placeholder

How a routine gem update ended up creating $73k worth of subscriptions

On November 5, 2021 (a Friday of course), we've deployed innocent-looking gem updates. Minor versions of Ruby on Rails, Ruby Sentry client, Ruby Slack client, http libraries, Puma, Devise, OmniAuth Ruby client, Mongoid, and a few test gems. However, something went very wrong. We saw odd Stripe error...

Click to view the original at serpapi.com

Hasnain says:

The downside of SemVer and always updating dependencies immediately. And on the importance of tests.

(this totally should have been a breaking change called out far and wide).

"Even if that Mongoid shouldn't have changed existing methods behaviors between minor versions, my implementation was a true code smell as it was unclear what it did. This code should never have been deployed to production. But also and more importantly, the feature itself was a bad idea. Using our API to scrape search engine results shouldn't trigger a renewal of a credit card subscription in the first place. And we'll be removing that feature as soon as possible."

Posted on 2022-01-17T20:30:42+0000