Merge pull request #4603 from pwntester/new_deser_sink

New UnsafeDeserialization sink and improvements to SnakeYaml sink

java/change-notes/2020-11-04-commonslang-unsafe-deserialization-sinks.md

@@ -0,0 +1,3 @@
+lgtm,codescanning
+* The query "Deserialization of user-controlled data" (`java/unsafe-deserialization`) has been improved to recognize unsafe Apache Commons Lang(3) methods.
+* The SnakeYAML Unsafe Deserialization sink has been improved to recognize `compose` and `composeAll` unsafe methods.