From 123e914f01d3b16f6fa221bb7c0f364a2971f8e9 Mon Sep 17 00:00:00 2001
From: "Adrian A. Baumann" <ade@adebaumann.com>
Date: Sat, 28 Feb 2026 21:49:00 +0100
Subject: [PATCH] fix: pin bcrypt<4.0.0 to restore passlib compatibility

passlib 1.7.4 (unmaintained since 2020) is incompatible with bcrypt>=4.0:
- bcrypt 4.x removed bcrypt.__about__ (passlib version probe fails)
- bcrypt 4.x enforces 72-byte password limit strictly, crashing
  passlib's detect_wrap_bug() compatibility test during context init

Pinning bcrypt<4.0.0 is the standard workaround until passlib is replaced.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 backend/requirements.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/backend/requirements.txt b/backend/requirements.txt
index 303c08d..0f6d3a4 100644
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@@ -5,6 +5,7 @@ alembic==1.13.1
 psycopg2-binary==2.9.9
 python-jose[cryptography]==3.3.0
 passlib[bcrypt]==1.7.4
+bcrypt<4.0.0
 python-multipart==0.0.9
 pydantic[email]==2.7.1
 pydantic-settings==2.2.1