⬆ Bump bcrypt from 4.3.0 to 5.0.0 in /backend
Open
Number: #9
Type: Pull Request
State: Open
Type: Pull Request
State: Open
Author:
![dependabot[bot]](https://github.com/dependabot.png)
dependabot[bot]
Association: Unknown
Comments: 1
dependabot[bot]Association: Unknown
Comments: 1
Created:
December 16, 2025 at 01:40 PM UTC
(6 months ago)
(6 months ago)
Updated:
December 16, 2025 at 01:40 PM UTC
(6 months ago)
(6 months ago)
Description:
Bumps bcrypt from 4.3.0 to 5.0.0.
Changelog
Sourced from bcrypt's changelog.
5.0.0
- Bumped MSRV to 1.74.
- Added support for Python 3.14 and free-threaded Python 3.14.
- Added support for Windows on ARM.
- Passing
hashpwa password longer than 72 bytes now raises aValueError. Previously the password was silently truncated, following the behavior of the original OpenBSDbcryptimplementation.
Commits
5060bce5.0.0 release (#1078)e43f568Bump actions/cache from 4.2.4 to 4.3.0 (#1077)fc9f680Bump libc from 0.2.175 to 0.2.176 in /src/_bcrypt (#1075)633f46fAdd support for Python 3.14 (#1073)a2fefbbRemove pypy310 builds (#1074)f60707eBump wasi from 0.14.5+wasi-0.2.4 to 0.14.7+wasi-0.2.4 in /src/_bcrypt (#1071)c790eedBump unicode-ident from 1.0.18 to 1.0.19 in /src/_bcrypt (#1070)122cbdcBump target-lexicon from 0.13.2 to 0.13.3 in /src/_bcrypt (#1069)2bd208dBump wasi from 0.14.4+wasi-0.2.4 to 0.14.5+wasi-0.2.4 in /src/_bcrypt (#1068)e1aa9e8remove poinless cargo cache paths from CI (#1067)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Package Dependencies
Technical Details
| ID: | 12074459 |
| UUID: | 3734837451 |
| Node ID: | PR_kwDOQpx30M65J8gR |
| Host: | GitHub |
| Repository: | www-e/trustedpython |