Skip to content

SDK regeneration#184

Closed
fern-api[bot] wants to merge 1 commit into
mainfrom
fern-bot/2026-05-12T01-30-38Z
Closed

SDK regeneration#184
fern-api[bot] wants to merge 1 commit into
mainfrom
fern-bot/2026-05-12T01-30-38Z

Conversation

@fern-api

@fern-api fern-api Bot commented May 12, 2026

Copy link
Copy Markdown
Contributor

Automated SDK generation by Fern

@fern-api fern-api Bot requested a review from a team as a code owner May 12, 2026 01:30
@fern-api fern-api Bot requested a review from azhou202 May 12, 2026 01:30
@semgrep-code-merge-api

Copy link
Copy Markdown

Semgrep found 10 non-literal-import findings:

  • src/merge/resources/hris/resources/groups/types/init.py
  • src/merge/resources/hris/resources/groups/init.py
  • src/merge/resources/filestorage/resources/link_token/types/init.py
  • src/merge/resources/filestorage/resources/link_token/init.py
  • src/merge/resources/filestorage/resources/groups/types/init.py
  • src/merge/resources/filestorage/resources/groups/init.py
  • src/merge/resources/accounting/resources/sales_orders/types/init.py
  • src/merge/resources/accounting/resources/sales_orders/init.py
  • src/merge/resources/accounting/resources/item_fulfillments/types/init.py
  • src/merge/resources/accounting/resources/item_fulfillments/init.py

Untrusted user input in importlib.import_module() function allows an attacker to load arbitrary code. Avoid dynamic values in importlib.import_module() or use a whitelist to prevent running untrusted code.

@fern-api fern-api Bot changed the title 🌿 Fern Regeneration -- May 12, 2026 SDK regeneration May 20, 2026
@fern-api fern-api Bot force-pushed the fern-bot/2026-05-12T01-30-38Z branch from 76995c5 to ad015da Compare May 20, 2026 22:53
Generated by Fern
CLI Version: unknown
Generators:
  - fernapi/fern-python-sdk: 4.29.1
@fern-api fern-api Bot force-pushed the fern-bot/2026-05-12T01-30-38Z branch from ad015da to 956227c Compare June 8, 2026 15:48
Comment thread poetry.lock
@@ -38,13 +38,13 @@ trio = ["trio (>=0.26.1)"]

[[package]]
name = "certifi"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Legal Risk

certifi 2026.5.20 was released under the MPL-2.0 license, a license that
has been flagged by your organization for consideration.

Recommendation

While merging is not directly blocked, it's best to pause and consider what it means to use this license before continuing. If you are unsure, reach out to your security team or Semgrep admin to address this issue.

@niteshsandal-merge niteshsandal-merge deleted the fern-bot/2026-05-12T01-30-38Z branch June 8, 2026 16:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant