codeql/javascript/ql/lib/change-notes/released/2.6.0.md

2.6.0

New Features

• Extraction now supports regular expressions with the v flag, using the new operators:
  • Intersection &&
  • Subtraction --
  • \q quoted string

Major Analysis Improvements

• Added support for TypeScript 5.8.

Minor Analysis Improvements

• Added support for additional fs-extra methods as sinks in path-injection queries.
• Added support for the newer version of Hapi with the @hapi/hapi import and server function.
• Improved modeling of the node:fs module: await-ed calls to read and readFile are now supported.
• Added support for the @sap/hana-client, @sap/hdbext and hdb packages.
• Enhanced axios support with new methods (postForm, putForm, patchForm, getUri, create) and added support for interceptors.request and interceptors.response.
• Improved support for got package with Options, paginate() and extend()
• Added support for the ApolloServer class from @apollo/server and similar packages. In particular, the incoming data in a GraphQL resolver is now seen as a source of untrusted user input.
• Improved support for superagent to handle the case where the package is directly called as a function, or via the .del() or .agent() method.
• Added support for the underscore.string package.
• Added additional flow step for unescape() and escape().
• Added support for the @tanstack/vue-query package.
• Added taint-steps for unescape().
• Added support for the @tanstack/angular-query-experimental package.
• Improved support for the @angular/common/http package, detecting outgoing HTTP requests in more cases.
• Improved the modeling of the markdown-table package to ensure it handles nested arrays properly.
• Added support for the react-relay library.