Update devDependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@changesets/changelog-github (source)	0.5.2 → 0.7.0
@changesets/cli (source)	2.29.8 → 2.31.0
@typescript-eslint/rule-tester (source)	8.51.0 → 8.59.4
arktype (source)	2.1.29 → 2.2.0
prettier (source)	3.7.4 → 3.8.3
tsx (source)	4.21.0 → 4.22.3
valibot (source)	1.2.0 → 1.4.0
zod (source)	4.2.1 → 4.4.3

---

Release Notes

changesets/changesets (@​changesets/changelog-github)

v0.7.0

Compare Source

Minor Changes

• #​1255 94578cf Thanks @​Kauhsa! - Added disableThanks option

v0.6.0

Compare Source

Minor Changes

• #​1850 fd0bc2e Thanks @​mixelburg! - Linkify issue references in changelog entries.

Patch Changes

• #​1810 27fd8f4 Thanks @​hirasso! - Replace deprecated String.prototype.trimRight with String.prototype.trimEnd

• Updated dependencies [d4b8ad8, e462d89]:

  • @​changesets/get-github-info@​0.8.0

typescript-eslint/typescript-eslint (@​typescript-eslint/rule-tester)

v8.59.4

Compare Source

This was a version bump only for rule-tester to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.3

Compare Source

This was a version bump only for rule-tester to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.2

Compare Source

🩹 Fixes

• rule-tester: add TypeScript as a peer dependency (#​12288)

❤️ Thank You

• Dariusz Czajkowski

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.1

Compare Source

This was a version bump only for rule-tester to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.0

Compare Source

🚀 Features

• eslint-plugin: [no-unnecessary-type-assertion] report more cases based on assignability (#​11789)

❤️ Thank You

• Ulrich Stark

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.58.2

Compare Source

🩹 Fixes

• remove tsbuildinfo cache file from published packages (#​12187)

❤️ Thank You

• Abhijeet Singh @​cseas

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.58.1

Compare Source

This was a version bump only for rule-tester to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.58.0

Compare Source

This was a version bump only for rule-tester to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.2

Compare Source

8.57.2 (2026-03-23)

🩹 Fixes

• eslint-plugin: [prefer-optional-chain] remove dangling closing parenthesis (#​11865)
• eslint-plugin: [array-type] ignore Array and ReadonlyArray without type arguments (#​11971)
• eslint-plugin: [no-restricted-types] flag banned generics in extends or implements (#​12120)
• eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#​12125)
• eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#​12125)
• eslint-plugin: [no-useless-default-assignment] skip reporting false positives for unresolved type parameters (#​12127)
• eslint-plugin: [prefer-readonly-parameter-types] preserve type alias infomation (#​11954)
• typescript-estree: skip createIsolatedProgram fallback for projectService (#​12066, #​12065)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger
• Konv Suu
• mdm317
• Newton Yuan @​NewtonYuan
• RyoheiYamamoto
• SungHyun627 @​SungHyun627
• Tamashoo @​Tamashoo

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.1

Compare Source

8.57.1 (2026-03-16)

🩹 Fixes

• eslint-plugin: [prefer-optional-chain] no report for property on intersection type (#​12126)

❤️ Thank You

• Newton Yuan @​NewtonYuan

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.0

Compare Source

This was a version bump only for rule-tester to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.56.1

Compare Source

This was a version bump only for rule-tester to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.56.0

Compare Source

🚀 Features

• support ESLint v10 (#​12057)

🩹 Fixes

• use parser options from context.languageOptions (#​12043)

❤️ Thank You

• Brad Zacher @​bradzacher
• fnx @​DMartens
• Joshua Chen

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.55.0

Compare Source

This was a version bump only for rule-tester to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.54.0

Compare Source

This was a version bump only for rule-tester to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.53.1

Compare Source

This was a version bump only for rule-tester to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.53.0

Compare Source

This was a version bump only for rule-tester to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.52.0

Compare Source

This was a version bump only for rule-tester to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

arktypeio/arktype (arktype)

v2.2.0

Compare Source

Full announcement: https://arktype.io/docs/blog/2.2

type.fn - Validated functions

Define functions with runtime-validated parameters and return types. Supports defaults, optionals, and variadics.

const len = type.fn("string | unknown[]", ":", "number")(s => s.length)

len("foo") // 3
len([1, 2]) // 2

Type-safe regex via arkregex

Regex literals in definitions now carry full type inference. x-prefix parses capture groups at runtime.

const T = type({
	birthday: "x/^(?<month>\\d{2})-(?<day>\\d{2})-(?<year>\\d{4})$/"
})

T.assert({ birthday: "05-21-1993" }).birthday.groups.month // "05"

@ark/json-schema - Bidirectional JSON Schema

Parse JSON Schema into ArkType Types with the new @ark/json-schema package, complementing toJsonSchema(). Thanks to @​TizzySaurus.

Configurable toJsonSchema

Handle incompatibilities between ArkType and JSON Schema with granular fallback codes. Supports draft-07/draft-2020-12 targets and cyclic types.

Standard Schema as definitions

Any Standard Schema compliant validator (Zod, Valibot, etc.) can be embedded directly in ArkType definitions.

select - Deep reference introspection

Query the internal structure of a type by node kind and predicate. Use selectors to configure specific references.

Improved type.declare

Now supports morph-aware declarations via a side context, and optionality via property values.

N-ary operators

type.or, type.and, type.merge, and type.pipe accept variadic definitions.

Additional highlights

• |> string-embeddable pipe operator
• type.valueOf for TS enums
• string.hex + string.regex keywords
• Serializable ArkErrors (flatByPath, flatProblemsByPath, toJSON)
• TraversalError replaces AggregateError
• exactOptionalPropertyTypes config
• ES2020 + Hermes compatibility
• In-docs playground
• Better JSDoc + go-to-definition
• Cyclic unions can now discriminate on nested paths

prettier/prettier (prettier)

v3.8.3

Compare Source

v3.8.2

Compare Source

v3.8.1

Compare Source

v3.8.0

Compare Source

diff

🔗 Release note

privatenumber/tsx (tsx)

v4.22.3

Compare Source

v4.22.2

Compare Source

v4.22.1

Compare Source

v4.22.0

Compare Source

v4.21.1

Compare Source

Bug Fixes

• support Node 20.11/21.2 import.meta paths (acf3d8f)
• support Node.js 24.15.0 (c1d2d45)
• support Node.js 26.1.0 and 25.9.0 (1d7e528)

---

This release is also available on:

• npm package (@​latest dist-tag)

open-circle/valibot (valibot)

v1.4.0

Compare Source

Many thanks to @​ksaurav24, @​heiwen, @​compulim, @​ysknsid25, @​alaycock-stripe, @​IlyaSemenov, @​wszgrcy, @​LMGO, @​yslpn, @​EltonLobo07 and @​Eronmmer for contributing to this release.

Read the release notes on our website for a quick overview of the most exciting new features in this release.

• Add isoDateTimeSecond validation action to validate ISO date times with seconds (pull request #​1418)
• Add toCamelCase, toKebabCase, toPascalCase and toSnakeCase transformation actions to convert strings between common naming conventions (pull request #​1457)
• Change internal ReadonlyOutputKeys and OutputWithReadonly types of object schemas and WithReadonly type of record schemas to improve TypeScript type performance (pull request #​1442)
• Change hot paths to reduce object allocations and improve runtime performance (pull request #​1437)
• Change build target to ES2020 so distributed output stays compatible with environments that lack support for newer syntax (pull request #​1455)
• Change internal _LruCache to use a TypeScript private method instead of a #private class field to avoid runtime helpers in the transpiled output (pull request #​1455)
• Change internal _isValidObjectKey to use Object.prototype.hasOwnProperty.call instead of Object.hasOwn so the distributed output stays compatible with runtimes that lack the ES2022 Object.hasOwn builtin (pull request #​1421)
• Change flatten method to accept readonly issue arrays (pull request #​1269)
• Fix potential RangeError caused by spreading large issue arrays (pull request #​1437)
• Fix creditCard validation action to reject Mastercard numbers with invalid lengths (pull request #​1462)
• Fix intersect schema to no longer mutate input values, allowing frozen objects and arrays to be merged (pull request #​1463)

v1.3.1

Compare Source

• Change MAC48_REGEX, MAC64_REGEX and MAC_REGEX to drop the i flag for better JSON Schema compatibility (pull request #​1430)
• Change hash action to use case-expanded character classes instead of the i flag (pull request #​1430)

v1.3.0

Compare Source

Many thanks to @​EskiMojo14, @​yslpn, @​alexilyaev, @​idleberg, @​BerkliumBirb and @​frenzzy for contributing to this release.

Read the release notes on our website for a quick overview of the most exciting new features in this release.

• Add guard transformation action to narrow types using type predicates (pull request #​1204)
• Add parseBoolean transformation action to parse boolean values from strings and other types (pull request #​1251)
• Add isrc validation action to validate ISRC codes (pull request #​1373)
• Add cache method for caching schema output by input (pull request #​1170)
• Add domain validation action to validate domain names (pull request #​1284)
• Add jwsCompact validation action to validate JWS compact strings (pull request #​1348)
• Fix creditCard validation action to allow 13-digit Visa card numbers (pull request #​1347)
• Fix isoTimestamp validation action to allow optional space before UTC offset for PostgreSQL timestamptz compatibility (pull request #​1195)
• Fix types for deeply readonly default and fallback values

colinhacks/zod (zod)

v4.4.3

Compare Source

v4.4.2

Compare Source

v4.4.1

Compare Source

v4.4.0

Compare Source

v4.3.6

Compare Source

Commits:

• 9977fb0 Add brand.dev to sponsors
• f4b7bae Update pullfrog.yml (#​5634)
• 251d716 Clean up workflow_call
• edd4132 fix: add missing User-agent to robots.txt and allow all (#​5646)
• 85db85e fix: typo in codec.test.ts file (#​5628)
• cbf77bb Avoid non null assertion (#​5638)
• dfbbf1c Avoid re-exported star modules (#​5656)
• 762e911 Generalize numeric key handling
• ca3c862 v4.3.6

v4.3.5

Compare Source

Commits:

• 21afffd [Docs] Update migration guide docs for deprecation of message (#​5595)
• e36743e Improve mini treeshaking
• 0cdc0b8 4.3.5

v4.3.4

Compare Source

Commits:

• 1a8bea3 Add integration tests
• e01cd02 Support patternProperties for looserecord (#​5592)
• 089e5fb Improve looseRecord docs
• decef9c Fix lint
• 9443aab Drop iso time in fromJSONSchema
• 66bda74 Remove .refine() from ZodMiniType
• b4ab94c 4.3.4

v4.3.3

Compare Source

v4.3.2

Compare Source

v4.3.1

Compare Source

Commits:

• 0fe8840 allow non-overwriting extends with refinements. 4.3.1

v4.3.0

Compare Source

This is Zod's biggest release since 4.0. It addresses several of Zod's longest-standing feature requests.

z.fromJSONSchema()

Convert JSON Schema to Zod (#​5534, #​5586)

You can now convert JSON Schema definitions directly into Zod schemas. This function supports JSON Schema "draft-2020-12", "draft-7", "draft-4", and OpenAPI 3.0.

import * as z from "zod";

const schema = z.fromJSONSchema({
  type: "object",
  properties: {
    name: { type: "string", minLength: 1 },
    age: { type: "integer", minimum: 0 },
  },
  required: ["name"],
});

schema.parse({ name: "Alice", age: 30 }); // ✅

The API should be considered experimental. There are no guarantees of 1:1 "round-trip soundness": MySchema > z.toJSONSchema() > z.fromJSONSchema(). There are several features of Zod that don't exist in JSON Schema and vice versa, which makes this virtually impossible.

Features supported:

• All primitive types (string, number, integer, boolean, null, object, array)
• String formats (email, uri, uuid, date-time, date, time, ipv4, ipv6, and more)
• Composition (anyOf, oneOf, allOf)
• Object constraints (additionalProperties, patternProperties, propertyNames)
• Array constraints (prefixItems, items, minItems, maxItems)
• $ref for local references and circular schemas
• Custom metadata is preserved

z.xor() — exclusive union (#​5534)

A new exclusive union type that requires exactly one option to match. Unlike z.union() which passes if any option matches, z.xor() fails if zero or more than one option matches.

const schema = z.xor([z.string(), z.number()]);

schema.parse("hello"); // ✅
schema.parse(42);      // ✅
schema.parse(true);    // ❌ zero matches

When converted to JSON Schema, z.xor() produces oneOf instead of anyOf.

z.looseRecord() — partial record validation (#​5534)

A new record variant that only validates keys matching the key schema, passing through non-matching keys unchanged. This is used to represent patternProperties in JSON Schema.

const schema = z.looseRecord(z.string().regex(/^S_/), z.string());

schema.parse({ S_name: "John", other: 123 });
// ✅ { S_name: "John", other: 123 }
// only S_name is validated, "other" passes through

.exactOptional() — strict optional properties (#​5589)

A new wrapper that makes a property key-optional (can be omitted) but does not accept undefined as an explicit value.

const schema = z.object({
  a: z.string().optional(),      // accepts `undefined`
  b: z.string().exactOptional(), // does not accept `undefined`
});

schema.parse({});                  // ✅
schema.parse({ a: undefined });    // ✅
schema.parse({ b: undefined });    // ❌

This makes it possible to accurately represent the full spectrum of optionality expressible using exactOptionalPropertyTypes.

.apply()

A utility method for applying arbitrary transformations to a schema, enabling cleaner schema composition. (#​5463)

const setCommonChecks = <T extends z.ZodNumber>(schema: T) => {
  return schema.min(0).max(100);
};

const schema = z.number().apply(setCommonChecks).nullable();

.brand() cardinality

The .brand() method now accepts a second argument to control whether the brand applies to input, output, or both. Closes #​4764, #​4836.

// output only (default)
z.string().brand<"UserId">();           // output is branded (default)
z.string().brand<"UserId", "out">();    // output is branded
z.string().brand<"UserId", "in">();     // input is branded
z.string().brand<"UserId", "inout">();  // both are branded

Type predicates on .refine() (#​5575)

The .refine() method now supports type predicates to narrow the output type:

const schema = z.string().refine((s): s is "a" => s === "a");

type Input = z.input<typeof schema>;   // string
type Output = z.output<typeof schema>; // "a"

ZodMap methods: min, max, nonempty, size (#​5316)

ZodMap now has parity with ZodSet and ZodArray:

const schema = z.map(z.string(), z.number())
  .min(1)
  .max(10)
  .nonempty();

schema.size; // access the size constraint

.with() alias for .check() (359c0db)

A new .with() method has been added as a more readable alias for .check(). Over time, more APIs have been added that don't qualify as "checks". The new method provides a readable alternative that doesn't muddy semantics.

z.string().with(
  z.minLength(5),
  z.toLowerCase()
);

// equivalent to:
z.string().check(
  z.minLength(5),
  z.trim(),
  z.toLowerCase()
);

z.slugify() transform

Transform strings into URL-friendly slugs. Works great with .with():

// Zod
z.string().slugify().parse("Hello World");           // "hello-world"

// Zod Mini
// using .with() for explicit check composition
z.string().with(z.slugify()).parse("Hello World");   // "hello-world"

z.meta() and z.describe() in Zod Mini (947b4eb)

Zod Mini now exports z.meta() and z.describe() as top-level functions for adding metadata to schemas:

import * as z from "zod/mini";

// add description
const schema = z.string().with(
  z.describe("A user's name"),
);

// add arbitrary metadata
const schema2 = z.number().with(
  z.meta({ deprecated: true })
);

New locales

• Armenian (am) (#​5531)
• Uzbek (uz) (#​5519)

import * as z from "zod";
import { uz } from "zod/locales";

z.config(uz());

---

Bug fixes

All of these changes fix soundness issues in Zod. As with any bug fix there's some chance of breakage if you were intentionally or unintentionally relying on this unsound behavior.

⚠️ .pick() and .omit() disallowed on object schemas containing refinements (#​5317)

Using .pick() or .omit() on object schemas with refinements now throws an error. Previously, this would silently drop the refinements, leading to unexpected behavior.

const schema = z.object({
  password: z.string(),
  confirmPassword: z.string(),
}).refine(data => data.password === data.confirmPassword);

schema.pick({ password: true });
// 4.2: refinement silently dropped ⚠️
// 4.3: throws error ❌

Migration: The easiest way to migrate is to create a new schema using the shape of the old one.

const newSchema = z.object(schema.shape).pick({ ... })

⚠️ .extend() disallowed on refined schemas (#​5317)

Similarly, .extend() now throws on schemas with refinements. Use .safeExtend() if you need to extend refined schemas.

const schema = z.object({ a: z.string() }).refine(/* ... */);

// 4.2: refinement silently dropped ⚠️
// 4.3: throws error ✅
schema.extend({ b: z.number() });
// error: object schemas containing refinements cannot be extended. use `.safeExtend()` instead.

⚠️ Stricter object masking methods (#​5581)

Object masking methods (.pick(), .omit()) now validate that the keys provided actually exist in the schema:

const schema = z.object({ a: z.string() });

// 4.3: throws error for unrecognized keys
schema.pick({ nonexistent: true });
// error: unrecognized key: "nonexistent"

Additional changes

• Fixed JSON Schema generation for z.iso.time with minute precision (#​5557)
• Fixed error details for tuples with extraneous elements (#​5555)
• Fixed includes method params typing to accept string | $ZodCheckIncludesParams (#​5556)
• Fixed numeric formats error messages to be inclusive (#​5485)
• Fixed implementAsync inferred type to always be a promise (#​5476)
• Tightened E.164 regex to require a non-zero leading digit and 7–15 digits total (#​5524)
• Fixed Dutch (nl) error strings (#​5529)
• Convert Date instances to numbers in minimum/maximum checks (#​5351)
• Improved numeric keys handling in z.record() (#​5585)
• Lazy initialization of ~standard schema property (#​5363)
• Functions marked as @__NO_SIDE_EFFECTS__ for better tree-shaking (#​5475)
• Improved metadata tracking across child-parent relationships (#​5578)
• Improved locale translation approach (#​5584)
• Dropped id uniqueness enforcement at registry level (#​5574)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: f7fa76f

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 10 workspace projects
Progress: resolved 1, reused 0, downloaded 0, added 0
Progress: resolved 27, reused 0, downloaded 0, added 0
Progress: resolved 36, reused 0, downloaded 0, added 0
Progress: resolved 90, reused 0, downloaded 0, added 0
Progress: resolved 184, reused 0, downloaded 0, added 0
Progress: resolved 263, reused 0, downloaded 0, added 0
Progress: resolved 327, reused 0, downloaded 0, added 0
Progress: resolved 452, reused 0, downloaded 0, added 0
Progress: resolved 610, reused 0, downloaded 0, added 0
 ERR_PNPM_UNUSED_PATCH  The following patches were not used: @changesets/assemble-release-plan@6.0.9

Either remove them from "patchedDependencies" or update them to match packages in your dependencies.