Prototype Pollution is still possible in the latest version 3.2.4

[zpbrent]

Hey, seems the fix for prototype pollution only applies to cloneObject() and merge(), but unfortunately miss mergeClone(). As a result, the latest version 3.2.4 is still vulnerable to prototype pollution.

I have reported this vul through huntr.dev at https://www.huntr.dev/bounties/1-npm-mquery
As well as proposed a possible fix with a PR at 418sec#1

Please help to confirm whether this is indeed an issue and also whether the fix you like, thanks!

[vkarpov15]

Fixed by #121