codeql/java/change-notes/2020-11-04-commonslang-unsafe-deserialization-sinks.md

lgtm,codescanning

• The query "Deserialization of user-controlled data" (java/unsafe-deserialization) has been improved to recognize unsafe Apache Commons Lang(3) methods.
• The SnakeYAML Unsafe Deserialization sink has been improved to recognize compose and composeAll unsafe methods.