From 24c54860a1606ef97262702e898a6bb6fd6b8407 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 2 Feb 2026 09:03:16 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PROTOBUF-15090738
- https://snyk.io/vuln/SNYK-PYTHON-WHEEL-15053866
---
 requirements.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 3d6bcf4..9a7326b 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -30,7 +30,7 @@ numpy==1.19.5
 oauthlib==3.1.1
 opt-einsum==3.3.0
 pkg-resources==0.0.0
-protobuf==3.17.2
+protobuf==6.33.5
 pyasn1==0.4.8
 pyasn1-modules==0.2.8
 requests==2.25.1
@@ -53,3 +53,4 @@ urllib3==1.26.5
 Werkzeug==2.0.1
 wrapt==1.12.1
 zipp==3.4.1
+wheel>=0.46.2 # not directly required, pinned by Snyk to avoid a vulnerability