Changelog

June 12, 2026

5.14.15

(chore): Bump bundled @fern-api/generator-cli to 0.9.39 (Replay 0.18.0) for more reliable customization detection during regeneration.

June 11, 2026

5.14.14

(fix): Add MAX_LINE_SIZE guard (1 MiB) to SSE iter_sse/aiter_sse to prevent unbounded memory growth from non-newline-terminated streams (GHSA-7w2x-r9r4-7v8r).

June 10, 2026

5.14.13

(fix): Fix mypy errors in raw client for stream-condition endpoints by removing @contextmanager decorator and correcting overload return types.

June 8, 2026

5.14.12

(chore): Bump pip from 26.1 to 26.1.2 in the container to fix CVE-2026-8643 (directory traversal via malicious wheel entry-point names).

June 4, 2026

5.14.11

(chore): Bump aiohttp lower bound from >=3.13.4 to >=3.14.0 and tighten Python marker to >=3.10 to address CVE-2026-47265 and CVE-2026-47266.

June 3, 2026

5.14.10

(fix): Fix the typing of endpoints that extract a property from an optional response body. The HttpResponse/AsyncHttpResponse generic (and the corresponding client return type) is now wrapped in Optional when the underlying response body resolves to an optional type, so an empty response (data=None) no longer fails type checking.

(fix): Fix the generated OAuth token provider to respect the auth scheme’s request-properties mapping. The token endpoint is now invoked using the actual request parameter names (e.g. username/password or custom names) instead of always hard-coding client_id/client_secret.

5.14.9

(fix): Fix generation failure in output_directory: source-root mode by skipping poetry lock and ruff commands that require a pyproject.toml which is not emitted in source-root mode.

(fix): Fix duplicate __root__ field declaration in Pydantic v1 discriminated unions with include_union_utils: true.

June 1, 2026

5.14.8

(fix): Fix construct_type crash on bare unparameterized dict, list, and set types. Previously, get_args() on a bare container returned an empty tuple, causing ValueError (dict) or IndexError (list/set). Now falls back to returning the object unchanged, matching Dict[Any, Any] / List[Any] / Set[Any] semantics.

5.14.7

(fix): Fix offset pagination so generated list endpoints emit a real _has_next instead of the literal True. When the API declares has-next-page on the pagination config, the generator now reads that response field (bool(_parsed_response.<path>)); otherwise it falls back to len(_items or []) > 0, matching the TypeScript generator’s (r?.data ?? []).length > 0 semantics.

Previously every offset-paginated method hardcoded _has_next = True, so while pager.has_next: pager = pager.next_page() loops never terminated. for x in pager worked only because the core paginator stops iteration when get_next() returns an empty page.

Also harden the offset paginator against two latent crashes: nested has-next-page paths (e.g. $response.metadata.hasNext) are now wrapped in a _parsed_response.metadata is not None guard mirroring the cursor paginator, and _has_next/_get_next are pre-initialized so endpoints with an optional response type no longer raise NameError when the server returns a null body.

May 28, 2026

5.14.6

(fix): Improve SSE event parsing and deserialization performance by caching resolved type hints and short-circuiting convert_and_respect_annotation_metadata when a type has no aliased fields. Previously every call recomputed typing.get_type_hints and walked the entire type graph, which was very expensive for streams parsing many events against large discriminated unions. Output is unchanged.

5.14.5

(fix): Fix TypedDict alias generation when use_typeddict_requests: true so that container element types (List[T], Dict[K, V], Set[T]) and direct aliases (Alias = T) reach for the request-side TParams variant rather than the Pydantic model T. Without this, request parameters typed as such aliases rejected dict-literal values at type-check time even though the runtime accepted them.

Note: list-typed alias bodies now resolve to typing.Sequence[…] instead of typing.List[…] under use_typeddict_requests, consistent with how endpoint parameters are already typed. Existing call sites that pass lists continue to work.

5.14.4

(fix): Fix SSE union discrimination for both data-level and protocol-level contexts.

Data-level: Simplify parse_sse_obj to always parse the SSE data field as JSON instead of using runtime heuristics. This fixes incorrect routing when the discriminant field name (e.g., event) collides with an SSE envelope field.

Protocol-level: Generate an if/elif dispatch chain at code-generation time that routes on _sse.event, parsing each variant’s data payload into its concrete type. No runtime heuristic — the generator decides the code path statically.

May 22, 2026

5.14.3

(chore): Bump Node.js base image from 24.15 to 24.16.

May 21, 2026

5.14.2

(fix): Bump @fern-api/generator-cli to 0.9.35, which disables minimatch negation on .fernignore patterns so a stray !pattern no longer silently inverts the match and discards generator output.