Skip to content

chore(deps): bump node-polyfill-webpack-plugin from ^3.0.0 to v4 (main)#12762

Open
renovate[bot] wants to merge 2 commits into
mainfrom
renovate/main-node-polyfill-webpack-plugin-4.x
Open

chore(deps): bump node-polyfill-webpack-plugin from ^3.0.0 to v4 (main)#12762
renovate[bot] wants to merge 2 commits into
mainfrom
renovate/main-node-polyfill-webpack-plugin-4.x

Conversation

@renovate

@renovate renovate Bot commented Apr 16, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
node-polyfill-webpack-plugin ^3.0.0^4.1.0 age confidence

Release Notes

Richienb/node-polyfill-webpack-plugin (node-polyfill-webpack-plugin)

v4.1.0

Compare Source

  • Improve process support 873bac2
  • Add timers/promises, and improve process, querystring and url 399f2ec

v4.0.0

Compare Source

  • Update dependencies 4d26fb0
  • Add fs null fallback (#​45) 010fc94
  • Stop polyfilling console, domain, process, and internal stream modules by default 08f793b
  • Rename includeAliases to additionalAliases 08f793b
  • Allow ignoring the defaults with onlyAliases 08f793b

Configuration

📅 Schedule: (in timezone Europe/Vienna)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, on day 1 of the month (* 0-3 1 * *)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Summary by CodeRabbit

  • Chores
    • Updated a build-time dependency to improve compatibility and maintainability.

@renovate
renovate Bot requested a review from ChristophWurst as a code owner April 16, 2026 09:26
@renovate
renovate Bot requested a review from ChristophWurst April 16, 2026 09:26
@renovate
renovate Bot requested a review from GretaD as a code owner April 16, 2026 09:26
@renovate
renovate Bot requested a review from kesselb as a code owner April 16, 2026 09:26
@renovate
renovate Bot requested a review from GretaD April 16, 2026 09:26
@renovate
renovate Bot force-pushed the renovate/main-node-polyfill-webpack-plugin-4.x branch 5 times, most recently from bb62db7 to e26d968 Compare May 5, 2026 08:27
@renovate
renovate Bot force-pushed the renovate/main-node-polyfill-webpack-plugin-4.x branch 2 times, most recently from 2501ec1 to 2fa245a Compare May 18, 2026 09:52
@renovate renovate Bot changed the title chore(deps): bump node-polyfill-webpack-plugin from 3.0.0 to v4 (main) chore(deps): bump node-polyfill-webpack-plugin from ^3.0.0 to v4 (main) May 20, 2026
@renovate
renovate Bot force-pushed the renovate/main-node-polyfill-webpack-plugin-4.x branch 2 times, most recently from c2213d3 to 91d7db2 Compare June 1, 2026 14:09
@renovate
renovate Bot force-pushed the renovate/main-node-polyfill-webpack-plugin-4.x branch from 91d7db2 to c7c45c9 Compare June 11, 2026 10:16
@renovate
renovate Bot force-pushed the renovate/main-node-polyfill-webpack-plugin-4.x branch from c7c45c9 to a6b0d18 Compare July 12, 2026 15:13
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate
renovate Bot force-pushed the renovate/main-node-polyfill-webpack-plugin-4.x branch from a6b0d18 to 4bb29fd Compare July 16, 2026 14:30
@ChristophWurst

Copy link
Copy Markdown
Member

@coderabbitai review and explain the CI failure "Module not found: Error: Can't resolve '/tmp/krankerl.EYBEGK6plpba/mail/node_modules/node-stdlib-browser/node_modules/buffer' in '/tmp/krankerl.EYBEGK6plpba/mail/node_modules/html-to-text/node_modules/entities/dist/esm/internal'"

@coderabbitai

coderabbitai Bot commented Jul 16, 2026

Copy link
Copy Markdown
🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo '== PR diff and changed files =='
git diff --name-status HEAD^ HEAD
git diff -- package.json package-lock.json 2>/dev/null || true

echo '== Package manifests and relevant lockfile entries =='
fd -a -t f '^(package(-lock)?\.json|webpack\..*|.*webpack.*\.(js|cjs|mjs|ts))$' . \
  -E node_modules -E .git \
  -x sh -c 'echo "--- $1"; rg -n -C3 '"'"'node-polyfill-webpack-plugin|node-stdlib-browser|"buffer"|html-to-text|entities|NodePolyfillPlugin'"'"' "$1" || true' sh {} \;

echo '== Webpack/plugin usage across repository =='
rg -n -C5 --glob '!node_modules/**' --glob '!package-lock.json' \
  'NodePolyfillPlugin|node-polyfill-webpack-plugin|resolve\.fallback|fallback\s*:' .

echo '== Effective installed lockfile dependency records =='
node -e '
const p=require("./package-lock.json");
for (const [path, pkg] of Object.entries(p.packages || {})) {
  if (/(node-polyfill-webpack-plugin|node-stdlib-browser|(^|\/)buffer$|html-to-text|(^|\/)entities$)/.test(path)) {
    console.log(path, JSON.stringify({version:pkg.version, resolved:pkg.resolved, dependencies:pkg.dependencies}, null, 2));
  }
}
'

echo '== GitHub PR checks and failed workflow metadata =='
gh pr checks 12762 --repo nextcloud/mail --json name,state,workflow,link,completedAt,startedAt 2>&1 || true
gh pr view 12762 --repo nextcloud/mail --json commits,statusCheckRollup,files 2>&1 || true

Length of output: 45892


🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo '== Failed GitHub Actions job logs =='
for run in 29506901520 29506901502; do
  echo "--- workflow run $run (failed steps)"
  gh run view "$run" --repo nextcloud/mail --log-failed 2>&1 || true
done

echo '== webpack.common.js relevant configuration =='
cat -n webpack.common.js | sed -n '1,130p'

echo '== Exact dependency upgrade diff =='
git diff HEAD^ HEAD -- package.json package-lock.json | sed -n '1,320p'

echo '== Workflow/package scripts referencing packaging or webpack =='
rg -n -C4 --glob '!node_modules/**' \
  '(npm (ci|install|run)|webpack|build|krankerl|tarball|package)' \
  package.json .github 2>/dev/null || true

echo '== node-polyfill-webpack-plugin v4 source/metadata via npm registry =='
curl -fsSL https://registry.npmjs.org/node-polyfill-webpack-plugin/4.1.0 \
  | jq '{version, dependencies, dist: .dist.tarball, engines}' || true
curl -fsSL https://registry.npmjs.org/node-polyfill-webpack-plugin/-/node-polyfill-webpack-plugin-4.1.0.tgz \
  | tar -xzO package/index.js 2>/dev/null || true

Length of output: 201585


🏁 Script executed:

#!/bin/bash
set -euo pipefail

for version in 3.0.0 4.1.0; do
  echo "== node-polyfill-webpack-plugin@$version index.js =="
  curl -fsSL "https://registry.npmjs.org/node-polyfill-webpack-plugin/-/node-polyfill-webpack-plugin-$version.tgz" \
    | tar -xzO package/index.js 2>/dev/null \
    | rg -n -C3 'buffer|fallback|defaultPolyfills|stdLib' || true
done

echo '== node-stdlib-browser@1.3.1 buffer mapping =='
curl -fsSL https://registry.npmjs.org/node-stdlib-browser/-/node-stdlib-browser-1.3.1.tgz \
  | tar -xzO package/index.js 2>/dev/null \
  | rg -n -C3 'buffer' || true

echo '== Package entrypoint metadata for buffer@5.7.1 =='
curl -fsSL https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz \
  | tar -xzO package/package.json 2>/dev/null \
  | jq '{main, module, exports, type}' || true

Length of output: 2222


@ChristophWurst I reviewed the failure. This PR should not be merged as-is.

Root cause

node-polyfill-webpack-plugin@3.0.0 configured its buffer fallback with:

require.resolve('buffer/')

That resolves to the fully specified buffer/index.js entry point, which works for both CommonJS and strict ESM importers.

In node-polyfill-webpack-plugin@4.1.0, the plugin now obtains the alias from node-stdlib-browser:

buffer: stdLibBrowser.buffer

In this install, that becomes the absolute directory:

.../node_modules/node-stdlib-browser/node_modules/buffer

rather than .../buffer/index.js.

Webpack is trying to bundle strict ESM dependencies. Strict ESM requires fully specified paths, so it refuses to infer index.js for that absolute directory alias. The package is present in the lockfile; this is not a failed or incomplete npm ci installation.

Why html-to-text appears in the error

html-to-text’s nested entities@7 is one consumer that imports buffer, but it is not the underlying issue. The same alias fails for multiple ESM dependencies:

  • @nextcloud/files
  • axios
  • es-toolkit
  • entities via html-to-text
  • js-base64

That is why both the release-package build and front-end E2E setup fail during webpack compilation.

Recommended resolution

Keep node-polyfill-webpack-plugin on v3 until the v4 package provides a fully specified buffer fallback, or until this project explicitly overrides both the buffer fallback and Buffer provider with a resolved buffer/index.js entry point. The latter requires configuration work and an explicit direct buffer dependency, so it is outside the scope of this Renovate-only bump.

The front-end unit job passing does not invalidate this: it runs Vitest and does not execute the production webpack build that encounters strict ESM modules.

🐇🔎

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai

coderabbitai Bot commented Jul 16, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 2bba5430-d8cd-45a2-ad8d-ee63e709d3f3

📥 Commits

Reviewing files that changed from the base of the PR and between 7bad439 and 4bb29fd.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (1)
  • package.json

📝 Walkthrough

Walkthrough

The development dependency node-polyfill-webpack-plugin is upgraded from ^3.0.0 to ^4.1.0 in package.json.

Changes

Webpack polyfill dependency

Layer / File(s) Summary
Update polyfill dependency
package.json
Upgrades node-polyfill-webpack-plugin from ^3.0.0 to ^4.1.0 in devDependencies.

Estimated code review effort: 1 (Trivial) | ~2 minutes

Suggested reviewers: gretad, kesselb, christophwurst

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the dependency bump of node-polyfill-webpack-plugin to v4.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch renovate/main-node-polyfill-webpack-plugin-4.x

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

node-polyfill-webpack-plugin v4 sources polyfills from node-stdlib-browser,
whose .mjs modules import bare specifiers webpack rejects as fully specified.

Assisted-by: Claude:claude-opus-4-8
Signed-off-by: Christoph Wurst <1374172+ChristophWurst@users.noreply.github.com>
@renovate

renovate Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor Author

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@ChristophWurst

Copy link
Copy Markdown
Member

@GretaD ready for another review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants