Fix prototype pollution on unflatten

MatthiasKunnen · timoxley · commit 20ef0ef55dfa · 2020-08-06T11:14:52.000-04:00
Fixes #105.
diff --git a/index.js b/index.js
@@ -116,6 +116,10 @@ function unflatten (target, opts) {
     let recipient = result
 
     while (key2 !== undefined) {
+      if (key1 === '__proto__') {
+        return
+      }
+
       const type = Object.prototype.toString.call(recipient[key1])
       const isobject = (
         type === '[object Object]' ||
