fix(security): upgrade Node.js to 22.22.0 for security vulnerability fix

Addresses Node.js security release CVE-2025-xxx affecting RSC and APM tools.

Author: davidfirst

.circleci/config.yml

@@ -7,7 +7,7 @@ version: 2.1
 # Base configurations
 default_image: &default_image
   docker:
-    - image: cimg/node:22.14.0
+    - image: cimg/node:22.22.0
 
 default_resource_class: &default_resource_class
   resource_class: medium
@@ -244,13 +244,13 @@ commands:
   windows_set_node_version:
     parameters:
       version:
-        default: 22.14.0
+        default: 22.22.0
         type: string
     steps:
       - run: choco upgrade nvm -y
       - run: nvm -v
-      - run: nvm install 22.14.0
-      - run: nvm use 22.14.0
+      - run: nvm install 22.22.0
+      - run: nvm use 22.22.0
       - run: node -v
 
   windows_add_bvm_to_path:
@@ -290,7 +290,7 @@ commands:
         default: 'BASE_IMAGE'
         type: string
       docker_build_base_image_arg_value:
-        default: 'node:22.14.0'
+        default: 'node:22.22.0'
         type: string
       image_name:
         default: 'bitcli/bit'
@@ -323,7 +323,7 @@ commands:
         default: 'BASE_IMAGE'
         type: string
       docker_build_base_image_arg_value:
-        default: 'node:22.14.0'
+        default: 'node:22.22.0'
         type: string
       image_name:
         default: 'bitcli/bit'
@@ -975,8 +975,8 @@ jobs:
       - attach_workspace:
           at: ./
       - docker_build_and_push:
-          docker_build_base_image_arg_value: "node:22.14.0"
-          docker_tag_suffix: "-node-22.14.0"
+          docker_build_base_image_arg_value: "node:22.22.0"
+          docker_tag_suffix: "-node-22.22.0"
 
   docker_non_root_build_node_22:
     machine:
@@ -985,10 +985,10 @@ jobs:
       - attach_workspace:
           at: ./
       - docker_build_and_push:
-          docker_build_base_image_arg_value: "node:22.14.0"
+          docker_build_base_image_arg_value: "node:22.22.0"
           image_name: "bitcli/bit-non-root"
           docker_file_name: "Dockerfile-bit-non-root"
-          docker_tag_suffix: "-node-22.14.0"
+          docker_tag_suffix: "-node-22.22.0"
 
   docker_build_alpine:
     machine:
@@ -997,10 +997,10 @@ jobs:
       - attach_workspace:
           at: ./
       - docker_build_and_push:
-          docker_build_base_image_arg_value: "node:22.14.0-alpine"
+          docker_build_base_image_arg_value: "node:22.22.0-alpine"
           # image_name: "bitcli/bit-alpine"
           docker_file_name: "Dockerfile-bit-alpine"
-          docker_tag_suffix: "-alpine-node-22.14.0"
+          docker_tag_suffix: "-alpine-node-22.22.0"
 
   server_docker_build_node_22:
     machine:
@@ -1009,10 +1009,10 @@ jobs:
       - attach_workspace:
           at: ./
       - docker_build_and_push:
-          docker_build_base_image_arg_value: "`npm show @teambit/bit version`-node-22.14.0"
+          docker_build_base_image_arg_value: "`npm show @teambit/bit version`-node-22.22.0"
           image_name: "bitcli/bit-server"
           docker_file_name: "Dockerfile-bit-server"
-          docker_tag_suffix: "-node-22.14.0"
+          docker_tag_suffix: "-node-22.22.0"
 
   # ========== Windows Jobs ==========
   windows_checkout_code:
@@ -1159,9 +1159,9 @@ jobs:
       # - run: node -v
       # - run: npm -v
       # - run: yarn -v
-      # # - run: choco install nodejs --version 22.14.0
+      # # - run: choco install nodejs --version 22.22.0
       # # - run: node -v
-      # - run: cinst nodejs --version 22.14.0
+      # - run: cinst nodejs --version 22.22.0
       # - run: node -v
 
 # ========================================

workspace.jsonc

@@ -700,7 +700,7 @@
       "uri-js": "npm:uri-js-replace",
       "encoding": "-"
     },
-    "nodeVersion": "22.14.0",
+    "nodeVersion": "22.22.0",
     "engineStrict": true,
     // This is a temporary workaround to fix "bit compile" on macOS and Windows.
     // "bit compile" breaks node_modules when hard links are used.
@@ -779,7 +779,7 @@
         "packageJson": {
           "name": "@teambit/{name}", // @teambit/discovery.ui.sidebar
           "bvm": {
-            "node": "22.14.0"
+            "node": "22.22.0"
           },
           "engines": {
             "node": ">=18.12.0"