CVE-2023-26133

All versions of the package progressbar.js are vulnerable to Prototype Pollution via the function extend() in the file utils.js.