We need a solution to keep us on top of required npm package updates.
Acceptance Criteria:
[] people on the Wikibase campsite should know about package that no longer pass `npm audit` ina reasonable timespan (e.g. a day)
Suggested solution:
* run `npm audit` as a daily job on the Wikibase repository
** If tainted-references is an npm dependency of Wikibase (specified in package.json) then `npm audit` on Wikibase will also warn about packages in tainted-references
* run the daily job from jenkins
** this means we don't fragment our ci code further
** hopefully it follows a similar pattern to existing jobs
*** The daily selenium WikibaseLexeme job is run daily
*** there is an existing npm audit job
* email wikidata-ci-status@wikimedia.de on the first failure and fixing of this job
** This will stop us from spamming these emails and eventually becoming acclimatised to them
** This email should be checked by campers since it is where our existing failing CI reports go
** It follows a known pattern (rather than something potentially nicer like automatically making phabricator tickets that we don't know about yet)
Steps:
[] add tainted-references as a development dependency of Wikibase ()
[] create job on jenkins that runs `npm audit` daily on Wikibase and emails people at (wikidata-ci-status@wikimedia.de)