fix(flowchart): warn when click event binding fails due to securityLevel

[Vi-Ku]

Summary

Fixes #6809

When securityLevel is not set to "loose", the click directive in flowcharts silently fails without any feedback. Users see the "clickable" CSS class applied to nodes but the actual click callback never fires, making it very difficult to debug.

Fix

Added a log.warn() message in setClickFun() (in flowDb.ts) that informs the user when a click event binding is skipped due to the security level restriction. The warning message includes:

• The current securityLevel value
• The node ID that was affected
• A clear explanation that securityLevel: "loose" is required

Example Warning

"click" event bindings are only supported when securityLevel is set to "loose". Current securityLevel: "strict". Not binding click event for node "getOriginalTrack".

Testing

The log module from ../../logger.js is already imported and used elsewhere in flowDb.ts, so no new dependencies are introduced.

[netlify]

✅ Deploy Preview for mermaid-js ready!

Name	Link
🔨 Latest commit	e3c3d5a
🔍 Latest deploy log	https://app.netlify.com/projects/mermaid-js/deploys/69ca224a36e3b30008a30fea
😎 Deploy Preview	https://deploy-preview-7553--mermaid-js.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[changeset-bot]

⚠️ No Changeset found

Latest commit: e3c3d5a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[pkg-pr-new]

Open in StackBlitz

@mermaid-js/examples

npm i https://pkg.pr.new/@mermaid-js/examples@7553

mermaid

npm i https://pkg.pr.new/mermaid@7553

@mermaid-js/layout-elk

npm i https://pkg.pr.new/@mermaid-js/layout-elk@7553

@mermaid-js/layout-tidy-tree

npm i https://pkg.pr.new/@mermaid-js/layout-tidy-tree@7553

@mermaid-js/mermaid-zenuml

npm i https://pkg.pr.new/@mermaid-js/mermaid-zenuml@7553

@mermaid-js/parser

npm i https://pkg.pr.new/@mermaid-js/parser@7553

@mermaid-js/tiny

npm i https://pkg.pr.new/@mermaid-js/tiny@7553

commit: e3c3d5a

[codecov]

Codecov Report

❌ Patch coverage is 0% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 3.34%. Comparing base (e9d4c11) to head (e3c3d5a).

Files with missing lines	Patch %	Lines
packages/mermaid/src/diagrams/flowchart/flowDb.ts	0.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           develop   #7553      +/-   ##
==========================================
- Coverage     3.34%   3.34%   -0.01%     
==========================================
  Files          524     525       +1     
  Lines        55256   55269      +13     
  Branches       795     795              
==========================================
  Hits          1850    1850              
- Misses       53406   53419      +13     

Flag	Coverage Δ
unit	3.34% <0.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
packages/mermaid/src/diagrams/flowchart/flowDb.ts	0.00% <0.00%> (ø)

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.