Skip to content

chore(deps): update bcrypt requirement from <5,>=4.2.1 to >=4.2.1,<6 in /backend#1

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/backend/bcrypt-5.0.0
Open

chore(deps): update bcrypt requirement from <5,>=4.2.1 to >=4.2.1,<6 in /backend#1
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/backend/bcrypt-5.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown

Updates the requirements on bcrypt to permit the latest version.

Changelog

Sourced from bcrypt's changelog.

5.0.0

  • Bumped MSRV to 1.74.
  • Added support for Python 3.14 and free-threaded Python 3.14.
  • Added support for Windows on ARM.
  • Passing hashpw a password longer than 72 bytes now raises a ValueError. Previously the password was silently truncated, following the behavior of the original OpenBSD bcrypt implementation.

4.3.0

  • Dropped support for Python 3.7.
  • We now support free-threaded Python 3.13.
  • We now support PyPy 3.11.
  • We now publish wheels for free-threaded Python 3.13, for PyPy 3.11 on manylinux, and for ARMv7l on manylinux.

4.2.1

  • Bump Rust dependency versions - this should resolve crashes on Python 3.13 free-threaded builds.
  • We no longer build manylinux wheels for PyPy 3.9.

4.2.0

  • Bump Rust dependency versions
  • Removed the BCRYPT_ALLOW_RUST_163 environment variable.

4.1.3

  • Bump Rust dependency versions

4.1.2

  • Publish both py37 and py39 wheels. This should resolve some errors relating to initializing a module multiple times per process.

4.1.1

  • Fixed the type signature on the kdf method.
  • Fixed packaging bug on Windows.
  • Fixed incompatibility with passlib package detection assumptions.

... (truncated)

Commits

@dependabot @github

dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: dependencies, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

ardamoustafa1 added a commit that referenced this pull request Jun 22, 2026
Updates the requirements on [bcrypt](https://github.com/pyca/bcrypt) to permit the latest version.
- [Changelog](https://github.com/pyca/bcrypt/blob/main/CHANGELOG.rst)
- [Commits](pyca/bcrypt@4.2.1...5.0.0)

---
updated-dependencies:
- dependency-name: bcrypt
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump bcrypt from 4.0.1 to 5.0.0 in /backend chore(deps): update bcrypt requirement from <5,>=4.2.1 to >=4.2.1,<6 in /backend Jun 22, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/backend/bcrypt-5.0.0 branch from a0174f5 to fa6754c Compare June 22, 2026 11:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants