Skip to main content

0.6.5

An update to the Hasura environment variable is needed.

You must update the following in your environment:

HASURA_GRAPHQL_JWT_SECRET='{"key":"<jwt-secret-from-server-env>","type":"HS256","header":{"type":"Cookie","name":"X-USER-TOKEN"}}'
  • Make sure the placeholder value <jwt-secret-from-server-env> matches the JWT_SECRET variable in your server environment.
  • By default, the Helm chart and Docker Compose deployments now set COOKIE_HTTP_ONLY to "true" (was "false").
  • The new environment default for COOKIE_HTTP_ONLY is "true" if not set in your chart or Docker Compose.
  • These changes improve the security of RepoFlow by ensuring JWT cookies are HttpOnly by default.

MinIO Image Migration Notice
We previously used the Bitnami MinIO Docker image, but since it will no longer be supported for free starting August 28th, we have migrated back to the official MinIO Docker image.
If you are using the built-in MinIO Helm chart deployment from RepoFlow, no changes are required — all of your data will remain intact.
If you are running RepoFlow via Docker Compose and switching to the official MinIO image, make sure to update the entire MinIO section in your docker-compose.yml, as we have made changes to its configuration.
As with any update, we recommend creating a backup before upgrading.

Features (8)

  1. Dependency Viewer
    You can now view package dependencies directly in the RepoFlow UI for these package types: npm, NuGet, Composer, Debian, and Cargo (Rust). Let us know which package type you want us to add next.

  2. Enhanced Helm Kubernetes Secrets Support & Documentation
    Helm Kubernetes Secrets support now also includes Minio, Elastic, and PostgreSQL deployments, allowing you to securely use secrets through the secretEnv field, and the documentation on using Kubernetes Secrets with RepoFlow has been significantly expanded and clarified; read more in the updated guide: Using Kubernetes Secrets.

  3. Improved License Page with FAQ
    The License page has been redesigned for better clarity and usability. It now includes an FAQ section that addresses common questions about acquiring, renewing, and managing your RepoFlow license, making license management more transparent and user-friendly.

  4. Improved Error Pages for Backend Downtime
    When the server or Hasura is unreachable (e.g., network errors, server offline), RepoFlow now displays clearer, more user-friendly error pages.

  5. Emoji Support in Package READMEs
    Package READMEs can now include emoji placeholders like :white_check_mark: and :rocket:, they will render as real emoji automatically in RepoFlow.

  6. Easier Checkbox Clicking
    Checkboxes are now easier to use, clicking just outside the checkbox icon (within a small distance) will also toggle it. This makes it more user-friendly, especially on touch devices or when aiming for smaller checkboxes.

  7. More Flexible Cookie Domain Support
    RepoFlow now supports specifying cookie domains using just the domain, or a full URL with protocol and port, making setup more user friendly and flexible for different environments.

  8. Improved Table Loading Indication
    All tables now show a smooth loading overlay without shifting or resizing rows, for a better user experience.

Bug Fixes (4)

  1. Fixed an issue where, during a Docker pull from a remote repository, RepoFlow sometimes returned an incorrect error message instead of preserving and displaying the original error from the remote repository.

  2. Resolved a bug that prevented pushing Docker images containing manifests when the config section was missing from the manifest.

  3. RepoFlow server previously requested the offline_access scope from OIDC providers even when it wasn’t required, and now only requests it if ALLOW_OIDC_REFRESH_TOKENS_AS_PERSONAL_ACCESS_TOKENS is enabled.

  4. Fixed an issue with authentication to remote repositories: RepoFlow will now attempt to authenticate using Basic Auth even if the remote server does not return a www-authenticate header, improving compatibility with various repository servers.

RepoFlow CLI (1)

  1. Support for migrating RubyGems and RPM packages from Nexus 3 is now available in the RepoFlow CLI.