Description
The current package.json pins Stripe dependencies at significantly outdated major versions:
@stripe/stripe-js: ^2.4.0 (current stable is v5+)stripe (Node SDK): ^14.25.0 (current stable is v17+)
Impact
- Breaking API changes: Stripe v15/v16/v17 introduced new API patterns, improved TypeScript types, and deprecated several methods used in v14.
- Security: Older SDK versions may not include latest security patches and TLS handling improvements.
- Stripe API version drift: Newer SDK versions default to newer Stripe API versions, which include bug fixes and improved webhook signature verification.
Suggested Fix
"@stripe/stripe-js": "^5.0.0",
"stripe": "^17.0.0"
This will likely require updating:
- Webhook handler signature verification (API changed in v15+)
- Subscription creation flow (new patterns in v16+)
- Price/Product listing methods
Happy to submit a PR if this aligns with the project's direction.
Description
The current
package.jsonpins Stripe dependencies at significantly outdated major versions:@stripe/stripe-js:^2.4.0(current stable is v5+)stripe(Node SDK):^14.25.0(current stable is v17+)Impact
Suggested Fix
This will likely require updating:
Happy to submit a PR if this aligns with the project's direction.