If we're going to do bulk dependency pruning, we should minimize the number of deprecation plans that users need to prepare for. There will likely be a few more dependencies we clean up around 5.0, so sticking with 5.0 deprecation and 6.0 removal for all of them would likely make our users' lives easier.
If there's new information about a security issue in a dependency and no clear alternative, I'd be open to an expedited removal plan as an exception, but that would be on a case-by-case basis. > On Aug 17, 2023, at 10:10 AM, Ekaterina Dimitrova <e.dimitr...@gmail.com> > wrote: > > Hi everyone, > > I propose we remove commons-codec on trunk. > The only usage I found was from CASSANDRA-12790 > <https://issues.apache.org/jira/browse/CASSANDRA-12790> - Support InfluxDb > metrics reporter configuration, which relied on commons-codec and > metrics-reporter-config, which will be removed as part of CASSANDRA-18743. > The only question is whether we can remove those two dependencies on trunk, > considering it is 5.1, or do we need to wait until 6.0. > > Best regards, > Ekaterina
