lgtm,codescanning

• The query "Unsafe Deserialization" (java/unsafe-deserialization) has been improved to report those cases where SnakeYaml Constructor is used to fix the unmarshaled object graph root's type but injection is still possible in nested nodes of the object graph.