17 changed files with 622 additions and 435 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,50 @@
-SOURCES/icu4c-64_2-src.tgz
+/node-v10.7.0-stripped.tar.gz
-SOURCES/node-v10.24.0-stripped.tar.gz
+/node-v10.11.0-stripped.tar.gz
 /node-v10.14.1-stripped.tar.gz
 /node-v12.4.0-stripped.tar.gz
 /node-v12.13.1-stripped.tar.gz
 /node-v12.14.1-stripped.tar.gz
 /node-v12.16.1-stripped.tar.gz
 /node-v14.2.0-stripped.tar.gz
 /icu4c-66_1-src.tgz
 /node-v14.3.0-stripped.tar.gz
 /icu4c-67_1-src.tgz
 /node-v14.4.0-stripped.tar.gz
 /node-v14.11.0-stripped.tar.gz
 /node-v14.15.0-stripped.tar.gz
 /node-v14.15.4-stripped.tar.gz
 /node-v14.16.0-stripped.tar.gz
 /node-v16.1.0-stripped.tar.gz
 /icu4c-69_1-src.tgz
 /node-v16.4.2-stripped.tar.gz
 /node-v16.6.2-stripped.tar.gz
 /node-v16.7.0-stripped.tar.gz
 /node-v16.8.0-stripped.tar.gz
 /node-v16.13.1-stripped.tar.gz
 /node-v16.14.0-stripped.tar.gz
 /icu4c-70_1-src.tgz
 /node-v18.2.0-stripped.tar.gz
 /icu4c-71_1-src.tgz
 /node-v18.6.0-stripped.tar.gz
 /node-v18.8.0-stripped.tar.gz
 /cjs-module-lexer-1.2.2.tar.gz
 /undici-5.7.0.tar.gz
 /undici-5.8.2.tar.gz
 /wasi-sdk-wasi-sdk-14.tar.gz
 /wasi-sdk-wasi-sdk-11.tar.gz
 /node-v18.9.1-stripped.tar.gz
 /undici-5.10.0.tar.gz
 /node-v18.12.1-stripped.tar.gz
 /undici-5.11.0.tar.gz
 /node-v18.14.2-stripped.tar.gz
 /icu4c-72_1-src.tgz
 /undici-5.20.0.tar.gz
 /wasi-sdk-wasi-sdk-11.tar.gz
 /wasi-sdk-wasi-sdk-14.tar.gz
 /node-v18.16.1-stripped.tar.gz
 /undici-5.21.0.tar.gz
 /node-v18.17.1-stripped.tar.gz
 /icu4c-73_1-src.zip
 /undici-5.22.1.tar.gz
 wasi-sdk-11.0-linux.tar.gz
 wasi-sdk-14.0-linux.tar.gz
--- a/.nodejs.metadata
+++ b/.nodejs.metadata
@ -1,2 +0,0 @@
 3127155ecf2b75ab4835f501b7478e39c07bb852 SOURCES/icu4c-64_2-src.tgz
 be0e0b385a852c376f452b3d94727492e05407e4 SOURCES/node-v10.24.0-stripped.tar.gz
--- a/0001-Disable-running-gyp-on-shared-deps.patch
+++ b/0001-Disable-running-gyp-on-shared-deps.patch
@ -0,0 +1,55 @@
 From c73e0892eb1d0aa2df805618c019dc5c96b79705 Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Tue, 30 May 2023 13:12:35 +0200
 Subject: [PATCH] Disable running gyp on shared deps
 Signed-off-by: rpm-build <rpm-build>
 ---
 Makefile |  2 +-
 node.gyp | 17 -----------------
 2 files changed, 1 insertion(+), 18 deletions(-)
 diff --git a/Makefile b/Makefile
 index 0be0659..3c44201 100644
 --- a/Makefile
 +++ b/Makefile
@@ -169,7 +169,7 @@ with-code-cache test-code-cache:
 	$(warning '$@' target is a noop)
 out/Makefile: config.gypi common.gypi node.gyp \
 -	deps/uv/uv.gyp deps/llhttp/llhttp.gyp deps/zlib/zlib.gyp \
 +	deps/llhttp/llhttp.gyp \
 	deps/simdutf/simdutf.gyp deps/ada/ada.gyp \
 	tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
 	tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
 diff --git a/node.gyp b/node.gyp
 index cf52281..c33b57b 100644
 --- a/node.gyp
 +++ b/node.gyp
@@ -430,23 +430,6 @@
               ],
             },
           ],
 -         }, {
 -           'variables': {
 -              'opensslconfig_internal': '<(obj_dir)/deps/openssl/openssl.cnf',
 -              'opensslconfig': './deps/openssl/nodejs-openssl.cnf',
 -           },
 -           'actions': [
 -             {
 -               'action_name': 'reset_openssl_cnf',
 -               'inputs': [ '<(opensslconfig)', ],
 -               'outputs': [ '<(opensslconfig_internal)', ],
 -               'action': [
 -                 '<(python)', 'tools/copyfile.py',
 -                 '<(opensslconfig)',
 -                 '<(opensslconfig_internal)',
 -               ],
 -             },
 -           ],
          }],
       ],
     }, # node_core_target_name
 -- 
 2.41.0
--- a/0002-deps-http-cache-semantics-Don-t-use-regex-to-trim-wh.patch
+++ b/0002-deps-http-cache-semantics-Don-t-use-regex-to-trim-wh.patch
@ -0,0 +1,45 @@
 From df574e2999dc6c2c38138bd0c3ec61dfafe9c929 Mon Sep 17 00:00:00 2001
 From: Kornel <kornel@geekhood.net>
 Date: Fri, 27 Jan 2023 01:20:38 +0000
 Subject: [PATCH] deps(http-cache-semantics): Don't use regex to trim
 whitespace
 Signed-off-by: rpm-build <rpm-build>
 ---
 deps/npm/node_modules/http-cache-semantics/index.js     | 6 +++---
 deps/npm/node_modules/http-cache-semantics/package.json | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)
 diff --git a/deps/npm/node_modules/http-cache-semantics/index.js b/deps/npm/node_modules/http-cache-semantics/index.js
 index 4f6c2f3..39d58a7 100644
 --- a/deps/npm/node_modules/http-cache-semantics/index.js
 +++ b/deps/npm/node_modules/http-cache-semantics/index.js
@@ -79,10 +79,10 @@ function parseCacheControl(header) {
     // TODO: When there is more than one value present for a given directive (e.g., two Expires header fields, multiple Cache-Control: max-age directives),
     // the directive's value is considered invalid. Caches are encouraged to consider responses that have invalid freshness information to be stale
 -    const parts = header.trim().split(/\s*,\s*/); // TODO: lame parsing
 +    const parts = header.trim().split(/,/);
     for (const part of parts) {
 -        const [k, v] = part.split(/\s*=\s*/, 2);
 -        cc[k] = v === undefined ? true : v.replace(/^"|"$/g, ''); // TODO: lame unquoting
 +        const [k, v] = part.split(/=/, 2);
 +        cc[k.trim()] = v === undefined ? true : v.trim().replace(/^"|"$/g, '');
     }
     return cc;
 diff --git a/deps/npm/node_modules/http-cache-semantics/package.json b/deps/npm/node_modules/http-cache-semantics/package.json
 index 897798d..79c020a 100644
 --- a/deps/npm/node_modules/http-cache-semantics/package.json
 +++ b/deps/npm/node_modules/http-cache-semantics/package.json
@@ -1,6 +1,6 @@
 {
     "name": "http-cache-semantics",
 -    "version": "4.1.0",
 +    "version": "4.1.1",
     "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies",
     "repository": "https://github.com/kornelski/http-cache-semantics.git",
     "main": "index.js",
 -- 
 2.39.2
--- a/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch
+++ b/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch
@ -1,31 +0,0 @@
 From 2cd4c12776af3da588231d3eb498e6451c30eae5 Mon Sep 17 00:00:00 2001
 From: Zuzana Svetlikova <zsvetlik@redhat.com>
 Date: Thu, 27 Apr 2017 14:25:42 +0200
 Subject: [PATCH] Disable running gyp on shared deps
 Signed-off-by: rpm-build <rpm-build>
 ---
 Makefile | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)
 diff --git a/Makefile b/Makefile
 index 73feb4c..45bbceb 100644
 --- a/Makefile
 +++ b/Makefile
@@ -123,10 +123,9 @@ with-code-cache:
 test-code-cache: with-code-cache
 	$(PYTHON) tools/test.py $(PARALLEL_ARGS) --mode=$(BUILDTYPE_LOWER) code-cache
 -out/Makefile: common.gypi deps/uv/uv.gyp deps/http_parser/http_parser.gyp \
 -              deps/zlib/zlib.gyp deps/v8/gypfiles/toolchain.gypi \
 -              deps/v8/gypfiles/features.gypi deps/v8/gypfiles/v8.gyp node.gyp \
 -              config.gypi
 +out/Makefile: common.gypi deps/http_parser/http_parser.gyp \
 +              deps/v8/gypfiles/toolchain.gypi deps/v8/gypfiles/features.gypi \
 +			  deps/v8/gypfiles/v8.gyp node.gyp config.gypi
 	$(PYTHON) tools/gyp_node.py -f make
 config.gypi: configure configure.py
 -- 
 2.26.2
--- a/SOURCES/0002-Suppress-NPM-message-to-run-global-update.patch
+++ b/SOURCES/0002-Suppress-NPM-message-to-run-global-update.patch
@ -1,84 +0,0 @@
 From e7afb2d6e2a6c8f9c9c32e12a10c3c5c4902a251 Mon Sep 17 00:00:00 2001
 From: Stephen Gallagher <sgallagh@redhat.com>
 Date: Tue, 1 May 2018 08:05:30 -0400
 Subject: [PATCH] Suppress NPM message to run global update
 Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
 Signed-off-by: rpm-build <rpm-build>
 ---
 deps/npm/bin/npm-cli.js | 54 -----------------------------------------
 1 file changed, 54 deletions(-)
 diff --git a/deps/npm/bin/npm-cli.js b/deps/npm/bin/npm-cli.js
 index c0d9be0..0f0892e 100755
 --- a/deps/npm/bin/npm-cli.js
 +++ b/deps/npm/bin/npm-cli.js
@@ -71,65 +71,11 @@
     npm.command = 'help'
   }
 -  var isGlobalNpmUpdate = conf.global && ['install', 'update'].includes(npm.command) && npm.argv.includes('npm')
 -
   // now actually fire up npm and run the command.
   // this is how to use npm programmatically:
   conf._exit = true
   npm.load(conf, function (er) {
     if (er) return errorHandler(er)
 -    if (
 -      !isGlobalNpmUpdate &&
 -      npm.config.get('update-notifier') &&
 -      !unsupported.checkVersion(process.version).unsupported
 -    ) {
 -      const pkg = require('../package.json')
 -      let notifier = require('update-notifier')({pkg})
 -      const isCI = require('ci-info').isCI
 -      if (
 -        notifier.update &&
 -        notifier.update.latest !== pkg.version &&
 -        !isCI
 -      ) {
 -        const color = require('ansicolors')
 -        const useColor = npm.config.get('color')
 -        const useUnicode = npm.config.get('unicode')
 -        const old = notifier.update.current
 -        const latest = notifier.update.latest
 -        let type = notifier.update.type
 -        if (useColor) {
 -          switch (type) {
 -            case 'major':
 -              type = color.red(type)
 -              break
 -            case 'minor':
 -              type = color.yellow(type)
 -              break
 -            case 'patch':
 -              type = color.green(type)
 -              break
 -          }
 -        }
 -        const changelog = `https://github.com/npm/cli/releases/tag/v${latest}`
 -        notifier.notify({
 -          message: `New ${type} version of ${pkg.name} available! ${
 -            useColor ? color.red(old) : old
 -          } ${useUnicode ? '→' : '->'} ${
 -            useColor ? color.green(latest) : latest
 -          }\n` +
 -          `${
 -            useColor ? color.yellow('Changelog:') : 'Changelog:'
 -          } ${
 -            useColor ? color.cyan(changelog) : changelog
 -          }\n` +
 -          `Run ${
 -            useColor
 -              ? color.green(`npm install -g ${pkg.name}`)
 -              : `npm i -g ${pkg.name}`
 -          } to update!`
 -        })
 -      }
 -    }
     npm.commands[npm.command](npm.argv, function (err) {
       // https://genius.com/Lin-manuel-miranda-your-obedient-servant-lyrics
       if (
 -- 
 2.26.2
--- a/SOURCES/0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch
+++ b/SOURCES/0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch
@ -1,122 +0,0 @@
 From 0028cc74dac4dd24b8599ade85cb49fdafa9f559 Mon Sep 17 00:00:00 2001
 From: Stephen Gallagher <sgallagh@redhat.com>
 Date: Fri, 6 Dec 2019 16:40:25 -0500
 Subject: [PATCH] build: auto-load ICU data from --with-icu-default-data-dir
 When compiled with `--with-intl=small` and
 `--with-icu-default-data-dir=PATH`, Node.js will use PATH as a
 fallback location for the ICU data.
 We will first perform an access check using fopen(PATH, 'r') to
 ensure that the file is readable. If it is, we'll set the
 icu_data_directory and proceed. There's a slight overhead for the
 fopen() check, but it should be barely measurable.
 This will be useful for Linux distribution packagers who want to
 be able to ship a minimal node binary in a container image but
 also be able to add on the full i18n support where needed. With
 this patch, it becomes possible to ship the interpreter as
 /usr/bin/node in one package for the distribution and to ship the
 data files in another package (without a strict dependency
 between the two). This means that users of the distribution will
 not need to explicitly direct Node.js to locate the ICU data. It
 also means that in environments where full internationalization is
 not required, they do not need to carry the extra content (with
 the associated storage costs).
 Refs: https://github.com/nodejs/node/issues/3460
 Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
 Signed-off-by: rpm-build <rpm-build>
 ---
 configure.py |  9 +++++++++
 node.gypi    |  7 +++++++
 src/node.cc  | 20 ++++++++++++++++++++
 3 files changed, 36 insertions(+)
 diff --git a/configure.py b/configure.py
 index 89f7bf5..d611a88 100755
 --- a/configure.py
 +++ b/configure.py
@@ -433,6 +433,14 @@ intl_optgroup.add_option('--with-icu-source',
         'the icu4c source archive. '
         'v%d.x or later recommended.' % icu_versions['minimum_icu'])
 +intl_optgroup.add_option('--with-icu-default-data-dir',
 +    action='store',
 +    dest='with_icu_default_data_dir',
 +    help='Path to the icuXXdt{lb}.dat file. If unspecified, ICU data will '
 +         'only be read if the NODE_ICU_DATA environment variable or the '
 +         '--icu-data-dir runtime argument is used. This option has effect '
 +         'only when Node.js is built with --with-intl=small-icu.')
 +
 parser.add_option('--with-ltcg',
     action='store_true',
     dest='with_ltcg',
@@ -1359,6 +1367,7 @@ def configure_intl(o):
     locs.add('root')  # must have root
     o['variables']['icu_locales'] = string.join(locs,',')
     # We will check a bit later if we can use the canned deps/icu-small
 +    o['variables']['icu_default_data'] = options.with_icu_default_data_dir or ''
   elif with_intl == 'full-icu':
     # full ICU
     o['variables']['v8_enable_i18n_support'] = 1
 diff --git a/node.gypi b/node.gypi
 index 466a174..65b97d6 100644
 --- a/node.gypi
 +++ b/node.gypi
@@ -113,6 +113,13 @@
       'conditions': [
         [ 'icu_small=="true"', {
           'defines': [ 'NODE_HAVE_SMALL_ICU=1' ],
 +          'conditions': [
 +            [ 'icu_default_data!=""', {
 +              'defines': [
 +                'NODE_ICU_DEFAULT_DATA_DIR="<(icu_default_data)"',
 +              ],
 +            }],
 +          ],
       }]],
     }],
     [ 'node_use_bundled_v8=="true" and \
 diff --git a/src/node.cc b/src/node.cc
 index 7c01187..c9840e3 100644
 --- a/src/node.cc
 +++ b/src/node.cc
@@ -92,6 +92,7 @@
 #if defined(NODE_HAVE_I18N_SUPPORT)
 #include <unicode/uvernum.h>
 +#include <unicode/utypes.h>
 #endif
 #if defined(LEAK_SANITIZER)
@@ -2643,6 +2644,25 @@ void Init(std::vector<std::string>* argv,
   // If the parameter isn't given, use the env variable.
   if (per_process_opts->icu_data_dir.empty())
     SafeGetenv("NODE_ICU_DATA", &per_process_opts->icu_data_dir);
 +
 +#ifdef NODE_ICU_DEFAULT_DATA_DIR
 +  // If neither the CLI option nor the environment variable was specified,
 +  // fall back to the configured default
 +  if (per_process_opts->icu_data_dir.empty()) {
 +    // Check whether the NODE_ICU_DEFAULT_DATA_DIR contains the right data
 +    // file and can be read.
 +    static const char full_path[] =
 +        NODE_ICU_DEFAULT_DATA_DIR "/" U_ICUDATA_NAME ".dat";
 +
 +    FILE* f = fopen(full_path, "rb");
 +
 +    if (f != nullptr) {
 +      fclose(f);
 +      per_process_opts->icu_data_dir = NODE_ICU_DEFAULT_DATA_DIR;
 +    }
 +  }
 +#endif  // NODE_ICU_DEFAULT_DATA_DIR
 +
   // Initialize ICU.
   // If icu_data_dir is empty here, it will load the 'minimal' data.
   if (!i18n::InitializeICUDirectory(per_process_opts->icu_data_dir)) {
 -- 
 2.26.2
--- a/SOURCES/0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch
+++ b/SOURCES/0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch
@ -1,13 +0,0 @@
 diff --git a/deps/npm/node_modules/y18n/index.js b/deps/npm/node_modules/y18n/index.js
 index d720681628..727362aac0 100644
 --- a/deps/npm/node_modules/y18n/index.js
 +++ b/deps/npm/node_modules/y18n/index.js
@@ -11,7 +11,7 @@ function Y18N (opts) {
   this.fallbackToLanguage = typeof opts.fallbackToLanguage === 'boolean' ? opts.fallbackToLanguage : true
   // internal stuff.
 -  this.cache = {}
 +  this.cache = Object.create(null)
   this.writeQueue = []
 }
--- a/SOURCES/npmrc
+++ b/SOURCES/npmrc
@ -1 +0,0 @@
 prefix=/usr/local
--- a/SOURCES/btest402.js
+++ b/SOURCES/btest402.js
--- a/macros.nodejs
+++ b/macros.nodejs
@ -0,0 +1,33 @@
 # nodejs binary
 %__nodejs %{_bindir}/node
 # nodejs library directory
 %nodejs_sitelib %{_prefix}/lib/node_modules
 #arch specific library directory
 #for future-proofing only; we don't do multilib
 %nodejs_sitearch %{nodejs_sitelib}
 # currently installed nodejs version
 %nodejs_version %(%{__nodejs} -v | sed s/v//)
 # symlink dependencies so `npm link` works
 # this should be run in every module's %%install section
 # pass --check to work in the current directory instead of the buildroot
 # pass --no-devdeps to ignore devDependencies when --check is used
 %nodejs_symlink_deps %{_rpmconfigdir}/nodejs-symlink-deps %{nodejs_sitelib}
 # patch package.json to fix a dependency
 # see `man npm-json` for details on writing dependencies for package.json files
 # e.g. `%%nodejs_fixdep frobber` makes any version of frobber do
 #      `%%nodejs_fixdep frobber '>1.0'` requires frobber > 1.0
 #      `%%nodejs_fixdep -r frobber removes the frobber dep
 %nodejs_fixdep %{_rpmconfigdir}/nodejs-fixdep
 # macro to filter unwanted provides from Node.js binary native modules
 %nodejs_default_filter %{expand: \
 %global __provides_exclude_from ^%{nodejs_sitearch}/.*\\.node$
 }
 # no-op macro to allow spec compatibility with EPEL
 %nodejs_find_provides_and_requires %{nil}
--- a/SOURCES/nodejs-tarball.sh
+++ b/SOURCES/nodejs-tarball.sh
@ -120,15 +120,15 @@ rm -rf node-v${version}/deps/openssl
 tar -zcf node-v${version}-stripped.tar.gz node-v${version}
 # Download the matching version of ICU
-rm -f icu4c*-src.tgz icu.md5
+rm -f icu4c*-src.zip icu.md5
 ICUMD5=$(cat node-v${version}/tools/icu/current_ver.dep |jq -r '.[0].md5')
 wget $(cat node-v${version}/tools/icu/current_ver.dep |jq -r '.[0].url')
-ICUTARBALL=$(ls -1 icu4c*-src.tgz)
+ICUTARBALL=$(ls -1 icu4c*-src.zip)
 echo "$ICUMD5  $ICUTARBALL" > icu.md5
 md5sum -c icu.md5
 rm -f icu.md5 SHASUMS256.txt
-rhpkg new-sources node-v${version}-stripped.tar.gz icu4c*-src.tgz
+#fedpkg new-sources node-v${version}-stripped.tar.gz icu4c*-src.tgz
 rm -f node-v${version}.tar.gz
@ -155,11 +155,11 @@ grep "define ARES_VERSION_MAJOR" node-v${version}/deps/cares/include/ares_versio
 grep "define ARES_VERSION_MINOR" node-v${version}/deps/cares/include/ares_version.h
 grep "define ARES_VERSION_PATCH" node-v${version}/deps/cares/include/ares_version.h
 echo
-echo "http-parser"
+echo "llhttp"
 echo "========================="
-grep "define HTTP_PARSER_VERSION_MAJOR" node-v${version}/deps/http_parser/http_parser.h
+grep "define LLHTTP_VERSION_MAJOR" node-v${version}/deps/llhttp/include/llhttp.h
-grep "define HTTP_PARSER_VERSION_MINOR" node-v${version}/deps/http_parser/http_parser.h
+grep "define LLHTTP_VERSION_MINOR" node-v${version}/deps/llhttp/include/llhttp.h
-grep "define HTTP_PARSER_VERSION_PATCH" node-v${version}/deps/http_parser/http_parser.h
+grep "define LLHTTP_VERSION_PATCH" node-v${version}/deps/llhttp/include/llhttp.h
 echo
 echo "libuv"
 echo "========================="
@ -171,6 +171,14 @@ echo "nghttp2"
 echo "========================="
 grep "define NGHTTP2_VERSION " node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
 echo
 echo "nghttp3"
 echo "========================="
 grep "define NGHTTP3_VERSION " node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
 echo
 echo "ngtcp2"
 echo "========================="
 grep "define NGTCP2_VERSION " node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
 echo
 echo "ICU"
 echo "========================="
 grep "url" node-v${version}/tools/icu/current_ver.dep
@ -179,6 +187,12 @@ echo "punycode"
 echo "========================="
 grep "'version'" node-v${version}/lib/punycode.js
 echo
 echo "uvwasi"
 echo "========================="
 grep "define UVWASI_VERSION_MAJOR" node-v${version}/deps/uvwasi/include/uvwasi.h
 grep "define UVWASI_VERSION_MINOR" node-v${version}/deps/uvwasi/include/uvwasi.h
 grep "define UVWASI_VERSION_PATCH" node-v${version}/deps/uvwasi/include/uvwasi.h
 echo
 echo "npm"
 echo "========================="
 grep "\"version\":" node-v${version}/deps/npm/package.json
--- a/SPECS/nodejs.spec
+++ b/SPECS/nodejs.spec
@ -6,8 +6,25 @@
 %global with_debug 0
 %endif
-# bundle dependencies that are not available as Fedora modules
+# The following macros control the usage of dependencies bundled from upstream.
 #
 # When to use what:
 # - Regular (presumably non-modular) build: use neither (the default in Fedora)
 # - Early bootstrapping build that is not intended to be shipped:
 #     use --with=bootstrap; this will bundle deps and add `~bootstrap` release suffix
 # - Build with some dependencies not avalaible in necessary versions (i.e. module build):
 #     use --with=bundled; will bundle deps, but do not add the suffix
 #
 # create bootstrapping build with bundled deps and extra release suffix
 %bcond_with bootstrap
 # bundle dependencies that are not available in CentOS
 %if %{with bootstrap}
 %bcond_without bundled
 %else
 %bcond_with bundled
 %endif
 %bcond_without python3_fixup
 # == Master Relase ==
 # This is used by both the nodejs package and the npm subpackage that
@ -23,12 +40,12 @@
 # feature releases that are only supported for nine months, which is shorter
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
-%global nodejs_major 10
+%global nodejs_major 18
-%global nodejs_minor 24
+%global nodejs_minor 17
-%global nodejs_patch 0
+%global nodejs_patch 1
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
-%global nodejs_soversion 64
+%global nodejs_soversion 108
 %global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}
 %global nodejs_release %{baserelease}
@ -37,11 +54,11 @@
 # == Bundled Dependency Versions ==
 # v8 - from deps/v8/include/v8-version.h
 # Epoch is set to ensure clean upgrades from the old v8 package
-%global v8_epoch 1
+%global v8_epoch 2
-%global v8_major 6
+%global v8_major 10
-%global v8_minor 8
+%global v8_minor 2
-%global v8_build 275
+%global v8_build 154
-%global v8_patch 32
+%global v8_patch 26
 # V8 presently breaks ABI at least every x.y release while never bumping SONAME
 %global v8_abi %{v8_major}.%{v8_minor}
 %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}
@ -49,38 +66,62 @@
 # c-ares - from deps/cares/include/ares_version.h
 # https://github.com/nodejs/node/pull/9332
-%global c_ares_major 1
+%global c_ares_version 1.19.1
 %global c_ares_minor 15
 %global c_ares_patch 0
 %global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch}
-# http-parser - from deps/http_parser/http_parser.h
+# llhttp - from deps/llhttp/include/llhttp.h
-%global http_parser_major 2
+%global llhttp_version 6.0.11
 %global http_parser_minor 9
 %global http_parser_patch 4
 %global http_parser_version %{http_parser_major}.%{http_parser_minor}.%{http_parser_patch}
 # libuv - from deps/uv/include/uv/version.h
 %global libuv_major 1
-%global libuv_minor 34
+%global libuv_minor 44
 %global libuv_patch 2
 %global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch}
 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
-%global nghttp2_major 1
+%global nghttp2_version 1.52.0
-%global nghttp2_minor 41
+
-%global nghttp2_patch 0
+# nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
-%global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch}
+%global nghttp3_major 0
 %global nghttp3_minor 7
 %global nghttp3_patch 0
 %global nghttp3_version %{nghttp3_major}.%{nghttp3_minor}.%{nghttp3_patch}
 # ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
 %global ngtcp2_major 0
 %global ngtcp2_minor 8
 %global ngtcp2_patch 1
 %global ngtcp2_version %{ngtcp2_major}.%{ngtcp2_minor}.%{ngtcp2_patch}
 # ICU - from tools/icu/current_ver.dep
-%global icu_major 64
+%global icu_major 73
-%global icu_minor 2
+%global icu_minor 1
 %global icu_version %{icu_major}.%{icu_minor}
 %global icudatadir %{nodejs_datadir}/icudata
 %{!?little_endian: %global little_endian %(%{__python3} -c "import sys;print (0 if sys.byteorder=='big' else 1)")}
 # " this line just fixes syntax highlighting for vim that is confused by the above and continues literal
 %global sys_icu_version %(/usr/bin/icu-config --version)
 %if "%{sys_icu_version}" >= "%{icu_version}"
 %global bundled_icu 0
 %global icu_flag system-icu
 %else
 %global bundled_icu 1
 %global icu_flag full-icu
 %endif
 # simduft from deps/simdutf/simdutf.h
 %global simduft_major 3
 %global simduft_minor 2
 %global simduft_patch 12
 %global simduft_version %{simduft_major}.%{simduft_minor}.%{simduft_patch}
 # ada from deps/ada/ada.h
 %global ada_version 2.5.0
 # OpenSSL minimum version
 %global openssl_minimum 1:1.1.1
 # punycode - from lib/punycode.js
 # Note: this was merged into the mainline since 0.6.x
@ -92,10 +133,7 @@
 # npm - from deps/npm/package.json
 %global npm_epoch 1
-%global npm_major 6
+%global npm_version 9.6.7
 %global npm_minor 14
 %global npm_patch 11
 %global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}
 # In order to avoid needing to keep incrementing the release version for the
 # main package forever, we will just construct one for npm that is guaranteed
@ -103,12 +141,14 @@
 # base npm version number is increasing.
 %global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
-# brotli - from deps/brotli/c/common/version.h
+# Node.js 16.9.1 and later comes with an experimental package management tool
-# v10.x doesn't have --shared-brotli configure option, so we have to bundle it
+%global corepack_version 0.10.0
-%global brotli_major 1
+
-%global brotli_minor 0
+# uvwasi - from deps/uvwasi/include/uvwasi.h
-%global brotli_patch 7
+%global uvwasi_version 0.0.18
-%global brotli_version %{brotli_major}.%{brotli_minor}.%{brotli_patch}
+
 # histogram_c - assumed from timestamps
 %global histogram_version 0.11.2
 Name: nodejs
 Epoch: %{nodejs_epoch}
@ -127,7 +167,7 @@ ExclusiveArch: %{nodejs_arches}
 Source0: node-v%{nodejs_version}-stripped.tar.gz
 Source1: npmrc
 Source2: btest402.js
-Source3: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-src.tgz
+Source3: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-src.zip
 Source100: %{name}-tarball.sh
 # The native module Requires generator remains in the nodejs SRPM, so it knows
@ -135,49 +175,72 @@ Source100: %{name}-tarball.sh
 # nodejs-packaging SRPM.
 Source7: nodejs_native.attr
 # Configure npm to look into /etc for configuration
 Source8: npmrc.builtin.in
 # These are full sources for dependencies included as WASM blobs in the source of Node itself.
 # Note: These sources would also include pre-compiled WASM blobs… so they are adjusted not to.
 # Recipes for creating these blobs are included in the sources.
 # Version: jq '.version' deps/cjs-module-lexer/package.json
 # Original: https://github.com/nodejs/cjs-module-lexer/archive/refs/tags/1.2.2.tar.gz
 # Adjustments: rm -f cjs-module-lexer-1.2.2/lib/lexer.wasm
 Source101: cjs-module-lexer-1.2.2.tar.gz
 # The WASM blob was made using wasi-sdk v11; compiler libraries are linked in.
 # Version source: Makefile
 Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-11.0-linux.tar.gz
 # Version: jq '.version' deps/undici/src/package.json
 # Original: https://github.com/nodejs/undici/archive/refs/tags/v5.22.1.tar.gz
 # Adjustments: rm -f undici-5.22.1/lib/llhttp/llhttp*.wasm
 # Build uses alpine image, see alpine for sources for wasi-sdk
 Source111: undici-5.22.1.tar.gz
 # Disable running gyp on bundled deps we don't use
 Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
 # Suppress the message from npm to run `npm -g update npm`
 # This does bad things on an RPM-managed npm.
 Patch2: 0002-Suppress-NPM-message-to-run-global-update.patch
 # Upstream patch to enable auto-detection of full ICU data
 # https://github.com/nodejs/node/pull/30825
 Patch3: 0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch
 # CVE-2020-7774
 Patch4: 0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch
 BuildRequires: make
 BuildRequires: python2-devel
 BuildRequires: python3-devel
 BuildRequires: python3-setuptools
 BuildRequires: python3-jinja2
 %if !%{with python3_fixup}
 BuildRequires: python-unversioned-command
 %endif
 BuildRequires: zlib-devel
-BuildRequires: gcc >= 6.3.0
+BuildRequires: brotli-devel
-BuildRequires: gcc-c++ >= 6.3.0
+BuildRequires: gcc >= 8.3.0
 BuildRequires: gcc-c++ >= 8.3.0
 BuildRequires: jq
 # needed to generate bundled provides for npm dependencies
 # https://src.fedoraproject.org/rpms/nodejs/pull-request/2
 # https://pagure.io/nodejs-packaging/pull-request/10
 BuildRequires: nodejs-packaging
 BuildRequires: chrpath
 BuildRequires: libatomic
 %if %{with bootstrap}
 Provides: bundled(http-parser) = %{http_parser_version}
 Provides: bundled(libuv) = %{libuv_version}
 Provides: bundled(nghttp2) = %{nghttp2_version}
 %else
 BuildRequires: systemtap-sdt-devel
 %if %{with bundled}
 Provides:      bundled(libuv) = %{libuv_version}
 %else
 BuildRequires: libuv-devel >= 1:%{libuv_version}
 Requires:      libuv >= 1:%{libuv_version}
 BuildRequires: libnghttp2-devel >= %{nghttp2_version}
 Requires: libnghttp2 >= %{nghttp2_version}
 BuildRequires: http-parser-devel >= %{http_parser_version}
 Requires: http-parser >= %{http_parser_version}
 %endif
-BuildRequires: openssl-devel
+%if %{with bundled}
 Provides:      bundled(nghttp2) = %{nghttp2_version}
 %else
 BuildRequires: libnghttp2-devel >= %{nghttp2_version}
 Requires:      libnghttp2 >= %{nghttp2_version}
 %endif
 # Temporarily bundle llhttp because the upstream doesn't
 # provide releases for it.
 Provides: bundled(llhttp) = %{llhttp_version}
 Provides: bundled(nghttp3) = %{nghttp3_version}
 Provides: bundled(ngtcp2) = %{ngtcp2_version}
 BuildRequires: openssl-devel >= %{openssl_minimum}
 Requires: openssl >= %{openssl_minimum}
 # we need the system certificate store
 Requires: ca-certificates
@ -229,16 +292,21 @@ Provides: bundled(v8) = %{v8_version}
 # an ABI-break, so we'll use the bundled copy.
 Provides: bundled(icu) = %{icu_version}
-# Make sure we keep NPM up to date when we update Node.js
+# Upstream added new dependencies, but so far they are not available in Fedora
-%if 0%{?rhel}
+# or there's no option to built it as a shared dependency, so we bundle them
-# EPEL doesn't support Recommends, so make it strict
+Provides: bundled(uvwasi) = %{uvwasi_version}
-Requires: npm = %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
+Provides: bundled(histogram) = %{histogram_version}
-%else
+Provides: bundled(corepack) = %{corepack_version}
-Recommends: npm = %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
+Provides: bundled(simduft) = %{simduft_version}
-%endif
+Provides: bundled(ada) = %{ada_version}
-# Provide bundled brotli until we can build it with system package
+# Make sure we keep NPM up to date when we update Node.js
-Provides: bundled(brotli) = %{brotli_version}
+%if 0%{?rhel} < 8
 # EPEL doesn't support Recommends, so make it strict
 Requires: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
 %else
 Recommends: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
 %endif
 %description
 Node.js is a platform built on Chrome's JavaScript runtime
@ -254,12 +322,10 @@ Group: Development/Languages
 Requires: %{name}%{?_isa} = %{epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
 Requires: openssl-devel%{?_isa}
 Requires: zlib-devel%{?_isa}
 Requires: brotli-devel%{?_isa}
 Requires: nodejs-packaging
-%if %{with bootstrap}
+%if %{without bundled}
 # deps are bundled
 %else
 Requires: http-parser-devel%{?_isa}
 Requires: libuv-devel%{?_isa}
 %endif
@ -288,6 +354,9 @@ Release: %{npm_release}%{?dist}
 Obsoletes: npm < 0:3.5.4-6
 Provides: npm = %{npm_epoch}:%{npm_version}
 Requires: nodejs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
 %if 0%{?fedora} || 0%{?rhel} >= 8
 Recommends: nodejs-docs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
 %endif
 # Do not add epoch to the virtual NPM provides or it will break
 # the automatic dependency-generation script.
@ -318,16 +387,35 @@ The API documentation for the Node.js JavaScript runtime.
 # remove bundled dependencies that we aren't building
 rm -rf deps/zlib
 rm -rf deps/brotli
 rm -rf deps/v8/third_party/jinja2
 rm -rf tools/inspector_protocol/jinja2
-# Replace any instances of unversioned python' with python2
+# Replace any instances of unversioned python' with python3
-pathfix.py -i %{__python2} -pn $(find -type f ! -name "*.js")
+# check for correct versions of dependencies we are bundling
-find . -type f -exec sed -i "s~/usr\/bin\/env python~/usr/bin/python2~" {} \;
+check_wasm_dep() {
-find . -type f -exec sed -i "s~/usr\/bin\/python\W~/usr/bin/python2~" {} \;
+  local -r name="$1" source="$2" packagejson="$3"
-sed -i "s~python~python2~" $(find . -type f | grep "gyp$")
+  local -r expected_version="$(jq -r '.version' "${packagejson}")"
  if ls "${source}"|grep -q --fixed-strings "${expected_version}"; then
    printf '%s version matches\n' "${name}" >&2
  else
    printf '%s version MISMATCH: %s !~ %s\n' "${name}" "${expected_version}" "${source}" >&2
    return 1
  fi
 }
 check_wasm_dep cjs-module-lexer '%{SOURCE101}' deps/cjs-module-lexer/package.json
 check_wasm_dep undici           '%{SOURCE111}' deps/undici/src/package.json
 %if %{with python3_fixup}
 pathfix.py -i %{__python3} -pn $(find -type f ! -name "*.js")
 find . -type f -exec sed -i "s~/usr\/bin\/env python~/usr/bin/python3~" {} \;
 find . -type f -exec sed -i "s~/usr\/bin\/python\W~/usr/bin/python3~" {} \;
 sed -i "s~usr\/bin\/python2~usr\/bin\/python3~" ./deps/v8/tools/gen-inlining-tests.py
-sed -i "s~usr\/bin\/python.*$~usr\/bin\/python2~" ./deps/v8/tools/mb/mb_unittest.py
+sed -i "s~usr\/bin\/python.*$~usr\/bin\/python3~" ./deps/v8/tools/mb/mb_test.py
-find . -type f -exec sed -i "s~python -c~python2 -c~" {} \;
+find . -type f -exec sed -i "s~python -c~python3 -c~" {} \;
-sed -i "s~which('python')~which('python2')~" configure
+%endif
 %build
@ -337,49 +425,33 @@ sed -i "s~which('python')~which('python2')~" configure
 %global optflags %(echo %{optflags} | sed 's/-g /-g1 /')
 %endif
-export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
+export CC='gcc'
-export CC='%{__cc}'
+export CXX='g++'
-export CXX='%{__cxx}'
+%{?with_python3_fixup:export NODE_GYP_FORCE_PYTHON=%{__python3}}
 # build with debugging symbols and add defines from libuv (#892601)
 # Node's v8 breaks with GCC 6 because of incorrect usage of methods on
 # NULL objects. We need to pass -fno-delete-null-pointer-checks
-export CFLAGS='%{optflags} \
+extra_cflags=(
-               -D_LARGEFILE_SOURCE \
+    -D_LARGEFILE_SOURCE
-               -D_FILE_OFFSET_BITS=64 \
+    -D_FILE_OFFSET_BITS=64
-               -DZLIB_CONST \
+    -DZLIB_CONST
-               -fno-delete-null-pointer-checks'
+    -fno-delete-null-pointer-checks
-export CXXFLAGS='%{optflags} \
+)
-                 -D_LARGEFILE_SOURCE \
+export CFLAGS="%{optflags} ${extra_cflags[*]}" CXXFLAGS="%{optflags} ${extra_cflags[*]}"
                 -D_FILE_OFFSET_BITS=64 \
                 -DZLIB_CONST \
                 -fno-delete-null-pointer-checks'
 # Explicit new lines in C(XX)FLAGS can break naive build scripts
 export CFLAGS="$(echo ${CFLAGS} | tr '\n\\' '  ')"
 export CXXFLAGS="$(echo ${CXXFLAGS} | tr '\n\\' '  ')"
 export LDFLAGS="%{build_ldflags}"
-%if %{with bootstrap}
+%{__python3} configure.py --prefix=%{_prefix} --verbose \
-./configure --prefix=%{_prefix} \
+           --shared-openssl --openssl-conf-name=openssl_conf \
           --shared-openssl \
           --shared-zlib \
-           --without-dtrace \
+           --shared-brotli \
-           --with-intl=small-icu \
+           %{!?with_bundled:--shared-libuv} \
-           --openssl-use-def-ca-store
+           %{!?with_bundled:--shared-nghttp2} \
 %else
 ./configure --prefix=%{_prefix} \
           --shared-openssl \
           --shared-zlib \
           --shared-libuv \
           --shared-http-parser \
           --shared-nghttp2 \
           --with-dtrace \
           --with-intl=small-icu \
           --with-icu-default-data-dir=%{icudatadir} \
-           --openssl-use-def-ca-store
+           --openssl-use-def-ca-store \
-%endif
+           --openssl-default-cipher-list=PROFILE=SYSTEM
 %if %{?with_debug} == 1
 # Setting BUILDTYPE=Debug builds both release and debug binaries
@ -390,7 +462,7 @@ make BUILDTYPE=Release %{?_smp_mflags}
 # Extract the ICU data and convert it to the appropriate endianness
 pushd deps/
-tar xfz %SOURCE3
+unzip -a %{SOURCE3}
 pushd icu/source
@ -419,8 +491,6 @@ popd # deps
 %install
 export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
 rm -rf %{buildroot}
 ./tools/install.py install %{buildroot} %{_prefix}
@ -467,9 +537,10 @@ cp -pr deps/npm/man/* %{buildroot}%{_mandir}/
 rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/man
 ln -sf %{_mandir}  %{buildroot}%{_prefix}/lib/node_modules/npm/man
-# Install Gatsby HTML documentation to %{_pkgdocdir}
+# Install Gatsby HTML documentation to %%{_pkgdocdir}
 cp -pr deps/npm/docs %{buildroot}%{_pkgdocdir}/npm/
 rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/docs
 ln -sf %{_pkgdocdir}/npm %{buildroot}%{_prefix}/lib/node_modules/npm/docs
 # Node tries to install some python files into a documentation directory
@ -487,18 +558,22 @@ find %{buildroot}%{_prefix}/lib/node_modules/npm \
    -exec chmod -x {} \;
 # The above command is a little overzealous. Add a few permissions back.
-chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/npm-lifecycle/node-gyp-bin/node-gyp
+chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp
 chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js
 # Corepack contains a number of executable"shims", including some for Windows
 # PowerShell. Drop the executable bit for those so we don't pick up an
 # automatic dependency on /usr/bin/pwsh that we cannot satisfy.
 chmod -x %{buildroot}%{_prefix}/lib/node_modules/corepack/shims/*.ps1
 # Drop the NPM builtin configuration in place
 sed -e 's#@SYSCONFDIR@#%{_sysconfdir}#g' \
    %{SOURCE8} > %{buildroot}%{_prefix}/lib/node_modules/npm/npmrc
 # Drop the NPM default configuration in place
 mkdir -p %{buildroot}%{_sysconfdir}
 cp %{SOURCE1} %{buildroot}%{_sysconfdir}/npmrc
 # NPM upstream expects it to be in /usr/etc/npmrc, so we'll put a symlink here
 # This is done in the interests of keeping /usr read-only.
 mkdir -p %{buildroot}%{_prefix}/etc
 ln -s %{_sysconfdir}/npmrc %{buildroot}%{_prefix}/etc/npmrc
 # Install the full-icu data files
 install -Dpm0644 -t %{buildroot}%{icudatadir} deps/icu/source/converted/*
@ -513,10 +588,11 @@ install -Dpm0644 -t %{buildroot}%{icudatadir} deps/icu/source/converted/*
 %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')"
 # Ensure we have npm and that the version matches
-NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"npm\").version, '%{npm_version}')"
+# NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"npm\").version, '%{npm_version}')"
 NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(JSON.parse(require(\"fs\").readFileSync(\"%{buildroot}%{_prefix}/lib/node_modules/npm/package.json\")).version, '%{npm_version}')"
 # Make sure i18n support is working
-NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2}
+NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2}
 %pretrans -n npm -p <lua>
@ -534,6 +610,38 @@ if d_st then
  end
 end
 -- Replace the npm docs directory with a symlink
 -- Drop this scriptlet when F31 is EOL
 path = "%{_prefix}/lib/node_modules/npm/doc"
 st = posix.stat(path)
 if st and st.type == "directory" then
  status = os.rename(path, path .. ".rpmmoved")
  if not status then
    suffix = 0
    while not status do
      suffix = suffix + 1
      status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
    end
    os.rename(path, path .. ".rpmmoved")
  end
 end
 -- Replace the npm docs directory with a symlink
 -- Drop this scriptlet when F31 is EOL
 path = "%{_prefix}/lib/node_modules/npm/html"
 st = posix.stat(path)
 if st and st.type == "directory" then
  status = os.rename(path, path .. ".rpmmoved")
  if not status then
    suffix = 0
    while not status do
      suffix = suffix + 1
      status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
    end
    os.rename(path, path .. ".rpmmoved")
  end
 end
 -- Replace the npm man directory with a symlink
 -- Drop this scriptlet when F31 is EOL
 path = "%{_prefix}/lib/node_modules/npm/man"
@ -559,17 +667,17 @@ end
 %dir %{_datadir}/systemtap/tapset
 %{_datadir}/systemtap/tapset/node.stp
-%if %{with bootstrap}
+# corepack
-# no dtrace
+%{_bindir}/corepack
-%else
+%{_prefix}/lib/node_modules/corepack
 %dir %{_usr}/lib/dtrace
 %{_usr}/lib/dtrace/node.d
 %endif
 %{_rpmconfigdir}/fileattrs/nodejs_native.attr
 %{_rpmconfigdir}/nodejs_native.req
 %license LICENSE
-%doc AUTHORS CHANGELOG.md COLLABORATOR_GUIDE.md GOVERNANCE.md README.md
+%doc CHANGELOG.md onboarding.md GOVERNANCE.md README.md
 %doc %{_mandir}/man1/node.1*
@ -592,7 +700,6 @@ end
 %{_bindir}/npx
 %{_prefix}/lib/node_modules/npm
 %config(noreplace) %{_sysconfdir}/npmrc
 %{_prefix}/etc/npmrc
 %ghost %{_sysconfdir}/npmignore
 %doc %{_mandir}/man1/npm*.1*
 %doc %{_mandir}/man1/npx.1*
@ -601,73 +708,199 @@ end
 %doc %{_mandir}/man5/npmrc.5*
 %doc %{_mandir}/man5/package-json.5*
 %doc %{_mandir}/man5/package-lock-json.5*
-%doc %{_mandir}/man5/package-locks.5*
+%doc %{_mandir}/man5/npm-shrinkwrap-json.5*
-%doc %{_mandir}/man5/shrinkwrap-json.5*
+%doc %{_mandir}/man5/npm-global.5.*
 %doc %{_mandir}/man5/npm-json.5.*
 %doc %{_mandir}/man7/config.7*
 %doc %{_mandir}/man7/dependency-selectors.7*
 %doc %{_mandir}/man7/developers.7*
-%doc %{_mandir}/man7/disputes.7*
+%doc %{_mandir}/man7/logging.7*
 %doc %{_mandir}/man7/orgs.7*
 %doc %{_mandir}/man7/package-spec.7*
 %doc %{_mandir}/man7/registry.7*
 %doc %{_mandir}/man7/removal.7*
 %doc %{_mandir}/man7/scope.7*
 %doc %{_mandir}/man7/scripts.7*
-%doc %{_mandir}/man7/semver.7*
+%doc %{_mandir}/man7/workspaces.7*
 %files docs
 %doc doc
 %dir %{_pkgdocdir}
 %{_pkgdocdir}/html
 %{_pkgdocdir}/npm/docs
 %changelog
-* Wed Feb 24 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.24.0-1
+* Wed Aug 23 2023 Jan Staněk <jstanek@redhat.com> - 1:18.17.1-1
- Resolves: RHBZ#1932373, RHBZ#1932426
+- Rebase to version 18.17.1
- Resolves CVE-2021-22883 and CVE-2021-22884
+  Resolves: rhbz#2228939
- remove -debug-nghttp2 flag (1930775)
+  Resolves: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559
- remove ini patch merged upstream
+- Specify proper OpenSSL configuration section build
-* Mon Jan 18 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.23.1-1
+* Wed Jul 12 2023 Jan Staněk <jstanek@redhat.com> - 1:18.16.1-1
- January Security release
+- Rebase to 18.16.1
  Resolves: rhbz#2188290 rhbz#2166926
  Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590
 - Replace /usr/etc/npmrc symlink with builtin configuration
  Resolves: rhbz#2222287
 * Tue May 30 2023 Jan Staněk <jstanek@redhat.com> - 1:18.14.2-3
 - Update bundled c-ares to 1.19.1
  Resolves: CVE-2022-4904
  Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067
 * Tue Mar 21 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.14.2-2
 - Provide simduft
 * Tue Mar 21 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.14.2-1
 - Rebase to 18.14.2
 - Resolves: #2178086
 - Resolves: CVE-2022-25881, CVE-2023-23936, CVE-2023-24807
 - Resolves: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920
 * Fri Nov 18 2022 Jan Staněk <jstanek@redhat.com> - 1:18.12.1-2
 - Update version of bundled histogram
 * Wed Nov 09 2022 Jan Staněk <jstanek@redhat.com> - 1:18.12.1-1
 - Rebase to version 18.12.1
  Resolves: rhbz#2125580 CVE-2022-43548 CVE-2022-3517
 * Tue Sep 27 2022 Jan Staněk <jstanek@redhat.com> - 1:18.9.1-1
 - Rebase to version 18.9.1
  Resolves: CVE-2022-35255 CVE-2022-35256
 * Fri Aug 26 2022 Jan Staněk <jstanek@redhat.com> - 1:18.8.0-1
 - Rebase to version 18.8.0
 - Include sources for WASM blobs
 * Fri Jul 15 2022 Jan Staněk <jstanek@redhat.com> - 1:18.6.0-1
 - Rebase to version 18.6.0
  Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215
  Resolves: CVE-2022-29244
 * Tue May 31 2022 Jan Staněk <jstanek@redhat.com> - 1:18.2.0-1
 - Rebase to version 18.2.0
 * Mon Apr 25 2022 Jan Staněk <jstanek@redhat.com> - 1:16.14.0-5
 - Unify configure calls into single command
 - Refactor bootstrap-related parts
 - Decouple dependency bundling from bootstrapping
 * Mon Apr 11 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.14.0-4
 - Apply lock file validation fixes
 - Resolves: CVE-2021-43616
 - Resolves: RHBZ#2070013
 * Mon Dec 06 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.13.1-3
 - Resolves: RHBZ#2026329
 - Add corepack to spec
 * Mon Dec 06 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.13.1-2
 - Resolves: RHBZ#2026329
 - Update npm version test
 * Thu Dec 02 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.13.1-1
 - Resolves: RHBZ#2014132, RHBZ#2014126, RHBZ#2013828, RHBZ#2024920
 - Resolves: RHBZ#2026329
 - Rebase to LTS release and to fix multiple low and medium CVEs
 * Mon Sep 13 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.8.0-1
 - Resolves CVE-2021-32803, CVE-2021-32804, CVE-2021-37701, CVE-2021-37712
 - Resolves: RHBZ#1993948, RHBZ#1993941, RHBZ#2000151, RHBZ#2002176
 * Mon Aug 30 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.7.0-2
 - Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939,
 - CVE-2021-22940, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672
 - Resolves: RHBZ#1988608, RHBZ#1993816, RHBZ#1993810
 - Resolves: RHBZ#1993097, RHBZ#1993948, RHBZ#1993941, RHBZ#1994963
 - fix python3 in gyp
 * Wed Aug 18 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.7.0-1
 - Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939,
 - CVE-2021-22940, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672
 - Resolves: RHBZ#1988608, RHBZ#1993816, RHBZ#1993810
 - Resolves: RHBZ#1993097, RHBZ#1993948, RHBZ#1993941, RHBZ#1994963
 * Fri Jul 09 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.4.2-1
 - Resolves: RHBZ#1979847
 - Resolves CVE-2021-22918(libuv)
 - Use system cipher list(1842826, 1952915)
 * Tue May 11 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.1.0-1
 - Resolves: RHBZ#1953991
 - Rebase to v16.x
 - Update version of gcc and gcc-c++ needed
 - Remove libs conditionals
 - Remove unused patches
 - Bundle nghttp3 and ngtcp2
 * Mon Mar 01 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.16.0-2
 - Resolves RHBZ#1930775
 - remove --debug-nghttp2 option
 * Mon Mar 01 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.16.0-1
 - Resolves CVE-2021-22883 CVE-2021-22884
 - Resolves: RHBZ#1934566, RHBZ#1934599
 - Rebase, remove ini patch
 * Tue Jan 26 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.4-2
 - Add patch for yarn crash
 - Resolves: RHBZ#1915296
 * Tue Jan 19 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.4-1
 - Security rebase to 14.15.4
 - https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
- Rebase to 10.23.1
+- Resolves: RHBZ#1913001, RHBZ#1912953
- Resolves: RHBZ#1916461, RHBZ#1914789
+- Resolves: RHBZ#1912636, RHBZ#1898602, RHBZ#1898768, RHBZ#1893987, RHBZ#1893184
 - Resolves: RHBZ#1914783, RHBZ#1916462, RHBZ#1916395, RHBZ#1916459
 - Resolves: RHBZ#1916691, RHBZ#1916689, RHBZ#1916388
 - Remove dot-prop patch, as it is fixed by npm rebase
-* Tue Sep 22 2020 Jan Staněk <jstanek@redhat.com> - 1:10.22.1-1
+* Thu Oct 29 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.0-1
- Security rebase to 10.22.1
+- Resolves: RHBZ#1858864
 - Update to LTS release
-* Wed Jun 17 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-3
+* Mon Sep 21 2020 Jan Staněk <jstanek@redhat.com> - 1:14.11.0-1
- Resolves: RHBZ#1845307
+- Security update to 14.11.0
 - Remove brotli-devel requires from nodejs-devel
-* Tue Jun 16 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-2
+* Wed Jun 03 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.4.0-1
- Resolves: RHBZ#1845307
+- Security update to 14.4.0
- Turn off debug builds
+- Resolves: RHBZ#1815402
-* Mon Jun 15 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-1
+* Thu May 21 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.3.0-1
- Security update to 10.21.0
+- Update to 14.3.0
- Resolves: RHBZ#1845307
+- Fix optflags to save memory
- Fixes CVE-2020-11080, CVE-2020-8174, CVE-2020-10531
+- Resolves: RHBZ#1815402
 - Bundle brotli, because --shared-brotli configure option is missing
 - Add i18n subpackage
-* Wed Mar 18 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.19.0-2
+* Wed May 06 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.2.0-1
- Resolves: RHBZ#1811499
+- Update to 14.2.0
 - build with python3 only
 - some clean up
-* Mon Feb 10 2020 Jan Staněk <jstanek@redhat.com> - 1:10.19.0-1
+* Tue Mar 17 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.16.1-2
- Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606
+- Fix CVE-2020-10531
-* Tue Sep 10 2019 Jan Staněk <jstanek@redhat.com> - 1:10.16.3-1
+* Thu Feb 20 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.16.1-1
- Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518
+- Rebase to 12.16.1
 * Wed Jan 15 2020 Jan Staněk <jstanek@redhat.com> - 1:12.14.1-1
 - Rebase to 12.14.1
 * Fri Nov 29 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.13.1-1
 - Resolves: RHBZ# 1773503, update to 12.13.1
 - minor clean up and sync with Fedora spec
 - turn off debug builds
 * Thu Aug 01 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.4.0-2
 - Add condition to libs
 * Wed Jun 12 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.4.0-1
 - Update to v12.x
 - Add v8-devel and libs subpackages from fedora
 * Thu Mar 14 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.14.1-2
 - move nodejs-packaging BR out of conditional
 * Tue Dec 11 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.14.1-1
- Resolves: RHBZ#1644207
+- Resolves RHBZ#1644207
 - fixes node-gyp permissions
 - rebase
--- a/SOURCES/nodejs_native.attr
+++ b/SOURCES/nodejs_native.attr
--- a/2
+++ b/2
@ -0,0 +1,2 @@
 prefix=/usr/local
 python=/usr/bin/python3
--- a/npmrc.builtin.in
+++ b/npmrc.builtin.in
@ -0,0 +1,5 @@
 # This is the distibution-level configuration file for npm.
 # To configure NPM on a system level, use the globalconfig below (defaults to @SYSCONFDIR@/npmrc).
 # vim:set filetype=dosini:
 globalconfig=@SYSCONFDIR@/npmrc
--- a/5
+++ b/5
@ -0,0 +1,5 @@
 SHA512 (node-v18.17.1-stripped.tar.gz) = cdb879e3a9b5ac7a942092528ef63cddbbbfedde65f0228c8fdd15f5a18c96161db821dc2294447137ec9dd2c91fe5523d385ec35d6f9e7052b86aa92c411f46
 SHA512 (icu4c-73_1-src.zip) = 8f429cf0779742e20236a824d37151d57c94e0c9513a6d78dde30c09d1d45fce689355dfad9bd8429949b86979871efa8dfaefa3f43db46df521658a3b611595
 SHA512 (undici-5.22.1.tar.gz) = 07c9d76390ef5b986b312d313421e27fb0f25f2cea83ba8f1dfa56dd8a6f839b4f34440dc983922a97b1382c2a1aabbe9b1261cd0172d1676d341a0a5dd35f7d
 SHA512 (cjs-module-lexer-1.2.2.tar.gz) = 2c8e9caf2231ca7d61e71936305389774859aca9b5c86c63489c9a62a81f4736f99477c3f0cbb41077bb7924fdd23e0f24b7bce858e42fb0f87e7c0ffc87afeb
 SHA512 (wasi-sdk-11.0-linux.tar.gz) = e3ed4597f7f2290967eef6238e9046f60abbcb8633a4a2a51525d00e7393df8df637a98a5b668217d332dd44fcbf2442ec7efd5e65724e888d90611164451e20
		`@ -1,2 +0,0 @@`
			`3127155ecf2b75ab4835f501b7478e39c07bb852 SOURCES/icu4c-64_2-src.tgz`
			`be0e0b385a852c376f452b3d94727492e05407e4 SOURCES/node-v10.24.0-stripped.tar.gz`
		`@ -0,0 +1,2 @@`
							`prefix=/usr/local`
							`python=/usr/bin/python3`