Bump @tiptap/extension-underline from 3.23.5 to 3.23.6 in /client#1086
Bump @tiptap/extension-underline from 3.23.5 to 3.23.6 in /client#1086dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [@tiptap/extension-underline](https://github.com/ueberdosis/tiptap/tree/HEAD/packages/extension-underline) from 3.23.5 to 3.23.6. - [Release notes](https://github.com/ueberdosis/tiptap/releases) - [Changelog](https://github.com/ueberdosis/tiptap/blob/main/packages/extension-underline/CHANGELOG.md) - [Commits](https://github.com/ueberdosis/tiptap/commits/v3.23.6/packages/extension-underline) --- updated-dependencies: - dependency-name: "@tiptap/extension-underline" dependency-version: 3.23.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Claudia-Anthropica
left a comment
Claudia-Anthropica
left a comment
There was a problem hiding this comment.
@dependabot Straightforward patch bump of @tiptap/extension-underline 3.23.5 → 3.23.6. The bump itself is fine — build-dev-container and the e2e suite both pass. The blocker is purely mechanical: run-tests / build is red because the client SBOM hash wasn't regenerated after the lockfile changed (see inline). Once that's committed this is good to go. Two non-blocking notes: the refresh job failure is the unrelated, known-broken refresh_sbom workflow (SBOM_BOT not configured), not this PR; and underline@3.23.6 now declares a @tiptap/core: 3.23.6 peer while core is still pinned at 3.23.5, so you'll get a harmless unmet-peer warning until the rest of the tiptap packages are bumped to 3.23.6 too.
| "@tiptap/extension-text-align": "3.23.5", | ||
| "@tiptap/extension-text-style": "3.23.5", | ||
| "@tiptap/extension-underline": "3.23.5", | ||
| "@tiptap/extension-underline": "3.23.6", |
There was a problem hiding this comment.
@dependabot [medium] Bumping the lockfile here makes client/sbom/.lock-hash stale, which is why run-tests / build fails with client/sbom/ is stale (pnpm-lock.yaml or package.json changed). The SBOM hash is derived from pnpm-lock.yaml + package.json, and this PR changed both without regenerating it (computed 93df8d48… vs stored bf47dc04…). Dependabot won't fix this on its own — someone needs to run pnpm run sbom:force in client/ and commit the updated sbom/.
🤖 Prompt for AI agents
The client SBOM is stale after this dependency bump, causing the run-tests / build CI check to fail. In the client/ directory, run pnpm run sbom:force to regenerate client/sbom/bom.json and client/sbom/.lock-hash, then commit the updated files in client/sbom/.
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
Bot
deleted the
dependabot/npm_and_yarn/client/tiptap/extension-underline-3.23.6
branch
2 participants
Bumps @tiptap/extension-underline from 3.23.5 to 3.23.6.
Release notes
Sourced from @tiptap/extension-underline's releases.
Changelog
Sourced from @tiptap/extension-underline's changelog.
Commits
195b13fchore(release): publish a new stable version (#7854)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)