A package manager for the web
Fix security issue connected to extracting .tar.gz archives
This bug allows to write arbitrary file on filesystem when Bower extracts malicious package
Needlessly to say, please upgrade
Fixes side effect of fix from v1.8.6 that caused improper permissions for extracted folders
Fix Zip Slip Vulnerability of decompress-zip package: https://snyk.io/research/zip-slip-vulnerability
Note: v1.8.5 has been unpublished because of missing files
lib/node_modules
)@
after (if any) last /
with #
(#2395)Migrate registry url from http://bower.herokuapp.com to https://registry.bower.io
It is so we leverage CDN and offload Heroku instance reducing costs.
git://
to https://
owner/reponame
shorthand for registering components (#2248)bower version
no longer honor version
in bower.json (#2232)postinstall
hook (#2252)@
instead of #
for install
and info
commands (#2322)