lgtm,codescanning
* Sources of user input and sinks for `js/request-forgery` in the http-proxy are now recognized. 
  Affected packages are
    [http-proxy](https://www.npmjs.com/package/http-proxy)