chore(deps): update dependency posthog-js to v1.393.0

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
posthog-js (source)	1.374.4 → 1.393.0

---

Release Notes

PostHog/posthog-js (posthog-js)

v1.393.0

Compare Source

1.393.0

Minor Changes

• #​3921 c28b161 Thanks @​marandaneto! - Add disable_capture_url_hashes to strip URL fragments from automatically captured URLs. It is disabled by default for backwards compatibility, and enabled automatically when config.defaults is '2026-06-25' or later. Enabling it (either explicitly or via the '2026-06-25' defaults) is a breaking behavior change for SPAs that rely on URL hashes for routing or analytics, because hash-based routes will be collapsed to the same URL without the fragment in fields such as $current_url, $initial_current_url, $session_entry_url, autocapture $elements[*].attr__href, $external_click_url, replay href URLs, heatmaps, web vitals $current_url, logs url.full, conversations current_url/request_url, or Next.js Pages Router $pageview $current_url.

  If you only want to capture some hashes, leave hash capture enabled and use before_send to remove or redact sensitive hash values before events are sent. (2026-06-23)

Patch Changes

• Updated dependencies [c28b161]:
  • @​posthog/core@​1.36.0
  • @​posthog/types@​1.391.0

v1.392.0

Compare Source

1.392.0

Minor Changes

• #​3895 ce528ed Thanks @​turnipdabeets! - Console log auto-capture (logs: { captureConsoleLogs: true }) now flows through the same pipeline as posthog.captureLog(), posthog.logger.*, and PostHog's other SDKs, instead of OpenTelemetry. As a result:

  • the bundled OpenTelemetry dependencies are removed, shrinking the lazily-loaded logs chunk
  • auto-captured console logs now run through logs.beforeSend (the same hook as captureLog/logger.*), so you can redact or drop sensitive console output before it's sent. To treat console logs differently from manual logs, branch on the record's log.source attribute: auto-captured console logs set it to console.<method> (e.g. console.error), while manual captureLog/logger.* logs leave it unset
  • console logs now link to the person's profile: they carry the person id as posthogDistinctId, the attribute PostHog uses to associate logs with a person (docs). The old path used distinct_id, which isn't used for person linking by default, so console logs previously didn't appear on person profiles unless you'd configured a custom key.

  Console logs keep their posthog-browser-logs service.name, their console instrumentation scope, and their log.source: console.<level> attribute.

  As part of moving onto the shared pipeline, console records now use PostHog's standard log field names — the same ones programmatic web logs and other SDKs use, and the ones the Logs UI surfaces. For the fields below the values are unchanged — only the attribute names/locations differ:

  • distinct_id → posthogDistinctId (record attribute)
  • location.href → url.full (record attribute; same value — the page URL)
  • session.id (resource attribute) → sessionId (record attribute) — renamed and moved
  • host and window.id move from resource attributes to record attributes (names unchanged)
  • records also now carry the standard SDK context shared by other logs, including feature_flags

  For most projects this needs no action — these are already the canonical log fields. The only thing to update is a saved Logs query or dashboard built specifically on an old console attribute name, for example:

  • attributes.distinct_id → attributes.posthogDistinctId
  • attributes.location.href → attributes.url.full
  • resource.attributes.session.id → attributes.sessionId
  • resource.attributes.host / resource.attributes.window.id → attributes.host / attributes.window.id (2026-06-22)

Patch Changes

• Updated dependencies [ce528ed]:
  • @​posthog/core@​1.35.4

v1.391.9

Compare Source

1.391.9

Patch Changes

• #​3922 26aa9ba Thanks @​posthog! - Exception autocapture: posthog-js's own fetch timeout now aborts with an explicit, descriptive reason (PostHog request timed out after <n>ms) instead of a reason-less DOMException: AbortError: signal is aborted without reason. This keeps name === 'AbortError' so existing timeout handling (e.g. feature flag timeout detection) is unchanged, but makes our own timeouts identifiable and stops them being re-captured as noise by console-error exception autocapture.
  (2026-06-22)

v1.391.8

Compare Source

1.391.8

Patch Changes

• #​3908 1fce04f Thanks @​marandaneto! - Apply CSP stylesheet preparation hook to Product Tours styles.
  (2026-06-22)

v1.391.7

Compare Source

1.391.7

Patch Changes

• #​3914 dac4edb Thanks @​pauldambra! - Session replay network capture: redact credential-bearing headers on both request and response (previously only request), and match credential-shaped custom header names by substring (e.g. x-gist-encoded-user-token) in addition to the exact deny list - avoiding accidental capture of tokens/cookies in recordings.
  (2026-06-22)

v1.391.6

Compare Source

v1.391.5

Compare Source

v1.391.4

Compare Source

1.391.4

Patch Changes

• #​3913 ee9f2a8 Thanks @​pauldambra! - Session replay network capture: expand the default payload host deny list to skip third-party analytics, RUM, and session-replay telemetry whose payloads have no replay value - Datadog, Segment, RudderStack, Amplitude, Mixpanel, Hotjar (both .com and .io), and FullStory. Also covers both Google Analytics beacon hosts (google-analytics.com, plus analytics.google.com which gtag uses when Google Signals is enabled) and widens New Relic to nr-data.net.
  (2026-06-22)

v1.391.3

Compare Source

1.391.3

Patch Changes

• #​3909 ab4a220 Thanks @​marandaneto! - Avoid style-src-attr CSP violations when diffing rrweb style mutations.
  (2026-06-22)

• #​3912 78ac40c Thanks @​pauldambra! - Session replay network capture: never record binary/asset response or request bodies (image, video, audio, font, octet-stream, pdf, zip, wasm) even when recordBody is enabled - they bloat recordings, duplicate what the replay already shows, and the body is no longer read.
  (2026-06-22)

v1.391.2

Compare Source

1.391.2

Patch Changes

• #​3903 6b21f77 Thanks @​marandaneto! - Validate custom event UUID overrides and generate new UUIDs when invalid.
  (2026-06-19)
• Updated dependencies [6b21f77]:
  • @​posthog/core@​1.35.3
  • @​posthog/types@​1.390.2

v1.391.1

Compare Source

1.391.1

Patch Changes

• #​3899 d090a7c Thanks @​lucasheriques! - Surveys: re-check eligibility when a popover's display delay elapses, instead of only re-checking the URL.

  A survey with a display delay could be queued while a visitor was still anonymous (the targeting flag passed for the anonymous profile), and then displayed after the delay even though identify() had reloaded feature flags and the survey's internal targeting flag was now false for the identified profile (e.g. a "show once per user" survey the person had already dismissed). The delayed display now re-runs the full display predicate (eligibility, URL/device/selector conditions, event/action trigger, and feature flags) before rendering, so a survey that became ineligible during the delay is no longer shown. Pending delayed surveys are also cancelled promptly when a later evaluation cycle finds them ineligible. (2026-06-19)

v1.391.0

Compare Source

1.391.0

Minor Changes

• #​3885 5392a55 Thanks @​pauldambra! - feat(replay): capture canvas at reduced resolution

  Adds session_recording.canvasCapture.resolutionScale - a (0, 1] fraction of the canvas display size to capture replay frames at. The captured bitmap is downscaled (pixel-area savings are quadratic) while the canvas's true display size is still recorded, so playback stretches the smaller frame back to the correct dimensions and aspect ratio - only sharpness drops, never layout. It defaults to 1 (full resolution, matching today's behaviour), and the latest defaults bundle (2026-05-30) opts new installs into 0.6.

  The canvas's true display size travels with each frame through the encode worker (as required message fields), so the encoded reply is always drawn back to the correct dimensions — no per-canvas state is retained on the main thread, and downscaling can never mislabel a canvas's dimensions. At full resolution the captured pixels are unchanged (the quality resampling hint is only applied when actually downscaling); the emitted drawImage now always uses the explicit destination-size form, which is pixel-equivalent on replay.

  Mechanically, @posthog/rrweb's canvas FPS-snapshot observer takes an optional canvasResolutionScale record option and downscales each captured frame accordingly. (2026-06-19)

Patch Changes

• Updated dependencies [5392a55]:
  • @​posthog/types@​1.390.1

v1.390.2

Compare Source

1.390.2

Patch Changes

• #​3868 a5dd54a Thanks @​pauldambra! - fix(replay): scope the session-recording flushed-size tracker to the session

  $sdk_debug_replay_flushed_size was stored as a single device-global value in persistence and only reset on an in-page session rotation, so it leaked across page loads and tabs and over-counted on returning visitors. The tracker now keys the running total to the current session id, so a new session starts from zero and a fresh load reading an ongoing session sees the correct total.

  The internal persistence key backing this counter ($sess_rec_flush_size) was also unintentionally attached to every captured event as a super-property; it is now marked hidden so it no longer ships on events. The value remains available on session-replay debug events as $sdk_debug_replay_flushed_size. (2026-06-17)

v1.390.1

Compare Source

v1.390.0

Compare Source

1.390.0

Minor Changes

• #​3869 81b79fb Thanks @​turnipdabeets! - Add a beforeSend option to the logs config, so you can inspect, redact, or drop log records before they're sent:

  posthog.init('<token>', {
      logs: {
          beforeSend: (log) => {
              // return null to drop the log, or return the (optionally modified) log to keep it
              if (log.body.includes('password')) {
                  return null
              }
              return log
          },
      },
  })

  beforeSend accepts a single function or an array of functions (applied left to right); returning null from any of them drops the record. It runs for logs sent via both posthog.captureLog() and posthog.logger.*. (2026-06-17)

Patch Changes

• Updated dependencies [81b79fb]:
  • @​posthog/types@​1.390.0

v1.389.1

Compare Source

1.389.1

Patch Changes

• #​3875 43b4137 Thanks @​marandaneto! - Limit retries for transport failures without an HTTP response.
  (2026-06-17)

v1.389.0

Compare Source

v1.388.2

Compare Source

v1.388.1

Compare Source

1.388.1

Patch Changes

• #​3851 5c453cd Thanks @​marandaneto! - Apply CSP nonce preparation hooks to style and script elements appended by site apps.
  (2026-06-17)

v1.388.0

Compare Source

1.388.0

Minor Changes

• #​3863 b6bc9be Thanks @​marandaneto! - Add autocapture-only CSS selector opt-outs for web interactions.
  (2026-06-17)

Patch Changes

• Updated dependencies [b6bc9be]:
  • @​posthog/types@​1.388.0

v1.387.0

Compare Source

1.387.0

Minor Changes

• #​3709 c6c163a Thanks @​posthog! - Add unsetPersonProperties() to remove person properties, the counterpart to setPersonProperties(). Previously the only way to unset a person property was to hand-pass a $unset array inside a capture() call.
  (2026-06-16)

Patch Changes

• #​3756 b3ec845 Thanks @​archievi! - Drop the event and log a warning when a before_send hook removes the token property, instead of silently sending an event that ingest rejects with a 401.
  (2026-06-16)

• #​3860 c9c7df1 Thanks @​marandaneto! - Add $unset to capture options and pass it through in browser capture payloads.
  (2026-06-16)

• #​3855 fadaa4f Thanks @​haacked! - Stop sending the ip query parameter on feature flag requests. The flags endpoint ignores it, and some ad blockers match /flags…ip= to block flag evaluation on any domain. Dropping it from flag requests avoids the block with no functional change. Event and session recording requests are unchanged.
  (2026-06-16)

• #​3830 0d837f5 Thanks @​dustinbyrne! - Avoid reloading exception and dead-click autocapture external scripts when they are already present.
  (2026-06-16)

• #​3853 f95a0ec Thanks @​TueHaulund! - Capture native Fullscreen API transitions in session replay. Entering native fullscreen (element.requestFullscreen()) is rendered by the browser via the UA :fullscreen pseudo-class with no DOM mutation, so the recorder previously captured nothing and replays showed the element at its pre-fullscreen size with drifted click coordinates. The recorder now emits a reserved custom event on fullscreenchange (standard plus webkit/moz/MS prefixes), and the replayer re-applies fullscreen layout to the element on playback (including when scrubbing into a fullscreen region) via a reserved rr_fullscreen attribute, consistent with rrweb's existing rr_* attribute namespace.

  Known limitation: fullscreen of an element inside a same-origin iframe is recorded against the <iframe> element rather than the inner element, so replay pins the iframe. (2026-06-16)

• Updated dependencies [b3ec845, c9c7df1, c6c163a]:

  • @​posthog/core@​1.33.0
  • @​posthog/types@​1.387.0

v1.386.8

Compare Source

1.386.8

Patch Changes

• #​3838 3094f73 Thanks @​TueHaulund! - fix(replay): discard the prior session's buffer when start() bails out a pending stop(). On a stopSessionRecording() → reset() → identify(newUser) → startSessionRecording() sequence, stopSessionRecording() takes the async compression-drain path, deferring its buffer flush and teardown. start() correctly invalidates that pending cleanup so the new recorder survives, but it left the stopped session's snapshot buffer in place. The re-entrant session-id restart then flushed those previous-user snapshots under the OLD session id, producing a mixed-distinct_id session that server-side any(distinct_id) attribution resolves to the wrong person — recordings showing the previous user's identity. start() now clears that stale buffer alongside invalidating the compression queue, matching the drop-trailing-data trade-off the bailed-out stop() path already accepts.
  (2026-06-15)

v1.386.7

Compare Source

v1.386.6

Compare Source

1.386.6

Patch Changes

• #​3804 a27b163 Thanks @​pauldambra! - fix(product-tours): drop the cached tours blob when product tours is not enabled

  Tours fetched while product tours was enabled are cached under ph_product_tours in the main persistence blob. Once product tours is disabled (remote config or the disable_product_tours option) that cache was never cleaned up, so a potentially large stale blob kept riding on every persistence write — and on every cross-tab storage event those writes broadcast. onRemoteConfig now clears the cached tours whenever product tours resolves to disabled; they are re-fetched if it is ever re-enabled. (2026-06-11)

v1.386.5

Compare Source

1.386.5

Patch Changes

• #​3801 bd06ac7 Thanks @​ksvat! - fix(replay): prevent silent recorder teardown on session-id rotation. When the session id rotates during active rrweb capture, _updateWindowAndSessionIds calls stop() then synchronously start('session_id_changed'). If stop() took the _stopAfterCompressionQueueDrains path (which fires whenever the compression queue is non-empty — common during steady recording), its async cleanup would later resolve and call _teardown() against the freshly-started recorder, stopping rrweb, removing event listeners, and emptying the V2 trigger-group matchers. From that point on, the recorder's status getter kept reporting active/sampled (the _strategy reference was still set), but rrweb was no longer producing events, no listeners were registered, and no $snapshot data reached the server — the session looked recording-eligible from event metadata yet produced no replay. start() now invalidates the compression-queue state (generation bump plus reset of the stop-in-progress flag and queued-event count), so any pending cleanup from a prior stop() bails at its existing generation check and a later stop() of the new recorder is not mistaken for the old in-progress one. Affects long-running tabs that rotate session id mid-use (idle timeout, session-past-max-length, or posthog.reset()).
  (2026-06-11)

v1.386.4

Compare Source

1.386.4

Patch Changes

• #​3767 fdc07f3 Thanks @​arnohillen! - replay: jump scrolls instantly when seeking past pages that use scroll-behavior: smooth. During fast-forward the replayer applied scrolls with behavior: 'auto', which inherits the page's CSS scroll-behavior — so on sites that set scroll-behavior: smooth (e.g. Silk bottom sheets/modals) a seeked scroll animated from 0 instead of jumping, leaving scroll-revealed content (the open sheet) out of view and showing only the backdrop until the animation caught up. Sync scrolls now use behavior: 'instant', matching the method's stated intent that smooth scrolling be disabled while fast-forwarding. Full snapshot rebuilds apply their initial offset with behavior: 'instant' too, so the document-level scroll doesn't animate either.
  (2026-06-11)

v1.386.3

Compare Source

1.386.3

Patch Changes

• #​3760 5ddfd44 Thanks @​benben! - fix(conversations): re-attach the support widget after SPA navigations that replace document.body (e.g. Turbo Drive), so the widget no longer disappears until a full page reload
  (2026-06-11)

• #​3690 dbf2377 Thanks @​pauldambra! - fix(sessionid): keep the session id stable across tabs

  A session now rotates only when every tab has been idle past the timeout, rather than whenever a single background tab decides it is idle. On the active event path an idle tab re-reads the session id from storage before rotating: if a sibling tab kept the session alive it does not rotate, and if a sibling already rotated it adopts that id instead of minting a new one. This removes spurious cross-tab session fragmentation (inflated session counts, truncated session durations, split replays). When a sibling session is adopted, onSessionId handlers fire with changeReason.crossTabAdoption: true so session recording, pageview state, and session-scoped properties follow the new session. When persistence_save_debounce_ms > 0 (the 2026-05-30 default) the refresh reads only the session-id key so it cannot clobber a sibling's write.

  Note: projects with significant multi-tab usage will see fewer but longer sessions after upgrading — this is a correction of previously over-counted sessions, not a traffic change. (2026-06-11)

• #​3795 21441a8 Thanks @​pauldambra! - fix(persistence): stop per-request metadata rewriting the split-storage entries on every load

  $feature_flag_evaluated_at, $feature_flag_request_id, and $surveys_loaded_at change on every /flags (or /surveys) load even when the flag and survey content is unchanged. With split_storage enabled that made the multi-hundred-KB __flags / __surveys localStorage entries dirty on every SPA navigation, re-broadcasting the full payload to every open same-origin tab via cross-tab storage events — the exact pressure the split exists to remove. These keys are now marked volatile: a value-only change neither dirties the group nor alters its fingerprint, so the write is skipped and the freshest value rides along on the next real content write. Adding or deleting a volatile key still writes through (presence is fingerprinted, the moving value is not), and the in-memory value is always current — only the on-disk copy may lag until the next content change. (2026-06-11)

• Updated dependencies [dbf2377]:

  • @​posthog/types@​1.386.3
  • @​posthog/core@​1.32.3

v1.386.2

Compare Source

1.386.2

Patch Changes

• Updated dependencies [25822ac]:
  • @​posthog/core@​1.32.2
  • @​posthog/types@​1.386.2

v1.386.1

Compare Source

v1.386.0

Compare Source

1.386.0

Minor Changes

• #​3634 612f97a Thanks @​lucasheriques! - feat(surveys): add opt-in appearance.allowGoBack for multi-question surveys, and make button labels translatable

  Renders a "Back" button on web surveys after the first question. Default is off — existing surveys are unchanged. Uses a visited-index history stack so back-navigation respects branching paths (response_based, specific_question), and abandoned-branch responses are pruned before submission so analytics aren't polluted. Returning to a question pre-fills the prior answer. appearance.backButtonText overrides the default label. The button uses the survey's text color so it stays readable on any background, and it also shows in survey previews.

  Also adds submitButtonText and backButtonText to survey-level translations, so both the submit and back button labels can be localized via appearance translations (previously only the per-question button text was translatable). (2026-06-10)

Patch Changes

• Updated dependencies [612f97a]:
  • @​posthog/core@​1.32.0
  • @​posthog/types@​1.386.0

v1.385.0

Compare Source

1.385.0

Minor Changes

• #​3777 f601c49 Thanks @​dustinbyrne! - Promote external dependency script versioning to supported strict_script_versioning and asset_host config options.
  (2026-06-10)

Patch Changes

• #​3753 c11794d Thanks @​dustinbyrne! - Reload feature flags by default when resetting person properties for flags.
  (2026-06-10)

• #​3742 23b2af1 Thanks @​arnohillen! - record: capture resting scroll offset on scrollend when a reveal scroll clamps to 0 before its target is scrollable (e.g. Silk sheets). Deduped against scroll so normal gestures don't double event volume.
  (2026-06-10)

• Updated dependencies [c11794d, f601c49]:

  • @​posthog/types@​1.385.0
  • @​posthog/core@​1.31.4

v1.384.3

Compare Source

1.384.3

Patch Changes

• #​3791 2d21ada Thanks @​marandaneto! - Deprecate __preview_disable_beacon in favor of disable_beacon and mark __preview_disable_xhr_credentials as a no-op.
  (2026-06-10)
• Updated dependencies [2d21ada]:
  • @​posthog/types@​1.384.3
  • @​posthog/core@​1.31.3

v1.384.2

Compare Source

1.384.2

Patch Changes

• #​3789 d9462b3 Thanks @​marandaneto! - Deprecate __preview_eager_load_replay as a no-op now that session replay lazy loading is the default.
  (2026-06-10)
• Updated dependencies [d9462b3]:
  • @​posthog/types@​1.384.2
  • @​posthog/core@​1.31.2

v1.384.1

Compare Source

1.384.1

Patch Changes

• #​3787 0e22d77 Thanks @​TueHaulund! - replayer: stop corrupting recordings when events are added behind the playhead. addEvent() used to apply any event older than the playback baseline synchronously onto the current DOM — correct for live-mode catch-up, but wrong for on-demand playback where snapshot chunks can finish loading after the user has seeked ahead. Applying those past mutations onto a DOM at a different position made their removes fail mirror lookups, and applyMutation then deleted the failed entries from the event objects themselves, so every later seek rebuilt from corrupted data (DOM nodes accumulating, e.g. duplicated text) and exports serialized the stripped events. Past events are now only applied synchronously in live mode (otherwise they are just inserted for the next seek to pick up), and applyMutation filters removes into a local copy instead of mutating the event data.
  (2026-06-10)
• Updated dependencies []:
  • @​posthog/types@​1.384.1
  • @​posthog/core@​1.31.1

v1.384.0

Compare Source

v1.383.3

Compare Source

1.383.3

Patch Changes

• #​3776 783ba46 Thanks @​marandaneto! - Deprecate the no-op __preview_flags_v2 browser SDK config option. The SDK already uses the /flags/?v=2 endpoint by default.
  (2026-06-09)
• Updated dependencies [783ba46]:
  • @​posthog/types@​1.383.3
  • @​posthog/core@​1.30.14

v1.383.2

Compare Source

1.383.2

Patch Changes

• #​3748 7820929 Thanks @​marandaneto! - Reduce duplicate internal code found by dry4ts.
  (2026-06-09)
• Updated dependencies []:
  • @​posthog/types@​1.383.2
  • @​posthog/core@​1.30.13

v1.383.1

Compare Source

1.383.1

Patch Changes

• #​3770 e481b0c Thanks @​dustinbyrne! - Respect capture_pageview: false when opting out in cookieless on_reject mode.
  (2026-06-08)
• Updated dependencies []:
  • @​posthog/types@​1.383.1
  • @​posthog/core@​1.30.12

v1.383.0

Compare Source

1.383.0

Minor Changes

• #​3771 227c9b0 Thanks @​dustinbyrne! - feat(persistence): add split_storage config option to store the feature-flag config cluster in its own localStorage entry (<name>__flags) instead of the single main persistence blob. This payload is large and changes rarely, so keeping it out of the main blob stops it riding on every high-frequency main-blob write and broadcasting on cross-tab storage events. Reads are unchanged: on load the entry is merged back into the in-memory props, and the old main-blob location is read once and migrated forward so upgrades never miss a cached flag. The split only applies when persistence resolves to localStorage / localStorage+cookie (it is pointless for memory / sessionStorage and impossible for cookie), and reset() / opt-out wipe every entry. Defaults to false for backwards compatibility; the new 2026-05-30 config default opts in automatically.
  (2026-06-08)

• #​3727 393f9e2 Thanks @​pauldambra! - feat(surveys): extend split_storage to also move the survey config ($surveys) out of the main persistence blob into its own <name>__surveys localStorage entry, on top of the feature-flag split. Surveys now stamp a $surveys_loaded_at freshness timestamp on every /surveys load — the survey analogue of $feature_flag_evaluated_at — so a stale __surveys entry can no longer win over a fresher survey payload written back into the main blob by a gate-off / older-SDK tab. With no timestamp on either side (migration leftover) the group entry still wins, so the migration path is unchanged. Same backend and reset() / opt-out semantics as the flag split.
  (2026-06-08)

Patch Changes

• Updated dependencies [227c9b0, 393f9e2]:
  • @​posthog/types@​1.383.0
  • @​posthog/core@​1.30.11

v1.382.0

Compare Source

1.382.0

Minor Changes

• #​3749 9877710 Thanks @​pauldambra! - Stop classifying intentional repeated clicks as rageclicks. From the 2026-05-30 config defaults, rageclick detection now ignores:

  • text-editing surfaces (textarea, text-like inputs, and contenteditable elements), where rapid clicks are double/triple-click text selection rather than rage (rageclick.ignore_text_selection)
  • +/- stepper buttons, added to the default content_ignorelist

  Symbol-only keywords in content_ignorelist (e.g. +, -, >, <) now match the element's text exactly instead of as a substring, so labels like sign-up, 5 > 3, or C++ are no longer treated as repeatedly-clicked controls. The heatmaps rageclick marker now applies the same suppression as the $rageclick event.

  A partial rageclick config object is now merged with the date-gated defaults instead of replacing them, so e.g. rageclick: { threshold_px: 50 } keeps the default content_ignorelist / ignore_text_selection. Pass an explicit value (e.g. content_ignorelist: false) to override a specific default, or a boolean to opt out entirely.

  Behaviour change for existing content_ignorelist: true users (available since 2025-11-30): the default list already includes > and <. After this release, buttons whose text contains > or < but is not exactly that symbol (e.g. Learn more >, < Back, home > settings) will no longer be suppressed. Bare > and < buttons remain suppressed. This is the intended fix, but if you rely on the old substring behaviour for those keywords, replace content_ignorelist: true with an explicit array listing the exact terms you want to suppress. (2026-06-06)

Patch Changes

• Updated dependencies []:
  • @​posthog/types@​1.382.0
  • @​posthog/core@​1.30.10

v1.381.0

Compare Source

1.381.0

Minor Changes

• #​3719 a7bd828 Thanks @​lricoy! - Add __preview_cookie_wins_on_conflict opt-in config to prefer cookie values over localStorage when merging persistence state in localStorage+cookie mode, fixing cross-subdomain identify and session disconnects.
  (2026-06-05)

Patch Changes

• Updated dependencies [a7bd828]:
  • @​posthog/types@​1.381.0
  • @​posthog/core@​1.30.9

v1.380.1

Compare Source

1.380.1

Patch Changes

• #​3743 ced0039 Thanks @​robbie-c! - fix(surveys): stop the survey CSS from using :has(.survey-question:empty), which crashes some WebKit builds during text-node style invalidation while a survey renders. The empty-header margin tweak now keys off a JS-set question-header--empty class and a sibling selector instead.
  (2026-06-05)
• Updated dependencies []:
  • @​posthog/types@​1.380.1
  • @​posthog/core@​1.30.8

v1.380.0

Compare Source

1.380.0

Minor Changes

• #​3715 2387084 Thanks @​dustinbyrne! - Promote browser tracing header configuration to the public tracing_headers option while keeping addTracingHeaders and __add_tracing_headers as deprecated aliases.
  (2026-06-04)

Patch Changes

• #​3715 2387084 Thanks @​dustinbyrne! - When using tracing headers, X-POSTHOG-DISTINCT-ID is read at request time instead of when fetch/XHR is patched, ensuring it reflects bootstrap, identify, reset, and other identity changes.
  (2026-06-04)
• Updated dependencies [2387084]:
  • @​posthog/types@​1.380.0
  • @​posthog/core@​1.30.7

v1.379.3

Compare Source

1.379.3

Patch Changes

• #​3741 32de5d2 Thanks @​clr182! - logs: the console-log integration now respects opt_out_capturing() — it checks is_capturing() before emitting, so log events stop on opt-out (and resume on opt-in).
  (2026-06-04)
• Updated dependencies []:
  • @​posthog/types@​1.379.3
  • @​posthog/core@​1.30.6

v1.379.2

Compare Source

1.379.2

Patch Changes

• #​3736 374962a Thanks @​arnohillen! - replay: re-apply scroll positions after fast-forward/seek. Scrolls applied mid-catch-up could clamp to 0 when the target wasn't scrollable yet (e.g. scroll-revealed sheets/modals whose content sits below the fold), leaving the content scrolled out of view on replay. The last scroll per node is now re-applied in the flush stage once layout has settled. posthog-js is bumped too so the rebuilt bundle containing the fix is published.
  (2026-06-03)
• Updated dependencies []:
  • @​posthog/types@​1.379.2
  • @​posthog/core@​1.30.5

v1.379.1

Compare Source

1.379.1

Patch Changes

• #​3570 4a27ced Thanks @​gruessi! - fix(record): release iframe documents and observers on iframe removal — same-origin iframes mounted and unmounted while session recording is active no longer leak their Document, every node serialized into the mirror, or one MutationObserver per mount. Closes eight retainer chains: load-listener disposers, named pagehide handlers, the recordCrossOriginIframes cleanup gate (now applied to same-origin too), captured Document / Window sets that survive iframe.src swap-to-about:blank before removal, and the global mutationBuffers[] / handlers[] arrays which previously accumulated forever. Validated end-to-end: a host page that mounts/unmounts 5 blob-URL iframes every 2s for 110s went from +118 MB / +390 leaked HTMLDocuments to ~0 MB / 0.
  (2026-06-03)

• #​3717 1688b38 Thanks @​turnipdabeets! - Move the OpenTelemetry logs dependencies to devDependencies. They are only used to build the CDN-served `log

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (in timezone Europe/Berlin)

• Branch creation
  • Between 08:00 AM and 05:59 PM, Monday through Friday (* 8-17 * * 1-5)
• Automerge
  • Between 08:00 AM and 05:59 PM, Monday through Friday (* 8-17 * * 1-5)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	launchpad	38dcb7b	Commit Preview URL Branch Preview URL	Jun 23 2026, 03:46 PM