# Changelog

We periodically release new versions of the VGS Show\.js library whenever we make changes.

### Version 2.2.2 (02/19/2025)

* Fixed vulnerabilities.
* Added validation rules for post messages.
* Added `routeId` attribute support.

## Version 2.2.1 (04/23/2024)

* Fixed vulnerabilities.
* Added CSP rules to the iframe to improve security.

### Version 2.2.0 (03/05/2024)

* Added CSP rules to the iframe to improve security.
* Fixed security vulnerabilities.

### Version 2.1.1 (12/07/2023)

* Fixed the error message when the vault environment is not specified.

### Version 2.1.0 (03/06/2023)

* Added the `.retry()` method to the frame, which allows retrying the HTTP request whenever possible.
* Added the `.unmount()` method to the frame, which removes an iframe from the DOM and clears all internal references to the frame.

### Version 2.0.2 (11/02/2022)

* Fixed a looping issue that occurred in some cases and affected browser performance.

### Version 2.0.1 (07/07/2022)

* Fixed an issue where unescaped characters would be missing.

### Version 2.0.0 (05/25/2022)

* Fixed vulnerabilities.
* Added `.setEnvironment()`, `setCname()` methods.

### Version 1.5 (12/10/2021)

* Added the ability to send [HTTP requests with the `FormData()`](/vault/developer-tools/vgs-show/js/configuration.md#vgs-showjs-request-with-formdata-payload).
* Added `.on()/.off()` [listeners](/vault/developer-tools/vgs-show/js/configuration.md#onevent-callback) for the following events: `requestSuccess`, `requestFail`, `revealSuccess`, `revealFail`.

### Version 1.4 (09/29/2021)

* Added `withCredentials` parameter to the [`.request()` method](/vault/developer-tools/vgs-show/js/configuration.md#configure-request), which indicates that the request should be made [using credentials](/vault/developer-tools/vgs-show/js/configuration.md#vgs-showjs-and-cookies).
* Fixed the bug related to revealing the same payload (tokens) for different `.request()` methods.

### Version 1.3

* Added the ability to reveal the same payload (tokens) for different `.request()` methods in one HTTP request.

## Ensuring Script Integrity for PCI Compliance

With the introduction of PCI DSS version 4.0, a new requirement has been put forth to ensure the integrity of scripts that run on payment pages. Script Integrity is crucial in maintaining the security and trustworthiness of online payment systems, as any unauthorized modifications to these scripts could potentially lead to data breaches or fraudulent activities. To meet this requirement, organizations must implement mechanisms to verify the integrity of each script utilized on their payment pages.

With the introduction of PCI DSS version 4.0, a new requirement has been put forth to ensure the integrity of scripts that run on payment pages. Script Integrity is crucial in maintaining the security and trustworthiness of online payment systems, as any unauthorized modifications to these scripts could potentially lead to data breaches or fraudulent activities. To meet this requirement, organizations must implement mechanisms to verify the integrity of each script utilized on their payment pages.

<table><thead><tr><th width="125.375">Version</th><th width="465.83984375">SHA384 Hash</th><th>Timestamp (ISO 8601)</th></tr></thead><tbody><tr><td>2.2.2</td><td>sha384-70nFlhYfZpPZ0nh4E9kRCT2HXORAKatDFQXQP8Dxq8motfd35aSMMu9g6VE/oAIV</td><td>2025-02-19T21:47:04.000Z</td></tr><tr><td>2.2.1</td><td>sha384-3qbYQie/bJEfQqq3px5LohJx5u+54dTKUNKCF0zkBT+vYXFbpkLeOuCCjzMasktv</td><td>2024-04-23T12:26:34.000Z</td></tr><tr><td>2.2.0</td><td>sha384-kiKDirXBU4edzCB0t+i6LU3wL/gMlT51nn2yAKHvNzr+58J21OfT3U2JscAjRAX5</td><td>2024-03-04T20:32:03.000Z</td></tr><tr><td>2.1.1</td><td>sha384-KWsP3JIZ6Ah1oXbWCWm0fPWiLN/pFcc87anUK0bJgzGuCz6D6v15jFHTLh7rBD6z</td><td>2023-12-07T23:17:12.000Z</td></tr><tr><td>2.1.0</td><td>sha384-/7dRxL0Sb3hPx9vbg++zZuWs/U93E1RLkDgS0lwec9/o6O6zYk78Iuyb3Yo81sxw</td><td>2023-03-02T19:57:23.000Z</td></tr><tr><td>2.0.2</td><td>sha384-7lKpSwOH/giA4p/b7gWoGlMY2FRTJEBl21jfvoVJpM0UaQ2QDnGIzh+GukBXwgY/</td><td>2022-11-03T00:06:02.000Z</td></tr><tr><td>2.0.1</td><td>sha384-gfVmNUvPv/BVhaWuDPOpY0P/Rm81k2vQGTCkpdYcJQY0a+zu4VEkU18oivxqLc6o</td><td>2022-07-07T18:14:24.000Z</td></tr><tr><td>2.0.0</td><td>sha384-QmcoNvWg9HhC0IWzfKCSex519X+jecicvODmON+B3XLuFhqTsue40GRoL8Em6Y/q</td><td>2022-05-25T22:38:13.000Z</td></tr></tbody></table>

Example:\<script type="text/javascript" src="<https://js.verygoodvault.com/vgs-show/2.2.2/show.js>" integrity="sha

### Migrating from VGS Show\.js v1 to v2

#### Migration Guide

For the Show\.js v2, it's required to additionally set the vault environment: `sandbox`, `live`.

#### Integration examples

v1:

```javascript

const show = VGSShow.create('<VAULT_ID>', function(state) {})
                    .setEnvironment('<ENVIRONMENT>');

```

v2:

```javascript

const show = VGSShow.create('<VAULT_ID>', function(state) {})
                    .setEnvironment('<ENVIRONMENT>')
                    .setCname('my-cname.com');

```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.verygoodsecurity.com/vault/developer-tools/vgs-show/js/changelog.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.