build(deps): bump posthog-js from 1.390.2 to 1.391.2

[dependabot]

Bumps posthog-js from 1.390.2 to 1.391.2.

Release notes

Sourced from posthog-js's releases.

posthog-js@1.391.2

1.391.2

Patch Changes

• #3903 6b21f77 Thanks @​marandaneto! - Validate custom event UUID overrides and generate new UUIDs when invalid. (2026-06-19)
• Updated dependencies [6b21f77]:
  • @​posthog/core@​1.35.3
  • @​posthog/types@​1.390.2

posthog-js@1.391.1

1.391.1

Patch Changes

• #3899 d090a7c Thanks @​lucasheriques! - Surveys: re-check eligibility when a popover's display delay elapses, instead of only re-checking the URL.

  A survey with a display delay could be queued while a visitor was still anonymous (the targeting flag passed for the anonymous profile), and then displayed after the delay even though identify() had reloaded feature flags and the survey's internal targeting flag was now false for the identified profile (e.g. a "show once per user" survey the person had already dismissed). The delayed display now re-runs the full display predicate (eligibility, URL/device/selector conditions, event/action trigger, and feature flags) before rendering, so a survey that became ineligible during the delay is no longer shown. Pending delayed surveys are also cancelled promptly when a later evaluation cycle finds them ineligible. (2026-06-19)

posthog-js@1.391.0

1.391.0

Minor Changes

• #3885 5392a55 Thanks @​pauldambra! - feat(replay): capture canvas at reduced resolution

  Adds session_recording.canvasCapture.resolutionScale - a (0, 1] fraction of the canvas display size to capture replay frames at. The captured bitmap is downscaled (pixel-area savings are quadratic) while the canvas's true display size is still recorded, so playback stretches the smaller frame back to the correct dimensions and aspect ratio - only sharpness drops, never layout. It defaults to 1 (full resolution, matching today's behaviour), and the latest defaults bundle (2026-05-30) opts new installs into 0.6.

  The canvas's true display size travels with each frame through the encode worker (as required message fields), so the encoded reply is always drawn back to the correct dimensions — no per-canvas state is retained on the main thread, and downscaling can never mislabel a canvas's dimensions. At full resolution the captured pixels are unchanged (the quality resampling hint is only applied when actually downscaling); the emitted drawImage now always uses the explicit destination-size form, which is pixel-equivalent on replay.

  Mechanically, @posthog/rrweb's canvas FPS-snapshot observer takes an optional canvasResolutionScale record option and downscales each captured frame accordingly. (2026-06-19)

Patch Changes

• Updated dependencies [5392a55]:
  • @​posthog/types@​1.390.1

Commits

• b0bd00f chore: update versions and lockfile [version bump]
• 6b21f77 fix: validate custom event UUIDs (#3903)
• e82c3eb chore: update versions and lockfile [version bump]
• d090a7c fix(surveys): re-validate eligibility when the popup delay fires (#3899)
• 9d30e9b chore: update versions and lockfile [version bump]
• c3a38fd feat: add exception steps to react native error tracking (#3861)
• 37f4b55 chore: update versions and lockfile [version bump]
• 5392a55 feat(replay): capture canvas frames at reduced resolution (#3885)
• 2ee9bd0 chore(deps): weekly safe npm updates · 8 packages (#3835)
• 229efff chore: update versions and lockfile [version bump]
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)