fix(deps): Relax protobuf upper bound to <7.0 for CVE-2026-0994

mufiAmazon · mufiAmazon · commit c12c3d2668da · 2026-02-20T14:35:58.000-08:00
Raise the protobuf upper bound from <6.32 to <7.0 so users on the 6.x line can upgrade to 6.33.5+ which contains the fix for CVE-2026-0994. The minimum remains >=3.12 to avoid breaking existing environments. Fixes #5548
diff --git a/pyproject.toml b/pyproject.toml
@@ -45,7 +45,7 @@ dependencies = [
   "pandas>=2.3.0",
   "pathos",
   "platformdirs",
-  "protobuf>=3.12,<6.32",
+  "protobuf>=3.12,<7.0",
   "psutil",
   "PyYAML>=6.0.1",
   "requests",
