(fix): Fix dynamic snippet argument ordering for discriminated union factory methods
with optional base properties. Required base fields now come before the variant
value, and optional base fields come after, matching the PHP Method AST’s
automatic parameter reordering.
(fix): Fix dynamic snippet generation: filter out unsupported bytes body arguments
that produced syntax errors, and reorder IR-level path parameters (which have
defaults) after required body parameters to match the SDK method signatures.
(fix): Fix union serialization for enum variants: use ->value for serialization
and ::from() for deserialization instead of ->jsonSerialize() / ::jsonDeserialize().
(fix): Fix PHPStan error for literal boolean headers by using strict null comparison
(!== null) instead of loose comparison (!= null).
(fix): Fix multiple PHP generator bugs: add missing HEAD enum case, fix fully-qualified
exception class references, use preserveEnums for union return types, fix required
parameter ordering after optional parameters, prevent toJson on literal types, cast
boolean header values to strings, and fix basic-auth null checks when env vars are set.
(fix): Generated discriminated unions no longer emit a fromJson() override. The base
JsonSerializableType::fromJson now uses late static binding (static::jsonDeserialize)
so subclasses’ typed jsonDeserialize overrides dispatch correctly. This eliminates ~50
lines of duplicated code per union and resolves a PHPStan strict failure where the union
override’s $decodedJson was narrowed to array<array-key, mixed> instead of
array<string, mixed>.
(chore): Bump Node.js base image from 24.15 to 24.16.
(fix): Use interface_exists instead of class_exists when checking for
GuzzleHttp\ClientInterface in the retry client timeout logic.
class_exists always returns false for interfaces, so Guzzle timeout
support was never detected.
(fix): Dynamic snippets now render path-parameter arguments in IR (URL / SDK signature) order
rather than in the order they happen to appear in the input request, so generated
examples line up with the actual SDK method signature even when the spec lists path
parameters in a different order.
(feat): Support streaming response bodies in generated PHP SDKs (Server-Sent Events,
NDJSON, and raw text). Endpoints with a response-stream now return a typed
SseStream<T>, JsonStream<T>, or TextStream that iterates the response
frame-by-frame and deserializes each one into the declared payload type.
Previously these endpoints were emitted as broken void methods that always
threw <Sdk>ApiException regardless of HTTP status.
(chore): Patch the bundled ip-address to v10.2.0 in the php-sdk container to
address CVE-2026-42338 / GHSA-v2v4-37r5-5v8g (XSS in Address6 HTML-
emitting methods). npm 11.12.1 (shipped with node:24.15) bundles
ip-address@10.1.0 via socks; this overlays the published 10.2.0
tarball in place at image build time.
(fix): Stop launching WireMock with --global-response-templating in generated
wire-test docker-compose.test.yml. Response examples containing literal
{{...}} are now served verbatim instead of being passed through
WireMock’s Handlebars transformer, which would fail to resolve them as
helpers and return 500.
(chore): Patch PHP SDK + PHP model generator container CVEs flagged in the AWS ECR /
grype scan. Refresh apk upgrade --available to pull the latest Alpine
3.23 security patches and patch npm’s bundled picomatch@4.0.3 -> 4.0.4
and brace-expansion@5.0.4 -> 5.0.5 via tarball replacement.
(chore): Bump the PHP SDK and PHP model generator containers’ Node base image from
node:22.22-alpine3.23 to node:24.15-alpine3.23. Aligns the generators
with the rest of the Fern generator containers on a single Node major
version (Node 24) and picks up Node 24’s CVE patches.