fix(analytics-browser): prevent circular reference in logBrowserOptions

[daniel-graham-amplitude]

Summary

(~40 LOC changes if you exclude lockfile)

resolves #1521

Replace native JSON.stringify with "safe-json-stringify".

Note: "safe-json-stringify" is a 3rd party package that doesn't have any transitive dependencies. And it's pinned to a specific version. Should be safe from Supply Chain attacks.

Checklist

• Does your PR title have the correct title format?
• Does your PR have a breaking change?: No

---

Note

Low Risk
Small change limited to debug logging plus a new pinned dependency; low behavioral risk outside of log output formatting.

Overview
Prevents AmplitudeBrowser initialization logging from throwing when BrowserOptions contains circular references by replacing JSON.stringify with a new safeJsonStringify wrapper.

Adds safe-json-stringify (and typings) to analytics-core, re-exports it from the core index, and adds unit/regression tests covering both circular and non-circular stringification and the logBrowserOptions call path.

^{Written by Cursor Bugbot for commit 9cdd576. Configure here.}

[Copilot]

Pull request overview

This PR fixes a bug where JSON.stringify was throwing "Converting circular structure to JSON" errors when logging browser configuration. The issue arose because browserConfig objects can contain circular references (e.g., references back to the amplitude instance). The fix replaces the native JSON.stringify with the "safe-json-stringify" library which gracefully handles circular references.

Changes:

• Introduced a new safeJsonStringify utility that wraps the "safe-json-stringify" npm package
• Replaced JSON.stringify with safeJsonStringify in the logBrowserOptions method
• Added comprehensive test coverage for the circular reference scenario

Reviewed changes

Copilot reviewed 5 out of 6 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
packages/analytics-core/src/utils/safe-stringify.ts	New utility module that wraps safe-json-stringify with proper type definitions and handles both CommonJS and ES module exports
packages/analytics-core/src/index.ts	Exports the safeJsonStringify utility for use in other packages
packages/analytics-core/package.json	Adds safe-json-stringify (1.2.0) as a runtime dependency and @types/safe-json-stringify (1.1.5) as a dev dependency
packages/analytics-browser/src/browser-client.ts	Updates logBrowserOptions to use safeJsonStringify instead of JSON.stringify
packages/analytics-browser/test/browser-client.test.ts	Adds regression test to verify circular references don't cause errors

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Mercy811]

LGTM! looks like safe-json-stringify is just pure js code https://github.com/debitoor/safe-json-stringify/blob/master/index.js. And we're pinning the version so no risk of surprisingly upgrading to a bad malicious new version.

[Mercy811]

bugbot run

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR