Weekly github digest (WebAppSec specs)

Issues
------
* w3c/webappsec-subresource-integrity (+0/-0/💬1)
  1 issues received 1 new comments:
  - #20 Consider integrity check violation reporting (1 by briansmith)
    https://github.com/w3c/webappsec-subresource-integrity/issues/20 [feature-request] 

* w3c/webappsec-csp (+3/-2/💬14)
  3 issues created:
  - Fix "network scheme" references. (by jyasskin)
    https://github.com/w3c/webappsec-csp/issues/479 
  - Media queries in the `media` attribute should be subject to CSP (by arturjanc)
    https://github.com/w3c/webappsec-csp/issues/476 
  - Should CSP apply to svg images? (by antosart)
    https://github.com/w3c/webappsec-csp/issues/474 

  6 issues received 14 new comments:
  - #479 Fix "network scheme" references. (1 by annevk)
    https://github.com/w3c/webappsec-csp/issues/479 
  - #476 Media queries in the `media` attribute should be subject to CSP (2 by annevk, arturjanc)
    https://github.com/w3c/webappsec-csp/issues/476 
  - #474 Should the parent CSP apply to documents created by svg images? (7 by annevk, antosart, mikewest)
    https://github.com/w3c/webappsec-csp/issues/474 
  - #473 Non-ASCII characters in CSP policy. (2 by bakkot, dveditz)
    https://github.com/w3c/webappsec-csp/issues/473 
  - #472 More robust handling of non-executable <script> nodes (1 by jeremyroman)
    https://github.com/w3c/webappsec-csp/issues/472 
  - #262 Please clearly mark older versions as obsolete (1 by sideshowbarker)
    https://github.com/w3c/webappsec-csp/issues/262 

  2 issues closed:
  - Fix "network scheme" references. https://github.com/w3c/webappsec-csp/issues/479 
  - Use Infra for JSON https://github.com/w3c/webappsec-csp/issues/455 

* w3c/webappsec-mixed-content (+0/-1/💬2)
  1 issues received 2 new comments:
  - #25 Move MIX2 to FPWD (2 by carlosjoan91, wseltzer)
    https://github.com/w3c/webappsec-mixed-content/issues/25 

  1 issues closed:
  - WebSocket section needs updating https://github.com/w3c/webappsec-mixed-content/issues/27 

* w3c/webappsec-upgrade-insecure-requests (+0/-3/💬0)
  3 issues closed:
  - URL's `port` is `null` if default value. https://github.com/w3c/webappsec-upgrade-insecure-requests/issues/18 
  - "a priori authenticated" https://github.com/w3c/webappsec-upgrade-insecure-requests/issues/13 
  - Upstream WebSocket bits to Fetch https://github.com/w3c/webappsec-upgrade-insecure-requests/issues/11 

* w3c/webappsec-credential-management (+0/-0/💬1)
  1 issues received 1 new comments:
  - #144 Username/ID hint for navigator.credentials.get() (1 by ChadKillingsworth)
    https://github.com/w3c/webappsec-credential-management/issues/144 

* w3c/webappsec-permissions-policy (+1/-1/💬3)
  1 issues created:
  - Proper delimiter clarification (by patricktokeeffe)
    https://github.com/w3c/webappsec-permissions-policy/issues/418 

  1 issues received 3 new comments:
  - #418 Proper delimiter clarification (3 by annevk, clelland, patricktokeeffe)
    https://github.com/w3c/webappsec-permissions-policy/issues/418 

  1 issues closed:
  - Proper delimiter clarification https://github.com/w3c/webappsec-permissions-policy/issues/418 

* w3c/webappsec-fetch-metadata (+0/-3/💬6)
  5 issues received 6 new comments:
  - #59 New 'Sec-Fetch-Dest' Type - "import"  (1 by annevk)
    https://github.com/w3c/webappsec-fetch-metadata/issues/59 
  - #45 Naming for new items in `mode`. (2 by annevk, mikewest)
    https://github.com/w3c/webappsec-fetch-metadata/issues/45 
  - #37 Handling iframing via <embed> / <object> (1 by annevk)
    https://github.com/w3c/webappsec-fetch-metadata/issues/37 
  - #29 Update Redirect section with HTTPS->HTTP behavior (1 by annevk)
    https://github.com/w3c/webappsec-fetch-metadata/issues/29 
  - #28 Why is `Sec-Fetch-Site` based on the full URL redirect chain? (1 by annevk)
    https://github.com/w3c/webappsec-fetch-metadata/issues/28 

  3 issues closed:
  - Naming for new items in `mode`. https://github.com/w3c/webappsec-fetch-metadata/issues/45 
  - New 'Sec-Fetch-Dest' Type - "import"  https://github.com/w3c/webappsec-fetch-metadata/issues/59 
  - Fetch integration https://github.com/w3c/webappsec-fetch-metadata/issues/58 

* w3c/webappsec-trusted-types (+0/-1/💬0)
  1 issues closed:
  - `npm spec` eats translation errors https://github.com/w3c/webappsec-trusted-types/issues/112 



Pull requests
-------------
* w3c/webappsec (+2/-1/💬1)
  2 pull requests submitted:
  - Fix the name and URL of DAS WG (by xfq)
    https://github.com/w3c/webappsec/pull/577 
  - Editorial fixes (by dontcallmedom)
    https://github.com/w3c/webappsec/pull/576 

  1 pull requests received 1 new comments:
  - #576 Editorial fixes (1 by samuelweiler)
    https://github.com/w3c/webappsec/pull/576 

  1 pull requests merged:
  - Editorial fixes
    https://github.com/w3c/webappsec/pull/576 

* w3c/webappsec-csp (+5/-7/💬1)
  5 pull requests submitted:
  - Editorial: Use "Previous Version: from biblio" (by sideshowbarker)
    https://github.com/w3c/webappsec-csp/pull/481 
  - Editorial: Drop Previous Version link (by sideshowbarker)
    https://github.com/w3c/webappsec-csp/pull/480 
  - Editorial: Update spec filename in README.md (by sideshowbarker)
    https://github.com/w3c/webappsec-csp/pull/478 
  - CI: Enable Echidna autopublishing to TR space (by sideshowbarker)
    https://github.com/w3c/webappsec-csp/pull/477 
  - Fix typo in img-src post-request checks (by antosart)
    https://github.com/w3c/webappsec-csp/pull/475 

  1 pull requests received 1 new comments:
  - #475 Fix typo in img-src post-request checks (1 by mikewest)
    https://github.com/w3c/webappsec-csp/pull/475 

  7 pull requests merged:
  - Meta: align with Fetch
    https://github.com/w3c/webappsec-csp/pull/461 
  - Editorial: Use "Previous Version: from biblio"
    https://github.com/w3c/webappsec-csp/pull/481 
  - Editorial: Drop Previous Version link
    https://github.com/w3c/webappsec-csp/pull/480 
  - Editorial: Update spec filename in README.md
    https://github.com/w3c/webappsec-csp/pull/478 
  - Serialize JSON by reference to Infra spec
    https://github.com/w3c/webappsec-csp/pull/465 
  - CI: Enable Echidna autopublishing to TR space
    https://github.com/w3c/webappsec-csp/pull/477 
  - Fix typo in img-src post-request checks
    https://github.com/w3c/webappsec-csp/pull/475 

* w3c/webappsec-mixed-content (+7/-8/💬10)
  7 pull requests submitted:
  - Remove TR reference from MIX2 (by carlosjoan91)
    https://github.com/w3c/webappsec-mixed-content/pull/49 
  - Add note about redirections on form submissions (by carlosjoan91)
    https://github.com/w3c/webappsec-mixed-content/pull/48 
  - Editorial: correct browsing context reference (by annevk)
    https://github.com/w3c/webappsec-mixed-content/pull/47 
  - CI: Disable HTML validation until fixed (by sideshowbarker)
    https://github.com/w3c/webappsec-mixed-content/pull/46 
  - Ediorial: Fix problems in Bikeshed markup (by sideshowbarker)
    https://github.com/w3c/webappsec-mixed-content/pull/45 
  - Editorial: remove WebSocket remnants (by annevk)
    https://github.com/w3c/webappsec-mixed-content/pull/44 
  - Editorial: several fields are now called URL (uppercase) (by annevk)
    https://github.com/w3c/webappsec-mixed-content/pull/43 

  5 pull requests received 10 new comments:
  - #49 Remove TR reference from MIX2 (4 by carlosjoan91, sideshowbarker)
    https://github.com/w3c/webappsec-mixed-content/pull/49 
  - #48 Add note about redirections on form submissions (1 by carlosjoan91)
    https://github.com/w3c/webappsec-mixed-content/pull/48 
  - #47 Editorial: correct browsing context reference (2 by annevk, tabatkins)
    https://github.com/w3c/webappsec-mixed-content/pull/47 
  - #43 Editorial: several fields are now called URL (uppercase) (1 by annevk)
    https://github.com/w3c/webappsec-mixed-content/pull/43 
  - #42 CI: Switch to using GitHub Actions (2 by annevk, sideshowbarker)
    https://github.com/w3c/webappsec-mixed-content/pull/42 

  8 pull requests merged:
  - Remove TR reference from MIX2
    https://github.com/w3c/webappsec-mixed-content/pull/49 
  - Add note about redirections on form submissions
    https://github.com/w3c/webappsec-mixed-content/pull/48 
  - Editorial: correct browsing context reference
    https://github.com/w3c/webappsec-mixed-content/pull/47 
  - Ediorial: Fix problems in Bikeshed markup
    https://github.com/w3c/webappsec-mixed-content/pull/45 
  - CI: Disable HTML validation until fixed
    https://github.com/w3c/webappsec-mixed-content/pull/46 
  - Editorial: several fields are now called URL (uppercase)
    https://github.com/w3c/webappsec-mixed-content/pull/43 
  - Editorial: remove WebSocket remnants
    https://github.com/w3c/webappsec-mixed-content/pull/44 
  - CI: Switch to using GitHub Actions
    https://github.com/w3c/webappsec-mixed-content/pull/42 

* w3c/webappsec-upgrade-insecure-requests (+5/-5/💬1)
  5 pull requests submitted:
  - Editorial: Use "Previous Version: from biblio" (by sideshowbarker)
    https://github.com/w3c/webappsec-upgrade-insecure-requests/pull/25 
  - Modernize a bit (by annevk)
    https://github.com/w3c/webappsec-upgrade-insecure-requests/pull/24 
  - Editorial: Update the Version History link URL (by sideshowbarker)
    https://github.com/w3c/webappsec-upgrade-insecure-requests/pull/23 
  - Reference current HTML standard, not old fork (by sideshowbarker)
    https://github.com/w3c/webappsec-upgrade-insecure-requests/pull/22 
  - CI: Switch to using GitHub Actions (by sideshowbarker)
    https://github.com/w3c/webappsec-upgrade-insecure-requests/pull/21 

  1 pull requests received 1 new comments:
  - #24 Modernize a bit (1 by annevk)
    https://github.com/w3c/webappsec-upgrade-insecure-requests/pull/24 

  5 pull requests merged:
  - Modernize a bit
    https://github.com/w3c/webappsec-upgrade-insecure-requests/pull/24 
  - Editorial: Use "Previous Version: from biblio"
    https://github.com/w3c/webappsec-upgrade-insecure-requests/pull/25 
  - Editorial: Update the Version History link URL
    https://github.com/w3c/webappsec-upgrade-insecure-requests/pull/23 
  - Reference current HTML standard, not old fork
    https://github.com/w3c/webappsec-upgrade-insecure-requests/pull/22 
  - CI: Switch to using GitHub Actions
    https://github.com/w3c/webappsec-upgrade-insecure-requests/pull/21 

* w3c/webappsec-referrer-policy (+3/-1/💬1)
  3 pull requests submitted:
  - Editorial: Fix HTML markup conformance error (by sideshowbarker)
    https://github.com/w3c/webappsec-referrer-policy/pull/151 
  - CI: Switch to https://github.com/w3c/spec-prod (by sideshowbarker)
    https://github.com/w3c/webappsec-referrer-policy/pull/150 
  - Update Version History URL to "main" branch (by sideshowbarker)
    https://github.com/w3c/webappsec-referrer-policy/pull/149 

  1 pull requests received 1 new comments:
  - #150 CI: Switch to https://github.com/w3c/spec-prod (1 by sideshowbarker)
    https://github.com/w3c/webappsec-referrer-policy/pull/150 

  1 pull requests merged:
  - Update Version History URL to "main" branch
    https://github.com/w3c/webappsec-referrer-policy/pull/149 

* w3c/webappsec-fetch-metadata (+5/-5/💬1)
  5 pull requests submitted:
  - Editorial: Use "Previous Version: from biblio" (by sideshowbarker)
    https://github.com/w3c/webappsec-fetch-metadata/pull/70 
  - Update URL of ED (by tidoust)
    https://github.com/w3c/webappsec-fetch-metadata/pull/69 
  - Editorial: Fix Previous Version URL (by sideshowbarker)
    https://github.com/w3c/webappsec-fetch-metadata/pull/68 
  - Editorial: Switch status to WD for Echidna (by sideshowbarker)
    https://github.com/w3c/webappsec-fetch-metadata/pull/67 
  - CI: Enable Echidna autopublishing to TR space (by sideshowbarker)
    https://github.com/w3c/webappsec-fetch-metadata/pull/66 

  1 pull requests received 1 new comments:
  - #66 CI: Enable Echidna autopublishing to TR space (1 by sideshowbarker)
    https://github.com/w3c/webappsec-fetch-metadata/pull/66 

  5 pull requests merged:
  - Editorial: Use "Previous Version: from biblio"
    https://github.com/w3c/webappsec-fetch-metadata/pull/70 
  - Update URL of ED
    https://github.com/w3c/webappsec-fetch-metadata/pull/69 
  - Editorial: Fix Previous Version URL
    https://github.com/w3c/webappsec-fetch-metadata/pull/68 
  - Editorial: Switch status to WD for Echidna
    https://github.com/w3c/webappsec-fetch-metadata/pull/67 
  - CI: Enable Echidna autopublishing to TR space
    https://github.com/w3c/webappsec-fetch-metadata/pull/66 

* w3c/webappsec-trusted-types (+5/-4/💬3)
  5 pull requests submitted:
  - Added privacy considerations section. (by koto)
    https://github.com/w3c/webappsec-trusted-types/pull/337 
  - Editorial: Removed bikeshed warnings & errors. (by koto)
    https://github.com/w3c/webappsec-trusted-types/pull/336 
  - Similified use case from #158 (by koto)
    https://github.com/w3c/webappsec-trusted-types/pull/335 
  - Fix the type of partial WindowOrWorkerGlobalScope (by foolip)
    https://github.com/w3c/webappsec-trusted-types/pull/334 
  - Bump elliptic from 6.5.0 to 6.5.4 (by dependabot)
    https://github.com/w3c/webappsec-trusted-types/pull/333 

  2 pull requests received 3 new comments:
  - #333 Bump elliptic from 6.5.0 to 6.5.4 (2 by dependabot, koto)
    https://github.com/w3c/webappsec-trusted-types/pull/333 [dependencies] 
  - #158 Adds use case to spec section 1.3. (1 by koto)
    https://github.com/w3c/webappsec-trusted-types/pull/158 

  4 pull requests merged:
  - Added privacy considerations section.
    https://github.com/w3c/webappsec-trusted-types/pull/337 
  - Editorial: Removed bikeshed warnings & errors.
    https://github.com/w3c/webappsec-trusted-types/pull/336 
  - Similified use case from #158
    https://github.com/w3c/webappsec-trusted-types/pull/335 
  - Fix the type of partial WindowOrWorkerGlobalScope
    https://github.com/w3c/webappsec-trusted-types/pull/334 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-unofficial-drafts


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 15 March 2021 17:00:34 UTC