[dependencies]: Bump zod from 3.25.67 to 4.0.14

[dependabot]

Bumps zod from 3.25.67 to 4.0.14.

Release notes

Sourced from zod's releases.

v4.0.14

Commits:

• 99391a844271558e0f1736c9550375e82e630bbd Docs: Fix typo (#5005)
• e25303e98c8d13ea96c3296507c564011f403ffe Docs: fix typo (#5008)
• dbb05ef990c86ec6b1f6eac11b91ec7572e29c89 Add JSON Schema draft-04 output (#4811)
• b8257d7d1f51dd3cb4033a58271bb6ac8e3678c7 Improve tuple recursive inference.
• 9bdbc2f10d466050421a8e28c4b95a8a5776d150 Avoid infinite loops in defineLazy. Fixes #4994.
• af96ad4700879b0d6e390a0c65ded4e700049cb9 4.0.14

v4.0.13

Commits:

• 362eb33093e9c5f306eeec95e36985a99aba8fc7 Fix optional + pipe handling. Closes #5002. v4.0.13

v4.0.12

Commits:

• ff83fc916ec2b35c0008a48782fa14f84293149d Add eslint-plugin-import-zod (#4848)
• 7c9ce388ae39b2324c5ad05420ecf4732ebca6fe Update docs for z.property check (#4863)
• c432577ad1a7201631ae0a4d80e945fc4937bcc9 docs: add jwt schema docs (#4867)
• 35e6a6f6d64d7d5ba58c4cb8c80105759b977c9b Add llms.txt (#4915)
• 3ac7bf00d0d924d1afa1031b798bdd72b59117db Clean up Edit this Page
• 60a9372414955094b84aae2f30b491a039780b7c Implement llms-full.txt (#5004)
• 73a1970e7fd0cdcb2ffac3f6f7db85da849ee3d8 4.0.12

v4.0.11

Commits:

• 8e6a5f8e48837fb403deb4025935e97a758ad6ca Fix “Edit on Github” link (#4997)
• 930a2f68d799889df4c1f662dfe61934db84fdd1 Fix number of errors in doc (#4993)
• c762dbb4fdb249cfddccdd69812da3f4b659df67 feat(locale): Add Yoruba (yo) locale (#4996)
• 9a34a3a60d92c44f695b08e4c665209aa7160e24 Zod 4.0.11 (#4981)

v4.0.10

Commits:

• 291c1ca9864570e68a6c104d869de467f665da86 Add should-build script
• e32d99b54fff920c4b0b451e9099b472d20a3c4b Move should-build script
• d4faf71b8cc156a49bae23fc09c4d54b88f22bd5 Add v3 docs (#4972)
• dfae37195bed15dce84af0b17ef04cdc3704ef5e Update Jazz img on v3 docs
• d6cd30d3898aaf592c6077464c1a45fd0f6f66d3 fix #4973 (#4974)
• 18504960cdce29529e37415b87fed1732facf1ef Fix typo in valype (#4960)
• 4ec2f8776193642d91814521d8a4c22bbb766cb1 Add Zod Playground to zod 4 ecosystem (#4975)
• 2b571a21875e9e3299de261e512dad300878c3a1 Update docs z.enum with object literal example (#4967)
• 813451db7fcf64c5322835984eded9bfe95be1da v4.0.10 (#4978)

v4.0.9

Commits:

... (truncated)

Commits

• af96ad4 4.0.14
• 9bdbc2f Avoid infinite loops in defineLazy. Fixes #4994.
• b8257d7 Improve tuple recursive inference.
• dbb05ef Add JSON Schema draft-04 output (#4811)
• e25303e Docs: fix typo (#5008)
• 99391a8 Docs: Fix typo (#5005)
• 362eb33 Fix optional + pipe handling. Closes #5002. v4.0.13
• 73a1970 4.0.12
• 60a9372 Implement llms-full.txt (#5004)
• 3ac7bf0 Clean up Edit this Page
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/zod	3.25.76	🟢 4.5	Details Check Score Reason Code-Review 🟢 4 Found 12/30 approved changesets -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 3 7 existing vulnerabilities detected
npm/zod	3.25.76	🟢 4.5	Details Check Score Reason Code-Review 🟢 4 Found 12/30 approved changesets -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 3 7 existing vulnerabilities detected
npm/zod	4.0.14	🟢 4.5	Details Check Score Reason Code-Review 🟢 4 Found 12/30 approved changesets -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 3 7 existing vulnerabilities detected
npm/zod	^4.0.14	🟢 4.5	Details Check Score Reason Code-Review 🟢 4 Found 12/30 approved changesets -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 3 7 existing vulnerabilities detected

Scanned Files

• package-lock.json
• package.json

[dependabot]

A newer version of zod exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

[Novaes]

@dependabot ignore this major version

[dependabot]

OK, I won't notify you about version 4.x.x again, unless you re-open this PR.

[Novaes]

Re-opening indeed, seems Zod 4 has become quite stable by now and even default for npm now: https://www.npmjs.com/package/zod?activeTab=versions . Some quite nice new features: it'll improve system: https://zod.dev/v4