diff --git a/.nvmrc b/.nvmrc
index c12134b..517f386 100644
--- a/.nvmrc
+++ b/.nvmrc
@@ -1 +1 @@
-v20.15.0
+v22.14.0
diff --git a/Dockerfile b/Dockerfile
index ac0b230..9aa536c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,6 @@
-FROM node:20.15.0-bookworm-slim AS base
-RUN adduser --disabled-password -home /home/cfu -shell /bin/bash cfu
-WORKDIR /root/cf-runtime
-COPY package.json yarn.lock ./
+ARG NODE_VERSION=22.14.0
+FROM node:${NODE_VERSION}-bookworm-slim AS base
+WORKDIR /app
 
 FROM base AS build-dependencies
 RUN apt-get update \
@@ -11,6 +10,7 @@ RUN apt-get update \
     git \
     make \
     python3
+COPY package.json yarn.lock ./
 
 FROM build-dependencies AS build
 RUN yarn install --frozen-lockfile
@@ -20,12 +20,12 @@ RUN yarn build
 FROM build-dependencies AS prod-dependencies
 RUN yarn install --frozen-lockfile --production
 
-FROM base AS production
-COPY --from=prod-dependencies /root/cf-runtime/node_modules ./node_modules
-COPY --from=build /root/cf-runtime/dist ./lib
+FROM base AS final
+# purpose of security
+RUN npm uninstall -g --logs-max=0 corepack npm
+USER node
 
-#purpose of security
-RUN npm -g uninstall npm
+COPY --from=prod-dependencies --chown=node:node /app/node_modules node_modules
+COPY --from=build --chown=node:node /app/dist lib
 
-USER cfu
 CMD ["node", "lib/index.js"]
diff --git a/package.json b/package.json
index 7b087fb..e33fa70 100644
--- a/package.json
+++ b/package.json
@@ -44,7 +44,7 @@
     "typescript": "^5.7.2"
   },
   "engines": {
-    "node": ">=16.20.2 <=20"
+    "node": "^22.14.0"
   },
   "scripts": {
     "lint": "eslint '*/**/*.{j,t}s'",
diff --git a/service.yaml b/service.yaml
index ef2cb77..49752cf 100644
--- a/service.yaml
+++ b/service.yaml
@@ -1 +1 @@
-version: 1.12.2
+version: 1.12.3