I tried to use dependency locking to produce a lockfile and it was pain in the ass. Gradle would only put the info when it actually downloaded an artifact, which may happen after configuration phase, during build. Or not happen at all when dependency is platform-specific. Rust’s Cargo by contrast immediately puts all dependencies in the graph in the lockfile, including those that won’t be downloaded on the current system.