Closed aja08379 closed 2 weeks ago
As per https://sansec.io/research/polyfill-supply-chain-attack it appears that there is an ongoing supply chain attack utilising polyfill. From a search of GitHub, it appears that polyfill is in use here:
https://github.com/rstudio/spark.rstudio.com/blob/f5607743995e775c64f2fd8bafb1ad4a0fbe29a8/docs/packages/sparklyr/latest/reference/ft_feature_hasher.html#L110
https://github.com/rstudio/spark.rstudio.com/blob/f5607743995e775c64f2fd8bafb1ad4a0fbe29a8/docs/packages/sparklyr/latest/news.html#L77
https://github.com/rstudio/spark.rstudio.com/blob/f5607743995e775c64f2fd8bafb1ad4a0fbe29a8/docs/packages/graphframes/reference/gf_grid_ising_model.html#L110
We need to remove this code ASAP. Can you please review the impact that this will have and also estimate the amount of work required to remove it.
@rickjohnson5525 @phalston for reference.
Rerendered using Quarto 1.5 and now, the pages that have it direct to:
https://cdnjs.cloudflare.com/polyfill/v3/polyfill.min.js?features=es6
As per https://sansec.io/research/polyfill-supply-chain-attack it appears that there is an ongoing supply chain attack utilising polyfill. From a search of GitHub, it appears that polyfill is in use here:
https://github.com/rstudio/spark.rstudio.com/blob/f5607743995e775c64f2fd8bafb1ad4a0fbe29a8/docs/packages/sparklyr/latest/reference/ft_feature_hasher.html#L110
https://github.com/rstudio/spark.rstudio.com/blob/f5607743995e775c64f2fd8bafb1ad4a0fbe29a8/docs/packages/sparklyr/latest/news.html#L77
https://github.com/rstudio/spark.rstudio.com/blob/f5607743995e775c64f2fd8bafb1ad4a0fbe29a8/docs/packages/graphframes/reference/gf_grid_ising_model.html#L110
We need to remove this code ASAP. Can you please review the impact that this will have and also estimate the amount of work required to remove it.
@rickjohnson5525 @phalston for reference.