.gitignore

@@ -1,2 +1,57 @@
-SOURCES/icu4c-64_2-src.tgz
-SOURCES/node-v10.24.0-stripped.tar.gz
+/node-v10.7.0-stripped.tar.gz
+/node-v10.11.0-stripped.tar.gz
+/node-v10.14.1-stripped.tar.gz
+/node-v12.4.0-stripped.tar.gz
+/node-v12.13.1-stripped.tar.gz
+/node-v12.14.1-stripped.tar.gz
+/node-v12.16.1-stripped.tar.gz
+/node-v14.2.0-stripped.tar.gz
+/icu4c-66_1-src.tgz
+/node-v14.3.0-stripped.tar.gz
+/icu4c-67_1-src.tgz
+/node-v14.4.0-stripped.tar.gz
+/node-v14.11.0-stripped.tar.gz
+/node-v14.15.0-stripped.tar.gz
+/node-v14.15.4-stripped.tar.gz
+/node-v14.16.0-stripped.tar.gz
+/node-v16.1.0-stripped.tar.gz
+/icu4c-69_1-src.tgz
+/node-v16.4.2-stripped.tar.gz
+/node-v16.6.2-stripped.tar.gz
+/node-v16.7.0-stripped.tar.gz
+/node-v16.8.0-stripped.tar.gz
+/node-v16.13.1-stripped.tar.gz
+/node-v16.14.0-stripped.tar.gz
+/icu4c-70_1-src.tgz
+/node-v18.2.0-stripped.tar.gz
+/icu4c-71_1-src.tgz
+/node-v18.7.0-stripped.tar.gz
+/node-v18.8.0-stripped.tar.gz
+/undici-5.8.2.tar.gz
+/cjs-module-lexer-1.2.2.tar.gz
+/wasi-sdk-11.0-linux.tar.gz
+/wasi-sdk-14.0-linux.tar.gz
+/node-v18.10.0-stripped.tar.gz
+/undici-5.9.1.tar.gz
+/wasi-sdk-11.tar.gz
+/wasi-sdk-14.tar.gz
+/undici-5.10.0.tar.gz
+/node-v18.12.1-stripped.tar.gz
+/undici-5.11.0.tar.gz
+/node-v18.14.2-stripped.tar.gz
+/icu4c-72_1-src.tgz
+/undici-5.20.0.tar.gz
+/wasi-sdk-wasi-sdk-11.tar.gz
+/wasi-sdk-wasi-sdk-14.tar.gz
+/node-v18.16.1-stripped.tar.gz
+/undici-5.21.0.tar.gz
+/node-v20.5.0-stripped.tar.gz
+/icu4c-73_2-src.tgz
+/undici-5.22.1.tar.gz
+/node-v20.5.1-stripped.tar.gz
+/node-v20.8.1-stripped.tar.gz
+/undici-5.26.3.tar.gz
+/node-v20.9.0-stripped.tar.gz
+/node-v20.11.0-stripped.tar.gz
+/undici-5.27.2.tar.gz
+/wasi-sdk-16.0-linux.tar.gz

.nodejs.metadata

@@ -1,2 +0,0 @@
-3127155ecf2b75ab4835f501b7478e39c07bb852 SOURCES/icu4c-64_2-src.tgz
-be0e0b385a852c376f452b3d94727492e05407e4 SOURCES/node-v10.24.0-stripped.tar.gz

0001-Disable-running-gyp-on-shared-deps.patch

@@ -0,0 +1,55 @@
+From c73e0892eb1d0aa2df805618c019dc5c96b79705 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Tue, 30 May 2023 13:12:35 +0200
+Subject: [PATCH] Disable running gyp on shared deps
+
+Signed-off-by: rpm-build <rpm-build>
+---
+ Makefile |  2 +-
+ node.gyp | 17 -----------------
+ 2 files changed, 1 insertion(+), 18 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 0be0659..3c44201 100644
+--- a/Makefile
++++ b/Makefile
+@@ -169,7 +169,7 @@ with-code-cache test-code-cache:
+ 	$(warning '$@' target is a noop)
+ 
+ out/Makefile: config.gypi common.gypi node.gyp \
+-	deps/uv/uv.gyp deps/llhttp/llhttp.gyp deps/zlib/zlib.gyp \
++	deps/llhttp/llhttp.gyp \
+ 	deps/simdutf/simdutf.gyp deps/ada/ada.gyp \
+ 	tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
+ 	tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
+diff --git a/node.gyp b/node.gyp
+index cf52281..c33b57b 100644
+--- a/node.gyp
++++ b/node.gyp
+@@ -430,23 +430,6 @@
+               ],
+             },
+           ],
+-         }, {
+-           'variables': {
+-              'opensslconfig_internal': '<(obj_dir)/deps/openssl/openssl.cnf',
+-              'opensslconfig': './deps/openssl/nodejs-openssl.cnf',
+-           },
+-           'actions': [
+-             {
+-               'action_name': 'reset_openssl_cnf',
+-               'inputs': [ '<(opensslconfig)', ],
+-               'outputs': [ '<(opensslconfig_internal)', ],
+-               'action': [
+-                 '<(python)', 'tools/copyfile.py',
+-                 '<(opensslconfig)',
+-                 '<(opensslconfig_internal)',
+-               ],
+-             },
+-           ],
+          }],
+       ],
+     }, # node_core_target_name
+-- 
+2.41.0
+

SOURCES/0001-Disable-running-gyp-on-shared-deps.patch

@@ -1,31 +0,0 @@
-From 2cd4c12776af3da588231d3eb498e6451c30eae5 Mon Sep 17 00:00:00 2001
-From: Zuzana Svetlikova <zsvetlik@redhat.com>
-Date: Thu, 27 Apr 2017 14:25:42 +0200
-Subject: [PATCH] Disable running gyp on shared deps
-
-Signed-off-by: rpm-build <rpm-build>
----
- Makefile | 7 +++----
- 1 file changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index 73feb4c..45bbceb 100644
---- a/Makefile
-+++ b/Makefile
-@@ -123,10 +123,9 @@ with-code-cache:
- test-code-cache: with-code-cache
- 	$(PYTHON) tools/test.py $(PARALLEL_ARGS) --mode=$(BUILDTYPE_LOWER) code-cache
- 
--out/Makefile: common.gypi deps/uv/uv.gyp deps/http_parser/http_parser.gyp \
--              deps/zlib/zlib.gyp deps/v8/gypfiles/toolchain.gypi \
--              deps/v8/gypfiles/features.gypi deps/v8/gypfiles/v8.gyp node.gyp \
--              config.gypi
-+out/Makefile: common.gypi deps/http_parser/http_parser.gyp \
-+              deps/v8/gypfiles/toolchain.gypi deps/v8/gypfiles/features.gypi \
-+			  deps/v8/gypfiles/v8.gyp node.gyp config.gypi
- 	$(PYTHON) tools/gyp_node.py -f make
- 
- config.gypi: configure configure.py
--- 
-2.26.2
-

SOURCES/0002-Suppress-NPM-message-to-run-global-update.patch

@@ -1,84 +0,0 @@
-From e7afb2d6e2a6c8f9c9c32e12a10c3c5c4902a251 Mon Sep 17 00:00:00 2001
-From: Stephen Gallagher <sgallagh@redhat.com>
-Date: Tue, 1 May 2018 08:05:30 -0400
-Subject: [PATCH] Suppress NPM message to run global update
-
-Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
-Signed-off-by: rpm-build <rpm-build>
----
- deps/npm/bin/npm-cli.js | 54 -----------------------------------------
- 1 file changed, 54 deletions(-)
-
-diff --git a/deps/npm/bin/npm-cli.js b/deps/npm/bin/npm-cli.js
-index c0d9be0..0f0892e 100755
---- a/deps/npm/bin/npm-cli.js
-+++ b/deps/npm/bin/npm-cli.js
-@@ -71,65 +71,11 @@
-     npm.command = 'help'
-   }
- 
--  var isGlobalNpmUpdate = conf.global && ['install', 'update'].includes(npm.command) && npm.argv.includes('npm')
--
-   // now actually fire up npm and run the command.
-   // this is how to use npm programmatically:
-   conf._exit = true
-   npm.load(conf, function (er) {
-     if (er) return errorHandler(er)
--    if (
--      !isGlobalNpmUpdate &&
--      npm.config.get('update-notifier') &&
--      !unsupported.checkVersion(process.version).unsupported
--    ) {
--      const pkg = require('../package.json')
--      let notifier = require('update-notifier')({pkg})
--      const isCI = require('ci-info').isCI
--      if (
--        notifier.update &&
--        notifier.update.latest !== pkg.version &&
--        !isCI
--      ) {
--        const color = require('ansicolors')
--        const useColor = npm.config.get('color')
--        const useUnicode = npm.config.get('unicode')
--        const old = notifier.update.current
--        const latest = notifier.update.latest
--        let type = notifier.update.type
--        if (useColor) {
--          switch (type) {
--            case 'major':
--              type = color.red(type)
--              break
--            case 'minor':
--              type = color.yellow(type)
--              break
--            case 'patch':
--              type = color.green(type)
--              break
--          }
--        }
--        const changelog = `https://github.com/npm/cli/releases/tag/v${latest}`
--        notifier.notify({
--          message: `New ${type} version of ${pkg.name} available! ${
--            useColor ? color.red(old) : old
--          } ${useUnicode ? '→' : '->'} ${
--            useColor ? color.green(latest) : latest
--          }\n` +
--          `${
--            useColor ? color.yellow('Changelog:') : 'Changelog:'
--          } ${
--            useColor ? color.cyan(changelog) : changelog
--          }\n` +
--          `Run ${
--            useColor
--              ? color.green(`npm install -g ${pkg.name}`)
--              : `npm i -g ${pkg.name}`
--          } to update!`
--        })
--      }
--    }
-     npm.commands[npm.command](npm.argv, function (err) {
-       // https://genius.com/Lin-manuel-miranda-your-obedient-servant-lyrics
-       if (
--- 
-2.26.2
-

SOURCES/0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch

@@ -1,122 +0,0 @@
-From 0028cc74dac4dd24b8599ade85cb49fdafa9f559 Mon Sep 17 00:00:00 2001
-From: Stephen Gallagher <sgallagh@redhat.com>
-Date: Fri, 6 Dec 2019 16:40:25 -0500
-Subject: [PATCH] build: auto-load ICU data from --with-icu-default-data-dir
-
-When compiled with `--with-intl=small` and
-`--with-icu-default-data-dir=PATH`, Node.js will use PATH as a
-fallback location for the ICU data.
-
-We will first perform an access check using fopen(PATH, 'r') to
-ensure that the file is readable. If it is, we'll set the
-icu_data_directory and proceed. There's a slight overhead for the
-fopen() check, but it should be barely measurable.
-
-This will be useful for Linux distribution packagers who want to
-be able to ship a minimal node binary in a container image but
-also be able to add on the full i18n support where needed. With
-this patch, it becomes possible to ship the interpreter as
-/usr/bin/node in one package for the distribution and to ship the
-data files in another package (without a strict dependency
-between the two). This means that users of the distribution will
-not need to explicitly direct Node.js to locate the ICU data. It
-also means that in environments where full internationalization is
-not required, they do not need to carry the extra content (with
-the associated storage costs).
-
-Refs: https://github.com/nodejs/node/issues/3460
-
-Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
-Signed-off-by: rpm-build <rpm-build>
----
- configure.py |  9 +++++++++
- node.gypi    |  7 +++++++
- src/node.cc  | 20 ++++++++++++++++++++
- 3 files changed, 36 insertions(+)
-
-diff --git a/configure.py b/configure.py
-index 89f7bf5..d611a88 100755
---- a/configure.py
-+++ b/configure.py
-@@ -433,6 +433,14 @@ intl_optgroup.add_option('--with-icu-source',
-         'the icu4c source archive. '
-         'v%d.x or later recommended.' % icu_versions['minimum_icu'])
- 
-+intl_optgroup.add_option('--with-icu-default-data-dir',
-+    action='store',
-+    dest='with_icu_default_data_dir',
-+    help='Path to the icuXXdt{lb}.dat file. If unspecified, ICU data will '
-+         'only be read if the NODE_ICU_DATA environment variable or the '
-+         '--icu-data-dir runtime argument is used. This option has effect '
-+         'only when Node.js is built with --with-intl=small-icu.')
-+
- parser.add_option('--with-ltcg',
-     action='store_true',
-     dest='with_ltcg',
-@@ -1359,6 +1367,7 @@ def configure_intl(o):
-     locs.add('root')  # must have root
-     o['variables']['icu_locales'] = string.join(locs,',')
-     # We will check a bit later if we can use the canned deps/icu-small
-+    o['variables']['icu_default_data'] = options.with_icu_default_data_dir or ''
-   elif with_intl == 'full-icu':
-     # full ICU
-     o['variables']['v8_enable_i18n_support'] = 1
-diff --git a/node.gypi b/node.gypi
-index 466a174..65b97d6 100644
---- a/node.gypi
-+++ b/node.gypi
-@@ -113,6 +113,13 @@
-       'conditions': [
-         [ 'icu_small=="true"', {
-           'defines': [ 'NODE_HAVE_SMALL_ICU=1' ],
-+          'conditions': [
-+            [ 'icu_default_data!=""', {
-+              'defines': [
-+                'NODE_ICU_DEFAULT_DATA_DIR="<(icu_default_data)"',
-+              ],
-+            }],
-+          ],
-       }]],
-     }],
-     [ 'node_use_bundled_v8=="true" and \
-diff --git a/src/node.cc b/src/node.cc
-index 7c01187..c9840e3 100644
---- a/src/node.cc
-+++ b/src/node.cc
-@@ -92,6 +92,7 @@
- 
- #if defined(NODE_HAVE_I18N_SUPPORT)
- #include <unicode/uvernum.h>
-+#include <unicode/utypes.h>
- #endif
- 
- #if defined(LEAK_SANITIZER)
-@@ -2643,6 +2644,25 @@ void Init(std::vector<std::string>* argv,
-   // If the parameter isn't given, use the env variable.
-   if (per_process_opts->icu_data_dir.empty())
-     SafeGetenv("NODE_ICU_DATA", &per_process_opts->icu_data_dir);
-+
-+#ifdef NODE_ICU_DEFAULT_DATA_DIR
-+  // If neither the CLI option nor the environment variable was specified,
-+  // fall back to the configured default
-+  if (per_process_opts->icu_data_dir.empty()) {
-+    // Check whether the NODE_ICU_DEFAULT_DATA_DIR contains the right data
-+    // file and can be read.
-+    static const char full_path[] =
-+        NODE_ICU_DEFAULT_DATA_DIR "/" U_ICUDATA_NAME ".dat";
-+
-+    FILE* f = fopen(full_path, "rb");
-+
-+    if (f != nullptr) {
-+      fclose(f);
-+      per_process_opts->icu_data_dir = NODE_ICU_DEFAULT_DATA_DIR;
-+    }
-+  }
-+#endif  // NODE_ICU_DEFAULT_DATA_DIR
-+
-   // Initialize ICU.
-   // If icu_data_dir is empty here, it will load the 'minimal' data.
-   if (!i18n::InitializeICUDirectory(per_process_opts->icu_data_dir)) {
--- 
-2.26.2
-

SOURCES/0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch

@@ -1,13 +0,0 @@
-diff --git a/deps/npm/node_modules/y18n/index.js b/deps/npm/node_modules/y18n/index.js
-index d720681628..727362aac0 100644
---- a/deps/npm/node_modules/y18n/index.js
-+++ b/deps/npm/node_modules/y18n/index.js
-@@ -11,7 +11,7 @@ function Y18N (opts) {
-   this.fallbackToLanguage = typeof opts.fallbackToLanguage === 'boolean' ? opts.fallbackToLanguage : true
- 
-   // internal stuff.
--  this.cache = {}
-+  this.cache = Object.create(null)
-   this.writeQueue = []
- }
- 

SOURCES/nodejs-tarball.sh

@@ -1,189 +0,0 @@
-#!/bin/sh
-# Uses Argbash to generate command argument parsing. To update
-# arguments, make sure to call
-# `argbash nodejs-tarball.sh -o nodejs-tarball.sh`
-
-# ARG_POSITIONAL_SINGLE([version],[Node.js release version],[""])
-# ARG_DEFAULTS_POS([])
-# ARG_HELP([Tool to aid in Node.js packaging of new releases])
-# ARGBASH_GO()
-# needed because of Argbash --> m4_ignore([
-### START OF CODE GENERATED BY Argbash v2.8.1 one line above ###
-# Argbash is a bash code generator used to get arguments parsing right.
-# Argbash is FREE SOFTWARE, see https://argbash.io for more info
-
-
-die()
-{
-	local _ret=$2
-	test -n "$_ret" || _ret=1
-	test "$_PRINT_HELP" = yes && print_help >&2
-	echo "$1" >&2
-	exit ${_ret}
-}
-
-
-begins_with_short_option()
-{
-	local first_option all_short_options='h'
-	first_option="${1:0:1}"
-	test "$all_short_options" = "${all_short_options/$first_option/}" && return 1 || return 0
-}
-
-# THE DEFAULTS INITIALIZATION - POSITIONALS
-_positionals=()
-_arg_version=""
-# THE DEFAULTS INITIALIZATION - OPTIONALS
-
-
-print_help()
-{
-	printf '%s\n' "Tool to aid in Node.js packaging of new releases"
-	printf 'Usage: %s [-h|--help] [<version>]\n' "$0"
-	printf '\t%s\n' "<version>: Node.js release version (default: '""')"
-	printf '\t%s\n' "-h, --help: Prints help"
-}
-
-
-parse_commandline()
-{
-	_positionals_count=0
-	while test $# -gt 0
-	do
-		_key="$1"
-		case "$_key" in
-			-h|--help)
-				print_help
-				exit 0
-				;;
-			-h*)
-				print_help
-				exit 0
-				;;
-			*)
-				_last_positional="$1"
-				_positionals+=("$_last_positional")
-				_positionals_count=$((_positionals_count + 1))
-				;;
-		esac
-		shift
-	done
-}
-
-
-handle_passed_args_count()
-{
-	test "${_positionals_count}" -le 1 || _PRINT_HELP=yes die "FATAL ERROR: There were spurious positional arguments --- we expect between 0 and 1, but got ${_positionals_count} (the last one was: '${_last_positional}')." 1
-}
-
-
-assign_positional_args()
-{
-	local _positional_name _shift_for=$1
-	_positional_names="_arg_version "
-
-	shift "$_shift_for"
-	for _positional_name in ${_positional_names}
-	do
-		test $# -gt 0 || break
-		eval "$_positional_name=\${1}" || die "Error during argument parsing, possibly an Argbash bug." 1
-		shift
-	done
-}
-
-parse_commandline "$@"
-handle_passed_args_count
-assign_positional_args 1 "${_positionals[@]}"
-
-# OTHER STUFF GENERATED BY Argbash
-
-### END OF CODE GENERATED BY Argbash (sortof) ### ])
-# [ <-- needed because of Argbash
-
-
-set -e
-
-echo $_arg_version
-
-if [ x$_arg_version != x ]; then
-    version=$_arg_version
-else
-    version=$(rpm -q --specfile --qf='%{version}\n' nodejs.spec | head -n1)
-fi
-
-rm -f node-v${version}.tar.gz node-v${version}-stripped.tar.gz
-wget http://nodejs.org/dist/v${version}/node-v${version}.tar.gz \
-     http://nodejs.org/dist/v${version}/SHASUMS256.txt
-sha256sum -c SHASUMS256.txt --ignore-missing
-tar -zxf node-v${version}.tar.gz
-rm -rf node-v${version}/deps/openssl
-tar -zcf node-v${version}-stripped.tar.gz node-v${version}
-
-# Download the matching version of ICU
-rm -f icu4c*-src.tgz icu.md5
-ICUMD5=$(cat node-v${version}/tools/icu/current_ver.dep |jq -r '.[0].md5')
-wget $(cat node-v${version}/tools/icu/current_ver.dep |jq -r '.[0].url')
-ICUTARBALL=$(ls -1 icu4c*-src.tgz)
-echo "$ICUMD5  $ICUTARBALL" > icu.md5
-md5sum -c icu.md5
-rm -f icu.md5 SHASUMS256.txt
-
-rhpkg new-sources node-v${version}-stripped.tar.gz icu4c*-src.tgz
-
-rm -f node-v${version}.tar.gz
-
-set +e
-
-# Determine the bundled versions of the various packages
-echo "Bundled software versions"
-echo "-------------------------"
-echo
-echo "libnode shared object version"
-echo "========================="
-grep "define NODE_MODULE_VERSION" node-v${version}/src/node_version.h
-echo
-echo "V8"
-echo "========================="
-grep "define V8_MAJOR_VERSION" node-v${version}/deps/v8/include/v8-version.h
-grep "define V8_MINOR_VERSION" node-v${version}/deps/v8/include/v8-version.h
-grep "define V8_BUILD_NUMBER" node-v${version}/deps/v8/include/v8-version.h
-grep "define V8_PATCH_LEVEL" node-v${version}/deps/v8/include/v8-version.h
-echo
-echo "c-ares"
-echo "========================="
-grep "define ARES_VERSION_MAJOR" node-v${version}/deps/cares/include/ares_version.h
-grep "define ARES_VERSION_MINOR" node-v${version}/deps/cares/include/ares_version.h
-grep "define ARES_VERSION_PATCH" node-v${version}/deps/cares/include/ares_version.h
-echo
-echo "http-parser"
-echo "========================="
-grep "define HTTP_PARSER_VERSION_MAJOR" node-v${version}/deps/http_parser/http_parser.h
-grep "define HTTP_PARSER_VERSION_MINOR" node-v${version}/deps/http_parser/http_parser.h
-grep "define HTTP_PARSER_VERSION_PATCH" node-v${version}/deps/http_parser/http_parser.h
-echo
-echo "libuv"
-echo "========================="
-grep "define UV_VERSION_MAJOR" node-v${version}/deps/uv/include/uv/version.h
-grep "define UV_VERSION_MINOR" node-v${version}/deps/uv/include/uv/version.h
-grep "define UV_VERSION_PATCH" node-v${version}/deps/uv/include/uv/version.h
-echo
-echo "nghttp2"
-echo "========================="
-grep "define NGHTTP2_VERSION " node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
-echo
-echo "ICU"
-echo "========================="
-grep "url" node-v${version}/tools/icu/current_ver.dep
-echo
-echo "punycode"
-echo "========================="
-grep "'version'" node-v${version}/lib/punycode.js
-echo
-echo "npm"
-echo "========================="
-grep "\"version\":" node-v${version}/deps/npm/package.json
-echo
-echo "Make sure these versions match what is in the RPM spec file"
-
-rm -rf node-v${version}
-# ] <-- needed because of Argbash

SOURCES/npmrc

@@ -1 +0,0 @@
-prefix=/usr/local

macros.nodejs

@@ -0,0 +1,33 @@
+# nodejs binary
+%__nodejs %{_bindir}/node
+
+# nodejs library directory
+%nodejs_sitelib %{_prefix}/lib/node_modules
+
+#arch specific library directory
+#for future-proofing only; we don't do multilib
+%nodejs_sitearch %{nodejs_sitelib}
+
+# currently installed nodejs version
+%nodejs_version %(%{__nodejs} -v | sed s/v//)
+
+# symlink dependencies so `npm link` works
+# this should be run in every module's %%install section
+# pass --check to work in the current directory instead of the buildroot
+# pass --no-devdeps to ignore devDependencies when --check is used
+%nodejs_symlink_deps %{_rpmconfigdir}/nodejs-symlink-deps %{nodejs_sitelib}
+
+# patch package.json to fix a dependency
+# see `man npm-json` for details on writing dependencies for package.json files
+# e.g. `%%nodejs_fixdep frobber` makes any version of frobber do
+#      `%%nodejs_fixdep frobber '>1.0'` requires frobber > 1.0
+#      `%%nodejs_fixdep -r frobber removes the frobber dep
+%nodejs_fixdep %{_rpmconfigdir}/nodejs-fixdep
+
+# macro to filter unwanted provides from Node.js binary native modules
+%nodejs_default_filter %{expand: \
+%global __provides_exclude_from ^%{nodejs_sitearch}/.*\\.node$
+}
+
+# no-op macro to allow spec compatibility with EPEL
+%nodejs_find_provides_and_requires %{nil}

nodejs-fips-disable-options.patch

@@ -0,0 +1,20 @@
+FIPS related options cause a segfault, let's end sooner
+
+Upstream report: https://github.com/nodejs/node/pull/48950
+RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726
+
+This patch makes the part of the code that processes cmd-line options for
+FIPS to end sooner before the code gets to the problematic part of the code.
+
+diff -up node-v18.16.1/src/crypto/crypto_util.cc.origfips node-v18.16.1/src/crypto/crypto_util.cc
+--- node-v18.16.1/src/crypto/crypto_util.cc.origfips	2023-07-31 12:09:46.603683081 +0200
++++ node-v18.16.1/src/crypto/crypto_util.cc	2023-07-31 12:16:16.906617914 +0200
+@@ -111,6 +111,8 @@ bool ProcessFipsOptions() {
+   /* Override FIPS settings in configuration file, if needed. */
+   if (per_process::cli_options->enable_fips_crypto ||
+       per_process::cli_options->force_fips_crypto) {
++      fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n");
++      return false;
+ #if OPENSSL_VERSION_MAJOR >= 3
+     OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
+     if (fips_provider == nullptr)

nodejs-tarball.sh

@@ -0,0 +1,245 @@
+#!/bin/sh
+# Uses Argbash to generate command argument parsing. To update
+# arguments, make sure to call
+# `argbash nodejs-tarball.sh -o nodejs-tarball.sh`
+
+# ARG_POSITIONAL_SINGLE([version],[Node.js release version],[""])
+# ARG_DEFAULTS_POS([])
+# ARG_HELP([Tool to aid in Node.js packaging of new releases])
+# ARGBASH_GO()
+# needed because of Argbash --> m4_ignore([
+### START OF CODE GENERATED BY Argbash v2.8.1 one line above ###
+# Argbash is a bash code generator used to get arguments parsing right.
+# Argbash is FREE SOFTWARE, see https://argbash.io for more info
+
+
+die()
+{
+	local _ret=$2
+	test -n "$_ret" || _ret=1
+	test "$_PRINT_HELP" = yes && print_help >&2
+	echo "$1" >&2
+	exit ${_ret}
+}
+
+
+begins_with_short_option()
+{
+	local first_option all_short_options='h'
+	first_option="${1:0:1}"
+	test "$all_short_options" = "${all_short_options/$first_option/}" && return 1 || return 0
+}
+
+# THE DEFAULTS INITIALIZATION - POSITIONALS
+_positionals=()
+_arg_version=""
+# THE DEFAULTS INITIALIZATION - OPTIONALS
+
+
+print_help()
+{
+	printf '%s\n' "Tool to aid in Node.js packaging of new releases"
+	printf 'Usage: %s [-h|--help] [<version>]\n' "$0"
+	printf '\t%s\n' "<version>: Node.js release version (default: '""')"
+	printf '\t%s\n' "-h, --help: Prints help"
+}
+
+
+parse_commandline()
+{
+	_positionals_count=0
+	while test $# -gt 0
+	do
+		_key="$1"
+		case "$_key" in
+			-h|--help)
+				print_help
+				exit 0
+				;;
+			-h*)
+				print_help
+				exit 0
+				;;
+			*)
+				_last_positional="$1"
+				_positionals+=("$_last_positional")
+				_positionals_count=$((_positionals_count + 1))
+				;;
+		esac
+		shift
+	done
+}
+
+
+handle_passed_args_count()
+{
+	test "${_positionals_count}" -le 1 || _PRINT_HELP=yes die "FATAL ERROR: There were spurious positional arguments --- we expect between 0 and 1, but got ${_positionals_count} (the last one was: '${_last_positional}')." 1
+}
+
+
+assign_positional_args()
+{
+	local _positional_name _shift_for=$1
+	_positional_names="_arg_version "
+
+	shift "$_shift_for"
+	for _positional_name in ${_positional_names}
+	do
+		test $# -gt 0 || break
+		eval "$_positional_name=\${1}" || die "Error during argument parsing, possibly an Argbash bug." 1
+		shift
+	done
+}
+
+parse_commandline "$@"
+handle_passed_args_count
+assign_positional_args 1 "${_positionals[@]}"
+
+# OTHER STUFF GENERATED BY Argbash
+
+### END OF CODE GENERATED BY Argbash (sortof) ### ])
+# [ <-- needed because of Argbash
+
+
+set -e
+
+echo $_arg_version
+
+if [ x$_arg_version != x ]; then
+    version=$_arg_version
+else
+    version=$(rpm -q --specfile --qf='%{version}\n' nodejs.spec | head -n1)
+fi
+
+rm -f node-v${version}.tar.gz node-v${version}-stripped.tar.gz
+wget http://nodejs.org/dist/v${version}/node-v${version}.tar.gz \
+     http://nodejs.org/dist/v${version}/SHASUMS256.txt
+sha256sum -c SHASUMS256.txt --ignore-missing
+tar -zxf node-v${version}.tar.gz
+rm -rf node-v${version}/deps/openssl
+tar -zcf node-v${version}-stripped.tar.gz node-v${version}
+
+# Download the matching version of ICU
+rm -f icu4c*-src.tgz icu.md5
+ICUMD5=$(cat node-v${version}/tools/icu/current_ver.dep |jq -r '.[0].md5')
+wget $(cat node-v${version}/tools/icu/current_ver.dep |jq -r '.[0].url')
+ICUTARBALL=$(ls -1 icu4c*-src.tgz)
+echo "$ICUMD5  $ICUTARBALL" > icu.md5
+md5sum -c icu.md5
+rm -f icu.md5 SHASUMS256.txt
+
+#fedpkg new-sources node-v${version}-stripped.tar.gz icu4c*-src.tgz
+
+rm -f node-v${version}.tar.gz
+
+set +e
+
+# Determine the bundled versions of the various packages
+echo "Included software versions"
+echo "-------------------------"
+echo
+echo "Node.js version"
+echo "========================="
+echo "${version}"
+echo
+echo "Bundled software versions"
+echo "-------------------------"
+echo
+echo "libnode shared object version (nodejs_soversion)"
+echo "========================="
+NODE_SOVERSION=$(grep -oP '(?<=#define NODE_MODULE_VERSION )\d+' node-v${version}/src/node_version.h)
+echo "${NODE_SOVERSION}"
+echo
+echo "V8"
+echo "========================="
+V8_MAJOR=$(grep -oP '(?<=#define V8_MAJOR_VERSION )\d+' node-v${version}/deps/v8/include/v8-version.h)
+V8_MINOR=$(grep -oP '(?<=#define V8_MINOR_VERSION )\d+' node-v${version}/deps/v8/include/v8-version.h)
+V8_BUILD=$(grep -oP '(?<=#define V8_BUILD_NUMBER )\d+' node-v${version}/deps/v8/include/v8-version.h)
+V8_PATCH=$(grep -oP '(?<=#define V8_PATCH_LEVEL )\d+' node-v${version}/deps/v8/include/v8-version.h)
+echo "${V8_MAJOR}.${V8_MINOR}.${V8_BUILD}.${V8_PATCH}"
+echo
+echo "c-ares"
+echo "========================="
+C_ARES_VERSION=$(grep -oP '(?<=#define ARES_VERSION_STR ).*\"' node-v${version}/deps/cares/include/ares_version.h |sed -e 's/^"//' -e 's/"$//')
+echo $C_ARES_VERSION
+echo
+echo "llhttp"
+echo "========================="
+LLHTTP_MAJOR=$(grep -oP '(?<=#define LLHTTP_VERSION_MAJOR )\d+' node-v${version}/deps/llhttp/include/llhttp.h)
+LLHTTP_MINOR=$(grep -oP '(?<=#define LLHTTP_VERSION_MINOR )\d+' node-v${version}/deps/llhttp/include/llhttp.h)
+LLHTTP_PATCH=$(grep -oP '(?<=#define LLHTTP_VERSION_PATCH )\d+' node-v${version}/deps/llhttp/include/llhttp.h)
+LLHTTP_VERSION="${LLHTTP_MAJOR}.${LLHTTP_MINOR}.${LLHTTP_PATCH}"
+echo $LLHTTP_VERSION
+echo
+echo "libuv"
+echo "========================="
+UV_MAJOR=$(grep -oP '(?<=#define UV_VERSION_MAJOR )\d+' node-v${version}/deps/uv/include/uv/version.h)
+UV_MINOR=$(grep -oP '(?<=#define UV_VERSION_MINOR )\d+' node-v${version}/deps/uv/include/uv/version.h)
+UV_PATCH=$(grep -oP '(?<=#define UV_VERSION_PATCH )\d+' node-v${version}/deps/uv/include/uv/version.h)
+LIBUV_VERSION="${UV_MAJOR}.${UV_MINOR}.${UV_PATCH}"
+echo $LIBUV_VERSION
+echo
+echo "nghttp2"
+echo "========================="
+NGHTTP2_VERSION=$(grep -oP '(?<=#define NGHTTP2_VERSION ).*\"' node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h |sed -e 's/^"//' -e 's/"$//')
+echo $NGHTTP2_VERSION
+echo
+echo "nghttp3"
+echo "========================="
+NGHTTP3_VERSION=$(grep -oP '(?<=#define NGHTTP3_VERSION ).*\"' node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h |sed -e 's/^"//' -e 's/"$//')
+echo $NGHTTP3_VERSION
+echo
+echo "ngtcp2"
+echo "========================="
+NGTCP2_VERSION=$(grep -oP '(?<=#define NGTCP2_VERSION ).*\"' node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h |sed -e 's/^"//' -e 's/"$//')
+echo $NGTCP2_VERSION
+echo
+echo "ICU"
+echo "========================="
+ICU_MAJOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\1/g')
+ICU_MINOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\2/g')
+echo "${ICU_MAJOR}.${ICU_MINOR}"
+echo
+echo "simdutf"
+echo "========================="
+SIMDUTF_VERSION=$(grep -oP '(?<=#define SIMDUTF_VERSION ).*\"' node-v${version}/deps/simdutf/simdutf.h |sed -e 's/^"//' -e 's/"$//')
+echo $SIMDUTF_VERSION
+echo
+echo "ada"
+echo "========================="
+ADA_VERSION=$(grep -osP '(?<=#define ADA_VERSION ).*\"' node-v${version}/deps/ada/ada.h |sed -e 's/^"//' -e 's/"$//')
+ADA_VERSION=${ADA_VERSION:-0}
+echo "${ADA_VERSION}"
+echo
+echo "punycode"
+echo "========================="
+PUNYCODE_VERSION=$(grep -oP "'version': '\K[^']+" ./node-v${version}/lib/punycode.js)
+echo $PUNYCODE_VERSION
+echo
+echo "npm"
+echo "========================="
+NPM_VERSION=$(jq -r .version ./node-v${version}/deps/npm/package.json)
+echo $NPM_VERSION
+echo
+echo "corepack"
+echo "========================="
+COREPACK_VERSION=$(jq -r .version ./node-v${version}/deps/corepack/package.json)
+echo $COREPACK_VERSION
+echo
+echo "uvwasi"
+echo "========================="
+UVWASI_MAJOR=$(grep -oP '(?<=#define UVWASI_VERSION_MAJOR )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h)
+UVWASI_MINOR=$(grep -oP '(?<=#define UVWASI_VERSION_MINOR )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h)
+UVWASI_PATCH=$(grep -oP '(?<=#define UVWASI_VERSION_PATCH )\d+' node-v${version}/deps/uvwasi/include/uvwasi.h)
+UVWASI_VERSION="${UVWASI_MAJOR}.${UVWASI_MINOR}.${UVWASI_PATCH}"
+echo $UVWASI_VERSION
+echo
+echo "histogram_c"
+echo "========================="
+HISTOGRAM_VERSION=$(grep -oP '(?<=#define HDR_HISTOGRAM_VERSION ).*\"' node-v${version}/deps/histogram/include/hdr/hdr_histogram_version.h|sed -e 's/^"//' -e 's/"$//')
+echo $HISTOGRAM_VERSION
+echo
+echo "Make sure these versions match what is in the RPM spec file"
+
+rm -rf node-v${version}
+# ] <-- needed because of Argbash

nodejs.spec

@@ -1,13 +1,32 @@
-%global with_debug 0
-
-# PowerPC, s390x and aarch64 segfault during Debug builds
-# https://github.com/nodejs/node/issues/20642
-%ifarch %{power64} s390x aarch64
-%global with_debug 0
+# The following macros control the usage of dependencies bundled from upstream.
+#
+# When to use what:
+# - Regular (presumably non-modular) build: use neither (the default in Fedora)
+# - Early bootstrapping build that is not intended to be shipped:
+#     use --with=bootstrap; this will bundle deps and add `~bootstrap` release suffix
+# - Build with some dependencies not avalaible in necessary versions (i.e. module build):
+#     use --with=bundled; will bundle deps, but do not add the suffix
+#
+# create bootstrapping build with bundled deps and extra release suffix
+%bcond_with bootstrap
+# bundle dependencies that are not available in CentOS
+%if %{with bootstrap}
+%bcond_without bundled
+%else
+%bcond_with bundled
 %endif
 
-# bundle dependencies that are not available as Fedora modules
-%bcond_with bootstrap
+%bcond_with python3_fixup
+
+# LTO is currently broken on Node.js builds
+%define _lto_cflags %{nil}
+
+# Heavy-handed approach to avoiding issues with python
+# bytecompiling files in the node_modules/ directory
+%global __python %{__python3}
+
+# This macro serves to provide corepack, which is not provided for now, but might be in the future
+%bcond_with corepack
 
 # == Master Relase ==
 # This is used by both the nodejs package and the npm subpackage that
@@ -23,12 +42,12 @@
 # feature releases that are only supported for nine months, which is shorter
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
-%global nodejs_major 10
-%global nodejs_minor 24
+%global nodejs_major 20
+%global nodejs_minor 11
 %global nodejs_patch 0
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
-%global nodejs_soversion 64
+%global nodejs_soversion 115
 %global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}
 %global nodejs_release %{baserelease}
 
@@ -37,11 +56,11 @@
 # == Bundled Dependency Versions ==
 # v8 - from deps/v8/include/v8-version.h
 # Epoch is set to ensure clean upgrades from the old v8 package
-%global v8_epoch 1
-%global v8_major 6
-%global v8_minor 8
-%global v8_build 275
-%global v8_patch 32
+%global v8_epoch 2
+%global v8_major 11
+%global v8_minor 3
+%global v8_build 244
+%global v8_patch 8
 # V8 presently breaks ABI at least every x.y release while never bumping SONAME
 %global v8_abi %{v8_major}.%{v8_minor}
 %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}
@@ -49,31 +68,25 @@
 
 # c-ares - from deps/cares/include/ares_version.h
 # https://github.com/nodejs/node/pull/9332
-%global c_ares_major 1
-%global c_ares_minor 15
-%global c_ares_patch 0
-%global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch}
+%global c_ares_version 1.20.1
 
-# http-parser - from deps/http_parser/http_parser.h
-%global http_parser_major 2
-%global http_parser_minor 9
-%global http_parser_patch 4
-%global http_parser_version %{http_parser_major}.%{http_parser_minor}.%{http_parser_patch}
+# llhttp - from deps/llhttp/include/llhttp.h
+%global llhttp_version 8.1.1
 
 # libuv - from deps/uv/include/uv/version.h
-%global libuv_major 1
-%global libuv_minor 34
-%global libuv_patch 2
-%global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch}
+%global libuv_version 1.46.0
 
 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
-%global nghttp2_major 1
-%global nghttp2_minor 41
-%global nghttp2_patch 0
-%global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch}
+%global nghttp2_version 1.58.0
+
+# nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
+%global nghttp3_version 0.7.0
+
+# ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
+%global ngtcp2_version 0.8.1
 
 # ICU - from tools/icu/current_ver.dep
-%global icu_major 64
+%global icu_major 73
 %global icu_minor 2
 %global icu_version %{icu_major}.%{icu_minor}
 
@@ -81,21 +94,34 @@
 %{!?little_endian: %global little_endian %(%{__python3} -c "import sys;print (0 if sys.byteorder=='big' else 1)")}
 # " this line just fixes syntax highlighting for vim that is confused by the above and continues literal
 
+%global sys_icu_version %(/usr/bin/icu-config --version)
+
+%if "%{sys_icu_version}" >= "%{icu_version}"
+%global bundled_icu 0
+%global icu_flag system-icu
+%else
+%global bundled_icu 1
+%global icu_flag full-icu
+%endif
+
+# simduft from deps/simdutf/simdutf.h
+%global simduft_version 4.0.4
+
+# ada from deps/ada/ada.h
+%global ada_version 2.7.4
+
+# OpenSSL minimum version
+%global openssl_minimum 1:1.1.1
 
 # punycode - from lib/punycode.js
 # Note: this was merged into the mainline since 0.6.x
 # Note: this will be unmerged in an upcoming major release
-%global punycode_major 2
-%global punycode_minor 1
-%global punycode_patch 0
-%global punycode_version %{punycode_major}.%{punycode_minor}.%{punycode_patch}
+# Note: Marked as pending deprecation since 18.16.0
+%global punycode_version 2.1.0
 
 # npm - from deps/npm/package.json
 %global npm_epoch 1
-%global npm_major 6
-%global npm_minor 14
-%global npm_patch 11
-%global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}
+%global npm_version 10.2.4
 
 # In order to avoid needing to keep incrementing the release version for the
 # main package forever, we will just construct one for npm that is guaranteed
@@ -103,12 +129,15 @@
 # base npm version number is increasing.
 %global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
 
-# brotli - from deps/brotli/c/common/version.h
-# v10.x doesn't have --shared-brotli configure option, so we have to bundle it
-%global brotli_major 1
-%global brotli_minor 0
-%global brotli_patch 7
-%global brotli_version %{brotli_major}.%{brotli_minor}.%{brotli_patch}
+# Node.js 16.9.1 and later comes with an experimental package management tool
+# corepack - from deps/corepack/package.json
+%global corepack_version 0.23.0
+
+# uvwasi - from deps/uvwasi/include/uvwasi.h
+%global uvwasi_version 0.0.19
+
+# histogram_c - from deps/histogram/include/hdr/hdr_histogram_version.h
+%global histogram_version 0.11.8
 
 Name: nodejs
 Epoch: %{nodejs_epoch}
@@ -135,26 +164,44 @@ Source100: %{name}-tarball.sh
 # nodejs-packaging SRPM.
 Source7: nodejs_native.attr
 
+# Configure npm to look into /etc for configuration
+Source8: npmrc.builtin.in
+
+# These are full sources for dependencies included as WASM blobs in the source of Node itself.
+# Note: These sources would also include pre-compiled WASM blobs… so they are adjusted not to.
+# Recipes for creating these blobs are included in the sources.
+
+# Version: jq '.version' deps/cjs-module-lexer/package.json
+# Original: https://github.com/nodejs/cjs-module-lexer/archive/refs/tags/1.2.2.tar.gz
+# Adjustments: rm -f cjs-module-lexer-1.2.2/lib/lexer.wasm
+# wasi-sdk version can be found in Makefile
+# https://github.com/nodejs/cjs-module-lexer/blob/1.2.2/Makefile
+Source101: cjs-module-lexer-1.2.2.tar.gz
+Source111: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-11.0-linux.tar.gz
+
+# Version: jq '.version' deps/undici/src/package.json
+# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.27.2.tar.gz
+# Adjustments: rm -f undici-5.27.2/lib/llhttp/llhttp*.wasm
+# wasi-sdk version can be found in lib/llhttp/wasm_build_env.txt
+Source102: undici-5.27.2.tar.gz
+Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-16/wasi-sdk-16.0-linux.tar.gz
+
 # Disable running gyp on bundled deps we don't use
 Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
-
-# Suppress the message from npm to run `npm -g update npm`
-# This does bad things on an RPM-managed npm.
-Patch2: 0002-Suppress-NPM-message-to-run-global-update.patch
-
-# Upstream patch to enable auto-detection of full ICU data
-# https://github.com/nodejs/node/pull/30825
-Patch3: 0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch
-
-# CVE-2020-7774
-Patch4: 0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch
+Patch3: nodejs-fips-disable-options.patch
 
 BuildRequires: make
-BuildRequires: python2-devel
 BuildRequires: python3-devel
+BuildRequires: python3-setuptools
+BuildRequires: python3-jinja2
+%if !%{with python3_fixup}
+BuildRequires: python-unversioned-command
+%endif
 BuildRequires: zlib-devel
-BuildRequires: gcc >= 6.3.0
-BuildRequires: gcc-c++ >= 6.3.0
+BuildRequires: brotli-devel
+BuildRequires: gcc >= 8.3.0
+BuildRequires: gcc-c++ >= 8.3.0
+BuildRequires: jq
 # needed to generate bundled provides for npm dependencies
 # https://src.fedoraproject.org/rpms/nodejs/pull-request/2
 # https://pagure.io/nodejs-packaging/pull-request/10
@@ -162,22 +209,28 @@ BuildRequires: nodejs-packaging
 BuildRequires: chrpath
 BuildRequires: libatomic
 
-%if %{with bootstrap}
-Provides: bundled(http-parser) = %{http_parser_version}
-Provides: bundled(libuv) = %{libuv_version}
-Provides: bundled(nghttp2) = %{nghttp2_version}
+%if %{with bundled}
+Provides:      bundled(libuv) = %{libuv_version}
 %else
-BuildRequires: systemtap-sdt-devel
 BuildRequires: libuv-devel >= 1:%{libuv_version}
-Requires: libuv >= 1:%{libuv_version}
-BuildRequires: libnghttp2-devel >= %{nghttp2_version}
-Requires: libnghttp2 >= %{nghttp2_version}
-BuildRequires: http-parser-devel >= %{http_parser_version}
-Requires: http-parser >= %{http_parser_version}
-
+Requires:      libuv >= 1:%{libuv_version}
 %endif
 
-BuildRequires: openssl-devel
+%if %{with bundled}
+Provides:      bundled(nghttp2) = %{nghttp2_version}
+%else
+BuildRequires: libnghttp2-devel >= %{nghttp2_version}
+Requires:      libnghttp2 >= %{nghttp2_version}
+%endif
+
+# Temporarily bundle llhttp because the upstream doesn't
+# provide releases for it.
+Provides: bundled(llhttp) = %{llhttp_version}
+Provides: bundled(nghttp3) = %{nghttp3_version}
+Provides: bundled(ngtcp2) = %{ngtcp2_version}
+
+BuildRequires: openssl-devel >= %{openssl_minimum}
+Requires: openssl >= %{openssl_minimum}
 
 # we need the system certificate store
 Requires: ca-certificates
@@ -229,16 +282,18 @@ Provides: bundled(v8) = %{v8_version}
 # an ABI-break, so we'll use the bundled copy.
 Provides: bundled(icu) = %{icu_version}
 
-# Make sure we keep NPM up to date when we update Node.js
-%if 0%{?rhel}
-# EPEL doesn't support Recommends, so make it strict
-Requires: npm = %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
-%else
-Recommends: npm = %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
+# Upstream added new dependencies, but so far they are not available in Fedora
+# or there's no option to built it as a shared dependency, so we bundle them
+Provides: bundled(uvwasi) = %{uvwasi_version}
+Provides: bundled(histogram) = %{histogram_version}
+%if %{with corepack}
+Provides: bundled(corepack) = %{corepack_version}
 %endif
+Provides: bundled(simduft) = %{simduft_version}
+Provides: bundled(ada) = %{ada_version}
 
-# Provide bundled brotli until we can build it with system package
-Provides: bundled(brotli) = %{brotli_version}
+# Make sure we keep NPM up to date when we update Node.js
+Recommends: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
 
 %description
 Node.js is a platform built on Chrome's JavaScript runtime
@@ -254,12 +309,10 @@ Group: Development/Languages
 Requires: %{name}%{?_isa} = %{epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
 Requires: openssl-devel%{?_isa}
 Requires: zlib-devel%{?_isa}
+Requires: brotli-devel%{?_isa}
 Requires: nodejs-packaging
 
-%if %{with bootstrap}
-# deps are bundled
-%else
-Requires: http-parser-devel%{?_isa}
+%if %{without bundled}
 Requires: libuv-devel%{?_isa}
 %endif
 
@@ -288,6 +341,7 @@ Release: %{npm_release}%{?dist}
 Obsoletes: npm < 0:3.5.4-6
 Provides: npm = %{npm_epoch}:%{npm_version}
 Requires: nodejs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
+Recommends: nodejs-docs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
 
 # Do not add epoch to the virtual NPM provides or it will break
 # the automatic dependency-generation script.
@@ -318,79 +372,74 @@ The API documentation for the Node.js JavaScript runtime.
 
 # remove bundled dependencies that we aren't building
 rm -rf deps/zlib
+rm -rf deps/brotli
+rm -rf deps/v8/third_party/jinja2
+rm -rf tools/inspector_protocol/jinja2
 
-# Replace any instances of unversioned python' with python2
-pathfix.py -i %{__python2} -pn $(find -type f ! -name "*.js")
-find . -type f -exec sed -i "s~/usr\/bin\/env python~/usr/bin/python2~" {} \;
-find . -type f -exec sed -i "s~/usr\/bin\/python\W~/usr/bin/python2~" {} \;
-sed -i "s~python~python2~" $(find . -type f | grep "gyp$")
+# Replace any instances of unversioned python' with python3
+# check for correct versions of dependencies we are bundling
+check_wasm_dep() {
+  local -r name="$1" source="$2" packagejson="$3"
+  local -r expected_version="$(jq -r '.version' "${packagejson}")"
+
+  if ls "${source}"|grep -q --fixed-strings "${expected_version}"; then
+    printf '%s version matches\n' "${name}" >&2
+  else
+    printf '%s version MISMATCH: %s !~ %s\n' "${name}" "${expected_version}" "${source}" >&2
+    return 1
+  fi
+}
+
+check_wasm_dep cjs-module-lexer '%{SOURCE101}' deps/cjs-module-lexer/package.json
+check_wasm_dep undici           '%{SOURCE102}' deps/undici/src/package.json
+
+%if %{with python3_fixup}
+pathfix.py -i %{__python3} -pn $(find -type f ! -name "*.js")
+find . -type f -exec sed -i "s~/usr\/bin\/env python~/usr/bin/python3~" {} \;
+find . -type f -exec sed -i "s~/usr\/bin\/python\W~/usr/bin/python3~" {} \;
 sed -i "s~usr\/bin\/python2~usr\/bin\/python3~" ./deps/v8/tools/gen-inlining-tests.py
-sed -i "s~usr\/bin\/python.*$~usr\/bin\/python2~" ./deps/v8/tools/mb/mb_unittest.py
-find . -type f -exec sed -i "s~python -c~python2 -c~" {} \;
-sed -i "s~which('python')~which('python2')~" configure
+sed -i "s~usr\/bin\/python.*$~usr\/bin\/python3~" ./deps/v8/tools/mb/mb_test.py
+find . -type f -exec sed -i "s~python -c~python3 -c~" {} \;
+%endif
 
 %build
-
-%ifarch s390 s390x %{arm} %ix86
 # Decrease debuginfo verbosity to reduce memory consumption during final
 # library linking
 %global optflags %(echo %{optflags} | sed 's/-g /-g1 /')
-%endif
 
-export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
 export CC='%{__cc}'
 export CXX='%{__cxx}'
+%{?with_python3_fixup:export NODE_GYP_FORCE_PYTHON=%{__python3}}
 
 # build with debugging symbols and add defines from libuv (#892601)
 # Node's v8 breaks with GCC 6 because of incorrect usage of methods on
 # NULL objects. We need to pass -fno-delete-null-pointer-checks
-export CFLAGS='%{optflags} \
-               -D_LARGEFILE_SOURCE \
-               -D_FILE_OFFSET_BITS=64 \
-               -DZLIB_CONST \
-               -fno-delete-null-pointer-checks'
-export CXXFLAGS='%{optflags} \
-                 -D_LARGEFILE_SOURCE \
-                 -D_FILE_OFFSET_BITS=64 \
-                 -DZLIB_CONST \
-                 -fno-delete-null-pointer-checks'
-
-# Explicit new lines in C(XX)FLAGS can break naive build scripts
-export CFLAGS="$(echo ${CFLAGS} | tr '\n\\' '  ')"
-export CXXFLAGS="$(echo ${CXXFLAGS} | tr '\n\\' '  ')"
-
+extra_cflags=(
+    -D_LARGEFILE_SOURCE
+    -D_FILE_OFFSET_BITS=64
+    -DZLIB_CONST
+    -fno-delete-null-pointer-checks
+)
+export CFLAGS="%{optflags} ${extra_cflags[*]}" CXXFLAGS="%{optflags} ${extra_cflags[*]}"
 export LDFLAGS="%{build_ldflags}"
 
-%if %{with bootstrap}
-./configure --prefix=%{_prefix} \
+%{__python3} configure.py --prefix=%{_prefix} --verbose \
            --shared-openssl \
            --shared-zlib \
-           --without-dtrace \
-           --with-intl=small-icu \
-           --openssl-use-def-ca-store
-%else
-./configure --prefix=%{_prefix} \
-           --shared-openssl \
-           --shared-zlib \
-           --shared-libuv \
-           --shared-http-parser \
-           --shared-nghttp2 \
-           --with-dtrace \
+           --shared-brotli \
+           %{!?with_bundled:--shared-libuv} \
+           %{!?with_bundled:--shared-nghttp2} \
            --with-intl=small-icu \
            --with-icu-default-data-dir=%{icudatadir} \
-           --openssl-use-def-ca-store
-%endif
+           %{!?with_corepack:--without-corepack} \
+           --openssl-use-def-ca-store \
+           --openssl-default-cipher-list=PROFILE=SYSTEM
 
-%if %{?with_debug} == 1
-# Setting BUILDTYPE=Debug builds both release and debug binaries
-make BUILDTYPE=Debug %{?_smp_mflags}
-%else
 make BUILDTYPE=Release %{?_smp_mflags}
-%endif
 
 # Extract the ICU data and convert it to the appropriate endianness
 pushd deps/
-tar xfz %SOURCE3
+tar xfz %{SOURCE3}
 
 pushd icu/source
 
@@ -419,8 +468,6 @@ popd # deps
 
 
 %install
-export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
-
 rm -rf %{buildroot}
 
 ./tools/install.py install %{buildroot} %{_prefix}
@@ -429,11 +476,6 @@ rm -rf %{buildroot}
 chmod 0755 %{buildroot}/%{_bindir}/node
 chrpath --delete %{buildroot}%{_bindir}/node
 
-%if %{?with_debug} == 1
-# Install the debug binary and set its permissions
-install -Dpm0755 out/Debug/node %{buildroot}/%{_bindir}/node_g
-%endif
-
 # own the sitelib directory
 mkdir -p %{buildroot}%{_prefix}/lib/node_modules
 
@@ -467,9 +509,10 @@ cp -pr deps/npm/man/* %{buildroot}%{_mandir}/
 rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/man
 ln -sf %{_mandir}  %{buildroot}%{_prefix}/lib/node_modules/npm/man
 
-# Install Gatsby HTML documentation to %{_pkgdocdir}
+# Install Gatsby HTML documentation to %%{_pkgdocdir}
 cp -pr deps/npm/docs %{buildroot}%{_pkgdocdir}/npm/
 rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/docs
+
 ln -sf %{_pkgdocdir}/npm %{buildroot}%{_prefix}/lib/node_modules/npm/docs
 
 # Node tries to install some python files into a documentation directory
@@ -487,18 +530,24 @@ find %{buildroot}%{_prefix}/lib/node_modules/npm \
     -exec chmod -x {} \;
 
 # The above command is a little overzealous. Add a few permissions back.
-chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/npm-lifecycle/node-gyp-bin/node-gyp
+chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp
 chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js
 
+%if %{with corepack}
+# Corepack contains a number of executable"shims", including some for Windows
+# PowerShell. Drop the executable bit for those so we don't pick up an
+# automatic dependency on /usr/bin/pwsh that we cannot satisfy.
+chmod -x %{buildroot}%{_prefix}/lib/node_modules/corepack/shims/*.ps1
+%endif
+
+# Drop the NPM builtin configuration in place
+sed -e 's#@SYSCONFDIR@#%{_sysconfdir}#g' \
+    %{SOURCE8} > %{buildroot}%{_prefix}/lib/node_modules/npm/npmrc
+
 # Drop the NPM default configuration in place
 mkdir -p %{buildroot}%{_sysconfdir}
 cp %{SOURCE1} %{buildroot}%{_sysconfdir}/npmrc
 
-# NPM upstream expects it to be in /usr/etc/npmrc, so we'll put a symlink here
-# This is done in the interests of keeping /usr read-only.
-mkdir -p %{buildroot}%{_prefix}/etc
-ln -s %{_sysconfdir}/npmrc %{buildroot}%{_prefix}/etc/npmrc
-
 # Install the full-icu data files
 install -Dpm0644 -t %{buildroot}%{icudatadir} deps/icu/source/converted/*
 
@@ -513,70 +562,31 @@ install -Dpm0644 -t %{buildroot}%{icudatadir} deps/icu/source/converted/*
 %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')"
 
 # Ensure we have npm and that the version matches
-NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"npm\").version, '%{npm_version}')"
+NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(JSON.parse(require(\"fs\").readFileSync(\"%{buildroot}%{_prefix}/lib/node_modules/npm/package.json\")).version, '%{npm_version}')"
 
 # Make sure i18n support is working
-NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2}
-
-
-%pretrans -n npm -p <lua>
--- Remove all of the symlinks from the bundled npm node_modules directory
--- This scriptlet can be removed in Fedora 31
-base_path = "%{_prefix}/lib/node_modules/npm/node_modules/"
-d_st = posix.stat(base_path)
-if d_st then
-  for f in posix.files(base_path) do
-    path = base_path..f
-    st = posix.stat(path)
-    if st and st.type == "link" then
-      os.remove(path)
-    end
-  end
-end
-
--- Replace the npm man directory with a symlink
--- Drop this scriptlet when F31 is EOL
-path = "%{_prefix}/lib/node_modules/npm/man"
-st = posix.stat(path)
-if st and st.type == "directory" then
-  status = os.rename(path, path .. ".rpmmoved")
-  if not status then
-    suffix = 0
-    while not status do
-      suffix = suffix + 1
-      status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
-    end
-    os.rename(path, path .. ".rpmmoved")
-  end
-end
+NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2}
 
 
 %files
 %{_bindir}/node
 %dir %{_prefix}/lib/node_modules
 %dir %{_datadir}/node
-%dir %{_datadir}/systemtap
-%dir %{_datadir}/systemtap/tapset
-%{_datadir}/systemtap/tapset/node.stp
 
-%if %{with bootstrap}
-# no dtrace
-%else
-%dir %{_usr}/lib/dtrace
-%{_usr}/lib/dtrace/node.d
+%if %{with corepack}
+# corepack
+%{_bindir}/corepack
+%{_prefix}/lib/node_modules/corepack
 %endif
 
 %{_rpmconfigdir}/fileattrs/nodejs_native.attr
 %{_rpmconfigdir}/nodejs_native.req
 %license LICENSE
-%doc AUTHORS CHANGELOG.md COLLABORATOR_GUIDE.md GOVERNANCE.md README.md
+%doc CHANGELOG.md onboarding.md GOVERNANCE.md README.md
 %doc %{_mandir}/man1/node.1*
 
 
 %files devel
-%if %{?with_debug} == 1
-%{_bindir}/node_g
-%endif
 %{_includedir}/node
 %{_datadir}/node/common.gypi
 %{_pkgdocdir}/gdbinit
@@ -592,7 +602,6 @@ end
 %{_bindir}/npx
 %{_prefix}/lib/node_modules/npm
 %config(noreplace) %{_sysconfdir}/npmrc
-%{_prefix}/etc/npmrc
 %ghost %{_sysconfdir}/npmignore
 %doc %{_mandir}/man1/npm*.1*
 %doc %{_mandir}/man1/npx.1*
@@ -601,73 +610,238 @@ end
 %doc %{_mandir}/man5/npmrc.5*
 %doc %{_mandir}/man5/package-json.5*
 %doc %{_mandir}/man5/package-lock-json.5*
-%doc %{_mandir}/man5/package-locks.5*
-%doc %{_mandir}/man5/shrinkwrap-json.5*
+%doc %{_mandir}/man5/npm-shrinkwrap-json.5*
+%doc %{_mandir}/man5/npm-global.5.*
+%doc %{_mandir}/man5/npm-json.5.*
 %doc %{_mandir}/man7/config.7*
+%doc %{_mandir}/man7/dependency-selectors.7*
 %doc %{_mandir}/man7/developers.7*
-%doc %{_mandir}/man7/disputes.7*
+%doc %{_mandir}/man7/logging.7*
 %doc %{_mandir}/man7/orgs.7*
+%doc %{_mandir}/man7/package-spec.7*
 %doc %{_mandir}/man7/registry.7*
 %doc %{_mandir}/man7/removal.7*
 %doc %{_mandir}/man7/scope.7*
 %doc %{_mandir}/man7/scripts.7*
-%doc %{_mandir}/man7/semver.7*
+%doc %{_mandir}/man7/workspaces.7*
 
 
 %files docs
+%doc doc
 %dir %{_pkgdocdir}
 %{_pkgdocdir}/html
 %{_pkgdocdir}/npm/docs
 
 
 %changelog
-* Wed Feb 24 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.24.0-1
-- Resolves: RHBZ#1932373, RHBZ#1932426
-- Resolves CVE-2021-22883 and CVE-2021-22884
-- remove -debug-nghttp2 flag (1930775)
-- remove ini patch merged upstream
+* Fri Jan 12 2024 Jan Staněk <jstanek@redhat.com> - 1:20.11.0-1
+- Rebase to version 20.11.0
+  Resolves: RHEL-21188
 
-* Mon Jan 18 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.23.1-1
-- January Security release
+* Thu Nov 09 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:20.9.0-1
+- Rebase to LTS
+- Resolves: RHEL-16161
+
+* Wed Oct 18 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:20.8.1-1
+- Update node and nghttp
+- Add fips patch
+- Fixes CVE-2023-44487 (nghttp)
+- Fixes CVE-2023-45143, CVE-2023-39331, CVE-2023-39332, CVE-2023-38552, CVE-2023-39333
+
+* Thu Aug 10 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:20.5.1-1
+- Rebase to new security release
+- Address CVE-2023-32002, CVE-2023-32004, CVE-2023-32558 (high)
+- Address CVE-2023-32006, CVE-2023-32559 (medium)
+- Address CVE-2023-32005, CVE-2023-32003 (low)
+- Resolves: #2186717
+- Resolves RHELPLAN-155639
+
+* Thu Jul 27 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:20.5.0-1
+- Update to v20.5.0
+- Remove dtrace support
+- bcond corepack, so we don't provide it by default
+- Decrease debuginfo verbosity for all arches
+- Resolves: #2186717
+- Resolves RHELPLAN-155639
+
+* Wed Jul 12 2023 Jan Staněk <jstanek@redhat.com> - 1:18.16.1-1
+- Rebase to 18.16.1
+  Resolves: rhbz#2188292 rhbz#2187683
+  Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590
+- Replace /usr/etc/npmrc symlink with builtin configuration
+  Resolves: rhbz#2222285
+
+* Tue May 30 2023 Jan Staněk <jstanek@redhat.com> - 1:18.14.2-3
+- Update bundled c-ares to 1.19.1
+  Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067
+
+* Tue Mar 21 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.14.2-2
+- Provide simduft
+- Resolves: #2159389
+
+* Mon Mar 20 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.14.2-1
+- Rebase to 18.14.2
+- Resolves: #2159389
+- Resolves: CVE-2022-25881, CVE-2022-4904, CVE-2023-23936, CVE-2023-24807
+- Resolves: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920
+
+* Wed Nov 16 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.12.1-1
+- Rebase + CVEs
+- Resolves: #2142809
+- Resolves: #2142830, #2142856
+
+* Sun Oct 09 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.10.0-3
+- Resolves: #2111861
+- Add proper sources for undici
+
+* Fri Oct 07 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.10.0-2
+- Resolves: #2130565
+- Add missing file
+
+* Thu Oct 06 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.10.0-1
+- Update to latest release
+- Resolves: #2130565
+- Resolves #2111009, #2111861, #2132732
+
+* Fri Aug 26 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.8.0-1
+- Update to latest release
+- Resolves: RHBZ#2111009
+- Provide undici and cjs-module-lexer + wasi-sdk sources
+- Resolves: RBHZ#2111861
+
+* Mon Aug 08 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.7.0-1
+- Update to latest release
+- Resolves CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215
+- Resolves CVE-2022-29244
+- Resolves: RHBZ#2111009
+
+* Mon Jun 20 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.2.0-2
+- Disable LTO
+- Related: #1990096
+- Build without python3 fixup by default
+
+* Tue May 31 2022 Jan Staněk <jstanek@redhat.com> - 1:18.2.0-1
+- Rebase to version 18.2.0
+
+* Mon Apr 25 2022 Jan Staněk <jstanek@redhat.com> - 1:16.14.0-5
+- Unify configure calls into single command
+- Refactor bootstrap-related parts
+- Decouple dependency bundling from bootstrapping
+
+* Mon Apr 11 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.14.0-4
+- Apply lock file validation fixes
+- Resolves: CVE-2021-43616
+- Resolves: RHBZ#2070013
+
+* Mon Dec 06 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.13.1-3
+- Resolves: RHBZ#2026329
+- Add corepack to spec
+
+* Mon Dec 06 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.13.1-2
+- Resolves: RHBZ#2026329
+- Update npm version test
+
+* Thu Dec 02 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.13.1-1
+- Resolves: RHBZ#2014132, RHBZ#2014126, RHBZ#2013828, RHBZ#2024920
+- Resolves: RHBZ#2026329
+- Rebase to LTS release and to fix multiple low and medium CVEs
+
+* Mon Sep 13 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.8.0-1
+- Resolves CVE-2021-32803, CVE-2021-32804, CVE-2021-37701, CVE-2021-37712
+- Resolves: RHBZ#1993948, RHBZ#1993941, RHBZ#2000151, RHBZ#2002176
+
+* Mon Aug 30 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.7.0-2
+- Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939,
+- CVE-2021-22940, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672
+- Resolves: RHBZ#1988608, RHBZ#1993816, RHBZ#1993810
+- Resolves: RHBZ#1993097, RHBZ#1993948, RHBZ#1993941, RHBZ#1994963
+- fix python3 in gyp
+
+* Wed Aug 18 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.7.0-1
+- Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939,
+- CVE-2021-22940, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672
+- Resolves: RHBZ#1988608, RHBZ#1993816, RHBZ#1993810
+- Resolves: RHBZ#1993097, RHBZ#1993948, RHBZ#1993941, RHBZ#1994963
+
+* Fri Jul 09 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.4.2-1
+- Resolves: RHBZ#1979847
+- Resolves CVE-2021-22918(libuv)
+- Use system cipher list(1842826, 1952915)
+
+* Tue May 11 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.1.0-1
+- Resolves: RHBZ#1953991
+- Rebase to v16.x
+- Update version of gcc and gcc-c++ needed
+- Remove libs conditionals
+- Remove unused patches
+- Bundle nghttp3 and ngtcp2
+
+* Mon Mar 01 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.16.0-2
+- Resolves RHBZ#1930775
+- remove --debug-nghttp2 option
+
+* Mon Mar 01 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.16.0-1
+- Resolves CVE-2021-22883 CVE-2021-22884
+- Resolves: RHBZ#1934566, RHBZ#1934599
+- Rebase, remove ini patch
+
+* Tue Jan 26 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.4-2
+- Add patch for yarn crash
+- Resolves: RHBZ#1915296
+
+* Tue Jan 19 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.4-1
+- Security rebase to 14.15.4
 - https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
-- Rebase to 10.23.1
-- Resolves: RHBZ#1916461, RHBZ#1914789
-- Resolves: RHBZ#1914783, RHBZ#1916462, RHBZ#1916395, RHBZ#1916459
-- Resolves: RHBZ#1916691, RHBZ#1916689, RHBZ#1916388
-- Remove dot-prop patch, as it is fixed by npm rebase
+- Resolves: RHBZ#1913001, RHBZ#1912953
+- Resolves: RHBZ#1912636, RHBZ#1898602, RHBZ#1898768, RHBZ#1893987, RHBZ#1893184
 
-* Tue Sep 22 2020 Jan Staněk <jstanek@redhat.com> - 1:10.22.1-1
-- Security rebase to 10.22.1
+* Thu Oct 29 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.0-1
+- Resolves: RHBZ#1858864
+- Update to LTS release
 
-* Wed Jun 17 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-3
-- Resolves: RHBZ#1845307
-- Remove brotli-devel requires from nodejs-devel
+* Mon Sep 21 2020 Jan Staněk <jstanek@redhat.com> - 1:14.11.0-1
+- Security update to 14.11.0
 
-* Tue Jun 16 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-2
-- Resolves: RHBZ#1845307
-- Turn off debug builds
+* Wed Jun 03 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.4.0-1
+- Security update to 14.4.0
+- Resolves: RHBZ#1815402
 
-* Mon Jun 15 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-1
-- Security update to 10.21.0
-- Resolves: RHBZ#1845307
-- Fixes CVE-2020-11080, CVE-2020-8174, CVE-2020-10531
-- Bundle brotli, because --shared-brotli configure option is missing
-- Add i18n subpackage
+* Thu May 21 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.3.0-1
+- Update to 14.3.0
+- Fix optflags to save memory
+- Resolves: RHBZ#1815402
 
-* Wed Mar 18 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.19.0-2
-- Resolves: RHBZ#1811499
+* Wed May 06 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.2.0-1
+- Update to 14.2.0
+- build with python3 only
+- some clean up
 
-* Mon Feb 10 2020 Jan Staněk <jstanek@redhat.com> - 1:10.19.0-1
-- Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606
+* Tue Mar 17 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.16.1-2
+- Fix CVE-2020-10531
 
-* Tue Sep 10 2019 Jan Staněk <jstanek@redhat.com> - 1:10.16.3-1
-- Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518
+* Thu Feb 20 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.16.1-1
+- Rebase to 12.16.1
+
+* Wed Jan 15 2020 Jan Staněk <jstanek@redhat.com> - 1:12.14.1-1
+- Rebase to 12.14.1
+
+* Fri Nov 29 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.13.1-1
+- Resolves: RHBZ# 1773503, update to 12.13.1
+- minor clean up and sync with Fedora spec
+- turn off debug builds
+
+* Thu Aug 01 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.4.0-2
+- Add condition to libs
+
+* Wed Jun 12 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.4.0-1
+- Update to v12.x
+- Add v8-devel and libs subpackages from fedora
 
 * Thu Mar 14 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.14.1-2
 - move nodejs-packaging BR out of conditional
 
 * Tue Dec 11 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.14.1-1
-- Resolves: RHBZ#1644207
+- Resolves RHBZ#1644207
 - fixes node-gyp permissions
 - rebase
 

npmrc

@@ -0,0 +1,2 @@
+prefix=/usr/local
+python=/usr/bin/python3

npmrc.builtin.in

@@ -0,0 +1,5 @@
+# This is the distibution-level configuration file for npm.
+# To configure NPM on a system level, use the globalconfig below (defaults to @SYSCONFDIR@/npmrc).
+# vim:set filetype=dosini:
+
+globalconfig=@SYSCONFDIR@/npmrc

sources

@@ -0,0 +1,6 @@
+SHA512 (node-v20.11.0-stripped.tar.gz) = 5e00d3d99c3aba9cc7111c6d4f28d333f02bf9b06b09f6a1c60c1124a07d01e55d1076c2a93b85b103e34198e0e6cc82464aed0fde2b9455d63e75f0c3fb9cea
+SHA512 (icu4c-73_2-src.tgz) = 76dd782db6205833f289d7eb68b60860dddfa3f614f0ba03fe7ec13117077f82109f0dc1becabcdf4c8a9c628b94478ab0a46134bdb06f4302be55f74027ce62
+SHA512 (undici-5.27.2.tar.gz) = 030d97e0c3063a44ff0447b19f3cbaa46af6d8ab551d320c9fa6bf51d361ee3ecf0e254db6e7a13598335de6577e516a68b13ce76f6eb54f7e7ff5488109769e
+SHA512 (cjs-module-lexer-1.2.2.tar.gz) = 2c8e9caf2231ca7d61e71936305389774859aca9b5c86c63489c9a62a81f4736f99477c3f0cbb41077bb7924fdd23e0f24b7bce858e42fb0f87e7c0ffc87afeb
+SHA512 (wasi-sdk-11.0-linux.tar.gz) = e3ed4597f7f2290967eef6238e9046f60abbcb8633a4a2a51525d00e7393df8df637a98a5b668217d332dd44fcbf2442ec7efd5e65724e888d90611164451e20
+SHA512 (wasi-sdk-16.0-linux.tar.gz) = 501467cb04ee85ab2ccc3d8ab1beb5dd8957ca71cc51c86fd357991ddccb1a8c2656e24b947ea3a5acfaafd8c762f5ba20458c22b58a5a5c85ef8ecb7a76db65