From 0a10fd5157bd3d6bd9a99474ae6b05cc61914f48 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 4 Feb 2026 19:15:19 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-15183335
- https://snyk.io/vuln/SNYK-PYTHON-PROTOBUF-15090738
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 780bb4d60..cbdd803d0 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -44,7 +44,7 @@ pillow==11.1.0
 pip-tools==7.4.1
 pipdeptree==2.26.1
 polars~=0.19.17         # recommend engine - comment out if initial installation is failing
-protobuf>=3.18.3        # not directly required, pinned by Snyk to avoid a vulnerability
+protobuf>=6.33.5        # not directly required, pinned by Snyk to avoid a vulnerability
 psycopg2-binary==2.9.10
 py3dns==4.0.1
 pyarrow                 # recommend engine - comment out if initial installation is failing