Olivier Mélois
Olivier Mélois
besides the fact that this actually sets up fore-port (not back-port), do you want to revisit this in order to automate the process a little more ?
Hints aren't the way to go on this one, but we can certainly expose configuration options at [this level](https://github.com/disneystreaming/smithy4s/blob/series/0.18/modules/json/src/smithy4s/json/JsoniterCodecCompiler.scala#L31) (and expose it downstream), and set default limits to reduce the...
@plokhotnyuk just to confirm, are the default values used in jsoniter-scala's `readBigDecimal` sensible ones with regards to security , or should we be stricter in the absence of user customisation...
> Default parameters of jsoniter-scala's readBigDecimal are not sensible for the untrusted input because they limit parsed values to [128-bit representation of floating point numbers (DECIMAL128)](https://en.wikipedia.org/wiki/Decimal128_floating-point_format). Do you actually mean...
Right, so there's two things in this issue ? 1. Should the logic that removes body from HEAD server responses should execute in the case of errors ? I think...
> I'll need to know if we're all fine with such a solution, or whether we want to do anything smarter than that. Here's what I think : 1. We...
@kubukoz yeah preferably so
I'm VERY opposed to transitive checks. I'd rather we invested in scalafix rules to protect against hard-to-evolve patterns.
cost/benefit ratio. It's a lot of computing power to catch what is essentially very edge cases.
> do you know why the unapply has to be private It has to be private in order to signal to the compiler that it should NOT generate the traditional...