All Versions
89
Latest Version
Avg Release Cycle
52 days
Latest Release
1261 days ago
Changelog History
Page 1
Changelog History
Page 1
-
v1.8.8 Changes
January 23, 2019π Fix security issue connected to extracting .tar.gz archives
π¦ This bug allows to write arbitrary file on filesystem when Bower extracts malicious package
β¬οΈ Needlessly to say, please upgrade
-
v1.8.7 Changes
January 17, 2019π Fixes side effect of fix from v1.8.6 that caused improper permissions for extracted folders
-
v1.8.6 Changes
January 17, 2019Fix Zip Slip Vulnerability of decompress-zip package : https://snyk.io/research/zip-slip-vulnerability
Note: v1.8.5 has been unpublished because of missing files
-
v1.8.5
January 17, 2019 -
v1.8.4 Changes
March 28, 2018- π Fixes release 1.8.3 by publishing with [email protected] instead of [email protected] (to include
lib/node_modules
)
- π Fixes release 1.8.3 by publishing with [email protected] instead of [email protected] (to include
-
v1.8.3 Changes
March 28, 2018- π 451c60e Do not store resolutions if --save is not used, fixes #2344 (#2508)
- 50ee729 Allow to disable shorthand resolver (#2507)
- bb17839 Allow shallow cloning when source is a ssh protocol (#2506)
- π 5a6ae54 Add support for Arrays in Environment Variable replacement (#2411)
- 74af42c Only replace last
@
after (if any) last/
with#
(#2395) - π§ π―Make tests work on Windows / Linux / OSX on node versions 0.10 / 0.12 / 4 / 6 / 8 / 9
- π± π Format source code with prettier
-
v1.8.2 Changes
September 13, 2017Migrate registry url from http://bower.herokuapp.com to https://registry.bower.io
It is so we leverage CDN and offload Heroku instance reducing costs.
-
v1.8.0 Changes
November 07, 2016- Download tar archives from GitHub when possible (#2263)
- Change default shorthand resolver for github from
git://
tohttps://
- Change default shorthand resolver for github from
- Fix ssl handling by not setting GIT_SSL_NO_VERIFY=false (#2361)
- π Allow for removing components with url instead of name (#2368)
- β Show in warning message location of malformed bower.json (#2357)
- π Improve handling of non-semver versions in git resolver (#2316)
- π Fix handling of cached releases pluginResolverFactory (#2356)
- π Allow to type the entire version when conflict occured (#2243)
- π Allow
owner/reponame
shorthand for registering components (#2248) - π Allow single-char repo names and package names (#2249)
- π Make
bower version
no longer honorversion
in bower.json (#2232) - β Add
postinstall
hook (#2252) - π Allow for
@
instead of#
forinstall
andinfo
commands (#2322) - β¬οΈ Upgrade all bundled modules
- Download tar archives from GitHub when possible (#2263)
-
v1.7.9 Changes
April 05, 2016- β Show warnings for invalid bower.json fields
- β‘οΈ Update bower-json
- Less strict validation on package name (allow spaces, slashes, and "@")
-
v1.7.8 Changes
April 04, 2016- π Don't ask for git credentials in non-interactive session, fixes #956 #1009
- π Prevent swallowing exceptions with programmatic api, fixes #2187
- β‘οΈ Update graceful-fs to 4.x in all dependences, fixes nodejs/node#5213
- π Resolve pluggable resolvers using cwd and fallback to global modules, fixes #1919
- β¬οΈ Upgrade handlebars to 4.0.5, closes #2195
- π Replace all % chatacters in defined scripts, instead of only first one, fixes #2174
- β‘οΈ Update opn package to fix issues with "bower open" command on Windows
- β‘οΈ Update bower-config
- Do not interpolate environment variables in script hooks, fixes bower/config#47
- β‘οΈ Update bower-json
- Validate package name more strictly and allow only latin letters, dots, dashes and underscores
- β Add support for "save" and "save-exact" in .bowerrc, #2161