I'm doing a bit of a security balancing act here. I've enabled auto-releases on https://github.com/nodejs/nodejs-dist-indexer, because it's just so much simpler and more efficient to get changes shipped. But we use npx to run it here, so while it's easier to get releases out, it opens a novel vector for getting privileged(-enough) access on the unofficial-builds server to mess with binaries.
So this change puts the burden on the person adding a new recipe to get dist-indexer updated and put the new version number into the config here.
I'm doing a bit of a security balancing act here. I've enabled auto-releases on https://github.com/nodejs/nodejs-dist-indexer, because it's just so much simpler and more efficient to get changes shipped. But we use
npx
to run it here, so while it's easier to get releases out, it opens a novel vector for getting privileged(-enough) access on the unofficial-builds server to mess with binaries.So this change puts the burden on the person adding a new recipe to get dist-indexer updated and put the new version number into the config here.