There were a few changes needed:
* Plugins are now specified through `plugin:` config keyword.
* All plugin gems need to be specified explicitly in Gemfile since they
are no longer dependencies of plugins already specified explicitly.
* All plugin gems need to be updated in other to use the new APIs.
* One cop was renamed.
* New offenses safe to correct were corrected directly with `bundle exec
rubocop -a`.
* New offenses unsafe to correct were added to the TODO configuration
with `bundle exec rubocop --auto-gen-config --auto-gen-only-exclude
--exclude-limit 1400 --no-auto-gen-timestamp`.
If I regenerate the VCR cassetes for
spec/lib/stripe/payment_intent_validator_spec.rb, I get a lot of errors
like this:
```
Stripe::CardError:
Sending credit card numbers directly to the Stripe API is generally
unsafe. We suggest you use test tokens that map to the test card you are
using, see https://stripe.com/docs/testing. To enable testing raw card
data APIs, see
https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis.
```
It seems the sandbox environment associated to my developer API keys is
not allowed to send raw credit card data.
Instead of requesting Stripe support to enable that, or regenerate
cassettes with the API keys in Bitwarden, I figured we could migrate the
tests to not use raw credit card data.
Previous error is fixed, which allows the spec to proceed further, and
reveals that the current cassettes are missing some requests:
```
1) Stripe::PaymentIntentValidator#call as a guest when payment intent is valid valid non-3D credit cards are correctly handled behaves like payments intents from Visa returns payment intent id and does not raise
Failure/Error:
payment_intent_response = Stripe::PaymentIntent.retrieve(
payment_intent_id,
stripe_account: stripe_account_id
)
VCR::Errors::UnhandledHTTPRequestError:
================================================================================
An HTTP request has been made that VCR does not know how to handle:
GET https://api.stripe.com/v1/payment_intents/pi_3P8hNGKuuB1fWySn0dvhu9lG
VCR is currently using the following cassette:
(...)
```
Currently RSpec warns these specs like this:
```
WARNING: Using `expect { }.not_to raise_error(SpecificErrorClass)` risks false positives, since literally any other error would cause the
expectation to pass, including those raised by Ruby (e.g. `NoMethodError`, `NameError` and `ArgumentError`), meaning the code you are intending
to test may not even get reached. Instead consider using `expect { }.not_to raise_error` or `expect { }.to raise_error(DifferentSpecificErrorClass)`.
This message can be suppressed by setting: `RSpec::Expectations.configuration.on_potential_false_positives = :nothing`.
Called from /path/to/spec/lib/stripe/payment_intent_validator_spec.rb:53:in `block (7 levels) in <main>'.
```
The warnings are super accurate in this particular case: the inner
assertion is not actually getting reached due to a previous unrelated
error.
Since there's an inner assertion already, I think it's best to
completely remove to `raise_error` negative block, since it just hides
errors and buys us nothing.
By removing it, the underlying error surfaces:
```
1) Stripe::PaymentIntentValidator#call as a guest when payment intent is valid valid non-3D credit cards are correctly handled behaves like payments intents from Visa returns payment intent id and does not raise
Failure/Error:
create(:payment, amount: payment_intent.amount, payment_method:,
response_code: payment_intent.id, source: pm_card)
NoMethodError:
undefined method `has_query_constraints?' for Stripe::PaymentMethod:Class
elsif (klass || self.klass).has_query_constraints? || options[:query_constraints]
^^^^^^^^^^^^^^^^^^^^^^^
Shared Example Group: "payments intents" called from ./spec/lib/stripe/payment_intent_validator_spec.rb:75
# ./spec/lib/stripe/payment_intent_validator_spec.rb:16:in `block (3 levels) in <main>'
# ./spec/lib/stripe/payment_intent_validator_spec.rb:19:in `block (3 levels) in <main>'
# ./spec/lib/stripe/payment_intent_validator_spec.rb:53:in `block (7 levels) in <main>'
# ./spec/base_spec_helper.rb:208:in `block (2 levels) in <main>'
# ./spec/base_spec_helper.rb:155:in `block (3 levels) in <main>'
# ./spec/base_spec_helper.rb:155:in `block (2 levels) in <main>'
# -e:1:in `<main>'
```
Even without it, Rails seems to do this by default:
```console
$ RAILS_ENV=production SITE_URL=foo.bar SECRET_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx bin/rails db:drop
I, [2025-10-23T12:38:12.383244 #32647] INFO -- : [dotenv] Loaded .env
I, [2025-10-23T12:38:12.383292 #32647] INFO -- : [dotenv] Loaded .env
W, [2025-10-23T12:38:12.411675 #32647] WARN -- [Bugsnag]: No valid API key has been set, notifications will not be sent
bin/rails aborted!
ActiveRecord::ProtectedEnvironmentError: You are attempting to run a destructive action against your 'production' database.
If you are sure you want to continue, run the same command with the environment variable:
DISABLE_DATABASE_ENVIRONMENT_CHECK=1
Tasks: TOP => db:drop => db:check_protected_environments
(See full trace by running task with --trace)
```
And the gem hasn't been updated in 10 years, so probably best to get rid
of it.
I think this is the more relevant wiki page for someone looking into
regenerating cassettes.
Also, no need to mention bitwarden explicitly, the wiki page already
explains everything.
