Now that Node 8 has been released as the new “stable” (although not yet “LTS”) release of node, Apostrophe needs to use the latest version of the Credential module, which corrects a longstanding deprecation warning when hashing passwords. In Node 8 that warning became a fatal error; fortunately bumping up to credential 2.x has resolved it, and backwards compatibility with existing password hashes has been verified.
In addition, deferred widget loading no longer deprives us of a clear error message when an undefined widget type is encountered in a page.