Move `require` closer to where it is used.

This helps avoid a startup crash on Ruby 1.9.3 where the `rexml` gem
crashes when loaded due to syntax errors.

Fixes #1798, #1800, #1784

fpm.gemspec

@@ -22,10 +22,6 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = '>= 1.9.3'
 
-  # For parsing JSON (required for some Python support, etc)
-  # http://flori.github.com/json/doc/index.html
-  spec.add_dependency("json", ">= 1.7.7", "< 3.0") # license: Ruby License
-
   # For logging
   # https://github.com/jordansissel/ruby-cabin
   spec.add_dependency("cabin", ">= 0.6.0") # license: Apache 2

lib/fpm/package/osxpkg.rb

@@ -4,7 +4,6 @@ require "fileutils"
 require "fpm/package/dir"
 require 'tempfile'  # stdlib
 require 'pathname'  # stdlib
-require 'rexml/document'  # stdlib
 
 # Use an OS X pkg built with pkgbuild.
 #
@@ -103,6 +102,7 @@ class FPM::Package::OSXpkg < FPM::Package
 
   # Extract name and version from PackageInfo XML
   def extract_info(package)
+    require 'rexml/document'
     build_path("expand").tap do |path|
       doc = REXML::Document.new File.open(File.join(path, "PackageInfo"))
       pkginfo_elem = doc.elements["pkg-info"]

lib/fpm/util.rb

@@ -421,7 +421,11 @@ module FPM::Util
     # to invoke ERB.new correctly and without printed warnings.
     # References: https://github.com/jordansissel/fpm/issues/1894
     # Honestly, I'm not sure if Gem::Version is correct to use in this situation, but it works.
-    if Gem::Version.new(RUBY_VERSION) < Gem::Version.new("3.1.0")
+    
+    # on older versions of Ruby, RUBY_VERSION is a frozen string, and
+    # Gem::Version.new calls String#strip! which throws an exception.
+    # so we have to call String#dup to get an unfrozen copy.
+    if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new("3.1.0")
       # Ruby 3.0.x and older
       return ERB.new(template_code, nil, "-")
     else