Skip to content

chore(deps): update dependency posthog-js to v1.399.0#164

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/posthog-js-1.x-lockfile
Open

chore(deps): update dependency posthog-js to v1.399.0#164
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/posthog-js-1.x-lockfile

Conversation

@renovate

@renovate renovate Bot commented May 22, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
posthog-js (source) 1.374.41.399.0 age confidence

Release Notes

PostHog/posthog-js (posthog-js)

v1.399.0

Compare Source

1.399.0

Minor Changes
  • #​4115 86bb3a5 Thanks @​DanielVisca! - add the posthog.metrics API (count, gauge, histogram) — alpha

    A statsd-style pre-aggregating metrics client for the PostHog Metrics product (alpha). Samples are folded into per-series aggregates in memory (counts sum, gauges keep the last value, histograms accumulate buckets) and flushed periodically as OTLP/JSON to /i/v1/metrics — one data point per series per flush window, no matter how many calls. No OpenTelemetry SDK setup required:

    posthog.metrics.count('orders_created', 1)
    posthog.metrics.gauge('active_connections', 42)
    posthog.metrics.histogram('api_latency', 187, { unit: 'ms' })

    Configure via metrics: { serviceName, environment, flushIntervalMs, maxSeriesPerFlush, beforeSend, ... }. (2026-07-08)

Patch Changes

v1.398.7

Compare Source

1.398.7

Patch Changes
  • #​4113 45f17ee Thanks @​TueHaulund! - fix session replay leaking a shadow-root observer when a same-origin iframe is removed

    Follow-up to the shadow-observer iframe-teardown fix: takeFullSnapshot's onSerialize registers every shadow root with the top-level document, so a root nested in a same-origin iframe was keyed to the wrong document and its observer/buffer were not disconnected when that iframe was removed (they lingered until the next full snapshot). addShadowRoot now derives the owning document from the host element, so per-document teardown matches iframe-nested roots too. (2026-07-08)

v1.398.6

Compare Source

1.398.6

Patch Changes

v1.398.5

Compare Source

1.398.5

Patch Changes
  • #​4103 be8242a Thanks @​rafaeelaudibert! - Publish the code-split ESM toolbar bundle when the build emits one. The release tooling now recursively includes dist/toolbar/ (with explicit JS content types for the strict-MIME ESM chunks) across the immutable, major-alias, and compatibility upload prefixes, and the workflow accepts the canonical toolbar.js/toolbar.css layout. This is a no-op against today's single-file build.
    (2026-07-08)

v1.398.4

Compare Source

v1.398.3

Compare Source

1.398.3

Patch Changes
  • #​4112 38bb185 Thanks @​TueHaulund! - fix session replay silently dropping shadow DOM mutations after an iframe teardown

    The single shared ShadowDomManager observes every shadow root on the page, but MutationBuffer.reset() disconnected it. That reset fires whenever any one buffer is torn down, so an iframe being removed or navigating away disconnected every shadow-root observer page-wide. Shadow DOM content (for example a widget mounted in an open shadow root) then stopped recording until the next periodic full snapshot re-registered it. Buffer teardown now releases only its own resources; global shadow observation is reset by takeFullSnapshot and on recording stop. (2026-07-08)

v1.398.2

Compare Source

1.398.2

Patch Changes
  • #​4063 24aadd5 Thanks @​posthog! - Fix a RangeError: Maximum call stack size exceeded that could originate from the shared patch() fetch/XHR wrapper. posthog-js wraps window.fetch in two independent places (tracing headers and session-recording network capture), so their restores routinely ran out of order. Previously an out-of-order restore silently no-op'd, leaving the wrapper in the call path; repeated start/stop cycles grew the wrapper chain without bound until a real fetch walked a chain deep enough to overflow the stack. Wrappers now delegate through a mutable link so any layer can be torn down even when newer wrappers sit on top of it, keeping the chain bounded. Header-injection and network-capture behavior is unchanged.
    (2026-07-07)

  • #​4100 e250a24 Thanks @​marandaneto! - Stop adding the gzip compression query parameter to browser SDK requests.
    (2026-07-07)

  • #​4083 f07e241 Thanks @​posthog! - fix(replay): harden session-replay network capture so instrumentation that throws (e.g. new Request() rejecting a URL/method) degrades gracefully and never breaks or misattributes the host application's own xhr.open() / fetch() calls
    (2026-07-07)

v1.398.1

Compare Source

1.398.1

Patch Changes

v1.398.0

Compare Source

v1.397.0

Compare Source

1.397.0

Minor Changes
  • #​4089 cc340db Thanks @​bs1180! - feat(web): add a posthog-js/customizations subpath entry point exposing the optional customizations (setAllPersonProfilePropertiesAsPersonPropertiesForFlags, the before-send sampling helpers, and the redux/kea loggers) as a proper ES module with bundled types, replacing the internal posthog-js/lib/src/customizations deep import. Also fixes the TypeScript definitions so setAllPersonProfilePropertiesAsPersonPropertiesForFlags accepts the instance passed to the loaded callback (the documented usage), and the loaded callback's instance type now includes config.
    (2026-07-06)

v1.396.9

Compare Source

v1.396.8

Compare Source

1.396.8

Patch Changes
  • #​4062 2af0026 Thanks @​posthog! - fix(web): prevent an infinite-recursion stack overflow in the logs console capture. The console wrapper's own capture path can emit internal debug lines through PostHog's logger, which wrote back to the wrapped console and re-entered capture until the stack blew (RangeError: Maximum call stack size exceeded). The wrapper now exposes the original console method via __rrweb_original__ (so the internal logger bypasses it) and guards against re-entrancy from any code that logs mid-capture.
    (2026-07-06)

v1.396.7

Compare Source

v1.396.6

Compare Source

1.396.6

Patch Changes
  • #​4053 45d1b36 Thanks @​posthog! - feat(web): add a graceful shutdown() to the browser client for parity with posthog-node, so isomorphic teardown code (e.g. the Nuxt module) that calls posthog.shutdown() on the client no longer throws TypeError: shutdown is not a function. It best-effort flushes the queued events and always resolves.
    (2026-07-03)

  • #​4054 f0657eb Thanks @​posthog! - fix(web): detect our own feature-flag request timeouts via a timedOut flag instead of the abort reason, so they are logged at warn (not error) on browsers that don't propagate controller.abort(reason) — keeping benign timeouts out of error tracking's console-error capture
    (2026-07-03)

  • #​4031 94a0530 Thanks @​posthog! - Improve survey display reliability:

    • posthog-js: refresh the cached $surveys definitions after a short TTL (stale-while-revalidate) so server-side changes such as switching a survey from popover to API propagate to long-lived tabs without a page reload.
    • posthog-js: add posthog.surveys.markSurveyAsSeen(surveyId, { iteration }) so custom integrators that render surveys through their own backend can honour the "already seen" and wait-period checks.
    • posthog-react-native: guarantee the survey Modal notifies its parent on close even when iOS Modal.onDismiss fails to fire, so the transparent full-screen modal can no longer stay mounted intercepting touches and freezing the app. (2026-07-03)
  • Updated dependencies [45d1b36]:

v1.396.5

Compare Source

1.396.5

Patch Changes
  • #​4050 d7cf13b Thanks @​turnipdabeets! - Prevent uncaught getComputedStyle crashes in heatmaps and autocapture when the event target is a cross-realm element (e.g. from an iframe or synthetic event)
    (2026-07-02)
  • Updated dependencies [5e7e132]:

v1.396.4

Compare Source

1.396.4
Patch Changes
  • #​4035 18e543b Thanks @​posthog! - fix(web): isolate onFeatureFlags callbacks so a throwing user handler no longer breaks the remaining callback chain or gets misattributed as an SDK error
    (2026-07-01)

  • #​4039 15bcb42 Thanks @​github-actions! - fix(replay): measure $snapshot_bytes as UTF-8 byte length instead of UTF-16 string length, so non-ASCII session replay payloads are counted accurately against the message size limit
    (2026-07-01)

v1.396.3

Compare Source

1.396.3
Patch Changes
  • #​4020 e0ad8ef Thanks @​posthog! - Fix TypeError: ....at is not a function thrown by the bundled web-vitals dependency on browsers that predate Array.prototype.at() (Chrome <92, iOS Safari <15.4). The web-vitals entrypoints now install a tiny Array.prototype.at polyfill before web-vitals runs, so web vitals capture works again on older browsers instead of crashing with an unhandled error.
    (2026-06-30)

v1.396.2

Compare Source

1.396.2
Patch Changes
  • #​4003 b6261e7 Thanks @​marandaneto! - Include a Promise polyfill in the IE11 bundle and avoid Promise-dependent async compression paths when Promise support is unavailable.
    (2026-06-29)

v1.396.1

Compare Source

1.396.1
Patch Changes

v1.396.0

Compare Source

1.396.0
Minor Changes
  • #​3987 74cc6bb Thanks @​TueHaulund! - Add a get_current_url config option that overrides the URL used for client-side URL targeting — session replay URL triggers, the session replay URL blocklist, survey URL display conditions, product tour URL conditions, web experiment URL conditions, and autocapture URL allow/ignore lists. These match against window.location.href directly, which does not reflect a $current_url rewritten in before_send. Apps where the browser URL is not meaningful for targeting (e.g. Electron/desktop builds served from a generated host) can now return the logical URL to match against. Defaults to window.location.href when not set.
    (2026-06-29)
Patch Changes

v1.395.0

Compare Source

1.395.0

Minor Changes
  • #​3977 6200888 Thanks @​turnipdabeets! - Add getAllFeatureFlags(), which returns all currently loaded feature flags as structured FeatureFlagResults (key, enabled, variant, payload). It is a synchronous read of the cached flags and does not send a $feature_flag_called event.
    (2026-06-26)
Patch Changes

v1.394.0

Compare Source

1.394.0

Minor Changes
  • #​3986 919abca Thanks @​ioannisj! - Capture the $device_model super-property on Android Chromium via navigator.userAgentData.getHighEntropyValues(['model']). Resolved once during init and sent on subsequent events; opt out with disableDeviceModel: true.
    (2026-06-26)

v1.393.6

Compare Source

1.393.6

Patch Changes

v1.393.5

Compare Source

1.393.5

Patch Changes

v1.393.4

Compare Source

1.393.4

Patch Changes

v1.393.3

Compare Source

1.393.3

Patch Changes
  • #​3945 f94deaf Thanks @​ioannisj! - fix(surveys): guard handlePageUnload against version-skewed surveys instance missing the method
    (2026-06-24)

v1.393.2

Compare Source

1.393.2

Patch Changes
  • #​3944 1c9a811 Thanks @​ioannisj! - Stop logging a misleading "upgrade your PostHog server" warning for valid v2 flags responses that have no flags.
    (2026-06-24)

v1.393.1

Compare Source

1.393.1

Patch Changes
  • #​3919 99bad9c Thanks @​pauldambra! - Session replay network capture: add an opt-in streaming reader for request/response bodies that stops at the payload size limit instead of buffering the whole body and then discarding it — bounding memory and pre-request latency when a body is very large. It reads only a clone of the body, so it never consumes the stream the page itself reads, and always resolves (never rejects) into the page's fetch. Off by default; enabled for defaults: '2026-06-25' and settable directly via session_recording.streamNetworkBody.
    (2026-06-24)
  • Updated dependencies [99bad9c]:

v1.393.0

Compare Source

1.393.0

Minor Changes
  • #​3921 c28b161 Thanks @​marandaneto! - Add disable_capture_url_hashes to strip URL fragments from automatically captured URLs. It is disabled by default for backwards compatibility, and enabled automatically when config.defaults is '2026-06-25' or later. Enabling it (either explicitly or via the '2026-06-25' defaults) is a breaking behavior change for SPAs that rely on URL hashes for routing or analytics, because hash-based routes will be collapsed to the same URL without the fragment in fields such as $current_url, $initial_current_url, $session_entry_url, autocapture $elements[*].attr__href, $external_click_url, replay href URLs, heatmaps, web vitals $current_url, logs url.full, conversations current_url/request_url, or Next.js Pages Router $pageview $current_url.

    If you only want to capture some hashes, leave hash capture enabled and use before_send to remove or redact sensitive hash values before events are sent. (2026-06-23)

Patch Changes

v1.392.0

Compare Source

1.392.0

Minor Changes
  • #​3895 ce528ed Thanks @​turnipdabeets! - Console log auto-capture (logs: { captureConsoleLogs: true }) now flows through the same pipeline as posthog.captureLog(), posthog.logger.*, and PostHog's other SDKs, instead of OpenTelemetry. As a result:

    • the bundled OpenTelemetry dependencies are removed, shrinking the lazily-loaded logs chunk
    • auto-captured console logs now run through logs.beforeSend (the same hook as captureLog/logger.*), so you can redact or drop sensitive console output before it's sent. To treat console logs differently from manual logs, branch on the record's log.source attribute: auto-captured console logs set it to console.<method> (e.g. console.error), while manual captureLog/logger.* logs leave it unset
    • console logs now link to the person's profile: they carry the person id as posthogDistinctId, the attribute PostHog uses to associate logs with a person (docs). The old path used distinct_id, which isn't used for person linking by default, so console logs previously didn't appear on person profiles unless you'd configured a custom key.

    Console logs keep their posthog-browser-logs service.name, their console instrumentation scope, and their log.source: console.<level> attribute.

    As part of moving onto the shared pipeline, console records now use PostHog's standard log field names — the same ones programmatic web logs and other SDKs use, and the ones the Logs UI surfaces. For the fields below the values are unchanged — only the attribute names/locations differ:

    • distinct_idposthogDistinctId (record attribute)
    • location.hrefurl.full (record attribute; same value — the page URL)
    • session.id (resource attribute) → sessionId (record attribute) — renamed and moved
    • host and window.id move from resource attributes to record attributes (names unchanged)
    • records also now carry the standard SDK context shared by other logs, including feature_flags

    For most projects this needs no action — these are already the canonical log fields. The only thing to update is a saved Logs query or dashboard built specifically on an old console attribute name, for example:

    • attributes.distinct_idattributes.posthogDistinctId
    • attributes.location.hrefattributes.url.full
    • resource.attributes.session.idattributes.sessionId
    • resource.attributes.host / resource.attributes.window.idattributes.host / attributes.window.id (2026-06-22)
Patch Changes

v1.391.9

Compare Source

1.391.9

Patch Changes
  • #​3922 26aa9ba Thanks @​posthog! - Exception autocapture: posthog-js's own fetch timeout now aborts with an explicit, descriptive reason (PostHog request timed out after <n>ms) instead of a reason-less DOMException: AbortError: signal is aborted without reason. This keeps name === 'AbortError' so existing timeout handling (e.g. feature flag timeout detection) is unchanged, but makes our own timeouts identifiable and stops them being re-captured as noise by console-error exception autocapture.
    (2026-06-22)

v1.391.8

Compare Source

1.391.8

Patch Changes

v1.391.7

Compare Source

1.391.7

Patch Changes
  • #​3914 dac4edb Thanks @​pauldambra! - Session replay network capture: redact credential-bearing headers on both request and response (previously only request), and match credential-shaped custom header names by substring (e.g. x-gist-encoded-user-token) in addition to the exact deny list - avoiding accidental capture of tokens/cookies in recordings.
    (2026-06-22)

v1.391.6

Compare Source

1.391.6

Patch Changes

v1.391.5

Compare Source

1.391.5

Patch Changes
  • #​3915 beaccc3 Thanks @​pauldambra! - Session replay: apply the existing base64 image size cap (maxBase64ImageLength) to SVG <image> elements with data: URIs on both href and xlink:href. Previously the cap only covered <img> elements, so large inline data URIs inside SVGs were recorded in full - this also covers them in mutations, replacing oversized ones with the striped placeholder.
    (2026-06-22)

v1.391.4

Compare Source

1.391.4

Patch Changes
  • #​3913 ee9f2a8 Thanks @​pauldambra! - Session replay network capture: expand the default payload host deny list to skip third-party analytics, RUM, and session-replay telemetry whose payloads have no replay value - Datadog, Segment, RudderStack, Amplitude, Mixpanel, Hotjar (both .com and .io), and FullStory. Also covers both Google Analytics beacon hosts (google-analytics.com, plus analytics.google.com which gtag uses when Google Signals is enabled) and widens New Relic to nr-data.net.
    (2026-06-22)

v1.391.3

Compare Source

1.391.3

Patch Changes
  • #​3909 ab4a220 Thanks @​marandaneto! - Avoid style-src-attr CSP violations when diffing rrweb style mutations.
    (2026-06-22)

  • #​3912 78ac40c Thanks @​pauldambra! - Session replay network capture: never record binary/asset response or request bodies (image, video, audio, font, octet-stream, pdf, zip, wasm) even when recordBody is enabled - they bloat recordings, duplicate what the replay already shows, and the body is no longer read.
    (2026-06-22)

v1.391.2

Compare Source

1.391.2

Patch Changes

v1.391.1

Compare Source

1.391.1

Patch Changes
  • #​3899 d090a7c Thanks @​lucasheriques! - Surveys: re-check eligibility when a popover's display delay elapses, instead of only re-checking the URL.

    A survey with a display delay could be queued while a visitor was still anonymous (the targeting flag passed for the anonymous profile), and then displayed after the delay even though identify() had reloaded feature flags and the survey's internal targeting flag was now false for the identified profile (e.g. a "show once per user" survey the person had already dismissed). The delayed display now re-runs the full display predicate (eligibility, URL/device/selector conditions, event/action trigger, and feature flags) before rendering, so a survey that became ineligible during the delay is no longer shown. Pending delayed surveys are also cancelled promptly when a later evaluation cycle finds them ineligible. (2026-06-19)

v1.391.0

Compare Source

1.391.0

Minor Changes
  • #​3885 5392a55 Thanks @​pauldambra! - feat(replay): capture canvas at reduced resolution

    Adds session_recording.canvasCapture.resolutionScale - a (0, 1] fraction of the canvas display size to capture replay frames at. The captured bitmap is downscaled (pixel-area savings are quadratic) while the canvas's true display size is still recorded, so playback stretches the smaller frame back to the correct dimensions and aspect ratio - only sharpness drops, never layout. It defaults to 1 (full resolution, matching today's behaviour), and the latest defaults bundle (2026-05-30) opts new installs into 0.6.

    The canvas's true display size travels with each frame through the encode worker (as required message fields), so the encoded reply is always drawn back to the correct dimensions — no per-canvas state is retained on the main thread, and downscaling can never mislabel a canvas's dimensions. At full resolution the captured pixels are unchanged (the quality resampling hint is only applied when actually downscaling); the emitted drawImage now always uses the explicit destination-size form, which is pixel-equivalent on replay.

    Mechanically, @posthog/rrweb's canvas FPS-snapshot observer takes an optional canvasResolutionScale record option and downscales each captured frame accordingly. (2026-06-19)

Patch Changes

v1.390.2

Compare Source

1.390.2

Patch Changes
  • #​3868 a5dd54a Thanks @​pauldambra! - fix(replay): scope the session-recording flushed-size tracker to the session

    $sdk_debug_replay_flushed_size was stored as a single device-global value in persistence and only reset on an in-page session rotation, so it leaked across page loads and tabs and over-counted on returning visitors. The tracker now keys the running total to the current session id, so a new session starts from zero and a fresh load reading an ongoing session sees the correct total.

    The internal persistence key backing this counter ($sess_rec_flush_size) was also unintentionally attached to every captured event as a super-property; it is now marked hidden so it no longer ships on events. The value remains available on session-replay debug events as $sdk_debug_replay_flushed_size. (2026-06-17)

v1.390.1

Compare Source

v1.390.0

Compare Source

1.390.0

Minor Changes
  • #​3869 81b79fb Thanks @​turnipdabeets! - Add a beforeSend option to the logs config, so you can inspect, redact, or drop log records before they're sent:

    posthog.init('<token>', {
        logs: {
            beforeSend: (log) => {
                // return null to drop the log, or return the (optionally modified) log to keep it
                if (log.body.includes('password')) {
                    return null
                }
                return log
            },
        },
    })

    beforeSend accepts a single function or an array of functions (applied left to right); returning null from any of them drops the record. It runs for logs sent via both posthog.captureLog() and posthog.logger.*. (2026-06-17)

Patch Changes

v1.389.1

Compare Source

1.389.1

Patch Changes

v1.389.0

Compare Source

v1.388.2

Compare Source

v1.388.1

Compare Source

1.388.1

Patch Changes

v1.388.0

Compare Source

1.388.0
Minor Changes
Patch Changes

v1.387.0

Compare Source

1.387.0

Minor Changes
  • #​3709 c6c163a Thanks @​posthog! - Add unsetPersonProperties() to remove person properties, the counterpart to setPersonProperties(). Previously the only way to unset a person property was to hand-pass a $unset array inside a capture() call.
    (2026-06-16)
Patch Changes
  • #​3756 b3ec845 Thanks @​archievi! - Drop the event and log a warning when a before_send hook removes the token property, instead of silently sending an event that ingest rejects with a 401.
    (2026-06-16)

  • #​3860 c9c7df1 Thanks @​marandaneto! - Add $unset to capture options and pass it through in browser capture payloads.
    (2026-06-16)

  • #​3855 fadaa4f Thanks @​haacked! - Stop sending the ip query parameter on feature flag requests. The flags endpoint ignores it, and some ad blockers match /flags…ip= to block flag evaluation on any domain. Dropping it from flag requests avoids the block with no functional change. Event and session recording requests are unchanged.
    (2026-06-16)

  • #​3830 0d837f5 Thanks @​dustinbyrne! - Avoid reloading exception and dead-click autocapture external scripts when they are already present.
    (2026-06-16)

  • #​3853 f95a0ec Thanks @​TueHaulund! - Capture native Fullscreen API transitions in session replay. Entering native fullscreen (element.requestFullscreen()) is rendered by the browser via the UA :fullscreen pseudo-class with no DOM mutation, so the recorder previously captured nothing and replays showed the element at its pre-fullscreen size with drifted click coordinates. The recorder now emits a reserved custom event on fullscreenchange (standard plus webkit/moz/MS prefixes), and the replayer re-applies fullscreen layout to the element on playback (including when scrubbing into a fullscreen region) via a reserved rr_fullscreen attribute, consistent with rrweb's existing rr_* attribute namespace.

    Known limitation: fullscreen of an element inside a same-origin iframe is recorded against the <iframe> element rather than the inner element, so replay pins the iframe. (2026-06-16)

  • Updated dependencies [b3ec845, c9c7df1, c6c163a]:

v1.386.8

Compare Source

1.386.8
Patch Changes
  • #​3838 3094f73 Thanks @​TueHaulund! - fix(replay): discard the prior session's buffer when start() bails out a pending stop(). On a stopSessionRecording() → reset() → identify(newUser) → startSessionRecording() sequence, stopSessionRecording() takes the async compression-drain path, deferring its buffer flush and teardown. start() correctly invalidates that pending cleanup so the new recorder survives, but it left the stopped session's snapshot buffer in place. The re-entrant session-id restart then flushed those previous-user snapshots under the OLD session id, producing a mixed-distinct_id session that server-side any(distinct_id) attribution resolves to the wrong person — recordings showing the previous user's identity. start() now clears that stale buffer alongside invalidating the compression queue, matching the drop-trailing-data trade-off the bailed-out stop() path already accepts.
    (2026-06-15)

v1.386.7

Compare Source

v1.386.6

Compare Source

1.386.6

Patch Changes
  • #​3804 a27b163 Thanks @​pauldambra! - fix(product-tours): drop the cached tours blob when product tours is not enabled

    Tours fetched while product tours was enabled are cached under ph_product_tours in the main persistence blob. Once product tours is disabled (remote config or the disable_product_tours option) that cache was never cleaned up, so a potentially large stale blob kept riding on every persistence write — and on every cross-tab storage event those writes broadcast. onRemoteConfig now clears the cached tours whenever product tours resolves to disabled; they are re-fetched if it is ever re-enabled. (2026-06-11)

v1.386.5

Compare Source

1.386.5

Patch Changes
  • #​3801 bd06ac7 Thanks @​ksvat! - fix(replay): prevent silent recorder teardown on session-id rotation. When the session id rotates during active rrweb capture, _updateWindowAndSessionIds calls stop() then synchronously start('session_id_changed'). If stop() took the _stopAfterCompressionQueueDrains path (which fires whenever the compression queue is non-empty — common during steady recording), its async cleanup would later resolve and call _teardown() against the freshly-started recorder, stopping rrweb, removing event listeners, and emptying the V2 trigger-group matchers. From that point on, the recorder's status getter kept reporting active/sampled (the _strategy reference was still set), but rrweb was no longer producing events, no listeners were registered, and no $snapshot data reached the server — the session looked recording-eligible from event metadata yet produced no replay. start() now invalidates the compression-queue state (generation bump plus reset of the stop-in-progress flag and queued-event count), so any pending cleanup from a prior stop() bails at its existing generation check and a later stop() of the new recorder is not mistaken for the old in-progress one. Affects long-running tabs that rotate session id mid-use (idle timeout, session-past-max-length, or posthog.reset()).
    (2026-06-11)

v1.386.4

Compare Source

1.386.4

Patch Changes
  • #​3767 fdc07f3 Thanks @​arnohillen! - replay: jump scrolls instantly when seeking past pages that use scroll-behavior: smooth. During fast-forward the replayer applied scrolls with behavior: 'auto', which inherits the page's CSS scroll-behavior — so on sites that set scroll-behavior: smooth (e.g. Silk bottom sheets/modals) a seeked scroll animated from 0 instead of jumping, leaving scroll-revealed content (the open sheet) out of view and showing only the backdrop until the animation caught up. Sync scrolls now use `

Note

PR body was truncated to here.


Configuration

📅 Schedule: (in timezone Europe/Berlin)

  • Branch creation
    • Between 08:00 AM and 05:59 PM, Monday through Friday (* 8-17 * * 1-5)
  • Automerge
    • Between 08:00 AM and 05:59 PM, Monday through Friday (* 8-17 * * 1-5)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the Renovate label May 22, 2026
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented May 22, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
launchpad cb87169 Commit Preview URL

Branch Preview URL
Jul 08 2026, 11:08 PM

@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch from 42478cb to f251cc4 Compare May 22, 2026 19:56
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.375.0 chore(deps): update dependency posthog-js to v1.376.0 May 22, 2026
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.376.0 chore(deps): update dependency posthog-js to v1.376.2 May 26, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch 2 times, most recently from 6b7755f to 1cab717 Compare May 27, 2026 18:17
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.376.2 chore(deps): update dependency posthog-js to v1.376.3 May 27, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch from 1cab717 to 213b568 Compare May 28, 2026 13:58
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.376.3 chore(deps): update dependency posthog-js to v1.376.4 May 29, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch from 213b568 to 97e061a Compare May 29, 2026 02:45
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.376.4 chore(deps): update dependency posthog-js to v1.376.5 May 31, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch 2 times, most recently from f27c7c2 to 2e586c6 Compare June 1, 2026 03:30
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.376.5 chore(deps): update dependency posthog-js to v1.376.6 Jun 1, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch from 2e586c6 to 4476dd5 Compare June 13, 2026 18:31
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.376.6 chore(deps): update dependency posthog-js to v1.386.6 Jun 13, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch from 4476dd5 to 19f1f85 Compare June 15, 2026 13:01
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.386.6 chore(deps): update dependency posthog-js to v1.386.8 Jun 15, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch from 19f1f85 to b460fd9 Compare June 16, 2026 18:40
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.386.8 chore(deps): update dependency posthog-js to v1.387.0 Jun 16, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch from b460fd9 to 82ab376 Compare June 17, 2026 18:04
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.387.0 chore(deps): update dependency posthog-js to v1.390.0 Jun 17, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch from 82ab376 to a73ee33 Compare June 18, 2026 01:12
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.390.0 chore(deps): update dependency posthog-js to v1.390.2 Jun 18, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch 2 times, most recently from 04a5f21 to 40be235 Compare June 19, 2026 12:45
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.390.2 chore(deps): update dependency posthog-js to v1.391.0 Jun 19, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch from 40be235 to 682b1f4 Compare June 19, 2026 18:54
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.391.0 chore(deps): update dependency posthog-js to v1.391.2 Jun 19, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch from bb5f626 to f01f36b Compare June 25, 2026 14:14
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.393.4 chore(deps): update dependency posthog-js to v1.393.5 Jun 25, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch from f01f36b to 9e00d46 Compare June 26, 2026 14:03
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.393.5 chore(deps): update dependency posthog-js to v1.393.6 Jun 26, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch from 9e00d46 to f0db7c0 Compare June 26, 2026 21:14
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.393.6 chore(deps): update dependency posthog-js to v1.395.0 Jun 26, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch from f0db7c0 to 6cfb125 Compare June 29, 2026 10:55
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.395.0 chore(deps): update dependency posthog-js to v1.396.1 Jun 29, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch from 6cfb125 to 2079aca Compare June 29, 2026 18:12
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.396.1 chore(deps): update dependency posthog-js to v1.396.2 Jun 29, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch from 2079aca to b50b37b Compare June 30, 2026 19:00
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.396.2 chore(deps): update dependency posthog-js to v1.396.3 Jun 30, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch from b50b37b to c6a5826 Compare July 1, 2026 22:51
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.396.3 chore(deps): update dependency posthog-js to v1.396.4 Jul 1, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch from c6a5826 to 72c9f12 Compare July 2, 2026 17:52
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.396.4 chore(deps): update dependency posthog-js to v1.396.5 Jul 2, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch from 72c9f12 to a7dfd85 Compare July 3, 2026 14:34
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.396.5 chore(deps): update dependency posthog-js to v1.396.6 Jul 3, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch from a7dfd85 to 9dc2b9e Compare July 6, 2026 09:10
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.396.6 chore(deps): update dependency posthog-js to v1.396.7 Jul 6, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch from 9dc2b9e to 21b5bb3 Compare July 6, 2026 18:13
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.396.7 chore(deps): update dependency posthog-js to v1.396.9 Jul 6, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch from 21b5bb3 to 71ad502 Compare July 6, 2026 22:02
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.396.9 chore(deps): update dependency posthog-js to v1.398.0 Jul 6, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch from 71ad502 to 7ef27b3 Compare July 7, 2026 16:53
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.398.0 chore(deps): update dependency posthog-js to v1.398.1 Jul 7, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch from 7ef27b3 to 89b0130 Compare July 7, 2026 22:45
@renovate renovate Bot changed the title chore(deps): update dependency posthog-js to v1.398.1 chore(deps): update dependency posthog-js to v1.398.2 Jul 7, 2026
@renovate renovate Bot force-pushed the renovate/posthog-js-1.x-lockfile branch from 89b0130 to 469f1d3 Compare July 8, 2026 11:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants