codeql/javascript/change-notes/2020-11-30-nosql.md

lgtm,codescanning

• The query "Database query built from user-controlled sources" (js/sql-injection) has been improved to recognize more Mongoose APIs that may interpret untrusted user input as a query.