import nodejs-18.14.2-2.module+el8.7.0+18445+9493b6ea

.gitignore

@@ -1,6 +1,6 @@
 SOURCES/cjs-module-lexer-1.2.2.tar.gz
-SOURCES/icu4c-71_1-src.tgz
-SOURCES/node-v18.12.1-stripped.tar.gz
-SOURCES/undici-5.11.0.tar.gz
+SOURCES/icu4c-72_1-src.tgz
+SOURCES/node-v18.14.2-stripped.tar.gz
+SOURCES/undici-5.20.0.tar.gz
 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
 SOURCES/wasi-sdk-wasi-sdk-14.tar.gz

.nodejs.metadata

@@ -1,6 +1,6 @@
 6976e77068429bd0b47b573793289e065ceb6b27 SOURCES/cjs-module-lexer-1.2.2.tar.gz
-406b0c8635288b772913b6ff646451e69748878a SOURCES/icu4c-71_1-src.tgz
-816c2656eea956f3fcd0d98562d7d225abd3e95f SOURCES/node-v18.12.1-stripped.tar.gz
-0ea4e5cfe13969896bf41c0d2d029a621917b944 SOURCES/undici-5.11.0.tar.gz
+a97546f0119c37a3526143bc29fb573a4417ff84 SOURCES/icu4c-72_1-src.tgz
+f0f8d1ceb4dc2bf7170ac999d731611f776b0af3 SOURCES/node-v18.14.2-stripped.tar.gz
+0b3e890fd45200fb3a2fdc14408cc51e23990480 SOURCES/undici-5.20.0.tar.gz
 8979d177dd62e3b167a6fd7dc7185adb0128c439 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
 900a50a32f0079d53c299db92b88bb3c5d2022b8 SOURCES/wasi-sdk-wasi-sdk-14.tar.gz

SOURCES/0001-Disable-running-gyp-on-shared-deps.patch

@@ -1,29 +1,18 @@
-From 2abb9e98751595936ac1c867b3f08695f5bcf22c Mon Sep 17 00:00:00 2001
-From: Zuzana Svetlikova <zsvetlik@redhat.com>
-Date: Fri, 17 Apr 2020 12:59:44 +0200
-Subject: [PATCH] Disable running gyp on shared deps
-
-Signed-off-by: rpm-build <rpm-build>
----
- Makefile |  2 +-
- node.gyp | 17 -----------------
- 2 files changed, 1 insertion(+), 18 deletions(-)
-
 diff --git a/Makefile b/Makefile
-index 9c01f8f..133a3d0 100644
+index 9401346623..c9d3da24c5 100644
 --- a/Makefile
 +++ b/Makefile
-@@ -148,7 +148,7 @@ with-code-cache test-code-cache:
+@@ -169,7 +169,7 @@ with-code-cache test-code-cache:
  	$(warning '$@' target is a noop)
  
  out/Makefile: config.gypi common.gypi node.gyp \
 -	deps/uv/uv.gyp deps/llhttp/llhttp.gyp deps/zlib/zlib.gyp \
 +	deps/llhttp/llhttp.gyp \
+ 	deps/simdutf/simdutf.gyp \
  	tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
  	tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
- 	$(PYTHON) tools/gyp_node.py -f make
 diff --git a/node.gyp b/node.gyp
-index 8f131ac..dce5fdc 100644
+index cec24aed03..13af00f40d 100644
 --- a/node.gyp
 +++ b/node.gyp
 @@ -429,23 +429,6 @@
@@ -41,7 +30,7 @@ index 8f131ac..dce5fdc 100644
 -               'inputs': [ '<(opensslconfig)', ],
 -               'outputs': [ '<(opensslconfig_internal)', ],
 -               'action': [
--                 'python', 'tools/copyfile.py',
+-                 '<(python)', 'tools/copyfile.py',
 -                 '<(opensslconfig)',
 -                 '<(opensslconfig_internal)',
 -               ],
@@ -50,6 +39,3 @@ index 8f131ac..dce5fdc 100644
           }],
        ],
      }, # node_core_target_name
--- 
-2.37.3
-

SPECS/nodejs.spec

@@ -17,7 +17,7 @@
 #
 # create bootstrapping build with bundled deps and extra release suffix
 %bcond_with bootstrap
-# bundle dependencies that are not available as Fedora modules
+# bundle dependencies that are not available in CentOS
 %if %{with bootstrap}
 %bcond_without bundled
 %else
@@ -41,8 +41,8 @@
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
 %global nodejs_major 18
-%global nodejs_minor 12
-%global nodejs_patch 1
+%global nodejs_minor 14
+%global nodejs_patch 2
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
 %global nodejs_soversion 108
@@ -58,7 +58,7 @@
 %global v8_major 10
 %global v8_minor 2
 %global v8_build 154
-%global v8_patch 15
+%global v8_patch 26
 # V8 presently breaks ABI at least every x.y release while never bumping SONAME
 %global v8_abi %{v8_major}.%{v8_minor}
 %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}
@@ -79,13 +79,13 @@
 
 # libuv - from deps/uv/include/uv/version.h
 %global libuv_major 1
-%global libuv_minor 43
-%global libuv_patch 0
+%global libuv_minor 44
+%global libuv_patch 2
 %global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch}
 
 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
 %global nghttp2_major 1
-%global nghttp2_minor 47
+%global nghttp2_minor 51
 %global nghttp2_patch 0
 %global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch}
 
@@ -102,7 +102,7 @@
 %global ngtcp2_version %{ngtcp2_major}.%{ngtcp2_minor}.%{ngtcp2_patch}
 
 # ICU - from tools/icu/current_ver.dep
-%global icu_major 71
+%global icu_major 72
 %global icu_minor 1
 %global icu_version %{icu_major}.%{icu_minor}
 
@@ -120,6 +120,12 @@
 %global icu_flag full-icu
 %endif
 
+# simduft from deps/simdutf/simdutf.h
+%global simduft_major 2
+%global simduft_minor 0
+%global simduft_patch 7
+%global simduft_version %{simduft_major}.%{simduft_minor}.%{simduft_patch}
+
 # OpenSSL minimum version
 %global openssl_minimum 1:1.1.1
 
@@ -133,9 +139,9 @@
 
 # npm - from deps/npm/package.json
 %global npm_epoch 1
-%global npm_major 8
-%global npm_minor 19
-%global npm_patch 2
+%global npm_major 9
+%global npm_minor 5
+%global npm_patch 0
 %global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}
 
 # uvwasi - from deps/uvwasi/include/uvwasi.h
@@ -197,9 +203,9 @@ Source101: cjs-module-lexer-1.2.2.tar.gz
 Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz
 
 # Version: jq '.version' deps/undici/src/package.json
-# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.11.0.tar.gz
-# Adjustments: rm -f undici-5.11.0/lib/llhttp/llhttp*.wasm*
-Source111: undici-5.11.0.tar.gz
+# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.20.0.tar.gz
+# Adjustments: rm -f undici-5.20.0/lib/llhttp/llhttp*.wasm*
+Source111: undici-5.20.0.tar.gz
 # The WASM blob was made using wasi-sdk v14; compiler libraries are linked in.
 # Version source: build/Dockerfile
 Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-wasi-sdk-14.tar.gz
@@ -209,10 +215,16 @@ Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
 
 BuildRequires: make
 BuildRequires: python3-devel
+BuildRequires: python3-setuptools
+BuildRequires: python3-jinja2
+%if !%{with python3_fixup}
+BuildRequires: python-unversioned-command
+%endif
 BuildRequires: zlib-devel
 BuildRequires: brotli-devel
 BuildRequires: gcc >= 8.3.0
 BuildRequires: gcc-c++ >= 8.3.0
+BuildRequires: jq
 # needed to generate bundled provides for npm dependencies
 # https://src.fedoraproject.org/rpms/nodejs/pull-request/2
 # https://pagure.io/nodejs-packaging/pull-request/10
@@ -299,6 +311,7 @@ Provides: bundled(icu) = %{icu_version}
 Provides: bundled(uvwasi) = %{uvwasi_version}
 Provides: bundled(histogram) = %{histogram_version}
 Provides: bundled(corepack) = %{corepack_version}
+Provides: bundled(simduft) = %{simduft_version}
 
 # Make sure we keep NPM up to date when we update Node.js
 %if 0%{?rhel} < 8
@@ -388,6 +401,8 @@ The API documentation for the Node.js JavaScript runtime.
 # remove bundled dependencies that we aren't building
 rm -rf deps/zlib
 rm -rf deps/brotli
+rm -rf deps/v8/third_party/jinja2
+rm -rf tools/inspector_protocol/jinja2
 
 # Replace any instances of unversioned python' with python3
 %if %{with python3_fixup}
@@ -693,6 +708,8 @@ end
 %doc %{_mandir}/man5/package-json.5*
 %doc %{_mandir}/man5/package-lock-json.5*
 %doc %{_mandir}/man5/npm-shrinkwrap-json.5*
+%doc %{_mandir}/man5/npm-global.5.*
+%doc %{_mandir}/man5/npm-json.5.*
 %doc %{_mandir}/man7/config.7*
 %doc %{_mandir}/man7/dependency-selectors.7*
 %doc %{_mandir}/man7/developers.7*
@@ -714,6 +731,15 @@ end
 
 
 %changelog
+* Tue Mar 21 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.14.2-2
+- Provide simduft
+
+* Tue Mar 21 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.14.2-1
+- Rebase to 18.14.2
+- Resolves: #2178087
+- Resolves: CVE-2022-25881, CVE-2022-4904, CVE-2023-23936, CVE-2023-24807
+- Resolves: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920
+
 * Fri Nov 18 2022 Jan Staněk <jstanek@redhat.com> - 1:18.12.1-2
 - Update version of bundled histogram