Fix other instances of prototype pollution vulnerability

Author: ashaffer

lib/index.js

@@ -27,15 +27,15 @@ function cachedPathRelative (from, to) {
   // to invalidate the cache
   var cwd = process.cwd()
   if (cwd !== lastCwd) {
-    cache = {}
+    cache = Object.create(null)
     lastCwd = cwd
   }
 
   if (cache[from] && cache[from][to]) return cache[from][to]
 
   var result = relative.call(path, from, to)
 
-  cache[from] = cache[from] || {}
+  cache[from] = cache[from] || Object.create(null)
   cache[from][to] = result
 
   return result