Update .gitignore

[blakadder]

add dependencies.lock to ignore list to allow git pulls

[kristiankielhofner]

Can you describe the steps and better describe (error messages, if any) that cause this issue?

Generally speaking you want to lock the dependencies for the component libraries as obviously any new untested release versions could cause issues. It's the equivalent of requirements.txt in python or package-lock.json in node.

[blakadder]

blak@bass:~/willow$ git pull
remote: Enumerating objects: 112, done.
remote: Counting objects: 100% (81/81), done.
remote: Compressing objects: 100% (8/8), done.
remote: Total 112 (delta 74), reused 73 (delta 73), pack-reused 31
Receiving objects: 100% (112/112), 14.40 KiB | 0 bytes/s, done.
Resolving deltas: 100% (77/77), completed with 11 local objects.
From https://github.com/toverainc/willow
   cd8bd95..5046004  main        -> origin/main
 + c5952e2...49722aa feature/was -> origin/feature/was  (forced update)
 * [new branch]      issue/159   -> origin/issue/159
Updating cd8bd95..5046004
error: Your local changes to the following files would be overwritten by merge:
        dependencies.lock
Please commit your changes or stash them before you merge.
Aborting

ran into this today so I had to delete dependencies.lock to pull a new version without other git intervention

[stintel]

I'm generally not a fan of keeping auto-generated files under version control, as it frequently causes conflicts, but like @kristiankielhofner mentions, this is considered best practice. Same with Cargo.lock for rust projects.

[stintel]

We could however do something like I've done here: https://codeberg.org/stintel/auditd-forwarder/commit/252e208e5f4af3b641a62ddd2ceb36e8dd59398d

[stintel]

Rebased to trigger the CI failure on PRs from forks. Working on a fix for that.