All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
On next release:
- check if upgrade info is required (UPGRADE.md)
- update src/Kernel.php (REPMAN_VERSION)
- update docker-compose.yml (image tags)
- Upgrade flysystem to 1.1.4 - fix CVE-2021-32708
- Fix package dependencies duplication (#472)
- Remove Link entity from package read model (#473)
- Reduce sql query executions for organization token (#474)
- Update dependencies (dependabot updates)
- Update Symfony to 5.2.9 - fix CVE-2021-21424
- Update Symfony to 5.2.8 - fix CVE-2021-21424
- Update dependencies (#456)
- Update composer - fix GHSA-h5h8-pc6h-jvvx
- Dependency/dependant tracking (#426 thanks @giggsey)
- Fix: composer 9999999-dev issue (#422 thanks @slappyslap)
- Make
var/cacheephemeral (#420) - Add async-aws/ses to composer (#418 thanks @nandogameiro)
- Enable http2 for composer v2 (#416)
- Test compatibility issues and small deprecation fix (#414 thanks @pedro-stanaka)
- Remove old metadata files when sync proxy metadata (#412)
- Remove PostgreSQL exposed port from docker-compose.yml (#410)
- Remove webhook when package removed (API) and organization removed (UI) (#404)
- Support for S3-compatible storage (#332, #366 thanks @pedro-stanaka)
- Cached adapters to reduce IO/HTTP overhead (storage) (#373 thanks @pedro-stanaka)
- Alternative domain separator option (to simplify working with certificates) (#375 thanks @jmalinens)
- Error messages for webhook actions (better UX) (#396)
- Adding support for self hosted gitlab on custom port (#398 thanks @Fahl-Design )
- Improve organization invitation with registration/login flow (#387 thanks @noniagriconomie)
- Refresh oauth token in runtime without failing message or redirect (#395, #397)
- Upgrade Symfony to 5.2 (#379 and others from dependabot)
- Upgrade Doctrine and other dependencies (gitlab-api, github-api, bitbucket-api, dev tools)
- Direct docker cron logs to file (#330)
- Fix alias form constraint (regex) (#326)
- Display README.md for packages (#303 thanks @giggsey)
- Allow package list to be sortable (#300 thanks @giggsey)
- Allow user to edit packages (#299)
- Improve Package Details UX (#298 thanks @giggsey)
- Implement user timezone (#297)
- Add option to limit number of package versions being imported (#294)
- Repo JSON Performance Improvements (#310 thanks @giggsey)
- Update doctrine-bundle and symfony to remove deprecation notice (#305)
- Fix artifact repo security scan (#315 thanks @giggsey)
- Ensure that latest version is not removed when limit is applied (#312)
- Do not allow null values for number of last releases when updating (#302)
- implement
provider-includesfor better proxy performance (#281, #283, #290) - add version for assets (#278)
- add
reCaptchaand better email validation (#276, #277) - REST API implementation (#269, #275)
- add ability to search packages (#259, #263, thanks @giggsey)
- add
CODE_OF_CONDUCT.md(#258)
- Fix nginx and php-fpm to correct handle symlinks (#262)
- implement command for clearing old private distributions files (#244)
- update symfony to 5.1.5 (CVE-2020-15094)
- add queue for downloader to limit concurrent requests (#253)
- bump symfony to 5.1 (#250, thanks @marmichalski )
- atomic deployment with ansible playbook (#241, #242, #243, #245)
- set
ulimit -nfor system user (#251)
- fix Proxy response caching (#247, thanks @giggsey)
- higher memory limits (#219, #220)
- move all proxy logic to Proxy class (#223)
- use async and stream for downloading metadata and distributions files (#226)
- serve static proxy metadata and use v2 endpoint for dist lookup (#222)
- sync proxy metadata command (#224)
- migration for better auto upgrade to 0.5.0 (#227)
- static proxy with metadata cache (#229)
- cache headers for packages.json (#232)
- subversion client (#230, #231)
- create
.gitattributesfor better dist export (#235) - telemetry (#225, #234)
- technical email (#237)
- Add support for IPv6 addresses (#216, thanks @nickygerritsen)
- Fix user voters with anonymous access (#215)
- Registration config options (#200, thanks @nickygerritsen)
- Anonymous access to organization (#201)
- Basic support for Composer v2 (#205)
- proxy support for metadata-url (thanks @sadortun)
- repo support for metadata-url
- Package versions view (#208, thanks @nickygerritsen)
- Security vulnerability scanner for private packages (#170, #171, #176, #177, #182, #183, #184, #190, #197)
- Sending scan results email to organization members (#194, #196)
- Allow user to disable account registration (#152)
- Create .htaccess (#163)
- Add repman:create:user cli command (#181)
- Add repman:package:synchronize cli command (#185, #186)
- Hide oauth providers buttons when env var not configured (#167)
- Create user security read model - clean user domain (#188)
- Update symfony/mailer to 5.0.9 (#195)
- Fix GitLab custom instance url not being picked up by oauth client (#156)
- Use gitlab custom url in ComposerPackageSynchronizer (#162)
- Fix provider and dist removal (#168)
- Write custom Gitlab URL to gitlab-domains composer option (#179)
- prevention of guessing package uuid for organization package endpoints (#148)
- package versions stats and tweak other charts (#145, #146)
- Cleanup JS; Fix number of days in admin stats view; Force referrer in GA (#143, #144)
- handle package not found exception on app level (#142)
- tuning php-fpm configuration for better resources utilization (Ansible) (#141)
- add curl and pdo_pgsql to required php extensions (#140)
- Organization members (#56)
- Lock php version to 7.4.5 (Docker) (#131)
- Fix emails headers and match password requirements (#136)
- GitLab projects fetch - Add php curl extension to asible setup playbook (#133)
- Don't try to download packages without reference (#132)
- Fix database foreign keys (#127)
- Add autorestart flag to consumer configuration (Ansible supervisor) (#126)
- Return 404 when distribution file not found (#123)
- Add missing directories for docker instance (#117)
- Add ability to unlink OAuth integration from user profile page (#106)
- Uptime Robot monitor (#102 & #103)
- GitLab API: Show all user's packages and order by last activity (#104)
- Handle oauth errors during registration (#92)
- Handle errors when fetching repos from provider (#94)
- Fix last package version detection mechanism (#99)
- Fix support for packages with slash in version name (#101)
- Fix number of days for /admin/stats (#108)
- Fix recent webhook requests view model (#110)
- Allow *.php named packages to be found (#111)
- user email is now change to lowercase with migration
- if a user with the same e-mail registered in the application but with different character sizes then you will have to manually delete it before starting the migration
- Clickable repo url link on packages list (#75)
- Use lock to prevent multiple jobs run simultaneously (#70)
- Internal CI/CD configuration
- Fix issue with case sensitive emails (#88)
- Typo on register form (#74)
- Remove
pcovfrom docker image (#69)
- free and open source
- works as a proxy for packagist.org (speeds up your local builds)
- hosts your private packages
- allows to create individual access tokens
- supports private package import from GitHub, GitLab and Bitbucket with one click