diff --git a/.gitignore b/.gitignore
index 4fff4ab..f08f858 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/node-v10.16.3-stripped.tar.gz
+SOURCES/node-v10.19.0-stripped.tar.gz
diff --git a/.rh-nodejs10-nodejs.metadata b/.rh-nodejs10-nodejs.metadata
index b84c956..a9b3bd8 100644
--- a/.rh-nodejs10-nodejs.metadata
+++ b/.rh-nodejs10-nodejs.metadata
@@ -1 +1 @@
-062d8a0b0eb924216765d3e6ea66a9250e1afb44 SOURCES/node-v10.16.3-stripped.tar.gz
+a0209beeeec9c294d27b23bbfd72a517c2f5f92d SOURCES/node-v10.19.0-stripped.tar.gz
diff --git a/SOURCES/0001-Remove-or-backport-OpenSSL-features.patch b/SOURCES/0001-Remove-or-backport-OpenSSL-features.patch
index e66edb5..f5128e1 100644
--- a/SOURCES/0001-Remove-or-backport-OpenSSL-features.patch
+++ b/SOURCES/0001-Remove-or-backport-OpenSSL-features.patch
@@ -1,22 +1,25 @@
-From 3b512b3127b2ad733460d30bf8def2b5553bc648 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Thu, 29 Aug 2019 14:28:57 +0200
+From 5339ee05263adf652a9a5d3d9c05ca6d9b423d7e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= <jstanek@redhat.com>
+Date: Tue, 11 Feb 2020 15:04:42 +0100
 Subject: [PATCH] Remove or backport OpenSSL features
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
 
-Signed-off-by: rpm-build <rpm-build>
+Signed-off-by: Jan Staněk <jstanek@redhat.com>
 ---
  src/node_constants.cc                         |  12 +-
  src/node_crypto.cc                            | 268 ++++++++++++++++--
- src/node_crypto.h                             |  22 ++
+ src/node_crypto.h                             |  29 ++
  test/parallel/test-crypto-authenticated.js    |   4 +-
  test/parallel/test-crypto-keygen.js           |   8 +-
  test/parallel/test-crypto-pbkdf2.js           |  18 --
  .../test-tls-client-getephemeralkeyinfo.js    |   1 -
  test/parallel/test-tls-passphrase.js          |   2 +-
- 8 files changed, 291 insertions(+), 44 deletions(-)
+ 8 files changed, 298 insertions(+), 44 deletions(-)
 
 diff --git a/src/node_constants.cc b/src/node_constants.cc
-index 9cd50fe..65f3159 100644
+index 9cd50fe4e9..65f3159d95 100644
 --- a/src/node_constants.cc
 +++ b/src/node_constants.cc
 @@ -951,8 +951,12 @@ void DefineOpenSSLConstants(Local<Object> target) {
@@ -46,7 +49,7 @@ index 9cd50fe..65f3159 100644
      NODE_DEFINE_CONSTANT(target, ENGINE_METHOD_PKEY_METHS);
  # endif
 diff --git a/src/node_crypto.cc b/src/node_crypto.cc
-index 1d9214f..17c6d77 100644
+index f04794e309..ff7bc42d60 100644
 --- a/src/node_crypto.cc
 +++ b/src/node_crypto.cc
 @@ -109,6 +109,137 @@ struct OpenSSLBufferDeleter {
@@ -418,7 +421,7 @@ index 1d9214f..17c6d77 100644
    Base* w = static_cast<Base*>(SSL_get_app_data(s));
  
    *copy = 0;
-@@ -2094,6 +2302,7 @@ void SSLWrap<Base>::GetEphemeralKeyInfo(
+@@ -2097,6 +2305,7 @@ void SSLWrap<Base>::GetEphemeralKeyInfo(
                    Integer::New(env->isolate(), EVP_PKEY_bits(key))).FromJust();
          break;
        case EVP_PKEY_EC:
@@ -426,7 +429,7 @@ index 1d9214f..17c6d77 100644
        // TODO(shigeki) Change this to EVP_PKEY_X25519 and add EVP_PKEY_X448
        // after upgrading to 1.1.1.
        case NID_X25519:
-@@ -2114,9 +2323,24 @@ void SSLWrap<Base>::GetEphemeralKeyInfo(
+@@ -2117,9 +2326,24 @@ void SSLWrap<Base>::GetEphemeralKeyInfo(
                                    curve_name)).FromJust();
            info->Set(context, env->size_string(),
                      Integer::New(env->isolate(),
@@ -452,7 +455,7 @@ index 1d9214f..17c6d77 100644
      }
      EVP_PKEY_free(key);
    }
-@@ -2776,10 +3000,10 @@ bool CipherBase::InitAuthenticated(const char* cipher_type, int iv_len,
+@@ -2787,10 +3011,10 @@ bool CipherBase::InitAuthenticated(const char* cipher_type, int iv_len,
    CHECK(IsAuthenticatedMode());
    MarkPopErrorOnReturn mark_pop_error_on_return;
  
@@ -467,7 +470,7 @@ index 1d9214f..17c6d77 100644
      env()->ThrowError("Invalid IV length");
      return false;
    }
-@@ -2910,6 +3134,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) {
+@@ -2918,6 +3142,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) {
            "Valid GCM tag lengths are 4, 8, 12, 13, 14, 15, 16.", tag_len);
        ProcessEmitDeprecationWarning(cipher->env(), msg, "DEP0090");
      }
@@ -475,7 +478,7 @@ index 1d9214f..17c6d77 100644
    } else if (mode == EVP_CIPH_OCB_MODE) {
      // At this point, the tag length is already known and must match the
      // length of the given authentication tag.
-@@ -2921,6 +3146,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) {
+@@ -2929,6 +3154,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) {
            "Invalid authentication tag length: %u", tag_len);
        return cipher->env()->ThrowError(msg);
      }
@@ -483,7 +486,7 @@ index 1d9214f..17c6d77 100644
    }
  
    // Note: we don't use std::min() here to work around a header conflict.
-@@ -3140,8 +3366,10 @@ bool CipherBase::Final(unsigned char** out, int* out_len) {
+@@ -3148,8 +3374,10 @@ bool CipherBase::Final(unsigned char** out, int* out_len) {
          CHECK(mode == EVP_CIPH_GCM_MODE);
          auth_tag_len_ = sizeof(auth_tag_);
        }
@@ -496,7 +499,7 @@ index 1d9214f..17c6d77 100644
                        reinterpret_cast<unsigned char*>(auth_tag_)));
      }
    }
-@@ -3417,12 +3645,14 @@ void Hash::HashDigest(const FunctionCallbackInfo<Value>& args) {
+@@ -3425,12 +3653,14 @@ void Hash::HashDigest(const FunctionCallbackInfo<Value>& args) {
  
  SignBase::Error SignBase::Init(const char* sign_type) {
    CHECK_NULL(mdctx_);
@@ -511,7 +514,7 @@ index 1d9214f..17c6d77 100644
    const EVP_MD* md = EVP_get_digestbyname(sign_type);
    if (md == nullptr)
      return kSignUnknownDigest;
-@@ -5587,6 +5817,12 @@ void InitCryptoOnce() {
+@@ -5597,6 +5827,12 @@ void InitCryptoOnce() {
    SSL_library_init();
    OpenSSL_add_all_algorithms();
  
@@ -525,7 +528,7 @@ index 1d9214f..17c6d77 100644
    /* Override FIPS settings in cnf file, if needed. */
    unsigned long err = 0;  // NOLINT(runtime/int)
 diff --git a/src/node_crypto.h b/src/node_crypto.h
-index b64a8c2..2e6042f 100644
+index e3627d4761..18499343a7 100644
 --- a/src/node_crypto.h
 +++ b/src/node_crypto.h
 @@ -44,8 +44,10 @@
@@ -539,7 +542,7 @@ index b64a8c2..2e6042f 100644
  #include <openssl/pem.h>
  #include <openssl/x509.h>
  #include <openssl/x509v3.h>
-@@ -53,6 +55,26 @@
+@@ -53,6 +55,33 @@
  #include <openssl/rand.h>
  #include <openssl/pkcs12.h>
  
@@ -552,6 +555,13 @@ index b64a8c2..2e6042f 100644
 +
 +#define OPENSSL_EC_EXPLICIT_CURVE 0x0
 +
++#define NID_rsassaPss 912
++#define NID_chacha20_poly1305 1018
++#define NID_X25519 1034
++#define NID_X448 1035
++#define NID_ED25519 1087
++#define NID_ED448 1088
++
 +inline void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX* ctx) { EVP_CIPHER_CTX_cleanup(ctx); }
 +inline void HMAC_CTX_free(HMAC_CTX* ctx) { if (ctx == nullptr) { return; } HMAC_CTX_cleanup(ctx); free(ctx); }
 +inline void OPENSSL_clear_free(void* ptr, size_t len) { OPENSSL_cleanse(ptr, len); OPENSSL_free(ptr); }
@@ -567,10 +577,10 @@ index b64a8c2..2e6042f 100644
  namespace crypto {
  
 diff --git a/test/parallel/test-crypto-authenticated.js b/test/parallel/test-crypto-authenticated.js
-index dc19a7b..5e94d41 100644
+index 14235de7f6..cf51a9d9ec 100644
 --- a/test/parallel/test-crypto-authenticated.js
 +++ b/test/parallel/test-crypto-authenticated.js
-@@ -425,7 +425,7 @@ for (const test of TEST_CASES) {
+@@ -426,7 +426,7 @@ for (const test of TEST_CASES) {
  // Test that create(De|C)ipher(iv)? throws if the mode is CCM or OCB and no
  // authentication tag has been specified.
  {
@@ -579,7 +589,7 @@ index dc19a7b..5e94d41 100644
      assert.throws(() => {
        crypto.createCipheriv(`aes-256-${mode}`,
                              'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8',
-@@ -585,7 +585,7 @@ for (const test of TEST_CASES) {
+@@ -586,7 +586,7 @@ for (const test of TEST_CASES) {
    const key = Buffer.from('0123456789abcdef', 'utf8');
    const iv = Buffer.from('0123456789ab', 'utf8');
  
@@ -589,7 +599,7 @@ index dc19a7b..5e94d41 100644
        const cipher = crypto.createCipheriv(`aes-128-${mode}`, key, iv, {
          authTagLength
 diff --git a/test/parallel/test-crypto-keygen.js b/test/parallel/test-crypto-keygen.js
-index 0ffaa1c..7c567f3 100644
+index f164938d97..0b10a2ca56 100644
 --- a/test/parallel/test-crypto-keygen.js
 +++ b/test/parallel/test-crypto-keygen.js
 @@ -171,7 +171,7 @@ function convertDERToPEM(label, der) {
@@ -629,7 +639,7 @@ index 0ffaa1c..7c567f3 100644
      testSignVerify(publicKey, {
        key: privateKey,
 diff --git a/test/parallel/test-crypto-pbkdf2.js b/test/parallel/test-crypto-pbkdf2.js
-index 0f5d461..8701d10 100644
+index 0f5d4618ea..8701d10908 100644
 --- a/test/parallel/test-crypto-pbkdf2.js
 +++ b/test/parallel/test-crypto-pbkdf2.js
 @@ -216,21 +216,3 @@ crypto.pbkdf2Sync(new Float32Array(10), 'salt', 8, 8, 'sha256');
@@ -655,7 +665,7 @@ index 0f5d461..8701d10 100644
 -  }
 -);
 diff --git a/test/parallel/test-tls-client-getephemeralkeyinfo.js b/test/parallel/test-tls-client-getephemeralkeyinfo.js
-index a5db18a..277d36c 100644
+index a5db18a565..277d36c079 100644
 --- a/test/parallel/test-tls-client-getephemeralkeyinfo.js
 +++ b/test/parallel/test-tls-client-getephemeralkeyinfo.js
 @@ -55,4 +55,3 @@ test(1024, 'DH', undefined, 'DHE-RSA-AES128-GCM-SHA256');
@@ -664,7 +674,7 @@ index a5db18a..277d36c 100644
  test(521, 'ECDH', 'secp521r1', 'ECDHE-RSA-AES128-GCM-SHA256');
 -test(253, 'ECDH', 'X25519', 'ECDHE-RSA-AES128-GCM-SHA256');
 diff --git a/test/parallel/test-tls-passphrase.js b/test/parallel/test-tls-passphrase.js
-index 6ed19c7..b183309 100644
+index 6ed19c74d2..b183309af7 100644
 --- a/test/parallel/test-tls-passphrase.js
 +++ b/test/parallel/test-tls-passphrase.js
 @@ -221,7 +221,7 @@ server.listen(0, common.mustCall(function() {
@@ -677,5 +687,5 @@ index 6ed19c7..b183309 100644
  // Missing passphrase
  assert.throws(function() {
 -- 
-2.21.0
+2.24.1
 
diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec
index d7e5537..80e05f2 100644
--- a/SPECS/nodejs.spec
+++ b/SPECS/nodejs.spec
@@ -19,11 +19,11 @@
 # feature releases that are only supported for nine months, which is shorter
 # than a Fedora release lifecycle.
 %global nodejs_major 10
-%global nodejs_minor 16
-%global nodejs_patch 3
+%global nodejs_minor 19
+%global nodejs_patch 0
 %global nodejs_abi %{nodejs_major}.%{nodejs_minor}
 %global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}
-%global nodejs_release 4
+%global nodejs_release 1
 
 # == Bundled Dependency Versions ==
 # v8 - from deps/v8/include/v8-version.h
@@ -43,8 +43,8 @@
 
 # http-parser - from deps/http_parser/http_parser.h
 %global http_parser_major 2
-%global http_parser_minor 8
-%global http_parser_patch 0
+%global http_parser_minor 9
+%global http_parser_patch 3
 %global http_parser_version %{http_parser_major}.%{http_parser_minor}.%{http_parser_patch}
 
 # libuv - from deps/uv/include/uv/version.h
@@ -63,8 +63,8 @@
 
 # npm - from deps/npm/package.json
 %global npm_major 6
-%global npm_minor 9
-%global npm_patch 0
+%global npm_minor 13
+%global npm_patch 4
 %global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}
 
 # zlib version - from deps/zlib/CMakeLists.txt
@@ -344,14 +344,11 @@ cp -pr deps/npm/man/* %{buildroot}%{_mandir}/
 rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/man
 ln -sf %{_mandir}  %{buildroot}%{_prefix}/lib/node_modules/npm/man
 
-# Install Markdown and HTML documentation to %{_pkgdocdir}
-cp -pr deps/npm/html deps/npm/doc %{buildroot}%{_pkgdocdir}/npm/
-rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/html \
-       %{buildroot}%{_prefix}/lib/node_modules/npm/doc
-
-ln -sf %{_pkgdocdir} %{buildroot}%{_prefix}/lib/node_modules/npm/html
-ln -sf %{_pkgdocdir}/npm/html %{buildroot}%{_prefix}/lib/node_modules/npm/doc
+# Install Gatsby HTML documentation to %{_pkgdocdir}
+cp -pr deps/npm/docs %{buildroot}%{_pkgdocdir}/npm/
+rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/docs
 
+ln -sf %{_pkgdocdir}/npm %{buildroot}%{_prefix}/lib/node_modules/npm/docs
 
 %check
 %{?scl:scl enable %{scl} devtoolset-7 - << \EOF}
@@ -424,23 +421,36 @@ python2 tools/test.py "${RUN_SUITES[@]}"
 %{_prefix}/lib/node_modules/npm
 %ghost %{_sysconfdir}/npmrc
 %ghost %{_sysconfdir}/npmignore
-%doc %{_mandir}/man*/npm*
-%doc %{_mandir}/man*/npx*
-%doc %{_mandir}/man5/package.json.5*
-%doc %{_mandir}/man5/package-lock.json.5*
-%doc %{_mandir}/man7/removing-npm.7*
+%doc %{_mandir}/man1/npm*.1*
+%doc %{_mandir}/man1/npx.1*
+%doc %{_mandir}/man5/folders.5*
+%doc %{_mandir}/man5/install.5*
+%doc %{_mandir}/man5/npmrc.5*
+%doc %{_mandir}/man5/package-json.5*
+%doc %{_mandir}/man5/package-lock-json.5*
+%doc %{_mandir}/man5/package-locks.5*
+%doc %{_mandir}/man5/shrinkwrap-json.5*
+%doc %{_mandir}/man7/config.7*
+%doc %{_mandir}/man7/developers.7*
+%doc %{_mandir}/man7/disputes.7*
+%doc %{_mandir}/man7/orgs.7*
+%doc %{_mandir}/man7/registry.7*
+%doc %{_mandir}/man7/removal.7*
+%doc %{_mandir}/man7/scope.7*
+%doc %{_mandir}/man7/scripts.7*
 %doc %{_mandir}/man7/semver.7*
 
 
 %files docs
 %dir %{_pkgdocdir}
 %{_pkgdocdir}/html
-%{_pkgdocdir}/npm
-%{_pkgdocdir}/npm/html
-%{_pkgdocdir}/npm/doc
+%{_pkgdocdir}/npm/docs
 
 
 %changelog
+* Tue Feb 11 2020 Jan Staněk <jstanek@redhat.com> - 10.19.0-1
+- Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606
+
 * Thu Oct 10 2019 Honza Horak <hhorak@redhat.com> - 10.16.3-4
 - Revert the statx() addition into libuv
   Resolves: #1759152
@@ -453,7 +463,7 @@ python2 tools/test.py "${RUN_SUITES[@]}"
 
 * Thu Aug 29 2019 Jan Staněk <jstanek@redhat.com> - 10.16.3-1
 - Rebase to version 10.16.3
-- Resolves: rhbz#1744307 rhbz#1744593 rhbz#1744732 rhbz#1744745 rhbz#1744773 rhbz#1744807 rhbz#1745090 rhbz#1745160
+- Resolves: rhbz#1744308 rhbz#1744594 rhbz#1744733 rhbz#1744746 rhbz#1744774 rhbz#1744808 rhbz#1745091 rhbz#1745161
 
 * Thu Apr 04 2019 Jan Staněk <jstanek@redhat.com> - 10.10.0-3
 - Rebuild with bundled zlib