v0.12.0

• Add short URL API hex_api_short_url:create/2.
• Add OAuth API:
  • hex_api_oauth:device_authorization/3,4
  • hex_api_oauth:poll_device_token/3
  • hex_api_oauth:refresh_token/3
  • hex_api_oauth:revoke_token/3
  • hex_api_oauth:client_credentials_token/4,5
• Support 2FA authentication, any API request can now return {error, otp_required | invalid_totp}
  if 2FA is required. The config option api_otp can be used to provide the TOTP code.
• Differentiate between registry verification errors. {error, unverified} has been replaced with
  {error, bad_repo_name | bad_signature}.
• Support nested maps in extra package metadata field.

v0.10.1

• Update hex_licenses module to reflect most recent list available from SPDX.

v0.10.0

• Drop support for old OTP and Rebar versions. hex_core now requires OTP20+ and Rebar 3.15.1+.

• Add hex_repo:get_docs/3 and hex_repo:get_public_key/1.

v0.8.4

Add @doc to hex_licenses

v0.7.0

• Fix compatibility with OTP 24
• Change hex_tarball:create/2 error value from {error, too_big} to {tarball, {too_big_compressed | too_big_uncompressed, Size}}.

v0.6.9

• Add hex_api_release:publish/3

v0.6.8

• Fix tarball file extraction through symlinks

v0.6.7

• Fix compatibility with OTP 18 and 17

v0.6.6

• Do not crash on empty tarballs
• Fix directory traversal vulnerability for symlinks in tarballs

v0.6.5

• Transition away from http_uri when using newer OTP releases
• Ensure Role is given as an atom in hex_api_organization_member:add/3
• Add http_headers to the hex_core:config() type
• Add default http_headers to hex_core:default_config/0
• Fix hex_registry:decode_and_verify_signed/2 spec
• Fix hex_tarball:files/0 type