From d9685b353653a0a9c11c9acb269424df1a905166 Mon Sep 17 00:00:00 2001
From: Sjoerd <sjoerddal108@gmail.com>
Date: Fri, 23 Oct 2020 22:24:06 +0200
Subject: [PATCH 1/2] Fix EDGE_WRAP overwriting X with Y when Y < 0

---
 packages/core/src/index.js                     |  9 +++++----
 packages/plugin-color/test/convolution.test.js | 10 +++++++---
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/packages/core/src/index.js b/packages/core/src/index.js
index e7edc26c9..b008b887c 100755
--- a/packages/core/src/index.js
+++ b/packages/core/src/index.js
@@ -25,9 +25,10 @@ const alphabet =
 const maxHashLength = [NaN, NaN];
 
 for (let i = 2; i < 65; i++) {
-  const maxHash = anyBase(anyBase.BIN, alphabet.slice(0, i))(
-    new Array(64 + 1).join('1')
-  );
+  const maxHash = anyBase(
+    anyBase.BIN,
+    alphabet.slice(0, i)
+  )(new Array(64 + 1).join('1'));
   maxHashLength.push(maxHash.length);
 }
 
@@ -713,7 +714,7 @@ class Jimp extends EventEmitter {
       }
 
       if (y < 0) {
-        xi = this.bitmap.height + y;
+        yi = this.bitmap.height + y;
       }
 
       if (y >= this.bitmap.height) {
diff --git a/packages/plugin-color/test/convolution.test.js b/packages/plugin-color/test/convolution.test.js
index e9e8dd630..2e9e46c11 100644
--- a/packages/plugin-color/test/convolution.test.js
+++ b/packages/plugin-color/test/convolution.test.js
@@ -49,7 +49,11 @@ describe('Convolution', function() {
       .catch(done);
   });
 
-  const sharpM = [[-1, -1, 0], [-1, 1, 1], [0, 1, 1]];
+  const sharpM = [
+    [-1, -1, 0],
+    [-1, 1, 1],
+    [0, 1, 1]
+  ];
 
   it('3x3 sharp matrix on EDGE_EXTEND', done => {
     imgMid
@@ -96,7 +100,7 @@ describe('Convolution', function() {
       .getJGDSync()
       .should.be.sameJGD(
         mkJGD(
-          '66666666',
+          '22222222',
           '28EEE822',
           '2EFFF802',
           '2EF88002',
@@ -113,7 +117,7 @@ describe('Convolution', function() {
       .getJGDSync()
       .should.be.sameJGD(
         mkJGD(
-          'FC06666F',
+          'F802222E',
           '80022228',
           '00022222',
           '22222222',

From 7f5f5d8725b78ae2ed486de5fbc67c4ae23f7e87 Mon Sep 17 00:00:00 2001
From: Andrew Lisowski <lisowski54@gmail.com>
Date: Fri, 3 Feb 2023 20:52:50 -0800
Subject: [PATCH 2/2] fix ddos vulnerability

---
 packages/core/src/request.js | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/packages/core/src/request.js b/packages/core/src/request.js
index 3c38723df..d58955f72 100644
--- a/packages/core/src/request.js
+++ b/packages/core/src/request.js
@@ -41,13 +41,18 @@ if (
 } else {
   module.exports = function ({ ...options }, cb) {
     const p = require("phin");
+    const allOptions = { compression: true, ...options };
 
-    p({ compression: true, ...options }, (err, res) => {
-      if (err === null) {
-        cb(null, res, res.body);
-      } else {
-        cb(err);
-      }
-    });
+    try {
+      p(allOptions, (err, res) => {
+        if (err) {
+          cb(err);
+        } else {
+          cb(null, res, res.body);
+        }
+      });
+    } catch (error) {
+      cb(error);
+    }
   };
 }