Given the timing of commits & severity of the warning, I would bet Node.js vulnerability fix is this patch.

Given the timing of commits & severity of the warning, I would bet Node.js vulnerability fix is this patch.