lgtm,codescanning
* URIs used in the Apollo-link libraries are now recognized as sinks for `js/request-forgery`.
  Affected packages are
    [apollo-link-http](https://www.npmjs.com/package/apollo-link-http), 
    [apollo-client](https://www.npmjs.com/package/apollo-client), 
    [apollo-boost](https://www.npmjs.com/package/apollo-boost), 
    [apollo-client-preset](https://www.npmjs.com/package/apollo-client-preset), and
    [apollo-link-ws](https://www.npmjs.com/package/apollo-link-ws)