Create a process for updating dependencies (from 118)

[gigamorph]

Problem Description: The frontend does not have a process for updating packages based on vulnerabilities or on latest releases.

Expected Behavior/Solution: A process for updating packages should be created.

Requirements:

• [ ] use precise version numbers in package.json
• [ ] Migrate from create-react-app/react-scripts
• [ ] Utilize yarn audit and yarn-audit-fix package to check for vulnerabilities and updates
• [ ] Perform a monthly audit to ensure packages are maintained regularly
• [ ] yarn update or yarn update-interactive commands should be used to update the packages

Needed for promotion: If an item on the list is not needed, it should be crossed off but not removed.

• [x] ~Wireframe/Mockup - Mike~
• [x] ~Committee discussions - Sarah~
• [x] ~Feasibility/Team discussion - Sarah~
• [x] ~Backend requirements - TBD~
• [ ] Frontend requirements - Kam
• [ ] Questions:
• When to update packages?
• What determines a package's priority to be updated (criticality, etc)?
• What testing will be performed once a package is updated to ensure there are no dependency issues?

UAT/LUX Examples: N/A

Dependencies/Blocks: N/A

Related Github Issues:

• 412

Related links: N/A

Wireframe/Mockup: N/A

[roamye]

@kamerynB Do these questions need to be brought up at an IT meeting?

[kamerynB]

@roamye No they are more for me. I've been part of dev teams that have had processes in place for updating packages so that was me asking questions to myself on how I can use previous knowledge for this task. 😄

[roamye]

dev mtg 10/21:

• one of the purposes of this issue is to eliminate any current/future security risks.

[clarkepeterf]

Yarn has a tool to help upgrade packages: https://classic.yarnpkg.com/lang/en/docs/cli/upgrade-interactive/