Missing composer.lock

[MTheProgrammer]

Hi, composer.lock should be commited to the repository because it keeps the exact library version: https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies

[rmccue]

composer.lock should be committed only to top-level projects; S3 Uploads via Composer is designed to be a dependency, so it's intentionally not committed: https://getcomposer.org/doc/02-libraries.md#lock-file