[Audit] axum: /compression uses default gzip level (6) instead of required level 1

## Violation

**File:** `frameworks/axum/src/main.rs`
**Endpoint:** `/compression`

### What it does

The axum implementation uses `tower_http::compression::CompressionLayer::new()` for gzip compression:

```rust
.layer(CompressionLayer::new())
```

`CompressionLayer::new()` uses flate2's default compression level, which is **level 6** — not the required level 1.

### What the spec requires

The test profile specifies:
> Must use gzip level 1 (fastest)

### Suggested fix

Use `CompressionLayer::new().quality(tower_http::CompressionLevel::Fastest)` or equivalent to set gzip level 1:

```rust
use tower_http::compression::CompressionLayer;

.layer(
    CompressionLayer::new()
        .quality(tower_http::CompressionLevel::Fastest)
)
```

This maps to flate2 `Compression::fast()` which is level 1.

### Additional note (gray area)

Same as actix (#73): the `/compression` endpoint pre-computes totals and pre-serializes the JSON at startup via `build_json_cache()`. The compression itself happens per-request through the middleware layer. Flagging the pre-serialization as a gray area, not a hard violation.

(Same pattern as go-fasthttp #66 and actix #73)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Audit] axum: /compression uses default gzip level (6) instead of required level 1 #74

Violation

What it does

What the spec requires

Suggested fix

Additional note (gray area)

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

[Audit] axum: /compression uses default gzip level (6) instead of required level 1 #74

Description

Violation

What it does

What the spec requires

Suggested fix

Additional note (gray area)

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions