[00:31:36] <Cocopuff2018>	 https://www.irccloud.com/pastebin/q2hzgjRU
[00:31:47] <Cocopuff2018>	 New errors what we do for these 
[01:15:28] <Cocopuff2018>	 Never mind got it 
[04:42:48] <jfolv>	 Hey folks, I had a library in MediaWiki identified as being potentially malicious. Specifically, it's under $IP/resources/lib/intersection-observer/. The README file got identified by my WHM's Immunify plugin. I noticed Polyfill has been subject to a supply chain attack earlier this year. Is this problematic for anyone? I can barely find any mention of this on any official MediaWiki channels.
[15:23:35] <Krinkle>	 jfolv (left): for anyone wondering, that attack was about CDN distribution, not the source that we use.
[15:23:57] <Krinkle>	 With the source now gone, we do need a new upstream but the code predates the takeover as best I can tell.
[15:24:10] <Krinkle>	 We review such code as our own before we deploy it.
[15:24:55] <Krinkle>	 See also: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1072870
[15:25:17] <Krinkle>	 Related thought dump: https://timotijhof.net/posts/2023/wikimedia-balances-security-and-openness/