Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: placeOrder backwards incompatible changes included in patch from v2.4.6-p7 -> v2.4.6-p8. #39282

Open
damienwebdev opened this issue Oct 19, 2024 · 1 comment
Open

bug: placeOrder backwards incompatible changes included in patch from v2.4.6-p7 -> v2.4.6-p8. #39282

damienwebdev opened this issue Oct 19, 2024 · 1 comment
Labels
Issue: ready for confirmation Project: GraphQL Reported on 2.4.6-p8 Indicates original Magento version for the Issue report.

Comments

@damienwebdev
Copy link
Member

damienwebdev commented Oct 19, 2024
edited
Loading

As a developer, I want my app to continue working after I apply security patches.

  1. Be on Magento v2.4.6-p7, with a working application.
  2. Upgrade to v2.4.6-p8 on release day because there are security vulnerabilities.
  3. Break existing user-facing workflows because semver doesn't matter and software is a meme.
  4. Wonder how this commit made it into a security release.

For reproduction:

  1. Run placeOrder on v2.4.6-p7 and expect an error graphql response.
  2. Write code based on the behavior of v2.4.6-p7
  3. Upgrade to v2.4.6-p8
  4. Run placeOrder on v2.4.6-p7 and expect an error graphql response.
  5. (BREAKING CHANGE) Get a "success" response with a null for data with a new "errors" key.
{
    "data": {
        "placeOrder": {
            "order": null,
            "__typename": "PlaceOrderOutput"
        }
    }
}

I'm getting painfully bored and tired of breaking applications because I try to have good security routines like applying security patches the day of release.

https://experienceleague.adobe.com/en/docs/commerce-operations/release/notes/security-patches/2-4-6-patches contains no mention of this BiC change.

If a change results in user programs breaking, it's a bug in the kernel. We never EVER blame the user programs. How hard can this be to understand?

Seriously. Do better.
@m2-assistant M2 Assistant
Copy link

m2-assistant bot commented Oct 19, 2024

Hi @damienwebdev. Thank you for your report.
To speed up processing of this issue, make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce.

Join Magento Community Engineering Slack and ask your questions in #github channel.
⚠️ According to the Magento Contribution requirements, all issues must go through the Community Contributions Triage process. Community Contributions Triage is a public meeting.
🕙 You can find the schedule on the Magento Community Calendar page.
📞 The triage of issues happens in the queue order. If you want to speed up the delivery of your contribution, join the Community Contributions Triage session to discuss the appropriate ticket.

@engcom-Bravo engcom-Bravo added the Reported on 2.4.6-p8 Indicates original Magento version for the Issue report. label Oct 21, 2024
@damienwebdev damienwebdev mentioned this issue Oct 25, 2024
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Issue: ready for confirmation Project: GraphQL Reported on 2.4.6-p8 Indicates original Magento version for the Issue report.
Projects
Issue Confirmation and Triage Board
Status: Ready for Confirmation
Milestone
No milestone
Development

No branches or pull requests
2 participants
@damienwebdev @engcom-Bravo