bump to maven 3.8.1

[car-roll]

Maven version 3.8.1 has some important security fixes that should be rolled into this plugin.

ping @centic9

• Make sure you are opening from a topic/feature/bugfix branch (right side) and not your master branch!
• Ensure that the pull request title represents the desired changelog entry
• Please describe what you did
• Link to relevant issues in GitHub or Jira
• Link to relevant pull requests, esp. upstream and downstream changes
• Ensure you have provided tests - that demonstrates feature works or fixes the issue

[jtnord]

should not be set here either - this is provided by jenkins and likely an older version.
if you use the version from the bom (set by the parent) at least your tests will blow up as oppsoed to tests passing then the plugin blowing up at runtime.

Whilst the plugin is using the pluginFirstClassloader the slf4j implementation coming from core will be a different (and older version) likely causing issues (if this is bundled, and if not - best not pretent that you have a version different to what you get)

[car-roll]

This sounds like the same logic would be applied to the guava dependency I had to add as well. The tests were failing because of the guice bump and I could only get it to pass by bumping guava (to at least 25.1-android)

[jtnord]

so guava is probably a bit different as it is not split to an api and implementation like slf4j is .

[jtnord]

potentially caused a regression due to updated bundled Guice?
https://groups.google.com/g/jenkinsci-users/c/M7O4vOTE0Q8/m/5ucpEQeeCAAJ

[jglick]

If you are using pluginFirstClassLoader you ought to write a basic smoke test using RealJenkinsRule.

[MarkEWaite]

See https://issues.jenkins.io/browse/JENKINS-65757 for another report of a regression due to updated bundled Guice.

[jtnord]

see #151 for the fix