(fix): Fix duplicate root client generation that caused a lint error.
(feat): Generate CONTRIBUTING.md for Ruby SDKs.
(feat): 在生成的 Ruby SDK 中支持 x-fern-default 作为参数的回退值。当头部、查询参数或路径参数在 IR 中有 clientDefault 值时,生成的 Ruby SDK 使该参数可选,并自动应用默认值。
(fix): Generated model classes now include fields inherited from parent types
(Fern extends / OpenAPI allOf). Previously, derived models — including
discriminated union variants — only carried their own declared properties
and silently dropped fields contributed by their parents, leaving
deserialized responses without id, name, and other inherited common
fields.
(feat): Add a max_retries: keyword argument to the generated root Client
constructor. Consumers can now configure the default retry count once
at client construction (e.g. Client.new(max_retries: 5)) instead of
relying on the generation-time maxRetries setting in generators.yml.
The constructor default still respects the configured value (or 2
when unset), so existing behavior is preserved.
(fix): Dynamic snippets now render path-parameter arguments in IR (URL / SDK signature) order
rather than in the order they happen to appear in the input request, so generated
examples line up with the actual SDK method signature even when the spec lists path
parameters in a different order.
(chore): Bump addressable from 2.8.10 to 2.9.0 in the ruby-v2 SDK generator
container to clear CVE-2026-35611 (ReDoS in URI template expansion).
Switch the post-install cleanup to gem cleanup so older 2.8.x copies
dragged in by rubocop’s dependency graph are dropped from the final
image. rexml stays pinned at 3.4.4 (past the 3.3.6 CVE-2024-49761
fix). Also strip the vendored Gemfile.lock files inside cached
gems (lint_roller, rbs, typeprof, unicode-emoji) so grype stops
reading their pinned rexml / rdoc / addressable versions as
installed packages.
(fix): Stop launching WireMock with --global-response-templating in generated
wire-test docker-compose.test.yml. Response examples containing literal
{{...}} are now served verbatim instead of being passed through
WireMock’s Handlebars transformer, which would fail to resolve them as
helpers and return 500.
(fix): Fix Layout/EmptyComment RuboCop offense emitted for types with no
description. The AST Comment node now skips writing when docs is
empty or whitespace-only, so undocumented model classes no longer
produce a bare # line above their class definition.
(fix): Fix Layout/EmptyComment RuboCop offense emitted for types with no
description. The AST Comment node now skips writing when docs is
empty or whitespace-only, so undocumented model classes no longer
produce a bare # line above their class definition.
(chore): Patch Ruby SDK generator container CVEs flagged in the AWS ECR / grype
scan. Remove the unused erb-4.0.3, net-imap-0.4.21, addressable-2.8.5,
rexml-3.2.5, and rexml-3.2.6 gem directories (in addition to the
gemspec stubs) and install patched addressable-2.8.10 + rexml-3.4.4,
so grype no longer reports the vulnerable versions vendored alongside
Ruby 3.3’s default gems and the rubocop dependency graph.
(chore): Bump ruby-v2 model container Ruby base image to ruby:3.3-alpine3.23 (matching
the ruby-v2 SDK container) and apply latest Alpine package security updates at
build time.
(chore): Remediate container vulnerabilities flagged by the May 2026 Grype scan of the
fernapi/fern-ruby-sdk image. Bumps the base image from ruby:3.3-alpine3.20
(EOL) to ruby:3.3-alpine3.23, picking up updated openssl, musl, busybox,
zlib, curl, git, c-ares, ada-libs, sqlite-libs, and a Ruby 3.3.11 with newer
default gems (resolv, zlib, rexml, uri). Also patches erb and net-imap
over the base image (with stale gemspec cleanup so SBOM scanners see the
fixed versions), upgrades npm’s bundled vulnerable packages (tar, minimatch,
ip-address, picomatch, brace-expansion, @isaacs/brace-expansion, diff), and
drops build-base from the runtime image (added as a virtual install-time
package and removed after gem install) so binutils CVEs no longer ship in
the final image. Reduces grype findings from 78 to 15 (all remaining are
upstream Alpine packages with no fix available yet).
(fix): Apply canonical “all user-specified examples, else first autogenerated” selection
in the Ruby v2 SDK snippet output path. Aligns the generator’s snippet.json /
README example selection with TS-v1 / Python-v1 behavior so dynamic-IR-driven
snippets are deterministic across runs.
(fix): Fix circular require in generated barrel file by excluding test/wire files from the main lib require list.
(fix): 从生成的注释行中去除尾随空格,使受规范控制的 docstring 在 #15202 中移除 rubocop -A 自动修正过程后不再触发 Layout/TrailingWhitespace。在 Square 夜间基线基准测试中发现。
(feat): 添加 retryStatusCodes 配置选项("legacy" | "recommended")。Legacy(默认)保留现有行为(408、429、500、502、503、504、521、522、524)。Recommended 仅重试瞬态代码(408、429、502、503、504),排除 500 Internal Server Error,以避免对非幂等失败进行重试。
(fix): 修复 TypeLiteral 字符串发射器中的 Ruby 字符串插值注入漏洞。包含 #{} 的不受信任的 API 规范默认值现在在生成的双引号 Ruby 字符串中得到正确转义。
(feat): 在发射器层级生成完全符合 rubocop 规范的代码,消除生成输出中所有剩余的 rubocop 违规,使生成时不再需要 rubocop -A。涵盖 Style/IfUnlessModifier(在 ruby.IfElse AST 中添加修饰符形式检测)、Style/RedundantInterpolation(用于单插值 URL 路径和标头值的裸 .to_s)、Lint/DuplicateHashKey(在 TypeLiteral 哈希发射中按键去重,并在动态代码片段关键字参数中按名称去重)以及 Layout/FirstHashElementIndentation / Layout/FirstArgumentIndentation(EnforcedStyle: consistent + 正确的线路测试分页延续缩进)。Rubocop 作为 CI 回归门禁运行(仅检查,无 -A)。
