chore(deps)(deps): bump the bun-minor-and-patch group across 1 directory with 22 updates

[dependabot]

Bumps the bun-minor-and-patch group with 21 updates in the / directory:

Package	From	To
eslint	10.2.0	10.4.0
typescript-eslint	8.59.3	8.60.0
hono	4.12.18	4.12.23
posthog-node	5.33.7	5.35.6
@types/bun	1.3.13	1.3.14
mongodb-memory-server	11.1.0	11.2.0
@hookform/resolvers	5.2.2	5.4.0
@tanstack/react-query	5.100.10	5.100.14
framer-motion	12.38.0	12.40.0
i18next	26.1.0	26.3.0
posthog-js	1.373.2	1.376.4
react-hook-form	7.75.0	7.76.1
react-i18next	17.0.7	17.0.8
react-router	7.15.0	7.16.0
react-router-dom	7.15.0	7.16.0
zustand	5.0.13	5.0.14
@types/react	19.2.14	19.2.15
@vitejs/plugin-react	6.0.1	6.0.2
@vitest/coverage-v8	4.1.6	4.1.7
vite	8.0.12	8.0.14
vitest	4.1.6	4.1.7

Updates eslint from 10.2.0 to 10.4.0

Release notes

Sourced from eslint's releases.

v10.4.0

Features

• 1a45ec5 feat: check sequence expressions in for-direction (#20701) (kuldeep kumar)
• 450040b feat: add includeIgnoreFile() to eslint/config (#20735) (Kirk Waiblinger)

Bug Fixes

• 544c0c3 fix: escape code path DOT labels in debug output (#20866) (Pixel998)
• 6799431 fix: update dependency @​eslint/config-helpers to ^0.6.0 (#20850) (renovate[bot])
• f078fef fix: handle non-array deprecated rule replacements (#20825) (xbinaryx)

Documentation

• 7e52a71 docs: add mention of @eslint-react/eslint-plugin (#20869) (Pavel)
• db3468b docs: tweak wording around ambiguous CJS-vs-ESM config (#20865) (Kirk Waiblinger)
• 9084664 docs: Update README (GitHub Actions Bot)
• 9cc7387 docs: Update README (GitHub Actions Bot)
• 3d7b548 docs: Update README (GitHub Actions Bot)
• 191ec3c docs: Update README (GitHub Actions Bot)

Chores

• 6616856 chore: upgrade knip to v6 (#20875) (Pixel998)
• d13b084 ci: ensure auto-created PRs run CI (#20860) (lumir)
• e71c7af ci: bump pnpm/action-setup from 6.0.5 to 6.0.7 (#20862) (dependabot[bot])
• d84393d test: add unit tests for SuppressionsService.applySuppressions() (#20863) (kuldeep kumar)
• 24db8cb test: add tests for SuppressionsService.save() (#20802) (kuldeep kumar)
• 2ef0549 chore: update ecosystem plugins (#20857) (github-actions[bot])
• a429791 ci: remove eslint-webpack-plugin types integration test (#20668) (Milos Djermanovic)
• 9e37386 chore: replace recast with range approach in code-sample-minimizer (#20682) (Copilot)
• 0dd1f9f test: disable warning for vm.constants.USE_MAIN_CONTEXT_DEFAULT_LOADER (#20845) (Francesco Trotta)
• 9da3c7b refactor: remove deprecated meta.language and migrate meta.dialects (#20716) (Pixel998)
• 2099ed1 refactor: add meta.defaultOptions to more rules, enable linting (#20800) (xbinaryx)
• f1dfbc9 chore: update ecosystem plugins (#20836) (github-actions[bot])
• c759413 ci: bump pnpm/action-setup from 6.0.3 to 6.0.5 (#20843) (dependabot[bot])
• 5b817d6 test: add unit tests for lib/shared/ast-utils (#20838) (kuldeep kumar)
• 1c13ae3 test: add unit tests for lib/shared/severity (#20835) (kuldeep kumar)

v10.3.0

Features

• 379571a feat: add suggestions for no-unused-private-class-members (#20773) (sethamus)

Bug Fixes

• b6ae5cf fix: handle unavailable require cache (#20812) (Simon Podlipsky)
• 6fb3685 fix: rule suggestions cause continuation in class body (#20787) (Milos Djermanovic)

Documentation

• 32cc7ab docs: fix typos in docs and comments (#20809) (Tanuj Kanti)
• 7f47937 docs: Update README (GitHub Actions Bot)

Chores

• d32235e ci: use pnpm in eslint-flat-config-utils type integration test (#20826) (Francesco Trotta)
• 3ffb14e chore: clean up typos in comments and JSDoc (#20821) (Pixel998)

... (truncated)

Commits

• 452c401 10.4.0
• b6417e8 Build: changelog update for 10.4.0
• 6616856 chore: upgrade knip to v6 (#20875)
• d13b084 ci: ensure auto-created PRs run CI (#20860)
• 7e52a71 docs: add mention of @eslint-react/eslint-plugin (#20869)
• e71c7af ci: bump pnpm/action-setup from 6.0.5 to 6.0.7 (#20862)
• 544c0c3 fix: escape code path DOT labels in debug output (#20866)
• db3468b docs: tweak wording around ambiguous CJS-vs-ESM config (#20865)
• d84393d test: add unit tests for SuppressionsService.applySuppressions() (#20863)
• 9084664 docs: Update README
• Additional commits viewable in compare view

Updates typescript-eslint from 8.59.3 to 8.60.0

Release notes

Sourced from typescript-eslint's releases.

v8.60.0

8.60.0 (2026-05-25)

🚀 Features

• rule-tester: added updates of RuleTester from upstream (#12291)

🩹 Fixes

• playground TS version selector is not working (#12326, #12325)

❤️ Thank You

• Evyatar Daud @​StyleShit
• Vinccool96

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.4

8.59.4 (2026-05-18)

🩹 Fixes

• eslint-plugin: [no-floating-promises] stack overflow when using recursive types (#12294)
• project-service: throw error cause in getParsedConfigFileFromTSServer (#12321)
• typescript-eslint: export Compatible* types from typescript-eslint to resolve pnpm TS error (#12340)

❤️ Thank You

• Evyatar Daud @​StyleShit
• Kirk Waiblinger @​kirkwaiblinger
• lumir

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.60.0 (2026-05-25)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.4 (2026-05-18)

🩹 Fixes

• typescript-eslint: export Compatible* types from typescript-eslint to resolve pnpm TS error (#12340)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• f891c29 chore(release): publish 8.60.0
• ca6ca14 chore(release): publish 8.59.4
• 4b927c6 fix(typescript-eslint): export Compatible* types from typescript-eslint to re...
• See full diff in compare view

Updates hono from 4.12.18 to 4.12.23

Release notes

Sourced from hono's releases.

v4.12.23

What's Changed

• fix(serve-static): normalize all backslashes in file paths, not just the first in honojs/hono#4962
• feat(context): export the Context class publicly by @​BlankParticle in honojs/hono#4543
• docs(contribution): add AI Usage Policy by @​yusukebe in honojs/hono#4970
• feat(compress): add contentTypeFilter option and COMPRESSIBLE_CONTENT_TYPE_REGEX re-export by @​na-trium-144 in honojs/hono#4961
• fix(utils/ipaddr): do not compress a single 0 group to :: by @​yusukebe in honojs/hono#4971

Full Changelog: honojs/hono@v4.12.22...v4.12.23

v4.12.22

What's Changed

• chore: update vitest to v4 and cleanups by @​BlankParticle in honojs/hono#4952
• fix(mime): specify charset parameter per MIME type instead of mechanical detection by @​renatograsso10 in honojs/hono#4912
• fix(compress): respect Accept-Encoding when encoding option is set by @​LeSingh1 in honojs/hono#4951
• fix(deno): echo negotiated WebSocket subprotocol in upgrade response by @​ATOM00blue in honojs/hono#4955
• feat: add msgpack as a compressible content type by @​na-trium-144 in honojs/hono#4957

New Contributors

• @​renatograsso10 made their first contribution in honojs/hono#4912
• @​LeSingh1 made their first contribution in honojs/hono#4951
• @​ATOM00blue made their first contribution in honojs/hono#4955
• @​na-trium-144 made their first contribution in honojs/hono#4957

Full Changelog: honojs/hono@v4.12.21...v4.12.22

v4.12.21

Security fixes

This release includes fixes for the following security issues:

app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths

Affects: app.mount(). Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3

IP Restriction bypasses static deny rules for non-canonical IPv6

Affects: hono/ip-restriction. Fixes IP address comparison using string equality, where non-canonical IPv6 representations of a denied address — such as compressed forms or hex-notation IPv4-mapped addresses — could bypass static deny rules. GHSA-xrhx-7g5j-rcj5

Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection

Affects: hono/cookie. Fixes missing validation of sameSite and priority options against injection characters (;, \r, \n), where user-controlled input passed to either option could inject additional attributes into the Set-Cookie response header. GHSA-3hrh-pfw6-9m5x

JWT middleware accepts any Authorization scheme, not only Bearer

Affects: hono/jwt, hono/jwk. Fixes missing scheme validation in the Authorization header, where any two-part header value was accepted regardless of the scheme name, allowing non-Bearer schemes to pass JWT authentication. GHSA-f577-qrjj-4474

---

Users who use app.mount(), hono/ip-restriction, hono/cookie, or hono/jwt/hono/jwk are encouraged to upgrade to this version.

... (truncated)

Commits

• 83bfb3b 4.12.23
• bcd290a fix(utils/ipaddr): do not compress a single 0 group to :: (#4971)
• c968177 feat(compress): add contentTypeFilter option and `COMPRESSIBLE_CONTENT_TYPE_R...
• 0265a54 docs(contribution): add AI Usage Policy (#4970)
• c84c5d2 feat(context): export the Context class publicly (#4543)
• 82dad62 fix(serve-static): normalize all backslashes in file paths, not just the firs...
• 2f01b77 4.12.22
• 6bc0dff feat: add msgpack as a compressible content type (#4957)
• 7e0555d fix(deno): echo negotiated WebSocket subprotocol in upgrade response (#4955)
• f0ed246 fix(compress): respect Accept-Encoding when encoding option is set (#4951)
• Additional commits viewable in compare view

Updates posthog-node from 5.33.7 to 5.35.6

Release notes

Sourced from posthog-node's releases.

posthog-node@5.35.6

5.35.6

Patch Changes

• #3681 7b84b75 Thanks @​ablaszkiewicz! - unify captureException in posthog core (2026-05-28)
• Updated dependencies [7b84b75]:
  • @​posthog/core@​1.29.13

posthog-node@5.35.5

5.35.5

Patch Changes

• Updated dependencies []:
  • @​posthog/core@​1.29.12

posthog-node@5.35.4

5.35.4

Patch Changes

• Updated dependencies []:
  • @​posthog/core@​1.29.11

posthog-node@5.35.3

5.35.3

Patch Changes

• Updated dependencies [5568f12]:
  • @​posthog/core@​1.29.10

posthog-node@5.35.2

5.35.2

Patch Changes

• #3658 5d7a2d3 Thanks @​gustavohstrassburger! - Include group context in the $feature_flag_called deduplication key in _captureFlagCalledEventIfNeeded, so events fire independently per group combination. (2026-05-25)

posthog-node@5.35.1

5.35.1

Patch Changes

• Updated dependencies [c806cca]:
  • @​posthog/core@​1.29.9

... (truncated)

Changelog

Sourced from posthog-node's changelog.

5.35.6

Patch Changes

• #3681 7b84b75 Thanks @​ablaszkiewicz! - unify captureException in posthog core (2026-05-28)
• Updated dependencies [7b84b75]:
  • @​posthog/core@​1.29.13

5.35.5

Patch Changes

• Updated dependencies []:
  • @​posthog/core@​1.29.12

5.35.4

Patch Changes

• Updated dependencies []:
  • @​posthog/core@​1.29.11

5.35.3

Patch Changes

• Updated dependencies [5568f12]:
  • @​posthog/core@​1.29.10

5.35.2

Patch Changes

• #3658 5d7a2d3 Thanks @​gustavohstrassburger! - Include group context in the $feature_flag_called deduplication key in _captureFlagCalledEventIfNeeded, so events fire independently per group combination. (2026-05-25)

5.35.1

Patch Changes

• Updated dependencies [c806cca]:
  • @​posthog/core@​1.29.9

5.35.0

Minor Changes

• #3642 18ea8b5 Thanks @​dustinbyrne! - Promote feature flag definition cache provider types to the main posthog-node export and deprecate posthog-node/experimental imports. (2026-05-21)

... (truncated)

Commits

• a122070 chore: update versions and lockfile [version bump]
• 7b84b75 fix: unify capture exception (#3681)
• 727ddcf chore: update versions and lockfile [version bump]
• e5a89ac chore: update versions and lockfile [version bump]
• 55b3c42 chore: update versions and lockfile [version bump]
• 1d0daf0 chore: update versions and lockfile [version bump]
• 5d7a2d3 fix(node): fire separate $feature_flag_called events per group context (#3658)
• 3d41c1d chore: update versions and lockfile [version bump]
• a05405d chore: update versions and lockfile [version bump]
• 18ea8b5 feat(node): promote flag definition cache provider types (#3642)
• Additional commits viewable in compare view

Updates @types/bun from 1.3.13 to 1.3.14

Commits

• See full diff in compare view

Updates bun-types from 1.3.13 to 1.3.14

Release notes

Sourced from bun-types's releases.

Bun v1.3.14

To install Bun v1.3.14

curl -fsSL https://bun.sh/install | bash
# or you can use npm
# npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.3.14:

bun upgrade

Read Bun v1.3.14's release notes on Bun's blog

Thanks to 11 contributors!

• @​190n
• @​alii
• @​carlsmedstad
• @​cirospaciari
• @​coleleavitt
• @​djs5008
• @​dylan-conway
• @​ig-ant
• @​Jarred-Sumner
• @​robobun
• @​sosukesuzuki

Commits

• 0d9b296 Bun.serve: rename h3/h1 options to http3/http1 (#30583)
• 191edc0 image: preserve ICC profile through WebP decode/encode (#30211)
• d0a0bc4 Preserve ICC colour profile through Bun.Image JPEG/PNG encode (#30201)
• ed75c88 Bun.Image — Sharp-shaped image pipeline (jpeg/png/webp, resize, rotate, modul...
• accbff6 fetch: experimental HTTP/2 client (#29766)
• b424bb7 Bun.serve: HTTP/3 (QUIC) support via h3: true (#29768)
• e2017e7 ws: respect perMessageDeflate: false in upgrade request (#29685)
• dc578b1 spawn: return caller-supplied fds from Subprocess.stdio[N] (#29629)
• 890ef5a spawn: don't close caller-owned fds passed as extra stdio (#29606)
• b424e70 bun-types: dedupe alias enum keys in FFI type maps (#29193)
• See full diff in compare view

Updates mongodb-memory-server from 11.1.0 to 11.2.0

Release notes

Sourced from mongodb-memory-server's releases.

v11.2.0

11.2.0 (2026-05-28)

Dependencies

• yauzl: upgrade to 3.3.1 (#993) (30e206f), closes #992

Changelog

Sourced from mongodb-memory-server's changelog.

11.2.0 (2026-05-28)

Dependencies

• yauzl: upgrade to 3.3.1 (#993) (30e206f), closes #992

Commits

• d90ae52 release: v11.2.0
• See full diff in compare view

Updates @hookform/resolvers from 5.2.2 to 5.4.0

Release notes

Sourced from @​hookform/resolvers's releases.

v5.4.0

5.4.0 (2026-05-21)

Features

• feat: add ata-validator resolver (#845)

Fixes

• fix issue with toNestErrors.ts (#848)

• add guidance on passing context to yupResolver (useForm context) (#835) (3d29924)

Commits

• 3d29924 feat: add guidance on passing context to yupResolver (useForm context) (#835)
• 56b68f3 feat: 5.3.0
• cf8562d update readme on ata-validator
• 5e5b610 fix issue with toNestErrors.ts (#848)
• 72aacf8 Revise supported versions in SECURITY.md
• ad89a20 feat: add ata-validator resolver (#845)
• 02286db ci: updated publish workflow to use node 24 (#838)
• 2e9bc7c Fix(zodResolver): error paths in complex unions #787 (#819)
• See full diff in compare view

Updates @tanstack/react-query from 5.100.10 to 5.100.14

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.100.14

Patch Changes

• Updated dependencies [ed20b6d]:
  • @​tanstack/react-query@​5.100.14
  • @​tanstack/query-devtools@​5.100.14

@​tanstack/react-query-next-experimental@​5.100.14

Patch Changes

• Updated dependencies [ed20b6d]:
  • @​tanstack/react-query@​5.100.14

@​tanstack/react-query-persist-client@​5.100.14

Patch Changes

• Updated dependencies [ed20b6d]:
  • @​tanstack/react-query@​5.100.14
  • @​tanstack/query-persist-client-core@​5.100.14

@​tanstack/react-query@​5.100.14

Patch Changes

• fix(react-query): do not go into optimistic fetching state when not subscribed (#10759)

• Updated dependencies []:

  • @​tanstack/query-core@​5.100.14

@​tanstack/react-query-devtools@​5.100.13

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.13
  • @​tanstack/react-query@​5.100.13

@​tanstack/react-query-next-experimental@​5.100.13

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.100.13

@​tanstack/react-query-persist-client@​5.100.13

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.100.13
  • @​tanstack/react-query@​5.100.13

@​tanstack/react-query@​5.100.13

Patch Changes

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.100.14

Patch Changes

• fix(react-query): do not go into optimistic fetching state when not subscribed (#10759)

• Updated dependencies []:

  • @​tanstack/query-core@​5.100.14

5.100.13

Patch Changes

• Updated dependencies [d423168]:
  • @​tanstack/query-core@​5.100.13

5.100.12

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.12

5.100.11

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.11

Commits

• See full diff in compare view

Updates framer-motion from 12.38.0 to 12.40.0

Changelog

Sourced from framer-motion's changelog.

[12.40.0] 2026-05-21

Added

• path option to transition.
• arc() for motion along an arc.

[12.39.0] 2026-05-18

Added

• Support for repeatType and repeatDelay in animation sequences.

Fixed

• Variants: Re-run keyframe animations when switching between variant labels even when they share identical keyframe arrays.
• Drag: Preserve in-flight motion value animations across React 19 reorder unmount/remount so dragSnapToOrigin no longer leaves the drag transform stranded after a layout swap.
• LazyMotion: Share React contexts between the framer-motion and framer-motion/m (and therefore motion/react and motion/react-m) CJS bundles so that <m.div> from the /m subpath picks up features loaded by <LazyMotion> from the main entry point.
• useScroll: Support hydrating target and container refs from anywhere in the tree.
• Drag: Gesture no longer starts from incorrect start point when rendered inside <AnimatePresence initial={false} />.
• Drag: dragConstraints, when set as viewport-relative ref, no longer break on scroll.§
• Updated visualElement hydration order.
• useAnimate: Now respects skipAnimations.
• AnimatePresence: Fix object-form initial values not applied on re-entry after exit completes.
• scroll: Fixed callback progress when tracking an element.
• useScroll: Fix hardware acceleration when tracking an element.

Commits

• 38ebb94 v12.40.0
• b1f766c Latest
• bca5544 Merge pull request #3699 from motiondivision/lochie/arcs-injectable
• f1a96cf arc(): rename amp/rotate, expose MotionPath, fix explicit cw/ccw
• b4aaba0 pathRotation: non-destructive orientToPath rotation channel
• 8604ef3 Make arcs injectable via transition.path = arc()
• f90fe29 add orientToPath
• 9ebe999 fix: test
• bc2107e Revert "no should"
• 6eeb92d no should
• Additional commits viewable in compare view

Updates i18next from 26.1.0 to 26.3.0

Release notes

Sourced from i18next's releases.

v26.3.0

• feat(types): introduce ResourceNamespaceMap — a separate mergeable augmentation surface for namespace resource types, designed for monorepos where multiple packages each want to contribute their own namespaces. Previously, every package had to coordinate on a single CustomTypeOptions.resources declaration (or fall back to typing dependency namespaces as any) because resources is a single property of an interface and TypeScript reports TS2717 when two declarations of the same property disagree. The new interface merges naturally across declare module 'i18next' blocks, so each package can ship its own i18next.d.ts independently. Per-property merge handles same-namespace contributions from multiple packages, and same-key/different-literal conflicts are silently dropped to avoid poisoning t() overload resolution. Fully backwards-compatible — existing CustomTypeOptions.resources augmentations continue to work, and both surfaces can coexist. Scalar options (defaultNS, returnNull, enableSelector, etc.) still belong on CustomTypeOptions. Thanks @​sh3xu (#2434). Fixes #2409.

v26.2.0

• feat(types): new parseInterpolation TypeOption (default true). When set to false in CustomTypeOptions, the type-level extractor stops parsing translation strings for {{variable}} patterns. Required by i18next-icu users — the default extractor mistakes ICU MessageFormat nested-brace plurals like {count, plural, one {{count} row} other {{count} rows}} for an interpolation block and demands a phantom variable name. The flag is type-only; runtime interpolation is governed by InterpolationOptions and is unaffected. Fixes i18next-icu#85.
• fix(types): expose enableSelector on InitOptions so i18next.init({ enableSelector: 'strict' }) typechecks without a module augmentation. The runtime already reads opts?.enableSelector from init options; this lands the matching type declaration next to the other selector-resolution knobs. Accepts false | true | 'optimize' | 'strict'. Thanks @​Faithfinder (#2431)

Changelog

Sourced from i18next's changelog.

26.3.0

• feat(types): introduce ResourceNamespaceMap — a separate mergeable augmentation surface for namespace resource types, designed for monorepos where multiple packages each want to contribute their own namespaces. Previously, every package had to coordinate on a single CustomTypeOptions.resources declaration (or fall back to typing dependency namespaces as any) because resources is a single property of an interface and TypeScript reports TS2717 when two declarations of the same property disagree. The new interface merges naturally across declare module 'i18next' blocks, so each package can ship its own i18next.d.ts independently. Per-property merge handles same-namespace contributions from multiple packages, and same-key/different-literal conflicts are silently dropped to avoid poisoning t() overload resolution. Fully backwards-compatible — existing CustomTypeOptions.resources augmentations continue to work, and both surfaces can coexist. Scalar options (defaultNS, returnNull, enableSelector, etc.) still belong on CustomTypeOptions. Thanks @​sh3xu (#2434). Fixes #2409.

26.2.0

• feat(types): new parseInterpolation TypeOption (default true). When set to false in CustomTypeOptions, the type-level extractor stops parsing translation strings for {{variable}} patterns. Required by i18next-icu users — the default extractor mistakes ICU MessageFormat nested-brace plurals like {count, plural, one {{count} row} other {{count} rows}} for an interpolation block and demands a phantom variable name. The flag is type-only; runtime interpolation is governed by InterpolationOptions and is unaffected. Fixes i18next-icu#85.
• fix(types): expose enableSelector on InitOptions so i18next.init({ enableSelector: 'strict' }) typechecks without a module augmentation. The runtime already reads opts?.enableSelector from init options; this lands the matching type declaration next to the other selector-resolution knobs. Accepts false | true | 'optimize' | 'strict'. Thanks @​Faithfinder (#2431)

Commits

• bdf651c 26.3.0
• 988a362 changelog: 26.3.0 entry for #2434
• 159506c feat(types): introduce ResourceNamespaceMap for monorepo namespace augmentati...
• df68b1f ci: restore JSR publishing via GitHub Actions OIDC
• 22fb6ad 26.2.0
• b640ac4 feat(types): parseInterpolation flag for ICU-friendly t() typing (i18next-icu...
• 0b9debd changelog: 26.1.1 entry for #2431
• 50509e4 fix(types): expose enableSelector on InitOptions (#2431)
• 80b5402 Enhance Pro Tip in README with i18next-locize-backend plugin link
• See full diff in compare view

Updates posthog-js from 1.373.2 to 1.376.4

Release notes

Sourced from posthog-js's releases.

posthog-js@1.376.4

1.376.4

Patch Changes

• #3685 f59f35a Thanks @​ioannisj! - fix(cookieless): enable request queue when opting out in on_reject mode. When using cookieless_mode: "on_reject", calling opt_out_capturing() correctly switched the SDK into cookieless capturing but never enabled the RequestQueue — so batched events were enqueued but never flushed over the network. At init time the queue was not started because consent was PENDING and is_capturing() returned false; opt_out_capturing() is the first moment capturing becomes active but was missing the _start_queue_if_opted_in() call that opt_in_capturing() already had. (2026-05-28)

• #3692 f01cd93 Thanks @​ksvat! - fix(replay): take a fresh full snapshot after session ID rotates via forcedIdleReset. Previously, when the session manager's idle enforcement timer rotated the session id, the recorder tore down rrweb and set _isIdle = 'unknown' before the new session id was observed. Neither restart path then fired (the _onSessionIdCallback guard only restarted when _isIdle === true, and _updateWindowAndSessionIds could not run with rrweb stopped), so the new session received only incremental mutations until a later snapshot — leaving the player stuck on "Buffering". The restart guard now also fires when rrweb isn't running. (2026-05-28)

• #3691 cc71f3f Thanks @​ksvat! - fix(replay): ship ph-no-capture absolute-position fix from #3678 to posthog-js. The original changeset only bumped @posthog/rrweb and @posthog/rrweb-snapshot; because posthog-js depends on @posthog/rrweb via workspace:*, the cascade did not bump posthog-js, so the rebuilt bundle containing the fix was not published. This changeset re-publishes posthog-js with the fix. (2026-05-28)

• #3695 e1ff722 Thanks @​ksvat! - chore(replay): expose $sdk_debug_rrweb_attached and $sdk_debug_rrweb_start_attempted debug properties on captured events. Today the SDK already stamps several $sdk_debug_* properties (start reason, linked-flag trigger status, recording status) that report the SDK's intent to record — they all flip to "active" as soon as the state machine evaluates the configured triggers. None of them observe whether rrweb actually attached and is producing events. The new booleans close that gap: $sdk_debug_rrweb_start_attempted is set when _startRecorder() is first entered, and $sdk_debug_rrweb_attached reflects whether _stop...

  Description has been truncated

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.