I've made a simple site using vf-11ty (it was very helpful, thank you!) and a pentest popped up with a positive result for Polyfill.io Supply Chain Attack.
I think the problem is triggered here:
|
<!-- IE11 polyfill JS --> |
|
{% render '@vf-polyfill-js' %} |
Which renders as:
<script nomodule crossorigin="anonymous" src="https://polyfill.io/v3/polyfill.min.js?flags=gated&features=default"></script>
I've made a simple site using vf-11ty (it was very helpful, thank you!) and a pentest popped up with a positive result for Polyfill.io Supply Chain Attack.
I think the problem is triggered here:
vf-eleventy/src/site/_includes/footer.njk
Lines 20 to 21 in 082dda9
Which renders as: