evlli/hass-core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Bump httpx to 0.21.3 and pin requirements for httpcore, anyio, and h11 (#64822)

Browse source
This commit is contained in:
uvjustin 2022-01-24 17:43:39 +08:00 committed by GitHub
parent d33e2609b9
commit 3b3a8db291
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 19 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
homeassistant/package_constraints.txt
View file

@ -17,7 +17,7 @@ cryptography==35.0.0
emoji==1.6.3
hass-nabucasa==0.52.0
home-assistant-frontend==20220118.0
httpx==0.21.0
httpx==0.21.3
ifaddr==0.1.7
jinja2==3.0.3
paho-mqtt==1.6.1
@ -43,9 +43,6 @@ pycryptodome>=3.6.6
# Constrain urllib3 to ensure we deal with CVE-2020-26137 and CVE-2021-33503
urllib3>=1.26.5
# Constrain H11 to ensure we get a new enough version to support non-rfc line endings
h11>=0.12.0
# Constrain httplib2 to protect against GHSA-93xj-8mrv-444m
# https://github.com/advisories/GHSA-93xj-8mrv-444m
httplib2>=0.19.0
@ -80,12 +77,13 @@ pandas==1.3.0
# This is fixed in 2021.8.28
regex==2021.8.28
# httpx requires httpcore, and httpcore requires anyio, but the version constraints on
# these requirements are quite loose. As these requirements have some outstanding issues
# which may be addressed by version updates, we can tighten their minimum version
# requirements here.
httpcore>=0.14.5
anyio>=3.5.0
# httpx requires httpcore, and httpcore requires anyio and h11, but the version constraints on
# these requirements are quite loose. As the entire stack has some outstanding issues, and
# even newer versions seem to introduce new issues, it's useful for us to pin all these
# requirements so we can directly link HA versions to these library versions.
anyio==3.5.0
h11==0.12.0
httpcore==0.14.5
# pytest_asyncio breaks our test suite. We rely on pytest-aiohttp instead
pytest_asyncio==1000000000.0.0

2
requirements.txt
View file

@ -11,7 +11,7 @@ backports.zoneinfo;python_version<"3.9"
bcrypt==3.1.7
certifi>=2021.5.30
ciso8601==2.2.0
httpx==0.21.0
httpx==0.21.3
ifaddr==0.1.7
jinja2==3.0.3
PyJWT==2.1.0

16
script/gen_requirements_all.py
View file

@ -68,9 +68,6 @@ pycryptodome>=3.6.6
# Constrain urllib3 to ensure we deal with CVE-2020-26137 and CVE-2021-33503
urllib3>=1.26.5
# Constrain H11 to ensure we get a new enough version to support non-rfc line endings
h11>=0.12.0
# Constrain httplib2 to protect against GHSA-93xj-8mrv-444m
# https://github.com/advisories/GHSA-93xj-8mrv-444m
httplib2>=0.19.0
@ -105,12 +102,13 @@ pandas==1.3.0
# This is fixed in 2021.8.28
regex==2021.8.28
# httpx requires httpcore, and httpcore requires anyio, but the version constraints on
# these requirements are quite loose. As these requirements have some outstanding issues
# which may be addressed by version updates, we can tighten their minimum version
# requirements here.
httpcore>=0.14.5
anyio>=3.5.0
# httpx requires httpcore, and httpcore requires anyio and h11, but the version constraints on
# these requirements are quite loose. As the entire stack has some outstanding issues, and
# even newer versions seem to introduce new issues, it's useful for us to pin all these
# requirements so we can directly link HA versions to these library versions.
anyio==3.5.0
h11==0.12.0
httpcore==0.14.5
# pytest_asyncio breaks our test suite. We rely on pytest-aiohttp instead
pytest_asyncio==1000000000.0.0

4
setup.py
View file

@ -42,7 +42,9 @@ REQUIRES = [
"bcrypt==3.1.7",
"certifi>=2021.5.30",
"ciso8601==2.2.0",
"httpx==0.21.0",
# When bumping httpx, please check the version pins of
# httpcore, anyio, and h11 in gen_requirements_all
"httpx==0.21.3",
"ifaddr==0.1.7",
"jinja2==3.0.3",
"PyJWT==2.1.0",