What’s the riskiest part of an upgrade?

By failure rate in my data:

1. Third-party extensions that have gone silent (~38% of upgrade incidents). A Mageplaza / Aheadworks / random-marketplace extension hasn’t shipped a 2.4.9-compatible version, and the vendor isn’t replying. Mitigation: pre-audit the extension list, identify silent vendors early, plan swap-outs before upgrade kickoff.
2. Custom checkout customisations (~22%). Custom JS in checkout, third-party payment plugins (Klarna / Affirm / Mollie), or custom shipping calculators. Even a clean composer-resolve can leave checkout broken in subtle ways. Mitigation: 100% of test orders run through staging before cutover.
3. B2B Companies + quote workflows (~15%). Schema-tied to specific Magento versions; quote silently breaks if a column was renamed. Mitigation: validate company-record + quote-record integrity post-upgrade with a dedicated test plan.
4. Reindex windows on huge catalogs (~12%). 100k+ SKU catalogs can take 6–8 hours to reindex on first post-upgrade run. Mitigation: schedule the reindex inside the maintenance window, don’t cutover until clean.
5. SEO / URL-rewrite collisions (~8%). Upgraded code regenerates URL rewrites; old ones go stale. Mitigation: snapshot URL rewrites pre-upgrade, diff post-upgrade.
6. Other (~5%) — cron schedules, email-template syntax, custom queue consumers, etc.