Skip to content

build(deps): bump the minor group in /ui with 4 updates#14865

Merged
MilosPaunovic merged 1 commit intodevelopfrom
dependabot/npm_and_yarn/ui/minor-db2d4b7994
Mar 3, 2026
Merged

build(deps): bump the minor group in /ui with 4 updates#14865
MilosPaunovic merged 1 commit intodevelopfrom
dependabot/npm_and_yarn/ui/minor-db2d4b7994

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 2, 2026
edited
Loading

Bumps the minor group in /ui with 4 updates: pdfjs-dist, posthog-js, globals and lint-staged.

Updates pdfjs-dist from 5.4.624 to 5.5.207

Release notes

Sourced from pdfjs-dist's releases.

v5.5.207

This release contains improvements for accessibility, font conversion, image conversion, performance, text selection and the viewer.

Changes since v5.4.624

... (truncated)

Commits
  • 5279646 Merge pull request #20751 from calixteman/bug2016693
  • 98d0332 Merge pull request #20767 from calixteman/followup_20742
  • c1fe547 Add an integration test for the issue fixed in #20742
  • 62ceac6 Merge pull request #20769 from timvandermeij/updates
  • 3d2d145 Fix vulnerabilities in dependency versions
  • ced9b47 Upgrade c8 to version 11.0.0
  • 4cb0d50 Update dependencies to the most recent versions
  • 5cbb841 Merge pull request #20768 from calixteman/rm_yargs
  • 1861a4c Merge pull request #20756 from Snuffleupagus/PDFDataRangeTransport-tests
  • f32b9d2 Merge pull request #20738 from Snuffleupagus/function-shorten
  • Additional commits viewable in compare view

Updates posthog-js from 1.354.3 to 1.356.2

Release notes

Sourced from posthog-js's releases.

posthog-js@1.356.2

1.356.2

Patch Changes

  • #3174 e9127d8 Thanks @​TueHaulund! - Detect and report when rrweb fails to initialize. rrweb's record() silently swallows startup errors and returns undefined, which previously left the SDK reporting an active recording status while capturing zero data. The SDK now checks the return value and reports a new rrweb_error status, making the failure visible in debug properties. (2026-03-02)

  • #3175 6ee5f12 Thanks @​TueHaulund! - Fix memory leak in canvas recording on Safari < 16.4 where ImageBitmaps were never closed when OffscreenCanvas was unavailable in the web worker. (2026-03-02)

  • #3178 186871a Thanks @​TueHaulund! - Skip canvas FPS recording entirely on browsers without OffscreenCanvas support (Safari < 16.4) instead of running a wasteful requestAnimationFrame loop that can never produce data. Also includes displayWidth/displayHeight in canvas mutation data for correct replay sizing. (2026-03-02)

  • #3176 87bae20 Thanks @​dustinbyrne! - fix: Drop explicit exports (2026-03-02)

  • #3172 2e46959 Thanks @​dustinbyrne! - fix: Compressed requests use ArrayBuffer (2026-03-02)

  • Updated dependencies []:

    • @​posthog/types@​1.356.2

posthog-js@1.356.1

1.356.1

Patch Changes

  • #3128 a500d14 Thanks @​ksvat! - wait for fresh config before recording start decision, add new recorder status, output recording started event (2026-02-27)
  • Updated dependencies []:
    • @​posthog/types@​1.356.1

posthog-js@1.356.0

1.356.0

Minor Changes

Patch Changes

  • #3154 a47179c Thanks @​slshults! - fix: Improve tablet device type detection when Chrome sends desktop-like UA strings

    Chrome on Android tablets defaults to "request desktop site" mode, sending a UA string indistinguishable from desktop Linux. This uses the Client Hints API (navigator.userAgentData.platform) and touch capability (navigator.maxTouchPoints) to correctly classify these devices as Tablet or Mobile when UA-based detection falls through to the Desktop default. (2026-02-26)

  • #3145 d741668 Thanks @​dmarticus! - Adds a remote_config_refresh_interval_ms config option to control how often feature flags are automatically refreshed in long-running sessions.

... (truncated)

Commits
  • f149eb9 chore: update versions and lockfile [version bump]
  • 2e46959 fix(browser): Send gzipped request body as ArrayBuffer (#3172)
  • 186871a chore(deps): bump @​posthog/rrweb-* to 0.0.44 (#3178)
  • 87bae20 fix(browser): Drop explicit exports in package.json (#3176)
  • e9127d8 fix(replay): detect and report rrweb silent initialization failure (#3174)
  • 6ee5f12 chore(deps): bump @​posthog/rrweb-* to 0.0.43 (#3175)
  • 0dc03b0 feat(node): Add timestamp tracking for debugging local feature flag evaluatio...
  • 18dfcc1 docs: add backwards compatibility warnings to recorder entrypoints (#3167)
  • 7ba6a27 chore: update versions and lockfile [version bump]
  • a500d14 fix(replay): wait for new config before recording decision (#3128)
  • Additional commits viewable in compare view

Updates globals from 17.3.0 to 17.4.0

Release notes

Sourced from globals's releases.

v17.4.0

  • Update globals (2026-03-01) (#338) d43a051

sindresorhus/globals@v17.3.0...v17.4.0

Commits

Updates lint-staged from 16.2.7 to 16.3.1

Release notes

Sourced from lint-staged's releases.

v16.3.1

Patch Changes

  • #1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

v16.3.0

Minor Changes

  • #1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

  • #1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

  • #1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.
Changelog

Sourced from lint-staged's changelog.

16.3.1

Patch Changes

  • #1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

16.3.0

Minor Changes

  • #1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

  • #1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

  • #1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.
Commits
  • 2a74cd2 chore(changeset): release
  • cd5d762 refactor: remove nano-spawn dependency completely
  • e342cab build(deps): move nano-spawn to dev
  • 9aa2cd7 chore(changeset): release
  • 0c387bc test: make long-running task longer because of GitHub Actions slowness
  • 87467aa refactor: detect incorrect brace expansion exhaustively
  • dceabc6 ci: run npm audit in GitHub Actions
  • d0e4c2a build(deps): update dependencies
  • 93cf144 docs: add tip about lint-staged.sh
  • 9809fee test: adjust integration test logging setup for concurrency
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added area/frontend Needs frontend code changes dependency-upgrade Dependency upgrade is needed labels Mar 2, 2026
@github-project-automation github-project-automation bot moved this to To review in Pull Requests Mar 2, 2026
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ui/minor-db2d4b7994 branch from 5e0a55b to bd73fa3 Compare March 3, 2026 07:25
@MilosPaunovic
Copy link
Member

MilosPaunovic commented Mar 3, 2026

@dependabot recreate

@dependabot
build(deps): bump the minor group in /ui with 4 updates
6bf097c 
Bumps the minor group in /ui with 4 updates: [pdfjs-dist](https://github.com/mozilla/pdf.js), [posthog-js](https://github.com/PostHog/posthog-js), [globals](https://github.com/sindresorhus/globals) and [lint-staged](https://github.com/lint-staged/lint-staged).


Updates `pdfjs-dist` from 5.4.624 to 5.5.207
- [Release notes](https://github.com/mozilla/pdf.js/releases)
- [Commits](mozilla/pdf.js@v5.4.624...v5.5.207)

Updates `posthog-js` from 1.354.3 to 1.356.2
- [Release notes](https://github.com/PostHog/posthog-js/releases)
- [Changelog](https://github.com/PostHog/posthog-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/PostHog/posthog-js/compare/posthog-js@1.354.3...posthog-js@1.356.2)

Updates `globals` from 17.3.0 to 17.4.0
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](sindresorhus/globals@v17.3.0...v17.4.0)

Updates `lint-staged` from 16.2.7 to 16.3.1
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](lint-staged/lint-staged@v16.2.7...v16.3.1)

---
updated-dependencies:
- dependency-name: pdfjs-dist
  dependency-version: 5.5.207
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: posthog-js
  dependency-version: 1.356.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: globals
  dependency-version: 17.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: lint-staged
  dependency-version: 16.3.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ui/minor-db2d4b7994 branch from bd73fa3 to 6bf097c Compare March 3, 2026 07:36
@MilosPaunovic MilosPaunovic merged commit 28c3f32 into develop Mar 3, 2026
8 of 9 checks passed
@MilosPaunovic MilosPaunovic deleted the dependabot/npm_and_yarn/ui/minor-db2d4b7994 branch March 3, 2026 07:39
@github-project-automation github-project-automation bot moved this from To review to Done in Pull Requests Mar 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MilosPaunovic MilosPaunovic MilosPaunovic approved these changes

Assignees

No one assigned

Labels

area/frontend Needs frontend code changes dependency-upgrade Dependency upgrade is needed

Projects

Pull Requests
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MilosPaunovic