add taint step through array-union, array-uniq, and uniq

javascript/ql/test/library-tests/Arrays/DataFlow.expected

@@ -10,6 +10,7 @@
 | arrays.js:2:16:2:23 | "source" | arrays.js:71:10:71:10 | x |
 | arrays.js:2:16:2:23 | "source" | arrays.js:74:8:74:29 | arr.fin ... llback) |
 | arrays.js:2:16:2:23 | "source" | arrays.js:77:8:77:35 | arrayFi ... llback) |
+| arrays.js:2:16:2:23 | "source" | arrays.js:81:10:81:10 | x |
 | arrays.js:18:22:18:29 | "source" | arrays.js:18:50:18:50 | e |
 | arrays.js:22:15:22:22 | "source" | arrays.js:23:8:23:17 | arr2.pop() |
 | arrays.js:25:15:25:22 | "source" | arrays.js:26:8:26:17 | arr3.pop() |

javascript/ql/test/library-tests/Arrays/arrays.js

@@ -75,4 +75,9 @@
 
   const arrayFind = require("array-find");
   sink(arrayFind(arr, someCallback)); // NOT OK
+
+  const uniq = require("uniq");
+  for (const x of uniq(arr)) {
+    sink(x); // NOT OK
+  }
 });

javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected

@@ -14,6 +14,7 @@ typeInferenceMismatch
 | array-mutation.js:39:17:39:24 | source() | array-mutation.js:40:8:40:8 | j |
 | arrays.js:2:15:2:22 | source() | arrays.js:5:10:5:20 | arrify(foo) |
 | arrays.js:2:15:2:22 | source() | arrays.js:8:10:8:22 | arrayIfy(foo) |
+| arrays.js:2:15:2:22 | source() | arrays.js:11:10:11:28 | union(["bla"], foo) |
 | booleanOps.js:2:11:2:18 | source() | booleanOps.js:4:8:4:8 | x |
 | booleanOps.js:2:11:2:18 | source() | booleanOps.js:13:10:13:10 | x |
 | booleanOps.js:2:11:2:18 | source() | booleanOps.js:19:10:19:10 | x |

javascript/ql/test/library-tests/TaintTracking/arrays.js

@@ -6,4 +6,7 @@ function test() {
 
     const arrayIfy = require("array-ify");
     sink(arrayIfy(foo)); // NOT OK
+
+    const union = require("array-union");
+    sink(union(["bla"], foo)); // NOT OK
 }