Zod, a TypeScript-first schema declaration and validation library known for its static type inference, released version 1.11.6 following shortly after 1.11.5. Both versions maintain the MIT license and are authored by Colin McDonnell, indicating a commitment to open-source principles and consistent maintainership. Examining the core differences reveals an incremental update, primarily focused on internal improvements and dependency adjustments. While the core description remains unchanged, highlighting Zod's focus on TypeScript-centric schema validation, a key upgrade lies in the TypeScript version support. Version 1.11.6 shifts to TypeScript 3.7 as a development dependency, compared to TypeScript 3.3 in the previous release.
This upgrade translates to developers gaining access to newer TypeScript features and potentially benefiting from improved type checking and performance within their Zod schemas. While seemingly subtle, the jump to TypeScript 3.7 signals ongoing alignment with modern TypeScript standards and future compatibility. Furthermore, the unpacked size increased slightly, suggesting minor additions or modifications. Developers using Zod should note that updating to 1.11.6 ensures that their schemas are validated against a more recent TypeScript compiler. Given the minimal version jump and the dependency update, upgrading should be relatively straightforward and provides a stable evolution for existing Zod implementations.
All the vulnerabilities related to the version 1.11.6 of the package
Zod denial of service vulnerability
Zod version 3.22.2 allows an attacker to perform a denial of service while validating emails.
