chore(deps): bump stripe from 16.12.0 to 22.1.1#159
Conversation
dependabot
Bot
added
dependencies
Bumps [stripe](https://github.com/stripe/stripe-node) from 16.12.0 to 22.1.1. - [Release notes](https://github.com/stripe/stripe-node/releases) - [Changelog](https://github.com/stripe/stripe-node/blob/master/CHANGELOG.md) - [Commits](stripe/stripe-node@v16.12.0...v22.1.1) --- updated-dependencies: - dependency-name: stripe dependency-version: 22.1.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/stripe-22.1.1
branch
from
c84ba34 to
091547f
Compare
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Plus Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughBumps Stripe dependency to ^22.1.1 and replaces namespace typings with explicit imports from ChangesStripe types & dependency upgrade
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@package.json`:
- Line 29: You upgraded Stripe from v16→v22 in package.json; before merging run
the full test suite and fix any breaks: execute all tests, with focus on
tests/integration/stripe/, tests/unit/payments/webhookSignature.test.ts, and any
tests touching cardService, balanceService, webhookHandler, and validateStripe;
ensure TypeScript compiles (tsc) and address v22 type changes (restructured type
exports) and any API signature differences (constructor new Stripe(key, {
apiVersion: ... }) is correct) or changed argument orders by updating call sites
and imports to the new v22 typings and APIs until tests and compilation pass.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 5805a707-1a48-4c35-af89-1b8b9d6195a5
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (1)
package.json
| "ioredis": "^5.10.1", | ||
| "pino": "^10.3.1", | ||
| "stripe": "^16.0.0", | ||
| "stripe": "^22.1.1", |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Find all files importing or using the Stripe SDK
echo "=== Files importing stripe ==="
rg -n --type=ts --type=js -C2 "from ['\"]stripe['\"]|require\(['\"]stripe['\"]\)"
echo -e "\n=== Stripe client instantiation ==="
rg -n --type=ts --type=js -C3 "new Stripe\(|Stripe\("
echo -e "\n=== Stripe API method calls (sample patterns) ==="
rg -n --type=ts --type=js -C2 "stripe\.(customers|charges|paymentIntents|subscriptions|checkout)\."Repository: JonasBaeumer/AgentWallet
Length of output: 6585
🌐 Web query:
Stripe Node.js SDK breaking changes from v16 to v22
💡 Result:
Stripe’s Node.js SDK v22 (released as v22.0.0) includes a set of breaking changes you need to account for when upgrading from v16 to v22. The v22-specific breaking items are documented in the v22 migration guide and in the v22.0.0 release notes/changelog. [1][2] 1) Runtime/API call-pattern breaking changes (service methods) - Remove callback support for service methods: you must use promises/async-await instead of callbacks. [1][2] - Remove support for passing a plain API key as a function argument; per-request apiKey must go in RequestOptions.apiKey. [2] - RequestParams/RequestOptions argument order is now strict: - If a method signature has both params and options, RequestParams must be the first argument and RequestOptions must be the last argument. - If you need options without params, pass undefined as the first argument explicitly. [2] - Keys are no longer mixed between params and options objects. [2] - Example call patterns no longer supported (from the v22.0.0 changelog): - stripe.customers.retrieve('cus_123', 'sk_test_123') - stripe.customers.create({name: 'david', host: 'example.com'}, 'sk_test_123') - stripe.customers.create({apiKey: 'sk_test_123'}) - stripe.customers.list(customers => {... }) (callback style) [3] 2) Host override behavior changes - Removed per-request host override; to use a custom host, set it in the client configuration so all requests from that client use the host. [2][1] 3) Stripe client construction + import/export changes - Stripe is now a “true ES6 class” and you should construct it with new Stripe instead of calling it like a factory function. [2][1] - CommonJS import behavior changed (while CJS is still supported, Stripe recommends using ES modules and notes they will move away from supporting CJS imports in the future). [1] 4) TypeScript typing/export breaking changes - Removed top-level “stripe” ambient module; types are reorganized to better match implementation in TypeScript files. [4][2] - Stripe.StripeContext is no longer exported as a type; use Stripe.StripeContextType instead. [4][2] - Stripe.errors.StripeError is no longer exported as a type; use typeof Stripe.errors.StripeError or Stripe.ErrorType instead. [4][2] - CJS entry point no longer exports.default or.Stripe as separate properties. [4][2] 5) Other v22 breaking/compat notes called out in the v22 migration guide - The migration guide states v22 continues to use the 2026-03-25.dahlia Stripe API version introduced in v21 (so “Stripe-specific business logic” may not require changes if you were already on v21). [1] 6) (Important) Don’t assume only v22 matters: you’re skipping several majors Since your target is v16 -> v22, you may also be impacted by breaking changes introduced in v17, v18, v19, v20, and v21 (in addition to the v22 SDK-specific changes above). The v22 migration guide tells you it focuses on SDK-specific breaking changes introduced in v22, but you still need to review earlier major-version migration guides/changelogs for additional incompatibilities. [1][5] If you tell me your current import style (ESM vs CJS), how you call service methods today (especially whether you pass apiKey/options as function arguments or use callbacks), and your Node.js version, I can produce a targeted “before/after” diff for the exact patterns likely to break.
Citations:
- 1: https://github.com/stripe/stripe-node/wiki/Migration-guide-for-v22
- 2: https://github.com/stripe/stripe-node/releases/tag/v22.0.0
- 3: https://github.com/stripe/stripe-node/blob/v22.0.0/CHANGELOG.md
- 4: https://github.com/stripe/stripe-node/blob/v22.0.2/CHANGELOG.md
- 5: https://github.com/stripe/stripe-node/wiki
Stripe v16→v22 requires testing before merge.
This PR updates Stripe from v16.x to v22.x—a jump of 6 major versions with documented breaking changes: callback support removal, API key argument handling changes, argument order strictness, and TypeScript type restructuring.
However, the codebase uses modern patterns compatible with v22:
- All Stripe client instances use
new Stripe(key, { apiVersion: '2024-06-20' as Stripe.LatestApiVersion }), the correct modern instantiation - No callback-style API usage detected
- Explicit apiVersion pinning prevents forced upgrade to v22's default API version behavior
Required before merge: Run the full test suite against v22.1.1, especially:
tests/integration/stripe/(payment flow integration tests)tests/unit/payments/webhookSignature.test.ts(webhook signature validation)- Any tests exercising the Stripe services (
cardService,balanceService,webhookHandler,validateStripe)
Verify that TypeScript compilation completes without type errors (v22 restructured type exports).
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@package.json` at line 29, You upgraded Stripe from v16→v22 in package.json;
before merging run the full test suite and fix any breaks: execute all tests,
with focus on tests/integration/stripe/,
tests/unit/payments/webhookSignature.test.ts, and any tests touching
cardService, balanceService, webhookHandler, and validateStripe; ensure
TypeScript compiles (tsc) and address v22 type changes (restructured type
exports) and any API signature differences (constructor new Stripe(key, {
apiVersion: ... }) is correct) or changed argument orders by updating call sites
and imports to the new v22 typings and APIs until tests and compilation pass.
Stripe 22 no longer exposes the old resource namespaces through the CommonJS default constructor type. Import the resource types directly while preserving the pinned Stripe API version used by the app.
There was a problem hiding this comment.
Actionable comments posted: 2
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
src/payments/providers/stripe/cardService.ts (1)
145-146: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick winReplace
anycasts with a proper type for expanded card fields.The pipeline flags these
anytype assertions. When expandingnumberandcvc, the Stripe SDK returns these fields, but the baseCardtype doesn't include them. Define a proper interface for the expanded card response instead of usingany.💡 Proposed fix with proper typing
+interface ExpandedCard extends Card { + number: string; + cvc: string; +} + export async function revealCard(intentId: string): Promise<CardReveal> { const stripe = getStripeClient(); const card = await prisma.virtualCard.findUnique({ where: { intentId } }); if (!card) throw new IntentNotFoundError(intentId); if (card.revealedAt) throw new CardAlreadyRevealedError(intentId); // Retrieve card with expanded number and CVC (test mode only) let stripeCard: Card; try { - stripeCard = await stripe.issuing.cards.retrieve(card.providerCardId, { + stripeCard = (await stripe.issuing.cards.retrieve(card.providerCardId, { expand: ['number', 'cvc'], - }); + })) as ExpandedCard; } catch (err) { if (err instanceof Stripe.errors.StripeError) { log.error( { intentId, type: err.type, code: err.code, err }, 'Failed to retrieve card details', ); } throw err; } // Mark as revealed — destructive, one-time only await prisma.virtualCard.update({ where: { intentId }, data: { revealedAt: new Date() }, }); return { - number: (stripeCard as any).number ?? '', - cvc: (stripeCard as any).cvc ?? '', + number: (stripeCard as ExpandedCard).number ?? '', + cvc: (stripeCard as ExpandedCard).cvc ?? '', expMonth: stripeCard.exp_month, expYear: stripeCard.exp_year, last4: stripeCard.last4, }; }🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/payments/providers/stripe/cardService.ts` around lines 145 - 146, Replace the ad-hoc any casts by declaring a proper expanded Stripe card type (e.g., interface ExpandedStripeCard { number?: string; cvc?: string } or an intersection type) and use it for the expanded response instead of (stripeCard as any); update occurrences where you access number and cvc (e.g., stripeCard, number, cvc, and the function that maps Stripe cards to your Card model in cardService.ts) to cast to or accept ExpandedStripeCard so you can safely use stripeCard.number and stripeCard.cvc without any.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/payments/providers/stripe/stripeClient.ts`:
- Line 10: The Stripe SDK API version is hardcoded as '2024-06-20' which
conflicts with the SDK's pinned version; update the API version string to
'2026-04-22.dahlia' wherever it's set: change the initializer that assigns
_stripe (the line creating new Stripe(key, { apiVersion: ... }) in
stripeClient.ts) and the API version reference used in validateStripe (the
API/version constant or literal in validateStripe.ts, e.g., the validateStripe
function or constant that checks/uses the API version) so both files use
'2026-04-22.dahlia' to match the SDK.
In `@src/payments/providers/stripe/webhookHandler.ts`:
- Line 1: The file imports the default Stripe namespace ("import Stripe from
'stripe';") but that symbol is unused; remove the unused import to clean up the
module and avoid linter errors. Delete the "Stripe" default import statement
from webhookHandler.ts (leaving any other existing imports intact) and run the
build/linter to confirm no references to the Stripe identifier remain.
---
Outside diff comments:
In `@src/payments/providers/stripe/cardService.ts`:
- Around line 145-146: Replace the ad-hoc any casts by declaring a proper
expanded Stripe card type (e.g., interface ExpandedStripeCard { number?: string;
cvc?: string } or an intersection type) and use it for the expanded response
instead of (stripeCard as any); update occurrences where you access number and
cvc (e.g., stripeCard, number, cvc, and the function that maps Stripe cards to
your Card model in cardService.ts) to cast to or accept ExpandedStripeCard so
you can safely use stripeCard.number and stripeCard.cvc without any.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: e3ee1914-083a-471d-9225-84861d1c2152
📒 Files selected for processing (7)
src/payments/providers/stripe/balanceService.tssrc/payments/providers/stripe/cardService.tssrc/payments/providers/stripe/checkoutSimulator.tssrc/payments/providers/stripe/spendingControls.tssrc/payments/providers/stripe/stripeClient.tssrc/payments/providers/stripe/validateStripe.tssrc/payments/providers/stripe/webhookHandler.ts
| const key = process.env.STRIPE_SECRET_KEY; | ||
| if (!key) throw new Error('STRIPE_SECRET_KEY env var is not set'); | ||
| _stripe = new Stripe(key, { apiVersion: '2024-06-20' as Stripe.LatestApiVersion }); | ||
| _stripe = new Stripe(key, { apiVersion: '2024-06-20' as typeof Stripe.API_VERSION }); |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
What API version does Stripe SDK 22.1.1 use by default or recommend?
💡 Result:
Stripe SDK 22.1.1 (stripe-node) pins and therefore uses the Stripe API version 2026-04-22.dahlia by default. Reasoning (from Stripe sources): stripe-node v22.1.1’s changelog states that the release “changes the pinned API version to 2026-04-22.dahlia.” [1] Stripe’s general SDK versioning docs also explain that, for server-side SDKs, API requests use the API version that was current at the time the SDK was released (with overrides handled via the documented versioning mechanisms). [2] Recommendation: For strongly typed SDKs (like stripe-node’s generated types), Stripe advises not to set a different API version than what the SDK is pinned to, because the response objects might not match the SDK’s strong types and could cause request failures. [3]
Citations:
- 1: https://docs.stripe.com/sdks/versioning?lang=ruby&locale=en-GB
- 2: https://docs.stripe.com/sdks/set-version.md
- 3: https://docs.stripe.com/sdks/versioning
🏁 Script executed:
# Find and examine stripeClient.ts
fd -t f stripeClient.tsRepository: JonasBaeumer/AgentWallet
Length of output: 114
🏁 Script executed:
# Also check for validateStripe.ts mentioned in the scratchpad
fd -t f validateStripe.tsRepository: JonasBaeumer/AgentWallet
Length of output: 116
🏁 Script executed:
# Check Stripe package version
cat package.json | grep -A 2 -B 2 '"stripe"'Repository: JonasBaeumer/AgentWallet
Length of output: 168
🏁 Script executed:
cat -n src/payments/providers/stripe/stripeClient.tsRepository: JonasBaeumer/AgentWallet
Length of output: 598
🏁 Script executed:
cat -n src/payments/providers/stripe/validateStripe.tsRepository: JonasBaeumer/AgentWallet
Length of output: 2061
Update API version from '2024-06-20' to '2026-04-22.dahlia' in both stripeClient.ts and validateStripe.ts.
The Stripe SDK 22.1.1 pins the API version to 2026-04-22.dahlia, but both files hardcode '2024-06-20'. Stripe's documentation explicitly advises against overriding the SDK's pinned API version for strongly-typed SDKs, as response objects may not match the SDK's types and could cause request failures.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/payments/providers/stripe/stripeClient.ts` at line 10, The Stripe SDK API
version is hardcoded as '2024-06-20' which conflicts with the SDK's pinned
version; update the API version string to '2026-04-22.dahlia' wherever it's set:
change the initializer that assigns _stripe (the line creating new Stripe(key, {
apiVersion: ... }) in stripeClient.ts) and the API version reference used in
validateStripe (the API/version constant or literal in validateStripe.ts, e.g.,
the validateStripe function or constant that checks/uses the API version) so
both files use '2026-04-22.dahlia' to match the SDK.
The Stripe 22 type-only webhook imports make the runtime Stripe default import unnecessary in webhookHandler, so remove it to keep lint green.
georgyia
left a comment
georgyia
left a comment
There was a problem hiding this comment.
Approved: Stripe 16→22 with resource-type import fixes; CI green (lint, typecheck, unit, integration, CodeQL, CodeRabbit). Merge blocked for me by base-branch policy—needs maintainer merge.
1 participant
Bumps stripe from 16.12.0 to 22.1.1.
Release notes
Sourced from stripe's releases.
... (truncated)
Changelog
Sourced from stripe's changelog.
... (truncated)
Commits
1899375Bump version to 22.1.1dae38edExport Decimal type from Stripe namespace (#2703)fe46e5fFix file upload regression: restore multipart request data processor (#2704)8595acbRemove defunct RunKit badge from README (#2701)4238484Bump version to 22.1.0ba707f8Update generated code (#2639)b7d6f88Preserve stack traces for async operations (#2688)bf563e1Bump version to 22.0.2e01b892Add emitEventBodies config to include bodies in request/response events (#2681)7ae0d66AddsparseEventNotificationAsyncto match existing sync function (#2685)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for stripe since your current version.
Summary by CodeRabbit
Chores
Refactor