[Security] Bump mathjs from 3.16.5 to 3.20.2

[dependabot-preview]

Bumps mathjs from 3.16.5 to 3.20.2. This update includes security fixes.

Vulnerabilities fixed

Sourced from The Sonatype OSS Index.

[CVE-2017-1001003] Improper Input Validation
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.

Affected versions: <3.17.0

Sourced from The Sonatype OSS Index.

[CVE-2017-1001002] math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. ...
math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.

Affected versions: <3.17.0; <=3.17.0

Changelog

Sourced from mathjs's changelog.

2018-02-07, version 3.20.2

• Upgraded to typed-function@0.10.7 (bug-fix release).
• Fixed option implicit not being copied from an OperatorNode
  when applying function map. Thanks HarrySarson.
• Fixed #995: spaces and underscores not property being escaped
  in toTex(). Thanks FSMaxB.

2018-01-17, version 3.20.1

• Fixed #1018: simplifyCore failing in some cases with parentheses.
  Thanks firepick1.

2018-01-14, version 3.20.0

• Implement support for 3 or more arguments for operators + and * in
  derivative. Thanks HarrySarson. See #1002.
• Fixed simplify evalution of simplify of functions with more than two
  arguments wrongly: simplify('f(x, y, z)') evaluated to f(f(x, y), z)instead off(x, y, z)`. Thanks joelhoover.
• Fixed simplify throwing an error in some cases when simplifying unknown
  functions, for example simplify('f(4)'). Thanks joelhoover.
• Fixed #1013: simplify wrongly simplifing some expressions containing unary
  minus, like 0 - -x. Thanks joelhoover.
• Fixed an error in an example in the documentation of xor. Thanks denisx.

2018-01-06, version 3.19.0

• Extended functions distance and intersect with support for BigNumbers.
  Thanks ovk.
• Improvements in function simplify: added a rule that allows combining
  of like terms in embedded quantities. Thanks joelhoover.

2017-12-28, version 3.18.1

• Fixed #998: An issue with simplifying an expression containing a subtraction.
  Thanks firepick1.

2017-12-16, version 3.18.0

• Implemented function rationalize. Thanks paulobuchsbaum.
• Upgraded dependencies:

  decimal.js    7.2.3  →  9.0.1 (no breaking changes affecting mathjs) 
  fraction.js   4.0.2  →  4.0.4 
  

... (truncated)

Commits

• 20f317c Released mathjs v3.20.2
• 84b7ff0 Merge branch 'master' into develop
• 2d212c4 Update maintenance image
• c576c64 Updated history
• 17f2a8d Merge pull request #1022 from FSMaxB/tex-string-improvements
• 9126130 toTex: Escape special characters in strings
• 94ab164 Add escape-latex as dependency
• a00b333 Fixed some broken links and an example output
• 40b9703 Updated history
• ac59bc8 Merge pull request #1029 from HarrySarson/forgotten-implicit2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.