diff --git a/0001-Disable-running-gyp-on-shared-deps.patch b/0001-Disable-running-gyp-on-shared-deps.patch
index 6d662d3413c3a010b12aecef075d9c822af89a8f..d2f02224025e876e17fbfcdee2d4ebdf452debea 100644
--- a/0001-Disable-running-gyp-on-shared-deps.patch
+++ b/0001-Disable-running-gyp-on-shared-deps.patch
@@ -1,25 +1,25 @@
-From 0da4decd64a9cbfcf75b2697c722cd6fc82a164d Mon Sep 17 00:00:00 2001
+From 298230f850d45b805e79ab8d1888b1c6c7667335 Mon Sep 17 00:00:00 2001
 From: Zuzana Svetlikova <zsvetlik@redhat.com>
-Date: Fri, 17 Apr 2020 12:59:44 +0200
-Subject: [PATCH] 0001
+Date: Thu, 23 Sep 2021 11:32:58 +0800
+Subject: [PATCH] Disable running gyp on shared deps
 
 ---
  Makefile | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/Makefile b/Makefile
-index 88166da2a8..f0637b6c78 100644
+index 25dd8b3e..36dd400d 100644
 --- a/Makefile
 +++ b/Makefile
-@@ -141,7 +141,7 @@ test-code-cache: with-code-cache
- 	echo "'test-code-cache' target is a noop"
+@@ -143,7 +143,7 @@ with-code-cache test-code-cache:
+ 	$(warning '$@' target is a noop)
  
  out/Makefile: config.gypi common.gypi node.gyp \
--	deps/uv/uv.gyp deps/http_parser/http_parser.gyp deps/zlib/zlib.gyp \
-+	deps/http_parser/http_parser.gyp \
+-	deps/uv/uv.gyp deps/llhttp/llhttp.gyp deps/zlib/zlib.gyp \
++	deps/llhttp/llhttp.gyp \
  	tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
  	tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
  	$(PYTHON) tools/gyp_node.py -f make
 -- 
-2.25.2
+2.30.0
 
diff --git a/0002-Install-both-binaries-and-use-libdir.patch b/0002-Install-both-binaries-and-use-libdir.patch
index c0613bf6bf3e456f3f070c3b1833c70297a72703..d04dbd721c5a516db3c55a166b4aac4c0e92adc8 100644
--- a/0002-Install-both-binaries-and-use-libdir.patch
+++ b/0002-Install-both-binaries-and-use-libdir.patch
@@ -16,17 +16,17 @@ diff --git a/configure.py b/configure.py
 index 6537a62d3954d83927c698db3fb80c9fc05faba7..b9a894bec9e5fd954004bcb423822ca984066dc5 100755
 --- a/configure.py
 +++ b/configure.py
-@@ -571,6 +571,12 @@ parser.add_option('--shared',
+@@ -571,6 +571,12 @@ parser.add_argument('--shared',
      help='compile shared library for embedding node in another project. ' +
           '(This mode is not officially supported for regular applications)')
  
-+parser.add_option('--libdir',
++parser.add_argument('--libdir',
 +    action='store',
 +    dest='libdir',
 +    default='lib',
 +    help='a directory to install the shared library into')
 +
- parser.add_option('--without-v8-platform',
+ parser.add_argument('--without-v8-platform',
      action='store_true',
      dest='without_v8_platform',
 @@ -1105,6 +1111,7 @@ def configure_node(o):
@@ -41,7 +41,7 @@ diff --git a/tools/install.py b/tools/install.py
 index 655802980a6ea94d1d4ca1dc63c8c8e905fbb83a..fe4723bf15012c8aacacb0393dc8294c049b0503 100755
 --- a/tools/install.py
 +++ b/tools/install.py
-@@ -121,26 +121,23 @@ def subdir_files(path, dest, action):
+@@ -121,22 +121,19 @@ def subdir_files(path, dest, action):
  
  def files(action):
    is_windows = sys.platform == 'win32'
@@ -60,16 +60,8 @@ index 655802980a6ea94d1d4ca1dc63c8c8e905fbb83a..fe4723bf15012c8aacacb0393dc8294c
 -      output_file += '.dll'
 -    else:
 -      output_file = 'lib' + output_file + '.' + variables.get('shlib_suffix')
--      # GYP will output to lib.target except on OS X, this is hardcoded
--      # in its source - see the _InstallableTargetInstallPath function.
--      if sys.platform != 'darwin':
--        output_prefix += 'lib.target/'
 +    output_bin = 'node'
 +    output_lib = 'libnode.' + variables.get('shlib_suffix')
-+    # GYP will output to lib.target except on OS X, this is hardcoded
-+    # in its source - see the _InstallableTargetInstallPath function.
-+    if sys.platform != 'darwin':
-+      output_libprefix += 'lib.target/'
  
 -  if 'false' == variables.get('node_shared'):
 -    action([output_prefix + output_file], 'bin/' + output_file)
diff --git a/0003-Modify-openEuler-aarch64-v8_os_page_size-to-64.patch b/0003-Modify-openEuler-aarch64-v8_os_page_size-to-64.patch
index 5542230fd65fbd3e76f42d8d424abc91dd6d9497..5a63cba866562361135eaa05f16e9e5d0f5bcce9 100644
--- a/0003-Modify-openEuler-aarch64-v8_os_page_size-to-64.patch
+++ b/0003-Modify-openEuler-aarch64-v8_os_page_size-to-64.patch
@@ -11,15 +11,17 @@ diff --git a/deps/v8/src/flags/flag-definitions.h b/deps/v8/src/flags/flag-defin
 index c7c07e6d..38a035e2 100644
 --- a/deps/v8/src/flags/flag-definitions.h
 +++ b/deps/v8/src/flags/flag-definitions.h
+DEFINE_BOOL(always_compact, false, "Perform compaction on every full GC")
+DEFINE_BOOL(never_compact, false,
 @@ -917,7 +917,7 @@ DEFINE_BOOL(memory_reducer_for_small_heaps, true,
              "use memory reducer for small heaps")
  DEFINE_INT(heap_growing_percent, 0,
             "specifies heap growing factor as (1 + heap_growing_percent/100)")
 -DEFINE_INT(v8_os_page_size, 0, "override OS page size (in KBytes)")
 +DEFINE_INT(v8_os_page_size, 64, "override OS page size (in KBytes)")
+ DEFINE_BOOL(allocation_buffer_parking, true, "allocation buffer parking")
  DEFINE_BOOL(always_compact, false, "Perform compaction on every full GC")
  DEFINE_BOOL(never_compact, false,
-             "Never perform compaction on full GC - testing only")
 -- 
 2.23.0
 
diff --git a/0004-Make-AARCH64-compile-on-64KB-physical-pages.patch b/0004-Make-AARCH64-compile-on-64KB-physical-pages.patch
index c276904fc92112e3f7a921c3b9798990a8cfd29e..787b23fff1b7180d6799b9c75072e0b3878b9c65 100644
--- a/0004-Make-AARCH64-compile-on-64KB-physical-pages.patch
+++ b/0004-Make-AARCH64-compile-on-64KB-physical-pages.patch
@@ -11,15 +11,16 @@ diff --git a/deps/v8/src/base/build_config.h b/deps/v8/src/base/build_config.h
 index f430082..098e36f 100644
 --- a/deps/v8/src/base/build_config.h
 +++ b/deps/v8/src/base/build_config.h
+#elif defined(ENABLE_HUGEPAGE)
 @@ -202,7 +202,7 @@
- #endif
+     V8_TARGET_ARCH_STORES_RETURN_ADDRESS_ON_STACK ? 1 : 0;
  
  // Number of bits to represent the page size for paged spaces.
 -#if defined(V8_TARGET_ARCH_PPC) || defined(V8_TARGET_ARCH_PPC64)
 +#if defined(V8_TARGET_ARCH_PPC) || defined(V8_TARGET_ARCH_PPC64) || defined(V8_TARGET_ARCH_ARM64)
  // PPC has large (64KB) physical pages.
  const int kPageSizeBits = 19;
- #else
+ #elif defined(ENABLE_HUGEPAGE)
 -- 
 2.23.0
 
diff --git a/0005-use-getauxval-in-node_main_cc.patch b/0005-use-getauxval-in-node_main_cc.patch
deleted file mode 100644
index b1c67ae33dbff030bee6144477fb5ffa8ba797aa..0000000000000000000000000000000000000000
--- a/0005-use-getauxval-in-node_main_cc.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 7232c2a1604d241ce0455d919ba9b0b8e9959f81 Mon Sep 17 00:00:00 2001
-From: Daniel Bevenius <daniel.bevenius@gmail.com>
-Date: Tue, 2 Jun 2020 05:33:25 +0200
-Subject: [PATCH] src: use getauxval in node_main.cc
-
-This commit suggests using getauxval in node_main.cc.
-
-The motivation for this is that getauxval was introduced in glibc 2.16
-and looking at BUILDING.md, in the 'Platform list' section, it looks
-like we now support glibc >= 2.17 and perhaps this change would be
-alright now.
-
-PR-URL: https://github.com/nodejs/node/pull/33693
-Refs: https://github.com/nodejs/node/pull/12548
-Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
-Reviewed-By: David Carlier <devnexen@gmail.com>
-Reviewed-By: Anna Henningsen <anna@addaleax.net>
-Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
-Reviewed-By: James M Snell <jasnell@gmail.com>
----
- src/node_main.cc | 18 ++----------------
- 1 file changed, 2 insertions(+), 16 deletions(-)
-
-diff --git a/src/node_main.cc b/src/node_main.cc
-index 9f4ea22d12c6..6bac10759325 100644
---- a/src/node_main.cc
-+++ b/src/node_main.cc
-@@ -89,13 +89,7 @@ int wmain(int argc, wchar_t* wargv[]) {
- #else
- // UNIX
- #ifdef __linux__
--#include <elf.h>
--#ifdef __LP64__
--#define Elf_auxv_t Elf64_auxv_t
--#else
--#define Elf_auxv_t Elf32_auxv_t
--#endif  // __LP64__
--extern char** environ;
-+#include <sys/auxv.h>
- #endif  // __linux__
- #if defined(__POSIX__) && defined(NODE_SHARED_MODE)
- #include <string.h>
-@@ -124,15 +118,7 @@ int main(int argc, char* argv[]) {
- #endif
- 
- #if defined(__linux__)
--  char** envp = environ;
--  while (*envp++ != nullptr) {}
--  Elf_auxv_t* auxv = reinterpret_cast<Elf_auxv_t*>(envp);
--  for (; auxv->a_type != AT_NULL; auxv++) {
--    if (auxv->a_type == AT_SECURE) {
--      node::per_process::linux_at_secure = auxv->a_un.a_val;
--      break;
--    }
--  }
-+  node::per_process::linux_at_secure = getauxval(AT_SECURE);
- #endif
-   // Disable stdio buffering, it interacts poorly with printf()
-   // calls elsewhere in the program (e.g., any logging from V8.)
-
diff --git a/CVE-2020-8265.patch b/CVE-2020-8265.patch
deleted file mode 100644
index 534550e3ec19ae3d97390a5af9e1dff98a20872b..0000000000000000000000000000000000000000
--- a/CVE-2020-8265.patch
+++ /dev/null
@@ -1,164 +0,0 @@
-From 5b00de7d67a1372aa342115ad28edd3f78268bb6 Mon Sep 17 00:00:00 2001
-From: James M Snell <jasnell@gmail.com>
-Date: Thu, 12 Nov 2020 12:34:33 -0800
-Subject: [PATCH] src: retain pointers to WriteWrap/ShutdownWrap
-
-Avoids potential use-after-free when wrap req's are synchronously
-destroyed.
-
-CVE-ID: CVE-2020-8265
-Fixes: https://github.com/nodejs-private/node-private/issues/227
-PR-URL: https://github.com/nodejs-private/node-private/pull/230
-Refs: https://hackerone.com/bugs?subject=nodejs&report_id=988103
-Reviewed-By: Anna Henningsen <anna@addaleax.net>
-Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
-Reviewed-By: Rich Trott <rtrott@gmail.com>
-Reference: https://github.com/nodejs/node/commit/5b00de7d67a1372aa342115ad28edd3f78268bb6
----
- src/stream_base-inl.h                         | 11 +++-
- src/stream_base.cc                            |  2 +-
- src/stream_base.h                             |  1 +
- .../test-tls-use-after-free-regression.js     | 58 +++++++++++++++++++
- 4 files changed, 68 insertions(+), 4 deletions(-)
- create mode 100644 test/parallel/test-tls-use-after-free-regression.js
-
-diff --git a/src/stream_base-inl.h b/src/stream_base-inl.h
-index dd80683af10..1603a2fb2e0 100644
---- a/src/stream_base-inl.h
-+++ b/src/stream_base-inl.h
-@@ -163,8 +163,11 @@ inline int StreamBase::Shutdown(v8::Local<v8::Object> req_wrap_obj) {
-     StreamReq::ResetObject(req_wrap_obj);
-   }
- 
-+  BaseObjectPtr<AsyncWrap> req_wrap_ptr;
-   AsyncHooks::DefaultTriggerAsyncIdScope trigger_scope(GetAsyncWrap());
-   ShutdownWrap* req_wrap = CreateShutdownWrap(req_wrap_obj);
-+  if (req_wrap != nullptr)
-+    req_wrap_ptr.reset(req_wrap->GetAsyncWrap());
-   int err = DoShutdown(req_wrap);
- 
-   if (err != 0 && req_wrap != nullptr) {
-@@ -198,7 +201,7 @@ inline StreamWriteResult StreamBase::Write(
-   if (send_handle == nullptr) {
-     err = DoTryWrite(&bufs, &count);
-     if (err != 0 || count == 0) {
--      return StreamWriteResult { false, err, nullptr, total_bytes };
-+      return StreamWriteResult { false, err, nullptr, total_bytes, {} };
-     }
-   }
- 
-@@ -208,13 +211,14 @@ inline StreamWriteResult StreamBase::Write(
-     if (!env->write_wrap_template()
-              ->NewInstance(env->context())
-              .ToLocal(&req_wrap_obj)) {
--      return StreamWriteResult { false, UV_EBUSY, nullptr, 0 };
-+      return StreamWriteResult { false, UV_EBUSY, nullptr, 0, {} };
-     }
-     StreamReq::ResetObject(req_wrap_obj);
-   }
- 
-   AsyncHooks::DefaultTriggerAsyncIdScope trigger_scope(GetAsyncWrap());
-   WriteWrap* req_wrap = CreateWriteWrap(req_wrap_obj);
-+  BaseObjectPtr<AsyncWrap> req_wrap_ptr(req_wrap->GetAsyncWrap());
- 
-   err = DoWrite(req_wrap, bufs, count, send_handle);
-   bool async = err == 0;
-@@ -232,7 +236,8 @@ inline StreamWriteResult StreamBase::Write(
-     ClearError();
-   }
- 
--  return StreamWriteResult { async, err, req_wrap, total_bytes };
-+  return StreamWriteResult {
-+      async, err, req_wrap, total_bytes, std::move(req_wrap_ptr) };
- }
- 
- template <typename OtherBase>
-diff --git a/src/stream_base.cc b/src/stream_base.cc
-index 516f57e40bf..06032e2c096 100644
---- a/src/stream_base.cc
-+++ b/src/stream_base.cc
-@@ -259,7 +259,7 @@ int StreamBase::WriteString(const FunctionCallbackInfo<Value>& args) {
- 
-     // Immediate failure or success
-     if (err != 0 || count == 0) {
--      SetWriteResult(StreamWriteResult { false, err, nullptr, data_size });
-+      SetWriteResult(StreamWriteResult { false, err, nullptr, data_size, {} });
-       return err;
-     }
- 
-diff --git a/src/stream_base.h b/src/stream_base.h
-index eb75fdc8339..fafd327d75d 100644
---- a/src/stream_base.h
-+++ b/src/stream_base.h
-@@ -24,6 +24,7 @@ struct StreamWriteResult {
-   int err;
-   WriteWrap* wrap;
-   size_t bytes;
-+  BaseObjectPtr<AsyncWrap> wrap_obj;
- };
- 
- using JSMethodFunction = void(const v8::FunctionCallbackInfo<v8::Value>& args);
-diff --git a/test/parallel/test-tls-use-after-free-regression.js b/test/parallel/test-tls-use-after-free-regression.js
-new file mode 100644
-index 00000000000..51835fc0339
---- /dev/null
-+++ b/test/parallel/test-tls-use-after-free-regression.js
-@@ -0,0 +1,58 @@
-+'use strict';
-+
-+const common = require('../common');
-+
-+if (!common.hasCrypto)
-+  common.skip('missing crypto');
-+
-+const https = require('https');
-+const tls = require('tls');
-+
-+const kMessage =
-+  'GET / HTTP/1.1\r\nHost: localhost\r\nConnection: Keep-alive\r\n\r\n';
-+
-+const key = `-----BEGIN EC PARAMETERS-----
-+BggqhkjOPQMBBw==
-+-----END EC PARAMETERS-----
-+-----BEGIN EC PRIVATE KEY-----
-+MHcCAQEEIDKfHHbiJMdu2STyHL11fWC7psMY19/gUNpsUpkwgGACoAoGCCqGSM49
-+AwEHoUQDQgAEItqm+pYj3Ca8bi5mBs+H8xSMxuW2JNn4I+kw3aREsetLk8pn3o81
-+PWBiTdSZrGBGQSy+UAlQvYeE6Z/QXQk8aw==
-+-----END EC PRIVATE KEY-----`;
-+
-+const cert = `-----BEGIN CERTIFICATE-----
-+MIIBhjCCASsCFDJU1tCo88NYU//pE+DQKO9hUDsFMAoGCCqGSM49BAMCMEUxCzAJ
-+BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
-+dCBXaWRnaXRzIFB0eSBMdGQwHhcNMjAwOTIyMDg1NDU5WhcNNDgwMjA3MDg1NDU5
-+WjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwY
-+SW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
-+QgAEItqm+pYj3Ca8bi5mBs+H8xSMxuW2JNn4I+kw3aREsetLk8pn3o81PWBiTdSZ
-+rGBGQSy+UAlQvYeE6Z/QXQk8azAKBggqhkjOPQQDAgNJADBGAiEA7Bdn4F87KqIe
-+Y/ABy/XIXXpFUb2nyv3zV7POQi2lPcECIQC3UWLmfiedpiIKsf9YRIyO0uEood7+
-+glj2R1NNr1X68w==
-+-----END CERTIFICATE-----`;
-+
-+const server = https.createServer(
-+  { key, cert },
-+  common.mustCall((req, res) => {
-+    res.writeHead(200);
-+    res.end('boom goes the dynamite\n');
-+  }, 3));
-+
-+server.listen(0, common.mustCall(() => {
-+  const socket =
-+    tls.connect(
-+      server.address().port,
-+      'localhost',
-+      { rejectUnauthorized: false },
-+      common.mustCall(() => {
-+        socket.write(kMessage);
-+        socket.write(kMessage);
-+        socket.write(kMessage);
-+      }));
-+
-+  socket.on('data', common.mustCall(() => socket.destroy()));
-+  socket.on('close', () => {
-+    setImmediate(() => server.close());
-+  });
-+}));
diff --git a/CVE-2020-8287-1.patch b/CVE-2020-8287-1.patch
deleted file mode 100644
index 3761c94220efdbe4357ff1f5fe0cc83b49eb07ee..0000000000000000000000000000000000000000
--- a/CVE-2020-8287-1.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From 92d430917a63a567bb528100371263c46e50ee4a Mon Sep 17 00:00:00 2001
-From: Fedor Indutny <fedor@indutny.com>
-Date: Wed, 18 Nov 2020 20:50:21 -0800
-Subject: [PATCH] http: unset `F_CHUNKED` on new `Transfer-Encoding`
-
-Duplicate `Transfer-Encoding` header should be a treated as a single,
-but with original header values concatenated with a comma separator. In
-the light of this, even if the past `Transfer-Encoding` ended with
-`chunked`, we should be not let the `F_CHUNKED` to leak into the next
-header, because mere presence of another header indicates that `chunked`
-is not the last transfer-encoding token.
-
-CVE-ID: CVE-2020-8287
-PR-URL: https://github.com/nodejs-private/node-private/pull/236
-Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
-Reference: https://github.com/nodejs/node/commit/92d430917a63a567bb528100371263c46e50ee4a
----
- deps/http_parser/http_parser.c |  7 +++++++
- deps/http_parser/test.c        | 26 ++++++++++++++++++++++++++
- 2 files changed, 33 insertions(+)
-
-diff --git a/deps/http_parser/http_parser.c b/deps/http_parser/http_parser.c
-index 0f76b6a..5cc951a 100644
---- a/deps/http_parser/http_parser.c
-+++ b/deps/http_parser/http_parser.c
-@@ -1339,6 +1339,13 @@ reexecute:
-               } else if (parser->index == sizeof(TRANSFER_ENCODING)-2) {
-                 parser->header_state = h_transfer_encoding;
-                 parser->flags |= F_TRANSFER_ENCODING;
-+
-+		/* Multiple `Transfer-Encoding` headers should be treated as
-+                 * one, but with values separate by a comma.
-+                 *
-+                 * See: https://tools.ietf.org/html/rfc7230#section-3.2.2
-+                 */
-+                parser->flags &= ~F_CHUNKED;
-               }
-               break;
- 
-diff --git a/deps/http_parser/test.c b/deps/http_parser/test.c
-index c979467..f185c56 100644
---- a/deps/http_parser/test.c
-+++ b/deps/http_parser/test.c
-@@ -2045,6 +2045,32 @@ const struct message responses[] =
-   ,.body= "2\r\nOK\r\n0\r\n\r\n"
-   ,.num_chunks_complete= 0
-   }
-+#define HTTP_200_DUPLICATE_TE_NOT_LAST_CHUNKED 30
-+, {.name= "HTTP 200 response with `chunked` and duplicate Transfer-Encoding"
-+  ,.type= HTTP_RESPONSE
-+  ,.raw= "HTTP/1.1 200 OK\r\n"
-+         "Transfer-Encoding: chunked\r\n"
-+         "Transfer-Encoding: identity\r\n"
-+         "\r\n"
-+         "2\r\n"
-+         "OK\r\n"
-+         "0\r\n"
-+         "\r\n"
-+  ,.should_keep_alive= FALSE
-+  ,.message_complete_on_eof= TRUE
-+  ,.http_major= 1
-+  ,.http_minor= 1
-+  ,.status_code= 200
-+  ,.response_status= "OK"
-+  ,.content_length= -1
-+  ,.num_headers= 2
-+  ,.headers=
-+    { { "Transfer-Encoding", "chunked" }
-+    , { "Transfer-Encoding", "identity" }
-+    }
-+  ,.body= "2\r\nOK\r\n0\r\n\r\n"
-+  ,.num_chunks_complete= 0
-+  }
- };
- 
- /* strnlen() is a POSIX.2008 addition. Can't rely on it being available so
--- 
-2.23.0
-
diff --git a/CVE-2020-8287-2.patch b/CVE-2020-8287-2.patch
deleted file mode 100644
index e88984e2414c599c7ead781e9ef30bb6d89aabef..0000000000000000000000000000000000000000
--- a/CVE-2020-8287-2.patch
+++ /dev/null
@@ -1,151 +0,0 @@
-From 420244e4d9ca6de2612e7f503f5c87e448fbc14b Mon Sep 17 00:00:00 2001
-From: Matteo Collina <hello@matteocollina.com>
-Date: Thu, 22 Oct 2020 14:10:51 +0200
-Subject: [PATCH] http: unset `F_CHUNKED` on new `Transfer-Encoding`
-
-Duplicate `Transfer-Encoding` header should be a treated as a single,
-but with original header values concatenated with a comma separator. In
-the light of this, even if the past `Transfer-Encoding` ended with
-`chunked`, we should be not let the `F_CHUNKED` to leak into the next
-header, because mere presence of another header indicates that `chunked`
-is not the last transfer-encoding token.
-
-Ref: https://github.com/nodejs-private/llhttp-private/pull/3
-See: https://hackerone.com/bugs?report_id=1002188&subject=nodejs
-
-CVE-ID: CVE-2020-8287
-PR-URL: https://github.com/nodejs-private/node-private/pull/236
-Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
-Reference: https://github.com/nodejs/node/commit/420244e4d9ca6de2612e7f503f5c87e448fbc14b
----
- deps/llhttp/src/llhttp.c                      | 36 ++++++++++++++-
- .../test-http-transfer-encoding-smuggling.js  | 46 +++++++++++++++++++
- 2 files changed, 80 insertions(+), 2 deletions(-)
- create mode 100644 test/parallel/test-http-transfer-encoding-smuggling.js
-
-diff --git a/deps/llhttp/src/llhttp.c b/deps/llhttp/src/llhttp.c
-index acc35479f88..3019c410963 100644
---- a/deps/llhttp/src/llhttp.c
-+++ b/deps/llhttp/src/llhttp.c
-@@ -813,6 +813,14 @@ int llhttp__internal__c_or_flags_16(
-   return 0;
- }
- 
-+int llhttp__internal__c_and_flags(
-+    llhttp__internal_t* state,
-+    const unsigned char* p,
-+    const unsigned char* endp) {
-+  state->flags &= -9;
-+  return 0;
-+}
-+
- int llhttp__internal__c_update_header_state_7(
-     llhttp__internal_t* state,
-     const unsigned char* p,
-@@ -5974,10 +5982,18 @@ static llparse_state_t llhttp__internal__run(
-     /* UNREACHABLE */;
-     abort();
-   }
-+  s_n_llhttp__internal__n_invoke_and_flags: {
-+    switch (llhttp__internal__c_and_flags(state, p, endp)) {
-+      default:
-+        goto s_n_llhttp__internal__n_header_value_te_chunked;
-+    }
-+    /* UNREACHABLE */;
-+    abort();
-+  }
-   s_n_llhttp__internal__n_invoke_or_flags_16: {
-     switch (llhttp__internal__c_or_flags_16(state, p, endp)) {
-       default:
--        goto s_n_llhttp__internal__n_header_value_te_chunked;
-+        goto s_n_llhttp__internal__n_invoke_and_flags;
-     }
-     /* UNREACHABLE */;
-     abort();
-@@ -7625,6 +7641,14 @@ int llhttp__internal__c_or_flags_16(
-   return 0;
- }
- 
-+int llhttp__internal__c_and_flags(
-+    llhttp__internal_t* state,
-+    const unsigned char* p,
-+    const unsigned char* endp) {
-+  state->flags &= -9;
-+  return 0;
-+}
-+
- int llhttp__internal__c_update_header_state_7(
-     llhttp__internal_t* state,
-     const unsigned char* p,
-@@ -12522,10 +12546,18 @@ static llparse_state_t llhttp__internal__run(
-     /* UNREACHABLE */;
-     abort();
-   }
-+  s_n_llhttp__internal__n_invoke_and_flags: {
-+    switch (llhttp__internal__c_and_flags(state, p, endp)) {
-+      default:
-+        goto s_n_llhttp__internal__n_header_value_te_chunked;
-+    }
-+    /* UNREACHABLE */;
-+    abort();
-+  }
-   s_n_llhttp__internal__n_invoke_or_flags_16: {
-     switch (llhttp__internal__c_or_flags_16(state, p, endp)) {
-       default:
--        goto s_n_llhttp__internal__n_header_value_te_chunked;
-+        goto s_n_llhttp__internal__n_invoke_and_flags;
-     }
-     /* UNREACHABLE */;
-     abort();
-diff --git a/test/parallel/test-http-transfer-encoding-smuggling.js b/test/parallel/test-http-transfer-encoding-smuggling.js
-new file mode 100644
-index 00000000000..9d97db4c0a2
---- /dev/null
-+++ b/test/parallel/test-http-transfer-encoding-smuggling.js
-@@ -0,0 +1,46 @@
-+'use strict';
-+
-+const common = require('../common');
-+
-+const assert = require('assert');
-+const http = require('http');
-+const net = require('net');
-+
-+const msg = [
-+  'POST / HTTP/1.1',
-+  'Host: 127.0.0.1',
-+  'Transfer-Encoding: chunked',
-+  'Transfer-Encoding: chunked-false',
-+  'Connection: upgrade',
-+  '',
-+  '1',
-+  'A',
-+  '0',
-+  '',
-+  'GET /flag HTTP/1.1',
-+  'Host: 127.0.0.1',
-+  '',
-+  '',
-+].join('\r\n');
-+
-+// Verify that the server is called only once even with a smuggled request.
-+
-+const server = http.createServer(common.mustCall((req, res) => {
-+  res.end();
-+}, 1));
-+
-+function send(next) {
-+  const client = net.connect(server.address().port, 'localhost');
-+  client.setEncoding('utf8');
-+  client.on('error', common.mustNotCall());
-+  client.on('end', next);
-+  client.write(msg);
-+  client.resume();
-+}
-+
-+server.listen(0, common.mustCall((err) => {
-+  assert.ifError(err);
-+  send(common.mustCall(() => {
-+    server.close();
-+  }));
-+}));
diff --git a/CVE-2021-22883.patch b/CVE-2021-22883.patch
deleted file mode 100644
index 4e50657705fc1972cdfa3fe27089c141ba950600..0000000000000000000000000000000000000000
--- a/CVE-2021-22883.patch
+++ /dev/null
@@ -1,219 +0,0 @@
-From 922ada77132c1b0b69c9a146822d762b2f9b912b Mon Sep 17 00:00:00 2001
-From: Daniel Bevenius <daniel.bevenius@gmail.com>
-Date: Fri, 22 Jan 2021 12:34:21 +0100
-Subject: [PATCH] http2: add unknownProtocol timeout
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This commit add a configuration options named unknownProtocolTimeout
-which can be specified to set a value for the timeout in milliseconds
-that a server should wait when an unknowProtocol is sent to it. When
-this happens a timer will be started and the if the socket has not been
-destroyed during that time the timer callback will destoy it.
-
-Refs: https://hackerone.com/reports/1043360
-CVE-ID: CVE-2021-22883
-PR-URL: https://github.com/nodejs/node/pull/246
-Backport-PR-URL: https://github.com/nodejs/node/pull/250
-Reviewed-By: Beth Griggs <bgriggs@redhat.com>
-Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
-Reviewed-By: Michael Dawson <midawson@redhat.com>
-Reviewed-By: Rich Trott <rtrott@gmail.com>
-Reviewed-By: Tobias Nießen <tniessen@tnie.de>
-Reference: https://github.com/nodejs/node/commit/922ada77132c1b0b69c9a146822d762b2f9b912b
----
- doc/api/http2.md                              | 25 +++++++++++++-
- lib/internal/http2/core.js                    | 31 ++++++++++++++---
- .../test-http2-server-unknown-protocol.js     | 33 +++++++++++++++++++
- 3 files changed, 84 insertions(+), 5 deletions(-)
- create mode 100644 test/parallel/test-http2-server-unknown-protocol.js
-
-diff --git a/doc/api/http2.md b/doc/api/http2.md
-index 40a107f..d57a560 100644
---- a/doc/api/http2.md
-+++ b/doc/api/http2.md
-@@ -1908,7 +1908,9 @@ added: v8.4.0
- The `'unknownProtocol'` event is emitted when a connecting client fails to
- negotiate an allowed protocol (i.e. HTTP/2 or HTTP/1.1). The event handler
- receives the socket for handling. If no listener is registered for this event,
--the connection is terminated. See the [Compatibility API][].
-+the connection is terminated. A timeout may be specified using the
-+`'unknownProtocolTimeout'` option passed to [`http2.createSecureServer()`][].
-+See the [Compatibility API][].
- 
- #### `server.close([callback])`
- <!-- YAML
-@@ -1948,6 +1950,9 @@ error will be thrown.
- <!-- YAML
- added: v8.4.0
- changes:
-+  - version: REPLACEME
-+    pr-url: https://github.com/nodejs-private/node-private/pull/250
-+    description: Added `unknownProtocolTimeout` option with a default of 10000.
-   - version:
-      - v12.18.0
-     pr-url: https://github.com/nodejs-private/node-private/pull/206
-@@ -2050,6 +2055,10 @@ changes:
-     `Http2ServerResponse` class to use.
-     Useful for extending the original `Http2ServerResponse`.
-     **Default:** `Http2ServerResponse`.
-+  * `unknownProtocolTimeout` {number} Specifies a timeout in milliseconds that
-+    a server should wait when an [`'unknownProtocol'`][] is emitted. If the
-+    socket has not been destroyed by that time the server will destroy it.
-+    **Default:** `10000`.
-   * ...: Any [`net.createServer()`][] option can be provided.
- * `onRequestHandler` {Function} See [Compatibility API][]
- * Returns: {Http2Server}
-@@ -2086,6 +2095,9 @@ server.listen(80);
- <!-- YAML
- added: v8.4.0
- changes:
-+  - version: REPLACEME
-+    pr-url: https://github.com/nodejs-private/node-private/pull/250
-+    description: Added `unknownProtocolTimeout` option with a default of 10000.
-   - version:
-      - v12.18.0
-     pr-url: https://github.com/nodejs-private/node-private/pull/206
-@@ -2178,6 +2190,10 @@ changes:
-     servers, the identity options (`pfx` or `key`/`cert`) are usually required.
-   * `origins` {string[]} An array of origin strings to send within an `ORIGIN`
-     frame immediately following creation of a new server `Http2Session`.
-+  * `unknownProtocolTimeout` {number} Specifies a timeout in milliseconds that
-+    a server should wait when an [`'unknownProtocol'`][] event is emitted. If
-+    the socket has not been destroyed by that time the server will destroy it.
-+    **Default:** `10000`.
- * `onRequestHandler` {Function} See [Compatibility API][]
- * Returns: {Http2SecureServer}
- 
-@@ -2211,6 +2227,9 @@ server.listen(80);
- <!-- YAML
- added: v8.4.0
- changes:
-+  - version: REPLACEME
-+    pr-url: https://github.com/nodejs-private/node-private/pull/250
-+    description: Added `unknownProtocolTimeout` option with a default of 10000.
-   - version:
-      - v12.18.0
-     pr-url: https://github.com/nodejs-private/node-private/pull/206
-@@ -2294,6 +2313,10 @@ changes:
-     instance passed to `connect` and the `options` object, and returns any
-     [`Duplex`][] stream that is to be used as the connection for this session.
-   * ...: Any [`net.connect()`][] or [`tls.connect()`][] options can be provided.
-+  * `unknownProtocolTimeout` {number} Specifies a timeout in milliseconds that
-+    a server should wait when an [`'unknownProtocol'`][] event is emitted. If
-+    the socket has not been destroyed by that time the server will destroy it.
-+    **Default:** `10000`.
- * `listener` {Function} Will be registered as a one-time listener of the
-   [`'connect'`][] event.
- * Returns: {ClientHttp2Session}
-diff --git a/lib/internal/http2/core.js b/lib/internal/http2/core.js
-index 2116bc8..e9a63fe 100644
---- a/lib/internal/http2/core.js
-+++ b/lib/internal/http2/core.js
-@@ -33,7 +33,7 @@ const net = require('net');
- const { Duplex } = require('stream');
- const tls = require('tls');
- const { URL } = require('url');
--const { setImmediate } = require('timers');
-+const { setImmediate, setTimeout, clearTimeout } = require('timers');
- 
- const { kIncomingMessage } = require('_http_common');
- const { kServerResponse } = require('_http_server');
-@@ -2721,14 +2721,14 @@ function handleHeaderContinue(headers) {
-     this.emit('continue');
- }
- 
--const setTimeout = {
-+const setTimeoutValue = {
-   configurable: true,
-   enumerable: true,
-   writable: true,
-   value: setStreamTimeout
- };
--ObjectDefineProperty(Http2Stream.prototype, 'setTimeout', setTimeout);
--ObjectDefineProperty(Http2Session.prototype, 'setTimeout', setTimeout);
-+ObjectDefineProperty(Http2Stream.prototype, 'setTimeout', setTimeoutValue);
-+ObjectDefineProperty(Http2Session.prototype, 'setTimeout', setTimeoutValue);
- 
- 
- // When the socket emits an error, destroy the associated Http2Session and
-@@ -2788,6 +2788,22 @@ function connectionListener(socket) {
-     debug('Unknown protocol from %s:%s',
-           socket.remoteAddress, socket.remotePort);
-     if (!this.emit('unknownProtocol', socket)) {
-+      debug('Unknown protocol timeout:  %s', options.unknownProtocolTimeout);
-+      // Install a timeout if the socket was not successfully closed, then
-+      // destroy the socket to ensure that the underlying resources are
-+      // released.
-+      const timer = setTimeout(() => {
-+        if (!socket.destroyed) {
-+          debug('UnknownProtocol socket timeout, destroy socket');
-+          socket.destroy();
-+        }
-+      }, options.unknownProtocolTimeout);
-+      // Un-reference the timer to avoid blocking of application shutdown and
-+      // clear the timeout if the socket was successfully closed.
-+      timer.unref();
-+
-+      socket.once('close', () => clearTimeout(timer));
-+
-       // We don't know what to do, so let's just tell the other side what's
-       // going on in a format that they *might* understand.
-       socket.end('HTTP/1.0 403 Forbidden\r\n' +
-@@ -2836,6 +2852,13 @@ function initializeOptions(options) {
-     );
-   }
- 
-+  if (options.unknownProtocolTimeout !== undefined)
-+    validateUint32(options.unknownProtocolTimeout, 'unknownProtocolTimeout');
-+  else
-+    // TODO(danbev): is this a good default value?
-+    options.unknownProtocolTimeout = 10000;
-+
-+
-   // Used only with allowHTTP1
-   options.Http1IncomingMessage = options.Http1IncomingMessage ||
-     http.IncomingMessage;
-diff --git a/test/parallel/test-http2-server-unknown-protocol.js b/test/parallel/test-http2-server-unknown-protocol.js
-new file mode 100644
-index 0000000..639bbe4
---- /dev/null
-+++ b/test/parallel/test-http2-server-unknown-protocol.js
-@@ -0,0 +1,33 @@
-+'use strict';
-+const common = require('../common');
-+const fixtures = require('../common/fixtures');
-+
-+// This test verifies that when a server receives an unknownProtocol it will
-+// not leave the socket open if the client does not close it.
-+
-+if (!common.hasCrypto)
-+  common.skip('missing crypto');
-+
-+const h2 = require('http2');
-+const tls = require('tls');
-+
-+const server = h2.createSecureServer({
-+  key: fixtures.readKey('rsa_private.pem'),
-+  cert: fixtures.readKey('rsa_cert.crt'),
-+  unknownProtocolTimeout: 500,
-+  allowHalfOpen: true
-+});
-+
-+server.on('connection', (socket) => {
-+  socket.on('close', common.mustCall(() => {
-+    server.close();
-+  }));
-+});
-+
-+server.listen(0, function() {
-+  tls.connect({
-+    port: server.address().port,
-+    rejectUnauthorized: false,
-+    ALPNProtocols: ['bogus']
-+  });
-+});
--- 
-2.23.0
-
diff --git a/CVE-2021-22884.patch b/CVE-2021-22884.patch
deleted file mode 100644
index 71913203e5c515c9bd2d3f5fa6fd2364b1c6a079..0000000000000000000000000000000000000000
--- a/CVE-2021-22884.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 1564752d553f582c8048ee45614f870ee2a446c9 Mon Sep 17 00:00:00 2001
-From: Matteo Collina <hello@matteocollina.com>
-Date: Thu, 14 Jan 2021 16:04:44 +0100
-Subject: [PATCH] src: drop localhost6 as allowed host for inspector
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-CVE-ID: CVE-2021-22884
-Refs: https://hackerone.com/bugs?report_id=1069487
-PR-URL: https://github.com/nodejs/node/pull/244
-Reviewed-By: Beth Griggs <bgriggs@redhat.com>
-Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
-Reviewed-By: Mary Marchini <oss@mmarchini.me>
-Reviewed-By: Michael Dawson <midawson@redhat.com>
-Reviewed-By: Michaël Zasso <targos@protonmail.com>
-Reviewed-By: Rich Trott <rtrott@gmail.com>
-Reference: https://github.com/nodejs/node/commit/1564752d553f582c8048ee45614f870ee2a446c9
----
- src/inspector_socket.cc | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/src/inspector_socket.cc b/src/inspector_socket.cc
-index a701928..3814565 100644
---- a/src/inspector_socket.cc
-+++ b/src/inspector_socket.cc
-@@ -584,8 +584,7 @@ class HttpHandler : public ProtocolHandler {
-   bool IsAllowedHost(const std::string& host_with_port) const {
-     std::string host = TrimPort(host_with_port);
-     return host.empty() || IsIPAddress(host)
--           || node::StringEqualNoCase(host.data(), "localhost")
--           || node::StringEqualNoCase(host.data(), "localhost6");
-+          || node::StringEqualNoCase(host.data(), "localhost");
-   }
-
-   bool parsing_value_;
---
-2.23.0
\ No newline at end of file
diff --git a/CVE-2021-22918.patch b/CVE-2021-22918.patch
deleted file mode 100644
index 62083ba17606ff9d88dcc76262c68261afd72306..0000000000000000000000000000000000000000
--- a/CVE-2021-22918.patch
+++ /dev/null
@@ -1,177 +0,0 @@
-From d33aead28bcec32a2a450f884907a6d971631829 Mon Sep 17 00:00:00 2001
-From: Ben Noordhuis <info@bnoordhuis.nl>
-Date: Fri, 21 May 2021 11:23:36 +0200
-Subject: [PATCH] deps: uv: cherry-pick 99c29c9c2c9b
-
-Original commit message:
-
-    idna: fix OOB read in punycode decoder
-
-    Reported by Eric Sesterhenn in collaboration with
-    Cure53 and ExpressVPN.
-
-    Deleted unintroduced test files.
-
-    Reported-By: Eric Sesterhenn <eric.sesterhenn@x41-dsec.de>
-    PR-URL: https://github.com/libuv/libuv-private/pull/1
-    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
-    Reviewed-By: Richard Lau <rlau@redhat.com>
-
-CVE-ID: CVE-2021-22918
-Refs: https://hackerone.com/reports/1209681
-PR-URL: https://github.com/nodejs-private/node-private/pull/267
-Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
-Reviewed-By: Richard Lau <rlau@redhat.com>
-Reviewed-By: Michael Dawson <midawson@redhat.com>
-Reviewed-By: Beth Griggs <bgriggs@redhat.com>
----
- deps/uv/src/idna.c | 49 ++++++++++++++++++++++++++++++++++------------
- 1 file changed, 36 insertions(+), 13 deletions(-)
-
-diff --git a/deps/uv/src/idna.c b/deps/uv/src/idna.c
-index 13ffac6..b44cb16 100644
---- a/deps/uv/src/idna.c
-+++ b/deps/uv/src/idna.c
-@@ -19,6 +19,7 @@
- 
- #include "uv.h"
- #include "idna.h"
-+#include <assert.h>
- #include <string.h>
- 
- static unsigned uv__utf8_decode1_slow(const char** p,
-@@ -32,7 +33,7 @@ static unsigned uv__utf8_decode1_slow(const char** p,
-   if (a > 0xF7)
-     return -1;
- 
--  switch (*p - pe) {
-+  switch (pe - *p) {
-   default:
-     if (a > 0xEF) {
-       min = 0x10000;
-@@ -62,6 +63,8 @@ static unsigned uv__utf8_decode1_slow(const char** p,
-       a = 0;
-       break;
-     }
-+    /* Fall through. */
-+  case 0:
-     return -1;  /* Invalid continuation byte. */
-   }
- 
-@@ -88,6 +91,8 @@ static unsigned uv__utf8_decode1_slow(const char** p,
- unsigned uv__utf8_decode1(const char** p, const char* pe) {
-   unsigned a;
- 
-+  assert(*p < pe);
-+
-   a = (unsigned char) *(*p)++;
- 
-   if (a < 128)
-@@ -96,9 +101,6 @@ unsigned uv__utf8_decode1(const char** p, const char* pe) {
-   return uv__utf8_decode1_slow(p, pe, a);
- }
- 
--#define foreach_codepoint(c, p, pe) \
--  for (; (void) (*p <= pe && (c = uv__utf8_decode1(p, pe))), *p <= pe;)
--
- static int uv__idna_toascii_label(const char* s, const char* se,
-                                   char** d, char* de) {
-   static const char alphabet[] = "abcdefghijklmnopqrstuvwxyz0123456789";
-@@ -121,15 +123,22 @@ static int uv__idna_toascii_label(const char* s, const char* se,
-   ss = s;
-   todo = 0;
- 
--  foreach_codepoint(c, &s, se) {
-+  /* Note: after this loop we've visited all UTF-8 characters and know
-+   * they're legal so we no longer need to check for decode errors.
-+   */
-+  while (s < se) {
-+    c = uv__utf8_decode1(&s, se);
-+
-+    if (c == -1u)
-+      return UV_EINVAL;
-+
-     if (c < 128)
-       h++;
--    else if (c == (unsigned) -1)
--      return UV_EINVAL;
-     else
-       todo++;
-   }
- 
-+  /* Only write "xn--" when there are non-ASCII characters. */
-   if (todo > 0) {
-     if (*d < de) *(*d)++ = 'x';
-     if (*d < de) *(*d)++ = 'n';
-@@ -137,9 +146,13 @@ static int uv__idna_toascii_label(const char* s, const char* se,
-     if (*d < de) *(*d)++ = '-';
-   }
- 
-+  /* Write ASCII characters. */
-   x = 0;
-   s = ss;
--  foreach_codepoint(c, &s, se) {
-+  while (s < se) {
-+    c = uv__utf8_decode1(&s, se);
-+    assert(c != -1u);
-+
-     if (c > 127)
-       continue;
- 
-@@ -166,10 +179,15 @@ static int uv__idna_toascii_label(const char* s, const char* se,
-   while (todo > 0) {
-     m = -1;
-     s = ss;
--    foreach_codepoint(c, &s, se)
-+
-+    while (s < se) {
-+      c = uv__utf8_decode1(&s, se);
-+      assert(c != -1u);
-+
-       if (c >= n)
-         if (c < m)
-           m = c;
-+    }
- 
-     x = m - n;
-     y = h + 1;
-@@ -181,7 +199,10 @@ static int uv__idna_toascii_label(const char* s, const char* se,
-     n = m;
- 
-     s = ss;
--    foreach_codepoint(c, &s, se) {
-+    while (s < se) {
-+      c = uv__utf8_decode1(&s, se);
-+      assert(c != -1u);
-+
-       if (c < n)
-         if (++delta == 0)
-           return UV_E2BIG;  /* Overflow. */
-@@ -245,8 +266,6 @@ static int uv__idna_toascii_label(const char* s, const char* se,
-   return 0;
- }
- 
--#undef foreach_codepoint
--
- long uv__idna_toascii(const char* s, const char* se, char* d, char* de) {
-   const char* si;
-   const char* st;
-@@ -256,10 +275,14 @@ long uv__idna_toascii(const char* s, const char* se, char* d, char* de) {
- 
-   ds = d;
- 
--  for (si = s; si < se; /* empty */) {
-+  si = s;
-+  while (si < se) {
-     st = si;
-     c = uv__utf8_decode1(&si, se);
- 
-+    if (c == -1u)
-+      return UV_EINVAL;
-+
-     if (c != '.')
-       if (c != 0x3002)  /* 。 */
-         if (c != 0xFF0E)  /* ． */
--- 
-2.27.0
-
diff --git a/icu4c-67_1-src.tgz b/icu4c-69_1-src.tgz
similarity index 70%
rename from icu4c-67_1-src.tgz
rename to icu4c-69_1-src.tgz
index 972047ab84d61b1923006a6fff011ef96e1d5517..ca4aa3592cd2f1fdf1736b82eab1de3abbe1c298 100644
Binary files a/icu4c-67_1-src.tgz and b/icu4c-69_1-src.tgz differ
diff --git a/node-v12.18.4.tar.gz b/node-v16.9.1.tar.gz
similarity index 71%
rename from node-v12.18.4.tar.gz
rename to node-v16.9.1.tar.gz
index 2d926a30b403172f1c04973181dcbf27faad0927..295c5771ae8fd173ee808e4ce00452f7bbe302d9 100644
Binary files a/node-v12.18.4.tar.gz and b/node-v16.9.1.tar.gz differ
diff --git a/nodejs.spec b/nodejs.spec
index c437078d6cdb20c4f18f184c08b3e5623612aec7..0e709a1928d9ff4e60166b7d6dd921a7bc74572f 100644
--- a/nodejs.spec
+++ b/nodejs.spec
@@ -1,68 +1,52 @@
 %bcond_with bootstrap
-%global baserelease 6
 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
+%global nodejs_datadir %{_datarootdir}/nodejs
+
 %global nodejs_epoch 1
-%global nodejs_major 12
-%global nodejs_minor 18
-%global nodejs_patch 4
+%global nodejs_major 16
+%global nodejs_minor 9
+%global nodejs_patch 1
+%global nodejs_release 1
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
-%global nodejs_soversion 72
-%global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}
-%global nodejs_release %{baserelease}
-%global nodejs_datadir %{_datarootdir}/nodejs
+%global nodejs_version %{nodejs_abi}.%{nodejs_patch}
+%global package_version %{nodejs_epoch}.%{nodejs_version}.%{nodejs_release}
+# from NODE_MODULE_VERSION in src/node_version.h
+%global nodejs_soversion 93
+# from deps/v8/include/v8-version.h
 %global v8_epoch 2
-%global v8_major 7
-%global v8_minor 8
-%global v8_build 279
-%global v8_patch 23
+%global v8_major 9
+%global v8_minor 3
+%global v8_build 345
+%global v8_patch 16
 %global v8_abi %{v8_major}.%{v8_minor}
 %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}
-%global v8_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
-%global c_ares_major 1
-%global c_ares_minor 16
-%global c_ares_patch 0
-%global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch}
-%global http_parser_major 2
-%global http_parser_minor 9
-%global http_parser_patch 3
-%global http_parser_version %{http_parser_major}.%{http_parser_minor}.%{http_parser_patch}
-%global llhttp_major 2
-%global llhttp_minor 1
-%global llhttp_patch 2
-%global llhttp_version %{llhttp_major}.%{llhttp_minor}.%{llhttp_patch}
-%global libuv_major 1
-%global libuv_minor 38
-%global libuv_patch 0
-%global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch}
-%global nghttp2_major 1
-%global nghttp2_minor 41
-%global nghttp2_patch 0
-%global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch}
-%global icu_major 67
+%global v8_release %{package_version}
+# from deps/cares/include/ares_version.h
+%global c_ares_version 1.17.2
+# from deps/llhttp/include/llhttp.h
+%global llhttp_version 6.0.2
+# from deps/uv/include/uv/version.h
+%global libuv_version 1.42.0
+# from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
+%global nghttp2_version 1.42.0
+# from tools/icu/current_ver.dep
+%global icu_major 69
 %global icu_minor 1
 %global icu_version %{icu_major}.%{icu_minor}
 %global icudatadir %{nodejs_datadir}/icudata
 %{!?little_endian: %global little_endian %(%{__python3} -c "import sys;print (0 if sys.byteorder=='big' else 1)")}
 # " this line just fixes syntax highlighting for vim that is confused by the above and continues literal
 %global openssl_minimum 1:1.1.1
-%global punycode_major 2
-%global punycode_minor 1
-%global punycode_patch 0
-%global punycode_version %{punycode_major}.%{punycode_minor}.%{punycode_patch}
+# from lib/punycode.js
+%global punycode_version 2.1.0
+# from deps/npm/package.json
 %global npm_epoch 1
-%global npm_major 6
-%global npm_minor 14
-%global npm_patch 6
-%global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}
-%global uvwasi_major 0
-%global uvwasi_minor 0
-%global uvwasi_patch 9
-%global uvwasi_version %{uvwasi_major}.%{uvwasi_minor}.%{uvwasi_patch}
-%global histogram_major 0
-%global histogram_minor 9
-%global histogram_patch 7
-%global histogram_version %{histogram_major}.%{histogram_minor}.%{histogram_patch}
-%global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
+%global npm_version 7.21.1
+# from deps/uvwasi/include/uvwasi.h
+%global uvwasi_version 0.0.11
+# https://github.com/HdrHistogram/HdrHistogram_c
+%global histogram_version 0.9.7
+%global npm_release %{package_version}
 
 Name: nodejs
 Epoch: %{nodejs_epoch}
@@ -77,7 +61,7 @@ Source0: https://nodejs.org/dist/v%{version}/node-v%{version}.tar.gz
 Source1: npmrc
 Source2: btest402.js
 Source3: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-src.tgz
-Source7: nodejs_native.attr
+Source4: nodejs_native.attr
 
 Patch0001: 0001-Disable-running-gyp-on-shared-deps.patch
 Patch0002: 0002-Install-both-binaries-and-use-libdir.patch
@@ -85,34 +69,25 @@ Patch0002: 0002-Install-both-binaries-and-use-libdir.patch
 Patch0003: 0003-Modify-openEuler-aarch64-v8_os_page_size-to-64.patch
 %endif
 Patch0004: 0004-Make-AARCH64-compile-on-64KB-physical-pages.patch
-Patch0005: CVE-2020-8265.patch
-Patch0006: CVE-2020-8287-1.patch
-Patch0007: CVE-2020-8287-2.patch
-Patch0008: CVE-2021-22883.patch
-Patch0009: CVE-2021-22884.patch
-Patch00010: CVE-2021-22918.patch
-Patch00011: 0005-use-getauxval-in-node_main_cc.patch
-
-BuildRequires: python3-devel
+
+BuildRequires: python3-devel python3-unversioned-command
 BuildRequires: zlib-devel
 BuildRequires: brotli-devel
-BuildRequires: gcc >= 6.3.0
-BuildRequires: gcc-c++ >= 6.3.0
+BuildRequires: gcc
+BuildRequires: gcc-c++
 BuildRequires: nodejs-packaging
 BuildRequires: chrpath
 BuildRequires: libatomic
 
 %if %{with bootstrap}
-Provides: bundled(http-parser) = %{http_parser_version}
 Provides: bundled(libuv) = %{libuv_version}
 Provides: bundled(nghttp2) = %{nghttp2_version}
 %else
 BuildRequires: systemtap-sdt-devel
-BuildRequires: libuv-devel >= 1:%{libuv_version}
-Requires: libuv >= 1:%{libuv_version}
+BuildRequires: libuv-devel
+Requires: libuv
 BuildRequires: libnghttp2-devel >= %{nghttp2_version}
 Requires: libnghttp2 >= %{nghttp2_version}
-Provides: bundled(http-parser) = %{http_parser_version}
 Provides: bundled(llhttp) = %{llhttp_version}
 %endif
 
@@ -228,16 +203,6 @@ The API documentation for the Node.js JavaScript runtime.
 
 %prep
 %autosetup -p1 -n node-v%{nodejs_version}
-rm -rf deps/zlib
-rm -rf deps/brotli
-rm -rf deps/openssl
-pathfix.py -i %{__python3} -pn $(find -type f ! -name "*.js")
-find . -type f -exec sed -i "s~/usr\/bin\/env python~/usr/bin/python3~" {} \;
-find . -type f -exec sed -i "s~/usr\/bin\/python\W~/usr/bin/python3~" {} \;
-sed -i "s~python~python3~" $(find . -type f | grep "gyp$")
-sed -i "s~usr\/bin\/python2~usr\/bin\/python3~" ./deps/v8/tools/gen-inlining-tests.py
-sed -i "s~usr\/bin\/python.*$~usr\/bin\/python3~" ./deps/v8/tools/mb/mb_unittest.py
-find . -type f -exec sed -i "s~python -c~python3 -c~" {} \;
 
 %build
 %define _lto_cflags %{nil}
@@ -331,7 +296,7 @@ done
 
 mkdir -p %{buildroot}%{_prefix}/lib/node_modules
 
-install -Dpm0644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/fileattrs/nodejs_native.attr
+install -Dpm0644 %{SOURCE4} %{buildroot}%{_rpmconfigdir}/fileattrs/nodejs_native.attr
 cat << EOF > %{buildroot}%{_rpmconfigdir}/nodejs_native.req
 #!/bin/sh
 echo 'nodejs(abi%{nodejs_major}) >= %nodejs_abi'
@@ -494,6 +459,12 @@ end
 %{_pkgdocdir}/npm/docs
 
 %changelog
+* Sat Sep 25 2021 Liu Zixian <hdu_sdlzx@163.com> - 1:16.9.1-1
+- Update to 16.9.1
+
+* Thu Sep 23 2021 Liu Zixian <hdu_sdlzx@163.com> - 1:14.17.6-1
+- Update to 14.17.6
+
 * Mon Aug 16 2021 zhouwenpei <zhouwenpei1@huawei.com> - 1:12.18.4-6
 - use getauxval to fix build failure in node_main.cc