From b79d5f9be155cb1b916743bd5f973774124e1dcc Mon Sep 17 00:00:00 2001 From: Max SCHMELLER Date: Wed, 3 Jun 2026 11:50:43 +0900 Subject: [PATCH 1/2] build: make build-time protobuf version <= runtime to fix gencode/runtime incompatibility Signed-off-by: Max SCHMELLER --- pyproject.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index dd7676f..f55619b 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ version = "0.2.5" description = "Protobuf definitions for sync tooling." authors = [{ name = "Max SCHMELLER", email = "max.schmeller@tier4.jp" }] requires-python = ">=3.10" -dependencies = ["protobuf>=6.31.0", "mypy-protobuf>=3.6.0", "bidict>=0.23.1"] +dependencies = ["protobuf>=6.33.4,<7", "mypy-protobuf>=3.6.0", "bidict>=0.23.1"] [dependency-groups] dev = [ @@ -13,7 +13,7 @@ dev = [ ] [build-system] -requires = ["hatchling"] +requires = ["hatchling", "protobuf==6.33.4"] build-backend = "hatchling.build" [tool.hatch.build.targets.wheel] From 295f242b566b433594662b853c4eddcf17364249 Mon Sep 17 00:00:00 2001 From: Max SCHMELLER Date: Wed, 3 Jun 2026 11:52:20 +0900 Subject: [PATCH 2/2] fix: bump protobuf to >=6.33.5 o fix json recursion vuln Signed-off-by: Max SCHMELLER --- pyproject.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index f55619b..627f94d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ version = "0.2.5" description = "Protobuf definitions for sync tooling." authors = [{ name = "Max SCHMELLER", email = "max.schmeller@tier4.jp" }] requires-python = ">=3.10" -dependencies = ["protobuf>=6.33.4,<7", "mypy-protobuf>=3.6.0", "bidict>=0.23.1"] +dependencies = ["protobuf>=6.33.5,<7", "mypy-protobuf>=3.6.0", "bidict>=0.23.1"] [dependency-groups] dev = [ @@ -13,7 +13,7 @@ dev = [ ] [build-system] -requires = ["hatchling", "protobuf==6.33.4"] +requires = ["hatchling", "protobuf==6.33.5"] build-backend = "hatchling.build" [tool.hatch.build.targets.wheel]