Weekly github digest (WebAppSec specs)

Issues
------
* w3c/webappsec (+0/-0/💬3)
  1 issues received 3 new comments:
  - #544 CSP and HTML Modules (3 by antosart, arturjanc, lmuntaner)
    https://github.com/w3c/webappsec/issues/544 

* w3c/webappsec-subresource-integrity (+0/-0/💬3)
  2 issues received 3 new comments:
  - #119 Reference the IANA registry of hash names (2 by awwright, jb-wisemo)
    https://github.com/w3c/webappsec-subresource-integrity/issues/119 
  - #118 Check all hashes (1 by jb-wisemo)
    https://github.com/w3c/webappsec-subresource-integrity/issues/118 

* w3c/webappsec-csp (+1/-3/💬2)
  1 issues created:
  - Remove initialization hook (by antosart)
    https://github.com/w3c/webappsec-csp/issues/581 

  2 issues received 2 new comments:
  - #227 Introduce rate limiting for violation reports (report-uri and report-to) (1 by odinho)
    https://github.com/w3c/webappsec-csp/issues/227 
  - #199 CSP3: Consider adding a 'clone-src' directive (1 by cudail)
    https://github.com/w3c/webappsec-csp/issues/199 

  3 issues closed:
  - Directive's value is a set https://github.com/w3c/webappsec-csp/issues/577 
  - Should we replace browsing contexts with navigables? https://github.com/w3c/webappsec-csp/issues/579 
  - Broken references in Content Security Policy Level 3 https://github.com/w3c/webappsec-csp/issues/576 

* w3c/webappsec-mixed-content (+0/-0/💬1)
  1 issues received 1 new comments:
  - #17 Clarify mixed content behavior for access to origins in CIDR 127.0.0.0/8 or ::1/128  (1 by paulsemel)
    https://github.com/w3c/webappsec-mixed-content/issues/17 

* w3c/permissions (+0/-1/💬17)
  8 issues received 17 new comments:
  - #396 PermissionDescriptor equality is not defined (1 by jyasskin)
    https://github.com/w3c/permissions/issues/396 
  - #395 "permission query algorithm" run on string (3 by annevk, jyasskin)
    https://github.com/w3c/permissions/issues/395 
  - #394 "permission query algorithm" is passed a redundant argument (1 by jyasskin)
    https://github.com/w3c/permissions/issues/394 
  - #393 Task queueing (5 by annevk, domenic, jyasskin)
    https://github.com/w3c/permissions/issues/393 
  - #392 Align internal states with enums (1 by annevk)
    https://github.com/w3c/permissions/issues/392 
  - #391 Consider removing "lifetime" (4 by annevk, johannhof)
    https://github.com/w3c/permissions/issues/391 
  - #388 Allow returning "prompt" rather than "denied" (1 by miketaylr)
    https://github.com/w3c/permissions/issues/388 
  - #347 Automation: Need two more steps to handle closed browsing context and user prompts (1 by marcoscaceres)
    https://github.com/w3c/permissions/issues/347 

  1 issues closed:
  - Potentially revisit oneRealm https://github.com/w3c/permissions/issues/387 

* w3c/webappsec-permissions-policy (+0/-0/💬1)
  1 issues received 1 new comments:
  - #480 Denying self while still allowing subframes (1 by fergald)
    https://github.com/w3c/webappsec-permissions-policy/issues/480 

* w3c/webappsec-fetch-metadata (+1/-0/💬0)
  1 issues created:
  - Define `Sec-Purpose: Prefetch` (by noamr)
    https://github.com/w3c/webappsec-fetch-metadata/issues/84 



Pull requests
-------------
* w3c/webappsec-subresource-integrity (+0/-1/💬12)
  1 pull requests received 12 new comments:
  - #110 Edit 3.3.2 Parse metadata in more detail (12 by baek9, sideshowbarker)
    https://github.com/w3c/webappsec-subresource-integrity/pull/110 

  1 pull requests merged:
  - Edit 3.3.2 Parse metadata in more detail
    https://github.com/w3c/webappsec-subresource-integrity/pull/110 

* w3c/webappsec-csp (+0/-2/💬1)
  1 pull requests received 1 new comments:
  - #580 Fix references to html after navigation and session history rewrite (1 by antosart)
    https://github.com/w3c/webappsec-csp/pull/580 

  2 pull requests merged:
  - Fix for each iterations referring to infra
    https://github.com/w3c/webappsec-csp/pull/578 
  - Fix references to html after navigation and session history rewrite
    https://github.com/w3c/webappsec-csp/pull/580 

* w3c/permissions (+0/-1/💬2)
  1 pull requests received 2 new comments:
  - #390 Define a permission store (closes #384) (2 by johannhof)
    https://github.com/w3c/permissions/pull/390 

  1 pull requests merged:
  - Remove use of realms
    https://github.com/w3c/permissions/pull/397 

* w3c/webappsec-permissions-policy (+0/-2/💬6)
  2 pull requests received 6 new comments:
  - #491 Remove document-domain policy-controlled feature. (4 by clelland, otherdaniel)
    https://github.com/w3c/webappsec-permissions-policy/pull/491 
  - #476 Add Bluetooth to the list of policy-controlled features (2 by clelland, w3cbot)
    https://github.com/w3c/webappsec-permissions-policy/pull/476 

  2 pull requests merged:
  - Remove document-domain policy-controlled feature.
    https://github.com/w3c/webappsec-permissions-policy/pull/491 
  - Add Bluetooth to the list of policy-controlled features
    https://github.com/w3c/webappsec-permissions-policy/pull/476 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 5 December 2022 17:00:39 UTC