Node.js 20 → 24 LTS migration (EOL preparation) #367

New Issue

Closed

opened 2026-02-13 01:29:28 +00:00 by jason.woltje · 0 comments

jason.woltje commented 2026-02-13 01:29:28 +00:00

Owner

Copy Link

Context

Node.js 20 (Jod) enters Maintenance LTS on 2026-10-20 and reaches EOL on 2027-04-30. Node.js 24 (Krypton) entered Active LTS on 2026-02-09 and is now the recommended production version.

We should migrate proactively while Node 24 is fresh in Active LTS, rather than rushing during the maintenance/EOL window.

Scope

All Node.js usage across the monorepo:

• Dockerfiles (4): orchestrator, web, api, coordinator
• CI pipelines (5): — all use
• Package engines: engine constraints (if any)
• Runtime compatibility: NestJS, Next.js 16, Prisma, Vitest
• Local development: /

Migration checklist

• Verify NestJS compatibility with Node 24
• Verify Next.js 16 compatibility with Node 24
• Verify Prisma ORM compatibility with Node 24
• Update all Dockerfiles ()
• Update all CI pipeline image references
• Update / if present
• Update engines field if present
• Run full test suite on Node 24 (api, web, orchestrator)
• Run E2E tests on Node 24
• Verify Docker builds succeed for all images
• Run Trivy scans on all rebuilt images

Added benefits

• npm 11.8.0 ships with , fixing 2 of 3 suppressed tar CVEs:
  • CVE-2026-23745 (fixed in 7.5.3)
  • CVE-2026-23950 (fixed in 7.5.4)
  • CVE-2026-24842 still needs tar >= 7.5.7 (suppressed in )
• Reduced surface after migration
• Access to Node 24 features (require(esm) stable, V8 13.x, etc.)

References

• Node.js release schedule
• Current suppression rationale: in repo root

## Context Node.js 20 (Jod) enters Maintenance LTS on 2026-10-20 and reaches EOL on 2027-04-30. Node.js 24 (Krypton) entered Active LTS on 2026-02-09 and is now the recommended production version. We should migrate proactively while Node 24 is fresh in Active LTS, rather than rushing during the maintenance/EOL window. ## Scope All Node.js usage across the monorepo: - **Dockerfiles** (4): orchestrator, web, api, coordinator - **CI pipelines** (5): — all use - **Package engines**: engine constraints (if any) - **Runtime compatibility**: NestJS, Next.js 16, Prisma, Vitest - **Local development**: / ## Migration checklist - [ ] Verify NestJS compatibility with Node 24 - [ ] Verify Next.js 16 compatibility with Node 24 - [ ] Verify Prisma ORM compatibility with Node 24 - [ ] Update all Dockerfiles () - [ ] Update all CI pipeline image references - [ ] Update / if present - [ ] Update engines field if present - [ ] Run full test suite on Node 24 (api, web, orchestrator) - [ ] Run E2E tests on Node 24 - [ ] Verify Docker builds succeed for all images - [ ] Run Trivy scans on all rebuilt images ## Added benefits - npm 11.8.0 ships with , fixing 2 of 3 suppressed tar CVEs: - CVE-2026-23745 (fixed in 7.5.3) - CVE-2026-23950 (fixed in 7.5.4) - CVE-2026-24842 still needs tar >= 7.5.7 (suppressed in ) - Reduced surface after migration - Access to Node 24 features (require(esm) stable, V8 13.x, etc.) ## References - [Node.js release schedule](https://nodejs.org/en/about/previous-releases) - Current suppression rationale: in repo root

jason.woltje added the devops label 2026-02-13 01:29:28 +00:00

jason.woltje referenced this issue from a commit 2026-02-13 21:20:13 +00:00

fix(#367): migrate Node.js 20 → 24 LTS

jason.woltje referenced a pull request that will close this issue 2026-02-13 21:50:18 +00:00

fix(ci): Node.js 20 → 24 LTS + pipeline fixes (#366, #367) #368

jason.woltje closed this issue 2026-02-13 23:18:05 +00:00

jason.woltje referenced this issue from a commit 2026-02-13 23:18:07 +00:00

Merge pull request 'fix(ci): Node.js 20 → 24 LTS + pipeline fixes (#366, #367)' (#368) from fix/ci-366 into develop

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

fix/ci-glibc-image

fix/dockerfile-npmrc

fix/matrix-native-binary

fix/kaniko-cache

fix/base-image-kaniko-v2

fix/base-image-kaniko

feat/custom-base-image

ci/pnpm-cache

fix/interceptor-tests

fix/kanban-tests

feat/wire-chat

feat/usage-widget

fix/security-hardening

fix/project-domain-v2

feat/kanban-add-task

fix/project-domain-attach

fix/logs-page-clean

fix/workspace-members

fix/ci-lint-632

fix/file-manager-tags

fix/csrf-debug-log

fix/controller-type-imports

fix/system-admin-env

fix/gateway-cors-trusted-origins

feat/project-detail-page

fix/fleet-provider-form-dto-v2

fix/ms22-audit

fix/orchestrator-widgets

fix/fleet-provider-form-dto

fix/csrf-bearer-bypass

fix/ms22-missing-authmodule-imports

fix/container-lifecycle-config-module

fix/swarm-compose-ms22-vars

chore/ms22-p1-complete

feat/ms22-p1h-settings-ui

feat/ms22-p1f-onboarding-ui

feat/ms22-p1i-chat-proxy

feat/ms22-p1k-idle-reaper

feat/ms22-p1j-docker

feat/ms22-p1e-onboarding-api

feat/ms22-p1g-settings-api

feat/ms22-p1d-container-mgr

feat/ms22-p1c-config-api

chore/ms22-prd-tracking

feat/ms22-p1a-schema

feat/ms22-p1b-crypto

chore/ms22-p1-tasks

docs/ms22-architecture

feat/ms22-openclaw-docker

feat/ms22-openclaw-gateway-module

chore/ms21-complete

chore/ms21-final-tasks-done

fix/ms21-ui-001-qa

test/ms21-ui-tests

chore/ms21-tasks-sync

chore/ms22-phase0-complete

feat/ms22-ingest-clean

feat/ms21-ui-users-members

feat/ms22-task-agent

chore/tasks-final

chore/tasks-update

feat/ms21-session-invalidation

feat/ms21-rbac-settings

feat/ms21-teams-page

feat/ms21-users-page

feat/ms19-terminal-persistence

v0.0.21

v0.20.0

v0.0.15

v0.0.2

Labels

Clear labels

ai

AI/LLM integration

api

Backend/API work

api

auth

Authentication

database

database

Database/schema work

devops

Docker/deployment

docs

Documentation

frontend

graph

knowledge-module

migration

Data migration

orchestrator

Orchestrator service (apps/orchestrator/)

p0

Critical priority

p1

High priority

p2

Medium priority

p3

Low priority

performance

Performance work

phase-1

phase-2

phase-3

phase-4

phase-5

plugin

MoltBot plugin work

search

security

Security-related

setup

Initial setup

testing

Testing/QA

web

Frontend work

No Label devops

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

jason.woltje

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: mosaic/stack#367