From 9ecaa2e132cc4082c3da5f05a5b250ab4fd43b7b Mon Sep 17 00:00:00 2001
From: Jorg Sowa <jorg.sowa@gmail.com>
Date: Fri, 13 Mar 2026 01:27:17 +0100
Subject: [PATCH] fixed: CVE-2024-57071

---
 src/index.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/index.js b/src/index.js
index 8e9b734d2..7fb4cd256 100644
--- a/src/index.js
+++ b/src/index.js
@@ -18,6 +18,9 @@ function combine(src, to) {
   let i = keys.length;
   while (i--) {
     const k = keys[i];
+    if (k === "__proto__" || k === "constructor" || k === "prototype") {
+      continue;
+    }
     const val = src[k];
     if (val === null) {
       delete to[k];