build(deps): update target-maven.version [security]

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.apache.maven:maven-core (source)	3.0 → 3.8.1
org.apache.maven:maven-plugin-api (source)	3.0 → 3.9.12

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2021-26291

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html

---

Release Notes

apache/maven (org.apache.maven:maven-plugin-api)

v3.9.12: 3.9.12

🚀 New features and improvements

• [3.9.x] Apply resolver changes and improvements (#​11536) @​cstamas
• Update formatting of prerequisites-requirements error to improve readability (#​11523) @​slawekjaranowski
• Allow a Maven plugin to require a Java version (#​11479) @​slawekjaranowski
• Use MavenRepositorySystem in ProjectBuildingHelper instead of deprecated RepositorySystem (#​11358) @​slawekjaranowski
• Make maven.config use UTF8 (#​11264) @​cstamas
• Simplify prefix resolution (#​11197) @​slawekjaranowski

🐛 Bug Fixes

• Add default implementation for new method in MavenPluginManager (#​11522) @​slawekjaranowski
• Repository layout should be used in MavenRepositorySystem (#​11495) @​slawekjaranowski
• Fix plugin prefix resolution when metadata is not available from repository (#​11290) @​slawekjaranowski
• Improve source root modification warning message (#​11105) @​gnodet
• Bug: bad cache isolation between two sessions (#​11082) @​cstamas
• Set Guice class loading to CHILD - avoid using terminally deprecated methods (#​11003) @​slawekjaranowski
• Avoid parsing MAVEN_OPTS (3.9.x) (#​10969) @​BobVul

📝 Documentation updates

• clarify repository vs deployment repository (#​11492) @​hboutemy
• add maintained branches (#​11448) @​hboutemy

👻 Maintenance

• Add IntelliJ icon (#​11408) @​Bukama
• Build by JDK 25 (#​11187) @​slawekjaranowski
• Deprecate org.apache.maven.repository.RepositorySystem in 3.9.x (#​11096) @​slawekjaranowski

🔧 Build

• Bump actions/download-artifact from 5.0.0 to 6.0.0 (#​11335) @​dependabot[bot]
• Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#​11336) @​dependabot[bot]

📦 Dependency updates

• Bump actions/cache from 4.3.0 to 5.0.0 (#​11542) @​dependabot[bot]
• Bump resolverVersion from 1.9.24 to 1.9.25 (#​11533) @​dependabot[bot]
• Bump actions/checkout from 6.0.0 to 6.0.1 (#​11512) @​dependabot[bot]
• Bump actions/setup-java from 5.0.0 to 5.1.0 (#​11519) @​dependabot[bot]
• Bump actions/checkout from 5.0.1 to 6.0.0 (#​11476) @​dependabot[bot]
• Bump actions/checkout from 5.0.0 to 5.0.1 (#​11458) @​dependabot[bot]
• Bump commons-cli:commons-cli from 1.10.0 to 1.11.0 (#​11438) @​dependabot[bot]
• Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 (#​11416) @​dependabot[bot]
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#​11417) @​dependabot[bot]
• Bump xmlunitVersion from 2.10.4 to 2.11.0 (#​11331) @​dependabot[bot]
• Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.24 to 1.26 (#​11231) @​dependabot[bot]
• Bump org.ow2.asm:asm from 9.8 to 9.9 (#​11203) @​dependabot[bot]
• Bump actions/cache from 4.2.4 to 4.3.0 (#​11172) @​dependabot[bot]
• Bump com.google.guava:guava from 33.4.8-jre to 33.5.0-jre (#​11143) @​dependabot[bot]
• Bump xmlunitVersion from 2.10.3 to 2.10.4 (#​11121) @​dependabot[bot]
• Bump actions/cache from 4.2.3 to 4.2.4 (#​11032) @​dependabot[bot]
• Bump commons-cli:commons-cli from 1.9.0 to 1.10.0 (#​11018) @​dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#​10966) @​dependabot[bot]

v3.9.11: 3.9.11

🚀 New features and improvements

• Augment version range resolution used repositories (#​2574) @​cstamas

🐛 Bug Fixes

• Deduplicate filtered dependency graph (#​2489) @​alzimmermsft
• Move ensure in boundaries of project lock (#​2470) @​cstamas

👻 Maintenance

• [MNGSITE-393] - remove references to Maven 2 (#​2438) @​elharo
• Update CONTRIBUTING after GitHub issues enabled (#​2449) @​slawekjaranowski
• Enable Github Issues (3.9.x) (#​2414) @​Bukama
• [MNG-8763] - Remove name from site bannerLeft (#​2419) @​slawekjaranowski

🔧 Build

• Pin GitHub action versions by hash (#​10898) @​slawekjaranowski
• Build the project by JDK 21 as default (#​10896) @​slawekjaranowski
• Use Maven 3.9.10 for build on GitHub (#​2452) @​slawekjaranowski

📦 Dependency updates

• Bump resolverVersion from 1.9.23 to 1.9.24 (#​2540) @​dependabot[bot]
• Bump xmlunitVersion from 2.10.2 to 2.10.3 (#​2500) @​dependabot[bot]
• Bump org.apache.maven:maven-parent from 44 to 45 (#​2491) @​dependabot[bot]
• Bump org.codehaus.mojo:build-helper-maven-plugin from 3.6.0 to 3.6.1 (#​2432) @​dependabot[bot]

v3.9.10: 3.9.10

Release Notes - Maven - Version 3.9.10

Bug

• [MNG-8096] - Inconsistent dependency resolution behaviour for concurrent multi-module build can cause failures
• [MNG-8169] - MINGW support requires --add-opens java.base/java.lang=ALL-UNNAMED
• [MNG-8170] - Maven 3.9.8 contains weird native library for Jansi on Windows/arm64
• [MNG-8211] - Maven should fail builds that use CI Friendly versions but have no values set
• [MNG-8248] - WARNING: A restricted method in java.lang.System has been called
• [MNG-8256] - ProjectDependencyGraph bug: in case of filtering, non-direct module links are lost
• [MNG-8315] - Failure of mvn.cmd if a .mvn directory is located at drive root
• [MNG-8396] - Maven takes forever to resume
• [MNG-8711] - "Duplicate artifact" in LifecycleDependencyResolver

Improvement

• [MNG-8370] - Introduce maven.repo.local.head
• [MNG-8399] - JDK 24+ issues warning about usage of sun.misc.Unsafe
• [MNG-8707] - Add methods to remove compile and test source roots
• [MNG-8712] - improve dependency version explanation: it&#​39;s a requirement, not always effective version
• [MNG-8717] - Remove maven-plugin-plugin:addPluginArtifactMetadata from default binding
• [MNG-8722] - Use a single standalone version of asm
• [MNG-8731] - Use https for xsi:schemaLocation in generated descriptors
• [MNG-8734] - Simplify scripting like "get project version" cases

Task

• [MNG-8728] - Bump Eclipse Sisu from 0.9.0.M3 to 0.9.0.M4 and use Java 24 on CI

Dependency upgrade

• [MNG-8289] - Update Plexus annotations to 2.2.0
• [MNG-8443] - Bump com.google.guava:guava from 33.2.1-jre to 33.4.0-jre
• [MNG-8531] - Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0
• [MNG-8532] - Bump commons-io:commons-io from 2.16.1 to 2.18.0
• [MNG-8534] - Bump org.codehaus.mojo:buildnumber-maven-plugin from 3.2.0 to 3.2.1
• [MNG-8635] - Bump com.google.guava:failureaccess from 1.0.2 to 1.0.3
• [MNG-8636] - Bump com.google.guava:guava from 33.4.0-jre to 33.4.5-jre
• [MNG-8640] - Bump org.apache.maven:maven-parent from 43 to 44
• [MNG-8661] - Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre
• [MNG-8701] - Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28
• [MNG-8702] - Bump org.codehaus.plexus:plexus-classworlds from 2.8.0 to 2.9.0
• [MNG-8703] - Bump commons-io:commons-io from 2.18.0 to 2.19.0
• [MNG-8704] - Bump com.google.guava:guava from 33.4.6-jre to 33.4.8-jre
• [MNG-8705] - Bump commons-jxpath:commons-jxpath from 1.3 to 1.4.0
• [MNG-8706] - Bump commons-cli:commons-cli from 1.8.0 to 1.9.0
• [MNG-8715] - Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2
• [MNG-8716] - Bump resolver to 1.9.23
• [MNG-8745] - Bump xmlunitVersion from 2.10.0 to 2.10.2

What's Changed

• [MNG-8211] Fail the build if CI Friendly revision used without value by @​cstamhttps://github.com/apache/maven/pull/1656l/1656
• Add missing since by @​cstamhttps://github.com/apache/maven/pull/1682l/1682
• [MNG-8256] FilteredProjectDependencyGraph fix for non-transitive case by @​cstamhttps://github.com/apache/maven/pull/1724l/1724
• [MNG-8315] Failure of mvn.cmd if a .mvn folder is located at drive root by @​fmarhttps://github.com/apache/maven/pull/1806l/1806
• [MNG-8289] Update Plexus Annotations to 2.2.0 by @​dependabhttps://github.com/apache/maven/pull/1666l/1666
• [MNG-8370] Add maven.repo.local.head by @​slawekjaranowshttps://github.com/apache/maven/pull/1915l/1915
• [MNG-8443] Bump com.google.guava:guava from 33.2.1-jre to 33.4.0-jre by @​dependabhttps://github.com/apache/maven/pull/1991l/1991
• [MNG-8531] Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0 by @​dependabhttps://github.com/apache/maven/pull/2013l/2013
• [MNG-8532] Bump commons-io:commons-io from 2.16.1 to 2.18.0 by @​dependabhttps://github.com/apache/maven/pull/1926l/1926
• [MNG-8534] Bump org.codehaus.mojo:buildnumber-maven-plugin from 3.2.0 to 3.2.1 by @​dependabhttps://github.com/apache/maven/pull/1699l/1699
• Add PR Automation action by @​slawekjaranowshttps://github.com/apache/maven/pull/2113l/2113
• Bump com.google.guava:failureaccess from 1.0.2 to 1.0.3 by @​dependabhttps://github.com/apache/maven/pull/2167l/2167
• Bump com.google.guava:guava from 33.4.0-jre to 33.4.5-jre by @​dependabhttps://github.com/apache/maven/pull/2168l/2168
• [MNG-8640] Bump org.apache.maven:maven-parent from 43 to 44 by @​dependabhttps://github.com/apache/maven/pull/2163l/2163
• Use Maven 3.9.9 for build maven-3.9.x branch by @​slawekjaranowshttps://github.com/apache/maven/pull/2177l/2177
• [MNG-8248] Add enable-native-access to startup scripts by @​slawekjaranowshttps://github.com/apache/maven/pull/2171l/2171
• [MNG-8661] Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre by @​dependabhttps://github.com/apache/maven/pull/2185l/2185
• Use dedicated local repo for ITs on Jenkins by @​slawekjaranowshttps://github.com/apache/maven/pull/2255l/2255
• [MNG-8701] Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 by @​dependabhttps://github.com/apache/maven/pull/2240l/2240
• [MNG-8702] Bump org.codehaus.plexus:plexus-classworlds from 2.8.0 to 2.9.0 by @​dependabhttps://github.com/apache/maven/pull/2241l/2241
• [MNG-8703] Bump commons-io:commons-io from 2.18.0 to 2.19.0 by @​dependabhttps://github.com/apache/maven/pull/2258l/2258
• [MNG-8704] Bump com.google.guava:guava from 33.4.6-jre to 33.4.8-jre by @​dependabhttps://github.com/apache/maven/pull/2264l/2264
• [MNG-8705] Bump commons-jxpath:commons-jxpath from 1.3 to 1.4.0 by @​dependabhttps://github.com/apache/maven/pull/2270l/2270
• [MNG-8706] Bump commons-cli:commons-cli from 1.8.0 to 1.9.0 by @​dependabhttps://github.com/apache/maven/pull/1665l/1665
• [MNG-8715] Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2 by @​dependabhttps://github.com/apache/maven/pull/2280l/2280
• [MNG-8707] Add methods to remove compile and test source roots by @​gnodhttps://github.com/apache/maven/pull/2275l/2275
• [MNG-8712] dependency version is a requirement, not effective by @​hboutehttps://github.com/apache/maven/pull/2279l/2279
• [MNG-8717] Remove maven-plugin-plugin:addPluginArtifactMetadata from default binding by @​slawekjaranowshttps://github.com/apache/maven/pull/2295l/2295
• [MNG-8169] Add opens java.base/java.lang=ALL-UNNAMED for MinGW by @​slawekjaranowshttps://github.com/apache/maven/pull/2296l/2296
• [MNG-8722] Use a single standalone version of asm by @​slawekjaranowshttps://github.com/apache/maven/pull/2297l/2297
• [MNG-8716] Bump resolver to 1.9.23 by @​slawekjaranowshttps://github.com/apache/maven/pull/2282l/2282
• [MNG-8731] Use https for xsi:schemaLocation in generated descriptors by @​slawekjaranowshttps://github.com/apache/maven/pull/2343l/2343
• [MNG-8711] Fix concurrent cache access by @​slawekjaranowshttps://github.com/apache/maven/pull/2345l/2345
• Update README.md by @​slawekjaranowshttps://github.com/apache/maven/pull/2353l/2353
• [MNG-8728] Bump Eclipse Sisu from 0.9.0.M3 to 0.9.0.M4 by @​cstamhttps://github.com/apache/maven/pull/2359l/2359
• [MNG-8728] Build ITs on JDK 21, 24 by @​slawekjaranowshttps://github.com/apache/maven/pull/2360l/2360
• [MNG-8734] Make Maven 3.9.10 ignore --raw-streams option by @​cstamhttps://github.com/apache/maven/pull/2361l/2361
• Bump xmlunitVersion from 2.10.0 to 2.10.1 by @​dependabhttps://github.com/apache/maven/pull/2354l/2354
• [MNG-8396] Backport: add cache layer to the filtered dep graph by @​cstamhttps://github.com/apache/maven/pull/2393l/2393
• [MNG-8745] Bump xmlunitVersion from 2.10.1 to 2.10.2 by @​dependabhttps://github.com/apache/maven/pull/2389l/2389

New Contributors

• @​fmarot made their first contributihttps://github.com/apache/maven/pull/1806l/1806

Full Changelog: apache/maven@maven-3.9.9...maven-3.9.10

v3.9.9: 3.9.9

Release Notes - Maven - Version 3.9.9

Bug

• [MNG-8159] - Fix search for topDirectory when using -f / --file for Maven 3.9.x
• [MNG-8165] - Maven does not find extensions for -f when current dir is root
• [MNG-8177] - Warning "&#​39;dependencyManagement.dependencies.dependency.systemPath&#​39; for com.sun:tools:jar refers to a non-existing file C:\Temp\jdk-11.0.23\..\lib\tools.jar"
• [MNG-8178] - Profile activation based on OS properties is broken for "mvn site"
• [MNG-8180] - Resolver will blindly assume it is deploying a plugin by presence of META-INF/maven/plugins.xml in JAR
• [MNG-8182] - Missing or mismatching Trusted Checksum for some artifacts is not properly reported
• [MNG-8188] - [REGRESSION] Property not resolved in profile pluginManagement

Task

• [MNG-8206] - Remove Maven 2.1 (v 2.0) compatibility bits

Dependency upgrade

• [MNG-8175] - Resolver 1.9.21
• [MNG-8179] - Upgrade Parent to 43
• [MNG-8193] - Resolver 1.9.22
• [MNG-8198] - (build) Animal Sniffer 1.24
• [MNG-8199] - Hamcrest 3.0

What's Changed

• [MNG-8159] Fix search for topDirectory when using -f / --file by @​gzmhttps://github.com/apache/maven/pull/1589l/1589
• [MNG-7194] Test missing property evaluation by @​pzygiehttps://github.com/apache/maven/pull/1570l/1570
• [3.9.x] [MNG-8175] Update Resolver to 1.9.21 by @​cstamhttps://github.com/apache/maven/pull/1598l/1598
• [MNG-8178] Fall back to system properties for missing profile activation context properties by @​kohlschuetthttps://github.com/apache/maven/pull/1603l/1603
• [MNG-8179] Upgrade Parent to 43 by @​slawekjaranowshttps://github.com/apache/maven/pull/1610l/1610
• [MNG-8180] Fail install/deploy if rogue Maven Plugin metadata found by @​cstamhttps://github.com/apache/maven/pull/1611l/1611
• [3.9.x][MNG-8193] Update to Resolver 1.9.22 by @​cstamhttps://github.com/apache/maven/pull/1627l/1627
• [MNG-8199] Hamcrest 3.0 by @​cstamhttps://github.com/apache/maven/pull/1631l/1631
• [MNG-8182] Resolved errors were created based on collect exceptions by @​cstamhttps://github.com/apache/maven/pull/1632l/1632
• [MNG-8180] Handle NPE due non-existent tags by @​cstamhttps://github.com/apache/maven/pull/1641l/1641
• [MNG-8180] Back out from failing the build by @​cstamhttps://github.com/apache/maven/pull/1642l/1642
• [MNG-8206] Remove bad plugin.xml from maven-compat by @​cstamhttps://github.com/apache/maven/pull/1646l/1646
• [MNG-8177] Add contextual info for model warnings by @​cstamhttps://github.com/apache/maven/pull/1633l/1633
• [MNG-8188] Profile properties are not interpolated by @​cstamhttps://github.com/apache/maven/pull/1634l/1634
• [MNG-8165] Align mvn.sh script with mvn.cmd by @​cstamhttps://github.com/apache/maven/pull/1647l/1647
• [MNG-8165] Get rid of bashism creeped in by @​cstamhttps://github.com/apache/maven/pull/1653l/1653

New Contributors

• @​gzm55 made their first contributihttps://github.com/apache/maven/pull/1589l/1589
• @​kohlschuetter made their first contributihttps://github.com/apache/maven/pull/1603l/1603

Full Changelog: apache/maven@maven-3.9.8...maven-3.9.9

v3.9.8: 3.9.8

Release Notes - Maven - Version 3.9.8

Bug

• [MNG-7758] - o.e.aether.resolution.ArtifactResolutionException incorrectly examined when multiple repositories are involved
• [MNG-8066] - Maven hangs on self-referencing exceptions
• [MNG-8116] - Plugin configuration can randomly fail in case of method overloading as it doesn&#​39;t take into account implementation attribute
• [MNG-8131] - Property replacement in dependency pom no longer works
• [MNG-8135] - Profile activation based on OS properties is no longer case insensitive
• [MNG-8142] - If JDK profile activator gets "invalid" JDK version for whatever reason, it chokes but does not tell why
• [MNG-8147] - Profile interpolation broke their evaluation in case of duplicate IDs

Improvement

• [MNG-7902] - Sort plugins in validation report
• [MNG-8140] - When a model is discarded (by model builder) for whatever reason, show why it happened
• [MNG-8141] - Model Builder should report if not sure about "fully correct" outcome
• [MNG-8150] - Make SimplexTransferListener handle absent source/target files

Task

• [MNG-8146] - Drop use of commons-lang

Dependency upgrade

• [MNG-8136] - Update to Eclipse Sisu 0.9.0.M3
• [MNG-8143] - Update to commons-cli 1.8.0
• [MNG-8144] - Update to Guava 32.2.1-jre
• [MNG-8154] - Upgrade default plugin bindings

---

What's Changed

• Use Maven Wrapper to build by @​slawekjaranowski in #​1553
• [3.9.x] [MNG-8136] Update Eclipse Sisu to 0.9.0.M3 by @​cstamas in #​1547
• [MNG-8135] Profile activation based on OS properties is no longer case insensitive by @​cstamas in #​1561
• [3.9.x] Dependency updates by @​cstamas in #​1560
• [MNG-7902] Sort plugins in the validation report (#​1510) by @​slawekjaranowski in #​1562
• [MNG-8066] Default exception handler does not handle recursion by @​cstamas in #​1558
• [MNG-8142] Hidden bug: JDK profile activator throw NumberFormatEx by @​cstamas in #​1557
• [MNG-8146] Drop commons-lang by @​cstamas in #​1564
• [MNG-8140] Always tell why model was discarded as "invalid" by @​cstamas in #​1555
• [MNG-8141] Model builder should report problems it finds during build by @​cstamas in #​1556
• [MNG-8141][MNG-8147] Restore profile ID invariance but warn if duplicate IDs present by @​cstamas in #​1568
• [MNG-8141] Aftermath, and tidy up by @​cstamas in #​1572
• [MNG-8150] Backport TransferListener improvements for Maven 3.9.x by @​pshevche in #​1576
• [MNG-7758] Report dependency problems for all repository by @​slawekjaranowski in #​1584
• [MNG-8154] Upgrade default plugin bindings by @​slawekjaranowski in #​1586

Full Changelog: apache/maven@maven-3.9.7...maven-3.9.8

v3.9.7: 3.9.7

Release Notes - Maven - Version 3.9.7

Bug

• [MNG-8106] - Maven Metadata corruption if repository directory role overlaps
• [MNG-8121] - NullPointerException at org.apache.maven.artifact.repository.metadata.Metadata.merge (Metadata.java:293)

New Feature

• [MNG-5726] - Update OS Activation To Allow Wildcards In OS Version
• [MNG-8030] - Backport: Add ability to ignore dependency repositories: mvn -itr

Improvement

• [MNG-8019] - Streamline update policy of pluginRepository/repository of Maven Central in Super POM
• [MNG-8029] - improve documentation of mirror in settings
• [MNG-8031] - Backport: Make Maven transfer listener used with Resolver more concurrent friendly
• [MNG-8081] - default profile activation should consider available system and user properties
• [MNG-8085] - swtich from png+imagemap to svg
• [MNG-8117] - Improve prerequisite evaluation and plugin version selection logging

Task

• [MNG-7309] - Remove redundant MojoDescriptor parameterMap
• [MNG-8011] - Minimize and make generic the README.txt
• [MNG-8055] - Investigate possible solutions for build number diffs on deploy

Dependency upgrade

• [MNG-8094] - Resolver 1.9.19
• [MNG-8100] - Upgrade default plugin bindings
• [MNG-8101] - Upgrade Parent to 42
• [MNG-8109] - Resolver 1.9.20
• [MNG-8115] - Upgrade minimal set of dependencies
• [MNG-8125] - (build) Bump buildhelper-maven-plugin to 3.6.0 (was 3.4.0)
• [MNG-8126] - Bump logback classic to 1.2.13 (was 1.2.12)
• [MNG-8127] - Bump guava to 33.2.0-jre

---

What's Changed

• [MNG-6776] Inconsistent list of parameters for MojoDescriptor (#​584) by @​michael-o in #​1361
• [MNG-8055] Ability to force build number by @​cstamas in #​1415
• [MNG-8029] improve documentation about mirror settings by @​hboutemy in #​1395
• MNG-8019 streamline central update policy by @​kwin in #​1381
• MNG-5726 (backport for Maven 3.9) by @​kwin in #​1431
• [MNG-4840] document requiredMavenVersion in plugin descriptor by @​hboutemy in #​1444
• [MNG-8085] switch png+imagemap to svg by @​hboutemy in #​1452
• [MNG-4840] fix requiredMavenVersion description #​1444 by @​hboutemy in #​1456
• [MNG-6399] Lift JDK minimum to JDK 8 by @​turbanoff in #​1382
• Update GitHub actions to v4 by @​slawekjaranowski in #​1472
• [MNG-8101] Upgrade Parent to 42 by @​slawekjaranowski in #​1473
• [MNG-8100] Upgrade default plugin bindings by @​slawekjaranowski in #​1474
• [MNG-8031] Backport concurrent friendly transport listener by @​cstamas in #​1471
• [MNG-8030] Backport itr: ignore transitive repositories by @​cstamas in #​1469
• [MNG-8011] Neuter the README by @​cstamas in #​1470
• [MNG-8094] Resolver 1.9.19 by @​cstamas in #​1468
• [3.9.x][MNG-8106] Fix metadata merge by @​cstamas in #​1480
• [3.9.x][MNG-8109] Resolver 1.9.20 by @​cstamas in #​1490
• [MNG-8081] Interpolate available properties during default profile selection (Maven 3.9.x) by @​mbenson in #​1447
• [3.9.x][MNG-8117] Backport to Maven 3.9.x by @​cstamas in #​1505
• [MNG-8115] Upgrade dependencies by @​slachiewicz in #​1496
• [MNG-8121] Fix NPE in metadata merge by @​cstamas in #​1508
• [MNG-8126] Mild updates by @​cstamas in #​1533

New Contributors

• @​turbanoff made their first contribution in #​1382

Full Changelog: apache/maven@maven-3.9.6...maven-3.9.7

v3.9.6: 3.9.6

Release Notes - Maven - Version 3.9.6

Improvement

• [MNG-7939] - Allow to exclude plugins from validation

Dependency upgrade

• [MNG-7913] - Upgrade Sisu version to 0.9.0.M2
• [MNG-7934] - Upgrade Resolver version to 1.9.18
• [MNG-7942] - Upgrade to parent POM 41
• [MNG-7943] - Upgrade default plugin bindings

v3.9.5: 3.9.5

Release Notes - Maven - Version 3.9.5

Bug

• [MNG-7851] - Error message when modelVersion is 4.0 is confusing

Improvement

• [MNG-7875] - colorize transfer messages
• [MNG-7895] - Support ${project.basedir} in file profile activation

Task

• [MNG-7856] - Maven Resolver Provider classes ctor change
• [MNG-7870] - Undeprecate wrongly deprecated repository metadata
• [MNG-7872] - Deprecate org.apache.maven.repository.internal.MavenResolverModule
• [MNG-7874] - maven-resolver-provider: introduce NAME constants.

Dependency upgrade

• [MNG-7859] - Update to Resolver 1.9.16

v3.9.4: 3.9.4

Release Notes - Maven - Version 3.9.4

Bug

• [MNG-7846] - endless loop in DefaultExceptionHandler.getMessage()

Dependency upgrade

• [MNG-7828] - Bump guava from 31.1-jre to 32.0.1-jre
• [MNG-7847] - Upgrade to Resolver 1.9.14

Full Changelog: apache/maven@maven-3.9.3...maven-3.9.4

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.