From 9b6fb2fb6856383eb2e5506e15b9fde0acd0f40d Mon Sep 17 00:00:00 2001
From: Paul Wackerow <54227730+wackerow@users.noreply.github.com>
Date: Wed, 14 Jan 2026 15:05:47 -0800
Subject: [PATCH 1/2] fix(security): bump Node.js for CVE-2025-59466

Patches async_hooks stack overflow vulnerability that affects all apps using AsyncLocalStorage (React Server Components, Next.js, APM tools).

Patched versions:
- Node 20.20.0+
- Node 22.22.0+
- Node 24.13.0+
---
 .nvmrc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.nvmrc b/.nvmrc
index ba331903d16..586e275eb9b 100644
--- a/.nvmrc
+++ b/.nvmrc
@@ -1 +1 @@
-20.19.2
+20.20.0

From 4266b7491aa8c867bc9e91da7a63eb54dd4e907e Mon Sep 17 00:00:00 2001
From: Paul Wackerow <54227730+wackerow@users.noreply.github.com>
Date: Wed, 14 Jan 2026 15:35:49 -0800
Subject: [PATCH 2/2] bump(dep): node version to match Netlify

---
 .nvmrc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.nvmrc b/.nvmrc
index 586e275eb9b..85e502778f6 100644
--- a/.nvmrc
+++ b/.nvmrc
@@ -1 +1 @@
-20.20.0
+22.22.0