build(deps): bump posthog-js from 1.372.5 to 1.376.4 in /frontend

[dependabot]

Bumps posthog-js from 1.372.5 to 1.376.4.

Release notes

Sourced from posthog-js's releases.

posthog-js@1.376.4

1.376.4

Patch Changes

• #3685 f59f35a Thanks @​ioannisj! - fix(cookieless): enable request queue when opting out in on_reject mode. When using cookieless_mode: "on_reject", calling opt_out_capturing() correctly switched the SDK into cookieless capturing but never enabled the RequestQueue — so batched events were enqueued but never flushed over the network. At init time the queue was not started because consent was PENDING and is_capturing() returned false; opt_out_capturing() is the first moment capturing becomes active but was missing the _start_queue_if_opted_in() call that opt_in_capturing() already had. (2026-05-28)

• #3692 f01cd93 Thanks @​ksvat! - fix(replay): take a fresh full snapshot after session ID rotates via forcedIdleReset. Previously, when the session manager's idle enforcement timer rotated the session id, the recorder tore down rrweb and set _isIdle = 'unknown' before the new session id was observed. Neither restart path then fired (the _onSessionIdCallback guard only restarted when _isIdle === true, and _updateWindowAndSessionIds could not run with rrweb stopped), so the new session received only incremental mutations until a later snapshot — leaving the player stuck on "Buffering". The restart guard now also fires when rrweb isn't running. (2026-05-28)

• #3691 cc71f3f Thanks @​ksvat! - fix(replay): ship ph-no-capture absolute-position fix from #3678 to posthog-js. The original changeset only bumped @posthog/rrweb and @posthog/rrweb-snapshot; because posthog-js depends on @posthog/rrweb via workspace:*, the cascade did not bump posthog-js, so the rebuilt bundle containing the fix was not published. This changeset re-publishes posthog-js with the fix. (2026-05-28)

• #3695 e1ff722 Thanks @​ksvat! - chore(replay): expose $sdk_debug_rrweb_attached and $sdk_debug_rrweb_start_attempted debug properties on captured events. Today the SDK already stamps several $sdk_debug_* properties (start reason, linked-flag trigger status, recording status) that report the SDK's intent to record — they all flip to "active" as soon as the state machine evaluates the configured triggers. None of them observe whether rrweb actually attached and is producing events. The new booleans close that gap: $sdk_debug_rrweb_start_attempted is set when _startRecorder() is first entered, and $sdk_debug_rrweb_attached reflects whether _stopRrweb is currently a non-falsy stop handle (i.e. rrwebRecord({...}) returned successfully and the recorder has not been torn down). No behavior change — this only adds two booleans to the existing sdkDebugProperties channel, used to diagnose cases where a session reports trigger_activated / recording_status: active but no $snapshot data is ever uploaded. (2026-05-28)

• Updated dependencies [7b84b75]:

  • @​posthog/core@​1.29.13
  • @​posthog/types@​1.376.4

posthog-js@1.376.3

1.376.3

Patch Changes

• #3649 9cac1f6 Thanks @​marandaneto! - Improve console log serialization performance for large objects. (2026-05-27)
• Updated dependencies []:
  • @​posthog/types@​1.376.3
  • @​posthog/core@​1.29.12

posthog-js@1.376.2

1.376.2

Patch Changes

• #3667 cafa9cc Thanks @​pauldambra! - fix(replay): stop polling preload-as-style <link> elements forever. Session recorder treated <link rel="preload" as="style" href="*.css"> as if it were a stylesheet and waited for link.sheet to populate. Per spec preload links never instantiate a CSSStyleSheet, so the wait timed out, re-serialized the link, scheduled another wait, and leaked a load listener on every cycle — multiplying further on every real load event. Pages with Next.js-style CSS preloads accumulated thousands of active polling chains, saturating the main thread and freezing the tab on refocus (2026-05-26)
• Updated dependencies []:
  • @​posthog/types@​1.376.2
  • @​posthog/core@​1.29.11

posthog-js@1.376.1

1.376.1

Patch Changes

• Updated dependencies [5568f12]:
  • @​posthog/core@​1.29.10
  • @​posthog/types@​1.376.1

... (truncated)

Commits

• a122070 chore: update versions and lockfile [version bump]
• 714ffa5 fix(convex): register refresh cron unconditionally (#3684)
• e1ff722 fix(replay): add debugging logs for recorder (#3695)
• f01cd93 fix(replay): fix idle session rotation race condition (#3692)
• e05aea5 fix(core): stop leaking DOM globals into public type surface (#3693)
• f59f35a fix(cookieless): enable request queue when opting out in on_reject mode (#3685)
• cc71f3f chore(replay): bump posthog-js (#3691)
• 7b84b75 fix: unify capture exception (#3681)
• 8ade9cb feat(mcp): scaffold @​posthog/mcp package (1/2) (#3652)
• 4b1231f chore: update versions and lockfile [version bump]
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)