All versions of package config-handler are vulnerable to Prototype Pollution when loading config files.