AC

• Merge dependabot PRs that are safe to merge (semver-compatible updates, including any standalone package-lock-only PRs)
• When updating the dev dependencies to latest available semver compatible versions ANY reformatting MUST be done in a separate pull request and should ONLY be done if the team agrees that it is an important improvement
• Check dev dependency major version updates
  • Update the major version if and ONLY if this can be done with minimal code changes; otherwise, file a ticket to update the dependency to the next major version (if one does not already exist) and include any relevant justification for updating to that version sooner rather than later, if applicable
  • Do NOT update prettier, eslint, or any other code formatter major versions in this ticket if it would result in a reformatting of the entire code base
• When updating the prod dependencies to the latest safe and semver-compatible versions:
  • Do not upgrade peer dependencies, because that is breaking - someone's build that was passing before can start failing because they didn't manually install an upgraded version of the peer dep
  • If the current major version is no longer supported, file a separate ticket to address this
• Updating TS is NOT part of this ticket, check whether a new version is available and file a separate ticket if an update is desirable
• Any dependabot PRs that cannot be merged should be closed using the dependabot ignore command after ensuring that there is a corresponding tracking NODE ticket for that update