From 25cf690b20c911acd17f665f081e7f8bf3ab597d Mon Sep 17 00:00:00 2001
From: epenet <6771947+epenet@users.noreply.github.com>
Date: Wed, 15 Dec 2021 12:28:04 +0100
Subject: [PATCH] Tidy up package constraint messages (#61866)

Co-authored-by: epenet <epenet@users.noreply.github.com>
---
 homeassistant/package_constraints.txt | 5 ++++-
 script/gen_requirements_all.py        | 6 +++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/homeassistant/package_constraints.txt b/homeassistant/package_constraints.txt
index cc755fb965c..6f39d79cdd8 100644
--- a/homeassistant/package_constraints.txt
+++ b/homeassistant/package_constraints.txt
@@ -21,7 +21,6 @@ httpx==0.21.0
 ifaddr==0.1.7
 jinja2==3.0.3
 paho-mqtt==1.6.1
-pillow==8.2.0
 pip>=8.0.3,<20.3
 pyserial==3.5
 python-slugify==4.0.1
@@ -36,7 +35,11 @@ yarl==1.6.3
 zeroconf==0.37.0
 
 # Constrain pillow to 8.2.0 because later versions are causing issues in nightly builds.
+# https://github.com/home-assistant/core/issues/61756
+pillow==8.2.0
 
+# Constrain pycryptodome to avoid vulnerability
+# see https://github.com/home-assistant/core/pull/16238
 pycryptodome>=3.6.6
 
 # Constrain urllib3 to ensure we deal with CVE-2020-26137 and CVE-2021-33503
diff --git a/script/gen_requirements_all.py b/script/gen_requirements_all.py
index 6dfc910d805..02ef8d929da 100755
--- a/script/gen_requirements_all.py
+++ b/script/gen_requirements_all.py
@@ -62,7 +62,11 @@ CONSTRAINT_PATH = os.path.join(
 )
 CONSTRAINT_BASE = """
 # Constrain pillow to 8.2.0 because later versions are causing issues in nightly builds.
+# https://github.com/home-assistant/core/issues/61756
+pillow==8.2.0
 
+# Constrain pycryptodome to avoid vulnerability
+# see https://github.com/home-assistant/core/pull/16238
 pycryptodome>=3.6.6
 
 # Constrain urllib3 to ensure we deal with CVE-2020-26137 and CVE-2021-33503
@@ -184,7 +188,7 @@ def gather_recursive_requirements(domain, seen=None):
     seen.add(domain)
     integration = Integration(Path(f"homeassistant/components/{domain}"))
     integration.load_manifest()
-    reqs = set(integration.requirements)
+    reqs = {x for x in integration.requirements if x not in CONSTRAINT_BASE}
     for dep_domain in integration.dependencies:
         reqs.update(gather_recursive_requirements(dep_domain, seen))
     return reqs