aiodiscover<1.5,>=1.4.16
aiohttp-cors<0.8,>=0.7.0
aiohttp<3.9,>=3.8.4
astral<3.3,>=3.2
async-upnp-client<0.35,>=0.34.0
atomicwrites-homeassistant<1.5,>=1.4.1
awesomeversion<23.6,>=23.5.0
bcrypt<4.1,>=4.0.1
certifi<2023.6,>=2023.5.7
ciso8601<2.4,>=2.3.0
colorlog<6.8,>=6.7.0
cryptography<41.1,>=41.0.2
fnvhash<0.2,>=0.1.0
ifaddr<0.2,>=0.1.7
jinja2<3.2,>=3.1.2
lru-dict<1.2,>=1.1.8
packaging<23.2,>=23.1
pillow<9.3,>=9.2.0
pyjwt<2.7,>=2.6.0
pynacl<1.6,>=1.5.0
pyotp<2.9,>=2.8.0
pyqrcode<1.3,>=1.2.1
pyserial<3.6,>=3.5
python-slugify<8.2,>=8.0.1
pyturbojpeg<1.8,>=1.7.1
pyudev<0.25,>=0.24.1
pyyaml<6.1,>=6.0
requests<2.32,>=2.31.0
sqlalchemy<2.1,>=2.0.18
tqdm<4.66,>=4.65.0
urllib3<1.27,>=1.26.16
voluptuous-serialize<2.7,>=2.6.0
voluptuous<0.14,>=0.13.1
zeroconf<0.70,>=0.69.0

# Constrain pycryptodome to avoid vulnerability
# see https://github.com/home-assistant/core/pull/16238
pycryptodome>=3.6.6

# Constrain urllib3 to ensure we deal with CVE-2020-26137 and CVE-2021-33503
urllib3>=1.26.5

# Constrain httplib2 to protect against GHSA-93xj-8mrv-444m
# https://github.com/advisories/GHSA-93xj-8mrv-444m
httplib2>=0.19.0

# This is a old unmaintained library and is replaced with pycryptodome
pycrypto==1000000000.0.0

# This overrides a built-in Python package
enum34==1000000000.0.0
typing==1000000000.0.0
uuid==1000000000.0.0

# regex causes segfault with version 2021.8.27
# https://bitbucket.org/mrabarnett/mrab-regex/issues/421/2021827-results-in-fatal-python-error
# This is fixed in 2021.8.28
regex>=2021.8.28
