From 966bbab2a634ea91e22f78437a74b16892c9f49e Mon Sep 17 00:00:00 2001
From: Hailong Cui <ihailong@amazon.com>
Date: Tue, 29 Oct 2024 23:44:07 +0800
Subject: [PATCH 1/3] fix typo cause it will always trigger JSON11 parse

Signed-off-by: Hailong Cui <ihailong@amazon.com>
---
 lib/Serializer.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/Serializer.js b/lib/Serializer.js
index 2636a53d0..2864718d8 100644
--- a/lib/Serializer.js
+++ b/lib/Serializer.js
@@ -101,7 +101,7 @@ class Serializer {
       if (
         numeralsAreNumbers &&
         typeof val === 'number' &&
-        (val < Number.MAX_SAFE_INTEGER || val > Number.MAX_SAFE_INTEGER)
+        (val < Number.MIN_SAFE_INTEGER || val > Number.MAX_SAFE_INTEGER)
       ) {
         numeralsAreNumbers = false;
       }

From 6c3fd0881467b46a92cdb0221d0be2f80b0edd2d Mon Sep 17 00:00:00 2001
From: Hailong Cui <ihailong@amazon.com>
Date: Tue, 29 Oct 2024 23:52:31 +0800
Subject: [PATCH 2/3] add changelog

Signed-off-by: Hailong Cui <ihailong@amazon.com>
---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5ad9e8c49..3b4cac4a8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,7 @@ Inspired by [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 ### Removed
 ### Fixed
 - Upgrade JSON11 from 1.1.2 to 2.0.0 to ensure UTF-8 safety when stringifying JSON data
+- Fixed typo cause JSON11 parse will always be execute when json string has number inside
 ### Security
 
 ## [3.0.0]

From b011e0d83741b2ef9a3f0e4b65d9c02ed669dd6f Mon Sep 17 00:00:00 2001
From: Hailong Cui <ihailong@amazon.com>
Date: Wed, 30 Oct 2024 10:41:49 +0800
Subject: [PATCH 3/3] add unit test

Signed-off-by: Hailong Cui <ihailong@amazon.com>
---
 test/unit/serializer.test.js | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/test/unit/serializer.test.js b/test/unit/serializer.test.js
index 1773fce07..41bb466f3 100644
--- a/test/unit/serializer.test.js
+++ b/test/unit/serializer.test.js
@@ -79,6 +79,37 @@ test('Long numerals enabled', (t) => {
   t.match(res, `"[ ${longNegative.toString()}, ${longPositive.toString()} ]"`);
 });
 
+test('Long numerals enabled and json not includes large numbers', (t) => {
+  t.plan(2);
+  const s = new Serializer({ enableLongNumeralSupport: true });
+  const longPositive = BigInt(Number.MAX_SAFE_INTEGER) * 2n; // eslint-disable-line no-undef
+  const longNegative = BigInt(Number.MIN_SAFE_INTEGER) * 2n; // eslint-disable-line no-undef
+  const json =
+    `{` +
+    // The space before and after the values, and the lack of spaces before comma are intentional
+    `"false-positive-1": "෴${longNegative.toString()}", ` +
+    `"false-positive-2": "[ ߷${longPositive.toString()} ]", ` +
+    `"false-positive-3": "\\": ֍${longPositive.toString()}\\"", ` +
+    `"false-positive-4": "෴߷֍${longPositive.toString()}", ` +
+    `"normal-number": 2024,` +
+    `"max-safe-integer": ${Number.MAX_SAFE_INTEGER},` +
+    `"min-safe-integer": ${Number.MIN_SAFE_INTEGER}` +
+    `}`;
+  const obj = s.deserialize(json);
+  const res = s.serialize(obj);
+  t.same(obj, {
+    'normal-number': 2024,
+    'max-safe-integer': `${Number.MAX_SAFE_INTEGER}`,
+    'min-safe-integer': `${Number.MIN_SAFE_INTEGER}`,
+    'false-positive-4': `෴߷֍${longPositive.toString()}`,
+    'false-positive-3': `": ֍${longPositive.toString()}"`,
+    'false-positive-2': `[ ߷${longPositive.toString()} ]`,
+    'false-positive-1': `෴${longNegative.toString()}`,
+  });
+  // The space before and after the values, and the lack of spaces before comma are intentional
+  t.equal(res.replace(/\s+/g, ''), json.replace(/\s+/g, ''));
+});
+
 test('long numerals not enabled', (t) => {
   t.plan(5);
   const s = new Serializer({ enableLongNumeralSupport: false });