Weekly github digest (WebAppSec specs) from W3C Webmaster via GitHub API on 2024-06-03 (public-webappsec@w3.org from June 2024)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 03 Jun 2024 17:00:20 +0000
To: public-webappsec@w3.org
Message-Id: <E1sEB2i-0038sm-1w@janus.w3.internal>
Issues
------
* w3c/webappsec-csp (+0/-0/💬4)
  1 issues received 4 new comments:
  - #664 Add new CSP sandbox directive to allow SameSite=None cookies on top-level frames (4 by DCtheTall, mikewest)
    https://github.com/w3c/webappsec-csp/issues/664 

* w3c/webappsec-mixed-content (+1/-0/💬3)
  1 issues created:
  - Are there any compliant mixed download implementations? (by hamishwillee)
    https://github.com/w3c/webappsec-mixed-content/issues/71 

  1 issues received 3 new comments:
  - #71 Are there any compliant mixed download implementations? (3 by annevk, hamishwillee)
    https://github.com/w3c/webappsec-mixed-content/issues/71 

* w3c/webappsec-credential-management (+0/-1/💬0)
  1 issues closed:
  - Mediation parameter for credential creation https://github.com/w3c/webappsec-credential-management/issues/225 

* w3c/webappsec-fetch-metadata (+1/-0/💬2)
  1 issues created:
  - Opener information (by yoavweiss)
    https://github.com/w3c/webappsec-fetch-metadata/issues/90 

  2 issues received 2 new comments:
  - #90 Opener information (1 by yoavweiss)
    https://github.com/w3c/webappsec-fetch-metadata/issues/90 
  - #86 Metadata to indicate if fetch was instigated as a result of 103 early hints (1 by yoavweiss)
    https://github.com/w3c/webappsec-fetch-metadata/issues/86 

* w3c/webappsec-trusted-types (+1/-1/💬5)
  1 issues created:
  - Seeking Trusted Types feedback on Array.isTemplateObject (by littledan)
    https://github.com/w3c/trusted-types/issues/519 

  1 issues received 5 new comments:
  - #519 Seeking Trusted Types feedback on Array.isTemplateObject (5 by annevk, koto, littledan, lukewarlow)
    https://github.com/w3c/trusted-types/issues/519 

  1 issues closed:
  - Spec / implementation mismatch with document.write/writeln https://github.com/w3c/trusted-types/issues/510 [spec] 



Pull requests
-------------
* w3c/webappsec-csp (+1/-0/💬1)
  1 pull requests submitted:
  - Add `trusted-eval` source expression for `script-src` (by lukewarlow)
    https://github.com/w3c/webappsec-csp/pull/665 

  1 pull requests received 1 new comments:
  - #665 Add `trusted-eval` source expression for `script-src` (1 by lukewarlow)
    https://github.com/w3c/webappsec-csp/pull/665 

* w3c/webappsec-credential-management (+0/-3/💬2)
  2 pull requests received 2 new comments:
  - #237 Do fully active check on Prevent Silent Access (1 by nsatragno)
    https://github.com/w3c/webappsec-credential-management/pull/237 
  - #131 Drop 'origin' from public interfaces after #100. (1 by marcoscaceres)
    https://github.com/w3c/webappsec-credential-management/pull/131 

  3 pull requests merged:
  - Add mediation to credential creation options
    https://github.com/w3c/webappsec-credential-management/pull/224 [type:technical] 
  - Do fully active check on Prevent Silent Access
    https://github.com/w3c/webappsec-credential-management/pull/237 
  - Chore: Update Ubuntu version
    https://github.com/w3c/webappsec-credential-management/pull/238 

* w3c/webappsec-trusted-types (+1/-0/💬1)
  1 pull requests submitted:
  - Add an |includeReportOnly| boolean argument to Does sink type require trusted types? (by lukewarlow)
    https://github.com/w3c/trusted-types/pull/518 

  1 pull requests received 1 new comments:
  - #473 Add new `trusted-eval` source expression to 'script-src' directive. (1 by lukewarlow)
    https://github.com/w3c/trusted-types/pull/473 [spec] 

* w3c/webappsec-change-password-url (+1/-0/💬0)
  1 pull requests submitted:
  - Drop a reference to Request's synchronous flag, which was removed from the Fetch spec. (by hober)
    https://github.com/w3c/webappsec-change-password-url/pull/47 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 3 June 2024 17:00:21 UTC