Changelog

June 20, 2026

5.14.21

(fix): Fix pyproject.toml distribution name for github-output SDKs without a PyPI publish target to prefer config.package_name over the organization name. Also use output_mode.version instead of hardcoding 0.0.0.

June 17, 2026

5.14.20

(chore): Bump the Python SDK generator container’s base image from python:3.13.7-slim to python:3.13.14-slim to pull in CPython security fixes, clearing CVE-2025-13836, CVE-2026-3644, and CVE-2026-4224 (plus several lower-severity CPython advisories).

June 16, 2026

5.14.19

(fix): Bump aiohttp lower bound from >=3.14.0 to >=3.14.1 to fix CVE-2026-54274.

June 15, 2026

5.14.18

(fix): Fixed the generated legacy wire test conftest.py so the test suite no longer fails when no mock server is configured. The client fixtures now skip wire tests when TESTS_BASE_URL is unset (instead of issuing requests to an invalid URL), and the conftest re-declares the hook that auto-skips @pytest.mark.aiohttp tests when the optional httpx_aiohttp dependency is not installed.

5.14.17

(fix): Fix OAuth token provider to use correct parameter names from request-properties mapping for custom OAuth endpoints, and pass additional required parameters (scopes, custom properties) through the client constructor to the token provider.

(fix): Enforce required additional OAuth parameters with an explicit runtime check that raises an ApiError instead of assert, so the validation is not stripped under Python’s optimized mode (-O).

5.14.16

(fix): Fix discriminated union snippet generation to include base properties (e.g. extra, tags) inherited from the union’s base type. Also fix conftest generation to skip non-string constructor parameters like headers from os.getenv() wrapping.

June 12, 2026

5.14.15

(chore): Bump bundled @fern-api/generator-cli to 0.9.39 (Replay 0.18.0) for more reliable customization detection during regeneration.

June 11, 2026

5.14.14

(fix): Add MAX_LINE_SIZE guard (1 MiB) to SSE iter_sse/aiter_sse to prevent unbounded memory growth from non-newline-terminated streams (GHSA-7w2x-r9r4-7v8r).

June 10, 2026

5.14.13

(fix): Fix mypy errors in raw client for stream-condition endpoints by removing @contextmanager decorator and correcting overload return types.

June 8, 2026

5.14.12

(chore): Bump pip from 26.1 to 26.1.2 in the container to fix CVE-2026-8643 (directory traversal via malicious wheel entry-point names).

June 4, 2026

5.14.11

(chore): Bump aiohttp lower bound from >=3.13.4 to >=3.14.0 and tighten Python marker to >=3.10 to address CVE-2026-47265 and CVE-2026-47266.

June 3, 2026

5.14.10

(fix): Fix the typing of endpoints that extract a property from an optional response body. The HttpResponse/AsyncHttpResponse generic (and the corresponding client return type) is now wrapped in Optional when the underlying response body resolves to an optional type, so an empty response (data=None) no longer fails type checking.

(fix): Fix the generated OAuth token provider to respect the auth scheme’s request-properties mapping. The token endpoint is now invoked using the actual request parameter names (e.g. username/password or custom names) instead of always hard-coding client_id/client_secret.

5.14.9

(fix): Fix generation failure in output_directory: source-root mode by skipping poetry lock and ruff commands that require a pyproject.toml which is not emitted in source-root mode.

(fix): Fix duplicate __root__ field declaration in Pydantic v1 discriminated unions with include_union_utils: true.

5.14.10

5.14.9

(fix): Fix generation failure in output_directory: source-root mode by skipping poetry lock and ruff commands that require a pyproject.toml which is not emitted in source-root mode.

(fix): Fix duplicate __root__ field declaration in Pydantic v1 discriminated unions with include_union_utils: true.