Hi, On mar., 16 août 2022 at 09:51, Marius Bakke <[email protected]> wrote:
>>> > * gnu/packages/xml.scm (python-lxml): Update to 4.6.5. >> Now I see that python-lxml-4.7 shadows it. >> >> Note: This would have fixed two CVEs, CVE-2021-43818 and CVE-2021-43818. > > Can you add a "graft" for this version instead of updating in-place? Graft 4.6.3 by the already packaged 4.7? Or graft 4.6.3 by 4.6.5 because one of the 5208 dependant packages is incompatible with 4.7? Cheers, simon
