[BUG] EOL package async-cache used in Opensearch-dashboards

[aggarwalShivani]

Describe the bug
EOL package is being shipped in Opensearch-dashboards. Please find details below:

Th npm package async-cache had reached its EOL and was last published 8 years ago. It is recommended to be replaced by package like lru-cache.
Opensearch dashboards depends on a node-module elastic-apm-node@^3.43.0.

Version 3.x of elastic-apm-node depended on async-cache package. (See here)
From version 4.x of elastic-apm-node, fix is available as it uses lru-cache instead and not async-cache ( See here)

Expected behavior
Opensearch-dashboards to not bundle dependencies/libraries that have reached EOL and aren't supported anymore.

Dashboards Version: 3.0.0 (main branch of the project)

Ask:
To solve this, it would need a major version upgrade of elastic-apm-node to 4.x in dashboards.
Q1: Is this version upgrade already planned?
Q2: Is it feasible to do this version upgrade now? Are there any risks associated or any architectural level changes needed with usage of this package?

Request feedback on the issue and mitigation for EOL issue.
I would be happy to raise a PR if needed.

[kavilla]

@AMoo-Miki to comment on this

[AMoo-Miki]

I see no licensing problem with using [email protected] with is distributed with 2-clause BSD.

Is this version upgrade already planned?
Is it feasible to do this version upgrade now?

We examine new packages all the time and will surely look into this too.

Are there any risks associated or any architectural level changes needed with usage of this package?

Their changelog indicates a lot of breaking changes. We would only know after an initial examination of the API changes across the versions.