The package contains 448 dependents, and a change in derivation shouldn't be pushed to master, at least according to the patch submission guidelines.
[1] https://nvd.nist.gov/vuln/detail/CVE-2023-5841 [2] https://nvd.nist.gov/vuln/detail/CVE-2021-45942