Copyedit

Author: smowton

go/ql/lib/CHANGELOG.md

@@ -9,13 +9,13 @@
 
 * When a function or type has more than one anonymous type parameters, they were mistakenly being treated as the same type parameter. This has now been fixed.
 * Local source models for reading and parsing environment variables have been added for the following libraries:
-  * os
-  * syscall
-  * github.com/caarlos0/env
-  * github.com/gobuffalo/envy
-  * github.com/hashicorp/go-envparse
-  * github.com/joho/godotenv
-  * github.com/kelseyhightower/envconfig
+  * `os`
+  * `syscall`
+  * `github.com/caarlos0/env`
+  * `github.com/gobuffalo/envy`
+  * `github.com/hashicorp/go-envparse`
+  * `github.com/joho/godotenv`
+  * `github.com/kelseyhightower/envconfig`
 * Local source models have been added for the APIs which open files in the `io/fs`, `io/ioutil` and `os` packages in the Go standard library. You can optionally include threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models).
 
 ### Bug Fixes

javascript/ql/src/CHANGELOG.md

@@ -2,7 +2,7 @@
 
 ### Major Analysis Improvements
 
-- Added a new query (`js/actions/actions-artifact-leak`) to detect GitHub Actions artifacts that may leak the GITHUB_TOKEN token.
+- Added a new query (`js/actions/actions-artifact-leak`) to detect GitHub Actions artifacts that may leak the `GITHUB_TOKEN` token.
 
 ## 1.1.3