From 0016d3296d5e079ab20c656ffe901814a7d47835 Mon Sep 17 00:00:00 2001
From: Tema Bolshakov <either.free@gmail.com>
Date: Mon, 21 Oct 2024 10:34:36 +0200
Subject: [PATCH] Load YAML safely

---
 lib/config_x/config_factory.rb | 2 +-
 lib/config_x/env_source.rb     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/config_x/config_factory.rb b/lib/config_x/config_factory.rb
index 51fd3cf..0564dc6 100644
--- a/lib/config_x/config_factory.rb
+++ b/lib/config_x/config_factory.rb
@@ -93,7 +93,7 @@ def setting_files
     # @return [Array] the local setting files.
     def local_setting_files
       [
-        (File.join(config_root, "#{file_name}.local.yml") if env != "test"),
+        File.join(config_root, "#{file_name}.local.yml"),
         File.join(config_root, dir_name, "#{env}.local.yml")
       ].compact
     end
diff --git a/lib/config_x/env_source.rb b/lib/config_x/env_source.rb
index 3c7cfa8..dca2bb6 100644
--- a/lib/config_x/env_source.rb
+++ b/lib/config_x/env_source.rb
@@ -26,7 +26,7 @@ def source
 
         Array(key.split(separator)[1..])
           .reverse_each
-          .reduce(YAML.load(value)) { |acc, k| {k.downcase => acc} }
+          .reduce(YAML.safe_load(value)) { |acc, k| {k.downcase => acc} }
           .tap { DeepMerge.deep_merge!(_1, config) }
       end
     end