When you update your libs, you also want to commit the lockfile.
In other words, it states that your project is locked to those specific versions of the libs you are using.
But if you commit your changes, and then someone pulls your code and updates the dependencies, the lockfile should be unmodified.
That is the reason why having it in the repository assures you that each developer is using the same versions.