Skip to content

chore(deps): bump node version from 22.16.0 to 22.21.1 #37476

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jonasflorencio wants to merge 6 commits into
base: develop
Choose a base branch
from
Open

chore(deps): bump node version from 22.16.0 to 22.21.1 #37476

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
f6fc6c2
Bump node version to 22.21.1
jonasflorencio Nov 11, 2025
d287821
Bump node version to 22.21.1 Dockerfile Service
jonasflorencio Nov 11, 2025
33847e3
Update .changeset/perfect-trees-rescue.md
jonasflorencio Nov 11, 2025
a80d95e
update node:22.21.1-alpine3.20 > node:22.21.1-alpine3.21
jonasflorencio Nov 11, 2025
f6f565f
Merge branch 'develop' into bump-node-version
jonasflorencio Nov 14, 2025
8531fc5
update config file
jonasflorencio Nov 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions .changeset/perfect-trees-rescue.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
---
'rocketchat-services': patch
'@rocket.chat/omnichannel-transcript': patch
'@rocket.chat/authorization-service': patch
'@rocket.chat/stream-hub-service': patch
'@rocket.chat/presence-service': patch
'@rocket.chat/account-service': patch
'@rocket.chat/ddp-streamer': patch
'@rocket.chat/queue-worker': patch
'@rocket.chat/meteor': patch
---

Bump Node version to 22.21.1
2 changes: 1 addition & 1 deletion .github/workflows/ci-deploy-gh-pages.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:
- name: Setup NodeJS
uses: ./.github/actions/setup-node
with:
node-version: 22.16.0
node-version: 22.21.1
deno-version: 1.43.5
cache-modules: true
install: true
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/new-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ jobs:
- name: Setup NodeJS
uses: ./.github/actions/setup-node
with:
node-version: 22.16.0
node-version: 22.21.1
deno-version: 1.43.5
cache-modules: true
install: true
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pr-update-description.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
- name: Setup NodeJS
uses: ./.github/actions/setup-node
with:
node-version: 22.16.0
node-version: 22.21.1
deno-version: 1.43.5
cache-modules: true
install: true
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/publish-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
- name: Setup NodeJS
uses: ./.github/actions/setup-node
with:
node-version: 22.16.0
node-version: 22.21.1
deno-version: 1.43.5
cache-modules: true
install: true
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release-candidate.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ jobs:
- name: Setup NodeJS
uses: ./.github/actions/setup-node
with:
node-version: 22.16.0
node-version: 22.21.1
deno-version: 1.43.5
cache-modules: true
install: true
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/update-version-durability.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ jobs:
- name: Use Node.js
uses: actions/[email protected]
with:
node-version: 22.16.0
node-version: 22.21.1

- name: Install dependencies
run: |
Expand Down
2 changes: 1 addition & 1 deletion apps/meteor/.docker-mongo/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM node:22.14.0-bullseye-slim
FROM node:22.21.1-bullseye-slim

LABEL maintainer="[email protected]"

Expand Down
2 changes: 1 addition & 1 deletion apps/meteor/.docker/Dockerfile.alpine
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM node:22.16.0-alpine3.20
FROM node:22.21.1-alpine3.21

LABEL maintainer="[email protected]"

Expand Down
2 changes: 1 addition & 1 deletion apps/meteor/.docker/Dockerfile.debian
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ ARG DENO_VERSION="1.37.1"

FROM denoland/deno:bin-${DENO_VERSION} as deno

FROM node:22.14.0-bullseye-slim
FROM node:22.21.1-bullseye-slim

LABEL maintainer="[email protected]"

Expand Down
4 changes: 2 additions & 2 deletions apps/meteor/ee/server/services/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM node:22.16.0-alpine3.21 as build
FROM node:22.21.1-alpine3.21 as build
Copy link
Contributor

@coderabbitai coderabbitai bot Nov 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify Node.js image availability and security fixes.

The version bump from 22.16.0 to 22.21.1 is applied consistently across both build and runtime stages. However, confirm that the node:22.21.1-alpine3.21 tag exists and contains the security patches for the referenced CVEs (CVE-2025-27210 and CVE-2025-9230).

Also applies to: 31-31

🌐 Web query:

Does node:22.21.1-alpine3.21 Docker image tag exist and what security updates does it include?

💡 Result:

Short answer: No — I can find a published node:22.21.1-alpine3.22 tag, but not node:22.21.1-alpine3.21. [1][2]

What security fixes are included (for the closest images):

  • Node.js 22.21.1 (the 22.21.1 images) contains the January 21, 2025 Node.js security fixes (worker/diagnostics and dependency fixes including undici updates). See the Node.js security release notes. [3]
  • Alpine 3.21 (the Alpine 3.21 series) includes maintenance/security updates (Alpine 3.21 release notes mention multiple fixes; Alpine also released 3.21.1 with additional fixes). Notably many projects upgraded to 3.21 to address OpenSSL/CVE issues (e.g. CVE-2024-9143 was a motivation to move to 3.21). [4][5]

References

  1. Snyk / image listing for node:22.21.1-alpine3.22 (shows 22.21.1-alpine3.22 exists).
  2. Docker mirror listings showing node:22-alpine3.21 (but no node:22.21.1-alpine3.21 tag found).
  3. Node.js security release (Jan 21, 2025) — details of fixes and dependency updates (undici, CVEs).
  4. Alpine 3.21 release notes.
  5. Alpine 3.21.1 release notes / discussions about moving images to Alpine 3.21 to address OpenSSL CVEs.

If you want, I can (a) confirm again directly against Docker Hub and paste the exact tag list and digests, or (b) show the specific CVE IDs fixed in the Node 22.21.1 and Alpine 3.21 releases. Which would you prefer?

The specified Docker image tag does not exist and will cause build failures.

The node:22.21.1-alpine3.21 tag is not published; only node:22.21.1-alpine3.22 exists. Update both the build stage (line 1) and runtime stage (line 31) to use node:22.21.1-alpine3.22, which is the published image for this Node.js version.

Node.js 22.21.1 includes January 21, 2025 security fixes including worker/diagnostics and dependency updates (undici). However, the Alpine version needs correction for the image to be available.

Also applies to: 31-31

🤖 Prompt for AI Agents 
In apps/meteor/ee/server/services/Dockerfile around lines 1 and 31, the base
image tag used (node:22.21.1-alpine3.21) does not exist and will fail builds;
update both the build stage (line 1) and the runtime stage (line 31) to use the
published tag node:22.21.1-alpine3.22 instead, ensuring both FROM lines
reference the same corrected image version.


WORKDIR /app

Expand Down Expand Up @@ -28,7 +28,7 @@ RUN yarn install
RUN yarn workspace @rocket.chat/core-typings run build \
&& yarn workspace @rocket.chat/rest-typings run build

FROM node:22.16.0-alpine3.21
FROM node:22.21.1-alpine3.21

ARG SERVICE

Expand Down
4 changes: 2 additions & 2 deletions ee/apps/account-service/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM node:22.16.0-alpine3.21 AS builder
FROM node:22.21.1-alpine3.21 AS builder

ARG SERVICE

Expand Down Expand Up @@ -89,7 +89,7 @@ WORKDIR /app/ee/apps/${SERVICE}

RUN yarn workspaces focus --production

FROM node:22.16.0-alpine3.21
FROM node:22.21.1-alpine3.21

ARG SERVICE

Expand Down
4 changes: 2 additions & 2 deletions ee/apps/authorization-service/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM node:22.16.0-alpine3.21 AS builder
FROM node:22.21.1-alpine3.21 AS builder

ARG SERVICE

Expand Down Expand Up @@ -86,7 +86,7 @@ WORKDIR /app/ee/apps/${SERVICE}

RUN yarn workspaces focus --production

FROM node:22.16.0-alpine3.21
FROM node:22.21.1-alpine3.21

ARG SERVICE

Expand Down
4 changes: 2 additions & 2 deletions ee/apps/ddp-streamer/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM node:22.16.0-alpine3.21 AS builder
FROM node:22.21.1-alpine3.21 AS builder

ARG SERVICE

Expand Down Expand Up @@ -92,7 +92,7 @@ WORKDIR /app/ee/apps/${SERVICE}

RUN yarn workspaces focus --production

FROM node:22.16.0-alpine3.21
FROM node:22.21.1-alpine3.21

ARG SERVICE

Expand Down
4 changes: 2 additions & 2 deletions ee/apps/omnichannel-transcript/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM node:22.16.0-alpine3.21 AS builder
FROM node:22.21.1-alpine3.21 AS builder

ARG SERVICE

Expand Down Expand Up @@ -102,7 +102,7 @@ WORKDIR /app/ee/apps/${SERVICE}

RUN yarn workspaces focus --production

FROM node:22.16.0-alpine3.21
FROM node:22.21.1-alpine3.21

ARG SERVICE

Expand Down
4 changes: 2 additions & 2 deletions ee/apps/presence-service/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM node:22.16.0-alpine3.21 AS builder
FROM node:22.21.1-alpine3.21 AS builder

ARG SERVICE

Expand Down Expand Up @@ -90,7 +90,7 @@ WORKDIR /app/ee/apps/${SERVICE}

RUN yarn workspaces focus --production

FROM node:22.16.0-alpine3.21
FROM node:22.21.1-alpine3.21

ARG SERVICE

Expand Down
4 changes: 2 additions & 2 deletions ee/apps/queue-worker/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM node:22.16.0-alpine3.21 AS builder
FROM node:22.21.1-alpine3.21 AS builder

ARG SERVICE

Expand Down Expand Up @@ -102,7 +102,7 @@ WORKDIR /app/ee/apps/${SERVICE}

RUN yarn workspaces focus --production

FROM node:22.16.0-alpine3.21
FROM node:22.21.1-alpine3.21

ARG SERVICE

Expand Down
4 changes: 2 additions & 2 deletions ee/apps/stream-hub-service/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM node:22.16.0-alpine3.21 AS builder
FROM node:22.21.1-alpine3.21 AS builder

ARG SERVICE

Expand Down Expand Up @@ -87,7 +87,7 @@ WORKDIR /app/ee/apps/${SERVICE}

RUN yarn workspaces focus --production

FROM node:22.16.0-alpine3.21
FROM node:22.21.1-alpine3.21

ARG SERVICE

Expand Down
4 changes: 2 additions & 2 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@
"homepage": "https://github.com/RocketChat/Rocket.Chat#readme",
"engines": {
"yarn": "4.10.3",
"node": "22.16.0"
"node": "22.21.1"
},
"packageManager": "[email protected]",
"houston": {
Expand All @@ -56,7 +56,7 @@
]
},
"volta": {
"node": "22.16.0",
"node": "22.21.1",
"yarn": "4.10.3"
},
"resolutions": {
Expand Down
2 changes: 1 addition & 1 deletion packages/message-parser/jest.config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ import type { Config } from 'jest';
export default {
preset: server.preset,
transform: {
'\\.pegjs$': resolve(__dirname, './loaders/pegtransform.js'),
'\\.pegjs$': resolve(import.meta.dirname, './loaders/pegtransform.js'),
},
moduleFileExtensions: ['js', 'ts', 'pegjs'],
} satisfies Config;
Loading