- Support for handlebars templates has improved. Raw interpolation tags of the form
{{& ... }}are now recognized, as well as whitespace-trimming tags like{{~ ... }}. - Data flow is now tracked across middleware functions in more cases, leading to more security results in general. Affected packages are
expressandfastify. js/missing-token-validationhas been made more precise, yielding both fewer false positives and more true positives.