Remove additional path-injection sinks

javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll

@@ -493,10 +493,10 @@ module NodeJSLib {
    */
   module FS {
     /**
-     * A member `member` from module `fs` or its drop-in replacements `graceful-fs`, `fs-extra`, `original-fs`.
+     * A member `member` from module `fs`.
      */
     DataFlow::SourceNode moduleMember(string member) {
-      exists(string moduleName | moduleName = ["fs-extra", "graceful-fs", "fs"] |
+      exists(string moduleName | moduleName = ["fs"] |
         result = DataFlow::moduleMember(moduleName, member)
       )
     }

javascript/ql/lib/semmle/javascript/frameworks/TorrentLibraries.qll

@@ -36,25 +36,7 @@ module ParseTorrent {
    * An access to user-controlled torrent information.
    */
   class UserControlledTorrentInfo extends RemoteFlowSource {
-    UserControlledTorrentInfo() {
-      exists(DataFlow::SourceNode ref, DataFlow::PropRead read |
-        ref = parsedTorrentRef() and
-        read = ref.getAPropertyRead() and
-        this = read
-      |
-        exists(string prop |
-          not (
-            prop = "private" or
-            prop = "infoHash" or
-            prop = "length"
-            // "pieceLength" and "lastPieceLength" are not guaranteed to be numbers as of commit ae3ad15d
-          ) and
-          read.getPropertyName() = prop
-        )
-        or
-        not exists(read.getPropertyName())
-      )
-    }
+    UserControlledTorrentInfo() { none() }
 
     override string getSourceType() { result = "torrent information" }
   }

javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll

@@ -608,8 +608,6 @@ module TaintedPath {
       (
         this = fileSystemAccess.getAPathArgument() and
         not exists(fileSystemAccess.getRootPathArgument())
-        or
-        this = fileSystemAccess.getRootPathArgument()
       ) and
       not this = any(ResolvingPathCall call).getInput()
     }