Upgrade StorageZotero Connector: Request to understand potential security risks of Polyfill in Zotero Connector
Hello,
To help decide whether our organisation should allow the use of Zotero and the Zotero Connector, I am trying to understand potential security risks of the Zotero and the Chrome/Edge extension.
The Zotero Connector appears to use Polyfill.io, which has recently raised security concerns. Drupal.org posted:
> "Polyfill.io is no longer considered safe and should be removed" ...."Remove External IntersectionObserver polyfill from leaflet.libraries.yml and replace with another solution. There is reason to believe there is an extreme threat and the original builders of pollyfill.io have warned to immediately remove the library." See: https://www.drupal.org/project/leaflet/issues/3426106
Could you please help us understand potential risks of the Zotero Connector, given its use of Polyfill.io?
To help decide whether our organisation should allow the use of Zotero and the Zotero Connector, I am trying to understand potential security risks of the Zotero and the Chrome/Edge extension.
The Zotero Connector appears to use Polyfill.io, which has recently raised security concerns. Drupal.org posted:
> "Polyfill.io is no longer considered safe and should be removed" ...."Remove External IntersectionObserver polyfill from leaflet.libraries.yml and replace with another solution. There is reason to believe there is an extreme threat and the original builders of pollyfill.io have warned to immediately remove the library." See: https://www.drupal.org/project/leaflet/issues/3426106
Could you please help us understand potential risks of the Zotero Connector, given its use of Polyfill.io?
-
adomasvenYou are mistaken. Zotero Connector doesn't use Polyfill.io. "Polyfill" is a generic programming term and while you can find it in our codebase, we're not using Polyfill.io.