deps(deps): bump echarts from 5.6.0 to 6.0.0 in the production-dependencies group

[dependabot]

Bumps the production-dependencies group with 1 update: echarts.

Updates echarts from 5.6.0 to 6.0.0

Release notes

Sourced from echarts's releases.

6.0.0

• [Feature] [theme] New theme for ECharts 6.0. #20865 #21097 #21114 (Ovilia)
• [Feature] [chord] New chord series. #20522 (Ovilia)
• [Feature] [matrix&calendar] New matrix coordinate system. And all series and components (including other coordinate systems, such as grid(Cartesian), geo, polar, etc.) are supported to be declaratively laid out in the cells of matrix and calendar coordinate system. #19807 #21093 (Ovilia) #21005 #21108 (100pah)
• [Feature] [custom] Support reusable custom series. #20226 (Ovilia)
• [Feature] [cartesian] Introduce new layout mechanism to avoid Cartesian (i.e., grid component) axis labels and axis names overflowing the canvas, prevent axis names from overlapping with axis labels, and make them the default. #21059 (100pah) #19534 (robin-gerling) #16825 (konrad-amtenbrink)
• [Feature] [scatter] Support jittering for scatter series. #19941 #21067 (Ovilia)
• [Feature] [axis] Support break on the axis. #19459 (Ovilia) #20857 (100pah)
• [Feature] [theme] Support dynamically registering and switching themes. #20705 (Ovilia)
• [Feature] [roam] Roaming infrastructure enhancement - support users specifying roaming area by roamTrigger; support clip on geo and series.map; support cursor style change when hovering on the roaming area; support preserveAspect on geo, series.map and series.graph; fix the percent base of center on geo, series.map, series.graph and series.tree; enhance the behavior for roaming area overlapping. #19807#issuecomment-2974437299 (100pah)
• [Feature] [thumbnail] Support thumbnail for the graph series. #19807#issuecomment-3013454598 (100pah) #17471 (Lruler)
• [Feature] [marker] Support z option for markPoint/markLine/markArea. #21117 (sz-p)
• [Feature] [marker] Support z2 option for markPoint/markLine/markArea. #20782 (sz-p)
• [Feature] [stack] Support reversing the stack order. #20998 (Justin-ZS)
• [Feature] [sankey] Support roaming for sankey series. #20321 (Ovilia)
• [Feature] [custom] Support compoundPath in custom series renderItem. #20402 #21040 (Ovilia)
• [Feature] [marker] Support relativeTo option for specifying the relative target of marker position. #20166 #21042 (Ovilia)
• [Feature] [axis] Support tooltip for angleAxis label. #20986 (plainheart)
• [Feature] [tooltip] Support displayTransition option to control whether to enable the tooltip display transition. #20966 (jqqin)
• [Feature] [visualMap] Support unboundedRange option. #21113 (100pah)
• [Feature] [legend] Support triggerEvent option. #18164 #20907 (sz-p)
• [Feature] [custom] Support tooltipDisabled for custom series. #20447 (Ovilia)
• [Feature] [i18n] Add Norwegian Bokmål (nb-NO) translation. #20792 (joakimono)
• [Feature] [i18n] Add Greek (EL) translation. #21119 (tassosgeo)
• [Fix] [label] Fix label rich style does not inherit the plain label style. #20977 (plainheart) #21016 (100pah)
• [Fix] [label] Fix label layout margin. #21103 (100pah)
• [Fix] [dataZoom] Fix data shape distribution for time axis. #16978 (andrearoota) #21043 #21039 (Ovilia)
• [Fix] [tooltip] Fix null value item on category axis should be able to show tooltip. #20777 (Justin-ZS)
• [Fix] [visualMap] Fix some text style can't work on visualMap. #20961 (plainheart)
• [Fix] [dataZoom] Restrict range on brushEnd. #20814 (mortalYoung)
• [Fix] [heatmap] Fix labels not in calendar range are unexpectedly displayed. #20699 (plainheart)
• [Fix] [series] Fix mismatched dimension index. #20682 (Justin-ZS)
• [Fix] [bar] Fix polar bar should update roundCap when changes. #20582 (Ovilia)
• [Fix] [pie] Fix labelLine may be not removed and cause error when single label position is not in outside. #20906 (plainheart)
• [Fix] [sankey] Fix browser crash when emphasis.focus is 'trajectory' with large data. #20959 (plainheart)
• [Fix] [custom] Fix potential NPE when applying leave transition. #20920 (plainheart)
• [Fix] [tooltip] Fix potential memory leakage by explicitly unbinding event listeners. #21087 (seaheart)
• [Fix] [axis] [log] Fix incorrect rounding usage, and support data with big negative exponent. #21107 (SihongShen) #21120 (100pah)
• [Fix] [axis] Fix extreme small numbers can not be displayed in Cartesian due to the inappropriate rounding precision. #21120 (100pah) (SihongShen)
• [Fix] [dataZoom] Change moveHandler cursor to default. #20304 (ribeirompl)
• [Fix] [tooltip] Fix style coord transform markers are not removed after the tooltip is disposed. #20987 (plainheart)
• [Fix] [bar] Remove unused startValue option from the BarSeriesOption interface. #20901 (plainheart)
• [Fix] [title] Fix title text style width type should not include string. #20800 (sz-p)
• [Fix] [radar] Fix blur.itemStyle not working. #21081 (mustcanbedo) #21124 (Ovilia)
• [Fix] [roam] Fix RoamControllerHost importing path. #20313 (Ovilia)
• [Fix] [svg] Remove SVG support check in getSvgDataURL. #20760 (plainheart)
• [Break] Breaking changes against v5.6.0:
  • The default theme has been changed, including the visual style and the default location settings of components and series. For example, the default legend position is now at the bottom of the canvas. The new default settings are more reasonble, but if they affect the existing usage, use echarts/theme/v5.js to restore the old visual style and location settings. See #20865.
  • The v5 echarts/src/theme/light.ts is now migrated to echarts/theme/rainbow.js.
  • The position of Cartesian axes might shift slightly if the axis names or labels previously overflowed the canvas or overlapped, as anti-overflow and anti-axisLabel-axisName-overlap mechanism are enabled by default. In most cases that changes will be indiscernible to the naked eye. But if any unreasonable change occurs, you can use option grid.outerBoundsMode: 'none' to disable the anti-overflow mechanism, and/or use option xAxis/yAxis.axisLabel.nameMoveOverlap: false to disable the anti-axisLabel-axisName-overlap mechanism. See #21059.

... (truncated)

Commits

• 52104f7 Merge pull request #21132 from apache/release-dev
• 5e02596 chore: release
• 771c523 chore: add license headers and a script of pre-commit
• 8d7f252 Merge pull request #21127 from apache/release-dev
• 64f8d9c chore: release 6.0.0-rc.1
• 65efa66 test: add mark as expected
• 5365621 Merge pull request #21126 from apache/fix-16266
• 9055fef test(scale): add missing test
• 8a40d27 Merge branch 'release' into fix-16266
• 18b5db2 fix(scale): Fix that extreme small numbers can not be displayed in Cartesian ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Reviewers

The following users could not be added as reviewers: @maintainers. Either the username does not exist or it does not have the correct permissions to be added as a reviewer.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

The reviewers field in the dependabot.yml file will be removed soon. Please use the code owners file to specify reviewers for Dependabot PRs. For more information, see this blog post.

[github-actions]

🔍 Lint Check Results

ESLint Results

> @tryft/echarts@0.1.0 lint
> eslint src --ext ts,tsx --report-unused-disable-directives --max-warnings 0

Prettier Results

> @tryft/echarts@0.1.0 format:check
> prettier --check "src/**/*.{ts,tsx,js,jsx,json,md}"

Checking formatting...
[warn] src/components/GraphChart.tsx
[warn] src/components/TreemapChart.tsx
[warn] src/stories/GaugeChart.stories.tsx
[warn] Code style issues found in 3 files. Run Prettier with --write to fix.

---

This comment was automatically generated by the PR Checks workflow.

[github-actions]

✅ Security Audit Results

No high/critical vulnerabilities found

📋 View Full Security Audit Report

Security Audit Report

Generated on: Mon Aug 4 14:54:20 UTC 2025

Summary

• Total dependencies: {
  "prod": 42,
  "dev": 470,
  "optional": 47,
  "peer": 0,
  "peerOptional": 0,
  "total": 511
  }
• Development dependencies: 0

Vulnerabilities

info: 0
low: 2
moderate: 0
high: 0
critical: 0
total: 2

Detailed Audit Output

# npm audit report

@eslint/plugin-kit  <0.3.4
@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser - https://github.com/advisories/GHSA-xffm-g5w8-qvg7
fix available via `npm audit fix`
node_modules/@eslint/plugin-kit

brace-expansion  1.0.0 - 1.1.11 || 2.0.0 - 2.0.1
brace-expansion Regular Expression Denial of Service vulnerability - https://github.com/advisories/GHSA-v6h2-p8h4-qcjw
brace-expansion Regular Expression Denial of Service vulnerability - https://github.com/advisories/GHSA-v6h2-p8h4-qcjw
fix available via `npm audit fix`
node_modules/@eslint/config-array/node_modules/brace-expansion
node_modules/@eslint/eslintrc/node_modules/brace-expansion
node_modules/brace-expansion
node_modules/eslint/node_modules/brace-expansion

2 low severity vulnerabilities

To address all issues, run:
  npm audit fix
Audit completed with findings

Potential Fixes

add fsevents 2.3.3
add @rollup/rollup-win32-x64-msvc 4.41.1
add @rollup/rollup-win32-ia32-msvc 4.41.1
add @rollup/rollup-win32-arm64-msvc 4.41.1
add @rollup/rollup-linux-s390x-gnu 4.41.1
add @rollup/rollup-linux-riscv64-musl 4.41.1
add @rollup/rollup-linux-riscv64-gnu 4.41.1
add @rollup/rollup-linux-powerpc64le-gnu 4.41.1
add @rollup/rollup-linux-loongarch64-gnu 4.41.1
add @rollup/rollup-linux-arm64-musl 4.41.1
add @rollup/rollup-linux-arm64-gnu 4.41.1
add @rollup/rollup-linux-arm-musleabihf 4.41.1
add @rollup/rollup-linux-arm-gnueabihf 4.41.1
add @rollup/rollup-freebsd-x64 4.41.1
add @rollup/rollup-freebsd-arm64 4.41.1
add @rollup/rollup-darwin-x64 4.41.1
add @rollup/rollup-darwin-arm64 4.41.1
add @rollup/rollup-android-arm64 4.41.1
add @rollup/rollup-android-arm-eabi 4.41.1
add @esbuild/win32-x64 0.25.5
add @esbuild/win32-ia32 0.25.5
add @esbuild/win32-arm64 0.25.5
add @esbuild/sunos-x64 0.25.5
add @esbuild/openbsd-x64 0.25.5
add @esbuild/openbsd-arm64 0.25.5
add @esbuild/netbsd-x64 0.25.5
add @esbuild/netbsd-arm64 0.25.5
add @esbuild/linux-s390x 0.25.5
add @esbuild/linux-riscv64 0.25.5
add @esbuild/linux-ppc64 0.25.5
add @esbuild/linux-mips64el 0.25.5
add @esbuild/linux-loong64 0.25.5
add @esbuild/linux-ia32 0.25.5
add @esbuild/linux-arm64 0.25.5
add @esbuild/linux-arm 0.25.5
add @esbuild/freebsd-x64 0.25.5
add @esbuild/freebsd-arm64 0.25.5
add @esbuild/darwin-x64 0.25.5
add @esbuild/darwin-arm64 0.25.5
add @esbuild/android-x64 0.25.5
add @esbuild/android-arm64 0.25.5
add @esbuild/android-arm 0.25.5
add @esbuild/aix-ppc64 0.25.5
change brace-expansion 1.1.11 => 1.1.12
change brace-expansion 2.0.1 => 2.0.2
change @eslint/plugin-kit 0.3.1 => 0.3.4
add @eslint/core 0.15.1
change brace-expansion 1.1.11 => 1.1.12
change brace-expansion 1.1.11 => 1.1.12

added 44 packages, changed 5 packages, and audited 513 packages in 1s

111 packages are looking for funding
  run `npm fund` for details

# npm audit report

@eslint/plugin-kit  <0.3.4
@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser - https://github.com/advisories/GHSA-xffm-g5w8-qvg7
fix available via `npm audit fix`


brace-expansion  1.0.0 - 1.1.11 || 2.0.0 - 2.0.1
brace-expansion Regular Expression Denial of Service vulnerability - https://github.com/advisories/GHSA-v6h2-p8h4-qcjw
brace-expansion Regular Expression Denial of Service vulnerability - https://github.com/advisories/GHSA-v6h2-p8h4-qcjw
fix available via `npm audit fix`





2 low severity vulnerabilities

To address all issues, run:
  npm audit fix
No automatic fixes available

---

This comment was automatically generated by the Security Audit workflow.

[github-actions]

📦 Bundle Size Report

Format	Size	Gzipped	Change
ESM	1791.97 KB	489.05 KB	➡️ No change
UMD	1236.92 KB	408.86 KB	-

Details

• ESM Bundle: Modern ES modules format, tree-shakable
• UMD Bundle: Universal module definition, compatible with CommonJS, AMD, and global variables
• Gzipped sizes represent what users actually download

Size Guidelines

• 🟢 Good: < 100 KB gzipped
• 🟡 Warning: 100-500 KB gzipped
• 🔴 Large: > 500 KB gzipped

Bundle sizes are automatically tracked on every commit to main.

[github-actions]

🚦 Bundle Size Limit Check

✅ ESM Bundle: 489.05KB is within limit of 500KB
✅ UMD Bundle: 408.86KB is within limit of 600KB

These limits help maintain reasonable bundle sizes for end users.

[github-actions]

🔨 Build Check Results

Library Build

> @tryft/echarts@0.1.0 build
> tsc && vite build

vite v6.3.5 building for production...
transforming...
✓ 1173 modules transformed.
rendering chunks...
computing gzip size...
dist/index.esm.js  1,834.99 kB │ gzip: 499.95 kB
dist/index.umd.js  1,266.61 kB │ gzip: 420.02 kB
✓ built in 6.91s
 // Truncate to last 1000 chars

Storybook Build

: 160.65 kB
storybook-static/assets/BaseEChart-Bhglt4V-.js                1,123.93 kB │ gzip: 373.33 kB
storybook-static/assets/iframe-BuVuBvuB.js                    1,279.53 kB │ gzip: 356.83 kB

(!) Some chunks are larger than 500 kB after minification. Consider:
- Using dynamic import() to code-split the application
- Use build.rollupOptions.output.manualChunks to improve chunking: https://rollupjs.org/configuration-options/#output-manualchunks
- Adjust chunk size limit for this warning via build.chunkSizeWarningLimit.
✓ built in 13.32s
info => Preview built (16 s)
info => Output directory: /home/runner/work/tryft-echarts/tryft-echarts/storybook-static

attention => Storybook now collects completely anonymous telemetry regarding usage.
This information is used to shape Storybook's roadmap and prioritize features.
You can learn more, including how to opt-out if you'd not like to participate in this anonymous program, by visiting the following URL:
https://storybook.js.org/telemetry

 // Truncate to last 1000 chars

Test Results

> @tryft/echarts@0.1.0 test
> npm run type-check && npm run lint


> @tryft/echarts@0.1.0 type-check
> tsc --noEmit


> @tryft/echarts@0.1.0 lint
> eslint src --ext ts,tsx --report-unused-disable-directives --max-warnings 0

 // Truncate to last 1000 chars

Bundle Size Analysis

• ESM Bundle: 1791.97 KB
• UMD Bundle: 1236.92 KB

Gzipped Sizes

• ESM Bundle (gzipped): 489.05 KB
• UMD Bundle (gzipped): 408.86 KB

---

This comment was automatically generated by the PR Checks workflow.

[github-actions]

🔀 Merge Simulation Results

Merge Attempt

Automatic merge went well; stopped before committing as requested

Post-Merge Testing

Testing merged state...

> @tryft/echarts@0.1.0 prepare
> husky


added 468 packages, and audited 469 packages in 4s

111 packages are looking for funding
  run `npm fund` for details

2 low severity vulnerabilities

To address all issues, run:
  npm audit fix

Run `npm audit` for details.

> @tryft/echarts@0.1.0 build
> tsc && vite build

vite v6.3.5 building for production...
transforming...
✓ 1173 modules transformed.
rendering chunks...
computing gzip size...
dist/index.esm.js  1,834.99 kB │ gzip: 499.95 kB
dist/index.umd.js  1,266.61 kB │ gzip: 420.02 kB
✓ built in 6.43s

> @tryft/echarts@0.1.0 test
> npm run type-check && npm run lint


> @tryft/echarts@0.1.0 type-check
> tsc --noEmit


> @tryft/echarts@0.1.0 lint
> eslint src --ext ts,tsx --report-unused-disable-directives --max-warnings 0

 // Truncate to last 1500 chars

---

This comment was automatically generated by the PR Checks workflow.

[github-actions]

📋 PR Checks Summary

Check	Status	Result
Lint Check	✅	success
Build Check	✅	success
Merge Simulation	✅	success

🎉 All checks passed! This PR is ready for review.

---

This summary was automatically generated by the PR Checks workflow.