lgtm,codescanning
* The `js/template-object-injection` query has been added. It highlights places where an attacker can pass special parameters to a template engine.