The reaction from many Linux distro folks to the idea of bundled dependencies is to simply stop listening while muttering "but, but, but, security!".
In a world where every dependency always maintained perfect backwards compatibility, they'd have a point. As it is, they still have a point, it's just not the only point worth considering. Every developer of complex applications knows two things:
These two points add up to a solid conclusion: rebasing dependencies is risky, and should be preceded by a testing period by the application developer.
When a distro institutes a "no bundling" policy, they are directly interfering with the developer's architectural decisions. If you happen to choose a dependency that is also used by the distro for their own tools, then the distro wants to take over your rebasing decisions. This is hostile to both application developers (who get criticised for completely sensible architectural decisions) and to end users (who get applications that break unexpectedly, or that suffer indefinite delays in updates because there is a third party packaging process involved in the delivery of updates).