github
diff --git a/‎change-notes/1.19/analysis-csharp.md‎
Lines changed: 3 additions & 2 deletions b/‎change-notes/1.19/analysis-csharp.md‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎change-notes/1.19/analysis-java.md‎
Lines changed: 1 addition & 0 deletions b/‎change-notes/1.19/analysis-java.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎change-notes/1.19/analysis-javascript.md‎
Lines changed: 2 additions & 1 deletion b/‎change-notes/1.19/analysis-javascript.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎config/identical-files.json‎
Lines changed: 4 additions & 4 deletions b/‎config/identical-files.json‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎cpp/ql/src/semmle/code/cpp/ir/implementation/MemoryAccessKind.qll‎
Lines changed: 1 addition & 1 deletion b/‎cpp/ql/src/semmle/code/cpp/ir/implementation/MemoryAccessKind.qll‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/IR.qll‎
Lines changed: 1 addition & 1 deletion b/‎cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/IR.qll‎
Lines changed: 1 addition & 1 deletion
@@ -3,9 +3,9 @@
 ## General improvements
 
 * Control flow graph improvements:
-  * The control flow graph construction now takes simple Boolean conditions on local scope variables into account. For example, in `if (b) x = 0; if (b) x = 1;`, the control flow graph will reflect that taking the `true` (resp. `false`) branch in the first condition implies taking the same branch in the second condition. In effect, the first assignment to `x` will now be identified as being dead.
+* The control flow graph construction now takes simple Boolean conditions on local scope variables into account. For example, in `if (b) x = 0; if (b) x = 1;`, the control flow graph will reflect that taking the `true` (resp. `false`) branch in the first condition implies taking the same branch in the second condition. In effect, the first assignment to `x` will now be identified as being dead.
   * Code that is only reachable from a constant failing assertion, such as `Debug.Assert(false)`, is considered to be unreachable.
-  
+
 ## New queries
 
 | **Query**                   | **Tags**  | **Purpose**                                                        |
@@ -16,6 +16,7 @@
 
 | Inconsistent lock sequence (`cs/inconsistent-lock-sequence`) | More results | This query now finds inconsistent lock sequences globally across calls. |
 | Local scope variable shadows member (`cs/local-shadows-member`) | Fewer results | Results have been removed where a constructor parameter shadows a member, because the parameter is probably used to initialize the member. |
+| Cross-site scripting (`cs/web/xss`) | More results | This query now finds cross-site scripting vulnerabilities in ASP.NET Core applications. |
 | *@name of query (Query ID)*| *Impact on results*    | *How/why the query has changed*                                  |
 
 
 
@@ -6,6 +6,7 @@
 
 | **Query**                   | **Tags**  | **Purpose**                                                        |
 |-----------------------------|-----------|--------------------------------------------------------------------|
+| Arbitrary file write during archive extraction ("Zip Slip") (`java/zipslip`) | security, external/cwe/cwe-022 | Identifies extraction routines that allow arbitrary file overwrite vulnerabilities. |
 | Missing catch of NumberFormatException (`java/uncaught-number-format-exception`) | reliability, external/cwe/cwe-248 | Finds calls to `Integer.parseInt` and similar string-to-number conversions that might raise a `NumberFormatException` without a corresponding `catch`-clause. |
 
 ## Changes to existing queries
 
@@ -9,7 +9,7 @@
 * Support for popular libraries has been improved. Consequently, queries may produce more results on code bases that use the following features:
   - file system access, for example through [fs-extra](https://github.com/jprichardson/node-fs-extra) or [globby](https://www.npmjs.com/package/globby)
   - outbound network access, for example through the [fetch API](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API)
-  - the [Google Cloud Spanner](https://cloud.google.com/spanner) database
+  - the [Google Cloud Spanner](https://cloud.google.com/spanner), [lodash](https://lodash.com) and [underscore](https://underscorejs.org/) libraries
 
 * The type inference now handles nested imports (that is, imports not appearing at the toplevel). This may yield fewer false-positive results on projects that use this non-standard language feature.
 
@@ -35,6 +35,7 @@
 | Remote property injection | Fewer results | The precision of this rule has been revised to "medium". Results are no longer shown on LGTM by default. |
 | Missing CSRF middleware | Fewer false-positive results | This rule now recognizes additional CSRF protection middlewares. |
 | Server-side URL redirect | More results | This rule now recognizes redirection calls in more cases. |
+| Unused variable, import, function or class | Fewer false-positive results | This rule now flags fewer variables that may be used by `eval` calls. |
 | Unused variable, import, function or class | Fewer results | This rule now flags import statements with multiple unused imports once. |
 | User-controlled bypass of security check | Fewer results | This rule no longer flags conditions that guard early returns. The precision of this rule has been revised to "medium". Results are no longer shown on LGTM by default. | 
 | Whitespace contradicts operator precedence | Fewer false-positive results | This rule no longer flags operators with asymmetric whitespace. |
 
@@ -19,10 +19,10 @@
         "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/FunctionIR.qll",
         "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/FunctionIR.qll"
     ],
-    "C++ IR OperandTag": [
-        "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/OperandTag.qll",
-        "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/OperandTag.qll",
-        "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/OperandTag.qll"
+    "C++ IR Operand": [
+        "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/Operand.qll",
+        "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/Operand.qll",
+        "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/Operand.qll"
     ],
     "C++ IR IRImpl": [
         "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/IR.qll",
 
@@ -16,7 +16,7 @@ class MemoryAccessKind extends TMemoryAccessKind {
 
 /**
  * The operand or result accesses memory at the address specified by the
- * `LoadStoreAddressOperand` on the same instruction.
+ * `AddressOperand` on the same instruction.
  */
 class IndirectMemoryAccess extends MemoryAccessKind, TIndirectMemoryAccess {
   override string toString() {
 
@@ -2,7 +2,7 @@ import FunctionIR
 import Instruction
 import IRBlock
 import IRVariable
-import OperandTag
+import Operand
 import semmle.code.cpp.ir.implementation.EdgeKind
 import semmle.code.cpp.ir.implementation.MemoryAccessKind