-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
安全漏洞 #6668
Comments
有相关的报告么? |
看了一下没有相关的报告,推测是 test.html 误触发了 ref: https://security.snyk.io/package/npm/intersection-observer |
你的意思是说/node_modules/intersection-observer-test.html文件里的https://cdn.polyfill.io/v2/polyfill.min.js?features=es5,getComputedStyle链接误触发了安全警告导致的吗? |
搜索了下居然能搜到相关新闻(手动捂脸哭)😭 |
可以考虑自己发一个包,然后 npm 里 override 成自己的试试。这个包是 google 的,本身是没啥问题的。 issue 这边就先关了哈~ |
好的,感谢 |
Version of antd-mobile
5.37.1
Operating system and its version
Others
Browser and its version
服务器插件漏洞
Sandbox to reproduce
No response
What happened?
我们的安全团队扫描发现了一个关于 intersection-observer 0.12.2插件存在木马的问题。然而,根据我们查看 intersection-observer 的官方信息,并没有发现可用的更新版本进行升级。请问是否有替换这个插件的方案,或者其他的解决方法?
期待您的回复。
Relevant log output
No response
The text was updated successfully, but these errors were encountered: