Is it truly necessary for Gin to use bytedance/sonic as a dependency, given that it is written mostly in C and ASM. I worry about the security of this dependency and whether it could be used for supply-chain attacks.
It also depends on https://github.com/cloudwego/iasm which is a rather obscure package. Furthermore, sonic does not seem to produce tangible speed improvements over other packages such as simdjson.
Comment From: Etherdrake
Closing this as https://github.com/cloudwego/iasm and https://github.com/cloudwego/base64x look safe.