feat: Use dub.customer.list to issue dual-sided incentives

[steven-tey]

What does this PR do?

This PR uses Dub's customer.list API to get the corresponding discount code for a referred user (if it exists).

Mandatory Tasks (DO NOT REMOVE)

• I have self-reviewed the code (A decent size PR without self-review might be rejected).
• I have updated the developer docs in /docs if this PR makes changes that would require a documentation change. If N/A, write N/A here and check the checkbox.
• I confirm automated tests are in place that prove my fix is effective or that my feature works.

How should this be tested?

Test the Stripe checkout flow to make sure everything runs as expected.

[vercel]

@steven-tey is attempting to deploy a commit to the cal Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

Hey there and thank you for opening this pull request! 👋🏼

We require pull request titles to follow the Conventional Commits specification and it looks like your proposed title needs to be adjusted.

Details:

No release type found in pull request title "[FEAT] Use dub.customer to issue dual-sided incentives". Add a prefix to indicate what kind of release this pull request corresponds to. For reference, see https://www.conventionalcommits.org/

Available types:
 - feat: A new feature
 - fix: A bug fix
 - docs: Documentation only changes
 - style: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
 - refactor: A code change that neither fixes a bug nor adds a feature
 - perf: A code change that improves performance
 - test: Adding missing tests or correcting existing tests
 - build: Changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm)
 - ci: Changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs)
 - chore: Other changes that don't modify src or test files
 - revert: Reverts a previous commit

[graphite-app]

Graphite Automations

"Add consumer team as reviewer" took an action on this PR • (01/03/25)

1 reviewer was added to this PR based on Keith Williams's automation.

"Add foundation team as reviewer" took an action on this PR • (01/03/25)

1 reviewer was added to this PR based on Keith Williams's automation.

"Add community label" took an action on this PR • (01/03/25)

1 label was added to this PR based on Keith Williams's automation.

[github-actions]

E2E results are ready!

• Workflow #42887.1 latest results

[Praashh]

LGTM!, waiting for @zomars and @sean-brydon to review it 🙏 .

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@formkit/[email protected]	None	0	35.4 kB	justin-schroeder
npm/@types/[email protected]	None	0	3.37 kB	types
npm/@types/[email protected]	None	0	868 kB	types
npm/@types/[email protected]	None	0	3.38 kB	types
npm/@types/[email protected]	None	0	1.63 MB	types
npm/[email protected]	None	0	23.6 kB	jedwatson
npm/[email protected]	None	0	669 kB	kewisch

🚮 Removed packages: npm/@axiomhq/[email protected], npm/@calcom/[email protected], npm/@calcom/[email protected], npm/@golevelup/[email protected], npm/@microsoft/[email protected], npm/@nest-lab/[email protected], npm/@nestjs/[email protected], npm/@nestjs/[email protected], npm/@nestjs/[email protected], npm/@nestjs/[email protected], npm/@nestjs/[email protected], npm/@nestjs/[email protected], npm/@nestjs/[email protected], npm/@nestjs/[email protected], npm/@nestjs/[email protected], npm/@nestjs/[email protected], npm/@nestjs/[email protected], npm/@nestjs/[email protected], npm/@sentry/[email protected], npm/@sentry/[email protected], npm/@sentry/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	CI
Critical CVE	npm/dompurify@=2.3.3	CVE: GHSA-p3vf-v8qc-cwcr DOMPurify vulnerable to tampering by prototype polution (CRITICAL) Affected versions: < 2.4.2 Patched version: 2.4.2	⚠︎
Possible typosquat attack	npm/[email protected]	Did you mean: ~~css-~~gradient-parser	⚠︎

View full report↗︎

Next steps

What is a critical CVE?

Contains a Critical Common Vulnerability and Exposure (CVE).

Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

What is a typosquat?

Package name is similar to other popular packages and may not be the package you want.

Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/dompurify@=2.3.3
• @SocketSecurity ignore npm/[email protected]