diff --git a/.gitignore b/.gitignore
index 86e0b6d..8ece6ed 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
 SOURCES/icu4c-67_1-src.tgz
-SOURCES/node-v14.15.4-stripped.tar.gz
+SOURCES/node-v14.16.0-stripped.tar.gz
diff --git a/.nodejs.metadata b/.nodejs.metadata
index 24b324b..7290645 100644
--- a/.nodejs.metadata
+++ b/.nodejs.metadata
@@ -1,2 +1,2 @@
 6822a4a94324d1ba591b3e8ef084e4491af253c1 SOURCES/icu4c-67_1-src.tgz
-5defcd39ec57a7d529ae6343b9022f2c0e5e6e5f SOURCES/node-v14.15.4-stripped.tar.gz
+953a6d085899d3c040616a6380fd9e21d2d41003 SOURCES/node-v14.16.0-stripped.tar.gz
diff --git a/SOURCES/0005-CVE-2020-7788-ini-do-not-allow-invalid-hazardous-string.patch b/SOURCES/0005-CVE-2020-7788-ini-do-not-allow-invalid-hazardous-string.patch
deleted file mode 100644
index c2b1f3e..0000000
--- a/SOURCES/0005-CVE-2020-7788-ini-do-not-allow-invalid-hazardous-string.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-From 3ef951c3e17a56fe7bbb1b9f2c476ad55c52c287 Mon Sep 17 00:00:00 2001
-From: isaacs <i@izs.me>
-Date: Tue, 8 Dec 2020 14:21:50 -0800
-Subject: [PATCH] do not allow invalid hazardous string as section name
-
-Signed-off-by: rpm-build <rpm-build>
----
- deps/npm/node_modules/ini/ini.js        |  8 +++++
- deps/npm/node_modules/ini/test/proto.js | 45 +++++++++++++++++++++++++
- 2 files changed, 53 insertions(+)
- create mode 100644 deps/npm/node_modules/ini/test/proto.js
-
-diff --git a/deps/npm/node_modules/ini/ini.js b/deps/npm/node_modules/ini/ini.js
-index 590195d..0401258 100644
---- a/deps/npm/node_modules/ini/ini.js
-+++ b/deps/npm/node_modules/ini/ini.js
-@@ -80,6 +80,12 @@ function decode (str) {
-     if (!match) return
-     if (match[1] !== undefined) {
-       section = unsafe(match[1])
-+      if (section === '__proto__') {
-+        // not allowed
-+        // keep parsing the section, but don't attach it.
-+        p = {}
-+        return
-+      }
-       p = out[section] = out[section] || {}
-       return
-     }
-@@ -94,6 +100,7 @@ function decode (str) {
-     // Convert keys with '[]' suffix to an array
-     if (key.length > 2 && key.slice(-2) === '[]') {
-       key = key.substring(0, key.length - 2)
-+      if (key === '__proto__') return
-       if (!p[key]) {
-         p[key] = []
-       } else if (!Array.isArray(p[key])) {
-@@ -125,6 +132,7 @@ function decode (str) {
-     var l = parts.pop()
-     var nl = l.replace(/\\\./g, '.')
-     parts.forEach(function (part, _, __) {
-+      if (part === '__proto__') return
-       if (!p[part] || typeof p[part] !== 'object') p[part] = {}
-       p = p[part]
-     })
-diff --git a/deps/npm/node_modules/ini/test/proto.js b/deps/npm/node_modules/ini/test/proto.js
-new file mode 100644
-index 0000000..ab35533
---- /dev/null
-+++ b/deps/npm/node_modules/ini/test/proto.js
-@@ -0,0 +1,45 @@
-+var ini = require('../')
-+var t = require('tap')
-+
-+var data = `
-+__proto__ = quux
-+foo = baz
-+[__proto__]
-+foo = bar
-+[other]
-+foo = asdf
-+[kid.__proto__.foo]
-+foo = kid
-+[arrproto]
-+hello = snyk
-+__proto__[] = you did a good job
-+__proto__[] = so you deserve arrays
-+thanks = true
-+`
-+var res = ini.parse(data)
-+t.deepEqual(res, {
-+  foo: 'baz',
-+  other: {
-+    foo: 'asdf',
-+  },
-+  kid: {
-+    foo: {
-+      foo: 'kid',
-+    },
-+  },
-+  arrproto: {
-+    hello: 'snyk',
-+    thanks: true,
-+  },
-+})
-+t.equal(res.__proto__, Object.prototype)
-+t.equal(res.kid.__proto__, Object.prototype)
-+t.equal(res.kid.foo.__proto__, Object.prototype)
-+t.equal(res.arrproto.__proto__, Object.prototype)
-+t.equal(Object.prototype.foo, undefined)
-+t.equal(Object.prototype[0], undefined)
-+t.equal(Object.prototype['0'], undefined)
-+t.equal(Object.prototype[1], undefined)
-+t.equal(Object.prototype['1'], undefined)
-+t.equal(Array.prototype[0], undefined)
-+t.equal(Array.prototype[1], undefined)
---
-2.29.2
-
diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec
index 80e4730..3d55315 100644
--- a/SPECS/nodejs.spec
+++ b/SPECS/nodejs.spec
@@ -26,8 +26,8 @@
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
 %global nodejs_major 14
-%global nodejs_minor 15
-%global nodejs_patch 4
+%global nodejs_minor 16
+%global nodejs_patch 0
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 %if %{?with_libs} == 1
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
@@ -110,7 +110,7 @@
 %global npm_epoch 1
 %global npm_major 6
 %global npm_minor 14
-%global npm_patch 10
+%global npm_patch 11
 %global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}
 
 # uvwasi - from deps/uvwasi/include/uvwasi.h
@@ -171,9 +171,8 @@ Patch3: 0003-yarn-not-installable-on-aarch64.patch
 # CVE-2020-7774
 Patch4: 0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch
 
-# CVE-2020-7788
-Patch5: 0005-CVE-2020-7788-ini-do-not-allow-invalid-hazardous-string.patch
 
+BuildRequires: make
 BuildRequires: python3-devel
 BuildRequires: zlib-devel
 BuildRequires: brotli-devel
@@ -444,7 +443,6 @@ export LDFLAGS="%{build_ldflags}"
            --shared-brotli \
            --without-dtrace \
            --with-intl=small-icu \
-           --debug-nghttp2 \
            --openssl-use-def-ca-store
 %else
 %{__python3} configure.py --prefix=%{_prefix} \
@@ -458,7 +456,6 @@ export LDFLAGS="%{build_ldflags}"
            --with-dtrace \
            --with-intl=small-icu \
            --with-icu-default-data-dir=%{icudatadir} \
-           --debug-nghttp2 \
            --openssl-use-def-ca-store
 %endif
 %else
@@ -469,7 +466,6 @@ export LDFLAGS="%{build_ldflags}"
            --shared-brotli \
            --without-dtrace \
            --with-intl=small-icu \
-           --debug-nghttp2 \
            --openssl-use-def-ca-store
 %else
 %{__python3} configure.py --prefix=%{_prefix} \
@@ -481,7 +477,6 @@ export LDFLAGS="%{build_ldflags}"
            --with-dtrace \
            --with-intl=small-icu \
            --with-icu-default-data-dir=%{icudatadir} \
-           --debug-nghttp2 \
            --openssl-use-def-ca-store
 %endif
 %endif
@@ -546,6 +541,7 @@ for header in %{buildroot}%{_includedir}/node/libplatform %{buildroot}%{_include
     header=$(basename ${header})
     ln -s %{_includedir}/node/${header} %{buildroot}%{_includedir}/${header}
 done
+ln -s ./node/cppgc %{buildroot}%{_includedir}/cppgc
 for soname in libv8 libv8_libbase libv8_libplatform; do
     ln -s %{_libdir}/libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/${soname}.so
     ln -s %{_libdir}/libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/${soname}.so.%{v8_major}
@@ -682,7 +678,7 @@ if st and st.type == "directory" then
   end
 end
 
--- Replace the npm HTML docs directory with a symlink
+-- Replace the npm docs directory with a symlink
 -- Drop this scriptlet when F31 is EOL
 path = "%{_prefix}/lib/node_modules/npm/html"
 st = posix.stat(path)
@@ -698,7 +694,7 @@ if st and st.type == "directory" then
   end
 end
 
--- Replace the npm HTML man directory with a symlink
+-- Replace the npm man directory with a symlink
 -- Drop this scriptlet when F31 is EOL
 path = "%{_prefix}/lib/node_modules/npm/man"
 st = posix.stat(path)
@@ -786,6 +782,7 @@ end
 %files -n v8-devel
 %{_includedir}/libplatform
 %{_includedir}/v8*.h
+%{_includedir}/cppgc
 %{_libdir}/libv8.so
 %{_libdir}/libv8_libbase.so
 %{_libdir}/libv8_libplatform.so
@@ -828,6 +825,14 @@ end
 
 
 %changelog
+* Mon Mar 01 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.16.0-2
+- Resolves: RHBZ#1932427
+- remove --debug-nghttp2 option
+
+* Mon Mar 01 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.16.0-1
+- Resolves: RHBZ#1932317, RHBZ#1932425
+- Rebase, remove ini patch
+
 * Tue Jan 26 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:14.15.4-2
 - Add patch for yarn crash
 - Resolves: RHBZ#1916465