Update dependency zod to v3.22.3 [SECURITY] #640
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3.19.1
->3.22.3
GitHub Vulnerability Alerts
CVE-2023-4316
Zod version 3.22.2 allows an attacker to perform a denial of service while validating emails.
Release Notes
colinhacks/zod (zod)
v3.22.3
Compare Source
Commits:
1e23990
Commit9bd3879
docs: remove obsolete text about readonly types (#2676)f59be09
clarify datetime ISO 8601 (#2673)64dcc8e
Update sponsors18115a8
Formatting28c1927
Update sponsorsad2ee9c
2718 Updated Custom Schemas documentation example to use type narrowing (#2778)ae0f7a2
docs: update ref to discriminated-unions docs (#2485)2ba00fe
[2609] fix ReDoS vulnerability in email regex (#2824)1e61d76
3.22.3v3.22.2
Compare Source
Commits:
13d9e6b
Fix lint0d49f10
docs: add typeschema to ecosystem (#2626)8e4af7b
X to Zod: add app.quicktype.io (#2668)792b3ef
Fix superrefine typesv3.22.1
Compare Source
Commits:
Fix handing of
this
in ZodFunction schemas. The parse logic for function schemas now requires theReflect
API.932cc47
Initial prototype fix for issue #2651 (#2652)0a055e7
3.22.1v3.22.0
Compare Source
ZodReadonly
This release introduces
ZodReadonly
and the.readonly()
method onZodType
.Calling
.readonly()
on any schema returns aZodReadonly
instance that wraps the original schema. The new schema parses all inputs using the original schema, then callsObject.freeze()
on the result. The inferred type is also marked asreadonly
.The inferred type uses TypeScript's built-in readonly types when relevant.
Commits:
6dad907
Comments56ace68
Fix deno test3809d54
Add superformsd1ad522
Add transloadita3bb701
Testing on Typescript 5.0 (#2221)51e14be
docs: update deprecated link (#2219)a263814
fixed Datetime & IP TOC links502384e
docs: add mobx-zod-form to form integrations (#2299)a8be450
docs: Addzocker
to Ecosystem section (#2416)15de22a
Allow subdomains and hyphens inZodString.email
(#2274)00f5783
Addzod-openapi
to ecosystem (#2434)0a17340
docs: fix minor typo (#2439)60a2134
Add masterborn0a90ed1
chore: moveexports.types
field to first spot @ package.json. (#2443)67f35b1
docs: allow Zod to be used in dev tools at site (#2432)6795c57
Fix not working Deno doc link. (#2428)37e9c55
Generalize uuidRegex0969950
adds ctx to preprocess (#2426)af08390
fix: super refinement function types (#2420)36fef58
Make email regex reasonable (#2157)f627d14
Document canarye06321c
docs: add tapiduck to API libraries (#2410)11e507c
docs: add ts as const example in zod enums (#2412)5427565
docs: add zod-fixture to mocking ecosystem (#2409)d3bf7e6
docs: addzodock
to mocking ecosystem (#2394)2270ae5
remove "as any" casts in createZodEnum (#2332)00bdd0a
fix proto pollution vulnerability (#2239)a3c5256
Fix error_handling unrecognized_keys example4f75cbc
Adds getters to Map for key + value (#2356)ca7b032
FMC (#2346)6fec8bd
docs: fix typo in link fragment (#2329)16f90bd
Update README.md2c80250
Update readmeeaf64e0
Update sponsorsc576311
Update readme5e23b4f
Add*.md
pattern to prettier (#2476)898dced
Revamp tests6309322
Update test runnersc0aece1
Add vitest config73a5610
Update script8d8e1a2
Fix deno test bug9eb2508
Clean up configscfbc7b3
Fix root jest config8677f68
docs(comparison-yup): Yup added partial() and deepPartial() in v1 (#2603)fb00edd
docs: add VeeValidate form library for Vue.js (#2578)ab8e717
docs: fix typo in z.object (#2570)d870407
docs: fix incomplete Records example (#2579)5adae24
docs: add conform form integration (#2577)8b8ab3e
Update README.md (#2562)6aab901
fix typo test name (#2542)81a89f5
Update nullish documentation to correct chaining order (#2457)78a4090
docs: update comparison withruntypes
(#2536)1ecd624
Fix prettier981d4b5
Add ZodReadonly (#2634)fba438c
3.22.0v3.21.4
Compare Source
Commits:
22f3cc6
3.21.4v3.21.3
Compare Source
Commits:
14c08d8
added more.pipe
examples006e652
Fix npm canary action paths pattern (#2148)bdcff0f
Remove logging in testsa5830c6
Reverted #1564c458381
Fix tests2db0dca
3.21.3v3.21.2
Compare Source
Commits:
b276d71
Improve typings in generics4d016b7
Improve type inference in genericsf9895ab
Improve types inside generic functionsac0135e
Pass input into catchValuev3.21.1
Compare Source
Features
Support for ULID validation
Commits:
4f89461
Prettierbd6527a
Update deps126c77b
addedtoLowerCase
andtoUpperCase
back in for v3.21.01749657
Update README.mddabe63d
updatedz.custom
example again :D6b8f655
docs: improve cn readme (#2143)9012dc7
add.includes(value, options?)
@ZodString
. (#1887)67b981e
Make safeParse().error a getter346fde0
3.21.0-canary.20230304T235951b50d871
Add canary release CIb20cca2
Fix canaryf7f5c50
Move action to .github/workflowsf01fa0e
Try to fix canary CIf5e8067
No git tag5b304ae
No dry run20df80e
Add tsc compilation testead93d3
Document .pipe()d8e8653
Update headers03c0ab1
Cache the evaluation of ParseInputLazyPath.path() for a moderate perf improvement (#2137)e7b3b7b
Improve string docs83478f5
Remove zod dep2f1868d
Specify paths for canarye599966
Add sponsors950bd17
Tweak x.custom example728e56a
Close #212764883e4
feat: z.string().ulid() - add support for ulids (#2049)e0d709b
3.20.19c33194
Remove comments, clean up utils942e2db
Fix testsv3.21.0
Compare Source
Features
z.string().emoji()
Thanks @joseph-lozano for https://github.com/colinhacks/zod/pull/2045! To validate that all characters in a string are emoji:
...if that's something you want to do for some reason.
z.string().cuid2()
Thanks @joulev for https://github.com/colinhacks/zod/pull/1813! To validate CUIDv2:
z.string().ip()
Thanks @fvckDesa for https://github.com/colinhacks/zod/pull/2066. To validate that a string is a valid IP address:
To specify a particular
version
:z.bigint().{gt|gte|lt|lte}()
Thanks @igalklebanov for
#1711
!ZodBigInt
gets the same set of methods found onZodNumber
:z.enum(...).extract()
andz.enum(...).exclude()
Thanks @santosmarco-caribou for https://github.com/colinhacks/zod/pull/1652! To add or remove elements from a
ZodEnum
:This API is inspired by the
Exclude
andExtract
TypeScript built-ins.Pass a function to
.catch()
Thanks @0xWryth for https://github.com/colinhacks/zod/pull/2087! The
.catch()
method now accepts a function that receives the caught error:Compiler performance
Zod 3.20.2 introduced an accidental type recursion that caused long compilation times for some users. These kinds of bugs are very hard to diagnose. Big shoutout to @gydroperit for some heroic efforts here: https://github.com/colinhacks/zod/pull/2107 Zod 3.21 resolves these issues:
Commits:
3c54461
fix typo in readmec244fb6
feat: z.string().emoji() (#2045)39cbb69
Fix emoji validation, fix lintd8f07bb
Fix emoji9b7dd81
Improve variable name clarity (#2048)5cec187
Add documentation for the param parameter of z.custom654f529
Merge pull request #2057 from trygveaa/add-documentation-for-z-custom-params981af65
Merge pull request #2019 from vbud/patch-1a7c2969
Update error_handling8f3d028
BRAND Record to Non Partial (#2097)5ec98e1
Fix email issues in pull request #1982 (#2058)7d40ba5
feat(#2059): z.string.ip() - add support for IP address (#2066)e559605
feat: add.catch
error (#2087)defdab9
Fix record tests8de36eb
FIX: emoji regex and tests (#2090)16beeb5
lowercase method for ZodString (#2038)75cb9e8
add checks @ZodBigInt
. (#1711)c4d4e49
Update ERROR_HANDLING.md (#2022)d6f0890
added link to deno land4cf1960
Refactoring of ZodFormattedError type to improve tsc check time (#2107)867a921
Bump http-cache-semantics from 4.1.0 to 4.1.1 (#1985)edc3a67
Deprecate deepPartiale59f639
Add custom testsa6b44ed
Remove logginga1fc3fb
commented outtoLowerCase
andtoUpperCase
e71cc52
Update README_ZH.md (#2139)3af38fb
addZodNumber.safe()
&ZodNumber.isSafe
. (#1753)6ef82ee
Add benchmark flags5463593
Support brands in recursive types8074523
Update readmeb6794a4
Add index signature for passthrough3c6cdd2
Make generic optional in objectOutputTypebc43ad1
Fix rollup build6a0545a
3.21.07c07339
Fix brand0aa6021
Clean up testsv3.20.6
Compare Source
Commits:
e693919
3.20.6v3.20.5
Compare Source
Commits:
e71c7be
Fix extract/exclude type errorv3.20.4
Compare Source
Commits:
b8d731f
Set input type of ZodCatch to unknown06c237c
Revert merge changesc8ce27e
3.20.4v3.20.3
Compare Source
Features
ZodNumber.isFinite
, makeZodNumber.isInt
true if.multipleOf(int)
. by @igalklebanov in https://github.com/colinhacks/zod/pull/1714extract
/exclude
methods toZodEnum
by @santosmarco-caribou in https://github.com/colinhacks/zod/pull/1652Fixes and documentation
z.coerce
. by @igalklebanov in https://github.com/colinhacks/zod/pull/1680isAsync
type guard by @aaronccasanova in https://github.com/colinhacks/zod/pull/1719ZodCatch
by @santosmarco-caribou in https://github.com/colinhacks/zod/pull/1733deno/lib/README.md
to matchzod/README.md
by @JacobWeisenburger in https://github.com/colinhacks/zod/pull/1791.describe()
by @rattrayalex in https://github.com/colinhacks/zod/pull/1819.pick
,.omit
,.partial
&.required
. by @igalklebanov in https://github.com/colinhacks/zod/pull/1875ZodObject
's.omit(mask)
,.pick(mask)
,.required(mask)
&.partial(mask)
at compile time. by @igalklebanov in https://github.com/colinhacks/zod/pull/1564New Contributors
Full Changelog: colinhacks/zod@v3.20.2...v3.20.3
v3.20.2
Compare Source
Commits:
d7d49e7
Clarify boolean coercionf49cbcb
Fix formatting0b62f8c
Revert email regex changes68919aa
3.20.2c9e4ed4
Fix string testv3.20.1
Compare Source
Commits:
1298d26
Update readmeb3b0ecf
Only call .catch() method when parsing fails (#1674)957b55b
Fixing ZodString::isDatetime. (#1678)29ec1f8
Add default1161b8f
3.20.1v3.20.0
: -betaCompare Source
Breaking changes
There are no breaking API changes, however TypeScript versions
4.4
and earlier are no longer officially supported.New features
The most feature-packed release since Zod 3.0!
.pipe()
A new schema method
.pipe()
is now available on all schemas. which can be used to chain multiple schemas into a "validation pipeline". Typically this will be used in conjunction with.transform()
.The
.pipe()
method returns aZodPipeline
instance.z.coerce
Zod now provides a more convenient way to coerce primitive values.
During the parsing step, the input is passed through the
String()
function, which is a JavaScript built-in for coercing data into strings. Note that the returned schema is aZodString
instance so you can use all string methods.All primitive types support coercion.
.catch()
A new schema method
.catch()
is now available on all schemas. It can be used to provide a "catchall" value that will be returned in the event of a parsing error.The
.catch()
method returns aZodCatch
instance.z.symbol()
A long-missing hole in Zod's type system is finally filled! Thanks @santosmarco-caribou.
Relatedly, you can also pass symbols into
z.literal()
.z.string().datetime()
A new method has been added to
ZodString
to validate ISO datetime strings. Thanks @samchungy!This method defaults to only allowing UTC datetimes (the ones that end in
"Z"
). No timezone offsets are allowed; arbitrary sub-second precision is supported.Offsets can be supported with the
offset
parameter.You can additionally constrain the allowable
precision
. This specifies the number of digits that should follow the decimal point.z.number().finite()
Restrict a number schema to finite values. Thanks @igalklebanov.
What's Changed
mask
parameter to.required
method by @SrBrahma in https://github.com/colinhacks/zod/pull/1315fatal
toZodIssue
. by @igalklebanov in https://github.com/colinhacks/zod/pull/1555.finite()
@ZodNumber
. by @igalklebanov in https://github.com/colinhacks/zod/pull/1546.required()
doesn't remove optional flag from the result of.nullish()
. by @igalklebanov in https://github.com/colinhacks/zod/pull/1542datetime()
string formats by @samchungy in https://github.com/colinhacks/zod/pull/1494path
parameter into account within.parseAsync()
by @RobinTail in https://github.com/colinhacks/zod/pull/1513Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.