lgtm,codescanning
* Support for `d3` has improved. The XSS queries now recognize HTML injection sinks
  from the `d3` API.
  Affected packages are
    [d3](https://npmjs.com/package/d3),
    [d3-selection](https://npmjs.com/package/d3-selection).