chore(deps): bump node from 20-alpine to 25-alpine in /apps/webhook-receiver

[dependabot]

Bumps node from 20-alpine to 25-alpine.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies, docker, gwi-triage. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[greptile-apps]

Greptile Summary

Bumps Node.js from 20-alpine to 25-alpine in the webhook-receiver Dockerfile.

Key Issues:

• Creates version inconsistency: this is the only Dockerfile using Node 25 while all others (api, cli, gateway, github-webhook, worker) use Node 20
• Root package.json declares "node": ">=20.0.0" in engines field, but doesn't enforce Node 25
• CI/CD pipelines hardcode NODE_VERSION: '20' in workflows (arv.yml, ci.yml, deploy.yml, test.yml, etc.)
• CLAUDE.md documents "Node 20+" as a project requirement
• Major version jump may introduce breaking changes in dependencies like express, firebase-admin, or @google-cloud/pubsub

Recommendation:
Either rollback to Node 20 for consistency, or update the entire project (all Dockerfiles, package.json engines, CI/CD variables, and documentation) to Node 25 after thorough testing.

Confidence Score: 2/5

• This PR introduces version inconsistency that could cause deployment and runtime issues
• Score reflects the fact that upgrading only one service to Node 25 while the rest of the codebase remains on Node 20 creates significant inconsistency. The root package.json engines field, CI/CD pipelines, documentation, and all other Dockerfiles still reference Node 20, which could lead to deployment failures or unexpected runtime behavior
• apps/webhook-receiver/Dockerfile requires either rollback to Node 20 or a coordinated upgrade of the entire project

Important Files Changed

Filename	Overview
apps/webhook-receiver/Dockerfile	Updates Node.js from 20-alpine to 25-alpine in both build and production stages, creating version inconsistency with the rest of the codebase and CI/CD pipelines

_{Last reviewed commit: 9b0ed2b}

[greptile-apps]

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

This upgrade creates version inconsistency across the project:

• Root package.json specifies "engines": { "node": ">=20.0.0" }
• CLAUDE.md documents "Node 20+" as requirement
• All other Dockerfiles use node:20-alpine
• CI/CD workflows use NODE_VERSION: '20'

Node 25 is a major version jump that may introduce breaking changes. Consider:

1. Update root package.json engines field to >=25.0.0 if adopting Node 25
2. Update all other Dockerfiles to Node 25 for consistency
3. Update CI/CD workflow NODE_VERSION variables
4. Test thoroughly for compatibility issues with dependencies

[jeremylongshore]

Closing: Node 25 is not an LTS release. Updating all Dockerfiles to node:22-alpine (current LTS) instead.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.