packetfence icon indicating copy to clipboard operation
packetfence copied to clipboard

Published 20 hours ago verified publisher icon inverse-inc

[Snyk] Upgrade mixpanel-browser from 2.45.0 to 2.49.0

Open satkunas opened this issue 9 months ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade mixpanel-browser from 2.45.0 to 2.49.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 5 versions ahead of your current version.
  • The recommended version was released 3 months ago, on 2024-02-06.
Release notes
Package name: mixpanel-browser
  • 2.49.0 - 2024-02-06

    This release updates capabilities related to web/marketing/attribution analytics.

    The track_pageview init option now accepts three string values to support SPA pageview tracking:

    • "url-with-path": fire pageview events only when main url path changes (https://example.com/foo -> https://example.com/bar but not https://example.com/foo?bar=1 -> https://example.com/foo?bar=2)
    • "url-with-path-and-query-string": fire pageview events only when main url path or query string changes (https://example.com/foo?bar=1 -> https://example.com/foo?bar=2 but not https://example.com/foo?bar=1#baz -> https://example.com/foo?bar=1#qux)
    • "full-url": fire pageview events when anything on the URL changes

    Example:

    mixpanel.init(`my token`, {track_pageview: `url-with-path-and-query-string`});

    Profile properties storing referrer info ($initial_referrer and $initial_referring_domain) are now saved with set_once instead of set, to prevent overwriting.

    Persistence of UTM parameters can now be turned off with the init option {stop_utm_persistence: true}. This is opt-in today but will be the default setting in a future release. The stop_utm_persistence option will also override the store_google option, which is responsible persisting UTM parameters today. If store_google and stop_utm_persistence are both true, any persisted UTM parameters will be cleared from storage.

    Visits from AhrefsSiteAudit crawler are now ignored.

  • 2.48.1 - 2023-11-14

    This update patches a discrepancy between the minified and unminified versions of the packaged SDK. Campaign parameters will now be stored as super properties persistently in all versions.

  • 2.48.0 - 2023-11-13

    API endpoint routes can now be configured individually, so you can rename /track, /engage, and /groups HTTP endpoints arbitrarily. Configure with the api_routes option:

    mixpanel.init(`my token`, {
  api_host: `https://my-proxy.example.com`,
  api_routes: {
    track: `foo/`,
    engage: `bar/`,
    groups: `baz/`,
  },
));

    In the above example, event-tracking requests will go to https://my-proxy.example.com/foo/, user profile updates to https://my-proxy.example.com/bar/, etc.

    Other fixes:

    • Event properties object passed to mixpanel.track() will no longer be mutated
    • Super properties are now reloaded from persistence when making every tracking call (i.e., kept fresh when another tab/window in the same browser has updated them)
    • Extra failsafe behavior for trying to clear queued requests when localStorage doesn't work on startup, e.g., when localStorage is full so writes fail
    • Block Chrome-Lighthouse user agent
    • Fix for error in add_group() when adding a new group to an existing list
  • 2.47.0 - 2023-04-28

    New default event properties are now captured with each event, holding campaign data present on the URL at the time of tracking. These include UTM parameters (in the format utm_source, utm_campaign, etc.) and Click Identifiers (e.g., gclid, fbclid, etc.). This functionality can be disabled with the initialization setting {track_marketing: false}.

    UTM parameter properties are no longer persisted across pageloads as superproperties. They will be present only on events tracked on the same pageload where they were present initially. (2023-09-13) Correction: UTM parameter properties still persist across pageloads as superproperties. Persistence will be removed in a future release.

    For better first-touch attribution, UTM parameters present on the URL on pageload will be "set once" as profile properties (meaning that a new value will not overwrite any existing value on the profile property). These property names take the format initial_utm_source, initial_utm_campaign, etc. This functionality can be disabled with the initialization setting {skip_first_touch_marketing: true}.

    Support for automatic page-view tracking has been restored. With the init option {track_pageview: true}, an event named $mp_web_page_view will be tracked on pageload, containing properties identifying the current page (current_page_title, current_url_path, etc.) as well as any UTM parameters and Click Identifiers. Pageview events with these properties can also be triggered manually:

    // track a pageview event mixpanel.track_pageview();

    // track pageview with additional properties mixpanel.track_pageview({'Test variant': 'control'});

    Automatic page-view tracking may be turned on by default in a future release.

    Miscellaneous updates:

    • UUID generation now uses performance.now() when available as part of its time-based entropy algorithm
    • The network payload format now defaults to JSON for any API host containing the string mixpanel.com (looser than previous host checks)
  • 2.46.0 - 2023-03-23

    The mixpanel.identify() implementation has been updated for compatibility with Mixpanel's new identity management system (v3). From this version, we will prefix randomly-generated device-specific distinct_ids with "$device:". The prefix is applied the next time a new random ID is generated; any IDs generated by previous SDK versions and persisted in the browser will continue to be used as-is until reset is called to generate a new ID. This does not change the value sent for the $device_id property, which will continue to be the randomly-generated ID without a prefix. Mixpanel's $identify endpoint has been updated to accept UUIDs with this prefix to coordinate with this change.

    This release also contains more aggressive client-side deduplication in the event-batching system, to reduce superfluous network sends in edge cases where parts of the queue/batch system fail. Related to this update, events now include a property mp_sent_by_lib_version which can distinguish the version of the library that actually sent an event over the network vs the version that originally queued the event.

  • 2.45.0 - 2022-02-18

    All code relating to in-app notifications has been removed, as the "Messages & Experiments" product is now entirely inactive after a 1.5 year deprecation cycle. The only noticeable changes should be:

    • The SDK no longer makes network calls to the /decide API endpoint.
    • The gzipped size of the minified full SDK is now 17435 bytes.

    There is now also support for surfacing SDK errors/warnings via the error_reporter configuration option. Exceptions and error messages which the SDK catches and handles will be passed to your handler function if supplied, e.g.:

    mixpanel.init('my token', {
  error_reporter: function(msg, err) {
    Rollbar.warn(msg, err); // send to your 3rd-party error monitor
    console.error(...arguments); // blow up your dev console locally
  },
});

    The err argument is an Error object preserving the stack. Note that errors that make it to the user-configured reporter are generally already handled by the SDK and should be used just for informational/debugging/monitoring purposes (e.g., "Error; retry in 10000 ms" is the batch/retry system responding to a network failure). Some errors are informative for uncovering implementation issues, e.g. "No event name provided to mixpanel.track".

    Several fixes are included in this release:

    • Several var declarations were missing for the asynchronous HTML "snippet" loader (#215)
    • Some edge cases of the batch/retry system have been fixed that could cause many extraneous network requests (primarily in cases where localStorage becomes unusable after an event has already been queued).
from mixpanel-browser GitHub release notes
Commit messages
Package name: mixpanel-browser
  • 3623fe0 2.49.0
  • 4ef9f56 changelog for 2.49.0
  • 63de385 rebuild 2.49.0
  • 06de36f Squashed commit of the following:
  • 038d2fc Fix page view firing logic for path changes only
  • 50d138c Merge branch 'master' into chi.feature.attribution-ga
  • be18d07 Add config option to turn off UTM persistence from store_google
  • 7d155e6 rebuild 2.48.1 + changelog
  • ac18edb 2.48.1
  • 4a114e6 rebuild 2.48.1
  • e55bfca Ensure UTMs persist in both unminified and minified code
  • 3a2d8d9 2.48.0
  • bd335b3 changelog for 2.48.0
  • b1ed747 v2.48.0
  • bd3e696 test for reloading superprops from persistence whenever tracking
  • a4baa20 v2.48.0-rc2
  • a816099 extraneous var decl
  • 87d2dc7 fix persistence bug in add_group
  • 088a0d2 make load_property read from persisted data
  • e539fd1 _save_prop is unnecessary now
  • 2fc8571 v2.48.0-rc1
  • 49d5516 lint
  • e9e2837 explanatory comment around opt-in/batch-start behavior
  • ad4e7d3 export DEFAULT_API_ROUTES on mixpanel object

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

satkunas avatar Apr 27 '24 01:04 satkunas