diff --git a/.gitignore b/.gitignore
index 0e81494..08911b0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/nodemon-v2.0.3-bundled.tar.gz
+SOURCES/nodemon-v2.0.19-bundled.tar.gz
diff --git a/.nodejs-nodemon.metadata b/.nodejs-nodemon.metadata
index 46040d6..b84843f 100644
--- a/.nodejs-nodemon.metadata
+++ b/.nodejs-nodemon.metadata
@@ -1 +1 @@
-0a3a06781d104ab1082519452e2e15572b669788 SOURCES/nodemon-v2.0.3-bundled.tar.gz
+0ec238b5ca5f1798f1787f4c6365142f66242d7c SOURCES/nodemon-v2.0.19-bundled.tar.gz
diff --git a/SPECS/nodejs-nodemon.spec b/SPECS/nodejs-nodemon.spec
index 9505ce4..e0f24aa 100644
--- a/SPECS/nodejs-nodemon.spec
+++ b/SPECS/nodejs-nodemon.spec
@@ -5,8 +5,8 @@
 %global enable_tests 0
 
 Name:          nodejs-%{npm_name}
-Version:       2.0.3
-Release:       6%{?dist}
+Version:       2.0.19
+Release:       1%{?dist}
 Summary:       Simple monitor script for use during development of a node.js app
 License:       MIT
 URL:           https://github.com/remy/nodemon
@@ -24,18 +24,18 @@ Simple monitor script for use during development of a node.js app.
 
 For use during development of a node.js based application.
 
-nodemon will watch the files in the directory in which nodemon 
-was started, and if any files change, nodemon will automatically 
+nodemon will watch the files in the directory in which nodemon
+was started, and if any files change, nodemon will automatically
 restart your node application.
 
-nodemon does not require any changes to your code or method of 
-development. nodemon simply wraps your node application and keeps 
-an eye on any files that have changed. Remember that nodemon is a 
-replacement wrapper for node, think of it as replacing the word "node" 
+nodemon does not require any changes to your code or method of
+development. nodemon simply wraps your node application and keeps
+an eye on any files that have changed. Remember that nodemon is a
+replacement wrapper for node, think of it as replacing the word "node"
 on the command line when you run your script.
 
 %prep
-%setup -q -n %{npm_name}-%{version}
+%autosetup -n %{npm_name}-%{version}
 
 %build
 
@@ -64,6 +64,10 @@ npm run test
 %{_bindir}/nodemon
 
 %changelog
+* Wed Aug 31 2022 Jan Staněk <jstanek@redhat.com> - 2.0.3-6
+- Rebase to 2.0.19
+  Resolves: CVE-2022-33987 rhbz#2073156 CVE-2021-33502 CVE-2021-3807 CVE-2020-28469
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.0.3-6
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688