Node.js third-party modules: Prototype pollution attack (upmerge)

Hi team, I would like to report a prototype pollution vulnerability in upmerge that allows an attacker to inject properties on Object.prototype. Module module name: upmerge version: 0.1.7 npm page: https://www.npmjs.com/package/upmerge Module Description JavaScript Object Merge and Clone for Clie...