maven fix3

[Jayesh45-master]

Fixes #11562
Title

Remove unused BouncyCastle dependency from Maven core build

Summary

This pull request removes the unused bcprov-jdk18on dependency from the Maven core build.

The dependency was present but not used by Maven core itself, as noted in the review comment. Maven core should not define cryptographic providers that are not strictly required, and each consuming project should explicitly declare the artifacts it needs.

Removing this dependency ensures:
A cleaner and more minimal dependency graph
Improved clarity of Maven core responsibilities
Reduced risk of unnecessary dependency resolution during builds

Background and Motivation
In the discussion on #11562, it was pointed out that:
“bcprov-jdk18on is not used by Maven core itself; each project should define needed artifacts.”
Keeping unused dependencies in Maven core is undesirable because it:
Introduces unnecessary transitive dependencies
Can cause confusion about what Maven core actually relies on
Increases the surface area for dependency resolution issues, especially in restricted or offline environments
This PR addresses that concern directly by removing the unused dependency.

What This PR Does
Removes the following unused dependency from the Maven core build configuration:

org.bouncycastle
bcprov-jdk18on
1.78.1

Does not introduce any new dependencies
Does not change runtime behavior
Verification Steps Performed

Clean build

mvn -DskipTests clean verify

✔ Build succeeds without the dependency.

Offline build verification

mvn -o -DskipTests validate

✔ No network access attempted.

Dependency inspection

mvn dependency:tree | grep bouncycastle

✔ No remaining BouncyCastle dependencies in Maven core.

Why This Change Is Safe
The dependency was not referenced in Maven core code
No APIs, tests, or plugins rely on it internally
Downstream projects remain free to declare BouncyCastle explicitly if needed
This change strictly improves build hygiene without altering behavior.

Impact
Simplifies Maven core dependency management
Avoids unnecessary cryptographic provider inclusion
Improves reproducibility and clarity of the Maven build

Branch and Update Notes
This PR is based on the master branch (correct for 4.1.0-SNAPSHOT)
The update was applied by amending the existing commit and force-pushing, as this PR was already open
No additional PR was created

Checklist
Addresses a single issue (#11562)
Change is minimal and focused
No functional behavior changes
Build and offline verification completed
Commit history updated via rebase / force-push

License
[x] I hereby declare this contribution to be licensed under the Apache License Version 2.0, January 2004.
[x] An Apache Individual Contributor License Agreement is not required for this contribution.

Removed the unused bcprov-jdk18on dependency as suggested.
Force-pushed the update to this PR.
Please let me know if further adjustments are needed.

[slawekjaranowski]

not used by Maven core itself ... each project should define needed artifacts

[Jayesh45-master]

Thanks for the review and the suggestion.

I have removed the unused bcprov-jdk18on dependency as pointed out, since it is not required by Maven core itself and should be defined by individual projects if needed.

After updating the POM and force-pushing the changes to this PR, I verified that:

Maven no longer declares or resolves any BouncyCastle dependencies
The build completes successfully
No SNAPSHOT artifacts are downloaded
Offline build (mvn -o validate) works as expected

This aligns with Maven’s goal of avoiding unnecessary or unstable dependencies in core.

Please let me know if any further adjustments or validation are required.