From 4fd4e074e09d6e1508d97c4a0356abf27a192099 Mon Sep 17 00:00:00 2001
From: lebaudantoine <lebaud.antoine131@gmail.com>
Date: Thu, 19 Feb 2026 18:26:37 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=93=8C(agents)=20pin=20protobuf=20to=206.?=
 =?UTF-8?q?33.5=20to=20fix=20=20CVE-2026-0994?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Protobuf is a transitive dependency. Pin it to version 6.33.5 to
address CVE-2026-0994.
---
 src/agents/pyproject.toml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/agents/pyproject.toml b/src/agents/pyproject.toml
index 3a10d23e..b19f1fcc 100644
--- a/src/agents/pyproject.toml
+++ b/src/agents/pyproject.toml
@@ -8,7 +8,8 @@ dependencies = [
     "livekit-plugins-deepgram==1.3.10",
     "livekit-plugins-silero==1.3.10",
     "livekit-plugins-kyutai-lasuite==0.0.6",
-    "python-dotenv==1.2.1"
+    "python-dotenv==1.2.1",
+    "protobuf==6.33.5"
 ]
 
 [project.optional-dependencies]