Security Fix for Prototype Pollution

[ready-research]

The previously patched fix is fixing only deepMixIn(), the vulnerability is still reproducible by using other methods like deepFillIn and set.

Fixing the issues in set() and deepFillIn()

Reported in (Can you please validate these?)
https://www.huntr.dev/bounties/0391c0aa-a145-42bc-b402-02da110044f7/
https://www.huntr.dev/bounties/432bf9f6-23e3-4b0a-97eb-54f2a9d59afa/

• - npm test succeeds
• - Code coverage does not decrease (if any source code was changed)
• - If applicable, appropriate JSDoc comments were updated in source code (if applicable)
• - If applicable, approprate changes to js-data.io docs have been suggested ("Suggest Edits" button)

[blindhacker99]

I already reported both of the functions are vulnerable to prototype pollution deepFillIn() and set() about two months back on huntr
( cc: @huntr-helper). Below are the link to open issues -

• 🚨 Potential Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321) #577
• 🚨 Potential Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321) #576

[ready-research]

@crobinson42 Can you please validate the above huntr issues and also confirm the fixes. Thanks.

I have reported the previous prototype issue as well and commented about these in Jan 2021. See my comments in 418sec#2 (comment)