fix(deps): update dependency posthog to v7 by renovate[bot] · Pull Request #2765 · mitodl/mit-learn

renovate · 2025-11-25T15:49:27Z

This PR contains the following updates:

Package	Change	Age	Confidence
posthog	`>=5.0.0,<6` → `>=7.9.10,<8`

Release Notes

posthog/posthog-python (posthog)

`v7.9.10`

Compare Source

Patch changes

b48a7ac chore(ci): attribute release tag to GitHub App — Thanks @Piccirello!

`v7.9.9`

Compare Source

Patch changes

591d3e0 chore(ci): use signed commits when publishing release — Thanks @Piccirello!

`v7.9.8`

Compare Source

Patch changes

11466c6 feat(llma): support fetching versioned prompts from the prompts sdk — Thanks @Radu-Raicea!
535e9c5 chore(llma): clean up prompt SDK review follow-ups — Thanks @Radu-Raicea!

`v7.9.7`

Compare Source

Patch changes

b206669 fix(llma): use distinct_id from outer context if not provided, fix $process_person_profile for context-based identity — Thanks @ethanporcaro for your first contribution 🎉!
a99c7d7 Add warning log for local flag evaluation cold start — Thanks @dmarticus!

`v7.9.6`

Compare Source

Patch changes

8d83315 add PROPERTY_OPERATORS constant for match_property — Thanks @dmarticus!

`v7.9.5`

Compare Source

Patch changes

830244b add semver targeting support to local evaluation — Thanks @dmarticus!

`v7.9.4`

Compare Source

Patch changes

a68a6a6 feat(llma): add $ai_tokens_source property ("sdk" or "passthrough") to all $ai_generation events to detect when token values are externally overridden via posthog_properties — Thanks @carlos-marchal-ph!

`v7.9.3`

Compare Source

Patch changes

9f9553a Fix posthoganalytics release, previously broken — Thanks @rafaeelaudibert!

`v7.9.2`

Patch changes

f1dc4d7 Add sampo to the project — Thanks @rafaeelaudibert!

`v7.9.1`

fix(llma): make prompt fetches deterministic by requiring project_api_key and sending it as token query param

`v7.9.0`

Compare Source

feat: Support device_id as bucketing identifier for local evaluation

`v7.8.6`

Compare Source

fix: limit collections scanning in code variables

`v7.8.5`

Compare Source

fix: further optimize code variables pattern matching

`v7.8.4`

Compare Source

fix: do not pattern match long values in code variables

`v7.8.3`

Compare Source

fix: openAI input image sanitization

`v7.8.2`

Compare Source

fix(llma): fix prompts default url

`v7.8.1`

Compare Source

fix(llma): small fixes for prompt management

`v7.8.0`

Compare Source

feat(llma): add prompt management

Adds the Prompt Management feature. At the time of release, this feature is in a closed alpha.

`v7.7.0`

Compare Source

feat(ai): Add OpenAI Agents SDK integration

Automatic tracing for agent workflows, handoffs, tool calls, guardrails, and custom spans. Includes $ai_total_tokens, $ai_error_type categorization, and $ai_framework property.

`v7.6.0`

Compare Source

feat: add device_id to flags request payload

Add device_id parameter to all feature flag methods, allowing the server to track device identifiers for flag evaluation. The device_id can be passed explicitly or set via context using set_context_device_id().

`v7.5.1`

Compare Source

fix: avoid return from finally block to fix Python 3.14 SyntaxWarning (#361) - thanks @jodal

`v7.5.0`

Compare Source

feat: Capture Langchain, OpenAI and Anthropic errors as exceptions (if exception autocapture is enabled)
feat: Add reference to exception in LLMA trace and span events

`v7.4.3`

Compare Source

Fixes cache creation cost for Langchain with Anthropic

`v7.4.2`

Compare Source

feat: add in_app_modules option to control code variables capturing

`v7.4.1`

Compare Source

fix: extract model from response for OpenAI stored prompts

When using OpenAI stored prompts, the model is defined in the OpenAI dashboard rather than passed in the API request. This fix adds a fallback to extract the model from the response object when not provided in kwargs, ensuring generations show up with the correct model and enabling cost calculations.

`v7.4.0`

Compare Source

feat: Add automatic retries for feature flag requests

Feature flag API requests now automatically retry on transient failures:

Network errors (connection refused, DNS failures, timeouts)
Server errors (500, 502, 503, 504)
Up to 2 retries with exponential backoff (0.5s, 1s delays)

Rate limit (429) and quota (402) errors are not retried.

`v7.3.1`

Compare Source

fix: remove unused $exception_message and $exception_type

`v7.0.1`

Compare Source

Try to use repr() when formatting code variables

`v7.0.0`

Compare Source

NB Python 3.9 is no longer supported

chore(llma): update LLM provider SDKs to latest major versions
- openai: 1.102.0 → 2.7.1
- anthropic: 0.64.0 → 0.72.0
- google-genai: 1.32.0 → 1.49.0
- langchain-core: 0.3.75 → 1.0.3
- langchain-openai: 0.3.32 → 1.0.2
- langchain-anthropic: 0.3.19 → 1.0.1
- langchain-community: 0.3.29 → 0.4.1
- langgraph: 0.6.6 → 1.0.2

`v6.9.3`

Compare Source

feat(ph-ai): PostHog properties dict in GenerationMetadata

`v6.9.2`

Compare Source

fix(llma): fix cache token double subtraction in Langchain for non-Anthropic providers causing negative costs

`v6.9.1`

Compare Source

fix(error-tracking): pass code variables config from init to client

`v6.9.0`

Compare Source

feat(error-tracking): add local variables capture

`v6.8.0`

Compare Source

feat(llma): send web search calls to be used for LLM cost calculations

`v6.7.14`

Compare Source

fix(django): Handle request.user access in async middleware context to prevent SynchronousOnlyOperation errors in Django 5+ (fixes #355)
test(django): Add Django 5 integration test suite with real ASGI application testing async middleware behavior

`v6.7.13`

Compare Source

fix(llma): cache cost calculation in the LangChain callback

`v6.7.12`

Compare Source

fix(django): Restore process_exception method to capture view and downstream middleware exceptions (fixes #329)
fix(ai/langchain): Add LangChain 1.0+ compatibility for CallbackHandler imports (fixes #362)

`v6.7.11`

Compare Source

feat(ai): Add $ai_framework property for framework integrations (e.g. LangChain)

`v6.7.10`

Compare Source

fix(django): Make middleware truly hybrid - compatible with both sync (WSGI) and async (ASGI) Django stacks without breaking sync-only deployments

`v6.7.9`

Compare Source

fix(flags): multi-condition flags with static cohorts returning wrong variants

`v6.7.8`

Compare Source

fix(llma): missing async for OpenAI's streaming implementation

`v6.7.7`

Compare Source

fix: remove deprecated attribute $exception_personURL from exception events

`v6.7.6`

Compare Source

fix: don't sort condition sets with variant overrides to the top
fix: Prevent core Client methods from raising exceptions

`v6.7.5`

Compare Source

feat: Django middleware now supports async request handling.

`v6.7.4`

Compare Source

fix: Missing system prompts for some providers

`v6.7.3`

Compare Source

fix: missing usage tokens in Gemini

`v6.7.2`

Compare Source

fix: tool call results in streaming providers

`v6.7.1`

Compare Source

fix(django): Handle request.user access in async middleware context to prevent SynchronousOnlyOperation errors in Django 5+ (fixes #355)
test(django): Add Django 5 integration test suite with real ASGI application testing async middleware behavior

`v6.7.0`

Compare Source

feat: Add support for feature flag dependencies

`v6.6.1`

Compare Source

fix: Prevent NoneType error when group_properties is None

`v6.6.0`

Compare Source

feat: Add flag_keys_to_evaluate parameter to optimize feature flag evaluation performance by only evaluating specified flags
feat: Add flag_keys_filter option to send_feature_flags for selective flag evaluation in capture events

`v6.5.0`

Compare Source

feat: Add $context_tags to an event to know which properties were included as tags

`v6.4.1`

Compare Source

fix: Always pass project API key in remote_config requests for deterministic project routing

`v6.4.0`

Compare Source

feat: support Vertex AI for Gemini

`v6.3.4`

Compare Source

fix: set $ai_tools for all providers and $ai_output_choices for all non-streaming provider flows properly

`v6.3.3`

Compare Source

fix: get_feature_flag_result now correctly returns FeatureFlagResult when payload is empty string instead of None

`v6.3.2`

Compare Source

fix: Anthropic's tool calls are now handled properly

`v6.3.1`: 6.3.1

Compare Source

`v6.3.0`

Compare Source

feat: Enhanced send_feature_flags parameter to accept SendFeatureFlagsOptions object for declarative control over local/remote evaluation and custom properties

`v6.2.1`

Compare Source

feat: make posthog_client an optional argument in PostHog AI providers wrappers (posthog.ai.*), intuitively using the default client as the default

`v6.1.1`

Compare Source

fix: correctly capture exceptions processed by Django from views or middleware

`v6.1.0`

Compare Source

feat: decouple feature flag local evaluation from personal API keys; support decrypting remote config payloads without relying on the feature flags poller

`v6.0.4`

Compare Source

fix: add POSTHOG_MW_CLIENT setting to django middleware, to support custom clients for exception capture.

`v6.0.3`

Compare Source

feat: add a feature flag evaluation cache (local storage or redis) to support returning flag evaluations when the service is down

`v6.0.2`

Compare Source

fix: send_feature_flags changed to default to false in Client::capture_exception

`v6.0.1`

Compare Source

fix: response $process_person_profile property when passed to capture

`v6.0.0`

Compare Source

This release contains a number of major breaking changes:

feat: make distinct_id an optional parameter in posthog.capture and related functions
feat: make capture and related functions return Optional[str], which is the UUID of the sent event, if it was sent
fix: remove identify (prefer posthog.set()), and page and screen (prefer posthog.capture())
fix: delete exception-capture specific integrations module. Prefer the general-purpose django middleware as a replacement for the django Integration.

To migrate to this version, you'll mostly just need to switch to using named keyword arguments, rather than positional ones. For example:

# Old calling convention
posthog.capture("user123", "button_clicked", {"button_id": "123"})

# New calling convention
posthog.capture(distinct_id="user123", event="button_clicked", properties={"button_id": "123"})

# Better pattern
with posthog.new_context():
    posthog.identify_context("user123")

    # The event name is the first argument, and can be passed positionally, or as a keyword argument in a later position
    posthog.capture("button_pressed")

Generally, arguments are now appropriately typed, and docstrings have been updated. If something is unclear, please open an issue, or submit a PR!

Configuration

📅 Schedule: Branch creation - "every weekend" in timezone US/Eastern, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2026-01-22T15:11:57Z

OpenAPI Changes

Show/hide No detectable change.

Unexpected changes? Ensure your branch is up-to-date with main (consider rebasing).

pyproject.toml

sentry · 2026-02-24T21:53:31Z

pyproject.toml

 opentelemetry-instrumentation-requests = ">=0.52b0"
 opentelemetry-sdk = ">=1.31.0"
 pluggy = "^1.3.0"
-posthog = "^5.0.0"
+posthog = "^7.0.0"
 psycopg = "^3.2.4"
 psycopg2 = "^2.9.6"
 pycountry = "^24.6.1"


Bug: Calls to PostHog functions like posthog.capture use positional arguments that may have become keyword-only in the upgraded version, potentially causing a TypeError at runtime.
_{Severity: MEDIUM}

Suggested Fix

Update all calls to posthog.capture, posthog.get_all_flags, and posthog.get_feature_flag to use explicit keyword arguments to match the new API. For example, change posthog.capture(user.id, ...) to posthog.capture(distinct_id=user.id, ...).

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: pyproject.toml#L84-L90 Potential issue: The `posthog` library was upgraded, and versions since v6 have introduced breaking changes to function signatures. Calls to `posthog.capture`, `posthog.get_all_flags`, and `posthog.get_feature_flag` in the codebase use positional arguments (e.g., `posthog.capture(user.id, ...)`). The newer library versions may require these arguments to be passed as keyword arguments (e.g., `distinct_id=user.id`). If backward compatibility is not maintained in v7, these function calls will raise a `TypeError` at runtime. This potential issue is not covered by the test suite because the `posthog` functions are mocked, preventing signature validation against the actual library.

sentry · 2026-02-26T17:05:35Z

pyproject.toml

    "opentelemetry-sdk>=1.31.0",
    "pluggy>=1.3.0,<2",
-    "posthog>=5.0.0,<6",
+    "posthog>=7.9.4,<8",


Bug: The call to posthog.capture() in main/middleware/apisix_user.py uses a positional argument for the user ID, but the upgraded PostHog library requires a keyword argument (distinct_id=...).
_{Severity: CRITICAL}

Suggested Fix

In main/middleware/apisix_user.py, change the call to posthog.capture() to use the keyword argument distinct_id for the user ID. The corrected call should be posthog.capture(distinct_id=user.id, event=..., properties={...}).

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: pyproject.toml#L83 Potential issue: The `posthog` library was upgraded to v7, which requires keyword arguments for the `capture` method. The code in `main/middleware/apisix_user.py` calls `posthog.capture(user.id, ...)` using a positional argument for the distinct ID. In PostHog v7, this positional argument is interpreted as the `event` parameter. Since the `event` keyword argument is also supplied in the call, this will raise a `TypeError` at runtime due to a duplicate argument. This error will occur whenever a new user account is created, preventing the account creation process from completing successfully.

sentry · 2026-02-27T21:03:37Z

pyproject.toml

    "opentelemetry-sdk>=1.31.0",
    "pluggy>=1.3.0,<2",
-    "posthog>=5.0.0,<6",
+    "posthog>=7.9.4,<8",


Bug: A temporary Posthog instance in apisix_user.py is garbage collected before its asynchronously queued events can be sent, causing silent event loss.
_{Severity: HIGH}

Suggested Fix

To ensure the event is sent, either call posthog.shutdown() after the .capture() call, instantiate the client with sync_mode=True, or use the existing singleton posthog.default_client from main/features.py.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: pyproject.toml#L83 Potential issue: In `main/middleware/apisix_user.py`, a one-off `Posthog` instance is created to track user creation events. The PostHog v7 SDK sends events asynchronously by default, queuing them to be sent by a background thread. However, because the `Posthog` instance is not stored and no `posthog.shutdown()` or `posthog.flush()` is called, the instance is garbage collected before the background thread can send the queued event. This results in the silent loss of all user creation events, which are critical for telemetry and usage analysis.

sentry · 2026-03-06T15:36:35Z

pyproject.toml

    "opentelemetry-sdk>=1.31.0",
    "pluggy>=1.3.0,<2",
-    "posthog>=5.0.0,<6",
+    "posthog>=7.9.7,<8",


Bug: The posthog.capture() call uses a positional argument for distinct_id, which is incompatible with the PostHog v7 API and will cause a runtime failure.
_{Severity: HIGH}

Suggested Fix

Update the posthog.capture() call in main/middleware/apisix_user.py to use a keyword argument for the user's ID. Change the call from posthog.capture(user.id, event=...) to posthog.capture(distinct_id=user.id, event=...) to match the v6+ API.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: pyproject.toml#L83 Potential issue: The upgrade of the `posthog` library from v5 to v7 introduces a breaking API change. The `posthog.capture()` method in `main/middleware/apisix_user.py` is called with a positional argument for the user's ID (`user.id`), following the old v5 pattern. However, PostHog v6 and later require this to be a keyword argument, `distinct_id=user.id`. This will cause a runtime error, likely a `TypeError`, or a silent failure when a new user is created via the APISIX authentication pathway. As a result, account creation events will not be tracked. This issue is not caught by existing tests because the `Posthog` class is mocked without signature validation.

sentry · 2026-03-09T14:55:33Z

pyproject.toml

    "opentelemetry-sdk>=1.31.0",
    "pluggy>=1.3.0,<2",
-    "posthog>=5.0.0,<6",
+    "posthog>=7.9.8,<8",


Bug: The call to posthog.capture() uses an outdated positional argument for user.id, which will cause a TypeError with the updated PostHog v7 library during user creation.
_{Severity: HIGH}

Suggested Fix

Update the posthog.capture() call in main/middleware/apisix_user.py to use keyword arguments as required by the new version of the library. The distinct_id should be passed as a keyword argument, not a positional one. The corrected call should look like: posthog.capture(event=PostHogEvents.ACCOUNT_CREATED.value, distinct_id=user.id, properties={...}).

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: pyproject.toml#L83 Potential issue: The upgrade of the `posthog` library from version 5 to 7 introduces a breaking API change that is not accounted for. The `posthog.capture()` method in `main/middleware/apisix_user.py` is called with a positional argument for the user ID: `posthog.capture(user.id, event=...)`. In PostHog v7, the first argument is expected to be the event name, and the `distinct_id` (user ID) must be passed as a keyword argument. This mismatch will cause a `TypeError` at runtime whenever a new user account is created, breaking the user creation flow.

renovate bot force-pushed the renovate/posthog-7.x branch 4 times, most recently from 5f99506 to 2e80889 Compare December 1, 2025 16:18

renovate bot force-pushed the renovate/posthog-7.x branch 13 times, most recently from 0ebd496 to 7eacc99 Compare December 12, 2025 21:24

renovate bot force-pushed the renovate/posthog-7.x branch 13 times, most recently from 081ca27 to 450b7fb Compare December 18, 2025 04:01

renovate bot force-pushed the renovate/posthog-7.x branch 12 times, most recently from 70c7b6f to 4417b6e Compare January 14, 2026 18:17

sentry bot reviewed Feb 5, 2026

View reviewed changes