npm - mathjs - Versions diffs - 13.0.3 → 13.1.1 - Mend

mathjs 13.0.3 → 13.1.1

Files changed (213) hide show

package/HISTORY.md +30 -1
package/bin/cli.js +24 -10
package/lib/browser/math.js +1 -1
package/lib/browser/math.js.LICENSE.txt +2 -2
package/lib/browser/math.js.map +1 -1
package/lib/cjs/core/create.js +12 -9
package/lib/cjs/core/function/typed.js +3 -4
package/lib/cjs/entry/dependenciesAny/dependenciesFlatten.generated.js +0 -2
package/lib/cjs/entry/dependenciesAny/dependenciesSqueeze.generated.js +0 -2
package/lib/cjs/entry/impureFunctionsAny.generated.js +2 -2
package/lib/cjs/entry/pureFunctionsAny.generated.js +6 -8
package/lib/cjs/entry/typeChecks.js +18 -0
package/lib/cjs/expression/embeddedDocs/embeddedDocs.js +2 -2
package/lib/cjs/expression/embeddedDocs/function/arithmetic/hypot.js +1 -1
package/lib/cjs/expression/embeddedDocs/function/matrix/diff.js +1 -1
package/lib/cjs/expression/embeddedDocs/function/matrix/fft.js +1 -1
package/lib/cjs/expression/embeddedDocs/function/matrix/ifft.js +1 -1
package/lib/cjs/expression/embeddedDocs/function/matrix/kron.js +1 -1
package/lib/cjs/expression/embeddedDocs/function/matrix/map.js +3 -3
package/lib/cjs/expression/embeddedDocs/function/special/zeta.js +1 -1
package/lib/cjs/expression/embeddedDocs/function/statistics/quantileSeq.js +1 -1
package/lib/cjs/expression/embeddedDocs/function/trigonometry/acoth.js +1 -1
package/lib/cjs/expression/embeddedDocs/function/trigonometry/acsch.js +1 -1
package/lib/cjs/expression/embeddedDocs/function/utils/clone.js +1 -1
package/lib/cjs/expression/function/evaluate.js +5 -0
package/lib/cjs/expression/node/FunctionNode.js +10 -2
package/lib/cjs/expression/transform/filter.transform.js +2 -2
package/lib/cjs/expression/transform/map.transform.js +104 -37
package/lib/cjs/expression/transform/utils/dimToZeroBase.js +23 -0
package/lib/cjs/expression/transform/utils/lastDimToZeroBase.js +3 -4
package/lib/cjs/function/arithmetic/hypot.js +3 -3
package/lib/cjs/function/matrix/apply.js +1 -1
package/lib/cjs/function/matrix/fft.js +3 -3
package/lib/cjs/function/matrix/filter.js +2 -2
package/lib/cjs/function/matrix/flatten.js +5 -6
package/lib/cjs/function/matrix/ifft.js +2 -2
package/lib/cjs/function/matrix/kron.js +4 -4
package/lib/cjs/function/matrix/map.js +109 -18
package/lib/cjs/function/matrix/size.js +7 -7
package/lib/cjs/function/matrix/squeeze.js +3 -4
package/lib/cjs/function/probability/random.js +1 -1
package/lib/cjs/function/probability/randomInt.js +1 -1
package/lib/cjs/function/statistics/cumsum.js +2 -2
package/lib/cjs/function/trigonometry/acoth.js +2 -2
package/lib/cjs/function/trigonometry/acsch.js +2 -2
package/lib/cjs/header.js +2 -2
package/lib/cjs/type/matrix/DenseMatrix.js +3 -28
package/lib/cjs/type/matrix/SparseMatrix.js +5 -8
package/lib/cjs/utils/array.js +27 -0
package/lib/cjs/utils/collection.js +1 -1
package/lib/cjs/utils/customs.js +5 -12
package/lib/cjs/utils/function.js +0 -14
package/lib/cjs/utils/is.js +27 -0
package/lib/cjs/utils/map.js +7 -23
package/lib/cjs/version.js +1 -1
package/lib/esm/core/create.js +9 -6
package/lib/esm/core/function/typed.js +2 -3
package/lib/esm/entry/dependenciesAny/dependenciesFlatten.generated.js +0 -2
package/lib/esm/entry/dependenciesAny/dependenciesSqueeze.generated.js +0 -2
package/lib/esm/entry/impureFunctionsAny.generated.js +3 -3
package/lib/esm/entry/pureFunctionsAny.generated.js +7 -9
package/lib/esm/entry/typeChecks.js +1 -1
package/lib/esm/expression/embeddedDocs/embeddedDocs.js +2 -2
package/lib/esm/expression/embeddedDocs/function/arithmetic/hypot.js +1 -1
package/lib/esm/expression/embeddedDocs/function/matrix/diff.js +1 -1
package/lib/esm/expression/embeddedDocs/function/matrix/fft.js +1 -1
package/lib/esm/expression/embeddedDocs/function/matrix/ifft.js +1 -1
package/lib/esm/expression/embeddedDocs/function/matrix/kron.js +1 -1
package/lib/esm/expression/embeddedDocs/function/matrix/map.js +3 -3
package/lib/esm/expression/embeddedDocs/function/special/zeta.js +1 -1
package/lib/esm/expression/embeddedDocs/function/statistics/quantileSeq.js +1 -1
package/lib/esm/expression/embeddedDocs/function/trigonometry/acoth.js +1 -1
package/lib/esm/expression/embeddedDocs/function/trigonometry/acsch.js +1 -1
package/lib/esm/expression/embeddedDocs/function/utils/clone.js +1 -1
package/lib/esm/expression/function/compile.js +1 -1
package/lib/esm/expression/function/evaluate.js +8 -3
package/lib/esm/expression/node/FunctionNode.js +10 -2
package/lib/esm/expression/parse.js +2 -2
package/lib/esm/expression/transform/filter.transform.js +4 -4
package/lib/esm/expression/transform/forEach.transform.js +4 -4
package/lib/esm/expression/transform/map.transform.js +104 -37
package/lib/esm/expression/transform/print.transform.js +2 -2
package/lib/esm/expression/transform/utils/dimToZeroBase.js +16 -0
package/lib/esm/expression/transform/utils/lastDimToZeroBase.js +4 -6
package/lib/esm/function/algebra/decomposition/slu.js +1 -1
package/lib/esm/function/algebra/derivative.js +15 -15
package/lib/esm/function/algebra/lyap.js +4 -4
package/lib/esm/function/algebra/simplify/util.js +3 -3
package/lib/esm/function/algebra/simplifyConstant.js +9 -9
package/lib/esm/function/algebra/solver/lsolve.js +3 -3
package/lib/esm/function/algebra/solver/lsolveAll.js +3 -3
package/lib/esm/function/algebra/solver/lusolve.js +5 -5
package/lib/esm/function/algebra/solver/usolve.js +3 -3
package/lib/esm/function/algebra/solver/usolveAll.js +3 -3
package/lib/esm/function/algebra/sylvester.js +7 -7
package/lib/esm/function/arithmetic/addScalar.js +4 -4
package/lib/esm/function/arithmetic/ceil.js +6 -6
package/lib/esm/function/arithmetic/divide.js +5 -5
package/lib/esm/function/arithmetic/divideScalar.js +5 -5
package/lib/esm/function/arithmetic/fix.js +5 -5
package/lib/esm/function/arithmetic/floor.js +6 -6
package/lib/esm/function/arithmetic/hypot.js +3 -3
package/lib/esm/function/arithmetic/mod.js +3 -3
package/lib/esm/function/arithmetic/multiply.js +7 -7
package/lib/esm/function/arithmetic/multiplyScalar.js +4 -4
package/lib/esm/function/arithmetic/norm.js +2 -2
package/lib/esm/function/arithmetic/pow.js +6 -6
package/lib/esm/function/arithmetic/round.js +7 -7
package/lib/esm/function/arithmetic/subtractScalar.js +4 -4
package/lib/esm/function/arithmetic/xgcd.js +1 -1
package/lib/esm/function/combinatorics/bellNumbers.js +1 -1
package/lib/esm/function/combinatorics/catalan.js +1 -1
package/lib/esm/function/combinatorics/composition.js +1 -1
package/lib/esm/function/combinatorics/stirlingS2.js +1 -1
package/lib/esm/function/geometry/distance.js +4 -4
package/lib/esm/function/geometry/intersect.js +2 -2
package/lib/esm/function/logical/and.js +2 -2
package/lib/esm/function/logical/or.js +2 -2
package/lib/esm/function/logical/xor.js +2 -2
package/lib/esm/function/matrix/apply.js +2 -2
package/lib/esm/function/matrix/column.js +1 -1
package/lib/esm/function/matrix/concat.js +1 -1
package/lib/esm/function/matrix/count.js +1 -1
package/lib/esm/function/matrix/cross.js +3 -3
package/lib/esm/function/matrix/diag.js +10 -10
package/lib/esm/function/matrix/diff.js +2 -2
package/lib/esm/function/matrix/eigs.js +3 -3
package/lib/esm/function/matrix/fft.js +3 -3
package/lib/esm/function/matrix/filter.js +4 -4
package/lib/esm/function/matrix/flatten.js +5 -6
package/lib/esm/function/matrix/forEach.js +4 -4
package/lib/esm/function/matrix/identity.js +6 -6
package/lib/esm/function/matrix/ifft.js +3 -3
package/lib/esm/function/matrix/inv.js +1 -1
package/lib/esm/function/matrix/kron.js +7 -7
package/lib/esm/function/matrix/map.js +110 -19
package/lib/esm/function/matrix/matrixFromFunction.js +6 -6
package/lib/esm/function/matrix/ones.js +2 -2
package/lib/esm/function/matrix/partitionSelect.js +2 -2
package/lib/esm/function/matrix/pinv.js +1 -1
package/lib/esm/function/matrix/range.js +10 -10
package/lib/esm/function/matrix/reshape.js +2 -2
package/lib/esm/function/matrix/rotate.js +4 -4
package/lib/esm/function/matrix/rotationMatrix.js +6 -6
package/lib/esm/function/matrix/row.js +1 -1
package/lib/esm/function/matrix/size.js +8 -8
package/lib/esm/function/matrix/sort.js +4 -4
package/lib/esm/function/matrix/sqrtm.js +1 -1
package/lib/esm/function/matrix/squeeze.js +3 -4
package/lib/esm/function/matrix/subset.js +2 -2
package/lib/esm/function/matrix/zeros.js +2 -2
package/lib/esm/function/probability/combinations.js +1 -1
package/lib/esm/function/probability/combinationsWithRep.js +2 -2
package/lib/esm/function/probability/kldivergence.js +4 -4
package/lib/esm/function/probability/multinomial.js +1 -1
package/lib/esm/function/probability/permutations.js +2 -2
package/lib/esm/function/probability/pickRandom.js +6 -6
package/lib/esm/function/probability/random.js +1 -1
package/lib/esm/function/probability/randomInt.js +1 -1
package/lib/esm/function/relational/compare.js +6 -6
package/lib/esm/function/relational/deepEqual.js +1 -1
package/lib/esm/function/relational/equal.js +1 -1
package/lib/esm/function/relational/equalScalar.js +7 -7
package/lib/esm/function/relational/equalText.js +1 -1
package/lib/esm/function/relational/larger.js +3 -3
package/lib/esm/function/relational/largerEq.js +4 -4
package/lib/esm/function/relational/smaller.js +3 -3
package/lib/esm/function/relational/smallerEq.js +3 -3
package/lib/esm/function/relational/unequal.js +1 -1
package/lib/esm/function/set/setCartesian.js +1 -1
package/lib/esm/function/set/setDifference.js +1 -1
package/lib/esm/function/set/setDistinct.js +1 -1
package/lib/esm/function/set/setIntersect.js +1 -1
package/lib/esm/function/set/setIsSubset.js +1 -1
package/lib/esm/function/set/setMultiplicity.js +1 -1
package/lib/esm/function/set/setPowerset.js +1 -1
package/lib/esm/function/set/setSize.js +2 -2
package/lib/esm/function/set/setSymDifference.js +1 -1
package/lib/esm/function/set/setUnion.js +1 -1
package/lib/esm/function/signal/freqz.js +6 -6
package/lib/esm/function/statistics/corr.js +2 -2
package/lib/esm/function/statistics/cumsum.js +3 -3
package/lib/esm/function/statistics/max.js +1 -1
package/lib/esm/function/statistics/median.js +3 -3
package/lib/esm/function/statistics/min.js +1 -1
package/lib/esm/function/statistics/prod.js +1 -1
package/lib/esm/function/statistics/variance.js +2 -2
package/lib/esm/function/string/bin.js +2 -2
package/lib/esm/function/string/hex.js +2 -2
package/lib/esm/function/string/oct.js +2 -2
package/lib/esm/function/trigonometry/acoth.js +2 -2
package/lib/esm/function/trigonometry/acsch.js +2 -2
package/lib/esm/type/bigint.js +1 -1
package/lib/esm/type/complex/function/complex.js +2 -2
package/lib/esm/type/fraction/function/fraction.js +1 -1
package/lib/esm/type/matrix/DenseMatrix.js +13 -38
package/lib/esm/type/matrix/SparseMatrix.js +5 -8
package/lib/esm/type/matrix/function/index.js +1 -1
package/lib/esm/type/matrix/function/matrix.js +1 -1
package/lib/esm/type/matrix/function/sparse.js +2 -2
package/lib/esm/type/number.js +1 -1
package/lib/esm/type/unit/function/createUnit.js +3 -3
package/lib/esm/type/unit/function/splitUnit.js +1 -1
package/lib/esm/type/unit/function/unit.js +2 -2
package/lib/esm/utils/array.js +26 -0
package/lib/esm/utils/collection.js +1 -1
package/lib/esm/utils/customs.js +5 -12
package/lib/esm/utils/function.js +0 -13
package/lib/esm/utils/is.js +24 -0
package/lib/esm/utils/map.js +7 -22
package/lib/esm/version.js +1 -1
package/package.json +13 -13
package/types/index.d.ts +57 -18

package/HISTORY.md CHANGED Viewed

@@ -1,5 +1,34 @@
 # History
+# 2024-08-27, 13.1.1
+- Fix security vulnerability in the CLI and web API allowing to call functions
+  `import`, `createUnit` and `reviver`, allowing to get access to the internal
+  math namespace and allowing arbitrary code execution. Thanks @StarlightPWN.
+- Fix security vulnerability: when overwriting a `rawArgs` function with a
+  non-`rawArgs` function, it was still called with raw arguments. This was both
+  a functional issue and a security issue. Thanks @StarlightPWN.
+- Fix security vulnerability: ensure that `ObjectWrappingMap` cannot delete
+  unsafe properties. Thanks @StarlightPWN.
+- Fix: not being able to use methods and properties on arrays inside the
+  expression parser.
+# 2024-08-26, 13.1.0
+- Feat: support multiple inputs in function `map` (#3228, #3196).
+  Thanks @dvd101x.
+- Feat: add matrix datatypes in more cases (#3235). Thanks @dvd101x.
+- Feat: export util functions `isMap`, `isPartitionedMap`, and
+  `isObjectWrappingMap`.
+- Fix: #3241 function `map` not always working with matrices (#3242).
+  Thanks @dvd101x.
+- Fix: #3244 fix broken link to `ResultSet` in the docs about classes.
+- Docs: add a link to the documentation page about the syntax expression
+  from the function `evaluate` (see #3238).
+- Docs: improve the documentation of `scope` and fix the example
+  `custom_scope_objects.js` (#3150)
+- Docs: spelling fixes in the embedded docs (#3252). Thanks @dvd101x.
 # 2024-07-19, 13.0.3
 - Fix: #3232 fix type definitions of function `format` to support notations
@@ -503,7 +532,7 @@ Non-breaking changes:
 # 2022-05-24, version 10.6.0
-- Implementation of fourier transform functions `fft` and `ifft` (#2540).
+- Implementation of Fourier transform functions `fft` and `ifft` (#2540).
   Thanks @HanchaiN.
 - Fix TypeScript types not being listed in the exported fields (#2569).
   Thanks @mattvague.

package/bin/cli.js CHANGED Viewed

@@ -56,10 +56,23 @@ const PRECISION = 14 // decimals
  * "Lazy" load math.js: only require when we actually start using it.
  * This ensures the cli application looks like it loads instantly.
  * When requesting help or version number, math.js isn't even loaded.
- * @return {*}
+ * @return {{ evalute: function, parse: function, math: Object }}
  */
 function getMath () {
-  return require('../lib/browser/math.js')
+  const { create, all } = require('../lib/browser/math.js')
+  const math = create(all)
+  const parse = math.parse
+  const evaluate = math.evaluate
+  // See https://mathjs.org/docs/expressions/security.html#less-vulnerable-expression-parser
+  math.import({
+    'import':     function () { throw new Error('Function import is disabled') },
+    'createUnit': function () { throw new Error('Function createUnit is disabled') },
+    'reviver':    function () { throw new Error('Function reviver is disabled') }
+  }, { override: true })
+  return { math, parse, evaluate }
 }
 /**
@@ -68,7 +81,7 @@ function getMath () {
  * @param {*} value
  */
 function format (value) {
-  const math = getMath()
+  const { math } = getMath()
   return math.format(value, {
     fn: function (value) {
@@ -88,7 +101,7 @@ function format (value) {
  * @return {[Array, String]} completions
  */
 function completer (text) {
-  const math = getMath()
+  const { math } = getMath()
   let matches = []
   let keyword
   const m = /[a-zA-Z_0-9]+$/.exec(text)
@@ -183,7 +196,7 @@ function runStream (input, output, mode, parenthesis) {
   }
   // load math.js now, right *after* loading the prompt.
-  const math = getMath()
+  const { math, parse } = getMath()
   // TODO: automatic insertion of 'ans' before operators like +, -, *, /
@@ -214,7 +227,7 @@ function runStream (input, output, mode, parenthesis) {
           case 'evaluate':
             // evaluate expression
             try {
-              let node = math.parse(expr)
+              let node = parse(expr)
               let res = node.evaluate(scope)
               if (math.isResultSet(res)) {
@@ -288,7 +301,7 @@ function runStream (input, output, mode, parenthesis) {
  * @return {string | null} Returns the name when found, else returns null.
  */
 function findSymbolName (node) {
-  const math = getMath()
+  const { math } = getMath()
   let n = node
   while (n) {
@@ -412,9 +425,10 @@ if (version) {
   // run a stream, can be user input or pipe input
   runStream(process.stdin, process.stdout, mode, parenthesis)
 } else {
-  fs.stat(scripts[0], function (e, f) {
-    if (e) {
-      console.log(getMath().evaluate(scripts.join(' ')).toString())
+  fs.stat(scripts[0], function (err) {
+    if (err) {
+      const { evaluate } = getMath()
+      console.log(evaluate(scripts.join(' ')).toString())
     } else {
     // work through the queue of scripts
       scripts.forEach(function (arg) {