Upgrade version of libraries-bom in spring-cloud-gcp-dependencies (to fix grpc vulnerability)

[aksth]

Describe the bug
spring-cloud-gcp-dependencies:7.4.1 uses libraries-bom:26.71.0. This in turn introduces version 1.71.0 of grpc libraries in the project. As we know, security scanning tools show a vulnerability in grpc-netty-shaded for versions <1.75.0. So to get rid of this, the developer will have to forcefully override the version of grpc libraries using grpc bom. But it would be better if the developer could do this by upgrading spring-cloud-gcp-dependencies itself.

Following is how the dependency tree looks like:

• spring-cloud-gcp-dependencies:7.4.1
  • libraries-bom:26.71.0
    • first-party-dependencies:3.53.0
      • gapic-generator-java-bom:2.63.0
        • gapic-generator-java-pom-parent:2.63.0
          • <grpc.version>1.71.0</grpc.version> <-- This is where the issue is!

If we upgrade the version of libraries-bom to 26.72.0, following is how the dependency tree will look like:

• spring-cloud-gcp-dependencies:[next-version]
  • libraries-bom:26.72.0
    • first-party-dependencies:3.54.1
      • gapic-generator-java-bom:2.64.1
        • gapic-generator-java-pom-parent:2.64.1
          • <grpc.version>1.76.0</grpc.version> <-- This is where the issue is fixed!

I'm not sure if this upgrade of libraries-bom is already in pipeline for spring-cloud-gcp-dependencies. If yes, may I know when's the next release for this? If not, could you fix this?

[speque]

Really hoping to see this upgraded! 👍