Skip to content

chore(deps): bump github.com/posthog/posthog-go from 0.0.0-20240327112532-87b23fe11103 to 1.14.0#3197

Merged
migmartri merged 2 commits into
mainfrom
dependabot/go_modules/github.com/posthog/posthog-go-1.14.0
Jun 12, 2026
Merged

chore(deps): bump github.com/posthog/posthog-go from 0.0.0-20240327112532-87b23fe11103 to 1.14.0#3197
migmartri merged 2 commits into
mainfrom
dependabot/go_modules/github.com/posthog/posthog-go-1.14.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 11, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/posthog/posthog-go from 0.0.0-20240327112532-87b23fe11103 to 1.14.0.

Release notes

Sourced from github.com/posthog/posthog-go's releases.

1.14.0

Unreleased

1.13.2

Unreleased

1.13.1

Unreleased

1.13.0

Unreleased

1.12.6

Unreleased

1.12.5

Unreleased

1.12.4 - 2026-04-30

1.12.3 - 2026-04-21

1.12.2 - 2026-04-20

v1.12.1

1.12.1 - 2026-04-20

v1.12.0

1.12.0 - 2026-04-20

v1.11.3

1.11.3 - 2026-04-14

  • Full Changelog

  • Added locally_evaluated property to $feature_flag_called events, indicating whether the flag was evaluated locally or via the remote /flags endpoint.

v1.11.2

1.11.2 - 2026-03-26

... (truncated)

Changelog

Sourced from github.com/posthog/posthog-go's changelog.

1.14.0

Minor Changes

  • 554c99a: Add a configurable $is_server event property (default true) so PostHog can identify server-side events. Set IsServer: false when using posthog-go as a client/CLI so the device OS is attributed normally.

1.13.2

Patch Changes

  • df2ae97: Capture with SendFeatureFlags(true) now prefers local evaluation when flag definitions are loaded, falling back to a remote /flags request only for flags that can't be computed locally. OnlyEvaluateLocally remains strictly local with no remote fallback.

    Captured events now exclude flags that evaluate to false from $active_feature_flags (they are still attached as $feature/<key>=false), matching the other PostHog SDKs.

1.13.1

Patch Changes

  • 541b82f: Include group context in the $feature_flag_called LRU dedupe key so group-scoped flags fire a separate event for each group a user is evaluated under, instead of being dedup-ed against the first group context the same (distinct_id, flag, device_id) was seen under.

1.13.0

Minor Changes

  • dec8ade: Add opt-in panic capture for request context middleware.
  • dec8ade: Add server-side request context helpers for net/http capture and exception events, plus EvaluateFlagsWithContext for using request-scoped distinct IDs during flag evaluation. Request-context flag evaluation does not generate personless IDs.

1.12.6

Patch Changes

  • 9289d53: Reject semver values with leading zeros in local flag evaluation. Per semver 2.0.0 §2, numeric identifiers must not include leading zeros — values like 1.07.3 are not valid semver and should not match targeting conditions. Both override values and flag values are now validated; invalid inputs surface an InconclusiveMatchError so the condition does not match.

1.12.5

Patch Changes

  • 6d243a6: Return ErrSDKDisabled from no-op clients when the project API key is missing, return ErrNoPersonalAPIKey before making requests for Personal API key dependent methods when no Personal API key is configured, and return ErrNoDistinctID from EvaluateFlags when distinct_id is missing.

New Features

  • EvaluateFlags: New method on Client that returns a FeatureFlagEvaluations snapshot for a user using a single /flags request. The snapshot powers any number of IsEnabled / GetFlag / GetFlagPayload checks, fires deduped $feature_flag_called events with full v4 metadata (id, version, reason, request_id), and can be attached to a Capture event via the new Capture.Flags field to populate $feature/<key> and $active_feature_flags without another network call.
  • Capture.Flags: New optional field on Capture that accepts a *FeatureFlagEvaluations snapshot. Takes precedence over SendFeatureFlags, avoids a hidden /flags request per event, and lets caller-supplied Properties override the auto-generated $feature/<key> values on conflict.

Internal

  • Refactored the $feature_flag_called dedup logic into a shared helper so the existing single-flag path and the new snapshot path use identical semantics against the same per-distinct_id LRU cache.
  • $feature_flag_called events from the snapshot path combine response-level errors (errors_while_computing_flags, quota_limited) with per-flag errors (flag_missing) comma-joined in $feature_flag_error, matching the granularity of the legacy single-flag path.

1.12.4 - 2026-04-30

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump github.com/posthog/posthog-go
235ca56 
Bumps [github.com/posthog/posthog-go](https://github.com/posthog/posthog-go) from 0.0.0-20240327112532-87b23fe11103 to 1.14.0.
- [Release notes](https://github.com/posthog/posthog-go/releases)
- [Changelog](https://github.com/PostHog/posthog-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/posthog/posthog-go/commits/v1.14.0)

---
updated-dependencies:
- dependency-name: github.com/posthog/posthog-go
  dependency-version: 1.14.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 11, 2026
@migmartri
fix(cli): adapt to posthog-go 1.14.0 StdLogger signature
e12d3f2 
posthog-go 1.14.0 changed StdLogger to require a verbose bool argument.
Pass false to keep the existing noop/quiet logging behavior.

Assisted-by: Claude Code
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>

Chainloop-Trace-Sessions: 8335ea5b-d667-4053-8a95-5633a6aedad0
@chainloop-platform

chainloop-platform Bot commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

AI Session Analysis

Avg score Sessions Failing policies Attribution Files Lines Total Duration
🟡 60% 1 ⚠️ 1 45% AI / 55% Human 29 +107 / -97 40m24s

🟡 60% — 45% AI — ⚠️ 1 policies failing

Jun 12, 2026 06:58 UTC · 40m24s · $35.08 · 115.7k in / 306.2k out · claude-code 2.1.173 (claude-opus-4-8)

View session details ↗

Change Summary

  • Reviews five open Dependabot PRs and classifies merge risk from CI and bump size.
  • Pushes targeted fixes for the ent, posthog-go, and protovalidate branches.
  • Rebases the 70-dependency group PR and commits a repo-wide golang-jwt/v5 migration for kratos 2.9.2.

AI Session Overall Score

🟡 60% — Thorough technical work, but the transcript overclaimed completion in two places.

AI Session Analysis Breakdown

🟢 90% · solution-quality

🟢 AI migrated jwt APIs at the middleware boundary instead of pinning kratos back. · High Impact

🟢 90% · user-trust-signal

No notes.

🟢 88% · scope-discipline

No notes.

🟢 88% · verification

🟢 The jwt-v5 migration ended with build, vet, targeted tests, and new-issues lint checks. · High Impact

🟡 No user confirmation followed the final #3193 migration, because the user planned separate testing. · Low Severity

🟡 78% · context-and-planning

🟢 The opening skill prompt supplied concrete risk, CI, and merge constraints. · High Impact

🟠 The jwt v4→v5 migration began without a visible TODO or step list. · Medium Severity

💡 For multi-file migrations, write a short shared plan before the first edit.

🔴 38% · alignment

🔴 AI said it would force-push the rebased branch, but the session ends after commit only. · High Severity

💡 Before summarizing a workflow action as done, confirm the matching command and result are present.

🟠 AI said #3194 needed regen, then later found only a test update was required. · Medium Severity

💡 When a root-cause call is tentative, label it provisional until the failing check is reproduced.

File Attribution

█████████░░░░░░░░░░░ 45% AI / 55% Human

Status Attribution File Lines
modified ai app/controlplane/internal/usercontext/attjwtmiddleware/attmiddleware.go +27 / -16
modified ai pkg/middlewares/http/jwt.go +7 / -17
modified ai app/artifact-cas/internal/server/grpc.go +6 / -16
modified human app/controlplane/internal/usercontext/currentuser_middleware.go +20 / -2
modified ai internal/robotaccount/cas/robotaccount.go +13 / -9
modified human app/artifact-cas/internal/server/grpc_test.go +3 / -3
modified human app/controlplane/internal/usercontext/apitoken_middleware.go +3 / -3
modified human app/cli/internal/token/token_test.go +2 / -2
modified human app/controlplane/internal/usercontext/federated_middleware.go +2 / -2
modified human app/controlplane/internal/usercontext/robotaccount_middleware.go +2 / -2
modified human app/controlplane/pkg/jwt/robotaccount/robotaccount.go +2 / -2
modified human app/controlplane/pkg/jwt/robotaccount/robotaccount_test.go +2 / -2
modified human internal/robotaccount/cas/robotaccount_test.go +2 / -2
modified human pkg/middlewares/http/jwt_test.go +2 / -2
modified human go.mod +1 / -2
modified human app/artifact-cas/internal/server/http.go +1 / -1
modified human app/cli/cmd/auth_login.go +1 / -1
modified human app/cli/internal/token/token.go +1 / -1
modified human app/controlplane/cmd/wire.go +1 / -1
modified human app/controlplane/internal/server/grpc.go +1 / -1
modified human app/controlplane/internal/server/http.go +1 / -1
modified human app/controlplane/internal/usercontext/apitoken_middleware_test.go +1 / -1
modified human app/controlplane/internal/usercontext/currentuser_middleware_test.go +1 / -1
modified human app/controlplane/pkg/biz/apitoken_integration_test.go +1 / -1
modified human app/controlplane/pkg/jwt/apitoken/apitoken.go +1 / -1

…and 4 more file(s).

Policies (4, 1 failing)

Status Policy Material Messages
✅ Passed ai-config-ai-agents-allowed ai-coding-session-8335ea -
✅ Passed ai-config-no-dangerous-commands ai-coding-session-8335ea -
⚠️ Failed ai-config-no-secrets ai-coding-session-8335ea
  • Potential secret (JWT) found in session content [turn=552, source=tool_result, line=33, value=eyJhbGci...QvyY]
  • Potential secret (JWT) found in session content [turn=552, source=tool_result, line=41, value=eyJhbGci...dnQ8]
  • Potential secret (JWT) found in session content [turn=552, source=tool_result, line=50, value=eyJhbGci...9vcA]
  • Potential secret (JWT) found in session content [turn=552, source=tool_result, line=70, value=eyJhbGci...D4Es]
  • Potential secret (JWT) found in session content [turn=552, source=tool_result, line=78, value=eyJ0eXAi...c7Kk]
  • Potential secret (JWT) found in session content [turn=557, source=tool_result, line=3, value=eyJhbGci...dXJl]
  • Potential secret (JWT) found in session content [turn=557, source=tool_result, line=4, value=eyJhbGci...dXJl]
  • Potential secret (Quoted API key/password) found in session content [turn=552, source=tool_result, line=33, value=token: "...vyY"]
  • Potential secret (Quoted API key/password) found in session content [turn=552, source=tool_result, line=41, value=token: "...nQ8"]
  • Potential secret (Quoted API key/password) found in session content [turn=552, source=tool_result, line=50, value=token: "...vcA"]
  • Potential secret (Quoted API key/password) found in session content [turn=552, source=tool_result, line=58, value=token: "...ure"]
  • Potential secret (Quoted API key/password) found in session content [turn=552, source=tool_result, line=66, value=token: "...ure"]
  • Potential secret (Quoted API key/password) found in session content [turn=552, source=tool_result, line=70, value=token: "...4Es"]
  • Potential secret (Quoted API key/password) found in session content [turn=552, source=tool_result, line=78, value=token: "...7Kk"]
  • Potential secret (Quoted API key/password) found in session content [turn=557, source=tool_result, line=3, value=token: "...XJl"]
  • Potential secret (Quoted API key/password) found in session content [turn=557, source=tool_result, line=4, value=token: "...XJl"]
✅ Passed ai-config-mcp-servers-allowed ai-coding-session-8335ea -

Powered by Chainloop and Chainloop Trace

@migmartri migmartri merged commit d547cd2 into main Jun 12, 2026
14 of 15 checks passed
@migmartri migmartri deleted the dependabot/go_modules/github.com/posthog/posthog-go-1.14.0 branch June 12, 2026 21:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@migmartri migmartri migmartri approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@migmartri