chore(deps): bump tower-sessions from 0.14.0 to 0.15.0

[dependabot]

Bumps tower-sessions from 0.14.0 to 0.15.0.

Release notes

Sourced from tower-sessions's releases.

v0.15.0

What's Changed

• Update rand to v0.9. #238
• Fix memory ordering race. #254

New Contributors

• @​Sycration made their first contribution in maxcountryman/tower-sessions#238
• @​jalil-salame made their first contribution in maxcountryman/tower-sessions#247
• @​benwilber made their first contribution in maxcountryman/tower-sessions#250
• @​jonasmalacofilho made their first contribution in maxcountryman/tower-sessions#254

Full Changelog: maxcountryman/tower-sessions@v0.14.0...v0.15.0

Changelog

Sourced from tower-sessions's changelog.

0.15.0

• Update rand to v0.9. #238
• Fix memory ordering race. #254

Commits

• 92ad026 mark v0.15.0
• 3cd7a25 Insert/remove session data before release-update to is_modified
• 7800836 Add tower-sessions-cookie-store to the README
• 5ea8112 Update mockall requirement from 0.13.0 to 0.14.0
• 9acb2d1 fix: clippy lints
• 9ad9533 fix(tower-sessions-core): disable parking_lot serde feature
• 81105af Update rand
• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[sharkAndshark]

@evan-zhang11

[evan-zhang11]

❌ CI Failed - Version Conflict

This PR causes a compilation error due to dependency conflict:

error[E0308]: mismatched types
  --> backend/src/routes.rs:61:66
   |
61 |         AuthManagerLayerBuilder::new(state.auth_backend.clone(), session_layer).build();
   |                                     ----------------------------             ^^^^^^^^^^^^^^ expected `SessionManagerLayer<_, _>`, found `SessionManagerLayer<DuckDBStore>`
   |                                     |
   |                                     arguments to this function are incorrect
   |
   = note: there are multiple different versions of crate `tower_sessions` in the dependency graph

Root Cause: axum-login 0.18.0 depends on tower-sessions 0.14.0. Updating tower-sessions to 0.15.0 creates a version mismatch.

Solutions:

1. Wait for axum-login to release a version compatible with tower-sessions 0.15.0
2. Or close this PR and reopen when dependencies are aligned

Recommend closing this PR until the dependency ecosystem is ready for this upgrade.

[evan-zhang11]

⚠️ CI Status: Failing - Please address before merge

Failed Checks:

• ❌ backend_clippy (7m25s)
• ❌ backend_compile_clean (7m19s)
• ❌ backend_postgis_integration (7m39s)
• ❌ backend_tests (7m46s)
• ❌ frontend_e2e (8m48s)

Passed Checks:

• ✅ backend_fmt, dependency-review, frontend_unit

Note: This PR bumps tower-sessions from 0.14.0 to 0.15.0, which has been known to cause conflicts with axum-login as noted in issue #68.

Recommendation:
Please investigate and fix the failing CI checks. This dependency update may require additional compatibility adjustments beyond just version bumping.