Page MenuHomePhabricator
Create Task
Maniphest T274773

Review unminified Webpack-generated code for Section Translation
Closed, ResolvedPublic
Actions

Description

In order to follow security best practices identified in T260236, we'll analyze the code produced for Section Translation during the build step of Webpack.

Details

ProjectBranchLines +/-Subject
mediawiki/extensions/ContentTranslationmaster+3 -2CX3 Build: Remove IE11 from supported browsers
Customize query in gerrit

Related Objects

Event Timeline

Pginer-WMF created this task.Feb 15 2021, 10:33 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 15 2021, 10:33 AM
Pginer-WMF renamed this task from Review unminified Webpack-generated code to Review unminified Webpack-generated code for Section Translation.Feb 15 2021, 10:33 AM
Pginer-WMF triaged this task as Medium priority.
Pginer-WMF moved this task from Backlog to General infrastructure on the SectionTranslation board.
Pginer-WMF added subscribers: sbassett, Reedy.
Pginer-WMF moved this task from Quarter Backlog to Priority Backlog on the Language-Team (Language-2021-January-March) board.Mar 1 2021, 12:12 PM
santhosh added a subscriber: santhosh.Mar 3 2021, 9:26 AM

I did an analysis using webpack bundle analyser.
Here is the html report

report.html379 KBDownload

image.png (926×1 px, 228 KB)

js/cx.lib.js - the chunk which contains our dependency libraries has core-js being a significant part. This is due to browser pollyfills required to support the range of browsers. Tightening the browserslist configuration strictly reduces the libraries, but will not remove them completely. i18n library is another part - mostly contributed by language data in it, but worth looking whether it can be optimized further.

sbassett added a comment.EditedMar 3 2021, 8:47 PM

@santhosh - thanks for performing this analysis. I think adding @Reedy and myself to any related gerrit change sets where these artifacts might be committed would also be helpful, so that we can perform a security-focused analysis similar to the one performed for this WVUI change set. Thanks.

gerritbot added a comment.Mar 9 2021, 4:27 AM

Change 670024 had a related patch set uploaded (by Santhosh; owner: Santhosh):
[mediawiki/extensions/ContentTranslation@master] CX3 Build: Remove IE11 from supported browsers

https://gerrit.wikimedia.org/r/670024

gerritbot added a project: Patch-For-Review.Mar 9 2021, 4:27 AM
santhosh added a comment.Mar 9 2021, 4:31 AM

Explicitly exlcuded IE11 from supported browsers and there is a gain in bundle size now since some polyfills are removed. . New report:

report.html359 KBDownload

Total gzipped bundle size changed from 129.18 to 109.74 KB

image.png (928×1 px, 200 KB)

gerritbot added a comment.Mar 9 2021, 8:30 AM

Change 670024 merged by jenkins-bot:
[mediawiki/extensions/ContentTranslation@master] CX3 Build: Remove IE11 from supported browsers

https://gerrit.wikimedia.org/r/670024

ReleaseTaggerBot added a project: MW-1.36-notes (1.36.0-wmf.35; 2021-03-16).Mar 9 2021, 9:00 AM
Maintenance_bot removed a project: Patch-For-Review.Mar 9 2021, 9:10 AM
santhosh claimed this task.Mar 12 2021, 9:12 AM
santhosh moved this task from Priority Backlog to In Progress on the Language-Team (Language-2021-January-March) board.
Pginer-WMF edited projects, added Language-Team (Language-2021-April-June); removed Language-Team (Language-2021-January-March).Apr 1 2021, 11:21 AM
Pginer-WMF moved this task from Quarter Backlog to In Progress on the Language-Team (Language-2021-April-June) board.
Pginer-WMF closed this task as Resolved.May 4 2021, 9:40 AM

In today's planning meeting Santhosh confirmed this was done, and as follow-ups we'll inform the security team of any relevant updates.

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL