import nodejs-16.18.1-3.module+el8.7.0+17465+1a1abd74

.gitignore

@@ -1,6 +1,6 @@
 SOURCES/cjs-module-lexer-1.2.2.tar.gz
 SOURCES/icu4c-71_1-src.tgz
 SOURCES/node-v16.18.1-stripped.tar.gz
-SOURCES/undici-5.9.1.tar.gz
+SOURCES/undici-5.10.0.tar.gz
 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
 SOURCES/wasi-sdk-wasi-sdk-14.tar.gz

.nodejs.metadata

@@ -1,6 +1,6 @@
 b0a91341ecf6c68a9d59a1c57d000fbbcc771679 SOURCES/cjs-module-lexer-1.2.2.tar.gz
 406b0c8635288b772913b6ff646451e69748878a SOURCES/icu4c-71_1-src.tgz
 0e8bf36bf0ed737011cc49026a1e7b82d7a1f638 SOURCES/node-v16.18.1-stripped.tar.gz
-29d1d37064671ed3055fdfe06f0e323a08d62ca9 SOURCES/undici-5.9.1.tar.gz
+a2668423c8ed5321e39ce08e239141b084563bb5 SOURCES/undici-5.10.0.tar.gz
 8979d177dd62e3b167a6fd7dc7185adb0128c439 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
 900a50a32f0079d53c299db92b88bb3c5d2022b8 SOURCES/wasi-sdk-wasi-sdk-14.tar.gz

SPECS/nodejs.spec

@@ -35,7 +35,7 @@
 # This is used by both the nodejs package and the npm subpackage that
 # has a separate version - the name is special so that rpmdev-bumpspec
 # will bump this rather than adding .1 to the end.
-%global baserelease 2
+%global baserelease 3
 
 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
 
@@ -200,9 +200,9 @@ Source101: cjs-module-lexer-1.2.2.tar.gz
 Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz
 
 # Version: jq '.version' deps/undici/src/package.json
-# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.8.0.tar.gz
-# Adjustments: rm -f undici-5.8.0/lib/llhttp/llhttp*.wasm*
-Source111: undici-5.9.1.tar.gz
+# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.10.0.tar.gz
+# Adjustments: rm -f undici-5.10.0/lib/llhttp/llhttp*.wasm*
+Source111: undici-5.10.0.tar.gz
 # The WASM blob was made using wasi-sdk v14; compiler libraries are linked in.
 # Version source: build/Dockerfile
 Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-wasi-sdk-14.tar.gz
@@ -395,6 +395,22 @@ rm -rf deps/brotli
 rm -rf deps/v8/third_party/jinja2
 rm -rf tools/inspector_protocol/jinja2
 
+# check for correct versions of dependencies we are bundling
+check_wasm_dep() {
+  local -r name="$1" source="$2" packagejson="$3"
+  local -r expected_version="$(jq -r '.version' "${packagejson}")"
+
+  if ls "${source}"|grep -q --fixed-strings "${expected_version}"; then
+    printf '%s version matches\n' "${name}" >&2
+  else
+    printf '%s version MISMATCH: %s !~ %s\n' "${name}" "${expected_version}" "${source}" >&2
+    return 1
+  fi
+}
+
+check_wasm_dep cjs-module-lexer '%{SOURCE101}' deps/cjs-module-lexer/package.json
+check_wasm_dep undici           '%{SOURCE111}' deps/undici/src/package.json
+
 # Replace any instances of unversioned python' with python3
 %if %{with python3_fixup}
 pathfix.py -i %{__python3} -pn $(find -type f ! -name "*.js")
@@ -712,6 +728,10 @@ end
 
 
 %changelog
+* Wed Dec 07 2022 Jan Staněk <jstanek@redhat.com> - 1:16.18.1-3
+- Update sources of undici WASM blobs
+  Resolves: rhbz#2151546
+
 * Fri Dec 02 2022 Jan Staněk <jstanek@redhat.com> - 1:16.18.1-2
 - Record CVE references already addressed in this or previous upstream versions
   Resolves: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824