Merge 09b719e371 into d2154214ba

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.devcontainer/devcontainer.json

@@ -5,7 +5,7 @@
 	"workspaceFolder": "/workspace",
 	"features": {
 		"ghcr.io/devcontainers/features/node:1": {
-			"version": "22.15.0"
+			"version": "22.22.0"
 		},
 		"ghcr.io/devcontainers-extra/features/pnpm:2": {
 			"version": "10.10.0"

.github/min.node-version

@@ -1 +1 @@
-22.15.0
+22.22.0

.node-version

@@ -1 +1 @@
-22.15.0
+22.22.0

CHANGELOG.md

@@ -2,6 +2,7 @@
 
 ### Note
 - `users/following` の `birthday` プロパティは非推奨になりました。代わりに `users/get-following-birthday-users` をご利用ください。
+- Node.jsのセキュリティアップデートに伴い、Node.jsの最小バージョンを22.22.0に引き上げました。
 
 ### General
 - Enhance: 「もうすぐ誕生日のユーザー」ウィジェットで、誕生日が至近のユーザーも表示できるように  

Dockerfile

@@ -1,6 +1,6 @@
 # syntax = docker/dockerfile:1.20
 
-ARG NODE_VERSION=22.21.1-bookworm
+ARG NODE_VERSION=22.22.0-bookworm
 
 # build assets & compile TypeScript
 

package.json

@@ -6,7 +6,7 @@
 		"type": "git",
 		"url": "https://github.com/misskey-dev/misskey.git"
 	},
-	"packageManager": "pnpm@10.28.0",
+	"packageManager": "pnpm@10.28.2",
 	"workspaces": [
 		"packages/misskey-js",
 		"packages/i18n",
@@ -59,7 +59,7 @@
 		"ignore-walk": "8.0.0",
 		"js-yaml": "4.1.1",
 		"postcss": "8.5.6",
-		"tar": "7.5.6",
+		"tar": "7.5.7",
 		"terser": "5.46.0"
 	},
 	"devDependencies": {
@@ -75,7 +75,7 @@
 		"eslint": "9.39.2",
 		"globals": "16.5.0",
 		"ncp": "2.0.0",
-		"pnpm": "10.28.0",
+		"pnpm": "10.28.2",
 		"typescript": "5.9.3",
 		"start-server-and-test": "2.1.3"
 	},

packages/backend/package.json

@@ -4,7 +4,7 @@
 	"private": true,
 	"type": "module",
 	"engines": {
-		"node": "^22.15.0 || ^24.10.0"
+		"node": "^22.22.0 || ^24.13.0"
 	},
 	"scripts": {
 		"start": "pnpm compile-config && node ./built/boot/entry.js",

pnpm-lock.yaml

@@ -32,8 +32,8 @@ importers:
         specifier: 8.5.6
         version: 8.5.6
       tar:
-        specifier: 7.5.6
-        version: 7.5.6
+        specifier: 7.5.7
+        version: 7.5.7
       terser:
         specifier: 5.46.0
         version: 5.46.0
@@ -75,8 +75,8 @@ importers:
         specifier: 2.0.0
         version: 2.0.0
       pnpm:
-        specifier: 10.28.0
-        version: 10.28.0
+        specifier: 10.28.2
+        version: 10.28.2
       start-server-and-test:
         specifier: 2.1.3
         version: 2.1.3
@@ -8927,8 +8927,8 @@ packages:
     resolution: {integrity: sha512-40QW5YalBNfQo5yRYmiw7Yz6TKKVr3h6970B2YE+3fQpsWcrbj1PzJgxeJ19DRQjhMbKPIuMY8rFaXc8moolVw==}
     engines: {node: '>=10.13.0'}
 
-  pnpm@10.28.0:
-    resolution: {integrity: sha512-Bd9x0UIfITmeBT/eVnzqNNRG+gLHZXFEG/wceVbpjjYwiJgtlARl/TRIDU2QoGaLwSNi+KqIAApk6D0LDke+SA==}
+  pnpm@10.28.2:
+    resolution: {integrity: sha512-QYcvA3rSL3NI47Heu69+hnz9RI8nJtnPdMCPGVB8MdLI56EVJbmD/rwt9kC1Q43uYCPrsfhO1DzC1lTSvDJiZA==}
     engines: {node: '>=18.12'}
     hasBin: true
 
@@ -10178,9 +10178,10 @@ packages:
     engines: {node: '>=10'}
     deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exhorbitant rates) by contacting i@izs.me
 
-  tar@7.5.6:
-    resolution: {integrity: sha512-xqUeu2JAIJpXyvskvU3uvQW8PAmHrtXp2KDuMJwQqW8Sqq0CaZBAQ+dKS3RBXVhU4wC5NjAdKrmh84241gO9cA==}
+  tar@7.5.7:
+    resolution: {integrity: sha512-fov56fJiRuThVFXD6o6/Q354S7pnWMJIVlDBYijsTNx6jKSE4pvrDTs6lUnmGvNyfJwFQQwWy3owKz1ucIhveQ==}
     engines: {node: '>=18'}
+    deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exhorbitant rates) by contacting i@izs.me
 
   taskkill@5.0.0:
     resolution: {integrity: sha512-+HRtZ40Vc+6YfCDWCeAsixwxJgMbPY4HHuTgzPYH3JXvqHWUlsCfy+ylXlAKhFNcuLp4xVeWeFBUhDk+7KYUvQ==}
@@ -20125,7 +20126,7 @@ snapshots:
       nopt: 9.0.0
       proc-log: 6.1.0
       semver: 7.7.3
-      tar: 7.5.6
+      tar: 7.5.7
       tinyglobby: 0.2.15
       which: 6.0.0
     transitivePeerDependencies:
@@ -20559,7 +20560,7 @@ snapshots:
 
   pngjs@5.0.0: {}
 
-  pnpm@10.28.0: {}
+  pnpm@10.28.2: {}
 
   polished@4.3.1:
     dependencies:
@@ -21991,7 +21992,7 @@ snapshots:
       yallist: 4.0.0
     optional: true
 
-  tar@7.5.6:
+  tar@7.5.7:
     dependencies:
       '@isaacs/fs-minipass': 4.0.1
       chownr: 3.0.0

pnpm-workspace.yaml

@@ -38,3 +38,5 @@ minimumReleaseAgeExclude:
   - '@fastify/express' # 脆弱性対応。そのうち消すこと
   - 'lodash' # 脆弱性対応。そのうち消すこと
   - 'tar' # 脆弱性対応。そのうち消すこと
+  # Renovate security update: pnpm@10.28.2
+  - pnpm@10.28.2