Keeping template dependencies safe

[dkundel]

I think we should invest in some automation that keeps the dependencies safe.

Right now we can use Dependabot to keep top level dependencies up-to-date but not the nested ones for the templates themselves. My suggestion is the following:

1. Add every dependency that exists in any template as a devDependency for the root package.json
2. Create the same automation that we use in github.com/twilio-labs/sample-template-nodejs that will run tests on PRs and if they pass and the PR came from Dependabot it will automatically be merged
3. Create a script that can read the root package.json and update all the nested package.json accordingly
4. Create a GitHub action that is triggered on push to master that will run the script from (3) and commit any needed changes

Possible concerns/issues:

• What happens when Dependabot does package-lock.json updates? Should we be concerned or only rely on semver. Most of those are nested deps anyways meaning we don't have control over them

[dkundel]

@philnash would love your opinion