Merge pull request #1 from zpbrent/patch-1

Security Fix for Prototype Pollution in mquery

Author: huntr.dev | the place to protect open source

lib/utils.js

@@ -170,6 +170,9 @@ exports.mergeClone = function mergeClone(to, from) {
 
   while (i--) {
     key = keys[i];
+    if (specialProperties.indexOf(key) !== -1) {
+      continue;
+    }
     if ('undefined' === typeof to[key]) {
       to[key] = clone(from[key]);
     } else {