Sourced from sveltekit-superforms's releases.

v2.29.1

Fixed

• Fixed TypeScript type inference for discriminated unions in ValidationErrors. #653
• Fixed FormData parsing for discriminated unions, so they work properly without requiring dataType: 'json'. #655
• reset() function didn't preserve tainted state for fields that are not being reset when using partial data. #656
• Fixed FormData parsing incorrectly coercing empty strings to literal values (e.g., z.literal("bar")). Empty strings now properly fail validation instead of being replaced with the literal value. #664
• Fixed ReferenceError when using customValidity with validateForm({ update: true }). #669

Changed

• Replaced deprecated @finom/zod-to-json-schema with zod-v3-to-json-schema. #660
• Migrated Valibot adapter to use the official @valibot/to-json-schema package. #668

v2.28.1

Fixed

• Zod 4 adapter: Allow top-level .transform() and .refine() in schemas. #646.
• Zod 4 adapter now respects global customError configuration when no explicit error map is provided. The adapter prioritizes customError over localeError. #618.
• Zod 4 adapter: Fixed Default Date values in nested objects. #650.

v2.28.0

Changed

• TypeBox adapter has been bumped to 1.0! Check the migration guide to upgrade. Note that if you must stay on 0.x for a while, you cannot upgrade to this version of Superforms.

Added

• Added support for Zod 4 stringbools. #610
• booleanProxy now supports the empty option.

Fixed

• Fixed loading timers when the timeoutMS setting is triggered and a redirect response is returned. #622
• filesStore initialValue now matches fileStore. #637
• Fixed JSON Schema for some non-representable types in Zod 4 adapter, it now handles set and map properly. #617
• Possibly fixed the SuperDebug broken import on Svelte 5 in enforced runes mode #599
• Zod 4 error messages should now take the current locale into account as default. #618, #639
• Zod 3 fix for URL parsing - A default boolean value of true returned false when parsing a URL with superValidate. #633

Sourced from sveltekit-superforms's changelog.

[2.29.1] - 2025-12-16

Fixed

• Fixed TypeScript type inference for discriminated unions in ValidationErrors. #653
• Fixed FormData parsing for discriminated unions, so they work properly without requiring dataType: 'json'. #655
• reset() function didn't preserve tainted state for fields that are not being reset when using partial data. #656
• Fixed FormData parsing incorrectly coercing empty strings to literal values (e.g., z.literal("bar")). Empty strings now properly fail validation instead of being replaced with the literal value. #664
• Fixed ReferenceError when using customValidity with validateForm({ update: true }). #669

Changed

• Replaced deprecated @finom/zod-to-json-schema with zod-v3-to-json-schema. #660
• Migrated Valibot adapter to use the official @valibot/to-json-schema package. #668

[2.28.1] - 2025-10-19

Fixed

• Zod 4 adapter: Allow top-level .transform() and .refine() in schemas. #646.
• Zod 4 adapter now respects global customError configuration when no explicit error map is provided. The adapter prioritizes customError over localeError. #618.
• Zod 4 adapter: Fixed Default Date values in nested objects. #650.

[2.28.0] - 2025-10-19

Changed

• TypeBox adapter has been bumped to 1.0! Check the migration guide to upgrade. Note that if you must stay on 0.x for a while, you cannot upgrade to this version of Superforms.

Added

• Added support for Zod 4 stringbools. #610
• booleanProxy now supports the empty option.

Fixed

• Fixed loading timers when the timeoutMS setting is triggered and a redirect response is returned. #622
• filesStore initialValue now matches fileStore. #637
• Fixed JSON Schema for some non-representable types in Zod 4 adapter, it now handles set and map properly. #617
• Possibly fixed the SuperDebug broken import on Svelte 5 in enforced runes mode #599
• Zod 4 error messages should now take the current locale into account as default. #618, #639
• Zod 3 fix for URL parsing - A default boolean value of true returned false when parsing a URL with superValidate. #633

• 22319df 2.29.1 changelog
• c1b4430 2.29.1
• 9408124 Incorrect dependency fix
• 887aeb6 2.29.0
• ce701fb 2.29.0 changelog
• 58b41b1 Linter
• fbbdb90 Fixed build warning
• 44a40c6 Fixed SvelteKit reference warnings
• 12bb4d5 Using pnpm 10 for build
• f7c87d8 Package updates
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)