Subresource Integrity - GitHub Engineering
For sites using Subresource Integrity, a compromised CDN is eliminated as a XSS vector. While for many sites this might not seem like the most plausible attack, third party analytics scripts have been hijacked in the past to inject malicious JavaScript.
Source: githubengineering.com