Bump protobuf to 3.25.5 (#6343)

Per [b/371058443](https://b.corp.google.com/issues/371058443),

This bumps our protobuf deps to `3.25.5` to address [CVE
2024-7254](GHSA-735f-pc8j-v9w8).

All relevant libraries should have a changelog attached, unless I missed
any.

This PR also fixes the following:

- [b/371223043](https://b.corp.google.com/issues/371223043) -> Migrate
protobuf deps to version catalog

Fixes #6336

---------

Co-authored-by: Rodrigo Lazo <rlazo@users.noreply.github.com>

Author: daymxn

build.gradle

@@ -54,9 +54,6 @@ ext {
     robolectricVersion = libs.versions.robolectric.get()
     androidxTestCoreVersion = libs.versions.androidx.test.core.get()
     androidxTestJUnitVersion = libs.versions.androidx.test.junit.get()
-    protocVersion = libs.versions.protoc.get()
-    javaliteVersion = libs.versions.javalite.get()
-    protobufJavaUtilVersion = libs.versions.protobufjavautil.get()
 }
 
 apply plugin: com.google.firebase.gradle.plugins.PublishingPlugin

encoders/firebase-encoders-proto/CHANGELOG.md

@@ -1,3 +1,4 @@
 # Unreleased
-
+* [changed] Updated protobuf dependency to `3.25.5` to fix
+  [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8).
 

encoders/firebase-encoders-proto/firebase-encoders-proto.gradle

@@ -32,7 +32,7 @@ java {
 
 protobuf {
     protoc {
-        artifact = "com.google.protobuf:protoc:$protocVersion"
+        artifact = libs.protoc.get().toString()
     }
 }
 
@@ -47,7 +47,7 @@ dependencies {
     testAnnotationProcessor project(':encoders:firebase-encoders-processor')
 
     testImplementation 'com.google.guava:guava:31.0-jre'
-    testImplementation "com.google.protobuf:protobuf-java-util:$protobufJavaUtilVersion"
+    testImplementation libs.protobuf.java.util
     testImplementation "com.google.truth:truth:$googleTruthVersion"
     testImplementation 'com.google.truth.extensions:truth-proto-extension:1.0'
     testImplementation 'junit:junit:4.13.1'

encoders/protoc-gen-firebase-encoders/protoc-gen-firebase-encoders.gradle

@@ -22,7 +22,7 @@ plugins {
 
 protobuf {
     protoc {
-        artifact = "com.google.protobuf:protoc:$protocVersion"
+        artifact = libs.protoc.get().toString()
     }
 }
 

encoders/protoc-gen-firebase-encoders/tests/tests.gradle

@@ -26,7 +26,7 @@ dependencies {
 
 protobuf {
     protoc {
-        artifact = "com.google.protobuf:protoc:$protocVersion"
+        artifact = libs.protoc.get().toString()
     }
     plugins {
         firebaseEncoders {
@@ -51,7 +51,7 @@ dependencies {
 
     testImplementation project(":encoders:firebase-encoders")
     testImplementation project(":encoders:firebase-encoders-proto")
-    testImplementation "com.google.protobuf:protobuf-java:3.21.9"
+    testImplementation libs.protobuf.java
     testImplementation "com.google.truth:truth:1.0.1"
     testImplementation 'junit:junit:4.13.1'
 }

firebase-config/CHANGELOG.md

@@ -1,5 +1,6 @@
 # Unreleased
-
+* [changed] Updated protobuf dependency to `3.25.5` to fix
+  [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8).
 
 # 22.0.0
 * [changed] Bump internal dependencies

firebase-crashlytics-ndk/firebase-crashlytics-ndk.gradle

@@ -124,7 +124,7 @@ dependencies {
 
     androidTestImplementation "androidx.test:core:$androidxTestCoreVersion"
     androidTestImplementation 'androidx.test:runner:1.4.0'
-    androidTestImplementation "com.google.protobuf:protobuf-javalite:$javaliteVersion"
+    androidTestImplementation libs.protobuf.java.lite
     androidTestImplementation 'com.linkedin.dexmaker:dexmaker:2.28.1'
     androidTestImplementation 'com.linkedin.dexmaker:dexmaker-mockito:2.28.1'
     androidTestImplementation 'org.mockito:mockito-core:3.4.3'

firebase-crashlytics/CHANGELOG.md

@@ -1,4 +1,7 @@
 # Unreleased
+* [changed] Updated protobuf dependency to `3.25.5` to fix
+  [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8).
+
 
 # 19.2.0
 * [fixed] Improved data consistency for rapid user actions.

firebase-crashlytics/firebase-crashlytics.gradle

@@ -104,7 +104,7 @@ dependencies {
     androidTestImplementation(libs.androidx.test.runner)
     androidTestImplementation(libs.androidx.test.junit)
     androidTestImplementation("com.google.firebase:firebase-encoders-json:18.0.1")
-    androidTestImplementation("com.google.protobuf:protobuf-java:3.21.11")
+    androidTestImplementation(libs.protobuf.java)
     androidTestImplementation(libs.truth)
     androidTestImplementation("com.linkedin.dexmaker:dexmaker:2.28.3")
     androidTestImplementation(libs.mockito.dexmaker)

firebase-dataconnect/CHANGELOG.md

@@ -1,4 +1,6 @@
 # Unreleased
+* [changed] Updated protobuf dependency to `3.25.5` to fix
+  [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8).
 
 # 16.0.0-beta01
 * [feature] Initial release of the Data Connect SDK (public preview). Learn how to
@@ -19,3 +21,4 @@
   ([#6299](https://github.com/firebase/firebase-android-sdk/pull/6299))
 * [changed] Added `equals` and `hashCode` methods to `GeneratedConnector`.
   ([#6177](https://github.com/firebase/firebase-android-sdk/pull/6177))
+