lgtm,codescanning
* The security queries now track taint through the `ansi-to-html` library. 
  Affected packages are
    [ansi-to-html](https://www.npmjs.com/package/ansi-to-html)