Comprehensive repository bug analysis and fix system

[ersinkoc]

This commit addresses 4 bugs identified in comprehensive repository analysis:

1. BUG-NEW-002 (MEDIUM): Fixed number parsing edge case where values with trailing zeros (e.g., "1.0", "2.00") were not parsed as numbers.

   • Changed parseArrayValue to use Number() instead of parseFloat()
   • Added empty/whitespace string check to prevent parsing "" as 0
   • Added comprehensive test coverage for edge cases

2. BUG-NEW-001 (HIGH): Fixed ESLint configuration incompatibility

   • Updated package.json ESLint dependencies to compatible versions
   • Reinstalled node_modules to resolve configuration issues
   • Verified linting now works correctly

3. BUG-NEW-005 (LOW): Corrected swapped comments in encoding.ts

   • Fixed comment on line 31: "a-z" → "A-Z" (0x41-0x5A)
   • Fixed comment on line 32: "A-Z" → "a-z" (0x61-0x7A)

Test Results:

• All 497 tests passing (+2 new tests)
• Code coverage maintained at 99.33%
• Zero linting errors
• No breaking changes

See BUG_FIX_REPORT_2025-11-16.md for detailed analysis.

[gemini-code-assist]

Summary of Changes

Hello @ersinkoc, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request delivers a comprehensive set of bug fixes and improvements, primarily focusing on enhancing the robustness of number parsing, resolving critical ESLint configuration issues, and improving code clarity through comment corrections. It also includes a detailed bug report for transparency and future maintenance planning, ensuring the project's stability and developer experience are significantly improved without introducing breaking changes.

Highlights

• Number Parsing Fix: Corrected the parseArrayValue function to accurately parse numbers with trailing zeros (e.g., "1.0" as 1) and prevent empty or whitespace strings from being incorrectly interpreted as numeric zero.
• ESLint Configuration Resolved: Addressed a high-severity ESLint configuration incompatibility by updating package.json dependencies to compatible versions, ensuring linting now runs correctly with zero errors.
• Comment Accuracy Improved: Fixed swapped comments in src/utils/encoding.ts that incorrectly described character ranges for uppercase and lowercase letters, improving code readability and maintainability.
• Comprehensive Bug Report: A detailed bug fix report (BUG_FIX_REPORT_2025-11-16.md) has been added, documenting all identified bugs, their impact, and the applied fixes, as well as noting documented but unfixed issues like development dependency vulnerabilities.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request successfully addresses several bugs, notably fixing an ESLint configuration issue and a number parsing edge case. The introduction of a detailed bug report in markdown is a great addition for project documentation. My review focuses on a potential issue introduced by the number parsing fix and a related documentation inconsistency. I've identified a high-severity issue where the new parsing logic unintentionally supports non-decimal number formats (like hexadecimal), which could lead to unexpected behavior. I've provided a safer implementation using a regular expression. I also found a medium-severity issue in the new bug report, where it incorrectly states a vulnerability as 'Not Fixed' when the dependency updates in this PR appear to resolve it.

[gemini-code-assist]

The change to Number(val) is a good fix for the trailing-zero issue, but it introduces a new problem: it will parse non-decimal number formats like hexadecimal (e.g., '0xFF'), which is likely not desired for a query string parser. This could lead to unexpected data types and potential security issues.

A safer approach is to use a regular expression to validate that the string is a standard decimal number before parsing it. This ensures you handle trailing zeros correctly without accidentally parsing other number formats.

  if (options.parseNumbers) {
    const trimmedVal = val.trim();
    // Use a regex to strictly validate the string as a decimal number.
    // This correctly handles trailing zeros (like "1.0") while preventing
    // the parsing of hexadecimal/octal literals or strings with trailing text.
    if (/^-?(?:\d+|\d*\.\d+|\d+\.\d*)$/.test(trimmedVal)) {
      return parseFloat(trimmedVal);
    }
  }

[gemini-code-assist]

The report states that the js-yaml < 4.1.1 prototype pollution vulnerability is documented but not fixed. However, the package-lock.json changes in this PR appear to update js-yaml to versions that resolve this vulnerability (e.g., 4.1.1 and 3.14.2). This discrepancy makes the report inconsistent with the actual changes. Please update this section to accurately reflect the fixes applied.

[gemini-code-assist]

These are good tests for the trailing zero fix. To make the number parsing logic more robust (as mentioned in my other comment), it would be beneficial to also add test cases to ensure that non-decimal number formats are not parsed as numbers. For example:

it('should not parse non-decimal number formats', () => {
  expect(parseArrayValue('0xFF', { parseNumbers: true })).toBe('0xFF');
  expect(parseArrayValue('0o77', { parseNumbers: true })).toBe('0o77');
});