Is your feature request related to a problem?

We currently allow pushing a gem that has unresolved dependencies

Describe the solution you'd like

We should stop allowing it

Additional context

This would close a current supply chain attack vector, where someone could push a gem and a malicious actor could see the unresolved dependency and push a rubygem that gets added as a dependency of the first gem after the fact