This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior . - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog . - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c . - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c . - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c . - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c . - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c . - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c .