Update dependency posthog-js to v1.396.3#334
Conversation
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
Pull request was closed
c6ab571 to
d3a9f55
Compare
d3a9f55 to
6db392c
Compare
6db392c to
f79cf27
Compare
f79cf27 to
14f20a0
Compare
14f20a0 to
77d6278
Compare
77d6278 to
eec9845
Compare
eec9845 to
d629dc7
Compare
d629dc7 to
e64a0f1
Compare
e64a0f1 to
fbf3a09
Compare
This PR contains the following updates:
1.392.0→1.396.3Release Notes
PostHog/posthog-js (posthog-js)
v1.396.3Compare Source
v1.396.2Compare Source
1.396.2
Patch Changes
b6261e7Thanks @marandaneto! - Include a Promise polyfill in the IE11 bundle and avoid Promise-dependent async compression paths when Promise support is unavailable.(2026-06-29)
v1.396.1Compare Source
1.396.1
Patch Changes
cdeae17Thanks @marandaneto! - Fall back to uncompressed browser requests when gzip encoding fails.(2026-06-29)
v1.396.0Compare Source
1.396.0
Minor Changes
74cc6bbThanks @TueHaulund! - Add aget_current_urlconfig option that overrides the URL used for client-side URL targeting — session replay URL triggers, the session replay URL blocklist, survey URL display conditions, product tour URL conditions, web experiment URL conditions, and autocapture URL allow/ignore lists. These match againstwindow.location.hrefdirectly, which does not reflect a$current_urlrewritten inbefore_send. Apps where the browser URL is not meaningful for targeting (e.g. Electron/desktop builds served from a generated host) can now return the logical URL to match against. Defaults towindow.location.hrefwhen not set.(2026-06-29)
Patch Changes
74cc6bb]:v1.395.0Compare Source
1.395.0
Minor Changes
6200888Thanks @turnipdabeets! - AddgetAllFeatureFlags(), which returns all currently loaded feature flags as structuredFeatureFlagResults (key,enabled,variant,payload). It is a synchronous read of the cached flags and does not send a$feature_flag_calledevent.(2026-06-26)
Patch Changes
6200888]:v1.394.0Compare Source
1.394.0
Minor Changes
919abcaThanks @ioannisj! - Capture the$device_modelsuper-property on Android Chromium vianavigator.userAgentData.getHighEntropyValues(['model']). Resolved once during init and sent on subsequent events; opt out withdisableDeviceModel: true.(2026-06-26)
v1.393.6Compare Source
1.393.6
Patch Changes
6ef9179Thanks @marandaneto! - Handle request serialization errors without throwing or blocking queued requests.(2026-06-26)
v1.393.5Compare Source
1.393.5
Patch Changes
619d318Thanks @marandaneto! - Improve console log capture performance for truncated large objects.(2026-06-25)
v1.393.4Compare Source
1.393.4
Patch Changes
c9c8925Thanks @hpouillot! - Fix browser console log capture when session activity timestamps are missing and refresh session attributes for each log.(2026-06-24)
c9c8925]:v1.393.3Compare Source
1.393.3
Patch Changes
f94deafThanks @ioannisj! - fix(surveys): guard handlePageUnload against version-skewed surveys instance missing the method(2026-06-24)
v1.393.2Compare Source
1.393.2
Patch Changes
1c9a811Thanks @ioannisj! - Stop logging a misleading "upgrade your PostHog server" warning for valid v2 flags responses that have no flags.(2026-06-24)
v1.393.1Compare Source
1.393.1
Patch Changes
99bad9cThanks @pauldambra! - Session replay network capture: add an opt-in streaming reader for request/response bodies that stops at the payload size limit instead of buffering the whole body and then discarding it — bounding memory and pre-request latency when a body is very large. It reads only a clone of the body, so it never consumes the stream the page itself reads, and always resolves (never rejects) into the page'sfetch. Off by default; enabled fordefaults: '2026-06-25'and settable directly viasession_recording.streamNetworkBody.(2026-06-24)
99bad9c]:v1.393.0Compare Source
1.393.0
Minor Changes
#3921
c28b161Thanks @marandaneto! - Adddisable_capture_url_hashesto strip URL fragments from automatically captured URLs. It is disabled by default for backwards compatibility, and enabled automatically whenconfig.defaultsis'2026-06-25'or later. Enabling it (either explicitly or via the'2026-06-25'defaults) is a breaking behavior change for SPAs that rely on URL hashes for routing or analytics, because hash-based routes will be collapsed to the same URL without the fragment in fields such as$current_url,$initial_current_url,$session_entry_url, autocapture$elements[*].attr__href,$external_click_url, replayhrefURLs, heatmaps, web vitals$current_url, logsurl.full, conversationscurrent_url/request_url, or Next.js Pages Router$pageview$current_url.If you only want to capture some hashes, leave hash capture enabled and use
before_sendto remove or redact sensitive hash values before events are sent. (2026-06-23)Patch Changes
c28b161]:Configuration
📅 Schedule: (UTC)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.