All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality.