diff --git a/download b/download
index 407af3e5843ab5ae5dd465457d3c2b3b6dc2830b..3050f2f7dd222387c0551a008e57a28b496ea0e6 100644
--- a/download
+++ b/download
@@ -1,4 +1,4 @@
-08535247571b2a04e00dc1c8bfdc5606  cjs-module-lexer-1.2.2.tar.gz
-c430fc52d7930fe5fa2ff73a087d0a90  node-v18.19.0-stripped.tar.gz
-7c8cec0063a7a8a04aaf5c0ebf5d9f0c  undici-5.26.4.tar.gz
+5808c204e2942e7bf56d6d7971d4f5d4  cjs-module-lexer-1.2.2.tar.gz
+e0c8c46dc6505116bf5db18454a11777  node-v18.19.1-stripped.tar.gz
+aae05b8ad7bdb6d6813924709bbc34a0  undici-5.28.3.tar.gz
 d80d3731d039b0944b405044dabd5f93  wasi-sdk-11.0-linux.tar.gz
diff --git a/nodejs-fips-disable-options.patch b/nodejs-fips-disable-options.patch
new file mode 100644
index 0000000000000000000000000000000000000000..07f8d9296fa34cc7a9773106884900a73074dc35
--- /dev/null
+++ b/nodejs-fips-disable-options.patch
@@ -0,0 +1,83 @@
+From 98738d27288bd9ca634e29181ef665e812e7bbd3 Mon Sep 17 00:00:00 2001
+From: Michael Dawson <midawson@redhat.com>
+Date: Fri, 23 Feb 2024 13:43:56 +0100
+Subject: [PATCH] Disable FIPS options
+
+On RHEL, FIPS should be configured only on system level.
+Additionally, the related options may cause segfault when used on RHEL.
+
+This patch causes the option processing to end sooner
+than the problematic code gets executed.
+Additionally, the JS-level options to mess with FIPS settings
+are similarly disabled.
+
+Upstream report: https://github.com/nodejs/node/pull/48950
+RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726
+Customer case: https://access.redhat.com/support/cases/#/case/03711488
+---
+ lib/crypto.js             | 10 ++++++++++
+ lib/internal/errors.js    |  6 ++++++
+ src/crypto/crypto_util.cc |  2 ++
+ 3 files changed, 18 insertions(+)
+
+diff --git a/lib/crypto.js b/lib/crypto.js
+index 41adecc..b2627ac 100644
+--- a/lib/crypto.js
++++ b/lib/crypto.js
+@@ -36,6 +36,9 @@ const {
+ assertCrypto();
+
+ const {
++  // RHEL specific error
++  ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED,
++
+   ERR_CRYPTO_FIPS_FORCED,
+ } = require('internal/errors').codes;
+ const constants = internalBinding('constants').crypto;
+@@ -251,6 +254,13 @@ function getFips() {
+ }
+ 
+ function setFips(val) {
++  // in RHEL FIPS enable/disable should only be done at system level
++  if (getFips() != val) {
++    throw new ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED();
++  } else {
++    return;
++  }
++
+   if (getOptionValue('--force-fips')) {
+     if (val) return;
+     throw new ERR_CRYPTO_FIPS_FORCED();
+diff --git a/lib/internal/errors.js b/lib/internal/errors.js
+index a722360..04d8a53 100644
+--- a/lib/internal/errors.js
++++ b/lib/internal/errors.js
+@@ -1060,6 +1060,12 @@ module.exports = {
+ //
+ // Note: Node.js specific errors must begin with the prefix ERR_
+ 
++// insert RHEL specific erro
++E('ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED',
++  'Cannot set FIPS mode. FIPS should be enabled/disabled at system level. See' +
++  'https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n',
++  Error);
++
+ E('ERR_ACCESS_DENIED',
+   'Access to this API has been restricted. Permission: %s',
+   Error);
+diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
+index 5734d8f..ef9d1b1 100644
+--- a/src/crypto/crypto_util.cc
++++ b/src/crypto/crypto_util.cc
+@@ -121,6 +121,8 @@ bool ProcessFipsOptions() {
+   /* Override FIPS settings in configuration file, if needed. */
+   if (per_process::cli_options->enable_fips_crypto ||
+       per_process::cli_options->force_fips_crypto) {
++      fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n");
++      return false;
+ #if OPENSSL_VERSION_MAJOR >= 3
+     OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
+     if (fips_provider == nullptr)
+-- 
+2.43.2
+
diff --git a/nodejs.spec b/nodejs.spec
index ec382d2f1101db687a24a1185515049b9dd61afc..2cca09c1314462fa896a03a7d14340ab79d743b5 100644
--- a/nodejs.spec
+++ b/nodejs.spec
@@ -43,7 +43,7 @@
 %global nodejs_epoch 1
 %global nodejs_major 18
 %global nodejs_minor 19
-%global nodejs_patch 0
+%global nodejs_patch 1
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
 %global nodejs_soversion 108
@@ -69,7 +69,7 @@
 %global c_ares_version 1.20.1
 
 # llhttp - from deps/llhttp/include/llhttp.h
-%global llhttp_version 6.0.11
+%global llhttp_version 6.1.0
 
 # libuv - from deps/uv/include/uv/version.h
 %global libuv_major 1
@@ -133,7 +133,7 @@
 
 # npm - from deps/npm/package.json
 %global npm_epoch 1
-%global npm_version 10.2.3
+%global npm_version 10.2.4
 
 # In order to avoid needing to keep incrementing the release version for the
 # main package forever, we will just construct one for npm that is guaranteed
@@ -142,7 +142,7 @@
 %global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
 
 # Node.js 16.9.1 and later comes with an experimental package management tool
-%global corepack_version 0.10.0
+%global corepack_version 0.22.0
 
 # uvwasi - from deps/uvwasi/include/uvwasi.h
 %global uvwasi_version 0.0.19
@@ -191,13 +191,14 @@ Source101: cjs-module-lexer-1.2.2.tar.gz
 Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-11.0-linux.tar.gz
 
 # Version: jq '.version' deps/undici/src/package.json
-# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.26.4.tar.gz
-# Adjustments: rm -f undici-5.26.4/lib/llhttp/llhttp*.wasm
+# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.28.3.tar.gz
+# Adjustments: rm -f undici-5.28.3/lib/llhttp/llhttp*.wasm
 # Build uses alpine image, see alpine for sources for wasi-sdk
-Source111: undici-5.26.4.tar.gz
+Source111: undici-5.28.3.tar.gz
 
 # Disable running gyp on bundled deps we don't use
 Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
+Patch3: nodejs-fips-disable-options.patch
 
 BuildRequires: make
 BuildRequires: python3-devel
@@ -732,10 +733,15 @@ end
 
 
 %changelog
-* Wed Feb 21 2024 Bo Liu <liubo03@inspur.com> - 1:18.19.0-1.0.1
+* Mon Apr 01 2024 Bo Liu <liubo03@inspur.com> - 1:18.19.1-1.0.1
 - Fixes CVE-2022-25883
 - update requires and recommands (wb-zh951434@alibaba-inc.com)
 
+* Wed Feb 21 2024 Lukas Javorsky <ljavorsk@redhat.com> - 1:18.19.1-1
+- Rebase to version 18.19.1
+- Fix FIPS handling of the cmd-line options (RHBZ#2226726)
+- Resolves: RHEL-26691 RHEL-26016 RHEL-26648
+
 * Fri Jan 19 2024 Lukas Javorsky <ljavorsk@redhat.com> - 1:18.19.0-1
 - Rebase to version 18.19.0
 - Resolves: RHEL-21439