From fd51d057f8d6e61a850eab51ef3b2f74dfbfa19c Mon Sep 17 00:00:00 2001
From: jsklan <100491078+jsklan@users.noreply.github.com>
Date: Tue, 16 Jun 2026 12:16:33 +0000
Subject: [PATCH] update changelogs

---
 .../products/sdks/generators/python/changelog/2026-06-16.mdx | 4 ++++
 .../sdks/generators/typescript/changelog/2026-06-16.mdx      | 5 +++++
 2 files changed, 9 insertions(+)
 create mode 100644 fern/products/sdks/generators/python/changelog/2026-06-16.mdx

diff --git a/fern/products/sdks/generators/python/changelog/2026-06-16.mdx b/fern/products/sdks/generators/python/changelog/2026-06-16.mdx
new file mode 100644
index 000000000..b72307e62
--- /dev/null
+++ b/fern/products/sdks/generators/python/changelog/2026-06-16.mdx
@@ -0,0 +1,4 @@
+## 5.14.19
+**`(fix):`** Bump aiohttp lower bound from >=3.14.0 to >=3.14.1 to fix CVE-2026-54274.
+
+
diff --git a/fern/products/sdks/generators/typescript/changelog/2026-06-16.mdx b/fern/products/sdks/generators/typescript/changelog/2026-06-16.mdx
index ed3275354..a36f7a69d 100644
--- a/fern/products/sdks/generators/typescript/changelog/2026-06-16.mdx
+++ b/fern/products/sdks/generators/typescript/changelog/2026-06-16.mdx
@@ -1,3 +1,8 @@
+## 3.72.5
+**`(chore):`** Bump form-data dependency from ^4.0.4 to ^4.0.6 in generated SDKs to fix
+CRLF injection vulnerability (CVE-2026-12143).
+
+
 ## 3.72.4
 **`(fix):`** The TypeScript SDK generator now suppresses lifted base properties from a discriminated union's synthesized `_Base` interface when every variant already inherits them via its `extends` chain. Pairs with the parser change that lifts shared-parent properties so non-structural-typing SDKs (Go, C#) can expose them; keeps the TypeScript output stable and avoids TS2320 collisions on optionality.