Ignore `package-lock.json`

[kitsonk]

Enhancement

We should ignore package-lock.json at the moment and for the foreseeable future. While the idea is sound in principle of ensure that exactly the same packages are used when a package is shared around from a team, we have run into issues where a localised problem with a package become locked and that localised problem then propagates to others. In particular when there are n versions between the minimum semver and the latest and one of those versions has a bug, that buggy version can easily get locked into the dependency tree and not updated or refreshed. Package maintainers, including ourselves, don't deprecate their buggy point releases of their packages. This generally causes chaos and makes isolating a problem difficult.

The repos:

• [ ] dojo/cli
• [ ] dojo/cli-build
• [ ] dojo/cli-create-app
• [ ] dojo/cli-create-widget
• [ ] dojo/cli-export-project
• [ ] dojo/cli-test-intern
• [ ] dojo/core
• [ ] dojo/dgrid
• [ ] dojo/has
• [ ] dojo/i18n
• [ ] dojo/interfaces
• [ ] dojo/interop
• [ ] dojo/loader
• [ ] dojo/routing
• [ ] dojo/shim
• [ ] dojo/static-optimize-plugin
• [ ] dojo/stores
• [ ] dojo/streams
• [ ] dojo/widget-core
• [ ] dojo/widgets
• [ ] dojo/dojo2-package-template
• [ ] dojo/grunt-dojo2
• [ ] dojo/grunt-dojo2-extras
• [ ] dojo/test-extras
• [ ] dojo/web-editor

[kitsonk]

We are now choosing to un-ignore it as versions of npm have addressed most of our concerns.