Bump pay from 2.6.4 to 6.3.2

[dependabot]

Bumps pay from 2.6.4 to 6.3.2.

Release notes

Sourced from pay's releases.

v6.2.4

Full Changelog: pay-rails/pay@v6.2.3...v6.2.4

v6.2.3

Full Changelog: pay-rails/pay@v6.2.2...v6.2.3

v6.2.2

Full Changelog: pay-rails/pay@v6.2.1...v6.2.2

v6.2.1

Full Changelog: pay-rails/pay@v6.2.0...v6.2.1

v6.2.0

What's Changed

• Add braintree subscription sync method by @​excid3 in pay-rails/pay#760

Full Changelog: pay-rails/pay@v6.1.2...v6.2.0

v6.1.2

Full Changelog: pay-rails/pay@v6.1.1...v6.1.2

v6.1.1

What's Changed

• Fixes localization of the default refund description by @​mpvosseller in pay-rails/pay#743
• add reference to Stripe docs for customer object attributes by @​cjilbert504 in pay-rails/pay#745
• Add clarity for flow of syncing attributes by @​cjilbert504 in pay-rails/pay#744
• Fix NameError by @​pooriar in pay-rails/pay#748
• Bump receipts from 2.0.0 to 2.1.0 by @​dependabot in pay-rails/pay#747
• Bump stimulus-rails from 1.1.1 to 1.2.1 by @​dependabot in pay-rails/pay#746
• Bump rails-html-sanitizer from 1.4.3 to 1.4.4 by @​dependabot in pay-rails/pay#756
• Bump loofah from 2.19.0 to 2.19.1 by @​dependabot in pay-rails/pay#755
• Bump nokogiri from 1.13.9 to 1.13.10 by @​dependabot in pay-rails/pay#751

New Contributors

• @​pooriar made their first contribution in pay-rails/pay#748

Full Changelog: pay-rails/pay@v6.1.0...v6.1.1

v6.1.0

What's Changed

• Update gems for pay 6 by @​ameft in pay-rails/pay#739
• Update Stripe API version for pay 6 by @​ameft in pay-rails/pay#738
• swap order of operations to attempt to subscribe to a new plan first … by @​cjilbert504 in pay-rails/pay#740

New Contributors

• @​ameft made their first contribution in pay-rails/pay#739

Full Changelog: pay-rails/pay@v6.0.3...v6.1.0

... (truncated)

Changelog

Sourced from pay's changelog.

6.3.2

• [SECURITY] Fix XSS vulnerability in back parameter on Stripe payment page Previously, an attacker could inject Javascript or redirect the user to any URL by changing the back parameter in the URL. The back parameter is now sanitized and restricted to relative paths.
• Remove unused attributes for plan and quantity in app/models/pay/customer.rb.
• Add explicit requires for active_support and action_mailer in lib/pay.rb. This should provide better errors for anyone not requiring all of Rails.

6.3.1

• Fix retry_past_due_subscriptions to now call pay_open_invoices

6.3.0

• Add payment_failed email to notify customers of failed payments and update their billing information This can be disabled with Pay.emails.payment_failed = true if you already use a dunning email service
• subscription now sorts by created_at to find the latest subscription. This adds compatibility for UUID primary keys on pay tables.
• Add unpaid scope to Pay::Subscription
• Add pay_open_invoices to Pay::Stripe::Subscription If you have a subscription with open invoices (like an unpaid metered billing subscription), you can use this method to pay the open invoices and allow the user to resume the subscription

6.2.4

• Set created_at on Braintree charges to match transaction created_at
• Sync Braintree payment method during subscription sync since we already have to look it up
• Handle missing Braintree subscription when syncing charge
• Fix Pay::Charge.payment_processor scopes to join the customers table

6.2.3

• Fix Braintree PaymentMethod sync reference to gateway

6.2.2

• Fix pause_active? for stripe incorrectly returning true
• Refactor Braintree cancel / cancel_now to use sync

6.2.1

• Use paid_through_date for ends_at with canceled subscriptions

6.2.0

• Add Pay::Braintree::Subscription.sync
• Add Pay::Braintree::Charge.sync
• Switch Braintree webhooks to use sync
• Automatically save first charge when subscribing with Braintree
• Add email for PayPal charges and username for Venmo charges on Braintree

6.1.2

... (truncated)

Upgrade guide

Sourced from pay's upgrade guide.

Upgrade Guide

Follow this guide to upgrade older Pay versions. These may require database migrations and code changes.

Pay 5.0 to 6.0

This version adds support for accessing the start and end of the current billing period of a subscription. This currently only works with Stripe subscriptions.

Fields changed:

• Adds current_period_start and current_period_end to Pay::Subscription
• Adds metered to Pay::Subscription for metered billing
• Adds pause_behavior, pause_starts_at, and pause_resumes_at to Pay::Subscription

Backfills metered and paused columns from data json column

To upgrade you must add and run the following database migration.

class UpgradeToPayVersion6 < ActiveRecord::Migration[6.0]
  def change
    add_column :pay_subscriptions, :current_period_start, :datetime
    add_column :pay_subscriptions, :current_period_end, :datetime
add_column :pay_subscriptions, :metered, :boolean
add_column :pay_subscriptions, :pause_behavior, :string
add_column :pay_subscriptions, :pause_starts_at, :datetime
add_column :pay_subscriptions, :pause_resumes_at, :datetime
add_index :pay_subscriptions, :metered
add_index :pay_subscriptions, :pause_starts_at
Pay::Subscription.find_each do |pay_subscription|
pay_subscription.update(
metered: pay_subscription.data&amp;.dig(&quot;metered&quot;),
pause_behavior: pay_subscription.data&amp;.dig(&quot;pause_behavior&quot;),
pause_starts_at: pay_subscription.data&amp;.dig(&quot;paddle_paused_from&quot;),
pause_resumes_at: pay_subscription.data&amp;.dig(&quot;pause_resumes_at&quot;)
)
end

end
end

Stripe subscriptions created before this upgrade will gain the current_period_start and current_period_end attributes the next time they are synced. You can manually sync a Stripe subscription by running Pay::Stripe::Subscription.sync("STRIPE_SUBSCRIPTION_ID")

Pay 3.0 to 4.0

This is a major change to add Stripe tax support, Stripe metered billing, new configuration options for payment processors and emails, syncing additional customer attributes to Stripe and Braintree, and improving the architecture of Pay.

Jump to a topic

... (truncated)

Commits

• c067771 Version bump
• 5d6283a Fix XSS vulnerability on Stripe payment page
• a1f60d1 Add simple test for Stripe Link charges
• bd58681 Update test dependencies
• 29fc5d7 Merge branch 'master' of github.com:pay-rails/pay
• 7b2f8a3 Use only unpkg CDN. Fixes #806
• 59728b6 Update email configuration documentation (#800)
• 187492d Re-add IntegrationTest fixture path for older Rails
• cf08497 Merge branch 'master' of github.com:pay-rails/pay
• 5de2712 Merge branch 'dwarfmondo-feature/790-fake-processor-subscriptions'
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.