diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000000000000000000000000000000000000..e62b0ec9ea88ad2b58f897e785b35615948f1057
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,2 @@
+*.tar.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
diff --git a/.lfsconfig b/.lfsconfig
new file mode 100644
index 0000000000000000000000000000000000000000..457fadee85b2126043aadb4425358247eb0ff621
--- /dev/null
+++ b/.lfsconfig
@@ -0,0 +1,2 @@
+[lfs]
+    url = https://artlfs.openeuler.openatom.cn/src-openEuler/nodejs
diff --git a/CVE-2024-5535.patch b/CVE-2024-5535.patch
deleted file mode 100644
index 138abc7d33e5f3da853455fcad39cd796d9c0c2a..0000000000000000000000000000000000000000
--- a/CVE-2024-5535.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-From 177b1485da2fc0130dc549abb227320b4463797c Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Fri, 3 Jan 2025 16:37:37 +0800
-Subject: [PATCH] Fix SSL_select_next_proto
-
----
- deps/openssl/openssl/ssl/ssl_lib.c | 63 +++++++++++++++++++-----------
- 1 file changed, 40 insertions(+), 23 deletions(-)
-
-diff --git a/deps/openssl/openssl/ssl/ssl_lib.c b/deps/openssl/openssl/ssl/ssl_lib.c
-index 20ddf8d2..4f69117b 100644
---- a/deps/openssl/openssl/ssl/ssl_lib.c
-+++ b/deps/openssl/openssl/ssl/ssl_lib.c
-@@ -3037,37 +3037,54 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
-                           unsigned int server_len,
-                           const unsigned char *client, unsigned int client_len)
- {
--    unsigned int i, j;
--    const unsigned char *result;
--    int status = OPENSSL_NPN_UNSUPPORTED;
-+    PACKET cpkt, csubpkt, spkt, ssubpkt;
-+
-+    if (!PACKET_buf_init(&cpkt, client, client_len)
-+            || !PACKET_get_length_prefixed_1(&cpkt, &csubpkt)
-+	    || PACKET_remaining(&csubpkt) == 0) {
-+        *out = NULL;
-+	*outlen = 0;
-+	return OPENSSL_NPN_NO_OVERLAP;
-+    }
-+
-+    /*
-+     * Set the default opportunistic protocol. Will be overwritten if we find
-+     * a match.
-+     */
-+    *out = (unsigned char *)PACKET_data(&csubpkt);
-+    *outlen = (unsigned char)PACKET_remaining(&csubpkt);
- 
-     /*
-      * For each protocol in server preference order, see if we support it.
-      */
--    for (i = 0; i < server_len;) {
--        for (j = 0; j < client_len;) {
--            if (server[i] == client[j] &&
--                memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
--                /* We found a match */
--                result = &server[i];
--                status = OPENSSL_NPN_NEGOTIATED;
--                goto found;
-+    if (PACKET_buf_init(&spkt, server, server_len)) {
-+        while (PACKET_get_length_prefixed_1(&spkt, &ssubpkt)) {
-+            if (PACKET_remaining(&ssubpkt) == 0)
-+                continue; /* Invalid - ignore it */
-+            if (PACKET_buf_init(&cpkt, client, client_len)) {
-+                while (PACKET_get_length_prefixed_1(&cpkt, &csubpkt)) {
-+                    if (PACKET_equal(&csubpkt, PACKET_data(&ssubpkt),
-+                                     PACKET_remaining(&ssubpkt))) {
-+                        /* We found a match */
-+                        *out = (unsigned char *)PACKET_data(&ssubpkt);
-+                        *outlen = (unsigned char)PACKET_remaining(&ssubpkt);
-+                        return OPENSSL_NPN_NEGOTIATED;
-+                    }
-+                }
-+                /* Ignore spurious trailing bytes in the client list */
-+            } else {
-+                /* This should never happen */
-+                return OPENSSL_NPN_NO_OVERLAP;
-             }
--            j += client[j];
--            j++;
-         }
--        i += server[i];
--        i++;
-+        /* Ignore spurious trailing bytes in the server list */
-     }
- 
--    /* There's no overlap between our protocols and the server's list. */
--    result = client;
--    status = OPENSSL_NPN_NO_OVERLAP;
--
-- found:
--    *out = (unsigned char *)result + 1;
--    *outlen = result[0];
--    return status;
-+    /*
-+     * There's no overlap between our protocols and the server's list. We use
-+     * the default opportunistic protocol selected earlier
-+     */
-+    return OPENSSL_NPN_NO_OVERLAP;
- }
- 
- #ifndef OPENSSL_NO_NEXTPROTONEG
--- 
-2.43.0
-
diff --git a/icu4c-74_2-data-bin-l.zip b/icu4c-74_2-data-bin-l.zip
deleted file mode 100644
index 2b2ccc8d44391248adbf028159e8fc81c1166944..0000000000000000000000000000000000000000
Binary files a/icu4c-74_2-data-bin-l.zip and /dev/null differ
diff --git a/icu4c-75_1-data-bin-l.zip b/icu4c-75_1-data-bin-l.zip
new file mode 100644
index 0000000000000000000000000000000000000000..164655df88d315370f16dd25be8df041af1f0ba3
--- /dev/null
+++ b/icu4c-75_1-data-bin-l.zip
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:593c2c0059108eda0ec0bd37b3d643d906599cfee451a3c5077921d77e485bdb
+size 12159013
diff --git a/node-v20.12.1.tar.xz b/node-v20.12.1.tar.xz
deleted file mode 100644
index ecf2218c091d92eee7fc47219d52aeaa511b0380..0000000000000000000000000000000000000000
Binary files a/node-v20.12.1.tar.xz and /dev/null differ
diff --git a/node-v20.18.2.tar.xz b/node-v20.18.2.tar.xz
new file mode 100644
index 0000000000000000000000000000000000000000..71461f28fbac687442d53e37eb89ae361e77a3ec
--- /dev/null
+++ b/node-v20.18.2.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:69bf81b70f3a95ae0763459f02860c282d7e3a47567c8afaf126cc778176a882
+size 41933624
diff --git a/nodejs.spec b/nodejs.spec
index f262156f247769903a0728c5118dd8fcbe92d5b0..48a8ee2bebf8dbbda0559b0be2df02bafbd726e7 100644
--- a/nodejs.spec
+++ b/nodejs.spec
@@ -1,9 +1,9 @@
-%global baserelease 3
+%global baserelease 1
 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
 %global nodejs_epoch 1
 %global nodejs_major 20
-%global nodejs_minor 12
-%global nodejs_patch 1
+%global nodejs_minor 18
+%global nodejs_patch 2
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 %global nodejs_soversion 115
 %global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}
@@ -17,24 +17,22 @@
 %global v8_abi %{v8_major}.%{v8_minor}
 %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}
 %global v8_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
-%global c_ares_major 1
-%global c_ares_minor 27
-%global c_ares_patch 0
-%global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch}
-%global llhttp_major 8
-%global llhttp_minor 1
-%global llhttp_patch 2
-%global llhttp_version %{llhttp_major}.%{llhttp_minor}.%{llhttp_patch}
-%global libuv_major 1
-%global libuv_minor 46
-%global libuv_patch 0
-%global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch}
-%global nghttp2_major 1
-%global nghttp2_minor 60
-%global nghttp2_patch 0
-%global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch}
-%global icu_major 74
-%global icu_minor 2
+
+# c-ares - from deps/cares/include/ares_version.h
+# https://github.com/nodejs/node/pull/9332
+%global c_ares_version 1.33.1
+
+# llhttp - from deps/llhttp/include/llhttp.h
+%global llhttp_version 8.1.2
+
+# libuv - from deps/uv/include/uv/version.h
+%global libuv_version 1.46.0
+
+# nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
+%global nghttp2_version 1.61.0
+
+%global icu_major 75
+%global icu_minor 1
 %global icu_version %{icu_major}.%{icu_minor}
 %global icudatadir %{nodejs_datadir}/icudata
 %{!?little_endian: %global little_endian %(%{__python3} -c "import sys;print (0 if sys.byteorder=='big' else 1)")}
@@ -42,25 +40,20 @@
 %global openssl_minimum 1:1.1.1
 # OpenSSL3
 %global openssl3_minimum 1:3.0.2
-%global punycode_major 2
-%global punycode_minor 1
-%global punycode_patch 0
-%global punycode_version %{punycode_major}.%{punycode_minor}.%{punycode_patch}
+%global punycode_version 2.1.0
 %global npm_epoch 1
-%global npm_major 10
-%global npm_minor 5
-%global npm_patch 0
-%global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}
-%global uvwasi_major 0
-%global uvwasi_minor 0
-%global uvwasi_patch 20
-%global uvwasi_version %{uvwasi_major}.%{uvwasi_minor}.%{uvwasi_patch}
-%global histogram_major 0
-%global histogram_minor 9
-%global histogram_patch 7
-%global histogram_version %{histogram_major}.%{histogram_minor}.%{histogram_patch}
+%global npm_version 10.8.2
 %global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
 
+# uvwasi - from deps/uvwasi/include/uvwasi.h
+%global uvwasi_version 0.0.21
+
+# histogram_c - assumed from timestamps
+%global histogram_version 0.9.7
+
+# simdutf from deps/simdutf/simdutf.h
+%global simdutf_version 5.5.0
+
 # dtrace is not supported on Node.js 19+
 %global dtrace_configure %{nil}
 
@@ -82,8 +75,7 @@ Source4: nodejs_native.attr
 Patch0: 0001-Use-system-uv-zlib.patch
 Patch1: CVE-2023-45853.patch
 Patch2: CVE-2024-5274.patch
-Patch3: CVE-2024-5535.patch
-Patch4: CVE-2024-7971.patch
+Patch3: CVE-2024-7971.patch
 
 BuildRequires: python3-devel python3-setuptools  make
 BuildRequires: zlib-devel python3-jinja2
@@ -100,6 +92,7 @@ Requires: libuv >= 1:%{libuv_version}
 
 Provides: bundled(nghttp2) = %{nghttp2_version}
 Provides: bundled(llhttp) = %{llhttp_version}
+Provides: bundled(simdutf) = %{simdutf_version}
 
 BuildRequires: openssl-devel >= %{openssl_minimum}
 Requires: openssl >= %{openssl_minimum}
@@ -413,6 +406,11 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/nod
 %{_pkgdocdir}/npm/docs
 
 %changelog
+* Thu Jan 23 2025 wangkai <13474090681@163.com> - 1:20.18.2-1
+- Update to 20.18.2
+- Fix CVE-2025-23083 CVE-2025-23085 CVE-2025-23084 CVE-2024-36137
+  CVE-2024-22018 CVE-2024-22020
+
 * Mon Jan 06 2025 Ge Wang <wang__ge@126.com> - 1:20.12.1-3
 - CVE-2023-45853 - Reject overflows of zip header fields in minizip
 - CVE-2024-5274 - Using FunctionParsingScope for parsing class static