Dependency bump of clojurescript to remove vulnerabilities

[brendanarnold]

semantic-csv has a few vulnerable sub-dependencies flagged by Snyk. Most seem to be in an old version of clojurescript and bumping will probably fix them. The following were identified ...

gson 2.7 needs bumping to >2.8.9
guava 20.0 needs bumping to >24.1.1
protobuf-java 3.0.2 needs bumping to >3.16.3

The following is the dependency graph snippet for semantic-csv got from clojure -Stree

semantic-csv/semantic-csv 0.2.0
  . org.clojure/clojurescript 1.9.493
    . com.google.javascript/closure-compiler-unshaded v20170218
      . com.google.javascript/closure-compiler-externs v20170218
      . args4j/args4j 2.33
      . com.google.guava/guava 20.0 // << --- VULNERABLE
      . com.google.protobuf/protobuf-java 3.0.2 // << --- VULNERABLE
      . com.google.code.gson/gson 2.7 // << --- VULNERABLE
      . com.google.code.findbugs/jsr305 3.0.1
      . com.google.jsinterop/jsinterop-annotations 1.0.0
    . org.clojure/google-closure-library 0.0-20160609-f42b4a24
      . org.clojure/google-closure-library-third-party 0.0-20160609-f42b4a24
    X org.clojure/data.json 0.2.6 :older-version
    . org.mozilla/rhino 1.7R5
    X org.clojure/tools.reader 1.0.0-beta3 :use-top
  . clojure-csv/clojure-csv 2.0.1