search

inngest / inngest-js

The developer platform for easily building reliable workflows with zero infrastructure for TypeScript & JavaScript
https://www.inngest.com/
GNU General Public License v3.0
440 stars 43 forks source link

Update dependency zod to ~3.22.0 [SECURITY] #335

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
zod (source) ~3.21.4 -> ~3.22.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-4316

Zod version 3.22.2 allows an attacker to perform a denial of service while validating emails.

Release Notes

colinhacks/zod (zod) ### [`v3.22.3`](https://togithub.com/colinhacks/zod/releases/tag/v3.22.3) [Compare Source](https://togithub.com/colinhacks/zod/compare/v3.22.2...v3.22.3) ##### Commits: - [`1e23990`](https://togithub.com/colinhacks/zod/commit/1e23990bcdd33d1e81b31e40e77a031fcfd87ce1) Commit - [`9bd3879`](https://togithub.com/colinhacks/zod/commit/9bd3879b482f139fd03d5025813ee66a04195cdd) docs: remove obsolete text about readonly types ([#​2676](https://togithub.com/colinhacks/zod/issues/2676)) - [`f59be09`](https://togithub.com/colinhacks/zod/commit/f59be093ec21430d9f32bbcb628d7e39116adf34) clarify datetime ISO 8601 ([#​2673](https://togithub.com/colinhacks/zod/issues/2673)) - [`64dcc8e`](https://togithub.com/colinhacks/zod/commit/64dcc8e2b16febe48fa8e3c82c47c92643e6c9e3) Update sponsors - [`18115a8`](https://togithub.com/colinhacks/zod/commit/18115a8f128680b4526df58ce96deab7dce93b93) Formatting - [`28c1927`](https://togithub.com/colinhacks/zod/commit/28c19273658b164c53c149785fa7a8187c428ad4) Update sponsors - [`ad2ee9c`](https://togithub.com/colinhacks/zod/commit/ad2ee9ccf723c4388158ff6b8669c2a6cdc85643) 2718 Updated Custom Schemas documentation example to use type narrowing ([#​2778](https://togithub.com/colinhacks/zod/issues/2778)) - [`ae0f7a2`](https://togithub.com/colinhacks/zod/commit/ae0f7a2c15e7741ee1b23c03a3bfb9acebd86551) docs: update ref to discriminated-unions docs ([#​2485](https://togithub.com/colinhacks/zod/issues/2485)) - [`2ba00fe`](https://togithub.com/colinhacks/zod/commit/2ba00fe2377f4d53947a84b8cdb314a63bbd6dd4) \[2609] fix ReDoS vulnerability in email regex ([#​2824](https://togithub.com/colinhacks/zod/issues/2824)) - [`1e61d76`](https://togithub.com/colinhacks/zod/commit/1e61d76cdec05de9271fc0df58798ddf9ce94923) 3.22.3 ### [`v3.22.2`](https://togithub.com/colinhacks/zod/releases/tag/v3.22.2) [Compare Source](https://togithub.com/colinhacks/zod/compare/v3.22.1...v3.22.2) ##### Commits: - [`13d9e6b`](https://togithub.com/colinhacks/zod/commit/13d9e6bda286cbd4c1b177171273695d8309e5de) Fix lint - [`0d49f10`](https://togithub.com/colinhacks/zod/commit/0d49f10b3c25a8e4cbb6534cc0773b195c56d06d) docs: add typeschema to ecosystem ([#​2626](https://togithub.com/colinhacks/zod/issues/2626)) - [`8e4af7b`](https://togithub.com/colinhacks/zod/commit/8e4af7b56df6f2e3daf0dd825b986f1d963025ce) X to Zod: add app.quicktype.io ([#​2668](https://togithub.com/colinhacks/zod/issues/2668)) - [`792b3ef`](https://togithub.com/colinhacks/zod/commit/792b3ef0d41c144cd10641c6966b98dae1222d82) Fix superrefine types ### [`v3.22.1`](https://togithub.com/colinhacks/zod/releases/tag/v3.22.1) [Compare Source](https://togithub.com/colinhacks/zod/compare/v3.22.0...v3.22.1) #### Commits: Fix handing of `this` in ZodFunction schemas. The parse logic for function schemas now requires the `Reflect` API. ```ts const methodObject = z.object({ property: z.number(), method: z.function().args(z.string()).returns(z.number()), }); const methodInstance = { property: 3, method: function (s: string) { return s.length + this.property; }, }; const parsed = methodObject.parse(methodInstance); parsed.method("length=8"); // => 11 (8 length + 3 property) ``` - [`932cc47`](https://togithub.com/colinhacks/zod/commit/932cc472d2e66430d368a409b8d251909d7d8d21) Initial prototype fix for issue [#​2651](https://togithub.com/colinhacks/zod/issues/2651) ([#​2652](https://togithub.com/colinhacks/zod/issues/2652)) - [`0a055e7`](https://togithub.com/colinhacks/zod/commit/0a055e726ac210ef6efc69aa70cd2491767f6060) 3.22.1 ### [`v3.22.0`](https://togithub.com/colinhacks/zod/releases/tag/v3.22.0) [Compare Source](https://togithub.com/colinhacks/zod/compare/v3.21.4...v3.22.0) #### `ZodReadonly` This release introduces `ZodReadonly` and the `.readonly()` method on `ZodType`. Calling `.readonly()` on any schema returns a `ZodReadonly` instance that wraps the original schema. The new schema parses all inputs using the original schema, then calls `Object.freeze()` on the result. The inferred type is also marked as `readonly`. ```ts const schema = z.object({ name: string }).readonly(); type schema = z.infer; // Readonly<{name: string}> const result = schema.parse({ name: "fido" }); result.name = "simba"; // error ``` The inferred type uses TypeScript's built-in readonly types when relevant. ```ts z.array(z.string()).readonly(); // readonly string[] z.tuple([z.string(), z.number()]).readonly(); // readonly [string, number] z.map(z.string(), z.date()).readonly(); // ReadonlyMap z.set(z.string()).readonly(); // ReadonlySet> ``` #### Commits: - [`6dad907`](https://togithub.com/colinhacks/zod/commit/6dad90785398885f7b058f5c0760d5ae5476b833) Comments - [`56ace68`](https://togithub.com/colinhacks/zod/commit/56ace682e4cc89132c034a3ae2c13b2d5b1a0115) Fix deno test - [`3809d54`](https://togithub.com/colinhacks/zod/commit/3809d54fc8c5dd0a0ce367bd2575fe3fdadf087d) Add superforms - [`d1ad522`](https://togithub.com/colinhacks/zod/commit/d1ad5221900af640bc3093a2fb0476ec0c94953e) Add transloadit - [`a3bb701`](https://togithub.com/colinhacks/zod/commit/a3bb701757127ffe05e773a2e449136b9b7efcb3) Testing on Typescript 5.0 ([#​2221](https://togithub.com/colinhacks/zod/issues/2221)) - [`51e14be`](https://togithub.com/colinhacks/zod/commit/51e14beeab2f469fcbf18e3df44653e1643f5487) docs: update deprecated link ([#​2219](https://togithub.com/colinhacks/zod/issues/2219)) - [`a263814`](https://togithub.com/colinhacks/zod/commit/a263814fc430db8d47430cd2884d2cea6b11c671) fixed Datetime & IP TOC links - [`502384e`](https://togithub.com/colinhacks/zod/commit/502384e56fe2b1f8173735df6c3b0d41bce04edc) docs: add mobx-zod-form to form integrations ([#​2299](https://togithub.com/colinhacks/zod/issues/2299)) - [`a8be450`](https://togithub.com/colinhacks/zod/commit/a8be4500851923aa865e009fe9c2855e80482047) docs: Add `zocker` to Ecosystem section ([#​2416](https://togithub.com/colinhacks/zod/issues/2416)) - [`15de22a`](https://togithub.com/colinhacks/zod/commit/15de22a3ba6144c7d8d2276e8e56174bcdfa7225) Allow subdomains and hyphens in `ZodString.email` ([#​2274](https://togithub.com/colinhacks/zod/issues/2274)) - [`00f5783`](https://togithub.com/colinhacks/zod/commit/00f5783602ccbe423deb0dbd76ecf13a276bc54d) Add `zod-openapi` to ecosystem ([#​2434](https://togithub.com/colinhacks/zod/issues/2434)) - [`0a17340`](https://togithub.com/colinhacks/zod/commit/0a17340e9fc4b909d10ca3687b6bc6454903ff21) docs: fix minor typo ([#​2439](https://togithub.com/colinhacks/zod/issues/2439)) - [`60a2134`](https://togithub.com/colinhacks/zod/commit/60a21346086d32ca9f39efc2771f5db37c835c03) Add masterborn - [`0a90ed1`](https://togithub.com/colinhacks/zod/commit/0a90ed1461dafa62ff50ce0d5d5434fd4a2a4a20) chore: move `exports.types` field to first spot @​ package.json. ([#​2443](https://togithub.com/colinhacks/zod/issues/2443)) - [`67f35b1`](https://togithub.com/colinhacks/zod/commit/67f35b16692ca33fd48adfec9ae83b9514f8a4b7) docs: allow Zod to be used in dev tools at site ([#​2432](https://togithub.com/colinhacks/zod/issues/2432)) - [`6795c57`](https://togithub.com/colinhacks/zod/commit/6795c574b1d34f6e95ae891f96d8b219b98ace92) Fix not working Deno doc link. ([#​2428](https://togithub.com/colinhacks/zod/issues/2428)) - [`37e9c55`](https://togithub.com/colinhacks/zod/commit/37e9c550460e4edd144da90d903e878c119c5cc1) Generalize uuidRegex - [`0969950`](https://togithub.com/colinhacks/zod/commit/09699501ff6218b3b0a7e382eca3c02a8226ce13) adds ctx to preprocess ([#​2426](https://togithub.com/colinhacks/zod/issues/2426)) - [`af08390`](https://togithub.com/colinhacks/zod/commit/af08390139cf9fd4fc9e398b60a39191bf224076) fix: super refinement function types ([#​2420](https://togithub.com/colinhacks/zod/issues/2420)) - [`36fef58`](https://togithub.com/colinhacks/zod/commit/36fef58410f4b2c9e79edabae2fc567a4aee13a7) Make email regex reasonable ([#​2157](https://togithub.com/colinhacks/zod/issues/2157)) - [`f627d14`](https://togithub.com/colinhacks/zod/commit/f627d14d3bfe3a680ac0d54705b2e63daa912aed) Document canary - [`e06321c`](https://togithub.com/colinhacks/zod/commit/e06321c15d22082e47c7c111a92ec7b3e104c644) docs: add tapiduck to API libraries ([#​2410](https://togithub.com/colinhacks/zod/issues/2410)) - [`11e507c`](https://togithub.com/colinhacks/zod/commit/11e507c4d3bf4ad3ab2057a0122168ed0048a2c4) docs: add ts as const example in zod enums ([#​2412](https://togithub.com/colinhacks/zod/issues/2412)) - [`5427565`](https://togithub.com/colinhacks/zod/commit/5427565c347a14056bc60e3ffd800b98753952bc) docs: add zod-fixture to mocking ecosystem ([#​2409](https://togithub.com/colinhacks/zod/issues/2409)) - [`d3bf7e6`](https://togithub.com/colinhacks/zod/commit/d3bf7e60a8eb706c4c63a9a91fd66565b82883cf) docs: add `zodock` to mocking ecosystem ([#​2394](https://togithub.com/colinhacks/zod/issues/2394)) - [`2270ae5`](https://togithub.com/colinhacks/zod/commit/2270ae563f7f14bed770f75d9c252880794fa71f) remove "as any" casts in createZodEnum ([#​2332](https://togithub.com/colinhacks/zod/issues/2332)) - [`00bdd0a`](https://togithub.com/colinhacks/zod/commit/00bdd0a7ffdf495af14e67ae1396c85a282c38dd) fix proto pollution vulnerability ([#​2239](https://togithub.com/colinhacks/zod/issues/2239)) - [`a3c5256`](https://togithub.com/colinhacks/zod/commit/a3c525658bc43edf40747a99b8f882d8d3d1e0c7) Fix error_handling unrecognized_keys example - [`4f75cbc`](https://togithub.com/colinhacks/zod/commit/4f75cbc682199a5411189f9cd9abba9af4924746) Adds getters to Map for key + value ([#​2356](https://togithub.com/colinhacks/zod/issues/2356)) - [`ca7b032`](https://togithub.com/colinhacks/zod/commit/ca7b03222764496d72085b1178fa22f4a57fe579) FMC ([#​2346](https://togithub.com/colinhacks/zod/issues/2346)) - [`6fec8bd`](https://togithub.com/colinhacks/zod/commit/6fec8bd3407f463f157522a3979b4d202870ba4c) docs: fix typo in link fragment ([#​2329](https://togithub.com/colinhacks/zod/issues/2329)) - [`16f90bd`](https://togithub.com/colinhacks/zod/commit/16f90bd22b465aca9a1fbad09248d80aa93fd824) Update README.md - [`2c80250`](https://togithub.com/colinhacks/zod/commit/2c802507d92d2d2e15be959695b1de78b896bfcb) Update readme - [`eaf64e0`](https://togithub.com/colinhacks/zod/commit/eaf64e09ba1a87dd6bf348fb97061894a01242d2) Update sponsors - [`c576311`](https://togithub.com/colinhacks/zod/commit/c5763112e2912390f3317d738e4261fa8747494e) Update readme - [`5e23b4f`](https://togithub.com/colinhacks/zod/commit/5e23b4fae4715c7391f9ceb4369421a034851b4c) Add `*.md` pattern to prettier ([#​2476](https://togithub.com/colinhacks/zod/issues/2476)) - [`898dced`](https://togithub.com/colinhacks/zod/commit/898dced470f1045b5469543abd2f427a713d93eb) Revamp tests - [`6309322`](https://togithub.com/colinhacks/zod/commit/6309322a28545e316299f8b9a36f43132d347300) Update test runners - [`c0aece1`](https://togithub.com/colinhacks/zod/commit/c0aece1672d1442d69ce1991142af8f16ed20ecb) Add vitest config - [`73a5610`](https://togithub.com/colinhacks/zod/commit/73a5610186c413872153e8dcac76c4c4f23dfe4e) Update script - [`8d8e1a2`](https://togithub.com/colinhacks/zod/commit/8d8e1a2d306cecaf3d8cb88f32fe3e130a834f9f) Fix deno test bug - [`9eb2508`](https://togithub.com/colinhacks/zod/commit/9eb2508fac78cc36faefd050e9616bb6d34814c1) Clean up configs - [`cfbc7b3`](https://togithub.com/colinhacks/zod/commit/cfbc7b3f6714ced250dd4053822faf472bf1828e) Fix root jest config - [`8677f68`](https://togithub.com/colinhacks/zod/commit/8677f688b0ab1bb5991e90744f46a15082772bd6) docs(comparison-yup): Yup added partial() and deepPartial() in v1 ([#​2603](https://togithub.com/colinhacks/zod/issues/2603)) - [`fb00edd`](https://togithub.com/colinhacks/zod/commit/fb00edd04ca338b8d791a96dead161076538c6c2) docs: add VeeValidate form library for Vue.js ([#​2578](https://togithub.com/colinhacks/zod/issues/2578)) - [`ab8e717`](https://togithub.com/colinhacks/zod/commit/ab8e71793431eeb163613007c134132e6c2ab078) docs: fix typo in z.object ([#​2570](https://togithub.com/colinhacks/zod/issues/2570)) - [`d870407`](https://togithub.com/colinhacks/zod/commit/d870407a020f9518fbae662f9f48a9aba005a3e2) docs: fix incomplete Records example ([#​2579](https://togithub.com/colinhacks/zod/issues/2579)) - [`5adae24`](https://togithub.com/colinhacks/zod/commit/5adae24e9b2fc98fc679defa8f78e4142d4c3451) docs: add conform form integration ([#​2577](https://togithub.com/colinhacks/zod/issues/2577)) - [`8b8ab3e`](https://togithub.com/colinhacks/zod/commit/8b8ab3e79691ebafbb9aac3ce089eaf0dcd6d8fe) Update README.md ([#​2562](https://togithub.com/colinhacks/zod/issues/2562)) - [`6aab901`](https://togithub.com/colinhacks/zod/commit/6aab9016873c12be08d19bcc097b3e5ba4c9d6fe) fix typo test name ([#​2542](https://togithub.com/colinhacks/zod/issues/2542)) - [`81a89f5`](https://togithub.com/colinhacks/zod/commit/81a89f593f4d6b05f770bbb3ad0fc98075f468dd) Update nullish documentation to correct chaining order ([#​2457](https://togithub.com/colinhacks/zod/issues/2457)) - [`78a4090`](https://togithub.com/colinhacks/zod/commit/78a409012a4dc34a455f5c4a7e028ca47c921e1b) docs: update comparison with `runtypes` ([#​2536](https://togithub.com/colinhacks/zod/issues/2536)) - [`1ecd624`](https://togithub.com/colinhacks/zod/commit/1ecd6241ef97b33ce229b49f1346ffeee5d0ba74) Fix prettier - [`981d4b5`](https://togithub.com/colinhacks/zod/commit/981d4b5e272e7e35ff44a31fbb5e8e90594b1933) Add ZodReadonly ([#​2634](https://togithub.com/colinhacks/zod/issues/2634)) - [`fba438c`](https://togithub.com/colinhacks/zod/commit/fba438cddea800b081a15aefc8b1efea2eccf7af) 3.22.0

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

changeset-bot[bot] commented 1 year ago

⚠️ No Changeset found

Latest commit: 99bb31033468332e761977da7bd462b7e4e2250f

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

jpwilliams commented 1 year ago

Will manage this with #336 and #350.

renovate[bot] commented 1 year ago

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (~3.22.0). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.