import UBI nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10

.gitignore

@@ -1,6 +1,6 @@
-SOURCES/cjs-module-lexer-1.2.2.tar.gz
+SOURCES/cjs-module-lexer-1.4.1.tar.gz
 SOURCES/icu4c-75_1-src.tgz
-SOURCES/node-v20.16.0-stripped.tar.gz
-SOURCES/undici-6.19.2.tar.gz
+SOURCES/node-v20.18.2-stripped.tar.gz
+SOURCES/undici-6.21.1.tar.gz
 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
 SOURCES/wasi-sdk-wasi-sdk-16.tar.gz

.nodejs.metadata

@@ -1,6 +1,6 @@
-164f7f39841415284b0280a648c43bd7ea1615ac SOURCES/cjs-module-lexer-1.2.2.tar.gz
+327c9c409bcda11ac331186b5eabb27bb78df43e SOURCES/cjs-module-lexer-1.4.1.tar.gz
 da3614aa496c5f0fde12f7aa155f235b5e239f1b SOURCES/icu4c-75_1-src.tgz
-f5c3411098f91526d7ce14b14b080e368510ae93 SOURCES/node-v20.16.0-stripped.tar.gz
-0653ac16ef498878fffefea0fa1f7e870cdfc249 SOURCES/undici-6.19.2.tar.gz
+8a59e2e4fa6c81ac10f6f42a5e6245bfd882efa2 SOURCES/node-v20.18.2-stripped.tar.gz
+5ab2874f1e7786485cb5f8239b5f6a977a5aa8f5 SOURCES/undici-6.21.1.tar.gz
 8979d177dd62e3b167a6fd7dc7185adb0128c439 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
 fbe01909bf0e8260fcc3696ec37c9f731b5e356a SOURCES/wasi-sdk-wasi-sdk-16.tar.gz

SOURCES/0001-Revert-build-fix-arm64-cross-compilation-bug-on-non-.patch

@@ -28,12 +28,12 @@ index f189ba2bf09..9b2d993bb32 100755
    if options.node_snapshot_main is not None:
 diff --git a/node.gyp b/node.gyp
 index ff59af6ff76..7d9ec812917 100644
---- a/node.gyp
-+++ b/node.gyp
-@@ -468,21 +468,6 @@
-     },
- 
-     'conditions': [
+--- a/node.gyp	2025-01-21 05:28:01.000000000 +0100
++++ b/node.gyp	2025-02-03 09:26:11.282754397 +0100
+@@ -472,21 +472,6 @@
+       ['clang==0 and OS!="win"', {
+         'cflags': [ '-Wno-restrict', ],
+       }],
 -      # Pointer authentication for ARM64.
 -      ['target_arch=="arm64"', {
 -          'target_conditions': [
@@ -52,6 +52,3 @@ index ff59af6ff76..7d9ec812917 100644
        ['OS in "aix os400"', {
          'ldflags': [
            '-Wl,-bnoerrmsg',
--- 
-2.45.2
-

SPECS/nodejs.spec

@@ -44,8 +44,8 @@
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
 %global nodejs_major 20
-%global nodejs_minor 16
-%global nodejs_patch 0
+%global nodejs_minor 18
+%global nodejs_patch 2
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
 %global nodejs_soversion 115
@@ -57,7 +57,7 @@
 # == Bundled Dependency Versions ==
 # v8 - from deps/v8/include/v8-version.h
 # Epoch is set to ensure clean upgrades from the old v8 package
-%global v8_epoch 2
+%global v8_epoch 3
 %global v8_major 11
 %global v8_minor 3
 %global v8_build 244
@@ -67,9 +67,10 @@
 %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}
 %global v8_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
 
+
 # c-ares - from deps/cares/include/ares_version.h
 # https://github.com/nodejs/node/pull/9332
-%global c_ares_version 1.31.0
+%global c_ares_version 1.33.1
 
 # llhttp - from deps/llhttp/include/llhttp.h
 %global llhttp_version 8.1.2
@@ -106,10 +107,10 @@
 %endif
 
 # simduft from deps/simdutf/simdutf.h
-%global simduft_version 5.2.8
+%global simduft_version 5.5.0
 
 # ada from deps/ada/ada.h
-%global ada_version 2.8.0
+%global ada_version 2.9.0
 
 # OpenSSL minimum version
 %global openssl_minimum 1:1.1.1
@@ -122,7 +123,7 @@
 
 # npm - from deps/npm/package.json
 %global npm_epoch 1
-%global npm_version 10.8.1
+%global npm_version 10.8.2
 
 # In order to avoid needing to keep incrementing the release version for the
 # main package forever, we will just construct one for npm that is guaranteed
@@ -132,7 +133,7 @@
 
 # Node.js 16.9.1 and later comes with an experimental package management tool
 # corepack - from deps/corepack/package.json
-%global corepack_version 0.28.1
+%global corepack_version 0.29.4
 
 # uvwasi - from deps/uvwasi/include/uvwasi.h
 %global uvwasi_version 0.0.21
@@ -173,18 +174,18 @@ Source8: npmrc.builtin.in
 # Recipes for creating these blobs are included in the sources.
 
 # Version: jq '.version' deps/cjs-module-lexer/package.json
-# Original: https://github.com/nodejs/cjs-module-lexer/archive/refs/tags/1.2.2.tar.gz
-# Adjustments: rm -f cjs-module-lexer-1.2.2/lib/lexer.wasm
-Source101: cjs-module-lexer-1.2.2.tar.gz
+# Original: https://github.com/nodejs/cjs-module-lexer/archive/refs/tags/1.4.1.tar.gz
+# Adjustments: rm -f cjs-module-lexer-1.4.1/lib/lexer.wasm
+Source101: cjs-module-lexer-1.4.1.tar.gz
 # The WASM blob was made using wasi-sdk v11; compiler libraries are linked in.
 # Version source (cjs-module-lexer tarball): Makefile
 Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz
 
 # Version: jq '.version' deps/undici/src/package.json
-# Original: https://github.com/nodejs/undici/archive/refs/tags/v6.13.0.tar.gz
-# Adjustments: rm -f undici-6.13.0/lib/llhttp/llhttp*.wasm
+# Original: https://github.com/nodejs/undici/archive/refs/tags/v6.21.1.tar.gz
+# Adjustments: rm -f undici-6.21.1/lib/llhttp/llhttp*.wasm
 # wasi-sdk version can be found in lib/llhttp/wasm_build_env.txt
-Source111: undici-6.19.2.tar.gz
+Source111: undici-6.21.1.tar.gz
 # The WASM blob was made using wasi-sdk v16; compiler libraries are linked in.
 # Version source: deps/undici/src/lib/llhttp/wasm_build_env.txt
 # Also check (undici tarball): lib/llhttp/wasm_build_env.txt
@@ -724,6 +725,11 @@ end
 
 
 %changelog
+* Thu Jan 30 2025 Tomáš Juhász <tjuhasz@redhat.com> - 1:20.18.2-1
+- Update to version 20.18.2
+  Fixes: CVE-2025-23083 CVE-2025-23085 CVE-2025-22150
+  Resolves: RHEL-76001 RHEL-76146
+
 * Mon Aug 05 2024 Honza Horak <hhorak@redhat.com> - 1:20.16.0-1
 - Update to 20.16.0
   Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020