Requirements provide absolute maximal bounds on interoperability. (This is why setting bounds to be only very recent versions arbitrarily is unhelpful because barely much of the world exists in bleeding-edge, rolling releases.)

A lockfile provide a specific, concrete, minimized, satisfied solution on what an application or library uses to operate.

Generally, deployed applications have and save lock files so that nothing changes without testing and interactive approval.

Libraries don't usually ship lock files to give the end user more flexibility.

What solved system package dependency hell is allowing multiple versions and configurations of side-by-side dependencies rather than demanding a single, one-size-fits-all dependency that forces exclusion and creates unsatisfiable constraints.