Skip to content

@sheerun sheerun released this Jan 23, 2019 · 15 commits to master since this release

Fix security issue connected to extracting .tar.gz archives

This bug allows to write arbitrary file on filesystem when Bower extracts malicious package

Needlessly to say, please upgrade

Assets 2

@sheerun sheerun released this Jan 17, 2019 · 17 commits to master since this release

Fixes side effect of fix from v1.8.6 that caused improper permissions for extracted folders

#2532

Assets 2

@sheerun sheerun released this Jan 17, 2019 · 18 commits to master since this release

Fix Zip Slip Vulnerability of decompress-zip package: https://snyk.io/research/zip-slip-vulnerability

Note: v1.8.5 has been unpublished because of missing files

Assets 2
Jan 17, 2019
Bump to 1.8.5

@sheerun sheerun released this Mar 28, 2018 · 23 commits to master since this release

  • Fixes release 1.8.3 by publishing with npm@3 instead of npm@5 (to include lib/node_modules)
Assets 2

@sheerun sheerun released this Mar 28, 2018 · 25 commits to master since this release

  • 451c60e Do not store resolutions if --save is not used, fixes #2344 (#2508)
  • 50ee729 Allow to disable shorthand resolver (#2507)
  • bb17839 Allow shallow cloning when source is a ssh protocol (#2506)
  • 5a6ae54 Add support for Arrays in Environment Variable replacement (#2411)
  • 74af42c Only replace last @ after (if any) last / with # (#2395)
  • 💯Make tests work on Windows / Linux / OSX on node versions 0.10 / 0.12 / 4 / 6 / 8 / 9
  • 💅Format source code with prettier
Assets 2

@sheerun sheerun released this Sep 13, 2017 · 24 commits to master since this release

Migrate registry url from http://bower.herokuapp.com to https://registry.bower.io

It is so we leverage CDN and offload Heroku instance reducing costs.

Assets 2
Sep 13, 2017
Migrate bower.herokuapp.com to registry.bower.io

@sheerun sheerun released this Nov 7, 2016 · 57 commits to master since this release

  • Download tar archives from GitHub when possible (#2263)
    • Change default shorthand resolver for github from git:// to https://
  • Fix ssl handling by not setting GIT_SSL_NO_VERIFY=false (#2361)
  • Allow for removing components with url instead of name (#2368)
  • Show in warning message location of malformed bower.json (#2357)
  • Improve handling of non-semver versions in git resolver (#2316)
  • Fix handling of cached releases pluginResolverFactory (#2356)
  • Allow to type the entire version when conflict occured (#2243)
  • Allow owner/reponame shorthand for registering components (#2248)
  • Allow single-char repo names and package names (#2249)
  • Make bower version no longer honor version in bower.json (#2232)
  • Add postinstall hook (#2252)
  • Allow for @ instead of # for install and info commands (#2322)
  • Upgrade all bundled modules
Assets 2

@sheerun sheerun released this Apr 5, 2016 · 579 commits to master since this release

  • Show warnings for invalid bower.json fields
  • Update bower-json
    • Less strict validation on package name (allow spaces, slashes, and "@")
Assets 2
You can’t perform that action at this time.