Danny Milosavljevic skriver: > Hi Mathieu, > > On Mon, 15 Aug 2022 16:24:03 +0200 > Mathieu Othacehe wrote: > >> > * gnu/packages/xml.scm (python-lxml): Update to 4.6.5. >> >> I had to revert it as it caused >15k rebuilds. I also cancelled all the >> triggered builds in the CI. > > Thanks for doing it! > > But guix refresh -l python-lxml reported one package O_o > > Now I see that python-lxml-4.7 shadows it. > > Note: This would have fixed two CVEs, CVE-2021-43818 and CVE-2021-43818. Can you add a "graft" for this version instead of updating in-place?