upgrade protobuf to 6.33.5 (fix security problem)

Cause: protobuf affected by a JSON recursion depth bypass: A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.
2026-01-31 13:58:54 +01:00
parent a4fecc66ea
commit 74d95d2437
9 changed files with 436 additions and 416 deletions
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -40,12 +40,12 @@ classifiers = [
 ]
 dependencies = [
  "colorama>=0.4.6",
-  "opencv-contrib-python",
+  "opencv-contrib-python>=4.13.0",
  "numpy>=2.0,<2.1 ; python_version >= '3.9' and python_version < '3.10'",
  "numpy>=2.2,<2.3 ; python_version >= '3.10' and python_version < '3.11'",
-  "numpy>=2.4,<3.0 ; python_version >= '3.11'",
+  "numpy>=2.4.1,<3.0 ; python_version >= '3.11'",
  "Pillow",
-  "protobuf",
+  "protobuf>=6.33.5",
  "pyzbar",
  "qrcode",
  "qreader<2.0.0",
@@ -73,5 +73,7 @@ enabled = true

 # https://blog.ionelmc.ro/2014/05/25/python-packaging/#the-structure%3E
 # https://docs.pytest.org/en/7.1.x/explanation/goodpractices.html#which-import-mode
+
 [tool.pytest.ini_options]
 addopts = [ "--import-mode=importlib", ]
+testpaths = [ "tests", ]