meta: bump ui-components

[btea]

Description

continue #562 (review)

Validation

Related Issues

Check List

• I have read the Contributing Guidelines and made commit messages that follow the guideline.
• I have run node --run test and all tests passed.
• I have check code formatting with node --run format & node --run lint.
• I've covered new added functionality with unit tests if necessary.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
api-docs-tooling	Ready	Preview	Jan 14, 2026 1:17am

[Copilot]

Pull request overview

This PR bumps the @node-core/ui-components package from version 1.5.3 to 1.5.4, continuing work from a previous review. This is a patch version update that includes the corresponding lockfile updates.

Changes:

• Updated @node-core/ui-components dependency version in package.json
• Updated npm-shrinkwrap.json with new package version and automatic peer dependency flag adjustments

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
package.json	Bumped @node-core/ui-components from 1.5.3 to 1.5.4
npm-shrinkwrap.json	Updated lockfile with new package version, integrity hash, and automated peer dependency flags

Files not reviewed (1)

• npm-shrinkwrap.json: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 79.97%. Comparing base (39b2c0f) to head (a9de4a5).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #564   +/-   ##
=======================================
  Coverage   79.97%   79.97%           
=======================================
  Files         127      127           
  Lines       12276    12276           
  Branches      866      866           
=======================================
  Hits         9818     9818           
  Misses       2455     2455           
  Partials        3        3           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[avivkeller]

Let’s wait for Dependabot

[btea]

How long is the Dependabot update cycle?

Moreover, it seems that simply updating the component library is not enough, it appears that related logic also needs to be added.

[avivkeller]

How long is the Dependabot update cycle?

2 weeks, probably, but I can trigger Dependabot earlier if needed

Moreover, it seems that simply updating the component library is not enough, it appears that related logic also needs to be added.

Noted. In my opinion, non-members shouldn't be updating dependencies, since it sets a bad precedent security-wise. wdyt @nodejs/web-infra @nodejs/security-wg

[MattIPv4]

Yep completely agree, and quite honestly, I'd prefer the no one is manually bumping deps, leaving it completely with Dependabot. If code changes are needed as a result of a dep bump, a member can push code changes to the Dependabot branch when it is created.