From ff1d9d8ee55dcb2bd4b5fa788205abfc293e6cfd Mon Sep 17 00:00:00 2001
From: Rik Smale <13023439+WikiRik@users.noreply.github.com>
Date: Wed, 25 Oct 2023 09:58:31 +0200
Subject: [PATCH] fix: deny modifying the object prototype

---
 src/shared/object.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/shared/object.ts b/src/shared/object.ts
index ac78339d..06ab8311 100644
--- a/src/shared/object.ts
+++ b/src/shared/object.ts
@@ -14,7 +14,7 @@ export function deepAssign<T, S>(target: T, source: S): T & S;
 export function deepAssign<S>(target: {}, source: S): S;
 export function deepAssign(target: any, ...sources: any[]): any {
   sources.forEach((source) => {
-    Object.getOwnPropertyNames(source).forEach((key) => assign(key, target, source));
+    Object.getOwnPropertyNames(source).forEach((key) => !["__proto__", "constructor", "prototype"].includes(key) && assign(key, target, source));
     /* istanbul ignore next */
     if (Object.getOwnPropertySymbols) {
       Object.getOwnPropertySymbols(source).forEach((key) => assign(key, target, source));