2.6.1

Minor Analysis Improvements

• Data passed to the NextResponse constructor is now treated as a sink for js/reflected-xss.
• Data received from NextRequest and Request is now treated as a remote user input source.
• Added support for the make-dir package.
• Added support for the open package.
• Added taint propagation for Uint8Array, ArrayBuffer, SharedArrayBuffer and TextDecoder.decode().
• Improved detection of WebSocket and SockJS usage.
• Added data received from WebSocket clients as a remote flow source.
• Added support for additional mkdirp methods as sinks in path-injection queries.
• Added support for additional rimraf methods as sinks in path-injection queries.