fix: require protobuf 6.33.5 to address CVE-2026-0994

[parthea]

Require Protobuf 6.33.5 to address CVE-2026-0994. As per https://protobuf.dev/support/version-support/#python and https://protobuf.dev/support/version-support/#duration, Protobuf 5.x is no longer supported.

[gemini-code-assist]

Code Review

This pull request updates the minimum required version of protobuf to 6.33.5 (and updates related Bazel dependencies) to address security vulnerability CVE-2026-0994. The feedback points out that setting constraints to protobuf>=7 in Python 3.13 and 3.14 testing templates unnecessarily excludes the secure 6.33.5 version and forces a major upgrade. Additionally, recommending 7.x in the package template is confusing since the minimum supported version is within the 6.x series, so recommending 6.x remains more appropriate.

[gemini-code-assist]

Setting the constraint to protobuf>=7 excludes the secure 6.33.5 version that this PR is introducing. It also forces a major version upgrade to 7.x, which may not be fully compatible or available. It should be set to protobuf>=6.33.5 to align with the minimum secure version specified in setup.py.

protobuf>=6.33.5

[gemini-code-assist]

Setting the constraint to protobuf>=7 excludes the secure 6.33.5 version that this PR is introducing. It also forces a major version upgrade to 7.x, which may not be fully compatible or available. It should be set to protobuf>=6.33.5 to align with the minimum secure version specified in setup.py.

protobuf>=6.33.5

[gemini-code-assist]

Since the minimum supported version is 6.33.5 (which is a 6.x version), recommending 7.x is unnecessary and potentially confusing for users who are on an older 6.x version (e.g., 6.30.0). They only need to upgrade to 6.33.5 or later within the 6.x series. Recommending 6.x is more appropriate.

        _recommendation = " (we recommend 6.x)"