Changelog

April 22, 2026

5.5.8

(fix): Fix wire test verification for endpoints with multi-value array query parameters.

5.5.7

(chore): Add crash reporting via Sentry to the generator runtime, and classify thrown errors using the new shared GeneratorError taxonomy so user-facing failures (config, validation, auth, network, environment) are kept distinct from internal Fern bugs — only the latter are forwarded to Sentry. No change to generated output.

April 20, 2026

5.5.6

(fix): Escape Python reserved keywords (e.g., import, class, from) when used as subpackage names. Previously, a subpackage named after a Python keyword would produce a broken __init__.py (e.g., from .import.client import ImportClient) that fails to parse. Subpackage directories are now generated using the casings-generator’s safe_name (e.g., import_), matching how other identifiers already handle reserved keywords.

5.5.5

(fix): Raise the generated aiohttp optional-dependency lower bound from >=3.10.0,<4 to >=3.13.4,<4 and add a python = ">=3.9" marker on both aiohttp and httpx-aiohttp so the aiohttp extra is only installed on Python 3.9+ while still allowing the SDK itself to support Python 3.8. Enforces the patched minimum version for GHSA-c427-h43c-vf67 (CVE-2026-34525) at the dependency spec level.

5.5.4

(fix): Clamp the minimum Python version produced by the generator to ^3.10. Python 3.8 reached EOL in Oct 2024 and Python 3.9 in Oct 2025; many popular PyPI packages (e.g. requests >=2.33) no longer publish wheels for those versions, which causes dependency resolution to pin older, known-vulnerable releases (GHSA-gc5v-m9x4-r6x2 / CVE-2026-25645). When pyproject_python_version specifies a range that allows a version older than 3.10, the generator now logs a warning and emits python = "^3.10" in the generated pyproject.toml.

(fix): Bump the requests / types-requests dependencies used by the generated wire test suite from ^2.31.0 to ^2.33.0 to pick up the fix for GHSA-gc5v-m9x4-r6x2 (insecure temp file reuse in requests.utils.extract_zipped_paths).

(chore): Add a defensive urllib3 pin to the generated SDK’s dev dependencies that excludes the vulnerable >=2.0.0,<2.2.2 range addressed by CVE-2024-37891 (GHSA-34jh-p97f-mpxf). This prevents poetry lock from resolving to a vulnerable urllib3 even when user-supplied extra_dependencies transitively cap urllib3 (e.g. older boto3 pins whose botocore requires urllib3 < 2.1).

5.5.3

(chore): Bump generated pytest dev dependency from ^8.2.0 to ^9.0.3 for SDKs targeting Python 3.9+. This addresses CVE-2025-71176 (GHSA-6w46-j5rx-g56g), a moderate-severity issue with insecure /tmp/pytest-of-{user} handling on UNIX. Projects that still support Python 3.8 continue to use pytest ^7.4.0 since pytest 9 requires Python 3.9+.

April 18, 2026

5.5.2

(fix): Fix generated wire tests and dynamic snippets to honor pydantic_config.union_naming: v1. Previously, variant class names in wire tests and README/reference snippets were always emitted with the v0 suffix style (e.g. UnionName_Variant), causing import errors when the SDK types were generated with v1 prefix-style names (e.g. VariantUnionName).

April 17, 2026

5.5.1

(chore): Bump @fern-api/generator-cli to 0.9.10 which upgrades @fern-api/replay to 0.11.0 and only pushes the fern-generation-base tag when replay has unresolved conflicts.

April 16, 2026

5.5.0

(feat): Add use_request_defaults top-level config option with three modes: "none", "parameters" (query params and headers only), and "all" (query params, headers, request body params, and pydantic model fields). This takes precedence over the existing pydantic_config.use_provided_defaults boolean, which will be deprecated in a future release.

(fix): Fix mypy error in generated client wrapper when a non-string global header is declared (e.g. Request-Timeout: integer). The generator emits headers: Dict[str, str] but previously assigned the raw typed member (e.g. int) directly, causing Incompatible types in assignment. Non-string global header values are now wrapped with str(...) when assigned. String-typed headers are unchanged.

5.4.0

(chore): Bump @fern-api/generator-cli to 0.9.8. Changelog URLs in generated PRs now use the commit SHA instead of the PR branch name, keeping the link valid after the branch is deleted or squash-merged.

April 15, 2026

5.4.0-rc.1

(fix): Fix auth: any with OAuth + header auth schemes (e.g. API key):

Header auth parameters are now included in the generated client constructor (previously silently dropped when OAuth was present)
Header auth parameters are passed through to the client wrapper (previously missing, causing a runtime TypeError)
Header auth types are made optional when alongside OAuth, with conditional header setting
The client can now be instantiated with just a header auth credential (e.g. api_key) without requiring OAuth credentials or a bearer token

April 14, 2026

5.3.14

(chore): Bump pytest from 7.4.4 to 9.0.3 and add pytest-asyncio for async test support.

April 13, 2026

5.3.13

(fix): Fix NameError when a type uses extends to inherit from a base type in a different file and that base type is part of a circular reference cycle. The generator was incorrectly deferring the base class import to the bottom of the file via ghost references, but Python requires base class imports before the class definition. Ghost references for extended (base class) types are now skipped so their imports remain at the top of the file.

April 12, 2026

5.3.12

(chore): Bump generator-cli to 0.9.7 which upgrades @fern-api/replay to 0.10.4.

April 10, 2026

5.4.0-rc.0

(feat): Upgrade to IR v66 which compresses the IR Name type, reducing IR size and increasing performance.

5.3.11

(fix): Fix duplicate keyword arguments in generated code for discriminated union request bodies with stream condition properties. When a union variant inherits the stream condition field from a base schema via extends, the property was emitted twice — once from the union’s base properties and once from the variant’s extended properties — causing SyntaxError in generated Python code.

(fix): Escape triple quotes in docstrings to prevent premature docstring termination when OpenAPI descriptions contain Python code examples with triple-quoted strings.

(fix): Fix mypy call-overload errors in exported client wrapper by mirroring the base client’s @overload signatures and using **kwargs pass-through, instead of suppressing the error with a type: ignore comment.

5.3.10

(chore): Bump generator-cli to 0.9.6 which upgrades @fern-api/replay to 0.10.3.

5.3.9

(chore): Bump generator-cli to 0.9.5 which upgrades @fern-api/replay to 0.10.2.