nixpkgs

9d235778 - pandoc: apply patch removing the usage of polyfill.io in the templates

pandoc: apply patch removing the usage of polyfill.io in the templates If you output HTML with MathJax content Pandoc might uses a JS library provided by cdn.polyfill.io which is now considered to be a bad actor. https://sansec.io/research/polyfill-supply-chain-attack `haskellPackages.pandoc` is not impacted, the concerned domain is not used To reproduce the issue: 1. Create a file `math.tex` with the following content `$a^2 + b^2 = c^2$` 2. Call `pandoc` with `pandoc math.tex -s --mathjax -o ex.html` 3. Look at the injected scripts in `ex.html`