Are there plans to move to Netty 4.2.x? We're on 4.2.12 at work and I don't remember the 4.1.x to 4.2.x update being hard for us (we don't use Aleph, but we hook into Netty pretty deeply). Just curious, since I'm not an Aleph user.
Oh, nm, just seen a thread here on Feb 12th about that... will go read it...
Right, it's underway :)
Ah, looks like it's a little more involved for Aleph than it was for the things we hooked into. Fair enough. I was mostly just curious and figured I'd pop into the channel and ask 🙂 Sometimes with these Java libraries, even a patch-level change can be breaking, let alone a "minor"-level change 🙂
Indeed 😅 Do you use any of the new features in 4.2?
Not that I recall. We just mostly try to stay on the latest version of all libraries, if we can. We have a few laggards, that have breaking changes so severe we just couldn't face the upgrade... 🙂
Jackson 💀
We have worked hard to not depend on anything with Jackson 🙂
That's why we have ring-data-json which is ring-json but uses org.clojure/data.json instead of Cheshire 🙂
Ah there were some substantial improvements to data.json in the recent past, right?
Back when I considered it, it was quite slow and also very lenient
Yes, massive performance improvements, which allowed us to switch.
I like that it has zero deps 🙂
last time I checked it still lacked an equivalent of https://fasterxml.github.io/jackson-core/javadoc/2.9/com/fasterxml/jackson/core/JsonParser.Feature.html#STRICT_DUPLICATE_DETECTION though
True, it doesn't have as many knobs'n'dials. That option has quite the performance overhead in Jackson: Note that enabling this feature will incur performance overhead due to having to store and check additional information: this typically adds 20-30% to execution time for basic parsing.
Indeed. I imagine it might be less expensive to add to data.json 🤔
let's see if there's a JIRA issue about that already...
I consider this a rather important security feature to thwart parser differential attacks