chore: fix dependabot and sonarcloud issues (#69)

evens-stone · web-flow · commit 966e82062ff7 · 2025-06-12T00:24:49.000-04:00
Release-As: 0.1.3
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -5,29 +5,43 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
-    open-pull-requests-limit: 5
+      day: "sunday"
+      time: "05:00"
+      timezone: "UTC"
+    open-pull-requests-limit: 1
     commit-message:
       prefix: "chore(deps)"
       include: "scope"
-    labels:
-      - "dependencies"
-    reviewers:
-      - "pierrevensy"
-    assignees:
-      - "pierrevensy"
+    labels: ["dependencies"]
+    reviewers: ["pierrevensy"]
+    assignees: ["pierrevensy"]
+    groups:
+      minor-updates:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
 
   # Check for updates to GitHub Actions
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "weekly"
-    open-pull-requests-limit: 5
+      day: "sunday"
+      time: "06:00"
+      timezone: "UTC"
+    open-pull-requests-limit: 1
     commit-message:
       prefix: "chore(actions)"
       include: "scope"
-    labels:
-      - "github-actions"
-    reviewers:
-      - "pierrevensy"
-    assignees:
-      - "pierrevensy"
+    labels: ["github-actions"]
+    reviewers: ["pierrevensy"]
+    assignees: ["pierrevensy"]
+    groups:
+      minor-updates:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -30,6 +30,7 @@ jobs:
       - name: Build library
         run: npm run build
       - name: SonarQube Scan
+        if: github.actor != 'dependabot[bot]'
         uses: SonarSource/sonarqube-scan-action@v5
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/README.md b/README.md
@@ -39,8 +39,8 @@ All components are designed to be used within the **Continuum Architecture** of
 npm install @stone-js/http-core
 ```
 
-> [!IMPORTANT]
-> Requires Node.js v18+ and native ESM support.
+> \[!IMPORTANT]
+> This package is **pure ESM**. Ensure your `package.json` includes `"type": "module"` or configure your bundler appropriately.
 
 ## Usage Example
 
diff --git a/SECURITY.md b/SECURITY.md
@@ -20,7 +20,7 @@ If you discover a security vulnerability in Stone.js or any of its official pack
 
 ### How to report
 
-- Email: **security@stonejs.com**
+- Email: **security@stonejs.dev**
 - Subject: `Security Issue: [Your short description]`
 - Include:
   - A detailed description of the vulnerability
@@ -53,7 +53,7 @@ We follow a **coordinated disclosure** policy:
 
 We deeply appreciate the responsible security researchers and users who help keep Stone.js secure.
 
-If you’d like to contribute to security audits, penetration testing, or analysis of Stone.js internals, feel free to reach out via [security@stonejs.com](mailto:security@stonejs.com).
+If you’d like to contribute to security audits, penetration testing, or analysis of Stone.js internals, feel free to reach out via [security@stonejs.dev](mailto:security@stonejs.dev).
 
 ## Thank You
 
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -47,8 +47,8 @@
     "prepare": "husky"
   },
   "peerDependencies": {
-    "@stone-js/core": "^0.1.0",
-    "@stone-js/filesystem": "^0.1.0"
+    "@stone-js/core": "^0.1.1",
+    "@stone-js/filesystem": "^0.1.1"
   },
   "dependencies": {
     "accepts": "^1.3.8",
@@ -93,19 +93,19 @@
     "@types/statuses": "^2.0.5",
     "@types/type-is": "^1.6.7",
     "@types/vary": "^1.1.3",
-    "@vitest/coverage-v8": "^3.2.0",
+    "@vitest/coverage-v8": "^3.2.3",
     "husky": "^9.1.7",
     "rimraf": "^6.0.1",
-    "rollup": "^4.41.1",
+    "rollup": "^4.43.0",
     "rollup-plugin-delete": "^3.0.1",
     "rollup-plugin-dts": "^6.2.1",
     "rollup-plugin-node-externals": "^8.0.0",
     "ts-standard": "^12.0.2",
     "tslib": "^2.8.1",
     "typedoc": "^0.28.5",
     "typedoc-plugin-markdown": "^4.6.4",
-    "typescript": "^5.8.3",
-    "vitest": "^3.2.2"
+    "typescript": "^5.6.3",
+    "vitest": "^3.2.3"
   },
   "ts-standard": {
     "globals": [
diff --git a/rollup.config.mjs b/rollup.config.mjs
@@ -6,29 +6,26 @@ import typescript from '@rollup/plugin-typescript'
 import nodeResolve from '@rollup/plugin-node-resolve'
 import nodeExternals from 'rollup-plugin-node-externals'
 
-const inputs = {
-  index: 'src/**/*.ts'
-}
-
-export default Object.entries(inputs).map(([name, input]) => ({
-	input,
-	output: [
-    { format: 'es', file: `dist/${name}.js` }
-  ],
-  plugins: [
-    multi(),
-    nodeExternals(), // Must always be before `nodeResolve()`.
-    nodeResolve({
-      extensions: ['.js', '.mjs', '.ts'],
-      exportConditions: ['node', 'import', 'require', 'default']
-    }),
-    typescript({
-      noEmitOnError: true,
-      tsconfig: './tsconfig.build.json',
-    }),
-    commonjs()
-  ]
-})).concat([
+export default [
+  {
+    input: 'src/**/*.ts',
+    output: [
+      { format: 'es', file: 'dist/index.js' }
+    ],
+    plugins: [
+      multi(),
+      nodeExternals(), // Must always be before `nodeResolve()`.
+      nodeResolve({
+        extensions: ['.js', '.mjs', '.ts'],
+        exportConditions: ['node', 'import', 'require', 'default']
+      }),
+      typescript({
+        noEmitOnError: true,
+        tsconfig: './tsconfig.build.json',
+      }),
+      commonjs()
+    ]
+  },
   {
     input: 'dist/**/*.d.ts',
     output: [{ format: 'es' , file: 'dist/index.d.ts' }],
@@ -46,4 +43,4 @@ export default Object.entries(inputs).map(([name, input]) => ({
       })
     ],
   },
-])
+]
diff --git a/sonar-project.properties b/sonar-project.properties
@@ -2,6 +2,7 @@ sonar.organization=stone-foundation
 sonar.projectKey=stone-foundation_stone-js-http-core
 sonar.coverage.exclusions=**/*.spec.ts, **/*.test.ts
 sonar.javascript.lcov.reportPaths=./coverage/lcov.info
+sonar.description=Stone.js HTTP Core offers a simple, consistent API for handling HTTP requests and responses across any JavaScript runtime.
 
 # This is the name and version displayed in the SonarCloud UI.
 #sonar.projectName=http-core
diff --git a/typedoc.json b/typedoc.json
@@ -10,7 +10,7 @@
   "excludePrivate": true, // Exclude private members from the docs
   "excludeProtected": false, // Optionally include or exclude protected members
   "excludeExternals": true, // Exclude external modules
-  "disableSources": true, // Show source links in the documentation
+  "disableSources": true, // Hide source links in the documentation
   "readme": "none", // Don't generate README.md
   "hidePageHeader": true, // Hide the page header
   "hideGroupHeadings": true, // Hide the project name link in the header
