googleapis · parthea · May 26, 2026 · May 26, 2026 · gemini-code-assist · May 26, 2026
@@ -1,2 +1,2 @@
 # See https://github.com/bazelbuild/bazelisk
-USE_BAZEL_VERSION=6.5.0
+USE_BAZEL_VERSION=7.7.1
@@ -60,9 +60,9 @@ gapic_generator_python()
 
 gapic_generator_register_toolchains()
 
-_grpc_version = "1.71.0"
+_grpc_version = "1.78.1"
 
-_grpc_sha256 = "9313c3f8f4dd3341597f152d506a50caf571fe40f886e24ea9078891990df285"
+_grpc_sha256 = "f9b1d9fe1648024150593efa077ee0f600f9823a21e9d618b4f304e6c09c9902"
 
 http_archive(
     name = "com_github_grpc_grpc",
@@ -72,9 +72,9 @@ http_archive(
 )
 # instantiated in grpc_deps().
 
-_protobuf_version = "30.2"
+_protobuf_version = "33.5"
 
-_protobuf_sha256 = "07a43d88fe5a38e434c7f94129cad56a4c43a51f99336074d0799c2f7d4e44c5"
+_protobuf_sha256 = "440848dffa209beb8a04e41cc352762e44f8e91342b2a43aab6af9b30713c2f6"
 
 http_archive(
     name = "com_google_protobuf",

@@ -29,12 +29,12 @@ else:
     release_status = "Development Status :: 5 - Production/Stable"
 
 dependencies = [
-    "google-api-core[grpc] >= 2.10.0, < 3.0.0",
+    "google-api-core[grpc] >= 2.24.2, < 3.0.0",
     "google-auth >= 2.14.1, <3.0.0",
     "googleapis-common-protos >= 1.53.0",
     "grpcio >= 1.10.0",
     "proto-plus >= 1.22.3, <2.0.0",
-    "protobuf >= 4.25.8, < 8.0.0",
+    "protobuf >= 6.33.5, < 8.0.0",
     {% if api.requires_package(('google', 'iam', 'v1')) %}
     "grpc-google-iam-v1",
     {% endif %}

@@ -69,7 +69,7 @@ else:   # pragma: NO COVER
 
         def parse_version_to_tuple(version_string: str):
             """Safely converts a semantic version string to a comparable tuple of integers.
-            Example: "4.25.8" -> (4, 25, 8)
+            Example: "6.33.5" -> (6, 33, 5)
             Ignores non-numeric parts and handles common version formats.
             Args:
                 version_string: Version string in the format "x.y.z" or "x.y.z<suffix>"
@@ -98,9 +98,9 @@ else:   # pragma: NO COVER
                 return (None, "--")
 
         _dependency_package = "google.protobuf"
-        _next_supported_version = "4.25.8"
-        _next_supported_version_tuple = (4, 25, 8)
-        _recommendation = " (we recommend 6.x)"
+        _next_supported_version = "6.33.5"
+        _next_supported_version_tuple = (6, 33, 5)
+        _recommendation = " (we recommend 7.x)"
         (_version_used, _version_used_string) = _get_version(_dependency_package)
         if _version_used and _version_used < _next_supported_version_tuple:
             warnings.warn(f"Package {_package_label} depends on " +

@@ -33,7 +33,7 @@ else:
     release_status = "Development Status :: 5 - Production/Stable"
 
 dependencies = [
-    "google-api-core[grpc] >= 2.17.1, <3.0.0",
+    "google-api-core[grpc] >= 2.24.2, <3.0.0",
     # Exclude incompatible versions of `google-auth`
     # See https://github.com/googleapis/google-cloud-python/issues/12364
     "google-auth >= 2.14.1, <3.0.0,!=2.24.0,!=2.25.0",
@@ -42,7 +42,7 @@ dependencies = [
     "proto-plus >= 1.22.3, <2.0.0",
     "proto-plus >= 1.25.0, <2.0.0; python_version >= '3.13'",
     {# Explicitly exclude protobuf versions mentioned in https://cloud.google.com/support/bulletins#GCP-2022-019 #}
-    "protobuf >= 4.25.8, < 8.0.0",
+    "protobuf >= 6.33.5, < 8.0.0",
     {% for package_tuple, package_info in pypi_packages.items() %}
     {# Quick check to make sure `package_info.package_name` is not the package being generated so we don't circularly include this package in its own constraints file. #}
     {% if api.naming.warehouse_package_name != package_info.package_name %}
@@ -55,7 +55,6 @@ dependencies = [
 extras = {
 {% if rest_async_io_enabled %}
     "async_rest": [
-        "google-api-core[grpc] >= 2.21.0, < 3.0.0",
         "google-auth[aiohttp] >= 2.35.0, <3.0.0"
     ],
 {% endif %}

@@ -8,11 +8,11 @@
 # pinning their versions to their lower bounds.
 # For example, if setup.py has "google-cloud-foo >= 1.14.0, < 2.0.0",
 # then this file should have google-cloud-foo==1.14.0
-google-api-core==2.21.0
+google-api-core==2.24.2
 google-auth==2.35.0
 grpcio==1.44.0
 proto-plus==1.22.3
-protobuf==4.25.8
+protobuf==6.33.5
 {% for package_tuple, package_info in pypi_packages.items() %}
 {# Quick check to make sure `package_info.package_name` is not the package being generated so we don't circularly include this package in its own constraints file. #}
 {% if api.naming.warehouse_package_name != package_info.package_name %}

@@ -5,11 +5,11 @@
 # pinning their versions to their lower bounds.
 # For example, if setup.py has "google-cloud-foo >= 1.14.0, < 2.0.0",
 # then this file should have google-cloud-foo==1.14.0
-google-api-core==2.17.1
+google-api-core==2.24.2
 google-auth==2.14.1
 grpcio==1.44.0
 proto-plus==1.22.3
-protobuf==4.25.8
+protobuf==6.33.5
 {% for package_tuple, package_info in pypi_packages.items() %}
 {# Quick check to make sure `package_info.package_name` is not the package being generated so we don't circularly include this package in its own constraints file. #}
 {% if api.naming.warehouse_package_name != package_info.package_name %}

@@ -10,7 +10,7 @@ google-api-core>=2
 google-auth>=2
 grpcio>=1
 proto-plus>=1
-protobuf>=6
+protobuf>=7
 {% for package_tuple, package_info in pypi_packages.items() %}
 {# Quick check to make sure `package_info.package_name` is not the package being generated so we don't circularly include this package in its own constraints file. #}
 {% if api.naming.warehouse_package_name != package_info.package_name %}

@@ -10,7 +10,7 @@ google-api-core>=2
 google-auth>=2
 grpcio>=1
 proto-plus>=1
-protobuf>=6
+protobuf>=7
 {% for package_tuple, package_info in pypi_packages.items() %}
 {# Quick check to make sure `package_info.package_name` is not the package being generated so we don't circularly include this package in its own constraints file. #}
 {% if api.naming.warehouse_package_name != package_info.package_name %}

@@ -3,7 +3,7 @@ google-api-core
 googleapis-common-protos
 jinja2
 MarkupSafe
-protobuf>=4.25.8
+protobuf>=6.33.5 # for CVE-2026-0994. See https://github.com/advisories/GHSA-7gcm-g887-7qv7 and https://protobuf.dev/support/version-support/#python
 pypandoc
 PyYAML
 grpc-google-iam-v1

@@ -28,14 +28,14 @@
     # Ensure that the lower bounds of these dependencies match what we have in the
     # templated setup.py.j2: https://github.com/googleapis/gapic-generator-python/blob/main/gapic/templates/setup.py.j2
     "click >= 6.7",
-    "google-api-core[grpc] >= 1.34.1, <3.0.0,!=2.0.*,!=2.1.*,!=2.2.*,!=2.3.*,!=2.4.*,!=2.5.*,!=2.6.*,!=2.7.*,!=2.8.*,!=2.9.*,!=2.10.*",
-    "googleapis-common-protos >= 1.55.0",
-    "grpcio >= 1.24.3",
+    "google-api-core[grpc] >= 2.24.2, < 3.0.0",
+    "googleapis-common-protos >= 1.55.0, < 2.0.0",
+    "grpcio >= 1.24.3, < 2.0.0",
     # 2.11.0 is required which adds the `default` argument to `jinja-filters.map()`
     # https://jinja.palletsprojects.com/en/3.0.x/templates/#jinja-filters.map
     # https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-0
     "jinja2 >= 2.11",
-    "protobuf >= 4.25.8, < 8.0.0",
+    "protobuf >= 6.33.5, < 8.0.0",
     "pypandoc >= 1.4",
     "PyYAML >= 5.1.1",
     "grpc-google-iam-v1 >= 0.14.0, < 1.0.0",