Node.js third-party modules: Prototype pollution attack (mergify)

Hi team, I would like to report a prototype pollution vulnerability in mergify that allows an attacker to inject properties on Object.prototype. Module module name: mergify version: 1.0.2 npm page: https://www.npmjs.com/package/mergify Module Description Merge objects deeply Vulnerability...