Zod version 3.9.0 introduces subtle but potentially impactful refinements over its predecessor, version 3.8.2. Both versions remain committed to providing a TypeScript-first schema declaration and validation library, empowering developers with static type inference for robust data handling. The core functionalities related to defining schemas and validating data against them likely remain consistent, ensuring minimal disruption for existing users.
A key difference lies in the dist object. Version 3.9.0 has a smaller fileCount (55 vs 59) but a larger unpackedSize (496143 vs 475365). This indicates potential changes in how the package is structured, possibly involving a more streamlined module organization leading to fewer files, alongside updates or additions that increase the overall codebase size once unpacked. Developers might experience slightly altered build times or bundle sizes depending on their specific usage patterns. Furthermore, the release date difference highlights a three-week gap between the versions, suggesting bug fixes or minor feature additions prompted the update. The dependency tree remains identical, indicating no new external tooling was implemented, preserving the stability of the underlying build process. Upgrading from 3.8.2 should therefore be relatively straightforward, but a check of the release notes on GitHub is still suggested to ensure awareness of any specific changes or bug fixes that might affect your use of the library.
All the vulnerabilities related to the version 3.9.0 of the package
Zod denial of service vulnerability
Zod version 3.22.2 allows an attacker to perform a denial of service while validating emails.
