- Lower the strictness of custom endpoint regex validation so that single tenant APIs are allowed.
- Add the Issue View Options panel to the Snyk Security Settings.
- Fetch Snyk Consistent Ignores feature flag from the Language Server
- Conditionally render Code details panel from Language Server
- Improve the validation of the custom endpoint and change the default to https://api.snyk.io.
- Improve UX of AI fixes by adding previews and options
- updated the language server protocol version to 11 to support global ignores
- Added the [ Ignored ] text if the finding should be marked as ignored.
- Added the [ Ignored ] text if the finding should be marked as ignored.
- do not restrict activation of extension (auto-scan on startup)
- fix: shortened plugin name to just Snyk Security
- Removed Amplitude telemetry and corresponding setting from VSCode
- Updated the
README.mdfile to correct and improve the links to the Visual Studio Code extension documentation.
- Changing the custom endpoints has an effect on whether we sent Amplitude events or not
- Snyk Code: Added
isExampleLineEncodedboolean flag toCommitChangeLinetype to prevent re-encoding strings in the UI of the example code blocks.
- Only send Amplitude events when connected to a MT US environment
- Snyk Code: Optimized performance by caching DOM element references in
suggestion-details. This minimizes repetitive DOM queries, enhancing the responsiveness and efficiency of the webview. - Snyk Code: Corrected the visibility toggling behavior in the
#suggestion-detailssection. Replaced inline styling with CSS class-based approach.
- Snyk Code: New UI section
#suggestion-detailsfor displaying suggestion details in snykCode. - Snyk Code: Added a collapsible section for suggestion details. This includes a 'Read more' button to toggle the full display of suggestion details.
- Snyk LS: Snyk Open Source Security features now use Language Server backend
- Snyk OSS: Squiggly warning underlines for direct and transitive vulnerabilities
- Snyk OSS: Squiggly underlines colour coded based on severity
- Snyk OSS: Vulnerability count text includes transitive vulnerabilities
- Snyk OSS: Vulnerability count text includes breakdown of vulnerabilities by severity
- Snyk OSS: Hovers lists vulnerabilities and shows summary (without typo)
- Snyk OSS: Hovers show information from security.snyk.io/vuln database
- Snyk OSS: CodeActions shows actions available for all vulnerabilities
- Expanded the server settings returned by
LanguageClientMiddlewareto include necessary attributes for consistent initialization across the application.
- Introduced the
defaultToTrueutility function withinLanguageServerSettingsto treat undefined feature flags as enabled by default.
- Enhanced the
ServerSettingstype to include user-specific attributes such asintegrationName,integrationVersion,automaticAuthentication, anddeviceId. This unification simplifies the configuration management.
- The
fromConfigurationmethod inLanguageServerSettingsnow requires aUserobject to initialize server settings, impacting all areas of the application where server settings are consumed. LanguageClientMiddlewareinstantiation now requires aUserobject, aligning with new server settings structure. Consumers must now pass aUserobject upon middleware creation.
- Improved UI: updated issue details panels, used vscode colors where possible, new meta section for Code
- Optimized messages in the UI
- Removed false positives feature flag
- View management: show accurate information during startup of the plugin
- Vulnerabilities in transitive dependencies
- add
language-serveras first positional argument to language server start - enable setting of log level in language server via SNYK_LOG_LEVEL
- enable setting of debug level in language server via
-dor--debug
- Only check
snykgov.iodomain to check if fedramp
- Fedrammp endpoints will not send Sentry/Amplitude events
- Use Language Server to retrieve vulnerability count for HTML files
- Snyk Learn links
- Plugin Initialization
- Cleaned up unused code.
- Updated support links.
- Added support for OAuth2 authentication
- Snyk Learn: now uses language server to retrieve lessons
- Enabled Autofix for Snyk Code issues.
- Snyk IaC: Added details panel body.
- Snyk IaC: Added code action to navigate from issue in editor to issue details panel.
- Snyk IaC: Remove UI feature flag.
- Snyk IaC: Added tree view.
- Snyk IaC: Added IaC issue data type definitions.
- Snyk IaC: UI Feature flag.
- Enabled dynamic Snyk Code scans via Language Server rollout.
- Extension uses Language Server to run Snyk Code scans.
- Reduce load on Snyk Code API.
- Force Language Server redownload when LSP version increases.
- Snyk Code "Advanced" menu replaced with a settings option called "Scanning Mode".
- Snyk Code results using Language Server in tree view and details panel.
- File ignores for Snyk Code.
- ignore untrusted CAs if strict proxy is disabled
- Enabling Snyk Code scans using Language Server under a feature flag.
- ignore untrusted CAs if strict proxy is disabled
- Enabling Snyk Code scans using Language Server under a feature flag.
- Trust workspace folders if parent dir is trusted.
- Snyk LS: updated protocol version.
- Contact and documentation url.
- Removed background notification about found vulnerabilities in Snyk Open Source.
- Regression introduced in 1.7.6.
- Infrastructure as Code scans via Snyk Language Server without a feature flag.
- Snyk LS: Passing severity filter settings to LS on initialisation.
- Extension crashes when Code disabled and severity filter changed.
- Added workspace trust feature.
- Snyk LS: (Preview) Added IaC scans enabled by feature flag (
lsIacScan).
Error: Channel has been closedexception.
http:proxyStrictSSLoption always respected.- Language client respects proxy protocol when proxy is used.
- "The language client requires VS Code version ^1.67.0 but received version 1.x.y" error.
- "Language client is not ready yet when handling" error.
- Snyk LS: Remove feature flag for authentication using Language Server.
- Snyk LS: Configure custom Language Server binary path in settings.
- Snyk LS: Deprecate snyk.logout command.
- Snyk LS: Automatically download and update language server binary
-- Performance issues on some machines due to outdated dependency.
- Snyk LS: Deprecate copyAuthLink command.
- Snyk LS: Handling of hasAuthenticated notification from LS
- Snyk LS: Setting keys translation for language server.
- Snyk-LS: Transmit Snyk Token to language server on manually entering it.
- Snyk LS: Integrated language server - it's deactivated by default
- Snyk LS: Adds functionality for setting a path to a custom LS binary
- Snyk Code: patch for failing when analysis bundle gets expired after its validity period.
- Analytics around Open Source scan notification.
- Snyk Code: failing when analysis bundle gets expired after its validity period.
- Setting to disable extension's automatic dependency management (i.e. Snyk CLI updates).
- Setting to provide path to Snyk CLI executable.
- Analytics around Snyk Code scanning modes.
- Snyk Code: properly render/restore panel on refresh.
- Support for multi-tenant Snyk deployments.
- Updated severity icons
- Snyk Code: don't show example fixes if there are none.
- Snyk Code: prevent fix examples panel from crashing in rare cases.
- Opening extension settings.
- Base64 encoding for Snyk Code analysis file content payloads.
- Links to privacy policy and terms of service.
- Anonymize user IDs before reporting to Sentry.
- "Set Token" command reporting "Cannot read properties of undefined" error.
- "Error: Cannot get password" appearing during retrieval of the token from secret storage.
- Cached Snyk Learn links being opened when clicking on "Learn about this vulnerability".
- Snyk Code inter-file issues linking only to the main file where issue occurs.
- Snyk Code: add support for Single Tenant setups
- Update organization setting description to clarify expected value.
- Snyk Open Source: vulnerability count is shown in NPM
devDependencieswhen--devflag is passed to Snyk CLI via additional arguments. - Vulnerability detail views now have links to Snyk Learn when we have an appropriate lesson available.
- Reported Snyk Code diagnostics not respecting
snyk.features.codeSecurity,snyk.features.codeQualityandsnyk.severitysettings. - Reported diagnostics not opening files from Problems view, when operating in workspace mode with whitespace in paths to workspace folders.
- Command to set API token manually together with a placeholder setting for users to find the command.
- "Error: Unable to write to User Settings because snyk.token is not a registered configuration." appearing during token migration to secret storage.
- Encryption for when storing the Snyk token after successful login.
- Surface request ID when Snyk Code analysis fail in the output channel.
- Extension name to "Security - Code and Open Source Dependencies".
- "Illegal argument: character must be non-negative" error upon receiving Snyk Code analysis.
- The token text field from the extension configuration and will not be visible anymore.
- Check Snyk Code enablement using configured organization from settings.
- Prevent Snyk Code Local Code Engine users from uploading the code to Snyk servers.
- Increase navigation button sizes in Snyk Code example fixes.
- Analysis duration removed from the results tree.
- Do not present the user with error view when token is invalid.
- Proxy environments handling.
- Transient error handling for Snyk Code.
- Automatic scanning not working for Windows environments.
- Failing Open Source Security scan for .NET projects.
- Snyk Code suggestion view being blank periodically when opening an issue.
- Automatic crash reporting for caught and uncaught errors.
- Analytics for vulnerability count hovers.
- Preview feature toggles.
- Extension feedback link.
- Authentication flow for users whose routers cannot resolve IPv6 address.
- Correct user identification in analytics.
- Authentication flow for users who have IPv6 address.
- Snyk Code issues not always opening up from the issue tree.
- Use user environment settings when spawning Snyk CLI as a child process.
- Snyk Code 'Show this suggestion' quick fix not opening the view from an editor.
- Snyk Code suggestion view not displaying when navigating multiple times to the same issue.
- Use standard VS Code buttons for ignoring Snyk Code suggestions in webview.
- Improved network outage tolerance for Snyk Code requests.
- Feedback link updated.
- Surface vulnerability count from OSS scan in editor for JavaScript and TypeScript files.
- Surface vulnerability count from OSS scan in editor for package.json for NPM projects.
- Surface imported modules as part of
<script>element in editor for HTML files. - Retry CLI download when CLI is not installed correctly and scan is requested.
- Show CLI download failure within the Open Source Security tree view.
- Ability to run A/B experiments using Amplitude Experiment.
- Commit comments as part of Snyk Code suggestion view.
- Wrong casing for the emitted JS file that break extension on Linux and Windows machines.
- Snyk Open Source product support using Snyk CLI.
- Support of the latest Snyk Code API.
- Additional analytical events for issue hover and quick fix contributions.
- Relative Snyk Code bundle file path resolution on Linux systems that leads to extension crashing.
- Feedback form for Snyk Code suggestions.
- Provide feedback around Snyk's technical issues impacting Snyk Code.
- Disabled feedback form temporarily.
- Implemented support for new Snyk Code API.
- Missing capture for "Issue Is Viewed" for Snyk Code quality issues.
- Introduced split between security and quality issues in Snyk Code.
- Ability to copy auth link to clipboard buffer during the authentication process.
- Authentication for IPv6 users.
- Authentication timeout increased.
- Navigation to extension settings.
- Running extension in remote development environment.
- Marketplace links in readme.
- Removed "snyk.codeEnabled' setting as of no need.
- Updated “Help” tree view links.
- Visual amends to settings view.