From dc71687d11b7e2cf3c6614b6fc5ea7ce296771d6 Mon Sep 17 00:00:00 2001
From: d3v53c <shitfi63@gmail.com>
Date: Fri, 22 Jan 2021 12:38:15 -0800
Subject: [PATCH] prototype pollution fix

---
 src/utils.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/utils.js b/src/utils.js
index 051baa12..716dc7c5 100644
--- a/src/utils.js
+++ b/src/utils.js
@@ -62,6 +62,7 @@ const mkdirP = function (object, path) {
   }
   const parts = path.split('.')
   parts.forEach(function (key) {
+    if (isPrototypePolluted(key)) return
     if (!object[key]) {
       object[key] = {}
     }
@@ -419,6 +420,7 @@ const utils = {
   deepFillIn (dest, source) {
     if (source) {
       utils.forOwn(source, function (value, key) {
+        if (isPrototypePolluted(key)) return
         const existing = dest[key]
         if (isPlainObject(value) && isPlainObject(existing)) {
           utils.deepFillIn(existing, value)