Skip to content

Revert "fix(router): support BigInt in query parameters" #89283

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
eps1lon merged 1 commit into from
Jan 30, 2026
Merged

Revert "fix(router): support BigInt in query parameters" #89283

eps1lon merged 1 commit into from
Jan 30, 2026
+1 −2

Conversation

@eps1lon
Copy link
Member

@eps1lon eps1lon commented Jan 30, 2026
edited
Loading

Reverts #89213

#89213 is missing the deserialization part which has security (DoS) implications: Deserializing BigInts needs to be limited since unreasonably large numbers (500+ digits) take a lot of blocking CPU time (upwards of 50ms).

If people really want to put BigInt into their search params, they can call .toString themselves and deserialize it. But since this makes a DDoS pretty trivial, we don't want to encourage BigInt for search params unless Next.js can make deserialization safe.
@eps1lon eps1lon requested a review from unstubbable January 30, 2026 10:09
@eps1lon eps1lon enabled auto-merge (squash) January 30, 2026 10:10
@nextjs-bot
Copy link
Collaborator

nextjs-bot commented Jan 30, 2026
edited
Loading

Tests Passed
@mischnic
Copy link
Member

mischnic commented Jan 30, 2026

cc @bgw
@nextjs-bot
Copy link
Collaborator

nextjs-bot commented Jan 30, 2026

Stats from current PR

✅ No significant changes detected

📊 All Metrics
📖 Metrics Glossary

Dev Server Metrics:

  • Listen = TCP port starts accepting connections
  • First Request = HTTP server returns successful response
  • Cold = Fresh build (no cache)
  • Warm = With cached build artifacts

Build Metrics:

  • Fresh = Clean build (no .next directory)
  • Cached = With existing .next directory

Change Thresholds:

  • Time: Changes < 50ms AND < 10%, OR < 2% are insignificant
  • Size: Changes < 1KB AND < 1% are insignificant
  • All other changes are flagged to catch regressions

⚡ Dev Server

Metric Canary PR Change Trend
Cold (Listen) 456ms 455ms ▁▁█▁▁
Cold (Ready in log) 436ms 434ms ▆▇█▇▅
Cold (First Request) 1.176s 1.143s ▇▇█▇▆
Warm (Listen) 456ms 456ms ▁▁█▁▁
Warm (Ready in log) 440ms 444ms ▁▁█▁▁
Warm (First Request) 337ms 339ms ▁█▂▆▁
📦 Dev Server (Webpack) (Legacy)

📦 Dev Server (Webpack)

Metric Canary PR Change Trend
Cold (Listen) 455ms 455ms ▁▁▁▁▁
Cold (Ready in log) 439ms 438ms ▁▁▁▁▁
Cold (First Request) 1.839s 1.829s ▁▁▁▁▁
Warm (Listen) 455ms 456ms ▁▁▁▁▁
Warm (Ready in log) 438ms 438ms ▁▁▁▁▁
Warm (First Request) 1.848s 1.845s ▁▁▁▁▁

⚡ Production Builds

Metric Canary PR Change Trend
Fresh Build 3.889s 3.884s ▂▂█▂▁
Cached Build 3.818s 3.859s ▁▂█▂▁
📦 Production Builds (Webpack) (Legacy)

📦 Production Builds (Webpack)

Metric Canary PR Change Trend
Fresh Build 13.651s 13.685s ▁▁▁▅▁
Cached Build 13.807s 13.824s ▁▁▁▁▁
node_modules Size 463 MB 463 MB ▁▁▁▁▁
📦 Bundle Sizes

Bundle Sizes

⚡ Turbopack

Client

Main Bundles: **434 kB** → **434 kB** ✅ -1 B

81 files with content-based hashes (individual files not comparable between builds)

Server

Middleware
Canary PR Change
middleware-b..fest.js gzip 765 B 766 B
Total 765 B 766 B ⚠️ +1 B
Build Details
Build Manifests
Canary PR Change
_buildManifest.js gzip 451 B 451 B
Total 451 B 451 B

📦 Webpack

Client

Main Bundles
Canary PR Change
5528-HASH.js gzip 5.47 kB N/A -
6280-HASH.js gzip 54.4 kB N/A -
6335.HASH.js gzip 169 B N/A -
912-HASH.js gzip 4.53 kB N/A -
e8aec2e4-HASH.js gzip 62.5 kB N/A -
framework-HASH.js gzip 59.7 kB 59.7 kB
main-app-HASH.js gzip 256 B 254 B
main-HASH.js gzip 39 kB 39 kB
webpack-HASH.js gzip 1.68 kB 1.68 kB
262-HASH.js gzip N/A 4.52 kB -
2889.HASH.js gzip N/A 169 B -
5602-HASH.js gzip N/A 5.48 kB -
6948ada0-HASH.js gzip N/A 62.5 kB -
9544-HASH.js gzip N/A 55.1 kB -
Total 228 kB 228 kB ⚠️ +684 B
Polyfills
Canary PR Change
polyfills-HASH.js gzip 39.4 kB 39.4 kB
Total 39.4 kB 39.4 kB
Pages
Canary PR Change
_app-HASH.js gzip 194 B 194 B
_error-HASH.js gzip 183 B 180 B 🟢 3 B (-2%)
css-HASH.js gzip 331 B 330 B
dynamic-HASH.js gzip 1.81 kB 1.81 kB
edge-ssr-HASH.js gzip 256 B 256 B
head-HASH.js gzip 351 B 352 B
hooks-HASH.js gzip 384 B 383 B
image-HASH.js gzip 580 B 581 B
index-HASH.js gzip 260 B 260 B
link-HASH.js gzip 2.49 kB 2.49 kB
routerDirect..HASH.js gzip 320 B 319 B
script-HASH.js gzip 386 B 386 B
withRouter-HASH.js gzip 315 B 315 B
1afbb74e6ecf..834.css gzip 106 B 106 B
Total 7.97 kB 7.97 kB ✅ -1 B

Server

Edge SSR
Canary PR Change
edge-ssr.js gzip 126 kB 126 kB
page.js gzip 247 kB 248 kB
Total 374 kB 374 kB ⚠️ +305 B
Middleware
Canary PR Change
middleware-b..fest.js gzip 615 B 615 B
middleware-r..fest.js gzip 156 B 155 B
middleware.js gzip 32.9 kB 33.2 kB
edge-runtime..pack.js gzip 842 B 842 B
Total 34.5 kB 34.8 kB ⚠️ +316 B
Build Details
Build Manifests
Canary PR Change
_buildManifest.js gzip 732 B 736 B
Total 732 B 736 B ⚠️ +4 B
Build Cache
Canary PR Change
0.pack gzip 3.76 MB 3.78 MB 🔴 +15 kB (+0%)
index.pack gzip 102 kB 102 kB
index.pack.old gzip 102 kB 99.6 kB 🟢 2.55 kB (-2%)
Total 3.96 MB 3.98 MB ⚠️ +11.6 kB

🔄 Shared (bundler-independent)

Runtimes
Canary PR Change
app-page-exp...dev.js gzip 311 kB 311 kB
app-page-exp..prod.js gzip 166 kB 166 kB
app-page-tur...dev.js gzip 311 kB 311 kB
app-page-tur..prod.js gzip 166 kB 166 kB
app-page-tur...dev.js gzip 307 kB 307 kB
app-page-tur..prod.js gzip 164 kB 164 kB
app-page.run...dev.js gzip 307 kB 307 kB
app-page.run..prod.js gzip 164 kB 164 kB
app-route-ex...dev.js gzip 70.2 kB 70.2 kB
app-route-ex..prod.js gzip 48.8 kB 48.8 kB
app-route-tu...dev.js gzip 70.2 kB 70.2 kB
app-route-tu..prod.js gzip 48.8 kB 48.8 kB
app-route-tu...dev.js gzip 69.8 kB 69.8 kB
app-route-tu..prod.js gzip 48.6 kB 48.6 kB
app-route.ru...dev.js gzip 69.8 kB 69.8 kB
app-route.ru..prod.js gzip 48.6 kB 48.6 kB
dist_client_...dev.js gzip 324 B 324 B
dist_client_...dev.js gzip 326 B 326 B
dist_client_...dev.js gzip 318 B 318 B
dist_client_...dev.js gzip 317 B 317 B
pages-api-tu...dev.js gzip 43.1 kB 43.1 kB
pages-api-tu..prod.js gzip 32.8 kB 32.8 kB
pages-api.ru...dev.js gzip 43.1 kB 43.1 kB
pages-api.ru..prod.js gzip 32.8 kB 32.8 kB
pages-turbo....dev.js gzip 52.4 kB 52.4 kB
pages-turbo...prod.js gzip 39.3 kB 39.3 kB
pages.runtim...dev.js gzip 52.4 kB 52.3 kB
pages.runtim..prod.js gzip 39.3 kB 39.3 kB
server.runti..prod.js gzip 62.5 kB 62.5 kB
Total 2.77 MB 2.77 MB ✅ -178 B
📝 Changed Files (25 files)

Files with changes:

  • app-page-exp..ntime.dev.js
  • app-page-exp..time.prod.js
  • app-page-tur..ntime.dev.js
  • app-page-tur..time.prod.js
  • app-page-tur..ntime.dev.js
  • app-page-tur..time.prod.js
  • app-page.runtime.dev.js
  • app-page.runtime.prod.js
  • app-route-ex..ntime.dev.js
  • app-route-ex..time.prod.js
  • app-route-tu..ntime.dev.js
  • app-route-tu..time.prod.js
  • app-route-tu..ntime.dev.js
  • app-route-tu..time.prod.js
  • app-route.runtime.dev.js
  • app-route.ru..time.prod.js
  • pages-api-tu..ntime.dev.js
  • pages-api-tu..time.prod.js
  • pages-api.runtime.dev.js
  • pages-api.ru..time.prod.js
  • ... and 5 more
View diffs
app-page-exp..ntime.dev.js

Diff too large to display

app-page-exp..time.prod.js

Diff too large to display

app-page-tur..ntime.dev.js

Diff too large to display

app-page-tur..time.prod.js

Diff too large to display

app-page-tur..ntime.dev.js

Diff too large to display

app-page-tur..time.prod.js

Diff too large to display

app-page.runtime.dev.js

Diff too large to display

app-page.runtime.prod.js

Diff too large to display

app-route-ex..ntime.dev.js

Diff too large to display

app-route-ex..time.prod.js

Diff too large to display

app-route-tu..ntime.dev.js

Diff too large to display

app-route-tu..time.prod.js

Diff too large to display

app-route-tu..ntime.dev.js

Diff too large to display

app-route-tu..time.prod.js

Diff too large to display

app-route.runtime.dev.js

Diff too large to display

app-route.ru..time.prod.js

Diff too large to display

pages-api-tu..ntime.dev.js

Diff too large to display

pages-api-tu..time.prod.js

Diff too large to display

pages-api.runtime.dev.js

Diff too large to display

pages-api.ru..time.prod.js

Diff too large to display

pages-turbo...ntime.dev.js

Diff too large to display

pages-turbo...time.prod.js

Diff too large to display

pages.runtime.dev.js

Diff too large to display

pages.runtime.prod.js

Diff too large to display

server.runtime.prod.js

Diff too large to display
@eps1lon eps1lon merged commit 5eb6eef into canary Jan 30, 2026
289 of 291 checks passed
@eps1lon eps1lon deleted the revert-89213-fix/stringifyUrlQueryParam-bigint branch January 30, 2026 10:33
@eps1lon eps1lon mentioned this pull request Jan 30, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

created-by: Next.js team PRs by the Next.js team. type: next

5 participants

@eps1lon @nextjs-bot @mischnic @unstubbable