Bump versions of protobuf, guava, error prone, and re2j deps

The protobuf bump in particular is to fix a C++ linking issue when building the Sonatype bundles:

: (Exit 1): gcc failed: error executing CppLink command (from target @@protobuf+//:protoc) /usr/bin/gcc @bazel-out/k8-opt-exec-ST-d57f47055a04/bin/external/protobuf+/protoc-0.params
collect2: fatal error: cannot find 'ld'
compilation terminated.

Looks like the older version is causing something to use the 'gold' linker, which is being removed : https://lists.gnu.org/archive/html/info-gnu/2025-02/msg00001.html.

#4220

PiperOrigin-RevId: 743643458

Author: lauraharker

MODULE.bazel

@@ -1,49 +1,61 @@
 bazel_dep(name = "rules_java", version = "8.6.1")
 bazel_dep(name = "rules_pkg", version = "1.1.0")
-bazel_dep(name = "protobuf", version = "29.1")
+bazel_dep(name = "protobuf", version = "30.2")
 bazel_dep(name = "bazel_jar_jar", version = "0.1.5")
 bazel_dep(name = "google_bazel_common", version = "0.0.1")
-
 bazel_dep(name = "rules_jvm_external", version = "6.6")
 
 ## START_MAVEN_ARTIFACTS_LIST
 # List of external dependencies from Maven. Also update corresponding POM file below.
 MAVEN_ARTIFACTS = [
     "args4j:args4j:2.33",
     "com.google.code.gson:gson:2.9.1",
-    "com.google.errorprone:error_prone_annotations:2.15.0",
+    "com.google.errorprone:error_prone_annotations:2.5.1",
     "com.google.guava:failureaccess:1.0.1",
-    "com.google.guava:guava:33.4.0-jre",
-    "com.google.guava:guava-testlib:33.4.0-jre",
+    "com.google.guava:guava:33.4.6-jre",
+    "com.google.guava:guava-testlib:33.4.6-jre",
     "com.google.jimfs:jimfs:1.2",
-    "com.google.protobuf:protobuf-java:3.25.6",
-    "com.google.re2j:re2j:1.3",
+    "com.google.protobuf:protobuf-java:4.30.2",
+    "com.google.re2j:re2j:1.8",
     "com.google.truth.extensions:truth-proto-extension:1.4.4",
     "io.github.java-diff-utils:java-diff-utils:4.12",
     "org.apache.ant:ant:1.10.11",
     "org.jspecify:jspecify:0.3.0",
 ]
 
+# Pom and gradle files for Maven dependencies. Only used to automatically extract license
+# information, not as part of the actual build.
+#
+# Note: if a pom/gradle file is not checked into GitHub, please add the artifact name and license
+# url to ADDITIONAL_LICENSES below.
+#
 # After updating dependencies, please run the license check script from this directory:
 #   ./license_check/third_party_license_test.sh --update
 #
 # Note the added "@" after version tag to make easier to extract the root url
-ORDERED_POM_OR_GRADLE_FILE_LIST = [
+ORDERED_POM_OR_GRADLE_FILE_LIST_FOR_LICENSE_CHECK = [
     "https://github.com/kohsuke/args4j/blob/args4j-site-2.33@/args4j/pom.xml",
     "https://github.com/google/gson/blob/gson-parent-2.9.1@/gson/pom.xml",
-    "https://github.com/google/error-prone/blob/v2.15.0@/annotations/pom.xml",
+    "https://github.com/google/error-prone/blob/v2.5.1@/annotations/pom.xml",
     "https://github.com/google/guava/blob/failureaccess-v1.0.1@/futures/failureaccess/pom.xml",
-    "https://github.com/google/guava/blob/v32.1.2@/guava/pom.xml",
-    "https://github.com/google/guava/blob/v32.1.2@/guava-testlib/pom.xml",
+    "https://github.com/google/guava/blob/v33.4.6@/guava/pom.xml",
+    "https://github.com/google/guava/blob/v33.4.6@/guava-testlib/pom.xml",
     "https://github.com/google/jimfs/blob/v1.2@/jimfs/pom.xml",
-    "https://github.com/protocolbuffers/protobuf/blob/v3.25.6@/java/core/pom.xml",
     "https://github.com/google/re2j/blob/re2j-1.3@/build.gradle",
     "https://github.com/google/truth/blob/v1.4.4@/extensions/proto/pom.xml",
     "https://github.com/java-diff-utils/java-diff-utils/blob/java-diff-utils-parent-4.12@/java-diff-utils/pom.xml",
     "https://github.com/apache/ant/blob/rel/1.10.11@/src/etc/poms/ant/pom.xml",
     "https://github.com/jspecify/jspecify/blob/v0.3.0@/gradle/publish.gradle",
 ]
 
+# Additional GitHub links to license files for maven artifacts. Add an entry here only if there is
+# no pom or gradle file checked into GitHub. (The advantage of being able to use the pom/gradle file
+# is that we don't have to hardcode the artifact id here and can just read it from the file).
+# TODO: lharker - could we instead grab license information from the maven repository?
+ADDITIONAL_LICENSES = {
+    "com.google.protobuf:protobuf-java": "https://github.com/protocolbuffers/protobuf/blob/v4.30.1/LICENSE",
+}
+
 ## END_MAVEN_ARTIFACTS_LIST
 
 maven = use_extension("@rules_jvm_external//:extensions.bzl", "maven")

THIRD_PARTY_NOTICES

@@ -440,46 +440,6 @@ License for package(s): ['com.google.jimfs:jimfs']
    See the License for the specific language governing permissions and
    limitations under the License.
 
-===============================================================================
-===============================================================================
-===============================================================================
-
-License for package(s): ['com.google.protobuf:protobuf-java']
-
-Copyright 2008 Google Inc.  All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-    * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-    * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-    * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-Code generated by the Protocol Buffer compiler is owned by the owner
-of the input file used when generating it.  This code is not
-standalone and requires a support library to be linked with it.  This
-support library is itself covered by the above license.
-
-
 ===============================================================================
 ===============================================================================
 ===============================================================================
@@ -1013,3 +973,43 @@ David Megginson, [email protected]
 ===============================================================================
 ===============================================================================
 
+License for package(s): ['com.google.protobuf:protobuf-java']
+
+Copyright 2008 Google Inc.  All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+    * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+    * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+Code generated by the Protocol Buffer compiler is owned by the owner
+of the input file used when generating it.  This code is not
+standalone and requires a support library to be linked with it.  This
+support library is itself covered by the above license.
+
+
+===============================================================================
+===============================================================================
+===============================================================================
+

license_check/third_party_license_test.py

@@ -100,6 +100,14 @@ def get_license_from_pom(url):
   return license_content
 
 
+def get_license_from_absolute_url(url):
+  license_content = get_file_from_github(url)
+  if license_content is None:
+    print('Cannot get license information for GitHub url: ', url)
+    sys.exit(1)
+  return license_content
+
+
 def main():
   parser = argparse.ArgumentParser(
       prog='ThirdPartyLicenseTest',
@@ -126,10 +134,15 @@ def main():
   ldict = {}
   exec(bzl_file_contents, globals(), ldict)  # pylint: disable=exec-used
   maven_artifacts = ldict['MAVEN_ARTIFACTS']
-  pom_gradle_filelist = ldict['ORDERED_POM_OR_GRADLE_FILE_LIST']
+  pom_gradle_filelist = ldict[
+      'ORDERED_POM_OR_GRADLE_FILE_LIST_FOR_LICENSE_CHECK'
+  ]
+  additional_licenses = ldict['ADDITIONAL_LICENSES']
 
   # Compare list lengths
-  if len(maven_artifacts) != len(pom_gradle_filelist):
+  if len(maven_artifacts) != len(pom_gradle_filelist) + len(
+      additional_licenses
+  ):
     print(
         'artifact list length and pom/gradle file list length is not equal. ',
         'Please check the file :',
@@ -161,20 +174,26 @@ def main():
         '%s:%s' % (split_artifact_name[0], split_artifact_name[1])
     )
 
-  if artifact_list_from_github != artifact_list_from_maven:
+  gh_artifact_set = set(
+      artifact_list_from_github + list(additional_licenses.keys())
+  )
+  mvn_artifact_set = set(artifact_list_from_maven)
+  if gh_artifact_set != mvn_artifact_set:
     print('Artifact names from github and maven are different.')
-    print('Github artifact list: ', artifact_list_from_github)
-    print('Maven artifact list: ', artifact_list_from_maven)
+    print('----------')
+    print('Github artifact list only: ', gh_artifact_set - mvn_artifact_set)
+    print('Maven artifact list only: ', mvn_artifact_set - gh_artifact_set)
     sys.exit(1)
 
   license_content_to_package = {}
   # Create a dictionary of license names to maven jar files
-  for package in artifact_list_from_github:
-    license_content = get_license_from_pom(package_name_to_pom[package])
-    if license_content in license_content_to_package:
-      license_content_to_package[license_content].append(package)
-    else:
-      license_content_to_package[license_content] = [package]
+  for package, pom_url in package_name_to_pom.items():
+    license_content = get_license_from_pom(pom_url)
+    license_content_to_package.setdefault(license_content, []).append(package)
+
+  for package, url in additional_licenses.items():
+    license_content = get_license_from_absolute_url(url)
+    license_content_to_package.setdefault(license_content, []).append(package)
 
   # Create THIRD_PARTY_NOTICES
   third_party_notices_content = ''