build(deps): bump posthog-js from 1.391.2 to 1.392.0

[dependabot]

Bumps posthog-js from 1.391.2 to 1.392.0.

Release notes

Sourced from posthog-js's releases.

posthog-js@1.392.0

1.392.0

Minor Changes

• #3895 ce528ed Thanks @​turnipdabeets! - Console log auto-capture (logs: { captureConsoleLogs: true }) now flows through the same pipeline as posthog.captureLog(), posthog.logger.*, and PostHog's other SDKs, instead of OpenTelemetry. As a result:

  • the bundled OpenTelemetry dependencies are removed, shrinking the lazily-loaded logs chunk
  • auto-captured console logs now run through logs.beforeSend (the same hook as captureLog/logger.*), so you can redact or drop sensitive console output before it's sent. To treat console logs differently from manual logs, branch on the record's log.source attribute: auto-captured console logs set it to console.<method> (e.g. console.error), while manual captureLog/logger.* logs leave it unset
  • console logs now link to the person's profile: they carry the person id as posthogDistinctId, the attribute PostHog uses to associate logs with a person (docs). The old path used distinct_id, which isn't used for person linking by default, so console logs previously didn't appear on person profiles unless you'd configured a custom key.

  Console logs keep their posthog-browser-logs service.name, their console instrumentation scope, and their log.source: console.<level> attribute.

  As part of moving onto the shared pipeline, console records now use PostHog's standard log field names — the same ones programmatic web logs and other SDKs use, and the ones the Logs UI surfaces. For the fields below the values are unchanged — only the attribute names/locations differ:

  • distinct_id → posthogDistinctId (record attribute)
  • location.href → url.full (record attribute; same value — the page URL)
  • session.id (resource attribute) → sessionId (record attribute) — renamed and moved
  • host and window.id move from resource attributes to record attributes (names unchanged)
  • records also now carry the standard SDK context shared by other logs, including feature_flags

  For most projects this needs no action — these are already the canonical log fields. The only thing to update is a saved Logs query or dashboard built specifically on an old console attribute name, for example:

  • attributes.distinct_id → attributes.posthogDistinctId
  • attributes.location.href → attributes.url.full
  • resource.attributes.session.id → attributes.sessionId
  • resource.attributes.host / resource.attributes.window.id → attributes.host / attributes.window.id (2026-06-22)

Patch Changes

• Updated dependencies [ce528ed]:
  • @​posthog/core@​1.35.4

posthog-js@1.391.9

1.391.9

Patch Changes

• #3922 26aa9ba Thanks @​posthog! - Exception autocapture: posthog-js's own fetch timeout now aborts with an explicit, descriptive reason (PostHog request timed out after <n>ms) instead of a reason-less DOMException: AbortError: signal is aborted without reason. This keeps name === 'AbortError' so existing timeout handling (e.g. feature flag timeout detection) is unchanged, but makes our own timeouts identifiable and stops them being re-captured as noise by console-error exception autocapture. (2026-06-22)

posthog-js@1.391.8

1.391.8

Patch Changes

• #3908 1fce04f Thanks @​marandaneto! - Apply CSP stylesheet preparation hook to Product Tours styles. (2026-06-22)

posthog-js@1.391.7

1.391.7

Patch Changes

... (truncated)

Commits

• 3ec9a35 chore: update versions and lockfile [version bump]
• ce528ed feat(logs): migrate web console capture to @​posthog/core, removing OpenTeleme...
• 5486ab3 chore: update versions and lockfile [version bump]
• 26aa9ba fix(exceptions): give posthog-js fetch timeouts an identifiable abort reason ...
• 6a4ff56 feat(examples): add SpacetimeDB app with PostHog instrumentation (#3918)
• bafe192 chore: update versions and lockfile [version bump]
• 1fce04f fix(browser): apply CSP hook to product tour styles (#3908)
• 870cfa4 fix(react): filter disabled bootstrap active flags (#3905)
• 2d4e790 chore: update versions and lockfile [version bump]
• dac4edb feat(replay): redact credential headers on request and response in network ca...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)