diff --git a/node_modules/bl/bl.js b/node_modules/bl/bl.js
index af49483..52c3740 100644
--- a/node_modules/bl/bl.js
+++ b/node_modules/bl/bl.js
@@ -186,18 +186,22 @@ BufferList.prototype.copy = function copy (dst, dstStart, srcStart, srcEnd) {
 
     if (bytes > l) {
       this._bufs[i].copy(dst, bufoff, start)
+      bufoff += l
     } else {
       this._bufs[i].copy(dst, bufoff, start, start + bytes)
+      bufoff += l
       break
     }
 
-    bufoff += l
     bytes -= l
 
     if (start)
       start = 0
   }
 
+  // safeguard so that we don't return uninitialized memory
+  if (dst.length > bufoff) return dst.slice(0, bufoff)
+
   return dst
 }
 
@@ -233,6 +237,11 @@ BufferList.prototype.toString = function toString (encoding, start, end) {
 }
 
 BufferList.prototype.consume = function consume (bytes) {
+  // first, normalize the argument, in accordance with how Buffer does it
+  bytes = Math.trunc(bytes)
+  // do nothing if not a positive number
+  if (Number.isNaN(bytes) || bytes <= 0) return this
+
   while (this._bufs.length) {
     if (bytes >= this._bufs[0].length) {
       bytes -= this._bufs[0].length
diff --git a/node_modules/bl/package.json b/node_modules/bl/package.json
index 9921432..90eea30 100644
--- a/node_modules/bl/package.json
+++ b/node_modules/bl/package.json
@@ -1,32 +1,27 @@
 {
-  "_args": [
-    [
-      "bl@2.2.0",
-      "C:\\Users\\ckxng\\Local\\src\\uos2020\\universityofscouting"
-    ]
-  ],
-  "_from": "bl@2.2.0",
-  "_id": "bl@2.2.0",
+  "_from": "bl@2.2.1",
+  "_id": "bl@2.2.1",
   "_inBundle": false,
-  "_integrity": "sha512-wbgvOpqopSr7uq6fJrLH8EsvYMJf9gzfo2jCsL2eTy75qXPukA4pCgHamOQkZtY5vmfVtjB+P3LNlMHW5CEZXA==",
+  "_integrity": "sha512-6Pesp1w0DEX1N550i/uGV/TqucVL4AM/pgThFSN/Qq9si1/DF9aIHs1BxD8V/QU0HoeHO6cQRTAuYnLPKq1e4g==",
   "_location": "/bl",
   "_phantomChildren": {},
   "_requested": {
     "type": "version",
     "registry": true,
-    "raw": "bl@2.2.0",
+    "raw": "bl@2.2.1",
     "name": "bl",
     "escapedName": "bl",
-    "rawSpec": "2.2.0",
+    "rawSpec": "2.2.1",
     "saveSpec": null,
-    "fetchSpec": "2.2.0"
+    "fetchSpec": "2.2.1"
   },
   "_requiredBy": [
     "/mongodb"
   ],
-  "_resolved": "https://registry.npmjs.org/bl/-/bl-2.2.0.tgz",
-  "_spec": "2.2.0",
-  "_where": "C:\\Users\\ckxng\\Local\\src\\uos2020\\universityofscouting",
+  "_resolved": "https://registry.npmjs.org/bl/-/bl-2.2.1.tgz",
+  "_shasum": "8c11a7b730655c5d56898cdc871224f40fd901d5",
+  "_spec": "bl@2.2.1",
+  "_where": "C:\\Users\\ckxng\\Local\\src\\uos2020\\universityofscouting\\node_modules\\mongodb",
   "authors": [
     "Rod Vagg <rod@vagg.org> (https://github.com/rvagg)",
     "Matteo Collina <matteo.collina@gmail.com> (https://github.com/mcollina)",
@@ -35,10 +30,12 @@
   "bugs": {
     "url": "https://github.com/rvagg/bl/issues"
   },
+  "bundleDependencies": false,
   "dependencies": {
     "readable-stream": "^2.3.5",
     "safe-buffer": "^5.1.1"
   },
+  "deprecated": false,
   "description": "Buffer List: collect buffers and access with a standard readable Buffer interface, streamable too!",
   "devDependencies": {
     "faucet": "0.0.1",
@@ -62,5 +59,5 @@
   "scripts": {
     "test": "node test/test.js | faucet"
   },
-  "version": "2.2.0"
+  "version": "2.2.1"
 }
diff --git a/node_modules/bl/test/test.js b/node_modules/bl/test/test.js
index 475cda8..42fcad4 100644
--- a/node_modules/bl/test/test.js
+++ b/node_modules/bl/test/test.js
@@ -431,6 +431,22 @@ tape('test toString encoding', function (t) {
   t.end()
 })
 
+tape('uninitialized memory', function (t) {
+  const secret = crypto.randomBytes(256)
+  for (let i = 0; i < 1e6; i++) {
+    const clone = Buffer.from(secret)
+    const bl = new BufferList()
+    bl.append(Buffer.from('a'))
+    bl.consume(-1024)
+    const buf = bl.slice(1)
+    if (buf.indexOf(clone) !== -1) {
+      t.fail(`Match (at ${i})`)
+      break
+    }
+  }
+  t.end()
+})
+
 !process.browser && tape('test stream', function (t) {
   var random = crypto.randomBytes(65534)
     , rndhash = hash(random, 'md5')
diff --git a/package-lock.json b/package-lock.json
index 9ca8637..38e20e9 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -194,9 +194,9 @@
       "integrity": "sha512-Phlt0plgpIIBOGTT/ehfFnbNlfsDEiqmzE2KRXoX1bLIlir4X/MR+zSyBEkL05ffWgnRSf/DXv+WrUAVr93/ow=="
     },
     "bl": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/bl/-/bl-2.2.0.tgz",
-      "integrity": "sha512-wbgvOpqopSr7uq6fJrLH8EsvYMJf9gzfo2jCsL2eTy75qXPukA4pCgHamOQkZtY5vmfVtjB+P3LNlMHW5CEZXA==",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmjs.org/bl/-/bl-2.2.1.tgz",
+      "integrity": "sha512-6Pesp1w0DEX1N550i/uGV/TqucVL4AM/pgThFSN/Qq9si1/DF9aIHs1BxD8V/QU0HoeHO6cQRTAuYnLPKq1e4g==",
       "requires": {
         "readable-stream": "^2.3.5",
         "safe-buffer": "^5.1.1"