tdonohue
diff --git a/‎.dockerignore‎
Lines changed: 3 additions & 1 deletion b/‎.dockerignore‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎.github/dependabot.yml‎
Lines changed: 298 additions & 0 deletions b/‎.github/dependabot.yml‎
Lines changed: 298 additions & 0 deletions
diff --git a/‎.github/pull_request_template.md‎
Lines changed: 2 additions & 2 deletions b/‎.github/pull_request_template.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/build.yml‎
Lines changed: 20 additions & 20 deletions b/‎.github/workflows/build.yml‎
Lines changed: 20 additions & 20 deletions
@@ -25,4 +25,6 @@ npm-debug.log.*
 
 # Webpack files
 webpack.records.json
-package-lock.json
+
+# Yarn no longer used
+yarn.lock
@@ -0,0 +1,298 @@
+#-------------------
+# DSpace's dependabot rules. Enables npm updates for all dependencies on a weekly basis
+# for main and any maintenance branches. Security updates only apply to main.
+#-------------------
+version: 2
+updates:
+  ###############
+  ## Main branch
+  ###############
+  # NOTE: At this time, "security-updates" rules only apply if "target-branch" is unspecified
+  # So, only this first section can include "applies-to: security-updates"
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    # Allow up to 10 open PRs for dependencies
+    open-pull-requests-limit: 10
+    # Group together Angular package upgrades
+    groups:
+      # Group together all minor/patch version updates for Angular in a single PR
+      angular:
+        applies-to: version-updates
+        patterns:
+        - "@angular*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together all security updates for Angular. Only accept minor/patch types.
+      angular-security:
+        applies-to: security-updates
+        patterns:
+        - "@angular*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together all minor/patch version updates for NgRx in a single PR
+      ngrx:
+        applies-to: version-updates
+        patterns:
+        - "@ngrx*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together all security updates for NgRx. Only accept minor/patch types.
+      ngrx-security:
+        applies-to: security-updates
+        patterns:
+        - "@ngrx*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together all patch version updates for eslint in a single PR
+      eslint:
+        applies-to: version-updates
+        patterns:
+        - "@typescript-eslint*"
+        - "eslint*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together all security updates for eslint.
+      eslint-security:
+        applies-to: security-updates
+        patterns:
+        - "@typescript-eslint*"
+        - "eslint*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together any testing related version updates
+      testing:
+        applies-to: version-updates
+        patterns:
+        - "@cypress*"
+        - "axe-*"
+        - "cypress*"
+        - "jasmine*"
+        - "karma*"
+        - "ng-mocks"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together any testing related security updates
+      testing-security:
+        applies-to: security-updates
+        patterns:
+        - "@cypress*"
+        - "axe-*"
+        - "cypress*"
+        - "jasmine*"
+        - "karma*"
+        - "ng-mocks"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together any postcss related version updates
+      postcss:
+        applies-to: version-updates
+        patterns:
+        - "postcss*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together any postcss related security updates
+      postcss-security:
+        applies-to: security-updates
+        patterns:
+        - "postcss*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together any sass related version updates
+      sass:
+        applies-to: version-updates
+        patterns:
+        - "sass*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together any sass related security updates
+      sass-security:
+        applies-to: security-updates
+        patterns:
+        - "sass*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together any webpack related version updates
+      webpack:
+        applies-to: version-updates
+        patterns:
+        - "webpack*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together any webpack related seurity updates
+      webpack-security:
+        applies-to: security-updates
+        patterns:
+        - "webpack*"
+        update-types:
+        - "minor"
+        - "patch"
+    ignore:
+      # Ignore all major version updates for all dependencies. We'll only automate minor/patch updates.
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
+  #####################
+  ## dspace-8_x branch
+  #####################
+  - package-ecosystem: "npm"
+    directory: "/"
+    target-branch: dspace-8_x
+    schedule:
+      interval: "weekly"
+    # Allow up to 10 open PRs for dependencies
+    open-pull-requests-limit: 10
+    # Group together Angular package upgrades
+    groups:
+      # Group together all patch version updates for Angular in a single PR
+      angular:
+        applies-to: version-updates
+        patterns:
+        - "@angular*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together all minor/patch version updates for NgRx in a single PR
+      ngrx:
+        applies-to: version-updates
+        patterns:
+        - "@ngrx*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together all patch version updates for eslint in a single PR
+      eslint:
+        applies-to: version-updates
+        patterns:
+        - "@typescript-eslint*"
+        - "eslint*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together any testing related version updates
+      testing:
+        applies-to: version-updates
+        patterns:
+        - "@cypress*"
+        - "axe-*"
+        - "cypress*"
+        - "jasmine*"
+        - "karma*"
+        - "ng-mocks"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together any postcss related version updates
+      postcss:
+        applies-to: version-updates
+        patterns:
+        - "postcss*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together any sass related version updates
+      sass:
+        applies-to: version-updates
+        patterns:
+        - "sass*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together any webpack related version updates
+      webpack:
+        applies-to: version-updates
+        patterns:
+        - "webpack*"
+        update-types:
+        - "minor"
+        - "patch"
+    ignore:
+      # Ignore all major version updates for all dependencies. We'll only automate minor/patch updates.
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
+  #####################
+  ## dspace-7_x branch
+  #####################
+  - package-ecosystem: "npm"
+    directory: "/"
+    target-branch: dspace-7_x
+    schedule:
+      interval: "weekly"
+    # Allow up to 10 open PRs for dependencies
+    open-pull-requests-limit: 10
+    # Group together Angular package upgrades
+    groups:
+      # Group together all minor/patch version updates for Angular in a single PR
+      angular:
+        applies-to: version-updates
+        patterns:
+        - "@angular*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together all minor/patch version updates for NgRx in a single PR
+      ngrx:
+        applies-to: version-updates
+        patterns:
+        - "@ngrx*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together all patch version updates for eslint in a single PR
+      eslint:
+        applies-to: version-updates
+        patterns:
+        - "@typescript-eslint*"
+        - "eslint*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together any testing related version updates
+      testing:
+        applies-to: version-updates
+        patterns:
+        - "@cypress*"
+        - "axe-*"
+        - "cypress*"
+        - "jasmine*"
+        - "karma*"
+        - "ng-mocks"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together any postcss related version updates
+      postcss:
+        applies-to: version-updates
+        patterns:
+        - "postcss*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together any sass related version updates
+      sass:
+        applies-to: version-updates
+        patterns:
+        - "sass*"
+        update-types:
+        - "minor"
+        - "patch"
+    ignore:
+      # 7.x Cannot update Webpack past v5.76.1 as later versions not supported by Angular 15
+      # See also https://github.com/DSpace/dspace-angular/pull/3283#issuecomment-2372488489
+      - dependency-name: "webpack"
+      # Ignore all major version updates for all dependencies. We'll only automate minor/patch updates.
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
@@ -21,8 +21,8 @@ However, reviewers may request that you complete any actions in this list if you
 
 - [ ] My PR is **created against the `main` branch** of code (unless it is a backport or is fixing an issue specific to an older branch).
 - [ ] My PR is **small in size** (e.g. less than 1,000 lines of code, not including comments & specs/tests), or I have provided reasons as to why that's not possible.
-- [ ] My PR **passes [ESLint](https://eslint.org/)** validation using `yarn lint`
-- [ ] My PR **doesn't introduce circular dependencies** (verified via `yarn check-circ-deps`)
+- [ ] My PR **passes [ESLint](https://eslint.org/)** validation using `npm run lint`
+- [ ] My PR **doesn't introduce circular dependencies** (verified via `npm run check-circ-deps`)
 - [ ] My PR **includes [TypeDoc](https://typedoc.org/) comments** for _all new (or modified) public methods and classes_. It also includes TypeDoc for large or complex private methods.
 - [ ] My PR **passes all specs/tests and includes new/updated specs or tests** based on the [Code Testing Guide](https://wiki.lyrasis.org/display/DSPACE/Code+Testing+Guide).
 - [ ] My PR **aligns with [Accessibility guidelines](https://wiki.lyrasis.org/display/DSDOC8x/Accessibility)** if it makes changes to the user interface.
 
@@ -69,39 +69,39 @@ jobs:
           fi
           google-chrome --version
 
-      # https://github.com/actions/cache/blob/main/examples.md#node---yarn
-      - name: Get Yarn cache directory
-        id: yarn-cache-dir-path
-        run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT
-      - name: Cache Yarn dependencies
+      # https://github.com/actions/cache/blob/main/examples.md#node---npm
+      - name: Get NPM cache directory
+        id: npm-cache-dir
+        run: echo "dir=$(npm config get cache)" >> $GITHUB_OUTPUT
+      - name: Cache NPM dependencies
         uses: actions/cache@v4
         with:
-          # Cache entire Yarn cache directory (see previous step)
-          path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
-          # Cache key is hash of yarn.lock. Therefore changes to yarn.lock will invalidate cache
-          key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: ${{ runner.os }}-yarn-
+          # Cache entire NPM cache directory (see previous step)
+          path: ${{ steps.npm-cache-dir.outputs.dir }}
+          # Cache key is hash of package-lock.json. Therefore changes to package-lock.json will invalidate cache
+          key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: ${{ runner.os }}-npm-
 
-      - name: Install Yarn dependencies
-        run: yarn install --frozen-lockfile
+      - name: Install NPM dependencies
+        run: npm clean-install
 
       - name: Build lint plugins
-        run: yarn run build:lint
+        run: npm run build:lint
 
       - name: Run lint plugin tests
-        run: yarn run test:lint:nobuild
+        run: npm run test:lint:nobuild
 
       - name: Run lint
-        run: yarn run lint:nobuild --quiet
+        run: npm run lint:nobuild -- --quiet
 
       - name: Check for circular dependencies
-        run: yarn run check-circ-deps
+        run: npm run check-circ-deps
 
       - name: Run build
-        run: yarn run build:prod
+        run: npm run build:prod
 
       - name: Run specs (unit tests)
-        run: yarn run test:headless
+        run: npm run test:headless
 
       # Upload code coverage report to artifact (for one version of Node only),
       # so that it can be shared with the 'codecov' job (see below)
@@ -131,7 +131,7 @@ jobs:
           # Run tests in Chrome, headless mode (default)
           browser: chrome
           # Start app before running tests (will be stopped automatically after tests finish)
-          start: yarn run serve:ssr
+          start: npm run serve:ssr
           # Wait for backend & frontend to be available
           # NOTE: We use the 'sites' REST endpoint to also ensure the database is ready
           wait-on: http://127.0.0.1:8080/server/api/core/sites, http://127.0.0.1:4000
@@ -167,7 +167,7 @@ jobs:
       # Start up the app with SSR enabled (run in background)
       - name: Start app in SSR (server-side rendering) mode
         run: |
-          nohup yarn run serve:ssr &
+          nohup npm run serve:ssr &
           printf 'Waiting for app to start'
           until curl --output /dev/null --silent --head --fail http://127.0.0.1:4000/home; do
             printf '.'