Upgrade to Node 22 and improve security

[GauteR]

This change performs a major upgrade of the Node.js environment and implements several security improvements.

• Upgrades Node.js to version 22

  • Updates the Node.js version to 22.x for the runtime environment, Docker builder, and all CI/CD workflows. This ensures compatibility and leverages the latest features and performance improvements in Node.js 22.
  • Adds a minimum requirement for Node.js in package.json to match the new version.

• Improves security in CI/CD and dependencies

  • Introduces Trivy vulnerability scanning for the Docker image in the CI pipeline to identify high and critical severity vulnerabilities. The scanner is configured to log warnings without stopping the build.
  • Increases the pnpm audit level from moderate' to high' to catch more security vulnerabilities in project dependencies.
  • Addresses specific CVEs by adding an override for the trim package and upgrading fast-xml-parser.
  • Includes an apk upgrade command in the Docker runtime to ensure the base image has the latest security patches from Alpine.

• Modernizes Docker image metadata

  • Updates Dockerfile tags to follow the Open Container Initiative (OCI) standard for "authors" (org.opencontainers.image.authors).

[github-actions]

PR Check Results

✅ Passed Linting
✅ Passed Tests
📊 Coverage: 69.83%

✅ Coverage meets requirements

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	fast-xml-parser@​5.2.5 ⏵ 5.5.5		+75	+1	+1

View full report

[Copilot]

Pull request overview

This PR upgrades the project from Node.js 20 to Node.js 22 across the Dockerfile, CI/CD workflows, and package.json, while also making several security-related improvements including adding Trivy vulnerability scanning, updating dependencies to address CVEs, and modernizing Docker image metadata.

Changes:

• Upgrades Node.js from 20 to 22 in Dockerfile, all GitHub Actions workflows, and adds an engines constraint in package.json.
• Adds Trivy vulnerability scanning in CI, updates pnpm audit level, upgrades fast-xml-parser, cleans up dependency overrides, and adds Alpine security patching in the Docker runtime stage.
• Modernizes Dockerfile labels to OCI standard (org.opencontainers.image.authors).

Reviewed changes

Copilot reviewed 7 out of 8 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
Dockerfile	Upgrades base image to node:22.22-alpine3.23, updates labels to OCI format, adds apk upgrade for security patches
package.json	Adds engines field for Node >=22, upgrades fast-xml-parser, moves trim override to pnpm.overrides, removes stale overrides
pnpm-lock.yaml	Lock file updated to reflect dependency upgrades and transitive dependency version bumps
.github/workflows/ci.yml	Updates Node to 22.x, adds Trivy vulnerability scanner step
.github/workflows/pr-check.yml	Updates Node to 22.x
.github/workflows/lint.yml	Updates Node matrix from [18.x, 20.x] to [22.x]
.github/workflows/test-coverage.yml	Updates Node matrix from [18.x, 20.x] to [22.x]
.github/workflows/dependency-check.yml	Updates Node to 22.x, changes audit level from moderate to high

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

PR Check Results

✅ Passed Linting
❌ Failed Tests
📊 Coverage: Unknown%

⚠️ Coverage is below 65% threshold

[github-actions]

PR Check Results

✅ Passed Linting
❌ Failed Tests
📊 Coverage: Unknown%

⚠️ Coverage is below 65% threshold

[github-actions]

PR Check Results

✅ Passed Linting
✅ Passed Tests
📊 Coverage: 69.83%

✅ Coverage meets requirements