[Security] 后面是否考虑替换存在安全问题的intersection-observer依赖? #2595
Labels
Comments
|
欢迎 PR |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Polyfill.io在引用时会执行额外的JS指令而造成供应链攻击,原本位于github上的专案GitHub也已添加告警字样。hooks依赖的intersection-observer intersection-observer-test.html文件中有引入
<script src="https://polyfill.io/v3/polyfill.min.js,请问后面会更换依赖或采取别的方法修复该问题吗?The text was updated successfully, but these errors were encountered: