resources: Fix 404 Not Found for foreign Financial-Times/polyfill-library

https://github.com/Financial-Times/polyfill-library/ is now a 404.
It was transferred with redirect to
https://github.com/JakeChampion/polyfill-library/
but that has since been deleted.

https://github.com/mrhenry/polyfill-library/ is a reasonable-looking
fork that includes full history, and so this is an easy no-op to fix
CI for REL1_39 and later.

== Background (Extended version) ==

* The library was created by Andrew Betts at the Financial Times,
  at https://github.com/Financial-Times/polyfill-library/.

* At some later point a web service was created around that library,
  committed to the same repo, served from a domain that has unclear
  ownership.
  https://sansec.io/research/polyfill-supply-chain-attack
  https://twitter.com/triblondon/status/1761852117579427975

* In 2018, JakeChampion renamed the repo to polyfill-service, and
  splitt off the library into a separate repo with no prior history.
  The pre-2018 history is preserved in the polyfill-service repo.

  https://github.com/mrhenry/polyfill-library/tree/acf4e6c36d0baafdd14bbc08a2d2690f0e8fcd0d
  https://github.com/cdnjs/polyfill-service/tree/165879244964dc8daac9222b44332629eb1dd0ac/packages

* In 2022, Krinkle had a patch merged that fixed a bug affecting
  MediaWiki. After which, we adopted the polfill. This was
  merged after polyfill-library 3.111.0 was released.

  https://github.com/mrhenry/polyfill-library/commit/0ece79ce32

* In 2023, someone transferred the "library" repo
  from https://github.com/Financial-Times/polyfill-library/
  to https://github.com/JakeChampion/polyfill-library/.

* In Feb 2024, the polyfill.io "service" appears to have been
  sold to a Chinese company, which subsequently utilized it to
  spread malicious code as part of a cyberattack. It also created
  its own flat single-commit copy of the library with no prior
  history, versioning, or other auditability.
  https://sansec.io/research/polyfill-supply-chain-attack
  https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/

  https://github.com/polyfillpolyfill/polyfill-library/

* Some days after 4 Aug 2024, the official "library" repo was deleted
  from the JakeChampion account. This means the "polyfill-library"
  npm package no longer has a reachable Git upstream, since its
  source control url (Financial-Times/polyfill-library) is now no
  longer a redirect to JakeChampion/polyfill-library. Both are 404.
  https://web.archive.org/web/%2A/https://github.com/JakeChampion/polyfill-library
  https://www.npmjs.com/package/polyfill-library

* Fastly and Cloudflare both have their own forks with recent
  changes scrubbed. However, these have vendored and versioned copies
  of the polyfill-library library. Thus no history of these libs
  themselves, and do not accept patched for the actual code being
  served, only for the web service.
  They both go up to 3.111.0 (which is a few commits before the
  URL.js that we have, and misses critical bug fixes Krinkle
  submitted to Financial-Times) and after that have 4.8.0 which
  includes our fixes and one other minor change to URL.js.
  We could use that as our foreign source, but the downside is that
  it isn't a proper upstream given it's merely a distribution,
  not open to patches or bug reports. Their source is the npm package,
  which has now dead/frozen.
  https://github.com/fastly/polyfill-service/
  https://github.com/cdnjs/polyfill-service/

* Of the various polyfill-library forks, only one seems to meet these
  criteria:
  - Includes full history.
  - Published to npm.
  - Responsive to bug reports and made subsequent releases.

  https://github.com/mrhenry/polyfill-library/
  https://github.com/cdnjs/polyfill-service/issues/4

  So, for now, given that this is a no-op, use that as our remote.

Change-Id: Ia59a5e9790cbdc7b03d4ae66583fe328fbd05f53

0 files changed, 0 insertions, 0 deletions