Skip to content
This repository has been archived by the owner on Jul 17, 2021. It is now read-only.

Update dependency mathjs to v9 [SECURITY] #22

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency mathjs to v9 [SECURITY] #22

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented May 15, 2021
edited
Loading

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
mathjs (source) ^5.10.0 -> ^9.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2020-7743

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.

Release Notes

josdejong/mathjs

v9.4.2

Compare Source

v9.4.1

Compare Source

v9.4.0

Compare Source

  • Implemented support to use objects with a Map interface as scope,
    see #​2143, #​2166. Thanks @​jhugman.
  • Extend eigs to support general complex matrices, see #​1741. Thanks @​m93a.
  • DenseMatrix and SparseMatrix are now iterable, see #​1184. Thanks @​m93a.
  • Implemented utility functions matrixFromRows, matrixFromColumns, and
    matrixFromFunction, see #​2155, #​2153. Thanks @​m93a.
  • Added TypeScript definitions to the project, making it redundant to install
    @types/mathjs, and making it easier to improve the definitions. See #​2187,
    #​2192. Thanks @​CatsMiaow.
  • Upgraded dependencies
    • complex.js@2.0.13 (fixing #​2211). Thanks @​infusion
    • fraction.js@4.1.0 (pow now supporting rational exponents).
  • Fix #​2174: function pickRandom having no name. Thanks @​HK-SHAO.
  • Fix #​2019: VSCode auto import keeps adding import { null } from 'mathjs'.
  • Fix #​2185: Fix TypeScript definition of unit division, which can also return
    a number.
  • Fix #​2123: add type definitions for functions row and column.
  • Fix some files not exposed in the package, see #​2213. Thanks @​javiermarinros.

v9.3.2

Compare Source

  • Fix #​2169: mathjs requesting @babel/runtime dependency.
    Regression introduced in v9.3.1.

v9.3.1

Compare Source

  • Fix #​2133: strongly improved the performance of isPrime, see #​2139.
    Thanks @​Yaffle.
  • Fix #​2150: give a clear error "Error: Undefined function ..." instead when
    evaluating a non-existing function.
  • Fix #​660: expose internal functions FunctionNode.onUndefinedFunction(name)
    and SymbolNode.onUndefinedSymbol(name), allowing to override the behavior.
    By default, an Error is thrown.

v9.3.0

Compare Source

v9.2.0

Compare Source

  • Implemented function count to count the total elements in a matrix,
    see #​2085. Thanks @​Josef37.
  • Fix #​2096: cleanup old reference to external dependency crypto.
  • Some refactoring in the code to remove duplications, see #​2093.
    Thanks @​Josef37.

v9.1.0

Compare Source

  • Extended function reshape with support for a wildcard -1 to automatically
    calculate the remaining size, like reshape([1, 2, 3, 4, 5, 6], [-1, 2])
    which will output [[0, 1], [2, 3], [4, 5]]. See #​2075. Thanks @​Josef37.
  • Fix #​2087: function simplify ignores second argument of log, for example
    in simplify('log(e, 9)') . Thanks @​quentintruong.

v9.0.0

Compare Source

  • Improved support for bin, hex, and oct literals. See #​1996. Thanks @​clnhlzmn.
    • Breaking change: parse literals with prefixes 0b, 0c, and 0x are
      now unsigned by default. To parse them as signed, you have to specify a
      suffix specifying the word size such as i16 or i32.
    • Function format now supports more notations: bin, 'hex', and oct,
      for example format(255, {notation: "hex"}).
    • The functions format, bin, hex, oct now allow specifying a wordSize,
      like bin(10, 32) and format(10, {notation: "bin", wordSize: 32}).
    • BigNumber support for the bin, hex, and oct literals.
  • Extended and improved the example rocket_trajectory_optimization.html.
    Thanks @​Josef37.

v8.1.1

Compare Source

  • Improved the performance of parsing and evaluating units a lot, see #​2065.
    Thanks @​flaviut.
  • Upgraded dependency fraction.js to v4.0.13.
  • Moved continuous integration testing from Travis CI to Github Workflow,
    see #​2024, #​2041. Thanks @​harrysarson.

v8.1.0

Compare Source

  • Implemented units kilogramforce (kgf). Thanks @​rnd-debug.
  • Fix #​2026: Implement a new option fractionsLimit for function simplify,
    defaulting to Infinity.
  • Improved the documentation of function clone. Thanks @​redbar0n.

v8.0.1

Compare Source

  • Fix #​1979: missing "subset" dependency when using "mathjs/number" entry point.
  • Fix #​2022: update pretty printing with MathJax example to the latest version
    of MathJax. Thanks @​pkra.

v8.0.0

Compare Source

!!! BE CAREFUL: BREAKING CHANGES !!!

  • You can now use mathjs directly in node.js using ES modules without need for
    a transpiler (see #​1928, #​1941, #​1962).
    Automatically loading either commonjs code or ES modules code is improved.
    All generated code is moved under /lib: the browser bundle is moved from
    /dist to /lib/browser, ES module files are moved to /lib/esm,
    and commonjs files are moved to /lib/cjs. Thanks @​GreenImp.
  • Non-minified bundle dist/math.js is no longer provided. Either use the
    minified bundle, or create a bundle yourself.
  • Replaced random library seed-random with seedrandom, see #​1955.
    Thanks @​poppinlp.
  • Breaking changes in pickRandom, see #​1990, #​1976.

    • Will no longer return the input matrix when the given number is greater
      than the length of the provided possibles. Instead, the function always
      returns results with the requested number of picks.

    • Will now return a Matrix as output when input was a Matrix.

    • Introduced a new syntax:

      math.pickRandom(array, { weights, number, elementWise })

    • Introduced a new option elementWise, which is true by default.
      When setting elementWise to false, an array containing arrays will return
      random pick of arrays instead of the elements inside of the nested arrays.

v7.6.0

Compare Source

v7.5.1

Compare Source

  • Fix object pollution vulnerability in math.config. Thanks Snyk.

v7.5.0

Compare Source

  • Function pickRandom now allows randomly picking elements from matrices
    with 2 or more dimensions instead of only from a vector, see #​1974.
    Thanks @​KonradLinkowski.

v7.4.0

Compare Source

  • Implemented support for passing a precision in functions ceil, floor,
    and fix, similar to round, see #​1967, #​1901. Thanks @​rnd-debug.
  • Implemented function rotationMatrix, see #​1160, #​1984. Thanks @​rnd-debug.
  • Implement a clear error message when using sqrtm with a matrix having
    more than two dimensions. Thanks @​KonradLinkowski.
  • Update dependency decimal.js to 10.2.1.

v7.3.0

Compare Source

  • Implemented functions usolveAll and lsolveAll, see #​1916. Thanks @​m93a.
  • Implemented support for units in functions std and variance, see #​1950.
    Thanks @​rnd-debug.
  • Implemented support for binary, octal, and hexadecimal notation in the
    expression parser, and implemented functions bin, oct, and hex for
    formatting. Thanks @​clnhlzmn.
  • Fix #​1964: inconsistent calculation of negative dividend modulo for
    BigNumber and Fraction. Thanks @​ovk.

v7.2.0

Compare Source

v7.1.0

Compare Source

  • Implement support for recursion (self-referencing) of typed-functions,
    new in typed-function@2.0.0. This fixes #​1885: functions which where
    extended with a new data type did not always work. Thanks @​nickewing.
  • Fix #​1899: documentation on expression trees still using old namespace
    math.expression.node.* instead of math.*.

v7.0.2

Compare Source

  • Fix #​1882: have DenseMatrix.resize and SparseMatrix.resize accept
    DenseMatrix and SparseMatrix as inputs too, not only Array.
  • Fix functions sum, prod, min, and max not throwing a conversion error
    when passing a single string, like sum("abc").

v7.0.1

Compare Source

  • Fix #​1844: clarify the documentation of function eigs. Thanks @​Lazersmoke.
  • Fix #​1855: Fix error in the documentation for math.nthRoots(x).
  • Fix #​1856: make the library robust against Object prototype pollution.

v7.0.0

Compare Source

Breaking changes:

  • Improvements in calculation of the dot product of complex values.
    The first argument is now conjugated. See #​1761. Thanks @​m93a.
  • Dropped official support for Node.js v8 which has reached end of life.
  • Removed all deprecation warnings introduced in v6.
    To upgrade smoothly from v5 to v7 or higher, upgrade to v6 first
    and resolve all deprecation warnings.

v6.6.5

Compare Source

  • Fix #​1834: value Infinity cannot be serialized and deserialized.
    This is solved now with a new math.replacer function used as
    JSON.stringify(value, math.replacer).
  • Fix #​1842: value Infinity not turned into the latex symbol \\infty.

v6.6.4

Compare Source

  • Fix published files containing Windows line endings (CRLF instead of LF).

v6.6.3

Compare Source

  • Fix #​1813: bug in engineering notation for numbers of function format,
    sometimes resulting in needless trailing zeros.
  • Fix #​1808: methods .toNumber() and .toNumeric() not working on a
    unitless unit.
  • Fix #​1645: not being able to use named operators mod, and, not, or,
    xor, to, in as object keys. Thanks @​Veeloxfire.
  • Fix eigs not using config.epsilon.

v6.6.2

Compare Source

  • Fix #​1789: Function eigs not calculating with BigNumber precision
    when input contains BigNumbers.
  • Run the build script during npm prepare, so you can use the library
    directly when installing directly from git. See #​1751. Thanks @​cinderblock.

v6.6.1

Compare Source

v6.6.0

Compare Source

  • Implemented function eigs, see #​1705, #​542 #​1175. Thanks @​arkajitmandal.
  • Fixed #​1727: validate matrix size when creating a DenseMatrix using
    fromJSON.
  • Fixed DenseMatrix.map copying the size and datatype from the original
    matrix instead of checking the returned dimensions and type of the callback.
  • Add a caret to dependencies (like) ^1.2.3) to allow downstream updates
    without having to await a new release of mathjs.

v6.5.0

Compare Source

v6.4.0

Compare Source

  • Extended function dimension with support for n-dimensional points.
    Thanks @​Veeloxfire.

v6.3.0

Compare Source

  • Improved performance of factorial for BigNumber up to a factor two,
    see #​1687. Thanks @​kmdrGroch.

v6.2.5

Compare Source

  • Fixed IndexNode using a hardcoded, one-based implementation of index,
    making it impossible to instantiate a zero-based version of the expression
    parser. See #​782.

v6.2.4

Compare Source

v6.2.3

Compare Source

  • Fixed #​1640: function mean not working for units. Thanks @​clintonc.
  • Fixed #​1639: function min listed twice in the "See also" section of the
    embedded docs of function std.
  • Improved performance of isPrime, see #​1641. Thanks @​arguiot.

v6.2.2

Compare Source

  • Fixed methods map and clone not copying the dotNotation property of
    IndexNode. Thanks @​rianmcguire.
  • Fixed a typo in the documentation of toHTML. Thanks @​maytanthegeek.
  • Fixed #​1615: error in the docs of isNumeric.
  • Fixed #​1628: Cannot call methods on empty strings or numbers with value 0.

v6.2.1

Compare Source

  • Fixed #​1606: function format not working for expressions.

v6.2.0

Compare Source

  • Improved performance of combinationsWithRep. Thanks @​waseemyusuf.
  • Add unit aliases bit and byte.
  • Fix docs referring to bit and byte instead of bits and bytes.
  • Updated dependency typed-function@1.1.1.

v6.1.0

Compare Source

v6.0.4

Compare Source

  • Fixed #​1554, #​1565: ES Modules where not transpiled to ES5, giving issues on
    old browsers. Thanks @​mockdeep for helping to find a solution.

v6.0.3

Compare Source

  • Add unpkg and jsdelivr fields in package.json pointing to UMD build.
    Thanks @​tmcw.
  • Fix #​1550: nested user defined function not receiving variables of an
    outer user defined function.

v6.0.2

Compare Source

  • Fix not being able to set configuration after disabling function import
    (regression since v6.0.0).

v6.0.1

Compare Source

  • Fix function reference not published in npm library.
  • Fix function evaluate and parse missing in generated docs.

v6.0.0

Compare Source

!!! BE CAREFUL: BREAKING CHANGES !!!

Most notable changes

  1. Full support for ES modules. Support for tree-shaking out of the box.

    Load all functions:

    import * as math from 'mathjs'

    Use a few functions:

    import { add, multiply } from 'mathjs'

    Load all functions with custom configuration:

    import { create, all } from 'mathjs'
const config = { number: 'BigNumber' }
const math = create(all, config)

    Load a few functions with custom configuration:

    import { create, addDependencies, multiplyDependencies } from 'mathjs'
const config = { number: 'BigNumber' }
const { add, multiply } = create({
  addDependencies,
  multiplyDependencies
}, config)

  2. Support for lightweight, number-only implementations of all functions:

    import { add, multiply } from 'mathjs/number'

  3. New dependency injection solution used under the hood.

Breaking changes

  • Node 6 is no longer supported.

  • Functions config and import are not available anymore in the global
    context:

    // v5
import * as mathjs from 'mathjs'
mathjs.config(...) // error in v6.0.0
mathjs.import(...) // error in v6.0.0

    Instead, create your own mathjs instance and pass config and imports
    there:

    // v6
import { create, all } from 'mathjs'
const config = { number: 'BigNumber' }
const mathjs = create(all, config)
mathjs.import(...)

  • Renamed function typeof to typeOf, var to variance,
    and eval to evaluate. (the old function names are reserved keywords
    which can not be used as a variable name).

  • Deprecated the Matrix.storage function. Use math.matrix instead to create
    a matrix.

  • Deprecated function math.expression.parse, use math.parse instead.
    Was used before for example to customize supported characters by replacing
    math.parse.isAlpha.

  • Moved all classes like math.type.Unit and math.expression.Parser to
    math.Unit and math.Parser respectively.

  • Fixed #​1428: transform iterating over replaced nodes. New behavior
    is that it stops iterating when a node is replaced.

  • Dropped support for renaming factory functions when importing them.

  • Dropped fake BigNumber support of function erf.

  • Removed all index.js files used to load specific functions instead of all, like:

    // v5
// ... set up empty instance of mathjs, then load a set of functions:
math.import(require('mathjs/lib/function/arithmetic'))

    Individual functions are now loaded simply like:

    // v6
import { add, multiply } from 'mathjs'

    To set a specific configuration on the functions:

    // v6
import { create, addDependencies, multiplyDependencies } from 'mathjs'
const config = { number: 'BigNumber' }
const math = create({ addDependencies, multiplyDependencies }, config)

    See example advanced/custom_loading.js.

  • Updated the values of all physical units to their latest official values.
    See #​1529. Thanks @​ericman314.

Non breaking changes
  • Implemented units t, tonne, bel, decibel, dB, and prefixes
    for candela. Thanks @​mcvladthegoat.
  • Fixed epsilon setting being applied globally to Complex numbers.
  • Fix math.simplify('add(2, 3)') throwing an error.
  • Fix #​1530: number formatting first applied lowerExp and upperExp
    and after that rounded the value instead of the other way around.
  • Fix #​1473: remove 'use strict' in every file, not needed anymore.

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box.

This PR has been generated by WhiteSource Renovate. View repository job log here.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@renovate-bot