Bartlomiej Plotka

Hello from the Bug Bash! Sorry for lag, I see your point around meaningful registration errors, although some example on how you intend to use it would be great. What...

Interesting. We don't use yaml. We will have to check in the transient dependency who uses it. [At least Prometheus common has this](https://github.com/prometheus/common/blob/main/go.mod#L17). Can you add same issue on https://github.com/prometheus/common?...

This project does not use anything related to YAML, it does not use this module, so it's not vulnerable. Plus the vulnerability you mention is for v3 version only, not...

The fact it's in go.mod especially in indirect part, does not mean this code or the code we depend on actively use it. This likely comes from prometheus/common module and...

Can you share any information about v2 EOL? Can't find any official statement.

I hope it's not some odd April fools joke:  Some forks exists https://github.com/kubernetes-sigs/yaml However for those who needs yaml lib going forward, looks like https://github.com/goccy/go-yaml is being [recommended, also...

Close for now, I expect this to reappear.

Ok found a big, fixed in https://github.com/Maniktherana/prometheus/pull/3 - it's our parsing conversion issue.

Potentially related discussion on persistent upgrades https://github.com/prometheus/proposals/pull/40

We decided to backport compatibility support to the current LTS (2.53) https://github.com/prometheus/prometheus/pull/16762 Once 2.53 will have it (likely 2.53.5), we can perform the removal 👍🏽