Tag version-pinning


I've been bitten by pinning to latest versions before and definitely agree that where possible we should make sure that things are pinned exactly.

Then we can use tools like Whitesource Renovate / Dependabot to manage updates automatically.

Recommended read: Just say no to `:latest` - Platformers https://platformers.dev/log/2022-03-02-latest-literally-kills-puppies/


Version pinning is always a difficult line to walk - you don't want things to change when you're not expecting them to (such as here) but you also don't want to be pinned to really old versions of software, as that increases risk

Recommended read: Choose Your Docker Base Image Wisely https://www.innoq.com/en/blog/choose-your-docker-base-image-wisely/