diff --git a/.gitignore b/.gitignore
index 35d3087..f1ac6cf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,5 @@
 SOURCES/cjs-module-lexer-1.2.2.tar.gz
-SOURCES/icu4c-72_1-src.tgz
-SOURCES/node-v18.16.1-stripped.tar.gz
-SOURCES/undici-5.21.0.tar.gz
-SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
-SOURCES/wasi-sdk-wasi-sdk-14.tar.gz
+SOURCES/icu4c-73_1-src.zip
+SOURCES/node-v18.17.1-stripped.tar.gz
+SOURCES/undici-5.22.1.tar.gz
+SOURCES/wasi-sdk-11.0-linux.tar.gz
diff --git a/.nodejs.metadata b/.nodejs.metadata
index f234b64..b834780 100644
--- a/.nodejs.metadata
+++ b/.nodejs.metadata
@@ -1,6 +1,5 @@
-6976e77068429bd0b47b573793289e065ceb6b27 SOURCES/cjs-module-lexer-1.2.2.tar.gz
-a97546f0119c37a3526143bc29fb573a4417ff84 SOURCES/icu4c-72_1-src.tgz
-e5c7cb54ade307bf4fb282796322bf65be20a5c7 SOURCES/node-v18.16.1-stripped.tar.gz
-a3c9593ddf15f83a48135641b1985adad4f2a669 SOURCES/undici-5.21.0.tar.gz
-8979d177dd62e3b167a6fd7dc7185adb0128c439 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
-900a50a32f0079d53c299db92b88bb3c5d2022b8 SOURCES/wasi-sdk-wasi-sdk-14.tar.gz
+b0a91341ecf6c68a9d59a1c57d000fbbcc771679 SOURCES/cjs-module-lexer-1.2.2.tar.gz
+7ef13722e78a6a7eeda293e3bccc006651d50d83 SOURCES/icu4c-73_1-src.zip
+0638f527de54888935ae3ef469eb1f01cf3d3475 SOURCES/node-v18.17.1-stripped.tar.gz
+bcb2ceaa999c98df652d4fd5e571294cd560013b SOURCES/undici-5.22.1.tar.gz
+ff114dd45b4efeeae7afe4621bfc6f886a475b4b SOURCES/wasi-sdk-11.0-linux.tar.gz
diff --git a/SOURCES/nodejs-tarball.sh b/SOURCES/nodejs-tarball.sh
index f59d5c2..6a94b29 100755
--- a/SOURCES/nodejs-tarball.sh
+++ b/SOURCES/nodejs-tarball.sh
@@ -120,10 +120,10 @@ rm -rf node-v${version}/deps/openssl
 tar -zcf node-v${version}-stripped.tar.gz node-v${version}
 
 # Download the matching version of ICU
-rm -f icu4c*-src.tgz icu.md5
+rm -f icu4c*-src.zip icu.md5
 ICUMD5=$(cat node-v${version}/tools/icu/current_ver.dep |jq -r '.[0].md5')
 wget $(cat node-v${version}/tools/icu/current_ver.dep |jq -r '.[0].url')
-ICUTARBALL=$(ls -1 icu4c*-src.tgz)
+ICUTARBALL=$(ls -1 icu4c*-src.zip)
 echo "$ICUMD5  $ICUTARBALL" > icu.md5
 md5sum -c icu.md5
 rm -f icu.md5 SHASUMS256.txt
diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec
index 51d115c..a6c7564 100644
--- a/SPECS/nodejs.spec
+++ b/SPECS/nodejs.spec
@@ -41,7 +41,7 @@
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
 %global nodejs_major 18
-%global nodejs_minor 16
+%global nodejs_minor 17
 %global nodejs_patch 1
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
@@ -93,7 +93,7 @@
 %global ngtcp2_version %{ngtcp2_major}.%{ngtcp2_minor}.%{ngtcp2_patch}
 
 # ICU - from tools/icu/current_ver.dep
-%global icu_major 72
+%global icu_major 73
 %global icu_minor 1
 %global icu_version %{icu_major}.%{icu_minor}
 
@@ -114,11 +114,11 @@
 # simduft from deps/simdutf/simdutf.h
 %global simduft_major 3
 %global simduft_minor 2
-%global simduft_patch 2
+%global simduft_patch 12
 %global simduft_version %{simduft_major}.%{simduft_minor}.%{simduft_patch}
 
 # ada from deps/ada/ada.h
-%global ada_version 1.0.4
+%global ada_version 2.5.0
 
 # OpenSSL minimum version
 %global openssl_minimum 1:1.1.1
@@ -133,7 +133,7 @@
 
 # npm - from deps/npm/package.json
 %global npm_epoch 1
-%global npm_version 9.5.1
+%global npm_version 9.6.7
 
 # In order to avoid needing to keep incrementing the release version for the
 # main package forever, we will just construct one for npm that is guaranteed
@@ -145,7 +145,7 @@
 %global corepack_version 0.10.0
 
 # uvwasi - from deps/uvwasi/include/uvwasi.h
-%global uvwasi_version 0.0.15
+%global uvwasi_version 0.0.18
 
 # histogram_c - assumed from timestamps
 %global histogram_version 0.11.2
@@ -167,7 +167,7 @@ ExclusiveArch: %{nodejs_arches}
 Source0: node-v%{nodejs_version}-stripped.tar.gz
 Source1: npmrc
 Source2: btest402.js
-Source3: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-src.tgz
+Source3: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-src.zip
 Source100: %{name}-tarball.sh
 
 # The native module Requires generator remains in the nodejs SRPM, so it knows
@@ -188,15 +188,13 @@ Source8: npmrc.builtin.in
 Source101: cjs-module-lexer-1.2.2.tar.gz
 # The WASM blob was made using wasi-sdk v11; compiler libraries are linked in.
 # Version source: Makefile
-Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz
+Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-11.0-linux.tar.gz
 
 # Version: jq '.version' deps/undici/src/package.json
-# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.21.0.tar.gz
-# Adjustments: rm -f undici-5.21.0/lib/llhttp/llhttp*.wasm*
-Source111: undici-5.21.0.tar.gz
-# The WASM blob was made using wasi-sdk v14; compiler libraries are linked in.
-# Version source: build/Dockerfile
-Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-wasi-sdk-14.tar.gz
+# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.22.1.tar.gz
+# Adjustments: rm -f undici-5.22.1/lib/llhttp/llhttp*.wasm
+# Build uses alpine image, see alpine for sources for wasi-sdk
+Source111: undici-5.22.1.tar.gz
 
 # Disable running gyp on bundled deps we don't use
 Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
@@ -444,7 +442,7 @@ export CFLAGS="%{optflags} ${extra_cflags[*]}" CXXFLAGS="%{optflags} ${extra_cfl
 export LDFLAGS="%{build_ldflags}"
 
 %{__python3} configure.py --prefix=%{_prefix} --verbose \
-           --shared-openssl \
+           --shared-openssl --openssl-conf-name=openssl_conf \
            --shared-zlib \
            --shared-brotli \
            %{!?with_bundled:--shared-libuv} \
@@ -464,7 +462,7 @@ make BUILDTYPE=Release %{?_smp_mflags}
 
 # Extract the ICU data and convert it to the appropriate endianness
 pushd deps/
-tar xfz %SOURCE3
+unzip -a %{SOURCE3}
 
 pushd icu/source
 
@@ -734,6 +732,12 @@ end
 
 
 %changelog
+* Wed Aug 23 2023 Jan Staněk <jstanek@redhat.com> - 1:18.17.1-1
+- Rebase to version 18.17.1
+  Resolves: rhbz#2228939
+  Resolves: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559
+- Specify proper OpenSSL configuration section build
+
 * Wed Jul 12 2023 Jan Staněk <jstanek@redhat.com> - 1:18.16.1-1
 - Rebase to 18.16.1
   Resolves: rhbz#2188290 rhbz#2166926