Re: this kind of thing
if you're careful you can set up pip to fix versions in stone for everything. This does not always build well on different platforms, though. I did this a bit with an older DJango setup I had been maintaining [not writing, more like re-writing to use LESS PYTHON and C language utilities to improve performance by a factor of 10 or more, but I digress] but I agree, languages like Python and apparently Ruby have this kind of "dependency Hell" built into them, and the trend would be to have 'bleeding edge' enough that you can't easily just go back to what it was before... and when a single developer decides to play SJW and deny you access to his source, you're FSCK'd. Unless you do snapshots and archives, which apparently the 'Chef' guy did.