Merge branch 'wifi_fail_too_quickly_fix' into wifi_timeout

Co-authored-by: Claude <noreply@anthropic.com>

.github/actions/restore-python/action.yml

@@ -22,7 +22,7 @@ runs:
         python-version: ${{ inputs.python-version }}
     - name: Restore Python virtual environment
       id: cache-venv
-      uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+      uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
       with:
         path: venv
         # yamllint disable-line rule:line-length

.github/workflows/auto-label-pr.yml

@@ -26,7 +26,7 @@ jobs:
 
       - name: Generate a token
         id: generate-token
-        uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2
         with:
           app-id: ${{ secrets.ESPHOME_GITHUB_APP_ID }}
           private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}

.github/workflows/ci-api-proto.yml

@@ -62,7 +62,7 @@ jobs:
         run: git diff
       - if: failure()
         name: Archive artifacts
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: generated-proto-files
           path: |

.github/workflows/ci.yml

@@ -47,7 +47,7 @@ jobs:
           python-version: ${{ env.DEFAULT_PYTHON }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
         with:
           path: venv
           # yamllint disable-line rule:line-length
@@ -152,12 +152,12 @@ jobs:
           . venv/bin/activate
           pytest -vv --cov-report=xml --tb=native -n auto tests --ignore=tests/integration/
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
+        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
       - name: Save Python virtual environment cache
         if: github.ref == 'refs/heads/dev'
-        uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache/save@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
         with:
           path: venv
           key: ${{ runner.os }}-${{ steps.restore-python.outputs.python-version }}-venv-${{ needs.common.outputs.cache-key }}
@@ -193,7 +193,7 @@ jobs:
           python-version: ${{ env.DEFAULT_PYTHON }}
           cache-key: ${{ needs.common.outputs.cache-key }}
       - name: Restore components graph cache
-        uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
         with:
           path: .temp/components_graph.json
           key: components-graph-${{ hashFiles('esphome/components/**/*.py') }}
@@ -223,7 +223,7 @@ jobs:
           echo "component-test-batches=$(echo "$output" | jq -c '.component_test_batches')" >> $GITHUB_OUTPUT
       - name: Save components graph cache
         if: github.ref == 'refs/heads/dev'
-        uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache/save@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
         with:
           path: .temp/components_graph.json
           key: components-graph-${{ hashFiles('esphome/components/**/*.py') }}
@@ -245,7 +245,7 @@ jobs:
           python-version: "3.13"
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
         with:
           path: venv
           key: ${{ runner.os }}-${{ steps.python.outputs.python-version }}-venv-${{ needs.common.outputs.cache-key }}
@@ -334,14 +334,14 @@ jobs:
 
       - name: Cache platformio
         if: github.ref == 'refs/heads/dev'
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
         with:
           path: ~/.platformio
           key: platformio-${{ matrix.pio_cache_key }}-${{ hashFiles('platformio.ini') }}
 
       - name: Cache platformio
         if: github.ref != 'refs/heads/dev'
-        uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
         with:
           path: ~/.platformio
           key: platformio-${{ matrix.pio_cache_key }}-${{ hashFiles('platformio.ini') }}
@@ -413,14 +413,14 @@ jobs:
 
       - name: Cache platformio
         if: github.ref == 'refs/heads/dev'
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
         with:
           path: ~/.platformio
           key: platformio-tidyesp32-${{ hashFiles('platformio.ini') }}
 
       - name: Cache platformio
         if: github.ref != 'refs/heads/dev'
-        uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
         with:
           path: ~/.platformio
           key: platformio-tidyesp32-${{ hashFiles('platformio.ini') }}
@@ -502,14 +502,14 @@ jobs:
 
       - name: Cache platformio
         if: github.ref == 'refs/heads/dev'
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
         with:
           path: ~/.platformio
           key: platformio-tidyesp32-${{ hashFiles('platformio.ini') }}
 
       - name: Cache platformio
         if: github.ref != 'refs/heads/dev'
-        uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
         with:
           path: ~/.platformio
           key: platformio-tidyesp32-${{ hashFiles('platformio.ini') }}
@@ -735,7 +735,7 @@ jobs:
       - name: Restore cached memory analysis
         id: cache-memory-analysis
         if: steps.check-script.outputs.skip != 'true'
-        uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
         with:
           path: memory-analysis-target.json
           key: ${{ steps.cache-key.outputs.cache-key }}
@@ -759,7 +759,7 @@ jobs:
 
       - name: Cache platformio
         if: steps.check-script.outputs.skip != 'true' && steps.cache-memory-analysis.outputs.cache-hit != 'true'
-        uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
         with:
           path: ~/.platformio
           key: platformio-memory-${{ fromJSON(needs.determine-jobs.outputs.memory_impact).platform }}-${{ hashFiles('platformio.ini') }}
@@ -800,7 +800,7 @@ jobs:
 
       - name: Save memory analysis to cache
         if: steps.check-script.outputs.skip != 'true' && steps.cache-memory-analysis.outputs.cache-hit != 'true' && steps.build.outcome == 'success'
-        uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache/save@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
         with:
           path: memory-analysis-target.json
           key: ${{ steps.cache-key.outputs.cache-key }}
@@ -821,7 +821,7 @@ jobs:
           fi
 
       - name: Upload memory analysis JSON
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: memory-analysis-target
           path: memory-analysis-target.json
@@ -847,7 +847,7 @@ jobs:
           python-version: ${{ env.DEFAULT_PYTHON }}
           cache-key: ${{ needs.common.outputs.cache-key }}
       - name: Cache platformio
-        uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
         with:
           path: ~/.platformio
           key: platformio-memory-${{ fromJSON(needs.determine-jobs.outputs.memory_impact).platform }}-${{ hashFiles('platformio.ini') }}
@@ -885,7 +885,7 @@ jobs:
             --platform "$platform"
 
       - name: Upload memory analysis JSON
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: memory-analysis-pr
           path: memory-analysis-pr.json
@@ -915,13 +915,13 @@ jobs:
           python-version: ${{ env.DEFAULT_PYTHON }}
           cache-key: ${{ needs.common.outputs.cache-key }}
       - name: Download target analysis JSON
-        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
         with:
           name: memory-analysis-target
           path: ./memory-analysis
         continue-on-error: true
       - name: Download PR analysis JSON
-        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
         with:
           name: memory-analysis-pr
           path: ./memory-analysis

.github/workflows/codeql.yml

@@ -58,7 +58,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
+        uses: github/codeql-action/init@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
         with:
           languages: ${{ matrix.language }}
           build-mode: ${{ matrix.build-mode }}
@@ -86,6 +86,6 @@ jobs:
           exit 1
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
+        uses: github/codeql-action/analyze@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/release.yml

@@ -138,7 +138,7 @@ jobs:
       #     version: ${{ needs.init.outputs.tag }}
 
       - name: Upload digests
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: digests-${{ matrix.platform.arch }}
           path: /tmp/digests
@@ -171,7 +171,7 @@ jobs:
       - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Download digests
-        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
         with:
           pattern: digests-*
           path: /tmp/digests
@@ -221,7 +221,7 @@ jobs:
     steps:
       - name: Generate a token
         id: generate-token
-        uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
         with:
           app-id: ${{ secrets.ESPHOME_GITHUB_APP_ID }}
           private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}
@@ -256,7 +256,7 @@ jobs:
     steps:
       - name: Generate a token
         id: generate-token
-        uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
         with:
           app-id: ${{ secrets.ESPHOME_GITHUB_APP_ID }}
           private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}
@@ -287,7 +287,7 @@ jobs:
     steps:
       - name: Generate a token
         id: generate-token
-        uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
         with:
           app-id: ${{ secrets.ESPHOME_GITHUB_APP_ID }}
           private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}

.github/workflows/sync-device-classes.yml

@@ -41,7 +41,7 @@ jobs:
           python script/run-in-env.py pre-commit run --all-files
 
       - name: Commit changes
-        uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7.0.11
+        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
         with:
           commit-message: "Synchronise Device Classes from Home Assistant"
           committer: esphomebot <esphome@openhomefoundation.org>

.pre-commit-config.yaml

@@ -11,7 +11,7 @@ ci:
 repos:
   - repo: https://github.com/astral-sh/ruff-pre-commit
     # Ruff version.
-    rev: v0.14.8
+    rev: v0.14.9
     hooks:
       # Run the linter.
       - id: ruff

Doxyfile

@@ -48,7 +48,7 @@ PROJECT_NAME           = ESPHome
 # could be handy for archiving the generated documentation or if some version
 # control system is used.
 
-PROJECT_NUMBER         = 2025.12.1
+PROJECT_NUMBER         = 2026.1.0-dev
 
 # Using the PROJECT_BRIEF tag one can provide an optional one line description
 # for a project that appears at the top of each page and should give viewer a

esphome/components/api/api_frame_helper_noise.cpp

@@ -539,7 +539,8 @@ APIError APINoiseFrameHelper::init_handshake_() {
   if (aerr != APIError::OK)
     return aerr;
   // set_prologue copies it into handshakestate, so we can get rid of it now
-  prologue_ = {};
+  // Use swap idiom to actually release memory (= {} only clears size, not capacity)
+  std::vector<uint8_t>().swap(prologue_);
 
   err = noise_handshakestate_start(handshake_);
   aerr = handle_noise_error_(err, LOG_STR("noise_handshakestate_start"), APIError::HANDSHAKESTATE_SETUP_FAILED);

esphome/components/bme68x_bsec2_i2c/__init__.py

@@ -11,7 +11,6 @@ CODEOWNERS = ["@neffs", "@kbx81"]
 
 AUTO_LOAD = ["bme68x_bsec2"]
 DEPENDENCIES = ["i2c"]
-MULTI_CONF = True
 
 bme68x_bsec2_i2c_ns = cg.esphome_ns.namespace("bme68x_bsec2_i2c")
 BME68xBSEC2I2CComponent = bme68x_bsec2_i2c_ns.class_(

esphome/components/captive_portal/captive_portal.cpp

@@ -65,6 +65,12 @@ void CaptivePortal::start() {
   this->base_->init();
   if (!this->initialized_) {
     this->base_->add_handler(this);
+#ifdef USE_ESP32
+    // Enable LRU socket purging to handle captive portal detection probe bursts
+    // OS captive portal detection makes many simultaneous HTTP requests which can
+    // exhaust sockets. LRU purging automatically closes oldest idle connections.
+    this->base_->get_server()->set_lru_purge_enable(true);
+#endif
   }
 
   network::IPAddress ip = wifi::global_wifi_component->wifi_soft_ap_ip();

esphome/components/captive_portal/captive_portal.h

@@ -40,6 +40,10 @@ class CaptivePortal : public AsyncWebHandler, public Component {
   void end() {
     this->active_ = false;
     this->disable_loop();  // Stop processing DNS requests
+#ifdef USE_ESP32
+    // Disable LRU socket purging now that captive portal is done
+    this->base_->get_server()->set_lru_purge_enable(false);
+#endif
     this->base_->deinit();
     if (this->dns_server_ != nullptr) {
       this->dns_server_->stop();

esphome/components/cc1101/cc1101.cpp

@@ -99,11 +99,11 @@ CC1101Component::CC1101Component() {
   this->state_.FS_AUTOCAL = 1;
 
   // Default Settings
-  this->set_frequency(433920000);
-  this->set_if_frequency(153000);
-  this->set_filter_bandwidth(203000);
+  this->set_frequency(433920);
+  this->set_if_frequency(153);
+  this->set_filter_bandwidth(203);
   this->set_channel(0);
-  this->set_channel_spacing(200000);
+  this->set_channel_spacing(200);
   this->set_symbol_rate(5000);
   this->set_sync_mode(SyncMode::SYNC_MODE_NONE);
   this->set_carrier_sense_above_threshold(true);

esphome/components/climate/__init__.py

@@ -275,10 +275,13 @@ async def setup_climate_core_(var, config):
 
     visual = config[CONF_VISUAL]
     if (min_temp := visual.get(CONF_MIN_TEMPERATURE)) is not None:
+        cg.add_define("USE_CLIMATE_VISUAL_OVERRIDES")
         cg.add(var.set_visual_min_temperature_override(min_temp))
     if (max_temp := visual.get(CONF_MAX_TEMPERATURE)) is not None:
+        cg.add_define("USE_CLIMATE_VISUAL_OVERRIDES")
         cg.add(var.set_visual_max_temperature_override(max_temp))
     if (temp_step := visual.get(CONF_TEMPERATURE_STEP)) is not None:
+        cg.add_define("USE_CLIMATE_VISUAL_OVERRIDES")
         cg.add(
             var.set_visual_temperature_step_override(
                 temp_step[CONF_TARGET_TEMPERATURE],
@@ -286,8 +289,10 @@ async def setup_climate_core_(var, config):
             )
         )
     if (min_humidity := visual.get(CONF_MIN_HUMIDITY)) is not None:
+        cg.add_define("USE_CLIMATE_VISUAL_OVERRIDES")
         cg.add(var.set_visual_min_humidity_override(min_humidity))
     if (max_humidity := visual.get(CONF_MAX_HUMIDITY)) is not None:
+        cg.add_define("USE_CLIMATE_VISUAL_OVERRIDES")
         cg.add(var.set_visual_max_humidity_override(max_humidity))
 
     if (mqtt_id := config.get(CONF_MQTT_ID)) is not None:

esphome/components/climate/climate.cpp

@@ -473,26 +473,28 @@ void Climate::publish_state() {
 
 ClimateTraits Climate::get_traits() {
   auto traits = this->traits();
-  if (this->visual_min_temperature_override_.has_value()) {
-    traits.set_visual_min_temperature(*this->visual_min_temperature_override_);
+#ifdef USE_CLIMATE_VISUAL_OVERRIDES
+  if (!std::isnan(this->visual_min_temperature_override_)) {
+    traits.set_visual_min_temperature(this->visual_min_temperature_override_);
   }
-  if (this->visual_max_temperature_override_.has_value()) {
-    traits.set_visual_max_temperature(*this->visual_max_temperature_override_);
+  if (!std::isnan(this->visual_max_temperature_override_)) {
+    traits.set_visual_max_temperature(this->visual_max_temperature_override_);
   }
-  if (this->visual_target_temperature_step_override_.has_value()) {
-    traits.set_visual_target_temperature_step(*this->visual_target_temperature_step_override_);
-    traits.set_visual_current_temperature_step(*this->visual_current_temperature_step_override_);
+  if (!std::isnan(this->visual_target_temperature_step_override_)) {
+    traits.set_visual_target_temperature_step(this->visual_target_temperature_step_override_);
+    traits.set_visual_current_temperature_step(this->visual_current_temperature_step_override_);
   }
-  if (this->visual_min_humidity_override_.has_value()) {
-    traits.set_visual_min_humidity(*this->visual_min_humidity_override_);
+  if (!std::isnan(this->visual_min_humidity_override_)) {
+    traits.set_visual_min_humidity(this->visual_min_humidity_override_);
   }
-  if (this->visual_max_humidity_override_.has_value()) {
-    traits.set_visual_max_humidity(*this->visual_max_humidity_override_);
+  if (!std::isnan(this->visual_max_humidity_override_)) {
+    traits.set_visual_max_humidity(this->visual_max_humidity_override_);
   }
-
+#endif
   return traits;
 }
 
+#ifdef USE_CLIMATE_VISUAL_OVERRIDES
 void Climate::set_visual_min_temperature_override(float visual_min_temperature_override) {
   this->visual_min_temperature_override_ = visual_min_temperature_override;
 }
@@ -513,6 +515,7 @@ void Climate::set_visual_min_humidity_override(float visual_min_humidity_overrid
 void Climate::set_visual_max_humidity_override(float visual_max_humidity_override) {
   this->visual_max_humidity_override_ = visual_max_humidity_override;
 }
+#endif
 
 ClimateCall Climate::make_call() { return ClimateCall(this); }
 

esphome/components/climate/climate.h

@@ -213,11 +213,13 @@ class Climate : public EntityBase {
    */
   ClimateTraits get_traits();
 
+#ifdef USE_CLIMATE_VISUAL_OVERRIDES
   void set_visual_min_temperature_override(float visual_min_temperature_override);
   void set_visual_max_temperature_override(float visual_max_temperature_override);
   void set_visual_temperature_step_override(float target, float current);
   void set_visual_min_humidity_override(float visual_min_humidity_override);
   void set_visual_max_humidity_override(float visual_max_humidity_override);
+#endif
 
   /// Check if a custom fan mode is currently active.
   bool has_custom_fan_mode() const { return this->custom_fan_mode_ != nullptr; }
@@ -321,12 +323,14 @@ class Climate : public EntityBase {
   CallbackManager<void(Climate &)> state_callback_{};
   CallbackManager<void(ClimateCall &)> control_callback_{};
   ESPPreferenceObject rtc_;
-  optional<float> visual_min_temperature_override_{};
-  optional<float> visual_max_temperature_override_{};
-  optional<float> visual_target_temperature_step_override_{};
-  optional<float> visual_current_temperature_step_override_{};
-  optional<float> visual_min_humidity_override_{};
-  optional<float> visual_max_humidity_override_{};
+#ifdef USE_CLIMATE_VISUAL_OVERRIDES
+  float visual_min_temperature_override_{NAN};
+  float visual_max_temperature_override_{NAN};
+  float visual_target_temperature_step_override_{NAN};
+  float visual_current_temperature_step_override_{NAN};
+  float visual_min_humidity_override_{NAN};
+  float visual_max_humidity_override_{NAN};
+#endif
 
  private:
   /** The active custom fan mode (private - enforces use of safe setters).

esphome/components/esp32/__init__.py

@@ -4,7 +4,6 @@ import itertools
 import logging
 import os
 from pathlib import Path
-import re
 
 from esphome import yaml_util
 import esphome.codegen as cg
@@ -617,13 +616,10 @@ def require_vfs_dir() -> None:
 
 def _parse_idf_component(value: str) -> ConfigType:
     """Parse IDF component shorthand syntax like 'owner/component^version'"""
-    # Match operator followed by version-like string (digit or *)
-    if match := re.search(r"(~=|>=|<=|==|!=|>|<|\^|~)(\d|\*)", value):
-        return {CONF_NAME: value[: match.start()], CONF_REF: value[match.start() :]}
-    raise cv.Invalid(
-        f"Invalid IDF component shorthand '{value}'. "
-        f"Expected format: 'owner/component<op>version' where <op> is one of: ^, ~, ~=, ==, !=, >=, >, <=, <"
-    )
+    if "^" not in value:
+        raise cv.Invalid(f"Invalid IDF component shorthand '{value}'")
+    name, ref = value.split("^", 1)
+    return {CONF_NAME: name, CONF_REF: ref}
 
 
 def _validate_idf_component(config: ConfigType) -> ConfigType:

esphome/components/esp32_ble/ble.cpp

@@ -308,21 +308,13 @@ bool ESP32BLE::ble_setup_() {
 bool ESP32BLE::ble_dismantle_() {
   esp_err_t err = esp_bluedroid_disable();
   if (err != ESP_OK) {
-    // ESP_ERR_INVALID_STATE means Bluedroid is already disabled, which is fine
-    if (err != ESP_ERR_INVALID_STATE) {
-      ESP_LOGE(TAG, "esp_bluedroid_disable failed: %d", err);
-      return false;
-    }
-    ESP_LOGD(TAG, "Already disabled");
+    ESP_LOGE(TAG, "esp_bluedroid_disable failed: %d", err);
+    return false;
   }
   err = esp_bluedroid_deinit();
   if (err != ESP_OK) {
-    // ESP_ERR_INVALID_STATE means Bluedroid is already deinitialized, which is fine
-    if (err != ESP_ERR_INVALID_STATE) {
-      ESP_LOGE(TAG, "esp_bluedroid_deinit failed: %d", err);
-      return false;
-    }
-    ESP_LOGD(TAG, "Already deinitialized");
+    ESP_LOGE(TAG, "esp_bluedroid_deinit failed: %d", err);
+    return false;
   }
 
 #ifndef CONFIG_ESP_HOSTED_ENABLE_BT_BLUEDROID

esphome/components/esp32_ble/ble.h

@@ -212,23 +212,17 @@ extern ESP32BLE *global_ble;
 
 template<typename... Ts> class BLEEnabledCondition : public Condition<Ts...> {
  public:
-  bool check(const Ts &...x) override { return global_ble != nullptr && global_ble->is_active(); }
+  bool check(const Ts &...x) override { return global_ble->is_active(); }
 };
 
 template<typename... Ts> class BLEEnableAction : public Action<Ts...> {
  public:
-  void play(const Ts &...x) override {
-    if (global_ble != nullptr)
-      global_ble->enable();
-  }
+  void play(const Ts &...x) override { global_ble->enable(); }
 };
 
 template<typename... Ts> class BLEDisableAction : public Action<Ts...> {
  public:
-  void play(const Ts &...x) override {
-    if (global_ble != nullptr)
-      global_ble->disable();
-  }
+  void play(const Ts &...x) override { global_ble->disable(); }
 };
 
 }  // namespace esphome::esp32_ble

esphome/components/esp32_ble_client/ble_client_base.cpp

@@ -524,10 +524,9 @@ void BLEClientBase::gap_event_handler(esp_gap_ble_cb_event_t event, esp_ble_gap_
     case ESP_GAP_BLE_AUTH_CMPL_EVT:
       if (!this->check_addr(param->ble_security.auth_cmpl.bd_addr))
         return;
-      esp_bd_addr_t bd_addr;
-      memcpy(bd_addr, param->ble_security.auth_cmpl.bd_addr, sizeof(esp_bd_addr_t));
-      ESP_LOGI(TAG, "[%d] [%s] auth complete addr: %s", this->connection_index_, this->address_str_,
-               format_hex(bd_addr, 6).c_str());
+      char addr_str[MAC_ADDR_STR_LEN];
+      format_mac_addr_upper(param->ble_security.auth_cmpl.bd_addr, addr_str);
+      ESP_LOGI(TAG, "[%d] [%s] auth complete addr: %s", this->connection_index_, this->address_str_, addr_str);
       if (!param->ble_security.auth_cmpl.success) {
         this->log_error_("auth fail reason", param->ble_security.auth_cmpl.fail_reason);
       } else {

esphome/components/esp32_ble_tracker/esp32_ble_tracker.cpp

@@ -185,10 +185,7 @@ void ESP32BLETracker::ble_before_disabled_event_handler() { this->stop_scan_();
 
 void ESP32BLETracker::stop_scan_() {
   if (this->scanner_state_ != ScannerState::RUNNING && this->scanner_state_ != ScannerState::FAILED) {
-    // If scanner is already idle, there's nothing to stop - this is not an error
-    if (this->scanner_state_ != ScannerState::IDLE) {
-      ESP_LOGE(TAG, "Cannot stop scan: %s", this->scanner_state_to_string_(this->scanner_state_));
-    }
+    ESP_LOGE(TAG, "Cannot stop scan: %s", this->scanner_state_to_string_(this->scanner_state_));
     return;
   }
   // Reset timeout state machine when stopping scan

esphome/components/esp32_camera/__init__.py

@@ -3,7 +3,7 @@ import logging
 from esphome import automation, pins
 import esphome.codegen as cg
 from esphome.components import i2c
-from esphome.components.esp32 import add_idf_component, add_idf_sdkconfig_option
+from esphome.components.esp32 import add_idf_component
 from esphome.components.psram import DOMAIN as psram_domain
 import esphome.config_validation as cv
 from esphome.const import (
@@ -352,8 +352,6 @@ async def to_code(config):
     cg.add_define("USE_CAMERA")
 
     add_idf_component(name="espressif/esp32-camera", ref="2.1.1")
-    add_idf_sdkconfig_option("CONFIG_SCCB_HARDWARE_I2C_DRIVER_NEW", True)
-    add_idf_sdkconfig_option("CONFIG_SCCB_HARDWARE_I2C_DRIVER_LEGACY", False)
 
     for conf in config.get(CONF_ON_STREAM_START, []):
         trigger = cg.new_Pvariable(conf[CONF_TRIGGER_ID], var)

esphome/components/ethernet/__init__.py

@@ -434,13 +434,10 @@ def _final_validate_rmii_pins(config: ConfigType) -> None:
 
     # Check all used pins against RMII reserved pins
     for pin_list in pins.PIN_SCHEMA_REGISTRY.pins_used.values():
-        for pin_path, pin_device, pin_config in pin_list:
+        for pin_path, _, pin_config in pin_list:
             pin_num = pin_config.get(CONF_NUMBER)
             if pin_num not in rmii_pins:
                 continue
-            # Skip if pin is not directly on ESP, but at some expander (device set to something else than 'None')
-            if pin_device is not None:
-                continue
             # Found a conflict - show helpful error message
             pin_function = rmii_pins[pin_num]
             component_path = ".".join(str(p) for p in pin_path)

esphome/components/hmac_md5/__init__.py

@@ -1,2 +1,6 @@
+import esphome.config_validation as cv
+
 AUTO_LOAD = ["md5"]
 CODEOWNERS = ["@dwmw2"]
+
+CONFIG_SCHEMA = cv.Schema({})

esphome/components/http_request/http_request.h

@@ -255,9 +255,6 @@ template<typename... Ts> class HttpRequestSendAction : public Action<Ts...> {
         size_t read_index = 0;
         while (container->get_bytes_read() < max_length) {
           int read = container->read(buf + read_index, std::min<size_t>(max_length - read_index, 512));
-          if (read <= 0) {
-            break;
-          }
           App.feed_wdt();
           yield();
           read_index += read;

esphome/components/http_request/ota/ota_http_request.cpp

@@ -132,18 +132,11 @@ uint8_t OtaHttpRequestComponent::do_ota_() {
     App.feed_wdt();
     yield();
 
-    // Exit loop if no data available (stream closed or end of data)
-    if (bufsize <= 0) {
-      if (bufsize < 0) {
-        ESP_LOGE(TAG, "Stream closed with error");
-        this->cleanup_(std::move(backend), container);
-        return OTA_CONNECTION_ERROR;
-      }
-      // bufsize == 0: no more data available, exit loop
-      break;
-    }
-
-    if (bufsize <= OtaHttpRequestComponent::HTTP_RECV_BUFFER) {
+    if (bufsize < 0) {
+      ESP_LOGE(TAG, "Stream closed");
+      this->cleanup_(std::move(backend), container);
+      return OTA_CONNECTION_ERROR;
+    } else if (bufsize > 0 && bufsize <= OtaHttpRequestComponent::HTTP_RECV_BUFFER) {
       // add read bytes to MD5
       md5_receive.add(buf, bufsize);
 
@@ -254,9 +247,6 @@ bool OtaHttpRequestComponent::http_get_md5_() {
   int read_len = 0;
   while (container->get_bytes_read() < MD5_SIZE) {
     read_len = container->read((uint8_t *) this->md5_expected_.data(), MD5_SIZE);
-    if (read_len <= 0) {
-      break;
-    }
     App.feed_wdt();
     yield();
   }

esphome/components/http_request/update/http_request_update.cpp

@@ -76,11 +76,6 @@ void HttpRequestUpdate::update_task(void *params) {
 
     yield();
 
-    if (read_bytes <= 0) {
-      // Network error or connection closed - break to avoid infinite loop
-      break;
-    }
-
     read_index += read_bytes;
   }
 

esphome/components/md5/__init__.py

@@ -1,7 +1,17 @@
 import esphome.codegen as cg
+from esphome.core import CORE
+from esphome.helpers import IS_MACOS
 
 CODEOWNERS = ["@esphome/core"]
 
 
 async def to_code(config):
     cg.add_define("USE_MD5")
+
+    # Add OpenSSL library for host platform
+    if CORE.is_host:
+        if IS_MACOS:
+            # macOS needs special handling for Homebrew OpenSSL
+            cg.add_build_flag("-I/opt/homebrew/opt/openssl/include")
+            cg.add_build_flag("-L/opt/homebrew/opt/openssl/lib")
+        cg.add_build_flag("-lcrypto")

esphome/components/md5/md5.cpp

@@ -39,6 +39,44 @@ void MD5Digest::add(const uint8_t *data, size_t len) { br_md5_update(&this->ctx_
 void MD5Digest::calculate() { br_md5_out(&this->ctx_, this->digest_); }
 #endif  // USE_RP2040
 
+#ifdef USE_HOST
+MD5Digest::~MD5Digest() {
+  if (this->ctx_) {
+    EVP_MD_CTX_free(this->ctx_);
+  }
+}
+
+void MD5Digest::init() {
+  if (this->ctx_) {
+    EVP_MD_CTX_free(this->ctx_);
+  }
+  this->ctx_ = EVP_MD_CTX_new();
+  EVP_DigestInit_ex(this->ctx_, EVP_md5(), nullptr);
+  this->calculated_ = false;
+  memset(this->digest_, 0, 16);
+}
+
+void MD5Digest::add(const uint8_t *data, size_t len) {
+  if (!this->ctx_) {
+    this->init();
+  }
+  EVP_DigestUpdate(this->ctx_, data, len);
+}
+
+void MD5Digest::calculate() {
+  if (!this->ctx_) {
+    this->init();
+  }
+  if (!this->calculated_) {
+    unsigned int len = 16;
+    EVP_DigestFinal_ex(this->ctx_, this->digest_, &len);
+    this->calculated_ = true;
+  }
+}
+#else
+MD5Digest::~MD5Digest() = default;
+#endif  // USE_HOST
+
 }  // namespace md5
 }  // namespace esphome
 #endif

esphome/components/md5/md5.h

@@ -5,6 +5,10 @@
 
 #include "esphome/core/hash_base.h"
 
+#ifdef USE_HOST
+#include <openssl/evp.h>
+#endif
+
 #ifdef USE_ESP32
 #include "esp_rom_md5.h"
 #define MD5_CTX_TYPE md5_context_t
@@ -31,7 +35,7 @@ namespace md5 {
 class MD5Digest : public HashBase {
  public:
   MD5Digest() = default;
-  ~MD5Digest() override = default;
+  ~MD5Digest() override;
 
   /// Initialize a new MD5 digest computation.
   void init() override;
@@ -47,7 +51,12 @@ class MD5Digest : public HashBase {
   size_t get_size() const override { return 16; }
 
  protected:
+#ifdef USE_HOST
+  EVP_MD_CTX *ctx_{nullptr};
+  bool calculated_{false};
+#else
   MD5_CTX_TYPE ctx_{};
+#endif
 };
 
 }  // namespace md5

esphome/components/pm1006/sensor.py

@@ -7,10 +7,10 @@ from esphome.const import (
     CONF_UPDATE_INTERVAL,
     DEVICE_CLASS_PM25,
     ICON_BLUR,
-    SCHEDULER_DONT_RUN,
     STATE_CLASS_MEASUREMENT,
     UNIT_MICROGRAMS_PER_CUBIC_METER,
 )
+from esphome.core import TimePeriodMilliseconds
 
 CODEOWNERS = ["@habbie"]
 DEPENDENCIES = ["uart"]
@@ -41,12 +41,16 @@ CONFIG_SCHEMA = cv.All(
 
 
 def validate_interval_uart(config):
+    require_tx = False
+
     interval = config.get(CONF_UPDATE_INTERVAL)
+
+    if isinstance(interval, TimePeriodMilliseconds):
+        # 'never' is encoded as a very large int, not as a TimePeriodMilliseconds objects
+        require_tx = True
+
     uart.final_validate_device_schema(
-        "pm1006",
-        baud_rate=9600,
-        require_rx=True,
-        require_tx=interval.total_milliseconds != SCHEDULER_DONT_RUN,
+        "pm1006", baud_rate=9600, require_rx=True, require_tx=require_tx
     )(config)
 
 

esphome/components/remote_base/abbwelcome_protocol.h

@@ -232,10 +232,10 @@ template<typename... Ts> class ABBWelcomeAction : public RemoteTransmitterAction
     data.set_message_id(this->message_id_.value(x...));
     data.auto_message_id = this->auto_message_id_.value(x...);
     std::vector<uint8_t> data_vec;
-    if (this->len_ > 0) {
+    if (this->len_ >= 0) {
       // Static mode: copy from flash to vector
       data_vec.assign(this->data_.data, this->data_.data + this->len_);
-    } else if (this->len_ < 0) {
+    } else {
       // Template mode: call function
       data_vec = this->data_.func(x...);
     }
@@ -245,7 +245,7 @@ template<typename... Ts> class ABBWelcomeAction : public RemoteTransmitterAction
   }
 
  protected:
-  ssize_t len_{0};  // <0 = template mode, >=0 = static mode with length
+  ssize_t len_{-1};  // -1 = template mode, >=0 = static mode with length
   union Data {
     std::vector<uint8_t> (*func)(Ts...);  // Function pointer (stateless lambdas)
     const uint8_t *data;                  // Pointer to static data in flash

esphome/components/sha256/__init__.py

@@ -12,6 +12,8 @@ CONFIG_SCHEMA = cv.Schema({})
 
 
 async def to_code(config: ConfigType) -> None:
+    cg.add_define("USE_SHA256")
+
     # Add OpenSSL library for host platform
     if not CORE.is_host:
         return

esphome/components/socket/lwip_raw_tcp_impl.cpp

@@ -188,7 +188,7 @@ class LWIPRawImpl : public Socket {
       errno = EINVAL;
       return -1;
     }
-    return this->ip2sockaddr_(&pcb_->remote_ip, pcb_->remote_port, name, addrlen);
+    return this->ip2sockaddr_(&pcb_->local_ip, pcb_->local_port, name, addrlen);
   }
   std::string getpeername() override {
     if (pcb_ == nullptr) {

esphome/components/template/alarm_control_panel/template_alarm_control_panel.h

@@ -39,7 +39,6 @@ enum TemplateAlarmControlPanelRestoreMode {
   ALARM_CONTROL_PANEL_RESTORE_DEFAULT_DISARMED,
 };
 
-#ifdef USE_BINARY_SENSOR
 struct SensorDataStore {
   bool last_chime_state;
 };
@@ -50,6 +49,7 @@ struct SensorInfo {
   uint8_t store_index;
 };
 
+#ifdef USE_BINARY_SENSOR
 struct AlarmSensor {
   binary_sensor::BinarySensor *sensor;
   SensorInfo info;
@@ -139,9 +139,6 @@ class TemplateAlarmControlPanel final : public alarm_control_panel::AlarmControl
   FixedVector<AlarmSensor> sensors_;
   // a list of automatically bypassed sensors
   std::vector<uint8_t> bypassed_sensor_indicies_;
-  // Per sensor data store
-  std::vector<SensorDataStore> sensor_data_;
-  uint8_t next_store_index_ = 0;
 #endif
   TemplateAlarmControlPanelRestoreMode restore_mode_{};
 
@@ -157,11 +154,14 @@ class TemplateAlarmControlPanel final : public alarm_control_panel::AlarmControl
   uint32_t trigger_time_;
   // a list of codes
   std::vector<std::string> codes_;
+  // Per sensor data store
+  std::vector<SensorDataStore> sensor_data_;
   // requires a code to arm
   bool requires_code_to_arm_ = false;
   bool supports_arm_home_ = false;
   bool supports_arm_night_ = false;
   bool sensors_ready_ = false;
+  uint8_t next_store_index_ = 0;
   // check if the code is valid
   bool is_code_valid_(optional<std::string> code);
 

esphome/components/uart/uart_component_esp_idf.cpp

@@ -9,7 +9,6 @@
 #include "esphome/core/gpio.h"
 #include "driver/gpio.h"
 #include "soc/gpio_num.h"
-#include "soc/uart_pins.h"
 
 #ifdef USE_LOGGER
 #include "esphome/components/logger/logger.h"
@@ -140,22 +139,6 @@ void IDFUARTComponent::load_settings(bool dump_config) {
     return;
   }
 
-  int8_t tx = this->tx_pin_ != nullptr ? this->tx_pin_->get_pin() : -1;
-  int8_t rx = this->rx_pin_ != nullptr ? this->rx_pin_->get_pin() : -1;
-  int8_t flow_control = this->flow_control_pin_ != nullptr ? this->flow_control_pin_->get_pin() : -1;
-
-  // Workaround for ESP-IDF issue: https://github.com/espressif/esp-idf/issues/17459
-  // Commit 9ed617fb17 removed gpio_func_sel() calls from uart_set_pin(), which breaks
-  // UART on default UART0 pins that may have residual state from boot console.
-  // Reset these pins before configuring UART to ensure they're in a clean state.
-  if (tx == U0TXD_GPIO_NUM || tx == U0RXD_GPIO_NUM) {
-    gpio_reset_pin(static_cast<gpio_num_t>(tx));
-  }
-  if (rx == U0TXD_GPIO_NUM || rx == U0RXD_GPIO_NUM) {
-    gpio_reset_pin(static_cast<gpio_num_t>(rx));
-  }
-
-  // Setup pins after reset to preserve open drain/pullup/pulldown flags
   auto setup_pin_if_needed = [](InternalGPIOPin *pin) {
     if (!pin) {
       return;
@@ -171,6 +154,10 @@ void IDFUARTComponent::load_settings(bool dump_config) {
     setup_pin_if_needed(this->tx_pin_);
   }
 
+  int8_t tx = this->tx_pin_ != nullptr ? this->tx_pin_->get_pin() : -1;
+  int8_t rx = this->rx_pin_ != nullptr ? this->rx_pin_->get_pin() : -1;
+  int8_t flow_control = this->flow_control_pin_ != nullptr ? this->flow_control_pin_->get_pin() : -1;
+
   uint32_t invert = 0;
   if (this->tx_pin_ != nullptr && this->tx_pin_->is_inverted()) {
     invert |= UART_SIGNAL_TXD_INV;

esphome/components/web_server_idf/web_server_idf.cpp

@@ -117,6 +117,18 @@ void AsyncWebServer::end() {
   }
 }
 
+void AsyncWebServer::set_lru_purge_enable(bool enable) {
+  if (this->lru_purge_enable_ == enable) {
+    return;  // No change needed
+  }
+  this->lru_purge_enable_ = enable;
+  // If server is already running, restart it with new config
+  if (this->server_) {
+    this->end();
+    this->begin();
+  }
+}
+
 void AsyncWebServer::begin() {
   if (this->server_) {
     this->end();
@@ -124,11 +136,8 @@ void AsyncWebServer::begin() {
   httpd_config_t config = HTTPD_DEFAULT_CONFIG();
   config.server_port = this->port_;
   config.uri_match_fn = [](const char * /*unused*/, const char * /*unused*/, size_t /*unused*/) { return true; };
-  // Always enable LRU purging to handle socket exhaustion gracefully.
-  // When max sockets is reached, the oldest connection is closed to make room for new ones.
-  // This prevents "httpd_accept_conn: error in accept (23)" errors.
-  // See: https://github.com/esphome/esphome/issues/12464
-  config.lru_purge_enable = true;
+  // Enable LRU purging if requested (e.g., by captive portal to handle probe bursts)
+  config.lru_purge_enable = this->lru_purge_enable_;
   // Use custom close function that shuts down before closing to prevent lwIP race conditions
   config.close_fn = AsyncWebServer::safe_close_with_shutdown;
   if (httpd_start(&this->server_, &config) == ESP_OK) {

esphome/components/web_server_idf/web_server_idf.h

@@ -199,11 +199,13 @@ class AsyncWebServer {
     return *handler;
   }
 
+  void set_lru_purge_enable(bool enable);
   httpd_handle_t get_server() { return this->server_; }
 
  protected:
   uint16_t port_{};
   httpd_handle_t server_{};
+  bool lru_purge_enable_{false};
   static esp_err_t request_handler(httpd_req_t *r);
   static esp_err_t request_post_handler(httpd_req_t *r);
   esp_err_t request_handler_(AsyncWebServerRequest *request) const;

esphome/components/wifi_signal/wifi_signal_sensor.h

@@ -16,12 +16,7 @@ class WiFiSignalSensor : public sensor::Sensor, public PollingComponent {
 #ifdef USE_WIFI_LISTENERS
   void setup() override { wifi::global_wifi_component->add_connect_state_listener(this); }
 #endif
-  void update() override {
-    int8_t rssi = wifi::global_wifi_component->wifi_rssi();
-    if (rssi != wifi::WIFI_RSSI_DISCONNECTED) {
-      this->publish_state(rssi);
-    }
-  }
+  void update() override { this->publish_state(wifi::global_wifi_component->wifi_rssi()); }
   void dump_config() override;
 
   float get_setup_priority() const override { return setup_priority::AFTER_WIFI; }

esphome/const.py

@@ -4,7 +4,7 @@ from enum import Enum
 
 from esphome.enum import StrEnum
 
-__version__ = "2025.12.1"
+__version__ = "2026.1.0-dev"
 
 ALLOWED_NAME_CHARS = "abcdefghijklmnopqrstuvwxyz0123456789-_"
 VALID_SUBSTITUTIONS_CHARACTERS = (

esphome/core/defines.h

@@ -28,6 +28,7 @@
 #define USE_BUTTON
 #define USE_CAMERA
 #define USE_CLIMATE
+#define USE_CLIMATE_VISUAL_OVERRIDES
 #define USE_CONTROLLER_REGISTRY
 #define USE_COVER
 #define USE_DATETIME

esphome/core/helpers.cpp

@@ -266,19 +266,12 @@ std::string make_name_with_suffix(const std::string &name, char sep, const char
 // Parsing & formatting
 
 size_t parse_hex(const char *str, size_t length, uint8_t *data, size_t count) {
-  uint8_t val;
   size_t chars = std::min(length, 2 * count);
   for (size_t i = 2 * count - chars; i < 2 * count; i++, str++) {
-    if (*str >= '0' && *str <= '9') {
-      val = *str - '0';
-    } else if (*str >= 'A' && *str <= 'F') {
-      val = 10 + (*str - 'A');
-    } else if (*str >= 'a' && *str <= 'f') {
-      val = 10 + (*str - 'a');
-    } else {
+    uint8_t val = parse_hex_char(*str);
+    if (val > 15)
       return 0;
-    }
-    data[i >> 1] = !(i & 1) ? val << 4 : data[i >> 1] | val;
+    data[i >> 1] = (i & 1) ? data[i >> 1] | val : val << 4;
   }
   return chars;
 }

esphome/core/helpers.h

@@ -624,6 +624,17 @@ template<typename T, enable_if_t<std::is_unsigned<T>::value, int> = 0> optional<
   return parse_hex<T>(str.c_str(), str.length());
 }
 
+/// Parse a hex character to its nibble value (0-15), returns 255 on invalid input
+constexpr uint8_t parse_hex_char(char c) {
+  if (c >= '0' && c <= '9')
+    return c - '0';
+  if (c >= 'A' && c <= 'F')
+    return c - 'A' + 10;
+  if (c >= 'a' && c <= 'f')
+    return c - 'a' + 10;
+  return 255;
+}
+
 /// Convert a nibble (0-15) to lowercase hex char
 inline char format_hex_char(uint8_t v) { return v >= 10 ? 'a' + (v - 10) : '0' + v; }
 

esphome/core/progmem.h

@@ -1,16 +1,16 @@
 #pragma once
 
 // Platform-agnostic macros for PROGMEM string handling
+// On ESP32 (both Arduino and IDF): Use plain strings (no PROGMEM)
 // On ESP8266/Arduino: Use Arduino's F() macro for PROGMEM strings
-// On other platforms: Use plain strings (no PROGMEM)
 
-#ifdef USE_ESP8266
-// ESP8266 uses Arduino macros
-#define ESPHOME_F(string_literal) F(string_literal)
-#define ESPHOME_PGM_P PGM_P
-#define ESPHOME_strncpy_P strncpy_P
-#else
+#ifdef USE_ESP32
 #define ESPHOME_F(string_literal) (string_literal)
 #define ESPHOME_PGM_P const char *
 #define ESPHOME_strncpy_P strncpy
+#else
+// ESP8266 and other Arduino platforms use Arduino macros
+#define ESPHOME_F(string_literal) F(string_literal)
+#define ESPHOME_PGM_P PGM_P
+#define ESPHOME_strncpy_P strncpy_P
 #endif

esphome/dashboard/web_server.py

@@ -164,24 +164,8 @@ def websocket_method(name):
     return wrap
 
 
-class CheckOriginMixin:
-    """Mixin to handle WebSocket origin checks for reverse proxy setups."""
-
-    def check_origin(self, origin: str) -> bool:
-        if "ESPHOME_TRUSTED_DOMAINS" not in os.environ:
-            return super().check_origin(origin)
-        trusted_domains = [
-            s.strip() for s in os.environ["ESPHOME_TRUSTED_DOMAINS"].split(",")
-        ]
-        url = urlparse(origin)
-        if url.hostname in trusted_domains:
-            return True
-        _LOGGER.info("check_origin %s, domain is not trusted", origin)
-        return False
-
-
 @websocket_class
-class EsphomeCommandWebSocket(CheckOriginMixin, tornado.websocket.WebSocketHandler):
+class EsphomeCommandWebSocket(tornado.websocket.WebSocketHandler):
     """Base class for ESPHome websocket commands."""
 
     def __init__(
@@ -199,6 +183,18 @@ class EsphomeCommandWebSocket(CheckOriginMixin, tornado.websocket.WebSocketHandl
         # use Popen() with a reading thread instead
         self._use_popen = os.name == "nt"
 
+    def check_origin(self, origin):
+        if "ESPHOME_TRUSTED_DOMAINS" not in os.environ:
+            return super().check_origin(origin)
+        trusted_domains = [
+            s.strip() for s in os.environ["ESPHOME_TRUSTED_DOMAINS"].split(",")
+        ]
+        url = urlparse(origin)
+        if url.hostname in trusted_domains:
+            return True
+        _LOGGER.info("check_origin %s, domain is not trusted", origin)
+        return False
+
     def open(self, *args: str, **kwargs: str) -> None:
         """Handle new WebSocket connection."""
         # Ensure messages from the subprocess are sent immediately
@@ -605,7 +601,7 @@ DASHBOARD_SUBSCRIBER = DashboardSubscriber()
 
 
 @websocket_class
-class DashboardEventsWebSocket(CheckOriginMixin, tornado.websocket.WebSocketHandler):
+class DashboardEventsWebSocket(tornado.websocket.WebSocketHandler):
     """WebSocket handler for real-time dashboard events."""
 
     _event_listeners: list[Callable[[], None]] | None = None

requirements.txt

@@ -4,7 +4,7 @@ PyYAML==6.0.3
 paho-mqtt==1.6.1
 colorama==0.4.6
 icmplib==3.0.4
-tornado==6.5.2
+tornado==6.5.3
 tzlocal==5.3.1    # from time
 tzdata>=2021.1  # from time
 pyserial==3.5

requirements_test.txt

@@ -1,6 +1,6 @@
 pylint==4.0.4
 flake8==7.3.0  # also change in .pre-commit-config.yaml when updating
-ruff==0.14.8  # also change in .pre-commit-config.yaml when updating
+ruff==0.14.9  # also change in .pre-commit-config.yaml when updating
 pyupgrade==3.21.2  # also change in .pre-commit-config.yaml when updating
 pre-commit
 

tests/components/ethernet/test-lan8720-with-expander.esp32-idf.yaml

@@ -1,15 +0,0 @@
-<<: !include common-lan8720.yaml
-
-sn74hc165:
-  - id: sn74hc165_hub
-    clock_pin: GPIO13
-    data_pin: GPIO14
-    load_pin: GPIO15
-    sr_count: 3
-
-binary_sensor:
-  - platform: gpio
-    pin:
-      sn74hc165: sn74hc165_hub
-      number: 19
-    id: relay_2

tests/components/hmac_md5/common.yaml

@@ -0,0 +1,34 @@
+esphome:
+  on_boot:
+    - lambda: |-
+        // Test HMAC-MD5 functionality
+        #ifdef USE_MD5
+        using esphome::hmac_md5::HmacMD5;
+        HmacMD5 hmac;
+
+        // Test with key "key" and message "The quick brown fox jumps over the lazy dog"
+        const char* key = "key";
+        const char* message = "The quick brown fox jumps over the lazy dog";
+
+        hmac.init(key, strlen(key));
+        hmac.add(message, strlen(message));
+        hmac.calculate();
+
+        char hex_output[33];
+        hmac.get_hex(hex_output);
+        hex_output[32] = '\0';
+
+        ESP_LOGD("HMAC_MD5", "HMAC-MD5('%s', '%s') = %s", key, message, hex_output);
+
+        // Expected: 80070713463e7749b90c2dc24911e275
+        const char* expected = "80070713463e7749b90c2dc24911e275";
+        if (strcmp(hex_output, expected) == 0) {
+          ESP_LOGI("HMAC_MD5", "Test PASSED");
+        } else {
+          ESP_LOGE("HMAC_MD5", "Test FAILED. Expected %s", expected);
+        }
+        #else
+        ESP_LOGW("HMAC_MD5", "HMAC-MD5 not available on this platform");
+        #endif
+
+hmac_md5:

tests/components/hmac_md5/test.bk72xx-ard.yaml

@@ -0,0 +1 @@
+<<: !include common.yaml

tests/components/hmac_md5/test.esp32-idf.yaml

@@ -0,0 +1 @@
+<<: !include common.yaml

tests/components/hmac_md5/test.esp8266-ard.yaml

@@ -0,0 +1 @@
+<<: !include common.yaml

tests/components/hmac_md5/test.host.yaml

@@ -0,0 +1 @@
+<<: !include common.yaml

tests/components/hmac_md5/test.rp2040-ard.yaml

@@ -0,0 +1 @@
+<<: !include common.yaml

tests/dashboard/test_web_server.py

@@ -1567,90 +1567,3 @@ async def test_dashboard_yaml_loading_with_packages_and_secrets(
     # If we get here, secret resolution worked!
     assert "esphome" in config
     assert config["esphome"]["name"] == "test-download-secrets"
-
-
-@pytest.mark.asyncio
-async def test_websocket_check_origin_default_same_origin(
-    dashboard: DashboardTestHelper,
-) -> None:
-    """Test WebSocket uses default same-origin check when ESPHOME_TRUSTED_DOMAINS not set."""
-    # Ensure ESPHOME_TRUSTED_DOMAINS is not set
-    env = os.environ.copy()
-    env.pop("ESPHOME_TRUSTED_DOMAINS", None)
-    with patch.dict(os.environ, env, clear=True):
-        from tornado.httpclient import HTTPRequest
-
-        url = f"ws://127.0.0.1:{dashboard.port}/events"
-        # Same origin should work (default Tornado behavior)
-        request = HTTPRequest(
-            url, headers={"Origin": f"http://127.0.0.1:{dashboard.port}"}
-        )
-        ws = await websocket_connect(request)
-        try:
-            msg = await ws.read_message()
-            assert msg is not None
-            data = json.loads(msg)
-            assert data["event"] == "initial_state"
-        finally:
-            ws.close()
-
-
-@pytest.mark.asyncio
-async def test_websocket_check_origin_trusted_domain(
-    dashboard: DashboardTestHelper,
-) -> None:
-    """Test WebSocket accepts connections from trusted domains."""
-    with patch.dict(os.environ, {"ESPHOME_TRUSTED_DOMAINS": "trusted.example.com"}):
-        from tornado.httpclient import HTTPRequest
-
-        url = f"ws://127.0.0.1:{dashboard.port}/events"
-        request = HTTPRequest(url, headers={"Origin": "https://trusted.example.com"})
-        ws = await websocket_connect(request)
-        try:
-            # Should receive initial state
-            msg = await ws.read_message()
-            assert msg is not None
-            data = json.loads(msg)
-            assert data["event"] == "initial_state"
-        finally:
-            ws.close()
-
-
-@pytest.mark.asyncio
-async def test_websocket_check_origin_untrusted_domain(
-    dashboard: DashboardTestHelper,
-) -> None:
-    """Test WebSocket rejects connections from untrusted domains."""
-    with patch.dict(os.environ, {"ESPHOME_TRUSTED_DOMAINS": "trusted.example.com"}):
-        from tornado.httpclient import HTTPRequest
-
-        url = f"ws://127.0.0.1:{dashboard.port}/events"
-        request = HTTPRequest(url, headers={"Origin": "https://untrusted.example.com"})
-        with pytest.raises(HTTPClientError) as exc_info:
-            await websocket_connect(request)
-        # Should get HTTP 403 Forbidden due to origin check failure
-        assert exc_info.value.code == 403
-
-
-@pytest.mark.asyncio
-async def test_websocket_check_origin_multiple_trusted_domains(
-    dashboard: DashboardTestHelper,
-) -> None:
-    """Test WebSocket accepts connections from multiple trusted domains."""
-    with patch.dict(
-        os.environ,
-        {"ESPHOME_TRUSTED_DOMAINS": "first.example.com, second.example.com"},
-    ):
-        from tornado.httpclient import HTTPRequest
-
-        url = f"ws://127.0.0.1:{dashboard.port}/events"
-        # Test second domain in list (with space after comma)
-        request = HTTPRequest(url, headers={"Origin": "https://second.example.com"})
-        ws = await websocket_connect(request)
-        try:
-            msg = await ws.read_message()
-            assert msg is not None
-            data = json.loads(msg)
-            assert data["event"] == "initial_state"
-        finally:
-            ws.close()

tests/integration/fixtures/text_command.yaml

@@ -0,0 +1,37 @@
+esphome:
+  name: host-text-command-test
+
+host:
+
+api:
+  batch_delay: 0ms
+
+logger:
+
+text:
+  - platform: template
+    name: "Test Text"
+    id: test_text
+    optimistic: true
+    min_length: 0
+    max_length: 255
+    mode: text
+    initial_value: "initial"
+
+  - platform: template
+    name: "Test Password"
+    id: test_password
+    optimistic: true
+    min_length: 4
+    max_length: 32
+    mode: password
+    initial_value: "secret"
+
+  - platform: template
+    name: "Test Text Long"
+    id: test_text_long
+    optimistic: true
+    min_length: 0
+    max_length: 255
+    mode: text
+    initial_value: ""

tests/integration/test_text_command.py

@@ -0,0 +1,126 @@
+"""Integration test for text command zero-copy optimization.
+
+Tests that TextCommandRequest correctly handles the pointer_to_buffer
+optimization for the state field, ensuring text values are properly
+transmitted via the API.
+"""
+
+from __future__ import annotations
+
+import asyncio
+from typing import Any
+
+from aioesphomeapi import TextInfo, TextState
+import pytest
+
+from .state_utils import InitialStateHelper, require_entity
+from .types import APIClientConnectedFactory, RunCompiledFunction
+
+
+@pytest.mark.asyncio
+async def test_text_command(
+    yaml_config: str,
+    run_compiled: RunCompiledFunction,
+    api_client_connected: APIClientConnectedFactory,
+) -> None:
+    """Test text command with various string values including edge cases."""
+    loop = asyncio.get_running_loop()
+    async with run_compiled(yaml_config), api_client_connected() as client:
+        # Verify we can get device info
+        device_info = await client.device_info()
+        assert device_info is not None
+        assert device_info.name == "host-text-command-test"
+
+        # Get list of entities
+        entities, _ = await client.list_entities_services()
+
+        # Find our text entities using require_entity
+        test_text = require_entity(entities, "test_text", TextInfo, "Test Text entity")
+        test_password = require_entity(
+            entities, "test_password", TextInfo, "Test Password entity"
+        )
+        test_text_long = require_entity(
+            entities, "test_text_long", TextInfo, "Test Text Long entity"
+        )
+
+        # Track state changes
+        states: dict[int, Any] = {}
+        state_futures: dict[int, asyncio.Future[Any]] = {}
+
+        def on_state(state: Any) -> None:
+            states[state.key] = state
+            if state.key in state_futures and not state_futures[state.key].done():
+                state_futures[state.key].set_result(state)
+
+        # Set up InitialStateHelper to swallow initial state broadcasts
+        initial_state_helper = InitialStateHelper(entities)
+        client.subscribe_states(initial_state_helper.on_state_wrapper(on_state))
+
+        # Wait for all initial states to be received
+        try:
+            await initial_state_helper.wait_for_initial_states()
+        except TimeoutError:
+            pytest.fail("Timeout waiting for initial states")
+
+        # Verify initial states were received
+        assert test_text.key in initial_state_helper.initial_states
+        initial_text_state = initial_state_helper.initial_states[test_text.key]
+        assert isinstance(initial_text_state, TextState)
+        assert initial_text_state.state == "initial"
+
+        async def wait_for_state_change(key: int, timeout: float = 2.0) -> Any:
+            """Wait for a state change for the given entity key."""
+            state_futures[key] = loop.create_future()
+            try:
+                return await asyncio.wait_for(state_futures[key], timeout)
+            finally:
+                state_futures.pop(key, None)
+
+        # Test 1: Simple text value
+        client.text_command(key=test_text.key, state="hello world")
+        state = await wait_for_state_change(test_text.key)
+        assert state.state == "hello world"
+
+        # Test 2: Empty string (edge case for zero-copy)
+        client.text_command(key=test_text.key, state="")
+        state = await wait_for_state_change(test_text.key)
+        assert state.state == ""
+
+        # Test 3: Single character
+        client.text_command(key=test_text.key, state="x")
+        state = await wait_for_state_change(test_text.key)
+        assert state.state == "x"
+
+        # Test 4: String with special characters
+        client.text_command(key=test_text.key, state="hello\tworld\n!")
+        state = await wait_for_state_change(test_text.key)
+        assert state.state == "hello\tworld\n!"
+
+        # Test 5: Unicode characters
+        client.text_command(key=test_text.key, state="hello 世界 🌍")
+        state = await wait_for_state_change(test_text.key)
+        assert state.state == "hello 世界 🌍"
+
+        # Test 6: Long string (tests buffer handling)
+        long_text = "a" * 200
+        client.text_command(key=test_text_long.key, state=long_text)
+        state = await wait_for_state_change(test_text_long.key)
+        assert state.state == long_text
+        assert len(state.state) == 200
+
+        # Test 7: Password field (same mechanism, different mode)
+        client.text_command(key=test_password.key, state="newpassword123")
+        state = await wait_for_state_change(test_password.key)
+        assert state.state == "newpassword123"
+
+        # Test 8: String with null bytes embedded (edge case)
+        # Note: protobuf strings should handle this but it's good to verify
+        client.text_command(key=test_text.key, state="before\x00after")
+        state = await wait_for_state_change(test_text.key)
+        assert state.state == "before\x00after"
+
+        # Test 9: Rapid successive commands (tests buffer reuse)
+        for i in range(5):
+            client.text_command(key=test_text.key, state=f"rapid_{i}")
+            state = await wait_for_state_change(test_text.key)
+            assert state.state == f"rapid_{i}"