Conversation
|
@SukkaW Hello, I think this PR looks good to me. With this change, by running I have further concerns about this polyfill.io takeover now. Because the new owner didn't provide any clear answer to the original issue, but also they silently deleted that GitHub Issue (https://github.com/polyfillpolyfill/polyfill-service/issues/2834). Here's the Wayback machine's archive for reference: https://web.archive.org/web/20240318120623/https://github.com/polyfillpolyfill/polyfill-service/issues/2834 |
|
Unfortunately, it seems like exploitation has already begun now and the Google Ads team started sending warnings to its users: Polyfill.io JavaScript supply chain attack impacts over 100K sites - https://www.bleepingcomputer.com/news/security/polyfillio-javascript-supply-chain-attack-impacts-over-100k-sites/ Could we review and merge this change soon so as not to increase the risk to Google Maps Platform users? Some developers should reuse the example code including polyfill.io and are likely to deploy it in the production service. I'm worrying that such incidents potentially hurt Google Maps' reputation too if it was not mitigated appropriately. /cc @willum070 Sorry, let me ping you since I see you've been active in this repository recently and I expected you could ask to review this by Google Maps team. |
|
@amuramoto Thanks for the mitigation by #1765! 🙂 Now IE has already been deprecated on the web so I believe all modern browsers no longer need Polyfill to work Google Maps Platform API well without any issue. |
2 participants
Thank you for opening a Pull Request!
Before submitting your PR, there are a few things you can do to make sure it goes smoothly:
Fixes #1674 by replacing
polyfill.iow/cdnjs.cloudflare.com/polyfill.