diff --git a/javascript/ql/src/change-notes/2023-07-10-path-join-spread.md b/javascript/ql/src/change-notes/2023-07-10-path-join-spread.md
new file mode 100644
index 00000000000..cf3b82fbbf7
--- /dev/null
+++ b/javascript/ql/src/change-notes/2023-07-10-path-join-spread.md
@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+* The `fs/promises` package is now recognised as an alias for `require('fs').promises`.
+* The `js/path-injection` query can now track taint through calls to `path.join()` with a spread argument, such as `path.join(baseDir, ...args)`.