I think generally we do put a False on superseded Fixlets but I think there is an edge case that challenges the rules recently.
I think the approach has been that a Security Update fixlet would not be superseded by a Non-Security update - as some customers want to apply only the security updates and don’t care to deploy bug-fix or feature updates; but I think I heard about some recent complications on that approach so I want to check whether this is the same issue before diving in to the details