Log Message:
Update lang/nodejs4 to 4.6.0.

- openssl: Remove support for loading dynamic third-party engine
  modules. An attacker may be able to hide malicious code to be
  inserted into Node.js at runtime by masquerading as one of the
  dynamic engine modules.
- http: CVE-2016-5325 - Properly validate for allowable characters
  in the reason argument in ServerResponse#writeHead().
- buffer: Zero-fill excess bytes in new Buffer objects created
  with Buffer.concat() while providing a totalLength parameter
  that exceeds the total length of the original Buffer objects
  being concatenated.
- tls: CVE-2016-7099 - Fix invalid wildcard certificate validation
  check whereby a TLS server may be able to serve an invalid
  wildcard certificate for its hostname due to improper validation
  of *. in the wildcard string.