diff --git a/.docker/app/Dockerfile b/.docker/app/Dockerfile
index d1962ab..2369236 100644
--- a/.docker/app/Dockerfile
+++ b/.docker/app/Dockerfile
@@ -25,7 +25,7 @@ RUN apk add -U --no-cache \
       git=2.47.2-r0 \
       libxslt-dev=1.1.42-r1 \
       postgresql16-dev=16.6-r0 \
-      nodejs=22.11.0-r1 \
+      nodejs=22.13.1-r0 \
       yaml=0.2.5-r2 \
       yaml-dev=0.2.5-r2 \
       yarn=1.22.22-r1 && \
diff --git a/Documentation/Ruby-CVE-2025-25186 b/Documentation/Ruby-CVE-2025-25186
new file mode 100644
index 0000000..fa60a40
--- /dev/null
+++ b/Documentation/Ruby-CVE-2025-25186
@@ -0,0 +1,2 @@
+We've updated to the secure version of net-imap in our Gemfile,
+but the base image still contains a bundled version that is unsecure.
diff --git a/Documentation/essential_packages.txt b/Documentation/essential_packages.txt
index f50a4d6..bea8ca5 100644
--- a/Documentation/essential_packages.txt
+++ b/Documentation/essential_packages.txt
@@ -1,2 +1,3 @@
 view_component
 rexml
+net-imap