All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input.