diff --git a/CHANGELOG.md b/CHANGELOG.md
index b86ddf9d..f973c614 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,13 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+### [5.0.5](https://www.github.com/yargs/y18n/compare/v5.0.4...v5.0.5) (2020-10-25)
+
+
+### Bug Fixes
+
+* address prototype pollution issue ([#108](https://www.github.com/yargs/y18n/issues/108)) ([a9ac604](https://www.github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25))
+
 ### [5.0.4](https://www.github.com/yargs/y18n/compare/v5.0.3...v5.0.4) (2020-10-16)
 
 
diff --git a/lib/index.ts b/lib/index.ts
index 864cbac2..07d99e3b 100644
--- a/lib/index.ts
+++ b/lib/index.ts
@@ -47,7 +47,7 @@ class Y18N {
     this.fallbackToLanguage = typeof opts.fallbackToLanguage === 'boolean' ? opts.fallbackToLanguage : true
 
     // internal stuff.
-    this.cache = {}
+    this.cache = Object.create(null)
     this.writeQueue = []
   }
 
diff --git a/package.json b/package.json
index ba713184..b9eea16f 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "y18n",
-  "version": "5.0.4",
+  "version": "5.0.5",
   "description": "the bare-bones internationalization library used by yargs",
   "exports": {
     ".": [
diff --git a/test/y18n-test.cjs b/test/y18n-test.cjs
index d65b14b9..a14941b1 100644
--- a/test/y18n-test.cjs
+++ b/test/y18n-test.cjs
@@ -351,6 +351,24 @@ describe('y18n', function () {
     })
   })
 
+  // See: https://github.com/yargs/y18n/issues/96,
+  // https://github.com/yargs/y18n/pull/107
+  describe('prototype pollution', () => {
+    it('does not pollute prototype, with __proto__ locale', () => {
+      const y = y18n()
+      y.setLocale('__proto__')
+      y.updateLocale({ polluted: '👽' })
+      y.__('polluted').should.equal('👽')
+      ;(typeof polluted).should.equal('undefined')
+    })
+
+    it('does not pollute prototype, when __ is used with __proto__ locale', () => {
+      const __ = y18n({ locale: '__proto__' }).__
+      __('hello')
+      ;(typeof {}.hello).should.equal('undefined')
+    })
+  })
+
   after(function () {
     rimraf.sync('./test/locales/fr.json')
   })