lgtm,codescanning
* The security queries now track taint through markdown parsers.
  Affected packages are
    [marked](https://npmjs.com/package/marked), 
    [markdown-table](https://npmjs.com/package/markdown-table), 
    [showdown](https://npmjs.com/package/showdown), 
    [snarkdown](https://npmjs.com/package/snarkdown), 
    [unified](https://npmjs.com/package/unified), and
    [remark](https://npmjs.com/package/remark)