Investigate methods to lock down dependencies

[t1m0thyj]

To follow best practices for security, we should lock down package versions (like we do in Node.js repos with npm shrinkwrap).

[github-actions]

Thank you for raising this enhancement request.
The community has 90 days to vote on it.
If the enhancement receives at least 5 upvotes, it is added to our development backlog.
If it receives fewer votes, the issue is closed.