v0.1 was built on the long-deprecated Node 16 runtime; v1 is on Node 24
(skipping Node 20 entirely). The action's input contract is unchanged
for the three fields we use (posthog-token, event, properties).

The only behavior change is the default value of the optional
posthog-api-host input: v0.1 defaulted to https://app.posthog.com,
v1 defaults to https://us.i.posthog.com. Since seed.yml does not set
this input, the post now routes to the canonical US ingestion host.

Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>

…j-v275) (#15865)

* [Dependabot Alert #603] Scaffold PR for cross-spawn

* fix(deps): pin cross-spawn to ^7.0.6 via pnpm override to address GHSA-3xgq-45jj-v275

cross-spawn versions <6.0.6 and 7.0.0-7.0.4 are vulnerable to a ReDoS (CVE-2024-21538). The repo transitively pulled in cross-spawn@5.1.0 via @fern-api/ui-core-utils > title@3.5.3 > clipboardy@1.2.2 > execa@0.8.0, and the published @fern-api/ui-core-utils package is pinned via pnpm overrides, so the only practical fix is a pnpm override that forces cross-spawn to a patched 7.x version everywhere.

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: David Konigsberg <72822263+davidkonigsberg@users.noreply.github.com>

…#15772)

* fix: merge allOf validation constraints (pattern, min/max) in schema conversion

Co-Authored-By: kenny <kenny@buildwithfern.com>

* fix: biome formatting - collapse multi-line assignment to single line

Co-Authored-By: kenny <kenny@buildwithfern.com>

* fix: update allof snapshots and test expectations for merged constraint types

Co-Authored-By: kenny <kenny@buildwithfern.com>

* fix: update openapi-ir-parser snapshots for allof-oneof-anyof-edge-cases

Co-Authored-By: kenny <kenny@buildwithfern.com>

* fix: add ir-to-jsonschema snapshots for RuleCreateRequestExecutionContext

Co-Authored-By: kenny <kenny@buildwithfern.com>

* fix: prioritize direct properties over allOf in example generation

Co-Authored-By: kenny <kenny@buildwithfern.com>

* fix(openapi): update v3-importer-tests snapshots for allOf property precedence

Co-Authored-By: kenny <kenny@buildwithfern.com>

* fix(openapi): consolidate changelog entries for allOf fixes

Co-Authored-By: kenny <kenny@buildwithfern.com>

* fix(openapi): update ir-generator-tests snapshots for allOf constraint merge

Co-Authored-By: kenny <kenny@buildwithfern.com>

* fix: merge allOf properties in ExampleConverter for correct example generation

When an allOf override specifies only 'items' (without 'type: array'),
the ExampleConverter now merges base schema fields (type, maxItems, etc.)
with override fields before generating examples. This ensures the array
type is inherited from the base and produces properly typed item examples
instead of null.

Also merges 'required' from allOf base schemas so properties required in
the parent (like 'results' in PaginatedResult) are correctly treated as
required in the composed type.

Co-Authored-By: kenny <kenny@buildwithfern.com>

* refactor: invert allOf shortcut to blocklist inert metadata instead of allowlisting constraints

Instead of allowlisting specific validation fields (pattern, minLength,
etc.) that should prevent the allOf short-circuit, define a set of
metadata-only fields (type, description, title, nullable, etc.) that are
safe to ignore. If an inline element has ANY field not in this set, the
short-circuit is blocked and a full merge happens.

This is future-proof: new OpenAPI validation keywords are automatically
preserved without needing code changes.

Also simplifies the legacy parser's constraint merge to use Object.assign
instead of per-field checks.

Co-Authored-By: kenny <kenny@buildwithfern.com>

* update to metadata only fields + improved comment

* updated comments for clarity

* updated changelog

---------

Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: kenny <kenny@buildwithfern.com>
Co-authored-by: Aditya Arolkar <aditya.arolkar@berkeley.edu>

…r-compose (#15872)

The generated wire-test docker-compose.test.yml launched WireMock with
--global-response-templating, which runs every response body through
WireMock's Handlebars transformer. Any OpenAPI response example containing
literal {{...}} (e.g. FHIR/IPS template syntax) is then interpreted as a
template variable reference — Handlebars tries to resolve it as a helper,
fails, and WireMock returns 500 to the test client.

Wire tests have no use for Handlebars: they verify request shape, not
response interpolation. Dropping the flag in all five affected generators
(python-v2, go-v2, rust, ruby-v2, php) and regenerating the 35 affected
seed fixtures.

…reating replay tag commit (#15875)

When .fern/replay.lock's previousGenerationSha is no longer reachable in
the local clone (e.g. the prior fern-bot PR was squash-merged and the
source branch deleted), git commit-tree -p <sha> died with "not a valid
object" and the post-generation pipeline failed entirely — even though
replay itself had succeeded and the SDK was ready to ship.

Wrap the commit-tree call so we skip the fern-generation-base tag update
on that failure and return undefined. The branch was already created
from HEAD upstream of this call, and GithubStep's tag push is already
null-safe, so the SDK PR opens normally; only the moving tag is stale
for this one run, and the lockfile self-heals after the next merge.

…15873)

Co-authored-by: dsinghvi <10870189+dsinghvi@users.noreply.github.com>