build(deps): bump prosemirror-model from 1.19.4 to 1.22.3

[dependabot]

Bumps prosemirror-model from 1.19.4 to 1.22.3.

Changelog

Sourced from prosemirror-model's changelog.

1.22.3 (2024-08-06)

Bug fixes

Fix some corner cases in the way the DOM parser tracks active marks.

1.22.2 (2024-07-18)

Bug fixes

Make attribute validation messages more informative.

1.22.1 (2024-07-14)

Bug fixes

Add code to DOMSerializer that rejects DOM output specs when they originate from attribute values, to protect against XSS attacks that use corrupt attribute input.

1.22.0 (2024-07-14)

New features

Attribute specs now support a validate property that can be used to provide a validation function for the attribute, to guard against corrupt JSON input.

1.21.3 (2024-06-26)

Bug fixes

Fix an issue where parse rules for CSS properties that were shorthands for a number of more detailed properties weren't matching properly.

1.21.2 (2024-06-25)

Bug fixes

Make sure resolved positions (and thus the document and schema hanging off them) don't get kept in the cache when their document can be garbage-collected.

1.21.1 (2024-06-03)

Bug fixes

Improve performance and accuracy of DOMParser style matching by using the DOM's own style object.

1.21.0 (2024-05-06)

New features

The new linebreakReplacement property on node specs makes it possible to configure a node type that setBlockType will convert to and from line breaks when appropriate.

1.20.0 (2024-04-08)

... (truncated)

Commits

• be711f9 Mark version 1.22.3
• d47033e Overhaul the way marks are tracked in DOMParser
• 17709d3 Fix a typo in the comment
• 343fcd7 Mark version 1.22.2
• e1f6e22 Add release note
• 25285b6 Expose the extra blockArraysIn parameter to renderSpec in a hidden way
• fc27a3c Include type and attribute name in validate error messages
• e313240 Fix a type error
• 3360cdc Mark version 1.22.1
• 6e977d7 Add code to actively guard against corrupted-attribute XSS attacks
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)