• bcrypt is pinned <5.0 due to a passlib 1.7.4 incompatibility. This is a known limitation, not a vulnerability.

Please do not open a public GitHub issue for security vulnerabilities.

Report privately to: shawnknight@the-master-plan.com

Include a description, steps to reproduce, and potential impact. You will receive a response within 72 hours.