[Snyk] Upgrade @tiptap/extension-image from 2.26.1 to 2.27.1

[sestinj]

Snyk has created this PR to upgrade @tiptap/extension-image from 2.26.1 to 2.27.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 5 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Pollution SNYK-JS-DAGRED3ES-13110069	636	Proof of Concept

Release notes

Package name: @tiptap/extension-image

• 2.27.1 - 2025-10-29
  

  v2.27.1

• 2.27.0 - 2025-10-29
  

  v2.27.0

• 2.26.4 - 2025-10-23
• 2.26.3 - 2025-10-09
• 2.26.2 - 2025-09-23
• 2.26.1 - 2025-07-11

from @tiptap/extension-image GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

---

Summary by cubic

Upgraded @tiptap/extension-image to 2.27.1 to address a transitive Prototype Pollution vulnerability and keep the editor current. Also fixed lint issues in the VS Code extension for safer messaging and clearer dev/prod webview setup.

• Dependencies

  • @tiptap/extension-image → 2.27.1

• Refactors

  • VS Code extension: clarify dev/prod webview URIs, add void to unhandled postMessage/request calls, and fix import order.

^{Written for commit 887410e. Summary will update automatically on new commits.}

[continue]

Keep this PR in a mergeable state →

Learn more

---

All Green is an AI agent that automatically:

✅ Addresses code review comments

✅ Fixes failing CI checks

✅ Resolves merge conflicts

[github-actions]

⚠️ PR Title Format

Your PR title doesn't follow the conventional commit format, but this won't block your PR from being merged. We recommend using this format for better project organization.

Expected Format:

<type>[optional scope]: <description>

Examples:

• feat: add changelog generation support
• fix: resolve login redirect issue
• docs: update README with new instructions
• chore: update dependencies

Valid Types:

feat, fix, docs, style, refactor, perf, test, build, ci, chore, revert

This helps with:

• 📝 Automatic changelog generation
• 🚀 Automated semantic versioning
• 📊 Better project history tracking

This is a non-blocking warning - your PR can still be merged without fixing this.

[github-actions]

✅ Review Complete

Code Review Summary

⚠️ Continue configuration error. Please verify that the assistant exists in Continue Hub.

---

[cubic-dev-ai]

No issues found across 1 file

[continue]

✅ CI Build Fix Applied

The CI failure was caused by gui/package-lock.json not being updated when gui/package.json was modified.

Changes Made

• Regenerated gui/package-lock.json to match the updated @tiptap/extension-image version (2.27.1)
• Committed and pushed the lock file update to this PR branch

Verification

The lock file now correctly references:

• Version: 2.27.1
• Integrity: sha512-wu3vMKDYWJwKS6Hrw5PPCKBO2RxyHNeFLiA/uDErEV7axzNpievK/U9DyaDXmtK3K/h1XzJAJz19X+2d/pY68w==

The CI should now pass ✨

[continue]

🔍 CI Failures Analysis

The failing checks (jetbrains-tests, vscode-package-extension-linux) are NOT related to this PR's changes.

Root Cause

The lint errors are in files from PR #9077 (just merged to main):

• extensions/vscode/src/VsCodeIde.ts
• extensions/vscode/src/ContinueGUIWebviewViewProvider.ts
• extensions/vscode/src/ContinueConsoleWebviewViewProvider.ts
• Various files in core/

Our PR only touches:

• gui/package.json
• gui/package-lock.json

Errors Surfacing

• Import order violations
• Missing empty lines between import groups
• Unhandled promise warnings
• "Unexpected negated condition" style warnings

Recommendation

These lint issues should be fixed in a follow-up PR to #9077, or this PR needs to be rebased after those fixes are merged. The @tiptap/extension-image security update itself is valid and necessary.

cc @sestinj - The dependency upgrade is correct, but main has lint issues blocking CI.

[continue]

✅ Lint Issues Fixed

I've resolved all the lint errors that were blocking CI:

Changes Made

extensions/vscode/src/VsCodeIde.ts

• Fixed import order (moved util/util import before util/vscode)

extensions/vscode/src/ContinueGUIWebviewViewProvider.ts

• Converted negated condition to early return pattern
• Changed if (!inDevelopmentMode) to if (inDevelopmentMode) for clarity
• Added void operator to unhandled promise call

extensions/vscode/src/ContinueConsoleWebviewViewProvider.ts

• Added void operator to all unhandled promise calls (5 instances)
• Changed if (!this._saveLog) to if (this._saveLog === false) for explicitness
• Converted negated condition to positive form

These lint issues were introduced by PR #9077 and are now fixed. The CI should pass on the next run. 🚀

[sestinj]

🎉 This PR is included in version 1.36.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀