Restrict protobuf and bump our version (#636)

pmcollins · web-flow · commit 3f36935ac04e · 2025-07-29T14:36:54.000-04:00
* Restrict protobuf versions

* Bump our version to 2.6.0
diff --git a/pyproject.toml b/pyproject.toml
@@ -31,6 +31,7 @@ dependencies = [
   "opentelemetry-instrumentation==0.56b0",
   "opentelemetry-instrumentation-system-metrics==0.56b0",
   "opentelemetry-semantic-conventions==0.56b0",
+  "protobuf>=6.31.1", # not our direct dep, prevents installing vulnerable proto versions (CVE‑2025‑4565)
 ]
 
 [project.urls]
diff --git a/src/splunk_otel/__about__.py b/src/splunk_otel/__about__.py
@@ -13,4 +13,4 @@
 #  limitations under the License.
 
 
-__version__ = "2.5.0"
+__version__ = "2.6.0"

Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,7 @@ dependencies = [`
`31`	`31`	`"opentelemetry-instrumentation==0.56b0",`
`32`	`32`	`"opentelemetry-instrumentation-system-metrics==0.56b0",`
`33`	`33`	`"opentelemetry-semantic-conventions==0.56b0",`
	`34`	`+ "protobuf>=6.31.1", # not our direct dep, prevents installing vulnerable proto versions (CVE‑2025‑4565)`
`34`	`35`	`]`
`35`	`36`
`36`	`37`	`[project.urls]`
Original file line number	Diff line number	Diff line change
`@@ -13,4 +13,4 @@`
`13`	`13`	`# limitations under the License.`
`14`	`14`
`15`	`15`
`16`		`-__version__ = "2.5.0"`
	`16`	`+__version__ = "2.6.0"`