From 09c4b108fea3c0260008590053ff13da64913245 Mon Sep 17 00:00:00 2001
From: Brian Woodward <brian.woodward@gmail.com>
Date: Tue, 16 Aug 2022 12:41:12 -0400
Subject: [PATCH] back port patch for 4.0.1

---
 index.js | 4 ++++
 test.js  | 9 +++++++++
 2 files changed, 13 insertions(+)

diff --git a/index.js b/index.js
index fef5f36..87b6ce3 100644
--- a/index.js
+++ b/index.js
@@ -99,6 +99,10 @@ function createKey(pattern, options) {
 }
 
 function isValidKey(key) {
+  if (typeof key !== 'string' && typeof key !== 'number') {
+    key = String(key);
+  }
+
   return key !== '__proto__' && key !== 'constructor' && key !== 'prototype';
 }
 
diff --git a/test.js b/test.js
index ea93097..f66a9b1 100644
--- a/test.js
+++ b/test.js
@@ -210,3 +210,12 @@ describe('options', function() {
     assert.equal(o.a['{b.c.d}'].e, 'c');
   });
 });
+
+describe('patches', function() {
+  it('should not allow setting an unsafe key', function() {
+    const o = {};
+    assert.equal({}.foo, undefined);
+    set(o, [['__proto__'], 'foo'], 'bar');
+    assert.equal({}.foo, undefined);
+  });
+});