Skip to content

Bump vega, vega-embed and vega-lite in /catalog #4644

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

Bump vega, vega-embed and vega-lite in /catalog #4644

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 24, 2025
edited
Loading

Bumps vega, vega-embed and vega-lite. These dependencies needed to be updated together.
Updates vega from 5.33.0 to 6.2.0

Release notes

Sourced from vega's releases.

v6.0.0

changes since v5.33.0

monorepo

vega-typings

docs

Commits

Updates vega-embed from 6.22.2 to 7.1.0

Release notes

Sourced from vega-embed's releases.

Release 7.1.0

7.1.0 (2025-10-09)

Bug Fixes

Release 7.0.2

7.0.2 (2025-03-29)

Bug Fixes

  • correct repo entry (7e78bc8)
  • use embed.js for clearer mapping to what file we are using (30a8437)

Release 7.0.1

7.0.1 (2025-03-28)

Bug Fixes

Release 7.0.0

What's Changed

... (truncated)

Changelog

Sourced from vega-embed's changelog.

7.1.0 (2025-10-09)

Bug Fixes

7.0.2 (2025-03-29)

Bug Fixes

  • correct repo entry (7e78bc8)
  • use embed.js for clearer mapping to what file we are using (30a8437)

7.0.1 (2025-03-28)

Bug Fixes

7.0.0 (2025-03-28)

Bug Fixes

6.29.0 (2024-11-19)

Features

6.28.0 (2024-11-07)

Features

6.27.1 (2024-11-07)

Bug Fixes

  • correct types reference (794b9cc)

... (truncated)

Commits
  • 1bd3e9c chore: release v7.1.0
  • 6f47dc0 fix: handle logLevel correctly (#1475)
  • bab3d91 chore(deps-dev): bump del-cli from 6.0.0 to 7.0.0 (#1474)
  • afb1079 chore(deps): bump actions/setup-node from 4 to 5 (#1465)
  • cbc4bc2 chore(deps-dev): bump @​vitest/eslint-plugin from 1.3.6 to 1.3.13 (#1473)
  • bcee73b chore(deps): bump codecov/codecov-action from 5.5.0 to 5.5.1 (#1464)
  • 63c9d5f chore(deps-dev): bump release-it from 19.0.4 to 19.0.5 (#1470)
  • 307f7ab chore(deps-dev): bump typescript from 5.8.3 to 5.9.3 (#1472)
  • 78af475 chore(deps-dev): bump rollup from 4.50.0 to 4.52.3 (#1471)
  • daa266b chore(deps-dev): bump vega-lite from 6.2.0 to 6.4.1 (#1468)
  • Additional commits viewable in compare view

Updates vega-lite from 5.14.1 to 6.4.1

Release notes

Sourced from vega-lite's releases.

Release 6.4.1

6.4.1 (2025-09-23)

Bug Fixes

  • do not apply the color domain order for the unstacked ungrouped chart (#9687) (921fdf7)

Release 6.4.0

6.4.0 (2025-09-17)

Bug Fixes

Features

Release 6.3.1

6.3.1 (2025-09-10)

Bug Fixes

Features

  • add interactive geographic facet visualizations for species habitat data (#9661) (5798e77), closes #9659
  • align stack order only for nominal color domains (#9645) (e201a9d)
  • for interactive charts, changed cursor to pointer (#9358) (ee740b5)

Release 6.2.0

6.2.0 (2025-06-27)

Bug Fixes

  • docs: improve header alignment for facet_bullet graph example (#9554) (99a43e4)
  • ensure temporal field propagates to time expression (#8757) (473f359)
  • turn off aria for the generated voronoi layer from nearest spec (#9624) (8588c14)

... (truncated)

Changelog

Sourced from vega-lite's changelog.

6.4.1 (2025-09-23)

Bug Fixes

  • do not apply the color domain order for the unstacked ungrouped chart (#9687) (921fdf7)

6.4.0 (2025-09-17)

Bug Fixes

Features

6.3.1 (2025-09-10)

Bug Fixes

Features

  • add interactive geographic facet visualizations for species habitat data (#9661) (5798e77), closes #9659
  • align stack order only for nominal color domains (#9645) (e201a9d)
  • for interactive charts, changed cursor to pointer (#9358) (ee740b5)

6.2.0 (2025-06-27)

Bug Fixes

  • docs: improve header alignment for facet_bullet graph example (#9554) (99a43e4)
  • ensure temporal field propagates to time expression (#8757) (473f359)
  • turn off aria for the generated voronoi layer from nearest spec (#9624) (8588c14)

Features

... (truncated)

Commits
  • d4492fe chore: release v6.4.1
  • 921fdf7 fix: do not apply the color domain order for the unstacked ungrouped chart (#...
  • cb93216 chore(deps-dev): bump rexml from 3.4.1 to 3.4.2 in /site in the bundler group...
  • 4932bf1 chore: release v6.4.0
  • fcc2486 chore: update deps (#9685)
  • c785de5 feat: support newlines in tooltips (#9678)
  • 0ff8505 fix: height/width of 0 ignored (#9676)
  • f1052b6 chore: release v6.3.1
  • 9ffd522 chore(deps): bump the npm_and_yarn group across 1 directory with 3 updates (#...
  • 0e6537c chore(deps): bump the npm_and_yarn group with 2 updates (#9673)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Greptile Overview

Greptile Summary

Updated three vega-related visualization libraries with major version bumps. The changes include:

  • vega: 5.33.0 → 6.2.0 (ESM-only, improved performance, new transforms)
  • vega-embed: 6.22.2 → 7.1.0 (ESM-only, default renderer changed from canvas to SVG)
  • vega-lite: 5.14.1 → 6.4.1 (new features, bug fixes)

The codebase only imports from vega-embed and uses it in a straightforward way via the embed() function in catalog/app/components/Preview/renderers/Vega.tsx. The renderer options don't explicitly specify canvas vs SVG, so the change to SVG as default will take effect. This should generally improve rendering quality but may have minor visual differences or performance characteristics.

The updates align these packages with their latest stable versions and bring security fixes and performance improvements. Since this is a Dependabot PR with grouped updates, the dependencies were updated together as required.

Confidence Score: 4/5

  • This PR is generally safe to merge with low risk, though visual regression testing is recommended
  • Score reflects that these are major version bumps of visualization libraries with breaking changes (ESM-only, default renderer change from canvas to SVG). However, the codebase has minimal and straightforward usage of these libraries through vega-embed's embed() function. The main risk is the renderer change may cause subtle visual differences in charts. No code changes are needed, but testing Vega visualizations before deploying is recommended.
  • No files require special attention - this is a straightforward dependency update

Important Files Changed

File Analysis

Filename Score Overview
catalog/package.json 4/5 Updated vega (5.33.0→6.2.0), vega-embed (6.22.2→7.1.0), and vega-lite (5.14.1→6.4.1) - all major version bumps that could introduce breaking changes
catalog/package-lock.json 4/5 Lock file updated to reflect vega dependency changes and their transitive dependencies

Sequence Diagram

sequenceDiagram
    participant User
    participant Catalog
    participant VegaRenderer
    participant VegaEmbed
    participant VegaLite
    participant Vega
    
    User->>Catalog: View file with Vega visualization
    Catalog->>VegaRenderer: Load Vega component
    VegaRenderer->>VegaEmbed: embed(element, spec, options)
    VegaEmbed->>VegaLite: Parse Vega-Lite spec (if applicable)
    VegaLite->>Vega: Compile to Vega spec
    Vega->>VegaEmbed: Render visualization
    VegaEmbed->>VegaRenderer: Return visualization
    VegaRenderer->>User: Display chart
Loading

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Nov 24, 2025
greptile-apps[bot]
greptile-apps bot reviewed Nov 24, 2025
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Additional Comments (1)

  1. catalog/app/components/Preview/renderers/Vega.tsx, line 5-13 (link)

    style: With vega-embed v7, the default renderer changed from canvas to svg. Test visualizations to ensure no unexpected visual changes occur.

1 file reviewed, 1 comment

Edit Code Review Agent Settings | Greptile

@dependabot
Bump vega, vega-embed and vega-lite in /catalog
31e40b5 
Bumps [vega](https://github.com/vega/vega), [vega-embed](https://github.com/vega/vega-embed) and [vega-lite](https://github.com/vega/vega-lite). These dependencies needed to be updated together.

Updates `vega` from 5.33.0 to 6.2.0
- [Release notes](https://github.com/vega/vega/releases)
- [Commits](vega/vega@v5.33.0...v6.2.0)

Updates `vega-embed` from 6.22.2 to 7.1.0
- [Release notes](https://github.com/vega/vega-embed/releases)
- [Changelog](https://github.com/vega/vega-embed/blob/main/CHANGELOG.md)
- [Commits](vega/vega-embed@v6.22.2...v7.1.0)

Updates `vega-lite` from 5.14.1 to 6.4.1
- [Release notes](https://github.com/vega/vega-lite/releases)
- [Changelog](https://github.com/vega/vega-lite/blob/main/CHANGELOG.md)
- [Commits](vega/vega-lite@v5.14.1...v6.4.1)

---
updated-dependencies:
- dependency-name: vega
  dependency-version: 6.2.0
  dependency-type: direct:production
- dependency-name: vega-embed
  dependency-version: 7.1.0
  dependency-type: direct:production
- dependency-name: vega-lite
  dependency-version: 6.4.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/catalog/multi-e1d7d42f8e branch from cbce3fd to 31e40b5 Compare December 8, 2025 09:20
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 5, 2026

Superseded by #4685.

@dependabot dependabot bot closed this Jan 5, 2026
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/catalog/multi-e1d7d42f8e branch January 5, 2026 23:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant