Zod, a TypeScript-first schema declaration and validation library renowned for its static type inference, released version 3.14.2 shortly after 3.14.1. While both versions share the core functionality of defining data schemas and ensuring type safety, a closer look reveals subtle changes in their development dependencies, hinting at internal improvements and refinements.
The most notable difference lies in the versions of TypeScript-related tooling. Version 3.14.2 upgrades TypeScript itself from version 4.5.2 to 4.6.2, and significantly upgrades @typescript-eslint/parser and @typescript-eslint/eslint-plugin from v4.11.1 to v5.15.0. These updates likely brought in enhancements in type checking, linting rules, and overall developer experience when working with Zod. The bump probably comes with performance improvements and bug fixes, aligning the library with the latest standards of TypeScript development.
Developers using Zod should be aware of these dependency updates, especially if they have strict versioning policies in their projects. While the core Zod API likely remains consistent, the updated TypeScript tooling might introduce subtle changes in type inference or linting behavior. The update shows that the developers probably focused on keeping the library aligned to the most modern standards of the ecosystem where it lives, Typescript, which should bring benefits in terms of security, performance, and developer experience for its users. It's always recommended to review the changelog and test thoroughly when upgrading to ensure compatibility.
All the vulnerabilities related to the version 3.14.2 of the package
Zod denial of service vulnerability
Zod version 3.22.2 allows an attacker to perform a denial of service while validating emails.
