Weekly github digest (WebAppSec specs) from W3C Webmaster via GitHub API on 2024-10-14 (public-webappsec@w3.org from October 2024)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 14 Oct 2024 17:00:22 +0000
To: public-webappsec@w3.org
Message-Id: <E1t0OQg-00Et0W-1x@janus.w3.internal>
Issues
------
* w3c/webappsec (+0/-1/💬6)
  1 issues received 6 new comments:
  - #661 Planning 2024-10-16. (6 by mikewest, qabandi, simoneonofri, weizman)
    https://github.com/w3c/webappsec/issues/661 

  1 issues closed:
  - Planning 2024-10-16. https://github.com/w3c/webappsec/issues/661 

* w3c/webappsec-subresource-integrity (+0/-2/💬0)
  2 issues closed:
  - Second preimage resistance https://github.com/w3c/webappsec-subresource-integrity/issues/106 
  - Second preimage resistance https://github.com/w3c/webappsec-subresource-integrity/issues/106 

* w3c/webappsec-csp (+3/-2/💬8)
  3 issues created:
  - Parse response’s CSPs parsing header list values type mismatch (by 0x4261756D)
    https://github.com/w3c/webappsec-csp/issues/684 
  - Introduce 'connect-certificate-hash' for WebTransport (by jan-ivar)
    https://github.com/w3c/webappsec-csp/issues/683 
  - CSP headers are incorrect with multiple rules (by letanloc1998)
    https://github.com/w3c/webappsec-csp/issues/682 

  4 issues received 8 new comments:
  - #683 Introduce 'connect-certificate-hash' for WebTransport (1 by martinthomson)
    https://github.com/w3c/webappsec-csp/issues/683 
  - #682 CSP headers are incorrect with multiple rules (3 by annevk, mikewest)
    https://github.com/w3c/webappsec-csp/issues/682 
  - #672 CSP Report Does Not Reflect Redirected Blocked Domains (1 by qabandi)
    https://github.com/w3c/webappsec-csp/issues/672 
  - #662 frame-src is not effective in restricting the possible origins of subframes (3 by NDevTK, qabandi)
    https://github.com/w3c/webappsec-csp/issues/662 

  2 issues closed:
  - Parse response’s CSPs parsing header list values type mismatch https://github.com/w3c/webappsec-csp/issues/684 
  - Request's initiator can't be "fetch" https://github.com/w3c/webappsec-csp/issues/660 

* w3c/webappsec-trusted-types (+1/-0/💬0)
  1 issues created:
  - Dead link to "HTML imports" (by fred-wang)
    https://github.com/w3c/trusted-types/issues/550 



Pull requests
-------------
* w3c/webappsec-subresource-integrity (+1/-3/💬2)
  1 pull requests submitted:
  - Update signature-based-restrictions-explainer.markdown (by mikewest)
    https://github.com/w3c/webappsec-subresource-integrity/pull/127 

  1 pull requests received 2 new comments:
  - #125 Editorial updates (2 by mikewest, mozfreddyb)
    https://github.com/w3c/webappsec-subresource-integrity/pull/125 

  3 pull requests merged:
  - Specify the supported hashing algorithms.
    https://github.com/w3c/webappsec-subresource-integrity/pull/126 
  - Update signature-based-restrictions-explainer.markdown
    https://github.com/w3c/webappsec-subresource-integrity/pull/127 
  - Editorial updates
    https://github.com/w3c/webappsec-subresource-integrity/pull/125 

* w3c/webappsec-csp (+1/-2/💬0)
  1 pull requests submitted:
  - Fix parsing response's CSP type mismatch (by antosart)
    https://github.com/w3c/webappsec-csp/pull/685 

  2 pull requests merged:
  - Fix parsing response's CSP type mismatch
    https://github.com/w3c/webappsec-csp/pull/685 
  - Fix check of request initiator being "fetch"
    https://github.com/w3c/webappsec-csp/pull/663 

* w3c/webappsec-credential-management (+1/-0/💬1)
  1 pull requests submitted:
  - Make order of checking abort signal in "create algorithm" match "request algorithm" (by pkotwicz)
    https://github.com/w3c/webappsec-credential-management/pull/264 

  1 pull requests received 1 new comments:
  - #264 Make order of checking abort signal in "create algorithm" match "request algorithm" (1 by pkotwicz)
    https://github.com/w3c/webappsec-credential-management/pull/264 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 14 October 2024 17:00:23 UTC