I see some instances of the string “polyfill” in the website repo.
@ErikSchierboom @iHiD needs attention?
1 Like
Thanks. I suspect it’s ok - but I’ll ask Aron to double check! 
They’re okay.
Source: GitHub - mo/abortcontroller-polyfill: Polyfill for the AbortController DOM API and abortable fetch (stub that calls catch, doesn't actually abort request).
Source: create-react-app/packages/react-app-polyfill at main · facebook/create-react-app · GitHub
However, the bottom one should be removed. CRA is no longer maintained, and you really don’t want and need to support IE11, 10 and 9 (you probably don’t). The top one is meh. AbortController has been available in baseline browsers since March, 2019.
Neither has anything to do with the CVE posted