It's not necessary but I found it useful a couple of times. For example, all developers have exactly the same versions and I rarely hear "works for me" these days. I also had some cases where I wanted to try an older commit but since some downstream dependency changed, the code didn't work. I've never had this issue since we started using lockfiles in the repo itself. Another cool feature of having all dependencies locked is that the CI never starts to randomly fail when a downstream dependency violates semantic versioning.
@wesm are you worried about the additional overhead of having this large file in the repo? [ Full content available at: https://github.com/apache/arrow/pull/2598 ] This message was relayed via gitbox.apache.org for [email protected]
