From 33774c11b989a6a8aa2517e1a83d39c43741fc90 Mon Sep 17 00:00:00 2001
From: Sheogorath
Date: Wed, 21 Nov 2018 11:11:47 +0100
Subject: Update from to-markdown to turndown

We got a security alert for a regular expression DoS attack on our used
library `to-markdown`.

After checking `to-markdown` to be maintained or not, it turned out they
renamed the library to `turndown`. So upgrading to `turndown` should fix
this vulnerbility.

References:
https://www.npmjs.com/package/to-markdown
https://github.com/domchristie/turndown/wiki/Migrating-from-to-markdown-to-Turndown
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'package.json')

diff --git a/package.json b/package.json
index ee3c3830..3c3f359a 100644
--- a/package.json
+++ b/package.json
@@ -123,8 +123,8 @@
     "store": "^2.0.12",
     "string": "^3.3.3",
     "tedious": "^1.14.0",
-    "to-markdown": "^3.0.3",
     "toobusy-js": "^0.5.1",
+    "turndown": "^5.0.1",
     "uuid": "^3.1.0",
     "validator": "^10.4.0",
     "velocity-animate": "^1.4.0",
-- 
cgit v1.2.3