lgtm,codescanning
* The security queries now track taint through the anser library. 
  Affected packages are
    [anser](https://www.npmjs.com/package/anser)