merge revision(s) 60149: [Backport #14003]

Merge rubygems-2.6.14 changes. It fixed http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@61244 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2017-12-14 13:50:12 +0000
committer: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2017-12-14 13:50:12 +0000
commit: fc824f2a81725ae021a75291c790a55b9755c55c (patch)
tree: b48f49923b6f996a7c085dc94423c651ad870c1b /lib/rubygems.rb
parent: d629ce0baa47ce800a26b451215dbeb20b3fb05c (diff)
download: ruby-fc824f2a81725ae021a75291c790a55b9755c55c.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/rubygems.rb b/lib/rubygems.rb
index 0e1855b148..6a30e315de 100644
--- a/lib/rubygems.rb
+++ b/lib/rubygems.rb
@@ -9,7 +9,7 @@ require 'rbconfig'
 require 'thread'
 
 module Gem
-  VERSION = '2.4.5.3'
+  VERSION = '2.4.5.4'
 end
 
 # Must be first since it unloads the prelude from 1.9.2
@@ -598,7 +598,7 @@ module Gem
 
     unless test_syck
       begin
-        gem 'psych', '~> 1.2', '>= 1.2.1'
+        gem 'psych', '~> 2.0.0'
       rescue Gem::LoadError
         # It's OK if the user does not have the psych gem installed.  We will
         # attempt to require the stdlib version
@@ -622,6 +622,7 @@ module Gem
     end
 
     require 'yaml'
+    require 'rubygems/safe_yaml'
 
     # If we're supposed to be using syck, then we may have to force
     # activate it via the YAML::ENGINE API.
author	usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2017-12-14 13:50:12 +0000
committer	usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2017-12-14 13:50:12 +0000
commit	fc824f2a81725ae021a75291c790a55b9755c55c (patch)
tree	b48f49923b6f996a7c085dc94423c651ad870c1b /lib/rubygems.rb
parent	d629ce0baa47ce800a26b451215dbeb20b3fb05c (diff)
download	ruby-fc824f2a81725ae021a75291c790a55b9755c55c.tar.gz