added yarn upgrade action

.github/dependabot.yml

@@ -3,21 +3,19 @@ updates:
 - package-ecosystem: npm
   directory: "/"
   schedule:
-    interval: daily
+    interval: weekly
   open-pull-requests-limit: 10
   reviewers:
    - "w3f/infrastructure"
   ignore:
    - dependency-name: "*"
-     update-types: ["version-update:semver-major"]
+     update-types: ["version-update:semver-minor","version-update:semver-patch"] 
 
 - package-ecosystem: docker
   directory: "/"
   schedule:
-    interval: daily
-  open-pull-requests-limit: 10    
-  reviewers:
-   - "w3f/infrastructure" 
+    interval: weekly
+  open-pull-requests-limit: 10     
   ignore:
   - dependency-name: "*"
-    update-types: ["version-update:semver-major"]
+    update-types: ["version-update:semver-minor","version-update:semver-patch"] 

.github/workflows/dependency-review.yml

@@ -0,0 +1,20 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v3
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v2

.github/workflows/yarn_upgrade.yml

@@ -0,0 +1,11 @@
+name: 'Yarn Upgrade'
+on:
+  schedule:
+    - cron:  '0 10 * * 1'
+  workflow_dispatch:
+
+jobs:
+  yarn-upgrade:
+    uses: w3f/base-services-charts/.github/workflows/yarn_upgrade.yml@master
+    secrets:
+      PR_PAT: ${{ secrets.BOT_PAT }}

Dockerfile

@@ -1,4 +1,4 @@
-FROM node:14.18.1-alpine3.11
+FROM node:14-alpine
 
 WORKDIR /app
 

package.json

@@ -30,25 +30,25 @@
     "ws": "^6.1.2"
   },
   "devDependencies": {
-    "@types/chai": "4.3.1",
-    "@types/express": "4.17.13",
-    "@types/fs-extra": "8.1.2",
-    "@types/lodash": "4.14.182",
-    "@types/mocha": "9.1.1",
-    "@types/node": "14.18.24",
-    "@types/tmp": "0.2.3",
-    "@typescript-eslint/eslint-plugin": "2.34.0",
-    "@typescript-eslint/parser": "2.34.0",
+    "@types/chai": "^4.3.1",
+    "@types/express": "^4.17.13",
+    "@types/fs-extra": "^8.1.2",
+    "@types/lodash": "^4.14.182",
+    "@types/mocha": "^9.1.1",
+    "@types/node": "^14.18.24",
+    "@types/tmp": "^0.2.3",
+    "@typescript-eslint/eslint-plugin": "^2.34.0",
+    "@typescript-eslint/parser": "^2.34.0",
     "@w3f/test-utils": "^1.2.30",
-    "chai": "4.3.6",
-    "eslint": "7.32.0",
-    "fs-extra": "9.1.0",
-    "lodash": "4.17.21",
-    "mocha": "9.2.2",
-    "nock": "12.0.3",
-    "sinon": "8.1.1",
-    "tmp": "0.2.1",
-    "ts-node": "10.9.1",
+    "chai": "^4.3.6",
+    "eslint": "^7.32.0",
+    "fs-extra": "^9.1.0",
+    "lodash": "^4.17.21",
+    "mocha": "^9.2.2",
+    "nock": "^12.0.3",
+    "sinon": "^8.1.1",
+    "tmp": "^0.2.1",
+    "ts-node": "^10.9.1",
     "typescript": "4.7.4"
   }
 }