Roll back protobuf to 6.32.0

[PaulCavill]

Breaking change

Proposed change

Dependency downgrade to support Home Assistant

Type of change

• Dependency upgrade
• Bugfix (non-breaking change which fixes an issue)
• New service (thank you!)
• New feature (which adds functionality to an existing service)
• Breaking change (fix/feature causing existing functionality to break)
• Code quality improvements to existing code or addition of tests
• Documentation or code sample

Example of code:

Additional information

• This PR fixes or closes issue: fixes #
• This PR is related to issue:

Checklist

• The code change is tested and works locally.
• Local tests pass. Your PR cannot be merged unless tests pass
• There is no commented out code in this PR.
• Tests have been added to verify that the new code works.

If user exposed functionality or configuration variables are added/changed:

• Documentation added/updated to README

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Updated dependency constraints to support a wider range of compatible versions.

Walkthrough

The protobuf dependency constraint in requirements.txt is relaxed from protobuf>=7.34.1,<8 to protobuf>=6.32.0,<8, lowering the minimum required version whilst maintaining the major version boundary.

Changes

Protobuf dependency update

Layer / File(s)	Summary
Protobuf minimum version relaxation requirements.txt	The protobuf minimum version constraint is broadened from 7.34.1 to 6.32.0, extending compatibility to earlier protobuf releases within the 6.x and 7.x ranges.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

A rabbit hops through version trees,
Relaxing bounds with gentle ease—
From 7.34 down to 6.32,
More protobuf friends join the crew! 🐰✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: rolling back protobuf to version 6.32.0, which matches the dependency constraint change in requirements.txt.
Description check	✅ Passed	The description mentions the proposed change as a dependency downgrade to support Home Assistant, which relates to the protobuf version constraint modification in the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@requirements.txt`:
- Line 6: Update the protobuf constraint in requirements.txt to raise the
minimum patch version to avoid the HIGH advisory: locate the existing
requirement line "protobuf>=6.32.0,<8" and change its lower bound to
"protobuf>=6.33.5,<8" so the resolved versions exclude the vulnerable
6.30.0rc1–6.33.4 range while remaining compatible with generated-code runtime
expectations.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 69b5471f-e307-4374-878a-e88ae8d2d3b7

📥 Commits

Reviewing files that changed from the base of the PR and between 85786c8 and c09b438.

📒 Files selected for processing (1)

• requirements.txt

[PaulCavill]

There is an draft PR to bring the minimim version up to protobuf 7.34.1. but that will take some time.

[aram535]

Hi @timlaing — I have a PR open against home-assistant/core (home-assistant/core#172538) to bump pyicloud from 2.4.1 to 2.6.1 to fix the 2FA push notification regression that has affected HA users since 2026.4 (issues #166833, #166541, #167016, #167608).

The blocker is the protobuf>=7.34.1 minimum introduced by the dependabot auto-merge in #227. HA pins protobuf==6.32.0 in its package_constraints.txt, so CI rejects the bump.

From my testing: pyicloud's .proto-generated files carry # Protobuf Python Version: 6.31.1 and the 2FA fix (_request_2fa_code) has no protobuf imports at all. Everything works fine at runtime with protobuf 6.32.0.

Merging this PR and tagging a patch release (2.6.2?) with protobuf>=6.32.0,<8 would unblock the HA PR and fix 2FA for a large number of users. Would appreciate an expedited review if possible.

[timlaing]

Doing the update now for you. Thanks

[PaulCavill]

@timlaing Are you going to roll back to the previous requirement for protobuf ? Happy to cancel this PR.

[timlaing]

@PaulCavill - Merging this PR now

[PaulCavill]

Its like wack amole here.

Using Python 3.14.5 environment at: venv
× No solution found when resolving dependencies:
╰─▶ Because pyicloud==2.6.2 depends on rich>=15.0.0 and surepy==0.9.0
depends on rich>=10.1.0,<11.0.0, we can conclude that pyicloud==2.6.2
and surepy==0.9.0 are incompatible.
And because you require pyicloud==2.6.2 and surepy==0.9.0, we can
conclude that your requirements are unsatisfiable.

[timlaing]

@PaulCavill - are you going to create another PR or do you want me to do it.

[PaulCavill]

Will do a PR just running the Test localy first.