[2.x]: OPENNLP-1828: Move to Apache Parent 38

[dependabot]

Bumps org.apache:apache from 37 to 38.

Release notes

Sourced from org.apache:apache's releases.

Apache Parent POM version 38

👻 Maintenance

• Update banner links (#576) @​slawekjaranowski

📦 Dependency updates

• Bump org.apache.maven.plugins:maven-invoker-plugin from 3.10.0 to 3.10.1 (#578) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-invoker-plugin from 3.9.1 to 3.10.0 (#575) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-resources-plugin from 3.4.0 to 3.5.0 (#572) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-shade-plugin from 3.6.1 to 3.6.2 (#573) @dependabot[bot]
• Bump org.apache.apache.resources:apache-source-release-assembly-descriptor from 1.7 to 1.8 (#571) @dependabot[bot]
• Bump version.maven-surefire from 3.5.4 to 3.5.5 (#570) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-dependency-plugin from 3.9.0 to 3.10.0 (#568) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-compiler-plugin from 3.14.1 to 3.15.0 (#567) @dependabot[bot]

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[mawiesne]

@rzo1
I wonder why dependabot action did not run dep update checks for the main branch, at all. Any clue?

[rzo1]

@rzo1 I wonder why dependabot action did not run dep update checks for the main branch, at all. Any clue?

You can look in the GH action workflow for dependabot which has in its logs:

proxy | 2026/05/11 04:32:51 [214] GET [https://repo.maven.apache.org:443/maven2/org/slf4j/slf4j-api/maven-metadata.xml](https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/maven-metadata.xml)
  proxy | 2026/05/11 04:32:51 [214] 403 [https://repo.maven.apache.org:443/maven2/org/slf4j/slf4j-api/maven-metadata.xml](https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/maven-metadata.xml)
  proxy | 2026/05/11 04:32:51 [214] Remote response: This IP has been blocked for excessive or automated consumption of Maven Central in violation of the Terms of Service (https://central.sonatype.org/terms.html). Scraping, catalog enumeration, and systematic mirroring are
 prohibited. Evasion attempts — including IP rotation, user-agent spoofing, or proxy circumvention — will result in escalated enforcement. Contact mavencentral@sonatype.com to discuss compliant access.

The opennlp-2.x jobs that did succeed clearly came out of a different proxy egress (or ran before the block
tripped). It's a per-IP block on Sonatype's side and Dependabot's proxy pool is shared/rotating.

[krickert]

Looks fine to me :) hope it works.