From b44c5d98a81ac4286c0046da78cfe4538aaa0338 Mon Sep 17 00:00:00 2001
From: ulises-jeremias <ulisescf.24@gmail.com>
Date: Tue, 26 May 2026 13:12:15 -0300
Subject: [PATCH] fix(deps): pin bcrypt<5 to fix passlib incompatibility
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

passlib 1.7.x cannot read bcrypt 5.x version metadata, causing every
example that does `from passlib.context import CryptContext` to fail
with "(trapped) error reading bcrypt version" (exit 1) at import time.

This was introduced silently when Dependabot PR #12 bumped bcrypt
from <5 to <6 (workflow excludes Dependabot from CI, so the bump
landed on main without surfacing the regression). The next non-
Dependabot CI run on main (PR #13 — modules/ refactor) caught it.

Fix:
- pyproject.toml: pin bcrypt<5 in both [project.dependencies] and the
  [project.optional-dependencies.all] extras
- .github/dependabot.yml: add ignore rule for bcrypt >=5.0 until
  passlib publishes a compatible release, so this regression cannot
  silently land again

Restores 12_fastapi_complete/authentication_jwt and 12_fastapi_complete/oauth2
X1 to pass in CI (16/16 modules clean expected).
---
 .github/dependabot.yml | 6 ++++++
 pyproject.toml         | 4 ++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 8273037..b5f1698 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -12,3 +12,9 @@ updates:
       interval: "weekly"
     commit-message:
       prefix: "deps"
+    ignore:
+      # bcrypt 5.x is incompatible with passlib 1.7.x
+      # (passlib raises "(trapped) error reading bcrypt version" and fails X1).
+      # Keep pinned to <5 until passlib publishes a compatible release.
+      - dependency-name: "bcrypt"
+        versions: [">=5.0"]
diff --git a/pyproject.toml b/pyproject.toml
index 3b4a6a5..8fca283 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -52,7 +52,7 @@ web = [
     "alembic>=1.13.0",
     "python-jose[cryptography]>=3.3.0",
     "passlib[bcrypt]>=1.7.4",
-    "bcrypt<6",
+    "bcrypt<5",
     "python-multipart>=0.0.9",
     "strawberry-graphql[fastapi]>=0.220.0",
     "redis>=5.0.0",
@@ -73,7 +73,7 @@ all = [
     "alembic>=1.13.0",
     "python-jose[cryptography]>=3.3.0",
     "passlib[bcrypt]>=1.7.4",
-    "bcrypt<6",
+    "bcrypt<5",
     "python-multipart>=0.0.9",
     "strawberry-graphql[fastapi]>=0.220.0",
     "redis>=5.0.0",