[PA-4600] feat(heap): update browser destination code to load heap js v5 script

[cpsoinos]

Summary

Update the Heap browser destination to use v5 of Heap's javascript snippet.

The Problem

Customers are running into issues with TikTok. We've seen that TT browser web views will strip duplicate key/value pairs on GET requests as an "optimization". Our request schema uses an arbitrary key for custom properties. For example, we'll have the query params: k=name1&k=false&k=name2&k=false&k=name3&k=true, but because of the way TT "optimizes", it will intercept the request before firing off and remove any duplicate query param values, leading to the request being fired having: k=name1&k=false&k=name2&k=name3&k=true, which ends up causing mismatched k/v pairing on the custom properties when we parse the request on the server-side.

The Solution

By upgrading to v5, we replace GET requests with POST so this fixes the issue.

Visuals

Segment dev center actions tester network tab

Hjsv5 being loaded and sending POST requests:

Heap live event view

Testing

Include any additional information about the testing you have completed to
ensure your changes behave as expected. For a speedy review, please check
any of the tasks you completed below during your testing.

• Added unit tests for new functionality
• Tested end-to-end using the local server
• [If destination is already live] Tested for backward compatibility of destination. Note: New required fields are a breaking change.
• [Segmenters] Tested in the staging environment
• [Segmenters] [If applicable for this change] Tested for regression with Hadron.

[jessi-heap]

For security purposes (as in they are specifically avoiding pulling from our cdn if they are self-hosting), do we actually want to fallback on the cdn?

[cpsoinos]

Good point. Removed the try/catch with the fallback

[jessi-heap]

lgtm - just two things to verify

• should we fallback to heap cdn?
• possibly check if there are any customers now that are using self hosting with this integration