From 7c4e987f529bfee09295a3d34fb1fd59a0cdb25c Mon Sep 17 00:00:00 2001
From: Vasil Sudakou <vasil.sudakov@codefresh.io>
Date: Mon, 27 Oct 2025 20:47:07 +0300
Subject: [PATCH 1/2] fix: update nodejs

---
 .nvmrc                     | 2 +-
 Dockerfile                 | 2 +-
 Dockerfile-debian          | 2 +-
 Dockerfile-debian-rootless | 2 +-
 Dockerfile-rootless        | 2 +-
 package.json               | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.nvmrc b/.nvmrc
index aebd91c52..b09ba46da 100644
--- a/.nvmrc
+++ b/.nvmrc
@@ -1 +1 @@
-v22.16.0
+v22.21.0
diff --git a/Dockerfile b/Dockerfile
index 7e233adcf..cb9739bc2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,7 +14,7 @@ RUN pyinstaller --noconfirm --onefile --log-level DEBUG --clean --distpath /tmp/
 FROM bitnamilegacy/kubectl:1.33.1 AS kubectl
 
 # Main
-FROM node:22.16.0-alpine3.22
+FROM node:22.21.0-alpine3.22
 RUN apk --update add --no-cache \
     bash \
     ca-certificates \
diff --git a/Dockerfile-debian b/Dockerfile-debian
index e67f08e2d..0dd37c4da 100644
--- a/Dockerfile-debian
+++ b/Dockerfile-debian
@@ -14,7 +14,7 @@ RUN pyinstaller --noconfirm --onefile --log-level DEBUG --clean --distpath /tmp/
 FROM bitnamilegacy/kubectl:1.33.1 as kubectl
 
 # Main
-FROM node:22.16.0-bookworm-slim
+FROM node:22.21.0-trixie-slim
 RUN apt update \
     && apt -y install \
     apt-transport-https \
diff --git a/Dockerfile-debian-rootless b/Dockerfile-debian-rootless
index 4f79d9951..12e056ee1 100644
--- a/Dockerfile-debian-rootless
+++ b/Dockerfile-debian-rootless
@@ -14,7 +14,7 @@ RUN pyinstaller --noconfirm --onefile --log-level DEBUG --clean --distpath /tmp/
 FROM bitnamilegacy/kubectl:1.33.1 as kubectl
 
 # Main
-FROM node:22.16.0-bookworm-slim
+FROM node:22.21.0-trixie-slim
 RUN apt update \
     && apt -y install \
     bash \
diff --git a/Dockerfile-rootless b/Dockerfile-rootless
index ebdb4b23d..cab1c3fd4 100644
--- a/Dockerfile-rootless
+++ b/Dockerfile-rootless
@@ -14,7 +14,7 @@ RUN pyinstaller --noconfirm --onefile --log-level DEBUG --clean --distpath /tmp/
 FROM bitnamilegacy/kubectl:1.33.1 as kubectl
 
 # Main
-FROM node:22.16.0-alpine3.22
+FROM node:22.21.0-alpine3.22
 RUN apk --update add --no-cache \
     bash \
     ca-certificates \
diff --git a/package.json b/package.json
index eb6f74d4e..c33c0967f 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "codefresh",
-  "version": "0.89.4",
+  "version": "0.89.5",
   "description": "Codefresh command line utility",
   "main": "index.js",
   "preferGlobal": true,

From acb6cf154d6d60b05c279868ed0393b28b4ed9ab Mon Sep 17 00:00:00 2001
From: Vasil Sudakou <vasil.sudakov@codefresh.io>
Date: Mon, 27 Oct 2025 22:54:12 +0300
Subject: [PATCH 2/2] fix: vulnerability in tar-fs library

---
 yarn.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/yarn.lock b/yarn.lock
index 676f657fa..168cf2a59 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -6360,9 +6360,9 @@ table@^6.0.9:
     strip-ansi "^6.0.1"
 
 tar-fs@^2.0.0, tar-fs@^2.1.1:
-  version "2.1.3"
-  resolved "https://registry.yarnpkg.com/tar-fs/-/tar-fs-2.1.3.tgz#fb3b8843a26b6f13a08e606f7922875eb1fbbf92"
-  integrity sha512-090nwYJDmlhwFwEW3QQl+vaNnxsO2yVsd45eTKRBzSzu+hlb1w2K9inVq5b0ngXuLVqQ4ApvsUHHnu/zQNkWAg==
+  version "2.1.4"
+  resolved "https://registry.yarnpkg.com/tar-fs/-/tar-fs-2.1.4.tgz#800824dbf4ef06ded9afea4acafe71c67c76b930"
+  integrity sha512-mDAjwmZdh7LTT6pNleZ05Yt65HC3E+NiQzl672vQG38jIrehtJk/J3mNwIg+vShQPcLF/LV7CMnDW6vjj6sfYQ==
   dependencies:
     chownr "^1.1.1"
     mkdirp-classic "^0.5.2"
@@ -6370,9 +6370,9 @@ tar-fs@^2.0.0, tar-fs@^2.1.1:
     tar-stream "^2.1.4"
 
 tar-fs@~1.16.3:
-  version "1.16.5"
-  resolved "https://registry.yarnpkg.com/tar-fs/-/tar-fs-1.16.5.tgz#716a323609c11182d1d3d7b5bf277d15dc128665"
-  integrity sha512-1ergVCCysmwHQNrOS+Pjm4DQ4nrGp43+Xnu4MRGjCnQu/m3hEgLNS78d5z+B8OJ1hN5EejJdCSFZE1oM6AQXAQ==
+  version "1.16.6"
+  resolved "https://registry.yarnpkg.com/tar-fs/-/tar-fs-1.16.6.tgz#b9be1854fe2c88af488a2edcc570be965e9750bd"
+  integrity sha512-JkOgFt3FxM/2v2CNpAVHqMW2QASjc/Hxo7IGfNd3MHaDYSW/sBFiS7YVmmhmr8x6vwN1VFQDQGdT2MWpmIuVKA==
   dependencies:
     chownr "^1.0.1"
     mkdirp "^0.5.1"