Expand protobuf version constraint to include v6.x

[rohanshah18]

Problem

The current protobuf dependency constraint (>=5.29.5,<6.0.0) blocks users from using protobuf 6.x. Some users may want or need to use protobuf 6.x in their environments, and the current upper bound prevents this.

Solution

Updated the protobuf version constraint from <6.0.0 to <7.0.0 in pyproject.toml, allowing both protobuf 5.x and 6.x.

According to the Protocol Buffers Cross-Version Runtime Guarantee, code generated for major version V is supported by runtimes of versions V and V+1. Our proto files were generated with protobuf 5.x, so they should be compatible with 6.x runtimes.

Verified locally: Successfully imported proto modules and ran all gRPC unit tests with protobuf 6.33.2 installed.

Security note: CVE-2025-4565 is fixed in protobuf 5.29.5 and 6.31.1. The existing >=5.29.5 lower bound ensures 5.x users get patched versions.

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update
• Infrastructure change (CI configs, etc)
• Non-code change (docs, etc)
• None of the above: (explain here)

Test Plan

1. Ran all gRPC unit tests with protobuf 6.33.2 installed
2. CI will run the full test suite

[rohanshah18]

Not sure why version was not updated to 8.0.0 but running uv sync will update this to current pinecone python sdk version.

[rohanshah18]

Realized the target-version in pyproject.toml was incorrectly changed by the publish-to-pypi workflow. The regex re.sub(r'version = "[^\"]+"', ...) is too broad and matches both:
version = "7.3.0" (line# 3)
target-version = "py310" (line#125)
When v8.0.0 was released (the first release after the uv migration), both lines were changed to "8.0.0" (PR). This went unnoticed because the release commit used [skip ci].