Closed drewbaker closed 2 months ago
Due to this: https://sansec.io/research/polyfill-supply-chain-attack
we need to remove the 5 lines used to include it: https://github.com/funkhaus/fuxt/blob/ea7356b428ed2c3b0cd6be24e2587d7df14387f0/nuxt.config.js#L21-26
script: [ { src: "https://polyfill.io/v3/polyfill.min.js?features=IntersectionObserver,smoothscroll&flags=gated", body: true } ]
we also need to remove any use of https://www.npmjs.com/package/nuxt-polyfill / nuxt-polyfill from package.json and in nuxt-config:
https://www.npmjs.com/package/nuxt-polyfill
nuxt-polyfill
package.json
/* ** Polyfills */ polyfill: { features: [ { require: "intersection-observer", detect: () => "IntersectionObserver" in window }, { require: "smoothscroll-polyfill", detect: () => "scrollBehavior" in document.documentElement.style && window.__forceSmoothScrollPolyfill__ !== true, install: smoothscroll => smoothscroll.polyfill() } ] },
google ads will start delisting sites that have this vulnerability
Closed with https://github.com/funkhaus/fuxt/commit/8c8fd1dc96076c034f998eccc4afbd96e9360f39
drewbaker
commented
2 months ago drewbaker
commented
2 months ago
Due to this: https://sansec.io/research/polyfill-supply-chain-attack
we need to remove the 5 lines used to include it: https://github.com/funkhaus/fuxt/blob/ea7356b428ed2c3b0cd6be24e2587d7df14387f0/nuxt.config.js#L21-26
we also need to remove any use of
https://www.npmjs.com/package/nuxt-polyfill/nuxt-polyfillfrompackage.jsonand in nuxt-config:google ads will start delisting sites that have this vulnerability