<aside> 🔜 TLDR: a new security warning was issued for a commonly used CDN, which is used in our snippet (but not our NPM package).

</aside>

What is the issue?

A security warning was issued for a commonly used CDN: polyfill.io. You can read more about it here.

Is CommandBar impacted?

We referenced this CDN in the following places in our snippet, which is the non-default method of installing CommandBar preferred by some customers.

The CDN was used for handling edge cases where a user is using an outdated browser that doesn’t support modern browser functionality. (Without this, CommandBar would have failed entirely for these users.) The specific polyfills used were:

The most commonly used browsers lacking these features are Internet Explorer 11 and earlier and old versions of Safari. We estimate about 2% of end users globally would fit these criteria (you can’t sum the numbers above, as many users who require one polyfill require multiple), but your user base might vary.

What action should I take?