnzLg>-U11!wRQy3gN1XL1m2;52&hlwS}c)C@;a&qEttk2d@Tnj7Dtq5dWM
zJDMBG>#4+KKL>690xaYHuT8-QuEZkP32mTjyxu)t9~|q$&<Nch%||;}5M73Lv<@B6
z$7phYjz;th8mVFnSyK0ZSqe5#6@4HZjYw0pp)Tl0syn*&6VU9Qibh~AX5t!jX1lN<
z9!H<A`bKOI-A!H4$li|W+NmUYltOJTEL{}7-@DL`tGpSKt|pqC&G1UhLnH7gdgQ){
znYa#pZZ8_a6X<#I8#>^>Fbm7P6_T&%TkL<o`|G&S0ZS}SB^|LV*1?zX6Z`}X+2kc5
zQZtYPFL@Ph@O3m|ThIs`LI-#zdfw9TUNv+eIp|55yEGkc^yPvF&h2P+K7?++XV8JX
zfkxyDbl>lZ^&jvo>OZ6J|Bk*_?(JaxXh*!B>jPtb723}BGzGWMe$2+w%fi>H1$q$m
z#<n;Md*U~E6SjCKbUY1>#0zMsXQ4T<0G;W2^vK<co*zfi$o!5DAYFQSC{#vAo{gE<
z9)00<G^FFuBzziO<9E>H`UG8q-Lamm2oWoX4&Z7ua^2AOdd2HQkb$I=@f6&CQ_$@<
z2aDlr=m;0#Rk#)x;%`_ggCDCa!y3M|I?U)Z^u4|45+01#PoM)Sx+X3S+HQR;;r?$$
z!H{)8Lvu4avr*{&eGJ_;&!I`S1T%3X8kz6W8UBebWwEtk0FBWlX&vi%=s<d)+kG&W
zbpMa0;2PbBZSX~`i+j;fmwY$8PzkT5UK4$OFna%y=nOQHi(-8pI`D1iKo4V0{2zMG
z)Oe5mZvzb|xc}Q=4IGYU^>lP*Gto%QLpxrEMr;eZjlM-Ams%GhR1O_TJv5TJ=<_$?
z6*v?<fab4b|J%_=T(E=9Xoz;AFC0M|NY;k|mBaEJSe4KaHr^1-MVBTI9moK5pkt%?
zXmT$>+y6AWYXke=eS4G(c2w;B&_D%r203U$SI2r^wBr%6elHr@$>@ORq7hqzPUr))
z<E?0N9!8Vz7!Jcf(-a)h9Up`jCZKEc1iD?GMU!YAR%PaIp-Z*(L)H%e4@clV{|FKK
z9yd@w7VC>Y3O_hjM0a90?*D<FH|Z`PhmlP{J9-e^Zcm~I%O*653a|+tLcakOKMBuw
zM{}q@x~8LIeJVPEd9l7cx-nkgg+w@=9Ems1prI+fF<3d89c_VzHV^IadbGpa&~xKq
zG?yMj+nIufd=~oNJT$Uz#``O=h%x+_f(?F(uGv>;P8>m#spzIK(~I#j>Q&LB_zkp!
zj8Ego3*EL|u?kMaYWOm`#2=tZx&s~P5iI5!o}e%re~UMs|15Mk3w>|_X5wP3fm_i5
z|B5zPVsp5kiPl@A1Mh_<<#4Quk6<P)z;?I^)6VqVe}>T1LPOOk)~`f!pe>s99pn8Q
zqkYlcF$m4_2V(stG?J^(Wc@hSkD<Br2Rear1?>O7lhw5fLdc)l61L$YY|8`hqia@l
zYZzE*tVR7I^o-BN;n)e?uJ57^7of?!AC16aw4J}u?OJkMc&^H}bogP>hzmB*D&FXd
zzAz9w;Ba&)R-&O@hd#d@8{s!-<jQRi?NvsTvo<=A4(JkeMF%(vP0~lx6b$Wj+>W!+
zq#C&+l{|oB@xOQqD-o%qpNIR!zX$_57k&Riw81K9vgKei%tZ%24juUY$j39uN0%u5
zT)Z(4-LI?BgJBcCi@%^J)zW{5T&VPAm|<14;d*F@8>2J6Hr9ur19<?u;578yIDk&D
z;(rPUo=&P#Fv+sf-*^qthFW4TX50r?P+z$-4DgO!sbnAZ@#vA=Yj;Sh5ojbH!v>g-
zw(}AC_y5<io_rNP)0bjd_kU*!hNeH-;Ak|t9!CfC95%(dxEOb$GoQ344E$+yruk@2
z%tJd|iRRE3XuJE+ng5LD%4sa?{!i@<+vEbY;g;wC+M*41L)U5`x<q%OS^OZHOf%5u
z7NPrp9oo(p=m5ULu6PLTxaq!ND@;40_7r@f6FTD?(2n|}_wPhQdN(%21y~bzVkRd0
zLxifLOW6~BzaJWz;phbJM+fi}+V1rI?0>h%OYy;ZXnh4<j_c8n&PmL{ng_y+x}y=e
z1?_MwI)Mr3Qa*&v{CRX&%)vWxX}n(L>yWgyzfQ;RI~RPgFFL}Z(b4G0C!oJ{o<Nso
z0XoCw=zAZ<`seZfH|PM5qf1omoA9gnVsxNw(D(Dw6nwBZx^^ScjvhxtHy`~RufhWS
z8ExQ$gJFi7(D!$sk^3Iq1t+jJo<T#M^=(+%y6ARo7VGIQ6dYl1^lLR7o#8Yzgs-48
zT!@Z%b#xOt!2h6My~F4PE<6;rT{dP?&qKd4L($xtgeHAHazLe%^S=un=Ak3)5$%VL
zbRasw@#s=Kjm~%`+Tb#D$=0LKeS&Vcowyo*LUUyP_aT=SVJ+$huyFsEJRCw+5wp2b
z0}bU3Xa{}Kfel6@GXm{s0#?B(=vQqCdf;rrd+-n%k(-aCk|8)2{aPNt>+lae+fZ~m
z8j_<28p?;zhL)fqFNoLopr6?iKZHNUE<+>H0sULCA3F0n=y|XboyaCMa@#Qz_n}Mo
z7p7g?GCzh6tDq-WOSI#@=*)*<!xUdFe1rOHKapJ2yBrJG?>QdcTXZ7i%x7qX{)K*Q
zzC)At2s-l<I1;Zu$^N&n>|_Y_W&aHk$U)brH`c?4v5wE72hbjDjHQ1LGi!q;Yd3Vp
zebA&Egq{a!bm^W&BQ^&e(5j!=|AuTm7hJ2)(d~B>t77qA!oX^y9XCOLY~GGGJT%tR
zXgd$19lwAMWH}n@b!akgiGGVN(HUPfiO&5sJWvmPu`SwQXEX^1pdlTBF4=?8sc2+o
zV-{{kBXa^BNY-y*&99E$8hr@eHR*X2JZj%Wvvxm@z@Dd4$#~p^ees(AOC>ksY-Hai
z|3eR^rl(WMG8~PwFzfeJ(iuO(R#^5-_=VIJU4n<BQ;~_LlUWoD#R7aB*Te@}{}E=~
z1<m?f(UWZgy4I7>8B9eFt{1R6u0z-MYaEM*qy7I(C6lOsiAJ#B|9p=9H;jTI9vw}i
z9Zg1;;(2u6&PI2~d+6@ijV|3$%w#v5{a2VsU2@*`TB7ZAM04dvG#3V=yXsyn<^E4w
zz^Bk8c@gdS?Rb4H+Q3HipxKQk>(9}1QsI6zG)J1D1IR;jqdS@l58|u%a=f3Lk&&cr
z=voSPFc58E96ItRu_iu;=E!<<<R{Sqo<awn6bT)i8?A-jZ-chiDcT=>eiXU{=^`2F
z!jMkkf@``MO|I4Gi^tKBWfaXQ4EY6EmwGic64ylsqt88vH839?z*@B3f1o*5fIhbm
zJqL~#O=lDyG{uUA3pwbTwnZBngl@yh=n*;x&4nfCIk6e-;QM(0BpT7bV!ixXVWwGl
z8P^+QHugYs=#eyqS`?<EAzzP%{8My>C(x0WEFP?aHq-=dsAs(XC_1y5=-R)9F6kOH
z<OS$NcA=3t7UlO>M&W-7Js(|@{^%NyK)2Hv^z->5I@4Fsh8Lm@u0yxm4s=F4(GCuy
z5&IooiV`Km`(^P;>J^dXOeftb6s{c_fqZno&q5=xI=UU*9Y?SQCTEAFy9zxAdSKxM
z(Dp{414*L;pN2+uCYoCx6<%lmeM!NN51<|VfQB&RoQ%TcERBAI>Y;1f2hEMqXvZ&M
zb9@zz#8+qs-=ItPD;k+|_*ctDSP_jt7i{hRe}aO^^iOo=htbewoSTv4aIlm?8_q2q
zY>)mv=!|#cP`m-ZMhDX5yo|zM%_GoAy@p2Q0M^En=maX3VgGlea18~w)l+E5*Px-=
zfzJ3ex`t)ThGeRM&a5VSy=AmL8tUuN8TZ0G9D*j{ig^7)Y)5@ZS@yp-%AX%bULBoz
zKOBcc(U~8_w)~PfihYSl{c>RdPhAuS{A%<)bo+jR9q<=4QdgA^OVS&?KO9~1r^~bd
zO_~?DVCY{*XY?VO1Dj+0OLQ0PM|a1!=-MBR_y3DV<P7>=*^9%#Do2~5-;V3BDULwf
zo1dm&hl_9?E=PZ0^tdEk?}LVN5c<LxbO!gL9leM)I3Hd6J(z>#Dv(^*7Bg`Y`rPZ-
z0QX^6OrKXVBe{mcE!YI-VRzhxS=gXbusfO~6R{R9M6-AYUWBD8hl8nFv_1OV5VW0q
zH0jpF`}>1@`z{R+W}y#u!FzEGntaFbQ#`9mMv{x$&>5bW8El0Es1HYTX*;^j_To}3
zQ#CB@2k85|@d~VPne{Z^WePL7FdbK5gK8Otzx@tjb?U{dXB7T>Up5+nM{z4I!|U;Z
ztgs~iLYLrYbQfgT2+7<OUAngDXSgG}%LZWy`cLkoU{X!OHTV>|E!))$XZ$lbg!(#M
zgf(h~q}_pis2@Q0_f@q+5_ZOA?2>`#jLX#x?cap%u0H61hG5!c8$rPlk3x^kiRkqy
z=oz0MufLAj)YoDi{4QQEn;jaihAv@4^t~R@VOW*=gIERUq5XZ7ox$IK6t-}|<T!wS
zT#DBVGpvX<R0n+_7Y$uUGzSKt?@hxOa1A<vZaKk$X#01g+w*bsq<saA#CtjHe+!>+
z!IA$5ZSYUL7OU3}4UI$x@(>#88ECRCM6-V-8kqvDho{kPU9&;30al}a1^RqHEZoj%
z3Kh9<FPa?Bp)+_J?cg8i{@;eaxF6m3zoEYaG8%>?%|fr|p&fOP_3_b3(R{SsSI`42
z{U!w?upFJ?hv>+^L_@wGeeehx!jrLHyis`WJoN8?i}48Fgdbw=<r(~7<sY{ihlA}?
zoIrh8lkoguWMb(gt7%y4Cg=>>qDj&fO`4H-H|C>}D$y)_6RP6|>UGh99>vo53wFdJ
z%|qlmqX$txbYhdx2tR`ty8q`=;M<a{LX%}}v;fWW{n!`Jz9Qtt?Px<&a1PEuPr~L`
zhJ$4^dXg?ibK)R2#WF3zKsumD@JOsn|H)hnxCL$KG}gq%SA}20eX$eu>F9vI#%r-u
z%kY)!i7vsM=w7^)dWBZujGu`8sc*r%uwHIP;r|IW8`I6Wu#LjySp4c>3p9)G#I-mJ
z{aEy9ol*EdjV#2*)N`&0100CXXePG60`!P2(Iz7qir1h^w*=i~o3S&VXv6+@<gMC<
zqjN%Z1sbxSur^k27tZu9cnS3f(fvO&x*6Rar_t|ynf4h;56nSxXc9W$g;)&tqPyT=
zd-lHv&IvB~eJ<J|tZ_ALLp={~$0_K({|)V^_}{__c`4f9WoQ!CLX)i#nv8wWcJDxU
z*ArN{{m^88Gfkm6h1K!K3ABMf(d4PoF?4hTnw&k*?RZCY6gsf+=*%ah9le2O`G$CZ
zJ3d7HYn*|D^1}1!KPa^0LWOHXhqs^|JdK4161sM8qgh{ohV<XjQ|Ovr(kUEBx#$5j
z08QdaXwoi;*LR`0@h5W9rjur!L-yZ{p6ySfp`3??c5$pP$NJRQqapn%UN6-pB;iG9
zB)XuH>W>b16uMg`pcC7KXW=$1<^KPYg4upBTK2kdq~@Y848pT<7@CaZ&?9*+x|Yk(
z=Qg0Zu@TLwz3390M7Lj&t|9aT(E*&n!tZ}Zw-CB>@P2OOpxbFN4#Iut3vI3sq0K{c
zV+7uZGtu30$qixcyP^ZR4SjARn*DF!J-83eu^u<F{|(s#6b$_|Y>$i38J$EMIE~Jv
z#!X@7&C%`mH?*U1*b=9pGcQ25^#Lq`mAi){y((I7jZUatclN)@)rkvTad3QKEmonv
z9u4_k^mAFfM;JgUypDP$tbxPOwSE?T?q&3&HWwY>QZ$z~q5~*E-`n1U{qH_K#RX@4
zR?qN2X>^3=qse#)+Hf@-hqch>=R_Bx9lVXt;3{;NwC@!hjCS}W4#Q=!erdXQSo?O^
zi5r8_WL$}Eql0)07Vi@VG8j$9QRvd$hju&#jlgttDQ97GT!q!~IQsmBeM3aD(A|{2
zih?s8hBh=BJwWb78=Qj9bOw52%|;t~6J4Tp=vlr8yJ4Mv;YaC2bldGj+o^tY$f0`Z
z_RK{lm`<*z;K?->3ul0ad=@&O*Q1NkwOo$vaWgv8vi-yMs)K%fo<zS98_@&o01m=4
z*adI7B|Ntj+qnOKpx`f?`nQIWwTt$|23#MC&irMpiwn_^et}td8Xahr0by5Up-FZl
zmdBpx{gG%pW6|7r2y4=R@*0IwSb)xO7y94{w4*=J7pe{n`?w9dB=?}9d;op_Su}EU
zupur&b7c<}#qY5a{)jWN<e-e?;lBM>_wAo5nNjTWoW?l~R}a25wWLk))?>zu8ZzMS
L)fMKaCcXdvaA72A

delta 12327
zcmXZid7zEe8i4U{Z)B`A7?L>Vu}qO6L{6M2Aw!5lhD1?_Xr~DwnxsgE6p|rsM>i=-
zgi@DElm;}Qx(aoZy3cdg`s=sWH>}}Z?^@qJW%2uk=f7Wg)%rS_cT-8Sr*A6ho=%eI
zZcZh~k|a6NKb72p-w#M7OS#|UmQ->BrU#{xi?H|LRB}D{#|=p(*|-xQ<$8%*L;Z!J
zspJ8!AI1l9_-(1=cKi)TWB*~PWC89SmdYf(D2yMTO4{Qd?2DCePbGEmLEMXL@gAIU
zM=EK8MMtEPnwX8#@D7}cr?DSS8JS9Y;!$jPev-7kGnF)^K4DTSDT%LP2mD}CCY4mC
zP-b!}DS<7q2zJGD@Fu(nM`AUciB)hN+R%P%fhVvzUOFX}6vC0wd(ieCjLyKq)Sr#@
z7cvws=fX;~furaQYd(@n>f-=>4xh$D*l=oCf(xgmk`JginVw3n!h*!#5MPT0a0AxG
zchL!)z;bxrj4<K)Sb=(`I|Uyc8!s%w3#sqGviJj5!~!!@NqMY}KHm;6z_C~cpTI0!
zfp)kPYvWJob7dY2&s~aH)H@>2Ws*B6II>64HGc)|_{(_xPqf1e9uEV%8e35xh(5O@
zx)~klx99{4JP`(50d2n(+Wt-03}<2)`cHP`707nX;zs((Fycz+Oq!z|^@`q&&iE;G
zW~*X-8<wViC|>^?eZTZm;r&KffqEBggrls}f3lo{BmNLC#>03CmYx-Ipe?qhJ`TP9
zCOU(oI0dUeol0KGpCqrM1HEZ(DyfGP&|FxFXX3x`Y<vez(p{J-NZ|_#K6nt#`ori8
ze_<6Y@?4l{UG&AP(T2L9&-X`n&nPT~Q)7J*o=g38G-5l@iGCmJ`R1|z*`7(cd8wp2
zHb5KdjlM7v4e9iF{Y7+O>(K#kLp%5g-DU^yJp37pWBU0J^7GK=8)7kRhBdI=^O?}$
zNG@b?VKN%(rPvFPVnb{<KRkCYdJa5^XW@FZ!R@iW2eYVuk8a;W3&Mb#p##XlO4t!Q
z<DD4_j`%%vCVON3Cp5WI3&TNkAsX`fXvA8h2T6A{<Ts;{8;i|x240FEU;|7q3LQ2=
zuTQ~;FtdSz543q9G;lXMphwXT7NRHJa&)HeL_do6zeJPrdo(vnE)Fv-k7j=r^!+Q*
zT<M9na~qNinPe;lXYdrd&tE}jvL9{WIC}7$`(lVteH=+W8*O+U+VD;^H@-nb{Y&%&
znj5FkWIyAj(EeFi-2Gpff(<mpeApIkpnbgFDPHd%>x0k;jg3x6J6I51j&_ub4(Kg3
zxj#T7dJ>CbvV<jd{}-cR17*<%s-Y37hc=Xhexy2~Yd;#z?x|=5=3*AEK_j;t>)~Pa
z`Lau6d+2V;K_lA_Gc{64avy~nTv)a&e7|?29hZ4IBwa-`IqPFn%tj+{AA00IiCLJ7
zKDP&r;1M(@j-dno6RTj+<std%EocAx-OuGhTg>-LD#^k2SQDSZ&G<GNvWHiMNIi}m
zc*%2UgA37!ZABySH9EkP(IP9ud*#r9)Id+lrYkeyMt3fF;PgYYa{{{k9zh540veH>
z=)V6f*1y9usQ-+<e*%54_^M#dXdCRz^**t_8f|BLhJxE?FV@DwtHal-5qc1H#Wpw_
zd*GMY6&t-8I-Z6`;t4d=v(cPbfX;LsdgQ*3o*#$M$ech2kSV+-6iTBbuZCIJ3Vop;
z8q$$y5>7_f_!Ts{-bR<;lUP56My&YSFo0%g<T{}3T_3LxKn9XYMp1D4O+mNc94vs(
zqa$35m*ZMog2%8}nx9br3TyaMZkW-#=zDw6CEOpcA3-DW59Te+y3lS-Ead)gLcx%=
zMniK0I<sNu{=FaFHZ##ATZ&n@5sl2Z=nVfrmoj-h44@9WB$vl}Had{b=yvaqh28(d
zDY!;=<CXX%*1|n#sPq3jyif|Spk5JuzCU_D6MY<w<l<P*MF+kO9q0k9hW|s)nF?>P
z|81Za1^0gotcrutte%0+Y!(`cd1%MW(THtDx6xN<<o-e<RD69HNOd%lP0{B&ViO#Q
z9zgTgv;XaA0~hRIGa8~@=nDtY22P>R6@QZsIIv2gA*{0@*c9zJ8y(1v=s-tAr=x4X
z6m9>V=<W^dfA{SnF4$4>R%oCE8p;}IL(O8nJKFJ(SicJm?ZfDR=b{l?gHGrTwBz^D
z<UD{T^^bTP{*j^Jh;Dg1yf7MFn+MVD@+g`_^RNOle+gZx_cyY3_!|z#J2!<0eTy5Y
z{}}5_-U&ZARz`PWC+`1_o;R7Ccf-g=qaBS$x7$PL!LkWWqAl1Ezec|SB{zrXJE1w$
z6J66`u|5@@z`R&r5#1QC??xh=Ne;#vC(+OpelJ)$S}ocL4Q)2s;WcQ7H=*aoy=acy
zkG3-f4f$;Jy?JP4UyS!xVLoH{76lu82VJvI(VRGlCeuG?WX{`?N+w}h^eBD-?cg-F
z#e7@Cwr!8)sgJ=*_%yo2Z=gxK10Co=EZ`a*q3}E&i#Hy7KXf=7eQ*J0;S#Kh@1q0$
zFWO+fZQ=ffX#H|@;Mb!`IT$No2D5MhX5%KzIMYJgLue|Yp}IKM8=^VT63zNH@qWi>
zcXW63MYH^#SbqwQ<Z3io--`7g(Omi+oj~y&?Eiseb)_94<d1w1w&7xI!vp_D*X$p3
zV1+*nKc&t=&-kV|4BMjH^<QYiThJxji$>r8+RmTocFn&tJXdCCCj79tm<u-0B;II`
zzR(9<+rj8ktU^PZi$1>{>*JT`0E>SV+AEDFXJvFCt<fcDj}CAcnxyw-C>Yuq_z^yf
zCe_f7Q^|ce0)NF{u`H1~^q+7)y*mu35c>YvXoF?YWUGOfVN-PABhi76MLwR%baaU_
zGvkeU=ze__Js39OzwsCJq+0e#$c0j$h8dPc8?KIqxDGnwt73fsI*@ztTAYTS8~e}+
zmi#Pl;F+W>1(U2A`Wvq{+E8P>ff;whwbWPb2?M<4^Hj2*`Y80szJ6~=sv&43?#H?~
z9c^a=`uG1Av3?3Kp?<+WmyrF}j)I}-i8eSKO|A#f0nNllI2T{RUFggweh~&f8J+2L
zG$-bv9j-!iXeZk4=jhCTMswvjp5y-ii$V=N>&wt^V{`y5(FQx9Yt;u`qTA3c9*-u|
z<LGmX(fyx`4sa(rfKTx{{2J}J-u_?{%s8S}6nvpAI^%26j(Vc^Z$(3T2iC&{SPge!
z7M?;QRQ9V7kuK=_J<!MuMkg>99l#{C-5Fo8|J@!>#Ruo1^_AEF*P$Psqv)Dd{5s62
z6B>bDXzq+aComda$_ePqA47M=9K0Qu#p`9h2}xV|n@s$^bHN9@qaz#`9gdECH2O>D
zL3C*rpfg;7zPBOPKZy6gL<e{nU83aM@T>Sdbf7KJ_p>t;e6TCJc0<vQ9za7kAN?G!
z#vS-G+Q1tJ!VEW|@9#h(_bs{$j-WYp5)F0M!LYPd(d}A4)-yR29AQ`VYc&|1;WRXa
z&!970gpT;t=q7Z4|3QDO9zZ8>_Mx!ts$mxOZ1fv55Y4TLXwpwd4ya6W=69jPY;>fZ
zqdm}(_CW_Y3SElH=!|Ef4K7EQY#sXC+vs-Ng}L|xnj`bS54p4$t5e^HdHX;A4<TeF
zu{Jj<prO1L?Vvk4u>NRdhM*md#_~7?{i-cR51dVSH-3#q<c1$p$q*cYel7Q5NBkX&
z7>c%sLvnORLpcF$Xek=<E%Ewi=w~+Hk?^P3MQ9{iqkk**KxaM&Jr7o)6WN4DZaZe-
z=jhV?i5b_n=+V$&8T908jCR}|o%tZF$5A{Cmr{TJCz6YL&d=fcoxg<l7XLTo%)4lW
zK14q@-=Il*5S{rEyaSsZWB*%Nek_FgqF+M<YM^V>6)(nnv8K<V2heADDHi@M%&Y~P
ztR2u9cSDn|FM1w~LznJRG-7km0j>Ux{cp(Daly6v0Ns9vumYx!hk;c_JFbiV*zAWk
zJTTVBq3zs@cKif7kQHdCbJ1kp8vP1gqLUd4CQ+di;eqPti!IRx+o4H#BO1~n=#q_(
zPDLa0ELOqIXk?C{1IaoW*1TD?cXR@}YclgFc+|d#X6;@aj$M9FCF5`t_QvLaq>?`P
zEV6Ht|Dgv{z5k_>)i@lV!>m73$u+nETVSzM;TKYSbP4W_PDLh~NoG?p6bo=Nu89v^
z{#TfB4x077(UWa7y4DlX8B9eFt|zcE=Avu+1&+o8(VnMM$-~q?MkCncZ=YlT4WeL(
zheyYu9X*UL#bfBceHPsvuc5o+6LjegVHUfgz&~LkRmpkVYmBzj2F;a@XfE_echy~3
z%>6&k0!~7c<Vm#Sm*e%dXagJ3gXR-7S$~e6kqY<Ap*d0?9Y8jk8=cTx7>^6_>3F|s
zI-O)}=qd_!&<AZ`Bs%hkuo})pb7UPl@}uYge?<p=3hkg!zF;Nvehaj{w$YyG^TW_3
z7?&@d$qVTeF1V&k(Byg*eep0FveRhD&&r?9J0Z)Vk+?eAAAN2-R>kS)0M?@IzKQ18
z7WBE#(R1K%{!BXWph*gZ3pLO+ZHYG27u|*rqeti*G#8el=fq~TgKy*gqi96`jP-NR
z2s6#Xid?UQwXrigp-hHCbqX`kkgr2S{ti0BBj`x;7Yvp`8>)*o)FocO51rX8bnRb4
zmvjvp@-65@cB7H_F`79=p#vArEEGoC6J6sW=ytjt{d_)&&h#0y;YDbJx#)J=fzD_b
z+Q9)dVkgk0$X7VLUksa4FNq{)Ch0^WZ|%?sOh@<oY%~I|Mz^E8;~+M}Q)tp%RwSKw
z4s=G7swdjs5Og5p(1A}wBRdPttqpnC*?%8Xu;YDb2j8I~JdN)6!bQ`0AED~#+IB;8
zV>o&MJ%x?&IW!WVq8)sRF5Q38$eh7{wXBaN(Fo*VEBF6{6ilY~(3u}VLw6c4;b19x
zW@xzSS;1E5?}K(Y3I}2r`~n?F-LunqznX`jk$N7D$UdxrN6`tCEYAMVq0pQ{Eu4gg
zd<`0^9q5dYqia~~oRCZ<(3w?4uQ!giLPLEuI^*l{Y8-$j;mUY@J!VtiaSr?68|R)I
zMqVDBc@G?e1JRJ~$2R<uIE1~4NX-&q0Fz3F0Y4Xg4c)#wu`T|BM(VOsVM)58_Xnd(
zKDiY8-=ukh3x<9nI-~Vy4s4F~kI`MQ7u_9Sp=*CA-v0@W$Vv3QVx_~tN=NIVxpXx)
z!XapT^D`9ea4{~z73dF)&KHF1-Oy0>MPIlboxxpbM^B;+&PUh&GrR<gmm#^ZC1&A7
z^tpvt7eB}AFjM5hbkdqaFKmeOup92iDp;#*uoIdiW3W0dLbG@Wmc)V=g@dVFv=#c?
z0JNRyXwt2T_xA=f$!Q8cm{l%3n1f@f-;O5VkGK_6<<m(^+=kAuNLH{3_M<)+&86+=
zHrs<Mv1o;`v~QsAe}YZ0L`CZvzRMKmaA5|n#aflpdB6R>#>&*wmD73uy{{S?f&1`7
zT#lXbo+@EUK17$`XLJ`-s~VEI9=dcb(F3auy36`vA^K15reIP{#C13c-IiBW3upWz
zID~pGF2f4dL(=ZRUex!Y`}?vQAqm^zYIaE<bjHPNh4!yQcUL!bKm#yivJIi&h=-v^
z<{0$)6!eUr9<MLN+SJ!#P5dTaFIGD=Tn=69+UR?oql2&l_3>C9=b`;=sGZK_9hF<T
zU~=q3KQ8Hu!wgHJ4OKy3Xo`le4VnWtqVG+^*|-LsK!;0$ebA%$4s?4yfS$C^ppkg(
z6867^ce&um|ARL82e!xZbwWc!(Sb}rL;X0KY>UwBUxh|y3to)Ju@F|Q8?1$us9%ac
z-vjfubB4l&T(}EOj+y8TUPe236W#yY&=>cj`~DdEJK!{$q*?XC^=!1GPO&~JIx#vO
zZTA`U0L#2c!3eBCXSg06`NwF;_o5FTL_>Hq*3<RFb4Ad<1J1)A@jBdyO&g?>_wX-V
zgzsFM&if}^gBphC4<HlEBw3BZTGvHq))GyU_Gr=!#ZfpNja0tN!Z)EjZlGQj9q1uE
z3xB~J{2Ps2yT;*s>48pcA{yaG@O=0GTnc<!lGSLktc`9#vwSc1#sW=3ZuCPNnu7E3
zar7i?&@>z@!_kv;37Ql8u@M$+76#H9J%Wc~E&5O9TEMMnL&vci*10_V8t#rAsLwzL
z^aYxn1)GPjTo-f+=0x}4&D2Y@2xt5l>`Q$sj=<_I(|P|A>RHTO#)WMZ8esa0U?Vh(
zZ^hSfHu|yX+$x>-k46^ZrPOP*4g>6i&S(}k!!76$oA1hWG8CJmOScr=Wt;IDJaQ%b
z-;p<I6OPW&(UoY(e!v=7K0BQ0Id}o}@#y}a72S;Pj^pU}zUWoyq&wC?b7&$u;6+#f
z_n^CA|5faN51b=h@caA^y8p|yP3Qfu*lZj`eG0nokD(o<+l3SI0<^)4&?Kyc)$w99
z8M~qF-h%F~2QhE^p~?PYhC*Wsuf`ik&<6fMlcz#X=;&HBIXk1<@s{W?bYP><nLmtn
z^a7gYugCk_@qX%G;M3Um>hOH#cM92DDA7K2*bD7oGUgpf=-R!EX8jg4q#s3pMc4HF
z4&gv*iXK2WqDedvP1>dL`ffBg{y-v~N$Ot{vi}D3Y<~z1<vcXBOJaQm)}g)*4e1Z@
zdckW$5}t!bA_t9BPjtY;(A_c`o!BNk1Gix@_y5Nf%=Z1!VjaVg+7x}EFBZW;XflpO
z50<&;S}sSQdmYV<jc88oL6_hty8Zq}L*M7RFo2Vo_x(Rj!L$5~PU+-ctbuN)B{%>-
zM@QVEa|mrVnj1rK0?tBr%lTcx+P6msaufR87&QA|z`OBtG{-t$&;B=L_fRnO)9@->
zjLzsN+Q4yiCKbAdnKwYU-<4=bBe6M7L1(@N-PZdsAC~SGj`Xr<{c?0dS9D|ln_O+V
za2@uK53I%V)YqXQ--CWG)7`@W3Svj<rLZavLf86H^tq?ekJ?;xfXmQa+K3Kd3;N#n
z?(Bc}>91UH#;G3Rfx_qr&qR~)e6-<mI0h@B&(Dc2LOXaFXW(jdm$bSe*dOiiA-oNj
z$NB}Co?-2;zz*E#k0#?PbQ|r*n=sug45UArjKk2SyBqCz3L1eK=u*zc#<&_Q<6-pq
zvwMe#WTCq$a~TC^ItXoOIC_BGg*G?^o$2G~iS;bn(2M92<)UZ#XV?j=+!%h8jzPEG
zF0`HUeL@aZN4IBFWP+LG8Va6VBQS3UXvk-y16mkeg0AHXyb3p?GcDFPY_BTl$LAsR
z8?g~R!1mz)Jc-w0ubaYi%kWC~|92GpWmEI!FtRJ6U9c|K2ck278f)PqG^9JR3LZxX
zTBcvv6<KJKb;MHG1-(BMZD$0U8xyb^{U^^;D27|m8SX|OJc4%gJNiP|{$U@tK$qlB
zG?e$C?>~x0ZVuMN#b~a4hWYVZEQ{ac9Lzr;ojlOHZ*K3tslw@e^)G3Vd+W`q6<6l(
PIpnUJbNTn155M()?&%;x

diff --git a/geonode/locale/de/LC_MESSAGES/django.po b/geonode/locale/de/LC_MESSAGES/django.po
index dd8cfaf6914..01910e54f14 100644
--- a/geonode/locale/de/LC_MESSAGES/django.po
+++ b/geonode/locale/de/LC_MESSAGES/django.po
@@ -342,7 +342,7 @@ msgid "edition"
 msgstr "Ausgabe"
 
 msgid "Attribution"
-msgstr "Zitation"
+msgstr "Attribution"
 
 msgid "DOI"
 msgstr "DOI"

From fb7ced3ea531624be94a520e8e9b1db4235c2fd6 Mon Sep 17 00:00:00 2001
From: ahmdthr <116570171+ahmdthr@users.noreply.github.com>
Date: Mon, 18 Dec 2023 10:40:09 +0100
Subject: [PATCH 312/330] Integrates PyCSW v3 to provide DataCite metadata
 format

Integrates pyCSW `v3` (as alpha) to provide DataCite download format on the backend.

Relates to PR Thuenen-GeoNode-Development/geonode-mapstore-client#27 which adds a button to download metadata as DataCite format.
---
 geonode/base/utils.py                              |  1 +
 geonode/catalogue/backends/generic.py              |  1 +
 geonode/catalogue/backends/pycsw_http.py           |  2 +-
 geonode/catalogue/backends/pycsw_local.py          |  2 +-
 geonode/catalogue/backends/pycsw_local_mappings.py | 10 +++++++++-
 geonode/settings.py                                |  1 +
 requirements.txt                                   |  2 +-
 setup.cfg                                          |  2 +-
 8 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/geonode/base/utils.py b/geonode/base/utils.py
index 0afee6192e1..e647c079d5c 100644
--- a/geonode/base/utils.py
+++ b/geonode/base/utils.py
@@ -60,6 +60,7 @@
     "KML",
     "KMZ",
     "Atom",
+    "DataCite",
     "DIF",
     "Dublin Core",
     "ebRIM",
diff --git a/geonode/catalogue/backends/generic.py b/geonode/catalogue/backends/generic.py
index 94eb2198ab2..4019b04c22e 100644
--- a/geonode/catalogue/backends/generic.py
+++ b/geonode/catalogue/backends/generic.py
@@ -34,6 +34,7 @@
 TIMEOUT = 10
 METADATA_FORMATS = {
     "Atom": ("atom:entry", "http://www.w3.org/2005/Atom"),
+    "DataCite": ("csw:Record", "http://datacite.org/schema/kernel-4"),
     "DIF": ("dif:DIF", "http://gcmd.gsfc.nasa.gov/Aboutus/xml/dif/"),
     "Dublin Core": ("csw:Record", "http://www.opengis.net/cat/csw/2.0.2"),
     "ebRIM": ("rim:RegistryObject", "urn:oasis:names:tc:ebxml-regrep:xsd:rim:3.0"),
diff --git a/geonode/catalogue/backends/pycsw_http.py b/geonode/catalogue/backends/pycsw_http.py
index 0058c41359c..4cd5305d0c2 100644
--- a/geonode/catalogue/backends/pycsw_http.py
+++ b/geonode/catalogue/backends/pycsw_http.py
@@ -26,4 +26,4 @@ class CatalogueBackend(GenericCatalogueBackend):
     def __init__(self, *args, **kwargs):
         """initialize pycsw HTTP CSW backend"""
         GenericCatalogueBackend.__init__(CatalogueBackend, self, *args, **kwargs)
-        self.catalogue.formats = ["Atom", "DIF", "Dublin Core", "ebRIM", "FGDC", "ISO"]
+        self.catalogue.formats = ["Atom", "DataCite", "DIF", "Dublin Core", "ebRIM", "FGDC", "ISO"]
diff --git a/geonode/catalogue/backends/pycsw_local.py b/geonode/catalogue/backends/pycsw_local.py
index 75c66e96498..4be10f9b633 100644
--- a/geonode/catalogue/backends/pycsw_local.py
+++ b/geonode/catalogue/backends/pycsw_local.py
@@ -65,7 +65,7 @@
 class CatalogueBackend(GenericCatalogueBackend):
     def __init__(self, *args, **kwargs):
         GenericCatalogueBackend.__init__(CatalogueBackend, self, *args, **kwargs)
-        self.catalogue.formats = ["Atom", "DIF", "Dublin Core", "ebRIM", "FGDC", "ISO"]
+        self.catalogue.formats = ["Atom", "DataCite", "DIF", "Dublin Core", "ebRIM", "FGDC", "ISO"]
         self.catalogue.local = True
 
     def remove_record(self, uuid):
diff --git a/geonode/catalogue/backends/pycsw_local_mappings.py b/geonode/catalogue/backends/pycsw_local_mappings.py
index 4ba4f7902ff..4818390a08b 100644
--- a/geonode/catalogue/backends/pycsw_local_mappings.py
+++ b/geonode/catalogue/backends/pycsw_local_mappings.py
@@ -30,6 +30,14 @@
         "pycsw:AnyText": "csw_anytext",
         "pycsw:Language": "language",
         "pycsw:Title": "title",
+        "pycsw:Edition": "edition",
+        "pycsw:Platform": "platform",
+        "pycsw:Instrument": "instrument",
+        "pycsw:SensorType": "sensortype",
+        "pycsw:CloudCover": "cloudcover",
+        "pycsw:Bands": "bands",
+        "pycsw:Themes": "themes",
+        "pycsw:Contacts": "contacts",
         "pycsw:Abstract": "raw_abstract",
         "pycsw:Keywords": "keyword_csv",
         "pycsw:KeywordType": "keywordstype",
@@ -77,6 +85,6 @@
         "pycsw:Publisher": "publisher",
         "pycsw:Contributor": "contributor",
         "pycsw:Relation": "relation",
-        "pycsw:Links": "download_links",
+        "pycsw:Links": "download_urls",
     },
 }
diff --git a/geonode/settings.py b/geonode/settings.py
index d408093575b..2c3f64d8c3e 100644
--- a/geonode/settings.py
+++ b/geonode/settings.py
@@ -1303,6 +1303,7 @@
 # Available download formats
 DOWNLOAD_FORMATS_METADATA = [
     "Atom",
+    "DataCite",
     "DIF",
     "Dublin Core",
     "ebRIM",
diff --git a/requirements.txt b/requirements.txt
index 0470468edb4..5ec4ba5f54a 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -55,7 +55,7 @@ pyjwt==2.7.0
 # geopython dependencies
 pyproj<3.6.0
 OWSLib==0.29.2
-pycsw==2.6.1
+-e git+https://github.com/geopython/pycsw.git@3.0.0-alpha5#egg=pycsw
 SQLAlchemy==2.0.15 # required by PyCSW
 Shapely==1.8.5.post1
 mercantile==1.2.1
diff --git a/setup.cfg b/setup.cfg
index f6d5f90abf2..c701c67c48e 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -81,7 +81,7 @@ install_requires =
     # geopython dependencies
     pyproj<3.6.0
     OWSLib==0.29.2
-    pycsw==2.6.1
+    pycsw @ git+https://github.com/geopython/pycsw.git@3.0.0-alpha5
     SQLAlchemy==2.0.15 # required by PyCSW
     Shapely==1.8.5.post1
     mercantile==1.2.1

From 785fbf86dad1e88a02513443e48576f06970ebfd Mon Sep 17 00:00:00 2001
From: Henning Bredel <881756+ridoo@users.noreply.github.com>
Date: Mon, 18 Dec 2023 12:16:48 +0100
Subject: [PATCH 313/330] Allows metadata upload with different UUID

Co-authored-by: ahmdthr <ahmad.tahir@pixida.de>
---
 geonode/layers/api/tests.py                   |  2 +-
 geonode/layers/api/views.py                   |  9 ++++-----
 .../datasets/dataset_metadata_upload.html     |  1 +
 geonode/layers/tests.py                       | 20 +++++++++----------
 geonode/layers/views.py                       | 11 +++++-----
 geonode/locale/en/LC_MESSAGES/django.po       |  3 +++
 geonode/static/geonode/js/upload/LayerInfo.js | 12 +++++++++--
 7 files changed, 35 insertions(+), 23 deletions(-)

diff --git a/geonode/layers/api/tests.py b/geonode/layers/api/tests.py
index 7361e5c744a..fd0e4adae3d 100644
--- a/geonode/layers/api/tests.py
+++ b/geonode/layers/api/tests.py
@@ -361,7 +361,7 @@ def test_valid_metadata_file_with_different_uuid(self):
         f = open(self.exml_path, "r")
         put_data = {"metadata_file": f}
         response = self.client.put(url, data=put_data)
-        self.assertEqual(500, response.status_code)
+        self.assertEqual(200, response.status_code)
 
     def test_permissions_for_not_permitted_user(self):
         get_user_model().objects.create_user(
diff --git a/geonode/layers/api/views.py b/geonode/layers/api/views.py
index 3ad985c7781..5c45fd8d509 100644
--- a/geonode/layers/api/views.py
+++ b/geonode/layers/api/views.py
@@ -141,17 +141,16 @@ def metadata(self, request, pk=None):
                 dataset_uuid, vals, regions, keywords, _ = parse_metadata(open(metadata_file).read())
             except Exception:
                 raise InvalidMetadataException(detail="Unsupported metadata format")
-            if dataset_uuid and dataset.uuid != dataset_uuid:
-                raise InvalidMetadataException(
-                    detail="The UUID identifier from the XML Metadata, is different from the one saved"
-                )
             try:
                 updated_dataset = update_resource(dataset, metadata_file, regions, keywords, vals)
                 updated_dataset.save()  # This also triggers the recreation of the XML metadata file according to the updated values
             except Exception:
                 raise GeneralDatasetException(detail="Failed to update metadata")
             out["success"] = True
-            out["message"] = ["Metadata successfully updated"]
+            out_message = "Metadata successfully updated"
+            if dataset_uuid and dataset.uuid != dataset_uuid:
+                out_message += " The UUID identifier from the XML Metadata is different from the one saved"
+            out["message"] = [out_message]
             return Response(out)
         except Exception as e:
             raise e
diff --git a/geonode/layers/templates/datasets/dataset_metadata_upload.html b/geonode/layers/templates/datasets/dataset_metadata_upload.html
index 6ef4d3d2e55..a5a0168e9ef 100644
--- a/geonode/layers/templates/datasets/dataset_metadata_upload.html
+++ b/geonode/layers/templates/datasets/dataset_metadata_upload.html
@@ -63,6 +63,7 @@ <h4>{% trans "Files to be uploaded" %}</h4>
     </section>
 
     <section>
+      <div class="btn-danger"><strong>{% trans "WARNING" %}: </strong>{% trans "This will most probably overwrite the current metadata!" %}</div>
       <a href="{% url "dataset_metadata_upload" resource.alternate %}" id="clear-button" class="btn btn-default">{% trans "Clear" %}</a>
       <a href="#" id="upload-button" class="btn btn-primary">{% trans "Upload files" %}</a>
     </section>
diff --git a/geonode/layers/tests.py b/geonode/layers/tests.py
index d7420fc2a84..70627226426 100644
--- a/geonode/layers/tests.py
+++ b/geonode/layers/tests.py
@@ -1003,9 +1003,10 @@ def test_xml_should_update_the_dataset_with_the_expected_values(self):
         prev_dataset = Dataset.objects.get(typename="geonode:single_point")
         self.assertEqual(0, prev_dataset.keywords.count())
         resp = self.client.post(reverse("dataset_upload"), params)
-        self.assertEqual(404, resp.status_code)
+        self.assertEqual(200, resp.status_code)
         self.assertEqual(
-            resp.json()["errors"], "The UUID identifier from the XML Metadata, is different from the one saved"
+            resp.json()["warning"],
+            "WARNING: The XML's UUID was ignored while updating this dataset's metadata because that UUID is already present in this system. The rest of the XML's metadata was applied.",
         )
 
     def test_sld_should_raise_500_if_is_invalid(self):
@@ -1053,10 +1054,10 @@ def test_sld_should_update_the_dataset_with_the_expected_values(self):
         self.assertIsNotNone(updated_dataset.styles.first())
         self.assertEqual(layer.styles.first().sld_title, updated_dataset.styles.first().sld_title)
 
-    def test_xml_should_raise_an_error_if_the_uuid_is_changed(self):
+    def test_xml_should_not_raise_an_error_if_the_uuid_is_changed(self):
         """
         If the UUID coming from the XML and the one saved in the DB are different
-        The system should raise an error
+        The system should not raise an error, instead it should simply update the values
         """
         params = {
             "permissions": '{ "users": {"AnonymousUser": ["view_resourcebase"]} , "groups":{}}',
@@ -1072,12 +1073,11 @@ def test_xml_should_raise_an_error_if_the_uuid_is_changed(self):
         prev_dataset = Dataset.objects.get(typename="geonode:single_point")
         self.assertEqual(0, prev_dataset.keywords.count())
         resp = self.client.post(reverse("dataset_upload"), params)
-        self.assertEqual(404, resp.status_code)
-        expected = {
-            "success": False,
-            "errors": "The UUID identifier from the XML Metadata, is different from the one saved",
-        }
-        self.assertDictEqual(expected, resp.json())
+        self.assertEqual(200, resp.status_code)
+        self.assertEqual(
+            resp.json()["warning"],
+            "WARNING: The XML's UUID was ignored while updating this dataset's metadata because that UUID is already present in this system. The rest of the XML's metadata was applied.",
+        )
 
     def test_will_raise_exception_for_replace_vector_dataset_with_raster(self):
         layer = Dataset.objects.get(name="single_point")
diff --git a/geonode/layers/views.py b/geonode/layers/views.py
index 609a7f0c839..5e385cee813 100644
--- a/geonode/layers/views.py
+++ b/geonode/layers/views.py
@@ -171,10 +171,6 @@ def dataset_upload_metadata(request):
         )
         if layer:
             dataset_uuid, vals, regions, keywords, _ = parse_metadata(open(base_file).read())
-            if dataset_uuid and layer.uuid != dataset_uuid:
-                out["success"] = False
-                out["errors"] = "The UUID identifier from the XML Metadata, is different from the one saved"
-                return HttpResponse(json.dumps(out), content_type="application/json", status=404)
             updated_dataset = update_resource(layer, base_file, regions, keywords, vals)
             updated_dataset.save()
             out["status"] = ["finished"]
@@ -186,9 +182,14 @@ def dataset_upload_metadata(request):
                 upload_session = updated_dataset.upload_session
                 upload_session.processed = True
                 upload_session.save()
-            status_code = 200
             out["success"] = True
+            status_code = 200
+            if dataset_uuid and layer.uuid != dataset_uuid:
+                out[
+                    "warning"
+                ] = "WARNING: The XML's UUID was ignored while updating this dataset's metadata because that UUID is already present in this system. The rest of the XML's metadata was applied."
             return HttpResponse(json.dumps(out), content_type="application/json", status=status_code)
+
         else:
             out["success"] = False
             out["errors"] = "Dataset selected does not exists"
diff --git a/geonode/locale/en/LC_MESSAGES/django.po b/geonode/locale/en/LC_MESSAGES/django.po
index d6ce030a65a..5a110507052 100644
--- a/geonode/locale/en/LC_MESSAGES/django.po
+++ b/geonode/locale/en/LC_MESSAGES/django.po
@@ -1168,6 +1168,9 @@ msgstr "Files to be uploaded"
 msgid "Is Upload Metadata XML Form"
 msgstr "Is Upload Metadata XML Form"
 
+msgid "This will most probably overwrite the current metadata!"
+msgstr "This will most probably overwrite the current metadata!"
+
 msgid "Upload files"
 msgstr "Upload files"
 
diff --git a/geonode/static/geonode/js/upload/LayerInfo.js b/geonode/static/geonode/js/upload/LayerInfo.js
index 4d4c4385172..574776a8977 100644
--- a/geonode/static/geonode/js/upload/LayerInfo.js
+++ b/geonode/static/geonode/js/upload/LayerInfo.js
@@ -458,7 +458,15 @@ define(function (require, exports) {
         } catch (err) {
             // pass
         }
-        var info_message = gettext('Your ' + resourceType +' was successfully created.');
+        var info_message = ''
+        var level = 'alert-success'
+        if (resp.warning){
+            info_message = resp.warning
+            level = 'alert-warning'
+        }
+        else{
+            info_message = gettext('Your ' + resourceType +' was successfully created.');
+        }
         var a = '<a href="' + resp.url + '" class="btn btn-success">' + gettext(resourceType.capitalize() + ' Info') + '</a>&nbsp;&nbsp;&nbsp;';
         if(resourceType == 'dataset') {
             // Only Layers have Metadata and SLD Upload features for the moment
@@ -474,7 +482,7 @@ define(function (require, exports) {
         }
         self.logStatus({
             msg: '<p>' + info_message + '<br/>' + msg_col + '<br/>' + a + '</p>',
-            level: 'alert-success',
+            level: level,
             empty: 'true'
         });
     };

From 2039eb7cd4d62adad954cbe89d237867ecd4e52f Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Tue, 9 Jan 2024 12:58:53 +0100
Subject: [PATCH 314/330] Don't quote JAVA_OPTS (#11807) (#11810)

(cherry picked from commit 8d2dfbf7f71f0a186016b3fd8ef1180a57b45925)

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 .env.sample | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.env.sample b/.env.sample
index 962f5a82258..afc97264bc3 100644
--- a/.env.sample
+++ b/.env.sample
@@ -101,7 +101,7 @@ OGC_REQUEST_POOL_CONNECTIONS=10
 # Java Options & Memory
 ENABLE_JSONP=true
 outFormat=text/javascript
-GEOSERVER_JAVA_OPTS='-Djava.awt.headless=true -Xms4G -Xmx4G -Dgwc.context.suffix=gwc -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=/var/log/jvm.log -XX:PerfDataSamplingInterval=500 -XX:SoftRefLRUPolicyMSPerMB=36000 -XX:-UseGCOverheadLimit -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -Duser.timezone=GMT -Dorg.geotools.shapefile.datetime=false -DGS-SHAPEFILE-CHARSET=UTF-8 -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL={geoserver_ui}/geoserver/pdf -DALLOW_ENV_PARAMETRIZATION=true -Xbootclasspath/a:/usr/local/tomcat/webapps/geoserver/WEB-INF/lib/marlin-0.9.3-Unsafe.jar -Dsun.java2d.renderer=org.marlin.pisces.MarlinRenderingEngine'
+GEOSERVER_JAVA_OPTS=-Djava.awt.headless=true -Xms4G -Xmx4G -Dgwc.context.suffix=gwc -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=/var/log/jvm.log -XX:PerfDataSamplingInterval=500 -XX:SoftRefLRUPolicyMSPerMB=36000 -XX:-UseGCOverheadLimit -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -Duser.timezone=GMT -Dorg.geotools.shapefile.datetime=false -DGS-SHAPEFILE-CHARSET=UTF-8 -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL={geoserver_ui}/geoserver/pdf -DALLOW_ENV_PARAMETRIZATION=true -Xbootclasspath/a:/usr/local/tomcat/webapps/geoserver/WEB-INF/lib/marlin-0.9.3-Unsafe.jar -Dsun.java2d.renderer=org.marlin.pisces.MarlinRenderingEngine
 
 # #################
 # Security

From b4e8838ecc75fbb297d9ce175b5c7ffc31ced621 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Tue, 9 Jan 2024 16:19:59 +0100
Subject: [PATCH 315/330] Fix template variable for print base url (#11813)

---
 .env.sample | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.env.sample b/.env.sample
index afc97264bc3..6e5dd10da9d 100644
--- a/.env.sample
+++ b/.env.sample
@@ -101,7 +101,7 @@ OGC_REQUEST_POOL_CONNECTIONS=10
 # Java Options & Memory
 ENABLE_JSONP=true
 outFormat=text/javascript
-GEOSERVER_JAVA_OPTS=-Djava.awt.headless=true -Xms4G -Xmx4G -Dgwc.context.suffix=gwc -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=/var/log/jvm.log -XX:PerfDataSamplingInterval=500 -XX:SoftRefLRUPolicyMSPerMB=36000 -XX:-UseGCOverheadLimit -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -Duser.timezone=GMT -Dorg.geotools.shapefile.datetime=false -DGS-SHAPEFILE-CHARSET=UTF-8 -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL={geoserver_ui}/geoserver/pdf -DALLOW_ENV_PARAMETRIZATION=true -Xbootclasspath/a:/usr/local/tomcat/webapps/geoserver/WEB-INF/lib/marlin-0.9.3-Unsafe.jar -Dsun.java2d.renderer=org.marlin.pisces.MarlinRenderingEngine
+GEOSERVER_JAVA_OPTS=-Djava.awt.headless=true -Xms4G -Xmx4G -Dgwc.context.suffix=gwc -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=/var/log/jvm.log -XX:PerfDataSamplingInterval=500 -XX:SoftRefLRUPolicyMSPerMB=36000 -XX:-UseGCOverheadLimit -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -Duser.timezone=GMT -Dorg.geotools.shapefile.datetime=false -DGS-SHAPEFILE-CHARSET=UTF-8 -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL={siteurl}/geoserver/pdf -DALLOW_ENV_PARAMETRIZATION=true -Xbootclasspath/a:/usr/local/tomcat/webapps/geoserver/WEB-INF/lib/marlin-0.9.3-Unsafe.jar -Dsun.java2d.renderer=org.marlin.pisces.MarlinRenderingEngine
 
 # #################
 # Security

From aadf0979cb3f85fd25c315caa74dfef2ced1d67c Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed, 10 Jan 2024 11:34:19 +0100
Subject: [PATCH 316/330] [Fixes #11817] Drop Nginx and Letsencrypt Dockerfiles
 (#11818) (#11820)

* Drop Nginx and Letsencrypt Dockerfiles

* align compose files

* algin compose filew (2)

(cherry picked from commit 535f08cb5d2385b6e6d0aa0e314998a723f896ba)

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 docker-compose-dev.yml                        |   9 +-
 docker-compose-geoserver-server.yml           |   4 +-
 docker-compose-test.yml                       |  10 +-
 docker-compose.yml                            |  10 +-
 scripts/docker/letsencrypt/Dockerfile         |  18 ---
 scripts/docker/letsencrypt/README.md          |  15 --
 scripts/docker/letsencrypt/crontab            |   8 --
 .../docker/letsencrypt/docker-entrypoint.sh   |  52 -------
 scripts/docker/nginx/Dockerfile               |  18 ---
 scripts/docker/nginx/docker-autoreload.sh     |  37 -----
 scripts/docker/nginx/docker-entrypoint.sh     |  67 ---------
 scripts/docker/nginx/geonode.conf.envsubst    | 134 ------------------
 scripts/docker/nginx/nginx.conf.envsubst      |  39 -----
 .../nginx/nginx.https.available.conf.envsubst |  37 -----
 14 files changed, 14 insertions(+), 444 deletions(-)
 delete mode 100644 scripts/docker/letsencrypt/Dockerfile
 delete mode 100644 scripts/docker/letsencrypt/README.md
 delete mode 100644 scripts/docker/letsencrypt/crontab
 delete mode 100644 scripts/docker/letsencrypt/docker-entrypoint.sh
 delete mode 100644 scripts/docker/nginx/Dockerfile
 delete mode 100644 scripts/docker/nginx/docker-autoreload.sh
 delete mode 100644 scripts/docker/nginx/docker-entrypoint.sh
 delete mode 100644 scripts/docker/nginx/geonode.conf.envsubst
 delete mode 100644 scripts/docker/nginx/nginx.conf.envsubst
 delete mode 100644 scripts/docker/nginx/nginx.https.available.conf.envsubst

diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml
index 0ac801a9621..7c21d3ec374 100644
--- a/docker-compose-dev.yml
+++ b/docker-compose-dev.yml
@@ -52,7 +52,7 @@ services:
 
   # Nginx is serving django static and media files and proxies to django and geonode
   geonode:
-    image: geonode/nginx:1.25.1
+    image: geonode/nginx:latest
     build: ./scripts/docker/nginx/
     container_name: nginx4${COMPOSE_PROJECT_NAME}
     env_file:
@@ -71,7 +71,6 @@ services:
   # Gets and installs letsencrypt certificates
   letsencrypt:
     image: geonode/letsencrypt:latest
-    build: ./scripts/docker/letsencrypt/
     container_name: letsencrypt4${COMPOSE_PROJECT_NAME}
     env_file:
       - .env
@@ -81,7 +80,7 @@ services:
 
   # Geoserver backend
   geoserver:
-    image: geonode/geoserver:2.23.0
+    image: geonode/geoserver:latest
     container_name: geoserver4${COMPOSE_PROJECT_NAME}
     healthcheck:
       test: "curl -m 10 --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://geoserver:8080/geoserver/ows"
@@ -107,7 +106,7 @@ services:
         condition: service_healthy
 
   data-dir-conf:
-    image: geonode/geoserver_data:2.23.0
+    image: geonode/geoserver_data:latest
     container_name: gsconf4${COMPOSE_PROJECT_NAME}
     entrypoint: sleep infinity
     volumes:
@@ -119,7 +118,7 @@ services:
   # PostGIS database.
   db:
     # use geonode official postgis 15 image
-    image: geonode/postgis:15
+    image: geonode/postgis:latest
     command: postgres -c "max_connections=${POSTGRESQL_MAX_CONNECTIONS}"
     container_name: db4${COMPOSE_PROJECT_NAME}
     env_file:
diff --git a/docker-compose-geoserver-server.yml b/docker-compose-geoserver-server.yml
index 10785a5794a..5a83f79b7c7 100644
--- a/docker-compose-geoserver-server.yml
+++ b/docker-compose-geoserver-server.yml
@@ -2,7 +2,7 @@ version: '2.2'
 services:
 
   data-dir-conf:
-    image: geonode/geoserver_data:2.23.0
+    image: geonode/geoserver_data:latest
     restart: on-failure
     container_name: gsconf4${COMPOSE_PROJECT_NAME}
     labels:
@@ -13,7 +13,7 @@ services:
       - geoserver-data-dir:/geoserver_data/data
 
   geoserver:
-    image: geonode/geoserver:2.23.0
+    image: geonode/geoserver:latest
     restart: unless-stopped
     container_name: geoserver4${COMPOSE_PROJECT_NAME}
     stdin_open: true
diff --git a/docker-compose-test.yml b/docker-compose-test.yml
index 9bd764f8da3..22ac6dd0093 100644
--- a/docker-compose-test.yml
+++ b/docker-compose-test.yml
@@ -52,8 +52,7 @@ services:
 
   # Nginx is serving django static and media files and proxies to django and geonode
   geonode:
-    image: geonode/nginx:1.25.1
-    build: ./scripts/docker/nginx/
+    image: geonode/nginx:latest
     container_name: nginx4${COMPOSE_PROJECT_NAME}
     env_file:
       - .env_test
@@ -84,7 +83,6 @@ services:
   # Gets and installs letsencrypt certificates
   letsencrypt:
     image: geonode/letsencrypt:latest
-    build: ./scripts/docker/letsencrypt/
     container_name: letsencrypt4${COMPOSE_PROJECT_NAME}
     env_file:
       - .env_test
@@ -94,7 +92,7 @@ services:
 
   # Geoserver backend
   geoserver:
-    image: geonode/geoserver:2.23.0
+    image: geonode/geoserver:latest
     container_name: geoserver4${COMPOSE_PROJECT_NAME}
     healthcheck:
       test: "curl -m 10 --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://geoserver:8080/geoserver/ows"
@@ -120,7 +118,7 @@ services:
         condition: service_healthy
 
   data-dir-conf:
-    image: geonode/geoserver_data:2.23.0
+    image: geonode/geoserver_data:latest
     container_name: gsconf4${COMPOSE_PROJECT_NAME}
     entrypoint: sleep infinity
     volumes:
@@ -132,7 +130,7 @@ services:
   # PostGIS database.
   db:
     # use geonode official postgis 15 image
-    image: geonode/postgis:15
+    image: geonode/postgis:latest
     command: postgres -c "max_connections=${POSTGRESQL_MAX_CONNECTIONS}"
     container_name: db4${COMPOSE_PROJECT_NAME}
     env_file:
diff --git a/docker-compose.yml b/docker-compose.yml
index 7cc150f129c..61b85d10503 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -61,8 +61,7 @@ services:
 
   # Nginx is serving django static and media files and proxies to django and geonode
   geonode:
-    image: geonode/nginx:1.25.1
-    build: ./scripts/docker/nginx/
+    image: geonode/nginx:latest
     container_name: nginx4${COMPOSE_PROJECT_NAME}
     env_file:
       - .env
@@ -80,7 +79,6 @@ services:
   # Gets and installs letsencrypt certificates
   letsencrypt:
     image: geonode/letsencrypt:latest
-    build: ./scripts/docker/letsencrypt/
     container_name: letsencrypt4${COMPOSE_PROJECT_NAME}
     env_file:
       - .env
@@ -90,7 +88,7 @@ services:
 
   # Geoserver backend
   geoserver:
-    image: geonode/geoserver:2.23.0
+    image: geonode/geoserver:latest
     container_name: geoserver4${COMPOSE_PROJECT_NAME}
     healthcheck:
       test: "curl -m 10 --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://geoserver:8080/geoserver/ows"
@@ -116,7 +114,7 @@ services:
         condition: service_healthy
 
   data-dir-conf:
-    image: geonode/geoserver_data:2.23.0
+    image: geonode/geoserver_data:latest
     container_name: gsconf4${COMPOSE_PROJECT_NAME}
     entrypoint: sleep infinity
     volumes:
@@ -128,7 +126,7 @@ services:
   # PostGIS database.
   db:
     # use geonode official postgis 15 image
-    image: geonode/postgis:15
+    image: geonode/postgis:latest
     command: postgres -c "max_connections=${POSTGRESQL_MAX_CONNECTIONS}"
     container_name: db4${COMPOSE_PROJECT_NAME}
     env_file:
diff --git a/scripts/docker/letsencrypt/Dockerfile b/scripts/docker/letsencrypt/Dockerfile
deleted file mode 100644
index 1480342e8f1..00000000000
--- a/scripts/docker/letsencrypt/Dockerfile
+++ /dev/null
@@ -1,18 +0,0 @@
-FROM alpine:latest
-
-RUN apk add --no-cache certbot 
-
-# Installing scripts
-ADD docker-entrypoint.sh /docker-entrypoint.sh
-RUN chmod +x /docker-entrypoint.sh
-
-# Installing cronjobs
-ADD crontab /crontab
-RUN /usr/bin/crontab /crontab && \
-    rm /crontab
-
-# Setup the entrypoint
-ENTRYPOINT ["./docker-entrypoint.sh"]
-
-# We run cron in foreground to update the certificates
-CMD /usr/sbin/crond -f
diff --git a/scripts/docker/letsencrypt/README.md b/scripts/docker/letsencrypt/README.md
deleted file mode 100644
index d6b1ec2247e..00000000000
--- a/scripts/docker/letsencrypt/README.md
+++ /dev/null
@@ -1,15 +0,0 @@
-# Letsencrypt service for Geonode
-
-This service generates SSL certificates to be used by Nginx.
-
-## Let's Encrypt
-
-Upon startup, it generates one SSL certificate from Let's Encrypt using Certbot. It then starts cron (in foreground) to renew the certificates using Certbot renew.
-
-If for some reason getting the certificate fails, a placeholder certificate is generated. This certificate is invalid, but still allows to encrypt the data and to start the webserver.
-
-To avoid hitting Let's Encrypt very low rate limits when developping or doing tests, LETSENCRYPT_MODE env var can be set to "disabled" (which will completely bypass Let'sEncrypt, simulating a failure) or to "staging" (using Let'sEncrypt test certificates with higher rates).
-
-## Autoissued
-
-An auto-issued certificate is also generate to be used on the LAN if needed. It is also renewed every now and then using the same cron process than above.
diff --git a/scripts/docker/letsencrypt/crontab b/scripts/docker/letsencrypt/crontab
deleted file mode 100644
index 7ea7203b8f8..00000000000
--- a/scripts/docker/letsencrypt/crontab
+++ /dev/null
@@ -1,8 +0,0 @@
-# +------------- minute (0 - 59)
-# ¦     +------------- hour (0 - 23)
-# ¦     ¦     +------------- day of month (1 - 31)
-# ¦     ¦     ¦     +------------- month (1 - 12)
-# ¦     ¦     ¦     ¦     +------------- day of week (0 - 6) (Sunday to Saturday; 7 is also Sunday on some systems)
-# ¦     ¦     ¦     ¦     ¦
-
-  0     0,12  *     *     *     date && echo "daily  " && /docker-entrypoint.sh
diff --git a/scripts/docker/letsencrypt/docker-entrypoint.sh b/scripts/docker/letsencrypt/docker-entrypoint.sh
deleted file mode 100644
index d1c4541b075..00000000000
--- a/scripts/docker/letsencrypt/docker-entrypoint.sh
+++ /dev/null
@@ -1,52 +0,0 @@
-#!/bin/sh
-
-# Exit script in case of error
-set -e
-
-echo $"\n\n\n"
-echo "-----------------------------------------------------"
-echo "STARTING LETSENCRYPT ENTRYPOINT ---------------------"
-date
-
-# We make the config dir
-mkdir -p "/geonode-certificates/$LETSENCRYPT_MODE"
-
-# Do not exit script in case of error
-set +e
-
-# We run the command
-if [ "$LETSENCRYPT_MODE" == "staging" ]; then
-    printf "\nTrying to get STAGING certificate\n"
-    certbot --config-dir "/geonode-certificates/$LETSENCRYPT_MODE" certonly --webroot -w "/geonode-certificates" -d "$HTTPS_HOST" -m "$ADMIN_EMAIL" --agree-tos --non-interactive --test-cert
-elif [ "$LETSENCRYPT_MODE" == "production" ]; then
-    printf "\nTrying to get PRODUCTION certificate\n"
-    certbot --config-dir "/geonode-certificates/$LETSENCRYPT_MODE" certonly --webroot -w "/geonode-certificates" -d "$HTTPS_HOST" -m "$ADMIN_EMAIL" --agree-tos --non-interactive --server https://acme-v02.api.letsencrypt.org/directory
-elif [ "$LETSENCRYPT_MODE" == "disabled" ]; then
-    printf "\nNot trying to get certificate (because LETSENCRYPT_MODE variable is set to disabled) - and stop container\n"
-    exit 0
-else
-    printf "\nNot trying to get certificate (simulating failure, because LETSENCRYPT_MODE variable was neither staging nor production\n"
-    /bin/false
-fi
-
-# If the certbot comand failed, we will create a placeholder certificate
-if [ ! $? -eq 0 ]; then
-    # Exit script in case of error
-    set -e
-
-    printf "\nFailed to get the certificates !\n"
-
-    printf "\nWaiting 30s to avoid hitting Letsencrypt rate limits before it's even possible to react\n"
-    sleep 30
-
-    exit 1
-fi
-
-printf "\nCertificate have been created/renewed successfully\n"
-
-echo "-----------------------------------------------------"
-echo "FINISHED LETSENCRYPT ENTRYPOINT ---------------------"
-echo "-----------------------------------------------------"
-
-# Run the CMD
-exec "$@"
diff --git a/scripts/docker/nginx/Dockerfile b/scripts/docker/nginx/Dockerfile
deleted file mode 100644
index 9b0fe5b4f30..00000000000
--- a/scripts/docker/nginx/Dockerfile
+++ /dev/null
@@ -1,18 +0,0 @@
-FROM nginx:1.25.3-alpine
-
-RUN apk add --no-cache openssl inotify-tools vim
-
-WORKDIR /etc/nginx/
-
-RUN mkdir -p /etc/nginx/html
-RUN touch /etc/nginx/html/index.html
-
-ADD nginx.conf.envsubst nginx.https.available.conf.envsubst ./
-ADD geonode.conf.envsubst ./sites-enabled/
-
-ADD docker-autoreload.sh docker-entrypoint.sh /
-ENTRYPOINT ["/docker-entrypoint.sh"]
-RUN chmod +x /docker-autoreload.sh
-RUN chmod +x /docker-entrypoint.sh
-
-CMD ["nginx", "-g", "daemon off;"]
diff --git a/scripts/docker/nginx/docker-autoreload.sh b/scripts/docker/nginx/docker-autoreload.sh
deleted file mode 100644
index 812cc76d723..00000000000
--- a/scripts/docker/nginx/docker-autoreload.sh
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/bin/sh
-
-# This will watch the /geonode-certificates folder and run nginx -s reload whenever there are some changes.
-# We use this to reload nginx config when certificates changed.
-
-# inspired/copied from https://github.com/kubernetes/kubernetes/blob/master/examples/https-nginx/auto-reload-nginx.sh
-
-while true
-do
-        inotifywait -e create -e modify -e delete -e move -r --exclude "\\.certbot\\.lock|\\.well-known" "/geonode-certificates/$LETSENCRYPT_MODE"
-        echo "Changes noticed in /geonode-certificates"
-
-        echo "Waiting 5s for additionnal changes"
-        sleep 5
-
-        echo "Creating symbolic link for WAN host"
-        # for some reason, the ln -f flag doesn't work below...
-        rm -f /certificate_symlink
-        if [ -f "/geonode-certificates/$LETSENCRYPT_MODE/live/$HTTPS_HOST/fullchain.pem" ] && [ -f "/geonode-certificates/$LETSENCRYPT_MODE/live/$HTTPS_HOST/privkey.pem" ]; then
-                echo "Certbot certificate exists, we symlink to the live cert"
-                ln -sf "/geonode-certificates/$LETSENCRYPT_MODE/live/$HTTPS_HOST" /certificate_symlink
-        else
-                echo "Certbot certificate does not exist, we symlink to autoissued"
-                ln -sf "/geonode-certificates/autoissued" /certificate_symlink
-        fi
-
-        # Test nginx configuration
-        nginx -t
-        # If it passes, we reload
-        if [ $? -eq 0 ]
-        then
-                echo "Configuration valid, we reload..."
-                nginx -s reload
-        else
-                echo "Configuration not valid, we do not reload."
-        fi
-done
diff --git a/scripts/docker/nginx/docker-entrypoint.sh b/scripts/docker/nginx/docker-entrypoint.sh
deleted file mode 100644
index e6bec7a1db2..00000000000
--- a/scripts/docker/nginx/docker-entrypoint.sh
+++ /dev/null
@@ -1,67 +0,0 @@
-#!/bin/sh
-
-# Exit script in case of error
-set -e
-
-echo $"\n\n\n"
-echo "-----------------------------------------------------"
-echo "STARTING NGINX ENTRYPOINT ---------------------------"
-date
-
-# We make the config dir
-mkdir -p "/geonode-certificates/$LETSENCRYPT_MODE"
-
-echo "Creating autoissued certificates for HTTP host"
-if [ ! -f "/geonode-certificates/autoissued/privkey.pem" ] || [[ $(find /geonode-certificates/autoissued/privkey.pem -mtime +365 -print) ]]; then
-        echo "Autoissued certificate does not exist or is too old, we generate one"
-        mkdir -p "/geonode-certificates/autoissued/"
-        openssl req -x509 -nodes -days 1825 -newkey rsa:2048 -keyout "/geonode-certificates/autoissued/privkey.pem" -out "/geonode-certificates/autoissued/fullchain.pem" -subj "/CN=${HTTP_HOST:-HTTPS_HOST}" 
-else
-        echo "Autoissued certificate already exists"
-fi
-
-echo "Creating symbolic link for HTTPS certificate"
-# for some reason, the ln -f flag doesn't work below...
-# TODO : not DRY (reuse same scripts as docker-autoreload.sh)
-rm -f /certificate_symlink
-if [ -f "/geonode-certificates/$LETSENCRYPT_MODE/live/$HTTPS_HOST/fullchain.pem" ] && [ -f "/geonode-certificates/$LETSENCRYPT_MODE/live/$HTTPS_HOST/privkey.pem" ]; then
-        echo "Certbot certificate exists, we symlink to the live cert"
-        ln -sf "/geonode-certificates/$LETSENCRYPT_MODE/live/$HTTPS_HOST" /certificate_symlink
-else
-        echo "Certbot certificate does not exist, we symlink to autoissued"
-        ln -sf "/geonode-certificates/autoissued" /certificate_symlink
-fi
-
-if [ -z "${HTTPS_HOST}" ]; then
-        HTTP_SCHEME="http"
-else
-        HTTP_SCHEME="https"
-fi
-
-export HTTP_SCHEME=${HTTP_SCHEME:-http}
-export GEONODE_LB_HOST_IP=${GEONODE_LB_HOST_IP:-django}
-export GEONODE_LB_PORT=${GEONODE_LB_PORT:-8000}
-export GEOSERVER_LB_HOST_IP=${GEOSERVER_LB_HOST_IP:-geoserver}
-export GEOSERVER_LB_PORT=${GEOSERVER_LB_PORT:-8080}
-
-echo "Replacing environement variables"
-envsubst '\$HTTP_HOST \$HTTPS_HOST \$HTTP_SCHEME \$GEONODE_LB_HOST_IP \$GEONODE_LB_PORT \$GEOSERVER_LB_HOST_IP \$GEOSERVER_LB_PORT \$RESOLVER' < /etc/nginx/nginx.conf.envsubst > /etc/nginx/nginx.conf
-envsubst '\$HTTP_HOST \$HTTPS_HOST \$HTTP_SCHEME \$GEONODE_LB_HOST_IP \$GEONODE_LB_PORT \$GEOSERVER_LB_HOST_IP \$GEOSERVER_LB_PORT \$RESOLVER' < /etc/nginx/nginx.https.available.conf.envsubst > /etc/nginx/nginx.https.available.conf
-envsubst '\$HTTP_HOST \$HTTPS_HOST \$HTTP_SCHEME \$GEONODE_LB_HOST_IP \$GEONODE_LB_PORT \$GEOSERVER_LB_HOST_IP \$GEOSERVER_LB_PORT' < /etc/nginx/sites-enabled/geonode.conf.envsubst > /etc/nginx/sites-enabled/geonode.conf
-
-echo "Enabling or not https configuration"
-if [ -z "${HTTPS_HOST}" ]; then
-        echo "" > /etc/nginx/nginx.https.enabled.conf
-else
-        ln -sf /etc/nginx/nginx.https.available.conf /etc/nginx/nginx.https.enabled.conf
-fi
-
-echo "Loading nginx autoreloader"
-sh /docker-autoreload.sh &
-
-echo "-----------------------------------------------------"
-echo "FINISHED NGINX ENTRYPOINT ---------------------------"
-echo "-----------------------------------------------------"
-
-# Run the CMD 
-exec "$@"
diff --git a/scripts/docker/nginx/geonode.conf.envsubst b/scripts/docker/nginx/geonode.conf.envsubst
deleted file mode 100644
index 1176ce2cc2b..00000000000
--- a/scripts/docker/nginx/geonode.conf.envsubst
+++ /dev/null
@@ -1,134 +0,0 @@
-include /etc/nginx/mime.types;
-
-# This is the main geonode conf
-charset     utf-8;
-
-# max upload size
-client_max_body_size 100G;
-client_body_buffer_size 256K;
-client_body_timeout 600s;
-large_client_header_buffers 4 64k;
-
-proxy_connect_timeout       600;
-proxy_send_timeout          600;
-proxy_read_timeout          600;
-uwsgi_read_timeout          600;
-send_timeout                600;
-
-fastcgi_hide_header Set-Cookie;
-
-etag on;
-
-# compression
-gzip on;
-gzip_vary on;
-gzip_proxied any;
-gzip_http_version 1.1;
-gzip_disable "MSIE [1-6]\.";
-gzip_buffers 16 8k;
-gzip_min_length 1100;
-gzip_comp_level 6;
-gzip_types
-        text/css
-        text/javascript
-        text/xml
-        text/plain
-        application/xml
-        application/xml+rss
-        application/javascript
-        application/x-javascript
-        application/json;
-
-# GeoServer
-location /geoserver {
-  # Using a variable is a trick to let Nginx start even if upstream host is not up yet
-  # (see https://sandro-keil.de/blog/2017/07/24/let-nginx-start-if-upstream-host-is-unavailable-or-down/)
-  set $upstream $GEOSERVER_LB_HOST_IP:$GEOSERVER_LB_PORT;
-
-  proxy_set_header X-Forwarded-Host $host;
-  proxy_set_header X-Forwarded-Server $host;
-  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-  proxy_set_header X-Real-IP $remote_addr;
-  proxy_set_header X-Forwarded-Proto $HTTP_SCHEME;
-  proxy_set_header Upgrade $http_upgrade;
-  proxy_set_header Connection "upgrade";
-  proxy_hide_header X-Frame-Options;
-  proxy_pass http://$upstream;
-  proxy_http_version 1.1;
-  proxy_redirect http://$upstream $HTTP_SCHEME://$HTTP_HOST;
-  proxy_request_buffering  off;
-  client_max_body_size 0;
-}
-
-# GeoNode
-location /static/ {
-  alias /mnt/volumes/statics/static/;
-
-  location ~* \.(?:html|js|jpg|jpeg|gif|png|css|tgz|gz|rar|bz2|doc|pdf|ppt|tar|wav|bmp|ttf|rtf|swf|ico|flv|txt|woff|woff2|svg|xml)$ {
-      gzip_static always;
-      expires 30d;
-      access_log off;
-      add_header Pragma "public";
-      add_header Cache-Control "max-age=31536000, public";
-  }
-}
-
-location /uploaded/ {
-  alias /mnt/volumes/statics/uploaded/;
-
-  location ~* \.(?:html|js|jpg|jpeg|gif|png|css|tgz|gz|rar|bz2|doc|pdf|ppt|tar|wav|bmp|ttf|rtf|swf|ico|flv|txt|woff|woff2|svg|xml)$ {
-      gzip_static always;
-      expires 30d;
-      access_log off;
-      add_header Pragma "public";
-      add_header Cache-Control "max-age=31536000, public";
-  }
-}
-
-location / {
-  # Using a variable is a trick to let Nginx start even if upstream host is not up yet
-  # (see https://sandro-keil.de/blog/2017/07/24/let-nginx-start-if-upstream-host-is-unavailable-or-down/)
-  set $upstream $GEONODE_LB_HOST_IP:$GEONODE_LB_PORT;
-
-  if ($request_method = OPTIONS) {
-      add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, OPTIONS";
-      add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept";
-      add_header Access-Control-Allow-Credentials true;
-      add_header Content-Length 0;
-      add_header Content-Type text/plain;
-      add_header Access-Control-Max-Age 1728000;
-      return 200;
-  }
-
-  add_header Access-Control-Allow-Credentials false;
-  add_header Access-Control-Allow-Headers "Content-Type, Accept, Authorization, Origin, User-Agent";
-  add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, OPTIONS";
-  
-  proxy_redirect              off;
-  proxy_set_header            Host $host;
-  proxy_set_header            Origin $HTTP_SCHEME://$host;
-  proxy_set_header            X-Real-IP $remote_addr;
-  proxy_set_header            X-Forwarded-Host $server_name;
-  proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
-  proxy_set_header            X-Forwarded-Proto $HTTP_SCHEME;
-  proxy_hide_header           X-Frame-Options;
-  proxy_request_buffering     off;
-
-  # uwsgi_params
-  include /etc/nginx/uwsgi_params;
-
-  proxy_pass http://$upstream;
-  # uwsgi_pass $upstream;
-
-  # when a client closes the connection then keep the channel to uwsgi open. Otherwise uwsgi throws an IOError
-  uwsgi_ignore_client_abort on;
-  uwsgi_request_buffering off;
-
-  location ~* \.(?:js|jpg|jpeg|gif|png|tgz|gz|rar|bz2|doc|pdf|ppt|tar|wav|bmp|ttf|rtf|swf|ico|flv|woff|woff2|svg|xml)$ {
-      gzip_static always;
-      expires 30d;
-      access_log off;
-      add_header Pragma "public";
-      add_header Cache-Control "max-age=31536000, public";
-  }
-}
diff --git a/scripts/docker/nginx/nginx.conf.envsubst b/scripts/docker/nginx/nginx.conf.envsubst
deleted file mode 100644
index b6065209d51..00000000000
--- a/scripts/docker/nginx/nginx.conf.envsubst
+++ /dev/null
@@ -1,39 +0,0 @@
-# NOTE : $VARIABLES are env variables replaced by entrypoint.sh using envsubst
-# not to be mistaken for nginx variables (also starting with $, but usually lowercase)
-
-worker_processes auto;
-
-events {
-
-}
-
-http {
-    server_names_hash_bucket_size  64;
-
-    # Allow Nginx to resolve Docker host names (see https://sandro-keil.de/blog/2017/07/24/let-nginx-start-if-upstream-host-is-unavailable-or-down/)
-    resolver $RESOLVER; # it seems rancher uses 169.254.169.250 instead of 127.0.0.11 which works well in docker-compose (see /etc/resolv.conf)
-
-    # https - listens on specific name - this uses letsencrypt cert
-    # this includes a symlink that links either to nginx.https.available.conf if https in enabled
-    # or to an empty file if https is disabled.
-    include nginx.https.enabled.conf;
-
-    # http - listens to specific HTTP_HOST only - this is not encrypted (not ideal but admissible on LAN for instance)
-    # even if not used (HTTP_HOST empty), we must keep it as it's used for internal API calls between django and geoserver
-    # TODO : do not use unencrypted connection even on LAN, but is it possible to have browser not complaining about unknown authority ?
-    server {
-        listen              80;
-        server_name         $HTTP_HOST 127.0.0.1;
-
-        include sites-enabled/*.conf;
-    }
-
-    # Default server closes the connection (we can connect only using HTTP_HOST and HTTPS_HOST)
-    server {
-        listen          80 default_server;
-        listen          443;
-        server_name     _;
-        return          444;
-    }
-
-}
diff --git a/scripts/docker/nginx/nginx.https.available.conf.envsubst b/scripts/docker/nginx/nginx.https.available.conf.envsubst
deleted file mode 100644
index fcd1cb34367..00000000000
--- a/scripts/docker/nginx/nginx.https.available.conf.envsubst
+++ /dev/null
@@ -1,37 +0,0 @@
-# NOTE : $VARIABLES are env variables replaced by entrypoint.sh using envsubst
-# not to be mistaken for nginx variables (also starting with $, but usually lowercase)
-
-# This file is to be included in the main nginx.conf configuration if HTTPS_HOST is set
-ssl_session_cache   shared:SSL:10m;
-ssl_session_timeout 10m;
-
-# this is the actual HTTPS host
-server {
-    listen              443 ssl;
-    server_name         $HTTPS_HOST;
-    keepalive_timeout   70;
-
-    ssl_certificate     /certificate_symlink/fullchain.pem;
-    ssl_certificate_key /certificate_symlink/privkey.pem;
-    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers         HIGH:!aNULL:!MD5;
-
-    include sites-enabled/*.conf;
-}
-
-# if we try to connect from http, we redirect to https
-server {
-    listen 80;
-    server_name $HTTPS_HOST $HTTP_HOST; # TODO : once geoserver supports relative urls, we should allow access though both HTTP and HTTPS at the same time and hence remove HTTP_HOST from this line
-    
-    # Except for let's encrypt challenge
-    location /.well-known {
-        alias /geonode-certificates/.well-known;
-        include  /etc/nginx/mime.types;
-    }
-
-    # Redirect to https
-    location / {
-       return 302 https://$HTTPS_HOST$request_uri; # TODO : we should use 301 (permanent redirect, but not practical for debug)
-    }
-}

From 7b99387f0ef3a5528e8e418fedaebe0a56a0ecf4 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Wed, 10 Jan 2024 16:10:26 +0100
Subject: [PATCH 317/330] Update Docker tags for 4.2.x (#11824)

---
 docker-compose.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 61b85d10503..e11bf319688 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -61,7 +61,7 @@ services:
 
   # Nginx is serving django static and media files and proxies to django and geonode
   geonode:
-    image: geonode/nginx:latest
+    image: geonode/nginx:1.25.3-v1
     container_name: nginx4${COMPOSE_PROJECT_NAME}
     env_file:
       - .env
@@ -78,7 +78,7 @@ services:
 
   # Gets and installs letsencrypt certificates
   letsencrypt:
-    image: geonode/letsencrypt:latest
+    image: geonode/letsencrypt:2.6.0-v1
     container_name: letsencrypt4${COMPOSE_PROJECT_NAME}
     env_file:
       - .env
@@ -88,7 +88,7 @@ services:
 
   # Geoserver backend
   geoserver:
-    image: geonode/geoserver:latest
+    image: geonode/geoserver:2.23.3-v1
     container_name: geoserver4${COMPOSE_PROJECT_NAME}
     healthcheck:
       test: "curl -m 10 --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://geoserver:8080/geoserver/ows"
@@ -114,7 +114,7 @@ services:
         condition: service_healthy
 
   data-dir-conf:
-    image: geonode/geoserver_data:latest
+    image: geonode/geoserver_data:2.23.3-v1
     container_name: gsconf4${COMPOSE_PROJECT_NAME}
     entrypoint: sleep infinity
     volumes:
@@ -126,7 +126,7 @@ services:
   # PostGIS database.
   db:
     # use geonode official postgis 15 image
-    image: geonode/postgis:latest
+    image: geonode/postgis:15.3-v1
     command: postgres -c "max_connections=${POSTGRESQL_MAX_CONNECTIONS}"
     container_name: db4${COMPOSE_PROJECT_NAME}
     env_file:

From 4137c249f1a74aa9dbb36df4f6013537bfe9d42b Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Wed, 10 Jan 2024 16:29:09 +0100
Subject: [PATCH 318/330] Use GeoNode 4.2.x Docker image (#11826)

---
 docker-compose-test.yml | 2 +-
 docker-compose.yml      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker-compose-test.yml b/docker-compose-test.yml
index 22ac6dd0093..8780e0aea7b 100644
--- a/docker-compose-test.yml
+++ b/docker-compose-test.yml
@@ -3,7 +3,7 @@ version: '3.9'
 # Common Django template for GeoNode and Celery services below
 x-common-django:
   &default-common-django
-  image: geonode/geonode:latest-ubuntu-22.04
+  image: geonode/geonode:local
   restart: unless-stopped
   env_file:
     - .env_test
diff --git a/docker-compose.yml b/docker-compose.yml
index e11bf319688..0f7bfcfd1fc 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,7 +3,7 @@ version: '3.9'
 # Common Django template for GeoNode and Celery services below
 x-common-django:
   &default-common-django
-  image: geonode/geonode:latest-ubuntu-22.04
+  image: geonode/geonode:4.2.x
   restart: unless-stopped
   env_file:
     - .env

From 8e03c53b39197c9ca24015605a66afb85dfd29aa Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Wed, 10 Jan 2024 17:17:11 +0100
Subject: [PATCH 319/330] Release 4.2.0 (#11827)

* Bump client to 4.2.0 and importer to version 1.0.6

* Bump version to 4.2.0

* fixed docker image tags for test and dev compose files
---
 docker-compose-dev.yml  | 10 +++++-----
 docker-compose-test.yml | 10 +++++-----
 geonode/__init__.py     |  2 +-
 requirements.txt        |  5 ++---
 setup.cfg               |  4 ++--
 5 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml
index 7c21d3ec374..7c355038429 100644
--- a/docker-compose-dev.yml
+++ b/docker-compose-dev.yml
@@ -52,7 +52,7 @@ services:
 
   # Nginx is serving django static and media files and proxies to django and geonode
   geonode:
-    image: geonode/nginx:latest
+    image: geonode/nginx:1.25.3-v1
     build: ./scripts/docker/nginx/
     container_name: nginx4${COMPOSE_PROJECT_NAME}
     env_file:
@@ -70,7 +70,7 @@ services:
 
   # Gets and installs letsencrypt certificates
   letsencrypt:
-    image: geonode/letsencrypt:latest
+    image: geonode/letsencrypt:2.6.0-v1
     container_name: letsencrypt4${COMPOSE_PROJECT_NAME}
     env_file:
       - .env
@@ -80,7 +80,7 @@ services:
 
   # Geoserver backend
   geoserver:
-    image: geonode/geoserver:latest
+    image: geonode/geoserver:2.23.3-v1
     container_name: geoserver4${COMPOSE_PROJECT_NAME}
     healthcheck:
       test: "curl -m 10 --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://geoserver:8080/geoserver/ows"
@@ -106,7 +106,7 @@ services:
         condition: service_healthy
 
   data-dir-conf:
-    image: geonode/geoserver_data:latest
+    image: geonode/geoserver_data:2.23.3-v1
     container_name: gsconf4${COMPOSE_PROJECT_NAME}
     entrypoint: sleep infinity
     volumes:
@@ -118,7 +118,7 @@ services:
   # PostGIS database.
   db:
     # use geonode official postgis 15 image
-    image: geonode/postgis:latest
+    image: geonode/postgis:15.3-v1
     command: postgres -c "max_connections=${POSTGRESQL_MAX_CONNECTIONS}"
     container_name: db4${COMPOSE_PROJECT_NAME}
     env_file:
diff --git a/docker-compose-test.yml b/docker-compose-test.yml
index 8780e0aea7b..276523a3a4d 100644
--- a/docker-compose-test.yml
+++ b/docker-compose-test.yml
@@ -52,7 +52,7 @@ services:
 
   # Nginx is serving django static and media files and proxies to django and geonode
   geonode:
-    image: geonode/nginx:latest
+    image: geonode/nginx:1.25.3-v1
     container_name: nginx4${COMPOSE_PROJECT_NAME}
     env_file:
       - .env_test
@@ -82,7 +82,7 @@ services:
 
   # Gets and installs letsencrypt certificates
   letsencrypt:
-    image: geonode/letsencrypt:latest
+    image: geonode/letsencrypt:2.6.0-v1
     container_name: letsencrypt4${COMPOSE_PROJECT_NAME}
     env_file:
       - .env_test
@@ -92,7 +92,7 @@ services:
 
   # Geoserver backend
   geoserver:
-    image: geonode/geoserver:latest
+    image: geonode/geoserver:2.23.3-v1
     container_name: geoserver4${COMPOSE_PROJECT_NAME}
     healthcheck:
       test: "curl -m 10 --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://geoserver:8080/geoserver/ows"
@@ -118,7 +118,7 @@ services:
         condition: service_healthy
 
   data-dir-conf:
-    image: geonode/geoserver_data:latest
+    image: geonode/geoserver_data:2.23.3-v1
     container_name: gsconf4${COMPOSE_PROJECT_NAME}
     entrypoint: sleep infinity
     volumes:
@@ -130,7 +130,7 @@ services:
   # PostGIS database.
   db:
     # use geonode official postgis 15 image
-    image: geonode/postgis:latest
+    image: geonode/postgis:15.3-v1
     command: postgres -c "max_connections=${POSTGRESQL_MAX_CONNECTIONS}"
     container_name: db4${COMPOSE_PROJECT_NAME}
     env_file:
diff --git a/geonode/__init__.py b/geonode/__init__.py
index 9b1e32fbb4d..5d15032b0a3 100644
--- a/geonode/__init__.py
+++ b/geonode/__init__.py
@@ -19,7 +19,7 @@
 
 import os
 
-__version__ = (4, 2, 0, "dev", 0)
+__version__ = (4, 2, 0, "final", 0)
 
 
 default_app_config = "geonode.apps.AppConfig"
diff --git a/requirements.txt b/requirements.txt
index 81a794a4559..124910335d9 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -88,9 +88,8 @@ pinax-notifications==6.0.0
 pinax-ratings==4.0.0
 
 # GeoNode org maintained apps.
-# django-geonode-mapstore-client==4.0.5
--e git+https://github.com/GeoNode/geonode-mapstore-client.git@master#egg=django_geonode_mapstore_client
--e git+https://github.com/GeoNode/geonode-importer.git@master#egg=geonode-importer
+django-geonode-mapstore-client==4.2.0
+geonode-importer==1.0.6
 django-avatar==7.1.1
 geonode-oauth-toolkit==2.2.2
 geonode-user-messages==2.0.2
diff --git a/setup.cfg b/setup.cfg
index 37e8ae01318..5e24e8fd6be 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -114,8 +114,8 @@ install_requires =
     pinax-ratings==4.0.0
 
     # GeoNode org maintained apps.
-    django-geonode-mapstore-client>=4.0.5,<5.0.0
-    geonode-importer>=1.0.2
+    django-geonode-mapstore-client==4.2.0
+    geonode-importer==1.0.6
     django-avatar==7.1.1
     geonode-oauth-toolkit==2.2.2
     geonode-user-messages==2.0.2

From 73f6ba91da28899a1e0d09d84bcd550e3511688a Mon Sep 17 00:00:00 2001
From: "G. Allegri" <giohappy@gmail.com>
Date: Wed, 10 Jan 2024 17:30:35 +0100
Subject: [PATCH 320/330] Bump to dev dependencies

---
 geonode/__init__.py | 2 +-
 requirements.txt    | 4 ++--
 setup.cfg           | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/geonode/__init__.py b/geonode/__init__.py
index 5d15032b0a3..9b1e32fbb4d 100644
--- a/geonode/__init__.py
+++ b/geonode/__init__.py
@@ -19,7 +19,7 @@
 
 import os
 
-__version__ = (4, 2, 0, "final", 0)
+__version__ = (4, 2, 0, "dev", 0)
 
 
 default_app_config = "geonode.apps.AppConfig"
diff --git a/requirements.txt b/requirements.txt
index 124910335d9..4ea6cf81017 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -88,8 +88,8 @@ pinax-notifications==6.0.0
 pinax-ratings==4.0.0
 
 # GeoNode org maintained apps.
-django-geonode-mapstore-client==4.2.0
-geonode-importer==1.0.6
+-e git+https://github.com/GeoNode/geonode-mapstore-client.git@4.2.x#egg=django_geonode_mapstore_client
+-e git+https://github.com/GeoNode/geonode-importer.git@master#egg=geonode-importer
 django-avatar==7.1.1
 geonode-oauth-toolkit==2.2.2
 geonode-user-messages==2.0.2
diff --git a/setup.cfg b/setup.cfg
index 5e24e8fd6be..a7e644e412e 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -114,8 +114,8 @@ install_requires =
     pinax-ratings==4.0.0
 
     # GeoNode org maintained apps.
-    django-geonode-mapstore-client==4.2.0
-    geonode-importer==1.0.6
+    django-geonode-mapstore-client>=4.2.0,<5.0.0
+    geonode-importer>=1.0.6
     django-avatar==7.1.1
     geonode-oauth-toolkit==2.2.2
     geonode-user-messages==2.0.2

From b1682dbafce403cc91daf965682d654c261a1c85 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed, 10 Jan 2024 18:55:58 +0100
Subject: [PATCH 321/330] Add long_description_content_type for Markdown
 (#11831) (#11832)

(cherry picked from commit b556709e24fde3122fb480757349afab2df3b1e4)

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
---
 setup.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/setup.py b/setup.py
index 498d391199e..2109bd21603 100644
--- a/setup.py
+++ b/setup.py
@@ -28,6 +28,7 @@
 setup(
     version=__import__("geonode").get_version(),
     long_description=open("README.md").read(),
+    long_description_content_type="text/markdown",
     package_data={
         "": ["*.*"],  # noqa
         "": ["static/*.*"],  # noqa

From 3e1c326ddf0cacc1af71ad6bb652e5f582fbdbca Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Thu, 11 Jan 2024 10:35:22 +0100
Subject: [PATCH 322/330] Remove docker-compose-dev reference to nginx script
 (#11835)

---
 docker-compose-dev.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml
index 7c355038429..f77b69a506f 100644
--- a/docker-compose-dev.yml
+++ b/docker-compose-dev.yml
@@ -53,7 +53,6 @@ services:
   # Nginx is serving django static and media files and proxies to django and geonode
   geonode:
     image: geonode/nginx:1.25.3-v1
-    build: ./scripts/docker/nginx/
     container_name: nginx4${COMPOSE_PROJECT_NAME}
     env_file:
       - .env

From b8814998155c03b2412e90c7672d897191986885 Mon Sep 17 00:00:00 2001
From: "G. Allegri" <giohappy@gmail.com>
Date: Thu, 11 Jan 2024 10:37:11 +0100
Subject: [PATCH 323/330] Local build for development branch

---
 docker-compose.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index 0f7bfcfd1fc..9c241372858 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -22,6 +22,9 @@ services:
   # Our custom django application. It includes Geonode.
   django:
     << : *default-common-django
+    build:
+      context: ./
+      dockerfile: Dockerfile
     container_name: django4${COMPOSE_PROJECT_NAME}
     healthcheck:
       test: "curl -m 10 --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://django:8000/"

From 9f65512c35412767a716b1c04fbac7a16b453d76 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Wed, 17 Jan 2024 18:04:05 +0100
Subject: [PATCH 324/330] Fix minimum version for the client (#11854)

Since 4.2.0.dev0 is not considered >= 4.2.0
---
 setup.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.cfg b/setup.cfg
index a7e644e412e..79feeaeb61d 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -114,7 +114,7 @@ install_requires =
     pinax-ratings==4.0.0
 
     # GeoNode org maintained apps.
-    django-geonode-mapstore-client>=4.2.0,<5.0.0
+    django-geonode-mapstore-client>=4.1.1,<5.0.0
     geonode-importer>=1.0.6
     django-avatar==7.1.1
     geonode-oauth-toolkit==2.2.2

From 97c75de51bb16cb4364d41ba32918294ab0b93f6 Mon Sep 17 00:00:00 2001
From: Henning Bredel <h.bredel@52north.org>
Date: Wed, 9 Aug 2023 16:15:37 +0200
Subject: [PATCH 325/330] Init workflow for 52n build pipeline

Add docker container registry workflow

Update meta tags in workflow

Add version tag 4.1

Add further images to build

Fix geoserver's context path

Add tags for mayor, minor, and bugfix version

BUmp to 4.1.x (GeoNode#11371)

Update geonode version to 4.1.2

Clean up versions metadata

Push core images to dedicated repos

Push geonode image to 52north/geonode

Upload a dockerhub description

Update dockerhub description workflow config

Update 52n readme

Fix image repository config

Fix workflow name

Link to 52n fork on github

Add a note to version 3 tags

Add a note to version 3 tags

Update dockerhub readme

Do not use commit SHA for labels

Separates 4.1.x and a release builds

Cancel running builds

Trigger release build on tag having -52n suffix

Fix dockerhub secret refs

Failing action tested successfully

Adds release build jobs for nginx and geoserver

Add missing image tags in meta step

Build latest from master

Remove path exclusions

Rename workflow build

Rename workflow file

Release are built from dedicated branches
---
 .github/workflows/52n-build-master.yml        | 133 +++++++++++++++
 .github/workflows/dockerhub-description.yml   |  23 +++
 .gitignore                                    |   2 +-
 README_52n.md                                 |  25 +++
 scripts/docker/geoserver/Dockerfile           | 113 +++++++++++++
 scripts/docker/geoserver/README.md            | 132 +++++++++++++++
 scripts/docker/geoserver/docker-compose.yml   |  61 +++++++
 scripts/docker/geoserver/entrypoint.sh        | 152 ++++++++++++++++++
 scripts/docker/geoserver/get_dockerhost_ip.py |  24 +++
 scripts/docker/geoserver/get_nginxhost_ip.py  |  45 ++++++
 scripts/docker/geoserver/multidump-alt.sh     |  16 ++
 scripts/docker/geoserver/multidump.sh         |  18 +++
 scripts/docker/geoserver/requirements.txt     |   1 +
 .../docker/geoserver/set_geoserver_auth.sh    |  91 +++++++++++
 scripts/docker/geoserver/setup_auth.sh        |   3 +
 .../geofence-datasource-ovr.properties.j2     |  12 ++
 16 files changed, 850 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/52n-build-master.yml
 create mode 100644 .github/workflows/dockerhub-description.yml
 create mode 100644 README_52n.md
 create mode 100644 scripts/docker/geoserver/Dockerfile
 create mode 100644 scripts/docker/geoserver/README.md
 create mode 100644 scripts/docker/geoserver/docker-compose.yml
 create mode 100644 scripts/docker/geoserver/entrypoint.sh
 create mode 100644 scripts/docker/geoserver/get_dockerhost_ip.py
 create mode 100644 scripts/docker/geoserver/get_nginxhost_ip.py
 create mode 100644 scripts/docker/geoserver/multidump-alt.sh
 create mode 100644 scripts/docker/geoserver/multidump.sh
 create mode 100644 scripts/docker/geoserver/requirements.txt
 create mode 100644 scripts/docker/geoserver/set_geoserver_auth.sh
 create mode 100644 scripts/docker/geoserver/setup_auth.sh
 create mode 100644 scripts/docker/geoserver/templates/geofence/geofence-datasource-ovr.properties.j2

diff --git a/.github/workflows/52n-build-master.yml b/.github/workflows/52n-build-master.yml
new file mode 100644
index 00000000000..59a3ce8954b
--- /dev/null
+++ b/.github/workflows/52n-build-master.yml
@@ -0,0 +1,133 @@
+name: "[52n_master -> lastest] Builds GeoNode Docker Images"
+
+concurrency:
+  group: "geonode_build_master"
+  cancel-in-progress: true
+
+env:
+  TITLE: "52°North GeoNode Docker Image"
+  VENDOR: "52°North GmbH"
+  AUTHORS: "https://52North.org/"
+  DESCRIPTION: "Builds and publishes the Docker images GeoNode, GeoServer, Nginx"
+  LICENSE: "GPL-3.0"
+  TAG: latest
+
+on:
+  push:
+    branches:
+      - "52n-master"
+
+jobs:
+  build_and_push_geonode:
+    runs-on: ubuntu-22.04
+    env:
+      IMAGE: 52north/geonode
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.IMAGE }}
+          labels: |
+            "org.opencontainers.image.authors=${{ env.AUTHORS }}"
+            "org.opencontainers.image.vendor=${{ env.VENDOR }}"
+            "org.opencontainers.image.description=${{ env.DESCRIPTION }}"
+            "org.opencontainers.image.title=${{ env.TITLE }}"
+            "org.opencontainers.image.licenses=${{ env.LICENSE }}"
+          tags: |
+            ${{ env.TAG }}
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN_52N_MASTER }}
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=registry,ref=${{ env.IMAGE }}:buildcache
+          cache-to: type=registry,ref=${{ env.IMAGE }}:buildcache,mode=max
+
+  build_and_push_nginx:
+    runs-on: ubuntu-22.04
+    env:
+      IMAGE: 52north/geonode-nginx
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.IMAGE }}
+          labels: |
+            "org.opencontainers.image.authors=${{ env.AUTHORS }}"
+            "org.opencontainers.image.vendor=${{ env.VENDOR }}"
+            "org.opencontainers.image.description=${{ env.DESCRIPTION }}"
+            "org.opencontainers.image.title=${{ env.TITLE }}"
+            "org.opencontainers.image.licenses=${{ env.LICENSE }}"
+          tags: |
+            ${{ env.TAG }}
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN_52N_MASTER }}
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: ./scripts/docker/nginx/
+          file: ./scripts/docker/nginx/Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=registry,ref=${{ env.IMAGE }}:buildcache
+          cache-to: type=registry,ref=${{ env.IMAGE }}:buildcache,mode=max
+
+  build_and_push_geoserver:
+    runs-on: ubuntu-22.04
+    env:
+      IMAGE: 52north/geonode-geoserver
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: "${{ env.IMAGE }}"
+          labels: |
+            "org.opencontainers.image.authors=${{ env.AUTHORS }}"
+            "org.opencontainers.image.vendor=${{ env.VENDOR }}"
+            "org.opencontainers.image.description=${{ env.DESCRIPTION }}"
+            "org.opencontainers.image.title=${{ env.TITLE }}"
+            "org.opencontainers.image.licenses=${{ env.LICENSE }}"
+          tags: |
+            ${{ env.TAG }}
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN_52N_MASTER }}
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: ./scripts/docker/geoserver/
+          file: ./scripts/docker/geoserver/Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=registry,ref=${{ env.IMAGE }}:buildcache
+          cache-to: type=registry,ref=${{ env.IMAGE }}:buildcache,mode=max
diff --git a/.github/workflows/dockerhub-description.yml b/.github/workflows/dockerhub-description.yml
new file mode 100644
index 00000000000..3dbe8fbb583
--- /dev/null
+++ b/.github/workflows/dockerhub-description.yml
@@ -0,0 +1,23 @@
+name: Update Docker Hub Description
+on:
+  push:
+    branches:
+      - 52n-master
+    paths:
+      - README_52n.md
+      - .github/workflows/dockerhub-description.yml
+jobs:
+  dockerHubDescription:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Docker Hub Description
+      uses: peter-evans/dockerhub-description@v3
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN_52N_MASTER }}
+        repository: 52north/geonode
+        short-description: "Geospatial content management system"
+        readme-filepath: ./README_52n.md
+        enable-url-completion: true
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 7a455624878..60f95d0efc8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -96,4 +96,4 @@ scripts/spcgeonode/_volume_*
 !hooks/*
 
 .env
-
+.secret
diff --git a/README_52n.md b/README_52n.md
new file mode 100644
index 00000000000..3e92b9009b5
--- /dev/null
+++ b/README_52n.md
@@ -0,0 +1,25 @@
+# 52°North Fork of GeoNode
+
+This image is built from a fork of [Geonode](https://github.com/geonode/geonode).
+[52°North GmbH](https://52north.org) maintains an own fork of GeoNode in order to make necessary adjustments within projects which are not part of GeoNode core.
+
+However, we are interested to stay as close to upstream as possible, to benefit from ongoing development, but also to contribute features and fixes we develop in our projects.
+
+Starting from version `4` this image is built from the `52n-master` branch of the [`52north/geonode` repository](https://github.com/52North/geonode/tree/52n-master).
+The repository builds and publishes three images:
+
+* [`52north/geonode`](https://hub.docker.com/r/52north/geonode) (this image)
+* [`52north/geonode-nginx`](https://hub.docker.com/r/52north/geonode-nginx)
+* [`52north/geonode-geoserver`](https://hub.docker.com/r/52north/geonode-geoserver) 
+
+The Dockerfiles can be found under the [`./scripts/docker` folder](https://github.com/52North/geonode/tree/52n-master/scripts/docker).
+
+The official Docker configuration of [GeoServer for GeoNode](https://github.com/GeoNode/geoserver-docker) seems to be outdated.
+Therefore, our fork adds a `./scripts/docker/geoserver` Docker config which is based on [the geonode-project](https://github.com/geonode/geonode-project) template.
+
+Depending on our current project contexts we merge regularly from upstream, and create new pull requests based on this fork.
+
+> **Note on version `3` tags**
+>
+> Images containing a `3.x` version tag were experimental and do have a different code base.
+> These image are considered to be removed in the near future.
\ No newline at end of file
diff --git a/scripts/docker/geoserver/Dockerfile b/scripts/docker/geoserver/Dockerfile
new file mode 100644
index 00000000000..cf69384629f
--- /dev/null
+++ b/scripts/docker/geoserver/Dockerfile
@@ -0,0 +1,113 @@
+ARG IMAGE_VERSION=9.0-jdk11-openjdk-slim-bullseye
+ARG JAVA_HOME=/usr/local/openjdk-11
+FROM tomcat:$IMAGE_VERSION
+LABEL GeoNode Development Team
+
+ARG GEOSERVER_CORS_ENABLED=False
+ARG GEOSERVER_CORS_ALLOWED_ORIGINS=*
+ARG GEOSERVER_CORS_ALLOWED_METHODS=GET,POST,PUT,DELETE,HEAD,OPTIONS
+ARG GEOSERVER_CORS_ALLOWED_HEADERS=*
+#
+# Set GeoServer version and data directory
+#
+ENV GEOSERVER_VERSION=2.23.0
+ENV GEOSERVER_DATA_DIR="/geoserver_data/data"
+ENV GEOSERVER_CORS_ENABLED=$GEOSERVER_CORS_ENABLED
+ENV GEOSERVER_CORS_ALLOWED_ORIGINS=$GEOSERVER_CORS_ALLOWED_ORIGINS
+ENV GEOSERVER_CORS_ALLOWED_METHODS=$GEOSERVER_CORS_ALLOWED_METHODS
+ENV GEOSERVER_CORS_ALLOWED_HEADERS=$GEOSERVER_CORS_ALLOWED_HEADERS
+#
+# Download and install GeoServer
+#
+RUN apt-get update -y && apt-get install curl wget unzip -y
+RUN cd /usr/local/tomcat/webapps \
+    && wget --no-check-certificate --progress=bar:force:noscroll https://artifacts.geonode.org/geoserver/${GEOSERVER_VERSION}/geoserver.war -O geoserver.war \
+    && unzip -q geoserver.war -d geoserver \
+    && rm geoserver.war \
+    && mkdir -p $GEOSERVER_DATA_DIR
+
+VOLUME $GEOSERVER_DATA_DIR
+
+# added by simonelanucara https://github.com/simonelanucara
+# Optionally add JAI, ImageIO and Marlin Render for improved Geoserver performance
+WORKDIR /tmp
+
+RUN wget --no-check-certificate https://repo1.maven.org/maven2/org/postgis/postgis-jdbc/1.3.3/postgis-jdbc-1.3.3.jar -O postgis-jdbc-1.3.3.jar && \
+    wget --no-check-certificate https://maven.geo-solutions.it/org/hibernatespatial/hibernate-spatial-postgis/1.1.3.2/hibernate-spatial-postgis-1.1.3.2.jar -O hibernate-spatial-postgis-1.1.3.2.jar && \
+    rm /usr/local/tomcat/webapps/geoserver/WEB-INF/lib/hibernate-spatial-h2-geodb-1.1.3.2.jar && \
+    mv hibernate-spatial-postgis-1.1.3.2.jar /usr/local/tomcat/webapps/geoserver/WEB-INF/lib/ && \
+    mv postgis-jdbc-1.3.3.jar /usr/local/tomcat/webapps/geoserver/WEB-INF/lib/
+
+###########docker host###############
+# Set DOCKERHOST variable if DOCKER_HOST exists
+ARG DOCKERHOST=${DOCKERHOST}
+# for debugging
+RUN echo -n #1===>DOCKERHOST=${DOCKERHOST}
+#
+ENV DOCKERHOST ${DOCKERHOST}
+# for debugging
+RUN echo -n #2===>DOCKERHOST=${DOCKERHOST}
+
+###########docker host ip#############
+# Set GEONODE_HOST_IP address if it exists
+ARG GEONODE_HOST_IP=${GEONODE_HOST_IP}
+# for debugging
+RUN echo -n #1===>GEONODE_HOST_IP=${GEONODE_HOST_IP}
+#
+ENV GEONODE_HOST_IP ${GEONODE_HOST_IP}
+# for debugging
+RUN echo -n #2===>GEONODE_HOST_IP=${GEONODE_HOST_IP}
+# If empty set DOCKER_HOST_IP to GEONODE_HOST_IP
+ENV DOCKER_HOST_IP=${DOCKER_HOST_IP:-${GEONODE_HOST_IP}}
+# for debugging
+RUN echo -n #1===>DOCKER_HOST_IP=${DOCKER_HOST_IP}
+# Trying to set the value of DOCKER_HOST_IP from DOCKER_HOST
+RUN if ! [ -z ${DOCKER_HOST_IP} ]; \
+    then echo export DOCKER_HOST_IP=${DOCKERHOST} | \
+    sed 's/tcp:\/\/\([^:]*\).*/\1/' >> /root/.bashrc; \
+    else echo "DOCKER_HOST_IP is already set!"; fi
+# for debugging
+RUN echo -n #2===>DOCKER_HOST_IP=${DOCKER_HOST_IP}
+
+# Set WEBSERVER public port
+ARG PUBLIC_PORT=${PUBLIC_PORT}
+# for debugging
+RUN echo -n #1===>PUBLIC_PORT=${PUBLIC_PORT}
+#
+ENV PUBLIC_PORT=${PUBLIC_PORT}
+# for debugging
+RUN echo -n #2===>PUBLIC_PORT=${PUBLIC_PORT}
+
+# set nginx base url for geoserver
+RUN echo export NGINX_BASE_URL=http://${NGINX_HOST}:${NGINX_PORT}/ | \
+    sed 's/tcp:\/\/\([^:]*\).*/\1/' >> /root/.bashrc
+
+# copy the script and perform the run of scripts from entrypoint.sh
+RUN mkdir -p /usr/local/tomcat/tmp
+WORKDIR /usr/local/tomcat/tmp
+COPY set_geoserver_auth.sh /usr/local/tomcat/tmp
+COPY setup_auth.sh /usr/local/tomcat/tmp
+COPY requirements.txt /usr/local/tomcat/tmp
+COPY get_dockerhost_ip.py /usr/local/tomcat/tmp
+COPY get_nginxhost_ip.py /usr/local/tomcat/tmp
+COPY entrypoint.sh /usr/local/tomcat/tmp
+COPY ./templates /templates
+COPY multidump.sh /usr/local/tomcat/tmp
+COPY multidump-alt.sh /usr/local/tomcat/tmp
+
+RUN apt-get update \
+    && apt-get install -y procps less \
+    && apt-get install -y python3 python3-pip python3-dev \
+    && chmod +x /usr/local/tomcat/tmp/set_geoserver_auth.sh \
+    && chmod +x /usr/local/tomcat/tmp/setup_auth.sh \
+    && chmod +x /usr/local/tomcat/tmp/entrypoint.sh \
+    && pip3 install pip --upgrade \
+    && pip3 install -r requirements.txt \
+    && chmod +x /usr/local/tomcat/tmp/get_dockerhost_ip.py \
+    && chmod +x /usr/local/tomcat/tmp/get_nginxhost_ip.py
+
+RUN pip install j2cli
+
+ENV JAVA_OPTS="-Djava.awt.headless=true -Dgwc.context.suffix=gwc -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=/var/log/jvm.log -XX:MaxPermSize=512m -XX:PermSize=256m -Xms512m -Xmx2048m -XX:+UseConcMarkSweepGC -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -Duser.timezone=GMT -Dorg.geotools.shapefile.datetime=false -DGS-SHAPEFILE-CHARSET=UTF-8 -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL=http://geoserver:8080/geoserver/pdf -Xbootclasspath/a:/usr/local/tomcat/webapps/geoserver/WEB-INF/lib/marlin-0.9.3.jar -Dsun.java2d.renderer=org.marlin.pisces.MarlinRenderingEngine"
+
+CMD ["/usr/local/tomcat/tmp/entrypoint.sh"]
\ No newline at end of file
diff --git a/scripts/docker/geoserver/README.md b/scripts/docker/geoserver/README.md
new file mode 100644
index 00000000000..9d00a465066
--- /dev/null
+++ b/scripts/docker/geoserver/README.md
@@ -0,0 +1,132 @@
+# geoserver-docker
+
+
+**The scripts/docker/geonode folder is a copy from geonode-project* to be able to build GeoServer image from this repository directly. In case of an update, just replace the whole folder.**
+
+
+[GeoServer](http://geoserver.org) is an open source server for sharing geospatial data.
+This is a docker image that eases setting up a GeoServer running specifically for [GeoNode](https://github.com/GeoNode/geoserver-geonode-ext) with an additional separated data directory.
+
+The image is based on the official Tomcat 9 image
+
+## Installation
+
+This image is available as a [trusted build on the docker hub](https://registry.hub.docker.com/r/geonode/geoserver/), and is the recommended method of installation.
+Simple pull the image from the docker hub.
+
+```bash
+$ docker pull geonode/geoserver
+```
+
+Alternatively you can build the image locally
+
+```bash
+$ git clone https://github.com/geonode/geoserver-docker.git
+$ cd geoserver-docker
+$ docker build -t "geonode/geoserver" .
+```
+
+## Quick start
+
+You can quick start the image using the command line
+
+```bash
+$ docker run --name "geoserver" -v /var/run/docker.sock:/var/run/docker.sock -d -p 8080:8080 geonode/geoserver
+```
+
+Point your browser to `http://localhost:8080/geoserver` and login using GeoServer's default username and password:
+
+* Username: admin
+* Password: geoserver
+
+## How to use different versions
+
+There are mainly two different versions of this image which are useful for running **GeoNode** with different authentication system types. These versions are released as specific tags for two authentication mechanisms:
+
+**Cookie based authn**:
+- [geonode/geoserver:2.9.x](https://hub.docker.com/r/geonode/geoserver/builds/bx7ydhghnlrfnsppduyva73/)
+
+**Oauth2 based authn**:
+- [geonode/geoserver:2.9.x-oauth2](https://hub.docker.com/r/geonode/geoserver/builds/bwca5rtexeoegzgroavftdr/)
+- [geonode/geoserver:2.10.x](https://hub.docker.com/r/geonode/geoserver/builds/bjohcnc29vm69acqjrvndxf/)
+- [geonode/geoserver:2.12.x](https://hub.docker.com/r/geonode/geoserver/builds/bh7pyw5atmkcljurwsnzbs7/)
+- [geonode/geoserver:2.13.x](https://hub.docker.com/r/geonode/geoserver/builds/btmjctbuvrjfnnrxrs4wyrs/)
+- [geonode/geoserver:2.14.x](https://hub.docker.com/r/geonode/geoserver/builds/bj53pi8he8uksz6ggvrs3wc/)
+
+You can declare what version to use along with the data directory tag which corresponds to the same version.  
+
+## Configuration
+
+### Data volume
+
+This GeoServer container keeps its configuration data at `/geoserver_data/data` which is exposed as volume in the dockerfile.
+The volume allows for stopping and starting new containers from the same image without losing all the data and custom configuration.
+
+You may want to map this volume to a directory on the host. It will also ease the upgrade process in the future. Volumes can be mounted by passing the `-v` flag to the docker run command:
+
+```bash
+-v /your/host/data/path:/geoserver_data/data
+```
+
+### Data volume container
+
+In case you are running Compose for automatically having GeoServer up and running then a data volume container will be mounted with a default preloaded *GEOSERVER_DATA_DIR* at the configuration data directory of the container.
+Make sure that the image from the repository [data-docker](https://github.com/GeoNode/data-docker) is available from the [GeoNode Docker Hub](https://hub.docker.com/u/geonode/) or has been built locally:
+
+```bash
+docker build -t geonode/geoserver_data .
+```
+
+#### Persistance behavior
+
+If you run:
+
+```bash
+docker-compose stop
+```
+
+Data are retained in the *GEOSERVER_DATA_DIR* and can then be mounted in a new GeoServer instance by running again:
+
+```bash
+docker-compose up
+```
+
+If you run:
+
+```bash
+docker-compose down
+```
+
+Data are completely gone but you can ever start from the base GeoServer Data Directory built for Geonode.
+
+#### Data directory versions
+
+There has to be a correspondence one-to-one between the data directory version and the tag of the GeoServer image used in the Docker compose file. So at the end you can consume these images below:
+
+* **2.9.x**: [geonode/geoserver_data:2.9.x](https://hub.docker.com/r/geonode/geoserver_data/builds/bsus6alnddg4bc7icwymevp/)
+* **2.9.x-oauth2**: [geonode/geoserver_data:2.9.x-oauth2](https://hub.docker.com/r/geonode/geoserver_data/builds/bwkxcupsunvuitzusi9gsnt/)
+* **2.10.x**: [geonode/geoserver_data:2.10.x](https://hub.docker.com/r/geonode/geoserver_data/builds/b5jqhpzapkqxzyevjizccug/)
+* **2.12.x**: [geonode/geoserver_data:2.12.x](https://hub.docker.com/r/geonode/geoserver_data/builds/byaaalw3lnasunpveyg3x4i/)
+* **2.13.x**: [geonode/geoserver_data:2.13.x](https://hub.docker.com/r/geonode/geoserver_data/builds/bunuqzq7a7dk65iumjhkbtc/)
+* **2.14.x**: [geonode/geoserver_data:2.14.x](https://hub.docker.com/r/geonode/geoserver_data/builds/blpdjzkrv7pm3stunzpn4pp/)
+
+### Database
+
+GeoServer recommends the usage of a spatial database
+
+#### PostGIS container (PostgreSQL + GIS Extension)
+
+If you want to use a [PostGIS](http://postgis.org/) container, you can link it to this image. You're free to use any PostGIS container.
+An example with [kartooza/postgis](https://registry.hub.docker.com/u/kartoza/postgis/) image:
+
+```bash
+$ docker run -d --name="postgis" kartoza/postgis
+```
+
+For further information see [kartooza/postgis](https://registry.hub.docker.com/u/kartoza/postgis/).
+
+Now start the GeoServer instance by adding the `--link` option to the docker run command:
+
+```bash
+--link postgis:postgis
+```
diff --git a/scripts/docker/geoserver/docker-compose.yml b/scripts/docker/geoserver/docker-compose.yml
new file mode 100644
index 00000000000..5f3dc1cf34e
--- /dev/null
+++ b/scripts/docker/geoserver/docker-compose.yml
@@ -0,0 +1,61 @@
+version: '3.9'
+
+services:
+
+  postgis:
+    image: geonode/postgis:13
+    ports:
+      - "25432:5432"
+    volumes:
+      - /srv/docker/geoserver/postgis:/var/lib/postgresql
+    #volumes_from:
+      #- pgstore
+    healthcheck:
+      test: "pg_isready -d postgres -U postgres"
+    restart: on-failure
+
+  geoserver:
+    image: geonode/geoserver:2.23.0
+    build:
+      context: .
+      args:
+        - DOCKERHOST
+        - GEONODE_HOST_IP
+        - PUBLIC_PORT=80
+    links:
+      - postgis
+    ports:
+      - "8080:8080"
+    volumes:
+      - /geoserver_data/data
+    environment:
+      - DOCKERHOST
+      - GEONODE_HOST_IP
+      - PUBLIC_PORT=80
+      - DOCKER_HOST_IP
+      - DJANGO_URL=http://localhost/
+    depends_on:
+      postgis:
+        condition: service_completed_successfully
+      data-dir-conf:
+        condition: service_healthy
+    healthcheck:
+      test: curl --fail -s http://localhost:8080/geoserver/rest/workspaces/geonode.html || exit 1
+      interval: 1m30s
+      timeout: 10s
+      retries: 3
+    restart: on-failure
+
+  data-dir-conf:
+    image: geonode/geoserver_data:2.23.0
+    container_name: geoserver_data_dir # named data container
+    entrypoint: sleep infinity
+    volumes:
+      - /geoserver_data/data
+    healthcheck:
+      test: "ls -A '/geoserver_data/data' | wc -l"
+    restart: on-failure
+
+volumes:
+  # reference to the named data container that holds the preloaded geoserver data directory
+  geoserver_data_dir:
\ No newline at end of file
diff --git a/scripts/docker/geoserver/entrypoint.sh b/scripts/docker/geoserver/entrypoint.sh
new file mode 100644
index 00000000000..f9af5f42024
--- /dev/null
+++ b/scripts/docker/geoserver/entrypoint.sh
@@ -0,0 +1,152 @@
+#!/bin/bash
+set -e
+
+source /root/.bashrc
+
+# control the value of DOCKER_HOST_IP variable
+if [ -z ${DOCKER_HOST_IP} ]
+then
+
+    echo "DOCKER_HOST_IP is empty so I'll run the python utility \n"
+    echo export DOCKER_HOST_IP=`python3 /usr/local/tomcat/tmp/get_dockerhost_ip.py` >> /root/.override_env
+    echo "The calculated value is now DOCKER_HOST_IP='$DOCKER_HOST_IP' \n"
+
+else
+
+    echo "DOCKER_HOST_IP is filled so I'll leave the found value '$DOCKER_HOST_IP' \n"
+
+fi
+
+# control the values of LB settings if present
+if [ ${GEONODE_LB_HOST_IP} ]
+then
+
+    echo "GEONODE_LB_HOST_IP is filled so I replace the value of '$DOCKER_HOST_IP' with '$GEONODE_LB_HOST_IP' \n"
+    echo export DOCKER_HOST_IP=${GEONODE_LB_HOST_IP} >> /root/.override_env
+
+fi
+
+if [ ${GEONODE_LB_PORT} ]
+then
+
+    echo "GEONODE_LB_PORT is filled so I replace the value of '$PUBLIC_PORT' with '$GEONODE_LB_PORT' \n"
+    echo export PUBLIC_PORT=${GEONODE_LB_PORT} >> /root/.override_env
+
+fi
+
+if [ ! -z "${GEOSERVER_JAVA_OPTS}" ]
+then
+
+    echo "GEOSERVER_JAVA_OPTS is filled so I replace the value of '$JAVA_OPTS' with '$GEOSERVER_JAVA_OPTS' \n"
+    JAVA_OPTS=${GEOSERVER_JAVA_OPTS}
+
+fi
+
+# control the value of NGINX_BASE_URL variable
+if [ -z `echo ${NGINX_BASE_URL} | sed 's/http:\/\/\([^:]*\).*/\1/'` ]
+then
+    echo "NGINX_BASE_URL is empty so I'll use the static nginx hostname \n"
+    # echo export NGINX_BASE_URL=`python3 /usr/local/tomcat/tmp/get_nginxhost_ip.py` >> /root/.override_env
+    # TODO rework get_nginxhost_ip to get URL with static hostname from nginx service name
+    # + exposed port of that container i.e. http://geonode:80
+    echo export NGINX_BASE_URL=http://geonode:80 >> /root/.override_env
+    echo "The calculated value is now NGINX_BASE_URL='$NGINX_BASE_URL' \n"
+else
+    echo "NGINX_BASE_URL is filled so I'll leave the found value '$NGINX_BASE_URL' \n"
+fi
+
+# set basic tagname
+TAGNAME=( "baseUrl" )
+
+if ! [ -f ${GEOSERVER_DATA_DIR}/security/auth/geonodeAuthProvider/config.xml ]
+then
+
+    echo "Configuration file '$GEOSERVER_DATA_DIR'/security/auth/geonodeAuthProvider/config.xml is not available so it is gone to skip \n"
+
+else
+
+    # backup geonodeAuthProvider config.xml
+    cp ${GEOSERVER_DATA_DIR}/security/auth/geonodeAuthProvider/config.xml ${GEOSERVER_DATA_DIR}/security/auth/geonodeAuthProvider/config.xml.orig
+    # run the setting script for geonodeAuthProvider
+    /usr/local/tomcat/tmp/set_geoserver_auth.sh ${GEOSERVER_DATA_DIR}/security/auth/geonodeAuthProvider/config.xml ${GEOSERVER_DATA_DIR}/security/auth/geonodeAuthProvider/ ${TAGNAME} > /dev/null 2>&1
+
+fi
+
+# backup geonode REST role service config.xml
+cp "${GEOSERVER_DATA_DIR}/security/role/geonode REST role service/config.xml" "${GEOSERVER_DATA_DIR}/security/role/geonode REST role service/config.xml.orig"
+# run the setting script for geonode REST role service
+/usr/local/tomcat/tmp/set_geoserver_auth.sh "${GEOSERVER_DATA_DIR}/security/role/geonode REST role service/config.xml" "${GEOSERVER_DATA_DIR}/security/role/geonode REST role service/" ${TAGNAME} > /dev/null 2>&1
+
+# set oauth2 filter tagname
+TAGNAME=( "accessTokenUri" "userAuthorizationUri" "redirectUri" "checkTokenEndpointUrl" "logoutUri" )
+
+# backup geonode-oauth2 config.xml
+cp ${GEOSERVER_DATA_DIR}/security/filter/geonode-oauth2/config.xml ${GEOSERVER_DATA_DIR}/security/filter/geonode-oauth2/config.xml.orig
+# run the setting script for geonode-oauth2
+/usr/local/tomcat/tmp/set_geoserver_auth.sh ${GEOSERVER_DATA_DIR}/security/filter/geonode-oauth2/config.xml ${GEOSERVER_DATA_DIR}/security/filter/geonode-oauth2/ "${TAGNAME[@]}" > /dev/null 2>&1
+
+# set global tagname
+TAGNAME=( "proxyBaseUrl" )
+
+# backup global.xml
+cp ${GEOSERVER_DATA_DIR}/global.xml ${GEOSERVER_DATA_DIR}/global.xml.orig
+# run the setting script for global configuration
+/usr/local/tomcat/tmp/set_geoserver_auth.sh ${GEOSERVER_DATA_DIR}/global.xml ${GEOSERVER_DATA_DIR}/ ${TAGNAME} > /dev/null 2>&1
+
+# set correct amqp broker url
+sed -i -e 's/localhost/rabbitmq/g' ${GEOSERVER_DATA_DIR}/notifier/notifier.xml
+
+# exclude wrong dependencies
+sed -i -e 's/xom-\*\.jar/xom-\*\.jar,bcprov\*\.jar/g' /usr/local/tomcat/conf/catalina.properties
+
+# J2 templating for this docker image we should also do it for other configuration files in /usr/local/tomcat/tmp
+
+declare -a geoserver_datadir_template_dirs=("geofence")
+
+for template in in ${geoserver_datadir_template_dirs[*]}; do
+    #Geofence templates
+    if [ "$template" == "geofence" ]; then
+      cp -R /templates/$template/* ${GEOSERVER_DATA_DIR}/geofence
+
+      for f in $(find ${GEOSERVER_DATA_DIR}/geofence/ -type f -name "*.j2"); do
+          echo -e "Evaluating template\n\tSource: $f\n\tDest: ${f%.j2}"
+          /usr/local/bin/j2 $f > ${f%.j2}
+          rm -f $f
+      done
+
+    fi
+done
+
+# configure CORS (inspired by https://github.com/oscarfonts/docker-geoserver)
+# if enabled, this will add the filter definitions
+# to the end of the web.xml
+# (this will only happen if our filter has not yet been added before)
+if [ "${GEOSERVER_CORS_ENABLED}" = "true" ] || [ "${GEOSERVER_CORS_ENABLED}" = "True" ]; then
+  if ! grep -q DockerGeoServerCorsFilter "$CATALINA_HOME/webapps/geoserver/WEB-INF/web.xml"; then
+    echo "Enable CORS for $CATALINA_HOME/webapps/geoserver/WEB-INF/web.xml"
+    sed -i "\:</web-app>:i\\
+    <filter>\n\
+      <filter-name>DockerGeoServerCorsFilter</filter-name>\n\
+      <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>\n\
+      <init-param>\n\
+          <param-name>cors.allowed.origins</param-name>\n\
+          <param-value>${GEOSERVER_CORS_ALLOWED_ORIGINS}</param-value>\n\
+      </init-param>\n\
+      <init-param>\n\
+          <param-name>cors.allowed.methods</param-name>\n\
+          <param-value>${GEOSERVER_CORS_ALLOWED_METHODS}</param-value>\n\
+      </init-param>\n\
+      <init-param>\n\
+        <param-name>cors.allowed.headers</param-name>\n\
+        <param-value>${GEOSERVER_CORS_ALLOWED_HEADERS}</param-value>\n\
+      </init-param>\n\
+    </filter>\n\
+    <filter-mapping>\n\
+      <filter-name>DockerGeoServerCorsFilter</filter-name>\n\
+      <url-pattern>/*</url-pattern>\n\
+    </filter-mapping>" "$CATALINA_HOME/webapps/geoserver/WEB-INF/web.xml";
+  fi
+fi
+
+# start tomcat
+exec env JAVA_OPTS="${JAVA_OPTS}" catalina.sh run
\ No newline at end of file
diff --git a/scripts/docker/geoserver/get_dockerhost_ip.py b/scripts/docker/geoserver/get_dockerhost_ip.py
new file mode 100644
index 00000000000..7b5a42ed310
--- /dev/null
+++ b/scripts/docker/geoserver/get_dockerhost_ip.py
@@ -0,0 +1,24 @@
+#!/usr/bin/env python3
+
+import logging
+
+import docker
+
+BOOTSTRAP_IMAGE_CHEIP = 'codenvy/che-ip:nightly'
+# AF: why call before definition? print _docker_host_ip()
+
+def _docker_host_ip():
+    client = docker.from_env()
+    ip_list = client.containers.run(BOOTSTRAP_IMAGE_CHEIP,
+                                    network_mode='host'
+                                    ).split("\n")
+    if len(ip_list) > 1:
+        logging.info("Docker daemon is running on more than one \
+address {0}".format(ip_list))
+        logging.info("Only the first address:{0} will be returned!".format(
+            ip_list[0]
+        ))
+    else:
+        logging.info("Docker daemon is running at the following \
+address {0}".format(ip_list[0]))
+    return ip_list[0]
diff --git a/scripts/docker/geoserver/get_nginxhost_ip.py b/scripts/docker/geoserver/get_nginxhost_ip.py
new file mode 100644
index 00000000000..c6a67d8490d
--- /dev/null
+++ b/scripts/docker/geoserver/get_nginxhost_ip.py
@@ -0,0 +1,45 @@
+#!/usr/bin/env python3
+
+import logging
+import os
+
+import docker
+
+client = docker.from_env()
+# print(client.info())
+# TODO avoid this script can fail and fall in the loop where the geoserver
+# service is not available and consequently the nginx too which has geoserver
+# as a reference link
+for network in client.networks.list():
+    if 'geonode' in network.name:
+        geonode_network = network.name
+    else:
+        geonode_network = 'geonode_default'
+
+try:
+    containers = {
+        c.attrs['Config']['Image']: c.attrs['NetworkSettings']['\
+Networks'][geonode_network]['\
+IPAddress'] for c in client.containers.list() if c.status in 'running'
+    }
+    for item in containers.items():
+        if "geonode/nginx" in item[0]:
+            ipaddr = item[1]
+
+    try:
+        os.environ["NGINX_BASE_URL"] = "http://" + ipaddr + ":" + "80"
+        nginx_base_url = "http://{}:80".format(ipaddr)
+    except NameError as er:
+        logging.info("NGINX container is not running maybe exited! Running\
+containers are:{0}".format(containers))
+except KeyError as ke:
+    logging.info("There has been a problem with the docker\
+network which has raised the following exception: {0}".format(ke))
+else:
+    # nginx_base_url = None
+    pass
+finally:
+    try:
+        print(nginx_base_url)
+    except NameError as ne:
+        print("http://geonode:80")
diff --git a/scripts/docker/geoserver/multidump-alt.sh b/scripts/docker/geoserver/multidump-alt.sh
new file mode 100644
index 00000000000..cc237e17bec
--- /dev/null
+++ b/scripts/docker/geoserver/multidump-alt.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+if [ $# -ne 3 ]; then
+    echo "Usage: $0 pid interval count"
+    exit 1
+fi
+
+PID=$1
+INTERVAL=$2
+COUNT=$3
+
+top -bH -d $INTERVAL -n $COUNT -p $PID >> top.out 2>&1 &
+for i in `seq $COUNT`; do
+    kill -3 $PID
+    sleep $INTERVAL
+done
diff --git a/scripts/docker/geoserver/multidump.sh b/scripts/docker/geoserver/multidump.sh
new file mode 100644
index 00000000000..21dfd2ba660
--- /dev/null
+++ b/scripts/docker/geoserver/multidump.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+if [ $# -ne 3 ]; then
+    echo "Usage: $0 pid interval count"
+    exit 1
+fi
+
+PID=$1
+INTERVAL=$2
+COUNT=$3
+
+top -bH -d $INTERVAL -n $COUNT -p $PID >> top.out 2>&1 &
+for i in `seq $COUNT`; do
+    echo "stack trace $i of $COUNT" >> jstack.out
+    jstack -l $PID >> jstack.out
+    echo "--------------------" >> jstack.out
+    sleep $INTERVAL
+done
diff --git a/scripts/docker/geoserver/requirements.txt b/scripts/docker/geoserver/requirements.txt
new file mode 100644
index 00000000000..0b31242fdae
--- /dev/null
+++ b/scripts/docker/geoserver/requirements.txt
@@ -0,0 +1 @@
+docker==3.1.1
diff --git a/scripts/docker/geoserver/set_geoserver_auth.sh b/scripts/docker/geoserver/set_geoserver_auth.sh
new file mode 100644
index 00000000000..27dd11ef54e
--- /dev/null
+++ b/scripts/docker/geoserver/set_geoserver_auth.sh
@@ -0,0 +1,91 @@
+#!/bin/bash
+
+auth_conf_source="$1"
+auth_conf_target="$2"
+# Creating a temporary file for sed to write the changes to
+temp_file="xml.tmp"
+touch $temp_file
+
+source /root/.bashrc
+source /root/.override_env
+
+test -z "$auth_conf_source" && echo "You must specify a source file" && exit 1
+test -z "$auth_conf_target" && echo "You must specify a target conf directory" && exit 1
+
+test ! -f "$auth_conf_source" && echo "Source $auth_conf_source does not exist or is not a file" && exit 1
+test ! -d "$auth_conf_target" && echo "Target directory $auth_conf_target does not exist or is not a directory" && exit 1
+
+# for debugging
+echo -e "NGINX_BASE_URL=${NGINX_BASE_URL}\n"
+if [ "$PUBLIC_PORT" == "443" ]; then
+    SUBSTITUTION_URL="https://${DOCKER_HOST_IP}"
+    if [ "$PUBLIC_PORT" != "443" ]; then
+        SUBSTITUTION_URL="https://${DOCKER_HOST_IP}:${PUBLIC_PORT}"
+    fi
+else
+    SUBSTITUTION_URL="http://${DOCKER_HOST_IP}"
+    if [ "$PUBLIC_PORT" != "80" ]; then
+        SUBSTITUTION_URL="http://${DOCKER_HOST_IP}:${PUBLIC_PORT}"
+    fi
+fi
+
+echo -e "SUBSTITUTION_URL=$SUBSTITUTION_URL\n"
+echo -e "auth_conf_source=$auth_conf_source\n"
+echo -e "auth_conf_target=$auth_conf_target\n"
+
+# Elegance is the key -> adding an empty last line for Mr. “sed” to pick up
+echo " " >> "$auth_conf_source"
+
+cat "$auth_conf_source"
+
+tagname=( ${@:3:5} )
+
+# for debugging
+for i in "${tagname[@]}"
+do
+   echo "tagname=<$i>"
+done
+
+echo "DEBUG: Starting... [Ok]\n"
+
+for i in "${tagname[@]}"
+do
+    echo "DEBUG: Working on '$auth_conf_source' for tagname <$i>"
+    # Extracting the value from the <$tagname> element
+    # echo -ne "<$i>$tagvalue</$i>" | xmlstarlet sel -t -m "//a" -v . -n
+    tagvalue=`grep "<$i>.*<.$i>" "$auth_conf_source" | sed -e "s/^.*<$i/<$i/" | cut -f2 -d">"| cut -f1 -d"<"`
+
+    echo "DEBUG: Found the current value for the element <$i> - '$tagvalue'"
+
+    # Setting new substituted value
+    case $i in
+        proxyBaseUrl )
+            if [ ${GEONODE_LB_HOST_IP} ]
+            then
+                echo "DEBUG: Editing '$auth_conf_source' for tagname <$i> and replacing its value with '$SUBSTITUTION_URL'"
+                newvalue=`echo -ne "$tagvalue" | sed -re "s@http://localhost(:8.*0)@$SUBSTITUTION_URL@"`
+            else
+                echo "DEBUG: Editing '$auth_conf_source' for tagname <$i> and replacing its value with '$NGINX_BASE_URL'"
+                newvalue=`echo -ne "$tagvalue" | sed -re "s@http://localhost(:8.*0)@$NGINX_BASE_URL@"`
+            fi;;
+        accessTokenUri | checkTokenEndpointUrl | baseUrl )
+            echo "DEBUG: Editing '$auth_conf_source' for tagname <$i> and replacing its value with '$NGINX_BASE_URL'"
+            newvalue=`echo -ne "$tagvalue" | sed -re "s@http://localhost(:8.*0)@$NGINX_BASE_URL@"`;;
+        userAuthorizationUri | redirectUri | logoutUri )
+            echo "DEBUG: Editing '$auth_conf_source' for tagname <$i> and replacing its value with '$SUBSTITUTION_URL'"
+            newvalue=`echo -ne "$tagvalue" | sed -re "s@http://localhost(:8.*0)@$SUBSTITUTION_URL@"`;;
+        *) echo -n "an unknown variable has been found";;
+    esac
+
+    echo "DEBUG: Found the new value for the element <$i> - '$newvalue'"
+    # Replacing element’s value with $SUBSTITUTION_URL
+    # echo -ne "<$i>$tagvalue</$i>" | xmlstarlet sel -t -m "//a" -v . -n
+    sed -e "s@<$i>$tagvalue<\/$i>@<$i>$newvalue<\/$i>@g" "$auth_conf_source" > "$temp_file"
+    cp "$temp_file" "$auth_conf_source"
+done
+# Writing our changes back to the original file ($auth_conf_source)
+# no longer needed
+# mv $temp_file $auth_conf_source
+
+echo "DEBUG: Finished... [Ok] --- Final xml file is \n"
+cat "$auth_conf_source"
diff --git a/scripts/docker/geoserver/setup_auth.sh b/scripts/docker/geoserver/setup_auth.sh
new file mode 100644
index 00000000000..6f9373b978c
--- /dev/null
+++ b/scripts/docker/geoserver/setup_auth.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+sed -i.bak 's@<baseUrl>\([^<][^<]*\)</baseUrl>@<baseUrl>'"$DJANGO_URL"'</baseUrl>@'\
+           /geoserver_data/data/security/auth/geonodeAuthProvider/config.xml
\ No newline at end of file
diff --git a/scripts/docker/geoserver/templates/geofence/geofence-datasource-ovr.properties.j2 b/scripts/docker/geoserver/templates/geofence/geofence-datasource-ovr.properties.j2
new file mode 100644
index 00000000000..7b18d3e55f3
--- /dev/null
+++ b/scripts/docker/geoserver/templates/geofence/geofence-datasource-ovr.properties.j2
@@ -0,0 +1,12 @@
+geofenceVendorAdapter.databasePlatform=org.hibernatespatial.postgis.PostgisDialect
+geofenceDataSource.driverClassName=org.postgresql.Driver
+geofenceDataSource.url=jdbc:postgresql://{{ DATABASE_HOST }}:{{ DATABASE_PORT }}/{{ GEONODE_GEODATABASE }}
+geofenceDataSource.username={{ GEONODE_GEODATABASE }}
+geofenceDataSource.password={{ GEONODE_GEODATABASE_PASSWORD }}
+geofenceEntityManagerFactory.jpaPropertyMap[hibernate.default_schema]={{ GEONODE_GEODATABASE_SCHEMA }}
+
+# avoid hibernate transaction issues
+geofenceDataSource.testOnBorrow=true
+geofenceDataSource.validationQuery=SELECT 1
+geofenceEntityManagerFactory.jpaPropertyMap[hibernate.testOnBorrow]=true
+geofenceEntityManagerFactory.jpaPropertyMap[hibernate.validationQuery]=SELECT 1
\ No newline at end of file

From 3f03d7c8dc080cdc78da2d6925cb969942a21d13 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Mon, 22 Jan 2024 16:46:12 +0100
Subject: [PATCH 326/330] recreated .mo file for italian (#11873)

---
 geonode/locale/it/LC_MESSAGES/django.mo | Bin 20525 -> 161424 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/geonode/locale/it/LC_MESSAGES/django.mo b/geonode/locale/it/LC_MESSAGES/django.mo
index e76a048452590e26ad196fe83e0625f9356e8fdf..cc42b56d611c29c8119d59fe9df28ca870d02a55 100644
GIT binary patch
literal 161424
zcmce<2Yggj*S9?hpj1JMbQpR93B3r09-2VtAV`}eLo$$L!b}1pRa68EAlOkv6a^JU
z#4du0Vi!@thKeXEDmFwx(eL`7y@mvp`+mOXd*AQ;euwL<UDjTE?X}A}6Yu-u$|bM&
zakV?c=c@y^wDI|dmG=1tWhm9>TYj0(S32J3yB5}q^Z9OB<n!G?`V&|9d|9LqUF`D(
zNq_uGpRWR}ceT$qlKiA=e7-*L5;%_Zov;^j!(~2S6b4}~d>@8jzvV9dA-Dp$$+bS;
z5coK}0G1{(2m`PO+zG!{`bwW~9{dTmgVV3``RIag9h9AWVFApem+I01I12V7^Px&U
z-)*oX@{oIczVdJpY!6q$+VCY<4So*G!sGC4SZY0eh1Fp**bz2?6JbSo8I&E@!EW$H
zh>LxtHefR>52de~(GSZYw}5BD4sZbM3VXmSU}yLeY!2h^_4$^-WcWOM4E_aY-{<o^
zCEoAz^@p7{`h4Tz0$2*}gZ1G7sD6}qz_A*vg51pH^I&7-!BBpPz;obI<2qOa`Dv5i
zg$<Cuh0=4@gN_ZM{MXUsK~U{ahH8I-afRjIW%A=Nf&5pX{Q5I&1Z!?`{qG9p_iU*A
z<!}{o_9#q79=_Sd^8zUQZ-aH=6R;-SYw15i#eIc`eZHo!xp5d&xr?CsxdPUL_d)sL
zMN8jjJPNClUU3UC0UJY=OEHds(lZrSg_m0TO~wbI?0XTmfS*IzRp}9*&kvKK^3$OD
zlLM8%7^=VPp#1eVRQ*5T1eowB&n1X!D7!9w()n!_R6INnE5Mhb;&LxkoPKKj5-J`K
z!z%D7tOUyvWa>|CsBvr$Rjw~Q3#LKoonZOXOr8tNk$x2{3vYy#;aVs?kC?m@%AOCP
z>^=ZBKYxePTl#4?&(47jk()x<H2_NQILi-0^|KJl{@GCVmqC@k4OWB?K#l)15O?{$
zfNJk+D8C+s8qfM$ojo043UV481h0b0@I5HKXFTJ^t2&gP4#r+k?GJ%|I035Nc~Jga
z2j%~bur}NRd%#^#dd}YF{8!J|97<nDlT(dDq5L`C^7EklIS0z0m&0oCHrN(E3^jib
z!uqiEcGeD<02AS4I2&FGRsM`;oj*H6jo)Bc22O_3I~6Jp78sX7jmv5%e{O(^gWXW$
z^D$IBeQxO|p!`_oIp>#JQ2H7|^|uYwyzdTGE(q1H8BpuQQYd>i!wK+dsQR^@cXlKi
z+e5YA-Pi}pPXjG~B$VGLLB&Z9RQq#aJiHRB{xwi`tb`@tT_&%G>gN+s^<RMU!@I^$
zq1yWfs+}WHaTd43#X$|I{Q6MinE+M4i>3F0@^>0k++@O9a2iznEP`rxt#PyEKL_iP
zz7J~r{(uc(#TVSTwuSO%U#R?vQ0w7zct#xY4(lSXc+u_ao1ohN8LA)0q5N^?PM_~w
zSOZEP2Bj|@s{KMJ`>ul};a#v4+yJHLLD(2R4X4BXup1oll52Mb?2h~{><z2E?B?ZI
zD0^>!3*jcH{<V9>=^t$z57lluYy`8Q;^Zo*_2L#NyC1OhZBXO!29$k!p%=ICOym<#
z<5%icmtP0Ujzp+(y`jpDhiWGimW5GEp9iZVFM=w+3QFG=DEnW9qv2tw@$K`Pi^l*|
zei*iZE1=@#8Q31~f}LTh*Ev(b?ofW53+3;pq3n7NY8+pI>i=6%c76fN!y{1f7Wam;
zyE;^ULzCN>oMIdZ6-VQs>PMi)e?FA`E1>6JsC8$X<$nSd$3Izqg*RRQ>Otx23CqE;
zP<995Suht?fOB9)cqLSSZh<A>9Z=)F4$7W;VO#hZybT_L&k)~>cR9cJ+imd=)$i$0
z@puJP{rjQXdjhKcolyGsK-u>ptPH<|8js_!A}s&5D_;k;L2d!1cLJ2X3!&m*36y_U
zL)Cu}s@-Ry^u7UQ*M6vY`4y^MrFUGMHiWH_TR_=29!mc-DElH%`sYE#;WAhT-eUQ8
z!4AlqpdTKD>hGEFIy<UC#Z^P7I3EvX*9<5-mO$xWWxU_=x0<{QYTWljwHvp``KKII
zdTpq6<~%6Bj)jWXiBR(}6RMqDsCMR?yd28UYoYwL+0wU}{1#OIKZYuI2zG?W;W@C)
zUgxL&P<n?z**6&~f2#2kD0^;#C5W5VQ1Q6-J!kK|&>J@>zdZ}9z&D}d{{WP~{(|y<
z<@a5`>O!^K6sle)llwsRXEdw^GobX(g0k-_%fB9~-dd>kHbL371FGC>Q2pKmW&c5_
z^54R2cpR#oj1OFTK2-gACNF}TPuIZ#^!p}Q2l=xP85{T)90ezS<ovt^zJ<IUs=XEa
ze7=_OCRiQrG=2iRBL52O!VVw1@*|+^9t%@o22?z(fvUd_O5ax47Jdt5Z~aePKbk@L
zvptl*`oJ1+4Ai{HhwATqldpy<x5~KD^0z_x?KLQUA6fc$#^c5_KXv-5Ld~}ZQ2G*}
z;-?E#e}+N%<3cEV115){;yVmg?jor1SqSC#<tASTRc<Ym{`;Wp+6tBa23!R9!ZbK>
zzw_Hh*a~?wOoX4os<8ZLZk=ra)z4I@^pQ~Zg`n)6Zk!31BhQ8E=UE4wz158Mp~f*0
zHiZ44?3@bahdCy%gqn}*pzMDLs{QAn#%VXK55IvuV7brTycq=Lmq}3e<wE(Z5SE1V
zq2|?PQ2EP@H$u(7+hI-k6qG&hLdC(iP<}ZE8^K0jxH#ztRc^E~7q*N;Kh!*a_@K*w
z5q3r12W3y~FJ1dhpdUFI%I-8c6^@6pV<%L<_ZxqNn!j;hnO~vCqdru*_E7yxHF*eB
zJWqn9VIJ%ZXTnnOAt?VoW_$@YLw+A>{NlcL<4_vbLaqvBe=8`xouTGif0HM}GRR@5
z`m^A}aDmC~54rC;=fRgre-Qqpa^JY|$@$jB^K@8}^g^h1E{3vm32Y5-fztmf)VjAD
z#>20m%6|jpm*Y@zRPj6aeoz};hujke;T|YIq#Sl}*$YbVWT^JCpyKT!ldpyH^IE8N
zWi#vqzkt$H_j@<4jiBsr0o8tMDF3Cv*2Kpccn$L6AKbW~^CPj1+!$&;d<oBl$DsNb
zhm*>{>M#*DfQpZS#-MRNOd|beSRTG;d>bmhKQ;Les5mL}v)kvY!qvzFq3k|n{2r>@
z5m*}j1vTEKk2rh$P=0O>)&K5L<@&%1Fb!&+kGJ&sP<AbbXTj^C%H3t$3@ajUH+dIS
zxsPF0_#M>v#Q);jD+322SA<Hx5X#@_mY)aZ#{!e*SpGswUkcUV8(;!l1)IVh&|6=i
zAGzF7H-1S_`Td~k<w4mOg|d4gRR2~$`R#TnzuXJumrbx5d;-eeH=+Ew2dcfpQ0wDa
zzdE~<p!BwfYA+Qk4hBH!8DZ%msCM&U4xA08|0`G-eh=lp_}`qrt3&yv36x#QP<lH;
z#YqoK9}lHB2<6v^aUN9vu7n!D>n;6GsP*GPD0}xpmHP-*hhIY3{g=trj=A(?C_nXq
zUEn~t6)uA6N9u8B-$1B-jDkv^3e}J4umPL})$S@NyVgM2{{WQzPeIM=ozM^8gX;e=
zWBl*V-{p+8q4czXnwOnnb2t#zfHPnnxD0Ci?uWJDYf$Zd3FpC|VKR*T;p|xhW#>ky
zes6~7z{jENdlRbNPoc);FjPN&gVI~-gv&o0s(gL81-6FL`vsJphhRNe?N3*(J(R!t
zz!q>YRQXw!J`ZXgT?FNqB~boeVY~+_-k*jV&sX6E@Bmbtru;=r!a-2^Yv8%?aj1U$
z2<yP#VQpB$7w5%$d#HX5hmGMxD1TgP@-0yQ-v(R3w_p_*7Z>N*Qw^$LjiLOO1XaHa
zl-^-b?N5O6V-{4o0^>p`KP-or!t3D?STjD(cNIK~!#q>ScMD`m_N^!x=f&}5rJP;2
zK<T?5%70Hn#phNy6z+g&uo@pr#7ro=9){}gHsj||^QX+2ao+c=Hc;{y*c#4<YG)JF
z_&j6W3FXgSP=5Lrs-J(FT&{GS7iV>$#;*}nxwfz-OofW)iBR!46SjwQVF|byD$X7?
zc_);fSE1II51{P%4k`|gTK*YjoE_Dm(i_5huq{;mVNiaW3}sIi)Os<?<jbJy-2mmU
zyJ3B}8EU@ohT30_K>4M5**I_hHGyiU2h@3O5|sW+VM};D%z-;#C)lQ3oENttxD0tK
zJRc4&ALpA4Z-UZu3@V=M^5fQ8I2vB4bl4e=IxEh5A6W)9|6YUg+pkdlEM3w0sUlQA
zYna>!%KjvH8SDbp-)&IkUWHmW_dvz@w^05*V)6-C7r9g=*Y8G9<$6K&^L#i3J_fIZ
z_0D$lV*^yX+o8(80oCpvDE*&7`RyCaKLORBQkCPp_46F4eszLcC%TDotN~Evva2|~
zv!LeRB~asj6;!`&vHW#VakmjFZXbryw;gI;z6(|V11NhxhqCJ@sQ4>MqtaU)YF%gw
z)qWRC9|+aIaZquS4yFGxxE|gN)sJ4)oL>e&#oc6MK9s!+pz2=*TfvP`cJG7Ie*nsF
z-$3a<0%b>;bDaKKP<A(f@^d>VySqd6I}NJc3!(OrX;5}8f{E}N%YO{2{7xvl-hrC`
zpFpj9zeB}K<?2p<0@OV31ZC$iC_BeO*_UpNLfLZ})cjcqW$$LF^?Zk=e`M*uL-oHx
z4OgxT)cW28N`Eh?xEu)8-w>3(La1@P!gxK@{JIlrJa<Cb@c~r7zlIwBDm9(Hx={9=
z2c>r$)VNQ9^25cjCA<O3PcImEL)rTYl)f*F-$U7T466NdwVYq-L5)W%D0{oZ{&29#
zH$cVbT~PhpVDe7mYf$}o3rf$YP~-W7rT+@$|1)YkR)-p&1StQthU!OWsC6$J%I?Kb
zdR9R7`)1=t<FinD--Yt)L8!PWTgTOJ02Mbap#0O(*c+<-p|A<O0Lm}(EPpwazi)$z
zrwvego`<sU4XANB3}sh^x^Dk!0M(xXCJ%=tkS~U6e;$;7t}=NQ)I3`cWydS91N;H1
zA5Hn=1L^MyrFR(A_qK6R<2$jwvnvy7Ji}1?#6p-2*TM7PS$?;#o^PBD+mL=glsz9q
z#q(jP{*`MG=lvZ+3#fihhnnZhq3m4;HScyp`Ej4|3#d5w&g4I!`dzZ2D|a@OTob0k
zrcmQM4XS?;C_83D>AeZ|hijnx@im+beT`hb0Bp@cBpXh_FE=-F?faU!eZC@8TqHov
zmqD-v%!aMtbx`)~fb!p4Q2qTJ%D*KNoW3$p>r@S>^mfM1P;uHFsviSP9%}jHEPXOm
zf3i#tL-}cjrC$zpF1f~dH<TZ?!6f(*)ch-x=*Igjcnfk(sQB6fHI9!%>3s>R{9Y)#
zKZ1(qUtuCF(LBz3uTO@_$dh4rxD;w0ya5#-pTg#_a*H_c{j)1fL0$qo!WZEHcmm4L
z{gPb#O@ob*mzw-A?18)oDsHML$NBs)87kh=pyDde<mFKFVH4DN?15T$ezE*2EuGvB
zrjtGlDn7Tso8Ze(=biLc?tFI(RKMRe9)qKh8?|<EHw&u0h42!%9%|k<Z{z%w3Y#I%
zgj3+{Q1Np{TbJJvE<g^!Meq=mz0=z{e=LIokvBv6=})*AHf$f~{r++vRR0HbaQ>YJ
z6<6z_*5l1k<GCFwj$eRUkM={&n{T1w@)tNC{th)hvpc#t+6>j-H{q4ANhha&6V&)U
z38kmxxo-R`z#7b}`mi<W=XP=WLs0P*hO%d#@lvSzi=pD|TBx|Z4Jz*Mu>1{B{oD*2
z!grwh@hjB)i9gTnzh$82Wdo@8T0)I)SE%?I4plze^21Q`WggVHt%5552-LiI#rOe~
z{|-TKKT2`-R)>oFMo{HDK;`#=njfQ~)`!dBTzDgtebu@;dm2Km)8|6z83eue45;y&
z303}bsC8@wRQzm!I%mHR<%i1MT>EvQ<YXv2&V_1!08D`6q5N<;48v7W{x8?vjZ;;q
zb4)F$dTlMe50sq)jgz44i$d9V36$QYQ2x6MO79a;>&SCZ{@n+?^#uBnOZ0GZV`FP$
z3Y6adQ1LR#<Z)1Xv!L3~hl-PVP;tD-<g20ld7a63L)Ci#wuO(u7vUjz8+@o|obN$6
zq*t8pZul1*5AW{n&KD(8oqyXx`L`F8zQIuI&}gWB&w!ezS3#`{55mFlU8wPB)W_M`
z9=?v;1u7m(_jU8CBGh_X6Dpp@Lg^1dwYLPSUn`*JXQ=t|1XR3lh4Ra5P<DI()8L=5
zF&x~_>50Hgk!M5g^M674<-Gomc~JJ>0h_~}CjSK6AlDe+;`@B4_3<K@1lL;no0fjU
z(wm*{*42?PnQ~V{#qX0Q{|pt^4F)<6gYA(ofolIz*aGf{T8}CWiu3+{Ap`bDz6WYO
z{{d?K95L9nGaah_?Jxnp0{!r3sP(>TnybGN-i~|}sy{ajarL*umdJ;p((4X&@3H-$
z_K8cN{PqMK3%`XLm%hWCy%)kR$XCFo@HykxP=2g5+}YI&YF(QKmA({e-fV}h;fGNE
zEkDA|v(8Zc90L2mT$3M$YUeGe`S2Umdh#b!{8b<6_QeEaKPdfEpzOa9D$ag{iofGf
z@l|$|<5|YaupQ~=K$SZmYW|NiIUgz>7Z{hp3z1ht&DY~l>u&sL=g<0(ZNoPfYJC_F
zWk<GgI#fFsL#@MCLizb_sCDTnsP*biI2(Qj^WnrXuKb%&<Mj>Hd}?%o^G|OmKM#OP
z&xEq?GN|?HYN&C)8)`o7g7W7PsCpH~x^YW@sy`4aeHv7JFM`^)wpspusC7JUoNK2B
z)cWR!WndGi@n{9r{$wb7E{2*P3!(h58ET$C2j!<-P~-7FRQU=Qy8cyzl50c7OCzXw
z?g?c_zU5y5wcaj+^6#xs@$xuSJ1;}U(_W~0`=I=O1Zq7hJwA?alk6KX59UIxYac<?
zI{-CLzJ`-woe6G!%!MP6H$as;0p+g}6CInti;??5tsBoljq?w%iONlK`&A;;{O$?+
z!KqOF-3&edK>6)`sB`Gomfm!-TMt@6^>ZkcA0|TSp9a<6YoW$-Jye|Uhtm5i)cWEJ
zxcSinDy~~W#q%I2KMaBL>uA^=Mxf@^W~lOyTK?Nm@$fxV+#P|PVZC&>eqR8UKNm{>
zLa4a89BMq4LFv8I^6!C)%X^{5=@qDW_{j1<hqCWWOFwMsN8yE}AA{=Ws0>$cB2@cR
z;37B;%Ko3AA6CqC?X`wukcUE@!`DNtZ#$vZ??ccJdjy?d0#I=<7plFtU|IM9)VO>B
zW%tieaq>IV_{2?d=j&!r^JNIs_=TY2WCqmuEP?9h7UNTv{~T0%??UPS7;61F2-WUS
zP~*l2aqsW(>%a+!lVBR$3cJGc*{=TiQ1ypHwLcLmo~J{N!%8UoABO7R6Hs>TfEu?~
zq1Kl-VK4ZV$t^;z-BdW5^tDjqeGDodD@=9sx)D^I4u{%Du7ZlUtx$1%0;*osX)YcT
zp#0bcDvl;Y#obh>_3}EX_<Ie??lW?nKg&bKUneNPcY(?u3Dy5`P;oH@`r)Ne{=Ew-
z4)2HZ`!i5}*$GwtOX!Csb6xo+Q1dt$%3lMa>Wzk4$0k|&QmDAR8A{J;cn^FEUKhvT
zzvQt_VDN8Y{DWL6LOS^aqMU<C{}>X&zO)%}zQd$%o*C!;cNuqF<o4I2@CNczX1Q^B
z`{Fq7?<>!l9p{@y`Nc2`9)VFfeomZkCENuSCz*5Oyx)NyhU1aT&x`Z*g&|lHy_;YJ
z`H}hVJ5Is^cP^U<W#=t$E^Kv)Yj-1*p85;py#Fp^4(yHGa;1x(2yBOZ6>I>vL2uoH
z^5d^i;}DN?<o~Kr@zNeD9;QIW$<<KfzXmEEKY$wNy4SmLXap5ENyd(r-UDhL4uIp}
zXs9@R2zG%#!nQC8r(O>y!F})-_!@ls#yIc4b6Inf>sQ&EoqyAy#`#g$3_b-F*9V~D
z@Ho`|TlE&lR#5xK`Opt9f(_x#Q2l<|(m#TYkx#%Du;D6KKMgAWLQw126~?=v)|D5a
z+Wi44?#kZk$~QCifr`@%sPZd}TP^)7m_&N@+gyGsTthsBp~kP$?at0rV<z;Iei@WK
z>rCEZ@)uC^w<JoM!j@3>k1|G~>Rk(E?<SL9H+~D{zjAlD{H9R->uvG`D18@0t&2CA
zyv4X1%D+EA^{dL-IM3c5P<jJU{+$EmkM&S?z74hB9ES<8?VavB#D#DP@(Or417GJZ
zXaCyuuH3Uw>&+pkI5-NmK2+G?){k?H^^8rS;<_c&`rHdPfTN(!J2Ro?$6|OETxnbj
zRsJF44ygIF7wTN`HI$!@8LQmu=3z2aeqX5g8V%LXY$$zKL(R+Eq5ScP$)7^mc@(OA
z+54QH+ED2&pxW;al|Rgw4qGEfq2}pbQ04B0(*HEnxPJ*X9wqO0zrWUplacdbXZRMB
zedRW~c~%c<KKF%M$43}1gz9$&)Hu$C+Bffl8i&o6{uI={^_k^&e!%&;A5{6_Q2w55
z3`33UJgEL&33c9I4Q0o}usYlh<-hl!=J{c$xUBP_i_>$V;%PM0e4h`O!P{Xg*lLq2
zHwnrgbD`F=o1px(7Rs(|#y2c~A5{G>q3o&tkn?wAsQ7OVW&dC(|Bto&X(msHvj0-3
z^>!7Mzn_JgpYK48*UwPnTW_=5S6V^IcS4ol0@eSWP~*K1o&gU)_2UrKcpZT%_Xkw{
z$`3m>g7L`hq3U;nir21C=aIos<%dD_C*AV%pytUu;}WRxz7EPCw?X;)Ua0n8G46&M
z#}A<F``&mA${!`RI6bwY)|tjodU`?mF&)aj0;qX=nelF@bJI&u<@Q6x&Ce#E`G{+`
zCe*mLgtg;1PrxMPtViQ~J>YdvcD)NV?w>%}dl>eCB_4D72SBxVA=JDsfb#FnQ2u`q
zs^5=7+4BrcguCDk@HiX^uYKHo-#rKiAh&(OorCAVfhrFb4|Sf5^Zp+0JlF{NWvKD`
z4ywJMjmM$lJ?<%Ie{(3iIzx@)5GZ>lLycDiYFuYSwR44~-wid79)ud_SE2g52Wp;t
z4^_YH(@uXCsB(!={%a5A|87v@I2=k}K5PcBh7q{M<Yrr4JP(0dN77*nxCClle*|h>
zdJT4gXFTK9t)8$u@(QSScSHI8Bgl5)`y47BzcwC)>Tii{u0Iu_>`s6h?{+5lf~q$d
zs{L_L{+SL{ZaGw3+zvJVTTFi6<ik*Yud?0MON1)lA8LJ=0F}Q0s+}94#_>+5ak>|3
zoSriIb*OefhMJe(LG|xPsB%YP4_NxyINu9!0IbNwuK1j5ul^3#UN5NexBx01XF#>L
z25LQd2x@-qfYSdClzs0*wSUm$U!d%df5Ek11GYnM4qL;CP~)%+s^2$4?GyJy&GQ$b
z*B>Z7-x*8180VcAYC@%Vfhso?YMduQ#o_Hx<M_C72UI(|pzQquYFvMU(sKe1g;jRC
z@yLYo+oe$UTn{_KjZowLIaK`qZmjr{^HU?J^!CsjPbj}lfX!h(R2;5?(!UNWJ|2S_
z_m80F?O#yiUFv1$r}9vCRE6??5|sWF<1naknqr&@)xX71{aXoT*9LeV+zQo?V^Hl>
zdd2m-I#j)mP=4%b90ye{3gcN9FNT`mb6<5_1l9gBsQ#{j8qbHJ`t>^0y7~iDxeBkj
zajOSqS2C18dP4PUgfScXk>^77e>K#3;87?&JD|$H3)Rm<P<HuVcl{^>rN1haUlXAG
z*AlLT-JtaBh8mXx#_yo?{t6Z6<==?&O{Cvv!`8_8Z@TY@cfc&<y1QJvm&1L?OQHOg
z^Ok!*iNYl0$Drcib2tQ6-0k9O5|n*6K-IeyYCXFXs{MUX^YSy;9{S#n^YsKBpyts`
zsJNaF)xWEu{CO+XI6eS1Pj*82Z;#2JLzVm4Sn3^@UmePCO`z&^w)FnS(Z)<;1S)P8
zK(&7r)Ox-OYCU=ks((*G&C6$@`uRGP-`_EQ3}xR}Q1y;NwSU}L=3N)JHK6*{3aY*S
za09#mYTt<8<NQ_#wJux?6X26j<9z^XpF9Gkzs6oS-p!!wN`bPsH<bPX@HRNs(tm~W
z`w6IcEA^f`r=11WPJ1Z7PJo(cVd#g8Ed3s+czpsY&fbKYAD_b}Fz$UfzRjTKQwU1m
z9H@4eLiz0msQ6f8`RgqIG2=F<ao7np9}ht7&nKY#P~!u)k0wIR(@{|Uy$GuOVyJny
z7WO0lpM*MZ#ed||8$!il7btt?K-sqls{T?ayVt`R@JXnCw%O;}NrSRuBGfp9q5L@y
zD*mp3vS*d$-v_1dN#ko!?R^Z}!h=xbSMy`%S3i{g4p8}hq4H-z&6fpG^XeL?cJG5~
zcMH_Gy#!^~Cs6%63|0R(xC8zL)&7o8;(S-Y*We*I@>Avm{_4Kp#nJhnxq3sP#%m0e
z-tkcOO@l4r94P(wLB+>r$TsbJ3Ca(zLXGE#Q1yR>t>GC5+<MjtPE$Fk{&f1>tvfxS
z<Xk8{GoZ#{k;!)&ABL%<KMzO4(qFjplc45p7|L(6jf-Ie<m+Ki`uiAs0QuNKH;>nU
z8Rz>F`BA8GTm6+w-vrgaXQ0-NcVH{{36xzGzjkq!1SJoGi7*7UKCFbQcL$U|?uQzm
zm!Rz24ST?k;Z|7xkn8_GDE}XX8s~4I^!)`jFDiWF^dvyd%eE%>gBq7%Q2x6Bc7)kb
zcHD01_d+i|p~mMmlRt!-$KM%!-@5!NP;u4}DvmlswbK)x5BppCN+`dtGI_mm6Vy8O
zI8=Y0fogZRrSFIG>z6PYR{zeOH~PRN<f+gPZ-gD-<52xM3}x3bW2M7xJ~x9}4|+n`
zITk9eCPSTnLs0fChSI+jHiu6c4?_9>?C+hQ&ViB>pvEm3s@={|>;F(Fzm0?;m<83|
zTTt=y0o1tt0M+kuKR7?uGB$+rTXU#5>IBu!NT_j~Z29>n&xP{iHBj^N4&!Dh|2z-X
zzhlsg8>oI)_|fT4f_~%yQ0Y^l>|Fu}!4>cs_zBc_ul~u|b2n7Go1y&rqVaX8xPJ%A
zPk%zidx@W&-uh5-0+gRpq1qi|`7@03q4Y0?^4qOY{of2#?>VS=eiv%pE`P+Wi%p>)
zITgx(K`4JNgtOr?sQs$kFHV0OsCn22s((YE_USQD{>+D}e+iTwOQHODm!)rpD!0w@
zcfmK24?^|-(W5Rto`Tx1c0<+w1!`PN{OaPZB9z~|K;`#_T1SVOJQ5}#r$gCy6_h=9
znfxT2g8VkrI?&}e_kJ)0$`5Pc7`PRxoodINAL>EvkEu}Ok_qMK1+W2J4i&GPq1t~P
zs@<co9V~y`jYkitdLy9xm;vRtX;Aa;B9oUx_4_vC21|bgs{V6Oe%lS#z`f8PNB!U9
zeD@;X{0DX+r=CDRobsphNAxc@4p&2s=WS5_y9X*h?}ek_LvSQKlU#8;RGd8oTfi4!
zQ}`on32Vf~d;RVQ+au>grLTh;r+1**`^@+)R6HMriqmTG@!mX7fEu?>Q1fvpRQ_lv
zJt51V2{j(eq5QWA_J>=c)|WF%#C!2x7D{dmr6&PuoX&$9-_cO(`XtMr4i%@DS^D)*
z<9iQOyu1wMr;nk=;R~p7`o-k9lJVX;cQ%y%1lS6;fz4pR<Rwt+;S*5(*aaKIAE4sD
zS}B)*E>!&?a1NXgHJ|^0qhY%<;=S|Nm2ez#+?ny-d&_vJ^<@X_3J=4lU=sf$Wh(a-
zYy*3jiTCw_g;4E04&{%pp!|Ovsvo|xuAgO~<Z8xxa0zlVsCD`wsC{NTRQ$gRHSYT@
z{TrzIN1@JVe?i4T-E#5Xd`N*ykyGIU_%^%-jx6uu;xps#Q1hp11!q?ssCE*d+HDKf
zPJgKJ90s+XrCa)9sP*t#xPbX_A5^_0KAxyvFQ|SDgo?Y-P~(*e)y{0ozZ|OH%c0`x
zb|}9+38im4)V$ea@*${s?yKbTYe3o25=u{hsCXU&6<3+CCCrB^cRPF(J^>Yn`DZ)3
zW<rhIQsWvZJ2yi=d>Xce`=IQrRN49O9H@TQgR(!-m}>cxp!8-z>6-;L4=#m@|C^xf
zUJn(=k3o&gUMRaifvSI26<5v=<<C~o54%Fun+Vmvc~JB8Ca8IEACw>7Fn$2#*Mr7C
zjFqdp@lAkgFAZwmPKJKC5X$a5p~m-dsP>+PD)%9j-6vooELF|<r4`h;cYzw0VNmu@
zgnG}+f%3z0DE(`o*84}G^nDH6!yjQY*z_EyCk?8f7edX0Jg9nCTl#jWe!mT+=M&?X
z#_yrx`d6rSOY<YQ;;b%IdK)PHy`bj%D5!DT1U3HKp!TsBp!SjdmVOY*zuy|;`J-Ny
zuK`uR9+ZERjoqQ_8)h5}Q;-9&1zZi)k5{1LXAe}npF)lAA5i|SU(@xYBUJr?Q0a@I
z>fH|2{st(2KW==<^528nk3NI)N10mA5A~qNtrgUGr$Ff$4K?mT*b!a<weLIwli^;d
zewC^n@BO}B0eby}^6ywE`=*+F32ceH0!rVrQ1k6KsB=Y&I&M7rL&e{P@a#C|H&p*-
z)OB0{Wyh5;3El}8z+F&&8CEae`_8u%Hb;I1s-0h;>`AEa{Lme$e^cOKxERX5Jy7<P
z@;m(vq2go+)OwN*wH}0^#<{@K7g_o>Q1;$r@>+O4@<x+?gYtKY25x>-g6eO3I2Lw=
zvhzlm2_JxpuPP1kYrOtDk9glA{L;L!oj01e_2C7metrSfuNqC`z3)F=U?1d*p~ihX
z)I4|>Ccv+u`c=7^>t{`<`bkjjrWr><^=ll|IA@xiWBD_TbD;XO(B!M2;^|sTUjwzi
zZ-81)pM~=KN3b(2m*D1GA1FJ|hwI@)sB_AhiLM{zpyJ#QWoK)sdD9VU{TU7wr<0-d
zE`{pvOK=GM5lVm0=5GHV1r;wVVSo4xRJ}7>xc$E;)Hq%SrRPoKZ!i(LL6Td)2Es1L
zQK-0i0BYVnYy1i}L#~+Y*a<d9o@BhtxB)gH{SD(0n1@`erPI3v?nS;8_J#$m?0f>X
zu6$*z+B)9*-z)6_OOt*VlwUT&>F`6S^>uI?w+>H(ZIIW%(Qr4^yh>~v@9P1lz?JYG
zxEh|<&e{0^R6l&}<Gt@FO`!ZT72W}_gSWzt9bCM=4dv&bq2el~qZ^ODP~$lcDh?+@
zjq^gNb#et%ysn0;;5w-O_w3~Mhs$9A`3d+CtbMN2|2iCxycbGO`_69u_JHG<SHq#^
z&&Knd{!gLo`Vy9eKN^oh`SEwCxGtIE;<5_Vcvpv77n(!)BLym60#N0zgsOit)VXdg
z)O>grYTbMvYCH}>&5zPuojr}9>Nkhl7dk`vcRbX3xXAKvhtl%^l>fGwydSFHKS8Z8
ze?s}SS~s_!HGwUW&x5Kz6>7X@L)EL%-Pzd~DnA9vp21M|jECy?e5m#9TB!J44Yj}T
zfZgCRsQGzr4`)YTDElWs?W;4O=H=C}16%`j{@DXpz@t$9Thi0{Wd&5do1yAGXz9;G
z)qBNw2&%tjd%1C{1?AslsP_9qt?L1(`I-Y;z?D$_-v<5gRg=Fp{$?!M+x5E=l%BdK
zCqVhD1C-r;jYFW~>H?_p6QI`TY?J3gt+R_^C%7EG0$+l6!j-A<-hY?TsZYH3_k3T%
z$)qpq>(+rEp!)0Y=j?9{)lLd*4*Nm17lB$2u7IuKBXAZx2sNIQ`@4A%fj=Y9flALG
z;L;buKFC)?^>a5=TpxgHKmL4IzA{vMjUm&`*BL551*+a4sQEGhYMw4M`4cEVlpGlE
z{rBzVVJh;qup`_9yTS^C-25L16>sxl8@L5(91lYEv+`iq&mOQ9@^q+jcR<De+m;`n
z=Hj&-)VdIXJ>WX1bH_n=9;`AX-ut`KAyD=#hAO`e%8sAl2-s|Byssym4JW{@a1yLN
z%*EkscrNk{Q1#w4mK^TR37z3q(kH-vsy8Cu_aw}KDX`v17q=Hetv3sy{COX|0Pcbs
zr^HdtUtt(T-U#LYDx+Qb#;`l`0I2!51Zo~{gX-TGQ2wkl#@W>$wnNT=b>JE(KW~Lv
zpT2=w->O~U=1(&0ft&`lZY+cH|7KVUeh#&+9D<sc$Drb=@>r+04OBlS!KrW^)V!+1
zBChzV2^C*0q4c$ZTE{y<jZ06c{uV&38<#`1vkI!+El~0OJPg5iq4adW(5=gTp!|{n
z)y~aO>%*;3cC0r(1f}Om=!dUCt-Ie@ddcxF{~Wl4^aQvXZiZTyhD~t(&Vd@oJE81&
z32I$`1M0l<1Jr(4exmC~6{t8$f{LRcYyxkAjo@~u^T+2<aa?|q#TV2%GXZM+u7_GD
zo`)Kz!%*|^?8$E3stL8u*MmJ^3n;sDp!|IWl%KAJ^7Bqu0q(Q>Z=mAr7bw4V2)KT9
zgR0*LCc+_5{h0-|E^me!r}v@y{}q&dCDYxwHiODP7s}p#P<|f*wLeUO8kdV<2D}>1
zfj>Z%&&_Zwgo?|#un;~7HLsdvy7NUEl;1Z&?K6)-`FSr~4o^Vu+!=K7@e<U&{ti?;
z{{$6}XHRkG{!}P`uZHr|%TRvX3%kJYpxR5wa`Dg#svjev%1wdNHwUVp4?>OO^HBZ&
z5h_kgXS;Q)DlCCK6w3aQQ1M&<<%gM2^I|@14R3-f|1y;QuS3Ptx3DCv6msi8HP{z<
z0F*zL!?N&EDE-eujrR^HJ70&=yWjG^fYSRFlpo4Zb@tSP>VHFHB9xxiFb;NxW8isE
zak&zzA8VlMt%p~@2cgEH(=^9XQ2md>iEt(K#s_Miot@*}7urGDbt#lz?t$arcBuZ<
z&UI`GD<ijoisMu$JJX=zXAIQ(xd1A@?}r+fJy7HM8PvQy0yW<o<T*BjT1S(i^!0)2
zUm8^X(NOKCL)l#jHNS3zIdCr=3{%7L-rv)$fU5VA@hhnDI0Cial+L&H8p@6|sC9Fs
z$wA{ZsQ8)=hr-2B>%jXk2#>)2aNKm~*E^vf`8lZhbpXoFY7w`Oje<RpS3t$}+fa6W
z4dtH`uo<ivb@q3H@?&qP`IZZ{FW&<-?gyae!6B$PsZrqc)q=`z3FU_lP;t={s{ACV
zalHm=U%AQTjZp1B4z=HX3e}GjP~+07(CIlBdgB5W2kB7u<v{7Z8*1J>1f}Ou_%wVQ
z%FZrKmisBd&-%V+m>|1I`xSW$gE5F_UBB@BEqOIHvAF6X@8Z_gkhGW809TkYQS?N4
z&a<@El;fvg-$!r__dxRQA}`3Z#_JC1zf1mT>JEjo$m>PgI^+e`-U_9eKC1ld^)Y21
z<xWC}u3vfn2_3q|8PBH8gQlkv`T3;RD5m!=%Jw5Yg>t$Ausr#jr4#nxK1`kSP2XE2
zU(4Os%Jb;Ehv!!47;biGOj=Q|fyuW~_ci1TOjez>JikDC23*QrkGm9Q($Mu1&uQH2
zkag{WXQ2Ok^6o}ng!~Q9)wy+jgr0h&J&rt_=MvP_)rDtWPmn&y(taTAQ_9|mtXSzp
z-VCVq?HcY5<ey1i90B|qvaTm7pUBN}<a@*Pj78Q}4Oy{uANAfPUsoY{^Q~>kPjdIA
z+=t{>;JE|$668b3)ihDKKIA@wI@fbYsDC^82Tb3k@H_55xMyPTDtN!zH5>RdL*J!5
z&wxiP%~Q%h`zWuAKcVohb;#SO|1hj%dCK^TcG(tuOl9v(-5vRJ?lkfipmR3Qmzs|0
z$QwytjQj}qVdU$$v!sZtC1uY*o?`j~$V*5sY4URNzCgYS>iUZ|?=#(ZlGf77b%1{J
z&#&mX!4>z`YJ23jHTSfdvNxN)w~arNwV3CZtnjn6@uZc1jOU+8Z%4g!sC8`zdHnS5
zi*W0Gpd4-2GF#eW<3;4ZhkOA#??d);*W*qh{Swlfkp4K&k5Ydz>20WA%IY_Ry|`~7
zUwg?+_%-Ax<7>jb47n2ZE+#E@EvEeIR)0B(Gk88hIbCnU>nT5r+i(3<`g=ULF}b|e
zRl2V0xd)P0iMniAz9*=w>v?zwX@|IzxSJw3q+IR4)z2l3qpFXecYSSbTvWdsX=|x>
z4|i44ueW+tU=PyHBY!$|ZnN|Vb$+ntJ>=cb%}>ZaKk0gJZHA7wkze3mL|*KQN7pWF
z7{L7#x32Nr^C_omJo$fd>ly;@w`a)}(DN?xl~#`<qVFf}Pf4o}=UBSR{*1iR<UQ#A
z7F#R8=S<&mI1za>>60km0{I>5kLusd-HH0zyPJ^y3Hpj(>86LD#eEl%!E1}}efR@x
z2rnUjJI@K|7=nB?&$@1L@cw;<x|1ol0sS9P?q;5U<GGF5(GxDD-qB)p_L`npQg!R&
zY;^Ufd{?te`4=NU3g3bisrL$b=TJ`9V4i1?*3OB(X;x2Xyo*TZnB!fGNl&mklhN}j
z&*#Hw*6uJX$7`T3-O^T3^ES%eOWmt^u1j7kJ)0gW-c8v9*5>2nKZs6U4;a_OL-zb5
zWtUkyRfwy`7Pn^`&qwb*)0Jm+22<x-^qtSWoVs^X=5Frid2ViYF5&rd>OG)_xgI2a
zD)Lg&>zF>JUy9C$%=U7y1acG7J6qZZl>L#rsnw~eN?dQC=N@#9DW>aPYulAzUZLX|
zvsr1WJU6p4Z;^Ki_sC-PKPNArv<JBT+;1VLQ13<R&9{0#@_ZlnZOFG;nq2iK_6*{_
zje7$+=aJTq=VO%B6)e`ymptF&l6^N(MpsMY%RJve{!QH9khYIDT9P)z+EQ6vi4NZP
zsCRg-X6>}5+%}#MWB)nmC~NhuMAscW-)!w%NZ$KA-)pj|^Ib#TM%1lEzOK5k5qBKv
zL#e-;@^f64Z#P_lT$;Q(<c*}>V$#llRY}uzh<iU}I-5R@s=imr|I+Nbi*mJ)r%>)F
zX?%k4uF^a|%hP+*OXayXWiI2ciQLC@jdex6fA68*b(X%8l(v-B)z;c^68pNP$K)T8
z2T`Us_4|^z5tc+xbJ9=nT#x5Fczy^w8&mEI<kgfbPg*<VVcc<~{Xu>io^>6jo~|9-
za>K*qpRID#`2s#i{sp8jCw(n^8rjeDBA#myOhc)(i2HHMhbjM>lyLQ=Oasb3PTC8|
zaXjnd&x(9MxJTcI<mu{7ox$$W`}ZSzo<`XWo*$;1zEw;_hu#&gqWlQ%rrd8@*%&fR
zr{n_i`=etVj9u@c<5T3N*r#g`Y>2#_`zoIEDBp+sS;}pI9bq!*Pr-}1`=b9z(yh90
zCH3kf*C0>VZsZa?e`0pr0(&BdNY`}+J}Zs<6!KQ;&Esy#y^^$ZVMWUKhR3aZOUmaU
z_aMIw_b;aRA)a^g+<<a#TH3vo({%xPRk<7Sd@F|TBE2bk=2Lc#mGKJl&)3$G&gi&`
zI#N}Rf7(&*<ya?4(>rTvbo^y)jWs<v=p4^;Z_18=XL0wW?0HuAAbbw_ZFK8OBtMFd
z?%dyz*N3!~r0Kfa>MV1juO?-Fv3gx;X9f9_$;;usocm(x?I6Dq_e9FRP5vj`qj|1E
zUT4baYQb}5(siAKo=N0ybE5aZp~Rmu`>K-0pX&LZAbqcueV?**NYk~8v}<W+8S-{7
zg?VI*p&?~jP)FDO@H)yT^ZWtNTe&;XhOX<4VV-MIrZ)F8++SOIN%#SIb4mOA)r2;d
zpz9Uvm`u6%k*jbYwu1U5qw96@wo&F6@*YM{MV=oc{SD*^+##O-BJEC|v(UGl=X0U1
znUtS`e8l8=l+kq*z6#5bUdu~y|7-?nW^0(dyJ@>W@~f1ui=F}8y(!az_?gOcW1bUu
z*7X|Yc2NE^p7-&5A<uKr@jK7DzCw<o=W(8U^L!=s+jC!md;+FZ?q~9Ma@Qtbm%cCP
zIzrxUFdp9Nr7$<G-CmT}brp4H!;zju>{IqR(l%j(zH=<64PAAto}M2g|6}r3!9>`c
zw1$*>iu)7pS4n#ZJ(rMw09oI`mXfAxJ!v7*A|^jY+L@%qlQx>P3DhfVwl(H?9O=4_
zJ9z(J4uzC!K$+LA+_k2w7iAtoS99u>q+SP@P2PQ^?Jzydc%I6wE19%Q;Uw6}bj>nd
zKTzfp>c_5YtiJvmkIIzEqWlEdnY)m*5|kfJVSNMARfhb@)E~^9$@43eJD)OZOlLE-
zr<*HC{ol!NgpZF=<`GL*-i<t8r3bECDEAcdXK+4xUNT+EOC|jgbi}Tz$O|ZUkc68c
zfBx+YqI;s1DM7xji%HWp$YdvRuA$sY()N;2mAdueG}^llUS?$vQ06@9Z{@z6GO_D(
z(qE)(ytOrqjO1druBL1Qi>F5^^OD){j1&~p6Vvw%4_}e~HFp)teu8|&GS9}A>FBuE
z<dL*9gEB3+tCM#gd0lu`^GmsRqhm92@vDrr`7!0^QGOLn;C`7(o4H>mEuZ@ht5*xI
zCVh&@K~vTfJ-eyb&C)mWd?9&Fk>4cmTFB2_zB@>J4t=@`NI##nSGh-VzrbC|e3MR|
zuHU%-r2OUF1*ZFXtFQd&wDX{qJsbH0d(K7IpOl|Z+CkEOfjN}b)s1@&&yCUZGi5U1
z5?B`gNnS;f{AWq4Ox?@S)s*{n?ti<kw8YzucTwkiYfDKtp|2WpE$drt(r&e~5p@1c
z`MtEI>tP4)-%-@l)r|a6<e!O-Ybbv%&vm({@;t?CYE8KYq&24O6;RjrMm?ud_f7O2
zBJE4+Oe$ud@;i|>in{xF{*1hDk<aEX;CZd->0<WGHclYD4Ru-}ui$=>vd>dLn|iwP
zt={J*AEwL^$_%jjDwBjyE<(q5l-)wP6Xex2KZPi}7rB87+SQ11kMLZcvVX<&@LY;I
z3Gjfmsp1vLe-7RK(NmFI*CJ%^qI?aW`%q`U<!v@9zX|!zA|EIJ8FVh;`AoBGu53l_
zPTp|JKEU%DRpP4T;QgD5{_W&dp!{s^yLi5goVI571Ju8qySC}wW9jWF+k*7Dl<i1b
zW%5fQx2Jv`D-&zxBigu;v<W2mVGr(X%5^23pMAaS8uVRl_0A<v*HM$7pv+DyH<vmI
zmcE}lXHxD?%bQ7_uA$WLL!Pc#+#g!{9n^c5dmMQ;leW;xd_nn+_WUII^LT!p{I=9R
z3*F7>+YZv#ArFVT+FP4Z<SIPZA#IDb^A*oeq2odH)+aw;>1EA_$>hCBovGxF=ed;>
zavkS+g?scRTRSh3_8GVS|G3|<H2zaG-z;>u<-VP?_mDs2S=SKs{%+5bUm|}L96)+5
z&;3k?@?zH$l#ip0y2bLoEB5>j`tL>l5go0$b!{@%rtWC+CvfY^MIM8$*mVQxw^MdC
z=>tgon7lL5m4~eBI|ttg(m$~_hrtWD-yrWR>h|S+g8b6dxs~USt*tDc%kuo5=~zSl
zTGDj&<37mqbyiks7m$BFX#?S0YwK*wpN9OI^58qPbtPN_AK~6anJdV<g}Xd;ACi8k
ztD1xFVv|kueL&e4tPQ1gL`N>X0e#={{3yJUGP*v3S)`pH?PltfLRV|Xd$#4LkbVZ~
zw^C*~{FVCz_1;Hb2!}vjZMgeWR@a@Bd6s(%&p*Lg=(^U*c?C#YS6ucIIUAF%D}oK(
zxG$v4ROE6zFMt7VU7Z|!S5W>Yo~xsO70>6wbFiTT_J4^yjC!AwA8)Z=%G$h)GV95!
z!QF^*Z&5ED>RJYGCw&fS?^A9MX=lOMwT(PoSE1`S$}FV(G~^sBlS*25@_r{RK?S)k
z;eLsFl_>KOcPs2^hdhq-YRCuCv7UNYP_Hs_J@Ny{*HGpa<kr^a5%P82PMWTxl+iWC
z^7Xu)GS#VH6E-iFevIc%q~%j)i1k(Fb+traFY@AHed>0FolUp$U(r8YPg8G$rI)7s
zCd##jzoGjf?n&flkpD7iU&D=XA$NVsbw!>D2T>-GvK6==<JR>X=>_i5``!8{>fBBF
z$GBtHXr8xncO@YS9e43O66)Fy7jS<^z1Y<aIiE83qFdLsv{e#$FlBB;UP}6>FvaS;
z$n(40Ln(6%#;&i>Go7^9^)_--gtbuDgXH~TZCnkTll}^6Bdl-bkULVYA%2ZruaP%{
z`y5N_$a6pHCQ<K3)71sL5|Mi%U(Q{ZvW3X8>pC8eQ6^yJW9cz&i|HZZY0Ax`ZbfwL
z<+%g*F68Z$`GdB{a<3pwR}1c$+#AT-56fDc!{IvaJkoS!k)KK5vUz@s`Zale4ILN4
zcaVqi95$WZNgGJrUn#qvv`tdLRi67}?j&^GO`X4#$aM?lzjTk@-ydxvPuD8bx6tJ4
zDEAF@?<cQ2_hZOCU>VxdbuM=|tFzOX2{%%w24%~b|JPG)D>@gMUe(pLkutwhK9lm7
z@!W>|DlY5fzk^BthV(SbEP%hm=S|N}@^tlqUvr;ncCDt&T*_PokD@<YZBQ<S{5sqN
zk##jOjv(zA_Y0ISe%(M?h_rLy_uRT3MehToearnea%IxD@ccaYH|WddPNv^aTKT6b
zKL*>f$=5a3Y(BvA_g)I;4NIFy*;gs|h1JbK{*b&LX6IQve`<Lb@%)RWS2qrzd^Pf$
zncikR*C$QabO&D|wvDjzeJ$@S8z&Wckb4977wG?tdktj^k;_x2B=;le98daW(yyfc
zrQE}<Z=+1#J><3GzLj!6bB`qdEb<C1e<%99tE~StS5N<l{6Ik{kmDa7oDz%#^D=_|
z5woHN!Ce1<%wS$YXi6v;@h6NJJ|H#GABy?|{=&S_^unNjMj(fO3!}kIe?geUKyG>{
zt1w&`&6(v7xtg>5`H}F{U`9bOGl>#K!fCAu<YoGE!Wmc-HLEhh;YemEFHjKlN1a)j
z!6~7<P(di17j5YunH`J<{r@Nw^-l>$a{UF_L4S5I5GnA7r}zUoIsSeFM)(8y`8lBs
z`YZ)yPixBPP^6%cI<vfrxq+$S$VsDS1oJY(k*GgAFoVV;L9D|I*}+i6AD)@#m$Uq#
z-29wiE*|t+@>4q^2g_Ln*<p;9NqPQ2AyOn%Fe~Y_mP89Pvi*Um*PA|tk#K&HdP9Q+
zk#J71FxNk#Fft=J%ik{&F3k5Q^cgy$Ut-JC>hhg7r!N*31TQM^2MP)zq4dInU^K}e
z&ZB>{7R?W4gr?vMe@0=nAe`&DH&EbDz^r`pubkbmXXcCmA(ZJKlJ7aVVWN6Ylz7%R
zOAkg1{8@#;XtbHeArcPIwVBx={TpI@3L>*`&}nVNS>as#Nq{ge1(85rG)Iv!GnkW;
zJS|VYj|4NqS$Uz0F@Xpw2uAXv{!kuHCtgDgQYbgbsGnvs_)qVi{>%-3fV*I3n0U+0
z4d?w^*v$+TWLqR?BwQ%CsWK&;lM|kaUFn$a#fr@KJG15aF8>R&254-&`HMq>d4cpC
z8psS31kwZ1VAP)wi=6?z2K!TcwN3KtVL+Z{N9dv?|KLzYBpeM-De#XNHpo9BNF+r_
zorRR-9})><<OKc0Q+o{_k>np4j0B`O$v-q4E$}8%Ugl{nmb#vKvu0-Fw!|dQ4Xhow
zuV}&0DpGu{Q2hMMM2=PProBq!6y`Ff%%0d1A*&Q+p}fq{j8G<%_Oxcjs)W<EEGaSw
z=~$vu?N7)I<}<%Td0B+N7q+nir%vg_mc_bNFe~4pG7yc1GeX{q-~~g#i%vJpr?tzQ
zcnM<$j!g7NnSC@}w92Wg|LPm9$|L(+Ffz#>NDt2lVo%=)Q&VNfD6$566Jn(1^qA1J
zP<}8o6kt+h1y5_n>BHY!(!4lk82{G8n0vf&&}xxhG|U++vdmNb94p206>*EN|FZ?x
zX(3@0q6JztlK!m_3iHAR(n&?dZSeF_mmVyb84MO{%ZAw-h|JIw)?fKno$<y#8qSSv
zD_ZPW03)HSEEeg1#GzYk)V$e#x~Ax9m=TEluNE0+n77I>i20FFZh!@G8mqh9q=6km
zX!`pF!!d96#=qf6L5O`IVMxE;gpXSdCb8K}V#D<31`E7t>t{(|GRO3c@M8J2fzX#N
ztuVp@qVnF-;B5f5Z6^6g(?RW@{x&V!u#06v))u#rb4YM=HB+0GTlJ#<o3(A!$iYee
zaoU2~bV^I|r}a#2+sTU=FBsdlZrk~^_MbkG$MhR<Zu=rF?c25O_&?M#G$+WKN@%d9
zXB7Bng$pAZiL`Jg8$)I;XA(tv0S-%Gq-ObZ1GC%#fh{Q*n!&ov)ClGVLOI&>i|u0}
zZ+_2`<|!PZB9sgj=;%bi=gj)sW<FqwT6Q}T@emEM{hiW!l5GPFLV97AKUe0l{Y8Ur
z3&wO7NPjRA!BCCdl+Z<L4rxk=0KvvkG|I`2Ku!txvx%dw4YLah^1HNZmBr>(nBJ1z
zua$MYRaP*ZM+>dII?;yREWH`i%hQ5KGNuJ1DXjwCPI2?812i(5pvm$MFg&E-$8cU&
zw<ZaJj0}zniP4l+mQ;M_F0P^{JB!>B#e3ev%s^g&x*ZATvNRU;q)9?%IHOR<vX)uF
zf=Pk&DEmo4a8h9;ClT|DvL_XU3UY#KI?%2ANz?zAZRP}K1tX_v(98Qj+FEWP|1@op
z^MAA@RtRQ6M({Mv#j^jux7m-QULn!hBq7T^O$ucudWQflii5+^Kq#a5Apig1a5e0O
zY!}Ze4&SkE{(HC#Elke|MYEaQQ?yH`q!VoUE^QLqU!*{>mflT4drBTh5tnni*dK`@
z+SR?dj|4eY@%F|cFwF9;oilh53sXx!Zw!&_Kz{V(@=+MoUdVh87Z$K}Qzbndp2m(d
zE!KhJ(LUA|9ckqB?Hyz>)%IleCMNF5tvzOHk%E+be?|@mhpr6+IYHjXynmBt1|oSF
z(eTu@A%#7R!?i1ZvPfFEAjmpER<~0(6IqrS_PXl5j|Kc3V)fdZ8Cz{LGl@jrpTf37
z(T5NVi}z;3xgx67pm_9ni*#&B=$V<R*C4F}v@tW*HNQWlReq7(MLngw_j0ONlq7G@
zX4bh~gL94&*hIYej23_MkzcVTlXsY$a3HhTAt#f?7}KM{j6%I9vZS#XhBCa@tC%N>
zn(w35z4K!MJB{1Gn<SjF$k=N3-|7@wEdEiWFK^`kr}~#3%m~;EA}^S%-(HB#z<Te*
zk{M$EEZ{}Kn>JpY*(US%&ZltvkA=;@Mp^H0VNRx}o-YWRA<oxcGd3dbd_*j35%nvy
zbfC=&`_tLSGz|W~`NDfI)YhYNF^%3Q11%7y)jPpEr365rz;vjyd<xLi^WHQlVO?`k
z78{|#fjrIco+o`WqF`2z9nMbf(X(f}))cq?xpTFboigetw_v9=CBK^%4r@=R4PKql
z>9$<;)H}{cgS;i_m=KUh{JcVV(N*jlidzk$da>h+2=&q<;hBWEx9lhqspnMa<mA3A
zXco9{B`v*K<oP2dyFDL{x;FIcQ!!ZvH0;((>ZE6oHc{5d?DlTjSr3XkfUZw+oi-!n
zhgd!4FK6JGxf-$}W4*o>=DV4v^x|>mY}6+Mn(WDol~>wcbYer!7<w<0GXjxNkXg!*
z6HB};@M58$QiR9e4Nm<8^-m9E24@6ww3sHl(P-E$HJ0M<=^csws~1kH@It|Vvc9*B
zdAkL{rU=c?3Gl^F7M`r)jUuNbUPalKv@aBfa=iE9V#CgmX7O6b=NxH?g{^-;0lmz~
zDO4yaH&W;pDh0UPa8!I|FrD=*GDE9yl0PSuH_dBPS?)l=ddacXUVKeCuerow$oqET
zy@cttx6rkZvv}+C&LXjIj$TB1-zMD$Iu5!2DcBUH#e!`x;y;`mn=Ib`S1jVK0ht%g
z)};1A-h1iP+e?52jW@zm!e}I2{d?r9)}&&A>uj*FWw-+VEVk*HyjBpP6lRJMvF>GB
z{yjMe?mK`!y?C3wA~klVj`B5>k8K)nZ$_UyS?dKLRw&jVHFB~*?Dfw3PUrbs!}YIy
z$P3Q&!j2C3dxvxL`P%8d0TlB<c86~L!r?5AbbW}iY>sf5Y_X)erGR;sr#Gm4|BO&j
z-^`dgYK|{?d_5qfIMaI`U_HWcn~S{T@b;4DZ<p#`dtx8s{HHXPpHr9>%Hz{9dnzUH
z2JVbii3W4nZCp$jw=XLv%<h~M&I-Fdo$mzM1-Y!<OpbyAoUa8uoX;K3Ne@I?`t3cf
z_`yUS_!mpCn2DC74|iIWJpbxz2dBh*%|5KN68|2;-e_sP3?$={hTVGWd$bnJfS&<4
zHHi6i>3yvxPlF^EvbWK~X~(iyJo2r<*6&Pd_Fj$Ll1kub@J*c!^1p?IHBU#~r*bUt
zmL#nK#ll0I6A|ye2?wURIQ~y&o-X82L39P!zGJ5@22sbWQyUBO4(-01#<pxbZJb=%
ztb-b6`j{0_s1Zrg*!b&L3vaDt<(}!4@irpXHTE2<l@sJcYqqycu-C?xw<tadDjrYv
z*qdDeKcDLeIF`q#8%}l}wQYI>Cr<;WJvRMMo=desx{k$62`j=P-mn)1dak#wX7dfe
z8$El|*0DFXb6S#hwWWVdHl5dxFy8Bog4X-ifri)$lIoq9WAzxgj2!*sp$4p1@<Op=
zm2!v$H!5}<=+JF=kRN~CH#?Odu9x{!jsivNMQ{Ad8OgN}WmjVhR^6DF%>{C1(Q@K#
z<QgD8$w&1?Y?ePW63AkC(2EfP!8e$E38>|~!f#ysc%a{$Ot-B{nntl{TbPehH*5KH
zVv9+D_X~!CPip$!?3uzBk{O|BC_R*;GktgppR=6-g?Sm-L8eluz-@Rq&pu+{U;Q8#
z(N}XDK9Xc-Z1D8yh!0UGqw;U=91-xm7mI;Y*4rWa;g4_Og(3H$kb|FGXKqs?7l(Om
z&Cx-G7$)vD1Ez!v$q5zE8~w7Pl_aX)#IP$Gwhy7+>a5RCY`}hh@005U)&wo2l9M%V
z-t_R+)DTC-*rX}8s>&h!uBNjvrnwWT&F{=mbXsz<%>-596Axd>FpjTUIeNwQLc{y0
z<0bRuN8hHrPO9<02cJ8Ovcu}@YSH3qZ}DD${9}2I?OFd^JFuH2J(!yw%w+8;ejv2N
zf%}lhR+i3`_kzW~4Y+Q0DVo&boY-4uN=~TTh@$=KWUGpCIfyRtPVN>g{bI!rw+b~k
z|GhJy{6pvSP6kjj>!0d2i_Q0xRy1U<ENZiNc36|y3nR{X1SAm{)Q0GJc4jD(C08d5
z`4ve=Nt-D%Ll*}kT6_PdF`V!HCg$%ya_}I3G%u8&PaS(FIl1|}%8Ic7hXb#u*9%$-
z^^Gt$lcR<CHeQ||{hT~>=!-R$(kkXW@7*D`!Q>Mh3anyh3$r?!9iFM7c1v8odg1k2
z=hs-%8n9SH_CWycX?(4q|NKNMC;Y!UCGm#B+|d+c+j55sx*Q9KSgiWb=Z9DYmG{Xr
zHt#H#bo|d5!hK&-7u-i?(sVw}@D@wvtPE7=yw9cXcMES02ZNko7y<icrIOlsXi?KU
zQ(sv0{XfZjnLe3kXEn<_W$|&-iG?h5QL)*?g6_%mbnxGfDzUj#w9V;|r<Vr0AlG;=
zC+b;#n31y+tsQDy)7~3fY{YqaBMgS<Jt5{Ki%D8Oc}gu7EUtpKLCq3df@8~}`-+wm
znil*=jiH!%a=Bz&vY8k;-sDibc%R=Yr?_C_L(V^{$9B*GgNF_oKC)-pNTz;lA06fG
zEuQ_}LdJS%t60*>pC$Bu<h5TA$YR*EdBk=hzO1-2-#;4lmSS^DvCLEE%h+OPQ}2t3
zVvbean-H<XB)|81Q-qw8?-}d`Czqywoe0H_n2g2AV<m>zeDe8=e^k?4bw6K(Gx#J%
zG-mQ)j6l$C?w#}a)tb-6`96NZ_D|I`;h^E;;|%YlX+uV`w&~EXHN^c*z<?1$lF#kf
zx{W`TojZA?_Axw;#s)sEmc>s>dY$8}0J`{^B=qYuByC7)pGiH34jnNmt>@rAiBVE{
z+vB~~dyIVmZ^_TYE~OwmNgqnQe{`HkjIwpI(CN1qU&4q%ss3cY_jSh|zIbuxco@pp
zOHP}Xt&{Y7TcR)F0#?anKXxbi`}Rxi%}+k*!w2wVS*qr19?{H??mm9Uo)Rd`(Q7<k
zixPd!{e440zJFx~`Lrsx@mUF%h53ci{Y8R*aO}6j5gb8s1HNSY^P1S%CL<8d(Ak*?
z<hPovY&Z7q?{%{HP15`G0YaOp$!WsZhL2l?5uhVU0di}5iu&3WJ$5*mn3Ce}#aA{T
z%V%sB^wG~$MH9dqaGB08jl4SY*CHBs0x^?qkOh|`uzye}H&hVyHq8H^>F)}>Q;TK*
zD)`AXGOK~2uegFD-Lr}e;?FDe3)PfD{XL2^BJ&?L)50gU7S;4lPA7}TT0MDyF0Qz!
zlDGJJmF#TKpE7wHXRcetb=1iVYJha&)(aWif6SLXy~6IC%p{8~DsGGMCY!oj^cE7U
z$9JgQKprR0oMIif_0T+KPA{70sl7af|5vO;X{z@k<902&%KXWo*WF`7R@4W6`-?>M
zt|dcREcp92%?IX3X0c$29g_YpS*@jpuQoA{#QZv@=kT-vY5j_=@1EVf{MjcRHavX_
zXOE9?>eiRI*wFuv`~UC5WR7reJN(U*oe??n#cUivqWAWsMPBam99T33{uyquUMWP2
zf(y6n^|E;P|D){|luZ&sc{BKBJ2J_wkwpr<&tSPaNS}PObAMr=g~0ncE+LxO#TT<i
z$FO1!)=|ehMigkKoZO6>B%Jb#k2@W?#VyD;75!lEenQfxik7~fti9v-mkC7(au(4a
zvguUBGOB}&KGsKy<-2blnZ;6Ur6`sXJ82a!Wv`NyO10mt|6_Bf6w-O0SjVVv-rp4z
z*>g&jBBM@8E^gT=8Aav|(wF)FXj@T<qQ;BTidrs8E8c8TYEhdywf!gO$MTEXi=`B`
z7E3AKRxGWkC39ubORwH4aIE`=nrTCWlmBzU969N~mdXv}|Ccga$^M6ps_6fuS(S4Q
z>j<Sce{Yhwmni~BpF6z2d-UG%i~c^;`^w2loVk~C`adc=SzdoW%;AT>1@`)2O_9jk
zew0O8i?TK@{ecaq7}-Ke-cTswPHH^6#@wOb`x`FV<Qc*rX4*@t4*sWJCv9N1vX~WF
z!LO=ej`t_?S!(k+wJ~+vI}g9UyKfE70M_PEIMdJTu0EHXwi~Cl<G*$<gLPh=|9`l9
zyQR9WEZ=io>nWDi;S_WWWIHqKgLK*l1Cpr}5-E^f&Jz`i4Q#<q0h?ljB<yfRUG@X?
zWp_kf_PIT;kZ)2?(!c+Ij5*g@n-9rZmFJ=z7JGfnH9yB3-($>Zs2d<aQ5Ic`Bf4N?
z_Z~tUNGDx)WTwLgCKOdmS6xj(Q#ZcsHpTT1``hFCTZq+ISnK+mZVTP?F4VAm7=Aya
zV<e*kd|2hJAk8o1^5TmEXh0t*HbbkgVutr_ul5E#_of^1+>8Ej=U$bu&OPo18ZU&G
z<`8iAqF5Q}D|_z7o(`UO2yF1U>;B+zzw?6^rR#%-UB~tKhHgu)yEfRma(XLi#)IfQ
zPdXE_Hi$gb80+b!X?ERSqSvGL3NewFVtBY$2M#gq$dtm%0yVc5aL;ai%aCq+cPiSg
zm*FjAR9+0Z(Xk@Axlcj|E*%y|B(_qxTfRDc3gV;!b^vDz2u4e@F)s2}3Kz{B9-Z&t
zuV%lb>~i}uHR!3F5^EOPKa1Dj5~m@VTW-imMrd%NcE@(01OUAXXJrrtuERTa&F^`-
zUN5w!LT0(TVoMUSGfLz3m<6HV^YI}%B6`D2$bQCEwl4guH4dXmdpMrr)^!$LXRh%v
zke=NWd2{!}!PIJ?bWGJ|x)trJH}Gik`L@;yIJ56PzbJuEXOQxFzuxc`rZdH(mf;NN
zkRI-2kjk}JqB3{(rg+Gv<c;etP!&$O?dx#9Ev^`0Ht&Tv$XPsW1F7%qps;$VGrv?l
zliYBJJG|ya!ukP9*;y`Zw-`wBbz*Ym?i{n21`8|9Q_}MEF^ez=DOll*?*^Li9?&Lq
z{Dk}fI)CDvtxaia2?+}5T1|I!?nJ7ei(Q9mKVfmV&!-2MkkmVzu{8x~Isx*Cago~?
z^cUSq`}se9{`u!CUwro2-%D0Z2<=Y_{_FD)ppMhaZoA;$V0~^y%xEv~gbYBTT`k6m
zouS+H?vyBl_KTHkfOoA~ZT=y*W}a?OsQ4pMwwx=PRl8U)e7QMuhk%CBq>&fOS^Uhv
zV*C5pfqbi9^iQX!vDNCkcJnmM_N6fHh!JA}CPsQ19oH8w7feO?j_}3?|HqSK)_o;z
zWy*Mr&_BErCU2y(T`fUOzFP}v$k!W|=z5ne<w5s!mG7R|33<x`W;{VhEnWUjxU0Aj
zh&WmqwZA?;Xt(iTxN7SpP)oAWQ9&VNac50wulha@DXNEVQyh>M)C7#$c>H+uRzYIp
zsDlSvB5u{wu>E#?ta}t~@s}DzQ_+>L!dCGtqq5{3*xhA}R`+1XTH9vTE}9VTOYbr9
z#8|-sr4aWdmkatwF%}IuS`51wX5SRTnZa>|t+TZd?Bse>&<><!YFg<>`QCK-20jFh
zdVqjIR|F}!#m=Q@D5$p&ezHja^8;1d(-wEiLs<SX4i=hdQzDGMSY%;IWFdD5k927W
z73Xh+i3QkfDlLyd-^fPlXH_VMNcDuoGA#j8Q92isckCaWpiU#;EBYknJhj-Wd~|&E
zqfBNON8Fs!<h~;a2RE9g?$xZ7`>_OqQW(YaD&hg&Kix*Rt%QztsuD&?v8(p^_dEJU
z#>*d|?yCJWCKb4ECfZ!Lx~3w2CnHbqolI01TgBYXjwYDMunZFbD)mhO&-C>8iVDz`
z#7@_i<z~%(C~>`R?QL9dr^zYqUWPSYUq}*LM<guQESheSR`mp3R%$kNXLU@odcLnP
zwHF&ZyX~f|#@fT$xxMG?qxv+wOs<6x1g9NC?oagBRCLQHG6{k`?<f(9x!Y@~iaX{L
zl87si72F{_+*R*o*tdc+)Le%Pu+WUzW%dpe32Ldnro|(Y2~8p;pOs5&1TN~(G(q-5
zzOo-Gb>R$A1B+B&FC?t&=^2YYn@tYo@gSrZW;zJ8<$L*9h1XH`YEOPM;P&_=S|VhY
z5LZ1b5p}W4f$$E!mn$et<yN})?K8y3-mRp`?zUIa?9mPYJ8NHzUxUKrroYqE?SE3g
zVdFQemj{z6e;L8y_*CjziW3@hvUiHI&@Yw_ut$hcRxce}VQ5es*&%(1-}VK&1Y9b^
zhh}8+bZ`2;-pSoI5E3A58NbJp)lvoJ)(4O$xmIG3un#!T4=|VSZntz<!Nxzv&SVQZ
zP8<GY*=2U8Z^oxwA!i6cmfMZ@BLUuQ1=wMg_oYrpdow+&+>pvW44;g1+}%M!a@!B@
zdwXh#{{cG%GH^RHSeRmIqA}UxOqRY;Z15As1~=bK_@Ma)@!(DT^%Q~PU{nzens0O|
zjQfoyYv>@{-LtnTdd2@Doc=4l3S6;tKF!+Bcl`UlCF)WVh^;<;fWBHl?`w=%3Rf`p
zR^eG##(W8(z{;gdk*|7T5L+X#SwMlAN{&9G_WP~fot0)yhOuLQ!jQ%Vo_|vUqAP#F
zlkp*IM33|Gs$K}WO3swW#c~t)E`JIxRFuaFp;v$@6@*XJdeI)=@UAXImfdFcB$}3Q
zd!LB87EQS0mD!T4>4fP2xys6Y#$^B%019q%+Ee*eDFRii4b5YYQr46j{{Xy{2aie}
zXz9*b7Cds{9#GuDRqZ=wNa#d9+J<Q?q>6Ox13NT@*e~hN4ZX5<o=sUM09+FGXq-1=
zgbVkcJwb4EhJ7Fd9Z$xu`4lV$b_k3caq~PpfS)X~M4(mT8$=A51teqyM|c9`RIxl3
zg^7z50z6hu0fr)M%Pz_OVIIa{tq)}CX4~TnFg~5(1J=V8f)+WIg<)46qiI=w36nWS
z4-s!o@xxJs%1+QN5{Ku=2eARP5WZK1`7$DBgE(yfRmdwSe=s!z_~j<_lgrEMg<XeA
z@NBSeH#VgK&4}1XV}TP+`OxghtXGpL%X-+kOBw5{BV@YrJH0Q&LPiaU5X~B{0zi-c
zs?UH)-iTlZXV7{t7w8WvN};r_j-YQt9M8P7Pf#+$v*6D)eJ{K&qzEYlotx~jkxlnd
zAy|b2stEcZW0Lxkb%;%N9ZX$yoJ*%5Q%u(_8G!}`O;X;w1?H{P4356*a{#({PSW9m
zJnDE0J^xQs5ktLW1cizwt3ZeCu-k>j<k0Tw!#e`pJq^OSOZy}6Zym$115>HXS!tK{
ztI{=T)U?B`5QHY6$g}=Q%@^i~rGmlj7;Lum^!#u{$_a1b*t=$=_A?>@+_IjbMj;}w
zxJB!tmJ}r7k#S+nBJzmmYh16&&HOA-*|GTaHM!C@Ym&#;NGTzAb@wlwYyho7|HXP!
z#+E=CdEt!vw}meBpFOpes`m{<w7h3OCm(t$BE43^l>zQnUNcMV7t<}hI6sL3WMK)3
zyDefi-$^?VVou%&{sYCOsO9RdL<spThva=M`w*-ZpE?kGTmD}z@7tGg3G#LcTu;bJ
z17F30qh;_*xR{IfStz6zR%h)GEc&8K`-KxGbPQ&B3>O<;7-h0SwW~vcU5a=a{8*|N
zmiXih8BBaiU2ckuA6YR|HQ@#u=}702tI#0`aiqS1D^30Fj+5Z<&K{F2Hk*aJ64=J{
zu{J^h#m->h0K96E{ha@bCW2YSw)W|Q!=Q&{bFNDRj+}!-YTuk3+w3GdBkNt_yf6;%
z_Qzf|^`o$&30PpX56ADl(S*A)gjYPS_CoFK+?QoTs@#q3{y6E+hQAK2gI(4Nr`*Xz
zWvdKFZ`eWLKWF<`PR*ZowI^toXX}A>%dIs?gBu8ldAd?ra7nJ0oj#jM9EfJxXXAI}
z65XXnS#C$6nwq=4R<#`|yF%1A|6P4_!?$|p4IiBg59^|10oDZI61cOsA=o7bEuWlH
zN4SLLRvwl%xMo?Yb*xwsa{6>ZmZEg{sNbM(K}mye)v#r1VJEv9SXKRMm-Pk@Gi7(a
zW-Xn5ib`+I`HPzM=bMcd&VSlJk`h7OfSwT7Msx>}R;q$sZnVKgiVft{Nx!<4_U}Gh
zj8B-FjtKyxM+_ugf?+JRsej^WaK=+#*?pDjX*3xNoH}$ndciB!Xkb`CMV67&Ncxd|
z)E%?}IOC_N^jfN}<Y+R3!;DJp;sJ#)Eq0M&Q(}S@&nK5`K1$7Q=m5MMHDvfxRl4tq
zWg6i8wE%Fm=^-eg&RPToF=+CV_`yX(c*|;O*0j0P>Qlz{p@9$!MF>rY$uyLro!_@o
zOJ;~57ilYjox&G46kaJRC)*v=&(J}Sr4$u9HWH<TThfA=e~KVWPn7i(;W7_NgDW@x
zJJ#TcEx8cY)||f{?JIzT*$VVGgZu8LJ7(!$1GudBfTjmi65N_UDoarOCPP8OT`phw
z9vXtiQgltLDn_posabuLym0uC)~DZZ?Xc1pYooJ~15Pxg!q?S8mRn2J_Af54gf3zK
zbvyQ-_OZE^xZcCehY&D&%~n~7N9gJlAi^x+C%Z0wc4u<_XlryZI(f)_xTUVNO1@HW
zbG_$SP+;XPP!2Fw++Dw5bHK#0Qa2Zp!i=)koAvSb*X1D-AC8OH9x$Kr-L9hb%gqnc
z45QGIyqWLKb9Ku3e0oh`SBhJ}3IgGxz+${IP^Q*KI|~oizD})<UHlJUqS!}vGvmXp
z>=XQiqp)P@8tp5igjluufJ<mE^jf7zaCZfucu^-a2&8)9E{5P`x8Ea?_Pz^uPbgcT
z%&ZbJ7<ULzr~>d5{7xbg>$!Xh>)o!jCFuqThLP*+T)Gw`jUv7bHT$gI(D^fY`3c(A
z%FvbzhFf$WRV!Sd6!K9Y#OeX&<(p0yT^|*NbbWA=VHoLy11hltPI=$;pl+h9U8)=~
zN#JhJdJxk3<+b-BoeHe;pHKK3=?m&bTiEmNNp9!fgKWKf@)(sRdg4->>3?^V_`ZA1
z($pJ+FS?QB11+Ph!*@!jBZL^-X^@I326gNL5vXC!4c&*Dohv$+S-JxKpcw2c%+QyG
z=#W1}f}r@u(~a*|cQ>CuYiuQ!Fhn*qE99^>?=1Eo?~cwDffSElym<bi*?<L}sx@1c
zQpLiv(BQE1*nzMe$I~mJ+rDN9+JeqUtN~%`3O`33D(BqOOQ~H%YfuTI4?R5qETj;<
zpvYtvA(p5e^VTT=M7$~ST2Yjen`#Bp^Z-Y*%e@&oD|>Am!HhE7IQsWOzTHjTS5wRD
z4omVmv<k@#o1lCEB&Mci{BXq9j5)Y!ta{a-A#dv^1r%K<O{0~UbqV9L%1E~Bsc`PS
z8$1f>(r>o_=C}ykk$8{tATpN4U9!R5YlKWGx8rTzboyjhX+&N4XFm~2iZ7Bo@Qv`@
zt~jE4mm2fhn(*WXF^}d3yDO#{;icJ-Z*crAu$g!8VCKmHDhs97Ng?53Ewu`(Sj=GS
za+$<y!%EO2ISEyE&sI!n7-V-0MU5+90ToP0n7IPqxDk`A*2EudL>|ca^&mm|+#T?5
zd@eQSJ2q&TcksDluU3W#$QKwBDj1qgYZ1>WqeKo$t|g#Lp=qEqJ-Q-T)+if}6khtF
zbm|}rv>V6LUlw!H>7}A`WMP%|-0E1FP`XZm5~^0%tr6N8Vdvg;GZG*W|4FV!X+C&V
z%791IQm+es1F#cv+^<2fFdQV?RG;<7&9)w4<cU35XQLQ|wSOcTq+6;NsrZOXevOyL
za)Wp7Q3Pg~#9i(Yt5U)&N&9r(KKjbQD;{3_7)laAMp1sOs~Aq|yrX)n1cU2*H-5mE
zd=^;+P*Y}4#PSLzs7V#VT7Vo0&85?CC+K_4VfL;;MwR_|C@(76waUB$aRLT!k3OCp
zcXjbS%5##edHE9D&^>Dv1x&cAjV{zEYd84nnz9?#x;h`sl?BJXAsEp~3q2%pjY82d
zqWhyWeBm|}NfdwE=f!XzQ9vlvl!eM%%!|xuw$lDI{yB>?Nay8KnZ#hup4Wdal@8>}
z&+S#I!bMtA@-2WKvl>cC+4+!(s%jbnAQk*dJO6c`6JA+pHt;(D*%a@C?kXGzBpb$X
za5l8gNv*J4O6x<cR}ylQYG&j8<hA~Uqlxt~RhZy8UPod~ARUiRM(+jXnB{~NL&7Qp
zPpnvqOCC~QCG#;3mOsD`Lty;#1Brql1OW@2AT5x%1e6rNQcQw_^Co$g-h;w1)glA3
zBb8(M)-SqSh)j30J)UCAtVM+e#HDrx4z9H$!CW6i40!4nHr|6|HK&!7=z&=3_Wfs+
zt~a0eZm#-ouJR3-n$m1^CEpH&*gZ)k8?)Iw9_^DKK>DD^&~p7nQ;+oUm{A<_H{65j
z#jLwBEqgqA-(*ft=nF`v+#S@5w$6JNbdrzu<%_4K2$ix`Wh@IkhS)W4SR0{N2->m-
z!$-jd$QIdvv>PU;HX{4=jAXT)arpueWw-LfOuQq2$h;6lhufYJORN@lwPm^?qp=py
z;hq-4(t8j60RHdFz9JtOHCwiTEN>xr{`7N2tD@7*V^1r8if29eRw+0Xsem^Ocipyy
z8)IOac$FXK*aK&bN<K+-?3MI)Kf9zgvQ$)*vU;eo1(S?H+8EVN?@GWYy^o5B#5{?F
zhfIFlV|*ADpNI00U(D`D{GE<iS|tV25<OzWGUU^dS~7BELVHNIzXlMRgX76-nAf-P
zHes%R*zQeags@BT44Wy&YnBE|8OBh31Nb6gLg5kQ{Q0}_h0*Rq#PU6HrmPqE9~)l$
zV13IgPorNMJWy@`Sg;ty#Jxf}@jdoIXzza~$0G*PPoZ;vSOlH)+!Gn{AH6S+PZY@}
zh@!jfp(z|ltgWsOiK*C5i}ly#!OJAXdC%TXe~f-X>^4$EjDYhCbf1Uq0xdpl|2&(X
zF7lx)r)4)&OwIymJFQZArJF^o&@TvoP%Y>|gTu{t&10Z`$zC{rC~o7Ai8rm(rFpXT
zwEbfFGynd2nF!(L$)7g2o2uTJ>GGd;5SIA0A7}oy3vly8|AWO+rd{}+BnKeSb|<>i
zy}=SGZsh4?4~O%s`hk5AOU+vyr3Nql<n6G3@&3O*P`<kd|MGKNKP#9|&bm@o2o~n6
zPQS!b`7Tj~;FkGPy)?KW<Jy3fv!*?1%!7Kdj5w{?n@OBUvcE7+opMjaP876PO594Q
zUrqS5ScgL!A&3WdPR^0q@N6UaUux(W=g6%h<gyg_9zOW>1vxHFsv{>k;KEm8Q6Val
z|01mh{KM7K#dHaj1qg!~&^^LI6?X1)N|o{!W*aK`y*Nl?oybTgWEogn>{ixb@i%>a
z>U4D(h07y6(*+9&2Zkm=(cEKi-A)OV*2q4i11XuUs8ZDg7r@o-=HtiurT(z8?}9Qj
z@lY$F26yaFQ~*{AjhFpwxKqmE7`n75hngkvKXuH^)da0lVB7gc@-!$-pX`E_<_oi=
zySyl7*kozSXwQBs0|zs`@hDnJ{}<|Fu}z7Na*xI#)93x_eDtrE)892uCWoUv`y$n=
zzCY3vC*mrkoN3OSx0~zravNO(Sg_v9H~H<j-0Bk}8@Xx0gr&PijrV7S#c0=~bfMZc
z<K*x0(}Ws@<4Hb9nO}@na9&pI6c-Y03sn2iTL~&Q*RW*rqn<TR(h}3ze2XfVID@t~
zRb>b3m9@Msq^n4_RBnY6U^_x&ln(S;q&h^l5Iny2tvGP5AVYZ1#t$UOw*~t`rf|}e
zC{!qz`aT=I#u=zj3y~Mit?MmxItU!w4XFiOLKb-@h#p1d)OmFXLWFWkW8>5Z<mCVs
z;T`}DNUjmb(G`ww+|;jzU1Lm6p_4z6(qD3axOvc_$i39>Cqu<Y`+$b_Mi)mYtE^Bu
zn2@Jigucv=li^7LG*ePZ@j>S(kj=kJnFT`y>OO{fS6<?Q8SayN_Yg-Pm?kTSxkhcZ
zUg~5^>Q-$$zSPevCQsS7AZl`Mj&LqyP0bwtGxvjtYKfpAIy(e_E%7T&lOQLv?D~~l
z38GP;Zhwly^**BFp*M>%gafM}w8++b?>{{fNySXM4hE3UW(=?Gan$fG(TJq|7Kk*o
zkcw)@p#jCz1!#eX@ce=C0G1+m`vK>WXt!jY{Tc!CF$%}d*9VQzn*@O>th>q52`}DR
z^X=qe^DUj`4_=fD>@lI}#qKt6t{%J#Jcn+<R(9=Ki>-;VndO0F-sa;MWHxCO5K|<G
z$~82b2mB9^SB=fwZTMZ+hvNNU%~2)+hDEgz5(3i`e7qfSR7y(`37zpaz!MF_r+7mq
z$h&Va3)0hsrVX49H&#RYrBu6^u6(+%`|ZXSnOfG?p1*vy`)cj^v)$FT-B%l1tD8?F
z@%x<xBJjW8DJ`JwqjX$8U}?y{8UvgFvXTP|hh(Tv?T@zCA-QQvc4>QsT}BQ>Af1Fj
zja}8_FC@?2xRPTtQRbSEd%R^X9Z*q)$NE5vEeGJjTh$j8iRP!uk`HSDV&5d=HvRRi
zgRo(S9|otZO>I>afDv0<cZ*;RJ^@j~w2P^=N<(DRi}U(e*@u`T&5jNy@uW~aoDSc~
z$9WSr=RMNbChWNX=wtD1dXU%NVLjtj{}t*HMM@hbO<SObfZ-ye^pWHtVt>KCulw>V
zf}!|LNi>uRiKbJQm#V;)a8%&Ej7Uaca7I%*dxBC2ic$P_6-JWtk$u96eg6%ONJka=
zPW2V5?i)4zc6to5=xh-vPAxvk^-(=LCubk3T?s8YDKv^EpLbFajo36&7hC;WhcV_M
zQ>i7Yp9x82(gFoYaJY#0K;cjLOi%RdOEapJD<e=(`g3UkUhkzCc}PY;Pk-Ey8Axhk
z2oDhy97x4`7e|z3+Y=h1-uTJ)G%Q5W(+8B8M?N9}BR)?k2m3ndAPp$M`x=LS&qUGE
z)Ao>z#>B!>6$)YGv6$!3N}z=-z6xUXPu1S&guj^*g{#-c)9C@f@j)8j%LGT1s`96u
zi*9b7isdf;chC)<IL6Vx$E5wT^=8XH0*Fd_8(wIer{M~P(34TA%bD?sZDt=#K#uU+
zPxvNE;!$Pg9RMi}tanbl=@f;@BGhm2hPwVuT8nTK>;*VL6F>!!m<O2*g~U{<2A3Sg
z9c#G=r>wC#+`L4Ehs0VHi^@s$7#LMS#9$L<_Bx~S=?q`%(!4{#L7_Yc783J!9+nvO
zk^2#*r{{d;;7pWW%JL+1NqPDS*}~*{Ot75DLg$mAd=XWq>ZP<6MMf8Z=1yv48zX6?
zI=gh)tVyjrhIvmVgg7{f=R$BWC$d@Mp=%4L_6;C_+M@ZV?TshRKPhM`_~<IAmy4in
zyLc0fF3&G#%^xPjLt7N6SA9|7=?Jc`d5T}|B|Cu&XgV2^9aa%{5xL*m`Yck!bWEj;
zp`W8uiUecGg_4f=?<{_#YmM+IKW&Q@Jno7KJnp*nj{9Q#E_dPUm-QB}aEC8uWBiO!
z=kfOtyx`5x8aknwXRoIN#6|#06@x5pxi88qOQ^&ehkh)pE*6m=+#GeX4#L+{Iqo!1
zp?Fv$_=RED-#6{^Q&6{`D7c1aGYa!Z_^p%tZnVR%d_+MIUstTe^v^GKX-`-Z99&sw
zN#yV{T?J)d6cK|RUcT*K^(#nqwQA5DYd6C8wN8LGcguX}_0G53OHvK#hK@**daBbF
z{nx}-x7I~!6>>)PvDCNuqun>c<vfgNo`1j2=Z_8$Jir=NkX0M{-0!ssSpdyKvP^!f
zP-99_Xw4Ba@<`yGCF39<%Q(%}NSpOkugPz&#0{tWS3G?)_8-(oL??h_w??N(80ZJ2
zKPma=`=p{|vj@kseK<i;=>G_7B)b#zZ!yp2c(T`Nxr8rp{S_jBq#R8}`7Y#_&+ex&
zZP56^|Dua~&PO3H7w5x#xZ~p+@~iXmJJSVFL0Cq2W%R8ePnNDF!QVHJd3UCND&C8!
z)J@sTx-L6e*WRyDzT47zQ8u)$kA*7G^xWktMmbkgd|7mV15DF1f@W*{0dgNor-SQH
zFHh@pFc*6gB{sw~{hKI{nxDS}P$1hYg)huZN|cgyVVW|}X$UZ^jl7gWg|HA(>~E0<
zQZgs7I>8}LUjr2ICIUaGCi+>wmY)1jRKE`<oJ}b<U^Kx)1!Dh*3t5r1`r>As78;?%
z$7EhyvhZTbPC41jNGv!6DbvYn0fC|gG#pGx<h%g;Q8jGZwGZg}G0EZtTTno7`4+e{
zNJYKslZpT>N;v|z{N53XyM?m~#q4(61}k3fMCj`)@#y7+@T^n@<$(ekEGZPfE%VZ3
z;41}ylHxg3E;9JAzDQ@0?ta@lsn{uDjAXe~fARpkTVj{Yj|=0dcUcr|iJ~|ZcSm^M
z%8f6cuWl}FZ+&~qOEk2hbnd+`#v4pZNTKk!s#j1bfv71=o+DQTBt<e15LJy@AHp~%
z0CrZQ0c>+fGKW^+@dQ&Je413A%1<H)G+LHxQOD7DP7pu~6`XJiptcHIAkRTWA!ST?
zF_7t5ovBQ1XvsXoXbSWM8roCa{|bj7;?Wf|*MB@xZh-y+B(|+$R^f^bd^SB(^l;oH
ziQZCzgsN8T?ubBB5{GBccQ;nrRf|U?-1x2K$+-hm*{Ud_ID!f315&_0I6<so5<SgW
zmy95Hrq@`#o-O28!(1UcNO5~HkJS~X_>}_sE$``W4L6YqxdX<{GcCLRpo$hElawYY
z%NR#u`a7j;P|)UM+iah)gfKI3^}uY2rvO`71N%uM=li~&svm%1{foUraRTOev=h~o
zor<g{5!<I8%qUCXs{XWJebqdh@_(|VTs-fEDKTS+-8{r%35X%Xh%02nu@*c`sSs_3
zZlzm+{8fDikC*jaEX<ta`+&n=u5J&hoFP|SoZ;N#@4$@wFZU<sO?1UFoF<Lw-ABT+
zF73SV`Hk&$+Mt^obe;W;)F1n?_(RqWy+)y6UFxNH0``V3%WETf9#@DLiSj-&FDD|4
z0@fb4X7cKn1e{J#4nd@(=cb@cI5F>9QNX414e{^*DOX##K-E&NGtI^zy#_%^u|7gl
zFvWcviM}n7hFw^F>NaS)cGC{v1E5eh5^xL97NrO>*TBz7^MPbNJ$)cS$|o@5a_|f}
zr9_~6ycbSCp~u?_JY-V|`Yzh<Mmnk)jbo%`W}W@Gn<#Mta!6O<-r99H>VPsg>C|dW
zNV;RI@@FL=CYf(cSg5*mmRYr?BKMP!*%(ZcshEd??u~6Cnn;KMkS+8^vaev4#Qk=9
zEzc1;Pw5BKC23Yc+r2)ZtwEIha2J$L!+O5k8m;&a?mrE4wP*1qqP`R318g=@Am74m
zF~KE&w1(MB9^H)$Uf!H<ckJB`T4sH1{c9+^`qNiWJvB%Ys%TKG6L0wX@R)z$wAUGE
zf5`%TWM4jh{#(gkfBO|^34Zy{tO4lh!z=LdqyAqq=D%*l)hvPW+KOoiWH0GJ>qvzD
zlUeip56$y^$qkK9M3E69xnDCHkU|-xLPjpfCsd=Akhgg~X|=3Bw<QQ1fb%;QS`M%i
ziZZ<il{3Cc+KV9%Dd$ua1kp$PJ<DL;4wT1V`z4$#52`B&h%hptufMK3=}M6KPv1~A
zRx1&sYA;4wYSA2cfJv`zE+jRjW?{ZiP&<#u;>&H7;jVBt)~H=d3e5T1z-41}Xd<0b
z>ZMPpikmY=KM?&FU+9yfGj3NzPC}%fKM-%Z@<6Da^N&Aip2P10$J^qwk99|&7*r<`
zWci7dBH+1=(}Or6p!#6dLTwR0nm(g7xM|HYKBouNt-l>y#x39_b`16w_)~$0ZRx|q
zUj3D~^h9A+Or_g%>Dn9rowHgpq8izc{w6h`qsm7#+v|^;?Tu&aWF&7n&)~)L?^d5S
z+s~df63bfl2+CcN+->Aw=pt%@N8dl@-`Wn3GG|D+XxHqiUSG%#1t(cwvl+V^BxU%f
z`FqUrJ?->z_gbPCUxzPe{Fq3m!@;%!Fc1z@V;wT0=Bc=V-V^Wq?ta#LhsHW%dP2P}
z&nY@kYnxM?hb9&;6-uB`P~InpLnm5n7g(cXZQGN@ECLvb`E0h8Lc(NJ{(e%Xy4VPv
z;5Igl@lj}Wwc~LsxVW4xr4;ai*Gu?bUa8Ef%`<CZm|;TF2RTsKkYh7m8QA{kiyPTh
zJ0>Dn*j3H<g#|S)eV&^(?KNA!Mq(~<-c^9<jlQA4Rgi(((mqW-trMn&4YWyM(j}2x
z`wjt70@<)sHQjl;2&IcT$5}!cmfi4E$UAnp`}ulbgnTs~Y)P1OVVyvXhkchM<&eDf
zKab_VqCesCP#FI>f5^J6NG;;&DsXhxgI3UkhWw5=qcUB1X``h=HpOFHQ9{+9)S@2f
z$4HXsG^<{{za-tnT`#w#q)@d>DkU#fox5Y}a#`-;o#i^t<)Bi_ge>LnaT`O~A^Q-M
z?9N&~c1$np6B_02LuXPs4dH{uNbaxjq*cL;@PxY&?(o=8Q`wA$?>RWNg7F>Z_^eeh
zI~sb$l*&A&Nb91+r$}+yxb_?Z%K56CLIAeKhMouG_Kq|0__n4$f*?liWAN(h>HCMp
zzjckQL*nwF5u?}GKI-s6{tBh5b0t`2z7Inw0QuL7q@#?tTlo^@wos8?cM@hux~WHX
zXo@xkcns1gU$ZhK6k5mv=m`Y<!+-&8A=IE3pg<qR#6qlvz#k7luG8bILv}3}QVrSC
zP;@Fh3*|}>$8wiQvanhL^dipob!ZqO*b&8uk7-ouxX9Xw77a{+<A?%KL{YJrBaTop
zc58&<ewDlu#x?Rl^-3pH&N)`LrRryH_duy4KIr`_C2rxn^wdsy{>5a#gRn&K`*yT{
z)&A;#`|Q{M@H=XozL85jlQF?^apzmQppOw+x5G;zbS;=8=wx+um#&YFl4WG!2mV{y
z+FDv)Z@>L^Wov6?XD5jXp7!{yz=HPJLhIRQSEu{zAs_<z6o5rK9W<tp!{h&g#-y>k
zv6);0a@!D%iDgGprGS%gpv-vFUujN|ysRnc-r>k$?g)s5SH``hegpup?1<a4FaiQm
zKqh<G4AvQLesY#J@H%3_{EKujlvOMzg2#C$%Au#GAoNq$q=_JUgp0J`w>y!Wg(nWl
z=2sduEBu5;RMZb@W@A&`9lJFuKDDuRW<P)0JOpJ)`48Y7ocIAHDc(>8s{)p$r{aSJ
zgNA7*?@VL*ekSlFwCt;>U|8$QowaE(q><(%^w!+I(|Ts3!F{W-W!E0?y23Qh`QxS%
zL}!I5Z%hfXRP<~x<8DHl?Gh<+Qqzfkpy8a9kjB=%UBX2nUMP)YcjZ%&%PlL*rGt-~
z7iK_TSREI(G9K9n)e25$?^`1nnN*Eq{{c!#gQr_xwOc4@ySwCB`cF#GHH8Fe0tU?R
zDp780sBQ1rQycGl53(J;p><9>)Uxk{j?Z-}^-6)_D1oKC{Z8~k<em+|XOI#hc)}Gh
z7@(IH%*X(?FTG?q)aotx5R}>9fTKff9g!`M#o}0{$dSU<!%3#T@ON&D&Bqp%ota$+
zo(hbczO~#`KiYk~k>aHi8*tpv{+nfW6mB|yJUT&Rx=iv|Tz)YrT$Ovv-b&<B^Cf8-
zoY1qEEW^8GM+OyV1pIJ`Kuqv(p&bRn3H}wFi=-8JuNSQp`ME6J!|s8w1<xUa>?BY~
zcs27Rz#ihF>)yGDx<z$aKr?Q#KDF<cvxEbpeM&kyzrsqT5)iEg5j-;{w<IoIEG0W&
zj4v%)m6ry>c+TbQ5!((&9Jvk;i`nakXPm^RRDjuu>}@w2?%LdK(Ysrb{z&_Y&rP7q
zZ(A>VeZ?gJ?!4qKphP@K0khmn6I*s&nSFvU%WF92NS|4sltM{D>T@xsh2QQ8(yGWJ
za#aVgB@tQux9w-e<jFMRVhvz2+*M9o#SIws0;gcumie@_rC7VU-j(dP9K^-qZY`^5
zoUXJ)o3vl;jWsi8=@@x1D8po4f=+8CHV|~TKb>cXUri2vmbi3VT>^!Kd7x44*~n4c
zarE|#edU0d5)WjfCbGtfKh|q`eU+m20NaMmSAar(?q>q{p4{Gl_YgJ=o=_8?ylSUk
zDVFM9RjyaIUUL;xgdh`t$(6mQD;@2Oi&4EQ;gtO+l?;^P(ifW$)CY<4>wWAt)$W;!
zl*t*_0_*3qi9-}*dcGtCg`8CfzrVkKdU5}&-*Rjk559_gw===Gj+}<KXU{Tw%B{S!
zvG(%C=I#$Z81sjX-FD}PXKUZSc>ZkjPaErv)Mw3(Jh=2ny-n|;;q9ymTY3J-C@U$v
zcYAJRSssY~32iL%K)jm1&za?d_<sbp7s49tDzc4qPdo6c%BO2do^A+XjL$#Ocm3iK
zLzEa_kwZH$9paGGf~1%HK{o4gUGa)%yERitEr+{b5srJ$rcMA~9*8i3WX{>;64#Ib
znX3#o%`#d%mS%OXE>Ywi(P*K!tGFyW9zQ=19Huw&&g3^7yE9Xt)e^aPHN|3D*rTOX
z-DvfR@j!X4(B5)gPl-yO_LceuPNx*=niy#3dhf-O2ubyoclC9jG?glUn#G8g1u#Eb
zX=%ezi2QXZ>VuOSYs3U(I|Fi?!geSdMu+GvwBlOiE|N2DI(3Ne&x*!UCHuM(L8j5s
zc|pJPCD=WcJe5M~UFPYQi>jo>5+~fg+<m<C4-eaKCWpU`zf0f#VP|cpm0VH3D*X||
zq-}HYXwBkE4K>j-Q7yOh|F_)4?FLBT7v$q<cGzr8lm6P?*SoA}cZWphGCqro)b88E
z5sQu1XCf&gFATJ-AzdQ|BOMALS->vK->FR5VsbhMTR<R|V|fcqx%>PDTJu-ytGlbO
zc6XmvVfWlz(!nC#b3;j2&3@u;?I57anL~v0P@;az^;@{&GihZUBho+6Vy>(8g8>vv
z!XF)gF=2W608()z-O?Fq@~=zpu6=M;yuGu-PJIp8^%ta-EW`kqBtvsdk@injPmmx9
zm!ex<mc8?#_v&mZYX$A^>zy^dw1@&AYO(7E6x|JnzaNHhsP^!6Jj-sEZ%VDVf0mev
z@1%d+1as^6<yrX^gC?&-KgL@&e@(OEh9jx{@RGCEbjC;jMtZfL8C&XPMq=y0oeE7?
z;);<FjL{=8;<G%u1TR`<@G<Io6zh$$CKBw(FUucZleeC!jLH<8>m5@)-y;1zi4L$*
zEsPg`j*1+dPAl46=sK~N?GUF&Bnxo>vPW9^GzEXlRUfuF)Cm1h1CH?a8`aR$O`_P-
z@h0x*BFQ8^UAS<(JWw9YaYx1DxF{zAgG8Lb`q`7#uv=5@#%SaxCJL=Ry^}%VRbWgd
zPUr8?SL{pCp?`A=6-9RK`jMui{i#qnM7!D^*e?P+A3CmVDhsglj}QXUR+Tir#sT8s
z@&xTg>>dsrWaDdQ4!a;@bsi-2S9CL#fz>xgSmlPwSv%<5Yp-FkhcT<<vcxo8LyF<_
z^ethf=bG-nqC3@huxNT&JrJc`(cryYJ&EWqkT2N}YD`#5SV7nK=gvU74`vQd^5(82
z+(_B>Ukxznd2-wO-v}}Vw*EG-QS`pQV5#ry<;R0TQ?}KHB5uIWx9qZ8U$mPURXRTJ
zl`(b3xGNznd^dLN;YI#P+p)~)+bO`xP-s!wxkcNkN8Vr`RaS}zm4{Y_`mI4-qzDwe
zq>!Q9f$mWew>cKtei%uSB%P@cY)HguYAn7jY6FXO#u{plae<(<;p4AR9albTi=W89
z#)B(~Z4p7RbGc`262Hpn6F&&F&iKx4WdGd3`77MGuxZHeGq)NAdM|qZkd4Hx0be|!
zM!eBUlLqYw7tWMZP)HZ8oKSmCc%i1v?&j7;)03;Z%i;bDiE2dZo&g$VMRf>(VyItp
zWFw{>?rG+HyabZa*o_AIDAcN`9$ldH2m%B;7KyzXEodJ$yD%%eq%R<O4t^d1xb+@+
zWisY9-nIJENphB@9ry+p;#bL$_}WG~scB)rU~<KQ#Q-?jxEODmU3h&v0$9x%I+1}X
z{*!xodoY#j^Wv=k$qhmK*GuE^vM1#jC(X=e4}wFb)dT1;lthYorrAO*W4E?N2{NPs
z2J6zAWq*0LVdxv-dz4R@6^4}H-S$K@xiHBoywgSM3)qu_#EZH|>k5|u(q~qk3M(pq
z`Eqj|O$NwA4xFSh(lA*>@36Yz_^ha|APCZJnlA7-{EVZnxr_t#XgEuo<$G~EXIdQ7
zU&THCf{(-f*3pt!(KOVKiII>Z1}L0KgrdZ^lJ70~n%Uy)cP@Y_Ghjo*v`u8LraEWh
zsc;>IO2TdqTN{)qLi8O)DwBU#J?Y{yS7bP?a5Nezg0=WhO{6&=Gq7oVUzw}GV<aQY
zuzS|An{B*hh+To3$Jf2TZE#(Qn@8sNNMmUm4IkQTQw@!{tDEKZ&7CZ7Z|h=te{%<m
z2lovVZZXaSSjG*@r|sbLD{>*cX}YNW7VHxQ)lX<`9&AlZV{Oh-TOv6OJqK=rZ#;0=
zcsXj@tS;XE3M{uj@-Ecr<lWx%_TV|O<V9zbiY+-wj9OwBUjP37rweZA;FX&x2@+(}
z8g?LZF$ic1l~GtOI6_Tky|Ixh_3w%r*s20&J-BG}_<*lAY538V>A_|;Lb()EQ$H%L
z2Ed1!djKLgl<Yzm1|?IGTNDFnDK)K#1OF7w7E^k`c&oRyt<Ye(o6)S6PU8eRj48xV
zBYB<RCE~D8@F?GkjqaDiTgz!cB8engPi68khf>ZGNnbT4r3Q9Lp0VQ1DQcl`&UPzm
zGK}y5%WD9oBPz(jEJ~GXa-Rr7WB_M;82GowzTEcS$d4f2nOupgvN&a}l(wo=X8thj
ziy`rK*ceDR#-ZvIp{zs2;oZlRBVv$eM|Ri1z~RGd#y7M%9!B}H5+!3YmI~4@%`eet
zOk9qw6sAQ%SSA`^vuH!8_cDsBTcvzj3Dhrr(2GtkC9P$4xMqwvF)_2+`6hdpjzd$b
z^3<05wJu(7=h=0yY&q;-NaJz1$4yn|9xMBhnhlTQ%~-JRP+Irr@Dj;T{5sf2nKK+4
zELa%Ae(jW9kcv#2CtdL=ErjQi8n=dZP<zaSyCJr@%w6$9Hju?42}yVzPz{>g3y7vU
z_Y6f{i&z#)Rqb5#-qRbqprWKsac+&RxYg*4FgQy*4}d{igji|JqO9mRoDPvZ9OC=>
z@|bn1EV`1X;3Xmb8k0bE?jPc!c(LX72mJc956TNUo)T4P6ivfZ%rI|drZ?_?SDovW
z^@W!@h&Bg)CMhN5YbSuqX;yTvio)d;pR;@N&l9PCcN8(8ocK8LVHkV#=y6e?XJ&Wu
zXoS_CHKXt0-ghsnGurm4u~pSINDj3OQ?6-Zcm`mtTep?j4KVak!lW9nAv-zkag+h>
z>ogJpcv{ljcEv0c6!8;2E{As3D<u$Zc45x_r!)Vw+oDS;ea1WNAvgl4tUSuNKr`R$
zB5%m~-78hRjzl-rjY2!THjL&z)<3gx_c=N<(l?+&E8#;$%Pf2vLrI}apR2l{d)ydS
zuiB%@iQ11=4K-S<62H&~XgR}$t75p7>aznv!_al-^J45_2JU>>C*YyjD|loe!?Z7K
zp9*A<sDrdUPGWwMGBB<rd6ZqZ%A{Mx<L#7yYo<^W5eF%f<4_tZQ51Afvi!CSB$gnX
zD418dr4BBR<bN_bJi1uy4wExG8i<Nn^IZ@QPUDfI6Ot8^5W!NOVar08)y{g909Q3D
zGFbo)Yk#$~@#4FU7p>I)JD37CQjk(j0$f#jcnJHIdr>w&KdI7x@C$4l!_7?H(gGI*
zhvx?GSiD7g#BLBlaW1tG)M$dy|1RhtuWJ@3?+NEkG50}@(U2sZYSg?%;X~mArPS%>
z-~cGc>`qdlTRyo{H`+=Um1wIX=hOy+d%$a=ZHa*3Dy1L=3A*{pPSs8W(K>wS{EcEj
zVwiDiBHcb>#mT#K6#Fe1j@e(?>HoFLN$DV_XZSC!fw4IQ7Ny6$CcEPhGtc5K2jzmU
z20`N7UV?|DKGGkX;$J@7e)-MQ&7E(t>dQ*-@^sIq>%N562wU+W!JesI2g1HVz3e3*
zq<cgR_$PxBmC`Ct`f_5WpDAL@u2_qgKDj%8bZX87s|>p!HCOREU54_8#ZtZTjdn+o
z^JOb_89l6sI-ZKB<)x!1)NgR++$~Lx&q$yF{*aI5ux!3GzQ6WHnzrG?S-mg59OZr9
z6IfR}IA6AY43Ru3FWD5~Q&HcRQI`^OC)+#`x1McPJxgYWGImIPi#2|-v#?$<DWmHh
z8ab59YY37lS=2xa8#sKl*i|C}%Z|e$Gm6y`nKGARj52DM&(8mBzAq4C#QIi5ld4vI
zT%-6)htzHzEc`Du+mp6iPoEcFG#TYH34*~ql_z{?3sqq&D;&%mEtAE78P_Zvlf(lh
z7K|vH?Ca*GQBRkYM);o3ajEXGO$y7xyDC4=q6ts+5>4S%gyaRuFmqp6HGO#QKMY;$
z%&MduJkc~2x_@%X?8fD0ReR;Tjv7K5qD;)h-Pu}PZzm8-!-c=HpZ;`7o1M!=QAiJT
zz6wQ5d=sA<8y60yGVGV$=)EsRxH3NH_zE!0mV80;%D`rNEj4vLS)=(*s)S+8H;=$$
z{#!$`oJ?@;nL{t~nG*HL;QJk_Vb<lTU1;-WPMMoeO-}9O`*>%C@8m2C{_@3@IPCNJ
z15ERkxrY!HU|X1%S@RuhIBgexeR#H5uBl-6a&P?TI~3v1u@IQ!LD5$Wygq(guTRc?
zQ?Fqf>h-(v9?@gpDfO@ZR3``DY+*czi{u-*3;($9raCC+`_&iE@K0!z*=H>d9?yCC
zeq^_@CVy9&@7W{p>9erj3IMc&XR>o+vlep^rzyf-<Bl(djy@^*Od~NJ%YS@%LSmiJ
zecST^jRpW0*#}i4d+&zGqK-&!2Wx6#(u;Hn^zu%uQ8dBM^eXJn-i8d?*SD7zE5C9_
z%NmAj7l$tfDdk=m3K|d{44Ea}s4MUfq*aUD*lqy=2G49oC8h8^<60~hh*ao9R4*L2
zWSYXD%Uq6MfOG<+MIp}#IuZhFJjuh}Df~`6Vs<X%v)Z}GCh1x`kKO%B{B7$Ar*yE}
z;GoOuvbc#%OJ}u-t;^|m*0p^^hljJNMh4m-lmr%72xVaispXA@Eb5+lHS(8xU)8*X
zUq0IVs*<Mi0kd7y#X*qF7M6*1GWAY3B0*>$4bx!JHI;SY@0^B@UNbUDz7g!ali`q|
z5&|I(MlGe$T~vqyClBe%Alp9o$Ivxq?xI|N(tMA^Epb2PyDBG&0_ps_^1h<;{zLga
zhwPx@Rg!>T>OORtR4(6M3O4|o;4i*z7Xtg^ASI<2;WgQ{o=+VDWjGQ&x;)J*I=fgq
z`&J0e9hJ=1e9s2xdPg)|=sH4^nG%DoSa-%Q);(V=>^EZ^puGBCMC^SEzd*mhg^r{P
zLdMfwtG99qz@IRuy-dM$rb$2;2cw=JG~Z9p-{6WXWbBkc5DNk+1QKF~G<&Z{dhlf9
z`R4Yk?bY3H<ziEO%(|yP^F48x@UnUMRo?feySiV2Vv#fz7q+#vzFsdL>^?X;Iyr$@
zl~?u2gFiiJet;k0-@|sZ9i1QvV~md52i@I@9DJD}(6bf9^<->RYdT6>U(A;=mDO(V
z?4IC3?FP85u&h($#-p*LI$M*pKTG;RvFuB$)uHwWZC_TPDHj=E6k0R3oD!5L5<JgS
zhO2g&j-dq<pEoV0Rxw8;IaW?89qp*t|4;)|2<hoEI|fagd8PJ2xH5H+TI}naBZXYB
zSK+H}`?lIL0@ER9l<mL#F`uA~{FqO?8I2pjrngqyl`2g7M--(8bEPiH$8he$Dwvy!
zv)p=_jo}vtb7cwYO{R;(Vk*(m9i;<51!B22v_ZZ7l7d<Zlm(`=p0^h+BH>4szBV0$
zdi$&W!A{&zxVP4~cYg5Q2RnaL>5por8cu-R4=>bA&hro`lcJj;aWGTY%ile-*UNtd
ztn~o?LlDs`IzOct%Y^U%_RA2>PZV+oJ`s`ANhnfgMUIkDx(htOXPGSN=SbT{&-uVK
zqXYH8qF_c01wx_Fp7ZHDCOU{0lP;+3lsn+=DwGOR#ZaV1GsQegB<-P!h@Y^&(RR7Q
zxtOD)oW1P~W2(rag7N5(pDUfLI=&8L76%LnicW#h=Ds0rKX9s=fUS480$~f^ibpCV
zQGiQGEd@0JqY-i%))tvXZzyef`s0cQD!r{vO?H2)6zKXS8m;nEvi@f4rTa{QBPB^K
z08p~rYFx8$AID%N-%F{;wPXWJ2_l=>N=;B<dg)2EUqR662z6eG5EkPVM|oZB2PAcZ
zoqL2~*?t_yC78aDN@w3F>m(zD$Wfeq5EbDXiu@B8+Npd+Ss|?@1F+h+g(*M+yNT4k
z?p7u3Ss~OHt+AU3J2n|?F39&=O%#?{qOG1S(|}QI5DAcBaL{D-=iP|JVI@V|9K<z8
z62h71<HnMSm_N33qJxhtUa?qDv)1oL$4-QEM`hOy$p$vQlphB8lmPq7L-=Z9b}x=>
z&{H(FHg^Hf+#~+ZpY&atgtCef0DgF2*NNd2pc$1!9uRa(1XYmgEl?DC72Hr+s6>gt
zgVqY1g=tdjRccNhGu&x;m~bw9(f79!*dtlWHebss4`DO_w6H~@2hNjN98$XWyS9tN
zt00&U1FxBY6vE^dK2VI6?22g*5}RLQ4~vvtSFfzc+!u7&+|tebq7LX0-eF;^`Fu4y
zzC2uHW7<M$%+sYPs|M>LFH?-MiA)s#3eSA^#o(Pf#-T(>Vyfdz-)5$B@G$L#%W2ki
z=Lb?OgG)xZOt|)9tc_(NIM+`L)+&7s_(28bx4C}wbqo!K`W3CPn2D=|naD>uLq`}m
zbac*9cHtMAwWPAr^Zb+WR0O8Yy{&U-^<Q8h+E{M>gobamk-nT(!|610j>wML{7Gia
zgHFTV{P#~6a<H$|*y8M8Si}T%+&p=$$0@G-OS?Vr#A-(E`t!{&fH}ZNco*WmdVu1n
zc%xY4-nTHg%m>gCEd5Asjss1Dn`9jcbkf=iQ`_N|cZl@LP)b^BtmMA1k$Q$OjD1dE
zb9ANb9cZXZ8rcT&q{-FvD{*8qI-EAptp-@sznqkM3INFIy1Rombm4ldfQ`nH(Kp?F
ztphQ)dm2GU-My_}-L0LfV=pPnlvR3td1@X;u8Sx-mA4N$7K}$sH!-MW3p$qNS_%X@
zOCdD4$HcY>zsa@2o=@trviUF(%q`lH@*8L8cH7ozV;hbL9Fvn}ME+;j3PfVgtjv+H
zg7lENJOw8#%oZE6(6GX44nF9-Q5FOM_@B$g4^5FV6H;{FJ2OR9O1J1E2^*c$T^hj}
z7#f2vsWiCv`~cn6xamE^qeY;@qZ2ak6*s1Ls8Q&i=M#<$?V{AZy{BhKBmf+%h}E)8
zZ!8~htHE$`nw`0ex<<bX)|jYDwKZCrjj<Gq!TlSxeQSG*YVZtAES!^URVYU2lybl8
zaEbltnc+yM>Ust}$2~;_W!WY|1`sCH2-EP{cM51BB#yIC^o%AVol)=&o>4Cec;fHP
zK;!})(9}bYiZLQ1d7J#5Ba@;^+GE0|#7Ef~O57!zntT~LUExBDYvayAEt&V)AqQg;
zRuIETCJs_l6AoW$D`mzbAJTiv3xEf0-?eYpJpylzJcWy<#O$^rSOMOR$8T<Xe<eNC
zeC=RGTjy{vNb`g=Mwh2L!co-yAbr)YeTcSp<mQ-?y%A{gT8WEyVmdtJuIW5HNGdKY
zj>3lO5iEdy$Nm#XTIv>kCcWq|l|G6DCA3U8owKQ~2WcyN>Cc5BB9lZDY!@rmowH(q
zEQ&H=wqlN9$VG|NRR4~2J<ntOfOMsZFTxZTVE$*%cX7Ya8O*}y%x2$mx6W81MJ6$V
zP?Jv@iSj}jCYJmipTkWx;cZHHL90$l)0bDuTY~!~IXL|>Dp7Agz-^hMRTmy4oqRwT
zVpIlers8!UH3iY-Z%lUHi0sVUgUbhgXHsE&jWiZWk6fYjT+G_13uQ`PIS~fLIv$(-
zo_oe#8$1yd&`VfpHsAH#W?8Ld1}SJ#04uK6Ta%<>Ao2hPH+(0?wVSGxm~>vX#2G|)
zBjP)dA>(B68LrZS4m#w#{OA&tq%1hvpyR=@UD)C9wD*a1x)Hi%kvR=m!CDxQ0UPds
zexK+9=xP!?eWTaH$8u$t`zc3r2sd+_rPilVbmS#<mQg3oWS^AeAqc_b1#ANOa#$vZ
z&tulGr)rX2H<Oi~qZ*LAB<Io)eAuO~!n8Jq+Ixq&U)tREBx}SYhDDV2J9P&YV#Of2
z{EAD=o9DGXHAb_Zjhva5IL4D>Lk`EHJZHqY#rP@2Dk#~R*rF=vn{nZu`CxaeCih0$
zLa03t#t;`!J#yx2W(Y8Ju;jgC9W}tfPkH`|PrYqR>~I5GjoG&(j}_!~!@4L#dU2~(
zSGrknr^L@t%1(popty8~uasi9Jy!^Dk0V}OZa8)+mQtc@U0gvQ%o%ck@kigGmRW$m
z(!r;C#Ya#Ij+x2ho4S}Ib-yx2<#4A`EK=%&(@KKmP~C+S4m&#zXL#b%Jf4H!zzPOq
zNoiFT*8p*Gz*o75J*jPxizgTqNE!LZ9s$6OV>D`xu4^LQ2php3VVXc`$jq8`QE&|@
z2jSBVs9K3yZ{=FVnmNT1Iii?GgHGxLnM+q0KK%N0xfyKrf|PiArhha3Kpi9_e3&|%
zjNViHy$>&el;C+DsKfi3GZq>=aUFbknm;#lLlCl~sq<S|_f$i^`x~b(X$&Wr0ReRU
zyQ3TO?Jwj~AY}769;f43V<E#*6o@7enr0dPn!PXL%;{2gN*4|}b@3rl23KULH~p$9
zu$8{&f&;z1T<{&^`lV{`!#k%Kkk0K#<FDpaQHrNi{s(}4CWQ_MpWEiVeb*4%CsdHG
z^^kn_ghDDYt;H<Q^j?kCt-HdL*Ft*@&<~XP3e%>tu8}c2WL~;flO-ANNK`roL&M16
zzONk|8n=M3f}KJom}84M1NO?CH}ZBCD(8aZ2XSI_2#fJJeT15-wln3K3x(upPp(G6
z)7Hs~M+534#K`8r);X*4hm|8|aYp982#^Z(fj;MjZ`@J(qBOJa2K@|bebY<rev}S3
z7LZ4M$fk_5KMh&C-b=#^|CaD)(jrZbf+94H^F)gI^Gl{2TH4;+YuB6c5Vtfd*f^iy
z5p;XcMev|*5(l#Trl0_{4|h?77HNTG+)tZ&nI7a!r3-`mtr#w5Q~jy|a<@$gsA+yO
z%W<z>Si8y;wK^?#+q1uEB+)4=GO8$29I(;~X6t6TaipA*yD~yas^Vw4gu~FP%hfgm
z9-0tQiD(1X#RxG81*Oengr=kZN&9ZLf>JJ^Oy1pI{u)Kbo4V6ftlos8r4fG8*w8}F
zLqH{#3___ElMtd-kW(T*K0??66NlpI(J@dd+@cFbN$3~iW_>{7xFkviaaA-NoRuf4
zq$98wl)$Yg^Ms{?nNRTpKmvY}7g63*`AyK1JlN&VDwuvm7iuW313rwN$N+=~=p$CJ
zi^rh|*_0?yd_tFdwX1g)fYgfsoc~N`-$A3;1uTd70MXRyk$OjGNPYp$M;s(ud`M$l
zr^`f5MsWSnJQ<ZdDbtDkcm<b<3Mz|Z`a?5{6g52yKcEKPl>XgJb>|dU0v5PNG3`Cx
zzK>GGX2_UR9A+8VZAl17HZVRrl7T1>aHzDk+o-W20Edwd_$(-*LiX)Dyt!68^MQ;s
z+MmG^F$E`RFQ9EXi?>r-t!CFBs?7uf3TH=!2Mk_&#!8SG!e~(2UWwTY->U>*k7QFT
z3^GH4i99^|g~j=dO62&*hoBv@k|;sv%@E&uW2Dj%)?Z&3b!)p8IO*ViL95J3S7ZbS
z+bG%w)&e4}gg@957yW(Z7cjW(`|!-U$6=;YQ(aN9k312z<sa;eWHOMu4CY3orDv3?
z!_#811_k4wNrYimujd&ab2Z?)32frNqQgK9DHrD0%UCsdRkFb9F&uG2zwA4&u)b74
znE$HkZVI&lCNoBN6$tK0IJq@s_`8T;A!komOD6M$nam4^dc=8v%n#Zmyr)srC8svO
z-!D(iY$75P`RmP(0)=tCS@zA(P0=OguW(W7?2D<4B8sb^kHdAUOM1)uSX<$@J9I5y
zH-&WMZ<+le*WAdWAB<dFDgl|cjhV8{eb^c3nAz)xOI-2a(#grv!9nxm6tf_%b;qxl
zXUMQhHTkoB?RX%p_jB_f|Mq{cw%`9@H=*0pirpkR@s6(NNp?g143Kkq;tip=_|Cg9
z^HDs!=08{&PA-DQv@3417-dRI>!CWH{l~xkKg%WW_|oRV(sx0FSJ>bV488YatP>-b
zwq}QugQagS4`)le)0Ot#_VcBZ0(5B|YOvCN@!1!@Ui$pArO!WaKmUB?H-G<se8%aE
z_nwYs7fX&Q!s;<SUupm85|)*-dGRae(9-tHKl^@JW&!U18*C6_h9Xk;#$WMuNVQA5
zqzYMSHwjQ8lSsR8ba8RE^61gKckh-B#FN+K_f&E6h)+-Xxc(Mt_|fFz(PFJ`1xUWP
zg%^D{+|QRkyQe+EURc@%S8=!-X!jBOYI6EJdD|%^=kJ|?u`8!gDR{G`jZ;i=ps$to
zANHtuoBU{_<E6*wi*Q~%J@f7C_h0-DB&0XLUpQ?)`F;EO;_vSL^U{-0*=uUHr}k9(
z_3~%SpWkcly{z1dlvxrPl|!{%*h%=A&okCbbhOz1<^M$)t?jJu*xYZY`=CA_S&wK3
zI%MuUy$ogGN?@6lP)%YL#U=90r;+PG3?(v{U8>{Bj}Ykz*LXF;*`rDVAr0X5Z1f|N
z=fo<I<H>USM?&&0CRv&<2c`Fkyv3n^f@Kh_jcfY;rG`MEi%Yl{HH$!n4uVS6?vu@(
z<$L$GW&PS`)3JgsIB6&FCvYc|Gc}EncB(VrX|?nQ%?b_JqJeOWAsrSRAx#?M%y6Uz
za?<6rfXf4mogEvspi3e|)v?Rd2Z&l!e({%ozkOQ*p7j2~#-&(&fOs1+2Qr2o+PNh4
z4X#v*8f_O8<h0nuFLYBLSIw>aew!sdq(_A|xNka4gFsxs0k+-P4~1Z`yp}})66OXS
zi$Mb3o!R=)5VGJ7OM22mA2aXwpP$8?qwqVW%=kW5x(ZY*((wb!y8HXs?C*C;g6^|_
zU>rD334;8We`m^W9RrIFCcRLEx2Du;$y`;|laUc>gu-kh;F#@C0B8ZO3A$|ucO_-I
zwb4Ib0)aq=08YsR1B|Z&rb3JWY__G2UOp$3J+>DhP$Sb&iymHLy`xWA2>ictYtzlW
zXJZ<INsvwkZLo9-fU@@|(|NK7vSa~bF*d*1;@Ivl@TlfOk_HEHamvfqglOg2^ff_=
ze|*~RIFS-huejsPFHE+q-HY{awss!2yO;;nnsQdpF4#Nm?OR-xt)5<?t34ktLWlsZ
zosD&*v{TMs>DE0vdm}O_i08J=UJ+6ZIPeK;4>gbrpEei0?QL4^Lz+Ln9fIUvLqgSV
zp93Fc3(hJ{eT9vb!=ANbH4j)T!27}czE4Ck)}bdJxZ#7^tmkK~%IUvwJC~=ouCT~R
zy8sX@_RytA7A&t@Pmr6(oC`ZIb~pZc7w#C;G@>Kx=-0qhBb?wy?e~*66I?(*SxnP6
z(9}OjBghiJzqqwG&ArWlTGmp;q&JB9sTRJ_I!gz`lFTiY1ivXKGaDgGcaiA0pjXA;
z^C=<>xPaNdp$J?#5u3wS_(I#~cA$jZx7U_fd(y)}=_39`IAL_WukBj)GTJbpf=pzP
z2iymY^FBnlZfwg{Bdpwop`U20M2|d$tQiuZyyu`WcxSL=qQA!vp2O{k(_+@FoLxiQ
zh1;4y6c)$_uvmCS@)*5-1(&FmP90|Kn91?2Oa1urR09N`LzbdFLBEf&-6vbAkOK?j
z2@@gxeEIWs%wNz;>_gCwNr0AQd>0CvCsF18<?hzQ_D`arpa1={hwZb~^)LRu{f~e9
zzhY+K7yt3r&fiYuzJIdw55MVZ`OUAt_`8p+Wrryv6Gd(^W#2$}Hqqh~?o%lxgUe!$
zllg5I&MyD*Ke2DISkRpDTb*_RwJ#2{a}){$ek4RgypL1Wz+Dji2sR1|Hb>NVAT;29
zA^BnRW~4;4E5rgn@MgJ^!inR(%R>@y&CoB3T6+|>TjMvtStx>ZHZFa}mQUy5?xZod
zwUF(@5V||@Z4Tc)<)V64CWFl}ZAX`T=B#r{DrfD?KC}B@F>BEKI&;|yeXO%6C(OYT
z4HwtkpmJs?RYpDM?9+wN=P%AUc>qS~^zf_xj_X&k!z|7?P6mQZqi^A<v|1;Zmdm>#
zb!K*%{9oZ^CcF5!IE{9%i+x@F{<?PjLoMQbz%ptn>Lh-;VCnUi=KSujYwO0*q4Bt-
zCEk2QJ0x=!>%%;H@$Q(%qC&o<x$^pB+7x4Ydz(NlhH4IdnIehD)tECu7Nzq;vF>aV
zfJ~S5?QcHc?vVghITx*1E2HcnrR{^t_T}E5gcT46jD}-R(+u${G&{ie-d9G?gO^el
z`PFSu|FrS}V5TF~?C_i-s2m!A5Jq;q$5Z7(ffyFbt!)o37e&B@7T+;8!1!WXI^OT~
zGb$2t3b7{S0nu~gmP-LS(vMoKWW6%pT{T~xg+syb@5654DeAvVH~}h&{{10Jh~q}=
zfAIVJwa7EnRC(~okp8%T0#ljk%}g;isZNOj`w`3+0S#cjaAuGL<~~fmrK7jf0?qRs
zavXpJFZY4TK1KyStP*%|d5Wr%<}OdC)v>(dhc6$Ubwi3t*gTycU!0>T7yd>vGHoDV
z0abYVK>qM65+WrZ-M|fT1O|&szubyghG4tALA`CptW8W!H}6~MB6LU>n*`FMG3(1j
zMg?56-#30m_5Ck_c^rv598!i{1}XQk|H3iuAAu7z86l5(iLJF`xjSO2-Q-D}7Ggb|
zhA&|S?*u<*nk^DB1jejkS&y7}Nn@V8gmy3Daw|qcd;ucA5&o!c=cZE<<xu2~m1N^c
ziy`GiG-Z<2uU(*!m3jQIh9MBnF6YJ@h@mXt6RA{?hz;Xh((%|GF?E7~iYI^i35X;w
zp<uiH`RDt@!(Sst?n6}m<=I!ez-Qr!Z1q7^X%o4U`U|sx3eb=74AZuO-9dNk^P;S=
z$r$NH_I9+nI-nKjLA(BUak$KHQ~?hKi!Bqe)Ws9*T<<s<P&>^1`ts;ED6f8h-`~^7
zk~(nzt8Y}D+I*_ffjy6Y6I(Jz(4PQ?{wfBYozOg#?+6+}AeS?Px|{aYEa$Oy%4!*k
zupi{)L?6Zf(&Q?>5H6jD)?$ziJ-ysnu#Se;bf{qPj_1P0Jfw_pe@I=I4PiITK(T$D
zF9o}F|0|M;b9}7Ud(}x=J~#`t3WI`@lE?Q(an35p_@uPAOOJb4Kk+KUP01+Wbkuv7
zlVfQ@`^(Of>O39X$W%+2DU`WjY#q}GDCw=Tk|VE>C0c=bszb#|R{~_&e$4d93gtHS
zD$T^s>XsJBtQ^)EIPAOVbZ&M`jZlldXaHqt#|@DfCQ=&+w|sHKR99dVl=gsai`#3H
zTsF%*#D@d5yN7EI=)fRv1E&aCW)~lT(Jn)shg^O2st35yhXh-eYb1}g@jE;Z7!-x=
zlSndh??UFcE`krT^ie?ub3tl3X*m7+1d-m+l@FJRtQ0EaQ6segIrE%D-+41U-&(F4
z$DmA1+Ib8>x#rOZj5*YJ^i^*Lj(+>qlj&4h?>2z3qZaZ;To+FR6|m269M%{WE*pDG
z&Dq%?bG&*6@EoS&xfh996T{H{dR>wgV1}R*;Ms2qbv>Gv<#rdf6D8zuGOeFPeunEG
z9Uf0{I>3yC1gDM=D0ie&XfImu*#(o&|2l!^Vmdu0!KMQfg<|^Ag!*nU=;(>}2_VHN
z!`cgmp)J6e{JJu&Nqx^&<nfIl?9~#!9Kj%+-T!J$jym40I(Kvk#C0=7@>We@q<6e^
zEqm~Y9wYJhfof)d6qL%oj6^rLR#QMCL5qPJ{Rf0mjc`B@JVcy;c*B|^It#k~VEy!K
z0CE8XBPVza`p6>6VmWLKUXrL;<8{*yd0l5d`LgK;nS97c2B@)q_$9^q+f9Pia$XOE
zNLD18Bj8~1kH=_pl~o@G9`H=`MpjBH10L&$y}P8*P;zOe2Ffqw3jnwl)4`s9Zq{D5
zf8|+4AY)*qE1A(!%iaMx;nDQyD5Iha4p?PA3gt{uJ%_s7ey>0T8Hsd$u9rscP^zJP
zy$;^1m_rckY*6lgj!JC;dV6wO;k^b%w_;V29r*26FUIy~@#rb9vq9~^Upm&q7i-S0
zn=ROK9=<STmU9X;ne-VXp%%U1S|H5)xOH&E9$76%5sj=49$?iuQ|lClUy=QnnB!f(
ztWH1K@c>n}Z84TJCe(XA5M7QOMmIhKGSf%nFWwoh>E!Fu0esVs#!SlOA_$%<@*${l
z;l+7|e9wx%chx-VFP_t0k`t;x<=k}cMEHX@ACo=6x6kGB1HUIThqCCTk3>$J8j)oj
z5SFib^~bZ1KV4-s_JW|Z4u7Rz1e}}MNe`T{32@69SQD){Q%G;d2~tZ-df@G0oGMFD
z*)%<@stLi8H!A-0f@9-&?UmV^B@V)N&H4nRq0%+sS+B&<<s|8Fwb0`dk67Si9{7S6
z#p_?1+YY%R`2#{Y{;(gfq1QsQuHz2+4Q!OuZheNZ96chJSJ7ayZXOy~QlSuJdZpXc
z)8itMetA6kYA4`8(^p#+jB8j7$$XbyqVtuZON=QFv&@@$KurX1Iqi)FQ?Um*J{5UT
z_WPHQXvljK4w%b4HNap5p9esKKAcF`6YkWy9-?YYce>ng@0{)ku$-$=A#y5hN28L=
zH)WE#TjOJ43q=*Vs7JwwCXaD-=fG<zaU$oC=27|pF@2@6FCUf3v+Pg^43T>VEKG8!
zJsoeEy(Sp;ot9d3S(C;nJZkZ;rRjb{sVty&lpK<B(vkHSaY-P0_Kvm~WGjdZLoVQ;
zS)wb;xLk<&V58!etU2+%%eOp-!-I$DpfwWg^Gy6{#DGcwpo1FRJ7xUN?W(%Q=$bZ(
zn8_3VRFeIP*N2;_PMrk);-^^OC9jsohXL}5?L?**A6s2m6%cyw80!J6Qub08h9V|U
zLW7KS!c-DYv^Wtf9~`aN49(7M+vU0BgfdA9lUpoo;Zl3R60j~Zs9lmdY6?0G`OyKr
z9eBkT+jLW37+o@#!+gWcKKeC|v=Oi&-Ct|4P|(e-?dLCcSD)>&^$Y!d**Uoxk%15Q
zcn8eNl_=s3Bp<nbltdP)Ix2)Vs!mVY647U);+&RVj|ThY2Z2c*coONY4JWZ7vSLI8
z=2rmKlQTdq6*b+s5qc~pYf;(CZV?;I;#Rsz@reeervgMnm?jd%X3D6JTJ8+*Bh10p
zCyT^8GNOG>ry%iIe8QoGMbchqtd^2Z$4V*qGV#WoaDXwE$pykPMrBl!kABjiBE_9s
zRPuOidmMQJq(QV^iQkpx(*?4!J$t^s@oIH@d*{`&)vXOe06$$|!_Wg?7M1$4+$edn
z?exZ09&wK0^p!L!{v*DF_X|5u*GV6+?!Zli4%){wBDD|~Q01b0!t3dw41bHwf{q(o
zQokRzkDsis;eWaJViWt_x;D1_wQvGxND84UFr%f3aJtz1?_>f+aH9d)IAudawahn2
zpt!_HIfNRejnf`!yfa`nOT`n2RboY$6B;7tI2uo~k`rYr!y5<=+dNwsj}!S}dS7EZ
z#X$*&$j>2CBmQD~!5G(k{#jg2nqSwe-<C&Te)%QPae&U{eA<9`%l_HWStZO%Kt;EQ
z(0j@q3<(Ki8q=2+9xb9~Q7Sy*w9&XZoDPla#I*N%)m@dcvCT%u%4`DbNUdmpJu3OU
zPDY;y8TG%1QE#8B6*z*hFI}K|E}LAePo9oEz4qy|1WbAtm3QA++j-HoMk`UIGUeGv
zp^EOaK~v1%HaezMPYI@_waox-M)umogDpf4u`6bm*={p$z148xlJG5E_0gCuoMp-!
zY@QZ{XZf1KfJiNPeg3uG1CX$g$=!(wmhd6Nf9zy=<&=GHtns%U2ep59IYnKpSQbSP
zd|gKO$FQH+YeK55w>Ty2D^0!}q$+3?Zwl=OY`rlCFOCkq0hrdmSr#M%Hd>9^jAd*r
z04R;i<ZalqqD~%`4nESiIqj>vyBp8`wE6tmMvsgPd&vq<uxD#iN~=7sFgGk#tdk!c
z2%NagQF7L~WFJ6{&qif9H%?o2^;6u&b*fs)y;uh&7zE8LQdGuZ*@fl1z+8oSd9u=!
z;mWks8z>*b_g<c&innRV<LgvbnJ~5(gA!^5;^3w^vy;_V&1$>!Cvw=!Ax^yle+j4g
zgbrO{y`ZC8&VG8{{N?}50@iuxmA<?7c|ifB4xg(S?klW}*IyaYV5d;RaXjVHgML~%
z1qYCw5~lX-Wv4bCxKnasaQYP?cKTdvXu1MYBl+biMtABdjdVpy*XOFpftzQI0n8QX
z+6YV7jjb@QLeO%muaD{w4hk%<Ik;BVvp&7?RqgkUZ|k(*{BfOny)Gue4+6stMFT8u
zs-*N!i+inw+Pxd!*4`N~a*=y*fhJKt?S)afX;oDPnMJ%PwE~$QfD`k-9RS=~wAe;9
z!L^RMjDt=<kZ%C3TWh9xF7+?$h6sd|8aDE!ps2krt_|o0MTj|(c?zfG4AQ}Lj6)CO
z4*$ey3c<w{s{1XU`T#u{ldDfQ=Ofc&sqC~lA-z)lnV%BJE;n)54q;1sy4uMtogwL|
zaGVH&`{TaQ&kuHD;x@w#l0B27LLVihfG-~0kGN!6c*OxRJXV*W7rVYr4$yGpD-Qm<
zt>?FPKtOWqsFdme&sI~0XwL@k7@FXuLO~eKFaHugTF_Bgc{*u-CfU@vCb*XqKl<NP
z;HsGKmiJ|IO$&m)9Z%id01I^q;x~5a`rNfI9#E+HwgPGX_v`eJ3il2&CqP}9K=@#=
zG_0Ny44#lPijLe;64C|=Y?aT=#jc^j!E{`E`@zX5dyO7k`?x<5*IsG^chhj~bw_?Q
zxTj@*h@wK9k}UA*8u}~axe@#QO;BnM^Tr12C~tgQ2Wey+Wc2z>bb}?1QIr+~xdd6f
z4vP~IyVz!5eie@qpyiV+m@Ib0U}ry&(A7M>Hgkh<#7#&&3A*B6#Lf`9TNm3a@PV?~
zP}xpd%_U3M|FFmZbmIz-+4Rd0-=$ah%FafGlOb}$PCTRLMLI+&X90qzXHBd#xLY`^
ze%Wjs6ISh~ggM|0#SGa?7qLu27baBkL}tQ;`QJ{?aXr@xQLVyA^pF`qvUfG*D{5p!
zE^M?psC>D7nHZl@fbdg)D1_Ll2-L15Ll|DvdI+YP>(McZ^Kg`eCJ;%1gO9gyFXkrV
zQ(~kkIpF5bK}8PJ5NWF6IsKv%LZ$Y_P$8VlCu{nIwPtKLe{(Bd7o97g=+rm)AET_s
zD`mQ;tB%@P{~_ApFnO&gGA>k1&dODyMlNjG^rc3Yuix=H#*p%6m?gBjmLob(=R5m~
z#5A#521<y}5xz(NW8Oa;H3V>Dp(i_HYIIXa6e$pWy{!lm2|o3AcByDq3<3|j-OT)u
zjmRpbaOo~ODr*rQ;4WTg_Y?x{z#qmWM`8n7GBSM*uSPm)Yt&KR*}LBG(!U}wLtQc(
zP(!AZ{NUj756??TUA=GvL54iv24eyq6O~yhI<+JD?GaZ3Mi8qw8F^eOMh^!mhw2o)
zKuq##gmT14T=l61b3v@6NTB3E>h<u9<@7+11)HCQNTXYigHz*eD*>mt+%w7Ox6rV)
zpa0|Mgh&z|`S%&clfe^p5|4;Kya~WmK?Dj7w=A*vMFIrz%PgpY-_HN3YdfW1D9M3w
zTm^Lm;lp+nBo{d3i<S0;L*C|4N-%GUE&>a6tfRTKV4Wj!1ax^Lox<^bj#8~^qA|pX
zYW1##wNX*&n9^o7wb+fEo9MECSv~za$>EyfhS2;dqJjGTEZ><~q@$?wN^#96Pe@~?
zMv`GL7}OH}Kr9*tfednK9#8P=G`~z;E6rn0t5r2RgzGQ=K6fiT*Q{DlI_zTe=s|h3
z7UFg9Nw}|eCFV5@-5YB<s8xQ_GH7*gcH}d~NLpFKHJ_!qU>VB2WD0gw&Xgtr)|=CO
z6!teMg+OK@5%nIVh~FzCjzr2`bT7T9lG#$6GP_XFbMUb+FI}A@Z8YUNL0{K<DmrMC
z-mDVu$E<rKv5GZvBG*hNlhyiAYQJWyc*ADU;)sP*X=W{>7{xCTo5+{(VASjofSQ^)
zfdxGv^P6-@P&09z(jt;lQVvDx&9vDCJ51uQ5skz(NS&XUvIVaqMIXF_nRoH8;AN*H
z<f_@7oSA5JasuqVBrwg!yuN41E+!Wkpe>{uEfiWSYS33xF(g?#N8($M_!tLcfAEvt
zoqvA7;6?hOcg1%a_?R=Cu&4vgIN)Ou1T<n@wYRpmo=6j8CO)KQe_x(&!0g_b8oY+d
z(W}n}JBzv7beC8~rXg9z4thW?**OOcJ0=wFY;Fw8&8pnqah3)zo;E1|WcA74aru=`
zzc^z2Ds1?{kV5q%@AZz;cEq!w0QOA5YT77&L^+G>Nwd$t-)Yv4(25{#)r&xf_!6Bv
zu(jy5W6v(n6&r;0q|g>6AF>Z@3_(#Glf^=@lqIZ}ph;<btsLbT>Qz*aoeZSA6nb=7
z#5pi1ca?g?t${jphQgg<4Ist+Jy|xjzE*gHxVNgy*F!l}UrZN9i_Pl!zT!+@Z0zjD
z*^@#|!il}-81wS!O~E|bS5TFwLvapXzptB{N?!s4DB5p)S5(tu_IwEt$|>%P35snL
zZ$xm!jnzbyqWSk`8^)dFtdcJ9^dmNc*(%=M*o-_eBT{vD$4}+H4$&aVHg#!=<#v1t
zw$X>i#SY$<?sB5QgU)s)maeKnKvBWK5WvvD%Lq>itA~t8bD$c*E8Vj6JR=Q|5CFJk
zrIhzz$WkpBqUAW3>%7@a<u)CPn2Op`vs$!86vCu_l03}p(oq&gLB`$!b<)1|Wz+fF
zQVGCSzIe1lcac<N6*987Zb0l?FP83;Qa%yC(!@7gY)z78z^`W>WW=Unh+ebG{ZgdT
zY<47vF<8Zr*h{|IQZ#MzowYWx!JI9y*;N<V?}0YOGhhOSi+CXlpf{#bh0qA+U0k9o
z3L|a#T4hpXEstou1X>tTCe3cvWM75V2W4q7Y7|cN>D%4iZ6Q6V#xga%!H%wQ2}Ec#
zat&LFOgnrfK5@Cl>_Z6d3bO|v;<<76_?&|rgiur(FDPXMwIL3TAQ`f8dzEf5uUvmG
zIViv^Jb4jIzRbK`D5~6@{f1^cqRU(*XR<AfaBV%lnNUmf4c6TK@&oE`))Yf|I%zf#
zSW$z@;97ZO&^FF#nA+<uQ*kBpl8)8`YSt&sH&?KA{www<Rh-S*&UgI#-bq=gQD)C8
zKfq7O`N;IrN@pK%2MXstY}aua8T$0p3CPNY?C#APd7hYh1O{8l1@vjb{(fth13_0$
z31vfn;FB{M_8N?l{Dl2UGHiON1DhwRF0NeA&+rH7EbB1dg}0$7i2^huEV5D=3$QBV
zb<5lJYNaXF)X?JcML8p&HZ%l9uXmu&@<qP~lY*|bCOt+>{G1}7K_$xS-c??o<Z#Np
zbC}mo7JOEljNJw|2LN=H(F#mlZH2x}_(F0HR5-B<lSDD`Cu6A{w04%OfF)cuy3Hei
z05eDoVpo7SC8n@)6Y?lX7c(w5RD6EvU5cAcY+`m7DHlwy*`Vw=&;%_h&B^5n_pxta
z(qjXveq}62pJ(T6e3*<rL$-L>Q<Qm)owk56LHNyOu`^)~q&p8C0sCfx_m{XGw(}5A
zlUhZa%fcN@h+MXngh!MBE)1;Ehc-_QtuWXVP-Jq4lqJScoiNHU-XXSL+}oc?KtC0C
zDUK_G-puz}F9B6eZ<y|?MXDP2ZXsaO<LkiXo&7OHMY0NWNps2BYU9|qWWL2%NESbB
z7(pbWmb3)7UA;*sDO^-9*`T#a0TR`YJPqNY_qE8Kxx<O;T$@}-2;9c82u1{ugPDw3
z4XLrbkp?pmMsPkt*~yBe;<tIMwU9HpxH=i1SV(CkD#enUmLM3P8UKnh9Rmws0kH()
z1E`?}%4NM+hfMjZx)H=(l6rK^Cl6&$IwvjI2<K)=%21RUd}Y5|gq0VUj*hE9d{hTQ
z;?%13g+TS!2m#1R7*G;mIs3v!QnFUajs>a(+p13cMp2Ebu7~F8q*b};zo4!%Q6KJA
zFdFnpibwHVWpK<D_(%(vi^@J{l`cM_cOARSRB6SR_Jgq0vCj8T^TS?YbHrp90Ln?#
zYpMdJSj+{`jC7!XsX=8zi~30KEb<hf)|n(u2>fF*c*?TJhAy8-MY|KsvzNwI11x3<
zDJDJ>?>Wxap*PAiWW3qJGT^bFH>-+|LGXvtk@tna2v7&?9hRJPPG3knk^A4Z6SpiG
zyv*#ZvQ6oz0EU3#@Ok(xh!w8T(LJq`REibAEJf4-O92Y9<vP<kfX}Q9fJBG2m5g2x
zYhFWpqns|7jKVxCAbE>ZmaVK}_CbhMy_CYS(x2%F7`0gxSnOOeE}_Q}!r_%U`DT@+
zmS7z5&Z#3UugRb6OKBjc@aE7vSVNE$&Ehm9GT0?qN_A?a7ZOjmSl@O`yHHc0?cSG6
zs)z)3$2cb47=nkYq}DNj2wuwbAAmSH8>n>!n=Du#S*uCym`7+>DhP$OB>>Av0c{F&
z&f)236+X(iLD$Y;KD;T5UTITtXDLKWl_5thNlON{0BuQD{bJ1JDXhCZq57+Y0)fC%
z^agWfwQNAd;4!q(F~=fut#ZG!NH`NwCzu|p!?Pb#8=`gW_3;;dIqY}&)Y);uPF}4j
zAwXQ~hWq#91nmKGDJuD!`%)BKlTc{Y$Y~II0pU71KoOj+^k&aO%O-(`og?jCiuQ4{
z9yl{@QjTybx{(YqaMFJftftGvksfL#Dwe@CE{kBM=OI#23((oC2mla9zqOreXNns6
zIE3x%RRmGEv!Wi|DAg4*a*4Yn%+!#EltS5NMPv-e{m$n?o6^ChtE^{Xj!e0x_@<PG
zVhzqksEuhm$}8sWrS!?FjSoZI(oOfQn;Wg4cJh9i=w?$+jtYQhLnwKT)F=I2%pqhA
zUrnu1vn^0Nfu?(yjNQTahXmFgmgPg_qKtKgA?Zy>-P7@NEA8KXw%BY&8LMDB9?Hyw
z$m6M{%4FW5ApHj5am9UI;R#I?0pzsOeNTWb>%t*D16H`u!jGo`+9#UB8N<lKG8cL)
z=3DmBYHwEM)ndd1o7QzK=5q4{OfD(I!iZ+V+M(i-oU_30K+^Giq~%1|U)p5#kipg!
zfr><7FO)t<L@DAt*`aEVAx(_*Lh{jUpC589V4!_BDORyqY3()@wjZ_X5reLi!<ZX!
zFn8HGX-7M=kcW;UOR8pCOLG;DR!`?Gq4Z*?WY#j7OtZSy!X!5%VT!UQ74%#*(L91B
zvSZj=vzUPs`V+?DznvUAK~a3904XF!CJzOWRKZit2$TgpZvtf~c?~UAK0gnu2rWdh
zOF;!MuSGL+Oj96ci867_6E#bV;F;As8xzdyS5Np{)@4*3a#{$>l;y8p6}fX(i)zhe
zg<7?bt^NWKyInGPTeSo2_gg!d-!9fhXOW#y2M*+>bUjw^^&jk_6%&IN8`ovl6L*;W
zz~tz@d7ODC)geEz)rm2TR^k>F5L3G%v7H6rKs_8dAI0zJAu$j|UPHa5G+<WlDFI9}
zs)Eh&>k-1d7XvC=h!m0cZ^egTc0nygPBsAEp$gp>^j>U9x|q}tM)-_aylyu9qm`{h
z>+A9|wsTKsB~_vH&DR{e>leoGD7>O}$w5*fVv&+kqdYwrn8@-eT?on?7@_K}yULP!
zByHM3pc+RrQnh6*Ne8u!lj8(5H3{9UN%~W!FF;m8J$PG8=|K7G&5=y%3z^A-nQ9^s
z#ch}grlzu^K<(HIcVc_R&AN0F*7~6?7Dq{A2qoee!dnhcOR2afh*+}m6>bg{4M^DD
z{&Gyz3Ogcz?R1KFJ*bFv2E4Sg18x&NBiX5G!+XwDu16r2o9`+XL>R(J#@0HMp&@=8
zH+EY;7`?^7A$vfvG4#!EsYvgnUyKa?OgNdvgqN@^$K$#Q>lIt4sO_q4XWDzFI-r$Z
zp<L;~vx15T4?FG-tWn!grjMEdG94@J^JKTm(oEMY1O;1u`cJI5$8HMIE{sfJS!xA>
zC!&>mg$i^2m^GfFbKvhM=w-}<mR~`<{nKTu(YW)yFlXSnC~pNs8B-|~AHSAp)cX?9
z2p+OjRfu8vjJnEY)KE4<v#SseG;a(N%4_DjStnDB%wq|Su9}Tilo_<f=jaM7Z?NN~
za|0X6m7rO_LaU7OM=Ah?fRpia3oY`74KeJyBK@)H!Z6XZ=QbNpH@;hSI0q7s#OUyQ
zS=fopCvplKzStdclpYym^<v}2i{~#kWMT=mW2-!=Q~Giw{h~;Ea075I`}>#nggfo2
zOCh-jMGJa7dW)Ek3lbC#)S=IzxaVXDmOk<T-6U~O4?%XI+7l2HNyhf4c?a(_Ip*XL
z0{SrO;NwC#8$W16Ktr`6Iq7&W&Mu+fG8p_wArA1;jt;a2x_B)|I%{xUwon2SO9hCb
ze2{i_&bO!8h=F(7>rTO3B$cX|uDhly)3N=De7nNM@beKxL`mnrFFUAKxMd~#6Y&*5
zVftZ+@O8bZpj<ynNyx?Or#+Fa`?i`ML7+V%(JL@CdetV_ij%HXHVE_4<6xEb9FDCk
zRjp#`{zgFC7)mvM8w=XJ;LwQo;@<%I@@(ToDweV>043kYZmH^qR3@^jDUv&1R<fAX
zmoEOGF?n>bi#_iEhPg?lz{`}jA>_c_!D%Xr9*Fb4jO_tg00xaHW8u_SfEOzb3e-&z
zG@{Q56Md~<bg4_s<Kd>037~N)QDA{S3mO-+^RZ}8XgU}>K+BfJr;V+2fNU-<R(zv8
zH{dp{@CPTQ52<*~r0uGf0l~yZ7WLlV4c#8qO#_?6o<~)PULp|yd^uQ{+D<RYEUinb
zb7!=Z55|PM)_n&VwdFVVq4){BzSwk}ODTa9o1J>ak(1I437H4Wp)xQYWW~4yWz1DV
zV|H9&z+tt)3(pJGjmOg<$OE%bxIb1N$sPmxA(@=J-hYclbrbv~&5qcdyHIR~VQ4v-
zR&ToG+RAqcgN#s0{LpS=6F~-J%$Iw($`FOOciukwYBM&E!gys#Bt}$WfQURwT9g`@
z=nH&P@!PvFD3!KDQ+{g?LV}_WEKNZ91Md#)d;N<6=WN)N7<_Fpz~NPpiOAt&<#Y|X
ziU)x-&w-ADY1vwWvVefT2~CkAiGb_J5|1xr`xS4;Jc&kBEZv7>bW=o9^q>emlURbT
zA5_(M$r2!meMdMN7UCJ*19<HzV4Od~|4$uQZZ;eWJnx|tPTqqkVaw3cRd-#g(gJ6I
zaP~)3RicVrzG#r^HziQwqY58C0AoP@qaQN-NJn9oxNMz@q!E(0S=!ekzOpr@X-~3m
z35c|XZ>25u)tLBel}ZE{cpyyLm4#;GJ!Y-^7%Ex3w|dn`HJgTLs}MmFg#gJoAn!RQ
z{Qcy0apeI1>^v$;oM}uE{N;`z$6ILhBhGdd;|_MEtY8=ZiNQs><(Sp*(~@wgQlVWi
zORD``1Hym~@iPj&!ShXE`SSytyJQm)ctCc7fhfP?wrBOG@RvnysC;ZKQOG(%V0dPh
zqCrq<IdO!Lwv<1D5Y^i%j?^cG$B=78h%B`NvYCYVP&imbTPB`u1y6*B>_+EH@&2>H
z-RJ$gtHHag{=3}#plqrFQ8iDUzBHJxDmD6@IQIAaBR>glW6-AH;hLxL=~zox9{YJt
z>lK>7;`?cCM4vxZ5C*y)L>kQT;8_-*xNfOguraI$k1qzg|9DtR;a^I=ga5(W(D*-p
zFDyMQVIm?*4IdEXwWD8(;-`I%b()dF5PYajVxkoqe4QFlTyJCx0y|0k6s6QH^lxB{
z_n{|{oQKE)xE6`{(6B@k_-eQvm~2IT7=#6TmKd;rAuDQtg(OTd#ev!64CE}cxy>Nd
zh`jg?;PnGpDSn~AK05-;DjdPKD%S7zr=R8F%!HTB;8fUG>W%1(!U|yK<kC}pMdhOA
z9T}F|!S~^@32GdbyxSVXD`AFc4Vf+V7%cS~hPMe-rPwqpzM*u4>3gG0n&E_vCd~<=
zC*@XH0m2Z`nemW!sP>MUXEIcY!`R0T$?zUq<R3p$vI4Pl08$dBN*(%)k;@>pqmqGb
z(rm(f1^$PM;X-nX-!%N4?3)&pU^~)BBxnt|mybc&`WUUCh5`zDNd6Zl4rh=9*8d14
z8>}fl5ArRIzY<T4wo%t?b{HJSMu;DrE~ReIGib$5iG@?W|6QlOV2J&+g7=37|FHFR
z?upMpdVg{pkI|&T=m;72fmbtOV{Or40(Ck-rrAbeBnKaW-u(n6j=pYQf?v(!bWf+v
zx3ad?Qr1ux-s9^|PY6Y4LbZoRn1?Ugc7d)vZ2!#o7m>aJMnGEVTjHsTT})u1KV5L@
zu~(5g1#QxgEYDy5hpZebx<Af0&11Idl8@{7!}v-apEX;ou-Hg(%hEASnkS@5`C|Dq
z|NeTJ)G5uAKTXa8RY@0L+;|!kwEwj8{F#0oxsbmES1}C?1O9d=+FvYXI3|Q_QDCd?
z%~Mi!Gv{m#otkBRd#NzI;W5{g2U|Ul^zu*+2tRqJ?O(kA?+=dfI(qOgKezNZ>&@^M
z`EQ#!>q0GFq`N?=e((u|x+~dv+y@OVU*zxgNV2N^R_o$ULcx95IV3y;wV|Y&)2D+G
z>Ze9EMU#~rmFcBdp*S`yw=eL;h7A;ko3dfOU0z?1VjQhOFBL4F2}*nq>kW35Uuf{t
zaLPvLX!1kn0BWYYl(TMM%4(9;sxr2`h9Vmaq@c6d7#$lykHS=)GKcLVwlo{S_&C&m
zrsr%hwwfhB@PC=dTMmk71T_guJ|U#c|7Ls3o4^=76{oD-l`|~j3(mpRq>5pOxZ2%(
z{1~dKfr`0KUt*a9f#^>f0vNpM4ofzf+HY{OC5*weC^`_?P@9XL8hSdW(bFn)0j-l7
zZ?Kw7yOJhX{iF~PU(-JrP0)^xi;_I%OTk2ZE!=z|%g)hQebTmvN}$=~+{5*`CivRe
z<5%aSf4!Xku6cr|=^n13^&-sutTf2@JEqO5<P2KjKpo9YkR%u%M&Scr>JzL0(}2}d
z=1G#TIN!b1nH5Ydg9@t-R6?dTGtlx85N!_)>!^8>AwN}17i~KZ2qY6;q=o&2mPdK*
z#vZMZ)TK)M^xYQTPojQ^XPRl0MGr)cXa`EyH0GH#-%QBdfdGgDuRV1j65-`-ZYeD%
zKv0OuA*vvRNs5&H;M-BVQI$Af>()X5j`tGz(02F-3M*v!BVfwm<g(VFa7p?K=_F-|
zwyqAZkh4yo_kvC1XdT`{^L<H@ZGJ_?1j$e`bPT8rA)%lb*g6`;ME78FC>Barxa4E5
z07z$cn*UJ`OG!i;G)XXjKrYgb_yX;uVOJ5KnG`t@<u5gHo)h|^Dzv9M&)_2lu^WL@
zBNvc6^<@uWWhYr<dO|pyym}7kC_V5lf+I-5TbfMxO{+pdd<SS9C;=rA_kt(UWW<O@
zLrecB_wEVjW28#9D>YhdUlYs_t@y^-#)Lh9)Ww;i&)KM+K6%_iDs99lXv9-@O+jt(
zjRlm~6Wbm}ly0(F5Z1$OL5KRWOC{c=JC&BpJ#z@F4F;^E{BfO~P0mtu&S@Ee{>asH
z@2?x`#U+a)-7sfJvEkWq!x(!Lr^4Qd<+Rn>-WD-S%lEb~|MEW(lz;`RHHZfyBc4et
zqm?N$m=$lnBk%|^l27sQJf4r`M*}HJ!p2I2XR^WNHvRgPSqll_4LucbN*$uU)Q@So
z|5?P(X+ymoKWx5bnfODV#sxOBSd_)?cE>1kQC=8Q%7LuVn25~nDK}|qLMnSMO}Jb$
zo6W~BR<|}9g}CN%*lp!@n#}|LPedH!lB!LS1{RCpegjFDclACDgyZ%*xOeTx<a>$7
z4|yg;Fu}8CiFuTlBOEhJCYZMi0C{R*SnSYRrgk_xQXqy-7&R&fwUjeuPEaaeOjkZ#
z*!^~6iwu2hYtLUk+kLh6{Mqj6+U~23t<}w^i=>19K!HdKmBN|&l}635*GY~`um_y+
z0{}Td(U8e}T2%&Q*FMQV=kWCMtfZp~8UvHV_C}K)ZI!vrfRMa3n)qgfz=|K74q60p
z3XhE1T_%$ij1`&K-wcI<RA|D~^Y{N>ac9>Y$8n|Uy7sSVa>D~6f&^z{)*B9bRt|`y
zD69k$LxA>L8xxEs(WI~j&<r#|Nml3|?UnELT7PVx_dVxiWi=WgB~R=sY@)lmDl;qd
z<oS5dN19P3pNoL7{$_+KL>`e~f^eQ9!iZ6Jh@j44@xqMiK0Gt<PcRu+2ihQyBc_7W
z$XM9sDCq-8n=L7NY>8Gd-dAjY8_Y21PyuS!5RU^HYn!1ZFqiU0n;|l_0W`uqhXZXh
z-H|yxdo=etV+wmsVxm?|zIf9~;ma5idc>pMKg*Ux_MoR|aoI>|EXKs6=v{OYYaN8J
z;wtsrx{QSkvJWLIZOhSjRn3Y|a(B4q5NpwmEEt^QW++J0bP7l?GTPXL&;g)3&nd7K
zcdVd$U~+?~l7GHPHZd2ini_upaCu6(RZBjc8In?n)IJ?d#3crzyXlw=GoFX`&gRtm
zl;cFshVgya<aYh9>2VFTU_KxOGYNK)5)C1L(VH%_k0h(#T%yeT#beCp03#zB<NPSz
zb<1KM($tvXETMVxp4j7m!>^+^Id&!##Ct413S!o%2R%Argqdv}5Z54|MZ!N<&?PNG
zxIVldThO>rbC#YtK@k>vqU&SKivq)811@mGT+6@Ugt+lNaPja6@FLMavP~G->6|Zt
zOlh2;WNxzpkD}vrzo0gRGgpaV;VVL=jcHZz1g|RR$~bIj&KY6`!^+A9z{PAd6OkUR
zB`BE16A@8+s42wDK~-lN4aMf*l|Y^p09X|`61bw{W46PtM4Jvr()ktV;X9!$$*tiz
zh><sS>coGu1f?w{zjc75D9pRYaF~AvNt-;Zpw{tM1|{yP?re7;51<S-gMw8^kj@%_
z+pDd(vm(<-=%^#U2ydLd@HywRL=NUN)m4=Wt)e&HHLfN_y!#wb^p8kbwpp>+u9gkG
z`<*bYq^LpI_5~rd?2SOt6`LW=m1YT(LPcp7t~j1nB9)JILz+tS73?fdvCg<eg*r>t
z7BU<oV;W(~GFBshDf2MISRFj5zUgqaJVq;gV|@;mhgPCs9LKGBaN0K7vWkeXbq4ta
zhP532`@!QU5gqD9K$%P2{GhMQ1ExfroQ&<L(}N(T7V&D1={|e~)-6kIrSyUL*xPE4
zy?^j7K_og<e0U+BBOqMnl?-2Rfo}<3o_bY8Abk|fyOW>)51Pkoh9J$B>Pe-a7xm>|
zeo6w~t#s&iCBt;;hK#`iGpj2dP1U6umhN&IZ`jOy#kM=mt^#It{{J`(g{2T-=VHK~
zchKs$bD0b%M`r5hIE;!xO5-N?l9&=$Ksc2<-~kO|2Na+Ed`wUTUKAFZG%|#Ij+4K9
z$JSw*7eaEa;)mI{JQtuny`~%40ipyKQDRgXsUv7;Ehq@(I9?P#*r(i|u8{ujNiin2
zR!2eAq~%~p1MLvSV6TT@k1hJ<)RKbxv%Qc<ZGe*-+@7+pum-zED>mr?tOcU-F=rAX
zY!u$uUXTjYpIm0E=5gkASpf`(--6JaJ?_Bb@|Rcv^c*HNBKN+I63TcN=A1DGUR&yc
ztova0QV(K1c^^ga43F~&Ks(bwy3wrI`Jzpqj%UjcRl~hizRUEE`x%mEhLz<$U<6m%
z75^ReVz`;4B>V=ELx#(4G3Lmr)utemmVeGMhixtk&qX3biehQ@2P)zgr_{;t9P*WG
z42~2h#EU4U6NSB{;wSJp9TPq73;3_D!2z*<`D1ephWKXwii#&JELxGUd+#tiqa#L}
z!cssnf8z-lHs=NdK}C#Cd=U1ZcCaQ5ggJk%5FRNR$qU<0G=S*TS7bo`JsF;j$-(&F
z5OqD!^I*2K`u5%3+0OB+H?|4bzVKplwfPq>PV%U@iWRRw!unD{gyr!Q=a5>bJyQ1+
z6x$wZ{0i1n^nFb*am(bs(rye-7PQd)`gYx}#OPD$gD$j^sl}vFxQKlyn|>67j~n*M
z<+W7xFhU#%&j8e=*_QM=9AUcXn2<9Ja{D9M0h$dVGi=!M#z}NTV8|GaR~eRquN7&A
zfX0lCSc83lA?a~*A7-zuB4dcK9UV_038M{$5XSDtQ{~XPktU^+%4;-7YxZ##_t_gC
z@Ii46^%AXEJ|?iAGcLgLIfwIvPe=}aI>)OYblVIAb@yQ*Z!PwNGa~9{^)NmFB*TK7
zfK9t(0+R#ZIzy-!D&5Zyz4+aCP3GZ+wlK1SIQCB~VzQ5GfKFhkuo%zAn!Q%PebP-b
z9pe~hNCoD(c4{!jM3(7pt??mTKoMOo=zEM~K&GNlNQ0VOJ&@60da(0I2&!uZu^QFb
z!yEIfC(Vh3Bfb^B72w9K2IZ(wY7jiw{L8c5y?Y1yUtaes5aA*5Td%*xVW{LgG;+|(
z8e?MeGT*g_xGd@(01vn)6nS`>n5HTeiU<pc9_dqw$*AEXBIT1qT^ybT*HY9QhCD2>
z5qjAM5U!vQMTT*EZ%b0_!ZC5!8`^a|iuRtkerf7x2auwY70rhkw$9CVL5jI88U-1`
zyQq`Vd&~Z5ruslXupRLE#SaSX<H?Knb;0}$Zt0kt>BxoyDTVJ;6oBm(-<n#)7^L>r
z<VagPLv?&JEgJUp+0pI;ITIv%5RED^MS-~Au^{%)XWhEP=lB@H-^=S`s<5Bf#m2t2
zY*pcFM$FBxKNnuL-yRbDqJU{l@r7+7uLo?XSV1gMFv4Ao0EA)4#st)^t%s+B>kqa~
zGkR4+I$$}@{YP8C<~Ej8CWsk3?+eqzyi-&bg;j20L@KnPLTuw(NE>|?9}JE#ZfHma
zbwNhIG&-c$u}n)d=;1KTI9i^4_8CJ1kkY9gC06UGgpSxiP>7iz;;Ku1#;p;L5yAlR
zz1I1akhfH)-AGYT<vE#KF;#Ut0>rC?F)yJ?)Kj)&)O_^9g%M?hyBUOFy$MS)N79DI
z;%184VEF<(kTZdw*~JvIS;>P5Z_aM435Eb2`|dAVh5MELRxg6k8tj8J#4L|eEiq$@
zH1m4VOl40yP7!cXLcsi?WOq!4He2eI;<DKcI@D8ywk)yiAXSkT+5&(f-KeYu-|k&w
zVU7e6SfM?u@K}6PF-!#y$S<D{2N2nM2pzv(sjW~Uxe0fwmO;L>7^;1V&DB|iM@I_k
zZ)KZ=FRYI^CXSJUO;x;HwVV*C%%kxnnrvWnyEw#CQ-ub~bd}l-@6+tHkUq#)-&MFw
ze-8pTVV530yZ8J5`p^H_4+p*?Lh()f)eej&leGLptb1I~&#_peQluZz<oIX)pcgj*
zL&Bv+)%h~)5G06Bh+}8N)3t2ovV2H)yAWQuae~d{%CZei+yY)`sl?gN?B7Ha;|0Ih
z2yn1kmKOG8$VawefD-H7_@vG)QGquO?-NGU3az3J#rQ`STf^2XV2;T@155ImWk!SS
z?t%ZD5Cf!pYHRebJf7ymWOe8Gj7Q4v%E85icREeN!Ftbk)Nhf;2N;sY*8JoW$ltzk
zf&?V@Gt_qA#wq%xE7<01_AAzsimH2!7`m4niLEe{O~kfgH9Oi8$Tv=Et>$!EZ&=5h
zmvP=N-Cfs@UCeYu)7WFTjLsoy#53-xt81Asr>u*c7Sq(_?O03}1EzK%2;e7dy#0!z
zno{|H1Yr{e&`*zW<3`clR<C(j%nmlvv?!4}!RWcrIi3f(O45?ohLRp)2WQ2&v<ol^
z{X$^Lv#*9{uNOe>u2T8I3Tzr1U^q4-?Z^(5%IaX#sO%bWvi@E9y~LE_0GjFtBOjbs
zyRXRtD?5sXMT(i<apV`MgOnz4>ycjucaC&4-m*yygy7D{8-=icaig0cKStj~uUWK{
zyFG4&wLpaN62hxK;a*B(+;m$=^^dfwY!QS?!^$)Ub$=*<i(aLWTMJq-!hpdm!2nK(
z^v0!FM3N7o?naDhsOiR@P;9voza3tLE!CcWuysqdgwNsX2a4G~jmpACa-uY?43^!D
zVO`E1pC8{7;-JtdQI!<rW|hwB3DBQ4T~$V#-8XAWEHNmYf2M!KN88>(m#{XJKn%DP
z-$qX2x>xXaUbW7uN}|G<+{4aj-S&@R2^pGZTea`gC<<vn)TrrFwzUQY$ZL|DmNgta
z`eN97I@{%xs>9vcqrDkt<vo8^DUJtEpWqs>)h+T5nkU=_Ly}W@r64Ga{r>FFU-;jL
zhb=f&_MrE63$Fki6rW;R#!JZ%#tT=UYSFGWex8Tq%P>XrZg;c*4Y0BVMB)$3%t2b1
zki;-xA>)Q4SU#04;fOGRp_tHQ?%HjDD_5o!|AiPr3UL%9MW#mn664yPu0a^M7-AOB
zZTz=14)_X?up|5x_+5&L$_FW4TNH(LOZMj}g@pD-gMcj*4~u?KRix)|tV~9h;ol-R
zPUynL;sL({wrT#ui=_q`xJM;kY$mvVlP+Ga?!}FZd#{$qKVXH!jK#G>sRG$U*QapF
z7*KS&)hWx7y~i-8K~W9$<J|<~wIGZZ7-BU$LO}AP0x+=4tf!4VF!rD--k;44$^cfV
z{#4J7wO(9_tYT>p1akEuqTM?iq5v1iZD9AOg6xD?R5Z17<uT^acDTm$dYN~LIQhXm
zSZ_ubqInGk)xglej|!$*o;yJLr>mn;bG`ZM1M1A(9eB+PqaVXT9KZbQyM^xHea>Y1
zpvV~^&m5_1uk*yYqAKjjZ$ZE&IFUmbl|fyBalo#Cpmeknw8(uKWP|-m;D<=q&Tj!W
zdBhVF#iYE|4uWHK=Vb7L3hM}W1ACWzuyQ`ISLs=dhl-<{yc_bHwE$SvSb$A_z;^6M
zRJO1NCG$5*T$&K{Uhxv_$0+7N(BR~0P_(FIrG*9=N$vSqr4%dLNE-_Kw+g-|AD3z{
z1JIo--rtA}K?;rV*Q1XnaYxyS$XaMcgz`;y6cg2kM)xwgF>)Wk3BxU>2kVr+IPcXm
zfsss(zC^n1<5dwcd;wtgX8Ao8mY39tBedyTX>uSUhjX0Ks5wNA1&^n{WP(t+ad=Hm
z+ko~r;wpewFD`=QfG!h$l}_L+3>G!u%mDXkQ>rv;M67)a`Gt>lwAHU9uQv*JBbvmO
zEMTubNsZP-Z%`i&Ii2c-TaNGvxCI}CFPfXdTTRjk*ztqeseYDioZy2N*!7>PEK29l
zD%J#w>r_}aD~Z?X5m489Sc7qCnoLtM3xj}K4+0k=cIEVPN&Jb*)Vbb3+=;&}&~J9b
zh%z^|0{wCflh*GJ(gGehkmE!e1Rp-kU;i-sr~mZN|ML4k0EaFAstPokmDe!&n|@^(
z9q_uu7dwANP#tTOyHfC~ydrQsiqRD~v7C`BqA2p^Y?uG;?eE`v@?`eqmk;*$9~>T%
z(v<;xkzG|!al3M0rnyxvQyLKl9Mbk$>^=+AuuZQFCo0|iBSZS=U=&jbRY{}Jyx`~%
zb406DCgj2(fXtAp#Moi@t#b7FC1wqQD_8`o-pJN~^Y9HCsfrNwd{7bFgtEk9yAYD@
zRXl+rs7S%W<!oApU~)7GIj1jOvEeySA;7_Ro9mh<kXs^-NO6Qv^_h}j0;M8B-u{Dk
zExJg*y97@VB%~m`S&XV(KpIl)9v4g0%Fu6Pxr_?)(YB0upV=K7G3@%NxW8S$EFXYR
z)PVpg+Z(q>tGWF7@2J@;#aKZTj6~4xiDbN0hH&<Bo4X-&jU4gMILAqL$=KN}hw+O$
z<1M2H$XQKF9C(oOX%KuPp~c>{2`O)c)`~&qFkp-hv3nOg>%r{F_;`CqS<K+G*$C-j
z!j7t<LM!f|@Z}guFj*E)yGA}`dOer*^b3cmY>rs=T%ur>wP3YAQlje`TV0H)zn^Ic
zO2daPG>bSm*es$D5EPorIG2Ks_d?94$%#;Lw8ozwQmN$#ZA2UzUW|~mBd3zsmDSAW
zz&R6GnOxJbtlF(#EmwM8kG&yM^~_DKDsrHLX_Tzu9uwuNuV;4Q$8VM$!}F7Sq*D}W
zLM<suLLEoEs$5~K3dQTGGL5cz|H{!F!WIisk$RzYu|d(sNx^{S;Kr6A3tNxD^P6H7
zsb=3|kmh5`Fj1Ib7Fp>JC!?xI=<%osqvucs;jV%y&Pmh7*$DkG^TPN+bR+8{ly{zc
z$4WF!&Sk#2iI;pOY?#5SsCrn~{$mSTR;Z&ru-6dXSraE5e74jlR}@_W(gXR%**1tj
zbKcY@5uDm$^d{73*WSeIZ;%L1EW8%(xoV%#hu_+N<&8p7&?SA80;TnUTcii##-GrP
zphT8E3Og`Iu0%`SUGNc3vp5^ex3G)l-U^yI9Nil}VJN?&ODIGb3$1xS^s_laXDq<m
zqmCLWQKBcBzC-Kw2%*x+$Lj(OMhNa@*aWAE#O+A&wh!t`u#$E|403E;-xojtR?4wB
zC%3D6td+>c(wbw$IzTg<)9>wt@<gSv>H4L+IeKeqA4Xa940^)Kzb7)17^eD6<L$Hf
zME`C{ccKGjJ)bV|YqBs-6)~$TxMB0vM!#BI{4IHxwp^eJjwzruwGUvLU<e~(5keA+
zG}K?*(G2zehW!F~yTmfW&Z6=;#8-HV7q){{M02MZb4ByA7#i&5EHJwEz=?RQ(Fh>b
z4#JXE{SEy^)>NSGtpWddJ=BIJ7;NNN#!uS2Q5xYAti?sR*1BouG%@5*nCR|`Kkz7A
zbn2rGQVr!OW<Mg=+{Me2<DWEo#LJtxtWfw<=%pd1;(=cmIGCXkYfY*PUeubnx;<O5
z7^8<+(X=p0##c^bF_HE~ddUQ1n*Mqh4a60DMvH~R<Af#o)k?*`rW1_o5;x2(=X5;}
z3wSsRep!E!U?~U3!&W96g#N@nHTl3%yVU*87Ftj&O?NjX^Fl=E%_G(l|7!;-z<PA_
zir>OkR?0A$j7v<@cXNP~<NtR1_4)hTpZ$)*=eYphLpmaA@GNwY=PEyfSb~cxxnMZl
zd-&q{<8Qv%ojnD4JKTHv@cFZ+dwf6I9RwCTD~qHh<z_|1C)Q?#cIs-zfp%9PI?c)d
zT8)(&Ka5|cjJf{|8Iq4rybq8dM#|q<fv?#bL@34!w;W0{?C>Lu_Df=dOtg63;^G#&
zT-Z@=unny=G;w|lGo1MeRg=!I9st4qr~I6VHvBc+X%NuV_^Tp_(9B}jw1y_^V{D(x
zTXAT^v^gs_PN-*%VLNCoAO@$7m8Q4x=d2+*X>sIJ?Xu#IqzTo2%dZW)Y(JMK;oIqn
z*tt%}$^zoz6J|eJM$7jlWE>J&;%QZqy};mh!Sz7u*OE-dG%Ey!IODMme&j8hw66Z7
z13M5|8XRvodB7}~ZIg<kv}lxmD;?9vTEnskdimeC_oGMuda>h5JmX+1?v(u#;}c(9
z$#7LXqyzzpIVdkXvmR_&WGFFn+o`1|@B_swBOwCaufHRxUnu_?)B6J7&78(6|FRzB
z5_@KPvv*>8OQ8e_-H+Z*BXO%Rl{yjwVy!w~lC-i*g=NoP9DQ-`_jhNXpS=BD{Cn@q
zuMQs`64#5pykB?mgi>*9#Hf%|{kJi$#_BS&s_@0PN>=;C18x?_mkFq2v#Df^ik_fz
z{_+EEn7L7vZin3fq}WU`XA(`JI&dGV>_2wAjUczw(#8EgTFX*y0u`<%!DGXxQprm+
zeNJ?_nBW-Gsy!+-7$v+EgWC7BCvq1>1xGd>qNzj{-$_-;yiGr3Q65w`9oJP4$mtt7
zD4HW8WK=(KwX=^*IePYd@9C45kB}@ckB+`JFr_mYpfPmX)d|%-8yLn2#Iv+f7_0r*
zH;+J09XMr+lb3H(v6vCd{IO@t%BH{R7IBIY8Mi`hLH5aNdeqgOUAy;P!7ti2&h=Ha
z+aDo*8$U8Dn8+qP^Rm@`naQesXWI+XZ@?cx?D2HFEjRDgJ8B8sR8#oI`}8i&vn4;s
z%WUeN1ay6={+!M1yceseHL{3)W2>S?@se$Lu!r&H_zfen-dvf{<IlxYj17z}J+6C1
zH)i^orh)2L4v9#_3L1oLvC8TmJgO4nY@sn(D}VFFu?>A?vditDs8jvt@J!XYE#CmG
zK~Yyd5dCl@(=7E+<XXWxHzB+a<t^C*bN`;gJ%7cTiX*)Q!XqXMl7Nq(MI^CSsX7FM
zeO|Fy`&Nawq1`Bef38))OELQqBD=HL{)sLiR#yu`u_g&kwiCYmL!b=jLq*V?WE92<
z*opR@2-RE8mD;+DLV&;5bEa9l8GJ)(wS5gbk<`Pb%)*`D-iZ=M+W?l5$RjoxcqO>I
zg<@xfsk%pZw2HMFrP1(8^aM_W))N3t?iX>fq;NZaa0G4mPk^NU-|y0?U$KIg(G*3d
zKg@6uyL7hP%Gho9ahyRROd-ReB-4D`2dTkv1wU#FDeR9idPCxwsQrB7coLrPuyC5X
z+6GG^9pWzU3ftzR%zJQO*U@L{0g}LGt@hBr!hqRBETTZr4gb|_kWk2UqPnugoiD~Z
z^r-px?JR_qgTbACCRAvN<_KaiH;A%lC$rm6F3E|_BrC{tetY9M{$CNqzeQ|qKY7!|
zzd80CtWk5sng#<y=>3P$#&!M~@PX^epbIO!y1M;aej168p9Vh(6}5I%?~>TG>$=Jq
zBC}+6H*VCSH2-dY2ge>eZ5m{_v=ilTxP0$|fa*u=CnRpCf&QxJ6DNF#O%>;Az=!cg
z8c&CFR6>FFzYYi+_6tR-E3<n|kSdtBE~A48I~aC9$lj8|L==@@y)Fs%4y-H~s@!~q
zT8bMFhnnU1*T;AsB4tU>;!0+-@Cjb+e}&V%Rpl^2`Sck7;)u*7M+%Gq+5rqr;$5Ux
z%ZKWGl%5+9!yCcyh!n`8xdvJFtJcH`eQ>Hll*C2Q!>epi>$NiQ|G_NaIlUrRYZXO8
zaGBIShNHdx#{dmBt|#X6SoVD?M7m(JjGUGxJF?3xDj?AoUNDQEbNsh5mdJ0pIJsx%
z8){a(TDQqzW}Wczx$p`$xLA%Mt?N4xfQxdo<IXZXD95=>!^uf(N31sKj}=?QG~m^Y
zSPou62wwfBG$F#N^sj>|`WjehFK7)4zlTSUu40N}L299%&AFjv9B|*{*rZ#($*;#t
zB8AR55-gwO-9K{U*IQetjSP;}Ji$8$scvZyz|#?y^Og}SM+kaRIW*J-n49@ql=C1N
zB%}2t)?~TAU(C;R3*uOj<YaJnb~M-fO(f1N&5)Oq&5j1+7}HULE%bD$WDTpf&~}j*
zg#|G}1#HmK)>zobtnI}M5ZXz=x%M`_bQwZ=Tk{}@E7TP?ghi%UL6n*Z)@o<gE3D9u
zE3gEDV=>V4WZNi~gCVphdDlQgQI%T|*6kl1xb@TRHVihC7vAnrn%E0<OcSj+u}GH@
z8EBT4f$|d^LzCLtYJ2qu-<Vv$Dr!0$jC+t}f(AF@nCdwC#7p5+SD1}-pzCiOv5}A5
zSoV_m*Ue3a>8<;!XQ?tV>0s3{>3(-PHpvKMIuu92K{ct(gDZ`X`h_VX*!Nm7_M6|g
zer@mFZrl8}b$`2U`mXi!)#l7Z71}g;*SKF9uo3N*y8>sHw@a>t0pwaRw6c~s%}w#!
zdVeiM3*K`>OKtGJ>$;}e&=EM}T*DA>t*)<4ZK9kAU@{-1E3*u8lQ9A}nnWU?dBZND
zP1*Gb6blg#WwHrElkn1}zc8$bv^86RYbYeqN}*20RlH}wG@$oaN>~ehn-*MbjwNmG
z7j|>ThOwPz6RZ!jOs**@@bXM{L2B;q_$AJb#rrChWjGM9djhgdN0-I31Z;F+%M)Qb
z4Pu6)l*|=N9z`x>FKHt?W`y;^51Qf9GIJD`3N9%&wGjr4H5G5bSO`@I)9;tuyC=9a
zZO@8jW27g3#i(w>JM@l@S_5uzbZDUQ@`zk35Hf^yc(~Q}A{<yti?Ty_fZtR$bj(qh
zIm6>ERjE=viVb$TqH{@Qx2$khi%db)b2Wnmt4BmLEvP;8w3Zi%cP-v8y61%~M|Psz
zPGeW~KC}W-cjZ@JC8MT<<014ffByRzyC~E_c!bR%_(0J5{DVqt2L#O~BZ*X~u2~0!
zA|LdF8bnbC-JCf)UJ{yj2|;1&R5p6J$H5{LvlhP@b+fvceDUIR9DOyLYsEunSXzP<
z#$BX+@8X8Zve?`r2lmQTEM*&p^s(5PI6`cdVN<NGC3w|KxgMeDDZ{KwY=|rj)>Emv
zrad^o8hDRUi0TmAIrnSt?(TNDg?4T2wf<ror=@Bl4%HMrJ!aW%<Nn})6xCSQ#_&IB
zr%Wm_wsWhYHkOT4b?azXItrG>j;<*aNT@-@Fhk|yb+i_ZzEp$J#}8^n&~_q|Skw~C
zBZ-h%h67dBP|dvtRP)2k%3;S{jUQ`i*ho2^TG=8NFy}_UDIk-A8(M*R6D5`>xCd{f
znijDMx+B|1EffbbKwxzwp2RR6eIj}-pyU;W`IJEgRfq+}>>Bsw3A99&2-7R^zzNg~
z5wD1&&IxfSnZ%g)>WttDG0~_vS*T!4$#1CnNnID3k}|C*3{)ONLp!tG8BCh>QFXhN
zIK&ENx0k=^8q&O`;Hc_pr9qY2x-+YVw-gPg>M4dzDt|m#iY#&;=01^+tCoGU5Tg-9
zX+b`^3d9&))Qy<p{R*QQUR)rKLYlX04nFQOjhan0I|x>gRyCk5r!BQ#hc8q(PvNu}
z;Sv3ycxjQCX_on98cHbQw2%M_E3ipN1u}}1Z{x5JefPG61nZl3i<`0rEC>w2Wi(*G
zu5cO5fy-qJvotm5wmd~4wFO{|9$Ss3jSYp}_3gxA+u<c1Ky!uQi&6nIiLAjCpaBqr
zeHU61v!t90G{RpyXdS+Z^3;}l?U`%u>y;LpELpl%HAU%u@iGcv&R7L^WH}T3O|uSy
z5Qj-IOm+hk9a<=%a%1wmBsr0ZAqE(9hPgIH)!Pc~F~k1YAKGanA>ZM}iNf>qcUj#F
ziU$(9N*__!c$;B3f`$v@lk6WA{sY^W{I{^&Rg@Ks%o$D)K_oOYbct)M3Tw9`sW~08
z0~IW&twWSgfA;Lj!<UDTpa1Fc^O<~Jhxor96IR!vQimhZ8^#pJ`zoCUgD~3hOy0ll
zvpD9-+jf=}v*zh#!`XHeOqUcdD_fuAcCO!1feOx2k0)%I>juzn3~SH>Zuf5bgQhK8
zP16~h&>956Q}DE=IMS%JoWe1#fh<M&WK%d9fi3706#|HCn|C8}JadS#aBKk7#0W}A
zGr|Tul)InNB&+fcMUD&6Rqs94(gv^icrA#wh6^mQYowBnzRA%Bfs3mh;6eG8?VHqQ
zvmUwG88Ht2|2F_Xo8e@Sy6djw*g0YZ%!uFh5R)tCQ#YSN2*6lJ#H_l6ld@IBSKsl^
z59EmweKaU&=-|cYpMSmgaQEoh0QfQ-N>Q?udIhK|#k#wsjg9u<SftM}LELxkHbk<f
z_{<TGCu8CMrhkk#>L{z7;Itgm@{|`SS%>1go3X3yL)4PAB|4%-WRm86A=IJ$P-WV6
zEiZkK4JMm{_ZK9r;D)}L<*Z3I{qzvNkCQb1l-0HN^{)8~9z5Gaa7ob6ye0b!W9`B0
zk@(!&wyDO_YKEPqnq5Dve{JEZIVefQ61>(&8gN!EJjzEDsiD`I38t*i>t5}=rDS8>
z23{-&66>vaY@ktgS!z2RL`v+a3Bh`|D#j2*<uZD9Oe&Vk{kCz|1@Ily#y5KhVsnno
z#~c-k;8KHcg(N&Cj15&D$+4X2#!?D{k-@y&#Ll~m|5co&<Lk|12WLSNbO{{KJ0Im8
zJe-xC!Re(jS~Z)WV;x~w2&*V@nD<<n>r`Zw6SC0)F6|#GKQt8h+MT(BAu7D$FA(Xy
zNMs@yG-`(RQTA7prthipI=!p0@ex;+s1&%(w3f$m>QAti?0qXv+E<!p6;tbl9kiTW
zjZDqOA2y*(+$`za3CHj(2InqC+`f@L$D=6Zh_8inW}BsMTYdP2#r+B>pxSD@F2)R0
z=Xhp}NlGMpL6Fh;`;R(pAmYNf6+)X&)0N>T8Iv5#FSMZ;?I>1Q9(G`QL!zjXvf89d
z*c`gjEFd=IEdd|vLfmAXTvStv<H09VJnT-=1Z}UfIbq#u$&_m$e-k#gMI{PA=Sgv)
z0fGG2{N7x|*$jJ|DuBf14_{}|*AGYn7D-ZsF`-`^sZN@$r9X{7JrZ2oZsj8|J^Ant
zT6QGFj_8RnGd7`M-KNaOX{wn2aFp>j&FZM|O0Bs9u5)(w@q)a%e|h_EyFUMAd3kjC
zYH|NhIHjK9<OBRzP!{gE-SFo0L;HO8?!UCpXmaiIcZ*kN`ci3BjGg{@NyOdz?t1$D
zN|NXov%BF>Z2e)EdIC@5nB<yGAG3^F@1zE{jnohY(#qYqB2V?urr&Ce^MK-*g)#OE
zdzu~IA_$;uB0E$r2L<kx^5Nth%Ocj;yUTO<wTRF@ABY`8F+vjBh77A06S&JYrqeOq
zc=Vgq3bHgz#~g9Z2WnbXN7BU2iC?ciWUs6!q#k`X#qy@kn8WravRDKRDXglc&^L>C
zitUh$%RtE66fQ=TGbdLly2AX65is5~V4|fRv%5&c{f*=fvr4r>;St{A2pYD5&MSe@
zF>CLZvfYth%-ar!B7u|OuarqjoN5v<BmH4{Dd99~GOX?n!WJCiI|cH13OqRU5~-ob
z6mFIAFXIT9L29{=Uy$A+X0<ar;22y6<uOtg?s7FddE<VLBm4=I5`ucYV86~dx9q!<
z_unF=D1fl|F2=i9aq@4FMop;8N={%+gM%C`4;6Z5((}Na=59?V%%rT?zrMnZG*Y&`
z`q%rfJ_`{oHtW+$B9paz80hJqQIM9tGZuzdbM+c>sc%^Oof*H%GA5D+Dv#%`TQ*Wi
zH!fUgnRvZvK^6FHWjluu{v|*ahy{{+KW7oiKK1EW`{S8u!{-Y;w=RlEvC8~RMZt&A
zhPCew3h2NEiNLVL{y5%R$u6ge@XgPo_E`r{BQCYT&39XHr*>Rc-_-}gxl50;JEife
zxMl&peC%G}ia12e&G1Ob;y!fmqaXRKS(_v|vN+=9=utH>o@2f0*Ja-;_BBQtHY^$T
zS&A$%Lp#Ttd8j(lbQQrOtk9ME35~mycYn%dMt;Ui;-C&%%JmPyMDr=HyKsV%)ecvW
z{aYRAua;JGKaR)@Z!}N6f;O3)`mbHB;J`4Y!A1W}NFhNrh>Jst)+!nqMS^1S;(Op&
zVy8muIYsi6LkXWeezte;@?iJqOGOLHNK<I;c$LsWj?TpZS-sL87w}r4-mn%SUJO_^
z7YhXPi3+D&^!<G@(J5x5gHZp%fBXB79&H_Mef#a%*=lw5%GNhq2rB*uSS9Wrm2QW_
zpa1uj3lFrpkrN2IsGgTKjEq<85;?4=rZ)vOpdAR57}MxWUa1{vTVgAADWq=%Y|4>7
zVhkeu`)uyk_ypgWx!_ULiHD=WW_ce$)n3u+OtjtD*>CS8&%P+sOp7m_(k{Yz1!V-J
zCOyy*$AvqY$+MPH|64hm29mMwsB81Uf}CB?7GUBMrN41gdb}yxDj-K(?%EbQzQk1J
zlgwr)5js5wj-OOwHrug;jnAeB_iCpIlQ9i_><AehYZg5U7jJ4eM8D=VF6LJ@@3q6+
z)Z4W~E9To^&C=ez0N2i44hB8S#W!Ot)4Lll?WT6^jW^8k+EdJX>YAF>PrAS6$1m{l
zClbi*X0z7ZETSj5T7jEKbTgHF^o6>|tG|!EQTNCOx}?WR1JhM1&u6Z`aM$aXlym!>
zQL!P6u|IKy$S18<?B0F@-SqtR6naCa6Jp)4)>pT}N9TXzBW(hcHOi=l%hDK1n?Va0
zqyxAR-8#Wj3Nc3_6d)t>ZSno$0$?T%1Y4}OBAjVSrr>+&fgFDkf}yJMEOmtQ0zM#7
zd>)K!#0=RNr6%l9SV5uwM0bQArP=pZ{L{iuj}M)o(Oc>uspWB(Lr8IIw!id3yRG_h
zm}Jp<<L;ACq~=$Q!80K+vE=0pDfM3(1w3il2M#%bs|(#Gaw+_iQKdN3#~hJL&Ypi_
zMe@CnNfEit!^+Y@>|24C=dlqv>;}JwW@N*IjHI5@SY;o@@khVpA*RdJ>YhaD@6=nj
z3%zk05ORwe4g4CwNiC$+np_j{dY^$f0s)Nkiji+KPmT+p4|t4?A}e-2`k$b-v4yk~
z(H<C>sNR;ZeC8N)vR69~T#MC_nAar7k<vQ+^EHt0boAP0-NHu77*yn(5D9B9E7B|3
zSKg~LNHzJdWmxfgozh%z6tlpnNd1r|#iW$-(bJY=RI2+@U2s_diDrNBH?$W$UP&lZ
zSEB7nD=N}jx=05nE>@%iU09n57oZjyO)>CxsgLr%HCe4~62c-E9wlOvq?-zs9B#_D
zYvoVfRxIe|8z<82V<T?Ra3CKY0mC8^gKz%0+$f_|#RLWGq>6<?2xOtd2d#tI!ogf_
zJ59@-GgFG0&xMFRp!iWO7yG50yhx6KEGiUr;-ifj5JDlH+cpQ)spl7>@uog_vo!Z{
zx5{(h`||a-^YgdO2i$o0<+&DIZufDX%Li@(_V!V{g?VNME0!Oe5w!UMk(X5+EeAD5
z*8myNU6$I5pMj<X^Sf8Y>>E+a@TN=6&B)P3vn57HYEvd(05k%BHr!)=6?d^YBq_L$
z4f1ZixPTvCTP!y|dCa6A9j)Dq4IvgMU6w^-VJ}xNSErY6Nv%p}<}D$xT{LS2c|rjd
zrNAj{x~lmLA?3)awP(g(tHF|-9zZ(1nK~TF!FzR{J@PiY-*~q$p7~oO2XJb;lQE#a
zv*ArTl=t|0<dHRcHeP0Ss5U)a#L7m;R=MJMkufeSn3PHqQn|uw(dx3bo|Vi98${cP
z$^KEH3X#7}0pvv6EDU2x3&l^}OI_&50D*^$>KjntUC;)*cPw7OvgJ|g&a%Q*(|~}V
z|L1S-P!v<OE?=tG?bW}tqUoh1(4L=lIW53{pSAiUsYh6=C`mFvYLA}n*%eJZO~@?h
z+Ie3S_>K4MVqzy?$_}ky6Di72-ZmWw1=Z^fCCEKhOocrOum)HdY)A3u2s_dQ4d-KY
zwlW0#>hkV7EG>%QILBH@0>EaSJ~5<xHByJ#<OLnx%m)|R8ic|CjI2%uWmdrS`kb^#
zRhE{epi@r6yFd^_VP(?1K1I;-A{B2i^tsLB)k;_Od%_9Y?SAF)Yel$?S3*K50taaI
zG7$DE-uYf}CC8vs3ZXOo!G5WHD8JNQ$Z<<!J0r4F?jT}f1R{Ol8CH_%c8y$G<zyy!
z$<E*enj!rz`V!!&nFH!3<^Prg75bcRq19rcplb0^$<n4ODW*dgT9EGc082HM#4Z?=
z^@)D)KkCC@hT3;cZ5gCw<DkjNBN0tob)*_DY!Zq5W6)?F$TqYiaX3!>SSK?MtqMZ@
zG!W{>B#E>Xo&`Z%LW*}*+suVJ%AXCIy0{nA8Nc!n!9gsyzLsW#pcAu>b+=Xqd8{%K
ziaS-CM4_Ck1r19OAmTopT&Rpljf5F<r;F_zjVKhRq0{krG6&S%MKQt{2Q<NllkG_V
ziqY1CH;&4Kky0i~lk<a_XhV(RF~=|x*6f1)tYhxZ7|R96dFf<A!n^Q_u@!VYPO=N{
zuX^#)>+}Ln(qYw>gSF)hv5rzzQdh?~dJ;ocw2fuve-{df2v=aIoE0&?n?w1gwa&HX
zbAOjZgnj0piJ%WLie@7~x)K;*;S0C{5hR*;O|MVHBN)gR#6VO%hXjYU2ghGfk8J*d
zd&aJ48WpcS?X7!g`4+X)jeqnm`1aysEs1||-%Z1Gk8*SwaXp)}m>(IQiXz-_Pt@}f
zzzwOuJ`}%%%n>6Zaqs%J0fb*^Gu1fcmA(FMjaX*|1i3IEB%srf8}S)UPoALp<`x8t
ze4P3_6l?Vt{lkD~I%6A7B_WIVnifS*n;>xAV40U>kkux%n~V2leXb$(SM@)wbJ6jA
z9%~GQB~v6ri%{u;(Zpsm28bXeRjhMr_+n_5@*qXYA&06)MOyn9ch3Dv)eMYcuH!J`
zlp6B|-v1uj*R26Q?-?Az*c{MvAbQxra5eiM<p#$^WB8>quiuHIQeO4s3t;<ZA1EX{
zB!}MFO8sMt(g4|ogB}GDxyDM#lQFtxjrD6KW$2lOul@GMdcZ<5T-qGc!BPw}BO*3g
z6%#^t-zXtM#_0qCQIF>7w|8o$U*b|eMT5%Ar#e`6?HZhAawUmbM3vsdVk5jFQS8NI
z<V)<zyP0TEH!N-1!JI*r*?_pxNlFiDEWlzd5ALiB0#O+tUL5?3vo#J^Xp$=gd?&f^
zB1QslC%2eGGx>?++8!((HJc7fUJTRGLe7*1fDz{IgudBwkrN1oK{@jw-yeug+HdZ}
z)C8C^CIA;!mc~;v=z5i#UThnVNcbK+;h1RS3I_0ImdHBhTt^iiPj%EMjSNkPTE)pD
zv40V<w1U!H_1(}L-kqQ!#rQ*1F&+_=$Gcql>|R}PR~+r9I9EYue$if6q$+hDRW6kS
z-3vMwTgsj7xSou1Xs{c@S4Pgs?7^@(?q>vNgtP1nRzw|=5<^CGG2sNq(Wgg5vMMs1
zI3>QzHfKExI1{Cl#$4DV`pX3(O3}v_h|H{JQD!s8e(GsPzqwt_pMpkECo#VuQpH6j
z4G2IefRqu@D$B?pAPz_Z6~s4d<E1YQBSGw_Qhu1)Ha#BP30v7-E(e3VX=`s)h<DS^
zg-__o%b7}rbQaL|j`kFUAju+yzoUm-`cfkG`V&K;qmAP#)M#SKY0KSOO^YdvGZcDf
zQ({9I%v<BZZcI_F&IYm_mT4vPMh;i`iX>resLVxn(@#*_&X1ol$MCHIYe~m?#~*8%
z%5mz#OQ7kZQ5>}@TT}|VRtGH>Sp`re+Al~6Gl(=-k_cuB)(yr|e1?5tTW+mn9q^g~
zb~RJo1*<W^h?yyfp&^TcP^7Te9^2_S2&*xkTO1mm{$2bE@u;DMXgr&L-^?K_Db0g+
z%ETZd<k)r-2fOCqP4~Pve9IUGkHEChZ(~zb1q#n)P6C$L$$9G-OLkMgUfl~SCVDqp
zW0t#JbJG+F*_KQI@I$BMo6nBMn(8s23bD;-1E%H*w|+*fZZuT+nReKUgwK)BKv(iP
zuzBlLp!*tq=yOqxF}rp%(}Q&;`)bI7q_{B{tJh2KHqe~Y->7Jtd}}$NuneT>v)EN4
z+t#Y5z;XNRO0+o1#@>hVU|7C+BZy!SB8+B}r>ifCRB(-rWm^6$4Ro!Q0f=LiI27Ox
z(hz+JycT~XM=7E~j->!n!VXD1SpwEul|!k~jVEOJ-AdH}*g<cJk<vy|+M0bs8kiC^
z#b!sQ<0#bNy=xaW6kb~*l@l-6k-Re!NzdyPlwjBs5o}-%lUl2-HEAT^aYV2PcoN6t
zp+s){6^S3oYu&FQ!u$$|sm!(Oe%Cu@+m}E8y(Dy!tA<i@>ZxvmB52Xv0SlEv)~rMR
zc+Jp1(!1zFK{ho>g<(&}pG9U_lbqY~yeRL$FFC#%VhfL(H&0`Z^Azbd9|e8U;P_xS
z->PHP{V+Oy!iZ%R9gjwKphPEIT~S{BIjfMH*tYBM5rnGslSn|-mUpO4Gpb_4CHc5K
z2}fZwiMW(t%Mj6fSW#j?7{oAqZET4<<TEl_s;7v&qacz6H4hTE6J3R8t_w{V0!VH|
zC<c^BXP6Fj8R+}aZOW_LbPx*^y27hZC<MBa&fo7QKnoXwWo}NeG-a)#^ss4o88nM<
znGdT|q8Jz7zxRjBi&Os<J_1+J(xvR9U?oZ+AxC9aUd!51BypHY526$CkHY@w7ab$l
zYIIpMyD|r%PzO$(OrMu-M)(o0z^TjTt()6R%~<f3V~@T&ImY;!eR+g-Aakp1qbG~^
zUxdlDhsm_lbtYOnR)&OHu+;bmhmM|C8UYIi9T~CQJP`4P&Su*g+R-c!WRyoUAr8#p
zmGVd%u3Z(%qPD21pmW@0OPZt`9SzjF0X=M@5K*V}Q7)t14l7XPdHlPf=@BG_ZRm^5
zAjgKrOpbI9sK-6QjxglBeKj;xCLD9pz@f2;qN(_Su`W`Eph+Zx=)TeJZ|h}$11<75
z83Xhik^C&_M|epmhM0votgr6{lXL!kvhN$2(xf3}1_#-y?#-3lA(S21{0%oqZI(+E
zh>JZS>o!gUVFSbef}7vRx@n;1aN`r)y5X79@K724I<VoyM+4IH_7S`IM5-<3U}a`)
zx84z9yuDD8YydT+{#B(nE-v1`-q}{~Y4b2`<v!NcGTrLe0Xbs5x7}}5sywWKwdgbw
zwuL<+A413tsn5pSvLreu7i!0NUUuiLTGwd07!m~*lv-`5ULeARMzVNB0E{!H$&vt(
z#dt@nzx}J848quk+v=3({1bFC^1lfWMRY%j5ZnRP+~66nJgUvZ`^Y8)R6_~(ad4q?
z%S4xvtjU_F`sNr(o8^x55gFE+Rq>M7{OgW)?@#tQ87oA&Ow@*knVEDy)kXN(#ziiP
z$bNQk68F`I*{1a`)~a<K>64e}*eGH2@{$=H`{R&8ZP7mX-A2}wQe6=^4oi|w5TB_b
zi@fft&Qu|3DLTzwv&BG_Zba)#MO|QeZm)KRANcRy+1b70<Kb`1<=H^w@9CSJl>%B$
z-v98ELxH*AM5f{P3uJf!nScK3$g9FM+Cxa>^O{=HnNyJgues>%?LwiaPkQgcQtn;}
cyzb+ptr(B`Q*O8bi~~4B<H=g|w|9pB3t&%VM*si-

literal 20525
zcmeI3dyHgRUB{2g3icwn3(6v{oMBmd2c~<vXJ>YHd)dX_nVz9{yJvc*dsbM{^;Xrb
z?z>Y}xAxwu?&-k?f>9G85yb?2g2opnlB|*_k)WCQk0u)bFe(}&ihpP#(ICEJ#LxG4
z&b?LDFBVi{3^#N8TlaMyzxVl_-~7ex&-+ow@ea;!;5_|2=YADjc>#Yo?zq*tkAp7<
zuY&&s{w(<D3!VFB@KfLo@WNL+_bm9^U<wXi<lHv+aqtho$6xH+GI;E3ocm$$8u&fn
ze}caczU?;WJ_BC9-MN1NmtGQ{-}h45;`-M?jbr9(!}Aw>9p7^OZ{UxE|N1gc@I7}p
z_Y>f|Uhdq<FLUm-U+>&|xqk8$yvy~c!PkO+e`gr)9j|om+j;(b;4R<@@7!7N6v%7t
zX%LdQ4tNZF27D{{BOp_EFXrYP_zfUabgQ7+`BrcWY=R<X57hfRAYHrf1sR(A8Sopy
zkAklP|2#hbEXa`Do!r#(hrq7{-vU~@;8$_o1NGi@@HOCjK}h622CAPw0`>i;<Mr)#
zIR}f}90+UN!|{3*R6E}Ss-L%l>gVm?SAg#VpAWt};`=~Y=RN@54L%#M{{$4h{ub1{
zKLyT${{pJt*Sy*}{<+iq(fv1rh?M(*c>g`%S8)9spyu;Y(1V`@Pl314nZ|cNsPVl4
zRJ)JH>o<XjglmHQb2s>N9(+Ie9`J9#ck4clKM1~XI?UsZAR_4A42qA}K(+tYc>nvr
zALRPI;E#c?z9+QzF|g0|#&Kj8{2lNX@YdIcdEEwzPj`aP2d6>N<z#$*f5h{k=CKCq
z{ci&`jxBHsydJOL0g7Hf0;->%j`(w+zWZfx3jA=y-vZU{@5Sps1;w{d#_P|3qNjUZ
z7~k{3FXQsX@%pxS{qlJI3h+I=a2I$7`0FPaBk%v=jB_6W7htOB@fq-)VEbgy|4)M{
z*Ei?Tb@2GSbDsb|2tEqF6XyOj_{ZS8z@2-M9q^XZ(2joo3A_!w{XXY@i2JWbNlWm<
z;NOGC@8?~fzw80${+a7L7o7V|@TD;MmE8YB@VB`B$Jaae7}w7}<lN75{htq`17Ggk
z&%J?paQ~BwVZ5v7&@G<diSUTd?*tzMe;DL7_ZQ&vz`q0`h5H-u`@!3m0)5{H(xm$!
zC_erjcnkRN;1uXC1Ua}BlwEi!D1AK!$}YSCl-@oGqPlK3KK}_&dis(0{NvzPa{X_h
zwR<th!L6X)`&#fd;297VbZ-IG&)Yz?|5Ne$qoCyE&%oQkzXhca{}G?R=#8PD6X1)u
ze=jIKeFS_ycp>5?5Yz3R0PhB$1|@Gl1d3iC0AB$9JP7OEhd{OW2~hL=2XGdA$#RhM
zN5EHeeF;>5C5R}w9q<+4FMx=Oy9sI>{{o5*p9M9aDTGVccYv}BcY!nD0{A$%1<Edb
z1bjDm879jvd;-+`?_3G=I0@?d5pW9J0AC6|1^yH`0A&|mvKrd^6;OI`?o#lZzXoc2
zQ<nq3ZwJ4M>sNxhe;j-PI1k<mE=0Tl%AQ{V_5K$4Vz2-;j<?6_cY*ruCqc>CFGc(i
zsP8@u>iv&J{9RD=`J;IK*P!_Hsd)WaP;xc37RGlQD7k-mynaQzzAIke9j|%Cp<-@F
zKR6(R9q))Z2cjx=NKX2k8rQdT=A7%CsIc)AaEbnKT;$x~e3>pd#EUDOlBp*-QR9h2
zGNa=f=QO8eMf8>Ie-Gz%PNrzI$K*&Ijm|v~(Xm(vaEN1lNS^PBSG%C}N{8e{$J+xq
z%!$i5&v9b5?074GrB~JQ7Jf)SA)9M+9^-r+=QnYRFD2)roQRDb-@@NbPT7<*oYI9E
z&c`?jbzF;c{CFx}AeJUC-wl2zXBzL{6|o6!abi{-p;LWq^XmqubW-*RGwa^QDOnnD
zR>zz9@ok)#Ups~oPlAuf-&esGaeha<UI0&UN=|jmb3Vj5%jr3FJQBcS%!1$2wd!c_
z<F%YioX>Dd?j@@_WYgYczlgyiJ`H{ir}Y1Y@!s)>9q_w27dgA}-V;JU<4@1c`A3qL
zzmh&POv}NnUr&qewD8TO*UJY!FZ@o{>3IF_7kM)+OF!63eGy*wtzqg1xi9l>I@rp3
zn><VgJ}Z4cEt+YzowoG2k^00pJ6YNr__Qc!^qzEfbM}PqCY^R(ba|_4u-xqplItgY
z*4s`x+30?ko|Dbgw~M4pKPNP@R@zMa13Ia{F7n}kr^jc*)aL!wUNRhP<wbTQZOvAb
z^gBsuGb%NpooujWb7Fps+Uo=EXU$}g<vrgl(v~ihP8nOh*I&qsM%Lo?tl!vTvi#dj
zdufq$I=hUelMKSVX|9`<rJ5;*owW4)*v*H9FOA5v{#?#%n*-~<+${%b*C#FJmz9Ge
z88Aht<GXp0LJtut45>&rlcE)<P1k{<kw9^br~M^3b|D}3nD*r&+st~gQ=9y-moz%5
zXgKVNzt&dn+gT5O8GB2H*{lf*@d8E9_*EF4x2*ZaPAA_HT_-zWNXbsZnDcgQ%tXtW
z9GX4h8^bW^itQ2~S{;_W#rG1oa@g<Z1(b|k-xvC9isu@=*cnF|zeu)|tYZ^H1~m=%
zu8EsWCatZsfCY$SFWt;xsIhk|O<HLoq2`+%-tf>#vYtU4lTyE(C4PF*`kgtql@vUm
z_6d}#ZmuM~%^|`$?PF_|{GIiSlfon|%Md8ZO<HM03o*9|r#1D%TYE*ZmefeKNSOO;
zx!%aSDH;%3kCP9g=BrK$bVeE@@-*{qzmpDXE+b@q$Mko=vtF4QWfCMhDf1vP1A2(v
zJ|O9Bcd};euVQ7@Q{8$aZ6+{Q;(!&1-;C6*IV=k4VL3o;Mlusv%T#vzsG<~WE9v*s
zo+(k{*RF2VTE8RC`tGnZ$e2$gD?-T4WPna#BV?I!pSH57Ye`qLj(wPD&(Habc@L=)
zXR1e47eOke&Pk84G8ofqTAh%zK$-b@zmoPgu__~Wp9{vXqD?DB)dCZyWdmq)CVVqJ
zqJU|QZ{)3AF-8olgjK?axi!NhvP+~izq~O>;;YpR;*d`HH8`L5Ab_mV1r$Y67>zxa
zER$;3%wxBaY2jYfv$lPvp1LVYqGxrRr7!zwGizrIrLh~H*`(tL?)7WQZYRgpY~;CL
zNs3L=;P$XgI#~6*YoA1ErH6yOO(jX{xF1_H8(x1OoeZSusE2|^lR&%J@=jK61!5(p
z(KQXW@Cj-+M_Lf}j%L~H<j8HDW-o2(Nu17UfAz|8m`dK;lr1`BCekOhpx5Ph2F$+0
zCu$$R7^f*_;8lEjJ&{i0|4dne)G(VdIZph=r7_u;_hO2}-mn~+nporNEol$r&ivZt
z^^FsZfo7WdumgKiY+Ty&j3(h13YZP>TUmL{%v$14&!5Jj4Jxlz+u->#IMmuM;|f}s
zMilh9b22!wO2#YIkG#Z@pcFd^(vy3P4_>#uYeQ;h*TV$xrbHY&)iijoljjUO(74tm
zjR{REe0^uB*UaTIYa7kPF*;FOg4q1k+um1J8Xwtw)-PR0tT9dFY9sX-1_w71*jgo`
zMs{g`Tq$B#)1kp?95pG7)%!<q>H!n7)ugvunfa2qAqa+K)}|q$!Za!PF!jYUM5(WJ
zGU*Zw5YXY1vEd%+&tnXcn|y|eglRv3Z4W)1GYya(v*7R&?(}-4=uMf)K7K-0pk;9&
z@q^+fI7A3#&0-&-;$Xi^M34KXR(q@jUtp5PMxrpF94PjTDk2-6LD4ux1&`NsFLEG;
zG)M##X-TkQ+E60T&>BhenoaEt;qEf_wvdLehfsG(5vlAxJ%(7Snnnx@q`t8i%^^jU
zASFJBZlrmsi3nG<F^sL{XkgFhP2{``B;kF$7*4Z_<bt)0(Kd?N9(LMHn#N*it<J|k
zX{4GoJ+-q<WRP%);ow1=@=BQY(O~0*=PhnpmRXTVhT!9<slIVzV+{ju0hvkHggM_A
zo>kU93Q!#pck@!>CJLDUuNfXm874xwBAIL<G_!u$mJW$$0fH#Ye+PcZ-;D>@=JCdu
zvy(O|20_AMU#*3(@yy&QTi#sc4u)lt%O&w<u$ht8SvRZ!pyU{Vxp#dxwvX;@z>s!U
zFgfD&z7$QqwzDm^i1@)oL109&*+~=mpeiVtMjn&qRtTZa%-w4um=R~QPN{;|i7}4L
z&WN+(!ARcma4l4)R{c1c#4Gg4AtQ1DMa}nO6366ff)mx-nPxAwZ-vzd5d}O<dd(Oc
zeJ&NT^<v(mmGKtgODo?A-t)}dX&)Kl>yY(gnqQKt(sLbIRF=a6UtU-b3d<zUKT^%Z
zLdxnznKlc6&&BW+4p)4^J`$r#1z>KMtCq0{p0mo304B#22%ecc<4pseU|AreuZ7fl
zy%rfa6NfOTP$&>q8qrsp1X!cU(jaf<L>Gz+YKwSC=%j)6hgg~@6PO7(?@4v4o75U2
zDAlOBTAn9$xN7%7WAQ}L(L<uc(i@pE0`!L627$!>!A1jfpMN4LvIM#=cFNpeimR*C
zbmb^R6UC2LH1v9?Bh`Bj3uKfmsGocXEt&Skft|(Fm&0~DYg*=Eodq=#Fri<ETYB1x
zwy9mDtS(ZP;g$X1nOV0^b}f~h6M4(VA86u@(R>g%6O~lHA|zM{*>dxk(r(09X$}-N
zCIhM{-XygcD&H_Z-)L+U+*KY53&Ro>@1ba}ODNS#>5LIdZm>o@uCx#%Rv5}N$NpM*
za~J{^UbP7i`yuf#YOU-iO+}{o;6RPN?c)d0s<dUv8CF{AzC^zu(by=M(;%^R{r^__
z<ILOx82w&rCu<QLuVh`uvUI%(A@(@Gy$al@KkC>=vJJ9>QF#u`(9~+dDjCZjm-c4=
z6tyaWGZIW0ZV0@SFd{;TOm+a17dlgDqufIb-P*a*E9UHX;hgD0$r?8>`><ruc%CR}
zNP?55+@;#FL{dG+pd>7NW#E>sW8;q^50)p@J7y7Bjo4f@7frxSTNG_gQR+NeCPeCu
zob+K*OloXGq=F+4^9>0z=Pg)6a9V*N|MS_iWfE=f?t99#a~uoM_IKaY><#$I4Pvac
zb>y>Y_xeWhu>Da|wIT^JaP`WHk)>@ZIeTLbbyV!Ul{T-1v|ukC?BvBY1s~C)5fdqV
z3fYsDWEVSpwQruB=og*WDrDpsAw5Q-Ctf4Tit&{n4dG&JkR+ytc(r$}XYP2h^3okl
z1{T2hE5*fLB&0aac9;NL@3U@k{oFDOUxdM5AYylm4cw<&Ed6@cP##e~o5b=hw^&6q
z{_fJ9TReZ|;>^WP-XQS4lx%04Ap%xHZ4jS6itr!yC?^W>m&w4`XQjVbB>k<d8NaL_
z9Nzc_c~&Ko{94w@2lxR$-t|V_&o@Jp7z|dSt4ZI_&&@p+J2>$989m<0F%c0w)?7b{
znr+U+`PZZ)O?ydCxvj-&u4u}!#tP31oC`TQJ?GW%_1J5QR)`e)36qB*Pb8foJ(4ym
zFcI8X?rJ)ZASE;N%Fm|7VNd6dd~C^GK3=+VesSGeg%WOQom|2?$v1LV@Ow!)G&)HX
zF*%7q$h2YpNK`Rd1P3v|$fvDidamJI$XIV>HzXbxmoGRZ_R;mrmxLS37r4&zO(NJO
zL}AN6wz{(KM#vVD`5?jHYh6|}o9ym=>q+<M+R{b)b82pG&INVRpox}EY2=!!=t63N
zrLC36ty+BO*9W_N;8vBlmmY~@YU6}fsLd^zH>tH!Zf><$Up_yxs>I`rMIr1y5HYT&
zNtZUt$e8mGssVGHy%_9>yJT{VI2!Zt_!~viE34fCQbFYU-P)y#ZY?d8G|^a$ilY(B
zeX<B-#A$#0wR%dEF9d5d=6ZO~B5qQVAt^RNn!z!5#l$j#$@coj<ts~1U0plBxUqEJ
zt(!?)VY9*+)yV3}K%Gy^W|8%Yw%i8JfoONwMIYuZ{Y9!b(S8qta`!2ZDLVPEy(JQh
z)R5QK)Fby{PX;7(PI#8E&@q}~-pg@5?2+*4ERFCf|AIrcrKhjgRJ1(n-yGdb)JE-D
z$+HKBh`xN<t-Nm|zm6p1fX$NfL}?4uHNNLxg_@(OuOiD_@KOWIt<;8k$A*)&y-xgl
z;Gk*^AB`yL|9^8tfnA?#L=ciWn&XCAnkK&?A!=$Xw8IJLu8uMt=7z^_*sAcDi_WRG
z5Ak|^<-B{->Pl@l5M@k>7@|e~px8CC=21;00m^E`-3i4+IAXCGk6f4=m8sMcE<wsz
z-dfI9kuO%%QcSjju`IyU)P$c^JZ599Q)JSvV>TB1yz=uJgj`16J7FTA;6yL<rWM$-
zP*n)sWbKWqQ{F`@iS4XKK7o;@omLRIX{N`*ropb%uB9q9QH?=@auGQh4hDRTVV5M=
z$?A2Rh&`J<dT8268y{N9m#q*@RD*-R`v&KCQ?_j?%9tOz{Fo#`-<x1gL*XiFFVY#}
z3LA4E$=INVz0hUV+axKp<6=8<6-}1gHe59~Mqp;3t;oriERldWQAQwiSdAyFZ`p*|
zyEBSGC#xw+;&dzd35}Zr5G@Pup3M4wu^>v>P9595EDPbHYiwewFj@_GgrDg<A{*L@
zH|@8rC|pK#R-D5tE5qwD(i~<Q>{lxvvNt)pE`!&@a4Gv-f5he-ADa(wq4#nt-&t@(
zTFq-ce1{uk1I(KC;Ns5#A(vxYxS87MHj{q1vVrMmrtquoK^|&5Q#j|O44VK~jE%C8
z>tu7-6nDFBH~v~H@}~)JXO>$tG4HV;M<f3*btP4XWM;M8%vv*#3^&V}jeNmRtzDkE
z5__1z#ia}W)ZD50nYq(5b7%ehnT5HtubaaUPpu^7V8*;#N7}mJ9~~;UjC1OA5?J;6
zr|o(cI_vtI*o2203h*20!+ag~R%bSFstaTYnG1q*&(>hjUpRSkXJ==YsS~!g)9W<R
zJ;|p%KCZD78#tK_P9CqDTVNSGwYt2zG@9=G?A(-sD)=&^{euM}<LiTy{SFDR2c_xS
z_<iW=#)X;tNAIcYc3R9-+Y1Z+{st|tu|1G<W-ee_$_3x++hzICsRwakdh*acJ%8*W
zKY#qesW;7Bw9)}1&020-l&5A-&z_nJJMMeRGnP9s6Nwq@`Tp?cvz~ebBvpo#t!-|G
z>$JG}em23_)<Mp-<R+9+;wT}`_s?LanmNB&e6YXG07Ah=KMRUO5|wt87gyH6vM2Yj
zo?&^~?PvK3R`m!k0TLw`Fm0?4^&f1nN;v4Ig=u5PyqJ+SPz}c>Uu6e=!uVqW2j6az
zA4#`!q5}0ndNa-=tv1*97I&=d9mmaIv^{`?#@ND#0K_+*mO@3x4JtZpBp3i#&eGrp
zx?;I@>Ojb6k&q4?n5g%7TpJ;|r)_MF<)jtikbjqOD@IZxcGHHPY5yKYzi}fr&FVce
zFDABFMnmAvbkZHG`C!5s1XeLfBCdGC%T(nE8C}X*S!=v9gpD?simti73|xytpC|(v
ziO%Iv7a?XvBFRN~7C<dhStdmFeG*9|K{Pk~biQo^7NyI)Kz=H&B(cMT>qGYSOzXyu
zylkeu8<LJ7Mtd679*-wU!e&Iy$R@;wP@5IS4N<+CM@Z6gCk|$R#fZsB=p=q*)9Ymo
zg`aS58ZxuT1y4~7Rfc4YFtAl=aMVarVsfJ@5`-v7jb)0gfB`!8Rb*k?mwrrZARnbm
z?2Sz{RMn823-)E&r~AuFDv3X$oCFF-J=MInDw$_{bb60`*BlG#u%Cqol#`732Ma0+
z#g1q%-A2wQZ4H)~U>%)<97rjdETbqIXjLVN?2By=5c+IN@1*IGZR3R{hbwi}!=z!O
zS*>C^8DUkJAR!HW(S?<n1andgu;o{x8e`5_SW>~zv|+QsG7@jAH(@T#VdneU&EKe~
zP21GTF%|4#FNkQDeP*>G&DJiYj9#TLVTN_7$(T5f*n)1L^#r%H8FuUx>5?u+bjBn!
zHg!O)$v#=IY7<%ZdN;hPH9_x0m_E9-*N~ghoe<TuvNw#d${c4DYG9&r%4~><Y{t<v
z#PJ<ccrubG)F_#h9U5$I-Tb9+b3$2*Y*;o4C@~&o-a>WTMrB!GqVJ%Yaqq)&>Mert
zpcZj72N$8hE(vf8bF0L(Xi+&?8PwXn!p;$!s!?WaP{&e~;AhlO)ve5{i3_Hc^r|cv
zK2fVLK8xEQtu&~_Hq#<uXFdV3te>OIn5BNOGwp;hNpT}@i}3jNAy&!=4-phON}J+z
z_Z6ueF;f}5&a~=A$g#=PQ+?+<!`^1#Fb%7lNDNG@UmTAIEMSNhNU=t(5R+P@$`ytw
z?N?7(kBw9KsX&_Et+N)HI6V(lE78OC^Ffg|SPR5q5XzcLvx4VU8R@MkiBh?Yy_gi&
zfGrKNP1rl;3tpzSB~s^zVwNN5G$9di(LA!G2cfA1p|Ulz?CY{f!7hkbv7#lI1_d<Q
zH5O5;NwQ94kDdu2)tYQHoa(Vu)oT>?38k!6I+nbQbi4{lry;ZAA8jv925YAM7TraP
z99-=}Vhn8}HX{;1JP%P6;ycTWl~kD36(R_#^*TK^W*l5q0<+iX>>bd-#V@Evl(aEF
zX97DGC8}FdJ&S=ua5f|3U;&S^a@f==D6??y(ApRF9JEspH$(_RA{Z5_Ynr(ag)zou
zD}gbtnnyq&#}u=Qw-k9}%!qtOwnAFKcO%Q7E}%WJeWiDDG2>R~1T@F4==SI{i$z%K
zDWoyh(<p*ZAxs=U?Zz1Ch;o?6Lu?rr0b!rieE6s%$S>7XB3kkxRp%lYV!Ec7LhHjp
zLbRLRd=|YN`Bx}cvR5o)$k->11Qd=1FTv(1&<G2iV1p{tkEI-~X-u@~-Kt_@P{!C5
z_Djm9Ct4f}#KV^V0W~s5%|FJYw(WI*(T|~JOks*N;&L$ekrw!cNCI1vg;zSLNjhNJ
zCOxQLU(XacYOc@)Hb#bYaRaDiQc%^ZAS=c&!9S^tVp=P$oH{3oRWMJ{;e2!2Fn!-w
z8#6g&hB#`sm0OI5$cGXPa$3~H)bvKpdDkqRCU5o+OJQz|wNw`a$Z|25!I9lVl9U@W
zn@3Z&<}tk`*lCKP2(Hv8k#E{#8xAd=nViJ9%tc`v$#3M7W@#%Q2&{bz5+_<FR<0fk
zF<LmofHL1E2}69Bq4#E1@a?JAP4#<07^UD^`quB5DAp9jBM{eV@o8c{>sO|aQZ}3d
zlEGLfC7F!XSO?}vBXf_au|aV$Rq$hvae@hB+Y7m>Z0b3g@WuKXi6ZaT(T0kP(R+=~
z_(((&Rj@N1*J+YKeZ-V`v7)pV+-5Yb2uJ)TqnkaaI-Jjg&x+}XL4hirq^BT#R*eG<
zO_wWsUa73s7%IQ1g2-UU#%<A<_WCwj8kRYeO-sx|95UX1)R7qbm>Zbv?LpR`V;PsU
zavdyaqT2~Z*HfR9Vg{fo(S(J6wj#DPOjrt^nLDCJXOfTy8v3Xx@HUuNO;gJ$tWuCT
z?KI(3o>MyGK>d$0dsxNJp<_gVtrmqk<dM-7r3fwS${!NiH-7-@B#Rl6@p6qaD$Pm1
zv=zd0^GK5(qcR3bm24O{8m!8w;i;^KRxB1KR5_e_trTRvGff(;IgCobhIAcBkrRGz
z&|9~|EJ&FK5oQsD8B)@MQIC;;#ms>H19XyIolx6DD261~t(f9<GD^ENbX%oR;lr?$
zSsHKl$dOP1td$Mbg&07k2iZ%At5$Mo+XS9G`r@R!jxPI|6rltBf?Tp?3dl%oW>n``
zOl7q>#!mf*f-PHCplPb2Axoh8Al^fJk4WOlvJZR8DiH7oz8meI2@zK90vP}*q<9W~
zNIEeivHKGFF48K=r2oN044hG=3CTByT0OCugCy-q5NcGa{?R6cOf3U9KJTB(2{YVe
z8cmE3Pe=wm-B&d9If*;$A@$5Hm?y;oO-so_xba1`S>b4HDpM`PU58Iz!HZ4x^H-WG
zAPR~T<16R)mlQoWJN5;pWv#yGfzz$CY5U&$T4zqD_s=KoR(jvu+1CB-*8HjYvu95=
zp6Yj=nsd+Pt$F_EZ(VbArOx%|vEV3X<3o<r^0$io^?@w5>PL*>c=?e#mzZGN5vgVT
zIsf%bH!R+Xv1G@#`IY}?q0P1kPmxx(i`GMMC~3t$j?5e(YDjI2hYeX6$2vWe2F5`%
zu&XQ~>M|rYhC=}}#(Lc6M)g$iA62NsMjkf!OT|e|Ul%WZk&2VFkuTxVu8+1T%21|+
z*P)C*E7%E1TqSD%>!nII7=+bwGG2vCZZ&3OwTGaRrHoo6$y0&&V-2yHT6J02kA>V@
zuoQQ04lG)tPDzR}Uc0onB5CCds#~gN5!5Uw-XJpz9l|eL?vF+4?xI#L=n$nqY>KFo
z31`DnrLC#nUGgdViF>J{nEZ=UxwKS=Im&|f84X2XCM@HN^xAAlOvWFGwv|b7ixZBK
z`&PM>G#Z#1)i22jn{f#(5OW-JOLCsQ#D%&T<<8ybTfej-!^nTA!z@w16e9#VtX{6B
zaZT8{x{hgCr5{Fdy$b#L|EM-DyDPU=`!x1YC422;TU)HEIgy7prX?NhvNd#Y{m_?+
zn)a7j{Wpr5mclM~ovq5<zB|X<Ij#0#_Q;CFJ1T6d^tG}uo=PVQ;t~=!L}r%Yl5AQN
zFk2}EDw?=uVo?`5RXeW=+bsbRa{g?%H7Km5To&_+sNgLvPBldeTkW{&sVVYA<lERw
zq2X#9i{3Wb<hHbeC1RDL8A>;(g9+7AUn+O{zgh0Yg0)_$!SHIuFZnsR9DooRLufI6
xwKdAiEFps6Sr*Ve!Ey!T;zIEgOFb%~zK{wi6?krIv8?qa-Kq8L|3@X%e*s@bue$&M


From 445c84c4ababb678b874f1efb21cb61262742d66 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Mon, 22 Jan 2024 16:48:15 +0100
Subject: [PATCH 327/330] [Fixes #11855] Reduce log level in donwload handler
 (#11856) (#11874)

Co-authored-by: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
---
 geonode/layers/download_handler.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/geonode/layers/download_handler.py b/geonode/layers/download_handler.py
index d969a0d3703..09eb032a53a 100644
--- a/geonode/layers/download_handler.py
+++ b/geonode/layers/download_handler.py
@@ -97,7 +97,7 @@ def get_resource(self):
                     _("You do not have download permissions for this dataset."),
                 )
             except Exception as e:
-                logger.exception(e)
+                logger.debug(e)
 
         return self._resource
 

From 47fd6760573645615f2ff4d9dac2dc3129ca06e3 Mon Sep 17 00:00:00 2001
From: Giovanni Allegri <giohappy@gmail.com>
Date: Mon, 22 Jan 2024 18:00:21 +0100
Subject: [PATCH 328/330] release 4.2.1 (#11875)

---
 docker-compose.yml  | 5 +----
 geonode/__init__.py | 2 +-
 requirements.txt    | 4 ++--
 setup.cfg           | 4 ++--
 4 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 9c241372858..37d34a0ad44 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,7 +3,7 @@ version: '3.9'
 # Common Django template for GeoNode and Celery services below
 x-common-django:
   &default-common-django
-  image: geonode/geonode:4.2.x
+  image: geonode/geonode:4.2.1
   restart: unless-stopped
   env_file:
     - .env
@@ -22,9 +22,6 @@ services:
   # Our custom django application. It includes Geonode.
   django:
     << : *default-common-django
-    build:
-      context: ./
-      dockerfile: Dockerfile
     container_name: django4${COMPOSE_PROJECT_NAME}
     healthcheck:
       test: "curl -m 10 --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://django:8000/"
diff --git a/geonode/__init__.py b/geonode/__init__.py
index 9b1e32fbb4d..db7f3b46ea2 100644
--- a/geonode/__init__.py
+++ b/geonode/__init__.py
@@ -19,7 +19,7 @@
 
 import os
 
-__version__ = (4, 2, 0, "dev", 0)
+__version__ = (4, 2, 1, "final", 0)
 
 
 default_app_config = "geonode.apps.AppConfig"
diff --git a/requirements.txt b/requirements.txt
index 4ea6cf81017..124910335d9 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -88,8 +88,8 @@ pinax-notifications==6.0.0
 pinax-ratings==4.0.0
 
 # GeoNode org maintained apps.
--e git+https://github.com/GeoNode/geonode-mapstore-client.git@4.2.x#egg=django_geonode_mapstore_client
--e git+https://github.com/GeoNode/geonode-importer.git@master#egg=geonode-importer
+django-geonode-mapstore-client==4.2.0
+geonode-importer==1.0.6
 django-avatar==7.1.1
 geonode-oauth-toolkit==2.2.2
 geonode-user-messages==2.0.2
diff --git a/setup.cfg b/setup.cfg
index 79feeaeb61d..5e24e8fd6be 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -114,8 +114,8 @@ install_requires =
     pinax-ratings==4.0.0
 
     # GeoNode org maintained apps.
-    django-geonode-mapstore-client>=4.1.1,<5.0.0
-    geonode-importer>=1.0.6
+    django-geonode-mapstore-client==4.2.0
+    geonode-importer==1.0.6
     django-avatar==7.1.1
     geonode-oauth-toolkit==2.2.2
     geonode-user-messages==2.0.2

From cdeb2d95d6224cb364c1dfc52e3a6addf18c0b2c Mon Sep 17 00:00:00 2001
From: "G. Allegri" <giohappy@gmail.com>
Date: Mon, 22 Jan 2024 18:06:08 +0100
Subject: [PATCH 329/330] Bump to 4.2.x

---
 docker-compose.yml  | 5 ++++-
 geonode/__init__.py | 2 +-
 requirements.txt    | 4 ++--
 setup.cfg           | 4 ++--
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 37d34a0ad44..9c241372858 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,7 +3,7 @@ version: '3.9'
 # Common Django template for GeoNode and Celery services below
 x-common-django:
   &default-common-django
-  image: geonode/geonode:4.2.1
+  image: geonode/geonode:4.2.x
   restart: unless-stopped
   env_file:
     - .env
@@ -22,6 +22,9 @@ services:
   # Our custom django application. It includes Geonode.
   django:
     << : *default-common-django
+    build:
+      context: ./
+      dockerfile: Dockerfile
     container_name: django4${COMPOSE_PROJECT_NAME}
     healthcheck:
       test: "curl -m 10 --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://django:8000/"
diff --git a/geonode/__init__.py b/geonode/__init__.py
index db7f3b46ea2..9b1e32fbb4d 100644
--- a/geonode/__init__.py
+++ b/geonode/__init__.py
@@ -19,7 +19,7 @@
 
 import os
 
-__version__ = (4, 2, 1, "final", 0)
+__version__ = (4, 2, 0, "dev", 0)
 
 
 default_app_config = "geonode.apps.AppConfig"
diff --git a/requirements.txt b/requirements.txt
index 124910335d9..4ea6cf81017 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -88,8 +88,8 @@ pinax-notifications==6.0.0
 pinax-ratings==4.0.0
 
 # GeoNode org maintained apps.
-django-geonode-mapstore-client==4.2.0
-geonode-importer==1.0.6
+-e git+https://github.com/GeoNode/geonode-mapstore-client.git@4.2.x#egg=django_geonode_mapstore_client
+-e git+https://github.com/GeoNode/geonode-importer.git@master#egg=geonode-importer
 django-avatar==7.1.1
 geonode-oauth-toolkit==2.2.2
 geonode-user-messages==2.0.2
diff --git a/setup.cfg b/setup.cfg
index 5e24e8fd6be..79feeaeb61d 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -114,8 +114,8 @@ install_requires =
     pinax-ratings==4.0.0
 
     # GeoNode org maintained apps.
-    django-geonode-mapstore-client==4.2.0
-    geonode-importer==1.0.6
+    django-geonode-mapstore-client>=4.1.1,<5.0.0
+    geonode-importer>=1.0.6
     django-avatar==7.1.1
     geonode-oauth-toolkit==2.2.2
     geonode-user-messages==2.0.2

From 842bb5aca5199330d696d33c9840be8447288c81 Mon Sep 17 00:00:00 2001
From: Henning Bredel <h.bredel@52north.org>
Date: Mon, 22 Jan 2024 16:47:04 +0100
Subject: [PATCH 330/330] Update docker build workflow

---
 .github/workflows/52n-build-4.2.x.yml         |  59 +++++++
 .github/workflows/52n-build-master.yml        | 133 ---------------
 .github/workflows/52n-release.yml             |  78 +++++++++
 README_52n.md                                 |  23 ++-
 scripts/docker/geoserver/Dockerfile           | 113 -------------
 scripts/docker/geoserver/README.md            | 132 ---------------
 scripts/docker/geoserver/docker-compose.yml   |  61 -------
 scripts/docker/geoserver/entrypoint.sh        | 152 ------------------
 scripts/docker/geoserver/get_dockerhost_ip.py |  24 ---
 scripts/docker/geoserver/get_nginxhost_ip.py  |  45 ------
 scripts/docker/geoserver/multidump-alt.sh     |  16 --
 scripts/docker/geoserver/multidump.sh         |  18 ---
 scripts/docker/geoserver/requirements.txt     |   1 -
 .../docker/geoserver/set_geoserver_auth.sh    |  91 -----------
 scripts/docker/geoserver/setup_auth.sh        |   3 -
 .../geofence-datasource-ovr.properties.j2     |  12 --
 16 files changed, 155 insertions(+), 806 deletions(-)
 create mode 100644 .github/workflows/52n-build-4.2.x.yml
 delete mode 100644 .github/workflows/52n-build-master.yml
 create mode 100644 .github/workflows/52n-release.yml
 delete mode 100644 scripts/docker/geoserver/Dockerfile
 delete mode 100644 scripts/docker/geoserver/README.md
 delete mode 100644 scripts/docker/geoserver/docker-compose.yml
 delete mode 100644 scripts/docker/geoserver/entrypoint.sh
 delete mode 100644 scripts/docker/geoserver/get_dockerhost_ip.py
 delete mode 100644 scripts/docker/geoserver/get_nginxhost_ip.py
 delete mode 100644 scripts/docker/geoserver/multidump-alt.sh
 delete mode 100644 scripts/docker/geoserver/multidump.sh
 delete mode 100644 scripts/docker/geoserver/requirements.txt
 delete mode 100644 scripts/docker/geoserver/set_geoserver_auth.sh
 delete mode 100644 scripts/docker/geoserver/setup_auth.sh
 delete mode 100644 scripts/docker/geoserver/templates/geofence/geofence-datasource-ovr.properties.j2

diff --git a/.github/workflows/52n-build-4.2.x.yml b/.github/workflows/52n-build-4.2.x.yml
new file mode 100644
index 00000000000..13aae68a94a
--- /dev/null
+++ b/.github/workflows/52n-build-4.2.x.yml
@@ -0,0 +1,59 @@
+name: "[52n-4.2.x -> 4.2.x] Builds GeoNode Docker Images"
+
+concurrency:
+  group: "geonode_build_master"
+  cancel-in-progress: true
+
+env:
+  TITLE: "52°North GeoNode Docker Image"
+  VENDOR: "52°North GmbH"
+  AUTHORS: "https://52North.org/"
+  DESCRIPTION: "Builds and publishes the Docker images GeoNode, GeoServer, Nginx"
+  LICENSE: "GPL-3.0"
+  TAG: 4.2.x
+
+on:
+  push:
+    branches:
+      - "52n-4.2.x"
+
+jobs:
+  build_and_push_geonode:
+    runs-on: ubuntu-22.04
+    env:
+      IMAGE: 52north/geonode
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.IMAGE }}
+          labels: |
+            "org.opencontainers.image.authors=${{ env.AUTHORS }}"
+            "org.opencontainers.image.vendor=${{ env.VENDOR }}"
+            "org.opencontainers.image.description=${{ env.DESCRIPTION }}"
+            "org.opencontainers.image.title=${{ env.TITLE }}"
+            "org.opencontainers.image.licenses=${{ env.LICENSE }}"
+          tags: |
+            latest
+            ${{ env.TAG }}
+            
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN_52N_MASTER }}
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=registry,ref=${{ env.IMAGE }}:buildcache
+          cache-to: type=registry,ref=${{ env.IMAGE }}:buildcache,mode=max
diff --git a/.github/workflows/52n-build-master.yml b/.github/workflows/52n-build-master.yml
deleted file mode 100644
index 59a3ce8954b..00000000000
--- a/.github/workflows/52n-build-master.yml
+++ /dev/null
@@ -1,133 +0,0 @@
-name: "[52n_master -> lastest] Builds GeoNode Docker Images"
-
-concurrency:
-  group: "geonode_build_master"
-  cancel-in-progress: true
-
-env:
-  TITLE: "52°North GeoNode Docker Image"
-  VENDOR: "52°North GmbH"
-  AUTHORS: "https://52North.org/"
-  DESCRIPTION: "Builds and publishes the Docker images GeoNode, GeoServer, Nginx"
-  LICENSE: "GPL-3.0"
-  TAG: latest
-
-on:
-  push:
-    branches:
-      - "52n-master"
-
-jobs:
-  build_and_push_geonode:
-    runs-on: ubuntu-22.04
-    env:
-      IMAGE: 52north/geonode
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: ${{ env.IMAGE }}
-          labels: |
-            "org.opencontainers.image.authors=${{ env.AUTHORS }}"
-            "org.opencontainers.image.vendor=${{ env.VENDOR }}"
-            "org.opencontainers.image.description=${{ env.DESCRIPTION }}"
-            "org.opencontainers.image.title=${{ env.TITLE }}"
-            "org.opencontainers.image.licenses=${{ env.LICENSE }}"
-          tags: |
-            ${{ env.TAG }}
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN_52N_MASTER }}
-      - name: Build and push
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          file: ./Dockerfile
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=registry,ref=${{ env.IMAGE }}:buildcache
-          cache-to: type=registry,ref=${{ env.IMAGE }}:buildcache,mode=max
-
-  build_and_push_nginx:
-    runs-on: ubuntu-22.04
-    env:
-      IMAGE: 52north/geonode-nginx
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: ${{ env.IMAGE }}
-          labels: |
-            "org.opencontainers.image.authors=${{ env.AUTHORS }}"
-            "org.opencontainers.image.vendor=${{ env.VENDOR }}"
-            "org.opencontainers.image.description=${{ env.DESCRIPTION }}"
-            "org.opencontainers.image.title=${{ env.TITLE }}"
-            "org.opencontainers.image.licenses=${{ env.LICENSE }}"
-          tags: |
-            ${{ env.TAG }}
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN_52N_MASTER }}
-      - name: Build and push
-        uses: docker/build-push-action@v4
-        with:
-          context: ./scripts/docker/nginx/
-          file: ./scripts/docker/nginx/Dockerfile
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=registry,ref=${{ env.IMAGE }}:buildcache
-          cache-to: type=registry,ref=${{ env.IMAGE }}:buildcache,mode=max
-
-  build_and_push_geoserver:
-    runs-on: ubuntu-22.04
-    env:
-      IMAGE: 52north/geonode-geoserver
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: "${{ env.IMAGE }}"
-          labels: |
-            "org.opencontainers.image.authors=${{ env.AUTHORS }}"
-            "org.opencontainers.image.vendor=${{ env.VENDOR }}"
-            "org.opencontainers.image.description=${{ env.DESCRIPTION }}"
-            "org.opencontainers.image.title=${{ env.TITLE }}"
-            "org.opencontainers.image.licenses=${{ env.LICENSE }}"
-          tags: |
-            ${{ env.TAG }}
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN_52N_MASTER }}
-      - name: Build and push
-        uses: docker/build-push-action@v4
-        with:
-          context: ./scripts/docker/geoserver/
-          file: ./scripts/docker/geoserver/Dockerfile
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=registry,ref=${{ env.IMAGE }}:buildcache
-          cache-to: type=registry,ref=${{ env.IMAGE }}:buildcache,mode=max
diff --git a/.github/workflows/52n-release.yml b/.github/workflows/52n-release.yml
new file mode 100644
index 00000000000..983fec64aae
--- /dev/null
+++ b/.github/workflows/52n-release.yml
@@ -0,0 +1,78 @@
+name: Release GeoNode Docker Images
+
+concurrency: 
+  group: "geonode_build_release"
+  cancel-in-progress: true
+
+env:
+  TITLE: "52°North GeoNode Docker Image"
+  VENDOR: "52°North GmbH"
+  AUTHORS: "https://52North.org/"
+  DESCRIPTION: "Builds and publishes the Docker images GeoNode, GeoServer, Nginx"
+  LICENSE: "GPL-3.0"
+
+on:
+  push:
+    tags: 
+      - "*-52n"
+
+jobs:
+  build_and_push_geonode:
+    runs-on: ubuntu-22.04
+    env:
+      IMAGE: 52north/geonode
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Parse semver string
+        id: semver_parser 
+        uses: booxmedialtd/ws-action-parse-semver@v1
+        with:
+          input_string: "${{github.ref_name}}"
+          version_extractor_regex: '(.*)-52n'
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - 
+        name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.IMAGE }}
+          labels: |
+            "org.opencontainers.image.authors=${{ env.AUTHORS }}"
+            "org.opencontainers.image.vendor=${{ env.VENDOR }}"
+            "org.opencontainers.image.description=${{ env.DESCRIPTION }}"
+            "org.opencontainers.image.title=${{ env.TITLE }}"
+            "org.opencontainers.image.licenses=${{ env.LICENSE }}"
+          tags: |
+            latest
+            ${{ steps.semver_parser.outputs.fullversion }}
+      -
+        name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN_52N_MASTER }}
+      -
+        name: Fail in case fully tagged version already exists
+        run: |
+          if docker manifest inspect ${{ env.IMAGE }}:${{ steps.semver_parser.outputs.fullversion }}; then
+            echo "tag version already exists! Will not override."
+            exit 1
+          fi
+      -
+        name: Build and push
+        if: ${{ !github.event.act }} # skip during local actions testing
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=registry,ref=${{ env.IMAGE }}:buildcache
+          cache-to: type=registry,ref=${{ env.IMAGE }}:buildcache,mode=max
+
diff --git a/README_52n.md b/README_52n.md
index 3e92b9009b5..51f68b028c3 100644
--- a/README_52n.md
+++ b/README_52n.md
@@ -5,17 +5,30 @@ This image is built from a fork of [Geonode](https://github.com/geonode/geonode)
 
 However, we are interested to stay as close to upstream as possible, to benefit from ongoing development, but also to contribute features and fixes we develop in our projects.
 
-Starting from version `4` this image is built from the `52n-master` branch of the [`52north/geonode` repository](https://github.com/52North/geonode/tree/52n-master).
-The repository builds and publishes three images:
+
+Starting from version `4` this image is built from branch `52n-<geonode-branchname>` of the [`52north/geonode` repository](https://github.com/52North/geonode/tree/52n-master).
+Please note, that GeoNode depends on other components which are also available as Docker images.
+These images, however, are maintained, built and published from a [`52north/geonode-docker` repository](https://github.com/52North/geonode-docker).
+
+> :bulb: **Note:**
+>
+> Please note that the versioning schema is different from the upstream project.
+> All images are released and tagged using the GeoNode version.
+
+
+You can obtain all images from here:
 
 * [`52north/geonode`](https://hub.docker.com/r/52north/geonode) (this image)
+* [`52north/geonode-geoserver`](https://hub.docker.com/r/52north/geonode-geoserver)
+* [`52north/geonode-geoserver_data`](https://hub.docker.com/r/52north/geonode-geoserver_data)
 * [`52north/geonode-nginx`](https://hub.docker.com/r/52north/geonode-nginx)
-* [`52north/geonode-geoserver`](https://hub.docker.com/r/52north/geonode-geoserver) 
+* [`52north/geonode-postgis`](https://hub.docker.com/r/52north/geonode-postgis)
 
 The Dockerfiles can be found under the [`./scripts/docker` folder](https://github.com/52North/geonode/tree/52n-master/scripts/docker).
 
-The official Docker configuration of [GeoServer for GeoNode](https://github.com/GeoNode/geoserver-docker) seems to be outdated.
-Therefore, our fork adds a `./scripts/docker/geoserver` Docker config which is based on [the geonode-project](https://github.com/geonode/geonode-project) template.
+The GeoNode Dockerfile can be found under the [`./scripts/docker` folder](https://github.com/52North/geonode/tree/52n-master/scripts/docker).
+The Dockerfiles for the dependent components are available at [the geonode-docker repository](https://github.com/52North/geonode-docker).
+
 
 Depending on our current project contexts we merge regularly from upstream, and create new pull requests based on this fork.
 
diff --git a/scripts/docker/geoserver/Dockerfile b/scripts/docker/geoserver/Dockerfile
deleted file mode 100644
index cf69384629f..00000000000
--- a/scripts/docker/geoserver/Dockerfile
+++ /dev/null
@@ -1,113 +0,0 @@
-ARG IMAGE_VERSION=9.0-jdk11-openjdk-slim-bullseye
-ARG JAVA_HOME=/usr/local/openjdk-11
-FROM tomcat:$IMAGE_VERSION
-LABEL GeoNode Development Team
-
-ARG GEOSERVER_CORS_ENABLED=False
-ARG GEOSERVER_CORS_ALLOWED_ORIGINS=*
-ARG GEOSERVER_CORS_ALLOWED_METHODS=GET,POST,PUT,DELETE,HEAD,OPTIONS
-ARG GEOSERVER_CORS_ALLOWED_HEADERS=*
-#
-# Set GeoServer version and data directory
-#
-ENV GEOSERVER_VERSION=2.23.0
-ENV GEOSERVER_DATA_DIR="/geoserver_data/data"
-ENV GEOSERVER_CORS_ENABLED=$GEOSERVER_CORS_ENABLED
-ENV GEOSERVER_CORS_ALLOWED_ORIGINS=$GEOSERVER_CORS_ALLOWED_ORIGINS
-ENV GEOSERVER_CORS_ALLOWED_METHODS=$GEOSERVER_CORS_ALLOWED_METHODS
-ENV GEOSERVER_CORS_ALLOWED_HEADERS=$GEOSERVER_CORS_ALLOWED_HEADERS
-#
-# Download and install GeoServer
-#
-RUN apt-get update -y && apt-get install curl wget unzip -y
-RUN cd /usr/local/tomcat/webapps \
-    && wget --no-check-certificate --progress=bar:force:noscroll https://artifacts.geonode.org/geoserver/${GEOSERVER_VERSION}/geoserver.war -O geoserver.war \
-    && unzip -q geoserver.war -d geoserver \
-    && rm geoserver.war \
-    && mkdir -p $GEOSERVER_DATA_DIR
-
-VOLUME $GEOSERVER_DATA_DIR
-
-# added by simonelanucara https://github.com/simonelanucara
-# Optionally add JAI, ImageIO and Marlin Render for improved Geoserver performance
-WORKDIR /tmp
-
-RUN wget --no-check-certificate https://repo1.maven.org/maven2/org/postgis/postgis-jdbc/1.3.3/postgis-jdbc-1.3.3.jar -O postgis-jdbc-1.3.3.jar && \
-    wget --no-check-certificate https://maven.geo-solutions.it/org/hibernatespatial/hibernate-spatial-postgis/1.1.3.2/hibernate-spatial-postgis-1.1.3.2.jar -O hibernate-spatial-postgis-1.1.3.2.jar && \
-    rm /usr/local/tomcat/webapps/geoserver/WEB-INF/lib/hibernate-spatial-h2-geodb-1.1.3.2.jar && \
-    mv hibernate-spatial-postgis-1.1.3.2.jar /usr/local/tomcat/webapps/geoserver/WEB-INF/lib/ && \
-    mv postgis-jdbc-1.3.3.jar /usr/local/tomcat/webapps/geoserver/WEB-INF/lib/
-
-###########docker host###############
-# Set DOCKERHOST variable if DOCKER_HOST exists
-ARG DOCKERHOST=${DOCKERHOST}
-# for debugging
-RUN echo -n #1===>DOCKERHOST=${DOCKERHOST}
-#
-ENV DOCKERHOST ${DOCKERHOST}
-# for debugging
-RUN echo -n #2===>DOCKERHOST=${DOCKERHOST}
-
-###########docker host ip#############
-# Set GEONODE_HOST_IP address if it exists
-ARG GEONODE_HOST_IP=${GEONODE_HOST_IP}
-# for debugging
-RUN echo -n #1===>GEONODE_HOST_IP=${GEONODE_HOST_IP}
-#
-ENV GEONODE_HOST_IP ${GEONODE_HOST_IP}
-# for debugging
-RUN echo -n #2===>GEONODE_HOST_IP=${GEONODE_HOST_IP}
-# If empty set DOCKER_HOST_IP to GEONODE_HOST_IP
-ENV DOCKER_HOST_IP=${DOCKER_HOST_IP:-${GEONODE_HOST_IP}}
-# for debugging
-RUN echo -n #1===>DOCKER_HOST_IP=${DOCKER_HOST_IP}
-# Trying to set the value of DOCKER_HOST_IP from DOCKER_HOST
-RUN if ! [ -z ${DOCKER_HOST_IP} ]; \
-    then echo export DOCKER_HOST_IP=${DOCKERHOST} | \
-    sed 's/tcp:\/\/\([^:]*\).*/\1/' >> /root/.bashrc; \
-    else echo "DOCKER_HOST_IP is already set!"; fi
-# for debugging
-RUN echo -n #2===>DOCKER_HOST_IP=${DOCKER_HOST_IP}
-
-# Set WEBSERVER public port
-ARG PUBLIC_PORT=${PUBLIC_PORT}
-# for debugging
-RUN echo -n #1===>PUBLIC_PORT=${PUBLIC_PORT}
-#
-ENV PUBLIC_PORT=${PUBLIC_PORT}
-# for debugging
-RUN echo -n #2===>PUBLIC_PORT=${PUBLIC_PORT}
-
-# set nginx base url for geoserver
-RUN echo export NGINX_BASE_URL=http://${NGINX_HOST}:${NGINX_PORT}/ | \
-    sed 's/tcp:\/\/\([^:]*\).*/\1/' >> /root/.bashrc
-
-# copy the script and perform the run of scripts from entrypoint.sh
-RUN mkdir -p /usr/local/tomcat/tmp
-WORKDIR /usr/local/tomcat/tmp
-COPY set_geoserver_auth.sh /usr/local/tomcat/tmp
-COPY setup_auth.sh /usr/local/tomcat/tmp
-COPY requirements.txt /usr/local/tomcat/tmp
-COPY get_dockerhost_ip.py /usr/local/tomcat/tmp
-COPY get_nginxhost_ip.py /usr/local/tomcat/tmp
-COPY entrypoint.sh /usr/local/tomcat/tmp
-COPY ./templates /templates
-COPY multidump.sh /usr/local/tomcat/tmp
-COPY multidump-alt.sh /usr/local/tomcat/tmp
-
-RUN apt-get update \
-    && apt-get install -y procps less \
-    && apt-get install -y python3 python3-pip python3-dev \
-    && chmod +x /usr/local/tomcat/tmp/set_geoserver_auth.sh \
-    && chmod +x /usr/local/tomcat/tmp/setup_auth.sh \
-    && chmod +x /usr/local/tomcat/tmp/entrypoint.sh \
-    && pip3 install pip --upgrade \
-    && pip3 install -r requirements.txt \
-    && chmod +x /usr/local/tomcat/tmp/get_dockerhost_ip.py \
-    && chmod +x /usr/local/tomcat/tmp/get_nginxhost_ip.py
-
-RUN pip install j2cli
-
-ENV JAVA_OPTS="-Djava.awt.headless=true -Dgwc.context.suffix=gwc -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=/var/log/jvm.log -XX:MaxPermSize=512m -XX:PermSize=256m -Xms512m -Xmx2048m -XX:+UseConcMarkSweepGC -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -Duser.timezone=GMT -Dorg.geotools.shapefile.datetime=false -DGS-SHAPEFILE-CHARSET=UTF-8 -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL=http://geoserver:8080/geoserver/pdf -Xbootclasspath/a:/usr/local/tomcat/webapps/geoserver/WEB-INF/lib/marlin-0.9.3.jar -Dsun.java2d.renderer=org.marlin.pisces.MarlinRenderingEngine"
-
-CMD ["/usr/local/tomcat/tmp/entrypoint.sh"]
\ No newline at end of file
diff --git a/scripts/docker/geoserver/README.md b/scripts/docker/geoserver/README.md
deleted file mode 100644
index 9d00a465066..00000000000
--- a/scripts/docker/geoserver/README.md
+++ /dev/null
@@ -1,132 +0,0 @@
-# geoserver-docker
-
-
-**The scripts/docker/geonode folder is a copy from geonode-project* to be able to build GeoServer image from this repository directly. In case of an update, just replace the whole folder.**
-
-
-[GeoServer](http://geoserver.org) is an open source server for sharing geospatial data.
-This is a docker image that eases setting up a GeoServer running specifically for [GeoNode](https://github.com/GeoNode/geoserver-geonode-ext) with an additional separated data directory.
-
-The image is based on the official Tomcat 9 image
-
-## Installation
-
-This image is available as a [trusted build on the docker hub](https://registry.hub.docker.com/r/geonode/geoserver/), and is the recommended method of installation.
-Simple pull the image from the docker hub.
-
-```bash
-$ docker pull geonode/geoserver
-```
-
-Alternatively you can build the image locally
-
-```bash
-$ git clone https://github.com/geonode/geoserver-docker.git
-$ cd geoserver-docker
-$ docker build -t "geonode/geoserver" .
-```
-
-## Quick start
-
-You can quick start the image using the command line
-
-```bash
-$ docker run --name "geoserver" -v /var/run/docker.sock:/var/run/docker.sock -d -p 8080:8080 geonode/geoserver
-```
-
-Point your browser to `http://localhost:8080/geoserver` and login using GeoServer's default username and password:
-
-* Username: admin
-* Password: geoserver
-
-## How to use different versions
-
-There are mainly two different versions of this image which are useful for running **GeoNode** with different authentication system types. These versions are released as specific tags for two authentication mechanisms:
-
-**Cookie based authn**:
-- [geonode/geoserver:2.9.x](https://hub.docker.com/r/geonode/geoserver/builds/bx7ydhghnlrfnsppduyva73/)
-
-**Oauth2 based authn**:
-- [geonode/geoserver:2.9.x-oauth2](https://hub.docker.com/r/geonode/geoserver/builds/bwca5rtexeoegzgroavftdr/)
-- [geonode/geoserver:2.10.x](https://hub.docker.com/r/geonode/geoserver/builds/bjohcnc29vm69acqjrvndxf/)
-- [geonode/geoserver:2.12.x](https://hub.docker.com/r/geonode/geoserver/builds/bh7pyw5atmkcljurwsnzbs7/)
-- [geonode/geoserver:2.13.x](https://hub.docker.com/r/geonode/geoserver/builds/btmjctbuvrjfnnrxrs4wyrs/)
-- [geonode/geoserver:2.14.x](https://hub.docker.com/r/geonode/geoserver/builds/bj53pi8he8uksz6ggvrs3wc/)
-
-You can declare what version to use along with the data directory tag which corresponds to the same version.  
-
-## Configuration
-
-### Data volume
-
-This GeoServer container keeps its configuration data at `/geoserver_data/data` which is exposed as volume in the dockerfile.
-The volume allows for stopping and starting new containers from the same image without losing all the data and custom configuration.
-
-You may want to map this volume to a directory on the host. It will also ease the upgrade process in the future. Volumes can be mounted by passing the `-v` flag to the docker run command:
-
-```bash
--v /your/host/data/path:/geoserver_data/data
-```
-
-### Data volume container
-
-In case you are running Compose for automatically having GeoServer up and running then a data volume container will be mounted with a default preloaded *GEOSERVER_DATA_DIR* at the configuration data directory of the container.
-Make sure that the image from the repository [data-docker](https://github.com/GeoNode/data-docker) is available from the [GeoNode Docker Hub](https://hub.docker.com/u/geonode/) or has been built locally:
-
-```bash
-docker build -t geonode/geoserver_data .
-```
-
-#### Persistance behavior
-
-If you run:
-
-```bash
-docker-compose stop
-```
-
-Data are retained in the *GEOSERVER_DATA_DIR* and can then be mounted in a new GeoServer instance by running again:
-
-```bash
-docker-compose up
-```
-
-If you run:
-
-```bash
-docker-compose down
-```
-
-Data are completely gone but you can ever start from the base GeoServer Data Directory built for Geonode.
-
-#### Data directory versions
-
-There has to be a correspondence one-to-one between the data directory version and the tag of the GeoServer image used in the Docker compose file. So at the end you can consume these images below:
-
-* **2.9.x**: [geonode/geoserver_data:2.9.x](https://hub.docker.com/r/geonode/geoserver_data/builds/bsus6alnddg4bc7icwymevp/)
-* **2.9.x-oauth2**: [geonode/geoserver_data:2.9.x-oauth2](https://hub.docker.com/r/geonode/geoserver_data/builds/bwkxcupsunvuitzusi9gsnt/)
-* **2.10.x**: [geonode/geoserver_data:2.10.x](https://hub.docker.com/r/geonode/geoserver_data/builds/b5jqhpzapkqxzyevjizccug/)
-* **2.12.x**: [geonode/geoserver_data:2.12.x](https://hub.docker.com/r/geonode/geoserver_data/builds/byaaalw3lnasunpveyg3x4i/)
-* **2.13.x**: [geonode/geoserver_data:2.13.x](https://hub.docker.com/r/geonode/geoserver_data/builds/bunuqzq7a7dk65iumjhkbtc/)
-* **2.14.x**: [geonode/geoserver_data:2.14.x](https://hub.docker.com/r/geonode/geoserver_data/builds/blpdjzkrv7pm3stunzpn4pp/)
-
-### Database
-
-GeoServer recommends the usage of a spatial database
-
-#### PostGIS container (PostgreSQL + GIS Extension)
-
-If you want to use a [PostGIS](http://postgis.org/) container, you can link it to this image. You're free to use any PostGIS container.
-An example with [kartooza/postgis](https://registry.hub.docker.com/u/kartoza/postgis/) image:
-
-```bash
-$ docker run -d --name="postgis" kartoza/postgis
-```
-
-For further information see [kartooza/postgis](https://registry.hub.docker.com/u/kartoza/postgis/).
-
-Now start the GeoServer instance by adding the `--link` option to the docker run command:
-
-```bash
---link postgis:postgis
-```
diff --git a/scripts/docker/geoserver/docker-compose.yml b/scripts/docker/geoserver/docker-compose.yml
deleted file mode 100644
index 5f3dc1cf34e..00000000000
--- a/scripts/docker/geoserver/docker-compose.yml
+++ /dev/null
@@ -1,61 +0,0 @@
-version: '3.9'
-
-services:
-
-  postgis:
-    image: geonode/postgis:13
-    ports:
-      - "25432:5432"
-    volumes:
-      - /srv/docker/geoserver/postgis:/var/lib/postgresql
-    #volumes_from:
-      #- pgstore
-    healthcheck:
-      test: "pg_isready -d postgres -U postgres"
-    restart: on-failure
-
-  geoserver:
-    image: geonode/geoserver:2.23.0
-    build:
-      context: .
-      args:
-        - DOCKERHOST
-        - GEONODE_HOST_IP
-        - PUBLIC_PORT=80
-    links:
-      - postgis
-    ports:
-      - "8080:8080"
-    volumes:
-      - /geoserver_data/data
-    environment:
-      - DOCKERHOST
-      - GEONODE_HOST_IP
-      - PUBLIC_PORT=80
-      - DOCKER_HOST_IP
-      - DJANGO_URL=http://localhost/
-    depends_on:
-      postgis:
-        condition: service_completed_successfully
-      data-dir-conf:
-        condition: service_healthy
-    healthcheck:
-      test: curl --fail -s http://localhost:8080/geoserver/rest/workspaces/geonode.html || exit 1
-      interval: 1m30s
-      timeout: 10s
-      retries: 3
-    restart: on-failure
-
-  data-dir-conf:
-    image: geonode/geoserver_data:2.23.0
-    container_name: geoserver_data_dir # named data container
-    entrypoint: sleep infinity
-    volumes:
-      - /geoserver_data/data
-    healthcheck:
-      test: "ls -A '/geoserver_data/data' | wc -l"
-    restart: on-failure
-
-volumes:
-  # reference to the named data container that holds the preloaded geoserver data directory
-  geoserver_data_dir:
\ No newline at end of file
diff --git a/scripts/docker/geoserver/entrypoint.sh b/scripts/docker/geoserver/entrypoint.sh
deleted file mode 100644
index f9af5f42024..00000000000
--- a/scripts/docker/geoserver/entrypoint.sh
+++ /dev/null
@@ -1,152 +0,0 @@
-#!/bin/bash
-set -e
-
-source /root/.bashrc
-
-# control the value of DOCKER_HOST_IP variable
-if [ -z ${DOCKER_HOST_IP} ]
-then
-
-    echo "DOCKER_HOST_IP is empty so I'll run the python utility \n"
-    echo export DOCKER_HOST_IP=`python3 /usr/local/tomcat/tmp/get_dockerhost_ip.py` >> /root/.override_env
-    echo "The calculated value is now DOCKER_HOST_IP='$DOCKER_HOST_IP' \n"
-
-else
-
-    echo "DOCKER_HOST_IP is filled so I'll leave the found value '$DOCKER_HOST_IP' \n"
-
-fi
-
-# control the values of LB settings if present
-if [ ${GEONODE_LB_HOST_IP} ]
-then
-
-    echo "GEONODE_LB_HOST_IP is filled so I replace the value of '$DOCKER_HOST_IP' with '$GEONODE_LB_HOST_IP' \n"
-    echo export DOCKER_HOST_IP=${GEONODE_LB_HOST_IP} >> /root/.override_env
-
-fi
-
-if [ ${GEONODE_LB_PORT} ]
-then
-
-    echo "GEONODE_LB_PORT is filled so I replace the value of '$PUBLIC_PORT' with '$GEONODE_LB_PORT' \n"
-    echo export PUBLIC_PORT=${GEONODE_LB_PORT} >> /root/.override_env
-
-fi
-
-if [ ! -z "${GEOSERVER_JAVA_OPTS}" ]
-then
-
-    echo "GEOSERVER_JAVA_OPTS is filled so I replace the value of '$JAVA_OPTS' with '$GEOSERVER_JAVA_OPTS' \n"
-    JAVA_OPTS=${GEOSERVER_JAVA_OPTS}
-
-fi
-
-# control the value of NGINX_BASE_URL variable
-if [ -z `echo ${NGINX_BASE_URL} | sed 's/http:\/\/\([^:]*\).*/\1/'` ]
-then
-    echo "NGINX_BASE_URL is empty so I'll use the static nginx hostname \n"
-    # echo export NGINX_BASE_URL=`python3 /usr/local/tomcat/tmp/get_nginxhost_ip.py` >> /root/.override_env
-    # TODO rework get_nginxhost_ip to get URL with static hostname from nginx service name
-    # + exposed port of that container i.e. http://geonode:80
-    echo export NGINX_BASE_URL=http://geonode:80 >> /root/.override_env
-    echo "The calculated value is now NGINX_BASE_URL='$NGINX_BASE_URL' \n"
-else
-    echo "NGINX_BASE_URL is filled so I'll leave the found value '$NGINX_BASE_URL' \n"
-fi
-
-# set basic tagname
-TAGNAME=( "baseUrl" )
-
-if ! [ -f ${GEOSERVER_DATA_DIR}/security/auth/geonodeAuthProvider/config.xml ]
-then
-
-    echo "Configuration file '$GEOSERVER_DATA_DIR'/security/auth/geonodeAuthProvider/config.xml is not available so it is gone to skip \n"
-
-else
-
-    # backup geonodeAuthProvider config.xml
-    cp ${GEOSERVER_DATA_DIR}/security/auth/geonodeAuthProvider/config.xml ${GEOSERVER_DATA_DIR}/security/auth/geonodeAuthProvider/config.xml.orig
-    # run the setting script for geonodeAuthProvider
-    /usr/local/tomcat/tmp/set_geoserver_auth.sh ${GEOSERVER_DATA_DIR}/security/auth/geonodeAuthProvider/config.xml ${GEOSERVER_DATA_DIR}/security/auth/geonodeAuthProvider/ ${TAGNAME} > /dev/null 2>&1
-
-fi
-
-# backup geonode REST role service config.xml
-cp "${GEOSERVER_DATA_DIR}/security/role/geonode REST role service/config.xml" "${GEOSERVER_DATA_DIR}/security/role/geonode REST role service/config.xml.orig"
-# run the setting script for geonode REST role service
-/usr/local/tomcat/tmp/set_geoserver_auth.sh "${GEOSERVER_DATA_DIR}/security/role/geonode REST role service/config.xml" "${GEOSERVER_DATA_DIR}/security/role/geonode REST role service/" ${TAGNAME} > /dev/null 2>&1
-
-# set oauth2 filter tagname
-TAGNAME=( "accessTokenUri" "userAuthorizationUri" "redirectUri" "checkTokenEndpointUrl" "logoutUri" )
-
-# backup geonode-oauth2 config.xml
-cp ${GEOSERVER_DATA_DIR}/security/filter/geonode-oauth2/config.xml ${GEOSERVER_DATA_DIR}/security/filter/geonode-oauth2/config.xml.orig
-# run the setting script for geonode-oauth2
-/usr/local/tomcat/tmp/set_geoserver_auth.sh ${GEOSERVER_DATA_DIR}/security/filter/geonode-oauth2/config.xml ${GEOSERVER_DATA_DIR}/security/filter/geonode-oauth2/ "${TAGNAME[@]}" > /dev/null 2>&1
-
-# set global tagname
-TAGNAME=( "proxyBaseUrl" )
-
-# backup global.xml
-cp ${GEOSERVER_DATA_DIR}/global.xml ${GEOSERVER_DATA_DIR}/global.xml.orig
-# run the setting script for global configuration
-/usr/local/tomcat/tmp/set_geoserver_auth.sh ${GEOSERVER_DATA_DIR}/global.xml ${GEOSERVER_DATA_DIR}/ ${TAGNAME} > /dev/null 2>&1
-
-# set correct amqp broker url
-sed -i -e 's/localhost/rabbitmq/g' ${GEOSERVER_DATA_DIR}/notifier/notifier.xml
-
-# exclude wrong dependencies
-sed -i -e 's/xom-\*\.jar/xom-\*\.jar,bcprov\*\.jar/g' /usr/local/tomcat/conf/catalina.properties
-
-# J2 templating for this docker image we should also do it for other configuration files in /usr/local/tomcat/tmp
-
-declare -a geoserver_datadir_template_dirs=("geofence")
-
-for template in in ${geoserver_datadir_template_dirs[*]}; do
-    #Geofence templates
-    if [ "$template" == "geofence" ]; then
-      cp -R /templates/$template/* ${GEOSERVER_DATA_DIR}/geofence
-
-      for f in $(find ${GEOSERVER_DATA_DIR}/geofence/ -type f -name "*.j2"); do
-          echo -e "Evaluating template\n\tSource: $f\n\tDest: ${f%.j2}"
-          /usr/local/bin/j2 $f > ${f%.j2}
-          rm -f $f
-      done
-
-    fi
-done
-
-# configure CORS (inspired by https://github.com/oscarfonts/docker-geoserver)
-# if enabled, this will add the filter definitions
-# to the end of the web.xml
-# (this will only happen if our filter has not yet been added before)
-if [ "${GEOSERVER_CORS_ENABLED}" = "true" ] || [ "${GEOSERVER_CORS_ENABLED}" = "True" ]; then
-  if ! grep -q DockerGeoServerCorsFilter "$CATALINA_HOME/webapps/geoserver/WEB-INF/web.xml"; then
-    echo "Enable CORS for $CATALINA_HOME/webapps/geoserver/WEB-INF/web.xml"
-    sed -i "\:</web-app>:i\\
-    <filter>\n\
-      <filter-name>DockerGeoServerCorsFilter</filter-name>\n\
-      <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>\n\
-      <init-param>\n\
-          <param-name>cors.allowed.origins</param-name>\n\
-          <param-value>${GEOSERVER_CORS_ALLOWED_ORIGINS}</param-value>\n\
-      </init-param>\n\
-      <init-param>\n\
-          <param-name>cors.allowed.methods</param-name>\n\
-          <param-value>${GEOSERVER_CORS_ALLOWED_METHODS}</param-value>\n\
-      </init-param>\n\
-      <init-param>\n\
-        <param-name>cors.allowed.headers</param-name>\n\
-        <param-value>${GEOSERVER_CORS_ALLOWED_HEADERS}</param-value>\n\
-      </init-param>\n\
-    </filter>\n\
-    <filter-mapping>\n\
-      <filter-name>DockerGeoServerCorsFilter</filter-name>\n\
-      <url-pattern>/*</url-pattern>\n\
-    </filter-mapping>" "$CATALINA_HOME/webapps/geoserver/WEB-INF/web.xml";
-  fi
-fi
-
-# start tomcat
-exec env JAVA_OPTS="${JAVA_OPTS}" catalina.sh run
\ No newline at end of file
diff --git a/scripts/docker/geoserver/get_dockerhost_ip.py b/scripts/docker/geoserver/get_dockerhost_ip.py
deleted file mode 100644
index 7b5a42ed310..00000000000
--- a/scripts/docker/geoserver/get_dockerhost_ip.py
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/usr/bin/env python3
-
-import logging
-
-import docker
-
-BOOTSTRAP_IMAGE_CHEIP = 'codenvy/che-ip:nightly'
-# AF: why call before definition? print _docker_host_ip()
-
-def _docker_host_ip():
-    client = docker.from_env()
-    ip_list = client.containers.run(BOOTSTRAP_IMAGE_CHEIP,
-                                    network_mode='host'
-                                    ).split("\n")
-    if len(ip_list) > 1:
-        logging.info("Docker daemon is running on more than one \
-address {0}".format(ip_list))
-        logging.info("Only the first address:{0} will be returned!".format(
-            ip_list[0]
-        ))
-    else:
-        logging.info("Docker daemon is running at the following \
-address {0}".format(ip_list[0]))
-    return ip_list[0]
diff --git a/scripts/docker/geoserver/get_nginxhost_ip.py b/scripts/docker/geoserver/get_nginxhost_ip.py
deleted file mode 100644
index c6a67d8490d..00000000000
--- a/scripts/docker/geoserver/get_nginxhost_ip.py
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/usr/bin/env python3
-
-import logging
-import os
-
-import docker
-
-client = docker.from_env()
-# print(client.info())
-# TODO avoid this script can fail and fall in the loop where the geoserver
-# service is not available and consequently the nginx too which has geoserver
-# as a reference link
-for network in client.networks.list():
-    if 'geonode' in network.name:
-        geonode_network = network.name
-    else:
-        geonode_network = 'geonode_default'
-
-try:
-    containers = {
-        c.attrs['Config']['Image']: c.attrs['NetworkSettings']['\
-Networks'][geonode_network]['\
-IPAddress'] for c in client.containers.list() if c.status in 'running'
-    }
-    for item in containers.items():
-        if "geonode/nginx" in item[0]:
-            ipaddr = item[1]
-
-    try:
-        os.environ["NGINX_BASE_URL"] = "http://" + ipaddr + ":" + "80"
-        nginx_base_url = "http://{}:80".format(ipaddr)
-    except NameError as er:
-        logging.info("NGINX container is not running maybe exited! Running\
-containers are:{0}".format(containers))
-except KeyError as ke:
-    logging.info("There has been a problem with the docker\
-network which has raised the following exception: {0}".format(ke))
-else:
-    # nginx_base_url = None
-    pass
-finally:
-    try:
-        print(nginx_base_url)
-    except NameError as ne:
-        print("http://geonode:80")
diff --git a/scripts/docker/geoserver/multidump-alt.sh b/scripts/docker/geoserver/multidump-alt.sh
deleted file mode 100644
index cc237e17bec..00000000000
--- a/scripts/docker/geoserver/multidump-alt.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/sh
-
-if [ $# -ne 3 ]; then
-    echo "Usage: $0 pid interval count"
-    exit 1
-fi
-
-PID=$1
-INTERVAL=$2
-COUNT=$3
-
-top -bH -d $INTERVAL -n $COUNT -p $PID >> top.out 2>&1 &
-for i in `seq $COUNT`; do
-    kill -3 $PID
-    sleep $INTERVAL
-done
diff --git a/scripts/docker/geoserver/multidump.sh b/scripts/docker/geoserver/multidump.sh
deleted file mode 100644
index 21dfd2ba660..00000000000
--- a/scripts/docker/geoserver/multidump.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/sh
-
-if [ $# -ne 3 ]; then
-    echo "Usage: $0 pid interval count"
-    exit 1
-fi
-
-PID=$1
-INTERVAL=$2
-COUNT=$3
-
-top -bH -d $INTERVAL -n $COUNT -p $PID >> top.out 2>&1 &
-for i in `seq $COUNT`; do
-    echo "stack trace $i of $COUNT" >> jstack.out
-    jstack -l $PID >> jstack.out
-    echo "--------------------" >> jstack.out
-    sleep $INTERVAL
-done
diff --git a/scripts/docker/geoserver/requirements.txt b/scripts/docker/geoserver/requirements.txt
deleted file mode 100644
index 0b31242fdae..00000000000
--- a/scripts/docker/geoserver/requirements.txt
+++ /dev/null
@@ -1 +0,0 @@
-docker==3.1.1
diff --git a/scripts/docker/geoserver/set_geoserver_auth.sh b/scripts/docker/geoserver/set_geoserver_auth.sh
deleted file mode 100644
index 27dd11ef54e..00000000000
--- a/scripts/docker/geoserver/set_geoserver_auth.sh
+++ /dev/null
@@ -1,91 +0,0 @@
-#!/bin/bash
-
-auth_conf_source="$1"
-auth_conf_target="$2"
-# Creating a temporary file for sed to write the changes to
-temp_file="xml.tmp"
-touch $temp_file
-
-source /root/.bashrc
-source /root/.override_env
-
-test -z "$auth_conf_source" && echo "You must specify a source file" && exit 1
-test -z "$auth_conf_target" && echo "You must specify a target conf directory" && exit 1
-
-test ! -f "$auth_conf_source" && echo "Source $auth_conf_source does not exist or is not a file" && exit 1
-test ! -d "$auth_conf_target" && echo "Target directory $auth_conf_target does not exist or is not a directory" && exit 1
-
-# for debugging
-echo -e "NGINX_BASE_URL=${NGINX_BASE_URL}\n"
-if [ "$PUBLIC_PORT" == "443" ]; then
-    SUBSTITUTION_URL="https://${DOCKER_HOST_IP}"
-    if [ "$PUBLIC_PORT" != "443" ]; then
-        SUBSTITUTION_URL="https://${DOCKER_HOST_IP}:${PUBLIC_PORT}"
-    fi
-else
-    SUBSTITUTION_URL="http://${DOCKER_HOST_IP}"
-    if [ "$PUBLIC_PORT" != "80" ]; then
-        SUBSTITUTION_URL="http://${DOCKER_HOST_IP}:${PUBLIC_PORT}"
-    fi
-fi
-
-echo -e "SUBSTITUTION_URL=$SUBSTITUTION_URL\n"
-echo -e "auth_conf_source=$auth_conf_source\n"
-echo -e "auth_conf_target=$auth_conf_target\n"
-
-# Elegance is the key -> adding an empty last line for Mr. “sed” to pick up
-echo " " >> "$auth_conf_source"
-
-cat "$auth_conf_source"
-
-tagname=( ${@:3:5} )
-
-# for debugging
-for i in "${tagname[@]}"
-do
-   echo "tagname=<$i>"
-done
-
-echo "DEBUG: Starting... [Ok]\n"
-
-for i in "${tagname[@]}"
-do
-    echo "DEBUG: Working on '$auth_conf_source' for tagname <$i>"
-    # Extracting the value from the <$tagname> element
-    # echo -ne "<$i>$tagvalue</$i>" | xmlstarlet sel -t -m "//a" -v . -n
-    tagvalue=`grep "<$i>.*<.$i>" "$auth_conf_source" | sed -e "s/^.*<$i/<$i/" | cut -f2 -d">"| cut -f1 -d"<"`
-
-    echo "DEBUG: Found the current value for the element <$i> - '$tagvalue'"
-
-    # Setting new substituted value
-    case $i in
-        proxyBaseUrl )
-            if [ ${GEONODE_LB_HOST_IP} ]
-            then
-                echo "DEBUG: Editing '$auth_conf_source' for tagname <$i> and replacing its value with '$SUBSTITUTION_URL'"
-                newvalue=`echo -ne "$tagvalue" | sed -re "s@http://localhost(:8.*0)@$SUBSTITUTION_URL@"`
-            else
-                echo "DEBUG: Editing '$auth_conf_source' for tagname <$i> and replacing its value with '$NGINX_BASE_URL'"
-                newvalue=`echo -ne "$tagvalue" | sed -re "s@http://localhost(:8.*0)@$NGINX_BASE_URL@"`
-            fi;;
-        accessTokenUri | checkTokenEndpointUrl | baseUrl )
-            echo "DEBUG: Editing '$auth_conf_source' for tagname <$i> and replacing its value with '$NGINX_BASE_URL'"
-            newvalue=`echo -ne "$tagvalue" | sed -re "s@http://localhost(:8.*0)@$NGINX_BASE_URL@"`;;
-        userAuthorizationUri | redirectUri | logoutUri )
-            echo "DEBUG: Editing '$auth_conf_source' for tagname <$i> and replacing its value with '$SUBSTITUTION_URL'"
-            newvalue=`echo -ne "$tagvalue" | sed -re "s@http://localhost(:8.*0)@$SUBSTITUTION_URL@"`;;
-        *) echo -n "an unknown variable has been found";;
-    esac
-
-    echo "DEBUG: Found the new value for the element <$i> - '$newvalue'"
-    # Replacing element’s value with $SUBSTITUTION_URL
-    # echo -ne "<$i>$tagvalue</$i>" | xmlstarlet sel -t -m "//a" -v . -n
-    sed -e "s@<$i>$tagvalue<\/$i>@<$i>$newvalue<\/$i>@g" "$auth_conf_source" > "$temp_file"
-    cp "$temp_file" "$auth_conf_source"
-done
-# Writing our changes back to the original file ($auth_conf_source)
-# no longer needed
-# mv $temp_file $auth_conf_source
-
-echo "DEBUG: Finished... [Ok] --- Final xml file is \n"
-cat "$auth_conf_source"
diff --git a/scripts/docker/geoserver/setup_auth.sh b/scripts/docker/geoserver/setup_auth.sh
deleted file mode 100644
index 6f9373b978c..00000000000
--- a/scripts/docker/geoserver/setup_auth.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-sed -i.bak 's@<baseUrl>\([^<][^<]*\)</baseUrl>@<baseUrl>'"$DJANGO_URL"'</baseUrl>@'\
-           /geoserver_data/data/security/auth/geonodeAuthProvider/config.xml
\ No newline at end of file
diff --git a/scripts/docker/geoserver/templates/geofence/geofence-datasource-ovr.properties.j2 b/scripts/docker/geoserver/templates/geofence/geofence-datasource-ovr.properties.j2
deleted file mode 100644
index 7b18d3e55f3..00000000000
--- a/scripts/docker/geoserver/templates/geofence/geofence-datasource-ovr.properties.j2
+++ /dev/null
@@ -1,12 +0,0 @@
-geofenceVendorAdapter.databasePlatform=org.hibernatespatial.postgis.PostgisDialect
-geofenceDataSource.driverClassName=org.postgresql.Driver
-geofenceDataSource.url=jdbc:postgresql://{{ DATABASE_HOST }}:{{ DATABASE_PORT }}/{{ GEONODE_GEODATABASE }}
-geofenceDataSource.username={{ GEONODE_GEODATABASE }}
-geofenceDataSource.password={{ GEONODE_GEODATABASE_PASSWORD }}
-geofenceEntityManagerFactory.jpaPropertyMap[hibernate.default_schema]={{ GEONODE_GEODATABASE_SCHEMA }}
-
-# avoid hibernate transaction issues
-geofenceDataSource.testOnBorrow=true
-geofenceDataSource.validationQuery=SELECT 1
-geofenceEntityManagerFactory.jpaPropertyMap[hibernate.testOnBorrow]=true
-geofenceEntityManagerFactory.jpaPropertyMap[hibernate.validationQuery]=SELECT 1
\ No newline at end of file