SUBMARINE-1371. fix unsafe deserialization via SnakeYaml in YamlEntityProvider

[cdmikechen]

What is this PR for?

Use SnakeYaml's SafeConstructor to replace default Yaml no arguments constructor to void unsafe deserialization. Link url: https://nvd.nist.gov/vuln/detail/CVE-2022-1471

What type of PR is it?

Bug Fix

Todos

• [x] - Add SafeConstructor

What is the Jira issue?

https://issues.apache.org/jira/browse/SUBMARINE-1371

How should this be tested?

NA

Screenshots (if appropriate)

Questions:

• Do the license files need updating? Yes
• Are there breaking changes for older versions? No
• Does this need new documentation? No

[codecov[bot]]

Codecov Report

Merging #1054 (5703a23) into master (5987b92) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #1054   +/-   ##
=======================================
  Coverage   75.98%   75.98%           
=======================================
  Files         119      119           
  Lines        5000     5000           
=======================================
  Hits         3799     3799           
  Misses       1201     1201           

Flag	Coverage Δ
python-integration	59.72% <ø> (ø)
python-unit	52.48% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more