lgtm,codescanning
* The security queries now track taint through more query string parsers.
  Affected packages are
    [qs](https://npmjs.com/package/qs),
    [normalize-url](https://npmjs.com/package/normalize-url),
    [parseqs](https://npmjs.com/package/parseqs)