add taint through the qs library

javascript/ql/src/semmle/javascript/frameworks/UriLibraries.qll

@@ -292,6 +292,20 @@ module querystring {
   }
 }
 
+/**
+ * A taint step through a call to [qs](https://npmjs.com/package/qs)
+ */
+private class QsStep extends TaintTracking::SharedTaintStep {
+  override predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) {
+    exists(API::CallNode call |
+      call = API::moduleImport("qs").getMember(["parse", "stringify"]).getACall()
+    |
+      pred = call.getArgument(0) and
+      succ = call
+    )
+  }
+}
+
 /**
  * Provides steps for the `goog.Uri` class in the closure library.
  */