Oh boy, my riskiest coding decision was certainly that one time when I refactored some 50k lines of critical legacy shit code in 3 days, straight up merged everything into master and then deployed to prod.
Luckily there was only one minor bug I had to fix after that... phew...
(To my defense: I was solo-working on it - the infamous CMS Of Doom™)

which javascript framework to use

I don't know if this counts but wrote a generator that replaced a shitty linq to sql dal to use our system so I didn't have to mess with a web app I'd written. In place replacement with a few methods that made the other transaction lock field updates and calls etc

Most risky I can think of

Everything else was data migrations but there were always backups

Sometimes I have to connect to production database and alter my dev environment so I can “log in” as a user and see what’s wrong with their account. Once in a while there is a legitimate website issue that is unique to that user’s profile. Other times it’s user error, like the user not understanding that they have to connect their membership to their online account (they think signing up for an account will connect it automatically).

I don’t like circumventing the user’s log in like this, but sometimes it’s necessary since the website is so confusing. I inherited this website, so many of the problems were formed way before I took over.

My stakeholders want a log in as user feature for website admins to use. My manager and PM don’t think that’s a good idea right now since there are over two dozen people with admin access and admin access means access to everything in the admin (there aren’t options to give permissions as needed).