[SECURITY] Upgrade guava to 25.1-jre

[kemitix]

Guava 18.0 is susceptible to CWE-502: Deserialization of Untrusted Data

• https://cwe.mitre.org/data/definitions/502.html
• https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-32236

[kemitix]

I could be looking at it wrong, but it doesn't appear that PRs are configured to run integration tests properly on Travis.

[takaczapka]

Is anyone looking at those problems? My PR is failing for the same reason.

[kemitix]

@takaczapka No new commits in four months, and no response to a security-related PR. I'm not optimistic about this being actively maintained.