chore(deps): bump node from 20.20-alpine to 26.2-alpine

[dependabot]

Bumps node from 20.20-alpine to 26.2-alpine.

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
node	[>= 21.a, < 22]
node	[>= 20.10.pre.alpine.a, < 20.11]
node	[>= 22.a, < 23]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[mozilla-blender]

BLEnder picked up this PR. Workflow run

[mozilla-blender]

Reviewing this major version bump. Workflow run

[mozilla-blender]

BLEnder could not fix this PR automatically. Workflow run

[mozilla-blender]

NEEDS_REVIEW: this major version bump needs code-owner review

Confidence: high
Reason: CI is failing (npm-lint failed twice) and the PR is incomplete: it only bumps Node in Dockerfile/Dockerfile.cloudrun while leaving 20.20 everywhere else. The repo enforces Node-version alignment via src/scripts/build/checkNodeVersionAlignment.js (run as a separate CI step after npm run lint), which compares the Dockerfile's FROM tag against package.json (volta + engines), package-lock.json engines, netlify.toml NODE_VERSION, esbuild.cronjobs.js target, and every .github/workflows/*.yml node-version. With the Dockerfile now at 26.2 and everything else still at 20.20.x / 20.20.2 / node20.20, that alignment check necessarily fails. Beyond the alignment break, jumping from Node 20 LTS to Node 26 skips 5 major Node releases (21-25), which carries a high risk of breaking changes in @types/node (currently ^25.3.5, mismatched with runtime), engine constraints on dependencies (engines.node is pinned to 20.20.x), and Node API/V8/OpenSSL behavior. Conservative call: not auto-mergeable.

Breaking changes: Node 20 -> Node 26 spans five major Node releases (21, 22, 23, 24, 25); cumulative deprecations/removals (e.g. permission model changes, --experimental flag promotions, OpenSSL upgrades, V8 upgrades, fetch/undici changes, test runner changes, fs/promises behavior) are all in scope.; package.json engines.node is pinned to '20.20.x' and volta.node to '20.20.2'; running on Node 26 violates the engines constraint and Volta pin.; esbuild.cronjobs.js sets target: 'node20.20'; cronjob bundles will continue to target Node 20 syntax/runtime semantics rather than 26.; Multiple npm dependencies (e.g. next 16, @opentelemetry/, sharp, @sentry/) declare their own Node engine ranges; running under a runtime far outside the tested range may surface incompatibilities not exercised by current tests.; Dockerfile installs Python via apk for the alpine base; the python3/py3-pip packages available in node:26.2-alpine differ from node:20.20-alpine and could break build-time Glean tooling (GLEAN_PYTHON=python, GLEAN_PIP=pip).
Affected code: Dockerfile (FROM node:26.2-alpine) - updated by PR; Dockerfile.cloudrun (FROM node:26.2-alpine) - updated by PR; package.json: engines.node = '20.20.x', volta.node = '20.20.2' - NOT updated, mismatched; package-lock.json: packages[''].engines.node - NOT updated, mismatched; netlify.toml: NODE_VERSION = '20.20.2' - NOT updated, mismatched; esbuild.cronjobs.js: target: 'node20.20' - NOT updated, mismatched; .github/workflows/build.yaml: node-version '20.20.x' - NOT updated; .github/workflows/lint.yaml: node-version '20.20.x' - NOT updated; .github/workflows/unittests.yaml: node-version '20.20.x' - NOT updated; .github/workflows/test_integrations.yml: node-version 20.20.x - NOT updated; .github/workflows/functional_tests_pr.yml: node-version 20.20.x - NOT updated; .github/workflows/functional_tests_cron.yml: node-version 20.20.x - NOT updated; src/scripts/build/checkNodeVersionAlignment.js: the alignment guard itself, which will fail given the mismatch above
Test coverage: CI explicitly enforces Node-version consistency via src/scripts/build/checkNodeVersionAlignment.js. The npm-lint job is reported as failure (twice) on this PR, which is exactly the signal this script is designed to produce when the Dockerfile drifts from the rest of the repo. Unit tests, build, functional tests, and test-integrations all currently run under Node 20.20 (per the workflows above), so they have NOT actually exercised the application on Node 26 - the green checks do not validate Node 26 compatibility. There is no Node 26 test matrix. Combined with the failing alignment check, test coverage is insufficient to confirm safety of a 20 -> 26 jump.