[Question] Why does nuget state that the packages have been witdrawn ? #3
Comments
|
Note: Version downloads are still active: |
|
Thank you for bringing this to my attention. I assume, since I am only co-authoring the package, and since it was originally started by the Coapp org, that some (automated CVE) scanning detected a vulnerability and (automatically) flagged the package accordingly. As I say, just an assumption. I really don't know. Today I got the notification that Lua 5.4.5 popped up on the official Lua FTP site: https://www.lua.org/ftp/ I will now start preparing the repo for the next build and release with: I plan to fix those within the next week, next two weeks tops, and then I will have a new nuget packet version to release. I will keep this issue open until the new package is online. |
|
Apparently the Coapp org unindexed all their packages: https://www.nuget.org/profiles/coapp No idea what happened there. ... I plan to continue to maintain the Lua NuGet package on my own. |
|
I did not find any very recent CVEs for Lua. Well, I found a couple, they are either addressed in recent versions, or will be addressed in version 5.4.5 and all in all seem ok-ish (your typical CVEs, nothing world-ending). This and the fact that all Coapp org packages got unlisted makes me believe that the Coapp org did a final deprecation and house cleaning and (automatically) indiscriminated unlisted and flagged all their packets. For that reason, I decided to remove the flags for all 5.4.x versions of the nuget package. |
The text was updated successfully, but these errors were encountered: