Update code to fix or document false positives for CodeQL warnings.

example/typescript/type-check.ts

@@ -36,6 +36,8 @@ function assertLintResults(results: markdownlint.LintResults) {
   assert(!results["string"][0].fixInfo.deleteCount);
   assert.equal(results["string"][0].fixInfo.insertText, "\n");
   assert.equal(results["../bad.md"].length, 2);
+  // Deliberate assignment to unused variable validates types
+  // False-positive for js/useless-assignment-to-local
   results = {
     "key": [
       {

helpers/helpers.js

@@ -61,6 +61,8 @@ module.exports.isObject = function isObject(obj) {
 // Example: Contains nothing, whitespace, or comments
 const blankLineRe = />|(?:<!--.*?-->)/g;
 module.exports.isBlankLine = function isBlankLine(line) {
+  // Call to String.replace follows best practices and is not a security check
+  // False-positive for js/incomplete-multi-character-sanitization
   return !line || !line.trim() || !line.replace(blankLineRe, "").trim();
 };
 
@@ -355,6 +357,7 @@ function forEachInlineCodeSpan(input, handler) {
     let currentTicks = 0;
     let state = "normal";
     // Deliberate <= so trailing 0 completes the last span (ex: "text `code`")
+    // False-positive for js/index-out-of-bounds
     for (; index <= input.length; index++) {
       const char = input[index];
       // Ignore backticks in link destination

test/markdownlint-test.js

@@ -809,10 +809,10 @@ tape("readme", (test) => {
         ) {
           if (!seenRelated) {
             seenRelated = true;
-          } else if (seenRelated && !seenRules) {
+          } else if (!seenRules) {
             seenRules = true;
             inRules = true;
-          } else if (seenRelated && seenRules && !seenTags) {
+          } else if (!seenTags) {
             seenTags = true;
             inTags = true;
           }