HADOOP-19883. Upgrade Maven to 3.9.15

[pan3793]

Description of PR

A regular toolchain upgrading, contains bug and CVE fixes.

Notable Changes in Maven 3.9.11 => 3.9.15

Maven 3.9.12

• Remove usage of terminally deprecated methods in Guice (eliminates warnings on JDK 25+)
• Simplify plugin prefix resolution — avoids unnecessary lookups when prefix is already mapped
• Verify Java version requirements for plugins before execution — clear error if not met
• Resolver 1.9.25: refined locking (increased lock-name selectivity for parallel builds), lock timeouts increased from 30s => 15min

Maven 3.9.13

• Plugin prerequisites check now properly supports ranges for Java 8 (or 1.8)
• Fixed Plexus Security Dispatcher warnings on Java 26+
• Updated plugin versions in default bindings
• Resolver 1.9.27: reverted parallel PUT change, HTTP 410 treated as 404, Apache HTTP transport proxy fixes, fixed locally cached artifacts escaping RRF

Maven 3.9.14

• Quickfix: removed testing libraries accidentally included in 3.9.13 distribution (GH-11762)

Maven 3.9.15

• Upgraded plexus-utils to 3.6.1 (addresses CVE)
• Upgraded jansi to 2.4.3 (color console output works on Java 26+)

Contains content generated by: deepseek-v4-pro

How was this patch tested?

Pass CI.

For code changes:

• Does the title or this PR starts with the corresponding JIRA issue id (HADOOP-19883)?
• Object storage: have the integration tests been executed and the endpoint declared according to the connector-specific documentation?
• If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
• If applicable, have you updated the LICENSE, LICENSE-binary, NOTICE-binary files?

AI Tooling

If an AI tool was used:

• The PR includes the phrase "Contains content generated by "
  where is the name of the AI tool used.
• My use of AI contributions follows the ASF legal policy
  https://www.apache.org/legal/generative-tooling.html

[hadoop-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	18m 56s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 0s		codespell was not available.
+0 🆗	detsecrets	0m 0s		detect-secrets was not available.
+0 🆗	shelldocs	0m 0s		Shelldocs was not available.
+0 🆗	xmllint	0m 1s		xmllint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
-1 ❌	test4tests	0m 0s		The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
			_ trunk Compile Tests _
+1 💚	mvninstall	50m 54s		trunk passed
+1 💚	compile	17m 20s		trunk passed with JDK Ubuntu-21.0.10+7-Ubuntu-124.04
+1 💚	compile	17m 51s		trunk passed with JDK Ubuntu-17.0.18+8-Ubuntu-124.04.1
+1 💚	mvnsite	19m 52s		trunk passed
+1 💚	javadoc	9m 36s		trunk passed with JDK Ubuntu-21.0.10+7-Ubuntu-124.04
+1 💚	javadoc	9m 30s		trunk passed with JDK Ubuntu-17.0.18+8-Ubuntu-124.04.1
+1 💚	shadedclient	52m 37s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
-1 ❌	mvninstall	0m 14s	/patch-mvninstall-root.txt	root in the patch failed.
-1 ❌	compile	0m 15s	/patch-compile-root-jdkUbuntu-21.0.10+7-Ubuntu-124.04.txt	root in the patch failed with JDK Ubuntu-21.0.10+7-Ubuntu-124.04.
-1 ❌	javac	0m 15s	/patch-compile-root-jdkUbuntu-21.0.10+7-Ubuntu-124.04.txt	root in the patch failed with JDK Ubuntu-21.0.10+7-Ubuntu-124.04.
-1 ❌	compile	0m 14s	/patch-compile-root-jdkUbuntu-17.0.18+8-Ubuntu-124.04.1.txt	root in the patch failed with JDK Ubuntu-17.0.18+8-Ubuntu-124.04.1.
-1 ❌	javac	0m 14s	/patch-compile-root-jdkUbuntu-17.0.18+8-Ubuntu-124.04.1.txt	root in the patch failed with JDK Ubuntu-17.0.18+8-Ubuntu-124.04.1.
+1 💚	blanks	0m 0s		The patch has no blanks issues.
-1 ❌	mvnsite	0m 14s	/patch-mvnsite-root.txt	root in the patch failed.
+1 💚	shellcheck	0m 0s		No new issues.
-1 ❌	javadoc	0m 15s	/patch-javadoc-root-jdkUbuntu-21.0.10+7-Ubuntu-124.04.txt	root in the patch failed with JDK Ubuntu-21.0.10+7-Ubuntu-124.04.
-1 ❌	javadoc	0m 15s	/patch-javadoc-root-jdkUbuntu-17.0.18+8-Ubuntu-124.04.1.txt	root in the patch failed with JDK Ubuntu-17.0.18+8-Ubuntu-124.04.1.
-1 ❌	shadedclient	1m 45s		patch has errors when building and testing our client artifacts.
			_ Other Tests _
-1 ❌	unit	0m 15s	/patch-unit-root.txt	root in the patch failed.
+1 💚	asflicense	0m 27s		The patch does not generate ASF License warnings.
		184m 5s

Subsystem	Report/Notes
Docker	ClientAPI=1.54 ServerAPI=1.54 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8479/1/artifact/out/Dockerfile
GITHUB PR	#8479
Optional Tests	dupname asflicense codespell detsecrets mvnsite unit shellcheck shelldocs compile javac javadoc mvninstall shadedclient xmllint
uname	Linux 6f1cbe350e0d 5.15.0-174-generic #184-Ubuntu SMP Fri Mar 13 18:41:50 UTC 2026 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / 3a44404
Default Java	Ubuntu-17.0.18+8-Ubuntu-124.04.1
Multi-JDK versions	/usr/lib/jvm/java-21-openjdk-amd64:Ubuntu-21.0.10+7-Ubuntu-124.04 /usr/lib/jvm/java-17-openjdk-amd64:Ubuntu-17.0.18+8-Ubuntu-124.04.1
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8479/1/testReport/
Max. process+thread count	572 (vs. ulimit of 10000)
modules	C: . U: .
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8479/1/console
versions	git=2.43.0 maven=3.9.11 shellcheck=0.9.0
Powered by	Apache Yetus 0.14.1 https://yetus.apache.org

This message was automatically generated.

[pan3793]

Yetus uses the trunk scripts to build the docker image and run tests against the patched code in the first round, which violates the enforced.maven.version, so failure is expected, it's a known issue.

-   <enforced.maven.version>[3.9.11,)</enforced.maven.version>
+   <enforced.maven.version>[3.9.15,)</enforced.maven.version>

[pan3793]

GHA building pipeline passes, let me land this change. If it breaks anything, will revert.