Bump node to 22.21.0

Addresses CVE-2025-23166
2026-06-13 19:20:00 +00:00 · 2025-10-27 10:36:46 +01:00
parent c58d8ad428
commit 6bf4c0b67c
9 changed files with 16 additions and 16 deletions
@@ -7,7 +7,7 @@
 - **Size**: Large monorepo (~840MB, ~1M+ lines of code)
 - **History**: Originally forked from Redmine over a decade ago, evolved significantly as an independent project
 - **Backend**: Ruby 3.4.5, Rails ~8.0.3
- **Frontend**: Node.js 22.15.0, npm 10.1.0+, TypeScript
+- **Frontend**: Node.js 22.21.0, npm 10.1.0+, TypeScript
 - **Database**: PostgreSQL (required)
 - **Architecture**: Server-rendered HTML with Hotwire (Turbo + Stimulus). Legacy Angular components exist and are being migrated to custom elements. Uses GitHub's Primer Design System via ViewComponent.
 - **Editions**: OpenProject comes in Community and Enterprise editions
@@ -19,7 +19,7 @@
 ### Ruby and Node Versions
 **ALWAYS verify versions before building:**
 - Ruby: `3.4.5` (see `.ruby-version`)
- Node: `^22.15.0` (see `package.json` engines)
+- Node: `^22.21.0` (see `package.json` engines)
 - Bundler: Latest 2.x

 ### Development Environment Options
@@ -2,7 +2,7 @@
 ARG RUBY_VERSION
 FROM ruby:${RUBY_VERSION}-trixie

-ENV NODE_VERSION="22.15.0"
+ENV NODE_VERSION="22.21.0"
 ENV DEBIAN_FRONTEND=noninteractive
 ENV BUNDLE_WITHOUT="development:production:docker"

@@ -1,4 +1,4 @@
-FROM node:22.15.0
+FROM node:22.21.0
 LABEL org.opencontainers.image.authors="operations@openproject.com"

 ARG DEV_UID=1000
@@ -6,7 +6,7 @@ ARG BUILDKIT_SBOM_SCAN_STAGE=true
 FROM ruby:${RUBY_VERSION}-${DEBIAN_BASE} AS base
 LABEL maintainer="operations@openproject.com"

-ARG NODE_VERSION="22.15.0"
+ARG NODE_VERSION="22.21.0"
 ARG BIM_SUPPORT=true
 ENV USE_JEMALLOC=false
 ENV DEBIAN_FRONTEND=noninteractive
@@ -161,11 +161,11 @@ git clone https://github.com/nodenv/node-build.git $(nodenv root)/plugins/node-b

 You can find the latest LTS version here: [nodejs.org/en/download/](https://nodejs.org/en/download/)

-At the time of writing this is v22.15.0 Install and activate it with:
+At the time of writing this is v22.21.0 Install and activate it with:

 ```shell
-nodenv install 22.15.0
-nodenv global 22.15.0
+nodenv install 22.21.0
+nodenv global 22.21.0
 nodenv rehash
 ```

@@ -187,7 +187,7 @@ bundler --version
 Bundler version 2.7.2

 node --version
-v22.15.0
+v22.21.0

 npm --version
 10.5.0
@@ -115,11 +115,11 @@ nodenv init

 You can find the latest LTS version here: [nodejs.org/en/download](https://nodejs.org/en/download/)

-At the time of writing this is v22.15.0. Install and activate it with:
+At the time of writing this is v22.21.0. Install and activate it with:

 ```shell
-nodenv install 22.15.0
-nodenv global 22.15.0
+nodenv install 22.21.0
+nodenv global 22.21.0
 ```

 #### Update NPM to the latest version
@@ -140,7 +140,7 @@ $ bundler --version
 Bundler version 2.7.2

 node --version
-v22.15.0
+v22.21.0

 npm --version
 10.5.0
@@ -149,7 +149,7 @@ time to finish.
 To check our Node installation we run `node --version`. It should output something very similar to:

 ```text
-v22.15.0
+v22.21.0
 ```

 ## Installation of OpenProject
@@ -15,7 +15,7 @@
        "@redocly/openapi-cli": "^1.0.0-beta.80"
      },
      "engines": {
-        "node": "^22.15.0",
+        "node": "^22.21.0",
        "npm": "^10.1.0"
      }
    },
@@ -10,7 +10,7 @@
  },
  "private": true,
  "engines": {
-    "node": "^22.15.0",
+    "node": "^22.21.0",
    "npm": "^10.1.0"
  },
  "devDependencies": {