Add max baggage length as limitation

[XSAM]

goos: darwin
goarch: arm64
pkg: go.opentelemetry.io/otel/baggage
cpu: Apple M1 Max
                  │      old.txt      │               new.txt                │
                  │      sec/op       │   sec/op     vs base                 │
ParseOversized-10   23409245.5n ± 14%   133.2n ± 3%  -100.00% (p=0.000 n=10)

                  │    old.txt     │              new.txt               │
                  │      B/op      │    B/op     vs base                │
ParseOversized-10   801099.00 ± 0%   88.00 ± 0%  -99.99% (p=0.000 n=10)

                  │     old.txt     │               new.txt               │
                  │    allocs/op    │ allocs/op   vs base                 │
ParseOversized-10   250007.000 ± 0%   3.000 ± 0%  -100.00% (p=0.000 n=10)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 82.9%. Comparing base (effbbb2) to head (84bb8b4).

Additional details and impacted files

@@          Coverage Diff          @@
##            main   #8222   +/-   ##
=====================================
  Coverage   82.9%   82.9%           
=====================================
  Files        314     314           
  Lines      24998   25024   +26     
=====================================
+ Hits       20745   20768   +23     
- Misses      3881    3882    +1     
- Partials     372     374    +2     

Files with missing lines	Coverage Δ
baggage/baggage.go	98.7% <100.0%> (-0.8%)	⬇️
propagation/baggage.go	96.6% <100.0%> (+1.6%)	⬆️

... and 3 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull request overview

Adds stricter enforcement of W3C Baggage size limits across parsing (baggage) and extraction (propagation), and reduces overhead/error verbosity for malformed inputs.

Changes:

• Enforce an 8192-byte maximum baggage string size in baggage.Parse, and cap joined parse errors to a fixed maximum.
• Add an aggregate byte budget guard when extracting from multiple baggage header values in the propagator.
• Update/add tests and a benchmark to cover oversized inputs and aggregate-budget behavior, plus a changelog entry.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
propagation/baggage.go	Adds aggregate byte budget limit when processing multiple baggage header values.
propagation/baggage_test.go	Updates expectations for aggregate-budget behavior and adds new extraction tests.
baggage/baggage.go	Adds max-size early rejection and caps how many parse errors are joined.
baggage/baggage_test.go	Updates parse tests for new oversize behavior; adds benchmark and error-cap test.
CHANGELOG.md	Adds a release note about the baggage parsing/extraction change.

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

[MrAlias]

Thanks for tightening the aggregate-size handling here. I think there is one edge case left around repeated baggage headers where the combined wire value can still exceed the intended limit. I left an inline note on the specific check with the concrete case and the adjustment that should make the enforcement consistent.

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

[pellared]

Can you add both benchmark and benchstat results to the PR description?

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.