Skip to content

build(deps): Bump posthog-node from 5.40.0 to 5.41.0#497

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/posthog-node-5.41.0
Open

build(deps): Bump posthog-node from 5.40.0 to 5.41.0#497
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/posthog-node-5.41.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps posthog-node from 5.40.0 to 5.41.0.

Release notes

Sourced from posthog-node's releases.

posthog-node@5.41.0

5.41.0

Minor Changes

  • #4105 203284a Thanks @​eli-r-ph! - Add opt-in Capture V1 support. Set the POSTHOG_CAPTURE_MODE=v1 environment variable to submit analytics events to the Capture V1 endpoint (/i/v1/analytics/events) instead of the legacy /batch/ endpoint, on both the batched and immediate send paths. The default remains v0, so existing behavior is unchanged unless you opt in. Opt-in is env-var-only during the transition (no public option), so nothing on the API surface has to be removed when v1 later becomes the default.

    Capture V1 uses Bearer auth, lifts legacy $-sentinel properties into a typed options object, and does per-event partial retry with exponential backoff clamped against Retry-After. Dropped and undelivered events are surfaced on the client error channel as a CaptureV1Error. $ai_* events continue to use the legacy submitter for now, regardless of the capture mode.

    In v1 mode, $ai_* events are routed to an isolated in-memory queue and flushed independently of the Capture V1 queue, so the two transports never share a batch and a failure on one cannot re-send events already accepted on the other. Each queue keeps its own retry/durability semantics: the legacy queue re-queues on network failure (retrying on later flushes), while the V1 queue exhausts the sender's own attempt budget per cycle and then surfaces the failure rather than re-queuing. (2026-07-11)

Patch Changes

  • Updated dependencies [203284a]:
    • @​posthog/core@​1.40.2
Changelog

Sourced from posthog-node's changelog.

5.41.0

Minor Changes

  • #4105 203284a Thanks @​eli-r-ph! - Add opt-in Capture V1 support. Set the POSTHOG_CAPTURE_MODE=v1 environment variable to submit analytics events to the Capture V1 endpoint (/i/v1/analytics/events) instead of the legacy /batch/ endpoint, on both the batched and immediate send paths. The default remains v0, so existing behavior is unchanged unless you opt in. Opt-in is env-var-only during the transition (no public option), so nothing on the API surface has to be removed when v1 later becomes the default.

    Capture V1 uses Bearer auth, lifts legacy $-sentinel properties into a typed options object, and does per-event partial retry with exponential backoff clamped against Retry-After. Dropped and undelivered events are surfaced on the client error channel as a CaptureV1Error. $ai_* events continue to use the legacy submitter for now, regardless of the capture mode.

    In v1 mode, $ai_* events are routed to an isolated in-memory queue and flushed independently of the Capture V1 queue, so the two transports never share a batch and a failure on one cannot re-send events already accepted on the other. Each queue keeps its own retry/durability semantics: the legacy queue re-queues on network failure (retrying on later flushes), while the V1 queue exhausts the sender's own attempt budget per cycle and then surfaces the failure rather than re-queuing. (2026-07-11)

Patch Changes

  • Updated dependencies [203284a]:
    • @​posthog/core@​1.40.2
Commits
  • d7f7c8e chore: update versions and lockfile [version bump]
  • 203284a refactor(core): extract sendBatch seam for capture pluggability (#4105)
  • d0e531a fix(core): coalesce concurrent flushes (#4120)
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [posthog-node](https://github.com/PostHog/posthog-js/tree/HEAD/packages/node) from 5.40.0 to 5.41.0.
- [Release notes](https://github.com/PostHog/posthog-js/releases)
- [Changelog](https://github.com/PostHog/posthog-js/blob/main/packages/node/CHANGELOG.md)
- [Commits](https://github.com/PostHog/posthog-js/commits/posthog-node@5.41.0/packages/node)

---
updated-dependencies:
- dependency-name: posthog-node
  dependency-version: 5.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 13, 2026
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedposthog-node@​5.40.0 ⏵ 5.41.091 -310079 +1100100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants