With the changes we've made for MongoDB's SSDLC initiative, the PRs that Dependabot produces simply cannot be merged as-is. We need to regenerate the SBOM Lite file whenever we add a new depedency.

Some possibilities include:

• Write a GH Action to regen the SBOM Lite for all PRs produced by Dependabot, so they are mergeable as-is.
• Document how to fix these by hand.
• Turn off Dependabot in favor of something else, like a "update all deps" ticket of the kind we do with Mongosync.

The output from this ticket should be a new ticket to do the thing that you've determined is the best course of action.