diff --git a/c-ares-cares-1_19_1.zip b/c-ares-cares-1_19_1.zip
new file mode 100644
index 0000000000000000000000000000000000000000..fe5627281f397242b7731da5873c4305f2ccd2ef
Binary files /dev/null and b/c-ares-cares-1_19_1.zip differ
diff --git a/cares-update-version-and-release-procedure.patch b/cares-update-version-and-release-procedure.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a925ef76f6c948cdf735aed240f8ac289ac59b27
--- /dev/null
+++ b/cares-update-version-and-release-procedure.patch
@@ -0,0 +1,56 @@
+From b81b93235fd3311636af110c107228a309fd3b47 Mon Sep 17 00:00:00 2001
+From: bradh352 <brad@brad-house.com>
+Date: Tue, 23 May 2023 09:54:08 -0400
+Subject: [PATCH] update version and release procedure
+
+---
+ RELEASE-PROCEDURE.md   | 5 +++--
+ include/ares_version.h | 6 +++---
+ 2 files changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/RELEASE-PROCEDURE.md b/RELEASE-PROCEDURE.md
+index c16770788..1abc9a382 100644
+--- a/RELEASE-PROCEDURE.md
++++ b/RELEASE-PROCEDURE.md
+@@ -10,6 +10,9 @@ in the source code repo
+   `CARES_LIB_VERSIONINFO` set to the same value to denote the current shared
+   object versioning.
+ 
++- edit `include/ares_version.h` and set `ARES_VERSION_*` definitions to reflect
++  the current version.
++
+ - make sure all relevant changes are committed on the master branch
+ 
+ - tag the git repo in this style: `git tag -a cares-1_14_0` -a annotates the
+@@ -26,8 +29,6 @@ in the source code repo
+ 
+ - upload the resulting files to https://c-ares.org/download/
+ 
+-- update `ares_version.h` for the next version
+-
+ in the c-ares-www repo
+ ----------------------
+ 
+diff --git a/include/ares_version.h b/include/ares_version.h
+index 4d8d62fd1..9db836ecc 100644
+--- a/include/ares_version.h
++++ b/include/ares_version.h
+@@ -3,15 +3,15 @@
+ #define ARES__VERSION_H
+ 
+ /* This is the global package copyright */
+-#define ARES_COPYRIGHT "2004 - 2021 Daniel Stenberg, <daniel@haxx.se>."
++#define ARES_COPYRIGHT "2004 - 2023 Daniel Stenberg, <daniel@haxx.se>."
+ 
+ #define ARES_VERSION_MAJOR 1
+ #define ARES_VERSION_MINOR 19
+-#define ARES_VERSION_PATCH 0
++#define ARES_VERSION_PATCH 1
+ #define ARES_VERSION ((ARES_VERSION_MAJOR<<16)|\
+                        (ARES_VERSION_MINOR<<8)|\
+                        (ARES_VERSION_PATCH))
+-#define ARES_VERSION_STR "1.19.0"
++#define ARES_VERSION_STR "1.19.1"
+ 
+ #if (ARES_VERSION >= 0x010700)
+ #  define CARES_HAVE_ARES_LIBRARY_INIT 1
diff --git a/fix-build-with-cares-1.19.1.patch b/fix-build-with-cares-1.19.1.patch
new file mode 100644
index 0000000000000000000000000000000000000000..36a04c18f8478087123b18b2fb0ef4527e301d98
--- /dev/null
+++ b/fix-build-with-cares-1.19.1.patch
@@ -0,0 +1,12 @@
+diff --git a/deps/cares/cares.gyp b/deps/cares/cares.gyp
+index 74f0e78..e6b8e96 100644
+--- a/deps/cares/cares.gyp
++++ b/deps/cares/cares.gyp
+@@ -88,6 +88,7 @@
+         'src/lib/ares_private.h',
+         'src/lib/ares_process.c',
+         'src/lib/ares_query.c',
++        'src/lib/ares_rand.c',
+         'src/lib/ares__read_line.c',
+         'src/lib/ares__readaddrinfo.c',
+         'src/lib/ares_search.c',
diff --git a/nodejs.spec b/nodejs.spec
index 887d51c8df098e2eb93095a9894c982af2ee14c8..d56e47b969a01522af90e75a0379a01daba06d8b 100644
--- a/nodejs.spec
+++ b/nodejs.spec
@@ -36,7 +36,7 @@
 # This is used by both the nodejs package and the npm subpackage that
 # has a separate version - the name is special so that rpmdev-bumpspec
 # will bump this rather than adding .1 to the end.
-%global baserelease 1
+%global baserelease 2
 
 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
 
@@ -73,7 +73,7 @@
 # c-ares - from deps/cares/include/ares_version.h
 # https://github.com/nodejs/node/pull/9332
 %global c_ares_major 1
-%global c_ares_minor 18
+%global c_ares_minor 19
 %global c_ares_patch 1
 %global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch}
 
@@ -182,6 +182,8 @@ Source0: node-v%{nodejs_version}-stripped.tar.gz
 Source1: npmrc
 Source2: btest402.js
 Source3: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-src.tgz
+Source4: c-ares-cares-%{c_ares_major}_%{c_ares_minor}_%{c_ares_patch}.zip
+Source5: cares-update-version-and-release-procedure.patch
 Source100: %{name}-tarball.sh
 
 # The native module Requires generator remains in the nodejs SRPM, so it knows
@@ -216,6 +218,8 @@ Patch2: 0002-deps-http-cache-semantics-Don-t-use-regex-to-trim-wh.patch
 # CVE-2022-4904
 Patch3: 0003-deps-cares-Add-str-len-check-in-config_sortlist-to-a.patch
 
+Patch1000: fix-build-with-cares-1.19.1.patch
+
 BuildRequires: make
 BuildRequires: python3-devel
 BuildRequires: python3-setuptools
@@ -426,6 +430,16 @@ sed -i "s~usr\/bin\/python.*$~usr\/bin\/python3~" ./deps/v8/tools/mb/mb_unittest
 find . -type f -exec sed -i "s~python -c~python3 -c~" {} \;
 %endif
 
+pushd deps/
+# extract cares
+unzip -d cares %SOURCE4
+cp -r cares/c-ares-cares-%{c_ares_major}_%{c_ares_minor}_%{c_ares_patch}/* cares/
+rm -rf cares/test cares/c-ares-cares-%{c_ares_major}_%{c_ares_minor}_%{c_ares_patch}
+pushd cares
+patch -p1 < %SOURCE5
+popd
+popd
+
 %build
 
 %ifarch s390 s390x %{arm} %ix86
@@ -735,6 +749,10 @@ end
 
 
 %changelog
+* Thu Jul 13 2023 Liwei Ge <liwei.glw@alibaba-inc.com> - 1:16.19.1-2.0.2
+- update cares to 1.19.1
+- fix CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067
+
 * Thu Apr 13 2023 Zhao Hang <wb-zh951434@alibaba-inc.com> - 1:16.19.1-1.0.2
 - Update requires and recommands