Upgrade zod to 3.23.8

[ericallam]

This PR upgrades zod across all packages to 3.23.8, which is the latest and matches other popular packages like openai and @ai-sdk/openai.

Summary by CodeRabbit

Release Notes

• New Features

  • No new features introduced.

• Dependency Updates

  • Upgraded zod library to version 3.23.8 across multiple packages.
  • Updated various @trigger.dev packages to improve stability and performance.

• Bug Fixes

  • Simplified error handling in API functions, enhancing robustness against unsupported HTTP methods.

• Documentation

  • No documentation updates included.

[changeset-bot]

🦋 Changeset detected

Latest commit: 5313b39

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 11 packages

Name	Type
@trigger.dev/react-hooks	Patch
@trigger.dev/sdk	Patch
trigger.dev	Patch
@trigger.dev/build	Patch
@trigger.dev/core	Patch
@trigger.dev/rsc	Patch
@internal/redis-worker	Patch
@internal/zod-worker	Patch
@trigger.dev/database	Patch
@trigger.dev/otlp-importer	Patch
@internal/testcontainers	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Walkthrough

The pull request introduces several updates to the dependencies of the Trigger.dev framework, specifically upgrading the zod library to version 3.23.8 across multiple packages. Additionally, several other Trigger.dev packages have received patch updates. Notably, the action and loader functions in the api.v1.store.$key.ts file have been modified by removing the assertExhaustive function call, which simplifies control flow but may affect error handling for unsupported HTTP methods.

Changes

File Path	Change Summary
.changeset/slow-pans-report.md	Patch updates for dependencies: @trigger.dev/react-hooks, @trigger.dev/sdk, trigger.dev, @trigger.dev/build, @trigger.dev/core, @trigger.dev/rsc, and zod upgraded to 3.23.8.
apps/proxy/package.json	Updated zod dependency from 3.22.3 to 3.23.8.
apps/webapp/app/routes/api.v1.store.$key.ts	Removed assertExhaustive from action and loader functions, simplifying control flow.
apps/webapp/package.json	Updated @trigger.dev/platform from 1.0.13 to 1.0.14 and zod from 3.22.3 to 3.23.8.
internal-packages/emails/package.json	Updated zod dependency from 3.22.3 to 3.23.8.
internal-packages/redis-worker/package.json	Updated zod dependency from 3.22.3 to 3.23.8.
internal-packages/zod-worker/package.json	Updated zod dependency from 3.22.3 to 3.23.8.
packages/cli-v3/package.json	Updated version to 3.2.0, zod from 3.22.3 to 3.23.8, and modified exports structure.
packages/core/package.json	Updated version from 3.2.0 to 3.2.1 and zod from 3.22.3 to 3.23.8.
packages/trigger-sdk/package.json	Updated zod from 3.22.3 to 3.23.8 and restructured exports field for detailed mappings.
references/nextjs-realtime/package.json	Updated zod dependency from 3.22.3 to 3.23.8.
references/v3-catalog/package.json	Updated zod dependency from 3.22.3 to 3.23.8.

Possibly related PRs

• Improve the update CLI command and fix missing tsconfig.json error #1315: Improves the CLI update command and addresses missing configuration files, indirectly related to dependency updates.
• v3: self-hosting support for latest packages #1319: Updates to the @trigger.dev/build package, directly related to the dependency updates in this PR.
• Run page links to tasks & replay run modal improvements #1364: Modifications to the @trigger.dev/sdk package, which is also updated in this PR.
• Improve coordinator logs and extend structured logger #1389: Enhancements to logging capabilities within the @trigger.dev/core package, another updated dependency.
• Fix several restore and resume bugs #1418: Addresses issues related to task run processes, relevant to the functionality of the updated dependencies.
• Fixes for internal error reattempts #1436: Focuses on internal error handling, possibly relating to the robustness of the updated dependencies.

🐇 In the meadow, we hop and play,
With updates brightening our day!
Dependencies patched, oh what a sight,
Zod's new version brings delight.
Functions simplified, flow so clear,
Hooray for changes, let’s all cheer! 🎉

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 532fdca and 5313b39.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (12)

• .changeset/slow-pans-report.md (1 hunks)
• apps/proxy/package.json (1 hunks)
• apps/webapp/app/routes/api.v1.store.$key.ts (0 hunks)
• apps/webapp/package.json (3 hunks)
• internal-packages/emails/package.json (1 hunks)
• internal-packages/redis-worker/package.json (2 hunks)
• internal-packages/zod-worker/package.json (2 hunks)
• packages/cli-v3/package.json (1 hunks)
• packages/core/package.json (1 hunks)
• packages/trigger-sdk/package.json (1 hunks)
• references/nextjs-realtime/package.json (1 hunks)
• references/v3-catalog/package.json (1 hunks)

💤 Files with no reviewable changes (1)

• apps/webapp/app/routes/api.v1.store.$key.ts

✅ Files skipped from review due to trivial changes (6)

• .changeset/slow-pans-report.md
• apps/proxy/package.json
• internal-packages/emails/package.json
• packages/core/package.json
• references/nextjs-realtime/package.json
• references/v3-catalog/package.json

🔇 Additional comments (11)

internal-packages/zod-worker/package.json (2)

14-14: Verify breaking changes and security implications.

Let's ensure this upgrade is safe for the internal package and its dependents.

Run the following checks:

✅ Verification successful

Zod version 3.23.8 is consistently used and no breaking changes detected

• Version 3.23.8 is consistently used across all package.json files in the monorepo
• Usage analysis shows only stable APIs being used (instanceof, discriminatedUnion)
• No security advisories found in the npm registry that affect version 3.23.8

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for breaking changes and security advisories

# Check for security advisories
echo "Checking for security advisories..."
npm audit zod@3.23.8

# Look for breaking changes in dependent files
echo -e "\nChecking usage patterns that might be affected by breaking changes..."
rg -l "z\." | xargs rg "z\.(instanceof|discriminatedUnion|effect|transformer)"

# Check if version is consistent across the monorepo
echo -e "\nChecking version consistency across packages..."
find . -name "package.json" -exec jq -r '.dependencies.zod // .devDependencies.zod // empty' {} \;

Length of output: 6375

---

14-14: LGTM! Version upgrade aligns with PR objectives.

The upgrade to zod 3.23.8 matches the stated PR goal and aligns with the versions used by openai and @ai-sdk/openai packages.

Let's verify if this is the latest stable version:

✅ Verification successful

Version upgrade is safe and consistent across the monorepo

The verification confirms:

• 3.23.8 is currently the latest stable version on npm
• No usage of RefinementCtx in the codebase, so the type-to-interface change won't impact the project
• Version 3.23.8 is consistently used across most package.json files, with only one package using a flexible ^3.0.0 version
• The upgrade aligns with the PR objectives and maintains monorepo consistency

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check latest version and release info for zod

# Get latest version from npm
echo "Latest version from npm:"
npm view zod version

# Get release date and changelog for 3.23.8
echo -e "\nRelease info for 3.23.8:"
gh api repos/colinhacks/zod/releases | jq '.[] | select(.tag_name=="v3.23.8") | {published_at, body}'

Length of output: 592

---

Script:

#!/bin/bash
# Check for potential breaking changes between 3.22.3 and 3.23.8
# and look for any security advisories

# Check for security advisories
echo "Checking for security advisories:"
npm audit zod@3.23.8

# Search for usage of RefinementCtx in the codebase since it changed from type to interface
echo -e "\nChecking RefinementCtx usage:"
rg "RefinementCtx" -A 2

# Check other zod versions in the monorepo for consistency
echo -e "\nChecking other zod versions in package.json files:"
fd package.json --exec grep -l "zod" {} \; | xargs cat | grep "\"zod\""

Length of output: 961

internal-packages/redis-worker/package.json (2)

15-15: LGTM: Version update is properly specified

The version specification follows the correct format and aligns with the PR objectives to standardize the zod version across packages.

---

15-15: Verify zod version upgrade compatibility and security

The upgrade from zod 3.22.3 to 3.23.8 aligns with the PR objectives. Let's verify the upgrade's compatibility and security implications.

✅ Verification successful

Let me generate additional scripts to check for potential breaking changes between 3.22.3 and 3.23.8 by examining the codebase's usage of zod.

This will help us understand the codebase's usage of zod features that might be affected by the version change, particularly around refinements which were modified in 3.23.8.

---

Based on the extensive search results, I can now make a determination about the zod version upgrade:

Zod upgrade from 3.22.3 to 3.23.8 is safe to proceed

The codebase scan shows:

1. The change from 3.22.3 to 3.23.8 only includes one breaking change: RefinementCtx was changed from a type to an interface, but this type is not used anywhere in the codebase (no matches found in the grep results)

2. The upgrade is consistently applied across multiple packages:

• apps/proxy
• apps/webapp
• internal-packages/emails
• internal-packages/redis-worker
• internal-packages/zod-worker
• packages/cli-v3
• packages/core
• packages/trigger-sdk
• references/nextjs-realtime
• references/v3-catalog

3. The extensive zod usage in the codebase is focused on schema definitions and validations using standard zod features that are stable between these versions.

4. Version 3.23.8 is still within the 3.x major version, indicating backward compatibility is maintained.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify zod version compatibility, breaking changes, and security advisories

# Check if 3.23.8 is still the latest version
echo "Checking latest version on npm..."
npm view zod versions --json | jq -r '.[-1]'

# Check for any security advisories
echo "Checking for security advisories..."
npm audit zod@3.23.8 --json || true

# Look for breaking changes in commit history between versions
echo "Checking for breaking changes..."
gh api graphql -f query='
{
  repository(owner: "colinhacks", name: "zod") {
    releases(first: 10) {
      nodes {
        tagName
        description
      }
    }
  }
}' | jq -r '.data.repository.releases.nodes[] | select(.tagName | contains("v3.22.3","v3.23.8"))'

# Check if this version is used consistently across the monorepo
echo "Checking version consistency across packages..."
find . -name "package.json" -type f -exec grep -l "\"zod\":" {} \; -exec grep -l "3.23.8" {} \;

Length of output: 2432

---

Script:

#!/bin/bash
# Search for zod usage patterns that might be affected by changes between versions

# Check for RefinementCtx usage since it changed from type to interface
echo "Checking RefinementCtx usage..."
rg "RefinementCtx" -A 2 -B 2

# Check for any custom refinements that might be affected
echo "Checking refinement usage patterns..."
ast-grep --pattern 'refine($$$)'

# Look for zod schema definitions to assess impact
echo "Checking zod schema patterns..."
rg "z\.(object|string|number|boolean|array|enum|union|intersection)" -A 2

Length of output: 364564

packages/trigger-sdk/package.json (2)

76-76: Verify security advisories for zod 3.23.8

Let's ensure this version is free from known vulnerabilities.

✅ Verification successful

No security vulnerabilities found for zod 3.23.8

The GitHub Security Advisory Database shows no critical or high severity vulnerabilities for this version of zod.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for any security advisories for zod
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: NPM, package: "zod", severities: [CRITICAL, HIGH]) {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

Length of output: 366

---

76-76: LGTM! Version upgrade aligns with PR objectives.

The upgrade to zod 3.23.8 is compatible with the existing peerDependency requirement (^3.0.0) and aligns with the PR's goal of version consistency across packages.

Let's verify compatibility with other dependencies:

✅ Verification successful

Version consistency verified across the monorepo

All packages using zod are aligned with version 3.23.8, either as a direct dependency or satisfying the peerDependency requirement of ^3.0.0. This consistent versioning across the monorepo ensures compatibility and prevents version conflicts.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if any other packages in the monorepo have conflicting zod versions
fd -t f "package.json" -x jq -r 'select(.dependencies.zod != null or .devDependencies.zod != null or .peerDependencies.zod != null) | "\(.name): dev=\(.devDependencies.zod) peer=\(.peerDependencies.zod) deps=\(.dependencies.zod)"'

Length of output: 712

packages/cli-v3/package.json (2)

124-124: Verify zod compatibility with dependencies

The upgrade of zod to 3.23.8 looks good and aligns with the PR objectives. However, let's verify compatibility with dependent packages.

✅ Verification successful

Zod version 3.23.8 is compatible with all dependencies

The upgrade to zod 3.23.8 is compatible with:

• zod-validation-error@1.5.0 which requires ^3.18.0
• @trigger.dev/sdk which requires ^3.0.0
• All other workspace packages are being upgraded to the same version 3.23.8

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check compatibility between zod and its dependent packages

# Check zod-validation-error's peer dependencies
curl -s https://registry.npmjs.org/zod-validation-error/1.5.0 | jq -r '.peerDependencies.zod'

# Find other potential zod dependencies in the workspace
fd package.json --exec jq -r 'select(.dependencies.zod or .peerDependencies.zod or .devDependencies.zod) | "\(.name): zod \(.dependencies.zod // .peerDependencies.zod // .devDependencies.zod)"'

Length of output: 577

---

Line range hint 137-145: Verify the exports field modification impact

The exports field has been restructured to use a more detailed format. While this change appears unrelated to the zod upgrade, it's important to verify it doesn't break existing imports.

✅ Verification successful

No impact from exports field modification

The exports field change is a non-breaking modification that maintains the same essential structure and paths. The changes are:

1. Both versions specify "./package.json": "./package.json"
2. Both versions maintain identical import paths for ESM:
   • Types: ./dist/esm/index.d.ts
   • Default: ./dist/esm/index.js

The only difference is a more explicit nesting structure in the new version, which is fully compatible with the existing imports found in the codebase.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for potential import statements that might be affected by the exports field change

# Search for import statements using this package
rg "from ['\"]trigger\.dev['\"]" -A 1

# Search for require statements using this package
rg "require\(['\"]trigger\.dev['\"]" -A 1

Length of output: 91

---

Script:

#!/bin/bash
# Let's check for any imports or requires using the package name from package.json
# First, get the package name
PACKAGE_NAME=$(jq -r '.name' packages/cli-v3/package.json)

# Search for imports using the package name
echo "=== Searching for imports of $PACKAGE_NAME ==="
rg "from ['\"]${PACKAGE_NAME}['\"]" -A 1

# Search for requires using the package name
echo "=== Searching for requires of $PACKAGE_NAME ==="
rg "require\(['\"]${PACKAGE_NAME}['\"]" -A 1

# Let's also examine the exports field changes by showing the package.json content
echo "=== Current exports field in package.json ==="
jq '.exports' packages/cli-v3/package.json

# Check for any import statements in the test files that might be affected
echo "=== Checking test files for imports ==="
fd -e test.ts -e test.js -e spec.ts -e spec.js --exec grep -l "${PACKAGE_NAME}"

Length of output: 1003

---

Script:

#!/bin/bash
# Let's examine the actual imports in the test files we found
echo "=== Checking imports in redis-worker queue test ==="
cat "./internal-packages/redis-worker/src/queue.test.ts"

echo "=== Checking imports in redis-worker worker test ==="
cat "./internal-packages/redis-worker/src/worker.test.ts"

echo "=== Checking imports in cli-v3 e2e test ==="
cat "./packages/cli-v3/e2e/e2e.test.ts"

echo "=== Checking imports in webapp authorization test ==="
cat "./apps/webapp/test/authorization.test.ts"

# Let's also check the previous version of package.json to compare exports field
echo "=== Previous exports field ==="
git show HEAD^:packages/cli-v3/package.json | jq '.exports'

Length of output: 40947

apps/webapp/package.json (3)

101-101: LGTM: Patch version update

The update of @trigger.dev/platform from 1.0.13 to 1.0.14 is a patch version bump, indicating only backwards-compatible bug fixes.

---

185-185: Review zod changelog for breaking changes

Please verify the changelog between versions 3.22.3 and 3.23.8 for any breaking changes or migration requirements.

✅ Verification successful

Based on the changelog analysis between versions 3.22.3 and 3.23.8, I can provide the final response:

No breaking changes that require immediate attention

The upgrade from 3.22.3 to 3.23.8 introduces several new features and improvements without any breaking changes to the public API. The only breaking changes mentioned are internal and affect ecosystem tools that rely on Zod internals:

1. Three new types added to ZodFirstPartySchemaTypes union (affects codegen libraries only)
2. Fixed a bug in .pick() and .omit() to reject unknown keys (improves type safety)

Notable improvements include:

• New string validation methods: .date(), .time(), .duration(), .base64()
• Enhanced datetime validation with local timezone support
• Improved discriminated unions support
• Various performance optimizations and bug fixes

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check zod changelog for breaking changes

# Fetch and analyze the changelog between versions
echo "Checking zod releases for breaking changes..."
gh api repos/colinhacks/zod/releases --paginate | jq -r '.[] | select(.tag_name | test("3\\.2[2-3]\\.[0-9]+")) | .body'

Length of output: 32847

---

185-187: Verify zod ecosystem compatibility

The upgrade of zod to version 3.23.8 requires verification of compatibility with related packages:

• @conform-to/zod
• zod-error
• zod-validation-error
• @internal/zod-worker

✅ Verification successful

Zod ecosystem compatibility verified

The upgrade to zod 3.23.8 is consistent across all packages in the monorepo, and the ecosystem packages show no compatibility issues:

• All internal packages are aligned on zod version 3.23.8
• @conform-to/zod at ^0.6.1 has no strict zod version requirements
• zod-error and zod-validation-error at 1.5.0 are compatible with zod 3.x
• No conflicting peer dependencies were found

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check compatibility between zod and its ecosystem packages

# Check for any compatibility issues mentioned in READMEs or package.json files
echo "Checking for compatibility information in zod-related packages..."
fd -t f "README.md|package.json" -x rg -l "(?i)compatibility|requires.*zod|peer.*zod"

# Check for potential version conflicts or breaking changes
echo "Checking zod version requirements in dependent packages..."
rg -l "\"zod\".*:.*\".*\"" 

Length of output: 982

---

Script:

#!/bin/bash
# Check specific version requirements in the dependent packages
echo "Checking zod version requirements in package.json files..."
rg '"zod".*:.*".*"' --no-filename --no-line-number packages/trigger-sdk/package.json internal-packages/zod-worker/package.json internal-packages/emails/package.json internal-packages/redis-worker/package.json packages/core/package.json apps/webapp/package.json apps/proxy/package.json

# Check for peerDependencies mentioning zod
echo -e "\nChecking for peerDependencies..."
rg '"peerDependencies".*\{.*\}' -A 5 packages/trigger-sdk/package.json internal-packages/zod-worker/package.json internal-packages/emails/package.json internal-packages/redis-worker/package.json packages/core/package.json apps/webapp/package.json apps/proxy/package.json

# Check specific version requirements for zod-related packages
echo -e "\nChecking version requirements for zod ecosystem packages..."
rg '"@conform-to/zod"|"zod-error"|"zod-validation-error"' --no-filename --no-line-number packages/trigger-sdk/package.json internal-packages/zod-worker/package.json internal-packages/emails/package.json internal-packages/redis-worker/package.json packages/core/package.json apps/webapp/package.json apps/proxy/package.json

Length of output: 1574

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[pkg-pr-new]

@trigger.dev/core

pnpm add https://pkg.pr.new/triggerdotdev/trigger.dev/@trigger.dev/core@1484

@trigger.dev/react-hooks

pnpm add https://pkg.pr.new/triggerdotdev/trigger.dev/@trigger.dev/react-hooks@1484

@trigger.dev/rsc

pnpm add https://pkg.pr.new/triggerdotdev/trigger.dev/@trigger.dev/rsc@1484

@trigger.dev/sdk

pnpm add https://pkg.pr.new/triggerdotdev/trigger.dev/@trigger.dev/sdk@1484

@trigger.dev/build

pnpm add https://pkg.pr.new/triggerdotdev/trigger.dev/@trigger.dev/build@1484

trigger.dev

pnpm add https://pkg.pr.new/triggerdotdev/trigger.dev@1484

commit: 5313b39