From dd8a44acf433d7595f310ec2d8f198c6a65b45ab Mon Sep 17 00:00:00 2001
From: tarikgul <tariksnow37@gmail.com>
Date: Wed, 9 Apr 2025 11:26:31 -0400
Subject: [PATCH 1/2] Improve objectSpread function property handling

---
 packages/util/src/object/spread.ts | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/packages/util/src/object/spread.ts b/packages/util/src/object/spread.ts
index 2d08c00212..6df88c8c55 100644
--- a/packages/util/src/object/spread.ts
+++ b/packages/util/src/object/spread.ts
@@ -1,24 +1,34 @@
 // Copyright 2017-2025 @polkadot/util authors & contributors
 // SPDX-License-Identifier: Apache-2.0
-
 /**
  * @name objectSpread
  * @summary Concats all sources into the destination
+ * @description Spreads object properties while maintaining object integrity
  */
 export function objectSpread <T extends object> (dest: object, ...sources: (object | undefined | null)[]): T {
+  const filterProps = new Set(['__proto__', 'constructor', 'prototype']);
+
   for (let i = 0, count = sources.length; i < count; i++) {
     const src = sources[i];
 
     if (src) {
       if (typeof (src as Map<string, unknown>).entries === 'function') {
         for (const [key, value] of (src as Map<string, unknown>).entries()) {
-          (dest as Record<string, unknown>)[key] = value;
+          if (!filterProps.has(key)) {
+            (dest as Record<string, unknown>)[key] = value;
+          }
         }
       } else {
-        Object.assign(dest, src);
+        // Create a clean copy of the source object
+        const sanitizedSrc = Object.create(null);
+        for (const [key, value] of Object.entries(src)) {
+          if (!filterProps.has(key)) {
+            sanitizedSrc[key] = value;
+          }
+        }
+        Object.assign(dest, sanitizedSrc);
       }
     }
   }
-
   return dest as T;
-}
+}
\ No newline at end of file

From 8f0ed00bc3aef3332b855c6332e1751034f3fd4b Mon Sep 17 00:00:00 2001
From: tarikgul <tariksnow37@gmail.com>
Date: Wed, 9 Apr 2025 11:31:58 -0400
Subject: [PATCH 2/2] fix linter

---
 packages/util/src/object/spread.ts | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/packages/util/src/object/spread.ts b/packages/util/src/object/spread.ts
index 6df88c8c55..fc9370ef98 100644
--- a/packages/util/src/object/spread.ts
+++ b/packages/util/src/object/spread.ts
@@ -1,5 +1,6 @@
 // Copyright 2017-2025 @polkadot/util authors & contributors
 // SPDX-License-Identifier: Apache-2.0
+
 /**
  * @name objectSpread
  * @summary Concats all sources into the destination
@@ -20,15 +21,18 @@ export function objectSpread <T extends object> (dest: object, ...sources: (obje
         }
       } else {
         // Create a clean copy of the source object
-        const sanitizedSrc = Object.create(null);
+        const sanitizedSrc = Object.create(null) as Record<string, unknown>;
+
         for (const [key, value] of Object.entries(src)) {
           if (!filterProps.has(key)) {
             sanitizedSrc[key] = value;
           }
         }
+
         Object.assign(dest, sanitizedSrc);
       }
     }
   }
+
   return dest as T;
-}
\ No newline at end of file
+}