While I agree with the issues that may stem from using code to express dependencies, there are upsides. I think the main deficiency in Python is the need for virtual environments per project (and the fact this requires a separate tool).

If this Pipfile.lock approach allows me to always have the correct package versions without virtualenv, it's a huge step forward.