From 34ed147c2c9dd02bc213e74f9d5d7af1fae3b42c Mon Sep 17 00:00:00 2001
From: ready-research <72916209+ready-research@users.noreply.github.com>
Date: Fri, 3 Sep 2021 16:01:31 +0530
Subject: [PATCH] fix: fix for Prototype Pollution (#304)

---
 packages/util/src/index.ts | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/packages/util/src/index.ts b/packages/util/src/index.ts
index 11de0ee0..767de2c0 100644
--- a/packages/util/src/index.ts
+++ b/packages/util/src/index.ts
@@ -4,6 +4,7 @@ export * from './types'
 
 const DEV = process.env.NODE_ENV !== 'production'
 
+const specialProperties = ['__proto__', 'constructor', 'prototype'];
 /**
  * Identity function.
  */
@@ -66,6 +67,9 @@ export const get = (from: unknown, path: Path): unknown => {
 export const assign = <T, U>(target: T, source: U): T & U => {
   if (!is(source)) return target as T & U
   for (const key in source) {
+    if (specialProperties.indexOf(key) !== -1) {
+      continue;
+    }
     // @ts-ignore
     target[key] = source[key]
   }
@@ -78,6 +82,9 @@ export const assign = <T, U>(target: T, source: U): T & U => {
 export const merge = <T, U>(target: T, source: U): T & U => {
   if (!is(source)) return target as T & U
   for (const key in source) {
+    if (specialProperties.indexOf(key) !== -1) {
+      continue;
+    }
     // @ts-ignore
     if (obj(target[key])) {
       // @ts-ignore