lgtm,codescanning
* The security queries now track taint through markdown-it.
  Affected packages are
    [markdown-it](https://npmjs.com/package/markdown-it)