fix(deps): bump zod from 3.25.76 to 4.1.1

[dependabot]

Bumps zod from 3.25.76 to 4.1.1.

Release notes

Sourced from zod's releases.

v4.1.1

Commits:

• 648eb43c23e31f7d69ef09baba46aef4e9493b13 Remove codecs from sidebare
• 7e39a99a88a9b7f0c9c3d5fd40fbbab494365c9a Improve codec docs
• e5085beb2653f1d05a14c07c79b6f3707daf09f6 Add images
• 028b289a48f5589dca58b0b813a5a9f9e363a40b Add methods
• 10cc9941daeb28b6be5be7327e034c3388d8e60b 4.1.1

v4.1.0

The first minor version since the introduction of Zod 4 back in May. This version contains a number of features that barely missed the cut for the 4.0 release. With Zod 4 stable and widely adopted, there's more time to resume feature development.

Codecs

This is the flagship feature of this release. Codecs are a new API & schema type that encapsulates a bi-directional transformation. It's a huge missing piece in Zod that's finally filled, and it unlocks some totally new ways to use Zod.

const stringToDate = z.codec(
  z.iso.datetime(),  // input schema: ISO date string
  z.date(),          // output schema: Date object
  {
    decode: (isoString) => new Date(isoString), 
    encode: (date) => date.toISOString(),
  }
);

New top-level functions are added for processing inputs in the forward direction ("decoding") and backward direction ("encoding").

stringToDate.decode("2025-08-21T20:59:45.500Z")
// => Date
stringToDate.encode(new Date())
// => "2025-08-21T20:59:45.500Z"

Note — For bundle size reasons, these new methods have not added to Zod Mini schemas. Instead, this functionality is available via equivalent top-level functions.

// equivalent at runtime
z.decode(stringToDate, "2024-01-15T10:30:00.000Z");
z.encode(stringToDate, new Date());

.parse() vs .decode()

Both .parse() and decode() process data in the "forward" direction. They behave identically at runtime.

</tr></table> 

... (truncated)

Commits

• 10cc994 4.1.1
• 028b289 Add methods
• e5085be Add images
• 7e39a99 Improve codec docs
• 648eb43 Remove codecs from sidebare
• 2ca716d v4.1.0
• cb840dd Update uint8array util return types
• 699198c Update lockfile
• 456dfe3 Restore ts5.5 dependency
• 980e14c Clean up types loading
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

🤖 AI Code Review Analysis

📁 Files Changed:

• package.json

🔒 Security Analysis:

✅ No obvious security issues detected

🎯 Code Quality Analysis:

✅ Code follows StreamVault conventions

⚡ Performance Analysis:

✅ No obvious performance issues detected

🎬 StreamVault Specific Analysis:

🔐 Authentication code detected - Ensure proper security measures
📹 Streaming code detected - Verify performance optimizations
💳 Payment code detected - Ensure PCI compliance and security

📋 Recommendations:

• Run tests locally before pushing
• Update documentation if API changes
• Consider accessibility implications
• Test on multiple devices/browsers
• Review Core Web Vitals impact

---

🤖 This review was generated by GitHub Copilot AI. Please review suggestions carefully.

[github-actions]

🤖 AI-Assisted Code Review

🔒 Security Analysis (via CodeQL):

✅ CodeQL scan complete. View security alerts for this PR

🎯 Code Quality Analysis (via ESLint & TypeScript):

✅ No critical ESLint errors found.
⚠️ TypeScript errors detected. Please run pnpm type-check locally to see details.

🎬 StreamVault Specific Reminders:

• Authentication: Have you tested all user roles (viewer, streamer, admin)?
• Payments: If you touched Stripe code, did you test the webhook signature?
• Storage: Are new GCS interactions covered by security rules and signed URLs?