stac-utils
diff --git a/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎package-lock.json‎
Lines changed: 127 additions & 37 deletions b/‎package-lock.json‎
Lines changed: 127 additions & 37 deletions
diff --git a/‎package.json‎
Lines changed: 2 additions & 2 deletions b/‎package.json‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/lib/geo-utils.js‎
Lines changed: 5 additions & 0 deletions b/‎src/lib/geo-utils.js‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎tests/system/test-api-collection-items-get.js‎
Lines changed: 18 additions & 0 deletions b/‎tests/system/test-api-collection-items-get.js‎
Lines changed: 18 additions & 0 deletions
@@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
   - Comprehensive documentation now organized into Getting Started, Guides, Reference, and About sections
   - Removed top-level markdown files (ARCHITECTURE.md, USAGE.md, DEPLOYMENT.md, CONFIGURATION.md, CONTRIBUTING.md, SECURITY.md) - all content migrated to docs/
   - Updated README.md to serve as GitHub landing page with links to full documentation
+  - Bbox queries outside of [-180, -90, 180, 90] return a 400 error
 
 ## [4.5.0]
 
 
@@ -58,7 +58,7 @@
     "@aws-sdk/s3-request-presigner": "^3.946.0",
     "@mapbox/extent": "^0.4.0",
     "@opensearch-project/opensearch": "^2.13.0",
-    "@redocly/cli": "^2.12.4",
+    "@redocly/cli": "^2.14.9",
     "ansi-regex": "<6.2.1 || >6.2.1",
     "ansi-styles": "<6.2.2 || >6.2.2",
     "chalk": "<5.6.1 || >5.6.1",
@@ -72,7 +72,7 @@
     "got": "^13.0",
     "http-errors": "^2.0.1",
     "is-arrayish": "<0.3.3 || >0.3.3",
-    "lodash-es": "^4.17.21",
+    "lodash-es": "^4.17.23",
     "memorystream": "^0.3.1",
     "morgan": "^1.10.1",
     "p-filter": "^4.1.0",
 
@@ -28,6 +28,11 @@ export const bboxToPolygon = function (bbox, fromString) {
       throw new ValidationError('Invalid bbox, SW latitude must be less than NE latitude')
     }
 
+    if ((bboxArray[0] < -180) || (bboxArray[1] < -90)
+        || (bboxArray[2] > 180) || (bboxArray[3] > 90)) {
+      throw new ValidationError('Invalid bbox, extent should not exceed [-180, -90, 180, 90]')
+    }
+
     return extent(bboxArray).polygon()
   }
 
 
@@ -300,3 +300,21 @@ test('GET /collections/:collectionId/items with filter restriction', async (t) =
     t.is(r.body.features.length, 1)
   }
 })
+
+test('/GET /collections/:collectionId/items invalid bbox throws error', async (t) => {
+  const { collectionId } = t.context
+  const error = await t.throwsAsync(
+    async () => t.context.api.client.get(`collections/${collectionId}/items`, {
+      searchParams: {
+        bbox: '-190,-90,180,90'
+      }
+    })
+  )
+
+  t.is(error.response.statusCode, 400)
+  t.is(error.response.body.code, 'BadRequest')
+  t.regex(
+    error.response.body.description,
+    /Invalid bbox, extent should not exceed \[-180, -90, 180, 90\]/
+  )
+})
Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,11 @@ export const bboxToPolygon = function (bbox, fromString) {`
`28`	`28`	`throw new ValidationError('Invalid bbox, SW latitude must be less than NE latitude')`
`29`	`29`	`}`
`30`	`30`
	`31`	`+ if ((bboxArray[0] < -180) \|\| (bboxArray[1] < -90)`
	`32`	`+ \|\| (bboxArray[2] > 180) \|\| (bboxArray[3] > 90)) {`
	`33`	`+ throw new ValidationError('Invalid bbox, extent should not exceed [-180, -90, 180, 90]')`
	`34`	`+ }`
	`35`	`+`
`31`	`36`	`return extent(bboxArray).polygon()`
`32`	`37`	`}`
`33`	`38`