chore(deps): update dependency posthog-js to v1.302.2 (#986)

This PR contains the following updates:

| Package | Type | Update | Change | OpenSSF |
|---|---|---|---|---|
| [posthog-js](https://posthog.com/docs/libraries/js)
([source](https://redirect.github.com/PostHog/posthog-js)) |
dependencies | minor | [`1.301.0` ->
`1.302.2`](https://renovatebot.com/diffs/npm/posthog-js/1.301.0/1.302.2)
| [![OpenSSF
Scorecard](https://api.securityscorecards.dev/projects/github.com/PostHog/posthog-js/badge)](https://securityscorecards.dev/viewer/?uri=github.com/PostHog/posthog-js)
|

---

### Release Notes

<details>
<summary>PostHog/posthog-js (posthog-js)</summary>

###
[`v1.302.2`](https://redirect.github.com/PostHog/posthog-js/releases/tag/posthog-js%401.302.2)

[Compare
Source](https://redirect.github.com/PostHog/posthog-js/compare/posthog-js@1.302.1...posthog-js@1.302.2)

#### 1.302.2

##### Patch Changes

-
[#&#8203;2696](https://redirect.github.com/PostHog/posthog-js/pull/2696)
[`daeacdb`](https://redirect.github.com/PostHog/posthog-js/commit/daeacdb4ca39d4274e3dd51908562b9d83c74f96)
Thanks [@&#8203;ksvat](https://redirect.github.com/ksvat)! - Update
[@&#8203;posthog/rrweb](https://redirect.github.com/posthog/rrweb)
dependencies to 0.0.33
  (2025-12-05)

###
[`v1.302.1`](https://redirect.github.com/PostHog/posthog-js/compare/posthog-js@1.302.0...posthog-js@1.302.1)

[Compare
Source](https://redirect.github.com/PostHog/posthog-js/compare/posthog-js@1.302.0...posthog-js@1.302.1)

###
[`v1.302.0`](https://redirect.github.com/PostHog/posthog-js/releases/tag/posthog-js%401.302.0)

[Compare
Source](https://redirect.github.com/PostHog/posthog-js/compare/posthog-js@1.301.2...posthog-js@1.302.0)

#### 1.302.0

##### Minor Changes

-
[#&#8203;2693](https://redirect.github.com/PostHog/posthog-js/pull/2693)
[`4458da7`](https://redirect.github.com/PostHog/posthog-js/commit/4458da7cafa64749059eea6e6a1ef056f64fea98)
Thanks [@&#8203;adboio](https://redirect.github.com/adboio)! -
fix(surveys): prefilled questions for hosted surveys
  (2025-12-04)

###
[`v1.301.2`](https://redirect.github.com/PostHog/posthog-js/releases/tag/posthog-js%401.301.2)

[Compare
Source](https://redirect.github.com/PostHog/posthog-js/compare/posthog-js@1.301.1...posthog-js@1.301.2)

#### 1.301.2

##### Patch Changes

-
[#&#8203;2690](https://redirect.github.com/PostHog/posthog-js/pull/2690)
[`e9c00fd`](https://redirect.github.com/PostHog/posthog-js/commit/e9c00fd451f6ee648ff40dcad538d38bfd5f3ff4)
Thanks [@&#8203;robbie-c](https://redirect.github.com/robbie-c)! -
Related to
<https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182>

We didn't include any of the vulnerable deps in any of our packages,
however we did have them as dev / test / example project dependencies.

There was no way that any of these vulnerable packages were included in
any of our published packages.

  We've now patched out those dependencies.

Out of an abundance of caution, let's create a new release of all of our
packages. (2025-12-04)

- Updated dependencies
\[[`e9c00fd`](https://redirect.github.com/PostHog/posthog-js/commit/e9c00fd451f6ee648ff40dcad538d38bfd5f3ff4)]:
-
[@&#8203;posthog/core](https://redirect.github.com/posthog/core)@&#8203;1.7.1

###
[`v1.301.1`](https://redirect.github.com/PostHog/posthog-js/releases/tag/posthog-js%401.301.1)

[Compare
Source](https://redirect.github.com/PostHog/posthog-js/compare/posthog-js@1.301.0...posthog-js@1.301.1)

#### 1.301.1

##### Patch Changes

-
[#&#8203;2666](https://redirect.github.com/PostHog/posthog-js/pull/2666)
[`2004d36`](https://redirect.github.com/PostHog/posthog-js/commit/2004d369854d1467ae01120340cfa475ea8c42d5)
Thanks [@&#8203;pauldambra](https://redirect.github.com/pauldambra)! -
fix: session id rotation relied on in-memory cache which would be stale
after log idle periods - particularly with multiple windows in play
  (2025-12-04)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At 12:00 AM through 04:59 AM and 10:00
PM through 11:59 PM, Monday through Friday ( * 0-4,22-23 * * 1-5 ), Only
on Sunday and Saturday ( * * * * 0,6 ) (UTC), Automerge - At any time
(no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/settlemint/docs).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4zMi4yIiwidXBkYXRlZEluVmVyIjoiNDIuMzIuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Update posthog-js to 1.302.2 to bring in recent analytics fixes and
improvements. Includes better session handling and hosted survey
behavior.

- **Dependencies**
  - Bump posthog-js from 1.301.0 to 1.302.2.
  - Lockfile updates @posthog/core to 1.7.1.
- Pulls upstream fixes: session ID rotation reliability, prefilled
hosted survey questions, rrweb 0.0.33, and a dev-deps security cleanup.

<sup>Written for commit 5d09ba3.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

Author: renovate[bot]

bun.lock

@@ -31,7 +31,7 @@
         "lucide-react": "0.555.0",
         "mermaid": "11.12.2",
         "next": "16.0.7",
-        "posthog-js": "1.301.0",
+        "posthog-js": "1.302.2",
         "react": "19.2.1",
         "react-dom": "19.2.1",
         "react-medium-image-zoom": "5.4.0",
@@ -393,7 +393,7 @@
 
     "@orama/orama": ["@orama/orama@3.1.16", "", {}, "sha512-scSmQBD8eANlMUOglxHrN1JdSW8tDghsPuS83otqealBiIeMukCQMOf/wc0JJjDXomqwNdEQFLXLGHrU6PGxuA=="],
 
-    "@posthog/core": ["@posthog/core@1.7.0", "", { "dependencies": { "cross-spawn": "^7.0.6" } }, "sha512-d6ZV4grpzeH/6/LP8quMVpSjY1puRkrqfwcPvGRKUAX7tb7YHyp/zMiTDuJmOFbpUxAMBXH5nDwcPiyCY2WGzA=="],
+    "@posthog/core": ["@posthog/core@1.7.1", "", { "dependencies": { "cross-spawn": "^7.0.6" } }, "sha512-kjK0eFMIpKo9GXIbts8VtAknsoZ18oZorANdtuTj1CbgS28t4ZVq//HAWhnxEuXRTrtkd+SUJ6Ux3j2Af8NCuA=="],
 
     "@radix-ui/number": ["@radix-ui/number@1.1.1", "", {}, "sha512-MkKCwxlXTgz6CFoJx3pCwn07GKp36+aZyu/u2Ln2VrA5DcdyCZkASEDBTd8x5whTQQL5CiYf4prXKLcgQdv29g=="],
 
@@ -1711,7 +1711,7 @@
 
     "postgres-interval": ["postgres-interval@1.2.0", "", { "dependencies": { "xtend": "^4.0.0" } }, "sha512-9ZhXKM/rw350N1ovuWHbGxnGh/SNJ4cnxHiM0rxE4VN41wsg8P8zWn9hv/buK00RP4WvlOyr/RBDiptyxVbkZQ=="],
 
-    "posthog-js": ["posthog-js@1.301.0", "", { "dependencies": { "@posthog/core": "1.7.0", "core-js": "^3.38.1", "fflate": "^0.4.8", "preact": "^10.19.3", "web-vitals": "^4.2.4" } }, "sha512-HXAXPvE0us6kIPinE/DT3MfuMZNSe0tSRNplXkzGHA03izNFImqh663axROt9+8aaCH1aUCMPDHXrKxvNfVobw=="],
+    "posthog-js": ["posthog-js@1.302.2", "", { "dependencies": { "@posthog/core": "1.7.1", "core-js": "^3.38.1", "fflate": "^0.4.8", "preact": "^10.19.3", "web-vitals": "^4.2.4" } }, "sha512-4voih22zQe7yHA7DynlQ3B7kgzJOaKIjzV7K3jJ2Qf+UDXd1ZgO7xYmLWYVtuKEvD1OXHbKk/fPhUTZeHEWpBw=="],
 
     "preact": ["preact@10.27.2", "", {}, "sha512-5SYSgFKSyhCbk6SrXyMpqjb5+MQBgfvEKE/OC+PujcY34sOpqtr+0AZQtPYx5IA6VxynQ7rUPCtKzyovpj9Bpg=="],
 

package.json

@@ -41,7 +41,7 @@
     "lucide-react": "0.555.0",
     "mermaid": "11.12.2",
     "next": "16.0.7",
-    "posthog-js": "1.301.0",
+    "posthog-js": "1.302.2",
     "react": "19.2.1",
     "react-dom": "19.2.1",
     "react-medium-image-zoom": "5.4.0",