fix: webhook validation when float weight field is present (closes #467)

[Justintime50]

Description

When the weight field is present on a webhook (eg: tracking update), it gets converted but JS drops the decimal if .0 which often is the case. This breaks webhook validation because HMAC signatures won't match if it's altered at all. This properly puts back the .0 if necessary and missing to ensure that validation will continue to work. Tests validate that we properly compare the signatures

Testing

Pull Request Type

Please select the option(s) that are relevant to this PR.

• [x] Bug fix (non-breaking change which fixes an issue)
• [ ] New feature (non-breaking change which adds functionality)
• [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
• [ ] Improvement (fixing a typo, updating readme, renaming a variable name, etc)

[footcarts]

Hi,

I just noticed that this regex is missing an edge case. When I initially wrote it, I only saw examples of weight with values of null and whole numbers formatted with .0. After running the regex for a while, I discovered that weight can also have other decimal values, like 614.4. In this case, the old regex does not ignore these values and incorrectly inserts .0, resulting in 614.4 being transformed into 61.04.4. I have now updated the regex to support these cases.

.replace(/("weight":\s*)(\d+)(\s*)(?=,|\})/g,"$1$2.0")

We have been running this updated version and have had 0 webhook validation errors.

[Justintime50]

Fantastic, thanks for the updated info! We've incorporated that.