[Snyk] Upgrade plotly.js from 1.54.1 to 2.33.0

[GregBrimble]

Snyk has created this PR to upgrade plotly.js from 1.54.1 to 2.33.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 97 versions ahead of your current version.

• The recommended version was released on 2 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Pollution SNYK-JS-PLOTLYJS-6142157	387	No Known Exploit
	Arbitrary Code Execution SNYK-JS-STATICEVAL-173693	387	No Known Exploit
	Arbitrary Code Execution npm:static-eval:20171016	387	Mature
	Remote Memory Exposure SNYK-JS-BL-608877	387	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	387	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-D3COLOR-1076592	387	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	387	No Known Exploit

Release notes

Package name: plotly.js

• 2.33.0 - 2024-05-29
  

  Added

  • Add support for numeric text font weight [#6990]
  • Add shadow, lineposition and textcase options to SVG fonts [#6983]

  Fixed

  • Fix unicode variable names in @ plotly/d3 [#6992],
    with thanks to @ GeorchW for the contribution!
  • Fix getFullTransformMatrix in shadow DOM [#6996],
    with thanks to @ OpportunityLiu for the contribution!
  • Fix drag on legend scrollbar while edits.legendPosition is true [#6997],
    with thanks to @ OpportunityLiu for the contribution!
  • Fix numerical instability in 3D plots [6998],
    with thanks to @ hborchardt for the contribution!
  • Fix numerical precision of drawing surface trace [6999],
    with thanks to @ hborchardt for the contribution!
  • Fix isosurface maximum value calculation when isomax is set to null [#7002]
• 2.32.0 - 2024-04-23
  

  Added

  • Add "bold" weight, "italic" style and "small-caps" variant options to fonts [#6956]

  Fixed

  • Fix applying autotickangles on axes with showdividers as well as cases
    where tickson is set to "boundaries" [#6967],
    with thanks to @ my-tien for the contribution!
  • Fix positioning of multi-line axis titles with standoff [#6970],
    with thanks to @ my-tien for the contribution!
• 2.31.1 - 2024-04-15
  

  Fixed

  • Maintain original drawing order of traces when traces with similar type are sent to back [#6962]
  • Ensure winning points of hover are listed first when hoversubplots is set to "axis" and sorting by distance [#6963]
  • Fix duplicated points in splom hover when hoversubplots is set to "axis" [#6965]
• 2.31.0 - 2024-04-10
  

  Added

  • Add zorder attribute to various cartesian traces for controlling stacking order of SVG traces drawn
    into a subplot [#6918, #6953]. This feature was anonymously sponsored: thank you to our sponsor!
  • Add "between" option to shape layer for placing them above grid lines and below traces [#6927],
    with thanks to @ my-tien for the contribution!
  • Add "raw" sizemode to cone trace [#6938]
  • Add layout.hoversubplots to enable (x|y) and unified hover effects across multiple cartesian suplots
    sharing one axis [#6947, #6950]

  Changed

  • Regenerate stackgl_modules/index.js using updated dependencies [#6937]

  Fixed

  • Fix hover count in parcats trace [#6944], with thanks to @ weiweikee for the contribution!
• 2.30.1 - 2024-03-15
  

  Fixed

  • Fix centering multi-line headers for treemap traces [#6923]
  • Fix heatmap text color and texttemplate on cells with missing data [#6924]
  • Fix scattergl rendering when colors include capital letters [#6928],
    with thanks to @ 28raining and @ dy for the contribution!
• 2.30.0 - 2024-03-06
  

  Added

  • Add fill gradients for scatter traces [#6905],
    with thanks to @ lumip for the contribution!
  • Add indentation to legend [#6874],
    with thanks to @ my-tien for the contribution!

  Fixed

  • Fix tooltip pointer position [#6901],
    with thanks to @ OBe95 for the contribution!
  • Fix standoff position [#6889, #6914],
    with thanks to @ ayjayt for the contribution!
  • Fix resizing pie and funnelarea traces when textinfo is set to "none" [#6893],
    with thanks to @ robbtraister for the contribution!
  • Fix insiderange on category axes [#6910]
  • Fix display of "boundaries" tickson when tickmode is set to "array" [#6912]
• 2.29.1 - 2024-02-12
  

  Fixed

  • Fix bug where plots with axis type='categorical', tickson = "boundaries" and showgrid=true wouldn't load [#6885]
  • Respect insiderange when multiple overlaid axes having insideticklabel [#6817]
• 2.29.0 - 2024-02-02
  

  Added

  • Add layout.barcornerradius and trace.marker.cornerradius properties to support rounding the corners of bar traces [#6761],
    with thanks to Displayr for sponsoring development!
  • Add autotickangles to cartesian and radial axes [#6790],
    with thanks to @ my-tien for the contribution!

  Changed

  • Improve hover detection for for scatter plot fill tonext* [#6865],
    with thanks to @ lumip for the contribution!
  • Improve rendering of heatmap bricks for log-scale axes [#5991],
    with thanks to @ andrew-matteson for the contribution!
  • Adjust Sankey trace to allow user-defined link hover style override [#6864],
    with thanks to @ TortoiseHam for the contribution!
  • Adjust 'decimal' and 'thousands' formats for Brazilian Portuguese locale file [#6866],
    with thanks to @ pazuza for the contribution!

  Fixed

  • Fix modifying selections on traces on overlaying axes [#6870]
• 2.28.0 - 2024-01-05
  

  Added

  • Add align option to sankey nodes to control horizontal alignment [#6800],
    with thanks to @ adamreeve for the contribution!
  • Add the possibility of loading "virtual-webgl" script for WebGL 1 to help display several WebGL contexts on a page [#6784],
    with thanks to @ greggman for the contribution!
  • Add options to use base64 encoding (bdata) and shape (for 2 dimensional arrays) to declare various typed arrays
    i.e. dtype=(float64|float32|int32|int16|int8|uint32|uint16|uint8) [#5230]

  Fixed

  • Fix scattergl rendering bug on M1 mac devices [#6830],
    with thanks to @ justinjhendrick for the contribution!
  • Fix hovering over sankey node only fully highlights first trace [#6799],
    with thanks to @ DominicWuest for the contribution!
  • Fix error when the mouse moves to x=0 while dragging a rangeslider [#6780],
    with thanks to @ david-bezero for the contribution!
  • Fix duplicated of major and minor ticks in calc data [#6829],
    with thanks to @ ayjayt for the contribution!
  • Fix charset test dashboard [#6826],
    with thanks to @ ayjayt for the contribution!
  • Fix range defaults to take into account minallowed and maxallowed values of the axis [#6796]
  • Fix scattergl legend when marker.angle is an array [#6787]
  • Fix plot schema not to show line.shape options for scatterpolargl trace [#6781]
• 2.27.1 - 2023-11-08
  

  Changed

  • Adjust stamen styles to point to stadiamaps.com, the users may also need to provide their own API_KEY via config.mapboxAccessToken [#6776, #6778]

  Fixed

  • Fix handling multi-line text in title automargin [#6758]
• 2.27.0 - 2023-10-20
• 2.26.2 - 2023-10-04
• 2.26.1 - 2023-09-22
• 2.26.0 - 2023-08-24
• 2.25.2 - 2023-08-11
• 2.25.1 - 2023-08-02
• 2.25.0 - 2023-07-25
• 2.24.3 - 2023-07-05
• 2.24.2 - 2023-06-09
• 2.24.1 - 2023-06-07
• 2.24.0 - 2023-06-06
• 2.23.2 - 2023-05-19
• 2.23.1 - 2023-05-17
• 2.23.0 - 2023-05-12
• 2.22.0 - 2023-04-27
• 2.21.0 - 2023-04-17
• 2.20.0 - 2023-03-15
• 2.19.1 - 2023-03-14
• 2.19.0 - 2023-03-13
• 2.18.2 - 2023-02-15
• 2.18.1 - 2023-02-02
• 2.18.0 - 2023-01-19
• 2.17.1 - 2023-01-09
• 2.17.0 - 2022-12-23
• 2.16.5 - 2022-12-13
• 2.16.4 - 2022-12-07
• 2.16.3 - 2022-11-16
• 2.16.2 - 2022-11-12
• 2.16.1 - 2022-10-21
• 2.16.0 - 2022-10-14
• 2.15.1 - 2022-10-11
• 2.15.0 - 2022-10-06
• 2.14.0 - 2022-08-10
• 2.13.3 - 2022-07-25
• 2.13.2 - 2022-07-21
• 2.13.1 - 2022-07-14
• 2.13.0 - 2022-07-14
• 2.12.1 - 2022-05-09
• 2.12.0 - 2022-05-02
• 2.11.1 - 2022-03-15
• 2.11.0 - 2022-03-12
• 2.10.1 - 2022-03-08
• 2.10.0 - 2022-03-05
• 2.9.0 - 2022-02-04
• 2.8.3 - 2021-12-20
• 2.8.2 - 2021-12-20
• 2.8.1 - 2021-12-16
• 2.8.0 - 2021-12-10
• 2.7.0 - 2021-12-03
• 2.6.4 - 2021-11-26
• 2.6.3 - 2021-11-12
• 2.6.2 - 2021-11-05
• 2.6.1 - 2021-11-03
• 2.6.0 - 2021-10-30
• 2.5.1 - 2021-09-16
• 2.5.0 - 2021-09-03
• 2.4.2 - 2021-08-31
• 2.4.1 - 2021-08-27
• 2.4.0 - 2021-08-27
• 2.3.1 - 2021-07-30
• 2.3.0 - 2021-07-23
• 2.2.1 - 2021-07-06
• 2.2.0 - 2021-06-28
• 2.1.0 - 2021-06-18
• 2.0.0 - 2021-06-07
• 2.0.0-rc.3 - 2021-06-03
• 2.0.0-rc.2 - 2021-05-28
• 2.0.0-rc.1 - 2021-04-22
• 2.0.0-rc.0 - 2021-02-03
• 1.58.5 - 2021-07-06
• 1.58.4 - 2020-12-21
• 1.58.3 - 2020-12-17
• 1.58.2 - 2020-12-09
• 1.58.1 - 2020-12-04
• 1.58.0 - 2020-12-02
• 1.57.1 - 2020-10-20
• 1.57.0 - 2020-10-15
• 1.56.0 - 2020-09-30
• 1.55.2 - 2020-09-08
• 1.55.1 - 2020-09-03
• 1.55.0 - 2020-09-02
• 1.54.7 - 2020-07-23
• 1.54.6 - 2020-07-09
• 1.54.5 - 2020-06-23
• 1.54.4 - 2020-06-22
• 1.54.3 - 2020-06-16
• 1.54.2 - 2020-06-10
• 1.54.1 - 2020-05-04

from plotly.js GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs