latest 1.x build uses NodeJS 22.21.0 which has 3 open CVEs

[justin-rw]

Bug Description

A handful of CVEs for NodeJS were announced on https://nodejs.org/en/blog/vulnerability/december-2025-security-releases

Our local Snyk identified the following CVEs in our version we run in Docker FROM n8nio/n8n:1.122.5

The CVEs in question are: CVE-2025-59465, CVE-2025-55130, CVE-2025-55131

I noticed that the node version was updated for the 2.x branch / master, but maybe this change didn't get merged back into the 1.x release branch? Reference: https://github.com/n8n-io/n8n/pull/24352/changes

Are there any plans to apply the NodeJS update changes to the 1.x release? Anything I can do to help?

To Reproduce

docker run -it n8nio/n8n:1.123.18

$ docker exec -it 130f4ca73417 sh ~ $ node -v v22.21.0

Expected behavior

I need NodeJS version to be v22.22.0 or higher

Debug Info

I need NodeJS version to be v22.22.0 or higher

Operating System

Docker in EKS

n8n Version

n8nio/n8n:1.123.18

Node.js Version

22.21.0

Database

PostgreSQL

Execution mode

main (default)

Hosting

self hosted

[n8n-assistant]

Hey @justin-rw,

Thank you for reaching out! We’ve received your issue and are looking into it. To help us track this internally, we’ve created a Linear ticket with the reference: "GHC-6650".

We’ll keep you updated as we make progress, but if you have any additional details or context to share, feel free to add them here - it’s always helpful!

Thanks for your patience and for bringing this to our attention.

---

For INTERNAL use only: GHC-6650