fix(deps): update dependency plotly.js to v2 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
plotly.js	1.58.4 → 2.25.2

GitHub Vulnerability Alerts

CVE-2023-46308

In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty.

---

Release Notes

plotly/plotly.js (plotly.js)

v2.25.2

Compare Source

Changed

• Update Croatian translations in hr locale [#​6690],
  with thanks to @​Mkranj for the contribution!

Fixed

• Fix potential prototype pollution in plot API calls [#​6703, 6704]

v2.25.1

Compare Source

Fixed

• Fix clearing legend using react (regression introduced in 2.25.0) [#​6695]

v2.25.0

Compare Source

Fixed

• Fix clearing legend using react (regression introduced in 2.25.0) [#​6695]

v2.24.3

Compare Source

Added

• Add "Equal Earth" projection to geo subplots [#​6670],
  with thanks to @​apparebit for the contribution!
• Add options to include legends for shapes and newshape [#​6653]
• Add Plotly.deleteActiveShape command [#​6679]

Fixed

• Fix contour plot colorscale domain (take account of zmin, zmax, cmin and cmax) [#​6625],
  with thanks to @​lvlte for the contribution!
• Fix text markers on non-mapbox styled maps [#​6652],
  with thanks to @​baurt for the contribution!
• Fix unhide isolated traces in multi legend cases (regression introduced in 2.24.3) [#​6684]

v2.24.2

Compare Source

Fixed

• Fix legend groups toggle (regression introduced in 2.22.0)(https://redirect.github.com/plotly/plotly.js/issues/6639)y.js/issues/6639\))
• Fix waterfall hovertemplate not showing delta on totals similar(https://redirect.github.com/plotly/plotly.js/issues/6635)y.js/issues/6635\))

v2.24.1

Compare Source

Fixed

• Fix minimal copying of arrays in minExtend function
  (regression introduced in 2.24.0)(https://redirect.github.com/plotly/plotly.js/issues/6632)y.js/issues/6632\))

v2.24.0

Compare Source

Fixed

• Fix minimal copying of arrays in minExtend function
  (regression introduced in 2.24.0)(https://redirect.github.com/plotly/plotly.js/issues/6632)y.js/issues/6632\))

v2.23.2

Compare Source

Fixed

• Fix text rendering while drawing new shapes [#​6608],
  with thanks to the Volkswagen Center of Excellence for Battery Systems for sponsoring development!

v2.23.1

Compare Source

Fixed

• Fix heatmap rendering on iOS and Safari when zsmooth is set to false [#​6605], with thanks to @​lvlte for the contribution!

v2.23.0

Compare Source

Added

• Add legend.xref and legend.yref to enable container-referenced positioning of legends [#​6589], with thanks to Gamma Technologies for sponsoring the related development.
• Add colorbar.xref and colorbar.yref to enable container-referenced positioning of colorbars [#​6593], with thanks to Gamma Technologies for sponsoring the related development.

Changed

• Improve heatmap rendering performance when zsmooth is set to false [#​6574], with thanks to @​lvlte for the contribution!

v2.22.0

Compare Source

Fixed

• Fix legend groups toggle (regression introduced in 2.22.0)(https://redirect.github.com/plotly/plotly.js/issues/6639)y.js/issues/6639\))
• Fix waterfall hovertemplate not showing delta on totals similar(https://redirect.github.com/plotly/plotly.js/issues/6635)y.js/issues/6635\))

v2.21.0

Compare Source

Added

• Add texttemplate to shape.label for parametric shapes i.e. line, rect and circle [#​6527],
  with thanks to the Volkswagen Center of Excellence for Battery Systems for sponsoring development!
• Add strict option to custom bundle command [#​6557],
  with thanks to @​CallumNZ for the contribution!

Fixed

• Fix dragging of legend when xanchor is not 'left' or yanchor is not 'top' [#​6528],
  with thanks to @​bmaranville for the contribution!
• Fix heatmap rendering bug and improve performance when zsmooth is set to "fast" [#​6565],
  with thanks to @​lvlte for the contribution!

v2.20.0

Compare Source

Added

• Add title.automargin to enable automatic top and bottom margining for both container and paper referenced titles [#​6428],
  with thanks to Gamma Technologies for sponsoring the related development.

v2.19.1

Compare Source

Fixed

• Ensure slider range stays in bounds during the drag [#​4448],
  with thanks to @​jay-bis for the contribution!

v2.19.0

Compare Source

Added

• Add label attribute to shapes [#​6454],
  with thanks to the Volkswagen Center of Excellence for Battery Systems for sponsoring development!
• Add labelalias to various axes namely cartesian, gl3d, polar, smith, ternary, carpet,
  indicator and colorbar [#​6481],
  this feature was anonymously sponsored: thank you to our sponsor!

Changed

• Upgrade is-mobile dependency [#​6517]

Fixed

• Avoid overlap of point and axis hover labels for hovermode: 'x'|'y' [#​6442],
  with thanks to @​dagroe for the contribution!

v2.18.2

Compare Source

Fixed

• Avoid attaching internal d3 object to the window (regression introduced in 2.17.0) [#​6487]
• Correct the order of lower fence and upper fence in the French locale (fr) [#​6476],
  with thanks to @​Gagaro for the contribution!
• Correct formats in the Peruvian locale (es-pe) [#​6451],
  with thanks to @​andresrcs for the contribution!

v2.18.1

Compare Source

Changed

• Bump d3-interpolate and d3-color to v3 to address audit warnings [#​6463]

Fixed

• Fix scaling of exports e.g. the SVG format by not adding vector-effect CSS to static plots [#​6445]
• Fix hover on IE (regression introduced in 2.5.0) [#​6466]

v2.18.0

Compare Source

Added

• Add sync tickmode option [#​6356, #​6443],
  with thanks to @​filipesantiagoAM and @​VictorBezak for the contribution!

Changed

• Improve detection of mobile & tablet devices for WebGL rendering by upgrading is-mobile [#​6432]

Fixed

• Fix library's imported name using requirejs AMD loader (regression introduced in 2.17.0) [#​6440]

v2.17.1

Compare Source

Fixed

• Fix line redraw (regression introduced in 2.15.0) [#​6429]

v2.17.0

Compare Source

Fixed

• Avoid attaching internal d3 object to the window (regression introduced in 2.17.0) [#​6487]
• Correct the order of lower fence and upper fence in the French locale (fr) [#​6476],
  with thanks to @​Gagaro for the contribution!
• Correct formats in the Peruvian locale (es-pe) [#​6451],
  with thanks to @​andresrcs for the contribution!

v2.16.5

Compare Source

Fixed

• Disable slider interactions when staticPlot is set to true [#​6393]

v2.16.4

Compare Source

Fixed

• Fix scattermapbox redraw (regression introduced in 2.16.0) [#​6387]

v2.16.3

Compare Source

Fixed

• Fix hover on multicategory axes [#​6360],
  with thanks to @​filipesantiagoAM for the contribution!

v2.16.2

Compare Source

Fixed

• Fix mapbox clearOutline calls (regression introduced in 2.13.0) [#​6367]

v2.16.1

Compare Source

Fixed

• Fix choroplethmapbox selection when adding new traces on top [#​6345]

v2.16.0

Compare Source

Fixed

• Fix scattermapbox redraw (regression introduced in 2.16.0) [#​6387]

v2.15.1

Compare Source

Fixed

• Fix latest version of plotly.js main module on npm

v2.15.0

Compare Source

Fixed

• Fix line redraw (regression introduced in 2.15.0) [#​6429]

v2.14.0

Compare Source

Added

• Add support for sankey links with arrows [#​6276],
  with thanks to @​Andy2003 for the contribution!
• Add editSelection option to config [#​6285]

Changed

• Update dutch translations and fix dateMonth format for nl locale to confirm with expected nl format [#​6261],
  with thanks to @​eirvandelden for the contribution!

v2.13.3

Compare Source

Fixed

• Emit plotly_selected event on plot API calls and GUI edits [#​6277]

v2.13.2

Compare Source

Fixed

• Fix sankey select error (regression introduced in 2.13.0) [#​6265]
• Handle missing drag layer of invisible sankey traces to fix select error [#​6267]
• Emit selection event in shape drawing dragmodes when an existing selection is modified [#​6262]

v2.13.1

Compare Source

Fixed

• Avoid attaching selections to undefined eventData (regression introduced in 2.13.0) [#​6260]

v2.13.0

Compare Source

Fixed

• Fix mapbox clearOutline calls (regression introduced in 2.13.0) [#​6367]

v2.12.1

Compare Source

Fixed

• Fix for disabling polar rotation when dragmode is set to false [#​6147],
  with thanks to @​jonfunkhouser for the contribution!
• Fix custom modebar buttons mutate the input [#​6177]
• Fix various missing and duplicate spaces in plot schema descriptions [#​6183]

v2.12.0

Compare Source

Added

• Add griddash axis property to cartesian, polar, smith, ternary and geo subplots and add griddash and minorgriddash to carpet trace [6144], with thanks to @​njwhite for the contribution!
• Implement various options to position and style minor ticks and grid lines on cartesian axis types including
  minor.tickmode, minor.tickvals, minor.tickcolor, minor.ticklen, minor.tickwidth, minor.dtick, minor.tick0, minor.nticks, minor.ticks,
  minor.showgrid, minor.gridcolor, minor.griddash and minor.gridwidth [6166]

Changed

• Use the "willReadFrequently" 2d context creation attribute to optimize readback performance [#​6084],
  with thanks to @​junov for the contribution!

Fixed

• avoid drawing blank tick labels on cartesian axes [#​6163]

v2.11.1

Compare Source

Fixed

• Regenerate functions of regl-based traces in the "strict" bundle [#​6141]

v2.11.0

Compare Source

Added

• Add a CSP complaint variation of regl-based traces i.e. parcoords, splom, scattergl, scatterpolargl to the "strict" bundle [#​6083]
• Add scattersmith trace to the "strict" bundle [#​6135]

v2.10.1

Compare Source

Fixed

• Fix mesh3d generation when alphahull is a positive number (regression introduced in 2.5.1) [#​6133]

v2.10.0

Compare Source

Added

• Add support to use version 3 of MathJax and add typesetMath attribute to config [#​6073],
  with thanks to Equinor for sponsoring the related development!
• Add fillpattern options to scatter trace [#​6101],
  with thanks to @​s417-lama for the contribution!

v2.9.0

Compare Source

Added

• Implement ticklabelstep to reduce labels on 2D axes and colorbars [#​6088],
  this feature was anonymously sponsored: thank you to our sponsor!

Changed

• Display the version of plotly.js when hovering over the modebar [#​6077]
• Various dependency updates as listed under the v2.9.0 milestone

Fixed

• Fix vertical spacing of legend items in horizontal mode [#​6094]

v2.8.3

Compare Source

Fixed

• Correct formatted x/y texttempate for histogram trace [#​6070]

v2.8.2

Compare Source

Fixed

• Fix missing x/y texttemplate for histogram, bar, funnel and waterfall traces [#​6069]

v2.8.1

Compare Source

Fixed

• Do not exceed layout font size when textfont is set to "auto" for heatmap, histogram2d, contour and
  histogram2dcontour traces [#​6061]

v2.8.0

Compare Source

Added

• Introduce horizontal colorbars [#​6024]
• Implement legend.grouptitlefont and hoverlabel.grouptitlefont [#​6040]
• Add texttemplate and textfont to heatmap and histogram2d traces as well as
  histogram2dcontour and contour traces when coloring is set "heatmap" [#​6028]

Fixed

• Fix to discard negative values from pie chart post-aggregation instead of during summation [#​6051],
  with thanks to @​destiny-wu for the contribution!

v2.7.0

Compare Source

Added

• Add texttemplate, textposition, textfont, textangle,
  outsidetextfont, insidetextfont, insidetextanchor,
  constraintext and cliponaxis to histogram trace [#​6038]

Changed

• Bump probe-image-size module to v7.2.2 [#​6036]

Fixed

• Fix mapbox derived coordinate for Retina displays [#​6039]
• Fix interaction between uirevision and autorange. Because we push autorange and range back into layout,
  there can be times it looks like we're applying GUI-driven changes on top of explicit autorange and other times
  it's an implicit autorange, even though the user's intent was always implicit. This fix treats them as equivalent. [#​6046]

v2.6.4

Compare Source

Fixed

• Avoid bar with text to jump when selected [#​6043]

v2.6.3

Compare Source

Fixed

• Fix hover events in Shadow DOM [#​6021],
  with thanks to @​SabineWren for the contribution!

v2.6.2

Compare Source

Fixed

• Fix loading issue in orca (regression introduced in 2.6.0) [#​6011]

v2.6.1

Compare Source

Fixed

• Fix to avoid including local stackgl_modules/node_modules in the package (regression introduced in 2.6.0) [#​6008]

v2.6.0

Compare Source

Added

• add pattern to pie, funnelarea, sunburst, icicle and treemap traces [#​6601, #​6619, #​6622, #​6626, #​6627, #​6628, #​6629],
  with thanks to @​thierryVergult for the contribution!

Fixed

• Fix to prevent accessing undefined (hoverText.hoverLabels) in case all currently shown markers
  have hoverinfo: "none" (regression introduced in 2.6.0)(https://redirect.github.com/plotly/plotly.js/issues/6614)y.js/issues/6614\)),
  with thanks to @​Domino987 for the contribution!
• Fix to ensure only minimum margin spacing is added for container-referenced legends and colorbars [#​6616]

v2.5.1

Compare Source

Fixed

• Fix mesh3d generation when alphahull is a positive number (regression introduced in 2.5.1) [#​6133]

v2.5.0

Compare Source

Changed

• Bump d3-interpolate and d3-color to v3 to address audit warnings [#​6463]

Fixed

• Fix scaling of exports e.g. the SVG format by not adding vector-effect CSS to static plots [#​6445]
• Fix hover on IE (regression introduced in 2.5.0) [#​6466]

v2.4.2

Compare Source

Fixed

• Fix positioning unified hover box when div has zero height
  (regression introduced in 2.3.0) [#​5913]

v2.4.1

Compare Source

Fixed

• Fix double click legends when groupclick is set to "toggleitem" [#​5909]

v2.4.0

Compare Source

Added

• Add legend.groupclick options [#​5849, #​5906],
  with thanks to @​brussee for the contribution!
• Add touch support to slider component [#​5856],
  with thanks to @​keul for the contribution!
• Provide bbox of hover items in event data [#​5512]

Changed

• Upgrade regl module from version 1.6.1 to version 2.1.0 [#​5870]

Fixed

• Fix invalid call to lib.promiseError in lib.syncOrAsync [#​5878],
  with thanks to @​jklimke for the contribution!
• Use hoverlabel.font for group titles in unified hover modes [#​5895]

v2.3.1

Compare Source

Fixed

• Fix period positioned hover to work in different time zones as well as on grouped bars [#​5864]
• Use ids from axes when making hover data keys [#​5852]
• Do not include regl based traces parcoords, splom, scattergl and scatterpolargl in the "strict" bundle so that it could be used with CSP without WebGL warning [#​5865]

v2.3.0

Compare Source

Fixed

• Fix positioning unified hover box when div has zero height
  (regression introduced in 2.3.0) [#​5913]

v2.2.1

Compare Source

Fixed

• Fix to improve sanitizing href inputs for SVG and HTML text elements [#​5803]

v2.2.0

Compare Source

Added

• Legend group titles [#​5752],
  this feature was anonymously sponsored: thank you to our sponsor!
• Add half-year directive (%h) for formatting dates and improve descriptions to include extra date formatting options [#​5762],
  this feature was anonymously sponsored: thank you to our sponsor!

Changed

• Modernize the process of creating baselines using Kaleido and improve image & other export test systems [#​5724]
• Centralize jsdom utility to return Plotly object in node.js test scripts and use it in generating plot-schema [#​5755]
• Bump turf bbox dependency to v6.4.0 [#​5747]
• Bump turf area dependency to v6.4.0 [#​5748]
• More maintenance work listed under the v2.2.0 milestone

Fixed

• Cache values and patterns in set_convert for axes with rangebreaks to improve performance [#​5659],
  with thanks to @​spasovski for the contribution!
• Fix fetching geojson when ES6 import is used to load the library [#​5763]
• Correct readme links [#​5746]

v2.1.0

Compare Source

Added

• Add legend.groupclick options [#​5849, #​5906],
  with thanks to @​brussee for the contribution!
• Add touch support to slider component [#​5856],
  with thanks to @​keul for the contribution!
• Provide bbox of hover items in event data [#​5512]

Changed

• Upgrade regl module from version 1.6.1 to version 2.1.0 [#​5870]

Fixed

• Fix invalid call to lib.promiseError in lib.syncOrAsync [#​5878],
  with thanks to @​jklimke for the contribution!
• Use hoverlabel.font for group titles in unified hover modes [#​5895]

v2.0.0

Compare Source

Added

• Add new number formatting and text alignment options by upgrading d3.format method from d3@​v3 to version 1.4.5 of d3-format module [#​5125, #​5842]
• Add "satellite" and several other projection types to geo subplots [#​5801]
• Improve rendering of scattergl, splom and parcoords by implementing plotGlPixelRatio for those traces [#​5500]

Changed

• Upgrade d3.geo method from d3@​v3 to version 1.12.1 of d3-geo module and version 2.9.0 of d3-geo-projection module [#​5112]
• Upgrade d3.interpolate method from d3@​v3 to version 1.4.0 of d3-interpolate module in icicle, indicator, parcats, sunburst and treemap [#​5826]
• Upgrade regl-scatter2d, regl-line2d and regl-error2d modules to use version 1.1.0 of to-float32 module to improve the performance [#​5786],
  with thanks to @​Seranicio for the contribution!
• Edit the type of constraintrange in parcoords trace to pass validation [#​5673]
• Sort object key values in schema [#​5813]
• Sort plot-schema and add test to track plot-schema changes [#​5776]
• Preview CHANGELOG when building dist on master [#​5780, #​5808]
• Preview plot-schema changes between releases when building dist on master [#​5814]
• Display changes made to package.json between versions and add identical tags to draft bundles created by publish-dist job on CircleCI [#​5815]
• Simplify devtool by relying on XMLHttpRequest instead of d3.json [#​5832]
• Update CONTRIBUTING guidelines on how to submit pull requests and generate new baseline [#​5791, #​5792]
• More maintenance work listed under the v2.3.0 milestone

Fixed

• Fix unknown filename when exporting charts using new versions of Safari [#​5609, 5838],
  with thanks to @​rlreamy for the contribution!
• Improve README for ES6 module import [#​5779],
  with thanks to @​andreafonso for the contribution!
• Position hover in respect to the average of values in (x|y) unified modes (regression introduced in 2.0.0) [#​5845]
• Fix hover with period alignment points and improve positioning of spikes and unified hover label
  in order not to obscure referring data points and fit inside plotting area [#​5846]
• Allow clickable legend group titles when group has no pie-like traces [#​5771]
• Fix mapbox line text example [#​5804]
• Fix links to time format options so that they point to the d3-time-format v2.2.3 applied not the latest [#​5818]

v1.58.5

Compare Source

Fixed

• Fix to improve sanitizing href inputs for SVG and HTML text elements [#​5803]

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.