breaking: Bump zod from v3 to v4 and sveltekit-superforms from 2.27.4 to 2.29.1 (#3067)

[KATO-Hiro]

close #3067

Summary by CodeRabbit

• Chores
  • Updated Zod to version 4.3.5 and sveltekit-superforms to version 2.29.1 for improved form validation and stability.
  • Standardized form validation error reporting structure for consistency.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This PR upgrades Zod to version 4.3.5 and sveltekit-superforms to 2.29.1. It includes a comprehensive migration plan document, updates package dependencies, replaces the zod adapter with zod4 throughout the codebase, and updates validation schemas to use the new error property structure required by Zod 4.

Changes

Cohort / File(s)	Summary
Migration Plan Documentation docs/dev-notes/2026-01-19/bump-zod-and-sveltekit-superforms/plan.md	Comprehensive upgrade plan detailing background, destructive changes, phased implementation strategy (Phase 1–5), testing plan, validation checklist, references, and post-migration lessons for Zod and sveltekit-superforms migration
Dependencies package.json	Updated dev dependencies: sveltekit-superforms 2.27.4 → 2.29.1 and zod 3.25.76 → 4.3.5
Validation Schemas src/lib/zod/schema.ts	Standardized error reporting across authSchema, accountSchema, accountTransferSchema, workBookTaskSchema, and workBookSchema by replacing message property with error property in validation definitions
Adapter Migrations (Source) src/lib/utils/auth_forms.ts, src/routes/(admin)/account_transfer/+page.server.ts, src/routes/workbooks/create/+page.server.ts, src/routes/workbooks/edit/[slug]/+page.server.ts	Replaced zod adapter imports and superValidate calls with zod4 adapter from sveltekit-superforms across multiple form validation contexts
Adapter Migrations (Tests) src/test/lib/utils/auth_forms.test.ts	Updated mock module exports and imports to use zod4 adapter instead of zod in test fixtures

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 Zod hops forward, version four so grand,
With sveltekit-superforms leading the band,
Error messages error, adapters adapt,
Schemas now gleaming, perfectly mapped.
A planned migration, carefully done—
Modern dependencies, secured and fun! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main changes: upgrading zod from v3 to v4 and sveltekit-superforms from 2.27.4 to 2.29.1, matching the substantial changes throughout the changeset.
Linked Issues check	✅ Passed	The PR successfully addresses the linked issue #3067 by upgrading zod to v4 and sveltekit-superforms to 2.29.1 to mitigate security concerns, with comprehensive code adaptations and schema updates.
Out of Scope Changes check	✅ Passed	All changes are directly related to the dependency upgrade objective: package.json updates, adapter migrations from zod to zod4, schema error key standardization, and test updates align with the breaking change requirements.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Docstrings were successfully generated.

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 markdownlint-cli2 (0.18.1)

docs/dev-notes/2026-01-19/bump-zod-and-sveltekit-superforms/plan.md

markdownlint-cli2 v0.18.1 (markdownlint v0.38.0)
Finding: docs/dev-notes/2026-01-19/bump-zod-and-sveltekit-superforms/plan.md
Linting: 1 file(s)
Summary: 2 error(s)
Error: EACCES: permission denied, open '/markdownlint-cli2-results.json'
at async open (node:internal/fs/promises:640:25)
at async Object.writeFile (node:internal/fs/promises:1214:14)
at async Promise.all (index 0)
at async outputSummary (file:///usr/local/lib/node_modules/markdownlint-cli2/markdownlint-cli2.mjs:877:5)
at async main (file:///usr/local/lib/node_modules/markdownlint-cli2/markdownlint-cli2.mjs:1053:25)
at async file:///usr/local/lib/node_modules/markdownlint-cli2/markdownlint-cli2-bin.mjs:12:22 {
errno: -13,
code: 'EACCES',
syscall: 'open',
path: '/markdownlint-cli2-results.json'
}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Note

Docstrings generation - SUCCESS
Generated docstrings for this pull request at #3070

[KATO-Hiro]

LGTM