Hi, I mentioned this in the PR, that maybe it's OK to modify the CHANGELOG to say that paramiko was bumped because cryptography was bumped - and that happened because of security reasons?
I think that's reasonable to say and is, in fact, the root cause for the bump. All the best, Radu On Thu, Apr 23, 2026 at 2:52 PM Jarek Potiuk <[email protected]> wrote: > No. I think we need to solve it here (I commented on it in the thread. > > Elad, I'm not sure what problem you are trying to solve. > > Would love to solve it here - because usually (-1) is a sign that something > is catastrophically wrong with the provider. I'm a bit surprised to see > (-1) because things were not exactly explained in the PR (but later > explained in the changelog) there are about a 100 of such bumps in the last > year at minimum in various providers, so I am just surprised to see ti. > > I discussed some of that with Radu personally and Thomas directly and some > of that is in the PR itself. And this happens **all**, **the**, **time** > that we do such changes. This is one of the biggest benefits of a monorepo: > we can solve such issues in a single PR that fixes holistically the problem > of installing providers together. > > I really look forward to solving it in the way you will be happy - but I > can't see a reason why suddenly you vote -1 on something that we do all the > time so far. We might want to change the approach if you want to - but I > don't think it's a reason to -1 a provider - that looks like > extreme overhoot. > > J. >
