1.12.11
(fix): Dynamic snippets now render path-parameter arguments in IR (URL / SDK signature) order
rather than in the order they happen to appear in the input request, so generated
examples line up with the actual SDK method signature even when the spec lists path
parameters in a different order.
1.12.10
(chore): Bump addressable from 2.8.10 to 2.9.0 in the ruby-v2 SDK generator
container to clear CVE-2026-35611 (ReDoS in URI template expansion).
Switch the post-install cleanup to gem cleanup so older 2.8.x copies
dragged in by rubocop’s dependency graph are dropped from the final
image. rexml stays pinned at 3.4.4 (past the 3.3.6 CVE-2024-49761
fix). Also strip the vendored Gemfile.lock files inside cached
gems (lint_roller, rbs, typeprof, unicode-emoji) so grype stops
reading their pinned rexml / rdoc / addressable versions as
installed packages.
1.12.9
(fix): Stop launching WireMock with --global-response-templating in generated
wire-test docker-compose.test.yml. Response examples containing literal
{{...}} are now served verbatim instead of being passed through
WireMock’s Handlebars transformer, which would fail to resolve them as
helpers and return 500.
1.12.8
(fix): Fix Layout/EmptyComment RuboCop offense emitted for types with no
description. The AST Comment node now skips writing when docs is
empty or whitespace-only, so undocumented model classes no longer
produce a bare # line above their class definition.
1.12.7
(fix): Fix Layout/EmptyComment RuboCop offense emitted for types with no
description. The AST Comment node now skips writing when docs is
empty or whitespace-only, so undocumented model classes no longer
produce a bare # line above their class definition.
1.12.6
(chore): Patch Ruby SDK generator container CVEs flagged in the AWS ECR / grype
scan. Remove the unused erb-4.0.3, net-imap-0.4.21, addressable-2.8.5,
rexml-3.2.5, and rexml-3.2.6 gem directories (in addition to the
gemspec stubs) and install patched addressable-2.8.10 + rexml-3.4.4,
so grype no longer reports the vulnerable versions vendored alongside
Ruby 3.3’s default gems and the rubocop dependency graph.
1.12.5
(chore): Bump ruby-v2 model container Ruby base image to ruby:3.3-alpine3.23 (matching
the ruby-v2 SDK container) and apply latest Alpine package security updates at
build time.
1.12.4
(chore): Remediate container vulnerabilities flagged by the May 2026 Grype scan of the
fernapi/fern-ruby-sdk image. Bumps the base image from ruby:3.3-alpine3.20
(EOL) to ruby:3.3-alpine3.23, picking up updated openssl, musl, busybox,
zlib, curl, git, c-ares, ada-libs, sqlite-libs, and a Ruby 3.3.11 with newer
default gems (resolv, zlib, rexml, uri). Also patches erb and net-imap
over the base image (with stale gemspec cleanup so SBOM scanners see the
fixed versions), upgrades npm’s bundled vulnerable packages (tar, minimatch,
ip-address, picomatch, brace-expansion, @isaacs/brace-expansion, diff), and
drops build-base from the runtime image (added as a virtual install-time
package and removed after gem install) so binutils CVEs no longer ship in
the final image. Reduces grype findings from 78 to 15 (all remaining are
upstream Alpine packages with no fix available yet).
1.12.3
(fix): Apply canonical “all user-specified examples, else first autogenerated” selection
in the Ruby v2 SDK snippet output path. Aligns the generator’s snippet.json /
README example selection with TS-v1 / Python-v1 behavior so dynamic-IR-driven
snippets are deterministic across runs.
1.12.2
(fix): Fix circular require in generated barrel file by excluding test/wire files from the main lib require list.
1.12.1
(fix): Fix duplicate root client generation that caused a lint error.
1.12.0
(feat): Generate CONTRIBUTING.md for Ruby SDKs.
1.11.1
(fix): Strip trailing whitespace from generated comment lines so spec-controlled docstrings
no longer trip Layout/TrailingWhitespace after the rubocop -A autocorrect pass
was removed in #15202. Caught on the Square nightly baseline benchmark.
1.11.0
(feat): Add retryStatusCodes configuration option ("legacy" | "recommended").
Legacy (default) preserves existing behavior (408, 429, 500, 502, 503, 504, 521, 522, 524).
Recommended retries only transient codes (408, 429, 502, 503, 504), excluding
500 Internal Server Error to avoid retrying non-idempotent failures.
1.10.0
(fix): Fix Ruby string interpolation injection vulnerability in TypeLiteral string emitter.
Untrusted API spec default values containing #{} are now properly escaped in generated
double-quoted Ruby strings.
(feat): Generate fully rubocop-compliant code at emitter level, eliminating all remaining
rubocop offenses in generated output so rubocop -A is no longer needed at
generation time. Covers Style/IfUnlessModifier (modifier-form detection added to
ruby.IfElse AST), Style/RedundantInterpolation (bare .to_s for single-interpolation
URL paths and header values), Lint/DuplicateHashKey (dedupe by key in TypeLiteral
hash emit and by name in dynamic-snippet keyword arguments), and
Layout/FirstHashElementIndentation / Layout/FirstArgumentIndentation (EnforcedStyle:
consistent + correct wire-test pagination continuation indent). Rubocop runs as a
CI regression gate (check-only, no -A).
1.9.0
(feat): Support x-fern-default as fallback value for parameters in generated Ruby SDKs.
When a header, query parameter, or path parameter has a clientDefault value in the IR,
the generated Ruby SDK makes that parameter optional with the default value automatically applied.
1.8.0
(feat): Use auth scheme placeholder values in README snippets when configured via
placeholder field on auth schemes.
