fix: ensure zod v3 is used to avoid issues during parameterized tool calls

[MrManny]

This pull request addresses dependency management and bug fixes. The most important changes include the addition of a peer dependency for zod, a bug fix for parameterized tool calls, and a minor adjustment to the version specifier for zod-to-json-schema.

Dependency management:

• Added zod as a peer dependency in package.json to ensure compatibility with consumers of the package.
• Changed the version specifier for zod-to-json-schema from caret (^) to tilde (~) in package.json for more controlled updates.

Bug fix:

• Fixed an issue that could provoke errors during parameterized tool calls in some circumstances, as noted in CHANGELOG.md.

Fixes #245, #246

[github-actions]

📦 Package.json Changes Detected

This PR modifies package.json. Please review the following changes carefully, and tick the following checklist boxes:

Checklist for Reviewers

• Verify that new and/or updated dependencies are necessary and from trusted sources
• Review any script changes for (security) implications
• Verify whether a new version should be released after merging the PR

Package.json Diff

diff --git a/package.json b/package.json
index d7701aa..47083a8 100644
--- a/package.json
+++ b/package.json
@@ -58,7 +58,7 @@
     "dotenv": "^17.2.1",
     "dt-app": "^0.148.1",
     "open": "^8.4.2",
-    "zod-to-json-schema": "^3.24.5"
+    "zod-to-json-schema": "~3.24.5"
   },
   "devDependencies": {
     "@types/jest": "^30.0.0",
@@ -69,5 +69,8 @@
     "ts-jest": "^29.4.0",
     "ts-node": "^10.9.2",
     "typescript": "^5.6.2"
+  },
+  "peerDependencies": {
+    "zod": "^3.23.8"
   }
 }

---

This comment was automatically generated by the PR Package.json Comment workflow.

[MrManny]

I am not 100% sure I need to restrict the allowed version range of zod-to-json-schema as well as pin zod in peerDependencies, but I'm following the good ol' zombie movie rule of always double-tapping.

[Copilot]

Pull Request Overview

This PR addresses dependency management issues related to zod version incompatibility that could cause errors during parameterized tool calls. The changes ensure proper version constraints to prevent conflicts between the package's direct use of zod and transitive dependencies.

Key changes:

• Added zod as a peer dependency to ensure consumers install a compatible version
• Changed zod-to-json-schema version specifier from caret to tilde for more controlled patch updates
• Updated changelog to document the bug fix

Reviewed Changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.

File	Description
package.json	Added zod peer dependency (^3.23.8) and restricted zod-to-json-schema to patch updates (~3.24.5)
package-lock.json	Updated lockfile to reflect the new version constraint for zod-to-json-schema
CHANGELOG.md	Added entry documenting the fix for parameterized tool call errors

[MrManny]

@christian-kreuzberger-dtx if this is fine and merged, I recommend a patch-level release

[christian-kreuzberger-dtx]

LGTM (btw, the culprit is zod-to-json-schema "allowing" zod v4, which breaks everything; this is also known to modelcontextprotocol SDK devs already, they are working on a fix: modelcontextprotocol/typescript-sdk#1040 )