Skip to content

fix(api): guard out-of-range numeric since on /api/pulls#234

Open
jaso0n0818 wants to merge 1 commit into
MkDev11:mainfrom
jaso0n0818:fix/pulls-since-rangeerror
Open

fix(api): guard out-of-range numeric since on /api/pulls#234
jaso0n0818 wants to merge 1 commit into
MkDev11:mainfrom
jaso0n0818:fix/pulls-since-rangeerror

Conversation

@jaso0n0818

@jaso0n0818 jaso0n0818 commented Jun 14, 2026
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown

Summary

/api/pulls?since=... could crash with an unhandled RangeError on a malformed since value. parseSinceIso took the numeric branch for any finite since > 0 and called new Date(sinceMs).toISOString() without validating the result. A finite but out-of-range epoch (e.g. ?since=1e21, or a 20-digit integer) produces an Invalid Date, and Date.prototype.toISOString() throws RangeError: Invalid time value on it — so the route returned a 500 instead of treating it as a bad filter.

The date-string branch right below already guards with Number.isFinite(sinceDate.getTime()); this applies the same guard to the numeric branch, so an out-of-range since falls through to null (no filter), consistent with how other malformed input is handled.

Related Issues

No issue; small input-robustness fix in the same vein as the existing malformed-input handling.

Type of Change

  • Bug fix
  • New feature
  • Enhancement
  • Refactor
  • Documentation
  • Other (describe):

Testing

  • pnpm build passes
  • Manual browser smoke test (for UI changes)
  • N/A — API-only change

Ran from the repo root (Node 22, pnpm 10):

pnpm run lint   # clean, --max-warnings=0
pnpm build      # next build succeeds

Reproduced the bug and confirmed the fix against the isolated parseSinceIso logic:

before:  ?since=1e21                  -> throws RangeError: Invalid time value (500)
         ?since=99999999999999999999  -> throws RangeError (500)
after:   ?since=1e21                  -> null  (treated as no since-filter)
         ?since=99999999999999999999  -> null
         ?since=1700000000000         -> 2023-11-14T22:13:20.000Z  (unchanged)
         ?since=2026-06-01            -> 2026-06-01T00:00:00.000Z  (unchanged)
         ?since=not-a-date            -> null  (unchanged)

Checklist

  • Self-reviewed the diff
  • Follows existing code patterns and naming
  • No unrelated changes included
  • Documentation updated if behavior changed

Summary by CodeRabbit

  • Bug Fixes
    • Improved date handling in the API so out-of-range numeric timestamps and invalid date inputs no longer cause crashes. Invalid values are now safely detected and handled gracefully instead of triggering errors.

@coderabbitai

coderabbitai Bot commented Jun 14, 2026
edited
Loading

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 1dc72534-2e3f-43ba-8437-c63ef85cd9d9

📥 Commits

Reviewing files that changed from the base of the PR and between c57ee02 and 8fbdc0b.

📒 Files selected for processing (1)
  • src/app/api/pulls/route.ts
🚧 Files skipped from review as they are similar to previous changes (1)
  • src/app/api/pulls/route.ts
📝 Walkthrough

Walkthrough

In parseSinceIso within src/app/api/pulls/route.ts, the direct new Date(sinceMs).toISOString() call is replaced with a two-step guard: the Date is constructed first, its getTime() is checked for finiteness, and toISOString() is only called if the result is valid, otherwise falling through to the existing null return path.

Changes

Defensive epoch guard in parseSinceIso

Layer / File(s) Summary
Guard toISOString against out-of-range epochs
src/app/api/pulls/route.ts		 parseSinceIso now constructs the Date from the epoch, checks getTime() is finite before calling toISOString(), and falls through to null for out-of-range values instead of throwing a RangeError.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

A date once leapt off the edge of time,
Throwing errors most foul, most unkind.
🐇 But the rabbit checked first — is it finite? Oh fine!
Then .toISOString() safely aligned.
No RangeErrors lurk in this warren of mine! 🌟

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and concisely describes the main fix: guarding out-of-range numeric values in the 'since' parameter of the /api/pulls endpoint.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

src/app/api/pulls/route.ts

ESLint skipped: missing config or dependency (missing-dependency). The ESLint configuration references a package that is not available in the sandbox.

Warning

Billing warning: we have not been able to collect payment for this subscription for more than 72 hours. Please update the payment method or pay any pending invoices in Billing to avoid service interruption.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@jaso0n0818 jaso0n0818 force-pushed the fix/pulls-since-rangeerror branch from 64de80f to e4cfca7 Compare June 20, 2026 03:41
@jaso0n0818
fix(api): guard out-of-range numeric since on /api/pulls
8fbdc0b 
parseSinceIso took the numeric branch for any finite `since > 0` and called
new Date(sinceMs).toISOString() without validating the result. A finite but
out-of-range epoch (e.g. ?since=1e21 or a 20-digit integer) produces an Invalid
Date, and Date.prototype.toISOString() throws RangeError on it, so the request
crashed with an unhandled 500 instead of being treated as a malformed filter.

Validate the millisecond date before formatting, mirroring the guard already
applied to the date-string branch, so an out-of-range `since` falls through to
null (no filter) like other malformed input.
@jaso0n0818 jaso0n0818 force-pushed the fix/pulls-since-rangeerror branch from c57ee02 to 8fbdc0b Compare June 24, 2026 04:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jaso0n0818