All Versions
89
Latest Version
Avg Release Cycle
52 days
Latest Release
530 days ago

Changelog History
Page 1

  • v1.8.8

    January 23, 2019

    πŸ›  Fix security issue connected to extracting .tar.gz archives

    πŸ“¦ This bug allows to write arbitrary file on filesystem when Bower extracts malicious package

    ⬆️ Needlessly to say, please upgrade

  • v1.8.7

    January 17, 2019

    πŸ›  Fixes side effect of fix from v1.8.6 that caused improper permissions for extracted folders

    #2532

  • v1.8.6

    January 17, 2019

    Fix Zip Slip Vulnerability of decompress-zip package : https://snyk.io/research/zip-slip-vulnerability

    Note: v1.8.5 has been unpublished because of missing files

  • v1.8.5

    January 17, 2019

  • v1.8.4

    March 28, 2018
    • πŸ›  Fixes release 1.8.3 by publishing with npm@3 instead of npm@5 (to include lib/node_modules)

  • v1.8.3

    March 28, 2018
    • πŸ›  451c60e Do not store resolutions if --save is not used, fixes #2344 (#2508)
    • 50ee729 Allow to disable shorthand resolver (#2507)
    • bb17839 Allow shallow cloning when source is a ssh protocol (#2506)
    • πŸ‘ 5a6ae54 Add support for Arrays in Environment Variable replacement (#2411)
    • 74af42c Only replace last @ after (if any) last / with # (#2395)
    • 🐧 πŸ’―Make tests work on Windows / Linux / OSX on node versions 0.10 / 0.12 / 4 / 6 / 8 / 9
    • 🍱 πŸ’…Format source code with prettier

  • v1.8.2

    September 13, 2017

    Migrate registry url from http://bower.herokuapp.com to https://registry.bower.io

    It is so we leverage CDN and offload Heroku instance reducing costs.

  • v1.8.0

    November 07, 2016
    • Download tar archives from GitHub when possible (#2263)
      • Change default shorthand resolver for github from git:// to https://
    • Fix ssl handling by not setting GIT_SSL_NO_VERIFY=false (#2361)
    • πŸ‘ Allow for removing components with url instead of name (#2368)
    • ⚠ Show in warning message location of malformed bower.json (#2357)
    • πŸ‘Œ Improve handling of non-semver versions in git resolver (#2316)
    • πŸ›  Fix handling of cached releases pluginResolverFactory (#2356)
    • πŸ‘ Allow to type the entire version when conflict occured (#2243)
    • πŸ‘ Allow owner/reponame shorthand for registering components (#2248)
    • πŸ‘ Allow single-char repo names and package names (#2249)
    • πŸ‘‰ Make bower version no longer honor version in bower.json (#2232)
    • βž• Add postinstall hook (#2252)
    • πŸ‘ Allow for @ instead of # for install and info commands (#2322)
    • ⬆️ Upgrade all bundled modules

  • v1.7.9

    April 05, 2016
    • ⚠ Show warnings for invalid bower.json fields
    • ⚑️ Update bower-json
      • Less strict validation on package name (allow spaces, slashes, and "@")

  • v1.7.8

    April 04, 2016
    • πŸ›  Don't ask for git credentials in non-interactive session, fixes #956 #1009
    • πŸ›  Prevent swallowing exceptions with programmatic api, fixes #2187
    • ⚑️ Update graceful-fs to 4.x in all dependences, fixes nodejs/node#5213
    • πŸ›  Resolve pluggable resolvers using cwd and fallback to global modules, fixes #1919
    • ⬆️ Upgrade handlebars to 4.0.5, closes #2195
    • πŸ›  Replace all % chatacters in defined scripts, instead of only first one, fixes #2174
    • ⚑️ Update opn package to fix issues with "bower open" command on Windows
    • ⚑️ Update bower-config
      • Do not interpolate environment variables in script hooks, fixes bower/config#47
    • ⚑️ Update bower-json
      • Validate package name more strictly and allow only latin letters, dots, dashes and underscores
    • βž• Add support for "save" and "save-exact" in .bowerrc, #2161