core/homeassistant/package_constraints.txt

PyJWT==2.1.0
PyNaCl==1.4.0
aiodiscover==1.4.2
aiohttp==3.7.4.post0
aiohttp_cors==0.7.0
astral==2.2
async-upnp-client==0.21.2
async_timeout==3.0.1
attrs==21.2.0
awesomeversion==21.8.1
backports.zoneinfo;python_version<"3.9"
bcrypt==3.1.7
certifi>=2020.12.5
ciso8601==2.1.3
cryptography==3.4.8
defusedxml==0.7.1
emoji==1.2.0
hass-nabucasa==0.50.0
home-assistant-frontend==20210922.0
httpx==0.19.0
ifaddr==0.1.7
jinja2==3.0.1
paho-mqtt==1.5.1
pillow==8.2.0
pip>=8.0.3,<20.3
pyserial==3.5
python-slugify==4.0.1
pyudev==0.22.0
pyyaml==5.4.1
requests==2.25.1
scapy==2.4.5
sqlalchemy==1.4.23
voluptuous-serialize==2.4.0
voluptuous==0.12.1
yarl==1.6.3
zeroconf==0.36.7

pycryptodome>=3.6.6

# Constrain urllib3 to ensure we deal with CVE-2019-11236 & CVE-2019-11324
urllib3>=1.24.3

# Constrain H11 to ensure we get a new enough version to support non-rfc line endings
h11>=0.12.0

# Constrain httplib2 to protect against GHSA-93xj-8mrv-444m
# https://github.com/advisories/GHSA-93xj-8mrv-444m
httplib2>=0.19.0

# gRPC 1.32+ currently causes issues on ARMv7, see:
# https://github.com/home-assistant/core/issues/40148
# Newer versions of some other libraries pin a higher version of grpcio,
# so those also need to be kept at an old version until the grpcio pin
# is reverted, see:
# https://github.com/home-assistant/core/issues/53427
grpcio==1.31.0
google-cloud-pubsub==2.1.0
google-api-core<=1.31.2

# This is a old unmaintained library and is replaced with pycryptodome
pycrypto==1000000000.0.0

# To remove reliance on typing
btlewrap>=0.0.10

# This overrides a built-in Python package
enum34==1000000000.0.0
typing==1000000000.0.0
uuid==1000000000.0.0

# Temporary constraint on pandas, to unblock 2021.7 releases
# until we have fixed the wheels builds for newer versions.
pandas==1.3.0

# regex causes segfault with version 2021.8.27
# https://bitbucket.org/mrabarnett/mrab-regex/issues/421/2021827-results-in-fatal-python-error
# This is fixed in 2021.8.28
regex==2021.8.28

# anyio has a bug that was fixed in 3.3.1
# can remove after httpx/httpcore updates its anyio version pin
anyio>=3.3.1
Bump PyJWT to 2.1.0 (#55911) 2021-09-08 03:59:02 +00:00			`PyJWT==2.1.0`
Upgrade PyNaCl to 1.4.0 (#53287) 2021-07-21 21:28:22 +00:00			`PyNaCl==1.4.0`
Bump aiodiscover to 1.4.2 (#50917) 2021-05-21 05:27:52 +00:00			`aiodiscover==1.4.2`
Upgrade aiohttp to 3.7.4.post0 (#47627) 2021-03-08 22:18:55 +00:00			`aiohttp==3.7.4.post0`
Add default config to constaint file (#24423) 2019-06-10 21:38:14 +00:00			`aiohttp_cors==0.7.0`
Upgrade Astral to 2.2 (#48573) 2021-04-01 22:29:08 +00:00			`astral==2.2`
Move parts of ssdp to async_upnp_client (#55540) * Move parts of ssdp to async_upnp_client * Fix test for environments with multiple sources * Fix sonos tests * More fixes/changes * More fixes * Use async_upnp_client==0.21.0 * Pylint/test fixes * More changes after review * Fix tests * Improve testing * Fix mypy * Fix yamaha_musiccast tests? * Changes after review * Pylint * Reduce calls to combined_headers * Update to async_upnp_client==0.21.1 * Update to async_upnp_client==0.21.2 * use as_dict Co-authored-by: J. Nick Koston <nick@koston.org> 2021-09-11 23:38:16 +00:00			`async-upnp-client==0.21.2`
Upgrade async_timeout to 3.0.1 (#17655) 2018-10-21 12:13:30 +00:00			`async_timeout==3.0.1`
Upgrade attrs to 21.2.0 (#50374) 2021-05-09 20:13:09 +00:00			`attrs==21.2.0`
Bump awesomeversion to 21.8.1 (#55817) 2021-09-11 18:40:46 +00:00			`awesomeversion==21.8.1`
Use zoneinfo instead of dateutil (#50387) Co-authored-by: J. Nick Koston <nick@koston.org> 2021-05-10 15:32:29 +00:00			`backports.zoneinfo;python_version<"3.9"`
Upgrade bcrypt to 3.1.7 (#24850) 2019-07-01 00:23:47 +00:00			`bcrypt==3.1.7`
Updated certifi to >=2020.12.5 (#44701) 2021-01-01 12:07:07 +00:00			`certifi>=2020.12.5`
Use ciso8601 library to parse datetime faster (#32128) 2020-02-24 16:33:10 +00:00			`ciso8601==2.1.3`
Upgrade cryptography to 3.4.8 (#56481) * Upgrade cryptography to 3.4.8 * Fix file 2021-09-21 09:06:52 +00:00			`cryptography==3.4.8`
Upgrade defusedxml to 0.7.1 (#50671) 2021-05-15 17:41:34 +00:00			`defusedxml==0.7.1`
Upgrade emoji to 1.2.0 (#45847) 2021-02-02 14:56:56 +00:00			`emoji==1.2.0`
Simplify cloud request connection handling (#56243) Co-authored-by: Pascal Vizeli <pascal.vizeli@syshack.ch> 2021-09-22 14:51:31 +00:00			`hass-nabucasa==0.50.0`
Bump frontend to 20210922.0 (#56546) 2021-09-22 23:20:58 +00:00			`home-assistant-frontend==20210922.0`
Bump httpx to 0.19.0 (#55106) * Bump httpx to 0.19.0 * regen constraints 2021-08-24 03:27:53 +00:00			`httpx==0.19.0`
Add network configuration integration (#50874) Co-authored-by: Ruslan Sayfutdinov <ruslan@sayfutdinov.com> Co-authored-by: Paulus Schoutsen <paulus@home-assistant.io> Co-authored-by: Martin Hjelmare <marhje52@gmail.com> 2021-05-26 16:06:30 +00:00			`ifaddr==0.1.7`
Pin jinja (#51434) 2021-06-03 21:12:39 +00:00			`jinja2==3.0.1`
Bump PAHO MQTT to 1.5.1 (#42099) 2020-10-22 08:08:19 +00:00			`paho-mqtt==1.5.1`
Revert "Bump pillow to 8.3.2 (#55970)" (#56048) This reverts commit ee7202d10a7b5389631739adb7143ddc7af5756c. 2021-09-10 15:01:51 +00:00			`pillow==8.2.0`
Pin pip < 20.3 (#43771) 2020-11-30 18:38:39 +00:00			`pip>=8.0.3,<20.3`
Add support for USB discovery (#54904) Co-authored-by: Martin Hjelmare <marhje52@gmail.com> 2021-08-20 19:04:18 +00:00			`pyserial==3.5`
Bump python-slugify to 4.0.1 (#38140) * Bump python-slugify to 4.0.1 * Dummy commit to re-trigger tests 2020-07-24 14:55:54 +00:00			`python-slugify==4.0.1`
Add support for USB discovery (#54904) Co-authored-by: Martin Hjelmare <marhje52@gmail.com> 2021-08-20 19:04:18 +00:00			`pyudev==0.22.0`
Upgrade pyyaml to 5.4.1 (CVE-2020-14343) (#45624) 2021-01-28 11:05:09 +00:00			`pyyaml==5.4.1`
Upgrade requests to 2.25.1 (#44989) 2021-01-09 19:02:50 +00:00			`requests==2.25.1`
Bump scapy to 2.4.5 for dhcp (#49437) 2021-04-25 01:16:52 +00:00			`scapy==2.4.5`
Bump sqlalchemy to 1.4.23 (#54980) - Changelog: https://docs.sqlalchemy.org/en/14/changelog/changelog_14.html#change-1.4.23 2021-08-21 17:00:39 +00:00			`sqlalchemy==1.4.23`
Bump voluptuous-serialize 2.4.0 (#37241) * Bump voluptuous-serialize 2.4.0 * Add constant to demo * gen reqs 2020-07-07 03:04:35 +00:00			`voluptuous-serialize==2.4.0`
Bump voluptuous to 0.12.1 (#44002) * Bump voluptuous to 0.12.1 * Adjust MQTT climate test to new error msg 2020-12-07 01:49:36 +00:00			`voluptuous==0.12.1`
Bump aioHTTP 3.7.3 - YARL 1.6.3 (#45180) 2021-01-15 12:19:22 +00:00			`yarl==1.6.3`
Update zeroconf to 0.36.7 (#56553) 2021-09-23 13:00:17 +00:00			`zeroconf==0.36.7`
Block dependencies that depend on enum34 (#8698) * Block dependencies that depend on enum34 * Remove uninstalling enum34 * Update validation script * Add constraints to tox.ini * Upgrade yeelight to version that uses enum-compat * Disable sensor.skybeacon * Lint 2017-08-05 06:06:10 +00:00
Avoid insecure pycryptodome (#16238) 2018-08-28 10:49:50 +00:00			`pycryptodome>=3.6.6`

Add minimal version contrain to urllib3 (#32031) 2020-02-20 18:19:09 +00:00			`# Constrain urllib3 to ensure we deal with CVE-2019-11236 & CVE-2019-11324`
			`urllib3>=1.24.3`

Bump H11 library to support non RFC line endings (#44735) 2021-01-01 17:39:59 +00:00			`# Constrain H11 to ensure we get a new enough version to support non-rfc line endings`
			`h11>=0.12.0`

Upgrade and constrain httplib2>=0.19.0 (#46725) 2021-02-18 11:31:07 +00:00			`# Constrain httplib2 to protect against GHSA-93xj-8mrv-444m`
			`# https://github.com/advisories/GHSA-93xj-8mrv-444m`
			`httplib2>=0.19.0`
Mark min version of httplib2 (#36330) 2020-06-01 07:44:18 +00:00
Revert "GRPC is fixed, don't need a workaround" (#51289) This reverts commit 9d174e8a0504a83831530ef9c9178bbbe5a58872. 2021-05-31 12:03:26 +00:00			`# gRPC 1.32+ currently causes issues on ARMv7, see:`
			`# https://github.com/home-assistant/core/issues/40148`
Pin google-api-core to avoid new version of grpcio (#55115) 2021-08-24 07:43:29 +00:00			`# Newer versions of some other libraries pin a higher version of grpcio,`
			`# so those also need to be kept at an old version until the grpcio pin`
			`# is reverted, see:`
Pin google-cloud-pubsub to an older version (#54239) Pin google-cloud-pubsub to an older version, since newer versions have a pin that is incompatible with the existing grpcio pin already in package_constraints.txt 2021-08-08 04:00:37 +00:00			`# https://github.com/home-assistant/core/issues/53427`
Pin google-api-core to avoid new version of grpcio (#55115) 2021-08-24 07:43:29 +00:00			`grpcio==1.31.0`
Pin google-cloud-pubsub to an older version (#54239) Pin google-cloud-pubsub to an older version, since newer versions have a pin that is incompatible with the existing grpcio pin already in package_constraints.txt 2021-08-08 04:00:37 +00:00			`google-cloud-pubsub==2.1.0`
Pin google-api-core to avoid new version of grpcio (#55115) 2021-08-24 07:43:29 +00:00			`google-api-core<=1.31.2`
Pin google-cloud-pubsub to an older version (#54239) Pin google-cloud-pubsub to an older version, since newer versions have a pin that is incompatible with the existing grpcio pin already in package_constraints.txt 2021-08-08 04:00:37 +00:00
Don't allow to use a old unsecure library (#12715) * Don't allow to use a old unsecury library * Update gen_requirements_all.py * Cryptodome fix for python-broadlink * Coinbase cryptodome fix 2018-02-27 09:58:45 +00:00			`# This is a old unmaintained library and is replaced with pycryptodome`
			`pycrypto==1000000000.0.0`
Allow disabling integrations in manifest, block uuid package being installed and disable ezviz (#38444) 2020-08-26 08:20:14 +00:00
Bump CI cache (#39283) 2020-08-26 14:53:22 +00:00			`# To remove reliance on typing`
			`btlewrap>=0.0.10`

Block typing from being installed (#37707) 2020-08-26 12:51:41 +00:00			`# This overrides a built-in Python package`
			`enum34==1000000000.0.0`
			`typing==1000000000.0.0`
Allow disabling integrations in manifest, block uuid package being installed and disable ezviz (#38444) 2020-08-26 08:20:14 +00:00			`uuid==1000000000.0.0`
Block typing from being installed (#37707) 2020-08-26 12:51:41 +00:00
Pin pandas to 1.3.0 (#53607) Co-authored-by: Franck Nijhof <git@frenck.dev> 2021-07-28 08:30:05 +00:00			`# Temporary constraint on pandas, to unblock 2021.7 releases`
			`# until we have fixed the wheels builds for newer versions.`
			`pandas==1.3.0`
Pin regex to 2021.8.28 (#55368) 2021-08-28 13:00:14 +00:00
			`# regex causes segfault with version 2021.8.27`
			`# https://bitbucket.org/mrabarnett/mrab-regex/issues/421/2021827-results-in-fatal-python-error`
			`# This is fixed in 2021.8.28`
			`regex==2021.8.28`
Add package constraint anyio>=3.3.1 (#55997) 2021-09-09 13:33:09 +00:00
			`# anyio has a bug that was fixed in 3.3.1`
			`# can remove after httpx/httpcore updates its anyio version pin`
			`anyio>=3.3.1`