apply suggestions from doc review

Co-authored-by: mc <[email protected]>

Author: erik-krogh

javascript/ql/lib/change-notes/2022-01-08-insecure-dependency-resolution.md

@@ -1,4 +1,4 @@
 ---
 category: newQuery
 ---
-* The `js/http-dependency` query has been added. It detects depedencies that are downloaded using an unencrypted connection.
+* The `js/insecure-dependency` query has been added. It detects depedencies that are downloaded using an unencrypted connection.

javascript/ql/src/Security/CWE-300/InsecureDependencyResolution.qhelp

@@ -6,10 +6,10 @@
 <overview>
 <p>
 Using an insecure protocol like HTTP or FTP to download build dependencies makes the build process vulnerable to a 
-Man in the Middle (MITM) attack.
+man-in-the-middle (MITM) attack.
 </p>
 <p>
-This can allow attackers to inject malicious code into the downloaded dependencies and thereby 
+This can allow attackers to inject malicious code into the downloaded dependencies, and thereby 
 infect the build artifacts and execute arbitrary code on the machine building the artifacts.
 </p>
 
@@ -46,10 +46,10 @@ The fix is to change the protocol to HTTPS.
   </a>
 </li>
 <li>
-  Wikipedia: <a href="https://en.wikipedia.org/wiki/Supply_chain_attack">Supply chain attack</a>
+  Wikipedia: <a href="https://en.wikipedia.org/wiki/Supply_chain_attack">Supply chain attack.</a>
 </li>
 <li>
-  Wikipedia: <a href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack">Man-in-the-middle attack</a>
+  Wikipedia: <a href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack">Man-in-the-middle attack.</a>
 </li>
 </references>
 </qhelp>

javascript/ql/src/Security/CWE-300/InsecureDependencyResolution.ql

@@ -1,7 +1,7 @@
 /**
  * @name Dependency download using unencrypted communication channel
  * @description Using unencrypted protocols to fetch dependencies can leave an application
- *              open to man in the middle attacks.
+ *              open to man-in-the-middle attacks.
  * @kind problem
  * @problem.severity warning
  * @security-severity 8.1