JointJS+ Changelog v4.2.4
util​
util – fix to guard merge(), omit(), pick(), and assign() against prototype pollution​
Fix a security issue where merge(), omit(), pick(), and assign() utility functions could be exploited via prototype pollution attacks (e.g. by passing an object with a __proto__ key).
All four functions now guard against attempts to overwrite properties on Object.prototype.