[Snyk] Security upgrade node from 18-bullseye to 25.6.1-bullseye

[bio-boris]

Snyk has created this PR to fix 2 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

• Dockerfile

We recommend upgrading to node:25.6.1-bullseye, as this image has only 314 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Reliance on Undefined, Unspecified, or Implementation-Defined Behavior SNYK-UPSTREAM-NODE-14975915	721
	Integer Overflow or Wraparound SNYK-DEBIAN11-GLIB20-14267938	714
	Integer Overflow or Wraparound SNYK-DEBIAN11-GLIB20-14267938	714
	Integer Overflow or Wraparound SNYK-DEBIAN11-GLIB20-14267938	714
	Integer Overflow or Wraparound SNYK-DEBIAN11-GLIB20-14267938	714

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Integer Overflow or Wraparound

[Copilot]

Pull request overview

This PR upgrades the Node.js base Docker image from node:18-bullseye to node:25.6.1-bullseye to address security vulnerabilities, including a critical Integer Overflow vulnerability (SNYK-DEBIAN11-GLIB20-14267938) and a high-severity undefined behavior issue (SNYK-UPSTREAM-NODE-14975915). However, this represents a major version jump spanning 7 Node.js releases, which introduces significant compatibility and operational risks.

Changes:

• Upgrade base Docker image from Node.js 18 to Node.js 25.6.1

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This upgrade jumps from Node.js 18 to 25, which spans 7 major versions (18→19→20→21→22→23→24→25). Each major version can introduce breaking changes to the Node.js runtime and APIs.

The Dockerfile clones an external project (OpenMaxIO/openmaxio-object-browser v1.7.6) that was likely developed and tested against Node.js 18. There's no guarantee this project is compatible with Node.js 25, and the build process involves compiling a web application with yarn and building Go code that may have Node.js dependencies.

Before merging, you should:

1. Verify that openmaxio-object-browser v1.7.6 supports Node.js 25
2. Test the built application thoroughly to ensure runtime compatibility
3. Consider upgrading incrementally (e.g., to Node.js 20 LTS first, which is supported until April 2026)

Node.js 20 LTS would provide security fixes while being a more conservative upgrade path with better stability guarantees.

Suggested change

	FROM node:25.6.1-bullseye
	FROM node:20.18.0-bullseye

[Copilot]

Node.js 25 was released in October 2024 and has not reached LTS (Long Term Support) status. It is a "Current" release with active support only until April 2025, after which it will no longer receive updates. According to the Node.js release schedule, Node.js 25 will reach end-of-life in June 2025.

For production Docker images, it's recommended to use LTS versions which have longer support cycles and better stability. Node.js 20 LTS is supported until April 2026, and Node.js 22 LTS (released April 2024) is supported until April 2027.

Using a non-LTS version means you'll need to upgrade again soon to continue receiving security updates, which defeats the purpose of this security-focused upgrade.

Suggested change

	FROM node:25.6.1-bullseye
	FROM node:22-bullseye