Zod is a TypeScript-first schema declaration and validation library renowned for its static type inference capabilities, enabling developers to define data schemas with TypeScript and automatically infer corresponding types. Comparing versions 3.11.3 and 3.11.2 reveals subtle but noteworthy changes for developers concerned with tooling and dependencies. The core functionality of Zod, focused on schema definition and validation, remains consistent between the two versions.
A primary difference lies in the development dependencies. In version 3.11.3, the typescript dev dependency is explicitly locked to version ^4.4.4, ensuring build and testing environments are consistent. Conversely, version 3.11.2 relies on a development version of TypeScript (4.5.0-dev.20211023), which might introduce instability or unexpected behavior in certain development setups. The unpacked size of the package differs slightly between the versions. Version 3.11.3 also has a slightly later release date.
For developers, this means that if you prioritise stability and compatibility with a well-defined TypeScript version, version 3.11.3 is a preferable choice. The change in the TypeScript version also suggests a potential refinement in leveraging new or existing TypeScript features for internal development or testing purposes. Developers using Zod benefit from its ability to create robust and type-safe applications by defining schemas and validating data against them at runtime, using inferred types.
All the vulnerabilities related to the version 3.11.3 of the package
Zod denial of service vulnerability
Zod version 3.22.2 allows an attacker to perform a denial of service while validating emails.
