- reduce hover verbosity to only title and description
- If $/snyk.hasAuthenticated transmits an API URL, this is saved in the settings.
- Added CLI release channel.
- Added option to change base URL to download CLI.
- Run Snyk language Server from the CLI extension.
- Change default CLI download path to be in extension directory.
- Delete sentry reporting.
- send analytics event "plugin installed" the first time the extension is started
- Update download endpoint to downloads.snyk.io.
- Send correct FixId to AI Fix endpoint.
- Hide AI Fix div if no fixes found.
- Adjust OSS panel font size
- Moved delta scan preview setting to settings page.
- New error message in UI when net new scan is done on an invalid repository. Net new scans only work on Git.
- Clear in Memory cache when branch is changed.
- Added Clear Persisted Cache command.
- Add support for ai fix feedback analytic when pressing apply on a fix.
- Update Language Server Protocol version to 15.
- Added base branch selection for IaC and OSS
- render IaC via Language Server
- fix readability of
code
elements within the overview section when using high-contrast themes (both dark and light). Text color now matches the background.
- updated the language server protocol version to 14 to support new communication model.
- updated the language server protocol version to 13 to support delta findings.
- added setting for choosing authentication method
- renamed vulnerabilities to issues
- only display DeepCode AI fix tree node when issues were found
- Reorganize settings page into categorized sections:
- General Settings
- Product Selection
- Severity Selection
- Project Settings
- Executable Settings
- User Experience
- Advanced
- Sync with LS to retrieve and persist folderConfigs changes.
- Add command to select the base branch.
- Add UI components for selecting a base branch for delta findings for Code and Code Quality behind a feature flag.
- Refactor the Suggestion Panel for OSS so it's more secure and will be supported in other IDEs
- Fix
.suggestion
class to ensure it is scrollable and not overlapped by the.suggestion-actions
fixed element. This change prevents the suggestion content from being hidden. - transmit required protocol version to language server
- Remove unused stylesheet and refactor stylesheets
- Fix a bug in AI Applyfix on Windows.
- Changes some of the colours used in the HTML panel so it's consistent with designs.
- Refactors the feature flag logic into its own service.
- Fix multi-file links in the DataFlow HTML panel.
- Fix applying AI fixes on Windows.
- Add CSS rules for
.light-only
and.dark-only
to the LSP implementation. This allows the LSP to apply different styles based on the current theme. - Update to LS protocol version 12.
- Fix Code Suggestion rendering issue on Windows.
- Renders the AI Fix panel and adds more custom styling for VSCode.
- Adds position line interaction.
- Add warning messages in the Tree View for the issue view options used in consistent ignores.
- Add Data Flow and Ignore Footer intractions for Consistent Ignores flows.
- Fix endpoint computation based on custom endpoint.
- Remove snyk/codeclient dependancy.
- Injects custom styling for the HTML panel used by Snyk Code for consistent ignores.
- Lower the strictness of custom endpoint regex validation so that single tenant APIs are allowed.
- Add the Issue View Options panel to the Snyk Security Settings.
- Fetch Snyk Consistent Ignores feature flag from the Language Server
- Conditionally render Code details panel from Language Server
- Improve the validation of the custom endpoint and change the default to https://api.snyk.io.
- Improve UX of AI fixes by adding previews and options
- updated the language server protocol version to 11 to support global ignores
- Added the [ Ignored ] text if the finding should be marked as ignored.
- Added the [ Ignored ] text if the finding should be marked as ignored.
- do not restrict activation of extension (auto-scan on startup)
- fix: shortened plugin name to just Snyk Security
- Removed Amplitude telemetry and corresponding setting from VSCode
- Updated the
README.md
file to correct and improve the links to the Visual Studio Code extension documentation.
- Changing the custom endpoints has an effect on whether we sent Amplitude events or not
- Snyk Code: Added
isExampleLineEncoded
boolean flag toCommitChangeLine
type to prevent re-encoding strings in the UI of the example code blocks.
- Only send Amplitude events when connected to a MT US environment
- Snyk Code: Optimized performance by caching DOM element references in
suggestion-details
. This minimizes repetitive DOM queries, enhancing the responsiveness and efficiency of the webview. - Snyk Code: Corrected the visibility toggling behavior in the
#suggestion-details
section. Replaced inline styling with CSS class-based approach.
- Snyk Code: New UI section
#suggestion-details
for displaying suggestion details in snykCode. - Snyk Code: Added a collapsible section for suggestion details. This includes a 'Read more' button to toggle the full display of suggestion details.
- Snyk LS: Snyk Open Source Security features now use Language Server backend
- Snyk OSS: Squiggly warning underlines for direct and transitive vulnerabilities
- Snyk OSS: Squiggly underlines colour coded based on severity
- Snyk OSS: Vulnerability count text includes transitive vulnerabilities
- Snyk OSS: Vulnerability count text includes breakdown of vulnerabilities by severity
- Snyk OSS: Hovers lists vulnerabilities and shows summary (without typo)
- Snyk OSS: Hovers show information from security.snyk.io/vuln database
- Snyk OSS: CodeActions shows actions available for all vulnerabilities
- Expanded the server settings returned by
LanguageClientMiddleware
to include necessary attributes for consistent initialization across the application.
- Introduced the
defaultToTrue
utility function withinLanguageServerSettings
to treat undefined feature flags as enabled by default.
- Enhanced the
ServerSettings
type to include user-specific attributes such asintegrationName
,integrationVersion
,automaticAuthentication
, anddeviceId
. This unification simplifies the configuration management.
- The
fromConfiguration
method inLanguageServerSettings
now requires aUser
object to initialize server settings, impacting all areas of the application where server settings are consumed. LanguageClientMiddleware
instantiation now requires aUser
object, aligning with new server settings structure. Consumers must now pass aUser
object upon middleware creation.
- Improved UI: updated issue details panels, used vscode colors where possible, new meta section for Code
- Optimized messages in the UI
- Removed false positives feature flag
- View management: show accurate information during startup of the plugin
- Vulnerabilities in transitive dependencies
- add
language-server
as first positional argument to language server start - enable setting of log level in language server via SNYK_LOG_LEVEL
- enable setting of debug level in language server via
-d
or--debug
- Only check
snykgov.io
domain to check if fedramp
- Fedrammp endpoints will not send Sentry/Amplitude events
- Use Language Server to retrieve vulnerability count for HTML files
- Snyk Learn links
- Plugin Initialization
- Cleaned up unused code.
- Updated support links.
- Added support for OAuth2 authentication
- Snyk Learn: now uses language server to retrieve lessons
- Enabled Autofix for Snyk Code issues.
- Snyk IaC: Added details panel body.
- Snyk IaC: Added code action to navigate from issue in editor to issue details panel.
- Snyk IaC: Remove UI feature flag.
- Snyk IaC: Added tree view.
- Snyk IaC: Added IaC issue data type definitions.
- Snyk IaC: UI Feature flag.
- Enabled dynamic Snyk Code scans via Language Server rollout.
- Extension uses Language Server to run Snyk Code scans.
- Reduce load on Snyk Code API.
- Force Language Server redownload when LSP version increases.
- Snyk Code "Advanced" menu replaced with a settings option called "Scanning Mode".
- Snyk Code results using Language Server in tree view and details panel.
- File ignores for Snyk Code.
- ignore untrusted CAs if strict proxy is disabled
- Enabling Snyk Code scans using Language Server under a feature flag.
- ignore untrusted CAs if strict proxy is disabled
- Enabling Snyk Code scans using Language Server under a feature flag.
- Trust workspace folders if parent dir is trusted.
- Snyk LS: updated protocol version.
- Contact and documentation url.
- Removed background notification about found vulnerabilities in Snyk Open Source.
- Regression introduced in 1.7.6.
- Infrastructure as Code scans via Snyk Language Server without a feature flag.
- Snyk LS: Passing severity filter settings to LS on initialisation.
- Extension crashes when Code disabled and severity filter changed.
- Added workspace trust feature.
- Snyk LS: (Preview) Added IaC scans enabled by feature flag (
lsIacScan
).
Error: Channel has been closed
exception.
http:proxyStrictSSL
option always respected.- Language client respects proxy protocol when proxy is used.
- "The language client requires VS Code version ^1.67.0 but received version 1.x.y" error.
- "Language client is not ready yet when handling" error.
- Snyk LS: Remove feature flag for authentication using Language Server.
- Snyk LS: Configure custom Language Server binary path in settings.
- Snyk LS: Deprecate snyk.logout command.
- Snyk LS: Automatically download and update language server binary
-- Performance issues on some machines due to outdated dependency.
- Snyk LS: Deprecate copyAuthLink command.
- Snyk LS: Handling of hasAuthenticated notification from LS
- Snyk LS: Setting keys translation for language server.
- Snyk-LS: Transmit Snyk Token to language server on manually entering it.
- Snyk LS: Integrated language server - it's deactivated by default
- Snyk LS: Adds functionality for setting a path to a custom LS binary
- Snyk Code: patch for failing when analysis bundle gets expired after its validity period.
- Analytics around Open Source scan notification.
- Snyk Code: failing when analysis bundle gets expired after its validity period.
- Setting to disable extension's automatic dependency management (i.e. Snyk CLI updates).
- Setting to provide path to Snyk CLI executable.
- Analytics around Snyk Code scanning modes.
- Snyk Code: properly render/restore panel on refresh.
- Support for multi-tenant Snyk deployments.
- Updated severity icons
- Snyk Code: don't show example fixes if there are none.
- Snyk Code: prevent fix examples panel from crashing in rare cases.
- Opening extension settings.
- Base64 encoding for Snyk Code analysis file content payloads.
- Links to privacy policy and terms of service.
- Anonymize user IDs before reporting to Sentry.
- "Set Token" command reporting "Cannot read properties of undefined" error.
- "Error: Cannot get password" appearing during retrieval of the token from secret storage.
- Cached Snyk Learn links being opened when clicking on "Learn about this vulnerability".
- Snyk Code inter-file issues linking only to the main file where issue occurs.
- Snyk Code: add support for Single Tenant setups
- Update organization setting description to clarify expected value.
- Snyk Open Source: vulnerability count is shown in NPM
devDependencies
when--dev
flag is passed to Snyk CLI via additional arguments. - Vulnerability detail views now have links to Snyk Learn when we have an appropriate lesson available.
- Reported Snyk Code diagnostics not respecting
snyk.features.codeSecurity
,snyk.features.codeQuality
andsnyk.severity
settings. - Reported diagnostics not opening files from Problems view, when operating in workspace mode with whitespace in paths to workspace folders.
- Command to set API token manually together with a placeholder setting for users to find the command.
- "Error: Unable to write to User Settings because snyk.token is not a registered configuration." appearing during token migration to secret storage.
- Encryption for when storing the Snyk token after successful login.
- Surface request ID when Snyk Code analysis fail in the output channel.
- Extension name to "Security - Code and Open Source Dependencies".
- "Illegal argument: character must be non-negative" error upon receiving Snyk Code analysis.
- The token text field from the extension configuration and will not be visible anymore.
- Check Snyk Code enablement using configured organization from settings.
- Prevent Snyk Code Local Code Engine users from uploading the code to Snyk servers.
- Increase navigation button sizes in Snyk Code example fixes.
- Analysis duration removed from the results tree.
- Do not present the user with error view when token is invalid.
- Proxy environments handling.
- Transient error handling for Snyk Code.
- Automatic scanning not working for Windows environments.
- Failing Open Source Security scan for .NET projects.
- Snyk Code suggestion view being blank periodically when opening an issue.
- Automatic crash reporting for caught and uncaught errors.
- Analytics for vulnerability count hovers.
- Preview feature toggles.
- Extension feedback link.
- Authentication flow for users whose routers cannot resolve IPv6 address.
- Correct user identification in analytics.
- Authentication flow for users who have IPv6 address.
- Snyk Code issues not always opening up from the issue tree.
- Use user environment settings when spawning Snyk CLI as a child process.
- Snyk Code 'Show this suggestion' quick fix not opening the view from an editor.
- Snyk Code suggestion view not displaying when navigating multiple times to the same issue.
- Use standard VS Code buttons for ignoring Snyk Code suggestions in webview.
- Improved network outage tolerance for Snyk Code requests.
- Feedback link updated.
- Surface vulnerability count from OSS scan in editor for JavaScript and TypeScript files.
- Surface vulnerability count from OSS scan in editor for package.json for NPM projects.
- Surface imported modules as part of
<script>
element in editor for HTML files. - Retry CLI download when CLI is not installed correctly and scan is requested.
- Show CLI download failure within the Open Source Security tree view.
- Ability to run A/B experiments using Amplitude Experiment.
- Commit comments as part of Snyk Code suggestion view.
- Wrong casing for the emitted JS file that break extension on Linux and Windows machines.
- Snyk Open Source product support using Snyk CLI.
- Support of the latest Snyk Code API.
- Additional analytical events for issue hover and quick fix contributions.
- Relative Snyk Code bundle file path resolution on Linux systems that leads to extension crashing.
- Feedback form for Snyk Code suggestions.
- Provide feedback around Snyk's technical issues impacting Snyk Code.
- Disabled feedback form temporarily.
- Implemented support for new Snyk Code API.
- Missing capture for "Issue Is Viewed" for Snyk Code quality issues.
- Introduced split between security and quality issues in Snyk Code.
- Ability to copy auth link to clipboard buffer during the authentication process.
- Authentication for IPv6 users.
- Authentication timeout increased.
- Navigation to extension settings.
- Running extension in remote development environment.
- Marketplace links in readme.
- Removed "snyk.codeEnabled' setting as of no need.
- Updated “Help” tree view links.
- Visual amends to settings view.