polyfill.io Library is no longer considered safe to use

Created on 13 March 2024, 10 months ago
Updated 3 July 2024, 6 months ago

Problem/Motivation

The polyfill.io library has been sold to a chinese company named Funnull that is not considered trustworthy. We believe this poses a grave security threat and the library is now considered unsafe.

https://twitter.com/triblondon/status/1761852117579427975

Proposed resolution

Since we are not supporting IE 11, have created a patch to completely remove the polyfill.io library. However, the library could be replaced with fastly.

https://community.fastly.com/t/new-options-for-polyfill-io-users/2540

Remaining tasks

1. Upload Patch to completely remove
2. Replace or remove from library

webform.libraries.yml
https://git.drupalcode.org/project/webform/-/blob/6.2.x/webform.librarie...

๐Ÿ› Bug report
Status

Fixed

Version

6.2

Component

Code

Created by

๐Ÿ‡ฆ๐Ÿ‡ซAfghanistan drupalam

Live updates comments and jobs are added and updated live.
  • Security

    It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupalโ€™s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the โ€œReport a security vulnerabilityโ€ link in the project pageโ€™s sidebar. See how to report a security issue for details.

Sign in to follow issues

Merge Requests

Comments & Activities

Production build 0.71.5 2024