Skip to content

Comments

chore(deps): bump zod from 3.25.76 to 4.3.6#22

Merged
maxgolov merged 1 commit intomainfrom
dependabot/npm_and_yarn/zod-4.3.6
Feb 11, 2026
Merged

chore(deps): bump zod from 3.25.76 to 4.3.6#22
maxgolov merged 1 commit intomainfrom
dependabot/npm_and_yarn/zod-4.3.6

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 11, 2026
edited
Loading

Bumps zod from 3.25.76 to 4.3.6.

Release notes

Sourced from zod's releases.

v4.3.6

Commits:

  • 9977fb0868432461de265a773319e80a90ba3e37 Add brand.dev to sponsors
  • f4b7bae3468f6188b8f004e007d722148fc91d77 Update pullfrog.yml (#5634)
  • 251d7163a0ac7740fee741428d913e3c55702ace Clean up workflow_call
  • edd4132466da0f5065a8e051b599d01fdd1081d8 fix: add missing User-agent to robots.txt and allow all (#5646)
  • 85db85e9091d0706910d60c7eb2e9c181edd87bd fix: typo in codec.test.ts file (#5628)
  • cbf77bb12bdfda2e054818e79001f5cb3798ce76 Avoid non null assertion (#5638)
  • dfbbf1c1ae0c224b8131d80ddf0a264262144086 Avoid re-exported star modules (#5656)
  • 762e911e5773f949452fd6dd4e360f2362110e8e Generalize numeric key handling
  • ca3c8629c0c2715571f70b44c2433cad3db7fe4e v4.3.6

v4.3.5

Commits:

  • 21afffdb42ccab554036312e33fed0ea3cb8f982 [Docs] Update migration guide docs for deprecation of message (#5595)
  • e36743e513aadb307b29949a80d6eb0dcc8fc278 Improve mini treeshaking
  • 0cdc0b8597999fd9ca99767b912c1e82c1ff2d6c 4.3.5

v4.3.4

Commits:

  • 1a8bea3b474eada6f219c163d0d3ad09fadabe72 Add integration tests
  • e01cd02b2f23d7e9078d3813830b146f8a2258b4 Support patternProperties for looserecord (#5592)
  • 089e5fbb0f58ce96d2c4fb34cd91724c78df4af5 Improve looseRecord docs
  • decef9c418d9a598c3f1bada06891ba5d922c5cd Fix lint
  • 9443aab00d44d5d5f4a7eada65fc0fc851781042 Drop iso time in fromJSONSchema
  • 66bda7491a1b9eab83bdeec0c12f4efc7290bd48 Remove .refine() from ZodMiniType
  • b4ab94ca608cd5b581bfc12b20dd8d95b35b3009 4.3.4

v4.3.3

Commits:

  • f3b2151959d215d405f54dff3c7ab3bf1fd887ca v4.3.3

v4.3.2

Commits:

  • bf96635d243118de6e4f260077aa137453790bf6 Loosen strictObjectinside intersection (#5587)
  • f71dc0182ab0f0f9a6be6295b07faca269e10179 Remove Juno (#5590)
  • 0f41e5a12a43e6913c9dcb501b2b5136ea86500d 4.3.2

v4.3.1

Commits:

  • 0fe88407a4149c907929b757dc6618d8afe998fc allow non-overwriting extends with refinements. 4.3.1

v4.3.0

This is Zod's biggest release since 4.0. It addresses several of Zod's longest-standing feature requests.

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 11, 2026
@dependabot dependabot bot requested a review from maxgolov as a code owner February 11, 2026 20:50
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 11, 2026
@github-actions
Copy link

github-actions bot commented Feb 11, 2026
edited
Loading

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/zod 4.3.6 🟢 4.4
Details
CheckScoreReason
Code-Review🟢 6Found 20/29 approved changesets -- score normalized to 6
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy⚠️ 0security policy file not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected

Scanned Files

  • package-lock.json

@maxgolov maxgolov mentioned this pull request Feb 11, 2026
Merged
maxgolov
maxgolov approved these changes Feb 11, 2026
View reviewed changes
Copy link
Contributor

@maxgolov maxgolov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - zod v4 API usage verified compatible.

@maxgolov
Copy link
Contributor

maxgolov commented Feb 11, 2026

@dependabot rebase

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/zod-4.3.6 branch from e1ae18c to c56c149 Compare February 11, 2026 23:24
@dependabot @maxgolov
chore(deps): bump zod from 3.25.76 to 4.3.6
acb9365 
Bumps [zod](https://github.com/colinhacks/zod) from 3.25.76 to 4.3.6.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Commits](colinhacks/zod@v3.25.76...v4.3.6)

---
updated-dependencies:
- dependency-name: zod
  dependency-version: 4.3.6
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@maxgolov maxgolov force-pushed the dependabot/npm_and_yarn/zod-4.3.6 branch from c56c149 to acb9365 Compare February 11, 2026 23:25
maxgolov
maxgolov approved these changes Feb 11, 2026
View reviewed changes
Copy link
Contributor

@maxgolov maxgolov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - re-approving after rebase. Zod v4 verified compatible.

@maxgolov maxgolov merged commit 062c59c into main Feb 11, 2026
10 checks passed
@maxgolov maxgolov deleted the dependabot/npm_and_yarn/zod-4.3.6 branch February 11, 2026 23:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maxgolov maxgolov maxgolov approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@maxgolov