Zod vulnerability issue with current astro version? | Astro Lounge | Page 1

covert basin Oct 23, 2023, 4:19 AM

#

Hi there, I’ve run into some issues while updating my project to the latest astro version with this kind of setup:

    "@sanity/astro": "1.3.0",
    "@sanity/image-url": "1.0.2",
    "astro": "^3.3.2",
    "astro-portabletext": "0.9.4",
    "sass": "1.68.0"
  }```

And it appears that a direct dependency of astro called [zod](https://www.npmjs.com/package/zod) isn’t compatible and wants astro to revert to version 2.10.15.
I’m not that familiar with terminals and dependencies but this seems kind of odd to me.
Do you have any ideas of how to solve this conflict? Any kind of input is greatly appreciated. Thanks for your help :)

npm

zod

TypeScript-first schema declaration and validation library with static type inference. Latest version: 3.22.4, last published: 19 days ago. Start using zod in your project by running npm i zod. There are 5622 other projects in the npm registry using zod.

rancid martenBOT Oct 23, 2023, 5:30 AM

#

Still waiting for an answer?

It looks like no-one has responded to your question yet. People might not be available right now or don’t know how to answer your question. Want an answer while you wait? Try asking our experimental bot in #1095492539085230272.

agile dagger Oct 23, 2023, 8:30 AM

#

if you're using npm, you can use the overrides field (https://docs.npmjs.com/cli/v8/configuring-npm/package-json#overrides)

{
  "overrides": {
    "zod": "3.22.4"
  }
}

the vulnerability shouldn't exist in Astro, but if you want to remove the warning, you can add the above override to your package.json

covert basin Oct 23, 2023, 10:52 AM

#

Zod vulnerability issue with current astro version?

covert basin Oct 23, 2023, 10:53 AM

#

agile dagger if you're using `npm`, you can use the `overrides` field (<https://docs.npmjs.co...

okk good to know. I'll try that

#Zod vulnerability issue with current astro version?