Title: Bump bower from 1.5.2 to 1.8.9 by dependabot[bot] · Pull Request #2 · forky-mcforkface/JavaScriptTraining · GitHub
Open Graph Title: Bump bower from 1.5.2 to 1.8.9 by dependabot[bot] · Pull Request #2 · forky-mcforkface/JavaScriptTraining
X Title: Bump bower from 1.5.2 to 1.8.9 by dependabot[bot] · Pull Request #2 · forky-mcforkface/JavaScriptTraining
Description: Bumps bower from 1.5.2 to 1.8.9.
Release notes
Sourced from bower's releases.
v1.8.8
Fix security issue connected to extracting .tar.gz archives
This bug allows to write arbitrary file on filesystem when Bower extracts malicious package
Needlessly to say, please upgrade
v1.8.7
Fixes side effect of fix from v1.8.6 that caused improper permissions for extracted folders
bower/bower#2532
v1.8.6
Fix Zip Slip Vulnerability of decompress-zip package: https://snyk.io/research/zip-slip-vulnerability
Note: v1.8.5 has been unpublished because of missing files
v1.8.4
Fixes release 1.8.3 by publishing with npm@3 instead of npm@5 (to include lib/node_modules)
v1.8.3
451c60e Do not store resolutions if --save is not used, fixes #2344 (#2508)
50ee729 Allow to disable shorthand resolver (#2507)
bb17839 Allow shallow cloning when source is a ssh protocol (#2506)
5a6ae54 Add support for Arrays in Environment Variable replacement (#2411)
74af42c Only replace last @ after (if any) last / with # (#2395)
💯Make tests work on Windows / Linux / OSX on node versions 0.10 / 0.12 / 4 / 6 / 8 / 9
💅Format source code with prettier
v1.8.2
Migrate registry url from http://bower.herokuapp.com to https://registry.bower.io
It is so we leverage CDN and offload Heroku instance reducing costs.
v1.8.0
Download tar archives from GitHub when possible (#2263)
Change default shorthand resolver for github from git:// to https://
Fix ssl handling by not setting GIT_SSL_NO_VERIFY=false (#2361)
Allow for removing components with url instead of name (#2368)
Show in warning message location of malformed bower.json (#2357)
Improve handling of non-semver versions in git resolver (#2316)
Fix handling of cached releases pluginResolverFactory (#2356)
Allow to type the entire version when conflict occured (#2243)
Allow owner/reponame shorthand for registering components (#2248)
Allow single-char repo names and package names (#2249)
Make bower version no longer honor version in bower.json (#2232)
Add postinstall hook (#2252)
Allow for @ instead of # for install and info commands (#2322)
Upgrade all bundled modules
... (truncated)
Changelog
Sourced from bower's changelog.
Changelog
Newer releases
Please see: https://github.com/bower/bower/releases
1.8.0 - 2016-11-07
Download tar archives from GitHub when possible (#2263)
Change default shorthand resolver for github from git:// to https://
Fix ssl handling by not setting GIT_SSL_NO_VERIFY=false (#2361)
Allow for removing components with url instead of name (#2368)
Show in warning message location of malformed bower.json (#2357)
Improve handling of non-semver versions in git resolver (#2316)
Fix handling of cached releases pluginResolverFactory (#2356)
Allow to type the entire version when conflict occured (#2243)
Allow owner/reponame shorthand for registering components (#2248)
Allow single-char repo names and package names (#2249)
Make bower version no longer honor version in bower.json (#2232)
Add postinstall hook (#2252)
Allow for @ instead of # for install and info commands (#2322)
Upgrade all bundled modules
1.7.9 - 2016-04-05
Show warnings for invalid bower.json fields
Update bower-json
Less strict validation on package name (allow spaces, slashes, and "@")
1.7.8 - 2016-04-04
Don't ask for git credentials in non-interactive session, fixes #956 #1009
Prevent swallowing exceptions with programmatic api, fixes #2187
Update graceful-fs to 4.x in all dependences, fixes nodejs/node#5213
Resolve pluggable resolvers using cwd and fallback to global modules, fixes #1919
Upgrade handlebars to 4.0.5, closes #2195
Replace all % chatacters in defined scripts, instead of only first one, fixes #2174
Update opn package to fix issues with "bower open" command on Windows
Update bower-config
Do not interpolate environment variables in script hooks, fixes bower/config#47
Update bower-json
Validate package name more strictly and allow only latin letters, dots, dashes and underscores
Add support for "save" and "save-exact" in .bowerrc, #2161
1.7.7 - 2016-01-27
Revert locations of all files while still packaging node_modules.
It's because people are depending on internals of bower, like
bower/lib/renderers/StandardRenderer. We want to preserve this
... (truncated)
Commits
See full diff in compare view
Maintainer changes
This version was pushed to npm by sheerun, a new releaser for bower since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show
Open Graph Description: Bumps bower from 1.5.2 to 1.8.9. Release notes Sourced from bower's releases. v1.8.8 Fix security issue connected to extracting .tar.gz archives This bug allows to write arbitrary file on fil...
X Description: Bumps bower from 1.5.2 to 1.8.9. Release notes Sourced from bower's releases. v1.8.8 Fix security issue connected to extracting .tar.gz archives This bug allows to write arbitrary file on...
Opengraph URL: https://github.com/forky-mcforkface/JavaScriptTraining/pull/2
X: @github
Domain: patch-diff.githubusercontent.com
| route-pattern | /:user_id/:repository/pull/:id/files(.:format) |
| route-controller | pull_requests |
| route-action | files |
| fetch-nonce | v2:b2df41c0-d65f-5adc-fe42-63372cbc9bf7 |
| current-catalog-service-hash | ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b |
| request-id | B6C0:154BC2:105786B:1752B5E:6978D211 |
| html-safe-nonce | 71934843d2f7b2e7cf8471ab6cb1a6a80271baa71045674e7b7d301f375d1871 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJCNkMwOjE1NEJDMjoxMDU3ODZCOjE3NTJCNUU6Njk3OEQyMTEiLCJ2aXNpdG9yX2lkIjoiNjA1Njc0NTk4MTg5MjQxNjAxNyIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | 480cbc6fe28f1589f99386d8729562781fba9bf8e6f45a141ee75787fd58e790 |
| hovercard-subject-tag | pull_request:1867573415 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/forky-mcforkface/JavaScriptTraining/pull/2/files |
| twitter:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| og:image:alt | Bumps bower from 1.5.2 to 1.8.9. Release notes Sourced from bower's releases. v1.8.8 Fix security issue connected to extracting .tar.gz archives This bug allows to write arbitrary file on fil... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | 8a71ca1f7ab5436216e1df86f398ef7a51ed3152c90e3f7332fc70cf97fcb9d6 |
| turbo-cache-control | no-preview |
| diff-view | unified |
| go-import | github.com/forky-mcforkface/JavaScriptTraining git https://github.com/forky-mcforkface/JavaScriptTraining.git |
| octolytics-dimension-user_id | 111464788 |
| octolytics-dimension-user_login | forky-mcforkface |
| octolytics-dimension-repository_id | 525983081 |
| octolytics-dimension-repository_nwo | forky-mcforkface/JavaScriptTraining |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | true |
| octolytics-dimension-repository_parent_id | 12532579 |
| octolytics-dimension-repository_parent_nwo | mixi-inc/JavaScriptTraining |
| octolytics-dimension-repository_network_root_id | 12532579 |
| octolytics-dimension-repository_network_root_nwo | mixi-inc/JavaScriptTraining |
| turbo-body-classes | logged-out env-production page-responsive full-width |
| disable-turbo | true |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | eaed570eead52a9920afef75dc3eb6d826fdc5ef |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width