Update Node to 18.20.4 in windows-2022 image

[xinyi-joffre]

Tool name

Node

Tool license

N/A

Add or update?

• [ ] Add
• [X] Update

Desired version

18.20.4

Approximate size

No response

Brief description of tool

Is there an ETA for when node will be upgraded to 18.20.4 in the windows-2022 image?

We are getting alerts of vulnerabilities in 18.20.3 that were patched back in July 8 by node https://github.com/nodejs/node/releases/tag/v18.20.4. Thank you!

URL for tool's homepage

No response

Provide a basic test case to validate the tool's functionality.

No response

Platforms where you need the tool

• [X] Azure DevOps
• [ ] GitHub Actions

Runner images where you need the tool

• [ ] Ubuntu 20.04
• [ ] Ubuntu 22.04
• [ ] Ubuntu 24.04
• [ ] macOS 12
• [ ] macOS 13
• [ ] macOS 13 Arm64
• [ ] macOS 14
• [ ] macOS 14 Arm64
• [ ] Windows Server 2019
• [X] Windows Server 2022

Can this tool be installed during the build?

No response

Tool installation time in runtime

No response

Are you willing to submit a PR?

No response

[RaviAkshintala]

@xinyi-joffre Thank you for bringing this issue to us. We are looking into this issue and will update you on this issue after investigating.

[RaviAkshintala]

Hi @xinyi-joffre

1. The Choco packages do not have a version 18.20.4; the latest version in that series is 18.20.3, which is followed directly by 19.0.0. Kindly refer the link.
2. In the README file, 18.20.3 is listed for Windows images because the 18 series is the default, indicating that 18.20.3 is the most recent version within that series.

[angaaruriakhil]

Hi, there is version 18.20.5 now available via chocolatey, released on November 14. Also, I would say if chocolately doesn't serve the latest version of the software, that doesn't mean the software doesn't exist. We should not be putting our tools down. Other installation methods should be explored, otherwise we risk vulnerabilities being present in the image e.g. in this case CVE-2024-36138.