There is a new pull request by the-maldridge against master on the void-packages repository

https://github.com/the-maldridge/void-packages revert-26757
https://github.com/void-linux/void-packages/pull/26843

lurch: revert patch from #26757
The patch was erroneously applied after a github user claimed it to be
a security issue, and later it was determined that this user was going
around tricking various projects into applying their patch that had
been exlicitly declined by upstream (xsf/xeps#894).

There's probably a dialog to happen here around relative security of
accepting unverified patches in the name of 'security' but this is
neither the time nor the place.

A patch file from https://github.com/void-linux/void-packages/pull/26843.patch is attached