jest-enzyme: vulnerability related to unset-value

[umeshshimpi]

We are seeing vulnerability in jest-enzyme version 7.1.2 which is using unset-value@1.0.0
The fix for this is to upgrade unset-value to 2.0.1
https://security.snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660
here's the dependency tree:
└─┬ jest-enzyme@7.1.2 └─┬ jest-environment-enzyme@7.1.2 └─┬ jest-environment-jsdom@24.9.0 └─┬ @jest/environment@24.9.0 └─┬ @jest/transform@24.9.0 └─┬ micromatch@3.1.10 └─┬ snapdragon@0.8.2 └─┬ base@0.11.2 └─┬ cache-base@1.0.1 └── unset-value@1.0.0

Can you help with this please?

[ljharb]

Prototype pollution isn't really an attack vector when it's in your test framework - anyone who has the authority to write tests already can do far more dangerous things.