fix: bump zod-openapi to 5.4.6 with discriminated-union regression test (supersedes #151)#162
Merged
Merged
Conversation
Pin zod to 4.1.13 (where discriminated unions began emitting anyOf instead of oneOf) and add a test that calls generateOpenApiDocument on a router with a discriminated union input. With zod-openapi 5.4.2 the test fails with "Cannot convert undefined or null to object" in JSONSchemaGenerator.override, matching the stack trace in #151. Verified the test passes after bumping zod-openapi to 5.4.5, which is what #151 proposes. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Resolves the crash demonstrated in the previous commit. zod-openapi 5.4.4 fixes the discriminated union override path (reading anyOf instead of oneOf), 5.4.5 fixes type declarations, and 5.4.6 addresses additional Zod 4.3+ "cannot be represented in OpenAPI" compatibility issues. Also relaxes the zod devDep pin to ^4.1.13 so the test continues to exercise the previously-broken code path while allowing forward minor upgrades. Snapshot update is upstream zod behavior: the v4.1 UUID regex now includes the max UUID (ffffffff-ffff-ffff-ffff-ffffffffffff). Supersedes #151. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
mcampa
force-pushed
the
repro/discriminated-union-crash
branch
from
c3b650b to
8060c5b
Compare
There was a problem hiding this comment.
Pull request overview
This PR updates the development dependency stack (zod + zod-openapi) to avoid a known zod-openapi crash when generating OpenAPI docs for routers whose inputs contain Zod discriminated unions, and adds a regression test to ensure document generation remains stable for that case.
Changes:
- Bump
zod-openapidevDependency to5.4.6andzoddevDependency to^4.1.13. - Add a regression test ensuring
generateOpenApiDocumentdoes not throw when a procedure input includes a discriminated union. - Regenerate affected Jest snapshots due to upstream Zod UUID-regex changes.
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| test/generator.test.ts | Updates snapshots and adds a discriminated-union crash regression test around generateOpenApiDocument. |
| package.json | Bumps devDependencies for zod and zod-openapi to versions that include the upstream crash fix. |
| pnpm-lock.yaml | Updates the lockfile to reflect the new zod and zod-openapi versions. |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
5.4.0–5.4.3 crash when generating OpenAPI docs for routers with discriminated union inputs on zod >=4.1.13 (see #151). Tightening the peer dep prevents consumers from installing a known-broken range. Addresses Copilot review on #162. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Owner
Author
|
Addressed in eda684b — raised the |
mcampa
added a commit
that referenced
this pull request
May 22, 2026
- feat: contact/license fields on GenerateOpenApiDocumentOptions (#157) - feat: support zod v3 (>=3.25) alongside v4 via zod/v4 permalink (#161) - fix: bump zod-openapi to 5.4.6 and raise peer dep to ^5.4.4 to prevent the discriminated-union crash on zod >=4.1.13 (#162) - fix: add x-${string} index signature to contact/license types (#160) - chore: bump h3 to ^1.15.5 (#159) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Supersedes #151 by adding a regression test alongside the version bump.
Background
zod 4.1.13 changed how discriminated unions are serialized to JSON Schema — they now emit `anyOf` instead of `oneOf`. zod-openapi 5.4.0–5.4.3 still expected `oneOf` in its schema-override path, so calling `generateOpenApiDocument` on any router with a discriminated union input would crash:
```
TypeError: Cannot convert undefined or null to object
at Function.entries ()
at override (zod-openapi/dist/components-…cjs:231:39)
at JSONSchemaGenerator.override (…:398:4)
```
zod-openapi 5.4.4 fixed this (samchungy/zod-openapi#556). 5.4.5 added type-declaration fixes. 5.4.6 addresses additional Zod 4.3+ "cannot be represented in OpenAPI" compatibility issues.
Changes
Two snapshots were regenerated because zod 4.1.x's `z.string().uuid()` regex now accepts the max UUID (`ffffffff-ffff-ffff-ffff-ffffffffffff`) — pure upstream change, no behavior shift in this package.
Test plan
🤖 Generated with Claude Code