Weekly github digest (WebAppSec specs) from W3C Webmaster via GitHub API on 2025-06-16 (public-webappsec@w3.org from June 2025)

From: W3C Webmaster via GitHub API <noreply@w3.org>
Date: Mon, 16 Jun 2025 17:00:24 +0000
To: public-webappsec@w3.org
Message-Id: <E1uRDC4-009XPQ-2V@janus.w3.internal>
Issues
------
* w3c/webappsec (+0/-0/💬1)
  1 issues received 1 new comments:
  - #674 Planning 2025-06-18. (1 by drubery)
    https://github.com/w3c/webappsec/issues/674 

* w3c/webappsec-subresource-integrity (+1/-0/💬0)
  1 issues created:
  - Integrity-Policy - multiple observed reports (by yoavweiss)
    https://github.com/w3c/webappsec-subresource-integrity/issues/143 

* w3c/webappsec-csp (+1/-0/💬3)
  1 issues created:
  - Implementation differences with "Strip URL for use in reports" (by evilpie)
    https://github.com/w3c/webappsec-csp/issues/735 

  1 issues received 3 new comments:
  - #735 Implementation differences with "Strip URL for use in reports" (3 by annevk, evilpie)
    https://github.com/w3c/webappsec-csp/issues/735 

* w3c/webappsec-credential-management (+0/-3/💬3)
  3 issues received 3 new comments:
  - #271 Not all paths resolve/reject the promise in the `Request a Credential` algorithm (1 by nsatragno)
    https://github.com/w3c/webappsec-credential-management/issues/271 
  - #270 `PasswordCredential`'s partial `CredentialRequestOptions` has bogus default value (1 by nsatragno)
    https://github.com/w3c/webappsec-credential-management/issues/270 [type:technical] 
  - #267 Missing interfaces size check when creating a credential (1 by nsatragno)
    https://github.com/w3c/webappsec-credential-management/issues/267 [type:technical] 

  3 issues closed:
  - Not all paths resolve/reject the promise in the `Request a Credential` algorithm https://github.com/w3c/webappsec-credential-management/issues/271 
  - unauthorized & redirected https://github.com/w3c/webappsec-credential-management/issues/268 
  - node tests/promptTestingSuite.js https://github.com/w3c/webappsec-credential-management/issues/273 

* w3c/webappsec-clear-site-data (+1/-0/💬1)
  1 issues created:
  - Clear-Site-Data and credentialless iframes (by ukusormus)
    https://github.com/w3c/webappsec-clear-site-data/issues/90 

  1 issues received 1 new comments:
  - #64 Clear-Site-Data and sandboxing (1 by ukusormus)
    https://github.com/w3c/webappsec-clear-site-data/issues/64 

* w3c/webappsec-trusted-types (+0/-0/💬1)
  1 issues received 1 new comments:
  - #586 Do non JS scripts really need TT enforcement? (1 by lukewarlow)
    https://github.com/w3c/trusted-types/issues/586 



Pull requests
-------------
* w3c/webappsec-subresource-integrity (+1/-3/💬0)
  1 pull requests submitted:
  - Remove integration section, now that it is not needed (by yoavweiss)
    https://github.com/w3c/webappsec-subresource-integrity/pull/144 

  3 pull requests merged:
  - Integrity policy example
    https://github.com/w3c/webappsec-subresource-integrity/pull/142 
  - Fix the report type to match implementations
    https://github.com/w3c/webappsec-subresource-integrity/pull/141 
  - Remove integration section, now that it is not needed
    https://github.com/w3c/webappsec-subresource-integrity/pull/144 

* w3c/webappsec-csp (+1/-0/💬5)
  1 pull requests submitted:
  - Use "Strip URL" from the Reporting API (by yoavweiss)
    https://github.com/w3c/webappsec-csp/pull/734 

  1 pull requests received 5 new comments:
  - #734 Use "Strip URL" from the Reporting API (5 by annevk, evilpie, yoavweiss)
    https://github.com/w3c/webappsec-csp/pull/734 

* w3c/webappsec-permissions-policy (+1/-0/💬1)
  1 pull requests submitted:
  - Add proposed features from Chrome's Built-In AI APIs (by michaelwasserman)
    https://github.com/w3c/webappsec-permissions-policy/pull/570 

  1 pull requests received 1 new comments:
  - #570 Add proposed features from Chrome's Built-In AI APIs (1 by michaelwasserman)
    https://github.com/w3c/webappsec-permissions-policy/pull/570 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 16 June 2025 17:00:25 UTC