All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function.