Watch this video on YouTube
Pushing a dependency lock file to a version control repository can expose sensitive cached data.