You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Snapshot header URL updated from goo.gl/fbAQLP → jestjs.io/docs/snapshot-testing — cosmetic only
pnpm-lock.yaml
Lockfile updated to reflect new dependency resolutions
Skipped (out of scope): dist/, pnpm-lock.yaml (reviewed only the override-related diff sections above)
Findings
⚠️ Low — collectCoverage was silently disabled in the patch; confirm intent before deleting it
File:patches/@mendix__pluggable-widgets-tools.patch (deleted) Note: The deleted patch commented out collectCoverage: !process.env.CI in test-config/jest.config.js. If 11.11.0 ships collectCoverage enabled again in CI, unit-test runs may become significantly slower. Verify the new default in 11.11.0's test-config/jest.config.js and confirm the team is happy with whatever the new behaviour is before merging.
⚠️ Low — Removed security-advisory overrides for packages that may still be transitive dependencies
File:package.json lines 69–81 (deleted block) Note: Several overrides were removed that previously forced minimum safe versions of known-vulnerable packages (decode-uri-component, json5, loader-utils, minimatch). If any of these packages are still pulled in transitively by surviving dependencies, their vulnerability advisories re-open. It is worth running pnpm audit after merge to confirm no high/critical advisories resurface.
Positives
Removing the patch file is the right call — patching upstream tooling is fragile and 11.11.0 absorbing those fixes upstream is a clean upgrade path.
The generated-file changes (typings/, __snapshots__) are exactly what a tooling bump should produce — no hand-edited generated files.
Stale pnpm.overrides for packages no longer pulled transitively (enzyme, old rollup pin, ts-node pin) were pruned correctly, reducing override noise.
Snyk security checks are passing ✅, and the SHA-pinning workflow check is green ✅.
CI status at time of review: Build, Snyk, and label checks passed or are in progress; E2E matrix jobs are still running. Recommend waiting for all E2E jobs to complete before merging given the broad tooling change.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
github-actions
Bot
added
data-widgets
accordion-web
badge-button-web
badge-web
barcode-scanner-web
carousel-web
charts-web
image-web
language-selector-web
maps-web
popup-menu-web
progress-bar-web
progress-circle-web
rating-web
rich-text-web
timeline-web
video-player-web
html-element-web
calendar-web
google-tag-web
combobox-web
labels
No description provided.