Problem/Motivation
At the moment, the process for keeping JavaScript dependencies up to date is informal and dependent on individual contributors ensuring that updates have been applied on time. Ideally we would have processes in place for getting notified of security vulnerabilities in the dependency tree, and a step to make sure that dependencies get updated prior to every release to make (patch, minor and major). This would make sure that if an individual contributor is not available, the team would still be responsible for ensuring that updates have been applied on time.
For context, the total dependency tree at the moment is over 3000 packages meaning that updates are happening at a high frequency. Preparing to a new release should likely include multiple check points where lates updates get applied.
