How/why/when to update package-lock.json? #983
Description
There are two files with this name in the delphi-epidata repo, one in the root and one in src/client/packaging/npm/. package-lock.json files are generated from package.json files that reside in the same directory, by running various npm commands. It is not fully clear when or why these should be regenerated, or what all of the ramifications are when they are or are not regenerated.
The version number for the most recent release was bumped from 0.3.21 to 0.4.0 in src/client/packaging/npm/package.json, but the associated src/client/packaging/npm/package-lock.json still has version 0.3.14. The prior release has been living with this, so i presume its not a showstopper. Is this supposed to be taken care of by dependabot?
We also had recent changes to the one in the repo root dir. see: #980 (comment)
The purpose of this file is even less clear to me, as it is not seemingly tied to our releases.