algoliasearch-helper is vulnerable to prototype pollution. The _merge
function fails to validate the Object key values when users are able to define arbitrary search patterns, allowing attackers to perform prototype pollution attacks by modifying attributes such as __proto__
.