- From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
- Date: Mon, 08 Mar 2021 17:00:23 +0000
- To: public-webappsec@w3.org
- Message-Id: <E1lJJF1-0005SC-7a@uranus.w3.org>
Issues
------
* w3c/webappsec (+1/-0/💬0)
1 issues created:
- myappconfluence.atlassian.net (by chewy22)
https://github.com/w3c/webappsec/issues/575
* w3c/webappsec-csp (+2/-0/💬6)
2 issues created:
- Non-ASCII characters in CSP policy. (by antosart)
https://github.com/w3c/webappsec-csp/issues/473
- More robust handling of non-executable <script> nodes (by arturjanc)
https://github.com/w3c/webappsec-csp/issues/472
3 issues received 6 new comments:
- #473 Non-ASCII characters in CSP policy. (1 by annevk)
https://github.com/w3c/webappsec-csp/issues/473
- #472 More robust handling of non-executable <script> nodes (3 by arturjanc, domenic)
https://github.com/w3c/webappsec-csp/issues/472
- #470 Add report samples to security considerations (2 by arturjanc, jyasskin)
https://github.com/w3c/webappsec-csp/issues/470
* w3c/webappsec-mixed-content (+0/-0/💬8)
1 issues received 8 new comments:
- #41 Spec is not clear about blobs created in sandboxed iframes (8 by annevk, letitz, mkruisselbrink, youennf)
https://github.com/w3c/webappsec-mixed-content/issues/41
* w3c/webappsec-cowl (+1/-0/💬4)
1 issues created:
- Mark spec as no longer being worked on? And archive this repo? (by sideshowbarker)
https://github.com/w3c/webappsec-cowl/issues/81
1 issues received 4 new comments:
- #81 Mark spec as no longer being worked on? And archive this repo? (4 by deian, sideshowbarker)
https://github.com/w3c/webappsec-cowl/issues/81
* w3c/webappsec-epr (+1/-0/💬0)
1 issues created:
- Archive this GitHub repo? (by sideshowbarker)
https://github.com/w3c/webappsec-epr/issues/5
* w3c/webappsec-trusted-types (+0/-2/💬5)
3 issues received 5 new comments:
- #278 Make input argument to createHTML, createScript, and createScriptURL optional (1 by koto)
https://github.com/w3c/webappsec-trusted-types/issues/278 [future]
- #259 Restrict to secure contexts (3 by annevk, koto)
https://github.com/w3c/webappsec-trusted-types/issues/259 [spec]
- #256 require-trusted-types-for 'wasm' (1 by koto)
https://github.com/w3c/webappsec-trusted-types/issues/256 [future] [spec]
2 issues closed:
- require-trusted-types-for 'wasm' https://github.com/w3c/webappsec-trusted-types/issues/256 [future] [spec]
- Restrict to secure contexts https://github.com/w3c/webappsec-trusted-types/issues/259 [spec]
Pull requests
-------------
* w3c/webappsec-subresource-integrity (+1/-1/💬5)
1 pull requests submitted:
- Switch to GitHub Actions build-validate-publish (by sideshowbarker)
https://github.com/w3c/webappsec-subresource-integrity/pull/100
2 pull requests received 5 new comments:
- #100 Switch to GitHub Actions build-validate-publish (4 by mozfreddyb, sideshowbarker)
https://github.com/w3c/webappsec-subresource-integrity/pull/100
- #93 Updated index.html (1 by sideshowbarker)
https://github.com/w3c/webappsec-subresource-integrity/pull/93
1 pull requests merged:
- Switch to GitHub Actions build-validate-publish
https://github.com/w3c/webappsec-subresource-integrity/pull/100
* w3c/webappsec-csp (+1/-3/💬1)
1 pull requests submitted:
- CI: Switch to using w3c/spec-prod (by sideshowbarker)
https://github.com/w3c/webappsec-csp/pull/471
1 pull requests received 1 new comments:
- #464 Match hash-algorithm parts case-insensitively (as CSP2) (1 by sideshowbarker)
https://github.com/w3c/webappsec-csp/pull/464 [needs tests]
3 pull requests merged:
- CI: Switch to using w3c/spec-prod
https://github.com/w3c/webappsec-csp/pull/471
- Follow Bikeshed filename convention: Use index.bs
https://github.com/w3c/webappsec-csp/pull/469
- Match hash-algorithm parts case-insensitively (as CSP2)
https://github.com/w3c/webappsec-csp/pull/464 [needs tests]
* w3c/webappsec-mixed-content (+1/-1/💬0)
1 pull requests submitted:
- CI: Switch to using GitHub Actions (by sideshowbarker)
https://github.com/w3c/webappsec-mixed-content/pull/42
1 pull requests merged:
- Fix typo: upgrade should turn scheme into https
https://github.com/w3c/webappsec-mixed-content/pull/37
* w3c/webappsec-fetch-metadata (+2/-2/💬2)
2 pull requests submitted:
- Meta: Make Version History link to main (!master) (by sideshowbarker)
https://github.com/w3c/webappsec-fetch-metadata/pull/65
- CI: GitHub-Actions-based build-validate-publish (by sideshowbarker)
https://github.com/w3c/webappsec-fetch-metadata/pull/64
2 pull requests received 2 new comments:
- #64 CI: GitHub-Actions-based build-validate-publish (1 by mikewest)
https://github.com/w3c/webappsec-fetch-metadata/pull/64
- #62 Regenerate index.html file (1 by mikewest)
https://github.com/w3c/webappsec-fetch-metadata/pull/62
2 pull requests merged:
- Meta: Make Version History link to main (!master)
https://github.com/w3c/webappsec-fetch-metadata/pull/65
- CI: GitHub-Actions-based build-validate-publish
https://github.com/w3c/webappsec-fetch-metadata/pull/64
* w3c/webappsec-trusted-types (+24/-9/💬52)
24 pull requests submitted:
- Added support for enforcing Trusted Types in workers. (by koto)
https://github.com/w3c/webappsec-trusted-types/pull/332
- Bump eslint-plugin-jasmine from 2.10.1 to 4.1.2 (by dependabot)
https://github.com/w3c/webappsec-trusted-types/pull/331
- Bump @babel/polyfill from 7.4.4 to 7.12.1 (by dependabot)
https://github.com/w3c/webappsec-trusted-types/pull/330
- Bump karma-chrome-launcher from 2.2.0 to 3.1.0 (by dependabot)
https://github.com/w3c/webappsec-trusted-types/pull/329
- Bump eslint from 5.16.0 to 7.21.0 (by dependabot)
https://github.com/w3c/webappsec-trusted-types/pull/328
- Bump karma-firefox-launcher from 1.1.0 to 2.1.0 (by dependabot)
https://github.com/w3c/webappsec-trusted-types/pull/327
- Bump jasmine from 3.4.0 to 3.6.4 (by dependabot)
https://github.com/w3c/webappsec-trusted-types/pull/326
- Bump karma from 4.2.0 to 6.1.1 (by dependabot)
https://github.com/w3c/webappsec-trusted-types/pull/325
- Bump @babel/preset-env from 7.5.5 to 7.13.9 (by dependabot)
https://github.com/w3c/webappsec-trusted-types/pull/324
- Bump google-closure-compiler from 20190415.0.0 to 20210202.0.0 (by dependabot)
https://github.com/w3c/webappsec-trusted-types/pull/323
- Bump gulp-sourcemaps from 2.6.5 to 3.0.0 (by dependabot)
https://github.com/w3c/webappsec-trusted-types/pull/322
- [Security] Bump mixin-deep from 1.3.1 to 1.3.2 (by dependabot-preview)
https://github.com/w3c/webappsec-trusted-types/pull/321
- [Security] Bump https-proxy-agent from 2.2.1 to 2.2.4 (by dependabot-preview)
https://github.com/w3c/webappsec-trusted-types/pull/320
- [Security] Bump http-proxy from 1.17.0 to 1.18.1 (by dependabot-preview)
https://github.com/w3c/webappsec-trusted-types/pull/319
- [Security] Bump eslint-utils from 1.3.1 to 1.4.3 (by dependabot-preview)
https://github.com/w3c/webappsec-trusted-types/pull/318
- Bump jasmine-core from 3.4.0 to 3.6.0 (by dependabot-preview)
https://github.com/w3c/webappsec-trusted-types/pull/317
- [Security] Bump lodash from 4.17.11 to 4.17.21 (by dependabot-preview)
https://github.com/w3c/webappsec-trusted-types/pull/316
- Bump karma-jasmine from 2.0.1 to 4.0.1 (by dependabot-preview)
https://github.com/w3c/webappsec-trusted-types/pull/315
- [Security] Bump elliptic from 6.5.0 to 6.5.4 (by dependabot-preview)
https://github.com/w3c/webappsec-trusted-types/pull/314
- Bump eslint-config-google from 0.12.0 to 0.14.0 (by dependabot-preview)
https://github.com/w3c/webappsec-trusted-types/pull/313
- Create Dependabot config file (by dependabot-preview)
https://github.com/w3c/webappsec-trusted-types/pull/312
- Bump rollup from 1.17.0 to 2.40.0 (by dependabot-preview)
https://github.com/w3c/webappsec-trusted-types/pull/311
- [Security] Bump ini from 1.3.5 to 1.3.8 (by dependabot-preview)
https://github.com/w3c/webappsec-trusted-types/pull/310
- Bump @babel/core from 7.5.5 to 7.13.8 (by dependabot-preview)
https://github.com/w3c/webappsec-trusted-types/pull/309
25 pull requests received 52 new comments:
- #332 Added support for enforcing Trusted Types in workers. (1 by koto)
https://github.com/w3c/webappsec-trusted-types/pull/332
- #331 Bump eslint-plugin-jasmine from 2.10.1 to 4.1.2 (2 by dependabot, koto)
https://github.com/w3c/webappsec-trusted-types/pull/331 [dependencies]
- #330 Bump @babel/polyfill from 7.4.4 to 7.12.1 (2 by dependabot, koto)
https://github.com/w3c/webappsec-trusted-types/pull/330 [dependencies]
- #329 Bump karma-chrome-launcher from 2.2.0 to 3.1.0 (2 by dependabot, koto)
https://github.com/w3c/webappsec-trusted-types/pull/329 [dependencies]
- #328 Bump eslint from 5.16.0 to 7.21.0 (2 by dependabot, koto)
https://github.com/w3c/webappsec-trusted-types/pull/328 [dependencies]
- #327 Bump karma-firefox-launcher from 1.1.0 to 2.1.0 (2 by dependabot, koto)
https://github.com/w3c/webappsec-trusted-types/pull/327 [dependencies]
- #326 Bump jasmine from 3.4.0 to 3.6.4 (2 by dependabot, koto)
https://github.com/w3c/webappsec-trusted-types/pull/326 [dependencies]
- #325 Bump karma from 4.2.0 to 6.1.1 (2 by dependabot, koto)
https://github.com/w3c/webappsec-trusted-types/pull/325 [dependencies]
- #324 Bump @babel/preset-env from 7.5.5 to 7.13.9 (2 by dependabot, koto)
https://github.com/w3c/webappsec-trusted-types/pull/324 [dependencies]
- #323 Bump google-closure-compiler from 20190415.0.0 to 20210202.0.0 (2 by dependabot, koto)
https://github.com/w3c/webappsec-trusted-types/pull/323 [dependencies]
- #322 Bump gulp-sourcemaps from 2.6.5 to 3.0.0 (2 by dependabot, koto)
https://github.com/w3c/webappsec-trusted-types/pull/322 [dependencies]
- #321 [Security] Bump mixin-deep from 1.3.1 to 1.3.2 (1 by dependabot-preview)
https://github.com/w3c/webappsec-trusted-types/pull/321 [dependencies] [security]
- #320 [Security] Bump https-proxy-agent from 2.2.1 to 2.2.4 (3 by dependabot-preview, koto)
https://github.com/w3c/webappsec-trusted-types/pull/320 [dependencies] [security]
- #319 [Security] Bump http-proxy from 1.17.0 to 1.18.1 (3 by dependabot-preview, koto)
https://github.com/w3c/webappsec-trusted-types/pull/319 [dependencies] [security]
- #318 [Security] Bump eslint-utils from 1.3.1 to 1.4.3 (1 by dependabot-preview)
https://github.com/w3c/webappsec-trusted-types/pull/318 [dependencies] [security]
- #317 Bump jasmine-core from 3.4.0 to 3.6.0 (1 by dependabot-preview)
https://github.com/w3c/webappsec-trusted-types/pull/317 [dependencies]
- #316 [Security] Bump lodash from 4.17.11 to 4.17.21 (1 by dependabot-preview)
https://github.com/w3c/webappsec-trusted-types/pull/316 [dependencies] [security]
- #315 Bump karma-jasmine from 2.0.1 to 4.0.1 (3 by dependabot-preview, koto)
https://github.com/w3c/webappsec-trusted-types/pull/315 [dependencies]
- #314 [Security] Bump elliptic from 6.5.0 to 6.5.4 (3 by dependabot-preview, koto)
https://github.com/w3c/webappsec-trusted-types/pull/314 [dependencies] [security]
- #313 Bump eslint-config-google from 0.12.0 to 0.14.0 (2 by dependabot-preview)
https://github.com/w3c/webappsec-trusted-types/pull/313 [dependencies]
- #311 Bump rollup from 1.17.0 to 2.40.0 (2 by dependabot-preview)
https://github.com/w3c/webappsec-trusted-types/pull/311 [dependencies]
- #310 [Security] Bump ini from 1.3.5 to 1.3.8 (3 by dependabot-preview, koto)
https://github.com/w3c/webappsec-trusted-types/pull/310 [dependencies] [security]
- #309 Bump @babel/core from 7.5.5 to 7.13.8 (4 by dependabot-preview, koto)
https://github.com/w3c/webappsec-trusted-types/pull/309 [dependencies]
- #308 Fix remaining Web IDL issues (2 by koto, sideshowbarker)
https://github.com/w3c/webappsec-trusted-types/pull/308
- #304 Bump ini from 1.3.5 to 1.3.7 (2 by dependabot, sideshowbarker)
https://github.com/w3c/webappsec-trusted-types/pull/304 [dependencies]
9 pull requests merged:
- Added support for enforcing Trusted Types in workers.
https://github.com/w3c/webappsec-trusted-types/pull/332
- Removed the secure context restrictions.
https://github.com/w3c/webappsec-trusted-types/pull/279
- Bump rollup from 1.17.0 to 2.40.0
https://github.com/w3c/webappsec-trusted-types/pull/311 [dependencies]
- [Security] Bump lodash from 4.17.11 to 4.17.21
https://github.com/w3c/webappsec-trusted-types/pull/316 [dependencies] [security]
- Bump jasmine-core from 3.4.0 to 3.6.0
https://github.com/w3c/webappsec-trusted-types/pull/317 [dependencies]
- [Security] Bump eslint-utils from 1.3.1 to 1.4.3
https://github.com/w3c/webappsec-trusted-types/pull/318 [dependencies] [security]
- [Security] Bump mixin-deep from 1.3.1 to 1.3.2
https://github.com/w3c/webappsec-trusted-types/pull/321 [dependencies] [security]
- Create Dependabot config file
https://github.com/w3c/webappsec-trusted-types/pull/312 [dependencies]
- Fix remaining Web IDL issues
https://github.com/w3c/webappsec-trusted-types/pull/308
Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-unofficial-drafts
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 8 March 2021 17:00:26 UTC