build(deps): bump plotly from 5.24.1 to 6.4.0

[dependabot]

Bumps plotly from 5.24.1 to 6.4.0.

Release notes

Sourced from plotly's releases.

v6.4.0

Updated

• Update plotly.js from version 3.1.1 to version 3.2.0. See the plotly.js release notes for more information. [#5357]. Notable changes include:
  • Add hovertemplatefallback and texttemplatefallback attributes [#7577]
  • Add "SI extended" formatting rule for tick exponents on axis labels, allowing values to be displayed with extended SI prefixes (e.g., femto, pico, atto) [#7249]

Deprecated

• Deprecate create_hexbin_mapbox in favor of create_hexbin_map, update related function calls [5358], with thanks to @​ajlien for the contribution!

v6.3.1

Updated

• Update Plotly.js from version 3.1.0 to version 3.1.1. See the Plotly.js release notes for more information. [#5357]. Notable changes include:
  • Fix issue preventing Scattergl plots with text elements from rendering [plotly.js#7563]
• Use native legends when converting from matplotlib [#5312], with thanks to @​robertoffmoura to the contribution!
• Allow shared_yaxes to work with secondary axes [#5180], with thanks to @​gmjw for the contribution!

Fixed

• Fix issue where width/height in plot layout were not respected during Kaleido image export [#5325]
• Fix typo in default argument to _ternary_contour.py [#5315], with thanks to @​Lexachoc for the contribution!
• Fix incorrect fig.show() behavior when ipython is installed [#5258]

Full Changelog: plotly/plotly.py@v6.3.0...v6.3.1

v6.3.0

Updated

• Updated Plotly.js from version 3.0.1 to version 3.1.0. See the plotly.js release notes for more information. [#5318]

Added

• Exposed plotly.io.get_chrome() as a function which can be called from within a Python script. [#5282]

Fixed

• Resolved issue causing extraneous engine deprecation warnings [#5287], with thanks to @​jdbeel for the contribution!

v6.2.0

Added

• Add SRI (Subresource Integrity) hash support for CDN script tags when using include_plotlyjs='cdn'. This enhances security by ensuring browser verification of CDN-served plotly.js files [#5165] (with thanks to @​ddworken)

Fixed

• Allow setting Plotly.js path via pio.defaults [#5207]

Changed

• Refactor validation code to reduce bundle size [#5214] (with thanks to @​bmaranville)
• Add deprecation warnings when using Kaleido v0 or deprecated image export features [#5177]

v6.1.2

Fixed

• Fix type checking and code highlighting for graph_objects classes [#5199]

v6.1.1

Fixed

... (truncated)

Changelog

Sourced from plotly's changelog.

[6.4.0] - 2025-11-02

Updated

• Update plotly.js from version 3.1.1 to version 3.2.0. See the plotly.js release notes for more information. [#5357]. Notable changes include:
  • Add hovertemplatefallback and texttemplatefallback attributes [#7577]
  • Add "SI extended" formatting rule for tick exponents on axis labels, allowing values to be displayed with extended SI prefixes (e.g., femto, pico, atto) [#7249]

Deprecated

• Deprecate create_hexbin_mapbox in favor of create_hexbin_map, update related function calls [5358], with thanks to @​ajlien for the contribution!

[6.3.1] - 2025-10-02

Updated

• Update Plotly.js from version 3.1.0 to version 3.1.1. See the Plotly.js release notes for more information. [#5357]. Notable changes include:
  • Fix issue preventing Scattergl plots with text elements from rendering [plotly.js#7563]
• Use native legends when converting from matplotlib [#5312], with thanks to @​robertoffmoura to the contribution!
• Allow shared_yaxes to work with secondary axes [#5180], with thanks to @​gmjw for the contribution!

Fixed

• Fix issue where width/height in plot layout were not respected during Kaleido image export [#5325]
• Fix typo in default argument to _ternary_contour.py [#5315], with thanks to @​Lexachoc for the contribution!
• Fix incorrect fig.show() behavior when ipython is installed [#5258]

[6.3.0] - 2025-08-12

Updated

• Updated Plotly.js from version 3.0.1 to version 3.1.0. See the Plotly.js release notes for more information. [#5318]

Added

• Exposed plotly.io.get_chrome() as a function which can be called from within a Python script. [#5282]

Fixed

• Resolved issue causing extraneous engine deprecation warnings [#5287], with thanks to @​jdbeel for the contribution!

[6.2.0] - 2025-06-26

Added

• Add SRI (Subresource Integrity) hash support for CDN script tags when using include_plotlyjs='cdn'. This enhances security by ensuring browser verification of CDN-served plotly.js files [#5165] (with thanks to @​ddworken)

Fixed

• Allow setting Plotly.js path via pio.defaults [#5207]

Changed

• Refactor validation code to reduce bundle size [#5214] (with thanks to @​bmaranville)
• Add deprecation warnings when using Kaleido v0 or deprecated image export features [#5177]

[6.1.2] - 2025-05-27

Fixed

• Fix type checking and code highlighting for graph_objects classes [#5199]

... (truncated)

Commits

• d2b1812 Version changes for v6.4.0
• b5dfa21 Merge pull request #5389 from plotly/cam/update-kaleido-version-1.1.0
• af55771 Update Kaleido dependency to v1.1.0
• 6d954ba Merge pull request #5388 from plotly/cam/update-plotly.js-v3.2.0
• 89a1f1b Revert indentation changes
• 056b497 Remove old build file
• 5586cf9 Use labextension files from CI because they are different
• 46ee9b2 Update Jupyter support files
• a58a365 Update plotly.js to v3.2.0 and associated files
• aac1b66 Merge pull request #5383 from plotly/doc-prod-to-main-merge
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.79%. Comparing base (6aa2c2a) to head (d116d1b).

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #6332   +/-   ##
=======================================
  Coverage   89.79%   89.79%           
=======================================
  Files           1        1           
  Lines         431      431           
=======================================
  Hits          387      387           
  Misses         44       44           

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[dependabot]

Superseded by #6355.