Security tooling (ex. checkmarx) flags electron@35.7.5 when installed via @codeceptjs/ui@1.2.5 when working with label-studio

• Dependency path:
  label-studio/web/libs/editor/tests/e2e/package.json
  -> @codeceptjs/ui@1.2.5
  -> electron@35.7.5

• Scan date: 2026-01-09

• Finding: "Monitored Vulnerability (98)"

• Electron upstream has newer versions available (e.g., 39.x).

The second topic is that the latest version of electron is still not considered as a safe one, but I think this is a separate issue. But consider if You can update it to pass security checks.

Is there a chance to dump this package to newest version?
I've seen that empty issue with nearly the same topic: #604

Thanks in advance