Summary
pyproject.toml declares:
dependencies = [
"boto3>=1.16.10",
"botocore>=1.19.10",
...
]Neither has an upper bound, so installing this package lets pip resolve boto3/botocore to whatever's newest on PyPI. That breaks any environment that also runs aiobotocore, since aiobotocore pins botocore to a narrow range.
Impact (Home Assistant)
Home Assistant pulls this library in for the built-in hive integration. As soon as a user starts the Hive config flow in the UI (Hive HomeKit bridge discovery alone is enough), HA pip-installs pyhive-integration and pip drags boto3/botocore forward. After that, integrations that share aiobotocore — Cloudflare R2, IDrive e2, Nice G.O. — all fail to set up with:
TypeError: ClientArgsCreator.compute_endpoint_resolver_builtin_defaults()
missing 1 required positional argument: 's3_disable_express_session_auth'
The runtime ends up with something like:
aiobotocore 2.21.1 (requires botocore >=1.37.0,<1.37.2)
boto3 1.43.4
botocore 1.43.4
Reproduced on HA OS 2026.5.0, ARM64. Full upstream context: home-assistant/core#168539 (comment)
A sibling library hit the same problem and is being patched in Gentex-Corporation/homelink-integration-api#6 / #7.
Suggested fix
Cap boto3 and botocore so pip can't drag them past what aiobotocore allows:
dependencies = [
"boto3>=1.34,<1.38",
"botocore>=1.34,<1.38",
...
]>=1.34,<1.38 tracks aiobotocore 2.21.x, which is what HA ships today. Raise the cap when HA moves to aiobotocore 3.x.
The unreleased 2.0.0 in pyproject.toml still has the same unbounded constraints. Worth landing the cap before that release goes out, since otherwise the next published version has the same problem.
Summary
pyproject.tomldeclares:Neither has an upper bound, so installing this package lets pip resolve
boto3/botocoreto whatever's newest on PyPI. That breaks any environment that also runsaiobotocore, sinceaiobotocorepinsbotocoreto a narrow range.Impact (Home Assistant)
Home Assistant pulls this library in for the built-in
hiveintegration. As soon as a user starts the Hive config flow in the UI (Hive HomeKit bridge discovery alone is enough), HA pip-installspyhive-integrationand pip dragsboto3/botocoreforward. After that, integrations that shareaiobotocore— Cloudflare R2, IDrive e2, Nice G.O. — all fail to set up with:The runtime ends up with something like:
Reproduced on HA OS 2026.5.0, ARM64. Full upstream context: home-assistant/core#168539 (comment)
A sibling library hit the same problem and is being patched in Gentex-Corporation/homelink-integration-api#6 / #7.
Suggested fix
Cap
boto3andbotocoreso pip can't drag them past whataiobotocoreallows:>=1.34,<1.38tracksaiobotocore 2.21.x, which is what HA ships today. Raise the cap when HA moves toaiobotocore 3.x.The unreleased
2.0.0inpyproject.tomlstill has the same unbounded constraints. Worth landing the cap before that release goes out, since otherwise the next published version has the same problem.