Scala 3 slowed us down?

(kmaliszewski9.github.io)

261 points kmaliszewski | 2 comments | 07 Dec 25 15:08 UTC | HN request time: 0s | source

Show context

jiehong ◴[07 Dec 25 18:17 UTC] No.46183745[source]▶

>>46182202 (OP) #

> After upgrading the library, performance and CPU characteristics on Scala 3 became indistinguishable from Scala 2.13.

Checking the bug mentioned, it was fixed in 2022.

So, I’m wondering how one would upgrade to scala 3, while keeping old version of libraries?

Keeping updated libraries is a good practice (even mandatory if you get audits like PCI-DSS).

That part puzzled me more than the rest.

replies(5): >>46184252 #>>46184274 #>>46184465 #>>46185518 #>>46187166 #

1. tasuki ◴[07 Dec 25 21:49 UTC] No.46185518[source]▶

>>46183745 #

> Keeping updated libraries is a good practice

First, the "good practice" argument is just an attempt to shut down the discussion. God wanted it so.

Second, I rather keep my dependencies outdated. New features, new bugs. Why update, unless there's a specific reason to do so? By upgrading, you're opening yourself up to:

- Accidental new bugs that didn't have the time to be spotted yet.

- Subtly different runtime characteristics (see the original post).

- Maintainer going rogue or the dependency getting hijacked and introducing security issues, unless you audit the full code whenever upgrading (which you don't).

replies(1): >>46206188 #

2. Cpoll ◴[09 Dec 25 15:46 UTC] No.46206188[source]▶

>>46185518 (TP) #

It's true that you can satisfy the audit just by running dependency scans and updating the ones that come back vulnerable. Unfortunately, in a lot of ecosystems, that ends up looking the same as keeping all your libraries updated.

You can instead document exceptions for why all those vulnerabilities doesn't apply to your app, but that's sometimes more trouble.

↑