Bump mavenVersion from 3.8.1 to 3.8.9 by dependabot[bot] · Pull Request #2538 · Commonjava/indy

dependabot · 2026-03-25T13:54:03Z

Bumps mavenVersion from 3.8.1 to 3.8.9.
Updates org.apache.maven:maven from 3.8.1 to 3.8.9

Release notes

Sourced from org.apache.maven:maven's releases.

3.8.7

Sub-task

[MNG-7019] - Notify also at start when profile is missing

Bug

[MNG-7106] - VersionRange.toString() produces a string that cannot be parsed with VersionRange.createFromVersionSpec() for same lower and upper bounds

[MNG-7316] - REGRESSION: MavenProject.getAttachedArtifacts() is read-only

[MNG-7352] - org.apache.maven.toolchain.java.JavaToolchainImpl should be public

[MNG-7529] - Maven resolver makes bad repository choices when resolving version ranges

[MNG-7563] - REGRESSION: User properties now override model properties in dependencies

[MNG-7568] - [WARNING] The requested profile "ABCDEF" could not be activated because it does not exist.

[MNG-7578] - Building Linux image on Windows impossible (patch incuded)

[MNG-7600] - LocalRepositoryManager is created too early

[MNG-7621] - Parameter '-f' causes ignoring any 'maven.config' (only on Windows)

[MNG-7637] - Possible NPE in MavenProject#hashCode()

[MNG-7644] - Fix version comparison where .X1 < -X2 for any string qualifier X

Improvement

[MNG-7590] - Allow configure resolver by properties in settings.xml

[MNG-7645] - Implement some #toString() methods

Task

[MNG-7513] - Address commons-io_commons-io vulnerability found in maven latest version

[MNG-7634] - Revert MNG-5982 and MNG-7417

[MNG-7636] - Partially revert MNG-5868 to restore backward compatibility (see MNG-7316)

Dependency upgrade

[MNG-7506] - Upgrade Maven Wagon to 3.5.2

[MNG-7641] - Upgrade Maven Wagon to 3.5.3

3.8.6

What's Changed

[MNG-7441] 3.8.x Update version of logback by @cstamas in apache/maven#708

[MNG-7432] Resolver session contains non-MavenWorkspaceReader by @laeubi in apache/maven#695

[MNG-7459] Revert "[3.8.x][MNG-7347] SessionScoped beans should be singletons for a given session" by @gnodet in apache/maven#715

[3.8.x] [MNG-7476] Display a warning when an aggregator mojo locks other mojos executions by @gnodet in apache/maven#736

Full Changelog: apache/maven@maven-3.8.5...maven-3.8.6

... (truncated)

Commits

e26b057 [maven-release-plugin] prepare release maven-3.8.9
b953b14 [MNG-6776] Inconsistent list of parameters for MojoDescriptor (#584)
dd8fb99 Fix checkstyle errors
74fc341 [MNG-7875] colorize transfer messages
9fa71ff [MNG-7895] Support ${project.basedir} in file profile activation
7959f0d [MNG-7676] Fix checksum plugin configuration (#977)
ca3b346 [MNG-7778] - Include suppressed exceptions when logging failures (#1103)
098cd95 Update DOAP with Maven 3.8.8 release
8047c59 [MNG-7561] never resolve version ranges with same lower and upper bound (#864)
0471bfd Add TODO about property source of maven.repo.local
Additional commits viewable in compare view

Updates org.apache.maven:maven-core from 3.8.1 to 3.8.9

Updates org.apache.maven:maven-plugin-api from 3.8.1 to 3.8.9

Release notes

Sourced from org.apache.maven:maven-plugin-api's releases.

3.8.7

Sub-task

[MNG-7019] - Notify also at start when profile is missing

Bug

[MNG-7106] - VersionRange.toString() produces a string that cannot be parsed with VersionRange.createFromVersionSpec() for same lower and upper bounds

[MNG-7316] - REGRESSION: MavenProject.getAttachedArtifacts() is read-only

[MNG-7352] - org.apache.maven.toolchain.java.JavaToolchainImpl should be public

[MNG-7529] - Maven resolver makes bad repository choices when resolving version ranges

[MNG-7563] - REGRESSION: User properties now override model properties in dependencies

[MNG-7568] - [WARNING] The requested profile "ABCDEF" could not be activated because it does not exist.

[MNG-7578] - Building Linux image on Windows impossible (patch incuded)

[MNG-7600] - LocalRepositoryManager is created too early

[MNG-7621] - Parameter '-f' causes ignoring any 'maven.config' (only on Windows)

[MNG-7637] - Possible NPE in MavenProject#hashCode()

[MNG-7644] - Fix version comparison where .X1 < -X2 for any string qualifier X

Improvement

[MNG-7590] - Allow configure resolver by properties in settings.xml

[MNG-7645] - Implement some #toString() methods

Task

[MNG-7513] - Address commons-io_commons-io vulnerability found in maven latest version

[MNG-7634] - Revert MNG-5982 and MNG-7417

[MNG-7636] - Partially revert MNG-5868 to restore backward compatibility (see MNG-7316)

Dependency upgrade

[MNG-7506] - Upgrade Maven Wagon to 3.5.2

[MNG-7641] - Upgrade Maven Wagon to 3.5.3

3.8.6

What's Changed

[MNG-7441] 3.8.x Update version of logback by @cstamas in apache/maven#708

[MNG-7432] Resolver session contains non-MavenWorkspaceReader by @laeubi in apache/maven#695

[MNG-7459] Revert "[3.8.x][MNG-7347] SessionScoped beans should be singletons for a given session" by @gnodet in apache/maven#715

[3.8.x] [MNG-7476] Display a warning when an aggregator mojo locks other mojos executions by @gnodet in apache/maven#736

Full Changelog: apache/maven@maven-3.8.5...maven-3.8.6

... (truncated)

Commits

e26b057 [maven-release-plugin] prepare release maven-3.8.9
b953b14 [MNG-6776] Inconsistent list of parameters for MojoDescriptor (#584)
dd8fb99 Fix checkstyle errors
74fc341 [MNG-7875] colorize transfer messages
9fa71ff [MNG-7895] Support ${project.basedir} in file profile activation
7959f0d [MNG-7676] Fix checksum plugin configuration (#977)
ca3b346 [MNG-7778] - Include suppressed exceptions when logging failures (#1103)
098cd95 Update DOAP with Maven 3.8.8 release
8047c59 [MNG-7561] never resolve version ranges with same lower and upper bound (#864)
0471bfd Add TODO about property source of maven.repo.local
Additional commits viewable in compare view

ligangty · 2026-03-28T00:11:20Z

@dependabot rebase

Bumps `mavenVersion` from 3.8.1 to 3.8.9. Updates `org.apache.maven:maven` from 3.8.1 to 3.8.9 - [Release notes](https://github.com/apache/maven/releases) - [Commits](apache/maven@maven-3.8.1...maven-3.8.9) Updates `org.apache.maven:maven-core` from 3.8.1 to 3.8.9 Updates `org.apache.maven:maven-plugin-api` from 3.8.1 to 3.8.9 - [Release notes](https://github.com/apache/maven/releases) - [Commits](apache/maven@maven-3.8.1...maven-3.8.9) --- updated-dependencies: - dependency-name: org.apache.maven:maven dependency-version: 3.8.9 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven:maven-core dependency-version: 3.8.9 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven:maven-plugin-api dependency-version: 3.8.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Mar 25, 2026

dependabot bot force-pushed the dependabot/maven/mavenVersion-3.8.9 branch from d36013f to cb3b595 Compare March 28, 2026 00:12

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump mavenVersion from 3.8.1 to 3.8.9#2538

Bump mavenVersion from 3.8.1 to 3.8.9#2538
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/maven/mavenVersion-3.8.9

dependabot bot commented on behalf of github Mar 25, 2026 •

edited

Loading

Uh oh!

ligangty commented Mar 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Mar 25, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

3.8.7

Sub-task

Bug

Improvement

Task

Dependency upgrade

3.8.6

What's Changed

3.8.7

Sub-task

Bug

Improvement

Task

Dependency upgrade

3.8.6

What's Changed

Uh oh!

ligangty commented Mar 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Mar 25, 2026 •

edited

Loading