Upgrade bundled Node.js from 20 to 22 (Node 20 LTS ends April 2026)

[denysgaievskyi]

Summary

The Docker image installs nodejs from Debian 13.4 (trixie) apt repos, which provides Node.js 20.x. Node 20 LTS enters end-of-life in April 2026 — it will stop receiving security patches.

Node.js 22 is the current active LTS (supported through April 2027).

Current state

FROM debian:13.4
# ...
apt-get install ... nodejs npm ...

This pulls Node 20.x from Debian's repos.

Suggestion

Switch to NodeSource or an explicit install step for Node 22 LTS:

curl -fsSL https://deb.nodesource.com/setup_22.x | bash -
apt-get install -y nodejs

Or use a multi-stage build with an official node:22 base.

Impact

Users running Hermes in production (e.g. Kubernetes) inherit the EOL Node runtime from the base image with no way to override it short of forking the Dockerfile.

[LevSky22]

+1 this is indeed an issue =)

[waterlou]

won't work with OpenCLI now that need 21.0+

[rainbowbreeze]

I'm getting issues also with a workflow where I have a local website (Astro + Tailwind) maintained by my agent, and pushed to a github repo, and then an action starts to publish the repo as GitHub Page.

The GitHub action keeps failing with this error

Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4, actions/configure-pages@v5, actions/setup-node@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/

[benbarclay]

Done on main — the image now builds on node:22-bookworm-slim (Dockerfile), with node/npm/corepack copied from that stage. The Dockerfile comment explicitly cites Node 20's April 2026 EOL as the reason. Closing as completed; thanks!