@avlidienbrunn reported a potential CSP bypass in one of our JavaScript libraries. We had already found this vulnerability and written a fix for it, but hadn’t applied the fix to GitHub.com. We addressed this issue by updating the version of the library.