…recations

- conftest.py: Base.metadata.create_all() before tests, drop_all() after
- schemas/auth.py: ConfigDict replaces class-based Config (Pydantic v2)
- schemas/result.py: ConfigDict replaces class-based Config (Pydantic v2)
- database.py: declarative_base() from sqlalchemy.orm (SQLAlchemy 2.0)

All 3 tests should now pass with 0 warnings

- actions/checkout → v4.2.2
- actions/setup-python → v5.3.0
- actions/setup-node → v4.1.0
- actions/cache → v4.2.0
- docker/setup-buildx-action → v3.7.1
- docker/build-push-action → v6.9.0
- docker/login-action → v3.3.0
- Add FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true

feat: GitHub Actions CI pipeline — pytest + ESLint + Trivy

Trivy was blocking on OS-level CVEs with no available fix.
- ignore-unfixed: true skips CVEs where no patch exists yet
- .trivyignore: empty file ready for future CVE exceptions
- vuln-type: os,library for complete coverage

Security gate still blocks on fixable CRITICAL CVEs

Trivy CRITICAL finding: CVE-2024-33663
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA
Fixed in python-jose 3.4.0
https://avd.aquasec.com/nvd/cve-2024-33663

- python-jose==3.4.0: fixes CVE-2024-33663 (algorithm confusion)
- SQLAlchemy==2.0.36: avoids Docker pip mirror lag on 2.0.49
- Removed unused transitive dependencies
- Added python-multipart==0.0.20 for FastAPI form support

- fastapi==0.115.12 + starlette compatible version
- sqlalchemy==2.0.41 (latest stable, available on all pip mirrors)
- Added httpx and pytest to requirements for CI test runner
- Removed version conflicts between starlette/fastapi/pydantic

feat: GitHub Actions CI/CD pipeline — Week 5 complete