diff --git a/.gitignore b/.gitignore
index f6ecfb1..86e0b6d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
 SOURCES/icu4c-67_1-src.tgz
-SOURCES/node-v14.11.0-stripped.tar.gz
+SOURCES/node-v14.15.4-stripped.tar.gz
diff --git a/.nodejs.metadata b/.nodejs.metadata
index bd287fb..24b324b 100644
--- a/.nodejs.metadata
+++ b/.nodejs.metadata
@@ -1,2 +1,2 @@
 6822a4a94324d1ba591b3e8ef084e4491af253c1 SOURCES/icu4c-67_1-src.tgz
-b279c48dbfa71187a214c87b9bbc330049213ca9 SOURCES/node-v14.11.0-stripped.tar.gz
+5defcd39ec57a7d529ae6343b9022f2c0e5e6e5f SOURCES/node-v14.15.4-stripped.tar.gz
diff --git a/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch b/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch
index bfc879c..361ea08 100644
--- a/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch
+++ b/SOURCES/0001-Disable-running-gyp-on-shared-deps.patch
@@ -1,6 +1,6 @@
-From 65f5eb67f4691ab535cc00240a00bd33efe29969 Mon Sep 17 00:00:00 2001
+From b0b4d1ddbc720db73fb8ab13cdbbf1ce6524eebd Mon Sep 17 00:00:00 2001
 From: Zuzana Svetlikova <zsvetlik@redhat.com>
-Date: Thu, 27 Apr 2017 14:25:42 +0200
+Date: Fri, 17 Apr 2020 12:59:44 +0200
 Subject: [PATCH 1/2] Disable running gyp on shared deps
 
 ---
@@ -8,18 +8,22 @@ Subject: [PATCH 1/2] Disable running gyp on shared deps
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/Makefile b/Makefile
-index 34cdec7f7767b5152678adaeea10a8cf711fb9a8..3b548907033108831e99e054bc84d3ce91daa25c 100644
+index 93d63110ae2e3928a95d24036b86d11885ab240f..79caaec2112cefa8f6a1c947375b517e9676f176 100644
 --- a/Makefile
 +++ b/Makefile
-@@ -141,7 +141,7 @@ test-code-cache: with-code-cache
- 	echo "'test-code-cache' target is a noop"
-
+@@ -136,11 +136,11 @@ endif
+ .PHONY: test-code-cache
+ with-code-cache test-code-cache:
+ 	$(warning '$@' target is a noop)
+ 
  out/Makefile: config.gypi common.gypi node.gyp \
 -	deps/uv/uv.gyp deps/llhttp/llhttp.gyp deps/zlib/zlib.gyp \
-+	deps/uv/uv.gyp deps/llhttp/llhttp.gyp \
++	deps/llhttp/llhttp.gyp \
  	tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
  	tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
  	$(PYTHON) tools/gyp_node.py -f make
---
-2.24.1
+ 
+ # node_version.h is listed because the N-API version is taken from there
+-- 
+2.29.2
 
diff --git a/SOURCES/0003-yarn-not-installable-on-aarch64.patch b/SOURCES/0003-yarn-not-installable-on-aarch64.patch
new file mode 100644
index 0000000..dd4a3bb
--- /dev/null
+++ b/SOURCES/0003-yarn-not-installable-on-aarch64.patch
@@ -0,0 +1,92 @@
+ From d4d05ceb418c525b0d07e76b81b8694ac2f5b309 Mon Sep 17 00:00:00 2001
+From: Daniel Bevenius <daniel.bevenius@gmail.com>
+Date: Wed, 16 Sep 2020 06:12:54 +0200
+Subject: [PATCH] [deps] V8: cherry-pick 71736859756b2bd0444bdb0a87a
+
+Original commit message:
+
+   [heap] Add large_object_threshold to AllocateRaw
+
+   This commit adds a check in Heap::AllocateRaw when setting the
+   large_object variable, when the AllocationType is of type kCode, to
+   take into account the size of the CodeSpace's area size.
+
+   The motivation for this change is that without this check it is
+   possible that size_in_bytes is less than 128, and hence not considered
+   a large object, but it might be larger than the available space
+   in code_space->AreaSize(), which will cause the object to be created
+   in the CodeLargeObjectSpace. This will later cause a segmentation fault
+   when calling the following chain of functions:
+
+      if (!large_object) {
+         MemoryChunk::FromHeapObject(heap_object)
+             ->GetCodeObjectRegistry()
+             ->RegisterNewlyAllocatedCodeObject(heap_object.address());
+      }
+
+   We (Red Hat) ran into this issue when running Node.js v12.16.1 in
+   combination with yarn on aarch64 (this was the only architecture that
+   this happed on).
+
+   Bug: v8:10808
+   Change-Id: I0c396b0eb64bc4cc91d9a3be521254f3130eac7b
+   Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2390665
+   Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
+   Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
+   Cr-Commit-Position: refs/heads/master@{#69876}
+
+Refs: https://github.com/v8/v8/commit/71736859756b2bd0444bdb0a87a61a0b090cbba2
+---
+ deps/v8/src/heap/heap-inl.h            | 13 +++--
+ deps/v8/src/heap/heap.h                |  6 ++-
+ 4 files changed, 83 insertions(+), 6 deletions(-)
+
+diff --git a/deps/v8/src/heap/heap-inl.h b/deps/v8/src/heap/heap-inl.h
+index 39f5ec6c66e..b56ebc03d58 100644
+--- a/deps/v8/src/heap/heap-inl.h
++++ b/deps/v8/src/heap/heap-inl.h
+@@ -192,7 +192,12 @@ AllocationResult Heap::AllocateRaw(int size_in_bytes, AllocationType type,
+   IncrementObjectCounters();
+ #endif
+ 
+-  bool large_object = size_in_bytes > kMaxRegularHeapObjectSize;
++  size_t large_object_threshold =
++      AllocationType::kCode == type
++          ? std::min(kMaxRegularHeapObjectSize, code_space()->AreaSize())
++          : kMaxRegularHeapObjectSize;
++  bool large_object =
++      static_cast<size_t>(size_in_bytes) > large_object_threshold;
+ 
+   HeapObject object;
+   AllocationResult allocation;
+@@ -225,10 +230,10 @@ AllocationResult Heap::AllocateRaw(int size_in_bytes, AllocationType type,
+         allocation = old_space_->AllocateRaw(size_in_bytes, alignment, origin);
+       }
+     } else if (AllocationType::kCode == type) {
+-      if (size_in_bytes <= code_space()->AreaSize() && !large_object) {
+-        allocation = code_space_->AllocateRawUnaligned(size_in_bytes);
+-      } else {
++      if (large_object) {
+         allocation = code_lo_space_->AllocateRaw(size_in_bytes);
++      } else {
++        allocation = code_space_->AllocateRawUnaligned(size_in_bytes);
+       }
+     } else if (AllocationType::kMap == type) {
+       allocation = map_space_->AllocateRawUnaligned(size_in_bytes);
+diff --git a/deps/v8/src/heap/heap.h b/deps/v8/src/heap/heap.h
+index 888d174c02f..0165fa6970f 100644
+--- a/deps/v8/src/heap/heap.h
++++ b/deps/v8/src/heap/heap.h
+@@ -1404,8 +1404,10 @@ class Heap {
+   // Heap object allocation tracking. ==========================================
+   // ===========================================================================
+ 
+-  void AddHeapObjectAllocationTracker(HeapObjectAllocationTracker* tracker);
+-  void RemoveHeapObjectAllocationTracker(HeapObjectAllocationTracker* tracker);
++  V8_EXPORT_PRIVATE void AddHeapObjectAllocationTracker(
++      HeapObjectAllocationTracker* tracker);
++  V8_EXPORT_PRIVATE void RemoveHeapObjectAllocationTracker(
++      HeapObjectAllocationTracker* tracker);
+   bool has_heap_object_allocation_tracker() const {
+     return !allocation_trackers_.empty();
+   }
diff --git a/SOURCES/0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch b/SOURCES/0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch
new file mode 100644
index 0000000..88a9d75
--- /dev/null
+++ b/SOURCES/0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch
@@ -0,0 +1,13 @@
+diff --git a/deps/npm/node_modules/y18n/index.js b/deps/npm/node_modules/y18n/index.js
+index d720681628..727362aac0 100644
+--- a/deps/npm/node_modules/y18n/index.js
++++ b/deps/npm/node_modules/y18n/index.js
+@@ -11,7 +11,7 @@ function Y18N (opts) {
+   this.fallbackToLanguage = typeof opts.fallbackToLanguage === 'boolean' ? opts.fallbackToLanguage : true
+ 
+   // internal stuff.
+-  this.cache = {}
++  this.cache = Object.create(null)
+   this.writeQueue = []
+ }
+ 
diff --git a/SOURCES/0005-CVE-2020-7788-ini-do-not-allow-invalid-hazardous-string.patch b/SOURCES/0005-CVE-2020-7788-ini-do-not-allow-invalid-hazardous-string.patch
new file mode 100644
index 0000000..c2b1f3e
--- /dev/null
+++ b/SOURCES/0005-CVE-2020-7788-ini-do-not-allow-invalid-hazardous-string.patch
@@ -0,0 +1,99 @@
+From 3ef951c3e17a56fe7bbb1b9f2c476ad55c52c287 Mon Sep 17 00:00:00 2001
+From: isaacs <i@izs.me>
+Date: Tue, 8 Dec 2020 14:21:50 -0800
+Subject: [PATCH] do not allow invalid hazardous string as section name
+
+Signed-off-by: rpm-build <rpm-build>
+---
+ deps/npm/node_modules/ini/ini.js        |  8 +++++
+ deps/npm/node_modules/ini/test/proto.js | 45 +++++++++++++++++++++++++
+ 2 files changed, 53 insertions(+)
+ create mode 100644 deps/npm/node_modules/ini/test/proto.js
+
+diff --git a/deps/npm/node_modules/ini/ini.js b/deps/npm/node_modules/ini/ini.js
+index 590195d..0401258 100644
+--- a/deps/npm/node_modules/ini/ini.js
++++ b/deps/npm/node_modules/ini/ini.js
+@@ -80,6 +80,12 @@ function decode (str) {
+     if (!match) return
+     if (match[1] !== undefined) {
+       section = unsafe(match[1])
++      if (section === '__proto__') {
++        // not allowed
++        // keep parsing the section, but don't attach it.
++        p = {}
++        return
++      }
+       p = out[section] = out[section] || {}
+       return
+     }
+@@ -94,6 +100,7 @@ function decode (str) {
+     // Convert keys with '[]' suffix to an array
+     if (key.length > 2 && key.slice(-2) === '[]') {
+       key = key.substring(0, key.length - 2)
++      if (key === '__proto__') return
+       if (!p[key]) {
+         p[key] = []
+       } else if (!Array.isArray(p[key])) {
+@@ -125,6 +132,7 @@ function decode (str) {
+     var l = parts.pop()
+     var nl = l.replace(/\\\./g, '.')
+     parts.forEach(function (part, _, __) {
++      if (part === '__proto__') return
+       if (!p[part] || typeof p[part] !== 'object') p[part] = {}
+       p = p[part]
+     })
+diff --git a/deps/npm/node_modules/ini/test/proto.js b/deps/npm/node_modules/ini/test/proto.js
+new file mode 100644
+index 0000000..ab35533
+--- /dev/null
++++ b/deps/npm/node_modules/ini/test/proto.js
+@@ -0,0 +1,45 @@
++var ini = require('../')
++var t = require('tap')
++
++var data = `
++__proto__ = quux
++foo = baz
++[__proto__]
++foo = bar
++[other]
++foo = asdf
++[kid.__proto__.foo]
++foo = kid
++[arrproto]
++hello = snyk
++__proto__[] = you did a good job
++__proto__[] = so you deserve arrays
++thanks = true
++`
++var res = ini.parse(data)
++t.deepEqual(res, {
++  foo: 'baz',
++  other: {
++    foo: 'asdf',
++  },
++  kid: {
++    foo: {
++      foo: 'kid',
++    },
++  },
++  arrproto: {
++    hello: 'snyk',
++    thanks: true,
++  },
++})
++t.equal(res.__proto__, Object.prototype)
++t.equal(res.kid.__proto__, Object.prototype)
++t.equal(res.kid.foo.__proto__, Object.prototype)
++t.equal(res.arrproto.__proto__, Object.prototype)
++t.equal(Object.prototype.foo, undefined)
++t.equal(Object.prototype[0], undefined)
++t.equal(Object.prototype['0'], undefined)
++t.equal(Object.prototype[1], undefined)
++t.equal(Object.prototype['1'], undefined)
++t.equal(Array.prototype[0], undefined)
++t.equal(Array.prototype[1], undefined)
+--
+2.29.2
+
diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec
index 7d31933..80e4730 100644
--- a/SPECS/nodejs.spec
+++ b/SPECS/nodejs.spec
@@ -15,7 +15,7 @@
 # This is used by both the nodejs package and the npm subpackage thar
 # has a separate version - the name is special so that rpmdev-bumpspec
 # will bump this rather than adding .1 to the end.
-%global baserelease 1
+%global baserelease 2
 
 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
 
@@ -26,8 +26,8 @@
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
 %global nodejs_major 14
-%global nodejs_minor 11
-%global nodejs_patch 0
+%global nodejs_minor 15
+%global nodejs_patch 4
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 %if %{?with_libs} == 1
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
@@ -55,18 +55,18 @@
 # https://github.com/nodejs/node/pull/9332
 %global c_ares_major 1
 %global c_ares_minor 16
-%global c_ares_patch 0
+%global c_ares_patch 1
 %global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch}
 
 # llhttp - from deps/llhttp/include/llhttp.h
 %global llhttp_major 2
 %global llhttp_minor 1
-%global llhttp_patch 2
+%global llhttp_patch 3
 %global llhttp_version %{llhttp_major}.%{llhttp_minor}.%{llhttp_patch}
 
 # libuv - from deps/uv/include/uv/version.h
 %global libuv_major 1
-%global libuv_minor 39
+%global libuv_minor 40
 %global libuv_patch 0
 %global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch}
 
@@ -110,13 +110,13 @@
 %global npm_epoch 1
 %global npm_major 6
 %global npm_minor 14
-%global npm_patch 8
+%global npm_patch 10
 %global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}
 
 # uvwasi - from deps/uvwasi/include/uvwasi.h
 %global uvwasi_major 0
 %global uvwasi_minor 0
-%global uvwasi_patch 10
+%global uvwasi_patch 11
 %global uvwasi_version %{uvwasi_major}.%{uvwasi_minor}.%{uvwasi_patch}
 
 # histogram_c - assumed from timestamps
@@ -165,6 +165,15 @@ Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
 Patch2: 0002-Install-both-binaries-and-use-libdir.patch
 %endif
 
+# RHBZ#1915296 - yarn install crashes with nodejs:14 on aarch64 
+Patch3: 0003-yarn-not-installable-on-aarch64.patch
+
+# CVE-2020-7774
+Patch4: 0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch
+
+# CVE-2020-7788
+Patch5: 0005-CVE-2020-7788-ini-do-not-allow-invalid-hazardous-string.patch
+
 BuildRequires: python3-devel
 BuildRequires: zlib-devel
 BuildRequires: brotli-devel
@@ -819,6 +828,20 @@ end
 
 
 %changelog
+* Tue Jan 26 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.4-2
+- Add patch for yarn crash
+- Resolves: RHBZ#1916465
+
+* Tue Jan 19 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.4-1
+- Security rebase to 14.15.4
+- https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
+- Resolves: RHBZ#1916463, RHBZ#1914788
+- Resolves: RHBZ#1914785, RHBZ#1916387, RHBZ#1916389, RHBZ#1916390, RHBZ#1916690
+
+* Thu Oct 29 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.0-1
+- Update to LTS release
+- Rebase: RHBZ#1891809
+
 * Mon Sep 21 2020 Jan Staněk <jstanek@redhat.com> - 1:14.11.0-1
 - Security update to 14.11.0