You should always commit the lockfile: pnpm-lock.yaml.

pnpm can automatically resolve merge conflicts in pnpm-lock.yaml. If you have conflicts, just run pnpm install and commit the changes.