Changelog History
Page 2
-
v0.20.2 Changes
February 03, 2020โจ Enhancements
- โ Add
--output
option tomix hex.package fetch
task - โ Add
cacerts_path
configuration for custom CA certificate files - ๐ Improve output in
mix hex.publish
to make it more clear to what repository you are publishing - Explain red colors in hex.outdated
๐ Bug fixes
- ๐ Fix HTTP timeout config
- ๐ฆ Do not allow creating empty packages
๐ Security fixes
- ๐ Fix for directory traversal vulnerability for symlinks in tarballs
- โก๏ธ Update package checksum to include the entire tarball instead of specific files inside it
- โ Add
-
v0.20.1 Changes
June 10, 2019๐ Bug fixes
- ๐จ Do not print transfer message when not transferring ownership
-
v0.20.0 Changes
June 09, 2019โจ Enhancements
- โ Add per-project Hex configuration. Configure Hex under the
:hex
key inside your project configuration inmix.exs
- ๐ Show location of package after running
mix hex.build
- List all available Hex tasks when running
mix hex
- List subtasks when running
mix hex
- โ Remove tarball if it is invalid to avoid it being as cache in the future
- ๐ Show umbrella children
mix.exs
location inmix hex.outdated
- โ Add
mix hex.owner transfer
task - ๐ Show improved error message on invalid configs
- โ Add
mix hex.package fetch
task - โ Add
mix hex.package diff
task
๐ Bug fixes
- ๐ Fix
mirror_url
config - ๐ Fix
api_url
config - ๐ฆ Do no try to remove docs after reverting package โ docs are already automatically removed
- โ Add per-project Hex configuration. Configure Hex under the
-
v0.19.0 Changes
January 15, 2019โจ Enhancements
- ๐ Improve output of
mix hex.config
- ๐ฆ Print publisher in
mix hex.info PACKAGE VERSION
- โ Add organization flag to dependency config in
mix hex.info PACKAGE
๐ Bug fixes
- Don't follow symlinks when adding files to tarballs
- ๐ Error with a descriptive msg when building a package with git dependencies
- ๐ Improve listing of incompatible package versions when displaying backtrack error message
- ๐ Improve resolver performance when it needs to do a lot of backtracking
๐ Security fixes
- Verify authenticity of registry records. This fixes a vulnerability that would allow a malicious mirror to serve modified versions of Hex packages. A new check has been introduced that requires the latest registry record version, if you are using a repository or mirror that has not been updated yet you can disable this check by setting the environment variable
HEX_NO_VERIFY_REPO_ORIGIN=1
. Further clarification of this issue will come at a later stage.
- ๐ Improve output of
-
v0.18.2 Changes
November 08, 2018โจ Enhancements
- โ Add checks before publishing docs
- โก๏ธ Update generated protobuf files for Registry with OTP 21 compatibility
- No longer list tasks in
mix hex
task - ๐ Use hexdocs organization URLs
- โ Adds
--dry-run
option to publish tasks - ๐จ Do not print "Unchanged" dependencies on mix deps.get in green
- Validate hex config keys
- โ Add
c_src/
andMakefile
to default package files - ๐ Publish Mix task docs on https://hexdocs.pm/hex
- โ Add recommendation when retiring and require
--message
flag
๐ Bug fixes
- ๐ Use rebar3, not rebar, when guessing build tool
- ๐ Fix issue saving write key when reseting local password
-
v0.18.1 Changes
July 06, 2018๐ Bug fixes
- ๐ Fix normalization of repo paths when authenticating organization
-
v0.18.0 Changes
July 05, 2018API keys
When authenticating with
mix hex.user auth
two API keys are generated instead of single one. One key is unencrypted with read access and the other is encrypted with your local password and has full read/write access to the API. Now commands that don't make any changes will not require a password.โ Additionally, we generate a single key that gives access to all your organization repositories, instead of one key for each repository. It also has the added benefit that you don't have to reauthenticate if you are added to a new organization.
๐ท We have also added support for keys owned directly by an organization instead of a specific user, these keys can be accessed through
mix hex.organization
. This is useful when generating keys for a CI environment, previously when personal keys were used, a person leaving an organization or revoking the key could negatively affect CI workflow.๐ Improvements to continuous integration workflows
The
HEX_API_KEY
environment variable has been introduced to be able run commands that require an authentication without having to authenticate manually withmix hex.user auth
which has user input prompts. The key set withHEX_API_KEY
can be generated withmix hex.user key generate
ormix hex.organization key ORGANIZATION generate
. It also makes it possible to run commands such asmix hex.publish
without being prompted for a password.By passing the
--yes
flag tomix hex.publish
you can publish your package (together withHEX_API_KEY
) without any confirmation prompts. This allows you to publish your package as part of your CI build process.Ignoring
:maintainers
field๐ In previous Hex versions we required
:maintainers
key to be present when publishing package. At the same time, on hex.pm we are also showing package owners (controlled by themix hex.owner
task). It was confusing to show both maintainers and owners and figure out which really control the package, so we've dropped showing maintainers on hex.pm and the field will no longer be added to package's metadata.If maintainers field was used to give credit to current and/or past contributors we encourage to mention that in project's README instead.
โจ Enhancements
- โ Add
--yes
flag tohex.publish
for publishing without any confirmation prompts - Add
HEX_API_KEY
environment variable for setting and overriding the key used when authenticating against the API - Generate a single key for all organization repositories when authenticating a new user
- Return a non-zero exit code from
hex.outdated
when dependencies are outdated - Generate two API keys when authenticating, one encrypted with write access, and one unencrypted with only read access
- โ Add ownership levels to
hex.owner
task - When resolving, try all possible backtrack branches and select the best solution
- ๐ Improve formatting of multi-line validation errors
- ๐ง Do not use
:maintainers
package configuration field - ๐ Change
hex.organization
to generate keys owned by organization instead of the user generating them - โ Add options to
hex.organization key
for revoking and listing keys owned by organization - ๐ Improve interface for
hex.user key
andhex.organization key
, the following commands have changed:hex.user key --generate
=>hex.user key generate
hex.user key --list
=>hex.user key list
hex.user key --revoke KEY_NAME
=>hex.user key revoke KEY_NAME
hex.user key --revoke-all
=>hex.user key revoke --all
hex.organization key ORGANIZATION
=>hex.organization key ORGANIZATION generate
- โ Add
-
v0.17.8 Changes
July 01, 2018๐ Bug fixes
- ๐ Fix private packages on Windows
-
v0.17.7 Changes
April 20, 2018๐ Bug fixes
- ๐ Fix crash when unpacking tarballs with broken symlinks
- ๐ Correct the type of build tools package metadata
-
v0.17.6 Changes
April 18, 2018๐ Bug fixes
- ๐ Fix crash when printing resolver output when having lock entries from other SCMs