- From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
- Date: Mon, 08 Mar 2021 17:00:23 +0000
- To: public-webappsec@w3.org
- Message-Id: <E1lJJF1-0005SC-7a@uranus.w3.org>
Issues ------ * w3c/webappsec (+1/-0/💬0) 1 issues created: - myappconfluence.atlassian.net (by chewy22) https://github.com/w3c/webappsec/issues/575 * w3c/webappsec-csp (+2/-0/💬6) 2 issues created: - Non-ASCII characters in CSP policy. (by antosart) https://github.com/w3c/webappsec-csp/issues/473 - More robust handling of non-executable <script> nodes (by arturjanc) https://github.com/w3c/webappsec-csp/issues/472 3 issues received 6 new comments: - #473 Non-ASCII characters in CSP policy. (1 by annevk) https://github.com/w3c/webappsec-csp/issues/473 - #472 More robust handling of non-executable <script> nodes (3 by arturjanc, domenic) https://github.com/w3c/webappsec-csp/issues/472 - #470 Add report samples to security considerations (2 by arturjanc, jyasskin) https://github.com/w3c/webappsec-csp/issues/470 * w3c/webappsec-mixed-content (+0/-0/💬8) 1 issues received 8 new comments: - #41 Spec is not clear about blobs created in sandboxed iframes (8 by annevk, letitz, mkruisselbrink, youennf) https://github.com/w3c/webappsec-mixed-content/issues/41 * w3c/webappsec-cowl (+1/-0/💬4) 1 issues created: - Mark spec as no longer being worked on? And archive this repo? (by sideshowbarker) https://github.com/w3c/webappsec-cowl/issues/81 1 issues received 4 new comments: - #81 Mark spec as no longer being worked on? And archive this repo? (4 by deian, sideshowbarker) https://github.com/w3c/webappsec-cowl/issues/81 * w3c/webappsec-epr (+1/-0/💬0) 1 issues created: - Archive this GitHub repo? (by sideshowbarker) https://github.com/w3c/webappsec-epr/issues/5 * w3c/webappsec-trusted-types (+0/-2/💬5) 3 issues received 5 new comments: - #278 Make input argument to createHTML, createScript, and createScriptURL optional (1 by koto) https://github.com/w3c/webappsec-trusted-types/issues/278 [future] - #259 Restrict to secure contexts (3 by annevk, koto) https://github.com/w3c/webappsec-trusted-types/issues/259 [spec] - #256 require-trusted-types-for 'wasm' (1 by koto) https://github.com/w3c/webappsec-trusted-types/issues/256 [future] [spec] 2 issues closed: - require-trusted-types-for 'wasm' https://github.com/w3c/webappsec-trusted-types/issues/256 [future] [spec] - Restrict to secure contexts https://github.com/w3c/webappsec-trusted-types/issues/259 [spec] Pull requests ------------- * w3c/webappsec-subresource-integrity (+1/-1/💬5) 1 pull requests submitted: - Switch to GitHub Actions build-validate-publish (by sideshowbarker) https://github.com/w3c/webappsec-subresource-integrity/pull/100 2 pull requests received 5 new comments: - #100 Switch to GitHub Actions build-validate-publish (4 by mozfreddyb, sideshowbarker) https://github.com/w3c/webappsec-subresource-integrity/pull/100 - #93 Updated index.html (1 by sideshowbarker) https://github.com/w3c/webappsec-subresource-integrity/pull/93 1 pull requests merged: - Switch to GitHub Actions build-validate-publish https://github.com/w3c/webappsec-subresource-integrity/pull/100 * w3c/webappsec-csp (+1/-3/💬1) 1 pull requests submitted: - CI: Switch to using w3c/spec-prod (by sideshowbarker) https://github.com/w3c/webappsec-csp/pull/471 1 pull requests received 1 new comments: - #464 Match hash-algorithm parts case-insensitively (as CSP2) (1 by sideshowbarker) https://github.com/w3c/webappsec-csp/pull/464 [needs tests] 3 pull requests merged: - CI: Switch to using w3c/spec-prod https://github.com/w3c/webappsec-csp/pull/471 - Follow Bikeshed filename convention: Use index.bs https://github.com/w3c/webappsec-csp/pull/469 - Match hash-algorithm parts case-insensitively (as CSP2) https://github.com/w3c/webappsec-csp/pull/464 [needs tests] * w3c/webappsec-mixed-content (+1/-1/💬0) 1 pull requests submitted: - CI: Switch to using GitHub Actions (by sideshowbarker) https://github.com/w3c/webappsec-mixed-content/pull/42 1 pull requests merged: - Fix typo: upgrade should turn scheme into https https://github.com/w3c/webappsec-mixed-content/pull/37 * w3c/webappsec-fetch-metadata (+2/-2/💬2) 2 pull requests submitted: - Meta: Make Version History link to main (!master) (by sideshowbarker) https://github.com/w3c/webappsec-fetch-metadata/pull/65 - CI: GitHub-Actions-based build-validate-publish (by sideshowbarker) https://github.com/w3c/webappsec-fetch-metadata/pull/64 2 pull requests received 2 new comments: - #64 CI: GitHub-Actions-based build-validate-publish (1 by mikewest) https://github.com/w3c/webappsec-fetch-metadata/pull/64 - #62 Regenerate index.html file (1 by mikewest) https://github.com/w3c/webappsec-fetch-metadata/pull/62 2 pull requests merged: - Meta: Make Version History link to main (!master) https://github.com/w3c/webappsec-fetch-metadata/pull/65 - CI: GitHub-Actions-based build-validate-publish https://github.com/w3c/webappsec-fetch-metadata/pull/64 * w3c/webappsec-trusted-types (+24/-9/💬52) 24 pull requests submitted: - Added support for enforcing Trusted Types in workers. (by koto) https://github.com/w3c/webappsec-trusted-types/pull/332 - Bump eslint-plugin-jasmine from 2.10.1 to 4.1.2 (by dependabot) https://github.com/w3c/webappsec-trusted-types/pull/331 - Bump @babel/polyfill from 7.4.4 to 7.12.1 (by dependabot) https://github.com/w3c/webappsec-trusted-types/pull/330 - Bump karma-chrome-launcher from 2.2.0 to 3.1.0 (by dependabot) https://github.com/w3c/webappsec-trusted-types/pull/329 - Bump eslint from 5.16.0 to 7.21.0 (by dependabot) https://github.com/w3c/webappsec-trusted-types/pull/328 - Bump karma-firefox-launcher from 1.1.0 to 2.1.0 (by dependabot) https://github.com/w3c/webappsec-trusted-types/pull/327 - Bump jasmine from 3.4.0 to 3.6.4 (by dependabot) https://github.com/w3c/webappsec-trusted-types/pull/326 - Bump karma from 4.2.0 to 6.1.1 (by dependabot) https://github.com/w3c/webappsec-trusted-types/pull/325 - Bump @babel/preset-env from 7.5.5 to 7.13.9 (by dependabot) https://github.com/w3c/webappsec-trusted-types/pull/324 - Bump google-closure-compiler from 20190415.0.0 to 20210202.0.0 (by dependabot) https://github.com/w3c/webappsec-trusted-types/pull/323 - Bump gulp-sourcemaps from 2.6.5 to 3.0.0 (by dependabot) https://github.com/w3c/webappsec-trusted-types/pull/322 - [Security] Bump mixin-deep from 1.3.1 to 1.3.2 (by dependabot-preview) https://github.com/w3c/webappsec-trusted-types/pull/321 - [Security] Bump https-proxy-agent from 2.2.1 to 2.2.4 (by dependabot-preview) https://github.com/w3c/webappsec-trusted-types/pull/320 - [Security] Bump http-proxy from 1.17.0 to 1.18.1 (by dependabot-preview) https://github.com/w3c/webappsec-trusted-types/pull/319 - [Security] Bump eslint-utils from 1.3.1 to 1.4.3 (by dependabot-preview) https://github.com/w3c/webappsec-trusted-types/pull/318 - Bump jasmine-core from 3.4.0 to 3.6.0 (by dependabot-preview) https://github.com/w3c/webappsec-trusted-types/pull/317 - [Security] Bump lodash from 4.17.11 to 4.17.21 (by dependabot-preview) https://github.com/w3c/webappsec-trusted-types/pull/316 - Bump karma-jasmine from 2.0.1 to 4.0.1 (by dependabot-preview) https://github.com/w3c/webappsec-trusted-types/pull/315 - [Security] Bump elliptic from 6.5.0 to 6.5.4 (by dependabot-preview) https://github.com/w3c/webappsec-trusted-types/pull/314 - Bump eslint-config-google from 0.12.0 to 0.14.0 (by dependabot-preview) https://github.com/w3c/webappsec-trusted-types/pull/313 - Create Dependabot config file (by dependabot-preview) https://github.com/w3c/webappsec-trusted-types/pull/312 - Bump rollup from 1.17.0 to 2.40.0 (by dependabot-preview) https://github.com/w3c/webappsec-trusted-types/pull/311 - [Security] Bump ini from 1.3.5 to 1.3.8 (by dependabot-preview) https://github.com/w3c/webappsec-trusted-types/pull/310 - Bump @babel/core from 7.5.5 to 7.13.8 (by dependabot-preview) https://github.com/w3c/webappsec-trusted-types/pull/309 25 pull requests received 52 new comments: - #332 Added support for enforcing Trusted Types in workers. (1 by koto) https://github.com/w3c/webappsec-trusted-types/pull/332 - #331 Bump eslint-plugin-jasmine from 2.10.1 to 4.1.2 (2 by dependabot, koto) https://github.com/w3c/webappsec-trusted-types/pull/331 [dependencies] - #330 Bump @babel/polyfill from 7.4.4 to 7.12.1 (2 by dependabot, koto) https://github.com/w3c/webappsec-trusted-types/pull/330 [dependencies] - #329 Bump karma-chrome-launcher from 2.2.0 to 3.1.0 (2 by dependabot, koto) https://github.com/w3c/webappsec-trusted-types/pull/329 [dependencies] - #328 Bump eslint from 5.16.0 to 7.21.0 (2 by dependabot, koto) https://github.com/w3c/webappsec-trusted-types/pull/328 [dependencies] - #327 Bump karma-firefox-launcher from 1.1.0 to 2.1.0 (2 by dependabot, koto) https://github.com/w3c/webappsec-trusted-types/pull/327 [dependencies] - #326 Bump jasmine from 3.4.0 to 3.6.4 (2 by dependabot, koto) https://github.com/w3c/webappsec-trusted-types/pull/326 [dependencies] - #325 Bump karma from 4.2.0 to 6.1.1 (2 by dependabot, koto) https://github.com/w3c/webappsec-trusted-types/pull/325 [dependencies] - #324 Bump @babel/preset-env from 7.5.5 to 7.13.9 (2 by dependabot, koto) https://github.com/w3c/webappsec-trusted-types/pull/324 [dependencies] - #323 Bump google-closure-compiler from 20190415.0.0 to 20210202.0.0 (2 by dependabot, koto) https://github.com/w3c/webappsec-trusted-types/pull/323 [dependencies] - #322 Bump gulp-sourcemaps from 2.6.5 to 3.0.0 (2 by dependabot, koto) https://github.com/w3c/webappsec-trusted-types/pull/322 [dependencies] - #321 [Security] Bump mixin-deep from 1.3.1 to 1.3.2 (1 by dependabot-preview) https://github.com/w3c/webappsec-trusted-types/pull/321 [dependencies] [security] - #320 [Security] Bump https-proxy-agent from 2.2.1 to 2.2.4 (3 by dependabot-preview, koto) https://github.com/w3c/webappsec-trusted-types/pull/320 [dependencies] [security] - #319 [Security] Bump http-proxy from 1.17.0 to 1.18.1 (3 by dependabot-preview, koto) https://github.com/w3c/webappsec-trusted-types/pull/319 [dependencies] [security] - #318 [Security] Bump eslint-utils from 1.3.1 to 1.4.3 (1 by dependabot-preview) https://github.com/w3c/webappsec-trusted-types/pull/318 [dependencies] [security] - #317 Bump jasmine-core from 3.4.0 to 3.6.0 (1 by dependabot-preview) https://github.com/w3c/webappsec-trusted-types/pull/317 [dependencies] - #316 [Security] Bump lodash from 4.17.11 to 4.17.21 (1 by dependabot-preview) https://github.com/w3c/webappsec-trusted-types/pull/316 [dependencies] [security] - #315 Bump karma-jasmine from 2.0.1 to 4.0.1 (3 by dependabot-preview, koto) https://github.com/w3c/webappsec-trusted-types/pull/315 [dependencies] - #314 [Security] Bump elliptic from 6.5.0 to 6.5.4 (3 by dependabot-preview, koto) https://github.com/w3c/webappsec-trusted-types/pull/314 [dependencies] [security] - #313 Bump eslint-config-google from 0.12.0 to 0.14.0 (2 by dependabot-preview) https://github.com/w3c/webappsec-trusted-types/pull/313 [dependencies] - #311 Bump rollup from 1.17.0 to 2.40.0 (2 by dependabot-preview) https://github.com/w3c/webappsec-trusted-types/pull/311 [dependencies] - #310 [Security] Bump ini from 1.3.5 to 1.3.8 (3 by dependabot-preview, koto) https://github.com/w3c/webappsec-trusted-types/pull/310 [dependencies] [security] - #309 Bump @babel/core from 7.5.5 to 7.13.8 (4 by dependabot-preview, koto) https://github.com/w3c/webappsec-trusted-types/pull/309 [dependencies] - #308 Fix remaining Web IDL issues (2 by koto, sideshowbarker) https://github.com/w3c/webappsec-trusted-types/pull/308 - #304 Bump ini from 1.3.5 to 1.3.7 (2 by dependabot, sideshowbarker) https://github.com/w3c/webappsec-trusted-types/pull/304 [dependencies] 9 pull requests merged: - Added support for enforcing Trusted Types in workers. https://github.com/w3c/webappsec-trusted-types/pull/332 - Removed the secure context restrictions. https://github.com/w3c/webappsec-trusted-types/pull/279 - Bump rollup from 1.17.0 to 2.40.0 https://github.com/w3c/webappsec-trusted-types/pull/311 [dependencies] - [Security] Bump lodash from 4.17.11 to 4.17.21 https://github.com/w3c/webappsec-trusted-types/pull/316 [dependencies] [security] - Bump jasmine-core from 3.4.0 to 3.6.0 https://github.com/w3c/webappsec-trusted-types/pull/317 [dependencies] - [Security] Bump eslint-utils from 1.3.1 to 1.4.3 https://github.com/w3c/webappsec-trusted-types/pull/318 [dependencies] [security] - [Security] Bump mixin-deep from 1.3.1 to 1.3.2 https://github.com/w3c/webappsec-trusted-types/pull/321 [dependencies] [security] - Create Dependabot config file https://github.com/w3c/webappsec-trusted-types/pull/312 [dependencies] - Fix remaining Web IDL issues https://github.com/w3c/webappsec-trusted-types/pull/308 Repositories tracked by this digest: ----------------------------------- * https://github.com/w3c/webappsec * https://github.com/w3c/webappsec-subresource-integrity * https://github.com/w3c/webappsec-csp * https://github.com/w3c/webappsec-mixed-content * https://github.com/w3c/webappsec-upgrade-insecure-requests * https://github.com/w3c/webappsec-credential-management * https://github.com/w3c/permissions * https://github.com/w3c/webappsec-referrer-policy * https://github.com/w3c/webappsec-secure-contexts * https://github.com/w3c/webappsec-clear-site-data * https://github.com/w3c/webappsec-cowl * https://github.com/w3c/webappsec-epr * https://github.com/w3c/webappsec-suborigins * https://github.com/w3c/webappsec-cspee * https://github.com/w3c/webappsec-permissions-policy * https://github.com/w3c/webappsec-fetch-metadata * https://github.com/w3c/webappsec-trusted-types * https://github.com/w3c/webappsec-change-password-url * https://github.com/w3c/webappsec-unofficial-drafts -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 8 March 2021 17:00:26 UTC