Skip to content

Conversation

app-token-issuer-releng-renovate[bot]
Copy link
Contributor

This PR contains the following updates:

Package Update Change Age Confidence
node (source) minor 20.18.1 -> 20.19.5 age confidence
pnpm (source) minor 10.6.5 -> 10.18.2 age confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

nodejs/node (node)

v20.19.5: 2025-09-03, Version 20.19.5 'Iron' (LTS), @​marco-ippolito

Compare Source

Notable Changes
Commits

v20.19.4: 2025-07-15, Version 20.19.4 'Iron' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes
  • (CVE-2025-27210) Windows Device Names (CON, PRN, AUX) Bypass Path Traversal Protection in path.normalize()
Commits

v20.19.3: 2025-06-23, Version 20.19.3 'Iron' (LTS), @​marco-ippolito

Compare Source

Notable Changes
Commits

v20.19.2: 2025-05-14, Version 20.19.2 'Iron' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes
Commits

v20.19.1: 2025-04-22, Version 20.19.1 'Iron' (LTS), @​UlisesGascon prepared by @​RafaelGSS

Compare Source

Notable Changes
Commits

v20.19.0: 2025-03-13, Version 20.19.0 'Iron' (LTS), @​marco-ippolito

Compare Source

Notable Changes
require(esm) is now enabled by default

Support for loading native ES modules using require() had been available on v20.x under the command line flag --experimental-require-module, and available by default on v22.x and v23.x. In this release, it is now no longer behind a flag on v20.x.

This feature has been tested on v23.x and v22.x, and we are looking for user feedback from v20.x to make more final tweaks before fully stabilizing it.
It now no longer emits a warning unless --trace-require-module is explicitly used.
If there happens to be any regressions caused by this feature, users can report it to the Node.js issue tracker. Meanwhile this feature can also be disabled using --no-experimental-require-module as a workaround.

With this feature enabled, Node.js will no longer throw ERR_REQUIRE_ESM if require() is used to load a ES module. It can, however, throw ERR_REQUIRE_ASYNC_MODULE if the ES module being loaded or its dependencies contain top-level await. When the ES module is loaded successfully by require(), the returned object will either be a ES module namespace object similar to what's returned by import(), or what gets exported as "module.exports" in the ES module.

Users can check process.features.require_module to see whether require(esm) is enabled in the current Node.js instance. For packages, the "module-sync" exports condition can be used as a way to detect require(esm) support in the current Node.js instance and allow both require() and import to load the same native ES module. See the documentation for more details about this feature.

Contributed by Joyee Cheung in #​55085

Module syntax detection is now enabled by default

Module syntax detection (the --experimental-detect-module flag) is now
enabled by default. Use --no-experimental-detect-module to disable it if
needed.

Syntax detection attempts to run ambiguous files as CommonJS, and if the module
fails to parse as CommonJS due to ES module syntax, Node.js tries again and runs
the file as an ES module.
Ambiguous files are those with a .js or no extension, where the nearest parent
package.json has no "type" field (either "type": "module" or
"type": "commonjs").
Syntax detection should have no performance impact on CommonJS modules, but it
incurs a slight performance penalty for ES modules; add "type": "module" to
the nearest parent package.json file to eliminate the performance cost.
A use case unlocked by this feature is the ability to use ES module syntax in
extensionless scripts with no nearby package.json.

Thanks to Geoffrey Booth for making this work on #​53619.

Other Notable Changes
  • [285bb4ee14] - crypto: update root certificates to NSS 3.107 (Node.js GitHub Bot) #​56566
  • [73b5c16684] - (SEMVER-MINOR) worker: add postMessageToThread (Paolo Insogna) #​53682
  • [de313b2336] - (SEMVER-MINOR) module: only emit require(esm) warning under --trace-require-module (Joyee Cheung) #​56194
  • [4fba01911d] - (SEMVER-MINOR) process: add process.features.require_module (Joyee Cheung) #​55241
  • [df8a045afe] - (SEMVER-MINOR) module: implement the "module-sync" exports condition (Joyee Cheung) #​54648
  • [f9dc1eaef5] - (SEMVER-MINOR) module: add __esModule to require()'d ESM (Joyee Cheung) #​52166
Commits

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@app-token-issuer-releng-renovate
Copy link
Contributor Author

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants