Bump the prod-deps group across 1 directory with 2 updates

[dependabot]

Bumps the prod-deps group with 2 updates in the / directory: com.google.guava:guava and org.projectlombok:lombok.

Updates com.google.guava:guava from 33.5.0-jre to 33.6.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.6.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.6.0-jre</version>
  <!-- or, for Android: -->
  <version>33.6.0-android</version>
</dependency>

Jar files

• 33.6.0-jre.jar
• 33.6.0-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.3.jar

Javadoc

• 33.6.0-jre
• 33.6.0-android

JDiff

• 33.6.0-jre vs. 33.5.0-jre
• 33.6.0-android vs. 33.5.0-android
• 33.6.0-android vs. 33.6.0-jre

Changelog

• Migrated some classes from finalize() to PhantomReference in preparation for the removal of finalization. (786b619dd6, 7c6b17c, aeef90988d)
• cache: Deprecated CacheBuilder APIs that use TimeUnit in favor of those that use Duration. (73f8b0bb84)
• collect: Added toImmutableSortedMap collectors that use the natural comparator. (64d70b9f94)
• collect: Changed ConcurrentHashMultiset, ImmutableMap and TreeMultiset deserialization to avoid mutating final fields. In extremely unlikely scenarios in which an instance of that type contains an object that refers back to that instance, this could lead to a broken instance that throws NullPointerException when used. (8240c7e596, 046468055f)
• graph: Removed @Beta from all APIs in the package. (dae9566b73)
• graph: Added support to Graphs.transitiveClosure() for different strategies for adding self-loops. (2e13df25b2)
• graph: Added an asNetwork() view to Graph and ValueGraph. (909c593c61)
• hash: Added BloomFilter.serializedSize(). (df9bcc251a)
• net: Added HttpHeaders.CDN_CACHE_CONTROL. (75331b5030)

Commits

• See full diff in compare view

Updates org.projectlombok:lombok from 1.18.44 to 1.18.46

Changelog

Sourced from org.projectlombok:lombok's changelog.

v1.18.46 (April 22nd, 2026)

• PLATFORM: JDK26 support added #4019.
• PLATFORM: Spring Tools Suite 5 supported #3985.
• BUGFIX: @Jacksonized no longer stops generating @JsonProperty once an explicit @JsonIgnore annotations is encountered #4022.
• BUGFIX: In eclipse, mixing @Jacksonized and fluent = true no longer causes the error com.fasterxml.jackson.annotation.JsonProperty is not a repeatable annotation interface. #3934.
• BUGFIX: Some finishing touches for v1.18.44's support of Jackson3 #4004.

Commits

• 936ca59 [build] lombok's launcher is still intended to be 1.4 compatible, or at least...
• fcdab3f [version] pre-release version bump
• 1cb7d49 [changelog]#4004 Mention Jackson3 final touches in changelog.
• 12a15b0 Fix: Bump EA_JDK to 27 (25 and 26 have been released)
• 2be766c Merge branch 'jackson3-final-touches'
• 290fa4c [trivial] constantize the warning we spit out for ambiguous jackson2/3, and m...
• e6567b6 test: Add Jackson 3 test cases and version ambiguity warnings
• 45e72e2 feat: Add Jackson 3 databind/dataformat annotations to HandlerUtil copy lists
• 184d423 feat: Add Jackson 3 support to @​Jacksonized handlers
• e027ad0 refactored to ShadowClassLoader use Collections::enumeration instead of Vector
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions