Sourced from zod's releases.

v4.1.0

The first minor version since the introduction of Zod 4 back in May. This version contains a number of features that barely missed the cut for the 4.0 release. With Zod 4 stable and widely adopted, there's more time to resume feature development.

Codecs

This is the flagship feature of this release. Codecs are a new API & schema type that encapsulates a bi-directional transformation. It's a huge missing piece in Zod that's finally filled, and it unlocks some totally new ways to use Zod.

const stringToDate = z.codec(
  z.iso.datetime(),  // input schema: ISO date string
  z.date(),          // output schema: Date object
  {
    decode: (isoString) => new Date(isoString), 
    encode: (date) => date.toISOString(),
  }
);

New top-level functions are added for processing inputs in the forward direction ("decoding") and backward direction ("encoding").

z.decode(stringToDate, "2025-08-21T20:59:45.500Z")
// => Date
z.encode(stringToDate, new Date())

// => "2025-08-21T20:59:45.500Z"

For bundle size reasons, these are only available as top-level functions instead of methods.

To parse data in the "forward" direction (AKA decode), you can continue using the existing .parse method/function. Alternatively you can use the new top-level z.decode function:

stringToDate.parse("2024-01-15T10:30:00.000Z"); // method form
z.parse(stringToDate, "2024-01-15T10:30:00.000Z"); // functional form
// => Date
z.decode(stringToDate, "2024-01-15T10:30:00.000Z")

// => Date

While z.decode() behaves identically to z.parse() in the example above, its inputs are strongly typed . That is, it expects an input of type string, whereas .parse() accepts unknown.

z.parse(stringToDate, Symbol('not-a-string')); // functional form
// => fails at runtime, but no TypeScript error
z.decode(stringToDate, Symbol("not-a-string"));

//                     ^ ❌ Argument of type 'symbol' is not assignable to parameter of type 'Date'. ts(2345)

... (truncated)

• 2ca716d v4.1.0
• cb840dd Update uint8array util return types
• 699198c Update lockfile
• 456dfe3 Restore ts5.5 dependency
• 980e14c Clean up types loading
• 60c8e3f v4.1.0
• 019c370 Zod 4.1 (#5130)
• c6a0ca3 Update sponsors
• ff89187 Resizing
• c3097f6 Update perms
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)