In order to follow security best practices identified in T260236, we'll analyze the code produced for Section Translation during the build step of Webpack.
Description
Details
Project | Branch | Lines +/- | Subject | |
---|---|---|---|---|
mediawiki/extensions/ContentTranslation | master | +3 -2 | CX3 Build: Remove IE11 from supported browsers |
Related Objects
- Mentioned Here
- T260236: Security Readiness Review For Section Translation
Event Timeline
I did an analysis using webpack bundle analyser.
Here is the html report
js/cx.lib.js - the chunk which contains our dependency libraries has core-js being a significant part. This is due to browser pollyfills required to support the range of browsers. Tightening the browserslist configuration strictly reduces the libraries, but will not remove them completely. i18n library is another part - mostly contributed by language data in it, but worth looking whether it can be optimized further.
@santhosh - thanks for performing this analysis. I think adding @Reedy and myself to any related gerrit change sets where these artifacts might be committed would also be helpful, so that we can perform a security-focused analysis similar to the one performed for this WVUI change set. Thanks.
Change 670024 had a related patch set uploaded (by Santhosh; owner: Santhosh):
[mediawiki/extensions/ContentTranslation@master] CX3 Build: Remove IE11 from supported browsers
Explicitly exlcuded IE11 from supported browsers and there is a gain in bundle size now since some polyfills are removed. . New report:
Total gzipped bundle size changed from 129.18 to 109.74 KB
Change 670024 merged by jenkins-bot:
[mediawiki/extensions/ContentTranslation@master] CX3 Build: Remove IE11 from supported browsers
In today's planning meeting Santhosh confirmed this was done, and as follow-ups we'll inform the security team of any relevant updates.