codeql/java/change-notes/2020-11-04-commonslang-unsafe-deserialization-sinks.md

lgtm,codescanning
* The query "Deserialization of user-controlled data" (`java/unsafe-deserialization`) has been improved to recognize unsafe Apache Commons Lang(3) methods.
* The SnakeYAML Unsafe Deserialization sink has been improved to recognize `compose` and `composeAll` unsafe methods.