Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed devices. Security Fix(es): * brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion (CVE-2026-25547) * minimatch: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996) * minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions (CVE-2026-27904) * undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression (CVE-2026-1526) * undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter (CVE-2026-2229) * undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers (CVE-2026-1525) * undici: undici: Denial of Service via crafted WebSocket frame with large length (CVE-2026-1528) * nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135) * Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header (CVE-2026-21710) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.