+1
> On Aug 11, 2023, at 8:10 AM, Brandon Williams <dri...@gmail.com> wrote: > > +1 > > Kind Regards, > Brandon > >> On Fri, Aug 11, 2023 at 8:08 AM Ekaterina Dimitrova >> <e.dimitr...@gmail.com> wrote: >> >> >> “ The rationale for this proposed deprecation is that the upcoming 5.0 >> release is a good time to evaluate dependencies that are no longer receiving >> updates and will become risks in the future.” >> >> Thank you for raising it, I support your proposal for deprecation >> >>> On Fri, 11 Aug 2023 at 8:55, Abe Ratnofsky <a...@aber.io> wrote: >>> >>> Hey folks, >>> >>> Opening a thread to get input on a proposed dependency deprecation in 5.0: >>> metrics-reporter-config has been archived for 3 years and not updated in >>> nearly 6 years. >>> >>> This project has a minor security issue with its usage of unsafe YAML >>> loading via snakeyaml’s unprotected Constructor: >>> https://nvd.nist.gov/vuln/detail/CVE-2022-1471 >>> >>> This CVE is reasonable to suppress, since operators should be able to trust >>> their YAML configuration files. >>> >>> The rationale for this proposed deprecation is that the upcoming 5.0 >>> release is a good time to evaluate dependencies that are no longer >>> receiving updates and will become risks in the future. >>> >>> https://issues.apache.org/jira/browse/CASSANDRA-18743 >>> >>> — >>> Abe >>>
