MINOR: [Java] Bump org.apache:apache from 18 to 31 in /java

[dependabot]

Bumps org.apache:apache from 18 to 31.

Release notes

Sourced from org.apache:apache's releases.

Apache Parent POM version 31

New Feature

• [MPOM-440] - Add maven-checkstyle-plugin to pluginManagement

Improvement

• [MPOM-399] - Set minimalMavenBuildVersion to 3.6.3 - the minimum used by plugins

Dependency upgrade

• [MPOM-430] - Bump maven-javadoc-plugin from 3.5.0 to 3.6.2
• [MPOM-431] - Bump maven-clean-plugin from 3.2.0 to 3.3.2
• [MPOM-432] - Bump maven-enforcer-plugin from 3.3.0 to 3.4.1
• [MPOM-433] - Bump maven-invoker-plugin from 3.5.1 to 3.6.0
• [MPOM-434] - Bump maven-shade-plugin from 3.4.1 to 3.5.1
• [MPOM-435] - Bump maven-war-plugin from 3.3.2 to 3.4.0
• [MPOM-437] - Bump maven-dependency-plugin from 3.6.0 to 3.6.1
• [MPOM-438] - Bump maven-plugin-plugin from 3.9.0 to 3.10.2
• [MPOM-439] - Bump maven-surefire from 3.1.2 to 3.2.2

Apache Parent POM version 30

Bug

• [MPOM-386] - update documentation for previous changes

Improvement

• [MPOM-289] - Use properties to define the versions of plugins

Dependency upgrade

• [MPOM-332] - Upgrade maven-deploy-plugin to 3.1.1
• [MPOM-344] - Update maven-remote-resources-plugin to 3.1.0
• [MPOM-388] - Upgrade Maven Dependency Plugin from 3.4.0 to 3.6.0
• [MPOM-389] - Upgrade to Maven Project Info Reports Plugin 3.4.2
• [MPOM-390] - Upgrade to Maven Fluido Skin 1.11.2
• [MPOM-394] - Upgrade Maven Project Info Reports Plugin to 3.4.5
• [MPOM-395] - upgrade Maven Compiler Plugin to 3.11.0
• [MPOM-396] - upgrade Maven Assembly Plugin to 3.6.0
• [MPOM-398] - Bump maven-help-plugin from 3.3.0 to 3.4.0
• [MPOM-400] - Bump maven-invoker-plugin from 3.3.0 to 3.5.1
• [MPOM-402] - Bump maven-javadoc-plugin from 3.4.1 to 3.5.0

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[kou]

It seems that we need to use Maven 3.6.3 or later for this:

https://github.com/apache/arrow/actions/runs/7250708110/job/19751497905?pr=39279#step:8:3468

Error:  Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.4.1:enforce (enforce-maven-version) on project arrow-bom: 
Error:  Rule 0: org.apache.maven.enforcer.rules.version.RequireMavenVersion failed with message:
Error:  Detected Maven Version: 3.5.0 is not in the allowed range [3.6.3,).

Dropping support for Maven 3.6.2 or earlier is acceptable?

FYI: It seems that Maven 3.6.2 or earlier reached EOL: https://maven.apache.org/docs/history.html#maven-3-6-x-and-before

Maven before 3.6.3 has now reached its end of life.

[lidavidm]

It looks like Debian has at least 3.6.3. CentOS might be an issue though?

[jbonofre]

We can deal with enforcer. I think we can close this dependabot PR as it will be covered by #39215

[kou]

OK. I close this.
We don't need to care about CentOS 7. Because we don't use packaged Maven on CentOS 7.

@jbonofre Could you also update Maven versions in .env/docker-compose.yml/ci/docker/*.dockerfile too in #39215?

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.