It suggests a way more ridiculous fix. As mentioned by other comments in detail (security patches for transient dependencies, multiple references to the same transient dependency).
The article and various comments in this same thread have explained why these are not real issues because the resolution process picks the version 'closest to root'.
