Move urllib3 constraint to pyproject.toml (#106768)

homeassistant/package_constraints.txt

@@ -55,6 +55,7 @@ scapy==2.5.0
 SQLAlchemy==2.0.23
 typing-extensions>=4.9.0,<5.0
 ulid-transform==0.9.0
+urllib3>=1.26.5,<2
 voluptuous-serialize==2.6.0
 voluptuous==0.13.1
 webrtc-noise-gain==1.2.3
@@ -65,11 +66,6 @@ zeroconf==0.131.0
 # see https://github.com/home-assistant/core/pull/16238
 pycryptodome>=3.6.6
 
-# Constrain urllib3 to ensure we deal with CVE-2020-26137 and CVE-2021-33503
-# Temporary setting an upper bound, to prevent compat issues with urllib3>=2
-# https://github.com/home-assistant/core/issues/97248
-urllib3>=1.26.5,<2
-
 # Constrain httplib2 to protect against GHSA-93xj-8mrv-444m
 # https://github.com/advisories/GHSA-93xj-8mrv-444m
 httplib2>=0.19.0

pyproject.toml

@@ -54,6 +54,10 @@ dependencies    = [
     "requests==2.31.0",
     "typing-extensions>=4.9.0,<5.0",
     "ulid-transform==0.9.0",
+    # Constrain urllib3 to ensure we deal with CVE-2020-26137 and CVE-2021-33503
+    # Temporary setting an upper bound, to prevent compat issues with urllib3>=2
+    # https://github.com/home-assistant/core/issues/97248
+    "urllib3>=1.26.5,<2",
     "voluptuous==0.13.1",
     "voluptuous-serialize==2.6.0",
     "yarl==1.9.4",

requirements.txt

@@ -30,6 +30,7 @@ PyYAML==6.0.1
 requests==2.31.0
 typing-extensions>=4.9.0,<5.0
 ulid-transform==0.9.0
+urllib3>=1.26.5,<2
 voluptuous==0.13.1
 voluptuous-serialize==2.6.0
 yarl==1.9.4

script/gen_requirements_all.py

@@ -59,11 +59,6 @@ CONSTRAINT_BASE = """
 # see https://github.com/home-assistant/core/pull/16238
 pycryptodome>=3.6.6
 
-# Constrain urllib3 to ensure we deal with CVE-2020-26137 and CVE-2021-33503
-# Temporary setting an upper bound, to prevent compat issues with urllib3>=2
-# https://github.com/home-assistant/core/issues/97248
-urllib3>=1.26.5,<2
-
 # Constrain httplib2 to protect against GHSA-93xj-8mrv-444m
 # https://github.com/advisories/GHSA-93xj-8mrv-444m
 httplib2>=0.19.0