Bower Versions Save

A package manager for the web

v1.8.12

3 years ago
  • Properly bundle all dependencies of Bower within package

v1.8.10

3 years ago

v1.8.8

5 years ago

Fix security issue connected to extracting .tar.gz archives

This bug allows to write arbitrary file on filesystem when Bower extracts malicious package

Needlessly to say, please upgrade

v1.8.7

5 years ago

Fixes side effect of fix from v1.8.6 that caused improper permissions for extracted folders

https://github.com/bower/bower/issues/2532

v1.8.6

5 years ago

Fix Zip Slip Vulnerability of decompress-zip package: https://snyk.io/research/zip-slip-vulnerability

Note: v1.8.5 has been unpublished because of missing files

v1.8.4

6 years ago
  • Fixes release 1.8.3 by publishing with npm@3 instead of npm@5 (to include lib/node_modules)

v1.8.3

6 years ago
  • 451c60e Do not store resolutions if --save is not used, fixes #2344 (#2508)
  • 50ee729 Allow to disable shorthand resolver (#2507)
  • bb17839 Allow shallow cloning when source is a ssh protocol (#2506)
  • 5a6ae54 Add support for Arrays in Environment Variable replacement (#2411)
  • 74af42c Only replace last @ after (if any) last / with # (#2395)
  • 💯Make tests work on Windows / Linux / OSX on node versions 0.10 / 0.12 / 4 / 6 / 8 / 9
  • 💅Format source code with prettier

v1.8.2

6 years ago

Migrate registry url from http://bower.herokuapp.com to https://registry.bower.io

It is so we leverage CDN and offload Heroku instance reducing costs.

v1.8.0

7 years ago
  • Download tar archives from GitHub when possible (#2263)
    • Change default shorthand resolver for github from git:// to https://
  • Fix ssl handling by not setting GIT_SSL_NO_VERIFY=false (#2361)
  • Allow for removing components with url instead of name (#2368)
  • Show in warning message location of malformed bower.json (#2357)
  • Improve handling of non-semver versions in git resolver (#2316)
  • Fix handling of cached releases pluginResolverFactory (#2356)
  • Allow to type the entire version when conflict occured (#2243)
  • Allow owner/reponame shorthand for registering components (#2248)
  • Allow single-char repo names and package names (#2249)
  • Make bower version no longer honor version in bower.json (#2232)
  • Add postinstall hook (#2252)
  • Allow for @ instead of # for install and info commands (#2322)
  • Upgrade all bundled modules

v1.7.9

8 years ago
  • Show warnings for invalid bower.json fields
  • Update bower-json
    • Less strict validation on package name (allow spaces, slashes, and "@")