Notable changes

This is a security release.

Vulnerabilities fixed:

• CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High).
• CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
• CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption (High).

Commits

• [c6d0bdacc4] - crypto: update root certificates (AshCripps) #33682
• [916b2824d1] - (SEMVER-MINOR) deps: update nghttp2 to 1.41.0 (James M Snell) nodejs-private/node-private#206
• [d381426377] - (SEMVER-MINOR) http2: implement support for max settings entries (James M Snell) nodejs-private/node-private#206
• [7dd8982570] - napi: fix memory corruption vulnerability (Tobias Nießen) nodejs-private/node-private#195
• [0932309af2] - tls: emit session after verifying certificate (Fedor Indutny) nodejs-private/node-private#200
• [c392d3923f] - tools: update certdata.txt (AshCripps) #33682