Prevent Object prototype pollution.

[mwakerman]

See https://hackerone.com/reports/311333.

Resolves #39

[gustavo-rodrigues-dev]

If you want to fix ci test, follow me:

• remove the yarn cache, because yarn don't supports Node < 4 natively and I was looking the yarn lock history and this file only created to caching ci test.

• add this config into .travis file: config before_install:
  • npm config set strict-ssl false
  • npm config set registry="http://registry.npmjs.org/"

I know that removing ssl in this case isn't the best solution however for older versions of the node you can use proxy but that solution fix the ci test.

my last test

I believe that next release that repo can remove the Node < 4 support, but that fix is most important than next release.

[mwakerman]

@gustavobeavis done (I think)

[unclechu]

@mwakerman Thanks, I'll make a release soon.

[unclechu]

Merged to dev branch, closing this.

[Pablodotnet]

Vulnerability alert still pops up with 0.5.1

[husseinbob]

Vulnerability alert still pops up with 0.5.1 @Pablodotnet

is this an erroneous alert or is the package still vulnerable?

[unclechu]

I don't think so, at least I don't have any proofs that it happens. There is a test for that: https://github.com/unclechu/node-deep-extend/blob/f3f2b4f30fffe8abc9a99a7d6469fb354ca206e9/test/index.spec.js#L260-L266