[Snyk] Upgrade core-js from 3.46.0 to 3.47.0

[rasulkireev]

Snyk has created this PR to upgrade core-js from 3.46.0 to 3.47.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.

• The recommended version was released a month ago.

Release notes

Package name: core-js

• 3.47.0 - 2025-11-18
  
  • Changes v3.46.0...v3.47.0 (117 commits)
  • JSON.parse source text access proposal :
    • Built-ins:
      • JSON.isRawJSON
      • JSON.parse
      • JSON.rawJSON
      • JSON.stringify
    • Moved to stable ES, November 2025 TC39 meeting
    • Added es. namespace modules, /es/ and /stable/ namespaces entries
    • Reworked JSON.stringify internals
  • Iterator sequencing proposal:
    • Built-ins:
      • Iterator.concat
    • Moved to stable ES, November 2025 TC39 meeting
    • Added es. namespace modules, /es/ and /stable/ namespaces entries
  • Joint iteration proposal:
    • Built-ins:
      • Iterator.zip
      • Iterator.zipKeyed
    • Moved to stage 3, November 2025 TC39 meeting
    • Added /actual/ namespace entries, unconditional forced replacement changed to feature detection
  • Fixed increasing .size in URLSearchParams.prototype.append polyfill in IE8-
  • Compat data improvements:
    • Iterator.concat marked as shipped in FF147
    • Map upsert proposal features marked as shipped in Safari 26.2
    • Math.sumPrecise marked as shipped in Safari 26.2
    • Uint8Array.{ fromBase64, prototype.setFromBase64 } marked as fixed in Safari 26.2
    • Missed Explicit Resource Management features added in Bun 1.3.0
    • Added Oculus Quest Browser 41 compat data mapping
    • Added Electron 40 compat data mapping
• 3.46.0 - 2025-10-09
  

  Welcome to our new website, core-js.io, where our documentation is moving!

  In addition, you can now follow the project's news in X.

  ---

  • Changes v3.45.1...v3.46.0 (116 commits)
  • Map upsert stage 3 proposal:
    • Fixed a FF WeakMap.prototype.getOrInsertComputed bug with callback calling before validation a key
  • Iterator chunking proposal:
    • Built-ins:
      • Iterator.prototype.chunks
      • Iterator.prototype.windows
    • Moved to stage 2.7, September 2025 TC39 meeting
    • Iterator.prototype.sliding method replaced with an extra parameter of Iterator.prototype.windows method, tc39/proposal-iterator-chunking/#24, tc39/proposal-iterator-chunking/#26
  • Fixed Iterator.zip and Iterator.zipKeyed behavior with mode: 'longest' option, #1469, thanks @ lionel-rowe
  • Fixed work of Object.groupBy and Iterator.zipKeyed together with Symbol polyfill - some cases of symbol keys on result null-prototype object were able to leak out to for-in
  • Compat data improvements:
    • Map upsert proposal features marked as shipped from FF144
    • Added Node 25.0 compat data mapping
    • Added Deno 2.5 compat data mapping
    • Updated Electron 39 compat data mapping
    • Updated Opera 121+ compat data mapping
    • Added Opera Android 92 compat data mapping
    • Added Oculus Quest Browser 40 compat data mapping

from core-js GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch snyk-upgrade-b2a4b955c2b9e6b0ff070f362556fb59

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Overview

Greptile Summary

Upgrades core-js from 3.20.3 to 3.47.0, bringing 27 minor versions of improvements including new ES features (Iterator.concat, Iterator.zip, JSON.parse enhancements), bug fixes, and performance improvements.

• Adds support for new stable ES features: JSON.isRawJSON, JSON.rawJSON, Iterator.concat, Iterator.zip, and Iterator.zipKeyed
• Includes bug fixes for URLSearchParams.prototype.append in older browsers
• No breaking changes expected since this is a minor version upgrade within v3.x
• Issue: The .babelrc config specifies corejs: "3.0.0" but the package is now 3.47.0 - this mismatch should be updated to enable Babel to use newer polyfills

Confidence Score: 4/5

• Safe to merge with one minor configuration update recommended
• This is a standard dependency upgrade within the same major version (3.x), with no breaking changes. However, the .babelrc file has a mismatched corejs version ("3.0.0" vs actual 3.47.0) that should be updated to ensure optimal polyfill injection. The upgrade brings new ES features and bug fixes with minimal risk.
• .babelrc needs its corejs version updated to match the installed package version

Important Files Changed

File Analysis

Filename	Score	Overview
package.json	5/5	Updated core-js from ^3.20.3 to ^3.47.0 - a minor version upgrade with new ES features and bug fixes
package-lock.json	5/5	Lockfile updated to reflect core-js 3.47.0 with new integrity hash and MIT license field

Sequence Diagram

sequenceDiagram
    participant Dev as Developer
    participant Snyk as Snyk Bot
    participant NPM as NPM Registry
    participant Babel as Babel/Webpack
    participant App as Application

    Snyk->>NPM: Check for core-js updates
    NPM-->>Snyk: v3.47.0 available (from v3.46.0)
    Snyk->>Dev: Create PR #133 to upgrade
    Dev->>Dev: Review PR changes
    Dev->>NPM: npm install (after merge)
    NPM-->>Dev: Install [email protected]
    Dev->>Babel: npm run build
    Babel->>Babel: Transpile JS with @babel/preset-env
    Babel->>Babel: Inject polyfills (useBuiltIns: usage)
    Babel-->>App: Bundle with required polyfills
    App->>App: Run with new ES features support

Loading

[greptile-apps]

Additional Comments (1)

1. .babelrc, line 7 (link)

   syntax: The corejs version in Babel config is set to "3.0.0" but the actual core-js package is now at 3.47.0. Update this to "3.47" or at least "3.20" to ensure Babel can use the newer polyfills.

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}