fix: enable dependency uploads without login

[kacperklosowski]

Description

Before the auth implementation, uploading a dependency file didn't require login. This behavior is also described in project-prd.md under US-002, with no mention of authentication.

Current state:

The auth PR introduced PUBLIC_PATHS, but it looks like the upload-dependencies endpoint was missed. This PR fixes that by marking it as public - no login required.

If uploading dependencies should require login, then we should either:

• Hide the upload button for unauthenticated users
• Or at least communicate that login is required before allowing the action

If we agree this endpoint should stay public, then this PR is good to go 🟢.

I haven’t added any RATE_LIMIT_CONFIG for this endpoint. If you think we should add something lightweight (e.g. 1 upload every 5 seconds), let me know and I’ll include it.

Br,
Kacper

Roadmap alignment

• I have opened an issue first and received approval before working on this PR.

Type of change

• Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

• Manual Tests
• Unit Tests
• E2E Tests

[psmyrdek]

Great finding @kacperklosowski - feel free to include basic rate limit for the endpoint and we'll be good to go.

[kacperklosowski]

@psmyrdek rate limiting was added (as proposed in PR - 1 upload every 5s) :)

[psmyrdek]

@all-contributors add @kacperklosowski for code

[allcontributors]

@psmyrdek

I've put up a pull request to add @kacperklosowski! 🎉

[psmyrdek]

GJ

[kacperklosowski]

Hi @psmyrdek, looks like my changes were not deployed to production (master merge didn't trigger the deploy job).

Could you please do that? :)