W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2021

Weekly github digest (WebAppSec specs)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 08 Mar 2021 17:00:23 +0000
To: public-webappsec@w3.org
Message-Id: <E1lJJF1-0005SC-7a@uranus.w3.org>



Issues
------
* w3c/webappsec (+1/-0/💬0)
  1 issues created:
  - myappconfluence.atlassian.net (by chewy22)
    https://github.com/w3c/webappsec/issues/575 

* w3c/webappsec-csp (+2/-0/💬6)
  2 issues created:
  - Non-ASCII characters in CSP policy. (by antosart)
    https://github.com/w3c/webappsec-csp/issues/473 
  - More robust handling of non-executable <script> nodes (by arturjanc)
    https://github.com/w3c/webappsec-csp/issues/472 

  3 issues received 6 new comments:
  - #473 Non-ASCII characters in CSP policy. (1 by annevk)
    https://github.com/w3c/webappsec-csp/issues/473 
  - #472 More robust handling of non-executable <script> nodes (3 by arturjanc, domenic)
    https://github.com/w3c/webappsec-csp/issues/472 
  - #470 Add report samples to security considerations (2 by arturjanc, jyasskin)
    https://github.com/w3c/webappsec-csp/issues/470 

* w3c/webappsec-mixed-content (+0/-0/💬8)
  1 issues received 8 new comments:
  - #41 Spec is not clear about blobs created in sandboxed iframes (8 by annevk, letitz, mkruisselbrink, youennf)
    https://github.com/w3c/webappsec-mixed-content/issues/41 

* w3c/webappsec-cowl (+1/-0/💬4)
  1 issues created:
  - Mark spec as no longer being worked on? And archive this repo? (by sideshowbarker)
    https://github.com/w3c/webappsec-cowl/issues/81 

  1 issues received 4 new comments:
  - #81 Mark spec as no longer being worked on? And archive this repo? (4 by deian, sideshowbarker)
    https://github.com/w3c/webappsec-cowl/issues/81 

* w3c/webappsec-epr (+1/-0/💬0)
  1 issues created:
  - Archive this GitHub repo? (by sideshowbarker)
    https://github.com/w3c/webappsec-epr/issues/5 

* w3c/webappsec-trusted-types (+0/-2/💬5)
  3 issues received 5 new comments:
  - #278 Make input argument to createHTML, createScript, and createScriptURL optional (1 by koto)
    https://github.com/w3c/webappsec-trusted-types/issues/278 [future] 
  - #259 Restrict to secure contexts (3 by annevk, koto)
    https://github.com/w3c/webappsec-trusted-types/issues/259 [spec] 
  - #256 require-trusted-types-for 'wasm' (1 by koto)
    https://github.com/w3c/webappsec-trusted-types/issues/256 [future] [spec] 

  2 issues closed:
  - require-trusted-types-for 'wasm' https://github.com/w3c/webappsec-trusted-types/issues/256 [future] [spec] 
  - Restrict to secure contexts https://github.com/w3c/webappsec-trusted-types/issues/259 [spec] 



Pull requests
-------------
* w3c/webappsec-subresource-integrity (+1/-1/💬5)
  1 pull requests submitted:
  - Switch to GitHub Actions build-validate-publish (by sideshowbarker)
    https://github.com/w3c/webappsec-subresource-integrity/pull/100 

  2 pull requests received 5 new comments:
  - #100 Switch to GitHub Actions build-validate-publish (4 by mozfreddyb, sideshowbarker)
    https://github.com/w3c/webappsec-subresource-integrity/pull/100 
  - #93 Updated index.html (1 by sideshowbarker)
    https://github.com/w3c/webappsec-subresource-integrity/pull/93 

  1 pull requests merged:
  - Switch to GitHub Actions build-validate-publish
    https://github.com/w3c/webappsec-subresource-integrity/pull/100 

* w3c/webappsec-csp (+1/-3/💬1)
  1 pull requests submitted:
  - CI: Switch to using w3c/spec-prod (by sideshowbarker)
    https://github.com/w3c/webappsec-csp/pull/471 

  1 pull requests received 1 new comments:
  - #464 Match hash-algorithm parts case-insensitively (as CSP2) (1 by sideshowbarker)
    https://github.com/w3c/webappsec-csp/pull/464 [needs tests] 

  3 pull requests merged:
  - CI: Switch to using w3c/spec-prod
    https://github.com/w3c/webappsec-csp/pull/471 
  - Follow Bikeshed filename convention: Use index.bs
    https://github.com/w3c/webappsec-csp/pull/469 
  - Match hash-algorithm parts case-insensitively (as CSP2)
    https://github.com/w3c/webappsec-csp/pull/464 [needs tests] 

* w3c/webappsec-mixed-content (+1/-1/💬0)
  1 pull requests submitted:
  - CI: Switch to using GitHub Actions (by sideshowbarker)
    https://github.com/w3c/webappsec-mixed-content/pull/42 

  1 pull requests merged:
  - Fix typo: upgrade should turn scheme into https
    https://github.com/w3c/webappsec-mixed-content/pull/37 

* w3c/webappsec-fetch-metadata (+2/-2/💬2)
  2 pull requests submitted:
  - Meta: Make Version History link to main (!master) (by sideshowbarker)
    https://github.com/w3c/webappsec-fetch-metadata/pull/65 
  - CI: GitHub-Actions-based build-validate-publish (by sideshowbarker)
    https://github.com/w3c/webappsec-fetch-metadata/pull/64 

  2 pull requests received 2 new comments:
  - #64 CI: GitHub-Actions-based build-validate-publish (1 by mikewest)
    https://github.com/w3c/webappsec-fetch-metadata/pull/64 
  - #62 Regenerate index.html file (1 by mikewest)
    https://github.com/w3c/webappsec-fetch-metadata/pull/62 

  2 pull requests merged:
  - Meta: Make Version History link to main (!master)
    https://github.com/w3c/webappsec-fetch-metadata/pull/65 
  - CI: GitHub-Actions-based build-validate-publish
    https://github.com/w3c/webappsec-fetch-metadata/pull/64 

* w3c/webappsec-trusted-types (+24/-9/💬52)
  24 pull requests submitted:
  - Added support for enforcing Trusted Types in workers. (by koto)
    https://github.com/w3c/webappsec-trusted-types/pull/332 
  - Bump eslint-plugin-jasmine from 2.10.1 to 4.1.2 (by dependabot)
    https://github.com/w3c/webappsec-trusted-types/pull/331 
  - Bump @babel/polyfill from 7.4.4 to 7.12.1 (by dependabot)
    https://github.com/w3c/webappsec-trusted-types/pull/330 
  - Bump karma-chrome-launcher from 2.2.0 to 3.1.0 (by dependabot)
    https://github.com/w3c/webappsec-trusted-types/pull/329 
  - Bump eslint from 5.16.0 to 7.21.0 (by dependabot)
    https://github.com/w3c/webappsec-trusted-types/pull/328 
  - Bump karma-firefox-launcher from 1.1.0 to 2.1.0 (by dependabot)
    https://github.com/w3c/webappsec-trusted-types/pull/327 
  - Bump jasmine from 3.4.0 to 3.6.4 (by dependabot)
    https://github.com/w3c/webappsec-trusted-types/pull/326 
  - Bump karma from 4.2.0 to 6.1.1 (by dependabot)
    https://github.com/w3c/webappsec-trusted-types/pull/325 
  - Bump @babel/preset-env from 7.5.5 to 7.13.9 (by dependabot)
    https://github.com/w3c/webappsec-trusted-types/pull/324 
  - Bump google-closure-compiler from 20190415.0.0 to 20210202.0.0 (by dependabot)
    https://github.com/w3c/webappsec-trusted-types/pull/323 
  - Bump gulp-sourcemaps from 2.6.5 to 3.0.0 (by dependabot)
    https://github.com/w3c/webappsec-trusted-types/pull/322 
  - [Security] Bump mixin-deep from 1.3.1 to 1.3.2 (by dependabot-preview)
    https://github.com/w3c/webappsec-trusted-types/pull/321 
  - [Security] Bump https-proxy-agent from 2.2.1 to 2.2.4 (by dependabot-preview)
    https://github.com/w3c/webappsec-trusted-types/pull/320 
  - [Security] Bump http-proxy from 1.17.0 to 1.18.1 (by dependabot-preview)
    https://github.com/w3c/webappsec-trusted-types/pull/319 
  - [Security] Bump eslint-utils from 1.3.1 to 1.4.3 (by dependabot-preview)
    https://github.com/w3c/webappsec-trusted-types/pull/318 
  - Bump jasmine-core from 3.4.0 to 3.6.0 (by dependabot-preview)
    https://github.com/w3c/webappsec-trusted-types/pull/317 
  - [Security] Bump lodash from 4.17.11 to 4.17.21 (by dependabot-preview)
    https://github.com/w3c/webappsec-trusted-types/pull/316 
  - Bump karma-jasmine from 2.0.1 to 4.0.1 (by dependabot-preview)
    https://github.com/w3c/webappsec-trusted-types/pull/315 
  - [Security] Bump elliptic from 6.5.0 to 6.5.4 (by dependabot-preview)
    https://github.com/w3c/webappsec-trusted-types/pull/314 
  - Bump eslint-config-google from 0.12.0 to 0.14.0 (by dependabot-preview)
    https://github.com/w3c/webappsec-trusted-types/pull/313 
  - Create Dependabot config file (by dependabot-preview)
    https://github.com/w3c/webappsec-trusted-types/pull/312 
  - Bump rollup from 1.17.0 to 2.40.0 (by dependabot-preview)
    https://github.com/w3c/webappsec-trusted-types/pull/311 
  - [Security] Bump ini from 1.3.5 to 1.3.8 (by dependabot-preview)
    https://github.com/w3c/webappsec-trusted-types/pull/310 
  - Bump @babel/core from 7.5.5 to 7.13.8 (by dependabot-preview)
    https://github.com/w3c/webappsec-trusted-types/pull/309 

  25 pull requests received 52 new comments:
  - #332 Added support for enforcing Trusted Types in workers. (1 by koto)
    https://github.com/w3c/webappsec-trusted-types/pull/332 
  - #331 Bump eslint-plugin-jasmine from 2.10.1 to 4.1.2 (2 by dependabot, koto)
    https://github.com/w3c/webappsec-trusted-types/pull/331 [dependencies] 
  - #330 Bump @babel/polyfill from 7.4.4 to 7.12.1 (2 by dependabot, koto)
    https://github.com/w3c/webappsec-trusted-types/pull/330 [dependencies] 
  - #329 Bump karma-chrome-launcher from 2.2.0 to 3.1.0 (2 by dependabot, koto)
    https://github.com/w3c/webappsec-trusted-types/pull/329 [dependencies] 
  - #328 Bump eslint from 5.16.0 to 7.21.0 (2 by dependabot, koto)
    https://github.com/w3c/webappsec-trusted-types/pull/328 [dependencies] 
  - #327 Bump karma-firefox-launcher from 1.1.0 to 2.1.0 (2 by dependabot, koto)
    https://github.com/w3c/webappsec-trusted-types/pull/327 [dependencies] 
  - #326 Bump jasmine from 3.4.0 to 3.6.4 (2 by dependabot, koto)
    https://github.com/w3c/webappsec-trusted-types/pull/326 [dependencies] 
  - #325 Bump karma from 4.2.0 to 6.1.1 (2 by dependabot, koto)
    https://github.com/w3c/webappsec-trusted-types/pull/325 [dependencies] 
  - #324 Bump @babel/preset-env from 7.5.5 to 7.13.9 (2 by dependabot, koto)
    https://github.com/w3c/webappsec-trusted-types/pull/324 [dependencies] 
  - #323 Bump google-closure-compiler from 20190415.0.0 to 20210202.0.0 (2 by dependabot, koto)
    https://github.com/w3c/webappsec-trusted-types/pull/323 [dependencies] 
  - #322 Bump gulp-sourcemaps from 2.6.5 to 3.0.0 (2 by dependabot, koto)
    https://github.com/w3c/webappsec-trusted-types/pull/322 [dependencies] 
  - #321 [Security] Bump mixin-deep from 1.3.1 to 1.3.2 (1 by dependabot-preview)
    https://github.com/w3c/webappsec-trusted-types/pull/321 [dependencies] [security] 
  - #320 [Security] Bump https-proxy-agent from 2.2.1 to 2.2.4 (3 by dependabot-preview, koto)
    https://github.com/w3c/webappsec-trusted-types/pull/320 [dependencies] [security] 
  - #319 [Security] Bump http-proxy from 1.17.0 to 1.18.1 (3 by dependabot-preview, koto)
    https://github.com/w3c/webappsec-trusted-types/pull/319 [dependencies] [security] 
  - #318 [Security] Bump eslint-utils from 1.3.1 to 1.4.3 (1 by dependabot-preview)
    https://github.com/w3c/webappsec-trusted-types/pull/318 [dependencies] [security] 
  - #317 Bump jasmine-core from 3.4.0 to 3.6.0 (1 by dependabot-preview)
    https://github.com/w3c/webappsec-trusted-types/pull/317 [dependencies] 
  - #316 [Security] Bump lodash from 4.17.11 to 4.17.21 (1 by dependabot-preview)
    https://github.com/w3c/webappsec-trusted-types/pull/316 [dependencies] [security] 
  - #315 Bump karma-jasmine from 2.0.1 to 4.0.1 (3 by dependabot-preview, koto)
    https://github.com/w3c/webappsec-trusted-types/pull/315 [dependencies] 
  - #314 [Security] Bump elliptic from 6.5.0 to 6.5.4 (3 by dependabot-preview, koto)
    https://github.com/w3c/webappsec-trusted-types/pull/314 [dependencies] [security] 
  - #313 Bump eslint-config-google from 0.12.0 to 0.14.0 (2 by dependabot-preview)
    https://github.com/w3c/webappsec-trusted-types/pull/313 [dependencies] 
  - #311 Bump rollup from 1.17.0 to 2.40.0 (2 by dependabot-preview)
    https://github.com/w3c/webappsec-trusted-types/pull/311 [dependencies] 
  - #310 [Security] Bump ini from 1.3.5 to 1.3.8 (3 by dependabot-preview, koto)
    https://github.com/w3c/webappsec-trusted-types/pull/310 [dependencies] [security] 
  - #309 Bump @babel/core from 7.5.5 to 7.13.8 (4 by dependabot-preview, koto)
    https://github.com/w3c/webappsec-trusted-types/pull/309 [dependencies] 
  - #308 Fix remaining Web IDL issues (2 by koto, sideshowbarker)
    https://github.com/w3c/webappsec-trusted-types/pull/308 
  - #304 Bump ini from 1.3.5 to 1.3.7 (2 by dependabot, sideshowbarker)
    https://github.com/w3c/webappsec-trusted-types/pull/304 [dependencies] 

  9 pull requests merged:
  - Added support for enforcing Trusted Types in workers.
    https://github.com/w3c/webappsec-trusted-types/pull/332 
  - Removed the secure context restrictions.
    https://github.com/w3c/webappsec-trusted-types/pull/279 
  - Bump rollup from 1.17.0 to 2.40.0
    https://github.com/w3c/webappsec-trusted-types/pull/311 [dependencies] 
  - [Security] Bump lodash from 4.17.11 to 4.17.21
    https://github.com/w3c/webappsec-trusted-types/pull/316 [dependencies] [security] 
  - Bump jasmine-core from 3.4.0 to 3.6.0
    https://github.com/w3c/webappsec-trusted-types/pull/317 [dependencies] 
  - [Security] Bump eslint-utils from 1.3.1 to 1.4.3
    https://github.com/w3c/webappsec-trusted-types/pull/318 [dependencies] [security] 
  - [Security] Bump mixin-deep from 1.3.1 to 1.3.2
    https://github.com/w3c/webappsec-trusted-types/pull/321 [dependencies] [security] 
  - Create Dependabot config file
    https://github.com/w3c/webappsec-trusted-types/pull/312 [dependencies] 
  - Fix remaining Web IDL issues
    https://github.com/w3c/webappsec-trusted-types/pull/308 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-unofficial-drafts


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 8 March 2021 17:00:26 UTC

This archive was generated by hypermail 2.4.0 : Monday, 8 March 2021 17:00:27 UTC