rangy vulnerable to Prototype Pollution
All versions of the package rangy is vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js. The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype