Skip to content

chore(deps): bump posthog-js from 1.359.1 to 1.372.10#181

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/posthog-js-1.372.10
Open

chore(deps): bump posthog-js from 1.359.1 to 1.372.10#181
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/posthog-js-1.372.10

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 11, 2026

Bumps posthog-js from 1.359.1 to 1.372.10.

Release notes

Sourced from posthog-js's releases.

posthog-js@1.372.10

1.372.10

Patch Changes

  • #3544 d120042 Thanks @​ksvat! - fix: stop session recording before destroying sessionManager in opt_out_capturing() with cookieless_mode: "on_reject". Previously, queued/throttled rrweb events (e.g. mousemove) could fire after the sessionManager was set to undefined and throw [SessionRecording] must be started with a valid sessionManager. Also adds a defensive early-return in onRRwebEmit so any remaining late events bail out instead of throwing. (2026-05-07)

  • #3542 94a5ba0 Thanks @​TueHaulund! - Preserve <style> textContent when the browser's CSSOM serialization would emit empty longhands from var() inside a shorthand. When a stylesheet has e.g. padding: var(--p); padding-bottom: var(--pb);, browsers store the shorthand's longhands with empty token lists per the CSS Custom Properties spec, and CSSStyleRule.cssText re-emits them as padding-top: ; padding-right: ; padding-left: ;. The previous behavior replaced the <style> text with that corrupted output, silently dropping layout rules on replay. We now detect the empty-longhand pattern and keep the original textContent in that case. Affects users of any CSS-in-JS framework that combines var() with shorthands (Chakra UI v3, Panda CSS, Emotion, etc.). Same class of bug as rrweb-io/rrweb#1667. (2026-05-07)

  • Updated dependencies []:

    • @​posthog/types@​1.372.10
    • @​posthog/core@​1.28.4

posthog-js@1.372.9

1.372.9

Patch Changes

  • #3537 026e09d Thanks @​TueHaulund! - Pull in the canvas-manager fix from @posthog/rrweb 0.0.61: skip canvas snapshots while the WebGL context is lost so transparent bitmaps don't poison the worker's fingerprint dedup map and silently kill canvas recording for the rest of the session. Also wraps getCanvas() in try/catch so DOM/shadow-root traversal errors can't cancel the rAF loop. See PR #3527 for context. (2026-05-05)
  • Updated dependencies []:
    • @​posthog/types@​1.372.9
    • @​posthog/core@​1.28.3

posthog-js@1.372.8

1.372.8

Patch Changes

posthog-js@1.372.7

... (truncated)

Commits
  • 550b3bd chore: update versions and lockfile [version bump]
  • 94a5ba0 fix(replay): preserve <style> textContent on var-shorthand CSS (#3542)
  • d120042 fix(replay): stop rrweb before destroying sessionManager on cookieless opt-ou...
  • 38accb9 chore: update versions and lockfile [version bump]
  • ece3097 fix(release): publish @​posthog/next with catch-up changeset (#3543)
  • b431d10 chore: update versions and lockfile [version bump]
  • 6b23fd3 feat(llma): unify provider sanitisation under a generic binary content redact...
  • 58cb972 chore: update versions and lockfile [version bump]
  • eb546b4 fix: next/pages server-only components from being imported in the client (#3533)
  • fac0f9e chore: update versions and lockfile [version bump]
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump posthog-js from 1.359.1 to 1.372.10
adbff37 
Bumps [posthog-js](https://github.com/PostHog/posthog-js) from 1.359.1 to 1.372.10.
- [Release notes](https://github.com/PostHog/posthog-js/releases)
- [Changelog](https://github.com/PostHog/posthog-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/PostHog/posthog-js/compare/posthog-js@1.359.1...posthog-js@1.372.10)

---
updated-dependencies:
- dependency-name: posthog-js
  dependency-version: 1.372.10
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants