tuxji commented on pull request #644: URL: https://github.com/apache/daffodil/pull/644#issuecomment-927849538
Please bump github-script to v5.0.0, not v5. The v5.x.x tags are immutable, but the v5 tag will change in the future to stay synchronized to the latest v5.x.x tag, which will bypass dependabot's alerts prompting us to check each v5.x.x update carefully. I consider this a bug in dependabot itself (it should be smart enough to know the difference between an immutable tag and a mutable tag and not bump from an immutable tag to a mutable tag). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
