All Versions
Latest Version
Avg Release Cycle
62 days
Latest Release
895 days ago

Changelog History
Page 2

  • v0.20.2 Changes

    February 03, 2020

    โœจ Enhancements

    • โž• Add --output option to mix hex.package fetch task
    • โž• Add cacerts_path configuration for custom CA certificate files
    • ๐Ÿ‘Œ Improve output in mix hex.publish to make it more clear to what repository you are publishing
    • Explain red colors in hex.outdated

    ๐Ÿ› Bug fixes

    • ๐Ÿ›  Fix HTTP timeout config
    • ๐Ÿ“ฆ Do not allow creating empty packages

    ๐Ÿ”’ Security fixes

    • ๐Ÿ›  Fix for directory traversal vulnerability for symlinks in tarballs
    • โšก๏ธ Update package checksum to include the entire tarball instead of specific files inside it
  • v0.20.1 Changes

    June 10, 2019

    ๐Ÿ› Bug fixes

    • ๐Ÿ–จ Do not print transfer message when not transferring ownership
  • v0.20.0 Changes

    June 09, 2019

    โœจ Enhancements

    • โž• Add per-project Hex configuration. Configure Hex under the :hex key inside your project configuration in mix.exs
    • ๐Ÿ— Show location of package after running mix
    • List all available Hex tasks when running mix hex
    • List subtasks when running mix hex
    • โœ‚ Remove tarball if it is invalid to avoid it being as cache in the future
    • ๐Ÿ‘‰ Show umbrella children mix.exs location in mix hex.outdated
    • โž• Add mix hex.owner transfer task
    • ๐Ÿ‘‰ Show improved error message on invalid configs
    • โž• Add mix hex.package fetch task
    • โž• Add mix hex.package diff task

    ๐Ÿ› Bug fixes

    • ๐Ÿ›  Fix mirror_url config
    • ๐Ÿ›  Fix api_url config
    • ๐Ÿ“ฆ Do no try to remove docs after reverting package โ€“ docs are already automatically removed
  • v0.19.0 Changes

    January 15, 2019

    โœจ Enhancements

    • ๐Ÿ‘Œ Improve output of mix hex.config
    • ๐Ÿ“ฆ Print publisher in mix PACKAGE VERSION
    • โž• Add organization flag to dependency config in mix PACKAGE

    ๐Ÿ› Bug fixes

    • Don't follow symlinks when adding files to tarballs
    • ๐Ÿ— Error with a descriptive msg when building a package with git dependencies
    • ๐Ÿ‘Œ Improve listing of incompatible package versions when displaying backtrack error message
    • ๐Ÿ‘Œ Improve resolver performance when it needs to do a lot of backtracking

    ๐Ÿ”’ Security fixes

    • Verify authenticity of registry records. This fixes a vulnerability that would allow a malicious mirror to serve modified versions of Hex packages. A new check has been introduced that requires the latest registry record version, if you are using a repository or mirror that has not been updated yet you can disable this check by setting the environment variable HEX_NO_VERIFY_REPO_ORIGIN=1. Further clarification of this issue will come at a later stage.
  • v0.18.2 Changes

    November 08, 2018

    โœจ Enhancements

    • โž• Add checks before publishing docs
    • โšก๏ธ Update generated protobuf files for Registry with OTP 21 compatibility
    • No longer list tasks in mix hex task
    • ๐Ÿ‘‰ Use hexdocs organization URLs
    • โž• Adds --dry-run option to publish tasks
    • ๐Ÿ–จ Do not print "Unchanged" dependencies on mix deps.get in green
    • Validate hex config keys
    • โž• Add c_src/ and Makefile to default package files
    • ๐Ÿ“„ Publish Mix task docs on
    • โž• Add recommendation when retiring and require --message flag

    ๐Ÿ› Bug fixes

    • ๐Ÿ— Use rebar3, not rebar, when guessing build tool
    • ๐Ÿ›  Fix issue saving write key when reseting local password
  • v0.18.1 Changes

    July 06, 2018

    ๐Ÿ› Bug fixes

    • ๐Ÿ›  Fix normalization of repo paths when authenticating organization
  • v0.18.0 Changes

    July 05, 2018

    API keys

    When authenticating with mix hex.user auth two API keys are generated instead of single one. One key is unencrypted with read access and the other is encrypted with your local password and has full read/write access to the API. Now commands that don't make any changes will not require a password.

    โž• Additionally, we generate a single key that gives access to all your organization repositories, instead of one key for each repository. It also has the added benefit that you don't have to reauthenticate if you are added to a new organization.

    ๐Ÿ‘ท We have also added support for keys owned directly by an organization instead of a specific user, these keys can be accessed through mix hex.organization. This is useful when generating keys for a CI environment, previously when personal keys were used, a person leaving an organization or revoking the key could negatively affect CI workflow.

    ๐Ÿ‘Œ Improvements to continuous integration workflows

    The HEX_API_KEY environment variable has been introduced to be able run commands that require an authentication without having to authenticate manually with mix hex.user auth which has user input prompts. The key set with HEX_API_KEY can be generated with mix hex.user key generate or mix hex.organization key ORGANIZATION generate. It also makes it possible to run commands such as mix hex.publish without being prompted for a password.

    By passing the --yes flag to mix hex.publish you can publish your package (together with HEX_API_KEY) without any confirmation prompts. This allows you to publish your package as part of your CI build process.

    Ignoring :maintainers field

    ๐Ÿ“‡ In previous Hex versions we required :maintainers key to be present when publishing package. At the same time, on we are also showing package owners (controlled by the mix hex.owner task). It was confusing to show both maintainers and owners and figure out which really control the package, so we've dropped showing maintainers on and the field will no longer be added to package's metadata.

    If maintainers field was used to give credit to current and/or past contributors we encourage to mention that in project's README instead.

    โœจ Enhancements

    • โž• Add --yes flag to hex.publish for publishing without any confirmation prompts
    • Add HEX_API_KEY environment variable for setting and overriding the key used when authenticating against the API
    • Generate a single key for all organization repositories when authenticating a new user
    • Return a non-zero exit code from hex.outdated when dependencies are outdated
    • Generate two API keys when authenticating, one encrypted with write access, and one unencrypted with only read access
    • โž• Add ownership levels to hex.owner task
    • When resolving, try all possible backtrack branches and select the best solution
    • ๐Ÿ‘Œ Improve formatting of multi-line validation errors
    • ๐Ÿ”ง Do not use :maintainers package configuration field
    • ๐Ÿ”„ Change hex.organization to generate keys owned by organization instead of the user generating them
    • โž• Add options to hex.organization key for revoking and listing keys owned by organization
    • ๐Ÿ‘Œ Improve interface for hex.user key and hex.organization key, the following commands have changed:
      • hex.user key --generate => hex.user key generate
      • hex.user key --list => hex.user key list
      • hex.user key --revoke KEY_NAME => hex.user key revoke KEY_NAME
      • hex.user key --revoke-all => hex.user key revoke --all
      • hex.organization key ORGANIZATION => hex.organization key ORGANIZATION generate
  • v0.17.8 Changes

    July 01, 2018

    ๐Ÿ› Bug fixes

    • ๐Ÿ›  Fix private packages on Windows
  • v0.17.7 Changes

    April 20, 2018

    ๐Ÿ› Bug fixes

    • ๐Ÿ›  Fix crash when unpacking tarballs with broken symlinks
    • ๐Ÿ“‡ Correct the type of build tools package metadata
  • v0.17.6 Changes

    April 18, 2018

    ๐Ÿ› Bug fixes

    • ๐Ÿ›  Fix crash when printing resolver output when having lock entries from other SCMs