Loading... Background job is running.

Changelog for Private Packagist Cloud

You can find the changelog for Private Packagist Enterprise, our on-premise product, on https://packagist.com/docs/enterprise/changelog.

October 2020

Features

  • Package release notifications: receive notifications for every new version that gets published for a package
  • API endpoint to add and upload a file for an existing artifact package
  • Private Packagist for Vendors can now serve customer packages from your own domain

September 2020

Features

  • Subrepository quick access: most recently visited subrepositories are shown on organization overview
  • You can now upload zip, tar.gz or tar.bz2 archives without composer.json files when creating a custom package

Changes

  • Dist URLs in lock files have been updated to contain an additional r character to avoid empty filenames if no reference is provided. This means your lock file URLs will change on the next Composer update

August 2020

Features

  • You can now download the archive file for each package version from the package view page
  • Full compatibility with Composer 2.0
  • API endpoints to create and upload artifact packages based on zip, tar.gz or tar.bz2 archive files

July 2020

Features

  • You can now upload zip, tar.gz or tar.bz2 archives containing code and a composer.json file by adding an artifact package to your organization
  • Vendors can now restrict customers to specific package version stabilities like alpha, beta, or RC
  • Security Monitoring alerts you via email, Slack, Microsoft Teams or webhook when a security vulnerability is found in one of your dependencies in composer.lock files
  • Added API endpoints to manage team package access
  • Added API endpoints to create artifact packages
  • Added support for the new Composer 2 list endpoint

June 2020

Features

  • You can now rearrange the mirrored repositories to change the order for finding new packages during automatic mirroring

Changes

  • The synchronization now automatically detects if a vcs repository gets transferred from one synchronization to another synchronization on the same host e.g. from one github.com organization to another github.com organization

May 2020

Changes

  • For package archives a download limit of 128MB was introduced. Archive downloads that are larger than the limit will fail, and an error on the package page will be shown.

April 2020

Features

  • The generic package hook endpoint now supports AWS SNS subscription confirmation, enabling easier integration with AWS CodeCommit
  • Enabled the new Composer repository format for improved performance on Composer 2

March 2020

Features

  • Added API endpoints to fetch dependents of a package
  • The package API endpoint now returns its configuration values: type, url, customJson and mirroredRepository
  • The package API endpoint now returns installation statistics

February 2020

Features

  • You can now create a custom package using a form to configure your composer.json metadata instead of manually entering JSON

December 2019

Features

  • You can now create authentication tokens with full update access including the automatic creation of mirrored packages, which are counted as regular users
  • A new organization drop down in the top navigation makes it easier to switch between organizations and you can always see which repository you're currently working on

November 2019

Features

  • The packages page now also lists packages with a duplicate name showing a warning that they cannot be installed
  • All packages which are replaced in the composer.json of any package you add, are now automatically mirrored to prevent problems with their automatic mirroring during composer update.

October 2019

Features

  • Vendors can now disable their customers which will prevent them from installing assigned packages.
  • The packages page has been rebuilt to offer various filters to find packages and displays more package information to quickly detect problems

Changes

  • To avoid confusion with the Composer package type project, we renamed Private Packagist projects in the Agency Add-On to Subrepositories
  • Initializing a Bitbucket git repository with a url like https://bitbucket.org/acme/repository will now automatically transform the url into a valid git url e.g. https://bitbucket.org/acme/repository.git.

September 2019

Features

  • Added install graphs for overall organization installs over time
  • Packages marked as abandoned are now visible as such in the UI and show the suggested replacement

August 2019

Features

  • Added a new team permission which lets team members create projects

June 2019

Features

  • Added API endpoints to manage project packages
  • Added API endpoints to manage mirrored third party repositories

Changes

  • Added support for repositories which have a composer.json in any branch and/or tag but not the default branch
  • All public repositories added via a synchronization are now available to all members in the organization

Bugfixes

  • The Magento Composer repository at repo.magento.com occasionally changes dist files after initial publication. We no longer send these checksums to clients, as is already the case in most other places like packagist.org.

May 2019

Features

  • Added a billing history with the possibility to download previous invoices

Changes

  • The user profile now also shows the username and id of all connected OAuth accounts, e.g. GitHub, GitLab, Bitbucket
  • Synchronizations with Bitbucket now also recognize individual repository collaborators
  • New organization members added via sync can now automatically be deactivated

April 2019

Features

  • Added a new team permission which lets team members add packages and add, edit and remove credentials and mirrored third party repositories
  • When adding a new package one can now already select which teams have access to that package

March 2019

Changes

  • Improved the performance of package updates by caching versions without a composer.json
  • Renamed the Owners/Admins Team option for authentication tokens to 'All packages'.
  • The authentication tokens page now displays when the token was last used.
  • Teams with edit access right can now also assign package permissions

Bugfixes

  • Updating a package url will now also update the source and dist information for all package versions.

February 2019

Features

  • Added an option to override the default request timeout for mirrored Composer repositories

Changes

  • Performance improvements to granting customers access to packages via API, editing credentials, renaming organizations, projects and customers and deleting packages
  • The teams page now always lists the Owners and Admins team for everyone

January 2019

Features

  • Added a search field when adding packages from synchronized repositories and when adding packages from the parent organization to a project
  • Synchronizations now list runs during the previous 48 hours and what exactly changed on each run, e.g. new users or repositories
  • The team member pages now display more information about each user, in particular the username they use on the service the team is synchronized with

Changes

  • The API now accepts customer urlNames in addition to customer ids for all API calls requiring lookup of a customer
  • The API uses the word "edit" for modifying objects instead of "update" which is usually reserved for reloading package data or the composer instruction
  • The warning about being on a free trial now shows the exact date it ends
  • Synchronizations can now be triggered by all members of an organization
  • Synchronizations show which credential is used to make requests to the external service
  • No longer displaying a warning about a missing hook for custom JSON packages which cannot be updated without editing the JSON
  • Improved typography and spacing across all pages

Bugfixes

  • Billing access now works for Admins (non-Owners) who are also on the billing team
  • Members of new teams found during synchronization are now added immediately, rather than only on the second synchronization run

December 2018

Features

  • Synchronizations can now be configured on a per-project basis
  • You can now grant teams access to view and/or manage vendor add-on customers
  • Added settings page for vendor add-on customers and an option to deliver source URLs to customers via Composer

Changes

  • When importing packages from JSON you can now select credentials to be applied
  • You can now switch which of your synchronizations should be the primary one

November 2018

Features

  • Added API endpoints to manage project authentication tokens
  • Added support for the Composer search API
  • Private Packagist for Agencies: Support for projects with a separate Composer repository, including options for mirrors, credentials and tokens to be defined for just one or a set of projects
  • Packages mirrored from packagist.org are now updated automatically within a few seconds of changes on packagist.org rather than only twice a day
  • Bitbucket Team hooks are now set up automatically to detect new packages when you create new repositories
  • Added API endpoints to manage projects as part of Private Packagist for Agencies
  • Added API endpoint to fetch all customers with access to a package as part of Private Packagist for Vendors
  • Install statistics and count of accessible packages are now shown on the customers overview page

Changes

  • Added list of versions to GET package API endpoint
  • Managing access to packages for teams now sorts the dropdown of packages and lets you search through them
  • Unauthenticated users trying to login are now redirected to their organization's custom login page if a custom integration is configured
  • The list of customers is now sorted by name
  • Changed body font color to black for more contrast
  • Added composer instructions page on the customer detail page in the Private Packagist for Vendors addon
  • Warn users if packages are configured to use credentials which do not work for the package's URL
  • Improved the package update log output to better display authentication issues
  • Package updates which fail because of external API limits are now retried once the limit resets

October 2018

Features

  • Packages now show mirror information
  • Synchronizations for existing organizations can now be set up with previously defined credentials

Changes

  • Allow a user to disconnect from their last connected third party authentication provider
  • Improved the speed of mirroring packages from packagist.org
  • Authentication tokens assigned to synchronized teams won't be deleted anymore if the team gets removed by the synchronization they lose access to all packages but can be reassigned to a different team
  • Improved the performance of package updates by caching version data
  • Allow deactivating members who do not have a Private Packagist account yet on the organization members page

Start Free Trial

Login to create an organization and start your free trial!