Wasp is flagging an insecure postMessage usage in one of the vendor files that the FDK generates. I traced it back to @babel/polyfill in the boilerplate code. The problem is, if I remove it, fdk run fails. The exact message from Wasp says:
Wasp found an issue in app/scripts/vendors.1ddadc92.js:L1
Insecure code was found in app/scripts/vendors.1ddadc92.js:L1
Description: The target origin of the window.postMessage() API is set to “*”. This could allow for information disclosure due to the possibility of any origin allowed to receive the message.
How can I fix or work around it without breaking fdk run?