Build process not fit for purpose
If you're shipping a product then as mentioned by another commenter, you want the versions of the various components to be set in stone and always available so the build can be recreated at any time.
One option I imagine is to stick your own repository between your build chain and the public one(s), slurp the relevant code into that and then build against that.
There are products to assist with that (Artifactory?) which I've seen deployed in environments where products were only for internal use (eg Banks).
When it comes to building your software, if the build can be tripped up by an external dependency/repository issue then it's not robust and therefore not fit for purpose.