replace YAML.parse with YAML.safe_load in release tool

YAML.parse returns Psych nodes that then need to be converted to plain ruby objects.

Calling YAML.safe_load outputs basic ruby objects already and also increases security as it greatly restricts the classes it deserializes.

Fixes #11208

Author: jsvd

tools/release/bump_plugin_versions.rb

@@ -94,7 +94,7 @@ def compute_dependecy(version, allow_for)
 `git remote add upstream [email protected]:elastic/logstash.git`
 `git push upstream #{branch_name}`
 
-current_release = YAML.parse(IO.read("versions.yml"))["logstash"]
+current_release = YAML.safe_load(IO.read("versions.yml"))["logstash"]
 puts "Creating Pull Request"
 pr_title = "bump lock file for #{current_release}"