Did you know that in Ruby 3.1.3 and prior some regexps could take a long time to process?
Don't believe me? Try running this in a 3.1.3 irb console:
`/^a*b?a*$/ =~ "a" * 50000 + "x"`
Your system will halt for like 10 seconds before returning no matches. This is the basis for ReDoS (Regexp Denial of Service) attacks.
Thankfully, Ruby 3.2.0 has fixed this and the same regexp gets resolved in 0.003 seconds. They also added a `Regex.timeout` global option which would prevent your app from falling victim to ReDoS attacks!
Yesterday I implemented gzip request support in a project and noticed there are no gems for that. There's `Rack::Deflater` but that's for responses, not requests. Apparently, incoming gzipped payloads are uncommon. 🤷♀
Maybe an opportunity to write a new gem? 🤔