Update dependency esphome to v2025 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
esphome	==2024.10.3 -> ==2025.8.1

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

GitHub Vulnerability Alerts

CVE-2025-57808

Summary

On the ESP-IDF platform, ESPHome's web_server authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correct value (e.g., correct username with partial password). This allows access to web_server functionality (including OTA, if enabled) without knowing any information about the correct username or password.

Details

The HTTP basic auth check in web_server_idf's AsyncWebServerRequest::authenticate only compares up to auth.value().size() - auth_prefix_len bytes of the base64-encoded user:pass string. This means a client-provided valuer like dXNlcjpz (user:s) will pass the check when the correct value is much longer, e.g., dXNlcjpzb21lcmVhbGx5bG9uZ3Bhc3M= (user:somereallylongpass).

Furthermore, the check will also pass when the supplied value is the empty string, which removes the need to know (or brute force) the username. A browser won't generally issue such a request, but it can easily be done by manually constructing the Authorizaztion request header (e.g., via curl).

PoC

Configure ESPHome as follows:

esp32:
  board: ...
  framework:
    type: esp-idf
web_server:
  auth:
    username: user
    password: somereallylongpass

In a browser, you can correctly log in by supplying username user and password somereallylongpass... but you can also incorrectly log in by supplying substrings of the password whose base64-encoded digest matches a prefix of the correct digest. (For example, I was able to log into an ESPHome device so configured by supplying password some... or even just s.)

You can also use a tool like curl to manually set an Authorization request header that always passes the check without any knowledge of the username:

$ curl -D- http://example.local/
HTTP/1.1 401 Unauthorized
...

$ curl -D- -H 'Authorization: Basic ' http://example.local/
HTTP/1.1 200 OK
...

Impact

This vulnerability effectively nullifies basic auth support for the ESP-IDF web_server, allowing auth bypass from another device on the local network with no knowledge of the correct username or password required.

Remediation

This vulnerability is fixed in 2025.8.1 and later.

For older versions, disabling the web_server component on ESP-IDF devices may be prudent, particularly if OTA updates through web_server are enabled.

---

Release Notes

esphome/esphome (esphome)

v2025.8.1

Compare Source

• [api] Add zero-copy StringRef methods for compilation_time and effect_name esphome#10257 by @​bdraco
• [esp32_ble_client] Add log helper functions to reduce flash usage by 120 bytes esphome#10243 by @​bdraco
• [api] Add USE_API_HOMEASSISTANT_SERVICES if using tag_scanned action esphome#10316 by @​jesserockz
• [http_request] Fix for host after ArduinoJson library bump esphome#10348 by @​clydebarrow
• [core] Improve error reporting for entity name conflicts with non-ASCII characters esphome#10329 by @​bdraco
• [pvvx_mithermometer] Fix race condition with BLE authentication esphome#10327 by @​bdraco
• [esp32_ble_client] Optimize BLE connection parameters for different connection types esphome#10356 by @​bdraco
• [esp32_ble] Increase GATT connection retry count to use full timeout window esphome#10376 by @​bdraco
• [script] Fix parallel mode scripts with delays cancelling each other esphome#10324 by @​bdraco
• [deep_sleep] Fix ESP32-C6 compilation error with gpio_deep_sleep_hold_en() esphome#10345 by @​bdraco
• [esp32_ble_client] Reduce log level for harmless BLE timeout race conditions esphome#10339 by @​bdraco
• [lvgl] Fix meter rotation esphome#10342 by @​clydebarrow
• [esp32_ble_tracker] Fix on_scan_end trigger compilation without USE_ESP32_BLE_DEVICE esphome#10399 by @​bdraco
• [test] Add integration test for light effect memory corruption fix esphome#10417 by @​bdraco
• [web_server] Use oi.esphome.io for css and js assets esphome#10296 by @​clydebarrow

v2025.8.0

Compare Source

Full list of changes

New Features

• [output] Add set_min_power & set_max_power actions for FloatOutput esphome#8934 by @​DjordjeMandic (new-feature)
• [nrf52] add adc esphome#9321 by @​tomaszduda23 (new-feature)
• [espnow] Basic communication between ESP32 devices esphome#9582 by @​nielsnl68 (new-component) (new-feature)
• [esp32] Add config option to execute from PSRAM esphome#9907 by @​clydebarrow (new-feature)
• [color][lvgl] Allow Color to be used for lv_color_t esphome#10016 by @​clydebarrow (new-feature)
• [esp32] Add framework migration warning for upcoming ESP-IDF default change esphome#10030 by @​bdraco (new-feature)
• Add CO5300 display support esphome#9739 by @​mschnaubelt (new-feature)
• [remote_transmitter] Add digital_write automation esphome#10069 by @​swoboda1337 (new-feature)
• Support multiple --device arguments for address fallback esphome#10003 by @​bdraco (new-feature)
• Add device class absolute_humidity to the absolute humidity component esphome#10100 by @​mbo18 (new-feature)
• [switch] Add switch.control automation action esphome#10105 by @​edwardtfn (new-feature)
• [switch] Add control() method to API esphome#10118 by @​edwardtfn (new-feature)
• [switch] Add trigger on_state esphome#10108 by @​edwardtfn (new-feature)
• [nrf52, zephyr_debug] add zephyr debug component esphome#8319 by @​tomaszduda23 (new-feature)
• [sensor] Extend timeout filter with option to return last value received esphome#10115 by @​kbx81 (new-feature)
• [substitutions] Add some safe built-in functions to jinja parsing esphome#10178 by @​jesserockz (new-feature)
• [ld2412] New component esphome#9075 by @​Rihan9 (new-component) (new-feature) (new-platform)
• [entity] Allow device_id to be blank on entities esphome#10217 by @​jesserockz (new-feature)

New Components

• [nrf52, core] nrf52 core based on zephyr esphome#7049 by @​tomaszduda23 (new-component)
• Add runtime_stats component for performance debugging and analysis esphome#9386 by @​bdraco (new-component)
• [mipi] Refactor constants and functions esphome#9853 by @​clydebarrow (new-component)
• [mipi_dsi] New display driver for P4 DSI esphome#9403 by @​clydebarrow (new-component) (new-platform)
• [espnow] Basic communication between ESP32 devices esphome#9582 by @​nielsnl68 (new-component) (new-feature)
• [ld2412] New component esphome#9075 by @​Rihan9 (new-component) (new-feature) (new-platform)

New Platforms

• [mipi_dsi] New display driver for P4 DSI esphome#9403 by @​clydebarrow (new-component) (new-platform)
• [ld2412] New component esphome#9075 by @​Rihan9 (new-component) (new-feature) (new-platform)

Breaking Changes

• Remove parsed advertisement support from bluetooth_proxy to save memory esphome#9489 by @​bdraco (breaking-change)
• Drop Python 3.10 support, require Python 3.11+ esphome#9522 by @​bdraco (breaking-change)
• Remove legacy unique_id field from entities esphome#9022 by @​bdraco (breaking-change)
• [api] Remove deprecated protobuf fields to reduce flash usage esphome#9679 by @​bdraco (breaking-change)
• [api] Add conditional compilation for Home Assistant state subscriptions esphome#9898 by @​bdraco (breaking-change)
• [api] Add conditional compilation for Home Assistant service subscriptions esphome#9900 by @​bdraco (breaking-change)
• [esp32_touch] Work around ESP-IDF v5.4 regression in touch_pad_read_filtered esphome#9957 by @​bdraco (breaking-change)
• [ld2410] Replace throttle with native filters esphome#10019 by @​kbx81 (breaking-change)
• [esp32_ble] Conditionally compile BLE advertising to reduce flash usage esphome#10099 by @​bdraco (breaking-change)
• [esp32_ble_client] Conditionally compile BLE service classes to reduce flash usage esphome#10114 by @​bdraco (breaking-change)
• [bluetooth_proxy] Remove V1 connection support esphome#10107 by @​bdraco (breaking-change)
• [esp32] Add IDF log_level option esphome#10134 by @​swoboda1337 (breaking-change)
• [ld2450] Replace throttle with native filters esphome#10196 by @​kbx81 (breaking-change)

All changes

Show

• [web_server] fix Arudino typo esphome#9404 by @​ximex
• Speed up clang-tidy CI by 80%+ with incremental checking esphome#9396 by @​bdraco
• Fix PlatformIO cache in CI by adding platformio.ini hash to cache key esphome#9411 by @​bdraco
• Fix clang-tidy triggering full scan on Python-only core file changes esphome#9412 by @​bdraco
• Implement shared PlatformIO cache for integration tests esphome#9413 by @​bdraco
• Fix Python cache for all pytest CI jobs esphome#9415 by @​bdraco
• Fix Python cache key mismatch for all pytest jobs esphome#9417 by @​bdraco
• Adding support for Airthings Wave Gen2 esphome#8460 by @​precurse
• Fix Windows virtual environment activation in CI workflows esphome#9420 by @​bdraco
• Fix clang-tidy not finding changed files on squash-merge commits esphome#9421 by @​bdraco
• [config] Add bitrate validator esphome#9423 by @​clydebarrow
• [esp32] remove debug log esphome#9424 by @​ssieb
• CI: Centralize test determination logic to reduce unnecessary job runners esphome#9432 by @​bdraco
• Disable WiFi when using Ethernet to save memory esphome#9456 by @​bdraco
• Fix pre-commit CI failures by skipping local hooks that require virtual environment esphome#9476 by @​bdraco
• Fix clang-tidy skipping when Python linters are skipped esphome#9463 by @​bdraco
• Refactor format_hex_pretty functions to eliminate code duplication esphome#9480 by @​bdraco
• Fix pre-commit CI issues by switching to lite mode esphome#9484 by @​bdraco
• Refactor WebServer request handling for improved maintainability esphome#9470 by @​bdraco
• Fix WebServer routes constant naming convention esphome#9497 by @​bdraco
• Remove redundant pyupgrade CI job (follow-up to #​9484) esphome#9493 by @​bdraco
• Add pre-commit hooks to fix common formatting issues causing CI failures esphome#9494 by @​bdraco
• Remove yamllint job from CI since its now handled by pre-commit job esphome#9500 by @​bdraco
• Fix blocked CI cancellation caused by always() in clang-tidy workflow esphome#9503 by @​bdraco
• Include entire platformio.ini in clang-tidy hash calculation esphome#9509 by @​bdraco
• Enable issue tracking esphome#9515 by @​jesserockz
• [repo] Fix issue template config.yml esphome#9516 by @​jesserockz
• [ms8607] Fix humidity calc esphome#9499 by @​LorbusChris
• [nrf52, core] nrf52 core based on zephyr esphome#7049 by @​tomaszduda23 (new-component)
• remove duplication from component_iterator esphome#7210 by @​tomaszduda23
• [adc] Use new library with ESP-IDF v5 esphome#9021 by @​edwardtfn
• [mipi_spi] Template code, partial buffer support esphome#9314 by @​clydebarrow
• Remove dead code: 64-bit protobuf types never used in 7 years esphome#9471 by @​bdraco
• Add runtime_stats component for performance debugging and analysis esphome#9386 by @​bdraco (new-component)
• Make API ConnectRequest optional for passwordless connections esphome#9445 by @​bdraco
• Improve API protobuf decode method readability and reduce code size esphome#9455 by @​bdraco
• Reduce API component flash usage by consolidating error logging esphome#9468 by @​bdraco
• Remove parsed advertisement support from bluetooth_proxy to save memory esphome#9489 by @​bdraco (breaking-change)
• Drop Python 3.10 support, require Python 3.11+ esphome#9522 by @​bdraco (breaking-change)
• Optimize MedianFilter memory allocation by adding vector reserve esphome#9531 by @​bdraco
• [i2c] Use new driver with IDF 5.4.2+ esphome#8483 by @​swoboda1337
• Optimize scheduler timing by reducing millis() calls esphome#9524 by @​bdraco
• Optimize API component LOGCONFIG usage for flash memory savings esphome#9526 by @​bdraco
• Skip API log message calls for unsubscribed log levels esphome#9514 by @​bdraco
• Optimize API connection batch priority message handling to reduce flash usage esphome#9510 by @​bdraco
• Reduce flash usage by replacing ProtoSize template with specialized methods esphome#9487 by @​bdraco
• [ssd1306_base] fix typo brighrness esphome#9491 by @​ximex
• Fix CI failures from merge collisions esphome#9535 by @​bdraco
• Remove legacy unique_id field from entities esphome#9022 by @​bdraco (breaking-change)
• Reduce binary size with field-level conditional compilation for protobuf messages esphome#9473 by @​bdraco
• [adc] Test platforms on IDF esphome#9536 by @​edwardtfn
• Refactor API connection entity encoding to reduce code duplication esphome#9505 by @​bdraco
• Reduce API proto vtable overhead by splitting decode functionality esphome#9541 by @​bdraco
• Add ability to have same entity names on different sub devices esphome#9355 by @​bdraco
• Synchronise Device Classes from Home Assistant esphome#9513 by @​esphomebot
• Update script/helpers.py to use ESPHome YAML parser for integration fixtures esphome#9544 by @​bdraco
• [adc] Add ESP32-C5 support esphome#9486 by @​edwardtfn
• Move CONF_ALTITUDE_COMPENSATION to const.py esphome#9563 by @​mikelawrence
• Revert "Bump ESP32 IDF version to 5.4.2 and Arduino version to 3.2.1" esphome#9574 by @​jesserockz
• Workflow to auto label PRs based on changes esphome#9585 by @​jesserockz
• [dependabot] Use specific labels for github-actions updates esphome#9586 by @​jesserockz
• [CI] Add by-code-owner labelling esphome#9589 by @​jesserockz
• [CI] Add needs-docs labelling esphome#9591 by @​jesserockz
• Skip compilation of web_server_v1.cpp when not using version 1 esphome#9590 by @​bdraco
• Update Issues / Feature Requests links in Readme esphome#9600 by @​RubenKelevra
• Add some AI instructions esphome#9606 by @​jesserockz
• Update Issues / Feature Requests links esphome#9607 by @​RubenKelevra
• [ci] Implement external component PR workflow esphome#9595 by @​clydebarrow
• [ci] attempt to fix permission for workflow esphome#9610 by @​clydebarrow
• Refactor API send_message from template to non-template implementation esphome#9561 by @​bdraco
• Fix scheduler rollover detection with concurrent task calls esphome#9624 by @​bdraco
• adds nRF52840 to PR templates esphome#9631 by @​tomaszduda23
• [code quality] move const to esphome/const.py esphome#9632 by @​tomaszduda23
• [esp32] Allow variant in place of board esphome#9427 by @​clydebarrow
• [scheduler] Fix LibreTiny compilation error due to missing atomic operations esphome#9643 by @​bdraco
• Fix bluetooth_proxy heap allocations during BLE scanning esphome#9633 by @​bdraco
• core/schedule: fixup out of sync code comment esphome#9649 by @​RubenKelevra
• [CI] New workflow to mention codeowners on issues esphome#9658 by @​jesserockz
• [CI] Add codeowners mention workflow esphome#9651 by @​jesserockz
• [CI] Fix by-code-owner labelling esphome#9661 by @​jesserockz
• [scheduler] Add integration tests for set_retry functionality esphome#9644 by @​bdraco
• Use message_source_map consistently in proto generation esphome#9542 by @​bdraco
• esp32cam: add fb location config option esphome#9630 by @​RubenKelevra
• [i2s_audio] Bugfix: cast adc_channel_t to adc1_channel_t esphome#9688 by @​kahrendt
• Add core team as codeowner of .github folder esphome#9663 by @​jesserockz
• [CI] Fix clang-tidy not running when platformio.ini changes esphome#9678 by @​bdraco
• [api] Fix missing ifdef guards for field_ifdef fields in protobuf base classes esphome#9693 by @​bdraco
• [const] Move CONF_FLIP_X and CONF_FLIP_Y to const.py esphome#9741 by @​DT-art1
• core/scheduler: Make millis_64_ rollover monotonic on SMP esphome#9716 by @​RubenKelevra
• [bluetooth_proxy] Fix service discovery on disconnect and refactor connection handling esphome#9697 by @​bdraco
• [esp32_ble_tracker] Batch BLE advertisement processing to reduce overhead esphome#9699 by @​bdraco
• [api] Memory optimizations for API frame helper buffering esphome#9724 by @​bdraco
• [api] Eliminate heap allocation in process_batch_ using stack-allocated PacketInfo array esphome#9703 by @​bdraco
• [api] Remove deprecated protobuf fields to reduce flash usage esphome#9679 by @​bdraco (breaking-change)
• [CI] Only mention codeowners once esphome#9727 by @​jesserockz
• [api] Consolidate error handling and remove unused code esphome#9726 by @​bdraco
• [api] Fix missing ifdef guards for AreaInfo and DeviceInfo messages esphome#9730 by @​bdraco
• [core] Refactor scheduler to eliminate hidden side effects in empty_ esphome#9743 by @​bdraco
• [api] Reduce memory usage by eliminating duplicate client info strings esphome#9740 by @​bdraco
• [CI] Label PR too-big if it has more than 1000 lines changed esphome#9744 by @​jesserockz
• [CI] Keep original labels when PR has too many lines esphome#9745 by @​jesserockz
• [CI] Fetch platform components and target platforms from hosted json file esphome#9747 by @​jesserockz
• [CI] Add url and dismiss reviews once conditions are met esphome#9748 by @​jesserockz
• [api] Split frame helper implementation into protocol-specific files esphome#9746 by @​bdraco
• [CI] Fix codeowner workflow requesting the same multiple times esphome#9750 by @​jesserockz
• [CI] Use comment marker in too-big reviews esphome#9751 by @​jesserockz
• [CI] Dont create new review if existing and dont count tests esphome#9753 by @​jesserockz
• [api] Sync uses_password field_ifdef optimization from aioesphomeapi esphome#9756 by @​bdraco
• [tests] Fix flaky scheduler retry test timing esphome#9760 by @​bdraco
• [bluetooth_proxy] Optimize service discovery with in-place construction esphome#9765 by @​bdraco
• Factor PlatformIO buildgen out of writer.py esphome#9378 by @​stellar-aria
• [api] Implement zero-copy for all protobuf bytes fields esphome#9761 by @​bdraco
• [api] Optimize string encoding with memcpy for 10x performance improvement esphome#9778 by @​bdraco
• [api] Optimize noise handshake with memcpy for faster connection setup esphome#9779 by @​bdraco
• [nrf52] Add missing CoreModel define for scheduler esphome#9777 by @​bdraco
• [esp32_ble_tracker] Write require feature defines after all clients are registered esphome#9780 by @​jesserockz
• [api] Optimize protobuf memory usage with fixed-size arrays for Bluetooth UUIDs esphome#9782 by @​bdraco
• [api] Implement zero-copy string optimization for outgoing protobuf messages esphome#9790 by @​bdraco
• [schema-gen] fix referenced schemas when schema in component platform esphome#9755 by @​glmnet
• [audio] fix typo gneneral and divison esphome#9808 by @​ximex
• [sgp4x] Fix build esphome#9794 by @​swoboda1337
• [http_request] set correct duration_ms for failed requests esphome#9789 by @​stas-sl
• [udp] Move on_receive to const esphome#9811 by @​jesserockz
• Bump ESP32 IDF version to 5.4.2 and Arduino version to 3.2.1 esphome#9770 by @​swoboda1337
• Workflow - check all comments to find previous bot comment esphome#9815 by @​clydebarrow
• [core] Match LockFreeQueue initialization order esphome#9813 by @​jesserockz
• [CI] Paginate codeowner comments to make sure we find it esphome#9817 by @​jesserockz
• [CI] Paginate codeowner comments to make sure we find it esphome#9818 by @​jesserockz
• [core] Initialize looping_components_ before setup blocking phase esphome#9820 by @​bdraco
• [i2c] Use i2c_master_probe to scan i2c bus esphome#9831 by @​jesserockz
• [core] Restore COMPONENT_STATE_LOOP_DONE check in calculate_looping_components esphome#9832 by @​bdraco
• [ci] Support C++17 nested namespace syntax in linter esphome#9826 by @​bdraco
• [modem] network component change esphome#9801 by @​oarcher
• [interval] Fix startup behaviour esphome#9793 by @​clydebarrow
• [mipi] Refactor constants and functions esphome#9853 by @​clydebarrow (new-component)
• Update post_build.py.script to Fix #​7137 esphome#9578 by @​Maeur1
• [helpers] Add "unknown" value handling to Deduplicator esphome#9855 by @​kbx81
• [ld2450] Set accuracy_decimals=0 as default for "target" entities esphome#9842 by @​bharvey88
• [logger] remove unnecessary call to setTxTimeoutMs esphome#9854 by @​tjhorner
• [i2s_audio] Speaker improvements: CPU core agnostic and more accurate timestamps esphome#9800 by @​kahrendt
• [esp32] Fix threading model for single-core variants (S2, C3, C6, H2) esphome#9851 by @​bdraco
• [api] Replace magic numbers with MESSAGE_TYPE constants in protobuf switch cases esphome#9776 by @​bdraco
• [api] Simplify generated authentication check code esphome#9806 by @​bdraco
• [api] Reduce code duplication in protobuf dump methods with helper functions esphome#9809 by @​bdraco
• [api] Use emplace_back for TemplatableKeyValuePair construction in HomeAssistant services esphome#9804 by @​bdraco
• [core] Fix component state documentation and add state helper method esphome#9824 by @​bdraco
• [bluetooth_proxy] [esp32_ble_tracker] [esp32_ble] Use C++17 nested namespace syntax esphome#9825 by @​bdraco
• [ld2410] Use Deduplicator for sensors esphome#9584 by @​kbx81
• [api] Use C++17 nested namespace syntax esphome#9856 by @​bdraco
• [mipi] Keep models from different drivers separate esphome#9865 by @​clydebarrow
• [ld2450] Use Deduplicator for sensors esphome#9863 by @​kbx81
• [core] Revert #​9851 and rename ESPHOME_CORES to ESPHOME_THREAD esphome#9862 by @​bdraco
• [CI] Refactor auto-label workflow: modular architecture, CODEOWNERS automation, and performance improvements esphome#9860 by @​jesserockz
• [factory_reset] Allow factory reset by rapid power cycle esphome#9749 by @​clydebarrow
• [gps] Patches to build on IDF, other optimizations esphome#9728 by @​kbx81
• [sound_level] fix spelling mistake esphome#9843 by @​tomaszduda23
• rc522: fix buffer overflow in UID/buffer formatting helpers esphome#9375 by @​RubenKelevra
• [platformio.ini] Move GPS to common lib_deps esphome#9883 by @​kbx81
• [ruff] Enable SIM rules and fix code simplification violations esphome#9872 by @​bdraco
• [platformio.ini] Add GPS to nrf52-zephyr lib_deps esphome#9884 by @​kbx81
• Remove redundant platformio environments esphome#9886 by @​jesserockz
• [CI] Better mega-pr label handling esphome#9888 by @​jesserockz
• [CI] Fix auto-label workflow - codeowners & listFiles esphome#9890 by @​jesserockz
• [mqtt] Don’t log state topic subscription for buttons esphome#9887 by @​GilDev
• [scheduler] Fix retry race condition on cancellation esphome#9788 by @​bdraco
• [ruff] Enable PERF rules and fix all violations esphome#9874 by @​bdraco
• [scheduler] Fix null pointer crash esphome#9893 by @​clydebarrow
• [core] Centralize component setup logging to reduce flash usage esphome#9885 by @​bdraco
• [mipi_dsi] New display driver for P4 DSI esphome#9403 by @​clydebarrow (new-component) (new-platform)
• [api] Add missing USE_API_PASSWORD guards to reduce flash usage esphome#9899 by @​bdraco
• [api] Add conditional compilation for Home Assistant state subscriptions esphome#9898 by @​bdraco (breaking-change)
• [i2c] Fix logging level for bus scan results in dump_config esphome#9904 by @​bdraco
• [ruff] Enable FURB rules for code modernization esphome#9896 by @​bdraco
• [core] Fix format error in log printf esphome#9911 by @​clydebarrow
• [logger] Use C++17 nested namespace syntax esphome#9916 by @​bdraco
• [wifi] Allow config to use PSRAM esphome#9866 by @​clydebarrow
• [ci-custom] Report actual changes needed for absolute import esphome#9919 by @​clydebarrow
• [light] Reduce flash memory usage by optimizing validation and color mode logic esphome#9921 by @​bdraco
• [power_supply] Optimize logging, reduce flash footprint esphome#9923 by @​kbx81
• [wifi] Disallow psram config with arduino esphome#9922 by @​clydebarrow
• [core] Use nullptr defaults in status_set_error/warning to reduce flash usage esphome#9931 by @​bdraco
• [light] Reduce flash usage by 832 bytes through code optimization esphome#9924 by @​bdraco
• [api] Reduce code duplication in send_noise_encryption_set_key_response esphome#9918 by @​bdraco
• replace os.getlogin() with getpass.getuser() esphome#9928 by @​cmaxl
• [packages] add example from documentation to component tests esphome#9891 by @​tomaszduda23
• [api] Add conditional compilation for Home Assistant service subscriptions esphome#9900 by @​bdraco (breaking-change)
• [api] Fix string lifetime issue in Home Assistant service calls with templated values esphome#9909 by @​bdraco
• [bluetooth_proxy] Fix service discovery cache pollution and descriptor count parameter bug esphome#9902 by @​bdraco
• [config_validation] extend should combine extra validations esphome#9939 by @​clydebarrow
• [scheduler] Eliminate more runtime string allocations from retry esphome#9930 by @​bdraco
• [api] Remove unnecessary string copies from optional access esphome#9897 by @​bdraco
• [heatpumpir] Bump library to 1.0.37 esphome#9944 by @​jesserockz
• [api] Optimize protobuf empty message handling to reduce flash and runtime overhead esphome#9908 by @​bdraco
• [api] Align ProtoSize API design with ProtoWriteBuffer pattern esphome#9920 by @​bdraco
• [esp32] Enable LWIP core locking on ESP-IDF to reduce socket operation overhead esphome#9857 by @​bdraco
• [sensor] Add support for default filters esphome#9934 by @​kbx81
• [binary_sensor] Add support for default filters esphome#9935 by @​kbx81
• [text_sensor] Add support for default filters esphome#9936 by @​kbx81
• [heatpumpir] Fix issue with IRremoteESP8266 being included on ESP32 esphome#9950 by @​swoboda1337
• Openthread add Teardown esphome#9275 by @​rwrozelle
• [gps] Fix slow parsing esphome#9953 by @​kbx81
• [output] Add set_min_power & set_max_power actions for FloatOutput esphome#8934 by @​DjordjeMandic (new-feature)
• [esp32] Bump platform to 54.03.21-1 and add support for tagged releases esphome#9926 by @​swoboda1337
• [adc] Enable ADC on ESP32-P4 esphome#9954 by @​clydebarrow
• [esp32] Fix post build esphome#9951 by @​jesserockz
• [component] Revert setup messages to LOG_CONFIG level esphome#9956 by @​clydebarrow
• Media player API enumeration alignment and feature flags esphome#9949 by @​rwrozelle
• [mipi_dsi] Add dependencies esphome#9952 by @​clydebarrow
• Fix WiFi to prefer strongest AP when multiple APs have same SSID esphome#9963 by @​dayowe
• [api] Eliminate heap allocations when populating repeated fields from containers esphome#9948 by @​bdraco
• [wifi] add more disconnect reason descriptions esphome#9955 by @​ssieb
• [sensor] Add new filter: throttle_with_priority esphome#9937 by @​kbx81
• [template] Add tests for more sensor filters esphome#9973 by @​kbx81
• [esp32_ble_client] Fix connection failures with short discovery timeout devices and speed up BLE connections esphome#9971 by @​bdraco
• media_player add off on capability esphome#9294 by @​rwrozelle
• [core] Fix regex for lambda id() replacement esphome#9975 by @​clydebarrow
• [CI] Add labels for checkboxes esphome#9991 by @​jesserockz
• [api] Bump APIVersion to 1.11 esphome#9990 by @​rwrozelle
• [api] Reduce flash usage through targeted optimizations esphome#9979 by @​bdraco
• [esp32_touch] Work around ESP-IDF v5.4 regression in touch_pad_read_filtered esphome#9957 by @​bdraco (breaking-change)
• [esp32_ble] Fix spurious BLE 5.0 event warnings on ESP32-S3 esphome#9969 by @​bdraco
• [tm1651] Remove dependency on Arduino Library esphome#9645 by [@​mrtoy-me](https://redirect

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.