* fix: disable parser functions in the CLI (security issue)
* fix: ensure `ObjectWrappingMap` doesn't allow deleting unsafe properties (security issue)
* fix: enable using methods and (safe) properties on plain arrays
* docs: update the "Less vulnerable expression parser" section in the docs
* chore: fix typos and linting issues
* chore: keep functions like `simplify` enabled in the CLI
* docs: update the security page
* fix: ensure `ObjectWrappingMap.keys` cannot list unsafe properties
* fix: when overwriting a rawArgs function with a non-rawArgs function it was still called with raw arguments
* docs: fix a typo
* Add support for scopes with get and set methods
* Fix build for node v12
* Fixup cli and parser tests
* Add tests for simplify and evaluate
* Add example for a custom scope object
* Function calls need child scopes
* Transitionary step: Separate Safe and Scope Property calls
* Renamed identifiers in FunctionNode
* Evaluate with ObjectScopeWrapper
* Simplify tests passing
* Assume all scopes are map-like. Except parser
* Remove isMapLike check in customs.*SafeProperty() methods
* Change MapLike to Map
* Move keywords from an Object to a Set
* Move ScopeProperty functions in to scope.js
* Removed deprecation warning
* Rename scope.js to map.js
* Rename ScopeProperty to MapProperty
* Add tests and docs for map.js
* Put back the micro-optimization of function calls
* Use Map in the parser
* Called scope methods directly in cli.js
* Coercing of scope into a Map is done in Node, not evaluate
* Move createSubScope to its own file
* Fixup following self-review
* Add scope docs
* Final self-review changes
* Address reviewer comments
* Remove MapProperty witness marks
* Converted broken benchmark possibly lost in a rebase
* Use bare map as scope in benchmark
Co-authored-by: Jos de Jong <wjosdejong@gmail.com>
* Add `.js` extension to source file imports
* Specify package `exports` in `package.json`
Specify package type as `commonjs` (It's good to be specific)
* Move all compiled scripts into `lib` directory
Remove ./number.js (You can use the compiled ones in `./lib/*`)
Tell node that the `esm` directory is type `module` and enable tree shaking.
Remove unused files from packages `files` property
* Allow importing of package.json
* Make library ESM first
* - Fix merge conflicts
- Refactor `bundleAny` into `defaultInstance.js` and `browserBundle.cjs`
- Refactor unit tests to be able to run with plain nodejs (no transpiling)
- Fix browser examples
* Fix browser and browserstack tests
* Fix running unit tests on Node 10 (which has no support for modules)
* Fix node.js examples (those are still commonjs)
* Remove the need for `browserBundle.cjs`
* Generate minified bundle only
* [Security] Bump node-fetch from 2.6.0 to 2.6.1 (#1963)
Bumps [node-fetch](https://github.com/bitinn/node-fetch) from 2.6.0 to 2.6.1. **This update includes a security fix.**
- [Release notes](https://github.com/bitinn/node-fetch/releases)
- [Changelog](https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md)
- [Commits](https://github.com/bitinn/node-fetch/compare/v2.6.0...v2.6.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Cleanup console.log
* Add integration tests to test the entry points (commonjs/esm, full/number only)
* Create backward compatibility error messages in the files moved/removed since v8
* Describe breaking changes in HISTORY.md
* Bump karma from 5.2.1 to 5.2.2 (#1965)
Bumps [karma](https://github.com/karma-runner/karma) from 5.2.1 to 5.2.2.
- [Release notes](https://github.com/karma-runner/karma/releases)
- [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md)
- [Commits](https://github.com/karma-runner/karma/compare/v5.2.1...v5.2.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Lee Langley-Rees <lee@greenimp.co.uk>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* chore(package): update standard to version 12.0.0
* update to new lint version with --fix
I believe this mainly adds whitespace to `{}`'s.
* Replace assert.equal with assert.strictEqual
This breaks a lot of tests which I will endevour to fix in the next
commits.
* Fix most errors due to assert.strictEquals
Some instances of `strictEquals` are replaced by `deepEquals`.
`toString` has been used to make some string comparisions explicit.
Tests will still fail untill #1236 and #1237 are fixed.
* Fix assertion erros due to -0
With node 10, assert.strictEqual no longer considers `0 === -0`.
I missed these first time round as I was using node 8.
* Put toString correct side of bracket
I was converting the constructor to a string rather
than the result of the computation. Oops.
* Fixed#1236: quantileSeq has inconsistant return
* Update package-lock
* Fixed#1237: norm sometimes returning a complex number instead of number
* Fix cli tests
* More changes for standardjs, and fixes in unit tests
