dependencies

Cargo generates Cargo.lock to pin exact dependency versions. For binaries, commit the lock file so everyone builds the same dependencies. For libraries, don't commit it (users should resolve their own). The lock file enables reproducible builds: cargo