From 5e5b803e308ebf9e3c8dbce2cc0144aabb947247 Mon Sep 17 00:00:00 2001
From: Ron Perris <ronperris@gmail.com>
Date: Wed, 24 Oct 2018 13:01:47 -0700
Subject: [PATCH 1/3] [fix] Fixed uninitialized buffer vulnerability.
 (https://hackerone.com/reports/321701)

---
 lib/base64.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/base64.js b/lib/base64.js
index c52e356..15096ab 100644
--- a/lib/base64.js
+++ b/lib/base64.js
@@ -16,7 +16,7 @@ base64.encode = function (unencoded) {
   var encoded;
 
   try {
-    encoded = new Buffer(unencoded || '').toString('base64');
+    encoded = new Buffer(unencoded ? String(unencoded) : '').toString('base64');
   }
   catch (ex) {
     return null;
@@ -34,7 +34,7 @@ base64.decode = function (encoded) {
   var decoded;
 
   try {
-    decoded = new Buffer(encoded || '', 'base64').toString('utf8');
+    decoded = new Buffer(encoded ? String(encoded) : '', 'base64').toString('utf8');
   }
   catch (ex) {
     return null;

From 786dde32b07a9c73cbc31d37ffd9564c56cde164 Mon Sep 17 00:00:00 2001
From: Ron Perris <ronperris@gmail.com>
Date: Wed, 24 Oct 2018 13:03:11 -0700
Subject: [PATCH 2/3] [fix] Added test coverage for base64 vulnerability fix.
 (https://hackerone.com/reports/321701)

---
 test/base64-test.js | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 test/base64-test.js

diff --git a/test/base64-test.js b/test/base64-test.js
new file mode 100644
index 0000000..cb90add
--- /dev/null
+++ b/test/base64-test.js
@@ -0,0 +1,17 @@
+var assert = require('assert'),
+    vows = require('vows'),
+    utile = require('../lib/');
+
+
+vows.describe('utile/base64').addBatch({
+
+  'Should treat input as a string for encode().': function() {
+    assert.equal(utile.base64.encode('200'), utile.base64.encode(200))
+    assert.equal(utile.base64.encode('100000000'), utile.base64.encode(1e8))
+  },
+
+  'Should treat input as a string for decode().': function() {
+    assert.equal(utile.base64.decode('MTAw'), 100)
+  }
+
+}).export(module);
\ No newline at end of file

From 299839298a44d1b22ba3e62967669e36691a0592 Mon Sep 17 00:00:00 2001
From: Ron Perris <ronperris@gmail.com>
Date: Wed, 24 Oct 2018 13:17:27 -0700
Subject: [PATCH 3/3] [fix] Bumping version number.
 (https://hackerone.com/reports/321701)

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index a04265c..1333591 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "utile",
   "description": "A drop-in replacement for `util` with some additional advantageous functions",
-  "version": "0.3.0",
+  "version": "0.3.1",
   "author": "Nodejitsu Inc. <info@nodejitsu.com>",
   "maintainers": [
     "indexzero <charlie@nodejitsu.com>"