Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency bower to v1.8.14 #36

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency bower to v1.8.14 #36

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Dec 16, 2017
edited by spartha1995

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
bower (source) 1.7.9 -> 1.8.14 age adoption passing confidence

Release Notes

bower/bower

v1.8.14

Compare Source

v1.8.13

Compare Source

v1.8.12

Compare Source

  • Properly bundle all dependencies of Bower within package

v1.8.11

Compare Source

v1.8.10

v1.8.8

Compare Source

Fix security issue connected to extracting .tar.gz archives

This bug allows to write arbitrary file on filesystem when Bower extracts malicious package

Needlessly to say, please upgrade

v1.8.7

Compare Source

Fixes side effect of fix from v1.8.6 that caused improper permissions for extracted folders

https://github.com/bower/bower/issues/2532

v1.8.6

Compare Source

Fix Zip Slip Vulnerability of decompress-zip package: https://snyk.io/research/zip-slip-vulnerability

Note: v1.8.5 has been unpublished because of missing files

v1.8.4

Compare Source

  • Fixes release 1.8.3 by publishing with npm@3 instead of npm@5 (to include lib/node_modules)

v1.8.3

Compare Source

  • 451c60e Do not store resolutions if --save is not used, fixes #​2344 (#​2508)
  • 50ee729 Allow to disable shorthand resolver (#​2507)
  • bb17839 Allow shallow cloning when source is a ssh protocol (#​2506)
  • 5a6ae54 Add support for Arrays in Environment Variable replacement (#​2411)
  • 74af42c Only replace last @ after (if any) last / with # (#​2395)
  • 💯Make tests work on Windows / Linux / OSX on node versions 0.10 / 0.12 / 4 / 6 / 8 / 9
  • 💅Format source code with prettier

v1.8.2

Compare Source

Migrate registry url from http://bower.herokuapp.com to https://registry.bower.io

It is so we leverage CDN and offload Heroku instance reducing costs.

v1.8.0

  • Download tar archives from GitHub when possible (#​2263)
    • Change default shorthand resolver for github from git:// to https://
  • Fix ssl handling by not setting GIT_SSL_NO_VERIFY=false (#​2361)
  • Allow for removing components with url instead of name (#​2368)
  • Show in warning message location of malformed bower.json (#​2357)
  • Improve handling of non-semver versions in git resolver (#​2316)
  • Fix handling of cached releases pluginResolverFactory (#​2356)
  • Allow to type the entire version when conflict occured (#​2243)
  • Allow owner/reponame shorthand for registering components (#​2248)
  • Allow single-char repo names and package names (#​2249)
  • Make bower version no longer honor version in bower.json (#​2232)
  • Add postinstall hook (#​2252)
  • Allow for @ instead of # for install and info commands (#​2322)
  • Upgrade all bundled modules

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

This change is Reviewable

@renovate renovate bot force-pushed the renovate/bower-1.x branch 2 times, most recently from bcdbcd1 to c55d761 Compare January 10, 2018 13:05
@renovate renovate bot force-pushed the renovate/bower-1.x branch 6 times, most recently from 79a0b1e to 3e71c73 Compare January 29, 2018 06:58
@renovate renovate bot force-pushed the renovate/bower-1.x branch 3 times, most recently from a8c01fc to 36a9759 Compare February 23, 2018 11:01
@renovate renovate bot changed the title Update dependency bower to v1.8.2 Update dependency bower to v1.8.3 Mar 28, 2018
@renovate renovate bot changed the title Update dependency bower to v1.8.3 Update dependency bower to v1.8.4 Mar 28, 2018
@renovate renovate bot changed the title Update dependency bower to v1.8.4 Update dependency bower to v1.8.6 Jan 17, 2019
@renovate renovate bot changed the title Update dependency bower to v1.8.6 Update dependency bower to v1.8.7 Jan 18, 2019
@renovate renovate bot changed the title Update dependency bower to v1.8.7 Update dependency bower to v1.8.8 Jan 23, 2019
@renovate renovate bot changed the title Update dependency bower to v1.8.8 Update dependency bower to v1.8.12 Jan 22, 2021
@renovate renovate bot changed the title Update dependency bower to v1.8.12 Update dependency bower to v1.8.13 Mar 7, 2022
@renovate renovate bot changed the title Update dependency bower to v1.8.13 Update dependency bower to v1.8.14 Mar 26, 2022
@renovate
Copy link
Author

renovate bot commented Mar 24, 2023

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@renovate-bot