Security tooling (ex. checkmarx) flags electron@35.7.5 when installed via @codeceptjs/ui@1.2.5 when working with label-studio
-
Dependency path:
label-studio/web/libs/editor/tests/e2e/package.json
-> @codeceptjs/ui@1.2.5
-> electron@35.7.5
-
Scan date: 2026-01-09
-
Finding: "Monitored Vulnerability (98)"
-
Electron upstream has newer versions available (e.g., 39.x).
The second topic is that the latest version of electron is still not considered as a safe one, but I think this is a separate issue. But consider if You can update it to pass security checks.
Is there a chance to dump this package to newest version?
I've seen that empty issue with nearly the same topic: #604
Thanks in advance
Security tooling (ex. checkmarx) flags
electron@35.7.5when installed via@codeceptjs/ui@1.2.5when working with label-studioDependency path:
label-studio/web/libs/editor/tests/e2e/package.json
-> @codeceptjs/ui@1.2.5
-> electron@35.7.5
Scan date: 2026-01-09
Finding: "Monitored Vulnerability (98)"
Electron upstream has newer versions available (e.g., 39.x).
The second topic is that the latest version of electron is still not considered as a safe one, but I think this is a separate issue. But consider if You can update it to pass security checks.
Is there a chance to dump this package to newest version?
I've seen that empty issue with nearly the same topic: #604
Thanks in advance