Zod 3.6.1 is a very minor patch release on top of the previous version, 3.6.0, of this TypeScript-first schema declaration and validation library. Both versions share the same core functionality, enabling developers to define data schemas with expressive TypeScript code and then validate JavaScript values against those schemas, offering powerful static type inference. This approach streamlines development by providing type safety and reducing runtime errors in data handling.
Looking at the metadata, the development dependencies for both releases are identical, which means that the build, testing, and linting processes remain consistent. This suggests that the code quality and development practices haven't changed significantly.
The key difference between these versions appears to be in the packed size of the distribution. Zod 3.6.1 has an unpackedSize of 467023 bytes, which is slightly larger than Zod 3.6.0's unpacked size of 465996 bytes. Also the newest version's releasedate has a difference of about 20 minutes compared to the last one. This small increase typically hints at bug fixes, very minor feature additions, documentation updates, or adjustments to build artifacts that did not warrant a major or minor version bump. For developers, this implies that upgrading from 3.6.0 to 3.6.1 should be a safe and generally uneventful process with minimal chances of introducing breaking changes. Due to the nature of patch releases, it's highly recommended to upgrade to the latest patch version to benefit from any critical fixes or improvements.
All the vulnerabilities related to the version 3.6.1 of the package
Zod denial of service vulnerability
Zod version 3.22.2 allows an attacker to perform a denial of service while validating emails.
