codeql/javascript/ql/lib/change-notes/released/2.5.0.md

2.5.0

Major Analysis Improvements

• Added support for the response threat model kind, which can enabled with advanced setup. When enabled, the response data coming back from an outgoing HTTP request is considered a source of taint.
• Added support for the useQuery hook from @tanstack/react-query.

Minor Analysis Improvements

• The response.download() function in express is now recognized as a sink for path traversal attacks.