UI: Stabilize frontend builds

[begelundmuller]

Recommendations from infra for improving the stability of frontend builds:

• Netlify should build web-admin from root using npm run build -w web-admin (should already be the case)
• All dependencies not needed in production (i.e. none since it's a SPA build) should be devDependencies
• Delete package-lock.json and run npm i from scratch
• The root package.json should not contain any dependencies
• All dependencies used by a workspace should be in its package.json (don't rely on transitive imports)
• Upgrade from Node 16 to LTS – add a method for enforcing a Node and NPM version when building package-lock.json
• Upgrade all package dependencies to latest bugfix release (not necessarily feature releases)
• Assign an NPM dependency responsible person – ensure proper code reviews for package-lock.json changes
• Fix frontend build warnings
• Add CI/CD notifications from Netlify for changes that impact web-admin
• Serve static assets in web-admin and web-local on /assets (or similar), not on root
• Setup build config (Vite?) to address _redirects temporary hack in web-admin/package.json
• Address Dependabot alerts for NPM

[skokenes]

All dependencies used by a workspace should be in its package.json (don't rely on transitive imports)
Is there any way we can automatically audit for this one? It caused a bug today when package-lock.json was regenerated from scratch in a PR. We had a workspace using a transitive import, and it ended up picking up a new version of a library that broke some behavior

[begelundmuller]

@skokenes I don't have any experience here, but a quick search turned up these tools:

• https://github.com/depcheck/depcheck
• https://github.com/dylang/npm-check

Not sure if they work for transitive imports in NPM workspaces, but if they do (or you find another tool), I think we should add a Github Action for it.

[begelundmuller]

Closing since the builds have been stable for a long time now