intersystems
Package Manager should support a lock file
Similar to other package managers (like npm/yarn), IPM should support a lock file (equivalent for Node JS apps is package.json vs package-lock.json). This will allow consumers to reliably reproduce dependencies. Similar to other package managers, there should be a separate command to use the lock file and by default the current install command should maintain its behavior where the semantic version expressions should be used to pick up the highest available versions that are resolved by semantic version expressions of the dependencies.
Internal reference: HSIEO-8424
Feature request: If there is a part of this feature that displays which modules are locked at a non-current version, it would be great to optionally also get a display of the intervening changelog entries.
