Blake Embrey

> That's my best-case, thanks! Does that mean you'd want an option like how it behaved in < 1.0? Something like `dotfiles: 'allow file'`? I'll think on the behavior more...

@samuelstroschein I used yesterday's meeting to discuss ESM in our packages and there was buy-in, so I'm reopening the issue. It was closed prematurely. Agree with everything you've brought up...

Can we move these into another repo instead? https://github.com/expressjs/security-wg/issues/31 Why are we upgrading? What’s changed? This doesn’t fix that scorecard workflows turn themselves off when the repo isn’t popular right?

I think it'd be beneficial to separate this into two issues: Express and downstream vs upstream packages that happen to live under the organization. It may be bias, but it's...

I do also want to clarify that the discussion in the TC meeting was specifically about decoupling from node HTTP, but not specifically about supporting non-node environments. They're related, but...

It's not being deprecated, it should probably be updated. Version 2 changed the escape characters to ensure it aligned closer to the URL spec. I do reference it as a...

The dependency is used here: https://github.com/pillarjs/finalhandler/blob/42a0a2a14ff37fe0bd6413c5986f86fe7a1b2e7e/index.js#L115 I don't actually think it's necessary and can be removed. The pathname would already be encoded if grabbing it from the request 🤷

1. I'm not sure I understand, can you elaborate on what "the whole string"? 2. Sounds good, I'm open to a PR that changes it to something like `...; visit...

I like the PR, but I think it's probably better to keep this in user land for now until there's a solid proposal that works with the existing methods and...

I agree with the sentiment, but in practice deprecating it on NPM creates noise for people that can't/won't update yet and the package is still supported. That said, I'm strongly...