[Snyk] Fix for 1 vulnerabilities

[mnk-blr]

Snyk has created this PR to fix 1 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

• package.json

⚠️ Warning

Failed to update the pnpm-lock.yaml, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue
	Incorrect Control Flow Scoping SNYK-JS-TOOTALLNATEONCE-15250612

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[claude]

🚨 CRITICAL: ts-jest Compatibility Issue

Upgrading Jest to v28 while keeping ts-jest at v27.1.1 will cause test failures. ts-jest 27.x is only compatible with Jest 27.x.

Required Fix:

Suggested change

	"jest": "^28.0.0",
	"jest": "^28.0.0",
	"jsdom": "^23.0.0",
	"ts-jest": "^28.0.0",

Additional Required Changes:

1. Update @types/jest to ^28.0.0 as well
2. Migrate Jest configuration in jest.config.sdk.js from deprecated globals format to transform format
3. Manually update pnpm-lock.yaml with pnpm install --lockfile-only

Breaking Changes to Test:

• jsdom v23 has significant DOM API changes
• Jest 28 requires configuration migration
• This upgrade spans 4 major versions of jsdom - thorough testing required

[claude]

Code Review Summary

❌ NOT MERGEABLE - Critical Issues Require Resolution

This security fix PR attempts to address Snyk vulnerability SNYK-JS-TOOTALLNATEONCE-15250612 by updating Jest and jsdom, but introduces breaking compatibility issues that will cause test failures.

🚨 Critical Issues:

1. ts-jest Compatibility Mismatch: Jest 28 requires ts-jest 28+, but PR keeps ts-jest at 27.x → Tests will fail
2. Jest Configuration Breaking Change: Current globals config format is deprecated in Jest 28 → Configuration errors
3. Missing Dependency Updates: @types/jest still at v27 → TypeScript compilation errors
4. Failed Lock File: pnpm-lock.yaml didn't update → Dependency resolution issues

🔧 Required Before Merge:

1. Update additional dependencies in package.json:

   • ts-jest: ^27.1.1 → ^28.0.0
   • @types/jest: add/update to ^28.0.0

2. Migrate Jest configuration in jest.config.sdk.js:

   • Change from globals: { 'ts-jest': {...} } to transform format

3. Fix lock file:

   • Run pnpm install --lockfile-only to resolve dependencies

4. Update documentation:

   • Fix CLAUDE.md reference from "Jest 27" to "Jest 28"

5. Comprehensive testing:

   • jsdom v19→v23 is a 4-major-version jump with significant breaking changes
   • Verify all DOM-based tests and React hook tests still pass

📋 Impact Assessment:

• High Risk: Major version updates across testing stack
• Test Files at Risk: React hook tests, DOM manipulation tests, postMessage tests
• Breaking Changes: jsdom DOM API changes, Jest configuration format changes

Recommendation: Address compatibility issues before merging to prevent CI/CD pipeline failures.