It seems that we are not generating a package lock for our packaged app anymore, which may lead to getting unexpectedly updated dependencies on the packaged build.