| ▲ | shwestrick 4 days ago | |
I like this example. The client who didn't notice a difference would probably call it a bugfix. The client whose software got ever-so-slightly more reliable probably would call it a minor update. The client whose software previously was loading large files (luckily) without issue would call it major, because now their software just doesn't work anymore. | ||
| ▲ | michaelt 4 days ago | parent [-] | |
It's also an almost-real situation (although I wasn't the library developer involved) You can Google "YAMLException: The incoming YAML document exceeds the limit" - an error introduced in response to CVE-2022-38752 - to see what happens when a library introduces a new input size limit. What happened in that case is: the updated library bumps their version from 1.31 to 1.32; then a downstream application updates their dependencies, passes all tests, and updates their version from 9.3.8.0 to 9.3.9.0 | ||