From 59b421dcc0d9cca3d99510645c91d92964efb393 Mon Sep 17 00:00:00 2001
From: jackfromeast <thisiszhengyu@gmail.com>
Date: Thu, 10 Oct 2024 16:48:46 -0400
Subject: [PATCH] Fix the prototype pollution vulnerability found in extend
 function.

Reference: https://github.com/CodeByZach/pace/issues/546
---
 pace.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pace.js b/pace.js
index 0831a47..2b7c32d 100644
--- a/pace.js
+++ b/pace.js
@@ -114,7 +114,7 @@
 			source = sources[_i];
 			if (source) {
 				for (key in source) {
-					if (!__hasProp.call(source, key)) continue;
+					if (!__hasProp.call(source, key) || key === '__proto__' || key === 'constructor' || key === 'prototype') continue;
 					val = source[key];
 					if ((out[key] != null) && typeof out[key] === 'object' && (val != null) && typeof val === 'object') {
 						extend(out[key], val);
@@ -445,7 +445,7 @@
 	};
 
 	RequestIntercept = (function(_super) {
-		__extends(RequestIntercept, _super);
+		__s(RequestIntercept, _super);
 
 		function RequestIntercept() {
 			var monitorXHR,
@@ -983,4 +983,4 @@
 		}
 	}
 
-}).call(this);
\ No newline at end of file
+}).call(this);