Weekly github digest (WebAppSec specs) from W3C Webmaster via GitHub API on 2021-11-08 (public-webappsec@w3.org from November 2021)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 08 Nov 2021 17:00:44 +0000
To: public-webappsec@w3.org
Message-Id: <E1mk80i-0006MS-2q@uranus.w3.org>
Issues
------
* w3c/webappsec-csp (+1/-0/💬4)
  1 issues created:
  - Hashes bypass source-based allowlisting only on pre-request, not on post-request (by antosart)
    https://github.com/w3c/webappsec-csp/issues/523 

  2 issues received 4 new comments:
  - #523 Hashes bypass source-based allowlisting only on pre-request, not on post-request (2 by antosart, koto)
    https://github.com/w3c/webappsec-csp/issues/523 
  - #404 CSP HTTP headers not registered with IANA (2 by SmashManiac, mikewest)
    https://github.com/w3c/webappsec-csp/issues/404 

* w3c/permissions (+5/-3/💬6)
  5 issues created:
  - Can we drop the allowed in non-secure contexts flag? (by miketaylr)
    https://github.com/w3c/permissions/issues/315 
  - Proposals: Drop "Powerful features registry" and PermissionName enum (by marcoscaceres)
    https://github.com/w3c/permissions/issues/314 
  - Remove "ambient-light-sensor" bits (by miketaylr)
    https://github.com/w3c/permissions/issues/309 
  - "background-sync", (by miketaylr)
    https://github.com/w3c/permissions/issues/308 
  - Ensure "ambient-light-sensor" is integrated into Ambient Light Sensor spec (by miketaylr)
    https://github.com/w3c/permissions/issues/307 

  4 issues received 6 new comments:
  - #315 Can we drop the allowed in non-secure contexts flag? (1 by marcoscaceres)
    https://github.com/w3c/permissions/issues/315 
  - #314 Proposals: Drop "Powerful features registry" and PermissionName enum (2 by jyasskin, marcoscaceres)
    https://github.com/w3c/permissions/issues/314 
  - #307 Ensure "ambient-light-sensor" is integrated into Ambient Light Sensor spec (2 by miketaylr)
    https://github.com/w3c/permissions/issues/307 
  - #294 Ensure "midi" permission is integrated in Web Midi API spec (1 by miketaylr)
    https://github.com/w3c/permissions/issues/294 

  3 issues closed:
  - Ensure "ambient-light-sensor" is integrated into Ambient Light Sensor spec https://github.com/w3c/permissions/issues/307 
  - Remove extra "ambient-light-sensor" bits https://github.com/w3c/permissions/issues/309 
  - Ensure "midi" permission is integrated in Web Midi API spec https://github.com/w3c/permissions/issues/294 



Pull requests
-------------
* w3c/webappsec-credential-management (+1/-1/💬0)
  1 pull requests submitted:
  - Fail the CI on bikeshed warnings (by jyasskin)
    https://github.com/w3c/webappsec-credential-management/pull/174 

  1 pull requests merged:
  - Fail the CI on bikeshed warnings
    https://github.com/w3c/webappsec-credential-management/pull/174 

* w3c/permissions (+4/-3/💬1)
  4 pull requests submitted:
  - Editorial: relocate PermissionName/push definition (by marcoscaceres)
    https://github.com/w3c/permissions/pull/313 
  - Relocate screen-capture (by marcoscaceres)
    https://github.com/w3c/permissions/pull/312 
  - Editorial: soft identify geolocation powerful feature (by marcoscaceres)
    https://github.com/w3c/permissions/pull/311 
  - Remove ambient-light-sensor details defined in [[ambient-light]] (by miketaylr)
    https://github.com/w3c/permissions/pull/310 

  1 pull requests received 1 new comments:
  - #310 Remove ambient-light-sensor details defined in [[ambient-light]] (1 by miketaylr)
    https://github.com/w3c/permissions/pull/310 

  3 pull requests merged:
  - Editorial: relocate PermissionName/push definition
    https://github.com/w3c/permissions/pull/313 
  - Editorial: soft identify geolocation powerful feature
    https://github.com/w3c/permissions/pull/311 
  - Remove ambient-light-sensor details defined in [[ambient-light]]
    https://github.com/w3c/permissions/pull/310 

* w3c/webappsec-permissions-policy (+1/-0/💬0)
  1 pull requests submitted:
  - Add interest-cohort to list of Experimental Features (by yoshifp)
    https://github.com/w3c/webappsec-permissions-policy/pull/437 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 8 November 2021 17:00:46 UTC