Sm jest

[cd-bitwarden]

🎟️ Tracking

📔 Objective

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[claude]

Claude finished @cd-bitwarden's task —— View job

---

Code Review Complete

Summary of Findings

This PR upgrades Jest from v29 to v30 with corresponding type definitions and Angular preset updates. However, there are critical issues with the PR metadata that must be addressed before this can be properly reviewed or merged.

Findings

Finding 1 💭: PR title "Sm jest" is unclear and should describe the change (e.g., "Upgrade Jest to v30" or "Update Jest and related testing dependencies to v30")

Finding 2 ❌: PR description is completely empty - all required sections are blank:

• Missing Objective explaining what changed and why
• Missing Tracking reference (Jira ticket)
• Missing Test Plan describing how changes were verified
• Missing context about breaking changes or migration requirements

Suggested PR description

## 🎟️ Tracking

[Link to Jira ticket]

## 📔 Objective

Upgrades Jest from v29.5.14 to v30.2.0 along with related testing dependencies:
- jest: 30.2.0 (added to explicit devDependencies)
- @types/jest: 30.0.0
- jest-environment-jsdom: 30.2.0
- jest-preset-angular: 15.0.3
- jest-diff: 30.2.0

Added npm overrides to ensure consistent Jest v30 usage across all workspace packages, particularly for @angular-devkit/build-angular which has its own Jest dependency.

## Test Plan

- [ ] All existing unit tests pass with Jest v30
- [ ] Verified no breaking changes in test behavior
- [ ] Confirmed Jest CLI commands work as expected
- [ ] [Additional verification steps...]

Finding 3 ⚠️: Checkmarx flagged CVE-2025-12905 (Medium severity) in electron 37.7.0 - this vulnerability affects Chrome's download security on Windows and should be acknowledged or addressed

Finding 4 💭: The PR adds Jest v30 as an explicit devDependency when it wasn't listed before - was Jest previously only installed as a transitive dependency? This change should be explained in the PR objective.

Finding 5 💭: Jest v30 includes breaking changes (see release notes) - has the team verified compatibility with existing test suites and migration requirements?

Dependencies Changed

devDependencies:
- @types/jest: 29.5.14 → 30.0.0
+ jest: 30.2.0 (new explicit dependency)
+ jest-environment-jsdom: 30.2.0 (new explicit dependency)
  jest-diff: 30.2.0 (unchanged)
- jest-preset-angular: 14.6.1 → 15.0.3

overrides (new section added):
+ Forces Jest v30 across all workspace packages
+ Ensures @angular-devkit/build-angular uses Jest v30

Recommendations

1. Before merging: Update PR title and complete the description template with objective, tracking, and test plan
2. Address or acknowledge the electron CVE finding from Checkmarx
3. Confirm all test suites pass with the new Jest version
4. Document any test code changes required for Jest v30 compatibility

---

[github-actions]

Checkmarx One – Scan Summary & Details – 3fd63d02-e281-462c-bfde-8525feaa97a1

Great job! No new security vulnerabilities introduced in this pull request