github
diff --git a/‎javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java
Lines changed: 35 additions & 3 deletions b/‎javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java
Lines changed: 35 additions & 3 deletions
diff --git a/‎javascript/extractor/src/com/semmle/js/extractor/tsconfig/CompilerOptions.java
Lines changed: 13 additions & 0 deletions b/‎javascript/extractor/src/com/semmle/js/extractor/tsconfig/CompilerOptions.java
Lines changed: 13 additions & 0 deletions
diff --git a/‎javascript/extractor/src/com/semmle/js/extractor/tsconfig/TsConfigJson.java
Lines changed: 13 additions & 0 deletions b/‎javascript/extractor/src/com/semmle/js/extractor/tsconfig/TsConfigJson.java
Lines changed: 13 additions & 0 deletions
diff --git a/‎javascript/extractor/test/com/semmle/js/extractor/test/AutoBuildTests.java
Lines changed: 39 additions & 1 deletion b/‎javascript/extractor/test/com/semmle/js/extractor/test/AutoBuildTests.java
Lines changed: 39 additions & 1 deletion
diff --git a/‎javascript/ql/lib/change-notes/2025-06-05-skip-obviously-generated-files.md
Lines changed: 4 additions & 0 deletions b/‎javascript/ql/lib/change-notes/2025-06-05-skip-obviously-generated-files.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎javascript/ql/lib/change-notes/2025-06-16-middleware-express.md
Lines changed: 5 additions & 0 deletions b/‎javascript/ql/lib/change-notes/2025-06-16-middleware-express.md
Lines changed: 5 additions & 0 deletions
diff --git a/‎javascript/ql/lib/semmle/javascript/Routing.qll
Lines changed: 1 addition & 1 deletion b/‎javascript/ql/lib/semmle/javascript/Routing.qll
Lines changed: 1 addition & 1 deletion
diff --git a/‎javascript/ql/lib/semmle/javascript/frameworks/Express.qll
Lines changed: 2 additions & 2 deletions b/‎javascript/ql/lib/semmle/javascript/frameworks/Express.qll
Lines changed: 2 additions & 2 deletions
diff --git a/‎javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected
Lines changed: 32 additions & 0 deletions b/‎javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected
Lines changed: 32 additions & 0 deletions
diff --git a/‎javascript/ql/test/query-tests/Security/CWE-918/serverSide2.js
Lines changed: 27 additions & 0 deletions b/‎javascript/ql/test/query-tests/Security/CWE-918/serverSide2.js
Lines changed: 27 additions & 0 deletions
diff --git a/‎rust/extractor/src/config.rs
Lines changed: 1 addition & 0 deletions b/‎rust/extractor/src/config.rs
Lines changed: 1 addition & 0 deletions
diff --git a/‎rust/extractor/src/main.rs
Lines changed: 1 addition & 0 deletions b/‎rust/extractor/src/main.rs
Lines changed: 1 addition & 0 deletions
diff --git a/‎rust/extractor/src/qltest.rs
Lines changed: 21 additions & 2 deletions b/‎rust/extractor/src/qltest.rs
Lines changed: 21 additions & 2 deletions
diff --git a/‎rust/extractor/src/qltest_cargo.mustache
Lines changed: 2 additions & 2 deletions b/‎rust/extractor/src/qltest_cargo.mustache
Lines changed: 2 additions & 2 deletions
@@ -39,6 +39,8 @@
 
 import com.google.gson.Gson;
 import com.google.gson.JsonParseException;
+import com.semmle.js.extractor.tsconfig.TsConfigJson;
+import com.semmle.js.extractor.tsconfig.CompilerOptions;
 import com.semmle.js.dependencies.AsyncFetcher;
 import com.semmle.js.dependencies.DependencyResolver;
 import com.semmle.js.dependencies.packument.PackageJson;
@@ -745,6 +747,26 @@ private CompletableFuture<?> extractSource() throws IOException {
         .filter(p -> !isFileTooLarge(p))
         .sorted(PATH_ORDERING)
         .collect(Collectors.toCollection(() -> new LinkedHashSet<>()));
+    // gather all output directories specified in tsconfig.json files
+    final List<Path> outDirs = new ArrayList<>();
+    for (Path cfg : tsconfigFiles) {
+      try {
+        String txt = new WholeIO().read(cfg);
+        TsConfigJson root = new Gson().fromJson(txt, TsConfigJson.class);
+        if (root != null && root.getCompilerOptions() != null) {
+          if (root.getCompilerOptions().getOutDir() == null) {
+            // no outDir specified, so skip this tsconfig.json
+            continue;
+          }
+          Path odir = cfg.getParent().resolve(root.getCompilerOptions().getOutDir()).toAbsolutePath().normalize();
+          outDirs.add(odir);
+        }
+      } catch (Exception e) {
+        // ignore malformed tsconfig or missing fields
+      }
+    }
+    // exclude files in output directories as configured in tsconfig.json
+    filesToExtract.removeIf(f -> outDirs.stream().anyMatch(od -> f.startsWith(od)));
 
     DependencyInstallationResult dependencyInstallationResult = DependencyInstallationResult.empty;
     if (!tsconfigFiles.isEmpty()) {
@@ -796,9 +818,19 @@ private CompletableFuture<?> extractFiles(
    */
   private boolean isFileDerivedFromTypeScriptFile(Path path, Set<Path> extractedFiles) {
     String name = path.getFileName().toString();
-    if (!name.endsWith(".js"))
+    // only skip JS variants when a corresponding TS/TSX file was already extracted
+    if (!(name.endsWith(".js")
+          || name.endsWith(".cjs")
+          || name.endsWith(".mjs")
+          || name.endsWith(".jsx")
+          || name.endsWith(".cjsx")
+          || name.endsWith(".mjsx"))) {
       return false;
-    String stem = name.substring(0, name.length() - ".js".length());
+    }
+    // strip off extension
+    int dot = name.lastIndexOf('.');
+    String stem = dot != -1 ? name.substring(0, dot) : name;
+    // if a TS/TSX file with same base name was extracted, skip this file
     for (String ext : FileType.TYPESCRIPT.getExtensions()) {
       if (extractedFiles.contains(path.getParent().resolve(stem + ext))) {
         return true;
@@ -1154,7 +1186,7 @@ public FileVisitResult visitFile(Path file, BasicFileAttributes attrs)
             }
 
             // extract TypeScript projects from 'tsconfig.json'
-            if (typeScriptMode == TypeScriptMode.FULL
+            if (typeScriptMode != TypeScriptMode.NONE
                 && treatAsTSConfig(file.getFileName().toString())
                 && !excludes.contains(file)
                 && isFileIncluded(file)) {
 
@@ -0,0 +1,13 @@
+package com.semmle.js.extractor.tsconfig;
+
+public class CompilerOptions {
+  private String outDir;
+
+  public String getOutDir() {
+    return outDir;
+  }
+
+  public void setOutDir(String outDir) {
+    this.outDir = outDir;
+  }
+}
@@ -0,0 +1,13 @@
+package com.semmle.js.extractor.tsconfig;
+
+public class TsConfigJson {
+  private CompilerOptions compilerOptions;
+
+  public CompilerOptions getCompilerOptions() {
+    return compilerOptions;
+  }
+
+  public void setCompilerOptions(CompilerOptions compilerOptions) {
+    this.compilerOptions = compilerOptions;
+  }
+}
@@ -135,6 +135,7 @@ public void extractTypeScriptFiles(
             FileExtractors extractors) {
           for (Path f : files) {
             actual.add(f.toString());
+            extractedFiles.add(f);
           }
         }
 
@@ -175,7 +176,7 @@ public FileVisitResult visitFile(Path file, BasicFileAttributes attrs)
 
   @Test
   public void basicTest() throws IOException {
-    addFile(true, LGTM_SRC, "tst.js");
+    addFile(false, LGTM_SRC, "tst.js");
     addFile(true, LGTM_SRC, "tst.ts");
     addFile(true, LGTM_SRC, "tst.html");
     addFile(true, LGTM_SRC, "tst.xsjs");
@@ -203,6 +204,43 @@ public void typescriptWrongConfig() throws IOException {
     runTest();
   }
 
+  @Test
+  public void skipJsFilesDerivedFromTypeScriptFiles() throws IOException {
+    // JS-derived files (.js, .cjs, .mjs, .jsx, .cjsx, .mjsx) should be skipped when TS indexing
+    envVars.put("LGTM_INDEX_TYPESCRIPT", "basic");
+    // Add TypeScript sources
+    addFile(true, LGTM_SRC, "foo.ts");
+    addFile(true, LGTM_SRC, "bar.tsx");
+    // Add derived JS variants (should be skipped)
+    addFile(false, LGTM_SRC, "foo.js");
+    addFile(false, LGTM_SRC, "bar.jsx");
+    addFile(false, LGTM_SRC, "foo.cjs");
+    addFile(false, LGTM_SRC, "foo.mjs");
+    addFile(false, LGTM_SRC, "bar.cjsx");
+    addFile(false, LGTM_SRC, "bar.mjsx");
+    // A normal JS file without TS counterpart should be extracted
+    addFile(true, LGTM_SRC, "normal.js");
+    runTest();
+  }
+
+  @Test
+  public void skipFilesInTsconfigOutDir() throws IOException {
+    envVars.put("LGTM_INDEX_TYPESCRIPT", "basic");
+    // Files under outDir in tsconfig.json should be excluded
+    // Create tsconfig.json with outDir set to "dist"
+    addFile(true, LGTM_SRC, "tsconfig.json");
+    Path config = Paths.get(LGTM_SRC.toString(), "tsconfig.json");
+    Files.write(config,
+        "{\"compilerOptions\":{\"outDir\":\"dist\"}}".getBytes(StandardCharsets.UTF_8));
+    // Add files outside outDir (should be extracted)
+    addFile(true, LGTM_SRC, "src", "app.ts");
+    addFile(true, LGTM_SRC, "main.js");
+    // Add files under dist/outDir (should be skipped)
+    addFile(false, LGTM_SRC, "dist", "generated.js");
+    addFile(false, LGTM_SRC, "dist", "sub", "x.js");
+    runTest();
+  }
+
   @Test
   public void includeFile() throws IOException {
     envVars.put("LGTM_INDEX_INCLUDE", "tst.js");
 
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The JavaScript extractor now skips generated JavaScript files if the original TypeScript files are already present. It also skips any files in the output directory specified in the `compilerOptions` part of the `tsconfig.json` file.
@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+* Improved data flow tracking through middleware to handle default value and similar patterns.
+* Added `req._parsedUrl` as a remote input source.
@@ -925,7 +925,7 @@ module Routing {
   private DataFlow::Node getAnAccessPathRhs(Node base, int n, string path) {
     // Assigned in the body of a route handler function, which is a middleware
     exists(RouteHandler handler | base = handler |
-      result = AccessPath::getAnAssignmentTo(handler.getParameter(n).ref(), path) and
+      result = AccessPath::getAnAssignmentTo(handler.getParameter(n).ref(), path).getALocalSource() and
       (
         exists(handler.getAContinuationInvocation())
         or
 
@@ -618,9 +618,9 @@ module Express {
         kind = "body" and
         this = ref.getAPropertyRead("body")
         or
-        // `req.path`
+        // `req.path` and `req._parsedUrl`
         kind = "url" and
-        this = ref.getAPropertyRead("path")
+        this = ref.getAPropertyRead(["path", "_parsedUrl"])
       )
     }
 
 
@@ -6,6 +6,10 @@
 | apollo.serverSide.ts:8:39:8:64 | get(fil ...  => {}) | apollo.serverSide.ts:7:36:7:44 | { files } | apollo.serverSide.ts:8:43:8:50 | file.url | The $@ of this request depends on a $@. | apollo.serverSide.ts:8:43:8:50 | file.url | URL | apollo.serverSide.ts:7:36:7:44 | { files } | user-provided value |
 | apollo.serverSide.ts:18:37:18:62 | get(fil ...  => {}) | apollo.serverSide.ts:17:34:17:42 | { files } | apollo.serverSide.ts:18:41:18:48 | file.url | The $@ of this request depends on a $@. | apollo.serverSide.ts:18:41:18:48 | file.url | URL | apollo.serverSide.ts:17:34:17:42 | { files } | user-provided value |
 | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | The $@ of this request depends on a $@. | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | endpoint | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | user-provided value |
+| serverSide2.js:17:28:17:47 | axios.get(targetUrl) | serverSide2.js:10:25:10:31 | req.url | serverSide2.js:17:38:17:46 | targetUrl | The $@ of this request depends on a $@. | serverSide2.js:17:38:17:46 | targetUrl | URL | serverSide2.js:10:25:10:31 | req.url | user-provided value |
+| serverSide2.js:20:29:20:49 | axios.g ... etUrl1) | serverSide2.js:9:43:9:56 | req._parsedUrl | serverSide2.js:20:39:20:48 | targetUrl1 | The $@ of this request depends on a $@. | serverSide2.js:20:39:20:48 | targetUrl1 | URL | serverSide2.js:9:43:9:56 | req._parsedUrl | user-provided value |
+| serverSide2.js:23:29:23:49 | axios.g ... etUrl2) | serverSide2.js:22:24:22:30 | req.url | serverSide2.js:23:39:23:48 | targetUrl2 | The $@ of this request depends on a $@. | serverSide2.js:23:39:23:48 | targetUrl2 | URL | serverSide2.js:22:24:22:30 | req.url | user-provided value |
+| serverSide2.js:26:29:26:49 | axios.g ... etUrl3) | serverSide2.js:11:24:11:30 | req.url | serverSide2.js:26:39:26:48 | targetUrl3 | The $@ of this request depends on a $@. | serverSide2.js:26:39:26:48 | targetUrl3 | URL | serverSide2.js:11:24:11:30 | req.url | user-provided value |
 | serverSide.js:18:5:18:20 | request(tainted) | serverSide.js:14:29:14:35 | req.url | serverSide.js:18:13:18:19 | tainted | The $@ of this request depends on a $@. | serverSide.js:18:13:18:19 | tainted | URL | serverSide.js:14:29:14:35 | req.url | user-provided value |
 | serverSide.js:20:5:20:24 | request.get(tainted) | serverSide.js:14:29:14:35 | req.url | serverSide.js:20:17:20:23 | tainted | The $@ of this request depends on a $@. | serverSide.js:20:17:20:23 | tainted | URL | serverSide.js:14:29:14:35 | req.url | user-provided value |
 | serverSide.js:24:5:24:20 | request(options) | serverSide.js:14:29:14:35 | req.url | serverSide.js:23:19:23:25 | tainted | The $@ of this request depends on a $@. | serverSide.js:23:19:23:25 | tainted | URL | serverSide.js:14:29:14:35 | req.url | user-provided value |
@@ -63,6 +67,18 @@ edges
 | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | axiosInterceptors.serverSide.js:19:11:19:17 | { url } | provenance |  |
 | axiosInterceptors.serverSide.js:20:5:20:25 | userProvidedUrl | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | provenance |  |
 | axiosInterceptors.serverSide.js:20:23:20:25 | url | axiosInterceptors.serverSide.js:20:5:20:25 | userProvidedUrl | provenance |  |
+| serverSide2.js:9:34:9:63 | qs.pars ... .query) | serverSide2.js:19:24:19:51 | req.par ... rsedUrl | provenance |  |
+| serverSide2.js:9:43:9:56 | req._parsedUrl | serverSide2.js:9:34:9:63 | qs.pars ... .query) | provenance |  |
+| serverSide2.js:10:25:10:31 | req.url | serverSide2.js:16:23:16:41 | req.parsedQuery.url | provenance |  |
+| serverSide2.js:11:24:11:30 | req.url | serverSide2.js:25:24:25:41 | req.SomeObject.url | provenance |  |
+| serverSide2.js:16:11:16:41 | targetUrl | serverSide2.js:17:38:17:46 | targetUrl | provenance |  |
+| serverSide2.js:16:23:16:41 | req.parsedQuery.url | serverSide2.js:16:11:16:41 | targetUrl | provenance |  |
+| serverSide2.js:19:11:19:55 | targetUrl1 | serverSide2.js:20:39:20:48 | targetUrl1 | provenance |  |
+| serverSide2.js:19:24:19:51 | req.par ... rsedUrl | serverSide2.js:19:11:19:55 | targetUrl1 | provenance |  |
+| serverSide2.js:22:11:22:36 | targetUrl2 | serverSide2.js:23:39:23:48 | targetUrl2 | provenance |  |
+| serverSide2.js:22:24:22:30 | req.url | serverSide2.js:22:11:22:36 | targetUrl2 | provenance |  |
+| serverSide2.js:25:11:25:47 | targetUrl3 | serverSide2.js:26:39:26:48 | targetUrl3 | provenance |  |
+| serverSide2.js:25:24:25:41 | req.SomeObject.url | serverSide2.js:25:11:25:47 | targetUrl3 | provenance |  |
 | serverSide.js:14:9:14:52 | tainted | serverSide.js:18:13:18:19 | tainted | provenance |  |
 | serverSide.js:14:9:14:52 | tainted | serverSide.js:20:17:20:23 | tainted | provenance |  |
 | serverSide.js:14:9:14:52 | tainted | serverSide.js:23:19:23:25 | tainted | provenance |  |
@@ -163,6 +179,22 @@ nodes
 | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | semmle.label | req.body |
 | axiosInterceptors.serverSide.js:20:5:20:25 | userProvidedUrl | semmle.label | userProvidedUrl |
 | axiosInterceptors.serverSide.js:20:23:20:25 | url | semmle.label | url |
+| serverSide2.js:9:34:9:63 | qs.pars ... .query) | semmle.label | qs.pars ... .query) |
+| serverSide2.js:9:43:9:56 | req._parsedUrl | semmle.label | req._parsedUrl |
+| serverSide2.js:10:25:10:31 | req.url | semmle.label | req.url |
+| serverSide2.js:11:24:11:30 | req.url | semmle.label | req.url |
+| serverSide2.js:16:11:16:41 | targetUrl | semmle.label | targetUrl |
+| serverSide2.js:16:23:16:41 | req.parsedQuery.url | semmle.label | req.parsedQuery.url |
+| serverSide2.js:17:38:17:46 | targetUrl | semmle.label | targetUrl |
+| serverSide2.js:19:11:19:55 | targetUrl1 | semmle.label | targetUrl1 |
+| serverSide2.js:19:24:19:51 | req.par ... rsedUrl | semmle.label | req.par ... rsedUrl |
+| serverSide2.js:20:39:20:48 | targetUrl1 | semmle.label | targetUrl1 |
+| serverSide2.js:22:11:22:36 | targetUrl2 | semmle.label | targetUrl2 |
+| serverSide2.js:22:24:22:30 | req.url | semmle.label | req.url |
+| serverSide2.js:23:39:23:48 | targetUrl2 | semmle.label | targetUrl2 |
+| serverSide2.js:25:11:25:47 | targetUrl3 | semmle.label | targetUrl3 |
+| serverSide2.js:25:24:25:41 | req.SomeObject.url | semmle.label | req.SomeObject.url |
+| serverSide2.js:26:39:26:48 | targetUrl3 | semmle.label | targetUrl3 |
 | serverSide.js:14:9:14:52 | tainted | semmle.label | tainted |
 | serverSide.js:14:19:14:42 | url.par ... , true) | semmle.label | url.par ... , true) |
 | serverSide.js:14:29:14:35 | req.url | semmle.label | req.url |
 
@@ -0,0 +1,27 @@
+const express = require('express');
+const axios = require('axios');
+const qs = require('qs');
+
+const app = express();
+const PORT = 3000;
+
+app.use((req, res, next) => {
+  req.parsedQueryFromParsedUrl = qs.parse(req._parsedUrl.query);  // $Source[js/request-forgery]
+  req.parsedQuery.url = req.url || {}; // $Source[js/request-forgery]
+  req.SomeObject.url = req.url; // $Source[js/request-forgery]
+  next();
+});
+
+app.get('/proxy', async (req, res) => {
+    const targetUrl = req.parsedQuery.url;  
+    const response = await axios.get(targetUrl); // $Alert[js/request-forgery]
+
+    const targetUrl1 = req.parsedQueryFromParsedUrl.url;  
+    const response1 = await axios.get(targetUrl1); // $Alert[js/request-forgery]
+ 
+    const targetUrl2 = req.url || {};  // $Source[js/request-forgery]
+    const response2 = await axios.get(targetUrl2);  // $Alert[js/request-forgery]
+
+    const targetUrl3 = req.SomeObject.url || {};
+    const response3 = await axios.get(targetUrl3);  // $Alert[js/request-forgery]
+});
@@ -62,6 +62,7 @@ pub struct Config {
     pub qltest: bool,
     pub qltest_cargo_check: bool,
     pub qltest_dependencies: Vec<String>,
+    pub qltest_use_nightly: bool,
     pub sysroot: Option<PathBuf>,
     pub sysroot_src: Option<PathBuf>,
     pub rustc_src: Option<PathBuf>,
 
@@ -103,6 +103,7 @@ impl<'a> Extractor<'a> {
             }
         }
         translator.emit_source_file(&ast);
+        translator.emit_truncated_diagnostics_message();
         translator.trap.commit().unwrap_or_else(|err| {
             error!(
                 "Failed to write trap file for: {}: {}",
 
@@ -8,6 +8,9 @@ use std::path::Path;
 use std::process::Command;
 use tracing::info;
 
+const EDITION: &str = "2021";
+const NIGHTLY: &str = "nightly-2025-06-01";
+
 fn dump_lib() -> anyhow::Result<()> {
     let path_iterator = glob("*.rs").context("globbing test sources")?;
     let paths = path_iterator
@@ -29,8 +32,11 @@ enum TestCargoManifest<'a> {
         uses_proc_macro: bool,
         uses_main: bool,
         dependencies: &'a [String],
+        edition: &'a str,
+    },
+    Macro {
+        edition: &'a str,
     },
-    Macro {},
 }
 
 impl TestCargoManifest<'_> {
@@ -56,16 +62,26 @@ fn dump_cargo_manifest(dependencies: &[String]) -> anyhow::Result<()> {
         uses_proc_macro,
         uses_main: fs::exists("main.rs").context("checking existence of main.rs")?,
         dependencies,
+        edition: EDITION,
     };
     if uses_proc_macro {
         TestCargoManifest::Workspace {}.dump("")?;
         lib_manifest.dump(".lib")?;
-        TestCargoManifest::Macro {}.dump(".proc_macro")
+        TestCargoManifest::Macro { edition: EDITION }.dump(".proc_macro")
     } else {
         lib_manifest.dump("")
     }
 }
 
+fn dump_nightly_toolchain() -> anyhow::Result<()> {
+    fs::write(
+        "rust-toolchain.toml",
+        format!("[toolchain]\nchannel = \"{NIGHTLY}\"\n"),
+    )
+    .context("writing rust-toolchain.toml")?;
+    Ok(())
+}
+
 fn set_sources(config: &mut Config) -> anyhow::Result<()> {
     let path_iterator = glob("**/*.rs").context("globbing test sources")?;
     config.inputs = path_iterator
@@ -79,6 +95,9 @@ pub(crate) fn prepare(config: &mut Config) -> anyhow::Result<()> {
     dump_lib()?;
     set_sources(config)?;
     dump_cargo_manifest(&config.qltest_dependencies)?;
+    if config.qltest_use_nightly {
+        dump_nightly_toolchain()?;
+    }
     if config.qltest_cargo_check {
         let status = Command::new("cargo")
             .env("RUSTFLAGS", "-Awarnings")
 
@@ -11,7 +11,7 @@ members = [".lib", ".proc_macro"]
 [package]
 name = "test"
 version = "0.0.1"
-edition = "2021"
+edition = "{{ edition }}"
 [lib]
 path = "{{#uses_proc_macro}}../{{/uses_proc_macro}}lib.rs"
 {{#uses_main}}
@@ -32,7 +32,7 @@ proc_macro = { path = "../.proc_macro" }
 [package]
 name = "proc_macro"
 version = "0.0.1"
-edition = "2021"
+edition = "{{ edition }}"
 [lib]
 path = "../proc_macro.rs"
 proc_macro = true
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* The JavaScript extractor now skips generated JavaScript files if the original TypeScript files are already present. It also skips any files in the output directory specified in the `compilerOptions` part of the `tsconfig.json` file.
Original file line number	Diff line number	Diff line change
`@@ -925,7 +925,7 @@ module Routing {`
`925`	`925`	`private DataFlow::Node getAnAccessPathRhs(Node base, int n, string path) {`
`926`	`926`	`// Assigned in the body of a route handler function, which is a middleware`
`927`	`927`	`exists(RouteHandler handler \| base = handler \|`
`928`		`- result = AccessPath::getAnAssignmentTo(handler.getParameter(n).ref(), path) and`
	`928`	`+ result = AccessPath::getAnAssignmentTo(handler.getParameter(n).ref(), path).getALocalSource() and`
`929`	`929`	`(`
`930`	`930`	`exists(handler.getAContinuationInvocation())`
`931`	`931`	`or`
Original file line number	Diff line number	Diff line change
`@@ -618,9 +618,9 @@ module Express {`
`618`	`618`	`kind = "body" and`
`619`	`619`	`this = ref.getAPropertyRead("body")`
`620`	`620`	`or`
`621`		- // `req.path`
	`621`	+ // `req.path` and `req._parsedUrl`
`622`	`622`	`kind = "url" and`
`623`		`- this = ref.getAPropertyRead("path")`
	`623`	`+ this = ref.getAPropertyRead(["path", "_parsedUrl"])`
`624`	`624`	`)`
`625`	`625`	`}`
`626`	`626`
Original file line number	Diff line number	Diff line change
`@@ -103,6 +103,7 @@ impl<'a> Extractor<'a> {`
`103`	`103`	`}`
`104`	`104`	`}`
`105`	`105`	`translator.emit_source_file(&ast);`
	`106`	`+ translator.emit_truncated_diagnostics_message();`
`106`	`107`	`translator.trap.commit().unwrap_or_else(\|err\| {`
`107`	`108`	`error!(`
`108`	`109`	`"Failed to write trap file for: {}: {}",`