When an upgrade to a compliance package shows up (lucky iso is pretty lethargic) you have to:
upload the new package
get a mapping in between them
download (using filters and csv) the mappings you have in between solutions and the old package
do spreadsheet magic, to create a new compliance analysis import (not mapping!) import for the new package based on the step before
i never ever recommend doing mappings (compliance package mappings) as the source of the mapping (the old standard) should not be the authoritative source !!