Skip to content

fix: reject inverted budget ranges with Zod v4 compatibility (#2853)#3312

Open
oujiesheng wants to merge 1 commit into
SecureBananaLabs:mainfrom
oujiesheng:fix/job-validation-budget-range-zod-v4
Open

fix: reject inverted budget ranges with Zod v4 compatibility (#2853)#3312
oujiesheng wants to merge 1 commit into
SecureBananaLabs:mainfrom
oujiesheng:fix/job-validation-budget-range-zod-v4

Conversation

@oujiesheng
Copy link
Copy Markdown

@oujiesheng oujiesheng commented Jun 1, 2026
edited
Loading

/claim #743

Summary

Fixes #2853 — adds budget range validation to both createJobSchema and updateJobSchema while maintaining Zod v3 + v4 compatibility.

Root Cause

The original code had no validation that budgetMax >= budgetMin. A naive fix that adds .refine() to createJobSchema and then calls .partial() on it for updateJobSchema crashes in Zod v4:

Error: .partial() cannot be used on object schemas containing refinements

Fix

Extract baseJobFields as a plain Zod object (no refinements), then derive both schemas:

const baseJobFields = z.object({ title, description, budgetMin, budgetMax, categoryId, skills });

export const createJobSchema = baseJobFields.refine(d => d.budgetMax >= d.budgetMin, ...);
export const updateJobSchema = baseJobFields.partial().refine(d => {
  if (d.budgetMin !== undefined && d.budgetMax !== undefined)
    return d.budgetMax >= d.budgetMin;
  return true;
}, ...);

Changes

  • apps/api/src/validators/job.js — schema refactor (base/derived separation)
  • apps/api/src/tests/job.test.js — 18 tests using node:test (repo convention)

Test Results

node --test apps/api/src/tests/*.test.js
tests 19 | pass 19 | fail 0

Closes #2853

@oujiesheng
fix: separate base schema from refinements for Zod v4 compatibility
38b7a42 
- Extract baseJobFields from createJobSchema to avoid .partial() on refined schema
- updateJobSchema now derives from baseJobFields.partial() instead of createJobSchema.partial()
- Fixes runtime error in Zod v4: '.partial() cannot be used on object schemas containing refinements'
- Add comprehensive tests using node:test (matching repo convention)
- 19/19 tests pass

Fixes SecureBananaLabs#2853
github-actions Bot added a commit that referenced this pull request Jun 1, 2026
@github-actions
chore: update leaderboard for PR #3312
ae39608
@oujiesheng oujiesheng mentioned this pull request Jun 1, 2026
Closed
@algora-pbc algora-pbc Bot mentioned this pull request Jun 1, 2026
Open
@oujiesheng oujiesheng mentioned this pull request Jun 1, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

🙋 Bounty claim

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Job validation should reject inverted budget ranges

1 participant

@oujiesheng