Update 3rd party dependencies

[19as]

⠴ Resolving dependencies...
CRITICAL:pipenv.patched.pip._internal.resolution.resolvelib.factory:Cannot install cirq and protobuf==6.33.5 because these package versions have conflicting dependencies.
[ResolutionFailure]:   File "/usr/lib/python3/dist-packages/pipenv/resolver.py", line 811, in _main
[ResolutionFailure]:       resolve_packages(
[ResolutionFailure]:   File "/usr/lib/python3/dist-packages/pipenv/resolver.py", line 759, in resolve_packages
[ResolutionFailure]:       results, resolver = resolve(
[ResolutionFailure]:       ^^^^^^^^
[ResolutionFailure]:   File "/usr/lib/python3/dist-packages/pipenv/resolver.py", line 738, in resolve
[ResolutionFailure]:       return resolve_deps(
[ResolutionFailure]:       ^^^^^^^^^^^^^
[ResolutionFailure]:   File "/usr/lib/python3/dist-packages/pipenv/utils/resolver.py", line 1100, in resolve_deps
[ResolutionFailure]:       results, hashes, markers_lookup, resolver, skipped = actually_resolve_deps(
[ResolutionFailure]:       ^^^^^^^^^^^^^^^^^^^^^^
[ResolutionFailure]:   File "/usr/lib/python3/dist-packages/pipenv/utils/resolver.py", line 899, in actually_resolve_deps
[ResolutionFailure]:       resolver.resolve()
[ResolutionFailure]:   File "/usr/lib/python3/dist-packages/pipenv/utils/resolver.py", line 687, in resolve
[ResolutionFailure]:       raise ResolutionFailure(message=str(e))
[pipenv.exceptions.ResolutionFailure]: Warning: Your dependencies could not be resolved. You likely have a mismatch in your sub-dependencies.
  You can use $ pipenv install --skip-lock to bypass this mechanism, then run $ pipenv graph to inspect the situation.
  Hint: try $ pipenv lock --pre if it is a pre-release dependency.
ERROR: ResolutionImpossible: for help visit https://pip.pypa.io/en/latest/topics/dependency-resolution/#dealing-with-dependency-conflicts

I'm using cirq = "==1.6.1" version.

And I use trivy in CI for checking dependencies problems.

Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
┌──────────┬───────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────┐
│ Library  │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │                        Title                         │
├──────────┼───────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────┤
│ protobuf │ CVE-2026-0994 │ HIGH     │ fixed  │ 5.29.5            │ 6.33.5        │ python: protobuf: Protobuf: Denial of Service due to │
│          │               │          │        │                   │               │ recursion depth bypass                               │
│          │               │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2026-0994            │
└──────────┴───────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────┘

[mhucka]

Discussed during Cirq Cynq 2026-02-04: more info is needed about how to reproduce this. For example, the version of Python being used.

[pavoljuhas]

I cannot reproduce this. Please let us know the actual installation command used together with Python version and the operating system used. Note that you can install development release to allow compatibility with protobuf-6.33.5, e.g.,

pip install --upgrade "cirq~=1.0.dev0"