JS: Fix: now one can determine regex via Array.prototype.toSpliced function call.

javascript/ql/lib/semmle/javascript/Regexp.qll

@@ -972,7 +972,7 @@ private predicate isUsedAsNumber(DataFlow::LocalSourceNode value) {
   or
   exists(DataFlow::CallNode call |
     call.getCalleeName() =
-      ["substring", "substr", "slice", "splice", "charAt", "charCodeAt", "codePointAt"] and
+      ["substring", "substr", "slice", "splice", "charAt", "charCodeAt", "codePointAt", "toSpliced"] and
     value.flowsTo(call.getAnArgument())
   )
 }

javascript/ql/test/library-tests/RegExp/IsRegex/IsRegex.expected

@@ -1,2 +1,3 @@
 | tst.js:1:12:1:38 | '^http: ... le.com' | is a regular expression |
 | tst.js:4:37:4:43 | 'regex' | is a regular expression |
+| tst.js:9:37:9:43 | 'regex' | is a regular expression |

javascript/ql/test/library-tests/RegExp/IsRegex/tst.js

@@ -6,6 +6,6 @@ function detectRegexViaSplice(string) {
 };
 
 function detectRegexViaToSpliced(string) {
-    let found = getMyThing().search('regex'); // NOT OK -- Should be marked as regular expression but it is not.
+    let found = getMyThing().search('regex'); // NOT OK
     arr.toSpliced(found, 1);
 };