All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function.