build(deps): update target-maven.version [security] by renovate-bot · Pull Request #4468 · googleapis/java-bigtable-hbase

renovate-bot · 2025-01-23T23:09:13Z

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.apache.maven:maven-core (source)	`3.0` → `3.8.1`
org.apache.maven:maven-plugin-api (source)	`3.0` → `3.9.12`

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2021-26291

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html

Release Notes

apache/maven (org.apache.maven:maven-plugin-api)

`v3.9.12`: 3.9.12

🚀 New features and improvements

[3.9.x] Apply resolver changes and improvements (#11536) @cstamas
Update formatting of prerequisites-requirements error to improve readability (#11523) @slawekjaranowski
Allow a Maven plugin to require a Java version (#11479) @slawekjaranowski
Use MavenRepositorySystem in ProjectBuildingHelper instead of deprecated RepositorySystem (#11358) @slawekjaranowski
Make maven.config use UTF8 (#11264) @cstamas
Simplify prefix resolution (#11197) @slawekjaranowski

🐛 Bug Fixes

Add default implementation for new method in MavenPluginManager (#11522) @slawekjaranowski
Repository layout should be used in MavenRepositorySystem (#11495) @slawekjaranowski
Fix plugin prefix resolution when metadata is not available from repository (#11290) @slawekjaranowski
Improve source root modification warning message (#11105) @gnodet
Bug: bad cache isolation between two sessions (#11082) @cstamas
Set Guice class loading to CHILD - avoid using terminally deprecated methods (#11003) @slawekjaranowski
Avoid parsing MAVEN_OPTS (3.9.x) (#10969) @BobVul

📝 Documentation updates

clarify repository vs deployment repository (#11492) @hboutemy
add maintained branches (#11448) @hboutemy

👻 Maintenance

Add IntelliJ icon (#11408) @Bukama
Build by JDK 25 (#11187) @slawekjaranowski
Deprecate org.apache.maven.repository.RepositorySystem in 3.9.x (#11096) @slawekjaranowski

🔧 Build

Bump actions/download-artifact from 5.0.0 to 6.0.0 (#11335) @dependabot[bot]
Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#11336) @dependabot[bot]

📦 Dependency updates

Bump actions/cache from 4.3.0 to 5.0.0 (#11542) @dependabot[bot]
Bump resolverVersion from 1.9.24 to 1.9.25 (#11533) @dependabot[bot]
Bump actions/checkout from 6.0.0 to 6.0.1 (#11512) @dependabot[bot]
Bump actions/setup-java from 5.0.0 to 5.1.0 (#11519) @dependabot[bot]
Bump actions/checkout from 5.0.1 to 6.0.0 (#11476) @dependabot[bot]
Bump actions/checkout from 5.0.0 to 5.0.1 (#11458) @dependabot[bot]
Bump commons-cli:commons-cli from 1.10.0 to 1.11.0 (#11438) @dependabot[bot]
Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 (#11416) @dependabot[bot]
Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#11417) @dependabot[bot]
Bump xmlunitVersion from 2.10.4 to 2.11.0 (#11331) @dependabot[bot]
Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.24 to 1.26 (#11231) @dependabot[bot]
Bump org.ow2.asm:asm from 9.8 to 9.9 (#11203) @dependabot[bot]
Bump actions/cache from 4.2.4 to 4.3.0 (#11172) @dependabot[bot]
Bump com.google.guava:guava from 33.4.8-jre to 33.5.0-jre (#11143) @dependabot[bot]
Bump xmlunitVersion from 2.10.3 to 2.10.4 (#11121) @dependabot[bot]
Bump actions/cache from 4.2.3 to 4.2.4 (#11032) @dependabot[bot]
Bump commons-cli:commons-cli from 1.9.0 to 1.10.0 (#11018) @dependabot[bot]
Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#10966) @dependabot[bot]

`v3.9.11`: 3.9.11

🚀 New features and improvements

Augment version range resolution used repositories (#2574) @cstamas

🐛 Bug Fixes

Deduplicate filtered dependency graph (#2489) @alzimmermsft
Move ensure in boundaries of project lock (#2470) @cstamas

👻 Maintenance

[MNGSITE-393] - remove references to Maven 2 (#2438) @elharo
Update CONTRIBUTING after GitHub issues enabled (#2449) @slawekjaranowski
Enable Github Issues (3.9.x) (#2414) @Bukama
[MNG-8763] - Remove name from site bannerLeft (#2419) @slawekjaranowski

🔧 Build

Pin GitHub action versions by hash (#10898) @slawekjaranowski
Build the project by JDK 21 as default (#10896) @slawekjaranowski
Use Maven 3.9.10 for build on GitHub (#2452) @slawekjaranowski

📦 Dependency updates

Bump resolverVersion from 1.9.23 to 1.9.24 (#2540) @dependabot[bot]
Bump xmlunitVersion from 2.10.2 to 2.10.3 (#2500) @dependabot[bot]
Bump org.apache.maven:maven-parent from 44 to 45 (#2491) @dependabot[bot]
Bump org.codehaus.mojo:build-helper-maven-plugin from 3.6.0 to 3.6.1 (#2432) @dependabot[bot]

`v3.9.10`: 3.9.10

Release Notes - Maven - Version 3.9.10

Bug

[MNG-8096] - Inconsistent dependency resolution behaviour for concurrent multi-module build can cause failures
[MNG-8169] - MINGW support requires --add-opens java.base/java.lang=ALL-UNNAMED
[MNG-8170] - Maven 3.9.8 contains weird native library for Jansi on Windows/arm64
[MNG-8211] - Maven should fail builds that use CI Friendly versions but have no values set
[MNG-8248] - WARNING: A restricted method in java.lang.System has been called
[MNG-8256] - ProjectDependencyGraph bug: in case of filtering, non-direct module links are lost
[MNG-8315] - Failure of mvn.cmd if a .mvn directory is located at drive root
[MNG-8396] - Maven takes forever to resume
[MNG-8711] - "Duplicate artifact" in LifecycleDependencyResolver

Improvement

[MNG-8370] - Introduce maven.repo.local.head
[MNG-8399] - JDK 24+ issues warning about usage of sun.misc.Unsafe
[MNG-8707] - Add methods to remove compile and test source roots
[MNG-8712] - improve dependency version explanation: it's a requirement, not always effective version
[MNG-8717] - Remove maven-plugin-plugin:addPluginArtifactMetadata from default binding
[MNG-8722] - Use a single standalone version of asm
[MNG-8731] - Use https for xsi:schemaLocation in generated descriptors
[MNG-8734] - Simplify scripting like "get project version" cases

Task

[MNG-8728] - Bump Eclipse Sisu from 0.9.0.M3 to 0.9.0.M4 and use Java 24 on CI

Dependency upgrade

[MNG-8289] - Update Plexus annotations to 2.2.0
[MNG-8443] - Bump com.google.guava:guava from 33.2.1-jre to 33.4.0-jre
[MNG-8531] - Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0
[MNG-8532] - Bump commons-io:commons-io from 2.16.1 to 2.18.0
[MNG-8534] - Bump org.codehaus.mojo:buildnumber-maven-plugin from 3.2.0 to 3.2.1
[MNG-8635] - Bump com.google.guava:failureaccess from 1.0.2 to 1.0.3
[MNG-8636] - Bump com.google.guava:guava from 33.4.0-jre to 33.4.5-jre
[MNG-8640] - Bump org.apache.maven:maven-parent from 43 to 44
[MNG-8661] - Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre
[MNG-8701] - Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28
[MNG-8702] - Bump org.codehaus.plexus:plexus-classworlds from 2.8.0 to 2.9.0
[MNG-8703] - Bump commons-io:commons-io from 2.18.0 to 2.19.0
[MNG-8704] - Bump com.google.guava:guava from 33.4.6-jre to 33.4.8-jre
[MNG-8705] - Bump commons-jxpath:commons-jxpath from 1.3 to 1.4.0
[MNG-8706] - Bump commons-cli:commons-cli from 1.8.0 to 1.9.0
[MNG-8715] - Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2
[MNG-8716] - Bump resolver to 1.9.23
[MNG-8745] - Bump xmlunitVersion from 2.10.0 to 2.10.2

What's Changed

[MNG-8211] Fail the build if CI Friendly revision used without value by @cstamhttps://github.com/apache/maven/pull/1656l/1656
Add missing since by @cstamhttps://github.com/apache/maven/pull/1682l/1682
[MNG-8256] FilteredProjectDependencyGraph fix for non-transitive case by @cstamhttps://github.com/apache/maven/pull/1724l/1724
[MNG-8315] Failure of mvn.cmd if a .mvn folder is located at drive root by @fmarhttps://github.com/apache/maven/pull/1806l/1806
[MNG-8289] Update Plexus Annotations to 2.2.0 by @dependabhttps://github.com/apache/maven/pull/1666l/1666
[MNG-8370] Add maven.repo.local.head by @slawekjaranowshttps://github.com/apache/maven/pull/1915l/1915
[MNG-8443] Bump com.google.guava:guava from 33.2.1-jre to 33.4.0-jre by @dependabhttps://github.com/apache/maven/pull/1991l/1991
[MNG-8531] Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0 by @dependabhttps://github.com/apache/maven/pull/2013l/2013
[MNG-8532] Bump commons-io:commons-io from 2.16.1 to 2.18.0 by @dependabhttps://github.com/apache/maven/pull/1926l/1926
[MNG-8534] Bump org.codehaus.mojo:buildnumber-maven-plugin from 3.2.0 to 3.2.1 by @dependabhttps://github.com/apache/maven/pull/1699l/1699
Add PR Automation action by @slawekjaranowshttps://github.com/apache/maven/pull/2113l/2113
Bump com.google.guava:failureaccess from 1.0.2 to 1.0.3 by @dependabhttps://github.com/apache/maven/pull/2167l/2167
Bump com.google.guava:guava from 33.4.0-jre to 33.4.5-jre by @dependabhttps://github.com/apache/maven/pull/2168l/2168
[MNG-8640] Bump org.apache.maven:maven-parent from 43 to 44 by @dependabhttps://github.com/apache/maven/pull/2163l/2163
Use Maven 3.9.9 for build maven-3.9.x branch by @slawekjaranowshttps://github.com/apache/maven/pull/2177l/2177
[MNG-8248] Add enable-native-access to startup scripts by @slawekjaranowshttps://github.com/apache/maven/pull/2171l/2171
[MNG-8661] Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre by @dependabhttps://github.com/apache/maven/pull/2185l/2185
Use dedicated local repo for ITs on Jenkins by @slawekjaranowshttps://github.com/apache/maven/pull/2255l/2255
[MNG-8701] Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 by @dependabhttps://github.com/apache/maven/pull/2240l/2240
[MNG-8702] Bump org.codehaus.plexus:plexus-classworlds from 2.8.0 to 2.9.0 by @dependabhttps://github.com/apache/maven/pull/2241l/2241
[MNG-8703] Bump commons-io:commons-io from 2.18.0 to 2.19.0 by @dependabhttps://github.com/apache/maven/pull/2258l/2258
[MNG-8704] Bump com.google.guava:guava from 33.4.6-jre to 33.4.8-jre by @dependabhttps://github.com/apache/maven/pull/2264l/2264
[MNG-8705] Bump commons-jxpath:commons-jxpath from 1.3 to 1.4.0 by @dependabhttps://github.com/apache/maven/pull/2270l/2270
[MNG-8706] Bump commons-cli:commons-cli from 1.8.0 to 1.9.0 by @dependabhttps://github.com/apache/maven/pull/1665l/1665
[MNG-8715] Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2 by @dependabhttps://github.com/apache/maven/pull/2280l/2280
[MNG-8707] Add methods to remove compile and test source roots by @gnodhttps://github.com/apache/maven/pull/2275l/2275
[MNG-8712] dependency version is a requirement, not effective by @hboutehttps://github.com/apache/maven/pull/2279l/2279
[MNG-8717] Remove maven-plugin-plugin:addPluginArtifactMetadata from default binding by @slawekjaranowshttps://github.com/apache/maven/pull/2295l/2295
[MNG-8169] Add opens java.base/java.lang=ALL-UNNAMED for MinGW by @slawekjaranowshttps://github.com/apache/maven/pull/2296l/2296
[MNG-8722] Use a single standalone version of asm by @slawekjaranowshttps://github.com/apache/maven/pull/2297l/2297
[MNG-8716] Bump resolver to 1.9.23 by @slawekjaranowshttps://github.com/apache/maven/pull/2282l/2282
[MNG-8731] Use https for xsi:schemaLocation in generated descriptors by @slawekjaranowshttps://github.com/apache/maven/pull/2343l/2343
[MNG-8711] Fix concurrent cache access by @slawekjaranowshttps://github.com/apache/maven/pull/2345l/2345
Update README.md by @slawekjaranowshttps://github.com/apache/maven/pull/2353l/2353
[MNG-8728] Bump Eclipse Sisu from 0.9.0.M3 to 0.9.0.M4 by @cstamhttps://github.com/apache/maven/pull/2359l/2359
[MNG-8728] Build ITs on JDK 21, 24 by @slawekjaranowshttps://github.com/apache/maven/pull/2360l/2360
[MNG-8734] Make Maven 3.9.10 ignore --raw-streams option by @cstamhttps://github.com/apache/maven/pull/2361l/2361
Bump xmlunitVersion from 2.10.0 to 2.10.1 by @dependabhttps://github.com/apache/maven/pull/2354l/2354
[MNG-8396] Backport: add cache layer to the filtered dep graph by @cstamhttps://github.com/apache/maven/pull/2393l/2393
[MNG-8745] Bump xmlunitVersion from 2.10.1 to 2.10.2 by @dependabhttps://github.com/apache/maven/pull/2389l/2389

New Contributors

@fmarot made their first contributihttps://github.com/apache/maven/pull/1806l/1806

Full Changelog: apache/maven@maven-3.9.9...maven-3.9.10

`v3.9.9`: 3.9.9

Release Notes - Maven - Version 3.9.9

Bug

[MNG-8159] - Fix search for topDirectory when using -f / --file for Maven 3.9.x
[MNG-8165] - Maven does not find extensions for -f when current dir is root
[MNG-8177] - Warning "'dependencyManagement.dependencies.dependency.systemPath' for com.sun:tools:jar refers to a non-existing file C:\Temp\jdk-11.0.23\..\lib\tools.jar"
[MNG-8178] - Profile activation based on OS properties is broken for "mvn site"
[MNG-8180] - Resolver will blindly assume it is deploying a plugin by presence of META-INF/maven/plugins.xml in JAR
[MNG-8182] - Missing or mismatching Trusted Checksum for some artifacts is not properly reported
[MNG-8188] - [REGRESSION] Property not resolved in profile pluginManagement

Task

[MNG-8206] - Remove Maven 2.1 (v 2.0) compatibility bits

Dependency upgrade

[MNG-8175] - Resolver 1.9.21
[MNG-8179] - Upgrade Parent to 43
[MNG-8193] - Resolver 1.9.22
[MNG-8198] - (build) Animal Sniffer 1.24
[MNG-8199] - Hamcrest 3.0

What's Changed

[MNG-8159] Fix search for topDirectory when using -f / --file by @gzmhttps://github.com/apache/maven/pull/1589l/1589
[MNG-7194] Test missing property evaluation by @pzygiehttps://github.com/apache/maven/pull/1570l/1570
[3.9.x] [MNG-8175] Update Resolver to 1.9.21 by @cstamhttps://github.com/apache/maven/pull/1598l/1598
[MNG-8178] Fall back to system properties for missing profile activation context properties by @kohlschuetthttps://github.com/apache/maven/pull/1603l/1603
[MNG-8179] Upgrade Parent to 43 by @slawekjaranowshttps://github.com/apache/maven/pull/1610l/1610
[MNG-8180] Fail install/deploy if rogue Maven Plugin metadata found by @cstamhttps://github.com/apache/maven/pull/1611l/1611
[3.9.x][MNG-8193] Update to Resolver 1.9.22 by @cstamhttps://github.com/apache/maven/pull/1627l/1627
[MNG-8199] Hamcrest 3.0 by @cstamhttps://github.com/apache/maven/pull/1631l/1631
[MNG-8182] Resolved errors were created based on collect exceptions by @cstamhttps://github.com/apache/maven/pull/1632l/1632
[MNG-8180] Handle NPE due non-existent tags by @cstamhttps://github.com/apache/maven/pull/1641l/1641
[MNG-8180] Back out from failing the build by @cstamhttps://github.com/apache/maven/pull/1642l/1642
[MNG-8206] Remove bad plugin.xml from maven-compat by @cstamhttps://github.com/apache/maven/pull/1646l/1646
[MNG-8177] Add contextual info for model warnings by @cstamhttps://github.com/apache/maven/pull/1633l/1633
[MNG-8188] Profile properties are not interpolated by @cstamhttps://github.com/apache/maven/pull/1634l/1634
[MNG-8165] Align mvn.sh script with mvn.cmd by @cstamhttps://github.com/apache/maven/pull/1647l/1647
[MNG-8165] Get rid of bashism creeped in by @cstamhttps://github.com/apache/maven/pull/1653l/1653

New Contributors

@gzm55 made their first contributihttps://github.com/apache/maven/pull/1589l/1589
@kohlschuetter made their first contributihttps://github.com/apache/maven/pull/1603l/1603

Full Changelog: apache/maven@maven-3.9.8...maven-3.9.9

`v3.9.8`: 3.9.8

Release Notes - Maven - Version 3.9.8

Bug

[MNG-7758] - o.e.aether.resolution.ArtifactResolutionException incorrectly examined when multiple repositories are involved
[MNG-8066] - Maven hangs on self-referencing exceptions
[MNG-8116] - Plugin configuration can randomly fail in case of method overloading as it doesn't take into account implementation attribute
[MNG-8131] - Property replacement in dependency pom no longer works
[MNG-8135] - Profile activation based on OS properties is no longer case insensitive
[MNG-8142] - If JDK profile activator gets "invalid" JDK version for whatever reason, it chokes but does not tell why
[MNG-8147] - Profile interpolation broke their evaluation in case of duplicate IDs

Improvement

[MNG-7902] - Sort plugins in validation report
[MNG-8140] - When a model is discarded (by model builder) for whatever reason, show why it happened
[MNG-8141] - Model Builder should report if not sure about "fully correct" outcome
[MNG-8150] - Make SimplexTransferListener handle absent source/target files

Task

[MNG-8146] - Drop use of commons-lang

Dependency upgrade

[MNG-8136] - Update to Eclipse Sisu 0.9.0.M3
[MNG-8143] - Update to commons-cli 1.8.0
[MNG-8144] - Update to Guava 32.2.1-jre
[MNG-8154] - Upgrade default plugin bindings

What's Changed

Use Maven Wrapper to build by @slawekjaranowski in #1553
[3.9.x] [MNG-8136] Update Eclipse Sisu to 0.9.0.M3 by @cstamas in #1547
[MNG-8135] Profile activation based on OS properties is no longer case insensitive by @cstamas in #1561
[3.9.x] Dependency updates by @cstamas in #1560
[MNG-7902] Sort plugins in the validation report (#1510) by @slawekjaranowski in #1562
[MNG-8066] Default exception handler does not handle recursion by @cstamas in #1558
[MNG-8142] Hidden bug: JDK profile activator throw NumberFormatEx by @cstamas in #1557
[MNG-8146] Drop commons-lang by @cstamas in #1564
[MNG-8140] Always tell why model was discarded as "invalid" by @cstamas in #1555
[MNG-8141] Model builder should report problems it finds during build by @cstamas in #1556
[MNG-8141][MNG-8147] Restore profile ID invariance but warn if duplicate IDs present by @cstamas in #1568
[MNG-8141] Aftermath, and tidy up by @cstamas in #1572
[MNG-8150] Backport TransferListener improvements for Maven 3.9.x by @pshevche in #1576
[MNG-7758] Report dependency problems for all repository by @slawekjaranowski in #1584
[MNG-8154] Upgrade default plugin bindings by @slawekjaranowski in #1586

Full Changelog: apache/maven@maven-3.9.7...maven-3.9.8

`v3.9.7`: 3.9.7

Release Notes - Maven - Version 3.9.7

Bug

[MNG-8106] - Maven Metadata corruption if repository directory role overlaps
[MNG-8121] - NullPointerException at org.apache.maven.artifact.repository.metadata.Metadata.merge (Metadata.java:293)

New Feature

[MNG-5726] - Update OS Activation To Allow Wildcards In OS Version
[MNG-8030] - Backport: Add ability to ignore dependency repositories: mvn -itr

Improvement

[MNG-8019] - Streamline update policy of pluginRepository/repository of Maven Central in Super POM
[MNG-8029] - improve documentation of mirror in settings
[MNG-8031] - Backport: Make Maven transfer listener used with Resolver more concurrent friendly
[MNG-8081] - default profile activation should consider available system and user properties
[MNG-8085] - swtich from png+imagemap to svg
[MNG-8117] - Improve prerequisite evaluation and plugin version selection logging

Task

[MNG-7309] - Remove redundant MojoDescriptor parameterMap
[MNG-8011] - Minimize and make generic the README.txt
[MNG-8055] - Investigate possible solutions for build number diffs on deploy

Dependency upgrade

[MNG-8094] - Resolver 1.9.19
[MNG-8100] - Upgrade default plugin bindings
[MNG-8101] - Upgrade Parent to 42
[MNG-8109] - Resolver 1.9.20
[MNG-8115] - Upgrade minimal set of dependencies
[MNG-8125] - (build) Bump buildhelper-maven-plugin to 3.6.0 (was 3.4.0)
[MNG-8126] - Bump logback classic to 1.2.13 (was 1.2.12)
[MNG-8127] - Bump guava to 33.2.0-jre

What's Changed

[MNG-6776] Inconsistent list of parameters for MojoDescriptor (#584) by @michael-o in #1361
[MNG-8055] Ability to force build number by @cstamas in #1415
[MNG-8029] improve documentation about mirror settings by @hboutemy in #1395
MNG-8019 streamline central update policy by @kwin in #1381
MNG-5726 (backport for Maven 3.9) by @kwin in #1431
[MNG-4840] document requiredMavenVersion in plugin descriptor by @hboutemy in #1444
[MNG-8085] switch png+imagemap to svg by @hboutemy in #1452
[MNG-4840] fix requiredMavenVersion description #1444 by @hboutemy in #1456
[MNG-6399] Lift JDK minimum to JDK 8 by @turbanoff in #1382
Update GitHub actions to v4 by @slawekjaranowski in #1472
[MNG-8101] Upgrade Parent to 42 by @slawekjaranowski in #1473
[MNG-8100] Upgrade default plugin bindings by @slawekjaranowski in #1474
[MNG-8031] Backport concurrent friendly transport listener by @cstamas in #1471
[MNG-8030] Backport itr: ignore transitive repositories by @cstamas in #1469
[MNG-8011] Neuter the README by @cstamas in #1470
[MNG-8094] Resolver 1.9.19 by @cstamas in #1468
[3.9.x][MNG-8106] Fix metadata merge by @cstamas in #1480
[3.9.x][MNG-8109] Resolver 1.9.20 by @cstamas in #1490
[MNG-8081] Interpolate available properties during default profile selection (Maven 3.9.x) by @mbenson in #1447
[3.9.x][MNG-8117] Backport to Maven 3.9.x by @cstamas in #1505
[MNG-8115] Upgrade dependencies by @slachiewicz in #1496
[MNG-8121] Fix NPE in metadata merge by @cstamas in #1508
[MNG-8126] Mild updates by @cstamas in #1533

New Contributors

@turbanoff made their first contribution in #1382

Full Changelog: apache/maven@maven-3.9.6...maven-3.9.7

`v3.9.6`: 3.9.6

Release Notes - Maven - Version 3.9.6

Improvement

[MNG-7939] - Allow to exclude plugins from validation

Dependency upgrade

[MNG-7913] - Upgrade Sisu version to 0.9.0.M2
[MNG-7934] - Upgrade Resolver version to 1.9.18
[MNG-7942] - Upgrade to parent POM 41
[MNG-7943] - Upgrade default plugin bindings

`v3.9.5`: 3.9.5

Release Notes - Maven - Version 3.9.5

Bug

[MNG-7851] - Error message when modelVersion is 4.0 is confusing

Improvement

[MNG-7875] - colorize transfer messages
[MNG-7895] - Support ${project.basedir} in file profile activation

Task

[MNG-7856] - Maven Resolver Provider classes ctor change
[MNG-7870] - Undeprecate wrongly deprecated repository metadata
[MNG-7872] - Deprecate org.apache.maven.repository.internal.MavenResolverModule
[MNG-7874] - maven-resolver-provider: introduce NAME constants.

Dependency upgrade

[MNG-7859] - Update to Resolver 1.9.16

`v3.9.4`: 3.9.4

Release Notes - Maven - Version 3.9.4

Bug

[MNG-7846] - endless loop in DefaultExceptionHandler.getMessage()

Dependency upgrade

[MNG-7828] - Bump guava from 31.1-jre to 32.0.1-jre
[MNG-7847] - Upgrade to Resolver 1.9.14

Full Changelog: apache/maven@maven-3.9.3...maven-3.9.4

`v3.9.3`: 3.9.3

Release Notes - Maven - Version 3.9.3

Bug

[MNG-7786] - Maven Plugin Validation message is misleading
[MNG-7795] - IllegalArgumentException: 'other' has different root during plugin validation
[MNG-7796] - Top directory cannot be computed
[MNG-7799] - Plugin validation falsely reports there are issues (but shows none)
[MNG-7811] - Plugins verification - reports are inconsistent
[MNG-7818] - [REGRESSION] maven improperly excludes hamcrest-core from junit
[MNG-7819] - Create IT that exercise file locking with snapshots

Improvement

[MNG-7698] - Allow comments in .mvn/maven.config
[MNG-7785] - Clean usage of SessionData
[MNG-7787] - Introduce new options for plugin validation
[MNG-7788] - Plugin Validation Report should be printed before build summary
[MNG-7789] - Plugin Dependency Validations use wrong data set
[MNG-7806] - Plugins verification - remove used in module(s) report
[MNG-7823] - Make plugin validation level parsing more consistent

Task

[MNG-5987] - Document the algorithm calculating the order of plugin executions inside a phase.
[MNG-7743] - Make the build work on JDK 20
[MNG-7790] - Update lifecycle plugins
[MNG-7791] - Split validation issues into "user actionable" and "plugin dev actionable"
[MNG-7797] - Return BRIEF mode, simply map it onto SUMMARY
[MNG-7807] - Update Super POM plugins

Dependency upgrade

[MNG-7800] - Upgrade to Maven Resolver 1.9.13
[MNG-7816] - Bump maven parent from 39 to 40

`v3.9.2`: 3.9.2

Release Notes - Maven - Version 3.9.2

Bug

[MNG-7750] - Interpolated properties in originalModel in an active profile.
[MNG-7759] - java.lang.NullPointerException at org.apache.maven.repository.internal.DefaultModelCache.newInstance (DefaultModelCache.java:37)

Improvement

[MNG-7712] - Core should issue a warning if plugin depends on maven-compat
[MNG-7741] - Add more information when using -Dmaven.repo.local.recordReverseTree=true
[MNG-7754] - Improvement and extension of plugin validation
[MNG-7767] - Tone down plugin validation report
[MNG-7778] - Maven should print suppressed exceptions when a mojo fails

Task

[MNG-7749] - Upgrade animal-sniffer from 1.21 to 1.23
[MNG-7774] - Maven config and command line interpolation

Dependency upgrade

[MNG-7670] - Upgrade misc dependencies
[MNG-7753] - Upgrade to Maven Resolver 1.9.8
[MNG-7769] - Upgrade to Maven Resolver 1.9.10

`v3.9.1`: 3.9.1

Release Notes - Maven - Version 3.9.1

Overview About the Changes

Regression fixes from Maven 3.9.0. General performance and other fixes.

Potentially Breaking Core Changes (if migrating from 3.8.x)

The Maven Resolver transport has changed from Wagon to “native HTTP”, see Resolver Transport guide.
Maven 2.x was auto-injecting an ancient version of plexus-utils dependency into the plugin classpath, and Maven 3.x continued doing this to preserve backward compatibility. Starting with Maven 3.9, it does not happen anymore. This change may lead to plugin breakage. The fix for affected plugin maintainers is to explicitly declare a dependency on plexus-utils. The workaround for affected plugin users is to add this dependency to plugin dependencies until issue is fixed by the affected plugin maintainer. See MNG-6965.
Mojos are prevented to boostrap new instance of RepositorySystem (for example by using deprecated ServiceLocator), they should reuse RepositorySystem instance provided by Maven instead. See MNG-7471.
Each line in .mvn/maven.config is now interpreted as a single argument. That is, if the file contains multiple arguments, these must now be placed on separate lines, see MNG-7684.

Bug

[MNG-7213] - StackOverflowError when version ranges are unsolvable and graph contains a cycle
[MNG-7544] - MavenMetadataSource#retrieve(MetadataResolutionRequest) does not check for null when reading from project map
[MNG-7676] - On Maven 3.9.0+ release, sha512 hashes have "null" classifier
[MNG-7677] - Maven 3.9.0 is ~10% slower than 3.8.7 in large multi-module builds
[MNG-7679] - [REGRESSION] Build fails when executing a single mojo without a POM
[MNG-7685] - Unable to ignore certificate errors with v3.9.0
[MNG-7693] - NPE in createModelCache, modelCacheFactory is null
[MNG-7697] - Cannot parse POM that contains an emoji in a comment
[MNG-7708] - Resolver in Maven 3.9+ no longer retries on a conection failure
[MNG-7709] - plexus-utils upgrade changes the way configuration is parsed
[MNG-7710] - Upgrade plexus-utils to 3.5.1
[MNG-7716] - ConcurrencyDependencyGraph deadlock if no root can be selected
[MNG-7717] - Maven warns wrongly about ${localRepository} expression
[MNG-7720] - [REGRESSION] Build order is incorrect and does not respect Reactor Build Order
[MNG-7721] - Maven 3.9 resolver ignores proxy configured via MAVEN_OPTS
[MNG-7726] - Maven 3.9.0 resolves properties in file profile activation incorrectly
[MNG-7731] - MNG-7520 incorrectly back ported to Maven 3.9.0

Improvement

[MNG-5185] - Improve "missing dependency" error message when _maven.repositories/_remote.repositories contains other repository ids than requested
[[MNG-7686](https://issues.ap

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate-bot requested a review from a team January 23, 2025 23:09

product-auto-label bot added the size: xs Pull request size is extra small. label Jan 23, 2025

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jan 23, 2025

product-auto-label bot added the api: bigtable Issues related to the googleapis/java-bigtable-hbase API. label Jan 23, 2025

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jan 23, 2025

renovate-bot force-pushed the renovate/target-maven.version branch from 2a3836d to 8e330a0 Compare March 6, 2025 21:52

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Mar 6, 2025

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Mar 6, 2025

renovate-bot force-pushed the renovate/target-maven.version branch from 8e330a0 to 06002d9 Compare March 6, 2025 22:43

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Mar 6, 2025

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Mar 6, 2025

renovate-bot force-pushed the renovate/target-maven.version branch from 06002d9 to 86fa0a3 Compare April 1, 2025 12:27