I think that one should always commit the Manifest.toml to repositories — for registered packages it is innocuous (in the sense that the registry will ignore it), while it can be invaluable when you need to know a set of versions that is known to work. Then you can bisect from there to debug the occasional bugs that come from unexpected/undocumented API changes.
2 Likes