4Science
diff --git a/‎.eslintrc.json‎
Lines changed: 16 additions & 10 deletions b/‎.eslintrc.json‎
Lines changed: 16 additions & 10 deletions
diff --git a/‎.github/dependabot.yml‎
Lines changed: 50 additions & 94 deletions b/‎.github/dependabot.yml‎
Lines changed: 50 additions & 94 deletions
diff --git a/‎.github/pull_request_template.md‎
Lines changed: 1 addition & 1 deletion b/‎.github/pull_request_template.md‎
Lines changed: 1 addition & 1 deletion
@@ -5,13 +5,13 @@
     "@angular-eslint/eslint-plugin",
     "eslint-plugin-import",
     "eslint-plugin-jsdoc",
-    "eslint-plugin-deprecation",
     "unused-imports",
     "eslint-plugin-lodash",
     "eslint-plugin-jsonc",
-    "eslint-plugin-rxjs",
+    "@smarttools/rxjs",
     "eslint-plugin-simple-import-sort",
     "eslint-plugin-import-newlines",
+    "@stylistic",
     "dspace-angular-ts",
     "dspace-angular-html"
   ],
@@ -37,7 +37,7 @@
         "plugin:@typescript-eslint/recommended-requiring-type-checking",
         "plugin:@angular-eslint/recommended",
         "plugin:@angular-eslint/template/process-inline-templates",
-        "plugin:rxjs/recommended"
+        "plugin:@smarttools/rxjs/recommended-legacy"
       ],
       "rules": {
         "indent": [
@@ -175,15 +175,16 @@
             "ignoreParameters": true
           }
         ],
-        "@typescript-eslint/quotes": [
+        "@angular-eslint/prefer-inject": "off",
+        "@stylistic/quotes": [
           "error",
           "single",
           {
             "avoidEscape": true,
             "allowTemplateLiterals": true
           }
         ],
-        "@typescript-eslint/semi": "error",
+        "@stylistic/semi": "error",
         "@typescript-eslint/no-shadow": "error",
         "@typescript-eslint/dot-notation": "error",
         "@typescript-eslint/consistent-type-definitions": "error",
@@ -206,9 +207,9 @@
             ]
           }
         ],
-        "@typescript-eslint/type-annotation-spacing": "error",
+        "@stylistic/type-annotation-spacing": "error",
         "@typescript-eslint/unified-signatures": "error",
-        "@typescript-eslint/ban-types": "error",
+        "@typescript-eslint/no-restricted-types": "error",
         "@typescript-eslint/no-floating-promises": "warn",
         "@typescript-eslint/no-misused-promises": "warn",
         "@typescript-eslint/restrict-plus-operands": "warn",
@@ -223,6 +224,7 @@
         "@typescript-eslint/no-unsafe-call": "off",
         "@typescript-eslint/no-unsafe-argument": "off",
         "@typescript-eslint/no-unsafe-return": "off",
+        "@typescript-eslint/no-redundant-type-constituents": "off",
         "@typescript-eslint/restrict-template-expressions": "off",
         "@typescript-eslint/require-await": "off",
         "@typescript-eslint/no-base-to-string": [
@@ -235,7 +237,7 @@
           }
         ],
 
-        "deprecation/deprecation": "warn",
+        "@typescript-eslint/no-deprecated": "warn",
 
         "simple-import-sort/imports": "error",
         "simple-import-sort/exports": "error",
@@ -253,14 +255,18 @@
             "forceSingleLine": true
           }
         ],
+        "import/enforce-node-protocol-usage": [
+          "error",
+          "always"
+        ],
 
         "unused-imports/no-unused-imports": "error",
         "lodash/import-scope": [
           "error",
           "method"
         ],
 
-        "rxjs/no-nested-subscribe": "off",     // todo: go over _all_ cases
+        "@smarttools/rxjs/no-nested-subscribe": "off",     // todo: go over _all_ cases
 
         // Custom DSpace Angular rules
         "dspace-angular-ts/alias-imports": [
@@ -275,7 +281,7 @@
             ]
           }
         ],
-        "dspace-angular-ts/themed-component-classes": "error",
+        "dspace-angular-ts/no-default-standalone-value": "error",
         "dspace-angular-ts/themed-component-selectors": "error",
         "dspace-angular-ts/themed-component-usages": "error",
         "dspace-angular-ts/themed-decorators": [
 
@@ -11,9 +11,14 @@ updates:
   # So, only this first section can include "applies-to: security-updates"
   - package-ecosystem: "npm"
     directory: "/"
+    # Monthly dependency updates (NOTE: "schedule" doesn't apply to security updates)
     schedule:
-      interval: "weekly"
+      interval: "monthly"
       time: "05:00"
+    # Allow updates to be delayed for a configurable number of days to mitigate
+    # some classes of supply chain attacks
+    cooldown:
+      default-days: 7
     # Allow up to 10 open PRs for dependencies
     open-pull-requests-limit: 10
     # Group together Angular package upgrades
@@ -23,14 +28,7 @@ updates:
         applies-to: version-updates
         patterns:
         - "@angular*"
-        update-types:
-        - "minor"
-        - "patch"
-      # Group together all security updates for Angular. Only accept minor/patch types.
-      angular-security:
-        applies-to: security-updates
-        patterns:
-        - "@angular*"
+        - "@ngtools/webpack"
         update-types:
         - "minor"
         - "patch"
@@ -42,14 +40,6 @@ updates:
         update-types:
         - "minor"
         - "patch"
-      # Group together all security updates for NgRx. Only accept minor/patch types.
-      ngrx-security:
-        applies-to: security-updates
-        patterns:
-        - "@ngrx*"
-        update-types:
-        - "minor"
-        - "patch"
       # Group together all patch version updates for eslint in a single PR
       eslint:
         applies-to: version-updates
@@ -59,15 +49,6 @@ updates:
         update-types:
         - "minor"
         - "patch"
-      # Group together all security updates for eslint.
-      eslint-security:
-        applies-to: security-updates
-        patterns:
-        - "@typescript-eslint*"
-        - "eslint*"
-        update-types:
-        - "minor"
-        - "patch"
       # Group together any testing related version updates
       testing:
         applies-to: version-updates
@@ -81,19 +62,6 @@ updates:
         update-types:
         - "minor"
         - "patch"
-      # Group together any testing related security updates
-      testing-security:
-        applies-to: security-updates
-        patterns:
-        - "@cypress*"
-        - "axe-*"
-        - "cypress*"
-        - "jasmine*"
-        - "karma*"
-        - "ng-mocks"
-        update-types:
-        - "minor"
-        - "patch"
       # Group together any postcss related version updates
       postcss:
         applies-to: version-updates
@@ -102,14 +70,6 @@ updates:
         update-types:
         - "minor"
         - "patch"
-      # Group together any postcss related security updates
-      postcss-security:
-        applies-to: security-updates
-        patterns:
-        - "postcss*"
-        update-types:
-        - "minor"
-        - "patch"
       # Group together any sass related version updates
       sass:
         applies-to: version-updates
@@ -118,14 +78,6 @@ updates:
         update-types:
         - "minor"
         - "patch"
-      # Group together any sass related security updates
-      sass-security:
-        applies-to: security-updates
-        patterns:
-        - "sass*"
-        update-types:
-        - "minor"
-        - "patch"
       # Group together any webpack related version updates
       webpack:
         applies-to: version-updates
@@ -134,22 +86,13 @@ updates:
         update-types:
         - "minor"
         - "patch"
-      # Group together any webpack related seurity updates
-      webpack-security:
-        applies-to: security-updates
-        patterns:
-        - "webpack*"
-        update-types:
-        - "minor"
-        - "patch"
-      # Restrict zone.js updates to patch level to avoid dependency conflicts with @angular/core
-      zonejs:
-        applies-to: version-updates
-        patterns:
-        - "zone.js"
-        update-types:
-        - "patch"
     ignore:
+      # Restrict zone.js updates to patch level to avoid dependency conflicts with @angular/core
+      - dependency-name: "zone.js"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      # Restrict typescript updates to patch level because that's what our package.json says
+      - dependency-name: "typescript"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
       # Ignore all major version updates for all dependencies. We'll only automate minor/patch updates.
       - dependency-name: "*"
         update-types: ["version-update:semver-major"]
@@ -160,8 +103,12 @@ updates:
     directory: "/"
     target-branch: dspace-9_x
     schedule:
-      interval: "weekly"
+      interval: "monthly"
       time: "05:00"
+    # Allow updates to be delayed for a configurable number of days to mitigate
+    # some classes of supply chain attacks
+    cooldown:
+      default-days: 7
     # Allow up to 10 open PRs for dependencies
     open-pull-requests-limit: 10
     # Group together Angular package upgrades
@@ -171,6 +118,7 @@ updates:
         applies-to: version-updates
         patterns:
         - "@angular*"
+        - "@ngtools/webpack"
         update-types:
         - "minor"
         - "patch"
@@ -179,6 +127,7 @@ updates:
         applies-to: version-updates
         patterns:
         - "@ngrx*"
+        - "@ngtools/webpack"
         update-types:
         - "minor"
         - "patch"
@@ -228,14 +177,13 @@ updates:
         update-types:
         - "minor"
         - "patch"
-      # Restrict zone.js updates to patch level to avoid dependency conflicts with @angular/core
-      zonejs:
-        applies-to: version-updates
-        patterns:
-        - "zone.js"
-        update-types:
-        - "patch"
     ignore:
+      # Restrict zone.js updates to patch level to avoid dependency conflicts with @angular/core
+      - dependency-name: "zone.js"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      # Restrict typescript updates to patch level because that's what our package.json says
+      - dependency-name: "typescript"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
       # Ignore all major version updates for all dependencies. We'll only automate minor/patch updates.
       - dependency-name: "*"
         update-types: ["version-update:semver-major"]
@@ -246,8 +194,12 @@ updates:
     directory: "/"
     target-branch: dspace-8_x
     schedule:
-      interval: "weekly"
+      interval: "monthly"
       time: "05:00"
+    # Allow updates to be delayed for a configurable number of days to mitigate
+    # some classes of supply chain attacks
+    cooldown:
+      default-days: 7
     # Allow up to 10 open PRs for dependencies
     open-pull-requests-limit: 10
     # Group together Angular package upgrades
@@ -257,6 +209,7 @@ updates:
         applies-to: version-updates
         patterns:
         - "@angular*"
+        - "@ngtools/webpack"
         update-types:
         - "minor"
         - "patch"
@@ -314,14 +267,13 @@ updates:
         update-types:
         - "minor"
         - "patch"
-      # Restrict zone.js updates to patch level to avoid dependency conflicts with @angular/core
-      zonejs:
-        applies-to: version-updates
-        patterns:
-        - "zone.js"
-        update-types:
-        - "patch"
     ignore:
+      # Restrict zone.js updates to patch level to avoid dependency conflicts with @angular/core
+      - dependency-name: "zone.js"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      # Restrict typescript updates to patch level because that's what our package.json says
+      - dependency-name: "typescript"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
       # Ignore all major version updates for all dependencies. We'll only automate minor/patch updates.
       - dependency-name: "*"
         update-types: ["version-update:semver-major"]
@@ -332,8 +284,12 @@ updates:
     directory: "/"
     target-branch: dspace-7_x
     schedule:
-      interval: "weekly"
+      interval: "monthly"
       time: "05:00"
+    # Allow updates to be delayed for a configurable number of days to mitigate
+    # some classes of supply chain attacks
+    cooldown:
+      default-days: 7
     # Allow up to 10 open PRs for dependencies
     open-pull-requests-limit: 10
     # Group together Angular package upgrades
@@ -343,6 +299,7 @@ updates:
         applies-to: version-updates
         patterns:
         - "@angular*"
+        - "@ngtools/webpack"
         update-types:
         - "minor"
         - "patch"
@@ -392,17 +349,16 @@ updates:
         update-types:
         - "minor"
         - "patch"
-      # Restrict zone.js updates to patch level to avoid dependency conflicts with @angular/core
-      zonejs:
-        applies-to: version-updates
-        patterns:
-        - "zone.js"
-        update-types:
-        - "patch"
     ignore:
       # 7.x Cannot update Webpack past v5.76.1 as later versions not supported by Angular 15
       # See also https://github.com/DSpace/dspace-angular/pull/3283#issuecomment-2372488489
       - dependency-name: "webpack"
+      # Restrict zone.js updates to patch level to avoid dependency conflicts with @angular/core
+      - dependency-name: "zone.js"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      # Restrict typescript updates to patch level because that's what our package.json says
+      - dependency-name: "typescript"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
       # Ignore all major version updates for all dependencies. We'll only automate minor/patch updates.
       - dependency-name: "*"
         update-types: ["version-update:semver-major"]
@@ -25,7 +25,7 @@ However, reviewers may request that you complete any actions in this list if you
 - [ ] My PR **doesn't introduce circular dependencies** (verified via `npm run check-circ-deps`)
 - [ ] My PR **includes [TypeDoc](https://typedoc.org/) comments** for _all new (or modified) public methods and classes_. It also includes TypeDoc for large or complex private methods.
 - [ ] My PR **passes all specs/tests and includes new/updated specs or tests** based on the [Code Testing Guide](https://wiki.lyrasis.org/display/DSPACE/Code+Testing+Guide).
-- [ ] My PR **aligns with [Accessibility guidelines](https://wiki.lyrasis.org/display/DSDOC8x/Accessibility)** if it makes changes to the user interface.
+- [ ] My PR **aligns with [Accessibility guidelines](https://wiki.lyrasis.org/display/DSDOC9x/Accessibility)** if it makes changes to the user interface.
 - [ ] My PR **uses i18n (internationalization) keys** instead of hardcoded English text, to allow for translations.
 - [ ] My PR **includes details on how to test it**. I've provided clear instructions to reviewers on how to successfully test this fix or feature.
 - [ ] If my PR includes new libraries/dependencies (in `package.json`), I've made sure their licenses align with the [DSpace BSD License](https://github.com/DSpace/DSpace/blob/main/LICENSE) based on the [Licensing of Contributions](https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines#CodeContributionGuidelines-LicensingofContributions) documentation.