From 6c46a879184ee624e0366ef2dc32fbc967ca794d Mon Sep 17 00:00:00 2001
From: Sergio Pereira <50143591+sergiopereirain@users.noreply.github.com>
Date: Thu, 15 Oct 2020 13:35:52 -0500
Subject: [PATCH] Update package.json

There was a vulnerability fixed in `bl@2.2.1`. It was also fixed in `3.0.1` and `4.0.3` but just bumping from `2.2.0` to `2.2.1` seems less risky here.
> Affected versions of this package are vulnerable to Remote Memory Exposure. If user input ends up in consume() argument and can become negative, BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 00a9de28..014eee80 100644
--- a/package.json
+++ b/package.json
@@ -21,7 +21,7 @@
   "dependencies": {
     "async": "^2.6.2",
     "binary": "~0.3.0",
-    "bl": "^2.2.0",
+    "bl": "^2.2.1",
     "buffer-crc32": "~0.2.5",
     "buffermaker": "~1.2.0",
     "debug": "^2.1.3",