From 0efed0340ec8433638758f7ca0c77cb20a0bfbab Mon Sep 17 00:00:00 2001
From: substack <substack@bits.coop>
Date: Tue, 10 Mar 2020 08:23:44 -1000
Subject: [PATCH 1/5] failing test for protocol pollution

---
 test/proto.js | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 test/proto.js

diff --git a/test/proto.js b/test/proto.js
new file mode 100644
index 0000000..015ea60
--- /dev/null
+++ b/test/proto.js
@@ -0,0 +1,8 @@
+var parse = require('../');
+var test = require('tape');
+
+test('proto pollution', function (t) {
+    var argv = parse(['--__proto__.x','123']);
+    t.equal({}.x, undefined);
+    t.end();
+});

From 47acf72c715a630bf9ea013867f47f1dd69dfc54 Mon Sep 17 00:00:00 2001
From: substack <substack@bits.coop>
Date: Tue, 10 Mar 2020 08:24:38 -1000
Subject: [PATCH 2/5] console.dir -> console.log

---
 example/parse.js | 2 +-
 readme.markdown  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/example/parse.js b/example/parse.js
index abff3e8..f7c8d49 100644
--- a/example/parse.js
+++ b/example/parse.js
@@ -1,2 +1,2 @@
 var argv = require('../')(process.argv.slice(2));
-console.dir(argv);
+console.log(argv);
diff --git a/readme.markdown b/readme.markdown
index 2bcb88f..dba4e5e 100644
--- a/readme.markdown
+++ b/readme.markdown
@@ -13,7 +13,7 @@ fanciful decoration.
 
 ``` js
 var argv = require('minimist')(process.argv.slice(2));
-console.dir(argv);
+console.log(argv);
 ```
 
 ```

From 63e7ed05aa4b1889ec2f3b196426db4500cbda94 Mon Sep 17 00:00:00 2001
From: substack <substack@bits.coop>
Date: Tue, 10 Mar 2020 08:36:30 -1000
Subject: [PATCH 3/5] don't assign onto __proto__

---
 index.js      | 1 +
 test/proto.js | 1 +
 2 files changed, 2 insertions(+)

diff --git a/index.js b/index.js
index 388a963..3b13f44 100644
--- a/index.js
+++ b/index.js
@@ -70,6 +70,7 @@ module.exports = function (args, opts) {
         var o = obj;
         keys.slice(0,-1).forEach(function (key) {
             if (o[key] === undefined) o[key] = {};
+            if (o[key] === {}.__proto__) o[key] = {};
             o = o[key];
         });
 
diff --git a/test/proto.js b/test/proto.js
index 015ea60..87490c3 100644
--- a/test/proto.js
+++ b/test/proto.js
@@ -4,5 +4,6 @@ var test = require('tape');
 test('proto pollution', function (t) {
     var argv = parse(['--__proto__.x','123']);
     t.equal({}.x, undefined);
+    t.equal(argv.__proto__.x, 123);
     t.end();
 });

From 67d3722413448d00a62963d2d30c34656a92d7e2 Mon Sep 17 00:00:00 2001
From: substack <substack@bits.coop>
Date: Tue, 10 Mar 2020 08:36:41 -1000
Subject: [PATCH 4/5] cleanup

---
 readme.markdown | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/readme.markdown b/readme.markdown
index dba4e5e..c58e258 100644
--- a/readme.markdown
+++ b/readme.markdown
@@ -5,10 +5,6 @@ parse argument options
 This module is the guts of optimist's argument parser without all the
 fanciful decoration.
 
-[![browser support](https://ci.testling.com/substack/minimist.png)](http://ci.testling.com/substack/minimist)
-
-[![build status](https://secure.travis-ci.org/substack/minimist.png)](http://travis-ci.org/substack/minimist)
-
 # example
 
 ``` js

From f34df077a6b2bee1344188849a95e66777109e89 Mon Sep 17 00:00:00 2001
From: substack <substack@bits.coop>
Date: Tue, 10 Mar 2020 08:36:58 -1000
Subject: [PATCH 5/5] 1.2.2

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index bc64cf7..1750cc2 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "minimist",
-  "version": "1.2.1",
+  "version": "1.2.2",
   "description": "parse argument options",
   "main": "index.js",
   "devDependencies": {