Merge pull request #2713 from kfear1337/CodeQL-Report

app/components/sidebar.tsx

@@ -174,7 +174,7 @@ export function SideBar(props: { className?: string }) {
             </Link>
           </div>
           <div className={styles["sidebar-action"]}>
-            <a href={REPO_URL} target="_blank">
+            <a href={REPO_URL} target="_blank" rel="noopener noreferrer">
               <IconButton icon={<GithubIcon />} shadow />
             </a>
           </div>

app/utils/merge.ts

@@ -1,9 +1,13 @@
 export function merge(target: any, source: any) {
   Object.keys(source).forEach(function (key) {
-    if (source[key] && typeof source[key] === "object") {
+    if (
+      source.hasOwnProperty(key) && // Check if the property is not inherited
+      source[key] &&
+      typeof source[key] === "object" || key === "__proto__" || key === "constructor"
+    ) {
       merge((target[key] = target[key] || {}), source[key]);
       return;
     }
     target[key] = source[key];
   });
-}
+}