chore: Update Spring to 5.3.39

[Swiddis]

Description

Update Spring to latest patch to quiet CVE scanners.

Related Issues

N/A

Check List

• New functionality includes testing.
• New functionality has been documented.
• New functionality has javadoc added.
• New functionality has a user manual doc added.
• API changes companion pull request created.
• Commits are signed per the DCO using --signoff.
• Public documentation issue/PR created.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[dai-chen]

Is CI failure related?

[Swiddis]

Shouldn't be, I was getting issues with finding Nebula locally even before making the change. Old PRs on this branch have their logs out of the retainment window so not sure if this is precedent.

[noCharger]

Does this fix applicable? #3177

Saw CI failed on

Run actions/upload-artifact@v4
With the provided path, there will be [1](https://github.com/opensearch-project/sql/actions/runs/12167741795/job/33936977780?pr=3187#step:6:1) file uploaded
Artifact name is valid!
Root directory input is valid!
Error: Failed to CreateArtifact: Received non-retryable error: Failed request: (409) Conflict: an artifact with this name already exists on the workflow run

[dai-chen]

Just to confirm, our main and 2.x doesn't have this issue right? Because I notice this PR is targeting 1.x directly.

[Swiddis]

2.x seems to be failing for different reasons https://github.com/opensearch-project/sql/actions/runs/12042222533/job/33575506240

But this is just to quiet CVE scanners complaining about the outdated dep on 1.x, the changelog between the spring versions is negligible

[Swiddis]

Does this fix applicable? #3177

Saw CI failed on

Run actions/upload-artifact@v4
With the provided path, there will be [1](https://github.com/opensearch-project/sql/actions/runs/12167741795/job/33936977780?pr=3187#step:6:1) file uploaded
Artifact name is valid!
Root directory input is valid!
Error: Failed to CreateArtifact: Received non-retryable error: Failed request: (409) Conflict: an artifact with this name already exists on the workflow run

Went away after rerunning -- maybe conflicted with the last job run since I also pushed the upload-artifact fix fairly quickly

[dai-chen]

Please confirm if CI failure is related or not.

[Swiddis]

CI isn't related, can track that as a separate task if needed

[opensearch-trigger-bot]

The backport to 1.3 failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-1.3 1.3
# Navigate to the new working tree
cd .worktrees/backport-1.3
# Create a new branch
git switch --create backport/backport-3187-to-1.3
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 77aa93eb6a634df2b61a46669ca559440680f7e2
# Push it to GitHub
git push --set-upstream origin backport/backport-3187-to-1.3
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-1.3

Then, create a pull request where the base branch is 1.3 and the compare/head branch is backport/backport-3187-to-1.3.