v0.17.4

Enhancements

• Tarball and registry code has been extracted to the hex_erl package
• Hide retired versions when showing latest release in hex.info task
• Add hex.docs offline and hex.docs online tasks
• Add --key-name flag to key generation tasks
• Add :exclude_patterns to package config for excluding files from package
• Resolver now backtracks children before parents to improve versions selected when backtracking
• Change some errors to warnings when building private packages
• Group resolved dependency output into unchanged, updated, and downgraded when running deps.get and deps.update tasks
• Add authentication to hex.docs task for showing private package documentation
• Improve error message when package fetch times out
• General improvements to tasks when accessing organizations

Bug fixes

• Fix wrong publish message when using --organization flag in hex.publish task
• Set file times inside tarballs to 2000-01-01 to fix tars on FAT file systems
• Fix hex.docs open task on Windows

v0.17.3

Bug fixes

• Handle missing package descriptions in hex.search task
• Fix printing of package checksum after publishing

v0.17.2

Enhancements

• Increase hex.publish timeouts and make it configurable with :http_timeout config and HEX_HTTP_TIMEOUT variable
• Test key before adding it with hex.organization auth NAME --key KEY
• Remove pre-release publish restriction for private packages
• Add package descriptions to hex.search task
• Improve error message when there are no versions matching requirement
• Add latest stable version to hex.search task
• Add metadata.config file to checked out dependency directory
• Warn if we detect a lock entry from a newer Hex version
• Add hex.build --output and hex.build --unpack tasks
• Preserve symlinks and empty directories in tar
• Simplify Hex output on deps.get
• General improvements to tarball creation and unpacking
• List umbrella children's top level dependencies in hex.outdated
• Include .formatter.exs file in default package builds
• Prompt user when authentication is required
• Automatically auth all organizations when authing user with hex.user auth
• Highlight if a package release has been retired in hex.info
• Display package website links in mix hex.owner packages

Bug fixes

• Do not crash if failing to write tarball
• Disable HTTP pipelining to avoid bugs in HTTP client
• Also purge registry etags when repository source changed
• Retry HTTP requests on :socket_closed_remotely errors
• Fix package tarballs being reproducible
• Authenticate HTTP requests for hex.search
• Populate managers when initially getting dependencies
• Check dependencies on hex.audit and hex.publish
• Fix fetching of private packages that overrides public packages
• Fix HTTP redirect handling
• Don't display internal configs in hex.config

v0.17.1

Enhancements

• Improve error message when package does not exist
• Improve error message when no versions exist for given requirement
• Add --key flag to hex.organization auth to authorize by giving a key directly without supplying a password
• Add hex.organization key to generate a key for accessing the organization's repository

v0.17.0

Private packages and organizations

Hex.pm is adding support for private packages with organizations. See https://hex.pm/docs/private for more details. To authorize an organization on your machine run mix hex.organization auth acme, this will store the organization's repository details in Hex so that you can fetch packages from the repository. As soon as you are added as a member to an organization you can administer and publish packages, if you have the appropriate role, with the --organization flag or by setting the :organization option on the package configuration.

Different from the last release packages will always be pulled from the default hexpm repository and you have to override it with the :organization or :repo options on the dependency configuration.

Enhancements

• Add hex.organization task
• Rename hex.user key flag --remove* to --revoke* to clarify what it does
• Add --organization flag to tasks working on packages
• Add :organization option to package configuration
• Add support for publishing to organizations
• Improve error message when docs task is missing
• Add --confirm flag to hex.publish task

Bug fixes

• Fix version validation exceptions
• Reintroduce HEX_MIRROR environment variable
• Preserve file modes when building tarball
• Disallow :app option for dependencies

v0.16.1

Enhancements

• Add mix hex.repo show task for showing repo configuration
• Improve error message if there are no releases for given requirement in the registry
• Add mix hex.audit task for checking for retired packages

Bug fixes

• Do not try to publish docs if package publish failed
• Do not update lock entry if only metadata changed
• Do not show authentication details when printing URLs
• Fix password reset
• Fix race condition where some entries may not be cached if they were added just before application closed
• Support PAX tarballs, created on OTP 20, when using older OTP versions. Additionally, make it less likely PAX tarballs are created

v0.16.0

Multiple repository support

This version adds support for using packages from multiple repositories. With the hex.repo task additional repositories can be added to Hex. With it you can add additional repositories or replace the default "hexpm" repository by running mix hex.repo add hexpm ..., check the docs for more information. To use a dependency from another repository add repo: :my_other_repo to the dependency definition in mix.exs and make sure you have added my_other_repo with mix hex.repo add my_other_repo. Dependencies of a package will be automatically pulled from the same repository as the parent package unless otherwise stated with the :repo option on the dependency definition.

Enhancements

• Add hex.repo task
• Move hex.key tasks to hex.user keys
• Warn or error if publishing a package with pre-release dependencies

Bug fixes

• Do not check for updates when running in offline mode
• Fix an issue where dependency resolution could take a very long time
• Do not publish docs if publishing the package failed
• Fix an issue where HTTP timeouts could cause the application to freeze
• Ensure managers always exist in the lock

v0.15.0

Package retirement

With this new release you can mark versions of your packages as retired when you no longer recommend its use. This can be because the release has a serious security flaw, something went wrong with the release so that it's unusable or because the package has been renamed or deprecated. A retired version is still usable and fetchable but it will show as retired on hex.pm and when resolved Hex will show a warning to the user with the retirement message.

Enhancements

• Add --module flag to hex.docs task
• Changed hex.outdated task to show if a dependency can be updated
• Add hex.retire task for package retirement
• Warn when resolving retired packages
• Restrict number of default SSL ciphers

Bug fixes

• Do not make conditional HTTP request if file is missing
• Ensure cache file is saved when Hex exits

v0.14.1

Enhancements

• Add environment variable HEX_HTTP_CONCURRENCY for limiting number of concurrent HTTP requests

v0.14.0

New registry format

Hex has switched to a new registry format that is more efficient and will scale better as the registry grows. The new registry format is encoded with protocol buffers and is split into multiple files (one file per package) to avoid fetching one big file with data you will not need. The resolver will make more HTTP requests but will in total fetch much less data. The specification for the new format can be found here: hexpm/specifications#10. The old ETS based registry format is no longer supported in the client but will continue to be available from the registry for the foreseeable future.

Enhancements

• hex.docs open will by default open the online hexdocs for the given package
• An --offline option has been added to hex.docs open for opening docs stored on your local filesystem and it will automatically fetch the docs if they are not available locally
• Only support secure SSL ciphers and safe SSL versions (support for SSLv3 has been dropped)
• Improvements to the language in the resolver error messages

Bug fixes

• Fix an issue where duplicate build tool names could be added to the package metadata