Bump activemerchant from 1.123.0 to 1.126.0

[dependabot]

Bumps activemerchant from 1.123.0 to 1.126.0.

Release notes

Sourced from activemerchant's releases.

v1.126.0

What's Changed

• GlobalCollect: Add support for Naranja and Cabal card types by @​dsmcclain in activemerchant/active_merchant#4286
• PayFlow Pro: Add Stored Credentials by @​dsmcclain in activemerchant/active_merchant#4288
• Decidir Plus: Fraud Detection Fields by @​naashton in activemerchant/active_merchant#4289
• Credorax: Update OpCode for Credit transactions by @​dsmcclain in activemerchant/active_merchant#4279
• Revert "Credorax: Update OpCode for Credit transactions" by @​dsmcclain in activemerchant/active_merchant#4306
• CE-2343 Bluesnap Idempotency by @​drkjc in activemerchant/active_merchant#4305
• Decidir Plus: Add supported methods by @​ajawadmirza in activemerchant/active_merchant#4284
• Paymentez: Fix authorize for core by @​ajawadmirza in activemerchant/active_merchant#4310
• Orbital: refactor gateway adapter and indicate support for network tokenization by @​dsmcclain in activemerchant/active_merchant#4309
• IPG: Remove Uruguay from supported countries by @​ajawadmirza in activemerchant/active_merchant#4311
• Decidir: Add sub_payments sub-fields to gateway by @​meagabeth in activemerchant/active_merchant#4315
• DecidirPlus: Add unstore method by @​ajawadmirza in activemerchant/active_merchant#4317
• Decidir & Decidir Plus: Revise handling of sub_payment sub-fields by @​meagabeth in activemerchant/active_merchant#4318
• Decidir Plus: Improve response messaging by @​naashton in activemerchant/active_merchant#4325
• PayU Latam: Refactor/fix failing remote tests by @​rachelkirk in activemerchant/active_merchant#4326
• Global Collect Success Criteria V2 by @​peteroas in activemerchant/active_merchant#4324
• SafeCharge: Change Verify to send 0 amount by @​dsmcclain in activemerchant/active_merchant#4332
• DLocal: Add support for force_type field by @​dsmcclain in activemerchant/active_merchant#4336
• Decidir Plus: name_override option on store by @​naashton in activemerchant/active_merchant#4346
• Stripe PI: test shipping address by @​ajawadmirza in activemerchant/active_merchant#4344
• Priority: Update add_purchases_data method by @​drkjc in activemerchant/active_merchant#4349
• DecidirPlus: Handle payment_method_id by card_brand by @​naashton in activemerchant/active_merchant#4350
• DecidirPlus: debit and payment_method_id fields by @​naashton in activemerchant/active_merchant#4351
• CE- 2403 Priority: Add GSF replay_id by @​drkjc in activemerchant/active_merchant#4352
• Moneris: ensure all remote tests pass by @​esmitperez in activemerchant/active_merchant#4354
• Stripe PI: standardize shipping_address fields by @​dsmcclain in activemerchant/active_merchant#4355
• Airwallex: Support gateway by @​therufs in activemerchant/active_merchant#4342
• Addition of invalid_amount for amount_too_small Stripe error handler by @​drabbytux in activemerchant/active_merchant#4319
• Payflow Pro: Add 3DS Support by @​esmitperez in activemerchant/active_merchant#4356
• Small Rubocop Fixes by @​dsmcclain in activemerchant/active_merchant#4358
• DecidirPlus: Add new fields by @​ajawadmirza in activemerchant/active_merchant#4361
• DecidirPlus: Update error_code method by @​ajawadmirza in activemerchant/active_merchant#4364
• Stripe PI: add request_three_d_secure to setup_intent by @​aenand in activemerchant/active_merchant#4365
• Adyen: Add custom amount for verify by @​ajawadmirza in activemerchant/active_merchant#4369
• Airwallex: QA by @​therufs in activemerchant/active_merchant#4367
• Moneris: Add 3DS MPI Fields Support by @​esmitperez in activemerchant/active_merchant#4373
• Duplicate(concat) Address sent - card_connect is concat. address1 and 2 causing a AVS error by @​ali-hassan in activemerchant/active_merchant#4362
• Cybersource: Remove Pinless Debit Transaction Functionality by @​peteroas in activemerchant/active_merchant#4370
• Rapyd: Add gateway support by @​meagabeth in activemerchant/active_merchant#4372
• Cybersource: Fix Existing Tests by @​peteroas in activemerchant/active_merchant#4374
• Airwallex: QA round 2 by @​therufs in activemerchant/active_merchant#4377
• Airwallex: Add descriptor field by @​dsmcclain in activemerchant/active_merchant#4379
• Visanet Peru: use timestamp for purchase number by @​naashton in activemerchant/active_merchant#4378
• Airwallex: Add Stored Credential support by @​drkjc in activemerchant/active_merchant#4382
• Rapyd: Add metadata and ewallet_id options by @​naashton in activemerchant/active_merchant#4387
• Priority: Refactor gateway integration, add additional fields to request by @​dsmcclain in activemerchant/active_merchant#4383
• Rapyd: Update type option to pm_type by @​naashton in activemerchant/active_merchant#4391
• Priority: Update verify method signature by @​dsmcclain in activemerchant/active_merchant#4394

... (truncated)

Changelog

Sourced from activemerchant's changelog.

== Version 1.126.0 (April 15th, 2022)

• Moneris: Add 3DS MPI field support [esmitperez] #4373
• StripePI: Add ability to change payment_method_type to confirm_intent [aenand] #4300
• GlobalCollect: Improve support for Naranja and Cabal card types [dsmcclain] #4286
• Payflow: Add support for stored credentials [ajawadmirza] #4277
• Orbital: Don't void $0 auths for Verify [javierpedrozaing] #2487
• StripePI: Enable Apple Pay and Google Pay payment methods [gasb150] #4252
• PaySafe: Update unstore method and authorization for redact [ajawadmirza] #4294
• CyberSource: Add national_tax_indicator fields in authorize and purchase [ajawadmirza] #4299
• NMI: Update gateway credentials to accept security_key [javierpedrozaing] #4302
• PaySafe: Fix commit for unstore method [ajawadmirza] #4303
• Ebanx: Add support for order_number field [ali-hassan] #4304
• BlueSnap: Add support for idempotency_key field [drkjc] #4305
• Paymentez: Update capture method to verify by otp for pending transactions [ajawadmirza] #4267
• BlueSnap: Update refund request and endpoint along with merchant transaction support [ajawadmirza] #4307
• DecidirPlus: Added authorize, capture, void, and verify methods [ajawadmirza] #4284
• Paymentez: Fix authorize to call purchase for otp flow [ajawadmirza] #4310
• Orbital: Indicate support for network tokenization [dsmcclain] #4309
• IPG: remove uruguay from supported countries [ajawadmirza] #4311
• Decidir: Add sub_payments sub-fields to gateway [meagabeth] #4315
• Priority: Add additional fields to purchase and capture requests [dsmcclain] #4301
• DecidirPlus: Added unstore method [ajawadmirza] #4317
• Decidir & Decidir Plus: Revise handling of sub_payment sub-fields [meagabeth] #4318
• DecidirPlus: Update unstore implementation to get token from params [ajawadmirza] #4320
• CyberSource: Add option for zero amount verify [gasb150] #4313
• PayU Latam: Refactor message_from method, fix failing remote tests [rachelkirk] #4326
• Adyen: Add currencies with three decimals places [gasb150] #4322
• GlobalCollect: Stregthen success criteria for void action [peteroas] #4324
• Priority Payment Systems - Clean up/refactor gateway file and tests [ali-hassan] #4327
• SafeCharge: change verify to send 0 amount [dsmcclain] #4332
• DLocal: add support for force_type field [dsmcclain] #4336
• Barclaycard SmartPay: Support more nonstandard currencies [jherreraa] #4335
• DecidirPlus: name_override option on store [naashton] #4338
• Priority: Update add_purchases_data to return if options[:purchases] is empty [drkjc] #4349
• Stripe PI: update shipping field to shipping_address [ajawadmirza] #4347
• DecidirPlus: Handle payment_method_id by card_brand [naashton] #4350
• DecidirPlus: debit and payment_method_id fields [naashton] #4351
• Adyen: Include Application ID in adyen authorize and purchase transactions [peteroas] #4343
• Priority: Add support for replay_id field [drkjc] #4352
• Stripe PI: standardize shipping_address fields [dsmcclain] #4355
• Airwallex: support gateway [therufs] #4342
• Litle: Translate google_pay as android_pay [javierpedrozaing] #4331
• Braintree: Add ACH support for store [cristian] #4285
• Simetrik: Add support for Simetrik gateway [simetrik-frank] #4339
• EBANX: Change amount for Mexico and Chile [flaaviaa] #4337
• DecidirPlus: Add establishment_name, aggregate_data, sub_payments, card_holder_identification_type, card_holder_identification_number, card_door_number, and card_holder_birthday fields [ajawadmirza] #4361
• DecidirPlus: Update error_code_from to get error reason id [ajawadmirza] #4364
• Dlocal: Add three_ds mpi support [cristian] #4345
• Stripe PI: Add request_three_d_secure field for create_setup_intent [aenand] #4365
• Adyen: Add verify_amount field for verify [ajawadmirza] #4369

... (truncated)

Commits

• f7ca1f9 Airwallex: Add support for original_transaction_id
• a9d5b3a Release v1.126.0 (#4402)
• eda06d0 Add Cartes Bancaires bin ranges (#4398)
• f5ba1db Airwallex: Add 3DS Global Support
• 987ac8b Multiple Gateways: Resolve when/case bug
• 9d22fb2 NMI: Update post URL
• cb45b38 Priority: add settled and voided to list of successful response statuses
• fdec498 Conekta: Fix remote test
• 15379d2 Priority: Update verify method signature
• 2f3db70 Rapyd: Update type option to pm_type
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[mkllnk]

This upgrade introduced #9580. We need to solve that problem before we upgrade again. And to solve that problem, we should probably introduce VCR tests.

I'll add some random commit to this so that Dependabot won't close it and open a new PR for newer versions.

[filipefurtad0]

Hey @mkllnk I think I may have found a relevant spec:

openfoodnetwork/spec/requests/checkout/stripe_sca_spec.rb

Line 198 in 21054c1

context "when the user submits a new card and requests that the card is saved for later" do

Thinking out loud 🦆
So, if I understand correctly, this example did not catch bug #9580 because this spec is mocking a request/response, it never makes/caches a real request. I think we might be able to catch this one here on this request spec, since we're not necessarily dealing with :js on the browser (stripe card form).

Edit: I mean, we're dealing with :js on the browser level, but upgrading active_merchant should not really influence that I think...

[filipefurtad0]

Continuing 🦆
Agree this one is relevant as well - here we're indeed dealing with :js (browser). So puffing-billy would be the way to go to intercept these requests.

I'm thinking though if https://github.com/phillbaker/capybara-mechanize would be suitable here too, in the case we would skip js too 🤔

[mkllnk]

I don't see how capybara-mechanize would help here. That seems to be a tool to make actual web requests from specs but we want to deal with the requests sent from our app and record real responses to replay.

[filipefurtad0]

I think this change could be the culprit:

https://github.com/activemerchant/active_merchant/pull/4365/files#diff-19492101b546175aa3ca6a16ec7d0a610d0adae03cbaf130eff54092dec8e0fbR127

We don't send this param whe we create a payment intent:
request_three_d_secure(post, options)

It's missing from lib/active_merchant/billing/gateways/stripe_payment_intents_decorator.rb

[mkllnk]

We don't send this param whe we create a payment intent:
request_three_d_secure(post, options)

It's missing from lib/active_merchant/billing/gateways/stripe_payment_intents_decorator.rb

Great research, thank you! That's the big problem with monkey-patching code like this. It looks like this code was originally copied to get a newer version while we were still stuck with old ActiveMerchant:

openfoodnetwork/lib/active_merchant/billing/gateways/stripe_payment_intents.rb

Lines 1 to 3 in 5724c3b

	# Here we bring commit 823faaeab0d6d3bd75ee037ec894ab7c9d95d3a9 from ActiveMerchant v1.98.0
	# This class integrates with the new StripePaymentIntents API
	# This can be removed once we upgrade to ActiveMerchant v1.98.0

We are well passed v1.98 now and can probably just remove that code from our code base. But reproducing the issue with a spec first would give us more confidence that we are not breaking anything else.

[sigmundpetersen]

There was an attempt at removing the decorator in #8071 , maybe we can find some useful bits in there

[jibees]

This upgrade introduced #9580.

As #9580 is closed (via #9585) now, I rebased this one.

[sigmundpetersen]

@dependabot-bot recreate

[jibees]

Should we merge (or test before merging) this one?

[filipefurtad0]

I think this needs manual testing - I have not managed to reproduce #9580 with a VCR/automated test yet.

I think it might need a code change - but perhaps best to verify if the bug is still triggered with this bump.

[filipefurtad0]

Still there, checking out:

• with a new card
• ticking "Remember this card?"

triggers:

And prevents checkout completion.

[jibees]

Thanks @filipefurtad0 !

[dependabot]

Looks like activemerchant is up-to-date now, so this is no longer needed.

[dacook]

ActiveMerchant was accidentally updated in #9850, which closed this PR. But it's been reverted (d5ae5c9), so I'm re-opening this PR.

@filipefurtad0 has re-tested:

I could not reproduce the bug anymore (which is good but puzzling, nonetheless)

It looks like we never managed to catch the original error in a spec, so we are still 'unprotected' from whatever happened before. But we can't reproduce it now, so I don't think we could write a new spec now. So it's probably best to just move on.

What do you think @filipefurtad0? Is there any other manual testing to be done before we merge?

[filipefurtad0]

Thank you so much for following up on this @dacook 🙏

I'd have a quick test on this PR again, to check if the checkout problem occurs - just to make sure - and post back here.

[filipefurtad0]

I was still able to reproduce the error on #9580 (checking out while saving a new card like x-3184) on lib/active_merchant/billing/gateways/stripe_payment_intents_decorator.rb:60 store. It triggers an error 500.

https://app.bugsnag.com/yaycode/openfoodnetwork-uk/errors/62fb43b59ffd5b0008478b23?filters[event.since]=30d&filters[error.status]=open&pivot_tab=event

lib/active_merchant/billing/gateways/stripe_payment_intents_decorator.rb:60 store

57 post[:validate] = options[:validate] unless options[:validate].nil?
58 post[:description] = options[:description] if options[:description]
59 post[:email] = options[:email] if options[:email]
60 customer = commit(:post, 'customers', post, options)
61 customer_id = customer.params['id']

Why do we observe this now, and not from staging the RSpec bump #9850?

I don't know. For some reason, some PR's I've staged yesterday did not reflect all changes in master (see this example). This can be due to:

• Caching issue?
• something with deployments?
• something at the staging-server AU?

I'm not sure. In any case, the error was triggered now on staging-UK, so, I think we're still not ready for this bump.

[dacook]

I'm glad you double-checked, thanks @filipefurtad0 ! Great work on documenting the findings. Looks like we need to be careful with this one.

[filipefurtad0]

@dependabot rebase

[filipefurtad0]

Marked ready for review by mistake - undid this now.

[dependabot]

Superseded by #10801.