import nodejs-16.18.1-3.el9_1

.gitignore

@@ -1,2 +1,6 @@
-SOURCES/icu4c-70_1-src.tgz
+SOURCES/cjs-module-lexer-1.2.2.tar.gz
-SOURCES/node-v16.14.0-stripped.tar.gz
+SOURCES/icu4c-71_1-src.tgz
+SOURCES/node-v16.18.1-stripped.tar.gz
+SOURCES/undici-5.10.0.tar.gz
+SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
+SOURCES/wasi-sdk-wasi-sdk-14.tar.gz

.nodejs.metadata

@@ -1,2 +1,6 @@
-f7c1363edee6be7de8b624ffbb801892b3417d4e SOURCES/icu4c-70_1-src.tgz
+b0a91341ecf6c68a9d59a1c57d000fbbcc771679 SOURCES/cjs-module-lexer-1.2.2.tar.gz
-31555f8ebd7aaf06fe98409799e6a873a855ad3a SOURCES/node-v16.14.0-stripped.tar.gz
+406b0c8635288b772913b6ff646451e69748878a SOURCES/icu4c-71_1-src.tgz
+71f2019e8d646be20ec962859e6a356b13663313 SOURCES/node-v16.18.1-stripped.tar.gz
+a2668423c8ed5321e39ce08e239141b084563bb5 SOURCES/undici-5.10.0.tar.gz
+8979d177dd62e3b167a6fd7dc7185adb0128c439 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
+900a50a32f0079d53c299db92b88bb3c5d2022b8 SOURCES/wasi-sdk-wasi-sdk-14.tar.gz

SOURCES/0001-Disable-running-gyp-on-shared-deps.patch

@@ -1,19 +1,18 @@
-From b0b4d1ddbc720db73fb8ab13cdbbf1ce6524eebd Mon Sep 17 00:00:00 2001
+From 61fd3e74ff223cd59476ef8a69880c57e3312af7 Mon Sep 17 00:00:00 2001
 From: Zuzana Svetlikova <zsvetlik@redhat.com>
 Date: Fri, 17 Apr 2020 12:59:44 +0200
-Subject: [PATCH 1/2] Disable running gyp on shared deps
+Subject: [PATCH] Disable running gyp on shared deps
 
+Signed-off-by: rpm-build <rpm-build>
 ---
  Makefile | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/Makefile b/Makefile
-index 93d63110ae2e3928a95d24036b86d11885ab240f..79caaec2112cefa8f6a1c947375b517e9676f176 100644
+index dc6f08b..c865e72 100644
 --- a/Makefile
 +++ b/Makefile
-@@ -136,11 +136,11 @@ endif
+@@ -147,7 +147,7 @@ with-code-cache test-code-cache:
- .PHONY: test-code-cache
- with-code-cache test-code-cache:
  	$(warning '$@' target is a noop)
  
  out/Makefile: config.gypi common.gypi node.gyp \
@@ -22,8 +21,6 @@ index 93d63110ae2e3928a95d24036b86d11885ab240f..79caaec2112cefa8f6a1c947375b517e
  	tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
  	tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
  	$(PYTHON) tools/gyp_node.py -f make
- 
- # node_version.h is listed because the N-API version is taken from there
 -- 
-2.29.2
+2.37.3
 

SOURCES/0001-fix-ci-lock-file-validation.patch

@@ -1,397 +0,0 @@
-From 730dd78c897a28c3df0468ed1fc42d5817badefe Mon Sep 17 00:00:00 2001
-From: Ruy Adorno <ruyadorno@hotmail.com>
-Date: Wed, 2 Feb 2022 22:10:22 -0500
-Subject: [PATCH] fix(ci): lock file validation
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Make sure to validate any lock file (either package-lock.json or
-npm-shrinkwrap.json) against the current install. This will properly
-throw an error in case any of the dependencies being installed don't
-match the dependencies that are currently listed in the lock file.
-
-Fixes: https://github.com/npm/cli/issues/2701
-Fixes: https://github.com/npm/cli/issues/3947
-Signed-off-by: Jan Staněk <jstanek@redhat.com>
----
- deps/npm/lib/commands/ci.js                   | 23 ++++++
- deps/npm/lib/utils/validate-lockfile.js       | 29 +++++++
- .../smoke-tests/index.js.test.cjs             | 11 +++
- .../test/lib/commands/ci.js.test.cjs          | 13 +++
- .../lib/utils/validate-lockfile.js.test.cjs   | 35 ++++++++
- deps/npm/test/lib/commands/ci.js              | 82 +++++++++++++++++++
- deps/npm/test/lib/utils/validate-lockfile.js  | 82 +++++++++++++++++++
- 7 files changed, 275 insertions(+)
- create mode 100644 deps/npm/lib/utils/validate-lockfile.js
- create mode 100644 deps/npm/tap-snapshots/test/lib/commands/ci.js.test.cjs
- create mode 100644 deps/npm/tap-snapshots/test/lib/utils/validate-lockfile.js.test.cjs
- create mode 100644 deps/npm/test/lib/utils/validate-lockfile.js
-
-diff --git a/deps/npm/lib/commands/ci.js b/deps/npm/lib/commands/ci.js
-index 2c2f8da..376a85d 100644
---- a/deps/npm/lib/commands/ci.js
-+++ b/deps/npm/lib/commands/ci.js
-@@ -6,6 +6,7 @@ const runScript = require('@npmcli/run-script')
- const fs = require('fs')
- const readdir = util.promisify(fs.readdir)
- const log = require('../utils/log-shim.js')
-+const validateLockfile = require('../utils/validate-lockfile.js')
- 
- const removeNodeModules = async where => {
-   const rimrafOpts = { glob: false }
-@@ -55,6 +56,28 @@ class CI extends ArboristWorkspaceCmd {
-       }),
-       removeNodeModules(where),
-     ])
-+
-+    // retrieves inventory of packages from loaded virtual tree (lock file)
-+    const virtualInventory = new Map(arb.virtualTree.inventory)
-+
-+    // build ideal tree step needs to come right after retrieving the virtual
-+    // inventory since it's going to erase the previous ref to virtualTree
-+    await arb.buildIdealTree()
-+
-+    // verifies that the packages from the ideal tree will match
-+    // the same versions that are present in the virtual tree (lock file)
-+    // throws a validation error in case of mismatches
-+    const errors = validateLockfile(virtualInventory, arb.idealTree.inventory)
-+    if (errors.length) {
-+      throw new Error(
-+        '`npm ci` can only install packages when your package.json and ' +
-+        'package-lock.json or npm-shrinkwrap.json are in sync. Please ' +
-+        'update your lock file with `npm install` ' +
-+        'before continuing.\n\n' +
-+        errors.join('\n') + '\n'
-+      )
-+    }
-+
-     await arb.reify(opts)
- 
-     const ignoreScripts = this.npm.config.get('ignore-scripts')
-diff --git a/deps/npm/lib/utils/validate-lockfile.js b/deps/npm/lib/utils/validate-lockfile.js
-new file mode 100644
-index 0000000..29161ec
---- /dev/null
-+++ b/deps/npm/lib/utils/validate-lockfile.js
-@@ -0,0 +1,29 @@
-+// compares the inventory of package items in the tree
-+// that is about to be installed (idealTree) with the inventory
-+// of items stored in the package-lock file (virtualTree)
-+//
-+// Returns empty array if no errors found or an array populated
-+// with an entry for each validation error found.
-+function validateLockfile (virtualTree, idealTree) {
-+  const errors = []
-+
-+  // loops through the inventory of packages resulted by ideal tree,
-+  // for each package compares the versions with the version stored in the
-+  // package-lock and adds an error to the list in case of mismatches
-+  for (const [key, entry] of idealTree.entries()) {
-+    const lock = virtualTree.get(key)
-+
-+    if (!lock) {
-+      errors.push(`Missing: ${entry.name}@${entry.version} from lock file`)
-+      continue
-+    }
-+
-+    if (entry.version !== lock.version) {
-+      errors.push(`Invalid: lock file's ${lock.name}@${lock.version} does ` +
-+      `not satisfy ${entry.name}@${entry.version}`)
-+    }
-+  }
-+  return errors
-+}
-+
-+module.exports = validateLockfile
-diff --git a/deps/npm/tap-snapshots/smoke-tests/index.js.test.cjs b/deps/npm/tap-snapshots/smoke-tests/index.js.test.cjs
-index c1316e0..5fa3977 100644
---- a/deps/npm/tap-snapshots/smoke-tests/index.js.test.cjs
-+++ b/deps/npm/tap-snapshots/smoke-tests/index.js.test.cjs
-@@ -40,6 +40,17 @@ Configuration fields: npm help 7 config
- 
- npm {CWD}
- 
-+`
-+
-+exports[`smoke-tests/index.js TAP npm ci > should throw mismatch deps in lock file error 1`] = `
-+npm ERR! \`npm ci\` can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with \`npm install\` before continuing.
-+npm ERR! 
-+npm ERR! Invalid: lock file's abbrev@1.0.4 does not satisfy abbrev@1.1.1
-+npm ERR! 
-+
-+npm ERR! A complete log of this run can be found in:
-+
-+
- `
- 
- exports[`smoke-tests/index.js TAP npm diff > should have expected diff output 1`] = `
-diff --git a/deps/npm/tap-snapshots/test/lib/commands/ci.js.test.cjs b/deps/npm/tap-snapshots/test/lib/commands/ci.js.test.cjs
-new file mode 100644
-index 0000000..d6a7471
---- /dev/null
-+++ b/deps/npm/tap-snapshots/test/lib/commands/ci.js.test.cjs
-@@ -0,0 +1,13 @@
-+/* IMPORTANT
-+ * This snapshot file is auto-generated, but designed for humans.
-+ * It should be checked into source control and tracked carefully.
-+ * Re-generate by setting TAP_SNAPSHOT=1 and running tests.
-+ * Make sure to inspect the output below.  Do not ignore changes!
-+ */
-+'use strict'
-+exports[`test/lib/commands/ci.js TAP should throw error when ideal inventory mismatches virtual > must match snapshot 1`] = `
-+\`npm ci\` can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with \`npm install\` before continuing.
-+
-+Invalid: lock file's foo@1.0.0 does not satisfy foo@2.0.0
-+
-+`
-diff --git a/deps/npm/tap-snapshots/test/lib/utils/validate-lockfile.js.test.cjs b/deps/npm/tap-snapshots/test/lib/utils/validate-lockfile.js.test.cjs
-new file mode 100644
-index 0000000..98a5126
---- /dev/null
-+++ b/deps/npm/tap-snapshots/test/lib/utils/validate-lockfile.js.test.cjs
-@@ -0,0 +1,35 @@
-+/* IMPORTANT
-+ * This snapshot file is auto-generated, but designed for humans.
-+ * It should be checked into source control and tracked carefully.
-+ * Re-generate by setting TAP_SNAPSHOT=1 and running tests.
-+ * Make sure to inspect the output below.  Do not ignore changes!
-+ */
-+'use strict'
-+exports[`test/lib/utils/validate-lockfile.js TAP extra inventory items on idealTree > should have missing entries error 1`] = `
-+Array [
-+  "Missing: baz@3.0.0 from lock file",
-+]
-+`
-+
-+exports[`test/lib/utils/validate-lockfile.js TAP extra inventory items on virtualTree > should have no errors if finding virtualTree extra items 1`] = `
-+Array []
-+`
-+
-+exports[`test/lib/utils/validate-lockfile.js TAP identical inventory for both idealTree and virtualTree > should have no errors on identical inventories 1`] = `
-+Array []
-+`
-+
-+exports[`test/lib/utils/validate-lockfile.js TAP mismatching versions on inventory > should have errors for each mismatching version 1`] = `
-+Array [
-+  "Invalid: lock file's foo@1.0.0 does not satisfy foo@2.0.0",
-+  "Invalid: lock file's bar@2.0.0 does not satisfy bar@3.0.0",
-+]
-+`
-+
-+exports[`test/lib/utils/validate-lockfile.js TAP missing virtualTree inventory > should have errors for each mismatching version 1`] = `
-+Array [
-+  "Missing: foo@1.0.0 from lock file",
-+  "Missing: bar@2.0.0 from lock file",
-+  "Missing: baz@3.0.0 from lock file",
-+]
-+`
-diff --git a/deps/npm/test/lib/commands/ci.js b/deps/npm/test/lib/commands/ci.js
-index 537d078..e077c99 100644
---- a/deps/npm/test/lib/commands/ci.js
-+++ b/deps/npm/test/lib/commands/ci.js
-@@ -19,6 +19,17 @@ t.test('should ignore scripts with --ignore-scripts', async t => {
-       this.reify = () => {
-         REIFY_CALLED = true
-       }
-+      this.buildIdealTree = () => {}
-+      this.virtualTree = {
-+        inventory: new Map([
-+          ['foo', { name: 'foo', version: '1.0.0' }],
-+        ]),
-+      }
-+      this.idealTree = {
-+        inventory: new Map([
-+          ['foo', { name: 'foo', version: '1.0.0' }],
-+        ]),
-+      }
-     },
-   })
- 
-@@ -99,6 +110,17 @@ t.test('should use Arborist and run-script', async t => {
-       this.reify = () => {
-         t.ok(true, 'reify is called')
-       }
-+      this.buildIdealTree = () => {}
-+      this.virtualTree = {
-+        inventory: new Map([
-+          ['foo', { name: 'foo', version: '1.0.0' }],
-+        ]),
-+      }
-+      this.idealTree = {
-+        inventory: new Map([
-+          ['foo', { name: 'foo', version: '1.0.0' }],
-+        ]),
-+      }
-     },
-     rimraf: (path, ...args) => {
-       actualRimrafs++
-@@ -138,6 +160,17 @@ t.test('should pass flatOptions to Arborist.reify', async t => {
-       this.reify = async (options) => {
-         t.equal(options.production, true, 'should pass flatOptions to Arborist.reify')
-       }
-+      this.buildIdealTree = () => {}
-+      this.virtualTree = {
-+        inventory: new Map([
-+          ['foo', { name: 'foo', version: '1.0.0' }],
-+        ]),
-+      }
-+      this.idealTree = {
-+        inventory: new Map([
-+          ['foo', { name: 'foo', version: '1.0.0' }],
-+        ]),
-+      }
-     },
-   })
-   const npm = mockNpm({
-@@ -218,6 +251,17 @@ t.test('should remove existing node_modules before installing', async t => {
-         const nodeModules = contents.filter((path) => path.startsWith('node_modules'))
-         t.same(nodeModules, ['node_modules'], 'should only have the node_modules directory')
-       }
-+      this.buildIdealTree = () => {}
-+      this.virtualTree = {
-+        inventory: new Map([
-+          ['foo', { name: 'foo', version: '1.0.0' }],
-+        ]),
-+      }
-+      this.idealTree = {
-+        inventory: new Map([
-+          ['foo', { name: 'foo', version: '1.0.0' }],
-+        ]),
-+      }
-     },
-   })
- 
-@@ -231,3 +275,41 @@ t.test('should remove existing node_modules before installing', async t => {
- 
-   await ci.exec(null)
- })
-+
-+t.test('should throw error when ideal inventory mismatches virtual', async t => {
-+  const CI = t.mock('../../../lib/commands/ci.js', {
-+    '../../../lib/utils/reify-finish.js': async () => {},
-+    '@npmcli/run-script': ({ event }) => {},
-+    '@npmcli/arborist': function () {
-+      this.loadVirtual = async () => {}
-+      this.reify = () => {}
-+      this.buildIdealTree = () => {}
-+      this.virtualTree = {
-+        inventory: new Map([
-+          ['foo', { name: 'foo', version: '1.0.0' }],
-+        ]),
-+      }
-+      this.idealTree = {
-+        inventory: new Map([
-+          ['foo', { name: 'foo', version: '2.0.0' }],
-+        ]),
-+      }
-+    },
-+  })
-+
-+  const npm = mockNpm({
-+    globalDir: 'path/to/node_modules/',
-+    prefix: 'foo',
-+    config: {
-+      global: false,
-+      'ignore-scripts': true,
-+    },
-+  })
-+  const ci = new CI(npm)
-+
-+  try {
-+    await ci.exec([])
-+  } catch (err) {
-+    t.matchSnapshot(err.message)
-+  }
-+})
-diff --git a/deps/npm/test/lib/utils/validate-lockfile.js b/deps/npm/test/lib/utils/validate-lockfile.js
-new file mode 100644
-index 0000000..25939c5
---- /dev/null
-+++ b/deps/npm/test/lib/utils/validate-lockfile.js
-@@ -0,0 +1,82 @@
-+const t = require('tap')
-+const validateLockfile = require('../../../lib/utils/validate-lockfile.js')
-+
-+t.test('identical inventory for both idealTree and virtualTree', async t => {
-+  t.matchSnapshot(
-+    validateLockfile(
-+      new Map([
-+        ['foo', { name: 'foo', version: '1.0.0' }],
-+        ['bar', { name: 'bar', version: '2.0.0' }],
-+      ]),
-+      new Map([
-+        ['foo', { name: 'foo', version: '1.0.0' }],
-+        ['bar', { name: 'bar', version: '2.0.0' }],
-+      ])
-+    ),
-+    'should have no errors on identical inventories'
-+  )
-+})
-+
-+t.test('extra inventory items on idealTree', async t => {
-+  t.matchSnapshot(
-+    validateLockfile(
-+      new Map([
-+        ['foo', { name: 'foo', version: '1.0.0' }],
-+        ['bar', { name: 'bar', version: '2.0.0' }],
-+      ]),
-+      new Map([
-+        ['foo', { name: 'foo', version: '1.0.0' }],
-+        ['bar', { name: 'bar', version: '2.0.0' }],
-+        ['baz', { name: 'baz', version: '3.0.0' }],
-+      ])
-+    ),
-+    'should have missing entries error'
-+  )
-+})
-+
-+t.test('extra inventory items on virtualTree', async t => {
-+  t.matchSnapshot(
-+    validateLockfile(
-+      new Map([
-+        ['foo', { name: 'foo', version: '1.0.0' }],
-+        ['bar', { name: 'bar', version: '2.0.0' }],
-+        ['baz', { name: 'baz', version: '3.0.0' }],
-+      ]),
-+      new Map([
-+        ['foo', { name: 'foo', version: '1.0.0' }],
-+        ['bar', { name: 'bar', version: '2.0.0' }],
-+      ])
-+    ),
-+    'should have no errors if finding virtualTree extra items'
-+  )
-+})
-+
-+t.test('mismatching versions on inventory', async t => {
-+  t.matchSnapshot(
-+    validateLockfile(
-+      new Map([
-+        ['foo', { name: 'foo', version: '1.0.0' }],
-+        ['bar', { name: 'bar', version: '2.0.0' }],
-+      ]),
-+      new Map([
-+        ['foo', { name: 'foo', version: '2.0.0' }],
-+        ['bar', { name: 'bar', version: '3.0.0' }],
-+      ])
-+    ),
-+    'should have errors for each mismatching version'
-+  )
-+})
-+
-+t.test('missing virtualTree inventory', async t => {
-+  t.matchSnapshot(
-+    validateLockfile(
-+      new Map([]),
-+      new Map([
-+        ['foo', { name: 'foo', version: '1.0.0' }],
-+        ['bar', { name: 'bar', version: '2.0.0' }],
-+        ['baz', { name: 'baz', version: '3.0.0' }],
-+      ])
-+    ),
-+    'should have errors for each mismatching version'
-+  )
-+})
--- 
-2.35.1
-

SOURCES/0002-Install-both-binaries-and-use-libdir.patch

@@ -1,61 +0,0 @@
-diff --git a/configure.py b/configure.py
-index 895a0869cb..791c3e4a62 100755
---- a/configure.py
-+++ b/configure.py
-@@ -722,6 +722,12 @@ parser.add_argument('--shared',
-     help='compile shared library for embedding node in another project. ' +
-          '(This mode is not officially supported for regular applications)')
- 
-+parser.add_argument('--libdir',
-+    action='store',
-+    dest='libdir',
-+    default='lib',
-+    help='a directory to install the shared library into')
-+
- parser.add_argument('--without-v8-platform',
-     action='store_true',
-     dest='without_v8_platform',
-@@ -1293,6 +1299,7 @@ def configure_node(o):
-   o['variables']['node_no_browser_globals'] = b(options.no_browser_globals)
- 
-   o['variables']['node_shared'] = b(options.shared)
-+  o['variables']['libdir'] = options.libdir
-   node_module_version = getmoduleversion.get_version()
- 
-   if options.dest_os == 'android':
-diff --git a/tools/install.py b/tools/install.py
-index 045d406d84..b3ef454199 100755
---- a/tools/install.py
-+++ b/tools/install.py
-@@ -121,22 +121,19 @@ def subdir_files(path, dest, action):
- 
- def files(action):
-   is_windows = sys.platform == 'win32'
--  output_file = 'node'
-   output_prefix = 'out/Release/'
-+  output_libprefix = output_prefix
- 
--  if 'false' == variables.get('node_shared'):
--    if is_windows:
--      output_file += '.exe'
-+  if is_windows:
-+    output_bin = 'node.exe'
-+    output_lib = 'node.dll'
-   else:
--    if is_windows:
--      output_file += '.dll'
--    else:
--      output_file = 'lib' + output_file + '.' + variables.get('shlib_suffix')
-+    output_bin = 'node'
-+    output_lib = 'libnode.' + variables.get('shlib_suffix')
- 
--  if 'false' == variables.get('node_shared'):
--    action([output_prefix + output_file], 'bin/' + output_file)
--  else:
--    action([output_prefix + output_file], 'lib/' + output_file)
-+  action([output_prefix + output_bin], 'bin/' + output_bin)
-+  if 'true' == variables.get('node_shared'):
-+    action([output_libprefix + output_lib], variables.get('libdir') + '/' + output_lib)
- 
-   if 'true' == variables.get('node_use_dtrace'):
-     action(['out/Release/node.d'], 'lib/dtrace/node.d')

SOURCES/0002-install-keep-installing-dtrace-and-systemtap-files.patch

@@ -0,0 +1,31 @@
+From 9872b897d6a9a39e3392c39bca70cfd9dd084558 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Mon, 26 Sep 2022 16:02:39 +0200
+Subject: [PATCH] install: keep installing dtrace and systemtap files
+
+Partly reverts commit e27e709d3ca93b3e7036ddc4f4d28dfde228bfb6.
+
+Signed-off-by: rpm-build <rpm-build>
+---
+ tools/install.py | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/tools/install.py b/tools/install.py
+index 4b01d67..dc16797 100755
+--- a/tools/install.py
++++ b/tools/install.py
+@@ -178,6 +178,11 @@ def files(action):
+       output_lib = 'libnode.' + variables.get('shlib_suffix')
+       action([output_prefix + output_lib], variables.get('libdir') + '/' + output_lib)
+ 
++  if 'true' == variables.get('node_use_dtrace'):
++    action(['out/Release/node.d'], variables.get('libdir') + '/dtrace/node.d')
++
++  action(['src/node.stp'], 'share/systemtap/tapset/')
++
+   action(['deps/v8/tools/gdbinit'], 'share/doc/node/')
+   action(['deps/v8/tools/lldb_commands.py'], 'share/doc/node/')
+ 
+-- 
+2.37.3
+

SPECS/nodejs.spec

@@ -30,7 +30,7 @@
 # This is used by both the nodejs package and the npm subpackage that
 # has a separate version - the name is special so that rpmdev-bumpspec
 # will bump this rather than adding .1 to the end.
-%global baserelease 5
+%global baserelease 3
 
 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
 
@@ -41,8 +41,8 @@
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
 %global nodejs_major 16
-%global nodejs_minor 14
+%global nodejs_minor 18
-%global nodejs_patch 0
+%global nodejs_patch 1
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
 %global nodejs_soversion 93
@@ -58,7 +58,7 @@
 %global v8_major 9
 %global v8_minor 4
 %global v8_build 146
-%global v8_patch 24
+%global v8_patch 26
 # V8 presently breaks ABI at least every x.y release while never bumping SONAME
 %global v8_abi %{v8_major}.%{v8_minor}
 %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}
@@ -69,28 +69,28 @@
 %global c_ares_version 1.18.1
 
 # llhttp - from deps/llhttp/include/llhttp.h
-%global llhttp_version 6.0.4
+%global llhttp_version 6.0.10
 
 # libuv - from deps/uv/include/uv/version.h
 %global libuv_version 1.43.0
 
 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
-%global nghttp2_version 1.45.1
+%global nghttp2_version 1.47.0
 
 # nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
 %global nghttp3_major 0
-%global nghttp3_minor 1
+%global nghttp3_minor 7
-%global nghttp3_patch 0-DEV
+%global nghttp3_patch 0
 %global nghttp3_version %{nghttp3_major}.%{nghttp3_minor}.%{nghttp3_patch}
 
 # ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
 %global ngtcp2_major 0
-%global ngtcp2_minor 1
+%global ngtcp2_minor 8
-%global ngtcp2_patch 0-DEV
+%global ngtcp2_patch 1
 %global ngtcp2_version %{ngtcp2_major}.%{ngtcp2_minor}.%{ngtcp2_patch}
 
 # ICU - from tools/icu/current_ver.dep
-%global icu_major 70
+%global icu_major 71
 %global icu_minor 1
 %global icu_version %{icu_major}.%{icu_minor}
 
@@ -118,7 +118,7 @@
 
 # npm - from deps/npm/package.json
 %global npm_epoch 1
-%global npm_version 8.3.1
+%global npm_version 8.19.2
 
 # In order to avoid needing to keep incrementing the release version for the
 # main package forever, we will just construct one for npm that is guaranteed
@@ -127,13 +127,10 @@
 %global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
 
 # uvwasi - from deps/uvwasi/include/uvwasi.h
-%global uvwasi_version 0.0.12
+%global uvwasi_version 0.0.13
 
 # histogram_c - assumed from timestamps
-%global histogram_version 0.9.7
+%global histogram_version 0.11.2
-
-# Node.js 16.9.1 and later comes with an experimental package management tool
-%global corepack_version 0.10.0
 
 Name: nodejs
 Epoch: %{nodejs_epoch}
@@ -160,14 +157,29 @@ Source100: %{name}-tarball.sh
 # nodejs-packaging SRPM.
 Source7: nodejs_native.attr
 
+# These are full sources for dependencies included as WASM blobs in the source of Node itself.
+# Note: These sources would also include pre-compiled WASM blobs… so they are adjusted not to.
+# Recipes for creating these blobs are included in the sources.
+
+# Version: jq '.version' deps/cjs-module-lexer/package.json
+# Original: https://github.com/nodejs/cjs-module-lexer/archive/refs/tags/1.2.2.tar.gz
+# Adjustments: rm -f cjs-module-lexer-1.2.2/lib/lexer.wasm
+Source101: cjs-module-lexer-1.2.2.tar.gz
+# The WASM blob was made using wasi-sdk v11; compiler libraries are linked in.
+# Version source: Makefile
+Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz
+
+# Version: jq '.version' deps/undici/src/package.json
+# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.10.0.tar.gz
+# Adjustments: rm -f undici-5.10.0/lib/llhttp/llhttp*.wasm*
+Source111: undici-5.10.0.tar.gz
+# The WASM blob was made using wasi-sdk v14; compiler libraries are linked in.
+# Version source: build/Dockerfile
+Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-wasi-sdk-14.tar.gz
+
 # Disable running gyp on bundled deps we don't use
 Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
-
+Patch2: 0002-install-keep-installing-dtrace-and-systemtap-files.patch
-# Patch to install both node and libnode.so, using the correct libdir
-Patch2: 0002-Install-both-binaries-and-use-libdir.patch
-
-# CVE-2021-43616
-Patch3: 0001-fix-ci-lock-file-validation.patch
 
 BuildRequires: make
 BuildRequires: python3-devel
@@ -268,7 +280,6 @@ Provides: bundled(icu) = %{icu_version}
 # or there's no option to built it as a shared dependency, so we bundle them
 Provides: bundled(uvwasi) = %{uvwasi_version}
 Provides: bundled(histogram) = %{histogram_version}
-Provides: bundled(corepack) = %{corepack_version}
 
 %if 0%{?fedora}
 # Make sure to pull in the appropriate packaging macros when building RPMs
@@ -393,6 +404,22 @@ rm -rf deps/brotli
 rm -rf deps/v8/third_party/jinja2
 rm -rf tools/inspector_protocol/jinja2
 
+# check for correct versions of dependencies we are bundling
+check_wasm_dep() {
+  local -r name="$1" source="$2" packagejson="$3"
+  local -r expected_version="$(jq -r '.version' "${packagejson}")"
+
+  if ls "${source}"|grep -q --fixed-strings "${expected_version}"; then
+    printf '%s version matches\n' "${name}" >&2
+  else
+    printf '%s version MISMATCH: %s !~ %s\n' "${name}" "${expected_version}" "${source}" >&2
+    return 1
+  fi
+}
+
+check_wasm_dep cjs-module-lexer '%{SOURCE101}' deps/cjs-module-lexer/package.json
+check_wasm_dep undici           '%{SOURCE111}' deps/undici/src/package.json
+
 # Replace any instances of unversioned python' with python3
 %if %{with python3_fixup}
 pathfix.py -i %{__python3} -pn $(find -type f ! -name "*.js")
@@ -440,9 +467,10 @@ export LDFLAGS="%{build_ldflags}"
            --shared-brotli \
            %{!?with_bundled:--shared-libuv} \
            %{!?with_bundled:--shared-nghttp2} \
-           --with-dtrace \
+           %{?with_bundled:--without-dtrace}%{!?with_bundled:--with-dtrace} \
            --with-intl=small-icu \
            --with-icu-default-data-dir=%{icudatadir} \
+           --without-corepack \
            --openssl-use-def-ca-store \
            --openssl-default-cipher-list=PROFILE=SYSTEM
 
@@ -558,11 +586,6 @@ find %{buildroot}%{_prefix}/lib/node_modules/npm \
 chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp
 chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js
 
-# Corepack contains a number of executable"shims", including some for Windows
-# PowerShell. Drop the executable bit for those so we don't pick up an
-# automatic dependency on /usr/bin/pwsh that we cannot satisfy.
-chmod -x %{buildroot}%{_prefix}/lib/node_modules/corepack/shims/*.ps1
-
 # Drop the NPM default configuration in place
 mkdir -p %{buildroot}%{_sysconfdir}
 cp %{SOURCE1} %{buildroot}%{_sysconfdir}/npmrc
@@ -618,15 +641,14 @@ end
 %dir %{_datadir}/systemtap/tapset
 %{_datadir}/systemtap/tapset/node.stp
 
-# corepack
+%if %{without bundled}
-%{_bindir}/corepack
-%{_prefix}/lib/node_modules/corepack
-
 %dir %{_usr}/lib/dtrace
 %{_usr}/lib/dtrace/node.d
+%endif
 
 %{_rpmconfigdir}/fileattrs/nodejs_native.attr
 %{_rpmconfigdir}/nodejs_native.req
+%license LICENSE
 %doc AUTHORS CHANGELOG.md onboarding.md GOVERNANCE.md README.md
 %doc %{_mandir}/man1/node.1*
 
@@ -677,9 +699,11 @@ end
 %doc %{_mandir}/man5/package-lock-json.5*
 %doc %{_mandir}/man5/npm-shrinkwrap-json.5*
 %doc %{_mandir}/man7/config.7*
+%doc %{_mandir}/man7/dependency-selectors.7*
 %doc %{_mandir}/man7/developers.7*
-%doc %{_mandir}/man7/orgs.7*
 %doc %{_mandir}/man7/logging.7*
+%doc %{_mandir}/man7/orgs.7*
+%doc %{_mandir}/man7/package-spec.7*
 %doc %{_mandir}/man7/registry.7*
 %doc %{_mandir}/man7/removal.7*
 %doc %{_mandir}/man7/scope.7*
@@ -695,6 +719,31 @@ end
 
 
 %changelog
+* Wed Dec 07 2022 Jan Staněk <jstanek@redhat.com> - 1:16.18.1-3
+- Update sources of undici WASM blobs
+  Resolves: rhbz#2151617
+
+* Mon Dec 05 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.18.1-2
+- Add back libs and v8-devel subpackages
+- Related: RHBZ#2121126
+- Record previously fixed CVE
+- Resolves: CVE-2021-44906
+
+* Wed Nov 16 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.18.1-1
+- Rebase + CVEs
+- Resolves: #2142808
+- Resolves: #2142826, #2131745, #2142855
+
+* Tue Sep 27 2022 Jan Staněk <jstanek@redhat.com> - 16.17.1-1
+- Rebase to version 16.17.1
+  Resolves: CVE-2022-35255 CVE-2022-35256
+
+* Tue Aug 23 2022 Jan Staněk <jstanek@redhat.com> - 16.16.0-1
+- Rebase to version 16.16.0
+  Resolves: RHBZ#2106290
+  Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215
+  Resolves: CVE-2022-29244
+
 * Thu Apr 21 2022 Jan Staněk <jstanek@redhat.com> - 16.14.0-5
 - Decouple dependency bundling from bootstrapping