chore(scorecard): version bump to v1.51.2

[Eswaraiahsapram]

Hey, I just made a Pull Request!

Scorecard version bump

Fix - https://redhat.atlassian.net/browse/RHIDP-13795

Screen.Recording.2026-06-03.at.8.55.19.PM.mov

How to test

1. Configure the GitHub integration in app-config.yaml

integrations:
  github:
    - host: github.com
      token: GITHUB_TOKEN

2. Configure the Jira integration in app-config.yaml

jira:
  baseUrl: https://redhat.atlassian.net
  token: JIRA_TOKEN
  product: cloud

3. Configure proxy in app-config.yaml

proxy:
  '/jira/api':
    target: https://redhat.atlassian.net
    headers:
      Authorization: <JIRA_PAT>
      Accept: 'application/json'
      Content-Type: 'application/json'
      X-Atlassian-Token: 'nocheck'
      User-Agent: 'MY-UA-STRING'

4. Already, we have a few example entities in the examples folder to test.

✔️ Checklist

• A changeset describing the change and affected packages. (more info)
• Added or Updated documentation
• Tests for new functionality and regression tests for bug fixes
• Screenshots attached (for UI changes)

[rhdh-gh-app]

Important

This PR includes changes that affect public-facing API. Please ensure you are adding/updating documentation for new features or behavior.

Changed Packages

Package Name	Package Path	Changeset Bump	Current Version
app-legacy	workspaces/scorecard/packages/app-legacy	none	v0.0.0
app	workspaces/scorecard/packages/app	none	v0.0.0
backend	workspaces/scorecard/packages/backend	none	v0.0.0
@red-hat-developer-hub/backstage-plugin-scorecard-backend-module-dependabot	workspaces/scorecard/plugins/scorecard-backend-module-dependabot	minor	v0.2.13
@red-hat-developer-hub/backstage-plugin-scorecard-backend-module-filecheck	workspaces/scorecard/plugins/scorecard-backend-module-filecheck	minor	v0.1.11
@red-hat-developer-hub/backstage-plugin-scorecard-backend-module-github	workspaces/scorecard/plugins/scorecard-backend-module-github	minor	v2.7.9
@red-hat-developer-hub/backstage-plugin-scorecard-backend-module-jira	workspaces/scorecard/plugins/scorecard-backend-module-jira	minor	v2.7.9
@red-hat-developer-hub/backstage-plugin-scorecard-backend-module-openssf	workspaces/scorecard/plugins/scorecard-backend-module-openssf	minor	v0.2.13
@red-hat-developer-hub/backstage-plugin-scorecard-backend-module-sonarqube	workspaces/scorecard/plugins/scorecard-backend-module-sonarqube	minor	v0.1.8
@red-hat-developer-hub/backstage-plugin-scorecard-backend	workspaces/scorecard/plugins/scorecard-backend	minor	v2.7.9
@red-hat-developer-hub/backstage-plugin-scorecard-common	workspaces/scorecard/plugins/scorecard-common	minor	v2.7.9
@red-hat-developer-hub/backstage-plugin-scorecard-node	workspaces/scorecard/plugins/scorecard-node	minor	v2.7.9
@red-hat-developer-hub/backstage-plugin-scorecard	workspaces/scorecard/plugins/scorecard	minor	v2.7.9

[fullsend-ai-review]

Review

Findings

Medium

• [logic-error] workspaces/scorecard/plugins/scorecard/src/components/ScorecardHomepageSection/ResponsivePieChart.tsx:137 — Changing the disabled-tooltip fallback from () => null to undefined alters runtime behavior. When tooltipContent is not provided (as in AverageCardComponent), isTooltipEnabled is false and content receives undefined. In recharts v3 (recharts@^3.3.0), passing content={undefined} to <Tooltip> causes recharts to render its built-in default tooltip on hover, whereas the old content={() => null} rendered nothing. This will produce an unwanted default tooltip on the AverageCard pie chart.
  Remediation: Keep the falsy branch as a function that returns null: content={isTooltipEnabled ? (tooltipContent as never) : () => null}, or conditionally render the <Tooltip> component only when isTooltipEnabled is true.

Low

• [edge-case] workspaces/scorecard/plugins/scorecard/src/components/ScorecardHomepageSection/ResponsivePieChart.tsx:137 — The as never cast on tooltipContent silences any type incompatibility between the component's PieTooltipContentProps signature and recharts v3's expected Tooltip.content prop type. This hides potential mismatches rather than properly aligning the types.

• [test-weakened] workspaces/scorecard/packages/app-legacy/e2e-tests/pages/CatalogPage.ts:72 — The switchToLocale method changed from clicking the 'Settings' link and 'Home' link to using direct page.goto() calls. This means switchToLocale no longer verifies that the Settings link and Home link are present and clickable in the UI, reducing coverage of the navigation flow.

Info

• [sub-agent-failure] N/A — The style-conventions sub-agent did not return findings: model unavailability on deployment. This PR is a mechanical version bump that would have triggered the early-exit criteria, so impact is negligible.

Previous run

Review

Findings

Critical

• [stale-reference] workspaces/scorecard/packages/backend/src/index.ts:95 — The PR removes @backstage/plugin-mcp-actions-backend from packages/backend/package.json dependencies, but packages/backend/src/index.ts line 95 still contains backend.add(import('@backstage/plugin-mcp-actions-backend'));. This stale import will cause a build failure or runtime crash when the backend starts, since the package will no longer be installed.
  Remediation: Either (a) remove line 95 from packages/backend/src/index.ts to match the dependency removal, or (b) keep @backstage/plugin-mcp-actions-backend in package.json with an updated version compatible with Backstage 1.51.2.

Low

• [unused-dependency] workspaces/scorecard/plugins/scorecard-node/package.json — The uuid package (^9.0.1) is added as a new dependency but no source file under plugins/scorecard-node/src/ imports or references it. This is likely an artifact of the Backstage version bump tooling. Consider removing it if not needed, or verify whether it is now required as a peer dependency of an upstream package.

Previous run (2)

Review

Findings

Critical

• [stale-reference] workspaces/scorecard/packages/backend/src/index.ts:95 — The PR removes @backstage/plugin-mcp-actions-backend from packages/backend/package.json but does not remove the corresponding backend.add(import('@backstage/plugin-mcp-actions-backend')) on line 95 of packages/backend/src/index.ts. At build or startup time, the backend will fail because the module is no longer installed as a dependency.
  Remediation: Either remove line 95 from packages/backend/src/index.ts, or keep the dependency in package.json and update its version as part of the bump.

Medium

• [unused-dependency] workspaces/scorecard/plugins/scorecard-node/package.json — The PR adds uuid (^9.0.1) as a new dependency to scorecard-node/package.json, but there are zero imports or references to uuid anywhere in the scorecard-node/src directory. This appears to be an unnecessary dependency addition that increases bundle size and supply-chain surface.
  Remediation: Verify whether uuid is actually needed. If not, remove it from this PR.

Low

• [incomplete-test-update] workspaces/scorecard/packages/app-legacy/e2e-tests/pages/CatalogPage.ts:46 — The PR changes switchToLocale to use page.goto() instead of clicking sidebar links, but loginAndSetLocale at line 46 still uses getByRole('link', { name: 'Home' }) for a visibility assertion. While this is less likely to break than click interactions, it is worth verifying the assertion still passes with Backstage v1.51.2.

• [stale-reference] workspaces/scorecard/plugins/scorecard-backend/README.md:343 — The README references @backstage/plugin-mcp-actions-backend in installation instructions (lines 343-355). If this dependency is intentionally removed from the example backend, the documentation should be updated or clarified as optional.

Info

• [sub-agent-failure] The style-conventions sub-agent did not return findings: model not available in deployment. This does not affect the review outcome for a version-bump PR.

Previous run (3)

Review

Findings

Medium

• [unused dependency] workspaces/scorecard/plugins/scorecard-node/package.json:51 — The diff adds uuid: ^9.0.1 as a new runtime dependency to scorecard-node, but there are zero imports or references to uuid anywhere in the scorecard-node/src/ source tree. This is either a premature addition (code that uses it is missing from this PR) or an accidental inclusion. Shipping an unused dependency increases bundle size and attack surface for no benefit.
  Remediation: Remove the uuid dependency from scorecard-node/package.json unless there is companion code in this PR that was accidentally omitted. If uuid usage is planned for a follow-up PR, add the dependency in that PR instead.

Low

• [test behavior change] workspaces/scorecard/packages/app-legacy/e2e-tests/pages/CatalogPage.ts:72 — The switchToLocale method changes from SPA-style navigation (clicking sidebar links) to full-page navigations via page.goto('/settings') and page.goto('/'). While page.goto() is generally more reliable in e2e tests, it no longer exercises the sidebar navigation path. This is minor given the version bump context where old selectors may no longer match the updated Backstage UI.

Info

• [sub-agent-failure] N/A — The style-conventions sub-agent did not return findings: model claude-sonnet-4-5@20250929 unavailable on deployment. Style review was skipped for this run.

• [sub-agent-failure] N/A — The intent-coherence sub-agent did not return findings: model claude-sonnet-4-5@20250929 unavailable on deployment. Intent/scope review was skipped for this run.

Previous run (4)

Review

Findings

Low

• [unused dependency] workspaces/scorecard/plugins/scorecard-node/package.json — The uuid package (^9.0.1) is added as a new production dependency, but no source file in scorecard-node/src imports or references uuid. This may have been added by backstage-cli versions:bump to satisfy a transitive dependency requirement, which is a common pattern in Backstage version bumps, but the necessity should be confirmed.
  Remediation: Verify whether uuid is actually needed (e.g., check if a newer version of @backstage/backend-plugin-api or @backstage/plugin-catalog-node requires it as a peer dependency). If not needed, remove it from dependencies.

• [test behavior change] workspaces/scorecard/packages/app-legacy/e2e-tests/pages/CatalogPage.ts:72 — The switchToLocale method changes from clicking the Settings link (SPA navigation) to page.goto('/settings') (full page navigation), and similarly from clicking a Home link to page.goto('/'). Using page.goto() triggers a full browser navigation rather than a client-side route transition, which reduces the fidelity of the E2E test — if the Settings or Home links break in the sidebar, this test would not catch it.

Info

• [sub-agent-failure] N/A — The style-conventions sub-agent did not return findings: model not available on deployment. This is a non-critical dimension for a mechanical version-bump PR.

• [sub-agent-failure] N/A — The intent-coherence sub-agent did not return findings: model not available on deployment. This is a non-critical dimension for a mechanical version-bump PR.

Previous run (5)

Review

Findings

Medium

• [Incomplete fix / consistency] workspaces/scorecard/packages/app-legacy/e2e-tests/pages/HomePage.ts:42 — The PR changes CatalogPage.switchToLocale to use page.goto() instead of clicking sidebar links for navigation (both the Settings link and the Home link). However, HomePage.navigateToHome() at line 42 still uses this.page.getByRole('link', { name: 'Home' }).first().click() for navigation. This method is called in scorecard.test.ts at lines 455 and 733, and in homepageWidgetUtils.ts at lines 34 and 42. If the sidebar structure changed in v1.51.2 requiring the CatalogPage fix, navigateToHome() is likely affected too.
  Remediation: Update HomePage.navigateToHome() to use await this.page.goto('/') for consistency with the CatalogPage fix, or verify that the Home link selector still works in v1.51.2 and document why the two cases differ.

Low

• [Metadata inconsistency] workspaces/scorecard/.changeset/icy-poets-run.md — The PR title says "version bump to v1.51.0" but the changeset and backstage.json both target v1.51.2. No runtime impact — code is internally consistent at v1.51.2.

Info

• [Auto-generated output] workspaces/scorecard/plugins/scorecard/report-alpha.api.md — The property reordering in configInput (path and title swapped) is consistent with auto-generated API Extractor output. No functional change.

• [sub-agent-failure] N/A — The style-conventions sub-agent did not return findings: model not available. This dimension was not evaluated; however, a dependency version bump PR has minimal style surface area.

Previous run (6)

Review

Reason: stale-head

The review agent reviewed commit 6548a291ce4348892532517d0631e8e5cd5da6ca but the PR HEAD is now a801f336cce6ebafb4bfb6ccbb9d212aeb0d5721. This review was discarded to avoid approving unreviewed code.

Previous run (7)

Review

Findings

Low

• [test-weakened] workspaces/scorecard/packages/app-legacy/e2e-tests/pages/CatalogPage.ts:72 — switchToLocale switches from role-based link clicking (getByRole('link', { name: 'Settings' })) to direct URL navigation (page.goto('/settings')). This bypasses UI element verification for the settings and home navigation links. However, this pattern is consistent with existing page.goto() usage in loginAndSetLocale() and openCatalog() in the same file, and the method's core purpose (locale switching) remains fully tested. Likely a necessary adaptation to Backstage v1.51.0 sidebar changes.

• [pattern-violation] workspaces/scorecard/plugins/scorecard/report-alpha.api.md:57 — The configInput property ordering changed from {title, path} to {path, title}. This is a cosmetic reordering in the auto-generated API report, likely caused by a change in API Extractor's output ordering in the new Backstage version. No semantic impact.

Info

• [api-contract] workspaces/scorecard/plugins/scorecard/package.json — Several major version bumps included: @backstage/plugin-catalog-react ^2.x → ^3.0.0, @backstage/plugin-scaffolder-backend ^3.x → ^4.0.0, @backstage/frontend-plugin-api ^0.15.x → ^0.17.0. No source code changes accompany these bumps, suggesting the consumed API surface was not affected. CI build and test results should confirm compatibility.

• [sub-agent-failure] N/A — The style-conventions sub-agent did not return findings: the sonnet model was unavailable on this deployment. This is a sonnet-tier dimension and does not block the review.

Previous run (8)

Review

Findings

Low

• [api-contract] workspaces/scorecard/.changeset/icy-poets-run.md — Changeset marks all scorecard packages as minor despite consuming major dependency version bumps (@backstage/plugin-catalog-react v2→v3, @backstage/plugin-scaffolder-backend v3→v4). The generated API report (report-alpha.api.md) shows only a cosmetic property reorder, confirming no breaking type changes propagated to the scorecard plugins' public API. This appears consistent with standard Backstage version bump practice, but worth verifying that no breaking changes affect downstream consumers.

• [test-inadequate] workspaces/scorecard/packages/app-legacy/e2e-tests/pages/CatalogPage.ts:72 — E2E test replaced UI-element-based navigation (getByRole('link', { name: 'Settings' }) and locator('a').filter({ hasText: 'Home' })) with direct page.goto() calls. This is reasonable for a version bump (the UI elements may have changed), but slightly reduces coverage of navigation link presence/functionality. The affected code is test setup, not the behavior under test.

• [naming-convention] workspaces/scorecard/.changeset/icy-poets-run.md — Typo in changeset description: "Backsatge" should be "Backstage".

Info

• [sub-agent-failure] N/A — The style-conventions sub-agent did not return findings: model unavailable on deployment. Style review was not performed for this PR.

Previous run (9)

Review

Findings

Medium

• [api-contract] workspaces/scorecard/plugins/scorecard/package.json:59 — @backstage/plugin-catalog-react is bumped from ^2.1.1 to ^3.0.0 (major version). The scorecard plugin imports EntityContentBlueprint, useEntity, catalogApiRef, entityRouteRef, EntityRefLink, and EntityRefLinks from this package across 8 source files. A major version bump may include breaking API changes. No source code changes accompany this bump, so if any of these imports changed shape in v3, the build will fail silently after merge.
  Remediation: Confirm CI build and test suite pass. Verify all imports from @backstage/plugin-catalog-react are still valid in v3.0.0.

• [api-contract] workspaces/scorecard/plugins/scorecard/package.json:56 — @backstage/frontend-plugin-api is bumped from ^0.15.1 to ^0.17.0 (two minor versions on a 0.x package, which per semver may include breaking changes). The scorecard plugin imports createFrontendPlugin, createFrontendModule, PageBlueprint, createApiFactory, and ApiBlueprint from this package. The report-alpha.api.md shows a property reorder in configInput, confirming the API extractor ran against the new version and the generated surface shifted.
  Remediation: Confirm CI passes. For 0.x packages, even minor bumps can be breaking per semver.

Low

• [api-contract] workspaces/scorecard/packages/backend/package.json:38 — @backstage/plugin-scaffolder-backend is bumped from ^3.2.0 to ^4.0.0 (major version). No scorecard source code directly imports from this package (it is a backend app dependency only), so the risk is limited to runtime module registration changes.

• [api-contract] workspaces/scorecard/packages/app-legacy/package.json:41 — @backstage/plugin-permission-react is bumped from ^0.4.41 to ^0.5.1 (minor on 0.x). The app-legacy package uses RequirePermission from this package — verify it still works with 0.5.x.

• [naming-convention] workspaces/scorecard/.changeset/icy-poets-run.md:14 — Typo in changeset description: "Backsatge" should be "Backstage".

Info

• [test-adequacy] This PR bumps multiple dependencies with major version changes but modifies zero source or test files. Ensure the CI build, type-checking, and test suite have been validated against the new dependency versions.

• [sub-agent-failure] The style-conventions, intent-coherence, and cross-repo-contracts sub-agents could not be dispatched (model unavailable). These are sonnet-tier dimensions; findings from these dimensions were not evaluated for this review.

Previous run (10)

Review

Findings

High

• [api-contract] workspaces/scorecard/plugins/scorecard/package.json — Several dependencies have major version bumps (plugin-catalog-react v2→v3, plugin-scaffolder-backend v3→v4, frontend-plugin-api v0.15→v0.17, plugin-permission-react v0.4→v0.5, ui v0.13→v0.15) but no source code (.ts/.tsx) files are modified in this PR. CI confirms a problem: both "Workspace scorecard, CI step for node 22" and "node 24" are failing, while the Verify step passes. The source code imports from these packages (e.g., entityRouteRef, useEntity, useEntityPresentation from plugin-catalog-react; RequirePermission from plugin-permission-react; PageBlueprint, createFrontendModule from frontend-plugin-api). Major version bumps can introduce breaking changes to APIs, type signatures, or runtime behavior.
  Remediation: Investigate the CI failures in the scorecard workspace CI step. Review the Backstage upgrade changelogs for plugin-catalog-react v3, plugin-scaffolder-backend v4, frontend-plugin-api v0.16/v0.17, and plugin-permission-react v0.5 for migration steps. Apply any required source code changes to fix the build/tests.

Low

• [api-contract] workspaces/scorecard/packages/backend/package.json — plugin-scaffolder-backend is bumped from ^3.2.0 to ^4.0.0 (major version) and plugin-auth-backend from ^0.27.3 to ^0.29.0 (skipping v0.28). While packages/backend only wires these as backend modules, major version bumps in backend plugins can change module registration APIs, configuration schemas, or database migration behavior.
  Remediation: Review Backstage changelogs for plugin-scaffolder-backend v4.0.0 and plugin-auth-backend v0.29.0 to confirm no migration steps are needed.

• [naming-convention] workspaces/scorecard/.changeset/icy-poets-run.md:14 — Typo in changeset description: "Backsatge version bump to v1.51.0" should be "Backstage version bump to v1.51.0". This text will appear in the published changelog.
  Remediation: Fix the typo: Backsatge → Backstage.

Info

• [sub-agent-failure] N/A — The style-conventions and intent-coherence sub-agents did not return findings: model not available on deployment. These are sonnet-tier dimensions and do not block the review.

Previous run (11)

Review

Reason: stale-head

The review agent reviewed commit 19a59bb9d4d30ad380ca3fce1805f8aa5094d171 but the PR HEAD is now 4b5264d23fdd75f36b2d332b25183ec129b9a9a3. This review was discarded to avoid approving unreviewed code.

Previous run (12)

Review

Reason: stale-head

The review agent reviewed commit 3b9be5228239f6d27e2bed351bd41ad3074da819 but the PR HEAD is now 19a59bb9d4d30ad380ca3fce1805f8aa5094d171. This review was discarded to avoid approving unreviewed code.

[fullsend-ai-review]

See the review comment for full details.

[fullsend-ai-review]

[low] naming-convention

Typo in changeset description: 'Backsatge version bump to v1.51.0' should be 'Backstage version bump to v1.51.0'. This text will appear in the published changelog.

Suggested fix: Fix the typo: Backsatge → Backstage.

[codecov]

Codecov Report

❌ Patch coverage is 0% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 49.06%. Comparing base (2903d71) to head (ea0b341).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3284      +/-   ##
==========================================
- Coverage   50.28%   49.06%   -1.22%     
==========================================
  Files        2260     2260              
  Lines       85603    85469     -134     
  Branches    24211    24211              
==========================================
- Hits        43044    41936    -1108     
- Misses      42058    43032     +974     
  Partials      501      501              

Flag	Coverage Δ		*Carryforward flag
adoption-insights	83.70% <ø> (ø)		Carriedforward from 2903d71
ai-integrations	67.95% <ø> (ø)		Carriedforward from 2903d71
app-defaults	69.79% <ø> (ø)		Carriedforward from 2903d71
augment	46.39% <ø> (ø)		Carriedforward from 2903d71
boost	74.64% <ø> (ø)		Carriedforward from 2903d71
bulk-import	72.46% <ø> (ø)		Carriedforward from 2903d71
cost-management	14.10% <ø> (ø)		Carriedforward from 2903d71
dcm	61.79% <ø> (ø)		Carriedforward from 2903d71
extensions	61.53% <ø> (ø)		Carriedforward from 2903d71
global-floating-action-button	71.18% <ø> (ø)		Carriedforward from 2903d71
global-header	59.71% <ø> (ø)		Carriedforward from 2903d71
homepage	49.84% <ø> (ø)		Carriedforward from 2903d71
install-dynamic-plugins	56.23% <ø> (ø)		Carriedforward from 2903d71
konflux	91.49% <ø> (ø)		Carriedforward from 2903d71
lightspeed	68.57% <ø> (ø)		Carriedforward from 2903d71
mcp-integrations	85.46% <ø> (ø)		Carriedforward from 2903d71
orchestrator	37.79% <ø> (ø)		Carriedforward from 2903d71
quickstart	63.76% <ø> (ø)		Carriedforward from 2903d71
sandbox	79.56% <ø> (ø)		Carriedforward from 2903d71
scorecard	51.80% <0.00%> (-32.16%)	⬇️
theme	61.26% <ø> (ø)		Carriedforward from 2903d71
translations	7.25% <ø> (ø)		Carriedforward from 2903d71
x2a	13.78% <ø> (ø)		Carriedforward from 2903d71

*This pull request uses carry forward flags. Click here to find out more.

---

Continue to review full report in Codecov by Harness.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2903d71...ea0b341. Read the comment docs.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[fullsend-ai-review]

[low] test-inadequate

E2E test replaced UI-element-based navigation with direct page.goto() calls, slightly reducing coverage of navigation link presence/functionality. The affected code is test setup, not the behavior under test.

[fullsend-ai-review]

[low] test-weakened

switchToLocale switches from role-based link clicking to direct URL navigation (page.goto), bypassing UI element verification. However, this is consistent with existing page.goto() usage in loginAndSetLocale() and openCatalog() in the same file, and the method's core purpose (locale switching) remains fully tested.

[dzemanov]

I think we can get in these PRs before this bump, to avoid rebasing:

• Migrate from Material UI v4 to MUI v5 (chore(scorecard): migrate from Material UI v4 to MUI v5 #3312)
• e2e tests RHDHBUGS-3057: Refactor e2e tests for the scorecard plugin #3245
• custom thresholds: fix(scorecard): Handle custom thresholds from scorecard backend #3293

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 6:27 AM UTC · Completed 6:36 AM UTC
Commit: e24f46f · View workflow run →

[fullsend-ai-review]

/fs-review

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 6:38 AM UTC · Completed 6:46 AM UTC
Commit: e24f46f · View workflow run →

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 3:54 PM UTC · Completed 4:01 PM UTC
Commit: 8f34ce4 · View workflow run →

[fullsend-ai-review]

[low] test behavior change

The switchToLocale method changes from clicking the Settings link (SPA navigation) to page.goto('/settings') (full page navigation), reducing E2E test fidelity for sidebar navigation.

[fullsend-ai-review]

🤖 Review · Started 10:29 AM UTC
Commit: bbcdc56 · View workflow run →

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 10:29 AM UTC · Completed 10:37 AM UTC
Commit: bbcdc56 · View workflow run →

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 12:12 PM UTC · Completed 12:19 PM UTC
Commit: a408de5 · View workflow run →

[fullsend-ai-review]

See the review comment for full details.

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 2:28 PM UTC · Completed 2:37 PM UTC
Commit: 2903d71 · View workflow run →

[fullsend-ai-review]

See the review comment for full details.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 3:22 PM UTC · Completed 3:32 PM UTC
Commit: 2903d71 · View workflow run →

[fullsend-ai-review]

See the review comment for full details.

[fullsend-ai-review]

[medium] logic-error

Changing the disabled-tooltip fallback from () => null to undefined alters runtime behavior. When tooltipContent is not provided (as in AverageCardComponent), isTooltipEnabled is false and content receives undefined. In recharts v3, passing content={undefined} to causes recharts to render its built-in default tooltip on hover, whereas the old content={() => null} rendered nothing.

Suggested fix: Keep the falsy branch as a function that returns null, or conditionally render the component only when isTooltipEnabled is true.

[fullsend-ai-review]

[low] edge-case

The as never cast on tooltipContent silences type incompatibility between PieTooltipContentProps and recharts v3 Tooltip.content prop type, hiding potential mismatches.

Suggested fix: Align PieTooltipContentProps with recharts v3 TooltipProps so the cast is unnecessary.

[fullsend-ai-review]

[low] test-weakened

switchToLocale changed from clicking UI links to direct page.goto() calls, reducing coverage of the navigation flow.

Suggested fix: Update selectors to match the new Backstage UI rather than bypassing navigation, or add assertions after goto calls.