Skip to content

SDK regeneration#183

Closed
fern-api[bot] wants to merge 1 commit into
mainfrom
fern-bot/2026-05-11T21-58-40Z
Closed

SDK regeneration#183
fern-api[bot] wants to merge 1 commit into
mainfrom
fern-bot/2026-05-11T21-58-40Z

Conversation

@fern-api

@fern-api fern-api Bot commented May 11, 2026

Copy link
Copy Markdown
Contributor

Automated SDK generation by Fern

@fern-api fern-api Bot requested a review from a team as a code owner May 11, 2026 21:58
@fern-api fern-api Bot requested a review from azhou202 May 11, 2026 21:58
@semgrep-code-merge-api

Copy link
Copy Markdown

Semgrep found 10 non-literal-import findings:

  • src/merge/resources/hris/resources/groups/types/init.py
  • src/merge/resources/hris/resources/groups/init.py
  • src/merge/resources/filestorage/resources/link_token/types/init.py
  • src/merge/resources/filestorage/resources/link_token/init.py
  • src/merge/resources/filestorage/resources/groups/types/init.py
  • src/merge/resources/filestorage/resources/groups/init.py
  • src/merge/resources/accounting/resources/sales_orders/types/init.py
  • src/merge/resources/accounting/resources/sales_orders/init.py
  • src/merge/resources/accounting/resources/item_fulfillments/types/init.py
  • src/merge/resources/accounting/resources/item_fulfillments/init.py

Untrusted user input in importlib.import_module() function allows an attacker to load arbitrary code. Avoid dynamic values in importlib.import_module() or use a whitelist to prevent running untrusted code.

Generated by Fern
CLI Version: unknown
Generators:
  - fernapi/fern-python-sdk: 4.29.1
@fern-api fern-api Bot changed the title 🌿 Fern Regeneration -- May 11, 2026 SDK regeneration Jun 8, 2026
@fern-api fern-api Bot force-pushed the fern-bot/2026-05-11T21-58-40Z branch from cc8f07b to 5445342 Compare June 8, 2026 16:38
Comment thread poetry.lock
@@ -38,13 +38,13 @@ trio = ["trio (>=0.26.1)"]

[[package]]
name = "certifi"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Legal Risk

certifi 2026.5.20 was released under the MPL-2.0 license, a license that
has been flagged by your organization for consideration.

Recommendation

While merging is not directly blocked, it's best to pause and consider what it means to use this license before continuing. If you are unsure, reach out to your security team or Semgrep admin to address this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant