Load trusted input in a trusted environment easier

The alternative, listing all classes, is more prone to changes
and unrelated failures. Since the YAML is cached method-passing,
I'll simply allow it.

spec/regressions/events_controller_spec.rb

@@ -1,6 +1,6 @@
 # encoding: utf-8
 
-#  Copyright (c) 2012-2014, insieme Schweiz. This file is part of
+#  Copyright (c) 2012-2024, insieme Schweiz. This file is part of
 #  hitobito_insieme and licensed under the Affero General Public License version 3
 #  or later. See the COPYING file at the top-level directory or at
 #  https://github.com/hitobito/hitobito_insieme.
@@ -35,7 +35,7 @@
           get :index, params: { group_id: group.id, year: 2014, type: Event::Course.sti_name }, format: :csv
         end.to change{ Delayed::Job.count }.by 1
 
-        job = YAML::load(Delayed::Job.find_by("handler LIKE '%filename%'").handler)
+        job = YAML.unsafe_load(Delayed::Job.find_by("handler LIKE '%filename%'").handler) # this is trusted input as it generated by the app
         expect(job.filename).to include("-#{user.id}")
         expect(cookies[:async_downloads]).to include(job.filename)
       end