Passlib dependency still advisable?

[SpoonOfDoom]

First Check

• I added a very descriptive title here.
• I used the GitHub search to find a similar question and didn't find it.
• I searched in the documentation/README.
• I already searched in Google "How to do X" and didn't find any information.
• I already read and followed all the tutorial in the docs/README and didn't find an answer.

Commit to Help

• I commit to help with one of those options 👆

Example Code

not applicable

Description

It appears to be that passlib is abandoned. It has been for a while, and when looming problems (e.g. with Python 3.13) became more apparent, the maintainer made some comments and promised to take up development again, but that has been 6 months ago he has been unresponsive again since then, and hasn't given anyone access to pick up the mantle. It appears we may not be getting regular maintanence in the future (see the discussion in the passlib repo for context: https://foss.heptapod.net/python-libs/passlib/-/issues/187).

Now that raises two questions for this project template, which I think are worth at least discussing since it's a security related package.

1. Should this project still use passlib as a dependency (and thus "promote" the use of it)?
2. If not, what would be the best replacement?

Unless any new vulnerabilities pop up, it should be fine for current Python versions, but could become a problem in the near-ish future. It'd also be a problem if any new vulnerabilities that affect passlib were to pop up.

Operating System

Other

Operating System Details

Not relevant

Python Version

3.11.9

Additional Context

No response

[storenth]

No, looks like community suggest to use bcrypt directly.
Guys, please remove passlib

full-stack-fastapi-template/backend/pyproject.toml

Line 10 in d3d370c

"passlib[bcrypt]<2.0.0,>=1.7.4",

due to project dropped and no more support by maintainer.
https://passlib.readthedocs.io/en/latest/install.html

Related issue/discuss: pyca/bcrypt#684