All versions of package dot-notes are vulnerable to Prototype Pollution via the create function.
dot-notes project dot-notes