- Added support for TypeScript 5.9
- Added support for
import defersyntax in JavaScript and TypeScript.
- Data flow is now tracked through the
Promise.tryandArray.prototype.withfunctions. - Query
js/index-out-of-boundsno longer produces a false-positive when a strictly-less-than check overrides a previous less-than-or-equal test. - The query
js/remote-property-injectionnow detects property injection vulnerabilities through object enumeration patterns such asObject.keys(). - The query "Permissive CORS configuration" (
js/cors-permissive-configuration) has been promoted from experimental and is now part of the default security suite. Thank you to @maikypedia who submitted the original experimental query!