Log Message:
lang/nodejs: Update to 10.9.0.

- buffer:
  - Fix out-of-bounds (OOB) write in `Buffer.write()` for UCS-2
    encoding (CVE-2018-12115)
  - Fix unintentional exposure of uninitialized memory in
    `Buffer.alloc()` (CVE-2018-7166)
- deps:
  - Upgrade to OpenSSL 1.1.0i, fixing:
    - Client DoS due to large DH parameter (CVE-2018-0732)
    - ECDSA key extraction via local side-channel (CVE not assigned)
  - Upgrade V8 from 6.7 to 6.8
    - Memory reduction and performance improvements
- http: `http.get()` and `http.request()` (and `https` variants) can
  now accept three arguments to allow for a `URL` _and_ an `options`
  object