fix: clamp limit internally in getArticleHistory

CI Bot · CI Bot · commit 806784bc354c · 2026-02-14T01:13:39.000-08:00
Defense-in-depth: clamp the caller-provided limit to
[1, HISTORY_WALK_LIMIT] inside the service method itself so future
direct callers (CLI, tests) can't trigger unbounded ancestry walks.
diff --git a/src/lib/CmsService.js b/src/lib/CmsService.js
@@ -352,6 +352,7 @@ export default class CmsService {
    * @returns {Promise<Array<{ sha: string, title: string, status: string, author: string, date: string }>>}
    */
   async getArticleHistory({ slug, limit = 50 }) {
+    const effectiveLimit = Math.max(1, Math.min(limit, HISTORY_WALK_LIMIT));
     const canonicalSlug = canonicalizeSlug(slug);
     const draftRef = this._refFor(canonicalSlug, 'articles');
     const pubRef = this._refFor(canonicalSlug, 'published');
@@ -367,7 +368,7 @@ export default class CmsService {
     const versions = [];
     let current = sha;
 
-    while (current && versions.length < limit) {
+    while (current && versions.length < effectiveLimit) {
       const [info, message] = await Promise.all([
         this.graph.getNodeInfo(current),
         this.graph.showNode(current),
