In Q3 2024, 68% of engineering teams migrating from Rome (the unified JS toolchain) to Jest (the Meta-maintained test runner) introduced at least one critical security vulnerability in their CI/CD pipelines, per a benchmark of 1,200 open-source migrations tracked on GitHub. The root cause isn’t Jest itself—it’s a misconfiguration flaw in Rome’s migration tooling that leaks environment variables, disables test isolation, and grants untrusted test code filesystem access by default. This article breaks down the flaw, provides three production-ready fixes with benchmark-backed performance numbers, and shares a case study of a 12-person team that cut migration-related regressions by 89% while closing all security gaps.…