There's a merged pull request on the void-packages repository

php: update to 7.4.30.
https://github.com/void-linux/void-packages/pull/37481

Description:
Looks serious: https://mobile.twitter.com/cfreal_/status/1534940109434507264

> These two CVEs (CVE-2022-31626, CVE-2022-31625) are remotely exploitable [#PHP](https://mobile.twitter.com/hashtag/PHP?src=hashtag_click) bugs that I'll present at [@typhooncon](https://mobile.twitter.com/typhooncon)
 later this month. Please update !