Skip to content

chore: update posthog to 2.5.0#39

Closed
T0ha wants to merge 1 commit into
mainfrom
chore/update-posthog
Closed

chore: update posthog to 2.5.0#39
T0ha wants to merge 1 commit into
mainfrom
chore/update-posthog

Conversation

@T0ha

@T0ha T0ha commented Jul 7, 2026

Copy link
Copy Markdown
Owner

Summary

  • Bumps the posthog dependency from 2.4.0 toward the latest release.
  • Could not reach 2.11.0 (latest): every posthog release from 2.6.0 onward defines source_code_exclude_patterns with compiled Regex literals stored in a module attribute (PostHog.Config) that's referenced inside a function body. That pattern fails to compile on Erlang/OTP 28 (this repo's pinned toolchain per .tool-versions: erlang 28.0.2, elixir 1.18.4-otp-28) because OTP 28 changed compiled regexes to be represented as references, which can no longer be inlined into function bytecode. Reproduced with a minimal standalone snippet, confirmed against posthog's own CHANGELOG (feature introduced in 2.6.0, still present in 2.11.0), and confirmed there's no existing upstream issue/fix yet.
  • Pinned {:posthog, "~> 2.5.0"} (was "~> 2.0") — the last release before the incompatible feature landed — with a comment explaining why, so it isn't silently re-bumped into the broken range. Should be revisited once upstream fixes the OTP 28 incompatibility.
  • No application code changes needed: the only posthog usage is PostHog.capture/2 (lib/bodhi/tg_webhook_handler.ex, lib/bodhi/periodic_messages.ex), unaffected by any 2.4.0→2.5.0 changes.
  • mix.lock also picked up a few shared transitive dependency bumps (castore, decimal, ecto, finch, hpax, jason, mint, plug, req, telemetry) — all within existing mix.exs version constraints, resolver-driven from unlocking posthog's dependency subtree.

Verification

  • mix compile — clean, no new warnings (one pre-existing warning in tg_webhook_handler.ex confirmed present on main too, unrelated to this change)
  • mix dialyzer — 0 errors
  • mix format — no changes needed
  • mix test / iex -S mix boot — could not run locally: this sandbox has no PostgreSQL/Docker and no root access to install either. CI's code-checks.yml provisions Postgres via docker compose and runs the full suite — please confirm it's green before merging.

Test plan

  • CI mix test passes (requires Postgres, unavailable in the dev sandbox that authored this PR)
  • CI iex -S mix / boot check passes
  • Confirm PostHog event capture still works in a deployed/staging environment

Attempted to update to the latest posthog release (2.11.0), but every
version from 2.6.0 onward fails to compile on this project's pinned
Erlang/OTP 28 toolchain: source_code_exclude_patterns stores compiled
Regex literals in a module attribute that's referenced from a
function, which OTP 28 can no longer inline (compiled regexes are now
references, not escapable terms). Pinning to ~> 2.5.0, the last
release before that feature landed, until upstream fixes it.

Co-Authored-By: Claude Sonnet 5 <[email protected]>
@claude

claude Bot commented Jul 7, 2026

Copy link
Copy Markdown

Review: chore: update posthog to 2.5.0

This is a small, well-scoped dependency bump. Overall it looks solid, with good investigation and documentation of the OTP 28 incompatibility rather than blindly bumping to latest.

Code quality / best practices:

  • The comment pinning posthog to '~> 2.5.0' is exactly the kind of comment worth keeping (per this repos style guide, comments should explain why, not what): it documents a non-obvious constraint (OTP 28 incompatibility in 2.6.0+) that would otherwise invite someone to re-bump it later without knowing why. Good practice.
  • Consider filing or linking an upstream issue against posthog-elixir for the OTP 28 regex-literal incompatibility (if one does not already exist) and referencing it in the comment, so future maintainers have a place to check for a fix instead of re-deriving the root cause.

Potential bugs / issues:

  • None found in the diff itself: mix.exs and mix.lock changes only, no application code touched, and the only two PostHog.capture/2 call sites (tg_webhook_handler.ex, periodic_messages.ex) are unaffected by the 2.4.0 to 2.5.0 change.
  • mix.lock also unlocked several transitive deps (castore, decimal, ecto, finch, hpax, jason, mint, plug, req, telemetry) as a side effect of unlocking posthogs dependency subtree. All appear to be within existing mix.exs constraints per the diff, but a lockfile-wide resolve is a wider blast radius than the one-line mix.exs change suggests, worth being aware of during review.

Performance considerations:

  • None, no runtime code paths changed.

Security concerns:

  • None apparent. Bumping transitive deps forward is generally a net positive for picking up any security patches in castore, mint, plug, etc.

Test coverage:

  • No new tests added, but none are needed here since this is a dependency version bump with no behavior change.
  • Per the PR description, mix test could not be run locally (no Postgres in the sandbox). Checked CI status: Run code checks and tests / Run checks and Run tests both report SUCCESS. Run dialyzer was still in progress at review time, please confirm it finishes clean before merging.

Nit:

  • Once upstream fixes the OTP 28 issue, remember to both bump the version and remove or update the pinning comment so it does not go stale.

Nice, careful root-cause investigation for why the full 2.11.0 bump was not possible, that context will save the next person real time.

@T0ha T0ha closed this Jul 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants