Bump bokeh from 0.12.16 to 3.8.2

[dependabot]

Bumps bokeh from 0.12.16 to 3.8.2.

Changelog

Sourced from bokeh's changelog.

2026-01-06 3.8.2:

• bugfixes:

  • #14768 [component: server] Incomplete Origin Validation in WebSockets in Bokeh server applications

• tasks:

  • #14767 Backports for 3.8.2

2025-11-07 3.8.1:

• bugfixes:

  • #14618 [component: docs] Local documentation build fails with Extension error (sphinxext.opengraph)
  • #14626 [component: docs] Local documentation fails on Windows because of missing svg icons
  • #14651 [component: bokehjs] HoverTool parameter @$name for stacked bar chart not working in version 3.8.0

• tasks:

  • #14704 Backports for 3.8.1

2025-08-29 3.8:

• bugfixes:
  • #12430 [component: bokehjs] [BUG] Step glyphs do not support linked brushing
  • #12994 [component: bokehjs] [BUG] Patch does not output under certain conditions
  • #13616 [component: bokehjs] [BUG] DateRangePicker value does not reflect value in browser when selection is aborted
  • #14334 js_on_change not firing when range is updated in range tool
  • #14352 [component: bokehjs] Log Axis and Range1d < 1 failing
  • #14383 [component: bokehjs] SerializationError: circular reference When Passing List of Renderers to CustomJS Callbacks, but not when passing renderers sperately.
  • #14396 [component: examples] Remove context from time of day in span example
  • #14399 Bad typings for list_attr_splat (e.g. Plot.axis)
  • #14413 [component: bokehjs] ValueRef formatter does not handle datetime nullable well
  • #14420 [component: bokehjs] Enhance performance of WebGL multi_marker
  • #14422 [component: bokehjs] Legend renderer not correctly positioned when saved with SaveTool
  • #14424 [component: bokehjs] Patches with no data does not show plot with Bokeh 3.7+
  • #14458 [component: bokehjs] Removing and re-adding DOM nodes causes React problems
  • #14461 [component: tests] The regression test for issue #14207 is unreliable
  • #14468 [component: docs] Try on CodePen link does not work in documentation /docs/user_guide/advanced/bokehjs.html
  • #14469 [component: bokehjs] Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true
  • #14476 Improve handling of pd.NA in Property.matches
  • #14497 mypy 1.15.0 fails in CI but not locally
  • #14499 [component: docs] IndexError on importing bokeh.sphinxext.bokeh_plot
  • #14520 [component: bokehjs] BokehJS complains about categorical factors for the BoxAnnotation widget
  • #14536 Flex layouts need to apply min_width and min_height selectively
  • #14540 [component: tests] Tests are failing on Windows and Python 3.10 after PR #14531
  • #14541 New SVG icons have inconsistent line widths
  • #14554 Add support for scalar uint32 color input.
  • #14565 [component: bokehjs] DataTable source update broken
  • #14574 [component: build] grammar build script failing with whitespace in path
  • #14597 [component: bokehjs] document_ready even trigger twice with Bokeh 3.4.0.dev4
  • #14602 [component: bokehjs] Layoutable components in side panels don't appear in exported images
  • #14620 Re-connect race condition on page reload

... (truncated)

Commits

• e5ce879 Deployment updates for release 3.8.2
• 2b3ee10 Don't validate npm credentials due to OICD limitations in npm (#14769)
• 756e3ae Migrate from NPM tokens to trusted providers for publishing in CI (#14766)
• 2f225a1 Update dependencies in build environment (#14758)
• 69d197c update switcher.json
• d915c8b update to latest ruff (#14661)
• 5f9f7b6 update release notes
• cedd113 handle wildcard host with port correctly
• a961ab7 small CI fixes for advisory fork merge
• d62939a Merge commit from fork
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Note

Dependency update

• Updates bokeh in requirements.txt from 0.12.16 to 3.8.2.
• Large version jump that may introduce API/behavior changes for any code using bokeh.

^{Written by Cursor Bugbot for commit 49c8693. This will update automatically on new commits. Configure here.}

[cursor]

This PR is being reviewed by Cursor Bugbot

Details

Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

[cursor]

Bokeh 3.8.2 incompatible with pinned numpy version

High Severity

Upgrading bokeh to 3.8.2 creates a dependency conflict with numpy==1.14.3 pinned on line 6. Bokeh 3.x requires numpy >= 1.21.0 (approximately), but the requirements file still pins a 2018-era numpy version. Running pip install -r requirements.txt will fail due to unsatisfiable dependency constraints. Additionally, bokeh 3.x requires Python 3.9+, but the codebase in visualization.py uses Python 2 syntax.

Additional Locations (1)

• requirements.txt#L5-L6