pgproto3 icon indicating copy to clipboard operation
pgproto3 copied to clipboard

Published 20 hours ago verified publisher icon jackc

v2.3.3 breaking changes

Open charconstpointer opened this issue 11 months ago • 1 comments

any reason v2.3.3 includes breaking API changes and is not a major release?

charconstpointer avatar Mar 18 '24 13:03 charconstpointer

It was a security fix.

jackc avatar Mar 20 '24 23:03 jackc

Also running into this issue with transitive dependencies.. func (src *ErrorResponse) Encode(dst []byte) []byte is now returning an error in addition to []byte.

If you don't want to cut a new major version, would it not be better to panic instead of changing the signature?

dan-j avatar May 09 '24 10:05 dan-j

🤷 There were no perfect solutions.

A major release was infeasible (especially since this repo is already a major release behind, the current release is part of pgx v5). It causes a lot of churn and leaves everyone who didn't upgrade vulnerable.

A panic was considered, but that only changes the vulnerability to a DoS. A WithError method could be added, but that still leaves all existing code vulnerable.

The signature change is unfortunate, but it does force the issue to be resolved properly.

jackc avatar May 09 '24 21:05 jackc