…mit (#840)

## Why this PR exists

`.fern/replay.lock` on master references the commit SHA
`b61c6fa84f61d6c77d9f4ab0fa6c2bf512c8680d` in three fields:
`current_generation`, the second entry in `generations[]`, and
`patch-4894603d.base_generation`. That SHA exists on the abandoned bot
branch `fern-bot/2026-05-01_07-46-04_377` but is **unreachable from
`master`'s first-parent history**, because PR #836 ("SDK regeneration",
merged 2026-05-01) was squash-merged — squash created a new merge commit
`9398d1da…` on master and discarded the original bot-branch SHAs.

The result is that every subsequent `fern generate` loads this lockfile,
can't resolve `b61c6fa` from a master-only clone, falls into the deepest
detection fallback path, and (until the engine fix linked below also
lands) captures up to 200 pre-Fern commits as orphan patches —
overflowing GitHub's 65,536-character PR body limit and failing PR
creation outright.

## What this PR changes

Three references on `.fern/replay.lock`, no other lines touched:

\`\`\`diff
-  - commit_sha: b61c6fa
-    tree_hash: 063654d
-    timestamp: 2026-05-01T07:46:03.366Z
-    cli_version: unknown
-    generator_versions:
-      fernapi/fern-python-sdk: 5.9.1
-    base_branch_head: 6e9c9a6
-current_generation: b61c6fa
+  - commit_sha: ffe61f6
+    tree_hash: d03a986
+    timestamp: 2026-04-29T20:01:22+05:30
+    cli_version: unknown
+    generator_versions: {}
+    base_branch_head: de316f0
+current_generation: ffe61f6
\`\`\`

\`\`\`diff
-    base_generation: b61c6fa
+    base_generation: ffe61f6
\`\`\`

`ffe61f6a098cb25a875019a37f2615045b97344e` is the merge commit on master
for PR #833 ("[fern-replay] Initialize Replay for SDK customizations"),
authored by `fern-api[bot]`. Unlike `b61c6fa…`, it sits on master's
first-parent history and is reachable from any clone of master.

`patch_content` and the ~8,200-line `theirs_snapshot` (which contains
the full intended content of `src/auth0/management/__init__.py`) are
untouched — they're the safety net that lets the replay applicator
reconstruct the customer-intended file content on the next regeneration
even if the line-anchored diff's context has drifted against the new
anchor's tree.

## Effect after merge

- Next `fern generate` loads the lockfile, finds `current_generation:
ffe61f6…` reachable from master
- Replay uses its linear detection path (not the broken fallback)
- The 5 customer commits since PR #833 get tracked normally with valid
`base_generation` anchors
- `patch-4894603d` reapplies, preserving the custom wiring in
`src/auth0/management/__init__.py`
- PR body well under GitHub's 65KB limit

Co-authored-by: Tanmay Singh <[email protected]>

### Changes

- Drop Python 3.9 from supported versions (EOL since October 2025)
- Add Python 3.13 to the test matrix and classifiers
- Bump minimum Python version to `>=3.10` in `pyproject.toml`
- Update publish workflow to build on Python 3.10
- Unpin Poetry version constraint (Poetry 2.x requires Python 3.10+,
which is now our minimum)

This also fixes CI failures on PR #841 where `pipx install poetry` was
pulling Poetry 2.x which crashes on Python 3.9 with `TypeError:
dataclass() got an unexpected keyword argument 'slots'`.

### References

- [Poetry 2.0
changelog](https://python-poetry.org/blog/announcing-poetry-2.0.0/)
(requires Python 3.10+)
- [Python 3.9 EOL](https://devguide.python.org/versions/) (end-of-life
October 2025)

### Testing

- CI matrix now runs on Python 3.10, 3.11, 3.12, 3.13
- No code changes to the library itself, only build/CI configuration

- [ ] This change adds unit test coverage
- [x] This change has been tested on the latest version of the
platform/language or why not

### Checklist

- [x] I have read the [Auth0 general contribution
guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md)
- [x] I have read the [Auth0 Code of
Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md)
- [x] All existing and new tests complete without errors

### Changes

- Added configurable `max_retries` parameter to `Auth0` and `AsyncAuth0`
clients (defaults to 2 with exponential backoff)
- New error types: `BadRequestSchema`, `ForbiddenSchema`,
`UnauthorizedSchema`, `TooManyRequestsSchema`
- New types: `FedCmLogin`, `FedCmLoginGoogle`,
`CredentialDeviceTypeEnum`
- Extended `user_authentication_method` and `resource_server` response
types with additional fields
- Updated connection types with additional validation fields
- Expanded `clients`, `refresh_tokens`, `resource_servers`, `tickets`,
and `users/authentication_methods` endpoint parameters

### Testing

- Wire tests cover new and updated endpoints
- CI matrix runs on Python 3.10, 3.11, 3.12, 3.13

- [ ] This change adds unit test coverage
- [x] This change has been tested on the latest version of the
platform/language or why not

### Checklist

- [x] I have read the [Auth0 general contribution
guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md)
- [x] I have read the [Auth0 Code of
Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md)
- [x] All existing and new tests complete without errors

---------

Co-authored-by: fern-api <115122769+fern-api[bot]@users.noreply.github.com>
Co-authored-by: Fern Support <[email protected]>
Co-authored-by: Tanmay Singh <[email protected]>
Co-authored-by: Kunal Dawar <[email protected]>
Co-authored-by: Kunal Dawar <[email protected]>

**⚠️ Breaking: Python 3.9 support dropped**
- Python 3.9 reached end-of-life in October 2025. This release requires
**Python >=3.10**. Users on Python 3.9 should remain on v5.4.0 until
they upgrade their Python version.
[\#843](#843)
([developerkunal](https://github.com/developerkunal))

**Added**
- feat: configurable max_retries parameter to Auth0 and AsyncAuth0
clients (defaults to 2 with exponential backoff)
[\#841](#841)
([fern-api[bot]](https://github.com/apps/fern-api))
- feat: New error types: BadRequestSchema, ForbiddenSchema,
UnauthorizedSchema, TooManyRequestsSchema
[\#841](#841)
([fern-api[bot]](https://github.com/apps/fern-api))
- feat: New types: FedCmLogin, FedCmLoginGoogle,
CredentialDeviceTypeEnum
[\#841](#841)
([fern-api[bot]](https://github.com/apps/fern-api))
- Extended user_authentication_method and resource_server response types
with additional fields
[\#841](#841)
([fern-api[bot]](https://github.com/apps/fern-api))
- Expanded clients, refresh_tokens, resource_servers, tickets, and
users/authentication_methods endpoint parameters

**Changed**
- Updated connection types with additional validation fields
[\#841](#841)
([fern-api[bot]](https://github.com/apps/fern-api))