From 324851eeb51a4c0a5f5b3a8ce5e6b5603a0163d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonne=20Ha=C3=9F?= <me@jhass.eu>
Date: Sun, 11 Jun 2023 12:53:27 +0200
Subject: [PATCH] Use YAML.unsafe_load_file when available in bundler helper

fixes #8424
---
 config/bundler_helper.rb | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/config/bundler_helper.rb b/config/bundler_helper.rb
index 29d3a6d3e..0f1174e1c 100644
--- a/config/bundler_helper.rb
+++ b/config/bundler_helper.rb
@@ -19,8 +19,19 @@ module BundlerHelper
   end
 
   private_class_method def self.parse_value_from_yaml_file(file, *keys)
+    parse_yaml_file(file).dig(*keys)
+  end
+
+  private_class_method def self.parse_yaml_file(file)
     path = File.join(__dir__, file)
-    YAML.load_file(path).dig(*keys) if File.file?(path)
+
+    return {} unless File.file?(path)
+
+    if YAML.respond_to?(:unsafe_load_file)
+      YAML.unsafe_load_file(path)
+    else
+      YAML.load_file(path)
+    end
   end
 
   private_class_method def self.parse_value_from_toml_file(file, key)