Given the fact that long.js is used by 1m+, hard switch to ESM is ... well ... weird
Yes, those projects can pin version to 4.0, but that means that overall package updates (e.g. npm update --depth 1) to fix security vulnerabilities in less maintained projects breaks everything (which i've just experienced)

And asking 1m+ users to update their code is not realistic

Btw, official NodeJS roadmap places Stability as top-most priority:

Stability Policy
The most important consideration in every code change is the impact it will have, positive or negative, on the ecosystem (modules and applications).