An in-range update of bower is breaking the build 🚨

Question

An in-range update of bower is breaking the build 🚨

Closed this issue 5 years ago · 5 comments

☝️ Greenkeeper’s updated Terms of Service will come into effect on April 6th, 2018.

Version 1.8.3 of bower was just published.

Branch	Build failing 🚨
Dependency	bower
Current Version	1.8.2
Type	devDependency

This version is covered by your current version range and after updating it in your project the build failed.

bower is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Status Details

✅ continuous-integration/travis-ci/push The Travis CI build passed Details
❌ bitHound - Dependencies 4 failing dependencies. Details
✅ bitHound - Code No failing files. Details

FAQ and help

There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.

Your Greenkeeper Bot 🌴

Answer 1 · 2018-03-28T18:21:34.000Z

After pinning to 1.8.2 your tests are still failing. The reported issue might not affect your project. These imprecisions are caused by inconsistent test results.

Answer 2 · 2018-03-28T19:10:20.000Z

Version 1.8.4 just got published.

Your tests are still failing with this version. Compare the changes 🚨

Release Notes

v1.8.4

Fixes release 1.8.3 by publishing with npm@3 instead of npm@5 (to include lib/node_modules)

Answer 3 · 2019-01-17T13:55:12.000Z

The devDependency bower was updated from 1.8.4 to 1.8.6.

Your tests are passing again with this update. Explicitly upgrade to this version 🚀

Release Notes for v1.8.6

Fix Zip Slip Vulnerability of decompress-zip package: https://snyk.io/research/zip-slip-vulnerability

Note: v1.8.5 has been unpublished because of missing files

Answer 4 · 2019-01-18T09:21:48.000Z

The devDependency bower was updated from 1.8.6 to 1.8.7.

Your tests are passing again with this update. Explicitly upgrade to this version 🚀

Release Notes for v1.8.7

Fixes side effect of fix from v1.8.6 that caused improper permissions for extracted folders

#2532

Answer 5 · 2019-01-23T21:41:04.000Z

The devDependency bower was updated from 1.8.7 to 1.8.8.

Your tests are passing again with this update. Explicitly upgrade to this version 🚀

Release Notes for v1.8.8

Fix vulnerability related to extracting .tar.gz files that has similar effect to Zip Slip

Vulnerability is similar to Zip Slip allows for overriding and creating arbitrary files on filesystem

Needlessly to say, please upgrade this this version of Bower