Vscode: Visual Studio Code should update itself silently

Problem with automatic, unconfirmed updating is that users might rely on a feature that breaks with the update, they might require a specific extension that doesn't work properly with the update, etc.

In very strict environments, the user might not even have the required privileges for the update process to complete successfully, or he might be required to ask for approval of a superior before upgrading a toolset, etc.

For the insiders release, I would actually welcome it not nagging every day and just updating automatically, for the stable release, not so much since that is the tool I rely on for production usage.

Should be a setting so the user can pick whether they want to automatically upgrade

This is the 'stable channel' version of #7389.

Could be a setting defaulted to false. Can already imagine an avalanche of "high cpu/hdd load on startup // VSC unresponsive // etc" bugreports every update if this feature becomes a default behavior.

This is the number 1 thing that bothers me about code specifically on Windows, (so that just speaks to how great code is). I'm not sure if anything is being done here so I feel compelled to add my two cents. This is not just annoying to people on the insider track. The stable updates come frequently enough to annoy the shit out of me over the last year. There is a well-established pattern for how to do this and you should just copy: chrome, github for windows, spotify, slack, curse, or any other of the tons of desktop apps that have frequent updates do it silently and automatically.

Might break functionality:
How do I know as a user that the update is going to break my workflow? Until I install it, I don't. Even if I do read the release notes, I might not understand the implications until I use it. By leaving that choice up to the user you shift the blame for things breaking onto them and give them a crappy update experience as a bonus. Instead, if this is a legitimate concern, you should provide an easy way to roll back to the previous known-good version. More work for you, yes, but more satisfaction for end users.

Might cause high load on startup:
Don't install the update on startup. No one wants slow startup. There are many ways around this, install in the background, install on shutdown... again copy one of the other apps that does it right.

Make it a setting:
If you must. Most users won't know or care about it, unless you turn it off by default, then every user will have to know about it because they will all want to enable it!

Might not have permissions:
Code should install into AppData\Local or some other non-restricted location. If that means it doesn't use MSI, so much the better.

@CodyBatt You make some good points.

I'm curious, though, did you get an update that broke functionality? If so, please file an issue on that.

There is a setting to disable updates: update.channel: "none".

User installations: #534

@joaomoreno No update has ever broken functionality for me (I was just responding to what I think is a weak excuse for the current update behavior). I don't want to disable updates! Like the OP stated, I just want them to occur silently, automatically, without interrupting my workflow.

There is one really good thing about the current behavior, when I have insomnia, I can just think about the update experience in VS code and cry myself to sleep. :)

I agree. I am constantly being asked to restart VS Code because of extension updates. And the upgrade of VS Code does not work. When I get annoyed enough of the prompts I download the latest version and reinstall.

UPDATE
_Note I am running on Mac OS X._

I determined via log file ~/Library/Application\ Support/com.microsoft.VSCode.ShipIt/ShipIt_stderr.log that my problem was permissions.

I had VSCode installed in /Applications and it could not replace that version with the update.

I have moved it into ~/Applications and adjusted my helper script accordingly. I have not seen any more requests for restart where they were coming every 5-10 mins.

Notice that I found a bunch of cruft in a directory named /var/folders/lj/vc5bqkb1107_sxdtx3gnp1yr0000gp/T as well.

Agreed, this would make vscode more attractive to use frequently, with less tedious updates.

I made a simple solution for Debian:
https://github.com/ideaconnect/vscode-autoupdate

I have it in cron, automatically updates vscode for my everyday around 11:00

What I want is to be able to press "never annoy me again" whenever I see "an update is available". I don't care unless something breaks, and then I do it on my own. Those update notifications are annoying, and that is the real problem.

One thing that needs to be improved on: When you choose to finally update, VS Code won't reopen with previously open files. It's fine for that type of behaviour if you as the user choose to click on X. Not so much if the intent wasn't to end the session but rather to just update the software. Not sure if that's a separate issue, but a silent update should definitely ensure that all your files remain open.

On topic: one way to solve this is to make the updater work without having to shut down VS Code, and instead offer you the option to restart VS Code to make changes take effect (without nagging about it). This way, the next time you run VS Code even from a cold boot, you'll have the new version running (to avoid 'long startup' grumbles).

Please make VSCode act the way chrome does over an update (assuming you've enable tab restoration in chrome).

• Unobtrusive notification
• Update is fully behind-the-scenes (no terrible installation wizard)
• Fast since real update isn't done on e.g. launch path
• Restores state after done

My solution for Ubuntu: Activate the repository for it (https://code.visualstudio.com/docs/setup/linux), set the system update to 'automatic' and set in vscode the option "update.channel": "none". Now Ubuntu's apt updates vscode and vscode does not annoy me with update notifications.

How can I set update.channel: "none" per machine?

In Linux it is not a common practice for programs to be self-updating. I wouldn't even want this. My habit of typing apt update && apt upgrade does the job. Even if I don't - there may be a smaller notification than there is currently. For example, look at regular Visual Studio (not vscode) for Windows notification flag about updates. It's small, in the corner and it doesn't get in the way. You can do the update anytime, even manually and make this flag disappear. Another example - compare, let's say, Firefox on Windows and on Linux - on Windows it updates itself, on Linux not, there is a package manager for that.

I don't care if it auto-upgrades, but please allow me to turn off that notification.

@yamlfd File --> Preferences --> Settings
The global settings files opens on the left, on the right your personal settings. Just copy&past the update.channel: "none" line to your personal settings.

It need to be set per Machine. The software need to be installed per machine and users do not have permission to update the software. Updates are only deployed via AD with .msi files.

An MSI based installer with a property to enable or disable system level automatic updates would make managing and deploying Code via ConfigMgr much easier. Also, please stop Code from auto launching after a silent install.

For Christ sake, stop the nagging or at least coalesce the updates in no more than 1 per week. This is driving me insane.

To me is as easy as @frr149 said, you dont need silent updates, if they do it once a month, let's say once every 3 months... it's driving me nuts, every time I open it, I have to close the information windows "you have a new update, blah blah"

@joaomoreno Any updates on this? I swear every week or two there's an update, and it would be great to have this done silently.

Second this! Would love to turn on silent updates.

I more love to disable automatic updates for AD deployment. Nobody except me controls what version will be installed as newer versions can also break your environment.

That’s one approach. But you’re making an arbitrary distinction between code that runs on the desktop and code that runs in the cloud and gets served to the desktop.

You say you don’t want any new version of visual studio code to get deployed into anyone’s computer. And I assume because you don’t want that new code that is in the new release. You’d rather run the older code that’s already installed.

But you have no problem with your developers running code in visual studio team services I suppose.. that’s code that runs on some server and also is deployed to the client via JavaScript.

You don’t control the new version of JavaScript being deployed from a web server to the browser, but you oppose new JavaScript that’s running inside of visual studio code, right? Is it because of sandboxing?

What if there was an entirely cloud bard version of visual studio code.. would you allow your developers to run the newer versions then?

What would be the difference between the two?

I’m not saying there’s no difference. One has to be installed and runs at a higher privilege. The other one doesn’t. But is that the distinction?

What if the editor didn’t get installed in “add/remove program file”, but just got installed in the browser Vahe somehow.. like google chrome apps, which can have higher privileges security, but they’re not installed the same way as other windows apps.. would you allow that?

I’m curious why your are super controlling about what gets installed on your users machines in once case but not another. Im making the assumption that you allow your users to browse to website that have JavaScript.

Thank you in advance.

From: Alexander Hass notifications@github.com
Sent: Sunday, April 1, 2018 2:56:06 PM
To: Microsoft/vscode
Cc: Kenneth Kasajian; Author
Subject: Re: [Microsoft/vscode] Visual Studio Code should update itself silently (#9539)

I more would love to disable automatic updates for AD deployment. Nobody except me controls what version will be installed as newer versions can also break your environment.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHubhttps://github.com/Microsoft/vscode/issues/9539#issuecomment-377819763, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ACRjnekAMVDbj3_VMqfw7NJdNWkkdsjrks5tkUz2gaJpZM4JQ5en.

The full process of installation to local systems need to be controlable by admins. That stuff does not run in a browser sandbox as I know. It also has access to local filesystems and so on.

Software that runs only online cannot installed. Developer may be in highly restrictive areas - offline - so that they are not able to steal the product source code.

Internet connections are unreliable and down or are slow. Everything need to run without cloud.

Only allowed chrome apps can be installed per gpo. That means adblock and nothing else.

Vscode would be blocked as software need to be installed per computer and not per user. Per user is waste of disk.

Would not want to work where you work @alexhass... sounds like a nightmare.

This is not about not giving you a software you need. It is about developers who run software with security bugs and they are not aware of them - or they just ignore it. These guys risk your company data and security and customers privacy. I understand thst data protection is not popular and it is cooler to sell the data. A minority of developers have security and updates in mind. They have other responsibilities... and no time.

Can you as a developer (I guess you are) make sure that all applications (i really mean - every app) you installed is always up to date and you monitor every of your installed software for security issues and the release notes - every day/week? And you uninstall software under risk - if the developer of a open source software who changed the job and discontinued the development?

And we are still not talking about code style, indention, file encoding chaos... we expierienced all this... the hard way.

Finally you never expierienced compatibility issues with roaming profiles or other software that need to work together, but the latest version broke the integration and there is no workaround than downgrading? But wait... auto upgrade brings you seconds later to the broken state again? Than you can no longer develop anything until MS or another vendor has fixed the bug? But the bug is low prio for them and takes a year or longer to fix as they feal new features are more important than enabling you to work?

If you never expierienced this you may be a newbie or you just had a lot of luck... :-).

I know developers like to be administrators on their computers... and they feal limited if not, but better they are not administrators. This may not fit for everyone, but for the masses it do.

For most users, like myself, I don't review the code changes to vscode or to extensions before approving install of them. So having the option - and it can be an option, and doesn't have to be the default, to auto-install without bothering me every time for vscode and extension updates - would be great. It will make no difference in my security, as I always click "yes" to update every time without reviewing what code has changed, what changelogs are, or even what extensions / components are being updated.

For those concerned about security of updates (and would actually do something about it, like review what's to be updated) they can just not enable (or opt-out of) auto-update of vscode, auto-update of all extensions, and/or even disable/enable auto-updates per extension (similar to how can change Auto-Update = Default | On | Off per extension in Firefox).

Otherwise, for many, I believe just being able to view history of past updates - like in Firefox -to figure out, what, if any, may have caused some issues and to rollback an update (or manually install previous version, or disable the extension or auto-update of it/vscode) would suffice in many cases.

That said, it would be nice if, like in Chrome and Firefox, extensions advertise what permissions they request (eg. ability to edit files beyond just are opened as content or limited vscode files or their own config files), and you can choose to approve or disable those permissions per extension.

There's gray areas here that you're ignoring. You can run cloud software
offline. HTML5 supports that. You can also run cloud technology with or
without access to local file system.

So the issue really isn't that software is being installed on the computer
-- the issue is that software is being installed that can gain access to
the local file system. At least, that's one of the issues.

If Visual Studio Code ran entirely as a web-app, with the same security
limitations as going to cnn.com, you may not have an issue with it.

Now if Visual Studio Code ran entirely in the cloud Except that it has
the ability for the user to grant it access to the Documents folder.
Okay, now that's something that I can see the Admin wanting control over.

This model is closer to how Store-Apps get installed. You can have a
store-app that has very little rights because they didn't request them, and
the rights weren't granted.

Now, if I have two computers, both running a hypothetical version of Visual
Studio Code completely in the cloud, but one has access to my local file
system, and one does not. Next, there's a new version of Visual Studio
available. The first version, there's nothing for me to do. I simply get
the new version because everything is in the cloud -- like how cnn.com
updates its web-site. The second version, that access the local file
system, I think you're saying you do not want to update automatically --
you want to have the option for the user to continue to run the older
version until you decide to "upgrade". Is that correct?

By the way, running Visual Studio Code completely in the cloud is not so
hypothetical. See: https://typefox.io/theia-vs-code-in-the-cloud

On Mon, Apr 2, 2018 at 1:07 AM, Alexander Hass notifications@github.com
wrote:

The full process of installation to local systems need to be controlable
by admins. That stuff does not run in a browser sandbox as I know. It also
has access to local filesystems and so on.

Software that runs only online cannot installed. Developer may be in
highly restrictive areas - offline - so that they are not able to steal the
product source code.

Internet connections are unreliable and down or are slow. Everything need
to run without cloud.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/Microsoft/vscode/issues/9539#issuecomment-377880479,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ACRjnX_Mgmd6vve5Zky8kph9KzLpffQ_ks5tkdwzgaJpZM4JQ5en
.

How do I hide the release notes? I will never read them and they are annoying.

Stupid question for this thread.... (sorry) but how did you enable auto update? I have 4 installations on different versions of windows - none of them even tried to update itself - only plugins receive updates.

I thought we all developers here? :trollface:

I've developed a script to update it on Windows. 🍻😏

It seems like extensions are auto-updating without prompt recently for me, and the design for background install of VSCode core updates seems much less intrusive.

That said, I tend to always click when see bar to begin background update, so if you've seen it failing to auto-update when don't do so, let me know.

@alexhass, @kasajian, (and others interested in Permissions, Security and Auto-Updating for Extensions),

You may want to a look at the new issue I created, #52116, for "Extension Permission Management, Updating, Security & Categories", as I'd created that in part based on discussions here.

I'd be interested in any feedback you may have as comments there, as well as any +1's if you believe these are enhancements that should be a priority.

Scope & Features Proposed:

I have proposed, in detail there, how Extension Permissions management could function and be exposed to users, including descriptions of dialogs for prompting users to allow/deny permissions on extension install vs. updating, changes to Extensions Sidebar and Details pages, specific warnings and when to show them, types of permissions could define (and whether may default to opt-out or opt-in for them), APIs could provide, how extensions could operate with more limited or conditional functionality, and how could crowdsource extension safety reporting.

Also, I've proposed here creation of Extension Type Categories, (for Language Syntax, File Management, Source Control, etc.) could be useful in-and-of-themselves in browsing for extensions, like how Chrome and Firefox extensions are organized, and could also help provide a good idea, at a glance, of likely required permissions, and relative extension functionality, as well as be used to control what permission are opt-in or opt-out by default or should have warnings shown for them, if higher risk than expected for a certain type of extension.

I've also proposed there that users can disable Auto-Update behavior for specific extensions, which, besides being useful in its own right, could allow users to stick with previous versions which require fewer permissions, manually review updates for higher-risk extensions, or avoid updating to problematic versions of extensions until issues are resolved.

I never argued against auto-update of extensions, Only about vscode itself that is installed system wide.

Please please please make it just a symbol (again, not blinking one) for update notification. It is very very annoying every time I have to switch it off.

"you should provide an easy way to roll back to the previous known-good version."

We really miss this, but its also a sign of to many bad releases. Just give us whichever is easiest to implement :-)