Patch the prototype pollution vulnerability in jQuery < 3.4.0 (CVE-2019-11358)

Author: DanielRuf

lib/web/jquery.js

@@ -12,6 +12,11 @@
  * Date: 2016-05-20T17:17Z
  */
 
+/*
+ * includes patch for CVE-2019-11358
+ * prototype pollution vulnerability in jQuery before 3.4.0
+ */
+
 (function( global, factory ) {
 
 	if ( typeof module === "object" && typeof module.exports === "object" ) {
@@ -209,8 +214,9 @@
 					src = target[ name ];
 					copy = options[ name ];
 
+					// Prevent Object.prototype pollution
 					// Prevent never-ending loop
-					if ( target === copy ) {
+					if ( name === "__proto__" || target === copy ) {
 						continue;
 					}