lgtm,codescanning
* The command injection security queries now recognize additional sinks.
  Affected packages are
    [execa](https://npmjs.com/package/execa)