From acb58f5d28ebd99f66454d940b8019f6c567d9ee Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 31 Jan 2026 10:49:26 +0000
Subject: [PATCH] fix:
 online-boutique-demo/src/recommendationservice/requirements.txt to reduce
 vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PROTOBUF-15090738
---
 online-boutique-demo/src/recommendationservice/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/online-boutique-demo/src/recommendationservice/requirements.txt b/online-boutique-demo/src/recommendationservice/requirements.txt
index bc6c363..acc838d 100644
--- a/online-boutique-demo/src/recommendationservice/requirements.txt
+++ b/online-boutique-demo/src/recommendationservice/requirements.txt
@@ -25,7 +25,7 @@ opencensus-context==0.1.2  # via opencensus
 opencensus-ext-grpc==0.7.1  # via -r requirements.in
 opencensus-ext-stackdriver==0.7.3  # via -r requirements.in
 opencensus==0.7.11        # via -r requirements.in, opencensus-ext-grpc, opencensus-ext-stackdriver
-protobuf==3.13.0          # via google-api-core, googleapis-common-protos, grpcio-health-checking
+protobuf==6.33.5          # via google-api-core, googleapis-common-protos, grpcio-health-checking
 pyasn1-modules==0.2.8     # via google-auth
 pyasn1==0.4.8             # via pyasn1-modules, rsa
 python-json-logger==0.1.11  # via -r requirements.in