# Changelog

We periodically release new versions of the VGS Show\.js library whenever we make changes.

### Version 2.2.2 (02/19/2025)

* Fixed vulnerabilities.
* Added validation rules for post messages.
* Added `routeId` attribute support.

## Version 2.2.1 (04/23/2024)

* Fixed vulnerabilities.
* Added CSP rules to the iframe to improve security.

### Version 2.2.0 (03/05/2024)

* Added CSP rules to the iframe to improve security.
* Fixed security vulnerabilities.

### Version 2.1.1 (12/07/2023)

* Fixed the error message when the vault environment is not specified.

### Version 2.1.0 (03/06/2023)

* Added the `.retry()` method to the frame, which allows retrying the HTTP request whenever possible.
* Added the `.unmount()` method to the frame, which removes an iframe from the DOM and clears all internal references to the frame.

### Version 2.0.2 (11/02/2022)

* Fixed a looping issue that occurred in some cases and affected browser performance.

### Version 2.0.1 (07/07/2022)

* Fixed an issue where unescaped characters would be missing.

### Version 2.0.0 (05/25/2022)

* Fixed vulnerabilities.
* Added `.setEnvironment()`, `setCname()` methods.

### Version 1.5 (12/10/2021)

* Added the ability to send [HTTP requests with the `FormData()`](https://docs.verygoodsecurity.com/vault/developer-tools/vgs-show/configuration#vgs-showjs-request-with-formdata-payload).
* Added `.on()/.off()` [listeners](https://docs.verygoodsecurity.com/vault/developer-tools/vgs-show/configuration#onevent-callback) for the following events: `requestSuccess`, `requestFail`, `revealSuccess`, `revealFail`.

### Version 1.4 (09/29/2021)

* Added `withCredentials` parameter to the [`.request()` method](https://docs.verygoodsecurity.com/vault/developer-tools/vgs-show/configuration#configure-request), which indicates that the request should be made [using credentials](https://docs.verygoodsecurity.com/vault/developer-tools/vgs-show/configuration#vgs-showjs-and-cookies).
* Fixed the bug related to revealing the same payload (tokens) for different `.request()` methods.

### Version 1.3

* Added the ability to reveal the same payload (tokens) for different `.request()` methods in one HTTP request.

## Ensuring Script Integrity for PCI Compliance

With the introduction of PCI DSS version 4.0, a new requirement has been put forth to ensure the integrity of scripts that run on payment pages. Script Integrity is crucial in maintaining the security and trustworthiness of online payment systems, as any unauthorized modifications to these scripts could potentially lead to data breaches or fraudulent activities. To meet this requirement, organizations must implement mechanisms to verify the integrity of each script utilized on their payment pages.

With the introduction of PCI DSS version 4.0, a new requirement has been put forth to ensure the integrity of scripts that run on payment pages. Script Integrity is crucial in maintaining the security and trustworthiness of online payment systems, as any unauthorized modifications to these scripts could potentially lead to data breaches or fraudulent activities. To meet this requirement, organizations must implement mechanisms to verify the integrity of each script utilized on their payment pages.

<table><thead><tr><th width="125.375">Version</th><th width="465.83984375">SHA384 Hash</th><th>Timestamp (ISO 8601)</th></tr></thead><tbody><tr><td>2.2.2</td><td>sha384-70nFlhYfZpPZ0nh4E9kRCT2HXORAKatDFQXQP8Dxq8motfd35aSMMu9g6VE/oAIV</td><td>2025-02-19T21:47:04.000Z</td></tr><tr><td>2.2.1</td><td>sha384-3qbYQie/bJEfQqq3px5LohJx5u+54dTKUNKCF0zkBT+vYXFbpkLeOuCCjzMasktv</td><td>2024-04-23T12:26:34.000Z</td></tr><tr><td>2.2.0</td><td>sha384-kiKDirXBU4edzCB0t+i6LU3wL/gMlT51nn2yAKHvNzr+58J21OfT3U2JscAjRAX5</td><td>2024-03-04T20:32:03.000Z</td></tr><tr><td>2.1.1</td><td>sha384-KWsP3JIZ6Ah1oXbWCWm0fPWiLN/pFcc87anUK0bJgzGuCz6D6v15jFHTLh7rBD6z</td><td>2023-12-07T23:17:12.000Z</td></tr><tr><td>2.1.0</td><td>sha384-/7dRxL0Sb3hPx9vbg++zZuWs/U93E1RLkDgS0lwec9/o6O6zYk78Iuyb3Yo81sxw</td><td>2023-03-02T19:57:23.000Z</td></tr><tr><td>2.0.2</td><td>sha384-7lKpSwOH/giA4p/b7gWoGlMY2FRTJEBl21jfvoVJpM0UaQ2QDnGIzh+GukBXwgY/</td><td>2022-11-03T00:06:02.000Z</td></tr><tr><td>2.0.1</td><td>sha384-gfVmNUvPv/BVhaWuDPOpY0P/Rm81k2vQGTCkpdYcJQY0a+zu4VEkU18oivxqLc6o</td><td>2022-07-07T18:14:24.000Z</td></tr><tr><td>2.0.0</td><td>sha384-QmcoNvWg9HhC0IWzfKCSex519X+jecicvODmON+B3XLuFhqTsue40GRoL8Em6Y/q</td><td>2022-05-25T22:38:13.000Z</td></tr></tbody></table>

Example:\<script type="text/javascript" src="<https://js.verygoodvault.com/vgs-show/2.2.2/show.js>" integrity="sha

### Migrating from VGS Show\.js v1 to v2

#### Migration Guide

For the Show\.js v2, it's required to additionally set the vault environment: `sandbox`, `live`.

#### Integration examples

v1:

```javascript

const show = VGSShow.create('<VAULT_ID>', function(state) {})
                    .setEnvironment('<ENVIRONMENT>');

```

v2:

```javascript

const show = VGSShow.create('<VAULT_ID>', function(state) {})
                    .setEnvironment('<ENVIRONMENT>')
                    .setCname('my-cname.com');

```