- Deleted the deprecated
describeBitSizepredicate fromIncorrectIntegerConversionLib.qll
- Models-as-data models using "Parameter", "Parameter[n]" or "Parameter[n1..n2]" as the output now work correctly.
- By implementing
ImplicitFieldReadNodeit is now possible to declare a dataflow node that reads any content (fields, array members, map keys and values). For example, this is appropriate for modelling a serialization method that flattens a potentially deep data structure into a string or byte array. - The
Template.Execute[Template]methods of thetext/templatepackage now correctly convey taint from any nested fields to their result. This may produce more results from any taint-tracking query when thetext/templatepackage is in use. - Added the rs cors library to the CorsMisconfiguration.ql query