Zod is a TypeScript-first schema declaration and validation library offering robust static type inference, designed to simplify data validation within TypeScript projects. Examining versions 1.11.9 and 1.11.8 reveals subtle yet significant differences impacting developer experience. One key change lies in the supported TypeScript version. Version 1.11.8 depends on TypeScript 3.7, whereas 1.11.9 has downgraded this dependency to Typescript 3.5. This change might be important for those who, for any reason, cannot migrate to newer versions of Typescript, as they will be able to use the latest version of the library.
Both versions share identical core development dependencies, including testing frameworks like Jest and Ts-Jest, linting tools such as TSLint, and code formatters like Prettier. This consistency suggests the core development workflow and testing methodologies remained stable between releases.
The size of the unpacked package has slightly increased from 279428 bytes in version 1.11.8 to 280234 bytes in version 1.11.9, even if the file count has remained equals. While seemingly minor, this increase imply code additions or modifications, potentially introducing bug fixes, performance improvements, or new features. Developers should consult the official changelog for a comprehensive understanding of these changes. The release dates also indicate a period of active development, with version 1.11.9 released approximately nine days after 1.11.8, suggesting ongoing refinement and maintenance of the library.
All the vulnerabilities related to the version 1.11.9 of the package
Zod denial of service vulnerability
Zod version 3.22.2 allows an attacker to perform a denial of service while validating emails.
