docs: address review findings on YAML depth validation
- Add safety note on Strict() decoder not expanding aliases recursively, since alias resolution uses the pre-validated AST (finding #1) - Document that ast.Node map keys rely on pointer identity, which holds because all goccy/go-yaml AST types are pointer receivers (finding #2) - Clarify AnchorNode comment: effective depth budget is reduced for anchor+alias pairs, not literally halved (finding #3) - Improve test depth trace comment for accuracy (finding #4) - Add HTML comment in CONVENTIONS.md referencing #91 for the two-step process deviation (finding #5)
This commit is contained in:
claw
@@ -21,6 +21,8 @@ To request a new dependency:
|
||||
2. Requires explicit approval from Aaron
|
||||
3. After merge, a separate PR may use the package
|
||||
|
||||
<!-- Deviation from step 1+3 for go-yaml migration: see #91 for rationale. -->
|
||||
|
||||
*Enforcement: `scripts/check-deps.sh` parses this table — update only here.*
|
||||
|
||||
## Error Handling
|
||||
|
||||
Reference in New Issue
Block a user