From aeb4f50b7c1f953f859635b37b222e596d136d6c Mon Sep 17 00:00:00 2001
From: Joe Portner <5295965+jportner@users.noreply.github.com>
Date: Thu, 30 Apr 2020 11:24:06 -0400
Subject: [PATCH] Update `mixin-deep` dependency (#38057, #46412)

---
 packages/kbn-pm/dist/index.js | 15 +++++++++++++++
 yarn.lock                     |  6 +++---
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/packages/kbn-pm/dist/index.js b/packages/kbn-pm/dist/index.js
index f00e0c449d455..2ee2a623fa4d6 100644
--- a/packages/kbn-pm/dist/index.js
+++ b/packages/kbn-pm/dist/index.js
@@ -41786,6 +41786,10 @@ function mixinDeep(target, objects) {
  */
 
 function copy(val, key) {
+  if (!isValidKey(key)) {
+    return;
+  }
+
   var obj = this[key];
   if (isObject(val) && isObject(obj)) {
     mixinDeep(obj, val);
@@ -41805,6 +41809,17 @@ function isObject(val) {
   return isExtendable(val) && !Array.isArray(val);
 }
 
+/**
+ * Returns true if `key` is a valid key to use when extending objects.
+ *
+ * @param  {String} `key`
+ * @return {Boolean}
+ */
+
+function isValidKey(key) {
+  return key !== '__proto__' && key !== 'constructor' && key !== 'prototype';
+};
+
 /**
  * Expose `mixinDeep`
  */
diff --git a/yarn.lock b/yarn.lock
index f67538401a0a9..4b6f196b2dd2d 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -15299,9 +15299,9 @@ mississippi@^3.0.0:
     through2 "^2.0.0"
 
 mixin-deep@^1.2.0:
-  version "1.3.0"
-  resolved "https://registry.yarnpkg.com/mixin-deep/-/mixin-deep-1.3.0.tgz#47a8732ba97799457c8c1eca28f95132d7e8150a"
-  integrity sha512-dgaCvoh6i1nosAUBKb0l0pfJ78K8+S9fluyIR2YvAeUD/QuMahnFnF3xYty5eYXMjhGSsB0DsW6A0uAZyetoAg==
+  version "1.3.2"
+  resolved "https://registry.yarnpkg.com/mixin-deep/-/mixin-deep-1.3.2.tgz#1120b43dc359a785dce65b55b82e257ccf479566"
+  integrity sha512-WRoDn//mXBiJ1H40rqa3vH0toePwSsGb45iInWlTySa+Uu4k3tYUSxa2v1KqAiLtvlrSzaExqS1gtk96A9zvEA==
   dependencies:
     for-in "^1.0.2"
     is-extendable "^1.0.1"