Remove security_reports webpack chunk
What does this MR do and why?
This MR removes the explicitly defined security_reports chunk in the webpack config.
This explicit chunk was introduced in !31435 (comment 342061406). It perhaps made sense back then because all the code in that chunk was re-used often on a couple pages. However, now it seems that often only a smart part of the chunk is needed and this means we're unnecessarily loading a lot of js which is unused.
I was first looking into Remove unused Javascript from the Vulnerability... (#368705 - closed) • David Pisek • Backlog which shows a lighthouse report where it mentions that the security_reports.<hash>.chunk.js chunk has a lot of unused code. I first looked into removing imports from vulnerability report or vulnerability details pages entry points but this had little effect. Only later I found this explicit security_reports chunk.
While there are some savings on the vulnerability report and vulnerability details page, there seem to be some pages with way bigger reductions because they probably only use a tiny bit of the chunk.
Some examples of significant reductions:
| entrypoint | size before | size after | diff | diff [%] |
|---|---|---|---|---|
| pages.security.dashboard.settings | 680.21 KB | 161.84 KB | -518.36 KB | -76.2 % |
| pages.projects.licenses.index | 744.37 KB | 232.89 KB | -511.47 KB | -68.7 % |
| pages.projects.merge_requests.show | 4.94 MB | 4.42 MB | -534.54 KB | -10.6 % |
| pages.groups.dependencies | 1.09 MB | 584.74 KB | -529.18 KB | -47.5 % |
note: pages.projects.merge_requests.show has lower reduction %, but interesting because page is often visited.
The Bundle size review full report has more details of all the reductions.
Coverage for pages.groups.dependencies example
On the pages.groups.dependencies page with running the Coverage devtool we can see that 99% of the security_reports chunk is unused. This is gone after removing this chunk.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.