Update lang/nodejs to 9.2.1.

- buffer: buffer allocated with an invalid content will now be zero
  filled (CVE-2017-15897)
- deps: openssl updated to 1.0.2n

(fhajny)