[Snyk] Upgrade posthog-js from 1.297.2 to 1.310.1 #9541
Conversation
Snyk has created this PR to upgrade posthog-js from 1.297.2 to 1.310.1. See this package in npm: posthog-js See this project in Snyk: https://app.snyk.io/org/continue-dev-inc.-default/project/c5fb30df-a06c-44cb-83af-5ada5ff6e4a9?utm_source=github&utm_medium=referral&page=upgrade-pr
sestinj
requested review from
Patrick-Erichsen
and removed request for
a team
Learn moreAll Green is an AI agent that automatically: ✅ Addresses code review comments ✅ Fixes failing CI checks ✅ Resolves merge conflicts |
1 similar comment
Learn moreAll Green is an AI agent that automatically: ✅ Addresses code review comments ✅ Fixes failing CI checks ✅ Resolves merge conflicts |
Learn moreAll Green is an AI agent that automatically: ✅ Addresses code review comments ✅ Fixes failing CI checks ✅ Resolves merge conflicts |
dosubot
bot
added
the
size:XS
|
|
✅ Review Complete Code Review Summary |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
1 issue found across 1 file
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="gui/package.json">
<violation number="1" location="gui/package.json:55">
P2: posthog-js version bumped in package.json but gui/package-lock.json still locks to ^1.281.0, leaving dependency update unapplied/out-of-sync</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| "minisearch": "^7.0.2", | ||
| "mustache": "^4.2.0", | ||
| "posthog-js": "^1.281.0", | ||
| "posthog-js": "^1.310.1", |
There was a problem hiding this comment.
P2: posthog-js version bumped in package.json but gui/package-lock.json still locks to ^1.281.0, leaving dependency update unapplied/out-of-sync
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At gui/package.json, line 55:
<comment>posthog-js version bumped in package.json but gui/package-lock.json still locks to ^1.281.0, leaving dependency update unapplied/out-of-sync</comment>
<file context>
@@ -52,7 +52,7 @@
"minisearch": "^7.0.2",
"mustache": "^4.2.0",
- "posthog-js": "^1.281.0",
+ "posthog-js": "^1.310.1",
"react": "^18.2.0",
"react-dom": "^18.2.0",
</file context>
Snyk has created this PR to upgrade posthog-js from 1.297.2 to 1.310.1.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 26 versions ahead of your current version.
The recommended version was released 23 days ago.
Issues fixed by the recommended upgrade:
SNYK-JS-DAGRED3ES-13110069
Release notes
Package name: posthog-js
-
1.310.1 - 2025-12-23
-
1.310.0 - 2025-12-22
-
1.309.1 - 2025-12-17
-
1.309.0 - 2025-12-17
-
1.308.0 - 2025-12-17
-
1.307.2 - 2025-12-16
-
1.307.1 - 2025-12-16
-
1.307.0 - 2025-12-16
-
1.306.2 - 2025-12-15
-
1.306.1 - 2025-12-13
-
1.306.0 - 2025-12-12
-
1.305.0 - 2025-12-11
-
1.304.0 - 2025-12-10
-
1.303.1 - 2025-12-10
-
1.303.0 - 2025-12-10
-
1.302.2 - 2025-12-05
-
1.302.1 - 2025-12-05
-
1.302.0 - 2025-12-05
-
1.301.2 - 2025-12-04
-
1.301.1 - 2025-12-04
-
1.301.0 - 2025-12-04
-
1.300.0 - 2025-12-03
-
1.299.0 - 2025-12-01
-
1.298.1 - 2025-11-26
-
1.298.0 - 2025-11-24
-
1.297.4 - 2025-11-24
-
1.297.2 - 2025-11-20
from posthog-js GitHub release notesImportant
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
Continue Tasks
Powered by Continue
Summary by cubic
Upgrade posthog-js to 1.310.1 to fix a transitive Prototype Pollution vulnerability and keep our analytics SDK up to date. Dependency-only change; no app code or migration needed.
Written for commit 14a5336. Summary will update on new commits.