Bump the prod-deps group with 2 updates

[dependabot]

Bumps the prod-deps group with 2 updates: org.eclipse.jgit:org.eclipse.jgit and com.google.guava:guava.

Updates org.eclipse.jgit:org.eclipse.jgit from 7.1.0.202411261347-r to 7.2.0.202503040940-r

Commits

• fddef06 JGit v7.2.0.202503040940-r
• c43126f JGit v7.2.0.202503040805-r
• 28136bc CacheRegion: fix non translatable text warnings
• 1468a80 Merge branch 'master' into stable-7.2
• 4ef8870 Ensure access to autoRefresh is thread-safe
• ac5146f FileReftableStack: use FileSnapshot to detect modification
• 1ff9c2a FileReftableDatabase: consider ref updates by another process
• 5db57fe BlameRegionMerger: report invalid regions with checked exception.
• 3483bd7 Merge "[ssh known_hosts] Handle unknown keys better"
• 1b70d59 Prepare 7.2.0-SNAPSHOT builds
• Additional commits viewable in compare view

Updates com.google.guava:guava from 33.4.0-jre to 33.4.5-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.4.5

For those upgrading from Guava 33.4.0 or earlier, be sure to read the release notes for Guava 33.4.1.

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.4.5-jre</version>
  <!-- or, for Android: -->
  <version>33.4.5-android</version>
</dependency>

Jar files

• 33.4.5-jre.jar
• 33.4.5-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.3.jar

Javadoc

• 33.4.5-jre
• 33.4.5-android

JDiff

• 33.4.5-jre vs. 33.4.4-jre
• 33.4.5-android vs. 33.4.4-android
• 33.4.5-android vs. 33.4.5-jre

Changelog

• Changed the Guava jar (plus guava-testlib and failureaccess jars) to be a modular jar. (7a71ea0bfa, 287c701a86)
• Changed various classes to stop using sun.misc.Unsafe under Java 9+. (ee63055ddd, 80aab00dc5b7a36785f5e09b6a54397388980cde, 400af25292096746ed3f6164f0ff88209acbb19f, 71d0692d418a5dd001c9b3786275a5f1f94e1971, d1a3cd5037528a2ae990bfceed9cdd009fbc54de, b3bb29a54b8f13d6f6630b6cb929867adbf6b9a0, 1a300f6b2f7ba03ae9bc3620a80c4d4589c65b69)
  • Note that, if you use guava-android on the JVM (instead of using guava-jre), Guava will still try to use sun.misc.Unsafe. We will do further work on this in the future.
• Belatedly updated the Public Suffix List data. (ee3b9c64382037f72b3a8341915cc64b87850b53, d25d62fc843ece1c3866859bc8639b815093eac8)

Special thanks to @​sgammon for his modularization efforts.

33.4.4

This is one of a series of releases that improve Guava's nullness annotations. For more information, including troubleshooting help, see the release notes for Guava 33.4.1. Most users can update directly to Guava 33.4.5.

Maven

</tr></table> 

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions