Skip to content

[Snyk] Security upgrade node from 18-bullseye to 25.6.1-bullseye #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
bio-boris wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade node from 18-bullseye to 25.6.1-bullseye #4

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM node:18-bullseye
FROM node:25.6.1-bullseye
Copy link

Copilot AI Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This upgrade jumps from Node.js 18 to 25, which spans 7 major versions (18→19→20→21→22→23→24→25). Each major version can introduce breaking changes to the Node.js runtime and APIs.

The Dockerfile clones an external project (OpenMaxIO/openmaxio-object-browser v1.7.6) that was likely developed and tested against Node.js 18. There's no guarantee this project is compatible with Node.js 25, and the build process involves compiling a web application with yarn and building Go code that may have Node.js dependencies.

Before merging, you should:

  1. Verify that openmaxio-object-browser v1.7.6 supports Node.js 25
  2. Test the built application thoroughly to ensure runtime compatibility
  3. Consider upgrading incrementally (e.g., to Node.js 20 LTS first, which is supported until April 2026)

Node.js 20 LTS would provide security fixes while being a more conservative upgrade path with better stability guarantees.

Suggested change
FROM node:25.6.1-bullseye
FROM node:20.18.0-bullseye

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Node.js 25 was released in October 2024 and has not reached LTS (Long Term Support) status. It is a "Current" release with active support only until April 2025, after which it will no longer receive updates. According to the Node.js release schedule, Node.js 25 will reach end-of-life in June 2025.

For production Docker images, it's recommended to use LTS versions which have longer support cycles and better stability. Node.js 20 LTS is supported until April 2026, and Node.js 22 LTS (released April 2024) is supported until April 2027.

Using a non-LTS version means you'll need to upgrade again soon to continue receiving security updates, which defeats the purpose of this security-focused upgrade.

Suggested change
FROM node:25.6.1-bullseye
FROM node:22-bullseye

Copilot uses AI. Check for mistakes.

RUN apt-get update && apt-get install -y git make build-essential curl && rm -rf /var/lib/apt/lists/*
RUN curl -L https://go.dev/dl/go1.23.6.linux-amd64.tar.gz | tar -C /usr/local -xz
Expand Down
Loading