Maroko
commented
4 months ago Looks like a mistake on my side. My security scanner (Blackduck) mapped multiple CVEs (including CVE-2022-28805) to Lua Version 5.1.5.
Thanks for your time, I'm closing this PR.
What perceived vulnerability is being fixed by this bump? Alpine often backports security fixes, so I highly doubt there is an active CVE (try
https://security.alpinelinux.org/vuln/CVE-2024-0727but replaced with the CVE number that you have).I'm not sure we can just bump this without introduction breaking changes for many users since every Lua bump has incompatibilities with the previous version: