Force MDM to 0.17.4 as 0.17.5 breaks things

[hdm]

This is breaking new source-based installations with the following error:

ruby-1.9.3-p547@metasploit-framework/bundler/gems/metasploit_data_models-0b1fc5baf50c/app/models/metasploit_data_models/search/operator/multitext.rb:5:in `<top (required)>': uninitialized constant MetasploitDataModels::Search::Operator (NameError)

Fix MDM or merge this, either way.

[hdm]

Testing from buddha indicated that unless bundle update is executed, something between 0.17.1 and 0.17.4 also fails to indicate that it needs metasploit/concern. Looks like the various MDM + MSF Gemfile minimum versions weren't being enforced. For anyone watching this bug, run bundle update if you get an issue about metasploit/concerns or change this back to 0.17.1

[limhoff-r7]

(now as the right account)

The Gemfile.lock locks metasploit_data_models at 0.17.0 on
metasploit-framework/master. They should only be hitting this bug if they
are doing bundle update instead of bundle install and we don't support
people bundle updating because that updates all dependencies in the lock file, not just grab the dependencies you are missing. We use a Gemfile.lock so we don't have to ensure
that we work with the latest and greatest of all our dependencies and to ensure the tested gems are the same as the gems users get as is standard practice for Ruby applications. (gems on the other hand don't use Gemfile.lock because only *.gemspec dependencies are propagated for gems)

Yes, there is a bug in that 0.17.4 should be 0.18.0, but no one should hit
it unless they are mistakenly doing bundle update instead of bundle install.

[limhoff-r7]

Opened bug to fix mdm's version as MSP-10654. This can be closed because I'll yank 0.17.4-0.17.6 from rubygems.org and master will become 0.18.0 to signal the incompatibility.

[ZeroChaos-]

is locking to 0.17.0 really correct? it doesn't work with 0.17.1-0.17.3?