codeql/java/old-change-notes/2021-05-17-add-unsafe-deserialization-sinks.md

lgtm,codescanning

• The "Deserialization of user-controlled data" (java/unsafe-deserialization) query now recognizes JYaml, JsonIO, YAMLBeans, Castor, Hessian and Burlap deserialization.