Why were the patch versions for CVE-2022-24685, CVE-2022-30324, CVE-2022-24686, CVE-2022-24684 released so late?

We are a research team dedicated to Golang, have discovered that CVE-2022-24685, CVE-2022-30324, CVE-2022-24686, CVE-2022-24684 were addressed in commit c3d87673ee2509cc77b8c205444bceed93fcef2c, c024d88a3c796a5a402fd11d1af32c0bc9ce9170, c3d87673ee2509cc77b8c205444bceed93fcef2c, c3d87673ee2509cc77b8c205444bceed93fcef2c. However, upon analyzing the commit, we observed that the patch version (v1.0.18, v1.1.14, v1.0.18, v1.0.18) were released after a lapse of over one month. We are interested in understanding the reasons behind this delay in releasing the patch version, as it could potentially impede the prompt dissemination of patches to downstream users. We seek clarification on whether the delay might be attributed to:

  1. Issues with testing and CI checking.
  2. Other commits requiring inclusion in a single release.
  3. By convention, infrequent release of versions.
  4. Other reasons.
    We appreciate your attention to this matter and eagerly await your response. Thank you.