From 8c8e5a54c803b54ac650fd2531289156da18952f Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Mon, 12 Jan 2026 13:24:07 +0100
Subject: [PATCH 1/7] Update Go version in tests to 1.26.0

---
 MODULE.bazel               | 2 +-
 go/actions/test/action.yml | 2 +-
 go/extractor/go.mod        | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 8ba6c2fcd8c8..21e4fa44ca70 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -263,7 +263,7 @@ use_repo(
 )
 
 go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")
-go_sdk.download(version = "1.25.0")
+go_sdk.download(version = "1.26rc2")
 
 go_deps = use_extension("@gazelle//:extensions.bzl", "go_deps")
 go_deps.from_file(go_mod = "//go/extractor:go.mod")
diff --git a/go/actions/test/action.yml b/go/actions/test/action.yml
index d64142115f01..211f2a2e24fd 100644
--- a/go/actions/test/action.yml
+++ b/go/actions/test/action.yml
@@ -4,7 +4,7 @@ inputs:
   go-test-version:
     description: Which Go version to use for running the tests
     required: false
-    default: "~1.25.0"
+    default: "1.26.0-rc.2"
   run-code-checks:
     description: Whether to run formatting, code and qhelp generation checks
     required: false
diff --git a/go/extractor/go.mod b/go/extractor/go.mod
index 62d42b037ef6..131083bde578 100644
--- a/go/extractor/go.mod
+++ b/go/extractor/go.mod
@@ -1,8 +1,8 @@
 module github.com/github/codeql-go/extractor
 
-go 1.25
+go 1.26
 
-toolchain go1.25.0
+toolchain go1.26rc2
 
 // when updating this, run
 //    bazel run @rules_go//go -- mod tidy

From 8a95cbede2b23e47763d061fbf81c1b63455f8df Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Tue, 20 Jan 2026 21:01:43 +0100
Subject: [PATCH 2/7] Go: Bump `maxGoVersion` to 1.26

---
 go/extractor/autobuilder/build-environment.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go/extractor/autobuilder/build-environment.go b/go/extractor/autobuilder/build-environment.go
index 0a4c7e2983b4..c660373205b2 100644
--- a/go/extractor/autobuilder/build-environment.go
+++ b/go/extractor/autobuilder/build-environment.go
@@ -12,7 +12,7 @@ import (
 )
 
 var minGoVersion = util.NewSemVer("1.11")
-var maxGoVersion = util.NewSemVer("1.25")
+var maxGoVersion = util.NewSemVer("1.26")
 
 type versionInfo struct {
 	goModVersion util.SemVer // The version of Go found in the go directive in the `go.mod` file.

From 3e693905fc1e6014e21d265a4ea0469e9b166715 Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Tue, 20 Jan 2026 21:05:56 +0100
Subject: [PATCH 3/7] Go: Add change note

---
 go/ql/lib/change-notes/2026-01-20-go-version-1-26.md | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 go/ql/lib/change-notes/2026-01-20-go-version-1-26.md

diff --git a/go/ql/lib/change-notes/2026-01-20-go-version-1-26.md b/go/ql/lib/change-notes/2026-01-20-go-version-1-26.md
new file mode 100644
index 000000000000..97f022480c4c
--- /dev/null
+++ b/go/ql/lib/change-notes/2026-01-20-go-version-1-26.md
@@ -0,0 +1,4 @@
+---
+category: majorAnalysis
+---
+* Go 1.26 is now supported.

From 03d5047eeac3d4d18a227c73a061b2881d6a03f8 Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Tue, 20 Jan 2026 21:06:53 +0100
Subject: [PATCH 4/7] Go: Update supported versions to include 1.26

---
 docs/codeql/reusables/supported-versions-compilers.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/codeql/reusables/supported-versions-compilers.rst b/docs/codeql/reusables/supported-versions-compilers.rst
index c03713bdce25..5134ab7ee1f7 100644
--- a/docs/codeql/reusables/supported-versions-compilers.rst
+++ b/docs/codeql/reusables/supported-versions-compilers.rst
@@ -17,7 +17,7 @@
 
    .NET 5, .NET 6, .NET 7, .NET 8, .NET 9","``.sln``, ``.slnx``, ``.csproj``, ``.cs``, ``.cshtml``, ``.xaml``"
    GitHub Actions,"Not applicable",Not applicable,"``.github/workflows/*.yml``, ``.github/workflows/*.yaml``, ``**/action.yml``, ``**/action.yaml``"
-   Go (aka Golang), "Go up to 1.25", "Go 1.11 or more recent", ``.go``
+   Go (aka Golang), "Go up to 1.26", "Go 1.11 or more recent", ``.go``
    Java,"Java 7 to 25 [6]_","javac (OpenJDK and Oracle JDK),
 
    Eclipse compiler for Java (ECJ) [7]_",``.java``

From ecd5c8cbed8073cbcde3f4c2a890db7fc763bb74 Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Wed, 21 Jan 2026 12:07:59 +0000
Subject: [PATCH 5/7] Test builtins like standard library

---
 .../go/frameworks/StdlibTaintFlow/Builtin.go  | 104 ++++++++++++++++++
 1 file changed, 104 insertions(+)
 create mode 100644 go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Builtin.go

diff --git a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Builtin.go b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Builtin.go
new file mode 100644
index 000000000000..ca1ea9c932e0
--- /dev/null
+++ b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Builtin.go
@@ -0,0 +1,104 @@
+package main
+
+// Also tested in go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow
+// and go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow.
+
+func TaintStepTest_Append1(sourceCQL interface{}) interface{} {
+	from := sourceCQL.([]byte)
+	var intoInterface interface{}
+	intoInterface = append(from, "a string"...)
+	return intoInterface
+}
+
+func TaintStepTest_Append2(sourceCQL interface{}) interface{} {
+	from := sourceCQL.(int)
+	slice := []int{from}
+	var intoInterface []int
+	intoInterface = append(slice, 0)
+	return intoInterface[0]
+}
+
+func TaintStepTest_Append3(sourceCQL interface{}) interface{} {
+	from := sourceCQL.(string)
+	var intoInterface interface{}
+	intoInterface = append([]byte{}, from...)
+	return intoInterface
+}
+
+func TaintStepTest_Append4(sourceCQL interface{}) interface{} {
+	from := sourceCQL.(int)
+	var intoInterface []int
+	intoInterface = append([]int{}, 0, from, 1)
+	return intoInterface[0]
+}
+
+func TaintStepTest_Copy1(sourceCQL interface{}) interface{} {
+	from := sourceCQL.(string)
+	var intoInterface []byte
+	copy(intoInterface, from)
+	return intoInterface
+}
+
+func TaintStepTest_Copy2(sourceCQL interface{}) interface{} {
+	from := []int{sourceCQL.(int)}
+	var intoInterface []int
+	copy(intoInterface, from)
+	return intoInterface[0]
+}
+
+func TaintStepTest_Max(sourceCQL interface{}) interface{} {
+	from := sourceCQL.(int)
+	var intoInterface int
+	intoInterface = max(0, 1, from, 2, 3)
+	return intoInterface
+}
+
+func TaintStepTest_Min(sourceCQL interface{}) interface{} {
+	from := sourceCQL.(int)
+	var intoInterface int
+	intoInterface = min(0, 1, from, 2, 3)
+	return intoInterface
+}
+
+func RunAllTaints_Builtin() {
+	{
+		source := newSource(0)
+		out := TaintStepTest_Append1(source)
+		sink(0, out)
+	}
+	{
+		source := newSource(1)
+		out := TaintStepTest_Append2(source)
+		sink(1, out)
+	}
+	{
+		source := newSource(2)
+		out := TaintStepTest_Append3(source)
+		sink(2, out)
+	}
+	{
+		source := newSource(3)
+		out := TaintStepTest_Append4(source)
+		sink(3, out)
+	}
+	{
+		source := newSource(4)
+		out := TaintStepTest_Copy1(source)
+		sink(4, out)
+	}
+	{
+		source := newSource(5)
+		out := TaintStepTest_Copy2(source)
+		sink(5, out)
+	}
+	{
+		source := newSource(3)
+		out := TaintStepTest_Max(source)
+		sink(3, out)
+	}
+	{
+		source := newSource(4)
+		out := TaintStepTest_Min(source)
+		sink(4, out)
+	}
+}

From 63263d57edcc0d5b7559d94374224d114b53ee25 Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Wed, 21 Jan 2026 14:33:34 +0000
Subject: [PATCH 6/7] Add failing tests for newly added functions

---
 .../dataflow/ExternalTaintFlow/completetest.expected |  2 ++
 .../semmle/go/dataflow/ExternalTaintFlow/go.mod      |  2 +-
 .../go/dataflow/ExternalTaintFlow/sinks.expected     |  4 +++-
 .../go/dataflow/ExternalTaintFlow/srcs.expected      |  2 +-
 .../semmle/go/dataflow/ExternalTaintFlow/test.go     |  3 +++
 .../dataflow/ExternalValueFlow/completetest.expected |  1 +
 .../semmle/go/dataflow/ExternalValueFlow/go.mod      |  2 +-
 .../go/dataflow/ExternalValueFlow/sinks.expected     |  4 +++-
 .../go/dataflow/ExternalValueFlow/srcs.expected      |  2 +-
 .../semmle/go/dataflow/ExternalValueFlow/test.go     |  3 +++
 .../semmle/go/frameworks/StdlibTaintFlow/Builtin.go  | 12 ++++++++++++
 .../semmle/go/frameworks/StdlibTaintFlow/Bytes.go    | 11 +++++++++++
 .../semmle/go/frameworks/StdlibTaintFlow/Errors.go   | 12 ++++++++++++
 .../StdlibTaintFlow/StdlibTaintFlow.expected         |  3 +++
 .../semmle/go/frameworks/StdlibTaintFlow/go.mod      |  2 +-
 15 files changed, 58 insertions(+), 7 deletions(-)

diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/completetest.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/completetest.expected
index 42831abaf155..3bac7ade44fc 100644
--- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/completetest.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/completetest.expected
@@ -1,2 +1,4 @@
 invalidModelRow
 testFailures
+| test.go:204:21:204:51 | comment | Missing result: hasTaintFlow="call to new" |
+| test.go:205:21:205:55 | comment | Missing result: hasTaintFlow="star expression" |
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/go.mod b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/go.mod
index f5b1162fa7a7..d5f2af3e7879 100644
--- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/go.mod
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/go.mod
@@ -1,5 +1,5 @@
 module semmle.go.Packages
 
-go 1.13
+go 1.26
 
 require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/sinks.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/sinks.expected
index b39135f827e3..e5966200370e 100644
--- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/sinks.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/sinks.expected
@@ -44,4 +44,6 @@ invalidModelRow
 | test.go:199:23:199:26 | arg2 | qltest |
 | test.go:199:29:199:32 | arg3 | qltest |
 | test.go:202:22:202:25 | temp | qltest |
-| test.go:206:10:206:12 | src | qltest |
+| test.go:204:10:204:17 | call to new | qltest |
+| test.go:205:10:205:18 | star expression | qltest |
+| test.go:209:10:209:12 | src | qltest |
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected
index f99ee92a4928..e04fcf753095 100644
--- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected
@@ -22,4 +22,4 @@ invalidModelRow
 | test.go:187:24:187:31 | call to Src1 | qltest |
 | test.go:191:24:191:31 | call to Src1 | qltest |
 | test.go:201:10:201:28 | selection of SourceVariable | qltest |
-| test.go:205:15:205:17 | definition of src | qltest |
+| test.go:208:15:208:17 | definition of src | qltest |
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/test.go b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/test.go
index c9d732e74002..d244bc676aab 100644
--- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/test.go
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/test.go
@@ -200,6 +200,9 @@ func simpleflow() {
 
 	temp := test.SourceVariable
 	test.SinkVariable = temp // $ hasTaintFlow="temp"
+
+	b.Sink1(new(src))  // $ hasTaintFlow="call to new"
+	b.Sink1(*new(src)) // $ hasTaintFlow="star expression"
 }
 
 func srcParam(src string, b test.B) {
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.expected
index 42831abaf155..98a43158672c 100644
--- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.expected
@@ -1,2 +1,3 @@
 invalidModelRow
 testFailures
+| test.go:213:21:213:55 | comment | Missing result: hasValueFlow="star expression" |
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/go.mod b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/go.mod
index 57813acac558..d5f2af3e7879 100644
--- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/go.mod
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/go.mod
@@ -1,5 +1,5 @@
 module semmle.go.Packages
 
-go 1.21
+go 1.26
 
 require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.expected
index e7421a9ad147..f3fef94dfa6e 100644
--- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.expected
@@ -50,4 +50,6 @@ invalidModelRow
 | test.go:206:10:206:26 | call to min | qltest |
 | test.go:207:10:207:26 | call to min | qltest |
 | test.go:210:22:210:25 | temp | qltest |
-| test.go:214:10:214:12 | src | qltest |
+| test.go:212:10:212:17 | call to new | qltest |
+| test.go:213:10:213:18 | star expression | qltest |
+| test.go:217:10:217:12 | src | qltest |
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected
index 009238baa4d8..f5768d49d1b5 100644
--- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected
@@ -22,4 +22,4 @@ invalidModelRow
 | test.go:187:24:187:31 | call to Src1 | qltest |
 | test.go:191:24:191:31 | call to Src1 | qltest |
 | test.go:209:10:209:28 | selection of SourceVariable | qltest |
-| test.go:213:15:213:17 | definition of src | qltest |
+| test.go:216:15:216:17 | definition of src | qltest |
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go
index 3c172e6082d2..4e4b0527787c 100644
--- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go
@@ -208,6 +208,9 @@ func simpleflow() {
 
 	temp := test.SourceVariable
 	test.SinkVariable = temp // $ hasValueFlow="temp"
+
+	b.Sink1(new(src))
+	b.Sink1(*new(src)) // $ hasValueFlow="star expression"
 }
 
 func srcParam(src string, b test.B) {
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Builtin.go b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Builtin.go
index ca1ea9c932e0..f83dfa4ee23f 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Builtin.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Builtin.go
@@ -60,6 +60,13 @@ func TaintStepTest_Min(sourceCQL interface{}) interface{} {
 	return intoInterface
 }
 
+func TaintStepTest_New(sourceCQL interface{}) interface{} {
+	from := sourceCQL.(int)
+	var intoInterface *int
+	intoInterface = new(from)
+	return *intoInterface
+}
+
 func RunAllTaints_Builtin() {
 	{
 		source := newSource(0)
@@ -101,4 +108,9 @@ func RunAllTaints_Builtin() {
 		out := TaintStepTest_Min(source)
 		sink(4, out)
 	}
+	{
+		source := newSource(5)
+		out := TaintStepTest_New(source)
+		sink(5, out)
+	}
 }
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Bytes.go b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Bytes.go
index 8e31c32aba4f..ac528c46267d 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Bytes.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Bytes.go
@@ -349,6 +349,12 @@ func TaintStepTest_CutSuffix(sourceCQL interface{}) interface{} {
 	return result
 }
 
+func TaintStepTest_BytesBufferPeek(sourceCQL interface{}) interface{} {
+	fromBuffer := sourceCQL.(bytes.Buffer)
+	intoByte, _ := fromBuffer.Peek(128)
+	return intoByte
+}
+
 func RunAllTaints_Bytes() {
 	{
 		source := newSource(0)
@@ -625,4 +631,9 @@ func RunAllTaints_Bytes() {
 		out := TaintStepTest_Clone(source)
 		sink(54, out)
 	}
+	{
+		source := newSource(55)
+		out := TaintStepTest_BytesBufferPeek(source)
+		sink(55, out)
+	}
 }
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Errors.go b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Errors.go
index 324f1e36ae70..71b7f9441f81 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Errors.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Errors.go
@@ -35,6 +35,13 @@ func TaintStepTest_ErrorsJoin2(sourceCQL interface{}) interface{} {
 	return intoError957
 }
 
+func TaintStepTest_ErrorsAsType(sourceCQL interface{}) interface{} {
+	fromError := sourceCQL.(error)
+	var intoInterface interface{}
+	intoInterface, _ = errors.AsType[error](fromError)
+	return intoInterface
+}
+
 func RunAllTaints_Errors() {
 	{
 		source := newSource(0)
@@ -61,4 +68,9 @@ func RunAllTaints_Errors() {
 		out := TaintStepTest_ErrorsJoin2(source)
 		sink(4, out)
 	}
+	{
+		source := newSource(5)
+		out := TaintStepTest_ErrorsAsType(source)
+		sink(5, out)
+	}
 }
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected
index e69de29bb2d1..cb7841d7c7be 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected
@@ -0,0 +1,3 @@
+| Builtin.go:112:13:112:24 | call to newSource | No flow to its sink |
+| Bytes.go:635:13:635:25 | call to newSource | No flow to its sink |
+| Errors.go:72:13:72:24 | call to newSource | No flow to its sink |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/go.mod b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/go.mod
index 5ba39421f3b8..1a8220297f27 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/go.mod
+++ b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/go.mod
@@ -1,6 +1,6 @@
 module example.com/m
 
-go 1.24
+go 1.26
 
 require (
 	golang.org/x/net v0.0.0-20201010224723-4f7140c49acb

From 050961d3ad42be1eaac284350bf914a27277dca0 Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Wed, 21 Jan 2026 14:35:10 +0000
Subject: [PATCH 7/7] Model newly added functions

---
 go/ql/lib/ext/builtin.model.yml                                | 1 +
 go/ql/lib/ext/bytes.model.yml                                  | 1 +
 go/ql/lib/ext/errors.model.yml                                 | 1 +
 .../semmle/go/dataflow/ExternalTaintFlow/completetest.expected | 2 --
 .../semmle/go/dataflow/ExternalValueFlow/completetest.expected | 1 -
 .../go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected     | 3 ---
 6 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/go/ql/lib/ext/builtin.model.yml b/go/ql/lib/ext/builtin.model.yml
index 816c89008a84..616e6bc23b01 100644
--- a/go/ql/lib/ext/builtin.model.yml
+++ b/go/ql/lib/ext/builtin.model.yml
@@ -11,3 +11,4 @@ extensions:
       - ["", "", False, "copy", "", "", "Argument[1].ArrayElement", "Argument[0].ArrayElement", "value", "manual"]
       - ["", "", False, "max", "", "", "Argument[0..1000]", "ReturnValue", "value", "manual"]
       - ["", "", False, "min", "", "", "Argument[0..1000]", "ReturnValue", "value", "manual"]
+      - ["", "", False, "new", "", "", "Argument[0]", "ReturnValue.Dereference", "value", "manual"]
diff --git a/go/ql/lib/ext/bytes.model.yml b/go/ql/lib/ext/bytes.model.yml
index 762d0ca16ee6..b55749f828bf 100644
--- a/go/ql/lib/ext/bytes.model.yml
+++ b/go/ql/lib/ext/bytes.model.yml
@@ -43,6 +43,7 @@ extensions:
       - ["bytes", "", False, "TrimSuffix", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["bytes", "Buffer", True, "Bytes", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
       - ["bytes", "Buffer", True, "Next", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["bytes", "Buffer", True, "Peek", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
       - ["bytes", "Buffer", True, "ReadBytes", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
       - ["bytes", "Buffer", True, "ReadString", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
       - ["bytes", "Reader", True, "Reset", "", "", "Argument[0]", "Argument[receiver]", "taint", "manual"]
diff --git a/go/ql/lib/ext/errors.model.yml b/go/ql/lib/ext/errors.model.yml
index a94c8e558ff4..36b17a49ee02 100644
--- a/go/ql/lib/ext/errors.model.yml
+++ b/go/ql/lib/ext/errors.model.yml
@@ -4,5 +4,6 @@ extensions:
       extensible: summaryModel
     data:
       - ["errors", "", False, "As", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["errors", "", False, "AsType", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
       - ["errors", "", False, "New", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["errors", "", False, "Unwrap", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/completetest.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/completetest.expected
index 3bac7ade44fc..42831abaf155 100644
--- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/completetest.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/completetest.expected
@@ -1,4 +1,2 @@
 invalidModelRow
 testFailures
-| test.go:204:21:204:51 | comment | Missing result: hasTaintFlow="call to new" |
-| test.go:205:21:205:55 | comment | Missing result: hasTaintFlow="star expression" |
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.expected
index 98a43158672c..42831abaf155 100644
--- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.expected
@@ -1,3 +1,2 @@
 invalidModelRow
 testFailures
-| test.go:213:21:213:55 | comment | Missing result: hasValueFlow="star expression" |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected
index cb7841d7c7be..e69de29bb2d1 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected
@@ -1,3 +0,0 @@
-| Builtin.go:112:13:112:24 | call to newSource | No flow to its sink |
-| Bytes.go:635:13:635:25 | call to newSource | No flow to its sink |
-| Errors.go:72:13:72:24 | call to newSource | No flow to its sink |