17 changed files with 492 additions and 570 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,50 +1,2 @@
-/node-v10.7.0-stripped.tar.gz
-/node-v10.11.0-stripped.tar.gz
-/node-v10.14.1-stripped.tar.gz
-/node-v12.4.0-stripped.tar.gz
-/node-v12.13.1-stripped.tar.gz
-/node-v12.14.1-stripped.tar.gz
-/node-v12.16.1-stripped.tar.gz
-/node-v14.2.0-stripped.tar.gz
-/icu4c-66_1-src.tgz
-/node-v14.3.0-stripped.tar.gz
-/icu4c-67_1-src.tgz
-/node-v14.4.0-stripped.tar.gz
-/node-v14.11.0-stripped.tar.gz
-/node-v14.15.0-stripped.tar.gz
-/node-v14.15.4-stripped.tar.gz
-/node-v14.16.0-stripped.tar.gz
-/node-v16.1.0-stripped.tar.gz
-/icu4c-69_1-src.tgz
-/node-v16.4.2-stripped.tar.gz
-/node-v16.6.2-stripped.tar.gz
-/node-v16.7.0-stripped.tar.gz
-/node-v16.8.0-stripped.tar.gz
-/node-v16.13.1-stripped.tar.gz
-/node-v16.14.0-stripped.tar.gz
-/icu4c-70_1-src.tgz
-/node-v18.2.0-stripped.tar.gz
-/icu4c-71_1-src.tgz
-/node-v18.7.0-stripped.tar.gz
-/node-v18.8.0-stripped.tar.gz
-/undici-5.8.2.tar.gz
-/cjs-module-lexer-1.2.2.tar.gz
-/wasi-sdk-11.0-linux.tar.gz
-/wasi-sdk-14.0-linux.tar.gz
-/node-v18.10.0-stripped.tar.gz
-/undici-5.9.1.tar.gz
-/wasi-sdk-11.tar.gz
-/wasi-sdk-14.tar.gz
-/undici-5.10.0.tar.gz
-/node-v18.12.1-stripped.tar.gz
-/undici-5.11.0.tar.gz
-/node-v18.14.2-stripped.tar.gz
-/icu4c-72_1-src.tgz
-/undici-5.20.0.tar.gz
-/wasi-sdk-wasi-sdk-11.tar.gz
-/wasi-sdk-wasi-sdk-14.tar.gz
-/node-v18.16.1-stripped.tar.gz
-/undici-5.21.0.tar.gz
-/node-v18.17.1-stripped.tar.gz
-/icu4c-73_1-src.zip
-/undici-5.22.1.tar.gz
+SOURCES/icu4c-64_2-src.tgz
+SOURCES/node-v10.24.0-stripped.tar.gz
--- a/.nodejs.metadata
+++ b/.nodejs.metadata
@ -0,0 +1,2 @@
+3127155ecf2b75ab4835f501b7478e39c07bb852 SOURCES/icu4c-64_2-src.tgz
+be0e0b385a852c376f452b3d94727492e05407e4 SOURCES/node-v10.24.0-stripped.tar.gz
--- a/0001-Disable-running-gyp-on-shared-deps.patch
+++ b/0001-Disable-running-gyp-on-shared-deps.patch
@ -1,55 +0,0 @@
-From c73e0892eb1d0aa2df805618c019dc5c96b79705 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Tue, 30 May 2023 13:12:35 +0200
-Subject: [PATCH] Disable running gyp on shared deps
-
-Signed-off-by: rpm-build <rpm-build>
---
- Makefile |  2 +-
- node.gyp | 17 -----------------
- 2 files changed, 1 insertion(+), 18 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index 0be0659..3c44201 100644
--- a/Makefile
-+++ b/Makefile
-@@ -169,7 +169,7 @@ with-code-cache test-code-cache:
- 	$(warning '$@' target is a noop)
- 
- out/Makefile: config.gypi common.gypi node.gyp \
-	deps/uv/uv.gyp deps/llhttp/llhttp.gyp deps/zlib/zlib.gyp \
-+	deps/llhttp/llhttp.gyp \
- 	deps/simdutf/simdutf.gyp deps/ada/ada.gyp \
- 	tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
- 	tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
-diff --git a/node.gyp b/node.gyp
-index cf52281..c33b57b 100644
--- a/node.gyp
-+++ b/node.gyp
-@@ -430,23 +430,6 @@
-               ],
-             },
-           ],
-         }, {
-           'variables': {
-              'opensslconfig_internal': '<(obj_dir)/deps/openssl/openssl.cnf',
-              'opensslconfig': './deps/openssl/nodejs-openssl.cnf',
-           },
-           'actions': [
-             {
-               'action_name': 'reset_openssl_cnf',
-               'inputs': [ '<(opensslconfig)', ],
-               'outputs': [ '<(opensslconfig_internal)', ],
-               'action': [
-                 '<(python)', 'tools/copyfile.py',
-                 '<(opensslconfig)',
-                 '<(opensslconfig_internal)',
-               ],
-             },
-           ],
-          }],
-       ],
-     }, # node_core_target_name
-- 
-2.41.0
-
--- a/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch
+++ b/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch
@ -0,0 +1,31 @@
+From 2cd4c12776af3da588231d3eb498e6451c30eae5 Mon Sep 17 00:00:00 2001
+From: Zuzana Svetlikova <zsvetlik@redhat.com>
+Date: Thu, 27 Apr 2017 14:25:42 +0200
+Subject: [PATCH] Disable running gyp on shared deps
+
+Signed-off-by: rpm-build <rpm-build>
+---
+ Makefile | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 73feb4c..45bbceb 100644
+--- a/Makefile
+++ b/Makefile
+@@ -123,10 +123,9 @@ with-code-cache:
+ test-code-cache: with-code-cache
+ 	$(PYTHON) tools/test.py $(PARALLEL_ARGS) --mode=$(BUILDTYPE_LOWER) code-cache
+ 
+-out/Makefile: common.gypi deps/uv/uv.gyp deps/http_parser/http_parser.gyp \
+-              deps/zlib/zlib.gyp deps/v8/gypfiles/toolchain.gypi \
+-              deps/v8/gypfiles/features.gypi deps/v8/gypfiles/v8.gyp node.gyp \
+-              config.gypi
+out/Makefile: common.gypi deps/http_parser/http_parser.gyp \
+              deps/v8/gypfiles/toolchain.gypi deps/v8/gypfiles/features.gypi \
+			  deps/v8/gypfiles/v8.gyp node.gyp config.gypi
+ 	$(PYTHON) tools/gyp_node.py -f make
+ 
+ config.gypi: configure configure.py
+-- 
+2.26.2
+
--- a/SOURCES/0002-Suppress-NPM-message-to-run-global-update.patch
+++ b/SOURCES/0002-Suppress-NPM-message-to-run-global-update.patch
@ -0,0 +1,84 @@
+From e7afb2d6e2a6c8f9c9c32e12a10c3c5c4902a251 Mon Sep 17 00:00:00 2001
+From: Stephen Gallagher <sgallagh@redhat.com>
+Date: Tue, 1 May 2018 08:05:30 -0400
+Subject: [PATCH] Suppress NPM message to run global update
+
+Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
+Signed-off-by: rpm-build <rpm-build>
+---
+ deps/npm/bin/npm-cli.js | 54 -----------------------------------------
+ 1 file changed, 54 deletions(-)
+
+diff --git a/deps/npm/bin/npm-cli.js b/deps/npm/bin/npm-cli.js
+index c0d9be0..0f0892e 100755
+--- a/deps/npm/bin/npm-cli.js
+++ b/deps/npm/bin/npm-cli.js
+@@ -71,65 +71,11 @@
+     npm.command = 'help'
+   }
+ 
+-  var isGlobalNpmUpdate = conf.global && ['install', 'update'].includes(npm.command) && npm.argv.includes('npm')
+-
+   // now actually fire up npm and run the command.
+   // this is how to use npm programmatically:
+   conf._exit = true
+   npm.load(conf, function (er) {
+     if (er) return errorHandler(er)
+-    if (
+-      !isGlobalNpmUpdate &&
+-      npm.config.get('update-notifier') &&
+-      !unsupported.checkVersion(process.version).unsupported
+-    ) {
+-      const pkg = require('../package.json')
+-      let notifier = require('update-notifier')({pkg})
+-      const isCI = require('ci-info').isCI
+-      if (
+-        notifier.update &&
+-        notifier.update.latest !== pkg.version &&
+-        !isCI
+-      ) {
+-        const color = require('ansicolors')
+-        const useColor = npm.config.get('color')
+-        const useUnicode = npm.config.get('unicode')
+-        const old = notifier.update.current
+-        const latest = notifier.update.latest
+-        let type = notifier.update.type
+-        if (useColor) {
+-          switch (type) {
+-            case 'major':
+-              type = color.red(type)
+-              break
+-            case 'minor':
+-              type = color.yellow(type)
+-              break
+-            case 'patch':
+-              type = color.green(type)
+-              break
+-          }
+-        }
+-        const changelog = `https://github.com/npm/cli/releases/tag/v${latest}`
+-        notifier.notify({
+-          message: `New ${type} version of ${pkg.name} available! ${
+-            useColor ? color.red(old) : old
+-          } ${useUnicode ? '→' : '->'} ${
+-            useColor ? color.green(latest) : latest
+-          }\n` +
+-          `${
+-            useColor ? color.yellow('Changelog:') : 'Changelog:'
+-          } ${
+-            useColor ? color.cyan(changelog) : changelog
+-          }\n` +
+-          `Run ${
+-            useColor
+-              ? color.green(`npm install -g ${pkg.name}`)
+-              : `npm i -g ${pkg.name}`
+-          } to update!`
+-        })
+-      }
+-    }
+     npm.commands[npm.command](npm.argv, function (err) {
+       // https://genius.com/Lin-manuel-miranda-your-obedient-servant-lyrics
+       if (
+-- 
+2.26.2
+
--- a/SOURCES/0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch
+++ b/SOURCES/0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch
@ -0,0 +1,122 @@
+From 0028cc74dac4dd24b8599ade85cb49fdafa9f559 Mon Sep 17 00:00:00 2001
+From: Stephen Gallagher <sgallagh@redhat.com>
+Date: Fri, 6 Dec 2019 16:40:25 -0500
+Subject: [PATCH] build: auto-load ICU data from --with-icu-default-data-dir
+
+When compiled with `--with-intl=small` and
+`--with-icu-default-data-dir=PATH`, Node.js will use PATH as a
+fallback location for the ICU data.
+
+We will first perform an access check using fopen(PATH, 'r') to
+ensure that the file is readable. If it is, we'll set the
+icu_data_directory and proceed. There's a slight overhead for the
+fopen() check, but it should be barely measurable.
+
+This will be useful for Linux distribution packagers who want to
+be able to ship a minimal node binary in a container image but
+also be able to add on the full i18n support where needed. With
+this patch, it becomes possible to ship the interpreter as
+/usr/bin/node in one package for the distribution and to ship the
+data files in another package (without a strict dependency
+between the two). This means that users of the distribution will
+not need to explicitly direct Node.js to locate the ICU data. It
+also means that in environments where full internationalization is
+not required, they do not need to carry the extra content (with
+the associated storage costs).
+
+Refs: https://github.com/nodejs/node/issues/3460
+
+Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
+Signed-off-by: rpm-build <rpm-build>
+---
+ configure.py |  9 +++++++++
+ node.gypi    |  7 +++++++
+ src/node.cc  | 20 ++++++++++++++++++++
+ 3 files changed, 36 insertions(+)
+
+diff --git a/configure.py b/configure.py
+index 89f7bf5..d611a88 100755
+--- a/configure.py
+++ b/configure.py
+@@ -433,6 +433,14 @@ intl_optgroup.add_option('--with-icu-source',
+         'the icu4c source archive. '
+         'v%d.x or later recommended.' % icu_versions['minimum_icu'])
+ 
+intl_optgroup.add_option('--with-icu-default-data-dir',
+    action='store',
+    dest='with_icu_default_data_dir',
+    help='Path to the icuXXdt{lb}.dat file. If unspecified, ICU data will '
+         'only be read if the NODE_ICU_DATA environment variable or the '
+         '--icu-data-dir runtime argument is used. This option has effect '
+         'only when Node.js is built with --with-intl=small-icu.')
+
+ parser.add_option('--with-ltcg',
+     action='store_true',
+     dest='with_ltcg',
+@@ -1359,6 +1367,7 @@ def configure_intl(o):
+     locs.add('root')  # must have root
+     o['variables']['icu_locales'] = string.join(locs,',')
+     # We will check a bit later if we can use the canned deps/icu-small
+    o['variables']['icu_default_data'] = options.with_icu_default_data_dir or ''
+   elif with_intl == 'full-icu':
+     # full ICU
+     o['variables']['v8_enable_i18n_support'] = 1
+diff --git a/node.gypi b/node.gypi
+index 466a174..65b97d6 100644
+--- a/node.gypi
+++ b/node.gypi
+@@ -113,6 +113,13 @@
+       'conditions': [
+         [ 'icu_small=="true"', {
+           'defines': [ 'NODE_HAVE_SMALL_ICU=1' ],
+          'conditions': [
+            [ 'icu_default_data!=""', {
+              'defines': [
+                'NODE_ICU_DEFAULT_DATA_DIR="<(icu_default_data)"',
+              ],
+            }],
+          ],
+       }]],
+     }],
+     [ 'node_use_bundled_v8=="true" and \
+diff --git a/src/node.cc b/src/node.cc
+index 7c01187..c9840e3 100644
+--- a/src/node.cc
+++ b/src/node.cc
+@@ -92,6 +92,7 @@
+ 
+ #if defined(NODE_HAVE_I18N_SUPPORT)
+ #include <unicode/uvernum.h>
+#include <unicode/utypes.h>
+ #endif
+ 
+ #if defined(LEAK_SANITIZER)
+@@ -2643,6 +2644,25 @@ void Init(std::vector<std::string>* argv,
+   // If the parameter isn't given, use the env variable.
+   if (per_process_opts->icu_data_dir.empty())
+     SafeGetenv("NODE_ICU_DATA", &per_process_opts->icu_data_dir);
+
+#ifdef NODE_ICU_DEFAULT_DATA_DIR
+  // If neither the CLI option nor the environment variable was specified,
+  // fall back to the configured default
+  if (per_process_opts->icu_data_dir.empty()) {
+    // Check whether the NODE_ICU_DEFAULT_DATA_DIR contains the right data
+    // file and can be read.
+    static const char full_path[] =
+        NODE_ICU_DEFAULT_DATA_DIR "/" U_ICUDATA_NAME ".dat";
+
+    FILE* f = fopen(full_path, "rb");
+
+    if (f != nullptr) {
+      fclose(f);
+      per_process_opts->icu_data_dir = NODE_ICU_DEFAULT_DATA_DIR;
+    }
+  }
+#endif  // NODE_ICU_DEFAULT_DATA_DIR
+
+   // Initialize ICU.
+   // If icu_data_dir is empty here, it will load the 'minimal' data.
+   if (!i18n::InitializeICUDirectory(per_process_opts->icu_data_dir)) {
+-- 
+2.26.2
+
--- a/SOURCES/0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch
+++ b/SOURCES/0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch
@ -0,0 +1,13 @@
+diff --git a/deps/npm/node_modules/y18n/index.js b/deps/npm/node_modules/y18n/index.js
+index d720681628..727362aac0 100644
+--- a/deps/npm/node_modules/y18n/index.js
+++ b/deps/npm/node_modules/y18n/index.js
+@@ -11,7 +11,7 @@ function Y18N (opts) {
+   this.fallbackToLanguage = typeof opts.fallbackToLanguage === 'boolean' ? opts.fallbackToLanguage : true
+ 
+   // internal stuff.
+-  this.cache = {}
+  this.cache = Object.create(null)
+   this.writeQueue = []
+ }
+ 
--- a/SOURCES/btest402.js
+++ b/SOURCES/btest402.js
--- a/SOURCES/nodejs-tarball.sh
+++ b/SOURCES/nodejs-tarball.sh
@ -120,15 +120,15 @@ rm -rf node-v${version}/deps/openssl
 tar -zcf node-v${version}-stripped.tar.gz node-v${version}

 # Download the matching version of ICU
-rm -f icu4c*-src.zip icu.md5
+rm -f icu4c*-src.tgz icu.md5
 ICUMD5=$(cat node-v${version}/tools/icu/current_ver.dep |jq -r '.[0].md5')
 wget $(cat node-v${version}/tools/icu/current_ver.dep |jq -r '.[0].url')
-ICUTARBALL=$(ls -1 icu4c*-src.zip)
+ICUTARBALL=$(ls -1 icu4c*-src.tgz)
 echo "$ICUMD5  $ICUTARBALL" > icu.md5
 md5sum -c icu.md5
 rm -f icu.md5 SHASUMS256.txt

-#fedpkg new-sources node-v${version}-stripped.tar.gz icu4c*-src.tgz
+rhpkg new-sources node-v${version}-stripped.tar.gz icu4c*-src.tgz

 rm -f node-v${version}.tar.gz

@ -155,11 +155,11 @@ grep "define ARES_VERSION_MAJOR" node-v${version}/deps/cares/include/ares_versio
 grep "define ARES_VERSION_MINOR" node-v${version}/deps/cares/include/ares_version.h
 grep "define ARES_VERSION_PATCH" node-v${version}/deps/cares/include/ares_version.h
 echo
-echo "llhttp"
+echo "http-parser"
 echo "========================="
-grep "define LLHTTP_VERSION_MAJOR" node-v${version}/deps/llhttp/include/llhttp.h
-grep "define LLHTTP_VERSION_MINOR" node-v${version}/deps/llhttp/include/llhttp.h
-grep "define LLHTTP_VERSION_PATCH" node-v${version}/deps/llhttp/include/llhttp.h
+grep "define HTTP_PARSER_VERSION_MAJOR" node-v${version}/deps/http_parser/http_parser.h
+grep "define HTTP_PARSER_VERSION_MINOR" node-v${version}/deps/http_parser/http_parser.h
+grep "define HTTP_PARSER_VERSION_PATCH" node-v${version}/deps/http_parser/http_parser.h
 echo
 echo "libuv"
 echo "========================="
@ -171,14 +171,6 @@ echo "nghttp2"
 echo "========================="
 grep "define NGHTTP2_VERSION " node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
 echo
-echo "nghttp3"
-echo "========================="
-grep "define NGHTTP3_VERSION " node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
-echo
-echo "ngtcp2"
-echo "========================="
-grep "define NGTCP2_VERSION " node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
-echo
 echo "ICU"
 echo "========================="
 grep "url" node-v${version}/tools/icu/current_ver.dep
@ -187,12 +179,6 @@ echo "punycode"
 echo "========================="
 grep "'version'" node-v${version}/lib/punycode.js
 echo
-echo "uvwasi"
-echo "========================="
-grep "define UVWASI_VERSION_MAJOR" node-v${version}/deps/uvwasi/include/uvwasi.h
-grep "define UVWASI_VERSION_MINOR" node-v${version}/deps/uvwasi/include/uvwasi.h
-grep "define UVWASI_VERSION_PATCH" node-v${version}/deps/uvwasi/include/uvwasi.h
-echo
 echo "npm"
 echo "========================="
 grep "\"version\":" node-v${version}/deps/npm/package.json
--- a/SOURCES/nodejs_native.attr
+++ b/SOURCES/nodejs_native.attr
--- a/SOURCES/npmrc
+++ b/SOURCES/npmrc
@ -0,0 +1 @@
+prefix=/usr/local
--- a/SPECS/nodejs.spec
+++ b/SPECS/nodejs.spec
@ -1,29 +1,13 @@
-# The following macros control the usage of dependencies bundled from upstream.
-#
-# When to use what:
-# - Regular (presumably non-modular) build: use neither (the default in Fedora)
-# - Early bootstrapping build that is not intended to be shipped:
-#     use --with=bootstrap; this will bundle deps and add `~bootstrap` release suffix
-# - Build with some dependencies not avalaible in necessary versions (i.e. module build):
-#     use --with=bundled; will bundle deps, but do not add the suffix
-#
-# create bootstrapping build with bundled deps and extra release suffix
-%bcond_with bootstrap
-# bundle dependencies that are not available in CentOS
-%if %{with bootstrap}
-%bcond_without bundled
-%else
-%bcond_with bundled
+%global with_debug 0
+
+# PowerPC, s390x and aarch64 segfault during Debug builds
+# https://github.com/nodejs/node/issues/20642
+%ifarch %{power64} s390x aarch64
+%global with_debug 0
 %endif

-%bcond_with python3_fixup
-
-# LTO is currently broken on Node.js builds
-%define _lto_cflags %{nil}
-
-# Heavy-handed approach to avoiding issues with python
-# bytecompiling files in the node_modules/ directory
-%global __python %{__python3}
+# bundle dependencies that are not available as Fedora modules
+%bcond_with bootstrap

 # == Master Relase ==
 # This is used by both the nodejs package and the npm subpackage that
@ -39,12 +23,12 @@
 # feature releases that are only supported for nine months, which is shorter
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
-%global nodejs_major 18
-%global nodejs_minor 17
-%global nodejs_patch 1
+%global nodejs_major 10
+%global nodejs_minor 24
+%global nodejs_patch 0
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
-%global nodejs_soversion 108
+%global nodejs_soversion 64
 %global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}
 %global nodejs_release %{baserelease}

@ -53,11 +37,11 @@
 # == Bundled Dependency Versions ==
 # v8 - from deps/v8/include/v8-version.h
 # Epoch is set to ensure clean upgrades from the old v8 package
-%global v8_epoch 2
-%global v8_major 10
-%global v8_minor 2
-%global v8_build 154
-%global v8_patch 26
+%global v8_epoch 1
+%global v8_major 6
+%global v8_minor 8
+%global v8_build 275
+%global v8_patch 32
 # V8 presently breaks ABI at least every x.y release while never bumping SONAME
 %global v8_abi %{v8_major}.%{v8_minor}
 %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}
@ -65,68 +49,53 @@

 # c-ares - from deps/cares/include/ares_version.h
 # https://github.com/nodejs/node/pull/9332
-%global c_ares_version 1.19.1
+%global c_ares_major 1
+%global c_ares_minor 15
+%global c_ares_patch 0
+%global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch}

-# llhttp - from deps/llhttp/include/llhttp.h
-%global llhttp_version 6.0.11
+# http-parser - from deps/http_parser/http_parser.h
+%global http_parser_major 2
+%global http_parser_minor 9
+%global http_parser_patch 4
+%global http_parser_version %{http_parser_major}.%{http_parser_minor}.%{http_parser_patch}

 # libuv - from deps/uv/include/uv/version.h
-%global libuv_version 1.44.2
+%global libuv_major 1
+%global libuv_minor 34
+%global libuv_patch 2
+%global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch}

 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
-%global nghttp2_version 1.52.0
-
-# nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
-%global nghttp3_major 0
-%global nghttp3_minor 7
-%global nghttp3_patch 0
-%global nghttp3_version %{nghttp3_major}.%{nghttp3_minor}.%{nghttp3_patch}
-
-# ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
-%global ngtcp2_major 0
-%global ngtcp2_minor 8
-%global ngtcp2_patch 1
-%global ngtcp2_version %{ngtcp2_major}.%{ngtcp2_minor}.%{ngtcp2_patch}
+%global nghttp2_major 1
+%global nghttp2_minor 41
+%global nghttp2_patch 0
+%global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch}

 # ICU - from tools/icu/current_ver.dep
-%global icu_major 73
-%global icu_minor 1
+%global icu_major 64
+%global icu_minor 2
 %global icu_version %{icu_major}.%{icu_minor}

 %global icudatadir %{nodejs_datadir}/icudata
 %{!?little_endian: %global little_endian %(%{__python3} -c "import sys;print (0 if sys.byteorder=='big' else 1)")}
 # " this line just fixes syntax highlighting for vim that is confused by the above and continues literal

-%global sys_icu_version %(/usr/bin/icu-config --version)
-
-%if "%{sys_icu_version}" >= "%{icu_version}"
-%global bundled_icu 0
-%global icu_flag system-icu
-%else
-%global bundled_icu 1
-%global icu_flag full-icu
-%endif
-
-# simduft from deps/simdutf/simdutf.h
-%global simduft_major 3
-%global simduft_minor 2
-%global simduft_patch 12
-%global simduft_version %{simduft_major}.%{simduft_minor}.%{simduft_patch}
-
-# ada from deps/ada/ada.h
-%global ada_version 2.5.0
-
-# OpenSSL minimum version
-%global openssl_minimum 1:1.1.1

 # punycode - from lib/punycode.js
 # Note: this was merged into the mainline since 0.6.x
 # Note: this will be unmerged in an upcoming major release
-%global punycode_version 2.1.0
+%global punycode_major 2
+%global punycode_minor 1
+%global punycode_patch 0
+%global punycode_version %{punycode_major}.%{punycode_minor}.%{punycode_patch}

 # npm - from deps/npm/package.json
 %global npm_epoch 1
-%global npm_version 9.6.7
+%global npm_major 6
+%global npm_minor 14
+%global npm_patch 11
+%global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}

 # In order to avoid needing to keep incrementing the release version for the
 # main package forever, we will just construct one for npm that is guaranteed
@ -134,11 +103,12 @@
 # base npm version number is increasing.
 %global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}

-# uvwasi - from deps/uvwasi/include/uvwasi.h
-%global uvwasi_version 0.0.18
-
-# histogram_c - assumed from timestamps
-%global histogram_version 0.11.2
+# brotli - from deps/brotli/c/common/version.h
+# v10.x doesn't have --shared-brotli configure option, so we have to bundle it
+%global brotli_major 1
+%global brotli_minor 0
+%global brotli_patch 7
+%global brotli_version %{brotli_major}.%{brotli_minor}.%{brotli_patch}

 Name: nodejs
 Epoch: %{nodejs_epoch}
@ -157,7 +127,7 @@ ExclusiveArch: %{nodejs_arches}
 Source0: node-v%{nodejs_version}-stripped.tar.gz
 Source1: npmrc
 Source2: btest402.js
-Source3: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-src.zip
+Source3: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-src.tgz
 Source100: %{name}-tarball.sh

 # The native module Requires generator remains in the nodejs SRPM, so it knows
@ -165,73 +135,49 @@ Source100: %{name}-tarball.sh
 # nodejs-packaging SRPM.
 Source7: nodejs_native.attr

-# Configure npm to look into /etc for configuration
-Source8: npmrc.builtin.in
-
-# These are full sources for dependencies included as WASM blobs in the source of Node itself.
-# Note: These sources would also include pre-compiled WASM blobs… so they are adjusted not to.
-# Recipes for creating these blobs are included in the sources.
-
-# Version: jq '.version' deps/cjs-module-lexer/package.json
-# Original: https://github.com/nodejs/cjs-module-lexer/archive/refs/tags/1.2.2.tar.gz
-# Adjustments: rm -f cjs-module-lexer-1.2.2/lib/lexer.wasm
-# wasi-sdk version can be found in Makefile
-# https://github.com/nodejs/cjs-module-lexer/blob/1.2.2/Makefile
-Source101: cjs-module-lexer-1.2.2.tar.gz
-Source111: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-11.0-linux.tar.gz
-
-# Version: jq '.version' deps/undici/src/package.json
-# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.22.1.tar.gz
-# Adjustments: rm -f undici-5.22.1/lib/llhttp/llhttp*.wasm
-# Build uses alpine image, see alpine for sources for wasi-sdk
-Source102: undici-5.22.1.tar.gz
-
 # Disable running gyp on bundled deps we don't use
 Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
-Patch3: nodejs-fips-disable-options.patch
+
+# Suppress the message from npm to run `npm -g update npm`
+# This does bad things on an RPM-managed npm.
+Patch2: 0002-Suppress-NPM-message-to-run-global-update.patch
+
+# Upstream patch to enable auto-detection of full ICU data
+# https://github.com/nodejs/node/pull/30825
+Patch3: 0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch
+
+# CVE-2020-7774
+Patch4: 0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch

 BuildRequires: make
+BuildRequires: python2-devel
 BuildRequires: python3-devel
-BuildRequires: python3-setuptools
-BuildRequires: python3-jinja2
-%if !%{with python3_fixup}
-BuildRequires: python-unversioned-command
-%endif
 BuildRequires: zlib-devel
-BuildRequires: brotli-devel
-BuildRequires: gcc >= 8.3.0
-BuildRequires: gcc-c++ >= 8.3.0
-BuildRequires: jq
+BuildRequires: gcc >= 6.3.0
+BuildRequires: gcc-c++ >= 6.3.0
 # needed to generate bundled provides for npm dependencies
 # https://src.fedoraproject.org/rpms/nodejs/pull-request/2
 # https://pagure.io/nodejs-packaging/pull-request/10
 BuildRequires: nodejs-packaging
 BuildRequires: chrpath
 BuildRequires: libatomic
-BuildRequires: systemtap-sdt-devel

-%if %{with bundled}
+%if %{with bootstrap}
+Provides: bundled(http-parser) = %{http_parser_version}
 Provides: bundled(libuv) = %{libuv_version}
-%else
-BuildRequires: libuv-devel >= 1:%{libuv_version}
-Requires:      libuv >= 1:%{libuv_version}
-%endif
-
-%if %{with bundled}
 Provides: bundled(nghttp2) = %{nghttp2_version}
 %else
+BuildRequires: systemtap-sdt-devel
+BuildRequires: libuv-devel >= 1:%{libuv_version}
+Requires: libuv >= 1:%{libuv_version}
 BuildRequires: libnghttp2-devel >= %{nghttp2_version}
 Requires: libnghttp2 >= %{nghttp2_version}
+BuildRequires: http-parser-devel >= %{http_parser_version}
+Requires: http-parser >= %{http_parser_version}
+
 %endif

-# Temporarily bundle llhttp because the upstream doesn't
-# provide releases for it.
-Provides: bundled(llhttp) = %{llhttp_version}
-Provides: bundled(nghttp3) = %{nghttp3_version}
-Provides: bundled(ngtcp2) = %{ngtcp2_version}
-
-BuildRequires: openssl-devel >= %{openssl_minimum}
-Requires: openssl >= %{openssl_minimum}
+BuildRequires: openssl-devel

 # we need the system certificate store
 Requires: ca-certificates
@ -283,15 +229,16 @@ Provides: bundled(v8) = %{v8_version}
 # an ABI-break, so we'll use the bundled copy.
 Provides: bundled(icu) = %{icu_version}

-# Upstream added new dependencies, but so far they are not available in Fedora
-# or there's no option to built it as a shared dependency, so we bundle them
-Provides: bundled(uvwasi) = %{uvwasi_version}
-Provides: bundled(histogram) = %{histogram_version}
-Provides: bundled(simduft) = %{simduft_version}
-Provides: bundled(ada) = %{ada_version}
-
 # Make sure we keep NPM up to date when we update Node.js
-Recommends: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
+%if 0%{?rhel}
+# EPEL doesn't support Recommends, so make it strict
+Requires: npm = %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
+%else
+Recommends: npm = %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
+%endif
+
+# Provide bundled brotli until we can build it with system package
+Provides: bundled(brotli) = %{brotli_version}

 %description
 Node.js is a platform built on Chrome's JavaScript runtime
@ -307,10 +254,12 @@ Group: Development/Languages
 Requires: %{name}%{?_isa} = %{epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
 Requires: openssl-devel%{?_isa}
 Requires: zlib-devel%{?_isa}
-Requires: brotli-devel%{?_isa}
 Requires: nodejs-packaging

-%if %{without bundled}
+%if %{with bootstrap}
+# deps are bundled
+%else
+Requires: http-parser-devel%{?_isa}
 Requires: libuv-devel%{?_isa}
 %endif

@ -339,7 +288,6 @@ Release: %{npm_release}%{?dist}
 Obsoletes: npm < 0:3.5.4-6
 Provides: npm = %{npm_epoch}:%{npm_version}
 Requires: nodejs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
-Recommends: nodejs-docs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}

 # Do not add epoch to the virtual NPM provides or it will break
 # the automatic dependency-generation script.
@ -370,77 +318,79 @@ The API documentation for the Node.js JavaScript runtime.

 # remove bundled dependencies that we aren't building
 rm -rf deps/zlib
-rm -rf deps/brotli
-rm -rf deps/v8/third_party/jinja2
-rm -rf tools/inspector_protocol/jinja2

-# Replace any instances of unversioned python' with python3
-# check for correct versions of dependencies we are bundling
-check_wasm_dep() {
-  local -r name="$1" source="$2" packagejson="$3"
-  local -r expected_version="$(jq -r '.version' "${packagejson}")"
-
-  if ls "${source}"|grep -q --fixed-strings "${expected_version}"; then
-    printf '%s version matches\n' "${name}" >&2
-  else
-    printf '%s version MISMATCH: %s !~ %s\n' "${name}" "${expected_version}" "${source}" >&2
-    return 1
-  fi
-}
-
-check_wasm_dep cjs-module-lexer '%{SOURCE101}' deps/cjs-module-lexer/package.json
-check_wasm_dep undici           '%{SOURCE102}' deps/undici/src/package.json
-
-%if %{with python3_fixup}
-pathfix.py -i %{__python3} -pn $(find -type f ! -name "*.js")
-find . -type f -exec sed -i "s~/usr\/bin\/env python~/usr/bin/python3~" {} \;
-find . -type f -exec sed -i "s~/usr\/bin\/python\W~/usr/bin/python3~" {} \;
+# Replace any instances of unversioned python' with python2
+pathfix.py -i %{__python2} -pn $(find -type f ! -name "*.js")
+find . -type f -exec sed -i "s~/usr\/bin\/env python~/usr/bin/python2~" {} \;
+find . -type f -exec sed -i "s~/usr\/bin\/python\W~/usr/bin/python2~" {} \;
+sed -i "s~python~python2~" $(find . -type f | grep "gyp$")
 sed -i "s~usr\/bin\/python2~usr\/bin\/python3~" ./deps/v8/tools/gen-inlining-tests.py
-sed -i "s~usr\/bin\/python.*$~usr\/bin\/python3~" ./deps/v8/tools/mb/mb_test.py
-find . -type f -exec sed -i "s~python -c~python3 -c~" {} \;
-%endif
+sed -i "s~usr\/bin\/python.*$~usr\/bin\/python2~" ./deps/v8/tools/mb/mb_unittest.py
+find . -type f -exec sed -i "s~python -c~python2 -c~" {} \;
+sed -i "s~which('python')~which('python2')~" configure

 %build
+
 %ifarch s390 s390x %{arm} %ix86
 # Decrease debuginfo verbosity to reduce memory consumption during final
 # library linking
 %global optflags %(echo %{optflags} | sed 's/-g /-g1 /')
 %endif

+export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
 export CC='%{__cc}'
 export CXX='%{__cxx}'
-%{?with_python3_fixup:export NODE_GYP_FORCE_PYTHON=%{__python3}}

 # build with debugging symbols and add defines from libuv (#892601)
 # Node's v8 breaks with GCC 6 because of incorrect usage of methods on
 # NULL objects. We need to pass -fno-delete-null-pointer-checks
-extra_cflags=(
-    -D_LARGEFILE_SOURCE
-    -D_FILE_OFFSET_BITS=64
-    -DZLIB_CONST
-    -fno-delete-null-pointer-checks
-)
-export CFLAGS="%{optflags} ${extra_cflags[*]}" CXXFLAGS="%{optflags} ${extra_cflags[*]}"
+export CFLAGS='%{optflags} \
+               -D_LARGEFILE_SOURCE \
+               -D_FILE_OFFSET_BITS=64 \
+               -DZLIB_CONST \
+               -fno-delete-null-pointer-checks'
+export CXXFLAGS='%{optflags} \
+                 -D_LARGEFILE_SOURCE \
+                 -D_FILE_OFFSET_BITS=64 \
+                 -DZLIB_CONST \
+                 -fno-delete-null-pointer-checks'
+
+# Explicit new lines in C(XX)FLAGS can break naive build scripts
+export CFLAGS="$(echo ${CFLAGS} | tr '\n\\' '  ')"
+export CXXFLAGS="$(echo ${CXXFLAGS} | tr '\n\\' '  ')"
+
 export LDFLAGS="%{build_ldflags}"

-%{__python3} configure.py --prefix=%{_prefix} --verbose \
-           --shared-openssl --openssl-conf-name=openssl_conf \
+%if %{with bootstrap}
+./configure --prefix=%{_prefix} \
+           --shared-openssl \
           --shared-zlib \
-           --shared-brotli \
-           %{!?with_bundled:--shared-libuv} \
-           %{!?with_bundled:--shared-nghttp2} \
+           --without-dtrace \
+           --with-intl=small-icu \
+           --openssl-use-def-ca-store
+%else
+./configure --prefix=%{_prefix} \
+           --shared-openssl \
+           --shared-zlib \
+           --shared-libuv \
+           --shared-http-parser \
+           --shared-nghttp2 \
           --with-dtrace \
           --with-intl=small-icu \
           --with-icu-default-data-dir=%{icudatadir} \
-           --without-corepack \
-           --openssl-use-def-ca-store \
-           --openssl-default-cipher-list=PROFILE=SYSTEM
+           --openssl-use-def-ca-store
+%endif

+%if %{?with_debug} == 1
+# Setting BUILDTYPE=Debug builds both release and debug binaries
+make BUILDTYPE=Debug %{?_smp_mflags}
+%else
 make BUILDTYPE=Release %{?_smp_mflags}
+%endif

 # Extract the ICU data and convert it to the appropriate endianness
 pushd deps/
-unzip -a %{SOURCE3}
+tar xfz %SOURCE3

 pushd icu/source

@ -469,6 +419,8 @@ popd # deps


 %install
+export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
+
 rm -rf %{buildroot}

 ./tools/install.py install %{buildroot} %{_prefix}
@ -477,6 +429,11 @@ rm -rf %{buildroot}
 chmod 0755 %{buildroot}/%{_bindir}/node
 chrpath --delete %{buildroot}%{_bindir}/node

+%if %{?with_debug} == 1
+# Install the debug binary and set its permissions
+install -Dpm0755 out/Debug/node %{buildroot}/%{_bindir}/node_g
+%endif
+
 # own the sitelib directory
 mkdir -p %{buildroot}%{_prefix}/lib/node_modules

@ -510,10 +467,9 @@ cp -pr deps/npm/man/* %{buildroot}%{_mandir}/
 rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/man
 ln -sf %{_mandir}  %{buildroot}%{_prefix}/lib/node_modules/npm/man

-# Install Gatsby HTML documentation to %%{_pkgdocdir}
+# Install Gatsby HTML documentation to %{_pkgdocdir}
 cp -pr deps/npm/docs %{buildroot}%{_pkgdocdir}/npm/
 rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/docs
-
 ln -sf %{_pkgdocdir}/npm %{buildroot}%{_prefix}/lib/node_modules/npm/docs

 # Node tries to install some python files into a documentation directory
@ -531,17 +487,18 @@ find %{buildroot}%{_prefix}/lib/node_modules/npm \
    -exec chmod -x {} \;

 # The above command is a little overzealous. Add a few permissions back.
-chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp
+chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/npm-lifecycle/node-gyp-bin/node-gyp
 chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js

-# Drop the NPM builtin configuration in place
-sed -e 's#@SYSCONFDIR@#%{_sysconfdir}#g' \
-    %{SOURCE8} > %{buildroot}%{_prefix}/lib/node_modules/npm/npmrc
-
 # Drop the NPM default configuration in place
 mkdir -p %{buildroot}%{_sysconfdir}
 cp %{SOURCE1} %{buildroot}%{_sysconfdir}/npmrc

+# NPM upstream expects it to be in /usr/etc/npmrc, so we'll put a symlink here
+# This is done in the interests of keeping /usr read-only.
+mkdir -p %{buildroot}%{_prefix}/etc
+ln -s %{_sysconfdir}/npmrc %{buildroot}%{_prefix}/etc/npmrc
+
 # Install the full-icu data files
 install -Dpm0644 -t %{buildroot}%{icudatadir} deps/icu/source/converted/*

@ -556,10 +513,42 @@ install -Dpm0644 -t %{buildroot}%{icudatadir} deps/icu/source/converted/*
 %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')"

 # Ensure we have npm and that the version matches
-NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(JSON.parse(require(\"fs\").readFileSync(\"%{buildroot}%{_prefix}/lib/node_modules/npm/package.json\")).version, '%{npm_version}')"
+NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"npm\").version, '%{npm_version}')"

 # Make sure i18n support is working
-NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2}
+NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2}
+
+
+%pretrans -n npm -p <lua>
+-- Remove all of the symlinks from the bundled npm node_modules directory
+-- This scriptlet can be removed in Fedora 31
+base_path = "%{_prefix}/lib/node_modules/npm/node_modules/"
+d_st = posix.stat(base_path)
+if d_st then
+  for f in posix.files(base_path) do
+    path = base_path..f
+    st = posix.stat(path)
+    if st and st.type == "link" then
+      os.remove(path)
+    end
+  end
+end
+
+-- Replace the npm man directory with a symlink
+-- Drop this scriptlet when F31 is EOL
+path = "%{_prefix}/lib/node_modules/npm/man"
+st = posix.stat(path)
+if st and st.type == "directory" then
+  status = os.rename(path, path .. ".rpmmoved")
+  if not status then
+    suffix = 0
+    while not status do
+      suffix = suffix + 1
+      status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
+    end
+    os.rename(path, path .. ".rpmmoved")
+  end
+end


 %files
@ -570,17 +559,24 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/nod
 %dir %{_datadir}/systemtap/tapset
 %{_datadir}/systemtap/tapset/node.stp

+%if %{with bootstrap}
+# no dtrace
+%else
 %dir %{_usr}/lib/dtrace
 %{_usr}/lib/dtrace/node.d
+%endif

 %{_rpmconfigdir}/fileattrs/nodejs_native.attr
 %{_rpmconfigdir}/nodejs_native.req
 %license LICENSE
-%doc CHANGELOG.md onboarding.md GOVERNANCE.md README.md
+%doc AUTHORS CHANGELOG.md COLLABORATOR_GUIDE.md GOVERNANCE.md README.md
 %doc %{_mandir}/man1/node.1*


 %files devel
+%if %{?with_debug} == 1
+%{_bindir}/node_g
+%endif
 %{_includedir}/node
 %{_datadir}/node/common.gypi
 %{_pkgdocdir}/gdbinit
@ -596,6 +592,7 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/nod
 %{_bindir}/npx
 %{_prefix}/lib/node_modules/npm
 %config(noreplace) %{_sysconfdir}/npmrc
+%{_prefix}/etc/npmrc
 %ghost %{_sysconfdir}/npmignore
 %doc %{_mandir}/man1/npm*.1*
 %doc %{_mandir}/man1/npx.1*
@ -604,219 +601,73 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/nod
 %doc %{_mandir}/man5/npmrc.5*
 %doc %{_mandir}/man5/package-json.5*
 %doc %{_mandir}/man5/package-lock-json.5*
-%doc %{_mandir}/man5/npm-shrinkwrap-json.5*
-%doc %{_mandir}/man5/npm-global.5.*
-%doc %{_mandir}/man5/npm-json.5.*
+%doc %{_mandir}/man5/package-locks.5*
+%doc %{_mandir}/man5/shrinkwrap-json.5*
 %doc %{_mandir}/man7/config.7*
-%doc %{_mandir}/man7/dependency-selectors.7*
 %doc %{_mandir}/man7/developers.7*
-%doc %{_mandir}/man7/logging.7*
+%doc %{_mandir}/man7/disputes.7*
 %doc %{_mandir}/man7/orgs.7*
-%doc %{_mandir}/man7/package-spec.7*
 %doc %{_mandir}/man7/registry.7*
 %doc %{_mandir}/man7/removal.7*
 %doc %{_mandir}/man7/scope.7*
 %doc %{_mandir}/man7/scripts.7*
-%doc %{_mandir}/man7/workspaces.7*
+%doc %{_mandir}/man7/semver.7*


 %files docs
-%doc doc
 %dir %{_pkgdocdir}
 %{_pkgdocdir}/html
 %{_pkgdocdir}/npm/docs


 %changelog
-* Wed Aug 23 2023 Jan Staněk <jstanek@redhat.com> - 1:18.17.1-1
- Rebase to version 18.17.1
-  Resolves: rhbz#2228940
-  Resolves: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559
- Specify proper OpenSSL configuration section build
-  Related: rhbz#2226726
+* Wed Feb 24 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.24.0-1
+- Resolves: RHBZ#1932373, RHBZ#1932426
+- Resolves CVE-2021-22883 and CVE-2021-22884
+- remove -debug-nghttp2 flag (1930775)
+- remove ini patch merged upstream

-* Mon Jul 31 2023 Honza Horak <hhorak@redhat.com> - 1:18.16.1-2
- Fix segfault that happens when processing fips-related options
-  Resolves: BZ#2226726
-
-* Wed Jul 12 2023 Jan Staněk <jstanek@redhat.com> - 1:18.16.1-1
- Rebase to 18.16.1
-  Resolves: rhbz#2188292 rhbz#2187683
-  Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590
- Replace /usr/etc/npmrc symlink with builtin configuration
-  Resolves: rhbz#2222285
-
-* Tue May 30 2023 Jan Staněk <jstanek@redhat.com> - 1:18.14.2-3
- Update bundled c-ares to 1.19.1
-  Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067
-
-* Tue Mar 21 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.14.2-2
- Provide simduft
- Resolves: #2159389
-
-* Mon Mar 20 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.14.2-1
- Rebase to 18.14.2
- Resolves: #2159389
- Resolves: CVE-2022-25881, CVE-2022-4904, CVE-2023-23936, CVE-2023-24807
- Resolves: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920
-
-* Wed Nov 16 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.12.1-1
- Rebase + CVEs
- Resolves: #2142809
- Resolves: #2142830, #2142856
-
-* Sun Oct 09 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.10.0-3
- Resolves: #2111861
- Add proper sources for undici
-
-* Fri Oct 07 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.10.0-2
- Resolves: #2130565
- Add missing file
-
-* Thu Oct 06 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.10.0-1
- Update to latest release
- Resolves: #2130565
- Resolves #2111009, #2111861, #2132732
-
-* Fri Aug 26 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.8.0-1
- Update to latest release
- Resolves: RHBZ#2111009
- Provide undici and cjs-module-lexer + wasi-sdk sources
- Resolves: RBHZ#2111861
-
-* Mon Aug 08 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.7.0-1
- Update to latest release
- Resolves CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215
- Resolves CVE-2022-29244
- Resolves: RHBZ#2111009
-
-* Mon Jun 20 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.2.0-2
- Disable LTO
- Related: #1990096
- Build without python3 fixup by default
-
-* Tue May 31 2022 Jan Staněk <jstanek@redhat.com> - 1:18.2.0-1
- Rebase to version 18.2.0
-
-* Mon Apr 25 2022 Jan Staněk <jstanek@redhat.com> - 1:16.14.0-5
- Unify configure calls into single command
- Refactor bootstrap-related parts
- Decouple dependency bundling from bootstrapping
-
-* Mon Apr 11 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.14.0-4
- Apply lock file validation fixes
- Resolves: CVE-2021-43616
- Resolves: RHBZ#2070013
-
-* Mon Dec 06 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.13.1-3
- Resolves: RHBZ#2026329
- Add corepack to spec
-
-* Mon Dec 06 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.13.1-2
- Resolves: RHBZ#2026329
- Update npm version test
-
-* Thu Dec 02 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.13.1-1
- Resolves: RHBZ#2014132, RHBZ#2014126, RHBZ#2013828, RHBZ#2024920
- Resolves: RHBZ#2026329
- Rebase to LTS release and to fix multiple low and medium CVEs
-
-* Mon Sep 13 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.8.0-1
- Resolves CVE-2021-32803, CVE-2021-32804, CVE-2021-37701, CVE-2021-37712
- Resolves: RHBZ#1993948, RHBZ#1993941, RHBZ#2000151, RHBZ#2002176
-
-* Mon Aug 30 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.7.0-2
- Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939,
- CVE-2021-22940, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672
- Resolves: RHBZ#1988608, RHBZ#1993816, RHBZ#1993810
- Resolves: RHBZ#1993097, RHBZ#1993948, RHBZ#1993941, RHBZ#1994963
- fix python3 in gyp
-
-* Wed Aug 18 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.7.0-1
- Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939,
- CVE-2021-22940, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672
- Resolves: RHBZ#1988608, RHBZ#1993816, RHBZ#1993810
- Resolves: RHBZ#1993097, RHBZ#1993948, RHBZ#1993941, RHBZ#1994963
-
-* Fri Jul 09 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.4.2-1
- Resolves: RHBZ#1979847
- Resolves CVE-2021-22918(libuv)
- Use system cipher list(1842826, 1952915)
-
-* Tue May 11 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.1.0-1
- Resolves: RHBZ#1953991
- Rebase to v16.x
- Update version of gcc and gcc-c++ needed
- Remove libs conditionals
- Remove unused patches
- Bundle nghttp3 and ngtcp2
-
-* Mon Mar 01 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.16.0-2
- Resolves RHBZ#1930775
- remove --debug-nghttp2 option
-
-* Mon Mar 01 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.16.0-1
- Resolves CVE-2021-22883 CVE-2021-22884
- Resolves: RHBZ#1934566, RHBZ#1934599
- Rebase, remove ini patch
-
-* Tue Jan 26 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.4-2
- Add patch for yarn crash
- Resolves: RHBZ#1915296
-
-* Tue Jan 19 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.4-1
- Security rebase to 14.15.4
+* Mon Jan 18 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.23.1-1
+- January Security release
 - https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
- Resolves: RHBZ#1913001, RHBZ#1912953
- Resolves: RHBZ#1912636, RHBZ#1898602, RHBZ#1898768, RHBZ#1893987, RHBZ#1893184
+- Rebase to 10.23.1
+- Resolves: RHBZ#1916461, RHBZ#1914789
+- Resolves: RHBZ#1914783, RHBZ#1916462, RHBZ#1916395, RHBZ#1916459
+- Resolves: RHBZ#1916691, RHBZ#1916689, RHBZ#1916388
+- Remove dot-prop patch, as it is fixed by npm rebase

-* Thu Oct 29 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.0-1
- Resolves: RHBZ#1858864
- Update to LTS release
+* Tue Sep 22 2020 Jan Staněk <jstanek@redhat.com> - 1:10.22.1-1
+- Security rebase to 10.22.1

-* Mon Sep 21 2020 Jan Staněk <jstanek@redhat.com> - 1:14.11.0-1
- Security update to 14.11.0
+* Wed Jun 17 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-3
+- Resolves: RHBZ#1845307
+- Remove brotli-devel requires from nodejs-devel

-* Wed Jun 03 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.4.0-1
- Security update to 14.4.0
- Resolves: RHBZ#1815402
+* Tue Jun 16 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-2
+- Resolves: RHBZ#1845307
+- Turn off debug builds

-* Thu May 21 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.3.0-1
- Update to 14.3.0
- Fix optflags to save memory
- Resolves: RHBZ#1815402
+* Mon Jun 15 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-1
+- Security update to 10.21.0
+- Resolves: RHBZ#1845307
+- Fixes CVE-2020-11080, CVE-2020-8174, CVE-2020-10531
+- Bundle brotli, because --shared-brotli configure option is missing
+- Add i18n subpackage

-* Wed May 06 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.2.0-1
- Update to 14.2.0
- build with python3 only
- some clean up
+* Wed Mar 18 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.19.0-2
+- Resolves: RHBZ#1811499

-* Tue Mar 17 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.16.1-2
- Fix CVE-2020-10531
+* Mon Feb 10 2020 Jan Staněk <jstanek@redhat.com> - 1:10.19.0-1
+- Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606

-* Thu Feb 20 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.16.1-1
- Rebase to 12.16.1
-
-* Wed Jan 15 2020 Jan Staněk <jstanek@redhat.com> - 1:12.14.1-1
- Rebase to 12.14.1
-
-* Fri Nov 29 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.13.1-1
- Resolves: RHBZ# 1773503, update to 12.13.1
- minor clean up and sync with Fedora spec
- turn off debug builds
-
-* Thu Aug 01 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.4.0-2
- Add condition to libs
-
-* Wed Jun 12 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.4.0-1
- Update to v12.x
- Add v8-devel and libs subpackages from fedora
+* Tue Sep 10 2019 Jan Staněk <jstanek@redhat.com> - 1:10.16.3-1
+- Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518

 * Thu Mar 14 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.14.1-2
 - move nodejs-packaging BR out of conditional

 * Tue Dec 11 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.14.1-1
- Resolves RHBZ#1644207
+- Resolves: RHBZ#1644207
 - fixes node-gyp permissions
 - rebase

--- a/macros.nodejs
+++ b/macros.nodejs
@ -1,33 +0,0 @@
-# nodejs binary
-%__nodejs %{_bindir}/node
-
-# nodejs library directory
-%nodejs_sitelib %{_prefix}/lib/node_modules
-
-#arch specific library directory
-#for future-proofing only; we don't do multilib
-%nodejs_sitearch %{nodejs_sitelib}
-
-# currently installed nodejs version
-%nodejs_version %(%{__nodejs} -v | sed s/v//)
-
-# symlink dependencies so `npm link` works
-# this should be run in every module's %%install section
-# pass --check to work in the current directory instead of the buildroot
-# pass --no-devdeps to ignore devDependencies when --check is used
-%nodejs_symlink_deps %{_rpmconfigdir}/nodejs-symlink-deps %{nodejs_sitelib}
-
-# patch package.json to fix a dependency
-# see `man npm-json` for details on writing dependencies for package.json files
-# e.g. `%%nodejs_fixdep frobber` makes any version of frobber do
-#      `%%nodejs_fixdep frobber '>1.0'` requires frobber > 1.0
-#      `%%nodejs_fixdep -r frobber removes the frobber dep
-%nodejs_fixdep %{_rpmconfigdir}/nodejs-fixdep
-
-# macro to filter unwanted provides from Node.js binary native modules
-%nodejs_default_filter %{expand: \
-%global __provides_exclude_from ^%{nodejs_sitearch}/.*\\.node$
-}
-
-# no-op macro to allow spec compatibility with EPEL
-%nodejs_find_provides_and_requires %{nil}
--- a/nodejs-fips-disable-options.patch
+++ b/nodejs-fips-disable-options.patch
@ -1,20 +0,0 @@
-FIPS related options cause a segfault, let's end sooner
-
-Upstream report: https://github.com/nodejs/node/pull/48950
-RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726
-
-This patch makes the part of the code that processes cmd-line options for
-FIPS to end sooner before the code gets to the problematic part of the code.
-
-diff -up node-v18.16.1/src/crypto/crypto_util.cc.origfips node-v18.16.1/src/crypto/crypto_util.cc
--- node-v18.16.1/src/crypto/crypto_util.cc.origfips	2023-07-31 12:09:46.603683081 +0200
-+++ node-v18.16.1/src/crypto/crypto_util.cc	2023-07-31 12:16:16.906617914 +0200
-@@ -111,6 +111,8 @@ bool ProcessFipsOptions() {
-   /* Override FIPS settings in configuration file, if needed. */
-   if (per_process::cli_options->enable_fips_crypto ||
-       per_process::cli_options->force_fips_crypto) {
-+      fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n");
-+      return false;
- #if OPENSSL_VERSION_MAJOR >= 3
-     OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
-     if (fips_provider == nullptr)
--- a/2
+++ b/2
@ -1,2 +0,0 @@
-prefix=/usr/local
-python=/usr/bin/python3
--- a/npmrc.builtin.in
+++ b/npmrc.builtin.in
@ -1,5 +0,0 @@
-# This is the distibution-level configuration file for npm.
-# To configure NPM on a system level, use the globalconfig below (defaults to @SYSCONFDIR@/npmrc).
-# vim:set filetype=dosini:
-
-globalconfig=@SYSCONFDIR@/npmrc
--- a/5
+++ b/5
@ -1,5 +0,0 @@
-SHA512 (node-v18.17.1-stripped.tar.gz) = cdb879e3a9b5ac7a942092528ef63cddbbbfedde65f0228c8fdd15f5a18c96161db821dc2294447137ec9dd2c91fe5523d385ec35d6f9e7052b86aa92c411f46
-SHA512 (icu4c-73_1-src.zip) = 8f429cf0779742e20236a824d37151d57c94e0c9513a6d78dde30c09d1d45fce689355dfad9bd8429949b86979871efa8dfaefa3f43db46df521658a3b611595
-SHA512 (undici-5.22.1.tar.gz) = 07c9d76390ef5b986b312d313421e27fb0f25f2cea83ba8f1dfa56dd8a6f839b4f34440dc983922a97b1382c2a1aabbe9b1261cd0172d1676d341a0a5dd35f7d
-SHA512 (cjs-module-lexer-1.2.2.tar.gz) = 2c8e9caf2231ca7d61e71936305389774859aca9b5c86c63489c9a62a81f4736f99477c3f0cbb41077bb7924fdd23e0f24b7bce858e42fb0f87e7c0ffc87afeb
-SHA512 (wasi-sdk-11.0-linux.tar.gz) = e3ed4597f7f2290967eef6238e9046f60abbcb8633a4a2a51525d00e7393df8df637a98a5b668217d332dd44fcbf2442ec7efd5e65724e888d90611164451e20