Log message:
Pullup ticket #6518 - requested by wiz
devel/apache-maven: security fix

Revisions pulled up:
- devel/apache-maven/Makefile                                   1.18
- devel/apache-maven/PLIST                                      1.12
- devel/apache-maven/distinfo                                   1.20
- devel/apache-maven/patches/patch-bin_mvn                      1.9

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Fri Oct  8 15:08:21 UTC 2021

   Modified Files:
   	pkgsrc/devel/apache-maven: Makefile PLIST distinfo
   	pkgsrc/devel/apache-maven/patches: patch-bin_mvn

   Log message:
   apache-maven: update to 3.8.3.

   3.8.3

   ** Bug
        * [MNG-7045] - Drop CDI API from Maven
        * [MNG-7214] - Bad transitive dependency parent from CDI API
        * [MNG-7215] - [Regression] Maven Site Plugin cannot resolve parent site \ 
descriptor without locale
        * [MNG-7216] - Revert MNG-7170
        * [MNG-7218] - [Regression] o.a.m.model.Build.getSourceDirectory() \ 
incorrectly returns absolute dir on 3.8.2
        * [MNG-7219] - [Regression] plexus-cipher missing from transitive \ 
dependencies
        * [MNG-7220] - [REGRESSION] test-classpath incorrectly resolved
        * [MNG-7251] - Fix threadLocalArtifactsHolder leaking into cloned project
        * [MNG-7253] - Relocation message is never shown

   ** New Feature
        * [MNG-7164] - Add constructor MojoExecutionException(Throwable)

   ** Improvement
        * [MNG-7235] - Speed improvements when calculating the sorted project graph
        * [MNG-7236] - The DefaultPluginVersionResolver should cache results for \ 
the session

   ** Task
        * [MNG-7252] - Fix warnings issued by dependency:analyze
        * [MNG-7254] - Expand Windows native libraries for Jansi due to \ 
JDK-8195129 (workaround)

   3.8.2

   ** Sub-task
        * [MNG-6281] - ArrayIndexOutOfBoundsException caused by pom.xml with \ 
invalid/duplicate XML

   ** Bug
        * [MNG-4706] - Multithreaded building can create bad files for \ 
downloaded artifacts in local repository
        * [MNG-5307] - NPE during resolution of dependencies - parallel mode
        * [MNG-5315] - Artifact resolution sporadically fails in parallel builds
        * [MNG-5838] - Maven on No-File-Lock Systems
        * [MNG-5868] - Adding serval times the same artifact via \ 
MavenProjectHelper (attachArtifact) keep adding to the List duplicate artifacts
        * [MNG-6071] - GetResource ('/) returns 'null' if build is started with -f
        * [MNG-6216] - ArrayIndexOutOfBoundsException when parsing POM
        * [MNG-6239] - Jansi messes up System.err and System.out
        * [MNG-6380] - Option -Dstyle.color=always doesn't force color output
        * [MNG-6604] - Intermittent failures while downloading GAVs from Nexus
        * [MNG-6648] - 'mavenrc_pre' script does not receive arguments like \ 
mavenrc in Bourne shell does
        * [MNG-6719] - mvn color output escape keys w/ "| tee xxx.log" \ 
on Win with git/bash
        * [MNG-6737] - StackOverflowError when version ranges are unsolvable and \ 
graph contains a cycle
        * [MNG-6767] - Plugin with ${project.groupId} resolved improperly
        * [MNG-6819] - NullPointerException for \ 
DefaultArtifactDescriptorReader.loadPom
        * [MNG-6828] - DependencyResolutionException breaks serialization
        * [MNG-6842] - ProjectBuilderTest uses Guava, but Guava is not defined \ 
in dependencies
        * [MNG-6843] - Parallel build fails due to missing JAR artifacts in \ 
compilePath
        * [MNG-6850] - Prevent printing the EXEC_DIR when it's just a disk letter
        * [MNG-6921] - Maven compile with properties ${artifactId} and \ 
${project.build.finalName} occurs java.lang.NullPointerException
        * [MNG-6937] - StringSearchModelInterpolatorTest fails on symlinked paths
        * [MNG-6964] - Maven version sorting is internally inconsistent
        * [MNG-6983] - Plugin key can get out of sync with artifactId and groupId
        * [MNG-7000] - metadata.mdo contains invalid link to schema
        * [MNG-7032] - Option -B still showing formatting when used with --version
        * [MNG-7034] - StackOverflowError thrown if a cycle exists in BOM imports
        * [MNG-7090] - mvnDebug does not work on Java 11+
        * [MNG-7127] - NullPointerException in MavenCliTest.testStyleColors in JDK 16
        * [MNG-7155] - make sources jar reproducible (upgrade \ 
maven-source-plugin to 3.2.1)
        * [MNG-7161] - Error thrown during uninstalling of JAnsi

   ** New Feature
        * [MNG-7149] - Introduce MAVEN_DEBUG_ADDRESS in mvnDebug scripts

   ** Improvement
        * [MNG-2802] - Concurrent-safe access to local Maven repository
        * [MNG-6471] - Parallel builder should use  the module name as thread name
        * [MNG-6754] - Set the same timestamp in multi module builds
        * [MNG-6810] - Remove profiles in maven-model
        * [MNG-6811] - Remove unnecessary filtering configuration
        * [MNG-6816] - Prefer System.lineSeparator() over system properties
        * [MNG-6827] - Replace deprecated StringUtils#defaultString() from \ 
Plexus Utils
        * [MNG-6837] - Simplify detection of the MAVEN_HOME and make it fully \ 
qualified on Windows
        * [MNG-6844] - Use StandardCharsets and remove outdated @SuppressWarnings
        * [MNG-6853] - Don't box primitives where it's not needed
        * [MNG-6859] - Build not easily reproducible when built from source \ 
release archive
        * [MNG-6873] - Inconsistent library versions notice
        * [MNG-6967] - Improve the command line output from maven-artifact
        * [MNG-6987] - Reorder groupId before artifactId when writing an \ 
exclusion using maven-model
        * [MNG-7010] - Omit "NB: JAVA_HOME should point to a JDK not a \ 
JRE" except when that is the problem
        * [MNG-7064] - Use HTTPS for schema location in global settings.xml
        * [MNG-7080] - Add a --color option
        * [MNG-7170] - Allow to associate pomFile/${basedir} with \ 
DefaultProjectBuilder.build(ModelSource, ...)
        * [MNG-7180] - Make --color option behave more like BSD/GNU grep's \ 
--color option
        * [MNG-7181] - Make --version support -q
        * [MNG-7185] - Describe explicit and recommended version for \ 
VersionRange.createFromVersionSpec()
        * [MNG-7190] - Load mavenrc from /usr/local/etc also in Bourne shell script

   ** Task
        * [MNG-6598] - Maven 3.6.0 and Surefire problem
        * [MNG-6884] - Cleanup POM File after version upgrade
        * [MNG-7172] - Remove expansion of Jansi native libraries
        * [MNG-7184] - document .mavenrc/maven_pre.bat|cmd scripts and
   MAVEN_SKIP_RC environment variable

   3.8.1

   This release with CVE fixes is a result based on the findings and feedback of \ 
Jonathan Leitschuh
   and Olaf Flebbe.

   One of the changes that might impact your builds is the way custom \ 
repositories defined in
   dependency POMs will be handled.
   By default external insecure repositories will now be blocked (localhost over \ 
HTTP will still
   work).
   Configuration can be adjusted via the conf/settings.xml.

   Release Notes - Maven - Version 3.8.1

   ** Bug

       * [MNG-7128] - improve error message when blocked repository defined in \ 
build POM

   ** New Feature

       * [MNG-7116] - Add support for mirror selector on external:http:*
       * [MNG-7117] - Add support for blocking mirrors
       * [MNG-7118] - Block external HTTP repositories by default

   ** Dependency upgrade
       * [MNG-7119] - Upgrade Maven Wagon to 3.4.3
       * [MNG-7123] - Upgrade Maven Resolver to 1.6.2