Skip to content

meta: bump ui-components#564

Closed
btea wants to merge 1 commit intonodejs:mainfrom
btea:meta/bump-ui-components
Closed

meta: bump ui-components#564
btea wants to merge 1 commit intonodejs:mainfrom
btea:meta/bump-ui-components

Conversation

@btea
Copy link
Contributor

@btea btea commented Jan 14, 2026

Description

continue #562 (review)

Validation

Related Issues

Check List

  • I have read the Contributing Guidelines and made commit messages that follow the guideline.
  • I have run node --run test and all tests passed.
  • I have check code formatting with node --run format & node --run lint.
  • I've covered new added functionality with unit tests if necessary.

Copilot AI review requested due to automatic review settings January 14, 2026 01:16
@btea btea requested a review from a team as a code owner January 14, 2026 01:16
@vercel
Copy link

vercel bot commented Jan 14, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
api-docs-tooling Ready Ready Preview Jan 14, 2026 1:17am

Copilot AI reviewed Jan 14, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR bumps the @node-core/ui-components package from version 1.5.3 to 1.5.4, continuing work from a previous review. This is a patch version update that includes the corresponding lockfile updates.

Changes:

  • Updated @node-core/ui-components dependency version in package.json
  • Updated npm-shrinkwrap.json with new package version and automatic peer dependency flag adjustments

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
package.json Bumped @node-core/ui-components from 1.5.3 to 1.5.4
npm-shrinkwrap.json Updated lockfile with new package version, integrity hash, and automated peer dependency flags
Files not reviewed (1)
  • npm-shrinkwrap.json: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@codecov
Copy link

codecov bot commented Jan 14, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 79.97%. Comparing base (39b2c0f) to head (a9de4a5).
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #564   +/-   ##
=======================================
  Coverage   79.97%   79.97%           
=======================================
  Files         127      127           
  Lines       12276    12276           
  Branches      866      866           
=======================================
  Hits         9818     9818           
  Misses       2455     2455           
  Partials        3        3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

avivkeller
avivkeller requested changes Jan 14, 2026
View reviewed changes
Copy link
Member

@avivkeller avivkeller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let’s wait for Dependabot

@btea
Copy link
Contributor Author

btea commented Jan 14, 2026

How long is the Dependabot update cycle?

Moreover, it seems that simply updating the component library is not enough, it appears that related logic also needs to be added.

@avivkeller
Copy link
Member

avivkeller commented Jan 14, 2026
edited
Loading

How long is the Dependabot update cycle?

2 weeks, probably, but I can trigger Dependabot earlier if needed

Moreover, it seems that simply updating the component library is not enough, it appears that related logic also needs to be added.

Noted. In my opinion, non-members shouldn't be updating dependencies, since it sets a bad precedent security-wise. wdyt @nodejs/web-infra @nodejs/security-wg

@MattIPv4
Copy link
Member

MattIPv4 commented Jan 14, 2026

Yep completely agree, and quite honestly, I'd prefer the no one is manually bumping deps, leaving it completely with Dependabot. If code changes are needed as a result of a dep bump, a member can push code changes to the Dependabot branch when it is created.

@ovflowd
Copy link
Member

ovflowd commented Jan 15, 2026

Given that, I appreciate your contributions @btea, but we won't accept a manual version bump PR at this time, thank you!

@ovflowd ovflowd closed this Jan 15, 2026
@btea btea deleted the meta/bump-ui-components branch January 15, 2026 01:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@avivkeller avivkeller avivkeller requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@btea @avivkeller @MattIPv4 @ovflowd