diff --git a/download b/download
index 9d710d1391a745b1445a2eaf96d05ae49b9af853..407af3e5843ab5ae5dd465457d3c2b3b6dc2830b 100644
--- a/download
+++ b/download
@@ -1,4 +1,4 @@
-202bcb573b72c91238010bec571db597  cjs-module-lexer-1.2.2.tar.gz
-ae54410d48c20be18ac7474d0dc9c451  node-v18.18.2-stripped.tar.gz
-4a2f048ebe5917a52940738d88396e8e  undici-5.26.3.tar.gz
+08535247571b2a04e00dc1c8bfdc5606  cjs-module-lexer-1.2.2.tar.gz
+c430fc52d7930fe5fa2ff73a087d0a90  node-v18.19.0-stripped.tar.gz
+7c8cec0063a7a8a04aaf5c0ebf5d9f0c  undici-5.26.4.tar.gz
 d80d3731d039b0944b405044dabd5f93  wasi-sdk-11.0-linux.tar.gz
diff --git a/nodejs.spec b/nodejs.spec
index b611871584bcb9184fec30a535fccb7b6e78d8e5..ec382d2f1101db687a24a1185515049b9dd61afc 100644
--- a/nodejs.spec
+++ b/nodejs.spec
@@ -42,8 +42,8 @@
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
 %global nodejs_major 18
-%global nodejs_minor 18
-%global nodejs_patch 2
+%global nodejs_minor 19
+%global nodejs_patch 0
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
 %global nodejs_soversion 108
@@ -66,8 +66,7 @@
 %global v8_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
 
 # c-ares - from deps/cares/include/ares_version.h
-# https://github.com/nodejs/node/pull/9332
-%global c_ares_version 1.19.1
+%global c_ares_version 1.20.1
 
 # llhttp - from deps/llhttp/include/llhttp.h
 %global llhttp_version 6.0.11
@@ -115,11 +114,11 @@
 # simduft from deps/simdutf/simdutf.h
 %global simduft_major 3
 %global simduft_minor 2
-%global simduft_patch 14
+%global simduft_patch 18
 %global simduft_version %{simduft_major}.%{simduft_minor}.%{simduft_patch}
 
 # ada from deps/ada/ada.h
-%global ada_version 2.6.0
+%global ada_version 2.7.2
 
 # OpenSSL minimum version
 %global openssl_minimum 1:1.1.1
@@ -134,7 +133,7 @@
 
 # npm - from deps/npm/package.json
 %global npm_epoch 1
-%global npm_version 9.8.1
+%global npm_version 10.2.3
 
 # In order to avoid needing to keep incrementing the release version for the
 # main package forever, we will just construct one for npm that is guaranteed
@@ -146,7 +145,7 @@
 %global corepack_version 0.10.0
 
 # uvwasi - from deps/uvwasi/include/uvwasi.h
-%global uvwasi_version 0.0.18
+%global uvwasi_version 0.0.19
 
 # histogram_c - assumed from timestamps
 %global histogram_version 0.11.8
@@ -192,10 +191,10 @@ Source101: cjs-module-lexer-1.2.2.tar.gz
 Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-11.0-linux.tar.gz
 
 # Version: jq '.version' deps/undici/src/package.json
-# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.26.3.tar.gz
-# Adjustments: rm -f undici-5.26.3/lib/llhttp/llhttp*.wasm
+# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.26.4.tar.gz
+# Adjustments: rm -f undici-5.26.4/lib/llhttp/llhttp*.wasm
 # Build uses alpine image, see alpine for sources for wasi-sdk
-Source111: undici-5.26.3.tar.gz
+Source111: undici-5.26.4.tar.gz
 
 # Disable running gyp on bundled deps we don't use
 Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
@@ -733,10 +732,14 @@ end
 
 
 %changelog
-* Mon Oct 23 2023 Bo Liu <liubo03@inspur.com> -1:18.18.2-1.0.1
+* Wed Feb 21 2024 Bo Liu <liubo03@inspur.com> - 1:18.19.0-1.0.1
 - Fixes CVE-2022-25883
 - update requires and recommands (wb-zh951434@alibaba-inc.com)
 
+* Fri Jan 19 2024 Lukas Javorsky <ljavorsk@redhat.com> - 1:18.19.0-1
+- Rebase to version 18.19.0
+- Resolves: RHEL-21439
+
 * Sat Oct 14 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:18.18.2-1
 - Rebase to 18.18.2 (Security release)
 - Switch icu from zip to tgz