Adjust urllib3 constraint

[epenet]

Proposed change

urllib3 v2 was released in early 2023

While urllib3 1.26.x is still supported, it won’t get new features or bug fixes, just security updates. Consider opening a tracking issue to unpin urllib3 in the future to not stay on 1.26.x indefinitely.

https://urllib3.readthedocs.io/en/stable/v2-migration-guide.html

Needs:

• Bump pybotvac to 0.0.28 #146513
• Bump sensorpush-api to 2.1.3 #146514
• Bump weheat to 2025.6.10 #146515

Original issue #97248 was linked to botocore which has since been made compatible with urllib3 v2

See in particular boto/botocore@785d224 (enable <2.1) and boto/botocore#3141 (enable <3)

File "/usr/local/lib/python3.11/site-packages/botocore/utils.py", line 32, in
import botocore.httpsession
File "/usr/local/lib/python3.11/site-packages/botocore/httpsession.py", line 10, in
from urllib3.util.ssl import (
ImportError: cannot import name 'DEFAULT_CIPHERS' from 'urllib3.util.ssl' (/usr/local/lib/python3.11/site-packages/urllib3/util/ssl.py)

Type of change

• Dependency upgrade
• Bugfix (non-breaking change which fixes an issue)
• New integration (thank you!)
• New feature (which adds functionality to an existing integration)
• Deprecation (breaking change to happen in the future)
• Breaking change (fix/feature causing existing functionality to break)
• Code quality improvements to existing code or addition of tests

Additional information

• This PR fixes or closes issue: fixes #
• This PR is related to issue:
• Link to documentation pull request:
• Link to developer documentation pull request:
• Link to frontend pull request:

Checklist

• The code change is tested and works locally.
• Local tests pass. Your PR cannot be merged unless tests pass
• There is no commented out code in this PR.
• I have followed the development checklist
• I have followed the perfect PR recommendations
• The code has been formatted using Ruff (ruff format homeassistant tests)
• Tests have been added to verify that the new code works.

If user exposed functionality or configuration variables are added/changed:

• Documentation added/updated for www.home-assistant.io

If the code communicates with devices, web services, or third-party tools:

• The manifest file has all fields filled out correctly.
  Updated and included derived files by running: python3 -m script.hassfest.
• New or updated dependencies have been added to requirements_all.txt.
  Updated by running python3 -m script.gen_requirements_all.
• For the updated dependencies - a link to the changelog, or at minimum a diff between library versions is added to the PR description.

To help with the load of incoming pull requests:

• I have reviewed two other open pull requests in this repository.

[cdce8p]

Should we update the constraint to >=2.0 or even something newer like 2.2 or 2.4? That way we could prevent accidentally installing an old version again.

Note that it might cause issues with custom components but maybe the best way to deal with those would be to see what breaks after the release and fix the dependencies then accordingly.

[epenet]

I think maybe >=2.0 is a good first step - so users have time to spot the deprecation warnings and adjust accordingly.

[cdce8p]

Looks good to me! Thanks @epenet for your work getting this to the finish line 🚀