1.41.1
(chore): Patch Go SDK + Go model generator container CVEs flagged in the AWS ECR /
grype scan. Bump the Go base image to golang:1.26.3-alpine3.23, refresh
apk upgrade, and patch npm’s bundled picomatch@4.0.3 -> 4.0.4 and
brace-expansion@5.0.4 -> 5.0.5 via tarball replacement so the published
image no longer ships the vulnerable bundled JS dependencies that grype
flags. Also drop the internal/testdata/** test fixtures and clear the
/go/pkg/mod + /root/.cache/go-build build caches from the runtime
image so grype no longer scans them as a source of stale yaml.v3 and
golang.org/x/net pseudo-versions that are not actually linked into
/fern-go-sdk.
1.41.0
(feat): Add a With<AuthToken>Func option for bearer auth that accepts a func() (string, error) callable.
The callable is evaluated at request time when no static token is set, matching the callable
auth behavior available in the Python and TypeScript SDK generators.
1.40.4
(chore): Bump the Go SDK and Go model generator containers’ Node base image from
node:22.22-alpine3.23 to node:24.15-alpine3.23. Aligns the generators
with the rest of the Fern generator containers on a single Node major
version (Node 24) and picks up Node 24’s CVE patches. The existing
npm pack <pkg>@latest loop that swaps in patched ip-address,
brace-expansion, and picomatch is retained because npm pack @latest
continues to resolve the same fixed releases on Node 24.
1.40.3
(chore): Bump generator container Node.js base image to node:22.22-alpine3.23 and
apply latest Alpine package security updates at build time.
1.40.2
(chore): Bumped the Node stage of the go-sdk container from
node:22.12-alpine3.20 to node:22.22-alpine3.22 (Node 22.22.2) and
replaced the still-vulnerable copies of ip-address (10.1.0 -> 10.2.0),
brace-expansion (2.0.2 -> 5.0.5), and picomatch (4.0.3 -> 4.0.4)
bundled inside npm’s node_modules to remediate the CVEs flagged by
Grype. No runtime behavior changes.
1.40.1
(fix): Apply canonical “all user-specified examples, else first autogenerated” selection
in the Go v2 SDK snippet output path. Aligns the v2 generator’s snippet.json /
README example selection with the existing v1 behavior so dynamic-IR-driven
snippets are deterministic across runs.
1.40.0
(feat): Generate CONTRIBUTING.md for Go SDKs.
1.39.2
(fix): Fix wire test generator using hard-coded WithToken for bearer auth
instead of deriving the option function name from the IR token name.
APIs that name their bearer token field something other than token
(e.g. authToken) now generate the correct option call (e.g.
option.WithAuthToken) in both wire tests and README snippets.
1.39.1
(fix): Fix OAuth token endpoint to use application/x-www-form-urlencoded content type.
Per RFC 6749 §4.4.2, the OAuth 2.0 client credentials token request must be
form-encoded. The generated raw_client.go now emits the correct Content-Type
header for the token endpoint instead of application/json.
(fix): Fix wire test generation for endpoints with service-level base-path parameters.
The wiremock mapping now includes service and root path parameters alongside
endpoint path parameters, so test verification URLs use actual example values
instead of URL-encoded placeholder syntax.
1.39.0
(feat): Add retryStatusCodes config with "legacy" and "recommended" modes. Legacy (default)
preserves current behavior (408, 429, >= 500). Recommended retries only transient
codes (408, 429, 502, 503, 504), avoiding idempotency issues with 500. A 1.0.0
migration auto-pins legacy for upgrading users.
1.38.3
(chore): Only generate EncodeQueryValues on undiscriminated unions that are reachable from a query parameter position, instead of on every union.
1.38.2
(fix): Generate an EncodeQueryValues method on undiscriminated unions so they are no longer silently dropped when used as query parameters.
1.38.1
(fix): Fix casing bug where a single-letter uppercase word between a lowercase word and a
PascalCase word (e.g. the I in WhoAmIResponseData) was merged into the following
word, producing WhoAmIresponseData. splitWords now matches lodash’s words()
behaviour and tokenizes this as Who|Am|I|Response|Data.
1.38.0
(feat): Use auth scheme placeholder values in README snippets when configured via
placeholder field on auth schemes.
1.37.0
(feat): Add clientDefault support for headers, query parameters, and path
parameters. When a parameter has a clientDefault value (set via the
x-fern-default OpenAPI extension), the generated SDK uses that value
as a fallback when the caller does not provide one. Parameters with
clientDefault become optional in the client constructor and endpoint
signatures.
1.36.0
(feat): Support omitting username or password from basic auth when configured via
usernameOmit/passwordOmit in the IR. When a field is omitted, it is
removed from the SDK’s public API (WithBasicAuth takes fewer arguments)
and an empty string is used internally for the auth header encoding. When
both fields are omitted, the WithBasicAuth call and Authorization header
are skipped entirely.
1.35.1
(chore): Bump @fern-api/generator-cli to 0.9.11. The GitHub pipeline step now creates
signed commits via the GitHub REST API (matching fiddle’s legacy InMemoryGitRepo
push path), restoring verified fern-api[bot] commits on replay-enabled orgs.
1.35.0
(feat): Add offsetSemantics config option. When set to "item-index", offset pagination increments by the number of items returned each page instead of by 1 ("page-index", the default).
1.34.12
(fix): Fix wire test verification for endpoints with multi-value array query parameters.
1.34.11
(chore): Add crash reporting via Sentry to the generator runtime, and classify
thrown errors using the new shared GeneratorError taxonomy so user-facing
failures (config, validation, auth, network, environment) are kept distinct
from internal Fern bugs — only the latter are forwarded to Sentry. No
change to generated output.
