Provide regl-based traces in the strict bundle

[yujin-wu]

Issue

Regl traces (splom, scattergl, scatterpolargl, parcoords) are not CSP compliant.
cc: #897

Changes

• Add 3 new traces - scattergl-strict, splom-strict, parcoords-strict, which are CSP compliant versions of the scattergl, splom and parcoords traces.
• Added 4 traces to the strict build - scattergl-strict, scatterpolargl, parcoords-strict, splom-strict.
• Added regl codegen tool, via npm run regl-codegen

TODO blocking

• Update regl version after required regl PR is through Plotly - device-independent and stable codegen + codegen cache. regl-project/regl#637
• Tests
• Update Readme

[yujin-wu]

So some background:

• Every regl shader creates (hopefully the same) unique code. A PR is submitted in regl to make its codegen stable, meaning
  • making sure that the same shader generates the same code on any device and on any codegen execution order (regl uses incrementing IDs to generate various things like variable names and ids)
• Our regl traces end up using some fixed regl shaders.
• We need tool to quickly generate code in case:
  • our dependencies change the shaders in any slight way, or
  • we update our regl traces in some way to use different shaders, or
  • if regl updates.

Some iffy parts:

• I have decieded to put the generated code into the src directory itself. This is so:
  • building of bundles that need the codegen code can happen headlessly
  • it would be more apparent when generated code is inconsistent across devices - every developer's computer, after running npm run regl-codegen, should produce no diffs.
    but idk if it's too polluting of the src dir?

[archmoj]

Why those strict bundles are excluded from this test?
Please revert this change.
Thank you.

[archmoj]

Hmm... so the Function.apply(...) ends up in the strict bundle but it never get called?
@alexcjohnson what's your suggestion here?

[yujin-wu]

Yes indeed that's the reason. I admit it was hackier to exclude it here because ironically it is the whole point of the check.

To remove reference to it we would have to make a second build of regl right? Say, regl-strict? If the intention of the check is to catch mistakes then can this be an exception?

[alexcjohnson]

Yes, that makes sense. Let's leave this as is for now, but make an issue to come back to it with a second build of regl that can only be used with precompiled functions and does not include the codegen code at all, simply throwing an error if a matching precompiled function isn't included. For anyone that uses this in a CSP-restricted environment an error is what would happen anyway if for some reason we tried to generate a missing function, so that code is merely wasted bytes, not a vulnerability.

[archmoj]

Let's duplicate parcoords/index content here and then replace plot with plot-strict in this file.
That way the content of parcoords/plot.js won't be included in the bundle.
On another note - wondering can't we move this index into the parcoords folder and name it index-strict instead?

[yujin-wu]

wondering can't we move this index into the parcoords folder and name it index-strict instead?

A bunch of build stuff relies on traces having their own folders and I didn't want to mess around with that too much

That way the content of parcoords/plot.js won't be included in the bundle.

plot-strict is just a wrapper around plot after all and plot would need to be in both bundles.

[alexcjohnson]

💃 Fantastic work, a team effort by @yujin-wu and @archmoj 🏆

Just a tiny comment on the bundle docs, then let's do it!

[archmoj]

Thanks @yujin-wu for the remarkable contribution! 🎖️ 🏅 🥇