Skip to content

[dependencies]: Bump zod from 3.25.67 to 4.0.14 #394

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

[dependencies]: Bump zod from 3.25.67 to 4.0.14 #394

wants to merge 3 commits into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 4, 2025

Bumps zod from 3.25.67 to 4.0.14.

Release notes

Sourced from zod's releases.

v4.0.14

Commits:

  • 99391a844271558e0f1736c9550375e82e630bbd Docs: Fix typo (#5005)
  • e25303e98c8d13ea96c3296507c564011f403ffe Docs: fix typo (#5008)
  • dbb05ef990c86ec6b1f6eac11b91ec7572e29c89 Add JSON Schema draft-04 output (#4811)
  • b8257d7d1f51dd3cb4033a58271bb6ac8e3678c7 Improve tuple recursive inference.
  • 9bdbc2f10d466050421a8e28c4b95a8a5776d150 Avoid infinite loops in defineLazy. Fixes #4994.
  • af96ad4700879b0d6e390a0c65ded4e700049cb9 4.0.14

v4.0.13

Commits:

  • 362eb33093e9c5f306eeec95e36985a99aba8fc7 Fix optional + pipe handling. Closes #5002. v4.0.13

v4.0.12

Commits:

  • ff83fc916ec2b35c0008a48782fa14f84293149d Add eslint-plugin-import-zod (#4848)
  • 7c9ce388ae39b2324c5ad05420ecf4732ebca6fe Update docs for z.property check (#4863)
  • c432577ad1a7201631ae0a4d80e945fc4937bcc9 docs: add jwt schema docs (#4867)
  • 35e6a6f6d64d7d5ba58c4cb8c80105759b977c9b Add llms.txt (#4915)
  • 3ac7bf00d0d924d1afa1031b798bdd72b59117db Clean up Edit this Page
  • 60a9372414955094b84aae2f30b491a039780b7c Implement llms-full.txt (#5004)
  • 73a1970e7fd0cdcb2ffac3f6f7db85da849ee3d8 4.0.12

v4.0.11

Commits:

  • 8e6a5f8e48837fb403deb4025935e97a758ad6ca Fix “Edit on Github” link (#4997)
  • 930a2f68d799889df4c1f662dfe61934db84fdd1 Fix number of errors in doc (#4993)
  • c762dbb4fdb249cfddccdd69812da3f4b659df67 feat(locale): Add Yoruba (yo) locale (#4996)
  • 9a34a3a60d92c44f695b08e4c665209aa7160e24 Zod 4.0.11 (#4981)

v4.0.10

Commits:

  • 291c1ca9864570e68a6c104d869de467f665da86 Add should-build script
  • e32d99b54fff920c4b0b451e9099b472d20a3c4b Move should-build script
  • d4faf71b8cc156a49bae23fc09c4d54b88f22bd5 Add v3 docs (#4972)
  • dfae37195bed15dce84af0b17ef04cdc3704ef5e Update Jazz img on v3 docs
  • d6cd30d3898aaf592c6077464c1a45fd0f6f66d3 fix #4973 (#4974)
  • 18504960cdce29529e37415b87fed1732facf1ef Fix typo in valype (#4960)
  • 4ec2f8776193642d91814521d8a4c22bbb766cb1 Add Zod Playground to zod 4 ecosystem (#4975)
  • 2b571a21875e9e3299de261e512dad300878c3a1 Update docs z.enum with object literal example (#4967)
  • 813451db7fcf64c5322835984eded9bfe95be1da v4.0.10 (#4978)

v4.0.9

Commits:

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
[dependencies]: Bump zod from 3.25.67 to 4.0.14
e07aa8b 
Bumps [zod](https://github.com/colinhacks/zod) from 3.25.67 to 4.0.14.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Commits](colinhacks/zod@v3.25.67...v4.0.14)

---
updated-dependencies:
- dependency-name: zod
  dependency-version: 4.0.14
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies pull requests that update a dependency file javascript Pull requests that update javascript code labels Aug 4, 2025
@dependabot dependabot bot requested a review from a team as a code owner August 4, 2025 14:42
@dependabot dependabot bot added dependencies pull requests that update a dependency file javascript Pull requests that update javascript code labels Aug 4, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 4, 2025
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/zod 3.25.76 🟢 4.5
Details
CheckScoreReason
Code-Review🟢 4Found 12/30 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Binary-Artifacts🟢 10no binaries found in the repo
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 37 existing vulnerabilities detected
npm/zod 3.25.76 🟢 4.5
Details
CheckScoreReason
Code-Review🟢 4Found 12/30 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Binary-Artifacts🟢 10no binaries found in the repo
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 37 existing vulnerabilities detected
npm/zod 4.0.14 🟢 4.5
Details
CheckScoreReason
Code-Review🟢 4Found 12/30 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Binary-Artifacts🟢 10no binaries found in the repo
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 37 existing vulnerabilities detected
npm/zod ^4.0.14 🟢 4.5
Details
CheckScoreReason
Code-Review🟢 4Found 12/30 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Binary-Artifacts🟢 10no binaries found in the repo
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 37 existing vulnerabilities detected

Scanned Files

  • package-lock.json
  • package.json

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 6, 2025

A newer version of zod exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

@Novaes Novaes closed this Aug 6, 2025
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 6, 2025

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/zod-4.0.14 branch August 6, 2025 23:01
@Novaes
Copy link
Collaborator

Novaes commented Aug 6, 2025

@dependabot ignore this major version

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 6, 2025

OK, I won't notify you about version 4.x.x again, unless you re-open this PR.

@Novaes
Copy link
Collaborator

Novaes commented Aug 6, 2025

Re-opening indeed, seems Zod 4 has become quite stable by now and even default for npm now: https://www.npmjs.com/package/zod?activeTab=versions . Some quite nice new features: it'll improve system: https://zod.dev/v4

@Novaes Novaes restored the dependabot/npm_and_yarn/zod-4.0.14 branch August 6, 2025 23:08
@Novaes Novaes reopened this Aug 6, 2025
@Novaes Novaes self-assigned this Aug 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@Novaes Novaes

Labels
dependencies pull requests that update a dependency file javascript Pull requests that update javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Novaes @danhellem