Bump protobuf-java version to 3.25.5 resolve CVE-2024-7254

[veronicaboychuk]

• wasn't able to run tests locally unfortunately 😬
• unsure why the license_check maven_artifacts.bzl version is so behind. I see that v20240317 contains protobuf 3.17.0 instead of 3.25.2 #4168 is still open. Wondering if it's possible to get a maven release out with this CVE fixed at least?

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[brad4d]

Maven releases are not currently being done.
Responsibility for doing them will be taken over by another team within Google in early 2025.

I've added this issue to a short list (currently one other) that need to be addressed when the next Maven release is done.

[veronicaboychuk]

Thanks for the update!

[kaczyns]

Hi @brad4d - I was wondering if there is any news on when there might be a new release?

[brad4d]

I cannot give a date, but I can say that action is happening on this.
You can see what's happening on #4220

[veronicaboychuk]

Releases are being deployed to maven now, so I'll follow 4220 and close this. Thanks!