Zod version 3.11.2 introduces subtle but potentially important updates compared to version 3.11.1, primarily affecting the development environment and underlying tooling rather than the core API. Both versions maintain the same core functionality as a TypeScript-first schema declaration and validation library, emphasizing static type inference, making them equally suitable for developers focused on robust data validation.
A key difference lies in the typescript dev dependency. Version 3.11.2 upgrades to a nightly build ^4.5.0-dev.20211023 while version 3.11.1 uses ^4.4.4. While seemingly minor, this indicates potential enhancements or bug fixes incorporated into the newer TypeScript compiler that might indirectly benefit Zod users, particularly those working with cutting-edge TypeScript features.
Another difference is the dist object: fileCount stays the same in 53, but unpackedSize goes from 510625 to 510976, which means that the total size is slightly bigger, so maybe new features or bug fixes implies a slightly increase in final size.
For developers, both versions offer a robust and type-safe way to define schemas and validate data in TypeScript projects. The choice between them depends on their tolerance for using a nightly build of TypeScript and whether they need the specific fixes or enhancements included in that version (3.11.2). If stability is paramount, version 3.11.1 remains a solid choice. However, staying current with the latest TypeScript compiler features by using 3.11.2 may be advantageous for some projects. In conclusion the changes between the versions are small, and using the newest version is a good idea if you don't have any problems with nightly builds.
All the vulnerabilities related to the version 3.11.2 of the package
Zod denial of service vulnerability
Zod version 3.22.2 allows an attacker to perform a denial of service while validating emails.
