chore(deps): update dependency bower to v1 (master)

[appcues-wss]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
bower (source)	~0.9.2 -> ~1.3.8

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	CVE
Critical	9.8	CVE-2020-7788
High	8.6	CVE-2021-37701
High	8.6	CVE-2021-37712
High	8.6	CVE-2021-37713
High	8.1	CVE-2021-32803
High	8.1	CVE-2021-32804
High	7.5	CVE-2015-8855
High	7.5	CVE-2015-8855
High	7.5	CVE-2015-8860
High	7.5	CVE-2017-16138
High	7.5	CVE-2018-20834
High	7.5	CVE-2019-13173
High	7.5	CVE-2019-5484
High	7.5	CVE-2022-25883
High	7.5	CVE-2022-25883
Medium	5.9	CVE-2017-16026

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	CVE
Critical	9.8	CVE-2023-26136

---

Release Notes

bower/bower (bower)

v1.3.8

Compare Source

• [fix] Lock down tmp package dep (#​1403, #​1407)

v1.3.7

Compare Source

• [fix] callstack error when processing installed packages with circular dependencies (#​1349)
• [fix] Prevent bower list --paths` failing with TypeError (#​1383)
• "bower install" fails if there's no bower.json in current directory (#​922)

v1.3.6

Compare Source

• [fix] Make --force always re-run installation (#​931)
• [fix] Disable caching for local resources (#​1356)
• [fix] Emit errors instead throwing them when using bower.commands API (#​1297)
• [fix] Main files and bower.json are never ignored (#​547)
• [fix] Check if pkgMeta is undefined during uninstall command (#​1329)
• [fix] Make custom tmp dir and ignores play well with each other (#​1299)
• Warn users when installing package with missing properties (#​694)

v1.3.5

Compare Source

• Search compatible versions in fetching packages (#​1147)

v1.3.4

Compare Source

• Resolve a situation in which the install process gets into an infinite loop (#​1169)
• Improved CLI output for conflicts (#​1284)
• Changed bower version to mirror the tag format of npm version (#​1278)
• Allow short commit SHAs to be used (#​990)

v1.3.3

Compare Source

• Do not cache moving targets like branches (#​1242)
• Suppress output if --quiet option is specified (#​1124)
• Use "svn export" for efficiency (#​1224)
• Prevent loading insights and analytics on CI (#​1221)
• Make "bower list" respect custom components directory (#​1237)
• Improve non-interactive loading performance 2x (#​1238)
• Load commands only on demand, improving performance (#​1232)

v1.3.2

Compare Source

• Added yui moduleType PR #​1129
• Fixes for concurrency issues PR #​1211
• link now installs package dependencies PR #​891
• Improved conflict installation message Commit
• Add --production switch to "prune" command PR #​1168

v1.3.1

Compare Source

• [stability] Fix versions for unstable dependencies (#​1532)
• [fix] Update tar-fs to support old tar format (#​1537)
• [fix] Make analytics work again (#​1529)
• [fix] Always disable analytics for non-interactive mode (#​1529)
• [fix] Bower init can create private packages again (#​1522)
• [fix] Show again missing newline for bower search output (#​1538)

v1.3.0

Compare Source

• Removed support for node 0.8. It may still work but we will no longer fix bugs for older versions of node.
• Add Bower Insight for opt-in analytics integration to help improve tool and gain insight on community trends
  • Old overview of Insight, Issue #​260
  • Reporting to GA. Public Dashboard is in progress.
  • Turn off interactive mode if you run Bower in a CI environment
• Add moduleType property to bower init (#​934)
• Fix prune command to log only after cleanup is completed (#​1023)
• Fix git resolver to ignore pre-release versions (#​1017)
• Fix shorthand flag for save option on uninstall command (#​1031)
• Add bower version command (#​961)
• Add .bowerrc option to use --save by default when using bower install command (#​1074)
• Fix git resolver caching (#​1083)
• Fix reading versions from cache directory (#​1076)
• Add svn support (#​1055)
• Allow circular dependencies to be installed (#​1104)
• Add scripts/hooks support (#​718)

NOTE: It's advisable that users use --config.interactive=false on automated scripts.

v1.2.8

Compare Source

• Fix absolute paths ending with / not going through the FsResolver, (#​898)
• Allow query string parameters in package URLs
• Swapped 'unzip' module for 'decompress-zip', and some other small unzipping fixes(#​873, #​896)
• Allow the root-check to be overridden when calling bower programmatically.
• Fixed some bugs relating to packages with a very large dependency tree
• Fix a bug caused by a recent change to semver

v1.2.7

Compare Source

• Do not swallow sync errors when using the programmatic API (#​849)
• Fix resolutions not being saved if --force-latest is specified (#​861)
• Fix bower register warning about URL conversion, even if no conversion occurred
• Fix bower update not correctly catching up branch commits
• Add configured directory in .bowerrc to the ignores in bower init (#​854)
• Fix some case sensitive issues with data stored in registry cache (e.g.: jquery/jQuery, #​859)
• Fix bower not checking out a tag if it looks like a semver (e.g.: 1.0, #​872)
• Fix install & update commands printing the wrong versions in some cases (#​879)
• Give priority to mime type headers when deciding if a package need to be extracted, except if it is octet-stream

NOTE: It's advisable that users run bower cache clean.

v1.2.6

Compare Source

• Bower now reports download progress even for servers that do not respond with content-length header.
• Do not translate endpoints when registering a package to a private registry server (#​832)
• Detect corrupted downloads by comparing downloaded bytes with content-length header if possible; this fixes Bower silently failing on unstable networks (#​824 and #​792)
• Fix quotes in fields causing Bower to crash in the init command (#​841)

v1.2.5

Compare Source

• Fix persistent conflict resolutions not working correctly for branches (#​818)
• Fix Bower failing to run if HOME is not set (#​826)
• Bower now prints a warning if HOME is not set (#​827)
• Fix progress message being fired after completion of long running git clone commands
• Other minor improvements

v1.2.4

Compare Source

• Fix ignored nested folders not being correctly handled in some cases (#​814)

v1.2.3

Compare Source

• Fix read of environment variables that map to config properties with dashes and also support nested ones (#​8@​bower-config)
• Fix bower info <package> <property> printing the available versions (it shouldn't!)
• Fix interactive shell not being correctly detected in node 0.8.x (#​802)
• Fix extraneous flag in the list command being incorrectly set for saved dev dependencies in some cases
• Fix linked dependencies not being read in bower list on Windows (#​813)
• Fix update notice not working with --json

v1.2.2

Compare Source

• Standardize prompt behaviour with and without --json
• Improve detection of git servers that do not support shallow clones (#​805)
• Ignore remote tags (tags ending with ^{})
• Fix bower not saving the correct endpoint in some edge cases (#​806)

v1.2.1

Compare Source

• Fix bower throwing on non-semver targets (#​800)

v1.2.0

Compare Source

• Bower no longer installs a pre-release version by default, that is, if no version/range is specified (#​782)
• bower info <package> will now show the latest <package> information along with the available versions (#​759)
• bower link no longer requires an elevated user on Windows in most cases (#​472)
• Init command now prompts for the whole bower.json spec properties, filling in default values for author and homepage based on git settings (#​693)
• Changes to endpoint sources in bower.json are now catched up by bower install and bower update (#​788)
• Allow semver ranges in bower cache clean, e.g. bower cache clean jquery#<2.0.0 (#​688)
• Normalize bower list --paths on Windows (#​279)
• Multiple mains are now correctly outputted as an array in bower list --paths (#​784)
• Add --relative option to bower list --json so that Bower outputs relative paths instead of absolute (#​714)
• bower list --paths now outputs relative paths by default; can be turned off with --no-relative (#​785)
• Bower no longer fails if symlinks to files are present in the bower_components folder (#​783 and #​791)
• Disable git templates/hooks when running git (#​761)
• Add instructions to setup git workaround for proxies when execution of git fails (#​250)
• Ignore component.json if it looks like a component(1) file (#​556)
• Fix multi-user usage on bower when it creates temporary directories to hold some files
• Fix prompting causing an invalid JSON output when running commands with --json
• When running Bower commands programmatically, prompting is now disabled by default (see the updated programmatic usage for more info)
• Other minor improvements and fixes

Fix for #788 requires installed components to be re-installed.

v1.1.2

Compare Source

• Detect and fallback if the git server does not support --depth=1 when cloning (#​747)

v1.1.1

Compare Source

• Fix silent fail when spawning child processes in some edge cases (#​722)
• Fix home command not guessing the correct URL for GitHub ssh endpoints (requires bower cache-clean)
• Fix bower not correctly filtering packages with symlinks in some cases (#​730)
• Fix multi-user usage on bower when it falls back to create a /tmp/bower folder (#​743)
• Bower now sends a fake user agent when behind a proxy by default, so that corporate proxies do not block requests (#​698)
• Bower now translates GitHub public git:// URLs to git@ when behind a proxy (#​731)
• Minor improvements to the CLI output on small terminals
• Minor programmatic usage improvements
• Minor help usage fixes

v1.1.0

Compare Source

• Fix --save and --save-dev not working correctly for the uninstall command in some situations
• Attempting to register a package that declares "private": true in bower.json will result in an error (#​162)
• Fix retry strategy on download error that was causing some strange I/O errors (#​699 and #​704)
• bower prune now clears pruned packages dependencies if they are also extraneous (#​708)
• bower uninstall now uninstalls uninstalled packages dependencies if they are not shared (#​609)
• Fix bower list display the incompatible label even if they are compatible (#​710)
• Fix bower cache clean not working correctly when package#non-semver is specified
• Implement no operation completion command to prevent weird output when hitting tab (#​691)
• Fix bower info --help (#​703)
• Add colorized output for bower info <package>#<version> (#​571)
• Added bower ls as an alias to bower list
• Fix regression: do not create a json file when saving is required, warn instead
• Ignore linked packages when reading dependencies in bower init (#​709)
• bower list is now able to (partially) reconstruct the dependency tree, even for dependencies not declared in bower.json (#​622)

v1.0.3

Compare Source

• Fix some changes not being saved to bower.json (#​685)
• Fix bower info <package> <property> not showing information related to property of the latest version of that package (#​684)

v1.0.2

Compare Source

• Fix severe bug originated from a wrong merge that caused conflict messages to not show up correctly

v1.0.1

Compare Source

• Fix bower register going ahead even if the answer was no (#​644)
• Fix local endpoints with backslashes on Windows (#​2@​endpoint-parser)
• Fix usage of multiple registries in the registry-client (#​3@​registry-client and #​2@​registry-client)
• File extensions now have more priority than mime types when deciding if extraction is necessary (#​657)
• Fix Bower not working when calling .bat/.cmd commands on Windows; it affected people using Git portable (#​626)
• Fix bower list --paths not resolving all files to absolute paths when the main property contained multiple files (660)
• Fix Bower renaming bower.json and component.json files to index.json when it was the only file in the folder (#​674)
• Ignore symlinks when copying/extracting since they are not portable, specially across different hard-drives (#​665)
• Local file/dir endpoints are now exclusively referenced by an absolute path or relative path starting with . (#​666)
• Linked packages bower.json files are now parsed, making bower list account linked packages dependencies (#​659)
• Bower now fails to run with sudo unless --allow-root is passed (#​498)
• Add additional system information such as node version, bower version, OS version when an error occurs (#​670)
• bower install no longer overwrites linked packages unless it needs to (#​593).
• All endpoint parts are now trimmed so that the Manager can better detect similar endpoints (#​3@​endpoint-parser)
• bower register now shows the server that will be used (#​647)

v1.0.0

Compare Source

Total rewrite of bower.
The list bellow highlights the most important stuff.
For a complete list of changes that this rewrite and release brings please read: https://github.com/bower/bower/wiki/Rewrite-state

• Clear architecture and separation of concerns
• Much much faster
• --json output for all commands
• --offline usage for all commands, except register
• Proper install and update commands, similar to npm in behaviour
• Named endpoints when installing, e.g. bower install backbone-amd=backbone#~1.0.0
• New interactive conflict resolution strategy
• Prevent human errors when using register
• New home command, similar to npm
• New cache list command
• New prune command
• Many many general bug fixes

Non-backwards compatible changes:

• The value of the json property from .bowerrc is no longer used
• --map and --sources from the list command were removed, use --json instead
• Programmatic usage changed, specially the commands interface

Users upgrading from bower-canary and bower@~0.x.x should do a bower cache clean.
Additionally you may remove the ~/.bower folder manually since it's no longer used.
On Windows the folder is located in AppData/bower.

v0.10.0

Compare Source

• Allow specific commits to be targeted (#​275)
• Change bower default folder from components to bower_components (#​434)
• Support semver pre-releases and builds (#​188)
• Use Content-Type and Content-Disposition to guess file types, such as zip files (#​454)
• Fix bower failing silently when using an invalid version value in the bower.json file (#​439)
• Fix bower slowness when downloading after redirects (#​437)
• Detect and error out with a friendly message when git is not installed (#​362)
• Add --quiet and --silent CLI options (#​343)
• Minor programmatic usage improvements

NOTE: The components folder will still be used if already created, making it easier for users to upgrade.

---

• If you want to rebase/retry this PR, check this box