ORC-2088: Upgrade maven-dependency-plugin to 3.10.0

dependabot[bot] · dongjoon-hyun · commit 646575906520 · 2026-02-09T13:41:55.000-08:00
Bumps [org.apache.maven.plugins:maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) from 3.9.0 to 3.10.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/apache/maven-dependency-plugin/releases">org.apache.maven.plugins:maven-dependency-plugin's releases</a>.</em></p> <blockquote> <h2>3.10.0</h2> <h2>🚀 New features and improvements</h2> <ul> <li>Introduce graphRoots for dependencyFilter based mojos (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1571">#1571</a>) <a href="https://github.com/rfscholte"><code>​rfscholte</code></a></li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li>Apply excludeReactor to plugin dependencies in go-offline and resolve-plugins (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1583">#1583</a>) <a href="https://github.com/slawekjaranowski"><code>​slawekjaranowski</code></a></li> <li>Only log dependency classpath when no property/file output is specified (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1551">#1551</a>) <a href="https://github.com/mwalser"><code>​mwalser</code></a></li> <li><a href="https://issues.apache.org/jira/browse/MDEP-974">[MDEP-974]</a> - strip ansi codes when writing to a file (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1564">#1564</a>) <a href="https://github.com/elharo"><code>​elharo</code></a></li> </ul> <h2>📝 Documentation updates</h2> <ul> <li>Add analyze-only to usage page (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1587">#1587</a>) <a href="https://github.com/slawekjaranowski"><code>​slawekjaranowski</code></a></li> <li>Move doc comment to correct location (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1568">#1568</a>) <a href="https://github.com/elharo"><code>​elharo</code></a></li> <li>Focus on most recent version (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1537">#1537</a>) <a href="https://github.com/elharo"><code>​elharo</code></a></li> </ul> <h2>👻 Maintenance</h2> <ul> <li>Fix Jenkin bages in README (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1586">#1586</a>) <a href="https://github.com/slawekjaranowski"><code>​slawekjaranowski</code></a></li> <li>Improve dependencies filtering in AbstractAnalyzeMojo (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1579">#1579</a>) <a href="https://github.com/slawekjaranowski"><code>​slawekjaranowski</code></a></li> <li>Migration to JUnit 5 - avoid using AbstractMojoTestCase (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1574">#1574</a>) <a href="https://github.com/slawekjaranowski"><code>​slawekjaranowski</code></a></li> <li>Migration to JUnit 5 - avoid using AbstractMojoTestCase (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1569">#1569</a>) <a href="https://github.com/slawekjaranowski"><code>​slawekjaranowski</code></a></li> <li>Migration to JUnit 5 - avoid using AbstractMojoTestCase (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1563">#1563</a>) <a href="https://github.com/slawekjaranowski"><code>​slawekjaranowski</code></a></li> <li>Migration to JUnit 5 - avoid using AbstractMojoTestCase (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1562">#1562</a>) <a href="https://github.com/slawekjaranowski"><code>​slawekjaranowski</code></a></li> <li>Migration to JUnit 5 (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1558">#1558</a>) <a href="https://github.com/slawekjaranowski"><code>​slawekjaranowski</code></a></li> <li>JUnit Jupiter best practices (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1548">#1548</a>) <a href="https://github.com/slachiewicz"><code>​slachiewicz</code></a></li> <li>Migrate JUnit3 based Tests to JUnit 5 (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1541">#1541</a>) <a href="https://github.com/sparsick"><code>​sparsick</code></a></li> </ul> <h2>📦 Dependency updates</h2> <ul> <li>Bump org.apache.maven.shared:maven-dependency-analyzer from 1.16.0 to 1.17.0 (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1584">#1584</a>) <a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump org.assertj:assertj-core from 2.9.1 to 3.27.7 in /src/it/projects/analyze-testDependencyWithNonTestScope (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1581">#1581</a>) <a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1582">#1582</a>) <a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1580">#1580</a>) <a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump org.apache.maven.plugins:maven-plugins from 46 to 47 (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1578">#1578</a>) <a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump org.codehaus.plexus:plexus-archiver from 4.10.4 to 4.11.0 (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1576">#1576</a>) <a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump org.apache.maven.plugins:maven-plugins from 45 to 46 (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1573">#1573</a>) <a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump org.jsoup:jsoup from 1.21.2 to 1.22.1 (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1572">#1572</a>) <a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump mavenVersion from 3.9.11 to 3.9.12 (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1570">#1570</a>) <a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1559">#1559</a>) <a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump commons-io:commons-io from 2.20.0 to 2.21.0 (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1552">#1552</a>) <a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4 (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1553">#1553</a>) <a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump org.codehaus.plexus:plexus-io from 3.5.2 to 3.6.0 (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1554">#1554</a>) <a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump org.codehaus.plexus:plexus-i18n from 1.0.0 to 1.1.0 (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1555">#1555</a>) <a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1550">#1550</a>) <a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump org.codehaus.plexus:plexus-io from 3.5.1 to 3.5.2 (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1538">#1538</a>) <a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3 (<a href="https://redirect.github.com/apache/maven-dependency-plugin/pull/1539">#1539</a>) <a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/apache/maven-dependency-plugin/commit/4127c336cc2420d0f19e7927371f979841df6e7b"><code>4127c33</code></a> [maven-release-plugin] prepare release maven-dependency-plugin-3.10.0</li> <li><a href="https://github.com/apache/maven-dependency-plugin/commit/68b5e4733ab4c908ce782eaa1eb7315dda9af034"><code>68b5e47</code></a> Add analyze-only to usage page</li> <li><a href="https://github.com/apache/maven-dependency-plugin/commit/09d5860369068c74a21e0f3153912cbf6f73ed5b"><code>09d5860</code></a> Fix Jenkin bages in README</li> <li><a href="https://github.com/apache/maven-dependency-plugin/commit/4308f6ccfe82f60fdff18ddaeabb85b44e80ee0d"><code>4308f6c</code></a> Bump org.apache.maven.shared:maven-dependency-analyzer</li> <li><a href="https://github.com/apache/maven-dependency-plugin/commit/ba3c570e3de0b113a07acce0be7e50686fc48c84"><code>ba3c570</code></a> Apply excludeReactor to plugin dependencies in go-offline and resolve-plugins</li> <li><a href="https://github.com/apache/maven-dependency-plugin/commit/0d88b668ca4e192534bbba6402e9051aae8229ab"><code>0d88b66</code></a> Only log dependency classpath when no property/file output is specified</li> <li><a href="https://github.com/apache/maven-dependency-plugin/commit/0075e3140a2986fef6eae41253dbc69fb287957e"><code>0075e31</code></a> Bump org.assertj:assertj-core (<a href="https://redirect.github.com/apache/maven-dependency-plugin/issues/1581">#1581</a>)</li> <li><a href="https://github.com/apache/maven-dependency-plugin/commit/65d53bba0a0e829ca0ed8f17e9803d86755df61f"><code>65d53bb</code></a> Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (<a href="https://redirect.github.com/apache/maven-dependency-plugin/issues/1582">#1582</a>)</li> <li><a href="https://github.com/apache/maven-dependency-plugin/commit/eaf54f044b31d450646c7b0cc40297cb0b829400"><code>eaf54f0</code></a> Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (<a href="https://redirect.github.com/apache/maven-dependency-plugin/issues/1580">#1580</a>)</li> <li><a href="https://github.com/apache/maven-dependency-plugin/commit/ece9a38fdc29ca84eb278ea7c4e38be7735af4af"><code>ece9a38</code></a> Improve dependencies filtering in AbstractAnalyzeMojo</li> <li>Additional commits viewable in <a href="https://github.com/apache/maven-dependency-plugin/compare/maven-dependency-plugin-3.9.0...maven-dependency-plugin-3.10.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-dependency-plugin&package-manager=maven&previous-version=3.9.0&new-version=3.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `dependabot rebase` will rebase this PR - `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Closes #2525 from dependabot[bot]/dependabot/maven/java/org.apache.maven.plugins-maven-dependency-plugin-3.10.0. Authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Dongjoon Hyun <dongjoon@apache.org>
diff --git a/java/pom.xml b/java/pom.xml
@@ -76,7 +76,7 @@
     <jts.version>1.20.0</jts.version>
     <junit.version>6.0.2</junit.version>
     <maven-assembly-plugin.version>3.8.0</maven-assembly-plugin.version>
-    <maven-dependency-plugin.version>3.9.0</maven-dependency-plugin.version>
+    <maven-dependency-plugin.version>3.10.0</maven-dependency-plugin.version>
     <maven-enforcer-plugin.version>3.6.2</maven-enforcer-plugin.version>
     <maven-shade-plugin.version>3.6.1</maven-shade-plugin.version>
     <maven.compiler.release>${java.version}</maven.compiler.release>
