add change note

javascript/change-notes/2020-12-16-indirect-cmd-libraries.md

@@ -0,0 +1,9 @@
+lgtm,codescanning
+* The `js/indirect-command-line-injection` query now supports more command-line parsing libraries.
+  Affected packages are
+    [arg](https://www.npmjs.com/package/arg),
+    [argparse](https://www.npmjs.com/package/argparse),
+    [command-line-args](https://www.npmjs.com/package/command-line-args),
+    [meow](https://www.npmjs.com/package/meow),
+    [dashdash](https://www.npmjs.com/package/dashdash),
+    [commander](https://www.npmjs.com/package/commander).