Immutable used by browser-sync is vulnerable to Prototype Pollution

[AllThingsSmitty]

I received a Dependabot security alert for a repo that's using browser-sync 3.0.4 concerning Immutable being vulnerable to Prototype Pollution:

Dependabot cannot update immutable to a non-vulnerable version
The latest possible version that can be installed is 3.8.2 because of the following conflicting dependencies:

browser-sync@3.0.4 requires immutable@^3
browser-sync@3.0.4 requires immutable@^3 via browser-sync-ui@3.0.4
No patched version available for immutable
The earliest fixed version is 4.3.8.

Transitive dependency immutable 3.8.2 is introduced via
browser-sync 3.0.4 -> immutable 3.8.2

Is there a plan for a browser-sync update to handle this?

[EduardoMorales-mrm]

+1 to it, waiting for solution