Add dependabot to repos using NPM, GH actions

[dearshrewdwit]

• [ ] JS Fundamentals
• [ ] React
• [ ] Building APIs
• [ ] Database
• [ ] Auth

[dearshrewdwit]

Step 1 Add Dependabot to a repo: click on repo settings and code security & analysis

Step 2 Configure Dependabot

1. enable Dependabot version updates
2. replace the file contents with the below

version: 2
updates:
  - package-ecosystem: "npm" # See documentation for possible values
    directory: "/" # Location of package manifests
    schedule:
      interval: "weekly"

  - package-ecosystem: "github-actions"
    # Workflow files stored in the
    # default location of `.github/workflows`
    directory: "/"
    schedule:
      interval: "weekly"

3. commit the change

[dearshrewdwit]

Step 3

• Wait for PRs to trigger, and then merge manually 1 at a time, waiting for the next PR to automatically rebase itself (!) - might take a minute for each one.

[dearshrewdwit]

For React projects - there'a also a manual update needed in the react app runner.

// before
import { StrictMode } from "react";
import ReactDOM from "react-dom";

import App from "./App";

const rootElement = document.getElementById("root");
ReactDOM.render(
  <StrictMode>
    <App />
  </StrictMode>,
  rootElement
);

// after
import { StrictMode } from "react";
import { createRoot } from 'react-dom/client';

import App from "./App";

const rootElement = document.getElementById("root");
const root = createRoot(rootElement);
root.render(
  <StrictMode>
    <App tab="home" />
  </StrictMode>
);

https://reactjs.org/blog/2022/03/08/react-18-upgrade-guide.html#updates-to-client-rendering-apis