diff --git a/e2e/package-lock.json b/e2e/package-lock.json
index 01d2907..03ea785 100644
--- a/e2e/package-lock.json
+++ b/e2e/package-lock.json
@@ -7816,15 +7816,6 @@
       "integrity": "sha512-lT5yCqEBgfoMYpf3F2xQRK7zEr1rhIIZuceDK6+xRkJQ4NMbHTwXqk4NkwDwQMNqXgG9r9fyHnzwNVs6zV5KRw==",
       "dev": true
     },
-    "node_modules/randombytes": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz",
-      "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==",
-      "dev": true,
-      "dependencies": {
-        "safe-buffer": "^5.1.0"
-      }
-    },
     "node_modules/range-parser": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
@@ -8504,12 +8495,12 @@
       }
     },
     "node_modules/serialize-javascript": {
-      "version": "6.0.2",
-      "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.2.tgz",
-      "integrity": "sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==",
+      "version": "7.0.5",
+      "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-7.0.5.tgz",
+      "integrity": "sha512-F4LcB0UqUl1zErq+1nYEEzSHJnIwb3AF2XWB94b+afhrekOUijwooAYqFyRbjYkm2PAKBabx6oYv/xDxNi8IBw==",
       "dev": true,
-      "dependencies": {
-        "randombytes": "^2.1.0"
+      "engines": {
+        "node": ">=20.0.0"
       }
     },
     "node_modules/serve-favicon": {
diff --git a/e2e/package.json b/e2e/package.json
index 0b7d416..275ad51 100644
--- a/e2e/package.json
+++ b/e2e/package.json
@@ -16,5 +16,9 @@
     "appium": "3.5.0",
     "webdriverio": "9.28.0"
   },
-  "//uiautomator2": "Driver installed via `npm run driver:install` (uiautomator2@4.2.9 — last 4.x; 5.x+ require Appium 3). Not an npm dependency; lives under APPIUM_HOME=./.appium."
+  "//uiautomator2": "Driver installed via `npm run driver:install` (uiautomator2@4.2.9 — last 4.x; 5.x+ require Appium 3). Not an npm dependency; lives under APPIUM_HOME=./.appium.",
+  "//overrides": "serialize-javascript: mocha@10.8.2 pins ^6.0.2 (vuln <7.0.5, GHSA-5c6j-r48x-rmvq + GHSA-qj8w-gfj5-8c6v). Force the patched 7.x — API-compatible (only 7.0.0 breaking change was dropping Node<20; CI runs Node 20+) and keeps @wdio/mocha-framework@9.28.0 (Dependabot's path would downgrade it to 6.1.17).",
+  "overrides": {
+    "serialize-javascript": "^7.0.5"
+  }
 }