Page MenuHomePhabricator
Create Task
Maniphest T108702

Security review for tedivm/jshrink
Closed, DeclinedPublic
Actions

Description

JShrink (tedivm/jshrink) is a pure-PHP library for minifying JavaScript. It attains better compression than JSMinPlus, which is the library we currently use. I propose to replace JSMinPlus with JShrink.

Details

SubjectRepoBranchLines +/-
Add tedivm/jshrinkmediawiki/vendormaster+1 K -1
Customize query in gerrit

Related Objects

Event Timeline

ori created this task.Aug 11 2015, 4:53 PM
ori raised the priority of this task from to Needs Triage.
ori updated the task description. (Show Details)
ori added projects: MediaWiki-Vendor, acl*security.
ori subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 11 2015, 4:53 PM
gerritbot subscribed.Aug 11 2015, 4:58 PM

Change 230811 had a related patch set uploaded (by Ori.livneh):
Add tedivm/jshrink

https://gerrit.wikimedia.org/r/230811

gerritbot added a project: Patch-For-Review.Aug 11 2015, 4:58 PM
Legoktm edited projects, added deprecated-security-team-reviews; removed acl*security.Aug 11 2015, 5:33 PM
Legoktm set Security to None.
csteipp added projects: acl*security, Security-Team.Aug 11 2015, 5:33 PM
Legoktm subscribed.Aug 11 2015, 5:37 PM

What is the memory usage of this library like? (T31784: ResourceLoader: JsMinPlus is too memory hungry (memory leaks?)) Also does it support ES5/ES6 features? (T96901/T75714)

csteipp moved this task from Incoming to Ready on the Security-Team board.Aug 11 2015, 7:32 PM
ori added a comment.Aug 11 2015, 8:37 PM
In T108702#1528079, @Legoktm wrote:

Also does it support ES5/ES6 features? (T96901/T75714)

Yes. The JavaScript snippets included in each of those two bug reports are minified properly by JShrink.

dpatrick triaged this task as Medium priority.Aug 11 2015, 9:34 PM
ori changed the task status from Open to Stalled.Aug 12 2015, 9:10 PM

Please hold off on this for a bit -- I am now seeing results which contradict my earlier findings, and I worry that I made a mistake.

csteipp moved this task from Ready to Incoming on the Security-Team board.Aug 12 2015, 10:21 PM
csteipp moved this task from Incoming to Ready on the Security-Team board.Aug 18 2015, 11:51 PM
csteipp moved this task from Ready to Incoming on the Security-Team board.
csteipp moved this task from Incoming to Waiting/Blocked on the deprecated-security-team-reviews board.Sep 2 2015, 5:54 PM
Ricordisamoa subscribed.Sep 4 2015, 12:29 AM
ori closed this task as Declined.Sep 11 2015, 8:44 PM
ori claimed this task.

JShrink does not compress any better than JSMinPlus, sadly. My measurements were wrong.

gerritbot added a comment.Jan 24 2016, 10:13 PM

Change 230811 abandoned by Reedy:
Add tedivm/jshrink

Reason:
Actually, I see the task was declined

https://gerrit.wikimedia.org/r/230811

Restricted Application added a subscriber: Luke081515. · View Herald TranscriptJan 24 2016, 10:13 PM
Ricordisamoa removed a project: Patch-For-Review.Jan 24 2016, 10:21 PM
Ricordisamoa removed a subscriber: gerritbot.
sbassett moved this task from Incoming to Our Part Is Done on the Security-Team board.Jun 11 2019, 7:15 PM
sbassett moved this task from Waiting/Blocked to Done on the deprecated-security-team-reviews board.Jul 9 2019, 8:25 PM
chasemp removed a project: deprecated-security-team-reviews.Jan 8 2020, 4:17 PM
chasemp added a project: Security.Feb 10 2020, 10:59 PM
chasemp removed a project: acl*security.Feb 20 2020, 8:17 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits