Update package.json for zod to 3.22.3 or greater #330
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https://github.com/colinhacks/zod/releases/tag/v3.22.3 Fixes #2609 The current regex used for email validation contains "catastrophic backtracking", specifically ([A-Z0-9_+-]+\.?)*. This gets evaluated inefficiently by JS, resulting in an exponential increase in execution time for failed matches. This can be replicated easily - here's execution time against ^([A-Z0-9_+-]+\.?)*[A-Z0-9_+-]@([A-Z0-9][A-Z0-9\-]*\.)+[A-Z]{2,}$
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
|
Hi! Thanks for taking the time to raise this issue and submit a PR! I was actually just working on a fix for this so I pushed those changes into this PR. Unfortunately, we can't limit people from using zod versions less than 3.22.2, but we can update the peer dep to support it for those who are patching their zod dependency. I also updated our zod dependency internally to the most recent version that doesn't suffer from #320. |
|
It also looks like withZod will have to be updated to support some change in zod's types. |
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://github.com/colinhacks/zod/releases/tag/v3.22.3
Fixes #2609
The current regex used for email validation contains "catastrophic backtracking", specifically ([A-Z0-9_+-]+.?)*. This gets evaluated inefficiently by JS, resulting in an exponential increase in execution time for failed matches.
This can be replicated easily - here's execution time against ^([A-Z0-9_+-]+.?)[A-Z0-9_+-]@([A-Z0-9][A-Z0-9-].)+[A-Z]{2,}$