Bump stripe from 11.4.0 to 13.2.0

[dependabot]

Bumps stripe from 11.4.0 to 13.2.0.

Release notes

Sourced from stripe's releases.

v13.0.1

• #1633 add httpx to optional deps and only ship tests in sdist

  • Add new async optional dependency. Now, pip install stripe[async] gets you everything you need to make async HTTP calls out of the box.

• #1632 remove gpg step from publish

• #1627 Re-add tests to our sdist

• #1626 Make nested params classes importable

  • Make newly combined nested params classes importable, as raised in stripe/stripe-python#1625
    • For example, from stripe.params.checkout import SessionCreateParamsDiscount would raise an error. Now it is valid

• #1620 Remove manual promotion code test

• #1619 Update param in deprecation docs link

See the changelog for more details.

v13.0.0

This release changes the pinned API version to 2025-09-30.clover and contains breaking changes (prefixed with ⚠️ below)

• #1604 Fixed InvoiceLineItem method definition
  • ⚠️ InvoiceLineItem.modify and InvoiceLineItem.modify_async now require invoice and line_item_id as method parameters.
    • Removed InvoiceLineItem.ModifyParam class. Use a typing.dict to type hint instead.
• #1538 ⚠️ Add strongly typed EventNotifications We've overhauled how V2 Events are handled in the SDK! This approach should provide a lot more information at authoring and compile time, leading to more robust integrations. As part of this process, there are a number of changes to be aware of.
  • Added matching EventNotification classes to every v2 Event. For example, there's now a V1BillingMeterErrorReportTriggeredEventNotification to match the existing V1BillingMeterErrorReportTriggeredEvent. Each notification class defines a fetch_event() method to retrieve its corresponding event. For events with related objects, there's a fetch_related_object() method that performs the API call and casts the response to the correct type.
  • ⚠️ Rename function StripeClient.parse_thin_event to StripeClient.parse_event_notification and remove the Stripe.ThinEvent class.
    • This function now returns a stripe.v2.core.EventNotification (which is the shared base class that all of the more specific stripe.events.*EventNotification classes share) instead of Stripe.ThinEvent. When applicable, these event notifications will have the related_object property and a fetch_related_object() function. They also have a fetch_() method to retrieve their corresponding stripe.events.*Event instance.
    • If you parse an event the SDK doesn't have types for (e.g. it's newer than the SDK you're using), you'll get an instance of Stripe.Events.UnknownEventNotification instead of a more specific type. It has both the relatedObject property and the FetchRelatedObject() function (but they may be/return null)
• #1602 Move V2.Event API resources to V2.Core.Events
  • ⚠️ Move stripe.v2._event and stripe.v2._event_destination to stripe.v2.core._event and stripe.v2.core._event_destination respectively. They now correctly match their API path
• #1589 Add StripeContext object
  • Add the StripeContext class. Previously, one could only pass a string for stripe_context. You can now use the new class as well.
  • ⚠️ Change EventNotification (formerly known as ThinEvent)'s context property from string to StripeContext
• #1565 ⚠️ Build SDK w/ V2 OpenAPI spec
  • ⚠️ The delete methods for v2 APIs (the ones in the StripeClient.v2 namespace) now return a V2DeletedObject which has the id of the object that has been deleted and a string representing the type of the object that has been deleted.
  • ⚠️ Deeply nested param hashes with no properties no longer have classes generated for them. Instead, they're typed as Dict[str, Any]. Because there were no params, it's unlikely you were using these classes.
• #1569 Renamed Urllib2Client to UrllibClient
  • ⚠️ Rename http_client.Urllib2Client to http_client.UrllibClient as Python urllib2 was renamed to urllib in Python 3.
• #1606 ⚠️ drop support for Python 3.6 & clarify version policy
  • Read our new language version support policy
    • ⚠️ In this release, we drop support for Python 3.6
    • Support for Python 3.7 is deprecated and will be removed in the next scheduled major release (March 2026)
• #1596 ⚠️ Unify resource and service method parameters into one class
  • ⚠️ Resource and service request parameter types have been moved to the top-level and are shared, prepended with their related resource/service
    • For example, _stripe._account.Account.CreateParams and _stripe._account_service.CreateParams have moved to _stripe.params._account_create_params.AccountCreateParams
    • This change only affects users who explicitly refer to params types. No migration is necessary for users otherwise
• #1572 migrate from setup.py to pyproject.toml
  • ⚠️ The package has swapped from setup.py to pyproject.toml. As a result, we're dropping support for pip < 10.0.0 (released April 2018).
  • Additionally, we're no longer shipping tests or examples in our sdist now, which should offer a small size reduction for the package if installed without the wheel (approx. 2.5MB unzipped)
• #1570 Don't use mutable default arguments
  • Service methods now correctly set None as the default function argument instead of {}
• ⚠️ Deprecated the V1 service accessors living directly under StripeClient(e.g. customers, products) as they were copied under the new V1 service in our last release. Service accessors living directly under StripeClient(e.g. customers, products) will be removed from StripeClient in a future release. E.g.

... (truncated)

Changelog

Sourced from stripe's changelog.

13.0.1 - 2025-10-03

• #1626 Make the new nested params classes correctly importable
  • For example, In SDK v13.0.0, from stripe.params.checkout import SessionCreateParamsDiscount would raise an error when it shouldn't have. This is fixed.
  • Reported in stripe/stripe-python#1625
• #1633 Add new async optional dependency
  • Now, pip install stripe[async] gets you everything you need to make async HTTP calls out of the box.
  • Reported in stripe/stripe-python#1558
• #1627 Re-add tests to our sdist
  • Reported in stripe/stripe-python#1616
• #1632 remove gpg step from publish. PyPI has ignored these for years, so we took the opportunity to simplify our build process

13.0.0 - 2025-09-30

This release changes the pinned API version to 2025-09-30.clover and contains breaking changes (prefixed with ⚠️ below)

• #1604 Fixed InvoiceLineItem method definition
  • ⚠️ InvoiceLineItem.modify and InvoiceLineItem.modify_async now require invoice and line_item_id as method parameters.
    • Removed InvoiceLineItem.ModifyParam class. Use a typing.dict to type hint instead.
• #1538 ⚠️ Add strongly typed EventNotifications We've overhauled how V2 Events are handled in the SDK! This approach should provide a lot more information at authoring and compile time, leading to more robust integrations. As part of this process, there are a number of changes to be aware of.
  • Added matching EventNotification classes to every v2 Event. For example, there's now a V1BillingMeterErrorReportTriggeredEventNotification to match the existing V1BillingMeterErrorReportTriggeredEvent. Each notification class defines a fetch_event() method to retrieve its corresponding event. For events with related objects, there's a fetch_related_object() method that performs the API call and casts the response to the correct type.
  • ⚠️ Rename function StripeClient.parse_thin_event to StripeClient.parse_event_notification and remove the Stripe.ThinEvent class.
    • This function now returns a stripe.v2.core.EventNotification (which is the shared base class that all of the more specific stripe.events.*EventNotification classes share) instead of Stripe.ThinEvent. When applicable, these event notifications will have the related_object property and a fetch_related_object() function. They also have a fetch_() method to retrieve their corresponding stripe.events.*Event instance.
    • If you parse an event the SDK doesn't have types for (e.g. it's newer than the SDK you're using), you'll get an instance of Stripe.Events.UnknownEventNotification instead of a more specific type. It has both the relatedObject property and the FetchRelatedObject() function (but they may be/return null)
• #1602 Move V2.Event API resources to V2.Core.Events
  • ⚠️ Move stripe.v2._event and stripe.v2._event_destination to stripe.v2.core._event and stripe.v2.core._event_destination respectively. They now correctly match their API path
• #1589 Add StripeContext object
  • Add the StripeContext class. Previously, one could only pass a string for stripe_context. You can now use the new class as well.
  • ⚠️ Change EventNotification (formerly known as ThinEvent)'s context property from string to StripeContext
• #1565 ⚠️ Build SDK w/ V2 OpenAPI spec
  • ⚠️ The delete methods for v2 APIs (the ones in the StripeClient.v2 namespace) now return a V2DeletedObject which has the id of the object that has been deleted and a string representing the type of the object that has been deleted.
  • ⚠️ Deeply nested param hashes with no properties no longer have classes generated for them. Instead, they're typed as Dict[str, Any]. Because there were no params, it's unlikely you were using these classes.
• #1569 Renamed Urllib2Client to UrllibClient
  • ⚠️ Rename http_client.Urllib2Client to http_client.UrllibClient as Python urllib2 was renamed to urllib in Python 3.
• #1606 ⚠️ drop support for Python 3.6 & clarify version policy
  • Read our new language version support policy
    • ⚠️ In this release, we drop support for Python 3.6
    • Support for Python 3.7 is deprecated and will be removed in the next scheduled major release (March 2026)
• #1596 ⚠️ Unify resource and service method parameters into one class
  • ⚠️ Resource and service request parameter types have been moved to the top-level and are shared, prepended with their related resource/service
    • For example, _stripe._account.Account.CreateParams and _stripe._account_service.CreateParams have moved to _stripe.params._account_create_params.AccountCreateParams
    • This change only affects users who explicitly refer to params types. No migration is necessary for users otherwise
• #1572 migrate from setup.py to pyproject.toml
  • ⚠️ The package has swapped from setup.py to pyproject.toml. As a result, we're dropping support for pip < 10.0.0 (released April 2018).
  • Additionally, we're no longer shipping tests or examples in our sdist now, which should offer a small size reduction for the package if installed without the wheel (approx. 2.5MB unzipped)
• #1570 Don't use mutable default arguments
  • Service methods now correctly set None as the default function argument instead of {}
• ⚠️ Deprecated the V1 service accessors living directly under StripeClient(e.g. customers, products) as they were copied under the new V1 service in our last release. Service accessors living directly under StripeClient(e.g. customers, products) will be removed from StripeClient in a future release. E.g.

  client = StripeClient("sk_test...")

... (truncated)

Commits

• 648173b Bump version to 13.0.1
• 0116885 add httpx to optional deps and only ship tests in sdist (#1633)
• c70d785 remove gpg step from publish (#1632)
• d50cabb Re-add tests to our sdist (#1627)
• a71c1fd Make nested params classes importable (#1626)
• 62987d6 Remove manual promotion code test (#1620)
• 43df6ee update doc link (#1619)
• 7bdad07 fix publish script (#1612)
• 1632b6c Bump version to 13.0.0
• 0f3c93e ⚠️ drop support for Python 3.6 & clarify version policy (#1606)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dependabot]

A newer version of stripe exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

[gherceg]

I may not be following fully, but does str(autopay) need to be str(autopay).lower()?

[AmitPhulera]

Nope. We check for True as strings in

commcare-hq/corehq/apps/accounting/models.py

Lines 3739 to 3740 in 0ee0cbf

	def _is_autopay(card, billing_account):
	return card.metadata.get(StripePaymentMethod._auto_pay_card_metadata_key(billing_account)) == 'True'

That is why the test was failing in first place.

We were passing in boolean value for autopay here and stripe sdk in the newer version was translating it to true which failed the check in _is_autopay method.

[millerdev]

This doesn't seem relevant to the Stripe upgrade, and maybe should be reverted?

What version of UV are you using? I'm on v0.9.5, fwiw

[AmitPhulera]

Thanks for catching this. I think it was caused by my older uv version.
I was on uv 0.7.6 (7f3e94a09 2025-05-19) just upgraded to v0.9.8 and ran uv lock --upgrade-package=stripe and it reverted the change.