Hi,

Could you please avoid bumping versions of bundled gems when fixing
security issues? The version bump breaks the promise of point release to do
not break anything and update safely.

Consider following simple case:

$ ruby -v
ruby 1.9.3p374 (2013-01-15 revision 38858) [x86_64-linux]

$ rdoc --version
rdoc 3.9.4

$ cat Gemfile
gem 'rdoc'

$ cat testrdoc.rb
require 'rdoc/rdoc'

options =3D RDoc::Options.new
options.parse ARGV

rdoc =3D RDoc::RDoc.new
rdoc.document options

$ bundle install
Using rdoc (3.9.4)
Using bundler (1.1.4)
Your bundle is complete! Use `bundle show [gemname]` to see where a bundled
gem is installed.

$ bundle exec ruby testrdoc.rb -- testrdoc.rb
Parsing sources...
100% [ 1/ 1]
testrdoc.rb

Generating Darkfish format into /tmp/test374/doc...

Files:      1

Classes:    0 (0 undocumented)
Modules:    0 (0 undocumented)
Constants:  0 (0 undocumented)
Attributes: 0 (0 undocumented)
Methods:    0 (0 undocumented)

Total:      0 (0 undocumented)
  0.00% documented

Elapsed: 0.0s

$ bundle exec ruby testrdoc.rb -- testrdoc.rb
Could not find rdoc-3.9.4 in any of the sources
Run `bundle install` to install missing gems.

$ sudo yum update 'ruby*' # Or just install somehow new point release of
Ruby

$ ruby -v
ruby 1.9.3p385 (2013-02-06 revision 39114) [x86_64-linux]

$ rdoc --version
rdoc 3.9.5

$ bundle exec ruby testrdoc.rb -- testrdoc.rb
Could not find rdoc-3.9.4 in any of the sources
Run `bundle install` to install missing gems.

So what worked before update does not work now. This issue was introduced
by rev39101 and there is another similar breakage rev39218 in the queue for
release. Yes, this might be wrong design of Bundler, but considering how
wide is adoption of Bundler, Ruby releases should respect it.

Please note that I added also bundler ML in copy, may be somebody of
Bundler guys will reconsider their design.

Thank you


V=EDt