Do not sanitize dependency requirements from YAML

Author: hsbt

lib/rubygems/yaml_serializer.rb

@@ -526,8 +526,7 @@ def build_dependency(node)
         d = Gem::Dependency.allocate
         d.instance_variable_set(:@name, hash["name"])
 
-        requirement = build_safe_requirement(hash["requirement"])
-        d.instance_variable_set(:@requirement, requirement)
+        d.instance_variable_set(:@requirement, hash["requirement"])
 
         type = hash["type"]
         type = type ? type.to_s.sub(/^:/, "").to_sym : :runtime
@@ -559,26 +558,6 @@ def pairs_to_hash(node)
         result
       end
 
-      def build_safe_requirement(req_value)
-        return Gem::Requirement.default unless req_value
-
-        converted = req_value
-        return Gem::Requirement.default unless converted.is_a?(Gem::Requirement)
-
-        reqs = converted.instance_variable_get(:@requirements)
-        if reqs&.is_a?(Array)
-          valid = reqs.all? do |item|
-            next true if item == Gem::Requirement::DefaultRequirement
-            item.is_a?(Array) && item.size >= 2 && VALID_OPS.include?(item[0].to_s)
-          end
-          valid ? converted : Gem::Requirement.default
-        else
-          converted
-        end
-      rescue StandardError
-        Gem::Requirement.default
-      end
-
       def validate_tag!(tag)
         unless @permitted_tags.include?(tag)
           if defined?(Psych::VERSION)

test/rubygems/test_gem_safe_yaml.rb

@@ -964,13 +964,7 @@ def test_load_dependency_missing_requirement_uses_default
     assert_kind_of Gem::Dependency, dep
     assert_equal "foo", dep.name
     assert_equal :runtime, dep.type
-    if Gem.use_psych?
-      # Psych doesn't set a default requirement
-      assert_nil dep.instance_variable_get(:@requirement)
-    else
-      # YAMLSerializer sets a default Gem::Requirement
-      assert_kind_of Gem::Requirement, dep.requirement
-    end
+    assert_nil dep.instance_variable_get(:@requirement)
   end
 
   def test_load_dependency_missing_type_defaults_to_runtime