Skip to content

build(deps): update Node.js to 24.16.0-alpine#686

Merged
marcusrbrown merged 1 commit into
mainfrom
violet-molecular-wren
May 28, 2026
Merged

build(deps): update Node.js to 24.16.0-alpine#686
marcusrbrown merged 1 commit into
mainfrom
violet-molecular-wren

Conversation

@marcusrbrown
Copy link
Copy Markdown
Collaborator

@marcusrbrown marcusrbrown commented May 28, 2026

  • Update gateway.Dockerfile (build + runtime stages) from node:24-alpine to node:24.16.0-alpine@sha256:2bdb65ed...
  • Update workspace.Dockerfile from node:24-alpine to node:24.16.0-alpine @sha256:2bdb65ed...
  • Fix renovate.json5 comment to accurately describe versioning behavior

Renovate cannot auto-upgrade from an imprecise tag (24-alpine, precision 1) to a precise one (24.16.0-alpine, precision 3) — this is a documented limitation. Pinning to the full semver tag lets Renovate maintain future updates (e.g. 24.16.0 → 24.17.0) with correct PR titles and inline Node.js release notes via sourceUrl.

Closes #667

@marcusrbrown
build(deps): update Node.js to 24.16.0-alpine
a46c425 
- Update gateway.Dockerfile (build + runtime stages) from node:24-alpine
  to node:24.16.0-alpine@sha256:2bdb65ed...
- Update workspace.Dockerfile from node:24-alpine to node:24.16.0-alpine
  @sha256:2bdb65ed...
- Fix renovate.json5 comment to accurately describe versioning behavior

Renovate cannot auto-upgrade from an imprecise tag (24-alpine, precision 1)
to a precise one (24.16.0-alpine, precision 3) — this is a documented
limitation. Pinning to the full semver tag lets Renovate maintain future
updates (e.g. 24.16.0 → 24.17.0) with correct PR titles and inline
Node.js release notes via sourceUrl.

Closes #667
@marcusrbrown marcusrbrown self-assigned this May 28, 2026
@marcusrbrown marcusrbrown requested a review from fro-bot as a code owner May 28, 2026 13:53
fro-bot
fro-bot approved these changes May 28, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@fro-bot fro-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verdict: PASS

Clean dependency pin upgrade. All three Dockerfiles consistently use node:24.16.0-alpine@sha256:2bdb65ed... — same digest across build/runtime stages and the workspace image. The renovate.json5 comment update accurately describes how versionCompatibility splits the tag (version vs compatibility suffix), which is more precise than the previous explanation about alias resolution.

The PR description explains the limitation correctly: Renovate cannot auto-upgrade from an imprecise tag (24-alpine) to a precise one (24.16.0-alpine), so this manual pin is the correct bootstrap step.

Blocking issues

None

Non-blocking concerns

None

Missing tests

None — Dockerfile base image bumps don't require test changes.

Risk assessment (LOW/MED/HIGH): LOW

This is a patch-level Node.js version bump (24.x series, LTS-track) pinned to a specific digest. No API surface changes. The digest is consistent across all three FROM statements (build stage, runtime stage, workspace), eliminating any stage mismatch risk.

Run Summary
Field Value
Event pull_request
Repository fro-bot/agent
Run ID 26579030503
Cache hit
Session ses_19121a899ffeC17ndQrTbv61Ns

@marcusrbrown marcusrbrown enabled auto-merge (squash) May 28, 2026 13:56
@marcusrbrown marcusrbrown merged commit 6397fb1 into main May 28, 2026
10 checks passed
@marcusrbrown marcusrbrown deleted the violet-molecular-wren branch May 28, 2026 13:56
@fro-bot fro-bot Bot mentioned this pull request May 28, 2026
Merged
@fro-bot fro-bot mentioned this pull request May 28, 2026
Open
47 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fro-bot fro-bot fro-bot approved these changes

Assignees

@marcusrbrown marcusrbrown

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@marcusrbrown @fro-bot