Ulises Gascón
Ulises Gascón
I think that I will change my approach on this update as the git historial is not as a clear as previous 5.x releases. I am thinking to go with...
> We can discuss once I get back next week :) I pretty much have this particular merge done too as I wqs working on it a couple weeks ago....
This was solved by @wesleytodd when releasing v5.x last time, so I close the PR :)
> @UlisesGascon you can also set pull request limit and timezone, that would be nice! Feel free to add [a suggestion](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/commenting-on-a-pull-request#adding-comments-to-a-pull-request) in the PR directly @shivam-sharma7 👍
I applied your suggestions @inigomarquinez. I will love to have one approval before merging it (cc: @expressjs/express-tc ) so we can review the suggestions (if any) on the source code...
> What is the npmCommand warnings referring to in that report output? I think the issue is with [`npm install --save-dev ${{ matrix.npm-i }}`](https://github.com/expressjs/express/blob/0e3ab6ec215fc297473323fb1e8d0df03033e774/.github/workflows/ci.yml#L134). I can ask the Scorecard Team...
@inigomarquinez I think that updating the dependencies might break the pipelines, I will have a look into it.
> Do we know if the dependabot updates (assuming we decide to use that) for these versions will take into account semverness? Yes, it should support this approach. The comment...
I will suggest to open an issue on http2-express-bridge, It seems that the issue might be related to the library.
I will move this PR to draft again, as I want to include a pipeline to support integration tests again.