Skip to content

Releases: bower/bower

v1.8.12

19 Jan 09:39
@sheerun sheerun
v1.8.12
f18330b
Compare
Choose a tag to compare
v1.8.12 Latest
Latest
  • Properly bundle all dependencies of Bower within package
Assets 2

v1.8.10

14 Jan 19:28
@sheerun sheerun
v1.8.10
bb563b0
Compare
Choose a tag to compare
v1.8.10
  • Security fixes for tar-fs dependency #2576
  • Security fixes for handlebars dependency #2586
  • Security fixes for ini dependency #2589
Assets 2

v1.8.8

23 Jan 21:32
@sheerun sheerun
v1.8.8
67741b4
Compare
Choose a tag to compare
v1.8.8

Fix security issue connected to extracting .tar.gz archives

This bug allows to write arbitrary file on filesystem when Bower extracts malicious package

Needlessly to say, please upgrade

Assets 2

v1.8.7

17 Jan 22:42
@sheerun sheerun
v1.8.7
4f68fc7
Compare
Choose a tag to compare
v1.8.7

Fixes side effect of fix from v1.8.6 that caused improper permissions for extracted folders

#2532

Assets 2

v1.8.6

17 Jan 13:49
@sheerun sheerun
v1.8.6
206046b
Compare
Choose a tag to compare
v1.8.6

Fix Zip Slip Vulnerability of decompress-zip package: https://snyk.io/research/zip-slip-vulnerability

Note: v1.8.5 has been unpublished because of missing files

Assets 2

v1.8.4

28 Mar 19:08
@sheerun sheerun
v1.8.4
1c15dea
Compare
Choose a tag to compare
v1.8.4
  • Fixes release 1.8.3 by publishing with npm@3 instead of npm@5 (to include lib/node_modules)
Assets 2

v1.8.3

28 Mar 18:21
@sheerun sheerun
v1.8.3
2756016
Compare
Choose a tag to compare
v1.8.3
  • 451c60e Do not store resolutions if --save is not used, fixes #2344 (#2508)
  • 50ee729 Allow to disable shorthand resolver (#2507)
  • bb17839 Allow shallow cloning when source is a ssh protocol (#2506)
  • 5a6ae54 Add support for Arrays in Environment Variable replacement (#2411)
  • 74af42c Only replace last @ after (if any) last / with # (#2395)
  • 💯Make tests work on Windows / Linux / OSX on node versions 0.10 / 0.12 / 4 / 6 / 8 / 9
  • 💅Format source code with prettier
Assets 2

v1.8.2

13 Sep 17:02
@sheerun sheerun
v1.8.2
2aa1f27
Compare
Choose a tag to compare
v1.8.2

Migrate registry url from http://bower.herokuapp.com to https://registry.bower.io

It is so we leverage CDN and offload Heroku instance reducing costs.

Assets 2

v1.8.0

07 Nov 10:20
@sheerun sheerun
v1.8.0
bda4006
Compare
Choose a tag to compare
v1.8.0
  • Download tar archives from GitHub when possible (#2263)
    • Change default shorthand resolver for github from git:// to https://
  • Fix ssl handling by not setting GIT_SSL_NO_VERIFY=false (#2361)
  • Allow for removing components with url instead of name (#2368)
  • Show in warning message location of malformed bower.json (#2357)
  • Improve handling of non-semver versions in git resolver (#2316)
  • Fix handling of cached releases pluginResolverFactory (#2356)
  • Allow to type the entire version when conflict occured (#2243)
  • Allow owner/reponame shorthand for registering components (#2248)
  • Allow single-char repo names and package names (#2249)
  • Make bower version no longer honor version in bower.json (#2232)
  • Add postinstall hook (#2252)
  • Allow for @ instead of # for install and info commands (#2322)
  • Upgrade all bundled modules
Assets 2

v1.7.9

05 Apr 12:39
@sheerun sheerun
v1.7.9
8065e5c
Compare
Choose a tag to compare
v1.7.9
  • Show warnings for invalid bower.json fields
  • Update bower-json
    • Less strict validation on package name (allow spaces, slashes, and "@")
Assets 2