Closed zachmargolis closed 3 months ago
Why: A recent supply-chain attack on polyfill-dot-io highlights the risks of linking to external domains for JS like we were doing here with unpkg.com
Ref: https://sansec.io/research/polyfill-supply-chain-attack
I do not think we are using Netlify for this site, so it seemed easier to remove the functionality entirely instead of an alternative approach like vendoring the JS
Why: A recent supply-chain attack on polyfill-dot-io highlights the risks of linking to external domains for JS like we were doing here with unpkg.com
Ref: https://sansec.io/research/polyfill-supply-chain-attack
I do not think we are using Netlify for this site, so it seemed easier to remove the functionality entirely instead of an alternative approach like vendoring the JS