Do not auto-update exclusions when changing dependency coordinates

ChangeDependencyGroupIdAndArtifactId previously called ChangeExclusion to
rename all exclusions matching the old coordinates to the new ones. This is
incorrect because exclusions exist to block OLD transitive dependencies that
other libraries may still pull in. Changing the exclusion from the old to the
new coordinates means the old vulnerable artifact is no longer blocked.

A stale exclusion (excluding something no longer pulled in transitively) is
harmless, but an incorrect exclusion (no longer blocking a vulnerable
transitive dependency) causes real problems.

Author: Jenson3210

rewrite-maven/src/main/java/org/openrewrite/maven/ChangeDependencyGroupIdAndArtifactId.java

@@ -122,8 +122,7 @@ public String getInstanceNameSuffix() {
     }
 
     String description = "Change a Maven dependency coordinates. The `newGroupId` or `newArtifactId` **MUST** be different from before. " +
-                "Matching `<dependencyManagement>` coordinates are also updated if a `newVersion` or `versionPattern` is provided. " +
-                "Exclusions that reference the old dependency coordinates will also be updated to match the new coordinates.";
+                "Matching `<dependencyManagement>` coordinates are also updated if a `newVersion` or `versionPattern` is provided.";
 
     @Override
     public Validated<Object> validate() {
@@ -270,12 +269,6 @@ public Xml visitDocument(Xml.Document document, ExecutionContext ctx) {
                             newArtifactId,
                             newVersion, versionPattern).getVisitor());
                 }
-                // Update any exclusions that reference the old coordinates
-                if (newGroupId != null || newArtifactId != null) {
-                    doAfterVisit(new ChangeExclusion(
-                            oldGroupId, oldArtifactId,
-                            newGroupId, newArtifactId).getVisitor());
-                }
                 return super.visitDocument(document, ctx);
             }
 

rewrite-maven/src/test/java/org/openrewrite/maven/ChangeDependencyGroupIdAndArtifactIdTest.java

@@ -3489,16 +3489,18 @@ void versionNotDroppedWhenSwaggerMigratedFirst() {
 
     @Issue("https://github.com/moderneinc/customer-requests/issues/1330")
     @Test
-    void exclusionUpdatedWhenDependencyGroupIdChanges() {
-        // When changing a dependency's groupId/artifactId, any exclusions that match
-        // the old coordinates should be updated to match the new coordinates.
+    void exclusionNotUpdatedWhenDependencyGroupIdChanges() {
+        // When changing a dependency's groupId/artifactId, exclusions that match
+        // the old coordinates should NOT be updated. The exclusion exists to block
+        // the old transitive dependency, and other libraries may still depend on
+        // the old artifact transitively.
         rewriteRun(
           spec -> spec.recipe(new ChangeDependencyGroupIdAndArtifactId(
             "com.fasterxml.jackson.jaxrs",
             "jackson-jaxrs-json-provider",
             "com.fasterxml.jackson.jakarta.rs",
             "jackson-jakarta-rs-json-provider",
-            "2.x",
+            "2.18.x",
             null
           )),
           pomXml(