Update dependency mathjs to v7 [SECURITY]

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
mathjs (source)	^5.0.0 → ^7.0.0

---

Prototype Pollution in mathjs

CVE-2020-7743 / GHSA-x2fc-mxcx-w4mf

More information

Details

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.

Severity

• CVSS Score: 7.3 / 10 (High)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References

• https://nvd.nist.gov/vuln/detail/CVE-2020-7743
• https://github.com/josdejong/mathjs/commit/ecb80514e80bce4e6ec7e71db8ff79954f07c57e
• https://github.com/josdejong/mathjs/blob/develop/HISTORY.md#2020-10-10-version-751
• https://github.com/josdejong/mathjs/blob/develop/src/utils/object.js%23L82
• https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1017113
• https://snyk.io/vuln/SNYK-JS-MATHJS-1016401
• https://www.npmjs.com/package/mathjs
• https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1017112
• https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1017111
• https://github.com/advisories/GHSA-x2fc-mxcx-w4mf

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

josdejong/mathjs (mathjs)

v7.5.1

Compare Source

• Fix object pollution vulnerability in math.config. Thanks Snyk.

v7.5.0

Compare Source

• Function pickRandom now allows randomly picking elements from matrices
  with 2 or more dimensions instead of only from a vector, see #​1974.
  Thanks @​KonradLinkowski.

v7.4.0

Compare Source

• Implemented support for passing a precision in functions ceil, floor,
  and fix, similar to round, see #​1967, #​1901. Thanks @​rnd-debug.
• Implemented function rotationMatrix, see #​1160, #​1984. Thanks @​rnd-debug.
• Implement a clear error message when using sqrtm with a matrix having
  more than two dimensions. Thanks @​KonradLinkowski.
• Update dependency decimal.js to 10.2.1.

v7.3.0

Compare Source

• Implemented functions usolveAll and lsolveAll, see #​1916. Thanks @​m93a.
• Implemented support for units in functions std and variance, see #​1950.
  Thanks @​rnd-debug.
• Implemented support for binary, octal, and hexadecimal notation in the
  expression parser, and implemented functions bin, oct, and hex for
  formatting. Thanks @​clnhlzmn.
• Fix #​1964: inconsistent calculation of negative dividend modulo for
  BigNumber and Fraction. Thanks @​ovk.

v7.2.0

Compare Source

• Implemented new function diff, see #​1634, #​1920. Thanks @​Veeloxfire.
• Implemented support for norm 2 for matrices in function norm.
  Thanks @​rnd-debug.

v7.1.0

Compare Source

• Implement support for recursion (self-referencing) of typed-functions,
  new in typed-function@2.0.0. This fixes #​1885: functions which where
  extended with a new data type did not always work. Thanks @​nickewing.
• Fix #​1899: documentation on expression trees still using old namespace
  math.expression.node.* instead of math.*.

v7.0.2

Compare Source

• Fix #​1882: have DenseMatrix.resize and SparseMatrix.resize accept
  DenseMatrix and SparseMatrix as inputs too, not only Array.
• Fix functions sum, prod, min, and max not throwing a conversion error
  when passing a single string, like sum("abc").

v7.0.1

Compare Source

• Fix #​1844: clarify the documentation of function eigs. Thanks @​Lazersmoke.
• Fix #​1855: Fix error in the documentation for math.nthRoots(x).
• Fix #​1856: make the library robust against Object prototype pollution.

v7.0.0

Compare Source

Breaking changes:

• Improvements in calculation of the dot product of complex values.
  The first argument is now conjugated. See #​1761. Thanks @​m93a.
• Dropped official support for Node.js v8 which has reached end of life.
• Removed all deprecation warnings introduced in v6.
  To upgrade smoothly from v5 to v7 or higher, upgrade to v6 first
  and resolve all deprecation warnings.

v6.6.5

Compare Source

• Fix #​1834: value Infinity cannot be serialized and deserialized.
  This is solved now with a new math.replacer function used as
  JSON.stringify(value, math.replacer).
• Fix #​1842: value Infinity not turned into the latex symbol \\infty.

v6.6.4

Compare Source

• Fix published files containing Windows line endings (CRLF instead of LF).

v6.6.3

Compare Source

• Fix #​1813: bug in engineering notation for numbers of function format,
  sometimes resulting in needless trailing zeros.
• Fix #​1808: methods .toNumber() and .toNumeric() not working on a
  unitless unit.
• Fix #​1645: not being able to use named operators mod, and, not, or,
  xor, to, in as object keys. Thanks @​Veeloxfire.
• Fix eigs not using config.epsilon.

v6.6.2

Compare Source

• Fix #​1789: Function eigs not calculating with BigNumber precision
  when input contains BigNumbers.
• Run the build script during npm prepare, so you can use the library
  directly when installing directly from git. See #​1751. Thanks @​cinderblock.

v6.6.1

Compare Source

• Fix #​1725: simplify a/(b/c). Thanks @​dbramwell.
• Fix examples in documentation of row and column.

v6.6.0

Compare Source

• Implemented function eigs, see #​1705, #​542 #​1175. Thanks @​arkajitmandal.
• Fixed #​1727: validate matrix size when creating a DenseMatrix using
  fromJSON.
• Fixed DenseMatrix.map copying the size and datatype from the original
  matrix instead of checking the returned dimensions and type of the callback.
• Add a caret to dependencies (like) ^1.2.3) to allow downstream updates
  without having to await a new release of mathjs.

v6.5.0

Compare Source

• Implemented baseName option for createUnit, see #​1707.
  Thanks @​ericman314.

v6.4.0

Compare Source

• Extended function dimension with support for n-dimensional points.
  Thanks @​Veeloxfire.

v6.3.0

Compare Source

• Improved performance of factorial for BigNumber up to a factor two,
  see #​1687. Thanks @​kmdrGroch.

v6.2.5

Compare Source

• Fixed IndexNode using a hardcoded, one-based implementation of index,
  making it impossible to instantiate a zero-based version of the expression
  parser. See #​782.

v6.2.4

Compare Source

• Fixed #​1669: function 'qr' threw an error if the pivot was zero,
  thanks @​kevinkelleher12 and @​harrysarson.
• Resolves #​942: remove misleading assert in 'qr'. Thanks @​harrysarson.
• Work around a bug in complex.js where sign(0) returns complex NaN.
  Thanks @​harrysarson.

v6.2.3

Compare Source

• Fixed #​1640: function mean not working for units. Thanks @​clintonc.
• Fixed #​1639: function min listed twice in the "See also" section of the
  embedded docs of function std.
• Improved performance of isPrime, see #​1641. Thanks @​arguiot.

v6.2.2

Compare Source

• Fixed methods map and clone not copying the dotNotation property of
  IndexNode. Thanks @​rianmcguire.
• Fixed a typo in the documentation of toHTML. Thanks @​maytanthegeek.
• Fixed #​1615: error in the docs of isNumeric.
• Fixed #​1628: Cannot call methods on empty strings or numbers with value 0.

v6.2.1

Compare Source

• Fixed #​1606: function format not working for expressions.

v6.2.0

Compare Source

• Improved performance of combinationsWithRep. Thanks @​waseemyusuf.
• Add unit aliases bit and byte.
• Fix docs referring to bit and byte instead of bits and bytes.
• Updated dependency typed-function@1.1.1.

v6.1.0

Compare Source

• Implemented function combinationsWithRep (see #​1329). Thanks @​waseemyusuf.

v6.0.4

Compare Source

• Fixed #​1554, #​1565: ES Modules where not transpiled to ES5, giving issues on
  old browsers. Thanks @​mockdeep for helping to find a solution.

v6.0.3

Compare Source

• Add unpkg and jsdelivr fields in package.json pointing to UMD build.
  Thanks @​tmcw.
• Fix #​1550: nested user defined function not receiving variables of an
  outer user defined function.

v6.0.2

Compare Source

• Fix not being able to set configuration after disabling function import
  (regression since v6.0.0).

v6.0.1

Compare Source

• Fix function reference not published in npm library.
• Fix function evaluate and parse missing in generated docs.

v6.0.0

Compare Source

!!! BE CAREFUL: BREAKING CHANGES !!!

Most notable changes

1. Full support for ES modules. Support for tree-shaking out of the box.

   Load all functions:

   import * as math from 'mathjs'

   Use a few functions:

   import { add, multiply } from 'mathjs'

   Load all functions with custom configuration:

   import { create, all } from 'mathjs'
   const config = { number: 'BigNumber' }
   const math = create(all, config)

   Load a few functions with custom configuration:

   import { create, addDependencies, multiplyDependencies } from 'mathjs'
   const config = { number: 'BigNumber' }
   const { add, multiply } = create({
     addDependencies,
     multiplyDependencies
   }, config)

2. Support for lightweight, number-only implementations of all functions:

   import { add, multiply } from 'mathjs/number'
   

3. New dependency injection solution used under the hood.

Breaking changes

• Node 6 is no longer supported.

• Functions config and import are not available anymore in the global
  context:

  // v5
  import * as mathjs from 'mathjs'
  mathjs.config(...) // error in v6.0.0
  mathjs.import(...) // error in v6.0.0

  Instead, create your own mathjs instance and pass config and imports
  there:

  // v6
  import { create, all } from 'mathjs'
  const config = { number: 'BigNumber' }
  const mathjs = create(all, config)
  mathjs.import(...)

• Renamed function typeof to typeOf, var to variance,
  and eval to evaluate. (the old function names are reserved keywords
  which can not be used as a variable name).

• Deprecated the Matrix.storage function. Use math.matrix instead to create
  a matrix.

• Deprecated function math.expression.parse, use math.parse instead.
  Was used before for example to customize supported characters by replacing
  math.parse.isAlpha.

• Moved all classes like math.type.Unit and math.expression.Parser to
  math.Unit and math.Parser respectively.

• Fixed #​1428: transform iterating over replaced nodes. New behavior
  is that it stops iterating when a node is replaced.

• Dropped support for renaming factory functions when importing them.

• Dropped fake BigNumber support of function erf.

• Removed all index.js files used to load specific functions instead of all, like:

  // v5
  // ... set up empty instance of mathjs, then load a set of functions:
  math.import(require('mathjs/lib/function/arithmetic'))
  

  Individual functions are now loaded simply like:

  // v6
  import { add, multiply } from 'mathjs'

  To set a specific configuration on the functions:

  // v6
  import { create, addDependencies, multiplyDependencies } from 'mathjs'
  const config = { number: 'BigNumber' }
  const math = create({ addDependencies, multiplyDependencies }, config)

  See example advanced/custom_loading.js.

• Updated the values of all physical units to their latest official values.
  See #​1529. Thanks @​ericman314.

Non breaking changes

• Implemented units t, tonne, bel, decibel, dB, and prefixes
  for candela. Thanks @​mcvladthegoat.
• Fixed epsilon setting being applied globally to Complex numbers.
• Fix math.simplify('add(2, 3)') throwing an error.
• Fix #​1530: number formatting first applied lowerExp and upperExp
  and after that rounded the value instead of the other way around.
• Fix #​1473: remove 'use strict' in every file, not needed anymore.

v5.10.3

Compare Source

• Fixed dependency del being a dependency instead of devDependency.

v5.10.2

Compare Source

• Fix #​1515, #​1516, #​1517: broken package due to a naming conflict in
  the build folder of a util file typeOf.js and typeof.js.
  Solved by properly cleaning all build folders before building.

v5.10.1

Compare Source

• Fix #​1512: format using notation engineering can give wrong results
  when the value has less significant digits than the number of digits in
  the output.

v5.10.0

Compare Source

• Fix lib/header.js not having filled in date and version. Thanks @​kevjin.
• Upgraded dependency decimal.js@10.2.0, fixing an issue on node.js 12.

v5.9.0

Compare Source

• Implemented functions row and column (see #​1413). Thanks @​SzechuanSage.
• Fixed #​1459: engineering notation of function format not available
  for BigNumber.
• Fixed #​1465: node.toHTML() not correct for unary operators like
  factorial.

v5.8.0

Compare Source

• Implemented new function apply. Thanks @​bnlcas.
• Implemented passing an optional dimension argument to std and var.
  Thanks @​bnlcas.

v5.7.0

Compare Source

• Implemented support for pow() in derivative. Thanks @​sam-19.
• Gracefully handle round-off errors in fix, ceil, floor, and range
  (Fixes #​1429, see also #​1434, #​1432). Thanks @​ericman314.

v5.6.0

Compare Source

• Upgrade decimal.js to v10.1.1 (#​1421).
• Fixed #​1418: missing whitespace when stringifying an expression
  containing "not".

v5.5.0

Compare Source

• Fixed #​1401: methods map and forEach of SparseMatrix not working
  correctly when indexes are unordered.
• Fixed #​1404: inconsistent rounding of negative numbers.
• Upgrade tiny-emitter to v2.1.0 (#​1397).

v5.4.2

Compare Source

• Fixed math.format not working for BigNumbers with a precision above
  1025 digits (see #​1385). Thanks @​ericman314.
• Fixed incorrect LaTeX output of RelationalNode. Thanks @​rianmcguire.
• Fixed a bug the methods map, forEach, traverse, and transform
  of FunctionNode.

v5.4.1

Compare Source

• Fix #​1378: negative bignumbers not formatted correctly.
• Upgrade fraction.js to version 4.0.12 (#​1369).

v5.4.0

Compare Source

• Extended sum.js to accept a dimension input to calculate the sum over a
  specific axis. Thanks @​bnlcas.
• Fix #​1328: objects can't be written multi-line. Thanks @​GHolk.
• Remove side effects caused by Unit.format and Unit.toString,
  making changes to the unit on execution. Thanks @​ericman314.

v5.3.1

Compare Source

• Fixed #​1336: Unit.toSI() returning units with prefix like mm instead
  of m. Thanks @​ericman314.

v5.3.0

Compare Source

• Implemented function hasNumericValue. Thanks @​Sathish-kumar-Subramani.
• Fix #​1326: non-ascii character in print.js.
• Fix #​1337: math.format not working correctly with { precision: 0 }.
  Thanks @​dkenul.

v5.2.3

Compare Source

• Fixed #​1293: non-unicode characters in escape-latex giving issues in some
  specific cases. Thanks @​dangmai.
• Fixed incorrect LaTeX output of function bitNot, see #​1299. Thanks @​FSMaxB.
• Fixed #​1304: function pow not supporting inputs pow(Unit, BigNumber).
• Upgraded dependencies (escape-latex@1.2.0)

v5.2.2

Compare Source

• Fixed #​1286: Fixed unit base recognition and formatting for
  user-defined units. Thanks @​ericman314.

v5.2.1

Compare Source

• Fixed unit rod being defined as 5.02921 instead of 5.0292.
  Thanks @​ericman314.
• Upgraded dependencies (fraction.js@4.0.10)
• Upgraded devDependencies (@babel/core@7.1.2, nyc@13.1.0,
  webpack@4.21.0).

v5.2.0

Compare Source

• Implemented support for chained conditionals like 10 < x <= 50.
  Thanks @​ericman314.
• Add an example showing a proof of concept of using BigInt in mathjs.
• Fixed #​1269: Bugfix for BigNumber divided by unit. Thanks @​ericman314.
• Fixed #​1240: allow units having just a value and no unit.
  Thanks @​ericman314.

2018-09-09, version 5.1.2

• Fixed a typo in the docs of parse. Thanks @​mathiasvr.
• Fixed #​1222: a typo in the docs of subset.
• Fixed #​1236: quantileSeq has inconsistent return.
• Fixed #​1237: norm sometimes returning a complex number instead of
  number.
• Upgraded dependencies (fraction.js@4.0.9)
• Upgraded devDependencies (babel@7, karma-webpack@3.0.4,
  nyc@13.0.1, standard@12.0.0, uglify-js@3.4.9, webpack@4.17.2)

2018-08-21, version 5.1.1

• Function isNumeric now recognizes more types.
• Fixed #​1214: functions sqrt, max, min, var, std, mode, mad,
  median, and partitionSelect not neatly handling NaN inputs. In some
  cases (median, mad, and partitionSelect) this resulted in an infinite
  loop.
• Upgraded dependencies (escape-latex@1.1.1)
• Upgraded devDependencies (webpack@4.17.0)

2018-08-12, version 5.1.0

• Implemented support for strings enclosed in single quotes.
  Thanks @​jean-emmanuel.
• Implemented function getMatrixDataType. Thanks @​JasonShin.
• Implemented new options argument in simplify. Thanks @​paulobuchsbaum.
• Bug fixes in rationalize, see #​1173. Thanks @​paulobuchsbaum.

2018-07-22, version 5.0.4

• Strongly improved the performance of functions factorial for numbers.
  This improves performance of functions gamma, permutation, and
  combination too. See #​1170. Thanks @​honeybar.
• Strongly improved the performance of function reshape, thanks to a
  friend of @​honeybar.

2018-07-14, version 5.0.3

• Fixed many functions (for example add and subtract) not working
  with matrices having a datatype defined.
• Fixed #​1147: bug in format with engineering notation in outputting
  the correct number of significant figures. Thanks @​ericman314.
• Fixed #​1162: transform functions not being cleaned up when overriding
  it by importing a factory function with the same name.
• Fixed broken links in the documentation. Thanks @​stropitek.
• Refactored the code of parse into a functional approach.
  Thanks @​harrysarson.
• Changed decimal.js import to ES6. Thanks @​weinshel.

2018-07-07, version 5.0.2

• Fixed #​1136: rocket trajectory example broken (since v4.0.0).
• Fixed #​1137: simplify unnecessarily replacing implicit multiplication with
  explicit multiplication.
• Fixed #​1146: rationalize throwing exceptions for some input with decimals.
  Thanks @​maruta.
• Fixed #​1088: function arguments not being passed to rawArgs functions.
• Fixed advanced example add_new_datatypes.
• Fixed mathjs core constants not working without complex numbers.
  Thanks @​ChristopherChudzicki.
• Fixed a broken link in the documentation on units. Thanks @​stropitek.
• Upgraded dependencies (typed-function@1.0.4, complex.js@2.0.11).
• Upgraded devDependencies (babel-loader@7.1.5, uglify-js@3.4.3,
  expr-eval@1.2.2, webpack@4.15.1).

2018-07-01, version 5.0.1

• Improved error messaging when converting units. Thanks @​gap777.
• Upgraded devDependencies (kerma, uglify-js, webpack).

2018-06-16, version 5.0.0

!!! BE CAREFUL: BREAKING CHANGES !!!

• Implemented complex conjugate transpose math.ctranspose. See #​1097.
  Thanks @​jackschmidt.
• Changed the behavior of A' (transpose) in the expression parser to
  calculate the complex conjugate transpose. See #​1097. Thanks @​jackschmidt.
• Added support for complex({abs: 1, arg: 1}), and improved the docs on
  complex numbers. Thanks @​ssaket.
• Renamed eye to identity, see #​1054.
• Math.js code can now contain ES6. The ES6 source code is moved from lib
  to src, and lib now contains the compiled ES5 code.
• Upgraded dependencies:
  • decimal.js from 9.0.1 to 10.0.1
  • Upgraded dev dependencies
• Changed code style to https://standardjs.com/, run linter on npm test.
  See #​1110.
• Dropped support for bower. Use npm or an other package manages instead.
• Dropped support for (non-primitive) instances of Number, Boolean, and
  String from functions clone and typeof.
• Dropped official support for IE9 (probably still works, but it's not tested).
• Fixed #​851: More consistent behavior of sqrt, nthRoot, and pow.
  Thanks @​dakotablair.
• Fixed #​1103: Calling toTex on node that contains derivative causing
  an exception. Thanks @​joelhoover.

2018-06-02, version 4.4.2

• Drastically improved the performance of det. Thanks @​ericman314.
• Fixed #​1065, #​1121: Fixed wrong documentation of function
  compareNatural and clarified the behavior for strings.
• Fixed #​1122 a regression in function inv (since v4.4.1).
  Thanks @​ericman314.

2018-05-29, version 4.4.1

• Fixed #​1109: a bug in inv when dealing with values close to zero.
  Thanks @​ericman314.

2018-05-28, version 4.4.0

• Implemented functions equalText and compareText. See #​1085.

2018-05-21, version 4.3.0

• Implemented matrix exponential math.expm. Thanks @​ericman314.
• Fixed #​1101: math.js bundle not working when loading in a WebWorker.
• Upgraded dependencies
  • complex.js from v2.0.2 to v2.0.10.
  • fraction.js from v4.0.4 to v4.0.8.
• Upgraded devDependencies (mocha, uglify-js, webpack).

2018-05-05, version 4.2.2

• Fixed calculating the Frobenius norm of complex matrices correctly,
  see #​1098. Thanks @​jackschmidt.
• Fixed #​1076: cannot use mathjs in React VR by updating to
  escape-latex@1.0.3.

2018-05-02, version 4.2.1

• Fixed dist/math.js being minified.

2018-05-02, version 4.2.0

• Implemented function math.sqrtm. Thanks @​ferrolho.
• Implemented functions math.log2, math.log1p, and math.expm1.
  Thanks @​BigFav and @​harrysarson.
• Fixed some unit tests broken on nodejs v10.
• Upgraded development dependencies.
• Dropped integration testing on nodejs v4.

2018-04-18, version 4.1.2

• Fixed #​1082: implemented support for unit plurals decades, centuries,
  and millennia.
• Fixed #​1083: units decade and watt having a wrong name when stringifying.
  Thanks @​ericman314.

2018-04-11, version 4.1.1

• Fixed #​1063: derivative not working when resolving a variable with unary
  minus like math.derivative('-x', 'x').

2018-04-08, version 4.1.0

• Extended function math.print with support for arrays and matrices.
  Thanks @​jean-emmanuel.
• Fixed #​1077: Serialization/deserialization to JSON with reviver not being
  supported by nodes.
• Fixed #​1016: Extended math.typeof with support for ResultSet and nodes
  like SymbolNode.
• Fixed #​1072: Added support for long and short prefixes for the unit bar
  (i.e. millibar and mbar).

2018-03-17, version 4.0.1

• Fixed #​1062: mathjs not working on ES5 browsers like IE11 and Safari 9.3.
• Fixed #​1061: math.unit not accepting input like 1/s.

2018-02-25, version 4.0.0

!!! BE CAREFUL: BREAKING CHANGES !!!

Breaking changes (see also #​682):

• New expression compiler

  The compiler of the expression parser is replaced with one that doesn't use
  eval internally. See #​1019. This means:

  • a slightly improved performance on most browsers.

  • less risk of security exploits.

  • the code of the new compiler is easier to understand, maintain, and debug.

    Breaking change here: When using custom nodes in the expression parser,
    the syntax of _compile has changed. This is an undocumented feature though.

• Parsed expressions

  • The class ConstantNode is changed such that it just holds a value
    instead of holding a stringified value and it's type.
    ConstantNode(valueStr, valueType) is now ConstantNode(value)
    Stringification uses math.format, which may result in differently
    formatted numeric output.

  • The constants true, false, null, undefined, NaN, Infinity,
    and uninitialized are now parsed as ConstantNodes instead of
    SymbolNodes in the expression parser. See #​833.

• Implicit multiplication

  • Changed the behavior of implicit multiplication to have higher
    precedence than explicit multiplication and division, except in
    a number of specific cases. This gives a more natural behavior
    for implicit multiplications. For example 24h / 6h now returns 4,
    whilst 1/2 kg evaluates to 0.5 kg. Thanks @​ericman314. See: #​792.
    Detailed documentation: https://github.com/josdejong/mathjs/blob/v4/docs/expressions/syntax.md#implicit-multiplication.

  • Immediately invoking a function returned by a function like partialAdd(2)(3)
    is no longer supported, instead these expressions are evaluated as
    an implicit multiplication partialAdd(2) * (3). See #​1035.

• String formatting

  • In function math.format, the options {exponential: {lower: number, upper: number}}
    (where lower and upper are values) are replaced with {lowerExp: number, upperExp: number}
    (where lowerExp and upperExp are exponents). See #​676. For example:

    math.format(2000, {exponential: {lower: 1e-2, upper: 1e2}})

    is now:

    math.format(2000, {lowerExp: -2, upperExp: 2})

  • In function math.format, the option notation: 'fixed' no longer rounds to
    zero digits when no precision is specified: it leaves the digits as is.
    See #​676.

• String comparison

  Changed the behavior of relational functions (compare, equal,
  equalScalar, larger, largerEq, smaller, smallerEq, unequal)
  to compare strings by their numeric value they contain instead of
  alphabetically. This also impacts functions deepEqual, sort, min,
  max, median, and partitionSelect. Use compareNatural if you
  need to sort an array with text. See #​680.

• Angle units

  Changed rad, deg, and grad to have short prefixes,
  and introduced radian, degree, and gradian and their plurals
  having long prefixes. See #​749.

• Null

  • null is no longer implicitly casted to a number 0, so input like
    math.add(2, null) is no longer supported. See #​830, #​353.

  • Dropped constant uninitialized, which was used to initialize
    leave new entries undefined when resizing a matrix is removed.
    Use undefined instead to indicate entries that are not explicitly
    set. See #​833.

• New typed-function library

  • The typed-function library used to check the input types
    of functions is completely rewritten and doesn't use eval under
    the hood anymore. This means a reduced security risk, and easier
    to debug code. The API is the same, but error messages may differ
    a bit. Performance is comparable but may differ in specific
    use cases and browsers.

Non breaking changes:

• Thanks to the new expression compiler and typed-function implementation,
  mathjs doesn't use JavaScript's eval anymore under the hood.
  This allows using mathjs in environments with security restrictions.
  See #​401.
• Implemented additional methods isUnary() and isBinary() on
  OperatorNode. See #​1025.
• Improved error messages for statistical functions.
• Upgraded devDependencies.
• Fixed #​1014: derivative silently dropping additional arguments
  from operator nodes with more than two arguments.

2018-02-07, version 3.20.2

• Upgraded to typed-function@0.10.7 (bug-fix release).
• Fixed option implicit not being copied from an OperatorNode
  when applying function map. Thanks @​HarrySarson.
• Fixed #​995: spaces and underscores not property being escaped
  in toTex(). Thanks @​FSMaxB.

2018-01-17, version 3.20.1

• Fixed #​1018: simplifyCore failing in some cases with parentheses.
  Thanks @​firepick1.

2018-01-14, version 3.20.0

• Implement support for 3 or more arguments for operators + and * in
  derivative. Thanks @​HarrySarson. See #​1002.
• Fixed simplify evalution of simplify of functions with more than two
  arguments wrongly: simplify('f(x, y, z)') evaluated tof(f(x, y), z)instead off(x, y, z)`. Thanks @​joelhoover.
• Fixed simplify throwing an error in some cases when simplifying unknown
  functions, for example simplify('f(4)'). Thanks @​joelhoover.
• Fixed #​1013: simplify wrongly simplifing some expressions containing unary
  minus, like 0 - -x. Thanks @​joelhoover.
• Fixed an error in an example in the documentation of xor. Thanks @​denisx.

2018-01-06, version 3.19.0

• Extended functions distance and intersect with support for BigNumbers.
  Thanks @​ovk.
• Improvements in function simplify: added a rule that allows combining
  of like terms in embedded quantities. Thanks @​joelhoover.

2017-12-28, version 3.18.1

• Fixed #​998: An issue with simplifying an expression containing a subtraction.
  Thanks @​firepick1.

2017-12-16, version 3.18.0

• Implemented function rationalize. Thanks @​paulobuchsbaum.

• Upgraded dependencies:

  decimal.js    7.2.3  →  9.0.1 (no breaking changes affecting mathjs)
  fraction.js   4.0.2  →  4.0.4
  tiny-emitter  2.0.0  →  2.0.2
  

• Upgraded dev dependencies.

• Fixed #​975: a wrong example in the docs of lusolve.

• Fixed #​983: pickRandom returning an array instead of single value
  when input was an array with just one value. Clarified docs.

• Fixed #​969: preven issues with yarn autoclean by renaming an
  interally used folder "docs" to "embeddedDocs".

2017-11-18, version 3.17.0

• Improved simplify for nested exponentiations. Thanks @​IvanVergiliev.
• Fixed a security issue in typed-function allowing arbitrary code execution
  in the JavaScript engine by creating a typed function with JavaScript code
  in the name. Thanks Masato Kinugawa.
• Fixed a security issue where forbidden properties like constructor could be
  replaced by using unicode characters when creating an object. No known exploit,
  but could possibly allow arbitrary code execution. Thanks Masato Kinugawa.

2017-10-18, version 3.16.5

• Fixed #​954: Functions add and multiply not working when
  passing three or more arrays or matrices.

2017-10-01, version 3.16.4

• Fixed #​948, #​949: function simplify returning wrong results or
  running into an infinite recursive loop. Thanks @​ericman314.
• Fixed many small issues in the embedded docs. Thanks @​Schnark.

2017-08-28, version 3.16.3

• Fixed #​934: Wrong simplification of unary minus. Thanks @​firepick1.
• Fixed #​933: function simplify reordering operations. Thanks @​firepick1.
• Fixed #​930: function isNaN returning wrong result for complex
  numbers having just one of their parts (re/im) being NaN.
• Fixed #​929: FibonacciHeap.isEmpty returning wrong result.

2017-08-20, version 3.16.2

• Fixed #​924: a regression in simplify not accepting the signature
  simplify(expr, rules, scope) anymore. Thanks @​firepick1.
• Fixed missing parenthesis when stringifying expressions containing
  implicit multiplications (see #​922). Thanks @​FSMaxB.

2017-08-12, version 3.16.1

• For security reasons, type checking is now done in a more strict
  way using functions like isComplex(x) instead of duck type checking
  like x && x.isComplex === true.
• Fixed #​915: No access to property "name".
• Fixed #​901: Simplify units when calling unit.toNumeric().
  Thanks @​AlexanderBeyn.
• Fixed toString of a parsed expression tree containing an
  immediately invoked function assignment not being wrapped in
  parenthesis (for example (f(x) = x^2)(4)).

2017-08-06, version 3.16.0

• Significant performance improvements in math.simplify.
  Thanks @​firepick1.
• Improved API for math.simplify, optionally pass a scope with
  variables which are resolved, see #​907. Thanks @​firepick1.
• Fixed #​912: math.js didn't work on IE10 anymore (regression
  since 3.15.0).

2017-07-29, version 3.15.0

• Added support for the dollar character $ in symbol names (see #​895).
• Allow objects with prototypes as scope again in the expression parser,
  this was disabled for security reasons some time ago. See #​888, #​899.
  Thanks @​ThomasBrierley.
• Fixed #​846: Issues in the functions map, forEach, and filter
  when used in the expression parser:
  • Not being able to use a function assignment as inline expression
    for the callback function.
  • Not being able to pass an inline expression as callback for map
    and forEach.
  • Index and original array/matrix not passed in map and filter.

2017-07-05, version 3.14.2

• Upgraded to fraction.js@4.0.2
• Fixed #​891 using BigNumbers not working in browser environments.

2017-06-30, version 3.14.1

• Rever

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.