Dependency to threetenbp should be obsolete?

[in-fke]

Is your feature request related to a problem? Please describe.
google-cloud-pubsub depends on threetenbp but:

1. ThreeTenBP (ThreeTen Backport) is a backport of the Java 8 java.time API (JSR-310) to Java 6 and 7.
2. google-cloud-pubsub requires Java 8 or higher

Describe the solution you'd like
Remove dependency to threetenbp (bloats SBOM and CVE findings in threetenbp).

Describe alternatives you've considered
Workaround may be explicit exclusion when declaring the dependency.

Additional context
see

java-pubsub/google-cloud-pubsub/pom.xml

Line 73 in 017eb0f

<dependency>

threetenbp reported to have:
https://nvd.nist.gov/vuln/detail/cve-2024-23081
https://nvd.nist.gov/vuln/detail/CVE-2024-23082

[michaelpri10]

Hello! The library was recently updated to introduce methods that use the java.time API as opposed to the threetenbp API in #2271. In order to keep the changes backwards compatible, the existing methods needed to be kept, but have been marked as obsolete. There is a longer term plan to mark the usage of threetenbp in this library as deprecated and later to remove it in future major versions of the library, but there is not a set timeline for when this will be completed.

[lxf136]

#2431

Maven 3 and JDK 21.

<dependency>
            <groupId>com.google.cloud</groupId>
            <artifactId>google-cloud-pubsub</artifactId>
            <version>${google-cloud-pubsub.version}</version>
            <exclusions>
                <exclusion>
                    <groupId>org.threeten</groupId>
                    <artifactId>threetenbp</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>com.google.cloud</groupId>
            <artifactId>google-cloud-storage</artifactId>
            <version>${google-cloud-storage.version}</version>
            <exclusions>
                <exclusion>
                    <groupId>org.threeten</groupId>
                    <artifactId>threetenbp</artifactId>
                </exclusion>
            </exclusions>
</dependency>

but when removing the lib, even using jdk 21, or any one +jdk8, a class not found and error occurs.