chore(all): bump tailwindcss from 4.1.7 to 4.1.8

Bumps [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) from 4.1.7 to 4.1.8.
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.1.8/packages/tailwindcss)

---
updated-dependencies:
- dependency-name: tailwindcss
  dependency-version: 4.1.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Author: dependabot[bot]

package-lock.json

@@ -26,21 +26,25 @@ To perform the initial setup of the database, use the following endpoint:
 
 **For SQLite:**
 The server will automatically manage the database file location. The request body should be:
+
 ```json
 {
   "type": "sqlite"
 }
 ```
+
 The SQLite database file will be created and stored at: `services/backend/persistent_data/database/deploystack.db`.
 
 **For PostgreSQL:**
 The request body should be:
+
 ```json
 {
   "type": "postgres",
   "connectionString": "postgresql://username:password@host:port/mydatabase"
 }
 ```
+
 Replace the `connectionString` with your actual PostgreSQL connection URI.
 
 **Important:** After the initial database setup via this API, you **must restart the backend server** for the changes to take full effect and for the application to connect to the newly configured database.
@@ -168,6 +172,7 @@ You can inspect the SQLite database directly using various tools:
   ```bash
   sqlite3 services/backend/persistent_data/database/deploystack.db
   ```
+
   (Assuming the command is run from the project root directory)
 
 - **Visual Tools**: [DB Browser for SQLite](https://sqlitebrowser.org/) or VSCode extensions like SQLite Viewer

services/backend/DB.md

@@ -84,10 +84,12 @@ services/backend/
 The `services/backend/persistent_data/` directory is designated for storing all data that needs to persist across application restarts or deployments.
 
 **Purpose:**
+
 - To provide a single, consistent location for all persistent backend data.
 - When developing backend features that require data persistence (e.g., database files, configuration files that should not be in version control but are generated/modified at runtime), use this directory exclusively.
 
 **Examples of data stored here:**
+
 - SQLite database file (e.g., `persistent_data/database/deploystack.db`)
 - Database selection configuration (e.g., `persistent_data/db.selection.json`)
 

services/backend/README.md

@@ -12,19 +12,19 @@ We will acknowledge receipt of your vulnerability report promptly and work with
 
 User passwords are never stored in plaintext. We employ a strong, adaptive hashing algorithm to protect user credentials.
 
--   **Algorithm:** We will use `argon2id`, which is a part of the Argon2 family of algorithms (Argon2id is generally recommended as it provides resistance against both side-channel attacks and GPU cracking attacks).
--   **Salt Generation:** A unique, cryptographically secure salt is automatically generated for each user's password by the `argon2` library at the time of account creation or password change. This salt is then stored as part of the resulting hash string.
--   **Parameters:** We use appropriate parameters for `argon2` (e.g., memory cost, time cost, and parallelism) to ensure that the hashing process is computationally intensive, making brute-force attacks significantly more difficult. These parameters are chosen to balance security with acceptable performance on our servers and may be adjusted based on hardware improvements over time.
--   **Verification:** During login, the provided password and the stored salt (extracted from the hash string) are used to re-compute the hash. This newly computed hash is then compared against the stored hash in a constant-time manner (handled by the `argon2` library's verify function) to help prevent timing attacks.
+- **Algorithm:** We will use `argon2id`, which is a part of the Argon2 family of algorithms (Argon2id is generally recommended as it provides resistance against both side-channel attacks and GPU cracking attacks).
+- **Salt Generation:** A unique, cryptographically secure salt is automatically generated for each user's password by the `argon2` library at the time of account creation or password change. This salt is then stored as part of the resulting hash string.
+- **Parameters:** We use appropriate parameters for `argon2` (e.g., memory cost, time cost, and parallelism) to ensure that the hashing process is computationally intensive, making brute-force attacks significantly more difficult. These parameters are chosen to balance security with acceptable performance on our servers and may be adjusted based on hardware improvements over time.
+- **Verification:** During login, the provided password and the stored salt (extracted from the hash string) are used to re-compute the hash. This newly computed hash is then compared against the stored hash in a constant-time manner (handled by the `argon2` library's verify function) to help prevent timing attacks.
 
 This approach ensures that even if the database were compromised, recovering the original passwords would be computationally infeasible.
 
 ## Session Management
 
 User sessions are managed using `lucia-auth`.
 
--   Session identifiers are cryptographically random and stored in secure, HTTP-only cookies to prevent XSS attacks from accessing them.
--   Sessions have defined expiration times (both active and idle timeouts) to limit the window of opportunity for session hijacking.
+- Session identifiers are cryptographically random and stored in secure, HTTP-only cookies to prevent XSS attacks from accessing them.
+- Sessions have defined expiration times (both active and idle timeouts) to limit the window of opportunity for session hijacking.
 
 ## Data Validation
 

services/backend/SECURITY.md

@@ -12,19 +12,20 @@
   },
   "dependencies": {
     "@fastify/cookie": "^11.0.2",
+    "@fastify/cors": "^11.0.1",
     "@lucia-auth/adapter-drizzle": "^1.1.0",
     "@node-rs/argon2": "^2.0.2",
     "arctic": "^3.7.0",
     "argon2": "^0.43.0",
     "better-sqlite3": "^11.10.0",
-    "drizzle-orm": "^0.43.1",
+    "drizzle-orm": "^0.44.0",
     "fastify": "^5.3.3",
     "fastify-favicon": "^5.0.0",
     "lucia": "^3.2.2",
     "pg": "^8.16.0",
     "pino": "^9.7.0",
     "pino-pretty": "^13.0.0",
-    "zod": "^3.25.36"
+    "zod": "^3.25.42"
   },
   "devDependencies": {
     "@commitlint/cli": "^19.8.1",

services/backend/package.json

@@ -53,6 +53,7 @@ function generateSchema(dialect: 'sqlite' | 'postgres'): AnySchema {
   const generatedSchema: AnySchema = {};
 
   // Create enum for PostgreSQL auth_type
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
   let authTypeEnum: any = null;
   if (dialect === 'postgres') {
     authTypeEnum = pgEnum('auth_type', authTypeEnumValues);
@@ -331,6 +332,7 @@ export function getSchema(): AnySchema {
 
 // Helper function to safely execute database operations with proper typing
 export function executeDbOperation<T>(
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
   operation: (db: any, schema: any) => Promise<T> | T
 ): Promise<T> | T {
   const db = getDb();

services/backend/src/db/index.ts

@@ -1,7 +1,19 @@
 import { FastifyInstance } from 'fastify'
 import fastifyFavicon from 'fastify-favicon'
+import fastifyCors from '@fastify/cors'
 
 export const registerFastifyPlugins = async (server: FastifyInstance): Promise<void> => {
+  // Register CORS plugin
+  await server.register(fastifyCors, {
+    origin: [
+      'http://localhost:5173', // Vite dev server
+      'http://localhost:3000', // Frontend production (if served from same port)
+      'http://localhost:4173', // Vite preview
+    ],
+    credentials: true,
+    methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS']
+  })
+  
   // Register favicon plugin
   await server.register(fastifyFavicon, {
     path: '../shared/public/img',

services/backend/src/fastify/plugins/index.ts

@@ -9,7 +9,9 @@ import type { BetterSQLite3Database } from 'drizzle-orm/better-sqlite3';
 // These types would ideally be more specific, generated by Drizzle or manually defined
 // to match your authUserTable, authSessionTable structures.
 // For now, using 'any' as a placeholder based on db/index.ts AnySchema.
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
 type AuthUserTable = any; 
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
 type AuthSessionTable = any;
 
 // Cached instances for lazy initialization

services/backend/src/lib/lucia.ts

@@ -1,6 +1,7 @@
+/* eslint-disable @typescript-eslint/no-explicit-any */
 import type { FastifyInstance, FastifyReply } from 'fastify';
 import { getLucia, getGithubAuth } from '../../lib/lucia';
-import { GithubCallbackSchema, type GithubCallbackInput } from './schemas';
+import { type GithubCallbackInput } from './schemas';
 import { getDb, getSchema } from '../../db';
 import { eq } from 'drizzle-orm';
 import { generateId } from 'lucia';

services/backend/src/routes/auth/github.ts

@@ -1,6 +1,6 @@
 import type { FastifyInstance, FastifyReply } from 'fastify';
 import { getLucia } from '../../lib/lucia'; // Corrected import
-import { LoginEmailSchema, type LoginEmailInput } from './schemas';
+import { type LoginEmailInput } from './schemas';
 // argon2 is not directly used here as lucia.useKey handles password verification
 import { verify } from '@node-rs/argon2';
 import { getDb, getSchema } from '../../db';
@@ -23,6 +23,7 @@ export default async function loginEmailRoute(fastify: FastifyInstance) {
         }
 
         // Find user by email or username
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
         const users = await (db as any)
           .select()
           .from(authUserTable)