Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency mathjs to v7 [SECURITY] - abandoned - autoclosed #859

Closed
wants to merge 1 commit into from
Closed

Update dependency mathjs to v7 [SECURITY] - abandoned - autoclosed #859

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented May 10, 2021
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
mathjs (source) ^5.0.0 -> ^7.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2020-7743

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.

Release Notes

josdejong/mathjs

v7.5.1

Compare Source

  • Fix object pollution vulnerability in math.config. Thanks Snyk.

v7.5.0

Compare Source

  • Function pickRandom now allows randomly picking elements from matrices
    with 2 or more dimensions instead of only from a vector, see #​1974.
    Thanks @​KonradLinkowski.

v7.4.0

Compare Source

  • Implemented support for passing a precision in functions ceil, floor,
    and fix, similar to round, see #​1967, #​1901. Thanks @​rnd-debug.
  • Implemented function rotationMatrix, see #​1160, #​1984. Thanks @​rnd-debug.
  • Implement a clear error message when using sqrtm with a matrix having
    more than two dimensions. Thanks @​KonradLinkowski.
  • Update dependency decimal.js to 10.2.1.

v7.3.0

Compare Source

  • Implemented functions usolveAll and lsolveAll, see #​1916. Thanks @​m93a.
  • Implemented support for units in functions std and variance, see #​1950.
    Thanks @​rnd-debug.
  • Implemented support for binary, octal, and hexadecimal notation in the
    expression parser, and implemented functions bin, oct, and hex for
    formatting. Thanks @​clnhlzmn.
  • Fix #​1964: inconsistent calculation of negative dividend modulo for
    BigNumber and Fraction. Thanks @​ovk.

v7.2.0

Compare Source

v7.1.0

Compare Source

  • Implement support for recursion (self-referencing) of typed-functions,
    new in [email protected]. This fixes #​1885: functions which where
    extended with a new data type did not always work. Thanks @​nickewing.
  • Fix #​1899: documentation on expression trees still using old namespace
    math.expression.node.* instead of math.*.

v7.0.2

Compare Source

  • Fix #​1882: have DenseMatrix.resize and SparseMatrix.resize accept
    DenseMatrix and SparseMatrix as inputs too, not only Array.
  • Fix functions sum, prod, min, and max not throwing a conversion error
    when passing a single string, like sum("abc").

v7.0.1

Compare Source

  • Fix #​1844: clarify the documentation of function eigs. Thanks @​Lazersmoke.
  • Fix #​1855: Fix error in the documentation for math.nthRoots(x).
  • Fix #​1856: make the library robust against Object prototype pollution.

v7.0.0

Compare Source

Breaking changes:

  • Improvements in calculation of the dot product of complex values.
    The first argument is now conjugated. See #​1761. Thanks @​m93a.
  • Dropped official support for Node.js v8 which has reached end of life.
  • Removed all deprecation warnings introduced in v6.
    To upgrade smoothly from v5 to v7 or higher, upgrade to v6 first
    and resolve all deprecation warnings.

v6.6.5

Compare Source

  • Fix #​1834: value Infinity cannot be serialized and deserialized.
    This is solved now with a new math.replacer function used as
    JSON.stringify(value, math.replacer).
  • Fix #​1842: value Infinity not turned into the latex symbol \\infty.

v6.6.4

Compare Source

  • Fix published files containing Windows line endings (CRLF instead of LF).

v6.6.3

Compare Source

  • Fix #​1813: bug in engineering notation for numbers of function format,
    sometimes resulting in needless trailing zeros.
  • Fix #​1808: methods .toNumber() and .toNumeric() not working on a
    unitless unit.
  • Fix #​1645: not being able to use named operators mod, and, not, or,
    xor, to, in as object keys. Thanks @​Veeloxfire.
  • Fix eigs not using config.epsilon.

v6.6.2

Compare Source

  • Fix #​1789: Function eigs not calculating with BigNumber precision
    when input contains BigNumbers.
  • Run the build script during npm prepare, so you can use the library
    directly when installing directly from git. See #​1751. Thanks @​cinderblock.

v6.6.1

Compare Source

v6.6.0

Compare Source

  • Implemented function eigs, see #​1705, #​542 #​1175. Thanks @​arkajitmandal.
  • Fixed #​1727: validate matrix size when creating a DenseMatrix using
    fromJSON.
  • Fixed DenseMatrix.map copying the size and datatype from the original
    matrix instead of checking the returned dimensions and type of the callback.
  • Add a caret to dependencies (like) ^1.2.3) to allow downstream updates
    without having to await a new release of mathjs.

v6.5.0

Compare Source

v6.4.0

Compare Source

  • Extended function dimension with support for n-dimensional points.
    Thanks @​Veeloxfire.

v6.3.0

Compare Source

  • Improved performance of factorial for BigNumber up to a factor two,
    see #​1687. Thanks @​kmdrGroch.

v6.2.5

Compare Source

  • Fixed IndexNode using a hardcoded, one-based implementation of index,
    making it impossible to instantiate a zero-based version of the expression
    parser. See #​782.

v6.2.4

Compare Source

v6.2.3

Compare Source

  • Fixed #​1640: function mean not working for units. Thanks @​clintonc.
  • Fixed #​1639: function min listed twice in the "See also" section of the
    embedded docs of function std.
  • Improved performance of isPrime, see #​1641. Thanks @​arguiot.

v6.2.2

Compare Source

  • Fixed methods map and clone not copying the dotNotation property of
    IndexNode. Thanks @​rianmcguire.
  • Fixed a typo in the documentation of toHTML. Thanks @​maytanthegeek.
  • Fixed #​1615: error in the docs of isNumeric.
  • Fixed #​1628: Cannot call methods on empty strings or numbers with value 0.

v6.2.1

Compare Source

  • Fixed #​1606: function format not working for expressions.

v6.2.0

Compare Source

  • Improved performance of combinationsWithRep. Thanks @​waseemyusuf.
  • Add unit aliases bit and byte.
  • Fix docs referring to bit and byte instead of bits and bytes.
  • Updated dependency [email protected].

v6.1.0

Compare Source

v6.0.4

Compare Source

  • Fixed #​1554, #​1565: ES Modules where not transpiled to ES5, giving issues on
    old browsers. Thanks @​mockdeep for helping to find a solution.

v6.0.3

Compare Source

  • Add unpkg and jsdelivr fields in package.json pointing to UMD build.
    Thanks @​tmcw.
  • Fix #​1550: nested user defined function not receiving variables of an
    outer user defined function.

v6.0.2

Compare Source

  • Fix not being able to set configuration after disabling function import
    (regression since v6.0.0).

v6.0.1

Compare Source

  • Fix function reference not published in npm library.
  • Fix function evaluate and parse missing in generated docs.

v6.0.0

Compare Source

!!! BE CAREFUL: BREAKING CHANGES !!!

Most notable changes

  1. Full support for ES modules. Support for tree-shaking out of the box.

    Load all functions:

    import * as math from 'mathjs'

    Use a few functions:

    import { add, multiply } from 'mathjs'

    Load all functions with custom configuration:

    import { create, all } from 'mathjs'
const config = { number: 'BigNumber' }
const math = create(all, config)

    Load a few functions with custom configuration:

    import { create, addDependencies, multiplyDependencies } from 'mathjs'
const config = { number: 'BigNumber' }
const { add, multiply } = create({
  addDependencies,
  multiplyDependencies
}, config)

  2. Support for lightweight, number-only implementations of all functions:

    import { add, multiply } from 'mathjs/number'

  3. New dependency injection solution used under the hood.

Breaking changes

  • Node 6 is no longer supported.

  • Functions config and import are not available anymore in the global
    context:

    // v5
import * as mathjs from 'mathjs'
mathjs.config(...) // error in v6.0.0
mathjs.import(...) // error in v6.0.0

    Instead, create your own mathjs instance and pass config and imports
    there:

    // v6
import { create, all } from 'mathjs'
const config = { number: 'BigNumber' }
const mathjs = create(all, config)
mathjs.import(...)

  • Renamed function typeof to typeOf, var to variance,
    and eval to evaluate. (the old function names are reserved keywords
    which can not be used as a variable name).

  • Deprecated the Matrix.storage function. Use math.matrix instead to create
    a matrix.

  • Deprecated function math.expression.parse, use math.parse instead.
    Was used before for example to customize supported characters by replacing
    math.parse.isAlpha.

  • Moved all classes like math.type.Unit and math.expression.Parser to
    math.Unit and math.Parser respectively.

  • Fixed #​1428: transform iterating over replaced nodes. New behavior
    is that it stops iterating when a node is replaced.

  • Dropped support for renaming factory functions when importing them.

  • Dropped fake BigNumber support of function erf.

  • Removed all index.js files used to load specific functions instead of all, like:

    // v5
// ... set up empty instance of mathjs, then load a set of functions:
math.import(require('mathjs/lib/function/arithmetic'))

    Individual functions are now loaded simply like:

    // v6
import { add, multiply } from 'mathjs'

    To set a specific configuration on the functions:

    // v6
import { create, addDependencies, multiplyDependencies } from 'mathjs'
const config = { number: 'BigNumber' }
const math = create({ addDependencies, multiplyDependencies }, config)

    See example advanced/custom_loading.js.

  • Updated the values of all physical units to their latest official values.
    See #​1529. Thanks @​ericman314.

Non breaking changes
  • Implemented units t, tonne, bel, decibel, dB, and prefixes
    for candela. Thanks @​mcvladthegoat.
  • Fixed epsilon setting being applied globally to Complex numbers.
  • Fix math.simplify('add(2, 3)') throwing an error.
  • Fix #​1530: number formatting first applied lowerExp and upperExp
    and after that rounded the value instead of the other way around.
  • Fix #​1473: remove 'use strict' in every file, not needed anymore.

v5.10.3

Compare Source

  • Fixed dependency del being a dependency instead of devDependency.

v5.10.2

Compare Source

  • Fix #​1515, #​1516, #​1517: broken package due to a naming conflict in
    the build folder of a util file typeOf.js and typeof.js.
    Solved by properly cleaning all build folders before building.

v5.10.1

Compare Source

  • Fix #​1512: format using notation engineering can give wrong results
    when the value has less significant digits than the number of digits in
    the output.

v5.10.0

Compare Source

  • Fix lib/header.js not having filled in date and version. Thanks @​kevjin.
  • Upgraded dependency [email protected], fixing an issue on node.js 12.

v5.9.0

Compare Source

  • Implemented functions row and column (see #​1413). Thanks @​SzechuanSage.
  • Fixed #​1459: engineering notation of function format not available
    for BigNumber.
  • Fixed #​1465: node.toHTML() not correct for unary operators like
    factorial.

v5.8.0

Compare Source

  • Implemented new function apply. Thanks @​bnlcas.
  • Implemented passing an optional dimension argument to std and var.
    Thanks @​bnlcas.

v5.7.0

Compare Source

v5.6.0

Compare Source

  • Upgrade decimal.js to v10.1.1 (#​1421).
  • Fixed #​1418: missing whitespace when stringifying an expression
    containing "not".

v5.5.0

Compare Source

  • Fixed #​1401: methods map and forEach of SparseMatrix not working
    correctly when indexes are unordered.
  • Fixed #​1404: inconsistent rounding of negative numbers.
  • Upgrade tiny-emitter to v2.1.0 (#​1397).

v5.4.2

Compare Source

  • Fixed math.format not working for BigNumbers with a precision above
    1025 digits (see #​1385). Thanks @​ericman314.
  • Fixed incorrect LaTeX output of RelationalNode. Thanks @​rianmcguire.
  • Fixed a bug the methods map, forEach, traverse, and transform
    of FunctionNode.

v5.4.1

Compare Source

  • Fix #​1378: negative bignumbers not formatted correctly.
  • Upgrade fraction.js to version 4.0.12 (#​1369).

v5.4.0

Compare Source

  • Extended sum.js to accept a dimension input to calculate the sum over a
    specific axis. Thanks @​bnlcas.
  • Fix #​1328: objects can't be written multi-line. Thanks @​GHolk.
  • Remove side effects caused by Unit.format and Unit.toString,
    making changes to the unit on execution. Thanks @​ericman314.

v5.3.1

Compare Source

v5.3.0

Compare Source

v5.2.3

Compare Source

v5.2.2

Compare Source

v5.2.1

Compare Source

v5.2.0

Compare Source

  • Implemented support for chained conditionals like 10 < x <= 50.
    Thanks @​ericman314.
  • Add an example showing a proof of concept of using BigInt in mathjs.
  • Fixed #​1269: Bugfix for BigNumber divided by unit. Thanks @​ericman314.
  • Fixed #​1240: allow units having just a value and no unit.
    Thanks @​ericman314.

2018-09-09, version 5.1.2

2018-08-21, version 5.1.1

  • Function isNumeric now recognizes more types.
  • Fixed #​1214: functions sqrt, max, min, var, std, mode, mad,
    median, and partitionSelect not neatly handling NaN inputs. In some
    cases (median, mad, and partitionSelect) this resulted in an infinite
    loop.
  • Upgraded dependencies ([email protected])
  • Upgraded devDependencies ([email protected])

2018-08-12, version 5.1.0

2018-07-22, version 5.0.4

  • Strongly improved the performance of functions factorial for numbers.
    This improves performance of functions gamma, permutation, and
    combination too. See #​1170. Thanks @​honeybar.
  • Strongly improved the performance of function reshape, thanks to a
    friend of @​honeybar.

2018-07-14, version 5.0.3

  • Fixed many functions (for example add and subtract) not working
    with matrices having a datatype defined.
  • Fixed #​1147: bug in format with engineering notation in outputting
    the correct number of significant figures. Thanks @​ericman314.
  • Fixed #​1162: transform functions not being cleaned up when overriding
    it by importing a factory function with the same name.
  • Fixed broken links in the documentation. Thanks @​stropitek.
  • Refactored the code of parse into a functional approach.
    Thanks @​harrysarson.
  • Changed decimal.js import to ES6. Thanks @​weinshel.

2018-07-07, version 5.0.2

2018-07-01, version 5.0.1

  • Improved error messaging when converting units. Thanks @​gap777.
  • Upgraded devDependencies (kerma, uglify-js, webpack).

2018-06-16, version 5.0.0

!!! BE CAREFUL: BREAKING CHANGES !!!

  • Implemented complex conjugate transpose math.ctranspose. See #​1097.
    Thanks @​jackschmidt.
  • Changed the behavior of A' (transpose) in the expression parser to
    calculate the complex conjugate transpose. See #​1097. Thanks @​jackschmidt.
  • Added support for complex({abs: 1, arg: 1}), and improved the docs on
    complex numbers. Thanks @​ssaket.
  • Renamed eye to identity, see #​1054.
  • Math.js code can now contain ES6. The ES6 source code is moved from lib
    to src, and lib now contains the compiled ES5 code.
  • Upgraded dependencies:
    • decimal.js from 9.0.1 to 10.0.1
    • Upgraded dev dependencies
  • Changed code style to https://standardjs.com/, run linter on npm test.
    See #​1110.
  • Dropped support for bower. Use npm or an other package manages instead.
  • Dropped support for (non-primitive) instances of Number, Boolean, and
    String from functions clone and typeof.
  • Dropped official support for IE9 (probably still works, but it's not tested).
  • Fixed #​851: More consistent behavior of sqrt, nthRoot, and pow.
    Thanks @​dakotablair.
  • Fixed #​1103: Calling toTex on node that contains derivative causing
    an exception. Thanks @​joelhoover.

2018-06-02, version 4.4.2

  • Drastically improved the performance of det. Thanks @​ericman314.
  • Fixed #​1065, #​1121: Fixed wrong documentation of function
    compareNatural and clarified the behavior for strings.
  • Fixed #​1122 a regression in function inv (since v4.4.1).
    Thanks @​ericman314.

2018-05-29, version 4.4.1

2018-05-28, version 4.4.0

  • Implemented functions equalText and compareText. See #​1085.

2018-05-21, version 4.3.0

  • Implemented matrix exponential math.expm. Thanks @​ericman314.
  • Fixed #​1101: math.js bundle not working when loading in a WebWorker.
  • Upgraded dependencies
    • complex.js from v2.0.2 to v2.0.10.
    • fraction.js from v4.0.4 to v4.0.8.
  • Upgraded devDependencies (mocha, uglify-js, webpack).

2018-05-05, version 4.2.2

2018-05-02, version 4.2.1

  • Fixed dist/math.js being minified.

2018-05-02, version 4.2.0

  • Implemented function math.sqrtm. Thanks @​ferrolho.
  • Implemented functions math.log2, math.log1p, and math.expm1.
    Thanks @​BigFav and @​harrysarson.
  • Fixed some unit tests broken on nodejs v10.
  • Upgraded development dependencies.
  • Dropped integration testing on nodejs v4.

2018-04-18, version 4.1.2

  • Fixed #​1082: implemented support for unit plurals decades, centuries,
    and millennia.
  • Fixed #​1083: units decade and watt having a wrong name when stringifying.
    Thanks @​ericman314.

2018-04-11, version 4.1.1

  • Fixed #​1063: derivative not working when resolving a variable with unary
    minus like math.derivative('-x', 'x').

2018-04-08, version 4.1.0

  • Extended function math.print with support for arrays and matrices.
    Thanks @​jean-emmanuel.
  • Fixed #​1077: Serialization/deserialization to JSON with reviver not being
    supported by nodes.
  • Fixed #​1016: Extended math.typeof with support for ResultSet and nodes
    like SymbolNode.
  • Fixed #​1072: Added support for long and short prefixes for the unit bar
    (i.e. millibar and mbar).

2018-03-17, version 4.0.1

  • Fixed #​1062: mathjs not working on ES5 browsers like IE11 and Safari 9.3.
  • Fixed #​1061: math.unit not accepting input like 1/s.

2018-02-25, version 4.0.0

!!! BE CAREFUL: BREAKING CHANGES !!!

Breaking changes (see also #​682):

  • New expression compiler

    The compiler of the expression parser is replaced with one that doesn't use
    eval internally. See #​1019. This means:

    • a slightly improved performance on most browsers.
    • less risk of security exploits.
    • the code of the new compiler is easier to understand, maintain, and debug.

    Breaking change here: When using custom nodes in the expression parser,
    the syntax of _compile has changed. This is an undocumented feature though.

  • Parsed expressions

    • The class ConstantNode is changed such that it just holds a value
      instead of holding a stringified value and it's type.
      ConstantNode(valueStr, valueType) is now ConstantNode(value)
      Stringification uses math.format, which may result in differently
      formatted numeric output.

    • The constants true, false, null, undefined, NaN, Infinity,
      and uninitialized are now parsed as ConstantNodes instead of
      SymbolNodes in the expression parser. See #​833.

  • Implicit multiplication

    • Changed the behavior of implicit multiplication to have higher
      precedence than explicit multiplication and division, except in
      a number of specific cases. This gives a more natural behavior
      for implicit multiplications. For example 24h / 6h now returns 4,
      whilst 1/2 kg evaluates to 0.5 kg. Thanks @​ericman314. See: #​792.
      Detailed documentation: https://github.com/josdejong/mathjs/blob/v4/docs/expressions/syntax.md#implicit-multiplication.

    • Immediately invoking a function returned by a function like partialAdd(2)(3)
      is no longer supported, instead these expressions are evaluated as
      an implicit multiplication partialAdd(2) * (3). See #​1035.

  • String formatting

    • In function math.format, the options {exponential: {lower: number, upper: number}}
      (where lower and upper are values) are replaced with {lowerExp: number, upperExp: number}
      (where lowerExp and upperExp are exponents). See #​676. For example:

      math.format(2000, {exponential: {lower: 1e-2, upper: 1e2}})

      is now:

      math.format(2000, {lowerExp: -2, upperExp: 2})

    • In function math.format, the option notation: 'fixed' no longer rounds to
      zero digits when no precision is specified: it leaves the digits as is.
      See #​676.

  • String comparison

    Changed the behavior of relational functions (compare, equal,
    equalScalar, larger, largerEq, smaller, smallerEq, unequal)
    to compare strings by their numeric value they contain instead of
    alphabetically. This also impacts functions deepEqual, sort, min,
    max, median, and partitionSelect. Use compareNatural if you
    need to sort an array with text. See #​680.

  • Angle units

    Changed rad, deg, and grad to have short prefixes,
    and introduced radian, degree, and gradian and their plurals
    having long prefixes. See #​749.

  • Null

    • null is no longer implicitly casted to a number 0, so input like
      math.add(2, null) is no longer supported. See #​830, #​353.

    • Dropped constant uninitialized, which was used to initialize
      leave new entries undefined when resizing a matrix is removed.
      Use undefined instead to indicate entries that are not explicitly
      set. See #​833.

  • New typed-function library

    • The typed-function library used to check the input types
      of functions is completely rewritten and doesn't use eval under
      the hood anymore. This means a reduced security risk, and easier
      to debug code. The API is the same, but error messages may differ
      a bit. Performance is comparable but may differ in specific
      use cases and browsers.

Non breaking changes:

  • Thanks to the new expression compiler and typed-function implementation,
    mathjs doesn't use JavaScript's eval anymore under the hood.
    This allows using mathjs in environments with security restrictions.
    See #​401.
  • Implemented additional methods isUnary() and isBinary() on
    OperatorNode. See #​1025.
  • Improved error messages for statistical functions.
  • Upgraded devDependencies.
  • Fixed #​1014: derivative silently dropping additional arguments
    from operator nodes with more than two arguments.

2018-02-07, version 3.20.2

  • Upgraded to [email protected] (bug-fix release).
  • Fixed option implicit not being copied from an OperatorNode
    when applying function map. Thanks @​HarrySarson.
  • Fixed #​995: spaces and underscores not property being escaped
    in toTex(). Thanks @​FSMaxB.

2018-01-17, version 3.20.1

2018-01-14, version 3.20.0

  • Implement support for 3 or more arguments for operators + and * in
    derivative. Thanks @​HarrySarson. See #​1002.
  • Fixed simplify evalution of simplify of functions with more than two
    arguments wrongly: simplify('f(x, y, z)') evaluated to f(f(x, y), z)instead off(x, y, z)`. Thanks @​joelhoover.
  • Fixed simplify throwing an error in some cases when simplifying unknown
    functions, for example simplify('f(4)'). Thanks @​joelhoover.
  • Fixed #​1013: simplify wrongly simplifing some expressions containing unary
    minus, like 0 - -x. Thanks @​joelhoover.
  • Fixed an error in an example in the documentation of xor. Thanks @​denisx.

2018-01-06, version 3.19.0

  • Extended functions distance and intersect with support for BigNumbers.
    Thanks @​ovk.
  • Improvements in function simplify: added a rule that allows combining
    of like terms in embedded quantities. Thanks @​joelhoover.

2017-12-28, version 3.18.1

  • Fixed #​998: An issue with simplifying an expression containing a subtraction.
    Thanks @​firepick1.

2017-12-16, version 3.18.0

  • Implemented function rationalize. Thanks @​paulobuchsbaum.
  • Upgraded dependencies:
    decimal.js 7.2.3 → 9.0.1 (no breaking changes affecting mathjs)
    fraction.js 4.0.2 → 4.0.4
    tiny-emitter 2.0.0 → 2.0.2
  • Upgraded dev dependencies.
  • Fixed #​975: a wrong example in the docs of lusolve.
  • Fixed #​983: pickRandom returning an array instead of single value
    when input was an array with just one value. Clarified docs.
  • Fixed #​969: preven issues with yarn autoclean by renaming an
    interally used folder "docs" to "embeddedDocs".

2017-11-18, version 3.17.0

  • Improved simplify for nested exponentiations. Thanks @​IvanVergiliev.
  • Fixed a security issue in typed-function allowing arbitrary code execution
    in the JavaScript engine by creating a typed function with JavaScript code
    in the name. Thanks Masato Kinugawa.
  • Fixed a security issue where forbidden properties like constructor could be
    replaced by using unicode characters when creating an object. No known exploit,
    but could possibly allow arbitrary code execution. Thanks Masato Kinugawa.

2017-10-18, version 3.16.5

  • Fixed #​954: Functions add and multiply not working when
    passing three or more arrays or matrices.

2017-10-01, version 3.16.4

  • Fixed #​948, #​949: function simplify returning wrong results or
    running into an infinite recursive loop. Thanks @​ericman314.
  • Fixed many small issues in the embedded docs. Thanks @​Schnark.

2017-08-28, version 3.16.3

  • Fixed #​934: Wrong simplification of unary minus. Thanks @​firepick1.
  • Fixed #​933: function simplify reordering operations. Thanks @​firepick1.
  • Fixed #​930: function isNaN returning wrong result for complex
    numbers having just one of their parts (re/im) being NaN.
  • Fixed #​929: FibonacciHeap.isEmpty returning wrong result.

2017-08-20, version 3.16.2

  • Fixed #​924: a regression in simplify not accepting the signature
    simplify(expr, rules, scope) anymore. Thanks @​firepick1.
  • Fixed missing parenthesis when stringifying expressions containing
    implicit multiplications (see #​922). Thanks @​FSMaxB.

2017-08-12, version 3.16.1

  • For security reasons, type checking is now done in a more strict
    way using functions like isComplex(x) instead of duck type checking
    like x && x.isComplex === true.
  • Fixed #​915: No access to property "name".
  • Fixed #​901: Simplify units when calling unit.toNumeric().
    Thanks @​AlexanderBeyn.
  • Fixed toString of a parsed expression tree containing an
    immediately invoked function assignment not being wrapped in
    parenthesis (for example (f(x) = x^2)(4)).

2017-08-06, version 3.16.0

  • Significant performance improvements in math.simplify.
    Thanks @​firepick1.
  • Improved API for math.simplify, optionally pass a scope with
    variables which are resolved, see #​907. Thanks @​firepick1.
  • Fixed #​912: math.js didn't work on IE10 anymore (regression
    since 3.15.0).

2017-07-29, version 3.15.0

  • Added support for the dollar character $ in symbol names (see #​895).
  • Allow objects with prototypes as scope again in the expression parser,
    this was disabled for security reasons some time ago. See #​888, #​899.
    Thanks @​ThomasBrierley.
  • Fixed #​846: Issues in the functions map, forEach, and filter
    when used in the expression parser:
    • Not being able to use a function assignment as inline expression
      for the callback function.
    • Not being able to pass an inline expression as callback for map
      and forEach.
    • Index and original array/matrix not passed in map and filter.

2017-07-05, version 3.14.2

2017-06-30, version 3.14.1

2017-06-30, version 3.14.0

2017-05-27, version 3.13.3

  • Fixed a bug in function intersection of line and plane.
    Thanks @​viclai.
  • Fixed security vulnerabilities.

2017-05-26, version 3.13.2

  • Disabled function chain inside the expression parser for security
    reasons (it's not needed there anyway).
  • Fixed #​856: function subset not returning non-primitive scalars
    from Arrays correctly. (like math.eval('arr[1]', {arr: [math.bignumber(2)]}).
  • Fixed #​861: physical constants not available in the expression parser.

2017-05-12, version 3.13.1

  • Fixed creating units with an alias not working within the expression
    parser.
  • Fixed security vulnerabilities. Thanks Sam.

2017-05-12, version 3.13.0

  • Command line application can now evaluate inline expressions
    like mathjs 1+2. Thanks @​slavaGanzin.
  • Function derivative now supports abs. Thanks @​tetslee.
  • Function simplify now supports BigNumbers. Thanks @​tetslee.
  • Prevent against endless loops in simplify. Thanks @​tetslee.
  • Fixed #​813: function simplify converting small numbers to inexact
    Fractions. Thanks @​tetslee.
  • Fixed #​838: Function simplify now supports constants like e.
    Thanks @​tetslee.

2017-05-05, version 3.12.3

  • Fixed security vulnerabilities. Thanks Dan and Sam.

2017-04-30, version 3.12.2

  • Added a rocket trajectory optimization example.

2017-04-24, version 3.12.1

  • Fixed #​804
    • Improved handling of powers of Infinity. Thanks @​HarrySarson.
    • Fixed wrong formatting of complex NaN.
  • Fixed security vulnerabilities in the expression parser.
    Thanks Sam and Dan.

2017-04-17, version 3.12.0

  • Implemented QR decomposition, function math.qr. Thanks @​HarrySarson.
  • Fixed #​824: Calling math.random() freezes IE and node.js.

2017-04-08, version 3.11.5

  • More security measures in the expression parser.
    WARNING: the behavior of the expression parser is now more strict,
    some undocumented features may not work any longer.
    • Accessing and assigning properties is now only allowed on plain
      objects, not on classes, arrays, and functions anymore.
    • Accessing methods is restricted to a set of known, safe methods.

2017-04-03, version 3.11.4

  • Fixed a security vulnerability in the expression parser. Thanks @​xfix.

2017-04-03, version 3.11.3

  • Fixed a security vulnerability in the expression parser. Thanks @​xfix.

2017-04-03,

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot changed the title Update dependency mathjs to v7 [SECURITY] Update dependency mathjs to v7 [SECURITY] - autoclosed Mar 11, 2022
@renovate renovate bot closed this Mar 11, 2022
@renovate renovate bot deleted the renovate/npm-mathjs-vulnerability branch March 11, 2022 23:35
@renovate renovate bot changed the title Update dependency mathjs to v7 [SECURITY] - autoclosed Update dependency mathjs to v7 [SECURITY] Mar 15, 2022
@renovate renovate bot restored the renovate/npm-mathjs-vulnerability branch March 15, 2022 17:42
@renovate renovate bot reopened this Mar 15, 2022
@renovate renovate bot changed the title Update dependency mathjs to v7 [SECURITY] Update dependency mathjs to v7 [SECURITY] - abandoned Mar 24, 2023
@renovate
Copy link
Contributor Author

renovate bot commented Mar 24, 2023

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

@renovate renovate bot changed the title Update dependency mathjs to v7 [SECURITY] - abandoned Update dependency mathjs to v7 [SECURITY] - abandoned - autoclosed Apr 15, 2023
@renovate renovate bot closed this Apr 15, 2023
@renovate renovate bot deleted the renovate/npm-mathjs-vulnerability branch April 15, 2023 13:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@renovate-bot