[Snyk:Critical] Prototype pollution - due (04/22/2026)

### Overview
Affected versions of this package are vulnerable to Prototype Pollution in the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject functions. An attacker can inject arbitrary properties into object prototypes by supplying crafted input containing special keys, potentially leading to privilege escalation or bypassing security checks.

### Introduced through
draftail@1.4.1
### Fixed in
immutable@4.3.8, @5.1.5

### Action items 

- [ ] upgrade immutable@4.3.8 or @5.1.5 in package.json


### Completion criteria
- [ ] snyk vulnerability is remediated

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk:Critical] Prototype pollution - due (04/22/2026) #7044

Overview

Introduced through

Fixed in

Action items

Completion criteria

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Snyk:Critical] Prototype pollution - due (04/22/2026) #7044

Description

Overview

Introduced through

Fixed in

Action items

Completion criteria

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions