Product
`@theecryptochad/merge-guard` versions prior to 1.0.1 are vulnerable to Prototype Pollution via the `deepMerge()` function, allowing an attacker who controls the source object to inject `__proto__` keys that mutate `Object.prototype`, affecting all objects in the Node.js runtime.