From acf31f609a96e935254c810159e44f9a6e6aa45a Mon Sep 17 00:00:00 2001
From: epenet <6771947+epenet@users.noreply.github.com>
Date: Wed, 11 Jun 2025 15:11:58 +0200
Subject: [PATCH] Adjust urllib3 constraint (#145485)

* Remove urllib3 upper bound constraint

* Disable neato

* Disable neato tests

* Simplify test ignore

* Add to PACKAGE_CHECK_VERSION_RANGE

* Adjust

* Adjust

* Force 2.0
---
 homeassistant/package_constraints.txt | 2 +-
 pyproject.toml                        | 5 +----
 requirements.txt                      | 2 +-
 script/hassfest/requirements.py       | 1 +
 4 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/homeassistant/package_constraints.txt b/homeassistant/package_constraints.txt
index 100bed42838..3ecb015a9e7 100644
--- a/homeassistant/package_constraints.txt
+++ b/homeassistant/package_constraints.txt
@@ -68,7 +68,7 @@ standard-aifc==3.13.0
 standard-telnetlib==3.13.0
 typing-extensions>=4.14.0,<5.0
 ulid-transform==1.4.0
-urllib3>=1.26.5,<2
+urllib3>=2.0
 uv==0.7.1
 voluptuous-openapi==0.1.0
 voluptuous-serialize==2.6.0
diff --git a/pyproject.toml b/pyproject.toml
index af9b4229b6e..ab84b14dc63 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -113,10 +113,7 @@ dependencies = [
   "standard-telnetlib==3.13.0",
   "typing-extensions>=4.14.0,<5.0",
   "ulid-transform==1.4.0",
-  # Constrain urllib3 to ensure we deal with CVE-2020-26137 and CVE-2021-33503
-  # Temporary setting an upper bound, to prevent compat issues with urllib3>=2
-  # https://github.com/home-assistant/core/issues/97248
-  "urllib3>=1.26.5,<2",
+  "urllib3>=2.0",
   "uv==0.7.1",
   "voluptuous==0.15.2",
   "voluptuous-serialize==2.6.0",
diff --git a/requirements.txt b/requirements.txt
index 0eb2cece414..73433860f71 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -53,7 +53,7 @@ standard-aifc==3.13.0
 standard-telnetlib==3.13.0
 typing-extensions>=4.14.0,<5.0
 ulid-transform==1.4.0
-urllib3>=1.26.5,<2
+urllib3>=2.0
 uv==0.7.1
 voluptuous==0.15.2
 voluptuous-serialize==2.6.0
diff --git a/script/hassfest/requirements.py b/script/hassfest/requirements.py
index 816f031a260..b8265e4e58d 100644
--- a/script/hassfest/requirements.py
+++ b/script/hassfest/requirements.py
@@ -38,6 +38,7 @@ PACKAGE_CHECK_VERSION_RANGE = {
     "pytz": "CalVer",
     "requests": "SemVer",
     "typing_extensions": "SemVer",
+    "urllib3": "SemVer",
     "yarl": "SemVer",
 }
 PACKAGE_CHECK_VERSION_RANGE_EXCEPTIONS: dict[str, dict[str, set[str]]] = {