3.70.3
(fix): Honor the auth scheme prefix for HeaderAuthScheme when generating HeaderAuthProvider.
Previously, the generator emitted the raw header value into the configured header (e.g.
Authorization) and dropped any prefix declared in the API definition (e.g. Bearer).
The provider now emits a HEADER_PREFIX constant and prepends it to the header value,
matching the behavior of the Java, Python, Go, C#, PHP, Rust, and Ruby v2 generators.
3.70.2
(chore): Bump the typescript-sdk-validator container’s node:20-slim base image
to node:22.22-bookworm-slim. Node 20 went EOL March 24, 2026, and the
container was carrying the Node 20 EOL alert plus CVE-2025-55130
(Node 20 permission-model symlink bypass).
3.70.1
(fix): Update @types/node from ^18.19.70 to ^20.0.0 in generated SDKs to
satisfy vitest 4.x peer dependency requirements. Previously, npm install
failed with ERESOLVE because vitest 4.x requires
@types/node@^20.0.0 || ^22.0.0 || >=24.0.0.
3.70.0
(internal): Emit .fern/verify.sh (mode 0755) alongside .fern/metadata.json. The script
runs <packageManager> install, <packageManager> build, and
<packageManager> test against the generated SDK, with the package manager
matching the value pinned in the project’s package.json#packageManager
field (pnpm or yarn). The script is the contract executed by the paired
fernapi/fern-typescript-sdk-validator Docker image, which is published
alongside fernapi/fern-typescript-sdk with the same version tag. Customers
that .fernignore .fern/verify.sh retain their version on regeneration.
3.69.3
(chore): Apply latest Debian security updates to the TypeScript SDK CLI container
(node:24.14-slim) at build time so OS-level package CVEs are picked up.
3.69.2
(chore): Patch 9 transitive npm dependency vulnerabilities flagged by Grype in the
typescript-sdk generator container by upgrading the bundled npm to
11.13.0, the bundled pnpm to 10.33.3, and replacing npm’s vendored
ip-address@10.1.0 with the patched 10.1.1 release. Addresses
GHSA-7r86-cg39-jmmj, GHSA-23c5-xmqv-rm74 (minimatch), GHSA-c2c7-rcm5-vvqj,
GHSA-3v7f-55p6-f55p (picomatch), GHSA-9ppj-qmqm-q256, GHSA-qffp-2rhf-9h96
(tar), GHSA-f886-m6hf-6m8v (brace-expansion), and GHSA-v2v4-37r5-5v8g
(ip-address).
3.69.1
(chore): Update oxfmt from 0.42.0 to 0.48.0, oxlint from 1.57.0 to 1.63.0, and oxlint-tsgolint from 0.17.4 to 0.22.1.
3.69.0
(feat): Add auth option to BaseClientOptions for custom auth handling. Accepts an
undiscriminated union of a function returning auth headers, an AuthProvider
implementation, or the existing auth credential options. This allows users with
alwaysSendAuth: true to handle auth via custom fetchers without the built-in
auth provider throwing on missing credentials.
3.68.1
(fix): Fix serialization schema for map types with nullable values. Previously, the
schema generator stripped nullable wrappers from map value types, causing a
type mismatch between the API types (which correctly included | null) and
the serialization layer (which omitted .nullable() on the value schema).
3.68.0
(feat): Add alwaysSendAuth config option that forces the generated SDK to include
auth headers on all endpoints, even those marked with auth: false in the
API definition. This is useful when using the same API definition for both
server (where auth is handled by a gateway) and client SDK generation.
3.67.0
(feat): Add retryStatusCodes generator config option with legacy and recommended modes.
legacy (default) preserves current behavior (retries 408, 429, and all 5xx).
recommended retries only 408, 429, 502, 503, and 504, avoiding idempotency
issues with non-transient server errors like 500.
3.66.6
(fix): Fix TS2322 type error in generated serialization files when enableForwardCompatibleEnums is enabled.
The enum schema builder now uses forwardCompatibleEnum_ which correctly widens the parsed type to string,
matching the widened API type.
3.66.5
(fix): Fix generated wire tests for SSE endpoints with protocol-discriminated unions.
The expected event assertion no longer wraps the deserialized data in a duplicate
discriminant key (which produced TS2783 “specified more than once” errors under
strict typecheck). When the example puts the discriminant inside the data payload
and leaves the SSE event line empty, the discriminant is now promoted onto the
event line before being stripped from the data, so the mocked wire body matches
what the runtime SDK produces.
3.66.4
(fix): Fix undiscriminated-union query parameters so the list variant is sent as
repeated keys (?key=a&key=b) instead of a URL-encoded JSON blob. Mirrors
the Go fix in #15526.
3.66.3
(fix): Fix dynamic snippets to default inlinePathParameters and inlineFileProperties
to true, matching the TypeScript SDK generator’s defaults. This fixes a mismatch
where docs snippets showed positional string arguments for path parameters instead
of the correct object-wrapped syntax.
3.66.2
(chore): Bump @fern-api/generator-cli to 0.9.16, which bundles the autoversion
pipeline’s private workspace deps (@fern-api/logging-execa,
@fern-api/task-context, @fern-api/cli-ai) into the published dist/api.js
so consumers no longer hit ERR_MODULE_NOT_FOUND on
logging-execa/src/createLoggingExecutable.js under Vite/Vitest.
3.66.1
(fix): Fix JsonError and ParseError constructors to set this.name and use
new.target.prototype so that error names survive esbuild minification.
3.66.0
(feat): Use auth scheme placeholder values in SDK client snippets when configured via
placeholder field on auth schemes.
3.65.5
(fix): Stop emitting the legacy queryParameters object at endpoint call sites. Query parameters
are now passed exclusively via queryString (produced by core.url.queryBuilder()).
The runtime Fetcher.Args.queryParameters field is retained (marked deprecated) for
custom-fetcher back-compat, and both queryParameters and queryString receive equivalent
log metadata and redaction of sensitive keys.
3.65.4
(chore): Bump @fern-api/generator-cli to 0.9.13, which fixes the publish of 0.9.12
(autoversion pipeline + @fern-api/replay 0.12.0) by marking @boundaryml/baml
as external in the generator-cli CLI bundle so esbuild no longer tries to
statically resolve baml’s platform-specific native bindings.
3.65.3
(chore): Bump @fern-api/generator-cli to 0.9.12, which ships the FER-9980 autoversion
pipeline (AutoVersionStep runs between the [fern-generated] commit and replay
apply, diffing pure generator output across runs to drive a semver bump and
changelog entry via FAI) and pins @fern-api/replay to 0.12.0.
