Security vulnerability in dependencies

[carltietjen-mf]

Compile dependency:
org.codehaus.plexis.plexus-archiver version 4.7.1 has a vulnerability CVE-2023-37460. There is currently a 4.10.0 version without the vulnerability.

Provided dependency
org.apache.maven.maven-core version 3.3.1 has a vulnerability CVE-2021-26291/ There is currently a 3.9.9 version without the vulnerability.

[tbroyer]

Vulnerable code is not actually used anywhere in this project, so it's not affected by those CVEs.

I wish GitHub had a way to publicize dependabot alerts' resolutions, as I evaluated those more than a year ago. (if it has, please educate me)