From e5aa6471f1217bd3ae1d8244786f7b48bef228c1 Mon Sep 17 00:00:00 2001
From: FBumann <117816358+FBumann@users.noreply.github.com>
Date: Mon, 1 Jun 2026 11:36:01 +0200
Subject: [PATCH] fix(docs): remove malicious polyfill.io script reference

The polyfill.io domain was sold in 2024 and now serves malware as
part of a supply-chain attack. Visitors to the docs were shown a
suspicious login prompt originating from https://polyfill.io.

The script only existed to backfill ES6 features in legacy browsers
(IE11) and is unnecessary for any modern browser, so it is removed
without replacement.

The already-deployed gh-pages HTML (all versions) was scrubbed
directly in gh-pages commit a4e2663e.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 mkdocs.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/mkdocs.yml b/mkdocs.yml
index e827a5d89..0314cdd8e 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -378,7 +378,6 @@ extra_javascript:
   - javascripts/mathjax.js
   - javascripts/plotly-instant.js
   - https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js
-  - https://polyfill.io/v3/polyfill.min.js?features=es6
 
 watch:
   - flixopt