[Snyk] Upgrade mixpanel-browser from 2.56.0 to 2.62.0

[sumansaurabh]

User description

Snyk has created this PR to upgrade mixpanel-browser from 2.56.0 to 2.62.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 8 versions ahead of your current version.

• The recommended version was released 22 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Improper Input Validation SNYK-JS-NANOID-8492085	315	No Known Exploit
	Improper Authorization SNYK-JS-NEXT-9508709	315	Mature

Release notes

Package name: mixpanel-browser

• 2.62.0 - 2025-03-26
  
  • UUIDs are now generated as UUIDv4. When available, the native randomUUID() from the Crypto API is used; otherwise the library falls back to a simple custom UUIDv4 implementation.
  • When available, the library now consistently uses native JSON.stringify() for serializing request data, only falling back to the older custom JSON encoding implementation if the environment doesn't have native JSON APIs.
  • Fixes a Session Recording race condition where sometimes the idle timeout is reset past when it should have fired due to a backgrounded tab.
• 2.61.2 - 2025-03-14
  
  • Removes 10ms throttle of event / user data queueing that was added in 2.61.0. The additional 10ms regressed the reliability of firing tracking updates when a page is about to unload.
• 2.61.1 - 2025-03-11
  
  • Stops recording when the initial full snapshot of the DOM fails to generate, preventing the ingestion of blank recordings
  • Try/catch rrweb's record to prevent any user facing errors
  • Fix broken opt-out check that was spamming error messages when debug mode is on (introduced in 2.61.0)
• 2.61.0 - 2025-03-06
  

  This release focuses on continuing an active session recording across HTML page loads (different mixpanel.init() calls)

  • Session recordings are now persisted and continue recording across HTML page loads in a single tab
  • Session recording now uses IndexedDB when available to queue and persist data for reliability under poor network conditions etc.
• 2.60.0 - 2025-02-04
  
  • Autocapture support. See: https://docs.mixpanel.com/docs/tracking-methods/autocapture
  • prevent duplicate values in cookie storage when using union #354 by @ chrisdeely in #459

  New Contributors

  • @ chrisdeely made their first contribution in #459

  Full Changelog: v2.59.0...v2.60.0

• 2.59.0 - 2025-01-23
  
  • Block more crawlers (AmazonBot, more Yandex bots)

  Full Changelog: v2.58.0...v2.59.0

• 2.58.0 - 2024-12-18
  
  • New initialization option record_canvas can be turned on to enable the Session Recording module to capture contents of HTML canvas elements
  • Session Replay checkpoint events now include a starting URL
• 2.57.1 - 2024-12-18
  

  This release is largely an internal refactor of the batch/queue/retry subsystem introducing asynchronous abstractions (primarily Promise support). Includes a minimal Promise polyfill for continued support in older browsers.

• 2.56.0 - 2024-11-08
  

  This releases bundles several updates and fixes for the session recording feature:

  • New debugging method mixpanel.get_session_replay_url() returns a mixpanel.com link to view the current replay if there is an active recording taking place.
  • The record_inline_images configuration option has been removed for now due to buggy behavior in the rrweb library.
  • Recording payloads now include additional metadata: the current URL, library type, and library version.
  • Sourcemaps are now generated for the recorder module.
  • Added some additional error handling for when mixpanel.stop_session_recording() fails or rrweb silently fails to start recording.

from mixpanel-browser GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• Snyk has automatically assigned this pull request, set who gets assigned.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 👩‍💻 Set who automatically gets assigned
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

---

Description

• Upgraded mixpanel-browser to version 2.62.0 to address vulnerabilities and improve functionality.
• This version includes important fixes and enhancements.

---

Changes walkthrough 📝

	Relevant files
Dependencies	package.json Upgrade mixpanel-browser dependency to latest version        package.json Upgraded mixpanel-browser dependency from version 2.56.0 to 2.62.0. +1/-1

---

💡 Penify usage:
Comment /help on the PR to get a list of all available Penify tools and their descriptions

[penify-dev]

PR Review 🔍

⏱️ Estimated effort to review [1-5]	1, because this is a straightforward dependency upgrade with no complex changes or logic involved.
🧪 Relevant tests	No
⚡ Possible issues	No
🔒 Security concerns	No

[penify-dev]

PR Code Suggestions ✨

Category	Suggestion	Score
Possible issue	Verify compatibility with the new version to avoid potential issues Consider checking the changelog for mixpanel-browser to ensure that the upgrade does not introduce breaking changes or deprecations that could affect your application. package.json [20] -"mixpanel-browser": "^2.62.0", +"mixpanel-browser": "^2.62.0", // Ensure compatibility with your application Suggestion importance[1-10]: 7 Why: The suggestion addresses a valid concern regarding potential breaking changes with the updated package version, which is important for maintaining application stability. However, it does not propose a specific code change, which limits its impact.	7