To ensure that the 3rd-party JavaScript packages we depend on get updated routinely (for security patches, bug fixes, etc.), we use Renovate to regularly create pull requests that update them. To add Renovate to a repository with a package.json file:

  1. File an ARCHBOM ticket asking for Renovate to be enabled for the repository.

  2. Review the auto-generated configuration PR and make any appropriate changes.  Here are a few examples: edx-platform, pa11ycrawler, paragon (updated here)

  3. Merge the configuration PR.  Renovate will soon start generating PRs according to the specified preferences and schedule.

For more context and historical notes on choosing this service, see Automated JavaScript Dependency Updates .