Merge remote-tracking branch 'origin/master' into esbuild

* origin/master: (789 commits)
  Updated the release version to 9.1.4
  Better balance check
  chore(deps-dev): bump @commitlint/config-conventional (mermaid-js#3179)
  chore(deps-dev): bump lint-staged from 13.0.2 to 13.0.3 (mermaid-js#3177)
  chore(deps-dev): bump cypress from 10.1.0 to 10.2.0 (mermaid-js#3178)
  chore(deps-dev): bump @commitlint/cli from 17.0.2 to 17.0.3 (mermaid-js#3180)
  chore: update browsers list
  fix: typo for source
  fix: typo in cypress
  Add dev install section in contributing.md
  update doc typos/clarity (mermaid-js#3145)
  Update links to `mermaid.live` (mermaid-js#3163)
  fix mermaid-js#3019 Add word boundary to FK&PK. (mermaid-js#3168)
  Run testomatio only for PRs within org. (mermaid-js#3165)
  chore(deps): bump got from 11.8.3 to 11.8.5 (mermaid-js#3172)
  fix: De-duplicates dependencies (mermaid-js#3167)
  Updated allowed characters to accomodate fonts and rgba colors
  fix: Typo for documents and comments
  Sanitizsation of incoming variables that are added to the userStyles
  Only allowing a subset of characters in themeVariables
  ...

.commitlintrc.json

@@ -0,0 +1,5 @@
+{
+    "extends": [
+        "@commitlint/config-conventional"
+    ]
+}

.eslintignore

@@ -1 +1,3 @@
-**/*.spec.js
+dist/**
+.github/**
+docs/Setup.md

.eslintrc.json

@@ -2,19 +2,51 @@
   "env": {
     "browser": true,
     "es6": true,
+    "jest/globals": true,
     "node": true
   },
   "parser": "@babel/eslint-parser",
   "parserOptions": {
-      "ecmaFeatures": {
-          "experimentalObjectRestSpread": true,
-          "jsx": true
-      },
-      "sourceType": "module"
+    "ecmaFeatures": {
+      "experimentalObjectRestSpread": true,
+      "jsx": true
+    },
+    "sourceType": "module"
   },
-  "extends": ["prettier", "eslint:recommended"],
-  "plugins": ["prettier"],
+  "extends": [
+    "eslint:recommended",
+    "plugin:jsdoc/recommended",
+    "plugin:json/recommended",
+    "plugin:markdown/recommended",
+    "plugin:prettier/recommended"
+  ],
+  "plugins": ["html", "jest", "jsdoc", "json", "prettier"],
   "rules": {
-    "prettier/prettier": ["error"]
-  }
+    "no-prototype-builtins": "off",
+    "no-unused-vars": "off",
+    "jsdoc/check-indentation": "off",
+    "jsdoc/check-alignment": "off",
+    "jsdoc/check-line-alignment": "off",
+    "jsdoc/multiline-blocks": "off",
+    "jsdoc/newline-after-description": "off",
+    "jsdoc/tag-lines": "off",
+    "cypress/no-async-tests": "off",
+    "json/*": ["error", "allowComments"],
+    "no-empty": ["error", { "allowEmptyCatch": true }]
+  },
+  "overrides": [
+    {
+      "files": "./**/*.html",
+      "rules": {
+        "no-undef": "off",
+        "jsdoc/require-jsdoc": "off"
+      }
+    },
+    {
+      "files": "./**/*.md/*.html",
+      "rules": {
+        "prettier/prettier": "off"
+      }
+    }
+  ]
 }

.gitattributes

@@ -0,0 +1 @@
+* text=auto

.github/ISSUE_TEMPLATE/bug_report.md

@@ -24,7 +24,7 @@ A clear and concise description of what you expected to happen.
 If applicable, add screenshots to help explain your problem.
 
 **Code Sample**
-If applicable, add the code sample or a link to the [live editor](https://mermaid-js.github.io/mermaid-live-editor).
+If applicable, add the code sample or a link to the [live editor](https://mermaid.live).
 
 **Desktop (please complete the following information):**
  - OS: [e.g. iOS]

.github/codeql/codeql-config.yml

@@ -0,0 +1,4 @@
+name: "CodeQL config"
+paths-ignore:
+  - dist
+  - cypress

.github/dependabot.yml

@@ -1,12 +1,17 @@
 version: 2
 updates:
 - package-ecosystem: npm
+  open-pull-requests-limit: 10
   directory: /
   target-branch: develop
   schedule:
     interval: weekly
+    day: monday
+    time: "07:00"
 - package-ecosystem: github-actions
   directory: /
   target-branch: develop
   schedule:
     interval: weekly
+    day: monday
+    time: "07:00"

.github/pull_request_template.md

@@ -8,6 +8,6 @@ Describe the way your implementation works or what design decisions you made if
 
 ### :clipboard: Tasks
 Make sure you
-- [ ] :book: have read the [contribution guidelines](https://github.com/mermaid-js/mermaid/blob/develop/CONTRIBUTING.md) 
-- [ ] :computer: have added unit/e2e tests (if appropriate) 
-- [ ] :bookmark: targeted `develop` branch 
+- [ ] :book: have read the [contribution guidelines](https://github.com/mermaid-js/mermaid/blob/develop/CONTRIBUTING.md)
+- [ ] :computer: have added unit/e2e tests (if appropriate)
+- [ ] :bookmark: targeted `develop` branch

.github/stale.yml

@@ -15,5 +15,5 @@ markComment: >
   If you are still interested in this issue and it is still relevant you can comment to revive it.
 # Comment to post when closing a stale issue. Set to `false` to disable
 closeComment: >
-  This issue has been been automatically closed due to a lack of activity. 
-  This is done to maintain a clean list of issues that the community is interested in developing. 
+  This issue has been been automatically closed due to a lack of activity.
+  This is done to maintain a clean list of issues that the community is interested in developing.

.github/workflows/build.yml

@@ -1,6 +1,15 @@
 name: Build
 
-on: [push, pull_request]
+on:
+  push: {}
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - ready_for_review
+
+permissions:
+  contents: read
 
 jobs:
   build:
@@ -9,10 +18,10 @@ jobs:
       matrix:
         node-version: [16.x]
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     - name: Setup Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v2
+      uses: actions/setup-node@v3
       with:
         cache: yarn
         node-version: ${{ matrix.node-version }}
@@ -30,29 +39,7 @@ jobs:
       run: yarn build
 
     - name: Upload Build as Artifact
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v3
       with:
         name: dist
         path: dist
-
-    - name: Run Unit Tests
-      run: |
-        yarn test --coverage
-
-    #- name: Upload Test Results
-    #  uses: coverallsapp/github-action@v1.0.1
-    #  with:
-    #    github-token: ${{ secrets.GITHUB_TOKEN }}
-    #    parallel: true
-
-    # - name: Run E2E Tests
-    #   run: yarn e2e
-    #   env:
-    #     PERCY_TOKEN: ${{ secrets.PERCY_TOKEN }}
-    #     CYPRESS_CACHE_FOLDER: .cache/Cypress
-
-    #- name: Post Upload Test Results
-    #  uses: coverallsapp/github-action@master
-    #  with:
-    #    github-token: ${{ secrets.GITHUB_TOKEN }}
-    #    parallel-finished: true

.github/workflows/check-readme-in-sync.yml

@@ -0,0 +1,35 @@
+# Reference: https://github.com/Yash-Singh1/eslint-plugin-userscripts/blob/main/.github/workflows/readme-in-sync.yml
+
+name: Check if README and docs/README are in sync
+
+on:
+  push:
+    branches:
+      - gh-pages
+  pull_request:
+    branches:
+      - gh-pages
+
+permissions:
+  contents: read
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Check for difference in README.md and docs/README.md
+        run: |
+          if [ -z "$(diff README.md docs/README.md --brief)" ]
+          then
+            echo "README.md and docs/README.md are in sync"
+          else
+            echo "Make sure that README.md and docs/README.md are in sync"
+            echo
+            echo "Difference:"
+            echo
+            diff README.md docs/README.md -u
+            exit 1
+          fi

.github/workflows/checks → .github/workflows/checks.yml

@@ -1,19 +1,25 @@
-on: [push]
+on:
+  push: {}
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - ready_for_review
 
 name: Static analysis
 
 jobs:
   test:
     runs-on: ubuntu-latest
     name: check tests
+    if: github.repository_owner == 'mermaid'
     steps:
     - uses: actions/checkout@v2
       with:
         fetch-depth: 0
     - uses: testomatio/check-tests@stable
       with:
         framework: cypress
-        tests: "./cypress/integration/**/**.spec.js"
+        tests: "./cypress/e2e/**/**.spec.js"
         token: ${{ secrets.GITHUB_TOKEN }}
         has-tests-label: true
-

.github/workflows/codeql.yml

@@ -0,0 +1,63 @@
+
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ develop ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ develop ]
+    types:
+      - opened
+      - synchronize
+      - ready_for_review
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        config-file: ./.github/codeql/codeql-config.yml
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2

.github/workflows/dependency-review.yml

@@ -0,0 +1,20 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Reqest, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v3
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v2

.github/workflows/e2e.yml → .github/workflows/e2e

@@ -2,17 +2,20 @@ name: E2E
 
 on: [push, pull_request]
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
     strategy:
       matrix:
         node-version: [16.x]
     steps:
-    - uses: actions/checkout@v2.3.4
+    - uses: actions/checkout@v3
 
     - name: Setup Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v2
+      uses: actions/setup-node@v3
       with:
         cache: yarn
         node-version: ${{ matrix.node-version }}
@@ -29,24 +32,7 @@ jobs:
     - name: Run Build
       run: yarn build
 
-    # - name: Run e2e Tests
-    #   run: |
-    #     yarn e2e
-
-    #- name: Upload Test Results
-    #  uses: coverallsapp/github-action@v1.0.1
-    #  with:
-    #    github-token: ${{ secrets.GITHUB_TOKEN }}
-    #    parallel: true
-
     - name: Run E2E Tests
       run: yarn e2e
       env:
-        PERCY_TOKEN: ${{ secrets.PERCY_TOKEN }}
         CYPRESS_CACHE_FOLDER: .cache/Cypress
-
-    #- name: Post Upload Test Results
-    #  uses: coverallsapp/github-action@master
-    #  with:
-    #    github-token: ${{ secrets.GITHUB_TOKEN }}
-    #    parallel-finished: true

.github/workflows/issue-triage.yml

@@ -8,7 +8,7 @@ jobs:
   triage:
     runs-on: ubuntu-latest
     steps:
-    - uses: andymckay/labeler@1.0.3
+    - uses: andymckay/labeler@1.0.4
       with:
         repo-token: "${{ secrets.GITHUB_TOKEN }}"
         add-labels: "Status: Triage"