Object.assign({}, obj) is used all over the place. But this calls setters!

This is harmful in case obj contains an own __proto__ property.

You should use {...obj} (spread properties) instead. Compare:

let obj = {["__proto__"]: null};
Reflect.ownKeys(Object.assign({}, obj)); // []
Reflect.ownKeys({...obj});               // ["__proto__"]

Specifically in https://github.com/devtools-html/devtools-core/blob/b6aa4ab9787d519c9f468af91f4755760a9265b1/packages/devtools-reps/src/reps/grip.js#L156

it's the cause of bug 1390027.

Great find @Loirooriol!