From c12c3d2668da56f544488fd87f85e895713e5016 Mon Sep 17 00:00:00 2001
From: Mufaddal Rohawala <mufi@amazon.com>
Date: Fri, 20 Feb 2026 14:35:58 -0800
Subject: [PATCH] fix(deps): Relax protobuf upper bound to <7.0 for
 CVE-2026-0994

Raise the protobuf upper bound from <6.32 to <7.0 so users on the 6.x
line can upgrade to 6.33.5+ which contains the fix for CVE-2026-0994.
The minimum remains >=3.12 to avoid breaking existing environments.

Fixes #5548
---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index d4f6e1e652..0621d9a643 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -45,7 +45,7 @@ dependencies = [
   "pandas>=2.3.0",
   "pathos",
   "platformdirs",
-  "protobuf>=3.12,<6.32",
+  "protobuf>=3.12,<7.0",
   "psutil",
   "PyYAML>=6.0.1",
   "requests",