slds-lmu / website_theme

MIT License
0 stars 1 forks source link

Remove use of polyfill.io due to supply chain attack #4

Open jemus42 opened 4 months ago

jemus42 commented 4 months ago

See https://simonwillison.net/2024/Jun/25/polyfill-supply-chain-attack/

The domain apparently serves malicious JS intermittently.

jemus42 commented 4 months ago

I've removed the offending include but I assume that functionality needs to be pulled in from somewhere else now. Then again, from the above blogpost:

He now works for Fastly, which started offering a free polyfill-fastly.io alternative in February. Andrew says you probably don't need that either, given that modern browsers have much better compatibility than when the service was first introduced over a decade ago.

so maybe this is just fine now.