search

Choices-js / Choices

A vanilla JS customisable select box/text input plugin ⚡️
https://choices-js.github.io/Choices/
MIT License
6.05k stars 597 forks source link

Replace cdn.polyfill.io with polyfill-fastly.io #1162

Open jurgenhaas opened 1 week ago

jurgenhaas commented 1 week ago

Fixes #1160

alanhamlett commented 1 week ago

IMO polyfill shouldn't even be mentioned in case someone accidentally uses the compromised domain. It's hella outdated these days, not even needed.

mbomb007 commented 1 week ago

I hope this change goes in soon.

alanhamlett commented 1 week ago

It's not complete. There's still a link in the readme to the malicious domain:

https://github.com/Choices-js/Choices/pull/1162/files#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5L1110

alanhamlett commented 1 week ago

Use #1161 instead.

hotwebmatter commented 1 week ago

Either approve https://github.com/Choices-js/Choices/pull/1161 or amend this PR to catch both references to the malicious domain -- but let's not get stuck in analysis-paralysis here. There is some urgency to closing this attack vector.