build(deps): bump posthog-js from 1.376.6 to 1.379.1

[dependabot]

Bumps posthog-js from 1.376.6 to 1.379.1.

Release notes

Sourced from posthog-js's releases.

posthog-js@1.379.1

1.379.1

Patch Changes

• #3570 4a27ced Thanks @​gruessi! - fix(record): release iframe documents and observers on iframe removal — same-origin iframes mounted and unmounted while session recording is active no longer leak their Document, every node serialized into the mirror, or one MutationObserver per mount. Closes eight retainer chains: load-listener disposers, named pagehide handlers, the recordCrossOriginIframes cleanup gate (now applied to same-origin too), captured Document / Window sets that survive iframe.src swap-to-about:blank before removal, and the global mutationBuffers[] / handlers[] arrays which previously accumulated forever. Validated end-to-end: a host page that mounts/unmounts 5 blob-URL iframes every 2s for 110s went from +118 MB / +390 leaked HTMLDocuments to ~0 MB / 0. (2026-06-03)

• #3717 1688b38 Thanks @​turnipdabeets! - Move the OpenTelemetry logs dependencies to devDependencies. They are only used to build the CDN-served logs extension chunk, which inlines them, so consumers no longer install the transitive protobufjs (whose eval("require") tripped unsafe-eval Content Security Policies).

  If you imported @opentelemetry/* directly while relying on it being hoisted from posthog-js, add it to your own dependencies. (2026-06-03)

• Updated dependencies []:

  • @​posthog/types@​1.379.1
  • @​posthog/core@​1.30.4

posthog-js@1.379.0

1.379.0

Minor Changes

• #3722 c487070 Thanks @​marandaneto! - Add $sdk_dist_channel event property for browser SDK npm and cdn distribution channels. (2026-06-02)

Patch Changes

• Updated dependencies []:
  • @​posthog/types@​1.379.0
  • @​posthog/core@​1.30.3

posthog-js@1.378.1

1.378.1

Patch Changes

• #3706 8fcf40d Thanks @​dustinbyrne! - fix(browser): avoid exposing internally-created Request bodies to downstream fetch wrappers in Safari. (2026-06-01)
• Updated dependencies []:
  • @​posthog/types@​1.378.1
  • @​posthog/core@​1.30.2

posthog-js@1.378.0

1.378.0

Minor Changes

• #3688 8181354 Thanks @​pauldambra! - feat(persistence): add persistence_save_debounce_ms config option to coalesce rapid storage saves into a single write. Setting a positive value debounces writes to localStorage/cookie by that window; the in-memory props object still updates synchronously so within-tab reads see the latest values immediately, and pending writes flush on beforeunload and pagehide so no state is lost on tab close. Cross-tab storage events are reduced proportionally to the debounce window. Defaults to 0 (no debouncing) for backwards compatibility. On pages that capture many events per second, 250 is a reasonable starting point. The new 2026-05-30 config default opts into persistence_save_debounce_ms: 250 automatically. (2026-06-01)

Patch Changes

... (truncated)

Commits

• 808862d chore: update versions and lockfile [version bump]
• 308dd38 chore: add Sentry attribution comments (#3732)
• 4a27ced fix(record): stop leaking same-origin iframe state on removal (#3570)
• 1688b38 fix(logs): move OpenTelemetry deps to devDependencies (#3717)
• f052bd7 chore: update versions and lockfile [version bump]
• c487070 feat: add browser SDK dist channel property (#3722)
• b778ccb chore: update versions and lockfile [version bump]
• 3aff16e feat(react): optional defaultValue for useFeatureFlagEnabled (#3718)
• a2e1d9f chore: update versions and lockfile [version bump]
• 3889f02 feat(webpack-plugin): default sourcemaps.enabled to true (#3716)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)