hngopher.com

       [HN Gopher] A routine gem update ended up creating $73k worth of...
       ___________________________________________________________________
        
       A routine gem update ended up creating $73k worth of subscriptions
        
       Author : hartator
       Score  : 14 points
       Date   : 2022-01-07 22:26 UTC (34 minutes ago)
        
 (HTM) web link (serpapi.com)
 (TXT) w3m dump (serpapi.com)
        
       | warpech wrote:
       | Mongoid docs[1] seem to be pretty cool about this change:
       | 
       | "As of Mongoid 7.1, logical operators (and, or, nor and not) have
       | been changed to have the the same semantics as those of
       | ActiveRecord. To obtain the semantics of or as it behaved in
       | Mongoid 7.0 and earlier, use any_of which is described below."
       | 
       | Is it just me or is this one of the most terrible breaking
       | changes in a popular, official library ever?
       | 
       | [1]
       | https://docs.mongodb.com/mongoid/current/tutorials/mongoid-q...
        
         | warpech wrote:
         | The SerpAPI blog author seems cool about it, too.
         | 
         | After such a problem, I would roll back and never ever update
         | this dependency again.
        
       | ricardobeat wrote:
       | That sounds like a major, incredibly dangerous update to the DB
       | driver. Their 7.1, 7.2, 7.3 versions seem to all have breaking
       | changes:
       | 
       | https://docs.mongodb.com/mongoid/current/tutorials/mongoid-u...
       | 
       | Yet they are in obvious violation of Semver expectations, which
       | they say to follow [1]:
       | 
       | > Mongoid follows versioning guidelines as outlined by the
       | Semantic Versioning Specification, so you can expect only
       | backwards incompatible changes in major versions.
       | 
       | [1] https://mongoid.github.io/old/en/mongoid/docs/upgrading.html
        
       | fiddlerwoaroof wrote:
       | This sort of behavior change in a dependency would make me
       | blacklist the dependency.
        
         | cinntaile wrote:
         | They fixed the issue, reversed everything, wrote a detailed
         | explanation of what happened and apologized to their users. I
         | don't think you can expect much better than this to be honest?
        
         | x3n0ph3n3 wrote:
         | I shun everything MongoDB because of how immature its
         | engineering culture is.
        
           | gqewogpdqa wrote:
           | Can you explain?
        
       ___________________________________________________________________
       (page generated 2022-01-07 23:00 UTC)