safeJsonFloat() documents an outputSize parameter, but the non-null/non-NaN path uses dtostrf() which has no length parameter and can overflow the provided buffer for large magnitudes / higher precision. Consider switching to a bounded formatter where available (e.g., snprintf with %.*f on ESP32), or at minimum ensure the result is truncated/terminated within outputSize and clearly document required minimum buffer sizes.
safeJsonFloat() documents an outputSize parameter, but the non-null/non-NaN path uses dtostrf() which has no length parameter and can overflow the provided buffer for large magnitudes / higher precision. Consider switching to a bounded formatter where available (e.g., snprintf with %.*f on ESP32), or at minimum ensure the result is truncated/terminated within outputSize and clearly document required minimum buffer sizes.