Seems like uncontrolled version changes and updates on bugfix and minor level.

There should be a command, which just uses the versions described within the lock file.

Otherwise reproduction of an exact version is nearly impossible.