From 3e9a930a26954f245dd982f7331b00c1e6924a06 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Nov 2025 13:43:55 +0000
Subject: [PATCH] Bump bcrypt from 4.3.0 to 5.0.0 in /backend (#1402)

Bumps [bcrypt](https://github.com/pyca/bcrypt) from 4.3.0 to 5.0.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/bcrypt/blob/main/CHANGELOG.rst">bcrypt's
changelog</a>.</em></p>
<blockquote>
<h2>5.0.0</h2>
<ul>
<li>Bumped MSRV to 1.74.</li>
<li>Added support for Python 3.14 and free-threaded Python 3.14.</li>
<li>Added support for Windows on ARM.</li>
<li>Passing <code>hashpw</code> a password longer than 72 bytes now
raises a
<code>ValueError</code>. Previously the password was silently truncated,
following the
behavior of the original OpenBSD <code>bcrypt</code>
implementation.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pyca/bcrypt/commit/5060bce7e6c27f55e89d5b0d22b7ae0437a362f7"><code>5060bce</code></a>
5.0.0 release (<a
href="https://redirect.github.com/pyca/bcrypt/issues/1078">#1078</a>)</li>
<li><a
href="https://github.com/pyca/bcrypt/commit/e43f568265df7e1aabbaddccc336dbf3ea675df8"><code>e43f568</code></a>
Bump actions/cache from 4.2.4 to 4.3.0 (<a
href="https://redirect.github.com/pyca/bcrypt/issues/1077">#1077</a>)</li>
<li><a
href="https://github.com/pyca/bcrypt/commit/fc9f680a96a0d8e9df4c5a1a4d991fd961a90adb"><code>fc9f680</code></a>
Bump libc from 0.2.175 to 0.2.176 in /src/_bcrypt (<a
href="https://redirect.github.com/pyca/bcrypt/issues/1075">#1075</a>)</li>
<li><a
href="https://github.com/pyca/bcrypt/commit/633f46fbb33d8abfe5b9cb0c12eed79878fbff06"><code>633f46f</code></a>
Add support for Python 3.14 (<a
href="https://redirect.github.com/pyca/bcrypt/issues/1073">#1073</a>)</li>
<li><a
href="https://github.com/pyca/bcrypt/commit/a2fefbbcff8d46cfd00efa8d2c13956b388d6bec"><code>a2fefbb</code></a>
Remove pypy310 builds (<a
href="https://redirect.github.com/pyca/bcrypt/issues/1074">#1074</a>)</li>
<li><a
href="https://github.com/pyca/bcrypt/commit/f60707e18f3f9728f2c6f4ce97fb8fc90721c7d3"><code>f60707e</code></a>
Bump wasi from 0.14.5+wasi-0.2.4 to 0.14.7+wasi-0.2.4 in /src/_bcrypt
(<a
href="https://redirect.github.com/pyca/bcrypt/issues/1071">#1071</a>)</li>
<li><a
href="https://github.com/pyca/bcrypt/commit/c790eed8fa205403e1ea0587cf9178e866c940f3"><code>c790eed</code></a>
Bump unicode-ident from 1.0.18 to 1.0.19 in /src/_bcrypt (<a
href="https://redirect.github.com/pyca/bcrypt/issues/1070">#1070</a>)</li>
<li><a
href="https://github.com/pyca/bcrypt/commit/122cbdc6895fd70c044a2f4ad7845c2a56b93096"><code>122cbdc</code></a>
Bump target-lexicon from 0.13.2 to 0.13.3 in /src/_bcrypt (<a
href="https://redirect.github.com/pyca/bcrypt/issues/1069">#1069</a>)</li>
<li><a
href="https://github.com/pyca/bcrypt/commit/2bd208d6c5cadba2f983280ec21cc8cf977904d0"><code>2bd208d</code></a>
Bump wasi from 0.14.4+wasi-0.2.4 to 0.14.5+wasi-0.2.4 in /src/_bcrypt
(<a
href="https://redirect.github.com/pyca/bcrypt/issues/1068">#1068</a>)</li>
<li><a
href="https://github.com/pyca/bcrypt/commit/e1aa9e883090e0267bd7b38964fe852f70a99b88"><code>e1aa9e8</code></a>
remove poinless cargo cache paths from CI (<a
href="https://redirect.github.com/pyca/bcrypt/issues/1067">#1067</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pyca/bcrypt/compare/4.3.0...5.0.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=bcrypt&package-manager=uv&previous-version=4.3.0&new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 backend/pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/pyproject.toml b/backend/pyproject.toml
index cce6a200..e2bcfa7a 100644
--- a/backend/pyproject.toml
+++ b/backend/pyproject.toml
@@ -7,7 +7,7 @@ dependencies = [
     "aiohttp==3.12.14",
     "aiopg==1.4.0",
     "alembic==1.16.1",
-    "bcrypt==4.3.0",
+    "bcrypt==5.0.0",
     "click==8.2.0",
     "databases[asyncpg]<=0.8.0",
     "fastapi==0.116.0",