Dependencies: Update V22 deps to fix vulnerabilities

[austsinovich]

Please update dependencies versions to fix vulnerabilities issiues:

• tar
• minimatch
• glob

Here is link on Dockerhub and it highlights it as High and same issues from AWS inspector
https://hub.docker.com/layers/library/node/22.22-alpine3.23/images/sha256-92d51e5f20b7ff58faa5a969af1a1cec6cbec3fbff7e0f523242b9b5c85ad887

[MikeMcC399]

It looks like these vulnerabilities are fixed in npm 10.9.7 (released 2026-03-18) and so they should get routinely fixed when Node.js does its next regular release for Node.js 22, and the Node.js Docker repo builds new images based on this.

The image is 22.22-alpine3.23. At the time this issue was created, it was an alias for node:22.22.1-alpine3.23.

[MikeMcC399]

Partially a duplicate of #262

[MikeMcC399]

I built a test Docker image using:

FROM node:22
RUN npm install npm@10 -g
RUN npm --version

and confirmed that Docker Scout & trixy reported no fixable vulnerabilities after updating to latest npm@10 (10.9.7) so I don't believe that any special action is necessary, as it should all be taken care of when the next regular release goes out.

[MikeMcC399]

The security release Node.js 22.22.2, released on 2026-03-24, updated npm to 10.9.7.

This remediated the vulnerabilities mentioned in this issue.

Viewing the Docker image node:22.22.2-alpine3.23 on Docker Hub shows no mention of vulnerabilities from tar, minimatch or glob. Instead, there are new vulnerabilities that can be expected to be addressed in later releases of npm 10.x.

I believe this issue can be closed as resolved through the release of Node.js 22.22.2.