chore: [DevOps] bump the production-major group across 1 directory with 2 updates

[dependabot]

Bumps the production-major group with 2 updates in the / directory: org.springframework:spring-framework-bom and org.json:json.

Updates org.springframework:spring-framework-bom from 6.2.12 to 7.0.2

Release notes

Sourced from org.springframework:spring-framework-bom's releases.

v7.0.2

⭐ New Features

• Avoid unnecessary list creation and processing in AbstractTestContextBootstrapper #35995
• AbstractTestContextBootstrapper should resolve ContextLoader only once #35994
• Log RetryException for @Retryable methods #35983
• Consistently stop already started Lifecycle beans on cancelled refresh #35964
• Support timeouts in @Retryable and RetryPolicy #35963
• Use == instead of instanceof for primitive array type checks #35962
• Introduce MultiValueMapCollector for use with streams #35958
• Avoid package cycle caused by use of UriComponentsBuilder in ServletServerHttpRequest #35952
• Target type in Converter interface should be @Nullable #35947
• Provide access to attempt count in RetryListener as well as callbacks for the initial attempt #35940
• DefaultHandshakeHandler should not log client faults on error level #35930
• Log warning when meta-annotation is ignored due to types not present in classpath #35927
• Revise ApplicationContext#getId() nullability to non-null #35925
• Use concurrent set behind reactive TransactionSynchronizationManager#registerSynchronization #35921
• Refine AbstractKotlinSerializationHttpMessageConverter#canWrite #35920
• Register bean dependency for Optional injection point as well #35919
• Change canRead/canWrite overrides to Class ones in AbstractSmartHttpMessageConverter #35916
• Do not make HttpHeaders read-only in HttpEntity #35888
• Add WebFlux SSE support with GSON #35884
• Different ReactorNettyWebSocketSession call getId() may return the same value #35883
• Refine nullability of Assert#noNullElements #35868
• Allow configuring default maxIdleTime on InMemoryWebSessionStore. #35866
• Refine BindingReflectionHintsRegistrar with ObjectToObjectConverter hints #35847
• Add resetCaches() method to general CacheManager interface #35845
• Enhance handleTypeMismatch error message in ResponseEntityExceptionHandler #35837
• Add support for package-private BeanRegistrar in Spring AOT generated code #35803
• Use ExtendedServletRequestDataBinder/ExtendedWebExchangeDataBinder for functional request binding #35800
• Expose Collection on FragmentsRendering to facilitate Unit Tests #35775
• Improve i18n-support for NoResourceFoundException #35758
• Cache resolved singleton beans in injected Provider instance #35373

🐞 Bug Fixes

• ContextConfigurationAttributes(Class) constructor incorrectly sets inheritLocations to false #36000
• NullPointerException thrown from JdkClientHttpRequestFactory for null request header value #35996
• State inconsistency in LazyConnectionDataSourceProxy when connection settings fail #35980
• SubscriberInputStream#resume misuses parked thread reference #35978
• Shared EntityManager returned by AbstractEntityManagerFactoryBean cannot be advised by AspectJ interceptor #35974
• RestClient cannot make HEAD requests when the response declares gzip Content-Encoding #35966
• ServerRequestObservationContext(s) miss Propagator.Getter method implementation #35965
• Jackson used instead of kotlinx.serialization for more complex types #35960
• Strong locking in ConcurrentReferenceHashMap#computeIfAbsent may cause context initialisation deadlock #35944
• BridgeMethodResolver change in 6.2.13 breaks Spring Data entity introspection #35936
• DefaultMessageListenerContainer does not clear Session and MessageConsumer for paused invokers #35932
• Tighten cacheable decision behind @Lazy injection point #35917
• AOT-generated bean definition does not consider name of RuntimeBeanReference using name and type #35913
• Accidental fallback match for Collection-type beans due to @Bean-level qualifier annotation #35908

... (truncated)

Commits

• 3591f1e Release v7.0.2
• e2c9dc7 Revert to previous behavior for 7.0.2 (based on Boot/Data impact)
• 1818161 Ensure bottom-up semantics in resolveDefaultContextConfigurationAttributes()
• 8916ee9 Set inheritLocations to true in ContextConfigurationAttributes constructor
• d835fe3 Do not send null HTTP header value in JdkClientHttpRequest
• 0eefac2 Polishing contribution
• e99791f Improve i18n-support for NoResourceFoundException.
• 658775b Avoid unnecessary list creation & processing in AbstractTestContextBootstrapper
• ea7a1d7 Resolve ContextLoader only once in AbstractTestContextBootstrapper
• 4ae471d Resolve all default context configuration within @⁠Nested hierarchy
• Additional commits viewable in compare view

Updates org.json:json from 20250517 to 20251224

Release notes

Sourced from org.json:json's releases.

20251224

Pull Request	Description
#1021	Add LTS JDK 25 build to github actions
#1020	Record type support
#1017	Refactoring: Fix some SonarQube issues
#1014	Refactoring: String check logic in CDL
#1013	Refactoring: FIx Sonarqube issues in JSONArray
#1011	Refactoring: Fix SonarQube issues in JSONObject
#1009	Fix strict mode check for period after number
#1008	Fixed JSONArray strict mode check for leading comma
#1006	JSONObject.fromJson() with unit tests
#1005	Refactoring: Fix sonarQube issues in JSONObject
#1004	Refactoring: Fix sonarcube issues in JSONObject
#1001	Refactoring: sonarqube issues in JSONObject
#1000	Refactoring: Fix some sonarcube issues from recent commits
#999	fixed some strict mode issues
#995	Fix regression XML parsing null with keepStrings
#994	Add Jacoco option to build, restore method check in populateMap()
#993	Added JUnit tests for XMLTokenerTest
#992	Added JUnit test cases for HTTPTokener
#991	update CodeQL to v3
#990	Refactoring: fix SonarQube issues in populateMap()
#989	Refactoring: Remove unused code
#988	Refactoring: Remove unused method from jsonobject
#987	Refactor: Check equality with literal on lhs
#983	Allow retaining null-valued bean properties in JSONObjects

Changelog

Sourced from org.json:json's changelog.

20251224 Records, fromJson(), and recent commits

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions