Bump org.json:json from 20251224 to 20260522

[dependabot]

Bumps org.json:json from 20251224 to 20260522.

Release notes

Sourced from org.json:json's releases.

20260522

Pull Request	Description
#1054	pre-release-20260522 prep for next release
#1053	update security.md with key data
#1046	Validate XML numeric character references before string construction
#1044	Ignore static fields in JSONObject.fromJson()
#1041	Enhance README with license clarification
#1039	Fix XML forceList parsing issue
#1038	Fix input validation in XMLTokener.unescapeEntity()
#1037	Fix ClassCastException in JSONML.toJSONArray and toJSONObject
#1029	add badge to external hosted javadoc
#1028	Refactoring: Fix sonarqube reliability issues
#1027	Save/restore default locale in test

Changelog

Sourced from org.json:json's changelog.

20260522 Publish key data, recent commits for minor fixes

Commits

• 968a592 Merge pull request #1054 from stleary/pre-release-20260522
• 3665aad pre-release-20260522 doc and build updates for release
• d749ee1 Merge pull request #1053 from stleary/update-security-md-with-key
• 6495983 update-security-md-with-key new security.md file, also fixed 1000 level jsona...
• 896ce0f Merge pull request #1046 from yuki-matsuhashi/master
• 1877069 Validate XML numeric character references before string construction
• b959027 Merge pull request #1044 from yuki-matsuhashi/1043-ignore-static
• 039f331 Add comment for empty test constructor
• 94e3400 Ignore static fields in JSONObject.fromJson()
• 6230128 Merge pull request #1041 from stleary/license-clarification
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Note

Low Risk
Single dependency version pin in pom.xml; upstream includes security and parsing fixes but no Jedis code changes.

Overview
Bumps the org.json:json Maven dependency in pom.xml from 20251224 to 20260522 (Dependabot). No application source changes.

Jedis uses this library for RedisJSON-related APIs (JSONObject, JSONArray, etc.). The newer release includes XML parsing hardening (numeric character references and unescapeEntity validation), JSONML ClassCastException fixes, JSONObject.fromJson() ignoring static fields, and other minor fixes—worth a quick pass on JSON/XML conversion paths if you rely on edge-case behavior.

^{Reviewed by Cursor Bugbot for commit 66449a5. Bugbot is set up for automated code reviews on this repo. Configure here.}

[jit-ci]

🛡️ Jit Security Scan Results

✅ No security findings were detected in this PR

---

^{Security scan by Jit}

[github-actions]

Test Results

  203 files  ±0    203 suites  ±0   9m 40s ⏱️ +8s
7 767 tests ±0  7 108 ✅ ±0  659 💤 ±0  0 ❌ ±0 
7 787 runs  ±0  7 128 ✅ ±0  659 💤 ±0  0 ❌ ±0 

Results for commit 66449a5. ± Comparison against base commit 93ebe62.

♻️ This comment has been updated with latest results.