turion
commented
3 months ago CC @reubenharry The only reference to polyfill I could find is in docs/mkdocs.yml Do you know what it does, and how we can remove that?
Closed aspiwack closed 3 months ago
turion
commented
3 months ago CC @reubenharry The only reference to polyfill I could find is in docs/mkdocs.yml Do you know what it does, and how we can remove that?
turion
commented
3 months ago From what I read in https://developer.mozilla.org/en-US/docs/Glossary/Polyfill we should be safe to simply remove the one line referencing polyfill. The website will stop working as intended on older browsers, but that's the whole downside.
aspiwack
commented
3 months ago Then let's remove for now, and we can think later about whether we want to regain the functionality.
aspiwack
commented
3 months ago (Immediate mitigation done in #349 )
reubenharry
commented
3 months ago Don't remember/know. Pretty sure it's ok to remove.
aspiwack
commented
3 months ago Ok, then, let's leave it like this, and if we want it again, we'll open a new issue/PR/thing.
Thanks both.
It appears that the documentation uses an extension hosted in the polyfill.io domain. This domain has apparently been compromised https://www.sonatype.com/blog/polyfill.io-supply-chain-attack-hits-100000-websites-all-you-need-to-know delivering malicious javascript to its client.
Let's not wait.