you have to understand that ruby maintainers are lazy and just stick to outdated versions - and ruby ecosystem just makes it way too easy to *require* security problems. If you run into unsolvable problems with the deps, then submit a branch - but not a random outdated version, just because it was used at some point in the past to build a release of a gem.