chore(deps): bump @tiptap/starter-kit from 2.14.0 to 3.7.0

[dependabot]

Bumps @tiptap/starter-kit from 2.14.0 to 3.7.0.

Release notes

Sourced from @​tiptap/starter-kit's releases.

v3.7.0

Releases

v3.7.0

@​tiptap/core

Minor Changes

• All commands and their corresponding TypeScript types are now exported from @tiptap/core so they can be imported and referenced directly by consumers. This makes it easier to build typed helpers, extensions, and tests that depend on the command signatures.

  Why:

  • Previously some command option types were only available as internal types or scattered across files, which made it awkward for downstream users to import and reuse them.

  import { commands } from '@tiptap/core'

  Notes:

  • This is a non-breaking, additive change. It improves ergonomics for TypeScript consumers.
  • If you rely on previously private/internal types, prefer the exported types from @tiptap/core going forward.

• Add comprehensive bidirectional markdown support to Tiptap through a new @tiptap/markdown package and Markdown utilities in @tiptap/core.

  New Package: @tiptap/markdown - A new official extension that provides full Markdown parsing and serialization capabilities using MarkedJS as the underlying Markdown parser.

  Core Features:

  Extension API

  • Markdown Extension: Main extension that adds Markdown support to your editor
  • MarkdownManager: Core engine for parsing and serializing Markdown
    • Parse Markdown strings to Tiptap JSON: editor.markdown.parse(markdown)
    • Serialize Tiptap JSON to Markdown: editor.markdown.serialize(json)
    • Access to underlying marked.js instance: editor.markdown.instance

  Editor Methods

  • editor.getMarkdown(): Serialize current editor content to Markdown string
  • editor.markdown: Access to MarkdownManager instance for advanced operations

  Editor Options:

  • contentType: Control the type of content that is inserted into the editor. Can be json, html or markdown - defaults to json and will automatically detect invalid content types (like JSON when it is actually Markdown).

    new Editor({
      content: '# Hello World',
      contentType: 'markdown'
    })

  Command Options: All content commands now support an contentType option:

  • setContent(markdown, { contentType: 'markdown' }): Replace editor content with markdown
  • insertContent(markdown, { contentType: 'markdown' }): Insert markdown at cursor position

... (truncated)

Changelog

Sourced from @​tiptap/starter-kit's changelog.

3.7.0

Patch Changes

• Updated dependencies [35645d9]
• Updated dependencies [35645d9]
• Updated dependencies [35645d9]
• Updated dependencies [075c4be]
• Updated dependencies [7cf3ab6]
  • @​tiptap/core@​3.7.0
  • @​tiptap/extension-link@​3.7.0
  • @​tiptap/extensions@​3.7.0
  • @​tiptap/extension-blockquote@​3.7.0
  • @​tiptap/extension-bold@​3.7.0
  • @​tiptap/extension-code@​3.7.0
  • @​tiptap/extension-code-block@​3.7.0
  • @​tiptap/extension-document@​3.7.0
  • @​tiptap/extension-hard-break@​3.7.0
  • @​tiptap/extension-heading@​3.7.0
  • @​tiptap/extension-horizontal-rule@​3.7.0
  • @​tiptap/extension-italic@​3.7.0
  • @​tiptap/extension-list@​3.7.0
  • @​tiptap/extension-paragraph@​3.7.0
  • @​tiptap/extension-strike@​3.7.0
  • @​tiptap/extension-text@​3.7.0
  • @​tiptap/extension-underline@​3.7.0
  • @​tiptap/extension-dropcursor@​3.7.0
  • @​tiptap/extension-gapcursor@​3.7.0
  • @​tiptap/extension-list-item@​3.7.0
  • @​tiptap/extension-list-keymap@​3.7.0
  • @​tiptap/extension-bullet-list@​3.7.0
  • @​tiptap/extension-ordered-list@​3.7.0
  • @​tiptap/pm@​3.7.0

3.6.7

Patch Changes

• @​tiptap/extension-dropcursor@​3.6.7
• @​tiptap/extension-gapcursor@​3.6.7
• @​tiptap/extension-list-item@​3.6.7
• @​tiptap/extension-list-keymap@​3.6.7
• @​tiptap/core@​3.6.7
• @​tiptap/extension-blockquote@​3.6.7
• @​tiptap/extension-bold@​3.6.7
• @​tiptap/extension-bullet-list@​3.6.7
• @​tiptap/extension-code@​3.6.7
• @​tiptap/extension-code-block@​3.6.7
• @​tiptap/extension-document@​3.6.7
• @​tiptap/extension-hard-break@​3.6.7

... (truncated)

Commits

• dab80e9 chore(release): publish a new release version (#7076)
• ca8713b chore(release): publish a new release version (#7075)
• 89ef4d2 chore(release): publish a new release version (#7061)
• 82e03b5 chore(release): publish a new release version (#7042)
• 6f06a69 chore(release): publish a new release version (#7041)
• 857251a chore(release): publish a new release version (#7038)
• 5a9580d chore(release): publish a new release version (#7027)
• daf78ec chore(release): publish a new release version (#7014)
• ec6a3a7 chore(release): publish a new release version (#7012)
• 06d0bea chore(release): publish a new release version (#7009)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
app	Error			Oct 15, 2025 11:31am
portal	Error			Oct 15, 2025 11:31am

[comp-ai-code-review]

🔒 Comp AI - Security Review

🟢 Risk Level: LOW

OSV/npm scan found no known vulnerabilities in the scanned packages; package.json scan for packages/ui reported no issues.

---

📦 Dependency Vulnerabilities

✅ No known vulnerabilities detected in dependencies.

---

🛡️ Code Security Analysis

✅ No security issues detected in code changes.

---

💡 Recommendations

View 3 recommendation(s)

1. Manually inspect packages/ui/package.json for any hardcoded credentials (API keys, tokens, passwords) in fields like "config", custom properties, or top-level entries and remove them if present.
2. Check all npm "scripts" in packages/ui/package.json for shell interpolation or concatenation (use of $VAR, backticks, ${} or untrusted input). Replace or sanitize any commands that could lead to command injection.
3. If any sensitive values are present in packages/ui/package.json, remove them from the file and ensure they are supplied at runtime rather than stored in source files.

---

Powered by Comp AI - AI that handles compliance for you. Reviewed Oct 15, 2025

[dependabot]

Superseded by #1666.