search

pie-framework / pie-elements

A collection of pies for rendering interactions in an assessment environment
http://pie-website.surge.sh
ISC License
0 stars 7 forks source link

build(deps): bump mathjs from 7.6.0 to 13.2.2 #2293

Closed dependabot[bot] closed 4 days ago

dependabot[bot] commented 5 days ago

Bumps mathjs from 7.6.0 to 13.2.2.

Changelog

Sourced from mathjs's changelog.

2024-11-13, 13.2.2

2024-11-06, 13.2.1

  • Update to the latest version of complex.js.
  • Fix Index.dimension(dim) accepting non-numeric input.
  • Fix: #3290 should validate variables names in method Parser.set (#3308). Thanks @​nkumawat34.

2024-10-02, 13.2.0

  • Feat: improve performance of functions map, filter and forEach (#3256). Thanks @​dvd101x.
  • Feat: improve performance of the methods map() and forEach() of DenseMatrix (#3251). Thanks @​Galm007.
  • Fix: #3253 cannot use identifiers containing special characters in function derivative.
  • Fix: improve the type definitions of ConstantNode to support all data types (#3257). Thanks @​smith120bh.
  • Fix: #3259 function symbolicEqual missing in the TypeScript definitions.
  • Fix: #3246 function leafCount missing in the TypeScript definitions.
  • Fix: #3267 implicit multiplication with a negative number and unit in.
  • Docs: fix broken links on the Configuration page. Thanks @​vassudanagunta.
  • Docs: document the syntax of map and forEach in the expression parser (#3272). Thanks @​dvd101x.

2024-08-27, 13.1.1

  • Fix security vulnerability in the CLI and web API allowing to call functions import, createUnit and reviver, allowing to get access to the internal math namespace and allowing arbitrary code execution. Thanks @​StarlightPWN.
  • Fix security vulnerability: when overwriting a rawArgs function with a non-rawArgs function, it was still called with raw arguments. This was both a functional issue and a security issue. Thanks @​StarlightPWN.
  • Fix security vulnerability: ensure that ObjectWrappingMap cannot delete unsafe properties. Thanks @​StarlightPWN.
  • Fix: not being able to use methods and properties on arrays inside the expression parser.

2024-08-26, 13.1.0

  • Feat: support multiple inputs in function map (#3228, #3196). Thanks @​dvd101x.
  • Feat: add matrix datatypes in more cases (#3235). Thanks @​dvd101x.
  • Feat: export util functions isMap, isPartitionedMap, and isObjectWrappingMap.
  • Fix: #3241 function map not always working with matrices (#3242).

... (truncated)

Commits
  • 7b8e86f chore: publish v13.2.2
  • 552541e chore: run npm update
  • f6a0657 fix: #1455 implicit multiplication of a fraction with unit 'in' is incorrect ...
  • ab2bc16 chore: more logging output for the LambdaTests
  • 6e8b65f chore: run LambdaTest tests in parallel
  • badf5fc chore: publish v13.2.1
  • 12c9071 chore: update package-lock.json
  • 3e3e6c2 chore: revert to typescript@5.5.4 due to some incompatibilities
  • eb5e493 fix #3290: should validate variables names in the method Parser.set (#3308)
  • 22db7d2 Revert "feat: upgrade to fraction.js@5 (#3283)"
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 4 days ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.