lgtm,codescanning
* The command injection security queries now recognize additional sinks.
  Affected packages are
    [async-execute](https://npmjs.com/package/async-execute)