[zod-openapi] `null` and `undefined` types casted as strings for `multipart/form-data`

[askorupskyy]

Which middleware has the bug?

@hono/zod-openapi

What version of the middleware?

0.18.3

What version of Hono are you using?

4.6.19

What runtime/platform is your app running on? (with version if possible)

Node

What steps can reproduce the bug?

Consider the following route definition:

const update = createRoute({
  method: 'patch',
  path: '/{id}',
  tags: [BASE_TAG],
  request: {
    params: IdSchema,
    body: {
      content: { 'multipart/form-data': { schema: z.object({ passcode: z.string().nullable().optional() }) } },
    },
  },
  responses: {
    201: {
      description: 'Successfully updated entity',
      content: { 'application/json': { schema: z.null() } },
    },
    401: createGenericResponse('Unauthorized'),
  },
});

The router handler correctly inherits the type of the passcode variable:

const { passcode } = c.req.valid('form'); // (property) passcode?: string | null | undefined

In runtime, however, passcode is always casted to string, aka "undefined" or "null". This has caused bugs in runtime.

What is the expected behavior?

Should be casted to proper JS type: null or undefined

What do you see instead?

Instead see these types as strings: "undefined"

Additional information

In my Node.js REPL i've verified this is not Zod-related and the objects are being validated properly:

> const { z } = await import('zod');
> const passcodeSchema = z.object({ passcode: z.string().nullable().optional() });
> passcodeSchema.safeParse({passcode: null});
{ success: true, data: { passcode: null } }
> passcodeSchema.safeParse({passcode: undefined});
{ success: true, data: { passcode: undefined } }
> passcodeSchema.safeParse({passcode: '123123'});
{ success: true, data: { passcode: '123123' } }