The specifics to pin version will depend on the programming language/tool you’re using. But they all have a locking mechanism. npm has a package.json with package-lock.json, Python pipenv has a Pipfile and Pipfile.lock/poetry, Go, C#, etc. You should set the versions you want to use and guarantee with the lock file that this version is what’s getting installed in your local and your CI/CD process.