Update dependency maven to v3.9.12

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
maven (source)	3.9.8 → 3.9.12

---

Release Notes

apache/maven (maven)

v3.9.12: 3.9.12

Compare Source

🚀 New features and improvements

• [3.9.x] Apply resolver changes and improvements (#​11536) @​cstamas
• Update formatting of prerequisites-requirements error to improve readability (#​11523) @​slawekjaranowski
• Allow a Maven plugin to require a Java version (#​11479) @​slawekjaranowski
• Use MavenRepositorySystem in ProjectBuildingHelper instead of deprecated RepositorySystem (#​11358) @​slawekjaranowski
• Make maven.config use UTF8 (#​11264) @​cstamas
• Simplify prefix resolution (#​11197) @​slawekjaranowski

🐛 Bug Fixes

• Add default implementation for new method in MavenPluginManager (#​11522) @​slawekjaranowski
• Repository layout should be used in MavenRepositorySystem (#​11495) @​slawekjaranowski
• Fix plugin prefix resolution when metadata is not available from repository (#​11290) @​slawekjaranowski
• Improve source root modification warning message (#​11105) @​gnodet
• Bug: bad cache isolation between two sessions (#​11082) @​cstamas
• Set Guice class loading to CHILD - avoid using terminally deprecated methods (#​11003) @​slawekjaranowski
• Avoid parsing MAVEN_OPTS (3.9.x) (#​10969) @​BobVul

📝 Documentation updates

• clarify repository vs deployment repository (#​11492) @​hboutemy
• add maintained branches (#​11448) @​hboutemy

👻 Maintenance

• Add IntelliJ icon (#​11408) @​Bukama
• Build by JDK 25 (#​11187) @​slawekjaranowski
• Deprecate org.apache.maven.repository.RepositorySystem in 3.9.x (#​11096) @​slawekjaranowski

🔧 Build

• Bump actions/download-artifact from 5.0.0 to 6.0.0 (#​11335) @​dependabot[bot]
• Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#​11336) @​dependabot[bot]

📦 Dependency updates

• Bump actions/cache from 4.3.0 to 5.0.0 (#​11542) @​dependabot[bot]
• Bump resolverVersion from 1.9.24 to 1.9.25 (#​11533) @​dependabot[bot]
• Bump actions/checkout from 6.0.0 to 6.0.1 (#​11512) @​dependabot[bot]
• Bump actions/setup-java from 5.0.0 to 5.1.0 (#​11519) @​dependabot[bot]
• Bump actions/checkout from 5.0.1 to 6.0.0 (#​11476) @​dependabot[bot]
• Bump actions/checkout from 5.0.0 to 5.0.1 (#​11458) @​dependabot[bot]
• Bump commons-cli:commons-cli from 1.10.0 to 1.11.0 (#​11438) @​dependabot[bot]
• Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 (#​11416) @​dependabot[bot]
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#​11417) @​dependabot[bot]
• Bump xmlunitVersion from 2.10.4 to 2.11.0 (#​11331) @​dependabot[bot]
• Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.24 to 1.26 (#​11231) @​dependabot[bot]
• Bump org.ow2.asm:asm from 9.8 to 9.9 (#​11203) @​dependabot[bot]
• Bump actions/cache from 4.2.4 to 4.3.0 (#​11172) @​dependabot[bot]
• Bump com.google.guava:guava from 33.4.8-jre to 33.5.0-jre (#​11143) @​dependabot[bot]
• Bump xmlunitVersion from 2.10.3 to 2.10.4 (#​11121) @​dependabot[bot]
• Bump actions/cache from 4.2.3 to 4.2.4 (#​11032) @​dependabot[bot]
• Bump commons-cli:commons-cli from 1.9.0 to 1.10.0 (#​11018) @​dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#​10966) @​dependabot[bot]

v3.9.11: 3.9.11

Compare Source

🚀 New features and improvements

• Augment version range resolution used repositories (#​2574) @​cstamas

🐛 Bug Fixes

• Deduplicate filtered dependency graph (#​2489) @​alzimmermsft
• Move ensure in boundaries of project lock (#​2470) @​cstamas

👻 Maintenance

• [MNGSITE-393] - remove references to Maven 2 (#​2438) @​elharo
• Update CONTRIBUTING after GitHub issues enabled (#​2449) @​slawekjaranowski
• Enable Github Issues (3.9.x) (#​2414) @​Bukama
• [MNG-8763] - Remove name from site bannerLeft (#​2419) @​slawekjaranowski

🔧 Build

• Pin GitHub action versions by hash (#​10898) @​slawekjaranowski
• Build the project by JDK 21 as default (#​10896) @​slawekjaranowski
• Use Maven 3.9.10 for build on GitHub (#​2452) @​slawekjaranowski

📦 Dependency updates

• Bump resolverVersion from 1.9.23 to 1.9.24 (#​2540) @​dependabot[bot]
• Bump xmlunitVersion from 2.10.2 to 2.10.3 (#​2500) @​dependabot[bot]
• Bump org.apache.maven:maven-parent from 44 to 45 (#​2491) @​dependabot[bot]
• Bump org.codehaus.mojo:build-helper-maven-plugin from 3.6.0 to 3.6.1 (#​2432) @​dependabot[bot]

v3.9.10: 3.9.10

Compare Source

Release Notes - Maven - Version 3.9.10

Bug

• [MNG-8096] - Inconsistent dependency resolution behaviour for concurrent multi-module build can cause failures
• [MNG-8169] - MINGW support requires --add-opens java.base/java.lang=ALL-UNNAMED
• [MNG-8170] - Maven 3.9.8 contains weird native library for Jansi on Windows/arm64
• [MNG-8211] - Maven should fail builds that use CI Friendly versions but have no values set
• [MNG-8248] - WARNING: A restricted method in java.lang.System has been called
• [MNG-8256] - ProjectDependencyGraph bug: in case of filtering, non-direct module links are lost
• [MNG-8315] - Failure of mvn.cmd if a .mvn directory is located at drive root
• [MNG-8396] - Maven takes forever to resume
• [MNG-8711] - "Duplicate artifact" in LifecycleDependencyResolver

Improvement

• [MNG-8370] - Introduce maven.repo.local.head
• [MNG-8399] - JDK 24+ issues warning about usage of sun.misc.Unsafe
• [MNG-8707] - Add methods to remove compile and test source roots
• [MNG-8712] - improve dependency version explanation: it&#​39;s a requirement, not always effective version
• [MNG-8717] - Remove maven-plugin-plugin:addPluginArtifactMetadata from default binding
• [MNG-8722] - Use a single standalone version of asm
• [MNG-8731] - Use https for xsi:schemaLocation in generated descriptors
• [MNG-8734] - Simplify scripting like "get project version" cases

Task

• [MNG-8728] - Bump Eclipse Sisu from 0.9.0.M3 to 0.9.0.M4 and use Java 24 on CI

Dependency upgrade

• [MNG-8289] - Update Plexus annotations to 2.2.0
• [MNG-8443] - Bump com.google.guava:guava from 33.2.1-jre to 33.4.0-jre
• [MNG-8531] - Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0
• [MNG-8532] - Bump commons-io:commons-io from 2.16.1 to 2.18.0
• [MNG-8534] - Bump org.codehaus.mojo:buildnumber-maven-plugin from 3.2.0 to 3.2.1
• [MNG-8635] - Bump com.google.guava:failureaccess from 1.0.2 to 1.0.3
• [MNG-8636] - Bump com.google.guava:guava from 33.4.0-jre to 33.4.5-jre
• [MNG-8640] - Bump org.apache.maven:maven-parent from 43 to 44
• [MNG-8661] - Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre
• [MNG-8701] - Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28
• [MNG-8702] - Bump org.codehaus.plexus:plexus-classworlds from 2.8.0 to 2.9.0
• [MNG-8703] - Bump commons-io:commons-io from 2.18.0 to 2.19.0
• [MNG-8704] - Bump com.google.guava:guava from 33.4.6-jre to 33.4.8-jre
• [MNG-8705] - Bump commons-jxpath:commons-jxpath from 1.3 to 1.4.0
• [MNG-8706] - Bump commons-cli:commons-cli from 1.8.0 to 1.9.0
• [MNG-8715] - Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2
• [MNG-8716] - Bump resolver to 1.9.23
• [MNG-8745] - Bump xmlunitVersion from 2.10.0 to 2.10.2

What's Changed

• [MNG-8211] Fail the build if CI Friendly revision used without value by @​cstamhttps://github.com/apache/maven/pull/1656l/1656
• Add missing since by @​cstamhttps://github.com/apache/maven/pull/1682l/1682
• [MNG-8256] FilteredProjectDependencyGraph fix for non-transitive case by @​cstamhttps://github.com/apache/maven/pull/1724l/1724
• [MNG-8315] Failure of mvn.cmd if a .mvn folder is located at drive root by @​fmarhttps://github.com/apache/maven/pull/1806l/1806
• [MNG-8289] Update Plexus Annotations to 2.2.0 by @​dependabhttps://github.com/apache/maven/pull/1666l/1666
• [MNG-8370] Add maven.repo.local.head by @​slawekjaranowshttps://github.com/apache/maven/pull/1915l/1915
• [MNG-8443] Bump com.google.guava:guava from 33.2.1-jre to 33.4.0-jre by @​dependabhttps://github.com/apache/maven/pull/1991l/1991
• [MNG-8531] Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0 by @​dependabhttps://github.com/apache/maven/pull/2013l/2013
• [MNG-8532] Bump commons-io:commons-io from 2.16.1 to 2.18.0 by @​dependabhttps://github.com/apache/maven/pull/1926l/1926
• [MNG-8534] Bump org.codehaus.mojo:buildnumber-maven-plugin from 3.2.0 to 3.2.1 by @​dependabhttps://github.com/apache/maven/pull/1699l/1699
• Add PR Automation action by @​slawekjaranowshttps://github.com/apache/maven/pull/2113l/2113
• Bump com.google.guava:failureaccess from 1.0.2 to 1.0.3 by @​dependabhttps://github.com/apache/maven/pull/2167l/2167
• Bump com.google.guava:guava from 33.4.0-jre to 33.4.5-jre by @​dependabhttps://github.com/apache/maven/pull/2168l/2168
• [MNG-8640] Bump org.apache.maven:maven-parent from 43 to 44 by @​dependabhttps://github.com/apache/maven/pull/2163l/2163
• Use Maven 3.9.9 for build maven-3.9.x branch by @​slawekjaranowshttps://github.com/apache/maven/pull/2177l/2177
• [MNG-8248] Add enable-native-access to startup scripts by @​slawekjaranowshttps://github.com/apache/maven/pull/2171l/2171
• [MNG-8661] Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre by @​dependabhttps://github.com/apache/maven/pull/2185l/2185
• Use dedicated local repo for ITs on Jenkins by @​slawekjaranowshttps://github.com/apache/maven/pull/2255l/2255
• [MNG-8701] Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 by @​dependabhttps://github.com/apache/maven/pull/2240l/2240
• [MNG-8702] Bump org.codehaus.plexus:plexus-classworlds from 2.8.0 to 2.9.0 by @​dependabhttps://github.com/apache/maven/pull/2241l/2241
• [MNG-8703] Bump commons-io:commons-io from 2.18.0 to 2.19.0 by @​dependabhttps://github.com/apache/maven/pull/2258l/2258
• [MNG-8704] Bump com.google.guava:guava from 33.4.6-jre to 33.4.8-jre by @​dependabhttps://github.com/apache/maven/pull/2264l/2264
• [MNG-8705] Bump commons-jxpath:commons-jxpath from 1.3 to 1.4.0 by @​dependabhttps://github.com/apache/maven/pull/2270l/2270
• [MNG-8706] Bump commons-cli:commons-cli from 1.8.0 to 1.9.0 by @​dependabhttps://github.com/apache/maven/pull/1665l/1665
• [MNG-8715] Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2 by @​dependabhttps://github.com/apache/maven/pull/2280l/2280
• [MNG-8707] Add methods to remove compile and test source roots by @​gnodhttps://github.com/apache/maven/pull/2275l/2275
• [MNG-8712] dependency version is a requirement, not effective by @​hboutehttps://github.com/apache/maven/pull/2279l/2279
• [MNG-8717] Remove maven-plugin-plugin:addPluginArtifactMetadata from default binding by @​slawekjaranowshttps://github.com/apache/maven/pull/2295l/2295
• [MNG-8169] Add opens java.base/java.lang=ALL-UNNAMED for MinGW by @​slawekjaranowshttps://github.com/apache/maven/pull/2296l/2296
• [MNG-8722] Use a single standalone version of asm by @​slawekjaranowshttps://github.com/apache/maven/pull/2297l/2297
• [MNG-8716] Bump resolver to 1.9.23 by @​slawekjaranowshttps://github.com/apache/maven/pull/2282l/2282
• [MNG-8731] Use https for xsi:schemaLocation in generated descriptors by @​slawekjaranowshttps://github.com/apache/maven/pull/2343l/2343
• [MNG-8711] Fix concurrent cache access by @​slawekjaranowshttps://github.com/apache/maven/pull/2345l/2345
• Update README.md by @​slawekjaranowshttps://github.com/apache/maven/pull/2353l/2353
• [MNG-8728] Bump Eclipse Sisu from 0.9.0.M3 to 0.9.0.M4 by @​cstamhttps://github.com/apache/maven/pull/2359l/2359
• [MNG-8728] Build ITs on JDK 21, 24 by @​slawekjaranowshttps://github.com/apache/maven/pull/2360l/2360
• [MNG-8734] Make Maven 3.9.10 ignore --raw-streams option by @​cstamhttps://github.com/apache/maven/pull/2361l/2361
• Bump xmlunitVersion from 2.10.0 to 2.10.1 by @​dependabhttps://github.com/apache/maven/pull/2354l/2354
• [MNG-8396] Backport: add cache layer to the filtered dep graph by @​cstamhttps://github.com/apache/maven/pull/2393l/2393
• [MNG-8745] Bump xmlunitVersion from 2.10.1 to 2.10.2 by @​dependabhttps://github.com/apache/maven/pull/2389l/2389

New Contributors

• @​fmarot made their first contributihttps://github.com/apache/maven/pull/1806l/1806

Full Changelog: apache/maven@maven-3.9.9...maven-3.9.10

v3.9.9: 3.9.9

Compare Source

Release Notes - Maven - Version 3.9.9

Bug

• [MNG-8159] - Fix search for topDirectory when using -f / --file for Maven 3.9.x
• [MNG-8165] - Maven does not find extensions for -f when current dir is root
• [MNG-8177] - Warning "&#​39;dependencyManagement.dependencies.dependency.systemPath&#​39; for com.sun:tools:jar refers to a non-existing file C:\Temp\jdk-11.0.23\..\lib\tools.jar"
• [MNG-8178] - Profile activation based on OS properties is broken for "mvn site"
• [MNG-8180] - Resolver will blindly assume it is deploying a plugin by presence of META-INF/maven/plugins.xml in JAR
• [MNG-8182] - Missing or mismatching Trusted Checksum for some artifacts is not properly reported
• [MNG-8188] - [REGRESSION] Property not resolved in profile pluginManagement

Task

• [MNG-8206] - Remove Maven 2.1 (v 2.0) compatibility bits

Dependency upgrade

• [MNG-8175] - Resolver 1.9.21
• [MNG-8179] - Upgrade Parent to 43
• [MNG-8193] - Resolver 1.9.22
• [MNG-8198] - (build) Animal Sniffer 1.24
• [MNG-8199] - Hamcrest 3.0

What's Changed

• [MNG-8159] Fix search for topDirectory when using -f / --file by @​gzmhttps://github.com/apache/maven/pull/1589l/1589
• [MNG-7194] Test missing property evaluation by @​pzygiehttps://github.com/apache/maven/pull/1570l/1570
• [3.9.x] [MNG-8175] Update Resolver to 1.9.21 by @​cstamhttps://github.com/apache/maven/pull/1598l/1598
• [MNG-8178] Fall back to system properties for missing profile activation context properties by @​kohlschuetthttps://github.com/apache/maven/pull/1603l/1603
• [MNG-8179] Upgrade Parent to 43 by @​slawekjaranowshttps://github.com/apache/maven/pull/1610l/1610
• [MNG-8180] Fail install/deploy if rogue Maven Plugin metadata found by @​cstamhttps://github.com/apache/maven/pull/1611l/1611
• [3.9.x][MNG-8193] Update to Resolver 1.9.22 by @​cstamhttps://github.com/apache/maven/pull/1627l/1627
• [MNG-8199] Hamcrest 3.0 by @​cstamhttps://github.com/apache/maven/pull/1631l/1631
• [MNG-8182] Resolved errors were created based on collect exceptions by @​cstamhttps://github.com/apache/maven/pull/1632l/1632
• [MNG-8180] Handle NPE due non-existent tags by @​cstamhttps://github.com/apache/maven/pull/1641l/1641
• [MNG-8180] Back out from failing the build by @​cstamhttps://github.com/apache/maven/pull/1642l/1642
• [MNG-8206] Remove bad plugin.xml from maven-compat by @​cstamhttps://github.com/apache/maven/pull/1646l/1646
• [MNG-8177] Add contextual info for model warnings by @​cstamhttps://github.com/apache/maven/pull/1633l/1633
• [MNG-8188] Profile properties are not interpolated by @​cstamhttps://github.com/apache/maven/pull/1634l/1634
• [MNG-8165] Align mvn.sh script with mvn.cmd by @​cstamhttps://github.com/apache/maven/pull/1647l/1647
• [MNG-8165] Get rid of bashism creeped in by @​cstamhttps://github.com/apache/maven/pull/1653l/1653

New Contributors

• @​gzm55 made their first contributihttps://github.com/apache/maven/pull/1589l/1589
• @​kohlschuetter made their first contributihttps://github.com/apache/maven/pull/1603l/1603

Full Changelog: apache/maven@maven-3.9.8...maven-3.9.9

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.