fix(slides): resolve prototype pollution in swiper v5 (#23344)

resolves #23342

core/package.json

@@ -67,8 +67,7 @@
     "typescript": "^4.0.5"
   },
   "scripts": {
-    "build": "npm run clean && npm run build.css && npm run build.vendor && stencil build --docs --es5 --docs-json dist/docs.json && npm run cdnloader",
+    "build": "npm run clean && npm run build.css && stencil build --docs --es5 --docs-json dist/docs.json && npm run cdnloader",
-    "build.vendor": "rollup --config ./scripts/swiper.rollup.config.js",
     "build.css": "npm run css.sass && npm run css.minify",
     "build.debug": "npm run clean && stencil build --debug",
     "build.docs": "stencil build --docs",

core/scripts/swiper.rollup.config.js

@@ -1,12 +0,0 @@
-import resolve from '@rollup/plugin-node-resolve';
-
-export default {
-  input: 'src/components/slides/swiper/swiper.js',
-  output: {
-    file: 'src/components/slides/swiper/swiper.bundle.js',
-    format: 'es'
-  },
-  plugins: [
-    resolve()
-  ]
-};

core/src/components/slides/swiper/swiper.bundle.js

@@ -970,10 +970,11 @@ const Utils = {
   },
   extend(...args) {
     const to = Object(args[0]);
+    const noExtend = ['__proto__', 'constructor', 'prototype'];
     for (let i = 1; i < args.length; i += 1) {
       const nextSource = args[i];
       if (nextSource !== undefined && nextSource !== null) {
-        const keysArray = Object.keys(Object(nextSource));
+        const keysArray = Object.keys(Object(nextSource)).filter((key) => noExtend.indexOf(key) < 0);
         for (let nextIndex = 0, len = keysArray.length; nextIndex < len; nextIndex += 1) {
           const nextKey = keysArray[nextIndex];
           const desc = Object.getOwnPropertyDescriptor(nextSource, nextKey);
@@ -6403,7 +6404,6 @@ const components = [
   Browser$1,
   Resize,
   Observer$1,
-  
 ];
 
 if (typeof Swiper.use === 'undefined') {