[Snyk] Upgrade mixpanel-browser from 2.55.1 to 2.64.0

[sumansaurabh]

User description

Snyk has created this PR to upgrade mixpanel-browser from 2.55.1 to 2.64.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 12 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	482	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-9292519	482	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-9403194	482	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELHELPERS-9397697	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELRUNTIME-10044504	482	Proof of Concept
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	482	Proof of Concept
	Improper Input Validation SNYK-JS-NANOID-8492085	482	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	482	No Known Exploit

Release notes

Package name: mixpanel-browser

• 2.64.0 - 2025-04-17
  

  2.64.0

• 2.63.0 - 2025-04-01
  

  This release upgrades session-recording library rrweb to the latest alpha version. In conjunction, the SDK's build process has been refactored and Closure Compiler updated.

• 2.62.0 - 2025-03-26
  
  • UUIDs are now generated as UUIDv4. When available, the native randomUUID() from the Crypto API is used; otherwise the library falls back to a simple custom UUIDv4 implementation.
  • When available, the library now consistently uses native JSON.stringify() for serializing request data, only falling back to the older custom JSON encoding implementation if the environment doesn't have native JSON APIs.
  • Fixes a Session Recording race condition where sometimes the idle timeout is reset past when it should have fired due to a backgrounded tab.
• 2.61.2 - 2025-03-14
  
  • Removes 10ms throttle of event / user data queueing that was added in 2.61.0. The additional 10ms regressed the reliability of firing tracking updates when a page is about to unload.
• 2.61.1 - 2025-03-11
  
  • Stops recording when the initial full snapshot of the DOM fails to generate, preventing the ingestion of blank recordings
  • Try/catch rrweb's record to prevent any user facing errors
  • Fix broken opt-out check that was spamming error messages when debug mode is on (introduced in 2.61.0)
• 2.61.0 - 2025-03-06
  

  This release focuses on continuing an active session recording across HTML page loads (different mixpanel.init() calls)

  • Session recordings are now persisted and continue recording across HTML page loads in a single tab
  • Session recording now uses IndexedDB when available to queue and persist data for reliability under poor network conditions etc.
• 2.60.0 - 2025-02-04
  
  • Autocapture support. See: https://docs.mixpanel.com/docs/tracking-methods/autocapture
  • prevent duplicate values in cookie storage when using union #354 by @ chrisdeely in #459

  New Contributors

  • @ chrisdeely made their first contribution in #459

  Full Changelog: v2.59.0...v2.60.0

• 2.59.0 - 2025-01-23
  
  • Block more crawlers (AmazonBot, more Yandex bots)

  Full Changelog: v2.58.0...v2.59.0

• 2.58.0 - 2024-12-18
  
  • New initialization option record_canvas can be turned on to enable the Session Recording module to capture contents of HTML canvas elements
  • Session Replay checkpoint events now include a starting URL
• 2.57.1 - 2024-12-18
  

  This release is largely an internal refactor of the batch/queue/retry subsystem introducing asynchronous abstractions (primarily Promise support). Includes a minimal Promise polyfill for continued support in older browsers.

• 2.56.0 - 2024-11-08
• 2.56.0-ac-alpha-3 - 2024-12-16
• 2.55.1 - 2024-08-27

from mixpanel-browser GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• Snyk has automatically assigned this pull request, set who gets assigned.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 👩‍💻 Set who automatically gets assigned
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

---

Description

• Upgraded mixpanel-browser to version 2.64.0 to address vulnerabilities.
• This upgrade enhances security by fixing known issues.

---

Changes walkthrough 📝

	Relevant files
Dependencies	package.json Upgrade mixpanel-browser dependency version                            package.json Upgraded mixpanel-browser dependency from version 2.55.1 to 2.64.0. +1/-1

---

💡 Penify usage:
Comment /help on the PR to get a list of all available Penify tools and their descriptions

[penify-dev]

PR Review 🔍

⏱️ Estimated effort to review [1-5]	1, because this is a straightforward dependency upgrade with no changes to the code logic.
🧪 Relevant tests	No
⚡ Possible issues	No
🔒 Security concerns	No

[penify-dev]

PR Code Suggestions ✨

Category	Suggestion	Score
Compatibility	Verify compatibility with the new version to prevent breaking changes Consider verifying the compatibility of the new version of mixpanel-browser with your existing codebase to avoid potential breaking changes. package.json [35] -"mixpanel-browser": "^2.64.0", +"mixpanel-browser": "^2.64.0", // Ensure compatibility with existing code Suggestion importance[1-10]: 7 Why: While the suggestion emphasizes the importance of verifying compatibility, it does not provide a concrete change to the code itself, which limits its impact. However, it addresses a relevant concern regarding potential breaking changes.	7