chore(deps): march updates

[basmasking]

Fixes #471

Changes proposed in this pull request:

• removed sonar lint dependency
• updated deps, left dev-deps untouched

@MaskingTechnology/comify

[coderabbitai]

Summary by CodeRabbit

Release Notes

• Chores

  • Bumped project version to 0.1.2
  • Updated multiple dependencies including React Router, dayjs, jitar, and backend service packages
  • Removed SonarJS linting integration from development tooling
  • Updated deployment automation for dynamic version management

• Refactor

  • Cleaned up unnecessary development comments in component code

Walkthrough

The PR updates project dependencies to fix a critical issue, bumping the version from 0.1.0 to 0.1.2 and upgrading Theshelf packages and other dependencies. It removes ESLint SonarJS plugin integration and updates Docker build/push scripts to use dynamic versioning from package.json instead of hardcoded tags.

Changes

Cohort / File(s)	Summary
Docker Build and Push Scripts docker/build.sh, docker/push.sh	Replaced hardcoded Docker image tag 0.1.0 with dynamic versioning via jq extraction from package.json, using $VERSION variable in image tagging commands.
Configuration and Dependencies eslint.config.js, package.json	Removed ESLint SonarJS plugin from configuration and devDependencies; bumped project version to 0.1.2 and upgraded multiple dependencies including Theshelf packages (0.4.1 → 0.4.3), dayjs, react-router-dom, and jitar.
Source Code Cleanup src/apps/social/app/relation/components/elements/FollowRow.tsx	Removed ESLint suppression comment; no change to component logic or rendering behavior.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• chore(deps): november updates #445: Both PRs modify the same configuration files (package.json and eslint.config.js) to update dependencies and ESLint settings.
• chore(deps): june updates (part 2) #419: Both PRs modify ESLint configuration and remove ESLint-related devDependencies (specifically sonarjs plugin).
• chore(deps): july updates #425: Both PRs modify package.json to update dependency versions and remove eslint-plugin-sonarjs.

Suggested reviewers

• petermasking

Poem

🐰 The version hops from point-one-oh,
Dynamic tags now steal the show,
SonarJS bids farewell with grace,
Dependencies updated at a rapid pace! 🎉

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'chore(deps): march updates' is vague and generic, using non-descriptive terms that don't convey specific information about the changeset.	Replace with a more specific title that mentions the main change, such as 'chore(deps): update dependencies and remove sonarjs plugin' or 'chore: update dependencies to resolve critical issue #471'.
Out of Scope Changes check	❓ Inconclusive	Changes to docker build scripts (dynamic versioning) and ESLint configuration appear tangential to the core objective of resolving a critical dependency issue, though they may be supportive improvements.	Clarify whether docker script updates and ESLint plugin removal are necessary to resolve the critical dependency issue, or if they should be in a separate PR.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description follows the template structure with issue reference, changes proposed, and team mention, though changes are somewhat brief.
Linked Issues check	✅ Passed	The PR successfully addresses issue #471 by updating dependencies (including critical Theshelf packages) and removing the sonarjs plugin, which aligns with the objective to resolve the critical dependency issue.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

CodeRabbit can use TruffleHog to scan for secrets in your code with verification capabilities.

Add a TruffleHog config file (e.g. trufflehog-config.yml, trufflehog.yml) to your project to customize detectors and scanning behavior. The tool runs only when a config file is present.

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docker/build.sh`:
- Around line 1-3: Add a shebang line to the top of the script to specify the
shell interpreter (use the same shebang as docker/push.sh, e.g., /usr/bin/env
bash) so the VERSION=$(jq -r '.version' package.json) assignment and docker
build -t "localhost:5000/comify:$VERSION" -f docker/Dockerfile . invocation run
under the intended shell; after adding the shebang ensure the script file is
executable in the repo so CI/automation can run it consistently.

In `@docker/push.sh`:
- Around line 1-3: Add a shebang as the first line of the script to specify the
shell interpreter (e.g., #!/usr/bin/env bash) so the script runs with a
consistent shell; ensure it appears before the existing VERSION=$(jq -r
'.version' package.json) assignment and the docker push command to satisfy
shellcheck SC2148 and improve portability while keeping the dynamic VERSION
usage intact.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 445739ba-a3ee-4766-ad2e-edb4bbf60254

📥 Commits

Reviewing files that changed from the base of the PR and between 91554c4 and be69263.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (5)

• docker/build.sh
• docker/push.sh
• eslint.config.js
• package.json
• src/apps/social/app/relation/components/elements/FollowRow.tsx

💤 Files with no reviewable changes (1)

• src/apps/social/app/relation/components/elements/FollowRow.tsx

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add a shebang to specify the shell interpreter.

Same issue as docker/push.sh - the script lacks a shebang line (SC2148).

Proposed fix

+#!/bin/bash
+
 VERSION=$(jq -r '.version' package.json)
 
 docker build -t "localhost:5000/comify:$VERSION" -f docker/Dockerfile .

Consistent versioning pattern with push.sh.

The dynamic versioning approach mirrors docker/push.sh, ensuring build and push operations use the same version source.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	VERSION=$(jq -r '.version' package.json)
	docker build -t "localhost:5000/comify:$VERSION" -f docker/Dockerfile .
	#!/bin/bash
	VERSION=$(jq -r '.version' package.json)
	docker build -t "localhost:5000/comify:$VERSION" -f docker/Dockerfile .

🧰 Tools

🪛 Shellcheck (0.11.0)

[error] 1-1: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.

(SC2148)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docker/build.sh` around lines 1 - 3, Add a shebang line to the top of the
script to specify the shell interpreter (use the same shebang as docker/push.sh,
e.g., /usr/bin/env bash) so the VERSION=$(jq -r '.version' package.json)
assignment and docker build -t "localhost:5000/comify:$VERSION" -f
docker/Dockerfile . invocation run under the intended shell; after adding the
shebang ensure the script file is executable in the repo so CI/automation can
run it consistently.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add a shebang to specify the shell interpreter.

The script lacks a shebang line. This is flagged by shellcheck (SC2148) and is important for portability and explicit shell specification.

Proposed fix

+#!/bin/bash
+
 VERSION=$(jq -r '.version' package.json)
 
 docker push "localhost:5000/comify:$VERSION"

Dynamic versioning approach is solid.

Reading the version from package.json eliminates manual tag management and ensures consistency between the application version and Docker image tags.

🧰 Tools

🪛 Shellcheck (0.11.0)

[error] 1-1: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.

(SC2148)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docker/push.sh` around lines 1 - 3, Add a shebang as the first line of the
script to specify the shell interpreter (e.g., #!/usr/bin/env bash) so the
script runs with a consistent shell; ensure it appears before the existing
VERSION=$(jq -r '.version' package.json) assignment and the docker push command
to satisfy shellcheck SC2148 and improve portability while keeping the dynamic
VERSION usage intact.