17 Jun
2026
17 Jun
'26
6:58 p.m.
fixed known good versions
The nodejs installations use package-lock.json files to lock the versions. At the time of a boost release, a completely new archive isn't generated, suddenly introducing a problem. Rather, a previous snapshot is renamed. If a vulnerability appeared during the lock-down period, we would at least have some chance to react.