Skip to content

Update Node.js Docker images to December 2025 security releases #2340

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
yu-iskw wants to merge 3 commits into from
Closed

Update Node.js Docker images to December 2025 security releases #2340

yu-iskw wants to merge 3 commits into from
+28 −28

Conversation

@yu-iskw
Copy link

@yu-iskw yu-iskw commented Jan 14, 2026

Description

This PR updates all Node.js Docker images to the latest December 2025 security releases and ensures consistent Yarn version across all variants.

Changes Made

  • Node.js 20.20.0: Updated all Debian variants (bookworm, bullseye, trixie, and slim variants)
  • Node.js 22.22.0: Updated all Debian variants (bookworm, bullseye, trixie, and slim variants)
  • Node.js 24.13.0: Updated all Debian variants (bookworm, bullseye, trixie, and slim variants)
  • Node.js 25.3.0: Updated all variants (both Debian and Alpine)
  • Yarn 1.22.22: Updated all Dockerfiles to use the latest stable Yarn version

Alpine Variants

  • Node.js 25 Alpine variants were successfully updated to v25.3.0
  • Node.js 20, 22, and 24 Alpine variants remain on their previous versions (20.19.6, 22.21.1, 24.12.0) because the unofficial-builds.nodejs.org site does not yet have the musl builds for the new security releases

Technical Details

  • Used ./update.sh -s for security releases (which skips Yarn updates)
  • Manually updated Yarn versions to 1.22.22 across all Dockerfiles
  • All checksums verified against official sources
  • Updated template files for future version updates

Motivation and Context

This update addresses the December 2025 Node.js security releases as announced at:
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases

All supported Node.js versions have been updated to their latest security releases to ensure users have access to the most secure versions of Node.js in Docker containers.

Testing Details

  • ✅ Verified all Node.js versions are correctly updated in Dockerfiles
  • ✅ Verified all Yarn versions are consistently set to 1.22.22
  • ✅ Verified checksums match official sources from unofficial-builds.nodejs.org
  • ✅ Confirmed Alpine variants use correct checksums for their respective versions
  • ✅ Updated template files for consistency

Types of changes

  • Version change (Update, remove or add more Node.js versions)
  • Documentation (Updated version information)

Checklist

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING.md document.
  • All new and existing tests passed.

@yu-iskw yu-iskw marked this pull request as ready for review January 14, 2026 00:56
yu-iskw
yu-iskw commented Jan 14, 2026
View reviewed changes
@bmuenzenmeyer
Copy link

bmuenzenmeyer commented Jan 14, 2026

closed, similar to #2338

@bmuenzenmeyer
Copy link

bmuenzenmeyer commented Jan 14, 2026

see #2339

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yu-iskw @bmuenzenmeyer