Bump GCP bom & constrain libs to address snyk vuln

buildSrc/src/main/groovy/tanagra.java-conventions.gradle

@@ -41,10 +41,14 @@ dependencyLocking {
 
 dependencies {
     // GCP BOM - See https://github.com/GoogleCloudPlatform/cloud-opensource-java/wiki/The-Google-Cloud-Platform-Libraries-BOM
-    implementation platform('com.google.cloud:libraries-bom:26.42.0')
+    implementation platform('com.google.cloud:libraries-bom:26.47.0')
     constraints {
         // "-jre" for Java 8 or higher
-        implementation 'com.google.guava:guava:33.2.1-jre'
+        implementation 'com.google.guava:guava:33.3.1-jre'
+
+        def vGcpProtobuf = '3.25.5'
+        implementation "com.google.protobuf:protobuf-java:${vGcpProtobuf}"
+        implementation "com.google.protobuf:protobuf-java-util:${vGcpProtobuf}"
     }
 }
 

cli/gradle.lockfile

@@ -12,16 +12,16 @@ com.github.oowekyala.ooxml:nice-xml-messages:3.1=pmd
 com.github.spotbugs:spotbugs-annotations:4.8.5=compileClasspath,spotbugs,testCompileClasspath
 com.github.spotbugs:spotbugs:4.8.5=spotbugs
 com.github.stephenc.jcip:jcip-annotations:1.0-1=spotbugs
-com.google.cloud:libraries-bom:26.42.0=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath
+com.google.cloud:libraries-bom:26.47.0=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath
 com.google.code.findbugs:jsr305:3.0.2=checkstyle,compileClasspath,runtimeClasspath,spotbugs,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath
 com.google.code.gson:gson:2.10.1=pmd,spotbugs
 com.google.errorprone:error_prone_annotations:2.23.0=checkstyle
-com.google.errorprone:error_prone_annotations:2.26.1=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath
+com.google.errorprone:error_prone_annotations:2.28.0=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath
 com.google.guava:failureaccess:1.0.2=checkstyle,compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath
 com.google.guava:guava:33.0.0-jre=checkstyle
-com.google.guava:guava:33.2.1-jre=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath
+com.google.guava:guava:33.3.1-jre=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath
 com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava=checkstyle,compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath
-com.google.j2objc:j2objc-annotations:3.0.0=compileClasspath,testCompileClasspath
+com.google.j2objc:j2objc-annotations:3.0.0=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath
 com.puppycrawl.tools:checkstyle:10.12.7=checkstyle
 commons-beanutils:commons-beanutils:1.9.4=checkstyle
 commons-codec:commons-codec:1.15=checkstyle,pmd,spotbugs
@@ -54,7 +54,8 @@ org.apache.maven.doxia:doxia-module-xdoc:1.12.0=checkstyle
 org.apache.maven.doxia:doxia-sink-api:1.12.0=checkstyle
 org.apache.xbean:xbean-reflect:3.7=checkstyle
 org.checkerframework:checker-qual:2.11.1=pmd
-org.checkerframework:checker-qual:3.42.0=checkstyle,compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath
+org.checkerframework:checker-qual:3.42.0=checkstyle
+org.checkerframework:checker-qual:3.43.0=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath
 org.codehaus.plexus:plexus-classworlds:2.6.0=checkstyle
 org.codehaus.plexus:plexus-component-annotations:2.1.0=checkstyle
 org.codehaus.plexus:plexus-container-default:2.1.0=checkstyle